1311 files changed, 0 insertions, 510485 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog
deleted file mode 100644
index c701be6bbe86..000000000000
--- a/crypto/heimdal/ChangeLog
+++ /dev/null
@@ -1,554 +0,0 @@
-2003-05-08  Johan Danielsson  <joda@ratatosk.pdc.kth.se>
-
-	* Release 0.6
-
-2003-05-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
-	support
-
-	* kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
-	v4 support
-
-	* kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
-	support
-
-2003-05-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/name-45-test.c: need to use empty krb5.conf for some
-	tests
-
-	* lib/asn1/check-gen.c: there is no \e escape sequence; replace
-	everything with hex-codes, and cast to unsigned char* to make some
-	compilers happy
-
-2003-05-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
-	argument to krb5_us_timeofday have correct type
-	
-2003-05-05  Assar Westerlund  <assar@kth.se>
-
-	* include/make_crypto.c (main): include aes.h if ENABLE_AES
-
-2003-05-05  Love H�rnquist �strand  <lha@it.su.se>
-
-	* NEWS: 1.108->1.110: fix text about gssapi compat
-	
-2003-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
-	from openbsd
-
-2003-04-24  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-04-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
-	via openbsd
-
-2003-04-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/der_copy.c (copy_general_string): use strdup
-	* lib/asn1/der_put.c: remove sprintf
-	* lib/asn1/gen.c: remove strcpy/sprintf
-	
-	* lib/krb5/name-45-test.c: use a more unique name then ratatosk so
-	that other (me) have such hosts in the local domain and the tests
-	fails, to take hokkigai.pdc.kth.se instead
-	
-	* lib/krb5/test_alname.c: add --version and --help
-	
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_warn.3: add krb5_get_err_text
-	
-	* lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
-	* lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
-	strlcpy, from openbsd
-	* kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
-	* appl/kf/kfd.c: use strlcpy, from openbsd
-	
-2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: fix for large file support in AIX, _LARGE_FILES
-	needs to be defined on the command line, since lex likes to
-	include stdio.h before we get to config.h
-
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
-	from Thomas Klausner <wiz@netbsd.org>
-	
-	* lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
-	<wiz@netbsd.org>
-
-2003-04-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c: fix some more memory leaks
-	
-2003-04-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-04-08  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
-	
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5_data.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5_address.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
-	* lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
-	* kuser/kinit.1: s/kerberos/Kerberos/
-	* kdc/kdc.8: s/kerberos/Kerberos/
-	
-2003-04-01  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/test_alname.c: more krb5_aname_to_localname tests
-	
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
-	converting too root, make sure user is ok according to
-	krb5_kuserok before allowing it.
-
-	* lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
-	
-	* lib/krb5/test_alname.c: add test for krb5_aname_to_localname
-	
-	* lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
-	instead of the "illegal" salt #~, same change as kth-krb did
-	1999. Problems occur with crypt() that behaves like AT&T crypt
-	(openssl does this). Pointed out by Marcus Watts.
-
-	* admin/change.c (kt_change): collect all principals we are going
-	to change, and pick the highest kvno and use that to guess what
-	kvno the resulting kvno is going to be. Now two ktutil change in a
-	row works. XXX fix the protocol to pass the kvno back.
-	
-2003-03-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
-	
-2003-03-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: add description on how to turn on v4, 524 and
-	kaserver support
-
-2003-03-29  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
-	and afs-use-524
-
-2003-03-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kerberos5.c (as_rep): when the second enctype_to_string
-	failes, remember to free memory from the first enctype_to_string
-
-	* lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
-	from Harald Joerg <harald.joerg@fujitsu-siemens.com>
-	(enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
-
-	* lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
-	length when key is longer then expected length, its probably
-	longer since the encrypted data was padded, reported by Aidan
-	Cully <aidan@kublai.com>
-
-	* lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
-	encyption type, inspired by Aidan Cully <aidan@kublai.com>
-	
-2003-03-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
-	(wildcard kvno) after principal when the keytab entry isn't found,
-	reported by Chris Chiappa <chris@chiappa.net>
-	
-2003-03-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/misc.texi: update 2b example to match reality (from
-	mattiasa@e.kth.se)
-
-	* doc/misc.texi: spelling and add `Configuring AFS clients'
-	subsection
-
-2003-03-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: add krb5_free_data_contents.3
-	
-	* lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
-	API
-
-	* lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
-	with MIT API
-	
-	* lib/krb5/krb5_verify_user.3: write more about how the ccache
-	argument should be inited when used
-	
-2003-03-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/addr_families.c (krb5_print_address): make sure
-	print_addr is defined for the given address type; make addrports
-	printable
-
-	* kdc/string2key.c: print the used enctype for kerberos 5 keys
-
-2003-03-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: add another arcfour test
-	
-2003-03-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
-	
-2003-03-20  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* lib/krb5/krb5_ccache.3: update .Dd
-
-	* lib/krb5/krb5.3: sort in krb5_data functions
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_data.3
-
-	* lib/krb5/krb5_data.3: document krb5_data
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
-	prompter is NULL, don't try to ask for a password to
-	change. reported by Iain Moffat @ ufl.edu via Howard Chu
-	<hyc@highlandsun.com>
-
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5_keytab.3: spelling, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-	* lib/krb5/krb5.conf.5: . means new line
-	
-	* lib/krb5/krb5.conf.5: spelling, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-	* lib/krb5/krb5_auth_context.3: spelling, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
-	
-	* lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
-	
-	* lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
-
-	* kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
-	#ifdef KRB4 from enable_v4_cross_realm since 524 needs it
-	
-	* kdc/config.c: 524 is independent of kerberos 4, so move out
-	enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
-	
-2003-03-17  Assar Westerlund  <assar@kth.se>
-
-	* kdc/kdc.8: document --kerberos4-cross-realm
-	* kdc/kerberos4.c: pay attention to enable_v4_cross_realm
-	* kdc/kdc_locl.h (enable_v4_cross_realm): add
-	* kdc/524.c (encode_524_response): check the enable_v4_cross_realm
-	flag before giving out v4 tickets for foreign v5 principals
-	* kdc/config.c: add --enable-kerberos4-cross-realm option (default
-	to off)
-
-2003-03-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
-	
-	* lib/krb5/krb5_aname_to_localname.3: manpage for
-	krb5_aname_to_localname
-
-	* lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
-	
-2003-03-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
-
-	* lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
-
-	* lib/krb5/krb5_set_default_realm.3: Manpage for
-	krb5_free_host_realm, krb5_get_default_realm,
-	krb5_get_default_realms, krb5_get_host_realm, and
-	krb5_set_default_realm.
-
-	* admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
-	<sobrado@acm.org> via NetBSD
-
-	* lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
-	
-	* lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
-	
-	* lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
-	
-	* lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
-	types, add krb5_fcc_ops and krb5_mcc_ops
-	
-	* lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
-	a id
-
-2003-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/intro.texi: add reference to source code, binaries and the
-	manual
-
-	* lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
-	
-2003-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/kdc.8: better/difrent english
-
-	* kdc/kdc.8: . -> .\n, copyright/license
-	
-	* kdc/kdc.8: changed configuration file -> restart kdc
-
-	* kdc/kerberos4.c: add krb4 into the most error messages written
-	to the logfile
-
-	* lib/krb5/krb5_ccache.3: add missing name of argument
-	(krb5_context) to most functions
-
-2003-03-13  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
-	function and return FALSE when there isn't a local account for
-	`luser'.
-
-	* lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
-	describing the function
-
-2003-03-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
-	returned memory, don't return ENOMEM
-
-2003-03-11  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.3: add krb5_address stuff and sort
-	
-	* lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
-	
-	* lib/krb5/Makefile.am (man_MANS): += krb5_address.3
-	
-	* lib/krb5/krb5_address.3: document types krb5_address and
-	krb5_addresses and their helper functions
-
-2003-03-10  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
-
-	* lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
-
-	* lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
-
-	* lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
-	
-	* lib/krb5/krb5.3: add more functions
-	
-	* lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
-	functions
-
-	* lib/krb5/krb5_kuserok.3: document krb5_kuserok
-	
-	* lib/krb5/krb5_verify_user.3: document
-	krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
-
-	* lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
-	krb5_verify_user_opt
-
-	* lib/krb5/*.[0-9]: add copyright/licenses on more manpages
-
-	* kuser/kdestroy.c (main): handle that krb5_cc_default_name can
-	return NULL
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
-	(TESTS): add test_cc
-
-	* lib/krb5/test_cc.c: test some
-	krb5_cc_default_name/krb5_cc_set_default_name combinations
-	
-	* lib/krb5/context.c (init_context_from_config_file): set
-	default_cc_name to NULL
-	(krb5_free_context): free default_cc_name if set
-
-	* lib/krb5/cache.c (krb5_cc_set_default_name): new function
-	(krb5_cc_default_name): use krb5_cc_set_default_name
-
-	* lib/krb5/krb5.h (krb5_context_data): add default_cc_name
-	
-2003-02-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* appl/kf/kf.1: s/securly/securely/ from NetBSD
-	
-2003-02-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/connect.c: s/intialize/initialize, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* configure.in: add AM_MAINTAINER_MODE
-	
-2003-02-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* **/*.[0-9]: add copyright/licenses on all manpages
-
-2003-14-16  Jacques Vidrine  <nectar@kth.se>
-
-	* lib/krb5/get_in_tkt.c (init_as_req): Send only a single
-	PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
-	type specified by the KDC.
-
-2003-02-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* fix-export: some autoconf put their version number in
-	autom4te.cache, so remove autom4te*.cache
-	
-	* fix-export: make sure $1 is a directory
-	
-2003-02-04  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-
-	* kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-01-31  Love H�rnquist �strand  <lha@it.su.se>
-
-	* kdc/hpropd.8: s/databases/a database/ s/Not/not/
-
-	* kdc/hprop.8: add missing .
-	
-2003-01-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
-	address, write out encryption type in sentences, s/Host/host
-	
-2003-01-26  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/asn1/check-gen.c: add checks for Authenticator too
-	
-2003-01-25  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/setup.texi: in the hprop example, use hprop and the first
-	component, not host
-
-	* lib/krb5/get_addrs.c (find_all_addresses): address-less
-	point-to-point might not have an address, just ignore
-	those. Reported by Harald Barth.
-
-2003-01-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/verify_krb5_conf.c (check_section): when key isn't
-	found, don't print out all known keys
-
-	* lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
-	and facility start resp
-	(check_log): find_value() returns -1 when key isn't found
-
-	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
-	'const void *' to avoid AES_KEY being exposed in krb5-private.h
-	
-	* lib/krb5/krb5.conf.5: add [kdc]use_2b
-
-	* kdc/524.c (encode_524_response): its 2b not b2
-	
-	* doc/misc.texi: quote @ where missing
-	
-	* lib/asn1/Makefile.am: add check-gen
-	
-	* lib/asn1/check-gen.c: add Principal check
-	
-	* lib/asn1/check-common.h: move generic asn1/der functions from
-	check-der.c to here
-
-	* lib/asn1/check-common.c: move generic asn1/der functions from
-	check-der.c to here
-
-	* lib/asn1/check-der.c: move out the generic asn1/der functions to
-	a common file
-
-2003-01-22  Love H�rnquist �strand  <lha@it.su.se>
-
-	* doc/misc.texi: more text about afs, how to get get your KeyFile,
-	and how to start use 2b tokens
-
-	* lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
-	<jmc@cvs.openbsd.org>
-	
-2003-01-21  Jacques Vidrine  <nectar@kth.se>
-
-	* kuser/kuser_locl.h: include crypto-headers.h for
-	des_read_pw_string prototype
-
-2003-01-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* admin/ktutil.8: document -v, --verbose
-
-	* admin/get.c (kt_get): make getarg usage consistent with other
-	other parts of ktutil
-
-	* admin/copy.c (kt_copy): remove adding verbose_flag to args
-	struct, since it will overrun the args array (from Sumit Bose)
-	
-2003-01-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
-	... }
-
-	* lib/krb5/aes-test.c: test vectors in aes-draft
-	
-	* lib/krb5/Makefile.am: add aes-test.c
-
-	* lib/krb5/crypto.c: Add support for AES
-	(draft-raeburn-krb-rijndael-krb-02), not enabled by default.
-	(HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
-	to support checksumtype that are have a shorter wireformat then
-	their output block size.
-	
-	* lib/krb5/crypto.c (struct encryption_type): split the blocksize
-	into blocksize and padsize, padsize is the minimum padding
-	size. they are the same for now
-	(enctype_*): add padsize
-	(encrypt_internal): use padsize
-	(encrypt_internal_derived): use padsize
-	(wrapped_length): use padsize
-	(wrapped_length_dervied): use padsize
-
-	* lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
-	function for each enctype in preparation enctypes that uses
-	`Encryption and Checksum Specifications for Kerberos 5' draft
-	
-	* lib/asn1/k5.asn1: add checksum and enctype for AES from
-	draft-raeburn-krb-rijndael-krb-02.txt
-
-	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
-	KEYTYPE_AES256
-
-2003-01-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* lib/hdb/common.c (_hdb_fetch): handle error code from
-	hdb_value2entry
-
-	* kdc/Makefile.am: always include kerberos4.c and 524.c in
-	kdc_SOURCES to support 524
-
-	* kdc/524.c: always compile in support for 524
-	
-	* kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
-	
-	* kdc/config.c: always compile in support for 524
-	
-	* kdc/connect.c: always compile in support for 524
-	
-	* kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
-	even when we build without kerberos 4, 524 needs them
-	
-	* lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
-	Kerberos 4 help functions/structures so other parts of the source
-	tree can use it (like the KDC)
-
diff --git a/crypto/heimdal/ChangeLog.1998 b/crypto/heimdal/ChangeLog.1998
deleted file mode 100644
index f26dba777ed2..000000000000
--- a/crypto/heimdal/ChangeLog.1998
+++ /dev/null
@@ -1,3201 +0,0 @@
-Sat Dec  5 19:49:34 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/context.c: remove ktype_is_etype
-
-	* lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
-
-	* configure.in: fix for AIX install; better tests for AIX dynamic
- 	AFS libs; `--enable-new-des3-code'
-
-Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* appl/afsutil/Makefile.am: link with extra libs for aix
-
-	* kuser/Makefile.am: link with extra libs for aix
-
-Sun Nov 29 01:56:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add.  almost
- 	the same as krb5_get_all_client_addrs except that it includes
- 	loopback addresses
-
-	* kdc/connect.c (init_socket): bind to a particular address
-	(init_sockets): get all local addresses and bind to them all
-
-	* lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
- 	methods
-	(find_af, find_atype): new functions.  use them.
-
-	* configure.in: add hesiod
-
-Wed Nov 25 11:37:48 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
-
-Mon Nov 23 12:53:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/log.c: rename delete -> remove
-
-	* lib/kadm5/delete_s.c: rename delete -> remove
-
-	* lib/hdb/common.c: rename delete -> remove
-
-Sun Nov 22 12:26:26 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: check for environ and `struct spwd'
-
-Sun Nov 22 11:42:45 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
- 	ktype_is_etype
-
-	* lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
- 	etypes
-	(em): sort entries
-
-Sun Nov 22 06:54:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c: more type correctness
-
-	* lib/krb5/get_cred.c: re-structure code.  remove limits on ASN1
- 	generated bits.
-
-Sun Nov 22 01:49:50 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kdc/hprop.c (v4_prop): fix bogus indexing
-
-Sat Nov 21 21:39:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/verify_init.c (fail_verify_is_ok): new function
-	(krb5_verify_init_creds): if we cannot get a ticket for
-	host/`hostname` and fail_verify_is_ok just return.  use
- 	krb5_rd_req
-
-Sat Nov 21 23:12:27 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/free.c (krb5_xfree): new function
-
-	* lib/krb5/creds.c (krb5_free_creds_contents): new function
-
-	* lib/krb5/context.c: more type correctness
-
-	* lib/krb5/checksum.c: more type correctness
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): more type
- 	correctness
-
-	* lib/asn1/der_get.c (der_get_length): fix test of len
-	(der_get_tag): more type correctness
-
-	* kuser/klist.c (usage): void-ize
-
-	* admin/ktutil.c (kt_remove): some more type correctness.
-
-Sat Nov 21 16:49:20 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kuser/klist.c: try to list enctypes as keytypes
-
-	* kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
- 	to set list of enctypes to use
-
-	* kadmin/load.c: load strings as hex
-
-	* kadmin/dump.c: dump hex as string is possible
-
-	* admin/ktutil.c: use print_version()
-
-	* configure.in, acconfig.h: test for hesiod
-
-Sun Nov 15 17:28:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/crypto.c: add some crypto debug code
-
-	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
- 	buffer when encoding ticket
-
-	* lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
-
-	* kdc/kerberos5.c: allow mis-match of tgt session key, and service
- 	session key
-
-	* admin/ktutil.c: keytype -> enctype
-
-Fri Nov 13 05:35:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
-	
-Sat Nov  7 19:56:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (add_cred): add termination NULL pointer
-
-Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c: adapt to new crypto api
-
-	* lib/krb5/rd_rep.c: adapt to new crypto api
-
-	* lib/krb5/rd_priv.c: adopt to new crypto api
-
-	* lib/krb5/rd_cred.c: adopt to new crypto api
-
-	* lib/krb5/principal.c: ENOMEM -> ERANGE
-
-	* lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
-
-	* lib/krb5/mk_req_ext.c: adopt to new crypto api
-
-	* lib/krb5/mk_req.c: get enctype from auth_context keyblock
-
-	* lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
-
-	* lib/krb5/mk_priv.c: adopt to new crypto api
-
-	* lib/krb5/keytab.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
-
-	* lib/krb5/get_in_tkt.c: adopt to new crypto api
-
-	* lib/krb5/get_cred.c: adopt to new crypto api
-
-	* lib/krb5/generate_subkey.c: use new crypto api
-
-	* lib/krb5/context.c: rename etype functions to enctype ditto
-
-	* lib/krb5/build_auth.c: use new crypto api
-
-	* lib/krb5/auth_context.c: remove enctype and cksumtype from
- 	auth_context
-
-Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
-
-Tue Sep 15 18:41:38 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* admin/ktutil.c: fix printing of unrecognized keytypes
-
-Tue Sep 15 17:02:33 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
- 	using AFS3 salt
-
-Tue Aug 25 23:30:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
- 	`use_admin_kdc'
-
-	* lib/krb5/changepw.c (get_kdc_address): use
- 	krb5_get_krb_admin_hst
-
-	* lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
-
-	* lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
-
-	* lib/krb5/context.c (krb5_get_use_admin_kdc,
- 	krb5_set_use_admin_kdc): new functions
-
-Tue Aug 18 22:24:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/crypto.c: remove all calls to abort(); check return
- 	value from _key_schedule;
-	(RSA_MD[45]_DES_verify): zero tmp and res;
-	(RSA_MD5_DES3_{verify,checksum}): implement
-
-Mon Aug 17 20:18:46 1998  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos4.c (swap32): conditionalize
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
- 	returned from gethostby*() isn't a FQDN, try with the original
- 	hostname
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
- 	and correct key usage
-
-	* lib/krb5/crypto.c (verify_checksum): make static
-
-	* admin/ktutil.c (kt_list): use krb5_enctype_to_string
-
-Sun Aug 16 20:57:56 1998  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
-
-	* kadmin/ank.c (ank): print principal name in prompt
-
-	* lib/krb5/crypto.c (hmac): always allocate space for checksum.
-  	never trust c.checksum.length
-	(_get_derived_key): try to return the derived key
-
-Sun Aug 16 19:48:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
-	(get_checksum_key): assume usage is `formatted'
-	(create_checksum,verify_checksum): moved the guts of the krb5_*
-	functions here, both take `formatted' key-usages
-	(encrypt_internal_derived): fix various bogosities
-	(derive_key): drop key_type parameter (already given by the
-	encryption_type)
-
-	* kdc/kerberos5.c (check_flags): handle case where client is NULL
-
-	* kdc/connect.c (process_request): return zero after processing
- 	kerberos 4 request
-
-Sun Aug 16 18:38:15 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/crypto.c: merge x-*.[ch] into one file
-
-	* lib/krb5/cache.c: remove residual from krb5_ccache_data
-
-Fri Aug 14 16:28:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
- 	separate function (will eventually end up someplace else)
-
-	* lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
-
-	* configure.in, acconfig.h: test for four valued krb_put_int
-
-Thu Aug 13 23:46:29 1998  Assar Westerlund  <assar@emma.pdc.kth.se>
-
-	* Release 0.0t
-
-Thu Aug 13 22:40:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c (parse_binding): remove trailing
- 	whitespace
-
-Wed Aug 12 20:15:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
- 	to krb5_create_checksum
-
-	* lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
- 	few typos
-
-Wed Aug  5 12:39:54 1998  Assar Westerlund  <assar@emma.pdc.kth.se>
-
-	* Release 0.0s
-
-Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
-
-Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kdc_locl.h: proto for `get_des_key'
-
-	* configure.in: test for four valued el_init
-
-	* kuser/klist.c: keytype -> enctype
-
-	* kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
-
-	* kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
-
-	* kdc/kaserver.c: use `get_des_key'
-
-	* kdc/524.c: use new crypto api
-
-	* kdc/kerberos4.c: use new crypto api
-
-	* kdc/kerberos5.c: always treat keytypes as enctypes; use new
- 	crypto api
-
-	* kdc/kstash.c: adapt to new crypto api
-
-	* kdc/string2key.c: adapt to new crypto api
-
-	* admin/srvconvert.c: add keys for all possible enctypes
-
-	* admin/ktutil.c: keytype -> enctype
-
-	* lib/gssapi/init_sec_context.c: get enctype from auth_context
- 	keyblock
-
-	* lib/hdb/hdb.c: remove hdb_*_keytype2key
-
-	* lib/kadm5/set_keys.c: adapt to new crypto api
-
-	* lib/kadm5/rename_s.c: adapt to new crypto api
-
-	* lib/kadm5/get_s.c: adapt to new crypto api
-
-	* lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
- 	des-cbc-md5, and des3-cbc-sha1
-
-	* lib/krb5/heim_err.et: error message for unsupported salt
-
-	* lib/krb5/codec.c: short-circuit these functions, since they are
- 	not needed any more
-
-	* lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
-
-Mon Jul 13 23:00:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
- 	hostent->h_addr_list, use a copy instead
-
-Mon Jul 13 15:00:31 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/config_file.c (parse_binding, parse_section): make sure
- 	everything is ok before adding to linked list
-
-	* lib/krb5/config_file.c: skip ws before checking for comment
-
-Wed Jul  8 10:45:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/k5.asn1: hmac-sha1-des3 = 12
-
-Tue Jun 30 18:08:05 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
- 	unopened file
-
-	* lib/krb5/mk_priv.c: realloc correctly
-
-	* lib/krb5/get_addrs.c (find_all_addresses): init j
-
-	* lib/krb5/context.c (krb5_init_context): print error if parsing
- 	of config file produced an error.
-
-	* lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
- 	ignore more spaces
-
-	* lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
- 	krb5_encode_ETYPE_INFO): initialize `ret'
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): realloc
- 	correctly
-
-	* lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
-
-	* lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
- 	with default_client
-
-	* kuser/kinit.c (main): initialize `ticket_life'
-
-	* kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
-	(tgs_rep2): initialize `krbtgt'
-
-	* kdc/connect.c (do_request): check for errors from `sendto'
-
-	* kdc/524.c (do_524): initialize `ret'
-
-	* kadmin/util.c (foreach_principal): don't clobber `ret'
-
-	* kadmin/del.c (del_entry): don't apply on zeroth argument
-
-	* kadmin/cpw.c (do_cpw_entry): initialize `ret'
-
-Sat Jun 13 04:14:01 1998  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.0r
-
-Sun Jun  7 04:13:14 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c: fall-back definition of
- 	IN6_ADDR_V6_TO_V4
-
-	* configure.in: only set CFLAGS if it wasn't set look for
- 	dn_expand and res_search
-
-Mon Jun  1 21:28:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: remove duplicate seteuid
-
-Sat May 30 00:19:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
- 	runtime dependencies on libkrb with some shared library
- 	implementations
-
-Fri May 29 00:09:02 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/kinit_options.c: Default options for kinit.
-
-	* kuser/kauth_options.c: Default options for kauth.
-
-	* kuser/kinit.c: Implement lots a new options.
-
-	* kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
- 	is not NULL; set endtime to min of new starttime + old_life, and
- 	requested endtime
-
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): if the
- 	forwardable or proxiable flags are set in options, set the
- 	kdc-flags to the value specified, and not always to one
-
-Thu May 28 21:28:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Optionally compare client address to addresses
- 	in ticket.
-
-	* kdc/connect.c: Pass client address to as_rep() and tgs_rep().
-
-	* kdc/config.c: Add check_ticket_addresses, and
- 	allow_null_ticket_addresses variables.
-
-Tue May 26 14:03:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/create_s.c: possibly make DES keys version 4 salted
-
-	* lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
- 	before zapping version 4 salts
-
-Sun May 24 05:22:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0q
-
-	* lib/krb5/aname_to_localname.c: new file
-
-	* lib/gssapi/init_sec_context.c (repl_mutual): no output token
-
-	* lib/gssapi/display_name.c (gss_display_name): zero terminate
- 	output.
-
-Sat May 23 19:11:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/display_status.c: new file
-
-	* Makefile.am: send -I to aclocal
-
-	* configure.in: remove duplicate setenv
-
-Sat May 23 04:55:19 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/util.c (foreach_principal): Check for expression before
- 	wading through the whole database.
-
-	* kadmin/kadmin.c: Pass NULL password to
- 	kadm5_*_init_with_password.
-
-	* lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
- 	of `password' parameter to init_with_password.
-
-	* lib/kadm5/init_s.c: implement init_with_{skey,creds}*
-
-	* lib/kadm5/server.c: Better arguments for
- 	kadm5_init_with_password.
-
-Sat May 16 07:10:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c: conditionalize ka-server reading support on
- 	KASERVER_DB
-
-	* configure.in: new option `--enable-kaserver-db'
-
-Fri May 15 19:39:18 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_cred.c: Better error if local tgt couldn't be
- 	found.
-
-Tue May 12 21:11:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0p
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
- 	encryption type in auth_context if it's compatible with the type
- 	of the session key
-
-Mon May 11 21:11:14 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop.c: add support for ka-server databases
-
-	* appl/ftp/ftpd: link with -lcrypt, if needed
-
-Fri May  1 07:29:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: don't test for winsock.h
-
-Sat Apr 18 21:43:11 1998  Johan Danielsson  <joda@puffer.pdc.kth.se>
-
-	* Release 0.0o
-
-Sat Apr 18 00:31:11 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/sock_principal.c: Save hostname.
-
-Sun Apr  5 11:29:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
-
-	* kdc/hprop.c (v4_prop): Check for null key.
-
-Fri Apr  3 03:54:54 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/str2key.c: Fix DES3 string-to-key.
-
-	* lib/krb5/keytab.c: Get default keytab name from context.
-
-	* lib/krb5/context.c: Get `default_keytab_name' value.
-
-	* kadmin/util.c (foreach_principal): Print error message if
- 	`kadm5_get_principals' fails.
-
-	* kadmin/kadmind.c: Use `kadmind_loop'.
-
-	* lib/kadm5/server.c: Replace several other functions with
- 	`kadmind_loop'.
-
-Sat Mar 28 09:49:18 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
- 	of O_APPEND
-
-	* configure.in: generate ftp Makefiles
-
-	* kuser/klist.c (print_cred_verbose): print IPv4-address in a
- 	portable way.
-
-	* admin/srvconvert.c (srvconv): return 0 if successful
-
-Tue Mar 24 00:40:33 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
- 	keytab entries, and change default keytab to `/etc/krb5.keytab'.
-
-Mon Mar 23 23:43:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
-
-	* lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
-  	Fix bug in checking of pad.
-
-	* lib/gssapi/{un,}wrap.c: Add support for just integrity
- 	protecting data.
- 	
-	* lib/gssapi/accept_sec_context.c: Use
- 	`gssapi_krb5_verify_8003_checksum'.
-
-	* lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
-
-	* lib/gssapi/init_sec_context.c: Zero cred, and store session key
- 	properly in auth-context.
-
-Sun Mar 22 00:47:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/delete_s.c: Check immutable bit.
-
-	* kadmin/kadmin.c: Pass client name to kadm5_init.
-
-	* lib/kadm5/init_c.c: Get creds for client name passed in.
-
-	* kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
-
-Sat Mar 21 22:57:13 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/mk_error.c: Verify that error_code is in the range
- 	[0,127].
-
-	* kdc/kerberos5.c: Move checking of principal flags to new
- 	function `check_flags'.
-
-Sat Mar 21 14:38:51 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
-
-	* configure.in: define SunOS if running solaris
-
-Sat Mar 21 00:26:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/server.c: Unifdef test for same principal when
- 	changing password.
-
-	* kadmin/util.c: If kadm5_get_principals failes, we might still be
- 	able to perform the requested opreration (for instance someone if
- 	trying to change his own password).
-
-	* lib/kadm5/init_c.c: Try to get ticket via initial request, if
- 	not possible via tgt.
-
-	* lib/kadm5/server.c: Check for principals changing their own
- 	passwords.
-
-	* kdc/kerberos5.c (tgs_rep2): check for interesting flags on
- 	involved principals.
-
-	* kadmin/util.c: Fix order of flags.
-
-Thu Mar 19 16:54:10 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
-
-Wed Mar 18 17:11:47 1998  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
-
-Wed Mar 18 09:58:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
- 	free keyseed; use correct keytab
-
-Tue Mar 10 09:56:16 1998  Assar Westerlund  <assar@sics.se>
-
-	* acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
-
-Mon Mar 16 23:58:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0n
-
-Fri Mar  6 00:41:30 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/gssapi/{accept_sec_context,release_cred}.c: Use
-	krb5_kt_close/krb5_kt_resolve.
-	
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
- 	to lookup hosts, so CNAMEs can be ignored.
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
- 	Add support for using proxy.
-
-	* lib/krb5/context.c: Initialize `http_proxy' from
- 	`libdefaults/http_proxy'.
-
-	* lib/krb5/krb5.h: Add `http_proxy' to context.
-
-	* lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
- 	specifications.
-
-Wed Mar  4 01:47:29 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/ktutil.c: Implement `add' and `remove' functions. Make
- 	`--keytab' a global option.
-
-	* lib/krb5/keytab.c: Implement remove with files. Add memory
- 	operations.
-
-Tue Mar  3 20:09:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/keytab.c: Use function pointers.
-
-	* admin: Remove kdb_edit.
-
-Sun Mar  1 03:28:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/dump_log.c: print operation names
-
-Sun Mar  1 03:04:12 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
-	
-	* lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
- 	remove arbitrary limit
-
-	* kdc/hprop-common.c: use krb5_{read,write}_message
-
-	* lib/kadm5/ipropd_master.c (send_diffs): more careful use
- 	krb5_{write,read}_message
-
-	* lib/kadm5/ipropd_slave.c (get_creds): get credentials for
- 	`iprop/master' directly.
-	(main): use `krb5_read_message'
-
-Sun Mar  1 02:05:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/kadmin.c: Cleanup commands list, and add help strings.
-
-	* kadmin/get.c: Add long, short, and terse (equivalent to `list')
- 	output formats. Short is the default.
-
-	* kadmin/util.c: Add `include_time' flag to timeval2str.
-
-	* kadmin/init.c: Max-life and max-renew can, infact, be zero.
-
-	* kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
-
-	* kadmin/util.c: Add function `foreach_principal', that loops over
- 	all principals matching an expression.
-
-	* kadmin/kadmin.c: Add usage string to `privileges'.
-
-	* lib/kadm5/get_princs_s.c: Also try to match aganist the
- 	expression appended with `@default-realm'.
-
-	* lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
- 	excludes the realm if it's the same as the default realm.
-
-Fri Feb 27 05:02:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
- 	headers and functions error -> com_err
-
- 	(krb5_get_init_creds_keytab): use krb5_keytab_key_proc
-
-	* lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
- 	global
-
-	* lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
-
-	* lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
-
-Fri Feb 27 04:49:24 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
-  	This should be fixed the correct way.
-
-	* lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
-	(send_diffs): compare versions correctly
-	(main): reorder handling of events
-
-	* lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
-
-Thu Feb 26 02:22:35 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/ipropd_{slave,master}.c: new files
-
-	* lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
- 	argument
-
-	* lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
- 	et_list *'
-
-	* aux/make-proto.pl: Should work with perl4
-
-Mon Feb 16 17:20:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
- 	{asn1,krb5}_err.h).
-
-Thu Feb 12 03:28:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
- 	is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
-
-	* lib/kadm5/log.c (get_version): globalize
-
-	* lib/kadm5/kadm5_locl.h: include <sys/file.h>
-
-	* lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
-
-	* kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
- 	initializing local struct in declaration.
-
-Sat Jan 31 17:28:58 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/524.c: Use krb5_decode_EncTicketPart.
-
-	* kdc/kerberos5.c: Check at runtime whether to use enctypes
- 	instead of keytypes. If so use the same value to encrypt ticket,
- 	and kdc-rep as well as `keytype' for session key. Fix some obvious
- 	bugs with the handling of additional tickets.
-
-	* lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
- 	krb5_decode_Authenticator.
-
-	* lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
-
-	* lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
-
-	* lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
- 	type, and not a key type.  Use krb5_encode_EncAPRepPart.
-
-	* lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
-
-	* lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
-
-	* lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
-
-	* lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
-
-	* lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
-
-	* lib/krb5/codec.c: Enctype conversion stuff.
-
-	* lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
- 	setuid. Get configuration for libdefaults ktype_is_etype, and
- 	default_etypes.
-
-	* lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
- 	krb5_convert_etype to krb5_decode_keytype, and add
- 	krb5_decode_keyblock.
-
-Fri Jan 23 00:32:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
-
-	* lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
- 	from protocol keytypes (that really are enctypes) to internal
- 	representation.
-
-Thu Jan 22 21:24:36 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
- 	on keys in the database; and also a new `pa-key-info' padata-type.
-
-	* kdc/kerberos5.c: If pre-authentication fails, return a list of
- 	keytypes, salttypes, and salts.
-
-	* lib/krb5/init_creds_pw.c: Add better support for
- 	pre-authentication, by looking at hints from the KDC.
-
-	* lib/krb5/get_in_tkt.c: Add better support for specifying what
- 	pre-authentication to use.
-
-	* lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
- 	KEYTYPE_DES_AFS3.
-
-	* lib/krb5/krb5.h: Add pre-authentication structures.
-
-	* kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
-
-Wed Jan 21 06:20:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
- 	`log_context.socket_name' and `log_context.socket_fd'
-
-	* lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
- 	to inform the possible running ipropd of an update.
-
-Wed Jan 21 01:34:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt.c: Return error-packet to caller.
-
-	* lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
-
-	* kdc/kerberos5.c: Add some support for using enctypes instead of
- 	keytypes.
-
-	* lib/krb5/get_cred.c: Fixes to send authorization-data to the
- 	KDC.
-
-	* lib/krb5/build_auth.c: Only generate local subkey if there is
- 	none.
-
-	* lib/krb5/krb5.h: Add krb5_authdata type.
-
-	* lib/krb5/auth_context.c: Add
- 	krb5_auth_con_set{,localsub,remotesub}key.
-
-	* lib/krb5/init_creds_pw.c: Return some error if prompter
- 	functions return failure.
-
-Wed Jan 21 01:16:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd.c: detect bad password.  use krb5_err.
-
-	* kadmin/util.c (edit_entry): remove unused variables
-
-Tue Jan 20 22:58:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
-
-	* lib/kadm5/kadm5_locl.h: add kadm5_log_context and
- 	kadm5_log*-functions
-
-	* lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
- 	log
-
-	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
- 	log
-
-	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
- 	log_context
-
-	* lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
- 	log
-
-	* lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
- 	log
-
-	* lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
- 	log
-
-	* lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
- 	log
-
-	* lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
-
-	* lib/kadm5/replay_log.c: new file
-
-	* lib/kadm5/dump_log.c: new file
-
-	* lib/kadm5/log.c: new file
-
-	* lib/krb5/str2key.c (get_str): initialize pad space to zero
-
-	* lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
-
-	* kpasswd/kpasswdd.c: rewritten to use the kadm5 API
-
-	* kpasswd/Makefile.am: link with kadm5srv
-
-	* kdc/kerberos5.c (tgs_rep): initialize `i'
-
-	* kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
-
-	* include/Makefile.am: added admin.h
-
-Sun Jan 18 01:41:34 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
-
-	* lib/krb5/mcache.c (mcc_store_cred): restore linked list if
- 	copy_creds fails.
-
-Tue Jan  6 04:17:56 1998  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
-
-	* lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
-
-	* lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
- 	krb5_getportbyname
-
-	* kadmin/kadmind.c (main): htons correctly.
-	moved kadm5_server_{recv,send}
-
-	* kadmin/kadmin.c (main): only set admin_server if explicitly
- 	given
-
-Mon Jan  5 23:34:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb/ndbm.c: Implement locking of database.
-
-	* kdc/kerberos5.c: Process AuthorizationData.
-
-Sat Jan  3 22:07:07 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/string2key.c: Use AFS string-to-key from libkrb5.
-
-	* lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
-
-	* lib/krb5/krb5.h: Add value for AFS salts.
-
-	* lib/krb5/str2key.c: Add support for AFS string-to-key.
-
-	* lib/kadm5/rename_s.c: Use correct salt.
-
-	* lib/kadm5/ent_setup.c: Always enable client. Only set max-life
- 	and max-renew if != 0.
-
-	* lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
-
-Thu Dec 25 17:03:25 1997  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/ank.c (ank): don't zero password if --random-key was
- 	given.
-
-Tue Dec 23 01:56:45 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0m
-
-	* lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
-
-	* kadmin/util.c (edit_time): only set mask if != 0
-	(edit_attributes): only set mask if != 0
-
-	* kadmin/init.c (init): create `default'
-
-Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/util.c (str2deltat, str2attr, get_deltat): return value
- 	as pointer and have return value indicate success.
-	
-	(get_response): check NULL from fgets
-	
-	(edit_time, edit_attributes): new functions for reading values and
-	offering list of answers on '?'
-	
-	(edit_entry): use edit_time and edit_attributes
-
-	* kadmin/ank.c (add_new_key): test the return value of
- 	`krb5_parse_name'
-
-	* kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
- 	that the checksum has to be keyed, even though later drafts do.
-  	Accept unkeyed checksums to be compatible with MIT.
-
-	* kadmin/kadmin_locl.h: add some prototypes.
-
-	* kadmin/util.c (edit_entry): return a value
-
-	* appl/afsutil/afslog.c (main): return a exit code.
-
-	* lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
-
-	* lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): use
- 	krb5_{free,copy}_keyblock instead of the _contents versions
-
-Fri Dec 12 14:20:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
-
-Mon Dec  8 08:48:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
-
-Sat Dec  6 10:09:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
-	keyblock
-
-Sat Dec  6 08:26:10 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0l
-
-Thu Dec  4 03:38:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/send_to_kdc.c: Add TCP client support.
-
-	* lib/krb5/store.c: Add k_{put,get}_int.
-
-	* kadmin/ank.c: Set initial kvno to 1.
-
-	* kdc/connect.c: Send version 5 TCP-reply as length+data.
-
-Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
-
-	* kdc/kaserver.c (create_reply_ticket): use a random nonce in the
- 	reply packet.
-
-	* kdc/connect.c (init_sockets): less reallocing.
-
-	* **/*.c: changed `struct fd_set' to `fd_set'
-
-Sat Nov 29 05:12:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_default_principal.c: More guessing.
-
-Thu Nov 20 02:55:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/rd_req.c: Use principal from ticket if no server is
- 	given.
-
-Tue Nov 18 02:58:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/klist.c: Use krb5_err*().
-
-Sun Nov 16 11:57:43 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
- 	commands.
-
-Sun Nov 16 02:52:20 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
- 	`enctype'
-
-	* lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
- 	if set.
-
-	* lib/krb5/get_cred.c: handle the case of a specific keytype
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
- 	parameter instead of guessing it.
-
-	* lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
- 	`enctype'
-
-	* appl/test/common.c (common_setup): don't use `optarg'
-
-	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
-	(krb5_kt_get_entry): retrieve the latest version if kvno == 0
-
-	* lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
-
-	* lib/krb5/creds.c (krb5_compare_creds): check for
- 	KRB5_TC_MATCH_KEYTYPE
-
-	* lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
- 	unused variable
-
-	* lib/krb5/creds.c (krb5_copy_creds_contents): only free the
- 	contents if we fail.
-
-Sun Nov 16 00:32:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kpasswd/kpasswdd.c: Get password expiration time from config
- 	file.
-
-	* lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
-
-Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
- 	restructured and fixed.
-
-	* lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
-
-Wed Nov 12 01:36:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
- 	methods fail.
-
-Tue Nov 11 22:22:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin/kadmin.c: Add `-l' flag to use local database.
-
-	* lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
-
-	* lib/kadm5: Use function pointer trampoline for easier dual use
- 	(without radiation-hardening capability).
-
-Tue Nov 11 05:15:22 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/encrypt.c (krb5_etype_valid): new function
-
-	* lib/krb5/creds.c (krb5_copy_creds_contents): zero target
-
-	* lib/krb5/context.c (valid_etype): remove
-
-	* lib/krb5/checksum.c: remove dead code
-
-	* lib/krb5/changepw.c (send_request): free memory on error.
-
-	* lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
- 	from malloc.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
- 	failure correctly.
-	(krb5_auth_con_setaddrs_from_fd): return error correctly.
-
-	* lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
-
-Tue Nov 11 02:53:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/auth_context.c: Implement auth_con_setuserkey.
-
-	* lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
-
-	* lib/krb5/keyblock.c: Rename krb5_free_keyblock to
- 	krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
-
-	* lib/krb5/rd_req.c: Use auth_context->keyblock if
- 	ap_options.use_session_key.
-
-Tue Nov 11 02:35:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
-	fix callers.
-
-	* lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
-
-	* include/Makefile.am: add xdbm.h
-
-Tue Nov 11 01:58:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
-
-Mon Nov 10 22:41:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/ticket.c: Implement copy_ticket.
-
-	* lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
-
-	* lib/krb5/data.c: Implement free_data and copy_data.
-
-Sun Nov  9 02:17:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
-
-	* kadmin/kadmin.c: Add get_privileges function.
-
-	* lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
- 	specification.
-
-	* kdc/connect.c: Exit if no sockets could be bound.
-
-	* kadmin/kadmind.c: Check return value from krb5_net_read().
-
-	* lib/kadm5,kadmin: Fix memory leaks.
-
-Fri Nov  7 02:45:26 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/kadm5/create_s.c: Get some default values from `default'
- 	principal.
-
-	* lib/kadm5/ent_setup.c: Add optional default entry to get some
- 	values from.
-
-Thu Nov  6 00:20:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/error/compile_et.awk: Remove generated destroy_*_error_table
- 	prototype
-
-	* kadmin/kadmind.c: Crude admin server.
-
-	* kadmin/kadmin.c: Update to use remote protocol.
-
-	* kadmin/get.c: Fix principal formatting.
-
-	* lib/kadm5: Add client support.
-
-	* lib/kadm5/error.c: Error code mapping.
-
-	* lib/kadm5/server.c: Kadmind support function.
-
-	* lib/kadm5/marshall.c: Kadm5 marshalling.
-
-	* lib/kadm5/acl.c: Simple acl system.
-
-	* lib/kadm5/kadm5_locl.h: Add client stuff.
-
-	* lib/kadm5/init_s.c: Initialize acl.
-
-	* lib/kadm5/*:  Return values.
-
-	* lib/kadm5/create_s.c: Correct kvno.
-
-Wed Nov  5 22:06:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/log.c: Fix parsing of log destinations.
-
-Mon Nov  3 20:33:55 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
-
-Sat Nov  1 01:40:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kadmin: Simple kadmin utility.
-
-	* admin/ktutil.c: Print keytype.
-
-	* lib/kadm5/get_s.c: Set correct n_key_data.
-
-	* lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
- 	master key.
-
-	* lib/kadm5/destroy_s.c: Check for allocated context.
-
-	* lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
-
-Sat Nov  1 00:21:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: test for readv, writev
-
-Wed Oct 29 23:41:26 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/warn.c (_warnerr): handle the case of an illegal error
- 	code
-
-	* kdc/kerberos5.c (encode_reply): return success
-
-Wed Oct 29 18:01:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c (find_etype) Return correct index of selected
- 	etype.
-
-Wed Oct 29 04:07:06 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0k
-
-	* lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
- 	environment variable
-
-	* *: use the roken_get*-macros from roken.h for the benefit of
- 	Crays.
-
-	* configure.in: add --{enable,disable}-otp.  check for compatible
- 	prototypes for gethostbyname, gethostbyaddr, getservbyname, and
- 	openlog (they have strange prototypes on Crays)
-
-	* acinclude.m4: new macro `AC_PROTO_COMPAT'
-
-Tue Oct 28 00:11:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: Log bad requests.
-
-	* kdc/kerberos5.c: Move stuff that's in common between as_rep and
- 	tgs_rep to separate functions.
-
-	* kdc/kerberos5.c: Fix user-to-user authentication.
-
-	* lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
- 	  - add a kdc-options argument to krb5_get_credentials, and rename
-	    it to krb5_get_credentials_with_flags
-	  - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
-	  - add some more user-to-user glue
-
-	* lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
- 	function, krb5_decrypt_ticket, so it is easier to decrypt and
- 	check a ticket without having an ap-req.
-
-	* lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
- 	flags.
-
-	* lib/krb5/crc.c (crc_init_table): Check if table is already
- 	inited.
-
-Sun Oct 26 04:51:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
- 	indefinite encoding.
-
-	* lib/asn1/gen_glue.c (generate_units): Check for empty
- 	member-list.
-
-Sat Oct 25 07:24:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/error/compile_et.awk: Allow specifying table-base.
-
-Tue Oct 21 20:21:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Check version number of krbtgt.
-
-Mon Oct 20 01:14:53 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
- 	case of unhidden prompts.
-
-	* lib/krb5/str2key.c (string_to_key_internal): return error
- 	instead of aborting.  always free memory
-
-	* admin/ktutil.c: add `help' command
-
-	* admin/kdb_edit.c: implement new commands: add_random_key(ark),
- 	change_password(cpw), change_random_key(crk)
-
-Thu Oct 16 05:16:36 1997  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: change all the keys in the database
-
-	* kdc: removed all unsealing, now done by the hdb layer
-
-	* lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
- 	and `hdb_clear_master_key'
-
-	* admin/misc.c: removed
-
-Wed Oct 15 22:47:31 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c: print year as YYYY iff verbose
-
-Wed Oct 15 20:02:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/klist.c: print etype from ticket
-
-Mon Oct 13 17:18:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0j
-
-	* lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
- 	used to decrypt the reply from DCE secds.
-
-	* lib/krb5/auth_context.c: Add {get,set}enctype.
-
-	* lib/krb5/get_cred.c: Fix for DCE secd.
-
-	* lib/krb5/store.c: Store keytype twice, as MIT does.
-
-	* lib/krb5/get_in_tkt.c: Use etype from reply.
-
-Fri Oct 10 00:39:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: check for leading '/' in http request
-
-Tue Sep 30 21:50:18 1997  Assar Westerlund  <assar@assaris.pdc.kth.se>
-
-	* Release 0.0i
-
-Mon Sep 29 15:58:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
- 	the kvno or keytype before receiving the AP-REQ
-
-	* lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
- 	use from the keytype.
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
- 	cksumtype to use from the keytype.
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
- 	from the keytype.
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
- 	what etype to use from the keytype.
-
-	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
- 	handle other key types than DES
-
-	* lib/krb5/encrypt.c (key_type): add `best_cksumtype'
-	(krb5_keytype_to_cksumtype): new function
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): figure out
- 	what etype to use from the keytype.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
- 	and `enctype' to 0
-
-	* admin/extkeytab.c (ext_keytab): extract all keys
-
-	* appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
-
-	* configure.in: check for <netinet6/in6.h>. check for -linet6
-	
-Tue Sep 23 03:00:53 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
-
-	* lib/krb5/rd_safe.c: fix check for keyed and collision-proof
- 	checksum
-
-	* lib/krb5/context.c (valid_etype): remove hard-coded constants
-	(default_etypes): include DES3
-
-	* kdc/kerberos5.c: fix check for keyed and collision-proof
- 	checksum
-
-	* admin/util.c (init_des_key, set_password): DES3 keys also
-
- 	* lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
- 	no contact?
-
-	* lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
-
-Mon Sep 22 11:44:27 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
- 	the client is used to select wich key to encrypt the kdc rep with
- 	(in case of as-req), and with the server info to select the
- 	session key type. The server key the ticket is encrypted is based
- 	purely on the keys in the database.
-
-	* kdc/string2key.c: Add keytype support. Default to version 5
- 	keys.
-
-	* lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
-
-	* lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
- 	many *_to_* functions.
-
-	* lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
- 	to krb5_string_to_key().
-
-	* lib/krb5/checksum.c: Some cleanup, and added: 
-	  - rsa-md5-des3 
-	  - hmac-sha1-des3 
-	  - keyed and collision proof flags to each checksum method
-	  - checksum<->string functions.
-
-	* lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
-
-Sun Sep 21 15:19:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c: use new addr_families functions
-
-	* kpasswd/kpasswdd.c: use new addr_families functions.  Now works
- 	over IPv6
-
-	* kuser/klist.c: use correct symbols for address families
-
-	* lib/krb5/sock_principal.c: use new addr_families functions
-
-	* lib/krb5/send_to_kdc.c: use new addr_families functions
-
-	* lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
-
-	* lib/krb5/get_addrs.c: use new addr_families functions
-
-	* lib/krb5/changepw.c: use new addr_families functions.  Now works
- 	over IPv6
-
-	* lib/krb5/auth_context.c: use new addr_families functions
-
-	* lib/krb5/addr_families.c: new file
-
-	* acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6.  Updated
- 	uses.
-
-	* acinclude.m4: new macro `AC_KRB_IPV6'.  Use it.
-
-Sat Sep 13 23:04:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
- 	principals.
-
-Sat Sep 13 00:59:36 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0h
-	
-	* appl/telnet/telnet/commands.c: AF_INET6 support
-
-	* admin/misc.c: new file
-
-	* lib/krb5/context.c: new configuration variable `max_retries'
-
-	* lib/krb5/get_addrs.c: fixes and better #ifdef's
-
-	* lib/krb5/config_file.c: implement krb5_config_get_int
-
-	* lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
- 	AF_INET6 support
-
-	* kuser/klist.c: support for printing IPv6-addresses
-
-	* kdc/connect.c: support AF_INET6
-
-	* configure.in: test for gethostbyname2 and struct sockaddr_in6
-
-Thu Sep 11 07:25:28 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
- 	PA-DATA'
-
-Wed Sep 10 21:20:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Fixes for cross-realm, including (but not
- 	limited to):
-	  - allow client to be non-existant (should probably check for
-	    "local realm")
-	  - if server isn't found and it is a request for a krbtgt, try to
- 	    find a realm on the way to the requested realm
-	  - update the transited encoding iff 
-	    client-realm != server-realm != tgt-realm
-
-	* lib/krb5/get_cred.c: Several fixes for cross-realm.
-
-Tue Sep  9 15:59:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/string2key.c: Fix password handling.
-
-	* lib/krb5/encrypt.c: krb5_key_to_string
-
-Tue Sep  9 07:46:05 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c: rewrote.  Now should be able to handle
- 	aliases and IPv6 addresses
-
-	* kuser/klist.c: try printing IPv6 addresses
-
-	* kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
-
-	* configure.in: check for <netinet/in6_var.h>
-
-Mon Sep  8 02:57:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* doc: fixes
-
-	* admin/util.c (init_des_key): increase kvno
-	(set_password): return -1 if `des_read_pw_string' failed
-
-	* admin/mod.c (doit2): check the return value from `set_password'
-
-	* admin/ank.c (doit): don't add a new entry if `set_password'
- 	failed
-
-Mon Sep  8 02:20:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/verify_init.c: fix ap_req_nofail semantics
-
-	* lib/krb5/transited.c: something that might resemble
- 	domain-x500-compress
-
-Mon Sep  8 01:24:42 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (main): check number of arguments
-
-	* appl/popper/pop_init.c (pop_init): check number of arguments
-
-	* kpasswd/kpasswd.c (main): check number of arguments
-
-	* kdc/string2key.c (main): check number of arguments
-
-	* kuser/kdestroy.c (main): check number of arguments
-
-	* kuser/kinit.c (main): check number of arguments
-
-	* kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
- 	break out of select when a signal arrives
-
-	* kdc/main.c (main): use sigaction without SA_RESTART to break out
- 	of select when a signal arrives
-
-	* kdc/kstash.c: default to HDB_DB_DIR "/m-key"
-
-	* kdc/config.c (configure): add `--version'.  Check the number of
- 	arguments. Handle the case of there being no specification of port
- 	numbers.
-
-	* admin/util.c: seal and unseal key at appropriate places
-
-	* admin/kdb_edit.c (main): parse arguments, config file and read
- 	master key iff there's one.
-
-	* admin/extkeytab.c (ext_keytab): unseal key while extracting
-
-Sun Sep  7 20:41:01 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/roken.h: include <fcntl.h>
-
-	* kdc/kerberos5.c (set_salt_padata): new function
-
-	* appl/telnet/telnetd/telnetd.c: Rename some variables that
- 	conflict with cpp symbols on HP-UX 10.20
-
-	* change all calls of `gethostbyaddr' to cast argument 1 to `const
- 	char *'
-
-	* acconfig.h: only use SGTTY on nextstep
-
-Sun Sep  7 14:33:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Check invalid flag.
-
-Fri Sep  5 14:19:38 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
-
-	* lib/kafs: Move functions common to krb/krb5 modules to new file,
- 	and make things more modular.
-
-	* lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
- 	-> krb5_config_list
-
-Thu Sep  4 23:39:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fix loopback test.
-
-Thu Sep  4 04:45:49 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/roken.h: fallback definition of `O_ACCMODE'
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
- 	checking for a v4 reply
-
-Wed Sep  3 18:20:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
-
-	* lib/hdb/hdb.c: new {seal,unseal}_keys functions
-
-	* kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
-
-	* kdc/hprop.c: Don't use same master key as version 4.
-
-	* admin/util.c: Don't dump core if no `default' is found.
-
-Wed Sep  3 16:01:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/connect.c: Allow run time port specification.
-
-	* kdc/config.c: Add flags for http support, and port
- 	specifications.
-
-Tue Sep  2 02:00:03 1997  Assar Westerlund  <assar@sics.se>
-
-	* include/bits.c: Don't generate ifndef's in bits.h.  Instead, use
- 	them when building the program.  This makes it possible to include
- 	bits.h without having defined all HAVE_INT17_T symbols.
-	
-	* configure.in: test for sigaction
-
-	* doc: updated documentation.
-	
-Tue Sep  2 00:20:31 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0g
-
-Mon Sep  1 17:42:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/data.c: don't return ENOMEM if len == 0
-
-Sun Aug 31 17:15:49 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb/hdb.asn1: Include salt type in salt.
-
-	* kdc/hprop.h: Change port to 754.
-
-	* kdc/hpropd.c: Verify who tries to transmit a database.
-
-	* appl/popper: Use getarg and krb5_log.
-
-	* lib/krb5/get_port.c: Add context parameter. Now takes port in
- 	host byte order.
-
-Sat Aug 30 18:48:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: Add timeout to select, and log about expired tcp
- 	connections.
-
-	* kdc/config.c: Add `database' option.
-
-	* kdc/hpropd.c: Log about duplicate entries.
-
-	* lib/hdb/{db,ndbm}.c: Use common routines.
-
-	* lib/hdb/common.c: Implement more generic fetch/store/delete
- 	functions.
-
-	* lib/hdb/hdb.h: Add `replace' parameter to store.
-	
-	* kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
- 	entries.
-
-Fri Aug 29 03:13:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
-
-	* aux/make-proto.pl: fix __P for stone age mode
-
-Fri Aug 29 02:45:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/45/mk_req.c: implementation of krb_mk_req that uses 524
- 	protocol
-
-	* lib/krb5/init_creds_pw.c: make change_password and
- 	get_init_creds_common static
-
-	* lib/krb5/krb5.h: Merge stuff from removed headerfiles.
-
-	* lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
-
-	* lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
-
-Fri Aug 29 01:45:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/krb5.h: Remove all prototypes.
-
-	* lib/krb5/convert_creds.c: Use `struct credentials' instead of
- 	`CREDENTIALS'.
-
-Fri Aug 29 00:08:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
-	and units for bit strings.
-
-	* admin/util.c: flags2int, int2flags, and flag_units are now
- 	generated by asn1_compile
-
-	* lib/roken/parse_units.c: generalised `parse_units' and
- 	`unparse_units' and added new functions `parse_flags' and
- 	`unparse_flags' that use these
-
-	* lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
-
-	* admin/util.c: Use {un,}parse_flags for printing and parsing
- 	hdbflags.
-
-Thu Aug 28 03:26:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c: restructured
-
-	* lib/krb5/warn.c (_warnerr): leak less memory
-
-	* lib/hdb/hdb.c (hdb_free_entry): zero keys
-	(hdb_check_db_format): leak less memory
-
-	* lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
- 	NDBM__get, NDBM__put
-
-	* lib/hdb/db.c (DB_seq): check for valid hdb_entries
-
-Thu Aug 28 02:06:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
-
-Thu Aug 28 01:13:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.1, klist.1, kdestroy.1: new man pages
-
-	* kpasswd/kpasswd.1, kpasswdd.8: new man pages
-
-	* kdc/kstash.8, hprop.8, hpropd.8: new man pages
-
-	* admin/ktutil.8, admin/kdb_edit.8: new man pages
-
-	* admin/mod.c: new file
-
-	* admin/life.c: renamed gettime and puttime to getlife and putlife
-	and moved them to life.c
-
-	* admin/util.c: add print_flags, parse_flags, init_entry,
- 	set_created_by, set_modified_by, edit_entry, set_password.  Use
- 	them.
-
-	* admin/get.c: use print_flags
-
-	* admin: removed unused stuff.  use krb5_{warn,err}*
-
-	* admin/ank.c: re-organized and abstracted.
-
-	* admin/gettime.c: removed
-
-Thu Aug 28 00:37:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
-
-	* lib/roken/base64.c: Add base64 functions.
-
-	* kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
-
-Wed Aug 27 00:29:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* include/Makefile.am: Don't make links to built files.
-
-	* admin/kdb_edit.c: Add command to set the database path.
-
-	* lib/hdb: Include version number in database.
-
-Tue Aug 26 20:14:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/ktutil: Merged v4 srvtab conversion.
-
-Mon Aug 25 23:02:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/roken.h: add F_OK
-
-	* lib/gssapi/acquire_creds.c: fix typo
-
-	* configure.in: call AC_TYPE_MODE_T
-
-	* acinclude.m4: Add AC_TYPE_MODE_T
-
-Sun Aug 24 16:46:53 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0f
-
-Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/popper/pop_pass.c: log poppers
-
-	* kdc/kaserver.c: some more checks
-
-	* kpasswd/kpasswd.c: removed `-p'
-
-	* kuser/kinit.c: removed `-p'
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
- 	KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
- 	krb-error text
-
-	* lib/gssapi/import_name.c (input_name): more names types.
-
-	* admin/load.c (parse_keys): handle the case of an empty salt
-
-	* kdc/kaserver.c: fix up memory deallocation
-
-	* kdc/kaserver.c: quick hack at talking kaserver protocol
-
-	* kdc/kerberos4.c: Make `db-fetch4' global
-
-	* configure.in: add --enable-kaserver
-
-	* kdc/rx.h, kdc/kerberos4.h: new header files
-
-	* lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
-
-Sun Aug 24 03:52:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
- 	type conflicts.
-
-	* lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
-
-	* lib/des/{md4,md5,sha}.c: Now works on Crays.
-
-Sat Aug 23 18:15:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* appl/afsutil/afslog.c: If no cells or files specified, get
- 	tokens for all local cells. Better test for files.
-
-Thu Aug 21 23:33:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/v1.c: new file with v1 compatibility functions.
-
-Thu Aug 21 20:36:13 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
-
-	* kdc/kerberos4.c: Check database when converting v4 principals.
-
-	* kdc/kerberos5.c: Include kvno in Ticket.
-
-	* lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
-
-	* kuser/klist.c: Print version number of ticket, include more
- 	flags.
-
-Wed Aug 20 21:26:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
- 	expiration.
-
-Wed Aug 20 17:40:31 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
- 	there's an error.
-
-	* lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
- 	documentation and process KRB-ERROR's
-
-Tue Aug 19 20:41:30 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
-
-Mon Aug 18 05:15:09 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/accept_sec_context.c: Added
- 	`gsskrb5_register_acceptor_identity'
-
-Sun Aug 17 01:40:20 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
- 	always pass server == NULL to krb5_rd_req.
-
-	* lib/gssapi: new files: canonicalize_name.c export_name.c
- 	context_time.c compare_name.c release_cred.c acquire_cred.c
- 	inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
-
-	* lib/krb5/config_file.c: Add netinfo support from Luke Howard
- 	<lukeh@xedoc.com.au>
-
-	* lib/editline/sysunix.c: sgtty-support from Luke Howard
- 	<lukeh@xedoc.com.au>
-
-	* lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
- 	Howard <lukeh@xedoc.com.au>
-
-Sat Aug 16 00:44:47 1997  Assar Westerlund  <assar@koi.pdc.kth.se>
-
-	* Release 0.0e
-
-Sat Aug 16 00:23:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* appl/afsutil/afslog.c: Use new libkafs.
-
-	* lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
-
-	* lib/krb5/warn.c: Fix format string for *x type.
-
-Fri Aug 15 22:15:01 1997  Assar Westerlund  <assar@sics.se>
-
-	* admin/get.c (get_entry): print more information about the entry
-
-	* lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
-
-	* lib/krb5/config_file.c: new functions `krb5_config_get_time' and
- 	`krb5_config_vget_time'.  Use them.
-
-Fri Aug 15 00:09:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/ktutil.c: Keytab manipulation program.
-
-	* lib/krb5/keytab.c: Return sane values from resolve and
- 	start_seq_get.
-
-	* kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
-
-	* lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
- 	krb524_convert_creds_kdc.
-
-	* lib/krb5/convert_creds.c: Implementation of
- 	krb524_convert_creds_kdc.
-
-	* lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
-
-	* kdc/524.c: A somewhat working 524-protocol module.
-
-	* kdc/kerberos4.c: Add version 4 ticket encoding and encryption
- 	functions.
-
-	* lib/krb5/context.c: Fix kdc_timeout.
-
-	* lib/hdb/{ndbm,db}.c: Free name in close.
-
-	* kdc/kerberos5.c (tgs_check_autenticator): Return error code
-
-Thu Aug 14 21:29:03 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
-
-	* lib/krb5/store_emem.c: Fix reallocation bug.
-
-Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
- 	`krb5_sock_to_principal'.  Send server parameter to
- 	krb5_rd_req/krb5_recvauth.  Set addresses in auth_context.
-
-	* lib/krb5/recvauth.c: Set addresses in auth_context if there
- 	aren't any
-
-	* lib/krb5/auth_context.c: New function
- 	`krb5_auth_con_setaddrs_from_fd'
-
-	* lib/krb5/sock_principal.c: new function
-	`krb5_sock_to_principal'
-	
-	* lib/krb5/time.c: new file with `krb5_timeofday' and
- 	`krb5_us_timeofday'.  Use these functions.
-
-	* kuser/klist.c: print KDC offset iff verbose
-
-	* lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
- 	[libdefaults]kdc_timesync is set.
-	
-	* lib/krb5/fcache.c: Implement version 4 of the ccache format.
-
-Mon Aug 11 05:34:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
-
-	* lib/krb5/principal.c (krb5_unparse_name): allocate memory
- 	properly
-
-	* kpasswd/kpasswd.c: Use `krb5_change_password'
-
-	* lib/krb5/init_creds_pw.c (init_cred): set realm of server
- 	correctly.
-
-	* lib/krb5/init_creds_pw.c: support changing of password when it
- 	has expired
-
-	* lib/krb5/changepw.c: new file
-
-	* kuser/klist.c: use getarg
-
-	* admin/init.c (init): add `kadmin/changepw'
-
-Mon Aug 11 04:30:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
-
-Mon Aug 11 00:03:24 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c: implement support for #-comments
-
-Sat Aug  9 02:21:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/hprop*.c: Add database propagation programs.
-
-	* kdc/connect.c: Max request size.
-
-Sat Aug  9 00:47:28 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/otp: resurrected from krb4
-
-	* appl/push: new program for fetching mail with POP.
-
-	* appl/popper/popper.h: new include files.  new fields in `POP'
-
-	* appl/popper/pop_pass.c: Implement both v4 and v5.
-
-	* appl/popper/pop_init.c: Implement both v4 and v5.
-
-	* appl/popper/pop_debug.c: use getarg.  Talk both v4 and v5
-
-	* appl/popper: Popper from krb4.
-
-	* configure.in: check for inline and <netinet/tcp.h> generate
- 	files in appl/popper, appl/push, and lib/otp
-
-Fri Aug  8 05:51:02 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c: clean-up and try to free memory even when
- 	there're errors
-
-	* lib/krb5/get_cred.c: adapt to new `extract_ticket'
-
-	* lib/krb5/get_in_tkt.c: reorganize.  check everything and try to
- 	return memory even if there are errors.
-
-	* kuser/kverify.c: new file
-
-	* lib/krb5/free_host_realm.c: new file
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): implement
- 	different nametypes.  Also free memory.
-
-	* lib/krb5/verify_init.c: more functionality
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
-
-	* lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
- 	principals in creds.  Should also compare them with that received
- 	from the KDC
-
-	* lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
- 	krb5_ccache
-	(krb5_cc_destroy): call krb5_cc_close
-	(krb5_cc_retrieve_cred): delete the unused creds
-
-Fri Aug  8 02:30:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/log.c: Allow better control of destinations of logging
- 	(like passing explicit destinations, and log-functions).
-
-Fri Aug  8 01:20:39 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_default_principal.c: new file
-
-	* kpasswd/kpasswdd.c: use krb5_log*
-
-Fri Aug  8 00:37:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
-
-Fri Aug  8 00:37:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
-  	Print password expire information.
-
-	* kdc/config.c: new variable `kdc_warn_pwexpire'
-
-	* kpasswd/kpasswd.c: converted to getarg and get_init_creds
-
-Thu Aug  7 22:17:09 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mcache.c: new file
-
-	* admin/gettime.c: new function puttime.  Use it.
-
-	* lib/krb5/keyblock.c: Added krb5_free_keyblock and
- 	krb5_copy_keyblock
-
-	* lib/krb5/init_creds_pw.c: more functionality
-
-	* lib/krb5/creds.c: Added krb5_free_creds_contents and
- 	krb5_copy_creds.  Changed callers.
-
-	* lib/krb5/config_file.c: new functions krb5_config_get and
- 	krb5_config_vget
-
-	* lib/krb5/cache.c: cleanup added mcache
-	
-	* kdc/kerberos5.c: include last-req's of type 6 and 7, if
- 	applicable
-
-Wed Aug  6 20:38:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
-
-Tue Aug  5 22:53:54 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
-	prompter_posix.c: the beginning of an implementation of the cygnus
-	initial-ticket API.
-
-	* lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
- 	almost krb5_get_in_tkt but doesn't write the creds to the ccache.
-  	Small fixes in krb5_get_in_tkt
-
-	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
- 	loopback.
-
-Mon Aug  4 20:20:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc: Make context global.
-
-Fri Aug  1 17:23:56 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0d
-
-	* lib/roken/flock.c: new file
-
-	* kuser/kinit.c: check for and print expiry information in the
- 	`kdc_rep'
-
-	* lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
-
-	* kdc/kerberos5.c: Check the valid times on client and server.
-  	Check the password expiration.
-	Check the require_preauth flag.
-  	Send an lr_type == 6 with pw_end.
-	Set key.expiration to min(valid_end, pw_end)
-	
-	* lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
-
-	* admin/util.c, admin/load.c: handle the new flags.
-
-Fri Aug  1 16:56:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb: Add some simple locking.
-
-Sun Jul 27 04:44:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/log.c: Add some general logging functions.
-
-	* kdc/kerberos4.c: Add version 4 protocol handler. The requrement
- 	for this to work is that all involved principals has a des key in
- 	the database, and that the client has a version 4 (un-)salted
- 	key. Furthermore krb5_425_conv_principal has to do it's job, as
- 	present it's not very clever.
-
-	* lib/krb5/principal.c: Quick patch to make 425_conv work
- 	somewhat.
-
-	* lib/hdb/hdb.c: Add keytype->key and next key functions.
-
-Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): don't free
- 	`cksum'.  It's allocated and freed by the caller
-
-	* lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
-
-	* kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
- 	`client' to return as part of the KRB-ERROR
-
-Thu Jul 24 08:13:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c: Unseal keys from database before use.
-
-	* kdc/misc.c: New functions set_master_key, unseal_key and
- 	free_key.
-
-	* lib/roken/getarg.c: Handle `-f arg' correctly.
-
-Thu Jul 24 01:54:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: implement `-l' aka `--lifetime'
-
-	* lib/roken/parse_units.c, parse_time.c: new files
-
-	* admin/gettime.c (gettime): use `parse_time'
-
-	* kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
- 	KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
-
-	* kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
- 	addresses in auth_context bind one socket per interface.
-	
-	* kpasswd/kpasswd.c: use sequence numbers
-
-	* lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
- 	the timestamps
-
-	* lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
- 	from auth_context
-
-	* lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
- 	from auth_context
-
-	* lib/krb5/mk_error.c (krb5_mk_error): return an error number and
- 	not a comerr'd number.
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
- 	number in KRB-ERROR correctly.
-
-	* lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
- 	number in KRB-ERROR correctly.
-
-	* lib/asn1/k5.asn1: Add `METHOD-DATA'
-
-	* removed some memory leaks.
-
-Wed Jul 23 07:53:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.0c
-
-	* lib/krb5/rd_cred.c, get_for_creds.c: new files
-
-	* lib/krb5/get_host_realm.c: try default realm as last chance
-
-	* kpasswd/kpasswdd.c: updated to hdb changes
-
-	* appl/telnet/libtelnet/kerberos5.c: Implement forwarding
-
-	* appl/telnet/libtelnet: removed totally unused files
-
-	* admin/ank.c: fix prompts and generation of random keys
-
-Wed Jul 23 04:02:32 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* admin/dump.c: Include salt in dump.
-
-	* admin: Mostly updated for new db-format.
-
-	* kdc/kerberos5.c: Update to use new db format. Better checking of
- 	flags and such. More logging.
-
-	* lib/hdb/hdb.c: Use generated encode and decode functions.
-
-	* lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
-
-	* lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
- 	in the reply.
-
-Sun Jul 20 16:22:30 1997  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: break if des_read_pw_string() != 0
-
-	* kpasswd/kpasswdd.c: send a reply
-
-	* kpasswd/kpasswd.c: restructured code.  better report on
- 	krb-error break if des_read_pw_string() != 0
-
-	* kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
- 	starttime and renew_till
-
-	* appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
- 	keyblock to krb5_verify_chekcsum
-
-Sun Jul 20 06:35:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Release 0.0b
-
-	* kpasswd/kpasswd.c: Avoid using non-standard struct names.
-
-Sat Jul 19 19:26:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c (krb5_kt_get_entry): check return from
- 	`krb5_kt_start_seq_get'.  From <map@stacken.kth.se>
-
-Sat Jul 19 04:07:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/asn1/k5.asn1: Update with more pa-data types from
- 	draft-ietf-cat-kerberos-revisions-00.txt
-
-	* admin/load.c: Update to match current db-format.
-
-	* kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
- 	up. Send back an empty pa-data if the client has the v4 flag set.
-
-	* lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
- 	pa-data. DTRT if there is any pa-data in the reply.
-
-	* lib/krb5/str2key.c: XOR with some sane value.
-
-	* lib/hdb/hdb.h: Add `version 4 salted key' flag.
-
-	* kuser/kinit.c: Ask for password before calling get_in_tkt. This
- 	makes it possible to call key_proc more than once.
-
-	* kdc/string2key.c: Add flags to output version 5 (DES only),
- 	version 4, and AFS string-to-key of a password.
-
-	* lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
- 	ENOMEM).
-
-Fri Jul 18 02:54:58 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
- 	name2name thing
-
-	* kdc/misc.c: check result of hdb_open
-
-	* admin/kdb_edit: updated to new sl
-
-	* lib/sl: sl_func now returns an int. != 0 means to exit.
-
-	* kpasswd/kpasswdd: A crude (but somewhat working) implementation
- 	of `draft-ietf-cat-kerb-chg-password-00.txt'
-
-Fri Jul 18 00:55:39 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kuser/krenew.c: Crude ticket renewing program.
-
-	* kdc/kerberos5.c: Rewritten flags parsing, it now might work to
- 	get forwarded and renewed tickets.
-
-	* kuser/kinit.c: Add `-r' flag.
-
-	* lib/krb5/get_cred.c: Move most of contents of get_creds to new
- 	function get_kdc_cred, that always contacts the kdc and doesn't
- 	save in the cache. This is a hack.
-
-	* lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
- 	(a bit kludgy).
-
-	* lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
-
-	* lib/krb5/send_to_kdc.c: Get timeout from context.
-
-	* lib/krb5/context.c: Add kdc_timeout to context struct.
-
-Thu Jul 17 20:35:45 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kuser/klist.c: Print start time of ticket if available.
-
-	* lib/krb5/get_host_realm.c: Return error if no realm was found.
-
-Thu Jul 17 20:28:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd: non-working kpasswd added
-
-Thu Jul 17 00:21:22 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* Release 0.0a
-
-	* kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
-
-Wed Jul 16 03:37:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
- 	subkey.
-
-	* lib/krb5/principal.c (krb5_free_principal): Check for NULL.
-
-	* lib/krb5/send_to_kdc.c: Check for NULL return from
- 	gethostbyname.
-
-	* lib/krb5/set_default_realm.c: Try to get realm of local host if
- 	no default realm is available.
-
-	* Remove non ASN.1 principal code.
-
-Wed Jul 16 03:17:30 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
- 	error handing. Do some logging.
-
-	* kdc/log.c: Some simple logging facilities.
-
-	* kdc/misc.c (db_fetch): Take a krb5_principal.
-
-	* kdc/connect.c: Pass address of request to as_rep and
- 	tgs_rep. Send KRB-ERROR.
-
-	* lib/krb5/mk_error.c: Add more fields.
-
-	* lib/krb5/get_cred.c: Print normal error code if no e_text is
- 	available.
-
-Wed Jul 16 03:07:50 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
- 	Change encryption type of pa_enc_timestamp to DES-CBC-MD5
-
-	* lib/krb5/context.c: recognize all encryption types actually
- 	implemented
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): Change default
- 	encryption type to `DES_CBC_MD5'
-
-	*  lib/krb5/read_message.c, write_message.c: new files
-
-Tue Jul 15 17:14:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
-
-	* lib/error/compile_et.awk: generate a prototype for the
- 	`destroy_foo_error_table' function.
-
-Mon Jul 14 12:24:40 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
- 	with `kerberos.REALM'
-
-	* kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
- 	`max_skew'
-
-	* lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
- 	subkey
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): always
- 	generate a subkey.
-
-	* lib/krb5/address.c: implement `krb5_address_order'
-
-	* lib/gssapi/import_name.c: Implement `gss_import_name'
-
-	* lib/gssapi/external.c: Use new OID
-
-	* lib/gssapi/encapsulate.c: New functions
- 	`gssapi_krb5_encap_length' and `gssapi_krb5_make_header'.  Changed
-	callers.
-
-	* lib/gssapi/decapsulate.c: New function
- 	`gssaspi_krb5_verify_header'.  Changed callers.
-
-	* lib/asn1/gen*.c: Give tags to generated structs.
-	Use `err' and `asprintf'
-
-	* appl/test/gss_common.c: new file
-
-	* appl/test/gssapi_server.c: removed all krb5 calls
-
-	* appl/telnet/libtelnet/kerberos5.c: Add support for genering and
- 	verifying checksums.  Also start using session subkeys.
-
-Mon Jul 14 12:08:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
-
-Sun Jul 13 03:07:44 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
-
-	* lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
- 	`DES_encrypt_key_ivec'
-
-	* lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
-
-	* kdc/kerberos5.c (tgs_rep): support keyed checksums
-
-	* lib/krb5/creds.c: new file
-
-	* lib/krb5/get_in_tkt.c: better freeing
-
-	* lib/krb5/context.c (krb5_free_context): more freeing
-
-	* lib/krb5/config_file.c: New function `krb5_config_file_free'
-
-	* lib/error/compile_et.awk: Generate a `destroy_' function.
-
-	* kuser/kinit.c, klist.c: Don't leak memory.
-
-Sun Jul 13 02:46:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kdc/connect.c: Check filedescriptor in select.
-
-	* kdc/kerberos5.c: Remove most of the most common memory leaks.
-
-	* lib/krb5/rd_req.c: Free allocated data.
-
-	* lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
- 	fields.
-
-Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet: Conditionalize the krb4-support.
-
-	* configure.in: Test for krb4
-
-Sat Jul 12 17:14:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c: check if the pre-auth was decrypted properly.
-  	set the `pre_authent' flag
-
-	* lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
-
-	* lib/krb5/encrypt.c: Made `generate_random_block' global.
-
-	* appl/test: Added gssapi_client and gssapi_server.
-
-	* lib/krb5/data.c: Add `krb5_data_zero'
-
-	* appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
-
-	* appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
-
-Sat Jul 12 16:45:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
- 	returns zero length from SIOCGIFCONF.
-
-Sat Jul 12 16:38:34 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/test: new programs
-	
-	* lib/krb5/rd_req.c: add address compare
-
-	* lib/krb5/mk_req_ext.c: allow no checksum
-
-	* lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
-
-	* lib/krb5/address.c: fix `krb5_address_compare'
-
-Sat Jul 12 15:03:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: Fix ip4 address extraction.
-
-	* kuser/klist.c: Add verbose flag, and split main into smaller
- 	pieces.
-
-	* lib/krb5/fcache.c: Save ticket flags.
-
-	* lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
- 	flags.
-
-	* lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
-
-Sat Jul 12 13:12:48 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: Call `AC_KRB_PROG_LN_S'
-
-	* acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
-
-Sat Jul 12 00:57:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
- 	pass options.
-
-Fri Jul 11 15:04:22 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet: telnet & telnetd seems to be working.
-	
-	* lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
- 	krb5_config_vget_next
-
-	* appl/telnet/libtelnet/kerberos5.c: update to current API
-
-Thu Jul 10 14:54:39 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
- 	`krb5_kuserok'
-
-	* appl/telnet: Added.
-
-Thu Jul 10 05:09:25 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/error/compile_et.awk: Remove usage of sub, gsub, and
- 	functions for compatibility with awk.
-
-	* include/bits.c: Must use signed char.
-
-	* lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
- 	here.
-
-	* lib/error/error.c: Replace krb5_get_err_text with new function
- 	com_right.
-
-	* lib/error/compile_et.awk: Avoid using static variables.
-
-	* lib/error/error.c: Don't use krb5_locl.h
-
-	* lib/error/error.h: Move definitions of error_table and
- 	error_list from krb5.h.
-
-	* lib/error: Moved from lib/krb5.
-
-Wed Jul  9 07:42:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
-
-Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
-	according to pseudocode from 1510
-
-Wed Jul  9 06:06:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/hdb/hdb.c: Add hdb_etype2key.
-
-	* kdc/kerberos5.c: Check authenticator. Use more general etype
- 	functions.
-	
-Wed Jul  9 03:51:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
- 	draft-ietf-cat-kerberos-r-00.txt
-
-	* lib/krb5/principal.c (krb5_parse_name): default to local realm
- 	if none given
-	
-	* kuser/kinit.c: New option `-p' and prompt
-
-Wed Jul  9 02:30:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/keyblock.c: Keyblock generation functions.
-
-	* lib/krb5/encrypt.c: Use functions from checksum.c.
-
-	* lib/krb5/checksum.c: Move checksum functions here. Add
- 	krb5_cksumsize function.
-
-Wed Jul  9 01:15:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c: implemented
-
-	* lib/krb5/config_file.c: Redid part.  New functions:
- 	krb5_config_v?get_next
-
-	* kuser/kdestroy.c: new program
-
-	* kuser/kinit.c: new flag `-f'
-
-	* lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
-
-	* acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
-
-	* lib/krb5/krb5.h: krb5_addresses == HostAddresses.  Changed all
- 	users.
-
-	* lib/krb5/get_addrs.c: figure out all local addresses, possibly
- 	even IPv6!
-
-	* lib/krb5/checksum.c: table-driven checksum
-
-Mon Jul  7 21:13:28 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
- 	krb5_encrypt.
-
-Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/roken/vsyslog.c: new file
-
-	* lib/krb5/encrypt.c: add des-cbc-md4.
-	adjust krb5_encrypt and krb5_decrypt to reality
-
-Mon Jul  7 02:46:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/encrypt.c: Implement as a vector of function pointers.
-
-	* lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
- 	des-cbc-md5 in separate functions.
-
-	* lib/krb5/krb5.h: Add more checksum and encryption types.
-
-	* lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
-
-Sun Jul  6 23:02:59 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
-
-	* lib/krb5/config_file.[ch]: new c-based configuration reading
- 	stuff
-
-Wed Jul  2 23:12:56 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: Set WFLAGS if using gcc
-
-Wed Jul  2 17:47:03 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/der_put.c (der_put_int): Return size correctly.
-
-	* admin/ank.c: Be compatible with the asn1 principal format.
-
-Wed Jul  1 23:52:20 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1: Now all decode_* and encode_* functions now take a
- 	final size_t* argument, that they return the size in. Return
- 	values are zero for success, and anything else (such as some
- 	ASN1_* constant) for error.
-
-Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
- 	O_WRONLY | O_APPEND
-
-	* lib/krb5/get_cred.c: removed stale prototype for
- 	`extract_ticket' and corrected call.
-
-	* lib/asn1/gen_length.c (length_type): Make the length functions
- 	for SequenceOf non-destructive
-
-	* admin/ank.c (doit): Fix reading of `y/n'.
-
-Mon Jun 16 05:41:43 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
-
-	* lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
-
-	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
- 	KRB5_AUTH_CONTEXT_DO_SEQUENCE.  Verify 8003 checksum.
-
-	* lib/gssapi/8003.c: New file.
-
-	* lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
- 	Authenticator.
-
-	* lib/krb5/auth_context.c: New functions
- 	`krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
-
-Tue Jun 10 00:35:54 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5: Preapre for use of some asn1-types.
-
-	* lib/asn1/*.c (copy_*): Constness.
-
-	* lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
- 	octet_string.
-
-	* lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
- 	general_string
-
-	* lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
- 	have anything to do with asn1_compile.
-
-	* lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
-
-Sun Jun  8 03:51:55 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c: Fix PA-ENC-TS-ENC
-
- 	* kdc/connect.c(process_request): Set `new'
-	
-	* lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
-
-	* lib: Added editline,sl,roken.
-
-Mon Jun  2 00:37:48 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/fcache.c: Move file cache from cache.c.
-
-	* lib/krb5/cache.c: Allow more than one cache type.
-
-Sun Jun  1 23:45:33 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* admin/extkeytab.c: Merged with kdb_edit.
-
-Sun Jun  1 23:23:08 1997  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kdc.c: more support for ENC-TS-ENC
-
-	* lib/krb5/get_in_tkt.c: redone to enable pre-authentication
-
-Sun Jun  1 22:45:11 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/hdb/db.c: Merge fetch and store.
-
-	* admin: Merge to one program.
-
-	* lib/krb5/str2key.c: Fill in keytype and length.
-
-Sun Jun  1 16:31:23 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
- 	lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
- 	KRB5_AUTH_CONTEXT_DO_SEQUENCE
-
-	* lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
- 	KRB_ERROR.  Some support for PA_ENC_TS_ENC.
-
-	* lib/krb5/auth_context.c: implemented seq_number functions
-
-	* lib/krb5/generate_subkey.c, generate_seq_number.c: new files
-
-	* lib/gssapi/gssapi.h: avoid including <krb5.h>
-
-	* lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
- 	happy
-
-	* kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
-
-	* configure.in: adapted to automake 1.1p
-
-Mon May 26 22:26:21 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/principal.c: Add contexts to many functions.
-
-Thu May 15 20:25:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/verify_user.c: First stab at a verify user.
-
-	* lib/auth/sia/sia5.c: SIA module for Kerberos 5.
-
-Mon Apr 14 00:09:03 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
-	able to (mostly) run gss-client and gss-server.
-	
-	* lib/krb5/keytab.c: implemented krb5_kt_add_entry,
- 	krb5_kt_store_principal, krb5_kt_store_keyblock
-
-	* lib/des/md5.[ch], sha.[ch]: new files
-
-	* lib/asn1/der_get.c (generalizedtime2time): use `timegm'
-
-	* lib/asn1/timegm.c: new file
-
-	* admin/extkeytab.c: new program
-
-	* admin/admin_locl.h: new file
-
-	* admin/Makefile.am: Added extkeytab
-
-	* configure.in: moved config to include
-	removed timezone garbage
-	added lib/gssapi and admin
-
-	* Makefile.am: Added admin
-
-Mon Mar 17 11:34:05 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kdc.c: Use new copying functions, and free some data.
-
-	* lib/asn1/Makefile.am: Try to not always rebuild generated files.
-
-	* lib/asn1/der_put.c: Add fix_dce().
-
-	* lib/asn1/der_{get,length,put}.c: Fix include files.
-
-	* lib/asn1/der_free.c: Remove unused functions.
-	
-	* lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
- 	gen_length, and gen_copy.
-
-Sun Mar 16 18:13:52 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sendauth.c: implemented functionality
-
-	* lib/krb5/rd_rep.c: Use `krb5_decrypt'
-
-	* lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
- 	NULL
-
-	* lib/krb5/principal.c (krb5_free_principal): added `context'
- 	argument.  Changed all callers.
-	
-	(krb5_sname_to_principal): new function
-
-	* lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
- 	argument.  Changed all callers
-
-	* lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
-
-	* lib/asn1/gen.c: Fix encoding and decoding of BitStrings
-
-Fri Mar 14 11:29:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: look for *dbm?
-
-	* lib/asn1/gen.c: Fix filename in generated files. Check fopens.
-  	Put trailing newline in asn1_files.
-
-Fri Mar 14 05:06:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/get_in_tkt.c: Fix some memory leaks.
-
-	* lib/krb5/krbhst.c: Properly free hostlist.
-
-	* lib/krb5/decrypt.c: CRCs are 32 bits.
-
-Fri Mar 14 04:39:15 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/gen.c: Generate one file for each type.
-
-Fri Mar 14 04:13:47 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen.c: Generate `length_FOO' functions
-
-	* lib/asn1/der_length.c: new file
-
-	* kuser/klist.c: renamed stime -> printable_time to avoid conflict
- 	on HP/UX
-
-Fri Mar 14 03:37:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
- 	datums. Don't add .db to filename.
-
-Fri Mar 14 02:49:51 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/dump.c: Database dump program.
-
-	* kdc/ank.c: Trivial database editing program.
-
-	* kdc/{kdc.c, load.c}: Use libhdb.
-
-	* lib/hdb: New database routine library.
-
-	* lib/krb5/error/Makefile.am: Add hdb_err.
-
-Wed Mar 12 17:41:14 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
-
-	* lib/asn1/gen.c: Generate free functions.
-
-	* Some specific free functions.
-
-Wed Mar 12 12:30:13 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_mk_req_ext.c: new file
-
-	* lib/asn1/gen.c: optimize the case with a simple type
-
-	* lib/krb5/get_cred.c (krb5_get_credentials): Use
- 	`mk_req_extended' and remove old code.
-
-	* lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
- 	EncASRepPart, then with an EncTGSRepPart.
-
-Wed Mar 12 08:26:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/store_emem.c: New resizable memory storage.
-
-	* lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
-
-	* lib/krb5/krb5.h: Add free entry to krb5_storage.
-
-	* lib/krb5/decrypt.c: Make keyblock const.
-
-Tue Mar 11 20:22:17 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
-
-	* lib/krb5/rd_req.c: Return whole asn.1 ticket in
- 	krb5_ticket->tkt.
-
-	* lib/krb5/get_in_tkt.c: TGS -> AS
-
-	* kuser/kfoo.c: Print error string rather than number.
-
-	* kdc/kdc.c: Some kind of non-working TGS support.
-
-Mon Mar 10 01:43:22 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen.c: reduced generated code by 1/5
-
- 	* lib/asn1/der_put.c: (der_put_length_and_tag): new function
-
-	* lib/asn1/der_get.c (der_match_tag_and_length): new function
-
-	* lib/asn1/der.h: added prototypes
-
-Mon Mar 10 01:15:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
- 	krb5_rd_req_with_keyblock.
-
-	* lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
- 	takes a precomputed keyblock.
-
-	* lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
-
-	* lib/krb5/mk_req.c: Calculate checksum of in_data.
-
-Sun Mar  9 21:17:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/error/compile_et.awk: Add a declaration of struct
- 	error_list, and multiple inclusion block to header files.
-
-Sun Mar  9 21:01:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c: do some checks on times
-
-	* lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
-	address.c}: new files
-
-	* lib/krb5/auth_context.c: more code
-
-	* configure.in: try to figure out timezone
-
-Sat Mar  8 11:41:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/error/error.c: Try strerror if error code wasn't found.
-
-	* lib/krb5/get_in_tkt.c: Remove realm parameter from
- 	krb5_get_salt.
-
-	* lib/krb5/context.c: Initialize error table.
-
-	* kdc: The beginnings of a kdc.
-
-Sat Mar  8 08:16:28 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c: new file
-
-	* lib/krb5/checksum.c (krb5_verify_checksum): New function
-
-	* lib/krb5/get_cred.c: use krb5_create_checksum
-
-	* lib/krb5/checksum.c: new file
-
-	* lib/krb5/store.c: no more arithmetic with void*
-
-	* lib/krb5/cache.c: now seems to work again
-
-Sat Mar  8 06:58:09 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
-
-	* lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
-
-	* lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
-	
-	* lib/krb5/{cache,keytab}.c: Use new storage functions.
-
-	* lib/krb5/krb5.h: Protypes for new storage functions.
-
-	* lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
- 	data to more than file descriptors.
-
-Sat Mar  8 01:01:17 1997  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/encrypt.c: New file.
-
-	* lib/krb5/Makefile.am: More -I
-
-	* configure.in: Test for big endian, random, rand, setitimer
-
-	* lib/asn1/gen.c: perhaps even decodes bitstrings
-
-Thu Mar  6 19:05:29 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/config_file.y: Better return values on error.
-
-Sat Feb  8 15:59:56 1997  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/asn1/parse.y: ifdef HAVE_STRDUP
-
-	* lib/asn1/lex.l: ifdef strdup
-	brange-dead version of list of special characters to make stupid
- 	lex accept it.
-
-	* lib/asn1/gen.c: A DER integer should really be a `unsigned'
-
-	* lib/asn1/der_put.c: A DER integer should really be a `unsigned'
-
-	* lib/asn1/der_get.c: A DER integer should really be a `unsigned'
-
-	* lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
- 	needed.
-
-	* lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
- 	lib/krb/store.h: new files.
-
-	* lib/krb5/keytab.c: now even with some functionality.
-
-	* lib/asn1/gen.c: changed paramater from void * to Foo *
-
-	* lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
- 	string.
-
-Sun Jan 19 06:17:39 1997  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
- 	cc before getting new ones.
-
-	* lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
-
-	* lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
- 	CRC should be stored LSW first. (?)
-
-	* lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
- 	`krb5_free_keyblock'
-
-	* lib/**/Makefile.am: Rename foo libfoo.a
-
-	* include/Makefile.in: Use test instead of [
-	-e does not work with /bin/sh on psoriasis
-
-	* configure.in: Search for awk
-	create lib/krb/error/compile_et
-	
-Tue Jan 14 03:46:26 1997  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
-
-Wed Dec 18 00:53:55 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kuser/kinit.c: Guess principal.
-
-	* lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
- 	warnings.
-
-	* lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
-
-	* lib/krb5/mk_req.c: Get client from cache.
-
-	* lib/krb5/cache.c: Add better error checking some useful return
- 	values.
-
-	* lib/krb5/krb5.h: Fix krb5_auth_context.
-
-	* lib/asn1/der.h: Make krb5_data compatible with krb5.h
-
-Tue Dec 17 01:32:36 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/error: Add primitive error library.
-
-Mon Dec 16 16:30:20 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lib/krb5/cache.c: Get correct address type from cache.
-
-	* lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
-
diff --git a/crypto/heimdal/ChangeLog.1999 b/crypto/heimdal/ChangeLog.1999
deleted file mode 100644
index e022b9682465..000000000000
--- a/crypto/heimdal/ChangeLog.1999
+++ /dev/null
@@ -1,2194 +0,0 @@
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (krb4): use `-ldes' in tests
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/print.c (event2string): handle events without principal.
-  	From Luke Howard <lukeh@PADL.COM>
-
-1999-12-25  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2j
-
-Tue Dec 21 18:03:17 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
- 	related systems
-
-	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
- 	related systems
-
-	* include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
- 	related systems
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2i
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
-
-	* lib/krb5/send_to_kdc.c (send_via_proxy): free data
-	* lib/krb5/send_to_kdc.c (send_via_proxy): new function use
-	getaddrinfo instead of gethostbyname{,2}
-	* lib/krb5/get_for_creds.c: use getaddrinfo instead of
-	getnodebyname{,2}
-
-1999-12-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2h
-
-1999-12-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2g
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 6:2:1
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): handle
-	ai_canonname not being set
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
-	ai_canonname not being set
-
-	* appl/test/uu_server.c: print messages to stderr
-	* appl/test/tcp_server.c: print messages to stderr
-	* appl/test/nt_gss_server.c: print messages to stderr
-	* appl/test/gssapi_server.c: print messages to stderr
-
-	* appl/test/tcp_client.c (proto): remove shadowing `context'
-	* appl/test/common.c (client_doit): add forgotten ntohs
-
-1999-12-13  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (VERISON): bump to 0.2g-pre
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
- 	robust and handle extra dot at the beginning of default_domain
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2f
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 6:1:1
-	
-	* lib/krb5/changepw.c (get_kdc_address): use
- 	`krb5_get_krb_changepw_hst'
-
-	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
-
-	* lib/krb5/get_host_realm.c: add support for _kerberos.domain
- 	(according to draft-ietf-cat-krb-dns-locate-01.txt)
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2e
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/changepw.c (krb5_change_password): use the correct
- 	address
-
-	* lib/krb5/Makefile.am: bump version to 6:0:1
-
-	* lib/asn1/Makefile.am: bump version to 1:4:0
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: move AC_KRB_IPv6 to make sure it's performed
- 	before AC_BROKEN
-	(el_init): use new feature of AC_FIND_FUNC_NO_LIBS
-
-	* appl/test/uu_client.c: use client_doit
-	* appl/test/test_locl.h (client_doit): add prototype
-	* appl/test/tcp_client.c: use client_doit
-	* appl/test/nt_gss_client.c: use client_doit
-	* appl/test/gssapi_client.c: use client_doit
-	* appl/test/common.c (client_doit): move identical code here and
-	start using getaddrinfo
-
-	* appl/kf/kf.c (doit): rewrite to use getaddrinfo
-	* kdc/hprop.c: re-write to use getaddrinfo
-	* lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): use
-	getaddrinfo
-	* lib/krb5/changepw.c: re-write to use getaddrinfo
-	* lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
-
-1999-12-03  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
-	getnameinfo, gai_strerror
-	(socklen_t): check for
-
-1999-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
-
-1999-11-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
- 	within unicode characters.  this should probably be done in some
- 	arbitrarly complex way to do it properly and you would have to
- 	know what character encoding was used for the password and salt
- 	string.
-
-	* lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
-	(INADDR_ANY)
-	(ipv6_uninteresting): remove unused macro
-
-1999-11-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: rc4->arcfour
-
-	* lib/krb5/crypto.c: rc4->arcfour
-
-1999-11-17  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_locl.h: add <rc4.h>
-	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
-	* lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
-	not be totally different from some small company up in the
-	north-west corner of the US
-
-	* lib/krb5/get_addrs.c (find_all_addresses): change code to
- 	actually increment buf_size
-
-1999-11-14  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
-	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
- 	scanning optional
-	* lib/krb5/context.c (init_context_from_config_file): set
- 	`scan_interfaces'
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
-	* lib/krb5/add_et_list.c (krb5_add_et_list): new function
-
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_default_realm.c (krb5_get_default_realm,
-	krb5_get_default_realms): set realms if they were unset
-	* lib/krb5/context.c (init_context_from_config_file): don't
-	initialize default realms here.  it's done lazily instead.
-	
-	* lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
-	* lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
-	bit constants are unsigned
-	* lib/asn1/gen.c (define_type): make length in sequences be
-	unsigned.
-
-	* configure.in: remove duplicate test for setsockopt test for
-	struct tm.tm_isdst
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
-	preauthentication information if we get back ERR_PREAUTH_REQUIRED
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
-	preauthentication generation code.  it's now in krb5_get_in_cred
-	
-	* configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
-	tm.tm_gmtoff and timezone
-	
-1999-11-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/main.c: make this work with multi-db
-
-	* kdc/kdc_locl.h: make this work with multi-db
-
-	* kdc/config.c: make this work with multi-db
-
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/misc.c: update for multi-database code
-
-	* kdc/main.c: update for multi-database code
-
-	* kdc/kdc_locl.h: update
-
-	* kdc/config.c: allow us to have more than one database
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2d
-
-	* lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
- 	(krb5_context_data has changed and some code do (might) access
- 	fields directly)
-
-	* lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
-
-	* lib/krb5/get_cred.c (init_tgs_req): use
- 	krb5_keytype_to_enctypes_default
-
-	* lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
- 	function
-
-	* lib/krb5/context.c (set_etypes): new function
-	(init_context_from_config_file): set both `etypes' and `etypes_des'
-
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (VERSION): bump to 0.2d-pre
-
-1999-10-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_parse_name): check memory allocations
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2c
-
-	* lib/krb5/dump_config.c (print_tree): check for empty tree
-
-	* lib/krb5/string-to-key-test.c (tests): update the test cases
- 	with empty principals so that they actually use an empty realm and
- 	not the default.  use the correct etype for 3DES
-
-	* lib/krb5/Makefile.am: bump version to 4:1:0
-
-	* kdc/config.c (configure): more careful with the port string
-
-1999-10-26  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2b
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 4:0:0
- 	(krb524_convert_creds_kdc and potentially some other functions
- 	have changed prototypes)
-
-	* lib/hdb/Makefile.am: bump version to 4:0:1
-
-	* lib/asn1/Makefile.am: bump version to 1:3:0
-
-	* configure.in (LIB_roken): add dbopen.  getcap in roken
- 	references dbopen and with shared libraries we need to add this
- 	dependency.
-
-	* lib/krb5/verify_krb5_conf.c (main): support speicifying the
- 	configuration file to test on the command line
-
-	* lib/krb5/config_file.c (parse_binding): handle line with no
- 	whitespace before =
-	(krb5_config_parse_file_debug): set lineno earlier so that we don't
-	use it unitialized
-
-	* configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
- 	more include files for these tests
-
-	* lib/krb5/set_default_realm.c (krb5_set_default_realm): use
- 	krb5_config_get_strings, which means that your configuration file
- 	should look like:
-	
-	[libdefaults]
-	  default_realm = realm1 realm2 realm3
-
-	* lib/krb5/set_default_realm.c (config_binding_to_list): fix
- 	copy-o.  From Michal Vocu <michal@karlin.mff.cuni.cz>
-
-	* kdc/config.c (configure): add a missing strdup.  From Michal
- 	Vocu <michal@karlin.mff.cuni.cz>
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2a
-
-	* configure.in: only test for db.h with using berkeley_db. remember
- 	to link with LIB_tgetent when checking for el_init. add xnlock
-
-	* appl/Makefile.am: add xnlock
-
-	* kdc/kerberos5.c (find_etype): support null keys
-
-	* kdc/kerberos4.c (get_des_key): support null keys
-
-	* lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
- 	calculation
-
-1999-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
-
-1999-10-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
-
-1999-10-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
-
-	* lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
-
-	* lib/krb5/crypto.c (krb5_string_to_salttype): new function
-
-	* **/*.[ch]: const-ize
-
-1999-10-06  Assar Westerlund  <assar@sics.se>
-	
-	* lib/krb5/creds.c (krb5_compare_creds): const-ify
-	
-	* lib/krb5/cache.c: clean-up and comment-up
-
-	* lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
- 	strings
-
-	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
- 	correct realm part
-
-	* kdc/connect.c (handle_tcp): things work much better when ret is
- 	initialized
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
- 	type of the session key
-
-	* lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
- 	correctly
-
-	* lib/krb5/creds.c (krb5_compare_creds): fix spelling of
- 	krb5_enctypes_compatible_keys
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
- 	credentials from the KDC if the existing one doesn't have a DES
- 	session key.
-
-	* lib/45/get_ad_tkt.c (get_ad_tkt): update to new
- 	krb524_convert_creds_kdc
-
-1999-10-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
-
-	* lib/krb5/keytab_memory.c: make krb5_mkt_ops const
-
-	* lib/krb5/keytab_file.c: make krb5_fkt_ops const
-
-1999-10-01  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c: rewritten to allow error messages
-
-	* lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
-	(libkrb5_la_SOURCES): add config_file_netinfo.c
-
-	* lib/krb5/verify_krb5_conf.c: new program for verifying that
-	krb5.conf is corret
-
-	* lib/krb5/config_file_netinfo.c: moved netinfo code here from
- 	config_file.c
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (dump_krb4): kludge default_realm
-
-	* lib/asn1/check-der.c: add test cases for Generalized time and
- 	make sure we return the correct value
-
-	* lib/asn1/der_put.c: simplify by using der_put_length_and_tag
-
-	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
- 	krb5_verify_user that tries in all the local realms
-
-	* lib/krb5/set_default_realm.c: add support for having several
- 	default realms
-
-	* lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
-
-	* lib/krb5/get_default_realm.c (krb5_get_default_realms): add
-
-	* lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
- 	`default_realms'
-
-	* lib/krb5/context.c: change from `default_realm' to
- 	`default_realms'
-
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
- 	krb5_get_default_realms
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
-
-	* lib/krb5/copy_host_realm.c: new file
-
-1999-09-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/der_put.c (encode_generalized_time): encode length
-
-	* lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
-	that allows more intelligent matching of the application version
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c: add err.h
-
-	* kdc/config.c (configure): use parse_bytes
-
-	* appl/test/nt_gss_common.c: use the correct header file
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c: add a `--cache' flag
-
-	* kuser/kinit.c (main): only get default value for `get_v4_tgt' if
-	it's explicitly set in krb5.conf
-
-1999-09-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c (tag_names); add another univeral tag
-
-	* lib/asn1/der.h: update universal tags
-
-1999-09-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c (loop): print length of octet string
-
-1999-09-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/ktutil.c (kt_get): add `--help'
-
-1999-09-21  Assar Westerlund  <assar@sics.se>
-
-	* kuser/Makefile.am: add kdecode_ticket
-
-	* kuser/kdecode_ticket.c: new debug program
-
-	* appl/test/nt_gss_server.c: new program to test against `Sample *
- 	SSPI Code' in Windows 2000 RC1 SDK.
-
-	* appl/test/Makefile.am: add nt_gss_client and nt_gss_server
-
-	* lib/asn1/der_get.c (decode_general_string): remember to advance
- 	ret over the length-len
-
-	* lib/asn1/Makefile.am: add asn1_print
-
-	* lib/asn1/asn1_print.c: new program for printing DER-structures
-
-	* lib/asn1/der_put.c: make functions more consistent
-
-	* lib/asn1/der_get.c: make functions more consistent
-
-1999-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: be more informative in pa-data error messages
-
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: test for strlcpy, strlcat
-
-1999-09-14  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
- 	KRB5_LIBOS_PWDINTR when interrupted
-
-	* lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
- 	value from des_read_pw_string
-
-	* kuser/kinit.c (main): don't print any error if reading the
- 	password was interrupted
-
-	* kpasswd/kpasswd.c (main): don't print any error if reading the
- 	password was interrupted
-
-	* kdc/string2key.c (main): check the return value from fgets
-
-	* kdc/kstash.c (main): check return value from des_read_pw_string
-
-	* admin/ktutil.c (kt_add): check the return-value from fgets and
- 	overwrite the password for paranoid reasons
-
-	* lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
- 	newline if it's there
-
-1999-09-13  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (main): remove bogus error with `--print'.  remove
- 	sysloging of number of principals transferred
-
-	* kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
- 	principals
-	(main): get rid of bogus opening of hdb database when propagating
-	ka-server database
-
-1999-09-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
-
-	* lib/krb5/krb5.h (krb5_context_data): add keytab types
-
-	* configure.in: revert back awk test, not worked around in
- 	roken.awk
-
-	* lib/krb5/keytab_krb4.c: remove O_BINARY
-
-	* lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's.  From
-	Love <lha@e.kth.se>
-
-	* lib/krb5/keytab_file.c: remove O_BINARY
-
-	* lib/krb5/keytab.c: move the list of keytab types to the context
-
-	* lib/krb5/fcache.c: remove O_BINARY
-
-	* lib/krb5/context.c (init_context_from_config_file): register all
- 	standard cache and keytab types
-	(krb5_free_context): free `kt_types'
-
-	* lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
- 	standard types of credential caches to context
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab.c: add comments and clean-up
-
-	* admin/ktutil.c: add `ktutil copy'
-
-	* lib/krb5/keytab_krb4.c: new file
-
-	* lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
-
-	* lib/krb5/Makefile.am: add keytab_krb4.c
-
-	* lib/krb5/keytab.c: add krb4 and correct some if's
-
-	* admin/srvconvert.c (srvconv): move common code
-
-	* lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
-
-	* lib/krb5/keytab.c: move out file and memory functions
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
- 	keytab_memory.c
-
-	* lib/krb5/keytab_memory.c: new file
-
-	* lib/krb5/keytab_file.c: new file
-
-	* kpasswd/kpasswdd.c: move out password quality functions
-
-1999-09-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c.  From
- 	Love <lha@e.kth.se>
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
- 	return value from `krb5_sendto_kdc'
-
-1999-09-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
- 	remove the sending of data.  add a parameter `limit'.  let callers
- 	send the date themselves (and preferably with net_write on tcp
- 	sockets)
-	(send_and_recv_tcp): read first the length field and then only that
-	many bytes
-
-1999-09-05  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (handle_tcp): try to print warning `TCP data of
- 	strange type' less often
-
-	* lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
-  	return on EOF.  always free data.  check return value from
- 	realloc.
-	(send_and_recv_tcp, send_and_recv_http): check advertised length
-	against actual length
-
-1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for sgi capabilities
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
-	extra addresses
-
-	* kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
-	add --realm flag
-
-	* lib/krb5/address.c (krb5_append_addresses): remove duplicates
-
-1999-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/keytab.c: HDB keytab backend
-
-1999-08-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab.c
-	(krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
-	pointer
-
-1999-08-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kpasswd/kpasswdd.c: add `--keytab' flag
-
-1999-08-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
- 	instead of the non-standard `s6_addr32'.  From Yoshinobu Inoue
- 	<shin@kame.net> by way of the KAME repository
-
-1999-08-18  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (--enable-new-des3-code): remove check for `struct
- 	addrinfo'
-
-	* lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
- 	des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
- 	compatability
-
-	* lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
- 	derivation) just got assigned etype 16 by <bcn@isi.edu>.  keep the
- 	old etype at 7.
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
- 	krb5_net_read actually returns -1
-
-	* lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
- 	krb5_net_read actually returns -1
-
-	* appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
- 	returned -1
-
-	* appl/test/tcp_server.c (proto): only trust errno if
- 	krb5_net_read actually returns -1
-
-	* appl/kf/kfd.c (proto): be more careful with the return value
- 	from krb5_net_read
-
-1999-08-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c (get_addrs_int): try the different ways
- 	sequentially instead of just one.  this helps if your heimdal was
- 	built with v6-support but your kernel doesn't have it, for
- 	example.
-
-1999-08-12  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c: add inetd flag.  default means try to figure out
- 	if stdin is a socket or not.
-
-	* Makefile.am (ACLOCAL): just use `cf', this variable is only used
- 	when the current directory is $(top_srcdir) anyways and having
- 	$(top_srcdir) there breaks if it's a relative path
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for setproctitle
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): remember to call
- 	freehostent
-
-	* appl/test/tcp_client.c: call freehostent
-
-	* appl/kf/kf.c (doit): call freehostent
-
-	* appl/kf/kf.c: make v6 friendly and simplify
-
-	* appl/kf/kfd.c: make v6 friendly and simplify
-
-	* appl/test/tcp_server.c: simplify by using krb5_err instead of
- 	errx
-	
-	* appl/test/tcp_client.c: simplify by using krb5_err instead of
- 	errx
-
-	* appl/test/tcp_server.c: make v6 friendly and simplify
-
-	* appl/test/tcp_client.c: make v6 friendly and simplify
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1m
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c (main): some more KRB4-conditionalizing
-
-	* lib/krb5/get_in_tkt.c: type correctness
-
-	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
- 	flags.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kuser/kinit.c (main): add config file support for forwardable
- 	and krb4 support.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kdc/kerberos5.c (as_rep): add an empty X500-compress string as
- 	transited.
-	(fix_transited_encoding): check length.
-	From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
- 	principals in some other realm. From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-	(main): rename sa_len -> sin_len, sa_lan is a define on some
-	platforms.
-
-	* appl/kf/kfd.c: add regpag support. From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-	* appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* lib/krb5/config_file.c (parse_list): don't run past end of line
-
-	* appl/test/gss_common.h: new prototypes
-
-	* appl/test/gssapi_client.c: use gss_err instead of abort
-
-	* appl/test/gss_common.c (gss_verr, gss_err): add
-
-1999-08-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
- 	otherwise it doesn't build with shared libraries
-
-	* kdc/hpropd.c: v6-ify
-
-	* kdc/hprop.c: v6-ify
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
-
-1999-07-31  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
- 	function that takes a FQDN
-
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
-
-	* lib/krb5/expand_hostname.c: new file
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1l
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/Makefile.am: bump version to 1:2:0
-
-	* lib/krb5/Makefile.am: bump version to 3:1:0
-
-	* configure.in: more inet_pton to roken
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): use
- 	getipnodebyname
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1k
-
-1999-07-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: bump version number (changed function
-	signatures)
-
-	* lib/hdb/Makefile.am: bump version number (changes to some
-	function signatures)
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 3:0:2
-
-	* lib/hdb/Makefile.am: bump version to 2:1:0
-
-	* lib/asn1/Makefile.am: bump version to 1:1:0
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1j
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: rokenize inet_ntop
-
-	* lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
-	
-	* lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
-	
-	* lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
-	
-	* lib/krb5/store.c: lots of changes from size_t to ssize_t
-	(krb5_ret_stringz): check return value from realloc
-
-	* lib/krb5/mk_safe.c: some type correctness
-	
-	* lib/krb5/mk_priv.c: some type correctness
-	
-	* lib/krb5/krb5.h (krb5_storage): change return values of
-	functions from size_t to ssize_t
-	
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1i
-
-	* configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
- 	in lib/roken/roken.awk
-
-	* lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
- 	step over addresses if there's no `sa_lan' field
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
- 	using `struct sockaddr_storage'
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
- 	`struct sockaddr_storage'
-
-	* lib/krb5/changepw.c (krb5_change_password): simplify by using
- 	`struct sockaddr_storage'
-
-	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
- 	simplify by using `struct sockaddr_storage'
-
-	* kpasswd/kpasswdd.c (*): simplify by using `struct
- 	sockaddr_storage'
-
-	* kdc/connect.c (*): simplify by using `struct sockaddr_storage'
-
-	* configure.in (sa_family_t): just test for existence
-	(sockaddr_storage): also specify include file
-
-	* configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
-	(sa_family_t): test for
-	(struct	sockaddr_storage): test for
-
-	* kdc/hprop.c (propagate_database): typo, NULL should be
- 	auth_context
-
-	* lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
- 	AF_INET6
-
-	* appl/kf/kf.c (main): use warnx
-
-	* appl/kf/kf.c (proto): remove shadowing context
-
-	* lib/krb5/get_addrs.c (find_all_addresses): try to handle the
- 	case of getting back an `sockaddr_in6' address when sizeof(struct
- 	sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
- 	tell us how large the address is.  This obviously doesn't work
- 	with unknown protocol types.
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1h
-
-1999-07-23  Assar Westerlund  <assar@sics.se>
-
-	* appl/kf/kfd.c: clean-up and more paranoia
-
-	* etc/services.append: add kf
-
-	* appl/kf/kf.c: rename tk_file to ccache for consistency.  clean-up
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/n-fold-test.c (main): print the correct data
-
-	* appl/Makefile.am (SUBDIRS): add kf
-
-	* appl/kf: new program.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* kdc/hprop.c: declare some variables unconditionally to simplify
- 	things
-
-	* kpasswd/kpasswdd.c: initialize kadm5 connection for every change
- 	(otherwise the modifier in the database doesn't get set)
-
-	* kdc/hpropd.c: clean-up and re-organize
-
-	* kdc/hprop.c: clean-up and re-organize
-
- 	* configure.in (SunOS): define to xy for SunOS x.y
-
-1999-07-19  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AC_BROKEN): test for copyhostent, freehostent,
- 	getipnodebyaddr, getipnodebyname
-
-1999-07-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/check-der.c: more test cases for integers
-
-	* lib/asn1/der_length.c (length_int): handle the case of the
- 	largest negative integer by not calling abs
-
-1999-07-14  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/check-der.c (generic_test): check malloc return value
- 	properly
-
-	* lib/krb5/Makefile.am: add string_to_key_test
-
-	* lib/krb5/prog_setup.c (krb5_program_setup): always initialize
- 	the context
-
-	* lib/krb5/n-fold-test.c (main): return a relevant return value
-
-	* lib/krb5/krbhst.c: do SRV lookups for admin server as well.
-  	some clean-up.
-
-1999-07-12  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: handle not building X programs
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
- 	variable
-	(ipv6_sockaddr2port): fix typo
-
-	* etc/services.append: beginning of a file with services
-
-	* lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
- 	there's no prefix.  also clean-up a little bit.
-
-	* kdc/hprop.c (--kaspecials): new flag for handling special KA
- 	server entries.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-1999-07-05  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (handle_tcp): make sure we have data before
- 	starting to look for HTTP
-
-	* kdc/connect.c (handle_tcp): always do getpeername, we can't
- 	trust recvfrom to return anything sensible
-
-1999-07-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
- 	all enctypes
-
-	* kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
-
-	* admin/srvconvert.c (srvconv): better error messages
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (unparse_name): error check malloc properly
-
-	* lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
- 	properly
-
-	* lib/krb5/crypto.c (*): do some malloc return-value checks
- 	properly
-
-	* lib/hdb/hdb.c (hdb_process_master_key): simplify by using
- 	krb5_data_alloc
-
-	* lib/hdb/hdb.c (hdb_process_master_key): check return value from
- 	malloc
-
-	* lib/asn1/gen_decode.c (decode_type): fix generation of decoding
- 	information for TSequenceOf.
-
-	* kdc/kerberos5.c (get_pa_etype_info): check return value from
- 	malloc
-
-1999-07-02  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
- 	0 and malloc returns NULL
-
-1999-06-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (ipv6_parse_addr): implement
-
-1999-06-24  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
- 	as an addrport one
-
-	* lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
- 	add
-	(krb5_auth_context): add local and remote port
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
- 	local and remote address and add them to the krb-cred packet
-
-	* lib/krb5/auth_context.c: save the local and remove ports in the
- 	auth_context
-
-	* lib/krb5/address.c (krb5_make_addrport): create an address of
- 	type KRB5_ADDRESS_ADDRPORT from (addr, port)
-
-	* lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
- 	grabbing the port number out of the sockaddr
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
-  	increase possible verbosity.
-
-	* lib/krb5/config_file.c (parse_list): handle blank lines at
- 	another place
-	
-	* kdc/connect.c (add_port_string): don't return a value
-
- 	* lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
- 	cache if the principals are different.  close and NULL the old one
- 	so that we create a new one.
-
-	* configure.in: move around cgywin et al
-	(LIB_kdb): set at the end of krb4-block
-	(krb4): test for krb_enable_debug and krb_disable_debug
-
-1999-06-16  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kdestroy.c (main): try to destroy v4 ticket even if the
- 	destruction of the v5 one fails
-
-	* lib/krb5/crypto.c (DES3_postproc): new version that does the
- 	right thing
-	(*): don't put and recover length in 3DES encoding
-	other small fixes
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_default_principal.c: rewrite to use
- 	get_default_username
-
-	* lib/krb5/Makefile.am: add n-fold-test
-
-	* kdc/connect.c: add fallbacks for all lookups by service name
-	(handle_tcp): break-up and clean-up
-
-1999-06-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
- 	the loopback address as uninteresting
-
-	* lib/krb5/get_addrs.c: new magic flag to get loopback address if
- 	there are no other addresses.
-	(krb5_get_all_client_addrs): use that flag
-
-1999-06-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
- 	length
-	(checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
-	(encrypt_internal_derived): don't include the length and don't
-	decrease by the checksum size twice
-	(_get_derived_key): the constant should be 5 bytes
-
-1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: use KRB_CHECK_X
-	
-	* configure.in: check for netinet/ip.h
-	
-1999-05-31  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
- 	on RTLD_NOW
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* appl/test/uu_server.c: removed unused stuff
-
-	* appl/test/uu_client.c: removed unused stuff
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kgetcred.c (main): correct error message
-
-	* lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
- 	directly, avoiding redundant lookups and memory leaks
-
-	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
- 	local and remote addresses
-
-	* lib/krb5/get_default_principal.c (get_logname): also try
- 	$USERNAME
-	
-	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
-
-	* lib/krb5/principal.c (USE_RESOLVER): try to define only if we
-	have a libresolv (currently by checking for res_search)
-
-1999-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c (handle_tcp): remove %-escapes in request
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1g
-
-	* admin/ktutil.c (kt_remove): -t should be -e
-
-	* configure.in (CHECK_NETINET_IP_AND_TCP): use
-
-	* kdc/hpropd.c: support for dumping to krb4.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-	* admin/ktutil.c (kt_add): new option `--no-salt'.  From Miroslav
- 	Ruda <ruda@ics.muni.cz>
-
-	* configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
- 	and innetgr with roken versions
-
-	* kuser/kgetcred.c: new program
-
-Tue May 11 14:09:33 1999  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mcache.c: fix paste-o
-	
-1999-05-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: don't use uname
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
-	arguments :-)
-
-	* appl/test/uu_server.c (setsockopt): cast to get rid of a warning
-	
-	* appl/test/tcp_server.c (setsockopt): cast to get rid of a
-	warning
-
-	* appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
-	== NULL
-
-	* appl/test/gssapi_server.c (setsockopt): cast to get rid of a
-	warning
-
-	* lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
-	setting the default ccache.
-
-	* configure.in (getsockopt, setsockopt): test for
-	(AM_INIT_AUTOMAKE): bump version to 0.1g
-
-	* appl/Makefile.am (SUBDIRS): add kx
-	
-	* lib/hdb/convert_db.c (main): handle the case of no master key
-	
-1999-05-09  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1f
-
-	* kuser/kinit.c: add --noaddresses
-	
-	* lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
-	empty sit of list as to not ask for any addresses.
-	
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h (_GNU_SOURCE): define this to enable (used)
- 	extensions on glibc-based systems such as linux
-
-1999-05-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
-	`*out_creds' properly
-
-	* lib/krb5/creds.c (krb5_compare_creds): just verify that the
-	keytypes/enctypes are compatible, not that they are the same
-
-	* kuser/kdestroy.c (cache): const-correctness
-
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/hdb.c (hdb_set_master_key): initialise master key
-	version
-
-	* lib/hdb/convert_db.c: add support for upgrading database
-	versions
-
-	* kdc/misc.c: add flags to fetch
-
-	* kdc/kstash.c: unlink keyfile on failure, chmod to 400
-
-	* kdc/hpropd.c: add --print option
-
-	* kdc/hprop.c: pass flags to hdb_foreach
-
-	* lib/hdb/convert_db.c: add some flags
-
-	* lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
-	build prototype headers
-	
-	* lib/hdb/hdb_locl.h: update prototypes
-
-	* lib/hdb/print.c: move printable version of entry from kadmin
-
-	* lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
-	sealed or not; add flags to hdb_foreach
-
-	* lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
-	NDBM_nextkey
-
-	* lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
-
-	* lib/hdb/common.c: add flags to _hdb_{fetch,store}
-
-	* lib/hdb/hdb.h: add master_key_version to struct hdb, update
-	prototypes
-
-	* lib/hdb/hdb.asn1: make mkvno optional, update version to 2
-
-	* configure.in: --enable-netinfo
-
-	* lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
-
-	* config.sub: fix for crays
-
-	* config.guess: new version from automake 1.4
-	
-	* config.sub: new version from automake 1.4
-
-Wed Apr 28 00:21:17 1999  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.1e
-
-	* lib/krb5/mcache.c (mcc_get_next): get the current cursor
- 	correctly
-
-	* acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
-  	From Ake Sandgren <ake@cs.umu.se>
-
-1999-04-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: fix arguments to decrypt_ticket
-	
-1999-04-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
-	DCE secd's that are not able to handle MD5 checksums by defaulting
-	to MD4 if the keytype was DES-CBC-CRC
-	
-	* lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
-	
-	* lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
-	`cksumtype'
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
-	secd
-	(init_tgs_req): add all supported enctypes for the keytype in
-	`in_creds->session.keytype' if it's set
-
-	* lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
-	encryption types
-	(do_checksum): new function
-	(verify_checksum): take the checksum to use from the checksum message
-	and not from the crypto struct
-	(etypes): add F_PSEUDO flags
-	(krb5_keytype_to_enctypes): new function
-
-	* lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
-	and cksumtype
-	(krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
-	(krb5_auth_setkeytype, krb5_auth_getkeytype): implement
-	(krb5_auth_setenctype): comment out, it's rather bogus anyway
-
-Sun Apr 25 16:55:50 1999  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_locl.h: fix for stupid aix warnings
-
-	* lib/krb5/fcache.c (erase_file): don't malloc
-	
-Sat Apr 24 18:35:21 1999  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/config.c: pass context to krb5_config_file_free
-
-	* kuser/kinit.c: add `--fcache-version' to set cache version to
-	create
-
-	* kuser/klist.c: print cache version if verbose
-
-	* lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
-
-	* lib/krb5/principal.c: abort -> krb5_abortx
-
-	* lib/krb5/mk_rep.c: abort -> krb5_abortx
-
-	* lib/krb5/config_file.c: abort -> krb5_abortx
-
-	* lib/krb5/context.c (init_context_from_config_file): init
-	fcache_version; add krb5_{get,set}_fcache_version
-
-	* lib/krb5/keytab.c: add support for reading (and writing?) old
-	version keytabs
-
-	* lib/krb5/cache.c: add krb5_cc_get_version
-
-	* lib/krb5/fcache.c: add support for reading and writing old
-	version cache files
-
-	* lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
-
-	* lib/krb5/store_emem.c (krb5_storage_emem): zero flags
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
-
-	* lib/krb5/store.c: add flags to change how various fields are
-	stored, used for old cache version support
-	
-	* lib/krb5/krb5.h: add support for reading and writing old version
-	cache files, and keytabs
-	
-Wed Apr 21 00:09:26 1999  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: fix test for readline.h remember to link with
- 	$LIB_tgetent when trying linking with readline
-
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
- 	is given, request a postdated ticket.
-
-	* lib/krb5/data.c (krb5_data_free): free data as long as it's not
- 	NULL
-
-Tue Apr 20 20:18:14 1999  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
-
-	* lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
-
-	* lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
- 	KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
- 	invalid
-
-Tue Apr 20 12:42:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kpasswd/kpasswdd.c: don't try to load library by default; get
- 	library and function name from krb5.conf
-
-	* kpasswd/sample_passwd_check.c: sample password checking
- 	functions
-
-Mon Apr 19 22:22:19 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
- 	krb5_data_alloc and be careful with checking allocation and sizes.
-
-	* kuser/klist.c (--tokens): conditionalize on KRB4
-
-	* kuser/kinit.c (renew_validate): set all flags
-	(main): fix cut-n-paste error when setting start-time
-
-	* kdc/kerberos5.c (check_tgs_flags): starttime of a validate
- 	ticket should be > than current time
-	(*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
-
-	* kuser/kinit.c (renew_validate): use the client realm instead of
- 	the local realm when renewing tickets.
-
-	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
-	(krb5_get_forwarded_creds): correct freeing of out_creds
-
-	* kuser/kinit.c (renew_validate): hopefully fix up freeing of
- 	memory
-
-	* configure.in: do all the krb4 tests with "$krb4" != "no"
-
-	* lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
- 	keyvalue if it's NULL.  noticed by Ake Sandgren <ake@cs.umu.se>
-
-	* lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
- 	instead of just taking the first one.  fix all callers.  From
- 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
-
-	* kdc/kdc_locl.h (enable_kaserver): declaration
-	
-	* kdc/hprop.c (ka_convert): print the failing principal.  AFS 3.4a
- 	creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around.  From
- 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
-
-	* kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
-
-	* kdc/connect.c (add_standard_ports, process_request): look at
- 	enable_kaserver.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-	* kdc/config.c: new flag --kaserver and config file option
- 	enable-kaserver.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-Mon Apr 19 12:32:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: check for dlopen, and dlfcn.h
-
-	* kpasswd/kpasswdd.c: add support for dlopen:ing password quality
- 	check library
-
-	* configure.in: add appl/su
-
-Sun Apr 18 15:46:53 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
- 	cache
-
-Fri Apr 16 17:58:51 1999  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: LIB_kdb: -L should be before -lkdb
-	test for prototype of strsep
-	
-Thu Apr 15 11:34:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/Makefile.am: update version
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
- 	ALLOC_SEQ
-
-	* lib/krb5/fcache.c: add some support for reading and writing old
- 	cache formats;
-	(fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
-	krb5_ret_creds
-
-	* lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
- 	initialize host_byteorder
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
- 	host_byteorder
-
-	* lib/krb5/store_emem.c (krb5_storage_emem): initialize
- 	host_byteorder
-
-	* lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
-	(krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
- 	check host_byteorder flag; (krb5_store_creds): add;
- 	(krb5_ret_creds): add
-
-	* lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
- 	storage of numbers
-
-	* lib/krb5/heim_err.et: add `host not found' error
-
-	* kdc/connect.c: don't use data after clearing decriptor
-
-	* lib/krb5/auth_context.c: abort -> krb5_abortx
-
-	* lib/krb5/warn.c: add __attribute__; add *abort functions
-
-	* configure.in: check for __attribute__
-
-	* kdc/connect.c: log bogus requests
-
-Tue Apr 13 18:38:05 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
- 	for all DES keys
-
-1999-04-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
-
-	* lib/krb5/get_cred.c (init_tgs_req): some more error checking
-
-	* lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
-	value from malloc
-
-Sun Apr 11 03:47:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: update to reality
-
-	* lib/krb5/krb5_425_conv_principal.3: update to reality
-
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_host_realm.c: handle more than one realm for a host
-
-	* kpasswd/kpasswd.c (main): use krb5_program_setup and
-	print_version
-
-	* kdc/string2key.c (main): use krb5_program_setup and
-	print_version
-
-Sun Apr 11 02:35:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/principal.c (krb5_524_conv_principal): make it actually
- 	work, and check built-in list of host-type first-components
-
-	* lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
-
-	* lib/krb5/context.c: add srv_* flags to context
-
-	* lib/krb5/principal.c: add default v4_name_convert entries
-
-	* lib/krb5/krb5.h: add srv_* flags to context
-
-Sat Apr 10 22:52:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kadmin/kadmin.c: complain about un-recognised commands
-
-	* admin/ktutil.c: complain about un-recognised commands
-
-Sat Apr 10 15:41:49 1999  Assar Westerlund  <assar@sics.se>
-
-	* kadmin/load.c (doit): fix error message
-
-	* lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
- 	fail to match.
-	(krb5_get_wrapped_length): new function
-
-	* configure.in: security/pam_modules.h: check for
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
- 	around `ret_as_reply' semantics by only freeing it when ret == 0
-
-Fri Apr  9 20:24:04 1999  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c (print_cred_verbose): handle the case of a bad
- 	enctype
-
-	* configure.in: test for more header files
-	(LIB_roken): set
-
-Thu Apr  8 15:01:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: fixes for building w/o krb4
-
-	* ltmain.sh: update to libtool 1.2d
-
-	* ltconfig: update to libtool 1.2d
-
-Wed Apr  7 23:37:26 1999  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c: fix some error messages to be more understandable.
-
-	* kdc/hprop.c (ka_dump): remove unused variables
-
-	* appl/test/tcp_server.c: remove unused variables
-
-	* appl/test/gssapi_server.c: remove unused variables
-
-	* appl/test/gssapi_client.c: remove unused variables
-
-Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
-
-	* kuser/klist.c: make it compile w/o krb4
-
-	* kuser/kdestroy.c: make it compile w/o krb4
-
-	* admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
- 	strings
-
-Mon Apr  5 16:13:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: test for MIPS ABI; new test_package
-
-Thu Apr  1 11:00:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* include/Makefile.am: clean krb5-private.h
-
-	* Release 0.1d
-
-	* kpasswd/kpasswdd.c (doit): pass context to
- 	krb5_get_all_client_addrs
-
-	* kdc/connect.c (init_sockets): pass context to
- 	krb5_get_all_server_addrs
-
-	* lib/krb5/get_in_tkt.c (init_as_req): pass context to
- 	krb5_get_all_client_addrs
-
-	* lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
- 	krb5_get_all_client_addrs
-
-	* lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
-
-	* lib/krb5/krb5.h: add support for adding an extra set of
- 	addresses
-
-	* lib/krb5/context.c: add support for adding an extra set of
- 	addresses
-
-	* lib/krb5/addr_families.c: add krb5_parse_address
-
-	* lib/krb5/address.c: krb5_append_addresses
-
-	* lib/krb5/config_file.c (parse_binding): don't zap everything
- 	after first whitespace
-
-	* kuser/kinit.c (renew_validate): don't allocate out
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
- 	allocate out_creds
-
-	* lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
- 	out_creds pointer;
-	(krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
-	free more memory
-
-	* lib/krb5/crypto.c (encrypt_internal): free checksum
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
- 	and ticket
-
-	* kuser/Makefile.am: remove kfoo
-
-	* lib/Makefile.am: add auth
-
-	* lib/kadm5/iprop.h: getarg.h
-
-	* lib/kadm5/replay_log.c: use getarg
-
-	* lib/kadm5/ipropd_slave.c: use getarg
-
-	* lib/kadm5/ipropd_master.c: use getarg
-
-	* lib/kadm5/dump_log.c: use getarg
-
-	* kpasswd/kpasswdd.c: use getarg
-
-	* Makefile.am.common: make a more working check-local target
-
-	* lib/asn1/main.c: use getargs
-
-Mon Mar 29 20:19:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kuser/klist.c (print_cred_verbose): use krb5_print_address
-
-	* lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
-
-	* lib/krb5/addr_families.c (krb5_print_address): handle unknown
- 	address types; (ipv6_print_addr): print in 16-bit groups (as it
- 	should)
-
-	* lib/krb5/crc.c: crc_{init_table,update} ->
- 	_krb5_crc_{init_table,update}
-
-	* lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
- 	crc_{init_table,update} -> _krb5_crc_{init_table,update}
-
-	* lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
-
-	* lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
-
-	* lib/krb5/krb5_locl.h: include krb5-private.h
-
-	* kdc/connect.c (addr_to_string): use krb5_print_address
-
-	* lib/krb5/addr_families.c (krb5_print_address): int -> size_t
-
-	* lib/krb5/addr_families.c: add support for printing ipv6
- 	addresses, either with inet_ntop, or ugly for-loop
-
-	* kdc/524.c: check that the ticket came from a valid address; use
- 	the address of the connection as the address to put in the v4
- 	ticket (if this address is AF_INET)
-
-	* kdc/connect.c: pass addr to do_524
-
-	* kdc/kdc_locl.h: prototype for do_524
-
-Sat Mar 27 17:48:31 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
- 	setlim; check for auth modules; siad.h, getpwnam_r;
- 	lib/auth/Makefile, lib/auth/sia/Makefile
-
-	* lib/krb5/crypto.c: n_fold -> _krb5_n_fold
-
-	* lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
-
-Thu Mar 25 04:35:21 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
- 	it
-
-	* lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
-
-	* lib/hdb/ndbm.c (NDBM_destroy): clear master key
-
-	* lib/hdb/db.c (DB_destroy): clear master key
-	(DB_open): check malloc
-
-	* kdc/connect.c (init_sockets): free addresses
-
-	* kadmin/kadmin.c (main): make code more consistent.  always free
- 	configuration information.
-
-	* kadmin/init.c (create_random_entry): free the entry
-
-Wed Mar 24 04:02:03 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
- 	re-organize the code to always free `kdc_reply'
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
- 	freeing memory
-
-	* lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
-
-	* lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
-
-	* lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
- 	header
-
-	* configure.in (db_185.h): check for
-
-	* admin/srvcreate.c: new file. contributed by Daniel Kouril
- 	<kouril@informatics.muni.cz>
-
-	* admin/ktutil.c: srvcreate: new command
-
-	* kuser/klist.c: add support for printing AFS tokens
-
-	* kuser/kdestroy.c: add support for destroying v4 tickets and AFS
- 	tokens.  based on code by Love <lha@stacken.kth.se>
-
-	* kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
-
-	* configure.in: sys/ioccom.h: test for
-
-	* kuser/klist.c (main): don't print `no ticket file' with --test.
-  	From: Love <lha@e.kth.se>
-
-	* kpasswd/kpasswdd.c (doit): more braces to make gcc happy
-
-	* kdc/connect.c (init_socket): get rid of a stupid warning
-
-	* include/bits.c (my_strupr): cast away some stupid warnings
-
-Tue Mar 23 14:34:44 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
- 	loops, please
-
-Tue Mar 23 00:00:45 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/kadm5/Makefile.am (install_build_headers): recover from make
- 	rewriting the names of the headers kludge to help solaris make
-
-	* lib/krb5/Makefile.am: kludge to help solaris make
-
-	* lib/hdb/Makefile.am: kludge to help solaris make
-
-	* configure.in (LIB_kdb): make sure there's a -L option in here by
- 	adding $(LIB_krb4)
-
-	* lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
- 	unsigned
-
-	* configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
- 	remove the `dnl' to work around an automake flaw
-
-Sun Mar 21 15:08:49 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_default_realm.c: char* -> krb5_realm
-
-Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* include/bits.c: <bind/bitypes.h>
-
-	* lib/krb5/Makefile.am: create krb5-private.h
-
-Sat Mar 20 00:08:59 1999  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (gethostname): remove duplicate
-
-Fri Mar 19 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/hdb/Makefile.am: add version-info
-
-	* lib/gssapi/Makefile.am: add version-info
-
-	* lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
- 	to check_PROGRAMS
-
-	* lib/Makefile.am: add 45
-
-	* lib/kadm5/Makefile.am: split in client and server libraries
- 	(breaks shared libraries otherwise)
-
-Thu Mar 18 11:33:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* include/kadm5/Makefile.am: clean a lot of header files (since
- 	automake lacks a clean-hook)
-
-	* include/Makefile.am: clean a lot of header files (since automake
- 	lacks a clean-hook)
-
-	* lib/kadm5/Makefile.am: fix build-installation of headers
-
-	* lib/krb5/Makefile.am: remove include_dir hack
-
-	* lib/hdb/Makefile.am: remove include_dir hack
-
-	* lib/asn1/Makefile.am: remove include_dir hack
-
-	* include/Makefile.am: remove include_dir hack
-
-	* doc/whatis.texi: define sub for html
-
-	* configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
-
-	* lib/asn1/Makefile.am: der.h
-
-	* kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
-
-	* kdc/Makefile.am: remove junk
-
-	* kadmin/Makefile.am: sl.a -> sl.la
-
-	* appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
-
-	* admin/Makefile.am: sl.a -> sl.la
-
-	* configure.in: condition KRB5; AC_CHECK_XAU
-
-	* Makefile.am: include Makefile.am.common
-
-	* include/kadm5/Makefile.am: include Makefile.am.common; don't
- 	install headers from here
-
-	* include/Makefile.am: include Makefile.am.common; don't install
- 	headers from here
-
-	* doc/Makefile.am: include Makefile.am.common
-
-	* lib/krb5/Makefile.am: include Makefile.am.common
-
-	* lib/kadm5/Makefile.am: include Makefile.am.common
-
-	* lib/hdb/Makefile.am: include Makefile.am.common
-
-	* lib/gssapi/Makefile.am: include Makefile.am.common
-
-	* lib/asn1/Makefile.am: include Makefile.am.common
-
-	* lib/Makefile.am: include Makefile.am.common
-
-	* lib/45/Makefile.am: include Makefile.am.common
-
-	* kuser/Makefile.am: include Makefile.am.common
-
-	* kpasswd/Makefile.am: include Makefile.am.common
-
-	* kdc/Makefile.am: include Makefile.am.common
-
-	* kadmin/Makefile.am: include Makefile.am.common
-
-	* appl/test/Makefile.am: include Makefile.am.common
-
-	* appl/afsutil/Makefile.am: include Makefile.am.common
-
-	* appl/Makefile.am: include Makefile.am.common
-
-	* admin/Makefile.am: include Makefile.am.common
-
-Wed Mar 17 03:04:38 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store.c (krb5_store_stringz): braces fix
-
-	* lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
-
-	* lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
-
-	* kdc/connect.c (loop): braces fix
-
-	* lib/krb5/config_file.c: cast to unsigned char to make is* happy
-
-	* lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
-
-	* lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
- 	be consistent
-
-	* kadmin/util.c (timeval2str): more braces to make gcc happy
-
-	* kadmin/load.c: cast in is* to get rid of stupid warning
-
-	* kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
- 	warning
-
-	* kdc/kaserver.c: malloc checks and fixes
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
- 	dot (if any) when looking up realms.
-
-Fri Mar 12 13:57:56 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/get_host_realm.c: add dns support
-
-	* lib/krb5/set_default_realm.c: use krb5_free_host_realm
-
-	* lib/krb5/free_host_realm.c: check for NULL realmlist
-
-	* lib/krb5/context.c: don't print warning if there is no krb5.conf
-
-Wed Mar 10 19:29:46 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: use AC_WFLAGS
-
-Mon Mar  8 11:49:43 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Release 0.1c
-
-	* kuser/klist.c: use print_version
-
-	* kuser/kdestroy.c: use print_version
-
-	* kdc/hpropd.c: use print_version
-
-	* kdc/hprop.c: use print_version
-
-	* kdc/config.c: use print_version
-
-	* kadmin/kadmind.c: use print_version
-
-	* kadmin/kadmin.c: use print_version
-
-	* appl/test/common.c: use print_version
-
-	* appl/afsutil/afslog.c: use print_version
-
-Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
- 	HAVE_STRUCT_SOCKADDR_SA_LEN
-
-	* configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
-
-Sun Feb 28 18:19:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/asn1/gen.c: make `BIT STRING's unsigned
-
-	* lib/asn1/{symbol.h,gen.c}: add TUInteger type
-
-	* lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
- 	krb5_get_init_creds_password
-
-	* lib/krb5/fcache.c (fcc_gen_new): implement
-
-Sat Feb 27 22:41:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* doc/install.texi: krb4 is now automatically detected
-
-	* doc/misc.texi: update procedure to set supported encryption
- 	types
-
-	* doc/setup.texi: change some silly wordings
-
-Sat Feb 27 22:17:30 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/krb5/keytab.c (fkt_remove_entry): make this work
-
-	* admin/ktutil.c: add minimally working `get' command
-
-Sat Feb 27 19:44:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* lib/hdb/convert_db.c: more typos
-
-	* include/Makefile.am: remove EXTRA_DATA (as of autoconf
- 	2.13/automake 1.4)
-
-	* appl/Makefile.am: OTP_dir
-
-Fri Feb 26 17:37:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* doc/setup.texi: add kadmin section
-
-	* lib/asn1/check-der.c: fix printf warnings
-
-Thu Feb 25 11:16:49 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: -O does not belong in WFLAGS
-
-Thu Feb 25 11:05:57 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/asn1/der_put.c: fix der_put_int
-
-Tue Feb 23 20:35:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* configure.in: use AC_BROKEN_GLOB
-
-Mon Feb 22 15:12:44 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* configure.in: check for glob
-
-Mon Feb 22 11:32:42 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Release 0.1b
-
-Sat Feb 20 15:48:06 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
- 	des3-cbc-md5
-
-	* lib/krb5/crypto.c (DES3_string_to_key): make this actually do
- 	what the draft said it should
-
-	* lib/hdb/convert_db.c: little program for database conversion
-
-	* lib/hdb/db.c (DB_open): try to open database w/o .db extension
-
-	* lib/hdb/ndbm.c (NDBM_open): add test for database format
-
-	* lib/hdb/db.c (DB_open): add test for database format
-
-	* lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
- 	unsigned
-
-	* lib/hdb/hdb.c: change `hdb_set_master_key' to take an
- 	EncryptionKey, and add a new function `hdb_set_master_keyfile' to
- 	do what `hdb_set_master_key' used to do
-
-	* kdc/kstash.c: add `--convert-file' option to change keytype of
- 	existing master key file
-
-Fri Feb 19 07:04:14 1999  Assar Westerlund  <assar@squid.pdc.kth.se>
-
-	* Release 0.1a
-
-Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
- 	is now a `u_char *'
-
-	* lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
- 	orig_host
-
- 	(krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
- 	RSA_MD5_DES3_verify): initialize ret
-
-	* lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
- 	gssapi_krb5_init.  ask for KEYTYPE_DES credentials
-
-	* kadmin/get.c (print_entry_long): print the keytypes and salts
- 	available for the principal
-
-	* configure.in (WFLAGS): add `-O' to catch unitialized variables
- 	and such
-	(gethostname, mkstemp, getusershell, inet_aton): more tests
-
-	* lib/hdb/hdb.h: update prototypes
-
-	* configure.in: homogenize broken detection with krb4
-
-	* lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
- 	`error'
-
-	* lib/asn1/Makefile.am (check-der): add
-
-	* lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
- 	of `unsigned'
-
-	* lib/asn1/der_length.c (length_unsigned): new function
-	(length_int): handle signed integers
-
-	* lib/asn1/der_put.c (der_put_unsigned): new function
-	(der_put_int): handle signed integers
-
- 	* lib/asn1/der_get.c (der_get_unsigned): new function
- 	(der_get_int): handle signed integers
-
-	* lib/asn1/der.h: all integer functions take `int' instead of
- 	`unsigned'
-
-	* lib/asn1/lex.l (filename): unused. remove.
-
-	* lib/asn1/check-der.c: new test program for der encoding and
- 	decoding.
-
-Mon Feb  1 04:09:06 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
- 	gethostbyname2 with AF_INET6 if we actually have IPv6.  From
- 	"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
-
- 	* lib/krb5/changepw.c (get_kdc_address): dito
-
-Sun Jan 31 06:26:36 1999  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c (parse_prots): always bind to AF_INET, there are
- 	v6-implementations without support for `mapped V4 addresses'.
-  	From Jun-ichiro itojun Hagino <itojun@kame.net>
-
-Sat Jan 30 22:38:27 1999  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.0u
-
-Sat Jan 30 13:43:02 1999  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: explicit rules for *.et files
-
- 	* lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
- 	krb5_get_credentials was succesful.
- 	(get_new_cache): return better error codes and return earlier.
- 	(get_cred_cache): only delete default_client if it's different
- 	from client
- 	(kadm5_c_init_with_context): return a more descriptive error.
-
-	* kdc/kerberos5.c (check_flags): handle NULL client or server
-
-	* lib/krb5/sendauth.c (krb5_sendauth): return the error in
- 	`ret_error' iff != NULL
-
-	* lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
- 	new functions
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
- 	type-correctness
-
-	* lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
-
-	* lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
-
-	* lib/krb5/get_cred.c: KRB5_TGS_NAME: use
-
- 	* lib/kafs/afskrb5.c (afslog_uid_int): update to changes
-
-	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
- 	instead of rename, but shouldn't this just call rename?
-
- 	* lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
- 	error if the principal wasn't found.
-
-	* lib/hdb/ndbm.c (NDBM_seq): unseal key
-
-	* lib/hdb/db.c (DB_seq): unseal key
-
-	* lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
-
-	* kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
- 	finding cross-realm tgts in the v4 database
-
-	* kadmin/mod.c (mod_entry): check the number of arguments.  check
- 	that kadm5_get_principal worked.
-
-	* lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
- 	we weren't able to remove it.
-
-	* admin/ktutil.c: less drive-by-deleting.  From Love
- 	<lha@e.kth.se>
-
-	* kdc/connect.c (parse_ports): copy the string before mishandling
- 	it with strtok_r
-
-	* kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
- 	kvnos
-
-	* kadmin/kadmind.c (main): convert `debug_port' to network byte
- 	order
-
-	* kadmin/kadmin.c: allow specification of port number.
-
-	* lib/kadm5/kadm5_locl.h (kadm5_client_context): add
- 	`kadmind_port'.
-
-	* lib/kadm5/init_c.c (_kadm5_c_init_context): move up
- 	initalize_kadm5_error_table_r.
-	allow specification of port number.
-	
-  	From Love <lha@stacken.kth.se>
-
-	* kuser/klist.c: add option -t | --test
-
diff --git a/crypto/heimdal/ChangeLog.2000 b/crypto/heimdal/ChangeLog.2000
deleted file mode 100644
index a1cb687f550e..000000000000
--- a/crypto/heimdal/ChangeLog.2000
+++ /dev/null
@@ -1,1320 +0,0 @@
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/test_get_addrs.c (main): handle krb5_init_context
-	failure consistently
-	* lib/krb5/string-to-key-test.c (main): handle krb5_init_context
-	failure consistently
-	* lib/krb5/prog_setup.c (krb5_program_setup): handle
-	krb5_init_context failure consistently
-	* lib/hdb/convert_db.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kverify.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/klist.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kinit.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kgetcred.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kdestroy.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/kdecode_ticket.c (main): handle krb5_init_context failure
-	consistently
-	* kuser/generate-requests.c (generate_requests): handle
-	krb5_init_context failure consistently
-	* kpasswd/kpasswd.c (main): handle krb5_init_context failure
-	consistently
-	* kpasswd/kpasswd-generator.c (generate_requests): handle
-	krb5_init_context failure consistently
-	* kdc/main.c (main): handle krb5_init_context failure consistently
-	* appl/test/uu_client.c (proto): handle krb5_init_context failure
-	consistently
-	* appl/kf/kf.c (main): handle krb5_init_context failure
-	consistently
-	* admin/ktutil.c (main): handle krb5_init_context failure
-	consistently
-
-	* admin/get.c (kt_get): more error checking
-
-2000-12-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c (loop): check for length longer than data.
-	inspired by lha@stacken.kth.se
-
-2000-12-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/ktutil.8: reflect recent changes
-
-	* admin/copy.c: don't copy an entry that already exists in the
-	keytab, and warn if the keyblock differs
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/Makefile.am: merge srvconvert and srvcreate with copy
-
-	* admin/copy.c: merge srvconvert and srvcreate with copy
-
-	* lib/krb5/Makefile.am: always build keytab_krb4.c
-
-	* lib/krb5/context.c: always register the krb4 keytab functions
-
-	* lib/krb5/krb5.h: declare krb4_ftk_ops
-
-	* lib/krb5/keytab_krb4.c: We don't really need to include krb.h
-	here, since we only use the principal size macros, so define these
-	here. Theoretically someone could have a krb4 system where these
-	values are != 40, but this is unlikely, and
-	krb5_524_conv_principal also assume they are 40.
-
-2000-12-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: s/krb5_donot_reply/krb5_donot_replay/
-
-	* lib/krb5/replay.c: fix query-replace-o from MD5 API change, and
-	the struct is called krb5_donot_replay
-
-2000-12-12  Assar Westerlund  <assar@sics.se>
-
-	* admin/srvconvert.c (srvconvert): do not use data after free:ing
-	it
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.3d
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 14:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 6:3:0
-	* lib/krb5/Makefile.am (libkrb5_la_LIBADD): add library
-	dependencies
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/auth_context.c: implement krb5_auth_con_{get,set}rcache
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as
-	a new pseudo-type
-
-	* lib/krb5/crypto.c (DES_AFS3_CMU_string_to_key): always treat
-	cell names as lower case
-	(krb5_encrypt_ivec, krb5_decrypt_ivec): new functions that allow an
-	explicit ivec to be specified.  fix all sub-functions.
-	(DES3_CBC_encrypt_ivec): new function that takes an explicit ivec
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: actually build replay cache code
-
-	* lib/krb5/replay.c: implement krb5_get_server_rcache
-
-	* kpasswd/kpasswdd.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-	* lib/krb5/recvauth.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-	* lib/krb5/mk_rep.c: auth_context should not be a pointer
-
-	* lib/krb5/auth_context.c: implement krb5_auth_con_genaddrs, and
-	make setaddrs_from_fd use that
-
-	* lib/krb5/krb5.h: add some more KRB5_AUTH_CONTEXT_* flags
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: add kerberos.8 manpage
-
-	* lib/krb5/cache.c: check for NULL remove_cred function
-
-	* lib/krb5/fcache.c: pretend that empty files are non-existant
-
-	* lib/krb5/get_addrs.c (find_all_addresses): use getifaddrs, from
-	Jason Thorpe <thorpej@netbsd.org>
-
-2000-12-01  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: remove configure-time generation of krb5-config
-	* tools/Makefile.am: add generation of krb5-config at make-time
-	instead of configure-time
-
-	* tools/krb5-config.in: add --prefix and --exec-prefix
-
-2000-11-30  Assar Westerlund  <assar@sics.se>
-
-	* tools/Makefile.am: add krb5-config.1
-	* tools/krb5-config.in: add kadm-client and kadm5-server as
-	libraries
-
-2000-11-29  Assar Westerlund  <assar@sics.se>
-
-	* tools/krb5-config.in: add --prefix, --exec-prefix and gssapi
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: add roken/Makefile here, since it can't live in
-	rk_ROKEN
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: use the libtool -rpath, do not rely on ld
-	understanding -rpath
-
-	* configure.in: fix the -Wl stuff for krb4 linking add some
-	gratuitous extra options when linking with an existing libdes
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb.c (hdb_next_enctype2key): const-ize a little bit
-	* lib/Makefile.am (SUBDIRS): try to only build des when needed
-	* kuser/klist.c: print key versions numbers of v4 tickets in
-	verbose mode
-
-	* kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2
-	* appl/test/gss_common.c (read_token): remove unused variable
-
-	* configure.in (krb4): add -Wl
-	(MD4Init et al): look for these in more libraries
-	(getmsg): only run test if we have the function
-	(AC_OUTPUT): create tools/krb5-config
-
-	* tools/krb5-config.in: new script for storing flags to use
-	* Makefile.am (SUBDIRS): add tools
-
-	* lib/krb5/get_cred.c (make_pa_tgs_req): update to new
-	krb5_mk_req_internal
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): allow different
-	usages for the encryption.  change callers
-	* lib/krb5/rd_req.c (decrypt_authenticator): add an encryption
-	`usage'.  also try the old
-	(and wrong) usage of KRB5_KU_AP_REQ_AUTH for backwards compatibility
-	(krb5_verify_ap_req2): new function for specifying the usage different
-	from the default (KRB5_KU_AP_REQ_AUTH)
-	* lib/krb5/build_auth.c (krb5_build_authenticator): add a `usage'
-	parameter to permit the generation of authenticators with
-	different crypto usage
-
-	* lib/krb5/mk_req.c (krb5_mk_req_exact): new function that takes a
-	krb5_principal
-	(krb5_mk_req): use krb5_mk_req_exact
-
-	* lib/krb5/mcache.c (mcc_close): free data
-	(mcc_destroy): don't free data
-
-2000-11-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/ndbm.c: handle both ndbm.h and gdbm/ndbm.h
-	* lib/hdb/hdb.c: handle both ndbm.h and gdbm/ndbm.h
-
-2000-11-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hpropd.8: remove extra .Xc
-
-2000-10-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: fix v4 fallback lifetime calculation
-
-2000-10-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: fix log messge
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/changepw.c (krb5_change_password): check for fd's being
-	too large to select on
-	* kpasswd/kpasswdd.c (add_new_tcp): check for the socket fd being
-	too large to select on
-	* kdc/connect.c (add_new_tcp): check for the socket fd being too
-	large to selct on
-	* kdc/connect.c (loop): check that the socket fd is not too large
-	to select on
-	* lib/krb5/send_to_kdc.c (recv_loop): check `fd' for being too
-	large to be able to select on
-
-	* kdc/kaserver.c (do_authenticate): check for time skew
-
-2000-10-01  Assar Westerlund  <assar@sics.se>
-
-	* kdc/524.c (set_address): allocate memory for storing addresses
-	in if the original request had an empty set of addresses
-	* kdc/524.c (set_address): fix bad return of pointer to automatic
-	data
-
-	* config.sub: update to version 2000-09-11 (aka 1.181) from
-	subversions.gnu.org
-
-	* config.guess: update to version 2000-09-05 (aka 1.156) from
-	subversions.gnu.org plus some minor tweaks
-
-2000-09-20  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.3c
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	13:1:0
-
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0
-
-2000-09-17  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak
-	(krb5_rd_req): try not to return an allocated auth_context on error
-
-	* lib/krb5/log.c (krb5_vlog_msg): fix const-ness
-
-2000-09-10  Assar Westerlund  <assar@sics.se>
-
-	* kdc/524.c: re-organize
-	* kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context
-	* kdc/kerberos4.c (valid_princ): check return value of functions
-	(encode_v4_ticket): add some const
-	* kdc/misc.c (db_fetch): check malloc
-	(free_ent): new function
-
-	* lib/krb5/log.c (krb5_vlog_msg): log just the format string it we
-	fail to allocate the actual string to log, should at least provide
-	some hint as to where things went wrong
-
-2000-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/log.c: use DEFAULT_LOG_DEST
-
-	* kdc/config.c: use _PATH_KDC_CONF
-
-	* kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log
-
-2000-09-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (_key_schedule): re-use an existing schedule
-
-2000-09-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: fix dpagaix test
-
-2000-09-05  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: with_dce -> enable_dce.  noticed by Ake Sandgren
- 	<ake@cs.umu.se>
-
-2000-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kstash.8: update manual page
-
-	* kdc/kstash.c: fix typo, and remove unused option
-
-	* lib/krb5/kerberos.7: short kerberos intro page
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* include/bits.c: add __attribute__ for gcc's pleasure
-	* lib/hdb/keytab.c: re-write to delay the opening of the database
-	till it's known which principal is being sought, thereby allowing
-	the usage of multiple databases, however they need to be specified
-	in /etc/krb5.conf since all the programs using this keytab do not
-	read kdc.conf
-
-	* appl/test/test_locl.h (keytab): add
-	* appl/test/common.c: add --keytab
-	* lib/krb5/crypto.c: remove trailing commas
-	(KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC
-
-2000-08-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the
-	beginning of the proxy specification.  use getaddrinfo correctly
-	(krb5_sendto): always return a return code
-
-	* lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ
-	* lib/krb5/auth_context.c (krb5_auth_con_free): handle
-	auth_context == NULL
-
-2000-08-23  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (find_type): make sure of always setting
-	`ret_etype' correctly.  clean-up structure some
-
-2000-08-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mcache.c: implement resolve
-
-2000-08-18  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kdecode_ticket.c: check return value from krb5_crypto_init
-	* kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init
-	* lib/krb5/*.c: check return value from krb5_crypto_init
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.3b
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 13:0:0
-
-	* lib/hdb/Makefile.am: set version to 6:1:0
-
-	* configure.in: do getmsg testing the same way as in krb4
-
-	* lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure
- 	of closing the file on error
-
-	* lib/krb5/crypto.c (encrypt_internal_derived): free the checksum
- 	after use
-
-	* lib/krb5/warn.c (_warnerr): initialize args to make third,
- 	purify et al happy
-
-2000-08-13  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c: re-write search for keys code.  loop over all
-	supported enctypes in order, looping over all keys of each type,
-	and picking the one with the v5 default salt preferably
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* appl/test/gss_common.c (enet_read): add and use
-	* lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make
-	const
-
-	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on
-	checksum type selection
-
-	* lib/krb5/context.c (krb5_init_context): do not leak memory on
-	failure
-	(default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5
-
-	* lib/krb5/principal.c: add fnmatch.h
-
-2000-08-09  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later
-	checks that should require them don't fail
-	* acconfig.h: add HAVE_UINT17_T
-
-2000-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/mit_dump.c: handle all sorts of weird MIT salt types
-
-2000-08-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/setup.texi: port 212 -> 2121
-
-	* lib/krb5/principal.c: krb5_principal_match
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER
-	encoding
-
-	* kpasswd/Makefile.am: link with pidfile library
-
-	* kpasswd/kpasswdd.c: write a pid file
-
-	* kpasswd/kpasswd_locl.h: util.h
-
-	* kdc/Makefile.am: link with pidfile library
-
-	* kdc/main.c: write a pid file
-
-	* kdc/headers.h: util.h
-
-2000-08-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): always put
-	hostnames in lower case
-	(default_v4_name_convert): add imap
-
-2000-08-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crc.c (_krb5_crc_update): const-ize (finally)
-
-2000-07-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for uint*_t
-	* include/bits.c: define uint*_t
-	
-2000-07-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (check_tgs_flags): set endtime correctly when
-	renewing, From Derrick J Brashear <shadow@dementia.org>
-
-2000-07-28  Assar Westerlund  <assar@juguete.sics.se>
-
-	* Release 0.3a
-
-2000-07-27  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (dump_database): write an empty message to signal
-	end of dump
-
-2000-07-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/changepw.c (krb5_change_password): try to be more
-	careful when not to resend
-
-	* lib/hdb/db3.c: always create a cursor with db3.  From Derrick J
-	Brashear <shadow@dementia.org>
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/Makefile.am: bump version to 6:0:0
-
-	* lib/asn1/Makefile.am: bump version to 3:0:1
-
-	* lib/krb5/Makefile.am: bump version to 12:0:1
-
-	* lib/krb5/krb5_config.3: manpage
-
-	* lib/krb5/krb5_appdefault.3: manpage
-
-	* lib/krb5/appdefault.c: implementation of the krb5_appdefault set
-	of functions
-
-2000-07-23  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (change_password): reset forwardable
-	and proxiable.  copy preauthentication list correctly from
-	supplied options
-
-	* kdc/hpropd.c (main): check that the ticket was for `hprop/' for
-	paranoid reasons
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): look in
-	aliases for the real name
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/setup.texi: say something about starting kadmind from the
-	command line
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of
-	mis-doing it here
-
-	* lib/krb5/changepw.c (krb5_change_password): make timeout 1 +
-	2^{0,1,...}.  also keep track if we got an old packet back and
-	then just wait without sending a new packet
-	* lib/krb5/changepw.c: use a datagram socket and remove the
-	sequence numbers
-	* lib/krb5/changepw.c (krb5_change_password): clarify an
-	expression, avoiding a warning
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c: make -a and -n aliases for -v
-
-	* lib/krb5/write_message.c: ws
-
-	* kdc/hprop-common.c: nuke extra definitions of
-	krb5_read_priv_message et.al
-
-	* lib/krb5/read_message.c (krb5_read_message): return error if EOF
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd.c: print usage consistently
-	* kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab
-	* kdc/hpropd.c: add --keytab
-	* kdc/hpropd.c: don't care what principal we recvauth as
-
-	* lib/krb5/get_cred.c: be more careful of not returning creds at
-	all when an error is returned
-	* lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix-export: use autoreconf
-
-	* configure.in: remove stuff that belong in roken, and remove some
-	obsolete constructs
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: fix some typos
-
-	* appl/Makefile.am: dceutil*s*
-
-	* missing: update to missing from automake 1.4a
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: try to get xlc flags from ibmcxx.cfg use
-	conditional for X use readline cf macro
-
-	* configure.in: subst AIX compiler flags
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: pass sixth parameter to test-package; use some
-	newer autoconf constructs
-
-	* ltmain.sh: update to libtool 1.3c
-
-	* ltconfig: update to libtool 1.3c
-
-	* configure.in: update this to newer auto*/libtool
-
-	* appl/Makefile.am: use conditional for dce
-	
-	* lib/Makefile.am: use conditional for dce
-	
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/write_message.c: krb5_write_{priv,save}_message
-	* lib/krb5/read_message.c: krb5_read_{priv,save}_message
-	* lib/krb5/convert_creds.c: try port kerberos/88 if no response on
-	krb524/4444
-
-	* lib/krb5/convert_creds.c: use krb5_sendto
-
-	* lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send
-	to a port at arbitrary list of hosts
-
-2000-07-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* doc/misc.texi: language; say something about kadmin del_enctype
-
-2000-07-10  Assar Westerlund  <assar@sics.se>
-
-	* appl/kf/Makefile.am: actually install
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre
-	(AC_ROKEN): roken is now at 10
-
-	* lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case
-	* kdc/Makefile.am (INCLUDES): add ../lib/krb5
-	* configure.in: update for standalone roken
-	* lib/Makefile.am (SUBDIRS): make roken conditional
-	* kdc/hprop.c: update to new hdb_seal_keys_mkey
-	* lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int):
-	rename and export them
-
-	* kdc/headers.h: add krb5_locl.h (since we just use some stuff
-	from there)
-
-2000-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.1: update for -f and add some more text for -v
-
-	* kuser/klist.c: use rtbl to format cred listing, add -f and -s
-
-	* lib/krb5/crypto.c: fix type in des3-cbc-none
-
-	* lib/hdb/mkey.c: add key usage
-
-	* kdc/kstash.c: remove writing of old keyfile, and treat
-	--convert-file as just reading and writing the keyfile without
-	asking for a new key
-	
-	* lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype
-	based files, and convert the key to cfb64
-
-	* lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before
-	doing anything else
-
-	* lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/changepw.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/addr_families.c: use krb5_eai_to_heim_errno
-
-	* lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to
-	something that can be passed to get_err_text
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping
-	`*key'
-
-	* kdc/kerberos4.c (get_des_key): rewrite some, be more careful
-
-2000-07-06  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (as_rep): be careful as to now overflowing when
-	calculating the end of lifetime of a ticket.
-
-	* lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5
-
-	* lib/hdb/db3.c: only use a cursor when needed, from Derrick J
-	Brashear <shadow@dementia.org>
-
-	* lib/krb5/crypto.c: introduce the `special' encryption methods
-	that are not like all other encryption methods and implement
-	arcfour-hmac-md5
-
-2000-07-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/mit_dump.c: set initial master key version number to 0
-	instead of 1; if we lated bump the mkvno we don't risk using the
-	wrong key to decrypt
-
-	* kdc/hprop.c: only get master key if we're actually going to use
-	it; enable reading of MIT krb5 dump files
-	
-	* kdc/mit_dump.c: read MIT krb5 dump files
-	
-	* lib/hdb/mkey.c (read_master_mit): fix this
-	
-	* kdc/kstash.c: make this work with the new mkey code
-	
-	* lib/hdb/Makefile.am: add mkey.c, and bump version number
-	
-	* lib/hdb/hdb.h: rewrite master key handling
-	
-	* lib/hdb/mkey.c: rewrite master key handling
-	
-	* lib/krb5/crypto.c: add some more pseudo crypto types
-	
-	* lib/krb5/krb5.h: change some funny etypes to use negative
-	numbers, and add some more
-
-2000-07-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are
-	none in the configuration file
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused
-	variable
-
-	* kpasswd/kpasswd-generator.c: new test program
-	* kpasswd/Makefile.am: add kpasswd-generator
-
-	* include/Makefile.am (CLEANFILES): add rc4.h
-
-	* kuser/generate-requests.c: new test program
-	* kuser/Makefile.am (noinst_PROGRAMS): add generate-requests
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add --enable-dce and related stuff
-	* appl/Makefile.am (SUBDIRS): add $(APPL_dce)
-
-2000-06-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos4.c (get_des_key): fix thinkos/typos
-
-2000-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/purge.c: use parse_time to parse age
-
-	* lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time
-
-	* admin/list.c: add printing of timestamp and key data; some
-	cleanup
-
-	* lib/krb5/time.c (krb5_format_time): new function to format time
-
-	* lib/krb5/context.c (init_context_from_config_file): init
-	date_fmt, also do some cleanup
-
-	* lib/krb5/krb5.h: add date_fmt to context
-
-2000-06-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return
-	v4 or afs keys if possible
-
-2000-06-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c (ka_convert): allow using null salt, and treat 0
-	pw_expire as never (from Derrick Brashear)
-
-2000-06-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c (add_standard_ports): only listen to port 750 if
-	serving v4 requests
-
-2000-06-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/lex.l: fix includes, and lex stuff
-	* lib/asn1/lex.h (error_message): update prototype
-	(yylex): add
-	* lib/asn1/gen_length.c (length_type): fail on malloc error
-	* lib/asn1/gen_decode.c (decode_type): fail on malloc error
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c: be more compatible with MIT code.
-	From Daniel Kouril <kouril@ics.muni.cz>
-	* lib/krb5/rd_cred.c: be more compatible with MIT code.  From
-	Daniel Kouril <kouril@ics.muni.cz>
-	* kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's
-	vanilla pw-salt, that keeps win2k happy.  also do the malloc check
-	correctly.  From Daniel Kouril <kouril@ics.muni.cz>
-
-2000-06-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c: add hdb keytabs
-
-2000-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/principal.c: back out rev. 1.64
-
-2000-06-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: pa_* -> KRB5_PADATA_*
-
-	* kdc/hpropd.c: add realm override flag
-	
-	* kdc/v4_dump.c: code for reading krb4 dump files
-	
-	* kdc/hprop.c: generalize source database handing, add support for
-	non-standard local realms (from by Daniel Kouril
-	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>), and
-	support for using different ports (requested by the Czechs, but
-	implemented differently)
-
-	* lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_*
-	
-	* lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_*
-	
-	* lib/krb5/krb5.h: use some definitions from asn1.h
-
-	* lib/hdb/hdb.asn1: use new import syntax
-	
-	* lib/asn1/k5.asn1: use distinguished value integers
-	
-	* lib/asn1/gen_length.c: support for distinguished value integers
-	
-	* lib/asn1/gen_encode.c: support for distinguished value integers
-	
-	* lib/asn1/gen_decode.c: support for distinguished value integers
-	
-	* lib/asn1/gen.c: support for distinguished value integers
-
-	* lib/asn1/lex.l: add support for more standards like import
-	statements
-
-	* lib/asn1/parse.y: add support for more standards like import
-	statements, and distinguished value integers
-	
-2000-06-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c (add_addrs): ignore addresses of
-	unknown type
-	* lib/krb5/get_for_creds.c (add_addrs): zero memory before
-	starting to copy memory
-
-2000-06-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/test_get_addrs.c: test program for get_addrs
-	* lib/krb5/get_addrs.c (find_all_addresses): remember to add in
- 	the size of ifr->ifr_name when using SA_LEN.  noticed by Ken
- 	Raeburn <raeburn@MIT.EDU>
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add db3 detection stuff do not use streamsptys on
-	HP-UX 11
-	* lib/hdb/hdb.h (HDB): add dbc for db3
-	* kdc/connect.c (add_standard_ports): also listen on krb524 aka
-	4444
-	* etc/services.append (krb524): add
-	* lib/hdb/db3.c: add berkeley db3 interface.  contributed by
-	Derrick J Brashear <shadow@dementia.org>
-	* lib/hdb/hdb.h (struct HDB): add
-
-2000-06-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: if 524 is not enabled, just generate error reply and
-	exit
-
-	* kdc/kerberos4.c: if v4 is not enabled, just generate error reply
-	and exit
-
-	* kdc/connect.c: only listen to port 4444 if 524 is enabled
-	
-	* kdc/config.c: add options to enable/disable v4 and 524 requests
-	
-2000-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: handle non-existant server principals (from Daniel
-	Kouril)
-
-2000-06-03  Assar Westerlund  <assar@sics.se>
-
-	* admin/ktutil.c: print name when failing to open keytab
-
-	* kuser/kinit.c: try also to fallback to v4 when no KDC is found
-
-2000-05-28  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c: continue even we have no v5 ccache.  make showing
-	your krb4 tickets the default (if build with krb4 support)
-	* kuser/kinit.c: add a fallback that tries to get a v4 ticket if
-	built with krb4 support and we got back a version error from the
-	KDC
-
-2000-05-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c: make this actually work
-
-2000-05-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store_emem.c (emem_store): make it write-compatible
-	* lib/krb5/store_fd.c (fd_store): make it write-compatible
-	* lib/krb5/store_mem.c (mem_store): make it write-compatible
-	* lib/krb5/krb5.h (krb5_storage): make store write-compatible
-
-2000-05-18  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: add stdio.h in dbopen test
-
-2000-05-16  Assar Westerlund  <assar@assaris.sics.se>
-
-	* Release 0.2t
-
-2000-05-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0
-	* lib/krb5/fcache.c: fix second lseek
-	* lib/krb5/principal.c (krb5_524_conv_principal): fix typo
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2s
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1
-	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0
-	* lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and
-	simplify string copying
-
-2000-05-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c (scrub_file): new function
-	(erase_file): re-write, use scrub_file
-	* lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add
-
-	* configure.in (dbopen): add header files
-
-	* lib/krb5/krb5.h (krb5_key_usage): add some more
-	* lib/krb5/fcache.c (erase_file): try to detect symlink games.
-	also call revoke.
-	* lib/krb5/changepw.c (krb5_change_password): remember to close
-	the socket on error
-
-	* kdc/main.c (main): also call sigterm on SIGTERM
-
-2000-05-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/config_file.c (krb5_config_vget_string_default,
- 	krb5_config_get_string_default): add
-
-2000-04-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c (fcc_initialize): just forget about
-	over-writing the old cred cache.  it's too much of a hazzle trying
-	to do this safely.
-
-2000-04-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into
-	different parts for the derived and non-derived cases
-	* lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should
-	be done after having added confounder and checksum
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_addrs.c (find_all_addresses): apperently solaris
-	can return EINVAL when the buffer is too small.  cope.
-	* lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x
-	* lib/asn1/gen_locl.h (filename): add prototype
-	(init_generate): const-ize
-	* lib/asn1/gen.c (filename): new function clean-up a little bit.
-	* lib/asn1/parse.y: be more tolerant in ranges
-	* lib/asn1/lex.l: count lines correctly.
-	(error_message): print filename in messages
-
-2000-04-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number
-	after comparing
-	* lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number
-	after comparing
-	* lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned
-	* lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned
-	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make
-	`seqno' be unsigned
-	* lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence
-	number after the fact and only increment it if we were successful
-	* lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence
-	number after the fact and only increment it if we were successful
-	* lib/krb5/krb5.h (krb5_auth_context_data): make sequence number
-	unsigned
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
-	`in_tkt_service' can be NULL
-
-2000-04-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX).
-	(DOTDOT): add
-	* lib/asn1/lex.l (DOTDOT): add
-	* lib/asn1/k5.asn1 (UNSIGNED): add.  use UNSIGNED for all sequence
-	numbers.
-	* lib/asn1/gen_length.c (length_type): add TUInteger
-	* lib/asn1/gen_free.c (free_type): add TUInteger
-	* lib/asn1/gen_encode.c (encode_type, generate_type_encode): add
-	TUInteger
-	* lib/asn1/gen_decode.c (decode_type, generate_type_decode): add
-	TUInteger
-	* lib/asn1/gen_copy.c (copy_type): add TUInteger
-	* lib/asn1/gen.c (define_asn1): add TUInteger
-	* lib/asn1/der_put.c (encode_unsigned): add
-	* lib/asn1/der_length.c (length_unsigned): add
-	* lib/asn1/der_get.c (decode_unsigned): add
-	* lib/asn1/der.h (decode_unsigned, encode_unsigned,
-	length_unsigned): add prototypes
-
-	* lib/asn1/k5.asn1: update pre-authentication types
-	* lib/krb5/krb5_err.et: add some error codes from pkinit
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb.c: add support for hdb methods (aka back-ends).
-	include ldap.
-	* lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP
-	* lib/hdb/Makefile.am: add hdb-ldap.c and openldap
-	* kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add
-	* configure.in: bump version to 0.2s-pre add options and testing
-	for (open)ldap
-
-2000-04-04  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (krb4): fix the krb_mk_req test
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (krb4): add test for const arguments to krb_mk_req
-	* lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of
-	arguments
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2r
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 10:0:0
-	* lib/45/mk_req.c (krb_mk_req): const-ize the arguments
-	
-2000-03-30  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): add some
-	comments.  add fall-back on adding the realm name in lower case.
-
-2000-03-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/connect.c: remember to repoint all descr->sa to _ss after
-	realloc as this might have moved the memory around.  problem
-	discovered and diagnosed by Brandon S. Allbery
-
-2000-03-27  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: recognize solaris 2.8
-	* config.guess, config.sub: update to current version from
-	:pserver:anoncvs@subversions.gnu.org:/home/cvs
-
-	* lib/krb5/init_creds_pw.c (print_expire): do not assume anything
-	about the size of time_t, i.e. make it 64-bit happy
-
-2000-03-13  Assar Westerlund  <assar@sics.se>
-
-	* kuser/klist.c: add support for display v4 tickets
-
-2000-03-11  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kaserver.c (do_authenticate, do_getticket): call check_flags
-	* kdc/kerberos4.c (do_version4): call check_flags.
-	* kdc/kerberos5.c (check_flags): make global
-
-2000-03-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil
-	hack to avoid recursion
-
-2000-03-04  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous
-	* lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and
-	KRB5_GET_INIT_CREDS_OPT_ANONYMOUS
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): set
-	request_anonymous flag appropriatly
-	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous):
-	add
-
-	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to
-	determine whetever to ignore client name of not.  always copy
-	client name from kdc.  fix callers.
-
-	* kdc: add support for anonymous tickets
-
-	* kdc/string2key.8: add man-page for string2key
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (dump_krb4): get expiration date from `valid_end'
-	and not `pw_end'
-
-	* kdc/kadb.h (ka_entry): fix name pw_end -> valid_end.  add some
-	more fields
-
-	* kdc/hprop.c (v4_prop): set the `valid_end' from the v4
-	expiration date instead of the `pw_expire'
-	(ka_convert): set `valid_end' from ka expiration data and `pw_expire'
-	from pw_change + pw_expire
-	(main): add a default database for ka dumping
-
-2000-02-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/context.c (init_context_from_config_file): change
-	rfc2052 default to no.  2782 says that underscore should be used.
-
-2000-02-24  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that
-	stores and close succeed
-	* lib/krb5/store.c (krb5_store_creds): check to see that the
-	stores are succesful.
-
-2000-02-23  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2q
-
-2000-02-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 9:2:0
-	
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy
-	the correct hostname
-
-	* kdc/connect.c (add_new_tcp): use the correct entries in the
-	descriptor table
-	* kdc/connect.c: initialize `descr' uniformly and correctly
-
-2000-02-20  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2p
-
-2000-02-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 9:1:0
-	
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
-	that realms is filled in even when getaddrinfo fails or does not
-	return any canonical name
-
-	* kdc/connect.c (descr): add sockaddr and string representation
-	(*): re-write to use the above mentioned
-
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (krb5_parse_address): use
-	krb5_sockaddr2address to copy the result from getaddrinfo.
-
-2000-02-14  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2o
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 9:0:0
-
-	* kdc/kaserver.c (do_authenticate): return the kvno of the server
-	and not the client.  Thanks to Brandon S. Allbery KF8NH
-	<allbery@kf8nh.apk.net> and Chaskiel M Grundman
-	<cg2v@andrew.cmu.edu> for debugging.
-
-	* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
-	old kvno, return an error reply and write a message in the log.
-	
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* appl/test/gssapi_server.c (proto): with `--fork', create a child
-	and send over/receive creds with export/import_sec_context
-	* appl/test/gssapi_client.c (proto): with `--fork', create a child
-	and send over/receive creds with export/import_sec_context
-	* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
-
-2000-02-11  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kdc_locl.h: remove keyfile add explicit_addresses
-	* kdc/connect.c (init_sockets): pay attention to
-	explicit_addresses some more comments.  better error messages.
-	* kdc/config.c: add some comments.
-	remove --key-file.
-	add --addresses.
-
-	* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
-	proper abstraction
-
-2000-02-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2n
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 8:0:0
-	* lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
-	(krb5_kt_add_entry): set timestamp
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h: add macros for accessing krb5_realm
-	* lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
-	of `int32_t'
-
-	* lib/krb5/replay.c (checksum_authenticator): update to new API
-	for md5
-
-	* lib/krb5/krb5.h: remove des.h, it's not needed and applications
-	should not have to make sure to find it.
-
-2000-02-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
-	`out_key' to avoid conflicting with label.  reported by Sean Doran
-	<smd@ebone.net>
-
-2000-02-02  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/expand_hostname.c: remember to lower-case host names.
-	bug reported by <amu@mit.edu>
-
-	* kdc/kerberos4.c (do_version4): look at check_ticket_addresses
-	and emulate that by setting krb_ignore_ip_address (not a great
-	interface but it doesn't seem like the time to go around fixing
-	libkrb stuff now)
-
-2000-02-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: change --noaddresses into --no-addresses
-
-2000-01-28  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd.c (main): make sure the ticket is not
-	forwardable and not proxiable
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c: update to pseudo-standard APIs for
-	md4,md5,sha.  some changes to libdes calls to make them more
-	portable.
-
-2000-01-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
- 	clean up the correct creds.
-
-2000-01-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (append_component): change parameter to
-	`const char *'.  check malloc
-	* lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
-	const-ize
-	* lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
-	const
-	* lib/krb5/principal.c (replace_chars): also add space here
-	* lib/krb5/principal.c: (quotable_chars): add space
-
-2000-01-12  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos4.c (do_version4): check if preauth was required and
-	bail-out if so since there's no way that could be done in v4.
-	Return NULL_KEY as an error to the client (which is non-obvious,
-	but what can you do?)
-
-2000-01-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): use
-	krb5_expand_hostname_realms
-	* lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
-	variant of krb5_expand_hostname that tries until it expands into
-	something that's digestable by krb5_get_host_realm, returning also
-	the result from that function.
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2m
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
-
-	* lib/krb5/Makefile.am: bump version to 7:1:0
-
-	* lib/krb5/principal.c (krb5_sname_to_principal): use
-	krb5_expand_hostname
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
-	ai_canonname being set in any of the addresses returnedby
-	getaddrinfo.  glibc apparently returns the reverse lookup of every
-	address in ai_canonname.
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2l
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: set version to 7:0:0
-	* lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
-
-	* lib/hdb/Makefile.am: set version to 4:1:1
-
-	* kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
-	* lib/krb5/get_in_tkt.c (add_padata): change types to make
-	everything work out
-	(krb5_get_in_cred): remove const to make types match
-	* lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
-	* lib/krb5/principal.c (krb5_sname_to_principal): handle not
-	getting back a canonname
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.2k
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
-	we actually parse the port number.  based on a patch from Leif
-	Johansson <leifj@it.su.se>
-
-2000-01-02  Assar Westerlund  <assar@sics.se>
-
-	* admin/purge.c: remove all non-current and old entries from a
-	keytab
-
-	* admin: break up ktutil.c into files
-
-	* admin/ktutil.c (list): support --verbose (also listning time
-	stamps)
-	(kt_add, kt_get): set timestamp in newly created entries
-	(kt_change): add `change' command
-
-	* admin/srvconvert.c (srvconv): set timestamp in newly created
-	entries
-	* lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
-	always go the a predicatble position on error
-	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
-	* lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
-	(fkt_next_entry_int): return timestamp
-	* lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
diff --git a/crypto/heimdal/ChangeLog.2001 b/crypto/heimdal/ChangeLog.2001
deleted file mode 100644
index b048488f8d4b..000000000000
--- a/crypto/heimdal/ChangeLog.2001
+++ /dev/null
@@ -1,1122 +0,0 @@
-2001-12-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c: use our own des string-to-key function, since
-	the one from openssl sometimes generates wrong output
-
-2001-12-05  Jacques Vidrine <n@nectar.cc>
-
-        * lib/hdb/mkey.c: fix a bug in which kstash would crash if
-        there were no /etc/krb5.conf
-
-2001-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_verify_user.3: sort references (from Thomas
-	Klausner)
-
-	* lib/krb5/krb5_principal_get_realm.3: add section to reference
-	(from Thomas Klausner)
-
-	* lib/krb5/krb5_krbhst_init.3: sort references (from Thomas
-	Klausner)
-
-	* lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner)
-
-	* lib/krb5/krb5_get_krbhst.3: remove extra white space (from
-	Thomas Klausner)
-
-	* lib/krb5/krb5_get_all_client_addrs.3: add section to reference
-	(from Thomas Klausner)
-
-2001-10-29  Jacques Vidrine <n@nectar.com>
-
-	* admin/get.c: fix a bug in which a reference to a data
-	structure on the stack was being kept after the containing
-	function's lifetime, resulting in a segfault during `ktutil
-	get'.
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c: make all high-level encrypting and decrypting
-	functions check the return value of the underlying function and
-	handle errors more consistently.  noted by Sam Hartman
-	<hartmans@mit.edu>
-
-2001-10-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a
-	non-keyed checksum when it should be non-keyed
-
-2001-09-29  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.1: add the kauth alias
-	* kuser/kinit.c: allow specification of afslog in krb5.conf, noted
-	by jhutz@cs.cmu.edu
-
-2001-09-27  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen.c: remove the need for libasn1.h, also make
-	generated files include all files from IMPORTed modules
-
-	* lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values
-	* kpasswd/kpasswd.c: improve error message printing
-	* lib/krb5/changepw.c (krb5_passwd_result_to_string): add change
-	to use sequence numbers connect the udp socket so that we can
-	figure out the local address
-
-2001-09-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED
-
-2001-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): try using
-	lower case realm as domain, but only when given a verification
-	function
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/der_put.c (der_put_length): do not even try writing
-	anything when len == 0
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hpropd.c: add realm override option
-
-	* lib/krb5/set_default_realm.c (krb5_set_default_realm): make
-	realm parameter const
-
-	* kdc/hprop.c: more free's
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key
-	proc data
-
-	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free
-	addrinfo
-
-	* lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when
-	not returning error
-
-2001-09-16  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time):
-	make realm const
-
-	* lib/krb5/crypto.c: use des functions to avoid generating
-	warnings with openssl's prototypes
-
-2001-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: check for termcap.h
-
-	* lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/addr_families.c (krb5_print_address): handle snprintf
-	returning < 0.  noticed by hin@stacken.kth.se
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4e
-
-2001-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/Makefile.am: install kauth as a symlink to kinit
-
-	* kuser/kinit.c: get v4_tickets by default
-
-	* lib/asn1/Makefile.am: fix for broken automake
-
-2001-08-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke
-	Howard
-
-	* kuser/kinit.1: remove references to kauth
-
-	* kuser/Makefile.am: kauth is no more
-
-	* kuser/kinit.c: use appdefaults for everything. defaults are now
-	as in kauth.
-
-	* lib/krb5/appdefault.c: also check libdefaults, and realms/realm
-
-	* lib/krb5/context.c (krb5_free_context): free more stuff
-
-2001-08-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: do some checks of the values in the
-	file
-
-	* lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling
-
-	* lib/krb5/context.c: don't init srv_try_txt, since it isn't used
-	anymore
-
-2001-08-29  Jacques Vidrine  <n@nectar.com>
-
-	* configure.in: Check for already-installed com_err.
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require
-	no special treatment now
-
-	* kuser/generate-requests.c: parse arguments in a useful way
-	* kuser/kverify.c: add --help/--verify
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4
-
-	* configure.in: re-write the handling of crypto libraries.  try to
-	use the one of openssl's libcrypto or krb4's libdes that has all
-	the required functionality (md4, md5, sha1, des, rc4).  if there
-	is no such library, the included lib/des is built.
-
-	* kdc/headers.h: include libutil.h if it exists
-	* kpasswd/kpasswd_locl.h: include libutil.h if it exists
-	* kdc/kerberos4.c (get_des_key): check for null keys even if
-	is_server
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/asn1_print.c: print some size_t correctly
-	* configure.in: remove extra space after -L check for libutil.h
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kdc_locl.h: fix prototype for get_des_key
-
-	* kdc/kaserver.c: fix call to get_des_key
-
-	* kdc/524.c: fix call to get_des_key
-
-	* kdc/kerberos4.c (get_des_key): if getting a key for a server,
-	return any des-key not just keys that can be string-to-keyed by
-	the client
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4d
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: check for openpty
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: just add -L (if required) from krb4 when testing
-	for libdes/libcrypto
-
-2001-08-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (man_MANS): add some missing man pages
-	* fix-export: fix the sed expression for finding the man pages
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswd-generator.c (main): implement --version and
-	--help
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to
-	18:1:1
-
-2001-07-27  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/context.c (init_context_from_config_file): check
-	parsing of addresses
-
-2001-07-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): rename
-	sa_len -> salen to avoid the macro that's defined on irix.  noted
-	by "Jacques A. Vidrine" <n@nectar.com>
-
-2001-07-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/addr_families.c: add support for type
-	KRB5_ADDRESS_ADDRPORT
-
-	* lib/krb5/addr_families.c (krb5_address_order): complain about
-	unsuppored address types
-
-2001-07-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/get.c: don't open connection to server until we loop over
-	the principals, at that time we know the realm of the (first)
-	principal and we can default to that admin server
-
-	* admin: add a rename command
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (usage): clarify a tiny bit
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4c
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	18:0:1
-
-	* lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave
-	the same way as the MIT function
-
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): use
-	getnameinfo
-
-	* lib/krb5/krbhst.c (srv_find_realm): handle port numbers
-	consistenly in local byte order
-
-	* lib/krb5/get_default_realm.c (krb5_get_default_realm): set an
-	error string
-
-	* kuser/kinit.c (renew_validate): invert condition correctly.  get
-	v4 tickets if we succeed renewing
-	* lib/krb5/principal.c (krb5_principal_get_type): add
-	(default_v4_name_convert): add "smtp"
-
-2001-07-13  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: remove make-print-version from LIBOBJS, it's no
-	longer in lib/roken but always built in lib/vers
-
-2001-07-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/mkey.c: more set_error_string
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library
-	dependencies
-
-	* lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library
-	dependencies
-
-2001-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c: remove v4 master key handling; remove old v4-db and
-	ka-db flags; add defaults for v4_realm and afs_cell
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname
-	before calling krb5_sname_to_principal.  from "Jacques A. Vidrine"
-	<n@nectar.com>
-
-2001-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c: use krb5_copy_addresses instead of
-	copy_HostAddresses
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (LIB_des_a, LIB_des_so): add these so that they can
-	be used by lib/auth/sia
-
-	* kuser/kinit.c: re-do some of the v4 fallbacks: look at
-	get-tokens flag do not print extra errors do not try to do 524 if
-	we got tickets from a v4 server
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/replay.c (krb5_get_server_rcache): cast argument to
-	printf
-
-	* lib/krb5/get_addrs.c (find_all_addresses): call free_addresses
-	on ignore_addresses correctly
-	* lib/krb5/init_creds.c
-	(krb5_get_init_creds_opt_set_default_flags): change to take a
-	const realm
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): if the
-	instance is the first component of the local hostname, the
-	converted host should be the long hostname.  from
-	<shadow@dementia.org>
-
-2001-07-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: address.c is no more; add a couple of
-	manpages
-
-	* lib/krb5/krb5_timeofday.3: new manpage
-
-	* lib/krb5/krb5_get_all_client_addrs.3: new manpage
-
-	* lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as
-	wildcard
-
-	* lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as
-	wildcard
-
-	* lib/krb5/get_addrs.c: don't include client addresses that match
-	ignore_addresses
-
-	* lib/krb5/context.c: initialise ignore_addresses
-
-	* lib/krb5/addr_families.c: add new `arange' fake address type,
-	that matches more than one address; this required some internal
-	changes to many functions, so all of address.c got moved here
-	(wasn't much left there)
-
-	* lib/krb5/krb5.h: add list of ignored addresses to context
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4b
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.4a
-
-2001-07-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: make this compile without krb4 support
-
-	* lib/krb5/write_message.c: remove priv parameter from
-	write_safe_message; don't know why it was there in the first place
-
-	* doc/install.texi: remove kaserver switches, it's always compiled
-	in now
-
-	* kdc/hprop.c: always include kadb support
-
-	* kdc/kaserver.c: always include kaserver support
-
-2001-07-02  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c (doit): make failing to bind a socket a
-	non-fatal error, and abort if no sockets were bound
-
-2001-07-01  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krbhst.c: remember the real port number when falling
-	back from kpasswd -> kadmin, and krb524 -> kdc
-
-2001-06-29  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
-	no_addresses is set, do not add any local addresses to KRB_CRED
-
-	* kuser/kinit.c: remove extra clearing of password and some
-	redundant code
-
-2001-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: move ticket conversion code to separate function,
-	and call that from a couple of places, like when renewing a
-	ticket; also add a flag for just converting a ticket
-
-	* lib/krb5/init_creds_pw.c: set renew-life to some sane value
-
-	* kdc/524.c: don't send more data than required
-
-2001-06-24  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns
-
-	* lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
-	(any_start_seq_get): remove a double free
-	(any_next_entry): iterate over all (sub) keytabs and avoid leave data
-	around to be freed again
-
-	* kdc/kdc_locl.h: add a define for des_new_random_key when using
-	openssl's libcrypto
-
-	* configure.in: move v6 tests down
-
-	* lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052
-
-	* update to libtool 1.4 and autoconf 2.50
-
-2001-06-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/hdb.c: use krb5_add_et_list
-
-2001-06-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/Makefile.am: add generation number
-	* lib/hdb/common.c: add generation number code
-	* lib/hdb/hdb.asn1: add generation number
-	* lib/hdb/print.c: use krb5_storage to make it more dynamic
-
-2001-06-21  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.conf.5: update to changed names used by
-	krb5_get_init_creds_opt_set_default_flags
-	* lib/krb5/init_creds.c
-	(krb5_get_init_creds_opt_set_default_flags): make the appdefault
-	keywords have the same names
-
-	* configure.in: only add -L and -R to the krb4 libdir if we are
-	actually using it
-
-	* lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
-	dot of hostname add some comments
-	* lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
-	testing for kerberos.REALM.  this allows reusing that information
-	when actually contacting the server and thus avoids one DNS lookup
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: include k524_err.h
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
-	for keytype, the server will do this for us if it has anything to
-	complain about
-
-	* lib/krb5/context.c: add protocol compatible krb524 error codes
-
-	* lib/krb5/Makefile.am: add protocol compatible krb524 error codes
-
-	* lib/krb5/k524_err.et: add protocol compatible krb524 error codes
-
-	* lib/krb5/krb5_principal_get_realm.3: manpage
-
-	* lib/krb5/principal.c: add functions `krb5_principal_get_realm'
-	and `krb5_principal_get_comp_string' that returns parts of a
-	principal; this is a replacement for the internal
-	`krb5_princ_realm' and `krb5_princ_component' macros that everyone
-	seem to use
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c (main): dereference result from krb5_princ_realm.
-	from Thomas Nystrom <thn@saeab.se>
-
-2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
-	* lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
-	* lib/krb5/krbhst.c (config_get_hosts): free hostlist
-	* kuser/kinit.c: free principal
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
-	freeaddrinfo
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
-	remove some unused variables
-
-	* lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
-	* kdc/kerberos5.c: update to new krb5_auth_con* names
-	* kdc/hpropd.c: update to new krb5_auth_con* names
-	* lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
-	and remove some comments
-	* lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
-	order: remote - local - session
-	* lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
-	auth_context
-	* lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
-	order: remote - local - session
-	* lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
-	local - remote - session
-
-2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/convert_creds.c: use starttime instead of authtime,
-	from Chris Chiappa
-
-	* lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
-	the MIT function by the same name; add
-	krb524_convert_creds_kdc_ccache that does what the old version did
-
-	* admin/list.c (do_list): make sure list of keys is NULL
-	terminated; similar to patch sent by Chris Chiappa
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/mcache.c (mcc_remove_cred): use
-	krb5_free_creds_contents
-
-	* lib/krb5/auth_context.c: name function krb5_auth_con more
-	consistenly
-	* lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
-	renamed krb5_auth_con_getauthenticator
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
-	use krb5_krbhst API
-	* lib/krb5/changepw.c (krb5_change_password): update to use
-	krb5_krbhst API
-	* lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
-	* lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
-	in krb5_krbhst_info
-	(krb5_krbhst_free): free everything
-
-	* lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
-	(krb5_krbhst_info): add def_port (default port for this service)
-
-	* lib/krb5/krbhst-test.c: make it more verbose and useful
-	* lib/krb5/krbhst.c: remove some more memory leaks do not try any
-	dns operations if there is local configuration admin: fallback to
-	kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
-	add some comments
-
-	* configure.in: remove initstate and setstate, they should be in
-	cf/roken-frag.m4
-
-	* lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
-	* lib/krb5/krbhst-test.c: new program for testing krbhst
-	* lib/krb5/krbhst.c (common_init): remove memory leak
-	(main): move test program into krbhst-test
-
-2001-06-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_krbhst_init.3: manpage
-
-	* lib/krb5/krb5_get_krbhst.3: manpage
-
-2001-06-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
-
-	* lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
-
-	* lib/krb5/krb5.h: types for new krbhst api
-
-	* lib/krb5/krbhst.c: implement a new api that looks up one host at
-	a time, instead of making a list of hosts
-
-2001-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: test for initstate and setstate
-
-	* lib/krb5/krbhst.c: remove rfc2052 support
-
-2001-06-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix some manpages for broken mdoc.old grog test
-
-2001-05-28  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.conf.5: add [appdefaults]
-	* lib/krb5/init_creds_pw.c: remove configuration reading that is
-	now done in krb5_get_init_creds_opt_set_default_flags
-	* lib/krb5/init_creds.c
-	(krb5_get_init_creds_opt_set_default_flags): add reading of
-	libdefaults versions of these and add no_addresses
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
-	when preauth was required and we retry
-
-2001-05-25  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
-	krb5_get_krb524hst
-	* lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
-	support functions
-
-2001-05-22  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
-	properly
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Release 0.3f
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am: bump version to 16:0:0
-	* lib/hdb/Makefile.am: bump version to 7:1:0
-	* lib/asn1/Makefile.am: bump version to 5:0:0
-	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
-	* lib/krb5/codec.c: remove dead code
-
-2001-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/config.c: actually check the ticket addresses
-
-2001-05-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
-	parenthesis
-
-	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
-	`errno' (called system_error) to allow callers to make sure they
-	pass the current and relevant value.  update callers
-
-2001-05-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_user.c: krb5_verify_user_opt
-
-	* lib/krb5/krb5.h: verify_opt
-
-	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: adapt to new address functions
-	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
-	* kdc/connect.c: adapt to changing address functions
-	* kdc/config.c: new krb5_config_parse_file
-	* kdc/524.c: new krb5_sockaddr2address
-	* lib/krb5/*: add some krb5_{set,clear}_error_string
-
-	* lib/asn1/k5.asn1 (LR_TYPE): add
-	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (tsg_rep): fix typo in variable name
-
-	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
-	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
-	types and send two prompts at once when changning password
-	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
-	* lib/krb5/krb5.h (krb5_prompt): add type
-	(krb5_prompter_fct): add anem
-
-	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
-	paramaters to krb5_cc_next_cred (as MIT does, and not as they
-	document).  From "Jacques A. Vidrine" <n@nectar.com>
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/Makefile.am: store-test
-
-	* lib/krb5/store-test.c: simple bit storage test
-
-	* lib/krb5/store.c: add more byteorder storage flags
-	
-	* lib/krb5/krb5.h: add more byteorder storage flags
-	
-	* kdc/kerberos5.c: don't use NULL where we mean 0
-
-	* kdc/kerberos5.c: put referral test code in separate function,
-	and test for KRB5_NT_SRV_INST
-
-2001-05-10  Assar Westerlund  <assar@sics.se>
-
-	* admin/list.c (do_list): do not close the keytab if opening it
-	failed
-	* admin/list.c (do_list): always print complete names.  print
-	everything to stdout.
-	* admin/list.c: print both v5 and v4 list by default
-	* admin/remove.c (kt_remove): reorganize some.  open the keytab
-	(defaulting to the modify one).
-	* admin/purge.c (kt_purge): reorganize some.  open the keytab
-	(defaulting to the modify one). correct usage strings
-	* admin/list.c (kt_list): reorganize some.  open the keytab
-	* admin/get.c (kt_get): reorganize some.  open the keytab
-	(defaulting to the modify one)
-	* admin/copy.c (kt_copy): default to modify key name.  re-organise
-	* admin/change.c (kt_change): reorganize some.  open the keytab
-	(defaulting to the modify one)
-	* admin/add.c (kt_add): reorganize some.  open the keytab
-	(defaulting to the modify one)
-	* admin/ktutil.c (main): do not open the keytab, let every
-	sub-function handle it
-
-	* kdc/config.c (configure): call free_getarg_strings
-
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
-	a few more errors
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
-	`use_dns' parameter boolean
-
-	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
-	* lib/krb5/context.c (init_context_from_config_file): set
-	default_keytab_modify
-	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
-	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
-	(KEYTAB_DEFAULT_MODIFY): add
-	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
-	(krb5_kt_resolve): set error string for failed keytab type
-
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (encryption_type): make field names more
-	consistent
-	(create_checksum): separate usage and type
-	(krb5_create_checksum): add a separate type parameter
-	(encrypt_internal): only free once on mismatched checksum length
-
-	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
-	realm we didn't manage to reach any KDC for in the error string
-
-	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
-	the entire subkey.  from <tmartin@mirapoint.com>
-
-2001-05-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
-	KT_NOTFOUND if the file is empty
-
-2001-05-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
-	fatally
-	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
-	fails fatally
-
-	* lib/krb5/warn.c (_warnerr): print error_string in context in
-	preference to error string derived from error code
-	* kuser/kinit.c (main): try to print the error string
-	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
-	error strings for errors
-
-	* lib/krb5/krb5.h (krb5_context_data): add error_string and
-	error_buf
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
-	* lib/krb5/error_string.c: new file
-
-2001-05-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/time.c: krb5_string_to_deltat
-
-	* lib/krb5/sock_principal.c: one less data copy
-
-	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
-
-	* lib/krb5/get_default_principal.c: change this slightly
-
-	* lib/krb5/crypto.c: make checksum_types into an array of pointers
-
-	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
-	ticket
-
-2001-04-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
-	the right realm if we fail to find a non-krbtgt service in the
-	database and the second component does a succesful non-dns lookup
-	to get the real realm (which has to be different from the
-	originally-supplied realm).  this should help windows 2000 clients
-	that always start their lookups in `their' realm and do not have
-	any idea of how to map hostnames into realms
-	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
-
-2001-04-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
-	parameter to request use of dns or not
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* admin/get.c (kt_get): allow specification of encryption types
-	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
-	close an unopened ccache, noted by <marc@mit.edu>
-
-	* lib/krb5/krb5.h (krb5_any_ops): add declaration
-	* lib/krb5/context.c (init_context_from_config_file): register
-	krb5_any_ops
-
-	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
-	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
-	
-	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
-	== NULL.  noted by <marc@mit.edu>
-
-2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
-	else, from Jacques Vidrine
-
-2001-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
-
-	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
-
-	* lib/krb5/krb5.h: adapt to asn1 changes
-
-	* lib/asn1/k5.asn1: move enctypes here
-
-	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
-	conflicts
-
-	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
-	conflicts
-
-	* lib/asn1/lex.l: use strtol to parse constants
-
-2001-04-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: add simple support for running commands
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
-	with more versions of openldap
-
-	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
-	replies
-	(*): update callers of krb5_km_error
-	(check_tgs_flags): handle renews requesting non-renewable tickets
-
-	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
-	and cusec
-
-	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
-	compatibility names
-
-	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
-	means pick from the `crypto' (context) and otherwise use that
-	type.  this is not a large change in practice and allows callers
-	to specify the exact checksum algorithm to use
-
-2001-03-13  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
-	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
-	integrity'.  this helps for talking to old (pre 0.3d) KDCs
-
-2001-03-12  Assar Westerlund  <assar@pdc.kth.se>
-
-	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
-	derived-key-test.c
-	* lib/krb5/string-to-key-test.c: add new test vectors posted by
-	Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
-	ietf-krb-wg@anl.gov
-	* lib/krb5/n-fold-test.c: more test vectors from same source
-	* lib/krb5/derived-key-test.c: more tests from same source
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* acconfig.h: include roken_rename.h when appropriate
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
-
-2001-03-04  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
-	compatibility with MIT krb5
-
-2001-03-02  Assar Westerlund  <assar@sics.se>
-
-	* kuser/kinit.c (main): only request a renewable ticket when
-	explicitly requested.  it still gets a renewable one if the renew
-	life is specified
-	* kuser/kinit.c (renew_validate): treat -1 as flags not being set
-
-2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
-
-2001-02-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
-
-2001-02-25  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: do not use -R when testing for des functions
-
-2001-02-14  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: test for lber.h when trying to link against
- 	openldap to handle openldap v1, from Sumit Bose
- 	<sumit.bose@suse.de>
-
-2001-02-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/libasn1.h: add string.h (for memset)
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/warn.c (_warnerr): add printf attributes
-	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
-	returned by getaddrinfo before trying the next kdc.  from
-	thorpej@netbsd.org
-
-	* lib/krb5/krb5.conf.5: fix default_realm in example
-
-	* kdc/connect.c: fix a few kdc_log format types
-
-	* configure.in: try to handle libdes/libcrypto ont requiring -L
-
-2001-02-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
-	the beginning of the generated function, and add a label `fail'
-	that the code jumps to in case of errors that frees all allocated
-	data
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: aix dce: fix misquotes, from Ake Sandgren
-	<ake@cs.umu.se>
-
-	* configure.in (dpagaix_LDFLAGS): try to add export file
-
-2001-02-05  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5_keytab.3: new man page, contributed by
-	<lha@stacken.kth.se>
-
-	* kdc/kaserver.c: update to new db_fetch4
-
-2001-02-05  Assar Westerlund  <assar@assaris.sics.se>
-
-	* Release 0.3e
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
-	properly
-	(kdb_prop): decrypt key properly
-	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
-	data with the master key leave it up to the v5 how to encrypt with
-	that master key
-
-	* kdc/kstash.c: include file name in error messages
-	* kdc/hprop.c: fix a typo and check some more return values
-	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
-	correctly.  From Jacques Vidrine <n@nectar.com>
-	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
-	ENOENT
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	15:0:0
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
-	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
-	* kdc/misc.c (db_fetch): return an error code.  change callers to
-	look at this and try to print it in log messages
-
-	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
-	enough data
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hprop.c (realm_buf): move it so it becomes properly
-	conditional on KRB4
-
-	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
-	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
-	master key and that we manage to decrypt the key properly,
-	returning an error code.  fix all callers to check return value.
-
-	* tools/krb5-config.in: use @LIB_des_appl@
-	* tools/Makefile.am (krb5-config): add LIB_des_appl
-	* configure.in (LIB_des): set correctly
-	(LIB_des_appl): add for the use by krb5-config.in
-
-	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
-	to make sure of not dropping data when doing it over a socket.
-	(this might break when used with ordinary files on win32)
-
-	* lib/hdb/hdb_err.et (NO_MKEY): add
-
-	* kdc/kerberos5.c (as_rep): be paranoid and check
-	krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
-
-	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
-	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
-	<lha@stacken.kth.se>
-
-	* use the openssl api for md4/md5/sha and handle openssl/*.h
-
-	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
- 	<lha@stacken.kth.se>
-
-2001-01-28  Assar Westerlund  <assar@sics.se>
-
-	* configure.in: send -R instead of -rpath to libtool to set
-	runtime library paths
-
-	* lib/krb5/Makefile.am: remove all dependencies on libkrb
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* appl/rcp: add port of bsd rcp changed to use existing rsh,
-	contributed by Richard Nyberg <rnyberg@it.su.se>
-
-2001-01-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/get_port.c: don't warn if the port name can't be found,
-	nobody cares anyway
-
-2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/hprop.c: make it possible to convert a v4 dump file without
-	having any v4 libraries; the kdb backend still require them
-
-	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
-	don't have to depend on any v4 libraries
-
-	* kdc/hprop.h: include shadow definition of kdb Principal, so we
-	don't have to depend on any v4 libraries
-
-	* lib/hdb/print.c: reduce number of memory allocations
-
-	* lib/hdb/mkey.c: add support for reading krb4 /.k files
-
-2001-01-19  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
-	for realms document capath better
-
-	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
-	at kpasswd_server before admin_server
-
-	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
-	[libdefaults]capath for better hint of realm to send request to.
-	this allows the client to specify `realm routing information' in
-	case it cannot be done at the server (which is preferred)
-
-	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
-	zero when we were expecting a sequence number.  MIT krb5 cannot
-	generate a sequence number of zero, instead generating no sequence
-	number
-	* lib/krb5/rd_safe.c (krb5_rd_safe): dito
-
-2001-01-11  Assar Westerlund  <assar@sics.se>
-
-	* kpasswd/kpasswdd.c: add --port option
-
-2001-01-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
-	just before returning
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
-
-2001-01-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c: call a time `time', and not `seconds'
-
-	* lib/krb5/init_creds.c: not much point in setting the anonymous
-	flag here
-
-	* lib/krb5/krb5_appdefault.3: document appdefault_time
-
-2001-01-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_user.c: use
-	krb5_get_init_creds_opt_set_default_flags
-
-	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
-
-	* lib/krb5/init_creds.c: new function
-	krb5_get_init_creds_opt_set_default_flags to set options from
-	krb5.conf
-
-	* lib/krb5/rd_cred.c: make this match the MIT function
-	
-	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
-	def_val
-	(krb5_appdefault_time): new function
-
-2001-01-03  Assar Westerlund  <assar@sics.se>
-
-	* kdc/hpropd.c (main): handle EOF when reading from stdin
diff --git a/crypto/heimdal/ChangeLog.2002 b/crypto/heimdal/ChangeLog.2002
deleted file mode 100644
index 37fda2e4940a..000000000000
--- a/crypto/heimdal/ChangeLog.2002
+++ /dev/null
@@ -1,726 +0,0 @@
-2002-12-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mk_rep.c: free allocated storage; reported by Howard
-	Chu
-
-2002-12-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
-
-2002-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kpasswd/kpasswdd.c (doit): initialise sa_size to size of
-	sockaddr_storage
-
-	* kdc/connect.c (init_socket): initialise sa_size to size of
-	sockaddr_storage
-
-2002-11-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: remove trailing comma in enum
-
-2002-11-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/524.c: implement crude b2 style (non-)conversion for use
-	with afs
-
-	* kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
-	where it's used
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c: more strcspn
-
-	* lib/krb5/store_emem.c (emem_store): limit how much we allocate
-	(from Olaf Kirch)
-
-	* lib/krb5/principal.c: don't allow trailing backslashes in
-	components
-
-	* kdc/connect.c: check that %-quotes are followed by two hex
-	digits
-
-	* lib/krb5/keytab_any.c: properly close the open keytabs (from
-	Larry Greenfield)
-
-	* kdc/kaserver.c: make sure life is positive (from John Godehn)
-
-2002-10-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c (display_tokens): allow tokens up to size of
-	buffer (from Magnus Holmberg)
-
-2002-09-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/changepw.c (process_reply): fix reply length check
-	calculation (reported by various people)
-
-2002-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_file.c (fkt_remove_entry): check return value
-	from start_seq_get (from Wynn Wilkes)
-
-2002-09-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
-	of ENOENT when "unconfigured"
-
-2002-09-16  Jacques Vidrine  <nectar@kth.se>
-
-	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
-	to convert the newline to NUL in fgets results.
-
-2002-09-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.1: remove unneeded Ns
-
-	* lib/krb5/krb5_appdefault.3: remove extra "application"
-
-	* fix-export: remove autom4ate.cache
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* include/make_crypto.c: don't use function macros if possible
-
-	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
-
-	* include/Makefile.am: use make_crypto to create crypto-headers.h
-
-	* include/make_crypto.c: crypto header generation tool
-
-	* configure.in: move crypto test to just after testing for krb4,
-	and move roken tests to after both, this speeds up various failure
-	cases with krb4
-
-	* lib/krb5/config_file.c: don't use NULL when we mean 0
-
-	* configure.in: we don't set package_libdir anymore, so no point
-	in testing for it
-
-	* tools/Makefile.am: subst INCLUDE_des
-
-	* tools/krb5-config.in: add INCLUDE_des to cflags
-
-	* configure.in: use AC_CONFIG_SRCDIR
-
-	* fix-export: remove some unneeded stuff
-
-	* kuser/kinit.c (do_524init): free principals
-
-2002-09-09  Jacques Vidrine  <nectar@kth.se>
-
-	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
-	kdc/kaserver.c (krb5_ret_xdr_data),
-	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
-	counts: Check that they are non-negative, and that they are small
-	enough to avoid integer overflow when used in memory allocation
-	calculations.  Potential problem areas pointed out by 
-	Sebastian Krahmer <krahmer@suse.de>.
-
-	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
-	creating a new keyfile.
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: don't try to build pam module
-
-2002-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* appl/kf/kf.c: fix warning string
-
-	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
-	know we need it
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* kdc/kerberos5.c (encode_reply): correct error logging
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/sendauth.c: close ccache if we opened it
-
-	* appl/kf/kf.c: handle new protocol
-
-	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
-	handle the new protocol, and bail out if an old client tries to
-	connect
-
-	* appl/kf/kf_locl.h: we need a protocol version string
-
-	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
-
-	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
-
-	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
-
-	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
-
-	* lib/asn1/gen.c: add convenience macro that allocates a buffer
-	and encoded into that
-
-	* lib/krb5/get_cred.c (init_tgs_req): use
-	in_creds->session.keytype literally instead of trying to convert
-	to a list of enctypes (it should already be an enctype)
-	
-	* lib/krb5/get_cred.c (init_tgs_req): init ret
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
-
-	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
-
-	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
-	zero ivec in DES3_CBC_encrypt if passed ivec is NULL
-
-	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
-	krb5-protos.h at build-time, which requires perl, which is bad
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
-	blindly use the local subkey
-
-	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
-	extracts the required blocksize from a crypto context
-
-	* lib/krb5/build_auth.c: just get the length of the encoded
-	authenticator instead of trying to grow a buffer
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* configure.in: add --disable-mmap option, and tests for
-	sys/mman.h and mmap
-
-2002-09-03  Jacques Vidrine  <nectar@kth.se>
-
-	* lib/krb5/changepw.c: verify lengths in response
-
-	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
-	truncated integers
-
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/mk_req_ext.c: generate a local subkey if
-	AP_OPTS_USE_SUBKEY is set
-
-	* lib/krb5/build_auth.c: we don't have enough information about
-	whether to generate a local subkey here, so don't try to
-
-	* lib/krb5/auth_context.c: new function
-	krb5_auth_con_generatelocalsubkey
-
-	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
-	initial ticket
-
-	* lib/krb5/context.c (init_context_from_config_file): simplify
-	initialisation of srv_lookup
-
-	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
-
-	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
-
-2002-08-30  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
-	* lib/krb5/Makefile.am (TESTS): add name-45-test
-	* lib/krb5/name-45-test.c: add testcases for
-	krb5_425_conv_principal
-
-2002-08-29  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/parse-name-test.c: also test unparse_short functions
-	* lib/asn1/asn1_print.c: use com_err/error_message API
-	* lib/krb5/Makefile.am: add parse-name-test
-	* lib/krb5/parse-name-test.c: add a program for testing parsing
-	and unparsing principal names
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* kdc/config.c: add missing ifdef DAEMON
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: use rk_SUNOS
-
-	* kdc/config.c: add detach options
-
-	* kdc/main.c: maybe detach from console?
-
-	* kdc/kdc.8: markup changes
-
-	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
-
-	* configure.in: use rk_TELNET, rename some other macros, and don't
-	add -ldes to krb4 link command
-
-	* kuser/kinit.1: whitespace fix (from NetBSD)
-
-	* include/bits.c: we may need unistd.h for ssize_t
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
-	rrs before A ones when using the resolver to verify a mapping,
-	also use getaddrinfo when resolver is not available
-
-	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
-	krb5_config_get_next
-
-	* lib/asn1/gen.c: include <string.h> in the generated files (for
-	memset)
-
-2002-08-22  Assar Westerlund  <assar@kth.se>
-
-	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
-	getarg so that it can handle --help and --version (and thus make
-	check can pass)
-
-	* lib/asn1/check-der.c: make this build again
-
-2002-08-22  Assar Westerlund <assar@kth.se>
-
-	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
-	patch from Love <lha@stacken.kth.se>
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
-	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
-	
-	* kdc/kdc.8: add blurb about adding and removing addresses; update
-	kdc.conf section to match reality
-
-	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
-	don't define it
-	
-2002-08-21  Assar Westerlund  <assar@kth.se>
-	
-	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
-	Love <lha@stacken.kth.se>
-
-2002-08-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
-	since it might not exist, and we don't actually care about the key
-	
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.conf.5: correct documentation for
-	verify_ap_req_nofail
-
-	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
-	Mattias Amnefelt)
-
-	* kuser/klist.c (display_tokens): increase token buffer size, and
-	add more checks of the kernel data (from Love)
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix-export: use make to parse Makefile.am instead of perl
-
-	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
-	groks AC_INIT with package name etc.
-
-	* kpasswd/kpasswdd.c: include <kadm5/private.h>
-
-	* lib/asn1/asn1_print.c: include com_right.h
-
-	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
-
-	* include/bits.c: define krb5_socklen_t type; this should really
-	go someplace else, but this was easy
-
-	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
-	fails, just warn about it
-
-	* kdc/log.c (kdc_openlog): no need for a config_file parameter
-
-	* kdc/config.c: just treat kdc.conf like any other config file
-
-	* lib/krb5/context.c (krb5_get_default_config_files): ignore
-	duplicate files
-
-2002-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
-	them
-
-	* lib/krb5/constants.c: turn strings into pointers, so we can
-	assign to them
-
-	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
-	SCAN_INTERFACES is not set
-
-	* lib/krb5/context.c: fix various borked stuff in previous commits
-
-2002-08-16  Jacques Vidrine <n@nectar.com>
-
-	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
-	the `admin_server' entry for kpasswd, override the `proto' result
-	to be UDP.
-
-2002-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/auth_context.c: check return value of
-	krb5_sockaddr2address
-
-	* lib/krb5/addr_families.c: check return value of
-	krb5_sockaddr2address
-
-	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
-
-2002-08-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
-
-	* lib/krb5/context.c: allow changing config files with the
-	function krb5_set_config_files, there are also related functions
-	krb5_get_default_config_files and krb5_free_config_files; these
-	should work similar to their MIT counterparts
-
-	* lib/krb5/config_file.c: allow the use of more than one config
-	file by using the new function krb5_config_parse_file_multi
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* use sysconfdir instead of /etc
-
-	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
-	to appease automake; force sysconfdir and localstatedir to /etc
-	and /var/heimdal for now
-
-	* kdc/connect.c (addr_to_string): check return value of
-	sockaddr2address
-
-2002-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
-	don't try comparing to one; this should make old clients work with
-	new servers
-
-	* lib/asn1/gen_decode.c: remove unused variable
-
-2002-07-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
-	Brashear)
-
-	* lib/krb5/principal.c: actually lower case the lower case
-	instance name (spotted by Derrick Brashear)
-
-2002-07-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* fix-export: if DATEDVERSION is set, change the version to
-	current date
-
-	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
-	LTLIBOBJS
-
-2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/connect.c: add some cache-control-foo to the http responses
-	(from Gombas Gabor)
-
-	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
-	if ret_len == NULL
-
-2002-06-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kuser/klist.c (display_tokens): don't bail out before we get
-	EDOM (signaling the end of the tokens), the kernel can also return
-	ENOTCONN, meaning that the index does not exist anymore (for
-	example if the token has expired)
-
-2002-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/changepw.c: make sure we return an error if there are
-	no changepw hosts found; from Wynn Wilkes
-
-2002-05-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
-	same type is found; spotted by Wynn Wilkes
-
-2002-05-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_file.c: check size of entry before trying to
-	read 32-bit kvno; also fix typo in previous
-
-2002-05-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* include/Makefile.am: only add to INCLUDES
-
-	* lib/45/mk_req.c: fix for storage change
-
-	* lib/hdb/print.c: fix for storage change
-
-2002-05-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: don't free encrypted padata until we're really
-	done with it
-
-2002-05-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
-	enctype
-
-	* kuser/kinit.1: document -a
-
-	* kuser/kinit.c: add command line switch for extra addresses
-
-2002-04-30  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* configure.in: remove some duplicate tests
-
-	* configure.in: use AC_HELP_STRING
-
-2002-04-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
-	unknown
-
-2002-04-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: use rk_DESTDIRS
-
-2002-04-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
-	the principal
-
-2002-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_init.c: fix typo in error string
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* acconfig.h: remove some stuff that is defined elsewhere
-
-	* lib/krb5/krb5_locl.h: include <sys/file.h>
-
-	* lib/krb5/acl.c: rename acl_string parameter
-
-	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
-	names in comments
-
-	* kuser/klist.c: better align some headers
-
-	* kdc/kerberos4.c: storage tweaks
-
-	* kdc/kaserver.c: storage tweaks
-
-	* kdc/524.c: storage tweaks
-
-	* lib/krb5/keytab_krb4.c: storage tweaks
-
-	* lib/krb5/keytab_keyfile.c: storage tweaks
-
-	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
-	sized keytab files
-
-	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
-
-	* lib/krb5/fcache.c: storage tweaks
-
-	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store.c: make the krb5_storage opaque, and add function
-	wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
-	function wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
-	wrappers for store/fetch/seek, and also make the eof-code
-	configurable
-
-	* include/bits.c: include <sys/socket.h> to get socklen_t
-
-	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
-	requested KDC-REQ etypes
-
-	* kdc/hpropd.c: constify
-
-	* kdc/hprop.c: constify
-
-	* kdc/string2key.c: constify
-
-	* kdc/kdc_locl.h: make port_str const
-
-	* kdc/config.c: constify
-
-	* lib/krb5/config_file.c: constify
-
-	* kdc/kstash.c: constify
-
-	* lib/krb5/verify_user.c: remove unnecessary cast
-
-	* lib/krb5/recvauth.c: constify
-
-	* lib/krb5/principal.c (krb5_parse_name): const qualify
-
-	* lib/krb5/mcache.c (mcc_get_name): constify return type
-
-	* lib/krb5/context.c (krb5_free_context): don't try to free the
-	ccache prefix
-
-	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
-	prefix
-
-	* lib/krb5/krb5.h: constify some struct members
-
-	* lib/krb5/log.c: constify
-
-	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
-	qualify
-
-	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
-
-	* lib/krb5/crypto.c: constify some
-
-	* lib/krb5/config_file.c: constify
-
-	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
-	constify local variable
-
-	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
-
-2002-04-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/verify_krb5_conf.c: add some log checking
-	
-	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
-
-2002-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
-	matches the expected length
-
-2002-03-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
-
-	* lib/krb5/mk_error.c: rename ctime parameter to client_time
-
-2002-03-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
-	Reinoud Zandijk)
-
-2002-03-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/asn1/k5.asn1: add the GSS-API checksum type here
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
-	18:3:1
-	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
-	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
-	
-2002-03-10  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/rd_cred.c: handle addresses with port numbers
-
-	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
-	store the kvno % 256 as the byte and the complete 32 bit kvno after
-	the end of the current keytab entry
-
-	* lib/krb5/init_creds_pw.c:
-	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
-
-	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
-	handle ports giving for the remote address
-
-	* lib/krb5/get_cred.c:
-	get a ticket with no addresses if no-addresses is set
-
-	* lib/krb5/crypto.c:
-	rename functions DES_* to krb5_* to avoid colliding with modern
-	openssl
-
-	* lib/krb5/addr_families.c:
-	make all functions taking 'struct sockaddr' actually take a socklen_t
-	instead of int and that acts as an in-out parameter (indicating the
-	maximum length of the sockaddr to be written)
-
-	* kdc/kerberos4.c:
-	make the kvno's in the krb4 universe by the real one % 256, since they
-	cannot only be 8 bit, and the v5 ones are actually 32 bits
-
-2002-02-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
-	before we need to write to it
-	(from �ke Sandgren)
-
-2002-02-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
-	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
-	directly
-
-	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
-	Kouril)
-
-2002-02-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
-	context
-
-2002-02-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/ktutil.c: no need to use the "modify" keytab anymore
-
-	* lib/krb5/keytab_any.c: implement add and remove
-
-	* lib/krb5/keytab_krb4.c: implement add and remove
-
-	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
-	(this should perhaps be selectable with a flag)
-
-2002-02-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kdc/config.c (get_dbinfo): if there are database specifications
-	in the config file, don't automatically try to use the default
-	values (from Gombas Gabor)
-
-	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
-	(from Gombas Gabor)
-
-2002-01-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin/list.c: get the default keytab from krb5.conf, and list
-	all parts of an ANY type keytab
-
-	* lib/krb5/context.c: default default_keytab_modify to NULL
-
-	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
-	name is specified take it from the first component of the default
-	keytab name
-
-2002-01-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* lib/krb5/keytab.c: compare keytab types case insensitively
-
-2002-01-07  Assar Westerlund  <assar@sics.se>
-
-	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
-	not really a krb5_key_usage).  From Ben Harris <bjh21@netbsd.org>
-	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
-	Harris <bjh21@netbsd.org>
-	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
-	Harris <bjh21@netbsd.org>
-	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
-	<bjh21@netbsd.org>
diff --git a/crypto/heimdal/Makefile b/crypto/heimdal/Makefile
deleted file mode 100644
index e6b423214a6a..000000000000
--- a/crypto/heimdal/Makefile
+++ /dev/null
@@ -1,688 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.16 2000/11/15 22:54:15 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = .
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = .
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl doc tools
-
-ACLOCAL_AMFLAGS = -I cf
-
-EXTRA_DIST = Makefile.am.common krb5.conf
-subdir = .
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = README ChangeLog Makefile.am Makefile.in NEWS TODO \
-	acinclude.m4 aclocal.m4 compile config.guess config.sub \
-	configure configure.in install-sh ltconfig ltmain.sh missing \
-	mkinstalldirs
-DIST_SUBDIRS = $(SUBDIRS)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-
-am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
- configure.lineno
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)
-
-$(top_builddir)/config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	$(SHELL) ./config.status --recheck
-$(srcdir)/configure:  $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
-	cd $(srcdir) && $(AUTOCONF)
-
-$(ACLOCAL_M4):  configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 cf/broken-getaddrinfo.m4 cf/broken-getnameinfo.m4 cf/broken-glob.m4 cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 cf/capabilities.m4 cf/check-compile-et.m4 cf/check-declaration.m4 cf/check-getpwnam_r-posix.m4 cf/check-man.m4 cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/crypto.m4 cf/db.m4 cf/destdirs.m4 cf/dlopen.m4 cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 cf/find-func.m4 cf/find-if-not-broken.m4 cf/have-pragma-weak.m4 cf/have-struct-field.m4 cf/have-type.m4 cf/have-types.m4 cf/irix.m4 cf/krb-bigendian.m4 cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 cf/krb-ipv6.m4 cf/krb-prog-ln-s.m4 cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 cf/krb-readline.m4 cf/krb-struct-spwd.m4 cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 cf/otp.m4 cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 cf/roken.m4 cf/sunos.m4 cf/telnet.m4 cf/test-package.m4 cf/wflags.m4 cf/with-all.m4
-	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = .
-distdir = $(PACKAGE)-$(VERSION)
-
-am__remove_distdir = \
-  { test ! -d $(distdir) \
-    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
-         && rm -fr $(distdir); }; }
-
-GZIP_ENV = --best
-distcleancheck_listfiles = find . -type f -print
-
-distdir: $(DISTFILES)
-	$(am__remove_distdir)
-	mkdir $(distdir)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
-	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
-	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
-	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
-	|| chmod -R a+r $(distdir)
-dist-gzip: distdir
-	$(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
-
-dist dist-all: distdir
-	$(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
-
-# This target untars the dist file and tries a VPATH configuration.  Then
-# it guarantees that the distribution is self-contained by making another
-# tarfile.
-distcheck: dist
-	$(am__remove_distdir)
-	GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(AMTAR) xf -
-	chmod -R a-w $(distdir); chmod a+w $(distdir)
-	mkdir $(distdir)/=build
-	mkdir $(distdir)/=inst
-	chmod a-w $(distdir)
-	dc_install_base=`$(am__cd) $(distdir)/=inst && pwd` \
-	  && cd $(distdir)/=build \
-	  && ../configure --srcdir=.. --prefix=$$dc_install_base \
-	    $(DISTCHECK_CONFIGURE_FLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
-	  && $(MAKE) $(AM_MAKEFLAGS) check \
-	  && $(MAKE) $(AM_MAKEFLAGS) install \
-	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
-	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
-	  && (test `find $$dc_install_base -type f -print | wc -l` -le 1 \
-	      || { echo "ERROR: files left after uninstall:" ; \
-	           find $$dc_install_base -type f -print ; \
-	           exit 1; } >&2 ) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dist-gzip \
-	  && rm -f $(distdir).tar.gz \
-	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
-	$(am__remove_distdir)
-	@echo "$(distdir).tar.gz is ready for distribution" | \
-	  sed 'h;s/./=/g;p;x;p;x'
-distcleancheck: distclean
-	if test '$(srcdir)' = . ; then \
-	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
-	  exit 1 ; \
-	fi
-	test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
-	  || { echo "ERROR: files left after distclean:" ; \
-	       $(distcleancheck_listfiles) ; \
-	       exit 1; } >&2
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-	-rm -rf autom4te.cache
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	dist dist-all dist-gzip distcheck distclean distclean-generic \
-	distclean-libtool distclean-recursive distclean-tags \
-	distcleancheck distdir dvi dvi-am dvi-recursive info info-am \
-	info-recursive install install-am install-data install-data-am \
-	install-data-local install-data-recursive install-exec \
-	install-exec-am install-exec-recursive install-info \
-	install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
-	uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/Makefile.am b/crypto/heimdal/Makefile.am
deleted file mode 100644
index f3d5441b1395..000000000000
--- a/crypto/heimdal/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-# $Id: Makefile.am,v 1.16 2000/11/15 22:54:15 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS	= include lib kuser kdc admin kadmin kpasswd appl doc tools
-
-## ACLOCAL = @ACLOCAL@ -I cf
-ACLOCAL_AMFLAGS = -I cf
-
-EXTRA_DIST = Makefile.am.common krb5.conf
diff --git a/crypto/heimdal/Makefile.am.common b/crypto/heimdal/Makefile.am.common
deleted file mode 100644
index 3f71443c1298..000000000000
--- a/crypto/heimdal/Makefile.am.common
+++ /dev/null
@@ -1,4 +0,0 @@
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-include $(top_srcdir)/cf/Makefile.am.common
-
diff --git a/crypto/heimdal/Makefile.in b/crypto/heimdal/Makefile.in
deleted file mode 100644
index 5b3567f46e69..000000000000
--- a/crypto/heimdal/Makefile.in
+++ /dev/null
@@ -1,685 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.16 2000/11/15 22:54:15 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = .
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl doc tools
-
-ACLOCAL_AMFLAGS = -I cf
-
-EXTRA_DIST = Makefile.am.common krb5.conf
-subdir = .
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = README ChangeLog Makefile.am Makefile.in NEWS TODO \
-	acinclude.m4 aclocal.m4 compile config.guess config.sub \
-	configure configure.in install-sh ltconfig ltmain.sh missing \
-	mkinstalldirs
-DIST_SUBDIRS = $(SUBDIRS)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)
-
-$(top_builddir)/config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	$(SHELL) ./config.status --recheck
-$(srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
-	cd $(srcdir) && $(AUTOCONF)
-
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 cf/broken-getaddrinfo.m4 cf/broken-getnameinfo.m4 cf/broken-glob.m4 cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 cf/capabilities.m4 cf/check-compile-et.m4 cf/check-declaration.m4 cf/check-getpwnam_r-posix.m4 cf/check-man.m4 cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/crypto.m4 cf/db.m4 cf/destdirs.m4 cf/dlopen.m4 cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 cf/find-func.m4 cf/find-if-not-broken.m4 cf/have-pragma-weak.m4 cf/have-struct-field.m4 cf/have-type.m4 cf/have-types.m4 cf/irix.m4 cf/krb-bigendian.m4 cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 cf/krb-ipv6.m4 cf/krb-prog-ln-s.m4 cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 cf/krb-readline.m4 cf/krb-struct-spwd.m4 cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 cf/otp.m4 cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 cf/roken.m4 cf/sunos.m4 cf/telnet.m4 cf/test-package.m4 cf/wflags.m4 cf/with-all.m4
-	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = .
-distdir = $(PACKAGE)-$(VERSION)
-
-am__remove_distdir = \
-  { test ! -d $(distdir) \
-    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
-         && rm -fr $(distdir); }; }
-
-GZIP_ENV = --best
-distcleancheck_listfiles = find . -type f -print
-
-distdir: $(DISTFILES)
-	$(am__remove_distdir)
-	mkdir $(distdir)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
-	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
-	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
-	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
-	|| chmod -R a+r $(distdir)
-dist-gzip: distdir
-	$(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
-
-dist dist-all: distdir
-	$(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
-
-# This target untars the dist file and tries a VPATH configuration.  Then
-# it guarantees that the distribution is self-contained by making another
-# tarfile.
-distcheck: dist
-	$(am__remove_distdir)
-	GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(AMTAR) xf -
-	chmod -R a-w $(distdir); chmod a+w $(distdir)
-	mkdir $(distdir)/=build
-	mkdir $(distdir)/=inst
-	chmod a-w $(distdir)
-	dc_install_base=`$(am__cd) $(distdir)/=inst && pwd` \
-	  && cd $(distdir)/=build \
-	  && ../configure --srcdir=.. --prefix=$$dc_install_base \
-	    $(DISTCHECK_CONFIGURE_FLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
-	  && $(MAKE) $(AM_MAKEFLAGS) check \
-	  && $(MAKE) $(AM_MAKEFLAGS) install \
-	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
-	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
-	  && (test `find $$dc_install_base -type f -print | wc -l` -le 1 \
-	      || { echo "ERROR: files left after uninstall:" ; \
-	           find $$dc_install_base -type f -print ; \
-	           exit 1; } >&2 ) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dist-gzip \
-	  && rm -f $(distdir).tar.gz \
-	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
-	$(am__remove_distdir)
-	@echo "$(distdir).tar.gz is ready for distribution" | \
-	  sed 'h;s/./=/g;p;x;p;x'
-distcleancheck: distclean
-	if test '$(srcdir)' = . ; then \
-	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
-	  exit 1 ; \
-	fi
-	test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
-	  || { echo "ERROR: files left after distclean:" ; \
-	       $(distcleancheck_listfiles) ; \
-	       exit 1; } >&2
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-	-rm -f config.status config.cache config.log
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	dist dist-all dist-gzip distcheck distclean distclean-generic \
-	distclean-libtool distclean-recursive distclean-tags \
-	distcleancheck distdir dvi dvi-am dvi-recursive info info-am \
-	info-recursive install install-am install-data install-data-am \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS
deleted file mode 100644
index 73752077a16b..000000000000
--- a/crypto/heimdal/NEWS
+++ /dev/null
@@ -1,596 +0,0 @@
-Changes in release 0.6
-
-* The DES3 GSS-API mechanism has been changed to inter-operate with
-  other GSSAPI implementations. See man page for gssapi(3) how to turn
-  on generation of correct MIC messages. Next major release of heimdal 
-  will generate correct MIC by default.
-
-* More complete GSS-API support
-
-* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
-  support in applications no longer requires Kerberos 4 libs
-
-* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
-
-* other bug fixes
-
-Changes in release 0.5.2
-
- * kdc: add option for disabling v4 cross-realm (defaults to off)
-
- * bug fixes
-
-Changes in release 0.5.1
-
- * kadmind: fix remote exploit
-
- * kadmind: add option to disable kerberos 4
-
- * kdc: make sure kaserver token life is positive
-
- * telnet: use the session key if there is no subkey
-
- * fix EPSV parsing in ftp
-
- * other bug fixes
-
-Changes in release 0.5
-
- * add --detach option to kdc
-
- * allow setting forward and forwardable option in telnet from
-   .telnetrc, with override from command line
-
- * accept addresses with or without ports in krb5_rd_cred
-
- * make it work with modern openssl
-
- * use our own string2key function even with openssl (that handles weak
-   keys incorrectly)
-
- * more system-specific requirements in login
-
- * do not use getlogin() to determine root in su
-
- * telnet: abort if telnetd does not support encryption
-
- * update autoconf to 2.53
-
- * update config.guess, config.sub
-
- * other bug fixes
-
-Changes in release 0.4e
-
- * improve libcrypto and database autoconf tests
-
- * do not care about salting of server principals when serving v4 requests
-
- * some improvements to gssapi library
-
- * test for existing compile_et/libcom_err
-
- * portability fixes
-
- * bug fixes
-
-Changes in release 0.4d
-
- * fix some problems when using libcrypto from openssl
-
- * handle /dev/ptmx `unix98' ptys on Linux
-
- * add some forgotten man pages
-
- * rsh: clean-up and add man page
-
- * fix -A and -a in builtin-ls in tpd
-
- * fix building problem on Irix
-
- * make `ktutil get' more efficient
-
- * bug fixes
-
-Changes in release 0.4c
-
- * fix buffer overrun in telnetd
-
- * repair some of the v4 fallback code in kinit
-
- * add more shared library dependencies
-
- * simplify and fix hprop handling of v4 databases
-
- * fix some building problems (osf's sia and osfc2 login)
-
- * bug fixes
-
-Changes in release 0.4b
-
- * update the shared library version numbers correctly
-
-Changes in release 0.4a
-
- * corrected key used for checksum in mk_safe, unfortunately this
-   makes it backwards incompatible
-
- * update to autoconf 2.50, libtool 1.4
-
- * re-write dns/config lookups (krb5_krbhst API)
-
- * make order of using subkeys consistent
-
- * add man page links
-
- * add more man pages
-
- * remove rfc2052 support, now only rfc2782 is supported
-
- * always build with kaserver protocol support in the KDC (assuming
-   KRB4 is enabled) and support for reading kaserver databases in
-   hprop
-
-Changes in release 0.3f
-
- * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
-   the new keytab type that tries both of these in order (SRVTAB is
-   also an alias for krb4:)
-
- * improve error reporting and error handling (error messages should
-   be more detailed and more useful)
-
- * improve building with openssl
-
- * add kadmin -K, rcp -F 
-
- * fix two incorrect weak DES keys
-
- * fix building of kaserver compat in KDC
-
- * the API is closer to what MIT krb5 is using
-
- * more compatible with windows 2000
-
- * removed some memory leaks
-
- * bug fixes
-
-Changes in release 0.3e
-
- * rcp program included
-
- * fix buffer overrun in ftpd
-
- * handle omitted sequence numbers as zeroes to handle MIT krb5 that
-   cannot generate zero sequence numbers
-
- * handle v4 /.k files better
-
- * configure/portability fixes
-
- * fixes in parsing of options to kadmin (sub-)commands
-
- * handle errors in kadmin load better
-
- * bug fixes
-
-Changes in release 0.3d
-
- * add krb5-config
-
- * fix a bug in 3des gss-api mechanism, making it compatible with the
-   specification and the MIT implementation
-
- * make telnetd only allow a specific list of environment variables to
-   stop it from setting `sensitive' variables
-
- * try to use an existing libdes
-
- * lib/krb5, kdc: use correct usage type for ap-req messages.  This
-   should improve compatability with MIT krb5 when using 3DES
-   encryption types
-
- * kdc: fix memory allocation problem
-
- * update config.guess and config.sub
-
- * lib/roken: more stuff implemented
-
- * bug fixes and portability enhancements
-
-Changes in release 0.3c
-
- * lib/krb5: memory caches now support the resolve operation
-
- * appl/login: set PATH to some sane default
-
- * kadmind: handle several realms
-
- * bug fixes (including memory leaks)
-
-Changes in release 0.3b
-
- * kdc: prefer default-salted keys on v5 requests
-
- * kdc: lowercase hostnames in v4 mode
-
- * hprop: handle more types of MIT salts
-
- * lib/krb5: fix memory leak
-
- * bug fixes
-
-Changes in release 0.3a:
-
- * implement arcfour-hmac-md5 to interoperate with W2K
-
- * modularise the handling of the master key, and allow for other
-   encryption types. This makes it easier to import a database from
-   some other source without having to re-encrypt all keys.
-
- * allow for better control over which encryption types are created
-
- * make kinit fallback to v4 if given a v4 KDC
-
- * make klist work better with v4 and v5, and add some more MIT
-   compatibility options
-
- * make the kdc listen on the krb524 (4444) port for compatibility
-   with MIT krb5 clients
-
- * implement more DCE/DFS support, enabled with --enable-dce, see
-   lib/kdfs and appl/dceutils
-
- * make the sequence numbers work correctly
-
- * bug fixes
-
-Changes in release 0.2t:
-
- * bug fixes
-
-Changes in release 0.2s:
-
- * add OpenLDAP support in hdb
-
- * login will get v4 tickets when it receives forwarded tickets
-
- * xnlock supports both v5 and v4
-
- * repair source routing for telnet
-
- * fix building problems with krb4 (krb_mk_req)
-
- * bug fixes
-
-Changes in release 0.2r:
-
- * fix realloc memory corruption bug in kdc
-
- * `add --key' and `cpw --key' in kadmin
-
- * klist supports listing v4 tickets
-
- * update config.guess and config.sub
-
- * make v4 -> v5 principal name conversion more robust
-
- * support for anonymous tickets
-
- * new man-pages
-
- * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
-
- * use and set expiration and not password expiration when dumping
-   to/from ka server databases / krb4 databases
-
- * make the code happier with 64-bit time_t
-
- * follow RFC2782 and by default do not look for non-underscore SRV names
-
-Changes in release 0.2q:
-
- * bug fix in tcp-handling in kdc
-
- * bug fix in expand_hostname
-
-Changes in release 0.2p:
-
- * bug fix in `kadmin load/merge'
-
- * bug fix in krb5_parse_address
-
-Changes in release 0.2o:
-
- * gss_{import,export}_sec_context added to libgssapi
-
- * new option --addresses to kdc (for listening on an explicit set of
-   addresses)
-
- * bug fixes in the krb4 and kaserver emulation part of the kdc
-
- * other bug fixes
-
-Changes in release 0.2n:
-
- * more robust parsing of dump files in kadmin
- * changed default timestamp format for log messages to extended ISO
-   8601 format (Y-M-DTH:M:S)
- * changed md4/md5/sha1 APIes to be de-facto `standard'
- * always make hostname into lower-case before creating principal
- * small bits of more MIT-compatability
- * bug fixes
-
-Changes in release 0.2m:
-
- * handle glibc's getaddrinfo() that returns several ai_canonname
-
- * new endian test
-
- * man pages fixes
-
-Changes in release 0.2l:
-
- * bug fixes
-
-Changes in release 0.2k:
-
- * better IPv6 test
-
- * make struct sockaddr_storage in roken work better on alphas
-
- * some missing [hn]to[hn]s fixed.
-
- * allow users to change their own passwords with kadmin (with initial
-   tickets)
-
- * fix stupid bug in parsing KDC specification
-
- * add `ktutil change' and `ktutil purge'
-
-Changes in release 0.2j:
-
- * builds on Irix
-
- * ftpd works in passive mode
-
- * should build on cygwin
-
- * work around broken IPv6-code on OpenBSD 2.6, also add configure
-   option --disable-ipv6
-
-Changes in release 0.2i:
-
- * use getaddrinfo in the missing places.
-
- * fix SRV lookup for admin server
-
- * use get{addr,name}info everywhere.  and implement it in terms of
-   getipnodeby{name,addr} (which uses gethostbyname{,2} and
-   gethostbyaddr)
-
-Changes in release 0.2h:
-
- * fix typo in kx (now compiles)
-
-Changes in release 0.2g:
-
- * lots of bug fixes:
-   * push works
-   * repair appl/test programs
-   * sockaddr_storage works on solaris (alignment issues)
-   * works better with non-roken getaddrinfo
-   * rsh works
-   * some non standard C constructs removed
-
-Changes in release 0.2f:
-
- * support SRV records for kpasswd
- * look for both _kerberos and krb5-realm when doing host -> realm mapping
-
-Changes in release 0.2e:
-
- * changed copyright notices to remove `advertising'-clause.
- * get{addr,name}info added to roken and used in the other code
-   (this makes things work much better with hosts with both v4 and v6
-    addresses, among other things)
- * do pre-auth for both password and key-based get_in_tkt
- * support for having several databases
- * new command `del_enctype' in kadmin
- * strptime (and new strftime) add to roken
- * more paranoia about finding libdb
- * bug fixes
-
-Changes in release 0.2d:
-
- * new configuration option [libdefaults]default_etypes_des
- * internal ls in ftpd builds without KRB4
- * kx/rsh/push/pop_debug tries v5 and v4 consistenly
- * build bug fixes
- * other bug fixes
-
-Changes in release 0.2c:
-
- * bug fixes (see ChangeLog's for details)
-
-Changes in release 0.2b:
-
- * bug fixes
- * actually bump shared library versions
-
-Changes in release 0.2a:
-
- * a new program verify_krb5_conf for checking your /etc/krb5.conf
- * add 3DES keys when changing password
- * support null keys in database
- * support multiple local realms
- * implement a keytab backend for AFS KeyFile's
- * implement a keytab backend for v4 srvtabs
- * implement `ktutil copy'
- * support password quality control in v4 kadmind
- * improvements in v4 compat kadmind
- * handle the case of having the correct cred in the ccache but with
-   the wrong encryption type better
- * v6-ify the remaining programs.
- * internal ls in ftpd
- * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
- * add `ank --random-password' and `cpw --random-password' in kadmin
- * some programs and documentation for trying to talk to a W2K KDC
- * bug fixes
-
-Changes in release 0.1m:
-
- * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
-   From Miroslav Ruda <ruda@ics.muni.cz>
- * v6-ify hprop and hpropd
- * support numeric addresses in krb5_mk_req
- * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
- * make rsh/rshd IPv6-aware
- * make the gssapi sample applications better at reporting errors
- * lots of bug fixes
- * handle systems with v6-aware libc and non-v6 kernels (like Linux
-   with glibc 2.1) better
- * hide failure of ERPT in ftp
- * lots of bug fixes
-
-Changes in release 0.1l:
-
- * make ftp and ftpd IPv6-aware
- * add inet_pton to roken
- * more IPv6-awareness
- * make mini_inetd v6 aware
-
-Changes in release 0.1k:
-
- * bump shared libraries versions
- * add roken version of inet_ntop
- * merge more changes to rshd
-
-Changes in release 0.1j:
-
- * restore back to the `old' 3DES code.  This was supposed to be done
-   in 0.1h and 0.1i but I did a CVS screw-up.
- * make telnetd handle v6 connections
-
-Changes in release 0.1i:
-
- * start using `struct sockaddr_storage' which simplifies the code
-   (with a fallback definition if it's not defined)
- * bug fixes (including in hprop and kf)
- * don't use mawk which seems to mishandle roken.awk
- * get_addrs should be able to handle v6 addresses on Linux (with the
-   required patch to the Linux kernel -- ask within)
- * rshd builds with shadow passwords
-
-Changes in release 0.1h:
-
- * kf: new program for forwarding credentials
- * portability fixes
- * make forwarding credentials work with MIT code
- * better conversion of ka database
- * add etc/services.append
- * correct `modified by' from kpasswdd
- * lots of bug fixes
-
-Changes in release 0.1g:
-
- * kgetcred: new program for explicitly obtaining tickets
- * configure fixes
- * krb5-aware kx
- * bug fixes
-
-Changes in release 0.1f;
-
- * experimental support for v4 kadmin protokoll in kadmind
- * bug fixes
-
-Changes in release 0.1e:
-
- * try to handle old DCE and MIT kdcs
- * support for older versions of credential cache files and keytabs
- * postdated tickets work
- * support for password quality checks in kpasswdd
- * new flag --enable-kaserver for kdc
- * renew fixes
- * prototype su program
- * updated (some) manpages
- * support for KDC resource records
- * should build with --without-krb4
- * bug fixes
-
-Changes in release 0.1d:
-
- * Support building with DB2 (uses 1.85-compat API)
- * Support krb5-realm.DOMAIN in DNS
- * new `ktutil srvcreate'
- * v4/kafs support in klist/kdestroy
- * bug fixes
-
-Changes in release 0.1c:
-
- * fix ASN.1 encoding of signed integers
- * somewhat working `ktutil get'
- * some documentation updates
- * update to Autoconf 2.13 and Automake 1.4
- * the usual bug fixes
-
-Changes in release 0.1b:
-
- * some old -> new crypto conversion utils
- * bug fixes
-
-Changes in release 0.1a:
-
- * new crypto code
- * more bug fixes
- * make sure we ask for DES keys in gssapi
- * support signed ints in ASN1
- * IPv6-bug fixes
-
-Changes in release 0.0u:
-
- * lots of bug fixes
-
-Changes in release 0.0t:
-
- * more robust parsing of krb5.conf
- * include net{read,write} in lib/roken
- * bug fixes
-
-Changes in release 0.0s:
-
- * kludges for parsing options to rsh
- * more robust parsing of krb5.conf
- * removed some arbitrary limits
- * bug fixes
-
-Changes in release 0.0r:
-
- * default options for some programs
- * bug fixes
-
-Changes in release 0.0q:
-
- * support for building shared libraries with libtool
- * bug fixes
-
-Changes in release 0.0p:
-
- * keytab moved to /etc/krb5.keytab
- * avoid false detection of IPv6 on Linux
- * Lots of more functionality in the gssapi-library
- * hprop can now read ka-server databases
- * bug fixes
-
-Changes in release 0.0o:
-
- * FTP with GSSAPI support.
- * Bug fixes.
-
-Changes in release 0.0n:
-
- * Incremental database propagation.
- * Somewhat improved kadmin ui; the stuff in admin is now removed.
- * Some support for using enctypes instead of keytypes.
- * Lots of other improvement and bug fixes, see ChangeLog for details.
diff --git a/crypto/heimdal/README b/crypto/heimdal/README
deleted file mode 100644
index f27b67f912b5..000000000000
--- a/crypto/heimdal/README
+++ /dev/null
@@ -1,19 +0,0 @@
-$Id: README,v 1.1 2000/07/27 02:33:54 assar Exp $
-
-Heimdal is a Kerberos 5 implementation.
-
-Please see the manual in doc, by default installed in
-/usr/heimdal/info/heimdal.info for information on how to install.
-There are also briefer man pages for most of the commands.
-
-Bug reports and bugs are appreciated, see more under Bug reports in
-the manual on how we prefer them.
-
-For more information see the web-page at
-<http://www.pdc.kth.se/heimdal/> or the mailing lists:
-
-heimdal-announce@sics.se	low-volume announcement
-heimdal-discuss@sics.se		high-volume discussion
-
-send a mail to heimdal-announce-request@sics.se and
-heimdal-discuss-request@sics.se respectively to subscribe.
diff --git a/crypto/heimdal/TODO b/crypto/heimdal/TODO
deleted file mode 100644
index adef74a15d7b..000000000000
--- a/crypto/heimdal/TODO
+++ /dev/null
@@ -1,85 +0,0 @@
--*- indented-text -*-
-
-$Id: TODO,v 1.66 2001/08/09 08:43:42 assar Exp $
-
-* configure
-
-handle readline hiding in readline/readline.h
-
-* appl
-
-** appl/popper
-
-Implement RFC1731 and 1734, pop over GSS-API
-
-* doc
-
-* kdc
-
-* kadmin
-
-make it happy with reading and parsing kdc.conf
-
-is in need of a major cleanup
-
-* kpasswdd
-
-figure out what's the deal with do_sequence and the MIT client
-
-* lib
-
-** lib/asn1
-
-prepend a prefix on all generated symbols
-
-** lib/auth
-
-** lib/auth/sia
-
-PAM
-
-** lib/com_err
-
-write a man-page
-
-** lib/des
-
-make everything work with openssl and make prototypes compatible
-
-** lib/gssapi
-
-process_context_token, add_cred, inquire_cred_by_mech,
-inquire_names_for_mech, and
-inquire_mechs_for_name not implemented.
-
-set minor_status in all functions
-
-anonymous credentials not implemented
-
-add rc4
-
-** lib/hdb
-
-** lib/kadm5
-
-add policies?
-
-fix to use rpc?
-
-** lib/krb5
-
-the replay cache is, in its current state, not very useful
-
-OTP?
-
-make checksum/encryption type configuration more realm-specific.  make
-some simple way of handling the w2k situtation
-
-crypto: allow scatter/gather creation of checksums
-
-verify_user: handle non-secure verification failing because of
-host->realm mapping
-
-config_file: do it in case-sensitive and/or insensitive
-
-** lib/roken
diff --git a/crypto/heimdal/Xconfig.h b/crypto/heimdal/Xconfig.h
deleted file mode 100644
index 07f8101c29b5..000000000000
--- a/crypto/heimdal/Xconfig.h
+++ /dev/null
@@ -1,335 +0,0 @@
-#ifndef RCSID
-#define RCSID(msg) \
-static const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-#define AUTHENTICATION 1
-#define BINDIR "/usr/heimdal/bin"
-#define DES_ENCRYPTION 1
-#define DIAGNOSTICS 1
-#define ENCRYPTION 1
-#define ENDIANESS_IN_SYS_PARAM_H 1
-#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
-#define GETSERVBYNAME_PROTO_COMPATIBLE 1
-#define GETSOCKNAME_PROTO_COMPATIBLE 1
-#define HAVE_ARPA_FTP_H 1
-#define HAVE_ARPA_INET_H 1
-#define HAVE_ARPA_NAMESER_H 1
-#define HAVE_ARPA_TELNET_H 1
-#define HAVE_ASPRINTF 1
-#define HAVE_ATEXIT 1
-#define HAVE_CGETENT 1
-#define HAVE_CHOWN 1
-#define HAVE_CRYPT 1
-#define HAVE_CURSES_H 1
-#define HAVE_DAEMON 1
-#define HAVE_DB1 1
-#define HAVE_DBM_FIRSTKEY 1
-#define HAVE_DBOPEN 1
-#define HAVE_DB_H 1
-#define HAVE_DIRENT_H 1
-#define HAVE_DLFCN_H 1
-#define HAVE_DLOPEN 1
-#define HAVE_DN_EXPAND 1
-#define HAVE_EL_INIT 1
-#define HAVE_ERR 1
-#define HAVE_ERRNO_H 1
-#define HAVE_ERRX 1
-#define HAVE_ERR_H 1
-#define HAVE_FCHOWN 1
-#define HAVE_FCNTL 1
-#define HAVE_FCNTL_H 1
-#define HAVE_FLOCK 1
-#define HAVE_FNMATCH 1
-#define HAVE_FNMATCH_H 1
-#define HAVE_FOUR_VALUED_EL_INIT 1
-#define HAVE_FREEADDRINFO 1
-#define HAVE_FREEHOSTENT 1
-#define HAVE_GAI_STRERROR 1
-#define HAVE_GETADDRINFO 1
-#define HAVE_GETCWD 1
-#define HAVE_GETDTABLESIZE 1
-#define HAVE_GETEGID 1
-#define HAVE_GETEUID 1
-#define HAVE_GETGID 1
-#define HAVE_GETHOSTBYNAME 1
-#define HAVE_GETHOSTBYNAME2 1
-#define HAVE_GETHOSTNAME 1
-#define HAVE_GETIFADDRS 1
-#define HAVE_GETIPNODEBYADDR 1
-#define HAVE_GETIPNODEBYNAME 1
-#define HAVE_GETLOGIN 1
-#define HAVE_GETNAMEINFO 1
-#define HAVE_GETOPT 1
-#define HAVE_GETPROGNAME 1
-#define HAVE_GETRLIMIT 1
-#define HAVE_GETSOCKOPT 1
-#define HAVE_GETTIMEOFDAY 1
-#define HAVE_GETUID 1
-#define HAVE_GETUSERSHELL 1
-#define HAVE_GLOB 1
-#define HAVE_GRP_H 1
-#define HAVE_HSTRERROR 1
-#define HAVE_H_ERRLIST 1
-#define HAVE_H_ERRNO 1
-#define HAVE_H_ERRNO_DECLARATION 1
-#define HAVE_H_NERR 1
-#define HAVE_IFADDRS_H 1
-#define HAVE_IN6ADDR_LOOPBACK 1
-#define HAVE_INET_ATON 1
-#define HAVE_INET_NTOP 1
-#define HAVE_INET_PTON 1
-#define HAVE_INITGROUPS 1
-#define HAVE_INITSTATE 1
-#define HAVE_INNETGR 1
-#define HAVE_INT16_T 1
-#define HAVE_INT32_T 1
-#define HAVE_INT64_T 1
-#define HAVE_INT8_T 1
-#define HAVE_INTTYPES_H 1
-#define HAVE_IPV6 1
-#define HAVE_IRUSEROK 1
-#define HAVE_ISSETUGID 1
-#define HAVE_LIBUTIL_H 1
-#define HAVE_LIMITS_H 1
-#define HAVE_LOCALTIME_R 1
-#define HAVE_LOGOUT 1
-#define HAVE_LOGWTMP 1
-#define HAVE_LONG_LONG 1
-#define HAVE_LSTAT 1
-#define HAVE_MEMMOVE 1
-#define HAVE_MEMORY_H 1
-#define HAVE_MKSTEMP 1
-#define HAVE_MKTIME 1
-#define HAVE_NDBM 1
-#define HAVE_NDBM_H 1
-#define HAVE_NETDB_H 1
-#define HAVE_NETINET6_IN6_VAR_H 1
-#define HAVE_NETINET_IN_H 1
-#define HAVE_NETINET_IN_SYSTM_H 1
-#define HAVE_NETINET_IP_H 1
-#define HAVE_NETINET_TCP_H 1
-#define HAVE_NET_IF_H 1
-#define HAVE_NEW_DB 1
-#define HAVE_OPENPTY 1
-#define HAVE_OPENSSL 1
-#define HAVE_OPTARG_DECLARATION 1
-#define HAVE_OPTERR_DECLARATION 1
-#define HAVE_OPTIND_DECLARATION 1
-#define HAVE_OPTOPT_DECLARATION 1
-#define HAVE_PATHS_H 1
-#define HAVE_PTHREAD_H 1
-#define HAVE_PUTENV 1
-#define HAVE_PWD_H 1
-#define HAVE_RAND 1
-#define HAVE_RANDOM 1
-#define HAVE_RCMD 1
-#define HAVE_READLINE 1
-#define HAVE_READV 1
-#define HAVE_RECVMSG 1
-#define HAVE_RESOLV_H 1
-#define HAVE_RES_SEARCH 1
-#define HAVE_REVOKE 1
-#define HAVE_RPCSVC_YPCLNT_H 1
-#define HAVE_SA_FAMILY_T 1
-#define HAVE_SECURITY_PAM_MODULES_H 1
-#define HAVE_SELECT 1
-#define HAVE_SENDMSG 1
-#define HAVE_SETEGID 1
-#define HAVE_SETENV 1
-#define HAVE_SETEUID 1
-#define HAVE_SETITIMER 1
-#define HAVE_SETLOGIN 1
-#define HAVE_SETPGID 1
-#define HAVE_SETPROCTITLE 1
-#define HAVE_SETPROGNAME 1
-#define HAVE_SETREGID 1
-#define HAVE_SETRESGID 1
-#define HAVE_SETRESUID 1
-#define HAVE_SETREUID 1
-#define HAVE_SETSID 1
-#define HAVE_SETSOCKOPT 1
-#define HAVE_SETSTATE 1
-#define HAVE_SGTTY_H 1
-#define HAVE_SIGACTION 1
-#define HAVE_SIGNAL_H 1
-#define HAVE_SNPRINTF 1
-#define HAVE_SOCKET 1
-#define HAVE_SOCKLEN_T 1
-#define HAVE_SSIZE_T 1
-#define HAVE_STDINT_H 1
-#define HAVE_STDLIB_H 1
-#define HAVE_STRCASECMP 1
-#define HAVE_STRDUP 1
-#define HAVE_STRERROR 1
-#define HAVE_STRFTIME 1
-#define HAVE_STRINGS_H 1
-#define HAVE_STRING_H 1
-#define HAVE_STRLCAT 1
-#define HAVE_STRLCPY 1
-#define HAVE_STRNCASECMP 1
-#define HAVE_STRPTIME 1
-#define HAVE_STRSEP 1
-#define HAVE_STRSTR 1
-#define HAVE_STRTOK_R 1
-#define HAVE_STRUCT_ADDRINFO 1
-#define HAVE_STRUCT_IFADDRS 1
-#define HAVE_STRUCT_IOVEC 1
-#define HAVE_STRUCT_MSGHDR 1
-#define HAVE_STRUCT_SOCKADDR 1
-#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-#define HAVE_STRUCT_TM_TM_GMTOFF 1
-#define HAVE_STRUCT_TM_TM_ZONE 1
-#define HAVE_STRUCT_WINSIZE 1
-#define HAVE_STRUNVIS 1
-#define HAVE_STRVIS 1
-#define HAVE_STRVISX 1
-#define HAVE_SWAB 1
-#define HAVE_SYSCONF 1
-#define HAVE_SYSCTL 1
-#define HAVE_SYSLOG 1
-#define HAVE_SYSLOG_H 1
-#define HAVE_SYS_CAPABILITY_H 1
-#define HAVE_SYS_FILE_H 1
-#define HAVE_SYS_FILIO_H 1
-#define HAVE_SYS_IOCCOM_H 1
-#define HAVE_SYS_IOCTL_H 1
-#define HAVE_SYS_PARAM_H 1
-#define HAVE_SYS_PROC_H 1
-#define HAVE_SYS_RESOURCE_H 1
-#define HAVE_SYS_SELECT_H 1
-#define HAVE_SYS_SOCKET_H 1
-#define HAVE_SYS_SOCKIO_H 1
-#define HAVE_SYS_STAT_H 1
-#define HAVE_SYS_SYSCALL_H 1
-#define HAVE_SYS_SYSCTL_H 1
-#define HAVE_SYS_TIMEB_H 1
-#define HAVE_SYS_TIMES_H 1
-#define HAVE_SYS_TIME_H 1
-#define HAVE_SYS_TTY_H 1
-#define HAVE_SYS_TYPES_H 1
-#define HAVE_SYS_UIO_H 1
-#define HAVE_SYS_UN_H 1
-#define HAVE_SYS_UTSNAME_H 1
-#define HAVE_SYS_WAIT_H 1
-#define HAVE_TERMCAP_H 1
-#define HAVE_TERMIOS_H 1
-#define HAVE_TERM_H 1
-#define HAVE_TGETENT 1
-#define HAVE_TIMEGM 1
-#define HAVE_TIMEZONE 1
-#define HAVE_TIMEZONE_DECLARATION 1
-#define HAVE_TIME_H 1
-#define HAVE_TTYNAME 1
-#define HAVE_TTYSLOT 1
-#define HAVE_UINT16_T 1
-#define HAVE_UINT32_T 1
-#define HAVE_UINT64_T 1
-#define HAVE_UINT8_T 1
-#define HAVE_UMASK 1
-#define HAVE_UNAME 1
-#define HAVE_UNISTD_H 1
-#define HAVE_UNSETENV 1
-#define HAVE_UNVIS 1
-#define HAVE_UTMP_H 1
-#define HAVE_U_INT16_T 1
-#define HAVE_U_INT32_T 1
-#define HAVE_U_INT64_T 1
-#define HAVE_U_INT8_T 1
-#define HAVE_VASPRINTF 1
-#define HAVE_VERR 1
-#define HAVE_VERRX 1
-#define HAVE_VIS 1
-#define HAVE_VIS_H 1
-#define HAVE_VSNPRINTF 1
-#define HAVE_VSYSLOG 1
-#define HAVE_VWARN 1
-#define HAVE_VWARNX 1
-#define HAVE_WARN 1
-#define HAVE_WARNX 1
-#define HAVE_WRITEV 1
-#define HAVE_WS_XPIXEL 1
-#define HAVE_WS_YPIXEL 1
-#define HAVE_XAUFILENAME 1
-#define HAVE_XAUREADAUTH 1
-#define HAVE_XAUWRITEAUTH 1
-#define HAVE_YP_GET_DEFAULT_DOMAIN 1
-#define HAVE__RES 1
-#define HAVE__RES_DECLARATION 1
-#define HAVE___ATTRIBUTE__ 1
-#define HAVE___PROGNAME 1
-#define KRB5 1
-#define LIBDIR "/usr/heimdal/lib"
-#define LIBEXECDIR "/usr/heimdal/libexec"
-#define LOCALSTATEDIR "/var/heimdal"
-#define NEED_ASNPRINTF_PROTO 1
-#define NEED_STRNDUP_PROTO 1
-#define NEED_STRSVIS_PROTO 1
-#define NEED_SVIS_PROTO 1
-#define NEED_VASNPRINTF_PROTO 1
-#define OLD_ENVIRON 1
-#define OPENLOG_PROTO_COMPATIBLE 1
-#define OTP 1
-#define PACKAGE "heimdal"
-#define PACKAGE_BUGREPORT "heimdal-bugs@pdc.kth.se"
-#define PACKAGE_NAME "Heimdal"
-#define PACKAGE_STRING "Heimdal 0.4f"
-#define PACKAGE_TARNAME "heimdal"
-#define PACKAGE_VERSION "0.4f"
-#define RETSIGTYPE void
-#define SBINDIR "/usr/heimdal/sbin"
-#define STDC_HEADERS 1
-#define SYSCONFDIR "/etc"
-#define TIME_WITH_SYS_TIME 1
-#define VERSION "0.4f"
-#define VOID_RETSIGTYPE 1
-#define YYTEXT_POINTER 1
-#define _GNU_SOURCE 1
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
-#else
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
-#endif
-#ifndef HAVE_KRB_KDCTIMEOFDAY
-#define krb_kdctimeofday(X) gettimeofday((X), NULL)
-#endif
-#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
-#define krb_get_kdc_time_diff() (0)
-#endif
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-#if _AIX
-#define _ALL_SOURCE
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
diff --git a/crypto/heimdal/acconfig.h b/crypto/heimdal/acconfig.h
deleted file mode 100644
index 9dabe370e340..000000000000
--- a/crypto/heimdal/acconfig.h
+++ /dev/null
@@ -1,96 +0,0 @@
-@BOTTOM@
-
-#undef BINDIR 
-#undef LIBDIR
-#undef LIBEXECDIR
-#undef SBINDIR
-
-#undef HAVE_INT8_T
-#undef HAVE_INT16_T
-#undef HAVE_INT32_T
-#undef HAVE_INT64_T
-#undef HAVE_U_INT8_T
-#undef HAVE_U_INT16_T
-#undef HAVE_U_INT32_T
-#undef HAVE_U_INT64_T
-#undef HAVE_UINT8_T
-#undef HAVE_UINT16_T
-#undef HAVE_UINT32_T
-#undef HAVE_UINT64_T
-
-#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
-#else
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
-#endif
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
-
-#undef PROTOTYPES
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-#if defined(HAVE_SGTTY_H) && defined(__NeXT__)
-#define SGTTY
-#endif
-
-/* telnet stuff ----------------------------------------------- */
-
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd 
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-#undef USE_IM
-
-/* Used with login -p */
-#undef LOGIN_ARGS
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-
-/* random defines */
-
-/*
- * Defining this enables lots of useful (and used) extensions on
- * glibc-based systems such as Linux
- */
-
-#define _GNU_SOURCE
-
-/*
- * this assumes that KRB_C_BIGENDIAN is used.
- * if we can find out endianess at compile-time, do so,
- * otherwise WORDS_BIGENDIAN should already have been defined
- */
-
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-
-#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif
diff --git a/crypto/heimdal/acinclude.m4 b/crypto/heimdal/acinclude.m4
deleted file mode 100644
index ff8704275cfb..000000000000
--- a/crypto/heimdal/acinclude.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/aclocal.m4 b/crypto/heimdal/aclocal.m4
deleted file mode 100644
index 8741577c0e0d..000000000000
--- a/crypto/heimdal/aclocal.m4
+++ /dev/null
@@ -1,7262 +0,0 @@
-# aclocal.m4t generated automatically by aclocal 1.6.1 -*- Autoconf -*-
-
-# Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-dnl $Id: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
-
-
-dnl $Id: misc.m4,v 1.5 2002/05/24 15:35:32 joda Exp $
-dnl
-AC_DEFUN([upcase],[`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`])dnl
-AC_DEFUN([rk_LIBOBJ],[AC_LIBOBJ([$1])])dnl
-AC_DEFUN([rk_CONFIG_HEADER],[AH_TOP([#ifndef RCSID
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-])])
-# Like AC_CONFIG_HEADER, but automatically create stamp file. -*- Autoconf -*-
-
-# Copyright 1996, 1997, 2000, 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-AC_PREREQ([2.52])
-
-# serial 6
-
-# When config.status generates a header, we must update the stamp-h file.
-# This file resides in the same directory as the config header
-# that is generated.  We must strip everything past the first ":",
-# and everything past the last "/".
-
-# _AM_DIRNAME(PATH)
-# -----------------
-# Like AS_DIRNAME, only do it during macro expansion
-AC_DEFUN([_AM_DIRNAME],
-       [m4_if(regexp([$1], [^.*[^/]//*[^/][^/]*/*$]), -1,
-	      m4_if(regexp([$1], [^//\([^/]\|$\)]), -1,
-		    m4_if(regexp([$1], [^/.*]), -1,
-			  [.],
-			  patsubst([$1], [^\(/\).*], [\1])),
-		    patsubst([$1], [^\(//\)\([^/].*\|$\)], [\1])),
-	      patsubst([$1], [^\(.*[^/]\)//*[^/][^/]*/*$], [\1]))[]dnl
-])# _AM_DIRNAME
-
-
-# The stamp files are numbered to have different names.
-# We could number them on a directory basis, but that's additional
-# complications, let's have a unique counter.
-m4_define([_AM_STAMP_Count], [0])
-
-
-# _AM_STAMP(HEADER)
-# -----------------
-# The name of the stamp file for HEADER.
-AC_DEFUN([_AM_STAMP],
-[m4_define([_AM_STAMP_Count], m4_incr(_AM_STAMP_Count))dnl
-AS_ESCAPE(_AM_DIRNAME(patsubst([$1],
-                               [:.*])))/stamp-h[]_AM_STAMP_Count])
-
-
-# _AM_CONFIG_HEADER(HEADER[:SOURCES], COMMANDS, INIT-COMMANDS)
-# ------------------------------------------------------------
-# We used to try to get a real timestamp in stamp-h.  But the fear is that
-# that will cause unnecessary cvs conflicts.
-AC_DEFUN([_AM_CONFIG_HEADER],
-[# Add the stamp file to the list of files AC keeps track of,
-# along with our hook.
-AC_CONFIG_HEADERS([$1],
-                  [# update the timestamp
-echo 'timestamp for $1' >"_AM_STAMP([$1])"
-$2],
-                  [$3])
-])# _AM_CONFIG_HEADER
-
-
-# AM_CONFIG_HEADER(HEADER[:SOURCES]..., COMMANDS, INIT-COMMANDS)
-# --------------------------------------------------------------
-AC_DEFUN([AM_CONFIG_HEADER],
-[AC_FOREACH([_AM_File], [$1], [_AM_CONFIG_HEADER(_AM_File, [$2], [$3])])
-])# AM_CONFIG_HEADER
-
-# Do all the work for Automake.                            -*- Autoconf -*-
-
-# This macro actually does too much some checks are only needed if
-# your package does certain things.  But this isn't really a big deal.
-
-# Copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 8
-
-# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
-# written in clear, in which case automake, when reading aclocal.m4,
-# will think it sees a *use*, and therefore will trigger all it's
-# C support machinery.  Also note that it means that autoscan, seeing
-# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
-
-
-AC_PREREQ([2.52])
-
-# Autoconf 2.50 wants to disallow AM_ names.  We explicitly allow
-# the ones we care about.
-m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
-
-# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
-# AM_INIT_AUTOMAKE([OPTIONS])
-# -----------------------------------------------
-# The call with PACKAGE and VERSION arguments is the old style
-# call (pre autoconf-2.50), which is being phased out.  PACKAGE
-# and VERSION should now be passed to AC_INIT and removed from
-# the call to AM_INIT_AUTOMAKE.
-# We support both call styles for the transition.  After
-# the next Automake release, Autoconf can make the AC_INIT
-# arguments mandatory, and then we can depend on a new Autoconf
-# release and drop the old call support.
-AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
- AC_REQUIRE([AC_PROG_INSTALL])dnl
-# test to see if srcdir already configured
-if test "`cd $srcdir && pwd`" != "`pwd`" &&
-   test -f $srcdir/config.status; then
-  AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
-fi
-
-# Define the identity of the package.
-dnl Distinguish between old-style and new-style calls.
-m4_ifval([$2],
-[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
- AC_SUBST([PACKAGE], [$1])dnl
- AC_SUBST([VERSION], [$2])],
-[_AM_SET_OPTIONS([$1])dnl
- AC_SUBST([PACKAGE], [AC_PACKAGE_TARNAME])dnl
- AC_SUBST([VERSION], [AC_PACKAGE_VERSION])])dnl
-
-_AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
- AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
-
-# Some tools Automake needs.
-AC_REQUIRE([AM_SANITY_CHECK])dnl
-AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
-AM_MISSING_PROG(AUTOCONF, autoconf)
-AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
-AM_MISSING_PROG(AUTOHEADER, autoheader)
-AM_MISSING_PROG(MAKEINFO, makeinfo)
-AM_MISSING_PROG(AMTAR, tar)
-AM_PROG_INSTALL_SH
-AM_PROG_INSTALL_STRIP
-# We need awk for the "check" target.  The system "awk" is bad on
-# some platforms.
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-
-_AM_IF_OPTION([no-dependencies],,
-[AC_PROVIDE_IFELSE([AC_PROG_][CC],
-                  [_AM_DEPENDENCIES(CC)],
-                  [define([AC_PROG_][CC],
-                          defn([AC_PROG_][CC])[_AM_DEPENDENCIES(CC)])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_][CXX],
-                  [_AM_DEPENDENCIES(CXX)],
-                  [define([AC_PROG_][CXX],
-                          defn([AC_PROG_][CXX])[_AM_DEPENDENCIES(CXX)])])dnl
-])
-])
-
-# Copyright 2002  Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-
-# AM_AUTOMAKE_VERSION(VERSION)
-# ----------------------------
-# Automake X.Y traces this macro to ensure aclocal.m4 has been
-# generated from the m4 files accompanying Automake X.Y.
-AC_DEFUN([AM_AUTOMAKE_VERSION],[am__api_version="1.6"])
-
-# AM_SET_CURRENT_AUTOMAKE_VERSION
-# -------------------------------
-# Call AM_AUTOMAKE_VERSION so it can be traced.
-# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
-AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-	 [AM_AUTOMAKE_VERSION([1.6.1])])
-
-# Helper functions for option handling.                    -*- Autoconf -*-
-
-# Copyright 2001, 2002  Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 2
-
-# _AM_MANGLE_OPTION(NAME)
-# -----------------------
-AC_DEFUN([_AM_MANGLE_OPTION],
-[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-
-# _AM_SET_OPTION(NAME)
-# ------------------------------
-# Set option NAME.  Presently that only means defining a flag for this option.
-AC_DEFUN([_AM_SET_OPTION],
-[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
-
-# _AM_SET_OPTIONS(OPTIONS)
-# ----------------------------------
-# OPTIONS is a space-separated list of Automake options.
-AC_DEFUN([_AM_SET_OPTIONS],
-[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-
-# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
-# -------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-AC_DEFUN([_AM_IF_OPTION],
-[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-
-#
-# Check to make sure that the build environment is sane.
-#
-
-# Copyright 1996, 1997, 2000, 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 3
-
-# AM_SANITY_CHECK
-# ---------------
-AC_DEFUN([AM_SANITY_CHECK],
-[AC_MSG_CHECKING([whether build environment is sane])
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments.  Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
-   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
-   if test "$[*]" = "X"; then
-      # -L didn't work.
-      set X `ls -t $srcdir/configure conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$[*]" != "X $srcdir/configure conftest.file" \
-      && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
-alias in your environment])
-   fi
-
-   test "$[2]" = conftest.file
-   )
-then
-   # Ok.
-   :
-else
-   AC_MSG_ERROR([newly created file is older than distributed files!
-Check your system clock])
-fi
-AC_MSG_RESULT(yes)])
-
-#  -*- Autoconf -*-
-
-
-# Copyright 1997, 1999, 2000, 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 3
-
-# AM_MISSING_PROG(NAME, PROGRAM)
-# ------------------------------
-AC_DEFUN([AM_MISSING_PROG],
-[AC_REQUIRE([AM_MISSING_HAS_RUN])
-$1=${$1-"${am_missing_run}$2"}
-AC_SUBST($1)])
-
-
-# AM_MISSING_HAS_RUN
-# ------------------
-# Define MISSING if not defined so far and test if it supports --run.
-# If it does, set am_missing_run to use it, otherwise, to nothing.
-AC_DEFUN([AM_MISSING_HAS_RUN],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
-else
-  am_missing_run=
-  AC_MSG_WARN([`missing' script is too old or missing])
-fi
-])
-
-# AM_AUX_DIR_EXPAND
-
-# Copyright 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
-# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
-# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
-#
-# Of course, Automake must honor this variable whenever it calls a
-# tool from the auxiliary directory.  The problem is that $srcdir (and
-# therefore $ac_aux_dir as well) can be either absolute or relative,
-# depending on how configure is run.  This is pretty annoying, since
-# it makes $ac_aux_dir quite unusable in subdirectories: in the top
-# source directory, any form will work fine, but in subdirectories a
-# relative path needs to be adjusted first.
-#
-# $ac_aux_dir/missing
-#    fails when called from a subdirectory if $ac_aux_dir is relative
-# $top_srcdir/$ac_aux_dir/missing
-#    fails if $ac_aux_dir is absolute,
-#    fails when called from a subdirectory in a VPATH build with
-#          a relative $ac_aux_dir
-#
-# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
-# are both prefixed by $srcdir.  In an in-source build this is usually
-# harmless because $srcdir is `.', but things will broke when you
-# start a VPATH build or use an absolute $srcdir.
-#
-# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
-# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
-#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
-# and then we would define $MISSING as
-#   MISSING="\${SHELL} $am_aux_dir/missing"
-# This will work as long as MISSING is not called from configure, because
-# unfortunately $(top_srcdir) has no meaning in configure.
-# However there are other variables, like CC, which are often used in
-# configure, and could therefore not use this "fixed" $ac_aux_dir.
-#
-# Another solution, used here, is to always expand $ac_aux_dir to an
-# absolute PATH.  The drawback is that using absolute paths prevent a
-# configured tree to be moved without reconfiguration.
-
-# Rely on autoconf to set up CDPATH properly.
-AC_PREREQ([2.50])
-
-AC_DEFUN([AM_AUX_DIR_EXPAND], [
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-])
-
-# AM_PROG_INSTALL_SH
-# ------------------
-# Define $install_sh.
-
-# Copyright 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-AC_DEFUN([AM_PROG_INSTALL_SH],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-install_sh=${install_sh-"$am_aux_dir/install-sh"}
-AC_SUBST(install_sh)])
-
-# AM_PROG_INSTALL_STRIP
-
-# Copyright 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# One issue with vendor `install' (even GNU) is that you can't
-# specify the program used to strip binaries.  This is especially
-# annoying in cross-compiling environments, where the build's strip
-# is unlikely to handle the host's binaries.
-# Fortunately install-sh will honor a STRIPPROG variable, so we
-# always use install-sh in `make install-strip', and initialize
-# STRIPPROG with the value of the STRIP variable (set by the user).
-AC_DEFUN([AM_PROG_INSTALL_STRIP],
-[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
-if test "$cross_compiling" != no; then
-  AC_CHECK_TOOL([STRIP], [strip], :)
-fi
-INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
-AC_SUBST([INSTALL_STRIP_PROGRAM])])
-
-# serial 4						-*- Autoconf -*-
-
-# Copyright 1999, 2000, 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-
-# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
-# written in clear, in which case automake, when reading aclocal.m4,
-# will think it sees a *use*, and therefore will trigger all it's
-# C support machinery.  Also note that it means that autoscan, seeing
-# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
-
-
-
-# _AM_DEPENDENCIES(NAME)
-# ----------------------
-# See how the compiler implements dependency checking.
-# NAME is "CC", "CXX", "GCJ", or "OBJC".
-# We try a few techniques and use that to set a single cache variable.
-#
-# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
-# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
-# dependency, and given that the user is not expected to run this macro,
-# just rely on AC_PROG_CC.
-AC_DEFUN([_AM_DEPENDENCIES],
-[AC_REQUIRE([AM_SET_DEPDIR])dnl
-AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
-AC_REQUIRE([AM_MAKE_INCLUDE])dnl
-AC_REQUIRE([AM_DEP_TRACK])dnl
-
-ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
-       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
-       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc']
-       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
-                   [depcc="$$1"   am_compiler_list=])
-
-AC_CACHE_CHECK([dependency style of $depcc],
-               [am_cv_$1_dependencies_compiler_type],
-[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
-  # We make a subdir and do the tests there.  Otherwise we can end up
-  # making bogus files that we don't know about and never remove.  For
-  # instance it was reported that on HP-UX the gcc test will end up
-  # making a dummy file named `D' -- because `-MD' means `put the output
-  # in D'.
-  mkdir conftest.dir
-  # Copy depcomp to subdir because otherwise we won't find it if we're
-  # using a relative directory.
-  cp "$am_depcomp" conftest.dir
-  cd conftest.dir
-
-  am_cv_$1_dependencies_compiler_type=none
-  if test "$am_compiler_list" = ""; then
-     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
-  fi
-  for depmode in $am_compiler_list; do
-    # We need to recreate these files for each test, as the compiler may
-    # overwrite some of them when testing with obscure command lines.
-    # This happens at least with the AIX C compiler.
-    echo '#include "conftest.h"' > conftest.c
-    echo 'int i;' > conftest.h
-    echo "${am__include} ${am__quote}conftest.Po${am__quote}" > confmf
-
-    case $depmode in
-    nosideeffect)
-      # after this tag, mechanisms are not by side-effect, so they'll
-      # only be used when explicitly requested
-      if test "x$enable_dependency_tracking" = xyes; then
-	continue
-      else
-	break
-      fi
-      ;;
-    none) break ;;
-    esac
-    # We check with `-c' and `-o' for the sake of the "dashmstdout"
-    # mode.  It turns out that the SunPro C++ compiler does not properly
-    # handle `-M -o', and we need to detect this.
-    if depmode=$depmode \
-       source=conftest.c object=conftest.o \
-       depfile=conftest.Po tmpdepfile=conftest.TPo \
-       $SHELL ./depcomp $depcc -c conftest.c -o conftest.o >/dev/null 2>&1 &&
-       grep conftest.h conftest.Po > /dev/null 2>&1 &&
-       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
-      am_cv_$1_dependencies_compiler_type=$depmode
-      break
-    fi
-  done
-
-  cd ..
-  rm -rf conftest.dir
-else
-  am_cv_$1_dependencies_compiler_type=none
-fi
-])
-AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
-])
-
-
-# AM_SET_DEPDIR
-# -------------
-# Choose a directory name for dependency files.
-# This macro is AC_REQUIREd in _AM_DEPENDENCIES
-AC_DEFUN([AM_SET_DEPDIR],
-[rm -f .deps 2>/dev/null
-mkdir .deps 2>/dev/null
-if test -d .deps; then
-  DEPDIR=.deps
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  DEPDIR=_deps
-fi
-rmdir .deps 2>/dev/null
-AC_SUBST([DEPDIR])
-])
-
-
-# AM_DEP_TRACK
-# ------------
-AC_DEFUN([AM_DEP_TRACK],
-[AC_ARG_ENABLE(dependency-tracking,
-[  --disable-dependency-tracking Speeds up one-time builds
-  --enable-dependency-tracking  Do not reject slow dependency extractors])
-if test "x$enable_dependency_tracking" != xno; then
-  am_depcomp="$ac_aux_dir/depcomp"
-  AMDEPBACKSLASH='\'
-fi
-AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-AC_SUBST([AMDEPBACKSLASH])
-])
-
-# Generate code to set up dependency tracking.   -*- Autoconf -*-
-
-# Copyright 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-#serial 2
-
-# _AM_OUTPUT_DEPENDENCY_COMMANDS
-# ------------------------------
-AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
-[for mf in $CONFIG_FILES; do
-  # Strip MF so we end up with the name of the file.
-  mf=`echo "$mf" | sed -e 's/:.*$//'`
-  if (sed 1q $mf | fgrep 'generated by automake') > /dev/null 2>&1; then
-    dirpart=`AS_DIRNAME("$mf")`
-  else
-    continue
-  fi
-  grep '^DEP_FILES *= *[[^ @%:@]]' < "$mf" > /dev/null || continue
-  # Extract the definition of DEP_FILES from the Makefile without
-  # running `make'.
-  DEPDIR=`sed -n -e '/^DEPDIR = / s///p' < "$mf"`
-  test -z "$DEPDIR" && continue
-  # When using ansi2knr, U may be empty or an underscore; expand it
-  U=`sed -n -e '/^U = / s///p' < "$mf"`
-  test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR"
-  # We invoke sed twice because it is the simplest approach to
-  # changing $(DEPDIR) to its actual value in the expansion.
-  for file in `sed -n -e '
-    /^DEP_FILES = .*\\\\$/ {
-      s/^DEP_FILES = //
-      :loop
-	s/\\\\$//
-	p
-	n
-	/\\\\$/ b loop
-      p
-    }
-    /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \
-       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
-    # Make sure the directory exists.
-    test -f "$dirpart/$file" && continue
-    fdir=`AS_DIRNAME(["$file"])`
-    AS_MKDIR_P([$dirpart/$fdir])
-    # echo "creating $dirpart/$file"
-    echo '# dummy' > "$dirpart/$file"
-  done
-done
-])# _AM_OUTPUT_DEPENDENCY_COMMANDS
-
-
-# AM_OUTPUT_DEPENDENCY_COMMANDS
-# -----------------------------
-# This macro should only be invoked once -- use via AC_REQUIRE.
-#
-# This code is only required when automatic dependency tracking
-# is enabled.  FIXME.  This creates each `.P' file that we will
-# need in order to bootstrap the dependency handling code.
-AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
-[AC_CONFIG_COMMANDS([depfiles],
-     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
-     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
-])
-
-# Copyright 2001 Free Software Foundation, Inc.             -*- Autoconf -*-
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 2
-
-# AM_MAKE_INCLUDE()
-# -----------------
-# Check to see how make treats includes.
-AC_DEFUN([AM_MAKE_INCLUDE],
-[am_make=${MAKE-make}
-cat > confinc << 'END'
-doit:
-	@echo done
-END
-# If we don't find an include directive, just comment out the code.
-AC_MSG_CHECKING([for style of include used by $am_make])
-am__include="#"
-am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | fgrep -v 'ing directory'`" = "done"; then
-   am__include=include
-   am__quote=
-   _am_result=GNU
-fi
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
-   echo '.include "confinc"' > confmf
-   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
-      am__include=.include
-      am__quote="\""
-      _am_result=BSD
-   fi
-fi
-AC_SUBST(am__include)
-AC_SUBST(am__quote)
-AC_MSG_RESULT($_am_result)
-rm -f confinc confmf
-])
-
-# AM_CONDITIONAL                                              -*- Autoconf -*-
-
-# Copyright 1997, 2000, 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 5
-
-AC_PREREQ(2.52)
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
-        [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])
-AC_SUBST([$1_FALSE])
-if $2; then
-  $1_TRUE=
-  $1_FALSE='#'
-else
-  $1_TRUE='#'
-  $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
-  AC_MSG_ERROR([conditional \"$1\" was never defined.
-Usually this means the macro was only invoked conditionally.])
-fi])])
-
-# Add --enable-maintainer-mode option to configure.
-# From Jim Meyering
-
-# Copyright 1996, 1998, 2000, 2001 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 1
-
-AC_DEFUN([AM_MAINTAINER_MODE],
-[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
-  dnl maintainer-mode is disabled by default
-  AC_ARG_ENABLE(maintainer-mode,
-[  --enable-maintainer-mode enable make rules and dependencies not useful
-                          (and sometimes confusing) to the casual installer],
-      USE_MAINTAINER_MODE=$enableval,
-      USE_MAINTAINER_MODE=no)
-  AC_MSG_RESULT([$USE_MAINTAINER_MODE])
-  AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes])
-  MAINT=$MAINTAINER_MODE_TRUE
-  AC_SUBST(MAINT)dnl
-]
-)
-
-
-# Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# serial 3
-
-AC_PREREQ(2.50)
-
-# AM_PROG_LEX
-# -----------
-# Autoconf leaves LEX=: if lex or flex can't be found.  Change that to a
-# "missing" invocation, for better error output.
-AC_DEFUN([AM_PROG_LEX],
-[AC_REQUIRE([AM_MISSING_HAS_RUN])dnl
-AC_REQUIRE([AC_PROG_LEX])dnl
-if test "$LEX" = :; then
-  LEX=${am_missing_run}flex
-fi])
-
-dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
-dnl
-dnl
-dnl Better test for ln -s, ln or cp
-dnl
-
-AC_DEFUN(AC_KRB_PROG_LN_S,
-[AC_MSG_CHECKING(for ln -s or something else)
-AC_CACHE_VAL(ac_cv_prog_LN_S,
-[rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi])dnl
-LN_S="$ac_cv_prog_LN_S"
-AC_MSG_RESULT($ac_cv_prog_LN_S)
-AC_SUBST(LN_S)dnl
-])
-
-
-dnl $Id: mips-abi.m4,v 1.6 2002/04/30 16:46:05 joda Exp $
-dnl
-dnl
-dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
-dnl value.
-
-AC_DEFUN(AC_MIPS_ABI, [
-AC_ARG_WITH(mips_abi,
-	AC_HELP_STRING([--with-mips-abi=abi],[ABI to use for IRIX (32, n32, or 64)]))
-
-case "$host_os" in
-irix*)
-with_mips_abi="${with_mips_abi:-yes}"
-if test -n "$GCC"; then
-
-# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
-# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
-#
-# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
-# GCC and revert back to O32. The same goes if O32 is asked for - old
-# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
-#
-# Don't you just love *all* the different SGI ABIs?
-
-case "${with_mips_abi}" in 
-        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
-       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
-        64) abi='-mabi=64';  abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) AC_MSG_ERROR("Invalid ABI specified") ;;
-esac
-if test -n "$abi" ; then
-ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-dnl
-dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
-dnl AC_MSG_RESULT
-dnl
-AC_MSG_CHECKING([if $CC supports the $abi option])
-AC_CACHE_VAL($ac_foo, [
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $abi"
-AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no)
-CFLAGS="$save_CFLAGS"
-])
-ac_res=`eval echo \\\$$ac_foo`
-AC_MSG_RESULT($ac_res)
-if test $ac_res = no; then
-# Try to figure out why that failed...
-case $abi in
-	-mabi=32) 
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS -mabi=n32"
-	AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no)
-	CLAGS="$save_CFLAGS"
-	if test $ac_res = yes; then
-		# New GCC
-		AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
-	fi
-	# Old GCC
-	abi=''
-	abilibdirext=''
-	;;
-	-mabi=n32|-mabi=64)
-		if test $with_mips_abi = yes; then
-			# Old GCC, default to O32
-			abi=''
-			abilibdirext=''
-		else
-			# Some broken GCC
-			AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
-		fi
-	;;
-esac
-fi #if test $ac_res = no; then
-fi #if test -n "$abi" ; then
-else
-case "${with_mips_abi}" in
-        32|o32) abi='-32'; abilibdirext=''     ;;
-       n32|yes) abi='-n32'; abilibdirext='32'  ;;
-        64) abi='-64'; abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) AC_MSG_ERROR("Invalid ABI specified") ;;
-esac
-fi #if test -n "$GCC"; then
-;;
-esac
-])
-
-dnl
-dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
-dnl
-
-dnl
-dnl Test for __attribute__
-dnl
-
-AC_DEFUN(AC_C___ATTRIBUTE__, [
-AC_MSG_CHECKING(for __attribute__)
-AC_CACHE_VAL(ac_cv___attribute__, [
-AC_TRY_COMPILE([
-#include <stdlib.h>
-],
-[
-static void foo(void) __attribute__ ((noreturn));
-
-static void
-foo(void)
-{
-  exit(1);
-}
-],
-ac_cv___attribute__=yes,
-ac_cv___attribute__=no)])
-if test "$ac_cv___attribute__" = "yes"; then
-  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
-fi
-AC_MSG_RESULT($ac_cv___attribute__)
-])
-
-
-# libtool.m4 - Configure libtool for the host system. -*-Shell-script-*-
-
-# serial 46 AC_PROG_LIBTOOL
-
-AC_DEFUN([AC_PROG_LIBTOOL],
-[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-# Prevent multiple expansion
-define([AC_PROG_LIBTOOL], [])
-])
-
-AC_DEFUN([AC_LIBTOOL_SETUP],
-[AC_PREREQ(2.13)dnl
-AC_REQUIRE([AC_ENABLE_SHARED])dnl
-AC_REQUIRE([AC_ENABLE_STATIC])dnl
-AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_LD])dnl
-AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl
-AC_REQUIRE([AC_PROG_NM])dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl
-AC_REQUIRE([AC_OBJEXT])dnl
-AC_REQUIRE([AC_EXEEXT])dnl
-dnl
-
-_LT_AC_PROG_ECHO_BACKSLASH
-# Only perform the check for file, if the check method requires it
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    AC_PATH_MAGIC
-  fi
-  ;;
-esac
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-AC_CHECK_TOOL(STRIP, strip, :)
-
-ifdef([AC_PROVIDE_AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
-ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL],
-enable_win32_dll=yes, enable_win32_dll=no)
-
-AC_ARG_ENABLE(libtool-lock,
-  [  --disable-libtool-lock  avoid locking (might break parallel builds)])
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-*-*-irix6*)
-  # Find out which ABI we are using.
-  echo '[#]line __oline__ "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -32"
-      ;;
-    *N32*)
-      LD="${LD-ld} -n32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -64"
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_SAVE
-     AC_LANG_C
-     AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_RESTORE])
-  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS="$SAVE_CFLAGS"
-  fi
-  ;;
-
-ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL],
-[*-*-cygwin* | *-*-mingw* | *-*-pw32*)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-
-  # recent cygwin and mingw systems supply a stub DllMain which the user
-  # can override, but on older systems we have to supply one
-  AC_CACHE_CHECK([if libtool should supply DllMain function], lt_cv_need_dllmain,
-    [AC_TRY_LINK([],
-      [extern int __attribute__((__stdcall__)) DllMain(void*, int, void*);
-      DllMain (0, 0, 0);],
-      [lt_cv_need_dllmain=no],[lt_cv_need_dllmain=yes])])
-
-  case $host/$CC in
-  *-*-cygwin*/gcc*-mno-cygwin*|*-*-mingw*)
-    # old mingw systems require "-dll" to link a DLL, while more recent ones
-    # require "-mdll"
-    SAVE_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS -mdll"
-    AC_CACHE_CHECK([how to link DLLs], lt_cv_cc_dll_switch,
-      [AC_TRY_LINK([], [], [lt_cv_cc_dll_switch=-mdll],[lt_cv_cc_dll_switch=-dll])])
-    CFLAGS="$SAVE_CFLAGS" ;;
-  *-*-cygwin* | *-*-pw32*)
-    # cygwin systems need to pass --dll to the linker, and not link
-    # crt.o which will require a WinMain@16 definition.
-    lt_cv_cc_dll_switch="-Wl,--dll -nostartfiles" ;;
-  esac
-  ;;
-  ])
-esac
-
-_LT_AC_LTCONFIG_HACK
-
-])
-
-# AC_LIBTOOL_HEADER_ASSERT
-# ------------------------
-AC_DEFUN([AC_LIBTOOL_HEADER_ASSERT],
-[AC_CACHE_CHECK([whether $CC supports assert without backlinking],
-    [lt_cv_func_assert_works],
-    [case $host in
-    *-*-solaris*)
-      if test "$GCC" = yes && test "$with_gnu_ld" != yes; then
-        case `$CC --version 2>/dev/null` in
-        [[12]].*) lt_cv_func_assert_works=no ;;
-        *)        lt_cv_func_assert_works=yes ;;
-        esac
-      fi
-      ;;
-    esac])
-
-if test "x$lt_cv_func_assert_works" = xyes; then
-  AC_CHECK_HEADERS(assert.h)
-fi
-])# AC_LIBTOOL_HEADER_ASSERT
-
-# _LT_AC_CHECK_DLFCN
-# --------------------
-AC_DEFUN([_LT_AC_CHECK_DLFCN],
-[AC_CHECK_HEADERS(dlfcn.h)
-])# _LT_AC_CHECK_DLFCN
-
-# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
-# ---------------------------------
-AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
-[AC_REQUIRE([AC_CANONICAL_HOST])
-AC_REQUIRE([AC_PROG_NM])
-AC_REQUIRE([AC_OBJEXT])
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [dnl
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Transform the above into a raw symbol and a C symbol.
-symxfrm='\1 \2\3 \3'
-
-# Transform an extracted symbol line into a proper C declaration
-lt_cv_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  lt_cv_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-  lt_cv_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  ;;
-irix*)
-  symcode='[[BCDEGRST]]'
-  ;;
-solaris* | sysv5*)
-  symcode='[[BDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $host_os in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
-  symcode='[[ABCDGISTW]]'
-fi
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Write the raw and C identifiers.
-lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ 	]]\($symcode$symcode*\)[[ 	]][[ 	]]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-  rm -f conftest*
-  cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if egrep ' nm_test_var$' "$nlist" >/dev/null; then
-	if egrep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_global_symbol_to_cdecl"' < "$nlist" >> conftest.$ac_ext'
-
-	  cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr void *
-#else
-# define lt_ptr char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr address;
-}
-lt_preloaded_symbols[[]] =
-{
-EOF
-	  sed "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr) \&\2},/" < "$nlist" >> conftest.$ac_ext
-	  cat <<\EOF >> conftest.$ac_ext
-  {0, (lt_ptr) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  save_LIBS="$LIBS"
-	  save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$ac_objext"
-	  CFLAGS="$CFLAGS$no_builtin_flag"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest; then
-	    pipe_works=yes
-	  fi
-	  LIBS="$save_LIBS"
-	  CFLAGS="$save_CFLAGS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AC_FD_CC
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AC_FD_CC
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AC_FD_CC
-    fi
-  else
-    echo "$progname: failed program was:" >&AC_FD_CC
-    cat conftest.$ac_ext >&5
-  fi
-  rm -f conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-global_symbol_pipe="$lt_cv_sys_global_symbol_pipe"
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  global_symbol_to_cdecl=
-  global_symbol_to_c_name_address=
-else
-  global_symbol_to_cdecl="$lt_cv_global_symbol_to_cdecl"
-  global_symbol_to_c_name_address="$lt_cv_global_symbol_to_c_name_address"
-fi
-if test -z "$global_symbol_pipe$global_symbol_to_cdec$global_symbol_to_c_name_address";
-then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
-
-# _LT_AC_LIBTOOL_SYS_PATH_SEPARATOR
-# ---------------------------------
-AC_DEFUN([_LT_AC_LIBTOOL_SYS_PATH_SEPARATOR],
-[# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) lt_cv_sys_path_separator=';' ;;
-    *)     lt_cv_sys_path_separator=':' ;;
-  esac
-  PATH_SEPARATOR=$lt_cv_sys_path_separator
-fi
-])# _LT_AC_LIBTOOL_SYS_PATH_SEPARATOR
-
-# _LT_AC_PROG_ECHO_BACKSLASH
-# --------------------------
-# Add some code to the start of the generated configure script which
-# will find an echo command which doesn't interpret backslashes.
-AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH],
-[ifdef([AC_DIVERSION_NOTICE], [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
-			      [AC_DIVERT_PUSH(NOTICE)])
-_LT_AC_LIBTOOL_SYS_PATH_SEPARATOR
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$ECHO in
-X*--fallback-echo)
-  # Remove one level of quotation (which was required for Make).
-  ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
-  ;;
-esac
-
-echo=${ECHO-echo}
-if test "X[$]1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X[$]1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
-fi
-
-if test "X[$]1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-if test -z "$ECHO"; then
-if test "X${echo_test_string+set}" != Xset; then
-# find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string="`eval $cmd`") 2>/dev/null &&
-       echo_test_string="`eval $cmd`" &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
-    then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  IFS="${IFS= 	}"; save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for dir in $PATH /usr/ucb; do
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running configure again with it.
-      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL [$]0 --fallback-echo"
-      elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL [$]0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
-	  then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "[$]0"'; then
-	  echo_test_string=`eval $prev`
-	  export echo_test_string
-	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-ECHO=$echo
-if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
-   ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
-fi
-
-AC_SUBST(ECHO)
-AC_DIVERT_POP
-])# _LT_AC_PROG_ECHO_BACKSLASH
-
-# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                           ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ------------------------------------------------------------------
-AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF],
-[if test "$cross_compiling" = yes; then :
-  [$4]
-else
-  AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-[#line __oline__ "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-
-    exit (status);
-}]
-EOF
-  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_unknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_AC_TRY_DLOPEN_SELF
-
-# AC_LIBTOOL_DLOPEN_SELF
-# -------------------
-AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF],
-[if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen="load_add_on"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    lt_cv_dlopen="LoadLibrary"
-    lt_cv_dlopen_libs=
-   ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-          [lt_cv_dlopen="shl_load"],
-      [AC_CHECK_LIB([dld], [shl_load],
-            [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen="dlopen"],
-	  [AC_CHECK_LIB([dl], [dlopen],
-	        [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
-	    [AC_CHECK_LIB([svld], [dlopen],
-	          [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
-	      [AC_CHECK_LIB([dld], [dld_link],
-	            [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  else
-    enable_dlopen=no
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS="$CPPFLAGS"
-    AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
-    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS="$LDFLAGS"
-    eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS="$LIBS"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_AC_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test "x$lt_cv_dlopen_self" = xyes; then
-      LDFLAGS="$LDFLAGS $link_static_flag"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-    	  lt_cv_dlopen_self_static, [dnl
-	  _LT_AC_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS="$save_CPPFLAGS"
-    LDFLAGS="$save_LDFLAGS"
-    LIBS="$save_LIBS"
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-])# AC_LIBTOOL_DLOPEN_SELF
-
-AC_DEFUN([_LT_AC_LTCONFIG_HACK],
-[AC_REQUIRE([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])dnl
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e s/^X//'
-sed_quote_subst='s/\([[\\"\\`$\\\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([[\\"\\`\\\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Constants:
-rm="rm -f"
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a `.a' archive for static linking (except M$VC,
-# which needs '.lib').
-libext=a
-ltmain="$ac_aux_dir/ltmain.sh"
-ofile="$default_ofile"
-with_gnu_ld="$lt_cv_prog_gnu_ld"
-need_locks="$enable_libtool_lock"
-
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$NM" && NM=nm
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$ac_objext" && ac_objext=o
-
-if test x"$host" != x"$build"; then
-  ac_tool_prefix=${host_alias}-
-else
-  ac_tool_prefix=
-fi
-
-# Transform linux* to *-*-linux-gnu*, to support old configure scripts.
-case $host_os in
-linux-gnu*) ;;
-linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'`
-esac
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  openbsd*)
-    old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
-    ;;
-  *)
-    old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-fi
-
-# Allow CC to be a program name with arguments.
-set dummy $CC
-compiler="[$]2"
-
-AC_MSG_CHECKING([for objdir])
-rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-AC_MSG_RESULT($objdir)
-
-
-AC_ARG_WITH(pic,
-[  --with-pic              try to use only PIC/non-PIC objects [default=use both]],
-pic_mode="$withval", pic_mode=default)
-test -z "$pic_mode" && pic_mode=default
-
-# We assume here that the value for lt_cv_prog_cc_pic will not be cached
-# in isolation, and that seeing it set (from the cache) indicates that
-# the associated values are set (in the cache) correctly too.
-AC_MSG_CHECKING([for $compiler option to produce PIC])
-AC_CACHE_VAL(lt_cv_prog_cc_pic,
-[ lt_cv_prog_cc_pic=
-  lt_cv_prog_cc_shlib=
-  lt_cv_prog_cc_wl=
-  lt_cv_prog_cc_static=
-  lt_cv_prog_cc_no_builtin=
-  lt_cv_prog_cc_can_build_shared=$can_build_shared
-
-  if test "$GCC" = yes; then
-    lt_cv_prog_cc_wl='-Wl,'
-    lt_cv_prog_cc_static='-static'
-
-    case $host_os in
-    aix*)
-      # Below there is a dirty hack to force normal static linking with -ldl
-      # The problem is because libdl dynamically linked with both libc and
-      # libC (AIX C++ library), which obviously doesn't included in libraries
-      # list by gcc. This cause undefined symbols with -static flags.
-      # This hack allows C programs to be linked with "-static -ldl", but
-      # not sure about C++ programs.
-      lt_cv_prog_cc_static="$lt_cv_prog_cc_static ${lt_cv_prog_cc_wl}-lC"
-      ;;
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_cv_prog_cc_pic='-m68020 -resident32 -malways-restore-a4'
-      ;;
-    beos* | irix5* | irix6* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_cv_prog_cc_pic='-fno-common'
-      ;;
-    cygwin* | mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	 lt_cv_prog_cc_pic=-Kconform_pic
-      fi
-      ;;
-    *)
-      lt_cv_prog_cc_pic='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for PIC flags for the system compiler.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      lt_cv_prog_cc_wl='-Wl,'
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_cv_prog_cc_static='-Bstatic'
-      else
-	lt_cv_prog_cc_static='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      # Is there a better lt_cv_prog_cc_static that works with the bundled CC?
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static="${lt_cv_prog_cc_wl}-a ${lt_cv_prog_cc_wl}archive"
-      lt_cv_prog_cc_pic='+Z'
-      ;;
-
-    irix5* | irix6*)
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static='-non_shared'
-      # PIC (with -KPIC) is the default.
-      ;;
-
-    cygwin* | mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-
-    newsos6)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      # All OSF/1 code is PIC.
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static='-non_shared'
-      ;;
-
-    sco3.2v5*)
-      lt_cv_prog_cc_pic='-Kpic'
-      lt_cv_prog_cc_static='-dn'
-      lt_cv_prog_cc_shlib='-belf'
-      ;;
-
-    solaris*)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      lt_cv_prog_cc_wl='-Wl,'
-      ;;
-
-    sunos4*)
-      lt_cv_prog_cc_pic='-PIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      lt_cv_prog_cc_wl='-Qoption ld '
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      if test "x$host_vendor" = xsni; then
-	lt_cv_prog_cc_wl='-LD'
-      else
-	lt_cv_prog_cc_wl='-Wl,'
-      fi
-      ;;
-
-    uts4*)
-      lt_cv_prog_cc_pic='-pic'
-      lt_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	lt_cv_prog_cc_pic='-Kconform_pic'
-	lt_cv_prog_cc_static='-Bstatic'
-      fi
-      ;;
-
-    *)
-      lt_cv_prog_cc_can_build_shared=no
-      ;;
-    esac
-  fi
-])
-if test -z "$lt_cv_prog_cc_pic"; then
-  AC_MSG_RESULT([none])
-else
-  AC_MSG_RESULT([$lt_cv_prog_cc_pic])
-
-  # Check to make sure the pic_flag actually works.
-  AC_MSG_CHECKING([if $compiler PIC flag $lt_cv_prog_cc_pic works])
-  AC_CACHE_VAL(lt_cv_prog_cc_pic_works, [dnl
-    save_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS $lt_cv_prog_cc_pic -DPIC"
-    AC_TRY_COMPILE([], [], [dnl
-      case $host_os in
-      hpux9* | hpux10* | hpux11*)
-	# On HP-UX, both CC and GCC only warn that PIC is supported... then
-	# they create non-PIC objects.  So, if there were any warnings, we
-	# assume that PIC is not supported.
-	if test -s conftest.err; then
-	  lt_cv_prog_cc_pic_works=no
-	else
-	  lt_cv_prog_cc_pic_works=yes
-	fi
-	;;
-      *)
-	lt_cv_prog_cc_pic_works=yes
-	;;
-      esac
-    ], [dnl
-      lt_cv_prog_cc_pic_works=no
-    ])
-    CFLAGS="$save_CFLAGS"
-  ])
-
-  if test "X$lt_cv_prog_cc_pic_works" = Xno; then
-    lt_cv_prog_cc_pic=
-    lt_cv_prog_cc_can_build_shared=no
-  else
-    lt_cv_prog_cc_pic=" $lt_cv_prog_cc_pic"
-  fi
-
-  AC_MSG_RESULT([$lt_cv_prog_cc_pic_works])
-fi
-
-# Check for any special shared library compilation flags.
-if test -n "$lt_cv_prog_cc_shlib"; then
-  AC_MSG_WARN([\`$CC' requires \`$lt_cv_prog_cc_shlib' to build shared libraries])
-  if echo "$old_CC $old_CFLAGS " | egrep -e "[[ 	]]$lt_cv_prog_cc_shlib[[ 	]]" >/dev/null; then :
-  else
-   AC_MSG_WARN([add \`$lt_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure])
-    lt_cv_prog_cc_can_build_shared=no
-  fi
-fi
-
-AC_MSG_CHECKING([if $compiler static flag $lt_cv_prog_cc_static works])
-AC_CACHE_VAL([lt_cv_prog_cc_static_works], [dnl
-  lt_cv_prog_cc_static_works=no
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS $lt_cv_prog_cc_static"
-  AC_TRY_LINK([], [], [lt_cv_prog_cc_static_works=yes])
-  LDFLAGS="$save_LDFLAGS"
-])
-
-# Belt *and* braces to stop my trousers falling down:
-test "X$lt_cv_prog_cc_static_works" = Xno && lt_cv_prog_cc_static=
-AC_MSG_RESULT([$lt_cv_prog_cc_static_works])
-
-pic_flag="$lt_cv_prog_cc_pic"
-special_shlib_compile_flags="$lt_cv_prog_cc_shlib"
-wl="$lt_cv_prog_cc_wl"
-link_static_flag="$lt_cv_prog_cc_static"
-no_builtin_flag="$lt_cv_prog_cc_no_builtin"
-can_build_shared="$lt_cv_prog_cc_can_build_shared"
-
-
-# Check to see if options -o and -c are simultaneously supported by compiler
-AC_MSG_CHECKING([if $compiler supports -c -o file.$ac_objext])
-AC_CACHE_VAL([lt_cv_compiler_c_o], [
-$rm -r conftest 2>/dev/null
-mkdir conftest
-cd conftest
-echo "int some_variable = 0;" > conftest.$ac_ext
-mkdir out
-# According to Tom Tromey, Ian Lance Taylor reported there are C compilers
-# that will create temporary files in the current directory regardless of
-# the output directory.  Thus, making CWD read-only will cause this test
-# to fail, enabling locking or at least warning the user not to do parallel
-# builds.
-chmod -w .
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS -o out/conftest2.$ac_objext"
-compiler_c_o=no
-if { (eval echo configure:__oline__: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then
-  # The compiler can only warn and ignore the option if not recognized
-  # So say no if there are warnings
-  if test -s out/conftest.err; then
-    lt_cv_compiler_c_o=no
-  else
-    lt_cv_compiler_c_o=yes
-  fi
-else
-  # Append any errors to the config.log.
-  cat out/conftest.err 1>&AC_FD_CC
-  lt_cv_compiler_c_o=no
-fi
-CFLAGS="$save_CFLAGS"
-chmod u+w .
-$rm conftest* out/*
-rmdir out
-cd ..
-rmdir conftest
-$rm -r conftest 2>/dev/null
-])
-compiler_c_o=$lt_cv_compiler_c_o
-AC_MSG_RESULT([$compiler_c_o])
-
-if test x"$compiler_c_o" = x"yes"; then
-  # Check to see if we can write to a .lo
-  AC_MSG_CHECKING([if $compiler supports -c -o file.lo])
-  AC_CACHE_VAL([lt_cv_compiler_o_lo], [
-  lt_cv_compiler_o_lo=no
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -c -o conftest.lo"
-  save_objext="$ac_objext"
-  ac_objext=lo
-  AC_TRY_COMPILE([], [int some_variable = 0;], [dnl
-    # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-    if test -s conftest.err; then
-      lt_cv_compiler_o_lo=no
-    else
-      lt_cv_compiler_o_lo=yes
-    fi
-  ])
-  ac_objext="$save_objext"
-  CFLAGS="$save_CFLAGS"
-  ])
-  compiler_o_lo=$lt_cv_compiler_o_lo
-  AC_MSG_RESULT([$compiler_o_lo])
-else
-  compiler_o_lo=no
-fi
-
-# Check to see if we can do hard links to lock some files if needed
-hard_links="nottested"
-if test "$compiler_c_o" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test "$hard_links" = no; then
-    AC_MSG_WARN([\`$CC' does not support \`-c -o', so \`make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-if test "$GCC" = yes; then
-  # Check to see if options -fno-rtti -fno-exceptions are supported by compiler
-  AC_MSG_CHECKING([if $compiler supports -fno-rtti -fno-exceptions])
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.$ac_ext"
-  compiler_rtti_exceptions=no
-  AC_TRY_COMPILE([], [int some_variable = 0;], [dnl
-    # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-    if test -s conftest.err; then
-      compiler_rtti_exceptions=no
-    else
-      compiler_rtti_exceptions=yes
-    fi
-  ])
-  CFLAGS="$save_CFLAGS"
-  AC_MSG_RESULT([$compiler_rtti_exceptions])
-
-  if test "$compiler_rtti_exceptions" = "yes"; then
-    no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'
-  else
-    no_builtin_flag=' -fno-builtin'
-  fi
-fi
-
-# See if the linker supports building shared libraries.
-AC_MSG_CHECKING([whether the linker ($LD) supports shared libraries])
-
-allow_undefined_flag=
-no_undefined_flag=
-need_lib_prefix=unknown
-need_version=unknown
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-archive_cmds=
-archive_expsym_cmds=
-old_archive_from_new_cmds=
-old_archive_from_expsyms_cmds=
-export_dynamic_flag_spec=
-whole_archive_flag_spec=
-thread_safe_flag_spec=
-hardcode_into_libs=no
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-hardcode_shlibpath_var=unsupported
-runpath_var=
-link_all_deplibs=unknown
-always_export_symbols=no
-export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols'
-# include_expsyms should be a list of space-separated symbols to be *always*
-# included in the symbol list
-include_expsyms=
-# exclude_expsyms can be an egrep regular expression of symbols to exclude
-# it will be wrapped by ` (' and `)$', so one must not match beginning or
-# end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-# as well as any symbol that contains `d'.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-# platforms (ab)use it in PIC code, but their linkers get confused if
-# the symbol is explicitly referenced.  Since portable code cannot
-# rely on this symbol name, it's probably fine to never include it in
-# preloaded symbol tables.
-extract_expsyms_cmds=
-
-case $host_os in
-cygwin* | mingw* | pw32*)
-  # FIXME: the MSVC++ port hasn't been tested in a loooong time
-  # When not using gcc, we currently assume that we are using
-  # Microsoft Visual C++.
-  if test "$GCC" != yes; then
-    with_gnu_ld=no
-  fi
-  ;;
-openbsd*)
-  with_gnu_ld=no
-  ;;
-esac
-
-ld_shlibs=yes
-if test "$with_gnu_ld" = yes; then
-  # If archive_cmds runs LD, not CC, wlarc should be empty
-  wlarc='${wl}'
-
-  # See if GNU ld supports shared libraries.
-  case $host_os in
-  aix3* | aix4* | aix5*)
-    # On AIX, the GNU linker is very broken
-    # Note:Check GNU linker on AIX 5-IA64 when/if it becomes available.
-    ld_shlibs=no
-    cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-
-    # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-    # that the semantics of dynamic libraries on AmigaOS, at least up
-    # to version 4, is to share data among multiple programs linked
-    # with the same dynamic library.  Since this doesn't match the
-    # behavior of shared libraries on other platforms, we can use
-    # them.
-    ld_shlibs=no
-    ;;
-
-  beos*)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      allow_undefined_flag=unsupported
-      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-      # support --undefined.  This deserves some investigation.  FIXME
-      archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec='-L$libdir'
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-
-    extract_expsyms_cmds='test -f $output_objdir/impgen.c || \
-      sed -e "/^# \/\* impgen\.c starts here \*\//,/^# \/\* impgen.c ends here \*\// { s/^# //;s/^# *$//; p; }" -e d < $''0 > $output_objdir/impgen.c~
-      test -f $output_objdir/impgen.exe || (cd $output_objdir && \
-      if test "x$HOST_CC" != "x" ; then $HOST_CC -o impgen impgen.c ; \
-      else $CC -o impgen impgen.c ; fi)~
-      $output_objdir/impgen $dir/$soroot > $output_objdir/$soname-def'
-
-    old_archive_from_expsyms_cmds='$DLLTOOL --as=$AS --dllname $soname --def $output_objdir/$soname-def --output-lib $output_objdir/$newlib'
-
-    # cygwin and mingw dlls have different entry points and sets of symbols
-    # to exclude.
-    # FIXME: what about values for MSVC?
-    dll_entry=__cygwin_dll_entry@12
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12~
-    case $host_os in
-    mingw*)
-      # mingw values
-      dll_entry=_DllMainCRTStartup@12
-      dll_exclude_symbols=DllMain@12,DllMainCRTStartup@12,DllEntryPoint@12~
-      ;;
-    esac
-
-    # mingw and cygwin differ, and it's simplest to just exclude the union
-    # of the two symbol sets.
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12,DllMainCRTStartup@12,DllEntryPoint@12
-
-    # recent cygwin and mingw systems supply a stub DllMain which the user
-    # can override, but on older systems we have to supply one (in ltdll.c)
-    if test "x$lt_cv_need_dllmain" = "xyes"; then
-      ltdll_obj='$output_objdir/$soname-ltdll.'"$ac_objext "
-      ltdll_cmds='test -f $output_objdir/$soname-ltdll.c || sed -e "/^# \/\* ltdll\.c starts here \*\//,/^# \/\* ltdll.c ends here \*\// { s/^# //; p; }" -e d < $''0 > $output_objdir/$soname-ltdll.c~
-	test -f $output_objdir/$soname-ltdll.$ac_objext || (cd $output_objdir && $CC -c $soname-ltdll.c)~'
-    else
-      ltdll_obj=
-      ltdll_cmds=
-    fi
-
-    # Extract the symbol export list from an `--export-all' def file,
-    # then regenerate the def file from the symbol export list, so that
-    # the compiled dll only exports the symbol export list.
-    # Be careful not to strip the DATA tag left be newer dlltools.
-    export_symbols_cmds="$ltdll_cmds"'
-      $DLLTOOL --export-all --exclude-symbols '$dll_exclude_symbols' --output-def $output_objdir/$soname-def '$ltdll_obj'$libobjs $convenience~
-      sed -e "1,/EXPORTS/d" -e "s/ @ [[0-9]]*//" -e "s/ *;.*$//" < $output_objdir/$soname-def > $export_symbols'
-
-    # If the export-symbols file already is a .def file (1st line
-    # is EXPORTS), use it as is.
-    # If DATA tags from a recent dlltool are present, honour them!
-    archive_expsym_cmds='if test "x`head -1 $export_symbols`" = xEXPORTS; then
-	cp $export_symbols $output_objdir/$soname-def;
-      else
-	echo EXPORTS > $output_objdir/$soname-def;
-	_lt_hint=1;
-	cat $export_symbols | while read symbol; do
-	 set dummy \$symbol;
-	 case \[$]# in
-	   2) echo "   \[$]2 @ \$_lt_hint ; " >> $output_objdir/$soname-def;;
-	   *) echo "     \[$]2 @ \$_lt_hint \[$]3 ; " >> $output_objdir/$soname-def;;
-	 esac;
-	 _lt_hint=`expr 1 + \$_lt_hint`;
-	done;
-      fi~
-      '"$ltdll_cmds"'
-      $CC -Wl,--base-file,$output_objdir/$soname-base '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp~
-      $CC -Wl,--base-file,$output_objdir/$soname-base $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp --output-lib $output_objdir/$libname.dll.a~
-      $CC $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags'
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-      wlarc=
-    else
-      archive_cmds='$CC -shared -nodefaultlibs $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared -nodefaultlibs $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    fi
-    ;;
-
-  solaris* | sysv5*)
-    if $LD -v 2>&1 | egrep 'BFD 2\.8' > /dev/null; then
-      ld_shlibs=no
-      cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-    elif $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  sunos4*)
-    archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    wlarc=
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-  esac
-
-  if test "$ld_shlibs" = yes; then
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec='${wl}--export-dynamic'
-    case $host_os in
-    cygwin* | mingw* | pw32*)
-      # dlltool doesn't understand --whole-archive et. al.
-      whole_archive_flag_spec=
-      ;;
-    *)
-      # ancient GNU ld didn't support --whole-archive et. al.
-      if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-	whole_archive_flag_spec=
-      fi
-      ;;
-    esac
-  fi
-else
-  # PORTME fill in a description of your system's linker (not GNU ld)
-  case $host_os in
-  aix3*)
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-    archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-    # Note: this linker hardcodes the directories in LIBPATH if there
-    # are no directories specified by -L.
-    hardcode_minus_L=yes
-    if test "$GCC" = yes && test -z "$link_static_flag"; then
-      # Neither direct hardcoding nor static linking is supported with a
-      # broken collect2.
-      hardcode_direct=unsupported
-    fi
-    ;;
-
-  aix4* | aix5*)
-    if test "$host_cpu" = ia64; then
-      # On IA64, the linker does run time linking by default, so we don't
-      # have to do anything special.
-      aix_use_runtimelinking=no
-      exp_sym_flag='-Bexport'
-      no_entry_flag=""
-    else
-      aix_use_runtimelinking=no
-
-      # Test if we are trying to use run time linking or normal
-      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-      # need to do runtime linking.
-      case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
-	for ld_flag in $LDFLAGS; do
-	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	done
-      esac
-
-      exp_sym_flag='-bexport'
-      no_entry_flag='-bnoentry'
-    fi
-
-    # When large executables or shared objects are built, AIX ld can
-    # have problems creating the table of contents.  If linking a library
-    # or program results in "error TOC overflow" add -mminimal-toc to
-    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-    hardcode_direct=yes
-    archive_cmds=''
-    hardcode_libdir_separator=':'
-    if test "$GCC" = yes; then
-      case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	collect2name=`${CC} -print-prog-name=collect2`
-	if test -f "$collect2name" && \
-	  strings "$collect2name" | grep resolve_lib_name >/dev/null
-	then
-	  # We have reworked collect2
-	  hardcode_direct=yes
-	else
-	  # We have old collect2
-	  hardcode_direct=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  hardcode_minus_L=yes
-	  hardcode_libdir_flag_spec='-L$libdir'
-	  hardcode_libdir_separator=
-	fi
-      esac
-
-      shared_flag='-shared'
-    else
-      # not using gcc
-      if test "$host_cpu" = ia64; then
-	shared_flag='${wl}-G'
-      else
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag='${wl}-G'
-	else
-	  shared_flag='${wl}-bM:SRE'
-	fi
-      fi
-    fi
-
-    # It seems that -bexpall can do strange things, so it is better to
-    # generate a list of symbols to export.
-    always_export_symbols=yes
-    if test "$aix_use_runtimelinking" = yes; then
-      # Warning - without using the other runtime loading flags (-brtl),
-      # -berok will link without error, but may produce a broken library.
-      allow_undefined_flag='-berok'
-      hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:/usr/lib:/lib'
-      archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-    else
-      if test "$host_cpu" = ia64; then
-	hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
-	allow_undefined_flag="-z nodefs"
-	archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname ${wl}-h$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
-      else
-	hardcode_libdir_flag_spec='${wl}-bnolibpath ${wl}-blibpath:$libdir:/usr/lib:/lib'
-	# Warning - without using the other run time loading flags,
-	# -berok will link without error, but may produce a broken library.
-	allow_undefined_flag='${wl}-berok'
-	# This is a bit strange, but is similar to how AIX traditionally builds
-	# it's shared libraries.
-	archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"' ~$AR -crlo $objdir/$libname$release.a $objdir/$soname'
-      fi
-    fi
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    # see comment about different semantics on the GNU ld section
-    ld_shlibs=no
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec=' '
-    allow_undefined_flag=unsupported
-    # Tell ltmain to make .lib files, not .a files.
-    libext=lib
-    # FIXME: Setting linknames here is a bad hack.
-    archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | sed -e '\''s/ -lc$//'\''` -link -dll~linknames='
-    # The linker will automatically build a .lib file if we build a DLL.
-    old_archive_from_new_cmds='true'
-    # FIXME: Should let the user specify the lib program.
-    old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
-    fix_srcfile_path='`cygpath -w "$srcfile"`'
-    ;;
-
-  darwin* | rhapsody*)
-    case "$host_os" in
-    rhapsody* | darwin1.[[012]])
-      allow_undefined_flag='-undefined suppress'
-      ;;
-    *) # Darwin 1.3 on
-      allow_undefined_flag='-flat_namespace -undefined suppress'
-      ;;
-    esac
-    # FIXME: Relying on posixy $() will cause problems for
-    #        cross-compilation, but unfortunately the echo tests do not
-    #        yet detect zsh echo's removal of \ escapes.
-    archive_cmds='$nonopt $(test "x$module" = xyes && echo -bundle || echo -dynamiclib) $allow_undefined_flag -o $lib $libobjs $deplibs$linker_flags -install_name $rpath/$soname $verstring'
-    # We need to add '_' to the symbols in $export_symbols first
-    #archive_expsym_cmds="$archive_cmds"' && strip -s $export_symbols'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    whole_archive_flag_spec='-all_load $convenience'
-    ;;
-
-  freebsd1*)
-    ld_shlibs=no
-    ;;
-
-  # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-  # support.  Future versions do this automatically, but an explicit c++rt0.o
-  # does not break anything, and helps significantly (at the cost of a little
-  # extra space).
-  freebsd2.2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-  freebsd2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-  freebsd*)
-    archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  hpux9* | hpux10* | hpux11*)
-    case $host_os in
-    hpux9*) archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' ;;
-    *) archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' ;;
-    esac
-    hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_direct=yes
-    hardcode_minus_L=yes # Not in the search PATH, but as the default
-			 # location of the library.
-    export_dynamic_flag_spec='${wl}-E'
-    ;;
-
-  irix5* | irix6*)
-    if test "$GCC" = yes; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    link_all_deplibs=yes
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-    else
-      archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-    fi
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  newsos6)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_shlibpath_var=no
-    ;;
-
-  openbsd*)
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-      archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-      export_dynamic_flag_spec='${wl}-E'
-    else
-      case "$host_os" in
-      openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
-	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	hardcode_libdir_flag_spec='-R$libdir'
-        ;;
-      *)
-        archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $linker_flags'
-        hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-        ;;
-      esac
-    fi
-    ;;
-
-  os2*)
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    allow_undefined_flag=unsupported
-    archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-    old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-    ;;
-
-  osf3*)
-    if test "$GCC" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    ;;
-
-  osf4* | osf5*)	# as osf3* with the addition of -msym flag
-    if test "$GCC" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      archive_expsym_cmds='for i in `cat $export_symbols`; do printf "-exported_symbol " >> $lib.exp; echo "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-      $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${objdir}/so_locations -o $lib~$rm $lib.exp'
-
-      #Both c and cxx compiler support -rpath directly
-      hardcode_libdir_flag_spec='-rpath $libdir'
-    fi
-    hardcode_libdir_separator=:
-    ;;
-
-  sco3.2v5*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    runpath_var=LD_RUN_PATH
-    hardcode_runpath_var=yes
-    export_dynamic_flag_spec='${wl}-Bexport'
-    ;;
-
-  solaris*)
-    # gcc --version < 3.0 without binutils cannot create self contained
-    # shared libraries reliably, requiring libgcc.a to resolve some of
-    # the object symbols generated in some cases.  Libraries that use
-    # assert need libgcc.a to resolve __eprintf, for example.  Linking
-    # a copy of libgcc.a into every shared library to guarantee resolving
-    # such symbols causes other problems:  According to Tim Van Holder
-    # <tim.van.holder@pandora.be>, C++ libraries end up with a separate
-    # (to the application) exception stack for one thing.
-    no_undefined_flag=' -z defs'
-    if test "$GCC" = yes; then
-      case `$CC --version 2>/dev/null` in
-      [[12]].*)
-	cat <<EOF 1>&2
-
-*** Warning: Releases of GCC earlier than version 3.0 cannot reliably
-*** create self contained shared libraries on Solaris systems, without
-*** introducing a dependency on libgcc.a.  Therefore, libtool is disabling
-*** -no-undefined support, which will at least allow you to build shared
-*** libraries.  However, you may find that when you link such libraries
-*** into an application without using GCC, you have to manually add
-*** \`gcc --print-libgcc-file-name\` to the link command.  We urge you to
-*** upgrade to a newer version of GCC.  Another option is to rebuild your
-*** current GCC to use the GNU linker from GNU binutils 2.9.1 or newer.
-
-EOF
-        no_undefined_flag=
-	;;
-      esac
-    fi
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_shlibpath_var=no
-    case $host_os in
-    solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-    *) # Supported since Solaris 2.6 (maybe 2.5.1?)
-      whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
-    esac
-    link_all_deplibs=yes
-    ;;
-
-  sunos4*)
-    if test "x$host_vendor" = xsequent; then
-      # Use $CC to link under sequent, because it throws in some extra .o
-      # files that make .init and .fini sections work.
-      archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-    else
-      archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-    fi
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4)
-    if test "x$host_vendor" = xsno; then
-      archive_cmds='$LD -G -Bsymbolic -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=yes # is this really true???
-    else
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=no #Motorola manual says yes, but my tests say they lie
-    fi
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4.3*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    export_dynamic_flag_spec='-Bexport'
-    ;;
-
-  sysv5*)
-    no_undefined_flag=' -z text'
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec=
-    hardcode_shlibpath_var=no
-    runpath_var='LD_RUN_PATH'
-    ;;
-
-  uts4*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  dgux*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4*MP*)
-    if test -d /usr/nec; then
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var=no
-      runpath_var=LD_RUN_PATH
-      hardcode_runpath_var=yes
-      ld_shlibs=yes
-    fi
-    ;;
-
-  sysv4.2uw2*)
-    archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=no
-    hardcode_shlibpath_var=no
-    hardcode_runpath_var=yes
-    runpath_var=LD_RUN_PATH
-    ;;
-
-  sysv5uw7* | unixware7*)
-    no_undefined_flag='${wl}-z ${wl}text'
-    if test "$GCC" = yes; then
-      archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-    else
-      archive_cmds='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-    fi
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    ld_shlibs=no
-    ;;
-  esac
-fi
-AC_MSG_RESULT([$ld_shlibs])
-test "$ld_shlibs" = no && can_build_shared=no
-
-# Check hardcoding attributes.
-AC_MSG_CHECKING([how to hardcode library paths into programs])
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
-   test -n "$runpath_var"; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$hardcode_shlibpath_var" != no &&
-     test "$hardcode_minus_L" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action=unsupported
-fi
-AC_MSG_RESULT([$hardcode_action])
-
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-  AC_MSG_RESULT([no])
-fi
-
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-# PORTME Fill in your ld.so characteristics
-AC_MSG_CHECKING([dynamic linker characteristics])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}.so$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}.so$major ${libname}${release}.so$versuffix $libname.so'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-	if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	     echo ' yes '
-	     echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	  :
-	else
-	  can_build_shared=no
-	fi
-	;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can
-    # not hardcode correct soname into executable. Probably we can
-    # add versioning support to collect2, so additional links can
-    # be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}.so$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}.so'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi4*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  export_dynamic_flag_spec=-rdynamic
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  need_version=no
-  need_lib_prefix=no
-  case $GCC,$host_os in
-  yes,cygwin*)
-    library_names_spec='$libname.dll.a'
-    soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | sed -e 's/[[.]]/-/g'`${versuffix}.dll'
-    postinstall_cmds='dlpath=`bash 2>&1 -c '\''. $dir/${file}i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog .libs/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`bash 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    ;;
-  yes,mingw*)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[[.]]/-/g'`${versuffix}.dll'
-    sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | sed -e "s/^libraries://" -e "s/;/ /g"`
-    ;;
-  yes,pw32*)
-    library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-    ;;
-  *)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[[.]]/-/g'`${versuffix}.dll $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  # FIXME: Relying on posixy $() will cause problems for
-  #        cross-compilation, but unfortunately the echo tests do not
-  #        yet detect zsh echo's removal of \ escapes.
-  library_names_spec='${libname}${release}${versuffix}.$(test .$module = .yes && echo so || echo dylib) ${libname}${release}${major}.$(test .$module = .yes && echo so || echo dylib) ${libname}.$(test .$module = .yes && echo so || echo dylib)'
-  soname_spec='${libname}${release}${major}.$(test .$module = .yes && echo so || echo dylib)'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-freebsd*)
-  objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}.so$versuffix $libname.so$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  *)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  dynamic_linker="$host_os dld.sl"
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  shlibpath_var=SHLIB_PATH
-  shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-  library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl'
-  soname_spec='${libname}${release}.sl$major'
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-irix5* | irix6*)
-  version_type=irix
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so $libname.so'
-  case $host_os in
-  irix5*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so'
-    soname_spec='${libname}${release}.so$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case "$host_os" in
-    openbsd2.[[89]] | openbsd2.[[89]].*)
-      shlibpath_overrides_runpath=no
-      ;;
-    *)
-      shlibpath_overrides_runpath=yes
-      ;;
-    esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-os2*)
-  libname_spec='$name'
-  need_lib_prefix=no
-  library_names_spec='$libname.dll $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_version=no
-  soname_spec='${libname}${release}.so'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-sco3.2v5*)
-  version_type=osf
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so'
-    soname_spec='$libname.so.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test "$dynamic_linker" = no && can_build_shared=no
-
-# Report the final consequences.
-AC_MSG_CHECKING([if libtool supports shared libraries])
-AC_MSG_RESULT([$can_build_shared])
-
-AC_MSG_CHECKING([whether to build shared libraries])
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case "$host_os" in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-  ;;
-esac
-AC_MSG_RESULT([$enable_shared])
-
-AC_MSG_CHECKING([whether to build static libraries])
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-AC_MSG_RESULT([$enable_static])
-
-if test "$hardcode_action" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-AC_LIBTOOL_DLOPEN_SELF
-
-if test "$enable_shared" = yes && test "$GCC" = yes; then
-  case $archive_cmds in
-  *'~'*)
-    # FIXME: we may have to deal with multi-command sequences.
-    ;;
-  '$CC '*)
-    # Test whether the compiler implicitly links with -lc since on some
-    # systems, -lgcc has to come before -lc. If gcc already passes -lc
-    # to ld, don't add -lc before -lgcc.
-    AC_MSG_CHECKING([whether -lc should be explicitly linked in])
-    AC_CACHE_VAL([lt_cv_archive_cmds_need_lc],
-    [$rm conftest*
-    echo 'static int dummy;' > conftest.$ac_ext
-
-    if AC_TRY_EVAL(ac_compile); then
-      soname=conftest
-      lib=conftest
-      libobjs=conftest.$ac_objext
-      deplibs=
-      wl=$lt_cv_prog_cc_wl
-      compiler_flags=-v
-      linker_flags=-v
-      verstring=
-      output_objdir=.
-      libname=conftest
-      save_allow_undefined_flag=$allow_undefined_flag
-      allow_undefined_flag=
-      if AC_TRY_EVAL(archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1)
-      then
-	lt_cv_archive_cmds_need_lc=no
-      else
-	lt_cv_archive_cmds_need_lc=yes
-      fi
-      allow_undefined_flag=$save_allow_undefined_flag
-    else
-      cat conftest.err 1>&5
-    fi])
-    AC_MSG_RESULT([$lt_cv_archive_cmds_need_lc])
-    ;;
-  esac
-fi
-need_lc=${lt_cv_archive_cmds_need_lc-yes}
-
-# The second clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  :
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  test -f Makefile && make "$ltmain"
-fi
-
-if test -f "$ltmain"; then
-  trap "$rm \"${ofile}T\"; exit 1" 1 2 15
-  $rm -f "${ofile}T"
-
-  echo creating $ofile
-
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS \
-    AR AR_FLAGS CC LD LN_S NM SHELL \
-    reload_flag reload_cmds wl \
-    pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \
-    thread_safe_flag_spec whole_archive_flag_spec libname_spec \
-    library_names_spec soname_spec \
-    RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \
-    old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \
-    postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \
-    old_striplib striplib file_magic_cmd export_symbols_cmds \
-    deplibs_check_method allow_undefined_flag no_undefined_flag \
-    finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \
-    global_symbol_to_c_name_address \
-    hardcode_libdir_flag_spec hardcode_libdir_separator  \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    compiler_c_o compiler_o_lo need_locks exclude_expsyms include_expsyms; do
-
-    case $var in
-    reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    export_symbols_cmds | archive_cmds | archive_expsym_cmds | \
-    extract_expsyms_cmds | old_archive_from_expsyms_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  cat <<__EOF__ > "${ofile}T"
-#! $SHELL
-
-# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$need_lc
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# The default C compiler.
-CC=$lt_CC
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_wl
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_pic_flag
-pic_mode=$pic_mode
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_compiler_c_o
-
-# Can we write directly to a .lo ?
-compiler_o_lo=$lt_compiler_o_lo
-
-# Must we lock files when doing compilation ?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_link_static_flag
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# ### END LIBTOOL CONFIG
-
-__EOF__
-
-  case $host_os in
-  aix3*)
-    cat <<\EOF >> "${ofile}T"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-    ;;
-  esac
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | os2*)
-    cat <<'EOF' >> "${ofile}T"
-      # This is a source program that is used to create dlls on Windows
-      # Don't remove nor modify the starting and closing comments
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# #  ifdef __CYGWIN32__
-# #    define __CYGWIN__ __CYGWIN32__
-# #  endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-#   __hDllInstance_base = hInst;
-#   return TRUE;
-# }
-# /* ltdll.c ends here */
-	# This is a source program that is used to create import libraries
-	# on Windows for dlls which lack them. Don't remove nor modify the
-	# starting and closing comments
-# /* impgen.c starts here */
-# /*   Copyright (C) 1999-2000 Free Software Foundation, Inc.
-#
-#  This file is part of GNU libtool.
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#  */
-#
-# #include <stdio.h>		/* for printf() */
-# #include <unistd.h>		/* for open(), lseek(), read() */
-# #include <fcntl.h>		/* for O_RDONLY, O_BINARY */
-# #include <string.h>		/* for strdup() */
-#
-# /* O_BINARY isn't required (or even defined sometimes) under Unix */
-# #ifndef O_BINARY
-# #define O_BINARY 0
-# #endif
-#
-# static unsigned int
-# pe_get16 (fd, offset)
-#      int fd;
-#      int offset;
-# {
-#   unsigned char b[2];
-#   lseek (fd, offset, SEEK_SET);
-#   read (fd, b, 2);
-#   return b[0] + (b[1]<<8);
-# }
-#
-# static unsigned int
-# pe_get32 (fd, offset)
-#     int fd;
-#     int offset;
-# {
-#   unsigned char b[4];
-#   lseek (fd, offset, SEEK_SET);
-#   read (fd, b, 4);
-#   return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# static unsigned int
-# pe_as32 (ptr)
-#      void *ptr;
-# {
-#   unsigned char *b = ptr;
-#   return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# int
-# main (argc, argv)
-#     int argc;
-#     char *argv[];
-# {
-#     int dll;
-#     unsigned long pe_header_offset, opthdr_ofs, num_entries, i;
-#     unsigned long export_rva, export_size, nsections, secptr, expptr;
-#     unsigned long name_rvas, nexp;
-#     unsigned char *expdata, *erva;
-#     char *filename, *dll_name;
-#
-#     filename = argv[1];
-#
-#     dll = open(filename, O_RDONLY|O_BINARY);
-#     if (dll < 1)
-# 	return 1;
-#
-#     dll_name = filename;
-#
-#     for (i=0; filename[i]; i++)
-# 	if (filename[i] == '/' || filename[i] == '\\'  || filename[i] == ':')
-# 	    dll_name = filename + i +1;
-#
-#     pe_header_offset = pe_get32 (dll, 0x3c);
-#     opthdr_ofs = pe_header_offset + 4 + 20;
-#     num_entries = pe_get32 (dll, opthdr_ofs + 92);
-#
-#     if (num_entries < 1) /* no exports */
-# 	return 1;
-#
-#     export_rva = pe_get32 (dll, opthdr_ofs + 96);
-#     export_size = pe_get32 (dll, opthdr_ofs + 100);
-#     nsections = pe_get16 (dll, pe_header_offset + 4 +2);
-#     secptr = (pe_header_offset + 4 + 20 +
-# 	      pe_get16 (dll, pe_header_offset + 4 + 16));
-#
-#     expptr = 0;
-#     for (i = 0; i < nsections; i++)
-#     {
-# 	char sname[8];
-# 	unsigned long secptr1 = secptr + 40 * i;
-# 	unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
-# 	unsigned long vsize = pe_get32 (dll, secptr1 + 16);
-# 	unsigned long fptr = pe_get32 (dll, secptr1 + 20);
-# 	lseek(dll, secptr1, SEEK_SET);
-# 	read(dll, sname, 8);
-# 	if (vaddr <= export_rva && vaddr+vsize > export_rva)
-# 	{
-# 	    expptr = fptr + (export_rva - vaddr);
-# 	    if (export_rva + export_size > vaddr + vsize)
-# 		export_size = vsize - (export_rva - vaddr);
-# 	    break;
-# 	}
-#     }
-#
-#     expdata = (unsigned char*)malloc(export_size);
-#     lseek (dll, expptr, SEEK_SET);
-#     read (dll, expdata, export_size);
-#     erva = expdata - export_rva;
-#
-#     nexp = pe_as32 (expdata+24);
-#     name_rvas = pe_as32 (expdata+32);
-#
-#     printf ("EXPORTS\n");
-#     for (i = 0; i<nexp; i++)
-#     {
-# 	unsigned long name_rva = pe_as32 (erva+name_rvas+i*4);
-# 	printf ("\t%s @ %ld ;\n", erva+name_rva, 1+ i);
-#     }
-#
-#     return 0;
-# }
-# /* impgen.c ends here */
-
-EOF
-    ;;
-  esac
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "${ofile}T" || (rm -f "${ofile}T"; exit 1)
-
-  mv -f "${ofile}T" "$ofile" || \
-    (rm -f "$ofile" && cp "${ofile}T" "$ofile" && rm -f "${ofile}T")
-  chmod +x "$ofile"
-fi
-
-])# _LT_AC_LTCONFIG_HACK
-
-# AC_LIBTOOL_DLOPEN - enable checks for dlopen support
-AC_DEFUN([AC_LIBTOOL_DLOPEN], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])])
-
-# AC_LIBTOOL_WIN32_DLL - declare package support for building win32 dll's
-AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_BEFORE([$0], [AC_LIBTOOL_SETUP])])
-
-# AC_ENABLE_SHARED - implement the --enable-shared flag
-# Usage: AC_ENABLE_SHARED[(DEFAULT)]
-#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
-#   `yes'.
-AC_DEFUN([AC_ENABLE_SHARED],
-[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
-AC_ARG_ENABLE(shared,
-changequote(<<, >>)dnl
-<<  --enable-shared[=PKGS]  build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT],
-changequote([, ])dnl
-[p=${PACKAGE-default}
-case $enableval in
-yes) enable_shared=yes ;;
-no) enable_shared=no ;;
-*)
-  enable_shared=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_shared=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac],
-enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl
-])
-
-# AC_DISABLE_SHARED - set the default shared flag to --disable-shared
-AC_DEFUN([AC_DISABLE_SHARED],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-AC_ENABLE_SHARED(no)])
-
-# AC_ENABLE_STATIC - implement the --enable-static flag
-# Usage: AC_ENABLE_STATIC[(DEFAULT)]
-#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
-#   `yes'.
-AC_DEFUN([AC_ENABLE_STATIC],
-[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
-AC_ARG_ENABLE(static,
-changequote(<<, >>)dnl
-<<  --enable-static[=PKGS]  build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT],
-changequote([, ])dnl
-[p=${PACKAGE-default}
-case $enableval in
-yes) enable_static=yes ;;
-no) enable_static=no ;;
-*)
-  enable_static=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_static=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac],
-enable_static=AC_ENABLE_STATIC_DEFAULT)dnl
-])
-
-# AC_DISABLE_STATIC - set the default static flag to --disable-static
-AC_DEFUN([AC_DISABLE_STATIC],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-AC_ENABLE_STATIC(no)])
-
-
-# AC_ENABLE_FAST_INSTALL - implement the --enable-fast-install flag
-# Usage: AC_ENABLE_FAST_INSTALL[(DEFAULT)]
-#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
-#   `yes'.
-AC_DEFUN([AC_ENABLE_FAST_INSTALL],
-[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
-AC_ARG_ENABLE(fast-install,
-changequote(<<, >>)dnl
-<<  --enable-fast-install[=PKGS]  optimize for fast installation [default=>>AC_ENABLE_FAST_INSTALL_DEFAULT],
-changequote([, ])dnl
-[p=${PACKAGE-default}
-case $enableval in
-yes) enable_fast_install=yes ;;
-no) enable_fast_install=no ;;
-*)
-  enable_fast_install=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_fast_install=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac],
-enable_fast_install=AC_ENABLE_FAST_INSTALL_DEFAULT)dnl
-])
-
-# AC_DISABLE_FAST_INSTALL - set the default to --disable-fast-install
-AC_DEFUN([AC_DISABLE_FAST_INSTALL],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-AC_ENABLE_FAST_INSTALL(no)])
-
-# AC_LIBTOOL_PICMODE - implement the --with-pic flag
-# Usage: AC_LIBTOOL_PICMODE[(MODE)]
-#   Where MODE is either `yes' or `no'.  If omitted, it defaults to
-#   `both'.
-AC_DEFUN([AC_LIBTOOL_PICMODE],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-pic_mode=ifelse($#,1,$1,default)])
-
-
-# AC_PATH_TOOL_PREFIX - find a file program which can recognise shared library
-AC_DEFUN([AC_PATH_TOOL_PREFIX],
-[AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-  /*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-  ?:/*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a dos path.
-  ;;
-  *)
-  ac_save_MAGIC_CMD="$MAGIC_CMD"
-  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS=":"
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="ifelse([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/$1; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    egrep "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  MAGIC_CMD="$ac_save_MAGIC_CMD"
-  ;;
-esac])
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-])
-
-
-# AC_PATH_MAGIC - find a file program which can recognise a shared library
-AC_DEFUN([AC_PATH_MAGIC],
-[AC_REQUIRE([AC_CHECK_TOOL_PREFIX])dnl
-AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin:$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_PATH_TOOL_PREFIX(file, /usr/bin:$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])
-
-
-# AC_PROG_LD - find the path to the GNU or non-GNU linker
-AC_DEFUN([AC_PROG_LD],
-[AC_ARG_WITH(gnu-ld,
-[  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]],
-test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no)
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_AC_LIBTOOL_SYS_PATH_SEPARATOR])dnl
-ac_prog=ld
-if test "$GCC" = yes; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by GCC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | [[A-Za-z]]:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the path of ld
-      ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD="$ac_prog"
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test "$with_gnu_ld" = yes; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD="$ac_dir/$ac_prog"
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some GNU ld's only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      if "$lt_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then
-	test "$with_gnu_ld" != no && break
-      else
-	test "$with_gnu_ld" != yes && break
-      fi
-    fi
-  done
-  IFS="$ac_save_ifs"
-else
-  lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi])
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-AC_PROG_LD_GNU
-])
-
-# AC_PROG_LD_GNU -
-AC_DEFUN([AC_PROG_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
-if $LD -v 2>&1 </dev/null | egrep '(GNU|with BFD)' 1>&5; then
-  lt_cv_prog_gnu_ld=yes
-else
-  lt_cv_prog_gnu_ld=no
-fi])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])
-
-# AC_PROG_LD_RELOAD_FLAG - find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-AC_DEFUN([AC_PROG_LD_RELOAD_FLAG],
-[AC_CACHE_CHECK([for $LD option to reload object files], lt_cv_ld_reload_flag,
-[lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-test -n "$reload_flag" && reload_flag=" $reload_flag"
-])
-
-# AC_DEPLIBS_CHECK_METHOD - how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
-[AC_CACHE_CHECK([how to recognise dependant libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given egrep regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix4* | aix5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi4*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin* | mingw* | pw32*)
-  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method='file_magic Mach-O dynamically linked shared library'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  case "$host_os" in
-  rhapsody* | darwin1.[[012]])
-    lt_cv_file_magic_test_file=`echo /System/Library/Frameworks/System.framework/Versions/*/System | head -1`
-    ;;
-  *) # Darwin 1.3 on
-    lt_cv_file_magic_test_file='/usr/lib/libSystem.dylib'
-    ;;
-  esac
-  ;;
-
-freebsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20*|hpux11*)
-  lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libc.sl
-  ;;
-
-irix5* | irix6*)
-  case $host_os in
-  irix5*)
-    # this will be overridden with pass_all, but let us keep it just in case
-    lt_cv_deplibs_check_method="file_magic ELF 32-bit MSB dynamic lib MIPS - version 1"
-    ;;
-  *)
-    case $LD in
-    *-32|*"-32 ") libmagic=32-bit;;
-    *-n32|*"-n32 ") libmagic=N32;;
-    *-64|*"-64 ") libmagic=64-bit;;
-    *) libmagic=never-match;;
-    esac
-    # this will be overridden with pass_all, but let us keep it just in case
-    lt_cv_deplibs_check_method="file_magic ELF ${libmagic} MSB mips-[[1234]] dynamic lib MIPS - version 1"
-    ;;
-  esac
-  lt_cv_file_magic_test_file=`echo /lib${libsuff}/libc.so*`
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  case $host_cpu in
-  alpha* | hppa* | i*86 | powerpc* | sparc* | ia64* )
-    lt_cv_deplibs_check_method=pass_all ;;
-  *)
-    # glibc up to 2.1.1 does not perform some relocations on ARM
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;;
-  esac
-  lt_cv_file_magic_test_file=`echo /lib/libc.so* /lib/libc-*.so`
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/\.]]+\.so\.[[0-9]]+\.[[0-9]]+$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/\.]]+\.so$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-openbsd*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB shared object'
-  else
-    lt_cv_deplibs_check_method='file_magic OpenBSD.* shared library'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  # this will be overridden with pass_all, but let us keep it just in case
-  lt_cv_deplibs_check_method='file_magic COFF format alpha shared library'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sco3.2v5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  lt_cv_file_magic_test_file=/lib/libc.so
-  ;;
-
-sysv5uw[[78]]* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  esac
-  ;;
-esac
-])
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-])
-
-
-# AC_PROG_NM - find the path to a BSD-compatible name lister
-AC_DEFUN([AC_PROG_NM],
-[AC_REQUIRE([_LT_AC_LIBTOOL_SYS_PATH_SEPARATOR])dnl
-AC_MSG_CHECKING([for BSD-compatible nm])
-AC_CACHE_VAL(lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM="$NM"
-else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
-    test -z "$ac_dir" && ac_dir=.
-    tmp_nm=$ac_dir/${ac_tool_prefix}nm
-    if test -f $tmp_nm || test -f $tmp_nm$ac_exeext ; then
-      # Check to see if the nm accepts a BSD-compat flag.
-      # Adding the `sed 1q' prevents false positives on HP-UX, which says:
-      #   nm: unknown option "B" ignored
-      # Tru64's nm complains that /dev/null is an invalid object file
-      if ($tmp_nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep '(/dev/null|Invalid file or object type)' >/dev/null; then
-	lt_cv_path_NM="$tmp_nm -B"
-	break
-      elif ($tmp_nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
-	lt_cv_path_NM="$tmp_nm -p"
-	break
-      else
-	lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	continue # so that we can try to find one that supports BSD flags
-      fi
-    fi
-  done
-  IFS="$ac_save_ifs"
-  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
-fi])
-NM="$lt_cv_path_NM"
-AC_MSG_RESULT([$NM])
-])
-
-# AC_CHECK_LIBM - check for math library
-AC_DEFUN([AC_CHECK_LIBM],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cygwin* | *-*-pw32*)
-  # These system don't have libm
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
-  AC_CHECK_LIB(m, main, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, main, LIBM="-lm")
-  ;;
-esac
-])
-
-# AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for
-# the libltdl convenience library and INCLTDL to the include flags for
-# the libltdl header and adds --enable-ltdl-convenience to the
-# configure arguments.  Note that LIBLTDL and INCLTDL are not
-# AC_SUBSTed, nor is AC_CONFIG_SUBDIRS called.  If DIR is not
-# provided, it is assumed to be `libltdl'.  LIBLTDL will be prefixed
-# with '${top_builddir}/' and INCLTDL will be prefixed with
-# '${top_srcdir}/' (note the single quotes!).  If your package is not
-# flat and you're not using automake, define top_builddir and
-# top_srcdir appropriately in the Makefiles.
-AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-  case $enable_ltdl_convenience in
-  no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
-  "") enable_ltdl_convenience=yes
-      ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
-  esac
-  LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
-  INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
-])
-
-# AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for
-# the libltdl installable library and INCLTDL to the include flags for
-# the libltdl header and adds --enable-ltdl-install to the configure
-# arguments.  Note that LIBLTDL and INCLTDL are not AC_SUBSTed, nor is
-# AC_CONFIG_SUBDIRS called.  If DIR is not provided and an installed
-# libltdl is not found, it is assumed to be `libltdl'.  LIBLTDL will
-# be prefixed with '${top_builddir}/' and INCLTDL will be prefixed
-# with '${top_srcdir}/' (note the single quotes!).  If your package is
-# not flat and you're not using automake, define top_builddir and
-# top_srcdir appropriately in the Makefiles.
-# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
-AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
-[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
-  AC_CHECK_LIB(ltdl, main,
-  [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
-  [if test x"$enable_ltdl_install" = xno; then
-     AC_MSG_WARN([libltdl not installed, but installation disabled])
-   else
-     enable_ltdl_install=yes
-   fi
-  ])
-  if test x"$enable_ltdl_install" = x"yes"; then
-    ac_configure_args="$ac_configure_args --enable-ltdl-install"
-    LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
-    INCLTDL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
-  else
-    ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
-    LIBLTDL="-lltdl"
-    INCLTDL=
-  fi
-])
-
-# old names
-AC_DEFUN([AM_PROG_LIBTOOL],   [AC_PROG_LIBTOOL])
-AC_DEFUN([AM_ENABLE_SHARED],  [AC_ENABLE_SHARED($@)])
-AC_DEFUN([AM_ENABLE_STATIC],  [AC_ENABLE_STATIC($@)])
-AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-AC_DEFUN([AM_PROG_LD],        [AC_PROG_LD])
-AC_DEFUN([AM_PROG_NM],        [AC_PROG_NM])
-
-# This is just to silence aclocal about the macro not being used
-ifelse([AC_DISABLE_FAST_INSTALL])
-
-dnl $Id: wflags.m4,v 1.3 1999/03/11 12:11:41 joda Exp $
-dnl
-dnl set WFLAGS
-
-AC_DEFUN(AC_WFLAGS,[
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="ifelse($#, 0,-Wall, $1)"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-AC_SUBST(WFLAGS)dnl
-AC_SUBST(WFLAGS_NOUNUSED)dnl
-AC_SUBST(WFLAGS_NOIMPLICITINT)dnl
-])
-
-dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $
-dnl
-dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
-dnl			default locations, conditional, config-program)
-
-AC_DEFUN(rk_TEST_PACKAGE,[
-AC_ARG_WITH($1,
-	AC_HELP_STRING([--with-$1=dir],[use $1 in dir]))
-AC_ARG_WITH($1-lib,
-	AC_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-AC_ARG_WITH($1-include,
-	AC_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-AC_ARG_WITH($1-config,
-	AC_HELP_STRING([--with-$1-config=path],[config program for $1]))
-
-m4_ifval([$6],
-	m4_define([rk_pkgname], $6),
-	m4_define([rk_pkgname], AS_TR_CPP($1)))
-
-AC_MSG_CHECKING(for $1)
-
-case "$with_$1" in
-yes|"") d='$5' ;;
-no)	d= ;;
-*)	d="$with_$1" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_$1_include" = ""; then
-		if test -d "$i/include/$1"; then
-			header_dirs="$header_dirs $i/include/$1"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_$1_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_$1_include"; then
-	header_dirs="$with_$1_include $header_dirs"
-fi
-if test "$with_$1_lib"; then
-	lib_dirs="$with_$1_lib $lib_dirs"
-fi
-
-if test "$with_$1_config" = ""; then
-	with_$1_config='$7'
-fi
-
-$1_cflags=
-$1_libs=
-
-case "$with_$1_config" in
-yes|no|"")
-	;;
-*)
-	$1_cflags="`$with_$1_config --cflags 2>&1`"
-	$1_libs="`$with_$1_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_$1" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$[]$1_cflags" -a "$[]$1_libs"; then
-		CFLAGS="$[]$1_cflags $save_CFLAGS"
-		LIBS="$[]$1_libs $save_LIBS"
-		AC_TRY_LINK([$2],,[
-			INCLUDE_$1="$[]$1_cflags"
-			LIB_$1="$[]$1_libs"
-			AC_MSG_RESULT([from $with_$1_config])
-			found=yes])
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			AC_TRY_COMPILE([$2],,ires=$i;break)
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i $3 $4 $save_LIBS"
-			AC_TRY_LINK([$2],,lres=$i;break)
-		done
-		if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
-			INCLUDE_$1="-I$ires"
-			LIB_$1="-L$lres $3 $4"
-			found=yes
-			AC_MSG_RESULT([headers $ires, libraries $lres])
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-	AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.])
-	with_$1=yes
-else
-	with_$1=no
-	INCLUDE_$1=
-	LIB_$1=
-	AC_MSG_RESULT(no)
-fi
-
-AC_SUBST(INCLUDE_$1)
-AC_SUBST(LIB_$1)
-])
-
-dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $
-dnl
-dnl AC_FIND_FUNC(func, libraries, includes, arguments)
-AC_DEFUN(AC_FIND_FUNC, [
-AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
-if test -n "$LIB_$1"; then
-	LIBS="$LIB_$1 $LIBS"
-fi
-])
-
-dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $
-dnl
-dnl
-dnl Look for function in any of the specified libraries
-dnl
-
-dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
-AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
-AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
-
-dnl $Id: find-func-no-libs2.m4,v 1.6 2001/09/01 10:57:32 assar Exp $
-dnl
-dnl
-dnl Look for function in any of the specified libraries
-dnl
-
-dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
-AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
-
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_funclib_$1,
-[
-if eval "test \"\$ac_cv_func_$1\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in $2; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS="$6 $ac_lib $5 $ac_save_LIBS"
-		AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
-	done
-	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
-	LIBS="$ac_save_LIBS"
-fi
-])
-
-eval "ac_res=\$ac_cv_funclib_$1"
-
-if false; then
-	AC_CHECK_FUNCS($1)
-dnl	AC_CHECK_LIBS($2, foo)
-fi
-# $1
-eval "ac_tr_func=HAVE_[]upcase($1)"
-eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
-eval "LIB_$1=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_$1=yes"
-	eval "LIB_$1="
-	AC_DEFINE_UNQUOTED($ac_tr_func)
-	AC_MSG_RESULT([yes])
-	;;
-	no)
-	eval "ac_cv_func_$1=no"
-	eval "LIB_$1="
-	AC_MSG_RESULT([no])
-	;;
-	*)
-	eval "ac_cv_func_$1=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	AC_DEFINE_UNQUOTED($ac_tr_func)
-	AC_DEFINE_UNQUOTED($ac_tr_lib)
-	AC_MSG_RESULT([yes, in $ac_res])
-	;;
-esac
-AC_SUBST(LIB_$1)
-])
-
-dnl $Id: crypto.m4,v 1.16.2.1 2003/05/05 20:08:32 joda Exp $
-dnl
-dnl test for crypto libraries:
-dnl - libcrypto (from openssl)
-dnl - libdes (from krb4)
-dnl - own-built libdes
-
-m4_define([test_headers], [
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#define OPENSSL_DES_LIBDES_COMPATIBILITY
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/rand.h>
-		#else
-		#include <md4.h>
-		#include <md5.h>
-		#include <sha.h>
-		#include <des.h>
-		#include <rc4.h>
-		#endif
-		#ifdef OLD_HASH_NAMES
-		typedef struct md4 MD4_CTX;
-		#define MD4_Init(C) md4_init((C))
-		#define MD4_Update(C, D, L) md4_update((C), (D), (L))
-		#define MD4_Final(D, C) md4_finito((C), (D))
-		typedef struct md5 MD5_CTX;
-		#define MD5_Init(C) md5_init((C))
-		#define MD5_Update(C, D, L) md5_update((C), (D), (L))
-		#define MD5_Final(D, C) md5_finito((C), (D))
-		typedef struct sha SHA_CTX;
-		#define SHA1_Init(C) sha_init((C))
-		#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
-		#define SHA1_Final(D, C) sha_finito((C), (D))
-		#endif
-		])
-m4_define([test_body], [
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		#endif
-
-		des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);])
-
-
-AC_DEFUN([KRB_CRYPTO],[
-crypto_lib=unknown
-AC_WITH_ALL([openssl])
-
-DIR_des=
-
-AC_MSG_CHECKING([for crypto library])
-
-openssl=no
-old_hash=no
-
-if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
-	save_CPPFLAGS="$CPPFLAGS"
-	save_LIBS="$LIBS"
-
-	cdirs= clibs=
-	for i in $LIB_krb4; do
-		case "$i" in
-		-L*) cdirs="$cdirs $i";;
-		-l*) clibs="$clibs $i";;
-		esac
-	done
-
-	ires=
-	for i in $INCLUDE_krb4; do
-		CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_TRY_LINK(test_headers, test_body,
-					openssl=yes ires="$i" lres="$j $k"; break 3)
-			done
-		done
-		CFLAGS="$i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_TRY_LINK(test_headers, test_body,
-					openssl=no ires="$i" lres="$j $k"; break 3)
-			done
-		done
-		CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_TRY_LINK(test_headers, test_body,
-					openssl=no ires="$i" lres="$j $k"; break 3)
-			done
-		done
-	done
-		
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-	if test "$ires" -a "$lres"; then
-		INCLUDE_des="$ires"
-		LIB_des="$lres"
-		crypto_lib=krb4
-		AC_MSG_RESULT([same as krb4])
-		LIB_des_a='$(LIB_des)'
-		LIB_des_so='$(LIB_des)'
-		LIB_des_appl='$(LIB_des)'
-	fi
-fi
-
-if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	INCLUDE_des=
-	LIB_des=
-	if test "$with_openssl_include" != ""; then
-		INCLUDE_des="-I${with_openssl_include}"
-	fi
-	if test "$with_openssl_lib" != ""; then
-		LIB_des="-L${with_openssl_lib}"
-	fi
-	CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
-	saved_LIB_des="$LIB_des"
-	for lres in "" "-lnsl -lsocket"; do
-		LIB_des="${saved_LIB_des} -lcrypto $lres"
-		LIB_des_a="$LIB_des"
-		LIB_des_so="$LIB_des"
-		LIB_des_appl="$LIB_des"
-		LIBS="${LIBS} ${LIB_des}"
-		AC_TRY_LINK(test_headers, test_body, [
-			crypto_lib=libcrypto openssl=yes
-			AC_MSG_RESULT([libcrypto])
-		])
-		if test "$crypto_lib" = libcrypto ; then
-			break;
-		fi
-	done
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$crypto_lib" = "unknown"; then
-
-  DIR_des='des'
-  LIB_des='$(top_builddir)/lib/des/libdes.la'
-  LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a'
-  LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so'
-  LIB_des_appl="-ldes"
-
-  AC_MSG_RESULT([included libdes])
-
-fi
-
-if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
-	AC_MSG_ERROR([the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer 
-Kerberos 4 or configure --without-krb4])
-fi
-
-if test "$openssl" = "yes"; then
-  AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
-fi
-if test "$old_hash" = yes; then
-  AC_DEFINE([HAVE_OLD_HASH_NAMES], 1,
-		[define if you have hash functions like md4_finito()])
-fi
-AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
-
-AC_SUBST(DIR_des)
-AC_SUBST(INCLUDE_des)
-AC_SUBST(LIB_des)
-AC_SUBST(LIB_des_a)
-AC_SUBST(LIB_des_so)
-AC_SUBST(LIB_des_appl)
-])
-
-dnl
-dnl $Id: with-all.m4,v 1.1 2001/08/29 17:01:23 assar Exp $
-dnl
-
-dnl AC_WITH_ALL(name)
-
-AC_DEFUN([AC_WITH_ALL], [
-AC_ARG_WITH($1,
-	AC_HELP_STRING([--with-$1=dir],
-		[use $1 in dir]))
-
-AC_ARG_WITH($1-lib,
-	AC_HELP_STRING([--with-$1-lib=dir],
-		[use $1 libraries in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-
-AC_ARG_WITH($1-include,
-	AC_HELP_STRING([--with-$1-include=dir],
-		[use $1 headers in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-
-case "$with_$1" in
-yes)	;;
-no)	;;
-"")	;;
-*)	if test "$with_$1_include" = ""; then
-		with_$1_include="$with_$1/include"
-	fi
-	if test "$with_$1_lib" = ""; then
-		with_$1_lib="$with_$1/lib$abilibdirext"
-	fi
-	;;
-esac
-])
-dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $
-dnl
-dnl tests for various db libraries
-dnl
-AC_DEFUN([rk_DB],[
-AC_ARG_ENABLE(berkeley-db,
-                       AC_HELP_STRING([--disable-berkeley-db],
-                                      [if you don't want berkeley db]),[
-])
-
-have_ndbm=no
-db_type=unknown
-
-if test "$enable_berkeley_db" != no; then
-
-  AC_CHECK_HEADERS([				\
-	db4/db.h				\
-	db3/db.h				\
-	db.h					\
-	db_185.h				\
-  ])
-
-dnl db_create is used by db3 and db4
-
-  AC_FIND_FUNC_NO_LIBS(db_create, db4 db3 db, [
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-  ],[NULL, NULL, 0])
-
-  if test "$ac_cv_func_db_create" = "yes"; then
-    db_type=db3
-    if test "$ac_cv_funclib_db_create" != "yes"; then
-      DBLIB="$ac_cv_funclib_db_create"
-    else
-      DBLIB=""
-    fi
-    AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4 library])
-  else
-
-dnl dbopen is used by db1/db2
-
-    AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [
-    #include <stdio.h>
-    #if defined(HAVE_DB2_DB_H)
-    #include <db2/db.h>
-    #elif defined(HAVE_DB_185_H)
-    #include <db_185.h>
-    #elif defined(HAVE_DB_H)
-    #include <db.h>
-    #else
-    #error no db.h
-    #endif
-    ],[NULL, 0, 0, 0, NULL])
-
-    if test "$ac_cv_func_dbopen" = "yes"; then
-      db_type=db1
-      if test "$ac_cv_funclib_dbopen" != "yes"; then
-        DBLIB="$ac_cv_funclib_dbopen"
-      else
-        DBLIB=""
-      fi
-      AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library])
-    fi
-  fi
-
-dnl test for ndbm compatability
-
-  if test "$ac_cv_func_dbm_firstkey" != yes; then
-    AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-    ],[NULL])
-  
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-      AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db])
-      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
-    else
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-    fi
-  fi
-
-fi # berkeley db
-
-if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
-
-  AC_CHECK_HEADERS([				\
-	dbm.h					\
-	ndbm.h					\
-  ])
-
-  AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [
-  #include <stdio.h>
-  #if defined(HAVE_NDBM_H)
-  #include <ndbm.h>
-  #elif defined(HAVE_DBM_H)
-  #include <dbm.h>
-  #endif
-  DBM *dbm;
-  ],[NULL])
-
-  if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-    if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-      LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-    else
-      LIB_NDBM=""
-    fi
-    AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
-    have_ndbm=yes
-    if test "$db_type" = "unknown"; then
-      db_type=ndbm
-      DBLIB="$LIB_NDBM"
-    fi
-  else
-
-    $as_unset ac_cv_func_dbm_firstkey
-    $as_unset ac_cv_funclib_dbm_firstkey
-
-    AC_CHECK_HEADERS([				\
-	  gdbm/ndbm.h				\
-    ])
-
-    AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [
-    #include <stdio.h>
-    #include <gdbm/ndbm.h>
-    DBM *dbm;
-    ],[NULL])
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-	LIB_NDBM=""
-      fi
-      AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
-      have_ndbm=yes
-      if test "$db_type" = "unknown"; then
-	db_type=ndbm
-	DBLIB="$LIB_NDBM"
-      fi
-    fi
-  fi
-
-fi # unknown
-
-if test "$have_ndbm" = "yes"; then
-  AC_MSG_CHECKING([if ndbm is implemented with db])
-  AC_TRY_RUN([
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-int main()
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if (d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}],[
-    if test -f conftest.db; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
-    else
-      AC_MSG_RESULT([no])
-    fi],[AC_MSG_RESULT([no])])
-fi
-
-AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
-AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
-AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
-
-z=""
-for i in $LDFLAGS; do
-	case "$i" in
-	-L*) z="$z $i";;
-	esac
-done
-DBLIB="$z $DBLIB"
-AC_SUBST(DBLIB)dnl
-AC_SUBST(LIB_NDBM)dnl
-])
-
-dnl $Id: roken-frag.m4,v 1.45 2002/12/18 17:34:25 joda Exp $
-dnl
-dnl some code to get roken working
-dnl
-dnl rk_ROKEN(subdir)
-dnl
-AC_DEFUN(rk_ROKEN, [
-
-AC_REQUIRE([rk_CONFIG_HEADER])
-
-DIR_roken=roken
-LIB_roken='$(top_builddir)/$1/libroken.la'
-INCLUDES_roken='-I$(top_builddir)/$1 -I$(top_srcdir)/$1'
-
-dnl Checks for programs
-AC_REQUIRE([AC_PROG_CC])
-AC_REQUIRE([AC_PROG_AWK])
-AC_REQUIRE([AC_OBJEXT])
-AC_REQUIRE([AC_EXEEXT])
-AC_REQUIRE([AC_PROG_LIBTOOL])
-
-AC_REQUIRE([AC_MIPS_ABI])
-
-dnl C characteristics
-
-AC_REQUIRE([AC_C___ATTRIBUTE__])
-AC_REQUIRE([AC_C_INLINE])
-AC_REQUIRE([AC_C_CONST])
-AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
-
-AC_REQUIRE([rk_DB])
-
-dnl C types
-
-AC_REQUIRE([AC_TYPE_SIZE_T])
-AC_HAVE_TYPE([ssize_t],[#include <unistd.h>])
-AC_REQUIRE([AC_TYPE_PID_T])
-AC_REQUIRE([AC_TYPE_UID_T])
-AC_HAVE_TYPE([long long])
-
-AC_REQUIRE([rk_RETSIGTYPE])
-
-dnl Checks for header files.
-AC_REQUIRE([AC_HEADER_STDC])
-AC_REQUIRE([AC_HEADER_TIME])
-
-AC_CHECK_HEADERS([\
-	arpa/inet.h				\
-	arpa/nameser.h				\
-	config.h				\
-	crypt.h					\
-	dirent.h				\
-	errno.h					\
-	err.h					\
-	fcntl.h					\
-	grp.h					\
-	ifaddrs.h				\
-	net/if.h				\
-	netdb.h					\
-	netinet/in.h				\
-	netinet/in6.h				\
-	netinet/in_systm.h			\
-	netinet6/in6.h				\
-	netinet6/in6_var.h			\
-	paths.h					\
-	pwd.h					\
-	resolv.h				\
-	rpcsvc/ypclnt.h				\
-	shadow.h				\
-	sys/bswap.h				\
-	sys/ioctl.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/proc.h				\
-	sys/resource.h				\
-	sys/socket.h				\
-	sys/sockio.h				\
-	sys/stat.h				\
-	sys/sysctl.h				\
-	sys/time.h				\
-	sys/tty.h				\
-	sys/types.h				\
-	sys/uio.h				\
-	sys/utsname.h				\
-	sys/wait.h				\
-	syslog.h				\
-	termios.h				\
-	unistd.h				\
-	userconf.h				\
-	usersec.h				\
-	util.h					\
-	vis.h					\
-])
-	
-AC_REQUIRE([CHECK_NETINET_IP_AND_TCP])
-
-AM_CONDITIONAL(have_err_h, test "$ac_cv_header_err_h" = yes)
-AM_CONDITIONAL(have_fnmatch_h, test "$ac_cv_header_fnmatch_h" = yes)
-AM_CONDITIONAL(have_ifaddrs_h, test "$ac_cv_header_ifaddrs_h" = yes)
-AM_CONDITIONAL(have_vis_h, test "$ac_cv_header_vis_h" = yes)
-
-dnl Check for functions and libraries
-
-AC_FIND_FUNC(socket, socket)
-AC_FIND_FUNC(gethostbyname, nsl)
-AC_FIND_FUNC(syslog, syslog)
-
-AC_KRB_IPV6
-
-AC_FIND_FUNC(gethostbyname2, inet6 ip6)
-
-AC_FIND_FUNC(res_search, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0])
-
-AC_FIND_FUNC(res_nsearch, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0,0])
-
-AC_FIND_FUNC(dn_expand, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0])
-
-rk_CHECK_VAR(_res, 
-[#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif])
-
-
-AC_BROKEN_SNPRINTF
-AC_BROKEN_VSNPRINTF
-
-AC_BROKEN_GLOB
-if test "$ac_cv_func_glob_working" != yes; then
-	AC_LIBOBJ(glob)
-fi
-AM_CONDITIONAL(have_glob_h, test "$ac_cv_func_glob_working" = yes)
-
-
-AC_CHECK_FUNCS([				\
-	asnprintf				\
-	asprintf				\
-	atexit					\
-	cgetent					\
-	getconfattr				\
-	getprogname				\
-	getrlimit				\
-	getspnam				\
-	initstate				\
-	issetugid				\
-	on_exit					\
-	random					\
-	setprogname				\
-	setstate				\
-	strsvis					\
-	strunvis				\
-	strvis					\
-	strvisx					\
-	svis					\
-	sysconf					\
-	sysctl					\
-	uname					\
-	unvis					\
-	vasnprintf				\
-	vasprintf				\
-	vis					\
-])
-
-if test "$ac_cv_func_cgetent" = no; then
-	AC_LIBOBJ(getcap)
-fi
-
-AC_REQUIRE([AC_FUNC_GETLOGIN])
-
-AC_REQUIRE([AC_FUNC_MMAP])
-
-AC_FIND_FUNC_NO_LIBS(getsockopt,,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif],
-[0,0,0,0,0])
-AC_FIND_FUNC_NO_LIBS(setsockopt,,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif],
-[0,0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],
-17)
-AC_NEED_PROTO([
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],
-hstrerror)
-
-AC_FOREACH([rk_func], [asprintf vasprintf asnprintf vasnprintf],
-	[AC_NEED_PROTO([
-	#include <stdio.h>
-	#include <string.h>],
-	rk_func)])
-
-AC_FIND_FUNC_NO_LIBS(bswap16,,
-[#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif],0)
-
-AC_FIND_FUNC_NO_LIBS(bswap32,,
-[#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif],0)
-
-AC_FIND_FUNC_NO_LIBS(pidfile,util,
-[#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif],0)
-
-AC_FIND_IF_NOT_BROKEN(getaddrinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(getnameinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0,0,0,0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(freeaddrinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0])
-
-AC_FIND_IF_NOT_BROKEN(gai_strerror,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0])
-
-AC_BROKEN([					\
-	chown					\
-	copyhostent				\
-	daemon					\
-	ecalloc					\
-	emalloc					\
-	erealloc				\
-	estrdup					\
-	err					\
-	errx					\
-	fchown					\
-	flock					\
-	fnmatch					\
-	freehostent				\
-	getcwd					\
-	getdtablesize				\
-	getegid					\
-	geteuid					\
-	getgid					\
-	gethostname				\
-	getifaddrs				\
-	getipnodebyaddr				\
-	getipnodebyname				\
-	getopt					\
-	gettimeofday				\
-	getuid					\
-	getusershell				\
-	initgroups				\
-	innetgr					\
-	iruserok				\
-	localtime_r				\
-	lstat					\
-	memmove					\
-	mkstemp					\
-	putenv					\
-	rcmd					\
-	readv					\
-	recvmsg					\
-	sendmsg					\
-	setegid					\
-	setenv					\
-	seteuid					\
-	strcasecmp				\
-	strdup					\
-	strerror				\
-	strftime				\
-	strlcat					\
-	strlcpy					\
-	strlwr					\
-	strncasecmp				\
-	strndup					\
-	strnlen					\
-	strptime				\
-	strsep					\
-	strsep_copy				\
-	strtok_r				\
-	strupr					\
-	swab					\
-	unsetenv				\
-	verr					\
-	verrx					\
-	vsyslog					\
-	vwarn					\
-	vwarnx					\
-	warn					\
-	warnx					\
-	writev					\
-])
-
-AC_FOREACH([rk_func], [strndup strsep strtok_r],
-	[AC_NEED_PROTO([#include <string.h>], rk_func)])
-
-AC_FOREACH([rk_func], [strsvis strunvis strvis strvisx svis unvis vis],
-[AC_NEED_PROTO([#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif], rk_func)])
-
-AC_BROKEN2(inet_aton,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0,0])
-
-AC_BROKEN2(inet_ntop,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0, 0, 0, 0])
-
-AC_BROKEN2(inet_pton,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0,0,0])
-
-dnl
-dnl Check for sa_len in struct sockaddr, 
-dnl needs to come before the getnameinfo test
-dnl
-AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include <sys/types.h>
-#include <sys/socket.h>])
-
-if test "$ac_cv_func_getnameinfo" = "yes"; then
-  rk_BROKEN_GETNAMEINFO
-  if test "$ac_cv_func_getnameinfo_broken" = yes; then
-	AC_LIBOBJ(getnameinfo)
-  fi
-fi
-
-if test "$ac_cv_func_getaddrinfo" = "yes"; then
-  rk_BROKEN_GETADDRINFO
-  if test "$ac_cv_func_getaddrinfo_numserv" = no; then
-	AC_LIBOBJ(getaddrinfo)
-	AC_LIBOBJ(freeaddrinfo)
-  fi
-fi
-
-AC_NEED_PROTO([#include <stdlib.h>], setenv)
-AC_NEED_PROTO([#include <stdlib.h>], unsetenv)
-AC_NEED_PROTO([#include <unistd.h>], gethostname)
-AC_NEED_PROTO([#include <unistd.h>], mkstemp)
-AC_NEED_PROTO([#include <unistd.h>], getusershell)
-
-AC_NEED_PROTO([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-inet_aton)
-
-AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl
-
-AC_REQUIRE([rk_BROKEN_REALLOC])dnl
-
-dnl AC_KRB_FUNC_GETCWD_BROKEN
-
-dnl
-dnl Checks for prototypes and declarations
-dnl
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-gethostbyname, struct hostent *gethostbyname(const char *))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-getservbyname, struct servent *getservbyname(const char *, const char *))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-],
-getsockname, int getsockname(int, struct sockaddr*, socklen_t*))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-],
-openlog, void openlog(const char *, int, int))
-
-AC_NEED_PROTO([
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-],
-crypt)
-
-dnl variables
-
-rk_CHECK_VAR(h_errno, 
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR(h_errlist, 
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR(h_nerr, 
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR([__progname], 
-[#ifdef HAVE_ERR_H
-#include <err.h>
-#endif])
-
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], optarg)
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], optind)
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], opterr)
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], optopt)
-
-AC_CHECK_DECLARATION([#include <stdlib.h>], environ)
-
-dnl
-dnl Check for fields in struct tm
-dnl
-
-AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include <time.h>])
-AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include <time.h>])
-
-dnl
-dnl or do we have a variable `timezone' ?
-dnl
-
-rk_CHECK_VAR(timezone,[#include <time.h>])
-rk_CHECK_VAR(altzone,[#include <time.h>])
-
-AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
-AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
-AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>])
-AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
-AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>])
-AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>])
-AC_HAVE_TYPE([struct iovec],[
-#include <sys/types.h>
-#include <sys/uio.h>
-])
-AC_HAVE_TYPE([struct msghdr],[
-#include <sys/types.h>
-#include <sys/socket.h>
-])
-
-dnl
-dnl Check for struct winsize
-dnl
-
-AC_KRB_STRUCT_WINSIZE
-
-dnl
-dnl Check for struct spwd
-dnl
-
-AC_KRB_STRUCT_SPWD
-
-dnl won't work with automake
-dnl moved to AC_OUTPUT in configure.in
-dnl AC_CONFIG_FILES($1/Makefile)
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-AC_SUBST(DIR_roken)dnl
-AC_SUBST(LIB_roken)dnl
-AC_SUBST(INCLUDES_roken)dnl
-])
-
-dnl $Id: have-type.m4,v 1.6 2000/07/15 18:10:00 joda Exp $
-dnl
-dnl check for existance of a type
-
-dnl AC_HAVE_TYPE(TYPE,INCLUDES)
-AC_DEFUN(AC_HAVE_TYPE, [
-AC_REQUIRE([AC_HEADER_STDC])
-cv=`echo "$1" | sed 'y%./+- %__p__%'`
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL([ac_cv_type_$cv],
-AC_TRY_COMPILE(
-[#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-$2],
-[$1 foo;],
-eval "ac_cv_type_$cv=yes",
-eval "ac_cv_type_$cv=no"))dnl
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-AC_MSG_RESULT($ac_foo)
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	AC_CHECK_TYPES($1)
-fi
-  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1, [Define if you have type `$1'])
-fi
-])
-
-dnl
-dnl $Id: retsigtype.m4,v 1.1 2000/07/15 18:05:56 joda Exp $
-dnl
-dnl Figure out return type of signal handlers, and define SIGRETURN macro
-dnl that can be used to return from one
-dnl
-AC_DEFUN(rk_RETSIGTYPE,[
-AC_TYPE_SIGNAL
-if test "$ac_cv_type_signal" = "void" ; then
-	AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if signal handlers return void.])
-fi
-AC_SUBST(VOID_RETSIGTYPE)
-AH_BOTTOM([#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif])
-])
-dnl
-dnl $Id: check-netinet-ip-and-tcp.m4,v 1.3 2000/07/18 10:33:02 joda Exp $
-dnl
-
-dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
-dnl you have to include standards.h before including these files
-
-AC_DEFUN(CHECK_NETINET_IP_AND_TCP,
-[
-AC_CHECK_HEADERS(standards.h)
-for i in netinet/ip.h netinet/tcp.h; do
-
-cv=`echo "$i" | sed 'y%./+-%__p_%'`
-
-AC_CACHE_CHECK([for $i],ac_cv_header_$cv,
-[AC_TRY_CPP([\
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-#include <$i>
-],
-eval "ac_cv_header_$cv=yes",
-eval "ac_cv_header_$cv=no")])
-ac_res=`eval echo \\$ac_cv_header_$cv`
-if test "$ac_res" = yes; then
-	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-	AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
-fi
-done
-if false;then
-	AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h)
-fi
-])
-
-dnl $Id: krb-ipv6.m4,v 1.13 2002/04/30 16:48:13 joda Exp $
-dnl
-dnl test for IPv6
-dnl
-AC_DEFUN(AC_KRB_IPV6, [
-AC_ARG_WITH(ipv6,
-	AC_HELP_STRING([--without-ipv6],[do not enable IPv6 support]),[
-if test "$withval" = "no"; then
-	ac_cv_lib_ipv6=no
-fi])
-save_CFLAGS="${CFLAGS}"
-AC_CACHE_CHECK([for IPv6 stack type], v6type,
-[dnl check for different v6 implementations (by itojun)
-v6type=unknown
-v6lib=none
-
-for i in v6d toshiba kame inria zeta linux; do
-	case $i in
-	v6d)
-		AC_EGREP_CPP(yes, [
-#include </usr/local/v6/include/sys/types.h>
-#ifdef __V6D__
-yes
-#endif],
-			[v6type=$i; v6lib=v6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-I/usr/local/v6/include $CFLAGS"])
-		;;
-	toshiba)
-		AC_EGREP_CPP(yes, [
-#include <sys/param.h>
-#ifdef _TOSHIBA_INET6
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	kame)
-		AC_EGREP_CPP(yes, [
-#include <netinet/in.h>
-#ifdef __KAME__
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	inria)
-		AC_EGREP_CPP(yes, [
-#include <netinet/in.h>
-#ifdef IPV6_INRIA_VERSION
-yes
-#endif],
-			[v6type=$i; CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	zeta)
-		AC_EGREP_CPP(yes, [
-#include <sys/param.h>
-#ifdef _ZETA_MINAMI_INET6
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	linux)
-		if test -d /usr/inet6; then
-			v6type=$i
-			v6lib=inet6
-			v6libdir=/usr/inet6
-			CFLAGS="-DINET6 $CFLAGS"
-		fi
-		;;
-	esac
-	if test "$v6type" != "unknown"; then
-		break
-	fi
-done
-
-if test "$v6lib" != "none"; then
-	for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
-		if test -d $dir -a -f $dir/lib$v6lib.a; then
-			LIBS="-L$dir -l$v6lib $LIBS"
-			break
-		fi
-	done
-fi
-])
-
-AC_CACHE_CHECK([for IPv6], ac_cv_lib_ipv6, [
-AC_TRY_LINK([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-],
-[
- struct sockaddr_in6 sin6;
- int s;
-
- s = socket(AF_INET6, SOCK_DGRAM, 0);
-
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(17);
- sin6.sin6_addr = in6addr_any;
- bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
-],
-ac_cv_lib_ipv6=yes,
-ac_cv_lib_ipv6=no)])
-if test "$ac_cv_lib_ipv6" = yes; then
-  AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
-else
-  CFLAGS="${save_CFLAGS}"
-fi
-
-if test "$ac_cv_lib_ipv6" = yes; then
-	AC_CACHE_CHECK([for in6addr_loopback],[ac_cv_var_in6addr_loopback],[
-	AC_TRY_LINK([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif],[
-struct sockaddr_in6 sin6;
-sin6.sin6_addr = in6addr_loopback;
-],ac_cv_var_in6addr_loopback=yes,ac_cv_var_in6addr_loopback=no)])
-	if test "$ac_cv_var_in6addr_loopback" = yes; then
-		AC_DEFINE(HAVE_IN6ADDR_LOOPBACK, 1, 
-			[Define if you have the in6addr_loopback variable])
-	fi
-fi
-])
-dnl $Id: check-var.m4,v 1.7 2003/02/17 00:44:57 lha Exp $
-dnl
-dnl rk_CHECK_VAR(variable, includes)
-AC_DEFUN([rk_CHECK_VAR], [
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL(ac_cv_var_$1, [
-m4_ifval([$2],[
-	AC_TRY_LINK([$2
-	void * foo() { return &$1; }],
-	    [foo()],
-	    ac_cv_var_$1=yes, ac_cv_var_$1=no)])
-if test "$ac_cv_var_$1" != yes ; then
-AC_TRY_LINK([extern int $1;
-int foo() { return $1; }],
-	    [foo()],
-	    ac_cv_var_$1=yes, ac_cv_var_$1=no)
-fi
-])
-ac_foo=`eval echo \\$ac_cv_var_$1`
-AC_MSG_RESULT($ac_foo)
-if test "$ac_foo" = yes; then
-	AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, 
-		[Define if you have the `]$1[' variable.])
-	m4_ifval([$2], AC_CHECK_DECLARATION([$2],[$1]))
-fi
-])
-
-AC_WARNING_ENABLE([obsolete])
-AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
-
-dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
-dnl
-dnl
-dnl Check if we need the declaration of a variable
-dnl
-
-dnl AC_HAVE_DECLARATION(includes, variable)
-AC_DEFUN(AC_CHECK_DECLARATION, [
-AC_MSG_CHECKING([if $2 is properly declared])
-AC_CACHE_VAL(ac_cv_var_$2_declaration, [
-AC_TRY_COMPILE([$1
-extern struct { int foo; } $2;],
-[$2.foo = 1;],
-eval "ac_cv_var_$2_declaration=no",
-eval "ac_cv_var_$2_declaration=yes")
-])
-
-define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
-
-AC_MSG_RESULT($ac_cv_var_$2_declaration)
-if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
-	AC_DEFINE(foo, 1, [define if your system declares $2])
-fi
-undefine([foo])
-])
-
-dnl $Id: broken-snprintf.m4,v 1.4 2001/09/01 11:56:05 assar Exp $
-dnl
-AC_DEFUN(AC_BROKEN_SNPRINTF, [
-AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
-ac_cv_func_snprintf_working=yes
-AC_TRY_RUN([
-#include <stdio.h>
-#include <string.h>
-int main()
-{
-	char foo[[3]];
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1");
-}],:,ac_cv_func_snprintf_working=no,:))
-
-if test "$ac_cv_func_snprintf_working" = yes; then
-	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
-fi
-if test "$ac_cv_func_snprintf_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>],snprintf)
-fi
-])
-
-AC_DEFUN(AC_BROKEN_VSNPRINTF,[
-AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
-ac_cv_func_vsnprintf_working=yes
-AC_TRY_RUN([
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-int foo(int num, ...)
-{
-	char bar[[3]];
-	va_list arg;
-	va_start(arg, num);
-	vsnprintf(bar, 2, "%s", arg);
-	va_end(arg);
-	return strcmp(bar, "1");
-}
-
-
-int main()
-{
-	return foo(0, "12");
-}],:,ac_cv_func_vsnprintf_working=no,:))
-
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
-fi
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
-fi
-])
-
-dnl $Id: need-proto.m4,v 1.4 2002/08/23 15:07:41 joda Exp $
-dnl
-dnl
-dnl Check if we need the prototype for a function
-dnl
-
-dnl AC_NEED_PROTO(includes, function)
-
-AC_DEFUN(AC_NEED_PROTO, [
-if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
-AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
-AC_TRY_COMPILE([$1],
-[struct foo { int foo; } xx;
-extern int $2 (struct foo*);
-$2(&xx);
-],
-eval "ac_cv_func_$2_noproto=yes",
-eval "ac_cv_func_$2_noproto=no"))
-if test "$ac_cv_func_$2_noproto" = yes; then
-	AC_DEFINE(AS_TR_CPP(NEED_[]$2[]_PROTO), 1,
-		[define if the system is missing a prototype for $2()])
-fi
-fi
-])
-
-dnl $Id: broken-glob.m4,v 1.4 2001/06/19 09:59:46 assar Exp $
-dnl
-dnl check for glob(3)
-dnl
-AC_DEFUN(AC_BROKEN_GLOB,[
-AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
-ac_cv_func_glob_working=yes
-AC_TRY_LINK([
-#include <stdio.h>
-#include <glob.h>],[
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-GLOB_MAXPATH
-#else
-GLOB_LIMIT
-#endif
-,
-NULL, NULL);
-],:,ac_cv_func_glob_working=no,:))
-
-if test "$ac_cv_func_glob_working" = yes; then
-	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
-	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
-fi
-if test "$ac_cv_func_glob_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>
-#include <glob.h>],glob)
-fi
-])
-
-dnl
-dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $
-dnl
-dnl test for POSIX (broken) getlogin
-dnl
-
-
-AC_DEFUN(AC_FUNC_GETLOGIN, [
-AC_CHECK_FUNCS(getlogin setlogin)
-if test "$ac_cv_func_getlogin" = yes; then
-AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
-if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
-	ac_cv_func_getlogin_posix=no
-else
-	ac_cv_func_getlogin_posix=yes
-fi
-])
-if test "$ac_cv_func_getlogin_posix" = yes; then
-	AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
-fi
-fi
-])
-
-dnl $Id: find-if-not-broken.m4,v 1.4 2002/05/19 19:37:08 joda Exp $
-dnl
-dnl
-dnl Mix between AC_FIND_FUNC and AC_BROKEN
-dnl
-
-AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
-[AC_FIND_FUNC([$1], [$2], [$3], [$4])
-if eval "test \"$ac_cv_func_$1\" != yes"; then 
-	rk_LIBOBJ([$1])
-fi
-])
-
-dnl $Id: broken.m4,v 1.6 2002/05/19 19:36:52 joda Exp $
-dnl
-dnl
-dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
-dnl libraries 
-
-AC_DEFUN([AC_BROKEN],
-[AC_FOREACH([rk_func], [$1],
-	[AC_CHECK_FUNC(rk_func,
-		[AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1, 
-			[Define if you have the function `]rk_func['.])],
-		[rk_LIBOBJ(rk_func)])])])
-
-dnl $Id: broken2.m4,v 1.4 2002/05/19 22:16:46 joda Exp $
-dnl
-dnl AC_BROKEN but with more arguments
-
-dnl AC_BROKEN2(func, includes, arguments)
-AC_DEFUN([AC_BROKEN2],
-[AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_func_[]$1,
-[AC_TRY_LINK([$2],
-[
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$1) || defined (__stub___$1)
-choke me
-#else
-$1($3)
-#endif
-], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])])
-if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then
-  AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define)
-  AC_MSG_RESULT(yes)
-else
-  AC_MSG_RESULT(no)
-  rk_LIBOBJ($1)
-fi])
-
-dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $
-dnl
-dnl check for fields in a structure
-dnl
-dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
-
-AC_DEFUN(AC_HAVE_STRUCT_FIELD, [
-define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
-AC_CACHE_CHECK([for $2 in $1], cache_val,[
-AC_TRY_COMPILE([$3],[$1 x; x.$2;],
-cache_val=yes,
-cache_val=no)])
-if test "$cache_val" = yes; then
-	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
-	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
-	undefine([foo])
-fi
-undefine([cache_val])
-])
-
-dnl $Id: broken-getnameinfo.m4,v 1.2 2000/12/05 09:09:00 joda Exp $
-dnl
-dnl test for broken AIX getnameinfo
-
-AC_DEFUN(rk_BROKEN_GETNAMEINFO,[
-AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken,
-AC_TRY_RUN([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-  struct sockaddr_in sin;
-  char host[256];
-  memset(&sin, 0, sizeof(sin));
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-  sin.sin_len = sizeof(sin);
-#endif
-  sin.sin_family = AF_INET;
-  sin.sin_addr.s_addr = 0xffffffff;
-  sin.sin_port = 0;
-  return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
-	      NULL, 0, 0);
-}
-]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))])
-
-dnl $Id: broken-getaddrinfo.m4,v 1.3 2002/08/20 14:09:40 joda Exp $
-dnl
-dnl test if getaddrinfo can handle numeric services
-
-AC_DEFUN(rk_BROKEN_GETADDRINFO,[
-AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv,
-AC_TRY_RUN([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-	struct addrinfo hints, *ai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
-		return 1;
-	return 0;
-}
-]], ac_cv_func_getaddrinfo_numserv=yes, ac_cv_func_getaddrinfo_numserv=no))])
-
-dnl
-dnl $Id: broken-realloc.m4,v 1.1 2000/07/15 18:05:36 joda Exp $
-dnl
-dnl Test for realloc that doesn't handle NULL as first parameter
-dnl
-AC_DEFUN(rk_BROKEN_REALLOC, [
-AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [
-ac_cv_func_realloc_broken=no
-AC_TRY_RUN([
-#include <stddef.h>
-#include <stdlib.h>
-
-int main()
-{
-	return realloc(NULL, 17) == NULL;
-}
-],:, ac_cv_func_realloc_broken=yes, :)
-])
-if test "$ac_cv_func_realloc_broken" = yes ; then
-	AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.])
-fi
-AH_BOTTOM([#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif])
-])
-
-dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
-dnl
-dnl
-dnl Check if the prototype of a function is compatible with another one
-dnl
-
-dnl AC_PROTO_COMPAT(includes, function, prototype)
-
-AC_DEFUN(AC_PROTO_COMPAT, [
-AC_CACHE_CHECK([if $2 is compatible with system prototype],
-ac_cv_func_$2_proto_compat,
-AC_TRY_COMPILE([$1],
-[$3;],
-eval "ac_cv_func_$2_proto_compat=yes",
-eval "ac_cv_func_$2_proto_compat=no"))
-define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
-if test "$ac_cv_func_$2_proto_compat" = yes; then
-	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
-	$3])
-fi
-undefine([foo])
-])
-dnl $Id: krb-struct-winsize.m4,v 1.3 2001/09/01 11:56:05 assar Exp $
-dnl
-dnl
-dnl Search for struct winsize
-dnl
-
-AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
-AC_MSG_CHECKING(for struct winsize)
-AC_CACHE_VAL(ac_cv_struct_winsize, [
-ac_cv_struct_winsize=no
-for i in sys/termios.h sys/ioctl.h; do
-AC_EGREP_HEADER(
-struct[[ 	]]*winsize,dnl
-$i, ac_cv_struct_winsize=yes; break)dnl
-done
-])
-if test "$ac_cv_struct_winsize" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
-fi
-AC_MSG_RESULT($ac_cv_struct_winsize)
-AC_EGREP_HEADER(ws_xpixel, termios.h, 
-	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
-AC_EGREP_HEADER(ws_ypixel, termios.h, 
-	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
-])
-
-dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $
-dnl
-dnl Test for `struct spwd'
-
-AC_DEFUN(AC_KRB_STRUCT_SPWD, [
-AC_MSG_CHECKING(for struct spwd)
-AC_CACHE_VAL(ac_cv_struct_spwd, [
-AC_TRY_COMPILE(
-[#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif],
-[struct spwd foo;],
-ac_cv_struct_spwd=yes,
-ac_cv_struct_spwd=no)
-])
-AC_MSG_RESULT($ac_cv_struct_spwd)
-
-if test "$ac_cv_struct_spwd" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
-fi
-])
-
-dnl $Id: otp.m4,v 1.2 2002/05/19 20:51:08 joda Exp $
-dnl
-dnl check requirements for OTP library
-dnl
-AC_DEFUN([rk_OTP],[
-AC_REQUIRE([rk_DB])dnl
-AC_ARG_ENABLE(otp,
-	AC_HELP_STRING([--disable-otp],[if you don't want OTP support]))
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	AC_MSG_ERROR([OTP requires a NDBM/DB compatible library])
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-	AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.])
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-	AC_SUBST(LIB_otp)
-fi
-AC_MSG_CHECKING([whether to enable OTP library])
-AC_MSG_RESULT($enable_otp)
-AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl
-])
-
-dnl $Id: osfc2.m4,v 1.3 2002/04/30 16:46:18 joda Exp $
-dnl
-dnl enable OSF C2 stuff
-
-AC_DEFUN(AC_CHECK_OSFC2,[
-AC_ARG_ENABLE(osfc2,
-	AC_HELP_STRING([--enable-osfc2],[enable some OSF C2 support]))
-LIB_security=
-if test "$enable_osfc2" = yes; then
-	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
-	LIB_security=-lsecurity
-fi
-AC_SUBST(LIB_security)
-])
-
-dnl $Id: check-man.m4,v 1.3 2000/11/30 01:47:17 joda Exp $
-dnl check how to format manual pages
-dnl
-
-AC_DEFUN(rk_CHECK_MAN,
-[AC_PATH_PROG(NROFF, nroff)
-AC_PATH_PROG(GROFF, groff)
-AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
-[cat > conftest.1 << END
-.Dd January 1, 1970
-.Dt CONFTEST 1
-.Sh NAME
-.Nm conftest
-.Nd
-foobar
-END
-
-if test "$NROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$NROFF" $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$NROFF $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$GROFF -Tascii $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format"; then
-	ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
-fi
-])
-if test "$ac_cv_sys_man_format"; then
-	CATMAN="$ac_cv_sys_man_format"
-	AC_SUBST(CATMAN)
-fi
-AM_CONDITIONAL(CATMAN, test "$CATMAN")
-AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
-[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
-	ac_cv_sys_catman_ext=0
-else
-	ac_cv_sys_catman_ext=number
-fi
-])
-if test "$ac_cv_sys_catman_ext" = number; then
-	CATMANEXT='$$section'
-else
-	CATMANEXT=0
-fi
-AC_SUBST(CATMANEXT)
-])
-dnl
-dnl $Id: krb-bigendian.m4,v 1.8 2002/08/28 19:20:19 joda Exp $
-dnl
-
-dnl check if this computer is little or big-endian
-dnl if we can figure it out at compile-time then don't define the cpp symbol
-dnl otherwise test for it and define it.  also allow options for overriding
-dnl it when cross-compiling
-
-AC_DEFUN(KRB_C_BIGENDIAN, [
-AC_ARG_ENABLE(bigendian,
-	AC_HELP_STRING([--enable-bigendian],[the target is big endian]),
-krb_cv_c_bigendian=yes)
-AC_ARG_ENABLE(littleendian,
-	AC_HELP_STRING([--enable-littleendian],[the target is little endian]),
-krb_cv_c_bigendian=no)
-AC_CACHE_CHECK(whether byte order is known at compile time,
-krb_cv_c_bigendian_compile,
-[AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/param.h>],[
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif], krb_cv_c_bigendian_compile=yes, krb_cv_c_bigendian_compile=no)])
-AC_CACHE_CHECK(whether byte ordering is bigendian, krb_cv_c_bigendian,[
-  if test "$krb_cv_c_bigendian_compile" = "yes"; then
-    AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/param.h>],[
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif], krb_cv_c_bigendian=yes, krb_cv_c_bigendian=no)
-  else
-    AC_TRY_RUN([main () {
-      /* Are we little or big endian?  From Harbison&Steele.  */
-      union
-      {
-	long l;
-	char c[sizeof (long)];
-    } u;
-    u.l = 1;
-    exit (u.c[sizeof (long) - 1] == 1);
-  }], krb_cv_c_bigendian=no, krb_cv_c_bigendian=yes,
-  AC_MSG_ERROR([specify either --enable-bigendian or --enable-littleendian]))
-  fi
-])
-if test "$krb_cv_c_bigendian" = "yes"; then
-  AC_DEFINE(WORDS_BIGENDIAN, 1, [define if target is big endian])dnl
-fi
-if test "$krb_cv_c_bigendian_compile" = "yes"; then
-  AC_DEFINE(ENDIANESS_IN_SYS_PARAM_H, 1, [define if sys/param.h defines the endiness])dnl
-fi
-AH_BOTTOM([
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-])
-])
-
-dnl
-dnl $Id: aix.m4,v 1.9 2002/08/28 19:19:43 joda Exp $
-dnl
-
-AC_DEFUN(rk_AIX,[
-
-aix=no
-case "$host" in 
-*-*-aix3*)
-	aix=3
-	;;
-*-*-aix4*|*-*-aix5*)
-	aix=4
-	;;
-esac
-
-AM_CONDITIONAL(AIX, test "$aix" != no)dnl
-AM_CONDITIONAL(AIX4, test "$aix" = 4)
-
-
-AC_ARG_ENABLE(dynamic-afs,
-	AC_HELP_STRING([--disable-dynamic-afs],
-		[do not use loaded AFS library with AIX]))
-
-if test "$aix" != no; then
-	if test "$enable_dynamic_afs" != no; then
-		AC_REQUIRE([rk_DLOPEN])
-		if test "$ac_cv_func_dlopen" = no; then
-			AC_FIND_FUNC_NO_LIBS(loadquery, ld)
-		fi
-		if test "$ac_cv_func_dlopen" != no; then
-			AIX_EXTRA_KAFS='$(LIB_dlopen)'
-		elif test "$ac_cv_func_loadquery" != no; then
-			AIX_EXTRA_KAFS='$(LIB_loadquery)'
-		else
-			AC_MSG_NOTICE([not using dynloaded AFS library])
-			AIX_EXTRA_KAFS=
-			enable_dynamic_afs=no
-		fi
-	else
-		AIX_EXTRA_KAFS=
-	fi
-fi
-
-AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl
-AC_SUBST(AIX_EXTRA_KAFS)dnl
-
-AH_BOTTOM([#if _AIX
-#define _ALL_SOURCE
-/* XXX this is gross, but kills about a gazillion warnings */
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif])
-
-])
-
-dnl
-dnl $Id: dlopen.m4,v 1.1 2002/08/28 16:32:16 joda Exp $
-dnl
-
-AC_DEFUN([rk_DLOPEN], [
-	AC_FIND_FUNC_NO_LIBS(dlopen, dl)
-	AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no)
-])
-
-dnl
-dnl $Id: irix.m4,v 1.1 2002/08/28 19:11:44 joda Exp $
-dnl
-
-AC_DEFUN([rk_IRIX],
-[
-irix=no
-case "$host" in
-*-*-irix4*) 
-	AC_DEFINE([IRIX4], 1,
-		[Define if you are running IRIX 4.])
-	irix=yes
-	;;
-*-*-irix*) 
-	irix=yes
-	;;
-esac
-AM_CONDITIONAL(IRIX, test "$irix" != no)dnl
-
-AH_BOTTOM([
-/* IRIX 4 braindamage */
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
-])
-])
-
-dnl
-dnl $Id: sunos.m4,v 1.2 2002/10/16 14:42:13 joda Exp $
-dnl
-
-AC_DEFUN([rk_SUNOS],[
-sunos=no
-case "$host" in 
-*-*-sunos4*)
-	sunos=40
-	;;
-*-*-solaris2.7)
-	sunos=57
-	;;
-*-*-solaris2.[[89]])
-	sunos=58
-	;;
-*-*-solaris2*)
-	sunos=50
-	;;
-esac
-if test "$sunos" != no; then
-	AC_DEFINE_UNQUOTED(SunOS, $sunos, 
-		[Define to what version of SunOS you are running.])
-fi
-])
-dnl 
-dnl See if there is any X11 present
-dnl
-dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $
-
-AC_DEFUN(KRB_CHECK_X,[
-AC_PATH_XTRA
-
-# try to figure out if we need any additional ld flags, like -R
-# and yes, the autoconf X test is utterly broken
-if test "$no_x" != yes; then
-	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
-	ac_save_libs="$LIBS"
-	ac_save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS $X_CFLAGS"
-	krb_cv_sys_x_libs_rpath=""
-	krb_cv_sys_x_libs=""
-	for rflag in "" "-R" "-R " "-rpath "; do
-		if test "$rflag" = ""; then
-			foo="$X_LIBS"
-		else
-			foo=""
-			for flag in $X_LIBS; do
-			case $flag in
-			-L*)
-				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
-				;;
-			*)
-				foo="$foo $flag"
-				;;
-			esac
-			done
-		fi
-		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
-		AC_TRY_RUN([
-		#include <X11/Xlib.h>
-		foo()
-		{
-		XOpenDisplay(NULL);
-		}
-		main()
-		{
-		return 0;
-		}
-		], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:)
-	done
-	LIBS="$ac_save_libs"
-	CFLAGS="$ac_save_cflags"
-	])
-	X_LIBS="$krb_cv_sys_x_libs"
-fi
-])
-
-dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $
-dnl
-dnl check for Xau{Read,Write}Auth and XauFileName
-dnl
-AC_DEFUN(AC_CHECK_XAU,[
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-
-AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau)
-ac_xxx="$LIBS"
-LIBS="$LIB_XauWriteAuth $LIBS"
-AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau)
-LIBS="$LIB_XauReadAauth $LIBS"
-AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau)
-LIBS="$ac_xxx"
-
-case "$ac_cv_funclib_XauWriteAuth" in
-yes)	;;
-no)	;;
-*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	else
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	fi
-	;;
-esac
-
-if test "$AUTOMAKE" != ""; then
-	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
-else
-	AC_SUBST(NEED_WRITEAUTH_TRUE)
-	AC_SUBST(NEED_WRITEAUTH_FALSE)
-	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-		NEED_WRITEAUTH_TRUE=
-		NEED_WRITEAUTH_FALSE='#'
-	else
-		NEED_WRITEAUTH_TRUE='#'
-		NEED_WRITEAUTH_FALSE=
-	fi
-fi
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-])
-
-dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
-dnl
-dnl ac_check_type + extra headers
-
-dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
-AC_DEFUN(AC_CHECK_TYPE_EXTRA,
-[AC_REQUIRE([AC_HEADER_STDC])dnl
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL(ac_cv_type_$1,
-[AC_EGREP_CPP(dnl
-changequote(<<,>>)dnl
-<<$1[^a-zA-Z_0-9]>>dnl
-changequote([,]), [#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
-AC_MSG_RESULT($ac_cv_type_$1)
-if test $ac_cv_type_$1 = no; then
-  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
-fi
-])
-
-dnl
-dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $
-dnl
-
-dnl
-dnl Test SGI capabilities
-dnl
-
-AC_DEFUN(KRB_CAPABILITIES,[
-
-AC_CHECK_HEADERS(capability.h sys/capability.h)
-
-AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
-])
-
-dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
-dnl
-dnl check for getpwnam_r, and if it's posix or not
-
-AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[
-AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
-	ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	AC_TRY_RUN([
-#include <pwd.h>
-int main()
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
-LIBS="$ac_libs")
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
-fi
-fi
-])
-dnl $Id: krb-readline.m4,v 1.5 2002/08/29 02:22:32 assar Exp $
-dnl
-dnl Tests for readline functions
-dnl
-
-dnl el_init
-
-AC_DEFUN(KRB_READLINE,[
-AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
-if test "$ac_cv_func_el_init" = yes ; then
-	AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
-		AC_TRY_COMPILE([#include <stdio.h>
-			#include <histedit.h>],
-			[el_init("", NULL, NULL, NULL);],
-			ac_cv_func_el_init_four=yes,
-			ac_cv_func_el_init_four=no)])
-	if test "$ac_cv_func_el_init_four" = yes; then
-		AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.])
-	fi
-fi
-
-dnl readline
-
-ac_foo=no
-if test "$with_readline" = yes; then
-	:
-elif test "$ac_cv_func_readline" = yes; then
-	:
-elif test "$ac_cv_func_el_init" = yes; then
-	ac_foo=yes
-	LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
-else
-	LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
-fi
-AM_CONDITIONAL(el_compat, test "$ac_foo" = yes)
-AC_DEFINE(HAVE_READLINE, 1, 
-	[Define if you have a readline compatible library.])dnl
-
-])
-
-dnl
-dnl $Id: telnet.m4,v 1.1 2002/08/28 19:19:01 joda Exp $
-dnl
-dnl stuff used by telnet
-
-AC_DEFUN([rk_TELNET],[
-AC_DEFINE(AUTHENTICATION, 1, 
-	[Define if you want authentication support in telnet.])dnl
-AC_DEFINE(ENCRYPTION, 1,
-	[Define if you want encryption support in telnet.])dnl
-AC_DEFINE(DES_ENCRYPTION, 1,
-	[Define if you want to use DES encryption in telnet.])dnl
-AC_DEFINE(DIAGNOSTICS, 1,
-	[Define this to enable diagnostics in telnet.])dnl
-AC_DEFINE(OLD_ENVIRON, 1,
-	[Define this to enable old environment option in telnet.])dnl
-if false; then
-	AC_DEFINE(ENV_HACK, 1,
-		[Define this if you want support for broken ENV_{VAR,VAL} telnets.])
-fi
-
-# Simple test for streamspty, based on the existance of getmsg(), alas
-# this breaks on SunOS4 which have streams but BSD-like ptys
-#
-# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
-
-case "$host" in
-*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[[01]]*)
-	;;
-*)
-	AC_CHECK_FUNC(getmsg)
-	if test "$ac_cv_func_getmsg" = "yes"; then
-		AC_CACHE_CHECK([if getmsg works], ac_cv_func_getmsg_works,
-		AC_TRY_RUN([
-			#include <stdio.h>
-			#include <errno.h>
-
-			int main()
-			{
-			  int ret;
-			  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-			  if(ret < 0 && errno == ENOSYS)
-			    return 1;
-			  return 0;
-			}
-			], ac_cv_func_getmsg_works=yes, 
-			ac_cv_func_getmsg_works=no,
-			ac_cv_func_getmsg_works=no))
-		if test "$ac_cv_func_getmsg_works" = "yes"; then
-			AC_DEFINE(HAVE_GETMSG, 1,
-				[Define if you have a working getmsg.])
-			AC_DEFINE(STREAMSPTY, 1,
-				[Define if you have streams ptys.])
-		fi
-	fi
-	;;
-esac
-
-AH_BOTTOM([
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd 
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-#undef USE_IM
-
-/* Used with login -p */
-#undef LOGIN_ARGS
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-])
-])
-
-dnl $Id: check-compile-et.m4,v 1.7 2003/03/12 16:48:52 lha Exp $
-dnl
-dnl CHECK_COMPILE_ET
-AC_DEFUN([CHECK_COMPILE_ET], [
-
-AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
-
-krb_cv_compile_et="no"
-krb_cv_com_err_need_r=""
-if test "${COMPILE_ET}" = "compile_et"; then
-
-dnl We have compile_et.  Now let's see if it supports `prefix' and `index'.
-AC_MSG_CHECKING(whether compile_et has the features we need)
-cat > conftest_et.et <<'EOF'
-error_table conf
-prefix CONFTEST
-index 1
-error_code CODE1, "CODE1"
-index 128
-error_code CODE2, "CODE2"
-end
-EOF
-if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
-  dnl XXX Some systems have <et/com_err.h>.
-  save_CPPFLAGS="${save_CPPFLAGS}"
-  if test -d "/usr/include/et"; then
-    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
-  fi
-  dnl Check that the `prefix' and `index' directives were honored.
-  AC_TRY_RUN([
-#include <com_err.h>
-#include <string.h>
-#include "conftest_et.h"
-int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
-  ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"])
-fi
-AC_MSG_RESULT(${krb_cv_compile_et})
-if test "${krb_cv_compile_et}" = "yes"; then
-  AC_MSG_CHECKING(for if com_err needs to have a initialize_error_table_r)
-  save2_CPPFLAGS="$CPPFLAGS"
-  CPPFLAGS="$CPPFLAGS"
-  AC_EGREP_CPP(initialize_error_table_r,[#include "conftest_et.c"],
-     [krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);"
-      CPPFLAGS="$save2_CPPFLAGS"],
-     [CPPFLAGS="${save_CPPFLAGS}"])
-  if test X"$krb_cv_com_err_need_r" = X ; then
-    AC_MSG_RESULT(no)
-  else
-    AC_MSG_RESULT(yes)
-  fi
-fi
-rm -fr conftest*
-fi
-
-if test "${krb_cv_compile_et}" = "yes"; then
-  dnl Since compile_et seems to work, let's check libcom_err
-  krb_cv_save_LIBS="${LIBS}"
-  LIBS="${LIBS} -lcom_err"
-  AC_MSG_CHECKING(for com_err)
-  AC_TRY_LINK([#include <com_err.h>],[
-    const char *p;
-    p = error_message(0);
-    $krb_cv_com_err_need_r
-  ],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
-  AC_MSG_RESULT(${krb_cv_com_err})
-  LIBS="${krb_cv_save_LIBS}"
-else
-  dnl Since compile_et doesn't work, forget about libcom_err
-  krb_cv_com_err="no"
-fi
-
-dnl Only use the system's com_err if we found compile_et, libcom_err, and
-dnl com_err.h.
-if test "${krb_cv_com_err}" = "yes"; then
-    DIR_com_err=""
-    LIB_com_err="-lcom_err"
-    LIB_com_err_a=""
-    LIB_com_err_so=""
-    AC_MSG_NOTICE(Using the already-installed com_err)
-else
-    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    AC_MSG_NOTICE(Using our own com_err)
-fi
-AC_SUBST(DIR_com_err)
-AC_SUBST(LIB_com_err)
-AC_SUBST(LIB_com_err_a)
-AC_SUBST(LIB_com_err_so)
-
-])
-
-dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $
-dnl
-dnl Figure what authentication modules should be built
-dnl
-dnl rk_AUTH_MODULES(module-list)
-
-AC_DEFUN(rk_AUTH_MODULES,[
-AC_MSG_CHECKING([which authentication modules should be built])
-
-z='m4_ifval([$1], $1, [sia pam afskauthlib])'
-LIB_AUTH_SUBDIRS=
-for i in $z; do
-case $i in
-sia)
-if test "$ac_cv_header_siad_h" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
-fi
-;;
-pam)
-case "${host}" in
-*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
-*)		ac_cv_want_pam_krb4=yes ;;
-esac
-
-if test "$ac_cv_want_pam_krb4" = yes -a \
-    "$ac_cv_header_security_pam_modules_h" = yes -a \
-    "$enable_shared" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
-fi
-;;
-afskauthlib)
-case "${host}" in
-*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
-esac
-;;
-esac
-done
-if test "$LIB_AUTH_SUBDIRS"; then
-	AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
-else
-	AC_MSG_RESULT(none)
-fi
-
-AC_SUBST(LIB_AUTH_SUBDIRS)dnl
-])
-
-dnl
-dnl $Id: destdirs.m4,v 1.2 2002/08/12 15:12:50 joda Exp $
-dnl
-
-AC_DEFUN([rk_DESTDIRS], [
-# This is done by AC_OUTPUT but we need the result here.
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [
-	x="${rk_dir[]dir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-	AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])])
-])
-
diff --git a/crypto/heimdal/admin/Makefile b/crypto/heimdal/admin/Makefile
deleted file mode 100644
index b59509365adc..000000000000
--- a/crypto/heimdal/admin/Makefile
+++ /dev/null
@@ -1,661 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# admin/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.35 2001/08/28 08:31:19 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = ktutil.8
-
-sbin_PROGRAMS = ktutil
-
-ktutil_SOURCES = \
-	add.c					\
-	change.c				\
-	copy.c					\
-	get.c					\
-	ktutil.c				\
-	list.c					\
-	purge.c					\
-	remove.c				\
-	rename.c
-
-
-LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-subdir = admin
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-sbin_PROGRAMS = ktutil$(EXEEXT)
-PROGRAMS = $(sbin_PROGRAMS)
-
-am_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \
-	get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \
-	remove.$(OBJEXT) rename.$(OBJEXT)
-ktutil_OBJECTS = $(am_ktutil_OBJECTS)
-ktutil_LDADD = $(LDADD)
-ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la
-ktutil_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(ktutil_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(ktutil_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  admin/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) 
-	@rm -f ktutil$(EXEEXT)
-	$(LINK) $(ktutil_LDFLAGS) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-man uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-sbinPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-man8 install-sbinPROGRAMS install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-man uninstall-man8 \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/admin/Makefile.am b/crypto/heimdal/admin/Makefile.am
deleted file mode 100644
index 81aa47f1f1d0..000000000000
--- a/crypto/heimdal/admin/Makefile.am
+++ /dev/null
@@ -1,29 +0,0 @@
-# $Id: Makefile.am,v 1.35 2001/08/28 08:31:19 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_readline) $(INCLUDE_des)
-
-man_MANS = ktutil.8
-
-sbin_PROGRAMS = ktutil
-
-ktutil_SOURCES =				\
-	add.c					\
-	change.c				\
-	copy.c					\
-	get.c					\
-	ktutil.c				\
-	list.c					\
-	purge.c					\
-	remove.c				\
-	rename.c
-
-LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken)
diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in
deleted file mode 100644
index 1a245ad8029b..000000000000
--- a/crypto/heimdal/admin/Makefile.in
+++ /dev/null
@@ -1,657 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.35 2001/08/28 08:31:19 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = ktutil.8
-
-sbin_PROGRAMS = ktutil
-
-ktutil_SOURCES = \
-	add.c					\
-	change.c				\
-	copy.c					\
-	get.c					\
-	ktutil.c				\
-	list.c					\
-	purge.c					\
-	remove.c				\
-	rename.c
-
-
-LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LIB_roken)
-
-subdir = admin
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-sbin_PROGRAMS = ktutil$(EXEEXT)
-PROGRAMS = $(sbin_PROGRAMS)
-
-am_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \
-	get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \
-	remove.$(OBJEXT) rename.$(OBJEXT)
-ktutil_OBJECTS = $(am_ktutil_OBJECTS)
-ktutil_LDADD = $(LDADD)
-ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(top_builddir)/lib/sl/libsl.la
-ktutil_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(ktutil_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(ktutil_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  admin/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
-ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) 
-	@rm -f ktutil$(EXEEXT)
-	$(LINK) $(ktutil_LDFLAGS) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-man uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-sbinPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-man8 install-sbinPROGRAMS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-man uninstall-man8 \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c
deleted file mode 100644
index a6003800c9c5..000000000000
--- a/crypto/heimdal/admin/add.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: add.c,v 1.5 2002/09/10 19:26:52 joda Exp $");
-
-int
-kt_add(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    char buf[128];
-    char *principal_string = NULL;
-    int kvno = -1;
-    char *enctype_string = NULL;
-    krb5_enctype enctype;
-    char *password_string = NULL;
-    int salt_flag = 1;
-    int random_flag = 0;
-    int help_flag = 0;
-    struct getargs args[] = {
-	{ "principal", 'p', arg_string, NULL, "principal of key", "principal"},
-	{ "kvno", 'V', arg_integer, NULL, "key version of key" },
-	{ "enctype", 'e', arg_string, NULL, "encryption type of key" },
-	{ "password", 'w', arg_string, NULL, "password for key"},
-	{ "salt", 's',	arg_negative_flag, NULL, "no salt" },
-	{ "random",  'r', arg_flag, NULL, "generate random key" },
-	{ "help", 'h', arg_flag, NULL }
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-    int i = 0;
-    args[i++].value = &principal_string;
-    args[i++].value = &kvno;
-    args[i++].value = &enctype_string;
-    args[i++].value = &password_string;
-    args[i++].value = &salt_flag;
-    args[i++].value = &random_flag;
-    args[i++].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, "ktutil add", "");
-	return 1;
-    }
-    if(help_flag) {
-	arg_printusage(args, num_args, "ktutil add", "");
-	return 1;
-    }
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    memset(&entry, 0, sizeof(entry));
-    if(principal_string == NULL) {
-	printf("Principal: ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL)
-	    return 1;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	principal_string = buf;
-    }
-    ret = krb5_parse_name(context, principal_string, &entry.principal);
-    if(ret) {
-	krb5_warn(context, ret, "%s", principal_string);
-	goto out;
-    }
-    if(enctype_string == NULL) {
-	printf("Encryption type: ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL)
-	    goto out;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	enctype_string = buf;
-    }
-    ret = krb5_string_to_enctype(context, enctype_string, &enctype);
-    if(ret) {
-	int t;
-	if(sscanf(enctype_string, "%d", &t) == 1)
-	    enctype = t;
-	else {
-	    krb5_warn(context, ret, "%s", enctype_string);
-	    goto out;
-	}
-    }
-    if(kvno == -1) {
-	printf("Key version: ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL)
-	    goto out;
-	buf[strcspn(buf, "\r\n")] = '\0';
-	kvno = atoi(buf);
-    }
-    if(password_string == NULL && random_flag == 0) {
-	if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1))
-	    goto out;
-	password_string = buf;
-    }
-    if(password_string) {
-	if (!salt_flag) {
-	    krb5_salt salt;
-	    krb5_data pw;
-
-	    salt.salttype         = KRB5_PW_SALT;
-	    salt.saltvalue.data   = NULL;
-	    salt.saltvalue.length = 0;
-	    pw.data = (void*)password_string;
-	    pw.length = strlen(password_string);
-	    krb5_string_to_key_data_salt(context, enctype, pw, salt,
-					 &entry.keyblock);
-        } else {
-	    krb5_string_to_key(context, enctype, password_string, 
-			       entry.principal, &entry.keyblock);
-	}
-	memset (password_string, 0, strlen(password_string));
-    } else {
-	krb5_generate_random_keyblock(context, enctype, &entry.keyblock);
-    }
-    entry.vno = kvno;
-    entry.timestamp = time (NULL);
-    ret = krb5_kt_add_entry(context, keytab, &entry);
-    if(ret)
-	krb5_warn(context, ret, "add");
- out:
-    krb5_kt_free_entry(context, &entry);
-    krb5_kt_close(context, keytab);
-    return 0;
-}
diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c
deleted file mode 100644
index f790da3436fc..000000000000
--- a/crypto/heimdal/admin/change.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: change.c,v 1.5 2003/04/01 15:04:49 lha Exp $");
-
-static void
-change_entry (krb5_context context, krb5_keytab keytab,
-	      krb5_principal principal, krb5_kvno kvno,
-	      const char *realm, const char *admin_server, int server_port)
-{
-    krb5_error_code ret;
-    kadm5_config_params conf;
-    void *kadm_handle;
-    char *client_name;
-    krb5_keyblock *keys;
-    int num_keys;
-    int i;
-
-    ret = krb5_unparse_name (context, principal, &client_name);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_unparse_name");
-	return;
-    }
-
-    memset (&conf, 0, sizeof(conf));
-
-    if(realm)
-	conf.realm = (char *)realm;
-    else
-	conf.realm = *krb5_princ_realm (context, principal);
-    conf.mask |= KADM5_CONFIG_REALM;
-    
-    if (admin_server) {
-	conf.admin_server = (char *)admin_server;
-	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    }
-
-    if (server_port) {
-	conf.kadmind_port = htons(server_port);
-	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
-    }
-
-    ret = kadm5_init_with_skey_ctx (context,
-				    client_name,
-				    keytab_string,
-				    KADM5_ADMIN_SERVICE,
-				    &conf, 0, 0,
-				    &kadm_handle);
-    free (client_name);
-    if (ret) {
-	krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx");
-	return;
-    }
-    ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
-    kadm5_destroy (kadm_handle);
-    if (ret) {
-	krb5_warn(context, ret, "kadm5_randkey_principal");
-	return;
-    }
-    for (i = 0; i < num_keys; ++i) {
-	krb5_keytab_entry new_entry;
-
-	new_entry.principal = principal;
-	new_entry.timestamp = time (NULL);
-	new_entry.vno = kvno + 1;
-	new_entry.keyblock  = keys[i];
-
-	ret = krb5_kt_add_entry (context, keytab, &new_entry);
-	if (ret)
-	    krb5_warn (context, ret, "krb5_kt_add_entry");
-	krb5_free_keyblock_contents (context, &keys[i]);
-    }
-}
-
-/*
- * loop over all the entries in the keytab (or those given) and change
- * their keys, writing the new keys
- */
-
-struct change_set {
-    krb5_principal principal;
-    krb5_kvno kvno;
-};
-
-int
-kt_change (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    char *realm = NULL;
-    char *admin_server = NULL;
-    int server_port = 0;
-    int help_flag = 0;
-    int optind = 0;
-    int i, j, max;
-    struct change_set *changeset;
-    
-    struct getargs args[] = {
-	{ "realm",	'r',	arg_string,   NULL, 
-	  "realm to use", "realm" 
-	},
-	{ "admin-server",	'a',	arg_string, NULL,
-	  "server to contact", "host" 
-	},
-	{ "server-port",	's',	arg_integer, NULL,
-	  "port to contact", "port number" 
-	},
-	{ "help",		'h',	arg_flag,    NULL }
-    };
-
-    args[0].value = &realm;
-    args[1].value = &admin_server;
-    args[2].value = &server_port;
-    args[3].value = &help_flag;
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
-       || help_flag) {
-	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
-		       "ktutil change", "principal...");
-	return 1;
-    }
-    
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    j = 0;
-    max = 0;
-    changeset = NULL;
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	goto out;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	int add = 0;
-
-	for (i = 0; i < j; ++i) {
-	    if (krb5_principal_compare (context, changeset[i].principal,
-					entry.principal)) {
-		if (changeset[i].kvno < entry.vno)
-		    changeset[i].kvno = entry.vno;
-		break;
-	    }
-	}
-	if (i < j)
-	    continue;
-
-	if (optind == argc) {
-	    add = 1;
-	} else {
-	    for (i = optind; i < argc; ++i) {
-		krb5_principal princ;
-
-		ret = krb5_parse_name (context, argv[i], &princ);
-		if (ret) {
-		    krb5_warn (context, ret, "krb5_parse_name %s", argv[i]);
-		    continue;
-		}
-		if (krb5_principal_compare (context, princ, entry.principal))
-		    add = 1;
-
-		krb5_free_principal (context, princ);
-	    }
-	}
-
-	if (add) {
-	    if (j >= max) {
-		void *tmp;
-
-		max = max(max * 2, 1);
-		tmp = realloc (changeset, max * sizeof(*changeset));
-		if (tmp == NULL) {
-		    krb5_kt_free_entry (context, &entry);
-		    krb5_warnx (context, "realloc: out of memory");
-		    ret = ENOMEM;
-		    break;
-		}
-		changeset = tmp;
-	    }
-	    ret = krb5_copy_principal (context, entry.principal,
-				       &changeset[j].principal);
-	    if (ret) {
-		krb5_warn (context, ret, "krb5_copy_principal");
-		krb5_kt_free_entry (context, &entry);
-		break;
-	    }
-	    changeset[j].kvno = entry.vno;
-	    ++j;
-	}
-	krb5_kt_free_entry (context, &entry);
-    }
-
-    if (ret == KRB5_KT_END) {
-	for (i = 0; i < j; i++) {
-	    if (verbose_flag) {
-		char *client_name;
-
-		ret = krb5_unparse_name (context, changeset[i].principal, 
-					 &client_name);
-		if (ret) {
-		    krb5_warn (context, ret, "krb5_unparse_name");
-		} else {
-		    printf("Changing %s kvno %d\n", 
-			   client_name, changeset[i].kvno);
-		    free(client_name);
-		}
-	    }
-	    change_entry (context, keytab, 
-			  changeset[i].principal, changeset[i].kvno,
-			  realm, admin_server, server_port);
-	}
-    }
-    for (i = 0; i < j; i++)
-	krb5_free_principal (context, changeset[i].principal);
-    free (changeset);
-
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
- out:
-    krb5_kt_close(context, keytab);
-    return 0;
-}
diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c
deleted file mode 100644
index 18b9d6e0b428..000000000000
--- a/crypto/heimdal/admin/copy.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: copy.c,v 1.9 2003/01/16 18:59:03 lha Exp $");
-
-
-static krb5_boolean
-compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
-{
-    if(a->keytype != b->keytype ||
-       a->keyvalue.length != b->keyvalue.length ||
-       memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0)
-	return FALSE;
-    return TRUE;
-}
-
-static int
-kt_copy_int (const char *from, const char *to)
-{
-    krb5_error_code ret;
-    krb5_keytab src_keytab, dst_keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry, dummy;
-
-    ret = krb5_kt_resolve (context, from, &src_keytab);
-    if (ret) {
-	krb5_warn (context, ret, "resolving src keytab `%s'", from);
-	return 1;
-    }
-
-    ret = krb5_kt_resolve (context, to, &dst_keytab);
-    if (ret) {
-	krb5_kt_close (context, src_keytab);
-	krb5_warn (context, ret, "resolving dst keytab `%s'", to);
-	return 1;
-    }
-
-    ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	goto out;
-    }
-
-    if (verbose_flag)
-	fprintf(stderr, "copying %s to %s\n", from, to);
-
-    while((ret = krb5_kt_next_entry(context, src_keytab,
-				    &entry, &cursor)) == 0) {
-	char *name_str;
-	char *etype_str;
-	krb5_unparse_name (context, entry.principal, &name_str);
-	krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str);
-	ret = krb5_kt_get_entry(context, dst_keytab, 
-				entry.principal, 
-				entry.vno, 
-				entry.keyblock.keytype,
-				&dummy);
-	if(ret == 0) {
-	    /* this entry is already in the new keytab, so no need to
-               copy it; if the keyblocks are not the same, something
-               is weird, so complain about that */
-	    if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) {
-		krb5_warnx(context, "entry with different keyvalue "
-			   "already exists for %s, keytype %s, kvno %d", 
-			   name_str, etype_str, entry.vno);
-	    }
-	    krb5_kt_free_entry(context, &dummy);
-	    krb5_kt_free_entry (context, &entry);
-	    free(name_str);
-	    free(etype_str);
-	    continue;
-	} else if(ret != KRB5_KT_NOTFOUND) {
-	    krb5_warn(context, ret, "krb5_kt_get_entry(%s)", name_str);
-	    krb5_kt_free_entry (context, &entry);
-	    free(name_str);
-	    free(etype_str);
-	    break;
-	}
-	if (verbose_flag)
-	    fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str, 
-		     etype_str, entry.vno);
-	ret = krb5_kt_add_entry (context, dst_keytab, &entry);
-	krb5_kt_free_entry (context, &entry);
-	if (ret) {
-	    krb5_warn (context, ret, "krb5_kt_add_entry(%s)", name_str);
-	    free(name_str);
-	    free(etype_str);
-	    break;
-	}
-	free(name_str);
-	free(etype_str);
-    }
-    krb5_kt_end_seq_get (context, src_keytab, &cursor);
-
-  out:
-    krb5_kt_close (context, src_keytab);
-    krb5_kt_close (context, dst_keytab);
-    return 0;
-}
-
-int
-kt_copy (int argc, char **argv)
-{
-    int help_flag = 0;
-    int optind = 0;
-
-    struct getargs args[] = {
-	{ "help", 'h', arg_flag, NULL}
-    };
-
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int i = 0;
-
-    args[i++].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, "ktutil copy",
-		       "keytab-src keytab-dest");
-	return 1;
-    }
-    if (help_flag) {
-	arg_printusage(args, num_args, "ktutil copy",
-		       "keytab-src keytab-dest");
-	return 1;
-    }
-
-    argv += optind;
-    argc -= optind;
-
-    if (argc != 2) {
-	arg_printusage(args, num_args, "ktutil copy",
-		       "keytab-src keytab-dest");
-	return 1;
-    }
-
-    return kt_copy_int(argv[0], argv[1]);
-}
-
-#ifndef KEYFILE
-#define KEYFILE SYSCONFDIR "/srvtab"
-#endif
-
-/* copy to from v4 srvtab, just short for copy */
-static int
-conv(int srvconv, int argc, char **argv)
-{
-    int help_flag = 0;
-    char *srvtab = KEYFILE;
-    int optind = 0;
-    char kt4[1024], kt5[1024];
-
-    char *name;
-
-    struct getargs args[] = {
-	{ "srvtab", 's', arg_string, NULL},
-	{ "help", 'h', arg_flag, NULL}
-    };
-
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int i = 0;
-
-    args[i++].value = &srvtab;
-    args[i++].value = &help_flag;
-
-    if(srvconv)
-	name = "ktutil srvconvert";
-    else 
-	name = "ktutil srvcreate";
-
-    if(getarg(args, num_args, argc, argv, &optind)){
-	arg_printusage(args, num_args, name, "");
-	return 1;
-    }
-    if(help_flag){
-	arg_printusage(args, num_args, name, "");
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0) {
-	arg_printusage(args, num_args, name, "");
-	return 1;
-    }
-
-    snprintf(kt4, sizeof(kt4), "krb4:%s", srvtab);
-
-    if(srvconv) {
-	if(keytab_string != NULL)
-	    return kt_copy_int(kt4, keytab_string);
-	else {
-	    krb5_kt_default_modify_name(context, kt5, sizeof(kt5));
-	    return kt_copy_int(kt4, kt5);
-	}
-    } else {
-	if(keytab_string != NULL)
-	    return kt_copy_int(keytab_string, kt4);
-
-	krb5_kt_default_name(context, kt5, sizeof(kt5));
-	return kt_copy_int(kt5, kt4);
-    }
-}
-
-int
-srvconv(int argc, char **argv)
-{
-    return conv(1, argc, argv);
-}
-
-int
-srvcreate(int argc, char **argv)
-{
-    return conv(0, argc, argv);
-}
diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c
deleted file mode 100644
index a9dfeec54926..000000000000
--- a/crypto/heimdal/admin/get.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: get.c,v 1.22 2003/01/16 19:03:23 lha Exp $");
-
-static void*
-open_kadmin_connection(char *principal,
-		       const char *realm, 
-		       char *admin_server, 
-		       int server_port)
-{
-    static kadm5_config_params conf;
-    krb5_error_code ret;
-    void *kadm_handle;
-    memset(&conf, 0, sizeof(conf));
-
-    if(realm) {
-	conf.realm = (char*)realm;
-	conf.mask |= KADM5_CONFIG_REALM;
-    }
-    
-    if (admin_server) {
-	conf.admin_server = admin_server;
-	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    }
-
-    if (server_port) {
-	conf.kadmind_port = htons(server_port);
-	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
-    }
-
-    /* should get realm from each principal, instead of doing
-       everything with the same (local) realm */
-
-    ret = kadm5_init_with_password_ctx(context, 
-				       principal,
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       &conf, 0, 0, 
-				       &kadm_handle);
-    if(ret) {
-	krb5_warn(context, ret, "kadm5_init_with_password");
-	return NULL;
-    }
-    return kadm_handle;
-}
-
-int
-kt_get(int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_keytab keytab;
-    void *kadm_handle = NULL;
-    char *principal = NULL;
-    char *realm = NULL;
-    char *admin_server = NULL;
-    int server_port = 0;
-    int help_flag = 0;
-    int optind = 0;
-    struct getarg_strings etype_strs = {0, NULL};
-    krb5_enctype *etypes = NULL;
-    size_t netypes = 0;
-    
-    struct getargs args[] = {
-	{ "principal",	'p',	arg_string,   NULL, 
-	  "admin principal", "principal" 
-	},
-	{ "enctypes",	'e',	arg_strings,	NULL,
-	  "encryption types to use", "enctypes" },
-	{ "realm",	'r',	arg_string,   NULL, 
-	  "realm to use", "realm" 
-	},
-	{ "admin-server",	'a',	arg_string, NULL,
-	  "server to contact", "host" 
-	},
-	{ "server-port",	's',	arg_integer, NULL,
-	  "port to contact", "port number" 
-	},
-	{ "help",		'h',	arg_flag,    NULL }
-    };
-    int i = 0, j;
-
-    args[i++].value = &principal;
-    args[i++].value = &etype_strs;
-    args[i++].value = &realm;
-    args[i++].value = &admin_server;
-    args[i++].value = &server_port;
-    args[i++].value = &help_flag;
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
-       || help_flag) {
-	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
-		       "ktutil get", "principal...");
-	return 1;
-    }
-    if(optind == argc) {
-	krb5_warnx(context, "no principals specified");
-	arg_printusage(args, sizeof(args) / sizeof(args[0]), 
-		       "ktutil get", "principal...");
-	return 1;
-    }
-    
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    if(realm)
-	krb5_set_default_realm(context, realm);
-
-    if (etype_strs.num_strings) {
-	int i;
-
-	etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
-	if (etypes == NULL) {
-	    krb5_warnx(context, "malloc failed");
-	    goto out;
-	}
-	netypes = etype_strs.num_strings;
-	for(i = 0; i < netypes; i++) {
-	    ret = krb5_string_to_enctype(context, 
-					 etype_strs.strings[i], 
-					 &etypes[i]);
-	    if(ret) {
-		krb5_warnx(context, "unrecognized enctype: %s",
-			   etype_strs.strings[i]);
-		goto out;
-	    }
-	}
-    }
-
-    
-    for(i = optind; i < argc; i++){
-	krb5_principal princ_ent;
-	kadm5_principal_ent_rec princ;
-	int mask = 0;
-	krb5_keyblock *keys;
-	int n_keys;
-	int created = 0;
-	krb5_keytab_entry entry;
-
-	ret = krb5_parse_name(context, argv[i], &princ_ent);
-	memset(&princ, 0, sizeof(princ));
-	princ.principal = princ_ent;
-	mask |= KADM5_PRINCIPAL;
-	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	mask |= KADM5_ATTRIBUTES;
-	princ.princ_expire_time = 0;
-	mask |= KADM5_PRINC_EXPIRE_TIME;
-
-	if(kadm_handle == NULL) {
-	    const char *r;
-	    if(realm != NULL)
-		r = realm;
-	    else
-		r = krb5_principal_get_realm(context, princ_ent);
-	    kadm_handle = open_kadmin_connection(principal, 
-						 r, 
-						 admin_server, 
-						 server_port);
-	    if(kadm_handle == NULL) {
-		break;
-	    }
-	}
-	
-	ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
-	if(ret == 0)
-	    created++;
-	else if(ret != KADM5_DUP) {
-	    krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
-	    krb5_free_principal(context, princ_ent);
-	    continue;
-	}
-	ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
-	    krb5_free_principal(context, princ_ent);
-	    continue;
-	}
-	
-	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-			      KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
-	    for (j = 0; j < n_keys; j++)
-		krb5_free_keyblock_contents(context, &keys[j]);
-	    krb5_free_principal(context, princ_ent);
-	    continue;
-	}
-	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-	mask = KADM5_ATTRIBUTES;
-	if(created) {
-	    princ.kvno = 1;
-	    mask |= KADM5_KVNO;
-	}
-	ret = kadm5_modify_principal(kadm_handle, &princ, mask);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
-	    for (j = 0; j < n_keys; j++)
-		krb5_free_keyblock_contents(context, &keys[j]);
-	    krb5_free_principal(context, princ_ent);
-	    continue;
-	}
-	for(j = 0; j < n_keys; j++) {
-	    int do_add = TRUE;
-
-	    if (netypes) {
-		int i;
-
-		do_add = FALSE;
-		for (i = 0; i < netypes; ++i)
-		    if (keys[j].keytype == etypes[i]) {
-			do_add = TRUE;
-			break;
-		    }
-	    }
-	    if (do_add) {
-		entry.principal = princ_ent;
-		entry.vno = princ.kvno;
-		entry.keyblock = keys[j];
-		entry.timestamp = time (NULL);
-		ret = krb5_kt_add_entry(context, keytab, &entry);
-		if (ret)
-		    krb5_warn(context, ret, "krb5_kt_add_entry");
-	    }
-	    krb5_free_keyblock_contents(context, &keys[j]);
-	}
-	
-	kadm5_free_principal_ent(kadm_handle, &princ);
-	krb5_free_principal(context, princ_ent);
-    }
- out:
-    free_getarg_strings(&etype_strs);
-    free(etypes);
-    if (kadm_handle)
-	kadm5_destroy(kadm_handle);
-    krb5_kt_close(context, keytab);
-    return ret != 0;
-}
diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8
deleted file mode 100644
index f75a953e5dbd..000000000000
--- a/crypto/heimdal/admin/ktutil.8
+++ /dev/null
@@ -1,194 +0,0 @@
-.\" Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: ktutil.8,v 1.19 2003/04/08 20:55:10 lha Exp $
-.\"
-.Dd December 16, 2000
-.Dt KTUTIL 8
-.Os HEIMDAL
-.Sh NAME
-.Nm ktutil
-.Nd manage Kerberos keytabs
-.Sh SYNOPSIS
-.Nm
-.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
-.Ar command
-.Op Ar args
-.Sh DESCRIPTION
-.Nm
-is a program for managing keytabs.
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
-Verbose output.
-.El
-.Pp
-.Ar command
-can be one of the following:
-.Bl -tag -width srvconvert
-.It add Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V Ar kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e Ar enctype
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl w Ar password
-.Op Fl -password= Ns Ar password
-.Op Fl r
-.Op Fl -random
-.Op Fl s
-.Op Fl -no-salt
-.Xc
-Adds a key to the keytab. Options that are not specified will be
-prompted for. This requires that you know the password of the
-principal to add; if what you really want is to add a new principal to
-the keytab, you should consider the
-.Ar get
-command, which talks to the kadmin server.
-.It change Xo
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl -a Ar host
-.Op Fl -admin-server= Ns Ar host
-.Op Fl -s Ar port
-.Op Fl -server-port= Ns Ar port
-.Xc
-Update one or several keys to new versions.  By default, use the admin
-server for the realm of a keytab entry.  Otherwise it will use the
-values specified by the options.
-.Pp
-If no principals are given, all the ones in the keytab are updated.
-.It copy Xo
-.Ar keytab-src
-.Ar keytab-dest
-.Xc
-Copies all the entries from
-.Ar keytab-src
-to
-.Ar keytab-dest .
-.It get Xo
-.Op Fl p Ar admin principal
-.Op Fl -principal= Ns Ar admin principal
-.Op Fl e Ar enctype
-.Op Fl -enctypes= Ns Ar enctype
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl a Ar admin server
-.Op Fl -admin-server= Ns Ar admin server
-.Op Fl s Ar server port
-.Op Fl -server-port= Ns Ar server port
-.Ar principal ...
-.Xc
-For each
-.Ar principal ,
-generate a new key for it (creating it if it doesn't already exist),
-and put that key in the keytab.
-.Pp
-If no
-.Ar realm
-is specified, the realm to operate on is taken from the first
-principal.
-.It list Xo
-.Op Fl -keys
-.Op Fl -timestamp
-.Xc
-List the keys stored in the keytab.
-.It remove Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e enctype
-.Op Fl -enctype= Ns Ar enctype
-.Xc
-Removes the specified key or keys. Not specifying a
-.Ar kvno
-removes keys with any version number. Not specifying an
-.Ar enctype
-removes keys of any type.
-.It rename Xo
-.Ar from-principal
-.Ar to-principal
-.Xc
-Renames all entries in the keytab that match the
-.Ar from-principal
-to
-.Ar to-principal .
-.It purge Xo
-.Op Fl -age= Ns Ar age
-.Xc
-Removes all old entries (for which there is a newer version) that are
-older than
-.Ar age
-(default one week).
-.It srvconvert
-.It srv2keytab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 4 srvtab in
-.Ar srvtab
-to a version 5 keytab and stores it in
-.Ar keytab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Li krb4: Ns Ar srvtab
-.Ar keytab
-.Ed
-.It srvcreate
-.It key2srvtab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
-Converts the version 5 keytab in
-.Ar keytab
-to a version 4 srvtab and stores it in
-.Ar srvtab .
-Identical to:
-.Bd -ragged -offset indent
-.Li ktutil copy
-.Ar keytab
-.Li krb4: Ns Ar srvtab
-.Ed
-.El
-.Sh SEE ALSO
-.Xr kadmin 8
diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c
deleted file mode 100644
index 7ac9b4bd774e..000000000000
--- a/crypto/heimdal/admin/ktutil.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-#include <err.h>
-
-RCSID("$Id: ktutil.c,v 1.36 2002/02/11 14:14:11 joda Exp $");
-
-static int help_flag;
-static int version_flag;
-int verbose_flag;
-char *keytab_string; 
-static char keytab_buf[256];
-
-static int help(int argc, char **argv);
-
-static SL_cmd cmds[] = {
-    { "add", 		kt_add,		"add",
-      "adds key to keytab" },
-    { "change",		kt_change,	"change [principal...]",
-      "get new key for principals (all)" },
-    { "copy",		kt_copy,	"copy src dst",
-      "copy one keytab to another" },
-    { "get", 		kt_get,		"get [principal...]",
-      "create key in database and add to keytab" },
-    { "list",		kt_list,	"list",
-      "shows contents of a keytab" },
-    { "purge",		kt_purge,	"purge",
-      "remove old and superceeded entries" },
-    { "remove", 	kt_remove,	"remove",
-      "remove key from keytab" },
-    { "rename", 	kt_rename,	"rename from to",
-      "rename entry" },
-    { "srvconvert",	srvconv,	"srvconvert [flags]",
-      "convert v4 srvtab to keytab" },
-    { "srv2keytab" },
-    { "srvcreate",	srvcreate,	"srvcreate [flags]",
-      "convert keytab to v4 srvtab" },
-    { "key2srvtab" },
-    { "help",		help,		"help",			"" },
-    { NULL, 	NULL,		NULL, 			NULL }
-};
-
-static struct getargs args[] = {
-    { 
-	"version",
-	0,
-	arg_flag,
-	&version_flag,
-	NULL,
-	NULL 
-    },
-    { 
-	"help",	    
-	'h',   
-	arg_flag, 
-	&help_flag, 
-	NULL, 
-	NULL
-    },
-    { 
-	"keytab",	    
-	'k',   
-	arg_string, 
-	&keytab_string, 
-	"keytab", 
-	"keytab to operate on" 
-    },
-    {
-	"verbose",
-	'v',
-	arg_flag,
-	&verbose_flag,
-	"verbose",
-	"run verbosely"
-    }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-krb5_context context;
-
-krb5_keytab
-ktutil_open_keytab(void)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    if (keytab_string == NULL) {
-	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
-	if (ret) {
-	    krb5_warn(context, ret, "krb5_kt_default_name");
-	    return NULL;
-	}
-	keytab_string = keytab_buf;
-    }
-    ret = krb5_kt_resolve(context, keytab_string, &keytab);
-    if (ret) {
-	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
-	return NULL;
-    }
-    if (verbose_flag)
-	fprintf (stderr, "Using keytab %s\n", keytab_string);
-	
-    return keytab;
-}
-
-static int
-help(int argc, char **argv)
-{
-    sl_help(cmds, argc, argv);
-    return 0;
-}
-
-static void
-usage(int status)
-{
-    arg_printusage(args, num_args, NULL, "command");
-    exit(status);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    krb5_error_code ret;
-    setprogname(argv[0]);
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argc -= optind;
-    argv += optind;
-    if(argc == 0)
-	usage(1);
-    ret = sl_command(cmds, argc, argv);
-    if(ret == -1)
-	krb5_warnx (context, "unrecognized command: %s", argv[0]);
-    return ret;
-}
diff --git a/crypto/heimdal/admin/ktutil.cat8 b/crypto/heimdal/admin/ktutil.cat8
deleted file mode 100644
index 8cfd85619a0d..000000000000
--- a/crypto/heimdal/admin/ktutil.cat8
+++ /dev/null
@@ -1,81 +0,0 @@
-KTUTIL(8)               NetBSD System Manager's Manual               KTUTIL(8)
-
-NNAAMMEE
-     kkttuuttiill - manage Kerberos keytabs
-
-SSYYNNOOPPSSIISS
-     kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh |
-     ----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkttuuttiill is a program for managing keytabs.  _c_o_m_m_a_n_d can be one of the fol-
-     lowing:
-
-     add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee
-                 _e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d]
-                 [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt]
-                 Adds a key to the keytab. Options that are not specified will
-                 be prompted for. This requires that you know the password of
-                 the principal to add; if what you really want is to add a new
-                 principal to the keytab, you should consider the _g_e_t command,
-                 which talks to the kadmin server.
-
-     change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss
-                 _p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t]
-                 Update one or several keys to new versions.  By default, use
-                 the admin server for the realm of an keytab entry.  Otherwise
-                 it will use the values specified by the options.
-
-                 If no principals are given, all the ones in the keytab are
-                 updated.
-
-     copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t
-                 Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t.
-
-     get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e]
-                 [----eennccttyyppeess==_e_n_c_t_y_p_e] [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n
-                 _s_e_r_v_e_r] [----aaddmmiinn--sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t]
-                 [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t] _p_r_i_n_c_i_p_a_l _._._.
-                 For each _p_r_i_n_c_i_p_a_l, generate a new key for it (creating it if
-                 it doesn't already exist), and put that key in the keytab.
-
-                 If no _r_e_a_l_m is specified, the realm to operate on is taken
-                 from the first principal.
-
-     list [----kkeeyyss] [----ttiimmeessttaammpp]
-                 List the keys stored in the keytab.
-
-     remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o]
-                 [--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e]
-                 Removes the specified key or keys. Not specifying a _k_v_n_o re-
-                 moves keys with any version number. Not specifying a _e_n_c_t_y_p_e
-                 removes keys of any type.
-
-     rename _f_r_o_m_-_p_r_i_n_c_i_p_a_l _t_o_-_p_r_i_n_c_i_p_a_l
-                 Renames all entries in the keytab that match the _f_r_o_m_-
-                 _p_r_i_n_c_i_p_a_l to _t_o_-_p_r_i_n_c_i_p_a_l.
-
-     purge [----aaggee==_a_g_e]
-                 Removes all old entries (for which there is a newer version)
-                 that are older than _a_g_e (default one week).
-
-     srvconvert
-
-     srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
-                 Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab
-                 and stores it in _k_e_y_t_a_b.  Identical to:
-
-                       ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b
-
-     srvcreate
-
-     key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
-                 Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab
-                 and stores it in _s_r_v_t_a_b.  Identical to:
-
-                       ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b
-
-SSEEEE AALLSSOO
-     kadmin(8)
-
- HEIMDAL                       December 16, 2000                             2
diff --git a/crypto/heimdal/admin/ktutil_locl.h b/crypto/heimdal/admin/ktutil_locl.h
deleted file mode 100644
index da60f426ba0c..000000000000
--- a/crypto/heimdal/admin/ktutil_locl.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $
- */
-
-#ifndef __KTUTIL_LOCL_H__
-#define __KTUTIL_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <parse_time.h>
-#include <roken.h>
-
-#include "crypto-headers.h"
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include <kadm5/kadm5_err.h>
-
-#include <sl.h>
-#include <getarg.h>
-
-extern krb5_context context;
-
-extern int verbose_flag;
-extern char *keytab_string; 
-
-krb5_keytab ktutil_open_keytab(void);
-
-int kt_add (int argc, char **argv);
-int kt_change (int argc, char **argv);
-int kt_copy (int argc, char **argv);
-int kt_get (int argc, char **argv);
-int kt_list(int argc, char **argv);
-int kt_purge(int argc, char **argv);
-int kt_remove(int argc, char **argv);
-int kt_rename(int argc, char **argv);
-int srvconv(int argc, char **argv);
-int srvcreate(int argc, char **argv);
-
-#endif /* __KTUTIL_LOCL_H__ */
diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c
deleted file mode 100644
index 4c11c2f13f2c..000000000000
--- a/crypto/heimdal/admin/list.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: list.c,v 1.10 2002/01/30 10:12:21 joda Exp $");
-
-static int help_flag;
-static int list_keys;
-static int list_timestamp;
-
-static struct getargs args[] = {
-    { "help",      'h', arg_flag, &help_flag },
-    { "keys",	   0,   arg_flag, &list_keys, "show key value" },
-    { "timestamp", 0,   arg_flag, &list_timestamp, "show timestamp" },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-struct key_info {
-    char *version;
-    char *etype;
-    char *principal;
-    char *timestamp;
-    char *key;
-    struct key_info *next;
-};
-
-static int
-do_list(const char *keytab_string)
-{
-    krb5_error_code ret;
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    krb5_kt_cursor cursor;
-    struct key_info *ki, **kie = &ki, *kp;
-
-    int max_version = sizeof("Vno") - 1;
-    int max_etype = sizeof("Type") - 1;
-    int max_principal = sizeof("Principal") - 1;
-    int max_timestamp = sizeof("Date") - 1;
-    int max_key = sizeof("Key") - 1;
-
-    /* XXX specialcase the ANY type */
-    if(strncasecmp(keytab_string, "ANY:", 4) == 0) {
-	int flag = 0;
-	char buf[1024];
-	keytab_string += 4;
-	while (strsep_copy((const char**)&keytab_string, ",", 
-			   buf, sizeof(buf)) != -1) {
-	    if(flag)
-		printf("\n");
-	    do_list(buf);
-	    flag = 1;
-	}
-	return 0;
-    }
-
-    ret = krb5_kt_resolve(context, keytab_string, &keytab);
-    if (ret) {
-	krb5_warn(context, ret, "resolving keytab %s", keytab_string);
-	return 0;
-    }
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	goto out;
-    }
-
-    printf ("%s:\n\n", keytab_string);
-	
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-#define CHECK_MAX(F) if(max_##F < strlen(kp->F)) max_##F = strlen(kp->F)
-
-	kp = malloc(sizeof(*kp));
-	if (kp == NULL) {
-	    krb5_kt_free_entry(context, &entry);
-	    krb5_kt_end_seq_get(context, keytab, &cursor);
-	    krb5_warn(context, ret, "malloc failed");
-	    goto out;
-	}
-
-	asprintf(&kp->version, "%d", entry.vno);
-	CHECK_MAX(version);
-	ret = krb5_enctype_to_string(context, 
-				     entry.keyblock.keytype, &kp->etype);
-	if (ret != 0) 
-	    asprintf(&kp->etype, "unknown (%d)", entry.keyblock.keytype);
-	CHECK_MAX(etype);
-	krb5_unparse_name(context, entry.principal, &kp->principal);
-	CHECK_MAX(principal);
-	if (list_timestamp) {
-	    char tstamp[256];
-
-	    krb5_format_time(context, entry.timestamp, 
-			     tstamp, sizeof(tstamp), FALSE);
-
-	    kp->timestamp = strdup(tstamp);
-	    CHECK_MAX(timestamp);
-	}
-	if(list_keys) {
-	    int i;
-	    kp->key = malloc(2 * entry.keyblock.keyvalue.length + 1);
-	    for(i = 0; i < entry.keyblock.keyvalue.length; i++)
-		snprintf(kp->key + 2 * i, 3, "%02x", 
-			 ((unsigned char*)entry.keyblock.keyvalue.data)[i]);
-	    CHECK_MAX(key);
-	}
-	*kie = kp;
-	kie = &kp->next;
-	krb5_kt_free_entry(context, &entry);
-    }
-    *kie = NULL; /* termiate list */
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    printf("%-*s  %-*s  %-*s", max_version, "Vno", 
-	   max_etype, "Type", 
-	   max_principal, "Principal");
-    if(list_timestamp)
-	printf("  %-*s", max_timestamp, "Date");
-    if(list_keys)
-	printf("  %s", "Key");
-    printf("\n");
-
-    for(kp = ki; kp; ) {
-	printf("%*s  %-*s  %-*s", max_version, kp->version, 
-	       max_etype, kp->etype, 
-	       max_principal, kp->principal);
-	if(list_timestamp)
-	    printf("  %-*s", max_timestamp, kp->timestamp);
-	if(list_keys)
-	    printf("  %s", kp->key);
-	printf("\n");
-
-	/* free entries */
-	free(kp->version);
-	free(kp->etype);
-	free(kp->principal);
-	if(list_timestamp)
-	    free(kp->timestamp);
-	if(list_keys) {
-	    memset(kp->key, 0, strlen(kp->key));
-	    free(kp->key);
-	}
-	ki = kp;
-	kp = kp->next;
-	free(ki);
-    }
-out:
-    krb5_kt_close(context, keytab);
-    return 0;
-}
-
-int
-kt_list(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int optind = 0;
-    char kt[1024];
-
-    if(verbose_flag)
-	list_timestamp = 1;
-
-    if(getarg(args, num_args, argc, argv, &optind)){
-	arg_printusage(args, num_args, "ktutil list", "");
-	return 1;
-    }
-    if(help_flag){
-	arg_printusage(args, num_args, "ktutil list", "");
-	return 0;
-    }
-
-    if (keytab_string == NULL) {
-	if((ret = krb5_kt_default_name(context, kt, sizeof(kt))) != 0) {
-	    krb5_warn(context, ret, "getting default keytab name");
-	    return 0;
-	}
-	keytab_string = kt;
-    }
-    do_list(keytab_string);
-    return 0;
-}
diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c
deleted file mode 100644
index aaca00a6c529..000000000000
--- a/crypto/heimdal/admin/purge.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: purge.c,v 1.6 2001/07/23 09:46:41 joda Exp $");
-
-/*
- * keep track of the highest version for every principal.
- */
-
-struct e {
-    krb5_principal principal;
-    int max_vno;
-    struct e *next;
-};
-
-static struct e *
-get_entry (krb5_principal princ, struct e *head)
-{
-    struct e *e;
-
-    for (e = head; e != NULL; e = e->next)
-	if (krb5_principal_compare (context, princ, e->principal))
-	    return e;
-    return NULL;
-}
-
-static void
-add_entry (krb5_principal princ, int vno, struct e **head)
-{
-    krb5_error_code ret;
-    struct e *e;
-
-    e = get_entry (princ, *head);
-    if (e != NULL) {
-	e->max_vno = max (e->max_vno, vno);
-	return;
-    }
-    e = malloc (sizeof (*e));
-    if (e == NULL)
-	krb5_errx (context, 1, "malloc: out of memory");
-    ret = krb5_copy_principal (context, princ, &e->principal);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_copy_principal");
-    e->max_vno = vno;
-    e->next    = *head;
-    *head      = e;
-}
-
-static void
-delete_list (struct e *head)
-{
-    while (head != NULL) {
-	struct e *next = head->next;
-	krb5_free_principal (context, head->principal);
-	free (head);
-	head = next;
-    }
-}
-
-/*
- * Remove all entries that have newer versions and that are older
- * than `age'
- */
-
-int
-kt_purge(int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_kt_cursor cursor;
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    int help_flag = 0;
-    char *age_str = "1 week";
-    int age;
-    struct getargs args[] = {
-	{ "age",   0,  arg_string, NULL, "age to retire" },
-	{ "help", 'h', arg_flag, NULL }
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-    int i = 0;
-    struct e *head = NULL;
-    time_t judgement_day;
-
-    args[i++].value = &age_str;
-    args[i++].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, "ktutil purge", "");
-	return 1;
-    }
-    if(help_flag) {
-	arg_printusage(args, num_args, "ktutil purge", "");
-	return 1;
-    }
-
-    age = parse_time(age_str, "s");
-    if(age < 0) {
-	krb5_warnx(context, "unparasable time `%s'", age_str);
-	return 1;
-    }
-
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
-	goto out;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	add_entry (entry.principal, entry.vno, &head);
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    judgement_day = time (NULL);
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-	krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string);
-	goto out;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	struct e *e = get_entry (entry.principal, head);
-
-	if (e == NULL) {
-	    krb5_warnx (context, "ignoring extra entry");
-	    continue;
-	}
-
-	if (entry.vno < e->max_vno
-	    && judgement_day - entry.timestamp > age) {
-	    if (verbose_flag) {
-		char *name_str;
-
-		krb5_unparse_name (context, entry.principal, &name_str);
-		printf ("removing %s vno %d\n", name_str, entry.vno);
-		free (name_str);
-	    }
-	    ret = krb5_kt_remove_entry (context, keytab, &entry);
-	    if (ret)
-		krb5_warn (context, ret, "remove");
-	}
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    delete_list (head);
-
- out:
-    krb5_kt_close (context, keytab);
-    return ret != 0;
-}
diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c
deleted file mode 100644
index 45f8119202ce..000000000000
--- a/crypto/heimdal/admin/remove.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: remove.c,v 1.3 2001/07/23 09:46:41 joda Exp $");
-
-int
-kt_remove(int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_keytab_entry entry;
-    krb5_keytab keytab;
-    char *principal_string = NULL;
-    krb5_principal principal = NULL;
-    int kvno = 0;
-    char *keytype_string = NULL;
-    krb5_enctype enctype = 0;
-    int help_flag = 0;
-    struct getargs args[] = {
-	{ "principal", 'p', arg_string, NULL, "principal to remove" },
-	{ "kvno", 'V', arg_integer, NULL, "key version to remove" },
-	{ "enctype", 'e', arg_string, NULL, "enctype to remove" },
-	{ "help", 'h', arg_flag, NULL }
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-    int i = 0;
-    args[i++].value = &principal_string;
-    args[i++].value = &kvno;
-    args[i++].value = &keytype_string;
-    args[i++].value = &help_flag;
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, "ktutil remove", "");
-	return 1;
-    }
-    if(help_flag) {
-	arg_printusage(args, num_args, "ktutil remove", "");
-	return 0;
-    }
-    if(principal_string) {
-	ret = krb5_parse_name(context, principal_string, &principal);
-	if(ret) {
-	    krb5_warn(context, ret, "%s", principal_string);
-	    return 1;
-	}
-    }
-    if(keytype_string) {
-	ret = krb5_string_to_enctype(context, keytype_string, &enctype);
-	if(ret) {
-	    int t;
-	    if(sscanf(keytype_string, "%d", &t) == 1)
-		enctype = t;
-	    else {
-		krb5_warn(context, ret, "%s", keytype_string);
-		if(principal)
-		    krb5_free_principal(context, principal);
-		return 1;
-	    }
-	}
-    }
-    if (!principal && !enctype && !kvno) {
-	krb5_warnx(context, 
-		   "You must give at least one of "
-		   "principal, enctype or kvno.");
-	return 1;
-    }
-
-    if((keytab = ktutil_open_keytab()) == NULL)
-	return 1;
-
-    entry.principal = principal;
-    entry.keyblock.keytype = enctype;
-    entry.vno = kvno;
-    ret = krb5_kt_remove_entry(context, keytab, &entry);
-    krb5_kt_close(context, keytab);
-    if(ret)
-	krb5_warn(context, ret, "remove");
-    if(principal)
-	krb5_free_principal(context, principal);
-    return 0;
-}
-
diff --git a/crypto/heimdal/admin/rename.c b/crypto/heimdal/admin/rename.c
deleted file mode 100644
index dcfb35244f72..000000000000
--- a/crypto/heimdal/admin/rename.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: rename.c,v 1.1 2001/07/23 10:17:32 joda Exp $");
-
-int
-kt_rename(int argc, char **argv)
-{
-    krb5_error_code ret = 0;
-    krb5_keytab_entry entry;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_principal from_princ, to_princ;
-    int help_flag = 0;
-
-    struct getargs args[] = {
-	{ "help", 'h', arg_flag, NULL }
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-    int i = 0;
-
-    args[i++].value = &help_flag;
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, "ktutil rename", "from to");
-	return 1;
-    }
-    if(help_flag) {
-	arg_printusage(args, num_args, "ktutil rename", "from to");
-	return 0;
-    }
-    argv += optind;
-    argc -= optind;
-    if(argc != 2) {
-	arg_printusage(args, num_args, "ktutil rename", "from to");
-	return 0;
-    }
-
-    ret = krb5_parse_name(context, argv[0], &from_princ);
-    if(ret != 0) {
-	krb5_warn(context, ret, "%s", argv[0]);
-	return 0;
-    }
-
-    ret = krb5_parse_name(context, argv[1], &to_princ);
-    if(ret != 0) {
-	krb5_free_principal(context, from_princ);
-	krb5_warn(context, ret, "%s", argv[1]);
-	return 0;
-    }
-
-    if((keytab = ktutil_open_keytab()) == NULL) {
-	krb5_free_principal(context, from_princ);
-	krb5_free_principal(context, to_princ);
-	return 1;
-    }
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret) {
-	krb5_kt_close(context, keytab);
-	krb5_free_principal(context, from_princ);
-	krb5_free_principal(context, to_princ);
-	return 1;
-    }
-    while(1) {
-	ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
-	if(ret != 0) {
-	    if(ret != KRB5_CC_END && ret != KRB5_KT_END)
-		krb5_warn(context, ret, "getting entry from keytab");
-	    break;
-	}
-	if(krb5_principal_compare(context, entry.principal, from_princ)) {
-	    krb5_free_principal(context, entry.principal);
-	    entry.principal = to_princ;
-	    ret = krb5_kt_add_entry(context, keytab, &entry);
-	    if(ret) {
-		entry.principal = NULL;
-		krb5_kt_free_entry(context, &entry);
-		krb5_warn(context, ret, "adding entry");
-		break;
-	    }
-	    entry.principal = from_princ;
-	    ret = krb5_kt_remove_entry(context, keytab, &entry);
-	    if(ret) {
-		entry.principal = NULL;
-		krb5_kt_free_entry(context, &entry);
-		krb5_warn(context, ret, "removing entry");
-		break;
-	    }
-	    entry.principal = NULL;
-	}
-	krb5_kt_free_entry(context, &entry);
-    }
-    krb5_kt_end_seq_get(context, keytab, &cursor);
-
-    krb5_free_principal(context, from_princ);
-    krb5_free_principal(context, to_princ);
-
-    return 0;
-}
-
diff --git a/crypto/heimdal/admin/srvconvert.c b/crypto/heimdal/admin/srvconvert.c
deleted file mode 100644
index e4a2b1104204..000000000000
--- a/crypto/heimdal/admin/srvconvert.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: srvconvert.c,v 1.11 2000/01/02 03:56:21 assar Exp $");
-
-/* convert a version 4 srvtab to a version 5 keytab */
-
-#ifndef KEYFILE
-#define KEYFILE "/etc/srvtab"
-#endif
-
-static char *srvtab = KEYFILE;
-static int help_flag;
-static int verbose;
-
-static struct getargs args[] = {
-    { "srvtab", 's', arg_string, &srvtab, "srvtab to convert", "file" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "verbose", 'v', arg_flag, &verbose },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-srvconv(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int optind = 0;
-    int fd;
-    krb5_storage *sp;
-
-    if(getarg(args, num_args, argc, argv, &optind)){
-	arg_printusage(args, num_args, "ktutil srvconvert", "");
-	return 1;
-    }
-    if(help_flag){
-	arg_printusage(args, num_args, "ktutil srvconvert", "");
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0) {
-	arg_printusage(args, num_args, "ktutil srvconvert", "");
-	return 1;
-    }
-
-    fd = open(srvtab, O_RDONLY);
-    if(fd < 0){
-	krb5_warn(context, errno, "%s", srvtab);
-	return 1;
-    }
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL){
-	close(fd);
-	return 1;
-    }
-    while(1){
-	char *service, *instance, *realm;
-	int8_t kvno;
-	des_cblock key;
-	krb5_keytab_entry entry;
-	
-	ret = krb5_ret_stringz(sp, &service);
-	if(ret == KRB5_CC_END) {
-	    ret = 0;
-	    break;
-	}
-	if(ret) {
-	    krb5_warn(context, ret, "reading service");
-	    break;
-	}
-	ret = krb5_ret_stringz(sp, &instance);
-	if(ret) {
-	    krb5_warn(context, ret, "reading instance");
-	    free(service);
-	    break;
-	}
-	ret = krb5_ret_stringz(sp, &realm);
-	if(ret) {
-	    krb5_warn(context, ret, "reading realm");
-	    free(service);
-	    free(instance);
-	    break;
-	}
-	ret = krb5_425_conv_principal(context, service, instance, realm,
-				      &entry.principal);
-	free(service);
-	free(instance);
-	free(realm);
-	if (ret) {
-	    krb5_warn(context, ret, "krb5_425_conv_principal (%s.%s@%s)",
-		      service, instance, realm);
-	    break;
-	}
-	
-	ret = krb5_ret_int8(sp, &kvno);
-	if(ret) {
-	    krb5_warn(context, ret, "reading kvno");
-	    krb5_free_principal(context, entry.principal);
-	    break;
-	}
-	ret = sp->fetch(sp, key, 8);
-	if(ret < 0){
-	    krb5_warn(context, errno, "reading key");
-	    krb5_free_principal(context, entry.principal);
-	    break;
-	}
-	if(ret < 8) {
-	    krb5_warn(context, errno, "end of file while reading key");
-	    krb5_free_principal(context, entry.principal);
-	    break;
-	}
-	
-	entry.vno = kvno;
-	entry.timestamp = time (NULL);
-	entry.keyblock.keyvalue.data = key;
-	entry.keyblock.keyvalue.length = 8;
-	
-	if(verbose){
-	    char *p;
-	    ret = krb5_unparse_name(context, entry.principal, &p);
-	    if(ret){
-		krb5_warn(context, ret, "krb5_unparse_name");
-		krb5_free_principal(context, entry.principal);
-		break;
-	    } else{
-		fprintf(stderr, "Storing keytab for %s\n", p);
-		free(p);
-	    }
-				    
-	}
-	entry.keyblock.keytype = ETYPE_DES_CBC_MD5;
-	ret = krb5_kt_add_entry(context, keytab, &entry);
-	entry.keyblock.keytype = ETYPE_DES_CBC_MD4;
-	ret = krb5_kt_add_entry(context, keytab, &entry);
-	entry.keyblock.keytype = ETYPE_DES_CBC_CRC;
-	ret = krb5_kt_add_entry(context, keytab, &entry);
-	krb5_free_principal(context, entry.principal);
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_kt_add_entry");
-	    break;
-	}
-    }
-    krb5_storage_free(sp);
-    close(fd);
-    return ret;
-}
diff --git a/crypto/heimdal/admin/srvcreate.c b/crypto/heimdal/admin/srvcreate.c
deleted file mode 100644
index bc86bc89aa3b..000000000000
--- a/crypto/heimdal/admin/srvcreate.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ktutil_locl.h"
-
-RCSID("$Id: srvcreate.c,v 1.3 1999/12/02 17:04:53 joda Exp $");
-
-/* convert a version 5 keytab to a version 4 srvtab */
-
-#ifndef KEYFILE
-#define KEYFILE "/etc/srvtab"
-#endif
-
-static char *srvtab = KEYFILE;
-static int help_flag;
-static int verbose;
-
-static struct getargs args[] = {
-    { "srvtab", 's', arg_string, &srvtab, "srvtab to create", "file" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "verbose", 'v', arg_flag, &verbose },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-srvcreate(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int optind = 0;
-    int fd;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    char service[100], instance[100], realm[100];
-    int8_t kvno;
-
-    if(getarg(args, num_args, argc, argv, &optind)){
-	arg_printusage(args, num_args, "ktutil srvcreate", "");
-	return 1;
-    }
-    if(help_flag){
-	arg_printusage(args, num_args, "ktutil srvcreate", "");
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0) {
-	arg_printusage(args, num_args, "ktutil srvcreate", "");
-	return 1;
-    }
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if(ret){
-        krb5_warn(context, ret, "krb5_kt_start_seq_get");
-        return 1;
-    }
-
-    fd = open(srvtab, O_WRONLY |O_APPEND |O_CREAT, 0600);
-    if(fd < 0){
-	krb5_warn(context, errno, "%s", srvtab);
-	return 1;
-    }
-
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-      ret = krb5_524_conv_principal(context, entry.principal,
-				    service, instance, realm);
-      if(ret) {
-        krb5_warn(context, ret, "krb5_524_conv_principal");
-        close(fd);
-        return 1;
-      }
-      if ( (entry.keyblock.keyvalue.length == 8) && 
-           (entry.keyblock.keytype == ETYPE_DES_CBC_MD5) ) {
-	  if (verbose) {
-	      printf ("%s.%s@%s vno %d\n", service, instance, realm,
-		      entry.vno);
-	  }
-
-	  write(fd, service, strlen(service)+1);
-          write(fd, instance, strlen(instance)+1);
-          write(fd, realm, strlen(realm)+1);
-          kvno = entry.vno;
-          write(fd, &kvno, sizeof(kvno));
-          write(fd, entry.keyblock. keyvalue.data, 8);
-      }
-      krb5_kt_free_entry(context, &entry);
-    }
-
-    close(fd);
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/Makefile b/crypto/heimdal/appl/Makefile
deleted file mode 100644
index e4babbc39cd2..000000000000
--- a/crypto/heimdal/appl/Makefile
+++ /dev/null
@@ -1,624 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.24 2001/01/27 18:34:39 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-dir_otp = otp
-#dir_dce = dceutils
-SUBDIRS = \
-	  afsutil				\
-	  ftp					\
-	  login					\
-	  $(dir_otp)				\
-	  popper				\
-	  push					\
-	  rsh					\
-	  rcp					\
-	  su					\
-	  xnlock				\
-	  telnet				\
-	  test					\
-	  kx					\
-	  kf					\
-	  $(dir_dce)
-
-subdir = appl
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = Makefile.am Makefile.in
-DIST_SUBDIRS = afsutil ftp login otp popper push rsh rcp su xnlock \
-	telnet test kx kf dceutils
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-local \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/Makefile.am b/crypto/heimdal/appl/Makefile.am
deleted file mode 100644
index e867521aaf7a..000000000000
--- a/crypto/heimdal/appl/Makefile.am
+++ /dev/null
@@ -1,26 +0,0 @@
-# $Id: Makefile.am,v 1.24 2001/01/27 18:34:39 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-if OTP
-dir_otp = otp
-endif
-if DCE
-dir_dce = dceutils
-endif
-SUBDIRS = 					\
-	  afsutil				\
-	  ftp					\
-	  login					\
-	  $(dir_otp)				\
-	  popper				\
-	  push					\
-	  rsh					\
-	  rcp					\
-	  su					\
-	  xnlock				\
-	  telnet				\
-	  test					\
-	  kx					\
-	  kf					\
-	  $(dir_dce)
diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in
deleted file mode 100644
index e56fd8417c85..000000000000
--- a/crypto/heimdal/appl/Makefile.in
+++ /dev/null
@@ -1,626 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.24 2001/01/27 18:34:39 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@OTP_TRUE@dir_otp = otp
-@DCE_TRUE@dir_dce = dceutils
-SUBDIRS = \
-	  afsutil				\
-	  ftp					\
-	  login					\
-	  $(dir_otp)				\
-	  popper				\
-	  push					\
-	  rsh					\
-	  rcp					\
-	  su					\
-	  xnlock				\
-	  telnet				\
-	  test					\
-	  kx					\
-	  kf					\
-	  $(dir_dce)
-
-subdir = appl
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = Makefile.am Makefile.in
-DIST_SUBDIRS = afsutil ftp login otp popper push rsh rcp su xnlock \
-	telnet test kx kf dceutils
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-recursive \
-	install-exec install-exec-am install-exec-recursive \
-	install-info install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
-	uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog
deleted file mode 100644
index a74403bd2834..000000000000
--- a/crypto/heimdal/appl/afsutil/ChangeLog
+++ /dev/null
@@ -1,72 +0,0 @@
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.c: 1.21->1.22: (log_func): drop the error number
-	
-2003-04-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* afslog.c: set kafs log function if verbose is turned on
-	
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* Makefile.am (LDADD): use LIB_kafs
-	
-	* afslog.1: --no-v4, --no-v5
-	
-	* Makefile.am: always build afsutils now
-	
-	* afslog.c: make build without KRB4
-	
-2002-11-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afslog.c: remove plural form in help string
-
-	* Makefile.am: add afslog manpage
-
-	* afslog.1: manpage
-
-	* afslog.c: try more files when trying to expand a cell name
-
-	* afslog.c: create a list of cells to get tokens for, before
-	actually doing anything, and try to get tokens via krb4 if krb5
-	fails, and give it a chance to work with krb4-only; also some bug
-	fixes, partially from Tomas Olsson.
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* pagsh.c: make it handle --version/--help
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (main): call free_getarg_strings
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (main): handle krb5_init_context failure consistently
-
-2000-12-25  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c: clarify usage strings
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* pagsh.c (main): use mkstemp to generate temporary file names.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-07-04  Assar Westerlund  <assar@sics.se>
-
-	* afslog.c (expand_cell_name): terminate on #.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-1999-06-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (bin_PROGRAMS): only include pagsh if KRB4
-
-1999-06-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add pagsh
-
-	* pagsh.c: new file.  contributed by Miroslav Ruda <ruda@ics.muni.cz>
-
-Sat Mar 27 12:49:43 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* afslog.c: cleanup option parsing
diff --git a/crypto/heimdal/appl/afsutil/Makefile b/crypto/heimdal/appl/afsutil/Makefile
deleted file mode 100644
index 1cc65e8960ce..000000000000
--- a/crypto/heimdal/appl/afsutil/Makefile
+++ /dev/null
@@ -1,615 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/afsutil/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.12 2000/11/15 22:51:07 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-#AFSPROGS = afslog pagsh
-bin_PROGRAMS = $(AFSPROGS)
-
-afslog_SOURCES = afslog.c
-
-pagsh_SOURCES = pagsh.c
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken)
-
-subdir = appl/afsutil
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-#bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
-bin_PROGRAMS =
-PROGRAMS = $(bin_PROGRAMS)
-
-am_afslog_OBJECTS = afslog.$(OBJEXT)
-afslog_OBJECTS = $(am_afslog_OBJECTS)
-afslog_LDADD = $(LDADD)
-#afslog_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-afslog_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-afslog_LDFLAGS =
-am_pagsh_OBJECTS = pagsh.$(OBJEXT)
-pagsh_OBJECTS = $(am_pagsh_OBJECTS)
-pagsh_LDADD = $(LDADD)
-#pagsh_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-pagsh_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-pagsh_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/afsutil/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-afslog$(EXEEXT): $(afslog_OBJECTS) $(afslog_DEPENDENCIES) 
-	@rm -f afslog$(EXEEXT)
-	$(LINK) $(afslog_LDFLAGS) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS)
-pagsh$(EXEEXT): $(pagsh_OBJECTS) $(pagsh_DEPENDENCIES) 
-	@rm -f pagsh$(EXEEXT)
-	$(LINK) $(pagsh_LDFLAGS) $(pagsh_OBJECTS) $(pagsh_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/Makefile.am b/crypto/heimdal/appl/afsutil/Makefile.am
deleted file mode 100644
index 0e6c4eb2b283..000000000000
--- a/crypto/heimdal/appl/afsutil/Makefile.am
+++ /dev/null
@@ -1,20 +0,0 @@
-# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-bin_PROGRAMS = afslog pagsh
-
-afslog_SOURCES = afslog.c
-
-pagsh_SOURCES  = pagsh.c
-
-man_MANS = afslog.1
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in
deleted file mode 100644
index 848a42dbe792..000000000000
--- a/crypto/heimdal/appl/afsutil/Makefile.in
+++ /dev/null
@@ -1,654 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = afslog pagsh
-
-afslog_SOURCES = afslog.c
-
-pagsh_SOURCES = pagsh.c
-
-man_MANS = afslog.1
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb4) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken)
-
-subdir = appl/afsutil
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_afslog_OBJECTS = afslog.$(OBJEXT)
-afslog_OBJECTS = $(am_afslog_OBJECTS)
-afslog_LDADD = $(LDADD)
-afslog_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-afslog_LDFLAGS =
-am_pagsh_OBJECTS = pagsh.$(OBJEXT)
-pagsh_OBJECTS = $(am_pagsh_OBJECTS)
-pagsh_LDADD = $(LDADD)
-pagsh_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-pagsh_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/afsutil/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-afslog$(EXEEXT): $(afslog_OBJECTS) $(afslog_DEPENDENCIES) 
-	@rm -f afslog$(EXEEXT)
-	$(LINK) $(afslog_LDFLAGS) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS)
-pagsh$(EXEEXT): $(pagsh_OBJECTS) $(pagsh_DEPENDENCIES) 
-	@rm -f pagsh$(EXEEXT)
-	$(LINK) $(pagsh_LDFLAGS) $(pagsh_OBJECTS) $(pagsh_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-man1 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/afsutil/afslog.1 b/crypto/heimdal/appl/afsutil/afslog.1
deleted file mode 100644
index c0bfaac37910..000000000000
--- a/crypto/heimdal/appl/afsutil/afslog.1
+++ /dev/null
@@ -1,137 +0,0 @@
-.\" Copyright (c) 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: afslog.1,v 1.3 2003/03/18 04:29:34 lha Exp $
-.\"
-.Dd November 26, 2002
-.Dt AFSLOG 1
-.Os HEIMDAL
-.Sh NAME
-.Nm afslog
-.Nd
-obtain AFS tokens
-.Sh SYNOPSIS
-.Nm
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
-.Xc
-.Oc
-.Oo Fl p Ar path \*(Ba Xo
-.Fl -file= Ns Ar path
-.Xc
-.Oc
-.Oo Fl k Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Op Fl -no-v4
-.Op Fl -no-v5
-.Op Fl u | Fl -unlog
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
-.Op Ar cell | path ...
-.Sh DESCRIPTION
-.Nm
-obtains AFS tokens for a number of cells. What cells to get tokens for
-can either be specified as an explicit list, as file paths to get
-tokens for, or be left unspecified, in which case
-.Nm
-will use whatever magic 
-.Xr krb_afslog 3
-decides upon.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cell,
-.Fl -cell= Ns Ar cell
-.Xc
-This specified one or more cell names to get tokens for.
-.It Xo
-.Fl p Ar path ,
-.Fl -file= Ns Ar path
-.Xc
-This specified one or more file paths for which tokens should be
-obtained.
-.It Xo
-.Fl k Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-This is the Kerberos realm the AFS servers live in, this should
-normally not be specified.
-.It Fl -no-v4
-This makes
-.Nm
-not try using Kerberos 4.
-.It Fl -no-v5
-This makes
-.Nm
-not try using Kerberos 5.
-.It Xo
-.Fl u ,
-.Fl -unlog
-.Xc
-Destroy tokens instead of obtaining new. If this is specified, all
-other options are ignored (except for
-.Fl -help
-and
-.Fl -version ) .
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
-Adds more verbosity for what is actually going on.
-.El
-Instead of using
-.Fl c
-and
-.Fl p ,
-you may also pass a list of cells and file paths after any other
-options. These arguments are considered files if they are either 
-the strings
-.Do . Dc
-or
-.Dq .. 
-or they contain a slash, or if there exists a file by that name.
-.Sh EXAMPLES
-Assuming that there is no file called 
-.Dq openafs.org
-in the current directory, and that 
-.Pa /afs/openafs.org
-points to that cell, the follwing should be identical:
-.Bd -literal -offset indent
-$ afslog -c openafs.org
-$ afslog openafs.org
-$ afslog /afs/openafs.org/some/file
-.Ed 
-.Sh SEE ALSO
-.Xr krb_afslog 3
diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c
deleted file mode 100644
index fd104df0210b..000000000000
--- a/crypto/heimdal/appl/afsutil/afslog.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: afslog.c,v 1.21.2.1 2003/04/23 18:04:26 lha Exp $");
-#endif
-#include <ctype.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#include <kafs.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-
-static int help_flag;
-static int version_flag;
-#if 0
-static int create_user;
-#endif
-static getarg_strings cells;
-static char *realm;
-static getarg_strings files;
-static int unlog_flag;
-static int verbose;
-#ifdef KRB4
-static int use_krb4 = 1;
-#endif
-#ifdef KRB5
-static int use_krb5 = 1;
-#endif
-
-struct getargs args[] = {
-    { "cell",	'c', arg_strings, &cells, "cells to get tokens for", "cell" },
-    { "file",	'p', arg_strings, &files, "files to get tokens for", "path" },
-    { "realm",	'k', arg_string, &realm, "realm for afs cell", "realm" },
-    { "unlog",	'u', arg_flag, &unlog_flag, "remove tokens" },
-#ifdef KRB4
-    { "v4",	 0, arg_negative_flag, &use_krb4, "use Kerberos 4" },
-#endif
-#ifdef KRB5
-    { "v5",	 0, arg_negative_flag, &use_krb5, "use Kerberos 5" },
-#endif
-#if 0
-    { "create-user", 0, arg_flag, &create_user, "create user if not found" },
-#endif
-    { "verbose",'v', arg_flag, &verbose },
-    { "version", 0,  arg_flag, &version_flag },
-    { "help",	'h', arg_flag, &help_flag },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-#ifdef KRB5
-krb5_context context;
-krb5_ccache id;
-#endif
-
-static const char *
-expand_one_file(FILE *f, const char *cell)
-{
-    static char buf[1024];
-    char *p;
-
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if(buf[0] == '>') {
-	    for(p = buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++)
-		;
-	    *p = '\0';
-	    if(strncmp(buf + 1, cell, strlen(cell)) == 0)
-		return buf + 1;
-	}
-	buf[0] = '\0';
-    }
-    return NULL;
-}
-
-static const char *
-expand_cell_name(const char *cell)
-{
-    FILE *f;
-    const char *c;
-    const char **fn, *files[] = { _PATH_CELLSERVDB,
-				  _PATH_ARLA_CELLSERVDB,
-				  _PATH_OPENAFS_DEBIAN_CELLSERVDB,
-				  _PATH_ARLA_DEBIAN_CELLSERVDB,
-				  NULL };
-    for(fn = files; *fn; fn++) {
-	f = fopen(*fn, "r");
-	if(f == NULL)
-	    continue;
-	c = expand_one_file(f, cell);
-	fclose(f);
-	if(c)
-	    return c;
-    }
-    return cell;
-}
-
-#if 0
-static int
-createuser (char *cell)
-{
-    char cellbuf[64];
-    char name[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-    char cmd[1024];
-
-    if (cell == NULL) {
-	FILE *f;
-	int len;
-
-	f = fopen (_PATH_THISCELL, "r");
-	if (f == NULL)
-	    err (1, "open(%s)", _PATH_THISCELL);
-	if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
-	    err (1, "read cellname from %s", _PATH_THISCELL);
-	len = strlen(cellbuf);
-	if (cellbuf[len-1] == '\n')
-	    cellbuf[len-1] = '\0';
-	cell = cellbuf;
-    }
-
-    if(krb_get_default_principal(name, instance, realm))
-	errx (1, "Could not even figure out who you are");
-
-    snprintf (cmd, sizeof(cmd),
-	      "pts createuser %s%s%s@%s -cell %s",
-	      name, *instance ? "." : "", instance, strlwr(realm),
-	      cell);
-    DEBUG("Executing %s", cmd);
-    return system(cmd);
-}
-#endif
-
-static void
-usage(int ecode)
-{
-    arg_printusage(args, num_args, NULL, "[cell|path]...");
-    exit(ecode);
-}
-
-struct cell_list {
-    char *cell;
-    struct cell_list *next;
-} *cell_list;
-
-static int
-afslog_cell(const char *cell, int expand)
-{
-    struct cell_list *p, **q;
-    const char *c = cell;
-    if(expand){
-	c = expand_cell_name(cell);
-	if(c == NULL){
-	    warnx("No cell matching \"%s\" found.", cell);
-	    return -1;
-	}
-	if(verbose && strcmp(c, cell) != 0)
-	    warnx("Cell \"%s\" expanded to \"%s\"", cell, c);
-    }
-    /* add to list of cells to get tokens for, and also remove
-       duplicates; the actual afslog takes place later */
-    for(p = cell_list, q = &cell_list; p; q = &p->next, p = p->next)
-	if(strcmp(p->cell, c) == 0)
-	    return 0;
-    p = malloc(sizeof(*p));
-    if(p == NULL)
-	return -1;
-    p->cell = strdup(c);
-    if(p->cell == NULL) {
-	free(p);
-	return -1;
-    }
-    p->next = NULL;
-    *q = p;
-    return 0;
-}
-
-static int
-afslog_file(const char *path)
-{
-    char cell[64];
-    if(k_afs_cell_of_file(path, cell, sizeof(cell))){
-	warnx("No cell found for file \"%s\".", path);
-	return -1;
-    }
-    if(verbose)
-	warnx("File \"%s\" lives in cell \"%s\"", path, cell);
-    return afslog_cell(cell, 0);
-}
-
-static int
-do_afslog(const char *cell)
-{
-    int k5ret, k4ret;
-
-    k5ret = k4ret = 0;
-
-#ifdef KRB5
-    if(context != NULL && id != NULL && use_krb5) {
-	k5ret = krb5_afslog(context, id, cell, NULL);
-	if(k5ret == 0)
-	    return 0;
-    }
-#endif
-#if KRB4
-    if (use_krb4) {
-	k4ret = krb_afslog(cell, NULL);
-	if(k4ret == 0)
-	    return 0;
-    }
-#endif
-#ifdef KRB5
-    if (k5ret)
-	warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret));
-#endif
-#ifdef KRB4
-    if (k4ret)
-	warnx("krb_afslog(%s): %s", cell, krb_get_err_text(k4ret));
-#endif
-    if (k5ret || k4ret)
-	return 1;
-    return 0;
-}
-
-static void
-log_func(void *ctx, const char *str)
-{
-    fprintf(stderr, "%s\n", str);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int i;
-    int num;
-    int ret = 0;
-    int failed = 0;
-    struct cell_list *p;
-    
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(!k_hasafs())
-	errx(1, "AFS does not seem to be present on this machine");
-
-    if(unlog_flag){
-	k_unlog();
-	exit(0);
-    }
-#ifdef KRB5
-    ret = krb5_init_context(&context);
-    if (ret)
-	context = NULL;
-    else
-	if(krb5_cc_default(context, &id) != 0)
-	    id = NULL;
-#endif
-
-    if (verbose)
-	kafs_set_verbose(log_func, NULL);
-
-    num = 0;
-    for(i = 0; i < files.num_strings; i++){
-	afslog_file(files.strings[i]);
-	num++;
-    }
-    free_getarg_strings (&files);
-    for(i = 0; i < cells.num_strings; i++){
-	afslog_cell(cells.strings[i], 1);
-	num++;
-    }
-    free_getarg_strings (&cells);
-    for(i = optind; i < argc; i++){
-	num++;
-	if(strcmp(argv[i], ".") == 0 ||
-	   strcmp(argv[i], "..") == 0 ||
-	   strchr(argv[i], '/') ||
-	   access(argv[i], F_OK) == 0)
-	    afslog_file(argv[i]);
-	else
-	    afslog_cell(argv[i], 1);
-    }    
-    if(num == 0) {
-	if(do_afslog(NULL))
-	    failed++;
-    } else
-	for(p = cell_list; p; p = p->next) {
-	    if(verbose)
-		warnx("Getting tokens for cell \"%s\"", p->cell);
-	    if(do_afslog(p->cell))
-		failed++;
-    }
-
-    return failed;
-}
diff --git a/crypto/heimdal/appl/afsutil/pagsh.c b/crypto/heimdal/appl/afsutil/pagsh.c
deleted file mode 100644
index d61dba2fa1b1..000000000000
--- a/crypto/heimdal/appl/afsutil/pagsh.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: pagsh.c,v 1.6 2002/08/23 17:54:20 assar Exp $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <time.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#include <kafs.h>
-
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-static int help_flag;
-static int version_flag;
-static int c_flag;
-
-struct getargs getargs[] = {
-    { NULL,	'c', arg_flag, &c_flag },
-    { "version", 0,  arg_flag, &version_flag },
-    { "help",	'h', arg_flag, &help_flag },
-};
-
-static int num_args = sizeof(getargs) / sizeof(getargs[0]);
-
-static void
-usage(int ecode)
-{
-    arg_printusage(getargs, num_args, NULL, "command [args...]");
-    exit(ecode);
-}
-
-/*
- * Run command with a new ticket file / credentials cache / token
- */
-
-int
-main(int argc, char **argv)
-{
-  int f;
-  char tf[1024];
-  char *p;
-
-  char *path;
-  char **args;
-  int i;
-  int optind = 0;
-
-  set_progname(argv[0]);
-  if(getarg(getargs, num_args, argc, argv, &optind))
-      usage(1);
-  if(help_flag)
-      usage(0);
-  if(version_flag) {
-      print_version(NULL);
-      exit(0);
-  }
-
-  argc -= optind;
-  argv += optind;
-
-#ifdef KRB5
-  snprintf (tf, sizeof(tf), "%sXXXXXX", KRB5_DEFAULT_CCROOT);
-  f = mkstemp (tf + 5);
-  close (f);
-  unlink (tf + 5);
-  esetenv("KRB5CCNAME", tf, 1);
-#endif
-
-#ifdef KRB4
-  snprintf (tf, sizeof(tf), "%s_XXXXXX", TKT_ROOT);
-  f = mkstemp (tf);
-  close (f);
-  unlink (tf);
-  esetenv("KRBTKFILE", tf, 1);
-#endif
-
-  i = 0;
-
-  args = (char **) malloc((argc + 10)*sizeof(char *));
-  if (args == NULL)
-      errx (1, "Out of memory allocating %lu bytes",
-	    (unsigned long)((argc + 10)*sizeof(char *)));
-  
-  if(*argv == NULL) {
-    path = getenv("SHELL");
-    if(path == NULL){
-      struct passwd *pw = k_getpwuid(geteuid());
-      path = strdup(pw->pw_shell);
-    }
-  } else {
-    path = strdup(*argv++);
-  }
-  if (path == NULL)
-      errx (1, "Out of memory copying path");
-  
-  p=strrchr(path, '/');
-  if(p)
-    args[i] = strdup(p+1);
-  else
-    args[i] = strdup(path);
-
-  if (args[i++] == NULL)
-      errx (1, "Out of memory copying arguments");
-  
-  while(*argv)
-    args[i++] = *argv++;
-
-  args[i++] = NULL;
-
-  if(k_hasafs())
-    k_setpag();
-
-  unsetenv("PAGPID");
-  execvp(path, args);
-  if (errno == ENOENT) {
-      char **sh_args = malloc ((i + 2) * sizeof(char *));
-      int j;
-
-      if (sh_args == NULL)
-	  errx (1, "Out of memory copying sh arguments");
-      for (j = 1; j < i; ++j)
-	  sh_args[j + 2] = args[j];
-      sh_args[0] = "sh";
-      sh_args[1] = "-c";
-      sh_args[2] = path;
-      execv ("/bin/sh", sh_args);
-  }
-  err (1, "execvp");
-}
diff --git a/crypto/heimdal/appl/dceutils/ChangeLog b/crypto/heimdal/appl/dceutils/ChangeLog
deleted file mode 100644
index f8925c86ec36..000000000000
--- a/crypto/heimdal/appl/dceutils/ChangeLog
+++ /dev/null
@@ -1,27 +0,0 @@
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: rename dpagaix_LDFLAGS etc to appease automake
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (dpagaix): make sure of using $(EXEEXT) just to
-	please automake (this is aix-only code)
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (dpagaix): needs to be linked with ld, add an
-	explicit command for it.  from Ake Sandgren <ake@cs.umu.se>
-
-2000-10-02  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: link with roken on everything except irix, where
-	apperently it fails.  reported by Ake Sandgren <ake@cs.umu.se>
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: set compiler flags
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* imported stuff from Ake Sandgren <ake@cs.umu.se>
-
diff --git a/crypto/heimdal/appl/dceutils/Makefile b/crypto/heimdal/appl/dceutils/Makefile
deleted file mode 100644
index d24aba226fd6..000000000000
--- a/crypto/heimdal/appl/dceutils/Makefile
+++ /dev/null
@@ -1,620 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/dceutils/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.8 2002/08/12 15:03:43 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DFSPROGS = k5dcecon
-#AIX_DFSPROGS = dpagaix
-
-libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
-
-dpagaix_CFLAGS = $(dpagaix_cflags)
-dpagaix_LDFLAGS = $(dpagaix_ldflags)
-dpagaix_LDADD = $(dpagaix_ldadd)
-
-LIB_dce = -ldce
-
-k5dcecon_SOURCES = k5dcecon.c k5dce.h
-
-dpagaix_SOURCES = dpagaix.c
-
-#LDADD = $(LIB_dce)
-LDADD = $(LIB_roken) $(LIB_dce)
-subdir = appl/dceutils
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-#libexec_PROGRAMS = k5dcecon$(EXEEXT) dpagaix$(EXEEXT)
-libexec_PROGRAMS = k5dcecon$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-am_dpagaix_OBJECTS = dpagaix-dpagaix.$(OBJEXT)
-dpagaix_OBJECTS = $(am_dpagaix_OBJECTS)
-dpagaix_DEPENDENCIES =
-am_k5dcecon_OBJECTS = k5dcecon.$(OBJEXT)
-k5dcecon_OBJECTS = $(am_k5dcecon_OBJECTS)
-k5dcecon_LDADD = $(LDADD)
-#k5dcecon_DEPENDENCIES =
-k5dcecon_DEPENDENCIES =
-k5dcecon_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/dceutils/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-dpagaix-dpagaix.$(OBJEXT): dpagaix.c
-k5dcecon$(EXEEXT): $(k5dcecon_OBJECTS) $(k5dcecon_DEPENDENCIES) 
-	@rm -f k5dcecon$(EXEEXT)
-	$(LINK) $(k5dcecon_LDFLAGS) $(k5dcecon_OBJECTS) $(k5dcecon_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-dpagaix-dpagaix.o: dpagaix.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.o `test -f 'dpagaix.c' || echo '$(srcdir)/'`dpagaix.c
-
-dpagaix-dpagaix.obj: dpagaix.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.obj `cygpath -w dpagaix.c`
-
-dpagaix-dpagaix.lo: dpagaix.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.lo `test -f 'dpagaix.c' || echo '$(srcdir)/'`dpagaix.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-dpagaix$(EXEEXT): $(dpagaix_OBJECTS)
-	ld -edpagaix -o dpagaix$(EXEEXT) $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/dceutils/Makefile.am b/crypto/heimdal/appl/dceutils/Makefile.am
deleted file mode 100644
index bf795204b2dd..000000000000
--- a/crypto/heimdal/appl/dceutils/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-# $Id: Makefile.am,v 1.8 2002/08/12 15:03:43 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-
-DFSPROGS = k5dcecon
-if AIX
-AIX_DFSPROGS = dpagaix
-endif
-
-libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
-
-dpagaix_CFLAGS = $(dpagaix_cflags)
-dpagaix_LDFLAGS = $(dpagaix_ldflags)
-dpagaix_LDADD = $(dpagaix_ldadd)
-
-dpagaix$(EXEEXT): $(dpagaix_OBJECTS)
-	ld -edpagaix -o dpagaix$(EXEEXT) $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
-
-LIB_dce = -ldce
-
-k5dcecon_SOURCES  = k5dcecon.c k5dce.h
-
-dpagaix_SOURCES = dpagaix.c
-
-if IRIX
-LDADD = $(LIB_dce)
-else
-LDADD = $(LIB_roken) $(LIB_dce)
-endif
diff --git a/crypto/heimdal/appl/dceutils/Makefile.in b/crypto/heimdal/appl/dceutils/Makefile.in
deleted file mode 100644
index 5da1f32fc651..000000000000
--- a/crypto/heimdal/appl/dceutils/Makefile.in
+++ /dev/null
@@ -1,620 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.8 2002/08/12 15:03:43 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DFSPROGS = k5dcecon
-@AIX_TRUE@AIX_DFSPROGS = dpagaix
-
-libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
-
-dpagaix_CFLAGS = $(dpagaix_cflags)
-dpagaix_LDFLAGS = $(dpagaix_ldflags)
-dpagaix_LDADD = $(dpagaix_ldadd)
-
-LIB_dce = -ldce
-
-k5dcecon_SOURCES = k5dcecon.c k5dce.h
-
-dpagaix_SOURCES = dpagaix.c
-
-@IRIX_TRUE@LDADD = $(LIB_dce)
-@IRIX_FALSE@LDADD = $(LIB_roken) $(LIB_dce)
-subdir = appl/dceutils
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-@AIX_TRUE@libexec_PROGRAMS = k5dcecon$(EXEEXT) dpagaix$(EXEEXT)
-@AIX_FALSE@libexec_PROGRAMS = k5dcecon$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-am_dpagaix_OBJECTS = dpagaix-dpagaix.$(OBJEXT)
-dpagaix_OBJECTS = $(am_dpagaix_OBJECTS)
-dpagaix_DEPENDENCIES =
-am_k5dcecon_OBJECTS = k5dcecon.$(OBJEXT)
-k5dcecon_OBJECTS = $(am_k5dcecon_OBJECTS)
-k5dcecon_LDADD = $(LDADD)
-@IRIX_TRUE@k5dcecon_DEPENDENCIES =
-@IRIX_FALSE@k5dcecon_DEPENDENCIES =
-k5dcecon_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/dceutils/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-dpagaix-dpagaix.$(OBJEXT): dpagaix.c
-k5dcecon$(EXEEXT): $(k5dcecon_OBJECTS) $(k5dcecon_DEPENDENCIES) 
-	@rm -f k5dcecon$(EXEEXT)
-	$(LINK) $(k5dcecon_LDFLAGS) $(k5dcecon_OBJECTS) $(k5dcecon_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-dpagaix-dpagaix.o: dpagaix.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.o `test -f 'dpagaix.c' || echo '$(srcdir)/'`dpagaix.c
-
-dpagaix-dpagaix.obj: dpagaix.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.obj `cygpath -w dpagaix.c`
-
-dpagaix-dpagaix.lo: dpagaix.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.lo `test -f 'dpagaix.c' || echo '$(srcdir)/'`dpagaix.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-dpagaix$(EXEEXT): $(dpagaix_OBJECTS)
-	ld -edpagaix -o dpagaix$(EXEEXT) $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/dceutils/README.dcedfs b/crypto/heimdal/appl/dceutils/README.dcedfs
deleted file mode 100644
index 80a06fec9ab0..000000000000
--- a/crypto/heimdal/appl/dceutils/README.dcedfs
+++ /dev/null
@@ -1,59 +0,0 @@
-This is a set of patches and files to get a DFS ticket from a k5 ticket.
-This code comes from Doug Engert, Argonne Nat. Lab (See dce/README.original
-for more info)
-
-The files in dce are;
-testpag: for testing if this is at all possible.
-k5dfspag: included in libkrb5
-k5dcecon: Creates (or searches for) the actual DFSPAG ticketfile.
-dpagaix: An AIX syscall stub.
-README.original: Original README file from Doug Engert
-
-
-Certain applications (rshd/telnetd) have been patched to call the
-functions in k5dfspag when the situation is right. They are ifdef
-with DCE. The patches are also originally from Doug but they
-where against MIT krb5 code and have been merged into heimdal by me.
-I will try to fix ftpd soon...
-
-There is also an ifdefs for DCE && AIX that can be used to make AIX
-use DCE for getting group/passwd entries. This is needed if one is running
-with a bare bones passwd/group file and AUTHSTATE set to DCE (This will be
-more or less clear to people doing this...) I have forced this on for now.
-
-k5dfspag.c is in lib/krb5
-k5dfspag.c is dependent on DCE only.
-It is also POSIX systems only. There are defines for the location of
-k5dcecon and dpagaix that needs a correct configure setting.
-
-k5dcecon needs no special things for the compile except whatever is needed
-on the target system to compile dce programs.
-(On aix the dce compile flags are: -D_THREAD_SAFE -D_AIX32_THREADS=1 -D_AIX41 -D_AES_SOURCE or one can use xlc_r4 if it is version 3.6.4 or later)
-
-k5dcecon wants the following libs (on aix 4.3):
--ldce (and setenv from somewhere)
-
-dpagaix is only needed on AIX (see k5dfspag.c).
-dpagaix needs dfspag.exp and is linked with
-ld -edpagaix -o dpagaix dpagaix.o dfspag.exp
-
-
-Hope to get this into heimdal soon :-) although I know that you will have to
-change some things to get it cleanly into configure. Since I don't know the
-structure of the code (heimdal), nor enough of configure, good enough I
-just won't try it myself.
-
-One more thing, to get this to work one has to put fcache_version = x in
-krb5.conf where x = whatever the DCE implementation understands, (usually
-1 or 2).
-Thanks for adding that...
-
-
-�ke Sandgren (ake@hpc2n.umu.se)
-HPC2N
-Ume� University
-Sweden
-
-PS
-I have now added patches for configure.in and some Makefile.am's to get this
-all cleanly (I hope) into heimdal.
diff --git a/crypto/heimdal/appl/dceutils/README.original b/crypto/heimdal/appl/dceutils/README.original
deleted file mode 100644
index 088702307a38..000000000000
--- a/crypto/heimdal/appl/dceutils/README.original
+++ /dev/null
@@ -1,335 +0,0 @@
-KERBEROS and DCE INTEROPERABILITY ROUTINES
-
-WHAT'S NEW
-
-When k5dcecon was examining the ticket caches looking to 
-update one with a newer TGT, it might update the wrong
-one for the correct user.  This problem was reported by PNNL,
-and is now fixed.
-
-Any Kerberized application can now use a forwarded TGT to establish a
-DCE context, or can use a previously established DCE context. This is
-both a functional improvement and a performance improvement.
-
-BACKGROUND
-
-The MIT Kerberos 5 Release 1.x and DCE 1.1 can interoperate in a
-number of ways. This is possible because:
-
- o DCE used Kerberos 5 internally. Based on the MIT code as of beta 4
-   or so, with additional changes. 
-
- o The DCE security server can act as a K5 KDC, as defined in RFC 1510
-   and responds on port 88. 
-
- o On the clients, DCE and Kerberos use the same format for the ticket
-   cache, and then can share it. The KRB5CCNAME environment variable points
-   at the cache.   
- 
- o On the clients, DCE and Kerberos use the same format for the srvtab
-   file. DCE refers to is a /krb5/v5srvtab and Kerberos as
-   /etc/krb5.keytab. They can be symlinked.  
-
- o MIT has added many options to the krb5.conf configuration file
-   which allows newer features of Release 1.0 to be turned off to match
-   the earlier version of Kerberos upon which DCE is based. 
-
- o DCE will accept a externally obtained Kerberos TGT in place of a
-   password when establishing a DCE context. 
-
-There are some areas where they differ, including the following:
- 
- o Administration of the database and the keytab files is done by the
-   DCE routines, rather the the Kerberos kadmin.
-
- o User password changes must be done using the DCE commands. Kpasswd
-   does not work. (But there are mods to Kerberos to use the v5passwd 
-   with DCE.  
-
- o DCE goes beyond authentication only, and provides authorization via
-   the PAC, and the dce-ptgt tickets stored in the cache. Thus a
-   Kerberos KDC can not act as a DCE security server. 
-
- o A DCE cell and Kerberos realm can cross-realm authenticate, but 
-   there can be no intermediate realms. (There are other problems
-   in this area as well. But directly connected realms/cells do work.)
-
- o You can't link a module with the DCE library and the Kerberos
-   library. They have conflicting routines, static data and structures.  
- 
-One of the main features of DCE is the Distributed File System
-DFS. Access to DFS requires authentication and authorization, and when
-one uses a Kerberized network utility such as telnet, a forwarded
-Kerberos ticket can be used to establish the DCE context to allow
-access to DFS.  
-
-
-NEW TO THIS RELEASE
-
-This release introduces sharing of a DCE context, and PAG, and allows
-any Kerberized application to establish or share the context. This is
-made possible by using an undocumented feature of DCE which is on at
-least the Transarc and IBM releases of DCE 1.1.
-
-I am in the process of trying to get this contributed to the general
-DCE 1.2.2 release as a patch, so it could be included in other vendors
-products.  HP has expressed interest in doing this, as well as the
-OpenGroup if the modification is contributed. You can help by
-requesting Transarc and/or IBM to submit this modification to the
-OpenGroup and ask your vendor to adopt this modification.
-
-The feature is a modification to the setpag() system call which will
-allow an authorized process to set the PAG to a specific value, and
-thus allow unrelated processes to share the same PAG.
-
-This then allows the Kerberized daemons such as kshd, to exec a DCE
-module which established the DCE context. Kshd then sets the
-KRB5CCNAME environment variable and then issues the setpag() to use
-this context. This solves the linking problem. This is done via the
-k5dfspag.c routine.
-
-The k5dfspag.c code is compiled with the lib/krb5/os routines and
-included in the libkrb5. A daemon calls krb5_dfs_pag after the
-krb5_kuserok has determined that the Kerberos principal and local
-userid pair are acceptable. This should be done early so as to give
-the daemon access to the home directory which may be located on DFS.  
-If the .k5login file is used by krb5_kuserok it will need to be
-accessed by the daemon and will need special ACL handling.  
-
-The krb5_dfs_pag routine will exec the k5dcecon module to do all the
-real work. Upon return, if a PAG is obtained, krb5_dfs_pag with set
-the PAG for the current process to the returned PAG value. It will
-also set the KRB5CCNAME environment as well. Under DCE the PAG value
-is the nnnnnnn part of the name of the cache:
-FILE:/opt/dcelocal/var/security/creds/dcecred_nnnnnnnn. 
-
-The k5dcecon routine will attempt to use TGT which may have been
-forwarded, to convert it to a DCE context. If there is no TGT, an
-attempt will be made to join an existing PAG for the local userid, and
-Kerberos principal. If there are existing PAGs, and a forwarded TGT,
-k5dcecon will check the lifetime of the forwarded TGT, and if it is
-less than the lifetime of the PAG, it will just join the PAG. If it
-is greater, it will refresh the PAG using the forwarded TGT. 
-This approach has the advantage of not requiring many new tickets from
-having to be obtained, and allows one to refresh a DCE context, or use
-an already established context. 
-
-If the system also has AFS, the AFS krb5_afs_pag should be called
-after the krb5_dfs_pag, since cache pointed at via the KRB5CCNAME may
-have changed, such as if a DFS PAG has been joined. The AFS code does
-not have the capability to join an existing AFS PAG, but can use the
-same cache which might already had a
-afsx/<afs.cell.name>@<k5.realm.name> service ticket.
-
-
-WHAT'S IN THIS RELEASE
-
-The k5prelogin, k5dcelogin, k5afslogin (with ak5log) were designed to
-be slipped in between telnetd or klogind and login.krb5. They would
-use a forwarded Kerberos ticket to establish a DCE context.  They are
-the older programs which are included here. They work on all DCE
-platforms, and don't take advantage of the undocumented setpag
-feature. (A version of k5dcelogin is being included with DCE 1.2.2)
- 
-K5dcecon is the new program which can be used to create, update or
-join a DCE context. k5dcecon returns KRB5CCNAME string which contains
-the PAG.
-
-k5dfspag.c is to be built in the MIT Kerberos 5 release 1.0 patchlevel
-1 and added to the libkrb5. It will exec k5dcecon and upon return set
-the KRB5CCNAME and PAG. Mods to Kerberized klogind, rshd, telnetd,
-ftpd are available to use the k5dfspag. 
-
-Testpag.c is a test programs to see if the PAG can be set.
-
-The cpwkey.c routine can be used to change a key in the DCE registry,
-by adding the key directly, or by setting the salt/pepper and password
-or by providing the key and the pepper. This could be useful when
-coping keys from a K4 or AFS database to DCE. It can also be used when
-setting a DCE to K5 cross-cell key.  This program is a test program
-For mass inserts, it should be rewritten to read from stdin.
-
-K5dcelogin can also be called directly, much like dce_login.
-I use the following commands in effect do the same thing as dce_login
-and get a forwardable ticket, DCE context and an AFS token:
-
-  #!/bin/csh
-  # simulate a dce_login using krb5 kinit and k5dcelogin
-  #
-  setenv KRB5CCNAME FILE:/tmp/krb5cc_p$$
-  /krb5/bin/kinit -f
-  exec /krb5/sbin/k5dcelogin /krb5/sbin/k5afslogin /bin/csh
-  #exec /krb5/sbin/k5dcelogin  /bin/csh
-
-This could be useful in a mixed cell where "AS_REQ" messages are
-handled by a K5 KDC, but DCE RPCs are handled by the DCE security
-server.
-
-TESTING THE SETPAG
-
-The krb5_dfs_pag routine relies on an undocumented feature which is
-in the AIX and Transarc Solaris ports of DCE and has been recently
-added to the SGI version.  To test if this feature is present 
-on some other DFS implementation use the testpag routine. 
-
-The testpag routine attempts to set a PAG value to one you supply. It
-uses the afs_syscall with the afs_setpag, and passes the supplied 
-PAG value as the next parameter. On an unmodifed system, this 
-will be ignored, and a new will be set. You should also check that
-if run as a user, you cannot join a PAG owned by another user. 
-When run as root, any PAG should be usable. 
-
-On a machine with DFS running, do a dce_login to get a DCE context and
-PAG. ECHO the KRB5CCNAME and look at the nnnnnnnn at the end. It
-should look like an 8 char hex value, which may be 41ffxxxx on some
-systems. 
-
-Su to root and unsetenv KRB5CCNAME. Do a testpag -n nnnnnnnn where
-nnnnnnnn is the PAG obtained for the above name. 
-
-It should look like this example on an AIX 4.1.4 system:
-
-   pembroke# ./testpag -n 63dc9997
-   calling k5dcepag newpag=63dc9997
-   PAG returned = 63dc9997
-
-You will be running under a new shell with the PAG and KRB5CCNAME set.
-If the PAG returned is the same as the newpag, then it worked. You can
-further verify this by doing a DCE klist, cd to DFS and a DCE klist
-again. The klist should show some tickets for DFS servers.
-
-If the PAG returned is not the same, and repeated attempts show a
-returned PAG decremented by 1 from the previous returned PAG, then
-this system does not have the modification For example: 
- 
-   # ./testpag -n 41fffff9
-   calling k5dcepag newpag=41fffff9
-   PAG returned = 41fffff8
-   # ./testpag -n 41fffff9
-   calling k5dcepag newpag=41fffff9
-   PAG returned = 41fffff7
-
-In this case the syscall is ignoring the newpag parameter. 
-
-Running it with -n 0 should get the next PAG value with or without
-this modification. 
-
-If the DFS kernel extensions are not installed, you would get
-something like this:
-
-  caliban.ctd.anl.gov% ./testpag -n 012345678
-  calling k5dcepag newpag=012345678
-  Setpag failed with a system error
-  PAG returned = ffffffff
-  Not a good pag value
-
-If you DFS implementation does not have this modification, you could
-attempt to install it yourself. But this requires source and requires
-modifications to the kernel extensions. At the end of this note is an
-untested sample using the DCE 1.2.2 source code. You can also contact
-your system vendor and ask for this modification.
-
-UNICOS has a similar function setppag(newpag) which can be used to set
-the PAG of the parent. Contact me if you are interested. 
-
-HOW TO INSTALL
-
-Examine the k5dfspag.c file to make sure the DFS syscalls are correct
-for your platform. See the /opt/dcelocal/share/include/dcedfs/syscall.h
-on Solaris for example. 
-
-You should build the testpag routine and make sure it works before 
-adding all the other mods. If it fails you can still use the klogind
-and telnetd with the k5prelogin and k5dcelogin code. 
-
-If you intend to install with a prefix other than /krb5, change:
-DPAGAIX and K5DCECON in k5dfspag.c; the three references in
-k5prelogin.c; and the DESTDIR in the Makefile.
-
-Get k5101.cdiff.xxxxxx.tar file and install the mods for ANL_DFS_PAG
-and ANL_DCE to the MIT Kerberos 5 source. These mods turn on some DCE
-related changes and the calls to krb5_dfs_pag. 
-
-Symlink or copy the k5dfspag.c to the src/lib/krb5/os directory. 
-
-Add the -DANL_DFS_PAG and -DANL_DCE flags to the configuration. 
-
-Configure and Build the Kerberos v5. 
-
-Modify the k5dce Makefile for your system. 
-
-Build the k5dcecon and related programs. 
-
-Install both the MIT Kerberos v5 and the k5dcecon and dpagaix if AIX.    
-
-The makefile can also build k5dcelogin and k5prelogin.  The install
-can install k5dcelogin, k5prelogin and update the links for login.krb5
--> k5prelogin and moving login.krb5 to login.k5. If you will be using
-the k5dcecon/k5dfspag with the Kerberos mods, you don't need
-k5prelogin, or the links changed, and may not need k5dcelogin.
-
-Note that Transarc has obfuscated the entries to the lib, and 
-the 1.0.3a is different from the 1.1. You may need to build two
-versions of the k5dcelogin and/or k5dcecon one for each. 
-
-AIX ONLY
-
-The dpagaix routine is needed for AIX because of the way they do the 
-syscalls. 
-
-The following fix.aix.libdce.mk is not needed if dce 2.1.0.21
-has been installed. This PTF exposed the needed entrypoints. 
-
-The fix.aix.libdce.mk is a Makefile for AIX 4.x to add the required
-external entry points to the libdce.a.  These are needed by k5dcecon
-and k5dcelogin.  A bug report was submitted to IBM on this, and it was
-rejected. But since DCE 1.2.2 will have a k5dcelogin, this should not
-be needed with 1.2.2
-
-Copy /usr/lib/libdce.a to /usr/libdce.a.orig before starting. Copy the
-makefile to its own directory. It will create a new libdce.a which you
-need to copy back to /usr/lib/libdce.a You will need to reboot the
-machine.  See the /usr/lpp/dce/examples/inst/README.AIX for a similar
-procedure.  IBM was not responsive in a request to have these added.
-
-UNTESTED KERNEL EXTENSION FOR SETPAG
-
-*** src/file/osi/,osi_pag.c  Wed Oct  2 13:03:05 1996
---- src/file/osi/osi_pag.c   Mon Jul 28 13:53:13 1997
-***************
-*** 293,298 ****
---- 293,302 ----
-      int code;
-  
-      osi_MakePreemptionRight();
-+    /* allow sharing of a PAG by non child processes DEE- 6/6/97 */
-+    if (unused && osi_GetUID(osi_getucred()) == 0) {
-+     newpag = unused;
-+    } else {
-      osi_mutex_enter(&osi_pagLock);
-      now = osi_Time();
-      soonest = osi_firstPagTime +
-***************
-*** 309,314 ****
---- 313,319 ----
-      }
-      osi_mutex_exit(&osi_pagLock);
-      newpag = osi_genpag();
-+    }
-      osi_pcred_lock(p);
-      credp = crcopy(osi_getucred());
-      code = osi_SetPagInCred(credp, newpag);
-
-Created     07/08/96
-Modified    09/30/96
-Modified    11/19/96
-Modified    12/19/96
-Modified    06/20/97
-Modified    07/28/97
-Modified    02/18/98
-
- Douglas E. Engert  <DEEngert@anl.gov>
- Argonne National Laboratory
- 9700 South Cass Avenue
- Argonne, Illinois  60439 
- (630) 252-5444
diff --git a/crypto/heimdal/appl/dceutils/compile b/crypto/heimdal/appl/dceutils/compile
deleted file mode 100755
index d4a34aa0ef97..000000000000
--- a/crypto/heimdal/appl/dceutils/compile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! /bin/sh
-
-# Wrapper for compilers which do not understand `-c -o'.
-
-# Copyright 1999, 2000 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-# Usage:
-# compile PROGRAM [ARGS]...
-# `-o FOO.o' is removed from the args passed to the actual compile.
-
-prog=$1
-shift
-
-ofile=
-cfile=
-args=
-while test $# -gt 0; do
-   case "$1" in
-    -o)
-       ofile=$2
-       shift
-       ;;
-    *.c)
-       cfile=$1
-       args="$args $1"
-       ;;
-    *)
-       args="$args $1"
-       ;;
-   esac
-   shift
-done
-
-test -z "$ofile" && {
-   echo "compile: no \`-o' option seen" 1>&2
-   exit 1
-}
-
-test -z "$cfile" && {
-   echo "compile: no \`.c' file seen" 1>&2
-   exit 1
-}
-
-# Name of file we expect compiler to create.
-cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
-
-# Create the lock directory.
-lockdir=`echo $ofile | sed -e 's|/|_|g'`
-while true; do
-   if mkdir $lockdir > /dev/null 2>&1; then
-      break
-   fi
-   sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir $lockdir; exit 1" 1 2 15
-
-# Run the compile.
-"$prog" $args
-status=$?
-
-if test -f "$cofile"; then
-   mv "$cofile" "$ofile"
-fi
-
-rmdir $lockdir
-exit $status
diff --git a/crypto/heimdal/appl/dceutils/dfspag.exp b/crypto/heimdal/appl/dceutils/dfspag.exp
deleted file mode 100644
index ed39788d5ed0..000000000000
--- a/crypto/heimdal/appl/dceutils/dfspag.exp
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/unix
-* kernel extentions used to get the pag
-kafs_syscall syscall
diff --git a/crypto/heimdal/appl/dceutils/dpagaix.c b/crypto/heimdal/appl/dceutils/dpagaix.c
deleted file mode 100644
index cbc23cb880f7..000000000000
--- a/crypto/heimdal/appl/dceutils/dpagaix.c
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * dpagaix.c
- * On AIX we need to get the kernel extentions
- * with the DFS kafs_syscall in it. 
- * We might be running on a system
- * where DFS is not active. 
- * So we use this dummy routine which 
- * might not load to do the dirty work
- *
- * DCE does this with the /usr/lib/drivers/dfsloadobj 
- *
- */
- 
- int dpagaix(parm1, parm2, parm3, parm4, parm5, parm6)
-   int parm1;
-   int parm2;
-   int parm3;
-   int parm4;
-   int parm5;
-   int parm6;
- {
-   return(kafs_syscall(parm1, parm2, parm3, parm4, parm5, parm6));
- }
diff --git a/crypto/heimdal/appl/dceutils/k5dce.h b/crypto/heimdal/appl/dceutils/k5dce.h
deleted file mode 100644
index 424ebdc0da98..000000000000
--- a/crypto/heimdal/appl/dceutils/k5dce.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/* dummy K5 routines which are needed to get this to 
- * compile without having access ti the DCE versions 
- * of the header files.
- * Thiis is very crude, and OSF needs to expose the K5
- * API.
- */
-
-#ifdef sun
-/* Transarc obfascates these routines */
-#ifdef DCE_1_1
-
-#define krb5_init_ets                   _dce_PkjKqOaklP 
-#define krb5_copy_creds                 _dce_LuFxPiITzD
-#define krb5_unparse_name               _dce_LWHtAuNgRV
-#define krb5_get_default_realm          _dce_vDruhprWGh
-#define krb5_build_principal            _dce_qwAalSzTtF
-#define krb5_build_principal_ext        _dce_vhafIQlejW
-#define krb5_build_principal_va         _dce_alsqToMmuJ
-#define krb5_cc_default                 _dce_KZRshhTXhE
-#define krb5_cc_default_name            _dce_bzJVAjHXVQ
-#define sec_login_krb5_add_cred			_dce_ePDtOJTZvU
-
-#else /* DCE 1.0.3a */
-
-#define krb5_init_ets                   _dce_BmLRpOVsBo
-#define krb5_copy_creds                 _dce_VGwSEBNwaf
-#define krb5_unparse_name               _dce_PgAOkJoMXA
-#define krb5_get_default_realm          _dce_plVOzStKyK
-#define krb5_build_principal            _dce_uAKSsluIFy
-#define krb5_build_principal_ext        _dce_tRMpPiRada
-#define krb5_build_principal_va         _dce_SxnLejZemH
-#define krb5_cc_default                 _dce_SeKosWFnsv
-#define krb5_cc_default_name            _dce_qJeaphJWVc
-#define sec_login_krb5_add_cred         _dce_uHwRasumsN
-
-#endif
-#endif
-
-/* Define the bare minimum k5 structures which are needed
- * by this program. Since the krb5 includes are not supplied 
- * with DCE, these were based on the MIT Kerberos 5 beta 3
- * which should match the DCE as of 1.0.3 at least.
- * The tricky one is the krb5_creds, since one is allocated
- * by this program, and it needs access to the client principal
- * in it.
- * Note that there are no function prototypes, so there is no 
- * compile time checking.
- * DEE 07/11/95
- */
-#define     NPROTOTYPE(x) () 
-typedef int krb5_int32;  /* assuming all DCE systems are 32 bit */
-typedef short krb5short; /* assuming short is 16 bit */
-typedef krb5_int32      krb5_error_code;
-typedef unsigned char   krb5_octet;
-typedef krb5_octet      krb5_boolean;
-typedef krb5short       krb5_keytype; /* in k5.2 it's a short */
-typedef krb5_int32      krb5_flags;
-typedef krb5_int32  krb5_timestamp;
-
-typedef char * krb5_pointer;  /* pointer to unexposed data */
-
-typedef struct _krb5_ccache {
-    struct _krb5_cc_ops *ops;
-    krb5_pointer data;
-} *krb5_ccache;
-
-typedef struct _krb5_cc_ops {
-    char *prefix;
-    char *(*get_name) NPROTOTYPE((krb5_ccache));
-    krb5_error_code (*resolve) NPROTOTYPE((krb5_ccache *, char *));
-    krb5_error_code (*gen_new) NPROTOTYPE((krb5_ccache *));
-    krb5_error_code (*init) NPROTOTYPE((krb5_ccache, krb5_principal));
-    krb5_error_code (*destroy) NPROTOTYPE((krb5_ccache));
-    krb5_error_code (*close) NPROTOTYPE((krb5_ccache));
-    krb5_error_code (*store) NPROTOTYPE((krb5_ccache, krb5_creds *));
-    krb5_error_code (*retrieve) NPROTOTYPE((krb5_ccache, krb5_flags,
-                   krb5_creds *, krb5_creds *));
-    krb5_error_code (*get_princ) NPROTOTYPE((krb5_ccache,
-                        krb5_principal *));
-    krb5_error_code (*get_first) NPROTOTYPE((krb5_ccache,
-                        krb5_cc_cursor *));
-    krb5_error_code (*get_next) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *,
-                   krb5_creds *));
-    krb5_error_code (*end_get) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *));
-    krb5_error_code (*remove_cred) NPROTOTYPE((krb5_ccache, krb5_flags,
-                      krb5_creds *));
-    krb5_error_code (*set_flags) NPROTOTYPE((krb5_ccache, krb5_flags));
-} krb5_cc_ops;
-
-typedef struct _krb5_keyblock {
-	krb5_keytype keytype;
-	int length;
-	krb5_octet *contents;
-} krb5_keyblock;
-
-typedef struct _krb5_ticket_times {
-	krb5_timestamp authtime;
-	krb5_timestamp starttime;
-	krb5_timestamp endtime;
-	krb5_timestamp renew_till;
-} krb5_ticket_times;
-
-typedef krb5_pointer krb5_cc_cursor;
-
-typedef struct _krb5_data {
-   int length;
-   char *data;
-} krb5_data;
-
-typedef struct _krb5_authdata {
-   int ad_type;
-   int length;
-   krb5_octet *contents;
-} krb5_authdata;
-
-typedef struct _krb5_creds {
-    krb5_pointer client;
-    krb5_pointer server;
-    krb5_keyblock keyblock;
-    krb5_ticket_times times;
-    krb5_boolean is_skey;
-    krb5_flags ticket_flags;
-    krb5_pointer **addresses;
-    krb5_data ticket;
-    krb5_data second_ticket;
-    krb5_pointer **authdata;
-} krb5_creds;
-
-typedef krb5_pointer krb5_principal; 
- 
-#define KRB5_CC_END                              336760974
-#define KRB5_TC_OPENCLOSE              0x00000001
-
-/* Ticket flags */
-/* flags are 32 bits; each host is responsible to put the 4 bytes
-   representing these bits into net order before transmission */
-/* #define  TKT_FLG_RESERVED    0x80000000 */
-#define TKT_FLG_FORWARDABLE     0x40000000
-#define TKT_FLG_FORWARDED       0x20000000
-#define TKT_FLG_PROXIABLE       0x10000000
-#define TKT_FLG_PROXY           0x08000000
-#define TKT_FLG_MAY_POSTDATE    0x04000000
-#define TKT_FLG_POSTDATED       0x02000000
-#define TKT_FLG_INVALID         0x01000000
-#define TKT_FLG_RENEWABLE       0x00800000
-#define TKT_FLG_INITIAL         0x00400000
-#define TKT_FLG_PRE_AUTH        0x00200000
-#define TKT_FLG_HW_AUTH         0x00100000
-#ifdef PK_INIT
-#define TKT_FLG_PUBKEY_PREAUTH          0x00080000
-#define TKT_FLG_DIGSIGN_PREAUTH         0x00040000
-#define TKT_FLG_PRIVKEY_PREAUTH         0x00020000
-#endif
-
-
-#define krb5_cc_get_principal(cache, principal) (*(cache)->ops->get_princ)(cache, principal)
-#define krb5_cc_set_flags(cache, flags) (*(cache)->ops->set_flags)(cache, flags)
-#define krb5_cc_get_name(cache) (*(cache)->ops->get_name)(cache)
-#define krb5_cc_start_seq_get(cache, cursor) (*(cache)->ops->get_first)(cache, cursor)
-#define krb5_cc_next_cred(cache, cursor, creds) (*(cache)->ops->get_next)(cache, cursor, creds)
-#define krb5_cc_destroy(cache) (*(cache)->ops->destroy)(cache)
-#define krb5_cc_end_seq_get(cache, cursor) (*(cache)->ops->end_get)(cache, cursor)
-
-/* end of k5 dummy typedefs */
-
diff --git a/crypto/heimdal/appl/dceutils/k5dcecon.c b/crypto/heimdal/appl/dceutils/k5dcecon.c
deleted file mode 100644
index 99310bb34c4c..000000000000
--- a/crypto/heimdal/appl/dceutils/k5dcecon.c
+++ /dev/null
@@ -1,791 +0,0 @@
-/*
- * (c) Copyright 1995 HEWLETT-PACKARD COMPANY
- * 
- * To anyone who acknowledges that this file is provided 
- * "AS IS" without any express or implied warranty:
- * permission to use, copy, modify, and distribute this 
- * file for any purpose is hereby granted without fee, 
- * provided that the above copyright notice and this 
- * notice appears in all copies, and that the name of 
- * Hewlett-Packard Company not be used in advertising or 
- * publicity pertaining to distribution of the software 
- * without specific, written prior permission.  Hewlett-
- * Packard Company makes no representations about the 
- * suitability of this software for any purpose.
- *
- */
-/*
- * k5dcecon - Program to convert a K5 TGT to a DCE context,
- * for use with DFS and its PAG.
- * 
- * The program is designed to be called as a sub process, 
- * and return via stdout the name of the cache which implies 
- * the PAG which should be used. This program itself does not 
- * use the cache or PAG itself, so the PAG in the kernel for 
- * this program may not be set. 
- * 
- * The calling program can then use the name of the cache
- * to set the KRB5CCNAME and PAG for its self and its children. 
- *
- * If no ticket was passed, an attemplt to join an existing
- * PAG will be made. 
- * 
- * If a forwarded K5 TGT is passed in, either a new DCE 
- * context will be created, or an existing one will be updated.
- * If the same ticket was already used to create an existing
- * context, it will be joined instead. 
- * 
- * Parts of this program are based on k5dceauth,c which was
- * given to me by HP and by the k5dcelogin.c which I developed. 
- * A slightly different version of k5dcelogin.c, was added to
- * DCE 1.2.2
- * 
- * D. E. Engert 6/17/97 ANL
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <locale.h>
-#include <pwd.h>
-#include <string.h>
-#include <time.h>
-
-#include <errno.h>
-#include "k5dce.h"
-
-#include <dce/sec_login.h>
-#include <dce/dce_error.h>
-#include <dce/passwd.h>
-
-/* #define DEBUG */
-#if defined(DEBUG)
-#define DEEDEBUG(A) fprintf(stderr,A); fflush(stderr)
-#define DEEDEBUG2(A,B) fprintf(stderr,A,B); fflush(stderr)
-#else
-#define DEEDEBUG(A)
-#define DEEDEBUG2(A,B)
-#endif
-
-#ifdef __hpux
-#define seteuid(A)		setresuid(-1,A,-1);
-#endif
-
-
-int k5dcecreate (uid_t, char *, char*, krb5_creds **);
-int k5dcecon (uid_t, char *, char *);
-int k5dcegettgt (krb5_ccache *, char *, char *, krb5_creds **);
-int k5dcematch (uid_t, char *, char *, off_t *, krb5_creds **);
-int k5dcesession (uid_t, char *, krb5_creds **, int *,krb5_flags);
-
-
-char *progname = "k5dcecon";
-static time_t now;
-
-#ifdef notdef
-#ifdef _AIX
-/*---------------------------------------------*/
- /* AIX with DCE 1.1 does not have the com_err in the libdce.a
-  * do a half hearted job of substituting for it. 
-  */ 
-void com_err(char *p1, int code, ...) 
-{
-    int lst;
-    dce_error_string_t  err_string;
-    dce_error_inq_text(code, err_string, &lst);
-    fprintf(stderr,"Error %d in %s: %s\n", code, p1, err_string );
-}
-
-/*---------------------------------------------*/
-void krb5_init_ets()
-{
-
-}
-#endif
-#endif
-
-
-/*------------------------------------------------*/
-/* find a cache to use  for our new pag           */
-/* Since there is no simple way to determine which
- * caches are associated with a pag, we will have
- * do look around and see what makes most sense on 
- * different systems. 
- * on a Solaris system, and in the DCE source, 
- * the pags always start with a 41. 
- * this is not true on the IBM, where there does not
- * appear to be any pattern. 
- * 
- * But since we are always certifing our creds when
- * they are received, we can us that fact, and look
- * at the first word of the associated data file
- * to see that it has a "5". If not don't use. 
- */
-
-int k5dcesession(luid, pname, tgt, ppag, tflags)
-  uid_t luid;
-  char *pname;
-  krb5_creds **tgt;
-  int *ppag;
-  krb5_flags tflags;
-{
-  DIR *dirp;
-  struct dirent *direntp;
-  off_t size;
-  krb5_timestamp endtime;
-  int better = 0;
-  krb5_creds *xtgt;
-
-  char prev_name[17] = "";  
-  krb5_timestamp prev_endtime;
-  off_t prev_size;
-  u_long prev_pag = 0;
-
-  char ccname[64] = "FILE:/opt/dcelocal/var/security/creds/";
- 
-  error_status_t st;
-  sec_login_handle_t lcontext = 0;
-  dce_error_string_t  err_string;
-  int lst;
-
-  DEEDEBUG2("k5dcesession looking for flags %8.8x\n",tflags);
-
-  dirp = opendir("/opt/dcelocal/var/security/creds/");
-  if (dirp == NULL) {
-	return 1;
-  }
-
-  while ( (direntp = readdir( dirp )) != NULL ) {
-
-/*  
- * (but root has the ffffffff which we are not interested in)
- */
-    if (!strncmp(direntp->d_name,"dcecred_",8)
-         && (strlen(direntp->d_name) == 16)) {
-
-      /* looks like a cache name, lets do the stat, etc */
-
-      strcpy(ccname+38,direntp->d_name);
-      if (!k5dcematch(luid, pname, ccname, &size, &xtgt))  {
-
-        /* its one of our caches, see if it is better  
-         * i.e. the endtime is farther, and if the endtimes
-         * are the same, take the larger, as he who has the 
-         * most tickets wins.
-         * it must also had the same set of flags at least
-         * i.e. if the forwarded TGT is forwardable, this one must 
-         * be as well.   
-         */
-
-        DEEDEBUG2("Cache:%s",direntp->d_name);
-        DEEDEBUG2(" size:%d",size);
-		DEEDEBUG2(" flags:%8.8x",xtgt->ticket_flags);
-		DEEDEBUG2(" %s",ctime((time_t *)&xtgt->times.endtime));
- 
-        if ((xtgt->ticket_flags & tflags) == tflags ) {
-          if (prev_name[0]) {
-            if (xtgt->times.endtime > prev_endtime) {
-              better = 1;
-            } else if ((xtgt->times.endtime = prev_endtime) 
-                  && (size > prev_size)){
-              better = 1;
-	        }
-          } else {   /* the first */
-            if (xtgt->times.endtime >= now) {
-            better = 1;
-	        }
-          }
-          if (better) {
-            strcpy(prev_name, direntp->d_name);
-	  	    prev_endtime = xtgt->times.endtime;
-            prev_size = size;
-            sscanf(prev_name+8,"%8X",&prev_pag);
-			*tgt = xtgt;
-            better = 0;
-          }
-        }
-      } 
-    }
-  }
-  (void)closedir( dirp );
-
-  if (!prev_name[0])  
-	 return 1; /* failed to find one */
-
-   DEEDEBUG2("Best: %s\n",prev_name);
-
-   if (ppag)
-      *ppag = prev_pag;
-
-   strcpy(ccname+38,prev_name);
-   setenv("KRB5CCNAME",ccname,1);
- 
-   return(0);
-}
-
-
-/*----------------------------------------------*/
-/* see if this cache is for this this principal */
-
-int k5dcematch(luid, pname, ccname, sizep, tgt) 
-  uid_t luid;
-  char *pname;
-  char *ccname;
-  off_t *sizep;  /* size of the file */
-  krb5_creds **tgt;
-{
-
-  krb5_ccache cache;
-  struct stat stbuf;
-  char ccdata[256];
-  int fd;
-  int status;
-
-  /* DEEDEBUG2("k5dcematch called: cache=%s\n",ccname+38); */
-
-  if (!strncmp(ccname,"FILE:",5)) {
-
-    strcpy(ccdata,ccname+5);
-    strcat(ccdata,".data");
-
-    /* DEEDEBUG2("Checking the .data file for %s\n",ccdata); */
-
-    if (stat(ccdata, &stbuf))
-      return(1);
- 
-    if (stbuf.st_uid != luid)
-      return(1);
-
-    if ((fd = open(ccdata,O_RDONLY)) == -1)
-      return(1);
-    
-    if ((read(fd,&status,4)) != 4) {
-      close(fd);
-      return(1);
-    }
-    
-    /* DEEDEBUG2(".data file status = %d\n", status); */
-
-    if (status != 5)
-     return(1);
-
-    if (stat(ccname+5, &stbuf))
-      return(1);
-
-    if (stbuf.st_uid != luid)
-      return(1);
-
-    *sizep = stbuf.st_size;
-  }
-
-  return(k5dcegettgt(&cache, ccname, pname, tgt));
-}
-
-
-/*----------------------------------------*/
-/* k5dcegettgt - get the tgt from a cache */
-
-int k5dcegettgt(pcache, ccname, pname, tgt)
-  krb5_ccache *pcache;
-  char *ccname;
-  char *pname;
-  krb5_creds **tgt;
-
-{
-  krb5_ccache cache;
-  krb5_cc_cursor cur;
-  krb5_creds creds;
-  int code;
-  int found = 1;
-  krb5_principal princ;
-  char *kusername;
-  krb5_flags flags;
-  char *sname, *realm, *tgtname = NULL;
-
-  /* Since DCE does not expose much of the Kerberos interface,
-   * we will have to use what we can. This means setting the 
-   * KRB5CCNAME for each file we want to test
-   * We will also not worry about freeing extra cache structures
-   * as this this routine is also not exposed, and this should not 
-   * effect this module. 
-   * We should also free the creds contents, but that is not exposed
-   * either. 
-   */
-
-  setenv("KRB5CCNAME",ccname,1);
-  cache = NULL;
-  *tgt = NULL;
-
-  if (code = krb5_cc_default(pcache)) {
-     com_err(progname, code, "while getting ccache");
-     goto return2;
-  }
-
-  DEEDEBUG("Got cache\n");
-  flags = 0;
-  if (code = krb5_cc_set_flags(*pcache, flags)) {
-    com_err(progname, code,"While setting flags"); 
-    goto return2;
-  }
-  DEEDEBUG("Set flags\n");
-  if (code = krb5_cc_get_principal(*pcache, &princ)) {
-	com_err(progname, code, "While getting princ");
-    goto return1;
-  }
-  DEEDEBUG("Got principal\n");
-  if (code = krb5_unparse_name(princ, &kusername)) {
-    com_err(progname, code, "While unparsing principal");
-    goto return1;
-  }
-
-  DEEDEBUG2("Unparsed to \"%s\"\n", kusername);
-  DEEDEBUG2("pname is \"%s\"\n", pname);
-  if (strcmp(kusername, pname)) {
-   DEEDEBUG("Principals not equal\n");
-   goto return1;
-  }
-  DEEDEBUG("Principals equal\n");
-
-  realm = strchr(pname,'@');
-  realm++;
-
-  if ((tgtname = malloc(9 + 2 * strlen(realm))) == 0) {
-       fprintf(stderr,"Malloc failed for tgtname\n");
-       goto return1;
-  }
-
-  strcpy(tgtname,"krbtgt/");
-  strcat(tgtname,realm);
-  strcat(tgtname,"@");
-  strcat(tgtname,realm);
- 
-  DEEDEBUG2("Getting tgt %s\n", tgtname);
-  if (code = krb5_cc_start_seq_get(*pcache, &cur)) {
-    com_err(progname, code, "while starting to retrieve tickets");
-    goto return1;
-  }
-
-  while (!(code = krb5_cc_next_cred(*pcache, &cur, &creds))) {
-    krb5_creds *cred = &creds;
-
-    if (code = krb5_unparse_name(cred->server, &sname)) {
-      com_err(progname, code, "while unparsing server name");
-      continue;
-    }
-
-    if (strncmp(sname, tgtname, strlen(tgtname)) == 0) {
-      DEEDEBUG("FOUND\n");
-      if (code = krb5_copy_creds(&creds, tgt)) {
-        com_err(progname, code, "while copying TGT");
-        goto return1;
-      }
-      found = 0;
-      break;
-    } 
-    /* we should do a krb5_free_cred_contents(creds); */
-  }
-
-  if (code = krb5_cc_end_seq_get(*pcache, &cur)) {
-    com_err(progname, code, "while finishing retrieval"); 
-    goto return2;
-  }
-
-return1:
-  flags = KRB5_TC_OPENCLOSE; 
-  krb5_cc_set_flags(*pcache, flags); /* force a close */
-   
-return2:
-  if (tgtname)
-    free(tgtname);
-
-  return(found);
-}
-
-
-/*------------------------------------------*/
-/* Convert a forwarded TGT to a DCE context */
-int k5dcecon(luid, luser, pname)
-  uid_t luid;
-  char *luser;
-  char *pname;
-{
-
-  krb5_creds *ftgt = NULL;
-  krb5_creds *tgt = NULL;
-  unsigned32 dfspag;
-  boolean32 reset_passwd = 0;
-  int lst;
-  dce_error_string_t  err_string;
-  char *shell_prog;
-  krb5_ccache fcache;
-  char *ccname;
-  char *kusername;
-  char *urealm;
-  char *cp;
-  int pag;
-  int code;
-  krb5_timestamp endtime;
-
-
-  /* If there is no cache to be converted, we should not be here */
-
-  if ((ccname = getenv("KRB5CCNAME")) == NULL) {
-    DEEDEBUG("No KRB5CCNAME\n");
-    return(1);
-  }
-
-  if (k5dcegettgt(&fcache, ccname, pname, &ftgt)) {
-    fprintf(stderr, "%s: Did not find TGT\n", progname);
-    return(1);
-  }
-
- 
-  DEEDEBUG2("flags=%x\n",ftgt->ticket_flags);
-  if (!(ftgt->ticket_flags & TKT_FLG_FORWARDABLE)){
-    fprintf(stderr,"Ticket not forwardable\n");
-    return(0); /* but OK to continue */
-  }
-
-  setenv("KRB5CCNAME","",1);
-    
-#define TKT_ACCEPTABLE (TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE \
-         | TKT_FLG_MAY_POSTDATE | TKT_FLG_RENEWABLE | TKT_FLG_HW_AUTH \
-         | TKT_FLG_PRE_AUTH)
-
-  if (!k5dcesession(luid, pname, &tgt, &pag, 
-        (ftgt->ticket_flags & TKT_ACCEPTABLE))) {
-    if (ftgt->times.endtime > tgt->times.endtime) {
-      DEEDEBUG("Updating existing cache\n"); 
-      return(k5dceupdate(&ftgt, pag));
-    } else {
-      DEEDEBUG("Using existing cache\n");
-      return(0); /* use the original one */
-    }
-  } 
-    /* see if the tgts match up */
-
-  if ((code = k5dcecreate(luid, luser, pname, &ftgt))) {
-	return (code);
-  }
-
-  /*
-   * Destroy the Kerberos5 cred cache file.
-   * but dont care aout the return code. 
-   */
-
-  DEEDEBUG("Destroying the old cache\n");
-  if ((code = krb5_cc_destroy(fcache))) {
-    com_err(progname, code, "while destroying Kerberos5 ccache");
-  }
-  return (0);
-}
-
-
-/*--------------------------------------------------*/
-/* k5dceupdate - update the cache with a new TGT    */
-/* Assumed that the KRB5CCNAME has been set         */
-
-int k5dceupdate(krbtgt, pag) 
-   krb5_creds **krbtgt;
-   int pag;
-{
- 
-  krb5_ccache ccache;
-  int code;
-
-  if (code = krb5_cc_default(&ccache)) {
-    com_err(progname, code, "while opening cache for update");
-    return(2);
-   }
-
-  if (code = ccache->ops->init(ccache,(*krbtgt)->client)) {
-    com_err(progname, code, "while reinitilizing cache");
-    return(3);
-  } 
-
-    /* krb5_cc_store_cred */
-  if (code = ccache->ops->store(ccache, *krbtgt)) {
-    com_err(progname, code, "while updating cache");
-    return(2);
-  }
-
-  sec_login_pag_new_tgt(pag, (*krbtgt)->times.endtime);
-  return(0);
-}
-/*--------------------------------------------------*/
-/* k5dcecreate - create a new DCE context           */
-
-int k5dcecreate(luid, luser, pname, krbtgt)
-   uid_t luid;
-   char *luser;
-   char *pname;
-   krb5_creds **krbtgt;
-{
-   
-    char *cp;
-    char *urealm;
-    char *username;
-    char *defrealm;
-    uid_t uid;
-
-    error_status_t st;
-    sec_login_handle_t lcontext = 0;
-    sec_login_auth_src_t auth_src = 0;
-    boolean32 reset_passwd = 0;
-    int lst;
-    dce_error_string_t  err_string;
-
-	setenv("KRB5CCNAME","",1); /* make sure it not misused */
-
-	uid = getuid();
-	DEEDEBUG2("uid=%d\n",uid);
-    
-	/* if run as root, change to user, so as to have the
-	 * cache created for the local user even if cross-cell
-	 * If run as a user, let standard file protection work.
-	 */
-
-	if (uid == 0) {
-		seteuid(luid);
-	}  
-
-	cp = strchr(pname,'@');
-	*cp = '\0';
-	urealm = ++cp;
-
- DEEDEBUG2("basename=%s\n",cp);
- DEEDEBUG2("realm=%s\n",urealm);
-
-    /* now build the username as a single string or a /.../cell/user
-     * if this is a cross cell
-     */
-
-	if ((username = malloc(7+strlen(pname)+strlen(urealm))) == 0) {
-         fprintf(stderr,"Malloc failed for username\n");
-         goto abort;
-    }
-    if (krb5_get_default_realm(&defrealm)) {
-        DEEDEBUG("krb5_get_default_realm failed\n");
-        goto abort;
-    }
-
-
-    if (!strcmp(urealm,defrealm)) {
-        strcpy(username,pname);
-    } else {
-        strcpy(username,"/.../");
-        strcat(username,urealm);
-        strcat(username,"/");
-        strcat(username,pname);
-    }
-
-    /*
-     * Setup a DCE login context
-     */
-
-    if (sec_login_setup_identity((unsigned_char_p_t)username, 
-				 (sec_login_external_tgt|sec_login_proxy_cred),
-				 &lcontext, &st)) {
-	/*
-	 * Add our TGT.
-	 */
-	  DEEDEBUG("Adding our new TGT\n");
-	  sec_login_krb5_add_cred(lcontext, *krbtgt, &st);
-	  if (st) {
-	    dce_error_inq_text(st, err_string, &lst);
-	    fprintf(stderr,
-				"Error while adding credentials for %s because %s\n", 
-				username, err_string);
-	    goto abort;
-	  }	
-	  DEEDEBUG("validating and certifying\n");
-	  /*
-	   * Now "validate" and certify the identity,
-	   *  usually we would pass a password here, but...
-	   * sec_login_valid_and_cert_ident
-	   * sec_login_validate_identity
-	   */
-
-	  if (sec_login_validate_identity(lcontext, 0, &reset_passwd,
-		 &auth_src, &st)) {
-	    DEEDEBUG2("validate_identity st=%d\n",st);
-	    if (st) {
-		  dce_error_inq_text(st, err_string, &lst);
-		  fprintf(stderr, "Validation error for %s because %s\n",
-				 username, err_string);
-		  goto abort;
-	    }
-		if (!sec_login_certify_identity(lcontext,&st)) {
-			dce_error_inq_text(st, err_string, &lst);
-			fprintf(stderr,
-			"Credentials not certified because %s\n",err_string);
-		}
-	    if (reset_passwd) {
-		 fprintf(stderr,
-                "Password must be changed for %s\n", username);
-	    }
-	    if (auth_src == sec_login_auth_src_local) {
-		fprintf(stderr,
-			 "Credentials obtained from local registry for %s\n", 
-			 username);
-	    }
-	    if (auth_src == sec_login_auth_src_overridden) {
-		  fprintf(stderr, "Validated %s from local override entry, no network credentials obtained\n", username);
-		  goto abort; 
-
-	    }
-	    /*
-	     * Actually create the cred files.
-	     */
-		DEEDEBUG("Ceating new cred files.\n");
-	    sec_login_set_context(lcontext, &st);
-	    if (st) {
-		  dce_error_inq_text(st, err_string, &lst);
-		  fprintf(stderr, 
-                "Unable to set context for %s because %s\n",
-		    username, err_string);
-		  goto abort;
-	    }
-
-        /*
-         * Now free up the local context and leave the 
-         * network context with its pag
-         */
-#if 0
-        sec_login_release_context(&lcontext, &st);
-        if (st) {
-          dce_error_inq_text(st, err_string, &lst);
-          fprintf(stderr,
-               "Unable to release context for %s because %s\n",
-            username, err_string);
-          goto abort;
-        }
-#endif
-	}
-	else {
-	  DEEDEBUG2("validate failed %d\n",st);
-	  dce_error_inq_text(st, err_string, &lst);
-	  fprintf(stderr,
-             "Unable to validate %s because %s\n", username, 
-			err_string);
-	  goto abort;
-	}
-  }
-  else {
-	dce_error_inq_text(st, err_string, &lst);
-	fprintf(stderr, 
-          "Unable to setup login entry for %s because %s\n",
-       username, err_string);
-	  goto abort;
-  }
-
- done:
-    /* if we were root, get back to root */
-
-    DEEDEBUG2("sec_login_inq_pag %8.8x\n",
-             sec_login_inq_pag(lcontext, &st));
-
-    if (uid == 0) {
-      seteuid(0);
-    }  
-
-	DEEDEBUG("completed\n");
-	return(0);
-
- abort:
-    if (uid == 0) {
-      seteuid(0);
-    }  
-
-    DEEDEBUG("Aborting\n");
-    return(2);
-}
-
-
-
-/*-------------------------------------------------*/
-main(argc, argv)
-  int argc;
-  char *argv[];
-{
-  int status;
-  extern int optind;
-  extern char *optarg;
-  int rv;
-
-  char *lusername = NULL;
-  char *pname = NULL;
-  int fflag = 0;
-  struct passwd *pw;
-  uid_t luid;
-  uid_t myuid;
-  char *ccname;
-  krb5_creds *tgt = NULL;
-
-#ifdef DEBUG
-  close(2);
-  open("/tmp/k5dce.debug",O_WRONLY|O_CREAT|O_APPEND, 0600);
-#endif
-
-  if (myuid = getuid()) {
-    DEEDEBUG2("UID = %d\n",myuid);
-    exit(33); /* must be root to run this, get out now */
-  }
-
-  while ((rv = getopt(argc,argv,"l:p:fs")) != -1) {
-    DEEDEBUG2("Arg = %c\n", rv);
-    switch(rv) {
-      case 'l':         /* user name */
-	lusername = optarg;
-	DEEDEBUG2("Optarg = %s\n", optarg);
-	break;
-      case 'p':         /* principal name */
-        pname = optarg; 
-	DEEDEBUG2("Optarg = %s\n", optarg);
-        break;
-      case 'f':         /* convert a forwarded TGT to a context */
-        fflag++;
-        break;
-      case 's':      /* old test parameter, ignore it */
-        break; 
-    }
-  }
-
-  setlocale(LC_ALL, "");
-  krb5_init_ets();
-  time(&now); /* set time to check expired tickets */
-
-  /* if lusername == NULL, Then user is passed as the USER= variable */ 
-
-  if (!lusername) {
-    lusername = getenv("USER");
-    if (!lusername) {
-      fprintf(stderr, "USER not in environment\n");
-      return(3);
-    }
-  }
-
-  if ((pw = getpwnam(lusername)) == NULL) {
-    fprintf(stderr, "Who are you?\n");
-    return(44);
-  }
-
-  luid = pw->pw_uid;
-
-  if (fflag) {  
-    status = k5dcecon(luid, lusername, pname); 
-  } else {
-    status = k5dcesession(luid, pname, &tgt, NULL, 0);
-  }
- 
-  if (!status) {
-    printf("%s",getenv("KRB5CCNAME")); /* return via stdout to caller */
-    DEEDEBUG2("KRB5CCNAME=%s\n",getenv("KRB5CCNAME"));
-  }
-
-  DEEDEBUG2("Returning status %d\n",status);
-  return (status);
-}
diff --git a/crypto/heimdal/appl/dceutils/testpag.c b/crypto/heimdal/appl/dceutils/testpag.c
deleted file mode 100644
index 4613fba5e94a..000000000000
--- a/crypto/heimdal/appl/dceutils/testpag.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* Test the k5dcepag routine by setting a pag, and 
- * and execing a shell under this pag. 
- * 
- * This allows you to join a PAG which was created  
- * earlier by some other means. 
- * for example k5dcecon
- * 
- * Must be run as root for testing only. 
- *
- */
-
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#define POSIX_SETJMP
-#define POSIX_SIGNALS
-
-#ifdef POSIX_SIGNALS
-typedef struct sigaction handler;
-#define handler_init(H,F)       (sigemptyset(&(H).sa_mask), \
-                     (H).sa_flags=0, \
-                     (H).sa_handler=(F))
-#define handler_swap(S,NEW,OLD)     sigaction(S, &NEW, &OLD)
-#define handler_set(S,OLD)      sigaction(S, &OLD, NULL)
-#else
-typedef sigtype (*handler)();
-#define handler_init(H,F)       ((H) = (F))
-#define handler_swap(S,NEW,OLD)     ((OLD) = signal ((S), (NEW)))
-
-#define handler_set(S,OLD)      (signal ((S), (OLD)))
-#endif
-
-typedef void sigtype;
-
-/*
- * We could include the dcedfs/syscall.h which should have these
- * numbers, but it has extra baggage. So for
- * simplicity sake now, we define these here.
- */
-
-
-#define AFSCALL_SETPAG 2
-#define AFSCALL_GETPAG 11
-
-#if defined(sun)
-#define AFS_SYSCALL  72
-
-#elif defined(hpux)
-/* assume HPUX 10 +  or is it 50 */
-#define AFS_SYSCALL 326
-
-#elif defined(_AIX)
-#define DPAGAIX "dpagaix"
-/* #define DPAGAIX "/krb5/sbin/dpagaix" */
-
-#elif defined(sgi) || defined(_sgi)
-#define AFS_SYSCALL  206+1000
-
-#else
-#define AFS_SYSCALL (Unknown_DFS_AFS_SYSCALL)
-#endif
-
-static sigjmp_buf setpag_buf;
-
-static sigtype mysig()
-{
-  siglongjmp(setpag_buf, 1);
-}
-
-
-int  krb5_dfs_newpag(new_pag)
-  int new_pag;
-{
-  handler sa1, osa1;
-  handler sa2, osa2;
-  int pag = -1;
-
-  handler_init (sa1, mysig);
-  handler_init (sa2, mysig);
-  handler_swap (SIGSYS, sa1, osa1);
-  handler_swap (SIGSEGV, sa2, osa2);
- 
-  if (sigsetjmp(setpag_buf, 1) == 0) {
-#if defined(_AIX)
-    int (*dpagaix)(int, int, int, int, int, int);
-
-    if (dpagaix = load(DPAGAIX, 0, 0)) 
-      pag = (*dpagaix)(AFSCALL_SETPAG, new_pag, 0, 0, 0, 0);
-#else
-    pag = syscall(AFS_SYSCALL,AFSCALL_SETPAG, new_pag, 0, 0, 0, 0);
-#endif
-    handler_set (SIGSYS, osa1);
-    handler_set (SIGSEGV, osa2);
-    return(pag);
-  }
-
-  fprintf(stderr,"Setpag failed with a system error\n");
-  /* syscall failed! return 0 */
-  handler_set (SIGSYS, osa1);
-  handler_set (SIGSEGV, osa2);
-  return(-1);
-}
-
-main(argc, argv)
-	int argc;
-	char *argv[];
-{
-  extern int optind;
-  extern char *optarg;
-  int rv;
-  int rc;
-  unsigned int pag;
-  unsigned int newpag = 0;
-  char ccname[256];
-  int nflag = 0;
-  
-  while((rv = getopt(argc,argv,"n:")) != -1) {
-    switch(rv) {
-     case 'n':
-       nflag++;
-       sscanf(optarg,"%8x",&newpag);
-       break;
-     default:
-       printf("Usage: k5dcepagt -n pag \n");
-       exit(1);
-    }
-  }
-
-  if (nflag) {
-    fprintf (stderr,"calling k5dcepag newpag=%8.8x\n",newpag);
-    pag = krb5_dfs_newpag(newpag);
-
-    fprintf (stderr,"PAG returned = %8.8x\n",pag);
-    if ((pag != 0) && (pag != -1)) {
-      sprintf (ccname,
-        "FILE:/opt/dcelocal/var/security/creds/dcecred_%8.8x", 
-        pag);
-      esetenv("KRB5CCNAME",ccname,1);
-      execl("/bin/csh","csh",0);
-    }
-    else {
-      fprintf(stderr," Not a good pag value\n");
-    }
-  }
-}
diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog
deleted file mode 100644
index 63abb9ec3424..000000000000
--- a/crypto/heimdal/appl/ftp/ChangeLog
+++ /dev/null
@@ -1,741 +0,0 @@
-2003-04-16  Love H�rnquist �strand <lha@it.su.se>
-
-	* ftpd/ftpd.c: make sure argument to is* functions are unsigned
-	
-2003-04-06  Love H�rnquist �strand <lha@it.su.se>
-
-	* ftpd/ftpd.8: s/kerberos/Kerberos/
-	
-2003-03-23  Assar Westerlund  <assar@kth.se>
-
-	* ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize
-
-2003-03-18  Love H�rnquist �strand <lha@it.su.se>
-
-	* ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag
-	(its done in main)
-
-	* ftpd/gss_userok.c: drop setpag
-	
-	* ftpd/ftpd.c (main): set afs PAG
-
-	* ftpd/gss_userok.c: always try krb5_afslog, and while here do a
-	setpag too
-
-	* ftpd/ftpd_locl.h: always include kafs
-	
-2003-03-16  Love H�rnquist �strand <lha@it.su.se>
-
-	* ftp/gssapi.c (gss_adat): now that gss_export_name exports a
-	principal, bandaid with gss_display_name, and check that oid is
-	GSS_KRB5_NT_PRINCIPAL_NAME, also free memory
-	
-2003-02-25  Love H�rnquist �strand <lha@it.su.se>
-
-	* ftp/gssapi.c (gss_auth): print out the name we authenticated too
-	
-2003-02-25  Love H�rnquist �strand <lha@it.su.se>
-
-	* ftpd/ls.c: use readlink with bufsize - 1, From NetBSD
-
-	* ftp/ftp.1: s/utilizes/uses/ from NetBSD
-	
-	* ftpd/ftpd.8: s/utilize/use/ from NetBSD
-	
-2003-02-10  Assar Westerlund  <assar@kth.se>
-
-	* ftpd/ftpd.c (accept_with_timeout): use socklen_t
-
-2002-10-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/main.c: reinstate -n flag (from Torbj�rn Granlund)
-
-2002-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c: fix parsing of epsv ports (from Love)
-
-2002-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/security.c (sec_vfprintf): free encoded data
-
-	* ftp/gssapi.c (gss_decode): release buffer
-
-	* ftp/ftp.c (active_mode): no need to allocate buffer for EPRT
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD)
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* ftp/main.c: start using getarg
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: uxp/v lacks _S_IFMT, but has S_IFMT
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c: remove unused variable
-
-2002-04-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c: fix buffer overrun when receiving long replies
-
-2002-04-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/popen.c: make sure gl_pathc != 0 before referencing
-	gl_pathv
-
-2002-03-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c (gss_adat): if accept_sec_context fails, syslog a
-	reason and give a temporary error message
-
-2002-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: if builtin_ls failes, return error
-
-	* ftpd/ls.c (builtin_ls): return status; also don't print fatal
-	error messages to the output stream, instead use syslog
-
-2001-09-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: make sure we don't include . in recursive listings
-
-2001-09-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (dataconn): don't wait forever on accept
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* ftp/gssapi.c (gss_adat): leak less memory and check return value
-	from asprintf
-
-2001-08-28  Jacques Vidrine <n@nectar.com>
-
-	* ftpd/ftpd.c, ftpd/ftpd.8: On systems with IP_PORTRANGE, have
-	  ftpd use `high-numbered' ports by default.  Add a -U option
-	  to get the old behavior.
-
-2001-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/gssapi.c: try using "host" if there's no "ftp" principal
-
-2001-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: implement -R
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c: make -a and -A do the same as in ls(1)
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: add some (unsigned char) casts to is*
-	* ftp/cmds.c: add some (unsigned char) casts to is*
-	* ftpd/gss_userok.c (gss_userok): make argument to printf type
-	correct
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* ftp/cmds.c (setpeer): __NetBSD__ is also a unix-like OS
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/popen.c, ftpd/ftpd.c: try to handle GLOB_MAXPATH (FreeBSD)
-
-2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (do_store): call closefunc before claiming that
-	everything went ok, if the close fails the file might not have
-	been stored properly
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c, ftpd/popen.c: always use GLOB_LIMIT
-	* ftpd/popen.c (ftpd_popen): use GLOB_LIMIT if defined
-	* ftpd/ftpd.c (send_file_list): use GLOB_LIMIT if defined
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* ftp/cmds.c (setpeer): handle both service names and port numbers
-	for the second optional argument.  also make parsing more robust
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (sec_end): only clean app_data if there is any
-	(*): do realloc consistently
-
-2001-02-05  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/popen.c (ftpd_popen): avoid overwriting the bounds of argv
-	and gargv
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/gss_userok.c: use gss_krb5_copy_ccache
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/Makefile.am: move up LIB_otp so we do not end up picking
- 	one from /usr/athena
-
-2001-01-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: fix bug in previous; make it easier to build test
-	version
-
-2001-01-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c (lstat_file): handle case where file lives in `/'
-
-2001-01-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (pasv): close already open passive port
-
-2000-12-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ls.c: reverse time and size sort order (pointed out by
-	tege)
-
-2000-12-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: make it possible to set list of good filename
-	characters from command line
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: some spec-violating mirror software assumes that
-	you can do things like `LIST -CF'; don't pass `--' to ls so this
-	actually works
-
-	* ftpd/ls.c: implement -1CFx flags
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/gss_userok.c (gss_userok): handle getpwnam failing
-	* ftp/gssapi.c (gss_auth): be more explicit in error message
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.8: close list
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* ftp/main.c: add `-l' for no line-editing
-	* ftp/globals.c (readline): add
-	* ftp/ftp_var.h (lineedit): add variable indicated if we should
-	use readline
-
-2000-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/security.c (sec_read): fix bug in previous (from Jacques A.
-	Vidrine <n@nectar.com>)
-
-2000-11-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: only allow pasv if logged in
-
-2000-10-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: change bad filename message slightly
-
-	* common/buffer.c: HAVE_ST_BLKSIZE -> HAVE_STRUCT_STAT_ST_BLKSIZE
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (*): check that fds are not too large to select on
-	* ftp/main.c (cmdscanner): print a newline upon EOF
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.h: add some attributes to prototypes of sec*
-	* ftp/extern.h (command): add attributes
-
-2000-08-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: change redundant password message to something
-	people can understand
-
-2000-07-27  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/gss_userok.c (gss_userok): only do AFS iff KRB4
-	* ftpd/ftpd.c (krb5_verify): only do AFS stuff if KRB4
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c: do not call setproctitle with a variable as the
-	format string
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd_locl.h: krb5.h before kafs.h
-	* ftpd/ftpd.c (krb5_verify): static-ize
-	* ftpd/ftpd.c (krb5_verify): conditionalize on KRB5
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* ftpd: support for authenticating passwords with krb5, by Daniel
-	Kouril <kouril@ics.muni.cz>
-
-2000-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: change unix test to be negative
-	
-2000-05-18  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (args): should use `debug'.  From Onno van der
-	Linden <onno@simplex.nl>.
-
-2000-04-25  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (login): re-structure code so that we prompt for
-	password for ftp/anonymous
-
-2000-04-11  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (login): initialize tmp before calling fgets
-
-2000-04-02  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c: rename all st_mtime variables to avoid conflict with
-	#define.
-	* ftpd/ftpcmd.y: rename all st_mtime variables to avoid conflict
-	with #define.
-	* ftp/cmds.c: rename all st_mtime variables to avoid conflict with
-	#define.
-
-2000-03-26  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
-	time, ctime, and gmtime with `time_t's.  there were some types
-	(like in lastlog) that we believed to always be time_t.  this has
-	proven wrong on Solaris 8 in 64-bit mode, where they are stored as
-	32-bit quantities but time_t has gone up to 64 bits
-
-2000-03-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* call list_file for broken usages of nlst too
-
-	* ftpd/ftpd.c: call list_file for broken usages of nlst too
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (sec_read): more paranoia with return value from
-	sec_get_data
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (hookup): handle ai_canonname being set in any of the
-	addresses returnedby getaddrinfo.  glibc apparently returns the
-	reverse lookup of every address in ai_canonname.
-	* ftp/ruserpass.c (guess_domain): dito
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c: don't use sa_len as a parameter, it's defined on
- 	Irix
-
-1999-12-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (dataconn): make sure from points to actual data
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ruserpass.c (guess_domain): handle ai_canonname not being
-	set
-	* ftp/ftp.c (hookup): handle ai_canonname not being set
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* ftp/krb4.c (krb4_auth): the nat-IP address might not be realm
-	bounded.
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (dolog): update prototype
-	* ftpd/ftpd.c (dolog): use getnameinfo_verified
-	* ftpd/ftpd.c: replace inaddr2str by getnameinfo
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ruserpass.c (guess_domain): re-write to use getaddrinfo
-	* ftp/ftp.c (hookup): re-write to use getaddrinfo
-	
-1999-11-30  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
- 	the outgoing connections.  It has to be `ftp-data' or some people
- 	might get upset.
-
-	* ftpd/ftpd.c (args): set correct variable when `-l' so that
- 	logging actually works
-
-1999-11-29  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (sec_login): check return value from realloc
-	(sec_end): set app_data to NULL
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* ftp/krb4.c (krb4_auth): obtain the `local' address when doing
-	NAT.  also turn on passive mode.  From <thn@stacken.kth.se>
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (make_fileinfo): cast to allow for non-const
- 	prototypes of readlink
-
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (args): use arg_counter for `l'
-	
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (S_ISSOCK, S_ISLNK): fallback definitions for systems
- 	that don't have them (such as ultrix)
-
-1999-10-29  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (make_fileinfo): cast uid's and gid's to unsigned in
- 	printf, we don't know what types they might be.
-	(lstat_file): conditionalize the kafs part on KRB4
-
-	* ftpd/ftpd_locl.h: <sys/ioccom.h> is needed for kafs.h
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c (lstat_file): don't set st_mode, it should already be
- 	correct
-
-	* ftpd/ls.c: don't use warnx to print errors
-
-	* ftpd/ls.c (builtin_ls): fix typo, 'd' shouldn't imply 'f'
-
-	* ftpd/ls.c (lstat_file): new function for avoiding stating AFS
- 	mount points.  From Love <lha@s3.kth.se>
-	(list_files): use `lstat_file'
-
-	* ftpd/ftpd.c: some const-poisoning
-
-	* ftpd/ftpd.c (args): add `-B' as an alias for `--builtin-ls' to
- 	allow for stupid inetds that only support two arguments.  From
- 	Love <lha@s3.kth.se>
-
-1999-10-26  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y (help): it's unnecessary to interpret help strings
- 	as printf commands
-
-	* ftpd/ftpd.c (show_issue): don't interpret contents of
- 	/etc/issue* as printf commands.  From Brian A May
- 	<bmay@dgs.monash.edu.au>
-
-1999-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/kauth.c (kauth): complain if protection level isn't
-	`private'
-
-	* ftp/krb4.c (krb4_decode): syslog failure reason
-
-	* ftp/kauth.c (kauth): set private level earlier
-
-	* ftp/security.c: get_command_prot; (sec_prot): partially match
-	`command' and `data'
-
-1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c: change `-l' flag to use arg_collect (this makes
-	`-ll' work again)
-
-	* ftpd/ftpd.c (list_file): pass filename to ls
-
-1999-10-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: FEAT
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ls.c: fall-back definitions for constans and casts for
- 	printfs
-
-1999-10-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (main): make this use getarg; add `list_file'
-
-	* ftpd/ftpcmd.y (LIST): call list_file
-
-	* ftpd/ls.c: add simple built-in ls
-
-	* ftp/security.c: add `sec_vfprintf2' and `sec_fprintf2' that
-	prints to the data stream
-
-	* ftp/kauth.c (kauth): make sure we're using private protection
-	level
-
-	* ftp/security.c (set_command_prot): set command protection level
-
-	* ftp/security.c: make it possible to set the command protection
-	level with `prot'
-
-1999-09-30  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd_locl.h: add prototype for fclose to make sunos happy
-
-1999-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpd.c (do_login): show issue-file
-	(send_data): change handling of zero-byte files
-
-1999-08-18  Assar Westerlund  <assar@sics.se>
-
-	* ftp/cmds.c (getit): be more suspicious when parsing the result
- 	of MDTM.  Do the comparison of timestamps correctly.
-
-1999-08-13  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (send_data): avoid calling mmap with `len == 0'.
-  	Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
- 	get grumpy later.
-
-	* ftp/ftp.c (copy_stream): avoid calling mmap with `len == 0'.
-  	Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
- 	get grumpy later.
-
-1999-08-03  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (active_mode): hide failure of EPRT by setting verbose
-
-	* ftp/gssapi.c (gss_auth): initialize application_data in bindings
-
-1999-08-02  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: save file names when doing commands that might
- 	get aborted (and longjmp:ed out of) to avoid overwriting them also
- 	remove extra closing brace
-
-1999-08-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftpd/ftpcmd.y: change `site find' to `site locate' (to match
-	what it does, and other implementations) keep find as an alias
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* common/socket.c: moved to roken
-
-	* common/socket.c: new file with generic socket functions
-
-	* ftpd/ftpd.c: make it more AF-neutral and v6-capable
-
-	* ftpd/ftpcmd.y: add EPRT and EPSV
-
-	* ftpd/extern.h: update prototypes and variables
-
-	* ftp/krb4.c: update to new types of addresses
-
-	* ftp/gssapi.c: add support for both AF_INET and AF_INET6
- 	addresses
-
-	* ftp/ftp.c: make it more AF-neutral and v6-capable
-
-	* ftp/extern.h (hookup): change prototype
-
-	* common/common.h: add prototypes for functions in socket.c
-
-	* common/Makefile.am (libcommon_a_SOURCES): add socket.c
-
-	* ftp/gssapi.c (gss_auth): check return value from
- 	`gss_import_name' and print error messages if it fails
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* ftp/krb4.c (krb4_auth): type correctness
-
-1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ftp/ftp.c (sendrequest): lmode != rmode
-	
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* ftp/extern.h (sendrequest): update prototype
-
-	* ftp/cmds.c: update calls to sendrequest and recvrequest to send
- 	"b" when appropriate
-
-	* ftp/ftp.c (sendrequest): add argument for mode to open file in.
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: rename getline -> ftpd_getline
-
-	* ftp/main.c (makeargv): fill in unused slots with NULL
-
-Thu Apr  8 15:06:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/ftpd.c: remove definition of KRB_VERIFY_USER (moved to
- 	config.h)
-
-Wed Apr  7 16:15:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftp/gssapi.c (gss_auth): call gss_display_status to get a sane
- 	error message; return AUTH_{CONTINUE,ERROR}, where appropriate
-
-	* ftp/krb4.c: return AUTH_{CONTINUE,ERROR}, where appropriate
-
-	* ftp/security.c (sec_login): if mechanism returns AUTH_CONTINUE,
- 	just continue with the next mechanism, this fixes the case of
- 	having GSSAPI fail because of non-existant of expired tickets
-
-	* ftp/security.h: add AUTH_{OK,CONTINUE,ERROR}
-
-Thu Apr  1 16:59:04 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/Makefile.am: don't run check-local
-
-	* ftp/Makefile.am: don't run check-local
-
-Mon Mar 22 22:15:18 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (pass): fall-back for KRB_VERIFY_SECURE
-
-	* ftpd/ftpd.c (pass): 1 -> KRB_VERIFY_SECURE
-
-Thu Mar 18 12:07:09 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/Makefile.am: clean ftpcmd.c
-
-	* ftpd/ftpd_locl.h: remove krb5.h (breaks in ftpcmd.y)
-
-	* ftpd/ftpd.c: move include of krb5.h here
-
-	* ftpd/Makefile.am: include Makefile.am.common
-
-	* Makefile.am: include Makefile.am.common
-
-	* ftp/Makefile.am: include Makefile.am.common
-
-	* common/Makefile.am: include Makefile.am.common
-
-Tue Mar 16 22:28:37 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd_locl.h: add krb5.h to get heimdal_version
-
-	* ftpd/ftpd.c: krb_verify_user_multiple -> krb_verify_user
-
-Thu Mar 11 14:54:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftp/Makefile.in: WFLAGS
-
-	* ftp/ruserpass.c: add some if-braces
-
-Wed Mar 10 20:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/ftpd_locl.h: remove ifdef HAVE_FNMATCH
-
-Mon Mar  8 21:29:24 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/ftpd.c: re-add version in greeting message
-
-Mon Mar  1 10:49:38 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/logwtmp.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
-Mon Feb 22 19:20:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* common/Makefile.in: remove glob
-
-Sat Feb 13 17:19:35 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (match): remove #ifdef HAVE_FNMATCH.  We have a
- 	fnmatch implementation in roken and therefore always have it.
-
-	* ftp/ftp.c (copy_stream): initialize `werr'
-
-Wed Jan 13 23:52:57 1999  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpcmd.y: moved all check_login and check_login_no_guest to
- 	the end of the rules to ensure we don't generate several
- 	(independent) error messages.  once again, having a yacc-grammar
- 	for FTP with embedded actions doesn't strike me as the most
- 	optimal way of doing it.
-
-Tue Dec  1 14:44:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* ftpd/Makefile.am: link with extra libs for aix
-
-Sun Nov 22 10:28:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/ftpd.c (retrying): support on-the-fly decompression
-
-	* ftpd/Makefile.in (WFLAGS): set
-
-	* ftp/ruserpass.c (guess_domain): new function
-	(ruserpass): use it
-
-	* common/Makefile.in (WFLAGS): set
-
-	* Makefile.in (WFLAGS): set
-
-Sat Nov 21 23:13:03 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c: some more type correctness.
-
-	* ftp/gssapi.c (gss_adat): more braces to shut up warnings
-
-Wed Nov 18 21:47:55 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/main.c (main): new option `-p' for enable passive mode.
-
-Mon Nov  2 01:57:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c (getreply): remove extra `break'
-
-	* ftp/gssapi.c (gss_auth): fixo typo(copyo?)
-
-	* ftp/security.c (sec_login): fix loop and return value
-
-Tue Sep  1 16:56:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/cmds.c (quote1): fix % quoting bug
-
-Fri Aug 14 17:10:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/krb4.c: krb_put_int -> KRB_PUT_INT
-
-Tue Jun 30 18:07:15 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/security.c (auth): free `app_data'
-	(sec_end): only destroy if it was initialized
-
-Tue Jun  9 21:01:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/krb4.c: pass client address to krb_rd_req
-
-Sat May 16 00:02:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftpd/Makefile.am: link with DBLIB
-
-Tue May 12 14:15:32 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/gssapi.c: Save client name for userok().
-
-	* ftpd/gss_userok.c: Userok for gssapi.
-
-Fri May  1 07:15:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* ftp/ftp.c: unifdef -DHAVE_H_ERRNO
-
-Fri Mar 27 00:46:07 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Make compile w/o krb4.
-
-Thu Mar 26 03:49:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* ftp/*, ftpd/*: Changes for new framework.
-
-	* ftp/gssapi.c: GSS-API backend for the new security framework.
-
-	* ftp/krb4.c: Updated for new framework.
-
-	* ftp/security.{c,h}: New unified security framework.
diff --git a/crypto/heimdal/appl/ftp/Makefile b/crypto/heimdal/appl/ftp/Makefile
deleted file mode 100644
index 0051ebabad5c..000000000000
--- a/crypto/heimdal/appl/ftp/Makefile
+++ /dev/null
@@ -1,605 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/ftp/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = common ftp ftpd
-subdir = appl/ftp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-DIST_SUBDIRS = $(SUBDIRS)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-local \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/Makefile.am b/crypto/heimdal/appl/ftp/Makefile.am
deleted file mode 100644
index f8831a308d03..000000000000
--- a/crypto/heimdal/appl/ftp/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = common ftp ftpd
diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in
deleted file mode 100644
index 987bb1dc6b54..000000000000
--- a/crypto/heimdal/appl/ftp/Makefile.in
+++ /dev/null
@@ -1,607 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = common ftp ftpd
-subdir = appl/ftp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-DIST_SUBDIRS = $(SUBDIRS)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-recursive \
-	install-exec install-exec-am install-exec-recursive \
-	install-info install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
-	uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/Makefile b/crypto/heimdal/appl/ftp/common/Makefile
deleted file mode 100644
index 9a52cb9873c5..000000000000
--- a/crypto/heimdal/appl/ftp/common/Makefile
+++ /dev/null
@@ -1,566 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/ftp/common/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) 
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_LIBRARIES = libcommon.a
-
-libcommon_a_SOURCES = \
-	sockbuf.c \
-	buffer.c \
-	common.h
-
-subdir = appl/ftp/common
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(noinst_LIBRARIES)
-
-libcommon_a_AR = $(AR) cru
-libcommon_a_LIBADD =
-am_libcommon_a_OBJECTS = sockbuf.$(OBJEXT) buffer.$(OBJEXT)
-libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libcommon_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(libcommon_a_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/common/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-AR = ar
-
-clean-noinstLIBRARIES:
-	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
-libcommon.a: $(libcommon_a_OBJECTS) $(libcommon_a_DEPENDENCIES) 
-	-rm -f libcommon.a
-	$(libcommon_a_AR) libcommon.a $(libcommon_a_OBJECTS) $(libcommon_a_LIBADD)
-	$(RANLIB) libcommon.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstLIBRARIES distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.am b/crypto/heimdal/appl/ftp/common/Makefile.am
deleted file mode 100644
index 4fab07b9a1ae..000000000000
--- a/crypto/heimdal/appl/ftp/common/Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
-# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) 
-
-noinst_LIBRARIES = libcommon.a
-
-libcommon_a_SOURCES = \
-	sockbuf.c \
-	buffer.c \
-	common.h
diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in
deleted file mode 100644
index 78958a196441..000000000000
--- a/crypto/heimdal/appl/ftp/common/Makefile.in
+++ /dev/null
@@ -1,567 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) 
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_LIBRARIES = libcommon.a
-
-libcommon_a_SOURCES = \
-	sockbuf.c \
-	buffer.c \
-	common.h
-
-subdir = appl/ftp/common
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(noinst_LIBRARIES)
-
-libcommon_a_AR = $(AR) cru
-libcommon_a_LIBADD =
-am_libcommon_a_OBJECTS = sockbuf.$(OBJEXT) buffer.$(OBJEXT)
-libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libcommon_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(libcommon_a_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/common/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-AR = ar
-
-clean-noinstLIBRARIES:
-	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
-libcommon.a: $(libcommon_a_OBJECTS) $(libcommon_a_DEPENDENCIES) 
-	-rm -f libcommon.a
-	$(libcommon_a_AR) libcommon.a $(libcommon_a_OBJECTS) $(libcommon_a_LIBADD)
-	$(RANLIB) libcommon.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstLIBRARIES distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/common/buffer.c b/crypto/heimdal/appl/ftp/common/buffer.c
deleted file mode 100644
index ba7773b60428..000000000000
--- a/crypto/heimdal/appl/ftp/common/buffer.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "common.h"
-#include <stdio.h>
-#include <err.h>
-#include "roken.h"
-
-RCSID("$Id: buffer.c,v 1.4 2000/10/23 04:49:25 joda Exp $");
-
-/*
- * Allocate a buffer enough to handle st->st_blksize, if
- * there is such a field, otherwise BUFSIZ.
- */
-
-void *
-alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
-{
-    size_t new_sz;
-
-    new_sz = BUFSIZ;
-#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
-    if (st)
-	new_sz = max(BUFSIZ, st->st_blksize);
-#endif
-    if(new_sz > *sz) {
-	if (oldbuf)
-	    free (oldbuf);
-	oldbuf = malloc (new_sz);
-	if (oldbuf == NULL) {
-	    warn ("malloc");
-	    *sz = 0;
-	    return NULL;
-	}
-	*sz = new_sz;
-    }
-    return oldbuf;
-}
-
diff --git a/crypto/heimdal/appl/ftp/common/common.h b/crypto/heimdal/appl/ftp/common/common.h
deleted file mode 100644
index 5949b25d7bf9..000000000000
--- a/crypto/heimdal/appl/ftp/common/common.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: common.h,v 1.12 1999/12/02 16:58:29 joda Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifndef __COMMON_H__
-#define __COMMON_H__
-
-#include "base64.h"
-
-void set_buffer_size(int, int);
-
-#include <stdlib.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
-
-#endif /* __COMMON_H__ */
diff --git a/crypto/heimdal/appl/ftp/common/sockbuf.c b/crypto/heimdal/appl/ftp/common/sockbuf.c
deleted file mode 100644
index 460cc6fbf554..000000000000
--- a/crypto/heimdal/appl/ftp/common/sockbuf.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "common.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-RCSID("$Id: sockbuf.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
-
-void
-set_buffer_size(int fd, int read)
-{
-#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT)
-    size_t size = 4194304;
-    while(size >= 131072 && 
-	  setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, 
-		     (void *)&size, sizeof(size)) < 0)
-	size /= 2;
-#endif
-}
-
-
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile b/crypto/heimdal/appl/ftp/ftp/Makefile
deleted file mode 100644
index 8646d33b045f..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/Makefile
+++ /dev/null
@@ -1,678 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/ftp/ftp/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.15 2001/08/28 08:31:21 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = ftp
-
-CHECK_LOCAL = 
-
-#krb4_sources = krb4.c kauth.c
-krb5_sources = gssapi.c
-
-ftp_SOURCES = \
-	cmds.c \
-	cmdtab.c \
-	extern.h \
-	ftp.c \
-	ftp_locl.h \
-	ftp_var.h \
-	main.c \
-	pathnames.h \
-	ruserpass.c \
-	domacro.c \
-	globals.c \
-	security.c \
-	security.h \
-	$(krb4_sources) \
-	$(krb5_sources)
-
-
-EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
-
-man_MANS = ftp.1
-
-LDADD = \
-	../common/libcommon.a \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_readline)
-
-subdir = appl/ftp/ftp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = ftp$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-#am__objects_1 = krb4.$(OBJEXT) kauth.$(OBJEXT)
-am__objects_2 = gssapi.$(OBJEXT)
-am_ftp_OBJECTS = cmds.$(OBJEXT) cmdtab.$(OBJEXT) ftp.$(OBJEXT) \
-	main.$(OBJEXT) ruserpass.$(OBJEXT) domacro.$(OBJEXT) \
-	globals.$(OBJEXT) security.$(OBJEXT) $(am__objects_1) \
-	$(am__objects_2)
-ftp_OBJECTS = $(am_ftp_OBJECTS)
-ftp_LDADD = $(LDADD)
-ftp_DEPENDENCIES = ../common/libcommon.a \
-	$(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#ftp_DEPENDENCIES = ../common/libcommon.a
-ftp_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/ftp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ftp$(EXEEXT): $(ftp_OBJECTS) $(ftp_DEPENDENCIES) 
-	@rm -f ftp$(EXEEXT)
-	$(LINK) $(ftp_LDFLAGS) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.am b/crypto/heimdal/appl/ftp/ftp/Makefile.am
deleted file mode 100644
index 9f4927dd969f..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.am
+++ /dev/null
@@ -1,46 +0,0 @@
-# $Id: Makefile.am,v 1.15 2001/08/28 08:31:21 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des)
-
-bin_PROGRAMS = ftp
-
-CHECK_LOCAL = 
-
-if KRB4
-krb4_sources = krb4.c kauth.c
-endif
-if KRB5
-krb5_sources = gssapi.c
-endif
-
-ftp_SOURCES = \
-	cmds.c \
-	cmdtab.c \
-	extern.h \
-	ftp.c \
-	ftp_locl.h \
-	ftp_var.h \
-	main.c \
-	pathnames.h \
-	ruserpass.c \
-	domacro.c \
-	globals.c \
-	security.c \
-	security.h \
-	$(krb4_sources) \
-	$(krb5_sources)
-
-EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
-
-man_MANS = ftp.1
-
-LDADD = \
-	../common/libcommon.a \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_readline)
diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in
deleted file mode 100644
index 363332d49074..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/Makefile.in
+++ /dev/null
@@ -1,674 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.15 2001/08/28 08:31:21 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = ftp
-
-CHECK_LOCAL = 
-
-@KRB4_TRUE@krb4_sources = krb4.c kauth.c
-@KRB5_TRUE@krb5_sources = gssapi.c
-
-ftp_SOURCES = \
-	cmds.c \
-	cmdtab.c \
-	extern.h \
-	ftp.c \
-	ftp_locl.h \
-	ftp_var.h \
-	main.c \
-	pathnames.h \
-	ruserpass.c \
-	domacro.c \
-	globals.c \
-	security.c \
-	security.h \
-	$(krb4_sources) \
-	$(krb5_sources)
-
-
-EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
-
-man_MANS = ftp.1
-
-LDADD = \
-	../common/libcommon.a \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_readline)
-
-subdir = appl/ftp/ftp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = ftp$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) kauth.$(OBJEXT)
-@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT)
-am_ftp_OBJECTS = cmds.$(OBJEXT) cmdtab.$(OBJEXT) ftp.$(OBJEXT) \
-	main.$(OBJEXT) ruserpass.$(OBJEXT) domacro.$(OBJEXT) \
-	globals.$(OBJEXT) security.$(OBJEXT) $(am__objects_1) \
-	$(am__objects_2)
-ftp_OBJECTS = $(am_ftp_OBJECTS)
-ftp_LDADD = $(LDADD)
-@KRB5_TRUE@ftp_DEPENDENCIES = ../common/libcommon.a \
-@KRB5_TRUE@	$(top_builddir)/lib/gssapi/libgssapi.la \
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB5_FALSE@ftp_DEPENDENCIES = ../common/libcommon.a
-ftp_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/ftp/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-ftp$(EXEEXT): $(ftp_OBJECTS) $(ftp_DEPENDENCIES) 
-	@rm -f ftp$(EXEEXT)
-	$(LINK) $(ftp_LDFLAGS) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-man1 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftp/cmds.c b/crypto/heimdal/appl/ftp/ftp/cmds.c
deleted file mode 100644
index a7928eb83060..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/cmds.c
+++ /dev/null
@@ -1,2127 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * FTP User Program -- Command Routines.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: cmds.c,v 1.44 2001/08/05 06:39:14 assar Exp $");
-
-typedef void (*sighand)(int);
-
-jmp_buf	jabort;
-char   *mname;
-char   *home = "/";
-
-/*
- * `Another' gets another argument, and stores the new argc and argv.
- * It reverts to the top level (via main.c's intr()) on EOF/error.
- *
- * Returns false if no new arguments have been added.
- */
-int
-another(int *pargc, char ***pargv, char *prompt)
-{
-	int len = strlen(line), ret;
-
-	if (len >= sizeof(line) - 3) {
-		printf("sorry, arguments too long\n");
-		intr(0);
-	}
-	printf("(%s) ", prompt);
-	line[len++] = ' ';
-	if (fgets(&line[len], sizeof(line) - len, stdin) == NULL)
-		intr(0);
-	len += strlen(&line[len]);
-	if (len > 0 && line[len - 1] == '\n')
-		line[len - 1] = '\0';
-	makeargv();
-	ret = margc > *pargc;
-	*pargc = margc;
-	*pargv = margv;
-	return (ret);
-}
-
-/*
- * Connect to peer server and
- * auto-login, if possible.
- */
-void
-setpeer(int argc, char **argv)
-{
-	char *host;
-	u_short port;
-	struct servent *sp;
-
-	if (connected) {
-		printf("Already connected to %s, use close first.\n",
-			hostname);
-		code = -1;
-		return;
-	}
-	if (argc < 2)
-		another(&argc, &argv, "to");
-	if (argc < 2 || argc > 3) {
-		printf("usage: %s host-name [port]\n", argv[0]);
-		code = -1;
-		return;
-	}
-	sp = getservbyname("ftp", "tcp");
-	if (sp == NULL)
-		errx(1, "You bastard. You removed ftp/tcp from services");
-	port = sp->s_port;
-	if (argc > 2) {
-		sp = getservbyname(argv[2], "tcp");
-		if (sp != NULL) {
-			port = sp->s_port;
-		} else {
-			char *ep;
-
-			port = strtol(argv[2], &ep, 0);
-			if (argv[2] == ep) {
-				printf("%s: bad port number-- %s\n",
-				       argv[1], argv[2]);
-				printf ("usage: %s host-name [port]\n",
-					argv[0]);
-				code = -1;
-				return;
-			}
-			port = htons(port);
-		}
-	}
-	host = hookup(argv[1], port);
-	if (host) {
-		int overbose;
-
-		connected = 1;
-		/*
-		 * Set up defaults for FTP.
-		 */
-		strlcpy(typename, "ascii", sizeof(typename));
-		type = TYPE_A;
-		curtype = TYPE_A;
-		strlcpy(formname, "non-print", sizeof(formname));
-		form = FORM_N;
-		strlcpy(modename, "stream", sizeof(modename));
-		mode = MODE_S;
-		strlcpy(structname, "file", sizeof(structname));
-		stru = STRU_F;
-		strlcpy(bytename, "8", sizeof(bytename));
-		bytesize = 8;
-		if (autologin)
-			login(argv[1]);
-
-#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) || defined(__NetBSD__)) && NBBY == 8
-/*
- * this ifdef is to keep someone form "porting" this to an incompatible
- * system and not checking this out. This way they have to think about it.
- */
-		overbose = verbose;
-		if (debug == 0)
-			verbose = -1;
-		if (command("SYST") == COMPLETE && overbose) {
-			char *cp, c;
-			cp = strchr(reply_string+4, ' ');
-			if (cp == NULL)
-				cp = strchr(reply_string+4, '\r');
-			if (cp) {
-				if (cp[-1] == '.')
-					cp--;
-				c = *cp;
-				*cp = '\0';
-			}
-
-			printf("Remote system type is %s.\n",
-				reply_string+4);
-			if (cp)
-				*cp = c;
-		}
-		if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
-			if (proxy)
-				unix_proxy = 1;
-			else
-				unix_server = 1;
-			/*
-			 * Set type to 0 (not specified by user),
-			 * meaning binary by default, but don't bother
-			 * telling server.  We can use binary
-			 * for text files unless changed by the user.
-			 */
-			type = 0;
-			strlcpy(typename, "binary", sizeof(typename));
-			if (overbose)
-			    printf("Using %s mode to transfer files.\n",
-				typename);
-		} else {
-			if (proxy)
-				unix_proxy = 0;
-			else
-				unix_server = 0;
-			if (overbose && 
-			    !strncmp(reply_string, "215 TOPS20", 10))
-				printf(
-"Remember to set tenex mode when transfering binary files from this machine.\n");
-		}
-		verbose = overbose;
-#endif /* unix */
-	}
-}
-
-struct	types {
-	char	*t_name;
-	char	*t_mode;
-	int	t_type;
-	char	*t_arg;
-} types[] = {
-	{ "ascii",	"A",	TYPE_A,	0 },
-	{ "binary",	"I",	TYPE_I,	0 },
-	{ "image",	"I",	TYPE_I,	0 },
-	{ "ebcdic",	"E",	TYPE_E,	0 },
-	{ "tenex",	"L",	TYPE_L,	bytename },
-	{ NULL }
-};
-
-/*
- * Set transfer type.
- */
-void
-settype(int argc, char **argv)
-{
-	struct types *p;
-	int comret;
-
-	if (argc > 2) {
-		char *sep;
-
-		printf("usage: %s [", argv[0]);
-		sep = " ";
-		for (p = types; p->t_name; p++) {
-			printf("%s%s", sep, p->t_name);
-			sep = " | ";
-		}
-		printf(" ]\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2) {
-		printf("Using %s mode to transfer files.\n", typename);
-		code = 0;
-		return;
-	}
-	for (p = types; p->t_name; p++)
-		if (strcmp(argv[1], p->t_name) == 0)
-			break;
-	if (p->t_name == 0) {
-		printf("%s: unknown mode\n", argv[1]);
-		code = -1;
-		return;
-	}
-	if ((p->t_arg != NULL) && (*(p->t_arg) != '\0'))
-		comret = command ("TYPE %s %s", p->t_mode, p->t_arg);
-	else
-		comret = command("TYPE %s", p->t_mode);
-	if (comret == COMPLETE) {
-		strlcpy(typename, p->t_name, sizeof(typename));
-		curtype = type = p->t_type;
-	}
-}
-
-/*
- * Internal form of settype; changes current type in use with server
- * without changing our notion of the type for data transfers.
- * Used to change to and from ascii for listings.
- */
-void
-changetype(int newtype, int show)
-{
-	struct types *p;
-	int comret, oldverbose = verbose;
-
-	if (newtype == 0)
-		newtype = TYPE_I;
-	if (newtype == curtype)
-		return;
-	if (debug == 0 && show == 0)
-		verbose = 0;
-	for (p = types; p->t_name; p++)
-		if (newtype == p->t_type)
-			break;
-	if (p->t_name == 0) {
-		printf("ftp: internal error: unknown type %d\n", newtype);
-		return;
-	}
-	if (newtype == TYPE_L && bytename[0] != '\0')
-		comret = command("TYPE %s %s", p->t_mode, bytename);
-	else
-		comret = command("TYPE %s", p->t_mode);
-	if (comret == COMPLETE)
-		curtype = newtype;
-	verbose = oldverbose;
-}
-
-char *stype[] = {
-	"type",
-	"",
-	0
-};
-
-/*
- * Set binary transfer type.
- */
-/*VARARGS*/
-void
-setbinary(int argc, char **argv)
-{
-
-	stype[1] = "binary";
-	settype(2, stype);
-}
-
-/*
- * Set ascii transfer type.
- */
-/*VARARGS*/
-void
-setascii(int argc, char **argv)
-{
-
-	stype[1] = "ascii";
-	settype(2, stype);
-}
-
-/*
- * Set tenex transfer type.
- */
-/*VARARGS*/
-void
-settenex(int argc, char **argv)
-{
-
-	stype[1] = "tenex";
-	settype(2, stype);
-}
-
-/*
- * Set file transfer mode.
- */
-/*ARGSUSED*/
-void
-setftmode(int argc, char **argv)
-{
-
-	printf("We only support %s mode, sorry.\n", modename);
-	code = -1;
-}
-
-/*
- * Set file transfer format.
- */
-/*ARGSUSED*/
-void
-setform(int argc, char **argv)
-{
-
-	printf("We only support %s format, sorry.\n", formname);
-	code = -1;
-}
-
-/*
- * Set file transfer structure.
- */
-/*ARGSUSED*/
-void
-setstruct(int argc, char **argv)
-{
-
-	printf("We only support %s structure, sorry.\n", structname);
-	code = -1;
-}
-
-/*
- * Send a single file.
- */
-void
-put(int argc, char **argv)
-{
-	char *cmd;
-	int loc = 0;
-	char *oldargv1, *oldargv2;
-
-	if (argc == 2) {
-		argc++;
-		argv[2] = argv[1];
-		loc++;
-	}
-	if (argc < 2 && !another(&argc, &argv, "local-file"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "remote-file")) {
-usage:
-		printf("usage: %s local-file remote-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	oldargv1 = argv[1];
-	oldargv2 = argv[2];
-	if (!globulize(&argv[1])) {
-		code = -1;
-		return;
-	}
-	/*
-	 * If "globulize" modifies argv[1], and argv[2] is a copy of
-	 * the old argv[1], make it a copy of the new argv[1].
-	 */
-	if (argv[1] != oldargv1 && argv[2] == oldargv1) {
-		argv[2] = argv[1];
-	}
-	cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR");
-	if (loc && ntflag) {
-		argv[2] = dotrans(argv[2]);
-	}
-	if (loc && mapflag) {
-		argv[2] = domap(argv[2]);
-	}
-	sendrequest(cmd, argv[1], argv[2],
-		    curtype == TYPE_I ? "rb" : "r",
-		    argv[1] != oldargv1 || argv[2] != oldargv2);
-}
-
-/* ARGSUSED */
-static RETSIGTYPE
-mabort(int signo)
-{
-	int ointer;
-
-	printf("\n");
-	fflush(stdout);
-	if (mflag && fromatty) {
-		ointer = interactive;
-		interactive = 1;
-		if (confirm("Continue with", mname)) {
-			interactive = ointer;
-			longjmp(jabort,0);
-		}
-		interactive = ointer;
-	}
-	mflag = 0;
-	longjmp(jabort,0);
-}
-
-/*
- * Send multiple files.
- */
-void
-mput(int argc, char **argv)
-{
-    int i;
-    RETSIGTYPE (*oldintr)(int);
-    int ointer;
-    char *tp;
-
-    if (argc < 2 && !another(&argc, &argv, "local-files")) {
-	printf("usage: %s local-files\n", argv[0]);
-	code = -1;
-	return;
-    }
-    mname = argv[0];
-    mflag = 1;
-    oldintr = signal(SIGINT, mabort);
-    setjmp(jabort);
-    if (proxy) {
-	char *cp, *tp2, tmpbuf[MaxPathLen];
-
-	while ((cp = remglob(argv,0)) != NULL) {
-	    if (*cp == 0) {
-		mflag = 0;
-		continue;
-	    }
-	    if (mflag && confirm(argv[0], cp)) {
-		tp = cp;
-		if (mcase) {
-		    while (*tp && !islower((unsigned char)*tp)) {
-			tp++;
-		    }
-		    if (!*tp) {
-			tp = cp;
-			tp2 = tmpbuf;
-			while ((*tp2 = *tp) != '\0') {
-			    if (isupper((unsigned char)*tp2)) {
-				*tp2 = 'a' + *tp2 - 'A';
-			    }
-			    tp++;
-			    tp2++;
-			}
-		    }
-		    tp = tmpbuf;
-		}
-		if (ntflag) {
-		    tp = dotrans(tp);
-		}
-		if (mapflag) {
-		    tp = domap(tp);
-		}
-		sendrequest((sunique) ? "STOU" : "STOR",
-			    cp, tp,
-			    curtype == TYPE_I ? "rb" : "r",
-			    cp != tp || !interactive);
-		if (!mflag && fromatty) {
-		    ointer = interactive;
-		    interactive = 1;
-		    if (confirm("Continue with","mput")) {
-			mflag++;
-		    }
-		    interactive = ointer;
-		}
-	    }
-	}
-	signal(SIGINT, oldintr);
-	mflag = 0;
-	return;
-    }
-    for (i = 1; i < argc; i++) {
-	char **cpp;
-	glob_t gl;
-	int flags;
-
-	if (!doglob) {
-	    if (mflag && confirm(argv[0], argv[i])) {
-		tp = (ntflag) ? dotrans(argv[i]) : argv[i];
-		tp = (mapflag) ? domap(tp) : tp;
-		sendrequest((sunique) ? "STOU" : "STOR",
-			    argv[i],
-			    curtype == TYPE_I ? "rb" : "r",
-			    tp, tp != argv[i] || !interactive);
-		if (!mflag && fromatty) {
-		    ointer = interactive;
-		    interactive = 1;
-		    if (confirm("Continue with","mput")) {
-			mflag++;
-		    }
-		    interactive = ointer;
-		}
-	    }
-	    continue;
-	}
-
-	memset(&gl, 0, sizeof(gl));
-	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-	if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
-	    warnx("%s: not found", argv[i]);
-	    globfree(&gl);
-	    continue;
-	}
-	for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
-	    if (mflag && confirm(argv[0], *cpp)) {
-		tp = (ntflag) ? dotrans(*cpp) : *cpp;
-		tp = (mapflag) ? domap(tp) : tp;
-		sendrequest((sunique) ? "STOU" : "STOR",
-			    *cpp, tp,
-			    curtype == TYPE_I ? "rb" : "r",
-			    *cpp != tp || !interactive);
-		if (!mflag && fromatty) {
-		    ointer = interactive;
-		    interactive = 1;
-		    if (confirm("Continue with","mput")) {
-			mflag++;
-		    }
-		    interactive = ointer;
-		}
-	    }
-	}
-	globfree(&gl);
-    }
-    signal(SIGINT, oldintr);
-    mflag = 0;
-}
-
-void
-reget(int argc, char **argv)
-{
-    getit(argc, argv, 1, curtype == TYPE_I ? "r+wb" : "r+w");
-}
-
-void
-get(int argc, char **argv)
-{
-    char *mode;
-
-    if (restart_point) {
-	if (curtype == TYPE_I)
-	    mode = "r+wb";
-	else
-	    mode = "r+w";
-    } else {
-	if (curtype == TYPE_I)
-	    mode = "wb";
-	else
-	    mode = "w";
-    }
-
-    getit(argc, argv, 0, mode);
-}
-
-/*
- * Receive one file.
- */
-int
-getit(int argc, char **argv, int restartit, char *mode)
-{
-	int loc = 0;
-	int local_given = 1;
-	char *oldargv1, *oldargv2;
-
-	if (argc == 2) {
-		argc++;
-		local_given = 0;
-		argv[2] = argv[1];
-		loc++;
-	}
-	if ((argc < 2 && !another(&argc, &argv, "remote-file")) ||
-	    (argc < 3 && !another(&argc, &argv, "local-file"))) {
-		printf("usage: %s remote-file [ local-file ]\n", argv[0]);
-		code = -1;
-		return (0);
-	}
-	oldargv1 = argv[1];
-	oldargv2 = argv[2];
-	if (!globulize(&argv[2])) {
-		code = -1;
-		return (0);
-	}
-	if (loc && mcase) {
-		char *tp = argv[1], *tp2, tmpbuf[MaxPathLen];
-
-		while (*tp && !islower((unsigned char)*tp)) {
-			tp++;
-		}
-		if (!*tp) {
-			tp = argv[2];
-			tp2 = tmpbuf;
-			while ((*tp2 = *tp) != '\0') {
-				if (isupper((unsigned char)*tp2)) {
-					*tp2 = 'a' + *tp2 - 'A';
-				}
-				tp++;
-				tp2++;
-			}
-			argv[2] = tmpbuf;
-		}
-	}
-	if (loc && ntflag)
-		argv[2] = dotrans(argv[2]);
-	if (loc && mapflag)
-		argv[2] = domap(argv[2]);
-	if (restartit) {
-		struct stat stbuf;
-		int ret;
-
-		ret = stat(argv[2], &stbuf);
-		if (restartit == 1) {
-			if (ret < 0) {
-				warn("local: %s", argv[2]);
-				return (0);
-			}
-			restart_point = stbuf.st_size;
-		} else if (ret == 0) {
-			int overbose;
-			int cmdret;
-			int yy, mo, day, hour, min, sec;
-			struct tm *tm;
-			time_t mtime = stbuf.st_mtime;
-
-			overbose = verbose;
-			if (debug == 0)
-				verbose = -1;
-			cmdret = command("MDTM %s", argv[1]);
-			verbose = overbose;
-			if (cmdret != COMPLETE) {
-				printf("%s\n", reply_string);
-				return (0);
-			}
-			if (sscanf(reply_string,
-				   "%*s %04d%02d%02d%02d%02d%02d",
-				   &yy, &mo, &day, &hour, &min, &sec)
-			    != 6) {
-				printf ("bad MDTM result\n");
-				return (0);
-			}
-
-			tm = gmtime(&mtime);
-			tm->tm_mon++;
-			tm->tm_year += 1900;
-
-			if ((tm->tm_year > yy) ||
-			    (tm->tm_year == yy && 
-			     tm->tm_mon > mo) ||
-			    (tm->tm_mon == mo && 
-			     tm->tm_mday > day) ||
-			    (tm->tm_mday == day && 
-			     tm->tm_hour > hour) ||
-			    (tm->tm_hour == hour && 
-			     tm->tm_min > min) ||
-			    (tm->tm_min == min && 
-			     tm->tm_sec > sec))
-				return (1);
-		}
-	}
-
-	recvrequest("RETR", argv[2], argv[1], mode,
-		    argv[1] != oldargv1 || argv[2] != oldargv2, local_given);
-	restart_point = 0;
-	return (0);
-}
-
-static int
-suspicious_filename(const char *fn)
-{
-    return strstr(fn, "../") != NULL || *fn == '/';
-}
-
-/*
- * Get multiple files.
- */
-void
-mget(int argc, char **argv)
-{
-	sighand oldintr;
-	int ch, ointer;
-	char *cp, *tp, *tp2, tmpbuf[MaxPathLen];
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-		printf("usage: %s remote-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	setjmp(jabort);
-	while ((cp = remglob(argv,proxy)) != NULL) {
-		if (*cp == '\0') {
-			mflag = 0;
-			continue;
-		}
-		if (mflag && suspicious_filename(cp))
-		    printf("*** Suspicious filename: %s\n", cp);
-		if (mflag && confirm(argv[0], cp)) {
-			tp = cp;
-			if (mcase) {
-				for (tp2 = tmpbuf; (ch = *tp++);)
-					*tp2++ = tolower(ch);
-				*tp2 = '\0';
-				tp = tmpbuf;
-			}
-			if (ntflag) {
-				tp = dotrans(tp);
-			}
-			if (mapflag) {
-				tp = domap(tp);
-			}
-			recvrequest("RETR", tp, cp,
-				    curtype == TYPE_I ? "wb" : "w",
-				    tp != cp || !interactive, 0);
-			if (!mflag && fromatty) {
-				ointer = interactive;
-				interactive = 1;
-				if (confirm("Continue with","mget")) {
-					mflag++;
-				}
-				interactive = ointer;
-			}
-		}
-	}
-	signal(SIGINT,oldintr);
-	mflag = 0;
-}
-
-char *
-remglob(char **argv, int doswitch)
-{
-    char temp[16];
-    static char buf[MaxPathLen];
-    static FILE *ftemp = NULL;
-    static char **args;
-    int oldverbose, oldhash;
-    char *cp, *mode;
-
-    if (!mflag) {
-	if (!doglob) {
-	    args = NULL;
-	}
-	else {
-	    if (ftemp) {
-		fclose(ftemp);
-		ftemp = NULL;
-	    }
-	}
-	return (NULL);
-    }
-    if (!doglob) {
-	if (args == NULL)
-	    args = argv;
-	if ((cp = *++args) == NULL)
-	    args = NULL;
-	return (cp);
-    }
-    if (ftemp == NULL) {
-	int fd;
-	strlcpy(temp, _PATH_TMP_XXX, sizeof(temp));
-	fd = mkstemp(temp);
-	if(fd < 0){
-	    warn("unable to create temporary file %s", temp);
-	    return NULL;
-	}
-	close(fd);
-	oldverbose = verbose, verbose = 0;
-	oldhash = hash, hash = 0;
-	if (doswitch) {
-	    pswitch(!proxy);
-	}
-	for (mode = "w"; *++argv != NULL; mode = "a")
-	    recvrequest ("NLST", temp, *argv, mode, 0, 0);
-	if (doswitch) {
-	    pswitch(!proxy);
-	}
-	verbose = oldverbose; hash = oldhash;
-	ftemp = fopen(temp, "r");
-	unlink(temp);
-	if (ftemp == NULL) {
-	    printf("can't find list of remote files, oops\n");
-	    return (NULL);
-	}
-    }
-    while(fgets(buf, sizeof (buf), ftemp)) {
-	if ((cp = strchr(buf, '\n')) != NULL)
-	    *cp = '\0';
-	if(!interactive && suspicious_filename(buf)){
-	    printf("Ignoring remote globbed file `%s'\n", buf);
-	    continue;
-	}
-	return buf;
-    }
-    fclose(ftemp);
-    ftemp = NULL;
-    return (NULL);
-}
-
-char *
-onoff(int bool)
-{
-
-	return (bool ? "on" : "off");
-}
-
-/*
- * Show status.
- */
-/*ARGSUSED*/
-void
-status(int argc, char **argv)
-{
-	int i;
-
-	if (connected)
-		printf("Connected to %s.\n", hostname);
-	else
-		printf("Not connected.\n");
-	if (!proxy) {
-		pswitch(1);
-		if (connected) {
-			printf("Connected for proxy commands to %s.\n", hostname);
-		}
-		else {
-			printf("No proxy connection.\n");
-		}
-		pswitch(0);
-	}
-	sec_status();
-	printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
-		modename, typename, formname, structname);
-	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", 
-		onoff(verbose), onoff(bell), onoff(interactive),
-		onoff(doglob));
-	printf("Store unique: %s; Receive unique: %s\n", onoff(sunique),
-		onoff(runique));
-	printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag));
-	if (ntflag) {
-		printf("Ntrans: (in) %s (out) %s\n", ntin,ntout);
-	}
-	else {
-		printf("Ntrans: off\n");
-	}
-	if (mapflag) {
-		printf("Nmap: (in) %s (out) %s\n", mapin, mapout);
-	}
-	else {
-		printf("Nmap: off\n");
-	}
-	printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
-		onoff(hash), onoff(sendport));
-	if (macnum > 0) {
-		printf("Macros:\n");
-		for (i=0; i<macnum; i++) {
-			printf("\t%s\n",macros[i].mac_name);
-		}
-	}
-	code = 0;
-}
-
-/*
- * Set beep on cmd completed mode.
- */
-/*VARARGS*/
-void
-setbell(int argc, char **argv)
-{
-
-	bell = !bell;
-	printf("Bell mode %s.\n", onoff(bell));
-	code = bell;
-}
-
-/*
- * Turn on packet tracing.
- */
-/*VARARGS*/
-void
-settrace(int argc, char **argv)
-{
-
-	trace = !trace;
-	printf("Packet tracing %s.\n", onoff(trace));
-	code = trace;
-}
-
-/*
- * Toggle hash mark printing during transfers.
- */
-/*VARARGS*/
-void
-sethash(int argc, char **argv)
-{
-
-	hash = !hash;
-	printf("Hash mark printing %s", onoff(hash));
-	code = hash;
-	if (hash)
-		printf(" (%d bytes/hash mark)", 1024);
-	printf(".\n");
-}
-
-/*
- * Turn on printing of server echo's.
- */
-/*VARARGS*/
-void
-setverbose(int argc, char **argv)
-{
-
-	verbose = !verbose;
-	printf("Verbose mode %s.\n", onoff(verbose));
-	code = verbose;
-}
-
-/*
- * Toggle PORT cmd use before each data connection.
- */
-/*VARARGS*/
-void
-setport(int argc, char **argv)
-{
-
-	sendport = !sendport;
-	printf("Use of PORT cmds %s.\n", onoff(sendport));
-	code = sendport;
-}
-
-/*
- * Turn on interactive prompting
- * during mget, mput, and mdelete.
- */
-/*VARARGS*/
-void
-setprompt(int argc, char **argv)
-{
-
-	interactive = !interactive;
-	printf("Interactive mode %s.\n", onoff(interactive));
-	code = interactive;
-}
-
-/*
- * Toggle metacharacter interpretation
- * on local file names.
- */
-/*VARARGS*/
-void
-setglob(int argc, char **argv)
-{
-	
-	doglob = !doglob;
-	printf("Globbing %s.\n", onoff(doglob));
-	code = doglob;
-}
-
-/*
- * Set debugging mode on/off and/or
- * set level of debugging.
- */
-/*VARARGS*/
-void
-setdebug(int argc, char **argv)
-{
-	int val;
-
-	if (argc > 1) {
-		val = atoi(argv[1]);
-		if (val < 0) {
-			printf("%s: bad debugging value.\n", argv[1]);
-			code = -1;
-			return;
-		}
-	} else
-		val = !debug;
-	debug = val;
-	if (debug)
-		options |= SO_DEBUG;
-	else
-		options &= ~SO_DEBUG;
-	printf("Debugging %s (debug=%d).\n", onoff(debug), debug);
-	code = debug > 0;
-}
-
-/*
- * Set current working directory
- * on remote machine.
- */
-void
-cd(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "remote-directory")) {
-		printf("usage: %s remote-directory\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("CWD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("CWD command not recognized, trying XCWD\n");
-		command("XCWD %s", argv[1]);
-	}
-}
-
-/*
- * Set current working directory
- * on local machine.
- */
-void
-lcd(int argc, char **argv)
-{
-	char buf[MaxPathLen];
-
-	if (argc < 2)
-		argc++, argv[1] = home;
-	if (argc != 2) {
-		printf("usage: %s local-directory\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (!globulize(&argv[1])) {
-		code = -1;
-		return;
-	}
-	if (chdir(argv[1]) < 0) {
-		warn("local: %s", argv[1]);
-		code = -1;
-		return;
-	}
-	if (getcwd(buf, sizeof(buf)) != NULL)
-		printf("Local directory now %s\n", buf);
-	else
-		warnx("getwd: %s", buf);
-	code = 0;
-}
-
-/*
- * Delete a single file.
- */
-void
-delete(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "remote-file")) {
-		printf("usage: %s remote-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	command("DELE %s", argv[1]);
-}
-
-/*
- * Delete multiple files.
- */
-void
-mdelete(int argc, char **argv)
-{
-    sighand oldintr;
-    int ointer;
-    char *cp;
-
-    if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-	printf("usage: %s remote-files\n", argv[0]);
-	code = -1;
-	return;
-    }
-    mname = argv[0];
-    mflag = 1;
-    oldintr = signal(SIGINT, mabort);
-    setjmp(jabort);
-    while ((cp = remglob(argv,0)) != NULL) {
-	if (*cp == '\0') {
-	    mflag = 0;
-	    continue;
-	}
-	if (mflag && confirm(argv[0], cp)) {
-	    command("DELE %s", cp);
-	    if (!mflag && fromatty) {
-		ointer = interactive;
-		interactive = 1;
-		if (confirm("Continue with", "mdelete")) {
-		    mflag++;
-		}
-		interactive = ointer;
-	    }
-	}
-    }
-    signal(SIGINT, oldintr);
-    mflag = 0;
-}
-
-/*
- * Rename a remote file.
- */
-void
-renamefile(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "from-name"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "to-name")) {
-usage:
-		printf("%s from-name to-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("RNFR %s", argv[1]) == CONTINUE)
-		command("RNTO %s", argv[2]);
-}
-
-/*
- * Get a directory listing
- * of remote files.
- */
-void
-ls(int argc, char **argv)
-{
-	char *cmd;
-
-	if (argc < 2)
-		argc++, argv[1] = NULL;
-	if (argc < 3)
-		argc++, argv[2] = "-";
-	if (argc > 3) {
-		printf("usage: %s remote-directory local-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	cmd = argv[0][0] == 'n' ? "NLST" : "LIST";
-	if (strcmp(argv[2], "-") && !globulize(&argv[2])) {
-		code = -1;
-		return;
-	}
-	if (strcmp(argv[2], "-") && *argv[2] != '|')
-	    if (!globulize(&argv[2]) || !confirm("output to local-file:", 
-						 argv[2])) {
-		code = -1;
-		return;
-	    }
-	recvrequest(cmd, argv[2], argv[1], "w", 0, 1);
-}
-
-/*
- * Get a directory listing
- * of multiple remote files.
- */
-void
-mls(int argc, char **argv)
-{
-	sighand oldintr;
-	int ointer, i;
-	char *cmd, mode[1], *dest;
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "local-file")) {
-usage:
-		printf("usage: %s remote-files local-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	dest = argv[argc - 1];
-	argv[argc - 1] = NULL;
-	if (strcmp(dest, "-") && *dest != '|')
-		if (!globulize(&dest) ||
-		    !confirm("output to local-file:", dest)) {
-			code = -1;
-			return;
-	}
-	cmd = argv[0][1] == 'l' ? "NLST" : "LIST";
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	setjmp(jabort);
-	for (i = 1; mflag && i < argc-1; ++i) {
-		*mode = (i == 1) ? 'w' : 'a';
-		recvrequest(cmd, dest, argv[i], mode, 0, 1);
-		if (!mflag && fromatty) {
-			ointer = interactive;
-			interactive = 1;
-			if (confirm("Continue with", argv[0])) {
-				mflag ++;
-			}
-			interactive = ointer;
-		}
-	}
-	signal(SIGINT, oldintr);
-	mflag = 0;
-}
-
-/*
- * Do a shell escape
- */
-/*ARGSUSED*/
-void
-shell(int argc, char **argv)
-{
-	pid_t pid;
-	RETSIGTYPE (*old1)(int), (*old2)(int);
-	char shellnam[40], *shell, *namep; 
-	int status;
-
-	old1 = signal (SIGINT, SIG_IGN);
-	old2 = signal (SIGQUIT, SIG_IGN);
-	if ((pid = fork()) == 0) {
-		for (pid = 3; pid < 20; pid++)
-			close(pid);
-		signal(SIGINT, SIG_DFL);
-		signal(SIGQUIT, SIG_DFL);
-		shell = getenv("SHELL");
-		if (shell == NULL)
-			shell = _PATH_BSHELL;
-		namep = strrchr(shell,'/');
-		if (namep == NULL)
-			namep = shell;
-		snprintf (shellnam, sizeof(shellnam),
-			  "-%s", ++namep);
-		if (strcmp(namep, "sh") != 0)
-			shellnam[0] = '+';
-		if (debug) {
-			printf ("%s\n", shell);
-			fflush (stdout);
-		}
-		if (argc > 1) {
-			execl(shell,shellnam,"-c",altarg,(char *)0);
-		}
-		else {
-			execl(shell,shellnam,(char *)0);
-		}
-		warn("%s", shell);
-		code = -1;
-		exit(1);
-	}
-	if (pid > 0)
-		while (waitpid(-1, &status, 0) != pid)
-			;
-	signal(SIGINT, old1);
-	signal(SIGQUIT, old2);
-	if (pid == -1) {
-		warn("%s", "Try again later");
-		code = -1;
-	}
-	else {
-		code = 0;
-	}
-}
-
-/*
- * Send new user information (re-login)
- */
-void
-user(int argc, char **argv)
-{
-	char acct[80];
-	int n, aflag = 0;
-	char tmp[256];
-
-	if (argc < 2)
-		another(&argc, &argv, "username");
-	if (argc < 2 || argc > 4) {
-		printf("usage: %s username [password] [account]\n", argv[0]);
-		code = -1;
-		return;
-	}
-	n = command("USER %s", argv[1]);
-	if (n == CONTINUE) {
-	    if (argc < 3 ) {
-		des_read_pw_string (tmp,
-				    sizeof(tmp),
-				    "Password: ", 0);
-		argv[2] = tmp;
-		argc++;
-	    }
-	    n = command("PASS %s", argv[2]);
-	}
-	if (n == CONTINUE) {
-		if (argc < 4) {
-			printf("Account: "); fflush(stdout);
-			fgets(acct, sizeof(acct) - 1, stdin);
-			acct[strlen(acct) - 1] = '\0';
-			argv[3] = acct; argc++;
-		}
-		n = command("ACCT %s", argv[3]);
-		aflag++;
-	}
-	if (n != COMPLETE) {
-		fprintf(stdout, "Login failed.\n");
-		return;
-	}
-	if (!aflag && argc == 4) {
-		command("ACCT %s", argv[3]);
-	}
-}
-
-/*
- * Print working directory.
- */
-/*VARARGS*/
-void
-pwd(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	/*
-	 * If we aren't verbose, this doesn't do anything!
-	 */
-	verbose = 1;
-	if (command("PWD") == ERROR && code == 500) {
-		printf("PWD command not recognized, trying XPWD\n");
-		command("XPWD");
-	}
-	verbose = oldverbose;
-}
-
-/*
- * Make a directory.
- */
-void
-makedir(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
-		printf("usage: %s directory-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("MKD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("MKD command not recognized, trying XMKD\n");
-		command("XMKD %s", argv[1]);
-	}
-}
-
-/*
- * Remove a directory.
- */
-void
-removedir(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
-		printf("usage: %s directory-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("RMD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("RMD command not recognized, trying XRMD\n");
-		command("XRMD %s", argv[1]);
-	}
-}
-
-/*
- * Send a line, verbatim, to the remote machine.
- */
-void
-quote(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "command line to send")) {
-		printf("usage: %s line-to-send\n", argv[0]);
-		code = -1;
-		return;
-	}
-	quote1("", argc, argv);
-}
-
-/*
- * Send a SITE command to the remote machine.  The line
- * is sent verbatim to the remote machine, except that the
- * word "SITE" is added at the front.
- */
-void
-site(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) {
-		printf("usage: %s line-to-send\n", argv[0]);
-		code = -1;
-		return;
-	}
-	quote1("SITE ", argc, argv);
-}
-
-/*
- * Turn argv[1..argc) into a space-separated string, then prepend initial text.
- * Send the result as a one-line command and get response.
- */
-void
-quote1(char *initial, int argc, char **argv)
-{
-    int i;
-    char buf[BUFSIZ];		/* must be >= sizeof(line) */
-
-    strlcpy(buf, initial, sizeof(buf));
-    for(i = 1; i < argc; i++) {
-	if(i > 1)
-	    strlcat(buf, " ", sizeof(buf));
-	strlcat(buf, argv[i], sizeof(buf));
-    }
-    if (command("%s", buf) == PRELIM) {
-	while (getreply(0) == PRELIM)
-	    continue;
-    }
-}
-
-void
-do_chmod(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "mode"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "file-name")) {
-usage:
-		printf("usage: %s mode file-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	command("SITE CHMOD %s %s", argv[1], argv[2]);
-}
-
-void
-do_umask(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]);
-	verbose = oldverbose;
-}
-
-void
-ftp_idle(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]);
-	verbose = oldverbose;
-}
-
-/*
- * Ask the other side for help.
- */
-void
-rmthelp(int argc, char **argv)
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	command(argc == 1 ? "HELP" : "HELP %s", argv[1]);
-	verbose = oldverbose;
-}
-
-/*
- * Terminate session and exit.
- */
-/*VARARGS*/
-void
-quit(int argc, char **argv)
-{
-
-	if (connected)
-		disconnect(0, 0);
-	pswitch(1);
-	if (connected) {
-		disconnect(0, 0);
-	}
-	exit(0);
-}
-
-/*
- * Terminate session, but don't exit.
- */
-void
-disconnect(int argc, char **argv)
-{
-
-	if (!connected)
-		return;
-	command("QUIT");
-	if (cout) {
-		fclose(cout);
-	}
-	cout = NULL;
-	connected = 0;
-	sec_end();
-	data = -1;
-	if (!proxy) {
-		macnum = 0;
-	}
-}
-
-int
-confirm(char *cmd, char *file)
-{
-	char line[BUFSIZ];
-
-	if (!interactive)
-		return (1);
-	printf("%s %s? ", cmd, file);
-	fflush(stdout);
-	if (fgets(line, sizeof line, stdin) == NULL)
-		return (0);
-	return (*line == 'y' || *line == 'Y');
-}
-
-void
-fatal(char *msg)
-{
-
-	errx(1, "%s", msg);
-}
-
-/*
- * Glob a local file name specification with
- * the expectation of a single return value.
- * Can't control multiple values being expanded
- * from the expression, we return only the first.
- */
-int
-globulize(char **cpp)
-{
-	glob_t gl;
-	int flags;
-
-	if (!doglob)
-		return (1);
-
-	flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-	memset(&gl, 0, sizeof(gl));
-	if (glob(*cpp, flags, NULL, &gl) ||
-	    gl.gl_pathc == 0) {
-		warnx("%s: not found", *cpp);
-		globfree(&gl);
-		return (0);
-	}
-	*cpp = strdup(gl.gl_pathv[0]);	/* XXX - wasted memory */
-	globfree(&gl);
-	return (1);
-}
-
-void
-account(int argc, char **argv)
-{
-	char acct[50];
-
-	if (argc > 1) {
-		++argv;
-		--argc;
-		strlcpy (acct, *argv, sizeof(acct));
-		while (argc > 1) {
-			--argc;
-			++argv;
-			strlcat(acct, *argv, sizeof(acct));
-		}
-	}
-	else {
-	    des_read_pw_string(acct, sizeof(acct), "Account:", 0);
-	}
-	command("ACCT %s", acct);
-}
-
-jmp_buf abortprox;
-
-static RETSIGTYPE
-proxabort(int sig)
-{
-
-	if (!proxy) {
-		pswitch(1);
-	}
-	if (connected) {
-		proxflag = 1;
-	}
-	else {
-		proxflag = 0;
-	}
-	pswitch(0);
-	longjmp(abortprox,1);
-}
-
-void
-doproxy(int argc, char **argv)
-{
-	struct cmd *c;
-	RETSIGTYPE (*oldintr)(int);
-
-	if (argc < 2 && !another(&argc, &argv, "command")) {
-		printf("usage: %s command\n", argv[0]);
-		code = -1;
-		return;
-	}
-	c = getcmd(argv[1]);
-	if (c == (struct cmd *) -1) {
-		printf("?Ambiguous command\n");
-		fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (c == 0) {
-		printf("?Invalid command\n");
-		fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (!c->c_proxy) {
-		printf("?Invalid proxy command\n");
-		fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (setjmp(abortprox)) {
-		code = -1;
-		return;
-	}
-	oldintr = signal(SIGINT, proxabort);
-	pswitch(1);
-	if (c->c_conn && !connected) {
-		printf("Not connected\n");
-		fflush(stdout);
-		pswitch(0);
-		signal(SIGINT, oldintr);
-		code = -1;
-		return;
-	}
-	(*c->c_handler)(argc-1, argv+1);
-	if (connected) {
-		proxflag = 1;
-	}
-	else {
-		proxflag = 0;
-	}
-	pswitch(0);
-	signal(SIGINT, oldintr);
-}
-
-void
-setcase(int argc, char **argv)
-{
-
-	mcase = !mcase;
-	printf("Case mapping %s.\n", onoff(mcase));
-	code = mcase;
-}
-
-void
-setcr(int argc, char **argv)
-{
-
-	crflag = !crflag;
-	printf("Carriage Return stripping %s.\n", onoff(crflag));
-	code = crflag;
-}
-
-void
-setntrans(int argc, char **argv)
-{
-	if (argc == 1) {
-		ntflag = 0;
-		printf("Ntrans off.\n");
-		code = ntflag;
-		return;
-	}
-	ntflag++;
-	code = ntflag;
-	strlcpy (ntin, argv[1], 17);
-	if (argc == 2) {
-		ntout[0] = '\0';
-		return;
-	}
-	strlcpy (ntout, argv[2], 17);
-}
-
-char *
-dotrans(char *name)
-{
-	static char new[MaxPathLen];
-	char *cp1, *cp2 = new;
-	int i, ostop, found;
-
-	for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++)
-		continue;
-	for (cp1 = name; *cp1; cp1++) {
-		found = 0;
-		for (i = 0; *(ntin + i) && i < 16; i++) {
-			if (*cp1 == *(ntin + i)) {
-				found++;
-				if (i < ostop) {
-					*cp2++ = *(ntout + i);
-				}
-				break;
-			}
-		}
-		if (!found) {
-			*cp2++ = *cp1;
-		}
-	}
-	*cp2 = '\0';
-	return (new);
-}
-
-void
-setnmap(int argc, char **argv)
-{
-	char *cp;
-
-	if (argc == 1) {
-		mapflag = 0;
-		printf("Nmap off.\n");
-		code = mapflag;
-		return;
-	}
-	if (argc < 3 && !another(&argc, &argv, "mapout")) {
-		printf("Usage: %s [mapin mapout]\n",argv[0]);
-		code = -1;
-		return;
-	}
-	mapflag = 1;
-	code = 1;
-	cp = strchr(altarg, ' ');
-	if (proxy) {
-		while(*++cp == ' ')
-			continue;
-		altarg = cp;
-		cp = strchr(altarg, ' ');
-	}
-	*cp = '\0';
-	strlcpy(mapin, altarg, MaxPathLen);
-	while (*++cp == ' ')
-		continue;
-	strlcpy(mapout, cp, MaxPathLen);
-}
-
-char *
-domap(char *name)
-{
-	static char new[MaxPathLen];
-	char *cp1 = name, *cp2 = mapin;
-	char *tp[9], *te[9];
-	int i, toks[9], toknum = 0, match = 1;
-
-	for (i=0; i < 9; ++i) {
-		toks[i] = 0;
-	}
-	while (match && *cp1 && *cp2) {
-		switch (*cp2) {
-			case '\\':
-				if (*++cp2 != *cp1) {
-					match = 0;
-				}
-				break;
-			case '$':
-				if (*(cp2+1) >= '1' && (*cp2+1) <= '9') {
-					if (*cp1 != *(++cp2+1)) {
-						toks[toknum = *cp2 - '1']++;
-						tp[toknum] = cp1;
-						while (*++cp1 && *(cp2+1)
-							!= *cp1);
-						te[toknum] = cp1;
-					}
-					cp2++;
-					break;
-				}
-				/* FALLTHROUGH */
-			default:
-				if (*cp2 != *cp1) {
-					match = 0;
-				}
-				break;
-		}
-		if (match && *cp1) {
-			cp1++;
-		}
-		if (match && *cp2) {
-			cp2++;
-		}
-	}
-	if (!match && *cp1) /* last token mismatch */
-	{
-		toks[toknum] = 0;
-	}
-	cp1 = new;
-	*cp1 = '\0';
-	cp2 = mapout;
-	while (*cp2) {
-		match = 0;
-		switch (*cp2) {
-			case '\\':
-				if (*(cp2 + 1)) {
-					*cp1++ = *++cp2;
-				}
-				break;
-			case '[':
-LOOP:
-				if (*++cp2 == '$' && isdigit((unsigned char)*(cp2+1))) { 
-					if (*++cp2 == '0') {
-						char *cp3 = name;
-
-						while (*cp3) {
-							*cp1++ = *cp3++;
-						}
-						match = 1;
-					}
-					else if (toks[toknum = *cp2 - '1']) {
-						char *cp3 = tp[toknum];
-
-						while (cp3 != te[toknum]) {
-							*cp1++ = *cp3++;
-						}
-						match = 1;
-					}
-				}
-				else {
-					while (*cp2 && *cp2 != ',' && 
-					    *cp2 != ']') {
-						if (*cp2 == '\\') {
-							cp2++;
-						}
-						else if (*cp2 == '$' &&
-   						        isdigit((unsigned char)*(cp2+1))) {
-							if (*++cp2 == '0') {
-							   char *cp3 = name;
-
-							   while (*cp3) {
-								*cp1++ = *cp3++;
-							   }
-							}
-							else if (toks[toknum =
-							    *cp2 - '1']) {
-							   char *cp3=tp[toknum];
-
-							   while (cp3 !=
-								  te[toknum]) {
-								*cp1++ = *cp3++;
-							   }
-							}
-						}
-						else if (*cp2) {
-							*cp1++ = *cp2++;
-						}
-					}
-					if (!*cp2) {
-						printf("nmap: unbalanced brackets\n");
-						return (name);
-					}
-					match = 1;
-					cp2--;
-				}
-				if (match) {
-					while (*++cp2 && *cp2 != ']') {
-					      if (*cp2 == '\\' && *(cp2 + 1)) {
-							cp2++;
-					      }
-					}
-					if (!*cp2) {
-						printf("nmap: unbalanced brackets\n");
-						return (name);
-					}
-					break;
-				}
-				switch (*++cp2) {
-					case ',':
-						goto LOOP;
-					case ']':
-						break;
-					default:
-						cp2--;
-						goto LOOP;
-				}
-				break;
-			case '$':
-				if (isdigit((unsigned char)*(cp2 + 1))) {
-					if (*++cp2 == '0') {
-						char *cp3 = name;
-
-						while (*cp3) {
-							*cp1++ = *cp3++;
-						}
-					}
-					else if (toks[toknum = *cp2 - '1']) {
-						char *cp3 = tp[toknum];
-
-						while (cp3 != te[toknum]) {
-							*cp1++ = *cp3++;
-						}
-					}
-					break;
-				}
-				/* intentional drop through */
-			default:
-				*cp1++ = *cp2;
-				break;
-		}
-		cp2++;
-	}
-	*cp1 = '\0';
-	if (!*new) {
-		return (name);
-	}
-	return (new);
-}
-
-void
-setpassive(int argc, char **argv)
-{
-
-	passivemode = !passivemode;
-	printf("Passive mode %s.\n", onoff(passivemode));
-	code = passivemode;
-}
-
-void
-setsunique(int argc, char **argv)
-{
-
-	sunique = !sunique;
-	printf("Store unique %s.\n", onoff(sunique));
-	code = sunique;
-}
-
-void
-setrunique(int argc, char **argv)
-{
-
-	runique = !runique;
-	printf("Receive unique %s.\n", onoff(runique));
-	code = runique;
-}
-
-/* change directory to perent directory */
-void
-cdup(int argc, char **argv)
-{
-
-	if (command("CDUP") == ERROR && code == 500) {
-		if (verbose)
-			printf("CDUP command not recognized, trying XCUP\n");
-		command("XCUP");
-	}
-}
-
-/* restart transfer at specific point */
-void
-restart(int argc, char **argv)
-{
-
-    if (argc != 2)
-	printf("restart: offset not specified\n");
-    else {
-	restart_point = atol(argv[1]);
-	printf("restarting at %ld. %s\n", (long)restart_point,
-	       "execute get, put or append to initiate transfer");
-    }
-}
-
-/* show remote system type */
-void
-syst(int argc, char **argv)
-{
-
-	command("SYST");
-}
-
-void
-macdef(int argc, char **argv)
-{
-	char *tmp;
-	int c;
-
-	if (macnum == 16) {
-		printf("Limit of 16 macros have already been defined\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2 && !another(&argc, &argv, "macro name")) {
-		printf("Usage: %s macro_name\n",argv[0]);
-		code = -1;
-		return;
-	}
-	if (interactive) {
-		printf("Enter macro line by line, terminating it with a null line\n");
-	}
-	strlcpy(macros[macnum].mac_name,
-			argv[1],
-			sizeof(macros[macnum].mac_name));
-	if (macnum == 0) {
-		macros[macnum].mac_start = macbuf;
-	}
-	else {
-		macros[macnum].mac_start = macros[macnum - 1].mac_end + 1;
-	}
-	tmp = macros[macnum].mac_start;
-	while (tmp != macbuf+4096) {
-		if ((c = getchar()) == EOF) {
-			printf("macdef:end of file encountered\n");
-			code = -1;
-			return;
-		}
-		if ((*tmp = c) == '\n') {
-			if (tmp == macros[macnum].mac_start) {
-				macros[macnum++].mac_end = tmp;
-				code = 0;
-				return;
-			}
-			if (*(tmp-1) == '\0') {
-				macros[macnum++].mac_end = tmp - 1;
-				code = 0;
-				return;
-			}
-			*tmp = '\0';
-		}
-		tmp++;
-	}
-	while (1) {
-		while ((c = getchar()) != '\n' && c != EOF)
-			/* LOOP */;
-		if (c == EOF || getchar() == '\n') {
-			printf("Macro not defined - 4k buffer exceeded\n");
-			code = -1;
-			return;
-		}
-	}
-}
-
-/*
- * get size of file on remote machine
- */
-void
-sizecmd(int argc, char **argv)
-{
-
-	if (argc < 2 && !another(&argc, &argv, "filename")) {
-		printf("usage: %s filename\n", argv[0]);
-		code = -1;
-		return;
-	}
-	command("SIZE %s", argv[1]);
-}
-
-/*
- * get last modification time of file on remote machine
- */
-void
-modtime(int argc, char **argv)
-{
-	int overbose;
-
-	if (argc < 2 && !another(&argc, &argv, "filename")) {
-		printf("usage: %s filename\n", argv[0]);
-		code = -1;
-		return;
-	}
-	overbose = verbose;
-	if (debug == 0)
-		verbose = -1;
-	if (command("MDTM %s", argv[1]) == COMPLETE) {
-		int yy, mo, day, hour, min, sec;
-		sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo,
-			&day, &hour, &min, &sec);
-		/* might want to print this in local time */
-		printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1],
-			mo, day, yy, hour, min, sec);
-	} else
-		printf("%s\n", reply_string);
-	verbose = overbose;
-}
-
-/*
- * show status on reomte machine
- */
-void
-rmtstatus(int argc, char **argv)
-{
-
-	command(argc > 1 ? "STAT %s" : "STAT" , argv[1]);
-}
-
-/*
- * get file if modtime is more recent than current file
- */
-void
-newer(int argc, char **argv)
-{
-
-	if (getit(argc, argv, -1, curtype == TYPE_I ? "wb" : "w"))
-		printf("Local file \"%s\" is newer than remote file \"%s\"\n",
-			argv[2], argv[1]);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/cmdtab.c b/crypto/heimdal/appl/ftp/ftp/cmdtab.c
deleted file mode 100644
index 5dc96efa3672..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/cmdtab.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-
-/*
- * User FTP -- Command Tables.
- */
-
-char	accounthelp[] =	"send account command to remote server";
-char	appendhelp[] =	"append to a file";
-char	asciihelp[] =	"set ascii transfer type";
-char	beephelp[] =	"beep when command completed";
-char	binaryhelp[] =	"set binary transfer type";
-char	casehelp[] =	"toggle mget upper/lower case id mapping";
-char	cdhelp[] =	"change remote working directory";
-char	cduphelp[] = 	"change remote working directory to parent directory";
-char	chmodhelp[] =	"change file permissions of remote file";
-char	connecthelp[] =	"connect to remote tftp";
-char	crhelp[] =	"toggle carriage return stripping on ascii gets";
-char	deletehelp[] =	"delete remote file";
-char	debughelp[] =	"toggle/set debugging mode";
-char	dirhelp[] =	"list contents of remote directory";
-char	disconhelp[] =	"terminate ftp session";
-char	domachelp[] = 	"execute macro";
-char	formhelp[] =	"set file transfer format";
-char	globhelp[] =	"toggle metacharacter expansion of local file names";
-char	hashhelp[] =	"toggle printing `#' for each buffer transferred";
-char	helphelp[] =	"print local help information";
-char	idlehelp[] =	"get (set) idle timer on remote side";
-char	lcdhelp[] =	"change local working directory";
-char	lshelp[] =	"list contents of remote directory";
-char	macdefhelp[] =  "define a macro";
-char	mdeletehelp[] =	"delete multiple files";
-char	mdirhelp[] =	"list contents of multiple remote directories";
-char	mgethelp[] =	"get multiple files";
-char	mkdirhelp[] =	"make directory on the remote machine";
-char	mlshelp[] =	"list contents of multiple remote directories";
-char	modtimehelp[] = "show last modification time of remote file";
-char	modehelp[] =	"set file transfer mode";
-char	mputhelp[] =	"send multiple files";
-char	newerhelp[] =	"get file if remote file is newer than local file ";
-char	nlisthelp[] =	"nlist contents of remote directory";
-char	nmaphelp[] =	"set templates for default file name mapping";
-char	ntranshelp[] =	"set translation table for default file name mapping";
-char	porthelp[] =	"toggle use of PORT cmd for each data connection";
-char	prompthelp[] =	"force interactive prompting on multiple commands";
-char	proxyhelp[] =	"issue command on alternate connection";
-char	pwdhelp[] =	"print working directory on remote machine";
-char	quithelp[] =	"terminate ftp session and exit";
-char	quotehelp[] =	"send arbitrary ftp command";
-char	receivehelp[] =	"receive file";
-char	regethelp[] =	"get file restarting at end of local file";
-char	remotehelp[] =	"get help from remote server";
-char	renamehelp[] =	"rename file";
-char	restarthelp[]=	"restart file transfer at bytecount";
-char	rmdirhelp[] =	"remove directory on the remote machine";
-char	rmtstatushelp[]="show status of remote machine";
-char	runiquehelp[] = "toggle store unique for local files";
-char	resethelp[] =	"clear queued command replies";
-char	sendhelp[] =	"send one file";
-char	passivehelp[] =	"enter passive transfer mode";
-char	sitehelp[] =	"send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
-char	shellhelp[] =	"escape to the shell";
-char	sizecmdhelp[] = "show size of remote file";
-char	statushelp[] =	"show current status";
-char	structhelp[] =	"set file transfer structure";
-char	suniquehelp[] = "toggle store unique on remote machine";
-char	systemhelp[] =  "show remote system type";
-char	tenexhelp[] =	"set tenex file transfer type";
-char	tracehelp[] =	"toggle packet tracing";
-char	typehelp[] =	"set file transfer type";
-char	umaskhelp[] =	"get (set) umask on remote side";
-char	userhelp[] =	"send new user information";
-char	verbosehelp[] =	"toggle verbose mode";
-
-char	prothelp[] = 	"set protection level";
-#ifdef KRB4
-char	kauthhelp[] = 	"get remote tokens";
-char	klisthelp[] =	"show remote tickets";
-char	kdestroyhelp[] = "destroy remote tickets";
-char	krbtkfilehelp[] = "set filename of remote tickets";
-char	afsloghelp[] = 	"obtain remote AFS tokens";
-#endif
-
-struct cmd cmdtab[] = {
-	{ "!",		shellhelp,	0,	0,	0,	shell },
-	{ "$",		domachelp,	1,	0,	0,	domacro },
-	{ "account",	accounthelp,	0,	1,	1,	account},
-	{ "append",	appendhelp,	1,	1,	1,	put },
-	{ "ascii",	asciihelp,	0,	1,	1,	setascii },
-	{ "bell",	beephelp,	0,	0,	0,	setbell },
-	{ "binary",	binaryhelp,	0,	1,	1,	setbinary },
-	{ "bye",	quithelp,	0,	0,	0,	quit },
-	{ "case",	casehelp,	0,	0,	1,	setcase },
-	{ "cd",		cdhelp,		0,	1,	1,	cd },
-	{ "cdup",	cduphelp,	0,	1,	1,	cdup },
-	{ "chmod",	chmodhelp,	0,	1,	1,	do_chmod },
-	{ "close",	disconhelp,	0,	1,	1,	disconnect },
-	{ "cr",		crhelp,		0,	0,	0,	setcr },
-	{ "delete",	deletehelp,	0,	1,	1,	delete },
-	{ "debug",	debughelp,	0,	0,	0,	setdebug },
-	{ "dir",	dirhelp,	1,	1,	1,	ls },
-	{ "disconnect",	disconhelp,	0,	1,	1,	disconnect },
-	{ "form",	formhelp,	0,	1,	1,	setform },
-	{ "get",	receivehelp,	1,	1,	1,	get },
-	{ "glob",	globhelp,	0,	0,	0,	setglob },
-	{ "hash",	hashhelp,	0,	0,	0,	sethash },
-	{ "help",	helphelp,	0,	0,	1,	help },
-	{ "idle",	idlehelp,	0,	1,	1,	ftp_idle },
-	{ "image",	binaryhelp,	0,	1,	1,	setbinary },
-	{ "lcd",	lcdhelp,	0,	0,	0,	lcd },
-	{ "ls",		lshelp,		1,	1,	1,	ls },
-	{ "macdef",	macdefhelp,	0,	0,	0,	macdef },
-	{ "mdelete",	mdeletehelp,	1,	1,	1,	mdelete },
-	{ "mdir",	mdirhelp,	1,	1,	1,	mls },
-	{ "mget",	mgethelp,	1,	1,	1,	mget },
-	{ "mkdir",	mkdirhelp,	0,	1,	1,	makedir },
-	{ "mls",	mlshelp,	1,	1,	1,	mls },
-	{ "mode",	modehelp,	0,	1,	1,	setftmode },
-	{ "modtime",	modtimehelp,	0,	1,	1,	modtime },
-	{ "mput",	mputhelp,	1,	1,	1,	mput },
-	{ "newer",	newerhelp,	1,	1,	1,	newer },
-	{ "nmap",	nmaphelp,	0,	0,	1,	setnmap },
-	{ "nlist",	nlisthelp,	1,	1,	1,	ls },
-	{ "ntrans",	ntranshelp,	0,	0,	1,	setntrans },
-	{ "open",	connecthelp,	0,	0,	1,	setpeer },
-	{ "passive",	passivehelp,	0,	0,	0,	setpassive },
-	{ "prompt",	prompthelp,	0,	0,	0,	setprompt },
-	{ "proxy",	proxyhelp,	0,	0,	1,	doproxy },
-	{ "sendport",	porthelp,	0,	0,	0,	setport },
-	{ "put",	sendhelp,	1,	1,	1,	put },
-	{ "pwd",	pwdhelp,	0,	1,	1,	pwd },
-	{ "quit",	quithelp,	0,	0,	0,	quit },
-	{ "quote",	quotehelp,	1,	1,	1,	quote },
-	{ "recv",	receivehelp,	1,	1,	1,	get },
-	{ "reget",	regethelp,	1,	1,	1,	reget },
-	{ "rstatus",	rmtstatushelp,	0,	1,	1,	rmtstatus },
-	{ "rhelp",	remotehelp,	0,	1,	1,	rmthelp },
-	{ "rename",	renamehelp,	0,	1,	1,	renamefile },
-	{ "reset",	resethelp,	0,	1,	1,	reset },
-	{ "restart",	restarthelp,	1,	1,	1,	restart },
-	{ "rmdir",	rmdirhelp,	0,	1,	1,	removedir },
-	{ "runique",	runiquehelp,	0,	0,	1,	setrunique },
-	{ "send",	sendhelp,	1,	1,	1,	put },
-	{ "site",	sitehelp,	0,	1,	1,	site },
-	{ "size",	sizecmdhelp,	1,	1,	1,	sizecmd },
-	{ "status",	statushelp,	0,	0,	1,	status },
-	{ "struct",	structhelp,	0,	1,	1,	setstruct },
-	{ "system",	systemhelp,	0,	1,	1,	syst },
-	{ "sunique",	suniquehelp,	0,	0,	1,	setsunique },
-	{ "tenex",	tenexhelp,	0,	1,	1,	settenex },
-	{ "trace",	tracehelp,	0,	0,	0,	settrace },
-	{ "type",	typehelp,	0,	1,	1,	settype },
-	{ "user",	userhelp,	0,	1,	1,	user },
-	{ "umask",	umaskhelp,	0,	1,	1,	do_umask },
-	{ "verbose",	verbosehelp,	0,	0,	0,	setverbose },
-	{ "?",		helphelp,	0,	0,	1,	help },
-
-	{ "prot", 	prothelp, 	0, 	1, 	0,	sec_prot },
-#ifdef KRB4
-	{ "kauth", 	kauthhelp, 	0, 	1, 	0,	kauth },
-	{ "klist", 	klisthelp, 	0, 	1, 	0,	klist },
-	{ "kdestroy",	kdestroyhelp,	0,	1,	0,	kdestroy },
-	{ "krbtkfile",	krbtkfilehelp,	0,	1,	0,	krbtkfile },
-	{ "afslog",	afsloghelp,	0,	1,	0,	afslog },
-#endif
-	
-	{ 0 },
-};
-
-int	NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
diff --git a/crypto/heimdal/appl/ftp/ftp/domacro.c b/crypto/heimdal/appl/ftp/ftp/domacro.c
deleted file mode 100644
index d91660d0144d..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/domacro.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) 1985, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: domacro.c,v 1.7 1999/09/16 20:37:29 assar Exp $");
-
-void
-domacro(int argc, char **argv)
-{
-	int i, j, count = 2, loopflg = 0;
-	char *cp1, *cp2, line2[200];
-	struct cmd *c;
-
-	if (argc < 2 && !another(&argc, &argv, "macro name")) {
-		printf("Usage: %s macro_name.\n", argv[0]);
-		code = -1;
-		return;
-	}
-	for (i = 0; i < macnum; ++i) {
-		if (!strncmp(argv[1], macros[i].mac_name, 9)) {
-			break;
-		}
-	}
-	if (i == macnum) {
-		printf("'%s' macro not found.\n", argv[1]);
-		code = -1;
-		return;
-	}
-	strlcpy(line2, line, sizeof(line2));
-TOP:
-	cp1 = macros[i].mac_start;
-	while (cp1 != macros[i].mac_end) {
-		while (isspace(*cp1)) {
-			cp1++;
-		}
-		cp2 = line;
-		while (*cp1 != '\0') {
-		      switch(*cp1) {
-		   	    case '\\':
-				 *cp2++ = *++cp1;
-				 break;
-			    case '$':
-				 if (isdigit(*(cp1+1))) {
-				    j = 0;
-				    while (isdigit(*++cp1)) {
-					  j = 10*j +  *cp1 - '0';
-				    }
-				    cp1--;
-				    if (argc - 2 >= j) {
-					strcpy(cp2, argv[j+1]);
-					cp2 += strlen(argv[j+1]);
-				    }
-				    break;
-				 }
-				 if (*(cp1+1) == 'i') {
-					loopflg = 1;
-					cp1++;
-					if (count < argc) {
-					   strcpy(cp2, argv[count]);
-					   cp2 += strlen(argv[count]);
-					}
-					break;
-				}
-				/* intentional drop through */
-			    default:
-				*cp2++ = *cp1;
-				break;
-		      }
-		      if (*cp1 != '\0') {
-			 cp1++;
-		      }
-		}
-		*cp2 = '\0';
-		makeargv();
-		c = getcmd(margv[0]);
-		if (c == (struct cmd *)-1) {
-			printf("?Ambiguous command\n");
-			code = -1;
-		}
-		else if (c == 0) {
-			printf("?Invalid command\n");
-			code = -1;
-		}
-		else if (c->c_conn && !connected) {
-			printf("Not connected.\n");
-			code = -1;
-		}
-		else {
-			if (verbose) {
-				printf("%s\n",line);
-			}
-			(*c->c_handler)(margc, margv);
-			if (bell && c->c_bell) {
-				putchar('\007');
-			}
-			strcpy(line, line2);
-			makeargv();
-			argc = margc;
-			argv = margv;
-		}
-		if (cp1 != macros[i].mac_end) {
-			cp1++;
-		}
-	}
-	if (loopflg && ++count < argc) {
-		goto TOP;
-	}
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/extern.h b/crypto/heimdal/appl/ftp/ftp/extern.h
deleted file mode 100644
index 337bed674d3b..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/extern.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/*-
- * Copyright (c) 1994 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)extern.h	8.3 (Berkeley) 10/9/94
- */
-
-/* $Id: extern.h,v 1.19 2000/09/19 13:15:12 assar Exp $ */
-
-#include <setjmp.h>
-#include <stdlib.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-void    abort_remote (FILE *);
-void    abortpt (int);
-void    abortrecv (int);
-void	account (int, char **);
-int	another (int *, char ***, char *);
-void	blkfree (char **);
-void	cd (int, char **);
-void	cdup (int, char **);
-void	changetype (int, int);
-void	cmdabort (int);
-void	cmdscanner (int);
-int	command (char *fmt, ...)
-    __attribute__ ((format (printf, 1,2)));
-int	confirm (char *, char *);
-FILE   *dataconn (const char *);
-void	delete (int, char **);
-void	disconnect (int, char **);
-void	do_chmod (int, char **);
-void	do_umask (int, char **);
-void	domacro (int, char **);
-char   *domap (char *);
-void	doproxy (int, char **);
-char   *dotrans (char *);
-int     empty (fd_set *, int);
-void	fatal (char *);
-void	get (int, char **);
-struct cmd *getcmd (char *);
-int	getit (int, char **, int, char *);
-int	getreply (int);
-int	globulize (char **);
-char   *gunique (char *);
-void	help (int, char **);
-char   *hookup (const char *, int);
-void	ftp_idle (int, char **);
-int     initconn (void);
-void	intr (int);
-void	lcd (int, char **);
-int	login (char *);
-RETSIGTYPE	lostpeer (int);
-void	ls (int, char **);
-void	macdef (int, char **);
-void	makeargv (void);
-void	makedir (int, char **);
-void	mdelete (int, char **);
-void	mget (int, char **);
-void	mls (int, char **);
-void	modtime (int, char **);
-void	mput (int, char **);
-char   *onoff (int);
-void	newer (int, char **);
-void    proxtrans (char *, char *, char *);
-void    psabort (int);
-void    pswitch (int);
-void    ptransfer (char *, long, struct timeval *, struct timeval *);
-void	put (int, char **);
-void	pwd (int, char **);
-void	quit (int, char **);
-void	quote (int, char **);
-void	quote1 (char *, int, char **);
-void    recvrequest (char *, char *, char *, char *, int, int);
-void	reget (int, char **);
-char   *remglob (char **, int);
-void	removedir (int, char **);
-void	renamefile (int, char **);
-void    reset (int, char **);
-void	restart (int, char **);
-void	rmthelp (int, char **);
-void	rmtstatus (int, char **);
-int	ruserpass (char *, char **, char **, char **);
-void    sendrequest (char *, char *, char *, char *, int);
-void	setascii (int, char **);
-void	setbell (int, char **);
-void	setbinary (int, char **);
-void	setcase (int, char **);
-void	setcr (int, char **);
-void	setdebug (int, char **);
-void	setform (int, char **);
-void	setftmode (int, char **);
-void	setglob (int, char **);
-void	sethash (int, char **);
-void	setnmap (int, char **);
-void	setntrans (int, char **);
-void	setpassive (int, char **);
-void	setpeer (int, char **);
-void	setport (int, char **);
-void	setprompt (int, char **);
-void	setrunique (int, char **);
-void	setstruct (int, char **);
-void	setsunique (int, char **);
-void	settenex (int, char **);
-void	settrace (int, char **);
-void	settype (int, char **);
-void	setverbose (int, char **);
-void	shell (int, char **);
-void	site (int, char **);
-void	sizecmd (int, char **);
-char   *slurpstring (void);
-void	status (int, char **);
-void	syst (int, char **);
-void    tvsub (struct timeval *, struct timeval *, struct timeval *);
-void	user (int, char **);
-
-extern jmp_buf	abortprox;
-extern int	abrtflag;
-extern struct	cmd cmdtab[];
-extern FILE	*cout;
-extern int	data;
-extern char    *home;
-extern jmp_buf	jabort;
-extern int	proxy;
-extern char	reply_string[];
-extern off_t	restart_point;
-extern int	NCMDS;
-
-extern char 	username[32];
-extern char	myhostname[];
-extern char	*mydomain;
-
-void afslog (int, char **);
-void kauth (int, char **);
-void kdestroy (int, char **);
-void klist (int, char **);
-void krbtkfile (int, char **);
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.1 b/crypto/heimdal/appl/ftp/ftp/ftp.1
deleted file mode 100644
index edee1826af74..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp.1
+++ /dev/null
@@ -1,1198 +0,0 @@
-.\" 	$NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $
-.\"
-.\" Copyright (c) 1985, 1989, 1990, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
-.\"
-.Dd April 27, 1996
-.Dt FTP 1
-.Os BSD 4.2
-.Sh NAME
-.Nm ftp
-.Nd
-.Tn ARPANET
-file transfer program
-.Sh SYNOPSIS
-.Nm ftp
-.Op Fl t
-.Op Fl v
-.Op Fl d
-.Op Fl i
-.Op Fl n
-.Op Fl g
-.Op Fl p
-.Op Fl l
-.Op Ar host
-.Sh DESCRIPTION
-.Nm Ftp
-is the user interface to the
-.Tn ARPANET
-standard File Transfer Protocol.
-The program allows a user to transfer files to and from a
-remote network site.
-.Pp
-Modifications has been made so that it almost follows the ftpsec
-Internet draft.
-.Pp
-Options may be specified at the command line, or to the
-command interpreter.
-.Bl -tag -width flag
-.It Fl t
-Enables packet tracing.
-.It Fl v
-Verbose option forces
-.Nm ftp
-to show all responses from the remote server, as well
-as report on data transfer statistics.
-.It Fl n
-Restrains
-.Nm ftp
-from attempting \*(Lqauto-login\*(Rq upon initial connection.
-If auto-login is enabled,
-.Nm ftp
-will check the
-.Pa .netrc
-(see below) file in the user's home directory for an entry describing
-an account on the remote machine.
-If no entry exists,
-.Nm ftp
-will prompt for the remote machine login name (default is the user
-identity on the local machine), and, if necessary, prompt for a password
-and an account with which to login.
-.It Fl i
-Turns off interactive prompting during
-multiple file transfers.
-.It Fl p
-Turn on passive mode.
-.It Fl d
-Enables debugging.
-.It Fl g
-Disables file name globbing.
-.It Fl l
-Disables command line editing.
-.El
-.Pp
-The client host with which
-.Nm ftp
-is to communicate may be specified on the command line.
-If this is done,
-.Nm ftp
-will immediately attempt to establish a connection to an
-.Tn FTP
-server on that host; otherwise,
-.Nm ftp
-will enter its command interpreter and await instructions
-from the user.
-When
-.Nm ftp
-is awaiting commands from the user the prompt
-.Ql ftp>
-is provided to the user.
-The following commands are recognized
-by
-.Nm ftp  :
-.Bl -tag -width Fl
-.It Ic \&! Op Ar command Op Ar args
-Invoke an interactive shell on the local machine.
-If there are arguments, the first is taken to be a command to execute
-directly, with the rest of the arguments as its arguments.
-.It Ic \&$ Ar macro-name Op Ar args
-Execute the macro
-.Ar macro-name
-that was defined with the
-.Ic macdef
-command.
-Arguments are passed to the macro unglobbed.
-.It Ic account Op Ar passwd
-Supply a supplemental password required by a remote system for access
-to resources once a login has been successfully completed.
-If no argument is included, the user will be prompted for an account
-password in a non-echoing input mode.
-.It Ic append Ar local-file Op Ar remote-file
-Append a local file to a file on the remote machine.
-If
-.Ar remote-file
-is left unspecified, the local file name is used in naming the
-remote file after being altered by any
-.Ic ntrans
-or
-.Ic nmap
-setting.
-File transfer uses the current settings for
-.Ic type  ,
-.Ic format ,
-.Ic mode  ,
-and
-.Ic structure .
-.It Ic ascii
-Set the file transfer
-.Ic type
-to network
-.Tn ASCII .
-This is the default type.
-.It Ic bell
-Arrange that a bell be sounded after each file transfer
-command is completed.
-.It Ic binary
-Set the file transfer
-.Ic type
-to support binary image transfer.
-.It Ic bye
-Terminate the
-.Tn FTP
-session with the remote server
-and exit
-.Nm ftp  .
-An end of file will also terminate the session and exit.
-.It Ic case
-Toggle remote computer file name case mapping during
-.Ic mget
-commands.
-When
-.Ic case
-is on (default is off), remote computer file names with all letters in
-upper case are written in the local directory with the letters mapped
-to lower case.
-.It Ic \&cd Ar remote-directory
-Change the working directory on the remote machine
-to
-.Ar remote-directory  .
-.It Ic cdup
-Change the remote machine working directory to the parent of the
-current remote machine working directory.
-.It Ic chmod Ar mode file-name
-Change the permission modes of the file
-.Ar file-name
-on the remote
-sytem to
-.Ar mode  .
-.It Ic close
-Terminate the
-.Tn FTP
-session with the remote server, and
-return to the command interpreter.
-Any defined macros are erased.
-.It Ic \&cr
-Toggle carriage return stripping during
-ascii type file retrieval.
-Records are denoted by a carriage return/linefeed sequence
-during ascii type file transfer.
-When
-.Ic \&cr
-is on (the default), carriage returns are stripped from this
-sequence to conform with the
-.Ux
-single linefeed record
-delimiter.
-Records on
-.Pf non\- Ns Ux
-remote systems may contain single linefeeds;
-when an ascii type transfer is made, these linefeeds may be
-distinguished from a record delimiter only when
-.Ic \&cr
-is off.
-.It Ic delete Ar remote-file
-Delete the file
-.Ar remote-file
-on the remote machine.
-.It Ic debug Op Ar debug-value
-Toggle debugging mode.
-If an optional
-.Ar debug-value
-is specified it is used to set the debugging level.
-When debugging is on,
-.Nm ftp
-prints each command sent to the remote machine, preceded
-by the string
-.Ql \-\->
-.It Xo
-.Ic dir
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a listing of the directory contents in the
-directory,
-.Ar remote-directory  ,
-and, optionally, placing the output in
-.Ar local-file  .
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic dir
-output.
-If no directory is specified, the current working
-directory on the remote machine is used.
-If no local
-file is specified, or
-.Ar local-file
-is
-.Fl  ,
-output comes to the terminal.
-.It Ic disconnect
-A synonym for
-.Ar close  .
-.It Ic form Ar format
-Set the file transfer
-.Ic form
-to
-.Ar format  .
-The default format is \*(Lqfile\*(Rq.
-.It Ic get Ar remote-file Op Ar local-file
-Retrieve the
-.Ar remote-file
-and store it on the local machine.
-If the local
-file name is not specified, it is given the same
-name it has on the remote machine, subject to
-alteration by the current
-.Ic case  ,
-.Ic ntrans ,
-and
-.Ic nmap
-settings.
-The current settings for
-.Ic type  ,
-.Ic form ,
-.Ic mode  ,
-and
-.Ic structure
-are used while transferring the file.
-.It Ic glob
-Toggle filename expansion for
-.Ic mdelete  ,
-.Ic mget
-and
-.Ic mput  .
-If globbing is turned off with
-.Ic glob  ,
-the file name arguments
-are taken literally and not expanded.
-Globbing for
-.Ic mput
-is done as in
-.Xr csh 1 .
-For
-.Ic mdelete
-and
-.Ic mget  ,
-each remote file name is expanded
-separately on the remote machine and the lists are not merged.
-Expansion of a directory name is likely to be
-different from expansion of the name of an ordinary file:
-the exact result depends on the foreign operating system and ftp server,
-and can be previewed by doing
-.Ql mls remote-files \- .
-As a security measure, remotely globbed files that starts with
-.Sq /
-or contains
-.Sq ../ ,
-will not be automatically received. If you have interactive prompting
-turned off, these filenames will be ignored.  Note:
-.Ic mget
-and
-.Ic mput
-are not meant to transfer
-entire directory subtrees of files.
-That can be done by
-transferring a
-.Xr tar 1
-archive of the subtree (in binary mode).
-.It Ic hash
-Toggle hash-sign (``#'') printing for each data block
-transferred.
-The size of a data block is 1024 bytes.
-.It Ic help Op Ar command
-Print an informative message about the meaning of
-.Ar command  .
-If no argument is given,
-.Nm ftp
-prints a list of the known commands.
-.It Ic idle Op Ar seconds
-Set the inactivity timer on the remote server to
-.Ar seconds
-seconds.
-If
-.Ar seconds
-is omitted, the current inactivity timer is printed.
-.It Ic lcd Op Ar directory
-Change the working directory on the local machine.
-If
-no
-.Ar directory
-is specified, the user's home directory is used.
-.It Xo
-.Ic \&ls
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a listing of the contents of a
-directory on the remote machine.
-The listing includes any system-dependent information that the server
-chooses to include; for example, most
-.Ux
-systems will produce
-output from the command
-.Ql ls \-l .
-(See also
-.Ic nlist . )
-If
-.Ar remote-directory
-is left unspecified, the current working directory is used.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic \&ls
-output.
-If no local file is specified, or if
-.Ar local-file
-is
-.Sq Fl ,
-the output is sent to the terminal.
-.It Ic macdef Ar macro-name
-Define a macro.
-Subsequent lines are stored as the macro
-.Ar macro-name  ;
-a null line (consecutive newline characters
-in a file or
-carriage returns from the terminal) terminates macro input mode.
-There is a limit of 16 macros and 4096 total characters in all
-defined macros.
-Macros remain defined until a
-.Ic close
-command is executed.
-The macro processor interprets `$' and `\e' as special characters.
-A `$' followed by a number (or numbers) is replaced by the
-corresponding argument on the macro invocation command line.
-A `$' followed by an `i' signals that macro processor that the
-executing macro is to be looped.
-On the first pass `$i' is
-replaced by the first argument on the macro invocation command line,
-on the second pass it is replaced by the second argument, and so on.
-A `\e' followed by any character is replaced by that character.
-Use the `\e' to prevent special treatment of the `$'.
-.It Ic mdelete Op Ar remote-files
-Delete the
-.Ar remote-files
-on the remote machine.
-.It Ic mdir Ar remote-files local-file
-Like
-.Ic dir  ,
-except multiple remote files may be specified.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic mdir
-output.
-.It Ic mget Ar remote-files
-Expand the
-.Ar remote-files
-on the remote machine
-and do a
-.Ic get
-for each file name thus produced.
-See
-.Ic glob
-for details on the filename expansion.
-Resulting file names will then be processed according to
-.Ic case  ,
-.Ic ntrans ,
-and
-.Ic nmap
-settings.
-Files are transferred into the local working directory,
-which can be changed with
-.Ql lcd directory ;
-new local directories can be created with
-.Ql "\&! mkdir directory" .
-.It Ic mkdir Ar directory-name
-Make a directory on the remote machine.
-.It Ic mls Ar remote-files local-file
-Like
-.Ic nlist  ,
-except multiple remote files may be specified,
-and the
-.Ar local-file
-must be specified.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic mls
-output.
-.It Ic mode Op Ar mode-name
-Set the file transfer
-.Ic mode
-to
-.Ar mode-name  .
-The default mode is \*(Lqstream\*(Rq mode.
-.It Ic modtime Ar file-name
-Show the last modification time of the file on the remote machine.
-.It Ic mput Ar local-files
-Expand wild cards in the list of local files given as arguments
-and do a
-.Ic put
-for each file in the resulting list.
-See
-.Ic glob
-for details of filename expansion.
-Resulting file names will then be processed according to
-.Ic ntrans
-and
-.Ic nmap
-settings.
-.It Ic newer Ar file-name
-Get the file only if the modification time of the remote file is more
-recent that the file on the current system.
-If the file does not
-exist on the current system, the remote file is considered
-.Ic newer  .
-Otherwise, this command is identical to
-.Ar get  .
-.It Xo
-.Ic nlist
-.Op Ar remote-directory
-.Op Ar local-file
-.Xc
-Print a  list of the files in a
-directory on the remote machine.
-If
-.Ar remote-directory
-is left unspecified, the current working directory is used.
-If interactive prompting is on,
-.Nm ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.Ic nlist
-output.
-If no local file is specified, or if
-.Ar local-file
-is
-.Fl  ,
-the output is sent to the terminal.
-.It Ic nmap Op Ar inpattern outpattern
-Set or unset the filename mapping mechanism.
-If no arguments are specified, the filename mapping mechanism is unset.
-If arguments are specified, remote filenames are mapped during
-.Ic mput
-commands and
-.Ic put
-commands issued without a specified remote target filename.
-If arguments are specified, local filenames are mapped during
-.Ic mget
-commands and
-.Ic get
-commands issued without a specified local target filename.
-This command is useful when connecting to a
-.No non\- Ns Ux
-remote computer
-with different file naming conventions or practices.
-The mapping follows the pattern set by
-.Ar inpattern
-and
-.Ar outpattern  .
-.Op Ar Inpattern
-is a template for incoming filenames (which may have already been
-processed according to the
-.Ic ntrans
-and
-.Ic case
-settings).
-Variable templating is accomplished by including the
-sequences `$1', `$2', ..., `$9' in
-.Ar inpattern  .
-Use `\\' to prevent this special treatment of the `$' character.
-All other characters are treated literally, and are used to determine the
-.Ic nmap
-.Op Ar inpattern
-variable values.
-For example, given
-.Ar inpattern
-$1.$2 and the remote file name "mydata.data", $1 would have the value
-"mydata", and $2 would have the value "data".
-The
-.Ar outpattern
-determines the resulting mapped filename.
-The sequences `$1', `$2', ...., `$9' are replaced by any value resulting
-from the
-.Ar inpattern
-template.
-The sequence `$0' is replace by the original filename.
-Additionally, the sequence
-.Ql Op Ar seq1 , Ar seq2
-is replaced by
-.Op Ar seq1
-if
-.Ar seq1
-is not a null string; otherwise it is replaced by
-.Ar seq2 .
-For example, the command
-.Pp
-.Bd -literal -offset indent -compact
-nmap $1.$2.$3 [$1,$2].[$2,file]
-.Ed
-.Pp
-would yield
-the output filename "myfile.data" for input filenames "myfile.data" and
-"myfile.data.old", "myfile.file" for the input filename "myfile", and
-"myfile.myfile" for the input filename ".myfile".
-Spaces may be included in
-.Ar outpattern  ,
-as in the example: `nmap $1 sed "s/  *$//" > $1' .
-Use the `\e' character to prevent special treatment
-of the `$','[','[', and `,' characters.
-.It Ic ntrans Op Ar inchars Op Ar outchars
-Set or unset the filename character translation mechanism.
-If no arguments are specified, the filename character
-translation mechanism is unset.
-If arguments are specified, characters in
-remote filenames are translated during
-.Ic mput
-commands and
-.Ic put
-commands issued without a specified remote target filename.
-If arguments are specified, characters in
-local filenames are translated during
-.Ic mget
-commands and
-.Ic get
-commands issued without a specified local target filename.
-This command is useful when connecting to a
-.No non\- Ns Ux
-remote computer
-with different file naming conventions or practices.
-Characters in a filename matching a character in
-.Ar inchars
-are replaced with the corresponding character in
-.Ar outchars  .
-If the character's position in
-.Ar inchars
-is longer than the length of
-.Ar outchars  ,
-the character is deleted from the file name.
-.It Ic open Ar host Op Ar port
-Establish a connection to the specified
-.Ar host
-.Tn FTP
-server.
-An optional port number may be supplied,
-in which case,
-.Nm ftp
-will attempt to contact an
-.Tn FTP
-server at that port.
-If the
-.Ic auto-login
-option is on (default),
-.Nm ftp
-will also attempt to automatically log the user in to
-the
-.Tn FTP
-server (see below).
-.It Ic passive
-Toggle passive mode.  If passive mode is turned on
-(default is off), the ftp client will
-send a
-.Dv PASV
-command for all data connections instead of the usual
-.Dv PORT
-command.  The
-.Dv PASV
-command requests that the remote server open a port for the data connection
-and return the address of that port.  The remote server listens on that
-port and the client connects to it.  When using the more traditional
-.Dv PORT
-command, the client listens on a port and sends that address to the remote
-server, who connects back to it.  Passive mode is useful when using
-.Nm ftp
-through a gateway router or host that controls the directionality of
-traffic.
-(Note that though ftp servers are required to support the
-.Dv PASV
-command by RFC 1123, some do not.)
-.It Ic prompt
-Toggle interactive prompting.
-Interactive prompting
-occurs during multiple file transfers to allow the
-user to selectively retrieve or store files.
-If prompting is turned off (default is on), any
-.Ic mget
-or
-.Ic mput
-will transfer all files, and any
-.Ic mdelete
-will delete all files.
-.It Ic proxy Ar ftp-command
-Execute an ftp command on a secondary control connection.
-This command allows simultaneous connection to two remote ftp
-servers for transferring files between the two servers.
-The first
-.Ic proxy
-command should be an
-.Ic open  ,
-to establish the secondary control connection.
-Enter the command "proxy ?" to see other ftp commands executable on the
-secondary connection.
-The following commands behave differently when prefaced by
-.Ic proxy  :
-.Ic open
-will not define new macros during the auto-login process,
-.Ic close
-will not erase existing macro definitions,
-.Ic get
-and
-.Ic mget
-transfer files from the host on the primary control connection
-to the host on the secondary control connection, and
-.Ic put  ,
-.Ic mput ,
-and
-.Ic append
-transfer files from the host on the secondary control connection
-to the host on the primary control connection.
-Third party file transfers depend upon support of the ftp protocol
-.Dv PASV
-command by the server on the secondary control connection.
-.It Ic put Ar local-file Op Ar remote-file
-Store a local file on the remote machine.
-If
-.Ar remote-file
-is left unspecified, the local file name is used
-after processing according to any
-.Ic ntrans
-or
-.Ic nmap
-settings
-in naming the remote file.
-File transfer uses the
-current settings for
-.Ic type  ,
-.Ic format ,
-.Ic mode  ,
-and
-.Ic structure  .
-.It Ic pwd
-Print the name of the current working directory on the remote
-machine.
-.It Ic quit
-A synonym for
-.Ic bye  .
-.It Ic quote Ar arg1 arg2 ...
-The arguments specified are sent, verbatim, to the remote
-.Tn FTP
-server.
-.It Ic recv Ar remote-file Op Ar local-file
-A synonym for get.
-.It Ic reget Ar remote-file Op Ar local-file
-Reget acts like get, except that if
-.Ar local-file
-exists and is
-smaller than
-.Ar remote-file  ,
-.Ar local-file
-is presumed to be
-a partially transferred copy of
-.Ar remote-file
-and the transfer
-is continued from the apparent point of failure.
-This command
-is useful when transferring very large files over networks that
-are prone to dropping connections.
-.It Ic remotehelp Op Ar command-name
-Request help from the remote
-.Tn FTP
-server.
-If a
-.Ar command-name
-is specified it is supplied to the server as well.
-.It Ic remotestatus Op Ar file-name
-With no arguments, show status of remote machine.
-If
-.Ar file-name
-is specified, show status of
-.Ar file-name
-on remote machine.
-.It Xo
-.Ic rename
-.Op Ar from
-.Op Ar to
-.Xc
-Rename the file
-.Ar from
-on the remote machine, to the file
-.Ar to  .
-.It Ic reset
-Clear reply queue.
-This command re-synchronizes command/reply sequencing with the remote
-ftp server.
-Resynchronization may be necessary following a violation of the ftp protocol
-by the remote server.
-.It Ic restart Ar marker
-Restart the immediately following
-.Ic get
-or
-.Ic put
-at the
-indicated
-.Ar marker  .
-On
-.Ux
-systems, marker is usually a byte
-offset into the file.
-.It Ic rmdir Ar directory-name
-Delete a directory on the remote machine.
-.It Ic runique
-Toggle storing of files on the local system with unique filenames.
-If a file already exists with a name equal to the target
-local filename for a
-.Ic get
-or
-.Ic mget
-command, a ".1" is appended to the name.
-If the resulting name matches another existing file,
-a ".2" is appended to the original name.
-If this process continues up to ".99", an error
-message is printed, and the transfer does not take place.
-The generated unique filename will be reported.
-Note that
-.Ic runique
-will not affect local files generated from a shell command
-(see below).
-The default value is off.
-.It Ic send Ar local-file Op Ar remote-file
-A synonym for put.
-.It Ic sendport
-Toggle the use of
-.Dv PORT
-commands.
-By default,
-.Nm ftp
-will attempt to use a
-.Dv PORT
-command when establishing
-a connection for each data transfer.
-The use of
-.Dv PORT
-commands can prevent delays
-when performing multiple file transfers.
-If the
-.Dv PORT
-command fails,
-.Nm ftp
-will use the default data port.
-When the use of
-.Dv PORT
-commands is disabled, no attempt will be made to use
-.Dv PORT
-commands for each data transfer.
-This is useful
-for certain
-.Tn FTP
-implementations which do ignore
-.Dv PORT
-commands but, incorrectly, indicate they've been accepted.
-.It Ic site Ar arg1 arg2 ...
-The arguments specified are sent, verbatim, to the remote
-.Tn FTP
-server as a
-.Dv SITE
-command.
-.It Ic size Ar file-name
-Return size of
-.Ar file-name
-on remote machine.
-.It Ic status
-Show the current status of
-.Nm ftp  .
-.It Ic struct Op Ar struct-name
-Set the file transfer
-.Ar structure
-to
-.Ar struct-name .
-By default \*(Lqstream\*(Rq structure is used.
-.It Ic sunique
-Toggle storing of files on remote machine under unique file names.
-Remote ftp server must support ftp protocol
-.Dv STOU
-command for
-successful completion.
-The remote server will report unique name.
-Default value is off.
-.It Ic system
-Show the type of operating system running on the remote machine.
-.It Ic tenex
-Set the file transfer type to that needed to
-talk to
-.Tn TENEX
-machines.
-.It Ic trace
-Toggle packet tracing.
-.It Ic type Op Ar type-name
-Set the file transfer
-.Ic type
-to
-.Ar type-name  .
-If no type is specified, the current type
-is printed.
-The default type is network
-.Tn ASCII .
-.It Ic umask Op Ar newmask
-Set the default umask on the remote server to
-.Ar newmask  .
-If
-.Ar newmask
-is omitted, the current umask is printed.
-.It Xo
-.Ic user Ar user-name
-.Op Ar password
-.Op Ar account
-.Xc
-Identify yourself to the remote
-.Tn FTP
-server.
-If the
-.Ar password
-is not specified and the server requires it,
-.Nm ftp
-will prompt the user for it (after disabling local echo).
-If an
-.Ar account
-field is not specified, and the
-.Tn FTP
-server
-requires it, the user will be prompted for it.
-If an
-.Ar account
-field is specified, an account command will
-be relayed to the remote server after the login sequence
-is completed if the remote server did not require it
-for logging in.
-Unless
-.Nm ftp
-is invoked with \*(Lqauto-login\*(Rq disabled, this
-process is done automatically on initial connection to
-the
-.Tn FTP
-server.
-.It Ic verbose
-Toggle verbose mode.
-In verbose mode, all responses from
-the
-.Tn FTP
-server are displayed to the user.
-In addition,
-if verbose is on, when a file transfer completes, statistics
-regarding the efficiency of the transfer are reported.
-By default,
-verbose is on.
-.It Ic \&? Op Ar command
-A synonym for help.
-.El
-.Pp
-The following command can be used with ftpsec-aware servers.
-.Bl -tag -width Fl
-.It Xo
-.Ic prot
-.Ar clear |
-.Ar safe |
-.Ar confidential |
-.Ar private
-.Xc
-Set the data protection level to the requested level.
-.El
-.Pp
-The following command can be used with ftp servers that has
-implemented the KAUTH site command.
-.Bl -tag -width Fl
-.It Ic kauth Op Ar principal
-Obtain remote tickets.
-.El
-.Pp
-Command arguments which have embedded spaces may be quoted with
-quote `"' marks.
-.Sh ABORTING A FILE TRANSFER
-To abort a file transfer, use the terminal interrupt key
-(usually Ctrl-C).
-Sending transfers will be immediately halted.
-Receiving transfers will be halted by sending a ftp protocol
-.Dv ABOR
-command to the remote server, and discarding any further data received.
-The speed at which this is accomplished depends upon the remote
-server's support for
-.Dv ABOR
-processing.
-If the remote server does not support the
-.Dv ABOR
-command, an
-.Ql ftp>
-prompt will not appear until the remote server has completed
-sending the requested file.
-.Pp
-The terminal interrupt key sequence will be ignored when
-.Nm ftp
-has completed any local processing and is awaiting a reply
-from the remote server.
-A long delay in this mode may result from the ABOR processing described
-above, or from unexpected behavior by the remote server, including
-violations of the ftp protocol.
-If the delay results from unexpected remote server behavior, the local
-.Nm ftp
-program must be killed by hand.
-.Sh FILE NAMING CONVENTIONS
-Files specified as arguments to
-.Nm ftp
-commands are processed according to the following rules.
-.Bl -enum
-.It
-If the file name
-.Sq Fl
-is specified, the
-.Ar stdin
-(for reading) or
-.Ar stdout
-(for writing) is used.
-.It
-If the first character of the file name is
-.Sq \&| ,
-the
-remainder of the argument is interpreted as a shell command.
-.Nm Ftp
-then forks a shell, using
-.Xr popen 3
-with the argument supplied, and reads (writes) from the stdout
-(stdin).
-If the shell command includes spaces, the argument
-must be quoted; e.g.
-\*(Lq" ls -lt"\*(Rq.
-A particularly
-useful example of this mechanism is: \*(Lqdir more\*(Rq.
-.It
-Failing the above checks, if ``globbing'' is enabled,
-local file names are expanded
-according to the rules used in the
-.Xr csh  1  ;
-c.f. the
-.Ic glob
-command.
-If the
-.Nm ftp
-command expects a single local file (.e.g.
-.Ic put  ) ,
-only the first filename generated by the "globbing" operation is used.
-.It
-For
-.Ic mget
-commands and
-.Ic get
-commands with unspecified local file names, the local filename is
-the remote filename, which may be altered by a
-.Ic case  ,
-.Ic ntrans ,
-or
-.Ic nmap
-setting.
-The resulting filename may then be altered if
-.Ic runique
-is on.
-.It
-For
-.Ic mput
-commands and
-.Ic put
-commands with unspecified remote file names, the remote filename is
-the local filename, which may be altered by a
-.Ic ntrans
-or
-.Ic nmap
-setting.
-The resulting filename may then be altered by the remote server if
-.Ic sunique
-is on.
-.El
-.Sh FILE TRANSFER PARAMETERS
-The FTP specification specifies many parameters which may
-affect a file transfer.
-The
-.Ic type
-may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary),
-\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for
-.Tn PDP Ns -10's
-and
-.Tn PDP Ns -20's
-mostly).
-.Nm Ftp
-supports the ascii and image types of file transfer,
-plus local byte size 8 for
-.Ic tenex
-mode transfers.
-.Pp
-.Nm Ftp
-supports only the default values for the remaining
-file transfer parameters:
-.Ic mode  ,
-.Ic form ,
-and
-.Ic struct  .
-.Sh THE .netrc FILE
-The
-.Pa .netrc
-file contains login and initialization information
-used by the auto-login process.
-It resides in the user's home directory.
-The following tokens are recognized; they may be separated by spaces,
-tabs, or new-lines:
-.Bl -tag -width password
-.It Ic machine Ar name
-Identify a remote machine
-.Ar name .
-The auto-login process searches the
-.Pa .netrc
-file for a
-.Ic machine
-token that matches the remote machine specified on the
-.Nm ftp
-command line or as an
-.Ic open
-command argument.
-Once a match is made, the subsequent
-.Pa .netrc
-tokens are processed,
-stopping when the end of file is reached or another
-.Ic machine
-or a
-.Ic default
-token is encountered.
-.It Ic default
-This is the same as
-.Ic machine
-.Ar name
-except that
-.Ic default
-matches any name.
-There can be only one
-.Ic default
-token, and it must be after all
-.Ic machine
-tokens.
-This is normally used as:
-.Pp
-.Dl default login anonymous password user@site
-.Pp
-thereby giving the user
-.Ar automatic
-anonymous ftp login to
-machines not specified in
-.Pa .netrc .
-This can be overridden
-by using the
-.Fl n
-flag to disable auto-login.
-.It Ic login Ar name
-Identify a user on the remote machine.
-If this token is present, the auto-login process will initiate
-a login using the specified
-.Ar name .
-.It Ic password Ar string
-Supply a password.
-If this token is present, the auto-login process will supply the
-specified string if the remote server requires a password as part
-of the login process.
-Note that if this token is present in the
-.Pa .netrc
-file for any user other
-than
-.Ar anonymous  ,
-.Nm ftp
-will abort the auto-login process if the
-.Pa .netrc
-is readable by
-anyone besides the user.
-.It Ic account Ar string
-Supply an additional account password.
-If this token is present, the auto-login process will supply the
-specified string if the remote server requires an additional
-account password, or the auto-login process will initiate an
-.Dv ACCT
-command if it does not.
-.It Ic macdef Ar name
-Define a macro.
-This token functions like the
-.Nm ftp
-.Ic macdef
-command functions.
-A macro is defined with the specified name; its contents begin with the
-next
-.Pa .netrc
-line and continue until a null line (consecutive new-line
-characters) is encountered.
-If a macro named
-.Ic init
-is defined, it is automatically executed as the last step in the
-auto-login process.
-.El
-.Sh ENVIRONMENT
-.Nm Ftp
-uses the following environment variables.
-.Bl -tag -width Fl
-.It Ev HOME
-For default location of a
-.Pa .netrc
-file, if one exists.
-.It Ev SHELL
-For default shell.
-.El
-.Sh SEE ALSO
-.Xr ftpd 8
-.Rs
-.%T RFC2228
-.Re
-.Sh HISTORY
-The
-.Nm ftp
-command appeared in
-.Bx 4.2 .
-.Sh BUGS
-Correct execution of many commands depends upon proper behavior
-by the remote server.
-.Pp
-An error in the treatment of carriage returns
-in the
-.Bx 4.2
-ascii-mode transfer code
-has been corrected.
-This correction may result in incorrect transfers of binary files
-to and from
-.Bx 4.2
-servers using the ascii type.
-Avoid this problem by using the binary image type.
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.c b/crypto/heimdal/appl/ftp/ftp/ftp.c
deleted file mode 100644
index 73133887d3cd..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp.c
+++ /dev/null
@@ -1,1772 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID ("$Id: ftp.c,v 1.75 2002/10/16 15:46:43 joda Exp $");
-
-struct sockaddr_storage hisctladdr_ss;
-struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
-struct sockaddr_storage data_addr_ss;
-struct sockaddr *data_addr  = (struct sockaddr *)&data_addr_ss;
-struct sockaddr_storage myctladdr_ss;
-struct sockaddr *myctladdr = (struct sockaddr *)&myctladdr_ss;
-int data = -1;
-int abrtflag = 0;
-jmp_buf ptabort;
-int ptabflg;
-int ptflag = 0;
-off_t restart_point = 0;
-
-
-FILE *cin, *cout;
-
-typedef void (*sighand) (int);
-
-char *
-hookup (const char *host, int port)
-{
-    static char hostnamebuf[MaxHostNameLen];
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-    socklen_t len;
-    int s;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    hints.ai_flags    = AI_CANONNAME;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (host, portstr, &hints, &ai);
-    if (error) {
-	warnx ("%s: %s", host, gai_strerror(error));
-	code = -1;
-	return NULL;
-    }
-    strlcpy (hostnamebuf, host, sizeof(hostnamebuf));
-    hostname = hostnamebuf;
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-
-	if (a->ai_canonname != NULL)
-	    strlcpy (hostnamebuf, a->ai_canonname, sizeof(hostnamebuf));
-
-	memcpy (hisctladdr, a->ai_addr, a->ai_addrlen);
-	
-	error = connect (s, a->ai_addr, a->ai_addrlen);
-	if (error < 0) {
-	    char addrstr[256];
-
-	    if (getnameinfo (a->ai_addr, a->ai_addrlen,
-			     addrstr, sizeof(addrstr),
-			     NULL, 0, NI_NUMERICHOST) != 0)
-		strlcpy (addrstr, "unknown address", sizeof(addrstr));
-			     
-	    warn ("connect %s", addrstr);
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    freeaddrinfo (ai);
-    if (error < 0) {
-	warnx ("failed to contact %s", host);
-	code = -1;
-	return NULL;
-    }
-
-    len = sizeof(myctladdr_ss);
-    if (getsockname (s, myctladdr, &len) < 0) {
-	warn ("getsockname");
-	code = -1;
-	close (s);
-	return NULL;
-    }
-#ifdef IPTOS_LOWDELAY
-    socket_set_tos (s, IPTOS_LOWDELAY);
-#endif
-    cin = fdopen (s, "r");
-    cout = fdopen (s, "w");
-    if (cin == NULL || cout == NULL) {
-	warnx ("fdopen failed.");
-	if (cin)
-	    fclose (cin);
-	if (cout)
-	    fclose (cout);
-	code = -1;
-	goto bad;
-    }
-    if (verbose)
-	printf ("Connected to %s.\n", hostname);
-    if (getreply (0) > 2) {	/* read startup message from server */
-	if (cin)
-	    fclose (cin);
-	if (cout)
-	    fclose (cout);
-	code = -1;
-	goto bad;
-    }
-#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
-    {
-	int on = 1;
-
-	if (setsockopt (s, SOL_SOCKET, SO_OOBINLINE, (char *) &on, sizeof (on))
-	    < 0 && debug) {
-	    warn ("setsockopt");
-	}
-    }
-#endif				/* SO_OOBINLINE */
-
-    return (hostname);
-bad:
-    close (s);
-    return NULL;
-}
-
-int
-login (char *host)
-{
-    char tmp[80];
-    char defaultpass[128];
-    char *user, *pass, *acct;
-    int n, aflag = 0;
-
-    char *myname = NULL;
-    struct passwd *pw = k_getpwuid(getuid());
-
-    if (pw != NULL)
-	myname = pw->pw_name;
-
-    user = pass = acct = 0;
-
-    if(sec_login(host))
-	printf("\n*** Using plaintext user and password ***\n\n");
-    else{
-	printf("Authentication successful.\n\n");
-    }
-
-    if (ruserpass (host, &user, &pass, &acct) < 0) {
-	code = -1;
-	return (0);
-    }
-    while (user == NULL) {
-	if (myname)
-	    printf ("Name (%s:%s): ", host, myname);
-	else
-	    printf ("Name (%s): ", host);
-	*tmp = '\0';
-	if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
-	    tmp[strlen (tmp) - 1] = '\0';
-	if (*tmp == '\0')
-	    user = myname;
-	else
-	    user = tmp;
-    }
-    strlcpy(username, user, sizeof(username));
-    n = command("USER %s", user);
-    if (n == COMPLETE) 
-       n = command("PASS dummy"); /* DK: Compatibility with gssftp daemon */
-    else if(n == CONTINUE) {
-	if (pass == NULL) {
-	    char prompt[128];
-	    if(myname && 
-	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) {
-		snprintf(defaultpass, sizeof(defaultpass), 
-			 "%s@%s", myname, mydomain);
-		snprintf(prompt, sizeof(prompt), 
-			 "Password (%s): ", defaultpass);
-	    } else if (sec_complete) {
-		pass = myname;
-	    } else {
-		*defaultpass = '\0';
-		snprintf(prompt, sizeof(prompt), "Password: ");
-	    }
-	    if (pass == NULL) {
-		pass = defaultpass;
-		des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
-		if (tmp[0])
-		    pass = tmp;
-	    }
-	}
-	n = command ("PASS %s", pass);
-    }
-    if (n == CONTINUE) {
-	aflag++;
-	acct = tmp;
-	des_read_pw_string (acct, 128, "Account:", 0);
-	n = command ("ACCT %s", acct);
-    }
-    if (n != COMPLETE) {
-	warnx ("Login failed.");
-	return (0);
-    }
-    if (!aflag && acct != NULL)
-	command ("ACCT %s", acct);
-    if (proxy)
-	return (1);
-    for (n = 0; n < macnum; ++n) {
-	if (!strcmp("init", macros[n].mac_name)) {
-	    strlcpy (line, "$init", sizeof (line));
-	    makeargv();
-	    domacro(margc, margv);
-	    break;
-	}
-    }
-    sec_set_protection_level ();
-    return (1);
-}
-
-void
-cmdabort (int sig)
-{
-
-    printf ("\n");
-    fflush (stdout);
-    abrtflag++;
-    if (ptflag)
-	longjmp (ptabort, 1);
-}
-
-int
-command (char *fmt,...)
-{
-    va_list ap;
-    int r;
-    sighand oldintr;
-
-    abrtflag = 0;
-    if (cout == NULL) {
-	warn ("No control connection for command");
-	code = -1;
-	return (0);
-    }
-    oldintr = signal(SIGINT, cmdabort);
-    if(debug){
-	printf("---> ");
-	if (strncmp("PASS ", fmt, 5) == 0)
-	    printf("PASS XXXX");
-	else {
-	    va_start(ap, fmt);
-	    vfprintf(stdout, fmt, ap);
-	    va_end(ap);
-	}
-    }
-    va_start(ap, fmt);
-    sec_vfprintf(cout, fmt, ap);
-    va_end(ap);
-    if(debug){
-	printf("\n");
-	fflush(stdout);
-    }
-    fprintf (cout, "\r\n");
-    fflush (cout);
-    cpend = 1;
-    r = getreply (!strcmp (fmt, "QUIT"));
-    if (abrtflag && oldintr != SIG_IGN)
-	(*oldintr) (SIGINT);
-    signal (SIGINT, oldintr);
-    return (r);
-}
-
-char reply_string[BUFSIZ];	/* last line of previous reply */
-
-int
-getreply (int expecteof)
-{
-    char *p;
-    char *lead_string;
-    int c;
-    struct sigaction sa, osa;
-    char buf[8192];
-    int reply_code;
-    int long_warn = 0;
-
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = cmdabort;
-    sigaction (SIGINT, &sa, &osa);
-
-    p = buf;
-
-    reply_code = 0;
-    while (1) {
-	c = getc (cin);
-	switch (c) {
-	case EOF:
-	    if (expecteof) {
-		sigaction (SIGINT, &osa, NULL);
-		code = 221;
-		return 0;
-	    }
-	    lostpeer (0);
-	    if (verbose) {
-		printf ("421 Service not available, "
-			"remote server has closed connection\n");
-		fflush (stdout);
-	    }
-	    code = 421;
-	    return (4);
-	case IAC:
-	    c = getc (cin);
-	    if (c == WILL || c == WONT)
-		fprintf (cout, "%c%c%c", IAC, DONT, getc (cin));
-	    if (c == DO || c == DONT)
-		fprintf (cout, "%c%c%c", IAC, WONT, getc (cin));
-	    continue;
-	case '\n':
-	    *p++ = '\0';
-	    if(isdigit(buf[0])){
-		sscanf(buf, "%d", &code);
-		if(code == 631){
-		    code = 0;
-		    sec_read_msg(buf, prot_safe);
-		    sscanf(buf, "%d", &code);
-		    lead_string = "S:";
-		} else if(code == 632){
-		    code = 0;
-		    sec_read_msg(buf, prot_private);
-		    sscanf(buf, "%d", &code);
-		    lead_string = "P:";
-		}else if(code == 633){
-		    code = 0;
-		    sec_read_msg(buf, prot_confidential);
-		    sscanf(buf, "%d", &code);
-		    lead_string = "C:";
-		}else if(sec_complete)
-		    lead_string = "!!";
-		else
-		    lead_string = "";
-		if(code != 0 && reply_code == 0)
-		    reply_code = code;
-		if (verbose > 0 || (verbose > -1 && code > 499))
-		    fprintf (stdout, "%s%s\n", lead_string, buf);
-		if (code == reply_code && buf[3] == ' ') {
-		    strlcpy (reply_string, buf, sizeof(reply_string));
-		    if (code >= 200)
-			cpend = 0;
-		    sigaction (SIGINT, &osa, NULL);
-		    if (code == 421)
-			lostpeer (0);
-#if 1
-		    if (abrtflag &&
-			osa.sa_handler != cmdabort &&
-			osa.sa_handler != SIG_IGN)
-			osa.sa_handler (SIGINT);
-#endif
-		    if (code == 227 || code == 229) {
-			char *p;
-
-			p = strchr (reply_string, '(');
-			if (p) {
-			    p++;
-			    strlcpy(pasv, p, sizeof(pasv));
-			    p = strrchr(pasv, ')');
-			    if (p)
-				*p = '\0';
-			}
-		    }
-		    return code / 100;
-		}
-	    }else{
-		if(verbose > 0 || (verbose > -1 && code > 499)){
-		    if(sec_complete)
-			fprintf(stdout, "!!");
-		    fprintf(stdout, "%s\n", buf);
-		}
-	    }
-	    p = buf;
-	    long_warn = 0;
-	    continue;
-	default:
-	    if(p < buf + sizeof(buf) - 1)
-		*p++ = c; 
-	    else if(long_warn == 0) {
-		fprintf(stderr, "WARNING: incredibly long line received\n");
-		long_warn = 1;
-	    }
-	}
-    }
-
-}
-
-
-#if 0
-int
-getreply (int expecteof)
-{
-    int c, n;
-    int dig;
-    int originalcode = 0, continuation = 0;
-    sighand oldintr;
-    int pflag = 0;
-    char *cp, *pt = pasv;
-
-    oldintr = signal (SIGINT, cmdabort);
-    for (;;) {
-	dig = n = code = 0;
-	cp = reply_string;
-	while ((c = getc (cin)) != '\n') {
-	    if (c == IAC) {	/* handle telnet commands */
-		switch (c = getc (cin)) {
-		case WILL:
-		case WONT:
-		    c = getc (cin);
-		    fprintf (cout, "%c%c%c", IAC, DONT, c);
-		    fflush (cout);
-		    break;
-		case DO:
-		case DONT:
-		    c = getc (cin);
-		    fprintf (cout, "%c%c%c", IAC, WONT, c);
-		    fflush (cout);
-		    break;
-		default:
-		    break;
-		}
-		continue;
-	    }
-	    dig++;
-	    if (c == EOF) {
-		if (expecteof) {
-		    signal (SIGINT, oldintr);
-		    code = 221;
-		    return (0);
-		}
-		lostpeer (0);
-		if (verbose) {
-		    printf ("421 Service not available, remote server has closed connection\n");
-		    fflush (stdout);
-		}
-		code = 421;
-		return (4);
-	    }
-	    if (c != '\r' && (verbose > 0 ||
-			      (verbose > -1 && n == '5' && dig > 4))) {
-		if (proxflag &&
-		    (dig == 1 || dig == 5 && verbose == 0))
-		    printf ("%s:", hostname);
-		putchar (c);
-	    }
-	    if (dig < 4 && isdigit (c))
-		code = code * 10 + (c - '0');
-	    if (!pflag && code == 227)
-		pflag = 1;
-	    if (dig > 4 && pflag == 1 && isdigit (c))
-		pflag = 2;
-	    if (pflag == 2) {
-		if (c != '\r' && c != ')')
-		    *pt++ = c;
-		else {
-		    *pt = '\0';
-		    pflag = 3;
-		}
-	    }
-	    if (dig == 4 && c == '-') {
-		if (continuation)
-		    code = 0;
-		continuation++;
-	    }
-	    if (n == 0)
-		n = c;
-	    if (cp < &reply_string[sizeof (reply_string) - 1])
-		*cp++ = c;
-	}
-	if (verbose > 0 || verbose > -1 && n == '5') {
-	    putchar (c);
-	    fflush (stdout);
-	}
-	if (continuation && code != originalcode) {
-	    if (originalcode == 0)
-		originalcode = code;
-	    continue;
-	}
-	*cp = '\0';
-	if(sec_complete){
-	    if(code == 631)
-		sec_read_msg(reply_string, prot_safe);
-	    else if(code == 632)
-		sec_read_msg(reply_string, prot_private);
-	    else if(code == 633)
-		sec_read_msg(reply_string, prot_confidential);
-	    n = code / 100 + '0';
-	}
-	if (n != '1')
-	    cpend = 0;
-	signal (SIGINT, oldintr);
-	if (code == 421 || originalcode == 421)
-	    lostpeer (0);
-	if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
-	    (*oldintr) (SIGINT);
-	return (n - '0');
-    }
-}
-
-#endif
-
-int
-empty (fd_set * mask, int sec)
-{
-    struct timeval t;
-
-    t.tv_sec = sec;
-    t.tv_usec = 0;
-    return (select (FD_SETSIZE, mask, NULL, NULL, &t));
-}
-
-jmp_buf sendabort;
-
-static RETSIGTYPE
-abortsend (int sig)
-{
-
-    mflag = 0;
-    abrtflag = 0;
-    printf ("\nsend aborted\nwaiting for remote to finish abort\n");
-    fflush (stdout);
-    longjmp (sendabort, 1);
-}
-
-#define HASHBYTES 1024
-
-static int
-copy_stream (FILE * from, FILE * to)
-{
-    static size_t bufsize;
-    static char *buf;
-    int n;
-    int bytes = 0;
-    int werr = 0;
-    int hashbytes = HASHBYTES;
-    struct stat st;
-
-#if defined(HAVE_MMAP) && !defined(NO_MMAP)
-    void *chunk;
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-    if (fstat (fileno (from), &st) == 0 && S_ISREG (st.st_mode)) {
-	/*
-	 * mmap zero bytes has potential of loosing, don't do it.
-	 */
-	if (st.st_size == 0)
-	    return 0;
-	chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0);
-	if (chunk != (void *) MAP_FAILED) {
-	    int res;
-
-	    res = sec_write (fileno (to), chunk, st.st_size);
-	    if (munmap (chunk, st.st_size) < 0)
-		warn ("munmap");
-	    sec_fflush (to);
-	    return res;
-	}
-    }
-#endif
-
-    buf = alloc_buffer (buf, &bufsize,
-			fstat (fileno (from), &st) >= 0 ? &st : NULL);
-    if (buf == NULL)
-	return -1;
-
-    while ((n = read (fileno (from), buf, bufsize)) > 0) {
-	werr = sec_write (fileno (to), buf, n);
-	if (werr < 0)
-	    break;
-	bytes += werr;
-	while (hash && bytes > hashbytes) {
-	    putchar ('#');
-	    hashbytes += HASHBYTES;
-	}
-    }
-    sec_fflush (to);
-    if (n < 0)
-	warn ("local");
-
-    if (werr < 0) {
-	if (errno != EPIPE)
-	    warn ("netout");
-	bytes = -1;
-    }
-    return bytes;
-}
-
-void
-sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
-{
-    struct stat st;
-    struct timeval start, stop;
-    int c, d;
-    FILE *fin, *dout = 0;
-    int (*closefunc) (FILE *);
-    RETSIGTYPE (*oldintr)(int), (*oldintp)(int);
-    long bytes = 0, hashbytes = HASHBYTES;
-    char *rmode = "w";
-
-    if (verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
-	    printf ("local: %s ", local);
-	if (remote)
-	    printf ("remote: %s\n", remote);
-    }
-    if (proxy) {
-	proxtrans (cmd, local, remote);
-	return;
-    }
-    if (curtype != type)
-	changetype (type, 0);
-    closefunc = NULL;
-    oldintr = NULL;
-    oldintp = NULL;
-
-    if (setjmp (sendabort)) {
-	while (cpend) {
-	    getreply (0);
-	}
-	if (data >= 0) {
-	    close (data);
-	    data = -1;
-	}
-	if (oldintr)
-	    signal (SIGINT, oldintr);
-	if (oldintp)
-	    signal (SIGPIPE, oldintp);
-	code = -1;
-	return;
-    }
-    oldintr = signal (SIGINT, abortsend);
-    if (strcmp (local, "-") == 0)
-	fin = stdin;
-    else if (*local == '|') {
-	oldintp = signal (SIGPIPE, SIG_IGN);
-	fin = popen (local + 1, lmode);
-	if (fin == NULL) {
-	    warn ("%s", local + 1);
-	    signal (SIGINT, oldintr);
-	    signal (SIGPIPE, oldintp);
-	    code = -1;
-	    return;
-	}
-	closefunc = pclose;
-    } else {
-	fin = fopen (local, lmode);
-	if (fin == NULL) {
-	    warn ("local: %s", local);
-	    signal (SIGINT, oldintr);
-	    code = -1;
-	    return;
-	}
-	closefunc = fclose;
-	if (fstat (fileno (fin), &st) < 0 ||
-	    (st.st_mode & S_IFMT) != S_IFREG) {
-	    fprintf (stdout, "%s: not a plain file.\n", local);
-	    signal (SIGINT, oldintr);
-	    fclose (fin);
-	    code = -1;
-	    return;
-	}
-    }
-    if (initconn ()) {
-	signal (SIGINT, oldintr);
-	if (oldintp)
-	    signal (SIGPIPE, oldintp);
-	code = -1;
-	if (closefunc != NULL)
-	    (*closefunc) (fin);
-	return;
-    }
-    if (setjmp (sendabort))
-	goto abort;
-
-    if (restart_point &&
-	(strcmp (cmd, "STOR") == 0 || strcmp (cmd, "APPE") == 0)) {
-	int rc;
-
-	switch (curtype) {
-	case TYPE_A:
-	    rc = fseek (fin, (long) restart_point, SEEK_SET);
-	    break;
-	case TYPE_I:
-	case TYPE_L:
-	    rc = lseek (fileno (fin), restart_point, SEEK_SET);
-	    break;
-	}
-	if (rc < 0) {
-	    warn ("local: %s", local);
-	    restart_point = 0;
-	    if (closefunc != NULL)
-		(*closefunc) (fin);
-	    return;
-	}
-	if (command ("REST %ld", (long) restart_point)
-	    != CONTINUE) {
-	    restart_point = 0;
-	    if (closefunc != NULL)
-		(*closefunc) (fin);
-	    return;
-	}
-	restart_point = 0;
-	rmode = "r+w";
-    }
-    if (remote) {
-	if (command ("%s %s", cmd, remote) != PRELIM) {
-	    signal (SIGINT, oldintr);
-	    if (oldintp)
-		signal (SIGPIPE, oldintp);
-	    if (closefunc != NULL)
-		(*closefunc) (fin);
-	    return;
-	}
-    } else if (command ("%s", cmd) != PRELIM) {
-	    signal(SIGINT, oldintr);
-	    if (oldintp)
-		signal(SIGPIPE, oldintp);
-	    if (closefunc != NULL)
-		(*closefunc)(fin);
-	    return;
-	}
-    dout = dataconn(rmode);
-    if (dout == NULL)
-	goto abort;
-    set_buffer_size (fileno (dout), 0);
-    gettimeofday (&start, (struct timezone *) 0);
-    oldintp = signal (SIGPIPE, SIG_IGN);
-    switch (curtype) {
-
-    case TYPE_I:
-    case TYPE_L:
-	errno = d = c = 0;
-	bytes = copy_stream (fin, dout);
-	break;
-
-    case TYPE_A:
-	while ((c = getc (fin)) != EOF) {
-	    if (c == '\n') {
-		while (hash && (bytes >= hashbytes)) {
-		    putchar ('#');
-		    fflush (stdout);
-		    hashbytes += HASHBYTES;
-		}
-		if (ferror (dout))
-		    break;
-		sec_putc ('\r', dout);
-		bytes++;
-	    }
-	    sec_putc (c, dout);
-	    bytes++;
-	}
-	sec_fflush (dout);
-	if (hash) {
-	    if (bytes < hashbytes)
-		putchar ('#');
-	    putchar ('\n');
-	    fflush (stdout);
-	}
-	if (ferror (fin))
-	    warn ("local: %s", local);
-	if (ferror (dout)) {
-	    if (errno != EPIPE)
-		warn ("netout");
-	    bytes = -1;
-	}
-	break;
-    }
-    if (closefunc != NULL)
-	(*closefunc) (fin);
-    fclose (dout);
-    gettimeofday (&stop, (struct timezone *) 0);
-    getreply (0);
-    signal (SIGINT, oldintr);
-    if (oldintp)
-	signal (SIGPIPE, oldintp);
-    if (bytes > 0)
-	ptransfer ("sent", bytes, &start, &stop);
-    return;
-abort:
-    signal (SIGINT, oldintr);
-    if (oldintp)
-	signal (SIGPIPE, oldintp);
-    if (!cpend) {
-	code = -1;
-	return;
-    }
-    if (data >= 0) {
-	close (data);
-	data = -1;
-    }
-    if (dout)
-	fclose (dout);
-    getreply (0);
-    code = -1;
-    if (closefunc != NULL && fin != NULL)
-	(*closefunc) (fin);
-    gettimeofday (&stop, (struct timezone *) 0);
-    if (bytes > 0)
-	ptransfer ("sent", bytes, &start, &stop);
-}
-
-jmp_buf recvabort;
-
-void
-abortrecv (int sig)
-{
-
-    mflag = 0;
-    abrtflag = 0;
-    printf ("\nreceive aborted\nwaiting for remote to finish abort\n");
-    fflush (stdout);
-    longjmp (recvabort, 1);
-}
-
-void
-recvrequest (char *cmd, char *local, char *remote,
-	     char *lmode, int printnames, int local_given)
-{
-    FILE *fout, *din = 0;
-    int (*closefunc) (FILE *);
-    sighand oldintr, oldintp;
-    int c, d, is_retr, tcrflag, bare_lfs = 0;
-    static size_t bufsize;
-    static char *buf;
-    long bytes = 0, hashbytes = HASHBYTES;
-    struct timeval start, stop;
-    struct stat st;
-
-    is_retr = strcmp (cmd, "RETR") == 0;
-    if (is_retr && verbose && printnames) {
-	if (local && strcmp (local, "-") != 0)
-	    printf ("local: %s ", local);
-	if (remote)
-	    printf ("remote: %s\n", remote);
-    }
-    if (proxy && is_retr) {
-	proxtrans (cmd, local, remote);
-	return;
-    }
-    closefunc = NULL;
-    oldintr = NULL;
-    oldintp = NULL;
-    tcrflag = !crflag && is_retr;
-    if (setjmp (recvabort)) {
-	while (cpend) {
-	    getreply (0);
-	}
-	if (data >= 0) {
-	    close (data);
-	    data = -1;
-	}
-	if (oldintr)
-	    signal (SIGINT, oldintr);
-	code = -1;
-	return;
-    }
-    oldintr = signal (SIGINT, abortrecv);
-    if (!local_given || (strcmp (local, "-") && *local != '|')) {
-	if (access (local, 2) < 0) {
-	    char *dir = strrchr (local, '/');
-
-	    if (errno != ENOENT && errno != EACCES) {
-		warn ("local: %s", local);
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	    if (dir != NULL)
-		*dir = 0;
-	    d = access (dir ? local : ".", 2);
-	    if (dir != NULL)
-		*dir = '/';
-	    if (d < 0) {
-		warn ("local: %s", local);
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	    if (!runique && errno == EACCES &&
-		chmod (local, 0600) < 0) {
-		warn ("local: %s", local);
-		signal (SIGINT, oldintr);
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	    if (runique && errno == EACCES &&
-		(local = gunique (local)) == NULL) {
-		signal (SIGINT, oldintr);
-		code = -1;
-		return;
-	    }
-	} else if (runique && (local = gunique (local)) == NULL) {
-	    signal(SIGINT, oldintr);
-	    code = -1;
-	    return;
-	}
-    }
-    if (!is_retr) {
-	if (curtype != TYPE_A)
-	    changetype (TYPE_A, 0);
-    } else if (curtype != type)
-	changetype (type, 0);
-    if (initconn ()) {
-	signal (SIGINT, oldintr);
-	code = -1;
-	return;
-    }
-    if (setjmp (recvabort))
-	goto abort;
-    if (is_retr && restart_point &&
-	command ("REST %ld", (long) restart_point) != CONTINUE)
-	return;
-    if (remote) {
-	if (command ("%s %s", cmd, remote) != PRELIM) {
-	    signal (SIGINT, oldintr);
-	    return;
-	}
-    } else {
-	if (command ("%s", cmd) != PRELIM) {
-	    signal (SIGINT, oldintr);
-	    return;
-	}
-    }
-    din = dataconn ("r");
-    if (din == NULL)
-	goto abort;
-    set_buffer_size (fileno (din), 1);
-    if (local_given && strcmp (local, "-") == 0)
-	fout = stdout;
-    else if (local_given && *local == '|') {
-	oldintp = signal (SIGPIPE, SIG_IGN);
-	fout = popen (local + 1, "w");
-	if (fout == NULL) {
-	    warn ("%s", local + 1);
-	    goto abort;
-	}
-	closefunc = pclose;
-    } else {
-	fout = fopen (local, lmode);
-	if (fout == NULL) {
-	    warn ("local: %s", local);
-	    goto abort;
-	}
-	closefunc = fclose;
-    }
-    buf = alloc_buffer (buf, &bufsize,
-			fstat (fileno (fout), &st) >= 0 ? &st : NULL);
-    if (buf == NULL)
-	goto abort;
-
-    gettimeofday (&start, (struct timezone *) 0);
-    switch (curtype) {
-
-    case TYPE_I:
-    case TYPE_L:
-	if (restart_point &&
-	    lseek (fileno (fout), restart_point, SEEK_SET) < 0) {
-	    warn ("local: %s", local);
-	    if (closefunc != NULL)
-		(*closefunc) (fout);
-	    return;
-	}
-	errno = d = 0;
-	while ((c = sec_read (fileno (din), buf, bufsize)) > 0) {
-	    if ((d = write (fileno (fout), buf, c)) != c)
-		break;
-	    bytes += c;
-	    if (hash) {
-		while (bytes >= hashbytes) {
-		    putchar ('#');
-		    hashbytes += HASHBYTES;
-		}
-		fflush (stdout);
-	    }
-	}
-	if (hash && bytes > 0) {
-	    if (bytes < HASHBYTES)
-		putchar ('#');
-	    putchar ('\n');
-	    fflush (stdout);
-	}
-	if (c < 0) {
-	    if (errno != EPIPE)
-		warn ("netin");
-	    bytes = -1;
-	}
-	if (d < c) {
-	    if (d < 0)
-		warn ("local: %s", local);
-	    else
-		warnx ("%s: short write", local);
-	}
-	break;
-
-    case TYPE_A:
-	if (restart_point) {
-	    int i, n, ch;
-
-	    if (fseek (fout, 0L, SEEK_SET) < 0)
-		goto done;
-	    n = restart_point;
-	    for (i = 0; i++ < n;) {
-		if ((ch = sec_getc (fout)) == EOF)
-		    goto done;
-		if (ch == '\n')
-		    i++;
-	    }
-	    if (fseek (fout, 0L, SEEK_CUR) < 0) {
-	done:
-		warn ("local: %s", local);
-		if (closefunc != NULL)
-		    (*closefunc) (fout);
-		return;
-	    }
-	}
-	while ((c = sec_getc(din)) != EOF) {
-	    if (c == '\n')
-		bare_lfs++;
-	    while (c == '\r') {
-		while (hash && (bytes >= hashbytes)) {
-		    putchar ('#');
-		    fflush (stdout);
-		    hashbytes += HASHBYTES;
-		}
-		bytes++;
-		if ((c = sec_getc (din)) != '\n' || tcrflag) {
-		    if (ferror (fout))
-			goto break2;
-		    putc ('\r', fout);
-		    if (c == '\0') {
-			bytes++;
-			goto contin2;
-		    }
-		    if (c == EOF)
-			goto contin2;
-		}
-	    }
-	    putc (c, fout);
-	    bytes++;
-    contin2:;
-	}
-break2:
-	if (bare_lfs) {
-	    printf ("WARNING! %d bare linefeeds received in ASCII mode\n",
-		    bare_lfs);
-	    printf ("File may not have transferred correctly.\n");
-	}
-	if (hash) {
-	    if (bytes < hashbytes)
-		putchar ('#');
-	    putchar ('\n');
-	    fflush (stdout);
-	}
-	if (ferror (din)) {
-	    if (errno != EPIPE)
-		warn ("netin");
-	    bytes = -1;
-	}
-	if (ferror (fout))
-	    warn ("local: %s", local);
-	break;
-    }
-    if (closefunc != NULL)
-	(*closefunc) (fout);
-    signal (SIGINT, oldintr);
-    if (oldintp)
-	signal (SIGPIPE, oldintp);
-    fclose (din);
-    gettimeofday (&stop, (struct timezone *) 0);
-    getreply (0);
-    if (bytes > 0 && is_retr)
-	ptransfer ("received", bytes, &start, &stop);
-    return;
-abort:
-
-    /* abort using RFC959 recommended IP,SYNC sequence  */
-
-    if (oldintp)
-	signal (SIGPIPE, oldintr);
-    signal (SIGINT, SIG_IGN);
-    if (!cpend) {
-	code = -1;
-	signal (SIGINT, oldintr);
-	return;
-    }
-    abort_remote(din);
-    code = -1;
-    if (data >= 0) {
-	close (data);
-	data = -1;
-    }
-    if (closefunc != NULL && fout != NULL)
-	(*closefunc) (fout);
-    if (din)
-	fclose (din);
-    gettimeofday (&stop, (struct timezone *) 0);
-    if (bytes > 0)
-	ptransfer ("received", bytes, &start, &stop);
-    signal (SIGINT, oldintr);
-}
-
-static int
-parse_epsv (const char *str)
-{
-    char sep;
-    char *end;
-    int port;
-
-    if (*str == '\0')
-	return -1;
-    sep = *str++;
-    if (sep != *str++)
-	return -1;
-    if (sep != *str++)
-	return -1;
-    port = strtol (str, &end, 0);
-    if (str == end)
-	return -1;
-    if (end[0] != sep || end[1] != '\0')
-	return -1;
-    return htons(port);
-}
-
-static int
-parse_pasv (struct sockaddr_in *sin, const char *str)
-{
-    int a0, a1, a2, a3, p0, p1;
-
-    /*
-     * What we've got at this point is a string of comma separated
-     * one-byte unsigned integer values. The first four are the an IP
-     * address. The fifth is the MSB of the port number, the sixth is the
-     * LSB. From that we'll prepare a sockaddr_in.
-     */
-
-    if (sscanf (str, "%d,%d,%d,%d,%d,%d",
-		&a0, &a1, &a2, &a3, &p0, &p1) != 6) {
-	printf ("Passive mode address scan failure. "
-		"Shouldn't happen!\n");
-	return -1;
-    }
-    if (a0 < 0 || a0 > 255 ||
-	a1 < 0 || a1 > 255 ||
-	a2 < 0 || a2 > 255 ||
-	a3 < 0 || a3 > 255 ||
-	p0 < 0 || p0 > 255 ||
-	p1 < 0 || p1 > 255) {
-	printf ("Can't parse passive mode string.\n");
-	return -1;
-    }
-    memset (sin, 0, sizeof(*sin));
-    sin->sin_family      = AF_INET;
-    sin->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
-				  (a2 << 8) | a3);
-    sin->sin_port = htons ((p0 << 8) | p1);
-    return 0;
-}
-
-static int
-passive_mode (void)
-{
-    int port;
-
-    data = socket (myctladdr->sa_family, SOCK_STREAM, 0);
-    if (data < 0) {
-	warn ("socket");
-	return (1);
-    }
-    if (options & SO_DEBUG)
-	socket_set_debug (data);
-    if (command ("EPSV") != COMPLETE) {
-	if (command ("PASV") != COMPLETE) {
-	    printf ("Passive mode refused.\n");
-	    goto bad;
-	}
-    }
-
-    /*
-     * Parse the reply to EPSV or PASV
-     */
-
-    port = parse_epsv (pasv);
-    if (port > 0) {
-	data_addr->sa_family = myctladdr->sa_family;
-	socket_set_address_and_port (data_addr,
-				     socket_get_address (hisctladdr),
-				     port);
-    } else {
-	if (parse_pasv ((struct sockaddr_in *)data_addr, pasv) < 0)
-	    goto bad;
-    }
-
-    if (connect (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
-	warn ("connect");
-	goto bad;
-    }
-#ifdef IPTOS_THROUGHPUT
-    socket_set_tos (data, IPTOS_THROUGHPUT);
-#endif
-    return (0);
-bad:
-    close (data);
-    data = -1;
-    sendport = 1;
-    return (1);
-}
-
-
-static int
-active_mode (void)
-{
-    int tmpno = 0;
-    socklen_t len;
-    int result;
-
-noport:
-    data_addr->sa_family = myctladdr->sa_family;
-    socket_set_address_and_port (data_addr, socket_get_address (myctladdr),
-				 sendport ? 0 : socket_get_port (myctladdr));
-
-    if (data != -1)
-	close (data);
-    data = socket (data_addr->sa_family, SOCK_STREAM, 0);
-    if (data < 0) {
-	warn ("socket");
-	if (tmpno)
-	    sendport = 1;
-	return (1);
-    }
-    if (!sendport)
-	socket_set_reuseaddr (data, 1);
-    if (bind (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
-	warn ("bind");
-	goto bad;
-    }
-    if (options & SO_DEBUG)
-	socket_set_debug (data);
-    len = sizeof (data_addr_ss);
-    if (getsockname (data, data_addr, &len) < 0) {
-	warn ("getsockname");
-	goto bad;
-    }
-    if (listen (data, 1) < 0)
-	warn ("listen");
-    if (sendport) {
-	char addr_str[256];
-	int inet_af;
-	int overbose;
-
-	if (inet_ntop (data_addr->sa_family, socket_get_address (data_addr),
-		       addr_str, sizeof(addr_str)) == NULL)
-	    errx (1, "inet_ntop failed");
-	switch (data_addr->sa_family) {
-	case AF_INET :
-	    inet_af = 1;
-	    break;
-#ifdef HAVE_IPV6
-	case AF_INET6 :
-	    inet_af = 2;
-	    break;
-#endif
-	default :
-	    errx (1, "bad address family %d", data_addr->sa_family);
-	}
-
-
-	overbose = verbose;
-	if (debug == 0)
-	    verbose  = -1;
-
-	result = command ("EPRT |%d|%s|%d|",
-			  inet_af, addr_str, 
-			  ntohs(socket_get_port (data_addr)));
-	verbose = overbose;
-
-	if (result == ERROR) {
-	    struct sockaddr_in *sin = (struct sockaddr_in *)data_addr;
-
-	    unsigned int a = ntohl(sin->sin_addr.s_addr);
-	    unsigned int p = ntohs(sin->sin_port);
-
-	    if (data_addr->sa_family != AF_INET) {
-		warnx ("remote server doesn't support EPRT");
-		goto bad;
-	    }
-
-	    result = command("PORT %d,%d,%d,%d,%d,%d", 
-			     (a >> 24) & 0xff,
-			     (a >> 16) & 0xff,
-			     (a >> 8) & 0xff,
-			     a & 0xff,
-			     (p >> 8) & 0xff,
-			     p & 0xff);
-	    if (result == ERROR && sendport == -1) {
-		sendport = 0;
-		tmpno = 1;
-		goto noport;
-	    }
-	    return (result != COMPLETE);
-	}
-	return result != COMPLETE;
-    }
-    if (tmpno)
-	sendport = 1;
-
-
-#ifdef IPTOS_THROUGHPUT
-    socket_set_tos (data, IPTOS_THROUGHPUT);
-#endif
-    return (0);
-bad:
-    close (data);
-    data = -1;
-    if (tmpno)
-	sendport = 1;
-    return (1);
-}
-
-/*
- * Need to start a listen on the data channel before we send the command,
- * otherwise the server's connect may fail.
- */
-int
-initconn (void)
-{
-    if (passivemode) 
-	return passive_mode ();
-    else
-	return active_mode ();
-}
-
-FILE *
-dataconn (const char *lmode)
-{
-    struct sockaddr_storage from_ss;
-    struct sockaddr *from = (struct sockaddr *)&from_ss;
-    socklen_t fromlen = sizeof(from_ss);
-    int s;
-
-    if (passivemode)
-	return (fdopen (data, lmode));
-
-    s = accept (data, from, &fromlen);
-    if (s < 0) {
-	warn ("accept");
-	close (data), data = -1;
-	return (NULL);
-    }
-    close (data);
-    data = s;
-#ifdef IPTOS_THROUGHPUT
-    socket_set_tos (s, IPTOS_THROUGHPUT);
-#endif
-    return (fdopen (data, lmode));
-}
-
-void
-ptransfer (char *direction, long int bytes,
-	   struct timeval * t0, struct timeval * t1)
-{
-    struct timeval td;
-    float s;
-    float bs;
-    int prec;
-    char *unit;
-
-    if (verbose) {
-	td.tv_sec = t1->tv_sec - t0->tv_sec;
-	td.tv_usec = t1->tv_usec - t0->tv_usec;
-	if (td.tv_usec < 0) {
-	    td.tv_sec--;
-	    td.tv_usec += 1000000;
-	}
-	s = td.tv_sec + (td.tv_usec / 1000000.);
-	bs = bytes / (s ? s : 1);
-	if (bs >= 1048576) {
-	    bs /= 1048576;
-	    unit = "M";
-	    prec = 2;
-	} else if (bs >= 1024) {
-	    bs /= 1024;
-	    unit = "k";
-	    prec = 1;
-	} else {
-	    unit = "";
-	    prec = 0;
-	}
-
-	printf ("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
-		bytes, direction, s, prec, bs, unit);
-    }
-}
-
-void
-psabort (int sig)
-{
-
-    abrtflag++;
-}
-
-void
-pswitch (int flag)
-{
-    sighand oldintr;
-    static struct comvars {
-	int connect;
-	char name[MaxHostNameLen];
-	struct sockaddr_storage mctl;
-	struct sockaddr_storage hctl;
-	FILE *in;
-	FILE *out;
-	int tpe;
-	int curtpe;
-	int cpnd;
-	int sunqe;
-	int runqe;
-	int mcse;
-	int ntflg;
-	char nti[17];
-	char nto[17];
-	int mapflg;
-	char mi[MaxPathLen];
-	char mo[MaxPathLen];
-    } proxstruct, tmpstruct;
-    struct comvars *ip, *op;
-
-    abrtflag = 0;
-    oldintr = signal (SIGINT, psabort);
-    if (flag) {
-	if (proxy)
-	    return;
-	ip = &tmpstruct;
-	op = &proxstruct;
-	proxy++;
-    } else {
-	if (!proxy)
-	    return;
-	ip = &proxstruct;
-	op = &tmpstruct;
-	proxy = 0;
-    }
-    ip->connect = connected;
-    connected = op->connect;
-    if (hostname) {
-	strlcpy (ip->name, hostname, sizeof (ip->name));
-    } else
-	ip->name[0] = 0;
-    hostname = op->name;
-    ip->hctl = hisctladdr_ss;
-    hisctladdr_ss = op->hctl;
-    ip->mctl = myctladdr_ss;
-    myctladdr_ss = op->mctl;
-    ip->in = cin;
-    cin = op->in;
-    ip->out = cout;
-    cout = op->out;
-    ip->tpe = type;
-    type = op->tpe;
-    ip->curtpe = curtype;
-    curtype = op->curtpe;
-    ip->cpnd = cpend;
-    cpend = op->cpnd;
-    ip->sunqe = sunique;
-    sunique = op->sunqe;
-    ip->runqe = runique;
-    runique = op->runqe;
-    ip->mcse = mcase;
-    mcase = op->mcse;
-    ip->ntflg = ntflag;
-    ntflag = op->ntflg;
-    strlcpy (ip->nti, ntin, sizeof (ip->nti));
-    strlcpy (ntin, op->nti, 17);
-    strlcpy (ip->nto, ntout, sizeof (ip->nto));
-    strlcpy (ntout, op->nto, 17);
-    ip->mapflg = mapflag;
-    mapflag = op->mapflg;
-    strlcpy (ip->mi, mapin, MaxPathLen);
-    strlcpy (mapin, op->mi, MaxPathLen);
-    strlcpy (ip->mo, mapout, MaxPathLen);
-    strlcpy (mapout, op->mo, MaxPathLen);
-    signal(SIGINT, oldintr);
-    if (abrtflag) {
-	abrtflag = 0;
-	(*oldintr) (SIGINT);
-    }
-}
-
-void
-abortpt (int sig)
-{
-
-    printf ("\n");
-    fflush (stdout);
-    ptabflg++;
-    mflag = 0;
-    abrtflag = 0;
-    longjmp (ptabort, 1);
-}
-
-void
-proxtrans (char *cmd, char *local, char *remote)
-{
-    sighand oldintr;
-    int secndflag = 0, prox_type, nfnd;
-    char *cmd2;
-    fd_set mask;
-
-    if (strcmp (cmd, "RETR"))
-	cmd2 = "RETR";
-    else
-	cmd2 = runique ? "STOU" : "STOR";
-    if ((prox_type = type) == 0) {
-	if (unix_server && unix_proxy)
-	    prox_type = TYPE_I;
-	else
-	    prox_type = TYPE_A;
-    }
-    if (curtype != prox_type)
-	changetype (prox_type, 1);
-    if (command ("PASV") != COMPLETE) {
-	printf ("proxy server does not support third party transfers.\n");
-	return;
-    }
-    pswitch (0);
-    if (!connected) {
-	printf ("No primary connection\n");
-	pswitch (1);
-	code = -1;
-	return;
-    }
-    if (curtype != prox_type)
-	changetype (prox_type, 1);
-    if (command ("PORT %s", pasv) != COMPLETE) {
-	pswitch (1);
-	return;
-    }
-    if (setjmp (ptabort))
-	goto abort;
-    oldintr = signal (SIGINT, abortpt);
-    if (command ("%s %s", cmd, remote) != PRELIM) {
-	signal (SIGINT, oldintr);
-	pswitch (1);
-	return;
-    }
-    sleep (2);
-    pswitch (1);
-    secndflag++;
-    if (command ("%s %s", cmd2, local) != PRELIM)
-	goto abort;
-    ptflag++;
-    getreply (0);
-    pswitch (0);
-    getreply (0);
-    signal (SIGINT, oldintr);
-    pswitch (1);
-    ptflag = 0;
-    printf ("local: %s remote: %s\n", local, remote);
-    return;
-abort:
-    signal (SIGINT, SIG_IGN);
-    ptflag = 0;
-    if (strcmp (cmd, "RETR") && !proxy)
-	pswitch (1);
-    else if (!strcmp (cmd, "RETR") && proxy)
-	pswitch (0);
-    if (!cpend && !secndflag) {	/* only here if cmd = "STOR" (proxy=1) */
-	if (command ("%s %s", cmd2, local) != PRELIM) {
-	    pswitch (0);
-	    if (cpend)
-		abort_remote ((FILE *) NULL);
-	}
-	pswitch (1);
-	if (ptabflg)
-	    code = -1;
-	signal (SIGINT, oldintr);
-	return;
-    }
-    if (cpend)
-	abort_remote ((FILE *) NULL);
-    pswitch (!proxy);
-    if (!cpend && !secndflag) {	/* only if cmd = "RETR" (proxy=1) */
-	if (command ("%s %s", cmd2, local) != PRELIM) {
-	    pswitch (0);
-	    if (cpend)
-		abort_remote ((FILE *) NULL);
-	    pswitch (1);
-	    if (ptabflg)
-		code = -1;
-	    signal (SIGINT, oldintr);
-	    return;
-	}
-    }
-    if (cpend)
-	abort_remote ((FILE *) NULL);
-    pswitch (!proxy);
-    if (cpend) {
-	FD_ZERO (&mask);
-	if (fileno(cin) >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET (fileno (cin), &mask);
-	if ((nfnd = empty (&mask, 10)) <= 0) {
-	    if (nfnd < 0) {
-		warn ("abort");
-	    }
-	    if (ptabflg)
-		code = -1;
-	    lostpeer (0);
-	}
-	getreply (0);
-	getreply (0);
-    }
-    if (proxy)
-	pswitch (0);
-    pswitch (1);
-    if (ptabflg)
-	code = -1;
-    signal (SIGINT, oldintr);
-}
-
-void
-reset (int argc, char **argv)
-{
-    fd_set mask;
-    int nfnd = 1;
-
-    FD_ZERO (&mask);
-    while (nfnd > 0) {
-	if (fileno (cin) >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET (fileno (cin), &mask);
-	if ((nfnd = empty (&mask, 0)) < 0) {
-	    warn ("reset");
-	    code = -1;
-	    lostpeer(0);
-	} else if (nfnd) {
-	    getreply(0);
-	}
-    }
-}
-
-char *
-gunique (char *local)
-{
-    static char new[MaxPathLen];
-    char *cp = strrchr (local, '/');
-    int d, count = 0;
-    char ext = '1';
-
-    if (cp)
-	*cp = '\0';
-    d = access (cp ? local : ".", 2);
-    if (cp)
-	*cp = '/';
-    if (d < 0) {
-	warn ("local: %s", local);
-	return NULL;
-    }
-    strlcpy (new, local, sizeof(new));
-    cp = new + strlen(new);
-    *cp++ = '.';
-    while (!d) {
-	if (++count == 100) {
-	    printf ("runique: can't find unique file name.\n");
-	    return NULL;
-	}
-	*cp++ = ext;
-	*cp = '\0';
-	if (ext == '9')
-	    ext = '0';
-	else
-	    ext++;
-	if ((d = access (new, 0)) < 0)
-	    break;
-	if (ext != '0')
-	    cp--;
-	else if (*(cp - 2) == '.')
-	    *(cp - 1) = '1';
-	else {
-	    *(cp - 2) = *(cp - 2) + 1;
-	    cp--;
-	}
-    }
-    return (new);
-}
-
-void
-abort_remote (FILE * din)
-{
-    char buf[BUFSIZ];
-    int nfnd;
-    fd_set mask;
-
-    /*
-     * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
-     * after urgent byte rather than before as is protocol now
-     */
-    snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);
-    if (send (fileno (cout), buf, 3, MSG_OOB) != 3)
-	warn ("abort");
-    fprintf (cout, "%cABOR\r\n", DM);
-    fflush (cout);
-    FD_ZERO (&mask);
-    if (fileno (cin) >= FD_SETSIZE)
-	errx (1, "fd too large");
-    FD_SET (fileno (cin), &mask);
-    if (din) {
-    if (fileno (din) >= FD_SETSIZE)
-	errx (1, "fd too large");
-	FD_SET (fileno (din), &mask);
-    }
-    if ((nfnd = empty (&mask, 10)) <= 0) {
-	if (nfnd < 0) {
-	    warn ("abort");
-	}
-	if (ptabflg)
-	    code = -1;
-	lostpeer (0);
-    }
-    if (din && FD_ISSET (fileno (din), &mask)) {
-	while (read (fileno (din), buf, BUFSIZ) > 0)
-	     /* LOOP */ ;
-    }
-    if (getreply (0) == ERROR && code == 552) {
-	/* 552 needed for nic style abort */
-	getreply (0);
-    }
-    getreply (0);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.cat1 b/crypto/heimdal/appl/ftp/ftp/ftp.cat1
deleted file mode 100644
index 83323cc8748e..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp.cat1
+++ /dev/null
@@ -1,644 +0,0 @@
-FTP(1)                      NetBSD Reference Manual                     FTP(1)
-
-NNAAMMEE
-     ffttpp - ARPANET file transfer program
-
-SSYYNNOOPPSSIISS
-     ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t]
-
-DDEESSCCRRIIPPTTIIOONN
-     FFttpp is the user interface to the ARPANET standard File Transfer Protocol.
-     The program allows a user to transfer files to and from a remote network
-     site.
-
-     Modifications has been made so that it almost follows the ftpsec Internet
-     draft.
-
-     Options may be specified at the command line, or to the command inter-
-     preter.
-
-     --tt    Enables packet tracing.
-
-     --vv    Verbose option forces ffttpp to show all responses from the remote
-           server, as well as report on data transfer statistics.
-
-     --nn    Restrains ffttpp from attempting ``auto-login'' upon initial connec-
-           tion.  If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be-
-           low) file in the user's home directory for an entry describing an
-           account on the remote machine.  If no entry exists, ffttpp will prompt
-           for the remote machine login name (default is the user identity on
-           the local machine), and, if necessary, prompt for a password and an
-           account with which to login.
-
-     --ii    Turns off interactive prompting during multiple file transfers.
-
-     --pp    Turn on passive mode.
-
-     --dd    Enables debugging.
-
-     --gg    Disables file name globbing.
-
-     --ll    Disables command line editing.
-
-     The client host with which ffttpp is to communicate may be specified on the
-     command line.  If this is done, ffttpp will immediately attempt to establish
-     a connection to an FTP server on that host; otherwise, ffttpp will enter its
-     command interpreter and await instructions from the user.  When ffttpp is
-     awaiting commands from the user the prompt `ftp>' is provided to the us-
-     er.  The following commands are recognized by ffttpp:
-
-     !! [_c_o_m_m_a_n_d [_a_r_g_s]]
-                 Invoke an interactive shell on the local machine.  If there
-                 are arguments, the first is taken to be a command to execute
-                 directly, with the rest of the arguments as its arguments.
-
-     $$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s]
-                 Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff
-                 command.  Arguments are passed to the macro unglobbed.
-
-     aaccccoouunntt [_p_a_s_s_w_d]
-                 Supply a supplemental password required by a remote system
-                 for access to resources once a login has been successfully
-                 completed.  If no argument is included, the user will be
-                 prompted for an account password in a non-echoing input mode.
-
-     aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
-                 Append a local file to a file on the remote machine.  If
-                 _r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used
-                 in naming the remote file after being altered by any nnttrraannss
-                 or nnmmaapp setting.  File transfer uses the current settings for
-                 ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
-
-     aasscciiii       Set the file transfer ttyyppee to network ASCII.  This is the de-
-                 fault type.
-
-     bbeellll        Arrange that a bell be sounded after each file transfer com-
-                 mand is completed.
-
-     bbiinnaarryy      Set the file transfer ttyyppee to support binary image transfer.
-
-     bbyyee         Terminate the FTP session with the remote server and exit
-                 ffttpp.  An end of file will also terminate the session and ex-
-                 it.
-
-     ccaassee        Toggle remote computer file name case mapping during mmggeett
-                 commands.  When ccaassee is on (default is off), remote computer
-                 file names with all letters in upper case are written in the
-                 local directory with the letters mapped to lower case.
-
-     ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y
-                 Change the working directory on the remote machine to _r_e_m_o_t_e_-
-                 _d_i_r_e_c_t_o_r_y.
-
-     ccdduupp        Change the remote machine working directory to the parent of
-                 the current remote machine working directory.
-
-     cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e
-                 Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re-
-                 mote sytem to _m_o_d_e.
-
-     cclloossee       Terminate the FTP session with the remote server, and return
-                 to the command interpreter.  Any defined macros are erased.
-
-     ccrr          Toggle carriage return stripping during ascii type file re-
-                 trieval.  Records are denoted by a carriage return/linefeed
-                 sequence during ascii type file transfer.  When ccrr is on (the
-                 default), carriage returns are stripped from this sequence to
-                 conform with the UNIX single linefeed record delimiter.
-                 Records on non-UNIX remote systems may contain single line-
-                 feeds; when an ascii type transfer is made, these linefeeds
-                 may be distinguished from a record delimiter only when ccrr is
-                 off.
-
-     ddeelleettee _r_e_m_o_t_e_-_f_i_l_e
-                 Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine.
-
-     ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e]
-                 Toggle debugging mode.  If an optional _d_e_b_u_g_-_v_a_l_u_e is speci-
-                 fied it is used to set the debugging level.  When debugging
-                 is on, ffttpp prints each command sent to the remote machine,
-                 preceded by the string `-->'
-
-     ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
-                 Print a listing of the directory contents in the directory,
-                 _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in
-                 _l_o_c_a_l_-_f_i_l_e.  If interactive prompting is on, ffttpp will prompt
-                 the user to verify that the last argument is indeed the tar-
-                 get local file for receiving ddiirr output.  If no directory is
-                 specified, the current working directory on the remote ma-
-                 chine is used.  If no local file is specified, or _l_o_c_a_l_-_f_i_l_e
-                 is --, output comes to the terminal.
-
-     ddiissccoonnnneecctt  A synonym for _c_l_o_s_e.
-
-     ffoorrmm _f_o_r_m_a_t
-                 Set the file transfer ffoorrmm to _f_o_r_m_a_t.  The default format is
-                 ``file''.
-
-     ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
-                 Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine.
-                 If the local file name is not specified, it is given the same
-                 name it has on the remote machine, subject to alteration by
-                 the current ccaassee, nnttrraannss, and nnmmaapp settings.  The current
-                 settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while
-                 transferring the file.
-
-     gglloobb        Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt.  If
-                 globbing is turned off with gglloobb, the file name arguments are
-                 taken literally and not expanded.  Globbing for mmppuutt is done
-                 as in csh(1).  For mmddeelleettee and mmggeett, each remote file name is
-                 expanded separately on the remote machine and the lists are
-                 not merged.  Expansion of a directory name is likely to be
-                 different from expansion of the name of an ordinary file: the
-                 exact result depends on the foreign operating system and ftp
-                 server, and can be previewed by doing `mls remote-files -'.
-                 As a security measure, remotely globbed files that starts
-                 with `/' or contains `../', will not be automatically re-
-                 ceived. If you have interactive prompting turned off, these
-                 filenames will be ignored.  Note: mmggeett and mmppuutt are not meant
-                 to transfer entire directory subtrees of files.  That can be
-                 done by transferring a tar(1) archive of the subtree (in bi-
-                 nary mode).
-
-     hhaasshh        Toggle hash-sign (``#'') printing for each data block trans-
-                 ferred.  The size of a data block is 1024 bytes.
-
-     hheellpp [_c_o_m_m_a_n_d]
-                 Print an informative message about the meaning of _c_o_m_m_a_n_d.
-                 If no argument is given, ffttpp prints a list of the known com-
-                 mands.
-
-     iiddllee [_s_e_c_o_n_d_s]
-                 Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec-
-                 onds.  If _s_e_c_o_n_d_s is omitted, the current inactivity timer is
-                 printed.
-
-     llccdd [_d_i_r_e_c_t_o_r_y]
-                 Change the working directory on the local machine.  If no
-                 _d_i_r_e_c_t_o_r_y is specified, the user's home directory is used.
-
-     llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
-                 Print a listing of the contents of a directory on the remote
-                 machine.  The listing includes any system-dependent informa-
-                 tion that the server chooses to include; for example, most
-                 UNIX systems will produce output from the command `ls -l'.
-                 (See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified,
-                 the current working directory is used.  If interactive
-                 prompting is on, ffttpp will prompt the user to verify that the
-                 last argument is indeed the target local file for receiving
-                 llss output.  If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e
-                 is `--', the output is sent to the terminal.
-
-     mmaaccddeeff _m_a_c_r_o_-_n_a_m_e
-                 Define a macro.  Subsequent lines are stored as the macro
-                 _m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a
-                 file or carriage returns from the terminal) terminates macro
-                 input mode.  There is a limit of 16 macros and 4096 total
-                 characters in all defined macros.  Macros remain defined un-
-                 til a cclloossee command is executed.  The macro processor inter-
-                 prets `$' and `\' as special characters.  A `$' followed by a
-                 number (or numbers) is replaced by the corresponding argument
-                 on the macro invocation command line.  A `$' followed by an
-                 `i' signals that macro processor that the executing macro is
-                 to be looped.  On the first pass `$i' is replaced by the
-                 first argument on the macro invocation command line, on the
-                 second pass it is replaced by the second argument, and so on.
-                 A `\' followed by any character is replaced by that charac-
-                 ter.  Use the `\' to prevent special treatment of the `$'.
-
-     mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s]
-                 Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine.
-
-     mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
-                 Like ddiirr, except multiple remote files may be specified.  If
-                 interactive prompting is on, ffttpp will prompt the user to ver-
-                 ify that the last argument is indeed the target local file
-                 for receiving mmddiirr output.
-
-     mmggeett _r_e_m_o_t_e_-_f_i_l_e_s
-                 Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett
-                 for each file name thus produced.  See gglloobb for details on
-                 the filename expansion.  Resulting file names will then be
-                 processed according to ccaassee, nnttrraannss, and nnmmaapp settings.
-                 Files are transferred into the local working directory, which
-                 can be changed with `lcd directory'; new local directories
-                 can be created with `! mkdir directory'.
-
-     mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
-                 Make a directory on the remote machine.
-
-     mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
-                 Like nnlliisstt, except multiple remote files may be specified,
-                 and the _l_o_c_a_l_-_f_i_l_e must be specified.  If interactive prompt-
-                 ing is on, ffttpp will prompt the user to verify that the last
-                 argument is indeed the target local file for receiving mmllss
-                 output.
-
-     mmooddee [_m_o_d_e_-_n_a_m_e]
-                 Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e.  The default mode is
-                 ``stream'' mode.
-
-     mmooddttiimmee _f_i_l_e_-_n_a_m_e
-                 Show the last modification time of the file on the remote ma-
-                 chine.
-
-     mmppuutt _l_o_c_a_l_-_f_i_l_e_s
-                 Expand wild cards in the list of local files given as argu-
-                 ments and do a ppuutt for each file in the resulting list.  See
-                 gglloobb for details of filename expansion.  Resulting file names
-                 will then be processed according to nnttrraannss and nnmmaapp settings.
-
-     nneewweerr _f_i_l_e_-_n_a_m_e
-                 Get the file only if the modification time of the remote file
-                 is more recent that the file on the current system.  If the
-                 file does not exist on the current system, the remote file is
-                 considered nneewweerr.  Otherwise, this command is identical to
-                 _g_e_t.
-
-     nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
-                 Print a  list of the files in a directory on the remote ma-
-                 chine.  If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current
-                 working directory is used.  If interactive prompting is on,
-                 ffttpp will prompt the user to verify that the last argument is
-                 indeed the target local file for receiving nnlliisstt output.  If
-                 no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output
-                 is sent to the terminal.
-
-     nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n]
-                 Set or unset the filename mapping mechanism.  If no arguments
-                 are specified, the filename mapping mechanism is unset.  If
-                 arguments are specified, remote filenames are mapped during
-                 mmppuutt commands and ppuutt commands issued without a specified re-
-                 mote target filename.  If arguments are specified, local
-                 filenames are mapped during mmggeett commands and ggeett commands
-                 issued without a specified local target filename.  This com-
-                 mand is useful when connecting to a non-UNIX remote computer
-                 with different file naming conventions or practices.  The
-                 mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n.
-                 [_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may
-                 have already been processed according to the nnttrraannss and ccaassee
-                 settings).  Variable templating is accomplished by including
-                 the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n.  Use `\' to
-                 prevent this special treatment of the `$' character.  All
-                 other characters are treated literally, and are used to de-
-                 termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values.  For example,
-                 given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data",
-                 $1 would have the value "mydata", and $2 would have the value
-                 "data".  The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file-
-                 name.  The sequences `$1', `$2', ...., `$9' are replaced by
-                 any value resulting from the _i_n_p_a_t_t_e_r_n template.  The se-
-                 quence `$0' is replace by the original filename.  Additional-
-                 ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1
-                 is not a null string; otherwise it is replaced by _s_e_q_2.  For
-                 example, the command
-
-                       nmap $1.$2.$3 [$1,$2].[$2,file]
-
-                 would yield the output filename "myfile.data" for input file-
-                 names "myfile.data" and "myfile.data.old", "myfile.file" for
-                 the input filename "myfile", and "myfile.myfile" for the in-
-                 put filename ".myfile".  Spaces may be included in
-                 _o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/  *$//" > $1'
-                 .  Use the `\' character to prevent special treatment of the
-                 `$','[','[', and `,' characters.
-
-     nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]]
-                 Set or unset the filename character translation mechanism.
-                 If no arguments are specified, the filename character trans-
-                 lation mechanism is unset.  If arguments are specified, char-
-                 acters in remote filenames are translated during mmppuutt com-
-                 mands and ppuutt commands issued without a specified remote tar-
-                 get filename.  If arguments are specified, characters in lo-
-                 cal filenames are translated during mmggeett commands and ggeett
-                 commands issued without a specified local target filename.
-                 This command is useful when connecting to a non-UNIX remote
-                 computer with different file naming conventions or practices.
-                 Characters in a filename matching a character in _i_n_c_h_a_r_s are
-                 replaced with the corresponding character in _o_u_t_c_h_a_r_s.  If
-                 the character's position in _i_n_c_h_a_r_s is longer than the length
-                 of _o_u_t_c_h_a_r_s, the character is deleted from the file name.
-
-     ooppeenn _h_o_s_t [_p_o_r_t]
-                 Establish a connection to the specified _h_o_s_t FTP server.  An
-                 optional port number may be supplied, in which case, ffttpp will
-                 attempt to contact an FTP server at that port.  If the aauuttoo--
-                 llooggiinn option is on (default), ffttpp will also attempt to auto-
-                 matically log the user in to the FTP server (see below).
-
-     ppaassssiivvee     Toggle passive mode.  If passive mode is turned on (default
-                 is off), the ftp client will send a PASV command for all data
-                 connections instead of the usual PORT command.  The PASV com-
-                 mand requests that the remote server open a port for the data
-                 connection and return the address of that port.  The remote
-                 server listens on that port and the client connects to it.
-                 When using the more traditional PORT command, the client lis-
-                 tens on a port and sends that address to the remote server,
-                 who connects back to it.  Passive mode is useful when using
-                 ffttpp through a gateway router or host that controls the direc-
-                 tionality of traffic.  (Note that though ftp servers are re-
-                 quired to support the PASV command by RFC 1123, some do not.)
-
-     pprroommpptt      Toggle interactive prompting.  Interactive prompting occurs
-                 during multiple file transfers to allow the user to selec-
-                 tively retrieve or store files.  If prompting is turned off
-                 (default is on), any mmggeett or mmppuutt will transfer all files,
-                 and any mmddeelleettee will delete all files.
-
-     pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d
-                 Execute an ftp command on a secondary control connection.
-                 This command allows simultaneous connection to two remote ftp
-                 servers for transferring files between the two servers.  The
-                 first pprrooxxyy command should be an ooppeenn, to establish the sec-
-                 ondary control connection.  Enter the command "proxy ?" to
-                 see other ftp commands executable on the secondary connec-
-                 tion.  The following commands behave differently when pref-
-                 aced by pprrooxxyy: ooppeenn will not define new macros during the au-
-                 to-login process, cclloossee will not erase existing macro defini-
-                 tions, ggeett and mmggeett transfer files from the host on the pri-
-                 mary control connection to the host on the secondary control
-                 connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the
-                 host on the secondary control connection to the host on the
-                 primary control connection.  Third party file transfers de-
-                 pend upon support of the ftp protocol PASV command by the
-                 server on the secondary control connection.
-
-     ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
-                 Store a local file on the remote machine.  If _r_e_m_o_t_e_-_f_i_l_e is
-                 left unspecified, the local file name is used after process-
-                 ing according to any nnttrraannss or nnmmaapp settings in naming the
-                 remote file.  File transfer uses the current settings for
-                 ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
-
-     ppwwdd         Print the name of the current working directory on the remote
-                 machine.
-
-     qquuiitt        A synonym for bbyyee.
-
-     qquuoottee _a_r_g_1 _a_r_g_2 _._._.
-                 The arguments specified are sent, verbatim, to the remote FTP
-                 server.
-
-     rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
-                 A synonym for get.
-
-     rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
-                 Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is
-                 smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par-
-                 tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is
-                 continued from the apparent point of failure.  This command
-                 is useful when transferring very large files over networks
-                 that are prone to dropping connections.
-
-     rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e]
-                 Request help from the remote FTP server.  If a _c_o_m_m_a_n_d_-_n_a_m_e
-                 is specified it is supplied to the server as well.
-
-     rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e]
-                 With no arguments, show status of remote machine.  If _f_i_l_e_-
-                 _n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma-
-                 chine.
-
-     rreennaammee [_f_r_o_m] [_t_o]
-                 Rename the file _f_r_o_m on the remote machine, to the file _t_o.
-
-     rreesseett       Clear reply queue.  This command re-synchronizes command/re-
-                 ply sequencing with the remote ftp server.  Resynchronization
-                 may be necessary following a violation of the ftp protocol by
-                 the remote server.
-
-     rreessttaarrtt _m_a_r_k_e_r
-                 Restart the immediately following ggeett or ppuutt at the indicated
-                 _m_a_r_k_e_r.  On UNIX systems, marker is usually a byte offset in-
-                 to the file.
-
-     rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
-                 Delete a directory on the remote machine.
-
-     rruunniiqquuee     Toggle storing of files on the local system with unique file-
-                 names.  If a file already exists with a name equal to the
-                 target local filename for a ggeett or mmggeett command, a ".1" is
-                 appended to the name.  If the resulting name matches another
-                 existing file, a ".2" is appended to the original name.  If
-                 this process continues up to ".99", an error message is
-                 printed, and the transfer does not take place.  The generated
-                 unique filename will be reported.  Note that rruunniiqquuee will not
-                 affect local files generated from a shell command (see be-
-                 low).  The default value is off.
-
-     sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
-                 A synonym for put.
-
-     sseennddppoorrtt    Toggle the use of PORT commands.  By default, ffttpp will at-
-                 tempt to use a PORT command when establishing a connection
-                 for each data transfer.  The use of PORT commands can prevent
-                 delays when performing multiple file transfers.  If the PORT
-                 command fails, ffttpp will use the default data port.  When the
-                 use of PORT commands is disabled, no attempt will be made to
-                 use PORT commands for each data transfer.  This is useful for
-                 certain FTP implementations which do ignore PORT commands
-                 but, incorrectly, indicate they've been accepted.
-
-     ssiittee _a_r_g_1 _a_r_g_2 _._._.
-                 The arguments specified are sent, verbatim, to the remote FTP
-                 server as a SITE command.
-
-     ssiizzee _f_i_l_e_-_n_a_m_e
-                 Return size of _f_i_l_e_-_n_a_m_e on remote machine.
-
-     ssttaattuuss      Show the current status of ffttpp.
-
-     ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e]
-                 Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e.  By default
-                 ``stream'' structure is used.
-
-     ssuunniiqquuee     Toggle storing of files on remote machine under unique file
-                 names.  Remote ftp server must support ftp protocol STOU com-
-                 mand for successful completion.  The remote server will re-
-                 port unique name.  Default value is off.
-
-     ssyysstteemm      Show the type of operating system running on the remote ma-
-                 chine.
-
-     tteenneexx       Set the file transfer type to that needed to talk to TENEX
-                 machines.
-
-     ttrraaccee       Toggle packet tracing.
-
-     ttyyppee [_t_y_p_e_-_n_a_m_e]
-                 Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e.  If no type is spec-
-                 ified, the current type is printed.  The default type is net-
-                 work ASCII.
-
-     uummaasskk [_n_e_w_m_a_s_k]
-                 Set the default umask on the remote server to _n_e_w_m_a_s_k.  If
-                 _n_e_w_m_a_s_k is omitted, the current umask is printed.
-
-     uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t]
-                 Identify yourself to the remote FTP server.  If the _p_a_s_s_w_o_r_d
-                 is not specified and the server requires it, ffttpp will prompt
-                 the user for it (after disabling local echo).  If an _a_c_c_o_u_n_t
-                 field is not specified, and the FTP server requires it, the
-                 user will be prompted for it.  If an _a_c_c_o_u_n_t field is speci-
-                 fied, an account command will be relayed to the remote server
-                 after the login sequence is completed if the remote server
-                 did not require it for logging in.  Unless ffttpp is invoked
-                 with ``auto-login'' disabled, this process is done automati-
-                 cally on initial connection to the FTP server.
-
-     vveerrbboossee     Toggle verbose mode.  In verbose mode, all responses from the
-                 FTP server are displayed to the user.  In addition, if ver-
-                 bose is on, when a file transfer completes, statistics re-
-                 garding the efficiency of the transfer are reported.  By de-
-                 fault, verbose is on.
-
-     ?? [_c_o_m_m_a_n_d]
-                 A synonym for help.
-
-     The following command can be used with ftpsec-aware servers.
-
-     pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e
-                 Set the data protection level to the requested level.
-
-     The following command can be used with ftp servers that has implemented
-     the KAUTH site command.
-
-     kkaauutthh [_p_r_i_n_c_i_p_a_l]
-                 Obtain remote tickets.
-
-     Command arguments which have embedded spaces may be quoted with quote `"'
-     marks.
-
-AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR
-     To abort a file transfer, use the terminal interrupt key (usually Ctrl-
-     C).  Sending transfers will be immediately halted.  Receiving transfers
-     will be halted by sending a ftp protocol ABOR command to the remote serv-
-     er, and discarding any further data received.  The speed at which this is
-     accomplished depends upon the remote server's support for ABOR process-
-     ing.  If the remote server does not support the ABOR command, an `ftp>'
-     prompt will not appear until the remote server has completed sending the
-     requested file.
-
-     The terminal interrupt key sequence will be ignored when ffttpp has complet-
-     ed any local processing and is awaiting a reply from the remote server.
-     A long delay in this mode may result from the ABOR processing described
-     above, or from unexpected behavior by the remote server, including viola-
-     tions of the ftp protocol.  If the delay results from unexpected remote
-     server behavior, the local ffttpp program must be killed by hand.
-
-FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS
-     Files specified as arguments to ffttpp commands are processed according to
-     the following rules.
-
-     1.   If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t
-          (for writing) is used.
-
-     2.   If the first character of the file name is `|', the remainder of the
-          argument is interpreted as a shell command.  FFttpp then forks a shell,
-          using popen(3) with the argument supplied, and reads (writes) from
-          the stdout (stdin).  If the shell command includes spaces, the argu-
-          ment must be quoted; e.g.  ``" ls -lt"''.  A particularly useful ex-
-          ample of this mechanism is: ``dir more''.
-
-     3.   Failing the above checks, if ``globbing'' is enabled, local file
-          names are expanded according to the rules used in the csh(1); c.f.
-          the gglloobb command.  If the ffttpp command expects a single local file
-          (.e.g.  ppuutt), only the first filename generated by the "globbing"
-          operation is used.
-
-     4.   For mmggeett commands and ggeett commands with unspecified local file
-          names, the local filename is the remote filename, which may be al-
-          tered by a ccaassee, nnttrraannss, or nnmmaapp setting.  The resulting filename
-          may then be altered if rruunniiqquuee is on.
-
-     5.   For mmppuutt commands and ppuutt commands with unspecified remote file
-          names, the remote filename is the local filename, which may be al-
-          tered by a nnttrraannss or nnmmaapp setting.  The resulting filename may then
-          be altered by the remote server if ssuunniiqquuee is on.
-
-FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS
-     The FTP specification specifies many parameters which may affect a file
-     transfer.  The ttyyppee may be one of ``ascii'', ``image'' (binary),
-     ``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly).
-     FFttpp supports the ascii and image types of file transfer, plus local byte
-     size 8 for tteenneexx mode transfers.
-
-     FFttpp supports only the default values for the remaining file transfer pa-
-     rameters: mmooddee, ffoorrmm, and ssttrruucctt.
-
-TTHHEE ..nneettrrcc FFIILLEE
-     The _._n_e_t_r_c file contains login and initialization information used by the
-     auto-login process.  It resides in the user's home directory.  The fol-
-     lowing tokens are recognized; they may be separated by spaces, tabs, or
-     new-lines:
-
-     mmaacchhiinnee _n_a_m_e
-               Identify a remote machine _n_a_m_e.  The auto-login process search-
-               es the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote
-               machine specified on the ffttpp command line or as an ooppeenn command
-               argument.  Once a match is made, the subsequent _._n_e_t_r_c tokens
-               are processed, stopping when the end of file is reached or an-
-               other mmaacchhiinnee or a ddeeffaauulltt token is encountered.
-
-     ddeeffaauulltt   This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches
-               any name.  There can be only one ddeeffaauulltt token, and it must be
-               after all mmaacchhiinnee tokens.  This is normally used as:
-
-                     default login anonymous password user@site
-
-               thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma-
-               chines not specified in _._n_e_t_r_c.  This can be overridden by us-
-               ing the --nn flag to disable auto-login.
-
-     llooggiinn _n_a_m_e
-               Identify a user on the remote machine.  If this token is pre-
-               sent, the auto-login process will initiate a login using the
-               specified _n_a_m_e.
-
-     ppaasssswwoorrdd _s_t_r_i_n_g
-               Supply a password.  If this token is present, the auto-login
-               process will supply the specified string if the remote server
-               requires a password as part of the login process.  Note that if
-               this token is present in the _._n_e_t_r_c file for any user other
-               than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the
-               _._n_e_t_r_c is readable by anyone besides the user.
-
-     aaccccoouunntt _s_t_r_i_n_g
-               Supply an additional account password.  If this token is pre-
-               sent, the auto-login process will supply the specified string
-               if the remote server requires an additional account password,
-               or the auto-login process will initiate an ACCT command if it
-               does not.
-
-     mmaaccddeeff _n_a_m_e
-               Define a macro.  This token functions like the ffttpp mmaaccddeeff com-
-               mand functions.  A macro is defined with the specified name;
-               its contents begin with the next _._n_e_t_r_c line and continue until
-               a null line (consecutive new-line characters) is encountered.
-               If a macro named iinniitt is defined, it is automatically executed
-               as the last step in the auto-login process.
-
-EENNVVIIRROONNMMEENNTT
-     FFttpp utilizes the following environment variables.
-
-     HOME        For default location of a _._n_e_t_r_c file, if one exists.
-
-     SHELL       For default shell.
-
-SSEEEE AALLSSOO
-     ftpd(8)
-
-     _R_F_C_2_2_2_8.
-
-HHIISSTTOORRYY
-     The ffttpp command appeared in 4.2BSD.
-
-BBUUGGSS
-     Correct execution of many commands depends upon proper behavior by the
-     remote server.
-
-     An error in the treatment of carriage returns in the 4.2BSD ascii-mode
-     transfer code has been corrected.  This correction may result in incor-
-     rect transfers of binary files to and from 4.2BSD servers using the ascii
-     type.  Avoid this problem by using the binary image type.
-
-4.2 Berkeley Distribution       April 27, 1996                              10
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
deleted file mode 100644
index 4749da090112..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */
-
-#ifndef __FTP_LOCL_H__
-#define __FTP_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-
-#ifdef HAVE_ARPA_FTP_H
-#include <arpa/ftp.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#include <errno.h>
-#include <ctype.h>
-#include <glob.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-
-#include <err.h>
-
-#ifdef SOCKS
-#include <socks.h>
-extern int LIBPREFIX(fclose)      (FILE *);
-
-/* This doesn't belong here. */
-struct tm *localtime(const time_t *);
-struct hostent  *gethostbyname(const char *);
-
-#endif
-
-#include "ftp_var.h"
-#include "extern.h"
-#include "common.h"
-#include "pathnames.h"
-
-#include "roken.h"
-#include "security.h"
-
-/* des_read_pw_string */
-#include "crypto-headers.h"
-
-#if defined(__sun__) && !defined(__svr4)
-int fclose(FILE*);
-int pclose(FILE*);
-#endif
-
-#endif /* __FTP_LOCL_H__ */
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_var.h b/crypto/heimdal/appl/ftp/ftp/ftp_var.h
deleted file mode 100644
index 3dbe6b44a11a..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ftp_var.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftp_var.h	8.4 (Berkeley) 10/9/94
- */
-
-/*
- * FTP global variables.
- */
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <setjmp.h>
-
-/*
- * Options and other state info.
- */
-extern int	trace;			/* trace packets exchanged */
-extern int	hash;			/* print # for each buffer transferred */
-extern int	sendport;		/* use PORT cmd for each data connection */
-extern int	verbose;		/* print messages coming back from server */
-extern int	connected;		/* connected to server */
-extern int	fromatty;		/* input is from a terminal */
-extern int	interactive;		/* interactively prompt on m* cmds */
-extern int	lineedit;		/* use line-editing */
-extern int	debug;			/* debugging level */
-extern int	bell;			/* ring bell on cmd completion */
-extern int	doglob;			/* glob local file names */
-extern int	autologin;		/* establish user account on connection */
-extern int	proxy;			/* proxy server connection active */
-extern int	proxflag;		/* proxy connection exists */
-extern int	sunique;		/* store files on server with unique name */
-extern int	runique;		/* store local files with unique name */
-extern int	mcase;			/* map upper to lower case for mget names */
-extern int	ntflag;			/* use ntin ntout tables for name translation */
-extern int	mapflag;		/* use mapin mapout templates on file names */
-extern int	code;			/* return/reply code for ftp command */
-extern int	crflag;			/* if 1, strip car. rets. on ascii gets */
-extern char	pasv[64];		/* passive port for proxy data connection */
-extern int	passivemode;		/* passive mode enabled */
-extern char	*altarg;		/* argv[1] with no shell-like preprocessing  */
-extern char	ntin[17];		/* input translation table */
-extern char	ntout[17];		/* output translation table */
-extern char	mapin[MaxPathLen];	/* input map template */
-extern char	mapout[MaxPathLen];	/* output map template */
-extern char	typename[32];		/* name of file transfer type */
-extern int	type;			/* requested file transfer type */
-extern int	curtype;		/* current file transfer type */
-extern char	structname[32];		/* name of file transfer structure */
-extern int	stru;			/* file transfer structure */
-extern char	formname[32];		/* name of file transfer format */
-extern int	form;			/* file transfer format */
-extern char	modename[32];		/* name of file transfer mode */
-extern int	mode;			/* file transfer mode */
-extern char	bytename[32];		/* local byte size in ascii */
-extern int	bytesize;		/* local byte size in binary */
-
-extern char	*hostname;		/* name of host connected to */
-extern int	unix_server;		/* server is unix, can use binary for ascii */
-extern int	unix_proxy;		/* proxy is unix, can use binary for ascii */
-
-extern jmp_buf	toplevel;		/* non-local goto stuff for cmd scanner */
-
-extern char	line[200];		/* input line buffer */
-extern char	*stringbase;		/* current scan point in line buffer */
-extern char	argbuf[200];		/* argument storage buffer */
-extern char	*argbase;		/* current storage point in arg buffer */
-extern int	margc;			/* count of arguments on input line */
-extern char	**margv;		/* args parsed from input line */
-extern int	margvlen;		/* how large margv is currently */
-extern int     cpend;                  /* flag: if != 0, then pending server reply */
-extern int	mflag;			/* flag: if != 0, then active multi command */
-
-extern int	options;		/* used during socket creation */
-extern int      use_kerberos;           /* use Kerberos authentication */
-
-/*
- * Format of command table.
- */
-struct cmd {
-	char	*c_name;	/* name of command */
-	char	*c_help;	/* help string */
-	char	c_bell;		/* give bell when command completes */
-	char	c_conn;		/* must be connected to use command */
-	char	c_proxy;	/* proxy server may execute */
-	void	(*c_handler) (int, char **); /* function to call */
-};
-
-struct macel {
-	char mac_name[9];	/* macro name */
-	char *mac_start;	/* start of macro in macbuf */
-	char *mac_end;		/* end of macro in macbuf */
-};
-
-extern int macnum;			/* number of defined macros */
-extern struct macel macros[16];
-extern char macbuf[4096];
-
-
diff --git a/crypto/heimdal/appl/ftp/ftp/globals.c b/crypto/heimdal/appl/ftp/ftp/globals.c
deleted file mode 100644
index 8a0e1c93de75..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/globals.c
+++ /dev/null
@@ -1,78 +0,0 @@
-#include "ftp_locl.h"
-RCSID("$Id: globals.c,v 1.8 2000/11/15 22:56:08 assar Exp $");
-
-/*
- * Options and other state info.
- */
-int	trace;			/* trace packets exchanged */
-int	hash;			/* print # for each buffer transferred */
-int	sendport;		/* use PORT cmd for each data connection */
-int	verbose;		/* print messages coming back from server */
-int	connected;		/* connected to server */
-int	fromatty;		/* input is from a terminal */
-int	interactive;		/* interactively prompt on m* cmds */
-int	lineedit;		/* use line-editing */
-int	debug;			/* debugging level */
-int	bell;			/* ring bell on cmd completion */
-int	doglob;			/* glob local file names */
-int	autologin;		/* establish user account on connection */
-int	proxy;			/* proxy server connection active */
-int	proxflag;		/* proxy connection exists */
-int	sunique;		/* store files on server with unique name */
-int	runique;		/* store local files with unique name */
-int	mcase;			/* map upper to lower case for mget names */
-int	ntflag;			/* use ntin ntout tables for name translation */
-int	mapflag;		/* use mapin mapout templates on file names */
-int	code;			/* return/reply code for ftp command */
-int	crflag;			/* if 1, strip car. rets. on ascii gets */
-char	pasv[64];		/* passive port for proxy data connection */
-int	passivemode;		/* passive mode enabled */
-char	*altarg;		/* argv[1] with no shell-like preprocessing  */
-char	ntin[17];		/* input translation table */
-char	ntout[17];		/* output translation table */
-char	mapin[MaxPathLen];	/* input map template */
-char	mapout[MaxPathLen];	/* output map template */
-char	typename[32];		/* name of file transfer type */
-int	type;			/* requested file transfer type */
-int	curtype;		/* current file transfer type */
-char	structname[32];		/* name of file transfer structure */
-int	stru;			/* file transfer structure */
-char	formname[32];		/* name of file transfer format */
-int	form;			/* file transfer format */
-char	modename[32];		/* name of file transfer mode */
-int	mode;			/* file transfer mode */
-char	bytename[32];		/* local byte size in ascii */
-int	bytesize;		/* local byte size in binary */
-
-char	*hostname;		/* name of host connected to */
-int	unix_server;		/* server is unix, can use binary for ascii */
-int	unix_proxy;		/* proxy is unix, can use binary for ascii */
-
-jmp_buf	toplevel;		/* non-local goto stuff for cmd scanner */
-
-char	line[200];		/* input line buffer */
-char	*stringbase;		/* current scan point in line buffer */
-char	argbuf[200];		/* argument storage buffer */
-char	*argbase;		/* current storage point in arg buffer */
-int	margc;			/* count of arguments on input line */
-char	**margv;		/* args parsed from input line */
-int	margvlen;		/* how large margv is currently */
-int     cpend;                  /* flag: if != 0, then pending server reply */
-int	mflag;			/* flag: if != 0, then active multi command */
-
-int	options;		/* used during socket creation */
-int     use_kerberos;           /* use Kerberos authentication */
-
-/*
- * Format of command table.
- */
-
-int macnum;			/* number of defined macros */
-struct macel macros[16];
-char macbuf[4096];
-
-char username[32];
-
-/* these are set in ruserpass */
-char myhostname[MaxHostNameLen];
-char *mydomain;
diff --git a/crypto/heimdal/appl/ftp/ftp/gssapi.c b/crypto/heimdal/appl/ftp/ftp/gssapi.c
deleted file mode 100644
index 40a5910b6533..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/gssapi.c
+++ /dev/null
@@ -1,480 +0,0 @@
-/*
- * Copyright (c) 1998 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-#include <gssapi.h>
-#include <krb5_err.h>
-
-RCSID("$Id: gssapi.c,v 1.22 2003/03/16 19:40:18 lha Exp $");
-
-struct gss_data {
-    gss_ctx_id_t context_hdl;
-    char *client_name;
-    gss_cred_id_t delegated_cred_handle;
-};
-
-static int
-gss_init(void *app_data)
-{
-    struct gss_data *d = app_data;
-    d->context_hdl = GSS_C_NO_CONTEXT;
-    d->delegated_cred_handle = NULL;
-#if defined(FTP_SERVER)
-    return 0;
-#else
-    /* XXX Check the gss mechanism; with  gss_indicate_mechs() ? */
-#ifdef KRB5
-    return !use_kerberos;
-#else
-    return 0
-#endif /* KRB5 */
-#endif /* FTP_SERVER */
-}
-
-static int
-gss_check_prot(void *app_data, int level)
-{
-    if(level == prot_confidential)
-	return -1;
-    return 0;
-}
-
-static int
-gss_decode(void *app_data, void *buf, int len, int level)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc input, output;
-    gss_qop_t qop_state;
-    int conf_state;
-    struct gss_data *d = app_data;
-    size_t ret_len;
-
-    input.length = len;
-    input.value = buf;
-    maj_stat = gss_unwrap (&min_stat,
-			   d->context_hdl,
-			   &input,
-			   &output,
-			   &conf_state,
-			   &qop_state);
-    if(GSS_ERROR(maj_stat))
-	return -1;
-    memmove(buf, output.value, output.length);
-    ret_len = output.length;
-    gss_release_buffer(&min_stat, &output);
-    return ret_len;
-}
-
-static int
-gss_overhead(void *app_data, int level, int len)
-{
-    return 100; /* dunno? */
-}
-
-
-static int
-gss_encode(void *app_data, void *from, int length, int level, void **to)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc input, output;
-    int conf_state;
-    struct gss_data *d = app_data;
-
-    input.length = length;
-    input.value = from;
-    maj_stat = gss_wrap (&min_stat,
-			 d->context_hdl,
-			 level == prot_private,
-			 GSS_C_QOP_DEFAULT,
-			 &input,
-			 &conf_state,
-			 &output);
-    *to = output.value;
-    return output.length;
-}
-
-static void
-sockaddr_to_gss_address (const struct sockaddr *sa,
-			 OM_uint32 *addr_type,
-			 gss_buffer_desc *gss_addr)
-{
-    switch (sa->sa_family) {
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	gss_addr->length = 16;
-	gss_addr->value  = &sin6->sin6_addr;
-	*addr_type       = GSS_C_AF_INET6;
-	break;
-    }
-#endif
-    case AF_INET : {
-	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-
-	gss_addr->length = 4;
-	gss_addr->value  = &sin->sin_addr;
-	*addr_type       = GSS_C_AF_INET;
-	break;
-    }
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	
-    }
-}
-
-/* end common stuff */
-
-#ifdef FTP_SERVER
-
-static int
-gss_adat(void *app_data, void *buf, size_t len)
-{
-    char *p = NULL;
-    gss_buffer_desc input_token, output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    struct gss_data *d = app_data;
-    struct gss_channel_bindings_struct bindings;
-
-    sockaddr_to_gss_address (his_addr,
-			     &bindings.initiator_addrtype,
-			     &bindings.initiator_address);
-    sockaddr_to_gss_address (ctrl_addr,
-			     &bindings.acceptor_addrtype,
-			     &bindings.acceptor_address);
-
-    bindings.application_data.length = 0;
-    bindings.application_data.value = NULL;
-
-    input_token.value = buf;
-    input_token.length = len;
-
-    d->delegated_cred_handle = malloc(sizeof(*d->delegated_cred_handle));
-    if (d->delegated_cred_handle == NULL) {
-	reply(500, "Out of memory");
-	goto out;
-    }
-
-    memset ((char*)d->delegated_cred_handle, 0,
-	    sizeof(*d->delegated_cred_handle));
-    
-    maj_stat = gss_accept_sec_context (&min_stat,
-				       &d->context_hdl,
-				       GSS_C_NO_CREDENTIAL,
-				       &input_token,
-				       &bindings,
-				       &client_name,
-				       NULL,
-				       &output_token,
-				       NULL,
-				       NULL,
-				       &d->delegated_cred_handle);
-
-    if(output_token.length) {
-	if(base64_encode(output_token.value, output_token.length, &p) < 0) {
-	    reply(535, "Out of memory base64-encoding.");
-	    return -1;
-	}
-    }
-    if(maj_stat == GSS_S_COMPLETE){
-	char *name;
-	gss_buffer_desc export_name;
-	gss_OID oid;
-
-	maj_stat = gss_display_name(&min_stat, client_name,
-				    &export_name, &oid);
-	if(maj_stat != 0) {
-	    reply(500, "Error displaying name");
-	    goto out;
-	}
-	/* XXX kerberos */
-	if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
-	    reply(500, "OID not kerberos principal name");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	name = realloc(export_name.value, export_name.length + 1);
-	if(name == NULL) {
-	    reply(500, "Out of memory");
-	    gss_release_buffer(&min_stat, &export_name);
-	    goto out;
-	}
-	name[export_name.length] = '\0';
-	gss_release_buffer(&min_stat, &export_name);
-	d->client_name = name;
-	if(p)
-	    reply(235, "ADAT=%s", p);
-	else
-	    reply(235, "ADAT Complete");
-	sec_complete = 1;
-
-    } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
-	if(p)
-	    reply(335, "ADAT=%s", p);
-	else
-	    reply(335, "OK, need more data");
-    } else {
-	OM_uint32 new_stat;
-	OM_uint32 msg_ctx = 0;
-	gss_buffer_desc status_string;
-	gss_display_status(&new_stat,
-			   min_stat,
-			   GSS_C_MECH_CODE,
-			   GSS_C_NO_OID,
-			   &msg_ctx,
-			   &status_string);
-	syslog(LOG_ERR, "gss_accept_sec_context: %s", 
-	       (char*)status_string.value);
-	gss_release_buffer(&new_stat, &status_string);
-	reply(431, "Security resource unavailable");
-    }
-  out:
-    free(p);
-    return 0;
-}
-
-int gss_userok(void*, char*);
-
-struct sec_server_mech gss_server_mech = {
-    "GSSAPI",
-    sizeof(struct gss_data),
-    gss_init, /* init */
-    NULL, /* end */
-    gss_check_prot,
-    gss_overhead,
-    gss_encode,
-    gss_decode,
-    /* */
-    NULL,
-    gss_adat,
-    NULL, /* pbsz */
-    NULL, /* ccc */
-    gss_userok
-};
-
-#else /* FTP_SERVER */
-
-extern struct sockaddr *hisctladdr, *myctladdr;
-
-static int
-import_name(const char *kname, const char *host, gss_name_t *target_name)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc name;
-
-    name.length = asprintf((char**)&name.value, "%s@%s", kname, host);
-    if (name.value == NULL) {
-	printf("Out of memory\n");
-	return AUTH_ERROR;
-    }
-
-    maj_stat = gss_import_name(&min_stat,
-			       &name,
-			       GSS_C_NT_HOSTBASED_SERVICE,
-			       target_name);
-    if (GSS_ERROR(maj_stat)) {
-	OM_uint32 new_stat;
-	OM_uint32 msg_ctx = 0;
-	gss_buffer_desc status_string;
-	    
-	gss_display_status(&new_stat,
-			   min_stat,
-			   GSS_C_MECH_CODE,
-			   GSS_C_NO_OID,
-			   &msg_ctx,
-			   &status_string);
-	printf("Error importing name %s: %s\n", 
-	       (char *)name.value,
-	       (char *)status_string.value);
-	gss_release_buffer(&new_stat, &status_string);
-	return AUTH_ERROR;
-    }
-    free(name.value);
-    return 0;
-}
-
-static int
-gss_auth(void *app_data, char *host)
-{
-    
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t target_name;
-    gss_buffer_desc input, output_token;
-    int context_established = 0;
-    char *p;
-    int n;
-    gss_channel_bindings_t bindings;
-    struct gss_data *d = app_data;
-
-    const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
-	    
-    
-    if(import_name(*kname++, host, &target_name))
-	return AUTH_ERROR;
-
-    input.length = 0;
-    input.value = NULL;
-
-    bindings = malloc(sizeof(*bindings));
-
-    sockaddr_to_gss_address (myctladdr,
-			     &bindings->initiator_addrtype,
-			     &bindings->initiator_address);
-    sockaddr_to_gss_address (hisctladdr,
-			     &bindings->acceptor_addrtype,
-			     &bindings->acceptor_address);
-
-    bindings->application_data.length = 0;
-    bindings->application_data.value = NULL;
-
-    while(!context_established) {
-	maj_stat = gss_init_sec_context(&min_stat,
-					GSS_C_NO_CREDENTIAL,
-					&d->context_hdl,
-					target_name,
-					GSS_C_NO_OID,
-                                        GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
-                                          | GSS_C_DELEG_FLAG,
-					0,
-					bindings,
-					&input,
-					NULL,
-					&output_token,
-					NULL,
-					NULL);
-	if (GSS_ERROR(maj_stat)) {
-	    OM_uint32 new_stat;
-	    OM_uint32 msg_ctx = 0;
-	    gss_buffer_desc status_string;
-
-	    if(min_stat == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN && *kname != NULL) {
-		if(import_name(*kname++, host, &target_name))
-		    return AUTH_ERROR;
-		continue;
-	    }
-	    
-	    gss_display_status(&new_stat,
-			       min_stat,
-			       GSS_C_MECH_CODE,
-			       GSS_C_NO_OID,
-			       &msg_ctx,
-			       &status_string);
-	    printf("Error initializing security context: %s\n", 
-		   (char*)status_string.value);
-	    gss_release_buffer(&new_stat, &status_string);
-	    return AUTH_CONTINUE;
-	}
-
-	gss_release_buffer(&min_stat, &input);
-	if (output_token.length != 0) {
-	    base64_encode(output_token.value, output_token.length, &p);
-	    gss_release_buffer(&min_stat, &output_token);
-	    n = command("ADAT %s", p);
-	    free(p);
-	}
-	if (GSS_ERROR(maj_stat)) {
-	    if (d->context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&d->context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    p = strstr(reply_string, "ADAT=");
-	    if(p == NULL){
-		printf("Error: expected ADAT in reply. got: %s\n",
-		       reply_string);
-		return AUTH_ERROR;
-	    } else {
-		p+=5;
-		input.value = malloc(strlen(p));
-		input.length = base64_decode(p, input.value);
-	    }
-	} else {
-	    if(code != 235) {
-		printf("Unrecognized response code: %d\n", code);
-		return AUTH_ERROR;
-	    }
-	    context_established = 1;
-	}
-    }
-
-    {
-	gss_name_t targ_name;
-
-	maj_stat = gss_inquire_context(&min_stat,
-				       d->context_hdl,
-				       NULL,
-				       &targ_name,
-				       NULL,
-				       NULL,
-				       NULL,
-				       NULL,
-				       NULL);
-	if (GSS_ERROR(maj_stat) == 0) {
-	    gss_buffer_desc name;
-	    maj_stat = gss_display_name (&min_stat,
-					 targ_name,
-					 &name,
-					 NULL);
-	    if (GSS_ERROR(maj_stat) == 0) {
-		printf("Authenticated to <%s>\n", (char *)name.value);
-		gss_release_buffer(&min_stat, &name);
-	    }
-	    gss_release_name(&min_stat, &targ_name);
-	} else
-	    printf("Failed to get gss name of peer.\n");
-    }	    
-
-
-    return AUTH_OK;
-}
-
-struct sec_client_mech gss_client_mech = {
-    "GSSAPI",
-    sizeof(struct gss_data),
-    gss_init,
-    gss_auth,
-    NULL, /* end */
-    gss_check_prot,
-    gss_overhead,
-    gss_encode,
-    gss_decode,
-};
-
-#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftp/kauth.c b/crypto/heimdal/appl/ftp/ftp/kauth.c
deleted file mode 100644
index 613593a71290..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/kauth.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-#include <krb.h>
-RCSID("$Id: kauth.c,v 1.20 1999/12/02 16:58:29 joda Exp $");
-
-void
-kauth(int argc, char **argv)
-{
-    int ret;
-    char buf[1024];
-    des_cblock key;
-    des_key_schedule schedule;
-    KTEXT_ST tkt, tktcopy;
-    char *name;
-    char *p;
-    int overbose;
-    char passwd[100];
-    int tmp;
-	
-    int save;
-
-    if(argc > 2){
-	printf("usage: %s [principal]\n", argv[0]);
-	code = -1;
-	return;
-    }
-    if(argc == 2)
-	name = argv[1];
-    else
-	name = username;
-
-    overbose = verbose;
-    verbose = 0;
-
-    save = set_command_prot(prot_private);
-    ret = command("SITE KAUTH %s", name);
-    if(ret != CONTINUE){
-	verbose = overbose;
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    verbose = overbose;
-    p = strstr(reply_string, "T=");
-    if(!p){
-	printf("Bad reply from server.\n");
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    p += 2;
-    tmp = base64_decode(p, &tkt.dat);
-    if(tmp < 0){
-	printf("Failed to decode base64 in reply.\n");
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    tkt.length = tmp;
-    tktcopy.length = tkt.length;
-    
-    p = strstr(reply_string, "P=");
-    if(!p){
-	printf("Bad reply from server.\n");
-	verbose = overbose;
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    name = p + 2;
-    for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
-    *p = 0;
-    
-    snprintf(buf, sizeof(buf), "Password for %s:", name);
-    if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
-        *passwd = '\0';
-    des_string_to_key (passwd, &key);
-
-    des_key_sched(&key, schedule);
-    
-    des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
-		     tkt.length,
-		     schedule, &key, DES_DECRYPT);
-    if (strcmp ((char*)tktcopy.dat + 8,
-		KRB_TICKET_GRANTING_TICKET) != 0) {
-        afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
-	des_key_sched (&key, schedule);
-	des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
-			 tkt.length,
-			 schedule, &key, DES_DECRYPT);
-    }
-    memset(key, 0, sizeof(key));
-    memset(schedule, 0, sizeof(schedule));
-    memset(passwd, 0, sizeof(passwd));
-    if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
-	printf("Out of memory base64-encoding.\n");
-	set_command_prot(save);
-	code = -1;
-	return;
-    }
-    memset (tktcopy.dat, 0, tktcopy.length);
-    ret = command("SITE KAUTH %s %s", name, p);
-    free(p);
-    set_command_prot(save);
-    if(ret != COMPLETE){
-	code = -1;
-	return;
-    }
-    code = 0;
-}
-
-void
-klist(int argc, char **argv)
-{
-    int ret;
-    if(argc != 1){
-	printf("usage: %s\n", argv[0]);
-	code = -1;
-	return;
-    }
-    
-    ret = command("SITE KLIST");
-    code = (ret == COMPLETE);
-}
-
-void
-kdestroy(int argc, char **argv)
-{
-    int ret;
-    if (argc != 1) {
-	printf("usage: %s\n", argv[0]);
-	code = -1;
-	return;
-    }
-    ret = command("SITE KDESTROY");
-    code = (ret == COMPLETE);
-}
-
-void
-krbtkfile(int argc, char **argv)
-{
-    int ret;
-    if(argc != 2) {
-	printf("usage: %s tktfile\n", argv[0]);
-	code = -1;
-	return;
-    }
-    ret = command("SITE KRBTKFILE %s", argv[1]);
-    code = (ret == COMPLETE);
-}
-
-void
-afslog(int argc, char **argv)
-{
-    int ret;
-    if(argc > 2) {
-	printf("usage: %s [cell]\n", argv[0]);
-	code = -1;
-	return;
-    }
-    if(argc == 2)
-	ret = command("SITE AFSLOG %s", argv[1]);
-    else
-	ret = command("SITE AFSLOG");
-    code = (ret == COMPLETE);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/krb4.c b/crypto/heimdal/appl/ftp/ftp/krb4.c
deleted file mode 100644
index d057ed71352e..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/krb4.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-#include <krb.h>
-
-RCSID("$Id: krb4.c,v 1.38 2000/06/21 02:46:09 assar Exp $");
-
-#ifdef FTP_SERVER
-#define LOCAL_ADDR ctrl_addr
-#define REMOTE_ADDR his_addr
-#else
-#define LOCAL_ADDR myctladdr
-#define REMOTE_ADDR hisctladdr
-#endif
-
-extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
-
-struct krb4_data {
-    des_cblock key;
-    des_key_schedule schedule;
-    char name[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-};
-
-static int
-krb4_check_prot(void *app_data, int level)
-{
-    if(level == prot_confidential)
-	return -1;
-    return 0;
-}
-
-static int
-krb4_decode(void *app_data, void *buf, int len, int level)
-{
-    MSG_DAT m;
-    int e;
-    struct krb4_data *d = app_data;
-    
-    if(level == prot_safe)
-	e = krb_rd_safe(buf, len, &d->key,
-			(struct sockaddr_in *)REMOTE_ADDR,
-			(struct sockaddr_in *)LOCAL_ADDR, &m);
-    else
-	e = krb_rd_priv(buf, len, d->schedule, &d->key, 
-			(struct sockaddr_in *)REMOTE_ADDR,
-			(struct sockaddr_in *)LOCAL_ADDR, &m);
-    if(e){
-	syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
-	return -1;
-    }
-    memmove(buf, m.app_data, m.app_length);
-    return m.app_length;
-}
-
-static int
-krb4_overhead(void *app_data, int level, int len)
-{
-    return 31;
-}
-
-static int
-krb4_encode(void *app_data, void *from, int length, int level, void **to)
-{
-    struct krb4_data *d = app_data;
-    *to = malloc(length + 31);
-    if(level == prot_safe)
-	return krb_mk_safe(from, *to, length, &d->key, 
-			   (struct sockaddr_in *)LOCAL_ADDR,
-			   (struct sockaddr_in *)REMOTE_ADDR);
-    else if(level == prot_private)
-	return krb_mk_priv(from, *to, length, d->schedule, &d->key, 
-			   (struct sockaddr_in *)LOCAL_ADDR,
-			   (struct sockaddr_in *)REMOTE_ADDR);
-    else
-	return -1;
-}
-
-#ifdef FTP_SERVER
-
-static int
-krb4_adat(void *app_data, void *buf, size_t len)
-{
-    KTEXT_ST tkt;
-    AUTH_DAT auth_dat;
-    char *p;
-    int kerror;
-    u_int32_t cs;
-    char msg[35]; /* size of encrypted block */
-    int tmp_len;
-    struct krb4_data *d = app_data;
-    char inst[INST_SZ];
-    struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
-
-    memcpy(tkt.dat, buf, len);
-    tkt.length = len;
-
-    k_getsockinst(0, inst, sizeof(inst));
-    kerror = krb_rd_req(&tkt, "ftp", inst, 
-			his_addr_sin->sin_addr.s_addr, &auth_dat, "");
-    if(kerror == RD_AP_UNDEC){
-	k_getsockinst(0, inst, sizeof(inst));
-	kerror = krb_rd_req(&tkt, "rcmd", inst, 
-			    his_addr_sin->sin_addr.s_addr, &auth_dat, "");
-    }
-
-    if(kerror){
-	reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
-	return -1;
-    }
-    
-    memcpy(d->key, auth_dat.session, sizeof(d->key));
-    des_set_key(&d->key, d->schedule);
-
-    strlcpy(d->name, auth_dat.pname, sizeof(d->name));
-    strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
-    strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
-
-    cs = auth_dat.checksum + 1;
-    {
-	unsigned char tmp[4];
-	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
-	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
-			      (struct sockaddr_in *)LOCAL_ADDR,
-			      (struct sockaddr_in *)REMOTE_ADDR);
-    }
-    if(tmp_len < 0){
-	reply(535, "Error creating reply: %s.", strerror(errno));
-	return -1;
-    }
-    len = tmp_len;
-    if(base64_encode(msg, len, &p) < 0) {
-	reply(535, "Out of memory base64-encoding.");
-	return -1;
-    }
-    reply(235, "ADAT=%s", p);
-    sec_complete = 1;
-    free(p);
-    return 0;
-}
-
-static int
-krb4_userok(void *app_data, char *user)
-{
-    struct krb4_data *d = app_data;
-    return krb_kuserok(d->name, d->instance, d->realm, user);
-}
-
-struct sec_server_mech krb4_server_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    NULL, /* init */
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode,
-    /* */
-    NULL,
-    krb4_adat,
-    NULL, /* pbsz */
-    NULL, /* ccc */
-    krb4_userok
-};
-
-#else /* FTP_SERVER */
-
-static int
-krb4_init(void *app_data)
-{
-   return !use_kerberos;
-}
-
-static int
-mk_auth(struct krb4_data *d, KTEXT adat, 
-	char *service, char *host, int checksum)
-{
-    int ret;
-    CREDENTIALS cred;
-    char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
-
-    strlcpy(sname, service, sizeof(sname));
-    strlcpy(inst, krb_get_phost(host), sizeof(inst));
-    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-    ret = krb_mk_req(adat, sname, inst, realm, checksum);
-    if(ret)
-	return ret;
-    strlcpy(sname, service, sizeof(sname));
-    strlcpy(inst, krb_get_phost(host), sizeof(inst));
-    strlcpy(realm, krb_realmofhost(host), sizeof(realm));
-    ret = krb_get_cred(sname, inst, realm, &cred);
-    memmove(&d->key, &cred.session, sizeof(des_cblock));
-    des_key_sched(&d->key, d->schedule);
-    memset(&cred, 0, sizeof(cred));
-    return ret;
-}
-
-static int
-krb4_auth(void *app_data, char *host)
-{
-    int ret;
-    char *p;
-    int len;
-    KTEXT_ST adat;
-    MSG_DAT msg_data;
-    int checksum;
-    u_int32_t cs;
-    struct krb4_data *d = app_data;
-    struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;
-    struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
-
-    checksum = getpid();
-    ret = mk_auth(d, &adat, "ftp", host, checksum);
-    if(ret == KDC_PR_UNKNOWN)
-	ret = mk_auth(d, &adat, "rcmd", host, checksum);
-    if(ret){
-	printf("%s\n", krb_get_err_text(ret));
-	return AUTH_CONTINUE;
-    }
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-    if (krb_get_config_bool("nat_in_use")) {
-      struct in_addr natAddr;
-
-      if (krb_get_our_ip_for_realm(krb_realmofhost(host),
-				   &natAddr) != KSUCCESS
-	  && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
-	printf("Can't get address for realm %s\n",
-	       krb_realmofhost(host));
-      else {
-	if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
-	  printf("Using NAT IP address (%s) for kerberos 4\n",
-		 inet_ntoa(natAddr));
-	  localaddr->sin_addr = natAddr;
-	  
-	  /*
-	   * This not the best place to do this, but it
-	   * is here we know that (probably) NAT is in
-	   * use!
-	   */
-
-	  passivemode = 1;
-	  printf("Setting: Passive mode on.\n");
-	}
-      }
-    }
-#endif
-
-    printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
-    printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
-
-   if(base64_encode(adat.dat, adat.length, &p) < 0) {
-	printf("Out of memory base64-encoding.\n");
-	return AUTH_CONTINUE;
-    }
-    ret = command("ADAT %s", p);
-    free(p);
-
-    if(ret != COMPLETE){
-	printf("Server didn't accept auth data.\n");
-	return AUTH_ERROR;
-    }
-
-    p = strstr(reply_string, "ADAT=");
-    if(!p){
-	printf("Remote host didn't send adat reply.\n");
-	return AUTH_ERROR;
-    }
-    p += 5;
-    len = base64_decode(p, adat.dat);
-    if(len < 0){
-	printf("Failed to decode base64 from server.\n");
-	return AUTH_ERROR;
-    }
-    adat.length = len;
-    ret = krb_rd_safe(adat.dat, adat.length, &d->key, 
-		      (struct sockaddr_in *)hisctladdr, 
-		      (struct sockaddr_in *)myctladdr, &msg_data);
-    if(ret){
-	printf("Error reading reply from server: %s.\n", 
-	       krb_get_err_text(ret));
-	return AUTH_ERROR;
-    }
-    krb_get_int(msg_data.app_data, &cs, 4, 0);
-    if(cs - checksum != 1){
-	printf("Bad checksum returned from server.\n");
-	return AUTH_ERROR;
-    }
-    return AUTH_OK;
-}
-
-struct sec_client_mech krb4_client_mech = {
-    "KERBEROS_V4",
-    sizeof(struct krb4_data),
-    krb4_init, /* init */
-    krb4_auth,
-    NULL, /* end */
-    krb4_check_prot,
-    krb4_overhead,
-    krb4_encode,
-    krb4_decode
-};
-
-#endif /* FTP_SERVER */
diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c
deleted file mode 100644
index b6edaab35c91..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/main.c
+++ /dev/null
@@ -1,580 +0,0 @@
-/*
- * Copyright (c) 1985, 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * FTP User Program -- Command Interface.
- */
-
-#include "ftp_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: main.c,v 1.33 2002/10/29 09:47:51 joda Exp $");
-
-static int help_flag;
-static int version_flag;
-static int debug_flag;
-
-struct getargs getargs[] = {
-    { NULL,	'd', arg_flag, &debug_flag,
-      "debug", NULL },
-    { NULL,	'g', arg_negative_flag, &doglob,
-      "disables globbing", NULL},
-    { NULL,	'i', arg_negative_flag, &interactive,
-      "Turn off interactive prompting", NULL},
-    { NULL,	'l', arg_negative_flag, &lineedit,
-      "Turn off line editing", NULL},
-    { NULL,   'n', arg_negative_flag, &autologin,
-      "Turn off auto-login", NULL},
-    { NULL,	'p', arg_flag, &passivemode,
-      "passive mode", NULL},
-    { NULL,	't', arg_counter, &trace,
-      "Packet tracing", NULL},
-    { NULL,	'v', arg_counter, &verbose,
-      "verbosity", NULL},
-    { NULL,	'K', arg_negative_flag, &use_kerberos,
-      "Disable kerberos authentication", NULL},
-    { "version", 0,  arg_flag, &version_flag },
-    { "help",	'h', arg_flag, &help_flag },
-};
-
-static int num_args = sizeof(getargs) / sizeof(getargs[0]);
-
-static void
-usage(int ecode)
-{
-    arg_printusage(getargs, num_args, NULL, "[host [port]]");
-    exit(ecode);
-}
-
-int
-main(int argc, char **argv)
-{
-	int top;
-	struct passwd *pw = NULL;
-	char homedir[MaxPathLen];
-	struct servent *sp;
-	int optind = 0;
-
-	setprogname(argv[0]);
-
-	sp = getservbyname("ftp", "tcp");
-	if (sp == 0)
-		errx(1, "ftp/tcp: unknown service");
-	doglob = 1;
-	interactive = 1;
-	autologin = 1;
-	lineedit = 1;
-	passivemode = 0; /* passive mode not active */
-        use_kerberos = 1;
-
-	if(getarg(getargs, num_args, argc, argv, &optind))
-		usage(1);
-	if(help_flag)
-		usage(0);
-	if(version_flag) {
-		print_version(NULL);
-		exit(0);
-	}
-
-	if (debug_flag) {
-		options |= SO_DEBUG;
-		debug++;
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	fromatty = isatty(fileno(stdin));
-	if (fromatty)
-		verbose++;
-	cpend = 0;	/* no pending replies */
-	proxy = 0;	/* proxy not active */
-	crflag = 1;	/* strip c.r. on ascii gets */
-	sendport = -1;	/* not using ports */
-	/*
-	 * Set up the home directory in case we're globbing.
-	 */
-	pw = k_getpwuid(getuid());
-	if (pw != NULL) {
-		strlcpy(homedir, pw->pw_dir, sizeof(homedir));
-		home = homedir;
-	}
-	if (argc > 0) {
-	    char *xargv[5];
-	    
-	    if (setjmp(toplevel))
-		exit(0);
-	    signal(SIGINT, intr);
-	    signal(SIGPIPE, lostpeer);
-	    xargv[0] = (char*)getprogname();
-	    xargv[1] = argv[0];
-	    xargv[2] = argv[1];
-	    xargv[3] = argv[2];
-	    xargv[4] = NULL;
-	    setpeer(argc+1, xargv);
-	}
-	if(setjmp(toplevel) == 0)
-	    top = 1;
-	else
-	    top = 0;
-	if (top) {
-	    signal(SIGINT, intr);
-	    signal(SIGPIPE, lostpeer);
-	}
-	for (;;) {
-	    cmdscanner(top);
-	    top = 1;
-	}
-}
-
-void
-intr(int sig)
-{
-
-	longjmp(toplevel, 1);
-}
-
-#ifndef SHUT_RDWR
-#define SHUT_RDWR 2
-#endif
-
-RETSIGTYPE
-lostpeer(int sig)
-{
-
-    if (connected) {
-	if (cout != NULL) {
-	    shutdown(fileno(cout), SHUT_RDWR);
-	    fclose(cout);
-	    cout = NULL;
-	}
-	if (data >= 0) {
-	    shutdown(data, SHUT_RDWR);
-	    close(data);
-	    data = -1;
-	}
-	connected = 0;
-    }
-    pswitch(1);
-    if (connected) {
-	if (cout != NULL) {
-	    shutdown(fileno(cout), SHUT_RDWR);
-	    fclose(cout);
-	    cout = NULL;
-	}
-	connected = 0;
-    }
-    proxflag = 0;
-    pswitch(0);
-    sec_end();
-    SIGRETURN(0);
-}
-
-/*
-char *
-tail(filename)
-	char *filename;
-{
-	char *s;
-	
-	while (*filename) {
-		s = strrchr(filename, '/');
-		if (s == NULL)
-			break;
-		if (s[1])
-			return (s + 1);
-		*s = '\0';
-	}
-	return (filename);
-}
-*/
-
-static char *
-simple_readline(char *prompt)
-{
-    char buf[BUFSIZ];
-    printf ("%s", prompt);
-    fflush (stdout);
-    if(fgets(buf, sizeof(buf), stdin) == NULL)
-	return NULL;
-    if (buf[strlen(buf) - 1] == '\n')
-	buf[strlen(buf) - 1] = '\0';
-    return strdup(buf);
-}
-
-#ifndef HAVE_READLINE
-
-static char *
-readline(char *prompt)
-{
-    return simple_readline (prompt);
-}
-
-static void
-add_history(char *p)
-{
-}
-
-#else
-
-/* These should not really be here */
-
-char *readline(char *);
-void add_history(char *);
-
-#endif
-
-/*
- * Command parser.
- */
-void
-cmdscanner(int top)
-{
-    struct cmd *c;
-    int l;
-
-    if (!top)
-	putchar('\n');
-    for (;;) {
-	if (fromatty) {
-	    char *p;
-	    if (lineedit)
-		p = readline("ftp> ");
-	    else
-		p = simple_readline("ftp> ");
-	    if(p == NULL) {
-		printf("\n");
-		quit(0, 0);
-	    }
-	    strlcpy(line, p, sizeof(line));
-	    if (lineedit)
-		add_history(p);
-	    free(p);
-	} else{
-	    if (fgets(line, sizeof line, stdin) == NULL)
-		quit(0, 0);
-	}
-	/* XXX will break on long lines */
-	l = strlen(line);
-	if (l == 0)
-	    break;
-	if (line[--l] == '\n') {
-	    if (l == 0)
-		break;
-	    line[l] = '\0';
-	} else if (l == sizeof(line) - 2) {
-	    printf("sorry, input line too long\n");
-	    while ((l = getchar()) != '\n' && l != EOF)
-		/* void */;
-	    break;
-	} /* else it was a line without a newline */
-	makeargv();
-	if (margc == 0) {
-	    continue;
-	}
-	c = getcmd(margv[0]);
-	if (c == (struct cmd *)-1) {
-	    printf("?Ambiguous command\n");
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command\n");
-	    continue;
-	}
-	if (c->c_conn && !connected) {
-	    printf("Not connected.\n");
-	    continue;
-	}
-	(*c->c_handler)(margc, margv);
-	if (bell && c->c_bell)
-	    putchar('\007');
-	if (c->c_handler != help)
-	    break;
-    }
-    signal(SIGINT, intr);
-    signal(SIGPIPE, lostpeer);
-}
-
-struct cmd *
-getcmd(char *name)
-{
-	char *p, *q;
-	struct cmd *c, *found;
-	int nmatches, longest;
-
-	longest = 0;
-	nmatches = 0;
-	found = 0;
-	for (c = cmdtab; (p = c->c_name); c++) {
-		for (q = name; *q == *p++; q++)
-			if (*q == 0)		/* exact match? */
-				return (c);
-		if (!*q) {			/* the name was a prefix */
-			if (q - name > longest) {
-				longest = q - name;
-				nmatches = 1;
-				found = c;
-			} else if (q - name == longest)
-				nmatches++;
-		}
-	}
-	if (nmatches > 1)
-		return ((struct cmd *)-1);
-	return (found);
-}
-
-/*
- * Slice a string up into argc/argv.
- */
-
-int slrflag;
-
-void
-makeargv(void)
-{
-	char **argp;
-
-	argp = margv;
-	stringbase = line;		/* scan from first of buffer */
-	argbase = argbuf;		/* store from first of buffer */
-	slrflag = 0;
-	for (margc = 0; ; margc++) {
-		/* Expand array if necessary */
-		if (margc == margvlen) {
-			int i;
-
-			margv = (margvlen == 0)
-				? (char **)malloc(20 * sizeof(char *))
-				: (char **)realloc(margv,
-					(margvlen + 20)*sizeof(char *));
-			if (margv == NULL)
-				errx(1, "cannot realloc argv array");
-			for(i = margvlen; i < margvlen + 20; ++i)
-				margv[i] = NULL;
-			margvlen += 20;
-			argp = margv + margc;
-		}
-
-		if ((*argp++ = slurpstring()) == NULL)
-			break;
-	}
-
-}
-
-/*
- * Parse string into argbuf;
- * implemented with FSM to
- * handle quoting and strings
- */
-char *
-slurpstring(void)
-{
-	int got_one = 0;
-	char *sb = stringbase;
-	char *ap = argbase;
-	char *tmp = argbase;		/* will return this if token found */
-
-	if (*sb == '!' || *sb == '$') {	/* recognize ! as a token for shell */
-		switch (slrflag) {	/* and $ as token for macro invoke */
-			case 0:
-				slrflag++;
-				stringbase++;
-				return ((*sb == '!') ? "!" : "$");
-				/* NOTREACHED */
-			case 1:
-				slrflag++;
-				altarg = stringbase;
-				break;
-			default:
-				break;
-		}
-	}
-
-S0:
-	switch (*sb) {
-
-	case '\0':
-		goto OUT;
-
-	case ' ':
-	case '\t':
-		sb++; goto S0;
-
-	default:
-		switch (slrflag) {
-			case 0:
-				slrflag++;
-				break;
-			case 1:
-				slrflag++;
-				altarg = sb;
-				break;
-			default:
-				break;
-		}
-		goto S1;
-	}
-
-S1:
-	switch (*sb) {
-
-	case ' ':
-	case '\t':
-	case '\0':
-		goto OUT;	/* end of token */
-
-	case '\\':
-		sb++; goto S2;	/* slurp next character */
-
-	case '"':
-		sb++; goto S3;	/* slurp quoted string */
-
-	default:
-		*ap++ = *sb++;	/* add character to token */
-		got_one = 1;
-		goto S1;
-	}
-
-S2:
-	switch (*sb) {
-
-	case '\0':
-		goto OUT;
-
-	default:
-		*ap++ = *sb++;
-		got_one = 1;
-		goto S1;
-	}
-
-S3:
-	switch (*sb) {
-
-	case '\0':
-		goto OUT;
-
-	case '"':
-		sb++; goto S1;
-
-	default:
-		*ap++ = *sb++;
-		got_one = 1;
-		goto S3;
-	}
-
-OUT:
-	if (got_one)
-		*ap++ = '\0';
-	argbase = ap;			/* update storage pointer */
-	stringbase = sb;		/* update scan pointer */
-	if (got_one) {
-		return (tmp);
-	}
-	switch (slrflag) {
-		case 0:
-			slrflag++;
-			break;
-		case 1:
-			slrflag++;
-			altarg = (char *) 0;
-			break;
-		default:
-			break;
-	}
-	return NULL;
-}
-
-#define HELPINDENT ((int) sizeof ("directory"))
-
-/*
- * Help command.
- * Call each command handler with argc == 0 and argv[0] == name.
- */
-void
-help(int argc, char **argv)
-{
-	struct cmd *c;
-
-	if (argc == 1) {
-		int i, j, w, k;
-		int columns, width = 0, lines;
-
-		printf("Commands may be abbreviated.  Commands are:\n\n");
-		for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
-			int len = strlen(c->c_name);
-
-			if (len > width)
-				width = len;
-		}
-		width = (width + 8) &~ 7;
-		columns = 80 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-			for (j = 0; j < columns; j++) {
-				c = cmdtab + j * lines + i;
-				if (c->c_name && (!proxy || c->c_proxy)) {
-					printf("%s", c->c_name);
-				}
-				else if (c->c_name) {
-					for (k=0; k < strlen(c->c_name); k++) {
-						putchar(' ');
-					}
-				}
-				if (c + lines >= &cmdtab[NCMDS]) {
-					printf("\n");
-					break;
-				}
-				w = strlen(c->c_name);
-				while (w < width) {
-					w = (w + 8) &~ 7;
-					putchar('\t');
-				}
-			}
-		}
-		return;
-	}
-	while (--argc > 0) {
-		char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (c == (struct cmd *)-1)
-			printf("?Ambiguous help command %s\n", arg);
-		else if (c == (struct cmd *)0)
-			printf("?Invalid help command %s\n", arg);
-		else
-			printf("%-*s\t%s\n", HELPINDENT,
-				c->c_name, c->c_help);
-	}
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/pathnames.h b/crypto/heimdal/appl/ftp/ftp/pathnames.h
deleted file mode 100644
index f7c1fb391d69..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/pathnames.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	8.1 (Berkeley) 6/6/93
- */
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#define	_PATH_TMP_XXX	"/tmp/ftpXXXXXX"
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL	"/bin/sh"
-#endif
diff --git a/crypto/heimdal/appl/ftp/ftp/ruserpass.c b/crypto/heimdal/appl/ftp/ftp/ruserpass.c
deleted file mode 100644
index b22f6997ee8e..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/ruserpass.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * Copyright (c) 1985, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftp_locl.h"
-RCSID("$Id: ruserpass.c,v 1.19 2000/01/08 07:45:11 assar Exp $");
-
-static	int token (void);
-static	FILE *cfile;
-
-#define	DEFAULT	1
-#define	LOGIN	2
-#define	PASSWD	3
-#define	ACCOUNT 4
-#define MACDEF  5
-#define PROT	6
-#define	ID	10
-#define	MACH	11
-
-static char tokval[100];
-
-static struct toktab {
-	char *tokstr;
-	int tval;
-} toktab[]= {
-	{ "default",	DEFAULT },
-	{ "login",	LOGIN },
-	{ "password",	PASSWD },
-	{ "passwd",	PASSWD },
-	{ "account",	ACCOUNT },
-	{ "machine",	MACH },
-	{ "macdef",	MACDEF },
-	{ "prot", 	PROT }, 
-	{ NULL,		0 }
-};
-
-/*
- * Write a copy of the hostname into `hostname, sz' and return a guess
- * as to the `domain' of that hostname.
- */
-
-static char *
-guess_domain (char *hostname, size_t sz)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char *dot;
-
-    if (gethostname (hostname, sz) < 0) {
-	strlcpy (hostname, "", sz);
-	return "";
-    }
-    dot = strchr (hostname, '.');
-    if (dot != NULL)
-	return dot + 1;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (hostname, NULL, &hints, &ai);
-    if (error)
-	return hostname;
-
-    for (a = ai; a != NULL; a = a->ai_next)
-	if (a->ai_canonname != NULL) {
-	    strlcpy (hostname, ai->ai_canonname, sz);
-	    break;
-	}
-    freeaddrinfo (ai);
-    dot = strchr (hostname, '.');
-    if (dot != NULL)
-	return dot + 1;
-    else
-	return hostname;
-}
-
-int
-ruserpass(char *host, char **aname, char **apass, char **aacct)
-{
-    char *hdir, buf[BUFSIZ], *tmp;
-    int t, i, c, usedefault = 0;
-    struct stat stb;
-
-    mydomain = guess_domain (myhostname, MaxHostNameLen);
-
-    hdir = getenv("HOME");
-    if (hdir == NULL)
-	hdir = ".";
-    snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
-    cfile = fopen(buf, "r");
-    if (cfile == NULL) {
-	if (errno != ENOENT)
-	    warn("%s", buf);
-	return (0);
-    }
-
-next:
-    while ((t = token())) switch(t) {
-
-    case DEFAULT:
-	usedefault = 1;
-	/* FALL THROUGH */
-
-    case MACH:
-	if (!usedefault) {
-	    if (token() != ID)
-		continue;
-	    /*
-	     * Allow match either for user's input host name
-	     * or official hostname.  Also allow match of 
-	     * incompletely-specified host in local domain.
-	     */
-	    if (strcasecmp(host, tokval) == 0)
-		goto match;
-	    if (strcasecmp(hostname, tokval) == 0)
-		goto match;
-	    if ((tmp = strchr(hostname, '.')) != NULL &&
-		tmp++ &&
-		strcasecmp(tmp, mydomain) == 0 &&
-		strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
-		tokval[tmp - hostname] == '\0')
-		goto match;
-	    if ((tmp = strchr(host, '.')) != NULL &&
-		tmp++ &&
-		strcasecmp(tmp, mydomain) == 0 &&
-		strncasecmp(host, tokval, tmp - host) == 0 &&
-		tokval[tmp - host] == '\0')
-		goto match;
-	    continue;
-	}
-    match:
-	while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
-
-	case LOGIN:
-	    if (token()) {
-		if (*aname == 0) { 
-		    *aname = strdup(tokval);
-		} else {
-		    if (strcmp(*aname, tokval))
-			goto next;
-		}
-	    }
-	    break;
-	case PASSWD:
-	    if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
-		fstat(fileno(cfile), &stb) >= 0 &&
-		(stb.st_mode & 077) != 0) {
-		warnx("Error: .netrc file is readable by others.");
-		warnx("Remove password or make file unreadable by others.");
-		goto bad;
-	    }
-	    if (token() && *apass == 0) {
-		*apass = strdup(tokval);
-	    }
-	    break;
-	case ACCOUNT:
-	    if (fstat(fileno(cfile), &stb) >= 0
-		&& (stb.st_mode & 077) != 0) {
-		warnx("Error: .netrc file is readable by others.");
-		warnx("Remove account or make file unreadable by others.");
-		goto bad;
-	    }
-	    if (token() && *aacct == 0) {
-		*aacct = strdup(tokval);
-	    }
-	    break;
-	case MACDEF:
-	    if (proxy) {
-		fclose(cfile);
-		return (0);
-	    }
-	    while ((c=getc(cfile)) != EOF && 
-		   (c == ' ' || c == '\t'));
-	    if (c == EOF || c == '\n') {
-		printf("Missing macdef name argument.\n");
-		goto bad;
-	    }
-	    if (macnum == 16) {
-		printf("Limit of 16 macros have already been defined\n");
-		goto bad;
-	    }
-	    tmp = macros[macnum].mac_name;
-	    *tmp++ = c;
-	    for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
-		     !isspace(c); ++i) {
-		*tmp++ = c;
-	    }
-	    if (c == EOF) {
-		printf("Macro definition missing null line terminator.\n");
-		goto bad;
-	    }
-	    *tmp = '\0';
-	    if (c != '\n') {
-		while ((c=getc(cfile)) != EOF && c != '\n');
-	    }
-	    if (c == EOF) {
-		printf("Macro definition missing null line terminator.\n");
-		goto bad;
-	    }
-	    if (macnum == 0) {
-		macros[macnum].mac_start = macbuf;
-	    }
-	    else {
-		macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
-	    }
-	    tmp = macros[macnum].mac_start;
-	    while (tmp != macbuf + 4096) {
-		if ((c=getc(cfile)) == EOF) {
-		    printf("Macro definition missing null line terminator.\n");
-		    goto bad;
-		}
-		*tmp = c;
-		if (*tmp == '\n') {
-		    if (*(tmp-1) == '\0') {
-			macros[macnum++].mac_end = tmp - 1;
-			break;
-		    }
-		    *tmp = '\0';
-		}
-		tmp++;
-	    }
-	    if (tmp == macbuf + 4096) {
-		printf("4K macro buffer exceeded\n");
-		goto bad;
-	    }
-	    break;
-	case PROT:
-	    token();
-	    if(sec_request_prot(tokval) < 0)
-		warnx("Unknown protection level \"%s\"", tokval);
-	    break;
-	default:
-	    warnx("Unknown .netrc keyword %s", tokval);
-	    break;
-	}
-	goto done;
-    }
-done:
-    fclose(cfile);
-    return (0);
-bad:
-    fclose(cfile);
-    return (-1);
-}
-
-static int
-token(void)
-{
-	char *cp;
-	int c;
-	struct toktab *t;
-
-	if (feof(cfile) || ferror(cfile))
-		return (0);
-	while ((c = getc(cfile)) != EOF &&
-	    (c == '\n' || c == '\t' || c == ' ' || c == ','))
-		continue;
-	if (c == EOF)
-		return (0);
-	cp = tokval;
-	if (c == '"') {
-		while ((c = getc(cfile)) != EOF && c != '"') {
-			if (c == '\\')
-				c = getc(cfile);
-			*cp++ = c;
-		}
-	} else {
-		*cp++ = c;
-		while ((c = getc(cfile)) != EOF
-		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {
-			if (c == '\\')
-				c = getc(cfile);
-			*cp++ = c;
-		}
-	}
-	*cp = 0;
-	if (tokval[0] == 0)
-		return (0);
-	for (t = toktab; t->tokstr; t++)
-		if (!strcmp(t->tokstr, tokval))
-			return (t->tval);
-	return (ID);
-}
diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c
deleted file mode 100644
index db67775dbdb2..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/security.c
+++ /dev/null
@@ -1,805 +0,0 @@
-/*
- * Copyright (c) 1998-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef FTP_SERVER
-#include "ftpd_locl.h"
-#else
-#include "ftp_locl.h"
-#endif
-
-RCSID("$Id: security.c,v 1.19 2002/09/04 22:01:28 joda Exp $");
-
-static enum protection_level command_prot;
-static enum protection_level data_prot;
-static size_t buffer_size;
-
-struct buffer {
-    void *data;
-    size_t size;
-    size_t index;
-    int eof_flag;
-};
-
-static struct buffer in_buffer, out_buffer;
-int sec_complete;
-
-static struct {
-    enum protection_level level;
-    const char *name;
-} level_names[] = {
-    { prot_clear, "clear" },
-    { prot_safe, "safe" },
-    { prot_confidential, "confidential" },
-    { prot_private, "private" }
-};
-
-static const char *
-level_to_name(enum protection_level level)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(level_names[i].level == level)
-	    return level_names[i].name;
-    return "unknown";
-}
-
-#ifndef FTP_SERVER /* not used in server */
-static enum protection_level 
-name_to_level(const char *name)
-{
-    int i;
-    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
-	if(!strncasecmp(level_names[i].name, name, strlen(name)))
-	    return level_names[i].level;
-    return (enum protection_level)-1;
-}
-#endif
-
-#ifdef FTP_SERVER
-
-static struct sec_server_mech *mechs[] = {
-#ifdef KRB5
-    &gss_server_mech,
-#endif
-#ifdef KRB4
-    &krb4_server_mech,
-#endif
-    NULL
-};
-
-static struct sec_server_mech *mech;
-
-#else
-
-static struct sec_client_mech *mechs[] = {
-#ifdef KRB5
-    &gss_client_mech,
-#endif
-#ifdef KRB4
-    &krb4_client_mech,
-#endif
-    NULL
-};
-
-static struct sec_client_mech *mech;
-
-#endif
-
-static void *app_data;
-
-int
-sec_getc(FILE *F)
-{
-    if(sec_complete && data_prot) {
-	char c;
-	if(sec_read(fileno(F), &c, 1) <= 0)
-	    return EOF;
-	return c;
-    } else
-	return getc(F);
-}
-
-static int
-block_read(int fd, void *buf, size_t len)
-{
-    unsigned char *p = buf;
-    int b;
-    while(len) {
-	b = read(fd, p, len);
-	if (b == 0)
-	    return 0;
-	else if (b < 0)
-	    return -1;
-	len -= b;
-	p += b;
-    }
-    return p - (unsigned char*)buf;
-}
-
-static int
-block_write(int fd, void *buf, size_t len)
-{
-    unsigned char *p = buf;
-    int b;
-    while(len) {
-	b = write(fd, p, len);
-	if(b < 0)
-	    return -1;
-	len -= b;
-	p += b;
-    }
-    return p - (unsigned char*)buf;
-}
-
-static int
-sec_get_data(int fd, struct buffer *buf, int level)
-{
-    int len;
-    int b;
-    void *tmp;
-
-    b = block_read(fd, &len, sizeof(len));
-    if (b == 0)
-	return 0;
-    else if (b < 0)
-	return -1;
-    len = ntohl(len);
-    tmp = realloc(buf->data, len);
-    if (tmp == NULL)
-	return -1;
-    buf->data = tmp;
-    b = block_read(fd, buf->data, len);
-    if (b == 0)
-	return 0;
-    else if (b < 0)
-	return -1;
-    buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
-    buf->index = 0;
-    return 0;
-}
-
-static size_t
-buffer_read(struct buffer *buf, void *data, size_t len)
-{
-    len = min(len, buf->size - buf->index);
-    memcpy(data, (char*)buf->data + buf->index, len);
-    buf->index += len;
-    return len;
-}
-
-static size_t
-buffer_write(struct buffer *buf, void *data, size_t len)
-{
-    if(buf->index + len > buf->size) {
-	void *tmp;
-	if(buf->data == NULL)
-	    tmp = malloc(1024);
-	else
-	    tmp = realloc(buf->data, buf->index + len);
-	if(tmp == NULL)
-	    return -1;
-	buf->data = tmp;
-	buf->size = buf->index + len;
-    }
-    memcpy((char*)buf->data + buf->index, data, len);
-    buf->index += len;
-    return len;
-}
-
-int
-sec_read(int fd, void *data, int length)
-{
-    size_t len;
-    int rx = 0;
-
-    if(sec_complete == 0 || data_prot == 0)
-	return read(fd, data, length);
-
-    if(in_buffer.eof_flag){
-	in_buffer.eof_flag = 0;
-	return 0;
-    }
-    
-    len = buffer_read(&in_buffer, data, length);
-    length -= len;
-    rx += len;
-    data = (char*)data + len;
-    
-    while(length){
-	int ret;
-
-	ret = sec_get_data(fd, &in_buffer, data_prot);
-	if (ret < 0)
-	    return -1;
-	if(ret == 0 && in_buffer.size == 0) {
-	    if(rx)
-		in_buffer.eof_flag = 1;
-	    return rx;
-	}
-	len = buffer_read(&in_buffer, data, length);
-	length -= len;
-	rx += len;
-	data = (char*)data + len;
-    }
-    return rx;
-}
-
-static int
-sec_send(int fd, char *from, int length)
-{
-    int bytes;
-    void *buf;
-    bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
-    bytes = htonl(bytes);
-    block_write(fd, &bytes, sizeof(bytes));
-    block_write(fd, buf, ntohl(bytes));
-    free(buf);
-    return length;
-}
-
-int
-sec_fflush(FILE *F)
-{
-    if(data_prot != prot_clear) {
-	if(out_buffer.index > 0){
-	    sec_write(fileno(F), out_buffer.data, out_buffer.index);
-	    out_buffer.index = 0;
-	}
-	sec_send(fileno(F), NULL, 0);
-    }
-    fflush(F);
-    return 0;
-}
-
-int
-sec_write(int fd, char *data, int length)
-{
-    int len = buffer_size;
-    int tx = 0;
-      
-    if(data_prot == prot_clear)
-	return write(fd, data, length);
-
-    len -= (*mech->overhead)(app_data, data_prot, len);
-    while(length){
-	if(length < len)
-	    len = length;
-	sec_send(fd, data, len);
-	length -= len;
-	data += len;
-	tx += len;
-    }
-    return tx;
-}
-
-int
-sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
-{
-    char *buf;
-    int ret;
-    if(data_prot == prot_clear)
-	return vfprintf(f, fmt, ap);
-    else {
-	vasprintf(&buf, fmt, ap);
-	ret = buffer_write(&out_buffer, buf, strlen(buf));
-	free(buf);
-	return ret;
-    }
-}
-
-int
-sec_fprintf2(FILE *f, const char *fmt, ...)
-{
-    int ret;
-    va_list ap;
-    va_start(ap, fmt);
-    ret = sec_vfprintf2(f, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-int
-sec_putc(int c, FILE *F)
-{
-    char ch = c;
-    if(data_prot == prot_clear)
-	return putc(c, F);
-    
-    buffer_write(&out_buffer, &ch, 1);
-    if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
-	sec_write(fileno(F), out_buffer.data, out_buffer.index);
-	out_buffer.index = 0;
-    }
-    return c;
-}
-
-int
-sec_read_msg(char *s, int level)
-{
-    int len;
-    char *buf;
-    int code;
-    
-    buf = malloc(strlen(s));
-    len = base64_decode(s + 4, buf); /* XXX */
-    
-    len = (*mech->decode)(app_data, buf, len, level);
-    if(len < 0)
-	return -1;
-    
-    buf[len] = '\0';
-
-    if(buf[3] == '-')
-	code = 0;
-    else
-	sscanf(buf, "%d", &code);
-    if(buf[len-1] == '\n')
-	buf[len-1] = '\0';
-    strcpy(s, buf);
-    free(buf);
-    return code;
-}
-
-int
-sec_vfprintf(FILE *f, const char *fmt, va_list ap)
-{
-    char *buf;
-    void *enc;
-    int len;
-    if(!sec_complete)
-	return vfprintf(f, fmt, ap);
-    
-    vasprintf(&buf, fmt, ap);
-    len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
-    free(buf);
-    if(len < 0) {
-	printf("Failed to encode command.\n");
-	return -1;
-    }
-    if(base64_encode(enc, len, &buf) < 0){
-	free(enc);
-	printf("Out of memory base64-encoding.\n");
-	return -1;
-    }
-    free(enc);
-#ifdef FTP_SERVER
-    if(command_prot == prot_safe)
-	fprintf(f, "631 %s\r\n", buf);
-    else if(command_prot == prot_private)
-	fprintf(f, "632 %s\r\n", buf);
-    else if(command_prot == prot_confidential)
-	fprintf(f, "633 %s\r\n", buf);
-#else
-    if(command_prot == prot_safe)
-	fprintf(f, "MIC %s", buf);
-    else if(command_prot == prot_private)
-	fprintf(f, "ENC %s", buf);
-    else if(command_prot == prot_confidential)
-	fprintf(f, "CONF %s", buf);
-#endif
-    free(buf);
-    return 0;
-}
-
-int
-sec_fprintf(FILE *f, const char *fmt, ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, fmt);
-    ret = sec_vfprintf(f, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-/* end common stuff */
-
-#ifdef FTP_SERVER
-
-void
-auth(char *auth_name)
-{
-    int i;
-    void *tmp;
-
-    for(i = 0; (mech = mechs[i]) != NULL; i++){
-	if(!strcasecmp(auth_name, mech->name)){
-	    tmp = realloc(app_data, mech->size);
-	    if (tmp == NULL) {
-		reply(431, "Unable to accept %s at this time", mech->name);
-		return;
-	    }
-	    app_data = tmp;
-
-	    if(mech->init && (*mech->init)(app_data) != 0) {
-		reply(431, "Unable to accept %s at this time", mech->name);
-		return;
-	    }
-	    if(mech->auth) {
-		(*mech->auth)(app_data);
-		return;
-	    }
-	    if(mech->adat)
-		reply(334, "Send authorization data.");
-	    else
-		reply(234, "Authorization complete.");
-	    return;
-	}
-    }
-    free (app_data);
-    app_data = NULL;
-    reply(504, "%s is unknown to me", auth_name);
-}
-
-void
-adat(char *auth_data)
-{
-    if(mech && !sec_complete) {
-	void *buf = malloc(strlen(auth_data));
-	size_t len;
-	len = base64_decode(auth_data, buf);
-	(*mech->adat)(app_data, buf, len);
-	free(buf);
-    } else
-	reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
-}
-
-void pbsz(int size)
-{
-    size_t new = size;
-    if(!sec_complete)
-	reply(503, "Incomplete security data exchange.");
-    if(mech->pbsz)
-	new = (*mech->pbsz)(app_data, size);
-    if(buffer_size != new){
-	buffer_size = size;
-    }
-    if(new != size)
-	reply(200, "PBSZ=%lu", (unsigned long)new);
-    else
-	reply(200, "OK");
-}
-
-void
-prot(char *pl)
-{
-    int p = -1;
-
-    if(buffer_size == 0){
-	reply(503, "No protection buffer size negotiated.");
-	return;
-    }
-
-    if(!strcasecmp(pl, "C"))
-	p = prot_clear;
-    else if(!strcasecmp(pl, "S"))
-	p = prot_safe;
-    else if(!strcasecmp(pl, "E"))
-	p = prot_confidential;
-    else if(!strcasecmp(pl, "P"))
-	p = prot_private;
-    else {
-	reply(504, "Unrecognized protection level.");
-	return;
-    }
-    
-    if(sec_complete){
-	if((*mech->check_prot)(app_data, p)){
-	    reply(536, "%s does not support %s protection.", 
-		  mech->name, level_to_name(p));
-	}else{
-	    data_prot = (enum protection_level)p;
-	    reply(200, "Data protection is %s.", level_to_name(p));
-	}
-    }else{
-	reply(503, "Incomplete security data exchange.");
-    }
-}
-
-void ccc(void)
-{
-    if(sec_complete){
-	if(mech->ccc && (*mech->ccc)(app_data) == 0)
-	    command_prot = data_prot = prot_clear;
-	else
-	    reply(534, "You must be joking.");
-    }else
-	reply(503, "Incomplete security data exchange.");
-}
-
-void mec(char *msg, enum protection_level level)
-{
-    void *buf;
-    size_t len;
-    if(!sec_complete) {
-	reply(503, "Incomplete security data exchange.");
-	return;
-    }
-    buf = malloc(strlen(msg) + 2); /* XXX go figure out where that 2
-				      comes from :-) */
-    len = base64_decode(msg, buf);
-    command_prot = level;
-    if(len == (size_t)-1) {
-	reply(501, "Failed to base64-decode command");
-	return;
-    }
-    len = (*mech->decode)(app_data, buf, len, level);
-    if(len == (size_t)-1) {
-	reply(535, "Failed to decode command");
-	return;
-    }
-    ((char*)buf)[len] = '\0';
-    if(strstr((char*)buf, "\r\n") == NULL)
-	strcat((char*)buf, "\r\n");
-    new_ftp_command(buf);
-}
-
-/* ------------------------------------------------------------ */
-
-int
-sec_userok(char *user)
-{
-    if(sec_complete)
-	return (*mech->userok)(app_data, user);
-    return 0;
-}
-
-char *ftp_command;
-
-void
-new_ftp_command(char *command)
-{
-    ftp_command = command;
-}
-
-void
-delete_ftp_command(void)
-{
-    free(ftp_command);
-    ftp_command = NULL;
-}
-
-int
-secure_command(void)
-{
-    return ftp_command != NULL;
-}
-
-enum protection_level
-get_command_prot(void)
-{
-    return command_prot;
-}
-
-#else /* FTP_SERVER */
-
-void
-sec_status(void)
-{
-    if(sec_complete){
-	printf("Using %s for authentication.\n", mech->name);
-	printf("Using %s command channel.\n", level_to_name(command_prot));
-	printf("Using %s data channel.\n", level_to_name(data_prot));
-	if(buffer_size > 0)
-	    printf("Protection buffer size: %lu.\n", 
-		   (unsigned long)buffer_size);
-    }else{
-	printf("Not using any security mechanism.\n");
-    }
-}
-
-static int
-sec_prot_internal(int level)
-{
-    int ret;
-    char *p;
-    unsigned int s = 1048576;
-
-    int old_verbose = verbose;
-    verbose = 0;
-
-    if(!sec_complete){
-	printf("No security data exchange has taken place.\n");
-	return -1;
-    }
-
-    if(level){
-	ret = command("PBSZ %u", s);
-	if(ret != COMPLETE){
-	    printf("Failed to set protection buffer size.\n");
-	    return -1;
-	}
-	buffer_size = s;
-	p = strstr(reply_string, "PBSZ=");
-	if(p)
-	    sscanf(p, "PBSZ=%u", &s);
-	if(s < buffer_size)
-	    buffer_size = s;
-    }
-    verbose = old_verbose;
-    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
-    if(ret != COMPLETE){
-	printf("Failed to set protection level.\n");
-	return -1;
-    }
-    
-    data_prot = (enum protection_level)level;
-    return 0;
-}
-
-enum protection_level
-set_command_prot(enum protection_level level)
-{
-    enum protection_level old = command_prot;
-    command_prot = level;
-    return old;
-}
-
-void
-sec_prot(int argc, char **argv)
-{
-    int level = -1;
-
-    if(argc < 2 || argc > 3)
-	goto usage;
-    if(!sec_complete) {
-	printf("No security data exchange has taken place.\n");
-	code = -1;
-	return;
-    }
-    level = name_to_level(argv[argc - 1]);
-    
-    if(level == -1)
-	goto usage;
-    
-    if((*mech->check_prot)(app_data, level)) {
-	printf("%s does not implement %s protection.\n", 
-	       mech->name, level_to_name(level));
-	code = -1;
-	return;
-    }
-    
-    if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
-	if(sec_prot_internal(level) < 0){
-	    code = -1;
-	    return;
-	}
-    } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0)
-	set_command_prot(level);
-    else
-	goto usage;
-    code = 0;
-    return;
- usage:
-    printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
-	   argv[0]);
-    code = -1;
-}
-
-static enum protection_level request_data_prot;
-
-void
-sec_set_protection_level(void)
-{
-    if(sec_complete && data_prot != request_data_prot)
-	sec_prot_internal(request_data_prot);
-}
-
-
-int
-sec_request_prot(char *level)
-{
-    int l = name_to_level(level);
-    if(l == -1)
-	return -1;
-    request_data_prot = (enum protection_level)l;
-    return 0;
-}
-
-int
-sec_login(char *host)
-{
-    int ret;
-    struct sec_client_mech **m;
-    int old_verbose = verbose;
-
-    verbose = -1; /* shut up all messages this will produce (they
-		     are usually not very user friendly) */
-    
-    for(m = mechs; *m && (*m)->name; m++) {
-	void *tmp;
-
-	tmp = realloc(app_data, (*m)->size);
-	if (tmp == NULL) {
-	    warnx ("realloc %u failed", (*m)->size);
-	    return -1;
-	}
-	app_data = tmp;
-	    
-	if((*m)->init && (*(*m)->init)(app_data) != 0) {
-	    printf("Skipping %s...\n", (*m)->name);
-	    continue;
-	}
-	printf("Trying %s...\n", (*m)->name);
-	ret = command("AUTH %s", (*m)->name);
-	if(ret != CONTINUE){
-	    if(code == 504){
-		printf("%s is not supported by the server.\n", (*m)->name);
-	    }else if(code == 534){
-		printf("%s rejected as security mechanism.\n", (*m)->name);
-	    }else if(ret == ERROR) {
-		printf("The server doesn't support the FTP "
-		       "security extensions.\n");
-		verbose = old_verbose;
-		return -1;
-	    }
-	    continue;
-	}
-
-	ret = (*(*m)->auth)(app_data, host);
-	
-	if(ret == AUTH_CONTINUE)
-	    continue;
-	else if(ret != AUTH_OK){
-	    /* mechanism is supposed to output error string */
-	    verbose = old_verbose;
-	    return -1;
-	}
-	mech = *m;
-	sec_complete = 1;
-	command_prot = prot_safe;
-	break;
-    }
-    
-    verbose = old_verbose;
-    return *m == NULL;
-}
-
-void
-sec_end(void)
-{
-    if (mech != NULL) {
-	if(mech->end)
-	    (*mech->end)(app_data);
-	if (app_data != NULL) {
-	    memset(app_data, 0, mech->size);
-	    free(app_data);
-	    app_data = NULL;
-	}
-    }
-    sec_complete = 0;
-    data_prot = (enum protection_level)0;
-}
-
-#endif /* FTP_SERVER */
-
diff --git a/crypto/heimdal/appl/ftp/ftp/security.h b/crypto/heimdal/appl/ftp/ftp/security.h
deleted file mode 100644
index 47e7084c8213..000000000000
--- a/crypto/heimdal/appl/ftp/ftp/security.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: security.h,v 1.9 2000/10/04 06:07:52 assar Exp $ */
-
-#ifndef __security_h__
-#define __security_h__
-
-enum protection_level { 
-    prot_clear, 
-    prot_safe, 
-    prot_confidential, 
-    prot_private 
-};
-
-struct sec_client_mech {
-    char *name;
-    size_t size;
-    int (*init)(void *);
-    int (*auth)(void *, char*);
-    void (*end)(void *);
-    int (*check_prot)(void *, int);
-    int (*overhead)(void *, int, int);
-    int (*encode)(void *, void*, int, int, void**);
-    int (*decode)(void *, void*, int, int);
-};
-
-struct sec_server_mech {
-    char *name;
-    size_t size;
-    int (*init)(void *);
-    void (*end)(void *);
-    int (*check_prot)(void *, int);
-    int (*overhead)(void *, int, int);
-    int (*encode)(void *, void*, int, int, void**);
-    int (*decode)(void *, void*, int, int);
-
-    int (*auth)(void *);
-    int (*adat)(void *, void*, size_t);
-    size_t (*pbsz)(void *, size_t);
-    int (*ccc)(void*);
-    int (*userok)(void*, char*);
-};
-
-#define AUTH_OK		0
-#define AUTH_CONTINUE	1
-#define AUTH_ERROR	2
-
-#ifdef FTP_SERVER
-extern struct sec_server_mech krb4_server_mech, gss_server_mech;
-#else
-extern struct sec_client_mech krb4_client_mech, gss_client_mech;
-#endif
-
-extern int sec_complete;
-
-#ifdef FTP_SERVER
-extern char *ftp_command;
-void new_ftp_command(char*);
-void delete_ftp_command(void);
-#endif
-
-/* ---- */
-
-
-int sec_fflush (FILE *);
-int sec_fprintf (FILE *, const char *, ...)
-    __attribute__ ((format (printf, 2,3)));
-int sec_getc (FILE *);
-int sec_putc (int, FILE *);
-int sec_read (int, void *, int);
-int sec_read_msg (char *, int);
-int sec_vfprintf (FILE *, const char *, va_list)
-    __attribute__ ((format (printf, 2,0)));
-int sec_fprintf2(FILE *f, const char *fmt, ...)
-    __attribute__ ((format (printf, 2,3)));
-int sec_vfprintf2(FILE *, const char *, va_list)
-    __attribute__ ((format (printf, 2,0)));
-int sec_write (int, char *, int);
-
-#ifdef FTP_SERVER
-void adat (char *);
-void auth (char *);
-void ccc (void);
-void mec (char *, enum protection_level);
-void pbsz (int);
-void prot (char *);
-void delete_ftp_command (void);
-void new_ftp_command (char *);
-int sec_userok (char *);
-int secure_command (void);
-enum protection_level get_command_prot(void);
-#else
-void sec_end (void);
-int sec_login (char *);
-void sec_prot (int, char **);
-int sec_request_prot (char *);
-void sec_set_protection_level (void);
-void sec_status (void);
-
-enum protection_level set_command_prot(enum protection_level);
-
-#endif
-
-#endif /* __security_h__ */  
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile b/crypto/heimdal/appl/ftp/ftpd/Makefile
deleted file mode 100644
index 755bca04022d..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile
+++ /dev/null
@@ -1,762 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/ftp/ftpd/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.26 2001/09/06 12:18:34 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-libexec_PROGRAMS = ftpd
-
-CHECK_LOCAL = 
-
-#krb4_sources = krb4.c kauth.c
-krb5_sources = gssapi.c gss_userok.c
-
-ftpd_SOURCES = \
-	extern.h	\
-	ftpcmd.y	\
-	ftpd.c		\
-	ftpd_locl.h	\
-	logwtmp.c	\
-	ls.c		\
-	pathnames.h	\
-	popen.c		\
-	security.c	\
-	$(krb4_sources) \
-	$(krb5_sources)
-
-
-EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
-
-CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
-
-man_MANS = ftpd.8 ftpusers.5
-
-LDADD = ../common/libcommon.a \
-	$(LIB_otp) \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_kafs) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken)
-
-subdir = appl/ftp/ftpd
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = ftpd$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-#am__objects_1 = krb4.$(OBJEXT) kauth.$(OBJEXT)
-am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT)
-am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \
-	ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \
-	$(am__objects_1) $(am__objects_2)
-ftpd_OBJECTS = $(am_ftpd_OBJECTS)
-ftpd_LDADD = $(LDADD)
-ftpd_DEPENDENCIES = ../common/libcommon.a \
-	$(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#ftpd_DEPENDENCIES = ../common/libcommon.a
-#ftpd_DEPENDENCIES = ../common/libcommon.a \
-#	$(top_builddir)/lib/gssapi/libgssapi.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la \
-#	$(top_builddir)/lib/kafs/libkafs.la
-##ftpd_DEPENDENCIES = ../common/libcommon.a \
-##	$(top_builddir)/lib/kafs/libkafs.la
-ftpd_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in ftpcmd.c
-SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/ftpd/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES) 
-	@rm -f ftpd$(EXEEXT)
-	$(LINK) $(ftpd_LDFLAGS) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man5dir = $(mandir)/man5
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man5dir)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man5dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "ftpcmd.c" || rm -f ftpcmd.c
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man5 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man5 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man5 install-man8 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man5 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(ftpd_OBJECTS): security.h
-
-security.c:
-	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
-security.h:
-	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
-krb4.c:
-	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
-gssapi.c:
-	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.am b/crypto/heimdal/appl/ftp/ftpd/Makefile.am
deleted file mode 100644
index 20f8b57cfbd4..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.am
+++ /dev/null
@@ -1,55 +0,0 @@
-# $Id: Makefile.am,v 1.26 2001/09/06 12:18:34 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
-
-libexec_PROGRAMS = ftpd
-
-CHECK_LOCAL = 
-
-if KRB4
-krb4_sources = krb4.c kauth.c
-endif
-if KRB5
-krb5_sources = gssapi.c gss_userok.c
-endif
-
-ftpd_SOURCES =		\
-	extern.h	\
-	ftpcmd.y	\
-	ftpd.c		\
-	ftpd_locl.h	\
-	logwtmp.c	\
-	ls.c		\
-	pathnames.h	\
-	popen.c		\
-	security.c	\
-	$(krb4_sources) \
-	$(krb5_sources)
-
-EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
-
-$(ftpd_OBJECTS): security.h
-
-security.c:
-	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
-security.h:
-	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
-krb4.c:
-	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
-gssapi.c:
-	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
-
-CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
-
-man_MANS = ftpd.8 ftpusers.5
-
-LDADD = ../common/libcommon.a \
-	$(LIB_otp) \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_kafs) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in
deleted file mode 100644
index 33e3c36a3b45..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in
+++ /dev/null
@@ -1,748 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.26 2001/09/06 12:18:34 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-libexec_PROGRAMS = ftpd
-
-CHECK_LOCAL = 
-
-@KRB4_TRUE@krb4_sources = krb4.c kauth.c
-@KRB5_TRUE@krb5_sources = gssapi.c gss_userok.c
-
-ftpd_SOURCES = \
-	extern.h	\
-	ftpcmd.y	\
-	ftpd.c		\
-	ftpd_locl.h	\
-	logwtmp.c	\
-	ls.c		\
-	pathnames.h	\
-	popen.c		\
-	security.c	\
-	$(krb4_sources) \
-	$(krb5_sources)
-
-
-EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
-
-CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
-
-man_MANS = ftpd.8 ftpusers.5
-
-LDADD = ../common/libcommon.a \
-	$(LIB_otp) \
-	$(LIB_gssapi) \
-	$(LIB_krb5) \
-	$(LIB_kafs) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken)
-
-subdir = appl/ftp/ftpd
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = ftpd$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) kauth.$(OBJEXT)
-@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT)
-am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \
-	ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \
-	$(am__objects_1) $(am__objects_2)
-ftpd_OBJECTS = $(am_ftpd_OBJECTS)
-ftpd_LDADD = $(LDADD)
-@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \
-@KRB5_TRUE@	$(top_builddir)/lib/gssapi/libgssapi.la \
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la \
-@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la
-@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a \
-@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la
-ftpd_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in ftpcmd.c
-SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/ftp/ftpd/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES) 
-	@rm -f ftpd$(EXEEXT)
-	$(LINK) $(ftpd_LDFLAGS) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man5dir = $(mandir)/man5
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man5dir)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man5dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man5 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man5 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man5 install-man8 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man5 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(ftpd_OBJECTS): security.h
-
-security.c:
-	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
-security.h:
-	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
-krb4.c:
-	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
-gssapi.c:
-	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/ftp/ftpd/extern.h b/crypto/heimdal/appl/ftp/ftpd/extern.h
deleted file mode 100644
index f321e60ff88f..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/extern.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)extern.h	8.2 (Berkeley) 4/4/94
- */
-
-#ifndef _EXTERN_H_
-#define _EXTERN_H_
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <setjmp.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#ifndef NBBY
-#define NBBY CHAR_BIT
-#endif
-
-void	abor(void);
-void	blkfree(char **);
-char  **copyblk(char **);
-void	cwd(char *);
-void	do_delete(char *);
-void	dologout(int);
-void	eprt(char *);
-void	epsv(char *);
-void	fatal(char *);
-int	filename_check(char *);
-int	ftpd_pclose(FILE *);
-FILE   *ftpd_popen(char *, char *, int, int);
-char   *ftpd_getline(char *, int);
-void	ftpd_logwtmp(char *, char *, char *);
-void	lreply(int, const char *, ...)
-    __attribute__ ((format (printf, 2, 3)));
-void	makedir(char *);
-void	nack(char *);
-void	nreply(const char *, ...)
-    __attribute__ ((format (printf, 1, 2)));
-void	pass(char *);
-void	pasv(void);
-void	perror_reply(int, const char *);
-void	pwd(void);
-void	removedir(char *);
-void	renamecmd(char *, char *);
-char   *renamefrom(char *);
-void	reply(int, const char *, ...)
-    __attribute__ ((format (printf, 2, 3)));
-void	retrieve(const char *, char *);
-void	send_file_list(char *);
-void	setproctitle(const char *, ...)
-    __attribute__ ((format (printf, 1, 2)));
-void	statcmd(void);
-void	statfilecmd(char *);
-void	do_store(char *, char *, int);
-void	upper(char *);
-void	user(char *);
-void	yyerror(char *);
-
-void	list_file(char*);
-
-void	kauth(char *, char*);
-void	klist(void);
-void	cond_kdestroy(void);
-void	kdestroy(void);
-void	krbtkfile(const char *tkfile);
-void	afslog(const char *cell);
-void	afsunlog(void);
-
-int	find(char *);
-
-int	builtin_ls(FILE*, const char*);
-
-int	do_login(int code, char *passwd);
-int	klogin(char *name, char *password);
-
-const char *ftp_rooted(const char *path);
-
-extern struct sockaddr *ctrl_addr, *his_addr;
-extern char hostname[];
-
-extern	struct sockaddr *data_dest;
-extern	int logged_in;
-extern	struct passwd *pw;
-extern	int guest;
-extern	int logging;
-extern	int type;
-extern	int oobflag;
-extern off_t file_size;
-extern off_t byte_count;
-extern jmp_buf urgcatch;
-
-extern	int form;
-extern	int debug;
-extern	int ftpd_timeout;
-extern	int maxtimeout;
-extern  int pdata;
-extern	char hostname[], remotehost[];
-extern	char proctitle[];
-extern	int usedefault;
-extern  int transflag;
-extern  char tmpline[];
-
-#endif /* _EXTERN_H_ */
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
deleted file mode 100644
index 2c90987d65d7..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y
+++ /dev/null
@@ -1,1460 +0,0 @@
-/*	$NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $	*/
-
-/*
- * Copyright (c) 1985, 1988, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftpcmd.y	8.3 (Berkeley) 4/6/94
- */
-
-/*
- * Grammar for FTP commands.
- * See RFC 959.
- */
-
-%{
-
-#include "ftpd_locl.h"
-RCSID("$Id: ftpcmd.y,v 1.61 2001/08/05 06:39:29 assar Exp $");
-
-off_t	restart_point;
-
-static	int cmd_type;
-static	int cmd_form;
-static	int cmd_bytesz;
-char	cbuf[2048];
-char	*fromname;
-
-struct tab {
-	char	*name;
-	short	token;
-	short	state;
-	short	implemented;	/* 1 if command is implemented */
-	char	*help;
-};
-
-extern struct tab cmdtab[];
-extern struct tab sitetab[];
-
-static char		*copy (char *);
-static void		 help (struct tab *, char *);
-static struct tab *
-			 lookup (struct tab *, char *);
-static void		 sizecmd (char *);
-static RETSIGTYPE	 toolong (int);
-static int		 yylex (void);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-	int	i;
-	char   *s;
-}
-
-%token
-	A	B	C	E	F	I
-	L	N	P	R	S	T
-
-	SP	CRLF	COMMA
-
-	USER	PASS	ACCT	REIN	QUIT	PORT
-	PASV	TYPE	STRU	MODE	RETR	STOR
-	APPE	MLFL	MAIL	MSND	MSOM	MSAM
-	MRSQ	MRCP	ALLO	REST	RNFR	RNTO
-	ABOR	DELE	CWD	LIST	NLST	SITE
-	sTAT	HELP	NOOP	MKD	RMD	PWD
-	CDUP	STOU	SMNT	SYST	SIZE	MDTM
-	EPRT	EPSV
-
-	UMASK	IDLE	CHMOD
-
-	AUTH	ADAT	PROT	PBSZ	CCC	MIC
-	CONF	ENC
-
-	KAUTH	KLIST	KDESTROY KRBTKFILE AFSLOG
-	LOCATE	URL
-
-	FEAT	OPTS
-
-	LEXERR
-
-%token	<s> STRING
-%token	<i> NUMBER
-
-%type	<i> check_login check_login_no_guest check_secure octal_number byte_size
-%type	<i> struct_code mode_code type_code form_code
-%type	<s> pathstring pathname password username
-
-%start	cmd_list
-
-%%
-
-cmd_list
-	: /* empty */
-	| cmd_list cmd
-		{
-			fromname = (char *) 0;
-			restart_point = (off_t) 0;
-		}
-	| cmd_list rcmd
-	;
-
-cmd
-	: USER SP username CRLF
-		{
-			user($3);
-			free($3);
-		}
-	| PASS SP password CRLF
-		{
-			pass($3);
-			memset ($3, 0, strlen($3));
-			free($3);
-		}
-	| PORT SP host_port CRLF
-		{
-			usedefault = 0;
-			if (pdata >= 0) {
-				close(pdata);
-				pdata = -1;
-			}
-			reply(200, "PORT command successful.");
-		}
-	| EPRT SP STRING CRLF
-		{
-			eprt ($3);
-			free ($3);
-		}
-	| PASV CRLF check_login
-		{
-		    if($3)
-			pasv ();
-		}
-	| EPSV CRLF check_login
-		{
-		    if($3)
-			epsv (NULL);
-		}
-	| EPSV SP STRING CRLF check_login
-		{
-		    if($5)
-			epsv ($3);
-		    free ($3);
-		}
-	| TYPE SP type_code CRLF
-		{
-			switch (cmd_type) {
-
-			case TYPE_A:
-				if (cmd_form == FORM_N) {
-					reply(200, "Type set to A.");
-					type = cmd_type;
-					form = cmd_form;
-				} else
-					reply(504, "Form must be N.");
-				break;
-
-			case TYPE_E:
-				reply(504, "Type E not implemented.");
-				break;
-
-			case TYPE_I:
-				reply(200, "Type set to I.");
-				type = cmd_type;
-				break;
-
-			case TYPE_L:
-#if NBBY == 8
-				if (cmd_bytesz == 8) {
-					reply(200,
-					    "Type set to L (byte size 8).");
-					type = cmd_type;
-				} else
-					reply(504, "Byte size must be 8.");
-#else /* NBBY == 8 */
-				UNIMPLEMENTED for NBBY != 8
-#endif /* NBBY == 8 */
-			}
-		}
-	| STRU SP struct_code CRLF
-		{
-			switch ($3) {
-
-			case STRU_F:
-				reply(200, "STRU F ok.");
-				break;
-
-			default:
-				reply(504, "Unimplemented STRU type.");
-			}
-		}
-	| MODE SP mode_code CRLF
-		{
-			switch ($3) {
-
-			case MODE_S:
-				reply(200, "MODE S ok.");
-				break;
-
-			default:
-				reply(502, "Unimplemented MODE type.");
-			}
-		}
-	| ALLO SP NUMBER CRLF
-		{
-			reply(202, "ALLO command ignored.");
-		}
-	| ALLO SP NUMBER SP R SP NUMBER CRLF
-		{
-			reply(202, "ALLO command ignored.");
-		}
-	| RETR SP pathname CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				retrieve(0, name);
-			if (name != NULL)
-				free(name);
-		}
-	| STOR SP pathname CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				do_store(name, "w", 0);
-			if (name != NULL)
-				free(name);
-		}
-	| APPE SP pathname CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				do_store(name, "a", 0);
-			if (name != NULL)
-				free(name);
-		}
-	| NLST CRLF check_login
-		{
-			if ($3)
-				send_file_list(".");
-		}
-	| NLST SP STRING CRLF check_login
-		{
-			char *name = $3;
-
-			if ($5 && name != NULL)
-				send_file_list(name);
-			if (name != NULL)
-				free(name);
-		}
-	| LIST CRLF check_login
-		{
-		    if($3)
-			list_file(".");
-		}
-	| LIST SP pathname CRLF check_login
-		{
-		    if($5)
-			list_file($3);
-		    free($3);
-		}
-	| sTAT SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				statfilecmd($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| sTAT CRLF
-		{
-		    if(oobflag){
-			if (file_size != (off_t) -1)
-			    reply(213, "Status: %lu of %lu bytes transferred",
-				  (unsigned long)byte_count, 
-				  (unsigned long)file_size);
-			else
-			    reply(213, "Status: %lu bytes transferred", 
-				  (unsigned long)byte_count);
-		    }else
-			statcmd();
-	}
-	| DELE SP pathname CRLF check_login_no_guest
-		{
-			if ($5 && $3 != NULL)
-				do_delete($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| RNTO SP pathname CRLF check_login_no_guest
-		{
-			if($5){
-				if (fromname) {
-					renamecmd(fromname, $3);
-					free(fromname);
-					fromname = (char *) 0;
-				} else {
-					reply(503, "Bad sequence of commands.");
-				}
-			}
-			if ($3 != NULL)
-				free($3);
-		}
-	| ABOR CRLF
-		{
-			if(oobflag){
-				reply(426, "Transfer aborted. Data connection closed.");
-				reply(226, "Abort successful");
-				oobflag = 0;
-				longjmp(urgcatch, 1);
-			}else
-				reply(225, "ABOR command successful.");
-		}
-	| CWD CRLF check_login
-		{
-			if ($3)
-				cwd(pw->pw_dir);
-		}
-	| CWD SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				cwd($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| HELP CRLF
-		{
-			help(cmdtab, (char *) 0);
-		}
-	| HELP SP STRING CRLF
-		{
-			char *cp = $3;
-
-			if (strncasecmp(cp, "SITE", 4) == 0) {
-				cp = $3 + 4;
-				if (*cp == ' ')
-					cp++;
-				if (*cp)
-					help(sitetab, cp);
-				else
-					help(sitetab, (char *) 0);
-			} else
-				help(cmdtab, $3);
-		}
-	| NOOP CRLF
-		{
-			reply(200, "NOOP command successful.");
-		}
-	| MKD SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				makedir($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| RMD SP pathname CRLF check_login_no_guest
-		{
-			if ($5 && $3 != NULL)
-				removedir($3);
-			if ($3 != NULL)
-				free($3);
-		}
-	| PWD CRLF check_login
-		{
-			if ($3)
-				pwd();
-		}
-	| CDUP CRLF check_login
-		{
-			if ($3)
-				cwd("..");
-		}
-	| FEAT CRLF
-		{
-			lreply(211, "Supported features:");
-			lreply(0, " MDTM");
-			lreply(0, " REST STREAM");
-			lreply(0, " SIZE");
-			reply(211, "End");
-		}
-	| OPTS SP STRING CRLF
-		{
-			free ($3);
-			reply(501, "Bad options");
-		}
-
-	| SITE SP HELP CRLF
-		{
-			help(sitetab, (char *) 0);
-		}
-	| SITE SP HELP SP STRING CRLF
-		{
-			help(sitetab, $5);
-		}
-	| SITE SP UMASK CRLF check_login
-		{
-			if ($5) {
-				int oldmask = umask(0);
-				umask(oldmask);
-				reply(200, "Current UMASK is %03o", oldmask);
-			}
-		}
-	| SITE SP UMASK SP octal_number CRLF check_login_no_guest
-		{
-			if ($7) {
-				if (($5 == -1) || ($5 > 0777)) {
-					reply(501, "Bad UMASK value");
-				} else {
-					int oldmask = umask($5);
-					reply(200,
-					      "UMASK set to %03o (was %03o)",
-					      $5, oldmask);
-				}
-			}
-		}
-	| SITE SP CHMOD SP octal_number SP pathname CRLF check_login_no_guest
-		{
-			if ($9 && $7 != NULL) {
-				if ($5 > 0777)
-					reply(501,
-				"CHMOD: Mode value must be between 0 and 0777");
-				else if (chmod($7, $5) < 0)
-					perror_reply(550, $7);
-				else
-					reply(200, "CHMOD command successful.");
-			}
-			if ($7 != NULL)
-				free($7);
-		}
-	| SITE SP IDLE CRLF
-		{
-			reply(200,
-			    "Current IDLE time limit is %d seconds; max %d",
-				ftpd_timeout, maxtimeout);
-		}
-	| SITE SP IDLE SP NUMBER CRLF
-		{
-			if ($5 < 30 || $5 > maxtimeout) {
-				reply(501,
-			"Maximum IDLE time must be between 30 and %d seconds",
-				    maxtimeout);
-			} else {
-				ftpd_timeout = $5;
-				alarm((unsigned) ftpd_timeout);
-				reply(200,
-				    "Maximum IDLE time set to %d seconds",
-				    ftpd_timeout);
-			}
-		}
-
-	| SITE SP KAUTH SP STRING CRLF check_login
-		{
-#ifdef KRB4
-			char *p;
-			
-			if(guest)
-				reply(500, "Can't be done as guest.");
-			else{
-				if($7 && $5 != NULL){
-				    p = strpbrk($5, " \t");
-				    if(p){
-					*p++ = 0;
-					kauth($5, p + strspn(p, " \t"));
-				    }else
-					kauth($5, NULL);
-				}
-			}
-			if($5 != NULL)
-			    free($5);
-#else
-			reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP KLIST CRLF check_login
-		{
-#ifdef KRB4
-		    if($5)
-			klist();
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP KDESTROY CRLF check_login
-		{
-#ifdef KRB4
-		    if($5)
-			kdestroy();
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP KRBTKFILE SP STRING CRLF check_login
-		{
-#ifdef KRB4
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($7 && $5)
-			krbtkfile($5);
-		    if($5)
-			free($5);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP AFSLOG CRLF check_login
-		{
-#ifdef KRB4
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($5)
-			afslog(NULL);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP AFSLOG SP STRING CRLF check_login
-		{
-#ifdef KRB4
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($7)
-			afslog($5);
-		    if($5)
-			free($5);
-#else
-		    reply(500, "Command not implemented.");
-#endif
-		}
-	| SITE SP LOCATE SP STRING CRLF check_login
-		{
-		    if($7 && $5 != NULL)
-			find($5);
-		    if($5 != NULL)
-			free($5);
-		}
-	| SITE SP URL CRLF
-		{
-			reply(200, "http://www.pdc.kth.se/kth-krb/");
-		}
-	| STOU SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				do_store($3, "w", 1);
-			if ($3 != NULL)
-				free($3);
-		}
-	| SYST CRLF
-		{
-#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
-		    reply(215, "UNIX Type: L%d", NBBY);
-#else
-		    reply(215, "UNKNOWN Type: L%d", NBBY);
-#endif
-		}
-
-		/*
-		 * SIZE is not in RFC959, but Postel has blessed it and
-		 * it will be in the updated RFC.
-		 *
-		 * Return size of file in a format suitable for
-		 * using with RESTART (we just count bytes).
-		 */
-	| SIZE SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL)
-				sizecmd($3);
-			if ($3 != NULL)
-				free($3);
-		}
-
-		/*
-		 * MDTM is not in RFC959, but Postel has blessed it and
-		 * it will be in the updated RFC.
-		 *
-		 * Return modification time of file as an ISO 3307
-		 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx
-		 * where xxx is the fractional second (of any precision,
-		 * not necessarily 3 digits)
-		 */
-	| MDTM SP pathname CRLF check_login
-		{
-			if ($5 && $3 != NULL) {
-				struct stat stbuf;
-				if (stat($3, &stbuf) < 0)
-					reply(550, "%s: %s",
-					    $3, strerror(errno));
-				else if (!S_ISREG(stbuf.st_mode)) {
-					reply(550,
-					      "%s: not a plain file.", $3);
-				} else {
-					struct tm *t;
-					time_t mtime = stbuf.st_mtime;
-
-					t = gmtime(&mtime);
-					reply(213,
-					      "%04d%02d%02d%02d%02d%02d",
-					      t->tm_year + 1900,
-					      t->tm_mon + 1,
-					      t->tm_mday,
-					      t->tm_hour,
-					      t->tm_min,
-					      t->tm_sec);
-				}
-			}
-			if ($3 != NULL)
-				free($3);
-		}
-	| QUIT CRLF
-		{
-			reply(221, "Goodbye.");
-			dologout(0);
-		}
-	| error CRLF
-		{
-			yyerrok;
-		}
-	;
-rcmd
-	: RNFR SP pathname CRLF check_login_no_guest
-		{
-			restart_point = (off_t) 0;
-			if ($5 && $3) {
-				fromname = renamefrom($3);
-				if (fromname == (char *) 0 && $3) {
-					free($3);
-				}
-			}
-		}
-	| REST SP byte_size CRLF
-		{
-			fromname = (char *) 0;
-			restart_point = $3;	/* XXX $3 is only "int" */
-			reply(350, "Restarting at %ld. %s",
-			      (long)restart_point,
-			      "Send STORE or RETRIEVE to initiate transfer.");
-		}
-	| AUTH SP STRING CRLF
-		{
-			auth($3);
-			free($3);
-		}
-	| ADAT SP STRING CRLF
-		{
-			adat($3);
-			free($3);
-		}
-	| PBSZ SP NUMBER CRLF
-		{
-			pbsz($3);
-		}
-	| PROT SP STRING CRLF
-		{
-			prot($3);
-		}
-	| CCC CRLF
-		{
-			ccc();
-		}
-	| MIC SP STRING CRLF
-		{
-			mec($3, prot_safe);
-			free($3);
-		}
-	| CONF SP STRING CRLF
-		{
-			mec($3, prot_confidential);
-			free($3);
-		}
-	| ENC SP STRING CRLF
-		{
-			mec($3, prot_private);
-			free($3);
-		}
-	;
-
-username
-	: STRING
-	;
-
-password
-	: /* empty */
-		{
-			$$ = (char *)calloc(1, sizeof(char));
-		}
-	| STRING
-	;
-
-byte_size
-	: NUMBER
-	;
-
-host_port
-	: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
-		NUMBER COMMA NUMBER
-		{
-			struct sockaddr_in *sin = (struct sockaddr_in *)data_dest;
-
-			sin->sin_family = AF_INET;
-			sin->sin_port = htons($9 * 256 + $11);
-			sin->sin_addr.s_addr = 
-			    htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
-		}
-	;
-
-form_code
-	: N
-		{
-			$$ = FORM_N;
-		}
-	| T
-		{
-			$$ = FORM_T;
-		}
-	| C
-		{
-			$$ = FORM_C;
-		}
-	;
-
-type_code
-	: A
-		{
-			cmd_type = TYPE_A;
-			cmd_form = FORM_N;
-		}
-	| A SP form_code
-		{
-			cmd_type = TYPE_A;
-			cmd_form = $3;
-		}
-	| E
-		{
-			cmd_type = TYPE_E;
-			cmd_form = FORM_N;
-		}
-	| E SP form_code
-		{
-			cmd_type = TYPE_E;
-			cmd_form = $3;
-		}
-	| I
-		{
-			cmd_type = TYPE_I;
-		}
-	| L
-		{
-			cmd_type = TYPE_L;
-			cmd_bytesz = NBBY;
-		}
-	| L SP byte_size
-		{
-			cmd_type = TYPE_L;
-			cmd_bytesz = $3;
-		}
-		/* this is for a bug in the BBN ftp */
-	| L byte_size
-		{
-			cmd_type = TYPE_L;
-			cmd_bytesz = $2;
-		}
-	;
-
-struct_code
-	: F
-		{
-			$$ = STRU_F;
-		}
-	| R
-		{
-			$$ = STRU_R;
-		}
-	| P
-		{
-			$$ = STRU_P;
-		}
-	;
-
-mode_code
-	: S
-		{
-			$$ = MODE_S;
-		}
-	| B
-		{
-			$$ = MODE_B;
-		}
-	| C
-		{
-			$$ = MODE_C;
-		}
-	;
-
-pathname
-	: pathstring
-		{
-			/*
-			 * Problem: this production is used for all pathname
-			 * processing, but only gives a 550 error reply.
-			 * This is a valid reply in some cases but not in others.
-			 */
-			if (logged_in && $1 && *$1 == '~') {
-				glob_t gl;
-				int flags =
-				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
-
-				memset(&gl, 0, sizeof(gl));
-				if (glob($1, flags, NULL, &gl) ||
-				    gl.gl_pathc == 0) {
-					reply(550, "not found");
-					$$ = NULL;
-				} else {
-					$$ = strdup(gl.gl_pathv[0]);
-				}
-				globfree(&gl);
-				free($1);
-			} else
-				$$ = $1;
-		}
-	;
-
-pathstring
-	: STRING
-	;
-
-octal_number
-	: NUMBER
-		{
-			int ret, dec, multby, digit;
-
-			/*
-			 * Convert a number that was read as decimal number
-			 * to what it would be if it had been read as octal.
-			 */
-			dec = $1;
-			multby = 1;
-			ret = 0;
-			while (dec) {
-				digit = dec%10;
-				if (digit > 7) {
-					ret = -1;
-					break;
-				}
-				ret += digit * multby;
-				multby *= 8;
-				dec /= 10;
-			}
-			$$ = ret;
-		}
-	;
-
-
-check_login_no_guest : check_login
-		{
-			$$ = $1 && !guest;
-			if($1 && !$$)
-				reply(550, "Permission denied");
-		}
-	;
-
-check_login : check_secure
-		{
-		    if($1) {
-			if(($$ = logged_in) == 0)
-			    reply(530, "Please login with USER and PASS.");
-		    } else
-			$$ = 0;
-		}
-	;
-
-check_secure : /* empty */
-		{
-		    $$ = 1;
-		    if(sec_complete && !secure_command()) {
-			$$ = 0;
-			reply(533, "Command protection level denied "
-			      "for paranoid reasons.");
-		    }
-		}
-	;
-
-%%
-
-extern jmp_buf errcatch;
-
-#define	CMD	0	/* beginning of command */
-#define	ARGS	1	/* expect miscellaneous arguments */
-#define	STR1	2	/* expect SP followed by STRING */
-#define	STR2	3	/* expect STRING */
-#define	OSTR	4	/* optional SP then STRING */
-#define	ZSTR1	5	/* SP then optional STRING */
-#define	ZSTR2	6	/* optional STRING after SP */
-#define	SITECMD	7	/* SITE command */
-#define	NSTR	8	/* Number followed by a string */
-
-struct tab cmdtab[] = {		/* In order defined in RFC 765 */
-	{ "USER", USER, STR1, 1,	"<sp> username" },
-	{ "PASS", PASS, ZSTR1, 1,	"<sp> password" },
-	{ "ACCT", ACCT, STR1, 0,	"(specify account)" },
-	{ "SMNT", SMNT, ARGS, 0,	"(structure mount)" },
-	{ "REIN", REIN, ARGS, 0,	"(reinitialize server state)" },
-	{ "QUIT", QUIT, ARGS, 1,	"(terminate service)", },
-	{ "PORT", PORT, ARGS, 1,	"<sp> b0, b1, b2, b3, b4" },
-	{ "EPRT", EPRT, STR1, 1,	"<sp> string" },
-	{ "PASV", PASV, ARGS, 1,	"(set server in passive mode)" },
-	{ "EPSV", EPSV, OSTR, 1,	"[<sp> foo]" },
-	{ "TYPE", TYPE, ARGS, 1,	"<sp> [ A | E | I | L ]" },
-	{ "STRU", STRU, ARGS, 1,	"(specify file structure)" },
-	{ "MODE", MODE, ARGS, 1,	"(specify transfer mode)" },
-	{ "RETR", RETR, STR1, 1,	"<sp> file-name" },
-	{ "STOR", STOR, STR1, 1,	"<sp> file-name" },
-	{ "APPE", APPE, STR1, 1,	"<sp> file-name" },
-	{ "MLFL", MLFL, OSTR, 0,	"(mail file)" },
-	{ "MAIL", MAIL, OSTR, 0,	"(mail to user)" },
-	{ "MSND", MSND, OSTR, 0,	"(mail send to terminal)" },
-	{ "MSOM", MSOM, OSTR, 0,	"(mail send to terminal or mailbox)" },
-	{ "MSAM", MSAM, OSTR, 0,	"(mail send to terminal and mailbox)" },
-	{ "MRSQ", MRSQ, OSTR, 0,	"(mail recipient scheme question)" },
-	{ "MRCP", MRCP, STR1, 0,	"(mail recipient)" },
-	{ "ALLO", ALLO, ARGS, 1,	"allocate storage (vacuously)" },
-	{ "REST", REST, ARGS, 1,	"<sp> offset (restart command)" },
-	{ "RNFR", RNFR, STR1, 1,	"<sp> file-name" },
-	{ "RNTO", RNTO, STR1, 1,	"<sp> file-name" },
-	{ "ABOR", ABOR, ARGS, 1,	"(abort operation)" },
-	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
-	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
-	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
-	{ "STAT", sTAT, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-	{ "NOOP", NOOP, ARGS, 1,	"" },
-	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
-	{ "XMKD", MKD,  STR1, 1,	"<sp> path-name" },
-	{ "RMD",  RMD,  STR1, 1,	"<sp> path-name" },
-	{ "XRMD", RMD,  STR1, 1,	"<sp> path-name" },
-	{ "PWD",  PWD,  ARGS, 1,	"(return current directory)" },
-	{ "XPWD", PWD,  ARGS, 1,	"(return current directory)" },
-	{ "CDUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "XCUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
-	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
-	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
-
-	/* extensions from RFC2228 */
-	{ "AUTH", AUTH,	STR1, 1,	"<sp> auth-type" },
-	{ "ADAT", ADAT,	STR1, 1,	"<sp> auth-data" },
-	{ "PBSZ", PBSZ,	ARGS, 1,	"<sp> buffer-size" },
-	{ "PROT", PROT,	STR1, 1,	"<sp> prot-level" },
-	{ "CCC",  CCC,	ARGS, 1,	"" },
-	{ "MIC",  MIC,	STR1, 1,	"<sp> integrity command" },
-	{ "CONF", CONF,	STR1, 1,	"<sp> confidentiality command" },
-	{ "ENC",  ENC,	STR1, 1,	"<sp> privacy command" },
-
-	/* RFC2389 */
-	{ "FEAT", FEAT, ARGS, 1,	"" },
-	{ "OPTS", OPTS, ARGS, 1,	"<sp> command [<sp> options]" },
-
-	{ NULL,   0,    0,    0,	0 }
-};
-
-struct tab sitetab[] = {
-	{ "UMASK", UMASK, ARGS, 1,	"[ <sp> umask ]" },
-	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
-	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-
-	{ "KAUTH", KAUTH, STR1, 1,	"<sp> principal [ <sp> ticket ]" },
-	{ "KLIST", KLIST, ARGS, 1,	"(show ticket file)" },
-	{ "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
-	{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
-	{ "AFSLOG", AFSLOG, OSTR, 1,	"[<sp> cell]" },
-
-	{ "LOCATE", LOCATE, STR1, 1,	"<sp> globexpr" },
-	{ "FIND", LOCATE, STR1, 1,	"<sp> globexpr" },
-
-	{ "URL",  URL,  ARGS, 1,	"?" },
-	
-	{ NULL,   0,    0,    0,	0 }
-};
-
-static struct tab *
-lookup(struct tab *p, char *cmd)
-{
-
-	for (; p->name != NULL; p++)
-		if (strcmp(cmd, p->name) == 0)
-			return (p);
-	return (0);
-}
-
-/*
- * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
- */
-char *
-ftpd_getline(char *s, int n)
-{
-	int c;
-	char *cs;
-
-	cs = s;
-/* tmpline may contain saved command from urgent mode interruption */
-	if(ftp_command){
-	  strlcpy(s, ftp_command, n);
-	  if (debug)
-	    syslog(LOG_DEBUG, "command: %s", s);
-#ifdef XXX
-	  fprintf(stderr, "%s\n", s);
-#endif
-	  return s;
-	}
-	while ((c = getc(stdin)) != EOF) {
-		c &= 0377;
-		if (c == IAC) {
-		    if ((c = getc(stdin)) != EOF) {
-			c &= 0377;
-			switch (c) {
-			case WILL:
-			case WONT:
-				c = getc(stdin);
-				printf("%c%c%c", IAC, DONT, 0377&c);
-				fflush(stdout);
-				continue;
-			case DO:
-			case DONT:
-				c = getc(stdin);
-				printf("%c%c%c", IAC, WONT, 0377&c);
-				fflush(stdout);
-				continue;
-			case IAC:
-				break;
-			default:
-				continue;	/* ignore command */
-			}
-		    }
-		}
-		*cs++ = c;
-		if (--n <= 0 || c == '\n')
-			break;
-	}
-	if (c == EOF && cs == s)
-		return (NULL);
-	*cs++ = '\0';
-	if (debug) {
-		if (!guest && strncasecmp("pass ", s, 5) == 0) {
-			/* Don't syslog passwords */
-			syslog(LOG_DEBUG, "command: %.5s ???", s);
-		} else {
-			char *cp;
-			int len;
-
-			/* Don't syslog trailing CR-LF */
-			len = strlen(s);
-			cp = s + len - 1;
-			while (cp >= s && (*cp == '\n' || *cp == '\r')) {
-				--cp;
-				--len;
-			}
-			syslog(LOG_DEBUG, "command: %.*s", len, s);
-		}
-	}
-#ifdef XXX
-	fprintf(stderr, "%s\n", s);
-#endif
-	return (s);
-}
-
-static RETSIGTYPE
-toolong(int signo)
-{
-
-	reply(421,
-	    "Timeout (%d seconds): closing control connection.",
-	      ftpd_timeout);
-	if (logging)
-		syslog(LOG_INFO, "User %s timed out after %d seconds",
-		    (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
-	dologout(1);
-	SIGRETURN(0);
-}
-
-static int
-yylex(void)
-{
-	static int cpos, state;
-	char *cp, *cp2;
-	struct tab *p;
-	int n;
-	char c;
-
-	for (;;) {
-		switch (state) {
-
-		case CMD:
-			signal(SIGALRM, toolong);
-			alarm((unsigned) ftpd_timeout);
-			if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
-				reply(221, "You could at least say goodbye.");
-				dologout(0);
-			}
-			alarm(0);
-#ifdef HAVE_SETPROCTITLE
-			if (strncasecmp(cbuf, "PASS", 4) != NULL)
-				setproctitle("%s: %s", proctitle, cbuf);
-#endif /* HAVE_SETPROCTITLE */
-			if ((cp = strchr(cbuf, '\r'))) {
-				*cp++ = '\n';
-				*cp = '\0';
-			}
-			if ((cp = strpbrk(cbuf, " \n")))
-				cpos = cp - cbuf;
-			if (cpos == 0)
-				cpos = 4;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			strupr(cbuf);
-			p = lookup(cmdtab, cbuf);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					nack(p->name);
-					longjmp(errcatch,0);
-					/* NOTREACHED */
-				}
-				state = p->state;
-				yylval.s = p->name;
-				return (p->token);
-			}
-			break;
-
-		case SITECMD:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			cp = &cbuf[cpos];
-			if ((cp2 = strpbrk(cp, " \n")))
-				cpos = cp2 - cbuf;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			strupr(cp);
-			p = lookup(sitetab, cp);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					state = CMD;
-					nack(p->name);
-					longjmp(errcatch,0);
-					/* NOTREACHED */
-				}
-				state = p->state;
-				yylval.s = p->name;
-				return (p->token);
-			}
-			state = CMD;
-			break;
-
-		case OSTR:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR1:
-		case ZSTR1:
-		dostr1:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				if(state == OSTR)
-				    state = STR2;
-				else
-				    state++;
-				return (SP);
-			}
-			break;
-
-		case ZSTR2:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR2:
-			cp = &cbuf[cpos];
-			n = strlen(cp);
-			cpos += n - 1;
-			/*
-			 * Make sure the string is nonempty and \n terminated.
-			 */
-			if (n > 1 && cbuf[cpos] == '\n') {
-				cbuf[cpos] = '\0';
-				yylval.s = copy(cp);
-				cbuf[cpos] = '\n';
-				state = ARGS;
-				return (STRING);
-			}
-			break;
-
-		case NSTR:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			if (isdigit((unsigned char)cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((unsigned char)cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.i = atoi(cp);
-				cbuf[cpos] = c;
-				state = STR1;
-				return (NUMBER);
-			}
-			state = STR1;
-			goto dostr1;
-
-		case ARGS:
-			if (isdigit((unsigned char)cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((unsigned char)cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.i = atoi(cp);
-				cbuf[cpos] = c;
-				return (NUMBER);
-			}
-			switch (cbuf[cpos++]) {
-
-			case '\n':
-				state = CMD;
-				return (CRLF);
-
-			case ' ':
-				return (SP);
-
-			case ',':
-				return (COMMA);
-
-			case 'A':
-			case 'a':
-				return (A);
-
-			case 'B':
-			case 'b':
-				return (B);
-
-			case 'C':
-			case 'c':
-				return (C);
-
-			case 'E':
-			case 'e':
-				return (E);
-
-			case 'F':
-			case 'f':
-				return (F);
-
-			case 'I':
-			case 'i':
-				return (I);
-
-			case 'L':
-			case 'l':
-				return (L);
-
-			case 'N':
-			case 'n':
-				return (N);
-
-			case 'P':
-			case 'p':
-				return (P);
-
-			case 'R':
-			case 'r':
-				return (R);
-
-			case 'S':
-			case 's':
-				return (S);
-
-			case 'T':
-			case 't':
-				return (T);
-
-			}
-			break;
-
-		default:
-			fatal("Unknown state in scanner.");
-		}
-		yyerror((char *) 0);
-		state = CMD;
-		longjmp(errcatch,0);
-	}
-}
-
-static char *
-copy(char *s)
-{
-	char *p;
-
-	p = strdup(s);
-	if (p == NULL)
-		fatal("Ran out of memory.");
-	return p;
-}
-
-static void
-help(struct tab *ctab, char *s)
-{
-	struct tab *c;
-	int width, NCMDS;
-	char *type;
-	char buf[1024];
-
-	if (ctab == sitetab)
-		type = "SITE ";
-	else
-		type = "";
-	width = 0, NCMDS = 0;
-	for (c = ctab; c->name != NULL; c++) {
-		int len = strlen(c->name);
-
-		if (len > width)
-			width = len;
-		NCMDS++;
-	}
-	width = (width + 8) &~ 7;
-	if (s == 0) {
-		int i, j, w;
-		int columns, lines;
-
-		lreply(214, "The following %scommands are recognized %s.",
-		    type, "(* =>'s unimplemented)");
-		columns = 76 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-		    strlcpy (buf, "   ", sizeof(buf));
-		    for (j = 0; j < columns; j++) {
-			c = ctab + j * lines + i;
-			snprintf (buf + strlen(buf),
-				  sizeof(buf) - strlen(buf),
-				  "%s%c",
-				  c->name,
-				  c->implemented ? ' ' : '*');
-			if (c + lines >= &ctab[NCMDS])
-			    break;
-			w = strlen(c->name) + 1;
-			while (w < width) {
-			    strlcat (buf,
-					     " ",
-					     sizeof(buf));
-			    w++;
-			}
-		    }
-		    lreply(214, "%s", buf);
-		}
-		reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
-		return;
-	}
-	strupr(s);
-	c = lookup(ctab, s);
-	if (c == (struct tab *)0) {
-		reply(502, "Unknown command %s.", s);
-		return;
-	}
-	if (c->implemented)
-		reply(214, "Syntax: %s%s %s", type, c->name, c->help);
-	else
-		reply(214, "%s%-*s\t%s; unimplemented.", type, width,
-		    c->name, c->help);
-}
-
-static void
-sizecmd(char *filename)
-{
-	switch (type) {
-	case TYPE_L:
-	case TYPE_I: {
-		struct stat stbuf;
-		if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
-			reply(550, "%s: not a plain file.", filename);
-		else
-			reply(213, "%lu", (unsigned long)stbuf.st_size);
-		break;
-	}
-	case TYPE_A: {
-		FILE *fin;
-		int c;
-		size_t count;
-		struct stat stbuf;
-		fin = fopen(filename, "r");
-		if (fin == NULL) {
-			perror_reply(550, filename);
-			return;
-		}
-		if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
-			reply(550, "%s: not a plain file.", filename);
-			fclose(fin);
-			return;
-		}
-
-		count = 0;
-		while((c=getc(fin)) != EOF) {
-			if (c == '\n')	/* will get expanded to \r\n */
-				count++;
-			count++;
-		}
-		fclose(fin);
-
-		reply(213, "%lu", (unsigned long)count);
-		break;
-	}
-	default:
-		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
-	}
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8
deleted file mode 100644
index 01f6275c8cb8..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8
+++ /dev/null
@@ -1,492 +0,0 @@
-.\"	$NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
-.\"
-.\" Copyright (c) 1985, 1988, 1991, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
-.\"
-.Dd April 19, 1997
-.Dt FTPD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm ftpd
-.Nd Internet File Transfer Protocol server
-.Sh SYNOPSIS
-.Nm
-.Op Fl a Ar authmode
-.Op Fl dilvU
-.Op Fl g Ar umask
-.Op Fl p Ar port
-.Op Fl T Ar maxtimeout
-.Op Fl t Ar timeout
-.Op Fl u Ar default umask
-.Op Fl B | Fl -builtin-ls
-.Op Fl -good-chars= Ns Ar string
-.Sh DESCRIPTION
-.Nm Ftpd
-is the
-Internet File Transfer Protocol
-server process.  The server uses the
-.Tn TCP
-protocol
-and listens at the port specified in the
-.Dq ftp
-service specification; see
-.Xr services 5 .
-.Pp
-Available options:
-.Bl -tag -width Ds
-.It Fl a
-Select the level of authentication required.  Kerberised login can not
-be turned off. The default is to only allow kerberised login.  Other
-possibilities can be turned on by giving a string of comma separated
-flags as argument to
-.Fl a .
-Recognised flags are:
-.Bl -tag -width plain
-.It Ar plain
-Allow logging in with plaintext password. The password can be a(n) OTP
-or an ordinary password.
-.It Ar otp
-Same as
-.Ar plain ,
-but only OTP is allowed.
-.It Ar ftp
-Allow anonymous login.
-.El
-.Pp
-The following combination modes exists for backwards compatibility:
-.Bl -tag -width plain
-.It Ar none
-Same as
-.Ar plain,ftp .
-.It Ar safe
-Same as
-.Ar ftp .
-.It Ar user
-Ignored.
-.El
-.It Fl d
-Debugging information is written to the syslog using LOG_FTP.
-.It Fl g
-Anonymous users will get a umask of
-.Ar umask .
-.It Fl i
-Open a socket and wait for a connection. This is mainly used for
-debugging when ftpd isn't started by inetd.
-.It Fl l
-Each successful and failed
-.Xr ftp 1
-session is logged using syslog with a facility of LOG_FTP.
-If this option is specified twice, the retrieve (get), store (put), append,
-delete, make directory, remove directory and rename operations and
-their filename arguments are also logged.
-.It Fl p
-Use
-.Ar port
-(a service name or number) instead of the default
-.Ar ftp/tcp .
-.It Fl T
-A client may also request a different timeout period;
-the maximum period allowed may be set to
-.Ar timeout
-seconds with the
-.Fl T
-option.
-The default limit is 2 hours.
-.It Fl t
-The inactivity timeout period is set to
-.Ar timeout
-seconds (the default is 15 minutes).
-.It Fl u
-Set the initial umask to something else than the default 027.
-.It Fl U
-In previous versions of
-.Nm ftpd ,
-when a passive mode client requested a data connection to the server, the
-server would use data ports in the range 1024..4999.  Now, by default,
-if the system supports the IP_PORTRANGE socket option, the server will
-use data ports in the range 49152..65535.  Specifying this option will
-revert to the old behavior.
-.It Fl v
-Verbose mode.
-.It Xo
-.Fl B ,
-.Fl -builtin-ls
-.Xc
-use built-in ls to list files
-.It Xo
-.Fl -good-chars= Ns Ar string
-.Xc
-allowed anonymous upload filename chars
-.El
-.Pp
-The file
-.Pa /etc/nologin
-can be used to disable ftp access.
-If the file exists,
-.Nm
-displays it and exits.
-If the file
-.Pa /etc/ftpwelcome
-exists,
-.Nm
-prints it before issuing the
-.Dq ready
-message.
-If the file
-.Pa /etc/motd
-exists,
-.Nm
-prints it after a successful login.
-.Pp
-The ftp server currently supports the following ftp requests.
-The case of the requests is ignored.
-.Bl -column "Request" -offset indent
-.It Request Ta "Description"
-.It ABOR Ta "abort previous command"
-.It ACCT Ta "specify account (ignored)"
-.It ALLO Ta "allocate storage (vacuously)"
-.It APPE Ta "append to a file"
-.It CDUP Ta "change to parent of current working directory"
-.It CWD Ta "change working directory"
-.It DELE Ta "delete a file"
-.It HELP Ta "give help information"
-.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
-.It MKD Ta "make a directory"
-.It MDTM Ta "show last modification time of file"
-.It MODE Ta "specify data transfer" Em mode
-.It NLST Ta "give name list of files in directory"
-.It NOOP Ta "do nothing"
-.It PASS Ta "specify password"
-.It PASV Ta "prepare for server-to-server transfer"
-.It PORT Ta "specify data connection port"
-.It PWD Ta "print the current working directory"
-.It QUIT Ta "terminate session"
-.It REST Ta "restart incomplete transfer"
-.It RETR Ta "retrieve a file"
-.It RMD Ta "remove a directory"
-.It RNFR Ta "specify rename-from file name"
-.It RNTO Ta "specify rename-to file name"
-.It SITE Ta "non-standard commands (see next section)"
-.It SIZE Ta "return size of file"
-.It STAT Ta "return status of server"
-.It STOR Ta "store a file"
-.It STOU Ta "store a file with a unique name"
-.It STRU Ta "specify data transfer" Em structure
-.It SYST Ta "show operating system type of server system"
-.It TYPE Ta "specify data transfer" Em type
-.It USER Ta "specify user name"
-.It XCUP Ta "change to parent of current working directory (deprecated)"
-.It XCWD Ta "change working directory (deprecated)"
-.It XMKD Ta "make a directory (deprecated)"
-.It XPWD Ta "print the current working directory (deprecated)"
-.It XRMD Ta "remove a directory (deprecated)"
-.El
-.Pp
-The following commands are specified by RFC2228.
-.Bl -column Request -offset indent
-.It AUTH Ta "authentication/security mechanism"
-.It ADAT Ta "authentication/security data"
-.It PROT Ta "data channel protection level"
-.It PBSZ Ta "protection buffer size"
-.It MIC Ta "integrity protected command"
-.It CONF Ta "confidentiality protected command"
-.It ENC Ta "privacy protected command"
-.It CCC Ta "clear command channel"
-.El
-.Pp
-The following non-standard or
-.Tn UNIX
-specific commands are supported
-by the
-SITE request.
-.Pp
-.Bl -column Request -offset indent
-.It UMASK Ta change umask, (e.g.
-.Ic "SITE UMASK 002" )
-.It IDLE Ta set idle-timer, (e.g.
-.Ic "SITE IDLE 60" )
-.It CHMOD Ta change mode of a file (e.g.
-.Ic "SITE CHMOD 755 filename" )
-.It FIND Ta quickly find a specific file with GNU
-.Xr locate 1 .
-.It HELP Ta give help information.
-.El
-.Pp
-The following Kerberos related site commands are understood.
-.Bl -column Request -offset indent
-.It KAUTH Ta obtain remote tickets.
-.It KLIST Ta show remote tickets
-.El
-.Pp
-The remaining ftp requests specified in Internet RFC 959
-are
-recognized, but not implemented.
-MDTM and SIZE are not specified in RFC 959, but will appear in the
-next updated FTP RFC.
-.Pp
-The ftp server will abort an active file transfer only when the
-ABOR
-command is preceded by a Telnet "Interrupt Process" (IP)
-signal and a Telnet "Synch" signal in the command Telnet stream,
-as described in Internet RFC 959.
-If a
-STAT
-command is received during a data transfer, preceded by a Telnet IP
-and Synch, transfer status will be returned.
-.Pp
-.Nm Ftpd
-interprets file names according to the
-.Dq globbing
-conventions used by
-.Xr csh 1 .
-This allows users to use the metacharacters
-.Dq Li \&*?[]{}~ .
-.Pp
-.Nm Ftpd
-authenticates users according to these rules.
-.Pp
-.Bl -enum -offset indent
-.It
-If Kerberos authentication is used, the user must pass valid tickets
-and the principal must be allowed to login as the remote user.
-.It
-The login name must be in the password data base, and not have a null
-password (if Kerberos is used the password field is not checked).  In
-this case a password must be provided by the client before any file
-operations may be performed.  If the user has an OTP key, the response
-from a successful USER command will include an OTP challenge. The
-client may choose to respond with a PASS command giving either a
-standard password or an OTP one-time password. The server will
-automatically determine which type of password it has been given and
-attempt to authenticate accordingly. See
-.Xr otp 1
-for more information on OTP authentication.
-.It
-The login name must not appear in the file
-.Pa /etc/ftpusers .
-.It
-The user must have a standard shell returned by
-.Xr getusershell 3 .
-.It
-If the user name appears in the file
-.Pa /etc/ftpchroot
-the session's root will be changed to the user's login directory by
-.Xr chroot 2
-as for an
-.Dq anonymous
-or
-.Dq ftp
-account (see next item).  However, the user must still supply a password.
-This feature is intended as a compromise between a fully anonymous account
-and a fully privileged account.  The account should also be set up as for an
-anonymous account.
-.It
-If the user name is
-.Dq anonymous
-or
-.Dq ftp ,
-an
-anonymous ftp account must be present in the password
-file (user
-.Dq ftp ) .
-In this case the user is allowed
-to log in by specifying any password (by convention an email address for
-the user should be used as the password).
-.El
-.Pp
-In the last case,
-.Nm ftpd
-takes special measures to restrict the client's access privileges.
-The server performs a
-.Xr chroot 2
-to the home directory of the
-.Dq ftp
-user.
-In order that system security is not breached, it is recommended
-that the
-.Dq ftp
-subtree be constructed with care, consider following these guidelines
-for anonymous ftp.
-.Pp
-In general all files should be owned by
-.Dq root ,
-and have non-write permissions (644 or 755 depending on the kind of
-file). No files should be owned or writable by
-.Dq ftp
-(possibly with exception for the
-.Pa ~ftp/incoming ,
-as specified below).
-.Bl -tag -width "~ftp/pub" -offset indent
-.It Pa ~ftp
-The
-.Dq ftp
-homedirectory should be owned by root.
-.It Pa ~ftp/bin
-The directory for external programs (such as
-.Xr ls 1 ) .
-These programs must either be statically linked, or you must setup an
-environment for dynamic linking when running chrooted.
-These programs will be used if present:
-.Bl -tag -width "locate" -offset indent
-.It ls
-Used when listing files.
-.It compress
-When retrieving a filename that ends in
-.Pa .Z ,
-and that file isn't present,
-.Nm
-will try to find the filename without
-.Pa .Z
-and compress it on the fly.
-.It gzip
-Same as compress, just with files ending in
-.Pa .gz .
-.It gtar
-Enables retrieval of whole directories as files ending in
-.Pa .tar .
-Can also be combined with compression. You must use GNU Tar (or some
-other that supports the
-.Fl z
-and
-.Fl Z
-flags).
-.It locate
-Will enable ``fast find'' with the
-.Ic SITE FIND
-command. You must also create a
-.Pa locatedb
-file in
-.Pa ~ftp/etc .
-.El
-.It Pa ~ftp/etc
-If you put copies of the
-.Xr passwd 5
-and
-.Xr group 5
-files here, ls will be able to produce owner names rather than
-numbers. Remember to remove any passwords from these files.
-.Pp
-The file
-.Pa motd ,
-if present, will be printed after a successful login.
-.It Pa ~ftp/dev
-Put a copy of
-.Xr /dev/null 7
-here.
-.It Pa ~ftp/pub
-Traditional place to put whatever you want to make public.
-.El
-.Pp
-If you want guests to be able to upload files, create a
-.Pa ~ftp/incoming
-directory owned by
-.Dq root ,
-and group
-.Dq ftp
-with mode 730 (make sure
-.Dq ftp
-is member of group
-.Dq ftp ) .
-The following restrictions apply to anonymous users:
-.Bl -bullet
-.It
-Directories created will have mode 700.
-.It
-Uploaded files will be created with an umask of 777, if not changed
-with the
-.Fl g
-option.
-.It
-These command are not accessible:
-.Ic DELE , RMD , RNTO , RNFR ,
-.Ic SITE UMASK ,
-and
-.Ic SITE CHMOD .
-.It
-Filenames must start with an alpha-numeric character, and consist of
-alpha-numeric characters or any of the following:
-.Li \&+
-(plus),
-.Li \&-
-(minus),
-.Li \&=
-(equal),
-.Li \&_
-(underscore),
-.Li \&.
-(period), and
-.Li \&,
-(comma).
-.El
-.Sh FILES
-.Bl -tag -width /etc/ftpwelcome -compact
-.It Pa /etc/ftpusers
-Access list for users.
-.It Pa /etc/ftpchroot
-List of normal users who should be chroot'd.
-.It Pa /etc/ftpwelcome
-Welcome notice.
-.It Pa /etc/motd
-Welcome notice after login.
-.It Pa /etc/nologin
-Displayed and access refused.
-.It Pa ~/.klogin
-Login access for Kerberos.
-.El
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr otp 1 ,
-.Xr getusershell 3 ,
-.Xr ftpusers 5 ,
-.Xr syslogd 8
-.Sh STANDARDS
-.Bl -tag -compact -width "RFC 1938"
-.It Cm RFC 959
-FTP PROTOCOL SPECIFICATION
-.It Cm RFC 1938
-OTP Specification
-.It Cm RFC 2228
-FTP Security Extensions.
-.El
-.Sh BUGS
-The server must run as the super-user
-to create sockets with privileged port numbers.  It maintains
-an effective user id of the logged in user, reverting to
-the super-user only when binding addresses to sockets.  The
-possible security holes have been extensively
-scrutinized, but are possibly incomplete.
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
deleted file mode 100644
index 9598362c6a10..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c
+++ /dev/null
@@ -1,2345 +0,0 @@
-/*
- * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#define	FTP_NAMES
-#include "ftpd_locl.h"
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#include "getarg.h"
-
-RCSID("$Id: ftpd.c,v 1.166 2003/04/16 15:02:05 lha Exp $");
-
-static char version[] = "Version 6.00";
-
-extern	off_t restart_point;
-extern	char cbuf[];
-
-struct  sockaddr_storage ctrl_addr_ss;
-struct  sockaddr *ctrl_addr = (struct sockaddr *)&ctrl_addr_ss;
-
-struct  sockaddr_storage data_source_ss;
-struct  sockaddr *data_source = (struct sockaddr *)&data_source_ss;
-
-struct  sockaddr_storage data_dest_ss;
-struct  sockaddr *data_dest = (struct sockaddr *)&data_dest_ss;
-
-struct  sockaddr_storage his_addr_ss;
-struct  sockaddr *his_addr = (struct sockaddr *)&his_addr_ss;
-
-struct  sockaddr_storage pasv_addr_ss;
-struct  sockaddr *pasv_addr = (struct sockaddr *)&pasv_addr_ss;
-
-int	data;
-jmp_buf	errcatch, urgcatch;
-int	oobflag;
-int	logged_in;
-struct	passwd *pw;
-int	debug = 0;
-int	ftpd_timeout = 900;    /* timeout after 15 minutes of inactivity */
-int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
-int	restricted_data_ports = 1;
-int	logging;
-int	guest;
-int	dochroot;
-int	type;
-int	form;
-int	stru;			/* avoid C keyword */
-int	mode;
-int	usedefault = 1;		/* for data transfers */
-int	pdata = -1;		/* for passive mode */
-int	transflag;
-off_t	file_size;
-off_t	byte_count;
-#if !defined(CMASK) || CMASK == 0
-#undef CMASK
-#define CMASK 027
-#endif
-int	defumask = CMASK;		/* default umask value */
-int	guest_umask = 0777;	/* Paranoia for anonymous users */
-char	tmpline[10240];
-char	hostname[MaxHostNameLen];
-char	remotehost[MaxHostNameLen];
-static char ttyline[20];
-
-#define AUTH_PLAIN	(1 << 0) /* allow sending passwords */
-#define AUTH_OTP	(1 << 1) /* passwords are one-time */
-#define AUTH_FTP	(1 << 2) /* allow anonymous login */
-
-static int auth_level = 0; /* Only allow kerberos login by default */
-
-/*
- * Timeout intervals for retrying connections
- * to hosts that don't accept PORT cmds.  This
- * is a kludge, but given the problems with TCP...
- */
-#define	SWAITMAX	90	/* wait at most 90 seconds */
-#define	SWAITINT	5	/* interval between retries */
-
-int	swaitmax = SWAITMAX;
-int	swaitint = SWAITINT;
-
-#ifdef HAVE_SETPROCTITLE
-char	proctitle[BUFSIZ];	/* initial part of title */
-#endif /* HAVE_SETPROCTITLE */
-
-#define LOGCMD(cmd, file) \
-	if (logging > 1) \
-	    syslog(LOG_INFO,"%s %s%s", cmd, \
-		*(file) == '/' ? "" : curdir(), file);
-#define LOGCMD2(cmd, file1, file2) \
-	 if (logging > 1) \
-	    syslog(LOG_INFO,"%s %s%s %s%s", cmd, \
-		*(file1) == '/' ? "" : curdir(), file1, \
-		*(file2) == '/' ? "" : curdir(), file2);
-#define LOGBYTES(cmd, file, cnt) \
-	if (logging > 1) { \
-		if (cnt == (off_t)-1) \
-		    syslog(LOG_INFO,"%s %s%s", cmd, \
-			*(file) == '/' ? "" : curdir(), file); \
-		else \
-		    syslog(LOG_INFO, "%s %s%s = %ld bytes", \
-			cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \
-	}
-
-static void	 ack (char *);
-static void	 myoob (int);
-static int	 checkuser (char *, char *);
-static int	 checkaccess (char *);
-static FILE	*dataconn (const char *, off_t, const char *);
-static void	 dolog (struct sockaddr *sa, int len);
-static void	 end_login (void);
-static FILE	*getdatasock (const char *);
-static char	*gunique (char *);
-static RETSIGTYPE	 lostconn (int);
-static int	 receive_data (FILE *, FILE *);
-static void	 send_data (FILE *, FILE *);
-static struct passwd * sgetpwnam (char *);
-
-static char *
-curdir(void)
-{
-	static char path[MaxPathLen+1];	/* path + '/' + '\0' */
-
-	if (getcwd(path, sizeof(path)-1) == NULL)
-		return ("");
-	if (path[1] != '\0')		/* special case for root dir. */
-		strlcat(path, "/", sizeof(path));
-	/* For guest account, skip / since it's chrooted */
-	return (guest ? path+1 : path);
-}
-
-#ifndef LINE_MAX
-#define LINE_MAX 1024
-#endif
-
-static int
-parse_auth_level(char *str)
-{
-    char *p;
-    int ret = 0;
-    char *foo = NULL;
-
-    for(p = strtok_r(str, ",", &foo);
-	p;
-	p = strtok_r(NULL, ",", &foo)) {
-	if(strcmp(p, "user") == 0)
-	    ;
-#ifdef OTP
-	else if(strcmp(p, "otp") == 0)
-	    ret |= AUTH_PLAIN|AUTH_OTP;
-#endif
-	else if(strcmp(p, "ftp") == 0 ||
-		strcmp(p, "safe") == 0)
-	    ret |= AUTH_FTP;
-	else if(strcmp(p, "plain") == 0)
-	    ret |= AUTH_PLAIN;
-	else if(strcmp(p, "none") == 0)
-	    ret |= AUTH_PLAIN|AUTH_FTP;
-	else
-	    warnx("bad value for -a: `%s'", p);
-    }
-    return ret;	    
-}
-
-/*
- * Print usage and die.
- */
-
-static int interactive_flag;
-static char *guest_umask_string;
-static char *port_string;
-static char *umask_string;
-static char *auth_string;
-
-int use_builtin_ls = -1;
-
-static int help_flag;
-static int version_flag;
-
-static const char *good_chars = "+-=_,.";
-
-struct getargs args[] = {
-    { NULL, 'a', arg_string, &auth_string, "required authentication" },
-    { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" },
-    { NULL, 'p', arg_string, &port_string, "what port to listen to" },
-    { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" },
-    { NULL, 'l', arg_counter, &logging, "log more stuff", "" },
-    { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
-    { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
-    { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
-    { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" },
-    { NULL, 'd', arg_flag, &debug, "enable debugging" },
-    { NULL, 'v', arg_flag, &debug, "enable debugging" },
-    { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
-    { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 'h', arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage (int code)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit (code);
-}
-
-/* output contents of a file */
-static int
-show_file(const char *file, int code)
-{
-    FILE *f;
-    char buf[128];
-
-    f = fopen(file, "r");
-    if(f == NULL)
-	return -1;
-    while(fgets(buf, sizeof(buf), f)){
-	buf[strcspn(buf, "\r\n")] = '\0';
-	lreply(code, "%s", buf);
-    }
-    fclose(f);
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    socklen_t his_addr_len, ctrl_addr_len;
-    int on = 1;
-    int port;
-    struct servent *sp;
-
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    /* detach from any tickets and tokens */
-    {
-#ifdef KRB4
-	char tkfile[1024];
-	snprintf(tkfile, sizeof(tkfile),
-		 "/tmp/ftp_%u", (unsigned)getpid());
-	krb_set_tkt_string(tkfile);
-#endif
-#if defined(KRB4) && defined(KRB5)
-	if(k_hasafs())
-	    k_setpag();
-#endif
-    }
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-
-    if(help_flag)
-	usage(0);
-	
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(auth_string)
-	auth_level = parse_auth_level(auth_string);
-    {
-	char *p;
-	long val = 0;
-	    
-	if(guest_umask_string) {
-	    val = strtol(guest_umask_string, &p, 8);
-	    if (*p != '\0' || val < 0)
-		warnx("bad value for -g");
-	    else
-		guest_umask = val;
-	}
-	if(umask_string) {
-	    val = strtol(umask_string, &p, 8);
-	    if (*p != '\0' || val < 0)
-		warnx("bad value for -u");
-	    else
-		defumask = val;
-	}
-    }
-    sp = getservbyname("ftp", "tcp");
-    if(sp)
-	port = sp->s_port;
-    else
-	port = htons(21);
-    if(port_string) {
-	sp = getservbyname(port_string, "tcp");
-	if(sp)
-	    port = sp->s_port;
-	else
-	    if(isdigit((unsigned char)port_string[0]))
-		port = htons(atoi(port_string));
-	    else
-		warnx("bad value for -p");
-    }
-		    
-    if (maxtimeout < ftpd_timeout)
-	maxtimeout = ftpd_timeout;
-
-#if 0
-    if (ftpd_timeout > maxtimeout)
-	ftpd_timeout = maxtimeout;
-#endif
-
-    if(interactive_flag)
-	mini_inetd (port);
-
-    /*
-     * LOG_NDELAY sets up the logging connection immediately,
-     * necessary for anonymous ftp's that chroot and can't do it later.
-     */
-    openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
-    his_addr_len = sizeof(his_addr_ss);
-    if (getpeername(STDIN_FILENO, his_addr, &his_addr_len) < 0) {
-	syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
-	exit(1);
-    }
-    ctrl_addr_len = sizeof(ctrl_addr_ss);
-    if (getsockname(STDIN_FILENO, ctrl_addr, &ctrl_addr_len) < 0) {
-	syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
-	exit(1);
-    }
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    {
-	int tos = IPTOS_LOWDELAY;
-
-	if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
-		       (void *)&tos, sizeof(int)) < 0)
-	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-    }
-#endif
-    data_source->sa_family = ctrl_addr->sa_family;
-    socket_set_port (data_source,
-		     htons(ntohs(socket_get_port(ctrl_addr)) - 1));
-
-    /* set this here so it can be put in wtmp */
-    snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
-
-
-    /*	freopen(_PATH_DEVNULL, "w", stderr); */
-    signal(SIGPIPE, lostconn);
-    signal(SIGCHLD, SIG_IGN);
-#ifdef SIGURG
-    if (signal(SIGURG, myoob) == SIG_ERR)
-	syslog(LOG_ERR, "signal: %m");
-#endif
-
-    /* Try to handle urgent data inline */
-#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on,
-		   sizeof(on)) < 0)
-	syslog(LOG_ERR, "setsockopt: %m");
-#endif
-
-#ifdef	F_SETOWN
-    if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
-	syslog(LOG_ERR, "fcntl F_SETOWN: %m");
-#endif
-    dolog(his_addr, his_addr_len);
-    /*
-     * Set up default state
-     */
-    data = -1;
-    type = TYPE_A;
-    form = FORM_N;
-    stru = STRU_F;
-    mode = MODE_S;
-    tmpline[0] = '\0';
-
-    /* If logins are disabled, print out the message. */
-    if(show_file(_PATH_NOLOGIN, 530) == 0) {
-	reply(530, "System not available.");
-	exit(0);
-    }
-    show_file(_PATH_FTPWELCOME, 220);
-    /* reply(220,) must follow */
-    gethostname(hostname, sizeof(hostname));
-	
-    reply(220, "%s FTP server (%s"
-#ifdef KRB5
-	  "+%s"
-#endif
-#ifdef KRB4
-	  "+%s"
-#endif
-	  ") ready.", hostname, version
-#ifdef KRB5
-	  ,heimdal_version
-#endif
-#ifdef KRB4
-	  ,krb4_version
-#endif
-	  );
-
-    setjmp(errcatch);
-    for (;;)
-	yyparse();
-    /* NOTREACHED */
-}
-
-static RETSIGTYPE
-lostconn(int signo)
-{
-
-	if (debug)
-		syslog(LOG_DEBUG, "lost connection");
-	dologout(-1);
-}
-
-/*
- * Helper function for sgetpwnam().
- */
-static char *
-sgetsave(char *s)
-{
-	char *new = strdup(s);
-
-	if (new == NULL) {
-		perror_reply(421, "Local resource failure: malloc");
-		dologout(1);
-		/* NOTREACHED */
-	}
-	return new;
-}
-
-/*
- * Save the result of a getpwnam.  Used for USER command, since
- * the data returned must not be clobbered by any other command
- * (e.g., globbing).
- */
-static struct passwd *
-sgetpwnam(char *name)
-{
-	static struct passwd save;
-	struct passwd *p;
-
-	if ((p = k_getpwnam(name)) == NULL)
-		return (p);
-	if (save.pw_name) {
-		free(save.pw_name);
-		free(save.pw_passwd);
-		free(save.pw_gecos);
-		free(save.pw_dir);
-		free(save.pw_shell);
-	}
-	save = *p;
-	save.pw_name = sgetsave(p->pw_name);
-	save.pw_passwd = sgetsave(p->pw_passwd);
-	save.pw_gecos = sgetsave(p->pw_gecos);
-	save.pw_dir = sgetsave(p->pw_dir);
-	save.pw_shell = sgetsave(p->pw_shell);
-	return (&save);
-}
-
-static int login_attempts;	/* number of failed login attempts */
-static int askpasswd;		/* had user command, ask for passwd */
-static char curname[10];	/* current USER name */
-#ifdef OTP
-OtpContext otp_ctx;
-#endif
-
-/*
- * USER command.
- * Sets global passwd pointer pw if named account exists and is acceptable;
- * sets askpasswd if a PASS command is expected.  If logged in previously,
- * need to reset state.  If name is "ftp" or "anonymous", the name is not in
- * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
- * If account doesn't exist, ask for passwd anyway.  Otherwise, check user
- * requesting login privileges.  Disallow anyone who does not have a standard
- * shell as returned by getusershell().  Disallow anyone mentioned in the file
- * _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
- */
-void
-user(char *name)
-{
-	char *cp, *shell;
-
-	if(auth_level == 0 && !sec_complete){
-	    reply(530, "No login allowed without authorization.");
-	    return;
-	}
-
-	if (logged_in) {
-		if (guest) {
-			reply(530, "Can't change user from guest login.");
-			return;
-		} else if (dochroot) {
-			reply(530, "Can't change user from chroot user.");
-			return;
-		}
-		end_login();
-	}
-
-	guest = 0;
-	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
-	    if ((auth_level & AUTH_FTP) == 0 ||
-		checkaccess("ftp") || 
-		checkaccess("anonymous"))
-		reply(530, "User %s access denied.", name);
-	    else if ((pw = sgetpwnam("ftp")) != NULL) {
-		guest = 1;
-		defumask = guest_umask;	/* paranoia for incoming */
-		askpasswd = 1;
-		reply(331, "Guest login ok, type your name as password.");
-	    } else
-		reply(530, "User %s unknown.", name);
-	    if (!askpasswd && logging) {
-		char data_addr[256];
-
-		if (inet_ntop (his_addr->sa_family,
-			       socket_get_address(his_addr),
-			       data_addr, sizeof(data_addr)) == NULL)
-			strlcpy (data_addr, "unknown address",
-					 sizeof(data_addr));
-
-		syslog(LOG_NOTICE,
-		       "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)",
-		       remotehost, data_addr);
-	    }
-	    return;
-	}
-	if((auth_level & AUTH_PLAIN) == 0 && !sec_complete){
-	    reply(530, "Only authorized and anonymous login allowed.");
-	    return;
-	}
-	if ((pw = sgetpwnam(name))) {
-		if ((shell = pw->pw_shell) == NULL || *shell == 0)
-			shell = _PATH_BSHELL;
-		while ((cp = getusershell()) != NULL)
-			if (strcmp(cp, shell) == 0)
-				break;
-		endusershell();
-
-		if (cp == NULL || checkaccess(name)) {
-			reply(530, "User %s access denied.", name);
-			if (logging) {
-				char data_addr[256];
-
-				if (inet_ntop (his_addr->sa_family,
-					       socket_get_address(his_addr),
-					       data_addr,
-					       sizeof(data_addr)) == NULL)
-					strlcpy (data_addr,
-							 "unknown address",
-							 sizeof(data_addr));
-
-				syslog(LOG_NOTICE,
-				       "FTP LOGIN REFUSED FROM %s(%s), %s",
-				       remotehost,
-				       data_addr,
-				       name);
-			}
-			pw = (struct passwd *) NULL;
-			return;
-		}
-	}
-	if (logging)
-	    strlcpy(curname, name, sizeof(curname));
-	if(sec_complete) {
-	    if(sec_userok(name) == 0)
-		do_login(232, name);
-	    else
-		reply(530, "User %s access denied.", name);
-	} else {
-		char ss[256];
-
-#ifdef OTP
-		if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
-			reply(331, "Password %s for %s required.",
-			      ss, name);
-			askpasswd = 1;
-		} else
-#endif
-		if ((auth_level & AUTH_OTP) == 0) {
-		    reply(331, "Password required for %s.", name);
-		    askpasswd = 1;
-		} else {
-		    char *s;
-		    
-#ifdef OTP
-		    if ((s = otp_error (&otp_ctx)) != NULL)
-			lreply(530, "OTP: %s", s);
-#endif
-		    reply(530,
-			  "Only authorized, anonymous"
-#ifdef OTP
-			  " and OTP "
-#endif
-			  "login allowed.");
-		}
-
-	}
-	/*
-	 * Delay before reading passwd after first failed
-	 * attempt to slow down passwd-guessing programs.
-	 */
-	if (login_attempts)
-		sleep(login_attempts);
-}
-
-/*
- * Check if a user is in the file "fname"
- */
-static int
-checkuser(char *fname, char *name)
-{
-	FILE *fd;
-	int found = 0;
-	char *p, line[BUFSIZ];
-
-	if ((fd = fopen(fname, "r")) != NULL) {
-		while (fgets(line, sizeof(line), fd) != NULL)
-			if ((p = strchr(line, '\n')) != NULL) {
-				*p = '\0';
-				if (line[0] == '#')
-					continue;
-				if (strcmp(line, name) == 0) {
-					found = 1;
-					break;
-				}
-			}
-		fclose(fd);
-	}
-	return (found);
-}
-
-
-/*
- * Determine whether a user has access, based on information in 
- * _PATH_FTPUSERS. The users are listed one per line, with `allow'
- * or `deny' after the username. If anything other than `allow', or
- * just nothing, is given after the username, `deny' is assumed.
- *
- * If the user is not found in the file, but the pseudo-user `*' is,
- * the permission is taken from that line.
- *
- * This preserves the old semantics where if a user was listed in the
- * file he was denied, otherwise he was allowed.
- *
- * Return 1 if the user is denied, or 0 if he is allowed.  */
-
-static int
-match(const char *pattern, const char *string)
-{
-    return fnmatch(pattern, string, FNM_NOESCAPE);
-}
-
-static int
-checkaccess(char *name)
-{
-#define ALLOWED		0
-#define	NOT_ALLOWED	1
-    FILE *fd;
-    int allowed = ALLOWED;
-    char *user, *perm, line[BUFSIZ];
-    char *foo;
-    
-    fd = fopen(_PATH_FTPUSERS, "r");
-    
-    if(fd == NULL)
-	return allowed;
-
-    while (fgets(line, sizeof(line), fd) != NULL)  {
-	foo = NULL;
-	user = strtok_r(line, " \t\n", &foo);
-	if (user == NULL || user[0] == '#')
-	    continue;
-	perm = strtok_r(NULL, " \t\n", &foo);
-	if (match(user, name) == 0){
-	    if(perm && strcmp(perm, "allow") == 0)
-		allowed = ALLOWED;
-	    else
-		allowed = NOT_ALLOWED;
-	    break;
-	}
-    }
-    fclose(fd);
-    return allowed;
-}
-#undef	ALLOWED
-#undef	NOT_ALLOWED
-
-
-int do_login(int code, char *passwd)
-{
-    login_attempts = 0;		/* this time successful */
-    if (setegid((gid_t)pw->pw_gid) < 0) {
-	reply(550, "Can't set gid.");
-	return -1;
-    }
-    initgroups(pw->pw_name, pw->pw_gid);
-
-    /* open wtmp before chroot */
-    ftpd_logwtmp(ttyline, pw->pw_name, remotehost);
-    logged_in = 1;
-
-    dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
-    if (guest) {
-	/*
-	 * We MUST do a chdir() after the chroot. Otherwise
-	 * the old current directory will be accessible as "."
-	 * outside the new root!
-	 */
-	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
-	    reply(550, "Can't set guest privileges.");
-	    return -1;
-	}
-    } else if (dochroot) {
-	if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
-	    reply(550, "Can't change root.");
-	    return -1;
-	}
-    } else if (chdir(pw->pw_dir) < 0) {
-	if (chdir("/") < 0) {
-	    reply(530, "User %s: can't change directory to %s.",
-		  pw->pw_name, pw->pw_dir);
-	    return -1;
-	} else
-	    lreply(code, "No directory! Logging in with home=/");
-    }
-    if (seteuid((uid_t)pw->pw_uid) < 0) {
-	reply(550, "Can't set uid.");
-	return -1;
-    }
-
-    if(use_builtin_ls == -1) {
-	struct stat st;
-	/* if /bin/ls exist and is a regular file, use it, otherwise
-           use built-in ls */
-	if(stat("/bin/ls", &st) == 0 &&
-	   S_ISREG(st.st_mode))
-	    use_builtin_ls = 0;
-	else
-	    use_builtin_ls = 1;
-    }
-
-    /*
-     * Display a login message, if it exists.
-     * N.B. reply(code,) must follow the message.
-     */
-    show_file(_PATH_FTPLOGINMESG, code);
-    if(show_file(_PATH_ISSUE_NET, code) != 0)
-	show_file(_PATH_ISSUE, code);
-    if (guest) {
-	reply(code, "Guest login ok, access restrictions apply.");
-#ifdef HAVE_SETPROCTITLE
-	snprintf (proctitle, sizeof(proctitle),
-		  "%s: anonymous/%s",
-		  remotehost,
-		  passwd);
-	setproctitle("%s", proctitle);
-#endif /* HAVE_SETPROCTITLE */
-	if (logging) {
-	    char data_addr[256];
-
-	    if (inet_ntop (his_addr->sa_family,
-			   socket_get_address(his_addr),
-			   data_addr, sizeof(data_addr)) == NULL)
-		strlcpy (data_addr, "unknown address",
-				 sizeof(data_addr));
-
-	    syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
-		   remotehost, 
-		   data_addr,
-		   passwd);
-	}
-    } else {
-	reply(code, "User %s logged in.", pw->pw_name);
-#ifdef HAVE_SETPROCTITLE
-	snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
-	setproctitle("%s", proctitle);
-#endif /* HAVE_SETPROCTITLE */
-	if (logging) {
-	    char data_addr[256];
-
-	    if (inet_ntop (his_addr->sa_family,
-			   socket_get_address(his_addr),
-			   data_addr, sizeof(data_addr)) == NULL)
-		strlcpy (data_addr, "unknown address",
-				 sizeof(data_addr));
-
-	    syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s",
-		   remotehost,
-		   data_addr,
-		   pw->pw_name);
-	}
-    }
-    umask(defumask);
-    return 0;
-}
-
-/*
- * Terminate login as previous user, if any, resetting state;
- * used when USER command is given or login fails.
- */
-static void
-end_login(void)
-{
-
-	seteuid((uid_t)0);
-	if (logged_in)
-		ftpd_logwtmp(ttyline, "", "");
-	pw = NULL;
-	logged_in = 0;
-	guest = 0;
-	dochroot = 0;
-}
-
-#ifdef KRB5
-static int
-krb5_verify(struct passwd *pwd, char *passwd)
-{
-   krb5_context context;  
-   krb5_ccache  id;
-   krb5_principal princ;
-   krb5_error_code ret;
-  
-   ret = krb5_init_context(&context);
-   if(ret)
-        return ret;
-
-  ret = krb5_parse_name(context, pwd->pw_name, &princ);
-  if(ret){
-        krb5_free_context(context);
-        return ret;
-  }
-  ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-  if(ret){
-        krb5_free_principal(context, princ);
-        krb5_free_context(context);
-        return ret;
-  }
-  ret = krb5_verify_user(context,
-                         princ,
-                         id,
-                         passwd,
-                         1,
-                         NULL);
-  krb5_free_principal(context, princ);
-  if (k_hasafs()) {
-      krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir);
-  }
-  krb5_cc_destroy(context, id);
-  krb5_free_context (context);
-  if(ret) 
-      return ret;
-  return 0;
-}
-#endif /* KRB5 */
-
-void
-pass(char *passwd)
-{
-	int rval;
-
-	/* some clients insists on sending a password */
-	if (logged_in && askpasswd == 0){
-	    reply(230, "Password not necessary");
-	    return;
-	}
-
-	if (logged_in || askpasswd == 0) {
-		reply(503, "Login with USER first.");
-		return;
-	}
-	askpasswd = 0;
-	rval = 1;
-	if (!guest) {		/* "ftp" is only account allowed no password */
-		if (pw == NULL)
-			rval = 1;	/* failure below */
-#ifdef OTP
-		else if (otp_verify_user (&otp_ctx, passwd) == 0) {
-		    rval = 0;
-		}
-#endif
-		else if((auth_level & AUTH_OTP) == 0) {
-#ifdef KRB5
-		    rval = krb5_verify(pw, passwd);
-#endif
-#ifdef KRB4
-		    if (rval) {
-			char realm[REALM_SZ];
-			if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS)
-			    rval = krb_verify_user(pw->pw_name,
-						   "", realm, 
-						   passwd, 
-						   KRB_VERIFY_SECURE, NULL);
-			if (rval == KSUCCESS ) {
-			    chown (tkt_string(), pw->pw_uid, pw->pw_gid);
-			    if(k_hasafs())
-				krb_afslog(0, 0);
-			}
-		    }
-#endif
-		    if (rval)
-			rval = unix_verify_user(pw->pw_name, passwd);
-		} else {
-		    char *s;
-		    
-#ifdef OTP
-		    if ((s = otp_error(&otp_ctx)) != NULL)
-			lreply(530, "OTP: %s", s);
-#endif
-		}
-		memset (passwd, 0, strlen(passwd));
-
-		/*
-		 * If rval == 1, the user failed the authentication
-		 * check above.  If rval == 0, either Kerberos or
-		 * local authentication succeeded.
-		 */
-		if (rval) {
-			char data_addr[256];
-
-			if (inet_ntop (his_addr->sa_family,
-				       socket_get_address(his_addr),
-				       data_addr, sizeof(data_addr)) == NULL)
-				strlcpy (data_addr, "unknown address",
-						 sizeof(data_addr));
-
-			reply(530, "Login incorrect.");
-			if (logging)
-				syslog(LOG_NOTICE,
-				    "FTP LOGIN FAILED FROM %s(%s), %s",
-				       remotehost,
-				       data_addr,
-				       curname);
-			pw = NULL;
-			if (login_attempts++ >= 5) {
-				syslog(LOG_NOTICE,
-				       "repeated login failures from %s(%s)",
-				       remotehost,
-				       data_addr);
-				exit(0);
-			}
-			return;
-		}
-	}
-	if(!do_login(230, passwd))
-	  return;
-	
-	/* Forget all about it... */
-	end_login();
-}
-
-void
-retrieve(const char *cmd, char *name)
-{
-	FILE *fin = NULL, *dout;
-	struct stat st;
-	int (*closefunc) (FILE *);
-	char line[BUFSIZ];
-
-
-	if (cmd == 0) {
-		fin = fopen(name, "r");
-		closefunc = fclose;
-		st.st_size = 0;
-		if(fin == NULL){
-		    int save_errno = errno;
-		    struct cmds {
-			const char *ext;
-			const char *cmd;
-		        const char *rev_cmd;
-		    } cmds[] = {
-			{".tar", "/bin/gtar cPf - %s", NULL},
-			{".tar.gz", "/bin/gtar zcPf - %s", NULL},
-			{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
-			{".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
-			{".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
-			{NULL, NULL}
-		    };
-		    struct cmds *p;
-		    for(p = cmds; p->ext; p++){
-			char *tail = name + strlen(name) - strlen(p->ext);
-			char c = *tail;
-			
-			if(strcmp(tail, p->ext) == 0 &&
-			   (*tail  = 0) == 0 &&
-			   access(name, R_OK) == 0){
-			    snprintf (line, sizeof(line), p->cmd, name);
-			    *tail  = c;
-			    break;
-			}
-			*tail = c;
-			if (p->rev_cmd != NULL) {
-			    char *ext;
-
-			    asprintf(&ext, "%s%s", name, p->ext);
-			    if (ext != NULL) { 
-  			        if (access(ext, R_OK) == 0) {
-				    snprintf (line, sizeof(line),
-					      p->rev_cmd, ext);
-				    free(ext);
-				    break;
-				}
-			        free(ext);
-			    }
-			}
-			
-		    }
-		    if(p->ext){
-			fin = ftpd_popen(line, "r", 0, 0);
-			closefunc = ftpd_pclose;
-			st.st_size = -1;
-			cmd = line;
-		    } else
-			errno = save_errno;
-		}
-	} else {
-		snprintf(line, sizeof(line), cmd, name);
-		name = line;
-		fin = ftpd_popen(line, "r", 1, 0);
-		closefunc = ftpd_pclose;
-		st.st_size = -1;
-	}
-	if (fin == NULL) {
-		if (errno != 0) {
-			perror_reply(550, name);
-			if (cmd == 0) {
-				LOGCMD("get", name);
-			}
-		}
-		return;
-	}
-	byte_count = -1;
-	if (cmd == 0){
-	    if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) {
-		reply(550, "%s: not a plain file.", name);
-		goto done;
-	    }
-	}
-	if (restart_point) {
-		if (type == TYPE_A) {
-			off_t i, n;
-			int c;
-
-			n = restart_point;
-			i = 0;
-			while (i++ < n) {
-				if ((c=getc(fin)) == EOF) {
-					perror_reply(550, name);
-					goto done;
-				}
-				if (c == '\n')
-					i++;
-			}
-		} else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
-			perror_reply(550, name);
-			goto done;
-		}
-	}
-	dout = dataconn(name, st.st_size, "w");
-	if (dout == NULL)
-		goto done;
-	set_buffer_size(fileno(dout), 0);
-	send_data(fin, dout);
-	fclose(dout);
-	data = -1;
-	pdata = -1;
-done:
-	if (cmd == 0)
-		LOGBYTES("get", name, byte_count);
-	(*closefunc)(fin);
-}
-
-/* filename sanity check */
-
-int 
-filename_check(char *filename)
-{
-    unsigned char *p;
-
-    p = (unsigned char *)strrchr(filename, '/');
-    if(p)
-	filename = p + 1;
-
-    p = filename;
-
-    if(isalnum(*p)){
-	p++;
-	while(*p && (isalnum(*p) || strchr(good_chars, *p)))
-	    p++;
-	if(*p == '\0')
-	    return 0;
-    }
-    lreply(553, "\"%s\" is not an acceptable filename.", filename);
-    lreply(553, "The filename must start with an alphanumeric "
-	   "character and must only");
-    reply(553, "consist of alphanumeric characters or any of the following: %s", 
-	  good_chars);
-    return 1;
-}
-
-void
-do_store(char *name, char *mode, int unique)
-{
-	FILE *fout, *din;
-	struct stat st;
-	int (*closefunc) (FILE *);
-
-	if(guest && filename_check(name))
-	    return;
-	if (unique && stat(name, &st) == 0 &&
-	    (name = gunique(name)) == NULL) {
-		LOGCMD(*mode == 'w' ? "put" : "append", name);
-		return;
-	}
-
-	if (restart_point)
-		mode = "r+";
-	fout = fopen(name, mode);
-	closefunc = fclose;
-	if (fout == NULL) {
-		perror_reply(553, name);
-		LOGCMD(*mode == 'w' ? "put" : "append", name);
-		return;
-	}
-	byte_count = -1;
-	if (restart_point) {
-		if (type == TYPE_A) {
-			off_t i, n;
-			int c;
-
-			n = restart_point;
-			i = 0;
-			while (i++ < n) {
-				if ((c=getc(fout)) == EOF) {
-					perror_reply(550, name);
-					goto done;
-				}
-				if (c == '\n')
-					i++;
-			}
-			/*
-			 * We must do this seek to "current" position
-			 * because we are changing from reading to
-			 * writing.
-			 */
-			if (fseek(fout, 0L, SEEK_CUR) < 0) {
-				perror_reply(550, name);
-				goto done;
-			}
-		} else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
-			perror_reply(550, name);
-			goto done;
-		}
-	}
-	din = dataconn(name, (off_t)-1, "r");
-	if (din == NULL)
-		goto done;
-	set_buffer_size(fileno(din), 1);
-	if (receive_data(din, fout) == 0) {
-	    if((*closefunc)(fout) < 0)
-		perror_reply(552, name);
-	    else {
-		if (unique)
-			reply(226, "Transfer complete (unique file name:%s).",
-			    name);
-		else
-			reply(226, "Transfer complete.");
-	    }
-	} else
-	    (*closefunc)(fout);
-	fclose(din);
-	data = -1;
-	pdata = -1;
-done:
-	LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
-}
-
-static FILE *
-getdatasock(const char *mode)
-{
-	int s, t, tries;
-
-	if (data >= 0)
-		return (fdopen(data, mode));
-	seteuid(0);
-	s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
-	if (s < 0)
-		goto bad;
-	socket_set_reuseaddr (s, 1);
-	/* anchor socket to avoid multi-homing problems */
-	socket_set_address_and_port (data_source,
-				     socket_get_address (ctrl_addr),
-				     socket_get_port (data_source));
-
-	for (tries = 1; ; tries++) {
-		if (bind(s, data_source,
-			 socket_sockaddr_size (data_source)) >= 0)
-			break;
-		if (errno != EADDRINUSE || tries > 10)
-			goto bad;
-		sleep(tries);
-	}
-	seteuid(pw->pw_uid);
-#ifdef IPTOS_THROUGHPUT
-	socket_set_tos (s, IPTOS_THROUGHPUT);
-#endif
-	return (fdopen(s, mode));
-bad:
-	/* Return the real value of errno (close may change it) */
-	t = errno;
-	seteuid((uid_t)pw->pw_uid);
-	close(s);
-	errno = t;
-	return (NULL);
-}
-
-static int
-accept_with_timeout(int socket, 
-		    struct sockaddr *address,
-		    socklen_t *address_len,
-		    struct timeval *timeout)
-{
-    int ret;
-    fd_set rfd;
-    FD_ZERO(&rfd);
-    FD_SET(socket, &rfd);
-    ret = select(socket + 1, &rfd, NULL, NULL, timeout);
-    if(ret < 0)
-	return ret;
-    if(ret == 0) {
-	errno = ETIMEDOUT;
-	return -1;
-    }
-    return accept(socket, address, address_len);
-}
-
-static FILE *
-dataconn(const char *name, off_t size, const char *mode)
-{
-	char sizebuf[32];
-	FILE *file;
-	int retry = 0;
-
-	file_size = size;
-	byte_count = 0;
-	if (size >= 0)
-	    snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", (long)size);
-	else
-	    *sizebuf = '\0';
-	if (pdata >= 0) {
-		struct sockaddr_storage from_ss;
-		struct sockaddr *from = (struct sockaddr *)&from_ss;
-		struct timeval timeout;
-		int s;
-		socklen_t fromlen = sizeof(from_ss);
-
-		timeout.tv_sec = 15;
-		timeout.tv_usec = 0;
-		s = accept_with_timeout(pdata, from, &fromlen, &timeout);
-		if (s < 0) {
-			reply(425, "Can't open data connection.");
-			close(pdata);
-			pdata = -1;
-			return (NULL);
-		}
-		close(pdata);
-		pdata = s;
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-		{
-		    int tos = IPTOS_THROUGHPUT;
-		    
-		    setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
-			       sizeof(tos));
-		}
-#endif
-		reply(150, "Opening %s mode data connection for '%s'%s.",
-		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
-		return (fdopen(pdata, mode));
-	}
-	if (data >= 0) {
-		reply(125, "Using existing data connection for '%s'%s.",
-		    name, sizebuf);
-		usedefault = 1;
-		return (fdopen(data, mode));
-	}
-	if (usedefault)
-		data_dest = his_addr;
-	usedefault = 1;
-	file = getdatasock(mode);
-	if (file == NULL) {
-		char data_addr[256];
-
-		if (inet_ntop (data_source->sa_family,
-			       socket_get_address(data_source),
-			       data_addr, sizeof(data_addr)) == NULL)
-			strlcpy (data_addr, "unknown address",
-					 sizeof(data_addr));
-
-		reply(425, "Can't create data socket (%s,%d): %s.",
-		      data_addr,
-		      socket_get_port (data_source),
-		      strerror(errno));
-		return (NULL);
-	}
-	data = fileno(file);
-	while (connect(data, data_dest,
-		       socket_sockaddr_size(data_dest)) < 0) {
-		if (errno == EADDRINUSE && retry < swaitmax) {
-			sleep(swaitint);
-			retry += swaitint;
-			continue;
-		}
-		perror_reply(425, "Can't build data connection");
-		fclose(file);
-		data = -1;
-		return (NULL);
-	}
-	reply(150, "Opening %s mode data connection for '%s'%s.",
-	     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
-	return (file);
-}
-
-/*
- * Tranfer the contents of "instr" to "outstr" peer using the appropriate
- * encapsulation of the data subject * to Mode, Structure, and Type.
- *
- * NB: Form isn't handled.
- */
-static void
-send_data(FILE *instr, FILE *outstr)
-{
-	int c, cnt, filefd, netfd;
-	static char *buf;
-	static size_t bufsize;
-
-	transflag++;
-	if (setjmp(urgcatch)) {
-		transflag = 0;
-		return;
-	}
-	switch (type) {
-
-	case TYPE_A:
-	    while ((c = getc(instr)) != EOF) {
-		byte_count++;
-		if(c == '\n')
-		    sec_putc('\r', outstr);
-		sec_putc(c, outstr);
-	    }
-	    sec_fflush(outstr);
-	    transflag = 0;
-	    if (ferror(instr))
-		goto file_err;
-	    if (ferror(outstr))
-		goto data_err;
-	    reply(226, "Transfer complete.");
-	    return;
-		
-	case TYPE_I:
-	case TYPE_L:
-#if defined(HAVE_MMAP) && !defined(NO_MMAP)
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-	    {
-		struct stat st;
-		char *chunk;
-		int in = fileno(instr);
-		if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) 
-		   && st.st_size > 0) {
-		    /*
-		     * mmap zero bytes has potential of loosing, don't do it.
-		     */
-		    chunk = mmap(0, st.st_size, PROT_READ,
-				 MAP_SHARED, in, 0);
-		    if((void *)chunk != (void *)MAP_FAILED) {
-			cnt = st.st_size - restart_point;
-			sec_write(fileno(outstr), chunk + restart_point, cnt);
-			if (munmap(chunk, st.st_size) < 0)
-			    warn ("munmap");
-			sec_fflush(outstr);
-			byte_count = cnt;
-			transflag = 0;
-		    }
-		}
-	    }
-#endif
-	if(transflag) {
-	    struct stat st;
-
-	    netfd = fileno(outstr);
-	    filefd = fileno(instr);
-	    buf = alloc_buffer (buf, &bufsize,
-				fstat(filefd, &st) >= 0 ? &st : NULL);
-	    if (buf == NULL) {
-		transflag = 0;
-		perror_reply(451, "Local resource failure: malloc");
-		return;
-	    }
-	    while ((cnt = read(filefd, buf, bufsize)) > 0 &&
-		   sec_write(netfd, buf, cnt) == cnt)
-		byte_count += cnt;
-	    sec_fflush(outstr); /* to end an encrypted stream */
-	    transflag = 0;
-	    if (cnt != 0) {
-		if (cnt < 0)
-		    goto file_err;
-		goto data_err;
-	    }
-	}
-	reply(226, "Transfer complete.");
-	return;
-	default:
-	    transflag = 0;
-	    reply(550, "Unimplemented TYPE %d in send_data", type);
-	    return;
-	}
-
-data_err:
-	transflag = 0;
-	perror_reply(426, "Data connection");
-	return;
-
-file_err:
-	transflag = 0;
-	perror_reply(551, "Error on input file");
-}
-
-/*
- * Transfer data from peer to "outstr" using the appropriate encapulation of
- * the data subject to Mode, Structure, and Type.
- *
- * N.B.: Form isn't handled.
- */
-static int
-receive_data(FILE *instr, FILE *outstr)
-{
-    int cnt, bare_lfs = 0;
-    static char *buf;
-    static size_t bufsize;
-    struct stat st;
-
-    transflag++;
-    if (setjmp(urgcatch)) {
-	transflag = 0;
-	return (-1);
-    }
-
-    buf = alloc_buffer (buf, &bufsize,
-			fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
-    if (buf == NULL) {
-	transflag = 0;
-	perror_reply(451, "Local resource failure: malloc");
-	return -1;
-    }
-    
-    switch (type) {
-
-    case TYPE_I:
-    case TYPE_L:
-	while ((cnt = sec_read(fileno(instr), buf, bufsize)) > 0) {
-	    if (write(fileno(outstr), buf, cnt) != cnt)
-		goto file_err;
-	    byte_count += cnt;
-	}
-	if (cnt < 0)
-	    goto data_err;
-	transflag = 0;
-	return (0);
-
-    case TYPE_E:
-	reply(553, "TYPE E not implemented.");
-	transflag = 0;
-	return (-1);
-
-    case TYPE_A:
-    {
-	char *p, *q;
-	int cr_flag = 0;
-	while ((cnt = sec_read(fileno(instr),
-				buf + cr_flag, 
-				bufsize - cr_flag)) > 0){
-	    byte_count += cnt;
-	    cnt += cr_flag;
-	    cr_flag = 0;
-	    for(p = buf, q = buf; p < buf + cnt;) {
-		if(*p == '\n')
-		    bare_lfs++;
-		if(*p == '\r') {
-		    if(p == buf + cnt - 1){
-			cr_flag = 1;
-			p++;
-			continue;
-		    }else if(p[1] == '\n'){
-			*q++ = '\n';
-			p += 2;
-			continue;
-		    }
-		}
-		*q++ = *p++;
-	    }
-	    fwrite(buf, q - buf, 1, outstr);
-	    if(cr_flag)
-		buf[0] = '\r';
-	}
-	if(cr_flag)
-	    putc('\r', outstr);
-	fflush(outstr);
-	if (ferror(instr))
-	    goto data_err;
-	if (ferror(outstr))
-	    goto file_err;
-	transflag = 0;
-	if (bare_lfs) {
-	    lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
-		   "    File may not have transferred correctly.\r\n",
-		   bare_lfs);
-	}
-	return (0);
-    }
-    default:
-	reply(550, "Unimplemented TYPE %d in receive_data", type);
-	transflag = 0;
-	return (-1);
-    }
-	
-data_err:
-    transflag = 0;
-    perror_reply(426, "Data Connection");
-    return (-1);
-	
-file_err:
-    transflag = 0;
-    perror_reply(452, "Error writing file");
-    return (-1);
-}
-
-void
-statfilecmd(char *filename)
-{
-	FILE *fin;
-	int c;
-	char line[LINE_MAX];
-
-	snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
-	fin = ftpd_popen(line, "r", 1, 0);
-	lreply(211, "status of %s:", filename);
-	while ((c = getc(fin)) != EOF) {
-		if (c == '\n') {
-			if (ferror(stdout)){
-				perror_reply(421, "control connection");
-				ftpd_pclose(fin);
-				dologout(1);
-				/* NOTREACHED */
-			}
-			if (ferror(fin)) {
-				perror_reply(551, filename);
-				ftpd_pclose(fin);
-				return;
-			}
-			putc('\r', stdout);
-		}
-		putc(c, stdout);
-	}
-	ftpd_pclose(fin);
-	reply(211, "End of Status");
-}
-
-void
-statcmd(void)
-{
-#if 0
-	struct sockaddr_in *sin;
-	u_char *a, *p;
-
-	lreply(211, "%s FTP server (%s) status:", hostname, version);
-	printf("     %s\r\n", version);
-	printf("     Connected to %s", remotehost);
-	if (!isdigit(remotehost[0]))
-		printf(" (%s)", inet_ntoa(his_addr.sin_addr));
-	printf("\r\n");
-	if (logged_in) {
-		if (guest)
-			printf("     Logged in anonymously\r\n");
-		else
-			printf("     Logged in as %s\r\n", pw->pw_name);
-	} else if (askpasswd)
-		printf("     Waiting for password\r\n");
-	else
-		printf("     Waiting for user name\r\n");
-	printf("     TYPE: %s", typenames[type]);
-	if (type == TYPE_A || type == TYPE_E)
-		printf(", FORM: %s", formnames[form]);
-	if (type == TYPE_L)
-#if NBBY == 8
-		printf(" %d", NBBY);
-#else
-		printf(" %d", bytesize);	/* need definition! */
-#endif
-	printf("; STRUcture: %s; transfer MODE: %s\r\n",
-	    strunames[stru], modenames[mode]);
-	if (data != -1)
-		printf("     Data connection open\r\n");
-	else if (pdata != -1) {
-		printf("     in Passive mode");
-		sin = &pasv_addr;
-		goto printaddr;
-	} else if (usedefault == 0) {
-		printf("     PORT");
-		sin = &data_dest;
-printaddr:
-		a = (u_char *) &sin->sin_addr;
-		p = (u_char *) &sin->sin_port;
-#define UC(b) (((int) b) & 0xff)
-		printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]),
-			UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
-#undef UC
-	} else
-		printf("     No data connection\r\n");
-#endif
-	reply(211, "End of status");
-}
-
-void
-fatal(char *s)
-{
-
-	reply(451, "Error in server: %s\n", s);
-	reply(221, "Closing connection due to server error.");
-	dologout(0);
-	/* NOTREACHED */
-}
-
-static void
-int_reply(int, char *, const char *, va_list)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 3, 0)))
-#endif
-;
-
-static void
-int_reply(int n, char *c, const char *fmt, va_list ap)
-{
-    char buf[10240];
-    char *p;
-    p=buf;
-    if(n){
-	snprintf(p, sizeof(buf), "%d%s", n, c);
-	p+=strlen(p);
-    }
-    vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
-    p+=strlen(p);
-    snprintf(p, sizeof(buf) - strlen(p), "\r\n");
-    p+=strlen(p);
-    sec_fprintf(stdout, "%s", buf);
-    fflush(stdout);
-    if (debug)
-	syslog(LOG_DEBUG, "<--- %s- ", buf);
-}
-
-void
-reply(int n, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  int_reply(n, " ", fmt, ap);
-  delete_ftp_command();
-  va_end(ap);
-}
-
-void
-lreply(int n, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  int_reply(n, "-", fmt, ap);
-  va_end(ap);
-}
-
-void
-nreply(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  int_reply(0, NULL, fmt, ap);
-  va_end(ap);
-}
-
-static void
-ack(char *s)
-{
-
-	reply(250, "%s command successful.", s);
-}
-
-void
-nack(char *s)
-{
-
-	reply(502, "%s command not implemented.", s);
-}
-
-/* ARGSUSED */
-void
-yyerror(char *s)
-{
-	char *cp;
-
-	if ((cp = strchr(cbuf,'\n')))
-		*cp = '\0';
-	reply(500, "'%s': command not understood.", cbuf);
-}
-
-void
-do_delete(char *name)
-{
-	struct stat st;
-
-	LOGCMD("delete", name);
-	if (stat(name, &st) < 0) {
-		perror_reply(550, name);
-		return;
-	}
-	if ((st.st_mode&S_IFMT) == S_IFDIR) {
-		if (rmdir(name) < 0) {
-			perror_reply(550, name);
-			return;
-		}
-		goto done;
-	}
-	if (unlink(name) < 0) {
-		perror_reply(550, name);
-		return;
-	}
-done:
-	ack("DELE");
-}
-
-void
-cwd(char *path)
-{
-
-	if (chdir(path) < 0)
-		perror_reply(550, path);
-	else
-		ack("CWD");
-}
-
-void
-makedir(char *name)
-{
-
-	LOGCMD("mkdir", name);
-	if(guest && filename_check(name))
-	    return;
-	if (mkdir(name, 0777) < 0)
-		perror_reply(550, name);
-	else{
-	    if(guest)
-		chmod(name, 0700); /* guest has umask 777 */
-	    reply(257, "MKD command successful.");
-	}
-}
-
-void
-removedir(char *name)
-{
-
-	LOGCMD("rmdir", name);
-	if (rmdir(name) < 0)
-		perror_reply(550, name);
-	else
-		ack("RMD");
-}
-
-void
-pwd(void)
-{
-    char path[MaxPathLen];
-    char *ret;
-
-    /* SunOS has a broken getcwd that does popen(pwd) (!!!), this
-     * failes miserably when running chroot 
-     */
-    ret = getcwd(path, sizeof(path));
-    if (ret == NULL)
-	reply(550, "%s.", strerror(errno));
-    else
-	reply(257, "\"%s\" is current directory.", path);
-}
-
-char *
-renamefrom(char *name)
-{
-	struct stat st;
-
-	if (stat(name, &st) < 0) {
-		perror_reply(550, name);
-		return NULL;
-	}
-	reply(350, "File exists, ready for destination name");
-	return (name);
-}
-
-void
-renamecmd(char *from, char *to)
-{
-
-	LOGCMD2("rename", from, to);
-	if(guest && filename_check(to))
-	    return;
-	if (rename(from, to) < 0)
-		perror_reply(550, "rename");
-	else
-		ack("RNTO");
-}
-
-static void
-dolog(struct sockaddr *sa, int len)
-{
-	getnameinfo_verified (sa, len, remotehost, sizeof(remotehost),
-			      NULL, 0, 0);
-#ifdef HAVE_SETPROCTITLE
-	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
-	setproctitle("%s", proctitle);
-#endif /* HAVE_SETPROCTITLE */
-
-	if (logging) {
-		char data_addr[256];
-
-		if (inet_ntop (his_addr->sa_family,
-			       socket_get_address(his_addr),
-			       data_addr, sizeof(data_addr)) == NULL)
-			strlcpy (data_addr, "unknown address",
-					 sizeof(data_addr));
-
-
-		syslog(LOG_INFO, "connection from %s(%s)",
-		       remotehost,
-		       data_addr);
-	}
-}
-
-/*
- * Record logout in wtmp file
- * and exit with supplied status.
- */
-void
-dologout(int status)
-{
-    transflag = 0;
-    if (logged_in) {
-	seteuid((uid_t)0);
-	ftpd_logwtmp(ttyline, "", "");
-#ifdef KRB4
-	cond_kdestroy();
-#endif
-    }
-    /* beware of flushing buffers after a SIGPIPE */
-#ifdef XXX
-    exit(status);
-#else
-    _exit(status);
-#endif	
-}
-
-void abor(void)
-{
-}
-
-static void
-myoob(int signo)
-{
-#if 0
-	char *cp;
-#endif
-
-	/* only process if transfer occurring */
-	if (!transflag)
-		return;
-
-	/* This is all XXX */
-	oobflag = 1;
-	/* if the command resulted in a new command, 
-	   parse that as well */
-	do{
-	    yyparse();
-	} while(ftp_command);
-	oobflag = 0;
-
-#if 0 
-	cp = tmpline;
-	if (ftpd_getline(cp, 7) == NULL) {
-		reply(221, "You could at least say goodbye.");
-		dologout(0);
-	}
-	upper(cp);
-	if (strcmp(cp, "ABOR\r\n") == 0) {
-		tmpline[0] = '\0';
-		reply(426, "Transfer aborted. Data connection closed.");
-		reply(226, "Abort successful");
-		longjmp(urgcatch, 1);
-	}
-	if (strcmp(cp, "STAT\r\n") == 0) {
-		if (file_size != (off_t) -1)
-			reply(213, "Status: %ld of %ld bytes transferred",
-			      (long)byte_count,
-			      (long)file_size);
-		else
-			reply(213, "Status: %ld bytes transferred"
-			      (long)byte_count);
-	}
-#endif
-}
-
-/*
- * Note: a response of 425 is not mentioned as a possible response to
- *	the PASV command in RFC959. However, it has been blessed as
- *	a legitimate response by Jon Postel in a telephone conversation
- *	with Rick Adams on 25 Jan 89.
- */
-void
-pasv(void)
-{
-	socklen_t len;
-	char *p, *a;
-	struct sockaddr_in *sin;
-
-	if (ctrl_addr->sa_family != AF_INET) {
-		reply(425,
-		      "You cannot do PASV with something that's not IPv4");
-		return;
-	}
-
-	if(pdata != -1)
-	    close(pdata);
-
-	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
-	if (pdata < 0) {
-		perror_reply(425, "Can't open passive connection");
-		return;
-	}
-	pasv_addr->sa_family = ctrl_addr->sa_family;
-	socket_set_address_and_port (pasv_addr,
-				     socket_get_address (ctrl_addr),
-				     0);
-	socket_set_portrange(pdata, restricted_data_ports, 
-	    pasv_addr->sa_family); 
-	seteuid(0);
-	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
-		goto pasv_error;
-	}
-	seteuid(pw->pw_uid);
-	len = sizeof(pasv_addr_ss);
-	if (getsockname(pdata, pasv_addr, &len) < 0)
-		goto pasv_error;
-	if (listen(pdata, 1) < 0)
-		goto pasv_error;
-	sin = (struct sockaddr_in *)pasv_addr;
-	a = (char *) &sin->sin_addr;
-	p = (char *) &sin->sin_port;
-
-#define UC(b) (((int) b) & 0xff)
-
-	reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
-		UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
-	return;
-
-pasv_error:
-	close(pdata);
-	pdata = -1;
-	perror_reply(425, "Can't open passive connection");
-	return;
-}
-
-void
-epsv(char *proto)
-{
-	socklen_t len;
-
-	pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
-	if (pdata < 0) {
-		perror_reply(425, "Can't open passive connection");
-		return;
-	}
-	pasv_addr->sa_family = ctrl_addr->sa_family;
-	socket_set_address_and_port (pasv_addr,
-				     socket_get_address (ctrl_addr),
-				     0);
-	socket_set_portrange(pdata, restricted_data_ports, 
-	    pasv_addr->sa_family); 
-	seteuid(0);
-	if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
-		seteuid(pw->pw_uid);
-		goto pasv_error;
-	}
-	seteuid(pw->pw_uid);
-	len = sizeof(pasv_addr_ss);
-	if (getsockname(pdata, pasv_addr, &len) < 0)
-		goto pasv_error;
-	if (listen(pdata, 1) < 0)
-		goto pasv_error;
-
-	reply(229, "Entering Extended Passive Mode (|||%d|)",
-	      ntohs(socket_get_port (pasv_addr)));
-	return;
-
-pasv_error:
-	close(pdata);
-	pdata = -1;
-	perror_reply(425, "Can't open passive connection");
-	return;
-}
-
-void
-eprt(char *str)
-{
-	char *end;
-	char sep;
-	int af;
-	int ret;
-	int port;
-
-	usedefault = 0;
-	if (pdata >= 0) {
-	    close(pdata);
-	    pdata = -1;
-	}
-
-	sep = *str++;
-	if (sep == '\0') {
-		reply(500, "Bad syntax in EPRT");
-		return;
-	}
-	af = strtol (str, &end, 0);
-	if (af == 0 || *end != sep) {
-		reply(500, "Bad syntax in EPRT");
-		return;
-	}
-	str = end + 1;
-	switch (af) {
-#ifdef HAVE_IPV6
-	case 2 :
-	    data_dest->sa_family = AF_INET6;
-	    break;
-#endif		
-	case 1 :
-	    data_dest->sa_family = AF_INET;
-		break;
-	default :
-		reply(522, "Network protocol %d not supported, use (1"
-#ifdef HAVE_IPV6
-		      ",2"
-#endif
-		      ")", af);
-		return;
-	}
-	end = strchr (str, sep);
-	if (end == NULL) {
-		reply(500, "Bad syntax in EPRT");
-		return;
-	}
-	*end = '\0';
-	ret = inet_pton (data_dest->sa_family, str,
-			 socket_get_address (data_dest));
-
-	if (ret != 1) {
-		reply(500, "Bad address syntax in EPRT");
-		return;
-	}
-	str = end + 1;
-	port = strtol (str, &end, 0);
-	if (port == 0 || *end != sep) {
-		reply(500, "Bad port syntax in EPRT");
-		return;
-	}
-	socket_set_port (data_dest, htons(port));
-	reply(200, "EPRT command successful.");
-}
-
-/*
- * Generate unique name for file with basename "local".
- * The file named "local" is already known to exist.
- * Generates failure reply on error.
- */
-static char *
-gunique(char *local)
-{
-	static char new[MaxPathLen];
-	struct stat st;
-	int count;
-	char *cp;
-
-	cp = strrchr(local, '/');
-	if (cp)
-		*cp = '\0';
-	if (stat(cp ? local : ".", &st) < 0) {
-		perror_reply(553, cp ? local : ".");
-		return NULL;
-	}
-	if (cp)
-		*cp = '/';
-	for (count = 1; count < 100; count++) {
-		snprintf (new, sizeof(new), "%s.%d", local, count);
-		if (stat(new, &st) < 0)
-			return (new);
-	}
-	reply(452, "Unique file name cannot be created.");
-	return (NULL);
-}
-
-/*
- * Format and send reply containing system error number.
- */
-void
-perror_reply(int code, const char *string)
-{
-	reply(code, "%s: %s.", string, strerror(errno));
-}
-
-static char *onefile[] = {
-	"",
-	0
-};
-
-void
-list_file(char *file)
-{
-    if(use_builtin_ls) {
-	FILE *dout;
-	dout = dataconn(file, -1, "w");
-	if (dout == NULL)
-	    return;
-	set_buffer_size(fileno(dout), 0);
-	if(builtin_ls(dout, file) == 0)
-	    reply(226, "Transfer complete.");
-	else
-	    reply(451, "Requested action aborted. Local error in processing.");
-	fclose(dout);
-	data = -1;
-	pdata = -1;
-    } else {
-#ifdef HAVE_LS_A
-	const char *cmd = "/bin/ls -lA %s";
-#else
-	const char *cmd = "/bin/ls -la %s";
-#endif
-	retrieve(cmd, file);
-    }
-}
-
-void
-send_file_list(char *whichf)
-{
-  struct stat st;
-  DIR *dirp = NULL;
-  struct dirent *dir;
-  FILE *dout = NULL;
-  char **dirlist, *dirname;
-  int simple = 0;
-  int freeglob = 0;
-  glob_t gl;
-  char buf[MaxPathLen];
-
-  if (strpbrk(whichf, "~{[*?") != NULL) {
-    int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-	GLOB_MAXPATH
-#else
-	GLOB_LIMIT
-#endif
-	;
-
-    memset(&gl, 0, sizeof(gl));
-    freeglob = 1;
-    if (glob(whichf, flags, 0, &gl)) {
-      reply(550, "not found");
-      goto out;
-    } else if (gl.gl_pathc == 0) {
-      errno = ENOENT;
-      perror_reply(550, whichf);
-      goto out;
-    }
-    dirlist = gl.gl_pathv;
-  } else {
-    onefile[0] = whichf;
-    dirlist = onefile;
-    simple = 1;
-  }
-
-  if (setjmp(urgcatch)) {
-    transflag = 0;
-    goto out;
-  }
-  while ((dirname = *dirlist++)) {
-    if (stat(dirname, &st) < 0) {
-      /*
-       * If user typed "ls -l", etc, and the client
-       * used NLST, do what the user meant.
-       */
-      if (dirname[0] == '-' && *dirlist == NULL &&
-	  transflag == 0) {
-	  list_file(dirname);
-	  goto out;
-      }
-      perror_reply(550, whichf);
-      if (dout != NULL) {
-	fclose(dout);
-	transflag = 0;
-	data = -1;
-	pdata = -1;
-      }
-      goto out;
-    }
-
-    if (S_ISREG(st.st_mode)) {
-      if (dout == NULL) {
-	dout = dataconn("file list", (off_t)-1, "w");
-	if (dout == NULL)
-	  goto out;
-	transflag++;
-      }
-      snprintf(buf, sizeof(buf), "%s%s\n", dirname,
-	      type == TYPE_A ? "\r" : "");
-      sec_write(fileno(dout), buf, strlen(buf));
-      byte_count += strlen(dirname) + 1;
-      continue;
-    } else if (!S_ISDIR(st.st_mode))
-      continue;
-
-    if ((dirp = opendir(dirname)) == NULL)
-      continue;
-
-    while ((dir = readdir(dirp)) != NULL) {
-      char nbuf[MaxPathLen];
-
-      if (!strcmp(dir->d_name, "."))
-	continue;
-      if (!strcmp(dir->d_name, ".."))
-	continue;
-
-      snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
-
-      /*
-       * We have to do a stat to insure it's
-       * not a directory or special file.
-       */
-      if (simple || (stat(nbuf, &st) == 0 &&
-		     S_ISREG(st.st_mode))) {
-	if (dout == NULL) {
-	  dout = dataconn("file list", (off_t)-1, "w");
-	  if (dout == NULL)
-	    goto out;
-	  transflag++;
-	}
-	if(strncmp(nbuf, "./", 2) == 0)
-	  snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
-		   type == TYPE_A ? "\r" : "");
-	else
-	  snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
-		   type == TYPE_A ? "\r" : "");
-	sec_write(fileno(dout), buf, strlen(buf));
-	byte_count += strlen(nbuf) + 1;
-      }
-    }
-    closedir(dirp);
-  }
-  if (dout == NULL)
-    reply(550, "No files found.");
-  else if (ferror(dout) != 0)
-    perror_reply(550, "Data connection");
-  else
-    reply(226, "Transfer complete.");
-
-  transflag = 0;
-  if (dout != NULL){
-    sec_write(fileno(dout), buf, 0); /* XXX flush */
-	    
-    fclose(dout);
-  }
-  data = -1;
-  pdata = -1;
-out:
-  if (freeglob) {
-    freeglob = 0;
-    globfree(&gl);
-  }
-}
-
-
-int
-find(char *pattern)
-{
-    char line[1024];
-    FILE *f;
-
-    snprintf(line, sizeof(line),
-	     "/bin/locate -d %s -- %s",
-	     ftp_rooted("/etc/locatedb"),
-	     pattern);
-    f = ftpd_popen(line, "r", 1, 1);
-    if(f == NULL){
-	perror_reply(550, "/bin/locate");
-	return 1;
-    }
-    lreply(200, "Output from find.");
-    while(fgets(line, sizeof(line), f)){
-	if(line[strlen(line)-1] == '\n')
-	    line[strlen(line)-1] = 0;
-	nreply("%s", line);
-    }
-    reply(200, "Done");
-    ftpd_pclose(f);
-    return 0;
-}
-
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
deleted file mode 100644
index 4951f6a564b1..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8
+++ /dev/null
@@ -1,297 +0,0 @@
-FTPD(8)                 NetBSD System Manager's Manual                 FTPD(8)
-
-NNAAMMEE
-     ffttppdd - Internet File Transfer Protocol server
-
-SSYYNNOOPPSSIISS
-     ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
-     _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
-
-DDEESSCCRRIIPPTTIIOONN
-     FFttppdd is the Internet File Transfer Protocol server process.  The server
-     uses the TCP protocol and listens at the port specified in the ``ftp''
-     service specification; see services(5).
-
-     Available options:
-
-     --aa      Select the level of authentication required.  Kerberised login
-             can not be turned off. The default is to only allow kerberised
-             login.  Other possibilities can be turned on by giving a string
-             of comma separated flags as argument to --aa. Recognised flags are:
-
-             _p_l_a_i_n  Allow logging in with plaintext password. The password can
-                    be a(n) OTP or an ordinary password.
-
-             _o_t_p    Same as _p_l_a_i_n, but only OTP is allowed.
-
-             _f_t_p    Allow anonymous login.
-
-             The following combination modes exists for backwards compatibili-
-             ty:
-
-             _n_o_n_e   Same as _p_l_a_i_n_,_f_t_p.
-
-             _s_a_f_e   Same as _f_t_p.
-
-             _u_s_e_r   Ignored.
-
-     --dd      Debugging information is written to the syslog using LOG_FTP.
-
-     --gg      Anonymous users will get a umask of _u_m_a_s_k.
-
-     --ii      Open a socket and wait for a connection. This is mainly used for
-             debugging when ftpd isn't started by inetd.
-
-     --ll      Each successful and failed ftp(1) session is logged using syslog
-             with a facility of LOG_FTP.  If this option is specified twice,
-             the retrieve (get), store (put), append, delete, make directory,
-             remove directory and rename operations and their filename argu-
-             ments are also logged.
-
-     --pp      Use _p_o_r_t (a service name or number) instead of the default
-             _f_t_p_/_t_c_p.
-
-     --TT      A client may also request a different timeout period; the maximum
-             period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
-             The default limit is 2 hours.
-
-     --tt      The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
-             fault is 15 minutes).
-
-     --uu      Set the initial umask to something else than the default 027.
-
-     --UU      In previous versions of ffttppdd, when a passive mode client request-
-             ed a data connection to the server, the server would use data
-             ports in the range 1024..4999.  Now, by default, if the system
-             supports the IP_PORTRANGE socket option, the server will use data
-             ports in the range 49152..65535.  Specifying this option will re-
-             vert to the old behavior.
-
-     --vv      Verbose mode.
-
-     --BB, ----bbuuiillttiinn--llss
-             use built-in ls to list files
-
-     ----ggoooodd--cchhaarrss==_s_t_r_i_n_g
-             allowed anonymous upload filename chars
-
-     The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access.  If the file ex-
-     ists, ffttppdd displays it and exits.  If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
-     ffttppdd prints it before issuing the ``ready'' message.  If the file
-     _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
-
-     The ftp server currently supports the following ftp requests.  The case
-     of the requests is ignored.
-
-           Request    Description
-           ABOR       abort previous command
-           ACCT       specify account (ignored)
-           ALLO       allocate storage (vacuously)
-           APPE       append to a file
-           CDUP       change to parent of current working directory
-           CWD        change working directory
-           DELE       delete a file
-           HELP       give help information
-           LIST       give list files in a directory (``ls -lgA'')
-           MKD        make a directory
-           MDTM       show last modification time of file
-           MODE       specify data transfer _m_o_d_e
-           NLST       give name list of files in directory
-           NOOP       do nothing
-           PASS       specify password
-           PASV       prepare for server-to-server transfer
-           PORT       specify data connection port
-           PWD        print the current working directory
-           QUIT       terminate session
-           REST       restart incomplete transfer
-           RETR       retrieve a file
-           RMD        remove a directory
-           RNFR       specify rename-from file name
-           RNTO       specify rename-to file name
-           SITE       non-standard commands (see next section)
-           SIZE       return size of file
-           STAT       return status of server
-           STOR       store a file
-           STOU       store a file with a unique name
-           STRU       specify data transfer _s_t_r_u_c_t_u_r_e
-           SYST       show operating system type of server system
-           TYPE       specify data transfer _t_y_p_e
-           USER       specify user name
-           XCUP       change to parent of current working directory
-                      (deprecated)
-           XCWD       change working directory (deprecated)
-           XMKD       make a directory (deprecated)
-           XPWD       print the current working directory (deprecated)
-           XRMD       remove a directory (deprecated)
-
-     The following commands are specified by RFC2228.
-
-           AUTH       authentication/security mechanism
-           ADAT       authentication/security data
-           PROT       data channel protection level
-           PBSZ       protection buffer size
-           MIC        integrity protected command
-           CONF       confidentiality protected command
-           ENC        privacy protected command
-           CCC        clear command channel
-
-     The following non-standard or UNIX specific commands are supported by the
-     SITE request.
-
-           UMASK      change umask, (e.g.  SSIITTEE UUMMAASSKK 000022)
-           IDLE       set idle-timer, (e.g.  SSIITTEE IIDDLLEE 6600)
-           CHMOD      change mode of a file (e.g.  SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
-           FIND       quickly find a specific file with GNU locate(1).
-           HELP       give help information.
-
-     The following Kerberos related site commands are understood.
-
-           KAUTH      obtain remote tickets.
-           KLIST      show remote tickets
-
-     The remaining ftp requests specified in Internet RFC 959 are recognized,
-     but not implemented.  MDTM and SIZE are not specified in RFC 959, but
-     will appear in the next updated FTP RFC.
-
-     The ftp server will abort an active file transfer only when the ABOR com-
-     mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
-     "Synch" signal in the command Telnet stream, as described in Internet RFC
-     959.  If a STAT command is received during a data transfer, preceded by a
-     Telnet IP and Synch, transfer status will be returned.
-
-     FFttppdd interprets file names according to the ``globbing'' conventions used
-     by csh(1).  This allows users to utilize the metacharacters ``*?[]{}~''.
-
-     FFttppdd authenticates users according to these rules.
-
-           1.   If Kerberos authentication is used, the user must pass valid
-                tickets and the principal must be allowed to login as the re-
-                mote user.
-
-           2.   The login name must be in the password data base, and not have
-                a null password (if kerberos is used the password field is not
-                checked).  In this case a password must be provided by the
-                client before any file operations may be performed.  If the
-                user has an OTP key, the response from a successful USER com-
-                mand will include an OTP challenge. The client may choose to
-                respond with a PASS command giving either a standard password
-                or an OTP one-time password. The server will automatically de-
-                termine which type of password it has been given and attempt
-                to authenticate accordingly. See otp(1) for more information
-                on OTP authentication.
-
-           3.   The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
-
-           4.   The user must have a standard shell returned by
-                getusershell(3).
-
-           5.   If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
-                sion's root will be changed to the user's login directory by
-                chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
-                item).  However, the user must still supply a password.  This
-                feature is intended as a compromise between a fully anonymous
-                account and a fully privileged account.  The account should
-                also be set up as for an anonymous account.
-
-           6.   If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
-                account must be present in the password file (user ``ftp'').
-                In this case the user is allowed to log in by specifying any
-                password (by convention an email address for the user should
-                be used as the password).
-
-     In the last case, ffttppdd takes special measures to restrict the client's
-     access privileges.  The server performs a chroot(2) to the home directory
-     of the ``ftp'' user.  In order that system security is not breached, it
-     is recommended that the ``ftp'' subtree be constructed with care, consid-
-     er following these guidelines for anonymous ftp.
-
-     In general all files should be owned by ``root'', and have non-write per-
-     missions (644 or 755 depending on the kind of file). No files should be
-     owned or writable by ``ftp'' (possibly with exception for the
-     _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
-
-           _~_f_t_p      The ``ftp'' homedirectory should be owned by root.
-
-           _~_f_t_p_/_b_i_n  The directory for external programs (such as ls(1)).
-                     These programs must either be statically linked, or you
-                     must setup an environment for dynamic linking when run-
-                     ning chrooted.  These programs will be used if present:
-
-                           ls      Used when listing files.
-
-                           compress
-                                   When retrieving a filename that ends in _._Z,
-                                   and that file isn't present, ffttppdd will try
-                                   to find the filename without _._Z and com-
-                                   press it on the fly.
-
-                           gzip    Same as compress, just with files ending in
-                                   _._g_z.
-
-                           gtar    Enables retrieval of whole directories as
-                                   files ending in _._t_a_r.  Can also be combined
-                                   with compression. You must use GNU Tar (or
-                                   some other that supports the --zz and --ZZ
-                                   flags).
-
-                           locate  Will enable ``fast find'' with the SSIITTEE
-                                   FFIINNDD command. You must also create a
-                                   _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
-
-           _~_f_t_p_/_e_t_c  If you put copies of the passwd(5) and group(5) files
-                     here, ls will be able to produce owner names rather than
-                     numbers. Remember to remove any passwords from these
-                     files.
-
-                     The file _m_o_t_d, if present, will be printed after a suc-
-                     cessful login.
-
-           _~_f_t_p_/_d_e_v  Put a copy of /dev/null(7) here.
-
-           _~_f_t_p_/_p_u_b  Traditional place to put whatever you want to make pub-
-                     lic.
-
-     If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
-     rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
-     ``ftp'' is member of group ``ftp'').  The following restrictions apply to
-     anonymous users:
-
-     ++oo   Directories created will have mode 700.
-
-     ++oo   Uploaded files will be created with an umask of 777, if not changed
-         with the --gg option.
-
-     ++oo   These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
-         and SSIITTEE CCHHMMOODD.
-
-     ++oo   Filenames must start with an alpha-numeric character, and consist of
-         alpha-numeric characters or any of the following: + (plus), - (mi-
-         nus), = (equal), _ (underscore), .  (period), and , (comma).
-
-FFIILLEESS
-     /etc/ftpusers    Access list for users.
-     /etc/ftpchroot   List of normal users who should be chroot'd.
-     /etc/ftpwelcome  Welcome notice.
-     /etc/motd        Welcome notice after login.
-     /etc/nologin     Displayed and access refused.
-     ~/.klogin        Login access for Kerberos.
-
-SSEEEE AALLSSOO
-     ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8)
-
-SSTTAANNDDAARRDDSS
-     RRFFCC 995599   FTP PROTOCOL SPECIFICATION
-     RRFFCC 11993388  OTP Specification
-     RRFFCC 22222288  FTP Security Extensions.
-
-BBUUGGSS
-     The server must run as the super-user to create sockets with privileged
-     port numbers.  It maintains an effective user id of the logged in user,
-     reverting to the super-user only when binding addresses to sockets.  The
-     possible security holes have been extensively scrutinized, but are possi-
-     bly incomplete.
-
-HHIISSTTOORRYY
-     The ffttppdd command appeared in 4.2BSD.
-
-4.2 Berkeley Distribution       April 19, 1997                               5
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
deleted file mode 100644
index 67a02f516cf4..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: ftpd_locl.h,v 1.13 2003/03/18 13:37:13 lha Exp $ */
-
-#ifndef __ftpd_locl_h__
-#define __ftpd_locl_h__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-/*
- * FTP server.
- */
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_IOCCOM_H
-#include <sys/ioccom.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-
-#include <arpa/ftp.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#include <ctype.h>
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-#endif
-#include <errno.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#include <glob.h>
-#include <limits.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <setjmp.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#include <time.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-#include <fnmatch.h>
-
-#ifdef HAVE_BSD_BSD_H
-#include <bsd/bsd.h>
-#endif
-
-#include <err.h>
-#include "roken.h"
-
-#include "pathnames.h"
-#include "extern.h"
-#include "common.h"
-
-#include "security.h"
-
-#ifdef KRB5
-#include <krb5.h>
-#endif /* KRB5 */
-
-#ifdef KRB4
-#include <krb.h>
-#endif
-
-#if defined(KRB4) || defined(KRB5)
-#include <kafs.h>
-#endif
- 
-#ifdef OTP
-#include <otp.h>
-#endif
-
-#ifdef SOCKS
-#include <socks.h>
-extern int LIBPREFIX(fclose)      (FILE *);
-#endif
-
-/* SunOS doesn't have any declaration of fclose */
-
-int fclose(FILE *stream);
-
-int yyparse();
-
-#ifndef LOG_FTP
-#define LOG_FTP LOG_DAEMON
-#endif
-
-#endif /* __ftpd_locl_h__ */
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
deleted file mode 100644
index ce59df820e85..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5
+++ /dev/null
@@ -1,37 +0,0 @@
-.\"	$Id: ftpusers.5,v 1.5 2002/08/20 17:07:04 joda Exp $
-.\"
-.Dd May 7, 1997
-.Dt FTPUSERS 5
-.Os KTH-KRB
-.Sh NAME
-.Pa /etc/ftpusers
-.Nd FTP access list file
-.Sh DESCRIPTION
-.Pa /etc/ftpusers
-contains a list of users that should be allowed or denied FTP
-access. Each line contains a user, optionally followed by
-.Dq allow
-(anything but
-.Dq allow
-is ignored).  The semi-user
-.Dq *
-matches any user.  Users that has an explicit
-.Dq allow ,
-or that does not match any line, are allowed access. Anyone else is
-denied access.
-.Pp
-Note that this is compatible with the old format, where this file
-contained a list of users that should be denied access.
-.Sh EXAMPLES
-This will deny anyone but
-.Dq foo
-and
-.Dq bar
-to use FTP:
-.Bd -literal
-foo allow
-bar allow
-*
-.Ed
-.Sh SEE ALSO
-.Xr ftpd 8
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5
deleted file mode 100644
index 2957aee71641..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5
+++ /dev/null
@@ -1,26 +0,0 @@
-FTPUSERS(5)               NetBSD Programmer's Manual               FTPUSERS(5)
-
-NNAAMMEE
-     _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file
-
-DDEESSCCRRIIPPTTIIOONN
-     _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
-     FTP access. Each line contains a user, optionally followed by ``allow''
-     (anything but ``allow'' is ignored).  The semi-user ``*'' matches any us-
-     er.  Users that has an explicit ``allow'', or that does not match any
-     line, are allowed access. Anyone else is denied access.
-
-     Note that this is compatible with the old format, where this file con-
-     tained a list of users that should be denied access.
-
-EEXXAAMMPPLLEESS
-     This will deny anyone but ``foo'' and ``bar'' to use FTP:
-
-     foo allow
-     bar allow
-     *
-
-SSEEEE AALLSSOO
-     ftpd(8)
-
- KTH-KRB                          May 7, 1997                                1
diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
deleted file mode 100644
index 11a2e75d8cb7..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "ftpd_locl.h"
-#include <gssapi.h>
-#include <krb5.h>
-
-RCSID("$Id: gss_userok.c,v 1.10 2003/03/18 13:56:35 lha Exp $");
-
-/* XXX a bit too much of krb5 dependency here... 
-   What is the correct way to do this? 
-   */
-
-extern krb5_context gssapi_krb5_context;
-
-/* XXX sync with gssapi.c */
-struct gss_data {
-    gss_ctx_id_t context_hdl;
-    char *client_name;
-    gss_cred_id_t delegated_cred_handle;
-};
-
-int gss_userok(void*, char*); /* to keep gcc happy */
-
-int
-gss_userok(void *app_data, char *username)
-{
-    struct gss_data *data = app_data;
-    if(gssapi_krb5_context) {
-	krb5_principal client;
-	krb5_error_code ret;
-        
-	ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client);
-	if(ret)
-	    return 1;
-	ret = krb5_kuserok(gssapi_krb5_context, client, username);
-        if (!ret) {
-           krb5_free_principal(gssapi_krb5_context, client);
-           return 1;
-        }
-        
-        ret = 0;
-        
-        /* more of krb-depend stuff :-( */
-	/* gss_add_cred() ? */
-        if (data->delegated_cred_handle && 
-            data->delegated_cred_handle->ccache ) {
-            
-           krb5_ccache ccache = NULL; 
-           char* ticketfile;
-           struct passwd *pw;
-	   OM_uint32 minor_status;
-           
-           pw = getpwnam(username);
-           
-	   if (pw == NULL) {
-	       ret = 1;
-	       goto fail;
-	   }
-
-           asprintf (&ticketfile, "%s%u", KRB5_DEFAULT_CCROOT,
-		     (unsigned)pw->pw_uid);
-        
-           ret = krb5_cc_resolve(gssapi_krb5_context, ticketfile, &ccache);
-           if (ret)
-              goto fail;
-           
-           ret = gss_krb5_copy_ccache(&minor_status,
-				      data->delegated_cred_handle,
-				      ccache);
-           if (ret)
-              goto fail;
-           
-           chown (ticketfile+5, pw->pw_uid, pw->pw_gid);
-           
-           if (k_hasafs()) {
-	       krb5_afslog(gssapi_krb5_context, ccache, 0, 0);
-           }
-           esetenv ("KRB5CCNAME", ticketfile, 1);
-           
-fail:
-           if (ccache)
-              krb5_cc_close(gssapi_krb5_context, ccache); 
-           krb5_cc_destroy(gssapi_krb5_context, 
-                           data->delegated_cred_handle->ccache);
-           data->delegated_cred_handle->ccache = NULL;
-           free(ticketfile);
-        }
-           
-	krb5_free_principal(gssapi_krb5_context, client);
-        return ret;
-    }
-    return 1;
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/kauth.c b/crypto/heimdal/appl/ftp/ftpd/kauth.c
deleted file mode 100644
index dad4de540152..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/kauth.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "ftpd_locl.h"
-
-RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
-
-static KTEXT_ST cip;
-static unsigned int lifetime;
-static time_t local_time;
-
-static krb_principal pr;
-
-static int do_destroy_tickets = 1;
-
-static int
-save_tkt(const char *user,
-	 const char *instance,
-	 const char *realm,
-	 const void *arg, 
-	 key_proc_t key_proc,
-	 KTEXT *cipp)
-{
-    local_time = time(0);
-    memmove(&cip, *cipp, sizeof(cip));
-    return -1;
-}
-
-static int
-store_ticket(KTEXT cip)
-{
-    char *ptr;
-    des_cblock session;
-    krb_principal sp;
-    unsigned char kvno;
-    KTEXT_ST tkt;
-    int left = cip->length;
-    int len;
-    int kerror;
-    
-    ptr = (char *) cip->dat;
-
-    /* extract session key */
-    memmove(session, ptr, 8);
-    ptr += 8;
-    left -= 8;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-    
-    /* extract server's name */
-    strlcpy(sp.name, ptr, sizeof(sp.name));
-    ptr += len + 1;
-    left -= len + 1;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-    
-    /* extract server's instance */
-    strlcpy(sp.instance, ptr, sizeof(sp.instance));
-    ptr += len + 1;
-    left -= len + 1;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-    
-    /* extract server's realm */
-    strlcpy(sp.realm, ptr, sizeof(sp.realm));
-    ptr += len + 1;
-    left -= len + 1;
-
-    if(left < 3)
-	return INTK_BADPW;
-    /* extract ticket lifetime, server key version, ticket length */
-    /* be sure to avoid sign extension on lifetime! */
-    lifetime = (unsigned char) ptr[0];
-    kvno = (unsigned char) ptr[1];
-    tkt.length = (unsigned char) ptr[2];
-    ptr += 3;
-    left -= 3;
-    
-    if (tkt.length > left)
-	return(INTK_BADPW);
-
-    /* extract ticket itself */
-    memmove(tkt.dat, ptr, tkt.length);
-    ptr += tkt.length;
-    left -= tkt.length;
-
-    /* Here is where the time should be verified against the KDC.
-     * Unfortunately everything is sent in host byte order (receiver
-     * makes wrong) , and at this stage there is no way for us to know
-     * which byteorder the KDC has. So we simply ignore the time,
-     * there are no security risks with this, the only thing that can
-     * happen is that we might receive a replayed ticket, which could
-     * at most be useless.
-     */
-    
-#if 0
-    /* check KDC time stamp */
-    {
-	time_t kdc_time;
-
-	memmove(&kdc_time, ptr, sizeof(kdc_time));
-	if (swap_bytes) swap_u_long(kdc_time);
-
-	ptr += 4;
-    
-	if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
-	    return(RD_AP_TIME);		/* XXX should probably be better
-					   code */
-	}
-    }
-#endif
-
-    /* initialize ticket cache */
-
-    if (tf_create(TKT_FILE) != KSUCCESS)
-	return(INTK_ERR);
-
-    if (tf_put_pname(pr.name) != KSUCCESS ||
-	tf_put_pinst(pr.instance) != KSUCCESS) {
-	tf_close();
-	return(INTK_ERR);
-    }
-
-    
-    kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, 
-			  lifetime, kvno, &tkt, local_time);
-    tf_close();
-
-    return(kerror);
-}
-
-void
-kauth(char *principal, char *ticket)
-{
-    char *p;
-    int ret;
-  
-    if(get_command_prot() != prot_private) {
-	reply(500, "Request denied (bad protection level)");
-	return;
-    }
-    ret = krb_parse_name(principal, &pr);
-    if(ret){
-	reply(500, "Bad principal: %s.", krb_get_err_text(ret));
-	return;
-    }
-    if(pr.realm[0] == 0)
-	krb_get_lrealm(pr.realm, 1);
-
-    if(ticket){
-	cip.length = base64_decode(ticket, &cip.dat);
-	if(cip.length == -1){
-	    reply(500, "Failed to decode data.");
-	    return;
-	}
-	ret = store_ticket(&cip);
-	if(ret){
-	    reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
-	    memset(&cip, 0, sizeof(cip));
-	    return;
-	}
-	do_destroy_tickets = 1;
-
-	if(k_hasafs())
-	    krb_afslog(0, 0);
-	reply(200, "Tickets will be destroyed on exit.");
-	return;
-    }
-    
-    ret = krb_get_in_tkt (pr.name,
-			  pr.instance,
-			  pr.realm,
-			  KRB_TICKET_GRANTING_TICKET,
-			  pr.realm,
-			  DEFAULT_TKT_LIFE,
-			  NULL, save_tkt, NULL);
-    if(ret != INTK_BADPW){
-	reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
-	return;
-    }
-    if(base64_encode(cip.dat, cip.length, &p) < 0) {
-	reply(500, "Out of memory while base64-encoding.");
-	return;
-    }
-    reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
-    free(p);
-    memset(&cip, 0, sizeof(cip));
-}
-
-
-static char *
-short_date(int32_t dp)
-{
-    char *cp;
-    time_t t = (time_t)dp;
-
-    if (t == (time_t)(-1L)) return "***  Never  *** ";
-    cp = ctime(&t) + 4;
-    cp[15] = '\0';
-    return (cp);
-}
-
-void
-klist(void)
-{
-    int err;
-
-    char *file = tkt_string();
-
-    krb_principal pr;
-    
-    char buf1[128], buf2[128];
-    int header = 1;
-    CREDENTIALS c;
-
-    
-
-    err = tf_init(file, R_TKT_FIL);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-    tf_close();
-
-    /* 
-     * We must find the realm of the ticket file here before calling
-     * tf_init because since the realm of the ticket file is not
-     * really stored in the principal section of the file, the
-     * routine we use must itself call tf_init and tf_close.
-     */
-    err = krb_get_tf_realm(file, pr.realm);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-
-    err = tf_init(file, R_TKT_FIL);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-
-    err = tf_get_pname(pr.name);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-    err = tf_get_pinst(pr.instance);
-    if(err != KSUCCESS){
-	reply(500, "%s", krb_get_err_text(err));
-	return;
-    }
-
-    /* 
-     * You may think that this is the obvious place to get the
-     * realm of the ticket file, but it can't be done here as the
-     * routine to do this must open the ticket file.  This is why 
-     * it was done before tf_init.
-     */
-       
-    lreply(200, "Ticket file: %s", tkt_string());
-
-    lreply(200, "Principal: %s", krb_unparse_name(&pr));
-    while ((err = tf_get_cred(&c)) == KSUCCESS) {
-	if (header) {
-	    lreply(200, "%-15s  %-15s  %s",
-		   "  Issued", "  Expires", "  Principal (kvno)");
-	    header = 0;
-	}
-	strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
-	c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
-	if (time(0) < (unsigned long) c.issue_date)
-	    strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
-	else
-	    strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
-	lreply(200, "%s  %s  %s (%d)", buf1, buf2,
-	       krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); 
-    }
-    if (header && err == EOF) {
-	lreply(200, "No tickets in file.");
-    }
-    reply(200, " ");
-}
-
-/*
- * Only destroy if we created the tickets
- */
-
-void
-cond_kdestroy(void)
-{
-    if (do_destroy_tickets)
-	dest_tkt();
-    afsunlog();
-}
-
-void
-kdestroy(void)
-{
-    dest_tkt();
-    afsunlog();
-    reply(200, "Tickets destroyed");
-}
-
-void
-krbtkfile(const char *tkfile)
-{
-    do_destroy_tickets = 0;
-    krb_set_tkt_string(tkfile);
-    reply(200, "Using ticket file %s", tkfile);
-}
-
-void
-afslog(const char *cell)
-{
-    if(k_hasafs()) {
-	krb_afslog(cell, 0);
-	reply(200, "afslog done");
-    } else {
-	reply(200, "no AFS present");
-    }
-}
-
-void
-afsunlog(void)
-{
-    if(k_hasafs())
-	k_unlog();
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
deleted file mode 100644
index 51139a817ecd..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: logwtmp.c,v 1.15 2000/09/19 13:17:05 assar Exp $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#include <roken.h>
-#include "extern.h"
-
-#ifndef WTMP_FILE
-#ifdef _PATH_WTMP
-#define WTMP_FILE _PATH_WTMP
-#else
-#define WTMP_FILE "/var/adm/wtmp"
-#endif
-#endif
-
-void
-ftpd_logwtmp(char *line, char *name, char *host)
-{
-    static int init = 0;
-    static int fd;
-#ifdef WTMPX_FILE
-    static int fdx;
-#endif
-    struct utmp ut;
-#ifdef WTMPX_FILE
-    struct utmpx utx;
-#endif
-
-    memset(&ut, 0, sizeof(struct utmp));
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    if(name[0])
-	ut.ut_type = USER_PROCESS;
-    else
-	ut.ut_type = DEAD_PROCESS;
-#endif
-    strncpy(ut.ut_line, line, sizeof(ut.ut_line));
-    strncpy(ut.ut_name, name, sizeof(ut.ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_PID
-    ut.ut_pid = getpid();
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    strncpy(ut.ut_host, host, sizeof(ut.ut_host));
-#endif
-    ut.ut_time = time(NULL);
-
-#ifdef WTMPX_FILE
-    strncpy(utx.ut_line, line, sizeof(utx.ut_line));
-    strncpy(utx.ut_user, name, sizeof(utx.ut_user));
-    strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
-    utx.ut_syslen = strlen(host) + 1;
-    if (utx.ut_syslen > sizeof(utx.ut_host))
-        utx.ut_syslen = sizeof(utx.ut_host);
-#endif
-    {
-	struct timeval tv;
-
-	gettimeofday (&tv, 0);
-	utx.ut_tv.tv_sec = tv.tv_sec;
-	utx.ut_tv.tv_usec = tv.tv_usec;
-    }
-
-    if(name[0])
-	utx.ut_type = USER_PROCESS;
-    else
-	utx.ut_type = DEAD_PROCESS;
-#endif
-
-    if(!init){
-	fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
-#ifdef WTMPX_FILE
-	fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
-#endif
-	init = 1;
-    }
-    if(fd >= 0) {
-	write(fd, &ut, sizeof(struct utmp)); /* XXX */
-#ifdef WTMPX_FILE
-	write(fdx, &utx, sizeof(struct utmpx));
-#endif	
-    }
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/ls.c b/crypto/heimdal/appl/ftp/ftpd/ls.c
deleted file mode 100644
index f8ec4ad12c4a..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/ls.c
+++ /dev/null
@@ -1,854 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifndef TEST
-#include "ftpd_locl.h"
-
-RCSID("$Id: ls.c,v 1.26 2003/02/25 10:51:30 lha Exp $");
-
-#else
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-#include <errno.h>
-
-#define sec_fprintf2 fprintf
-#define sec_fflush fflush
-static void list_files(FILE *out, const char **files, int n_files, int flags);
-static int parse_flags(const char *options);
-
-int
-main(int argc, char **argv)
-{
-    int i = 1;
-    int flags;
-    if(argc > 1 && argv[1][0] == '-') {
-	flags = parse_flags(argv[1]);
-	i = 2;
-    } else
-	flags = parse_flags(NULL);
-
-    list_files(stdout, (const char **)argv + i, argc - i, flags);
-    return 0;
-}
-#endif
-
-struct fileinfo {
-    struct stat st;
-    int inode;
-    int bsize;
-    char mode[11];
-    int n_link;
-    char *user;
-    char *group;
-    char *size;
-    char *major;
-    char *minor;
-    char *date;
-    char *filename;
-    char *link;
-};
-
-static void
-free_fileinfo(struct fileinfo *f)
-{
-    free(f->user);
-    free(f->group);
-    free(f->size);
-    free(f->major);
-    free(f->minor);
-    free(f->date);
-    free(f->filename);
-    free(f->link);
-}
-
-#define LS_DIRS		(1 << 0)
-#define LS_IGNORE_DOT	(1 << 1)
-#define LS_SORT_MODE	(3 << 2)
-#define SORT_MODE(f) ((f) & LS_SORT_MODE)
-#define LS_SORT_NAME	(1 << 2)
-#define LS_SORT_MTIME	(2 << 2)
-#define LS_SORT_SIZE	(3 << 2)
-#define LS_SORT_REVERSE	(1 << 4)
-
-#define LS_SIZE		(1 << 5)
-#define LS_INODE	(1 << 6)
-#define LS_TYPE		(1 << 7)
-#define LS_DISP_MODE	(3 << 8)
-#define DISP_MODE(f) ((f) & LS_DISP_MODE)
-#define LS_DISP_LONG	(1 << 8)
-#define LS_DISP_COLUMN	(2 << 8)
-#define LS_DISP_CROSS	(3 << 8)
-#define LS_SHOW_ALL	(1 << 10)
-#define LS_RECURSIVE	(1 << 11)
-#define LS_EXTRA_BLANK	(1 << 12)
-#define LS_SHOW_DIRNAME	(1 << 13)
-#define LS_DIR_FLAG	(1 << 14)	/* these files come via list_dir */
-
-#ifndef S_ISTXT
-#define S_ISTXT S_ISVTX
-#endif
-
-#if !defined(_S_IFMT) && defined(S_IFMT)
-#define _S_IFMT S_IFMT
-#endif
-
-#ifndef S_ISSOCK
-#define S_ISSOCK(mode)  (((mode) & _S_IFMT) == S_IFSOCK)
-#endif
-
-#ifndef S_ISLNK
-#define S_ISLNK(mode)   (((mode) & _S_IFMT) == S_IFLNK)
-#endif
-
-static size_t
-block_convert(size_t blocks)
-{
-#ifdef S_BLKSIZE
-    return blocks * S_BLKSIZE / 1024;
-#else
-    return blocks * 512 / 1024;
-#endif
-}
-
-static void
-make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
-{
-    char buf[128];
-    int file_type = 0;
-    struct stat *st = &file->st;
-
-    file->inode = st->st_ino;
-    file->bsize = block_convert(st->st_blocks);
-
-    if(S_ISDIR(st->st_mode)) {
-	file->mode[0] = 'd';
-	file_type = '/';
-    }
-    else if(S_ISCHR(st->st_mode))
-	file->mode[0] = 'c';
-    else if(S_ISBLK(st->st_mode))
-	file->mode[0] = 'b';
-    else if(S_ISREG(st->st_mode)) {
-	file->mode[0] = '-';
-	if(st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
-	    file_type = '*';
-    }
-    else if(S_ISFIFO(st->st_mode)) {
-	file->mode[0] = 'p';
-	file_type = '|';
-    }
-    else if(S_ISLNK(st->st_mode)) {
-	file->mode[0] = 'l';
-	file_type = '@';
-    }
-    else if(S_ISSOCK(st->st_mode)) {
-	file->mode[0] = 's';
-	file_type = '=';
-    }
-#ifdef S_ISWHT
-    else if(S_ISWHT(st->st_mode)) {
-	file->mode[0] = 'w';
-	file_type = '%';
-    }
-#endif
-    else 
-	file->mode[0] = '?';
-    {
-	char *x[] = { "---", "--x", "-w-", "-wx", 
-		      "r--", "r-x", "rw-", "rwx" };
-	strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]);
-	strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]);
-	strcpy(file->mode + 7, x[(st->st_mode & S_IRWXO) >> 0]);
-	if((st->st_mode & S_ISUID)) {
-	    if((st->st_mode & S_IXUSR))
-		file->mode[3] = 's';
-	    else
-		file->mode[3] = 'S';
-	}
-	if((st->st_mode & S_ISGID)) {
-	    if((st->st_mode & S_IXGRP))
-		file->mode[6] = 's';
-	    else
-		file->mode[6] = 'S';
-	}
-	if((st->st_mode & S_ISTXT)) {
-	    if((st->st_mode & S_IXOTH))
-		file->mode[9] = 't';
-	    else
-		file->mode[9] = 'T';
-	}
-    }
-    file->n_link = st->st_nlink;
-    {
-	struct passwd *pwd;
-	pwd = getpwuid(st->st_uid);
-	if(pwd == NULL)
-	    asprintf(&file->user, "%u", (unsigned)st->st_uid);
-	else
-	    file->user = strdup(pwd->pw_name);
-    }
-    {
-	struct group *grp;
-	grp = getgrgid(st->st_gid);
-	if(grp == NULL)
-	    asprintf(&file->group, "%u", (unsigned)st->st_gid);
-	else
-	    file->group = strdup(grp->gr_name);
-    }
-    
-    if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
-#if defined(major) && defined(minor)
-	asprintf(&file->major, "%u", (unsigned)major(st->st_rdev));
-	asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev));
-#else
-	/* Don't want to use the DDI/DKI crap. */
-	asprintf(&file->major, "%u", (unsigned)st->st_rdev);
-	asprintf(&file->minor, "%u", 0);
-#endif
-    } else
-	asprintf(&file->size, "%lu", (unsigned long)st->st_size);
-
-    {
-	time_t t = time(NULL);
-	time_t mtime = st->st_mtime;
-	struct tm *tm = localtime(&mtime);
-	if((t - mtime > 6*30*24*60*60) ||
-	   (mtime - t > 6*30*24*60*60))
-	    strftime(buf, sizeof(buf), "%b %e  %Y", tm);
-	else
-	    strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
-	file->date = strdup(buf);
-    }
-    {
-	const char *p = strrchr(filename, '/');
-	if(p)
-	    p++;
-	else
-	    p = filename;
-	if((flags & LS_TYPE) && file_type != 0)
-	    asprintf(&file->filename, "%s%c", p, file_type);
-	else
-	    file->filename = strdup(p);
-    }
-    if(S_ISLNK(st->st_mode)) {
-	int n;
-	n = readlink((char *)filename, buf, sizeof(buf) - 1);
-	if(n >= 0) {
-	    buf[n] = '\0';
-	    file->link = strdup(buf);
-	} else
-	    sec_fprintf2(out, "readlink(%s): %s", filename, strerror(errno));
-    }
-}
-
-static void
-print_file(FILE *out,
-	   int flags,
-	   struct fileinfo *f,
-	   int max_inode,
-	   int max_bsize,
-	   int max_n_link,
-	   int max_user,
-	   int max_group,
-	   int max_size,
-	   int max_major,
-	   int max_minor,
-	   int max_date)
-{
-    if(f->filename == NULL)
-	return;
-
-    if(flags & LS_INODE) {
-	sec_fprintf2(out, "%*d", max_inode, f->inode);
-	sec_fprintf2(out, "  ");
-    }
-    if(flags & LS_SIZE) {
-	sec_fprintf2(out, "%*d", max_bsize, f->bsize);
-	sec_fprintf2(out, "  ");
-    }
-    sec_fprintf2(out, "%s", f->mode);
-    sec_fprintf2(out, "  ");
-    sec_fprintf2(out, "%*d", max_n_link, f->n_link);
-    sec_fprintf2(out, " ");
-    sec_fprintf2(out, "%-*s", max_user, f->user);
-    sec_fprintf2(out, "  ");
-    sec_fprintf2(out, "%-*s", max_group, f->group);
-    sec_fprintf2(out, "  ");
-    if(f->major != NULL && f->minor != NULL)
-	sec_fprintf2(out, "%*s, %*s", max_major, f->major, max_minor, f->minor);
-    else
-	sec_fprintf2(out, "%*s", max_size, f->size);
-    sec_fprintf2(out, " ");
-    sec_fprintf2(out, "%*s", max_date, f->date);
-    sec_fprintf2(out, " ");
-    sec_fprintf2(out, "%s", f->filename);
-    if(f->link)
-	sec_fprintf2(out, " -> %s", f->link);
-    sec_fprintf2(out, "\r\n");
-}
-
-static int
-compare_filename(struct fileinfo *a, struct fileinfo *b)
-{
-    if(a->filename == NULL)
-	return 1;
-    if(b->filename == NULL)
-	return -1;
-    return strcmp(a->filename, b->filename);
-}
-
-static int
-compare_mtime(struct fileinfo *a, struct fileinfo *b)
-{
-    if(a->filename == NULL)
-	return 1;
-    if(b->filename == NULL)
-	return -1;
-    return b->st.st_mtime - a->st.st_mtime;
-}
-
-static int
-compare_size(struct fileinfo *a, struct fileinfo *b)
-{
-    if(a->filename == NULL)
-	return 1;
-    if(b->filename == NULL)
-	return -1;
-    return b->st.st_size - a->st.st_size;
-}
-
-static int list_dir(FILE*, const char*, int);
-
-static int
-log10(int num)
-{
-    int i = 1;
-    while(num > 10) {
-	i++;
-	num /= 10;
-    }
-    return i;
-}
-
-/*
- * Operate as lstat but fake up entries for AFS mount points so we don't
- * have to fetch them.
- */
-
-#ifdef KRB4
-static int do_the_afs_dance = 1;
-#endif
-
-static int
-lstat_file (const char *file, struct stat *sb)
-{
-#ifdef KRB4
-    if (do_the_afs_dance &&
-	k_hasafs() 
-	&& strcmp(file, ".")
-	&& strcmp(file, "..")
-	&& strcmp(file, "/"))
-    {
-	struct ViceIoctl    a_params;
-	char               *dir, *last;
-	char               *path_bkp;
-	static ino_t	   ino_counter = 0, ino_last = 0;
-	int		   ret;
-	const int	   maxsize = 2048;
-	
-	path_bkp = strdup (file);
-	if (path_bkp == NULL)
-	    return -1;
-	
-	a_params.out = malloc (maxsize);
-	if (a_params.out == NULL) { 
-	    free (path_bkp);
-	    return -1;
-	}
-	
-	/* If path contains more than the filename alone - split it */
-	
-	last = strrchr (path_bkp, '/');
-	if (last != NULL) {
-	    if(last[1] == '\0')
-		/* if path ended in /, replace with `.' */
-		a_params.in = ".";
-	    else
-		a_params.in = last + 1;
-	    while(last > path_bkp && *--last == '/');
-	    if(*last != '/' || last != path_bkp) {
-		*++last = '\0';
-		dir = path_bkp;
-	    } else
-		/* we got to the start, so this must be the root dir */
-		dir = "/";
-	} else {
-	    /* file is relative to cdir */
-	    dir = ".";
-	    a_params.in = path_bkp;
-	}
-	
-	a_params.in_size  = strlen (a_params.in) + 1;
-	a_params.out_size = maxsize;
-	
-	ret = k_pioctl (dir, VIOC_AFS_STAT_MT_PT, &a_params, 0);
-	free (a_params.out);
-	if (ret < 0) {
-	    free (path_bkp);
-
-	    if (errno != EINVAL)
-		return ret;
-	    else
-		/* if we get EINVAL this is probably not a mountpoint */
-		return lstat (file, sb);
-	}
-
-	/* 
-	 * wow this was a mountpoint, lets cook the struct stat
-	 * use . as a prototype
-	 */
-
-	ret = lstat (dir, sb);
-	free (path_bkp);
-	if (ret < 0)
-	    return ret;
-
-	if (ino_last == sb->st_ino)
-	    ino_counter++;
-	else {
-	    ino_last    = sb->st_ino;
-	    ino_counter = 0;
-	}
-	sb->st_ino += ino_counter;
-	sb->st_nlink = 3;
-
-	return 0;
-    }
-#endif /* KRB4 */
-    return lstat (file, sb);
-}
-
-#define IS_DOT_DOTDOT(X) ((X)[0] == '.' && ((X)[1] == '\0' || \
-				((X)[1] == '.' && (X)[2] == '\0')))
-
-static int
-list_files(FILE *out, const char **files, int n_files, int flags)
-{
-    struct fileinfo *fi;
-    int i;
-    int *dirs = NULL;
-    size_t total_blocks = 0;
-    int n_print = 0;
-    int ret = 0;
-
-    if(n_files == 0)
-	return 0;
-
-    if(n_files > 1)
-	flags |= LS_SHOW_DIRNAME;
-
-    fi = calloc(n_files, sizeof(*fi));
-    if (fi == NULL) {
-	syslog(LOG_ERR, "out of memory");
-	return -1;
-    }
-    for(i = 0; i < n_files; i++) {
-	if(lstat_file(files[i], &fi[i].st) < 0) {
-	    sec_fprintf2(out, "%s: %s\r\n", files[i], strerror(errno));
-	    fi[i].filename = NULL;
-	} else {
-	    int include_in_list = 1;
-	    total_blocks += block_convert(fi[i].st.st_blocks);
-	    if(S_ISDIR(fi[i].st.st_mode)) {
-		if(dirs == NULL)
-		    dirs = calloc(n_files, sizeof(*dirs));
-		if(dirs == NULL) {
-		    syslog(LOG_ERR, "%s: %m", files[i]);
-		    ret = -1;
-		    goto out;
-		}
-		dirs[i] = 1;
-		if((flags & LS_DIRS) == 0)
-		    include_in_list = 0;
-	    }
-	    if(include_in_list) {
-		make_fileinfo(out, files[i], &fi[i], flags);
-		n_print++;
-	    }
-	}
-    }
-    switch(SORT_MODE(flags)) {
-    case LS_SORT_NAME:
-	qsort(fi, n_files, sizeof(*fi), 
-	      (int (*)(const void*, const void*))compare_filename);
-	break;
-    case LS_SORT_MTIME:
-	qsort(fi, n_files, sizeof(*fi), 
-	      (int (*)(const void*, const void*))compare_mtime);
-	break;
-    case LS_SORT_SIZE:
-	qsort(fi, n_files, sizeof(*fi), 
-	      (int (*)(const void*, const void*))compare_size);
-	break;
-    }
-    if(DISP_MODE(flags) == LS_DISP_LONG) {
-	int max_inode = 0;
-	int max_bsize = 0;
-	int max_n_link = 0;
-	int max_user = 0;
-	int max_group = 0;
-	int max_size = 0;
-	int max_major = 0;
-	int max_minor = 0;
-	int max_date = 0;
-	for(i = 0; i < n_files; i++) {
-	    if(fi[i].filename == NULL)
-		continue;
-	    if(fi[i].inode > max_inode)
-		max_inode = fi[i].inode;
-	    if(fi[i].bsize > max_bsize)
-		max_bsize = fi[i].bsize;
-	    if(fi[i].n_link > max_n_link)
-		max_n_link = fi[i].n_link;
-	    if(strlen(fi[i].user) > max_user)
-		max_user = strlen(fi[i].user);
-	    if(strlen(fi[i].group) > max_group)
-		max_group = strlen(fi[i].group);
-	    if(fi[i].major != NULL && strlen(fi[i].major) > max_major)
-		max_major = strlen(fi[i].major);
-	    if(fi[i].minor != NULL && strlen(fi[i].minor) > max_minor)
-		max_minor = strlen(fi[i].minor);
-	    if(fi[i].size != NULL && strlen(fi[i].size) > max_size)
-		max_size = strlen(fi[i].size);
-	    if(strlen(fi[i].date) > max_date)
-		max_date = strlen(fi[i].date);
-	}
-	if(max_size < max_major + max_minor + 2)
-	    max_size = max_major + max_minor + 2;
-	else if(max_size - max_minor - 2 > max_major)
-	    max_major = max_size - max_minor - 2;
-	max_inode = log10(max_inode);
-	max_bsize = log10(max_bsize);
-	max_n_link = log10(max_n_link);
-	
-	if(n_print > 0)
-	    sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks);
-	if(flags & LS_SORT_REVERSE)
-	    for(i = n_files - 1; i >= 0; i--)
-		print_file(out,
-			   flags,
-			   &fi[i],
-			   max_inode,
-			   max_bsize,
-			   max_n_link,
-			   max_user,
-			   max_group,
-			   max_size,
-			   max_major,
-			   max_minor,
-			   max_date);
-	else
-	    for(i = 0; i < n_files; i++)
-		print_file(out,
-			   flags,
-			   &fi[i],
-			   max_inode,
-			   max_bsize,
-			   max_n_link,
-			   max_user,
-			   max_group,
-			   max_size,
-			   max_major,
-			   max_minor,
-			   max_date);
-    } else if(DISP_MODE(flags) == LS_DISP_COLUMN || 
-	      DISP_MODE(flags) == LS_DISP_CROSS) {
-	int max_len = 0;
-	int size_len = 0;
-	int num_files = n_files;
-	int columns;
-	int j;
-	for(i = 0; i < n_files; i++) {
-	    if(fi[i].filename == NULL) {
-		num_files--;
-		continue;
-	    }
-	    if(strlen(fi[i].filename) > max_len)
-		max_len = strlen(fi[i].filename);
-	    if(log10(fi[i].bsize) > size_len)
-		size_len = log10(fi[i].bsize);
-	}
-	if(num_files == 0)
-	    goto next;
-	if(flags & LS_SIZE) {
-	    columns = 80 / (size_len + 1 + max_len + 1);
-	    max_len = 80 / columns - size_len - 1;
-	} else {
-	    columns = 80 / (max_len + 1); /* get space between columns */
-	    max_len = 80 / columns;
-	}
-	if(flags & LS_SIZE)
-	    sec_fprintf2(out, "total %lu\r\n", 
-			 (unsigned long)total_blocks);
-	if(DISP_MODE(flags) == LS_DISP_CROSS) {
-	    for(i = 0, j = 0; i < n_files; i++) {
-		if(fi[i].filename == NULL)
-		    continue;
-		if(flags & LS_SIZE)
-		    sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize, 
-				 max_len, fi[i].filename);
-		else
-		    sec_fprintf2(out, "%-*s", max_len, fi[i].filename);
-		j++;
-		if(j == columns) {
-		    sec_fprintf2(out, "\r\n");
-		    j = 0;
-		}
-	    }
-	    if(j > 0)
-		sec_fprintf2(out, "\r\n");
-	} else {
-	    int skip = (num_files + columns - 1) / columns;
-	    j = 0;
-	    for(i = 0; i < skip; i++) {
-		for(j = i; j < n_files;) {
-		    while(j < n_files && fi[j].filename == NULL)
-			j++;
-		    if(flags & LS_SIZE)
-			sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize, 
-				     max_len, fi[j].filename);
-		    else
-			sec_fprintf2(out, "%-*s", max_len, fi[j].filename);
-		    j += skip;
-		}
-		sec_fprintf2(out, "\r\n");
-	    }
-	}
-    } else {
-	for(i = 0; i < n_files; i++) {
-	    if(fi[i].filename == NULL)
-		continue;
-	    sec_fprintf2(out, "%s\r\n", fi[i].filename);
-	}
-    }
- next:
-    if(((flags & LS_DIRS) == 0 || (flags & LS_RECURSIVE)) && dirs != NULL) {
-	for(i = 0; i < n_files; i++) {
-	    if(dirs[i]) {
-		const char *p = strrchr(files[i], '/');
-		if(p == NULL)
-		    p = files[i];
-		else 
-		    p++;
-		if(!(flags & LS_DIR_FLAG) || !IS_DOT_DOTDOT(p)) {
-		    if((flags & LS_SHOW_DIRNAME)) {
-			if ((flags & LS_EXTRA_BLANK))
-			    sec_fprintf2(out, "\r\n");
-			sec_fprintf2(out, "%s:\r\n", files[i]);
-		    }
-		    list_dir(out, files[i], flags | LS_DIRS | LS_EXTRA_BLANK);
-		}
-	    }
-	}
-    }
- out:
-    for(i = 0; i < n_files; i++)
-	free_fileinfo(&fi[i]);
-    free(fi);
-    if(dirs != NULL)
-	free(dirs);
-    return ret;
-}
-
-static void
-free_files (char **files, int n)
-{
-    int i;
-
-    for (i = 0; i < n; ++i)
-	free (files[i]);
-    free (files);
-}
-
-static int
-hide_file(const char *filename, int flags)
-{
-    if(filename[0] != '.')
-	return 0;
-    if((flags & LS_IGNORE_DOT))
-	return 1;
-    if(filename[1] == '\0' || (filename[1] == '.' && filename[2] == '\0')) {
-	if((flags & LS_SHOW_ALL))
-	    return 0;
-	else
-	    return 1;
-    }
-    return 0;
-}
-
-static int
-list_dir(FILE *out, const char *directory, int flags)
-{
-    DIR *d = opendir(directory);
-    struct dirent *ent;
-    char **files = NULL;
-    int n_files = 0;
-
-    if(d == NULL) {
-	syslog(LOG_ERR, "%s: %m", directory);
-	return -1;
-    }
-    while((ent = readdir(d)) != NULL) {
-	void *tmp;
-
-	if(hide_file(ent->d_name, flags))
-	    continue;
-	tmp = realloc(files, (n_files + 1) * sizeof(*files));
-	if (tmp == NULL) {
-	    syslog(LOG_ERR, "%s: out of memory", directory);
-	    free_files (files, n_files);
-	    closedir (d);
-	    return -1;
-	}
-	files = tmp;
-	asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
-	if (files[n_files] == NULL) {
-	    syslog(LOG_ERR, "%s: out of memory", directory);
-	    free_files (files, n_files);
-	    closedir (d);
-	    return -1;
-	}
-	++n_files;
-    }
-    closedir(d);
-    return list_files(out, (const char**)files, n_files, flags | LS_DIR_FLAG);
-}
-
-static int
-parse_flags(const char *options)
-{
-#ifdef TEST
-    int flags = LS_SORT_NAME | LS_IGNORE_DOT | LS_DISP_COLUMN;
-#else
-    int flags = LS_SORT_NAME | LS_IGNORE_DOT | LS_DISP_LONG;
-#endif
-
-    const char *p;
-    if(options == NULL || *options != '-')
-	return flags;
-    for(p = options + 1; *p; p++) {
-	switch(*p) {
-	case '1':
-	    flags = (flags & ~LS_DISP_MODE);
-	    break;
-	case 'a':
-	    flags |= LS_SHOW_ALL;
-	    /*FALLTHROUGH*/
-	case 'A':
-	    flags &= ~LS_IGNORE_DOT;
-	    break;
-	case 'C':
-	    flags = (flags & ~LS_DISP_MODE) | LS_DISP_COLUMN;
-	    break;
-	case 'd':
-	    flags |= LS_DIRS;
-	    break;
-	case 'f':
-	    flags = (flags & ~LS_SORT_MODE);
-	    break;
-	case 'F':
-	    flags |= LS_TYPE;
-	    break;
-	case 'i':
-	    flags |= LS_INODE;
-	    break;
-	case 'l':
-	    flags = (flags & ~LS_DISP_MODE) | LS_DISP_LONG;
-	    break;
-	case 'r':
-	    flags |= LS_SORT_REVERSE;
-	    break;
-	case 'R':
-	    flags |= LS_RECURSIVE;
-	    break;
-	case 's':
-	    flags |= LS_SIZE;
-	    break;
-	case 'S':
-	    flags = (flags & ~LS_SORT_MODE) | LS_SORT_SIZE;
-	    break;
-	case 't':
-	    flags = (flags & ~LS_SORT_MODE) | LS_SORT_MTIME;
-	    break;
-	case 'x':
-	    flags = (flags & ~LS_DISP_MODE) | LS_DISP_CROSS;
-	    break;
-	    /* these are a bunch of unimplemented flags from BSD ls */
-	case 'k': /* display sizes in kB */
-	case 'c': /* last change time */
-	case 'L': /* list symlink target */
-	case 'm': /* stream output */
-	case 'o': /* BSD file flags */
-	case 'p': /* display / after directories */
-	case 'q': /* print non-graphic characters */
-	case 'u': /* use last access time */
-	case 'T': /* display complete time */
-	case 'W': /* include whiteouts */
-	    break;
-	}
-    }
-    return flags;
-}
-
-int
-builtin_ls(FILE *out, const char *file)
-{
-    int flags;
-    int ret;
-
-    if(*file == '-') {
-	flags = parse_flags(file);
-	file = ".";
-    } else
-	flags = parse_flags("");
-
-    ret = list_files(out, &file, 1, flags);
-    sec_fflush(out);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/ftp/ftpd/pathnames.h b/crypto/heimdal/appl/ftp/ftpd/pathnames.h
deleted file mode 100644
index e4f5b441ae06..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/pathnames.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	8.1 (Berkeley) 6/4/93
- */
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
-#endif
-
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN "/etc/nologin"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef _PATH_FTPUSERS
-#define	_PATH_FTPUSERS		SYSCONFDIR "/ftpusers"
-#endif
-
-#define	_PATH_FTPCHROOT		SYSCONFDIR "/ftpchroot"
-#define	_PATH_FTPWELCOME	SYSCONFDIR "/ftpwelcome"
-#define	_PATH_FTPLOGINMESG	SYSCONFDIR "/motd"
-
-#define _PATH_ISSUE		SYSCONFDIR "/issue"
-#define _PATH_ISSUE_NET		SYSCONFDIR "/issue.net"
diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c
deleted file mode 100644
index 708cae1b7e3e..000000000000
--- a/crypto/heimdal/appl/ftp/ftpd/popen.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1988, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software written by Ken Arnold and
- * published in UNIX Review, Vol. 6, No. 8.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: popen.c,v 1.26 2002/04/02 11:57:39 joda Exp $");
-#endif
-
-#include <sys/types.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#include <sys/wait.h>
-
-#include <errno.h>
-#include <glob.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <roken.h>
-#include "extern.h"
-
-
-/* 
- * Special version of popen which avoids call to shell.  This ensures
- * no one may create a pipe to a hidden program as a side effect of a
- * list or dir command.
- */
-static int *pids;
-static int fds;
-
-extern int dochroot;
-
-/* return path prepended with ~ftp if that file exists, otherwise
- * return path unchanged
- */
-
-const char *
-ftp_rooted(const char *path)
-{
-    static char home[MaxPathLen] = "";
-    static char newpath[MaxPathLen];
-    struct passwd *pwd;
-
-    if(!home[0])
-	if((pwd = k_getpwnam("ftp")))
-	    strlcpy(home, pwd->pw_dir, sizeof(home));
-    snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
-    if(access(newpath, X_OK))
-	strlcpy(newpath, path, sizeof(newpath));
-    return newpath;
-}
-
-
-#define MAXARGS	100
-#define MAXGLOBS 1000
-
-FILE *
-ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
-{
-	char *cp;
-	FILE *iop;
-	int argc, gargc, pdes[2], pid;
-	char **pop, *argv[MAXARGS], *gargv[MAXGLOBS];
-	char *foo;
-
-	if (strcmp(type, "r") && strcmp(type, "w"))
-		return (NULL);
-
-	if (!pids) {
-
-	    /* This function is ugly and should be rewritten, in
-	     * modern unices there is no such thing as a maximum
-	     * filedescriptor.
-	     */
-
-	    fds = getdtablesize();
-	    pids = (int*)calloc(fds, sizeof(int));
-	    if(!pids)
-		return NULL;
-	}
-	if (pipe(pdes) < 0)
-		return (NULL);
-
-	/* break up string into pieces */
-	foo = NULL;
-	for (argc = 0, cp = program; argc < MAXARGS - 1; cp = NULL) {
-		if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
-			break;
-	}
-	argv[MAXARGS - 1] = NULL;
-
-	gargv[0] = (char*)ftp_rooted(argv[0]);
-	/* glob each piece */
-	for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) {
-		glob_t gl;
-		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE
-		    |
-#ifdef GLOB_MAXPATH
-	GLOB_MAXPATH
-#else
-	GLOB_LIMIT
-#endif
-		    ;
-
-		memset(&gl, 0, sizeof(gl));
-		if (no_glob || 
-		    glob(argv[argc], flags, NULL, &gl) || 
-		    gl.gl_pathc == 0)
-			gargv[gargc++] = strdup(argv[argc]);
-		else
-			for (pop = gl.gl_pathv;
-			     *pop && gargc < MAXGLOBS - 1;
-			     pop++)
-				gargv[gargc++] = strdup(*pop);
-		globfree(&gl);
-	}
-	gargv[gargc] = NULL;
-
-	iop = NULL;
-	switch(pid = fork()) {
-	case -1:			/* error */
-		close(pdes[0]);
-		close(pdes[1]);
-		goto pfree;
-		/* NOTREACHED */
-	case 0:				/* child */
-		if (*type == 'r') {
-			if (pdes[1] != STDOUT_FILENO) {
-				dup2(pdes[1], STDOUT_FILENO);
-				close(pdes[1]);
-			}
-			if(do_stderr)
-			    dup2(STDOUT_FILENO, STDERR_FILENO);
-			close(pdes[0]);
-		} else {
-			if (pdes[0] != STDIN_FILENO) {
-				dup2(pdes[0], STDIN_FILENO);
-				close(pdes[0]);
-			}
-			close(pdes[1]);
-		}
-		execv(gargv[0], gargv);
-		gargv[0] = argv[0];
-		execv(gargv[0], gargv);
-		_exit(1);
-	}
-	/* parent; assume fdopen can't fail...  */
-	if (*type == 'r') {
-		iop = fdopen(pdes[0], type);
-		close(pdes[1]);
-	} else {
-		iop = fdopen(pdes[1], type);
-		close(pdes[0]);
-	}
-	pids[fileno(iop)] = pid;
-	
-pfree:	
-	for (argc = 1; gargv[argc] != NULL; argc++)
-	    free(gargv[argc]);
-
-
-	return (iop);
-}
-
-int
-ftpd_pclose(FILE *iop)
-{
-	int fdes, status;
-	pid_t pid;
-	sigset_t sigset, osigset;
-
-	/*
-	 * pclose returns -1 if stream is not associated with a
-	 * `popened' command, or, if already `pclosed'.
-	 */
-	if (pids == 0 || pids[fdes = fileno(iop)] == 0)
-		return (-1);
-	fclose(iop);
-	sigemptyset(&sigset);
-	sigaddset(&sigset, SIGINT);
-	sigaddset(&sigset, SIGQUIT);
-	sigaddset(&sigset, SIGHUP);
-	sigprocmask(SIG_BLOCK, &sigset, &osigset);
-	while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR)
-		continue;
-	sigprocmask(SIG_SETMASK, &osigset, NULL);
-	pids[fdes] = 0;
-	if (pid < 0)
-		return (pid);
-	if (WIFEXITED(status))
-		return (WEXITSTATUS(status));
-	return (1);
-}
diff --git a/crypto/heimdal/appl/kauth/ChangeLog b/crypto/heimdal/appl/kauth/ChangeLog
deleted file mode 100644
index ac0491fb1766..000000000000
--- a/crypto/heimdal/appl/kauth/ChangeLog
+++ /dev/null
@@ -1,39 +0,0 @@
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* rkinit.c (doit_host): NAT work-around
-	* kauthd.c (doit): type correctness
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* kauthd.c: use getnameinfo instead of inaddr2str and inet_ntoa
-
-1999-08-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kauth.c: cleanup usage string; handle `kauth -h' gracefully
-	(print usage); add `-a' flag to get the ticket address (useful for
-	firewall configurations)
-
-Thu Apr 15 15:05:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kauth.c: add `-v'
-
-Thu Mar 18 11:17:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Sun Nov 22 10:30:47 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Tue May 26 17:41:47 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kauth.c: use krb_enable_debug
-
-Fri May  1 07:15:18 1998  Assar Westerlund  <assar@sics.se>
-
-	* rkinit.c: unifdef -DHAVE_H_ERRNO
-
-Thu Mar 19 16:07:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kauth.c: Check for negative return value from krb_afslog().
-
diff --git a/crypto/heimdal/appl/kauth/Makefile.am b/crypto/heimdal/appl/kauth/Makefile.am
deleted file mode 100644
index a5bf0fdacac6..000000000000
--- a/crypto/heimdal/appl/kauth/Makefile.am
+++ /dev/null
@@ -1,42 +0,0 @@
-# $Id: Makefile.am,v 1.7 1999/04/09 18:22:45 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-bin_PROGRAMS = kauth
-bin_SCRIPTS = ksrvtgt
-libexec_PROGRAMS = kauthd
-
-EXTRA_DIST = zrefresh ksrvtgt.in
-
-kauth_SOURCES = \
-	kauth.c \
-	kauth.h \
-	rkinit.c \
-	marshall.c \
-	encdata.c
-
-kauthd_SOURCES = \
-	kauthd.c \
-	kauth.h \
-	marshall.c \
-	encdata.c
-
-ksrvtgt: ksrvtgt.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
-	chmod +x $@
-
-install-exec-local:
-	if test -f $(bindir)/zrefresh -o -r  $(bindir)/zrefresh; then \
-	  true; \
-	else \
-	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \
-	fi
-
-LDADD = \
-	$(LIB_kafs)				\
-	$(LIB_krb5)				\
-	$(LIB_krb4)				\
-	$(top_builddir)/lib/des/libdes.la	\
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/kauth/Makefile.in b/crypto/heimdal/appl/kauth/Makefile.in
deleted file mode 100644
index f9c005f68f34..000000000000
--- a/crypto/heimdal/appl/kauth/Makefile.in
+++ /dev/null
@@ -1,739 +0,0 @@
-# Makefile.in generated automatically by automake 1.4 from Makefile.am
-
-# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-# $Id: Makefile.am,v 1.7 1999/04/09 18:22:45 assar Exp $
-
-
-# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
-
-
-# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $
-
-
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-
-DESTDIR =
-
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-transform = @program_transform_name@
-
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-AFS_EXTRA_LD = @AFS_EXTRA_LD@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-DBLIB = @DBLIB@
-EXEEXT = @EXEEXT@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDE_ = @INCLUDE_@
-LD = @LD@
-LEX = @LEX@
-LIBOBJS = @LIBOBJS@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@
-MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@
-MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NM = @NM@
-NROFF = @NROFF@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-YACC = @YACC@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies
-
-SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDE_krb4)
-
-AM_CFLAGS =  $(WFLAGS)
-
-COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_readline = @LIB_readline@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_readline = @INCLUDE_readline@
-
-LEXLIB = @LEXLIB@
-
-cat1dir = $(mandir)/cat1
-cat3dir = $(mandir)/cat3
-cat5dir = $(mandir)/cat5
-cat8dir = $(mandir)/cat8
-
-MANRX = \(.*\)\.\([0-9]\)
-CATSUFFIX = @CATSUFFIX@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la 	$(top_builddir)/lib/asn1/libasn1.la
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-CHECK_LOCAL = $(PROGRAMS)
-
-bin_PROGRAMS = kauth
-bin_SCRIPTS = ksrvtgt
-libexec_PROGRAMS = kauthd
-
-EXTRA_DIST = zrefresh ksrvtgt.in
-
-kauth_SOURCES =  	kauth.c 	kauth.h 	rkinit.c 	marshall.c 	encdata.c
-
-
-kauthd_SOURCES =  	kauthd.c 	kauth.h 	marshall.c 	encdata.c
-
-
-LDADD =  	$(LIB_kafs)					$(LIB_krb5)					$(LIB_krb4)					$(top_builddir)/lib/des/libdes.la		$(LIB_roken)
-
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = ../../include/config.h
-CONFIG_CLEAN_FILES = 
-bin_PROGRAMS =  kauth$(EXEEXT)
-libexec_PROGRAMS =  kauthd$(EXEEXT)
-PROGRAMS =  $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-
-DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-X_CFLAGS = @X_CFLAGS@
-X_LIBS = @X_LIBS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-kauth_OBJECTS =  kauth.$(OBJEXT) rkinit.$(OBJEXT) marshall.$(OBJEXT) \
-encdata.$(OBJEXT)
-kauth_LDADD = $(LDADD)
-@KRB4_TRUE@@KRB5_FALSE@kauth_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/des/libdes.la
-@KRB4_FALSE@@KRB5_TRUE@kauth_DEPENDENCIES =  \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/des/libdes.la
-@KRB4_FALSE@@KRB5_FALSE@kauth_DEPENDENCIES =  \
-@KRB4_FALSE@@KRB5_FALSE@$(top_builddir)/lib/des/libdes.la
-@KRB4_TRUE@@KRB5_TRUE@kauth_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/des/libdes.la
-kauth_LDFLAGS = 
-kauthd_OBJECTS =  kauthd.$(OBJEXT) marshall.$(OBJEXT) encdata.$(OBJEXT)
-kauthd_LDADD = $(LDADD)
-@KRB4_TRUE@@KRB5_FALSE@kauthd_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/des/libdes.la
-@KRB4_FALSE@@KRB5_TRUE@kauthd_DEPENDENCIES =  \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
-@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/des/libdes.la
-@KRB4_FALSE@@KRB5_FALSE@kauthd_DEPENDENCIES =  \
-@KRB4_FALSE@@KRB5_FALSE@$(top_builddir)/lib/des/libdes.la
-@KRB4_TRUE@@KRB5_TRUE@kauthd_DEPENDENCIES =  \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \
-@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/des/libdes.la
-kauthd_LDFLAGS = 
-SCRIPTS =  $(bin_SCRIPTS)
-
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
-DIST_COMMON =  ChangeLog Makefile.am Makefile.in
-
-
-DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
-
-TAR = tar
-GZIP_ENV = --best
-SOURCES = $(kauth_SOURCES) $(kauthd_SOURCES)
-OBJECTS = $(kauth_OBJECTS) $(kauthd_OBJECTS)
-
-all: all-redirect
-.SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x
-$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
-	cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kauth/Makefile
-
-Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) \
-	  && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
-
-
-mostlyclean-binPROGRAMS:
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-
-distclean-binPROGRAMS:
-
-maintainer-clean-binPROGRAMS:
-
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
-	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
-	done
-
-mostlyclean-libexecPROGRAMS:
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-
-distclean-libexecPROGRAMS:
-
-maintainer-clean-libexecPROGRAMS:
-
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    echo " $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
-	    $(LIBTOOL)  --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  rm -f $(DESTDIR)$(libexecdir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
-	done
-
-.c.o:
-	$(COMPILE) -c $<
-
-# FIXME: We should only use cygpath when building on Windows,
-# and only if it is available.
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.s.o:
-	$(COMPILE) -c $<
-
-.S.o:
-	$(COMPILE) -c $<
-
-mostlyclean-compile:
-	-rm -f *.o core *.core
-	-rm -f *.$(OBJEXT)
-
-clean-compile:
-
-distclean-compile:
-	-rm -f *.tab.c
-
-maintainer-clean-compile:
-
-.c.lo:
-	$(LIBTOOL) --mode=compile $(COMPILE) -c $<
-
-.s.lo:
-	$(LIBTOOL) --mode=compile $(COMPILE) -c $<
-
-.S.lo:
-	$(LIBTOOL) --mode=compile $(COMPILE) -c $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-
-maintainer-clean-libtool:
-
-kauth$(EXEEXT): $(kauth_OBJECTS) $(kauth_DEPENDENCIES)
-	@rm -f kauth$(EXEEXT)
-	$(LINK) $(kauth_LDFLAGS) $(kauth_OBJECTS) $(kauth_LDADD) $(LIBS)
-
-kauthd$(EXEEXT): $(kauthd_OBJECTS) $(kauthd_DEPENDENCIES)
-	@rm -f kauthd$(EXEEXT)
-	$(LINK) $(kauthd_LDFLAGS) $(kauthd_OBJECTS) $(kauthd_LDADD) $(LIBS)
-
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/`echo $$p|sed '$(transform)'`"; \
-	    $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/`echo $$p|sed '$(transform)'`; \
-	  else if test -f $(srcdir)/$$p; then \
-	    echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/`echo $$p|sed '$(transform)'`"; \
-	    $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/`echo $$p|sed '$(transform)'`; \
-	  else :; fi; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  rm -f $(DESTDIR)$(bindir)/`echo $$p|sed '$(transform)'`; \
-	done
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP)
-	list='$(SOURCES) $(HEADERS)'; \
-	unique=`for i in $$list; do echo $$i; done | \
-	  awk '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	here=`pwd` && cd $(srcdir) \
-	  && mkid -f$$here/ID $$unique $(LISP)
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)'; \
-	unique=`for i in $$list; do echo $$i; done | \
-	  awk '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
-	  || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags  $$unique $(LISP) -o $$here/TAGS)
-
-mostlyclean-tags:
-
-clean-tags:
-
-distclean-tags:
-	-rm -f TAGS ID
-
-maintainer-clean-tags:
-
-distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
-
-subdir = appl/kauth
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  d=$(srcdir); \
-	  if test -d $$d/$$file; then \
-	    cp -pr $$/$$file $(distdir)/$$file; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || ln $$d/$$file $(distdir)/$$file 2> /dev/null \
-	    || cp -p $$d/$$file $(distdir)/$$file || :; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
-info-am:
-info: info-am
-dvi-am:
-dvi: dvi-am
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-installcheck-am:
-installcheck: installcheck-am
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
-		install-binSCRIPTS install-exec-local
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-install-exec: install-exec-am
-
-install-data-am: install-data-local
-install-data: install-data-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-install: install-am
-uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-		uninstall-binSCRIPTS
-uninstall: uninstall-am
-all-am: Makefile $(PROGRAMS) $(SCRIPTS) all-local
-all-redirect: all-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
-installdirs:
-	$(mkinstalldirs)  $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) \
-		$(DESTDIR)$(bindir)
-
-
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-mostlyclean-am:  mostlyclean-binPROGRAMS mostlyclean-libexecPROGRAMS \
-		mostlyclean-compile mostlyclean-libtool \
-		mostlyclean-tags mostlyclean-generic
-
-mostlyclean: mostlyclean-am
-
-clean-am:  clean-binPROGRAMS clean-libexecPROGRAMS clean-compile \
-		clean-libtool clean-tags clean-generic mostlyclean-am
-
-clean: clean-am
-
-distclean-am:  distclean-binPROGRAMS distclean-libexecPROGRAMS \
-		distclean-compile distclean-libtool distclean-tags \
-		distclean-generic clean-am
-	-rm -f libtool
-
-distclean: distclean-am
-
-maintainer-clean-am:  maintainer-clean-binPROGRAMS \
-		maintainer-clean-libexecPROGRAMS \
-		maintainer-clean-compile maintainer-clean-libtool \
-		maintainer-clean-tags maintainer-clean-generic \
-		distclean-am
-	@echo "This command is intended for maintainers to use;"
-	@echo "it deletes files that may require special tools to rebuild."
-
-maintainer-clean: maintainer-clean-am
-
-.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
-maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
-mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
-clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
-uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
-distclean-compile clean-compile maintainer-clean-compile \
-mostlyclean-libtool distclean-libtool clean-libtool \
-maintainer-clean-libtool uninstall-binSCRIPTS install-binSCRIPTS tags \
-mostlyclean-tags distclean-tags clean-tags maintainer-clean-tags \
-distdir info-am info dvi-am dvi check-local check check-am \
-installcheck-am installcheck install-exec-local install-exec-am \
-install-exec install-data-local install-data-am install-data install-am \
-install uninstall-am uninstall all-local all-redirect all-am all \
-installdirs mostlyclean-generic distclean-generic clean-generic \
-maintainer-clean-generic clean mostlyclean distclean maintainer-clean
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	chmod 0 $$x; fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " cp $$file $(buildinclude)/$$f"; \
-			cp $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat1-mans:
-	@ext=1;\
-	foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done; \
-	if test "$$foo"; then \
-		$(mkinstalldirs) $(DESTDIR)$(cat1dir); \
-		for x in $$foo; do \
-			f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \
-			if test -f "$(srcdir)/$$f"; then \
-				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
-				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\
-				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\
-			 fi; \
-		done ;\
-	fi
-
-install-cat3-mans:
-	@ext=3;\
-	foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done; \
-	if test "$$foo"; then \
-		$(mkinstalldirs) $(DESTDIR)$(cat3dir); \
-		for x in $$foo; do \
-			f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \
-			if test -f "$(srcdir)/$$f"; then \
-				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
-				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\
-				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\
-			 fi; \
-		done ;\
-	fi
-
-install-cat5-mans:
-	@ext=5;\
-	foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done; \
-	if test "$$foo"; then \
-		$(mkinstalldirs) $(DESTDIR)$(cat5dir); \
-		for x in $$foo; do \
-			f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \
-			if test -f "$(srcdir)/$$f"; then \
-				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
-				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\
-				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\
-			 fi; \
-		done ;\
-	fi
-
-install-cat8-mans:
-	@ext=8;\
-	foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done; \
-	if test "$$foo"; then \
-		$(mkinstalldirs) $(DESTDIR)$(cat8dir); \
-		for x in $$foo; do \
-			f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \
-			if test -f "$(srcdir)/$$f"; then \
-				b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
-				echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\
-				$(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\
-			 fi; \
-		done ;\
-	fi
-
-install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-
-check-local::
-	@foo='$(CHECK_LOCAL)'; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-ksrvtgt: ksrvtgt.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@
-	chmod +x $@
-
-install-exec-local:
-	if test -f $(bindir)/zrefresh -o -r  $(bindir)/zrefresh; then \
-	  true; \
-	else \
-	  $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \
-	fi
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/kauth/encdata.c b/crypto/heimdal/appl/kauth/encdata.c
deleted file mode 100644
index 886f5490bad8..000000000000
--- a/crypto/heimdal/appl/kauth/encdata.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-RCSID("$Id: encdata.c,v 1.10 1999/12/02 16:58:31 joda Exp $");
-
-int
-write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,
-		 des_cblock *session, struct sockaddr_in *me,
-		 struct sockaddr_in *him)
-{
-     void *outbuf;
-     int32_t outlen, l;
-     int i;
-     unsigned char tmp[4];
-
-     outbuf = malloc(len + 30);
-     if (outbuf == NULL)
-	  return -1;
-     outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him);
-     if (outlen < 0) {
-	  free(outbuf);
-	  return -1;
-     }
-     l = outlen;
-     for(i = 3; i >= 0; i--, l = l >> 8)
-	 tmp[i] = l & 0xff;
-     if (krb_net_write (fd, tmp, 4) != 4 ||
-	 krb_net_write (fd, outbuf, outlen) != outlen) {
-	  free(outbuf);
-	  return -1;
-     }
-     
-     free(outbuf);
-     return 0;
-}
-
-
-int
-read_encrypted (int fd, void *buf, size_t len, void **ret,
-		des_key_schedule schedule, des_cblock *session,
-		struct sockaddr_in *him, struct sockaddr_in *me)
-{
-     int status;
-     int32_t l;
-     MSG_DAT msg;
-     unsigned char tmp[4];
-
-     l = krb_net_read (fd, tmp, 4);
-     if (l != 4)
-	 return l;
-     l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
-     if (l > len)
-	  return -1;
-     if (krb_net_read (fd, buf, l) != l)
-	  return -1;
-     status = krb_rd_priv (buf, l, schedule, session, him, me, &msg);
-     if (status != RD_AP_OK) {
-	  fprintf (stderr, "read_encrypted: %s\n",
-		   krb_get_err_text(status));
-	  return -1;
-     }
-     *ret  = msg.app_data;
-     return  msg.app_length;
-}
diff --git a/crypto/heimdal/appl/kauth/kauth.c b/crypto/heimdal/appl/kauth/kauth.c
deleted file mode 100644
index 13448a040dda..000000000000
--- a/crypto/heimdal/appl/kauth/kauth.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Little program that reads an srvtab or password and
- * creates a suitable ticketfile and associated AFS tokens.
- *
- * If an optional command is given the command is executed in a
- * new PAG and when the command exits the tickets are destroyed.
- */
-
-#include "kauth.h"
-
-RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $");
-
-krb_principal princ;
-static char srvtab[MaxPathLen];
-static int lifetime = DEFAULT_TKT_LIFE;
-static char remote_tktfile[MaxPathLen];
-static char remoteuser[100];
-static char *cell = 0;
-
-static void
-usage(void)
-{
-    fprintf(stderr,
-	    "Usage:\n"
-	    "  %s [name]\n"
-	    "or\n"
-	    "  %s [-ad] [-n name] [-r remoteuser] [-t remote ticketfile]\n"
-	    "        [-l lifetime (in minutes) ] [-f srvtab ] [-c AFS cell name ]\n"
-	    "        [-h hosts... [--]] [command ... ]\n\n",
-	    __progname, __progname);
-    fprintf(stderr, 
-	    "A fully qualified name can be given: user[.instance][@realm]\n"
-	    "Realm is converted to uppercase!\n");
-    exit(1);
-}
-
-#define EX_NOEXEC	126
-#define EX_NOTFOUND	127
-
-static int
-doexec(int argc, char **argv)
-{
-    int ret = simple_execvp(argv[0], argv);
-    if(ret == -2)
-	warn ("fork");
-    if(ret == -3)
-	warn("waitpid");
-    if(ret < 0)
-	return EX_NOEXEC;
-    if(ret == EX_NOEXEC || ret == EX_NOTFOUND)
-	warnx("Can't exec program ``%s''", argv[0]);
-	
-    return ret;
-}
-
-static RETSIGTYPE
-renew(int sig)
-{
-    int code;
-
-    signal(SIGALRM, renew);
-
-    code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm,
-			      KRB_TICKET_GRANTING_TICKET,
-			      princ.realm, lifetime, srvtab);
-    if (code)
-	warnx ("%s", krb_get_err_text(code));
-    else if (k_hasafs())
-	{
-	    if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
-		warnx ("%s", krb_get_err_text(code));
-	    }
-	}
-
-    alarm(krb_life_to_time(0, lifetime)/2 - 60);
-    SIGRETURN(0);
-}
-
-static int
-zrefresh(void)
-{
-    switch (fork()) {
-    case -1:
-	err (1, "Warning: Failed to fork zrefresh");
-	return -1;
-    case 0:
-	/* Child */
-	execlp("zrefresh", "zrefresh", 0);
-	execl(BINDIR "/zrefresh", "zrefresh", 0);
-	exit(1);
-    default:
-	/* Parent */
-	break;
-    }
-    return 0;
-}
-
-static int
-key_to_key(const char *user,
-	   char *instance,
-	   const char *realm,
-	   const void *arg,
-	   des_cblock *key)
-{
-    memcpy(key, arg, sizeof(des_cblock));
-    return 0;
-}
-
-static int
-get_ticket_address(krb_principal *princ, des_cblock *key)
-{
-    int code;
-    unsigned char flags;
-    krb_principal service;
-    u_int32_t addr;
-    struct in_addr addr2;
-    des_cblock session;
-    int life;
-    u_int32_t time_sec;
-    des_key_schedule schedule;
-    CREDENTIALS c;
-	
-    code = get_ad_tkt(princ->name, princ->instance, princ->realm, 0);
-    if(code) {
-	warnx("get_ad_tkt: %s\n", krb_get_err_text(code));
-	return code;
-    }
-    code = krb_get_cred(princ->name, princ->instance, princ->realm, &c);
-    if(code) {
-	warnx("krb_get_cred: %s\n", krb_get_err_text(code));
-	return code;
-    }
-
-    des_set_key(key, schedule);
-    code = decomp_ticket(&c.ticket_st, 
-			 &flags,
-			 princ->name,
-			 princ->instance,
-			 princ->realm,
-			 &addr,
-			 session,
-			 &life,
-			 &time_sec,
-			 service.name,
-			 service.instance,
-			 key,
-			 schedule);
-    if(code) {
-	warnx("decomp_ticket: %s\n", krb_get_err_text(code));
-	return code;
-    }
-    memset(&session, 0, sizeof(session));
-    memset(schedule, 0, sizeof(schedule));
-    addr2.s_addr = addr;
-    fprintf(stdout, "ticket address = %s\n", inet_ntoa(addr2));
-} 
-
-
-int
-main(int argc, char **argv)
-{
-    int code, more_args;
-    int ret;
-    int c;
-    char *file;
-    int pflag = 0;
-    int aflag = 0;
-    int version_flag = 0;
-    char passwd[100];
-    des_cblock key;
-    char **host;
-    int nhost;
-    char tf[MaxPathLen];
-
-    set_progname (argv[0]);
-
-    if ((file =  getenv("KRBTKFILE")) == 0)
-	file = TKT_FILE;  
-
-    memset(&princ, 0, sizeof(princ));
-    memset(srvtab, 0, sizeof(srvtab));
-    *remoteuser = '\0';
-    nhost = 0;
-    host = NULL;
-  
-    /* Look for kerberos name */
-    if (argc > 1 &&
-	argv[1][0] != '-' &&
-	krb_parse_name(argv[1], &princ) == 0)
-      {
-	argc--; argv++;
-	strupr(princ.realm);
-      }
-
-    while ((c = getopt(argc, argv, "ar:t:f:hdl:n:c:v")) != -1)
-	switch (c) {
-	case 'a':
-	    aflag++;
-	    break;
-	case 'd':
-	    krb_enable_debug();
-	    _kafs_debug = 1;
-	    aflag++;
-	    break;
-	case 'f':
-	    strlcpy(srvtab, optarg, sizeof(srvtab));
-	    break;
-	case 't':
-	    strlcpy(remote_tktfile, optarg, sizeof(remote_tktfile));
-	    break;
-	case 'r':
-	    strlcpy(remoteuser, optarg, sizeof(remoteuser));
-	    break;
-	case 'l':
-	    lifetime = atoi(optarg);
-	    if (lifetime == -1)
-		lifetime = 255;
-	    else if (lifetime < 5)
-		lifetime = 1;
-	    else
-		lifetime = krb_time_to_life(0, lifetime*60);
-	    if (lifetime > 255)
-		lifetime = 255;
-	    break;
-	case 'n':
-	    if ((code = krb_parse_name(optarg, &princ)) != 0) {
-		warnx ("%s", krb_get_err_text(code));
-		usage();
-	    }
-	    strupr(princ.realm);
-	    pflag = 1;
-	    break;
-	case 'c':
-	    cell = optarg;
-	    break;
-	case 'h':
-	    host = argv + optind;
-	    for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
-		++nhost;
-	    if(nhost == 0)
-		usage();
-	    break;
-	case 'v':
-	    version_flag++;
-	    print_version(NULL);
-	    break;
-	case '?':
-	default:
-	    usage();
-	    break;
-	}
-  
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    if (princ.name[0] == '\0' && krb_get_default_principal (princ.name, 
-							    princ.instance, 
-							    princ.realm) < 0)
-	errx (1, "Could not get default principal");
-  
-    /* With root tickets assume remote user is root */
-    if (*remoteuser == '\0') {
-      if (strcmp(princ.instance, "root") == 0)
-	strlcpy(remoteuser, princ.instance, sizeof(remoteuser));
-      else
-	strlcpy(remoteuser, princ.name, sizeof(remoteuser));
-    }
-
-    more_args = argc - optind;
-  
-    if (princ.realm[0] == '\0')
-	if (krb_get_lrealm(princ.realm, 1) != KSUCCESS)
-	    strlcpy(princ.realm, KRB_REALM, REALM_SZ);
-  
-    if (more_args) {
-	int f;
-      
-	do{
-	    snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned)getuid(),
-		     (unsigned)(getpid()*time(0)));
-	    f = open(tf, O_CREAT|O_EXCL|O_RDWR);
-	}while(f < 0);
-	close(f);
-	unlink(tf);
-	setenv("KRBTKFILE", tf, 1);
-	krb_set_tkt_string (tf);
-    }
-    
-    if (srvtab[0])
-	{
-	    signal(SIGALRM, renew);
-
-	    code = read_service_key (princ.name, princ.instance, princ.realm, 0, 
-				     srvtab, (char *)&key);
-	    if (code == KSUCCESS)
-		code = krb_get_in_tkt(princ.name, princ.instance, princ.realm,
-				      KRB_TICKET_GRANTING_TICKET,
-				      princ.realm, lifetime,
-				      key_to_key, NULL, key);
-	    alarm(krb_life_to_time(0, lifetime)/2 - 60);
-	}
-    else {
-	char prompt[128];
-	  
-	snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ));
-	if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
-	    memset(passwd, 0, sizeof(passwd));
-	    exit(1);
-	}
-	code = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm, 
-				  KRB_TICKET_GRANTING_TICKET, princ.realm, 
-				  lifetime, passwd, &key);
-	
-	memset(passwd, 0, sizeof(passwd));
-    }
-    if (code) {
-	memset (key, 0, sizeof(key));
-	errx (1, "%s", krb_get_err_text(code));
-    }
-
-    if(aflag)
-	get_ticket_address(&princ, &key);
-
-    if (k_hasafs()) {
-	if (more_args)
-	    k_setpag();
-	if ((code = krb_afslog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) {
-	    if(code > 0)
-		warnx ("%s", krb_get_err_text(code));
-	    else
-		warnx ("failed to store AFS token");
-	}
-    }
-
-    for(ret = 0; nhost-- > 0; host++)
-	ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host);
-  
-    if (ret)
-	return ret;
-
-    if (more_args) {
-	ret = doexec(more_args, &argv[optind]);
-	dest_tkt();
-	if (k_hasafs())
-	    k_unlog();	 
-    }
-    else
-	zrefresh();
-  
-    return ret;
-}
diff --git a/crypto/heimdal/appl/kauth/kauth.h b/crypto/heimdal/appl/kauth/kauth.h
deleted file mode 100644
index 32243c7d4333..000000000000
--- a/crypto/heimdal/appl/kauth/kauth.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kauth.h,v 1.21 1999/12/02 16:58:31 joda Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif /* HAVE_CONFIG_H */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <signal.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#include <errno.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif /* HAVE_SYS_RESOURCE_H */
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef SOCKS
-#include <socks.h>
-/* This doesn't belong here. */
-struct tm *localtime(const time_t *);
-struct hostent  *gethostbyname(const char *);
-#endif
-
-#include <err.h>
-
-#include <krb.h>
-#include <kafs.h>
-
-#include <roken.h>
-
-#define KAUTH_PORT 2120
-
-#define KAUTH_VERSION "RKINIT.0"
-
-int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*);
-
-int write_encrypted (int, void*, size_t, des_key_schedule,
-		     des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
-
-int read_encrypted (int, void*, size_t, void **, des_key_schedule,
-		    des_cblock*, struct sockaddr_in*, struct sockaddr_in*);
-
-int pack_args (char *, size_t, krb_principal*, int, const char*, const char*);
-
-int unpack_args (const char*, krb_principal*, int*, char*, char*);
diff --git a/crypto/heimdal/appl/kauth/kauthd.c b/crypto/heimdal/appl/kauth/kauthd.c
deleted file mode 100644
index fe0ceb2da855..000000000000
--- a/crypto/heimdal/appl/kauth/kauthd.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-RCSID("$Id: kauthd.c,v 1.27 1999/12/06 16:46:05 assar Exp $");
-
-krb_principal princ;
-static char locuser[SNAME_SZ];
-static int  lifetime;
-static char tktfile[MaxPathLen];
-
-struct remote_args {
-     int sock;
-     des_key_schedule *schedule;
-     des_cblock *session;
-     struct sockaddr_in *me, *her;
-};
-
-static int
-decrypt_remote_tkt (const char *user,
-		    const char *inst,
-		    const char *realm,
-		    const void *varg,
-		    key_proc_t key_proc,
-		    KTEXT *cipp)
-{
-     char buf[BUFSIZ];
-     void *ptr;
-     int len;
-     KTEXT cip  = *cipp;
-     struct remote_args *args = (struct remote_args *)varg;
-
-     write_encrypted (args->sock, cip->dat, cip->length,
-		      *args->schedule, args->session, args->me,
-		      args->her);
-     len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule,
-			   args->session, args->her, args->me);
-     memcpy(cip->dat, ptr, cip->length);
-	  
-     return 0;
-}
-
-static int
-doit(int sock)
-{
-     int status;
-     KTEXT_ST ticket;
-     AUTH_DAT auth;
-     char instance[INST_SZ];
-     des_key_schedule schedule;
-     struct sockaddr_in thisaddr, thataddr;
-     int addrlen;
-     int len;
-     char buf[BUFSIZ];
-     void *data;
-     struct passwd *passwd;
-     char version[KRB_SENDAUTH_VLEN + 1];
-     char remotehost[MaxHostNameLen];
-
-     addrlen = sizeof(thisaddr);
-     if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
-	 addrlen != sizeof(thisaddr)) {
-	  return 1;
-     }
-     addrlen = sizeof(thataddr);
-     if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
-	 addrlen != sizeof(thataddr)) {
-	  return 1;
-     }
-
-     getnameinfo_verified ((struct sockaddr *)&thataddr, sizeof(thataddr),
-			   remotehost, sizeof(remotehost),
-			   NULL, 0, 0);
-
-     k_getsockinst (sock, instance, sizeof(instance));
-     status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance,
-			    &thataddr, &thisaddr, &auth, "", schedule,
-			    version);
-     if (status != KSUCCESS ||
-	 strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) {
-	  return 1;
-     }
-     len = read_encrypted (sock, buf, sizeof(buf), &data, schedule,
-			   &auth.session, &thataddr, &thisaddr);
-     if (len < 0) {
-	  write_encrypted (sock, "read_enc failed",
-			   sizeof("read_enc failed") - 1, schedule,
-			   &auth.session, &thisaddr, &thataddr);
-	  return 1;
-     }
-     if (unpack_args(data, &princ, &lifetime, locuser,
-		     tktfile)) {
-	  write_encrypted (sock, "unpack_args failed",
-			   sizeof("unpack_args failed") - 1, schedule,
-			   &auth.session, &thisaddr, &thataddr);
-	  return 1;
-     }
-
-     if( kuserok(&auth, locuser) != 0) {
-	 snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
-		  locuser, krb_unparse_name(&princ));
-	 syslog (LOG_ERR, "%s", buf);
-	 write_encrypted (sock, buf, strlen(buf), schedule,
-			  &auth.session, &thisaddr, &thataddr);
-	 return 1;
-     }
-     passwd = k_getpwnam (locuser);
-     if (passwd == NULL) {
-	  snprintf (buf, sizeof(buf), "No user '%s'", locuser);
-	  syslog (LOG_ERR, "%s", buf);
-	  write_encrypted (sock, buf, strlen(buf), schedule,
-			   &auth.session, &thisaddr, &thataddr);
-	  return 1;
-     }
-     if (setgid (passwd->pw_gid) ||
-	 initgroups(passwd->pw_name, passwd->pw_gid) ||
-	 setuid(passwd->pw_uid)) {
-	  snprintf (buf, sizeof(buf), "Could not change user");
-	  syslog (LOG_ERR, "%s", buf);
-	  write_encrypted (sock, buf, strlen(buf), schedule,
-			   &auth.session, &thisaddr, &thataddr);
-	  return 1;
-     }
-     write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
-		      &auth.session, &thisaddr, &thataddr);
-
-     if (*tktfile == 0)
-	 snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid());
-     krb_set_tkt_string (tktfile);
-
-     {
-	  struct remote_args arg;
-
-	  arg.sock     = sock;
-	  arg.schedule = &schedule;
-	  arg.session  = &auth.session;
-	  arg.me       = &thisaddr;
-	  arg.her      = &thataddr;
-
-	  status = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
-				   KRB_TICKET_GRANTING_TICKET,
-				   princ.realm,
-				   lifetime, NULL, decrypt_remote_tkt, &arg);
-     }
-     if (status == KSUCCESS) {
-	 char remoteaddr[INET6_ADDRSTRLEN];
-
-	 getnameinfo ((struct sockaddr *)&thataddr, sizeof(thataddr),
-		      remoteaddr, sizeof(remoteaddr),
-		      NULL, 0, NI_NUMERICHOST);
-
-	 syslog (LOG_INFO, "from %s(%s): %s -> %s",
-		 remotehost, remoteaddr,
-		 locuser,
-		 krb_unparse_name (&princ));
-	  write_encrypted (sock, "ok", sizeof("ok") - 1, schedule,
-			   &auth.session, &thisaddr, &thataddr);
-	  return 0;
-     } else {
-	  snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
-	  syslog (LOG_NOTICE, "%s", buf);
-	  write_encrypted (sock, buf, strlen(buf), schedule,
-			   &auth.session, &thisaddr, &thataddr);
-	  return 1;
-     }
-}
-
-int
-main (int argc, char **argv)
-{
-    openlog ("kauthd", LOG_ODELAY, LOG_AUTH);
-
-    if(argc > 1 && strcmp(argv[1], "-i") == 0)
-	mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT)));
-    return doit(STDIN_FILENO);
-}
diff --git a/crypto/heimdal/appl/kauth/ksrvtgt.in b/crypto/heimdal/appl/kauth/ksrvtgt.in
deleted file mode 100755
index c2f33bb22fb0..000000000000
--- a/crypto/heimdal/appl/kauth/ksrvtgt.in
+++ /dev/null
@@ -1,14 +0,0 @@
-#! /bin/sh
-# $Id: ksrvtgt.in,v 1.3 1997/09/13 03:39:03 joda Exp $
-
-usage="Usage: `basename $0` name instance [[realm] srvtab]"
-
-if [ $# -lt 2 -o $# -gt 4 ]; then
-	echo "$usage"
-	exit 1
-fi
-
-srvtab="${4-${3-/etc/srvtab}}"
-realm="${4+@$3}"
-
-%bindir%/kauth -n "$1.$2$realm" -l 5 -f "$srvtab"
diff --git a/crypto/heimdal/appl/kauth/marshall.c b/crypto/heimdal/appl/kauth/marshall.c
deleted file mode 100644
index e37b8c969c81..000000000000
--- a/crypto/heimdal/appl/kauth/marshall.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-RCSID("$Id: marshall.c,v 1.10 1999/12/02 16:58:31 joda Exp $");
-
-int
-pack_args (char *buf,
-	   size_t sz,
-	   krb_principal *pr,
-	   int lifetime,
-	   const char *locuser,
-	   const char *tktfile)
-{
-    char *p = buf;
-    int len;
-
-    p = buf;
-
-    len = strlen(pr->name);
-    if (len >= sz)
-	return -1;
-    memcpy (p, pr->name, len + 1);
-    p += len + 1;
-    sz -= len + 1;
-
-    len = strlen(pr->instance);
-    if (len >= sz)
-	return -1;
-    memcpy (p, pr->instance, len + 1);
-    p += len + 1;
-    sz -= len + 1;
-
-    len = strlen(pr->realm);
-    if (len >= sz)
-	return -1;
-    memcpy(p, pr->realm, len + 1);
-    p += len + 1;
-    sz -= len + 1;
-
-    if (sz < 1)
-	return -1;
-    *p++ = (unsigned char)lifetime;
-
-    len = strlen(locuser);
-    if (len >= sz)
-	return -1;
-    memcpy (p, locuser, len + 1);
-    p += len + 1;
-    sz -= len + 1;
-
-    len = strlen(tktfile);
-    if (len >= sz)
-	return -1;
-    memcpy (p, tktfile, len + 1);
-    p += len + 1;
-    sz -= len + 1;
-
-    return p - buf;
-}
-
-int
-unpack_args (const char *buf, krb_principal *pr, int *lifetime,
-	     char *locuser, char *tktfile)
-{
-    int len;
-
-    len = strlen(buf);
-    if (len >= SNAME_SZ)
-	return -1;
-    strlcpy (pr->name, buf, ANAME_SZ);
-    buf += len + 1;
-    len = strlen (buf);
-    if (len >= INST_SZ)
-	return -1;
-    strlcpy (pr->instance, buf, INST_SZ);
-    buf += len + 1;
-    len = strlen (buf);
-    if (len >= REALM_SZ)
-	return -1;
-    strlcpy (pr->realm, buf, REALM_SZ);
-    buf += len + 1;
-    *lifetime = (unsigned char)*buf++;
-    len = strlen(buf);
-    if (len >= SNAME_SZ)
-	return -1;
-    strlcpy (locuser, buf, SNAME_SZ);
-    buf += len + 1;
-    len = strlen(buf);
-    if (len >= MaxPathLen)
-	return -1;
-    strlcpy (tktfile, buf, MaxPathLen);
-    buf += len + 1;
-    return 0;
-}
diff --git a/crypto/heimdal/appl/kauth/rkinit.c b/crypto/heimdal/appl/kauth/rkinit.c
deleted file mode 100644
index d4b07c6c842d..000000000000
--- a/crypto/heimdal/appl/kauth/rkinit.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kauth.h"
-
-RCSID("$Id: rkinit.c,v 1.23 1999/12/06 17:07:20 assar Exp $");
-
-static struct in_addr *
-getalladdrs (char *hostname, unsigned *count)
-{
-    struct hostent *hostent;
-    struct in_addr **h;
-    struct in_addr *addr;
-    unsigned naddr;
-    unsigned maxaddr;
-
-    hostent = gethostbyname (hostname);
-    if (hostent == NULL) {
-	warnx ("gethostbyname '%s' failed: %s\n",
-	       hostname,
-	       hstrerror(h_errno));
-	return NULL;
-    }
-    maxaddr = 1;
-    naddr = 0;
-    addr = malloc(sizeof(*addr) * maxaddr);
-    if (addr == NULL) {
-	warnx ("out of memory");
-	return NULL;
-    }
-    for (h = (struct in_addr **)(hostent->h_addr_list);
-	 *h != NULL;
-	 h++) {
-	if (naddr >= maxaddr) {
-	    maxaddr *= 2;
-	    addr = realloc (addr, sizeof(*addr) * maxaddr);
-	    if (addr == NULL) {
-		warnx ("out of memory");
-		return NULL;
-	    }
-	}
-	addr[naddr++] = **h;
-    }
-    addr = realloc (addr, sizeof(*addr) * naddr);
-    if (addr == NULL) {
-	warnx ("out of memory");
-	return NULL;
-    }
-    *count = naddr;
-    return addr;
-}
-
-static int
-doit_host (krb_principal *princ, int lifetime, char *locuser, 
-	   char *tktfile, des_cblock *key, int s, char *hostname)
-{
-    char buf[BUFSIZ];
-    int inlen;
-    KTEXT_ST text;
-    CREDENTIALS cred;
-    MSG_DAT msg;
-    int status;
-    des_key_schedule schedule;
-    struct sockaddr_in thisaddr, thataddr;
-    int addrlen;
-    void *ret;
-
-    addrlen = sizeof(thisaddr);
-    if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
-	addrlen != sizeof(thisaddr)) {
-	warn ("getsockname(%s)", hostname);
-	return 1;
-    }
-    addrlen = sizeof(thataddr);
-    if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
-	addrlen != sizeof(thataddr)) {
-	warn ("getpeername(%s)", hostname);
-	return 1;
-    }
-
-    if (krb_get_config_bool("nat_in_use")) {
-	struct in_addr natAddr;
-
-	if (krb_get_our_ip_for_realm(krb_realmofhost(hostname),
-				     &natAddr) == KSUCCESS
-	    || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
-	    thisaddr.sin_addr = natAddr;
-    }
-
-    status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
-			   hostname, krb_realmofhost (hostname),
-			   getpid(), &msg, &cred, schedule,
-			   &thisaddr, &thataddr, KAUTH_VERSION);
-    if (status != KSUCCESS) {
-	warnx ("%s: %s\n", hostname, krb_get_err_text(status));
-	return 1;
-    }
-    inlen = pack_args (buf, sizeof(buf),
-		       princ, lifetime, locuser, tktfile);
-    if (inlen < 0) {
-	warn ("cannot marshall arguments to %s", hostname);
-	return 1;
-    }
-
-    if (write_encrypted(s, buf, inlen, schedule, &cred.session,
-			&thisaddr, &thataddr) < 0) {
-	warn ("write to %s", hostname);
-	return 1;
-    }
-
-    inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
-			    &cred.session, &thataddr, &thisaddr);
-    if (inlen < 0) {
-	warn ("read from %s failed", hostname);
-	return 1;
-    }
-
-    if (strncmp(ret, "ok", inlen) != 0) {
-	warnx ("error from %s: %.*s\n",
-	       hostname, inlen, (char *)ret);
-	return 1;
-    }
-
-    inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
-			    &cred.session, &thataddr, &thisaddr);
-    if (inlen < 0) {
-	warn ("read from %s", hostname);
-	return 1;
-    }
-     
-    {
-	des_key_schedule key_s;
-
-	des_key_sched(key, key_s);
-	des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT);
-	memset(key_s, 0, sizeof(key_s));
-    }
-    write_encrypted (s, ret, inlen, schedule, &cred.session,
-		     &thisaddr, &thataddr);
-
-    inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule,
-			    &cred.session, &thataddr, &thisaddr);
-    if (inlen < 0) {
-	warn ("read from %s", hostname);
-	return 1;
-    }
-
-    if (strncmp(ret, "ok", inlen) != 0) {
-	warnx ("error from %s: %.*s\n",
-	       hostname, inlen, (char *)ret);
-	return 1;
-    }
-    return 0;
-}
-
-int
-rkinit (krb_principal *princ, int lifetime, char *locuser, 
-	char *tktfile, des_cblock *key, char *hostname)
-{
-    struct in_addr *addr;
-    unsigned naddr;
-    unsigned i;
-    int port;
-    int success;
-
-    addr = getalladdrs (hostname, &naddr);
-    if (addr == NULL)
-	return 1;
-    port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT));
-    success = 0;
-    for (i = 0; !success && i < naddr; ++i) {
-	struct sockaddr_in a;
-	int s;
-
-	memset(&a, 0, sizeof(a));
-	a.sin_family = AF_INET;
-	a.sin_port   = port;
-	a.sin_addr   = addr[i];
-
-	s = socket (AF_INET, SOCK_STREAM, 0);
-	if (s < 0) {
-	    warn("socket");
-	    return 1;
-	}
-	if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) {
-	    warn("connect(%s)", hostname);
-	    continue;
-	}
-
-	success = success || !doit_host (princ, lifetime,
-					 locuser, tktfile, key,
-					 s, hostname);
-	close (s);
-    }
-    return !success;
-}
diff --git a/crypto/heimdal/appl/kauth/zrefresh b/crypto/heimdal/appl/kauth/zrefresh
deleted file mode 100755
index 8347a1b33c0c..000000000000
--- a/crypto/heimdal/appl/kauth/zrefresh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-# 
-# @(#) $Id: zrefresh,v 1.3 1996/06/09 19:21:59 joda Exp $
-#
-# Substitute this script with a real zrefresh if running Zephyr. For
-# instance:
-#
-# if [ -f "$WGFILE" ] ; then
-#     zctl load
-# fi
-
-exit 0
diff --git a/crypto/heimdal/appl/kf/Makefile b/crypto/heimdal/appl/kf/Makefile
deleted file mode 100644
index d163c040cecc..000000000000
--- a/crypto/heimdal/appl/kf/Makefile
+++ /dev/null
@@ -1,733 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/kf/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.5 2000/11/15 22:51:08 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = kf
-
-libexec_PROGRAMS = kfd
-
-man_MANS = kf.1 kfd.8
-
-kf_SOURCES = kf.c kf_locl.h
-
-kfd_SOURCES = kfd.c kf_locl.h
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = appl/kf
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kf$(EXEEXT)
-libexec_PROGRAMS = kfd$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-am_kf_OBJECTS = kf.$(OBJEXT)
-kf_OBJECTS = $(am_kf_OBJECTS)
-kf_LDADD = $(LDADD)
-kf_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kf_LDFLAGS =
-am_kfd_OBJECTS = kfd.$(OBJEXT)
-kfd_OBJECTS = $(am_kfd_OBJECTS)
-kfd_LDADD = $(LDADD)
-kfd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kfd_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/kf/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kf$(EXEEXT): $(kf_OBJECTS) $(kf_DEPENDENCIES) 
-	@rm -f kf$(EXEEXT)
-	$(LINK) $(kf_LDFLAGS) $(kf_OBJECTS) $(kf_LDADD) $(LIBS)
-kfd$(EXEEXT): $(kfd_OBJECTS) $(kfd_DEPENDENCIES) 
-	@rm -f kfd$(EXEEXT)
-	$(LINK) $(kfd_LDFLAGS) $(kfd_OBJECTS) $(kfd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man1 install-man8 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/kf/Makefile.am b/crypto/heimdal/appl/kf/Makefile.am
deleted file mode 100644
index c145e07c94ce..000000000000
--- a/crypto/heimdal/appl/kf/Makefile.am
+++ /dev/null
@@ -1,18 +0,0 @@
-# $Id: Makefile.am,v 1.5 2000/11/15 22:51:08 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-bin_PROGRAMS = kf
-
-libexec_PROGRAMS = kfd
-
-man_MANS = kf.1 kfd.8
-
-kf_SOURCES = kf.c kf_locl.h
-
-kfd_SOURCES = kfd.c kf_locl.h
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in
deleted file mode 100644
index 90c965752294..000000000000
--- a/crypto/heimdal/appl/kf/Makefile.in
+++ /dev/null
@@ -1,723 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.5 2000/11/15 22:51:08 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = kf
-
-libexec_PROGRAMS = kfd
-
-man_MANS = kf.1 kfd.8
-
-kf_SOURCES = kf.c kf_locl.h
-
-kfd_SOURCES = kfd.c kf_locl.h
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = appl/kf
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kf$(EXEEXT)
-libexec_PROGRAMS = kfd$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-am_kf_OBJECTS = kf.$(OBJEXT)
-kf_OBJECTS = $(am_kf_OBJECTS)
-kf_LDADD = $(LDADD)
-kf_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kf_LDFLAGS =
-am_kfd_OBJECTS = kfd.$(OBJEXT)
-kfd_OBJECTS = $(am_kfd_OBJECTS)
-kfd_LDADD = $(LDADD)
-kfd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kfd_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/kf/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-kf$(EXEEXT): $(kf_OBJECTS) $(kf_DEPENDENCIES) 
-	@rm -f kf$(EXEEXT)
-	$(LINK) $(kf_LDFLAGS) $(kf_OBJECTS) $(kf_LDADD) $(LIBS)
-kfd$(EXEEXT): $(kfd_OBJECTS) $(kfd_DEPENDENCIES) 
-	@rm -f kfd$(EXEEXT)
-	$(LINK) $(kfd_LDFLAGS) $(kfd_OBJECTS) $(kfd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man1 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/kf/kf.1 b/crypto/heimdal/appl/kf/kf.1
deleted file mode 100644
index 2426063af6ae..000000000000
--- a/crypto/heimdal/appl/kf/kf.1
+++ /dev/null
@@ -1,112 +0,0 @@
-.\" Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kf.1,v 1.6 2003/04/11 12:43:57 lha Exp $
-.\"
-.Dd July  2, 2000
-.Dt KF 1
-.Os Heimdal
-.Sh NAME
-.Nm kf
-.Nd securely forward tickets
-.Sh SYNOPSIS
-.Nm
-.Oo
-.Fl p Ar port |
-.Fl -port Ns = Ns Ar port
-.Oc
-.Oo
-.Fl l Ar login |
-.Fl -login Ns = Ns Ar login
-.Oc
-.Oo
-.Fl c Ar ccache |
-.Fl -ccache Ns = Ns Ar ccache
-.Oc
-.Op Fl F | -forwardable
-.Op Fl G | -no-forwardable
-.Op Fl h | -help
-.Op Fl -version
-.Ar host ...
-.Sh DESCRIPTION
-The
-.Nm
-program forwards tickets to a remote host through an authenticated
-and encrypted stream.
-Options supported are:
-.Bl -tag -width indent
-.It Xo
-.Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
-.Xc
-port to connect to
-.It Xo
-.Fl l Ar login ,
-.Fl -login Ns = Ns Ar login
-.Xc
-remote login name
-.It Xo
-.Fl c Ar ccache ,
-.Fl -ccache Ns = Ns Ar ccache
-.Xc
-remote cred cache
-.It Fl F , -forwardable
-forward forwardable credentials
-.It Fl G , -no-forwardable
-do not forward forwardable credentials
-.It Fl h , -help
-.It Fl -version
-.El
-.Pp
-.Nm
-is useful when you do not want to enter your password on a remote host
-but want to have your tickets one for example AFS.
-.Pp
-In order for
-.Nm
-to work you will need to acquire your initial ticket with forwardable
-flag, i.e.
-.Nm kinit Fl -forwardable .
-.Pp
-.Nm telnet
-is able to forward tickets by itself.
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr telnet 1 ,
-.Xr kfd 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c
deleted file mode 100644
index 190101ba0482..000000000000
--- a/crypto/heimdal/appl/kf/kf.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kf_locl.h"
-RCSID("$Id: kf.c,v 1.17 2002/09/05 15:00:03 joda Exp $");
-
-krb5_context context;
-static int help_flag;
-static int version_flag;
-static char *port_str;
-const char *service     = KF_SERVICE;
-const char *remote_name = NULL;
-int forwardable   = 0;
-const char *ccache_name = NULL;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to connect to", "port" },
-    { "login", 'l',arg_string, &remote_name,"remote login name","login"},
-    { "ccache", 'c',arg_string, &ccache_name, "remote cred cache","ccache"},
-    { "forwardable",'F',arg_flag,&forwardable,
-       "Forward forwardable credentials", NULL },
-    { "forwardable",'G',arg_negative_flag,&forwardable,
-       "Don't forward forwardable credentials", NULL },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "hosts");
-    exit(code);
-}
-
-static int
-client_setup(krb5_context *context, int *argc, char **argv)
-{
-    int optind = 0;
-    int port = 0;
-    int status;
-
-    setprogname (argv[0]);
- 
-    status = krb5_init_context (context);
-    if (status)
-	errx(1, "krb5_init_context failed: %d", status);
- 
-    forwardable = krb5_config_get_bool (*context, NULL,
-					"libdefaults",
-					"forwardable",
-					NULL); 
- 
-    if (getarg (args, num_args, *argc, argv, &optind))
-	usage(1, args, num_args);
-
-    if(help_flag)
-	usage (0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str) {
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
-   
-    if(*argc - optind < 1)
-        usage(1, args, num_args);
-    *argc = optind;
-
-    return port;
-}
-
-/*
- * forward creds to `hostname'/`service' over `sock'
- * return 0 iff OK
- */
-
-static int
-proto (int sock, const char *hostname, const char *service,
-       char *message, size_t len)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_data data;
-    krb5_data data_send;
-
-    krb5_ccache     ccache;
-    krb5_creds      creds;
-    krb5_kdc_flags  flags;
-    krb5_principal  principal;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status) {
-	krb5_warn (context, status, "krb5_auth_con_init");
-	return 1;
-    }
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-    if (status) {
-	krb5_warn (context, status, "krb5_auth_con_setaddr");
-	return 1;
-    }
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status) {
-	krb5_warn (context, status, "krb5_sname_to_principal");
-	return 1;
-    }
-
-    status = krb5_sendauth (context,
-			    &auth_context,
-			    &sock,
-			    KF_VERSION_1,
-			    NULL,
-			    server,
-			    AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL);
-    if (status) {
-	krb5_warn(context, status, "krb5_sendauth");
-	return 1;
-    }
-
-    if (ccache_name == NULL)
-	ccache_name = "";
-
-    data_send.data   = (void *)remote_name;
-    data_send.length = strlen(remote_name) + 1;
-    status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
-    if (status) {
-	krb5_warn (context, status, "krb5_write_message");
-	return 1;
-    }
-    data_send.data   = (void *)ccache_name;
-    data_send.length = strlen(ccache_name)+1;
-    status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
-    if (status) {
-	krb5_warn (context, status, "krb5_write_message");
-	return 1;
-    }
-
-    memset (&creds, 0, sizeof(creds));
-
-    status = krb5_cc_default (context, &ccache);
-    if (status) {
-	krb5_warn (context, status, "krb5_cc_default");
-	return 1;
-    }
-
-    status = krb5_cc_get_principal (context, ccache, &principal);
-    if (status) {
-	krb5_warn (context, status, "krb5_cc_get_principal");
-	return 1;
-    }
-
-    creds.client = principal;
-    
-    status = krb5_make_principal (context,
-				  &creds.server,
-				  principal->realm,
-				  KRB5_TGS_NAME,
-				  principal->realm,
-				  NULL);
-
-    if (status) {
-	krb5_warn (context, status, "krb5_make_principal");
-	return 1;
-    }
-
-    creds.times.endtime = 0;
-
-    flags.i = 0;
-    flags.b.forwarded   = 1;
-    flags.b.forwardable = forwardable;
-
-    status = krb5_get_forwarded_creds (context,
-				       auth_context,
-				       ccache,
-				       flags.i,
-				       hostname,
-				       &creds,
-				       &data);
-    if (status) {
-	krb5_warn (context, status, "krb5_get_forwarded_creds");
-	return 1;
-    }
-
-    status = krb5_write_priv_message(context, auth_context, &sock, &data);
-
-    if (status) {
-	krb5_warn (context, status, "krb5_mk_priv");
-	return 1;
-    }
-    
-    krb5_data_free (&data);
-
-    status = krb5_read_priv_message(context, auth_context, &sock, &data);
-    if (status) {
-	krb5_warn (context, status, "krb5_mk_priv");
-	return 1;
-    }
-    if(data.length >= len) {
-	krb5_warnx (context, "returned string is too long, truncating");
-	memcpy(message, data.data, len);
-	message[len - 1] = '\0';
-    } else {
-	memcpy(message, data.data, data.length);
-	message[data.length] = '\0';
-    }
-    krb5_data_free (&data);
-
-    return(strcmp(message, "ok"));
-}
-
-static int
-doit (const char *hostname, int port, const char *service, 
-      char *message, size_t len)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) {
-	errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
-    }
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return proto (s, hostname, service, message, len);
-    }
-    warnx ("failed to contact %s", hostname);
-    freeaddrinfo (ai);
-    return 1;
-}
-
-int
-main(int argc, char **argv)
-{
-    int argcc,port,i;
-    int ret=0;
- 
-    argcc = argc;
-    port = client_setup(&context, &argcc, argv);
-
-    if (remote_name == NULL) {
-	remote_name = get_default_username ();
-	if (remote_name == NULL)
-	    errx (1, "who are you?");
-    }
-
-    for (i = argcc;i < argc; i++) {
-	char message[128];
-	ret = doit (argv[i], port, service, message, sizeof(message));
-	if(ret == 0)
-	    warnx ("%s: ok", argv[i]);
-	else
-	    warnx ("%s: failed: %s", argv[i], message);
-    }
-    return(ret);
-}
diff --git a/crypto/heimdal/appl/kf/kf.cat1 b/crypto/heimdal/appl/kf/kf.cat1
deleted file mode 100644
index 30ae354ea924..000000000000
--- a/crypto/heimdal/appl/kf/kf.cat1
+++ /dev/null
@@ -1,45 +0,0 @@
-KF(1)                       NetBSD Reference Manual                      KF(1)
-
-NNAAMMEE
-     kkff - securly forward tickets
-
-SSYYNNOOPPSSIISS
-     kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e |
-     ----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh |
-     ----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._.
-
-DDEESSCCRRIIPPTTIIOONN
-     The kkff program forwards tickets to a remove host through an authenticated
-     and encrypted stream.  Options supported are:
-
-     --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
-             port to connect to
-
-     --ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n
-             remote login name
-
-     --cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e
-             remote cred cache
-
-     --FF, ----ffoorrwwaarrddaabbllee
-             forward forwardable credentials
-
-     --GG, ----nnoo--ffoorrwwaarrddaabbllee
-             do not forward forwardable credentials
-
-     --hh, ----hheellpp
-
-     ----vveerrssiioonn
-
-     kkff is useful when you do not want to enter your password on a remote host
-     but want to have your tickets one for example afs.
-
-     In order for kkff to work you will need to acquire your initial ticket with
-     forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee.
-
-     tteellnneett is able to forward ticket by itself.
-
-SSEEEE AALLSSOO
-     kinit(1), telnet(1), kfd(8)
-
- Heimdal                         July 2, 2000                                1
diff --git a/crypto/heimdal/appl/kf/kf_locl.h b/crypto/heimdal/appl/kf/kf_locl.h
deleted file mode 100644
index 0a6a28f93572..000000000000
--- a/crypto/heimdal/appl/kf/kf_locl.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kf_locl.h,v 1.3 2002/09/04 20:29:04 joda Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <errno.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-#include <krb5.h>
-
-#define KF_SERVICE		"host"
-
-#define KF_PORT_NAME		"kf"
-#define KF_PORT_NUM		2110
-#define KF_VERSION_1		"KFWDV0.1"
diff --git a/crypto/heimdal/appl/kf/kfd.8 b/crypto/heimdal/appl/kf/kfd.8
deleted file mode 100644
index 94d26cc7cf17..000000000000
--- a/crypto/heimdal/appl/kf/kfd.8
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kfd.8,v 1.4 2003/02/16 21:10:05 lha Exp $
-.\"
-.Dd July  2, 2000
-.Dt KFD 8
-.Os Heimdal
-.Sh NAME
-.Nm kfd
-.Nd receive forwarded tickets
-.Sh SYNOPSIS
-.Nm
-.Oo
-.Fl p Ar port |
-.Fl -port Ns = Ns Ar port
-.Oc
-.Op Fl i | -inetd
-.Oo
-.Fl R Ar regpag |
-.Fl -regpag Ns = Ns Ar regpag
-.Oc
-.Op Fl h | -help
-.Op Fl -version
-.Sh DESCRIPTION
-This is the daemon for
-.Xr kf 1 .
-Supported options:
-.Bl -tag -width indent
-.It Xo
-.Fl p Ar port ,
-.Fl -port Ns = Ns Ar port
-.Xc
-port to listen to
-.It Fl i , -inetd
-not started from inetd
-.It Xo
-.Fl R Ar regpag ,
-.Fl -regpag= Ns Ar regpag
-.Xc
-path to regpag binary
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.Sh EXAMPLES
-Put the following in
-.Pa /etc/inetd.conf :
-.Bd -literal
-kf	stream	tcp	nowait	root	/usr/heimdal/libexec/kfd	kfd
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kf 1
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c
deleted file mode 100644
index c358b540b105..000000000000
--- a/crypto/heimdal/appl/kf/kfd.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kf_locl.h"
-RCSID("$Id: kfd.c,v 1.11 2003/04/16 15:40:24 lha Exp $");
-
-krb5_context context;
-char krb5_tkfile[MAXPATHLEN];
-
-static int help_flag;
-static int version_flag;
-static char *port_str;
-char *service = KF_SERVICE;
-int do_inetd = 0;
-static char *regpag_str=NULL;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "inetd",'i',arg_flag, &do_inetd,
-       "Not started from inetd", NULL },
-    { "regpag",'R',arg_string,&regpag_str,"path to regpag binary","regpag"},
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-static int
-server_setup(krb5_context *context, int argc, char **argv)
-{
-    int port = 0;
-    int local_argc;
-
-    local_argc = krb5_program_setup(context, argc, argv, args, num_args, usage);
-
-    if(help_flag)
-	(*usage)(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str){
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
-
-    if(argv[local_argc] != NULL)
-        usage(1, args, num_args);
-    
-    return port;
-}
-
-static int protocol_version;
-
-static krb5_boolean
-kfd_match_version(const void *arg, const char *version)
-{
-    if(strcmp(version, KF_VERSION_1) == 0) {
-	protocol_version = 1;
-	return TRUE;
-    } else if (strlen(version) == 4 &&
-	       version[0] == '0' &&
-	       version[1] == '.' &&
-	       (version[2] == '4' || version[2] == '3') &&
-	       islower(version[3])) {
-	protocol_version = 0;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static int
-proto (int sock, const char *service)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_ticket *ticket;
-    char *name;
-    char ret_string[10];
-    char hostname[MAXHOSTNAMELEN];
-    krb5_data data;
-    krb5_data remotename;
-    krb5_data tk_file;
-    krb5_ccache ccache;
-    char ccname[MAXPATHLEN];
-    struct passwd *pwd;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_init");
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_setaddr");
-
-    if(gethostname (hostname, sizeof(hostname)) < 0)
-	krb5_err(context, 1, errno, "gethostname");
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status)
-	krb5_err(context, 1, status, "krb5_sname_to_principal");
-
-    status = krb5_recvauth_match_version (context,
-					  &auth_context,
-					  &sock,
-					  kfd_match_version,
-					  NULL,
-					  server,
-					  0,
-					  NULL,
-					  &ticket);
-    if (status)
-	krb5_err(context, 1, status, "krb5_recvauth");
-
-    status = krb5_unparse_name (context,
-				ticket->client,
-				&name);
-    if (status)
-	krb5_err(context, 1, status, "krb5_unparse_name");
-
-    if(protocol_version == 0) {
-	data.data = "old clnt"; /* XXX old clients only had room for
-                                   10 bytes of message, and also
-                                   didn't show it to the user */
-	data.length = strlen(data.data) + 1;
-	krb5_write_message(context, &sock, &data);
-	sleep(2); /* XXX give client time to finish */
-	krb5_errx(context, 1, "old client; exiting");
-    }
-
-    status=krb5_read_priv_message (context, auth_context,
-				   &sock, &remotename);
-    if (status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    status=krb5_read_priv_message (context, auth_context, 
-				   &sock, &tk_file);
-    if (status)
-	krb5_err(context, 1, status, "krb5_read_message");
-
-    krb5_data_zero (&data);
-
-    if(((char*)remotename.data)[remotename.length-1] != '\0')
-	krb5_errx(context, 1, "unterminated received");
-    if(((char*)tk_file.data)[tk_file.length-1] != '\0')
-	krb5_errx(context, 1, "unterminated received");
-
-    status = krb5_read_priv_message(context, auth_context, &sock, &data);
-
-    if (status) {
-	krb5_err(context, 1, errno, "krb5_read_priv_message");
-	goto out;
-    }
-
-    pwd = getpwnam ((char *)(remotename.data));
-    if (pwd == NULL) {
-	status=1;
-	krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data));
-	goto out;
-    }
-
-    if(!krb5_kuserok (context,
-		      ticket->client,
-		      (char *)(remotename.data))) {
-	status=1;
-	krb5_warnx(context, "krb5_kuserok: permission denied");
-	goto out;
-    }
-
-    if (setgid(pwd->pw_gid) < 0) {
-	krb5_warn(context, errno, "setgid");
-	goto out;
-    }
-    if (setuid(pwd->pw_uid) < 0) {
-	krb5_warn(context, errno, "setuid");
-	goto out;
-    }
-
-    if (tk_file.length != 1)
-	snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data));
-    else
-	snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%u",pwd->pw_uid);
-
-    status = krb5_cc_resolve (context, ccname, &ccache);
-    if (status) {
-	krb5_warn(context, status, "krb5_cc_resolve");
-        goto out;
-    }
-    status = krb5_cc_initialize (context, ccache, ticket->client);
-    if (status) {
-	krb5_warn(context, status, "krb5_cc_initialize");
-        goto out;
-    }
-    status = krb5_rd_cred2 (context, auth_context, ccache, &data);
-    krb5_cc_close (context, ccache);
-    if (status) {
-	krb5_warn(context, status, "krb5_rd_cred");
-        goto out;
-
-    }
-    strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile));
-    krb5_warnx(context, "%s forwarded ticket to %s,%s",
-	       name,
-	       (char *)(remotename.data),ccname);
-  out:
-    if (status) {
-	strlcpy(ret_string, "no", sizeof(ret_string));
-	krb5_warnx(context, "failed");
-    } else  {
-	strlcpy(ret_string, "ok", sizeof(ret_string));
-    }
-
-    krb5_data_free (&tk_file);
-    krb5_data_free (&remotename);
-    krb5_data_free (&data);
-    free(name);
-
-    data.data = ret_string;
-    data.length = strlen(ret_string) + 1;
-    return krb5_write_priv_message(context, auth_context, &sock, &data);
-}
-
-static int
-doit (int port, const char *service)
-{
-    if (do_inetd)
-	mini_inetd(port);
-    return proto (STDIN_FILENO, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port;
-    int ret;
-    krb5_log_facility *fac;
-
-    setprogname (argv[0]);
-    roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
-    port = server_setup(&context, argc, argv);
-    ret = krb5_openlog(context, "kfd", &fac);
-    if(ret) krb5_err(context, 1, ret, "krb5_openlog");
-    ret = krb5_set_warn_dest(context, fac);
-    if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest");
-
-    ret = doit (port, service);
-    closelog();
-    if (ret == 0 && regpag_str != NULL)
-        ret = execl(regpag_str, "regpag", "-t", krb5_tkfile, "-r", NULL);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/kf/kfd.cat8 b/crypto/heimdal/appl/kf/kfd.cat8
deleted file mode 100644
index 65ec8ac4a9ea..000000000000
--- a/crypto/heimdal/appl/kf/kfd.cat8
+++ /dev/null
@@ -1,30 +0,0 @@
-KFD(8)                  NetBSD System Manager's Manual                  KFD(8)
-
-NNAAMMEE
-     kkffdd - receive forwarded tickets
-
-SSYYNNOOPPSSIISS
-     kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g]
-     [--hh | ----hheellpp] [----vveerrssiioonn]
-
-DDEESSCCRRIIPPTTIIOONN
-     This is the daemon for kf(1).  Supported options:
-
-     --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
-             port to listen to
-
-     --ii, ----iinneettdd
-             not started from inetd
-
-     --RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g
-             path to regpag binary
-
-EEXXAAMMPPLLEESS
-     Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
-
-     kf      stream  tcp     nowait  root    /usr/heimdal/libexec/kfd        kfd
-
-SSEEEE AALLSSOO
-     kf(1)
-
- Heimdal                         July 2, 2000                                1
diff --git a/crypto/heimdal/appl/kx/ChangeLog b/crypto/heimdal/appl/kx/ChangeLog
deleted file mode 100644
index 1f00507b1147..000000000000
--- a/crypto/heimdal/appl/kx/ChangeLog
+++ /dev/null
@@ -1,354 +0,0 @@
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* common.c: remove only reference to strndup
-
-2002-05-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb5.c: use krb5_warn where appropriate
-
-2002-03-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rxtelnet.in, rxterm.in: add forward (-f) option
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* kx.h: add a kludge to make it build on aix (that defines NOERROR
-	in both sys/stream.h and arpa/nameser.h and considers that a fatal
-	error)
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* common.c (connect_local_xsocket): handle a tcp socket as last
-	resort
-
-	* rxterm.in: add -K (send arguments to kx)
-	* rxtelnet.in: add -K (send arguments to kx)
-	
-2001-06-21  Assar Westerlund  <assar@sics.se>
-
-	* rxterm.in: add -b for pointing to the rsh program.  from
-	<mikan@mikan.net>
-	* rxtelnet.in: add -b for pointing to the telnet program.  from
-	<mikan@mikan.net>
-
-2001-01-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* common.c: don't write to string constants
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* krb5.c (krb5_make_context): handle krb5_init_context failure
-	consistently
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (doit_passive): check that fds are not too large to select
-	on
-	* kx.c (doit_active): check that fds are not too large to select
-	on
-	* krb5.c (krb5_copy_encrypted): check that fds are not too large
-	to select on
-	* krb4.c (krb4_copy_encrypted): check that fds are not too large
-	to select on
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: use conditional for X
-
-2000-06-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: use INSTALL_SCRIPT for installing rxterm, rxtelnet,
-	tenletxr
-
-2000-04-19  Assar Westerlund  <assar@sics.se>
-
-	* common.c: try hostname uncanonified if getaddrinfo() fails
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* kx.h: remove old prorotypes
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* common.c (match_local_auth): handle ai_canonname being set in
-	any of the addresses returnedby getaddrinfo.  glibc apparently
-	returns the reverse lookup of every address in ai_canonname.
-
-1999-12-28  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (main): call krb5_getportbyname with the default in
- 	host-byte-order
-
-1999-12-17  Assar Westerlund  <assar@sics.se>
-
-	* common.c (match_local_auth): remove extra brace.  spotted by
- 	Jakob Schlyter <jakob@cdg.chalmers.se>
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* common.c (match_local_auth): handle ai_canonname not being set
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* krb4.c (krb4_authenticate): the NAT address might not be the one
-	for the relevant realm, try anyway.
-	* kxd.c (recv_conn): type correctness
-	* kx.c (connect_host): typo
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* common.c (INADDR_LOOPBACK): remove.  now in roken.
-
-	* kxd.c (recv_conn): use getnameinfo_verified
-	* kxd.c (recv_conn): replace inaddr2str with getnameinfo
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* kx.c (connect_host): use getaddrinfo
-	* common.c (find_auth_cookie, match_local_auth): re-write to use
-	getaddrinfo
-
-1999-11-27  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (recv_conn): better errors when getting unrecognized data
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* krb4.c (krb4_authenticate): obtain the `local' address when
-	doing NAT.  also turn on passive mode.  From <thn@stacken.kth.se>
-	
-1999-11-18  Assar Westerlund  <assar@sics.se>
-
-	* krb5.c (krb5_destroy): free the correct part of the context
-	
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* kx.c (main): redo the v4/v5 selection for consistency.  -4 ->
- 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
-
-1999-10-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (CLEANFILES): add generated files so that they get
- 	cleaned away
-
-1999-09-29  Assar Westerlund  <assar@sics.se>
-
-	* common.c (match_local_auth): only look for FamilyLocal (and
- 	FamilyWild) cookies.  This will not work when we start talking tcp
- 	to the local X-server but `connect_local_xsocket' and the rest of
- 	the code doesn't handle it anyway and the old code could (and did)
- 	pick up the wrong cookie sometimes.  If we have to match
- 	FamilyInternet cookies, the search order has to be changed anyway
-
-1999-09-02  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (childhandler): watch for child `wait_on_pid' to die.
-	(recv_conn): set `wait_on_pid' instead of looping on waitpid here
-	also.  This should solve the problem of kxd looping which was
- 	caused by the signal handler getting invoked before this waitpid
- 	and reaping the child leaving this poor loop without any child
-
-1999-08-19  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (recv_conn): give better error message
-	(doit_active): don't die if fork gives EAGAIN
-
-1999-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kxd.c (recv_conn): call setjob on crays;
-	(doit_passive): if fork fails with EAGAIN, don't shutdown, just close
-	the connection re-implement `-t' flag
-
-1999-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: handle not building X programs
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* kx.c: conditionalize krb_enable_debug
-
-1999-06-20  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (main): hopefully do inetd confusion right
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* krb4.c (krb4_authenticate): get rid of a warning
-
-	* kx.h: const-pollution
-
-	* kx.c: use get_default_username and resulting const pollution
-
-	* context.c (context_set): const pollution
-
-1999-05-22  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (recv_conn): fix syslog messages
-	(main): fix inetd_flag thinko
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* kx.c (main): don't byte-swap the argument to krb5_getportbyname
-
-	* kx.c (main): try to use $USERNAME
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES*): update sources list
-	
-	* kx.c (main): forgot to conditionalize some KRB5 code
-	
-	* kxd.c (main): use getarg
-	(*): handle v4 and/or v5
-
-	* kx.h: update
-	
-	* kx.c (main): use getarg.
-	(*): handle v4 and/or v5
-
-	* common.c (do_enccopy, copy_encrypted): remove use
-	net_{read,write} instead of krb_net_{read,write}
-	(krb_get_int, krb_put_int): include fallback of these for when we
-	compile without krb4
-	
-	* Makefile.am (*_SOURCES): remove encdata, add krb[45].c,
-	context.c
-	(LDADD): add krb5
-
-	* krb4.c, krb5.c, context.c: new files
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (doit_passive): handle error code from
- 	create_and_write_cookie
-
-	* kx.c (doit_active): handle error code from
- 	create_and_write_cookie
-
-	* common.c (create_and_write_cookie): try to return better (and
- 	correct) errors.  Based on a patch from Love <lha@e.kth.se>
-
-	* common.c (try_pie): more braces
-	(match_local_auth): new function
-	(find_auth_cookie): new function
-	(replace_cookie): don't just take the first auth cookie.  based on
-	patch from Ake Sandgren <ake@@cs.umu.se>
-
-Wed Apr  7 23:39:23 1999  Assar Westerlund  <assar@sics.se>
-	
-	* common.c (get_xsockets): init local variable to get rid of a gcc
- 	warning
-
-Thu Apr  1 21:11:36 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.in: fix for writeauth.o
-
-Fri Mar 19 15:12:31 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kx.c: add gcc-braces
-
-Thu Mar 18 11:18:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar 11 14:58:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* writeauth.c: protoize
-
-	* common.c: fix some warnings
-
-Wed Mar 10 19:33:39 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kxd.c: openlog -> roken_openlog
-
-Wed Feb  3 22:01:55 1999  Assar Westerlund  <assar@sics.se>
-
-	* rxtelnet.in: print out what telnet program we are running.  From
- 	<nissej@pdc.kth.se>
-
-	* tenletxr.in: add --version, [-h | --help], -v
-
-	* rxterm.in: add --version, [-h | --help], -v
-
-	* rxtelnet.in: add --version, [-h | --help], -v
-
-	* Makefile.in (rxterm, rxtelnet, telnetxr): substitute VERSION and
- 	PACKAGE
-
-	* rxtelnet.in: update usage string
-
-Fri Jan 22 23:51:05 1999  Assar Westerlund  <assar@sics.se>
-
-	* common.c (verify_and_remove_cookies): give back a meaningful
- 	error message if we're using the wrong cookie
-
-Fri Dec 18 17:42:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* common.c (replace_cookie): try to handle the case of not finding
- 	any cookies
-
-Sun Nov 22 10:31:53 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Wed Nov 18 20:25:37 1998  Assar Westerlund  <assar@sics.se>
-
-	* rxtelnet.in: new argument -n for not starting any terminal
- 	emulator
-
-	* kx.c (doit_passive): parse $DISPLAY correctly
-
-Fri Oct  2 06:34:51 1998  Assar Westerlund  <assar@sics.se>
-
-	* kx.c (doit_active): check DISPLAY to figure out what local
- 	socket to connect to.  From �ke Sandgren <ake@cs.umu.se>
-
-Thu Oct  1 23:02:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* kx.h: case MAY_HAVE_X11_PIPES with Solaris
-
-Tue Sep 29 02:22:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* kx.c: fix from Ake Sandgren <ake@cs.umu.se>
-
-Mon Sep 28 18:04:03 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* common.c (try_pipe): return -1 if I_PUSH fails with ENOSYS
-
-Sat Sep 26 17:34:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c: create sockets before setuid to handle Solaris' strange
- 	permissions on /tmp/.X11-{unix,pipe}
-
-	* common.c (chown_xsockets): new function
-
-	* kx.h (chown_xsockets): new prototype
-
-Sun Aug 16 18:34:30 1998  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (doit_passive): conditionalize stream pipe code
-
-	* implement support for Solaris's named-pipe X transport
-
-Thu May 28 17:20:39 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c: fix for (compiler?) bug in solaris 2.4 bind
-
-	* kx.c: get_xsockets returns int, not unsigned
-
-Wed May 27 04:20:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* kxd.c (doit): better error reporting
-
-Tue May 26 17:41:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* kx.c: use krb_enable_debug
-
-Mon May 25 05:22:18 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): remove encdata.c
-
-Fri May  1 07:16:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* kx.c: unifdef -DHAVE_H_ERRNO
-
diff --git a/crypto/heimdal/appl/kx/Makefile b/crypto/heimdal/appl/kx/Makefile
deleted file mode 100644
index c53998295970..000000000000
--- a/crypto/heimdal/appl/kx/Makefile
+++ /dev/null
@@ -1,825 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/kx/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = kx
-#bin_PROGRAMS = 
-bin_SCRIPTS = rxterm rxtelnet tenletxr
-#bin_SCRIPTS = 
-libexec_PROGRAMS = kxd
-#libexec_PROGRAMS = 
-
-CLEANFILES = rxterm rxtelnet tenletxr
-
-#XauWriteAuth_c = writeauth.c
-
-kx_SOURCES = \
-	kx.c \
-	kx.h \
-	common.c \
-	context.c \
-	krb4.c \
-	krb5.c \
-	$(XauWriteAuth_c)
-
-
-EXTRA_kx_SOURCES = writeauth.c
-
-kxd_SOURCES = \
-	kxd.c \
-	kx.h \
-	common.c \
-	context.c \
-	krb4.c \
-	krb5.c \
-	$(XauWriteAuth_c)
-
-
-EXTRA_kxd_SOURCES = writeauth.c
-
-EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
-
-man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
-
-LDADD = \
-	$(LIB_kafs)				\
-	$(LIB_krb5) \
-	$(LIB_krb4)				\
-	$(LIB_des)	\
-	$(LIB_roken)				\
-	$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
-
-subdir = appl/kx
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kx$(EXEEXT)
-#bin_PROGRAMS =
-libexec_PROGRAMS = kxd$(EXEEXT)
-#libexec_PROGRAMS =
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-#am__objects_1 = writeauth.$(OBJEXT)
-am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) context.$(OBJEXT) \
-	krb4.$(OBJEXT) krb5.$(OBJEXT) $(am__objects_1)
-kx_OBJECTS = $(am_kx_OBJECTS)
-kx_LDADD = $(LDADD)
-kx_DEPENDENCIES = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#kx_DEPENDENCIES =
-#kx_DEPENDENCIES = \
-#	$(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-##kx_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la
-kx_LDFLAGS =
-am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) context.$(OBJEXT) \
-	krb4.$(OBJEXT) krb5.$(OBJEXT) $(am__objects_1)
-kxd_OBJECTS = $(am_kxd_OBJECTS)
-kxd_LDADD = $(LDADD)
-kxd_DEPENDENCIES = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#kxd_DEPENDENCIES =
-#kxd_DEPENDENCIES = \
-#	$(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-##kxd_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la
-kxd_LDFLAGS =
-SCRIPTS = $(bin_SCRIPTS)
-
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) \
-	$(EXTRA_kxd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) $(EXTRA_kxd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/kx/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kx$(EXEEXT): $(kx_OBJECTS) $(kx_DEPENDENCIES) 
-	@rm -f kx$(EXEEXT)
-	$(LINK) $(kx_LDFLAGS) $(kx_OBJECTS) $(kx_LDADD) $(LIBS)
-kxd$(EXEEXT): $(kxd_OBJECTS) $(kxd_DEPENDENCIES) 
-	@rm -f kxd$(EXEEXT)
-	$(LINK) $(kxd_LDFLAGS) $(kxd_OBJECTS) $(kxd_LDADD) $(LIBS)
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS install-binSCRIPTS \
-	install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS \
-	install-binSCRIPTS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man1 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-rxterm: rxterm.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
-	chmod +x $@
-
-rxtelnet: rxtelnet.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
-	chmod +x $@
-
-tenletxr: tenletxr.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/kx/Makefile.am b/crypto/heimdal/appl/kx/Makefile.am
deleted file mode 100644
index ec3f2498e0b5..000000000000
--- a/crypto/heimdal/appl/kx/Makefile.am
+++ /dev/null
@@ -1,73 +0,0 @@
-# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-if HAVE_X
-
-bin_PROGRAMS = kx
-bin_SCRIPTS = rxterm rxtelnet tenletxr
-libexec_PROGRAMS = kxd
-
-else
-
-bin_PROGRAMS = 
-bin_SCRIPTS = 
-libexec_PROGRAMS = 
-
-endif
-
-CLEANFILES = rxterm rxtelnet tenletxr
-
-if NEED_WRITEAUTH
-XauWriteAuth_c = writeauth.c
-endif
-
-kx_SOURCES = \
-	kx.c \
-	kx.h \
-	common.c \
-	context.c \
-	krb4.c \
-	krb5.c \
-	$(XauWriteAuth_c)
-
-EXTRA_kx_SOURCES = writeauth.c
-
-kxd_SOURCES = \
-	kxd.c \
-	kx.h \
-	common.c \
-	context.c \
-	krb4.c \
-	krb5.c \
-	$(XauWriteAuth_c)
-
-EXTRA_kxd_SOURCES = writeauth.c
-
-EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
-
-man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
-
-rxterm: rxterm.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
-	chmod +x $@
-
-rxtelnet: rxtelnet.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
-	chmod +x $@
-
-tenletxr: tenletxr.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
-	chmod +x $@
-
-LDADD = \
-	$(LIB_kafs)				\
-	$(LIB_krb5) \
-	$(LIB_krb4)				\
-	$(LIB_des)	\
-	$(LIB_roken)				\
-	$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
diff --git a/crypto/heimdal/appl/kx/Makefile.in b/crypto/heimdal/appl/kx/Makefile.in
deleted file mode 100644
index 7a017e6bf94d..000000000000
--- a/crypto/heimdal/appl/kx/Makefile.in
+++ /dev/null
@@ -1,825 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@HAVE_X_TRUE@bin_PROGRAMS = kx
-@HAVE_X_FALSE@bin_PROGRAMS = 
-@HAVE_X_TRUE@bin_SCRIPTS = rxterm rxtelnet tenletxr
-@HAVE_X_FALSE@bin_SCRIPTS = 
-@HAVE_X_TRUE@libexec_PROGRAMS = kxd
-@HAVE_X_FALSE@libexec_PROGRAMS = 
-
-CLEANFILES = rxterm rxtelnet tenletxr
-
-@NEED_WRITEAUTH_TRUE@XauWriteAuth_c = writeauth.c
-
-kx_SOURCES = \
-	kx.c \
-	kx.h \
-	common.c \
-	context.c \
-	krb4.c \
-	krb5.c \
-	$(XauWriteAuth_c)
-
-
-EXTRA_kx_SOURCES = writeauth.c
-
-kxd_SOURCES = \
-	kxd.c \
-	kx.h \
-	common.c \
-	context.c \
-	krb4.c \
-	krb5.c \
-	$(XauWriteAuth_c)
-
-
-EXTRA_kxd_SOURCES = writeauth.c
-
-EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
-
-man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
-
-LDADD = \
-	$(LIB_kafs)				\
-	$(LIB_krb5) \
-	$(LIB_krb4)				\
-	$(LIB_des)	\
-	$(LIB_roken)				\
-	$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
-
-subdir = appl/kx
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-@HAVE_X_TRUE@bin_PROGRAMS = kx$(EXEEXT)
-@HAVE_X_FALSE@bin_PROGRAMS =
-@HAVE_X_TRUE@libexec_PROGRAMS = kxd$(EXEEXT)
-@HAVE_X_FALSE@libexec_PROGRAMS =
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-@NEED_WRITEAUTH_TRUE@am__objects_1 = writeauth.$(OBJEXT)
-am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) context.$(OBJEXT) \
-	krb4.$(OBJEXT) krb5.$(OBJEXT) $(am__objects_1)
-kx_OBJECTS = $(am_kx_OBJECTS)
-kx_LDADD = $(LDADD)
-@KRB4_FALSE@@KRB5_TRUE@kx_DEPENDENCIES = \
-@KRB4_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@@KRB5_FALSE@kx_DEPENDENCIES =
-@KRB4_TRUE@@KRB5_TRUE@kx_DEPENDENCIES = \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_TRUE@@KRB5_FALSE@kx_DEPENDENCIES = \
-@KRB4_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la
-kx_LDFLAGS =
-am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) context.$(OBJEXT) \
-	krb4.$(OBJEXT) krb5.$(OBJEXT) $(am__objects_1)
-kxd_OBJECTS = $(am_kxd_OBJECTS)
-kxd_LDADD = $(LDADD)
-@KRB4_FALSE@@KRB5_TRUE@kxd_DEPENDENCIES = \
-@KRB4_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@@KRB5_FALSE@kxd_DEPENDENCIES =
-@KRB4_TRUE@@KRB5_TRUE@kxd_DEPENDENCIES = \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_TRUE@@KRB5_FALSE@kxd_DEPENDENCIES = \
-@KRB4_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la
-kxd_LDFLAGS =
-SCRIPTS = $(bin_SCRIPTS)
-
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) \
-	$(EXTRA_kxd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) $(EXTRA_kxd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/kx/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kx$(EXEEXT): $(kx_OBJECTS) $(kx_DEPENDENCIES) 
-	@rm -f kx$(EXEEXT)
-	$(LINK) $(kx_LDFLAGS) $(kx_OBJECTS) $(kx_LDADD) $(LIBS)
-kxd$(EXEEXT): $(kxd_OBJECTS) $(kxd_DEPENDENCIES) 
-	@rm -f kxd$(EXEEXT)
-	$(LINK) $(kxd_LDFLAGS) $(kxd_OBJECTS) $(kxd_LDADD) $(LIBS)
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS install-binSCRIPTS \
-	install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS \
-	install-binSCRIPTS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man1 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-rxterm: rxterm.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
-	chmod +x $@
-
-rxtelnet: rxtelnet.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
-	chmod +x $@
-
-tenletxr: tenletxr.in
-	sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/kx/common.c b/crypto/heimdal/appl/kx/common.c
deleted file mode 100644
index 223c6bbe5eac..000000000000
--- a/crypto/heimdal/appl/kx/common.c
+++ /dev/null
@@ -1,812 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kx.h"
-
-RCSID("$Id: common.c,v 1.66 2002/08/22 16:23:28 joda Exp $");
-
-char x_socket[MaxPathLen];
-
-u_int32_t display_num;
-char display[MaxPathLen];
-int display_size = sizeof(display);
-char xauthfile[MaxPathLen];
-int xauthfile_size = sizeof(xauthfile);
-u_char cookie[16];
-size_t cookie_len = sizeof(cookie);
-
-#ifndef X_UNIX_PATH
-#define X_UNIX_PATH "/tmp/.X11-unix/X"
-#endif
-
-#ifndef X_PIPE_PATH
-#define X_PIPE_PATH "/tmp/.X11-pipe/X"
-#endif
-
-/*
- * Allocate a unix domain socket in `s' for display `dpy' and with
- * filename `pattern'
- *
- * 0 if all is OK
- * -1 if bind failed badly
- * 1 if dpy is already used */
-
-static int
-try_socket (struct x_socket *s, int dpy, const char *pattern)
-{
-    struct sockaddr_un addr;
-    int fd;
-
-    fd = socket (AF_UNIX, SOCK_STREAM, 0);
-    if (fd < 0)
-	err (1, "socket AF_UNIX");
-    memset (&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    snprintf (addr.sun_path, sizeof(addr.sun_path), pattern, dpy);
-    if(bind(fd,
-	    (struct sockaddr *)&addr,
-	    sizeof(addr)) < 0) {
-	close (fd);
-	if (errno == EADDRINUSE ||
-	    errno == EACCES  /* Cray return EACCESS */
-#ifdef ENOTUNIQ
-	    || errno == ENOTUNIQ /* bug in Solaris 2.4 */
-#endif
-	    )
-	    return 1;
-	else
-	    return -1;
-    }
-    s->fd = fd;
-    s->pathname = strdup (addr.sun_path);
-    if (s->pathname == NULL)
-	errx (1, "strdup: out of memory");
-    s->flags = UNIX_SOCKET;
-    return 0;
-}
-
-#ifdef MAY_HAVE_X11_PIPES
-/*
- * Allocate a stream (masqueraded as a named pipe)
- *
- * 0 if all is OK
- * -1 if bind failed badly
- * 1 if dpy is already used
- */
-
-static int
-try_pipe (struct x_socket *s, int dpy, const char *pattern)
-{
-    char path[MAXPATHLEN];
-    int ret;
-    int fd;
-    int pipefd[2];
-    
-    snprintf (path, sizeof(path), pattern, dpy);
-    fd = open (path, O_WRONLY | O_CREAT | O_EXCL, 0600);
-    if (fd < 0) {
-	if (errno == EEXIST)
-	    return 1;
-	else
-	    return -1;
-    }
-
-    close (fd);
-
-    ret = pipe (pipefd);
-    if (ret < 0)
-	err (1, "pipe");
-
-    ret = ioctl (pipefd[1], I_PUSH, "connld");
-    if (ret < 0) {
-	if(errno == ENOSYS)
-	    return -1;
-	err (1, "ioctl I_PUSH");
-    }
-
-    ret = fattach (pipefd[1], path);
-    if (ret < 0)
-	err (1, "fattach %s", path);
-
-    s->fd  = pipefd[0];
-    close (pipefd[1]);
-    s->pathname = strdup (path);
-    if (s->pathname == NULL)
-	errx (1, "strdup: out of memory");
-    s->flags = STREAM_PIPE;
-    return 0;
-}
-#endif /* MAY_HAVE_X11_PIPES */
-
-/*
- * Try to create a TCP socket in `s' corresponding to display `dpy'.
- *
- * 0 if all is OK
- * -1 if bind failed badly
- * 1 if dpy is already used
- */
-
-static int
-try_tcp (struct x_socket *s, int dpy)
-{
-    struct sockaddr_in tcpaddr;
-    struct in_addr local;
-    int one = 1;
-    int fd;
-
-    memset(&local, 0, sizeof(local));
-    local.s_addr = htonl(INADDR_LOOPBACK);
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	err (1, "socket AF_INET");
-#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
-    setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
-		sizeof(one));
-#endif
-    memset (&tcpaddr, 0, sizeof(tcpaddr));
-    tcpaddr.sin_family = AF_INET;
-    tcpaddr.sin_addr = local;
-    tcpaddr.sin_port = htons(6000 + dpy);
-    if (bind (fd, (struct sockaddr *)&tcpaddr,
-	      sizeof(tcpaddr)) < 0) {
-	close (fd);
-	if (errno == EADDRINUSE)
-	    return 1;
-	else
-	    return -1;
-    }
-    s->fd = fd;
-    s->pathname = NULL;
-    s->flags = TCP;
-    return 0;
-}
-
-/*
- * The potential places to create unix sockets.
- */
-
-static char *x_sockets[] = {
-X_UNIX_PATH "%u",
-"/var/X/.X11-unix/X" "%u",
-"/usr/spool/sockets/X11/" "%u",
-NULL
-};
-
-/*
- * Dito for stream pipes.
- */
-
-#ifdef MAY_HAVE_X11_PIPES
-static char *x_pipes[] = {
-X_PIPE_PATH "%u",
-"/var/X/.X11-pipe/X" "%u",
-NULL
-};
-#endif
-
-/*
- * Create the directory corresponding to dirname of `path' or fail.
- */
-
-static void
-try_mkdir (const char *path)
-{
-    char *dir;
-    char *p;
-    int oldmask;
-
-    if((dir = strdup (path)) == NULL)
-	errx (1, "strdup: out of memory");
-    p = strrchr (dir, '/');
-    if (p)
-	*p = '\0';
-
-    oldmask = umask(0);
-    mkdir (dir, 01777);
-    umask (oldmask);
-    free (dir);
-}
-
-/*
- * Allocate a display, returning the number of sockets in `number' and
- * all the corresponding sockets in `sockets'.  If `tcp_socket' is
- * true, also allcoaet a TCP socket.
- *
- * The return value is the display allocated or -1 if an error occurred.
- */
-
-int
-get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
-{
-     int dpy;
-     struct x_socket *s;
-     int n;
-     int i;
-
-     s = malloc (sizeof(*s) * 5);
-     if (s == NULL)
-	 errx (1, "malloc: out of memory");
-
-     try_mkdir (X_UNIX_PATH);
-     try_mkdir (X_PIPE_PATH);
-
-     for(dpy = 4; dpy < 256; ++dpy) {
-	 char **path;
-	 int tmp = 0;
-
-	 n = 0;
-	 for (path = x_sockets; *path; ++path) {
-	     tmp = try_socket (&s[n], dpy, *path);
-	     if (tmp == -1) {
-		 if (errno != ENOTDIR && errno != ENOENT)
-		     return -1;
-	     } else if (tmp == 1) {
-		 while(--n >= 0) {
-		     close (s[n].fd);
-		     free (s[n].pathname);
-		 }
-		 break;
-	     } else if (tmp == 0)
-		 ++n;
-	 }
-	 if (tmp == 1)
-	     continue;
-
-#ifdef MAY_HAVE_X11_PIPES
-	 for (path = x_pipes; *path; ++path) {
-	     tmp = try_pipe (&s[n], dpy, *path);
-	     if (tmp == -1) {
-		 if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS)
-		     return -1;
-	     } else if (tmp == 1) {
-		 while (--n >= 0) {
-		     close (s[n].fd);
-		     free (s[n].pathname);
-		 }
-		 break;
-	     } else if (tmp == 0)
-		 ++n;
-	 }
-
-	 if (tmp == 1)
-	     continue;
-#endif
-
-	 if (tcp_socket) {
-	     tmp = try_tcp (&s[n], dpy);
-	     if (tmp == -1)
-		 return -1;
-	     else if (tmp == 1) {
-		 while (--n >= 0) {
-		     close (s[n].fd);
-		     free (s[n].pathname);
-		 }
-		 break;
-	     } else if (tmp == 0)
-		 ++n;
-	 }
-	 break;
-     }
-     if (dpy == 256)
-	 errx (1, "no free x-servers");
-     for (i = 0; i < n; ++i)
-	 if (s[i].flags & LISTENP
-	     && listen (s[i].fd, SOMAXCONN) < 0)
-	     err (1, "listen %s", s[i].pathname ? s[i].pathname : "tcp");
-     *number = n;
-     *sockets = s;
-     return dpy;
-}
-
-/*
- * Change owner on the `n' sockets in `sockets' to `uid', `gid'.
- * Return 0 is succesful or -1 if an error occurred.
- */
-
-int
-chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid)
-{
-    int i;
-
-    for (i = 0; i < n; ++i)
-	if (sockets[i].pathname != NULL)
-	    if (chown (sockets[i].pathname, uid, gid) < 0)
-		return -1;
-    return 0;
-}
-
-/*
- * Connect to local display `dnr' with local transport or TCP.
- * Return a file descriptor.
- */
-
-int
-connect_local_xsocket (unsigned dnr)
-{
-     int fd;
-     char **path;
-
-     for (path = x_sockets; *path; ++path) {
-	 struct sockaddr_un addr;
-
-	 fd = socket (AF_UNIX, SOCK_STREAM, 0);
-	 if (fd < 0)
-	     break;
-	 memset (&addr, 0, sizeof(addr));
-	 addr.sun_family = AF_UNIX;
-	 snprintf (addr.sun_path, sizeof(addr.sun_path), *path, dnr);
-	 if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
-	     return fd;
-	 close(fd);
-     }
-     {
-	 struct sockaddr_in addr;
-
-	 fd = socket(AF_INET, SOCK_STREAM, 0);
-	 if (fd < 0)
-	     err (1, "socket AF_INET");
-	 memset (&addr, 0, sizeof(addr));
-	 addr.sin_family = AF_INET;
-	 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-	 addr.sin_port = htons(6000 + dnr);
-	 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
-	     return fd;
-	 close(fd);
-     }
-     err (1, "connecting to local display %u", dnr);
-}
-
-/*
- * Create a cookie file with a random cookie for the localhost.  The
- * file name will be stored in `xauthfile' (but not larger than
- * `xauthfile_size'), and the cookie returned in `cookie', `cookie_sz'.
- * Return 0 if succesful, or errno.
- */
-
-int
-create_and_write_cookie (char *xauthfile,
-			 size_t xauthfile_size,
-			 u_char *cookie,
-			 size_t cookie_sz)
-{
-     Xauth auth;
-     char tmp[64];
-     int fd;
-     FILE *f;
-     char hostname[MaxHostNameLen];
-     struct in_addr loopback;
-     int saved_errno;
-
-     gethostname (hostname, sizeof(hostname));
-     loopback.s_addr = htonl(INADDR_LOOPBACK);
-     
-     auth.family = FamilyLocal;
-     auth.address = hostname;
-     auth.address_length = strlen(auth.address);
-     snprintf (tmp, sizeof(tmp), "%d", display_num);
-     auth.number_length = strlen(tmp);
-     auth.number = tmp;
-     auth.name = COOKIE_TYPE;
-     auth.name_length = strlen(auth.name);
-     auth.data_length = cookie_sz;
-     auth.data = (char*)cookie;
-#ifdef KRB5
-     krb5_generate_random_block (cookie, cookie_sz);
-#else
-     krb_generate_random_block (cookie, cookie_sz);
-#endif
-
-     strlcpy(xauthfile, "/tmp/AXXXXXX", xauthfile_size);
-     fd = mkstemp(xauthfile);
-     if(fd < 0) {
-	 saved_errno = errno;
-	 syslog(LOG_ERR, "create_and_write_cookie: mkstemp: %m");
-         return saved_errno;
-     }
-     f = fdopen(fd, "r+");
-     if(f == NULL){
-	 saved_errno = errno;
-	 close(fd);
-	 return errno;
-     }
-     if(XauWriteAuth(f, &auth) == 0) {
-	 saved_errno = errno;
-	 fclose(f);
-	 return saved_errno;
-     }
-
-     /*
-      * I would like to write a cookie for localhost:n here, but some
-      * stupid code in libX11 will not look for cookies of that type,
-      * so we are forced to use FamilyWild instead.
-      */
-
-     auth.family  = FamilyWild;
-     auth.address_length = 0;
-
-#if 0 /* XXX */
-     auth.address = (char *)&loopback;
-     auth.address_length = sizeof(loopback);
-#endif
-
-     if (XauWriteAuth(f, &auth) == 0) {
-	 saved_errno = errno;
-	 fclose (f);
-	 return saved_errno;
-     }
-
-     if(fclose(f))
-	 return errno;
-     return 0;
-}
-
-/*
- * Verify and remove cookies.  Read and parse a X-connection from
- * `fd'. Check the cookie used is the same as in `cookie'.  Remove the
- * cookie and copy the rest of it to `sock'.
- * Expect cookies iff cookiesp.
- * Return 0 iff ok.
- *
- * The protocol is as follows:
- *
- * C->S:	[Bl]				1
- *		unused				1
- *		protocol major version		2
- *		protocol minor version		2
- *		length of auth protocol name(n)	2
- *		length of auth protocol data	2
- *		unused				2
- *		authorization protocol name	n
- *		pad				pad(n)
- *		authorization protocol data	d
- *		pad				pad(d)
- *
- * S->C:	Failed
- *		0				1
- *		length of reason		1
- *		protocol major version		2
- *		protocol minor version		2
- *		length in 4 bytes unit of
- *		additional data (n+p)/4		2
- *		reason				n
- *		unused				p = pad(n)
- */
-
-int
-verify_and_remove_cookies (int fd, int sock, int cookiesp)
-{
-     u_char beg[12];
-     int bigendianp;
-     unsigned n, d, npad, dpad;
-     char *protocol_name, *protocol_data;
-     u_char zeros[6] = {0, 0, 0, 0, 0, 0};
-     u_char refused[20] = {0, 10, 
-			   0, 0, /* protocol major version  */
-			   0, 0, /* protocol minor version */
-			   0, 0, /* length of additional data / 4 */
-			   'b', 'a', 'd', ' ', 'c', 'o', 'o', 'k', 'i', 'e',
-			   0, 0};
-
-     if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
-	  return 1;
-     if (net_write (sock, beg, 6) != 6)
-	  return 1;
-     bigendianp = beg[0] == 'B';
-     if (bigendianp) {
-	  n = (beg[6] << 8) | beg[7];
-	  d = (beg[8] << 8) | beg[9];
-     } else {
-	  n = (beg[7] << 8) | beg[6];
-	  d = (beg[9] << 8) | beg[8];
-     }
-     npad = (4 - (n % 4)) % 4;
-     dpad = (4 - (d % 4)) % 4;
-     protocol_name = malloc(n + npad);
-     if (n + npad != 0 && protocol_name == NULL)
-	 return 1;
-     protocol_data = malloc(d + dpad);
-     if (d + dpad != 0 && protocol_data == NULL) {
-	 free (protocol_name);
-	 return 1;
-     }
-     if (net_read (fd, protocol_name, n + npad) != n + npad)
-	 goto fail;
-     if (net_read (fd, protocol_data, d + dpad) != d + dpad)
-	 goto fail;
-     if (cookiesp) {
-	 if (strncmp (protocol_name, COOKIE_TYPE, strlen(COOKIE_TYPE)) != 0)
-	     goto refused;
-	 if (d != cookie_len ||
-	     memcmp (protocol_data, cookie, cookie_len) != 0)
-	     goto refused;
-     }
-     free (protocol_name);
-     free (protocol_data);
-     if (net_write (sock, zeros, 6) != 6)
-	  return 1;
-     return 0;
-refused:
-     refused[2] = beg[2];
-     refused[3] = beg[3];
-     refused[4] = beg[4];
-     refused[5] = beg[5];
-     if (bigendianp)
-	 refused[7] = 3;
-     else
-	 refused[6] = 3;
-
-     net_write (fd, refused, sizeof(refused));
-fail:
-     free (protocol_name);
-     free (protocol_data);
-     return 1;
-}
-
-/* 
- * Return 0 iff `cookie' is compatible with the cookie for the
- * localhost with name given in `ai' (or `hostname') and display
- * number in `disp_nr'.
- */
-
-static int
-match_local_auth (Xauth* auth,
-		  struct addrinfo *ai, const char *hostname, int disp_nr)
-{
-    int auth_disp;
-    char *tmp_disp;
-    struct addrinfo *a;
-    
-    tmp_disp = malloc(auth->number_length + 1);
-    if (tmp_disp == NULL)
-	return -1;
-    memcpy(tmp_disp, auth->number, auth->number_length);
-    tmp_disp[auth->number_length] = '\0';
-    auth_disp = atoi(tmp_disp);
-    free (tmp_disp);
-    if (auth_disp != disp_nr)
-	return 1;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if ((auth->family == FamilyLocal
-	     || auth->family == FamilyWild)
-	    && a->ai_canonname != NULL
-	    && strncmp (auth->address,
-			a->ai_canonname,
-			auth->address_length) == 0)
-	    return 0;
-    }
-    if (hostname != NULL
-	&& (auth->family    == FamilyLocal
-	    || auth->family == FamilyWild)
-	&& strncmp (auth->address, hostname, auth->address_length) == 0)
-	return 0;
-    return 1;
-}
-
-/*
- * Find `our' cookie from the cookie file `f' and return it or NULL.
- */
-
-static Xauth*
-find_auth_cookie (FILE *f)
-{
-    Xauth *ret = NULL;
-    char local_hostname[MaxHostNameLen];
-    char *display = getenv("DISPLAY");
-    char d[MaxHostNameLen + 4];
-    char *colon;
-    struct addrinfo *ai;
-    struct addrinfo hints;
-    int disp;
-    int error;
-
-    if(display == NULL)
-	display = ":0";
-    strlcpy(d, display, sizeof(d));
-    display = d;
-    colon = strchr (display, ':');
-    if (colon == NULL)
-	disp = 0;
-    else {
-	*colon = '\0';
-	disp = atoi (colon + 1);
-    }
-    if (strcmp (display, "") == 0
-	|| strncmp (display, "unix", 4) == 0
-	|| strncmp (display, "localhost", 9) == 0) {
-	gethostname (local_hostname, sizeof(local_hostname));
-	display = local_hostname;
-    }
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = AI_CANONNAME;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    error = getaddrinfo (display, NULL, &hints, &ai);
-    if (error)
-	ai = NULL;
-
-    for (; (ret = XauReadAuth (f)) != NULL; XauDisposeAuth(ret)) {
-	if (match_local_auth (ret, ai, display, disp) == 0) {
-	    if (ai != NULL)
-		freeaddrinfo (ai);
-	    return ret;
-	}
-    }
-    if (ai != NULL)
-	freeaddrinfo (ai);
-    return NULL;
-}
-
-/*
- * Get rid of the cookie that we were sent and get the correct one
- * from our own cookie file instead.
- */
-
-int
-replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */
-{
-     u_char beg[12];
-     int bigendianp;
-     unsigned n, d, npad, dpad;
-     FILE *f;
-     u_char zeros[6] = {0, 0, 0, 0, 0, 0};
-
-     if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
-	  return 1;
-     if (net_write (xserver, beg, 6) != 6)
-	  return 1;
-     bigendianp = beg[0] == 'B';
-     if (bigendianp) {
-	  n = (beg[6] << 8) | beg[7];
-	  d = (beg[8] << 8) | beg[9];
-     } else {
-	  n = (beg[7] << 8) | beg[6];
-	  d = (beg[9] << 8) | beg[8];
-     }
-     if (n != 0 || d != 0)
-	  return 1;
-     f = fopen(filename, "r");
-     if (f != NULL) {
-	 Xauth *auth = find_auth_cookie (f);
-	 u_char len[6] = {0, 0, 0, 0, 0, 0};
-	 
-	 fclose (f);
-
-	 if (auth != NULL) {
-	     n = auth->name_length;
-	     d = auth->data_length;
-	 } else {
-	     n = 0;
-	     d = 0;
-	 }
-	 if (bigendianp) {
-	     len[0] = n >> 8;
-	     len[1] = n & 0xFF;
-	     len[2] = d >> 8;
-	     len[3] = d & 0xFF;
-	 } else {
-	     len[0] = n & 0xFF;
-	     len[1] = n >> 8;
-	     len[2] = d & 0xFF;
-	     len[3] = d >> 8;
-	 }
-	 if (net_write (xserver, len, 6) != 6) {
-	     XauDisposeAuth(auth);
-	     return 1;
-	 }
-	 if(n != 0 && net_write (xserver, auth->name, n) != n) {
-	     XauDisposeAuth(auth);
-	     return 1;
-	 }
-	 npad = (4 - (n % 4)) % 4;
-	 if (npad && net_write (xserver, zeros, npad) != npad) {
-	     XauDisposeAuth(auth);
-	     return 1;
-	 }
-	 if (d != 0 && net_write (xserver, auth->data, d) != d) {
-	     XauDisposeAuth(auth);
-	     return 1;
-	 }
-	 XauDisposeAuth(auth);
-	 dpad = (4 - (d % 4)) % 4;
-	 if (dpad && net_write (xserver, zeros, dpad) != dpad)
-	     return 1;
-     } else {
-	 if(net_write(xserver, zeros, 6) != 6)
-	     return 1;
-     }
-     return 0;
-}
-
-/*
- * Some simple controls on the address and corresponding socket
- */
-
-int
-suspicious_address (int sock, struct sockaddr_in addr)
-{
-    char data[40];
-    socklen_t len = sizeof(data);
-
-    return addr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
-#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
-	|| getsockopt (sock, IPPROTO_IP, IP_OPTIONS, data, &len) < 0
-	|| len != 0
-#endif
-    ;
-}
-
-/*
- * This really sucks, but these functions are used and if we're not
- * linking against libkrb they don't exist.  Using the heimdal storage
- * functions will not work either cause we do not always link with
- * libkrb5 either.
- */
-
-#ifndef KRB4
-
-int
-krb_get_int(void *f, u_int32_t *to, int size, int lsb)
-{
-    int i;
-    unsigned char *from = (unsigned char *)f;
-
-    *to = 0;
-    if(lsb){
-	for(i = size-1; i >= 0; i--)
-	    *to = (*to << 8) | from[i];
-    }else{
-	for(i = 0; i < size; i++)
-	    *to = (*to << 8) | from[i];
-    }
-    return size;
-}
-
-int
-krb_put_int(u_int32_t from, void *to, size_t rem, int size)
-{
-    int i;
-    unsigned char *p = (unsigned char *)to;
-
-    if (rem < size)
-	return -1;
-
-    for(i = size - 1; i >= 0; i--){
-	p[i] = from & 0xff;
-	from >>= 8;
-    }
-    return size;
-}
-
-#endif /* !KRB4 */
diff --git a/crypto/heimdal/appl/kx/context.c b/crypto/heimdal/appl/kx/context.c
deleted file mode 100644
index bbc8da95e875..000000000000
--- a/crypto/heimdal/appl/kx/context.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kx.h"
-
-RCSID("$Id: context.c,v 1.4 1999/12/02 16:58:32 joda Exp $");
-
-/*
- * Set the common part of the context `kc'
- */
-
-void
-context_set (kx_context *kc, const char *host, const char *user, int port,
-	     int debug_flag, int keepalive_flag, int tcp_flag)
-{
-    kc->host		= host;
-    kc->user		= user;
-    kc->port		= port;
-    kc->debug_flag	= debug_flag;
-    kc->keepalive_flag	= keepalive_flag;
-    kc->tcp_flag	= tcp_flag;
-}
-
-/*
- * dispatch functions
- */
-
-void
-context_destroy (kx_context *kc)
-{
-    (*kc->destroy)(kc);
-}
-
-int
-context_authenticate (kx_context *kc, int s)
-{
-    return (*kc->authenticate)(kc, s);
-}
-
-int
-context_userok (kx_context *kc, char *user)
-{
-    return (*kc->userok)(kc, user);
-}
-
-ssize_t
-kx_read (kx_context *kc, int fd, void *buf, size_t len)
-{
-    return (*kc->read)(kc, fd, buf, len);
-}
-
-ssize_t
-kx_write (kx_context *kc, int fd, const void *buf, size_t len)
-{
-    return (*kc->write)(kc, fd, buf, len);
-}
-
-int
-copy_encrypted (kx_context *kc, int fd1, int fd2)
-{
-    return (*kc->copy_encrypted)(kc, fd1, fd2);
-}
diff --git a/crypto/heimdal/appl/kx/krb4.c b/crypto/heimdal/appl/kx/krb4.c
deleted file mode 100644
index 07852c99b235..000000000000
--- a/crypto/heimdal/appl/kx/krb4.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kx.h"
-
-RCSID("$Id: krb4.c,v 1.8 2000/10/08 13:19:22 assar Exp $");
-
-#ifdef KRB4
-
-struct krb4_kx_context {
-    des_cblock key;
-    des_key_schedule schedule;
-    AUTH_DAT auth;
-};
-
-typedef struct krb4_kx_context krb4_kx_context;
-
-/*
- * Destroy the krb4 context in `c'.
- */
-
-static void
-krb4_destroy (kx_context *c)
-{
-    memset (c->data, 0, sizeof(krb4_kx_context));
-    free (c->data);
-}
-
-/*
- * Read the authentication information from `s' and return 0 if
- * succesful, else -1.
- */
-
-static int
-krb4_authenticate (kx_context *kc, int s)
-{
-    CREDENTIALS cred;
-    KTEXT_ST text;
-    MSG_DAT msg;
-    int status;
-    krb4_kx_context *c = (krb4_kx_context *)kc->data;
-    const char *host = kc->host;
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-    if (krb_get_config_bool("nat_in_use")) {
-	struct in_addr natAddr;
-
-	if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host),
-				     &natAddr) == KSUCCESS
-	    || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
-	    kc->thisaddr.sin_addr = natAddr;
-    }
-#endif
-
-    status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
-			   (char *)host, krb_realmofhost (host),
-			   getpid(), &msg, &cred, c->schedule,
-			   &kc->thisaddr, &kc->thataddr, KX_VERSION);
-    if (status != KSUCCESS) {
-	warnx ("%s: %s\n", host, krb_get_err_text(status));
-	return -1;
-    }
-    memcpy (c->key, cred.session, sizeof(des_cblock));
-    return 0;
-}
-
-/*
- * Read a krb4 priv packet from `fd' into `buf' (of size `len').
- * Return the number of bytes read or 0 on EOF or -1 on error.
- */
-
-static ssize_t
-krb4_read (kx_context *kc,
-	   int fd, void *buf, size_t len)
-{
-    unsigned char tmp[4];
-    ssize_t ret;
-    size_t l;
-    int status;
-    krb4_kx_context *c = (krb4_kx_context *)kc->data;
-    MSG_DAT msg;
-
-    ret = krb_net_read (fd, tmp, 4);
-    if (ret == 0)
-	return ret;
-    if (ret != 4)
-	return -1;
-    l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
-    if (l > len)
-	return -1;
-    if (krb_net_read (fd, buf, l) != l)
-	return -1;
-    status = krb_rd_priv (buf, l, c->schedule, &c->key,
-			  &kc->thataddr, &kc->thisaddr, &msg);
-    if (status != RD_AP_OK) {
-	warnx ("krb4_read: %s", krb_get_err_text(status));
-	return -1;
-    }
-    memmove (buf, msg.app_data, msg.app_length);
-    return msg.app_length;
-}
-
-/*
- * Write a krb4 priv packet on `fd' with the data in `buf, len'.
- * Return len or -1 on error
- */
-
-static ssize_t
-krb4_write(kx_context *kc,
-	   int fd, const void *buf, size_t len)
-{
-    void *outbuf;
-    krb4_kx_context *c = (krb4_kx_context *)kc->data;
-    int outlen;
-    unsigned char tmp[4];
-
-    outbuf = malloc (len + 30);
-    if (outbuf == NULL)
-	return -1;
-    outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key,
-			  &kc->thisaddr, &kc->thataddr);
-    if (outlen < 0) {
-	free (outbuf);
-	return -1;
-    }
-    tmp[0] = (outlen >> 24) & 0xFF;
-    tmp[1] = (outlen >> 16) & 0xFF;
-    tmp[2] = (outlen >>  8) & 0xFF;
-    tmp[3] = (outlen >>  0) & 0xFF;
-
-    if (krb_net_write (fd, tmp, 4) != 4 ||
-	krb_net_write (fd, outbuf, outlen) != outlen) {
-	free (outbuf);
-	return -1;
-    }
-    free (outbuf);
-    return len;
-}
-
-/*
- * Copy data from `fd1' to `fd2', {en,de}crypting with cfb64
- * with `mode' and state stored in `iv', `schedule', and `num'.
- * Return -1 if error, 0 if eof, else 1
- */
-
-static int
-do_enccopy (int fd1, int fd2, int mode, des_cblock *iv,
-	    des_key_schedule schedule, int *num)
-{
-     int ret;
-     u_char buf[BUFSIZ];
-
-     ret = read (fd1, buf, sizeof(buf));
-     if (ret == 0)
-	  return 0;
-     if (ret < 0) {
-	 warn ("read");
-	 return ret;
-     }
-#ifndef NOENCRYPTION
-     des_cfb64_encrypt (buf, buf, ret, schedule, iv,
-			num, mode);
-#endif
-     ret = krb_net_write (fd2, buf, ret);
-     if (ret < 0) {
-	 warn ("write");
-	 return ret;
-     }
-     return 1;
-}
-
-/*
- * Copy data between fd1 and fd2, encrypting one way and decrypting
- * the other.
- */
-
-static int
-krb4_copy_encrypted (kx_context *kc,
-		     int fd1, int fd2)
-{
-    krb4_kx_context *c = (krb4_kx_context *)kc->data;
-    des_cblock iv1, iv2;
-    int num1 = 0, num2 = 0;
-
-    memcpy (iv1, c->key, sizeof(iv1));
-    memcpy (iv2, c->key, sizeof(iv2));
-    for (;;) {
-	fd_set fdset;
-	int ret;
-
-	if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
-	    warnx ("fd too large");
-	    return 1;
-	}
-
-	FD_ZERO(&fdset);
-	FD_SET(fd1, &fdset);
-	FD_SET(fd2, &fdset);
-
-	ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
-	if (ret < 0 && errno != EINTR) {
-	    warn ("select");
-	    return 1;
-	}
-	if (FD_ISSET(fd1, &fdset)) {
-	    ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, c->schedule, &num1);
-	    if (ret <= 0)
-		return ret;
-	}
-	if (FD_ISSET(fd2, &fdset)) {
-	    ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, c->schedule, &num2);
-	    if (ret <= 0)
-		return ret;
-	}
-    }
-}
-
-/*
- * Return 0 if the user authenticated on `kc' is allowed to login as
- * `user'.
- */
-
-static int
-krb4_userok (kx_context *kc, char *user)
-{
-    krb4_kx_context *c = (krb4_kx_context *)kc->data;
-    char *tmp;
-
-    tmp = krb_unparse_name_long (c->auth.pname,
-				 c->auth.pinst,
-				 c->auth.prealm);
-    kc->user = strdup (tmp);
-    if (kc->user == NULL)
-	err (1, "malloc");
-
-
-    return kuserok (&c->auth, user);
-}
-
-/*
- * Create an instance of an krb4 context.
- */
-
-void
-krb4_make_context (kx_context *kc)
-{
-    kc->authenticate	= krb4_authenticate;
-    kc->userok		= krb4_userok;
-    kc->read		= krb4_read;
-    kc->write		= krb4_write;
-    kc->copy_encrypted	= krb4_copy_encrypted;
-    kc->destroy		= krb4_destroy;
-    kc->user		= NULL;
-    kc->data		= malloc(sizeof(krb4_kx_context));
-
-    if (kc->data == NULL)
-	err (1, "malloc");
-}
-
-/*
- * Receive authentication information on `sock' (first four bytes
- * in `buf').
- */
-
-int
-recv_v4_auth (kx_context *kc, int sock, u_char *buf)
-{
-    int status;
-    KTEXT_ST ticket;
-    char instance[INST_SZ + 1];
-    char version[KRB_SENDAUTH_VLEN + 1];
-    krb4_kx_context *c;
-    AUTH_DAT auth;
-    des_key_schedule schedule;
-
-    if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
-	return -1;
-    if (net_read (sock, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
-	KRB_SENDAUTH_VLEN - 4) {
-	syslog (LOG_ERR, "read: %m");
-	exit (1);
-    }
-    if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) {
-	syslog (LOG_ERR, "unrecognized auth protocol: %.8s", buf);
-	exit (1);
-    }
-
-    k_getsockinst (sock, instance, sizeof(instance));
-    status = krb_recvauth (KOPT_IGNORE_PROTOCOL | KOPT_DO_MUTUAL,
-			   sock,
-			   &ticket,
-			   "rcmd",
-			   instance,
-			   &kc->thataddr,
-			   &kc->thisaddr,
-			   &auth,
-			   "",
-			   schedule,
-			   version);
-    if (status != KSUCCESS) {
-	syslog (LOG_ERR, "krb_recvauth: %s", krb_get_err_text(status));
-	exit (1);
-    }
-    if (strncmp (version, KX_VERSION, KRB_SENDAUTH_VLEN) != 0) {
-	 /* Try to be nice to old kx's */
-	 if (strncmp (version, KX_OLD_VERSION, KRB_SENDAUTH_VLEN) == 0) {
-	     char *old_errmsg = "\001Old version of kx. Please upgrade.";
-	     char user[64];
-
-	     syslog (LOG_ERR, "Old version client (%s)", version);
-
-	     krb_net_read (sock, user, sizeof(user));
-	     krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1);
-	     exit (1);
-	 } else {
-	     syslog (LOG_ERR, "bad version: %s", version);
-	     exit (1);
-	 }
-    }
-
-    krb4_make_context (kc);
-    c = (krb4_kx_context *)kc->data;
-
-    c->auth     = auth;
-    memcpy (c->key, &auth.session, sizeof(des_cblock));
-    memcpy (c->schedule, schedule, sizeof(schedule));
-
-    return 0;
-}
-
-#endif /* KRB4 */
diff --git a/crypto/heimdal/appl/kx/krb5.c b/crypto/heimdal/appl/kx/krb5.c
deleted file mode 100644
index 509bcb27cbf3..000000000000
--- a/crypto/heimdal/appl/kx/krb5.c
+++ /dev/null
@@ -1,419 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kx.h"
-
-RCSID("$Id: krb5.c,v 1.9 2002/05/24 15:13:52 joda Exp $");
-
-#ifdef KRB5
-
-struct krb5_kx_context {
-    krb5_context context;
-    krb5_keyblock *keyblock;
-    krb5_crypto crypto;
-    krb5_principal client;
-};
-
-typedef struct krb5_kx_context krb5_kx_context;
-
-/*
- * Destroy the krb5 context in `c'.
- */
-
-static void
-krb5_destroy (kx_context *c)
-{
-    krb5_kx_context *kc = (krb5_kx_context *)c->data;
-
-    if (kc->keyblock)
-	krb5_free_keyblock (kc->context, kc->keyblock);
-    if (kc->crypto)
-	krb5_crypto_destroy (kc->context, kc->crypto);
-    if (kc->client)
-	krb5_free_principal (kc->context, kc->client);
-    if (kc->context)
-	krb5_free_context (kc->context);
-    free (kc);
-}
-
-/*
- * Read the authentication information from `s' and return 0 if
- * succesful, else -1.
- */
-
-static int
-krb5_authenticate (kx_context *kc, int s)
-{
-    krb5_kx_context *c = (krb5_kx_context *)kc->data;
-    krb5_context context = c->context;
-    krb5_auth_context auth_context = NULL;
-    krb5_error_code ret;
-    krb5_principal server;
-    const char *host = kc->host;
-
-    ret = krb5_sname_to_principal (context,
-				   host, "host", KRB5_NT_SRV_HST, &server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_sname_to_principal: %s", host);
-	return 1;
-    }
-
-    ret = krb5_sendauth (context,
-			 &auth_context,
-			 &s,
-			 KX_VERSION,
-			 NULL,
-			 server,
-			 AP_OPTS_MUTUAL_REQUIRED,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL);
-    if (ret) {
-	if(ret != KRB5_SENDAUTH_BADRESPONSE)
-	    krb5_warn (context, ret, "krb5_sendauth: %s", host);
-	return 1;
-    }
-
-    ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_auth_con_getkey: %s", host);
-	krb5_auth_con_free (context, auth_context);
-	return 1;
-    }
-    
-    ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_crypto_init");
-	krb5_auth_con_free (context, auth_context);
-	return 1;
-    }
-    return 0;
-}
-
-/*
- * Read an encapsulated krb5 packet from `fd' into `buf' (of size
- * `len').  Return the number of bytes read or 0 on EOF or -1 on
- * error.
- */
-
-static ssize_t
-krb5_read (kx_context *kc,
-	   int fd, void *buf, size_t len)
-{
-    krb5_kx_context *c = (krb5_kx_context *)kc->data;
-    krb5_context context = c->context;
-    size_t data_len, outer_len;
-    krb5_error_code ret;
-    unsigned char tmp[4];
-    krb5_data data;
-    int l;
-
-    l = krb5_net_read (context, &fd, tmp, 4);
-    if (l == 0)
-	return l;
-    if (l != 4)
-	return -1;
-    data_len  = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
-    outer_len = krb5_get_wrapped_length (context, c->crypto, data_len);
-    if (outer_len > len)
-	return -1;
-    if (krb5_net_read (context, &fd, buf, outer_len) != outer_len)
-	return -1;
-
-    ret = krb5_decrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
-			buf, outer_len, &data);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_decrypt");
-	return -1;
-    }
-    if (data_len > data.length) {
-	krb5_data_free (&data);
-	return -1;
-    }
-    memmove (buf, data.data, data_len);
-    krb5_data_free (&data);
-    return data_len;
-}
-
-/*
- * Write an encapsulated krb5 packet on `fd' with the data in `buf,
- * len'.  Return len or -1 on error.
- */
-
-static ssize_t
-krb5_write(kx_context *kc,
-	   int fd, const void *buf, size_t len)
-{
-    krb5_kx_context *c = (krb5_kx_context *)kc->data;
-    krb5_context context = c->context;
-    krb5_data data;
-    krb5_error_code ret;
-    unsigned char tmp[4];
-    size_t outlen;
-
-    ret = krb5_encrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
-			(void *)buf, len, &data);
-    if (ret){
-	krb5_warn (context, ret, "krb5_write");
-	return -1;
-    }
-
-    outlen = data.length;
-    tmp[0] = (len >> 24) & 0xFF;
-    tmp[1] = (len >> 16) & 0xFF;
-    tmp[2] = (len >>  8) & 0xFF;
-    tmp[3] = (len >>  0) & 0xFF;
-
-    if (krb5_net_write (context, &fd, tmp, 4) != 4 ||
-	krb5_net_write (context, &fd, data.data, outlen) != outlen) {
-	krb5_data_free (&data);
-	return -1;
-    }
-    krb5_data_free (&data);
-    return len;
-}
-
-/*
- * Copy from the unix socket `from_fd' encrypting to `to_fd'.
- * Return 0, -1 or len.
- */
-
-static int
-copy_out (kx_context *kc, int from_fd, int to_fd)
-{
-    char buf[32768];
-    ssize_t len;
-
-    len = read (from_fd, buf, sizeof(buf));
-    if (len == 0)
-	return 0;
-    if (len < 0) {
-	warn ("read");
-	return len;
-    }
-    return krb5_write (kc, to_fd, buf, len);
-}
-	
-/*
- * Copy from the socket `from_fd' decrypting to `to_fd'.
- * Return 0, -1 or len.
- */
-
-static int
-copy_in (kx_context *kc, int from_fd, int to_fd)
-{
-    krb5_kx_context *c = (krb5_kx_context *)kc->data;
-    char buf[33000];		/* XXX */
-
-    ssize_t len;
-
-    len = krb5_read (kc, from_fd, buf, sizeof(buf));
-    if (len == 0)
-	return 0;
-    if (len < 0) {
-	warn ("krb5_read");
-	return len;
-    }
-
-    return krb5_net_write (c->context, &to_fd, buf, len);
-}
-
-/*
- * Copy data between `fd1' and `fd2', encrypting in one direction and
- * decrypting in the other.
- */
-
-static int
-krb5_copy_encrypted (kx_context *kc, int fd1, int fd2)
-{
-    for (;;) {
-	fd_set fdset;
-	int ret;
-
-	if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
-	    warnx ("fd too large");
-	    return 1;
-	}
-
-	FD_ZERO(&fdset);
-	FD_SET(fd1, &fdset);
-	FD_SET(fd2, &fdset);
-
-	ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
-	if (ret < 0 && errno != EINTR) {
-	    warn ("select");
-	    return 1;
-	}
-	if (FD_ISSET(fd1, &fdset)) {
-	    ret = copy_out (kc, fd1, fd2);
-	    if (ret <= 0)
-		return ret;
-	}
-	if (FD_ISSET(fd2, &fdset)) {
-	    ret = copy_in (kc, fd2, fd1);
-	    if (ret <= 0)
-		return ret;
-	}
-    }
-}
-
-/*
- * Return 0 if the user authenticated on `kc' is allowed to login as
- * `user'.
- */
-
-static int
-krb5_userok (kx_context *kc, char *user)
-{
-    krb5_kx_context *c = (krb5_kx_context *)kc->data;
-    krb5_context context = c->context;
-    krb5_error_code ret;
-    char *tmp;
-
-    ret = krb5_unparse_name (context, c->client, &tmp);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-    kc->user = tmp;
-
-    return !krb5_kuserok (context, c->client, user);
-}
-
-/*
- * Create an instance of an krb5 context.
- */
-
-void
-krb5_make_context (kx_context *kc)
-{
-    krb5_kx_context *c;
-    krb5_error_code ret;
-
-    kc->authenticate	= krb5_authenticate;
-    kc->userok		= krb5_userok;
-    kc->read		= krb5_read;
-    kc->write		= krb5_write;
-    kc->copy_encrypted	= krb5_copy_encrypted;
-    kc->destroy		= krb5_destroy;
-    kc->user		= NULL;
-    kc->data		= malloc(sizeof(krb5_kx_context));
-
-    if (kc->data == NULL)
-	err (1, "malloc");
-    memset (kc->data, 0, sizeof(krb5_kx_context));
-    c = (krb5_kx_context *)kc->data;
-    ret = krb5_init_context (&c->context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-}
-
-/*
- * Receive authentication information on `sock' (first four bytes
- * in `buf').
- */
-
-int
-recv_v5_auth (kx_context *kc, int sock, u_char *buf)
-{
-    u_int32_t len;
-    krb5_error_code ret;
-    krb5_kx_context *c;
-    krb5_context context;
-    krb5_principal server;
-    krb5_auth_context auth_context = NULL;
-    krb5_ticket *ticket;
-
-    if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
-	return 1;
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
-    if (net_read(sock, buf, len) != len) {
-	syslog (LOG_ERR, "read: %m");
-	exit (1);
-    }
-    if (len != sizeof(KRB5_SENDAUTH_VERSION)
-	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) {
-	syslog (LOG_ERR, "bad sendauth version: %.8s", buf);
-	exit (1);
-    }
-
-    krb5_make_context (kc);
-    c = (krb5_kx_context *)kc->data;
-    context = c->context;
-
-    ret = krb5_sock_to_principal (context, sock, "host",
-				  KRB5_NT_SRV_HST, &server);
-    if (ret) {
-	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
-		krb5_get_err_text (context, ret));
-	exit (1);
-    }
-
-    ret = krb5_recvauth (context,
-			 &auth_context,
-			 &sock,
-			 KX_VERSION,
-			 server,
-			 KRB5_RECVAUTH_IGNORE_VERSION,
-			 NULL,
-			 &ticket);
-    krb5_free_principal (context, server);
-    if (ret) {
-	syslog (LOG_ERR, "krb5_sock_to_principal: %s",
-		krb5_get_err_text (context, ret));
-	exit (1);
-    }
-
-    ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
-    if (ret) {
-	syslog (LOG_ERR, "krb5_auth_con_getkey: %s",
-		krb5_get_err_text (context, ret));
-	exit (1);
-    }
-
-    ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
-    if (ret) {
-	syslog (LOG_ERR, "krb5_crypto_init: %s",
-		krb5_get_err_text (context, ret));
-	exit (1);
-    }
-
-    c->client = ticket->client;
-    ticket->client = NULL;
-    krb5_free_ticket (context, ticket);
-
-    return 0;
-}
-
-#endif /* KRB5 */
diff --git a/crypto/heimdal/appl/kx/kx.1 b/crypto/heimdal/appl/kx/kx.1
deleted file mode 100644
index fe621d8267e0..000000000000
--- a/crypto/heimdal/appl/kx/kx.1
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" $Id: kx.1,v 1.7 1997/09/01 15:59:07 assar Exp $
-.\"
-.Dd September 27, 1996
-.Dt KX 1
-.Os KTH-KRB
-.Sh NAME
-.Nm kx
-.Nd
-securely forward X conections
-.Sh SYNOPSIS
-.Ar kx
-.Op Fl l Ar username
-.Op Fl k
-.Op Fl d
-.Op Fl t
-.Op Fl p Ar port
-.Op Fl P
-.Ar host
-.Sh DESCRIPTION
-The
-.Nm
-program forwards a X connection from a remote client to a local screen
-through an authenticated and encrypted stream.  Options supported by
-.Nm kx :
-.Bl -tag -width Ds
-.It Fl l
-Log in on remote the host as user
-.Ar username .
-.It Fl k
-Do not enable keep-alives on the TCP connections.
-.It Fl d
-Do not fork. This is mainly useful for debugging.
-.It Fl t
-Listen not only on a UNIX-domain socket but on a TCP socket as well.
-.It Fl p
-Use the port
-.Ar port .
-.It Fl P
-Force passive mode.
-.El
-.Pp
-This program is used by
-.Nm rxtelnet
-and
-.Nm rxterm
-and you should not need to run it directly.
-.Pp
-It connects to a
-.Nm kxd
-on the host
-.Ar host
-and then will relay the traffic from the remote X clients to the local
-server.  When started, it prints the display and Xauthority-file to be
-used on host
-.Ar host
-and then goes to the background, waiting for connections from the
-remote
-.Nm kxd.
-.Sh SEE ALSO
-.Xr rxtelnet 1 ,
-.Xr rxterm 1 ,
-.Xr kxd 8
diff --git a/crypto/heimdal/appl/kx/kx.c b/crypto/heimdal/appl/kx/kx.c
deleted file mode 100644
index 63e159507a11..000000000000
--- a/crypto/heimdal/appl/kx/kx.c
+++ /dev/null
@@ -1,765 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kx.h"
-
-RCSID("$Id: kx.c,v 1.68 2001/02/20 01:44:45 assar Exp $");
-
-static int nchild;
-static int donep;
-
-/*
- * Signal handler that justs waits for the children when they die.
- */
-
-static RETSIGTYPE
-childhandler (int sig)
-{
-     pid_t pid;
-     int status;
-
-     do { 
-	 pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
-	 if (pid > 0 && (WIFEXITED(status) || WIFSIGNALED(status)))
-	     if (--nchild == 0 && donep)
-		 exit (0);
-     } while(pid > 0);
-     signal (SIGCHLD, childhandler);
-     SIGRETURN(0);
-}
-
-/*
- * Handler for SIGUSR1.
- * This signal means that we should wait until there are no children
- * left and then exit.
- */
-
-static RETSIGTYPE
-usr1handler (int sig)
-{
-    donep = 1;
-
-    SIGRETURN(0);
-}
-
-/*
- * Almost the same as for SIGUSR1, except we should exit immediately
- * if there are no active children.
- */
-
-static RETSIGTYPE
-usr2handler (int sig)
-{
-    donep = 1;
-    if (nchild == 0)
-	exit (0);
-
-    SIGRETURN(0);
-}
-
-/*
- * Establish authenticated connection.  Return socket or -1.
- */
-
-static int
-connect_host (kx_context *kc)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-    socklen_t addrlen;
-    int s;
-    struct sockaddr_storage thisaddr_ss;
-    struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(kc->port));
-
-    error = getaddrinfo (kc->host, portstr, &hints, &ai);
-    if (error) {
-	warnx ("%s: %s", kc->host, gai_strerror(error));
-	return -1;
-    }
-    
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", kc->host);
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	return -1;
-    }
-
-    addrlen = a->ai_addrlen;
-    if (getsockname (s, thisaddr, &addrlen) < 0 ||
-	addrlen != a->ai_addrlen)
-	err(1, "getsockname(%s)", kc->host);
-    memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr));
-    memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr));
-    freeaddrinfo (ai);
-    if ((*kc->authenticate)(kc, s))
-	return -1;
-    return s;
-}
-
-/*
- * Get rid of the cookie that we were sent and get the correct one
- * from our own cookie file instead and then just copy data in both
- * directions.
- */
-
-static int
-passive_session (int xserver, int fd, kx_context *kc)
-{
-    if (replace_cookie (xserver, fd, XauFileName(), 1))
-	return 1;
-    else
-	return copy_encrypted (kc, xserver, fd);
-}
-
-static int
-active_session (int xserver, int fd, kx_context *kc)
-{
-    if (verify_and_remove_cookies (xserver, fd, 1))
-	return 1;
-    else
-	return copy_encrypted (kc, xserver, fd);
-}
-
-/*
- * fork (unless debugp) and print the output that will be used by the
- * script to capture the display, xauth cookie and pid.
- */
-
-static void
-status_output (int debugp)
-{
-    if(debugp)
-	printf ("%u\t%s\t%s\n", (unsigned)getpid(), display, xauthfile);
-    else {
-	pid_t pid;
-	
-	pid = fork();
-	if (pid < 0) {
-	    err(1, "fork");
-	} else if (pid > 0) {
-	    printf ("%u\t%s\t%s\n", (unsigned)pid, display, xauthfile);
-	    exit (0);
-	} else {
-	    fclose(stdout);
-	}
-    }
-}
-
-/*
- * Obtain an authenticated connection on `kc'.  Send a kx message
- * saying we are `kc->user' and want to use passive mode.  Wait for
- * answer on that connection and fork of a child for every new
- * connection we have to make.
- */
-
-static int
-doit_passive (kx_context *kc)
-{
-     int otherside;
-     u_char msg[1024], *p;
-     int len;
-     u_int32_t tmp;
-     const char *host = kc->host;
-
-     otherside = connect_host (kc);
-
-     if (otherside < 0)
-	 return 1;
-#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-     if (kc->keepalive_flag) {
-	 int one = 1;
-
-	 setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
-		     sizeof(one));
-     }
-#endif
-
-     p = msg;
-     *p++ = INIT;
-     len = strlen(kc->user);
-     p += KRB_PUT_INT (len, p, sizeof(msg) - 1, 4);
-     memcpy(p, kc->user, len);
-     p += len;
-     *p++ = PASSIVE | (kc->keepalive_flag ? KEEP_ALIVE : 0);
-     if (kx_write (kc, otherside, msg, p - msg) != p - msg)
-	 err (1, "write to %s", host);
-     len = kx_read (kc, otherside, msg, sizeof(msg));
-     if (len <= 0)
-	 errx (1,
-	       "error reading initial message from %s: "
-	       "this probably means it's using an old version.",
-	       host);
-     p = (u_char *)msg;
-     if (*p == ERROR) {
-	 p++;
-	 p += krb_get_int (p, &tmp, 4, 0);
-	 errx (1, "%s: %.*s", host, (int)tmp, p);
-     } else if (*p != ACK) {
-	 errx (1, "%s: strange msg %d", host, *p);
-     } else
-	 p++;
-     p += krb_get_int (p, &tmp, 4, 0);
-     memcpy(display, p, tmp);
-     display[tmp] = '\0';
-     p += tmp;
-
-     p += krb_get_int (p, &tmp, 4, 0);
-     memcpy(xauthfile, p, tmp);
-     xauthfile[tmp] = '\0';
-     p += tmp;
-
-     status_output (kc->debug_flag);
-     for (;;) {
-	 pid_t child;
-
-	 len = kx_read (kc, otherside, msg, sizeof(msg));
-	 if (len < 0)
-	     err (1, "read from %s", host);
-	 else if (len == 0)
-	     return 0;
-
-	 p = (u_char *)msg;
-	 if (*p == ERROR) {
-	     p++;
-	     p += krb_get_int (p, &tmp, 4, 0);
-	     errx (1, "%s: %.*s", host, (int)tmp, p);
-	 } else if(*p != NEW_CONN) {
-	     errx (1, "%s: strange msg %d", host, *p);
-	 } else {
-	     p++;
-	     p += krb_get_int (p, &tmp, 4, 0);
-	 }
-	 
-	 ++nchild;
-	 child = fork ();
-	 if (child < 0) {
-	     warn("fork");
-	     continue;
-	 } else if (child == 0) {
-	     struct sockaddr_in addr;
-	     int fd;
-	     int xserver;
-
-	     addr = kc->thataddr;
-	     close (otherside);
-
-	     addr.sin_port = htons(tmp);
-	     fd = socket (AF_INET, SOCK_STREAM, 0);
-	     if (fd < 0)
-		 err(1, "socket");
-#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
-	     {
-		 int one = 1;
-
-		 setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
-			     sizeof(one));
-	     }
-#endif
-#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-	     if (kc->keepalive_flag) {
-		 int one = 1;
-
-		 setsockopt (fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
-			     sizeof(one));
-	     }
-#endif
-
-	     if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-		 err(1, "connect(%s)", host);
-	     {
-		 int d = 0;
-		 char *s;
-
-		 s = getenv ("DISPLAY");
-		 if (s != NULL) {
-		     s = strchr (s, ':');
-		     if (s != NULL)
-			 d = atoi (s + 1);
-		 }
-
-		 xserver = connect_local_xsocket (d);
-		 if (xserver < 0)
-		     return 1;
-	     }
-	     return passive_session (xserver, fd, kc);
-	 } else {
-	 }
-     }
-}
-
-/*
- * Allocate a local pseudo-xserver and wait for connections 
- */
-
-static int
-doit_active (kx_context *kc)
-{
-    int otherside;
-    int nsockets;
-    struct x_socket *sockets;
-    u_char msg[1024], *p;
-    int len = strlen(kc->user);
-    int tmp, tmp2;
-    char *s;
-    int i;
-    size_t rem;
-    u_int32_t other_port;
-    int error;
-    const char *host = kc->host;
-
-    otherside = connect_host (kc);
-    if (otherside < 0)
-	return 1;
-#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-    if (kc->keepalive_flag) {
-	int one = 1;
-
-	setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
-		    sizeof(one));
-    }
-#endif
-    p = msg;
-    rem = sizeof(msg);
-    *p++ = INIT;
-    --rem;
-    len = strlen(kc->user);
-    tmp = KRB_PUT_INT (len, p, rem, 4);
-    if (tmp < 0)
-	return 1;
-    p += tmp;
-    rem -= tmp;
-    memcpy(p, kc->user, len);
-    p += len;
-    rem -= len;
-    *p++ = (kc->keepalive_flag ? KEEP_ALIVE : 0);
-    --rem;
-
-    s = getenv("DISPLAY");
-    if (s == NULL || (s = strchr(s, ':')) == NULL) 
-	s = ":0";
-    len = strlen (s);
-    tmp = KRB_PUT_INT (len, p, rem, 4);
-    if (tmp < 0)
-	return 1;
-    rem -= tmp;
-    p += tmp;
-    memcpy (p, s, len);
-    p += len;
-    rem -= len;
-
-    s = getenv("XAUTHORITY");
-    if (s == NULL)
-	s = "";
-    len = strlen (s);
-    tmp = KRB_PUT_INT (len, p, rem, 4);
-    if (tmp < 0)
-	return 1;
-    p += len;
-    rem -= len;
-    memcpy (p, s, len);
-    p += len;
-    rem -= len;
-
-    if (kx_write (kc, otherside, msg, p - msg) != p - msg)
-	err (1, "write to %s", host);
-
-    len = kx_read (kc, otherside, msg, sizeof(msg));
-    if (len < 0)
-	err (1, "read from %s", host);
-    p = (u_char *)msg;
-    if (*p == ERROR) {
-	u_int32_t u32;
-
-	p++;
-	p += krb_get_int (p, &u32, 4, 0);
-	errx (1, "%s: %.*s", host, (int)u32, p);
-    } else if (*p != ACK) {
-	errx (1, "%s: strange msg %d", host, *p);
-    } else
-	p++;
-
-    tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag);
-    if (tmp2 < 0)
-	return 1;
-    display_num = tmp2;
-    if (kc->tcp_flag)
-	snprintf (display, display_size, "localhost:%u", display_num);
-    else
-	snprintf (display, display_size, ":%u", display_num);
-    error = create_and_write_cookie (xauthfile, xauthfile_size,
-				     cookie, cookie_len);
-    if (error) {
-	warnx ("failed creating cookie file: %s", strerror(error));
-	return 1;
-    }
-    status_output (kc->debug_flag);
-    for (;;) {
-	fd_set fdset;
-	pid_t child;
-	int fd, thisfd = -1;
-	socklen_t zero = 0;
-
-	FD_ZERO(&fdset);
-	for (i = 0; i < nsockets; ++i) {
-	    if (sockets[i].fd >= FD_SETSIZE) 
-		errx (1, "fd too large");
-	    FD_SET(sockets[i].fd, &fdset);
-	}
-	if (select(FD_SETSIZE, &fdset, NULL, NULL, NULL) <= 0)
-	    continue;
-	for (i = 0; i < nsockets; ++i)
-	    if (FD_ISSET(sockets[i].fd, &fdset)) {
-		thisfd = sockets[i].fd;
-		break;
-	    }
-	fd = accept (thisfd, NULL, &zero);
-	if (fd < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		err(1, "accept");
-	}
-
-	p = msg;
-	*p++ = NEW_CONN;
-	if (kx_write (kc, otherside, msg, p - msg) != p - msg)
-	    err (1, "write to %s", host);
-	len = kx_read (kc, otherside, msg, sizeof(msg));
-	if (len < 0)
-	    err (1, "read from %s", host);
-	p = (u_char *)msg;
-	if (*p == ERROR) {
-	    u_int32_t val;
-
-	    p++;
-	    p += krb_get_int (p, &val, 4, 0);
-	    errx (1, "%s: %.*s", host, (int)val, p);
-	} else if (*p != NEW_CONN) {
-	    errx (1, "%s: strange msg %d", host, *p);
-	} else {
-	    p++;
-	    p += krb_get_int (p, &other_port, 4, 0);
-	}
-
-	++nchild;
-	child = fork ();
-	if (child < 0) {
-	    warn("fork");
-	    continue;
-	} else if (child == 0) {
-	    int s;
-	    struct sockaddr_in addr;
-
-	    for (i = 0; i < nsockets; ++i)
-		close (sockets[i].fd);
-
-	    addr = kc->thataddr;
-	    close (otherside);
-
-	    addr.sin_port = htons(other_port);
-	    s = socket (AF_INET, SOCK_STREAM, 0);
-	    if (s < 0)
-		err(1, "socket");
-#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
-	    {
-		int one = 1;
-
-		setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
-			    sizeof(one));
-	    }
-#endif
-#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-	    if (kc->keepalive_flag) {
-		int one = 1;
-
-		setsockopt (s, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
-			    sizeof(one));
-	    }
-#endif
-
-	    if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-		err(1, "connect");
-
-	    return active_session (fd, s, kc);
-	} else {
-	    close (fd);
-	}
-    }
-}
-
-/*
- * Should we interpret `disp' as this being a passive call?
- */
-
-static int
-check_for_passive (const char *disp)
-{
-    char local_hostname[MaxHostNameLen];
-
-    gethostname (local_hostname, sizeof(local_hostname));
-
-    return disp != NULL &&
-	(*disp == ':'
-	 || strncmp(disp, "unix", 4) == 0
-	 || strncmp(disp, "localhost", 9) == 0
-	 || strncmp(disp, local_hostname, strlen(local_hostname)) == 0);
-}
-
-/*
- * Set up signal handlers and then call the functions.
- */
-
-static int
-doit (kx_context *kc, int passive_flag)
-{
-    signal (SIGCHLD, childhandler);
-    signal (SIGUSR1, usr1handler);
-    signal (SIGUSR2, usr2handler);
-    if (passive_flag)
-	return doit_passive (kc);
-    else
-	return doit_active  (kc);
-}
-
-#ifdef KRB4
-
-/*
- * Start a v4-authenticatated kx connection.
- */
-
-static int
-doit_v4 (const char *host, int port, const char *user, 
-	 int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
-{
-    int ret;
-    kx_context context;
-
-    krb4_make_context (&context);
-    context_set (&context,
-		 host, user, port, debug_flag, keepalive_flag, tcp_flag);
-
-    ret = doit (&context, passive_flag);
-    context_destroy (&context);
-    return ret;
-}
-#endif /* KRB4 */
-
-#ifdef KRB5
-
-/*
- * Start a v5-authenticatated kx connection.
- */
-
-static int
-doit_v5 (const char *host, int port, const char *user,
-	 int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
-{
-    int ret;
-    kx_context context;
-
-    krb5_make_context (&context);
-    context_set (&context,
-		 host, user, port, debug_flag, keepalive_flag, tcp_flag);
-
-    ret = doit (&context, passive_flag);
-    context_destroy (&context);
-    return ret;
-}
-#endif /* KRB5 */
-
-/*
- * Variables set from the arguments
- */
-
-#ifdef KRB4
-static int use_v4		= -1;
-#ifdef HAVE_KRB_ENABLE_DEBUG
-static int krb_debug_flag	= 0;
-#endif /* HAVE_KRB_ENABLE_DEBUG */
-#endif /* KRB4 */
-#ifdef KRB5
-static int use_v5		= -1;
-#endif
-static char *port_str		= NULL;
-static const char *user		= NULL;
-static int tcp_flag		= 0;
-static int passive_flag		= 0;
-static int keepalive_flag	= 1;
-static int debug_flag		= 0;
-static int version_flag		= 0;
-static int help_flag		= 0;
-
-struct getargs args[] = {
-#ifdef KRB4
-    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
-      NULL },
-#ifdef HAVE_KRB_ENABLE_DEBUG
-    { "krb4-debug", 'D', arg_flag,	&krb_debug_flag,
-      "enable krb4 debugging" },
-#endif /* HAVE_KRB_ENABLE_DEBUG */
-#endif /* KRB4 */
-#ifdef KRB5
-    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
-      NULL },
-#endif
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "number-of-service" },
-    { "user",	'l', arg_string,	&user,		"Run as this user",
-      NULL },
-    { "tcp",	't', arg_flag,		&tcp_flag,
-      "Use a TCP connection for X11" },
-    { "passive", 'P', arg_flag,		&passive_flag,
-      "Force a passive connection" },
-    { "keepalive", 'k', arg_negative_flag, &keepalive_flag,
-      "disable keep-alives" },
-    { "debug",	'd',	arg_flag,	&debug_flag,
-      "Enable debug information" },
-    { "version", 0,  arg_flag,		&version_flag,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&help_flag,	NULL,
-      NULL }
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "host");
-    exit (ret);
-}
-
-/*
- * kx - forward an x-connection over a kerberos-encrypted channel.
- */
-
-int
-main(int argc, char **argv)
-{
-    int port	= 0;
-    int optind	= 0;
-    int ret	= 1;
-    char *host	= NULL;
-
-    setprogname (argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version (NULL);
-	return 0;
-    }
-
-    if (optind != argc - 1)
-	usage (1);
-
-    host = argv[optind];
-
-    if (port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (user == NULL) {
-	user = get_default_username ();
-	if (user == NULL)
-	    errx (1, "who are you?");
-    }
-
-    if (!passive_flag)
-	passive_flag = check_for_passive (getenv("DISPLAY"));
-
-#if defined(HAVE_KERNEL_ENABLE_DEBUG)
-    if (krb_debug_flag)
-	krb_enable_debug ();
-#endif
-
-#if defined(KRB4) && defined(KRB5)
-    if(use_v4 == -1 && use_v5 == 1)
-	use_v4 = 0;
-    if(use_v5 == -1 && use_v4 == 1)
-	use_v5 = 0;
-#endif    
-
-#ifdef KRB5
-    if (ret && use_v5) {
-	if (port == 0)
-	    port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
-	ret = doit_v5 (host, port, user,
-		       passive_flag, debug_flag, keepalive_flag, tcp_flag);
-    }
-#endif
-#ifdef KRB4
-    if (ret && use_v4) {
-	if (port == 0)
-	    port = k_getportbyname("kx", "tcp", htons(KX_PORT));
-	ret = doit_v4 (host, port, user, 
-		       passive_flag, debug_flag, keepalive_flag, tcp_flag);
-    }
-#endif
-    return ret;
-}
diff --git a/crypto/heimdal/appl/kx/kx.cat1 b/crypto/heimdal/appl/kx/kx.cat1
deleted file mode 100644
index d3f34e50e05c..000000000000
--- a/crypto/heimdal/appl/kx/kx.cat1
+++ /dev/null
@@ -1,38 +0,0 @@
-KX(1)                   FreeBSD General Commands Manual                  KX(1)
-
-NNAAMMEE
-     kkxx - securely forward X conections
-
-SSYYNNOOPPSSIISS
-     _k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t
-
-DDEESSCCRRIIPPTTIIOONN
-     The kkxx program forwards a X connection from a remote client to a local
-     screen through an authenticated and encrypted stream.  Options supported
-     by kkxx:
-
-     --ll      Log in on remote the host as user _u_s_e_r_n_a_m_e.
-
-     --kk      Do not enable keep-alives on the TCP connections.
-
-     --dd      Do not fork. This is mainly useful for debugging.
-
-     --tt      Listen not only on a UNIX-domain socket but on a TCP socket as
-             well.
-
-     --pp      Use the port _p_o_r_t.
-
-     --PP      Force passive mode.
-
-     This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to
-     run it directly.
-
-     It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic
-     from the remote X clients to the local server.  When started, it prints
-     the display and Xauthority-file to be used on host _h_o_s_t and then goes to
-     the background, waiting for connections from the remote kkxxdd..
-
-SSEEEE AALLSSOO
-     rxtelnet(1), rxterm(1), kxd(8)
-
-KTH-KRB                       September 27, 1996                       KTH-KRB
diff --git a/crypto/heimdal/appl/kx/kx.h b/crypto/heimdal/appl/kx/kx.h
deleted file mode 100644
index d3214cb779e1..000000000000
--- a/crypto/heimdal/appl/kx/kx.h
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kx.h,v 1.39 2001/09/17 01:59:41 assar Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif /* HAVE_CONFIG_H */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <errno.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#include <X11/X.h>
-#include <X11/Xlib.h>
-#include <X11/Xauth.h>
-
-#ifdef HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif
-#ifdef HAVE_SYS_STROPTS_H
-#include <sys/stropts.h>
-#endif
-
-/* defined by aix's sys/stream.h and again by arpa/nameser.h */
-
-#undef NOERROR
-
-/* as far as we know, this is only used with later versions of Slowlaris */
-#if SunOS >= 50 && defined(HAVE_SYS_STROPTS_H) && defined(HAVE_FATTACH) && defined(I_PUSH)
-#define MAY_HAVE_X11_PIPES
-#endif
-
-#ifdef SOCKS
-#include <socks.h>
-/* This doesn't belong here. */
-struct tm *localtime(const time_t *);
-struct hostent  *gethostbyname(const char *);
-#endif
-
-#ifdef KRB4
-#include <krb.h>
-#include <prot.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-#endif
-
-#include <err.h>
-#include <getarg.h>
-#include <roken.h>
-
-struct x_socket {
-    char *pathname;
-    int fd;
-    enum {
-	LISTENP     = 0x80,
-	TCP         = LISTENP | 1,
-	UNIX_SOCKET = LISTENP | 2,
-	STREAM_PIPE = 3
-    } flags;
-};
-
-extern char x_socket[];
-extern u_int32_t display_num;
-extern char display[];
-extern int display_size;
-extern char xauthfile[];
-extern int xauthfile_size;
-extern u_char cookie[];
-extern size_t cookie_len;
-
-int get_xsockets (int *number, struct x_socket **sockets, int tcpp);
-int chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid);
-
-int connect_local_xsocket (unsigned dnr);
-int create_and_write_cookie (char *xauthfile,
-			     size_t size,
-			     u_char *cookie,
-			     size_t sz);
-int verify_and_remove_cookies (int fd, int sock, int cookiesp);
-int replace_cookie(int xserver, int fd, char *filename, int cookiesp);
-
-int suspicious_address (int sock, struct sockaddr_in addr);
-
-#define KX_PORT 2111
-
-#define KX_OLD_VERSION "KXSERV.1"
-#define KX_VERSION "KXSERV.2"
-
-#define COOKIE_TYPE "MIT-MAGIC-COOKIE-1"
-
-enum { INIT = 0, ACK = 1, NEW_CONN = 2, ERROR = 3 };
-
-enum kx_flags { PASSIVE = 1, KEEP_ALIVE = 2 };
-
-typedef enum kx_flags kx_flags;
-
-struct kx_context {
-    int (*authenticate)(struct kx_context *kc, int s);
-    int (*userok)(struct kx_context *kc, char *user);
-    ssize_t (*read)(struct kx_context *kc,
-		    int fd, void *buf, size_t len);
-    ssize_t (*write)(struct kx_context *kc,
-		     int fd, const void *buf, size_t len);
-    int (*copy_encrypted)(struct kx_context *kc,
-			  int fd1, int fd2);
-    void (*destroy)(struct kx_context *kc);
-    const char *host;
-    const char *user;
-    int port;
-    int debug_flag;
-    int keepalive_flag;
-    int tcp_flag;
-    struct sockaddr_in thisaddr, thataddr;
-    void *data;
-};
-
-typedef struct kx_context kx_context;
-
-void
-context_set (kx_context *kc, const char *host, const char *user, int port,
-	     int debug_flag, int keepalive_flag, int tcp_flag);
-
-void
-context_destroy (kx_context *kc);
-
-int
-context_authenticate (kx_context *kc, int s);
-
-int
-context_userok (kx_context *kc, char *user);
-
-ssize_t
-kx_read (kx_context *kc, int fd, void *buf, size_t len);
-
-ssize_t
-kx_write (kx_context *kc, int fd, const void *buf, size_t len);
-
-int
-copy_encrypted (kx_context *kc, int fd1, int fd2);
-
-#ifdef KRB4
-
-void
-krb4_make_context (kx_context *c);
-
-int
-recv_v4_auth (kx_context *kc, int sock, u_char *buf);
-
-#endif
-
-#ifdef KRB5
-
-void
-krb5_make_context (kx_context *c);
-
-int
-recv_v5_auth (kx_context *kc, int sock, u_char *buf);
-
-#endif
-
-void
-fatal (kx_context *kc, int fd, char *format, ...)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 3, 4)))
-#endif
-;
-
-#ifndef KRB4
-
-int
-krb_get_int(void *f, u_int32_t *to, int size, int lsb);
-
-int
-krb_put_int(u_int32_t from, void *to, size_t rem, int size);
-
-#endif
diff --git a/crypto/heimdal/appl/kx/kxd.8 b/crypto/heimdal/appl/kx/kxd.8
deleted file mode 100644
index 04b7db5f3a54..000000000000
--- a/crypto/heimdal/appl/kx/kxd.8
+++ /dev/null
@@ -1,53 +0,0 @@
-.\" $Id: kxd.8,v 1.5 2001/01/11 16:16:26 assar Exp $
-.\"
-.Dd September 27, 1996
-.Dt KXD 8
-.Os KTH-KRB
-.Sh NAME
-.Nm kxd
-.Nd
-securely forward X conections
-.Sh SYNOPSIS
-.Ar kxd
-.Op Fl t
-.Op Fl i
-.Op Fl p Ar port
-.Sh DESCRIPTION
-This is the daemon for
-.Nm kx .
-.Pp
-Options supported by
-.Nm kxd :
-.Bl -tag -width Ds
-.It Fl t
-TCP.  Normally
-.Nm kxd
-will only listen for X connections on a UNIX socket, but some machines
-(for example, Cray) have X libraries that are not able to use UNIX
-sockets and thus you need to use TCP to talk to the pseudo-xserver
-created by
-.Nm kxd.
-This option decreases the security significantly and should only be
-used when it is necessary and you have considered the consequences of
-doing so.
-.It Fl i
-Interactive.  Do not expect to be started by
-.Nm inetd,
-but allocate and listen to the socket yourself.  Handy for testing
-and debugging.
-.It Fl p
-Port.  Listen on the port
-.Ar port .
-Only usable with
-.Fl i .
-.El
-.Sh EXAMPLES
-Put the following in
-.Pa /etc/inetd.conf :
-.Bd -literal
-kx	stream	tcp	nowait	root	/usr/athena/libexec/kxd	kxd
-.Ed
-.Sh SEE ALSO
-.Xr kx 1 ,
-.Xr rxtelnet 1 ,
-.Xr rxterm 1
diff --git a/crypto/heimdal/appl/kx/kxd.c b/crypto/heimdal/appl/kx/kxd.c
deleted file mode 100644
index 65f6165da885..000000000000
--- a/crypto/heimdal/appl/kx/kxd.c
+++ /dev/null
@@ -1,754 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kx.h"
-
-RCSID("$Id: kxd.c,v 1.69 2001/02/20 01:44:45 assar Exp $");
-
-static pid_t wait_on_pid = -1;
-static int   done        = 0;
-
-/*
- * Signal handler that justs waits for the children when they die.
- */
-
-static RETSIGTYPE
-childhandler (int sig)
-{
-     pid_t pid;
-     int status;
-
-     do { 
-       pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
-       if (pid > 0 && pid == wait_on_pid)
-	   done = 1;
-     } while(pid > 0);
-     signal (SIGCHLD, childhandler);
-     SIGRETURN(0);
-}
-
-/*
- * Print the error message `format' and `...' on fd and die.
- */
-
-void
-fatal (kx_context *kc, int fd, char *format, ...)
-{
-    u_char msg[1024];
-    u_char *p;
-    va_list args;
-    int len;
-
-    va_start(args, format);
-    p = msg;
-    *p++ = ERROR;
-    vsnprintf ((char *)p + 4, sizeof(msg) - 5, format, args);
-    syslog (LOG_ERR, "%s", (char *)p + 4);
-    len = strlen ((char *)p + 4);
-    p += KRB_PUT_INT (len, p, 4, 4);
-    p += len;
-    kx_write (kc, fd, msg, p - msg);
-    va_end(args);
-    exit (1);
-}
-
-/*
- * Remove all sockets and cookie files.
- */
-
-static void
-cleanup(int nsockets, struct x_socket *sockets)
-{
-    int i;
-
-    if(xauthfile[0])
-	unlink(xauthfile);
-    for (i = 0; i < nsockets; ++i) {
-	if (sockets[i].pathname != NULL) {
-	    unlink (sockets[i].pathname);
-	    free (sockets[i].pathname);
-	}
-    }
-}
-
-/*
- * Prepare to receive a connection on `sock'.
- */
-
-static int
-recv_conn (int sock, kx_context *kc,
-	   int *dispnr, int *nsockets, struct x_socket **sockets,
-	   int tcp_flag)
-{
-     u_char msg[1024], *p;
-     char user[256];
-     socklen_t addrlen;
-     struct passwd *passwd;
-     struct sockaddr_in thisaddr, thataddr;
-     char remotehost[MaxHostNameLen];
-     char remoteaddr[INET6_ADDRSTRLEN];
-     int ret = 1;
-     int flags;
-     int len;
-     u_int32_t tmp32;
-
-     addrlen = sizeof(thisaddr);
-     if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
-	 addrlen != sizeof(thisaddr)) {
-	 syslog (LOG_ERR, "getsockname: %m");
-	 exit (1);
-     }
-     addrlen = sizeof(thataddr);
-     if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
-	 addrlen != sizeof(thataddr)) {
-	 syslog (LOG_ERR, "getpeername: %m");
-	 exit (1);
-     }
-
-     kc->thisaddr = thisaddr;
-     kc->thataddr = thataddr;
-
-     getnameinfo_verified ((struct sockaddr *)&thataddr, addrlen,
-			   remotehost, sizeof(remotehost),
-			   NULL, 0, 0);
-
-     if (net_read (sock, msg, 4) != 4) {
-	 syslog (LOG_ERR, "read: %m");
-	 exit (1);
-     }
-
-#ifdef KRB5
-     if (ret && recv_v5_auth (kc, sock, msg) == 0)
-	 ret = 0;
-#endif
-#ifdef KRB4
-     if (ret && recv_v4_auth (kc, sock, msg) == 0)
-	 ret = 0;
-#endif
-     if (ret) {
-	 syslog (LOG_ERR, "unrecognized auth protocol: %x %x %x %x",
-		 msg[0], msg[1], msg[2], msg[3]);
-	 exit (1);
-     }
-
-     len = kx_read (kc, sock, msg, sizeof(msg));
-     if (len < 0) {
-	 syslog (LOG_ERR, "kx_read failed");
-	 exit (1);
-     }
-     p = (u_char *)msg;
-     if (*p != INIT)
-	 fatal(kc, sock, "Bad message");
-     p++;
-     p += krb_get_int (p, &tmp32, 4, 0);
-     len = min(sizeof(user), tmp32);
-     memcpy (user, p, len);
-     p += tmp32;
-     user[len] = '\0';
-
-     passwd = k_getpwnam (user);
-     if (passwd == NULL)
-	 fatal (kc, sock, "cannot find uid for %s", user);
-
-     if (context_userok (kc, user) != 0)
-	 fatal (kc, sock, "%s not allowed to login as %s",
-		kc->user, user);
-
-     flags = *p++;
-
-     if (flags & PASSIVE) {
-	 pid_t pid;
-	 int tmp;
-
-	 tmp = get_xsockets (nsockets, sockets, tcp_flag);
-	 if (tmp < 0) {
-	     fatal (kc, sock, "Cannot create X socket(s): %s",
-		    strerror(errno));
-	 }
-	 *dispnr = tmp;
-
-	 if (chown_xsockets (*nsockets, *sockets,
-			    passwd->pw_uid, passwd->pw_gid)) {
-	     cleanup (*nsockets, *sockets);
-	     fatal (kc, sock, "Cannot chown sockets: %s",
-		    strerror(errno));
-	 }
-
-	 pid = fork();
-	 if (pid == -1) {
-	     cleanup (*nsockets, *sockets);
-	     fatal (kc, sock, "fork: %s", strerror(errno));
-	 } else if (pid != 0) {
-	     wait_on_pid = pid;
-	     while (!done)
-		 pause ();
-	     cleanup (*nsockets, *sockets);
-	     exit (0);
-	 }
-     }
-
-     if (setgid (passwd->pw_gid) ||
-	 initgroups(passwd->pw_name, passwd->pw_gid) ||
-#ifdef HAVE_GETUDBNAM /* XXX this happens on crays */
-	 setjob(passwd->pw_uid, 0) == -1 ||
-#endif
-	 setuid(passwd->pw_uid)) {
-	 syslog(LOG_ERR, "setting uid/groups: %m");
-	 fatal (kc, sock, "cannot set uid");
-     }
-     inet_ntop (thataddr.sin_family,
-		&thataddr.sin_addr, remoteaddr, sizeof(remoteaddr));
-
-     syslog (LOG_INFO, "from %s(%s): %s -> %s",
-	     remotehost, remoteaddr,
-	     kc->user, user);
-     umask(077);
-     if (!(flags & PASSIVE)) {
-	 p += krb_get_int (p, &tmp32, 4, 0);
-	 len = min(tmp32, display_size);
-	 memcpy (display, p, len);
-	 display[len] = '\0';
-	 p += tmp32;
-	 p += krb_get_int (p, &tmp32, 4, 0);
-	 len = min(tmp32, xauthfile_size);
-	 memcpy (xauthfile, p, len);
-	 xauthfile[len] = '\0';
-	 p += tmp32;
-     }
-#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-     if (flags & KEEP_ALIVE) {
-	 int one = 1;
-
-	 setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
-		     sizeof(one));
-     }
-#endif
-     return flags;
-}
-
-/*
- *
- */
-
-static int
-passive_session (kx_context *kc, int fd, int sock, int cookiesp)
-{
-    if (verify_and_remove_cookies (fd, sock, cookiesp))
-	return 1;
-    else
-	return copy_encrypted (kc, fd, sock);
-}
-
-/*
- *
- */
-
-static int
-active_session (kx_context *kc, int fd, int sock, int cookiesp)
-{
-    fd = connect_local_xsocket(0);
-
-    if (replace_cookie (fd, sock, xauthfile, cookiesp))
-	return 1;
-    else
-	return copy_encrypted (kc, fd, sock);
-}
-
-/*
- * Handle a new connection.
- */
-
-static int
-doit_conn (kx_context *kc,
-	   int fd, int meta_sock, int flags, int cookiesp)
-{
-    int sock, sock2;
-    struct sockaddr_in addr;
-    struct sockaddr_in thisaddr;
-    socklen_t addrlen;
-    u_char msg[1024], *p;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0) {
-	syslog (LOG_ERR, "socket: %m");
-	return 1;
-    }
-#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
-    {
-	int one = 1;
-	setsockopt (sock, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one));
-    }
-#endif
-#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
-     if (flags & KEEP_ALIVE) {
-	 int one = 1;
-
-	 setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
-		     sizeof(one));
-     }
-#endif
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
-	syslog (LOG_ERR, "bind: %m");
-	return 1;
-    }
-    addrlen = sizeof(addr);
-    if (getsockname (sock, (struct sockaddr *)&addr, &addrlen) < 0) {
-	syslog (LOG_ERR, "getsockname: %m");
-	return 1;
-    }
-    if (listen (sock, SOMAXCONN) < 0) {
-	syslog (LOG_ERR, "listen: %m");
-	return 1;
-    }
-    p = msg;
-    *p++ = NEW_CONN;
-    p += KRB_PUT_INT (ntohs(addr.sin_port), p, 4, 4);
-
-    if (kx_write (kc, meta_sock, msg, p - msg) < 0) {
-	syslog (LOG_ERR, "write: %m");
-	return 1;
-    }
-
-    addrlen = sizeof(thisaddr);
-    sock2 = accept (sock, (struct sockaddr *)&thisaddr, &addrlen);
-    if (sock2 < 0) {
-	syslog (LOG_ERR, "accept: %m");
-	return 1;
-    }
-    close (sock);
-    close (meta_sock);
-
-    if (flags & PASSIVE)
-	return passive_session (kc, fd, sock2, cookiesp);
-    else
-	return active_session (kc, fd, sock2, cookiesp);
-}
-
-/*
- *  Is the current user the owner of the console?
- */
-
-static void
-check_user_console (kx_context *kc, int fd)
-{
-     struct stat sb;
-
-     if (stat ("/dev/console", &sb) < 0)
-	 fatal (kc, fd, "Cannot stat /dev/console: %s", strerror(errno));
-     if (getuid() != sb.st_uid)
-	 fatal (kc, fd, "Permission denied");
-}
-
-/* close down the new connection with a reasonable error message */
-static void
-close_connection(int fd, const char *message)
-{
-    char buf[264]; /* max message */
-    char *p;
-    int lsb = 0;
-    size_t mlen;
-
-    mlen = strlen(message);
-    if(mlen > 255)
-	mlen = 255;
-    
-    /* read first part of connection packet, to get byte order */
-    if(read(fd, buf, 6) != 6) {
-	close(fd);
-	return;
-    }
-    if(buf[0] == 0x6c)
-	lsb++;
-    p = buf;
-    *p++ = 0;				/* failed */
-    *p++ = mlen;			/* length of message */
-    p += 4;				/* skip protocol version */
-    p += 2;				/* skip additional length */
-    memcpy(p, message, mlen);		/* copy message */
-    p += mlen;
-    while((p - buf) % 4)		/* pad to multiple of 4 bytes */
-	*p++ = 0;
-	
-    /* now fill in length of additional data */
-    if(lsb) { 
-	buf[6] = (p - buf - 8) / 4;
-	buf[7] = 0;
-    }else{
-	buf[6] = 0;
-	buf[7] = (p - buf - 8) / 4;
-    }
-    write(fd, buf, p - buf);
-    close(fd);
-}
-
-
-/*
- * Handle a passive session on `sock'
- */
-
-static int
-doit_passive (kx_context *kc,
-	      int sock,
-	      int flags,
-	      int dispnr,
-	      int nsockets,
-	      struct x_socket *sockets,
-	      int tcp_flag)
-{
-    int tmp;
-    int len;
-    size_t rem;
-    u_char msg[1024], *p;
-    int error;
-
-    display_num = dispnr;
-    if (tcp_flag)
-	snprintf (display, display_size, "localhost:%u", display_num);
-    else
-	snprintf (display, display_size, ":%u", display_num);
-    error = create_and_write_cookie (xauthfile, xauthfile_size, 
-				     cookie, cookie_len);
-    if (error) {
-	cleanup(nsockets, sockets);
-	fatal (kc, sock, "Cookie-creation failed: %s", strerror(error));
-	return 1;
-    }
-
-    p = msg;
-    rem = sizeof(msg);
-    *p++ = ACK;
-    --rem;
-
-    len = strlen (display);
-    tmp = KRB_PUT_INT (len, p, rem, 4);
-    if (tmp < 0 || rem < len + 4) {
-	syslog (LOG_ERR, "doit: buffer too small");
-	cleanup(nsockets, sockets);
-	return 1;
-    }
-    p += tmp;
-    rem -= tmp;
-
-    memcpy (p, display, len);
-    p += len;
-    rem -= len;
-
-    len = strlen (xauthfile);
-    tmp = KRB_PUT_INT (len, p, rem, 4);
-    if (tmp < 0 || rem < len + 4) {
-	syslog (LOG_ERR, "doit: buffer too small");
-	cleanup(nsockets, sockets);
-	return 1;
-    }
-    p += tmp;
-    rem -= tmp;
-
-    memcpy (p, xauthfile, len);
-    p += len;
-    rem -= len;
-	  
-    if(kx_write (kc, sock, msg, p - msg) < 0) {
-	syslog (LOG_ERR, "write: %m");
-	cleanup(nsockets, sockets);
-	return 1;
-    }
-    for (;;) {
-	pid_t child;
-	int fd = -1;
-	fd_set fds;
-	int i;
-	int ret;
-	int cookiesp = TRUE;
-	       
-	FD_ZERO(&fds);
-	if (sock >= FD_SETSIZE) {
-	    syslog (LOG_ERR, "fd too large");
-	    cleanup(nsockets, sockets);
-	    return 1;
-	}
-
-	FD_SET(sock, &fds);
-	for (i = 0; i < nsockets; ++i) {
-	    if (sockets[i].fd >= FD_SETSIZE) {
-		syslog (LOG_ERR, "fd too large");
-		cleanup(nsockets, sockets);
-		return 1;
-	    }
-	    FD_SET(sockets[i].fd, &fds);
-	}
-	ret = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
-	if(ret <= 0)
-	    continue;
-	if(FD_ISSET(sock, &fds)){
-	    /* there are no processes left on the remote side
-	     */
-	    cleanup(nsockets, sockets);
-	    exit(0);
-	} else if(ret) {
-	    for (i = 0; i < nsockets; ++i) {
-		if (FD_ISSET(sockets[i].fd, &fds)) {
-		    if (sockets[i].flags == TCP) {
-			struct sockaddr_in peer;
-			socklen_t len = sizeof(peer);
-
-			fd = accept (sockets[i].fd,
-				     (struct sockaddr *)&peer,
-				     &len);
-			if (fd < 0 && errno != EINTR)
-			    syslog (LOG_ERR, "accept: %m");
-
-			/* XXX */
-			if (fd >= 0 && suspicious_address (fd, peer)) {
-			    close (fd);
-			    fd = -1;
-			    errno = EINTR;
-			}
-		    } else if(sockets[i].flags == UNIX_SOCKET) {
-			socklen_t zero = 0;
-
-			fd = accept (sockets[i].fd, NULL, &zero);
-
-			if (fd < 0 && errno != EINTR)
-			    syslog (LOG_ERR, "accept: %m");
-#ifdef MAY_HAVE_X11_PIPES
-		    } else if(sockets[i].flags == STREAM_PIPE) {
-			/*
-			 * this code tries to handle the
-			 * send fd-over-pipe stuff for
-			 * solaris
-			 */
-
-			struct strrecvfd strrecvfd;
-
-			ret = ioctl (sockets[i].fd,
-				     I_RECVFD, &strrecvfd);
-			if (ret < 0 && errno != EINTR) {
-			    syslog (LOG_ERR, "ioctl I_RECVFD: %m");
-			}
-
-			/* XXX */
-			if (ret == 0) {
-			    if (strrecvfd.uid != getuid()) {
-				close (strrecvfd.fd);
-				fd = -1;
-				errno = EINTR;
-			    } else {
-				fd = strrecvfd.fd;
-				cookiesp = FALSE;
-			    }
-			}
-#endif /* MAY_HAVE_X11_PIPES */
-		    } else
-			abort ();
-		    break;
-		}
-	    }
-	}
-	if (fd < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return 1;
-	}
-
-	child = fork ();
-	if (child < 0) {
-	    syslog (LOG_ERR, "fork: %m");
-	    if(errno != EAGAIN)
-		return 1;
-	    close_connection(fd, strerror(errno));
-	} else if (child == 0) {
-	    for (i = 0; i < nsockets; ++i)
-		close (sockets[i].fd);
-	    return doit_conn (kc, fd, sock, flags, cookiesp);
-	} else {
-	    close (fd);
-	}
-    }
-}
-
-/*
- * Handle an active session on `sock'
- */
-
-static int
-doit_active (kx_context *kc,
-	     int sock,
-	     int flags,
-	     int tcp_flag)
-{
-    u_char msg[1024], *p;
-
-    check_user_console (kc, sock);
-
-    p = msg;
-    *p++ = ACK;
-	  
-    if(kx_write (kc, sock, msg, p - msg) < 0) {
-	syslog (LOG_ERR, "write: %m");
-	return 1;
-    }
-    for (;;) {
-	pid_t child;
-	int len;
-	      
-	len = kx_read (kc, sock, msg, sizeof(msg));
-	if (len < 0) {
-	    syslog (LOG_ERR, "read: %m");
-	    return 1;
-	}
-	p = (u_char *)msg;
-	if (*p != NEW_CONN) {
-	    syslog (LOG_ERR, "bad_message: %d", *p);
-	    return 1;
-	}
-
-	child = fork ();
-	if (child < 0) {
-	    syslog (LOG_ERR, "fork: %m");
-	    if (errno != EAGAIN)
-		return 1;
-	} else if (child == 0) {
-	    return doit_conn (kc, sock, sock, flags, 1);
-	} else {
-	}
-    }
-}
-
-/*
- * Receive a connection on `sock' and process it.
- */
-
-static int
-doit(int sock, int tcp_flag)
-{
-    int ret;
-    kx_context context;
-    int dispnr;
-    int nsockets;
-    struct x_socket *sockets;
-    int flags;
-
-    flags = recv_conn (sock, &context, &dispnr, &nsockets, &sockets, tcp_flag);
-
-    if (flags & PASSIVE)
-	ret = doit_passive (&context, sock, flags, dispnr,
-			    nsockets, sockets, tcp_flag);
-    else
-	ret = doit_active (&context, sock, flags, tcp_flag);
-    context_destroy (&context);
-    return ret;
-}
-
-static char *port_str		= NULL;
-static int inetd_flag		= 1;
-static int tcp_flag		= 0;
-static int version_flag		= 0;
-static int help_flag		= 0;
-
-struct getargs args[] = {
-    { "inetd",		'i',	arg_negative_flag,	&inetd_flag,
-      "Not started from inetd" },
-    { "tcp",		't',	arg_flag,	&tcp_flag,	"Use TCP" },
-    { "port",		'p',	arg_string,	&port_str,	"Use this port",
-      "port" },
-    { "version",	0, 	arg_flag,		&version_flag },
-    { "help",		0, 	arg_flag,		&help_flag }
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "host");
-    exit (ret);
-}
-
-/*
- * kxd - receive a forwarded X conncection
- */
-
-int
-main (int argc, char **argv)
-{
-    int port;
-    int optind = 0;
-
-    setprogname (argv[0]);
-    roken_openlog ("kxd", LOG_ODELAY | LOG_PID, LOG_DAEMON);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version (NULL);
-	return 0;
-    }
-
-    if(port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    } else {
-#if defined(KRB5)
-	port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
-#elif defined(KRB4)
-	port = k_getportbyname ("kx", "tcp", htons(KX_PORT));
-#else
-#error define KRB4 or KRB5
-#endif
-    }
-
-    if (!inetd_flag)
-	mini_inetd (port);
-
-     signal (SIGCHLD, childhandler);
-     return doit(STDIN_FILENO, tcp_flag);
-}
diff --git a/crypto/heimdal/appl/kx/kxd.cat8 b/crypto/heimdal/appl/kx/kxd.cat8
deleted file mode 100644
index 6235edb2a8a2..000000000000
--- a/crypto/heimdal/appl/kx/kxd.cat8
+++ /dev/null
@@ -1,36 +0,0 @@
-KXD(8)                  FreeBSD System Manager's Manual                 KXD(8)
-
-NNAAMMEE
-     kkxxdd - securely forward X conections
-
-SSYYNNOOPPSSIISS
-     _k_x_d [--tt] [--ii] [--pp _p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
-     This is the daemon for kkxx.
-
-     Options supported by kkxxdd:
-
-     --tt      TCP.  Normally kkxxdd will only listen for X connections on a UNIX
-             socket, but some machines (for example, Cray) have X libraries
-             that are not able to use UNIX sockets and thus you need to use
-             TCP to talk to the pseudo-xserver created by kkxxdd.. This option
-             decreases the security significantly and should only be used when
-             it is necessary and you have considered the consequences of doing
-             so.
-
-     --ii      Interactive.  Do not expect to be started by iinneettdd,, but allocate
-             and listen to the socket yourself.  Handy for testing and debug-
-             ging.
-
-     --pp      Port.  Listen on the port _p_o_r_t.  Only usable with --ii.
-
-EEXXAAMMPPLLEESS
-     Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
-
-     kx      stream  tcp     nowait  root    /usr/athena/libexec/kxd kxd
-
-SSEEEE AALLSSOO
-     kx(1), rxtelnet(1), rxterm(1)
-
-KTH-KRB                       September 27, 1996                       KTH-KRB
diff --git a/crypto/heimdal/appl/kx/rxtelnet.1 b/crypto/heimdal/appl/kx/rxtelnet.1
deleted file mode 100644
index 2d7aec3843aa..000000000000
--- a/crypto/heimdal/appl/kx/rxtelnet.1
+++ /dev/null
@@ -1,94 +0,0 @@
-.\" $Id: rxtelnet.1,v 1.10 2002/08/20 17:07:05 joda Exp $
-.\"
-.Dd September 27, 1996
-.Dt RXTELNET 1
-.Os KTH_KRB
-.Sh NAME
-.Nm rxtelnet
-.Nd
-start a telnet and forward X-connections.
-.Sh SYNOPSIS
-.Nm rxtelnet
-.Op Fl l Ar username
-.Op Fl k
-.Op Fl t Ar telnet_args
-.Op Fl x Ar xterm_args
-.Op Fl K Ar kx_args
-.Op Fl w Ar term_emulator
-.Op Fl b Ar telnet_program
-.Op Fl n
-.Op Fl v
-.Ar host
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-program starts a
-.Nm xterm
-window with a telnet to host
-.Ar host .
-From this window you will also be able to run X clients that will be
-able to connect securily to your X server. If
-.Ar port
-is given, that port will be used instead of the default.
-.Pp
-The supported options are:
-.Bl -tag -width Ds
-.It Fl l
-Log in on the remote host as user
-.Ar username
-.It Fl k
-Disables keep-alives
-.It Fl t
-Send
-.Ar telnet_args
-as arguments to
-.Nm telnet
-.It Fl x
-Send
-.Ar xterm_args
-as arguments to
-.Nm xterm
-.It Fl X
-Send
-.Ar kx_args
-as arguments to
-.Nm kx
-.It Fl w
-Use
-.Ar term_emulator
-instead of xterm.
-.It Fl b
-Use
-.Ar telnet_program
-instead of telnet.
-.It Fl n
-Do not start any terminal emulator.
-.It Fl v
-Be verbose.
-.El
-.Sh EXAMPLE
-To login from host
-.Va foo
-(where your display is)
-to host
-.Va bar ,
-you might do the following.
-.Bl -enum
-.It
-On foo:
-.Nm
-.Va bar
-.It
-You will get a new window with a
-.Nm telnet
-to
-.Va bar .
-In this window you will be able to start X clients.
-.El
-.Sh SEE ALSO
-.Xr kx 1 ,
-.Xr rxterm 1 ,
-.Xr telnet 1 ,
-.Xr tenletxr 1 ,
-.Xr kxd 8
diff --git a/crypto/heimdal/appl/kx/rxtelnet.cat1 b/crypto/heimdal/appl/kx/rxtelnet.cat1
deleted file mode 100644
index 042850ced8bb..000000000000
--- a/crypto/heimdal/appl/kx/rxtelnet.cat1
+++ /dev/null
@@ -1,48 +0,0 @@
-RXTELNET(1)             FreeBSD General Commands Manual            RXTELNET(1)
-
-NNAAMMEE
-     rrxxtteellnneett - start a telnet and forward X-connections.
-
-SSYYNNOOPPSSIISS
-     rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--KK _k_x___a_r_g_s]
-              [--ww _t_e_r_m___e_m_u_l_a_t_o_r] [--bb _t_e_l_n_e_t___p_r_o_g_r_a_m] [--nn] [--vv] _h_o_s_t [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
-     The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t.
-     From this window you will also be able to run X clients that will be able
-     to connect securily to your X server. If _p_o_r_t is given, that port will be
-     used instead of the default.
-
-     The supported options are:
-
-     --ll      Log in on the remote host as user _u_s_e_r_n_a_m_e
-
-     --kk      Disables keep-alives
-
-     --tt      Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett
-
-     --xx      Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
-
-     --XX      Send _k_x___a_r_g_s as arguments to kkxx
-
-     --ww      Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
-
-     --bb      Use _t_e_l_n_e_t___p_r_o_g_r_a_m instead of telnet.
-
-     --nn      Do not start any terminal emulator.
-
-     --vv      Be verbose.
-
-EEXXAAMMPPLLEE
-     To login from host _f_o_o (where your display is) to host _b_a_r, you might do
-     the following.
-
-     1.   On foo: rrxxtteellnneett _b_a_r
-
-     2.   You will get a new window with a tteellnneett to _b_a_r.  In this window you
-          will be able to start X clients.
-
-SSEEEE AALLSSOO
-     kx(1), rxterm(1), telnet(1), tenletxr(1), kxd(8)
-
-KTH_KRB                       September 27, 1996                       KTH_KRB
diff --git a/crypto/heimdal/appl/kx/rxtelnet.in b/crypto/heimdal/appl/kx/rxtelnet.in
deleted file mode 100644
index b4497c74b307..000000000000
--- a/crypto/heimdal/appl/kx/rxtelnet.in
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-# $Id: rxtelnet.in,v 1.29 2002/03/18 17:37:34 joda Exp $
-#
-usage="Usage: $0 [-l username] [-k] [-f] [-t args_to_telnet] [-x args_to_xterm] [-K args_to_kx] [-w term_emulator] [-b telnet_binary] [-n] [-v] [-h | --help] [--version] host [port]"
-binary=telnet
-term=
-kx_args=-P
-while true
-do
-  case $1 in
-  -l) telnet_args="${telnet_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
-  -t) telnet_args="${telnet_args} $2 "; shift 2;;
-  -x) xterm_args="${xterm_args} $2 "; shift 2;;
-  -f) telnet_args="${telnet_args} -f"; shift;;
-  -k) kx_args="${kx_args} -k"; shift;;
-  -K) kx_args="${kx_args} $2 "; shift 2;;
-  -n) term=none; shift;;
-  -w) term=$2; shift 2;;
-  -b) binary=$2; shift 2;;
-  --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
-  -h) echo $usage; exit 0;;
-  --help) echo $usage; exit 0;;
-  -v) set -x; verb=1; shift;;
-  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
-  *) break;;
-  esac
-done
-if test $# -lt 1; then
-  echo $usage
-  exit 1
-fi
-host=$1
-port=$2
-title="${title}${host}"
-bindir=%bindir%
-pdc_trams=`dirname $0`
-PATH=$pdc_trams:$bindir:$PATH
-export PATH
-set -- `kx $kx_args $host`
-if test $# -ne 3; then
-  exit 1
-fi
-screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
-pid=$1
-disp=${2}${screen}
-auth=$3
-oldifs=$IFS
-IFS=:
-set -- $PATH
-IFS=$oldifs
-if test -z "$term"; then
-  for j in xterm dtterm aixterm dxterm hpterm; do
-    for i in $*; do
-      test -n "$i" || i="."
-      if test -x $i/$j; then
-	term=$j; break 2
-      fi
-    done
-  done
-fi
-test "$verb" && echo "Telnet command used is `type $binary`."
-if test -n "$term" -a "$term" != "none"; then
-  ($term -title $title -n $title $xterm_args -e env DISPLAY=$disp XAUTHORITY=$auth $binary -D $telnet_args $host $port; kill -USR2 $pid) &
-else
-  env DISPLAY=$disp XAUTHORITY=$auth $binary -D $telnet_args $host $port
-  kill -USR2 $pid
-fi
diff --git a/crypto/heimdal/appl/kx/rxterm.1 b/crypto/heimdal/appl/kx/rxterm.1
deleted file mode 100644
index 3e62d0d8754e..000000000000
--- a/crypto/heimdal/appl/kx/rxterm.1
+++ /dev/null
@@ -1,90 +0,0 @@
-.\" $Id: rxterm.1,v 1.8 2002/08/20 17:07:06 joda Exp $
-.\"
-.Dd September 27, 1996
-.Dt RXTERM 1
-.Os KTH_KRB
-.Sh NAME
-.Nm rxterm
-.Nd
-start a secure remote xterm
-.Sh SYNOPSIS
-.Nm rxterm
-.Op Fl l Ar username
-.Op Fl k
-.Op Fl r Ar rsh_args
-.Op Fl x Ar xterm_args
-.Op Fl K Ar kx_args
-.Op Fl w Ar term_emulator
-.Op Fl b Ar rsh_program
-.Ar host
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-program starts a
-.Nm xterm
-window on host
-.Ar host .
-From this window you will also be able to run X clients that will be
-able to connect securily to your X server. If
-.Ar port
-is given, that port will be used instead of the default.
-.Pp
-The supported options are:
-.Bl -tag -width Ds
-.It Fl l
-Log in on the remote host as user
-.Ar username
-.It Fl k
-Disable keep-alives
-.It Fl r
-Send
-.Ar rsh_args
-as arguments to
-.Nm rsh
-.It Fl x
-Send
-.Ar xterm_args
-as arguments to
-.Nm xterm
-.It Fl X
-Send
-.Ar kx_args
-as arguments to
-.Nm kx
-.It Fl w
-Use
-.Ar term_emulator
-instead of xterm.
-.It Fl b
-Use
-.Ar rsh_program
-instead of rsh.
-.It Fl v
-Be verbose.
-.El
-.Sh EXAMPLE
-To login from host
-.Va foo
-(where your display is)
-to host
-.Va bar ,
-you might do the following.
-.Bl -enum
-.It
-On foo:
-.Nm
-.Va bar
-.It
-You will get a new window running an
-.Nm xterm
-on host
-.Va bar .
-In this window you will be able to start X clients.
-.El
-.Sh SEE ALSO
-.Xr kx 1 ,
-.Xr rsh 1 ,
-.Xr rxtelnet 1 ,
-.Xr tenletxr 1 ,
-.Xr kxd 8
diff --git a/crypto/heimdal/appl/kx/rxterm.cat1 b/crypto/heimdal/appl/kx/rxterm.cat1
deleted file mode 100644
index 530fba36986b..000000000000
--- a/crypto/heimdal/appl/kx/rxterm.cat1
+++ /dev/null
@@ -1,46 +0,0 @@
-RXTERM(1)               FreeBSD General Commands Manual              RXTERM(1)
-
-NNAAMMEE
-     rrxxtteerrmm - start a secure remote xterm
-
-SSYYNNOOPPSSIISS
-     rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--KK _k_x___a_r_g_s]
-            [--ww _t_e_r_m___e_m_u_l_a_t_o_r] [--bb _r_s_h___p_r_o_g_r_a_m] _h_o_s_t [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
-     The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t.  From this window
-     you will also be able to run X clients that will be able to connect
-     securily to your X server. If _p_o_r_t is given, that port will be used
-     instead of the default.
-
-     The supported options are:
-
-     --ll      Log in on the remote host as user _u_s_e_r_n_a_m_e
-
-     --kk      Disable keep-alives
-
-     --rr      Send _r_s_h___a_r_g_s as arguments to rrsshh
-
-     --xx      Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
-
-     --XX      Send _k_x___a_r_g_s as arguments to kkxx
-
-     --ww      Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
-
-     --bb      Use _r_s_h___p_r_o_g_r_a_m instead of rsh.
-
-     --vv      Be verbose.
-
-EEXXAAMMPPLLEE
-     To login from host _f_o_o (where your display is) to host _b_a_r, you might do
-     the following.
-
-     1.   On foo: rrxxtteerrmm _b_a_r
-
-     2.   You will get a new window running an xxtteerrmm on host _b_a_r.  In this
-          window you will be able to start X clients.
-
-SSEEEE AALLSSOO
-     kx(1), rsh(1), rxtelnet(1), tenletxr(1), kxd(8)
-
-KTH_KRB                       September 27, 1996                       KTH_KRB
diff --git a/crypto/heimdal/appl/kx/rxterm.in b/crypto/heimdal/appl/kx/rxterm.in
deleted file mode 100644
index 9291d21dfaca..000000000000
--- a/crypto/heimdal/appl/kx/rxterm.in
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/sh
-# $Id: rxterm.in,v 1.23 2002/03/18 17:37:34 joda Exp $
-#
-usage="Usage: $0 [-l username] [-k] [-f] [-r rsh_args] [-x xterm_args] [-K kx_args] [-w term_emulator] [-b rsh_binary][-v] [-h | --help] [--version] host"
-binary=rsh
-term=xterm
-while true
-do
-  case $1 in
-  -l) rsh_args="${rsh_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
-  -r) rsh_args="${rsh_args} $2 "; shift 2;;
-  -x) xterm_args="${xterm_args} $2 "; shift 2;;
-  -f) rsh_args="${rsh_args} -f"; shift;;
-  -k) kx_args="${kx_args} -k"; shift;;
-  -K) kx_args="${kx_args} $2 "; shift 2;;
-  -w) term=$2; shift 2;;
-  -b) binary=$2; shift 2;;
-  --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
-  -h) echo $usage; exit 0;;
-  --help) echo $usage; exit 0;;
-  -v) set -x; shift;;
-  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
-  *) break;;
-  esac
-done
-if test $# -lt 1; then
-  echo "Usage: $0 host [arguments to $term]"
-  exit 1
-fi
-host=$1
-title="${title}${host}"
-bindir=%bindir%
-pdc_trams=`dirname $0`
-PATH=$pdc_trams:$bindir:$PATH
-export PATH
-set -- `kx $kx_args $host`
-if test $# -ne 3; then
-  exit 1
-fi
-screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
-pid=$1
-disp=${2}${screen}
-auth=$3
-kill -USR1 $pid
-$binary -n $rsh_args $host "/bin/sh -c 'DISPLAY=$disp XAUTHORITY=$auth $term -T $title -n $title $xterm_args </dev/null >/dev/null 2>/dev/null &'"
diff --git a/crypto/heimdal/appl/kx/tenletxr.1 b/crypto/heimdal/appl/kx/tenletxr.1
deleted file mode 100644
index c9c49cd57ff7..000000000000
--- a/crypto/heimdal/appl/kx/tenletxr.1
+++ /dev/null
@@ -1,61 +0,0 @@
-.\" $Id: tenletxr.1,v 1.4 2002/08/20 17:07:06 joda Exp $
-.\"
-.Dd March 31, 1997
-.Dt TENLETXR 1
-.Os KTH_KRB
-.Sh NAME
-.Nm tenletxr
-.Nd
-forward X-connections backwards.
-.Sh SYNOPSIS
-.Nm tenletxr
-.Op Fl l Ar username
-.Op Fl k
-.Ar host
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-program
-enables forwarding of X-connections from this machine to host
-.Ar host .
-If
-.Ar port
-is given, that port will be used instead of the default.
-.Pp
-The supported options are:
-.Bl -tag -width Ds
-.It Fl l
-Log in on the remote host as user
-.Ar username
-.It Fl k
-Disables keep-alives.
-.El
-.Sh EXAMPLE
-To login from host
-.Va foo
-to host
-.Va bar
-(where your display is),
-you might do the following.
-.Bl -enum
-.It
-On foo:
-.Nm
-.Va bar
-.It
-You will get a new shell where you will be able to start X clients
-that will show their windows on
-.Va bar .
-.El
-.Sh BUGS
-It currently checks if you have permission to run it by checking if
-you own
-.Pa /dev/console
-on the remote host.
-.Sh SEE ALSO
-.Xr kx 1 ,
-.Xr rxtelnet 1 ,
-.Xr rxterm 1 ,
-.Xr telnet 1 ,
-.Xr kxd 8
diff --git a/crypto/heimdal/appl/kx/tenletxr.cat1 b/crypto/heimdal/appl/kx/tenletxr.cat1
deleted file mode 100644
index ba39b38133de..000000000000
--- a/crypto/heimdal/appl/kx/tenletxr.cat1
+++ /dev/null
@@ -1,36 +0,0 @@
-TENLETXR(1)             FreeBSD General Commands Manual            TENLETXR(1)
-
-NNAAMMEE
-     tteennlleettxxrr - forward X-connections backwards.
-
-SSYYNNOOPPSSIISS
-     tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
-     The tteennlleettxxrr program enables forwarding of X-connections from this
-     machine to host _h_o_s_t.  If _p_o_r_t is given, that port will be used instead
-     of the default.
-
-     The supported options are:
-
-     --ll      Log in on the remote host as user _u_s_e_r_n_a_m_e
-
-     --kk      Disables keep-alives.
-
-EEXXAAMMPPLLEE
-     To login from host _f_o_o to host _b_a_r (where your display is), you might do
-     the following.
-
-     1.   On foo: tteennlleettxxrr _b_a_r
-
-     2.   You will get a new shell where you will be able to start X clients
-          that will show their windows on _b_a_r.
-
-BBUUGGSS
-     It currently checks if you have permission to run it by checking if you
-     own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host.
-
-SSEEEE AALLSSOO
-     kx(1), rxtelnet(1), rxterm(1), telnet(1), kxd(8)
-
-KTH_KRB                         March 31, 1997                         KTH_KRB
diff --git a/crypto/heimdal/appl/kx/tenletxr.in b/crypto/heimdal/appl/kx/tenletxr.in
deleted file mode 100644
index 5c05dc9d4c9d..000000000000
--- a/crypto/heimdal/appl/kx/tenletxr.in
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/sh
-# $Id: tenletxr.in,v 1.3 1999/02/04 09:29:59 assar Exp $
-#
-usage="Usage: $0 [-l username] [-k] [-v] [-h | --help] [--version] host [port]"
-while true
-do
-  case $1 in
-  -l) kx_args="${kx_args} -l $2"; shift 2;;
-  -k) kx_args="${kx_args} -k"; shift;;
-  --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
-  -h) echo $usage; exit 0;;
-  --help) echo $usage; exit 0;;
-  -v) set -x; shift;;
-  -*) echo "$0: Bad option $1"; echo $usage; exit 1;;
-  *) break;;
-  esac
-done
-if test $# -lt 1; then
-  echo $usage
-  exit 1
-fi
-host=$1
-port=$2
-bindir=%bindir%
-pdc_trams=`dirname $0`
-PATH=$pdc_trams:$bindir:$PATH
-export PATH
-set -- `kx $kx_args $host`
-if test $# -ne 3; then
-  exit 1
-fi
-screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
-pid=$1
-disp=${2}${screen}
-auth=$3
-env DISPLAY=$disp XAUTHORITY=$auth $SHELL
-kill -USR2 $pid
diff --git a/crypto/heimdal/appl/kx/writeauth.c b/crypto/heimdal/appl/kx/writeauth.c
deleted file mode 100644
index 11dc72dfecbc..000000000000
--- a/crypto/heimdal/appl/kx/writeauth.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/* $XConsortium: AuWrite.c,v 1.6 94/04/17 20:15:45 gildea Exp $ */
-
-/*
-
-Copyright (c) 1988  X Consortium
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
-X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of the X Consortium shall not be
-used in advertising or otherwise to promote the sale, use or other dealings
-in this Software without prior written authorization from the X Consortium.
-
-*/
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: writeauth.c,v 1.4 1999/05/12 17:59:44 assar Exp $");
-#endif
-
-#include <X11/Xauth.h>
-
-static int
-write_short (unsigned short s, FILE *file)
-{
-    unsigned char   file_short[2];
-
-    file_short[0] = (s & (unsigned)0xff00) >> 8;
-    file_short[1] = s & 0xff;
-    if (fwrite (file_short, sizeof (file_short), 1, file) != 1)
-	return 0;
-    return 1;
-}
-
-static int
-write_counted_string (unsigned short count, char *string, FILE *file)
-{
-    if (write_short (count, file) == 0)
-	return 0;
-    if (fwrite (string, (int) sizeof (char), (int) count, file) != count)
-	return 0;
-    return 1;
-}
-
-int
-XauWriteAuth (FILE *auth_file, Xauth *auth)
-{
-    if (write_short (auth->family, auth_file) == 0)
-	return 0;
-    if (write_counted_string (auth->address_length, auth->address, auth_file) == 0)
-	return 0;
-    if (write_counted_string (auth->number_length, auth->number, auth_file) == 0)
-	return 0;
-    if (write_counted_string (auth->name_length, auth->name, auth_file) == 0)
-	return 0;
-    if (write_counted_string (auth->data_length, auth->data, auth_file) == 0)
-	return 0;
-    return 1;
-}
diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog
deleted file mode 100644
index 9fcd5d2eaac0..000000000000
--- a/crypto/heimdal/appl/login/ChangeLog
+++ /dev/null
@@ -1,279 +0,0 @@
-2003-03-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: install man pages
-
-	* login.1: manpage for login
-
-	* login.c: allow "welcome" as well as "motd" in login.conf
-
-	* login.access.5: login.access manual page
-
-2003-03-18  Love H�rnquist �strand <lha@it.su.se>
-	
-	* login.c: also need pag_set
-	* login.c: if there is kerberos 5, call krb5_afslog\*
-	
-2002-08-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: if motd is set in login.conf, output its contents
-	before starting the shell
-
-2002-02-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: reset signals to default, needed on solaris 8
-
-2002-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login_locl.h: include netgroup.h and rpcsvc/ypclnt.h
-
-	* login.c: make this build without krb5
-
-2001-09-22  Assar Westerlund  <assar@sics.se>
-
-	* login_locl.h: kludge: use absolute path to find prot.h so we do
-	not get confused by athena's prot.h
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): add setpcred
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* login.c: move osf2c magic earlier.  from Mark Davies
-	<mark@MCS.VUW.AC.NZ>
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_to4): dereference result from krb5_princ_realm.
-	noted by Thomas Nystrom <thn@saeab.se>
-
-2001-06-04  Assar Westerlund  <assar@sics.se>
-
-	* update copyright messages on Wietse Venema's code.
-
-2001-05-31  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_to4): look for [realms]<realm>krb4_get_tickets to
-	decide whether to get kerberos 4 tickets
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* utmp_login.c, utmpx_login.c: try to write a useful string as
-	host in utmp, using the same algoritm as telnetd
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* login.c: remove some krb5_free_context that might happen at
-	unappropriate times
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): handle krb5_init_context failure consistently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): set the group on the tty.
-	(r_flag): comment out
-	* login.c (krb5_to4): always return a value
-
-2000-10-15  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_to4): check another return code
-
-2000-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c (do_login): set PATH to something sane;
-	(start_logout_process): avoid getting signals sent to the parent
-
-	* login_locl.h: _PATH_DEFPATH
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* login.c (login_timeout): add back
-
-2000-06-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* env.c: new file for environment related functions
-
-	* login.c: move environment stuff to separate file, allow
-	specifying list of environment files via login.conf
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): add otp
-	* login.c: add reading of /etc/environment.  From Ake Sandgren
-	<ake@cs.umu.se>
-	add otp support. From Daniel Kouril <kouril@ics.muni.cz>
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): work-around for setuid and capabilities bug
-	fixed in Linux 2.2.16
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* login.c: allow conversion of v5 -> v4 tickets when logging in
-	with forwarded tickets
-
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* conf.c: remove case for not having cgetent, since it's in roken
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): conditionalize shadow stuff on getspnam
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (login_DEPENDENCIES): remove, it's not entirely
- 	correct and was causing problems with non-GNU make
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* login.c (start_logout_proceess): don't examine `prog' before
- 	setting it.
-
-1999-10-27  Assar Westerlund  <assar@sics.se>
-
-	* login.c (do_login): chown and chmod the tty.  some clean-up.
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_start_session): correct the ccache to
- 	krb524_convert_creds_kdc
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_verify): use krb5_verify_user_lrealm
-
-1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c: SGI capability mumbo-jumbo
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c (start_logout_process): call setproctitle
-
-	* login_locl.h: declare struct spwd
-
-	* login.c: add support for starting extra processes at login and
-	logout; always preserve TERM and TZ
-
-	* conf.c: add configuration file support
-
-1999-08-07  Assar Westerlund  <assar@sics.se>
-
-	* shadow.c (check_shadow): check for a NULL sp
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): move down login incorrect to disallow account
- 	guessing
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* utmpx_login.c (utmpx_login): fix for Solaris.  From Miroslav
- 	Ruda <ruda@ics.muni.cz>
-
-	* login_locl.h: add <shadow.h> and some prototypes
-
-	* login.c: fixes with v4 and shadow support.  From Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-	* shadow.c: new file with functions for handling shadow passwords
-
-	* Makefile.am: add shadow
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): generate a better tty name
-
-1999-05-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* login.c (do_login): set $SHELL
-
-1999-05-18  Assar Westerlund  <assar@sics.se>
-
-	* add login-access
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* login.c: copy the v5 ccache to a file after having done setuid
-
-1999-05-09  Assar Westerlund  <assar@sics.se>
-
-	* login.c (krb5_verify): check seteuid for errors
-	
-Mon Apr 19 22:30:55 1999  Assar Westerlund  <assar@sics.se>
-
-	* login.c: conditionalize the kafs calls on KRB4
-
-	* Makefile.am (LDADD): add kafs
-
-	* login.c: add support for getting afs tokens with v4 and v5
-
-Sun Apr 18 14:12:28 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* login.c: check _PATH_NOLOGIN
-
-	* login_locl.h: _PATH_NOLOGIN
-
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* login.c (main): use print_version
-
-Thu Apr  8 15:03:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* login.c: remove definition of KRB_VERIFY_USER et.al. (moved to
- 	config.h)
-
-	* login_locl.h: include udb.h, sys/resource.h, and sys/category.h
-
-Sat Mar 27 17:58:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: osfc2.c
-
-	* login.c: magic for OSF C2, and Crays
-
-	* login_locl.h: do_osfc2_magic proto
-
-	* osfc2.c: bsd_locl -> login_locl
-
-	* osfc2.c: OSF C2 magic
-
-Tue Mar 23 14:17:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* login_locl.h: _PATH_UTMP
-
-Sun Mar 21 15:02:31 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* login.c: `-h' is host, not help
-
-Sat Mar 20 00:11:13 1999  Assar Westerlund  <assar@sics.se>
-
-	* login_locl.h: krb.h: add
-
-	* login.c: static-size
-	(krb4_verify): add
-
-Thu Mar 18 11:36:10 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar 11 17:53:36 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* utmpx_login.c: add some consts
-
-	* utmp_login.c: add some consts
-
-	* login.c: staticize
-
-	* login_locl.h: add prototypes, and defaults for
- 	_PATH_*
-
-Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
-	* utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
diff --git a/crypto/heimdal/appl/login/Makefile b/crypto/heimdal/appl/login/Makefile
deleted file mode 100644
index 2ebdd9ed1a61..000000000000
--- a/crypto/heimdal/appl/login/Makefile
+++ /dev/null
@@ -1,624 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/login/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.20 2002/08/19 17:00:36 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = login
-
-login_SOURCES = \
-		conf.c				\
-		env.c				\
-		login.c				\
-		login_access.c			\
-		login_locl.h			\
-		login_protos.h			\
-		osfc2.c				\
-		read_string.c			\
-		shadow.c			\
-		stty_default.c			\
-		tty.c				\
-		utmp_login.c			\
-		utmpx_login.c
-
-
-LDADD = $(LIB_otp) \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_security) \
-	$(DBLIB)
-
-subdir = appl/login
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = login$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \
-	login_access.$(OBJEXT) osfc2.$(OBJEXT) read_string.$(OBJEXT) \
-	shadow.$(OBJEXT) stty_default.$(OBJEXT) tty.$(OBJEXT) \
-	utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
-login_OBJECTS = $(am_login_OBJECTS)
-login_LDADD = $(LDADD)
-#login_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-login_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-login_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(login_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(login_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/login/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES) 
-	@rm -f login$(EXEEXT)
-	$(LINK) $(login_LDFLAGS) $(login_OBJECTS) $(login_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(srcdir)/login_protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
-
-$(login_OBJECTS): $(srcdir)/login_protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/login/Makefile.am b/crypto/heimdal/appl/login/Makefile.am
deleted file mode 100644
index 860ce70e5248..000000000000
--- a/crypto/heimdal/appl/login/Makefile.am
+++ /dev/null
@@ -1,39 +0,0 @@
-# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-man_MANS = login.1 login.access.5
-
-bin_PROGRAMS = login
-
-login_SOURCES =					\
-		conf.c				\
-		env.c				\
-		login.c				\
-		login_access.c			\
-		login_locl.h			\
-		login_protos.h			\
-		osfc2.c				\
-		read_string.c			\
-		shadow.c			\
-		stty_default.c			\
-		tty.c				\
-		utmp_login.c			\
-		utmpx_login.c
-
-LDADD = $(LIB_otp) \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_security) \
-	$(DBLIB)
-
-$(srcdir)/login_protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
-
-$(login_OBJECTS): $(srcdir)/login_protos.h
diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in
deleted file mode 100644
index 3030ed1b0adb..000000000000
--- a/crypto/heimdal/appl/login/Makefile.in
+++ /dev/null
@@ -1,706 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = login.1 login.access.5
-
-bin_PROGRAMS = login
-
-login_SOURCES = \
-		conf.c				\
-		env.c				\
-		login.c				\
-		login_access.c			\
-		login_locl.h			\
-		login_protos.h			\
-		osfc2.c				\
-		read_string.c			\
-		shadow.c			\
-		stty_default.c			\
-		tty.c				\
-		utmp_login.c			\
-		utmpx_login.c
-
-
-LDADD = $(LIB_otp) \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(LIB_security) \
-	$(DBLIB)
-
-subdir = appl/login
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = login$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \
-	login_access.$(OBJEXT) osfc2.$(OBJEXT) read_string.$(OBJEXT) \
-	shadow.$(OBJEXT) stty_default.$(OBJEXT) tty.$(OBJEXT) \
-	utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
-login_OBJECTS = $(am_login_OBJECTS)
-login_LDADD = $(LDADD)
-login_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-login_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(login_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(login_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/login/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES) 
-	@rm -f login$(EXEEXT)
-	$(LINK) $(login_LDFLAGS) $(login_OBJECTS) $(login_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man5dir = $(mandir)/man5
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man5dir)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man5dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man5
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man5
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-man1 install-man5 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1 uninstall-man5
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(srcdir)/login_protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
-
-$(login_OBJECTS): $(srcdir)/login_protos.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/login/conf.c b/crypto/heimdal/appl/login/conf.c
deleted file mode 100644
index 85cfc0099d09..000000000000
--- a/crypto/heimdal/appl/login/conf.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "login_locl.h"
-
-RCSID("$Id: conf.c,v 1.3 2000/05/29 16:52:24 assar Exp $");
-
-static char *confbuf;
-
-static int
-login_conf_init(void)
-{
-    char *files[] = { _PATH_LOGIN_CONF, NULL };
-    return cgetent(&confbuf, files, "default");
-}
-
-char *
-login_conf_get_string(const char *str)
-{
-    char *value;
-    if(login_conf_init() != 0)
-	return NULL;
-    if(cgetstr(confbuf, (char *)str, &value) < 0)
-	return NULL;
-    return value;
-}
diff --git a/crypto/heimdal/appl/login/env.c b/crypto/heimdal/appl/login/env.c
deleted file mode 100644
index 57f68b1c9a6c..000000000000
--- a/crypto/heimdal/appl/login/env.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-RCSID("$Id: env.c,v 1.1 2000/06/28 12:27:38 joda Exp $");
-
-/*
- * the environment we will send to execle and the shell.
- */
-
-char **env;
-int num_env;
-
-void
-extend_env(char *str)
-{
-    env = realloc(env, (num_env + 1) * sizeof(*env));
-    if(env == NULL)
-	errx(1, "Out of memory!");
-    env[num_env++] = str;
-}
-
-void
-add_env(const char *var, const char *value)
-{
-    int i;
-    char *str;
-    asprintf(&str, "%s=%s", var, value);
-    if(str == NULL)
-	errx(1, "Out of memory!");
-    for(i = 0; i < num_env; i++)
-	if(strncmp(env[i], var, strlen(var)) == 0 && 
-	   env[i][strlen(var)] == '='){
-	    free(env[i]);
-	    env[i] = str;
-	    return;
-	}
-    
-    extend_env(str);
-}
-
-void
-copy_env(void)
-{
-    char **p;
-    for(p = environ; *p; p++)
-	extend_env(*p);
-}
-
-int
-login_read_env(const char *file)
-{
-    char **newenv;
-    char *p;
-    int i, j;
-    
-    newenv = NULL;
-    i = read_environment(file, &newenv);
-    for (j = 0; j < i; j++) {
-	p = strchr(newenv[j], '=');
-	*p++ = 0;
-	add_env(newenv[j], p);
-	*--p = '=';
-	free(newenv[j]);
-    }
-    free(newenv);
-    return 0;
-}
diff --git a/crypto/heimdal/appl/login/login.1 b/crypto/heimdal/appl/login/login.1
deleted file mode 100644
index b0c9a6ce74e3..000000000000
--- a/crypto/heimdal/appl/login/login.1
+++ /dev/null
@@ -1,226 +0,0 @@
-.\" $Id: login.1,v 1.1 2003/03/24 16:15:12 joda Exp $
-.\" 
-.Dd March 24, 2003
-.Dt LOGIN 1
-.Os HEIMDAL
-.Sh NAME
-.Nm login
-.Nd
-authenticate a user and start new session
-.Sh SYNOPSIS
-.Nm
-.Op Fl fp
-.Op Fl a Ar level
-.Op Fl h Ar hostname
-.Ar [username]
-.Sh DESCRIPTION
-This manual page documents  the 
-.Nm login 
-program distributed with the Heimdal Kerberos 5 implementation, it may
-differ in important ways from your system version.
-.Pp
-The
-.Nm login
-programs logs users into the system. It is intended to be run by
-system daemons like
-.Xr getty 8 
-or
-.Xr telnetd 8 .
-If you are already logged in, but want to change to another user, you
-should use
-.Xr su 1 .
-.Pp
-A username can be given on the command line, else one will be prompted
-for.
-.Pp
-A password is required to login, unless the 
-.Fl f
-option is given (indicating that the calling program has already done
-proper authentication). With
-.Fl f
-the user will be logged in without further questions. 
-.Pp
-For password authentication Kerberos 5, Kerberos 4 (if compiled in),
-OTP (if compiled in) and local
-.No ( Pa /etc/passwd ) 
-passwords are supported. OTP will be used if the the user is
-registered to use it, and
-.Nm login
-is given the option
-.Fl a Li otp .
-When using OTP, a challenge is shown to the user.
-.Pp
-Further options are:
-.Bl -tag -width Ds
-.It Fl a Ar string
-Which authentication mode to use, the only supported value is
-currently
-.Dq otp .
-.It Fl f
-Indicates that the user is already authenticated. This happens, for
-instance, when login is started by telnetd, and the user has proved
-authentic via Kerberos.
-.It Fl h Ar hostname
-Indicates which host the user is logging in from. This is passed from
-telnetd, and is entered into the login database.
-.It Fl p
-This tells
-.Nm login
-to preserve all environment variables. If not given, only the
-.Dv TERM
-and
-.Dv TZ
-variables are preserved. It could be a security risk to pass random
-variables to 
-.Nm login
-or the user shell, so the calling daemon should make sure it only
-passes
-.Dq safe
-variables.
-.El
-.Pp
-The process of logging user in proceeds as follows.
-.Pp
-First a check is made that logins are allowed at all. This usually
-means checking
-.Pa /etc/nologin .
-If it exists, and the user trying to login is not root, the contents
-is printed, and then login exits.
-.Pp
-Then various system parameters are set up, like changing the owner of
-the tty to the user, setting up signals, setting the group list, and
-user and group id. Also various machine specific tasks are performed.
-.Pp
-Next 
-.Nm login
-changes to the users home directory, or if that fails, to 
-.Pa / .
-The environment is setup, by adding some required variables (such as
-.Dv PATH ) , 
-and also authentication related ones (such as
-.Dv KRB5CCNAME ) .
-If an environment file exists
-.No ( Pa /etc/environment ) ,
-variables are set according to
-it.
-.Pp
-If one or more login message files are configured, their contents is
-printed to the terminal.
-.Pp
-If a login time command is configured, it is executed. A logout time
-command can also be configured, which makes 
-.Nm login
-fork, and wait for the user shell to exit, and then run the command.
-This can be used to clean up user credentials.
-.Pp
-Finally, the user's shell is executed. If the user logging in is root,
-and root's login shell does not exist, a default shell (usually 
-.Pa /bin/sh )
-is also tried before giving up.
-.Sh ENVIRONMENT
-These environment variables are set by login (not including ones set by 
-.Pa /etc/environment ) :
-.Pp
-.Bl -tag -compact -width USERXXLOGNAME
-.It Dv PATH
-the default system path
-.It Dv HOME
-the user's home directory (or possibly 
-.Pa / )
-.It Dv USER , Dv LOGNAME
-both set to the username
-.It Dv SHELL
-the user's shell
-.It Dv TERM , Dv TZ
-set to whatever is passed to 
-.Nm login
-.It Dv KRB5CCNAME
-if the password is verified via Kerberos 5, this will point to the
-credentials cache file
-.It Dv KRBTKFILE
-if the password is verified via Kerberos 4, this will point to the
-ticket file
-.El
-.Sh FILES
-.Bl -tag -compact -width Ds
-.It Pa /etc/environment
-Contains a set of environment variables that should be set in addition
-to the ones above. It should contain sh-style assignments like 
-.Dq VARIABLE=value .
-Note that they are not parsed the way a shell would. No variable
-expansion is performed, and all strings are literal, and quotation
-marks should not be used. Everything after a hash mark is considered a
-comment. The following are all different (the last will set the
-variable
-.Dv BAR ,
-not
-.Dv FOO ) .
-.Bd -literal -offset indent
-FOO=this is a string
-FOO="this is a string"
-BAR= FOO='this is a string'
-.Ed
-.It Pa /etc/login.access
-See 
-.Xr login.access 5 .
-.It Pa /etc/login.conf
-This is a termcap style configuration file, that contains various
-settings used by
-.Nm login .
-Currently only the
-.Dq default
-capability record is used. The possible capability strings include:
-.Pp
-.Bl -tag -compact -width Ds
-.It Li environment
-This is a comma separated list of environment files that are read in
-the order specified. If this is missing the default
-.Pa /etc/environment
-is used.
-.It Li login_program
-This program will be executed just before the user's shell is started.
-It will be called without arguments.
-.It Li logout_program
-This program will be executed just after the user's shell has
-terminated. It will be called without arguments. This program will be
-the parent process of the spawned shell.
-.It Li motd
-A comma separated list of text files that will be printed to the
-user's terminal before starting the shell. The string
-.Li welcome
-works similarly, but points to a single file.
-.El
-.It Pa /etc/nologin
-If it exists, login is denied to all but root. The contents of this
-file is printed before login exits.
-.El
-.Pp
-Other
-.Nm login
-programs typically print all sorts of information by default, such as
-last time you logged in, if you have mail, and system message files.
-This version of
-.Nm login
-does not, so there is no reason for 
-.Pa .hushlogin
-files or similar. We feel that these tasks are best left to the user's
-shell, but the 
-.Li login_program
-facility allows for a shell independent solution, if that is desired.
-.Sh EXAMPLES
-A 
-.Pa login.conf
-file could look like:
-.Bd -literal -offset indent
-default:\\
-	:motd=/etc/motd,/etc/motd.local:
-.Ed
-.Sh SEE ALSO
-.Xr su 1 ,
-.Xr login.access 5 ,
-.Xr getty 8 ,
-.Xr telnetd 8
-.Sh AUTHORS
-This login program was written for the Heimdal Kerberos 5
-implementation. The login.access code was written by Wietse Venema.
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/login/login.access.5 b/crypto/heimdal/appl/login/login.access.5
deleted file mode 100644
index be8828c94fb5..000000000000
--- a/crypto/heimdal/appl/login/login.access.5
+++ /dev/null
@@ -1,56 +0,0 @@
-.\" $Id: login.access.5,v 1.1 2003/03/24 15:49:30 joda Exp $
-.\" 
-.Dd March 21, 2003
-.Dt LOGIN.ACCESS 5
-.Os HEIMDAL
-.Sh NAME
-.Nm login.access
-.Nd
-login access control table
-.Sh DESCRIPTION
-The
-.Nm login.access
-file specifies on which ttys or from which hosts certain users are
-allowed to login.
-.Pp
-At login, the
-.Pa /etc/login.access 
-file is checked for the first entry that matches a specific user/host
-or user/tty combination. That entry can either allow or deny login
-access to that user.
-.Pp
-Each entry have three fields separated by colon:
-.Bl -bullet
-.It
-The first field indicates the permission given if the entry matches.
-It can be either
-.Dq +
-(allow access)
-or
-.Dq -
-(deny access) .
-.It
-The second field is a comma separated list of users or groups for
-which the current entry applies. NIS netgroups can used (if
-configured) if preceeded by @. The magic string ALL matches all users.
-A group will match if the user is a member of that group, or it is the
-user's primary group.
-.It
-The third field is a list of ttys, or network names. A network name
-can be either a hostname, a domain (indicated by a starting period),
-or a netgroup. As with the user list, ALL matches anything. LOCAL
-matches a string not containing a period.
-.El
-.Pp
-If the string EXCEPT is found in either the user or from list, the
-rest of the list are exceptions to the list before EXCEPT.
-.Sh BUGS
-If there's a user and a group with the same name, there is no way to
-make the group match if the user also matches.
-.Sh SEE ALSO
-.Xr login 1
-.Sh AUTHORS
-The
-.Fn login_access
-function was written by 
-Wietse Venema. This manual page was written for Heimdal.
diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c
deleted file mode 100644
index ee5be48bf771..000000000000
--- a/crypto/heimdal/appl/login/login.c
+++ /dev/null
@@ -1,860 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-#ifdef HAVE_CAPABILITY_H
-#include <capability.h>
-#endif
-#ifdef HAVE_SYS_CAPABILITY_H
-#include <sys/capability.h>
-#endif
-
-RCSID("$Id: login.c,v 1.59 2003/03/24 15:57:10 joda Exp $");
-
-static int login_timeout = 60;
-
-static int
-start_login_process(void)
-{
-    char *prog, *argv0;
-    prog = login_conf_get_string("login_program");
-    if(prog == NULL)
-	return 0;
-    argv0 = strrchr(prog, '/');
-
-    if(argv0)
-	argv0++;
-    else
-	argv0 = prog;
-
-    return simple_execle(prog, argv0, NULL, env);
-}
-
-static int
-start_logout_process(void)
-{
-    char *prog, *argv0;
-    pid_t pid;
-
-    prog = login_conf_get_string("logout_program");
-    if(prog == NULL)
-	return 0;
-    argv0 = strrchr(prog, '/');
-
-    if(argv0)
-	argv0++;
-    else
-	argv0 = prog;
-
-    pid = fork();
-    if(pid == 0) {
-	/* avoid getting signals sent to the shell */
-	setpgid(0, getpid());
-	return 0;
-    }
-    if(pid == -1)
-	err(1, "fork");
-    /* wait for the real login process to exit */
-#ifdef HAVE_SETPROCTITLE
-    setproctitle("waitpid %d", pid);
-#endif
-    while(1) {
-	int status;
-	int ret;
-	ret = waitpid(pid, &status, 0);
-	if(ret > 0) {
-	    if(WIFEXITED(status) || WIFSIGNALED(status)) {
-		execle(prog, argv0, NULL, env);
-		err(1, "exec %s", prog);
-	    }
-	} else if(ret < 0) 
-	    err(1, "waitpid");
-    }
-}
-
-static void
-exec_shell(const char *shell, int fallback)
-{
-    char *sh;
-    const char *p;
-    
-    extend_env(NULL);
-    if(start_login_process() < 0)
-	warn("login process");
-    start_logout_process();
-
-    p = strrchr(shell, '/');
-    if(p)
-	p++;
-    else
-	p = shell;
-    asprintf(&sh, "-%s", p);
-    execle(shell, sh, NULL, env);
-    if(fallback){
-	warnx("Can't exec %s, trying %s", 
-	      shell, _PATH_BSHELL);
-	execle(_PATH_BSHELL, "-sh", NULL, env);
-	err(1, "%s", _PATH_BSHELL);
-    }
-    err(1, "%s", shell);
-}
-
-static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth;
-
-#ifdef OTP
-static OtpContext otp_ctx;
-
-static int
-otp_verify(struct passwd *pwd, const char *password)
-{
-   return (otp_verify_user (&otp_ctx, password));
-}
-#endif /* OTP */
-
-
-static int pag_set = 0;
-
-#ifdef KRB5
-static krb5_context context;
-static krb5_ccache  id, id2;
-
-static int
-krb5_verify(struct passwd *pwd, const char *password)
-{
-    krb5_error_code ret;
-    krb5_principal princ;
-
-    ret = krb5_parse_name(context, pwd->pw_name, &princ);
-    if(ret)
-	return 1;
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if(ret) {
-	krb5_free_principal(context, princ);
-	return 1;
-    }
-    ret = krb5_verify_user_lrealm(context,
-				  princ, 
-				  id,
-				  password, 
-				  1,
-				  NULL);
-    krb5_free_principal(context, princ);
-    return ret;
-}
-
-#ifdef KRB4
-static krb5_error_code
-krb5_to4 (krb5_ccache id)
-{
-    krb5_error_code ret;
-    krb5_principal princ;
-
-    int get_v4_tgt;
-
-    get_v4_tgt = krb5_config_get_bool(context, NULL,
-				      "libdefaults",
-				      "krb4_get_tickets",
-				      NULL);
-
-    ret = krb5_cc_get_principal(context, id, &princ);
-    if (ret == 0) {
-	get_v4_tgt = krb5_config_get_bool_default(context, NULL,
-						  get_v4_tgt,
-						  "realms",
-						  *krb5_princ_realm(context,
-								    princ),
-						  "krb4_get_tickets",
-						  NULL);
-	krb5_free_principal(context, princ);
-    }
-
-    if (get_v4_tgt) {
-        CREDENTIALS c;
-        krb5_creds mcred, cred;
-        char krb4tkfile[MAXPATHLEN];
-	krb5_error_code ret;
-	krb5_principal princ;
-
-	ret = krb5_cc_get_principal (context, id, &princ);
-	if (ret)
-	    return ret;
-
-	ret = krb5_make_principal(context, &mcred.server,
-				  princ->realm,
-				  "krbtgt",
-				  princ->realm,
-				  NULL);
-	krb5_free_principal (context, princ);
-	if (ret)
-	    return ret;
-
-	ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
-	if(ret == 0) {
-	    ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c);
-	    if(ret == 0) {
-		snprintf(krb4tkfile,sizeof(krb4tkfile),"%s%d",TKT_ROOT,
-			 getuid());
-		krb_set_tkt_string(krb4tkfile);
-		tf_setup(&c, c.pname, c.pinst);
-	    }
-	    memset(&c, 0, sizeof(c));
-	    krb5_free_creds_contents(context, &cred);
-	}
-	krb5_free_principal(context, mcred.server);
-    }
-    return 0;
-}
-#endif /* KRB4 */
-
-static int
-krb5_start_session (const struct passwd *pwd)
-{
-    krb5_error_code ret;
-    char residual[64];
-
-    /* copy credentials to file cache */
-    snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u", 
-	     (unsigned)pwd->pw_uid);
-    krb5_cc_resolve(context, residual, &id2);
-    ret = krb5_cc_copy_cache(context, id, id2);
-    if (ret == 0)
-	add_env("KRB5CCNAME", residual);
-    else {
-	krb5_cc_destroy (context, id2);
-	return ret;
-    }
-#ifdef KRB4
-    krb5_to4 (id2);
-#endif
-    krb5_cc_close(context, id2);
-    krb5_cc_destroy(context, id);
-    return 0;
-}
-
-static void
-krb5_finish (void)
-{
-    krb5_free_context(context);
-}
-
-static void
-krb5_get_afs_tokens (const struct passwd *pwd)
-{
-    char cell[64];
-    char *pw_dir;
-    krb5_error_code ret;
-
-    if (!k_hasafs ())
-	return;
-
-    ret = krb5_cc_default(context, &id2);
- 
-    if (ret == 0) {
-	pw_dir = pwd->pw_dir;
-
-	if (!pag_set) {
-	    k_setpag();
-	    pag_set = 1;
-	}
-
-	if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
-	    krb5_afslog_uid_home (context, id2,
-				  cell, NULL, pwd->pw_uid, pwd->pw_dir);
-	krb5_afslog_uid_home (context, id2, NULL, NULL,
-			      pwd->pw_uid, pwd->pw_dir);
-	krb5_cc_close (context, id2);
-    }
-}
-
-#endif /* KRB5 */
-
-#ifdef KRB4
-
-static int
-krb4_verify(struct passwd *pwd, const char *password)
-{
-    char lrealm[REALM_SZ];
-    int ret;
-    char ticket_file[MaxPathLen];
-
-    ret = krb_get_lrealm (lrealm, 1);
-    if (ret)
-	return 1;
-
-    snprintf (ticket_file, sizeof(ticket_file),
-	      "%s%u_%u",
-	      TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
-
-    krb_set_tkt_string (ticket_file);
-
-    ret = krb_verify_user (pwd->pw_name, "", lrealm, (char *)password,
-			   KRB_VERIFY_SECURE_FAIL, NULL);
-    if (ret)
-	return 1;
-
-    if (chown (ticket_file, pwd->pw_uid, pwd->pw_gid) < 0) {
-	dest_tkt();
-	return 1;
-    }
-	
-    add_env ("KRBTKFILE", ticket_file);
-    return 0;
-}
-
-static void
-krb4_get_afs_tokens (const struct passwd *pwd)
-{
-    char cell[64];
-    char *pw_dir;
-
-    if (!k_hasafs ())
-	return;
-
-    pw_dir = pwd->pw_dir;
-
-    if (!pag_set) {
-	k_setpag();
-	pag_set = 1;
-    }
-
-    if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
-	krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
-
-    krb_afslog_uid_home (NULL, NULL, pwd->pw_uid, pwd->pw_dir);
-}
-
-#endif /* KRB4 */
-
-static int f_flag;
-static int p_flag;
-#if 0
-static int r_flag;
-#endif
-static int version_flag;
-static int help_flag;
-static char *remote_host;
-static char *auth_level = NULL;
-
-struct getargs args[] = {
-    { NULL, 'a', arg_string,    &auth_level,    "authentication mode" },
-#if 0
-    { NULL, 'd' },
-#endif
-    { NULL, 'f', arg_flag,	&f_flag,	"pre-authenticated" },
-    { NULL, 'h', arg_string,	&remote_host,	"remote host", "hostname" },
-    { NULL, 'p', arg_flag,	&p_flag,	"don't purge environment" },
-#if 0
-    { NULL, 'r', arg_flag,	&r_flag,	"rlogin protocol" },
-#endif
-    { "version", 0,  arg_flag,	&version_flag },
-    { "help",	 0,  arg_flag,&help_flag, }
-};
-
-int nargs = sizeof(args) / sizeof(args[0]);
-
-static void
-update_utmp(const char *username, const char *hostname,
-	    char *tty, char *ttyn)
-{
-    /*
-     * Update the utmp files, both BSD and SYSV style.
-     */
-    if (utmpx_login(tty, username, hostname) != 0 && !f_flag) {
-	printf("No utmpx entry.  You must exec \"login\" from the "
-	       "lowest level shell.\n");
-	exit(1);
-    }
-    utmp_login(ttyn, username, hostname);
-}
-
-static void
-checknologin(void)
-{
-    FILE *f;
-    char buf[1024];
-
-    f = fopen(_PATH_NOLOGIN, "r");
-    if(f == NULL)
-	return;
-    while(fgets(buf, sizeof(buf), f))
-	fputs(buf, stdout);
-    fclose(f);
-    exit(0);
-}
-
-/* print contents of a file */
-static void
-show_file(const char *file)
-{
-    FILE *f;
-    char buf[BUFSIZ];
-    if((f = fopen(file, "r")) == NULL)
-	return;
-    while (fgets(buf, sizeof(buf), f))
-	fputs(buf, stdout);
-    fclose(f);
-}
-
-/* 
- * Actually log in the user.  `pwd' contains all the relevant
- * information about the user.  `ttyn' is the complete name of the tty
- * and `tty' the short name.
- */
-
-static void
-do_login(const struct passwd *pwd, char *tty, char *ttyn)
-{
-#ifdef HAVE_GETSPNAM
-    struct spwd *sp;
-#endif
-    int rootlogin = (pwd->pw_uid == 0);
-    gid_t tty_gid;
-    struct group *gr;
-    const char *home_dir;
-    int i;
-
-    if(!rootlogin)
-	checknologin();
-    
-#ifdef HAVE_GETSPNAM
-    sp = getspnam(pwd->pw_name);
-#endif
-
-    update_utmp(pwd->pw_name, remote_host ? remote_host : "",
-		tty, ttyn);
-
-    gr = getgrnam ("tty");
-    if (gr != NULL)
-	tty_gid = gr->gr_gid;
-    else
-	tty_gid = pwd->pw_gid;
-
-    if (chown (ttyn, pwd->pw_uid, tty_gid) < 0) {
-	warn("chown %s", ttyn);
-	if (rootlogin == 0)
-	    exit (1);
-    }
-
-    if (chmod (ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) {
-	warn("chmod %s", ttyn);
-	if (rootlogin == 0)
-	    exit (1);
-    }
-
-#ifdef HAVE_SETLOGIN
-    if(setlogin(pwd->pw_name)){
-	warn("setlogin(%s)", pwd->pw_name);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-#endif
-#ifdef HAVE_SETPCRED
-    if (setpcred (pwd->pw_name, NULL) == -1)
-	warn("setpcred(%s)", pwd->pw_name);
-#endif /* HAVE_SETPCRED */
-#ifdef HAVE_INITGROUPS
-    if(initgroups(pwd->pw_name, pwd->pw_gid)){
-	warn("initgroups(%s, %u)", pwd->pw_name, (unsigned)pwd->pw_gid);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-#endif
-    if(do_osfc2_magic(pwd->pw_uid))
-	exit(1);
-    if(setgid(pwd->pw_gid)){
-	warn("setgid(%u)", (unsigned)pwd->pw_gid);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-    if(setuid(pwd->pw_uid) || (pwd->pw_uid != 0 && setuid(0) == 0)) {
-	warn("setuid(%u)", (unsigned)pwd->pw_uid);
-	if(rootlogin == 0)
-	    exit(1);
-    }
-
-    /* make sure signals are set to default actions, apparently some
-       OS:es like to ignore SIGINT, which is not very convenient */
-    
-    for (i = 1; i < NSIG; ++i)
-	signal(i, SIG_DFL);
-
-    /* all kinds of different magic */
-
-#ifdef HAVE_GETSPNAM
-    check_shadow(pwd, sp);
-#endif
-
-#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
-    {
-	struct udb *udb;
-	long t;
-	const long maxcpu = 46116860184; /* some random constant */
-	udb = getudbnam(pwd->pw_name);
-	if(udb == UDB_NULL)
-	    errx(1, "Failed to get UDB entry.");
-	t = udb->ue_pcpulim[UDBRC_INTER];
-	if(t == 0 || t > maxcpu)
-	    t = CPUUNLIM;
-	else
-	    t *= 100 * CLOCKS_PER_SEC;
-
-	if(limit(C_PROC, 0, L_CPU, t) < 0)
-	    warn("limit C_PROC");
-
-	t = udb->ue_jcpulim[UDBRC_INTER];
-	if(t == 0 || t > maxcpu)
-	    t = CPUUNLIM;
-	else
-	    t *= 100 * CLOCKS_PER_SEC;
-
-	if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
-	    warn("limit C_JOBPROCS");
-
-	nice(udb->ue_nice[UDBRC_INTER]);
-    }
-#endif
-#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC)
-	/* XXX SGI capability hack IRIX 6.x (x >= 0?) has something
-	   called capabilities, that allow you to give away
-	   permissions (such as chown) to specific processes. From 6.5
-	   this is default on, and the default capability set seems to
-	   not always be the empty set. The problem is that the
-	   runtime linker refuses to do just about anything if the
-	   process has *any* capabilities set, so we have to remove
-	   them here (unless otherwise instructed by /etc/capability).
-	   In IRIX < 6.5, these functions was called sgi_cap_setproc,
-	   etc, but we ignore this fact (it works anyway). */
-	{
-	    struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name);
-	    cap_t cap;
-	    if(ucap == NULL)
-		cap = cap_from_text("all=");
-	    else
-		cap = cap_from_text(ucap->ca_default);
-	    if(cap == NULL)
-		err(1, "cap_from_text");
-	    if(cap_set_proc(cap) < 0)
-		err(1, "cap_set_proc");
-	    cap_free(cap);
-	    free(ucap);
-	}
-#endif
-    home_dir = pwd->pw_dir;
-    if (chdir(home_dir) < 0) {
-	fprintf(stderr, "No home directory \"%s\"!\n", pwd->pw_dir);
-	if (chdir("/"))
-	    exit(0);
-	home_dir = "/";
-	fprintf(stderr, "Logging in with home = \"/\".\n");
-    }
-#ifdef KRB5
-    if (auth == AUTH_KRB5) {
-	krb5_start_session (pwd);
-    }
-#ifdef KRB4
-    else if (auth == 0) {
-	krb5_error_code ret;
-	krb5_ccache id;
-
-	ret = krb5_cc_default (context, &id);
-	if (ret == 0) {
-	    krb5_to4 (id);
-	    krb5_cc_close (context, id);
-	}
-    }
-#endif /* KRB4 */
-
-    krb5_get_afs_tokens (pwd);
-
-    krb5_finish ();
-#endif /* KRB5 */
-
-#ifdef KRB4
-    krb4_get_afs_tokens (pwd);
-#endif /* KRB4 */
-
-    add_env("PATH", _PATH_DEFPATH);
-
-    {
-	const char *str = login_conf_get_string("environment");
-	char buf[MAXPATHLEN];
-
-	if(str == NULL) {
-	    login_read_env(_PATH_ETC_ENVIRONMENT);
-	} else {
-	    while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
-		if(buf[0] == '\0')
-		    continue;
-		login_read_env(buf);
-	    }
-	}
-    }
-    {
-	const char *str = login_conf_get_string("motd");
-	char buf[MAXPATHLEN];
-
-	if(str != NULL) {
-	    while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
-		if(buf[0] == '\0')
-		    continue;
-		show_file(buf);
-	    }
-	} else {
-	    str = login_conf_get_string("welcome");
-	    if(str != NULL)
-		show_file(str);
-	}
-    }
-    add_env("HOME", home_dir);
-    add_env("USER", pwd->pw_name);
-    add_env("LOGNAME", pwd->pw_name);
-    add_env("SHELL", pwd->pw_shell);
-    exec_shell(pwd->pw_shell, rootlogin);
-}
-
-static int
-check_password(struct passwd *pwd, const char *password)
-{
-    if(pwd->pw_passwd == NULL)
-	return 1;
-    if(pwd->pw_passwd[0] == '\0'){
-#ifdef ALLOW_NULL_PASSWORD
-	return password[0] != '\0';
-#else
-	return 1;
-#endif
-    }
-    if(strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) == 0)
-	return 0;
-#ifdef KRB5
-    if(krb5_verify(pwd, password) == 0) {
-	auth = AUTH_KRB5;
-	return 0;
-    }
-#endif
-#ifdef KRB4
-    if (krb4_verify (pwd, password) == 0) {
-	auth = AUTH_KRB4;
-	return 0;
-    }
-#endif
-#ifdef OTP
-    if (otp_verify (pwd, password) == 0) {
-       auth = AUTH_OTP;
-       return 0;
-    }
-#endif
-    return 1;
-}
-
-static void
-usage(int status)
-{
-    arg_printusage(args, nargs, NULL, "[username]");
-    exit(status);
-}
-
-static RETSIGTYPE
-sig_handler(int sig)
-{
-    if (sig == SIGALRM)
-         fprintf(stderr, "Login timed out after %d seconds\n",
-                login_timeout);
-      else
-         fprintf(stderr, "Login received signal, exiting\n");
-    exit(0);
-}
-
-int
-main(int argc, char **argv)
-{
-    int max_tries = 5;
-    int try;
-
-    char username[32];
-    int optind = 0;
-
-    int ask = 1;
-    struct sigaction sa;
-    
-    setprogname(argv[0]);
-
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    }
-#endif
-
-    openlog("login", LOG_ODELAY, LOG_AUTH);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-    argc -= optind;
-    argv += optind;
-
-    if(help_flag)
-	usage(0);
-    if (version_flag) {
-	print_version (NULL);
-	return 0;
-    }
-	
-    if (geteuid() != 0)
-	errx(1, "only root may use login, use su");
-
-    /* Default tty settings. */
-    stty_default();
-
-    if(p_flag)
-	copy_env();
-    else {
-	/* this set of variables is always preserved by BSD login */
-	if(getenv("TERM"))
-	    add_env("TERM", getenv("TERM"));
-	if(getenv("TZ"))
-	    add_env("TZ", getenv("TZ"));
-    }
-
-    if(*argv){
-	if(strchr(*argv, '=') == NULL && strcmp(*argv, "-") != 0){
-	    strlcpy (username, *argv, sizeof(username));
-	    ask = 0;
-	}
-    }
-
-#if defined(DCE) && defined(AIX)
-    esetenv("AUTHSTATE", "DCE", 1);
-#endif
-
-    /* XXX should we care about environment on the command line? */
-
-    memset(&sa, 0, sizeof(sa));
-    sa.sa_handler = sig_handler;
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sigaction(SIGALRM, &sa, NULL);
-    alarm(login_timeout);
-
-    for(try = 0; try < max_tries; try++){
-	struct passwd *pwd;
-	char password[128];
-	int ret;
-	char ttname[32];
-	char *tty, *ttyn;
-        char prompt[128];
-#ifdef OTP
-        char otp_str[256];
-#endif
-
-	if(ask){
-	    f_flag = 0;
-#if 0
-	    r_flag = 0;
-#endif
-	    ret = read_string("login: ", username, sizeof(username), 1);
-	    if(ret == -3)
-		exit(0);
-	    if(ret == -2)
-		sig_handler(0); /* exit */
-	}
-        pwd = k_getpwnam(username);
-#ifdef ALLOW_NULL_PASSWORD
-        if (pwd != NULL && (pwd->pw_passwd[0] == '\0')) {
-            strcpy(password,"");
-        }
-        else
-#endif
-
-        {
-#ifdef OTP
-           if(auth_level && strcmp(auth_level, "otp") == 0 &&
-                 otp_challenge(&otp_ctx, username,
-                            otp_str, sizeof(otp_str)) == 0)
-                 snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
-                            username, otp_str);
-            else
-#endif
-                 strncpy(prompt, "Password: ", sizeof(prompt));
-
-	    if (f_flag == 0) {
-	       ret = read_string(prompt, password, sizeof(password), 0);
-               if (ret == -3) {
-                  ask = 1;
-                  continue;
-               }
-               if (ret == -2)
-                  sig_handler(0);
-            }
-         }
-	
-	if(pwd == NULL){
-	    fprintf(stderr, "Login incorrect.\n");
-	    ask = 1;
-	    continue;
-	}
-
-	if(f_flag == 0 && check_password(pwd, password)){
-	    fprintf(stderr, "Login incorrect.\n");
-            ask = 1;
-	    continue;
-	}
-	ttyn = ttyname(STDIN_FILENO);
-	if(ttyn == NULL){
-	    snprintf(ttname, sizeof(ttname), "%s??", _PATH_TTY);
-	    ttyn = ttname;
-	}
-	if (strncmp (ttyn, _PATH_DEV, strlen(_PATH_DEV)) == 0)
-	    tty = ttyn + strlen(_PATH_DEV);
-	else
-	    tty = ttyn;
-    
-	if (login_access (pwd, remote_host ? remote_host : tty) == 0) {
-	    fprintf(stderr, "Permission denied\n");
-	    if (remote_host)
-		syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
-		       pwd->pw_name, remote_host);
-	    else
-		syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
-		       pwd->pw_name, tty);
-	    exit (1);
-	}
-        alarm(0);
-	do_login(pwd, tty, ttyn);
-    }
-    exit(1);
-}
diff --git a/crypto/heimdal/appl/login/login_access.c b/crypto/heimdal/appl/login/login_access.c
deleted file mode 100644
index d6275fdfb462..000000000000
--- a/crypto/heimdal/appl/login/login_access.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that this entire copyright notice
-* is duplicated in all such copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
- /*
-  * This module implements a simple but effective form of login access
-  * control based on login names and on host (or domain) names, internet
-  * addresses (or network numbers), or on terminal line names in case of
-  * non-networked logins. Diagnostics are reported through syslog(3).
-  *
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#include "login_locl.h"
-
-RCSID("$Id: login_access.c,v 1.2 2001/06/04 14:09:45 assar Exp $");
-
- /* Delimiters for fields and for lists of users, ttys or hosts. */
-
-static char fs[] = ":";			/* field separator */
-static char sep[] = ", \t";		/* list-element separator */
-
- /* Constants to be used in assignments only, not in comparisons... */
-
-#define YES             1
-#define NO              0
-
- /*
-  * A structure to bundle up all login-related information to keep the
-  * functional interfaces as generic as possible.
-  */
-struct login_info {
-    struct passwd *user;
-    char   *from;
-};
-
-static int list_match(char *list, struct login_info *item,
-		      int (*match_fn)(char *, struct login_info *));
-static int user_match(char *tok, struct login_info *item);
-static int from_match(char *tok, struct login_info *item);
-static int string_match(char *tok, char *string);
-
-/* login_access - match username/group and host/tty with access control file */
-
-int login_access(struct passwd *user, char *from)
-{
-    struct login_info item;
-    FILE   *fp;
-    char    line[BUFSIZ];
-    char   *perm;			/* becomes permission field */
-    char   *users;			/* becomes list of login names */
-    char   *froms;			/* becomes list of terminals or hosts */
-    int     match = NO;
-    int     end;
-    int     lineno = 0;			/* for diagnostics */
-    char   *foo;
-
-    /*
-     * Bundle up the arguments to avoid unnecessary clumsiness lateron.
-     */
-    item.user = user;
-    item.from = from;
-
-    /*
-     * Process the table one line at a time and stop at the first match.
-     * Blank lines and lines that begin with a '#' character are ignored.
-     * Non-comment lines are broken at the ':' character. All fields are
-     * mandatory. The first field should be a "+" or "-" character. A
-     * non-existing table means no access control.
-     */
-
-    if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
-	while (!match && fgets(line, sizeof(line), fp)) {
-	    lineno++;
-	    if (line[end = strlen(line) - 1] != '\n') {
-		syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
-		       _PATH_LOGACCESS, lineno);
-		continue;
-	    }
-	    if (line[0] == '#')
-		continue;			/* comment line */
-	    while (end > 0 && isspace((unsigned char)line[end - 1]))
-		end--;
-	    line[end] = 0;			/* strip trailing whitespace */
-	    if (line[0] == 0)			/* skip blank lines */
-		continue;
-	    foo = NULL;
-	    if (!(perm = strtok_r(line, fs, &foo))
-		|| !(users = strtok_r(NULL, fs, &foo))
-		|| !(froms = strtok_r(NULL, fs, &foo))
-		|| strtok_r(NULL, fs, &foo)) {
-		syslog(LOG_ERR, "%s: line %d: bad field count", 
-		       _PATH_LOGACCESS,
-		       lineno);
-		continue;
-	    }
-	    if (perm[0] != '+' && perm[0] != '-') {
-		syslog(LOG_ERR, "%s: line %d: bad first field", 
-		       _PATH_LOGACCESS,
-		       lineno);
-		continue;
-	    }
-	    match = (list_match(froms, &item, from_match)
-		     && list_match(users, &item, user_match));
-	}
-	fclose(fp);
-    } else if (errno != ENOENT) {
-	syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
-    }
-    return (match == 0 || (line[0] == '+'));
-}
-
-/* list_match - match an item against a list of tokens with exceptions */
-
-static int
-list_match(char *list,
-	   struct login_info *item,
-	   int (*match_fn)(char *, struct login_info *))
-{
-    char   *tok;
-    int     match = NO;
-    char   *foo = NULL;
-
-    /*
-     * Process tokens one at a time. We have exhausted all possible matches
-     * when we reach an "EXCEPT" token or the end of the list. If we do find
-     * a match, look for an "EXCEPT" list and recurse to determine whether
-     * the match is affected by any exceptions.
-     */
-
-    for (tok = strtok_r(list, sep, &foo);
-	 tok != NULL;
-	 tok = strtok_r(NULL, sep, &foo)) {
-	if (strcasecmp(tok, "EXCEPT") == 0)	/* EXCEPT: give up */
-	    break;
-	if ((match = (*match_fn) (tok, item)) != 0)	/* YES */
-	    break;
-    }
-    /* Process exceptions to matches. */
-
-    if (match != NO) {
-	while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
-	     /* VOID */ ;
-	if (tok == 0 || list_match(NULL, item, match_fn) == NO)
-	    return (match);
-    }
-    return (NO);
-}
-
-/* myhostname - figure out local machine name */
-
-static char *myhostname(void)
-{
-    static char name[MAXHOSTNAMELEN + 1] = "";
-
-    if (name[0] == 0) {
-	gethostname(name, sizeof(name));
-	name[MAXHOSTNAMELEN] = 0;
-    }
-    return (name);
-}
-
-/* netgroup_match - match group against machine or user */
-
-static int netgroup_match(char *group, char *machine, char *user)
-{
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
-    static char *mydomain = 0;
-
-    if (mydomain == 0)
-	yp_get_default_domain(&mydomain);
-    return (innetgr(group, machine, user, mydomain));
-#else
-    syslog(LOG_ERR, "NIS netgroup support not configured");
-    return 0;
-#endif
-}
-
-/* user_match - match a username against one token */
-
-static int user_match(char *tok, struct login_info *item)
-{
-    char   *string = item->user->pw_name;
-    struct login_info fake_item;
-    struct group *group;
-    int     i;
-    char   *at;
-
-    /*
-     * If a token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the username, if the
-     * token is a group that contains the username, or if the token is the
-     * name of the user's primary group.
-     */
-
-    if ((at = strchr(tok + 1, '@')) != 0) {	/* split user@host pattern */
-	*at = 0;
-	fake_item.from = myhostname();
-	return (user_match(tok, item) && from_match(at + 1, &fake_item));
-    } else if (tok[0] == '@') {			/* netgroup */
-	return (netgroup_match(tok + 1, (char *) 0, string));
-    } else if (string_match(tok, string)) {	/* ALL or exact match */
-	return (YES);
-    } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
-	if (item->user->pw_gid == group->gr_gid)
-	    return (YES);
-	for (i = 0; group->gr_mem[i]; i++)
-	    if (strcasecmp(string, group->gr_mem[i]) == 0)
-		return (YES);
-    }
-    return (NO);
-}
-
-/* from_match - match a host or tty against a list of tokens */
-
-static int from_match(char *tok, struct login_info *item)
-{
-    char   *string = item->from;
-    int     tok_len;
-    int     str_len;
-
-    /*
-     * If a token has the magic value "ALL" the match always succeeds. Return
-     * YES if the token fully matches the string. If the token is a domain
-     * name, return YES if it matches the last fields of the string. If the
-     * token has the magic value "LOCAL", return YES if the string does not
-     * contain a "." character. If the token is a network number, return YES
-     * if it matches the head of the string.
-     */
-
-    if (tok[0] == '@') {			/* netgroup */
-	return (netgroup_match(tok + 1, string, (char *) 0));
-    } else if (string_match(tok, string)) {	/* ALL or exact match */
-	return (YES);
-    } else if (tok[0] == '.') {			/* domain: match last fields */
-	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
-	    && strcasecmp(tok, string + str_len - tok_len) == 0)
-	    return (YES);
-    } else if (strcasecmp(tok, "LOCAL") == 0) {	/* local: no dots */
-	if (strchr(string, '.') == 0)
-	    return (YES);
-    } else if (tok[(tok_len = strlen(tok)) - 1] == '.'	/* network */
-	       && strncmp(tok, string, tok_len) == 0) {
-	return (YES);
-    }
-    return (NO);
-}
-
-/* string_match - match a string against one token */
-
-static int string_match(char *tok, char *string)
-{
-
-    /*
-     * If the token has the magic value "ALL" the match always succeeds.
-     * Otherwise, return YES if the token fully matches the string.
-     */
-
-    if (strcasecmp(tok, "ALL") == 0) {		/* all: always matches */
-	return (YES);
-    } else if (strcasecmp(tok, string) == 0) {	/* try exact match */
-	return (YES);
-    }
-    return (NO);
-}
diff --git a/crypto/heimdal/appl/login/login_locl.h b/crypto/heimdal/appl/login/login_locl.h
deleted file mode 100644
index cc1d92021efd..000000000000
--- a/crypto/heimdal/appl/login/login_locl.h
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: login_locl.h,v 1.24 2002/08/12 15:09:15 joda Exp $ */
-
-#ifndef __LOGIN_LOCL_H__
-#define __LOGIN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <syslog.h>
-#include <signal.h>
-#include <termios.h>
-#include <err.h>
-#include <pwd.h>
-#include <roken.h>
-#include <getarg.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_UDB_H
-#include <udb.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_CATEGORY_H
-#include <sys/category.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef HAVE_NETGROUP_H
-#include <netgroup.h>
-#endif
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#include <kafs.h>
-
-#ifdef OTP
-#include <otp.h>
-#endif
-
-#ifdef HAVE_OSFC2
-#define getargs OSFgetargs
-#include "/usr/include/prot.h"
-#undef getargs
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-#ifndef _PATH_TTY
-#define _PATH_TTY "/dev/tty"
-#endif
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN "/etc/nologin"
-#endif
-#ifndef _PATH_WTMP
-#ifdef WTMP_FILE
-#define _PATH_WTMP WTMP_FILE
-#else
-#define _PATH_WTMP "/var/adm/wtmp"
-#endif
-#endif
-#ifndef _PATH_UTMP
-#ifdef UTMP_FILE
-#define _PATH_UTMP UTMP_FILE
-#else
-#define _PATH_UTMP "/var/adm/utmp"
-#endif
-#endif
-
-#ifndef _PATH_LOGACCESS
-#define _PATH_LOGACCESS SYSCONFDIR "/login.access"
-#endif /* _PATH_LOGACCESS */
-
-#ifndef _PATH_LOGIN_CONF
-#define _PATH_LOGIN_CONF SYSCONFDIR "/login.conf"
-#endif /* _PATH_LOGIN_CONF */
-
-#ifndef _PATH_ETC_ENVIRONMENT
-#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
-#endif
-
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH "/usr/bin:/bin"
-#endif
-
-struct spwd;
-
-extern char **env;
-extern int num_env;
-
-#include "login_protos.h"
-
-#endif /* __LOGIN_LOCL_H__ */
diff --git a/crypto/heimdal/appl/login/login_protos.h b/crypto/heimdal/appl/login/login_protos.h
deleted file mode 100644
index 48b8101c2315..000000000000
--- a/crypto/heimdal/appl/login/login_protos.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/* This is a generated file */
-#ifndef __login_protos_h__
-#define __login_protos_h__
-
-#include <stdarg.h>
-
-void
-add_env (
-	const char */*var*/,
-	const char */*value*/);
-
-void
-check_shadow (
-	const struct passwd */*pw*/,
-	const struct spwd */*sp*/);
-
-char *
-clean_ttyname (char */*tty*/);
-
-void
-copy_env (void);
-
-int
-do_osfc2_magic (uid_t /*uid*/);
-
-void
-extend_env (char */*str*/);
-
-int
-login_access (
-	struct passwd */*user*/,
-	char */*from*/);
-
-char *
-login_conf_get_string (const char */*str*/);
-
-int
-login_read_env (const char */*file*/);
-
-char *
-make_id (char */*tty*/);
-
-void
-prepare_utmp (
-	struct utmp */*utmp*/,
-	char */*tty*/,
-	const char */*username*/,
-	const char */*hostname*/);
-
-int
-read_string (
-	const char */*prompt*/,
-	char */*buf*/,
-	size_t /*len*/,
-	int /*echo*/);
-
-void
-shrink_hostname (
-	const char */*hostname*/,
-	char */*dst*/,
-	size_t /*dst_sz*/);
-
-void
-stty_default (void);
-
-void
-utmp_login (
-	char */*tty*/,
-	const char */*username*/,
-	const char */*hostname*/);
-
-int
-utmpx_login (
-	char */*line*/,
-	const char */*user*/,
-	const char */*host*/);
-
-#endif /* __login_protos_h__ */
diff --git a/crypto/heimdal/appl/login/osfc2.c b/crypto/heimdal/appl/login/osfc2.c
deleted file mode 100644
index 056484c41359..000000000000
--- a/crypto/heimdal/appl/login/osfc2.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-RCSID("$Id: osfc2.c,v 1.4 2001/02/20 01:44:46 assar Exp $");
-
-int
-do_osfc2_magic(uid_t uid)
-{
-#ifdef HAVE_OSFC2
-    struct es_passwd *epw;
-    char *argv[2];
-    
-    /* fake */
-    argv[0] = (char*)getprogname();
-    argv[1] = NULL;
-    set_auth_parameters(1, argv);
-    
-    epw = getespwuid(uid);
-    if(epw == NULL) {
-	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
-	       "getespwuid failed for %d", uid);
-	printf("Sorry.\n");
-	return 1;
-    }
-    /* We don't check for auto-retired, foo-retired,
-       bar-retired, or any other kind of retired accounts
-       here; neither do we check for time-locked accounts, or
-       any other kind of serious C2 mumbo-jumbo. We do,
-       however, call setluid, since failing to do so is not
-       very good (take my word for it). */
-    
-    if(!epw->uflg->fg_uid) {
-	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
-	       "attempted login by %s (has no uid)", epw->ufld->fd_name);
-	printf("Sorry.\n");
-	return 1;
-    }
-    setluid(epw->ufld->fd_uid);
-    if(getluid() != epw->ufld->fd_uid) {
-	syslog(LOG_AUTHPRIV|LOG_NOTICE, 
-	       "failed to set LUID for %s (%d)", 
-	       epw->ufld->fd_name, epw->ufld->fd_uid);
-	printf("Sorry.\n");
-	return 1;
-    }
-#endif /* HAVE_OSFC2 */
-    return 0;
-}
diff --git a/crypto/heimdal/appl/login/read_string.c b/crypto/heimdal/appl/login/read_string.c
deleted file mode 100644
index f3cee14368a4..000000000000
--- a/crypto/heimdal/appl/login/read_string.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: read_string.c,v 1.4 2000/06/21 02:09:36 assar Exp $");
-
-static sig_atomic_t intr_flag;
-
-static void
-intr(int sig)
-{
-    intr_flag++;
-}
-
-int
-read_string(const char *prompt, char *buf, size_t len, int echo)
-{
-    struct sigaction sigs[47];
-    struct sigaction sa;
-    FILE *tty;
-    int ret = 0;
-    int of = 0;
-    int i;
-    int c;
-    char *p;
-
-    struct termios t_new, t_old;
-
-    memset(&sa, 0, sizeof(sa));
-    sa.sa_handler = intr;
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++)
-	if (i != SIGALRM) sigaction(i, &sa, &sigs[i]);
-
-    if((tty = fopen("/dev/tty", "r")) == NULL)
-	tty = stdin;
-       
-    fprintf(stderr, "%s", prompt);
-    fflush(stderr);
-
-    if(echo == 0){
-	tcgetattr(fileno(tty), &t_old);
-	memcpy(&t_new, &t_old, sizeof(t_new));
-	t_new.c_lflag &= ~ECHO;
-	tcsetattr(fileno(tty), TCSANOW, &t_new);
-    }
-    intr_flag = 0;
-    p = buf;
-    while(intr_flag == 0){
-	c = getc(tty);
-	if(c == EOF){
-	    if(!ferror(tty))
-		ret = 1;
-	    break;
-	}
-	if(c == '\n')
-	    break;
-	if(of == 0)
-	    *p++ = c;
-	of = (p == buf + len);
-    }
-    if(of)
-	p--;
-    *p = 0;
-    
-    if(echo == 0){
-	printf("\n");
-	tcsetattr(fileno(tty), TCSANOW, &t_old);
-    }
-    
-    if(tty != stdin)
-	fclose(tty);
-
-    for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++)
-	if (i != SIGALRM) sigaction(i, &sigs[i], NULL);
-    
-    if(ret)
-	return -3;
-    if(intr_flag)
-	return -2;
-    if(of)
-	return -1;
-    return 0;
-}
-
-
-#if 0
-int main()
-{
-    char s[128];
-    int ret;
-    ret = read_string("foo: ", s, sizeof(s), 0);
-    printf("%d ->%s<-\n", ret, s);
-}
-#endif
diff --git a/crypto/heimdal/appl/login/shadow.c b/crypto/heimdal/appl/login/shadow.c
deleted file mode 100644
index 0923831c3496..000000000000
--- a/crypto/heimdal/appl/login/shadow.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: shadow.c,v 1.5 1999/12/02 17:04:56 joda Exp $");
-
-#ifdef HAVE_SHADOW_H
-
-#ifndef _PATH_CHPASS
-#define _PATH_CHPASS "/usr/bin/passwd"
-#endif
-
-static int
-change_passwd(const struct passwd *who)
-{
-    int status;
-    pid_t pid;
-
-    switch (pid = fork()) {
-    case -1:
-        printf("fork /bin/passwd");
-        exit(1);
-    case 0:
-        execlp(_PATH_CHPASS, "passwd", who->pw_name, (char *) 0);
-        exit(1);
-    default:
-        waitpid(pid, &status, 0);
-        return (status);
-    }
-}
-
-void 
-check_shadow(const struct passwd *pw, const struct spwd *sp)
-{
-  long today;
-
-  today = time(0)/(24L * 60 * 60);
-  
-  if (sp == NULL)
-      return;
-
-  if (sp->sp_expire > 0) {
-        if (today >= sp->sp_expire) {
-            printf("Your account has expired.\n");
-            sleep(1);
-            exit(0);
-        } else if (sp->sp_expire - today < 14) {
-            printf("Your account will expire in %d days.\n",
-                   (int)(sp->sp_expire - today));
-        }
-  }
-
-  if (sp->sp_max > 0) {
-        if (today >= (sp->sp_lstchg + sp->sp_max)) {
-            printf("Your password has expired. Choose a new one.\n");
-            change_passwd(pw);
-        } else if (sp->sp_warn > 0
-            && (today > (sp->sp_lstchg + sp->sp_max - sp->sp_warn))) {
-            printf("Your password will expire in %d days.\n",
-                   (int)(sp->sp_lstchg + sp->sp_max - today));
-        }
-  }
-}
-#endif /* HAVE_SHADOW_H */
diff --git a/crypto/heimdal/appl/login/stty_default.c b/crypto/heimdal/appl/login/stty_default.c
deleted file mode 100644
index 5e3856629514..000000000000
--- a/crypto/heimdal/appl/login/stty_default.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: stty_default.c,v 1.8 1999/12/02 17:04:56 joda Exp $");
-
-#include <termios.h>
-
-/* HP-UX 9.0 termios doesn't define these */
-#ifndef FLUSHO
-#define	FLUSHO	0
-#endif
-
-#ifndef XTABS
-#define	XTABS	0
-#endif
-
-#ifndef OXTABS
-#define OXTABS	XTABS
-#endif
-
-/* Ultrix... */
-#ifndef ECHOPRT
-#define ECHOPRT	0
-#endif
-
-#ifndef ECHOCTL
-#define ECHOCTL	0
-#endif
-
-#ifndef ECHOKE
-#define ECHOKE	0
-#endif
-
-#ifndef IMAXBEL
-#define IMAXBEL	0
-#endif
-
-#define Ctl(x) ((x) ^ 0100)
-
-void
-stty_default(void)
-{
-    struct	termios termios;
-
-    /*
-     * Finalize the terminal settings. Some systems default to 8 bits,
-     * others to 7, so we should leave that alone.
-     */
-    tcgetattr(0, &termios);
-
-    termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
-    termios.c_iflag &= ~IXANY;
-
-    termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
-    termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
-
-    termios.c_oflag |= (OPOST|ONLCR);
-    termios.c_oflag &= ~OXTABS;
-
-    termios.c_cc[VINTR] = Ctl('C');
-    termios.c_cc[VERASE] = Ctl('H');
-    termios.c_cc[VKILL] = Ctl('U');
-    termios.c_cc[VEOF] = Ctl('D');
-
-    termios.c_cc[VSUSP] = Ctl('Z');
-    
-    tcsetattr(0, TCSANOW, &termios);
-}
diff --git a/crypto/heimdal/appl/login/tty.c b/crypto/heimdal/appl/login/tty.c
deleted file mode 100644
index 0ffea7249fd9..000000000000
--- a/crypto/heimdal/appl/login/tty.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: tty.c,v 1.4 1999/12/02 17:04:56 joda Exp $");
-
-/*
- * Clean the tty name.  Return a pointer to the cleaned version.
- */
-
-char *
-clean_ttyname (char *tty)
-{
-  char *res = tty;
-
-  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
-    res += strlen(_PATH_DEV);
-  if (strncmp (res, "pty/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "ptym/", 5) == 0)
-    res += 5;
-  return res;
-}
-
-/*
- * Generate a name usable as an `ut_id', typically without `tty'.
- */
-
-char *
-make_id (char *tty)
-{
-  char *res = tty;
-  
-  if (strncmp (res, "pts/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "tty", 3) == 0)
-    res += 3;
-  return res;
-}
diff --git a/crypto/heimdal/appl/login/utmp_login.c b/crypto/heimdal/appl/login/utmp_login.c
deleted file mode 100644
index 0be6cdb19fc4..000000000000
--- a/crypto/heimdal/appl/login/utmp_login.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "login_locl.h"
-
-RCSID("$Id: utmp_login.c,v 1.18 2001/02/08 16:08:26 assar Exp $");
-
-/* try to put something useful from hostname into dst, dst_sz:
- * full name, first component or address */
-
-void
-shrink_hostname (const char *hostname,
-		 char *dst, size_t dst_sz)
-{
-    char local_hostname[MaxHostNameLen];
-    char *ld, *hd;
-    int ret;
-    struct addrinfo *ai;
-
-    if (strlen(hostname) < dst_sz) {
-	strlcpy (dst, hostname, dst_sz);
-	return;
-    }
-    gethostname (local_hostname, sizeof(local_hostname));
-    hd = strchr (hostname, '.');
-    ld = strchr (local_hostname, '.');
-    if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0
-	&& hd - hostname < dst_sz) {
-	strlcpy (dst, hostname, dst_sz);
-	dst[hd - hostname] = '\0';
-	return;
-    }
-
-    ret = getaddrinfo (hostname, NULL, NULL, &ai);
-    if (ret) {
-	strncpy (dst, hostname, dst_sz);
-	return;
-    }
-    ret = getnameinfo (ai->ai_addr, ai->ai_addrlen,
-		       dst, dst_sz,
-		       NULL, 0,
-		       NI_NUMERICHOST);
-    freeaddrinfo (ai);
-    if (ret) {
-	strncpy (dst, hostname, dst_sz);
-	return;
-    }
-}
-
-void
-prepare_utmp (struct utmp *utmp, char *tty, 
-	      const char *username, const char *hostname)
-{
-    char *ttyx = clean_ttyname (tty);
-
-    memset(utmp, 0, sizeof(*utmp));
-    utmp->ut_time = time(NULL);
-    strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
-    strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
-
-# ifdef HAVE_STRUCT_UTMP_UT_USER
-    strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_ADDR
-    if (hostname[0]) {
-        struct hostent *he;
-	if ((he = gethostbyname(hostname)))
-	    memcpy(&utmp->ut_addr, he->h_addr_list[0],
-		   sizeof(utmp->ut_addr));
-    }
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_HOST
-    shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host));
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    utmp->ut_type = USER_PROCESS;
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_PID
-    utmp->ut_pid = getpid();
-# endif
-
-# ifdef HAVE_STRUCT_UTMP_UT_ID
-    strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
-# endif
-}
-
-#ifdef HAVE_UTMPX_H
-void utmp_login(char *tty, const char *username, const char *hostname)
-{ 
-    return;
-}
-#else
-
-/* update utmp and wtmp - the BSD way */
-
-void utmp_login(char *tty, const char *username, const char *hostname)
-{
-    struct utmp utmp;
-    int fd;
-
-    prepare_utmp (&utmp, tty, username, hostname);
-
-#ifdef HAVE_SETUTENT
-    utmpname(_PATH_UTMP);
-    setutent();
-    pututline(&utmp);
-    endutent();
-#else
-
-#ifdef HAVE_TTYSLOT
-    {
-      int ttyno;
-      ttyno = ttyslot();
-      if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
-	lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
-	write(fd, &utmp, sizeof(struct utmp));
-	close(fd);
-      }
-    }
-#endif /* HAVE_TTYSLOT */
-#endif /* HAVE_SETUTENT */
-
-    if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-	write(fd, &utmp, sizeof(struct utmp));
-	close(fd);
-    }
-}
-#endif /* !HAVE_UTMPX_H */
diff --git a/crypto/heimdal/appl/login/utmpx_login.c b/crypto/heimdal/appl/login/utmpx_login.c
deleted file mode 100644
index b6e5fcf1c064..000000000000
--- a/crypto/heimdal/appl/login/utmpx_login.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that this entire copyright notice
-* is duplicated in all such copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
-/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
-
-#include "login_locl.h"
-
-RCSID("$Id: utmpx_login.c,v 1.26 2001/06/04 14:10:19 assar Exp $");
-
-/* utmpx_login - update utmp and wtmp after login */
-
-#ifndef HAVE_UTMPX_H
-int utmpx_login(char *line, const char *user, const char *host) { return 0; }
-#else
-
-static void
-utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host)
-{
-    struct timeval tmp;
-    char *clean_tty = clean_ttyname(line);
-
-    strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
-#ifdef HAVE_STRUCT_UTMPX_UT_ID
-    strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
-#endif
-    strncpy(ut->ut_user, user, sizeof(ut->ut_user));
-    shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host));
-#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
-    ut->ut_syslen = strlen(host) + 1;
-    if (ut->ut_syslen > sizeof(ut->ut_host))
-        ut->ut_syslen = sizeof(ut->ut_host);
-#endif
-    ut->ut_type = USER_PROCESS;
-    gettimeofday (&tmp, 0);
-    ut->ut_tv.tv_sec = tmp.tv_sec;
-    ut->ut_tv.tv_usec = tmp.tv_usec;
-    pututxline(ut);
-#ifdef WTMPX_FILE
-    updwtmpx(WTMPX_FILE, ut);
-#elif defined(WTMP_FILE)
-    {
-	struct utmp utmp;
-	int fd;
-
-	prepare_utmp (&utmp, line, user, host);
-	if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-	    write(fd, &utmp, sizeof(struct utmp));
-	    close(fd);
-	}
-    }
-#endif
-}
-
-int
-utmpx_login(char *line, const char *user, const char *host)
-{
-    struct utmpx *ut, save_ut;
-    pid_t   mypid = getpid();
-    int     ret = (-1);
-
-    /*
-     * SYSV4 ttymon and login use tty port names with the "/dev/" prefix
-     * stripped off. Rlogind and telnetd, on the other hand, make utmpx
-     * entries with device names like /dev/pts/nnn. We therefore cannot use
-     * getutxline(). Return nonzero if no utmp entry was found with our own
-     * process ID for a login or user process.
-     */
-
-    while ((ut = getutxent())) {
-        /* Try to find a reusable entry */
-	if (ut->ut_pid == mypid
-	    && (   ut->ut_type == INIT_PROCESS
-		|| ut->ut_type == LOGIN_PROCESS
-		|| ut->ut_type == USER_PROCESS)) {
-	    save_ut = *ut;
-	    utmpx_update(&save_ut, line, user, host);
-	    ret = 0;
-	    break;
-	}
-    }
-    if (ret == -1) {
-        /* Grow utmpx file by one record. */
-        struct utmpx newut;
-	memset(&newut, 0, sizeof(newut));
-	newut.ut_pid = mypid;
-        utmpx_update(&newut, line, user, host);
-	ret = 0;
-    }
-    endutxent();
-    return (ret);
-}
-#endif /* HAVE_UTMPX_H */
diff --git a/crypto/heimdal/appl/otp/ChangeLog b/crypto/heimdal/appl/otp/ChangeLog
deleted file mode 100644
index cffff9ef4ea2..000000000000
--- a/crypto/heimdal/appl/otp/ChangeLog
+++ /dev/null
@@ -1,40 +0,0 @@
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* otpprint.1: sort parameters and close a list
-
-	* otp.1: sort parameters and close a list
-
-1999-09-14  Assar Westerlund  <assar@sics.se>
-
-	* otp.c (verify_user_otp): check return value from
- 	des_read_pw_string
-
-Thu Apr  1 16:51:07 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* otpprint.c: use getarg
-
-	* otp.c: use getarg
-
-Thu Mar 18 12:08:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar  4 19:45:40 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: DESTDIR
-
-Sat Feb 27 19:44:25 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add
-
-Sun Nov 22 10:32:50 1998  Assar Westerlund  <assar@sics.se>
-
-	* otpprint.c: more braces
-
-	* Makefile.in (WFLAGS): set
-
-Sun Dec 21 09:31:30 1997  Assar Westerlund  <assar@sics.se>
-
-	* otp.c (renew): don't set the OTP if the reading of the string
- 	fails.
-
diff --git a/crypto/heimdal/appl/otp/Makefile b/crypto/heimdal/appl/otp/Makefile
deleted file mode 100644
index 1a2bad5e3e88..000000000000
--- a/crypto/heimdal/appl/otp/Makefile
+++ /dev/null
@@ -1,649 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/otp/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.11 2001/08/28 08:31:21 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = otp otpprint
-bin_SUIDS = otp
-otp_SOURCES = otp.c otp_locl.h
-otpprint_SOURCES = otpprint.c otp_locl.h
-
-man_MANS = otp.1  otpprint.1
-
-LDADD = \
-	$(top_builddir)/lib/otp/libotp.la
-
-subdir = appl/otp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = otp$(EXEEXT) otpprint$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_otp_OBJECTS = otp.$(OBJEXT)
-otp_OBJECTS = $(am_otp_OBJECTS)
-otp_LDADD = $(LDADD)
-otp_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la
-otp_LDFLAGS =
-am_otpprint_OBJECTS = otpprint.$(OBJEXT)
-otpprint_OBJECTS = $(am_otpprint_OBJECTS)
-otpprint_LDADD = $(LDADD)
-otpprint_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la
-otpprint_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/otp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-otp$(EXEEXT): $(otp_OBJECTS) $(otp_DEPENDENCIES) 
-	@rm -f otp$(EXEEXT)
-	$(LINK) $(otp_LDFLAGS) $(otp_OBJECTS) $(otp_LDADD) $(LIBS)
-otpprint$(EXEEXT): $(otpprint_OBJECTS) $(otpprint_DEPENDENCIES) 
-	@rm -f otpprint$(EXEEXT)
-	$(LINK) $(otpprint_LDFLAGS) $(otpprint_OBJECTS) $(otpprint_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/otp/Makefile.am b/crypto/heimdal/appl/otp/Makefile.am
deleted file mode 100644
index 16e1c0c4e8ff..000000000000
--- a/crypto/heimdal/appl/otp/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-# $Id: Makefile.am,v 1.11 2001/08/28 08:31:21 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_des)
-
-bin_PROGRAMS = otp otpprint
-bin_SUIDS = otp
-otp_SOURCES = otp.c otp_locl.h
-otpprint_SOURCES = otpprint.c otp_locl.h
-
-man_MANS = otp.1  otpprint.1
-
-LDADD = \
-	$(top_builddir)/lib/otp/libotp.la
diff --git a/crypto/heimdal/appl/otp/Makefile.in b/crypto/heimdal/appl/otp/Makefile.in
deleted file mode 100644
index 49e9e8d96730..000000000000
--- a/crypto/heimdal/appl/otp/Makefile.in
+++ /dev/null
@@ -1,649 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.11 2001/08/28 08:31:21 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = otp otpprint
-bin_SUIDS = otp
-otp_SOURCES = otp.c otp_locl.h
-otpprint_SOURCES = otpprint.c otp_locl.h
-
-man_MANS = otp.1  otpprint.1
-
-LDADD = \
-	$(top_builddir)/lib/otp/libotp.la
-
-subdir = appl/otp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = otp$(EXEEXT) otpprint$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_otp_OBJECTS = otp.$(OBJEXT)
-otp_OBJECTS = $(am_otp_OBJECTS)
-otp_LDADD = $(LDADD)
-otp_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la
-otp_LDFLAGS =
-am_otpprint_OBJECTS = otpprint.$(OBJEXT)
-otpprint_OBJECTS = $(am_otpprint_OBJECTS)
-otpprint_LDADD = $(LDADD)
-otpprint_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la
-otpprint_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/otp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-otp$(EXEEXT): $(otp_OBJECTS) $(otp_DEPENDENCIES) 
-	@rm -f otp$(EXEEXT)
-	$(LINK) $(otp_LDFLAGS) $(otp_OBJECTS) $(otp_LDADD) $(LIBS)
-otpprint$(EXEEXT): $(otpprint_OBJECTS) $(otpprint_DEPENDENCIES) 
-	@rm -f otpprint$(EXEEXT)
-	$(LINK) $(otpprint_LDFLAGS) $(otpprint_OBJECTS) $(otpprint_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/otp/otp.1 b/crypto/heimdal/appl/otp/otp.1
deleted file mode 100644
index 473a4b0bc8ae..000000000000
--- a/crypto/heimdal/appl/otp/otp.1
+++ /dev/null
@@ -1,60 +0,0 @@
-.\" $Id: otp.1,v 1.2 2000/11/29 18:18:22 joda Exp $
-.\"
-.Dd November 17, 1996
-.Dt OTP 1
-.Os KTH-KRB
-.Sh NAME
-.Nm otp
-.Nd
-manages one-time passwords
-.Sh SYNOPSIS
-.Nm otp
-.Op Fl dhlor
-.Op Fl f Ar algorithm
-.Op Fl u Ar user
-.Ar sequence-number
-.Ar seed
-.Sh DESCRIPTION
-The
-.Nm
-program initializes and updates your current series of one-time
-passwords (OTPs).
-.Pp
-Use this to set a new series of one-time passwords.  Only perform this
-on the console or over an encrypted link as you will have to supply
-your pass-phrase.  The other two parameters are
-.Ar sequence-number
-and
-.Ar seed .
-.Pp
-Options are:
-.Bl -tag -width Ds
-.It Fl d
-To delete a one-time password.
-.It Fl f
-Choose a different
-.Ar algorithm
-from the default md5.  Pick any of: md4, md5, and sha.
-.It Fl h
-For getting a help message.
-.It Fl l
-List the current table of one-time passwords.
-.It Fl o
-To open (unlock) the otp-entry for a user.
-.It Fl r
-To renew a one-time password series.  This operation can be performed
-over an potentially eavesdropped link because you do not supply the
-pass-phrase.  First you need to supply the current one-time password
-and then the new one corresponding to the supplied
-.Ar sequence-number
-and
-.Ar seed .
-.It Fl u
-To choose a different
-.Ar user
-to set one-time passwords for.  This only works when running
-.Nm
-as root.
-.El
-.Sh SEE ALSO
-.Xr otpprint 1
diff --git a/crypto/heimdal/appl/otp/otp.c b/crypto/heimdal/appl/otp/otp.c
deleted file mode 100644
index 66de4e0b6591..000000000000
--- a/crypto/heimdal/appl/otp/otp.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/*
- * Copyright (c) 1995-1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "otp_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: otp.c,v 1.33 2001/02/20 01:44:46 assar Exp $");
-
-static int listp;
-static int deletep;
-static int openp;
-static int renewp;
-static char* alg_string;
-static char *user;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "list", 'l', arg_flag, &listp, "list OTP status" },
-    { "delete", 'd', arg_flag, &deletep, "delete OTP" },
-    { "open", 'o', arg_flag, &openp, "open a locked OTP" },
-    { "renew", 'r', arg_flag, &renewp, "securely renew OTP" },
-    { "hash", 'f', arg_string, &alg_string, 
-      "hash algorithm (md4, md5, or sha)", "algorithm"},
-    { "user", 'u', arg_string, &user, 
-      "user other than current user (root only)", "user" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 'h', arg_flag, &help_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "[num seed]");
-    exit(code);
-}
-
-/* 
- * Renew the OTP for a user. 
- * The pass-phrase is not required (RFC 1938/8.0)
- */
-
-static int
-renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
-{
-    OtpContext newctx, *ctx;
-    char prompt[128];
-    char pw[64];
-    void *dbm;
-    int ret;
-
-    newctx.alg = alg;
-    newctx.user = user;
-    newctx.n = atoi (argv[0]);
-    strlcpy (newctx.seed, argv[1], sizeof(newctx.seed));
-    strlwr(newctx.seed);
-    snprintf (prompt, sizeof(prompt),
-	      "[ otp-%s %u %s ]",
-	      newctx.alg->name,
-	      newctx.n, 
-	      newctx.seed);
-    if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
-	otp_parse (newctx.key, pw, alg) == 0) {
-	ctx = &newctx;
-	ret = 0;
-    } else
-	return 1;
-
-    dbm = otp_db_open ();
-    if (dbm == NULL) {
-	warnx ("otp_db_open failed");
-	return 1;
-    }
-    otp_put (dbm, ctx);
-    otp_db_close (dbm);
-    return ret;
-}
-
-/*
- * Return 0 if the user could enter the next OTP.
- * I would rather have returned !=0 but it's shell-like here around.
- */
-
-static int 
-verify_user_otp(char *username)
-{
-    OtpContext ctx;
-    char passwd[OTP_MAX_PASSPHRASE + 1];
-    char prompt[128], ss[256];
-
-    if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) {
-	warnx("no otp challenge found for %s", username);
-	return 1; 
-    }
-
-    snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
-    if(des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0))
-	return 1;
-    return otp_verify_user (&ctx, passwd);
-}
-
-/* 
- * Set the OTP for a user
- */
-
-static int
-set (int argc, char **argv, OtpAlgorithm *alg, char *user)
-{
-    void *db;
-    OtpContext ctx;
-    char pw[OTP_MAX_PASSPHRASE + 1];
-    int ret;
-    int i;
-
-    ctx.alg = alg;
-    ctx.user = strdup (user);
-    if (ctx.user == NULL)
-	err (1, "out of memory");
-
-    ctx.n = atoi (argv[0]);
-    strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
-    strlwr(ctx.seed);
-    do {
-	if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
-	    return 1;
-	if (strlen (pw) < OTP_MIN_PASSPHRASE)
-	    printf ("Too short pass-phrase.  Use at least %d characters\n",
-		    OTP_MIN_PASSPHRASE);
-    } while(strlen(pw) < OTP_MIN_PASSPHRASE);
-    ctx.alg->init (ctx.key, pw, ctx.seed);
-    for (i = 0; i < ctx.n; ++i)
-	ctx.alg->next (ctx.key);
-    db = otp_db_open ();
-    if(db == NULL) {
-	free (ctx.user);
-	err (1, "otp_db_open failed");
-    }
-    ret = otp_put (db, &ctx);
-    otp_db_close (db);
-    free (ctx.user);
-    return ret;
-}
-
-/*
- * Delete otp of user from the database
- */
-
-static int
-delete_otp (int argc, char **argv, char *user)
-{
-    void *db;
-    OtpContext ctx;
-    int ret;
-
-    db = otp_db_open ();
-    if(db == NULL)
-	errx (1, "otp_db_open failed");
-
-    ctx.user = user;
-    ret = otp_delete(db, &ctx);
-    otp_db_close (db);
-    return ret;
-}
-
-/* 
- * Tell whether the user has an otp
- */
-
-static int
-has_an_otp(char *user)
-{
-    void *db;
-    OtpContext ctx;
-    int ret;
-
-    db = otp_db_open ();
-    if(db == NULL) {
-	warnx ("otp_db_open failed");
-	return 0; /* if no db no otp! */
-    }
-  
-    ctx.user = user;
-    ret = otp_simple_get(db, &ctx); 
-
-    otp_db_close (db);
-    return !ret;
-}
-
-/*
- * Get and print out the otp entry for some user
- */
-
-static void
-print_otp_entry_for_name (void *db, char *user)
-{
-    OtpContext ctx;
-
-    ctx.user = user;
-    if (!otp_simple_get(db, &ctx)) {
-	fprintf(stdout,
-		"%s\totp-%s %d %s",
-		ctx.user, ctx.alg->name, ctx.n, ctx.seed);
-	if (ctx.lock_time)
-	    fprintf(stdout,
-		    "\tlocked since %s",
-		    ctime(&ctx.lock_time));
-	else
-	    fprintf(stdout, "\n");
-    }
-}
-
-static int
-open_otp (int argc, char **argv, char *user)
-{
-    void *db;
-    OtpContext ctx;
-    int ret;
-
-    db = otp_db_open ();
-    if (db == NULL)
-	errx (1, "otp_db_open failed");
-  
-    ctx.user = user;
-    ret = otp_simple_get (db, &ctx);
-    if (ret == 0)
-	ret = otp_put (db, &ctx);
-    otp_db_close (db);
-    return ret;
-}
-
-/*
- * Print otp entries for one or all users
- */
-
-static int
-list_otps (int argc, char **argv, char *user)
-{
-    void *db;
-    struct passwd *pw;
-
-    db = otp_db_open ();
-    if(db == NULL)
-	errx (1, "otp_db_open failed");
-
-    if (user)
-	print_otp_entry_for_name(db, user);
-    else
-	/* scans all users... so as to get a deterministic order */
-	while ((pw = getpwent()))
-	    print_otp_entry_for_name(db, pw->pw_name);
-
-    otp_db_close (db);
-    return 0;
-}
-
-int
-main (int argc, char **argv)
-{
-    int defaultp = 0;
-    int uid = getuid();
-    OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
-    int optind = 0;
-  
-    setprogname (argv[0]);
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(deletep && uid != 0)
-	errx (1, "Only root can delete OTPs");
-    if(alg_string) {
-	alg = otp_find_alg (alg_string);
-	if (alg == NULL)
-	    errx (1, "Unknown algorithm: %s", alg_string);
-    }
-    if (user && uid != 0)
-	errx (1, "Only root can use `-u'");
-    argc -= optind;
-    argv += optind;
-
-    if (!(listp || deletep || renewp || openp))
-	defaultp = 1;
-
-    if ( listp + deletep + renewp + defaultp + openp != 1) 
-	usage(1); /* one of -d or -l or -r or none */
-
-    if(deletep || openp || listp) {
-	if(argc != 0)
-	    errx(1, "delete, open, and list requires no arguments\n");
-    } else {
-	if(argc != 2)
-	    errx(1, "setup, and renew requires `num', and `seed'");
-    }
-    if (listp)
-	return list_otps (argc, argv, user);
-
-    if (user == NULL) {
-	struct passwd *pwd;
-
-	pwd = k_getpwuid(uid);
-	if (pwd == NULL)
-	    err (1, "You don't exist");
-	user = pwd->pw_name;
-    }
-  
-    /*
-     * users other that root must provide the next OTP to update the sequence.
-     * it avoids someone to use a pending session to change an OTP sequence.
-     * see RFC 1938/8.0.
-     */
-    if (uid != 0 && (defaultp || renewp)) {
-	if (!has_an_otp(user)) {
-	    errx (1, "Only root can set an initial OTP");
-	} else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */
-	    if (verify_user_otp(user) != 0) {
-		errx (1, "User authentification failed");
-	    }
-	}
-    }
-
-    if (deletep)
-	return delete_otp (argc, argv, user);
-    else if (renewp)
-	return renew (argc, argv, alg, user);
-    else if (openp)
-	return open_otp (argc, argv, user);
-    else
-	return set (argc, argv, alg, user);
-}
diff --git a/crypto/heimdal/appl/otp/otp.cat1 b/crypto/heimdal/appl/otp/otp.cat1
deleted file mode 100644
index 853b440af005..000000000000
--- a/crypto/heimdal/appl/otp/otp.cat1
+++ /dev/null
@@ -1,42 +0,0 @@
-OTP(1)                  FreeBSD General Commands Manual                 OTP(1)
-
-NNAAMMEE
-     oottpp - manages one-time passwords
-
-SSYYNNOOPPSSIISS
-     oottpp [--ddhhlloorr] [--ff _a_l_g_o_r_i_t_h_m] [--uu _u_s_e_r] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
-
-DDEESSCCRRIIPPTTIIOONN
-     The oottpp program initializes and updates your current series of one-time
-     passwords (OTPs).
-
-     Use this to set a new series of one-time passwords.  Only perform this on
-     the console or over an encrypted link as you will have to supply your
-     pass-phrase.  The other two parameters are _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
-
-     Options are:
-
-     --dd      To delete a one-time password.
-
-     --ff      Choose a different _a_l_g_o_r_i_t_h_m from the default md5.  Pick any of:
-             md4, md5, and sha.
-
-     --hh      For getting a help message.
-
-     --ll      List the current table of one-time passwords.
-
-     --oo      To open (unlock) the otp-entry for a user.
-
-     --rr      To renew a one-time password series.  This operation can be per-
-             formed over an potentially eavesdropped link because you do not
-             supply the pass-phrase.  First you need to supply the current
-             one-time password and then the new one corresponding to the sup-
-             plied _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
-
-     --uu      To choose a different _u_s_e_r to set one-time passwords for.  This
-             only works when running oottpp as root.
-
-SSEEEE AALLSSOO
-     otpprint(1)
-
-KTH-KRB                        November 17, 1996                       KTH-KRB
diff --git a/crypto/heimdal/appl/otp/otp_locl.h b/crypto/heimdal/appl/otp/otp_locl.h
deleted file mode 100644
index 342f4fd0073f..000000000000
--- a/crypto/heimdal/appl/otp/otp_locl.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: otp_locl.h,v 1.9 2001/08/22 20:30:21 assar Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <roken.h>
-#include <err.h>
-#ifdef HAVE_OPENSSL
-#include <openssl/des.h>
-#else
-#include <des.h>
-#endif
-#include <otp.h>
diff --git a/crypto/heimdal/appl/otp/otpprint.1 b/crypto/heimdal/appl/otp/otpprint.1
deleted file mode 100644
index 7f7d5bec7783..000000000000
--- a/crypto/heimdal/appl/otp/otpprint.1
+++ /dev/null
@@ -1,52 +0,0 @@
-.\" $Id: otpprint.1,v 1.4 2001/06/08 20:44:46 assar Exp $
-.\"
-.Dd November 17, 1996
-.Dt OTP 1
-.Os KTH-KRB
-.Sh NAME
-.Nm otpprint
-.Nd
-print lists of one-time passwords
-.Sh SYNOPSIS
-.Nm otp
-.Op Fl n Ar count
-.Op Fl e
-.Op Fl h
-.Op Fl f Ar algorithm
-.Ar sequence-number
-.Ar seed
-.Sh DESCRIPTION
-The
-.Nm
-program prints lists of OTPs.
-.Pp
-Use this to print out a series of one-time passwords.  You will have
-to supply the
-.Ar sequence number
-and the
-.Ar seed
-as arguments and then the program will prompt you for your pass-phrase.
-.Pp
-There are several different print formats.  The default is to print
-each password with six short english words.
-.Pp
-Options are:
-.Bl -tag -width Ds
-.It Fl e
-Print the passwords in ``extended'' format.  In this format a prefix
-that says ``hex:'' or ``word:'' is included.
-.It Fl f
-To choose a different
-.Ar algorithm
-from the default md5.  Pick any of: md4, md5, and sha.
-.It Fl h
-Print the passwords in hex.
-.It Fl n
-Print
-.Ar count
-one-time passwords, starting at
-.Ar sequence-number
-and going backwards. The default is 10.
-.El
-.Sh SEE ALSO
-.Xr otp 1
diff --git a/crypto/heimdal/appl/otp/otpprint.c b/crypto/heimdal/appl/otp/otpprint.c
deleted file mode 100644
index b1d0a84a054c..000000000000
--- a/crypto/heimdal/appl/otp/otpprint.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1995-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "otp_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: otpprint.c,v 1.14 2001/02/20 01:44:46 assar Exp $");
-
-static int extendedp;
-static int count = 10;
-static int hexp;
-static char* alg_string;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "extended", 'e', arg_flag, &extendedp, "print keys in extended format" },
-    { "count", 'n', arg_integer, &count, "number of keys to print" },
-    { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" },
-    { "hash", 'f', arg_string, &alg_string, 
-      "hash algorithm (md4, md5, or sha)", "algorithm"},
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "num seed");
-    exit(code);
-}
-
-static int
-print (int argc,
-       char **argv,
-       int count,
-       OtpAlgorithm *alg,
-       void (*print_fn)(OtpKey, char *, size_t))
-{
-  char pw[64];
-  OtpKey key;
-  int n;
-  int i;
-  char *seed;
-
-  if (argc != 2)
-      usage (1);
-  n = atoi(argv[0]);
-  seed = argv[1];
-  if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
-    return 1;
-  alg->init (key, pw, seed);
-  for (i = 0; i < n; ++i) {
-    char s[64];
-
-    alg->next (key);
-    if (i >= n - count) {
-      (*print_fn)(key, s, sizeof(s));
-      printf ("%d: %s\n", i + 1, s);
-    }
-  }
-  return 0;
-}
-
-int
-main (int argc, char **argv)
-{
-    int optind = 0;
-    void (*fn)(OtpKey, char *, size_t);
-    OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
-
-    setprogname (argv[0]);
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(alg_string) {
-	alg = otp_find_alg (alg_string);
-	if (alg == NULL)
-	    errx(1, "Unknown algorithm: %s", alg_string);
-    }
-    argc -= optind;
-    argv += optind;
-
-    if (hexp) {
-	if (extendedp)
-	    fn = otp_print_hex_extended;
-	else
-	    fn = otp_print_hex;
-    } else {
-	if (extendedp)
-	    fn = otp_print_stddict_extended;
-	else
-	    fn = otp_print_stddict;
-    }
-
-    return print (argc, argv, count, alg, fn);
-}
diff --git a/crypto/heimdal/appl/otp/otpprint.cat1 b/crypto/heimdal/appl/otp/otpprint.cat1
deleted file mode 100644
index afd8c904a0b3..000000000000
--- a/crypto/heimdal/appl/otp/otpprint.cat1
+++ /dev/null
@@ -1,35 +0,0 @@
-OTP(1)                  FreeBSD General Commands Manual                 OTP(1)
-
-NNAAMMEE
-     oottpppprriinntt - print lists of one-time passwords
-
-SSYYNNOOPPSSIISS
-     oottpp [--nn _c_o_u_n_t] [--ee] [--hh] [--ff _a_l_g_o_r_i_t_h_m] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
-
-DDEESSCCRRIIPPTTIIOONN
-     The oottpppprriinntt program prints lists of OTPs.
-
-     Use this to print out a series of one-time passwords.  You will have to
-     supply the _s_e_q_u_e_n_c_e _n_u_m_b_e_r and the _s_e_e_d as arguments and then the program
-     will prompt you for your pass-phrase.
-
-     There are several different print formats.  The default is to print each
-     password with six short english words.
-
-     Options are:
-
-     --ee      Print the passwords in ``extended'' format.  In this format a
-             prefix that says ``hex:'' or ``word:'' is included.
-
-     --ff      To choose a different _a_l_g_o_r_i_t_h_m from the default md5.  Pick any
-             of: md4, md5, and sha.
-
-     --hh      Print the passwords in hex.
-
-     --nn      Print _c_o_u_n_t one-time passwords, starting at _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and
-             going backwards. The default is 10.
-
-SSEEEE AALLSSOO
-     otp(1)
-
-KTH-KRB                        November 17, 1996                       KTH-KRB
diff --git a/crypto/heimdal/appl/popper/ChangeLog b/crypto/heimdal/appl/popper/ChangeLog
deleted file mode 100644
index 8e24c1dca77d..000000000000
--- a/crypto/heimdal/appl/popper/ChangeLog
+++ /dev/null
@@ -1,197 +0,0 @@
-2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pop_dropcopy.c: use RESP-CODES
-
-	* pop_get_command.c: implement CAPA
-
-	* popper.c: don't print our version in the greeting string
-
-	* popper.h: add a flags parameter to the pop context
-
-2002-05-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pop_debug.c: revert some accidentally commited code in previous
-
-2002-02-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pop_debug.c: only claim krb5 support if really present
-
-2001-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* maildir.c: replace MAXDROPLEN with MAXPATHLEN
-
-	* popper.h: replace MAXDROPLEN with MAXPATHLEN
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* popper.8: rewritten man page
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* pop_init.c (pop_init): handle krb5_init_context failure
-	consistently
-	* pop_debug.c (doit_v5): handle krb5_init_context failure
-	consistently
-
-2000-06-10  Assar Westerlund  <assar@sics.se>
-
-	* pop_init.c (krb4_authenticate): do not exit on failure, just
-	return
-	(krb5_authenticate): log errors from krb5_recvauth
-
-2000-04-12  Assar Westerlund  <assar@sics.se>
-
-	* *.c: replace all erroneous calls to pop_log with POP_FAILURE
-	with POP_PRIORITY.  reported by Janne Johansson <jj@it.kth.se>'
-
-2000-01-27  Assar Westerlund  <assar@sics.se>
-
-	* pop_debug.c (main): figure out port number
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* pop_init.c (pop_init): use getnameinfo_verified
-
-	* pop_debug.c (get_socket): use getaddrinfo
-
-1999-12-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pop_init.c: optionally trace connected addresses to a file
-
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* pop_debug.c (main): redo the v4/v5 selection for consistency.
-  	-4 -> try only v4 -5 -> try only v5 none, -45 -> try v5, v4
-
-1999-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pop_init.c (krb5_authenticate): don't use the principal
-	associated with the socket for authentication, instead let
-	krb5_rd_req pick the correct one from the ticket; just check that
-	it actually was a pop-ticket
-
-1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pop_init.c (pop_init): don't freehostent if ch == NULL
-
-	* pop_dele.c: implement XDELE to delete a range of messages
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* pop_init.c: v6-ify
-
-	* pop_debug.c: v6-ify
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* pop_debug.c (doit_v5): call krb5_sendauth with ccache == NULL
-	
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* pop_debug.c (main): use print_version
-
-Thu Apr  8 15:07:11 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* pop_pass.c: remove definition of KRB_VERIFY_USER (moved to
- 	config.h)
-
-Thu Mar 18 12:55:42 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* pop_pass.c: define KRB_VERIFY_SECURE if not defined
-
-	* Makefile.am: include Makefile.am.common
-
-Wed Mar 17 23:36:21 1999  Assar Westerlund  <assar@sics.se>
-
-	* pop_pass.c (krb4_verify_password): use KRB_VERIFY_SECURE instead
- 	of 1
-
-Tue Mar 16 22:28:52 1999  Assar Westerlund  <assar@sics.se>
-
-	* pop_pass.c: krb_verify_user_multiple -> krb_verify_user
-
-Sat Mar 13 22:17:29 1999  Assar Westerlund  <assar@sics.se>
-
-	* pop_parse.c (pop_parse): cast when calling is* to get rid of a
- 	warning
-
-Mon Mar  8 11:50:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* pop_init.c: use print_version
-
-Fri Mar  5 15:14:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* pop_send.c: fix handling of messages w/o body
-
-Sun Nov 22 10:33:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* pop_pass.c (pop_pass): try to always log
-
-	* Makefile.in (WFLAGS): set
-
-Fri Jul 10 01:14:25 1998  Assar Westerlund  <assar@sics.se>
-
-	* pop_init.c: s/net_read/pop_net_read/
-
-Tue Jun  2 17:33:54 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* pop_send.c: add missing newlines
-
-Sun May 24 20:59:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* maildir.c (make_path): fix reversed args
-
-Sat May 16 00:02:18 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: link with DBLIB
-
-Sun Apr 26 11:47:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* pop_pass.c (pop_pass): check return value from changeuser
-
-	* pop_dropcopy.c (changeuser): check that `setuid' and `setgid'
- 	succeeded.
-
-	* popper.h: changeuser now returns int
-
-Thu Apr 23 00:54:38 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Add support for maildir spoolfiles.
-
-	* popper.h (MsgInfoList): replace `del_flag' and `retr_flag' with
-	single `flags'
-
-	* pop_dropcopy.c: Fix mismatched parenthesis.
-
-Sat Apr  4 15:13:56 1998  Assar Westerlund  <assar@sics.se>
-
-	* pop_dropcopy.c (pop_dropcopy): first do mkstemp and then fdopen.
-  	Originally from <map@stacken.kth.se>
-
-	* popper.h: include <io.h>
-
-Sat Feb  7 10:07:39 1998  Assar Westerlund  <assar@sics.se>
-
-	* pop_pass.c(krb4_verify_password: Don't use REALM_SZ + 1, just
- 	REALM_SZ
-
-Mon Dec 29 16:37:26 1997  Assar Westerlund  <assar@sics.se>
-
-	* pop_updt.c (pop_updt): lseek before ftruncating the file.  From
- 	<map@stacken.kth.se>
-
-Sat Nov 22 13:46:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* pop_pass.c: Destroy tickets after verification.
-
-Sun Nov  9 09:11:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* pop_dropinfo.c: be careful with mails without msg-id, subject,
- 	or from
-
-Wed Oct 29 02:09:24 1997  Assar Westerlund  <assar@sics.se>
-
-	* pop_pass.c: conditionalize OTP-support
-
-	* pop_init.c: conditionalize OTP-support
-
diff --git a/crypto/heimdal/appl/popper/Makefile b/crypto/heimdal/appl/popper/Makefile
deleted file mode 100644
index 510f8deadc2f..000000000000
--- a/crypto/heimdal/appl/popper/Makefile
+++ /dev/null
@@ -1,688 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/popper/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.14 2001/08/04 03:08:02 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_PROGRAMS = pop_debug
-
-libexec_PROGRAMS = popper
-
-popper_SOURCES = \
-	pop_dele.c pop_dropcopy.c pop_dropinfo.c \
-	pop_get_command.c pop_init.c \
-	pop_last.c pop_list.c pop_log.c \
-	pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
-	pop_rset.c pop_send.c pop_stat.c pop_updt.c \
-	pop_user.c pop_uidl.c pop_xover.c popper.c \
-	maildir.c popper.h version.h
-
-
-EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
-	popper.README.release README-FIRST README-KRB4
-
-
-LDADD = \
-	$(LIB_otp) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(DBLIB)
-
-
-man_MANS = popper.8
-subdir = appl/popper
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = popper$(EXEEXT)
-noinst_PROGRAMS = pop_debug$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-
-pop_debug_SOURCES = pop_debug.c
-pop_debug_OBJECTS = pop_debug.$(OBJEXT)
-pop_debug_LDADD = $(LDADD)
-pop_debug_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#pop_debug_DEPENDENCIES =
-pop_debug_LDFLAGS =
-am_popper_OBJECTS = pop_dele.$(OBJEXT) pop_dropcopy.$(OBJEXT) \
-	pop_dropinfo.$(OBJEXT) pop_get_command.$(OBJEXT) \
-	pop_init.$(OBJEXT) pop_last.$(OBJEXT) pop_list.$(OBJEXT) \
-	pop_log.$(OBJEXT) pop_msg.$(OBJEXT) pop_parse.$(OBJEXT) \
-	pop_pass.$(OBJEXT) pop_quit.$(OBJEXT) pop_rset.$(OBJEXT) \
-	pop_send.$(OBJEXT) pop_stat.$(OBJEXT) pop_updt.$(OBJEXT) \
-	pop_user.$(OBJEXT) pop_uidl.$(OBJEXT) pop_xover.$(OBJEXT) \
-	popper.$(OBJEXT) maildir.$(OBJEXT)
-popper_OBJECTS = $(am_popper_OBJECTS)
-popper_LDADD = $(LDADD)
-popper_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#popper_DEPENDENCIES =
-popper_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = pop_debug.c $(popper_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = README ChangeLog Makefile.am Makefile.in
-SOURCES = pop_debug.c $(popper_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/popper/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-pop_debug$(EXEEXT): $(pop_debug_OBJECTS) $(pop_debug_DEPENDENCIES) 
-	@rm -f pop_debug$(EXEEXT)
-	$(LINK) $(pop_debug_LDFLAGS) $(pop_debug_OBJECTS) $(pop_debug_LDADD) $(LIBS)
-popper$(EXEEXT): $(popper_OBJECTS) $(popper_DEPENDENCIES) 
-	@rm -f popper$(EXEEXT)
-	$(LINK) $(popper_LDFLAGS) $(popper_OBJECTS) $(popper_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/popper/Makefile.am b/crypto/heimdal/appl/popper/Makefile.am
deleted file mode 100644
index e3311dadf7b7..000000000000
--- a/crypto/heimdal/appl/popper/Makefile.am
+++ /dev/null
@@ -1,31 +0,0 @@
-# $Id: Makefile.am,v 1.14 2001/08/04 03:08:02 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-noinst_PROGRAMS = pop_debug
-
-libexec_PROGRAMS = popper
-
-popper_SOURCES = \
-	pop_dele.c pop_dropcopy.c pop_dropinfo.c \
-	pop_get_command.c pop_init.c \
-	pop_last.c pop_list.c pop_log.c \
-	pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
-	pop_rset.c pop_send.c pop_stat.c pop_updt.c \
-	pop_user.c pop_uidl.c pop_xover.c popper.c \
-	maildir.c popper.h version.h
-
-EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
-	popper.README.release README-FIRST README-KRB4
-
-LDADD = \
-	$(LIB_otp) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(DBLIB)
-
-man_MANS = popper.8
diff --git a/crypto/heimdal/appl/popper/Makefile.in b/crypto/heimdal/appl/popper/Makefile.in
deleted file mode 100644
index 59fd8b009c5f..000000000000
--- a/crypto/heimdal/appl/popper/Makefile.in
+++ /dev/null
@@ -1,688 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.14 2001/08/04 03:08:02 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_PROGRAMS = pop_debug
-
-libexec_PROGRAMS = popper
-
-popper_SOURCES = \
-	pop_dele.c pop_dropcopy.c pop_dropinfo.c \
-	pop_get_command.c pop_init.c \
-	pop_last.c pop_list.c pop_log.c \
-	pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
-	pop_rset.c pop_send.c pop_stat.c pop_updt.c \
-	pop_user.c pop_uidl.c pop_xover.c popper.c \
-	maildir.c popper.h version.h
-
-
-EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
-	popper.README.release README-FIRST README-KRB4
-
-
-LDADD = \
-	$(LIB_otp) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(DBLIB)
-
-
-man_MANS = popper.8
-subdir = appl/popper
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = popper$(EXEEXT)
-noinst_PROGRAMS = pop_debug$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-
-pop_debug_SOURCES = pop_debug.c
-pop_debug_OBJECTS = pop_debug.$(OBJEXT)
-pop_debug_LDADD = $(LDADD)
-@KRB5_TRUE@pop_debug_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB5_FALSE@pop_debug_DEPENDENCIES =
-pop_debug_LDFLAGS =
-am_popper_OBJECTS = pop_dele.$(OBJEXT) pop_dropcopy.$(OBJEXT) \
-	pop_dropinfo.$(OBJEXT) pop_get_command.$(OBJEXT) \
-	pop_init.$(OBJEXT) pop_last.$(OBJEXT) pop_list.$(OBJEXT) \
-	pop_log.$(OBJEXT) pop_msg.$(OBJEXT) pop_parse.$(OBJEXT) \
-	pop_pass.$(OBJEXT) pop_quit.$(OBJEXT) pop_rset.$(OBJEXT) \
-	pop_send.$(OBJEXT) pop_stat.$(OBJEXT) pop_updt.$(OBJEXT) \
-	pop_user.$(OBJEXT) pop_uidl.$(OBJEXT) pop_xover.$(OBJEXT) \
-	popper.$(OBJEXT) maildir.$(OBJEXT)
-popper_OBJECTS = $(am_popper_OBJECTS)
-popper_LDADD = $(LDADD)
-@KRB5_TRUE@popper_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB5_FALSE@popper_DEPENDENCIES =
-popper_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = pop_debug.c $(popper_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = README ChangeLog Makefile.am Makefile.in
-SOURCES = pop_debug.c $(popper_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/popper/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-pop_debug$(EXEEXT): $(pop_debug_OBJECTS) $(pop_debug_DEPENDENCIES) 
-	@rm -f pop_debug$(EXEEXT)
-	$(LINK) $(pop_debug_LDFLAGS) $(pop_debug_OBJECTS) $(pop_debug_LDADD) $(LIBS)
-popper$(EXEEXT): $(popper_OBJECTS) $(popper_DEPENDENCIES) 
-	@rm -f popper$(EXEEXT)
-	$(LINK) $(popper_LDFLAGS) $(popper_OBJECTS) $(popper_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/popper/README b/crypto/heimdal/appl/popper/README
deleted file mode 100644
index 0735fdd56c39..000000000000
--- a/crypto/heimdal/appl/popper/README
+++ /dev/null
@@ -1,381 +0,0 @@
-@(#)@(#)README	2.6   2.6 4/2/91
-
-
-The Post Office Protocol Server:  Installation Guide
-
-
-
-Introduction
-
-The Post Office Protocol server runs on a variety of Unix[1] computers
-to manage electronic mail for Macintosh and MS-DOS computers.  The
-server was developed at the University of California at Berkeley and
-conforms fully to the specifications in RFC 1081[2] and RFC 1082[3].
-The Berkeley server also has extensions to send electronic mail on
-behalf of a client.
-
-This guide explains how to install the POP server on your Unix
-computer.  It assumes that you are not only familiar with Unix but also
-capable of performing Unix system administration.
-
-
-How to Obtain the Server
-
-The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU
-(128.32.136.9, 128.32.206.12).  It is in two files in the pub directory:
-a compressed tar file popper-version.tar.Z and a Macintosh StuffIt archive
-in BinHex format called MacPOP.sit.hqx.
-
-
-Contents of the Distribution
-
-The distribution contains the following:
-
-+   All of the C source necessary to create the server program.
-
-+   A visual representation of how the POP system works.
-
-+   Reprints of RFC 1081 and RFC 1082.
-
-+   A HyperCard stack POP client implementation using MacTCP.
-
-+   A man page for the popper daemon.
-
-+   This guide.
-
-
-Compatibility
-
-The Berkeley POP server has been successfully tested on the following
-Unix operating systems:
-
-+   Berkeley Systems Distribution 4.3
-
-+   Sun Microsystems Operating System versions 3.5 and 4.0
-
-+   Ultrix version 2.3
-
-The following POP clients operate correctly with the Berkeley POP server:
-
-+   The Berkeley HyperMail HyperCard stack for the Apple Macintosh 
-    (distributed with the server).
-
-+   The Stanford University Macintosh Internet Protocol MacMH program.
-
-+   The Stanford University Personal Computer Internet Protocol MH 
-    program.
-
-+   The mh version 6.0 programs for Unix.
-
-
-Support
-
-The Berkeley POP server is not officially supported and is without any
-warranty, explicit or implied.  However, we are interested in your
-experiences using the server.  Bugs, comments and suggestions should be
-sent electronically to netinfo@garnet.Berkeley.EDU.
-
-
-Operational Characteristics
-
-The POP Transaction Cycle
-
-The Berkeley POP server is a single program (called popper) that is
-launched by inetd when it gets a service request on the POP TCP port.
-(The official port number specified in RFC 1081 for POP version 3 is
-port 110.  However, some POP3 clients attempt to contact the server at
-port 109, the POP version 2 port.  Unless you are running both POP2 and
-POP3 servers, you can simply define both ports for use by the POP3
-server.  This is explained in the installation instructions later on.)
-The popper program initializes and verifies that the peer IP address is
-registered in the local domain, logging a warning message when a
-connection is made to a client whose IP address does not have a
-canonical name.  For systems using BSD 4.3 bind, it also checks to see
-if a cannonical name lookup for the client returns the same peer IP
-address, logging a warning message if it does not.  The the server
-enters the authorization state, during which the client must correctly
-identify itself by providing a valid Unix userid and password on the
-server's host machine.  No other exchanges are allowed during this
-state (other than a request to quit.)  If authentication fails, a
-warning message is logged and the session ends.  Once the user is
-identified, popper changes its user and group ids to match that of the
-user and enters the transaction state.  The server makes a temporary
-copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
-used for all subsequent transactions.  These include the bulk of POP
-commands to retrieve mail, delete mail, undelete mail, and so forth.  A
-Berkeley extension also allows the user to submit a mail parcel to the
-server who mails it using the sendmail program (this extension is
-supported in the HyperMail client distributed with the server).  When
-the client quits, the server enters the final update state during which
-the network connection is terminated and the user's maildrop is updated
-with the (possibly) modified temporary maildrop.
-
-
-Logging
-
-The POP server uses syslog to keep a record of its activities.  On
-systems with BSD 4.3 syslogging, the server logs (by default) to the
-"local0" facility at priority "notice" for all messages except
-debugging which is logged at priority "debug".  The default log file is
-/usr/spool/mqueue/POPlog.  These can be changed, if desired.  On
-systems with 4.2 syslogging all messages are logged to the local log
-file, usually /usr/spool/mqueue/syslog.
-
-Problems
-
-If the filesystem which holds the /usr/spool/mail fills up users will 
-experience difficulties.  The filesystem must have enough space to hold
-(approximately) two copies of the largest mail box.  Popper (v1.81 and
-above) is designed to be robust in the face of this problem, but you may
-end up with a situation where some of the user's mail is in
-
-	/usr/spool/mail/.userid.pop
-
-and some of the mail is in
-
-	/usr/spool/mail/userid
-
-If this happens the System Administrator should clear enough disk space
-so that the filesystem has at least as much free disk as both mailboxes
-hold and probably a little more.  Then the user should initiate a POP
-session, and do nothing but quit.  If the POP session ends without an
-error the user can then use POP or another mail program to clean up his/her
-mailbox.
-
-Alternatively, the System Administrator can combine the two files (but
-popper will do this for you if there is enough disk space).
-
-
-Debugging
-
-The popper program will log debugging information when the -d parameter
-is specified after its invocation in the inetd.conf file.  Care should
-be exercised in using this option since it generates considerable
-output in the syslog file.  Alternatively, the "-t <file-name>" option
-will place debugging information into file "<file-name>" using fprintf
-instead of syslog.  (To enable debugging, you must edit the Makefile
-to add -DDEBUG to the compiler options.)
-
-For SunOS version 3.5, the popper program is launched by inetd from
-/etc/servers.  This file does not allow you to specify command line
-arguments.  Therefore, if you want to enable debugging, you can specify
-a shell script in /etc/servers to be launched instead of popper and in
-this script call popper with the desired arguments.
-
-
-Installation
-
-1.  Examine this file for the latest information, warnings, etc.
-
-2.  Check the Makefile for conformity with your system.
-
-3.  Issue the make command in the directory containing the popper 
-    source.
-
-4.  Issue the make install command in the directory containing the 
-    popper source to copy the program to /usr/etc.
-
-5.  Enable syslogging:
-
-    +   For systems with 4.3 syslogging:
-
-        Add the following line to the /etc/syslog.conf file:
-
-            local0.notice;local0.debug  /usr/spool/mqueue/POPlog
-
-        Create the empty file /usr/spool/mqueue/POPlog.
-
-        Kill and restart the syslogd daemon.
-
-    +   For systems with 4.2 syslogging:
-
-        Be sure that you are logging messages of priority 7 and higher.  
-        For example:
-
-            7/usr/spool/mqueue/syslog
-            9/dev/null
-
-6.  Update /etc/services:
-
-    Add the following line to the /etc/services file:
-
-        pop 110/tcp
-
-    Note:  This is the official port number for version 3 of the
-    Post Office Protocol as defined in RFC 1081.  However, some
-    POP3 clients use port 109, the port number for the previous
-    version (2) of POP.  Therefore you may also want to add the
-    following line to the /etc/services file:
-
-    pop2    109/tcp
-
-    For Sun systems running yp, also do the following:
-
-    +   Change to the /var/yp directory.
-
-    +   Issue the make services command.
-
-7.  Update the inetd daemon configuration.  Include the second line ONLY if you
-    are running the server at both ports.
-
-    +   On BSD 4.3 and SunOS 4.0 systems, add the following line to the 
-        /etc/inetd.conf file:
-
-        pop stream tcp nowait root /usr/etc/popper popper
-        pop2 stream tcp nowait root /usr/etc/popper popper
-
-    +   On Ultrix systems, add the following line to the 
-        /etc/inetd.conf file:
-
-        pop stream tcp nowait /usr/etc/popper popper
-        pop2 stream tcp nowait /usr/etc/popper popper
-
-    +   On SunOS 3.5 systems, add the following line to the 
-        /etc/servers file:
-
-        pop tcp /usr/etc/popper
-        pop2 tcp /usr/etc/popper
-
-        Kill and restart the inetd daemon.
-
-You can confirm that the POP server is running on Unix by telneting to
-port 110 (or 109 if you set it up that way).  For example:
-
-%telnet myhost 110
-Trying...
-Connected to myhost.berkeley.edu.
-Escape character is '^]'.
-+OK UCB Pop server (version 1.6) at myhost starting.
-quit
-Connection closed by foreign host.
-
-
-Release Notes
-
-1.83    Make sure that everything we do as root is non-destructive.
-
-1.82	Make the /usr/spool/mail/.userid.pop file owned by the user rather
-	than owned by root.
-
-1.81	There were two versions of 1.7 floating around, 1.7b4 and 1.7b5.
-	The difference is that 1.7b5 attempted to save disk space on 
-	/usr/spool/mail by deleting the users permanent maildrop after
-	making the temporary copy.  Unfortunately, if compiled with 
-	-DDEBUG, this version could easily wipe out a users' mail file.
-	This is now fixed.
-
-	This version also fixes a security hole for systems that have
-	/usr/spool/mail writeable by all users.
-
-	With this version we go to all new SCCS IDs for all files.  This
-	is unfortunate, and we hope it is not too much of a problem.
-
-	Thanks to Steve Dorner of UIUC for pointing out the major problem.
-
-1.7     Extensive re-write of the maildrop processing code contributed by 
-        Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
-        possibility that the maildrop can be corrupted as the result of
-        simultaneous access by two or more processes.
-
-        Added "pop_dropcopy" module to create a temporary maildrop from
-        the existing, standard maildrop as root before the setuid and 
-        setgid for the user is done.  This allows the temporary maildrop
-        to be created in a mail spool area that is not world read-writable.
-
-        This version does *not* send the sendmail "From " delimiter line
-        in response to a TOP or RETR command.
-
-        Encased all debugging code in #ifdef DEBUG constructs.  This code can
-        be included by specifying the DEGUG compiler flag.  Note:  You still
-        need to use the -d or -t option to obtain debugging output.
-
-1.6     Corrects a bug that causes the server to crash on SunOS
-        4.0 systems.
-
-        Uses varargs and vsprintf (if available) in pop_log and
-        pop_msg.  This is enabled by the "HAVE_VSPRINTF"
-        compiler flag.
-
-        For systems with BSD 4.3 bind, performs a cannonical
-        name lookup and searches the returned address(es) for
-        the client's address, logging a warning message if it
-        is not located.  This is enabled by the "BIND43"
-        comiler flag.
-
-        Removed all the includes from popper.h and distributed
-        them throughout the porgrams files, as needed.
-
-        Reformatted the source to convert tabs to spaces and
-        shorten lines for display on 80-column terminals.
-
-1.5     Creates the temporary maildrop with mode "600" and
-        immediately unlinks it.
-
-        Uses client's IP address in lieu of a canonical name if
-        the latter cannot be obtained.
-
-        Added "-t <file-name>" option.  The presence of this
-        option causes debugging output to be placed in the file
-        "file-name" using fprintf instead of the system log
-        file using syslog.
-
-        Corrected maildrop parsing problem.
-
-1.4     Copies user's mail into a temporary maildrop on which
-        all subsequent activity is performed.
-
-        Added "pop_log" function and replaced "syslog" calls
-        throughout the code with it.
-
-1.3     Corrected updating of Status: header line.
-
-        Added strncasecmp for systems that do not have one.
-        Used strncasecmp in all appropriate places.  This is
-        enabled by the STRNCASECMP compiler flag.
-
-1.2     Support for version 4.2 syslogging added.  This is
-        enabled by the SYSLOG42 compiler flag.
-
-1.1     Several bugs fixed.
-
-1.0     Original version.
-
-
-Limitations
-
-+   The POP server copies the user's entire maildrop to /tmp and
-    then operates on that copy.  If the maildrop is particularly
-    large, or inadequate space is available in /tmp, then the
-    server will refuse to continue and terminate the connection.
-
-+   Simultaneous modification of a single maildrop can result in 
-    confusing results.  For example, manipulating messages in a
-    maildrop using the Unix /usr/ucb/mail command while a copy of
-    it is being processed by the POP server can cause the changes
-    made by one program to be lost when the other terminates.  This
-    problem is being worked on and will be fixed in a later
-    release.
-
-
-Credits
-
-The POP server was written by Edward Moy and Austin Shelton with
-contributions from Robert Campbell (U.C. Berkeley) and Viktor Dukhovni
-(Princeton University).  Edward Moy wrote the HyperMail stack and drew
-the POP operation diagram.  This installation guide was written by
-Austin Shelton.
-
-
-Footnotes
-
-[1] Copyright (c) 1990 Regents of the University of California.
-    All rights reserved.  The Berkeley software License Agreement
-    specifies the terms and conditions for redistribution.  Unix is
-    a registered trademark of AT&T corporation.  HyperCard and
-    Macintosh are registered trademarks of Apple Corporation.
-
-[2] M. Rose, Post Office Protocol - Version 3.  RFC  1081, NIC, 
-    November 1988.
-
-[3] M. Rose, Post Office Protocol - Version 3 Extended Service 
-    Offerings.  RFC 1082, NIC, November 1988.
diff --git a/crypto/heimdal/appl/popper/README-FIRST b/crypto/heimdal/appl/popper/README-FIRST
deleted file mode 100644
index 3d78fb644b62..000000000000
--- a/crypto/heimdal/appl/popper/README-FIRST
+++ /dev/null
@@ -1,11 +0,0 @@
-This kerberized popper was based on popper-1.831beta
-which was later announced as "offical" and not beta.
-
-This program is able to talk both the pop3 and the kpop3 protocol.
-
-Please note that the server principal is pop.hostname and not
-rcmd.hostname. I.e an additional entry is needed in your mailhub's
-/etc/srvtab. Use ksrvutil to add the extra prinicpal.
-
-The server is usually started from inetd and there is already an entry
-for that in inetd.conf.changes.
diff --git a/crypto/heimdal/appl/popper/README-KRB4 b/crypto/heimdal/appl/popper/README-KRB4
deleted file mode 100644
index f029cf97c2de..000000000000
--- a/crypto/heimdal/appl/popper/README-KRB4
+++ /dev/null
@@ -1,3 +0,0 @@
-Define KERBEROS if you want support for Kerberos V4 style
-authentification, then you will be able to start a kerberise pop with
-the `-k' flag.
diff --git a/crypto/heimdal/appl/popper/maildir.c b/crypto/heimdal/appl/popper/maildir.c
deleted file mode 100644
index 4953d4bd4e88..000000000000
--- a/crypto/heimdal/appl/popper/maildir.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <popper.h>
-#include <dirent.h>
-RCSID("$Id: maildir.c,v 1.6 2001/09/10 11:56:53 joda Exp $");
-
-static void
-make_path(POP *p, MsgInfoList *mp, int new, char *buf, size_t len)
-{
-    snprintf(buf, len, "%s/%s%s%s", p->drop_name, 
-	     new ? "new" : "cur", mp ? "/" : "", mp ? mp->name : "");
-}
-
-static int
-scan_file(POP *p, MsgInfoList *mp)
-{
-    char path[MAXPATHLEN];
-    FILE *f;
-    char buf[1024];
-    int eoh = 0;
-
-    make_path(p, mp, mp->flags & NEW_FLAG, path, sizeof(path));
-    f = fopen(path, "r");
-
-    if(f == NULL) {
-#ifdef DEBUG
-	if(p->debug)
-	    pop_log(p, POP_DEBUG, 
-		    "Failed to open message file `%s': %s", 
-		    path, strerror(errno));
-#endif
-	return pop_msg (p, POP_FAILURE,
-			"Failed to open message file `%s'", path);
-    }
-    while(fgets(buf, sizeof(buf), f)) {
-	if(buf[strlen(buf) - 1] == '\n')
-	    mp->lines++;
-	mp->length += strlen(buf);
-	if(eoh)
-	    continue;
-	if(strcmp(buf, "\n") == 0)
-	    eoh = 1;
-	parse_header(mp, buf);
-    }
-    fclose(f);
-    return add_missing_headers(p, mp);
-}
-
-static int
-scan_dir(POP *p, int new)
-{
-    char tmp[MAXPATHLEN];
-    DIR *dir;
-    struct dirent *dent;
-    MsgInfoList *mp = p->mlp;
-    int n_mp = p->msg_count;
-    int e;
-
-    make_path(p, NULL, new, tmp, sizeof(tmp));
-    mkdir(tmp, 0700);
-    dir = opendir(tmp);
-    while((dent = readdir(dir)) != NULL) {
-	if(strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0)
-	    continue;
-	mp = realloc(mp, (n_mp + 1) * sizeof(*mp));
-	if(mp == NULL) {
-	    p->msg_count = 0;
-	    return pop_msg (p, POP_FAILURE,
-			    "Can't build message list for '%s': Out of memory",
-                            p->user);
-	}
-	memset(mp + n_mp, 0, sizeof(*mp));
-	mp[n_mp].name = strdup(dent->d_name);
-	if(mp[n_mp].name == NULL) {
-	    p->msg_count = 0;
-	    return pop_msg (p, POP_FAILURE,
-			    "Can't build message list for '%s': Out of memory",
-                            p->user);
-	}
-	mp[n_mp].number = n_mp + 1;
-	mp[n_mp].flags = 0;
-	if(new)
-	    mp[n_mp].flags |= NEW_FLAG;
-	e = scan_file(p, &mp[n_mp]);
-	if(e != POP_SUCCESS)
-	    return e;
-        p->drop_size += mp[n_mp].length;
-	n_mp++;
-    }
-    closedir(dir);
-    p->mlp = mp;
-    p->msg_count = n_mp;
-    return POP_SUCCESS;
-}
-
-int
-pop_maildir_info(POP *p)
-{
-    int e;
-    
-    p->temp_drop[0] = '\0';
-    p->mlp = NULL;
-    p->msg_count = 0;
-
-    e = scan_dir(p, 0);
-    if(e != POP_SUCCESS) return e;
-
-    e = scan_dir(p, 1);
-    if(e != POP_SUCCESS) return e;
-    return POP_SUCCESS;
-}
-
-int
-pop_maildir_update(POP *p)
-{
-    int i;
-    char tmp1[MAXPATHLEN], tmp2[MAXPATHLEN];
-    for(i = 0; i < p->msg_count; i++) {
-	make_path(p, &p->mlp[i], p->mlp[i].flags & NEW_FLAG, 
-		  tmp1, sizeof(tmp1));
-	if(p->mlp[i].flags & DEL_FLAG) {
-#ifdef DEBUG
-	    if(p->debug)
-		pop_log(p, POP_DEBUG, "Removing `%s'", tmp1);
-#endif
-	    if(unlink(tmp1) < 0) {
-#ifdef DEBUG
-		if(p->debug)
-		    pop_log(p, POP_DEBUG, "Failed to remove `%s': %s", 
-			    tmp1, strerror(errno));
-#endif
-		/* return failure? */
-	    }
-	} else if((p->mlp[i].flags & NEW_FLAG) && 
-		  (p->mlp[i].flags & RETR_FLAG)) {
-	    make_path(p, &p->mlp[i], 0, tmp2, sizeof(tmp2));
-#ifdef DEBUG
-	    if(p->debug)
-		pop_log(p, POP_DEBUG, "Linking `%s' to `%s'", tmp1, tmp2);
-#endif
-	    if(link(tmp1, tmp2) == 0) {
-#ifdef DEBUG
-		if(p->debug)
-		    pop_log(p, POP_DEBUG, "Removing `%s'", tmp1);
-#endif
-		if(unlink(tmp1) < 0) {
-#ifdef DEBUG
-		    if(p->debug)
-			pop_log(p, POP_DEBUG, "Failed to remove `%s'", tmp1);
-#endif
-		    /* return failure? */
-		}
-	    } else {
-		if(errno == EXDEV) {
-#ifdef DEBUG
-		    if(p->debug)
-			pop_log(p, POP_DEBUG, "Trying to rename `%s' to `%s'", 
-				tmp1, tmp2);
-#endif
-		    if(rename(tmp1, tmp2) < 0) {
-#ifdef DEBUG
-		    if(p->debug)
-			pop_log(p, POP_DEBUG, "Failed to rename `%s' to `%s'", 
-				tmp1, tmp2);
-#endif
-		    }
-		}
-	    }
-	}
-    }
-    return(pop_quit(p));
-}
-
-int
-pop_maildir_open(POP *p, MsgInfoList *mp)
-{
-    char tmp[MAXPATHLEN];
-    make_path(p, mp, mp->flags & NEW_FLAG, tmp, sizeof(tmp));
-    if(p->drop)
-	fclose(p->drop);
-    p->drop = fopen(tmp, "r");
-    if(p->drop == NULL)
-	return pop_msg(p, POP_FAILURE, "Failed to open message file");
-    return POP_SUCCESS;
-}
diff --git a/crypto/heimdal/appl/popper/pop3.rfc1081 b/crypto/heimdal/appl/popper/pop3.rfc1081
deleted file mode 100644
index 08ea6dd1430b..000000000000
--- a/crypto/heimdal/appl/popper/pop3.rfc1081
+++ /dev/null
@@ -1,898 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            M. Rose
-Request for Comments: 1081                                           TWG
-                                                           November 1988
-
-                    Post Office Protocol - Version 3
-
-
-Status of this Memo
-
-   This memo suggests a simple method for workstations to dynamically
-   access mail from a mailbox server.  This RFC specifies a proposed
-   protocol for the Internet community, and requests discussion and
-   suggestions for improvements.  Distribution of this memo is
-   unlimited.
-
-   This memo is based on RFC 918 (since revised as RFC 937).  Although
-   similar in form to the original Post Office Protocol (POP) proposed
-   for the Internet community, the protocol discussed in this memo is
-   similar in spirit to the ideas investigated by the MZnet project at
-   the University of California, Irvine.
-
-   Further, substantial work was done on examining POP in a PC-based
-   environment.  This work, which resulted in additional functionality
-   in this protocol, was performed by the ACIS Networking Systems Group
-   at Stanford University.  The author gratefully acknowledges their
-   interest.
-
-Introduction
-
-   On certain types of smaller nodes in the Internet it is often
-   impractical to maintain a message transport system (MTS).  For
-   example, a workstation may not have sufficient resources (cycles,
-   disk space) in order to permit a SMTP server and associated local
-   mail delivery system to be kept resident and continuously running.
-   Similarly, it may be expensive (or impossible) to keep a personal
-   computer interconnected to an IP-style network for long amounts of
-   time (the node is lacking the resource known as "connectivity").
-
-   Despite this, it is often very useful to be able to manage mail on
-   these smaller nodes, and they often support a user agent (UA) to aid
-   the tasks of mail handling.  To solve this problem, a node which can
-   support an MTS entity offers a maildrop service to these less endowed
-   nodes.  The Post Office Protocol - Version 3 (POP3) is intended to
-   permit a workstation to dynamically access a maildrop on a server
-   host in a useful fashion.  Usually, this means that the POP3 is used
-   to allow a workstation to retrieve mail that the server is holding
-   for it.
-
-
-
-
-Rose                                                            [Page 1]
-
-RFC 1081                          POP3                     November 1988
-
-
-   For the remainder of this memo, the term "client host" refers to a
-   host making use of the POP3 service, while the term "server host"
-   refers to a host which offers the POP3 service.
-
-A Short Digression
-
-   This memo does not specify how a client host enters mail into the
-   transport system, although a method consistent with the philosophy of
-   this memo is presented here:
-
-      When the user agent on a client host wishes to enter a message
-      into the transport system, it establishes an SMTP connection to
-      its relay host (this relay host could be, but need not be, the
-      POP3 server host for the client host).
-
-   If this method is followed, then the client host appears to the MTS
-   as a user agent, and should NOT be regarded as a "trusted" MTS entity
-   in any sense whatsoever.  This concept, along with the role of the
-   POP3 as a part of a split-UA model is discussed later in this memo.
-
-   Initially, the server host starts the POP3 service by listening on
-   TCP port 110.  When a client host wishes to make use of the service,
-   it establishes a TCP connection with the server host.  When the
-   connection is established, the POP3 server sends a greeting.  The
-   client and POP3 server then exchange commands and responses
-   (respectively) until the connection is closed or aborted.
-
-   Commands in the POP3 consist of a keyword possibly followed by an
-   argument.  All commands are terminated by a CRLF pair.
-
-   Responses in the POP3 consist of a success indicator and a keyword
-   possibly followed by additional information.  All responses are
-   terminated by a CRLF pair.  There are currently two success
-   indicators: positive ("+OK") and negative ("-ERR").
-
-   Responses to certain commands are multi-line.  In these cases, which
-   are clearly indicated below, after sending the first line of the
-   response and a CRLF, any additional lines are sent, each terminated
-   by a CRLF pair.  When all lines of the response have been sent, a
-   final line is sent, consisting of a termination octet (decimal code
-   046, ".") and a CRLF pair.  If any line of the multi-line response
-   begins with the termination octet, the line is "byte-stuffed" by
-   pre-pending the termination octet to that line of the response.
-   Hence a multi-line response is terminated with the five octets
-   "CRLF.CRLF".  When examining a multi-line response, the client checks
-   to see if the line begins with the termination octet.  If so and if
-   octets other than CRLF follow, the the first octet of the line (the
-   termination octet) is stripped away.  If so and if CRLF immediately
-
-
-
-Rose                                                            [Page 2]
-
-RFC 1081                          POP3                     November 1988
-
-
-   follows the termination character, then the response from the POP
-   server is ended and the line containing ".CRLF" is not considered
-   part of the multi-line response.
-
-   A POP3 session progresses through a number of states during its
-   lifetime.  Once the TCP connection has been opened and the POP3
-   server has sent the greeting, the session enters the AUTHORIZATION
-   state.  In this state, the client must identify itself to the POP3
-   server.  Once the client has successfully done this, the server
-   acquires resources associated with the client's maildrop, and the
-   session enters the TRANSACTION state.  In this state, the client
-   requests actions on the part of the POP3 server.  When the client has
-   finished its transactions, the session enters the UPDATE state.  In
-   this state, the POP3 server releases any resources acquired during
-   the TRANSACTION state and says goodbye.  The TCP connection is then
-   closed.
-
-The AUTHORIZATION State
-
-   Once the TCP connection has been opened by a POP3 client, the POP3
-   server issues a one line greeting.  This can be any string terminated
-   by CRLF.  An example might be:
-
-      S.  +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU)
-
-   Note that this greeting is a POP3 reply.  The POP3 server should
-   always give a positive response as the greeting.
-
-   The POP3 session is now in the AUTHORIZATION state.  The client must
-   now issue the USER command.  If the POP3 server responds with a
-   positive success indicator ("+OK"), then the client may issue either
-   the PASS command to complete the authorization, or the QUIT command
-   to terminate the POP3 session.  If the POP3 server responds with a
-   negative success indicator ("-ERR") to the USER command, then the
-   client may either issue a new USER command or may issue the QUIT
-   command.
-
-   When the client issues the PASS command, the POP3 server uses the
-   argument pair from the USER and PASS commands to determine if the
-   client should be given access to the appropriate maildrop.  If so,
-   the POP3 server then acquires an exclusive-access lock on the
-   maildrop.  If the lock is successfully acquired, the POP3 server
-   parses the maildrop into individual messages (read note below),
-   determines the last message (if any) present in the maildrop that was
-   referenced by the RETR command, and responds with a positive success
-   indicator.  The POP3 session now enters the TRANSACTION state.  If
-   the lock can not be acquired or the client should is denied access to
-   the appropriate maildrop or the maildrop can't be parsed for some
-
-
-
-Rose                                                            [Page 3]
-
-RFC 1081                          POP3                     November 1988
-
-
-   reason, the POP3 server responds with a negative success indicator.
-   (If a lock was acquired but the POP3 server intends to respond with a
-   negative success indicator, the POP3 server must release the lock
-   prior to rejecting the command.)  At this point, the client may
-   either issue a new USER command and start again, or the client may
-   issue the QUIT command.
-
-                 NOTE: Minimal implementations of the POP3 need only be
-                 able to break a maildrop into its component messages;
-                 they need NOT be able to parse individual messages.
-                 More advanced implementations may wish to have this
-                 capability, for reasons discussed later.
-
-   After the POP3 server has parsed the maildrop into individual
-   messages, it assigns a message-id to each message, and notes the size
-   of the message in octets.  The first message in the maildrop is
-   assigned a message-id of "1", the second is assigned "2", and so on,
-   so that the n'th message in a maildrop is assigned a message-id of
-   "n".  In POP3 commands and responses, all message-id's and message
-   sizes are expressed in base-10 (i.e., decimal).
-
-   It sets the "highest number accessed" to be that of the last message
-   referenced by the RETR command.
-
-   Here are summaries for the three POP3 commands discussed thus far:
-
-           USER name
-               Arguments: a server specific user-id (required)
-               Restrictions: may only be given in the AUTHORIZATION
-                   state after the POP3 greeting or after an
-                   unsuccessful USER or PASS command
-               Possible Responses:
-                   +OK name is welcome here
-                   -ERR never heard of name
-               Examples:
-                   C:    USER mrose
-                   S:    +OK mrose is a real hoopy frood
-                     ...
-                   C:    USER frated
-                   S:    -ERR sorry, frated doesn't get his mail here
-
-           PASS string
-               Arguments: a server/user-id specific password (required)
-               Restrictions: may only be given in the AUTHORIZATION
-                   state after a successful USER command
-               Possible Responses:
-                   +OK maildrop locked and ready
-                   -ERR invalid password
-
-
-
-Rose                                                            [Page 4]
-
-RFC 1081                          POP3                     November 1988
-
-
-                   -ERR unable to lock maildrop
-               Examples:
-                   C:    USER mrose
-                   S:    +OK mrose is a real hoopy frood
-                   C:    PASS secret
-                   S:    +OK mrose's maildrop has 2 messages
-                         (320 octets)
-                     ...
-                   C:    USER mrose
-                   S:    +OK mrose is a real hoopy frood
-                   C:    PASS secret
-                   S:    -ERR unable to lock mrose's maildrop, file
-                         already locked
-
-           QUIT
-               Arguments: none
-               Restrictions: none
-               Possible Responses:
-                   +OK
-               Examples:
-                   C:    QUIT
-                   S:    +OK dewey POP3 server signing off
-
-
-The TRANSACTION State
-
-   Once the client has successfully identified itself to the POP3 server
-   and the POP3 server has locked and burst the appropriate maildrop,
-   the POP3 session is now in the TRANSACTION state.  The client may now
-   issue any of the following POP3 commands repeatedly.  After each
-   command, the POP3 server issues a response.  Eventually, the client
-   issues the QUIT command and the POP3 session enters the UPDATE state.
-
-   Here are the POP3 commands valid in the TRANSACTION state:
-
-           STAT
-               Arguments: none
-               Restrictions: may only be given in the TRANSACTION state.
-               Discussion:
-
-                 The POP3 server issues a positive response with a line
-                 containing information for the maildrop.  This line is
-                 called a "drop listing" for that maildrop.
-
-                 In order to simplify parsing, all POP3 servers are
-                 required to use a certain format for drop listings.
-                 The first octets present must indicate the number of
-                 messages in the maildrop.  Following this is the size
-
-
-
-Rose                                                            [Page 5]
-
-RFC 1081                          POP3                     November 1988
-
-
-                 of the maildrop in octets.  This memo makes no
-                 requirement on what follows the maildrop size.
-                 Minimal implementations should just end that line of
-                 the response with a CRLF pair.  More advanced
-                 implementations may include other information.
-
-                      NOTE: This memo STRONGLY discourages
-                      implementations from supplying additional
-                      information in the drop listing.  Other,
-                      optional, facilities are discussed later on
-                      which permit the client to parse the messages
-                      in the maildrop.
-
-                 Note that messages marked as deleted are not counted in
-                 either total.
-
-               Possible Responses:
-                   +OK nn mm
-               Examples:
-                   C:    STAT
-                   S:    +OK 2 320
-
-           LIST [msg]
-               Arguments: a message-id (optionally)  If a message-id is
-                   given, it may NOT refer to a message marked as
-                   deleted.
-               Restrictions: may only be given in the TRANSACTION state.
-               Discussion:
-
-                 If an argument was given and the POP3 server issues a
-                 positive response with a line containing information
-                 for that message.  This line is called a "scan listing"
-                 for that message.
-
-                 If no argument was given and the POP3 server issues a
-                 positive response, then the response given is
-                 multi-line.  After the initial +OK, for each message
-                 in the maildrop, the POP3 server responds with a line
-                 containing information for that message.  This line
-                 is called a "scan listing" for that message.
-
-                 In order to simplify parsing, all POP3 servers are
-                 required to use a certain format for scan listings.
-                 The first octets present must be the message-id of
-                 the message.  Following the message-id is the size of
-                 the message in octets.  This memo makes no requirement
-                 on what follows the message size in the scan listing.
-                 Minimal implementations should just end that line of
-
-
-
-Rose                                                            [Page 6]
-
-RFC 1081                          POP3                     November 1988
-
-
-                 the response with a CRLF pair.  More advanced
-                 implementations may include other information, as
-                 parsed from the message.
-
-                      NOTE: This memo STRONGLY discourages
-                      implementations from supplying additional
-                      information in the scan listing.  Other, optional,
-                      facilities are discussed later on which permit
-                      the client to parse the messages in the maildrop.
-
-                 Note that messages marked as deleted are not listed.
-
-               Possible Responses:
-                   +OK scan listing follows
-                   -ERR no such message
-               Examples:
-                   C:    LIST
-                   S:    +OK 2 messages (320 octets)
-                   S:    1 120
-                   S:    2 200
-                   S:    .
-                     ...
-                   C:    LIST 2
-                   S:    +OK 2 200
-                     ...
-                   C:    LIST 3
-                   S:    -ERR no such message, only 2 messages in
-                         maildrop
-
-           RETR msg
-               Arguments: a message-id (required)  This message-id may
-                   NOT refer to a message marked as deleted.
-               Restrictions: may only be given in the TRANSACTION state.
-               Discussion:
-
-                 If the POP3 server issues a positive response, then the
-                 response given is multi-line.  After the initial +OK,
-                 the POP3 server sends the message corresponding to the
-                 given message-id, being careful to byte-stuff the
-                 termination character (as with all multi-line
-                 responses).
-
-                 If the number associated with this message is higher
-                 than the "highest number accessed" in the maildrop, the
-                 POP3 server updates the "highest number accessed" to
-                 the number associated with this message.
-
-
-
-
-
-Rose                                                            [Page 7]
-
-RFC 1081                          POP3                     November 1988
-
-
-               Possible Responses:
-                   +OK message follows
-                   -ERR no such message
-               Examples:
-                   C:    RETR 1
-                   S:    +OK 120 octets
-                   S:    <the POP3 server sends the entire message here>
-                   S:    .
-
-           DELE msg
-               Arguments: a message-id (required)  This message-id
-                   may NOT refer to a message marked as deleted.
-               Restrictions: may only be given in the TRANSACTION state.
-               Discussion:
-
-                 The POP3 server marks the message as deleted.  Any
-                 future reference to the message-id associated with the
-                 message in a POP3 command generates an error.  The POP3
-                 server does not actually delete the message until the
-                 POP3 session enters the UPDATE state.
-
-                 If the number associated with this message is higher
-                 than the "highest number accessed" in the maildrop,
-                 the POP3 server updates the "highest number accessed"
-                 to the number associated with this message.
-
-               Possible Responses:
-                   +OK message deleted
-                   -ERR no such message
-               Examples:
-                   C:    DELE 1
-                   S:    +OK message 1 deleted
-                     ...
-                   C:    DELE 2
-                   S:    -ERR message 2 already deleted
-
-           NOOP
-               Arguments: none
-               Restrictions: may only be given in the TRANSACTION state.
-               Discussion:
-
-                 The POP3 server does nothing, it merely replies with a
-                 positive response.
-
-               Possible Responses:
-                   +OK
-
-
-
-
-
-Rose                                                            [Page 8]
-
-RFC 1081                          POP3                     November 1988
-
-
-               Examples:
-                   C:    NOOP
-                   S:    +OK
-
-           LAST
-               Arguments: none
-               Restrictions: may only be issued in the TRANSACTION state.
-               Discussion:
-
-                 The POP3 server issues a positive response with a line
-                 containing the highest message number which accessed.
-                 Zero is returned in case no message in the maildrop has
-                 been accessed during previous transactions.  A client
-                 may thereafter infer that messages, if any, numbered
-                 greater than the response to the LAST command are
-                 messages not yet accessed by the client.
-
-             Possible Response:
-                   +OK nn
-
-             Examples:
-                   C:      STAT
-                   S:      +OK 4 320
-                   C:      LAST
-                   S:      +OK 1
-                   C:      RETR 3
-                   S:      +OK 120 octets
-                   S:      <the POP3 server sends the entire message
-                           here>
-                   S:      .
-                   C:      LAST
-                   S:      +OK 3
-                   C:      DELE 2
-                   S:      +OK message 2 deleted
-                   C:      LAST
-                   S:      +OK 3
-                   C:      RSET
-                   S:      +OK
-                   C:      LAST
-                   S:      +OK 1
-
-           RSET
-               Arguments: none
-               Restrictions: may only be given in the TRANSACTION
-                   state.
-               Discussion:
-
-                 If any messages have been marked as deleted by the POP3
-
-
-
-Rose                                                            [Page 9]
-
-RFC 1081                          POP3                     November 1988
-
-
-                 server, they are unmarked.  The POP3 server then
-                 replies with a positive response.  In addition, the
-                 "highest number accessed" is also reset to the value
-                 determined at the beginning of the POP3 session.
-
-               Possible Responses:
-                   +OK
-               Examples:
-                   C:    RSET
-                   S:    +OK maildrop has 2 messages (320 octets)
-
-
-
-The UPDATE State
-
-   When the client issues the QUIT command from the TRANSACTION state,
-   the POP3 session enters the UPDATE state.  (Note that if the client
-   issues the QUIT command from the AUTHORIZATION state, the POP3
-   session terminates but does NOT enter the UPDATE state.)
-
-           QUIT
-               Arguments: none
-               Restrictions: none
-               Discussion:
-
-                 The POP3 server removes all messages marked as deleted
-                 from the maildrop.  It then releases the
-                 exclusive-access lock on the maildrop and replies as
-                 to the success of
-                 these operations.  The TCP connection is then closed.
-
-               Possible Responses:
-                   +OK
-               Examples:
-                   C:    QUIT
-                   S:    +OK dewey POP3 server signing off (maildrop
-                         empty)
-                     ...
-                   C:    QUIT
-                   S:    +OK dewey POP3 server signing off (2 messages
-                         left)
-                     ...
-
-
-Optional POP3 Commands
-
-   The POP3 commands discussed above must be supported by all minimal
-   implementations of POP3 servers.
-
-
-
-Rose                                                           [Page 10]
-
-RFC 1081                          POP3                     November 1988
-
-
-   The optional POP3 commands described below permit a POP3 client
-   greater freedom in message handling, while preserving a simple POP3
-   server implementation.
-
-                 NOTE: This memo STRONGLY encourages implementations to
-                 support these commands in lieu of developing augmented
-                 drop and scan listings.  In short, the philosophy of
-                 this memo is to put intelligence in the part of the
-                 POP3 client and not the POP3 server.
-
-           TOP msg n
-               Arguments: a message-id (required) and a number.  This
-                   message-id may NOT refer to a message marked as
-                   deleted.
-               Restrictions: may only be given in the TRANSACTION state.
-               Discussion:
-
-                 If the POP3 server issues a positive response, then
-                 the response given is multi-line.  After the initial
-                 +OK, the POP3 server sends the headers of the message,
-                 the blank line separating the headers from the body,
-                 and then the number of lines indicated message's body,
-                 being careful to byte-stuff the termination character
-                 (as with all multi-line responses).
-
-                 Note that if the number of lines requested by the POP3
-                 client is greater than than the number of lines in the
-                 body, then the POP3 server sends the entire message.
-
-               Possible Responses:
-                   +OK top of message follows
-                   -ERR no such message
-               Examples:
-                   C:    TOP 10
-                   S:    +OK
-                   S:    <the POP3 server sends the headers of the
-                          message, a blank line, and the first 10 lines
-                          of the body of the message>
-                   S:    .
-                     ...
-                   C:    TOP 100
-                   S:    -ERR no such message
-
-           RPOP user
-               Arguments: a client specific user-id (required)
-               Restrictions: may only be given in the AUTHORIZATION
-                   state after a successful USER command; in addition,
-                   may only be given if the client used a reserved
-
-
-
-Rose                                                           [Page 11]
-
-RFC 1081                          POP3                     November 1988
-
-
-                   (privileged) TCP port to connect to the server.
-               Discussion:
-
-                 The RPOP command may be used instead of the PASS
-                 command to authenticate access to the maildrop.  In
-                 order for this command to be successful, the POP3
-                 client must use a reserved TCP port (port < 1024) to
-                 connect tothe server.  The POP3 server uses the
-                 argument pair from the USER and RPOP commands to
-                 determine if the client should be given access to
-                 the appropriate maildrop.  Unlike the PASS command
-                 however, the POP3 server considers if the remote user
-                 specified by the RPOP command who resides on the POP3
-                 client host is allowed to access the maildrop for the
-                 user specified by the USER command (e.g., on Berkeley
-                 UNIX, the .rhosts mechanism is used).  With the
-                 exception of this differing in authentication, this
-                 command is identical to the PASS command.
-
-                 Note that the use of this feature has allowed much wider
-                 penetration into numerous hosts on local networks (and
-                 sometimes remote networks) by those who gain illegal
-                 access to computers by guessing passwords or otherwise
-                 breaking into the system.
-
-               Possible Responses:
-                   +OK maildrop locked and ready
-                   -ERR permission denied
-               Examples:
-                   C:    USER mrose
-                   S:    +OK mrose is a real hoopy frood
-                   C:    RPOP mrose
-                   S:    +OK mrose's maildrop has 2 messages (320
-                         octets)
-
-       Minimal POP3 Commands:
-           USER name               valid in the AUTHORIZATION state
-           PASS string
-           QUIT
-
-           STAT                    valid in the TRANSACTION state
-           LIST [msg]
-           RETR msg
-           DELE msg
-           NOOP
-           LAST
-           RSET
-
-
-
-
-Rose                                                           [Page 12]
-
-RFC 1081                          POP3                     November 1988
-
-
-           QUIT                    valid in the UPDATE state
-
-       Optional POP3 Commands:
-           RPOP user               valid in the AUTHORIZATION state
-
-           TOP msg n               valid in the TRANSACTION state
-
-       POP3 Replies:
-           +OK
-           -ERR
-
-       Note that with the exception of the STAT command, the reply given
-       by the POP3 server to any command is significant only to "+OK"
-       and "-ERR".  Any text occurring after this reply may be ignored
-       by the client.
-
-Example POP3 Session
-
-    S: <wait for connection on TCP port 110>
-        ...
-    C: <open connection>
-    S:    +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU)
-    C:    USER mrose
-    S:    +OK mrose is a real hoopy frood
-    C:    PASS secret
-    S:    +OK mrose's maildrop has 2 messages (320 octets)
-    C:    STAT
-    S:    +OK 2 320
-    C:    LIST
-    S:    +OK 2 messages (320 octets)
-    S:    1 120
-    S:    2 200
-    S:    .
-    C:    RETR 1
-    S:    +OK 120 octets
-    S:    <the POP3 server sends message 1>
-    S:    .
-    C:    DELE 1
-    S:    +OK message 1 deleted
-    C:    RETR 2
-    S:    +OK 200 octets
-    S:    <the POP3 server sends message 2>
-    S:    .
-    C:    DELE 2
-    S:    +OK message 2 deleted
-    C:    QUIT
-
-
-
-
-
-Rose                                                           [Page 13]
-
-RFC 1081                          POP3                     November 1988
-
-
-    S:    +OK dewey POP3 server signing off (maildrop empty)
-    C:  <close connection>
-    S:  <wait for next connection>
-
-Message Format
-
-   All messages transmitted during a POP3 session are assumed to conform
-   to the standard for the format of Internet text messages [RFC822].
-
-   It is important to note that the byte count for a message on the
-   server host may differ from the octet count assigned to that message
-   due to local conventions for designating end-of-line.  Usually,
-   during the AUTHORIZATION state of the POP3 session, the POP3 client
-   can calculate the size of each message in octets when it parses the
-   maildrop into messages.  For example, if the POP3 server host
-   internally represents end-of-line as a single character, then the
-   POP3 server simply counts each occurrence of this character in a
-   message as two octets.  Note that lines in the message which start
-   with the termination octet need not be counted twice, since the POP3
-   client will remove all byte-stuffed termination characters when it
-   receives a multi-line response.
-
-The POP and the Split-UA model
-
-   The underlying paradigm in which the POP3 functions is that of a
-   split-UA model.  The POP3 client host, being a remote PC based
-   workstation, acts solely as a client to the message transport system.
-   It does not provide delivery/authentication services to others.
-   Hence, it is acting as a UA, on behalf of the person using the
-   workstation.  Furthermore, the workstation uses SMTP to enter mail
-   into the MTS.
-
-   In this sense, we have two UA functions which interface to the
-   message transport system: Posting (SMTP) and Retrieval (POP3).  The
-   entity which supports this type of environment is called a split-UA
-   (since the user agent is split between two hosts which must
-   interoperate to provide these functions).
-
-                 ASIDE:  Others might term this a remote-UA instead.
-                 There are arguments supporting the use of both terms.
-
-   This memo has explicitly referenced TCP as the underlying transport
-   agent for the POP3.  This need not be the case.  In the MZnet split-
-   UA, for example, personal micro-computer systems are used which do
-   not have IP-style networking capability.  To connect to the POP3
-   server host, a PC establishes a terminal connection using some simple
-   protocol (PhoneNet).  A program on the PC drives the connection,
-   first establishing a login session as a normal user.  The login shell
-
-
-
-Rose                                                           [Page 14]
-
-RFC 1081                          POP3                     November 1988
-
-
-   for this pseudo-user is a program which drives the other half of the
-   terminal protocol and communicates with one of two servers.  Although
-   MZnet can support several PCs, a single pseudo-user login is present
-   on the server host.  The user-id and password for this pseudo-user
-   login is known to all members of MZnet.  Hence, the first action of
-   the login shell, after starting the terminal protocol, is to demand a
-   USER/PASS authorization pair from the PC.  This second level of
-   authorization is used to ascertain who is interacting with the MTS.
-   Although the server host is deemed to support a "trusted" MTS entity,
-   PCs in MZnet are not.  Naturally, the USER/PASS authorization pair
-   for a PC is known only to the owner of the PC (in theory, at least).
-
-   After successfully verifying the identity of the client, a modified
-   SMTP server is started, and the PC posts mail with the server host.
-   After the QUIT command is given to the SMTP server and it terminates,
-   a modified POP3 server is started, and the PC retrieves mail from the
-   server host.  After the QUIT command is given to the POP3 server and
-   it terminates, the login shell for the pseudo-user terminates the
-   terminal protocol and logs the job out.  The PC then closes the
-   terminal connection to the server host.
-
-   The SMTP server used by MZnet is modified in the sense that it knows
-   that it's talking to a user agent and not a "trusted" entity in the
-   message transport system.  Hence, it does performs the validation
-   activities normally performed by an entity in the MTS when it accepts
-   a message from a UA.
-
-   The POP3 server used by MZnet is modified in the sense that it does
-   not require a USER/PASS combination before entering the TRANSACTION
-   state.  The reason for this (of course) is that the PC has already
-   identified itself during the second-level authorization step
-   described above.
-
-                 NOTE: Truth in advertising laws require that the author
-                 of this memo state that MZnet has not actually been
-                 fully implemented.  The concepts presented and proven
-                 by the project led to the notion of the MZnet
-                 split-slot model.  This notion has inspired the
-                 split-UA concept described in this memo, led to the
-                 author's interest in the POP, and heavily influenced
-                 the the description of the POP3 herein.
-
-   In fact, some UAs present in the Internet already support the notion
-   of posting directly to an SMTP server and retrieving mail directly
-   from a POP server, even if the POP server and client resided on the
-   same host!
-
-                 ASIDE: this discussion raises an issue which this memo
-
-
-
-Rose                                                           [Page 15]
-
-RFC 1081                          POP3                     November 1988
-
-
-                 purposedly avoids: how does SMTP know that it's talking
-                 to a "trusted" MTS entity?
-
-References
-
-     [MZnet]   Stefferud, E., J. Sweet, and T. Domae, "MZnet: Mail
-               Service for Personal Micro-Computer Systems",
-               Proceedings, IFIP 6.5 International Conference on
-               Computer Message Systems, Nottingham, U.K., May 1984.
-
-     [RFC821]  Postel, J., "Simple Mail Transfer Protocol",
-               USC/Information Sciences Institute, August 1982.
-
-     [RFC822]  Crocker, D., "Standard for the Format of ARPA-Internet
-               Text Messages", University of Delaware, August 1982.
-
-     [RFC937]  Butler, M., J. Postel, D. Chase, J. Goldberger, and J.
-               Reynolds, "Post Office Protocol - Version 2", RFC 937,
-               USC/Information Sciences Institute, February 1985.
-
-     [RFC1010] Reynolds, J., and J. Postel, "Assigned Numbers", RFC
-               1010, USC/Information Sciences Institute, May 1987.
-
-Author's Address:
-
-
-   Marshall Rose
-   The Wollongong Group
-   1129 San Antonio Rd.
-   Palo Alto, California 94303
-
-   Phone: (415) 962-7100
-
-   Email: MRose@TWG.COM
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Rose                                                           [Page 16]
diff --git a/crypto/heimdal/appl/popper/pop3e.rfc1082 b/crypto/heimdal/appl/popper/pop3e.rfc1082
deleted file mode 100644
index ac49448b5e11..000000000000
--- a/crypto/heimdal/appl/popper/pop3e.rfc1082
+++ /dev/null
@@ -1,619 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            M. Rose
-Request for Comments: 1082                                           TWG
-                                                           November 1988
-
-
-
-                    Post Office Protocol - Version 3
-                       Extended Service Offerings
-
-Status of This Memo
-
-   This memo suggests a simple method for workstations to dynamically
-   access mail from a discussion group server, as an extension to an
-   earlier memo which dealt with dynamically accessing mail from a
-   mailbox server using the Post Office Protocol -  Version 3 (POP3).
-   This RFC specifies a proposed protocol for the Internet community,
-   and requests discussion and suggestions for improvements.  All of the
-   extensions described in this memo to the POP3 are OPTIONAL.
-   Distribution of this memo is unlimited.
-
-Introduction and Motivation
-
-   It is assumed that the reader is familiar with RFC 1081 that
-   discusses the Post Office Protocol - Version 3 (POP3) [RFC1081].
-   This memo describes extensions to the POP3 which enhance the service
-   it offers to clients.  This additional service permits a client host
-   to access discussion group mail, which is often kept in a separate
-   spool area, using the general POP3 facilities.
-
-   The next section describes the evolution of discussion groups and the
-   technologies currently used to implement them.  To summarize:
-
-       o An exploder is used to map from a single address to
-       a list of addresses which subscribe to the list, and redirects
-       any subsequent error reports associated with the delivery of
-       each message.  This has two primary advantages:
-             - Subscribers need know only a single address
-             - Responsible parties get the error reports and not
-               the subscribers
-
-
-
-
-
-
-
-
-
-
-
-
-Rose                                                            [Page 1]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-       o Typically, each subscription address is not a person's private
-       maildrop, but a system-wide maildrop, which can be accessed
-       by more than one user.  This has several advantages:
-             - Only a single copy of each message need traverse the
-               net for a given site (which may contain several local
-               hosts).  This conserves bandwidth and cycles.
-             - Only a single copy of each message need reside on each
-               subscribing host.  This conserves disk space.
-             - The private maildrop for each user is not cluttered
-               with discussion group mail.
-
-   Despite this optimization of resources, further economy can be
-   achieved at sites with more than one host.  Typically, sites with
-   more than one host either:
-
-        1.  Replicate discussion group mail on each host.  This
-        results in literally gigabytes of disk space committed to
-        unnecessarily store redundant information.
-
-        2.  Keep discussion group mail on one host and give all users a
-        login on that host (in addition to any other logins they may
-        have).  This is usually a gross inconvenience for users who
-        work on other hosts, or a burden to users who are forced to
-        work on that host.
-
-   As discussed in [RFC1081], the problem of giving workstations dynamic
-   access to mail from a mailbox server has been explored in great
-   detail (originally there was [RFC918], this prompted the author to
-   write [RFC1081], independently of this [RFC918] was upgraded to
-   [RFC937]).  A natural solution to the problem outlined above is to
-   keep discussion group mail on a mailbox server at each site and
-   permit different hosts at that site to employ the POP3 to access
-   discussion group mail.  If implemented properly, this avoids the
-   problems of both strategies outlined above.
-
-        ASIDE:     It might be noted that a good distributed filesystem
-                   could also solve this problem.  Sadly, "good"
-                   distributed filesystems, which do not suffer
-                   unacceptable response time for interactive use, are
-                   few and far between these days!
-
-   Given this motivation, now let's consider discussion groups, both in
-   general and from the point of view of a user agent.  Following this,
-   extensions to the POP3 defined in [RFC1081] are presented.  Finally,
-   some additional policy details are discussed along with some initial
-   experiences.
-
-
-
-
-
-Rose                                                            [Page 2]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-What's in a Discussion Group
-
-   Since mailers and user agents first crawled out of the primordial
-   ARPAnet, the value of discussion groups have been appreciated,
-   (though their implementation has not always been well-understood).
-
-   Described simply, a discussion group is composed of a number of
-   subscribers with a common interest.  These subscribers post mail to a
-   single address, known as a distribution address.  From this
-   distribution address, a copy of the message is sent to each
-   subscriber.  Each group has a moderator, which is the person that
-   administrates the group.  The moderator can usually be reached at a
-   special address, known as a request address.  Usually, the
-   responsibilities of the moderator are quite simple, since the mail
-   system handles the distribution to subscribers automatically.  In
-   some cases, the interest group, instead of being distributed directly
-   to its subscribers, is put into a digest format by the moderator and
-   then sent to the subscribers.  Although this requires more work on
-   the part of the moderator, such groups tend to be better organized.
-
-   Unfortunately, there are a few problems with the scheme outlined
-   above.  First, if two users on the same host subscribe to the same
-   interest group, two copies of the message get delivered.  This is
-   wasteful of both processor and disk resources.
-
-   Second, some of these groups carry a lot of traffic.  Although
-   subscription to an group does indicate interest on the part of a
-   subscriber, it is usually not interesting to get 50 messages or so
-   delivered to the user's private maildrop each day, interspersed with
-   personal mail, that is likely to be of a much more important and
-   timely nature.
-
-   Third, if a subscriber on the distribution list for a group becomes
-   "bad" somehow, the originator of the message and not the moderator of
-   the group is notified.  It is not uncommon for a large list to have
-   10 or so bogus addresses present.  This results in the originator
-   being flooded with "error messages" from mailers across the Internet
-   stating that a given address on the list was bad.  Needless to say,
-   the originator usually could not care less if the bogus addresses got
-   a copy of the message or not.  The originator is merely interested in
-   posting a message to the group at large.  Furthermore, the moderator
-   of the group does care if there are bogus addresses on the list, but
-   ironically does not receive notification.
-
-   There are various approaches which can be used to solve some or all
-   of these problems.  Usually these involve placing an exploder agent
-   at the distribution source of the discussion group, which expands the
-   name of the group into the list of subscription addresses for the
-
-
-
-Rose                                                            [Page 3]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-   group.  In the process, the exploder will also change the address
-   that receives error notifications to be the request address or other
-   responsible party.
-
-   A complementary approach, used in order to cut down on resource
-   utilization of all kinds, replaces all the subscribers at a single
-   host (or group of hosts under a single administration) with a single
-   address at that host.  This address maps to a file on the host,
-   usually in a spool area, which all users can access.  (Advanced
-   implementations can also implement private discussion groups this
-   way, in which a single copy of each message is kept, but is
-   accessible to only a select number of users on the host.)
-
-   The two approaches can be combined to avoid all of the problems
-   described above.
-
-   Finally, a third approach can be taken, which can be used to aid user
-   agents processing mail for the discussion group:  In order to speed
-   querying of the maildrop which contains the local host's copy of the
-   discussion group, two other items are usually associated with the
-   discussion group, on a local basis.  These are the maxima and the
-   last-date.  Each time a message is received for the group on the
-   local host, the maxima is increased by at least one.  Furthermore,
-   when a new maxima is generated, the current date is determined.  This
-   is called the last date.  As the message is entered into the local
-   maildrop, it is given the current maxima and last-date.  This permits
-   the user agent to quickly determine if new messages are present in
-   the maildrop.
-
-       NOTE:      The maxima may be characterized as a monotonically
-                  increasing quanity.  Although sucessive values of the
-                  maxima need not be consecutive, any maxima assigned
-                  is always greater than any previously assigned value.
-
-Definition of Terms
-
-   To formalize these notions somewhat, consider the following 7
-   parameters which describe a given discussion group from the
-   perspective of the user agent (the syntax given is from [RFC822]):
-
-
-
-
-
-
-
-
-
-
-
-
-Rose                                                            [Page 4]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-         NAME            Meaning: the name of the discussion group
-                         Syntax:  TOKEN (ALPHA *[ ALPHA / DIGIT / "-" ])
-                                  (case-insensitive recognition)
-                         Example: unix-wizards
-
-         ALIASES         Meaning: alternates names for the group, which
-                                  are locally meaningful; these are
-                                  typically used to shorten user typein
-                         Syntax:  TOKEN (case-insensitive recognition)
-                         Example: uwiz
-
-         ADDRESS         Meaning: the primary source of the group
-                         Syntax:  822 address
-                         Example: Unix-Wizards@BRL.MIL
-
-         REQUEST         Meaning: the primary moderator of the group
-                         Syntax:  822 address
-                         Example: Unix-Wizards-Request@BRL.MIL
-
-         FLAGS           Meaning: locally meaningful flags associated
-                                  with the discussion group; this memo
-                                  leaves interpretation of this
-                                  parameter to each POP3 implementation
-                         Syntax:  octal number
-                         Example: 01
-
-         MAXIMA          Meaning: the magic cookie associated with the
-                                  last message locally received for the
-                                  group; it is the property of the magic
-                                  cookie that it's value NEVER
-                                  decreases, and increases by at least
-                                  one each time a message is locally
-                                  received
-                         Syntax:  decimal number
-                         Example: 1004
-
-         LASTDATE        Meaning: the date that the last message was
-                                  locally received
-                         Syntax:  822 date
-                         Example: Thu, 19 Dec 85 10:26:48 -0800
-
-   Note that the last two values are locally determined for the maildrop
-   associated with the discussion group and with each message in that
-   maildrop.  Note however that the last message in the maildrop have a
-   different MAXIMA and LASTDATE than the discussion group.  This often
-   occurs when the maildrop has been archived.
-
-
-
-
-
-Rose                                                            [Page 5]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-   Finally, some local systems provide mechanisms for automatically
-   archiving discussion group mail.  In some cases, a two-level archive
-   scheme is used:  current mail is kept in the standard maildrop,
-   recent mail is kept in an archive maildrop, and older mail is kept
-   off-line.  With this scheme, in addition to having a "standard"
-   maildrop for each discussion group, an "archive" maildrop may also be
-   available.  This permits a user agent to examine the most recent
-   archive using the same mechanisms as those used on the current mail.
-
-The XTND Command
-
-   The following commands are valid only in the TRANSACTION state of the
-   POP3.  This implies that the POP3 server has already opened the
-   user's maildrop (which may be empty).  This maildrop is called the
-   "default maildrop".  The phrase "closes the current maildrop" has two
-   meanings, depending on whether the current maildrop is the default
-   maildrop or is a maildrop associated with a discussion group.
-
-   In the former context, when the current maildrop is closed any
-   messages marked as deleted are removed from the maildrop currently in
-   use.  The exclusive-access lock on the maildrop is then released
-   along with any implementation-specific resources (e.g., file-
-   descriptors).
-
-   In the latter context, a maildrop associated with a discussion group
-   is considered to be read-only to the POP3 client.  In this case, the
-   phrase "closes the current maildrop" merely means that any
-   implementation-specific resources are released.  (Hence, the POP3
-   command DELE is a no-op.)
-
-   All the new facilities are introduced via a single POP3 command,
-   XTND.  All positive reponses to the XTND command are multi-line.
-
-   The most common multi-line response to the commands contains a
-   "discussion group listing" which presents the name of the discussion
-   group along with it's maxima.  In order to simplify parsing all POP3
-   servers are required to use a certain format for discussion group
-   listings:
-
-                              NAME SP MAXIMA
-
-   This memo makes no requirement on what follows the maxima in the
-   listing.  Minimal implementations should just end that line of the
-   response with a CRLF pair.  More advanced implementations may include
-   other information, as parsed from the message.
-
-       NOTE:      This memo STRONGLY discourages implementations from
-                  supplying additional information in the listing.
-
-
-
-Rose                                                            [Page 6]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-   XTND BBOARDS [name]
-   Arguments: the name of a discussion group (optionally)
-   Restrictions: may only be given in the TRANSACTION state.
-   Discussion:
-
-   If an argument was given, the POP3 server closes the current
-   maildrop.  The POP3 server then validates the argument as the name of
-   a discussion group.  If this is successful, it opens the maildrop
-   associated with the group, and returns a multi-line response
-   containing the discussion group listing.  If the discussion group
-   named is not valid, or the associated archive maildrop is not
-   readable by the user, then an error response is returned.
-
-   If no argument was given, the POP3 server issues a multi-line
-   response.  After the initial +OK, for each discussion group known,
-   the POP3 server responds with a line containing the listing for that
-   discussion group.  Note that only world-readable discussion groups
-   are included in the multi-line response.
-
-   In order to aid user agents, this memo requires an extension to the
-   scan listing when an "XTND BBOARDS" command has been given.
-   Normally, a scan listing, as generated by the LIST, takes the form:
-
-          MSGNO SIZE
-
-   where MSGNO is the number of the message being listed and SIZE is the
-   size of the message in octets.  When reading a maildrop accessed via
-   "XTND BBOARDS", the scan listing takes the form
-
-          MSGNO SIZE MAXIMA
-
-   where MAXIMA is the maxima that was assigned to the message when it
-   was placed in the BBoard.
-
-   Possible Responses:
-       +OK XTND
-       -ERR no such bboard
-   Examples:
-       C:    XTND BBOARDS
-       S:    +OK XTND
-       S:    system 10
-       S:    mh-users 100
-       S:    .
-       C:    XTND BBOARDS system
-       S:    + OK XTND
-       S:    system 10
-       S:    .
-
-
-
-
-Rose                                                            [Page 7]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-   XTND ARCHIVE name
-   Arguments: the name of a discussion group (required)
-   Restrictions: may only be given in the TRANSACTION state.
-   Discussion:
-
-   The POP3 server closes the current maildrop.  The POP3 server then
-   validates the argument as the name of a discussion group.  If this is
-   successful, it opens the archive maildrop associated with the group,
-   and returns a multi-line response containing the discussion group
-   listing.  If the discussion group named is not valid, or the
-   associated archive maildrop is not readable by the user, then an
-   error response is returned.
-
-   In addition, the scan listing generated by the LIST command is
-   augmented (as described above).
-
-   Possible Responses:
-       +OK XTND
-       -ERR no such bboard Examples:
-       C:    XTND ARCHIVE system
-       S:    + OK XTND
-       S:    system 3
-       S:    .
-
-   XTND X-BBOARDS name
-   Arguments: the name of a discussion group (required)
-   Restrictions: may only be given in the TRANSACTION state.
-   Discussion:
-
-   The POP3 server validates the argument as the name of a
-   discussion group.  If this is unsuccessful, then an error
-   response is returned.  Otherwise a multi-line response is
-   returned.  The first 14 lines of this response (after the
-   initial +OK) are defined in this memo.  Minimal implementations
-   need not include other information (and may omit certain
-   information, outputing a bare CRLF pair).  More advanced
-   implementations may include other information.
-
-           Line    Information (refer to "Definition of Terms")
-           ----    -----------
-             1     NAME
-             2     ALIASES, separated by SP
-             3     system-specific: maildrop
-             4     system-specific: archive maildrop
-             5     system-specific: information
-             6     system-specific: maildrop map
-             7     system-specific: encrypted password
-             8     system-specific: local leaders, separated by SP
-
-
-
-Rose                                                            [Page 8]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-             9     ADDRESS
-            10     REQUEST
-            11     system-specific: incoming feed
-            12     system-specific: outgoing feeds
-            13     FLAGS SP MAXIMA
-            14     LASTDATE
-
-   Most of this information is entirely too specific to the UCI Version
-   of the Rand MH Message Handling System [MRose85].  Nevertheless,
-   lines 1, 2, 9, 10, 13, and 14 are of general interest, regardless of
-   the implementation.
-
-           Possible Responses:
-               +OK XTND
-               -ERR no such bboard
-           Examples:
-               C:    XTND X-BBOARDS system
-               S:    + OK XTND
-               S:    system
-               S:    local general
-               S:    /usr/bboards/system.mbox
-               S:    /usr/bboards/archive/system.mbox
-               S:    /usr/bboards/.system.cnt
-               S:    /usr/bboards/.system.map
-               S:    *
-               S:    mother
-               S:    system@nrtc.northrop.com
-               S:    system-request@nrtc.northrop.com
-               S:
-               S:    dist-system@nrtc-gremlin.northrop.com
-               S:    01 10
-               S:    Thu, 19 Dec 85 00:08:49 -0800
-               S:    .
-
-Policy Notes
-
-   Depending on the particular entity administrating the POP3 service
-   host, two additional policies might be implemented:
-
-   1.  Private Discussion Groups
-
-   In the general case, discussion groups are world-readable, any user,
-   once logged in (via a terminal, terminal server, or POP3, etc.), is
-   able to read the maildrop for each discussion group known to the POP3
-   service host.  Nevertheless, it is desirable, usually for privacy
-   reasons, to implement private discussion groups as well.
-
-   Support of this is consistent with the extensions outlined in this
-
-
-
-Rose                                                            [Page 9]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-   memo.  Once the AUTHORIZATION state has successfully concluded, the
-   POP3 server grants the user access to exactly those discussion groups
-   the POP3 service host permits the authenticated user to access.  As a
-   "security" feature, discussion groups associated with unreadable
-   maildrops should not be listed in a positive response to the XTND
-   BBOARDS command.
-
-   2.  Anonymous POP3 Users
-
-   In order to minimize the authentication problem, a policy permitting
-   "anonymous" access to the world-readable maildrops for discussion
-   groups on the POP3 server may be implemented.
-
-   Support of this is consistent with the extensions outlined in this
-   memo.  The POP3 server can be modified to accept a USER command for a
-   well-known pseudonym (i.e., "anonymous") which is valid with any PASS
-   command.  As a "security" feature, it is advisable to limit this kind
-   of access to only hosts at the local site, or to hosts named in an
-   access list.
-
-Experiences and Conclusions
-
-   All of the facilities described in this memo and in [RFC1081] have
-   been implemented in MH #6.1.  Initial experiences have been, on the
-   whole, very positive.
-
-   After the first implementation, some performance tuning was required.
-   This consisted primarily of caching the datastructures which describe
-   discussion groups in the POP3 server.  A second optimization
-   pertained to the client:  the program most commonly used to read
-   BBoards in MH was modified to retrieve messages only when needed.
-   Two schemes are used:
-
-         o If only the headers (and the first few lines of the body) of
-           the message are required (e.g., for a scan listing), then only
-           these are retrieved.  The resulting output is then cached, on
-           a per-message basis.
-
-         o If the entire message is required, then it is retrieved intact,
-            and cached locally.
-
-   With these optimizations, response time is quite adequate when the
-   POP3 server and client are connected via a high-speed local area
-   network.  In fact, the author uses this mechanism to access certain
-   private discussion groups over the Internet.  In this case, response
-   is still good.  When a 9.6Kbps modem is inserted in the path,
-   response went from good to almost tolerable (fortunately the author
-   only reads a few discussion groups in this fashion).
-
-
-
-Rose                                                           [Page 10]
-
-RFC 1082                 POP3 Extended Service             November 1988
-
-
-   To conclude: the POP3 is a good thing, not only for personal mail but
-   for discussion group mail as well.
-
-
-References
-
-     [RFC1081] Rose, M., "Post Office Protocol - Verison 3 (POP3)", RFC
-               1081, TWG, November 1988.
-
-     [MRose85] Rose, M., and J. Romine, "The Rand MH Message Handling
-               System: User's Manual", University of California, Irvine,
-               November 1985.
-
-     [RFC822]  Crocker, D., "Standard for the Format of ARPA-Internet
-               Text Messages", RFC 822, University of Delaware, August
-               1982.
-
-     [RFC918]  Reynolds, J., "Post Office Protocol", RFC 918,
-               USC/Information Sciences Institute, October 1984.
-
-     [RFC937]  Butler, M., J. Postel, D. Chase, J. Goldberger, and J.
-               Reynolds, "Post Office Protocol - Version 2", RFC 937,
-               USC/Information Sciences Institute, February 1985.
-
-Author's Address:
-
-
-   Marshall Rose
-   The Wollongong Group
-   1129 San Antonio Rd.
-   Palo Alto, California 94303
-
-   Phone: (415) 962-7100
-
-   Email: MRose@TWG.COM
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Rose                                                           [Page 11]
-
diff --git a/crypto/heimdal/appl/popper/pop_auth.c b/crypto/heimdal/appl/popper/pop_auth.c
deleted file mode 100644
index 525beaa38163..000000000000
--- a/crypto/heimdal/appl/popper/pop_auth.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *      This product includes software developed by the Kungliga Tekniska
- *      H�gskolan and its contributors.
- * 
- * 4. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <popper.h>
-#include <base64.h>
-RCSID("$Id: pop_auth.c,v 1.2 2000/04/12 15:37:45 assar Exp $");
-
-#ifdef KRB4
-
-enum {
-    NO_PROT   = 1,
-    INT_PROT  = 2,
-    PRIV_PROT = 4
-};
-
-static int
-auth_krb4(POP *p)
-{
-    int ret;
-    des_cblock key;
-    u_int32_t nonce, nonce_reply;
-    u_int32_t max_client_packet;
-    int protocols = NO_PROT | INT_PROT | PRIV_PROT;
-    char data[8];
-    int len;
-    char *s;
-    char instance[INST_SZ];  
-    KTEXT_ST authent;
-    des_key_schedule schedule;
-    struct passwd *pw;
-
-    /* S -> C: 32 bit nonce in MSB base64 */
-
-    des_new_random_key(&key);
-    nonce = (key[0] | (key[1] << 8) | (key[2] << 16) | (key[3] << 24)
-	     | key[4] | (key[5] << 8) | (key[6] << 16) | (key[7] << 24));
-    krb_put_int(nonce, data, 4, 8);
-    len = base64_encode(data, 4, &s);
-
-    pop_msg(p, POP_CONTINUE, "%s", s);
-    free(s);
-
-    /* C -> S: ticket and authenticator */
-
-    ret = sch_readline(p->input, &s);
-    if (ret <= 0 || strcmp (s, "*") == 0)
-	return pop_msg(p, POP_FAILURE,
-		       "authentication aborted by client");
-    len = strlen(s);
-    if (len > sizeof(authent.dat)) {
-	return pop_msg(p, POP_FAILURE, "data packet too long");
-    }
-
-    authent.length = base64_decode(s, authent.dat);
-
-    k_getsockinst (0, instance, sizeof(instance));
-    ret = krb_rd_req(&authent, "pop", instance,
-		     p->in_addr.sin_addr.s_addr,
-		     &p->kdata, NULL);
-    if (ret != 0) {
-	return pop_msg(p, POP_FAILURE, "rd_req: %s",
-		       krb_get_err_text(ret));
-    }
-    if (p->kdata.checksum != nonce) {
-	return pop_msg(p, POP_FAILURE, "data stream modified");
-    }
-
-    /* S -> C: nonce + 1 | bit | max segment */
-
-    krb_put_int(nonce + 1, data, 4, 7);
-    data[4] = protocols;
-    krb_put_int(1024, data + 5, 3, 3); /* XXX */
-    des_key_sched(&p->kdata.session, schedule);
-    des_pcbc_encrypt((des_cblock*)data,
-		     (des_cblock*)data, 8,
-		     schedule,
-		     &p->kdata.session,
-		     DES_ENCRYPT);
-    len = base64_encode(data, 8, &s);
-    pop_msg(p, POP_CONTINUE, "%s", s);
-
-    free(s);
-
-    /* C -> S: nonce | bit | max segment | username */
-
-    ret = sch_readline(p->input, &s);
-    if (ret <= 0 || strcmp (s, "*") == 0)
-	return pop_msg(p, POP_FAILURE,
-		       "authentication aborted");
-    len = strlen(s);
-    if (len > sizeof(authent.dat)) {
-	return pop_msg(p, POP_FAILURE, "data packet too long");
-    }
-
-    authent.length = base64_decode(s, authent.dat);
-    
-    if (authent.length % 8 != 0) {
-	return pop_msg(p, POP_FAILURE, "reply is not a multiple of 8 bytes");
-    }
-
-    des_key_sched(&p->kdata.session, schedule);
-    des_pcbc_encrypt((des_cblock*)authent.dat,
-		     (des_cblock*)authent.dat,
-		     authent.length,
-		     schedule,
-		     &p->kdata.session,
-		     DES_DECRYPT);
-
-    krb_get_int(authent.dat, &nonce_reply, 4, 0);
-    if (nonce_reply != nonce) {
-	return pop_msg(p, POP_FAILURE, "data stream modified");
-    }
-    protocols &= authent.dat[4];
-    krb_get_int(authent.dat + 5, &max_client_packet, 3, 0);
-    if(authent.dat[authent.length - 1] != '\0') {
-	return pop_msg(p, POP_FAILURE, "bad format of username");
-    }
-    strncpy (p->user, authent.dat + 8, sizeof(p->user));
-    pw = k_getpwnam(p->user);
-    if (pw == NULL) {
-	return (pop_msg(p,POP_FAILURE,
-			"Password supplied for \"%s\" is incorrect.",
-			p->user));
-    }
-
-    if (kuserok(&p->kdata, p->user)) {
-	pop_log(p, POP_PRIORITY,
-		"%s: (%s.%s@%s) tried to retrieve mail for %s.",
-		p->client, p->kdata.pname, p->kdata.pinst,
-		p->kdata.prealm, p->user);
-	return(pop_msg(p,POP_FAILURE,
-		       "Popping not authorized"));
-    }
-    pop_log(p, POP_INFO, "%s: %s.%s@%s -> %s",
-	    p->ipaddr,
-	    p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
-	    p->user);
-    ret = pop_login(p, pw);
-    if (protocols & PRIV_PROT)
-	;
-    else if (protocols & INT_PROT)
-	;
-    else
-	;
-    
-    return ret;
-}
-#endif /* KRB4 */
-
-#ifdef KRB5
-static int
-auth_gssapi(POP *p)
-{
-    
-}
-#endif /* KRB5 */
-
-/* 
- *  auth: RFC1734
- */
-
-static struct {
-    const char *name;
-    int (*func)(POP *);
-} methods[] = {
-#ifdef KRB4
-    {"KERBEROS_V4",	auth_krb4},
-#endif
-#ifdef KRB5
-    {"GSSAPI",		auth_gssapi},
-#endif
-    {NULL,		NULL}
-};
-
-int
-pop_auth (POP *p)
-{
-    int i;
-
-    for (i = 0; methods[i].name != NULL; ++i)
-	if (strcasecmp(p->pop_parm[1], methods[i].name) == 0)
-	    return (*methods[i].func)(p);
-    return pop_msg(p, POP_FAILURE,
-		   "Authentication method %s unknown", p->pop_parm[1]);
-}
diff --git a/crypto/heimdal/appl/popper/pop_debug.c b/crypto/heimdal/appl/popper/pop_debug.c
deleted file mode 100644
index 9a29e4d29a9d..000000000000
--- a/crypto/heimdal/appl/popper/pop_debug.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* Tiny program to help debug popper */
-
-#include "popper.h"
-RCSID("$Id: pop_debug.c,v 1.23 2002/05/02 16:27:16 joda Exp $");
-
-static void
-loop(int s)
-{
-    char cmd[1024];
-    char buf[1024];
-    fd_set fds;
-    while(1){
-	FD_ZERO(&fds);
-	FD_SET(0, &fds);
-	FD_SET(s, &fds);
-	if(select(s+1, &fds, 0, 0, 0) < 0)
-	    err(1, "select");
-	if(FD_ISSET(0, &fds)){
-	    fgets(cmd, sizeof(cmd), stdin);
-	    cmd[strlen(cmd) - 1] = '\0';
-	    strlcat (cmd, "\r\n", sizeof(cmd));
-	    write(s, cmd, strlen(cmd));
-	}
-	if(FD_ISSET(s, &fds)){
-	    int n = read(s, buf, sizeof(buf));
-	    if(n == 0)
-		exit(0);
-	    fwrite(buf, n, 1, stdout);
-	}
-    }
-}
-
-static int
-get_socket (const char *hostname, int port)
-{
-    int ret;
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-    
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    snprintf (portstr, sizeof(portstr), "%d", ntohs(port));
-    ret = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (ret)
-	errx (1, "getaddrinfo %s: %s", hostname, gai_strerror (ret));
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return s;
-    }
-    err (1, "failed to connect to %s", hostname);
-}
-
-#ifdef KRB4
-static int
-doit_v4 (char *host, int port)
-{
-    KTEXT_ST ticket;
-    MSG_DAT msg_data;
-    CREDENTIALS cred;
-    des_key_schedule sched;
-    int ret;
-    int s = get_socket (host, port);
-
-    ret = krb_sendauth(0,
-		       s,
-		       &ticket, 
-		       "pop",
-		       host,
-		       krb_realmofhost(host),
-		       getpid(),
-		       &msg_data,
-		       &cred,
-		       sched,
-		       NULL,
-		       NULL,
-		       "KPOPV0.1");
-    if(ret) {
-	warnx("krb_sendauth: %s", krb_get_err_text(ret));
-	return 1;
-    }
-    loop(s);
-    return 0;
-}
-#endif
-
-#ifdef KRB5
-static int
-doit_v5 (char *host, int port)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_auth_context auth_context = NULL;
-    krb5_principal server;
-    int s = get_socket (host, port);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    
-    ret = krb5_sname_to_principal (context,
-				   host,
-				   "pop",
-				   KRB5_NT_SRV_HST,
-				   &server);
-    if (ret) {
-	warnx ("krb5_sname_to_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-    ret = krb5_sendauth (context,
-			 &auth_context,
-			 &s,
-			 "KPOPV1.0",
-			 NULL,
-			 server,
-			 0,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL);
-     if (ret) {
-	 warnx ("krb5_sendauth: %s",
-		krb5_get_err_text (context, ret));
-	 return 1;
-     }
-     loop (s);
-     return 0;
-}
-#endif
-
-
-#ifdef KRB4
-static int use_v4 = -1;
-#endif
-#ifdef KRB5
-static int use_v5 = -1;
-#endif
-static char *port_str;
-static int do_version;
-static int do_help;
-
-struct getargs args[] = {
-#ifdef KRB4
-    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
-      NULL },
-#endif
-#ifdef KRB5
-    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
-      NULL },
-#endif
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "number-or-service" },
-    { "version", 0,  arg_flag,		&do_version,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&do_help,	NULL,
-      NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "hostname");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = 0;
-    int ret = 1;
-    int optind = 0;
-
-    setprogname(argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    argc -= optind;
-    argv += optind;
-
-    if (do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version (NULL);
-	return 0;
-    }
-	
-    if (argc < 1)
-	usage (1);
-
-    if (port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-    if (port == 0) {
-#ifdef KRB5
-	port = krb5_getportbyname (NULL, "kpop", "tcp", 1109);
-#elif defined(KRB4)
-	port = k_getportbyname ("kpop", "tcp", 1109);
-#else
-#error must define KRB4 or KRB5
-#endif
-    }
-
-#if defined(KRB4) && defined(KRB5)
-    if(use_v4 == -1 && use_v5 == 1)
-	use_v4 = 0;
-    if(use_v5 == -1 && use_v4 == 1)
-	use_v5 = 0;
-#endif    
-
-#ifdef KRB5
-    if (ret && use_v5) {
-	ret = doit_v5 (argv[0], port);
-    }
-#endif
-#ifdef KRB4
-    if (ret && use_v4) {
-	ret = doit_v4 (argv[0], port);
-    }
-#endif
-    return ret;
-}
diff --git a/crypto/heimdal/appl/popper/pop_dele.c b/crypto/heimdal/appl/popper/pop_dele.c
deleted file mode 100644
index f1c2952a21b4..000000000000
--- a/crypto/heimdal/appl/popper/pop_dele.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_dele.c,v 1.10 1999/08/12 11:35:26 joda Exp $");
-
-/* 
- *  dele:   Delete a message from the POP maildrop
- */
-int
-pop_dele (POP *p)
-{
-    MsgInfoList     *   mp;         /*  Pointer to message info list */
-    int                 msg_num;
-
-    /*  Convert the message number parameter to an integer */
-    msg_num = atoi(p->pop_parm[1]);
-
-    /*  Is requested message out of range? */
-    if ((msg_num < 1) || (msg_num > p->msg_count))
-        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_num));
-
-    /*  Get a pointer to the message in the message list */
-    mp = &(p->mlp[msg_num-1]);
-
-    /*  Is the message already flagged for deletion? */
-    if (mp->flags & DEL_FLAG)
-        return (pop_msg (p,POP_FAILURE,"Message %d has already been deleted.",
-            msg_num));
-
-    /*  Flag the message for deletion */
-    mp->flags |= DEL_FLAG;
-
-#ifdef DEBUG
-    if(p->debug)
-        pop_log(p, POP_DEBUG,
-		"Deleting message %u at offset %ld of length %ld\n",
-		mp->number, mp->offset, mp->length);
-#endif /* DEBUG */
-
-    /*  Update the messages_deleted and bytes_deleted counters */
-    p->msgs_deleted++;
-    p->bytes_deleted += mp->length;
-
-    /*  Update the last-message-accessed number if it is lower than 
-        the deleted message */
-    if (p->last_msg < msg_num) p->last_msg = msg_num;
-
-    return (pop_msg (p,POP_SUCCESS,"Message %d has been deleted.",msg_num));
-}
-
-#ifdef XDELE
-/* delete a range of messages */
-int
-pop_xdele(POP *p)
-{
-    MsgInfoList     *   mp;         /*  Pointer to message info list */
-
-    int msg_min, msg_max;
-    int i;
-
-
-    msg_min = atoi(p->pop_parm[1]);
-    if(p->parm_count == 1)
-	msg_max = msg_min;
-    else
-	msg_max = atoi(p->pop_parm[2]);
-
-    if (msg_min < 1)
-        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_min));
-    if(msg_max > p->msg_count)
-        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_max));
-    for(i = msg_min; i <= msg_max; i++) {
-
-	/*  Get a pointer to the message in the message list */
-	mp = &(p->mlp[i - 1]);
-
-	/*  Is the message already flagged for deletion? */
-	if (mp->flags & DEL_FLAG)
-	    continue; /* no point in returning error */
-	/*  Flag the message for deletion */
-	mp->flags |= DEL_FLAG;
-	
-#ifdef DEBUG
-	if(p->debug)
-	    pop_log(p, POP_DEBUG,
-		    "Deleting message %u at offset %ld of length %ld\n",
-		    mp->number, mp->offset, mp->length);
-#endif /* DEBUG */
-	
-	/*  Update the messages_deleted and bytes_deleted counters */
-	p->msgs_deleted++;
-	p->bytes_deleted += mp->length;
-    }
-
-    /*  Update the last-message-accessed number if it is lower than 
-	the deleted message */
-    if (p->last_msg < msg_max) p->last_msg = msg_max;
-    
-    return (pop_msg (p,POP_SUCCESS,"Messages %d-%d has been deleted.",
-		     msg_min, msg_max));
-    
-}
-#endif /* XDELE */
diff --git a/crypto/heimdal/appl/popper/pop_dropcopy.c b/crypto/heimdal/appl/popper/pop_dropcopy.c
deleted file mode 100644
index 99ea49d08520..000000000000
--- a/crypto/heimdal/appl/popper/pop_dropcopy.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_dropcopy.c,v 1.26 2002/07/04 14:10:11 joda Exp $");
-
-/*
- * Run as the user in `pwd'
- */
-
-int
-changeuser(POP *p, struct passwd *pwd)
-{
-    if(setgid(pwd->pw_gid) < 0) {
-	pop_log (p, POP_PRIORITY,
-		 "Unable to change to gid %u: %s",
-		 (unsigned)pwd->pw_gid,
-		 strerror(errno));
-	return pop_msg (p, POP_FAILURE,
-			"Unable to change gid");
-    }
-    if(setuid(pwd->pw_uid) < 0) {
-	pop_log (p, POP_PRIORITY,
-		 "Unable to change to uid %u: %s",
-		 (unsigned)pwd->pw_uid,
-		 strerror(errno));
-	return pop_msg (p, POP_FAILURE,
-			"Unable to change uid");
-    }
-#ifdef DEBUG
-    if(p->debug)
-	pop_log(p, POP_DEBUG,"uid = %u, gid = %u",
-	       (unsigned)getuid(),
-	       (unsigned)getgid());
-#endif /* DEBUG */
-    return POP_SUCCESS;
-}
-
-/* 
- *  dropcopy:   Make a temporary copy of the user's mail drop and 
- *  save a stream pointer for it.
- */
-
-int
-pop_dropcopy(POP *p, struct passwd *pwp)
-{
-    int                     mfd;                    /*  File descriptor for 
-                                                        the user's maildrop */
-    int                     dfd;                    /*  File descriptor for 
-                                                        the SERVER maildrop */
-    FILE		    *tf;		    /*  The temp file */
-    char		    template[POP_TMPSIZE];  /*  Temp name holder */
-    char                    buffer[BUFSIZ];         /*  Read buffer */
-    long                    offset;                 /*  Old/New boundary */
-    int                     nchar;                  /*  Bytes written/read */
-    int                     tf_fd;                  /*  fd for temp file */
-    int			    ret;
-
-    /*  Create a temporary maildrop into which to copy the updated maildrop */
-    snprintf(p->temp_drop, sizeof(p->temp_drop), POP_DROP,p->user);
-
-#ifdef DEBUG
-    if(p->debug)
-        pop_log(p,POP_DEBUG,"Creating temporary maildrop '%s'",
-            p->temp_drop);
-#endif /* DEBUG */
-
-    /* Here we work to make sure the user doesn't cause us to remove or
-     * write over existing files by limiting how much work we do while
-     * running as root.
-     */
-
-    strlcpy(template, POP_TMPDROP, sizeof(template));
-    if ((tf_fd = mkstemp(template)) < 0 ||
-	(tf = fdopen(tf_fd, "w+")) == NULL) {
-        pop_log(p,POP_PRIORITY,
-            "Unable to create temporary temporary maildrop '%s': %s",template,
-		strerror(errno));
-        return pop_msg(p,POP_FAILURE,
-		"System error, can't create temporary file.");
-    }
-
-    /* Now give this file to the user	*/
-    chown(template, pwp->pw_uid, pwp->pw_gid);
-    chmod(template, 0600);
-
-    /* Now link this file to the temporary maildrop.  If this fails it
-     * is probably because the temporary maildrop already exists.  If so,
-     * this is ok.  We can just go on our way, because by the time we try
-     * to write into the file we will be running as the user.
-     */
-    link(template,p->temp_drop);
-    fclose(tf);
-    unlink(template);
-
-    ret = changeuser(p, pwp);
-    if (ret != POP_SUCCESS)
-	return ret;
-
-    /* Open for append,  this solves the crash recovery problem */
-    if ((dfd = open(p->temp_drop,O_RDWR|O_APPEND|O_CREAT,0600)) == -1){
-        pop_log(p,POP_PRIORITY,
-            "Unable to open temporary maildrop '%s': %s",p->temp_drop,
-		strerror(errno));
-        return pop_msg(p,POP_FAILURE,
-		"System error, can't open temporary file, do you own it?");
-    }
-
-    /*  Lock the temporary maildrop */
-    if ( flock (dfd, (LOCK_EX | LOCK_NB)) == -1 ) 
-    switch(errno) {
-        case EWOULDBLOCK:
-            return pop_msg(p,POP_FAILURE,
-                 "%sMaildrop lock busy!  Is another session active?", 
-			   (p->flags & POP_FLAG_CAPA) ? "[IN-USE] " : "");
-            /* NOTREACHED */
-        default:
-            return pop_msg(p,POP_FAILURE,"flock: '%s': %s", p->temp_drop,
-		strerror(errno));
-            /* NOTREACHED */
-        }
-    
-    /* May have grown or shrunk between open and lock! */
-    offset = lseek(dfd,0, SEEK_END);
-
-    /*  Open the user's maildrop, If this fails,  no harm in assuming empty */
-    if ((mfd = open(p->drop_name,O_RDWR)) > 0) {
-
-        /*  Lock the maildrop */
-        if (flock (mfd, LOCK_EX) == -1) {
-            close(mfd) ;
-            return pop_msg(p,POP_FAILURE, "flock: '%s': %s", p->temp_drop,
-		strerror(errno));
-        }
-
-        /*  Copy the actual mail drop into the temporary mail drop */
-        while ( (nchar=read(mfd,buffer,BUFSIZ)) > 0 )
-            if ( nchar != write(dfd,buffer,nchar) ) {
-                nchar = -1 ;
-                break ;
-            }
-
-        if ( nchar != 0 ) {
-            /* Error adding new mail.  Truncate to original size,
-               and leave the maildrop as is.  The user will not 
-               see the new mail until the error goes away.
-               Should let them process the current backlog,  in case
-               the error is a quota problem requiring deletions! */
-            ftruncate(dfd,(int)offset) ;
-        } else {
-            /* Mail transferred!  Zero the mail drop NOW,  that we
-               do not have to do gymnastics to figure out what's new
-               and what is old later */
-            ftruncate(mfd,0) ;
-        }
-
-        /*  Close the actual mail drop */
-        close (mfd);
-    }
-
-    /*  Acquire a stream pointer for the temporary maildrop */
-    if ( (p->drop = fdopen(dfd,"a+")) == NULL ) {
-        close(dfd) ;
-        return pop_msg(p,POP_FAILURE,"Cannot assign stream for %s",
-            p->temp_drop);
-    }
-
-    rewind (p->drop);
-
-    return(POP_SUCCESS);
-}
diff --git a/crypto/heimdal/appl/popper/pop_dropinfo.c b/crypto/heimdal/appl/popper/pop_dropinfo.c
deleted file mode 100644
index 71922d2cb1a6..000000000000
--- a/crypto/heimdal/appl/popper/pop_dropinfo.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_dropinfo.c,v 1.24 1999/09/16 20:38:49 assar Exp $");
-
-#if defined(UIDL) || defined(XOVER)
-
-/*
- * Copy the string found after after : into a malloced buffer. Stop
- * copying at end of string or end of line. End of line delimiter is
- * not part of the resulting copy.
- */
-static
-char *
-find_value_after_colon(char *p)
-{
-  char *t, *tmp;
-
-  for (; *p != 0 && *p != ':'; p++) /* Find : */
-    ;
-
-  if (*p == 0)
-    goto error;
-
-  p++;				/* Skip over : */
-
-  for(; *p == ' ' || *p == '\t'; p++) /* Remove white space */
-    ;
-
-  for (t = p; *t != 0 && *t != '\n' && *t != '\r'; t++)	/* Find end of str */
-    ;
-
-  tmp = t = malloc(t - p + 1);
-  if (tmp == 0)
-    goto error;
-
-  for (; *p != 0 && *p != '\n' && *p != '\r'; p++, t++)	/* Copy characters */
-    *t = *p;
-  *t = 0;			/* Terminate string */
-  return tmp;
-
-error:
-  return "ErrorUIDL";
-}
-#endif
-
-void
-parse_header(MsgInfoList *mp, char *buffer)
-{
-#if defined(UIDL) || defined(XOVER)
-    if (strncasecmp("Message-Id:",buffer, 11) == 0) {
-	if (mp->msg_id == NULL)
-	    mp->msg_id = find_value_after_colon(buffer);
-    } 
-#ifdef UIDL
-    else if (strncasecmp(buffer, "X-UIDL:", 7) == 0) {
-	/* Courtesy to Qualcomm, there really is no such 
-	   thing as X-UIDL */
-	mp->msg_id = find_value_after_colon(buffer);
-    }
-#endif
-#endif
-#ifdef XOVER
-    else if (strncasecmp("Subject:", buffer, 8) == 0) {
-	if(mp->subject == NULL){
-	    char *p;
-	    mp->subject = find_value_after_colon(buffer);
-	    for(p = mp->subject; *p; p++)
-		if(*p == '\t') *p = ' ';
-	}
-    }
-    else if (strncasecmp("From:", buffer, 5) == 0) {
-	if(mp->from == NULL){
-	    char *p;
-	    mp->from = find_value_after_colon(buffer);
-	    for(p = mp->from; *p; p++)
-		if(*p == '\t') *p = ' ';
-	}
-    }
-    else if (strncasecmp("Date:", buffer, 5) == 0) {
-	if(mp->date == NULL){
-	    char *p;
-	    mp->date = find_value_after_colon(buffer);
-	    for(p = mp->date; *p; p++)
-		if(*p == '\t') *p = ' ';
-	}
-    }
-#endif
-}
-
-int
-add_missing_headers(POP *p, MsgInfoList *mp)
-{
-#if defined(UIDL) || defined(XOVER)
-    if (mp->msg_id == NULL) {
-	asprintf(&mp->msg_id, "no-message-id-%d", mp->number);
-	if(mp->msg_id == NULL) {
-	    fclose (p->drop);
-	    p->msg_count = 0;
-	    return pop_msg (p,POP_FAILURE,
-			    "Can't build message list for '%s': Out of memory",
-                            p->user);
-	}
-    }
-#endif	    
-#ifdef XOVER
-    if (mp->subject == NULL)
-	mp->subject = "<none>";
-    if (mp->from == NULL)
-	mp->from = "<unknown>";
-    if (mp->date == NULL)
-	mp->date = "<unknown>";
-#endif
-    return POP_SUCCESS;
-}
-
-/* 
- *  dropinfo:   Extract information about the POP maildrop and store 
- *  it for use by the other POP routines.
- */
-
-int
-pop_dropinfo(POP *p)
-{
-    char                    buffer[BUFSIZ];         /*  Read buffer */
-    MsgInfoList         *   mp;                     /*  Pointer to message 
-                                                        info list */
-    int			    msg_num;                /*  Current message 
-                                                        counter */
-    int                     nchar;                  /*  Bytes written/read */
-    int blank_line = 1; /* previous line was blank */
-    int in_header = 0; /* if we are in a header block */
-    
-    /*  Initialize maildrop status variables in the POP parameter block */
-    p->msg_count = 0;
-    p->msgs_deleted = 0;
-    p->last_msg = 0;
-    p->bytes_deleted = 0;
-    p->drop_size = 0;
-
-    /*  Allocate memory for message information structures */
-    p->msg_count = ALLOC_MSGS;
-    p->mlp = (MsgInfoList *)calloc((unsigned)p->msg_count,sizeof(MsgInfoList));
-    if (p->mlp == NULL){
-        fclose (p->drop);
-        p->msg_count = 0;
-        return pop_msg (p,POP_FAILURE,
-            "Can't build message list for '%s': Out of memory", p->user);
-    }
-
-    rewind (p->drop);
-
-    /*  Scan the file, loading the message information list with 
-        information about each message */
-
-    for (msg_num = p->drop_size = 0, mp = p->mlp - 1;
-             fgets(buffer,MAXMSGLINELEN,p->drop);) {
-
-        nchar  = strlen(buffer);
-
-        if (blank_line && strncmp(buffer,"From ",5) == 0) {
-	    in_header = 1;
-            if (++msg_num > p->msg_count) {
-                p->mlp=(MsgInfoList *) realloc(p->mlp,
-                    (p->msg_count+=ALLOC_MSGS)*sizeof(MsgInfoList));
-                if (p->mlp == NULL){
-                    fclose (p->drop);
-                    p->msg_count = 0;
-                    return pop_msg (p,POP_FAILURE,
-                        "Can't build message list for '%s': Out of memory",
-                            p->user);
-                }
-                mp = p->mlp + msg_num - 2;
-            }
-            ++mp;
-            mp->number = msg_num;
-            mp->length = 0;
-            mp->lines = 0;
-            mp->offset = ftell(p->drop) - nchar;
-            mp->flags = 0;
-#if defined(UIDL) || defined(XOVER)
-	    mp->msg_id = 0;
-#endif
-#ifdef XOVER
-	    mp->subject = 0;
-	    mp->from = 0;
-	    mp->date = 0;
-#endif
-#ifdef DEBUG
-            if(p->debug)
-                pop_log(p, POP_DEBUG,
-			"Msg %d at offset %ld being added to list",
-			mp->number, mp->offset);
-#endif /* DEBUG */
-        } else if(in_header)
-	    parse_header(mp, buffer);
-	blank_line = (strncmp(buffer, "\n", nchar) == 0);
-	if(blank_line) {
-	    int e;
-	    in_header = 0;
-	    e = add_missing_headers(p, mp);
-	    if(e != POP_SUCCESS)
-		return e;
-	}
-        mp->length += nchar;
-        p->drop_size += nchar;
-        mp->lines++;
-    }
-    p->msg_count = msg_num;
-
-#ifdef DEBUG
-    if(p->debug && msg_num > 0) {
-        int i;
-        for (i = 0, mp = p->mlp; i < p->msg_count; i++, mp++)
-#ifdef UIDL
-	    pop_log(p,POP_DEBUG,
-		    "Msg %d at offset %ld is %ld octets long and has %u lines and id %s.",
-                    mp->number,mp->offset,mp->length,mp->lines, mp->msg_id);
-#else	
-            pop_log(p,POP_DEBUG,
-                "Msg %d at offset %d is %d octets long and has %u lines.",
-                    mp->number,mp->offset,mp->length,mp->lines);
-#endif
-    }
-#endif /* DEBUG */
-
-    return(POP_SUCCESS);
-}
diff --git a/crypto/heimdal/appl/popper/pop_get_command.c b/crypto/heimdal/appl/popper/pop_get_command.c
deleted file mode 100644
index f10c3fe53c98..000000000000
--- a/crypto/heimdal/appl/popper/pop_get_command.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_get_command.c,v 1.16 2002/07/04 14:09:47 joda Exp $");
-
-/* 
- *  get_command:    Extract the command from an input line form a POP client
- */
-
-int pop_capa (POP *p);
-static state_table states[] = {
-        {auth1,  "user", 1,  1,  pop_user,   {auth1, auth2}},
-        {auth2,  "pass", 1,  99, pop_pass,   {auth1, trans}},
-#ifdef RPOP
-        {auth2,  "rpop", 1,  1,  pop_rpop,   {auth1, trans}},
-#endif /* RPOP */
-        {auth1,  "quit", 0,  0,  pop_quit,   {halt,  halt}},
-        {auth2,  "quit", 0,  0,  pop_quit,   {halt,  halt}},
-#ifdef CAPA
-	{auth1,  "capa", 0,  0,  pop_capa,   {auth1, auth1}},
-	{auth2,  "capa", 0,  0,  pop_capa,   {auth2, auth2}},
-	{trans,  "capa", 0,  0,  pop_capa,   {trans, trans}},
-#endif
-        {trans,  "stat", 0,  0,  pop_stat,   {trans, trans}},
-        {trans,  "list", 0,  1,  pop_list,   {trans, trans}},
-        {trans,  "retr", 1,  1,  pop_send,   {trans, trans}},
-        {trans,  "dele", 1,  1,  pop_dele,   {trans, trans}},
-        {trans,  "noop", 0,  0,  NULL,       {trans, trans}},
-        {trans,  "rset", 0,  0,  pop_rset,   {trans, trans}},
-        {trans,  "top",  2,  2,  pop_send,   {trans, trans}},
-        {trans,  "last", 0,  0,  pop_last,   {trans, trans}},
-        {trans,  "quit", 0,  0,  pop_updt,   {halt,  halt}},
-	{trans,  "help", 0,  0,  pop_help,   {trans, trans}},
-#ifdef UIDL
-        {trans,  "uidl", 0,  1,  pop_uidl,   {trans, trans}},
-#endif
-#ifdef XOVER
-	{trans,	"xover", 0,  0,	 pop_xover,  {trans, trans}},
-#endif
-#ifdef XDELE
-        {trans,  "xdele", 1,  2,  pop_xdele,   {trans, trans}},
-#endif
-        {(state) 0,  NULL,   0,  0,  NULL,       {halt,  halt}},
-};
-
-int
-pop_capa (POP *p)
-{
-    /*  Search for the POP command in the command/state table */
-    pop_msg (p,POP_SUCCESS, "Capability list follows");
-    fprintf(p->output, "USER\r\n");
-    fprintf(p->output, "TOP\r\n");
-    fprintf(p->output, "PIPELINING\r\n");
-    fprintf(p->output, "EXPIRE NEVER\r\n");
-    fprintf(p->output, "RESP-CODES\r\n");
-#ifdef UIDL
-    fprintf(p->output, "UIDL\r\n");
-#endif
-#ifdef XOVER
-    fprintf(p->output, "XOVER\r\n");
-#endif
-#ifdef XDELE
-    fprintf(p->output, "XDELE\r\n");
-#endif
-    if(p->CurrentState == trans)
-	fprintf(p->output, "IMPLEMENTATION %s-%s\r\n", PACKAGE, VERSION);
-    fprintf(p->output,".\r\n");
-    fflush(p->output);
-
-    p->flags |= POP_FLAG_CAPA;
-
-    return(POP_SUCCESS);
-}
-
-state_table *
-pop_get_command(POP *p, char *mp)
-{
-    state_table     *   s;
-    char                buf[MAXMSGLINELEN];
-
-    /*  Save a copy of the original client line */
-#ifdef DEBUG
-    if(p->debug) strlcpy (buf, mp, sizeof(buf));
-#endif /* DEBUG */
-
-    /*  Parse the message into the parameter array */
-    if ((p->parm_count = pop_parse(p,mp)) < 0) return(NULL);
-
-    /*  Do not log cleartext passwords */
-#ifdef DEBUG
-    if(p->debug){
-        if(strcmp(p->pop_command,"pass") == 0)
-            pop_log(p,POP_DEBUG,"Received: \"%s xxxxxxxxx\"",p->pop_command);
-        else {
-            /*  Remove trailing <LF> */
-            buf[strlen(buf)-2] = '\0';
-            pop_log(p,POP_DEBUG,"Received: \"%s\"",buf);
-        }
-    }
-#endif /* DEBUG */
-
-    /*  Search for the POP command in the command/state table */
-    for (s = states; s->command; s++) {
-
-        /*  Is this a valid command for the current operating state? */
-        if (strcmp(s->command,p->pop_command) == 0
-             && s->ValidCurrentState == p->CurrentState) {
-
-            /*  Were too few parameters passed to the command? */
-            if (p->parm_count < s->min_parms) {
-                pop_msg(p,POP_FAILURE,
-			"Too few arguments for the %s command.",
-			p->pop_command);
-		return NULL;
-	    }
-
-            /*  Were too many parameters passed to the command? */
-            if (p->parm_count > s->max_parms) {
-                pop_msg(p,POP_FAILURE,
-			"Too many arguments for the %s command.",
-			p->pop_command);
-		return NULL;
-	   }
-
-            /*  Return a pointer to the entry for this command in 
-                the command/state table */
-            return (s);
-        }
-    }
-    /*  The client command was not located in the command/state table */
-    pop_msg(p,POP_FAILURE,
-	    "Unknown command: \"%s\".",p->pop_command);
-    return NULL;
-}
-
-int
-pop_help (POP *p)
-{
-    state_table		*s;
-
-    pop_msg(p, POP_SUCCESS, "help");
-
-    for (s = states; s->command; s++) {
-	fprintf (p->output, "%s\r\n", s->command);
-    }
-    fprintf (p->output, ".\r\n");
-    fflush (p->output);
-    return POP_SUCCESS;
-}
diff --git a/crypto/heimdal/appl/popper/pop_init.c b/crypto/heimdal/appl/popper/pop_init.c
deleted file mode 100644
index 7487ce666a43..000000000000
--- a/crypto/heimdal/appl/popper/pop_init.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_init.c,v 1.58 2001/02/20 01:44:47 assar Exp $");
-
-
-#if defined(KRB4) || defined(KRB5)
-
-static int
-pop_net_read(POP *p, int fd, void *buf, size_t len)
-{
-#ifdef KRB5
-    return krb5_net_read(p->context, &fd, buf, len);
-#elif defined(KRB4)
-    return krb_net_read(fd, buf, len);
-#endif
-}
-#endif
-
-static char *addr_log;
-
-static void
-pop_write_addr(POP *p, struct sockaddr *addr)
-{
-    char ts[32];
-    char as[128];
-    time_t t;
-    FILE *f;
-    if(addr_log == NULL)
-	return;
-    t = time(NULL);
-    strftime(ts, sizeof(ts), "%Y%m%d%H%M%S", localtime(&t));
-    if(inet_ntop (addr->sa_family, socket_get_address(addr), 
-		  as, sizeof(as)) == NULL) {
-        pop_log(p, POP_PRIORITY, "failed to print address");
-	return;
-    }
-    
-    f = fopen(addr_log, "a");
-    if(f == NULL) {
-        pop_log(p, POP_PRIORITY, "failed to open address log (%s)", addr_log);
-	return;
-    }
-    fprintf(f, "%s %s\n", as, ts);
-    fclose(f);
-}
-
-#ifdef KRB4
-static int
-krb4_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
-{
-    Key_schedule schedule;
-    KTEXT_ST ticket;
-    char instance[INST_SZ];  
-    char version[9];
-    int auth;
-  
-    if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
-	return -1;
-    if (pop_net_read (p, s, buf + 4,
-		      KRB_SENDAUTH_VLEN - 4) != KRB_SENDAUTH_VLEN - 4)
-	return -1;
-    if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
-	return -1;
-
-    k_getsockinst (0, instance, sizeof(instance));
-    auth = krb_recvauth(KOPT_IGNORE_PROTOCOL,
-			s,
-			&ticket,
-			"pop",
-			instance,
-                        (struct sockaddr_in *)addr,
-			(struct sockaddr_in *) NULL,
-                        &p->kdata,
-			"",
-			schedule,
-			version);
-    
-    if (auth != KSUCCESS) {
-        pop_msg(p, POP_FAILURE, "Kerberos authentication failure: %s", 
-                krb_get_err_text(auth));
-        pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client, 
-                p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
-		krb_get_err_text(auth));
-	return -1;
-    }
-
-#ifdef DEBUG
-    pop_log(p, POP_DEBUG, "%s.%s@%s (%s): ok", p->kdata.pname, 
-            p->kdata.pinst, p->kdata.prealm, p->ipaddr);
-#endif /* DEBUG */
-    return 0;
-}
-#endif /* KRB4 */
-
-#ifdef KRB5
-static int
-krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    u_int32_t len;
-    krb5_ticket *ticket;
-    char *server;
-
-    if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
-	return -1;
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
-	
-    if (krb5_net_read(p->context, &s, buf, len) != len)
-	return -1;
-    if (len != sizeof(KRB5_SENDAUTH_VERSION)
-	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
-	return -1;
-
-    ret = krb5_recvauth (p->context,
-			 &auth_context,
-			 &s,
-			 "KPOPV1.0",
-			 NULL, /* let rd_req figure out what server to use */
-			 KRB5_RECVAUTH_IGNORE_VERSION,
-			 NULL,
-			 &ticket);
-    if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
-		krb5_get_err_text(p->context, ret));
-	return -1;
-    }
-
-
-    ret = krb5_unparse_name(p->context, ticket->server, &server);
-    if(ret) {
-	pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", 
-		krb5_get_err_text(p->context, ret));
-	ret = -1;
-	goto out;
-    }
-    /* does this make sense? */
-    if(strncmp(server, "pop/", 4) != 0) {
-	pop_log(p, POP_PRIORITY,
-		"Got ticket for service `%s'", server);
-	ret = -1;
-	goto out;
-    } else if(p->debug)
-	pop_log(p, POP_DEBUG, 
-		"Accepted ticket for service `%s'", server);
-    free(server);
- out:
-    krb5_auth_con_free (p->context, auth_context);
-    krb5_copy_principal (p->context, ticket->client, &p->principal);
-    krb5_free_ticket (p->context, ticket);
-
-    return ret;
-}
-#endif
-
-static int
-krb_authenticate(POP *p, struct sockaddr *addr)
-{
-#if defined(KRB4) || defined(KRB5)
-    u_char buf[BUFSIZ];
-
-    if (pop_net_read (p, 0, buf, 4) != 4) {
-	pop_msg(p, POP_FAILURE, "Reading four bytes: %s",
-		strerror(errno));
-	exit (1);
-    }
-#ifdef KRB4
-    if (krb4_authenticate (p, 0, buf, addr) == 0){
-	pop_write_addr(p, addr);
-	p->version = 4;
-	return POP_SUCCESS;
-    }
-#endif
-#ifdef KRB5
-    if (krb5_authenticate (p, 0, buf, addr) == 0){
-	pop_write_addr(p, addr);
-	p->version = 5;
-	return POP_SUCCESS;
-    }
-#endif
-    exit (1);
-	
-#endif /* defined(KRB4) || defined(KRB5) */
-
-    return(POP_SUCCESS);
-}
-
-static int
-plain_authenticate (POP *p, struct sockaddr *addr)
-{
-    return(POP_SUCCESS);
-}
-
-static int kerberos_flag;
-static char *auth_str;
-static int debug_flag;
-static int interactive_flag;
-static char *port_str;
-static char *trace_file;
-static int timeout;
-static int help_flag;
-static int version_flag;
-
-static struct getargs args[] = {
-#if defined(KRB4) || defined(KRB5)
-    { "kerberos", 'k', arg_flag, &kerberos_flag, "use kerberos" },
-#endif
-    { "auth-mode", 'a', arg_string, &auth_str, "required authentication" },
-    { "debug", 'd', arg_flag, &debug_flag },
-    { "interactive", 'i', arg_flag, &interactive_flag, "create new socket" },
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "trace-file", 't', arg_string, &trace_file, "trace all command to file", "file" },
-    { "timeout", 'T', arg_integer, &timeout, "timeout", "seconds" },
-    { "address-log", 0, arg_string, &addr_log, "enable address log", "file" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 'v', arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-/* 
- *  init:   Start a Post Office Protocol session
- */
-
-static int
-pop_getportbyname(POP *p, const char *service, 
-		  const char *proto, short def)
-{
-#ifdef KRB5
-    return krb5_getportbyname(p->context, service, proto, def);
-#elif defined(KRB4)
-    return k_getportbyname(service, proto, htons(def));
-#else
-    return htons(default);
-#endif
-}
-
-int
-pop_init(POP *p,int argcount,char **argmessage)
-{
-    struct sockaddr_storage cs_ss;
-    struct sockaddr *cs = (struct sockaddr *)&cs_ss;
-    socklen_t		    len;
-    char                *   trace_file_name = "/tmp/popper-trace";
-    int			    portnum = 0;
-    int 		    optind = 0;
-    int			    error;
-
-    /*  Initialize the POP parameter block */
-    memset (p, 0, sizeof(POP));
-
-    setprogname(argmessage[0]);
-
-    /*  Save my name in a global variable */
-    p->myname = (char*)getprogname();
-
-    /*  Get the name of our host */
-    gethostname(p->myhost,MaxHostNameLen);
-
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-
-	ret = krb5_init_context (&p->context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-
-	krb5_openlog(p->context, p->myname, &p->logf);
-	krb5_set_warn_dest(p->context, p->logf);
-    }
-#else
-    /*  Open the log file */
-    roken_openlog(p->myname,POP_LOGOPTS,POP_FACILITY);
-#endif
-
-    p->auth_level = AUTH_NONE;
-
-    if(getarg(args, num_args, argcount, argmessage, &optind)){
-	arg_printusage(args, num_args, NULL, "");
-	exit(1);
-    }
-    if(help_flag){
-	arg_printusage(args, num_args, NULL, "");
-	exit(0);
-    }
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argcount -= optind;
-    argmessage += optind;
-
-    if (argcount != 0) {
-	arg_printusage(args, num_args, NULL, "");
-	exit(1);
-    }
-
-    if(auth_str){
-	if (strcmp (auth_str, "none") == 0)
-	    p->auth_level = AUTH_NONE;
-	else if(strcmp(auth_str, "otp") == 0)
-	    p->auth_level = AUTH_OTP;
-	else
-	    warnx ("bad value for -a: %s", optarg);
-    }
-    /*  Debugging requested */
-    p->debug = debug_flag;
-
-    if(port_str)
-	portnum = htons(atoi(port_str));
-    if(trace_file){
-	p->debug++;
-	if ((p->trace = fopen(trace_file, "a+")) == NULL) {
-	    pop_log(p, POP_PRIORITY,
-		    "Unable to open trace file \"%s\", err = %d",
-		    optarg,errno);
-	    exit (1);
-	}
-	trace_file_name = trace_file;
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    p->kerberosp = kerberos_flag;
-#endif
-
-    if(timeout)
-	pop_timeout = timeout;
-    
-    /* Fake inetd */
-    if (interactive_flag) {
-	if (portnum == 0)
-	    portnum = p->kerberosp ?
-		pop_getportbyname(p, "kpop", "tcp", 1109) :
-	    pop_getportbyname(p, "pop", "tcp", 110);
-	mini_inetd (portnum);
-    }
-
-    /*  Get the address and socket of the client to whom I am speaking */
-    len = sizeof(cs_ss);
-    if (getpeername(STDIN_FILENO, cs, &len) < 0) {
-        pop_log(p,POP_PRIORITY,
-            "Unable to obtain socket and address of client, err = %d",errno);
-        exit (1);
-    }
-
-    /*  Save the dotted decimal form of the client's IP address 
-        in the POP parameter block */
-    inet_ntop (cs->sa_family, socket_get_address (cs),
-	       p->ipaddr, sizeof(p->ipaddr));
-
-    /*  Save the client's port */
-    p->ipport = ntohs(socket_get_port (cs));
-
-    /*  Get the canonical name of the host to whom I am speaking */
-    error = getnameinfo_verified (cs, len, p->client, sizeof(p->client),
-				  NULL, 0, 0);
-    if (error) {
-	pop_log (p, POP_PRIORITY,
-		 "getnameinfo: %s", gai_strerror (error));
-	strlcpy (p->client, p->ipaddr, sizeof(p->client));
-    }
-
-    /*  Create input file stream for TCP/IP communication */
-    if ((p->input = fdopen(STDIN_FILENO,"r")) == NULL){
-        pop_log(p,POP_PRIORITY,
-            "Unable to open communication stream for input, err = %d",errno);
-        exit (1);
-    }
-
-    /*  Create output file stream for TCP/IP communication */
-    if ((p->output = fdopen(STDOUT_FILENO,"w")) == NULL){
-        pop_log(p,POP_PRIORITY,
-            "Unable to open communication stream for output, err = %d",errno);
-        exit (1);
-    }
-
-    pop_log(p,POP_PRIORITY,
-        "(v%s) Servicing request from \"%s\" at %s\n",
-            VERSION,p->client,p->ipaddr);
-
-#ifdef DEBUG
-    if (p->trace)
-        pop_log(p,POP_PRIORITY,
-            "Tracing session and debugging information in file \"%s\"",
-                trace_file_name);
-    else if (p->debug)
-        pop_log(p,POP_PRIORITY,"Debugging turned on");
-#endif /* DEBUG */
-
-
-    return((p->kerberosp ? krb_authenticate : plain_authenticate)(p, cs));
-}
diff --git a/crypto/heimdal/appl/popper/pop_last.c b/crypto/heimdal/appl/popper/pop_last.c
deleted file mode 100644
index 36fdd0d25a12..000000000000
--- a/crypto/heimdal/appl/popper/pop_last.c
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_last.c,v 1.6 1996/10/28 16:25:28 assar Exp $");
-
-/* 
- *  last:   Display the last message touched in a POP session
- */
-
-int
-pop_last (POP *p)
-{
-    return (pop_msg(p,POP_SUCCESS,"%u is the last message seen.",p->last_msg));
-}
diff --git a/crypto/heimdal/appl/popper/pop_list.c b/crypto/heimdal/appl/popper/pop_list.c
deleted file mode 100644
index aa7666a63158..000000000000
--- a/crypto/heimdal/appl/popper/pop_list.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_list.c,v 1.10 1998/04/23 17:37:47 joda Exp $");
-
-/* 
- *  list:   List the contents of a POP maildrop
- */
-
-int
-pop_list (POP *p)
-{
-    MsgInfoList         *   mp;         /*  Pointer to message info list */
-    int		            i;
-    int			    msg_num;
-
-    /*  Was a message number provided? */
-    if (p->parm_count > 0) {
-        msg_num = atoi(p->pop_parm[1]);
-
-        /*  Is requested message out of range? */
-        if ((msg_num < 1) || (msg_num > p->msg_count))
-            return (pop_msg (p,POP_FAILURE,
-                "Message %d does not exist.",msg_num));
-
-        /*  Get a pointer to the message in the message list */
-        mp = &p->mlp[msg_num-1];
-
-        /*  Is the message already flagged for deletion? */
-        if (mp->flags & DEL_FLAG)
-            return (pop_msg (p,POP_FAILURE,
-                "Message %d has been deleted.",msg_num));
-
-        /*  Display message information */
-        return (pop_msg(p,POP_SUCCESS,"%d %ld",msg_num,mp->length));
-    }
-    
-    /*  Display the entire list of messages */
-    pop_msg(p,POP_SUCCESS,
-	    "%d messages (%ld octets)",
-            p->msg_count-p->msgs_deleted,
-	    p->drop_size-p->bytes_deleted);
-
-    /*  Loop through the message information list.  Skip deleted messages */
-    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
-        if (!(mp->flags & DEL_FLAG)) 
-            fprintf(p->output,"%u %lu\r\n",mp->number,mp->length);
-    }
-
-    /*  "." signals the end of a multi-line transmission */
-    fprintf(p->output,".\r\n");
-    fflush(p->output);
-
-    return(POP_SUCCESS);
-}
diff --git a/crypto/heimdal/appl/popper/pop_log.c b/crypto/heimdal/appl/popper/pop_log.c
deleted file mode 100644
index deb9841d87e4..000000000000
--- a/crypto/heimdal/appl/popper/pop_log.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_log.c,v 1.13 1997/10/14 21:59:07 joda Exp $");
-
-/* 
- *  log:    Make a log entry
- */
-
-int
-pop_log(POP *p, int stat, char *format, ...)
-{
-    char msgbuf[MAXLINELEN];
-    va_list     ap;
-
-    va_start(ap, format);
-    vsnprintf(msgbuf, sizeof(msgbuf), format, ap);
-
-    if (p->debug && p->trace) {
-        fprintf(p->trace,"%s\n",msgbuf);
-        fflush(p->trace);
-    } else {
-#ifdef KRB5
-	krb5_log(p->context, p->logf, stat, "%s", msgbuf);
-#else
-        syslog (stat,"%s",msgbuf);
-#endif
-    }
-    va_end(ap);
-
-    return(stat);
-}
diff --git a/crypto/heimdal/appl/popper/pop_msg.c b/crypto/heimdal/appl/popper/pop_msg.c
deleted file mode 100644
index 12887a49fad8..000000000000
--- a/crypto/heimdal/appl/popper/pop_msg.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_msg.c,v 1.16 1999/09/16 20:38:50 assar Exp $");
-
-/* 
- *  msg:    Send a formatted line to the POP client
- */
-
-int
-pop_msg(POP *p, int stat, char *format, ...)
-{
-    char	       *mp;
-    char                message[MAXLINELEN];
-    va_list             ap;
-
-    va_start(ap, format);
-    
-    /*  Point to the message buffer */
-    mp = message;
-
-    /*  Format the POP status code at the beginning of the message */
-    snprintf (mp, sizeof(message), "%s ",
-	      (stat == POP_SUCCESS) ? POP_OK : POP_ERR);
-
-    /*  Point past the POP status indicator in the message message */
-    mp += strlen(mp);
-
-    /*  Append the message (formatted, if necessary) */
-    if (format) 
-	vsnprintf (mp, sizeof(message) - strlen(message),
-		   format, ap);
-    
-    /*  Log the message if debugging is turned on */
-#ifdef DEBUG
-    if (p->debug && stat == POP_SUCCESS)
-        pop_log(p,POP_DEBUG,"%s",message);
-#endif /* DEBUG */
-
-    /*  Log the message if a failure occurred */
-    if (stat != POP_SUCCESS) 
-        pop_log(p,POP_PRIORITY,"%s",message);
-
-    /*  Append the <CR><LF> */
-    strlcat(message, "\r\n", sizeof(message));
-        
-    /*  Send the message to the client */
-    fputs(message, p->output);
-    fflush(p->output);
-
-    va_end(ap);
-    return(stat);
-}
diff --git a/crypto/heimdal/appl/popper/pop_parse.c b/crypto/heimdal/appl/popper/pop_parse.c
deleted file mode 100644
index 37aef369a98f..000000000000
--- a/crypto/heimdal/appl/popper/pop_parse.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_parse.c,v 1.9 1999/03/13 21:17:27 assar Exp $");
-
-/* 
- *  parse:  Parse a raw input line from a POP client 
- *  into null-delimited tokens
- */
-
-int
-pop_parse(POP *p, char *buf)
-{
-    char            *   mp;
-    int        i;
-    
-    /*  Loop through the POP command array */
-    for (mp = buf, i = 0; ; i++) {
-    
-        /*  Skip leading spaces and tabs in the message */
-        while (isspace((unsigned char)*mp))mp++;
-
-        /*  Are we at the end of the message? */
-        if (*mp == 0) break;
-
-        /*  Have we already obtained the maximum allowable parameters? */
-        if (i >= MAXPARMCOUNT) {
-            pop_msg(p,POP_FAILURE,"Too many arguments supplied.");
-            return(-1);
-        }
-
-        /*  Point to the start of the token */
-        p->pop_parm[i] = mp;
-
-        /*  Search for the first space character (end of the token) */
-        while (!isspace((unsigned char)*mp) && *mp) mp++;
-
-        /*  Delimit the token with a null */
-        if (*mp) *mp++ = 0;
-    }
-
-    /*  Were any parameters passed at all? */
-    if (i == 0) return (-1);
-
-    /*  Convert the first token (POP command) to lower case */
-    strlwr(p->pop_command);
-
-    /*  Return the number of tokens extracted minus the command itself */
-    return (i-1);
-    
-}
diff --git a/crypto/heimdal/appl/popper/pop_pass.c b/crypto/heimdal/appl/popper/pop_pass.c
deleted file mode 100644
index cebd78083c9f..000000000000
--- a/crypto/heimdal/appl/popper/pop_pass.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_pass.c,v 1.41 2000/04/12 15:37:46 assar Exp $");
-
-#ifdef KRB4
-static int
-krb4_verify_password (POP *p)
-{
-    int status;
-    char lrealm[REALM_SZ];
-    char tkt[MaxPathLen];
-
-    status = krb_get_lrealm(lrealm,1);
-    if (status == KFAILURE) {
-        pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client,
-		p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
-		krb_get_err_text(status));
-	return 1;
-    }
-    snprintf(tkt, sizeof(tkt), "%s_popper.%u", TKT_ROOT, (unsigned)getpid());
-    krb_set_tkt_string (tkt);
-
-    status = krb_verify_user(p->user, "", lrealm,
-			     p->pop_parm[1], KRB_VERIFY_SECURE, "pop");
-    dest_tkt(); /* no point in keeping the tickets */
-    return status;
-}
-#endif /* KRB4 */
-
-#ifdef KRB5
-static int
-krb5_verify_password (POP *p)
-{
-    krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
-    krb5_get_init_creds_opt get_options;
-    krb5_verify_init_creds_opt verify_options;
-    krb5_error_code ret;
-    krb5_principal client, server;
-    krb5_creds creds;
-
-    krb5_get_init_creds_opt_init (&get_options);
-
-    krb5_get_init_creds_opt_set_preauth_list (&get_options,
-					      pre_auth_types,
-					      1);
-
-    krb5_verify_init_creds_opt_init (&verify_options);
-    
-    ret = krb5_parse_name (p->context, p->user, &client);
-    if (ret) {
-	pop_log(p, POP_PRIORITY, "krb5_parse_name: %s",
-		krb5_get_err_text (p->context, ret));
-	return 1;
-    }
-
-    ret = krb5_get_init_creds_password (p->context,
-					&creds,
-					client,
-					p->pop_parm[1],
-					NULL,
-					NULL,
-					0,
-					NULL,
-					&get_options);
-    if (ret) {
-	pop_log(p, POP_PRIORITY,
-		"krb5_get_init_creds_password: %s",
-		krb5_get_err_text (p->context, ret));
-	return 1;
-    }
-
-    ret = krb5_sname_to_principal (p->context,
-				   p->myhost,
-				   "pop",
-				   KRB5_NT_SRV_HST,
-				   &server);
-    if (ret) {
-	pop_log(p, POP_PRIORITY,
-		"krb5_get_init_creds_password: %s",
-		krb5_get_err_text (p->context, ret));
-	return 1;
-    }
-
-    ret = krb5_verify_init_creds (p->context,
-				  &creds,
-				  server,
-				  NULL,
-				  NULL,
-				  &verify_options);
-    krb5_free_principal (p->context, client);
-    krb5_free_principal (p->context, server);
-    krb5_free_creds_contents (p->context, &creds);
-    return ret;
-}
-#endif
-/* 
- *  pass:   Obtain the user password from a POP client
- */
-
-int
-pop_pass (POP *p)
-{
-    struct passwd  *pw;
-    int i;
-    struct stat st;
-
-    /* Make one string of all these parameters */
-    
-    for (i = 1; i < p->parm_count; ++i)
-	p->pop_parm[i][strlen(p->pop_parm[i])] = ' ';
-
-    /*  Look for the user in the password file */
-    if ((pw = k_getpwnam(p->user)) == NULL)
-	return (pop_msg(p,POP_FAILURE,
-			"Password supplied for \"%s\" is incorrect.",
-			p->user));
-
-    if (p->kerberosp) {
-#ifdef KRB4
-	if (p->version == 4) {
-	    if(kuserok (&p->kdata, p->user)) {
-		pop_log(p, POP_PRIORITY,
-			"%s: (%s.%s@%s) tried to retrieve mail for %s.",
-			p->client, p->kdata.pname, p->kdata.pinst,
-			p->kdata.prealm, p->user);
-		return(pop_msg(p,POP_FAILURE,
-			       "Popping not authorized"));
-	    }
-	    pop_log(p, POP_INFO, "%s: %s.%s@%s -> %s",
-		    p->ipaddr,
-		    p->kdata.pname, p->kdata.pinst, p->kdata.prealm,
-		    p->user);
-	} else
-#endif /* KRB4 */
-#ifdef KRB5
-	if (p->version == 5) {
-	    char *name;
-	    
-	    if (!krb5_kuserok (p->context, p->principal, p->user)) {
-		pop_log (p, POP_PRIORITY,
-			 "krb5 permission denied");
-		return pop_msg(p, POP_FAILURE,
-			       "Popping not authorized");
-	    }
-	    if(krb5_unparse_name (p->context, p->principal, &name) == 0) {
-		pop_log(p, POP_INFO, "%s: %s -> %s",
-			p->ipaddr, name, p->user);
-		free (name);
-	    }
-	} else {
-	    pop_log (p, POP_PRIORITY, "kerberos authentication failed");
-	    return pop_msg (p, POP_FAILURE,
-			    "kerberos authentication failed");
-	}
-#endif
-	{ }
-    } else {
-	 /*  We don't accept connections from users with null passwords */
-	 if (pw->pw_passwd == NULL)
-	      return (pop_msg(p,
-			      POP_FAILURE,
-			      "Password supplied for \"%s\" is incorrect.",
-			      p->user));
-
-#ifdef OTP
-	 if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
-	     /* pass OK */;
-	 else
-#endif
-	 /*  Compare the supplied password with the password file entry */
-	 if (p->auth_level != AUTH_NONE)
-	     return pop_msg(p, POP_FAILURE,
-			    "Password supplied for \"%s\" is incorrect.",
-			    p->user);
-	 else if (!strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd))
-	     /* pass OK */;
-	 else {
-	     int ret = -1;
-#ifdef KRB4
-	     ret = krb4_verify_password (p);
-#endif
-#ifdef KRB5
-	     if(ret)
-		 ret = krb5_verify_password (p);
-#endif
-	     if(ret)
-		 return pop_msg(p, POP_FAILURE,
-				"Password incorrect");
-	 }
-    }
-    pop_log(p, POP_INFO, "login from %s as %s",
-	    p->ipaddr, p->user);
-
-    /*  Build the name of the user's maildrop */
-    snprintf(p->drop_name, sizeof(p->drop_name), "%s/%s", POP_MAILDIR, p->user);
-
-    if(stat(p->drop_name, &st) < 0 || !S_ISDIR(st.st_mode)){
-	/*  Make a temporary copy of the user's maildrop */
-	/*    and set the group and user id */
-	if (pop_dropcopy(p, pw) != POP_SUCCESS) return (POP_FAILURE);
-	
-	/*  Get information about the maildrop */
-	if (pop_dropinfo(p) != POP_SUCCESS) return(POP_FAILURE);
-    } else {
-	if(changeuser(p, pw) != POP_SUCCESS) return POP_FAILURE;
-	if(pop_maildir_info(p) != POP_SUCCESS) return POP_FAILURE;
-    }
-    /*  Initialize the last-message-accessed number */
-    p->last_msg = 0;
-
-    /*  Authorization completed successfully */
-    return (pop_msg (p, POP_SUCCESS,
-		     "%s has %d message(s) (%ld octets).",
-		     p->user, p->msg_count, p->drop_size));
-}
diff --git a/crypto/heimdal/appl/popper/pop_quit.c b/crypto/heimdal/appl/popper/pop_quit.c
deleted file mode 100644
index 429b1815dd19..000000000000
--- a/crypto/heimdal/appl/popper/pop_quit.c
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_quit.c,v 1.7 1996/11/19 22:48:30 assar Exp $");
-
-/* 
- *  quit:   Terminate a POP session
- */
-
-int
-pop_quit (POP *p)
-{
-    /*  Release the message information list */
-    if (p->mlp) free (p->mlp);
-
-    return(POP_SUCCESS);
-}
diff --git a/crypto/heimdal/appl/popper/pop_rset.c b/crypto/heimdal/appl/popper/pop_rset.c
deleted file mode 100644
index 6888ebfbad48..000000000000
--- a/crypto/heimdal/appl/popper/pop_rset.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_rset.c,v 1.9 1998/04/23 17:38:08 joda Exp $");
-
-/* 
- *  rset:   Unflag all messages flagged for deletion in a POP maildrop
- */
-
-int
-pop_rset (POP *p)
-{
-    MsgInfoList     *   mp;         /*  Pointer to the message info list */
-    int		        i;
-
-    /*  Unmark all the messages */
-    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++)
-        mp->flags &= ~DEL_FLAG;
-    
-    /*  Reset the messages-deleted and bytes-deleted counters */
-    p->msgs_deleted = 0;
-    p->bytes_deleted = 0;
-    
-    /*  Reset the last-message-access flag */
-    p->last_msg = 0;
-
-    return (pop_msg(p,POP_SUCCESS,"Maildrop has %u messages (%ld octets)",
-		    p->msg_count, p->drop_size));
-}
diff --git a/crypto/heimdal/appl/popper/pop_send.c b/crypto/heimdal/appl/popper/pop_send.c
deleted file mode 100644
index 166b990a1419..000000000000
--- a/crypto/heimdal/appl/popper/pop_send.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_send.c,v 1.25 1999/03/05 14:14:28 joda Exp $");
-
-/*
- *  sendline:   Send a line of a multi-line response to a client.
- */
-static int
-pop_sendline(POP *p, char *buffer)
-{
-    char        *   bp;
-
-    /*  Byte stuff lines that begin with the termination octet */
-    if (*buffer == POP_TERMINATE) 
-      fputc(POP_TERMINATE,p->output);
-
-    /*  Look for a <NL> in the buffer */
-    if ((bp = strchr(buffer, '\n')))
-      *bp = 0;
-
-    /*  Send the line to the client */
-    fputs(buffer,p->output);
-
-#ifdef DEBUG
-    if(p->debug)
-      pop_log(p,POP_DEBUG,"Sending line \"%s\"",buffer);
-#endif /* DEBUG */
-
-    /*  Put a <CR><NL> if a newline was removed from the buffer */
-    if (bp)
-      fputs ("\r\n",p->output);
-    return bp != NULL;
-}
-
-/* 
- *  send:   Send the header and a specified number of lines 
- *          from a mail message to a POP client.
- */
-
-int
-pop_send(POP *p)
-{
-    MsgInfoList         *   mp;         /*  Pointer to message info list */
-    int		            msg_num;
-    int			    msg_lines;
-    char                    buffer[MAXMSGLINELEN];
-#ifdef RETURN_PATH_HANDLING
-    char		*   return_path_adr;
-    char		*   return_path_end;
-    int			    return_path_sent;
-    int			    return_path_linlen;
-#endif
-    int			sent_nl = 0;
-
-    /*  Convert the first parameter into an integer */
-    msg_num = atoi(p->pop_parm[1]);
-
-    /*  Is requested message out of range? */
-    if ((msg_num < 1) || (msg_num > p->msg_count))
-        return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_num));
-
-    /*  Get a pointer to the message in the message list */
-    mp = &p->mlp[msg_num-1];
-
-    /*  Is the message flagged for deletion? */
-    if (mp->flags & DEL_FLAG)
-        return (pop_msg (p,POP_FAILURE,
-			 "Message %d has been deleted.",msg_num));
-
-    /*  If this is a TOP command, get the number of lines to send */
-    if (strcmp(p->pop_command, "top") == 0) {
-        /*  Convert the second parameter into an integer */
-        msg_lines = atoi(p->pop_parm[2]);
-    }
-    else {
-        /*  Assume that a RETR (retrieve) command was issued */
-        msg_lines = -1;
-        /*  Flag the message as retreived */
-        mp->flags |= RETR_FLAG;
-    }
-    
-    /*  Display the number of bytes in the message */
-    pop_msg(p, POP_SUCCESS, "%ld octets", mp->length);
-
-    if(IS_MAILDIR(p)) {
-	int e = pop_maildir_open(p, mp);
-	if(e != POP_SUCCESS)
-	    return e;
-    }
-
-    /*  Position to the start of the message */
-    fseek(p->drop, mp->offset, 0);
-
-    return_path_sent = 0;
-
-    if(!IS_MAILDIR(p)) {
-	/*  Skip the first line (the sendmail "From" line) */
-	fgets (buffer,MAXMSGLINELEN,p->drop);
-
-#ifdef RETURN_PATH_HANDLING
-	if (strncmp(buffer,"From ",5) == 0) {
-	    return_path_linlen = strlen(buffer);
-	    for (return_path_adr = buffer+5;
-		 (*return_path_adr == ' ' || *return_path_adr == '\t') &&
-		     return_path_adr < buffer + return_path_linlen;
-		 return_path_adr++)
-		;
-	    if (return_path_adr < buffer + return_path_linlen) {
-		if ((return_path_end = strchr(return_path_adr, ' ')) != NULL)
-		    *return_path_end = '\0';
-		if (strlen(return_path_adr) != 0 && *return_path_adr != '\n') {
-		    static char tmpbuf[MAXMSGLINELEN + 20];
-		    if (snprintf (tmpbuf,
-				  sizeof(tmpbuf),
-				  "Return-Path: %s\n",
-				  return_path_adr) < MAXMSGLINELEN) {
-			pop_sendline (p,tmpbuf);
-			if (hangup)
-			    return pop_msg (p, POP_FAILURE,
-					    "SIGHUP or SIGPIPE flagged");
-			return_path_sent++;
-		    }
-		}
-	    }
-	}
-#endif
-    }
-
-    /*  Send the header of the message followed by a blank line */
-    while (fgets(buffer,MAXMSGLINELEN,p->drop)) {
-#ifdef RETURN_PATH_HANDLING
-	/* Don't send existing Return-Path-header if already sent own */
-	if (!return_path_sent || strncasecmp(buffer, "Return-Path:", 12) != 0)
-#endif
-	    sent_nl = pop_sendline (p,buffer);
-        /*  A single newline (blank line) signals the 
-            end of the header.  sendline() converts this to a NULL, 
-            so that's what we look for. */
-        if (*buffer == 0) break;
-        if (hangup)
-	    return (pop_msg (p,POP_FAILURE,"SIGHUP or SIGPIPE flagged"));
-    }
-    /*  Send the message body */
-    {
-	int blank_line = 1;
-	while (fgets(buffer, MAXMSGLINELEN-1, p->drop)) {
-	    /*  Look for the start of the next message */
-	    if (!IS_MAILDIR(p) && blank_line && strncmp(buffer,"From ",5) == 0)
-		break;
-	    blank_line = (strncmp(buffer, "\n", 1) == 0);
-	    /*  Decrement the lines sent (for a TOP command) */
-	    if (msg_lines >= 0 && msg_lines-- == 0) break;
-	    sent_nl = pop_sendline(p,buffer);
-	    if (hangup)
-		return (pop_msg (p,POP_FAILURE,"SIGHUP or SIGPIPE flagged"));
-	}
-	/* add missing newline at end */
-	if(!sent_nl)
-	    fputs("\r\n", p->output);
-	/* some pop-clients want a blank line at the end of the
-           message, we always add one here, but what the heck -- in
-           outer (white) space, no one can hear you scream */
-	if(IS_MAILDIR(p))
-	    fputs("\r\n", p->output);
-    }
-    /*  "." signals the end of a multi-line transmission */
-    fputs(".\r\n",p->output);
-    fflush(p->output);
-
-    return(POP_SUCCESS);
-}
diff --git a/crypto/heimdal/appl/popper/pop_stat.c b/crypto/heimdal/appl/popper/pop_stat.c
deleted file mode 100644
index 9ab2800b0f97..000000000000
--- a/crypto/heimdal/appl/popper/pop_stat.c
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_stat.c,v 1.7 1997/05/11 11:04:35 assar Exp $");
-
-/* 
- *  stat:   Display the status of a POP maildrop to its client
- */
-
-int
-pop_stat (POP *p)
-{
-#ifdef DEBUG
-    if (p->debug) pop_log(p,POP_DEBUG,"%d message(s) (%ld octets).",
-			  p->msg_count-p->msgs_deleted,
-			  p->drop_size-p->bytes_deleted);
-#endif /* DEBUG */
-    return (pop_msg (p,POP_SUCCESS,
-		     "%d %ld",
-		     p->msg_count-p->msgs_deleted,
-		     p->drop_size-p->bytes_deleted));
-}
diff --git a/crypto/heimdal/appl/popper/pop_uidl.c b/crypto/heimdal/appl/popper/pop_uidl.c
deleted file mode 100644
index 42dc12deba11..000000000000
--- a/crypto/heimdal/appl/popper/pop_uidl.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_uidl.c,v 1.9 1999/12/02 16:58:33 joda Exp $");
-
-#ifdef UIDL
-/* 
- *  uidl:   Uidl the contents of a POP maildrop
- */
-
-int
-pop_uidl (POP *p)
-{
-    MsgInfoList         *   mp;         /*  Pointer to message info list */
-    int		            i;
-    int			    msg_num;
-
-    /*  Was a message number provided? */
-    if (p->parm_count > 0) {
-        msg_num = atoi(p->pop_parm[1]);
-
-        /*  Is requested message out of range? */
-        if ((msg_num < 1) || (msg_num > p->msg_count))
-            return (pop_msg (p,POP_FAILURE,
-                "Message %d does not exist.",msg_num));
-
-        /*  Get a pointer to the message in the message list */
-        mp = &p->mlp[msg_num-1];
-
-        /*  Is the message already flagged for deletion? */
-        if (mp->flags & DEL_FLAG)
-            return (pop_msg (p,POP_FAILURE,
-                "Message %d has been deleted.",msg_num));
-
-        /*  Display message information */
-        return (pop_msg(p,POP_SUCCESS,"%u %s",msg_num,mp->msg_id));
-    }
-    
-    /*  Display the entire list of messages */
-    pop_msg(p,POP_SUCCESS,
-	    "%d messages (%ld octets)",
-            p->msg_count-p->msgs_deleted,
-	    p->drop_size-p->bytes_deleted);
-
-    /*  Loop through the message information list.  Skip deleted messages */
-    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
-        if (!(mp->flags & DEL_FLAG)) 
-            fprintf(p->output,"%u %s\r\n",mp->number,mp->msg_id);
-    }
-
-    /*  "." signals the end of a multi-line transmission */
-    fprintf(p->output,".\r\n");
-    fflush(p->output);
-
-    return(POP_SUCCESS);
-}
-#endif /* UIDL */
diff --git a/crypto/heimdal/appl/popper/pop_updt.c b/crypto/heimdal/appl/popper/pop_updt.c
deleted file mode 100644
index 013013257ddc..000000000000
--- a/crypto/heimdal/appl/popper/pop_updt.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_updt.c,v 1.19 1998/04/23 18:36:51 joda Exp $");
-
-static char standard_error[] =
-    "Error error updating primary drop. Mailbox unchanged";
-
-/* 
- *  updt:   Apply changes to a user's POP maildrop
- */
-
-int
-pop_updt (POP *p)
-{
-    FILE                *   md;                     /*  Stream pointer for 
-                                                        the user's maildrop */
-    int                     mfd;                    /*  File descriptor for
-                                                        above */
-    char                    buffer[BUFSIZ];         /*  Read buffer */
-
-    MsgInfoList         *   mp;                     /*  Pointer to message 
-                                                        info list */
-    int		            msg_num;                /*  Current message 
-                                                        counter */
-    int			    status_written;         /*  Status header field 
-                                                        written */
-    int                     nchar;                  /* Bytes read/written */
-
-    long                    offset;                 /* New mail offset */
-
-    int			    blank_line;
-
-#ifdef DEBUG
-    if (p->debug) {
-        pop_log(p,POP_DEBUG,"Performing maildrop update...");
-        pop_log(p,POP_DEBUG,"Checking to see if all messages were deleted");
-    }
-#endif /* DEBUG */
-
-    if(IS_MAILDIR(p))
-	return pop_maildir_update(p);
-
-    if (p->msgs_deleted == p->msg_count) {
-        /* Truncate before close, to avoid race condition,  DO NOT UNLINK!
-           Another process may have opened,  and not yet tried to lock */
-        ftruncate ((int)fileno(p->drop),0);
-        fclose(p->drop) ;
-        return (POP_SUCCESS);
-    }
-
-#ifdef DEBUG
-    if (p->debug) 
-        pop_log(p,POP_DEBUG,"Opening mail drop \"%s\"",p->drop_name);
-#endif /* DEBUG */
-
-    /*  Open the user's real maildrop */
-    if ((mfd = open(p->drop_name,O_RDWR|O_CREAT,0600)) == -1 ||
-        (md = fdopen(mfd,"r+")) == NULL) {
-        return pop_msg(p,POP_FAILURE,standard_error);
-    }
-
-    /*  Lock the user's real mail drop */
-    if ( flock(mfd, LOCK_EX) == -1 ) {
-        fclose(md) ;
-        return pop_msg(p,POP_FAILURE, "flock: '%s': %s", p->temp_drop,
-		       strerror(errno));
-    }
-
-    /* Go to the right places */
-    offset = lseek((int)fileno(p->drop),0,SEEK_END) ; 
-
-    /*  Append any messages that may have arrived during the session 
-        to the temporary maildrop */
-    while ((nchar=read(mfd,buffer,BUFSIZ)) > 0)
-        if ( nchar != write((int)fileno(p->drop),buffer,nchar) ) {
-            nchar = -1;
-            break ;
-        }
-    if ( nchar != 0 ) {
-        fclose(md) ;
-        ftruncate((int)fileno(p->drop),(int)offset) ;
-        fclose(p->drop) ;
-        return pop_msg(p,POP_FAILURE,standard_error);
-    }
-
-    rewind(md);
-    lseek(mfd,0,SEEK_SET);
-    ftruncate(mfd,0) ;
-
-    /* Synch stdio and the kernel for the POP drop */
-    rewind(p->drop);
-    lseek((int)fileno(p->drop),0,SEEK_SET);
-
-    /*  Transfer messages not flagged for deletion from the temporary 
-        maildrop to the new maildrop */
-#ifdef DEBUG
-    if (p->debug) 
-        pop_log(p,POP_DEBUG,"Creating new maildrop \"%s\" from \"%s\"",
-                p->drop_name,p->temp_drop);
-#endif /* DEBUG */
-
-    for (msg_num = 0; msg_num < p->msg_count; ++msg_num) {
-
-        int doing_body;
-
-        /*  Get a pointer to the message information list */
-        mp = &p->mlp[msg_num];
-
-        if (mp->flags & DEL_FLAG) {
-#ifdef DEBUG
-            if(p->debug)
-                pop_log(p,POP_DEBUG,
-                    "Message %d flagged for deletion.",mp->number);
-#endif /* DEBUG */
-            continue;
-        }
-
-        fseek(p->drop,mp->offset,0);
-
-#ifdef DEBUG
-        if(p->debug)
-            pop_log(p,POP_DEBUG,"Copying message %d.",mp->number);
-#endif /* DEBUG */
-	blank_line = 1;
-        for(status_written = doing_body = 0 ;
-            fgets(buffer,MAXMSGLINELEN,p->drop);) {
-
-            if (doing_body == 0) { /* Header */
-
-                /*  Update the message status */
-                if (strncasecmp(buffer,"Status:",7) == 0) {
-                    if (mp->flags & RETR_FLAG)
-                        fputs("Status: RO\n",md);
-                    else
-                        fputs(buffer, md);
-                    status_written++;
-                    continue;
-                }
-                /*  A blank line signals the end of the header. */
-                if (*buffer == '\n') {
-                    doing_body = 1;
-                    if (status_written == 0) {
-                        if (mp->flags & RETR_FLAG)
-                            fputs("Status: RO\n\n",md);
-                        else
-                            fputs("Status: U\n\n",md);
-                    }
-                    else fputs ("\n", md);
-                    continue;
-                }
-                /*  Save another header line */
-                fputs (buffer, md);
-            } 
-            else { /* Body */ 
-                if (blank_line && strncmp(buffer,"From ",5) == 0) break;
-                fputs (buffer, md);
-		blank_line = (*buffer == '\n');
-            }
-        }
-    }
-
-    /* flush and check for errors now!  The new mail will writen
-       without stdio,  since we need not separate messages */
-
-    fflush(md) ;
-    if (ferror(md)) {
-        ftruncate(mfd,0) ;
-        fclose(md) ;
-        fclose(p->drop) ;
-        return pop_msg(p,POP_FAILURE,standard_error);
-    }
-
-    /* Go to start of new mail if any */
-    lseek((int)fileno(p->drop),offset,SEEK_SET);
-
-    while((nchar=read((int)fileno(p->drop),buffer,BUFSIZ)) > 0)
-        if ( nchar != write(mfd,buffer,nchar) ) {
-            nchar = -1;
-            break ;
-        }
-    if ( nchar != 0 ) {
-        ftruncate(mfd,0) ;
-        fclose(md) ;
-        fclose(p->drop) ;
-        return pop_msg(p,POP_FAILURE,standard_error);
-    }
-
-    /*  Close the maildrop and empty temporary maildrop */
-    fclose(md);
-    ftruncate((int)fileno(p->drop),0);
-    fclose(p->drop);
-
-    return(pop_quit(p));
-}
diff --git a/crypto/heimdal/appl/popper/pop_user.c b/crypto/heimdal/appl/popper/pop_user.c
deleted file mode 100644
index be771e690c30..000000000000
--- a/crypto/heimdal/appl/popper/pop_user.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: pop_user.c,v 1.15 1999/09/16 20:38:50 assar Exp $");
-
-/* 
- *  user:   Prompt for the user name at the start of a POP session
- */
-
-int
-pop_user (POP *p)
-{
-    char ss[256];
-
-    strlcpy(p->user, p->pop_parm[1], sizeof(p->user));
-
-#ifdef OTP
-    if (otp_challenge (&p->otp_ctx, p->user, ss, sizeof(ss)) == 0) {
-	return pop_msg(p, POP_SUCCESS, "Password %s required for %s.",
-		       ss, p->user);
-    } else
-#endif
-    if (p->auth_level != AUTH_NONE) {
-	char *s = NULL;
-#ifdef OTP
-	s = otp_error(&p->otp_ctx);
-#endif
-	return pop_msg(p, POP_FAILURE, "Permission denied%s%s",
-		       s ? ":" : "", s ? s : "");
-    } else
-	return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user);
-}
diff --git a/crypto/heimdal/appl/popper/pop_xover.c b/crypto/heimdal/appl/popper/pop_xover.c
deleted file mode 100644
index 94936f9839f7..000000000000
--- a/crypto/heimdal/appl/popper/pop_xover.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include <popper.h>
-RCSID("$Id: pop_xover.c,v 1.4 1998/04/23 17:39:31 joda Exp $");
-
-int
-pop_xover (POP *p)
-{
-#ifdef XOVER
-    MsgInfoList         *   mp;         /*  Pointer to message info list */
-    int		            i;
-
-    pop_msg(p,POP_SUCCESS,
-	    "%d messages (%ld octets)",
-            p->msg_count-p->msgs_deleted,
-	    p->drop_size-p->bytes_deleted);
-    
-    /*  Loop through the message information list.  Skip deleted messages */
-    for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
-        if (!(mp->flags & DEL_FLAG)) 
-            fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%u\r\n",
-		    mp->number,
-		    mp->subject,
-		    mp->from,
-		    mp->date, 
-		    mp->msg_id,
-		    mp->length,
-		    mp->lines);
-    }
-
-    /*  "." signals the end of a multi-line transmission */
-    fprintf(p->output,".\r\n");
-    fflush(p->output);
-
-    return(POP_SUCCESS);
-#else
-    return pop_msg(p, POP_FAILURE, "Command not implemented.");
-#endif
-}
diff --git a/crypto/heimdal/appl/popper/popper.8 b/crypto/heimdal/appl/popper/popper.8
deleted file mode 100644
index 1493fd7c8e19..000000000000
--- a/crypto/heimdal/appl/popper/popper.8
+++ /dev/null
@@ -1,90 +0,0 @@
-.\" $Id: popper.8,v 1.7 2002/08/20 16:37:05 joda Exp $
-.\"
-.Dd August 13, 2001
-.Dt POPPER 8
-.Os HEIMDAL
-.Sh NAME
-.Nm popper
-.Nd
-POP3 server
-.Sh SYNOPSIS
-.Nm
-.Op Fl k
-.Op Fl a Ar none Ns \*(Ba Ns otp
-.Op Fl t Ar file
-.Op Fl T Ar seconds
-.Op Fl d
-.Op Fl i
-.Op Fl p Ar port
-.Op Fl -address-log= Ns Pa file
-.Sh DESCRIPTION
-.Nm
-serves mail via the Post Office Protocol.  Supported options include:
-.Bl -tag -width Ds
-.It Xo
-.Fl a Ar none Ns \*(Ba Ns otp ,
-.Fl -auth-mode= Ns Ar none Ns \*(Ba Ns otp
-.Xc
-tells
-.Nm
-what authentication modes are acceptable, passing
-.Ar otp
-disables clear text passwords. This has only effect when not using
-Kerberos authentication.
-.It Xo
-.Fl -address-log= Ns Pa file
-.Xc
-logs the addresses of all clients to the specified file
-.It Xo
-.Fl d ,
-.Fl -debug
-.Xc
-enables more verbose log messages
-.It Xo
-.Fl i ,
-.Fl -interactive
-.Xc
-when not started by inetd, this flag tells
-.Nm
-that it has to create a socket by itself
-.It Xo
-.Fl k ,
-.Fl -kerberos
-.Xc
-tells
-.Nm
-to use the Kerberos for authentication.
-.It Xo
-.Fl p Ar port ,
-.Fl -port= Ns Ar port
-.Xc
-port to listen to, in combination with
-.Fl i
-.It Xo
-.Fl t Ar file ,
-.Fl -trace-file= Ns Ar file
-.Xc
-trace all command to file
-.It Xo
-.Fl T Ar seconds ,
-.Fl -timeout= Ns Ar seconds
-.Xc
-set timeout to something other than the default of 120 seconds
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr push 8 ,
-.Xr movemail 8
-.Sh STANDARDS
-RFC1939 (Post Office Protocol - Version 3)
-.\" RFC2449 (POP3 Extension Mechanism)
-.\".Sh HISTORY
-.Sh AUTHORS
-The server was initially developed at the University of California,
-Berkeley.
-.Pp
-Many changes has been made as part of the KTH Kerberos distributions.
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/popper/popper.README.release b/crypto/heimdal/appl/popper/popper.README.release
deleted file mode 100644
index c0b313ecd964..000000000000
--- a/crypto/heimdal/appl/popper/popper.README.release
+++ /dev/null
@@ -1,45 +0,0 @@
-Release Notes:
-
-popper-1.831beta is no longer beta	30 July 91
-	Removed popper-1.7.tar.Z
-
-popper-1.831beta.tar.Z	03 April 91
-	Changed mkstemp to mktemp for Ultrix.  Sigh.
-
-popper-1.83beta.tar.Z	02 April 91
-
-	This version makes certain that while running as root we do nothing
-	at all destructive.
-
-popper-1.82beta.tar.Z	27 March 91
-
-	This version fixes problems on Encore MultiMax and some Sun releases
-	which wouldn't allow a user to ftruncate() a file from an open
-	file descripter unless the user owns the file.  Now the user
-	owns the /usr/spool/mail/.userid.pop file.  Thanks to Ben Levy
-	of FTP Software and Henry Holtzman of Apple.
-
-popper-1.81beta.tar.Z	20 March 91
-
-	This version of popper is supposed to fix three problems reported
-	with various versions of popper (all called 1.7 or 1.7something).
-
-	1)  Dropped network connections meant lost mail files.  Some 1.7
-	    versions also risked corrupting mail files.
-
-	2)  Some versions of 1.7 created temporary drop files with world
-	    read and write permissions.
-
-	3)  Some versions of 1.7 were not careful about opening the temporary
-	    drop file.
-
-popper-1.7.tar.Z       09 September 90	(updated 20 March 91)
-
-	This version will exhibit the first problem listed above if it is
-	compiled with -DDEBUG and run without the "-d" (debug) flag.
-
-	If it is compiled without -DDEBUG it will exhibit only the second
-	and third bug listed above.
-
-Cliff Frost	poptest@nettlesome.berkeley.edu
-UC Berkeley
diff --git a/crypto/heimdal/appl/popper/popper.c b/crypto/heimdal/appl/popper/popper.c
deleted file mode 100644
index 6aee29441ca7..000000000000
--- a/crypto/heimdal/appl/popper/popper.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#include <popper.h>
-RCSID("$Id: popper.c,v 1.16 2002/07/04 14:09:25 joda Exp $");
-
-int hangup = FALSE ;
-
-static RETSIGTYPE
-catchSIGHUP(int sig)
-{
-    hangup = TRUE ;
-
-    /* This should not be a problem on BSD systems */
-    signal(SIGHUP,  catchSIGHUP);
-    signal(SIGPIPE, catchSIGHUP);
-    SIGRETURN(0);
-}
-
-int     pop_timeout = POP_TIMEOUT;
-
-jmp_buf env;
-
-static RETSIGTYPE
-ring(int sig)
-{
-  longjmp(env,1);
-}
-  
-/*
- * fgets, but with a timeout
- */
-static char *
-tgets(char *str, int size, FILE *fp, int timeout)
-{
-  signal(SIGALRM, ring);
-  alarm(timeout);
-  if (setjmp(env))
-    str = NULL;
-  else
-    str = fgets(str,size,fp);
-  alarm(0);
-  signal(SIGALRM,SIG_DFL);
-  return(str);
-}
-
-/* 
- *  popper: Handle a Post Office Protocol version 3 session
- */
-int
-main (int argc, char **argv)
-{
-    POP                 p;
-    state_table     *   s;
-    char                message[MAXLINELEN];
-
-    signal(SIGHUP,  catchSIGHUP);
-    signal(SIGPIPE, catchSIGHUP);
-
-    /*  Start things rolling */
-    pop_init(&p,argc,argv);
-
-    /*  Tell the user that we are listenting */
-    pop_msg(&p,POP_SUCCESS, "POP3 server ready");
-
-    /*  State loop.  The POP server is always in a particular state in 
-        which a specific suite of commands can be executed.  The following 
-        loop reads a line from the client, gets the command, and processes 
-        it in the current context (if allowed) or rejects it.  This continues 
-        until the client quits or an error occurs. */
-
-    for (p.CurrentState=auth1;p.CurrentState!=halt&&p.CurrentState!=error;) {
-        if (hangup) {
-            pop_msg(&p, POP_FAILURE, "POP hangup: %s", p.myhost);
-            if (p.CurrentState > auth2 && !pop_updt(&p))
-                pop_msg(&p, POP_FAILURE,
-			"POP mailbox update failed: %s", p.myhost);
-            p.CurrentState = error;
-        } else if (tgets(message, MAXLINELEN, p.input, pop_timeout) == NULL) {
-	    pop_msg(&p, POP_FAILURE, "POP timeout: %s", p.myhost);
-	    if (p.CurrentState > auth2 && !pop_updt(&p))
-                pop_msg(&p,POP_FAILURE,
-			"POP mailbox update failed: %s", p.myhost);
-            p.CurrentState = error;
-        }
-        else {
-            /*  Search for the command in the command/state table */
-            if ((s = pop_get_command(&p,message)) == NULL) continue;
-
-            /*  Call the function associated with this command in 
-                the current state */
-            if (s->function) p.CurrentState = s->result[(*s->function)(&p)];
-
-            /*  Otherwise assume NOOP and send an OK message to the client */
-            else {
-                p.CurrentState = s->success_state;
-                pop_msg(&p,POP_SUCCESS,NULL);
-            }
-        }       
-    }
-
-    /*  Say goodbye to the client */
-    pop_msg(&p,POP_SUCCESS,"Pop server at %s signing off.",p.myhost);
-
-    /*  Log the end of activity */
-    pop_log(&p,POP_PRIORITY,
-        "(v%s) Ending request from \"%s\" at %s\n",VERSION,p.client,p.ipaddr);
-
-    /*  Stop logging */
-    closelog();
-
-    return(0);
-}
diff --git a/crypto/heimdal/appl/popper/popper.h b/crypto/heimdal/appl/popper/popper.h
deleted file mode 100644
index 7eac257c75d2..000000000000
--- a/crypto/heimdal/appl/popper/popper.h
+++ /dev/null
@@ -1,352 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- *
- * static char copyright[] = "Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n";
- * static char SccsId[] = "@(#)@(#)popper.h	2.2  2.2 4/2/91";
- *
- */
-
-/* $Id: popper.h,v 1.51 2002/07/04 13:56:12 joda Exp $ */
-
-/* 
- *  Header file for the POP programs
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#define UIDL
-#define XOVER
-#define XDELE
-#define DEBUG
-#define RETURN_PATH_HANDLING
-#endif
-
-/* Common include files */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <ctype.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_IO_H
-#include <io.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#ifdef _AIX
-struct sockaddr_dl; /* AIX fun */
-struct ether_addr;
-#endif
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include "version.h"
-
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#ifdef KRB4
-#include <krb.h>
-#include <prot.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-#endif
-
-#define MAXUSERNAMELEN  65
-#define MAXLINELEN      1024
-#define MAXMSGLINELEN   1024
-#define MAXCMDLEN       4
-#define MAXPARMCOUNT    10
-#define MAXPARMLEN      10
-#define ALLOC_MSGS  20
-#define MAIL_COMMAND    "/usr/lib/sendmail"
-
-#define POP_FACILITY    LOG_LOCAL0
-#define POP_PRIORITY    LOG_NOTICE
-#define POP_DEBUG       LOG_DEBUG
-#define POP_INFO	LOG_INFO
-#define POP_LOGOPTS     0
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_MAILLOCK_H
-#include <maillock.h>
-#endif
-
-#ifdef OTP
-#include <otp.h>
-#endif
-
-#if defined(KRB4_MAILDIR)
-#define POP_MAILDIR	KRB4_MAILDIR
-#elif defined(_PATH_MAILDIR)
-#define POP_MAILDIR     _PATH_MAILDIR
-#elif defined(MAILDIR)
-#define POP_MAILDIR	MAILDIR
-#else
-#define POP_MAILDIR	"/usr/spool/mail"
-#endif
-
-#define POP_DROP        POP_MAILDIR "/.%s.pop"
-	/* POP_TMPSIZE needs to be big enough to hold the string
-	 * defined by POP_TMPDROP.  POP_DROP and POP_TMPDROP
-	 * must be in the same filesystem.
-	 */
-#define POP_TMPDROP     POP_MAILDIR "/tmpXXXXXX"
-#define POP_TMPSIZE	256
-#define POP_TMPXMIT     "/tmp/xmitXXXXXX"
-#define POP_OK          "+OK"
-#define POP_ERR         "-ERR"
-#define POP_SUCCESS     1
-#define POP_FAILURE     0
-#define POP_TERMINATE   '.'
-#define POP_TIMEOUT     120     /* timeout connection after this many secs */
-
-extern int              pop_timeout;
-
-extern int              hangup;
-
-#define AUTH_NONE 0
-#define AUTH_OTP  1
-
-#define pop_command         pop_parm[0]     /*  POP command is first token */
-#define pop_subcommand      pop_parm[1]     /*  POP XTND subcommand is the 
-                                                second token */
-
-typedef enum {                              /*  POP processing states */
-    auth1,                                  /*  Authorization: waiting for 
-                                                USER command */
-    auth2,                                  /*  Authorization: waiting for 
-                                                PASS command */
-    trans,                                  /*  Transaction */
-    update,                                 /*  Update:  session ended, 
-                                                process maildrop changes */
-    halt,                                   /*  (Halt):  stop processing 
-                                                and exit */
-    error                                   /*  (Error): something really 
-                                                bad happened */
-} state;
-
-
-#define DEL_FLAG	1
-#define RETR_FLAG	2
-#define NEW_FLAG	4
-
-typedef struct {                                /*  Message information */
-    int         number;                         /*  Message number relative to 
-                                                    the beginning of list */
-    long        length;                         /*  Length of message in 
-                                                    bytes */
-    int         lines;                          /*  Number of (null-terminated)                                                     lines in the message */
-    long        offset;                         /*  Offset from beginning of 
-                                                    file */
-    unsigned	flags;
-
-#if defined(UIDL) || defined(XOVER)
-    char        *msg_id;	                /*  The POP UIDL uniqueifier */
-#endif
-#ifdef XOVER
-    char	*subject;
-    char	*from;
-    char	*date;
-#endif
-    char	*name;
-} MsgInfoList;
-
-#define IS_MAILDIR(P) ((P)->temp_drop[0] == '\0')
-
-typedef struct  {                               /*  POP parameter block */
-    int                 debug;                  /*  Debugging requested */
-    char            *   myname;                 /*  The name of this POP 
-                                                    daemon program */
-    char                myhost[MaxHostNameLen]; /*  The name of our host 
-                                                    computer */
-    char		client[MaxHostNameLen];	/*  Canonical name of client 
-                                                    computer */
-    char                ipaddr[MaxHostNameLen];	/*  Dotted-notation format of 
-                                                    client IP address */
-    unsigned short      ipport;                 /*  Client port for privileged 
-                                                    operations */
-    char                user[MAXUSERNAMELEN];   /*  Name of the POP user */
-    state               CurrentState;           /*  The current POP operational                                                     state */
-    MsgInfoList     *   mlp;                    /*  Message information list */
-    int                 msg_count;              /*  Number of messages in 
-                                                    the maildrop */
-    int                 msgs_deleted;           /*  Number of messages flagged 
-                                                    for deletion */
-    int                 last_msg;               /*  Last message touched by 
-                                                    the user */
-    long                bytes_deleted;          /*  Number of maildrop bytes 
-                                                    flagged for deletion */
-    char                drop_name[MAXPATHLEN];  /*  The name of the user's 
-                                                    maildrop */
-    char                temp_drop[MAXPATHLEN];  /*  The name of the user's 
-                                                    temporary maildrop */
-    long                drop_size;              /*  Size of the maildrop in
-                                                    bytes */
-    FILE            *   drop;                   /*  (Temporary) mail drop */
-    FILE            *   input;                  /*  Input TCP/IP communication 
-                                                    stream */
-    FILE            *   output;                 /*  Output TCP/IP communication                                                     stream */
-    FILE            *   trace;                  /*  Debugging trace file */
-    char            *   pop_parm[MAXPARMCOUNT]; /*  Parse POP parameter list */
-    int                 parm_count;             /*  Number of parameters in 
-                                                    parsed list */
-    int			kerberosp;		/*  Using KPOP? */
-#ifdef KRB4
-    AUTH_DAT		kdata;
-#endif
-#ifdef KRB5
-    krb5_context	context;
-    krb5_principal	principal;              /*  principal auth as */
-    krb5_log_facility*  logf;
-#endif
-    int			version;                /*  4 or 5? */
-    int			auth_level;		/*  Dont allow cleartext */
-#ifdef OTP
-    OtpContext		otp_ctx;		/*  OTP context */
-#endif
-    unsigned int	flags;
-#define POP_FLAG_CAPA 1
-} POP;
-
-typedef struct {                                /*  State information for 
-                                                    each POP command */
-    state       ValidCurrentState;              /*  The operating state of 
-                                                    the command */
-    char   *    command;                        /*  The POP command */
-    int         min_parms;                      /*  Minimum number of parms 
-                                                    for the command */
-    int         max_parms;                      /*  Maximum number of parms 
-                                                    for the command */
-    int         (*function) ();                 /*  The function that process 
-                                                    the command */
-    state       result[2];                      /*  The resulting state after 
-                                                    command processing */
-#define success_state   result[0]               /*  State when a command 
-                                                    succeeds */
-} state_table;
-
-typedef struct {                                /*  Table of extensions */
-    char   *    subcommand;                     /*  The POP XTND subcommand */
-    int         min_parms;                      /*  Minimum number of parms for
-                                                    the subcommand */
-    int         max_parms;                      /*  Maximum number of parms for
-                                                    the subcommand */
-    int         (*function) ();                 /*  The function that processes 
-                                                    the subcommand */
-} xtnd_table;
-
-int pop_dele(POP *p);
-int pop_dropcopy(POP *p, struct passwd *pwp);
-int pop_dropinfo(POP *p);
-int pop_init(POP *p,int argcount,char **argmessage);
-int pop_last(POP *p);
-int pop_list(POP *p);
-int pop_parse(POP *p, char *buf);
-int pop_pass(POP *p);
-int pop_quit(POP *p);
-int pop_rset(POP *p);
-int pop_send(POP *p);
-int pop_stat(POP *p);
-int pop_updt(POP *p);
-int pop_user(POP *p);
-#ifdef UIDL
-int pop_uidl(POP *p);
-#endif
-#ifdef XOVER
-int pop_xover(POP *p);
-#endif
-#ifdef XDELE
-int pop_xdele(POP *p);
-#endif
-int pop_help(POP *p);
-state_table *pop_get_command(POP *p, char *mp);
-void pop_lower(char *buf);
-
-int pop_log(POP *p, int stat, char *format, ...)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 3, 4)))
-#endif
-;
-
-int pop_msg(POP *p, int stat, char *format, ...)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 3, 4)))
-#endif
-;
-
-int pop_maildir_info (POP*);
-int pop_maildir_open (POP*, MsgInfoList*);
-int pop_maildir_update (POP*);
-
-int changeuser(POP*, struct passwd*);
-void parse_header(MsgInfoList*, char*);
-int add_missing_headers(POP*, MsgInfoList*);
diff --git a/crypto/heimdal/appl/popper/version.h b/crypto/heimdal/appl/popper/version.h
deleted file mode 100644
index 1b5d135cf46b..000000000000
--- a/crypto/heimdal/appl/popper/version.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- *
- * static char copyright[] = "Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n";
- * static char SccsId[] = "@(#)@(#)version.h	2.6  2.6 4/3/91";
- *
- */
-
-/* $Id: version.h,v 1.5 1997/08/08 22:50:13 assar Exp $ */
-
-/*
- *  Current version of this POP implementation
- */
-
-#if 0
-#define VERSION         krb4_version
-#endif
diff --git a/crypto/heimdal/appl/push/ChangeLog b/crypto/heimdal/appl/push/ChangeLog
deleted file mode 100644
index e90e34e85392..000000000000
--- a/crypto/heimdal/appl/push/ChangeLog
+++ /dev/null
@@ -1,192 +0,0 @@
-2003-04-03  Assar Westerlund  <assar@kth.se>
-
-	* push.c: fixed one incorrect fprintf to stderr
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* push.c: add names of pop states, add some more debugging and use
-	fprintf(stderr) for all dbg stmts.
-	
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* push.c (doit): check return values from snprintf being negative
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): handle krb5_init_context failure consistently
-
-2000-12-26  Assar Westerlund  <assar@sics.se>
-
-	* push.c: support several headers, from <mattiasa@e.kth.se> use
-	estrdup, emalloc, erealloc
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pfrom.1: work around bug in grog that makes it think it needs
-	mdoc.old
-
-	* push.8: work around bug in grog that makes it think it needs
-	mdoc.old
-
-2000-11-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* push.c: add space to usage
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* push.c (doit): check that fds are not too large to select on
-
-2000-03-04  Assar Westerlund  <assar@sics.se>
-
-	* add man-page for pfrom
-
-1999-12-28  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): call k_getportbyname with port number in
- 	network-byte-order
-
-1999-12-14  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_connect): remove bogus local block variable
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_connect): use `getaddrinfo'
-	* push.c: add --count (print number of messages and bytes at
-	beginning)
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* push.c: make `-v' a arg_counter
-	
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): redo the v4/v5 selection for consistency.  -4 ->
- 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
-
-1999-08-19  Assar Westerlund  <assar@sics.se>
-
-	* push.c (doit): remember to step over the error message when we
- 	discover that XDELE is not supported
-
-1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* push.c: use XDELE
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_connect): v6-ify
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* push.c: get_default_username and the resulting const propagation
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* push.c (parse_pobox): try $USERNAME
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_v5): remove unused and non-working code
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* push.c (do_v5): call krb5_sendauth with ccache == NULL
-	
-Wed Apr  7 23:40:00 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: fix names of hesiod variables
-
-Wed Mar 24 04:37:04 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (pfrom): fix typo
-
-	* push.c (get_pobox): try to handle old and new hesiod APIs
-
-Mon Mar 22 22:19:40 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: hesoid -> hesiod
-
-Sun Mar 21 18:02:10 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: bindir -> libexecdir
-
-Sat Mar 20 00:12:26 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: LDADD: add missing backslash
-
-Thu Mar 18 15:28:35 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: clean pfrom
-
-	* Makefile.am: include Makefile.am.common
-
-Mon Mar 15 18:26:16 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* push.c: strncasecmp headers
-
-Mon Feb 15 22:22:09 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (pfrom): use libexecdir
-
-	* Makefile.am: build and install pfrom
-
-	* push.c (do_connect): init `s'
-	(pop_state): spell-check enums
-
-Tue Nov 24 23:20:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: build and install pfrom
-
-	* pfrom.in: bindir -> libexecdir
-
-Sun Nov 22 15:33:52 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* push.c: eliminate some warnings
-
-Sun Nov 22 10:34:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Thu Nov 19 01:17:33 1998  Assar Westerlund  <assar@sics.se>
-
-	* push_locl.h: add <hesiod.h>
-
-	* Makefile.am, Makefile.in: link and include hesiod
-
-	* push.c (get_pobox): new function. add hesiod support.
-
-1998-11-07  Assar Westerlund  <assar@sics.se>
-
-	* push.8: updated
-
-	* push.c: --from implementation from <lha@stacken.kth.se>
-
-Fri Jul 10 01:14:45 1998  Assar Westerlund  <assar@sics.se>
-
-	* push.c (net_{read,write}): remove
-
-Wed Jun 24 14:41:41 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* push.c: allow `po:user@host' mailbox syntax
-
-Tue Jun  2 17:35:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* push.c: quote '^From ' properly
-
-Mon May 25 05:22:47 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): PROGS -> PROGRAMS
-
-Sun Apr 26 11:42:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* push.c (main): better default for v4 and v5
-
-	* push.c (main): init context correctly
-
-	* push.c: should work with krb4
-
-	* push_locl.h: krb4 compat
-
-	* Makefile.in: new file
-
diff --git a/crypto/heimdal/appl/push/Makefile b/crypto/heimdal/appl/push/Makefile
deleted file mode 100644
index da3d57b990a2..000000000000
--- a/crypto/heimdal/appl/push/Makefile
+++ /dev/null
@@ -1,725 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/push/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.17 2000/11/15 22:51:09 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_hesiod)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_SCRIPTS = pfrom
-
-libexec_PROGRAMS = push
-
-push_SOURCES = push.c push_locl.h
-
-man_MANS = push.8 pfrom.1
-
-CLEANFILES = pfrom
-
-EXTRA_DIST = pfrom.in $(man_MANS)
-
-LDADD = $(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_hesiod)
-
-subdir = appl/push
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = push$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-am_push_OBJECTS = push.$(OBJEXT)
-push_OBJECTS = $(am_push_OBJECTS)
-push_LDADD = $(LDADD)
-push_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#push_DEPENDENCIES =
-push_LDFLAGS =
-SCRIPTS = $(bin_SCRIPTS)
-
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(push_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(push_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/push/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-push$(EXEEXT): $(push_OBJECTS) $(push_DEPENDENCIES) 
-	@rm -f push$(EXEEXT)
-	$(LINK) $(push_LDFLAGS) $(push_OBJECTS) $(push_LDADD) $(LIBS)
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binSCRIPTS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binSCRIPTS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binSCRIPTS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man1 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binSCRIPTS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-pfrom: pfrom.in
-	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/push/Makefile.am b/crypto/heimdal/appl/push/Makefile.am
deleted file mode 100644
index 5999ec1a5209..000000000000
--- a/crypto/heimdal/appl/push/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: Makefile.am,v 1.17 2000/11/15 22:51:09 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_hesiod)
-
-bin_SCRIPTS		= pfrom
-
-libexec_PROGRAMS	= push
-
-push_SOURCES = push.c push_locl.h
-
-pfrom: pfrom.in
-	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
-	chmod +x $@
-
-man_MANS = push.8 pfrom.1
-
-CLEANFILES = pfrom
-
-EXTRA_DIST = pfrom.in $(man_MANS)
-
-LDADD = $(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_hesiod)
diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in
deleted file mode 100644
index 992da1b2c84c..000000000000
--- a/crypto/heimdal/appl/push/Makefile.in
+++ /dev/null
@@ -1,717 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.17 2000/11/15 22:51:09 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_hesiod)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_SCRIPTS = pfrom
-
-libexec_PROGRAMS = push
-
-push_SOURCES = push.c push_locl.h
-
-man_MANS = push.8 pfrom.1
-
-CLEANFILES = pfrom
-
-EXTRA_DIST = pfrom.in $(man_MANS)
-
-LDADD = $(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_hesiod)
-
-subdir = appl/push
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = push$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-am_push_OBJECTS = push.$(OBJEXT)
-push_OBJECTS = $(am_push_OBJECTS)
-push_LDADD = $(LDADD)
-@KRB5_TRUE@push_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB5_FALSE@push_DEPENDENCIES =
-push_LDFLAGS =
-SCRIPTS = $(bin_SCRIPTS)
-
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(push_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(push_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/push/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-push$(EXEEXT): $(push_OBJECTS) $(push_DEPENDENCIES) 
-	@rm -f push$(EXEEXT)
-	$(LINK) $(push_LDFLAGS) $(push_OBJECTS) $(push_LDADD) $(LIBS)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f="`echo $$p|sed '$(transform)'`"; \
-	  if test -f $$p; then \
-	    echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f; \
-	  elif test -f $(srcdir)/$$p; then \
-	    echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f="`echo $$p|sed '$(transform)'`"; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binSCRIPTS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binSCRIPTS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binSCRIPTS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-pfrom: pfrom.in
-	sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1
deleted file mode 100644
index 2d7983c2400d..000000000000
--- a/crypto/heimdal/appl/push/pfrom.1
+++ /dev/null
@@ -1,55 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: pfrom.1,v 1.5 2003/02/16 21:10:11 lha Exp $
-.\"
-.Dd March 4, 2000
-.Dt PFROM 1
-.Os HEIMDAL
-.Sh NAME
-.Nm pfrom
-.Nd "fetch a list of the current mail via POP"
-.Sh SYNOPSIS
-.Nm
-.Op Fl 4 | Fl -krb4
-.Op Fl 5 | Fl -krb5
-.Op Fl v | Fl -verbose
-.Op Fl c | -count
-.Op Fl -header
-.Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port= Ns Ar port-spec
-.Xc
-.Oc
-.Sh DESCRIPTION
-.Nm
-is a script that does push --from.
-.Sh SEE ALSO
-.Xr push 8
diff --git a/crypto/heimdal/appl/push/pfrom.cat1 b/crypto/heimdal/appl/push/pfrom.cat1
deleted file mode 100644
index a9f31cd20e12..000000000000
--- a/crypto/heimdal/appl/push/pfrom.cat1
+++ /dev/null
@@ -1,16 +0,0 @@
-PFROM(1)                    NetBSD Reference Manual                   PFROM(1)
-
-NNAAMMEE
-     ppffrroomm - fetch a list of the current mail via POP
-
-SSYYNNOOPPSSIISS
-     ppffrroomm [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--cc | ----ccoouunntt]
-     [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-_s_p_e_c]
-
-DDEESSCCRRIIPPTTIIOONN
-     ppffrroomm is a script that does push --from.
-
-SSEEEE AALLSSOO
-     push(8)
-
- HEIMDAL                         March 4, 2000                               1
diff --git a/crypto/heimdal/appl/push/pfrom.in b/crypto/heimdal/appl/push/pfrom.in
deleted file mode 100644
index 6adf4f0f7971..000000000000
--- a/crypto/heimdal/appl/push/pfrom.in
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-# $Id: pfrom.in,v 1.2 1998/11/24 13:25:47 assar Exp $
-libexecdir=%libexecdir%
-PATH=$libexecdir:$PATH
-export PATH
-push --from $*
diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8
deleted file mode 100644
index 14561a9f9b9e..000000000000
--- a/crypto/heimdal/appl/push/push.8
+++ /dev/null
@@ -1,138 +0,0 @@
-.\" $Id: push.8,v 1.13 2002/08/20 17:07:07 joda Exp $
-.\"
-.Dd May 31, 1998
-.Dt PUSH 8
-.Os HEIMDAL
-.Sh NAME
-.Nm push
-.Nd fetch mail via POP
-.Sh SYNOPSIS
-.Nm
-.Op Fl 4 | Fl -krb4
-.Op Fl 5 | Fl -krb5
-.Op Fl v | Fl -verbose
-.Op Fl f | Fl -fork
-.Op Fl l | -leave
-.Op Fl -from
-.Op Fl c | -count
-.Op Fl -headers Ns = Ns Ar headers
-.Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port Ns = Ns Ar port-spec
-.Xc
-.Oc
-.Ar po-box
-.Pa filename
-.Sh DESCRIPTION
-.Nm
-retrieves mail from the post office box
-.Ar po-box ,
-and stores the mail in mbox format in
-.Pa filename .
-The
-.Ar po-box
-can have any of the following formats:
-.Bl -hang -compact -offset indent
-.It Ql hostname:username
-.It Ql po:hostname:username
-.It Ql username@hostname
-.It Ql po:username@hostname
-.It Ql hostname
-.It Ql po:username
-.El
-.Pp
-If no username is specified,
-.Nm
-assumes that it's the same as on the local machine;
-.Ar hostname
-defaults to the value of the
-.Ev MAILHOST
-environment variable.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -krb4
-.Xc
-use Kerberos 4 (if compiled with support for Kerberos 4)
-.It Xo
-.Fl 5 ,
-.Fl -krb5
-.Xc
-use Kerberos 5 (if compiled with support for Kerberos 5)
-.It Xo
-.Fl f ,
-.Fl -fork
-.Xc
-fork before starting to delete messages
-.It Xo
-.Fl l ,
-.Fl -leave
-.Xc
-don't delete fetched mail
-.It Xo
-.Fl -from
-.Xc
-behave like from.
-.It Xo
-.Fl c ,
-.Fl -count
-.Xc
-first print how many messages and bytes there are.
-.It Xo
-.Fl -headers Ns = Ns Ar headers
-.Xc
-a list of comma-separated headers that should get printed.
-.It Xo
-.Fl p Ar port-spec ,
-.Fl -port Ns = Ns Ar port-spec
-.Xc
-use this port instead of the default
-.Ql kpop
-or
-.Ql 1109 .
-.El
-.Pp
-The default is to first try Kerberos 5 authentication and then, if
-that fails, Kerberos 4.
-.Sh ENVIRONMENT
-.Bl -tag -width Ds
-.It Ev MAILHOST
-points to the post office, if no other hostname is specified.
-.El
-.\".Sh FILES
-.Sh EXAMPLES
-.Bd -literal -offset indent
-$ push cornfield:roosta ~/.emacs-mail-crash-box
-.Ed
-.Pp
-tries to fetch mail for the user
-.Ar roosta
-from the post office at
-.Dq cornfield ,
-and stores the mail in
-.Pa ~/.emacs-mail-crash-box
-(you are using Gnus, aren't you?)
-.Bd -literal -offset indent
-$ push --from -5 havregryn
-.Ed
-.Pp
-tries to fetch
-.Sy From:
-lines for current user at post office
-.Dq havregryn
-using Kerberos 5.
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr from 1 ,
-.Xr pfrom 1 ,
-.Xr movemail 8 ,
-.Xr popper 8
-.\".Sh STANDARDS
-.Sh HISTORY
-.Nm
-was written while waiting for
-.Nm movemail
-to finish getting the mail.
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c
deleted file mode 100644
index 60d16541424a..000000000000
--- a/crypto/heimdal/appl/push/push.c
+++ /dev/null
@@ -1,830 +0,0 @@
-/*
- * Copyright (c) 1997-2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "push_locl.h"
-RCSID("$Id: push.c,v 1.47 2003/04/04 02:10:17 assar Exp $");
-
-#ifdef KRB4
-static int use_v4 = -1;
-#endif
-
-#ifdef KRB5
-static int use_v5 = -1;
-static krb5_context context;
-#endif
-
-static char *port_str;
-static int verbose_level;
-static int do_fork;
-static int do_leave;
-static int do_version;
-static int do_help;
-static int do_from;
-static int do_count;
-static char *header_str;
-
-struct getargs args[] = {
-#ifdef KRB4
-    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4",
-      NULL },
-#endif    
-#ifdef KRB5
-    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5",
-      NULL },
-#endif
-    { "verbose",'v', arg_counter,	&verbose_level,	"Verbose",
-      NULL },
-    { "fork",	'f', arg_flag,		&do_fork,	"Fork deleting proc",
-      NULL },
-    { "leave",	'l', arg_flag,		&do_leave,	"Leave mail on server",
-      NULL },
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "number-or-service" },
-    { "from",	 0,  arg_flag,		&do_from,	"Behave like from",
-      NULL },
-    { "headers", 0,  arg_string,	&header_str,	"Headers to print", NULL },
-    { "count", 'c',  arg_flag,		&do_count,	"Print number of messages", NULL},
-    { "version", 0,  arg_flag,		&do_version,	"Print version",
-      NULL },
-    { "help",	 0,  arg_flag,		&do_help,	NULL,
-      NULL }
-
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[[{po:username[@hostname] | hostname[:username]}] ...] "
-		    "filename");
-    exit (ret);
-}
-
-static int
-do_connect (const char *hostname, int port, int nodelay)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    int s = -1;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error)
-	errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
- 	    close (s);
- 	    continue;
-	}
-	break;
-    }
-    freeaddrinfo (ai);
-    if (a == NULL) {
-	warnx ("failed to contact %s", hostname);
-	return -1;
-    }
-
-    if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
-		  (void *)&nodelay, sizeof(nodelay)) < 0)
-	err (1, "setsockopt TCP_NODELAY");
-    return s;
-}
-
-typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP, 
-	       DELE, XDELE, QUIT} pop_state;
-
-static char *pop_state_string[] = {
-    "INIT", "GREET", "USER", "PASS", "STAT", "RETR", "TOP",
-    "DELE", "XDELE", "QUIT" 
-};
-
-#define PUSH_BUFSIZ 65536
-
-#define STEP 16
-
-struct write_state {
-    struct iovec *iovecs;
-    size_t niovecs, maxiovecs, allociovecs;
-    int fd;
-};
-
-static void
-write_state_init (struct write_state *w, int fd)
-{
-#ifdef UIO_MAXIOV
-    w->maxiovecs = UIO_MAXIOV;
-#else
-    w->maxiovecs = 16;
-#endif
-    w->allociovecs = min(STEP, w->maxiovecs);
-    w->niovecs = 0;
-    w->iovecs = emalloc(w->allociovecs * sizeof(*w->iovecs));
-    w->fd = fd;
-}
-
-static void
-write_state_add (struct write_state *w, void *v, size_t len)
-{
-    if(w->niovecs == w->allociovecs) {				
-	if(w->niovecs == w->maxiovecs) {				
-	    if(writev (w->fd, w->iovecs, w->niovecs) < 0)		
-		err(1, "writev");				
-	    w->niovecs = 0;					
-	} else {						
-	    w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs);	
-	    w->iovecs = erealloc (w->iovecs,				
-				  w->allociovecs * sizeof(*w->iovecs));	
-	}							
-    }								
-    w->iovecs[w->niovecs].iov_base = v;				
-    w->iovecs[w->niovecs].iov_len  = len;				
-    ++w->niovecs;							
-}
-
-static void
-write_state_flush (struct write_state *w)
-{
-    if (w->niovecs) {
-	if (writev (w->fd, w->iovecs, w->niovecs) < 0)
-	    err (1, "writev");
-	w->niovecs = 0;
-    }
-}
-
-static void
-write_state_destroy (struct write_state *w)
-{
-    free (w->iovecs);
-}
-
-static int
-doit(int s,
-     const char *host,
-     const char *user,
-     const char *outfilename,
-     const char *header_str,
-     int leavep,
-     int verbose,
-     int forkp)
-{
-    int ret;
-    char out_buf[PUSH_BUFSIZ];
-    int out_len = 0;
-    char in_buf[PUSH_BUFSIZ + 1];	/* sentinel */
-    size_t in_len = 0;
-    char *in_ptr = in_buf;
-    pop_state state = INIT;
-    unsigned count, bytes;
-    unsigned asked_for = 0, retrieved = 0, asked_deleted = 0, deleted = 0;
-    unsigned sent_xdele = 0;
-    int out_fd;
-    char from_line[128];
-    size_t from_line_length;
-    time_t now;
-    struct write_state write_state;
-    int numheaders = 1;
-    char **headers = NULL;
-    int i;
-    char *tmp = NULL;
-
-    if (do_from) {
-	char *tmp2;
-
-	tmp2 = tmp = estrdup(header_str);
-
-	out_fd = -1;
-	if (verbose)
-	    fprintf (stderr, "%s@%s\n", user, host);
-	while (*tmp != '\0') {
-	    tmp = strchr(tmp, ',');
-	    if (tmp == NULL)
-		break;
-	    tmp++;
-	    numheaders++;
-	}
-
-	headers = emalloc(sizeof(char *) * (numheaders + 1));
-	for (i = 0; i < numheaders; i++) {
-	    headers[i] = strtok_r(tmp2, ",", &tmp2);
-	}
-	headers[numheaders] = NULL;
-    } else {
-	out_fd = open(outfilename, O_WRONLY | O_APPEND | O_CREAT, 0666);
-	if (out_fd < 0)
-	    err (1, "open %s", outfilename);
-	if (verbose)
-	    fprintf (stderr, "%s@%s -> %s\n", user, host, outfilename);
-    }
-
-    now = time(NULL);
-    from_line_length = snprintf (from_line, sizeof(from_line),
-				 "From %s %s", "push", ctime(&now));
-
-    out_len = snprintf (out_buf, sizeof(out_buf),
-			"USER %s\r\nPASS hej\r\nSTAT\r\n",
-			user);
-    if (out_len < 0)
-	errx (1, "snprintf failed");
-    if (net_write (s, out_buf, out_len) != out_len)
-	err (1, "write");
-    if (verbose > 1)
-	fprintf (stderr, "%s", out_buf);
-
-    if (!do_from)
-	write_state_init (&write_state, out_fd);
-
-    while(state != QUIT) {
-	fd_set readset, writeset;
-
-	FD_ZERO(&readset);
-	FD_ZERO(&writeset);
-	if (s >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(s,&readset);
-
-	if (verbose > 1)
-	    fprintf (stderr, "state: %s count: %d asked_for: %d "
-		     "retrieved: %d asked_deleted: %d\n",
-		     pop_state_string[state], 
-		     count, asked_for, retrieved, asked_deleted);
-
-	if (((state == STAT || state == RETR || state == TOP)
-	     && asked_for < count)
-	    || (state == XDELE && !sent_xdele)
-	    || (state == DELE && asked_deleted < count))
-	    FD_SET(s,&writeset);
-	ret = select (s + 1, &readset, &writeset, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EAGAIN)
-		continue;
-	    else
-		err (1, "select");
-	}
-	
-	if (FD_ISSET(s, &readset)) {
-	    char *beg, *p;
-	    size_t rem;
-	    int blank_line = 0;
-	    
-	    ret = read (s, in_ptr, sizeof(in_buf) - in_len - 1);
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0)
-		errx (1, "EOF during read");
-	    
-	    in_len += ret;
-	    in_ptr += ret;
-	    *in_ptr = '\0';
-	    
-	    beg = in_buf;
-	    rem = in_len;
-	    while(rem > 1
-		  && (p = strstr(beg, "\r\n")) != NULL) {
-		if (state == TOP) {
-		    char *copy = beg;
-
-		    for (i = 0; i < numheaders; i++) {
-			size_t len;
-
-			len = min(p - copy + 1, strlen(headers[i]));
-			if (strncasecmp(copy, headers[i], len) == 0) {
-			    fprintf (stdout, "%.*s\n", (int)(p - copy), copy);
-			}
-		    }
-		    if (beg[0] == '.' && beg[1] == '\r' && beg[2] == '\n') {
-			if (numheaders > 1)
-			    fprintf (stdout, "\n");
-			state = STAT;
-			if (++retrieved == count) {
-			    state = QUIT;
-			    net_write (s, "QUIT\r\n", 6);
-			    if (verbose > 1)
-				fprintf (stderr, "QUIT\r\n");
-			}
-		    }
-		    rem -= p - beg + 2;
-		    beg = p + 2;
-		} else if (state == RETR) {
-		    char *copy = beg;
-		    if (beg[0] == '.') {
-			if (beg[1] == '\r' && beg[2] == '\n') {
-			    if(!blank_line)
-				write_state_add(&write_state, "\n", 1);
-			    state = STAT;
-			    rem -= p - beg + 2;
-			    beg = p + 2;
-			    if (++retrieved == count) {
-				write_state_flush (&write_state);
-				if (fsync (out_fd) < 0)
-				    err (1, "fsync");
-				close(out_fd);
-				if (leavep) {
-				    state = QUIT;
-				    net_write (s, "QUIT\r\n", 6);
-				    if (verbose > 1)
-					fprintf (stderr, "QUIT\r\n");
-				} else {
-				    if (forkp) {
-					pid_t pid;
-
-					pid = fork();
-					if (pid < 0)
-					    warn ("fork");
-					else if(pid != 0) {
-					    if(verbose)
-						fprintf (stderr,
-							 "(exiting)");
-					    return 0;
-					}
-				    }
-
-				    state = XDELE;
-				    if (verbose)
-					fprintf (stderr, "deleting... ");
-				}
-			    }
-			    continue;
-			} else
-			    ++copy;
-		    }
-		    *p = '\n';
-		    if(blank_line && 
-		       strncmp(copy, "From ", min(p - copy + 1, 5)) == 0)
-			write_state_add(&write_state, ">", 1);
-		    write_state_add(&write_state, copy, p - copy + 1);
-		    blank_line = (*copy == '\n');
-		    rem -= p - beg + 2;
-		    beg = p + 2;
-		} else if (rem >= 3 && strncmp (beg, "+OK", 3) == 0) {
-		    if (state == STAT) {
-			if (!do_from)
-			    write_state_add(&write_state,
-					    from_line, from_line_length);
-			blank_line = 0;
-			if (do_from) 
-			    state = TOP;
-			else
-			    state = RETR;
-		    } else if (state == XDELE) {
-			state = QUIT;
-			net_write (s, "QUIT\r\n", 6);
-			if (verbose > 1)
-			    fprintf (stderr, "QUIT\r\n");
-			break;
-		    } else if (state == DELE) {
-			if (++deleted == count) {
-			    state = QUIT;
-			    net_write (s, "QUIT\r\n", 6);
-			    if (verbose > 1)
-				fprintf (stderr, "QUIT\r\n");
-			    break;
-			}
-		    } else if (++state == STAT) {
-			if(sscanf (beg + 4, "%u %u", &count, &bytes) != 2)
-			    errx(1, "Bad STAT-line: %.*s", (int)(p - beg), beg);
-			if (verbose) {
-			    fprintf (stderr, "%u message(s) (%u bytes). "
-				     "fetching... ",
-				     count, bytes);
-			    if (do_from)
-				fprintf (stderr, "\n");
-			} else if (do_count) {
-			    fprintf (stderr, "%u message(s) (%u bytes).\n",
-				     count, bytes);
-			}
-			if (count == 0) {
-			    state = QUIT;
-			    net_write (s, "QUIT\r\n", 6);
-			    if (verbose > 1)
-				fprintf (stderr, "QUIT\r\n");
-			    break;
-			}
-		    }
-
-		    rem -= p - beg + 2;
-		    beg = p + 2;
-		} else {
-		    if(state == XDELE) {
-			state = DELE;
-			rem -= p - beg + 2;
-			beg = p + 2;
-		    } else
-			errx (1, "Bad response: %.*s", (int)(p - beg), beg);
-		}
-	    }
-	    if (!do_from)
-		write_state_flush (&write_state);
-
-	    memmove (in_buf, beg, rem);
-	    in_len = rem;
-	    in_ptr = in_buf + rem;
-	}
-	if (FD_ISSET(s, &writeset)) {
-	    if ((state == STAT && !do_from) || state == RETR)
-		out_len = snprintf (out_buf, sizeof(out_buf),
-				    "RETR %u\r\n", ++asked_for);
-	    else if ((state == STAT && do_from) || state == TOP)
-		out_len = snprintf (out_buf, sizeof(out_buf),
-				    "TOP %u 0\r\n", ++asked_for);
-	    else if(state == XDELE) {
-		out_len = snprintf(out_buf, sizeof(out_buf),
-				   "XDELE %u %u\r\n", 1, count);
-		sent_xdele++;
-	    }
-	    else if(state == DELE)
-		out_len = snprintf (out_buf, sizeof(out_buf),
-				    "DELE %u\r\n", ++asked_deleted);
-	    if (out_len < 0)
-		errx (1, "snprintf failed");
-	    if (net_write (s, out_buf, out_len) != out_len)
-		err (1, "write");
-	    if (verbose > 1)
-		fprintf (stderr, "%s", out_buf);
-	}
-    }
-    if (verbose)
-	fprintf (stderr, "Done\n");
-    if (do_from) {
-	free (tmp);
-	free (headers);
-    } else {
-	write_state_destroy (&write_state);
-    }
-    return 0;
-}
-
-#ifdef KRB5
-static int
-do_v5 (const char *host,
-       int port,
-       const char *user,
-       const char *filename,
-       const char *header_str,
-       int leavep,
-       int verbose,
-       int forkp)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_principal server;
-    int s;
-
-    s = do_connect (host, port, 1);
-    if (s < 0)
-	return 1;
-
-    ret = krb5_sname_to_principal (context,
-				   host,
-				   "pop",
-				   KRB5_NT_SRV_HST,
-				   &server);
-    if (ret) {
-	warnx ("krb5_sname_to_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    ret = krb5_sendauth (context,
-			 &auth_context,
-			 &s,
-			 "KPOPV1.0",
-			 NULL,
-			 server,
-			 0,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL,
-			 NULL);
-    krb5_free_principal (context, server);
-    if (ret) {
-	warnx ("krb5_sendauth: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-    return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
-}
-#endif
-
-#ifdef KRB4
-static int
-do_v4 (const char *host,
-       int port,
-       const char *user,
-       const char *filename,
-       const char *header_str,
-       int leavep,
-       int verbose,
-       int forkp)
-{
-    KTEXT_ST ticket;
-    MSG_DAT msg_data;
-    CREDENTIALS cred;
-    des_key_schedule sched;
-    int s;
-    int ret;
-
-    s = do_connect (host, port, 1);
-    if (s < 0)
-	return 1;
-    ret = krb_sendauth(0,
-		       s,
-		       &ticket, 
-		       "pop",
-		       (char *)host,
-		       krb_realmofhost(host),
-		       getpid(),
-		       &msg_data,
-		       &cred,
-		       sched,
-		       NULL,
-		       NULL,
-		       "KPOPV0.1");
-    if(ret) {
-	warnx("krb_sendauth: %s", krb_get_err_text(ret));
-	return 1;
-    }
-    return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
-}
-#endif /* KRB4 */
-
-#ifdef HESIOD
-
-#ifdef HESIOD_INTERFACES
-
-static char *
-hesiod_get_pobox (const char **user)
-{
-    void *context;
-    struct hesiod_postoffice *hpo;
-    char *ret = NULL;
-
-    if(hesiod_init (&context) != 0)
-	err (1, "hesiod_init");
-
-    hpo = hesiod_getmailhost (context, *user);
-    if (hpo == NULL) {
-	warn ("hesiod_getmailhost %s", *user);
-    } else {
-	if (strcasecmp(hpo->hesiod_po_type, "pop") != 0)
-	    errx (1, "Unsupported po type %s", hpo->hesiod_po_type);
-
-	ret = estrdup(hpo->hesiod_po_host);
-	*user = estrdup(hpo->hesiod_po_name);
-	hesiod_free_postoffice (context, hpo);
-    }
-    hesiod_end (context);
-    return ret;
-}
-
-#else /* !HESIOD_INTERFACES */
-
-static char *
-hesiod_get_pobox (const char **user)
-{
-    char *ret = NULL;
-    struct hes_postoffice *hpo;
-
-    hpo = hes_getmailhost (*user);
-    if (hpo == NULL) {
-	warn ("hes_getmailhost %s", *user);
-    } else {
-	if (strcasecmp(hpo->po_type, "pop") != 0)
-	    errx (1, "Unsupported po type %s", hpo->po_type);
-
-	ret = estrdup(hpo->po_host);
-	*user = estrdup(hpo->po_name);
-    }
-    return ret;
-}
-
-#endif /* HESIOD_INTERFACES */
-
-#endif /* HESIOD */
-
-static char *
-get_pobox (const char **user)
-{
-    char *ret = NULL;
-
-#ifdef HESIOD
-    ret = hesiod_get_pobox (user);
-#endif
-
-    if (ret == NULL)
-	ret = getenv("MAILHOST");
-    if (ret == NULL)
-	errx (1, "MAILHOST not set");
-    return ret;
-}
-
-static void
-parse_pobox (char *a0, const char **host, const char **user)
-{
-    const char *h, *u;
-    char *p;
-    int po = 0;
-
-    if (a0 == NULL) {
-
-	*user = getenv ("USERNAME");
-	if (*user == NULL) {
-	    struct passwd *pwd = getpwuid (getuid ());
-
-	    if (pwd == NULL)
-		errx (1, "Who are you?");
-	    *user = estrdup (pwd->pw_name);
-	}
-	*host = get_pobox (user);
-	return;
-    }
-
-    /* if the specification starts with po:, remember this information */
-    if(strncmp(a0, "po:", 3) == 0) {
-	a0 += 3;
-	po++;
-    }
-    /* if there is an `@', the hostname is after it, otherwise at the
-       beginning of the string */
-    p = strchr(a0, '@');
-    if(p != NULL) {
-	*p++ = '\0';
-	h = p;
-    } else {
-	h = a0;
-    }
-    /* if there is a `:', the username comes before it, otherwise at
-       the beginning of the string */
-    p = strchr(a0, ':');
-    if(p != NULL) {
-	*p++ = '\0';
-	u = p;
-    } else {
-	u = a0;
-    }
-    if(h == u) {
-	/* some inconsistent compatibility with various mailers */
-	if(po) {
-	    h = get_pobox (&u);
-	} else {
-	    u = get_default_username ();
-	    if (u == NULL)
-		errx (1, "Who are you?");
-	}
-    }
-    *host = h;
-    *user = u;
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = 0;
-    int optind = 0;
-    int ret = 1;
-    const char *host, *user, *filename = NULL;
-    char *pobox = NULL;
-
-    setprogname (argv[0]);
-
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    }
-#endif
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    argc -= optind;
-    argv += optind;
-
-#if defined(KRB4) && defined(KRB5)
-    if(use_v4 == -1 && use_v5 == 1)
-	use_v4 = 0;
-    if(use_v5 == -1 && use_v4 == 1)
-	use_v5 = 0;
-#endif    
-
-    if (do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version(NULL);
-	return 0;
-    }
-	
-    if (do_from && header_str == NULL)
-	header_str = "From:";
-    else if (header_str != NULL)
-	do_from = 1;
-
-    if (do_from) {
-	if (argc == 0)
-	    pobox = NULL;
-	else if (argc == 1)
-	    pobox = argv[0];
-	else
-	    usage (1);
-    } else {
-	if (argc == 1) {
-	    filename = argv[0];
-	    pobox    = NULL;
-	} else if (argc == 2) {
-	    filename = argv[1];
-	    pobox    = argv[0];
-	} else
-	    usage (1);
-    }
-
-    if (port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-    if (port == 0) {
-#ifdef KRB5
-	port = krb5_getportbyname (context, "kpop", "tcp", 1109);
-#elif defined(KRB4)
-	port = k_getportbyname ("kpop", "tcp", htons(1109));
-#else
-#error must define KRB4 or KRB5
-#endif
-    }
-
-    parse_pobox (pobox, &host, &user);
-
-#ifdef KRB5
-    if (ret && use_v5) {
-	ret = do_v5 (host, port, user, filename, header_str,
-		     do_leave, verbose_level, do_fork);
-    }
-#endif
-
-#ifdef KRB4
-    if (ret && use_v4) {
-	ret = do_v4 (host, port, user, filename, header_str,
-		     do_leave, verbose_level, do_fork);
-    }
-#endif /* KRB4 */
-    return ret;
-}
diff --git a/crypto/heimdal/appl/push/push.cat8 b/crypto/heimdal/appl/push/push.cat8
deleted file mode 100644
index 7ddb72dcdc62..000000000000
--- a/crypto/heimdal/appl/push/push.cat8
+++ /dev/null
@@ -1,76 +0,0 @@
-PUSH(8)                 NetBSD System Manager's Manual                 PUSH(8)
-
-NNAAMMEE
-     ppuusshh - fetch mail via POP
-
-SSYYNNOOPPSSIISS
-     ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll |
-     ----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerrss=_h_e_a_d_e_r_s] [--pp _p_o_r_t_-_s_p_e_c |
-     ----ppoorrtt=_p_o_r_t_-_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e
-
-DDEESSCCRRIIPPTTIIOONN
-     ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail
-     in mbox format in _f_i_l_e_n_a_m_e.  The _p_o_-_b_o_x can have any of the following
-     formats:
-           `hostname:username'
-           `po:hostname:username'
-           `username@hostname'
-           `po:username@hostname'
-           `hostname'
-           `po:username'
-
-     If no username is specified, ppuusshh assumes that it's the same as on the
-     local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment
-     variable.
-
-     Supported options:
-
-     --44, ----kkrrbb44
-             use Kerberos 4 (if compiled with support for Kerberos 4)
-
-     --55, ----kkrrbb55
-             use Kerberos 5 (if compiled with support for Kerberos 5)
-
-     --ff, ----ffoorrkk
-             fork before starting to delete messages
-
-     --ll, ----lleeaavvee
-             don't delete fetched mail
-
-     ----ffrroomm  behave like from.
-
-     --cc, ----ccoouunntt
-             first print how many messages and bytes there are.
-
-     ----hheeaaddeerrss=_h_e_a_d_e_r_s
-             a list of comma-separated headers that should get printed.
-
-     --pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt=_p_o_r_t_-_s_p_e_c
-             use this port instead of the default `kpop' or `1109'.
-
-     The default is to first try Kerberos 5 authentication and then, if that
-     fails, Kerberos 4.
-
-EENNVVIIRROONNMMEENNTT
-     MAILHOST
-             points to the post office, if no other hostname is specified.
-
-EEXXAAMMPPLLEESS
-           $ push cornfield:roosta ~/.emacs-mail-crash-box
-
-     tries to fetch mail for the user _r_o_o_s_t_a from the post office at
-     ``cornfield'', and stores the mail in _~_/_._e_m_a_c_s_-_m_a_i_l_-_c_r_a_s_h_-_b_o_x (you are
-     using Gnus, aren't you?)
-
-           $ push --from -5 havregryn
-
-     tries to fetch FFrroomm:: lines for current user at post office ``havregryn''
-     using Kerberos 5.
-
-SSEEEE AALLSSOO
-     from(1), pfrom(1), movemail(8), popper(8)
-
-HHIISSTTOORRYY
-     ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
-
- HEIMDAL                         May 31, 1998                                2
diff --git a/crypto/heimdal/appl/push/push_locl.h b/crypto/heimdal/appl/push/push_locl.h
deleted file mode 100644
index 1e5ca784c845..000000000000
--- a/crypto/heimdal/appl/push/push_locl.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: push_locl.h,v 1.6 1999/12/02 16:58:33 joda Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#include <ctype.h>
-#include <limits.h>
-#include <time.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HESIOD
-#include <hesiod.h>
-#endif
-
-#include <roken.h>
-#include <err.h>
-#include <getarg.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-
-#ifdef KRB4
-#include <krb.h>
-#endif
diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog
deleted file mode 100644
index 6c830d63ed4e..000000000000
--- a/crypto/heimdal/appl/rcp/ChangeLog
+++ /dev/null
@@ -1,72 +0,0 @@
-2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.1: add a HISTORY section
-
-	* rcp.1: brief manpage
-
-	* rcp.c: add a -4 option
-
-2001-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.c: more va_* fixing; from Thomas Klausner
-
-2001-09-08  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c (run_err): always match va_start and va_end
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* util.c (allocbuf): do not leak memory on failure and zero
-	re-used memory, from Markus Friedl <markus@openbsd.org>
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c (main): add missing setprogname
-
-2001-06-14  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c: add some const replace a few malloc/snprintf with
-	asprintf
-	* rcp.c (sizestr): remove and use snprintf to do this correctly
-	instead
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rcp.c: convert to use getarg
-
-	* rcp.c: do a better job of supporting files larger than 2GB
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* rcp.c: add -F for forwarding ticket, from Ake Sandgren
-	<ake@cs.umu.se>
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* util.c (roundup): add fallback definition
-
-	* rcp.c: remove non-STDC code
-	* rcp_locl.h: add sys/types.h and sys/wait.h
-
-	* rcp.c: no calls to err with NULL
-
-2001-01-28  Assar Westerlund  <assar@sics.se>
-
-	* rcp_locl.h: add
-
-	* Makefile.am (LDADD): remove unused libraries
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* util.c: replace vfork by fork
-
-	* rcp.c: add RCSID S_ISTXT -> S_ISVTX printf sizes of files with
- 	%lu instead of %q (which is not portable)
-
-	* util.c: add RCSID do not use sig_t
-	* rcp.c: remove __P, use st_mtime et al from struct stat
-	* extern.h: remove __P
-
-	* initial import of port of bsd rcp changed to use existing rsh,
-	contributed by Richard Nyberg <rnyberg@it.su.se>
-
diff --git a/crypto/heimdal/appl/rcp/Makefile b/crypto/heimdal/appl/rcp/Makefile
deleted file mode 100644
index 55cecb3028d8..000000000000
--- a/crypto/heimdal/appl/rcp/Makefile
+++ /dev/null
@@ -1,589 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/rcp/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.2 2001/01/28 22:50:35 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = rcp
-
-rcp_SOURCES = rcp.c util.c
-
-LDADD = $(LIB_roken)
-subdir = appl/rcp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = rcp$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_rcp_OBJECTS = rcp.$(OBJEXT) util.$(OBJEXT)
-rcp_OBJECTS = $(am_rcp_OBJECTS)
-rcp_LDADD = $(LDADD)
-rcp_DEPENDENCIES =
-rcp_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(rcp_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(rcp_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/rcp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-rcp$(EXEEXT): $(rcp_OBJECTS) $(rcp_DEPENDENCIES) 
-	@rm -f rcp$(EXEEXT)
-	$(LINK) $(rcp_LDFLAGS) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/rcp/Makefile.am b/crypto/heimdal/appl/rcp/Makefile.am
deleted file mode 100644
index 4ecf7a63b0f6..000000000000
--- a/crypto/heimdal/appl/rcp/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am,v 1.2 2001/01/28 22:50:35 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-bin_PROGRAMS = rcp
-
-rcp_SOURCES  = rcp.c util.c
-
-LDADD = $(LIB_roken)
diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in
deleted file mode 100644
index 23279b858f80..000000000000
--- a/crypto/heimdal/appl/rcp/Makefile.in
+++ /dev/null
@@ -1,589 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.2 2001/01/28 22:50:35 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = rcp
-
-rcp_SOURCES = rcp.c util.c
-
-LDADD = $(LIB_roken)
-subdir = appl/rcp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = rcp$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_rcp_OBJECTS = rcp.$(OBJEXT) util.$(OBJEXT)
-rcp_OBJECTS = $(am_rcp_OBJECTS)
-rcp_LDADD = $(LDADD)
-rcp_DEPENDENCIES =
-rcp_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(rcp_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(rcp_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/rcp/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-rcp$(EXEEXT): $(rcp_OBJECTS) $(rcp_DEPENDENCIES) 
-	@rm -f rcp$(EXEEXT)
-	$(LINK) $(rcp_LDFLAGS) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/rcp/extern.h b/crypto/heimdal/appl/rcp/extern.h
deleted file mode 100644
index a98456d305e2..000000000000
--- a/crypto/heimdal/appl/rcp/extern.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)extern.h	8.1 (Berkeley) 5/31/93
- * $FreeBSD$
- */
-
-typedef struct {
-	int cnt;
-	char *buf;
-} BUF;
-
-extern int iamremote;
-
-BUF	*allocbuf (BUF *, int, int);
-char	*colon (char *);
-void	 lostconn (int);
-void	 nospace (void);
-int	 okname (char *);
-void	 run_err (const char *, ...);
-int	 susystem (char *, int);
-void	 verifydir (char *);
diff --git a/crypto/heimdal/appl/rcp/rcp.1 b/crypto/heimdal/appl/rcp/rcp.1
deleted file mode 100644
index 5ce9527a91f3..000000000000
--- a/crypto/heimdal/appl/rcp/rcp.1
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" $Id: rcp.1,v 1.2 2003/04/16 12:20:43 joda Exp $
-.\"
-.Dd April 16, 2003
-.Dt RCP 1
-.Os HEIMDAL
-.Sh NAME
-.Nm rcp
-.Nd
-copy file to and from remote machines
-.Sh SYNOPSIS
-.Nm rcp
-.Op Fl 45FKpxz
-.Op Fl P Ar port
-.Ar file1 file2
-.Nm rcp
-.Op Fl 45FKprxz
-.Op Fl P Ar port
-.Ar file... directory
-.Sh DESCRIPTION
-.Nm rcp
-copies files between machines. Each file argument is either a remote file name of the form 
-.Dq rname@rhost:path
-or a local file (containing no colon or with a slash before the first
-colon).
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 , 
-.Fl 5 , 
-.Fl K , 
-.Fl F , 
-.Fl x , 
-.Fl z
-.Xc
-These options are passed on to
-.Xr rsh 1 .
-.It Fl P Ar port
-This will pass the option
-.Fl p Ar port
-to 
-.Xr rsh 1 .
-.It Fl p
-Preserve file permissions.
-.It Fl r
-Copy source directories recursively.
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.Sh DIAGNOSTICS
-.Nm rcp
-is implemented as a protocol on top of
-.Xr rsh 1 ,
-and thus requires a working rsh. If you intend to use Kerberos
-authentication, rsh needs to be Kerberos aware, else you may see more
-or less strange errors, such as "login incorrect", or "lost
-connection".
-.\".Sh SEE ALSO
-.\".Sh STANDARDS
-.Sh HISTORY
-The 
-.Nm rcp
-utility first appeared in 4.2BSD. This version is derived from
-4.3BSD-Reno.
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c
deleted file mode 100644
index c54409a343bf..000000000000
--- a/crypto/heimdal/appl/rcp/rcp.c
+++ /dev/null
@@ -1,789 +0,0 @@
-/*
- * Copyright (c) 1983, 1990, 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "rcp_locl.h"
-#include <getarg.h>
-
-#define RSH_PROGRAM "rsh"
-
-struct  passwd *pwd;
-uid_t	userid;
-int     errs, remin, remout;
-int     pflag, iamremote, iamrecursive, targetshouldbedirectory;
-int     doencrypt, noencrypt;
-int     usebroken, usekrb4, usekrb5, forwardtkt;
-char    *port;
-
-#define	CMDNEEDS	64
-char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
-
-int	 response (void);
-void	 rsource (char *, struct stat *);
-void	 sink (int, char *[]);
-void	 source (int, char *[]);
-void	 tolocal (int, char *[]);
-void	 toremote (char *, int, char *[]);
-
-int      do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout);
-
-static int fflag, tflag;
-
-static int version_flag, help_flag;
-
-struct getargs args[] = {
-    { NULL,	'4', arg_flag,		&usekrb4,	"use Kerberos 4 authentication" },
-    { NULL,	'5', arg_flag,		&usekrb5,	"use Kerberos 5 authentication" },
-    { NULL,	'F', arg_flag,		&forwardtkt,	"forward credentials" },
-    { NULL,	'K', arg_flag,		&usebroken,	"use BSD authentication" },
-    { NULL,	'P', arg_string,	&port,		"non-default port", "port" },
-    { NULL,	'p', arg_flag,		&pflag,	"preserve file permissions" },
-    { NULL,	'r', arg_flag,		&iamrecursive,	"recursive mode" },
-    { NULL,	'x', arg_flag,		&doencrypt,	"use encryption" },
-    { NULL,	'z', arg_flag,		&noencrypt,	"don't encrypt" },
-    { NULL,	'd', arg_flag,		&targetshouldbedirectory },
-    { NULL,	'f', arg_flag,		&fflag },
-    { NULL,	't', arg_flag,		&tflag },
-    { "version", 0,  arg_flag,		&version_flag },
-    { "help",	 0,  arg_flag,		&help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "file1 file2|file... directory");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-	char *targ;
-	int optind = 0;
-
-	setprogname(argv[0]);
-	if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		    &optind))
-	    usage (1);
-	if(help_flag)
-	    usage(0);
-	if (version_flag) {
-	    print_version (NULL);
-	    return 0;
-	}
-	    
-	iamremote = (fflag || tflag);
-
-	argc -= optind;
-	argv += optind;
-
-	if ((pwd = getpwuid(userid = getuid())) == NULL)
-		errx(1, "unknown user %d", (int)userid);
-
-	remin = STDIN_FILENO;		/* XXX */
-	remout = STDOUT_FILENO;
-
-	if (fflag) {			/* Follow "protocol", send data. */
-		response();
-		setuid(userid);
-		source(argc, argv);
-		exit(errs);
-	}
-
-	if (tflag) {			/* Receive data. */
-		setuid(userid);
-		sink(argc, argv);
-		exit(errs);
-	}
-
-	if (argc < 2)
-	    usage(1);
-	if (argc > 2)
-		targetshouldbedirectory = 1;
-
-	remin = remout = -1;
-	/* Command to be executed on remote system using "rsh". */
-	snprintf(cmd, sizeof(cmd),
-		 "rcp%s%s%s", iamrecursive ? " -r" : "", 
-		 pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
-
-	signal(SIGPIPE, lostconn);
-
-	if ((targ = colon(argv[argc - 1])))	/* Dest is remote host. */
-		toremote(targ, argc, argv);
-	else {
-		tolocal(argc, argv);		/* Dest is local host. */
-		if (targetshouldbedirectory)
-			verifydir(argv[argc - 1]);
-	}
-	exit(errs);
-}
-
-void
-toremote(char *targ, int argc, char **argv)
-{
-	int i;
-	char *bp, *host, *src, *suser, *thost, *tuser;
-
-	*targ++ = 0;
-	if (*targ == 0)
-		targ = ".";
-
-	if ((thost = strchr(argv[argc - 1], '@'))) {
-		/* user@host */
-		*thost++ = 0;
-		tuser = argv[argc - 1];
-		if (*tuser == '\0')
-			tuser = NULL;
-		else if (!okname(tuser))
-			exit(1);
-	} else {
-		thost = argv[argc - 1];
-		tuser = NULL;
-	}
-
-	for (i = 0; i < argc - 1; i++) {
-		src = colon(argv[i]);
-		if (src) {			/* remote to remote */
-			*src++ = 0;
-			if (*src == 0)
-				src = ".";
-			host = strchr(argv[i], '@');
-			if (host) {
-				*host++ = '\0';
-				suser = argv[i];
-				if (*suser == '\0')
-					suser = pwd->pw_name;
-				else if (!okname(suser))
-					continue;
-				asprintf(&bp,
-				    "%s %s -l %s -n %s %s '%s%s%s:%s'",
-				    _PATH_RSH, host, suser, cmd, src,
-				    tuser ? tuser : "", tuser ? "@" : "",
-				    thost, targ);
-			} else {
-				asprintf(&bp,
-				    "exec %s %s -n %s %s '%s%s%s:%s'",
-				    _PATH_RSH, argv[i], cmd, src,
-				    tuser ? tuser : "", tuser ? "@" : "",
-				    thost, targ);
-			}
-			if (bp == NULL)
-				err (1, "malloc");
-			susystem(bp, userid);
-			free(bp);
-		} else {			/* local to remote */
-			if (remin == -1) {
-				asprintf(&bp, "%s -t %s", cmd, targ);
-				if (bp == NULL)
-					err (1, "malloc");
-				host = thost;
-
-				if (do_cmd(host, tuser, bp, &remin, &remout) < 0)
-					exit(1);
-
-				if (response() < 0)
-					exit(1);
-				free(bp);
-				setuid(userid);
-			}
-			source(1, argv+i);
-		}
-	}
-}
-
-void
-tolocal(int argc, char **argv)
-{
-	int i;
-	char *bp, *host, *src, *suser;
-
-	for (i = 0; i < argc - 1; i++) {
-		if (!(src = colon(argv[i]))) {		/* Local to local. */
-			asprintf(&bp, "exec %s%s%s %s %s", _PATH_CP,
-			    iamrecursive ? " -PR" : "", pflag ? " -p" : "",
-			    argv[i], argv[argc - 1]);
-			if (bp == NULL)
-				err (1, "malloc");
-			if (susystem(bp, userid))
-				++errs;
-			free(bp);
-			continue;
-		}
-		*src++ = 0;
-		if (*src == 0)
-			src = ".";
-		if ((host = strchr(argv[i], '@')) == NULL) {
-			host = argv[i];
-			suser = pwd->pw_name;
-		} else {
-			*host++ = 0;
-			suser = argv[i];
-			if (*suser == '\0')
-				suser = pwd->pw_name;
-			else if (!okname(suser))
-				continue;
-		}
-		asprintf(&bp, "%s -f %s", cmd, src);
-		if (bp == NULL)
-			err (1, "malloc");
-		if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
-			free(bp);
-			++errs;
-			continue;
-		}
-		free(bp);
-		sink(1, argv + argc - 1);
-		seteuid(0);
-		close(remin);
-		remin = remout = -1;
-	}
-}
-
-void
-source(int argc, char **argv)
-{
-	struct stat stb;
-	static BUF buffer;
-	BUF *bp;
-	off_t i;
-	int amt, fd, haderr, indx, result;
-	char *last, *name, buf[BUFSIZ];
-
-	for (indx = 0; indx < argc; ++indx) {
-                name = argv[indx];
-		if ((fd = open(name, O_RDONLY, 0)) < 0)
-			goto syserr;
-		if (fstat(fd, &stb)) {
-syserr:			run_err("%s: %s", name, strerror(errno));
-			goto next;
-		}
-		switch (stb.st_mode & S_IFMT) {
-		case S_IFREG:
-			break;
-		case S_IFDIR:
-			if (iamrecursive) {
-				rsource(name, &stb);
-				goto next;
-			}
-			/* FALLTHROUGH */
-		default:
-			run_err("%s: not a regular file", name);
-			goto next;
-		}
-		if ((last = strrchr(name, '/')) == NULL)
-			last = name;
-		else
-			++last;
-		if (pflag) {
-			/*
-			 * Make it compatible with possible future
-			 * versions expecting microseconds.
-			 */
-			snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
-			    (long)stb.st_mtime,
-			    (long)stb.st_atime);
-			write(remout, buf, strlen(buf));
-			if (response() < 0)
-				goto next;
-		}
-#define	MODEMASK	(S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)
-		snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
-			 stb.st_mode & MODEMASK,
-			 (unsigned long)stb.st_size,
-			 last);
-		write(remout, buf, strlen(buf));
-		if (response() < 0)
-			goto next;
-		if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
-next:			close(fd);
-			continue;
-		}
-
-		/* Keep writing after an error so that we stay sync'd up. */
-		for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
-			amt = bp->cnt;
-			if (i + amt > stb.st_size)
-				amt = stb.st_size - i;
-			if (!haderr) {
-				result = read(fd, bp->buf, amt);
-				if (result != amt)
-					haderr = result >= 0 ? EIO : errno;
-			}
-			if (haderr)
-				write(remout, bp->buf, amt);
-			else {
-				result = write(remout, bp->buf, amt);
-				if (result != amt)
-					haderr = result >= 0 ? EIO : errno;
-			}
-		}
-		if (close(fd) && !haderr)
-			haderr = errno;
-		if (!haderr)
-			write(remout, "", 1);
-		else
-			run_err("%s: %s", name, strerror(haderr));
-		response();
-	}
-}
-
-void
-rsource(char *name, struct stat *statp)
-{
-	DIR *dirp;
-	struct dirent *dp;
-	char *last, *vect[1], path[MAXPATHLEN];
-
-	if (!(dirp = opendir(name))) {
-		run_err("%s: %s", name, strerror(errno));
-		return;
-	}
-	last = strrchr(name, '/');
-	if (last == 0)
-		last = name;
-	else
-		last++;
-	if (pflag) {
-		snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
-		    (long)statp->st_mtime,
-		    (long)statp->st_atime);
-		write(remout, path, strlen(path));
-		if (response() < 0) {
-			closedir(dirp);
-			return;
-		}
-	}
-	snprintf(path, sizeof(path),
-	    "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last);
-	write(remout, path, strlen(path));
-	if (response() < 0) {
-		closedir(dirp);
-		return;
-	}
-	while ((dp = readdir(dirp))) {
-		if (dp->d_ino == 0)
-			continue;
-		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
-			continue;
-		if (strlen(name) + 1 + strlen(dp->d_name) >= MAXPATHLEN - 1) {
-			run_err("%s/%s: name too long", name, dp->d_name);
-			continue;
-		}
-		snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
-		vect[0] = path;
-		source(1, vect);
-	}
-	closedir(dirp);
-	write(remout, "E\n", 2);
-	response();
-}
-
-void
-sink(int argc, char **argv)
-{
-	static BUF buffer;
-	struct stat stb;
-	struct timeval tv[2];
-	enum { YES, NO, DISPLAYED } wrerr;
-	BUF *bp;
-	off_t i, j, size;
-	int amt, count, exists, first, mask, mode, ofd, omode;
-	int setimes, targisdir, wrerrno = 0;
-	char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ];
-
-#define	atime	tv[0]
-#define	mtime	tv[1]
-#define	SCREWUP(str)	{ why = str; goto screwup; }
-
-	setimes = targisdir = 0;
-	mask = umask(0);
-	if (!pflag)
-		umask(mask);
-	if (argc != 1) {
-		run_err("ambiguous target");
-		exit(1);
-	}
-	targ = *argv;
-	if (targetshouldbedirectory)
-		verifydir(targ);
-	write(remout, "", 1);
-	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
-		targisdir = 1;
-	for (first = 1;; first = 0) {
-		cp = buf;
-		if (read(remin, cp, 1) <= 0)
-			return;
-		if (*cp++ == '\n')
-			SCREWUP("unexpected <newline>");
-		do {
-			if (read(remin, &ch, sizeof(ch)) != sizeof(ch))
-				SCREWUP("lost connection");
-			*cp++ = ch;
-		} while (cp < &buf[BUFSIZ - 1] && ch != '\n');
-		*cp = 0;
-
-		if (buf[0] == '\01' || buf[0] == '\02') {
-			if (iamremote == 0)
-				write(STDERR_FILENO,
-				    buf + 1, strlen(buf + 1));
-			if (buf[0] == '\02')
-				exit(1);
-			++errs;
-			continue;
-		}
-		if (buf[0] == 'E') {
-			write(remout, "", 1);
-			return;
-		}
-
-		if (ch == '\n')
-			*--cp = 0;
-
-		cp = buf;
-		if (*cp == 'T') {
-			setimes++;
-			cp++;
-			mtime.tv_sec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != ' ')
-				SCREWUP("mtime.sec not delimited");
-			mtime.tv_usec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != ' ')
-				SCREWUP("mtime.usec not delimited");
-			atime.tv_sec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != ' ')
-				SCREWUP("atime.sec not delimited");
-			atime.tv_usec = strtol(cp, &cp, 10);
-			if (!cp || *cp++ != '\0')
-				SCREWUP("atime.usec not delimited");
-			write(remout, "", 1);
-			continue;
-		}
-		if (*cp != 'C' && *cp != 'D') {
-			/*
-			 * Check for the case "rcp remote:foo\* local:bar".
-			 * In this case, the line "No match." can be returned
-			 * by the shell before the rcp command on the remote is
-			 * executed so the ^Aerror_message convention isn't
-			 * followed.
-			 */
-			if (first) {
-				run_err("%s", cp);
-				exit(1);
-			}
-			SCREWUP("expected control record");
-		}
-		mode = 0;
-		for (++cp; cp < buf + 5; cp++) {
-			if (*cp < '0' || *cp > '7')
-				SCREWUP("bad mode");
-			mode = (mode << 3) | (*cp - '0');
-		}
-		if (*cp++ != ' ')
-			SCREWUP("mode not delimited");
-
-		for (size = 0; isdigit((unsigned char)*cp);)
-			size = size * 10 + (*cp++ - '0');
-		if (*cp++ != ' ')
-			SCREWUP("size not delimited");
-		if (targisdir) {
-			static char *namebuf;
-			static int cursize;
-			size_t need;
-
-			need = strlen(targ) + strlen(cp) + 250;
-			if (need > cursize) {
-				if (!(namebuf = malloc(need)))
-					run_err("%s", strerror(errno));
-			}
-			snprintf(namebuf, need, "%s%s%s", targ,
-			    *targ ? "/" : "", cp);
-			np = namebuf;
-		} else
-			np = targ;
-		exists = stat(np, &stb) == 0;
-		if (buf[0] == 'D') {
-			int mod_flag = pflag;
-			if (exists) {
-				if (!S_ISDIR(stb.st_mode)) {
-					errno = ENOTDIR;
-					goto bad;
-				}
-				if (pflag)
-					chmod(np, mode);
-			} else {
-				/* Handle copying from a read-only directory */
-				mod_flag = 1;
-				if (mkdir(np, mode | S_IRWXU) < 0)
-					goto bad;
-			}
-			vect[0] = np;
-			sink(1, vect);
-			if (setimes) {
-				setimes = 0;
-				if (utimes(np, tv) < 0)
-				    run_err("%s: set times: %s",
-					np, strerror(errno));
-			}
-			if (mod_flag)
-				chmod(np, mode);
-			continue;
-		}
-		omode = mode;
-		mode |= S_IWRITE;
-		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
-bad:			run_err("%s: %s", np, strerror(errno));
-			continue;
-		}
-		write(remout, "", 1);
-		if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
-			close(ofd);
-			continue;
-		}
-		cp = bp->buf;
-		wrerr = NO;
-		for (count = i = 0; i < size; i += BUFSIZ) {
-			amt = BUFSIZ;
-			if (i + amt > size)
-				amt = size - i;
-			count += amt;
-			if((j = net_read(remin, cp, amt)) != amt) {
-			    run_err("%s", j ? strerror(errno) :
-				    "dropped connection");
-			    exit(1);
-			}
-			amt -= j;
-			cp += j;
-			if (count == bp->cnt) {
-				/* Keep reading so we stay sync'd up. */
-				if (wrerr == NO) {
-					j = write(ofd, bp->buf, count);
-					if (j != count) {
-						wrerr = YES;
-						wrerrno = j >= 0 ? EIO : errno;
-					}
-				}
-				count = 0;
-				cp = bp->buf;
-			}
-		}
-		if (count != 0 && wrerr == NO &&
-		    (j = write(ofd, bp->buf, count)) != count) {
-			wrerr = YES;
-			wrerrno = j >= 0 ? EIO : errno;
-		}
-		if (ftruncate(ofd, size)) {
-			run_err("%s: truncate: %s", np, strerror(errno));
-			wrerr = DISPLAYED;
-		}
-		if (pflag) {
-			if (exists || omode != mode)
-				if (fchmod(ofd, omode))
-					run_err("%s: set mode: %s",
-					    np, strerror(errno));
-		} else {
-			if (!exists && omode != mode)
-				if (fchmod(ofd, omode & ~mask))
-					run_err("%s: set mode: %s",
-					    np, strerror(errno));
-		}
-		close(ofd);
-		response();
-		if (setimes && wrerr == NO) {
-			setimes = 0;
-			if (utimes(np, tv) < 0) {
-				run_err("%s: set times: %s",
-				    np, strerror(errno));
-				wrerr = DISPLAYED;
-			}
-		}
-		switch(wrerr) {
-		case YES:
-			run_err("%s: %s", np, strerror(wrerrno));
-			break;
-		case NO:
-			write(remout, "", 1);
-			break;
-		case DISPLAYED:
-			break;
-		}
-	}
-screwup:
-	run_err("protocol error: %s", why);
-	exit(1);
-}
-
-int
-response(void)
-{
-	char ch, *cp, resp, rbuf[BUFSIZ];
-
-	if (read(remin, &resp, sizeof(resp)) != sizeof(resp))
-		lostconn(0);
-
-	cp = rbuf;
-	switch(resp) {
-	case 0:				/* ok */
-		return (0);
-	default:
-		*cp++ = resp;
-		/* FALLTHROUGH */
-	case 1:				/* error, followed by error msg */
-	case 2:				/* fatal error, "" */
-		do {
-			if (read(remin, &ch, sizeof(ch)) != sizeof(ch))
-				lostconn(0);
-			*cp++ = ch;
-		} while (cp < &rbuf[BUFSIZ] && ch != '\n');
-
-		if (!iamremote)
-			write(STDERR_FILENO, rbuf, cp - rbuf);
-		++errs;
-		if (resp == 1)
-			return (-1);
-		exit(1);
-	}
-	/* NOTREACHED */
-}
-
-#include <stdarg.h>
-
-void
-run_err(const char *fmt, ...)
-{
-	static FILE *fp;
-	va_list ap;
-
-	++errs;
-	if (fp == NULL && !(fp = fdopen(remout, "w")))
-		return;
-	va_start(ap, fmt);
-	fprintf(fp, "%c", 0x01);
-	fprintf(fp, "rcp: ");
-	vfprintf(fp, fmt, ap);
-	fprintf(fp, "\n");
-	fflush(fp);
-	va_end(ap);
-
-	if (!iamremote) {
-	    va_start(ap, fmt);
-	    vwarnx(fmt, ap);
-	    va_end(ap);
-	}
-}
-
-/*
- * This function executes the given command as the specified user on the
- * given host.  This returns < 0 if execution fails, and >= 0 otherwise. This
- * assigns the input and output file descriptors on success.
- *
- * If it cannot create necessary pipes it exits with error message.
- */
-
-int 
-do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
-{
-	int pin[2], pout[2], reserved[2];
-
-	/*
-	 * Reserve two descriptors so that the real pipes won't get
-	 * descriptors 0 and 1 because that will screw up dup2 below.
-	 */
-	pipe(reserved);
-
-	/* Create a socket pair for communicating with rsh. */
-	if (pipe(pin) < 0) {
-		perror("pipe");
-		exit(255);
-	}
-	if (pipe(pout) < 0) {
-		perror("pipe");
-		exit(255);
-	}
-
-	/* Free the reserved descriptors. */
-	close(reserved[0]);
-	close(reserved[1]);
-
-	/* For a child to execute the command on the remote host using rsh. */
-	if (fork() == 0) {
-		char *args[100];
-		unsigned int i;
-
-		/* Child. */
-		close(pin[1]);
-		close(pout[0]);
-		dup2(pin[0], 0);
-		dup2(pout[1], 1);
-		close(pin[0]);
-		close(pout[1]);
-
-		i = 0;
-		args[i++] = RSH_PROGRAM;
-		if (usekrb4)
-			args[i++] = "-4";
-		if (usekrb5)
-			args[i++] = "-5";
-		if (usebroken)
-			args[i++] = "-K";
-		if (doencrypt)
-			args[i++] = "-x";
-		if (forwardtkt)
-			args[i++] = "-F";
-		if (noencrypt)
-			args[i++] = "-z";
-		if (port != NULL) {
-			args[i++] = "-p";
-			args[i++] = port;
-		}
-		if (remuser != NULL) {
-			args[i++] = "-l";
-			args[i++] = remuser;
-		}
-		args[i++] = host;
-		args[i++] = cmd;
-		args[i++] = NULL;
-
-		execvp(RSH_PROGRAM, args);
-		perror(RSH_PROGRAM);
-		exit(1);
-	}
-	/* Parent.  Close the other side, and return the local side. */
-	close(pin[0]);
-	*fdout = pin[1];
-	close(pout[1]);
-	*fdin = pout[0];
-	return 0;
-}
diff --git a/crypto/heimdal/appl/rcp/rcp_locl.h b/crypto/heimdal/appl/rcp/rcp_locl.h
deleted file mode 100644
index 4397c9f461ac..000000000000
--- a/crypto/heimdal/appl/rcp/rcp_locl.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: rcp_locl.h,v 1.3 2001/01/29 05:59:24 assar Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-
-#include <ctype.h>
-#include <dirent.h>
-#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <pwd.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <roken.h>
-
-#include "extern.h"
-
-#define	_PATH_CP	"/bin/cp"
-#define	_PATH_RSH	"/usr/bin/rsh"
diff --git a/crypto/heimdal/appl/rcp/util.c b/crypto/heimdal/appl/rcp/util.c
deleted file mode 100644
index 3621d307a425..000000000000
--- a/crypto/heimdal/appl/rcp/util.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 0
-#ifndef lint
-#if 0
-static char sccsid[] = "@(#)util.c	8.2 (Berkeley) 4/2/94";
-#endif
-static const char rcsid[] =
-  "$FreeBSD$";
-#endif /* not lint */
-#endif
-
-#include "rcp_locl.h"
-
-RCSID("$Id: util.c,v 1.6 2001/09/04 14:35:58 assar Exp $");
-
-char *
-colon(cp)
-	char *cp;
-{
-	if (*cp == ':')		/* Leading colon is part of file name. */
-		return (0);
-
-	for (; *cp; ++cp) {
-		if (*cp == ':')
-			return (cp);
-		if (*cp == '/')
-			return (0);
-	}
-	return (0);
-}
-
-void
-verifydir(cp)
-	char *cp;
-{
-	struct stat stb;
-
-	if (!stat(cp, &stb)) {
-		if (S_ISDIR(stb.st_mode))
-			return;
-		errno = ENOTDIR;
-	}
-	run_err("%s: %s", cp, strerror(errno));
-	exit(1);
-}
-
-int
-okname(cp0)
-	char *cp0;
-{
-	int c;
-	char *cp;
-
-	cp = cp0;
-	do {
-		c = *cp;
-		if (c & 0200)
-			goto bad;
-		if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
-			goto bad;
-	} while (*++cp);
-	return (1);
-
-bad:	warnx("%s: invalid user name", cp0);
-	return (0);
-}
-
-int
-susystem(s, userid)
-	int userid;
-	char *s;
-{
-	void (*istat)(int), (*qstat)(int);
-	int status;
-	pid_t pid;
-
-	pid = fork();
-	switch (pid) {
-	case -1:
-		return (127);
-
-	case 0:
-		(void)setuid(userid);
-		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
-		_exit(127);
-	}
-	istat = signal(SIGINT, SIG_IGN);
-	qstat = signal(SIGQUIT, SIG_IGN);
-	if (waitpid(pid, &status, 0) < 0)
-		status = -1;
-	(void)signal(SIGINT, istat);
-	(void)signal(SIGQUIT, qstat);
-	return (status);
-}
-
-#ifndef roundup
-#define	roundup(x, y)	((((x)+((y)-1))/(y))*(y))
-#endif
-
-BUF *
-allocbuf(bp, fd, blksize)
-	BUF *bp;
-	int fd, blksize;
-{
-	struct stat stb;
-	size_t size;
-	char *p;
-
-	if (fstat(fd, &stb) < 0) {
-		run_err("fstat: %s", strerror(errno));
-		return (0);
-	}
-	size = roundup(stb.st_blksize, blksize);
-	if (size == 0)
-		size = blksize;
-	if (bp->cnt >= size)
-		return (bp);
-	if ((p = realloc(bp->buf, size)) == NULL) {
-		if (bp->buf)
-			free(bp->buf);
-		bp->buf = NULL;
-		bp->cnt = 0;
-		run_err("%s", strerror(errno));
-		return (0);
-	}
-	memset(p, 0, size);
-	bp->buf = p;
-	bp->cnt = size;
-	return (bp);
-}
-
-void
-lostconn(signo)
-	int signo;
-{
-	if (!iamremote)
-		warnx("lost connection");
-	exit(1);
-}
diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog
deleted file mode 100644
index 1f33245d7dc4..000000000000
--- a/crypto/heimdal/appl/rsh/ChangeLog
+++ /dev/null
@@ -1,424 +0,0 @@
-2003-04-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: use krb5_appdefault to get defaults for forward and
-	encrypt
-
-	* rshd.c: use ARG_MAX + 1
-
-	* rshd.c (read_str): return allocated string
-
-	* rsh_locl.h: set NCARGS to 8k if undefined
-
-2003-03-23  Assar Westerlund  <assar@kth.se>
-
-	* rsh.c (loop): only check errsock if it's valid
-
-2003-03-18  Love  Love H�rnquist �strand <lha@it.su.se>
-
-	* rshd.c: do krb5_afslog when compling with afs support
-
-	* rsh_locl.h: always include kafs.h
-	
-2002-11-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.8: clarify -x and kerberos 5
-
-2002-11-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh_locl.h: bump COMMAND_SZ to NCARGS+1
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: free some memory
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.1: document -P
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: revert to protocol v1 if not asked for specific protocol
-
-	* rshd.c: handle protocol version 2
-
-	* rsh.c: handle protocol version 2
-
-	* common.c: handle protocol version 2
-
-	* rsh_locl.h: handle protocol version 2
-
-2002-02-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: don't show options that doesn't apply
-
-	* rsh.c: don't show options that doesn't apply
-
-	* rsh_locl.h: if we're not building with any kerberos support,
-	just call read/write directly
-
-	* common.c: if we're not building with any kerberos support, just
-	call read/write directly
-
-	* rshd.c: make this build without krb5; also use the addrinfo
-	interface to mini_inetd, and set the keepalive option if requested
-
-	* rsh.c: make this build without krb5
-
-	* rsh_locl.h: make this build without krb5
-
-	* common.c: make this build without krb5
-
-2001-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: make the syslog messages somewhat more informative
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: only complain about encryption flag when old
-	authentication is requested
-
-2001-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: don't try broken auth if rresvport failed; try to give
-	some more informative error messages
-
-2001-07-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.8: add an EXAMPLE
-	* rshd.8: manual page
-	* rshd.c: add some compat flags
-	* rsh.1: manual page
-	* rsh.c: iff -d, set the SO_DEBUG flags of the stdout and stderr
-	socket; implement parsing user@host
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (fatal): use vsnprintf correctly
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add login_access
-	* rshd.c (login_access): add prototype
-	(syslog_and_die, fatal): add printf attributes
-	(*): AIX -> _AIX
-	(doit): use login_access
-	based on patches from Ake Sandgren <ake@cs.umu.se>
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (save_krb5_creds): use krb5_rd_cred2 instead of
-	krb5_rd_cred
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (main): handle krb5_init_context failure consistently
-	* rsh.c (main): handle krb5_init_context failure consistently
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rshd.c: require encryption if passed -x
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (loop): check that the fd's aren't too large to select on
-	* rsh.c (loop, proto): check that the fd's aren't too large to
-	select on
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: move code to do config/command parsing correctly.
-
-2000-08-09  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): only fetch stuff from krb5.conf when no option has
-	been given
-
-2000-08-01  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (doit): loop until we create an error socket of an
-	supported socket family
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c: DCE stuff from Ake Sandgren <ake@cs.umu.se>
-	do not call syslog with a variable as format string
-
-	* rsh_locl.h (_PATH_ETC_ENVIRONMENT): add
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): work-around for setuid and capabilities bug fixed
-	in Linux 2.2.16
-
-2000-06-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rsh.c: nuke long option from -z
-	
-	* rsh.c: don't try to encrypt if auth is broken (Daniel Kouril)
-	
-2000-06-03  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (doit): check return value of getspnam.  From
-	<haba@pdc.kth.se>
-
-2000-05-23  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (proto): select on the normal socket when waiting for the
-	daemon to connect back to the stderr port, so that we discover
-	when data arrives there before.  when that happens, we assume that
-	the daemon did not manage to connect (because of NAT/whatever) and
-	continue as if `-e' was given
-	* rshd.c (doit): if we fail to connect back to the stderr port,
-	act as if `-e' was given on the client side, i.e. without the
-	special TCP-connection.  This tries to make things better when
-	running the head against a NAT wall, for example.
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): make sure we use the heimdal libdes
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* *: conditionalize des stuff on KRB4
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (doit): addrinfo returned from getaddrinfo() is not usable
-	directly as hints.  copy it and set AI_PASSIVE.
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): remember to close the priviledged sockets before
- 	calling rlogin
-
-1999-11-02  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): redo the v4/v5 selection for consistency.  -4 ->
- 	try only v4 -5 -> try only v5 none, -45 -> try v5, v4
-
-1999-10-26  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (main): ignore SIGPIPE
-
-	* common.c (do_read): the encoded length can be longer than the
- 	buffer being used, allocate memory for it dynamically.  From Brian
- 	A May <bmay@dgs.monash.edu.au>
-
-1999-10-14  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (proto): be more careful and don't print errno when read()
- 	returns 0
-
-1999-09-20  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (recv_krb4_auth): set `iv'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* common.c (do_read): be careful with the return value from
- 	krb5_net_read
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: call freehostent
-
-	* rsh.c: remove some dead code
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c: re-write the handling of forwarded credentials and
- 	stuff.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* rsh_locl.h: always include kafs.h
-
-	* rsh.c: add `-z' and `-G' options
-
-	* rsh.c (loop): shutdown one side of the TCP connection on EOF.
-  	From Brian A May <bmay@dgs.monash.edu.au>
-
-	* common.c (do_read): handle EOF.  From Brian A May
- 	<bmay@dgs.monash.edu.au>
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: const fixes
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c: v6-ify
-
-	* rsh.c: v6-ify
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* rsh_locl.h: move around kafs.h
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* rsh_locl.h: <shadow.h>
-
-	* rsh.c, rshd.c: improve forwarding and implement unique ccache on
- 	server.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (construct_command): handle argc == 0 for generality
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: new option `-e' for not trying to open an stderr socket
-
-1999-06-17  Assar Westerlund  <assar@sics.se>
-
-	* rsh_locl.h (RSH_BUFSIZ): bump to 16 * 1024 to be sure that we
- 	don't leave any data inside des_enc_read.  (that constant should
- 	really be exported in some way...)
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: use get_default_username and resulting const pollution
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): try $USERNAME
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (doit): afslog correctly
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (main): add fallback to rlogin
-
-1999-05-10  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (send_krb5_auth): call krb5_sendauth with ccache == NULL.
-	check return value from krb5_crypto_init
-	
-	* common.c (do_write, do_read): always return -1 for failure
-	(net_write, net_read): remove.  they already exist in libroken
-
-1999-05-09  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: make sure it tries with all other authentication methods
-	after one has failed
-	* rsh.c (main): detect the case of no command given.
-	
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c: new option --forwardable. use print_version
-	
-Sat Apr 10 17:10:55 1999  Assar Westerlund  <assar@sics.se>
-
-	* rshd.c (setup_copier): use `socketpair' instead of `pipe'.  Some
- 	shells don't think it's a rsh session if they find a pipe at the
- 	other end.
-	(setup_environment): add SSH_CLIENT just to make bash happy
-
-	* common.c (do_read): use krb5_get_wrapped_length
-
-Wed Mar 24 03:59:42 1999  Assar Westerlund  <assar@sics.se>
-
-	* rsh.c (loop): more braces to make gcc happy
-
-Tue Mar 23 17:08:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* rsh_locl.h: kafs.h
-
-	* rshd.c: add `-P', `-v', and `-L' flags
-
-Thu Mar 18 11:37:24 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* appl/rsh/rshd.c: update to new crypto framework
-
-	* appl/rsh/rsh_locl.h: update to new crypto framework
-
-	* appl/rsh/rsh.c: update to new crypto framework
-
-	* appl/rsh/common.c: update to new crypto framework
-
-Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh.c (main): initialize host
-
-	* appl/rsh/rshd.c (recv_krb5_auth): disable `do_encrypt' if not
- 	encrypting.
-
-Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh.c: kludges for parsing `rsh hostname -l user'
-
-Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* appl/rsh/rshd.c: use krb5_verify_authenticator_checksum
-
-Sat Apr 18 21:13:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* appl/rsh/rsh.c: Don't try v5 if (only) `-4' is specified.
-
-Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c (recv_krb5_auth): swap the order of the
- 	`local_user' and the `remote_user'
-
-	* appl/rsh/rsh.c (send_krb5_auth): swap the order of the
- 	`local_user' and the `remote_user'
-
-Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: updated to use getarg.
-	changed `struct fd_set' to `fd_set'.
-	implemented broken/BSD authentication (requires iruserok)
-
-Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh_locl.h: add AUTH_BROKEN and PATH_RSH
-
-	* appl/rsh/Makefile.am: set BINDIR
-
-	* appl/rsh/rsh.c: implemented BSD-style reserved port
- 	`authentication'
-
-Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: syslog remote shells
-
-Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rshd/rshd.c: Use `krb5_sock_to_principal'.  Send server
- 	parameter to krb5_rd_req/krb5_recvauth.  Set addresses in
- 	auth_context.
-
-Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: implement forwarding
-
-	* appl/rsh/rsh.c: Use getarg.  Implement forwarding.
-
-Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh: Conditionalize the krb4-support.
-
-Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rsh.c: use the correct user for the checksum
-
-Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh/rshd.c: Now works.  Also implementd encryption and
- 	`-p'.
-	
-	* appl/rsh/common.c: new file
-
-Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>
-
-	* appl/rsh: New program.
-
diff --git a/crypto/heimdal/appl/rsh/Makefile b/crypto/heimdal/appl/rsh/Makefile
deleted file mode 100644
index 06068f4737df..000000000000
--- a/crypto/heimdal/appl/rsh/Makefile
+++ /dev/null
@@ -1,782 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/rsh/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.17 2001/07/31 09:12:03 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) -I$(srcdir)/../login
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = rsh
-
-man_MANS = rsh.1 rshd.8
-
-libexec_PROGRAMS = rshd
-
-rsh_SOURCES = rsh.c common.c rsh_locl.h
-
-rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_kdfs)
-
-subdir = appl/rsh
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = rsh$(EXEEXT)
-libexec_PROGRAMS = rshd$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT)
-rsh_OBJECTS = $(am_rsh_OBJECTS)
-rsh_LDADD = $(LDADD)
-rsh_DEPENDENCIES = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#rsh_DEPENDENCIES =
-#rsh_DEPENDENCIES = \
-#	$(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-##rsh_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la
-#rsh_DEPENDENCIES = \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la \
-#	$(top_builddir)/lib/kdfs/libkdfs.la
-##rsh_DEPENDENCIES = \
-##	$(top_builddir)/lib/kdfs/libkdfs.la
-##rsh_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la \
-##	$(top_builddir)/lib/krb5/libkrb5.la \
-##	$(top_builddir)/lib/asn1/libasn1.la \
-##	$(top_builddir)/lib/kdfs/libkdfs.la
-###rsh_DEPENDENCIES = \
-###	$(top_builddir)/lib/kafs/libkafs.la \
-###	$(top_builddir)/lib/kdfs/libkdfs.la
-rsh_LDFLAGS =
-am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) login_access.$(OBJEXT)
-rshd_OBJECTS = $(am_rshd_OBJECTS)
-rshd_LDADD = $(LDADD)
-rshd_DEPENDENCIES = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#rshd_DEPENDENCIES =
-#rshd_DEPENDENCIES = \
-#	$(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-##rshd_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la
-#rshd_DEPENDENCIES = \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la \
-#	$(top_builddir)/lib/kdfs/libkdfs.la
-##rshd_DEPENDENCIES = \
-##	$(top_builddir)/lib/kdfs/libkdfs.la
-##rshd_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la \
-##	$(top_builddir)/lib/krb5/libkrb5.la \
-##	$(top_builddir)/lib/asn1/libasn1.la \
-##	$(top_builddir)/lib/kdfs/libkdfs.la
-###rshd_DEPENDENCIES = \
-###	$(top_builddir)/lib/kafs/libkafs.la \
-###	$(top_builddir)/lib/kdfs/libkdfs.la
-rshd_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/rsh/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-rsh$(EXEEXT): $(rsh_OBJECTS) $(rsh_DEPENDENCIES) 
-	@rm -f rsh$(EXEEXT)
-	$(LINK) $(rsh_LDFLAGS) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS)
-rshd$(EXEEXT): $(rshd_OBJECTS) $(rshd_DEPENDENCIES) 
-	@rm -f rshd$(EXEEXT)
-	$(LINK) $(rshd_LDFLAGS) $(rshd_OBJECTS) $(rshd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man1 install-man8 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-login_access.c:
-	$(LN_S) $(srcdir)/../login/login_access.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/rsh/Makefile.am b/crypto/heimdal/appl/rsh/Makefile.am
deleted file mode 100644
index 2fbc8e0f4f2a..000000000000
--- a/crypto/heimdal/appl/rsh/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-# $Id: Makefile.am,v 1.17 2001/07/31 09:12:03 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) -I$(srcdir)/../login
-
-bin_PROGRAMS = rsh
-
-man_MANS = rsh.1 rshd.8
-
-libexec_PROGRAMS = rshd
-
-rsh_SOURCES  = rsh.c common.c rsh_locl.h
-
-rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
-
-login_access.c:
-	$(LN_S) $(srcdir)/../login/login_access.c .
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_kdfs)
diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in
deleted file mode 100644
index cc8fda18d7fb..000000000000
--- a/crypto/heimdal/appl/rsh/Makefile.in
+++ /dev/null
@@ -1,752 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.17 2001/07/31 09:12:03 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) -I$(srcdir)/../login
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = rsh
-
-man_MANS = rsh.1 rshd.8
-
-libexec_PROGRAMS = rshd
-
-rsh_SOURCES = rsh.c common.c rsh_locl.h
-
-rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h
-
-LDADD = $(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(LIB_kdfs)
-
-subdir = appl/rsh
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = rsh$(EXEEXT)
-libexec_PROGRAMS = rshd$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
-
-am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT)
-rsh_OBJECTS = $(am_rsh_OBJECTS)
-rsh_LDADD = $(LDADD)
-@DCE_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@DCE_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = \
-@DCE_FALSE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la
-@DCE_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kdfs/libkdfs.la
-@DCE_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \
-@DCE_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la \
-@DCE_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kdfs/libkdfs.la
-rsh_LDFLAGS =
-am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) login_access.$(OBJEXT)
-rshd_OBJECTS = $(am_rshd_OBJECTS)
-rshd_LDADD = $(LDADD)
-@DCE_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@DCE_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = \
-@DCE_FALSE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la
-@DCE_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kdfs/libkdfs.la
-@DCE_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \
-@DCE_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la \
-@DCE_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kdfs/libkdfs.la
-rshd_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/rsh/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-rsh$(EXEEXT): $(rsh_OBJECTS) $(rsh_DEPENDENCIES) 
-	@rm -f rsh$(EXEEXT)
-	$(LINK) $(rsh_LDFLAGS) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS)
-rshd$(EXEEXT): $(rshd_OBJECTS) $(rshd_DEPENDENCIES) 
-	@rm -f rshd$(EXEEXT)
-	$(LINK) $(rshd_LDFLAGS) $(rshd_OBJECTS) $(rshd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-libexecPROGRAMS install-man \
-	install-man1 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-login_access.c:
-	$(LN_S) $(srcdir)/../login/login_access.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/rsh/common.c b/crypto/heimdal/appl/rsh/common.c
deleted file mode 100644
index 69b0c9b5ddde..000000000000
--- a/crypto/heimdal/appl/rsh/common.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "rsh_locl.h"
-RCSID("$Id: common.c,v 1.16 2002/09/04 15:50:36 assar Exp $");
-
-#if defined(KRB4) || defined(KRB5)
-
-#ifdef KRB5
-int key_usage = 1026;
-
-void *ivec_in[2];
-void *ivec_out[2];
-
-void
-init_ivecs(int client)
-{
-    size_t blocksize;
-
-    krb5_crypto_getblocksize(context, crypto, &blocksize);
-
-    ivec_in[0] = malloc(blocksize);
-    memset(ivec_in[0], client, blocksize);
-
-    ivec_in[1] = malloc(blocksize);
-    memset(ivec_in[1], 2 | client, blocksize);
-
-    ivec_out[0] = malloc(blocksize);
-    memset(ivec_out[0], !client, blocksize);
-
-    ivec_out[1] = malloc(blocksize);
-    memset(ivec_out[1], 2 | !client, blocksize);
-}
-#endif
-
-
-ssize_t
-do_read (int fd, void *buf, size_t sz, void *ivec)
-{
-    if (do_encrypt) {
-#ifdef KRB4
-	if (auth_method == AUTH_KRB4) {
-	    return des_enc_read (fd, buf, sz, schedule, &iv);
-	} else
-#endif /* KRB4 */
-#ifdef KRB5
-        if(auth_method == AUTH_KRB5) {
-	    krb5_error_code ret;
-	    u_int32_t len, outer_len;
-	    int status;
-	    krb5_data data;
-	    void *edata;
-
-	    ret = krb5_net_read (context, &fd, &len, 4);
-	    if (ret <= 0)
-		return ret;
-	    len = ntohl(len);
-	    if (len > sz)
-		abort ();
-	    /* ivec will be non null for protocol version 2 */
-	    if(ivec != NULL)
-		outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
-	    else
-		outer_len = krb5_get_wrapped_length (context, crypto, len);
-	    edata = malloc (outer_len);
-	    if (edata == NULL)
-		errx (1, "malloc: cannot allocate %u bytes", outer_len);
-	    ret = krb5_net_read (context, &fd, edata, outer_len);
-	    if (ret <= 0)
-		return ret;
-
-	    status = krb5_decrypt_ivec(context, crypto, key_usage, 
-				       edata, outer_len, &data, ivec);
-	    free (edata);
-	    
-	    if (status)
-		krb5_err (context, 1, status, "decrypting data");
-	    if(ivec != NULL) {
-		unsigned long l;
-		if(data.length < len + 4)
-		    errx (1, "data received is too short");
-		_krb5_get_int(data.data, &l, 4);
-		if(l != len)
-		    errx (1, "inconsistency in received data");
-		memcpy (buf, (unsigned char *)data.data+4, len);
-	    } else
-		memcpy (buf, data.data, len);
-	    krb5_data_free (&data);
-	    return len;
-	} else
-#endif /* KRB5 */
-	    abort ();
-    } else
-	return read (fd, buf, sz);
-}
-
-ssize_t
-do_write (int fd, void *buf, size_t sz, void *ivec)
-{
-    if (do_encrypt) {
-#ifdef KRB4
-	if(auth_method == AUTH_KRB4) {
-	    return des_enc_write (fd, buf, sz, schedule, &iv);
-	} else
-#endif /* KRB4 */
-#ifdef KRB5
-	if(auth_method == AUTH_KRB5) {
-	    krb5_error_code status;
-	    krb5_data data;
-	    unsigned char len[4];
-	    int ret;
-
-	    _krb5_put_int(len, sz, 4);
-	    if(ivec != NULL) {
-		unsigned char *tmp = malloc(sz + 4);
-		if(tmp == NULL)
-		    err(1, "malloc");
-		_krb5_put_int(tmp, sz, 4);
-		memcpy(tmp + 4, buf, sz);
-		status = krb5_encrypt_ivec(context, crypto, key_usage,
-					   tmp, sz + 4, &data, ivec);
-		free(tmp);
-	    } else
-		status = krb5_encrypt_ivec(context, crypto, key_usage,
-					   buf, sz, &data, ivec);
-
-	    if (status)
-		krb5_err(context, 1, status, "encrypting data");
-
-	    ret = krb5_net_write (context, &fd, len, 4);
-	    if (ret != 4)
-		return ret;
-	    ret = krb5_net_write (context, &fd, data.data, data.length);
-	    if (ret != data.length)
-		return ret;
-	    free (data.data);
-	    return sz;
-	} else
-#endif /* KRB5 */
-	    abort();
-    } else
-	return write (fd, buf, sz);
-}
-#endif /* KRB4 || KRB5 */
diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1
deleted file mode 100644
index 82c1f6c1f0f8..000000000000
--- a/crypto/heimdal/appl/rsh/rsh.1
+++ /dev/null
@@ -1,266 +0,0 @@
-.\" Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\"	$Id: rsh.1,v 1.6 2003/04/16 19:57:25 lha Exp $
-.\"
-.Dd September 4, 2002
-.Dt RSH 1
-.Os HEIMDAL
-.Sh NAME
-.Nm rsh
-.Nd
-remote shell
-.Sh SYNOPSIS
-.Nm
-.Op Fl 45FGKdefnuxz
-.Op Fl U Pa string
-.Op Fl p Ar port
-.Op Fl l Ar username
-.Op Fl P Ar N|O
-.Ar host [command]
-.Sh DESCRIPTION
-.Nm
-authenticates to the
-.Xr rshd 8
-daemon on the remote
-.Ar host ,
-and then executes the specified
-.Ar command .
-.Pp
-.Nm
-copies its standard input to the remote command, and the standard
-output and error of the remote command to its own.
-.Pp
-Valid options are:
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -krb4
-.Xc
-The
-.Fl 4
-option requests Kerberos 4 authentication. Normally all supported
-authentication mechanisms will be tried, but in some cases more
-explicit control is desired.
-.It Xo
-.Fl 5 ,
-.Fl -krb5
-.Xc
-The
-.Fl 5
-option requests Kerberos 5 authentication. This is analogous to the
-.Fl 4
-option.
-.It Xo
-.Fl K ,
-.Fl -broken
-.Xc
-The
-.Fl K
-option turns off all Kerberos authentication. The long name implies
-that this is more or less totally unsecure. The security in this mode
-relies on reserved ports, which is not very secure.
-.It Xo
-.Fl n ,
-.Fl -no-input
-.Xc
-The
-.Fl n
-option directs the input from the
-.Pa /dev/null
-device (see the
-.Sx BUGS
-section of this manual page).
-.It Xo
-.Fl e ,
-.Fl -no-stderr
-.Xc
-Don't use a separate socket for the stderr stream. This can be
-necessary if rsh-ing through a NAT bridge.
-.It Xo
-.Fl x ,
-.Fl -encrypt
-.Xc
-The
-.Fl x
-option enables encryption for all data exchange. This is only valid
-for Kerberos authenticated connections (see the
-.Sx BUGS
-section for limitations).
-.It Xo
-.Fl z
-.Xc
-The opposite of
-.Fl x .
-This is the default, but encryption can be enabled when using
-Kerberos 5, by setting the
-.Li libdefaults/encrypt
-option in
-.Xr krb5.conf 5 .
-.It Xo
-.Fl f ,
-.Fl -forward
-.Xc
-Forward Kerberos 5 credentials to the remote host. Also controlled by
-.Li libdefaults/forward
-in
-.Xr krb5.conf 5 .
-.It Xo
-.Fl G
-.Xc
-The opposite of
-.Fl f .
-.It Xo
-.Fl F ,
-.Fl -forwardable
-.Xc
-Make the forwarded credentials re-forwardable. Also controlled by
-.Li libdefaults/forwardable
-in
-.Xr krb5.conf 5 .
-.It Xo
-.Fl u ,
-.Fl -unique
-.Xc
-Make sure the remote credentials cache is unique, that is, don't reuse
-any existing cache. Mutually exclusive to
-.Fl U .
-.It Xo
-.Fl U Pa string ,
-.Fl -tkfile= Ns Pa string
-.Xc
-Name of the remote credentials cache. Mutually exclusive to
-.Fl u .
-.It Xo
-.Fl p Ar number-or-service ,
-.Fl -port= Ns Ar number-or-service
-.Xc
-Connect to this port instead of the default (which is 514 when using
-old port based authentication, 544 for Kerberos 5 and non-encrypted
-Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to
-the contents of
-.Pa /etc/services ) .
-.It Xo
-.Fl l Ar string ,
-.Fl -user= Ns Ar string
-.Xc
-By default the remote username is the same as the local. The
-.Fl l
-option or the
-.Pa username@host
-format allow the remote name to be specified.
-.It Xo
-.Fl P Ar N|O|1|2 ,
-.Fl -protocol= Ns Ar N|O|1|2
-.Xc
-Specifies which protocol version to use with Kerberos 5.
-.Ar N
-and
-.Ar 2
-selects protocol version 2, while 
-.Ar O
-and
-.Ar 1
-selects version 1. Version 2 is believed to be more secure, and is the
-default. Unless asked for a specific version,
-.Nm
-will try both.  This behaviour may change in the future.
-.El
-.\".Pp
-.\"Without a
-.\".Ar command
-.\".Nm
-.\"will just exec
-.\".Xr rlogin 1
-.\"with the same arguments.
-.Sh EXAMPLES
-Care should be taken when issuing commands containing shell meta
-characters. Without quoting, these will be expanded on the local
-machine.
-.Pp
-The following command:
-.Pp
-.Dl rsh otherhost cat remotefile > localfile
-.Pp
-will write the contents of the remote
-.Pa remotefile
-to the local
-.Pa localfile ,
-but:
-.Pp
-.Dl rsh otherhost 'cat remotefile > remotefile2'
-.Pp
-will write it to the remote
-.Pa remotefile2 .
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Bl -tag -width /etc/hosts -compact
-.It Pa /etc/hosts
-.El
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr rlogin 1 ,
-.Xr krb_realmofhost 3 ,
-.Xr krb_sendauth 3 ,
-.Xr hosts.equiv 5 ,
-.Xr krb5.conf 5 ,
-.Xr rhosts 5 ,
-.Xr kerberos 8
-.Xr rshd 8
-.\".Sh STANDARDS
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
-.Sh AUTHORS
-This implementation of
-.Nm
-was written as part of the Heimdal Kerberos 5 implementation.
-.Sh BUGS
-Some shells (notably
-.Xr csh 1 )
-will cause
-.Nm
-to block if run in the background, unless the standard input is directed away from the terminal. This is what the
-.Fl n
-option is for.
-.Pp
-The
-.Fl x
-options enables encryption for the session, but for both Kerberos 4
-and 5 the actual command is sent unencrypted, so you should not send
-any secret information in the command line (which is probably a bad
-idea anyway, since the command line can usually be read with tools
-like
-.Xr ps 1 ) .
-Forthermore in Kerberos 4 the command is not even integrity
-protected, so anyone with the right tools can modify the command.
diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c
deleted file mode 100644
index 8af5096b7e92..000000000000
--- a/crypto/heimdal/appl/rsh/rsh.c
+++ /dev/null
@@ -1,1115 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "rsh_locl.h"
-RCSID("$Id: rsh.c,v 1.71 2003/04/16 20:37:20 joda Exp $");
-
-enum auth_method auth_method;
-#if defined(KRB4) || defined(KRB5)
-int do_encrypt       = -1;
-#endif
-#ifdef KRB5
-int do_unique_tkfile = 0;
-char *unique_tkfile  = NULL;
-char tkfile[MAXPATHLEN];
-int do_forward       = -1;
-int do_forwardable   = -1;
-krb5_context context;
-krb5_keyblock *keyblock;
-krb5_crypto crypto;
-#endif
-#ifdef KRB4
-des_key_schedule schedule;
-des_cblock iv;
-#endif
-int sock_debug	     = 0;
-
-#ifdef KRB4
-static int use_v4 = -1;
-#endif
-#ifdef KRB5
-static int use_v5 = -1;
-#endif
-static int use_only_broken = 0;
-static int use_broken = 1;
-static char *port_str;
-static const char *user;
-static int do_version;
-static int do_help;
-static int do_errsock = 1;
-static char *protocol_version_str;
-static int protocol_version = 2;
-
-/*
- *
- */
-
-static int input = 1;		/* Read from stdin */
-
-static int
-loop (int s, int errsock)
-{
-    fd_set real_readset;
-    int count = 1;
-
-#ifdef KRB5
-    if(auth_method == AUTH_KRB5 && protocol_version == 2)
-	init_ivecs(1);
-#endif
-
-    if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
-	errx (1, "fd too large");
-    
-    FD_ZERO(&real_readset);
-    FD_SET(s, &real_readset);
-    if (errsock != -1) {
-	FD_SET(errsock, &real_readset);
-	++count;
-    }
-    if(input)
-	FD_SET(STDIN_FILENO, &real_readset);
-
-    for (;;) {
-	int ret;
-	fd_set readset;
-	char buf[RSH_BUFSIZ];
-
-	readset = real_readset;
-	ret = select (max(s, errsock) + 1, &readset, NULL, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		err (1, "select");
-	}
-	if (FD_ISSET(s, &readset)) {
-	    ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0) {
-		close (s);
-		FD_CLR(s, &real_readset);
-		if (--count == 0)
-		    return 0;
-	    } else
-		net_write (STDOUT_FILENO, buf, ret);
-	}
-	if (errsock != -1 && FD_ISSET(errsock, &readset)) {
-	    ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0) {
-		close (errsock);
-		FD_CLR(errsock, &real_readset);
-		if (--count == 0)
-		    return 0;
-	    } else
-		net_write (STDERR_FILENO, buf, ret);
-	}
-	if (FD_ISSET(STDIN_FILENO, &readset)) {
-	    ret = read (STDIN_FILENO, buf, sizeof(buf));
-	    if (ret < 0)
-		err (1, "read");
-	    else if (ret == 0) {
-		close (STDIN_FILENO);
-		FD_CLR(STDIN_FILENO, &real_readset);
-		shutdown (s, SHUT_WR);
-	    } else
-		do_write (s, buf, ret, ivec_out[0]);
-	}
-    }
-}
-
-#ifdef KRB4
-static int
-send_krb4_auth(int s,
-	       struct sockaddr *thisaddr,
-	       struct sockaddr *thataddr,
-	       const char *hostname,
-	       const char *remote_user,
-	       const char *local_user,
-	       size_t cmd_len,
-	       const char *cmd)
-{
-    KTEXT_ST text;
-    CREDENTIALS cred;
-    MSG_DAT msg;
-    int status;
-    size_t len;
-
-    /* the normal default for krb4 should be to disable encryption */
-    status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0,
-			   s, &text, "rcmd",
-			   (char *)hostname, krb_realmofhost (hostname),
-			   getpid(), &msg, &cred, schedule,
-			   (struct sockaddr_in *)thisaddr,
-			   (struct sockaddr_in *)thataddr,
-			   KCMD_OLD_VERSION);
-    if (status != KSUCCESS) {
-	warnx("%s: %s", hostname, krb_get_err_text(status));
-	return 1;
-    }
-    memcpy (iv, cred.session, sizeof(iv));
-
-    len = strlen(remote_user) + 1;
-    if (net_write (s, remote_user, len) != len) {
-	warn("write");
-	return 1;
-    }
-    if (net_write (s, cmd, cmd_len) != cmd_len) {
-	warn("write");
-	return 1;
-    }
-    return 0;
-}
-#endif /* KRB4 */
-
-#ifdef KRB5
-/*
- * Send forward information on `s' for host `hostname', them being
- * forwardable themselves if `forwardable'
- */
-
-static int
-krb5_forward_cred (krb5_auth_context auth_context,
-		   int s,
-		   const char *hostname,
-		   int forwardable)
-{
-    krb5_error_code ret;
-    krb5_ccache     ccache;
-    krb5_creds      creds;
-    krb5_kdc_flags  flags;
-    krb5_data       out_data;
-    krb5_principal  principal;
-
-    memset (&creds, 0, sizeof(creds));
-
-    ret = krb5_cc_default (context, &ccache);
-    if (ret) {
-	warnx ("could not forward creds: krb5_cc_default: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	warnx ("could not forward creds: krb5_cc_get_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    creds.client = principal;
-    
-    ret = krb5_build_principal (context,
-				&creds.server,
-				strlen(principal->realm),
-				principal->realm,
-				"krbtgt",
-				principal->realm,
-				NULL);
-
-    if (ret) {
-	warnx ("could not forward creds: krb5_build_principal: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    creds.times.endtime = 0;
-
-    flags.i = 0;
-    flags.b.forwarded   = 1;
-    flags.b.forwardable = forwardable;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    flags.i,
-				    hostname,
-				    &creds,
-				    &out_data);
-    if (ret) {
-	warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
-	       krb5_get_err_text (context, ret));
-	return 1;
-    }
-
-    ret = krb5_write_message (context,
-			      (void *)&s,
-			      &out_data);
-    krb5_data_free (&out_data);
-
-    if (ret)
-	warnx ("could not forward creds: krb5_write_message: %s",
-	       krb5_get_err_text (context, ret));
-    return 0;
-}
-
-static int sendauth_version_error;
-
-static int
-send_krb5_auth(int s,
-	       struct sockaddr *thisaddr,
-	       struct sockaddr *thataddr,
-	       const char *hostname,
-	       const char *remote_user,
-	       const char *local_user,
-	       size_t cmd_len,
-	       const char *cmd)
-{
-    krb5_principal server;
-    krb5_data cksum_data;
-    int status;
-    size_t len;
-    krb5_auth_context auth_context = NULL;
-    const char *protocol_string = NULL;
-    krb5_flags ap_opts;
-
-    status = krb5_sname_to_principal(context,
-				     hostname,
-				     "host",
-				     KRB5_NT_SRV_HST,
-				     &server);
-    if (status) {
-	warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
-	return 1;
-    }
-
-    if(do_encrypt == -1) {
-	krb5_appdefault_boolean(context, NULL, 
-				krb5_principal_get_realm(context, server), 
-				"encrypt", 
-				FALSE, 
-				&do_encrypt);
-    }
-
-    cksum_data.length = asprintf ((char **)&cksum_data.data,
-				  "%u:%s%s%s",
-				  ntohs(socket_get_port(thataddr)),
-				  do_encrypt ? "-x " : "",
-				  cmd,
-				  remote_user);
-
-    ap_opts = 0;
-
-    if(do_encrypt)
-	ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
-
-    switch(protocol_version) {
-    case 2:
-	ap_opts |= AP_OPTS_USE_SUBKEY;
-	protocol_string = KCMD_NEW_VERSION;
-	break;
-    case 1:
-	protocol_string = KCMD_OLD_VERSION;
-	key_usage = KRB5_KU_OTHER_ENCRYPTED;
-	break;
-    default:
-	abort();
-    }
-	
-    status = krb5_sendauth (context,
-			    &auth_context,
-			    &s,
-			    protocol_string,
-			    NULL,
-			    server,
-			    ap_opts,
-			    &cksum_data,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL);
-
-    /* do this while we have a principal */
-    if(do_forward == -1 || do_forwardable == -1) {
-	krb5_const_realm realm = krb5_principal_get_realm(context, server);
-	if (do_forwardable == -1)
-	    krb5_appdefault_boolean(context, NULL, realm,
-				    "forwardable", FALSE, 
-				    &do_forwardable);
-	if (do_forward == -1)
-	    krb5_appdefault_boolean(context, NULL, realm,
-				    "forward", FALSE, 
-				    &do_forward);
-    }
-    
-    krb5_free_principal(context, server);
-    krb5_data_free(&cksum_data);
-
-    if (status) {
-	if(status == KRB5_SENDAUTH_REJECTED && 
-	   protocol_version == 2 && protocol_version_str == NULL)
-	    sendauth_version_error = 1;
-	else
-	    krb5_warn(context, status, "%s", hostname);
-	return 1;
-    }
-
-    status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
-    if(keyblock == NULL)
-	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
-    if (status) {
-	warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
-	return 1;
-    }
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &s);
-    if (status) {
-        warnx("krb5_auth_con_setaddrs_from_fd: %s",
-	      krb5_get_err_text(context, status));
-        return(1);
-    }
-
-    status = krb5_crypto_init(context, keyblock, 0, &crypto);
-    if(status) {
-	warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
-	return 1;
-    }
-
-    len = strlen(remote_user) + 1;
-    if (net_write (s, remote_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-    if (do_encrypt && net_write (s, "-x ", 3) != 3) {
-	warn ("write");
-	return 1;
-    }
-    if (net_write (s, cmd, cmd_len) != cmd_len) {
-	warn ("write");
-	return 1;
-    }
-
-    if (do_unique_tkfile) {
-	if (net_write (s, tkfile, strlen(tkfile)) != strlen(tkfile)) {
-	    warn ("write");
-	    return 1;
-	}
-    }
-    len = strlen(local_user) + 1;
-    if (net_write (s, local_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-
-    if (!do_forward
-	|| krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
-	/* Empty forwarding info */
-
-	u_char zero[4] = {0, 0, 0, 0};
-	write (s, &zero, 4);
-    }
-    krb5_auth_con_free (context, auth_context);
-    return 0;
-}
-
-#endif /* KRB5 */
-
-static int
-send_broken_auth(int s,
-		 struct sockaddr *thisaddr,
-		 struct sockaddr *thataddr,
-		 const char *hostname,
-		 const char *remote_user,
-		 const char *local_user,
-		 size_t cmd_len,
-		 const char *cmd)
-{
-    size_t len;
-
-    len = strlen(local_user) + 1;
-    if (net_write (s, local_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-    len = strlen(remote_user) + 1;
-    if (net_write (s, remote_user, len) != len) {
-	warn ("write");
-	return 1;
-    }
-    if (net_write (s, cmd, cmd_len) != cmd_len) {
-	warn ("write");
-	return 1;
-    }
-    return 0;
-}
-
-static int
-proto (int s, int errsock,
-       const char *hostname, const char *local_user, const char *remote_user,
-       const char *cmd, size_t cmd_len,
-       int (*auth_func)(int s,
-			struct sockaddr *this, struct sockaddr *that,
-			const char *hostname, const char *remote_user,
-			const char *local_user, size_t cmd_len,
-			const char *cmd))
-{
-    int errsock2;
-    char buf[BUFSIZ];
-    char *p;
-    size_t len;
-    char reply;
-    struct sockaddr_storage thisaddr_ss;
-    struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
-    struct sockaddr_storage thataddr_ss;
-    struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
-    struct sockaddr_storage erraddr_ss;
-    struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
-    socklen_t addrlen;
-    int ret;
-
-    addrlen = sizeof(thisaddr_ss);
-    if (getsockname (s, thisaddr, &addrlen) < 0) {
-	warn ("getsockname(%s)", hostname);
-	return 1;
-    }
-    addrlen = sizeof(thataddr_ss);
-    if (getpeername (s, thataddr, &addrlen) < 0) {
-	warn ("getpeername(%s)", hostname);
-	return 1;
-    }
-
-    if (errsock != -1) {
-
-	addrlen = sizeof(erraddr_ss);
-	if (getsockname (errsock, erraddr, &addrlen) < 0) {
-	    warn ("getsockname");
-	    return 1;
-	}
-
-	if (listen (errsock, 1) < 0) {
-	    warn ("listen");
-	    return 1;
-	}
-
-	p = buf;
-	snprintf (p, sizeof(buf), "%u",
-		  ntohs(socket_get_port(erraddr)));
-	len = strlen(buf) + 1;
-	if(net_write (s, buf, len) != len) {
-	    warn ("write");
-	    close (errsock);
-	    return 1;
-	}
-
-
-	for (;;) {
-	    fd_set fdset;
-
-	    if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
-		errx (1, "fd too large");
-
-	    FD_ZERO(&fdset);
-	    FD_SET(errsock, &fdset);
-	    FD_SET(s, &fdset);
-
-	    ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
-	    if (ret < 0) {
-		if (errno == EINTR)
-		    continue;
-		warn ("select");
-		close (errsock);
-		return 1;
-	    }
-	    if (FD_ISSET(errsock, &fdset)) {
-		errsock2 = accept (errsock, NULL, NULL);
-		close (errsock);
-		if (errsock2 < 0) {
-		    warn ("accept");
-		    return 1;
-		}
-		break;
-	    }
-
-	    /*
-	     * there should not arrive any data on this fd so if it's
-	     * readable it probably indicates that the other side when
-	     * away.
-	     */
-
-	    if (FD_ISSET(s, &fdset)) {
-		warnx ("socket closed");
-		close (errsock);
-		errsock2 = -1;
-		break;
-	    }
-	}
-    } else {
-	if (net_write (s, "0", 2) != 2) {
-	    warn ("write");
-	    return 1;
-	}
-	errsock2 = -1;
-    }
-
-    if ((*auth_func)(s, thisaddr, thataddr, hostname,
-		     remote_user, local_user,
-		     cmd_len, cmd)) {
-	close (errsock2);
-	return 1;
-    } 
-
-    ret = net_read (s, &reply, 1);
-    if (ret < 0) {
-	warn ("read");
-	close (errsock2);
-	return 1;
-    } else if (ret == 0) {
-	warnx ("unexpected EOF from %s", hostname);
-	close (errsock2);
-	return 1;
-    }
-    if (reply != 0) {
-
-	warnx ("Error from rshd at %s:", hostname);
-
-	while ((ret = read (s, buf, sizeof(buf))) > 0)
-	    write (STDOUT_FILENO, buf, ret);
-        write (STDOUT_FILENO,"\n",1);
-	close (errsock2);
-	return 1;
-    }
-
-    if (sock_debug) {
-	int one = 1;
-	if (setsockopt(s, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0)
-	    warn("setsockopt remote");
-	if (errsock2 != -1 &&
-	    setsockopt(errsock2, SOL_SOCKET, SO_DEBUG,
-		       (void *)&one, sizeof(one)) < 0)
-	    warn("setsockopt stderr");
-    }
-    
-    return loop (s, errsock2);
-}
-
-/*
- * Return in `res' a copy of the concatenation of `argc, argv' into
- * malloced space.  */
-
-static size_t
-construct_command (char **res, int argc, char **argv)
-{
-    int i;
-    size_t len = 0;
-    char *tmp;
-
-    for (i = 0; i < argc; ++i)
-	len += strlen(argv[i]) + 1;
-    len = max (1, len);
-    tmp = malloc (len);
-    if (tmp == NULL)
-	errx (1, "malloc %u failed", len);
-
-    *tmp = '\0';
-    for (i = 0; i < argc - 1; ++i) {
-	strcat (tmp, argv[i]);
-	strcat (tmp, " ");
-    }
-    if (argc > 0)
-	strcat (tmp, argv[argc-1]);
-    *res = tmp;
-    return len;
-}
-
-static char *
-print_addr (const struct sockaddr *sa)
-{
-    char addr_str[256];
-    char *res;
-    const char *as = NULL;
-
-    if(sa->sa_family == AF_INET)
-	as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, 
-			addr_str, sizeof(addr_str));
-#ifdef HAVE_INET6
-    else if(sa->sa_family == AF_INET6)
-	as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, 
-			addr_str, sizeof(addr_str));
-#endif
-    if(as == NULL)
-	return NULL;
-    res = strdup(as);
-    if (res == NULL)
-	errx (1, "malloc: out of memory");
-    return res;
-}
-
-static int
-doit_broken (int argc,
-	     char **argv,
-	     int hostindex,
-	     struct addrinfo *ai,
-	     const char *remote_user,
-	     const char *local_user,
-	     int priv_socket1,
-	     int priv_socket2,
-	     const char *cmd,
-	     size_t cmd_len)
-{
-    struct addrinfo *a;
-
-    if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
-	int save_errno = errno;
-	
-	close(priv_socket1);
-	close(priv_socket2);
-
-	for (a = ai->ai_next; a != NULL; a = a->ai_next) {
-	    pid_t pid;
-	    char *adr = print_addr(a->ai_addr);
-	    if(adr == NULL)
-		continue;
-
-	    pid = fork();
-	    if (pid < 0)
-		err (1, "fork");
-	    else if(pid == 0) {
-		char **new_argv;
-		int i = 0;
-
-		new_argv = malloc((argc + 2) * sizeof(*new_argv));
-		if (new_argv == NULL)
-		    errx (1, "malloc: out of memory");
-		new_argv[i] = argv[i];
-		++i;
-		if (hostindex == i)
-		    new_argv[i++] = adr;
-		new_argv[i++] = "-K";
-		for(; i <= argc; ++i)
-		    new_argv[i] = argv[i - 1];
-		if (hostindex > 1)
-		    new_argv[hostindex + 1] = adr;
-		new_argv[argc + 1] = NULL;
-		execv(PATH_RSH, new_argv);
-		err(1, "execv(%s)", PATH_RSH);
-	    } else {
-		int status;
-		free(adr);
-
-		while(waitpid(pid, &status, 0) < 0)
-		    ;
-		if(WIFEXITED(status) && WEXITSTATUS(status) == 0)
-		    return 0;
-	    }
-	}
-	errno = save_errno;
-	warn("%s", argv[hostindex]);
-	return 1;
-    } else {
-	int ret;
-
-	ret = proto (priv_socket1, priv_socket2,
-		     argv[hostindex],
-		     local_user, remote_user,
-		     cmd, cmd_len,
-		     send_broken_auth);
-	return ret;
-    }
-}
-
-#if defined(KRB4) || defined(KRB5)
-static int
-doit (const char *hostname,
-      struct addrinfo *ai,
-      const char *remote_user,
-      const char *local_user,
-      const char *cmd,
-      size_t cmd_len,
-      int do_errsock,
-      int (*auth_func)(int s,
-		       struct sockaddr *this, struct sockaddr *that,
-		       const char *hostname, const char *remote_user,
-		       const char *local_user, size_t cmd_len,
-		       const char *cmd))
-{
-    int error;
-    struct addrinfo *a;
-    int socketfailed = 1;
-    int ret;
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-	int errsock;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0) 
-	    continue;
-	socketfailed = 0;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    char addr[128];
-	    if(getnameinfo(a->ai_addr, a->ai_addrlen, 
-			   addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
-		warn ("connect(%s [%s])", hostname, addr);
-	    else
-		warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	if (do_errsock) {
-	    struct addrinfo *ea, *eai;
-	    struct addrinfo hints;
-
-	    memset (&hints, 0, sizeof(hints));
-	    hints.ai_socktype = a->ai_socktype;
-	    hints.ai_protocol = a->ai_protocol;
-	    hints.ai_family   = a->ai_family;
-	    hints.ai_flags    = AI_PASSIVE;
-
-	    errsock = -1;
-
-	    error = getaddrinfo (NULL, "0", &hints, &eai);
-	    if (error)
-		errx (1, "getaddrinfo: %s", gai_strerror(error));
-	    for (ea = eai; ea != NULL; ea = ea->ai_next) {
-		errsock = socket (ea->ai_family, ea->ai_socktype,
-				  ea->ai_protocol);
-		if (errsock < 0)
-		    continue;
-		if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
-		    err (1, "bind");
-		break;
-	    }
-	    if (errsock < 0)
-		err (1, "socket");
-	    freeaddrinfo (eai);
-	} else
-	    errsock = -1;
-    
-	ret = proto (s, errsock,
-		     hostname,
-		     local_user, remote_user,
-		     cmd, cmd_len, auth_func);
-	close (s);
-	return ret;
-    }
-    if(socketfailed)
-	warnx ("failed to contact %s", hostname);
-    return -1;
-}
-#endif /* KRB4 || KRB5 */
-
-struct getargs args[] = {
-#ifdef KRB4
-    { "krb4",	'4', arg_flag,		&use_v4,	"Use Kerberos V4" },
-#endif
-#ifdef KRB5
-    { "krb5",	'5', arg_flag,		&use_v5,	"Use Kerberos V5" },
-    { "forward", 'f', arg_flag,		&do_forward,	"Forward credentials (krb5)"},
-    { NULL, 'G', arg_negative_flag,&do_forward,	"Don't forward credentials" },
-    { "forwardable", 'F', arg_flag,	&do_forwardable,
-      "Forward forwardable credentials" },
-#endif
-#if defined(KRB4) || defined(KRB5)
-    { "broken", 'K', arg_flag,		&use_only_broken, "Use only priv port" },
-    { "encrypt", 'x', arg_flag,		&do_encrypt,	"Encrypt connection" },
-    { NULL, 	'z', arg_negative_flag,      &do_encrypt,
-      "Don't encrypt connection", NULL },
-#endif
-#ifdef KRB5
-    { "unique", 'u', arg_flag,	&do_unique_tkfile,
-      "Use unique remote tkfile (krb5)" },
-    { "tkfile", 'U', arg_string,  &unique_tkfile,
-      "Use that remote tkfile (krb5)" },
-#endif
-    { NULL,	'd', arg_flag,		&sock_debug, "Enable socket debugging" },
-    { "input",	'n', arg_negative_flag,	&input,		"Close stdin" },
-    { "port",	'p', arg_string,	&port_str,	"Use this port",
-      "port" },
-    { "user",	'l', arg_string,	&user,		"Run as this user", "login" },
-    { "stderr", 'e', arg_negative_flag, &do_errsock,	"Don't open stderr"},
-    { "protocol", 'P', arg_string,      &protocol_version_str, 
-      "Protocol version", "protocol" },
-    { "version", 0,  arg_flag,		&do_version,	NULL },
-    { "help",	 0,  arg_flag,		&do_help,	NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[login@]host [command]");
-    exit (ret);
-}
-
-/*
- *
- */
-
-int
-main(int argc, char **argv)
-{
-    int priv_port1, priv_port2;
-    int priv_socket1, priv_socket2;
-    int argindex = 0;
-    int error;
-    struct addrinfo hints, *ai;
-    int ret = 1;
-    char *cmd;
-    char *tmp;
-    size_t cmd_len;
-    const char *local_user;
-    char *host = NULL;
-    int host_index = -1;
-#ifdef KRB5
-    int status;
-#endif
-    uid_t uid;
-
-    priv_port1 = priv_port2 = IPPORT_RESERVED-1;
-    priv_socket1 = rresvport(&priv_port1);
-    priv_socket2 = rresvport(&priv_port2);
-    uid = getuid ();
-    if (setuid (uid) || (uid != 0 && setuid(0) == 0))
-	err (1, "setuid");
-    
-    setprogname (argv[0]);
-
-    if (argc >= 2 && argv[1][0] != '-') {
-	host = argv[host_index = 1];
-	argindex = 1;
-    }
-    
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&argindex))
-	usage (1);
-
-    if (do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version (NULL);
-	return 0;
-    }
-
-    if(protocol_version_str != NULL) {
-	if(strcasecmp(protocol_version_str, "N") == 0)
-	    protocol_version = 2;
-	else if(strcasecmp(protocol_version_str, "O") == 0)
-	    protocol_version = 1;
-	else {
-	    char *end;
-	    int v;
-	    v = strtol(protocol_version_str, &end, 0);
-	    if(*end != '\0' || (v != 1 && v != 2)) {
-		errx(1, "unknown protocol version \"%s\"", 
-		     protocol_version_str);
-	    }
-	    protocol_version = v;
-	}
-    }
-
-#ifdef KRB5
-    status = krb5_init_context (&context);
-    if (status) {
-	if(use_v5 == 1)
-	    errx(1, "krb5_init_context failed: %d", status);
-	else
-	    use_v5 = 0;
-    }
-
-    /* request for forwardable on the command line means we should
-       also forward */
-    if (do_forwardable == 1)
-	do_forward = 1;
-
-#endif
-
-#if defined(KRB4) && defined(KRB5)
-    if(use_v4 == -1 && use_v5 == 1)
-	use_v4 = 0;
-    if(use_v5 == -1 && use_v4 == 1)
-	use_v5 = 0;
-#endif    
-
-    if (use_only_broken) {
-#ifdef KRB4
-	use_v4 = 0;
-#endif
-#ifdef KRB5
-	use_v5 = 0;
-#endif
-    }
-
-    if(priv_socket1 < 0) {
-	if (use_only_broken)
-	    errx (1, "unable to bind reserved port: is rsh setuid root?");
-	use_broken = 0;
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    if (do_encrypt == 1 && use_only_broken)
-	errx (1, "encryption not supported with old style authentication");
-#endif
-
-
-
-#ifdef KRB5
-    if (do_unique_tkfile && unique_tkfile != NULL)
-	errx (1, "Only one of -u and -U allowed.");
-
-    if (do_unique_tkfile)
-	strcpy(tkfile,"-u ");
-    else if (unique_tkfile != NULL) {
-	if (strchr(unique_tkfile,' ') != NULL) {
-	    warnx("Space is not allowed in tkfilename");
-	    usage(1);
-	}
-	do_unique_tkfile = 1;
-	snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
-    }
-#endif
-
-    if (host == NULL) {
-	if (argc - argindex < 1)
-	    usage (1);
-	else
-	    host = argv[host_index = argindex++];
-    }
-    
-    if((tmp = strchr(host, '@')) != NULL) {
-	*tmp++ = '\0';
-	user = host;
-	host = tmp;
-    }
-
-    if (argindex == argc) {
-	close (priv_socket1);
-	close (priv_socket2);
-	argv[0] = "rlogin";
-	execvp ("rlogin", argv);
-	err (1, "execvp rlogin");
-    }
-
-    local_user = get_default_username ();
-    if (local_user == NULL)
-	errx (1, "who are you?");
-
-    if (user == NULL)
-	user = local_user;
-
-    cmd_len = construct_command(&cmd, argc - argindex, argv + argindex);
-    
-    /*
-     * Try all different authentication methods
-     */
-
-#ifdef KRB5
-    if (ret && use_v5) {
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	if(port_str == NULL) {
-	    error = getaddrinfo(host, "kshell", &hints, &ai);
-	    if(error == EAI_NONAME)
-		error = getaddrinfo(host, "544", &hints, &ai);
-	} else
-	    error = getaddrinfo(host, port_str, &hints, &ai);
-
-	if(error)
-	    errx (1, "getaddrinfo: %s", gai_strerror(error));
-
-	auth_method = AUTH_KRB5;
-      again:
-	ret = doit (host, ai, user, local_user, cmd, cmd_len,
-		    do_errsock,
-		    send_krb5_auth);
-	if(ret != 0 && sendauth_version_error && 
-	   protocol_version == 2) {
-	    protocol_version = 1;
-	    goto again;
-	}
-	freeaddrinfo(ai);
-    }
-#endif
-#ifdef KRB4
-    if (ret && use_v4) {
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	if(port_str == NULL) {
-	    if(do_encrypt) {
-		error = getaddrinfo(host, "ekshell", &hints, &ai);
-		if(error == EAI_NONAME)
-		    error = getaddrinfo(host, "545", &hints, &ai);
-	    } else {
-		error = getaddrinfo(host, "kshell", &hints, &ai);
-		if(error == EAI_NONAME)
-		    error = getaddrinfo(host, "544", &hints, &ai);
-	    }
-	} else
-	    error = getaddrinfo(host, port_str, &hints, &ai);
-
-	if(error)
-	    errx (1, "getaddrinfo: %s", gai_strerror(error));
-	auth_method = AUTH_KRB4;
-	ret = doit (host, ai, user, local_user, cmd, cmd_len,
-		    do_errsock,
-		    send_krb4_auth);
-	freeaddrinfo(ai);
-    }
-#endif
-    if (ret && use_broken) {
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	if(port_str == NULL) {
-	    error = getaddrinfo(host, "shell", &hints, &ai);
-	    if(error == EAI_NONAME)
-		error = getaddrinfo(host, "514", &hints, &ai);
-	} else
-	    error = getaddrinfo(host, port_str, &hints, &ai);
-
-	if(error)
-	    errx (1, "getaddrinfo: %s", gai_strerror(error));
-
-	auth_method = AUTH_BROKEN;
-	ret = doit_broken (argc, argv, host_index, ai,
-			   user, local_user,
-			   priv_socket1,
-			   do_errsock ? priv_socket2 : -1,
-			   cmd, cmd_len);
-	freeaddrinfo(ai);
-    }
-    free(cmd);
-    return ret;
-}
diff --git a/crypto/heimdal/appl/rsh/rsh_locl.h b/crypto/heimdal/appl/rsh/rsh_locl.h
deleted file mode 100644
index 151a8887bd54..000000000000
--- a/crypto/heimdal/appl/rsh/rsh_locl.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: rsh_locl.h,v 1.33 2003/04/16 20:05:39 lha Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include <stdarg.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <errno.h>
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#ifdef KRB4
-#include <krb.h>
-#include <prot.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-#include <krb5-private.h> /* for _krb5_{get,put}_int */
-#endif
-#include <kafs.h>
-
-#ifndef _PATH_NOLOGIN
-#define _PATH_NOLOGIN   "/etc/nologin"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL	"/bin/sh"
-#endif
-
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH	"/usr/bin:/bin"
-#endif
-
-#ifndef _PATH_ETC_ENVIRONMENT
-#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
-#endif
-
-/*
- *
- */
-
-enum auth_method { AUTH_KRB4, AUTH_KRB5, AUTH_BROKEN };
-
-extern enum auth_method auth_method;
-extern int do_encrypt;
-#ifdef KRB5
-extern krb5_context context;
-extern krb5_keyblock *keyblock;
-extern krb5_crypto crypto;
-extern int key_usage;
-extern void *ivec_in[2];
-extern void *ivec_out[2];
-void init_ivecs(int);
-#endif
-#ifdef KRB4
-extern des_key_schedule schedule;
-extern des_cblock iv;
-#endif
-
-#define KCMD_OLD_VERSION "KCMDV0.1"
-#define KCMD_NEW_VERSION "KCMDV0.2"
-
-#define USERNAME_SZ 16
-#ifndef ARG_MAX
-#define ARG_MAX 8192
-#endif
-
-#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
-
-#define PATH_RSH BINDIR "/rsh"
-
-#if defined(KRB4) || defined(KRB5)
-ssize_t do_read (int, void*, size_t, void*);
-ssize_t do_write (int, void*, size_t, void*);
-#else
-#define do_write(F, B, L, I) write((F), (B), (L))
-#define do_read(F, B, L, I) read((F), (B), (L))
-#endif
diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8
deleted file mode 100644
index 7c7a3636c5ca..000000000000
--- a/crypto/heimdal/appl/rsh/rshd.8
+++ /dev/null
@@ -1,162 +0,0 @@
-.\" Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: rshd.8,v 1.7 2003/04/16 19:58:42 lha Exp $
-.\"
-.Dd November 22, 2002
-.Dt RSHD 8
-.Os HEIMDAL
-.Sh NAME
-.Nm rshd
-.Nd
-remote shell server
-.Sh SYNOPSIS
-.Nm
-.Op Fl aiklnvxPL
-.Op Fl p Ar port
-.Sh DESCRIPTION
-.Nm
-is the server for
-the
-.Xr rsh 1
-program. It provides an authenticated remote command execution
-service.  Supported options are:
-.Bl -tag -width Ds
-.It Xo
-.Fl n ,
-.Fl -no-keepalive
-.Xc
-Disables keep-alive messages.
-Keep-alives are packets sent at certain intervals to make sure that the
-client is still there, even when it doesn't send any data.
-.It Xo
-.Fl k ,
-.Fl -kerberos
-.Xc
-Assume that clients connecting to this server will use some form of
-Kerberos authentication. See the
-.Sx EXAMPLES
-section for a sample
-.Xr inetd.conf 5
-configuration.
-.It Xo
-.Fl x ,
-.Fl -encrypt
-.Xc
-For Kerberos 4 this means that the connections are encrypted. Kerberos
-5 can negotiate encryption even without this option, but if it's
-present
-.Nm
-will deny unencrypted connections. This option implies
-.Fl k .
-.\".It Xo
-.\".Fl l ,
-.\".Fl -no-rhosts
-.\".Xc
-.\"When using old port-based authentication, the user's
-.\".Pa .rhosts
-.\"files are normally checked. This options disables this.
-.It Xo
-.Fl v ,
-.Fl -vacuous
-.Xc
-If the connecting client does not use any Kerberised authentication,
-print a message that complains about this fact, and exit. This is
-helpful if you want to move away from old port-based authentication.
-.It Xo
-.Fl P
-.Xc
-When using the AFS filesystem, users' authentication tokens are put in
-something called a PAG (Process Authentication Group). Multiple
-processes can share a PAG, but normally each login session has its own
-PAG. This option disables the
-.Fn setpag
-call, so all tokens will be put in the default (uid-based) PAG, making
-it possible to share tokens between sessions. This is only useful in
-peculiar environments, such as some batch systems.
-.It Xo
-.Fl i ,
-.Fl -no-inetd
-.Xc
-The
-.Fl i
-option will cause
-.Nm
-to create a socket, instead of assuming that its stdin came from
-.Xr inetd 8 .
-This is mostly useful for debugging.
-.It Xo
-.Fl p Ar port ,
-.Fl -port= Ns Ar port
-.Xc
-Port to use with
-.Fl i .
-.It Xo
-.Fl a
-.Xc
-This flag is for backwards compatibility only.
-.It Xo
-.Fl L
-.Xc
-This flag enables logging of connections to
-.Xr syslogd 8 .
-This option is always on in this implementation.
-.El
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Bl -tag -width /etc/hosts.equiv -compact
-.It Pa /etc/hosts.equiv
-.It Pa ~/.rhosts
-.El
-.Sh EXAMPLES
-The following can be used to enable Kerberised rsh in
-.Xr inetd.cond 5 ,
-while disabling non-Kerberised connections:
-.Bd -literal
-shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
-kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
-ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr rsh 1 ,
-.Xr iruserok 3
-.\".Sh STANDARDS
-.Sh HISTORY
-The
-.Nm
-command appeared in
-.Bx 4.2 .
-.Sh AUTHORS
-This implementation of
-.Nm
-was written as part of the Heimdal Kerberos 5 implementation.
-.\".Sh BUGS
diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c
deleted file mode 100644
index c3c3d383cd02..000000000000
--- a/crypto/heimdal/appl/rsh/rshd.c
+++ /dev/null
@@ -1,1042 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "rsh_locl.h"
-RCSID("$Id: rshd.c,v 1.51 2003/04/16 19:50:49 joda Exp $");
-
-int
-login_access( struct passwd *user, char *from);
-
-enum auth_method auth_method;
-
-#ifdef KRB5
-krb5_context context;
-krb5_keyblock *keyblock;
-krb5_crypto crypto;
-#endif
-
-#ifdef KRB4
-des_key_schedule schedule;
-des_cblock iv;
-#endif
-
-#ifdef KRB5
-krb5_ccache ccache, ccache2;
-int kerberos_status = 0;
-#endif
-
-int do_encrypt = 0;
-
-static int do_unique_tkfile           = 0;
-static char tkfile[MAXPATHLEN] = "";
-
-static int do_inetd = 1;
-static char *port_str;
-static int do_rhosts = 1;
-static int do_kerberos = 0;
-#define DO_KRB4 2
-#define DO_KRB5 4
-static int do_vacuous = 0;
-static int do_log = 1;
-static int do_newpag = 1;
-static int do_addr_verify = 0;
-static int do_keepalive = 1;
-static int do_version;
-static int do_help = 0;
-
-#if defined(KRB5) && defined(DCE)
-int dfsk5ok = 0;
-int dfspag = 0;
-int dfsfwd = 0;
-krb5_ticket *user_ticket;
-#endif
-
-static void
-syslog_and_die (const char *m, ...)
-    __attribute__ ((format (printf, 1, 2)));
-
-static void
-syslog_and_die (const char *m, ...)
-{
-    va_list args;
-
-    va_start(args, m);
-    vsyslog (LOG_ERR, m, args);
-    va_end(args);
-    exit (1);
-}
-
-static void
-fatal (int, const char*, const char *, ...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-static void
-fatal (int sock, const char *what, const char *m, ...)
-{
-    va_list args;
-    char buf[BUFSIZ];
-    size_t len;
-
-    *buf = 1;
-    va_start(args, m);
-    len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
-    len = min(len, sizeof(buf) - 1);
-    va_end(args);
-    if(what != NULL)
-	syslog (LOG_ERR, "%s: %m: %s", what, buf + 1);
-    else
-	syslog (LOG_ERR, "%s", buf + 1);
-    net_write (sock, buf, len + 1);
-    exit (1);
-}
-
-static char *
-read_str (int s, size_t sz, char *expl)
-{
-    char *str = malloc(sz);
-    char *p = str;
-    if(str == NULL)
-	fatal(s, NULL, "%s too long", expl);
-    while(p < str + sz) {
-	if(net_read(s, p, 1) != 1)
-	    syslog_and_die("read: %m");
-	if(*p == '\0')
-	    return str;
-	p++;
-    }
-    fatal(s, NULL, "%s too long", expl);
-}
-
-static int
-recv_bsd_auth (int s, u_char *buf,
-	       struct sockaddr_in *thisaddr,
-	       struct sockaddr_in *thataddr,
-	       char **client_username,
-	       char **server_username,
-	       char **cmd)
-{
-    struct passwd *pwd;
-    
-    *client_username = read_str (s, USERNAME_SZ, "local username");
-    *server_username = read_str (s, USERNAME_SZ, "remote username");
-    *cmd = read_str (s, ARG_MAX + 1, "command");
-    pwd = getpwnam(*server_username);
-    if (pwd == NULL)
-	fatal(s, NULL, "Login incorrect.");
-    if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
-		 *client_username, *server_username))
-	fatal(s, NULL, "Login incorrect.");
-    return 0;
-}
-
-#ifdef KRB4
-static int
-recv_krb4_auth (int s, u_char *buf,
-		struct sockaddr *thisaddr,
-		struct sockaddr *thataddr,
-		char **client_username,
-		char **server_username,
-		char **cmd)
-{
-    int status;
-    int32_t options;
-    KTEXT_ST ticket;
-    AUTH_DAT auth;
-    char instance[INST_SZ + 1];
-    char version[KRB_SENDAUTH_VLEN + 1];
-
-    if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
-	return -1;
-    if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
-	KRB_SENDAUTH_VLEN - 4)
-	syslog_and_die ("reading auth info: %m");
-    if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
-	syslog_and_die("unrecognized auth protocol: %.8s", buf);
-
-    options = KOPT_IGNORE_PROTOCOL;
-    if (do_encrypt)
-	options |= KOPT_DO_MUTUAL;
-    k_getsockinst (s, instance, sizeof(instance));
-    status = krb_recvauth (options,
-			   s,
-			   &ticket,
-			   "rcmd",
-			   instance,
-			   (struct sockaddr_in *)thataddr,
-			   (struct sockaddr_in *)thisaddr,
-			   &auth,
-			   "",
-			   schedule,
-			   version);
-    if (status != KSUCCESS)
-	syslog_and_die ("recvauth: %s", krb_get_err_text(status));
-    if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
-	syslog_and_die ("bad version: %s", version);
-
-    *server_username = read_str (s, USERNAME_SZ, "remote username");
-    if (kuserok (&auth, *server_username) != 0)
-	fatal (s, NULL, "Permission denied.");
-    *cmd = read_str (s, ARG_MAX + 1, "command");
-
-    syslog(LOG_INFO|LOG_AUTH,
-	   "kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
-	   krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
-
-	   inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
-	   *server_username,
-	   *cmd);
-
-    memcpy (iv, auth.session, sizeof(iv));
-
-    return 0;
-}
-
-#endif /* KRB4 */
-
-#ifdef KRB5
-static int 
-save_krb5_creds (int s,
-                 krb5_auth_context auth_context,
-                 krb5_principal client)
-
-{
-    int ret;
-    krb5_data remote_cred;
- 
-    krb5_data_zero (&remote_cred);
-    ret= krb5_read_message (context, (void *)&s, &remote_cred);
-    if (ret) {
-	krb5_data_free(&remote_cred);
-	return 0;
-    }
-    if (remote_cred.length == 0)
-	return 0;
- 
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
-    if (ret) {
-	krb5_data_free(&remote_cred);
-	return 0;
-    }
-  
-    krb5_cc_initialize(context,ccache,client);
-    ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
-    if(ret != 0)
-	syslog(LOG_INFO|LOG_AUTH,
-	       "reading creds: %s", krb5_get_err_text(context, ret));
-    krb5_data_free (&remote_cred);
-    if (ret)
-	return 0;
-    return 1;
-}
-
-static void
-krb5_start_session (void)
-{
-    krb5_error_code ret;
-
-    ret = krb5_cc_resolve (context, tkfile, &ccache2);
-    if (ret) {
-	krb5_cc_destroy(context, ccache);
-	return;
-    }
-
-    ret = krb5_cc_copy_cache (context, ccache, ccache2);
-    if (ret) {
-	krb5_cc_destroy(context, ccache);
-	return ;
-    }
-
-    krb5_cc_close(context, ccache2);
-    krb5_cc_destroy(context, ccache);
-    return;
-}
-
-static int protocol_version;
-
-static krb5_boolean
-match_kcmd_version(const void *data, const char *version)
-{
-    if(strcmp(version, KCMD_NEW_VERSION) == 0) {
-	protocol_version = 2;
-	return TRUE;
-    }
-    if(strcmp(version, KCMD_OLD_VERSION) == 0) {
-	protocol_version = 1;
-	key_usage = KRB5_KU_OTHER_ENCRYPTED;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-
-static int
-recv_krb5_auth (int s, u_char *buf,
-		struct sockaddr *thisaddr,
-		struct sockaddr *thataddr,
-		char **client_username,
-		char **server_username,
-		char **cmd)
-{
-    u_int32_t len;
-    krb5_auth_context auth_context = NULL;
-    krb5_ticket *ticket;
-    krb5_error_code status;
-    krb5_data cksum_data;
-    krb5_principal server;
-
-    if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
-	return -1;
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
-	
-    if (net_read(s, buf, len) != len)
-	syslog_and_die ("reading auth info: %m");
-    if (len != sizeof(KRB5_SENDAUTH_VERSION)
-	|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
-	syslog_and_die ("bad sendauth version: %.8s", buf);
-    
-    status = krb5_sock_to_principal (context,
-				     s,
-				     "host",
-				     KRB5_NT_SRV_HST,
-				     &server);
-    if (status)
-	syslog_and_die ("krb5_sock_to_principal: %s",
-			krb5_get_err_text(context, status));
-
-    status = krb5_recvauth_match_version(context,
-					 &auth_context,
-					 &s,
-					 match_kcmd_version,
-					 NULL,
-					 server,
-					 KRB5_RECVAUTH_IGNORE_VERSION,
-					 NULL,
-					 &ticket);
-    krb5_free_principal (context, server);
-    if (status)
-	syslog_and_die ("krb5_recvauth: %s",
-			krb5_get_err_text(context, status));
-
-    *server_username = read_str (s, USERNAME_SZ, "remote username");
-    *cmd = read_str (s, ARG_MAX + 1, "command");
-    *client_username = read_str (s, ARG_MAX + 1, "local username");
-
-    if(protocol_version == 2) {
-	status = krb5_auth_con_getremotesubkey(context, auth_context, 
-					       &keyblock);
-	if(status != 0 || keyblock == NULL)
-	    syslog_and_die("failed to get remote subkey");
-    } else if(protocol_version == 1) {
-	status = krb5_auth_con_getkey (context, auth_context, &keyblock);
-	if(status != 0 || keyblock == NULL)
-	    syslog_and_die("failed to get key");
-    }
-    if (status != 0 || keyblock == NULL)
-       syslog_and_die ("krb5_auth_con_getkey: %s",
-                       krb5_get_err_text(context, status));
-
-    status = krb5_crypto_init(context, keyblock, 0, &crypto);
-    if(status)
-	syslog_and_die("krb5_crypto_init: %s", 
-		       krb5_get_err_text(context, status));
-
-    
-    cksum_data.length = asprintf ((char **)&cksum_data.data,
-				  "%u:%s%s",
-				  ntohs(socket_get_port (thisaddr)),
-				  *cmd,
-				  *server_username);
-
-    status = krb5_verify_authenticator_checksum(context, 
-						auth_context,
-						cksum_data.data, 
-						cksum_data.length);
-
-    if (status)
-	syslog_and_die ("krb5_verify_authenticator_checksum: %s",
-			krb5_get_err_text(context, status));
-
-    free (cksum_data.data);
-
-    if (strncmp (*client_username, "-u ", 3) == 0) {
-	do_unique_tkfile = 1;
-	memmove (*client_username, *client_username + 3,
-		 strlen(*client_username) - 2);
-    }
-
-    if (strncmp (*client_username, "-U ", 3) == 0) {
-	char *end, *temp_tkfile;
-
-	do_unique_tkfile = 1;
-	if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
-	    temp_tkfile = tkfile;
-	} else {
-	    strcpy (tkfile, "FILE:");
-	    temp_tkfile = tkfile + 5;
-	}
-	end = strchr(*client_username + 3,' ');
-	strncpy(temp_tkfile, *client_username + 3, end - *client_username - 3);
-	temp_tkfile[end - *client_username - 3] = '\0';
-	memmove (*client_username, end + 1, strlen(end+1)+1);
-    }
-
-    kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
-
-    if(!krb5_kuserok (context,
-		      ticket->client,
-		      *server_username))
-	fatal (s, NULL, "Permission denied.");
-
-    if (strncmp (*cmd, "-x ", 3) == 0) {
-	do_encrypt = 1;
-	memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
-    } else {
-	if(do_encrypt)
-	    fatal (s, NULL, "Encryption is required.");
-	do_encrypt = 0;
-    }
-
-    {
-	char *name;
-
-	if (krb5_unparse_name (context, ticket->client, &name) == 0) {
-	    char addr_str[256];
-
-	    if (inet_ntop (thataddr->sa_family,
-			   socket_get_address (thataddr),
-			   addr_str, sizeof(addr_str)) == NULL)
-		strlcpy (addr_str, "unknown address",
-				 sizeof(addr_str));
-
-	    syslog(LOG_INFO|LOG_AUTH,
-		   "kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
-		   name,
-		   addr_str,
-		   *server_username,
-		   *cmd);
-	    free (name);
-	}
-    }	   
-
-#if defined(DCE)
-    user_ticket = ticket;
-#endif
-
-    return 0;
-}
-#endif /* KRB5 */
-
-static void
-loop (int from0, int to0,
-      int to1,   int from1,
-      int to2,   int from2)
-{
-    fd_set real_readset;
-    int max_fd;
-    int count = 2;
-
-    if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
-	errx (1, "fd too large");
-
-#ifdef KRB5
-    if(auth_method == AUTH_KRB5 && protocol_version == 2)
-	init_ivecs(0);
-#endif
-
-    FD_ZERO(&real_readset);
-    FD_SET(from0, &real_readset);
-    FD_SET(from1, &real_readset);
-    FD_SET(from2, &real_readset);
-    max_fd = max(from0, max(from1, from2)) + 1;
-    for (;;) {
-	int ret;
-	fd_set readset = real_readset;
-	char buf[RSH_BUFSIZ];
-
-	ret = select (max_fd, &readset, NULL, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		syslog_and_die ("select: %m");
-	}
-	if (FD_ISSET(from0, &readset)) {
-	    ret = do_read (from0, buf, sizeof(buf), ivec_in[0]);
-	    if (ret < 0)
-		syslog_and_die ("read: %m");
-	    else if (ret == 0) {
-		close (from0);
-		close (to0);
-		FD_CLR(from0, &real_readset);
-	    } else
-		net_write (to0, buf, ret);
-	}
-	if (FD_ISSET(from1, &readset)) {
-	    ret = read (from1, buf, sizeof(buf));
-	    if (ret < 0)
-		syslog_and_die ("read: %m");
-	    else if (ret == 0) {
-		close (from1);
-		close (to1);
-		FD_CLR(from1, &real_readset);
-		if (--count == 0)
-		    exit (0);
-	    } else
-		do_write (to1, buf, ret, ivec_out[0]);
-	}
-	if (FD_ISSET(from2, &readset)) {
-	    ret = read (from2, buf, sizeof(buf));
-	    if (ret < 0)
-		syslog_and_die ("read: %m");
-	    else if (ret == 0) {
-		close (from2);
-		close (to2);
-		FD_CLR(from2, &real_readset);
-		if (--count == 0)
-		    exit (0);
-	    } else
-		do_write (to2, buf, ret, ivec_out[1]);
-	}
-   }
-}
-
-/*
- * Used by `setup_copier' to create some pipe-like means of
- * communcation.  Real pipes would probably be the best thing, but
- * then the shell doesn't understand it's talking to rshd.  If
- * socketpair doesn't work everywhere, some autoconf magic would have
- * to be added here.
- *
- * If it fails creating the `pipe', it aborts by calling fatal.
- */
-
-static void
-pipe_a_like (int fd[2])
-{
-    if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
-	fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
-}
-
-/*
- * Start a child process and leave the parent copying data to and from it.  */
-
-static void
-setup_copier (void)
-{
-    int p0[2], p1[2], p2[2];
-    pid_t pid;
-
-    pipe_a_like(p0);
-    pipe_a_like(p1);
-    pipe_a_like(p2);
-    pid = fork ();
-    if (pid < 0)
-	fatal (STDOUT_FILENO, "fork", "Could not create child process.");
-    if (pid == 0) { /* child */
-	close (p0[1]);
-	close (p1[0]);
-	close (p2[0]);
-	dup2 (p0[0], STDIN_FILENO);
-	dup2 (p1[1], STDOUT_FILENO);
-	dup2 (p2[1], STDERR_FILENO);
-	close (p0[0]);
-	close (p1[1]);
-	close (p2[1]);
-    } else { /* parent */
-	close (p0[0]);
-	close (p1[1]);
-	close (p2[1]);
-
-	if (net_write (STDOUT_FILENO, "", 1) != 1)
-	    fatal (STDOUT_FILENO, "net_write", "Write failure.");
-
-	loop (STDIN_FILENO, p0[1],
-	      STDOUT_FILENO, p1[0],
-	      STDERR_FILENO, p2[0]);
-    }
-}
-
-/*
- * Is `port' a ``reserverd'' port?
- */
-
-static int
-is_reserved(u_short port)
-{
-    return ntohs(port) < IPPORT_RESERVED;
-}
-
-/*
- * Set the necessary part of the environment in `env'.
- */
-
-static void
-setup_environment (char ***env, const struct passwd *pwd)
-{
-    int i, j, path;
-    char **e;
-
-    i = 0;
-    path = 0;
-    *env = NULL;
-
-    i = read_environment(_PATH_ETC_ENVIRONMENT, env);
-    e = *env;
-    for (j = 0; j < i; j++) {
-	if (!strncmp(e[j], "PATH=", 5)) {
-	    path = 1;
-	}
-    }
-
-    e = *env;
-    e = realloc(e, (i + 7) * sizeof(char *));
-
-    asprintf (&e[i++], "USER=%s",  pwd->pw_name);
-    asprintf (&e[i++], "HOME=%s",  pwd->pw_dir);
-    asprintf (&e[i++], "SHELL=%s", pwd->pw_shell);
-    if (! path) {
-	asprintf (&e[i++], "PATH=%s",  _PATH_DEFPATH);
-    }
-    asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
-#if defined(DCE)
-    if (getenv("KRB5CCNAME"))
-	asprintf (&e[i++], "KRB5CCNAME=%s",  getenv("KRB5CCNAME"));
-#else
-    if (do_unique_tkfile)
-	asprintf (&e[i++], "KRB5CCNAME=%s", tkfile);
-#endif
-    e[i++] = NULL;
-    *env = e;
-}
-
-static void
-doit (void)
-{
-    u_char buf[BUFSIZ];
-    u_char *p;
-    struct sockaddr_storage thisaddr_ss;
-    struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
-    struct sockaddr_storage thataddr_ss;
-    struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
-    struct sockaddr_storage erraddr_ss;
-    struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
-    socklen_t thisaddr_len, thataddr_len;
-    int port;
-    int errsock = -1;
-    char *client_user, *server_user, *cmd;
-    struct passwd *pwd;
-    int s = STDIN_FILENO;
-    char **env;
-    int ret;
-    char that_host[NI_MAXHOST];
-
-    thisaddr_len = sizeof(thisaddr_ss);
-    if (getsockname (s, thisaddr, &thisaddr_len) < 0)
-	syslog_and_die("getsockname: %m");
-    thataddr_len = sizeof(thataddr_ss);
-    if (getpeername (s, thataddr, &thataddr_len) < 0)
-	syslog_and_die ("getpeername: %m");
-
-    /* check for V4MAPPED addresses? */
-
-    if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
-	fatal(s, NULL, "Permission denied.");
-
-    p = buf;
-    port = 0;
-    for(;;) {
-	if (net_read (s, p, 1) != 1)
-	    syslog_and_die ("reading port number: %m");
-	if (*p == '\0')
-	    break;
-	else if (isdigit(*p))
-	    port = port * 10 + *p - '0';
-	else
-	    syslog_and_die ("non-digit in port number: %c", *p);
-    }
-
-    if (do_kerberos  == 0 && !is_reserved(htons(port)))
-	fatal(s, NULL, "Permission denied.");
-
-    if (port) {
-	int priv_port = IPPORT_RESERVED - 1;
-
-	/* 
-	 * There's no reason to require a ``privileged'' port number
-	 * here, but for some reason the brain dead rsh clients
-	 * do... :-(
-	 */
-
-	erraddr->sa_family = thataddr->sa_family;
-	socket_set_address_and_port (erraddr,
-				     socket_get_address (thataddr),
-				     htons(port));
-
-	/*
-	 * we only do reserved port for IPv4
-	 */
-
-	if (erraddr->sa_family == AF_INET)
-	    errsock = rresvport (&priv_port);
-	else
-	    errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
-	if (errsock < 0)
-	    syslog_and_die ("socket: %m");
-	if (connect (errsock,
-		     erraddr,
-		     socket_sockaddr_size (erraddr)) < 0) {
-	    syslog (LOG_WARNING, "connect: %m");
-	    close (errsock);
-	}
-    }
-    
-    if(do_kerberos) {
-	if (net_read (s, buf, 4) != 4)
-	    syslog_and_die ("reading auth info: %m");
-    
-#ifdef KRB4
-	if ((do_kerberos & DO_KRB4) && 
-	    recv_krb4_auth (s, buf, thisaddr, thataddr,
-			    &client_user,
-			    &server_user,
-			    &cmd) == 0)
-	    auth_method = AUTH_KRB4;
-	else
-#endif /* KRB4 */
-#ifdef KRB5
-	    if((do_kerberos & DO_KRB5) &&
-	       recv_krb5_auth (s, buf, thisaddr, thataddr,
-			       &client_user,
-			       &server_user,
-			       &cmd) == 0)
-		auth_method = AUTH_KRB5;
-	    else
-#endif /* KRB5 */
-		syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
-				buf[0], buf[1], buf[2], buf[3]);
-    } else {
-	if(recv_bsd_auth (s, buf,
-			  (struct sockaddr_in *)thisaddr,
-			  (struct sockaddr_in *)thataddr,
-			  &client_user,
-			  &server_user,
-			  &cmd) == 0) {
-	    auth_method = AUTH_BROKEN;
-	    if(do_vacuous) {
-		printf("Remote host requires Kerberos authentication\n");
-		exit(0);
-	    }
-	} else
-	    syslog_and_die("recv_bsd_auth failed");
-    }
-
-#if defined(DCE) && defined(_AIX)
-    esetenv("AUTHSTATE", "DCE", 1);
-#endif
-
-    pwd = getpwnam (server_user);
-    if (pwd == NULL)
-	fatal (s, NULL, "Login incorrect.");
-
-    if (*pwd->pw_shell == '\0')
-	pwd->pw_shell = _PATH_BSHELL;
-
-    if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
-	fatal (s, NULL, "Login disabled.");
-
-
-    ret = getnameinfo_verified (thataddr, thataddr_len,
-				that_host, sizeof(that_host),
-				NULL, 0, 0);
-    if (ret)
-	fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
-
-    if (login_access(pwd, that_host) == 0) {
-	syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
-	       server_user, that_host);
-	fatal(s, NULL, "Permission denied.");
-    }
-
-#ifdef HAVE_GETSPNAM
-    {
-	struct spwd *sp;
-	long    today;
-    
-	sp = getspnam(server_user);
-	if (sp != NULL) {
-	    today = time(0)/(24L * 60 * 60);
-	    if (sp->sp_expire > 0) 
-		if (today > sp->sp_expire) 
-		    fatal(s, NULL, "Account has expired.");
-	}
-    }
-#endif
-    
-
-#ifdef KRB5
-    {
-	int fd;
- 
-	if (!do_unique_tkfile)
-	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%u",pwd->pw_uid);
-	else if (*tkfile=='\0') {
-	    snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
-	    fd = mkstemp(tkfile+5);
-	    close(fd);
-	    unlink(tkfile+5);
-	}
- 
-	if (kerberos_status)
-	    krb5_start_session();
-    }
-    chown(tkfile + 5, pwd->pw_uid, -1);
-
-#if defined(DCE)
-    if (kerberos_status) {
-	esetenv("KRB5CCNAME", tkfile, 1);
-	dfspag = krb5_dfs_pag(context, kerberos_status, user_ticket->client, server_user);
-    }
-#endif
-
-#endif
-
-#ifdef HAVE_SETLOGIN
-    if (setlogin(pwd->pw_name) < 0)
-	syslog(LOG_ERR, "setlogin() failed: %m");
-#endif
-
-#ifdef HAVE_SETPCRED
-    if (setpcred (pwd->pw_name, NULL) == -1)
-	syslog(LOG_ERR, "setpcred() failure: %m");
-#endif /* HAVE_SETPCRED */
-
-    if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
-	fatal (s, "initgroups", "Login incorrect.");
-
-    if (setgid(pwd->pw_gid) < 0)
-	fatal (s, "setgid", "Login incorrect.");
-
-    if (setuid (pwd->pw_uid) < 0)
-	fatal (s, "setuid", "Login incorrect.");
-
-    if (chdir (pwd->pw_dir) < 0)
-	fatal (s, "chdir", "Remote directory.");
-
-    if (errsock >= 0) {
-	if (dup2 (errsock, STDERR_FILENO) < 0)
-	    fatal (s, "dup2", "Cannot dup stderr.");
-	close (errsock);
-    }
-
-    setup_environment (&env, pwd);
-
-    if (do_encrypt) {
-	setup_copier ();
-    } else {
-	if (net_write (s, "", 1) != 1)
-	    fatal (s, "net_write", "write failed");
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    if(k_hasafs()) {
-	char cell[64];
-
-	if(do_newpag)
-	    k_setpag();
-#ifdef KRB4
-	if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
-	    krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
-	krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
-#endif
-
-#ifdef KRB5
-	/* XXX */
-       if (kerberos_status) {
-	   krb5_ccache ccache;
-	   krb5_error_code status;
-
-	   status = krb5_cc_resolve (context, tkfile, &ccache);
-	   if (!status) {
-	       if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
-		   krb5_afslog_uid_home(context, ccache, cell, NULL,
-					pwd->pw_uid, pwd->pw_dir);
-	       krb5_afslog_uid_home(context, ccache, NULL, NULL,
-				    pwd->pw_uid, pwd->pw_dir);
-	       krb5_cc_close (context, ccache);
-	   }
-       }
-#endif /* KRB5 */
-    }
-#endif /* KRB5 || KRB4 */
-    execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
-    err(1, "exec %s", pwd->pw_shell);
-}
-
-struct getargs args[] = {
-    { NULL,		'a',	arg_flag,	&do_addr_verify },
-    { "keepalive",	'n',	arg_negative_flag,	&do_keepalive },
-    { "inetd",		'i',	arg_negative_flag,	&do_inetd,
-      "Not started from inetd" },
-#if defined(KRB4) || defined(KRB5)
-    { "kerberos",	'k',	arg_flag,	&do_kerberos,
-      "Implement kerberised services" },
-    { "encrypt",	'x',	arg_flag,		&do_encrypt,
-      "Implement encrypted service" },
-#endif
-    { "rhosts",		'l',	arg_negative_flag, &do_rhosts,
-      "Don't check users .rhosts" },
-    { "port",		'p',	arg_string,	&port_str,	"Use this port",
-      "port" },
-    { "vacuous",	'v',	arg_flag, &do_vacuous,
-      "Don't accept non-kerberised connections" },
-#ifdef KRB4
-    { NULL,		'P',	arg_negative_flag, &do_newpag,
-      "Don't put process in new PAG" },
-#endif
-    /* compatibility flag: */
-    { NULL,		'L',	arg_flag, &do_log },
-    { "version",	0, 	arg_flag,		&do_version },
-    { "help",		0, 	arg_flag,		&do_help }
-};
-
-static void
-usage (int ret)
-{
-    if(isatty(STDIN_FILENO))
-	arg_printusage (args,
-			sizeof(args) / sizeof(args[0]),
-			NULL,
-			"");
-    else
-	syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
-    exit (ret);
-}
-
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int on = 1;
-
-    setprogname (argv[0]);
-    roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
-
-    if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
-	       &optind))
-	usage(1);
-
-    if(do_help)
-	usage (0);
-
-    if (do_version) {
-	print_version(NULL);
-	exit(0);
-    }
-
-#if defined(KRB4) || defined(KRB5)
-    if (do_encrypt)
-	do_kerberos = 1;
-
-    if(do_kerberos)
-	do_kerberos = DO_KRB4 | DO_KRB5;
-#endif
-
-    if (do_keepalive &&
-	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
-		   sizeof(on)) < 0)
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-
-    /* set SO_LINGER? */
-
-#ifdef KRB5
-    if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
-	do_kerberos &= ~DO_KRB5;
-#endif
-
-    if (!do_inetd) {
-	int error;
-	struct addrinfo *ai = NULL, hints;
-	char portstr[NI_MAXSERV];
-	
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags    = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family   = PF_UNSPEC;
-	
-	if(port_str != NULL) {
-	    error = getaddrinfo (NULL, port_str, &hints, &ai);
-	    if (error)
-		errx (1, "getaddrinfo: %s", gai_strerror (error));
-	}
-	if (ai == NULL) {
-#if defined(KRB4) || defined(KRB5)
-	    if (do_kerberos) {
-		if (do_encrypt) {
-		    error = getaddrinfo(NULL, "ekshell", &hints, &ai);
-		    if(error == EAI_NONAME) {
-			snprintf(portstr, sizeof(portstr), "%d", 545);
-			error = getaddrinfo(NULL, portstr, &hints, &ai);
-		    }
-		    if(error) 
-			errx (1, "getaddrinfo: %s", gai_strerror (error));
-		} else {
-		    error = getaddrinfo(NULL, "kshell", &hints, &ai);
-		    if(error == EAI_NONAME) {
-			snprintf(portstr, sizeof(portstr), "%d", 544);
-			error = getaddrinfo(NULL, portstr, &hints, &ai);
-		    }
-		    if(error) 
-			errx (1, "getaddrinfo: %s", gai_strerror (error));
-		}
-	    } else
-#endif
-		{
-		    error = getaddrinfo(NULL, "shell", &hints, &ai);
-		    if(error == EAI_NONAME) {
-			snprintf(portstr, sizeof(portstr), "%d", 514);
-			error = getaddrinfo(NULL, portstr, &hints, &ai);
-		    }
-		    if(error) 
-			errx (1, "getaddrinfo: %s", gai_strerror (error));
-		}
-	}
-	mini_inetd_addrinfo (ai);
-	freeaddrinfo(ai);
-    }
-
-    signal (SIGPIPE, SIG_IGN);
-
-    doit ();
-    return 0;
-}
diff --git a/crypto/heimdal/appl/su/ChangeLog b/crypto/heimdal/appl/su/ChangeLog
deleted file mode 100644
index 7420d85ee3fd..000000000000
--- a/crypto/heimdal/appl/su/ChangeLog
+++ /dev/null
@@ -1,87 +0,0 @@
-2003-05-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: remove accidentally committed code that prints the command
-	being executed
-
-2003-03-18  Love H�rnquist �strand <lha@it.su.se>
-
-	* su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4
-	any more
-
-2002-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: make this build without krb5
-
-2002-01-09  Jacques Vidrine <n@nectar.cc>
-	
-	* su.c: Don't use getlogin() to determine whether we are root.
-	Patch by joda.
-
-2001-06-12  Assar Westerlund  <assar@sics.se>
-
-	* su.c: check memory allocations.  add some const
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* su.c (krb5_verify): handle krb5_init_context failure
-	consistently
-
-2000-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* su.c: set KRBTKFILE
-
-2000-07-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: actually install su
-	* su.c (krb5_verify): try harder freeing.  do not get upset on
-	interrupted password read
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* su.c (main): work-around for setuid and capabilities bug fixed
-	in Linux 2.2.16
-
-2000-06-03  Assar Westerlund  <assar@sics.se>
-
-	* su.c (main): just ignore shadow information if getspnam returns
-	NULL
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: use LIB_roken
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* su.c (krb5_verify): use krb5_verify_user_lrealm
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* su.c: add support for shadow passwords and rewrite some logic.
-  	From Miroslav Ruda <ruda@ics.muni.cz>
-
-	* Makefile.am: add libkafs
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* su.c (main): conditionalize `getlogin'
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* su.c (verfiy_krb5): get the name out of the ccache before
- 	closing it
-
-1999-05-05  Assar Westerlund  <assar@sics.se>
-
-	* su.c: some more error checking
-
-Wed Apr 21 21:04:36 1999  Assar Westerlund  <assar@sics.se>
-
-	* su.c (-f): implement
-
-	* su.c: implement -i
-	(verify_krb5): correct the ownership on the credential cache
-
-Tue Apr 20 13:26:13 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* su.c: don't depend on paths.h
-
diff --git a/crypto/heimdal/appl/su/Makefile b/crypto/heimdal/appl/su/Makefile
deleted file mode 100644
index f57d3c570001..000000000000
--- a/crypto/heimdal/appl/su/Makefile
+++ /dev/null
@@ -1,599 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/su/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = su
-bin_SUIDS = su
-su_SOURCES = su.c
-
-LDADD = $(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = appl/su
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = su$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_su_OBJECTS = su.$(OBJEXT)
-su_OBJECTS = $(am_su_OBJECTS)
-su_LDADD = $(LDADD)
-#su_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-su_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-su_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(su_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(su_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/su/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-su$(EXEEXT): $(su_OBJECTS) $(su_DEPENDENCIES) 
-	@rm -f su$(EXEEXT)
-	$(LINK) $(su_LDFLAGS) $(su_OBJECTS) $(su_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am
deleted file mode 100644
index 9cacaba7d1bb..000000000000
--- a/crypto/heimdal/appl/su/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
-
-bin_PROGRAMS = su
-bin_SUIDS = su
-su_SOURCES = su.c
-
-LDADD = $(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in
deleted file mode 100644
index a5495a68f6b6..000000000000
--- a/crypto/heimdal/appl/su/Makefile.in
+++ /dev/null
@@ -1,597 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = su
-bin_SUIDS = su
-su_SOURCES = su.c
-
-LDADD = $(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = appl/su
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = su$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_su_OBJECTS = su.$(OBJEXT)
-su_OBJECTS = $(am_su_OBJECTS)
-su_LDADD = $(LDADD)
-su_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-su_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(su_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(su_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/su/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-su$(EXEEXT): $(su_OBJECTS) $(su_DEPENDENCIES) 
-	@rm -f su$(EXEEXT)
-	$(LINK) $(su_LDFLAGS) $(su_OBJECTS) $(su_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c
deleted file mode 100644
index 79324e9ee556..000000000000
--- a/crypto/heimdal/appl/su/su.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include <config.h>
-
-RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <syslog.h>
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-#include <pwd.h>
-
-#include "crypto-headers.h"
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#endif
-#include <kafs.h>
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH "/usr/bin:/bin"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-int kerberos_flag = 1;
-int csh_f_flag;
-int full_login;
-int env_flag;
-char *kerberos_instance = "root";
-int help_flag;
-int version_flag;
-char *cmd;
-char tkfile[256];
-
-struct getargs args[] = {
-    { "kerberos", 'K', arg_negative_flag, &kerberos_flag,
-      "don't use kerberos" },
-    { NULL,	  'f', arg_flag,	  &csh_f_flag,
-      "don't read .cshrc" },
-    { "full",	  'l', arg_flag,          &full_login,
-      "simulate full login" },
-    { NULL,	  'm', arg_flag,          &env_flag,
-      "leave environment unmodified" },
-    { "instance", 'i', arg_string,        &kerberos_instance,
-      "root instance to use" },
-    { "command",  'c', arg_string,        &cmd,
-      "command to execute" },
-    { "help", 	  'h', arg_flag,          &help_flag },
-    { "version",  0,   arg_flag,          &version_flag },
-};
-
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[login [shell arguments]]");
-    exit (ret);
-}
-
-static void
-free_info(struct passwd *p)
-{
-    free (p->pw_name);
-    free (p->pw_passwd);
-    free (p->pw_dir);
-    free (p->pw_shell);
-    free (p);
-}
-
-static struct passwd*
-dup_info(const struct passwd *pwd)
-{
-    struct passwd *info;
-
-    info = malloc(sizeof(*info));
-    if(info == NULL)
-	return NULL;
-    info->pw_name = strdup(pwd->pw_name);
-    info->pw_passwd = strdup(pwd->pw_passwd);
-    info->pw_uid = pwd->pw_uid;
-    info->pw_gid = pwd->pw_gid;
-    info->pw_dir = strdup(pwd->pw_dir);
-    info->pw_shell = strdup(pwd->pw_shell);
-    if(info->pw_name == NULL || info->pw_passwd == NULL ||
-       info->pw_dir == NULL || info->pw_shell == NULL) {
-	free_info (info);
-	return NULL;
-    }
-    return info;
-}
-
-#if defined(KRB4) || defined(KRB5)
-static void
-set_tkfile()
-{
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-    int fd;
-    if(*tkfile != '\0')
-	return;
-    snprintf(tkfile, sizeof(tkfile), "%s_XXXXXX", TKT_ROOT);
-    fd = mkstemp(tkfile);
-    if(fd >= 0)
-	close(fd);
-#ifdef KRB4
-    krb_set_tkt_string(tkfile);
-#endif
-}
-#endif
-
-#ifdef KRB5
-static krb5_context context;
-static krb5_ccache ccache;
-
-static int
-krb5_verify(const struct passwd *login_info,
-	    const struct passwd *su_info,
-	    const char *kerberos_instance)
-{
-    krb5_error_code ret;
-    krb5_principal p;
-    char *login_name = NULL;
-	
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    login_name = getlogin();
-#endif
-    ret = krb5_init_context (&context);
-    if (ret) {
-#if 0
-	warnx("krb5_init_context failed: %d", ret);
-#endif
-	return 1;
-    }
-	
-    if (login_name == NULL || strcmp (login_name, "root") == 0) 
-	login_name = login_info->pw_name;
-    if (strcmp (su_info->pw_name, "root") == 0)
-	ret = krb5_make_principal(context, &p, NULL, 
-				  login_name,
-				  kerberos_instance,
-				  NULL);
-    else
-	ret = krb5_make_principal(context, &p, NULL, 
-				  su_info->pw_name,
-				  NULL);
-    if(ret)
-	return 1;
-	
-    if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
-	ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
-	if(ret) {
-#if 1
-	    krb5_warn(context, ret, "krb5_cc_gen_new");
-#endif
-	    krb5_free_principal (context, p);
-	    return 1;
-	}
-	ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL);
-	krb5_free_principal (context, p);
-	if(ret) {
-	    krb5_cc_destroy(context, ccache);
-	    switch (ret) {
-	    case KRB5_LIBOS_PWDINTR :
-		break;
-	    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-	    case KRB5KRB_AP_ERR_MODIFIED:
-		krb5_warnx(context, "Password incorrect");
-		break;
-	    default :
-		krb5_warn(context, ret, "krb5_verify_user");
-		break;
-	    }
-	    return 1;
-	}
-	return 0;
-    }
-    krb5_free_principal (context, p);
-    return 1;
-}
-
-static int
-krb5_start_session(void)
-{
-    krb5_ccache ccache2;
-    char *cc_name;
-    int ret;
-
-    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2);
-    if (ret) {
-	krb5_cc_destroy(context, ccache);
-	return 1;
-    }
-
-    ret = krb5_cc_copy_cache(context, ccache, ccache2);
-
-    asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
-	     krb5_cc_get_name(context, ccache2));
-    esetenv("KRB5CCNAME", cc_name, 1);
-
-    /* we want to export this even if we don't directly support KRB4 */
-    set_tkfile();
-    esetenv("KRBTKFILE", tkfile, 1);
-            
-    /* convert creds? */
-    if(k_hasafs()) {
-	if (k_setpag() == 0)
-	    krb5_afslog(context, ccache2, NULL, NULL);
-    }
-            
-    krb5_cc_close(context, ccache2);
-    krb5_cc_destroy(context, ccache);
-    return 0;
-}
-#endif
-
-#ifdef KRB4
-
-static int
-krb_verify(const struct passwd *login_info,
-	   const struct passwd *su_info,
-	   const char *kerberos_instance)
-{
-    int ret;
-    char *login_name = NULL;
-    char *name, *instance, realm[REALM_SZ];
-	
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    login_name = getlogin();
-#endif
-
-    ret = krb_get_lrealm(realm, 1);
-	
-    if (login_name == NULL || strcmp (login_name, "root") == 0) 
-	login_name = login_info->pw_name;
-    if (strcmp (su_info->pw_name, "root") == 0) {
-	name = login_name;
-	instance = (char*)kerberos_instance;
-    } else {
-	name = su_info->pw_name;
-	instance = "";
-    }
-
-    if(su_info->pw_uid != 0 || 
-       krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
-	char password[128];
-	char *prompt;
-	asprintf (&prompt, 
-		  "%s's Password: ",
-		  krb_unparse_name_long (name, instance, realm));
-	if (des_read_pw_string (password, sizeof (password), prompt, 0)) {
-	    memset (password, 0, sizeof (password));
-	    free(prompt);
-	    return (1);
-	}
-	free(prompt);
-	if (strlen(password) == 0)
-	    return (1);		/* Empty passwords are not allowed */
-	set_tkfile();
-	setuid(geteuid()); /* need to run as root here */
-	ret = krb_verify_user(name, instance, realm, password, 
-			      KRB_VERIFY_SECURE, NULL);
-	memset(password, 0, sizeof(password));
-	
-	if(ret) {
-	    warnx("%s", krb_get_err_text(ret));
-	    return 1;
-	}
-	chown (tkt_string(), su_info->pw_uid, su_info->pw_gid);
-	return 0;
-    }
-    return 1;
-}
-
-
-static int
-krb_start_session(void)
-{
-    esetenv("KRBTKFILE", tkfile, 1);
-            
-    /* convert creds? */
-    if(k_hasafs() && k_setpag() == 0)
-	krb_afslog(NULL, NULL);
-            
-    return 0;
-}
-#endif
-
-static int
-verify_unix(struct passwd *su)
-{
-    char prompt[128];
-    char pw_buf[1024];
-    char *pw;
-    int r;
-    if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
-	snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
-	r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
-	if(r != 0)
-	    exit(0);
-	pw = crypt(pw_buf, su->pw_passwd);
-	memset(pw_buf, 0, sizeof(pw_buf));
-	if(strcmp(pw, su->pw_passwd) != 0)
-	    return 1;
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int i, optind = 0;
-    char *su_user;
-    struct passwd *su_info;
-    struct passwd *login_info;
-
-    struct passwd *pwd;
-
-    char *shell;
-
-    int ok = 0;
-    int kerberos_error=1;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-
-    for (i=0; i < optind; i++)
-      if (strcmp(argv[i], "-") == 0) {
-	 full_login = 1;
-	 break;
-      }
-	
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    if(optind >= argc)
-	su_user = "root";
-    else
-	su_user = argv[optind++];
-
-    pwd = k_getpwnam(su_user);
-    if(pwd == NULL)
-	errx (1, "unknown login %s", su_user);
-    if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) {
-	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user);
-	errx (1, "unknown login %s", su_user);
-    }
-    su_info = dup_info(pwd);
-    if (su_info == NULL)
-	errx (1, "malloc: out of memory");
-    
-	pwd = getpwuid(getuid());
-    if(pwd == NULL)
-	errx(1, "who are you?");
-    login_info = dup_info(pwd);
-    if (login_info == NULL)
-	errx (1, "malloc: out of memory");
-    if(env_flag)
-	shell = login_info->pw_shell;
-    else
-	shell = su_info->pw_shell;
-    if(shell == NULL || *shell == '\0')
-	shell = _PATH_BSHELL;
-    
-
-#ifdef KRB5
-    if(kerberos_flag && ok == 0 &&
-      (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0)
-	ok = 5;
-#endif
-#ifdef KRB4
-    if(kerberos_flag && ok == 0 &&
-       (kerberos_error = krb_verify(login_info, su_info, kerberos_instance)) == 0)
-	ok = 4;
-#endif
-
-    if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
-	printf("Sorry!\n");
-	exit(1);
-    }
-
-#ifdef HAVE_GETSPNAM
-   {  struct spwd *sp;
-      long    today;
-    
-    sp = getspnam(su_info->pw_name);
-    if (sp != NULL) {
-	today = time(0)/(24L * 60 * 60);
-	if (sp->sp_expire > 0) {
-	    if (today >= sp->sp_expire) {
-		if (login_info->pw_uid) 
-		    errx(1,"Your account has expired.");
-		else
-		    printf("Your account has expired.");
-            }
-            else if (sp->sp_expire - today < 14) 
-                printf("Your account will expire in %d days.\n",
-		       (int)(sp->sp_expire - today));
-	} 
-	if (sp->sp_max > 0) {
-	    if (today >= sp->sp_lstchg + sp->sp_max) {
-		if (login_info->pw_uid)    
-		    errx(1,"Your password has expired. Choose a new one.");
-		else
-		    printf("Your password has expired. Choose a new one.");
-	    }
-	    else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn)
-		printf("Your account will expire in %d days.\n",
-		       (int)(sp->sp_lstchg + sp->sp_max -today));
-	}
-    }
-    }
-#endif
-    {
-	char *tty = ttyname (STDERR_FILENO);
-	syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s",
-		login_info->pw_name, su_info->pw_name, tty);
-    }
-
-
-    if(!env_flag) {
-	if(full_login) {
-	    char *t = getenv ("TERM");
-	    
-	    environ = malloc (10 * sizeof (char *));
-	    if (environ == NULL)
-		err (1, "malloc");
-	    environ[0] = NULL;
-	    esetenv ("PATH", _PATH_DEFPATH, 1);
-	    if (t)
-		esetenv ("TERM", t, 1);
-	    if (chdir (su_info->pw_dir) < 0)
-		errx (1, "no directory");
-	}
-	if (full_login || su_info->pw_uid)
-	    esetenv ("USER", su_info->pw_name, 1);
-	esetenv("HOME", su_info->pw_dir, 1);
-	esetenv("SHELL", shell, 1);
-    }
-
-    {
-	int i;
-	char **args;
-	char *p;
-
-	p = strrchr(shell, '/');
-	if(p)
-	    p++;
-	else
-	    p = shell;
-
-	if (strcmp(p, "csh") != 0)
-	    csh_f_flag = 0;
-
-        args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args));
-	if (args == NULL)
-	    err (1, "malloc");
-	i = 0;
-	if(full_login)
-	    asprintf(&args[i++], "-%s", p);
-	else
-	    args[i++] = p;
-	if (cmd) {
-	   args[i++] = "-c";
-	   args[i++] = cmd;
-	}  
-	   
-	if (csh_f_flag)
-	    args[i++] = "-f";
-
-	for (argv += optind; *argv; ++argv)
-	   args[i++] = *argv;
-	args[i] = NULL;
-	
-	if(setgid(su_info->pw_gid) < 0)
-	    err(1, "setgid");
-	if (initgroups (su_info->pw_name, su_info->pw_gid) < 0)
-	    err (1, "initgroups");
-	if(setuid(su_info->pw_uid) < 0
-	   || (su_info->pw_uid != 0 && setuid(0) == 0))
-	    err(1, "setuid");
-
-#ifdef KRB5
-        if (ok == 5)
-           krb5_start_session();
-#endif
-#ifdef KRB4
-	if (ok == 4)
-	    krb_start_session();
-#endif
-	execv(shell, args);
-    }
-    
-    exit(1);
-}
diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog
deleted file mode 100644
index f696871334dd..000000000000
--- a/crypto/heimdal/appl/telnet/ChangeLog
+++ /dev/null
@@ -1,541 +0,0 @@
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/commands.c: remove extra "Toggle"'s
-
-	* telnet/commands.c: IRIX == 4 -> IRIX4
-
-	* telnet/main.c: rename functions to what they're really called
-
-	* telnet/commands.c: kill some might be uninitialized warnings
-
-	* telnet/commands.c: add forward and forwardable toggle options,
-	and call set_forward_options() after parsing .telnetrc
-
-	* telnet/externs.h: proto for set_forward_options
-
-	* telnet/main.c: only register what forwarding options are asked
-	for when parsing command line, we have to set the actual flags
-	later after we have read .telnetrc
-
-	* libtelnet/auth-proto.h: kerberos5_set_forward{,able} protos
-
-	* libtelnet/kerberos5.c: add kerberos5_set_forward{,able}
-	functions suitable for the command parser
-
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* telnetd/telnetd.c: add --version as a special case
-	* telnet/main.c: add --version as a special case
-
-2002-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/telnet.c: only try to negotiate encryption if we're
-	talking to a real telnet
-
-2002-03-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/commands.c: fix an old cut-n-paste typo (via debian)
-
-2002-02-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/telnet.c: print a more informative message than "done"
-	after negotiating encryption
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c: add a kludge to make it build on aix (that
-	defines NOERROR in both sys/stream.h and arpa/nameser.h and
-	considers that a fatal error)
-
-	* telnet/telnet.c: undef PUTSHORT to avoid conflict
-
-2001-08-26  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/Makefile.am: also link with the library for logout
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c: include libutil.h if it exists
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (getpty): call openpty if it exists
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/global.c (output_data): make sure of not forwarding
-	`nfrontp' too far, thereby allowing writes after the end of
-	`netobuf'
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c: update to new krb5_auth_con* names
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (start_login): give the correct error if exec
-	fails
-	* telnetd/utility.c (fatalperror_errno): add a new function with
-	explicit errno parameter
-
-2001-03-07  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c: some minimal more amount of
- 	const-correctness
-
-2001-02-24  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/enc_des.c: learn to live with libcrypto (from openssl)
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): copy the hostname so it doesn't get
-	overwritten while reading ~/.telnetrc
-	(*): removed some unneeded externs
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (startslave, start_login): re-write code to
-	keep track both of remote hostname and utmp string to be used
-	* telnetd/telnetd.c (doit, my_telnet): re-write code to keep track
-	both of remote hostname and utmp string to be used
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* telnet/Makefile.am, telnetd/Makefile.am: add LIB_kdfs
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_is): use krb5_rd_cred2 instead
-	of krb5_rd_cred
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* telnet/main.c (krb5_init): check krb5_init_context for success
-	* libtelnet/kerberos5.c (kerberos5_init): check krb5_init_context
-	for success
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (sourceroute): make it not break if the
-	rfc2292 api does not exist
-
-2000-12-09  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (scrub_env): add supporting non-file TERMCAP
-	variables
-
-2000-12-07  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.h: move include files around to avoid getting SE
-	from sys/*.h on HP to override SE from telnet.h
-
-	* telnetd/sys_term.c (scrub_env): remove some const-ness
-	* telnetd/sys_term.c (scrub_env): add LOGNAME and POSIXLY_CORRECT
-	to the list of authorized environment variables to be compatible
-	with linux-telnetd
-
-	* telnetd/sys_term.c (scrub_env): change filtering algoritm from
-	allowing everything except a few bad cases to not allowing
-	anything except a few non-dangerous cases
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* libtelnet/kerberos5.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-2000-11-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* libtelnet/kerberos5.c: print the principal we're trying to use
-
-	* libtelnet/kerberos.c: print the principal we're trying to use
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/misc-proto.h (telnet_getenv): const-ize some
-
-2000-11-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/telnet.c: fake entry if no tgetent
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/utility.c (stilloob): check that fds are not too large
-	to select on
-	(ttloop): remove confusing output of errno
-	* telnetd/telnetd.c (my_telnet): check that fds are not too large
-	to select on
-	* telnet/utilities.c (EmptyTerminal): check that fds are not too
-	large to select on
-	* telnet/sys_bsd.c (process_rings): check that fds are not too
-	large to select on
-	* telnet/network.c (stilloob): check that fds are not too large to
-	select on
-
-2000-06-09  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c: remove all setuid(getuid()).  we do not
-	support telnet being setuid root
-
-2000-05-05  Assar Westerlund  <assar@sics.se>
-
-	* telnet/externs.h (sourceroute): update prototype
-	* telnet/commands.c (tn): re-enable source routing
-	(sourceroute): make it work again based on the code from
-	itojun@kame.net
-
-2000-03-28  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): clean-up a tiny little bit.  give-up if
-	we do not manage to connect to any address
-
-2000-03-26  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (*): make sure to always call time, ctime,
-	and gmtime with `time_t's.  there were some types (like in
-	lastlog) that we believed to always be time_t.  this has proven
-	wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit
-	quantities but time_t has gone up to 64 bits
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_init): check that we do have a
-	keytab before saying that we will support KERBEROS5
-
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): only set tos for AF_INET.  From
-	itojun@iijlab.net
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos.c (kerberos4_is): send a reject back to the
-	client when we're not authorized
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* telnet/ring.h (ring_encrypt): better proto
-	* telnet/ring.c (ring_encrypt): better proto
-
-2000-02-04  Assar Westerlund  <assar@sics.se>
-
-	* telnet/telnet_locl.h: klduge-around KLUDGELINEMODE
-
-2000-01-18  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/misc.c (auth_encrypt_user): const-ify
-	* libtelnet/misc.h (RemoteHostName, LocalHostName): const-ify
-	* libtelnet/misc.c (auth_encrypt_init, RemoteHostName,
-	LocalHostName): const-ify
-	* libtelnet/misc-proto.h (auth_encrypt_init, auth_encrypt_user):
-	const-ify
-	* libtelnet/encrypt.c (encrypt_init, Name): const-ify
-	* libtelnet/enc-proto.h (encrypt_init): const-ify
-	* libtelnet/auth.c (auth_init, Name): const-ify
-	* libtelnet/auth-proto.h (auth_init): const-ify
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): handle ai_canonname being set in any of
-	the addresses returnedby getaddrinfo.  glibc apparently returns
-	the reverse lookup of every address in ai_canonname.  remove some
-	unused variables.
-
-2000-01-01  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (addarg): make void (return value isn't check
-	anyway).  fatal error when malloc fails
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (*): handle ai_canonname not being set
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (doit): use getnameinfo_verified
-	* telnetd/telnetd.c: use getnameinfo
-	* telnet/commands.c: re-write to using getaddrinfo.  disable
-	source-routing for the moment, it doesn't seem to be used anyways.
-	
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c: revert 1.54, get_default_username should DTRT
- 	now
-
-1999-09-05  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/utility.c (ttloop): make it return 1 if interrupted by a
- 	signal, which must have been what was meant from the beginning
-
-	* telnetd/ext.h (ttloop): update prototype
-
-	* telnetd/authenc.c (telnet_spin): actually return the value from
- 	ttloop (otherwise it's kind of bogus)
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (rmut): free utxp
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* telnet/main.c: add -G and config file support.  From Miroslav
- 	Ruda <ruda@ics.muni.cz>
-
-	* telnetd/sys_term.c (rmut): work around utmpx strangness.  From
- 	Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-08-02  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (doit): only free hp if != NULL.  From: Jonas
- 	Oberg <jonas@coyote.org>
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (doit): remove unused variable mapped_sin
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/ext.h: update prototypes
-	
-	* telnetd/telnetd.c: make it handle v4 and v6 sockets.  (it
-	doesn't handle being given a v6 socket that's really talking to an
-	v4 adress (mapped) because the rest of the code in telnetd is not
-	able to handle it anyway).  please run two telnetd from your
-	inetd, one for v4 and one for v6.
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): extra bogus const-cast
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/sys_term.c (start_login): print a different warning with
- 	`-a otp'
-
-1999-06-24  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_send): set the addresses in the
- 	auth_context
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* telnet/Makefile.am (INCLUDES): add $(INCLUDE_krb4)
-
-	* telnet/commands.c (togkrbdebug): conditionalize on
- 	krb_disable_debug
-
-1999-06-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* telnet/commands.c: add kerberos debugging option
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): use get_default_username
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/state.c (telrcv): magic patch to make it work against
- 	DOS Clarkson Telnet.  From Miroslav Ruda <ruda@ics.muni.cz>
-
-1999-04-25  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_send): use
-	`krb5_auth_setkeytype' instead of `krb5_auth_setenctype' to make
-	sure we get a DES session key.
-
-Thu Apr  1 16:59:27 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/Makefile.am: don't run check-local
-
-	* telnet/Makefile.am: don't run check-local
-
-Mon Mar 29 16:11:33 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/sys_term.c: _CRAY -> HAVE_STRUCT_UTMP_UT_ID
-
-Sat Mar 20 00:12:54 1999  Assar Westerlund  <assar@sics.se>
-
-	* telnet/authenc.c (telnet_gets): remove old extern declarations
-
-Thu Mar 18 11:20:16 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/Makefile.am: include Makefile.am.common
-
-	* telnet/Makefile.am: include Makefile.am.common
-
-	* libtelnet/Makefile.am: include Makefile.am.common
-
-	* Makefile.am: include Makefile.am.common
-
-Mon Mar 15 17:40:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/telnetd.c: replace perror/exit with fatalperror
-
-Sat Mar 13 22:18:57 1999  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c (main): 0 -> STDIN_FILENO.  remove abs
-
-	* libtelnet/kerberos.c (kerberos4_is): syslog root logins
-
-Thu Mar 11 14:48:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/Makefile.in: add WFLAGS
-
-	* telnet/Makefile.in: add WFLAGS
-
-	* libtelnet/Makefile.in: add WFLAGS
-
-	* telnetd/sys_term.c: remove unused variables
-
-	* telnet/telnet.c: fix some warnings
-
-	* telnet/main.c: fix some warnings
-
-	* telnet/commands.c: fix types in format string
-
-	* libtelnet/auth.c: fix types in format string
-
-Mon Mar  1 10:50:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/sys_term.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
-
-Mon Feb  1 04:08:36 1999  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): only call gethostbyname2 with AF_INET6
- 	if we actually have IPv6.  From "Brandon S. Allbery KF8NH"
- 	<allbery@kf8nh.apk.net>
-
-Sat Nov 21 16:51:00 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* telnetd/sys_term.c (cleanup): don't call vhangup() on sgi:s
-
-Fri Aug 14 16:29:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* libtelnet/kerberos.c: krb_put_int -> KRB_PUT_INT
-
-Thu Jul 23 20:29:05 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* libtelnet/kerberos5.c: use krb5_verify_authenticator_checksum
-
-Mon Jul 13 22:00:09 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): don't advance hostent->h_addr_list, use
- 	a copy instead
-
-Wed May 27 04:19:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/sys_bsd.c (process_rings): correct call to `stilloob'
-
-Fri May 15 19:38:19 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* libtelnet/kerberos5.c: Always print errors from mk_req.
-
-Fri May  1 07:16:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c: unifdef -DHAVE_H_ERRNO
-
-Sat Apr  4 15:00:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): moved the printing of `trying...' to the
- 	loop
-
-Thu Mar 12 02:33:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/telnet_locl.h: include <term.h>. From Gregory S. Stark
- 	<gsstark@mit.edu>
-
-Sat Feb 21 15:12:38 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/ext.h: add prototype for login_tty
-
-	* telnet/utilities.c (printsub): `direction' is now an int.
-
-	* libtelnet/misc-proto.h: add prototype for `printsub'
-
-Tue Feb 17 02:45:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos.c (kerberos4_is): cred.pname should be
- 	cred.pinst.  From <art@stacken.kth.se>
-
-Sun Feb 15 02:46:39 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnet/*/*.c: renamed `telnet' to `my_telnet' to avoid
- 	conflicts with system header files on mklinux.
-
-Tue Feb 10 02:09:03 1998  Assar Westerlund  <assar@sics.se>
-
-	* telnetd/telnetd.c: new signature for `getterminaltype' and
- 	`auth_wait'
-
-	* libtelnet: changed the signature of the authentication method
- 	`status'
-
-Sat Feb  7 07:21:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* */*.c: replace HAS_GETTOS by HAVE_PARSETOS and HAVE_GETTOSBYNAME
-
-Fri Dec 26 16:17:10 1997  Assar Westerlund  <assar@sics.se>
-
-	* telnet/commands.c (tn): repair support for numeric addresses
-
-Sun Dec 21 09:40:31 1997  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos.c: fix up lots of stuff related to the
- 	forwarding of v4 tickets.
-
-	* libtelnet/kerberos5.c (kerberos5_forward): zero out `creds'.
-
-Mon Dec 15 20:53:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* telnet/sys_bsd.c: Don't turn off OPOST in 8bit-mode.
-
-Tue Dec  9 19:26:50 1997  Assar Westerlund  <assar@sics.se>
-
-	* telnet/main.c (main): add 'b' to getopt
-
-Sat Nov 29 03:28:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* telnet/telnet.c: Change binary mode to do just that, and add a
- 	eight-bit mode for just passing all characters.
-
-Sun Nov 16 04:37:02 1997  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c (kerberos5_send): always ask for a session
- 	key of type DES
-
-	* libtelnet/kerberos5.c: remove old garbage and fix call to
- 	krb5_auth_con_setaddrs_from_fd
-
-Fri Nov 14 20:35:18 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* telnetd/telnetd.c: Output contents of /etc/issue.
-
-Mon Nov  3 07:09:16 1997  Assar Westerlund  <assar@sics.se>
-
-	* telnet/telnet_locl.h: only include <sys/termio.h> iff
- 	!defined(HAVE_TERMIOS_H)
-
-	* libtelnet/kerberos.c (kerberos4_is): send the peer address to
- 	krb_rd_req
-
-	* telnetd/telnetd.c (terminaltypeok): always return OK.  It used
- 	to call `tgetent' to figure if it was a defined terminal type.
-  	It's possible to overflow tgetent so that's a bad idea.  The worst
- 	that could happen by saying yes to all terminals is that the user
- 	ends up with a terminal that has no definition on the local
- 	system.  And besides, most telnet client has no support for
- 	falling back to a different terminal type.
-
-Mon Oct 20 05:47:19 1997  Assar Westerlund  <assar@sics.se>
-
-	* libtelnet/kerberos5.c: remove lots of old junk.  clean-up.
-  	better error checking and reporting.  tell the user permission
- 	denied much earlier.
-
-	* libtelnet/kerberos.c (kerberos4_is): only print
- 	UserNameRequested if != NULL
-
diff --git a/crypto/heimdal/appl/telnet/Makefile b/crypto/heimdal/appl/telnet/Makefile
deleted file mode 100644
index 3debc7a56942..000000000000
--- a/crypto/heimdal/appl/telnet/Makefile
+++ /dev/null
@@ -1,611 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/telnet/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = libtelnet telnet telnetd
-
-EXTRA_DIST = README.ORIG telnet.state
-subdir = appl/telnet
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-DIST_SUBDIRS = $(SUBDIRS)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-local \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-dist-hook:
-	$(mkinstalldirs) $(distdir)/arpa
-	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/Makefile.am b/crypto/heimdal/appl/telnet/Makefile.am
deleted file mode 100644
index eec013bae96f..000000000000
--- a/crypto/heimdal/appl/telnet/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = libtelnet telnet telnetd
-
-dist-hook:
-	$(mkinstalldirs) $(distdir)/arpa
-	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
-
-EXTRA_DIST = README.ORIG telnet.state
diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in
deleted file mode 100644
index 9eb725c2d745..000000000000
--- a/crypto/heimdal/appl/telnet/Makefile.in
+++ /dev/null
@@ -1,613 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:15 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = libtelnet telnet telnetd
-
-EXTRA_DIST = README.ORIG telnet.state
-subdir = appl/telnet
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-DIST_SUBDIRS = $(SUBDIRS)
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-recursive \
-	install-exec install-exec-am install-exec-recursive \
-	install-info install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
-	uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-dist-hook:
-	$(mkinstalldirs) $(distdir)/arpa
-	$(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/README.ORIG b/crypto/heimdal/appl/telnet/README.ORIG
deleted file mode 100644
index 37b588fafd6f..000000000000
--- a/crypto/heimdal/appl/telnet/README.ORIG
+++ /dev/null
@@ -1,743 +0,0 @@
-
-This is a distribution of both client and server telnet.  These programs
-have been compiled on:
-			telnet	telnetd
-	4.4 BSD-Lite	  x	  x
-	4.3 BSD Reno	  X	  X
-	UNICOS 9.1	  X	  X
-	UNICOS 9.0	  X	  X
-	UNICOS 8.0	  X	  X
-	BSDI 2.0	  X	  X
-	Solaris 2.4       x       x (no linemode in server)
-	SunOs 4.1.4	  X	  X (no linemode in server)
-	Ultrix 4.3	  X	  X (no linemode in server)
-	Ultrix 4.1	  X	  X (no linemode in server)
-
-In addition, previous versions have been compiled on the following
-machines, but were not available for testing this version.
-			telnet	telnetd
-	Next1.0		  X	  X
-	UNICOS 8.3	  X	  X
-	UNICOS 7.C	  X	  X
-	UNICOS 7.0	  X	  X
-	SunOs 4.0.3c	  X	  X (no linemode in server)
-	4.3 BSD		  X  	  X (no linemode in server)
-	DYNIX V3.0.12	  X	  X (no linemode in server)
-	Ultrix 3.1	  X	  X (no linemode in server)
-	Ultrix 4.0	  X	  X (no linemode in server)
-	SunOs 3.5	  X	  X (no linemode in server)
-	SunOs 4.1.3	  X	  X (no linemode in server)
-	Solaris 2.2       x       x (no linemode in server)
-	Solaris 2.3       x       x (no linemode in server)
-	BSDI 1.0	  X	  X
-	BSDI 1.1	  X	  X
-	DYNIX V3.0.17.9	  X	  X (no linemode in server)
-	HP-UX 8.0	  x       x (no linemode in server)
-
-This code should work, but there are no guarantees.
-
-May 30, 1995
-
-This release represents what is on the 4.4BSD-Lite2 release, which
-should be the final BSD release.  I will continue to support of
-telnet, The code (without encryption) is available via anonymous ftp
-from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where
-YY.MM.DD is replaced with the year, month and day of the release.
-If you can't find it at one of these places, at some point in the
-near future information about the latest releases should be available
-from ftp.borman.com.
-
-In addition, the version with the encryption code is available via
-ftp from net-dist.mit.edu, in the directory /pub/telnet.  There
-is a README file there that gives further information on how
-to get the distribution.
-
-Questions, comments, bug reports and bug fixes can be sent to
-one of these addresses:
-		dab@borman.com
-		dab@cray.com
-		dab@bsdi.com
-
-This release is mainly bug fixes and code cleanup.
-
-	Replace all calls to bcopy()/bzero() with calls to
-	memmove()/memset() and all calls to index()/rindex()
-	with calls to strchr()/strrchr().
-
-	Add some missing diagnostics for option tracing
-	to telnetd.
-
-	Add support for BSDI 2.0 and Solaris 2.4.
-
-	Add support for UNICOS 8.0
-
-	Get rid of expanded tabs and trailing white spaces.
-
-	From Paul Vixie:
-		Fix for telnet going into an endless spin
-		when the session dies abnormally.
-
-	From Jef Poskanzer:
-		Changes to allow telnet to compile
-		under SunOS 3.5.
-
-	From Philip Guenther:
-		makeutx() doesn't expand utmpx,
-		use pututxline() instead.
-
-	From Chris Torek:
-		Add a sleep(1) before execing login
-		to avoid race condition that can eat
-		up the login prompt.
-		Use terminal speed directly if it is
-		not an encoded value.
-
-	From Steve Parker:
-		Fix to realloc() call.  Fix for execing
-		login on solaris with no user name.
-
-January 19, 1994
-
-This is a list of some of the changes since the last tar release
-of telnet/telnetd.  There are probably other changes that aren't
-listed here, but this should hit a lot of the main ones.
-
-   General:
-	Changed #define for AUTHENTICATE to AUTHENTICATION
-	Changed #define for ENCRYPT to ENCRYPTION
-	Changed #define for DES_ENCRYPT to DES_ENCRYPTION
-
-	Added support for SPX authentication: -DSPX
-
-	Added support for Kerberos Version 5 authentication: -DKRB5
-
-	Added support for ANSI C function prototypes
-
-	Added support for the NEW-ENVIRON option (RFC-1572)
-	including support for USERVAR.
-
-	Made support for the old Environment Option (RFC-1408)
-	conditional on -DOLD_ENVIRON
-
-	Added #define ENV_HACK - support for RFC 1571
-
-	The encryption code is removed from the public distributions.
-	Domestic 4.4 BSD distributions contain the encryption code.
-
-	ENV_HACK: Code to deal with systems that only implement
-		the old ENVIRON option, and have reversed definitions
-		of ENV_VAR and ENV_VAL.  Also fixes ENV processing in
-		client to handle things besides just the default set...
-
-	NO_BSD_SETJMP: UNICOS configuration for
-		UNICOS 6.1/6.0/5.1/5.0 systems.
-
-	STREAMSPTY: Use /dev/ptmx to get a clean pty.  This
-		is for SVr4 derivatives (Like Solaris)
-
-	UTMPX: For systems that have /etc/utmpx. This is for
-		SVr4 derivatives (Like Solaris)
-
-	Definitions for BSDI 1.0
-
-	Definitions for 4.3 Reno and 4.4 BSD.
-
-	Definitions for UNICOS 8.0 and UNICOS 7.C
-
-	Definitions for Solaris 2.0
-
-	Definitions for HP-UX 8.0
-
-	Latest Copyright notices from Berkeley.
-
-	FLOW-CONTROL: support for RFC-XXXx
-
-
-   Client Specific:
-
-	Fix the "send" command to not send garbage...
-
-	Fix status message for "skiprc"
-
-	Make sure to send NAWS after telnet has been suspended
-	or an external command has been run, if the window size
-	has changed.
-
-	sysV88 support.
-
-   Server Specific:
-
-	Support flowcontrol option in non-linemode servers.
-
-	-k Server supports Kludge Linemode, but will default to
-	   either single character mode or real Linemode support.
-	   The user will have to explicitly ask to switch into
-	   kludge linemode. ("stty extproc", or escape back to
-	   to telnet and say "mode line".)
-
-	-u Specify the length of the hostname field in the utmp
-	   file.  Hostname longer than this length will be put
-	   into the utmp file in dotted decimal notation, rather
-	   than putting in a truncated hostname.
-	
-	-U Registered hosts only.  If a reverse hostname lookup
-	   fails, the connection will be refused.
-
-	-f/-F
-	   Allows forwarding of credentials for KRB5.
-
-Februrary 22, 1991:
-
-    Features:
-
-	This version of telnet/telnetd has support for both
-	the AUTHENTICATION and ENCRYPTION options.  The
-	AUTHENTICATION option is fairly well defined, and
-	an option number has been assigned to it.  The
-	ENCRYPTION option is still in a state of flux; an
-	option number has been assigned to, but it is still
-	subject to change.  The code is provided in this release
-	for experimental and testing purposes.
-
-	The telnet "send" command can now be used to send
-	do/dont/will/wont commands, with any telnet option
-	name.  The rules for when do/dont/will/wont are sent
-	are still followed, so just because the user requests
-	that one of these be sent doesn't mean that it will
-	be sent...
-
-	The telnet "getstatus" command no longer requires
-	that option printing be enabled to see the response
-	to the "DO STATUS" command.
-
-	A -n flag has been added to telnetd to disable
-	keepalives.
-
-	A new telnet command, "auth" has been added (if
-	AUTHENTICATE is defined).  It has four sub-commands,
-	"status", "disable", "enable" and "help".
-
-	A new telnet command, "encrypt" has been added (if
-	ENCRYPT is defined).  It has many sub-commands:
-	"enable", "type", "start", "stop", "input",
-	"-input", "output", "-output", "status", and "help".
-
-	The LOGOUT option is now supported by both telnet
-	and telnetd, a new command, "logout", was added
-	to support this.
-
-	Several new toggle options were added:
-	    "autoencrypt", "autodecrypt", "autologin", "authdebug",
-	    "encdebug", "skiprc", "verbose_encrypt"
-
-	An "rlogin" interface has been added.  If the program
-	is named "rlogin", or the "-r" flag is given, then
-	an rlogin type of interface will be used.
-		~.	Terminates the session
-		~<susp> Suspend the session
-		~^]	Escape to telnet command mode
-		~~	Pass through the ~.
-	    BUG: If you type the rlogin escape character
-		 in the middle of a line while in rlogin
-		 mode, you cannot erase it or any characters
-		 before it.  Hopefully this can be fixed
-		 in a future release...
-
-    General changes:
-
-	A "libtelnet.a" has now been created.  This libraray
-	contains code that is common to both telnet and
-	telnetd.  This is also where library routines that
-	are needed, but are not in the standard C library,
-	are placed.
-
-	The makefiles have been re-done.  All of the site
-	specific configuration information has now been put
-	into a single "Config.generic" file, in the top level
-	directory.  Changing this one file will take care of
-	all three subdirectories.  Also, to add a new/local
-	definition, a "Config.local" file may be created
-	at the top level; if that file exists, the subdirectories
-	will use that file instead of "Config.generic".
-
-	Many 1-2 line functions in commands.c have been
-	removed, and just inserted in-line, or replaced
-	with a macro.
-
-    Bug Fixes:
-
-	The non-termio code in both telnet and telnetd was
-	setting/clearing CTLECH in the sg_flags word.  This
-	was incorrect, and has been changed to set/clear the
-	LCTLECH bit in the local mode word.
-
-	The SRCRT #define has been removed.  If IP_OPTIONS
-	and IPPROTO_IP are defined on the system, then the
-	source route code is automatically enabled.
-
-	The NO_GETTYTAB #define has been removed; there
-	is a compatability routine that can be built into
-	libtelnet to achive the same results.
-
-	The server, telnetd, has been switched to use getopt()
-	for parsing the argument list.
-
-	The code for getting the input/output speeds via
-	cfgetispeed()/cfgetospeed() was still not quite
-	right in telnet.  Posix says if the ispeed is 0,
-	then it is really equal to the ospeed.
-
-	The suboption processing code in telnet now has
-	explicit checks to make sure that we received
-	the entire suboption (telnetd was already doing this).
-
-	The telnet code for processing the terminal type
-	could cause a core dump if an existing connection
-	was closed, and a new connection opened without
-	exiting telnet.
-
-	Telnetd was doing a TCSADRAIN when setting the new
-	terminal settings;  This is not good, because it means
-	that the tcsetattr() will hang waiting for output to
-	drain, and telnetd is the only one that will drain
-	the output...  The fix is to use TCSANOW which does
-	not wait.
-
-	Telnetd was improperly setting/clearing the ISTRIP
-	flag in the c_lflag field, it should be using the
-	c_iflag field. 
-
-	When the child process of telnetd was opening the
-	slave side of the pty, it was re-setting the EXTPROC
-	bit too early, and some of the other initialization
-	code was wiping it out.  This would cause telnetd
-	to go out of linemode and into single character mode.
-
-	One instance of leaving linemode in telnetd forgot
-	to send a WILL ECHO to the client, the net result
-	would be that the user would see double character
-	echo.
-
-	If the MODE was being changed several times very
-	quickly, telnetd could get out of sync with the
-	state changes and the returning acks; and wind up
-	being left in the wrong state.
-
-September 14, 1990:
-
-	Switch the client to use getopt() for parsing the
-	argument list.  The 4.3Reno getopt.c is included for
-	systems that don't have getopt().
-
-	Use the posix _POSIX_VDISABLE value for what value
-	to use when disabling special characters.  If this
-	is undefined, it defaults to 0x3ff.
-
-	For non-termio systems, TIOCSETP was being used to
-	change the state of the terminal.  This causes the
-	input queue to be flushed, which we don't want.  This
-	is now changed to TIOCSETN.
-
-	Take out the "#ifdef notdef" around the code in the
-	server that generates a "sync" when the pty oputput
-	is flushed.  The potential problem is that some older
-	telnet clients may go into an infinate loop when they
-	receive a "sync", if so, the server can be compiled
-	with "NO_URGENT" defined.
-
-	Fix the client where it was setting/clearing the OPOST
-	bit in the c_lflag field, not the c_oflag field.
-
-	Fix the client where it was setting/clearing the ISTRIP
-	bit in the c_lflag field, not the c_iflag field.  (On
-	4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
-	The client also had its interpretation of WILL BINARY
-	and DO BINARY reversed.
-
-	Fix a bug in client that would cause a core dump when
-	attempting to remove the last environment variable.
-
-	In the client, there were a few places were switch()
-	was being passed a character, and if it was a negative
-	value, it could get sign extended, and not match
-	the 8 bit case statements.  The fix is to and the
-	switch value with 0xff.
-
-	Add a couple more printoption() calls in the client, I
-	don't think there are any more places were a telnet
-	command can be received and not printed out when
-	"options" is on.
-
-	A new flag has been added to the client, "-a".  Currently,
-	this just causes the USER name to be sent across, in
-	the future this may be used to signify that automatic
-	authentication is requested.
-
-	The USER variable is now only sent by the client if
-	the "-a" or "-l user" options are explicity used, or
-	if the user explicitly asks for the "USER" environment
-	variable to be exported.  In the server, if it receives
-	the "USER" environment variable, it won't print out the
-	banner message, so that only "Password:" will be printed.
-	This makes the symantics more like rlogin, and should be
-	more familiar to the user.  (People are not used to
-	getting a banner message, and then getting just a
-	"Password:" prompt.)
-
-	Re-vamp the code for starting up the child login
-	process.  The code was getting ugly, and it was
-	hard to tell what was really going on.  What we
-	do now is after the fork(), in the child:
-		1) make sure we have no controlling tty
-		2) open and initialize the tty
-		3) do a setsid()/setpgrp()
-		4) makes the tty our controlling tty.
-	On some systems, #2 makes the tty our controlling
-	tty, and #4 is a no-op.  The parent process does
-	a gets rid of any controlling tty after the child
-	is fork()ed.
-
-	Use the strdup() library routine in telnet, instead
-	of the local savestr() routine.  If you don't have
-	strdup(), you need to define NO_STRDUP.
-
-	Add support for ^T (SIGINFO/VSTATUS), found in the
-	4.3Reno distribution.  This maps to the AYT character.
-	You need a 4-line bugfix in the kernel to get this
-	to work properly:
-
-	> *** tty_pty.c.ORG	Tue Sep 11 09:41:53 1990
-	> --- tty_pty.c	Tue Sep 11 17:48:03 1990
-	> ***************
-	> *** 609,613 ****
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data);
-	> 			return(0);
-	> 		}
-	> --- 609,616 ----
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
-	> ! 			if ((*(unsigned int *)data == SIGINFO) &&
-	> ! 			    ((tp->t_lflag&NOKERNINFO) == 0))
-	> ! 				ttyinfo(tp);
-	> 			return(0);
-	> 		}
-
-	The client is now smarter when setting the telnet escape
-	character; it only sets it to one of VEOL and VEOL2 if
-	one of them is undefined, and the other one is not already
-	defined to the telnet escape character.
-
-	Handle TERMIOS systems that have seperate input and output
-	line speed settings imbedded in the flags.
-
-	Many other minor bug fixes.
-
-June 20, 1990:
-	Re-organize makefiles and source tree.  The telnet/Source
-	directory is now gone, and all the source that was in
-	telnet/Source is now just in the telnet directory.
-
-	Seperate makefile for each system are now gone.  There
-	are two makefiles, Makefile and Makefile.generic.
-	The "Makefile" has the definitions for the various
-	system, and "Makefile.generic" does all the work.
-	There is a variable called "WHAT" that is used to
-	specify what to make.  For example, in the telnet
-	directory, you might say:
-		make 4.4bsd WHAT=clean
-	to clean out the directory.
-
-	Add support for the ENVIRON and XDISPLOC options.
-	In order for the server to work, login has to have
-	the "-p" option to preserve environment variables.
-
-	Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
-
-	Add the "-l user" option to command line and open command
-	(This is passed through the ENVIRON option).
-
-	Add the "-e" command line option, for setting the escape
-	character.
-
-	Add the "-D", diagnostic, option to the server.  This allows
-	the server to print out debug information, which is very
-	useful when trying to debug a telnet that doesn't have any
-	debugging ability.
-
-	Turn off the literal next character when not in LINEMODE.
-
-	Don't recognize ^Y locally, just pass it through.
-
-	Make minor modifications for Sun4.0 and Sun4.1
-
-	Add support for both FORW1 and FORW2 characters.  The
-	telnet escpape character is set to whichever of the
-	two is not being used.  If both are in use, the escape
-	character is not set, so when in linemode the user will
-	have to follow the escape character with a <CR> or <EOF)
-	to get it passed through.
-
-	Commands can now be put in single and double quotes, and
-	a backslash is now an escape character.  This is needed
-	for allowing arbitrary strings to be assigned to environment
-	variables.
-
-	Switch telnetd to use macros like telnet for keeping
-	track of the state of all the options.
-
-	Fix telnetd's processing of options so that we always do
-	the right processing of the LINEMODE option, regardless
-	of who initiates the request to turn it on.  Also, make
-	sure that if the other side went "WILL ECHO" in response
-	to our "DO ECHO", that we send a "DONT ECHO" to get the
-	option turned back off!
-
-	Fix the TERMIOS setting of the terminal speed to handle both
-	BSD's seperate fields, and the SYSV method of CBAUD bits.
-
-	Change how we deal with the other side refusing to enable
-	an option.  The sequence used to be: send DO option; receive
-	WONT option; send DONT option.  Now, the sequence is: send
-	DO option; receive WONT option.  Both should be valid
-	according to the spec, but there has been at least one
-	client implementation of telnet identified that can get
-	really confused by this.  (The exact sequence, from a trace
-	on the server side, is (numbers are number of responses that
-	we expect to get after that line...):
-
-		send WILL ECHO	1 (initial request)
-		send WONT ECHO	2 (server is changing state)
-		recv DO ECHO	1 (first reply, ok.  expect DONT ECHO next)
-		send WILL ECHO	2 (server changes state again)
-		recv DONT ECHO	1 (second reply, ok.  expect DO ECHO next)
-		recv DONT ECHO	0 (third reply, wrong answer. got DONT!!!)
-	***	send WONT ECHO	  (send WONT to acknowledge the DONT)
-		send WILL ECHO	1 (ask again to enable option)
-		recv DO ECHO	0
-
-		recv DONT ECHO	0
-		send WONT ECHO	1
-		recv DONT ECHO	0
-		recv DO ECHO	1
-		send WILL ECHO	0
-		(and the last 5 lines loop forever)
-
-	The line with the "***" is last of the WILL/DONT/WONT sequence.
-	The change to the server to not generate that makes this same
-	example become:
-
-		send will ECHO	1
-		send wont ECHO	2
-		recv do ECHO	1
-		send will ECHO	2
-		recv dont ECHO	1
-		recv dont ECHO	0
-		recv do ECHO	1
-		send will ECHO	0
-
-	There is other option negotiation going on, and not sending
-	the third part changes some of the timings, but this specific
-	example no longer gets stuck in a loop.  The "telnet.state"
-	file has been modified to reflect this change to the algorithm.
-
-	A bunch of miscellaneous bug fixes and changes to make
-	lint happier.
-
-	This version of telnet also has some KERBEROS stuff in
-	it. This has not been tested, it uses an un-authorized
-	telnet option number, and uses an out-of-date version
-	of the (still being defined) AUTHENTICATION option.
-	There is no support for this code, do not enable it.
-
-
-March 1, 1990:
-CHANGES/BUGFIXES SINCE LAST RELEASE:
-	Some support for IP TOS has been added.  Requires that the
-	kernel support the IP_TOS socket option (currently this
-	is only in UNICOS 6.0).
-
-	Both telnet and telnetd now use the cc_t typedef.  typedefs are
-	included for systems that don't have it (in termios.h).
-
-	SLC_SUSP was not supported properly before.  It is now.
-
-	IAC EOF was not translated  properly in telnetd for SYSV_TERMIO
-	when not in linemode.  It now saves a copy of the VEOF character,
-	so that when ICANON is turned off and we can't trust it anymore
-	(because it is now the VMIN character) we use the saved value.
-
-	There were two missing "break" commands in the linemode
-	processing code in telnetd.
-
-	Telnetd wasn't setting the kernel window size information
-	properly.  It was using the rows for both rows and columns...
-
-Questions/comments go to
-		David Borman
-		Cray Research, Inc.
-		655F Lone Oak Drive
-		Eagan, MN 55123
-		dab@cray.com.
-
-README:	You are reading it.
-
-Config.generic:
-	This file contains all the OS specific definitions.  It
-	has pre-definitions for many common system types, and is
-	in standard makefile fromat.  See the comments at the top
-	of the file for more information.
-
-Config.local:
-	This is not part of the distribution, but if this file exists,
-	it is used instead of "Config.generic".  This allows site
-	specific configuration without having to modify the distributed
-	"Config.generic" file.
-
-kern.diff:
-	This file contains the diffs for the changes needed for the
-	kernel to support LINEMODE is the server.  These changes are
-	for a 4.3BSD system.  You may need to make some changes for
-	your particular system.
-
-	There is a new bit in the terminal state word, TS_EXTPROC.
-	When this bit is set, several aspects of the terminal driver
-	are disabled.  Input line editing, character echo, and
-	mapping of signals are all disabled.  This allows the telnetd
-	to turn of these functions when in linemode, but still keep
-	track of what state the user wants the terminal to be in.
-
-	New ioctl()s:
-
-		TIOCEXT		Turn on/off the TS_EXTPROC bit
-		TIOCGSTATE	Get t_state of tty to look at TS_EXTPROC bit
-		TIOCSIG		Generate a signal to processes in the
-				current process group of the pty.
-
-	There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
-	When packet mode is turned on in the pty, and the TS_EXTPROC
-	bit is set, then whenever the state of the pty is changed, the
-	next read on the master side of the pty will have the TIOCPKT_IOCTL
-	bit set, and the data will contain the following:
-		struct xx {
-			struct sgttyb a;
-			struct tchars b;
-			struct ltchars c;
-			int t_state;
-			int t_flags;
-		}
-	This allows the process on the server side of the pty to know
-	when the state of the terminal has changed, and what the new
-	state is.
-
-	However, if you define USE_TERMIO or SYSV_TERMIO, the code will
-	expect that the structure returned in the TIOCPKT_IOCTL is
-	the termio/termios structure.
-
-stty.diff:
-	This file contains the changes needed for the stty(1) program
-	to report on the current status of the TS_EXTPROC bit.  It also
-	allows the user to turn on/off the TS_EXTPROC bit.  This is useful
-	because it allows the user to say "stty -extproc", and the
-	LINEMODE option will be automatically disabled, and saying "stty
-	extproc" will re-enable the LINEMODE option.
-
-telnet.state:
-	Both the client and server have code in them to deal
-	with option negotiation loops.  The algorithm that is
-	used is described in this file.
-
-telnet:
-	This directory contains the client code.  No kernel changes are
-	needed to use this code.
-
-telnetd:
-	This directory contains the server code.  If LINEMODE or KLUDGELINEMODE
-	are defined, then the kernel modifications listed above are needed.
-
-libtelnet:
-	This directory contains code that is common to both the client
-	and the server.
-
-arpa:
-	This directory has a new <arpa/telnet.h>
-
-libtelnet/Makefile.4.4:
-telnet/Makefile.4.4:
-telnetd/Makefile.4.4:
-	These are the makefiles that can be used on a 4.3Reno
-	system when this software is installed in /usr/src/lib/libtelnet,
-	/usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
-
-
-The following TELNET options are supported:
-	
-	LINEMODE:
-		The LINEMODE option is supported as per RFC1116.  The
-		FORWARDMASK option is not currently supported.
-
-	BINARY: The client has the ability to turn on/off the BINARY
-		option in each direction.  Turning on BINARY from
-		server to client causes the LITOUT bit to get set in
-		the terminal driver on both ends,  turning on BINARY
-		from the client to the server causes the PASS8 bit
-		to get set in the terminal driver on both ends.
-
-	TERMINAL-TYPE:
-		This is supported as per RFC1091.  On the server side,
-		when a terminal type is received, termcap/terminfo
-		is consulted to determine if it is a known terminal
-		type.  It keeps requesting terminal types until it
-		gets one that it recongnizes, or hits the end of the
-		list.  The server side looks up the entry in the
-		termcap/terminfo data base, and generates a list of
-		names which it then passes one at a time to each
-		request for a terminal type, duplicating the last
-		entry in the list before cycling back to the beginning.
-
-	NAWS:	The Negotiate about Window Size, as per RFC 1073.
-
-	TERMINAL-SPEED:
-		Implemented as per RFC 1079
-
-	TOGGLE-FLOW-CONTROL:
-		Implemented as per RFC 1080
-
-	TIMING-MARK:
-		As per RFC 860
-
-	SGA:	As per RFC 858
-
-	ECHO:	As per RFC 857
-
-	LOGOUT: As per RFC 727
-
-	STATUS:
-		The server will send its current status upon
-		request.  It does not ask for the clients status.
-		The client will request the servers current status
-		from the "send getstatus" command.
-
-	ENVIRON:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued, but should be in the near future...
-
-	X-DISPLAY-LOCATION:
-		This functionality can be done through the ENVIRON
-		option, it is added here for completeness.
-
-	AUTHENTICATION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The basic framework is pretty much decided,
-		but the definitions for the specific authentication
-		schemes is still in a state of flux.
-
-	ENCRYPTION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The draft RFC is still in a state of flux,
-		so this code may change in the future.
diff --git a/crypto/heimdal/appl/telnet/arpa/telnet.h b/crypto/heimdal/appl/telnet/arpa/telnet.h
deleted file mode 100644
index 5d9ef6001621..000000000000
--- a/crypto/heimdal/appl/telnet/arpa/telnet.h
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
- * Copyright (c) 1983, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnet.h	8.2 (Berkeley) 12/15/93
- */
-
-#ifndef _TELNET_H_
-#define	_TELNET_H_
-
-/*
- * Definitions for the TELNET protocol.
- */
-#define	IAC	255		/* interpret as command: */
-#define	DONT	254		/* you are not to use option */
-#define	DO	253		/* please, you use option */
-#define	WONT	252		/* I won't use option */
-#define	WILL	251		/* I will use option */
-#define	SB	250		/* interpret as subnegotiation */
-#define	GA	249		/* you may reverse the line */
-#define	EL	248		/* erase the current line */
-#define	EC	247		/* erase the current character */
-#define	AYT	246		/* are you there */
-#define	AO	245		/* abort output--but let prog finish */
-#define	IP	244		/* interrupt process--permanently */
-#define	BREAK	243		/* break */
-#define	DM	242		/* data mark--for connect. cleaning */
-#define	NOP	241		/* nop */
-#define	SE	240		/* end sub negotiation */
-#define EOR     239             /* end of record (transparent mode) */
-#define	ABORT	238		/* Abort process */
-#define	SUSP	237		/* Suspend process */
-#define	xEOF	236		/* End of file: EOF is already used... */
-
-#define SYNCH	242		/* for telfunc calls */
-
-#ifdef TELCMDS
-char *telcmds[] = {
-	"EOF", "SUSP", "ABORT", "EOR",
-	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
-	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
-};
-#else
-extern char *telcmds[];
-#endif
-
-#define	TELCMD_FIRST	xEOF
-#define	TELCMD_LAST	IAC
-#define	TELCMD_OK(x)	((unsigned int)(x) <= TELCMD_LAST && \
-			 (unsigned int)(x) >= TELCMD_FIRST)
-#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
-
-/* telnet options */
-#define TELOPT_BINARY	0	/* 8-bit data path */
-#define TELOPT_ECHO	1	/* echo */
-#define	TELOPT_RCP	2	/* prepare to reconnect */
-#define	TELOPT_SGA	3	/* suppress go ahead */
-#define	TELOPT_NAMS	4	/* approximate message size */
-#define	TELOPT_STATUS	5	/* give status */
-#define	TELOPT_TM	6	/* timing mark */
-#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
-#define TELOPT_NAOL 	8	/* negotiate about output line width */
-#define TELOPT_NAOP 	9	/* negotiate about output page size */
-#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
-#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
-#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
-#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
-#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
-#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
-#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
-#define TELOPT_XASCII	17	/* extended ascic character set */
-#define	TELOPT_LOGOUT	18	/* force logout */
-#define	TELOPT_BM	19	/* byte macro */
-#define	TELOPT_DET	20	/* data entry terminal */
-#define	TELOPT_SUPDUP	21	/* supdup protocol */
-#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
-#define	TELOPT_SNDLOC	23	/* send location */
-#define	TELOPT_TTYPE	24	/* terminal type */
-#define	TELOPT_EOR	25	/* end or record */
-#define	TELOPT_TUID	26	/* TACACS user identification */
-#define	TELOPT_OUTMRK	27	/* output marking */
-#define	TELOPT_TTYLOC	28	/* terminal location number */
-#define	TELOPT_3270REGIME 29	/* 3270 regime */
-#define	TELOPT_X3PAD	30	/* X.3 PAD */
-#define	TELOPT_NAWS	31	/* window size */
-#define	TELOPT_TSPEED	32	/* terminal speed */
-#define	TELOPT_LFLOW	33	/* remote flow control */
-#define TELOPT_LINEMODE	34	/* Linemode option */
-#define TELOPT_XDISPLOC	35	/* X Display Location */
-#define TELOPT_OLD_ENVIRON 36	/* Old - Environment variables */
-#define	TELOPT_AUTHENTICATION 37/* Authenticate */
-#define	TELOPT_ENCRYPT	38	/* Encryption option */
-#define TELOPT_NEW_ENVIRON 39	/* New - Environment variables */
-#define	TELOPT_EXOPL	255	/* extended-options-list */
-
-
-#define	NTELOPTS	(1+TELOPT_NEW_ENVIRON)
-#ifdef TELOPTS
-char *telopts[NTELOPTS+1] = {
-	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
-	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
-	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
-	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
-	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
-	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
-	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
-	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
-	"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
-	"ENCRYPT", "NEW-ENVIRON",
-	0,
-};
-#define	TELOPT_FIRST	TELOPT_BINARY
-#define	TELOPT_LAST	TELOPT_NEW_ENVIRON
-#define	TELOPT_OK(x)	((unsigned int)(x) <= TELOPT_LAST)
-#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
-#endif
-
-/* sub-option qualifiers */
-#define	TELQUAL_IS	0	/* option is... */
-#define	TELQUAL_SEND	1	/* send option */
-#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
-#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
-#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
-
-#define	LFLOW_OFF		0	/* Disable remote flow control */
-#define	LFLOW_ON		1	/* Enable remote flow control */
-#define	LFLOW_RESTART_ANY	2	/* Restart output on any char */
-#define	LFLOW_RESTART_XON	3	/* Restart output only on XON */
-
-/*
- * LINEMODE suboptions
- */
-
-#define	LM_MODE		1
-#define	LM_FORWARDMASK	2
-#define	LM_SLC		3
-
-#define	MODE_EDIT	0x01
-#define	MODE_TRAPSIG	0x02
-#define	MODE_ACK	0x04
-#define MODE_SOFT_TAB	0x08
-#define MODE_LIT_ECHO	0x10
-
-#define	MODE_MASK	0x1f
-
-/* Not part of protocol, but needed to simplify things... */
-#define MODE_FLOW		0x0100
-#define MODE_ECHO		0x0200
-#define MODE_INBIN		0x0400
-#define MODE_OUTBIN		0x0800
-#define MODE_FORCE		0x1000
-
-#define	SLC_SYNCH	1
-#define	SLC_BRK		2
-#define	SLC_IP		3
-#define	SLC_AO		4
-#define	SLC_AYT		5
-#define	SLC_EOR		6
-#define	SLC_ABORT	7
-#define	SLC_EOF		8
-#define	SLC_SUSP	9
-#define	SLC_EC		10
-#define	SLC_EL		11
-#define	SLC_EW		12
-#define	SLC_RP		13
-#define	SLC_LNEXT	14
-#define	SLC_XON		15
-#define	SLC_XOFF	16
-#define	SLC_FORW1	17
-#define	SLC_FORW2	18
-
-#define	NSLC		18
-
-/*
- * For backwards compatability, we define SLC_NAMES to be the
- * list of names if SLC_NAMES is not defined.
- */
-#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
-			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
-			"LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
-#ifdef	SLC_NAMES
-char *slc_names[] = {
-	SLC_NAMELIST
-};
-#else
-extern char *slc_names[];
-#define	SLC_NAMES SLC_NAMELIST
-#endif
-
-#define	SLC_NAME_OK(x)	((unsigned int)(x) <= NSLC)
-#define SLC_NAME(x)	slc_names[x]
-
-#define	SLC_NOSUPPORT	0
-#define	SLC_CANTCHANGE	1
-#define	SLC_VARIABLE	2
-#define	SLC_DEFAULT	3
-#define	SLC_LEVELBITS	0x03
-
-#define	SLC_FUNC	0
-#define	SLC_FLAGS	1
-#define	SLC_VALUE	2
-
-#define	SLC_ACK		0x80
-#define	SLC_FLUSHIN	0x40
-#define	SLC_FLUSHOUT	0x20
-
-#define	OLD_ENV_VAR	1
-#define	OLD_ENV_VALUE	0
-#define	NEW_ENV_VAR	0
-#define	NEW_ENV_VALUE	1
-#define	ENV_ESC		2
-#define ENV_USERVAR	3
-
-/*
- * AUTHENTICATION suboptions
- */
-
-/*
- * Who is authenticating who ...
- */
-#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
-#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
-#define	AUTH_WHO_MASK		1
-
-/*
- * amount of authentication done
- */
-#define	AUTH_HOW_ONE_WAY	0
-#define	AUTH_HOW_MUTUAL		2
-#define	AUTH_HOW_MASK		2
-
-#define	AUTHTYPE_NULL		0
-#define	AUTHTYPE_KERBEROS_V4	1
-#define	AUTHTYPE_KERBEROS_V5	2
-#define	AUTHTYPE_SPX		3
-#define	AUTHTYPE_MINK		4
-#define	AUTHTYPE_SRA		5
-#define	AUTHTYPE_CNT		6
-/* #define	AUTHTYPE_UNSECURE 6 */
-
-#define	AUTHTYPE_TEST		99
-
-#ifdef	AUTH_NAMES
-char *authtype_names[] = {
-	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK",
-	"SRA", 0,
-};
-#else
-extern char *authtype_names[];
-#endif
-
-#define	AUTHTYPE_NAME_OK(x)	((unsigned int)(x) < AUTHTYPE_CNT)
-#define	AUTHTYPE_NAME(x)	authtype_names[x]
-
-/*
- * ENCRYPTion suboptions
- */
-#define	ENCRYPT_IS		0	/* I pick encryption type ... */
-#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
-#define	ENCRYPT_REPLY		2	/* Initial setup response */
-#define	ENCRYPT_START		3	/* Am starting to send encrypted */
-#define	ENCRYPT_END		4	/* Am ending encrypted */
-#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
-#define	ENCRYPT_REQEND		6	/* Request you send encrypting */
-#define	ENCRYPT_ENC_KEYID	7
-#define	ENCRYPT_DEC_KEYID	8
-#define	ENCRYPT_CNT		9
-
-#define	ENCTYPE_ANY		0
-#define	ENCTYPE_DES_CFB64	1
-#define	ENCTYPE_DES_OFB64	2
-#define	ENCTYPE_CNT		3
-
-#ifdef	ENCRYPT_NAMES
-char *encrypt_names[] = {
-	"IS", "SUPPORT", "REPLY", "START", "END",
-	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
-	0,
-};
-char *enctype_names[] = {
-	"ANY", "DES_CFB64",  "DES_OFB64",  0,
-};
-#else
-extern char *encrypt_names[];
-extern char *enctype_names[];
-#endif
-
-
-#define	ENCRYPT_NAME_OK(x)	((unsigned int)(x) < ENCRYPT_CNT)
-#define	ENCRYPT_NAME(x)		encrypt_names[x]
-
-#define	ENCTYPE_NAME_OK(x)	((unsigned int)(x) < ENCTYPE_CNT)
-#define	ENCTYPE_NAME(x)		enctype_names[x]
-
-#endif /* !_TELNET_H_ */
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile b/crypto/heimdal/appl/telnet/libtelnet/Makefile
deleted file mode 100644
index 90ade3e5f4f5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile
+++ /dev/null
@@ -1,580 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/telnet/libtelnet/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.9 2001/08/28 08:31:23 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_LIBRARIES = libtelnet.a
-
-libtelnet_a_SOURCES = \
-	auth-proto.h	\
-	auth.c		\
-	auth.h		\
-	enc-proto.h	\
-	enc_des.c	\
-	encrypt.c	\
-	encrypt.h	\
-	genget.c	\
-	kerberos.c	\
-	kerberos5.c	\
-	misc-proto.h	\
-	misc.c		\
-	misc.h
-
-
-EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
-subdir = appl/telnet/libtelnet
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(noinst_LIBRARIES)
-
-libtelnet_a_AR = $(AR) cru
-libtelnet_a_LIBADD =
-am_libtelnet_a_OBJECTS = auth.$(OBJEXT) enc_des.$(OBJEXT) \
-	encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos.$(OBJEXT) \
-	kerberos5.$(OBJEXT) misc.$(OBJEXT)
-libtelnet_a_OBJECTS = $(am_libtelnet_a_OBJECTS)
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libtelnet_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(libtelnet_a_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/libtelnet/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-AR = ar
-
-clean-noinstLIBRARIES:
-	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
-libtelnet.a: $(libtelnet_a_OBJECTS) $(libtelnet_a_DEPENDENCIES) 
-	-rm -f libtelnet.a
-	$(libtelnet_a_AR) libtelnet.a $(libtelnet_a_OBJECTS) $(libtelnet_a_LIBADD)
-	$(RANLIB) libtelnet.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstLIBRARIES distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am b/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
deleted file mode 100644
index 2c30c2c00259..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am
+++ /dev/null
@@ -1,24 +0,0 @@
-# $Id: Makefile.am,v 1.9 2001/08/28 08:31:23 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-noinst_LIBRARIES = libtelnet.a
-
-libtelnet_a_SOURCES = \
-	auth-proto.h	\
-	auth.c		\
-	auth.h		\
-	enc-proto.h	\
-	enc_des.c	\
-	encrypt.c	\
-	encrypt.h	\
-	genget.c	\
-	kerberos.c	\
-	kerberos5.c	\
-	misc-proto.h	\
-	misc.c		\
-	misc.h
-
-EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
deleted file mode 100644
index 4104da1396b5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in
+++ /dev/null
@@ -1,581 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.9 2001/08/28 08:31:23 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_LIBRARIES = libtelnet.a
-
-libtelnet_a_SOURCES = \
-	auth-proto.h	\
-	auth.c		\
-	auth.h		\
-	enc-proto.h	\
-	enc_des.c	\
-	encrypt.c	\
-	encrypt.h	\
-	genget.c	\
-	kerberos.c	\
-	kerberos5.c	\
-	misc-proto.h	\
-	misc.c		\
-	misc.h
-
-
-EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
-subdir = appl/telnet/libtelnet
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(noinst_LIBRARIES)
-
-libtelnet_a_AR = $(AR) cru
-libtelnet_a_LIBADD =
-am_libtelnet_a_OBJECTS = auth.$(OBJEXT) enc_des.$(OBJEXT) \
-	encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos.$(OBJEXT) \
-	kerberos5.$(OBJEXT) misc.$(OBJEXT)
-libtelnet_a_OBJECTS = $(am_libtelnet_a_OBJECTS)
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libtelnet_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(libtelnet_a_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/libtelnet/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-AR = ar
-
-clean-noinstLIBRARIES:
-	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
-libtelnet.a: $(libtelnet_a_OBJECTS) $(libtelnet_a_DEPENDENCIES) 
-	-rm -f libtelnet.a
-	$(libtelnet_a_AR) libtelnet.a $(libtelnet_a_OBJECTS) $(libtelnet_a_LIBADD)
-	$(RANLIB) libtelnet.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstLIBRARIES distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h b/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
deleted file mode 100644
index 89f1fbc5e7e5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: auth-proto.h,v 1.11 2002/08/28 20:56:14 joda Exp $ */
-
-#ifdef AUTHENTICATION
-Authenticator *findauthenticator (int, int);
-
-int auth_wait (char *, size_t);
-void auth_disable_name (char *);
-void auth_finished (Authenticator *, int);
-void auth_gen_printsub (unsigned char *, int, unsigned char *, int);
-void auth_init (const char *, int);
-void auth_is (unsigned char *, int);
-void auth_name(unsigned char*, int);
-void auth_reply (unsigned char *, int);
-void auth_request (void);
-void auth_send (unsigned char *, int);
-void auth_send_retry (void);
-void auth_printsub(unsigned char*, int, unsigned char*, int);
-int getauthmask(char *type, int *maskp);
-int auth_enable(char *type);
-int auth_disable(char *type);
-int auth_onoff(char *type, int on);
-int auth_togdebug(int on);
-int auth_status(void);
-int auth_sendname(unsigned char *cp, int len);
-void auth_debug(int mode);
-void auth_gen_printsub(unsigned char *data, int cnt,
-		       unsigned char *buf, int buflen);
-
-#ifdef UNSAFE
-int unsafe_init (Authenticator *, int);
-int unsafe_send (Authenticator *);
-void unsafe_is (Authenticator *, unsigned char *, int);
-void unsafe_reply (Authenticator *, unsigned char *, int);
-int unsafe_status (Authenticator *, char *, int);
-void unsafe_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-
-#ifdef SRA
-int sra_init (Authenticator *, int);
-int sra_send (Authenticator *);
-void sra_is (Authenticator *, unsigned char *, int);
-void sra_reply (Authenticator *, unsigned char *, int);
-int sra_status (Authenticator *, char *, int);
-void sra_printsub (unsigned char *, int, unsigned char *, int);
-#endif
-
-#ifdef	KRB4
-int kerberos4_init (Authenticator *, int);
-int kerberos4_send_mutual (Authenticator *);
-int kerberos4_send_oneway (Authenticator *);
-void kerberos4_is (Authenticator *, unsigned char *, int);
-void kerberos4_reply (Authenticator *, unsigned char *, int);
-int kerberos4_status (Authenticator *, char *, size_t, int);
-void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
-int kerberos4_forward(Authenticator *ap, void *);
-#endif
-
-#ifdef	KRB5
-int kerberos5_init (Authenticator *, int);
-int kerberos5_send_mutual (Authenticator *);
-int kerberos5_send_oneway (Authenticator *);
-void kerberos5_is (Authenticator *, unsigned char *, int);
-void kerberos5_reply (Authenticator *, unsigned char *, int);
-int kerberos5_status (Authenticator *, char *, size_t, int);
-void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
-int kerberos5_set_forward(int);
-int kerberos5_set_forwardable(int);
-#endif
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.c b/crypto/heimdal/appl/telnet/libtelnet/auth.c
deleted file mode 100644
index cbb7a78cf4f6..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/auth.c
+++ /dev/null
@@ -1,660 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <config.h>
-
-RCSID("$Id: auth.c,v 1.25 2002/01/18 12:58:48 joda Exp $");
-
-#if	defined(AUTHENTICATION)
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <signal.h>
-#define	AUTH_NAMES
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#include <roken.h>
-
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc-proto.h"
-#include "auth-proto.h"
-
-#define	typemask(x)		(1<<((x)-1))
-
-#ifdef	KRB4_ENCPWD
-extern krb4encpwd_init();
-extern krb4encpwd_send();
-extern krb4encpwd_is();
-extern krb4encpwd_reply();
-extern krb4encpwd_status();
-extern krb4encpwd_printsub();
-#endif
-
-#ifdef	RSA_ENCPWD
-extern rsaencpwd_init();
-extern rsaencpwd_send();
-extern rsaencpwd_is();
-extern rsaencpwd_reply();
-extern rsaencpwd_status();
-extern rsaencpwd_printsub();
-#endif
-
-int auth_debug_mode = 0;
-int auth_has_failed  = 0;
-int auth_enable_encrypt = 0;
-static 	const	char	*Name = "Noname";
-static	int	Server = 0;
-static	Authenticator	*authenticated = 0;
-static	int	authenticating = 0;
-static	int	validuser = 0;
-static	unsigned char	_auth_send_data[256];
-static	unsigned char	*auth_send_data;
-static	int	auth_send_cnt = 0;
-
-/*
- * Authentication types supported.  Plese note that these are stored
- * in priority order, i.e. try the first one first.
- */
-Authenticator authenticators[] = {
-#ifdef UNSAFE
-    { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      unsafe_init,
-      unsafe_send,
-      unsafe_is,
-      unsafe_reply,
-      unsafe_status,
-      unsafe_printsub },
-#endif
-#ifdef SRA
-    { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      sra_init,
-      sra_send,
-      sra_is,
-      sra_reply,
-      sra_status,
-      sra_printsub },
-#endif
-#ifdef	SPX
-    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      spx_init,
-      spx_send,
-      spx_is,
-      spx_reply,
-      spx_status,
-      spx_printsub },
-    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      spx_init,
-      spx_send,
-      spx_is,
-      spx_reply,
-      spx_status,
-      spx_printsub },
-#endif
-#ifdef	KRB5
-    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      kerberos5_init,
-      kerberos5_send_mutual,
-      kerberos5_is,
-      kerberos5_reply,
-      kerberos5_status,
-      kerberos5_printsub },
-    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      kerberos5_init,
-      kerberos5_send_oneway,
-      kerberos5_is,
-      kerberos5_reply,
-      kerberos5_status,
-      kerberos5_printsub },
-#endif
-#ifdef	KRB4
-    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      kerberos4_init,
-      kerberos4_send_mutual,
-      kerberos4_is,
-      kerberos4_reply,
-      kerberos4_status,
-      kerberos4_printsub },
-    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      kerberos4_init,
-      kerberos4_send_oneway,
-      kerberos4_is,
-      kerberos4_reply,
-      kerberos4_status,
-      kerberos4_printsub },
-#endif
-#ifdef	KRB4_ENCPWD
-    { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-      krb4encpwd_init,
-      krb4encpwd_send,
-      krb4encpwd_is,
-      krb4encpwd_reply,
-      krb4encpwd_status,
-      krb4encpwd_printsub },
-#endif
-#ifdef	RSA_ENCPWD
-    { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-      rsaencpwd_init,
-      rsaencpwd_send,
-      rsaencpwd_is,
-      rsaencpwd_reply,
-      rsaencpwd_status,
-      rsaencpwd_printsub },
-#endif
-    { 0, },
-};
-
-static Authenticator NoAuth = { 0 };
-
-static int	i_support = 0;
-static int	i_wont_support = 0;
-
-Authenticator *
-findauthenticator(int type, int way)
-{
-    Authenticator *ap = authenticators;
-
-    while (ap->type && (ap->type != type || ap->way != way))
-	++ap;
-    return(ap->type ? ap : 0);
-}
-
-void
-auth_init(const char *name, int server)
-{
-    Authenticator *ap = authenticators;
-
-    Server = server;
-    Name = name;
-
-    i_support = 0;
-    authenticated = 0;
-    authenticating = 0;
-    while (ap->type) {
-	if (!ap->init || (*ap->init)(ap, server)) {
-	    i_support |= typemask(ap->type);
-	    if (auth_debug_mode)
-		printf(">>>%s: I support auth type %d %d\r\n",
-		       Name,
-		       ap->type, ap->way);
-	}
-	else if (auth_debug_mode)
-	    printf(">>>%s: Init failed: auth type %d %d\r\n",
-		   Name, ap->type, ap->way);
-	++ap;
-    }
-}
-
-void
-auth_disable_name(char *name)
-{
-    int x;
-    for (x = 0; x < AUTHTYPE_CNT; ++x) {
-	if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
-	    i_wont_support |= typemask(x);
-	    break;
-	}
-    }
-}
-
-int
-getauthmask(char *type, int *maskp)
-{
-    int x;
-
-    if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
-	*maskp = -1;
-	return(1);
-    }
-
-    for (x = 1; x < AUTHTYPE_CNT; ++x) {
-	if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
-	    *maskp = typemask(x);
-	    return(1);
-	}
-    }
-    return(0);
-}
-
-int
-auth_enable(char *type)
-{
-    return(auth_onoff(type, 1));
-}
-
-int
-auth_disable(char *type)
-{
-    return(auth_onoff(type, 0));
-}
-
-int
-auth_onoff(char *type, int on)
-{
-    int i, mask = -1;
-    Authenticator *ap;
-
-    if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
-	printf("auth %s 'type'\n", on ? "enable" : "disable");
-	printf("Where 'type' is one of:\n");
-	printf("\t%s\n", AUTHTYPE_NAME(0));
-	mask = 0;
-	for (ap = authenticators; ap->type; ap++) {
-	    if ((mask & (i = typemask(ap->type))) != 0)
-		continue;
-	    mask |= i;
-	    printf("\t%s\n", AUTHTYPE_NAME(ap->type));
-	}
-	return(0);
-    }
-
-    if (!getauthmask(type, &mask)) {
-	printf("%s: invalid authentication type\n", type);
-	return(0);
-    }
-    if (on)
-	i_wont_support &= ~mask;
-    else
-	i_wont_support |= mask;
-    return(1);
-}
-
-int
-auth_togdebug(int on)
-{
-    if (on < 0)
-	auth_debug_mode ^= 1;
-    else
-	auth_debug_mode = on;
-    printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
-    return(1);
-}
-
-int
-auth_status(void)
-{
-    Authenticator *ap;
-    int i, mask;
-
-    if (i_wont_support == -1)
-	printf("Authentication disabled\n");
-    else
-	printf("Authentication enabled\n");
-
-    mask = 0;
-    for (ap = authenticators; ap->type; ap++) {
-	if ((mask & (i = typemask(ap->type))) != 0)
-	    continue;
-	mask |= i;
-	printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
-	       (i_wont_support & typemask(ap->type)) ?
-	       "disabled" : "enabled");
-    }
-    return(1);
-}
-
-/*
- * This routine is called by the server to start authentication
- * negotiation.
- */
-void
-auth_request(void)
-{
-    static unsigned char str_request[64] = { IAC, SB,
-					     TELOPT_AUTHENTICATION,
-					     TELQUAL_SEND, };
-    Authenticator *ap = authenticators;
-    unsigned char *e = str_request + 4;
-
-    if (!authenticating) {
-	authenticating = 1;
-	while (ap->type) {
-	    if (i_support & ~i_wont_support & typemask(ap->type)) {
-		if (auth_debug_mode) {
-		    printf(">>>%s: Sending type %d %d\r\n",
-			   Name, ap->type, ap->way);
-		}
-		*e++ = ap->type;
-		*e++ = ap->way;
-	    }
-	    ++ap;
-	}
-	*e++ = IAC;
-	*e++ = SE;
-	telnet_net_write(str_request, e - str_request);
-	printsub('>', &str_request[2], e - str_request - 2);
-    }
-}
-
-/*
- * This is called when an AUTH SEND is received.
- * It should never arrive on the server side (as only the server can
- * send an AUTH SEND).
- * You should probably respond to it if you can...
- *
- * If you want to respond to the types out of order (i.e. even
- * if he sends  LOGIN KERBEROS and you support both, you respond
- * with KERBEROS instead of LOGIN (which is against what the
- * protocol says)) you will have to hack this code...
- */
-void
-auth_send(unsigned char *data, int cnt)
-{
-    Authenticator *ap;
-    static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_IS, AUTHTYPE_NULL, 0,
-					IAC, SE };
-    if (Server) {
-	if (auth_debug_mode) {
-	    printf(">>>%s: auth_send called!\r\n", Name);
-	}
-	return;
-    }
-
-    if (auth_debug_mode) {
-	printf(">>>%s: auth_send got:", Name);
-	printd(data, cnt); printf("\r\n");
-    }
-
-    /*
-     * Save the data, if it is new, so that we can continue looking
-     * at it if the authorization we try doesn't work
-     */
-    if (data < _auth_send_data ||
-	data > _auth_send_data + sizeof(_auth_send_data)) {
-	auth_send_cnt = cnt > sizeof(_auth_send_data)
-	    ? sizeof(_auth_send_data)
-	    : cnt;
-	memmove(_auth_send_data, data, auth_send_cnt);
-	auth_send_data = _auth_send_data;
-    } else {
-	/*
-	 * This is probably a no-op, but we just make sure
-	 */
-	auth_send_data = data;
-	auth_send_cnt = cnt;
-    }
-    while ((auth_send_cnt -= 2) >= 0) {
-	if (auth_debug_mode)
-	    printf(">>>%s: He supports %d\r\n",
-		   Name, *auth_send_data);
-	if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
-	    ap = findauthenticator(auth_send_data[0],
-				   auth_send_data[1]);
-	    if (ap && ap->send) {
-		if (auth_debug_mode)
-		    printf(">>>%s: Trying %d %d\r\n",
-			   Name, auth_send_data[0],
-			   auth_send_data[1]);
-		if ((*ap->send)(ap)) {
-		    /*
-		     * Okay, we found one we like
-		     * and did it.
-		     * we can go home now.
-		     */
-		    if (auth_debug_mode)
-			printf(">>>%s: Using type %d\r\n",
-			       Name, *auth_send_data);
-		    auth_send_data += 2;
-		    return;
-		}
-	    }
-	    /* else
-	     *	just continue on and look for the
-	     *	next one if we didn't do anything.
-	     */
-	}
-	auth_send_data += 2;
-    }
-    telnet_net_write(str_none, sizeof(str_none));
-    printsub('>', &str_none[2], sizeof(str_none) - 2);
-    if (auth_debug_mode)
-	printf(">>>%s: Sent failure message\r\n", Name);
-    auth_finished(0, AUTH_REJECT);
-    auth_has_failed = 1;
-#ifdef KANNAN
-    /*
-     *  We requested strong authentication, however no mechanisms worked.
-     *  Therefore, exit on client end.
-     */
-    printf("Unable to securely authenticate user ... exit\n");
-    exit(0);
-#endif /* KANNAN */
-}
-
-void
-auth_send_retry(void)
-{
-    /*
-     * if auth_send_cnt <= 0 then auth_send will end up rejecting
-     * the authentication and informing the other side of this.
-	 */
-    auth_send(auth_send_data, auth_send_cnt);
-}
-
-void
-auth_is(unsigned char *data, int cnt)
-{
-    Authenticator *ap;
-
-    if (cnt < 2)
-	return;
-
-    if (data[0] == AUTHTYPE_NULL) {
-	auth_finished(0, AUTH_REJECT);
-	return;
-    }
-
-    if ((ap = findauthenticator(data[0], data[1]))) {
-	if (ap->is)
-	    (*ap->is)(ap, data+2, cnt-2);
-    } else if (auth_debug_mode)
-	printf(">>>%s: Invalid authentication in IS: %d\r\n",
-	       Name, *data);
-}
-
-void
-auth_reply(unsigned char *data, int cnt)
-{
-    Authenticator *ap;
-
-    if (cnt < 2)
-	return;
-
-    if ((ap = findauthenticator(data[0], data[1]))) {
-	if (ap->reply)
-	    (*ap->reply)(ap, data+2, cnt-2);
-    } else if (auth_debug_mode)
-	printf(">>>%s: Invalid authentication in SEND: %d\r\n",
-	       Name, *data);
-}
-
-void
-auth_name(unsigned char *data, int cnt)
-{
-    char savename[256];
-
-    if (cnt < 1) {
-	if (auth_debug_mode)
-	    printf(">>>%s: Empty name in NAME\r\n", Name);
-	return;
-    }
-    if (cnt > sizeof(savename) - 1) {
-	if (auth_debug_mode)
-	    printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n",
-		   Name, cnt, (unsigned long)(sizeof(savename)-1));
-	return;
-    }
-    memmove(savename, data, cnt);
-    savename[cnt] = '\0';	/* Null terminate */
-    if (auth_debug_mode)
-	printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
-    auth_encrypt_user(savename);
-}
-
-int
-auth_sendname(unsigned char *cp, int len)
-{
-    static unsigned char str_request[256+6]
-	= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
-    unsigned char *e = str_request + 4;
-    unsigned char *ee = &str_request[sizeof(str_request)-2];
-
-    while (--len >= 0) {
-	if ((*e++ = *cp++) == IAC)
-	    *e++ = IAC;
-	if (e >= ee)
-	    return(0);
-    }
-    *e++ = IAC;
-    *e++ = SE;
-    telnet_net_write(str_request, e - str_request);
-    printsub('>', &str_request[2], e - &str_request[2]);
-    return(1);
-}
-
-void
-auth_finished(Authenticator *ap, int result)
-{
-    if (!(authenticated = ap))
-	authenticated = &NoAuth;
-    validuser = result;
-}
-
-/* ARGSUSED */
-static void
-auth_intr(int sig)
-{
-    auth_finished(0, AUTH_REJECT);
-}
-
-int
-auth_wait(char *name, size_t name_sz)
-{
-    if (auth_debug_mode)
-	printf(">>>%s: in auth_wait.\r\n", Name);
-
-    if (Server && !authenticating)
-	return(0);
-
-    signal(SIGALRM, auth_intr);
-    alarm(30);
-    while (!authenticated)
-	if (telnet_spin())
-	    break;
-    alarm(0);
-    signal(SIGALRM, SIG_DFL);
-
-    /*
-     * Now check to see if the user is valid or not
-     */
-    if (!authenticated || authenticated == &NoAuth)
-	return(AUTH_REJECT);
-
-    if (validuser == AUTH_VALID)
-	validuser = AUTH_USER;
-
-    if (authenticated->status)
-	validuser = (*authenticated->status)(authenticated,
-					     name, name_sz,
-					     validuser);
-    return(validuser);
-}
-
-void
-auth_debug(int mode)
-{
-    auth_debug_mode = mode;
-}
-
-void
-auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    Authenticator *ap;
-
-    if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
-	(*ap->printsub)(data, cnt, buf, buflen);
-    else
-	auth_gen_printsub(data, cnt, buf, buflen);
-}
-
-void
-auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    unsigned char *cp;
-    unsigned char tbuf[16];
-
-    cnt -= 3;
-    data += 3;
-    buf[buflen-1] = '\0';
-    buf[buflen-2] = '*';
-    buflen -= 2;
-    for (; cnt > 0; cnt--, data++) {
-	snprintf((char*)tbuf, sizeof(tbuf), " %d", *data);
-	for (cp = tbuf; *cp && buflen > 0; --buflen)
-	    *buf++ = *cp++;
-	if (buflen <= 0)
-	    return;
-    }
-    *buf = '\0';
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.h b/crypto/heimdal/appl/telnet/libtelnet/auth.h
deleted file mode 100644
index 83dd701c0a6f..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/auth.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: auth.h,v 1.4 1998/06/09 19:24:41 joda Exp $ */
-
-#ifndef	__AUTH__
-#define	__AUTH__
-
-#define	AUTH_REJECT	0	/* Rejected */
-#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
-#define	AUTH_OTHER	2	/* We know him, but not his name */
-#define	AUTH_USER	3	/* We know he name */
-#define	AUTH_VALID	4	/* We know him, and he needs no password */
-
-typedef struct XauthP {
-	int	type;
-	int	way;
-	int	(*init) (struct XauthP *, int);
-	int	(*send) (struct XauthP *);
-	void	(*is) (struct XauthP *, unsigned char *, int);
-	void	(*reply) (struct XauthP *, unsigned char *, int);
-	int	(*status) (struct XauthP *, char *, size_t, int);
-	void	(*printsub) (unsigned char *, int, unsigned char *, int);
-} Authenticator;
-
-#include "auth-proto.h"
-
-extern int auth_debug_mode;
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
deleted file mode 100644
index 3078848a93f8..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
- *
- *	@(#)enc-proto.h	5.2 (Berkeley) 3/22/91
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: enc-proto.h,v 1.11 2002/01/18 12:58:49 joda Exp $ */
-
-#if	defined(ENCRYPTION)
-Encryptions *findencryption (int);
-Encryptions *finddecryption(int);
-int EncryptAutoDec(int);
-int EncryptAutoEnc(int);
-int EncryptDebug(int);
-int EncryptDisable(char*, char*);
-int EncryptEnable(char*, char*);
-int EncryptStart(char*);
-int EncryptStartInput(void);
-int EncryptStartOutput(void);
-int EncryptStatus(void);
-int EncryptStop(char*);
-int EncryptStopInput(void);
-int EncryptStopOutput(void);
-int EncryptType(char*, char*);
-int EncryptVerbose(int);
-void decrypt_auto(int);
-void encrypt_auto(int);
-void encrypt_debug(int);
-void encrypt_dec_keyid(unsigned char*, int);
-void encrypt_display(void);
-void encrypt_enc_keyid(unsigned char*, int);
-void encrypt_end(void);
-void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int);
-void encrypt_init(const char*, int);
-void encrypt_is(unsigned char*, int);
-void encrypt_list_types(void);
-void encrypt_not(void);
-void encrypt_printsub(unsigned char*, int, unsigned char*, int);
-void encrypt_reply(unsigned char*, int);
-void encrypt_request_end(void);
-void encrypt_request_start(unsigned char*, int);
-void encrypt_send_end(void);
-void encrypt_send_keyid(int, unsigned char*, int, int);
-void encrypt_send_request_end(void);
-int encrypt_is_encrypting(void);
-void encrypt_send_request_start(void);
-void encrypt_send_support(void);
-void encrypt_session_key(Session_Key*, int);
-void encrypt_start(unsigned char*, int);
-void encrypt_start_output(int);
-void encrypt_support(unsigned char*, int);
-void encrypt_verbose_quiet(int);
-void encrypt_wait(void);
-int encrypt_delay(void);
-
-#ifdef	TELENTD
-void encrypt_wait (void);
-#else
-void encrypt_display (void);
-#endif
-
-void cfb64_encrypt (unsigned char *, int);
-int cfb64_decrypt (int);
-void cfb64_init (int);
-int cfb64_start (int, int);
-int cfb64_is (unsigned char *, int);
-int cfb64_reply (unsigned char *, int);
-void cfb64_session (Session_Key *, int);
-int cfb64_keyid (int, unsigned char *, int *);
-void cfb64_printsub (unsigned char *, int, unsigned char *, int);
-
-void ofb64_encrypt (unsigned char *, int);
-int ofb64_decrypt (int);
-void ofb64_init (int);
-int ofb64_start (int, int);
-int ofb64_is (unsigned char *, int);
-int ofb64_reply (unsigned char *, int);
-void ofb64_session (Session_Key *, int);
-int ofb64_keyid (int, unsigned char *, int *);
-void ofb64_printsub (unsigned char *, int, unsigned char *, int);
-
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
deleted file mode 100644
index 537d22fbbab5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c
+++ /dev/null
@@ -1,673 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: enc_des.c,v 1.21 2002/09/10 20:03:47 joda Exp $");
-
-#if	defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
-#include <arpa/telnet.h>
-#include <stdio.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#include <string.h>
-#endif
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "misc-proto.h"
-
-#include "crypto-headers.h"
-
-extern int encrypt_debug_mode;
-
-#define	CFB	0
-#define	OFB	1
-
-#define	NO_SEND_IV	1
-#define	NO_RECV_IV	2
-#define	NO_KEYID	4
-#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-#define	SUCCESS		0
-#define	FAILED		-1
-
-
-struct stinfo {
-  des_cblock	str_output;
-  des_cblock	str_feed;
-  des_cblock	str_iv;
-  des_cblock	str_ikey;
-  des_key_schedule str_sched;
-  int		str_index;
-  int		str_flagshift;
-};
-
-struct fb {
-	des_cblock krbdes_key;
-	des_key_schedule krbdes_sched;
-	des_cblock temp_feed;
-	unsigned char fb_feed[64];
-	int need_start;
-	int state[2];
-	int keyid[2];
-	int once;
-	struct stinfo streams[2];
-};
-
-static struct fb fb[2];
-
-struct keyidlist {
-	char	*keyid;
-	int	keyidlen;
-	char	*key;
-	int	keylen;
-	int	flags;
-} keyidlist [] = {
-	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
-	{ 0, 0, 0, 0, 0 }
-};
-
-#define	KEYFLAG_MASK	03
-
-#define	KEYFLAG_NOINIT	00
-#define	KEYFLAG_INIT	01
-#define	KEYFLAG_OK	02
-#define	KEYFLAG_BAD	03
-
-#define	KEYFLAG_SHIFT	2
-
-#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
-
-#define	FB64_IV		1
-#define	FB64_IV_OK	2
-#define	FB64_IV_BAD	3
-
-
-void fb64_stream_iv (des_cblock, struct stinfo *);
-void fb64_init (struct fb *);
-static int fb64_start (struct fb *, int, int);
-int fb64_is (unsigned char *, int, struct fb *);
-int fb64_reply (unsigned char *, int, struct fb *);
-static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (des_cblock, struct stinfo *);
-int fb64_keyid (int, unsigned char *, int *, struct fb *);
-void fb64_printsub(unsigned char *, int ,
-		   unsigned char *, int , char *);
-
-void cfb64_init(int server)
-{
-	fb64_init(&fb[CFB]);
-	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
-}
-
-
-void ofb64_init(int server)
-{
-	fb64_init(&fb[OFB]);
-	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
-}
-
-void fb64_init(struct fb *fbp)
-{
-	memset(fbp,0, sizeof(*fbp));
-	fbp->state[0] = fbp->state[1] = FAILED;
-	fbp->fb_feed[0] = IAC;
-	fbp->fb_feed[1] = SB;
-	fbp->fb_feed[2] = TELOPT_ENCRYPT;
-	fbp->fb_feed[3] = ENCRYPT_IS;
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- *	 2: Not yet.  Other things (like getting the key from
- *	    Kerberos) have to happen before we can continue.
- */
-int cfb64_start(int dir, int server)
-{
-	return(fb64_start(&fb[CFB], dir, server));
-}
-
-int ofb64_start(int dir, int server)
-{
-	return(fb64_start(&fb[OFB], dir, server));
-}
-
-static int fb64_start(struct fb *fbp, int dir, int server)
-{
-	int x;
-	unsigned char *p;
-	int state;
-
-	switch (dir) {
-	case DIR_DECRYPT:
-		/*
-		 * This is simply a request to have the other side
-		 * start output (our input).  He will negotiate an
-		 * IV so we need not look for it.
-		 */
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		break;
-
-	case DIR_ENCRYPT:
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		else if ((state & NO_SEND_IV) == 0) {
-			break;
-		}
-
-		if (!VALIDKEY(fbp->krbdes_key)) {
-		        fbp->need_start = 1;
-			break;
-		}
-
-		state &= ~NO_SEND_IV;
-		state |= NO_RECV_IV;
-		if (encrypt_debug_mode)
-			printf("Creating new feed\r\n");
-		/*
-		 * Create a random feed and send it over.
-		 */
-#ifndef OLD_DES_RANDOM_KEY
-		des_new_random_key(&fbp->temp_feed);
-#else
-		/*
-		 * From des_cryp.man "If the des_check_key flag is non-zero,
-		 *  des_set_key will check that the key passed is
-		 *  of odd parity and is not a week or semi-weak key."
-		 */
-		do {
-			des_random_key(fbp->temp_feed);
-			des_set_odd_parity(fbp->temp_feed);
-		} while (des_is_weak_key(fbp->temp_feed));
-#endif
-		des_ecb_encrypt(&fbp->temp_feed,
-				&fbp->temp_feed,
-				fbp->krbdes_sched, 1);
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_IS;
-		p++;
-		*p++ = FB64_IV;
-		for (x = 0; x < sizeof(des_cblock); ++x) {
-			if ((*p++ = fbp->temp_feed[x]) == IAC)
-				*p++ = IAC;
-		}
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-		break;
-	default:
-		return(FAILED);
-	}
-	return(fbp->state[dir-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-
-int cfb64_is(unsigned char *data, int cnt)
-{
-	return(fb64_is(data, cnt, &fb[CFB]));
-}
-
-int ofb64_is(unsigned char *data, int cnt)
-{
-	return(fb64_is(data, cnt, &fb[OFB]));
-}
-
-
-int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
-{
-	unsigned char *p;
-	int state = fbp->state[DIR_DECRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV:
-		if (cnt != sizeof(des_cblock)) {
-			if (encrypt_debug_mode)
-				printf("CFB64: initial vector failed on size\r\n");
-			state = FAILED;
-			goto failure;
-		}
-
-		if (encrypt_debug_mode)
-			printf("CFB64: initial vector received\r\n");
-
-		if (encrypt_debug_mode)
-			printf("Initializing Decrypt stream\r\n");
-
-		fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
-
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_OK;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", *(data-1));
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		/*
-		 * We failed.  Send an FB64_IV_BAD option
-		 * to the other side so it will know that
-		 * things failed.
-		 */
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_BAD;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		break;
-	}
-	return(fbp->state[DIR_DECRYPT-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-
-int cfb64_reply(unsigned char *data, int cnt)
-{
-	return(fb64_reply(data, cnt, &fb[CFB]));
-}
-
-int ofb64_reply(unsigned char *data, int cnt)
-{
-	return(fb64_reply(data, cnt, &fb[OFB]));
-}
-
-
-int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
-{
-	int state = fbp->state[DIR_ENCRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV_OK:
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		state &= ~NO_RECV_IV;
-		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
-		break;
-
-	case FB64_IV_BAD:
-		memset(fbp->temp_feed, 0, sizeof(des_cblock));
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		state = FAILED;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", data[-1]);
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		state = FAILED;
-		break;
-	}
-	return(fbp->state[DIR_ENCRYPT-1] = state);
-}
-
-void cfb64_session(Session_Key *key, int server)
-{
-	fb64_session(key, server, &fb[CFB]);
-}
-
-void ofb64_session(Session_Key *key, int server)
-{
-	fb64_session(key, server, &fb[OFB]);
-}
-
-static void fb64_session(Session_Key *key, int server, struct fb *fbp)
-{
-
-	if (!key || key->type != SK_DES) {
-		if (encrypt_debug_mode)
-			printf("Can't set krbdes's session key (%d != %d)\r\n",
-				key ? key->type : -1, SK_DES);
-		return;
-	}
-	memcpy(fbp->krbdes_key, key->data, sizeof(des_cblock));
-
-	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
-	fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
-
-	if (fbp->once == 0) {
-#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL)
-		des_init_random_number_generator(&fbp->krbdes_key);
-#endif
-		fbp->once = 1;
-	}
-	des_key_sched(&fbp->krbdes_key, fbp->krbdes_sched);
-	/*
-	 * Now look to see if krbdes_start() was was waiting for
-	 * the key to show up.  If so, go ahead an call it now
-	 * that we have the key.
-	 */
-	if (fbp->need_start) {
-		fbp->need_start = 0;
-		fb64_start(fbp, DIR_ENCRYPT, server);
-	}
-}
-
-/*
- * We only accept a keyid of 0.  If we get a keyid of
- * 0, then mark the state as SUCCESS.
- */
-
-int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
-}
-
-int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
-}
-
-int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
-{
-	int state = fbp->state[dir-1];
-
-	if (*lenp != 1 || (*kp != '\0')) {
-		*lenp = 0;
-		return(state);
-	}
-
-	if (state == FAILED)
-		state = IN_PROGRESS;
-
-	state &= ~NO_KEYID;
-
-	return(fbp->state[dir-1] = state);
-}
-
-void fb64_printsub(unsigned char *data, int cnt, 
-		   unsigned char *buf, int buflen, char *type)
-{
-	char lbuf[32];
-	int i;
-	char *cp;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[2]) {
-	case FB64_IV:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_OK:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_BAD:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
-		cp = lbuf;
-		goto common;
-
-	default:
-		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
-		cp = lbuf;
-	common:
-		for (; (buflen > 0) && (*buf = *cp++); buf++)
-			buflen--;
-		for (i = 3; i < cnt; i++) {
-			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
-			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
-				buflen--;
-		}
-		break;
-	}
-}
-
-void cfb64_printsub(unsigned char *data, int cnt, 
-		    unsigned char *buf, int buflen)
-{
-	fb64_printsub(data, cnt, buf, buflen, "CFB64");
-}
-
-void ofb64_printsub(unsigned char *data, int cnt,
-		    unsigned char *buf, int buflen)
-{
-	fb64_printsub(data, cnt, buf, buflen, "OFB64");
-}
-
-void fb64_stream_iv(des_cblock seed, struct stinfo *stp)
-{
-
-	memcpy(stp->str_iv, seed,sizeof(des_cblock));
-	memcpy(stp->str_output, seed, sizeof(des_cblock));
-
-	des_key_sched(&stp->str_ikey, stp->str_sched);
-
-	stp->str_index = sizeof(des_cblock);
-}
-
-void fb64_stream_key(des_cblock key, struct stinfo *stp)
-{
-	memcpy(stp->str_ikey, key, sizeof(des_cblock));
-	des_key_sched((des_cblock*)key, stp->str_sched);
-
-	memcpy(stp->str_output, stp->str_iv, sizeof(des_cblock));
-
-	stp->str_index = sizeof(des_cblock);
-}
-
-/*
- * DES 64 bit Cipher Feedback
- *
- *     key --->+-----+
- *          +->| DES |--+
- *          |  +-----+  |
- *	    |           v
- *  INPUT --(--------->(+)+---> DATA
- *          |             |
- *	    +-------------+
- *         
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	On = Dn ^ Vn
- *	V(n+1) = DES(On, key)
- */
-
-void cfb64_encrypt(unsigned char *s, int c)
-{
-	struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
-	int index;
-
-	index = stp->str_index;
-	while (c-- > 0) {
-		if (index == sizeof(des_cblock)) {
-			des_cblock b;
-			des_ecb_encrypt(&stp->str_output, &b,stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(des_cblock));
-			index = 0;
-		}
-
-		/* On encryption, we store (feed ^ data) which is cypher */
-		*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
-		s++;
-		index++;
-	}
-	stp->str_index = index;
-}
-
-int cfb64_decrypt(int data)
-{
-	struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
-	int index;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	index = stp->str_index++;
-	if (index == sizeof(des_cblock)) {
-		des_cblock b;
-		des_ecb_encrypt(&stp->str_output,&b, stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(des_cblock));
-		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */ 
-	}
-
-	/* On decryption we store (data) which is cypher. */
-	stp->str_output[index] = data;
-	return(data ^ stp->str_feed[index]);
-}
-
-/*
- * DES 64 bit Output Feedback
- *
- * key --->+-----+
- *	+->| DES |--+
- *	|  +-----+  |
- *	+-----------+
- *	            v
- *  INPUT -------->(+) ----> DATA
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	V(n+1) = DES(Vn, key)
- *	On = Dn ^ Vn
- */
-
-void ofb64_encrypt(unsigned char *s, int c)
-{
-	struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
-	int index;
-
-	index = stp->str_index;
-	while (c-- > 0) {
-		if (index == sizeof(des_cblock)) {
-			des_cblock b;
-			des_ecb_encrypt(&stp->str_feed,&b, stp->str_sched, 1);
-			memcpy(stp->str_feed, b, sizeof(des_cblock));
-			index = 0;
-		}
-		*s++ ^= stp->str_feed[index];
-		index++;
-	}
-	stp->str_index = index;
-}
-
-int ofb64_decrypt(int data)
-{
-	struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
-	int index;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	index = stp->str_index++;
-	if (index == sizeof(des_cblock)) {
-		des_cblock b;
-		des_ecb_encrypt(&stp->str_feed,&b,stp->str_sched, 1);
-		memcpy(stp->str_feed, b, sizeof(des_cblock));
-		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */ 
-	}
-
-	return(data ^ stp->str_feed[index]);
-}
-#endif
-
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
deleted file mode 100644
index fca8a4705f5b..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c
+++ /dev/null
@@ -1,1002 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include <config.h>
-
-RCSID("$Id: encrypt.c,v 1.23 2002/01/18 12:58:49 joda Exp $");
-
-#if	defined(ENCRYPTION)
-
-#define	ENCRYPT_NAMES
-#include <arpa/telnet.h>
-
-#include "encrypt.h"
-#include "misc.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-
-/*
- * These functions pointers point to the current routines
- * for encrypting and decrypting data.
- */
-void	(*encrypt_output) (unsigned char *, int);
-int	(*decrypt_input) (int);
-char	*nclearto;
-
-int encrypt_debug_mode = 0;
-static int decrypt_mode = 0;
-static int encrypt_mode = 0;
-static int encrypt_verbose = 0;
-static int autoencrypt = 0;
-static int autodecrypt = 0;
-static int havesessionkey = 0;
-static int Server = 0;
-static const char *Name = "Noname";
-
-#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
-
-static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
-     | typemask(ENCTYPE_DES_OFB64);
-     static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
-     | typemask(ENCTYPE_DES_OFB64);
-     static long i_wont_support_encrypt = 0;
-     static long i_wont_support_decrypt = 0;
-#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
-#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
-
-     static long remote_supports_encrypt = 0;
-     static long remote_supports_decrypt = 0;
-
-     static Encryptions encryptions[] = {
-#if	defined(DES_ENCRYPTION)
-	 { "DES_CFB64",	ENCTYPE_DES_CFB64,
-	   cfb64_encrypt,	
-	   cfb64_decrypt,
-	   cfb64_init,
-	   cfb64_start,
-	   cfb64_is,
-	   cfb64_reply,
-	   cfb64_session,
-	   cfb64_keyid,
-	   cfb64_printsub },
-	 { "DES_OFB64",	ENCTYPE_DES_OFB64,
-	   ofb64_encrypt,	
-	   ofb64_decrypt,
-	   ofb64_init,
-	   ofb64_start,
-	   ofb64_is,
-	   ofb64_reply,
-	   ofb64_session,
-	   ofb64_keyid,
-	   ofb64_printsub },
-#endif
-	 { 0, },
-     };
-
-static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
-				      ENCRYPT_SUPPORT };
-static unsigned char str_suplen = 0;
-static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
-static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
-
-Encryptions *
-findencryption(int type)
-{
-    Encryptions *ep = encryptions;
-
-    if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
-	return(0);
-    while (ep->type && ep->type != type)
-	++ep;
-    return(ep->type ? ep : 0);
-}
-
-Encryptions *
-finddecryption(int type)
-{
-    Encryptions *ep = encryptions;
-
-    if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
-	return(0);
-    while (ep->type && ep->type != type)
-	++ep;
-    return(ep->type ? ep : 0);
-}
-
-#define	MAXKEYLEN 64
-
-static struct key_info {
-    unsigned char keyid[MAXKEYLEN];
-    int keylen;
-    int dir;
-    int *modep;
-    Encryptions *(*getcrypt)();
-} ki[2] = {
-    { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
-    { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
-};
-
-void
-encrypt_init(const char *name, int server)
-{
-    Encryptions *ep = encryptions;
-
-    Name = name;
-    Server = server;
-    i_support_encrypt = i_support_decrypt = 0;
-    remote_supports_encrypt = remote_supports_decrypt = 0;
-    encrypt_mode = 0;
-    decrypt_mode = 0;
-    encrypt_output = 0;
-    decrypt_input = 0;
-#ifdef notdef
-    encrypt_verbose = !server;
-#endif
-
-    str_suplen = 4;
-
-    while (ep->type) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: I will support %s\r\n",
-		   Name, ENCTYPE_NAME(ep->type));
-	i_support_encrypt |= typemask(ep->type);
-	i_support_decrypt |= typemask(ep->type);
-	if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
-	    if ((str_send[str_suplen++] = ep->type) == IAC)
-		str_send[str_suplen++] = IAC;
-	if (ep->init)
-	    (*ep->init)(Server);
-	++ep;
-    }
-    str_send[str_suplen++] = IAC;
-    str_send[str_suplen++] = SE;
-}
-
-void
-encrypt_list_types(void)
-{
-    Encryptions *ep = encryptions;
-
-    printf("Valid encryption types:\n");
-    while (ep->type) {
-	printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
-	++ep;
-    }
-}
-
-int
-EncryptEnable(char *type, char *mode)
-{
-    if (isprefix(type, "help") || isprefix(type, "?")) {
-	printf("Usage: encrypt enable <type> [input|output]\n");
-	encrypt_list_types();
-	return(0);
-    }
-    if (EncryptType(type, mode))
-	return(EncryptStart(mode));
-    return(0);
-}
-
-int
-EncryptDisable(char *type, char *mode)
-{
-    Encryptions *ep;
-    int ret = 0;
-
-    if (isprefix(type, "help") || isprefix(type, "?")) {
-	printf("Usage: encrypt disable <type> [input|output]\n");
-	encrypt_list_types();
-    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
-					   sizeof(Encryptions))) == 0) {
-	printf("%s: invalid encryption type\n", type);
-    } else if (Ambiguous(ep)) {
-	printf("Ambiguous type '%s'\n", type);
-    } else {
-	if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
-	    if (decrypt_mode == ep->type)
-		EncryptStopInput();
-	    i_wont_support_decrypt |= typemask(ep->type);
-	    ret = 1;
-	}
-	if ((mode == 0) || (isprefix(mode, "output"))) {
-	    if (encrypt_mode == ep->type)
-		EncryptStopOutput();
-	    i_wont_support_encrypt |= typemask(ep->type);
-	    ret = 1;
-	}
-	if (ret == 0)
-	    printf("%s: invalid encryption mode\n", mode);
-    }
-    return(ret);
-}
-
-int
-EncryptType(char *type, char *mode)
-{
-    Encryptions *ep;
-    int ret = 0;
-
-    if (isprefix(type, "help") || isprefix(type, "?")) {
-	printf("Usage: encrypt type <type> [input|output]\n");
-	encrypt_list_types();
-    } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
-					   sizeof(Encryptions))) == 0) {
-	printf("%s: invalid encryption type\n", type);
-    } else if (Ambiguous(ep)) {
-	printf("Ambiguous type '%s'\n", type);
-    } else {
-	if ((mode == 0) || isprefix(mode, "input")) {
-	    decrypt_mode = ep->type;
-	    i_wont_support_decrypt &= ~typemask(ep->type);
-	    ret = 1;
-	}
-	if ((mode == 0) || isprefix(mode, "output")) {
-	    encrypt_mode = ep->type;
-	    i_wont_support_encrypt &= ~typemask(ep->type);
-	    ret = 1;
-	}
-	if (ret == 0)
-	    printf("%s: invalid encryption mode\n", mode);
-    }
-    return(ret);
-}
-
-int
-EncryptStart(char *mode)
-{
-    int ret = 0;
-    if (mode) {
-	if (isprefix(mode, "input"))
-	    return(EncryptStartInput());
-	if (isprefix(mode, "output"))
-	    return(EncryptStartOutput());
-	if (isprefix(mode, "help") || isprefix(mode, "?")) {
-	    printf("Usage: encrypt start [input|output]\n");
-	    return(0);
-	}
-	printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
-	return(0);
-    }
-    ret += EncryptStartInput();
-    ret += EncryptStartOutput();
-    return(ret);
-}
-
-int
-EncryptStartInput(void)
-{
-    if (decrypt_mode) {
-	encrypt_send_request_start();
-	return(1);
-    }
-    printf("No previous decryption mode, decryption not enabled\r\n");
-    return(0);
-}
-
-int
-EncryptStartOutput(void)
-{
-    if (encrypt_mode) {
-	encrypt_start_output(encrypt_mode);
-	return(1);
-    }
-    printf("No previous encryption mode, encryption not enabled\r\n");
-    return(0);
-}
-
-int
-EncryptStop(char *mode)
-{
-    int ret = 0;
-    if (mode) {
-	if (isprefix(mode, "input"))
-	    return(EncryptStopInput());
-	if (isprefix(mode, "output"))
-	    return(EncryptStopOutput());
-	if (isprefix(mode, "help") || isprefix(mode, "?")) {
-	    printf("Usage: encrypt stop [input|output]\n");
-	    return(0);
-	}
-	printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
-	return(0);
-    }
-    ret += EncryptStopInput();
-    ret += EncryptStopOutput();
-    return(ret);
-}
-
-int
-EncryptStopInput(void)
-{
-    encrypt_send_request_end();
-    return(1);
-}
-
-int
-EncryptStopOutput(void)
-{
-    encrypt_send_end();
-    return(1);
-}
-
-void
-encrypt_display(void)
-{
-    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
-	   autoencrypt?"on":"off", autodecrypt?"on":"off");
-
-    if (encrypt_output)
-	printf("Currently encrypting output with %s\r\n",
-	       ENCTYPE_NAME(encrypt_mode));
-    else
-	printf("Currently not encrypting output\r\n");
-	
-    if (decrypt_input)
-	printf("Currently decrypting input with %s\r\n",
-	       ENCTYPE_NAME(decrypt_mode));
-    else
-	printf("Currently not decrypting input\r\n");
-}
-
-int
-EncryptStatus(void)
-{
-    printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
-	   autoencrypt?"on":"off", autodecrypt?"on":"off");
-
-    if (encrypt_output)
-	printf("Currently encrypting output with %s\r\n",
-	       ENCTYPE_NAME(encrypt_mode));
-    else if (encrypt_mode) {
-	printf("Currently output is clear text.\r\n");
-	printf("Last encryption mode was %s\r\n",
-	       ENCTYPE_NAME(encrypt_mode));
-    } else
-	printf("Currently not encrypting output\r\n");
-	
-    if (decrypt_input) {
-	printf("Currently decrypting input with %s\r\n",
-	       ENCTYPE_NAME(decrypt_mode));
-    } else if (decrypt_mode) {
-	printf("Currently input is clear text.\r\n");
-	printf("Last decryption mode was %s\r\n",
-	       ENCTYPE_NAME(decrypt_mode));
-    } else
-	printf("Currently not decrypting input\r\n");
-
-    return 1;
-}
-
-void
-encrypt_send_support(void)
-{
-    if (str_suplen) {
-	/*
-	 * If the user has requested that decryption start
-	 * immediatly, then send a "REQUEST START" before
-	 * we negotiate the type.
-	 */
-	if (!Server && autodecrypt)
-	    encrypt_send_request_start();
-	telnet_net_write(str_send, str_suplen);
-	printsub('>', &str_send[2], str_suplen - 2);
-	str_suplen = 0;
-    }
-}
-
-int
-EncryptDebug(int on)
-{
-    if (on < 0)
-	encrypt_debug_mode ^= 1;
-    else
-	encrypt_debug_mode = on;
-    printf("Encryption debugging %s\r\n",
-	   encrypt_debug_mode ? "enabled" : "disabled");
-    return(1);
-}
-
-/* turn on verbose encryption, but dont keep telling the whole world
- */
-void encrypt_verbose_quiet(int on)
-{
-    if(on < 0)
-	encrypt_verbose ^= 1;
-    else
-	encrypt_verbose = on ? 1 : 0;
-}
-
-int
-EncryptVerbose(int on)
-{
-    encrypt_verbose_quiet(on);
-    printf("Encryption %s verbose\r\n",
-	   encrypt_verbose ? "is" : "is not");
-    return(1);
-}
-
-int
-EncryptAutoEnc(int on)
-{
-    encrypt_auto(on);
-    printf("Automatic encryption of output is %s\r\n",
-	   autoencrypt ? "enabled" : "disabled");
-    return(1);
-}
-
-int
-EncryptAutoDec(int on)
-{
-    decrypt_auto(on);
-    printf("Automatic decryption of input is %s\r\n",
-	   autodecrypt ? "enabled" : "disabled");
-    return(1);
-}
-
-/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
-   encrypt */
-void
-encrypt_not(void)
-{
-    if (encrypt_verbose)
-  	printf("[ Connection is NOT encrypted ]\r\n");
-    else
-  	printf("\r\n*** Connection not encrypted! "
-	       "Communication may be eavesdropped. ***\r\n");
-}
-
-/*
- * Called when ENCRYPT SUPPORT is received.
- */
-void
-encrypt_support(unsigned char *typelist, int cnt)
-{
-    int type, use_type = 0;
-    Encryptions *ep;
-
-    /*
-     * Forget anything the other side has previously told us.
-     */
-    remote_supports_decrypt = 0;
-
-    while (cnt-- > 0) {
-	type = *typelist++;
-	if (encrypt_debug_mode)
-	    printf(">>>%s: He is supporting %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME(type), type);
-	if ((type < ENCTYPE_CNT) &&
-	    (I_SUPPORT_ENCRYPT & typemask(type))) {
-	    remote_supports_decrypt |= typemask(type);
-	    if (use_type == 0)
-		use_type = type;
-	}
-    }
-    if (use_type) {
-	ep = findencryption(use_type);
-	if (!ep)
-	    return;
-	type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
-	if (encrypt_debug_mode)
-	    printf(">>>%s: (*ep->start)() returned %d\r\n",
-		   Name, type);
-	if (type < 0)
-	    return;
-	encrypt_mode = use_type;
-	if (type == 0)
-	    encrypt_start_output(use_type);
-    }
-}
-
-void
-encrypt_is(unsigned char *data, int cnt)
-{
-    Encryptions *ep;
-    int type, ret;
-
-    if (--cnt < 0)
-	return;
-    type = *data++;
-    if (type < ENCTYPE_CNT)
-	remote_supports_encrypt |= typemask(type);
-    if (!(ep = finddecryption(type))) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	return;
-    }
-    if (!ep->is) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	ret = 0;
-    } else {
-	ret = (*ep->is)(data, cnt);
-	if (encrypt_debug_mode)
-	    printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
-		   (ret < 0) ? "FAIL " :
-		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-    }
-    if (ret < 0) {
-	autodecrypt = 0;
-    } else {
-	decrypt_mode = type;
-	if (ret == 0 && autodecrypt)
-	    encrypt_send_request_start();
-    }
-}
-
-void
-encrypt_reply(unsigned char *data, int cnt)
-{
-    Encryptions *ep;
-    int ret, type;
-
-    if (--cnt < 0)
-	return;
-    type = *data++;
-    if (!(ep = findencryption(type))) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	return;
-    }
-    if (!ep->reply) {
-	if (encrypt_debug_mode)
-	    printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	ret = 0;
-    } else {
-	ret = (*ep->reply)(data, cnt);
-	if (encrypt_debug_mode)
-	    printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
-		   data, cnt,
-		   (ret < 0) ? "FAIL " :
-		   (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-    }
-    if (encrypt_debug_mode)
-	printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
-    if (ret < 0) {
-	autoencrypt = 0;
-    } else {
-	encrypt_mode = type;
-	if (ret == 0 && autoencrypt)
-	    encrypt_start_output(type);
-    }
-}
-
-/*
- * Called when a ENCRYPT START command is received.
- */
-void
-encrypt_start(unsigned char *data, int cnt)
-{
-    Encryptions *ep;
-
-    if (!decrypt_mode) {
-	/*
-	 * Something is wrong.  We should not get a START
-	 * command without having already picked our
-	 * decryption scheme.  Send a REQUEST-END to
-	 * attempt to clear the channel...
-	 */
-	printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
-	encrypt_send_request_end();
-	return;
-    }
-
-    if ((ep = finddecryption(decrypt_mode))) {
-	decrypt_input = ep->input;
-	if (encrypt_verbose)
-	    printf("[ Input is now decrypted with type %s ]\r\n",
-		   ENCTYPE_NAME(decrypt_mode));
-	if (encrypt_debug_mode)
-	    printf(">>>%s: Start to decrypt input with type %s\r\n",
-		   Name, ENCTYPE_NAME(decrypt_mode));
-    } else {
-	printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
-	       Name,
-	       ENCTYPE_NAME_OK(decrypt_mode)
-	       ? ENCTYPE_NAME(decrypt_mode)
-	       : "(unknown)",
-	       decrypt_mode);
-	encrypt_send_request_end();
-    }
-}
-
-void
-encrypt_session_key(Session_Key *key, int server)
-{
-    Encryptions *ep = encryptions;
-
-    havesessionkey = 1;
-
-    while (ep->type) {
-	if (ep->session)
-	    (*ep->session)(key, server);
-	++ep;
-    }
-}
-
-/*
- * Called when ENCRYPT END is received.
- */
-void
-encrypt_end(void)
-{
-    decrypt_input = 0;
-    if (encrypt_debug_mode)
-	printf(">>>%s: Input is back to clear text\r\n", Name);
-    if (encrypt_verbose)
-	printf("[ Input is now clear text ]\r\n");
-}
-
-/*
- * Called when ENCRYPT REQUEST-END is received.
- */
-void
-encrypt_request_end(void)
-{
-    encrypt_send_end();
-}
-
-/*
- * Called when ENCRYPT REQUEST-START is received.  If we receive
- * this before a type is picked, then that indicates that the
- * other side wants us to start encrypting data as soon as we
- * can. 
- */
-void
-encrypt_request_start(unsigned char *data, int cnt)
-{
-    if (encrypt_mode == 0)  {
-	if (Server)
-	    autoencrypt = 1;
-	return;
-    }
-    encrypt_start_output(encrypt_mode);
-}
-
-static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
-
-static void
-encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
-{
-    Encryptions *ep;
-    int dir = kp->dir;
-    int ret = 0;
-
-    if (!(ep = (*kp->getcrypt)(*kp->modep))) {
-	if (len == 0)
-	    return;
-	kp->keylen = 0;
-    } else if (len == 0) {
-	/*
-	 * Empty option, indicates a failure.
-	 */
-	if (kp->keylen == 0)
-	    return;
-	kp->keylen = 0;
-	if (ep->keyid)
-	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-
-    } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
-	/*
-	 * Length or contents are different
-	 */
-	kp->keylen = len;
-	memcpy(kp->keyid,keyid, len);
-	if (ep->keyid)
-	    (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-    } else {
-	if (ep->keyid)
-	    ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
-	if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
-	    encrypt_start_output(*kp->modep);
-	return;
-    }
-
-    encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
-}
-
-void encrypt_enc_keyid(unsigned char *keyid, int len)
-{
-    encrypt_keyid(&ki[1], keyid, len);
-}
-
-void encrypt_dec_keyid(unsigned char *keyid, int len)
-{
-    encrypt_keyid(&ki[0], keyid, len);
-}
-
-
-void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
-{
-    unsigned char *strp;
-
-    str_keyid[3] = (dir == DIR_ENCRYPT)
-	? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
-    if (saveit) {
-	struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
-	memcpy(kp->keyid,keyid, keylen);
-	kp->keylen = keylen;
-    }
-
-    for (strp = &str_keyid[4]; keylen > 0; --keylen) {
-	if ((*strp++ = *keyid++) == IAC)
-	    *strp++ = IAC;
-    }
-    *strp++ = IAC;
-    *strp++ = SE;
-    telnet_net_write(str_keyid, strp - str_keyid);
-    printsub('>', &str_keyid[2], strp - str_keyid - 2);
-}
-
-void
-encrypt_auto(int on)
-{
-    if (on < 0)
-	autoencrypt ^= 1;
-    else
-	autoencrypt = on ? 1 : 0;
-}
-
-void
-decrypt_auto(int on)
-{
-    if (on < 0)
-	autodecrypt ^= 1;
-    else
-	autodecrypt = on ? 1 : 0;
-}
-
-void
-encrypt_start_output(int type)
-{
-    Encryptions *ep;
-    unsigned char *p;
-    int i;
-
-    if (!(ep = findencryption(type))) {
-	if (encrypt_debug_mode) {
-	    printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
-		   Name,
-		   ENCTYPE_NAME_OK(type)
-		   ? ENCTYPE_NAME(type) : "(unknown)",
-		   type);
-	}
-	return;
-    }
-    if (ep->start) {
-	i = (*ep->start)(DIR_ENCRYPT, Server);
-	if (encrypt_debug_mode) {
-	    printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
-		   Name, 
-		   (i < 0) ? "failed" :
-		   "initial negotiation in progress",
-		   i, ENCTYPE_NAME(type));
-	}
-	if (i)
-	    return;
-    }
-    p = str_start + 3;
-    *p++ = ENCRYPT_START;
-    for (i = 0; i < ki[0].keylen; ++i) {
-	if ((*p++ = ki[0].keyid[i]) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    telnet_net_write(str_start, p - str_start);
-    net_encrypt();
-    printsub('>', &str_start[2], p - &str_start[2]);
-    /*
-     * If we are already encrypting in some mode, then
-     * encrypt the ring (which includes our request) in
-     * the old mode, mark it all as "clear text" and then
-     * switch to the new mode.
-     */
-    encrypt_output = ep->output;
-    encrypt_mode = type;
-    if (encrypt_debug_mode)
-	printf(">>>%s: Started to encrypt output with type %s\r\n",
-	       Name, ENCTYPE_NAME(type));
-    if (encrypt_verbose)
-	printf("[ Output is now encrypted with type %s ]\r\n",
-	       ENCTYPE_NAME(type));
-}
-
-void
-encrypt_send_end(void)
-{
-    if (!encrypt_output)
-	return;
-
-    str_end[3] = ENCRYPT_END;
-    telnet_net_write(str_end, sizeof(str_end));
-    net_encrypt();
-    printsub('>', &str_end[2], sizeof(str_end) - 2);
-    /*
-     * Encrypt the output buffer now because it will not be done by
-     * netflush...
-     */
-    encrypt_output = 0;
-    if (encrypt_debug_mode)
-	printf(">>>%s: Output is back to clear text\r\n", Name);
-    if (encrypt_verbose)
-	printf("[ Output is now clear text ]\r\n");
-}
-
-void
-encrypt_send_request_start(void)
-{
-    unsigned char *p;
-    int i;
-
-    p = &str_start[3];
-    *p++ = ENCRYPT_REQSTART;
-    for (i = 0; i < ki[1].keylen; ++i) {
-	if ((*p++ = ki[1].keyid[i]) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    telnet_net_write(str_start, p - str_start);
-    printsub('>', &str_start[2], p - &str_start[2]);
-    if (encrypt_debug_mode)
-	printf(">>>%s: Request input to be encrypted\r\n", Name);
-}
-
-void
-encrypt_send_request_end(void)
-{
-    str_end[3] = ENCRYPT_REQEND;
-    telnet_net_write(str_end, sizeof(str_end));
-    printsub('>', &str_end[2], sizeof(str_end) - 2);
-
-    if (encrypt_debug_mode)
-	printf(">>>%s: Request input to be clear text\r\n", Name);
-}
-
-
-void encrypt_wait(void)
-{
-    if (encrypt_debug_mode)
-	printf(">>>%s: in encrypt_wait\r\n", Name);
-    if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
-	return;
-    while (autoencrypt && !encrypt_output)
-	if (telnet_spin())
-	    return;
-}
-
-int
-encrypt_delay(void)
-{
-    if(!havesessionkey ||
-       (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
-       (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
-	return 0;
-    if(!(encrypt_output && decrypt_input))
-	return 1;
-    return 0;
-}
-
-int encrypt_is_encrypting()
-{
-    if (encrypt_output && decrypt_input)
-	return 1;
-    return 0;
-}
-
-void
-encrypt_debug(int mode)
-{
-    encrypt_debug_mode = mode;
-}
-
-void encrypt_gen_printsub(unsigned char *data, int cnt, 
-			  unsigned char *buf, int buflen)
-{
-    char tbuf[16], *cp;
-
-    cnt -= 2;
-    data += 2;
-    buf[buflen-1] = '\0';
-    buf[buflen-2] = '*';
-    buflen -= 2;;
-    for (; cnt > 0; cnt--, data++) {
-	snprintf(tbuf, sizeof(tbuf), " %d", *data);
-	for (cp = tbuf; *cp && buflen > 0; --buflen)
-	    *buf++ = *cp++;
-	if (buflen <= 0)
-	    return;
-    }
-    *buf = '\0';
-}
-
-void
-encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    Encryptions *ep;
-    int type = data[1];
-
-    for (ep = encryptions; ep->type && ep->type != type; ep++)
-	;
-
-    if (ep->printsub)
-	(*ep->printsub)(data, cnt, buf, buflen);
-    else
-	encrypt_gen_printsub(data, cnt, buf, buflen);
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
deleted file mode 100644
index 3b04bd5a71f6..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
- *
- *	@(#)encrypt.h	5.2 (Berkeley) 3/22/91
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: encrypt.h,v 1.8 2002/09/10 20:03:47 joda Exp $ */
-
-#ifndef	__ENCRYPT__
-#define	__ENCRYPT__
-
-#define	DIR_DECRYPT		1
-#define	DIR_ENCRYPT		2
-
-#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
-			  key[4] | key[5] | key[6] | key[7])
-
-#define	SAMEKEY(k1, k2)	(!memcmp(k1, k2, sizeof(des_cblock)))
-
-typedef	struct {
-	short		type;
-	int		length;
-	unsigned char	*data;
-} Session_Key;
-
-typedef struct {
-	char	*name;
-	int	type;
-	void	(*output) (unsigned char *, int);
-	int	(*input) (int);
-	void	(*init) (int);
-	int	(*start) (int, int);
-	int	(*is) (unsigned char *, int);
-	int	(*reply) (unsigned char *, int);
-	void	(*session) (Session_Key *, int);
-	int	(*keyid) (int, unsigned char *, int *);
-	void	(*printsub) (unsigned char *, int, unsigned char *, int);
-} Encryptions;
-
-#define	SK_DES		1	/* Matched Kerberos v5 KEYTYPE_DES */
-
-#include "crypto-headers.h"
-#ifdef HAVE_OPENSSL
-#define des_new_random_key des_random_key
-#endif
-
-#include "enc-proto.h"
-
-extern int encrypt_debug_mode;
-extern int (*decrypt_input) (int);
-extern void (*encrypt_output) (unsigned char *, int);
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/genget.c b/crypto/heimdal/appl/telnet/libtelnet/genget.c
deleted file mode 100644
index 27d1d6708beb..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/genget.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-#include "misc-proto.h"
-
-RCSID("$Id: genget.c,v 1.7 2001/09/03 05:54:14 assar Exp $");
-
-#include <ctype.h>
-
-#define	LOWER(x) (isupper(x) ? tolower(x) : (x))
-/*
- * The prefix function returns 0 if *s1 is not a prefix
- * of *s2.  If *s1 exactly matches *s2, the negative of
- * the length is returned.  If *s1 is a prefix of *s2,
- * the length of *s1 is returned.
- */
-
-int
-isprefix(char *s1, char *s2)
-{
-    char *os1;
-    char c1, c2;
-
-    if (*s1 == '\0')
-	return(-1);
-    os1 = s1;
-    c1 = *s1;
-    c2 = *s2;
-    while (tolower((unsigned char)c1) == tolower((unsigned char)c2)) {
-	if (c1 == '\0')
-	    break;
-	c1 = *++s1;
-	c2 = *++s2;
-    }
-    return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
-}
-
-static char *ambiguous;		/* special return value for command routines */
-
-char **
-genget(char *name, char **table, int stlen)
-     /* name to match */
-     /* name entry in table */
-	   	      
-{
-    char **c, **found;
-    int n;
-
-    if (name == 0)
-	return 0;
-
-    found = 0;
-    for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
-	if ((n = isprefix(name, *c)) == 0)
-	    continue;
-	if (n < 0)		/* exact match */
-	    return(c);
-	if (found)
-	    return(&ambiguous);
-	found = c;
-    }
-    return(found);
-}
-
-/*
- * Function call version of Ambiguous()
- */
-int
-Ambiguous(void *s)
-{
-    return((char **)s == &ambiguous);
-}
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
deleted file mode 100644
index 09d307359474..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c
+++ /dev/null
@@ -1,722 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: kerberos.c,v 1.54 2001/08/22 20:30:22 assar Exp $");
-
-#ifdef	KRB4
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <stdio.h>
-#include <krb.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int kerberos4_cksum (unsigned char *, int);
-extern int auth_debug_mode;
-
-static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KERBEROS_V4, };
-
-#define	KRB_AUTH	0		/* Authentication data follows */
-#define	KRB_REJECT	1		/* Rejected (reason might follow) */
-#define	KRB_ACCEPT	2		/* Accepted */
-#define	KRB_CHALLENGE	3		/* Challenge for mutual auth. */
-#define	KRB_RESPONSE	4		/* Response for mutual auth. */
-
-#define KRB_FORWARD		5	/* */
-#define KRB_FORWARD_ACCEPT	6	/* */
-#define KRB_FORWARD_REJECT	7	/* */
-
-#define KRB_SERVICE_NAME   "rcmd"
-
-static	KTEXT_ST auth;
-static	char name[ANAME_SZ];
-static	AUTH_DAT adat;
-static des_cblock session_key;
-static des_cblock cred_session;
-static des_key_schedule sched;
-static des_cblock challenge;
-static int auth_done; /* XXX */
-
-static int pack_cred(CREDENTIALS *cred, unsigned char *buf);
-static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred);
-
-
-static int
-Data(Authenticator *ap, int type, const void *d, int c)
-{
-    unsigned char *p = str_data + 4;
-    const unsigned char *cd = (const unsigned char *)d;
-
-    if (c == -1)
-	c = strlen((const char *)cd);
-
-    if (auth_debug_mode) {
-	printf("%s:%d: [%d] (%d)",
-	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-	       str_data[3],
-	       type, c);
-	printd(d, c);
-	printf("\r\n");
-    }
-    *p++ = ap->type;
-    *p++ = ap->way;
-    *p++ = type;
-    while (c-- > 0) {
-	if ((*p++ = *cd++) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    if (str_data[3] == TELQUAL_IS)
-	printsub('>', &str_data[2], p - (&str_data[2]));
-    return(telnet_net_write(str_data, p - str_data));
-}
-
-int
-kerberos4_init(Authenticator *ap, int server)
-{
-    FILE *fp;
-
-    if (server) {
-	str_data[3] = TELQUAL_REPLY;
-	if ((fp = fopen(KEYFILE, "r")) == NULL)
-	    return(0);
-	fclose(fp);
-    } else {
-	str_data[3] = TELQUAL_IS;
-    }
-    return(1);
-}
-
-char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
-int dst_realm_sz = REALM_SZ;
-
-static int
-kerberos4_send(char *name, Authenticator *ap)
-{
-    KTEXT_ST auth;
-    char instance[INST_SZ];
-    char *realm;
-    CREDENTIALS cred;
-    int r;
-
-    if (!UserNameRequested) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V4: no user name supplied\r\n");
-	}
-	return(0);
-    }
-
-    memset(instance, 0, sizeof(instance));
-
-    strlcpy (instance,
-		     krb_get_phost(RemoteHostName),
-		     INST_SZ);
-
-    realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
-
-    if (!realm) {
-	printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
-	return(0);
-    }
-    printf("[ Trying %s (%s.%s@%s) ... ]\r\n", name, 
-	   KRB_SERVICE_NAME, instance, realm);
-    r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L);
-    if (r) {
-	printf("mk_req failed: %s\r\n", krb_get_err_text(r));
-	return(0);
-    }
-    r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred);
-    if (r) {
-	printf("get_cred failed: %s\r\n", krb_get_err_text(r));
-	return(0);
-    }
-    if (!auth_sendname((unsigned char*)UserNameRequested, 
-		       strlen(UserNameRequested))) {
-	if (auth_debug_mode)
-	    printf("Not enough room for user name\r\n");
-	return(0);
-    }
-    if (auth_debug_mode)
-	printf("Sent %d bytes of authentication data\r\n", auth.length);
-    if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-	return(0);
-    }
-#ifdef ENCRYPTION
-    /* create challenge */
-    if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) {
-	int i;
-
-	des_key_sched(&cred.session, sched);
-	memcpy (&cred_session, &cred.session, sizeof(cred_session));
-#ifndef HAVE_OPENSSL
-	des_init_random_number_generator(&cred.session);
-#endif
-	des_new_random_key(&session_key);
-	des_ecb_encrypt(&session_key, &session_key, sched, 0);
-	des_ecb_encrypt(&session_key, &challenge, sched, 0);
-
-	/*
-	  old code
-	  Some CERT Advisory thinks this is a bad thing...
-	    
-	  des_init_random_number_generator(&cred.session);
-	  des_new_random_key(&challenge);
-	  des_ecb_encrypt(&challenge, &session_key, sched, 1);
-	  */
-	  
-	/*
-	 * Increment the challenge by 1, and encrypt it for
-	 * later comparison.
-	 */
-	for (i = 7; i >= 0; --i) 
-	    if(++challenge[i] != 0) /* No carry! */
-		break;
-	des_ecb_encrypt(&challenge, &challenge, sched, 1);
-    }
-
-#endif
-
-    if (auth_debug_mode) {
-	printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
-	printd(auth.dat, auth.length);
-	printf("\r\n");
-	printf("Sent Kerberos V4 credentials to server\r\n");
-    }
-    return(1);
-}
-int
-kerberos4_send_mutual(Authenticator *ap)
-{
-    return kerberos4_send("mutual KERBEROS4", ap);
-}
-
-int
-kerberos4_send_oneway(Authenticator *ap)
-{
-    return kerberos4_send("KERBEROS4", ap);
-}
-
-void
-kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
-{
-    struct sockaddr_in addr;
-    char realm[REALM_SZ];
-    char instance[INST_SZ];
-    int r;
-    socklen_t addr_len;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_AUTH:
-	if (krb_get_lrealm(realm, 1) != KSUCCESS) {
-	    Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("No local realm\r\n");
-	    return;
-	}
-	memmove(auth.dat, data, auth.length = cnt);
-	if (auth_debug_mode) {
-	    printf("Got %d bytes of authentication data\r\n", cnt);
-	    printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
-	    printd(auth.dat, auth.length);
-	    printf("\r\n");
-	}
-	k_getsockinst(0, instance, sizeof(instance));
-	addr_len = sizeof(addr);
-	if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) {
-	    if(auth_debug_mode)
-		printf("getpeername failed\r\n");
-	    Data(ap, KRB_REJECT, "getpeername failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    return;
-	}
-	if (addr.sin_family != AF_INET) {
-	    if (auth_debug_mode)
-		printf("unknown address family: %d\r\n", addr.sin_family);
-	    Data(ap, KRB_REJECT, "bad address family", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    return;
-	}
-
-	r = krb_rd_req(&auth, KRB_SERVICE_NAME,
-		       instance, addr.sin_addr.s_addr, &adat, "");
-	if (r) {
-	    if (auth_debug_mode)
-		printf("Kerberos failed him as %s\r\n", name);
-	    Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    return;
-	}
-	/* save the session key */
-	memmove(session_key, adat.session, sizeof(adat.session));
-	krb_kntoln(&adat, name);
-
-	if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
-	    char ts[MaxPathLen];
-	    struct passwd *pw = getpwnam(UserNameRequested);
-
-	    if(pw){
-		snprintf(ts, sizeof(ts),
-			 "%s%u",
-			 TKT_ROOT,
-			 (unsigned)pw->pw_uid);
-		esetenv("KRBTKFILE", ts, 1);
-
-		if (pw->pw_uid == 0)
-		    syslog(LOG_INFO|LOG_AUTH,
-			   "ROOT Kerberos login from %s on %s\n",
-			   krb_unparse_name_long(adat.pname,
-						 adat.pinst,
-						 adat.prealm),
-			   RemoteHostName);
-	    }
-	    Data(ap, KRB_ACCEPT, NULL, 0);
-	} else {
-	    char *msg;
-
-	    asprintf (&msg, "user `%s' is not authorized to "
-		      "login as `%s'", 
-		      krb_unparse_name_long(adat.pname, 
-					    adat.pinst, 
-					    adat.prealm), 
-		      UserNameRequested ? UserNameRequested : "<nobody>");
-	    if (msg == NULL)
-		Data(ap, KRB_REJECT, NULL, 0);
-	    else {
-		Data(ap, KRB_REJECT, (void *)msg, -1);
-		free(msg);
-	    }
-	    auth_finished(ap, AUTH_REJECT);
-	    break;
-	}
-	auth_finished(ap, AUTH_USER);
-	break;
-	
-    case KRB_CHALLENGE:
-#ifndef ENCRYPTION
-	Data(ap, KRB_RESPONSE, NULL, 0);
-#else
-	if(!VALIDKEY(session_key)){
-	    Data(ap, KRB_RESPONSE, NULL, 0);
-	    break;
-	}
-	des_key_sched(&session_key, sched);
-	{
-	    des_cblock d_block;
-	    int i;
-	    Session_Key skey;
-
-	    memmove(d_block, data, sizeof(d_block));
-
-	    /* make a session key for encryption */
-	    des_ecb_encrypt(&d_block, &session_key, sched, 1);
-	    skey.type=SK_DES;
-	    skey.length=8;
-	    skey.data=session_key;
-	    encrypt_session_key(&skey, 1);
-
-	    /* decrypt challenge, add one and encrypt it */
-	    des_ecb_encrypt(&d_block, &challenge, sched, 0);
-	    for (i = 7; i >= 0; i--)
-		if(++challenge[i] != 0)
-		    break;
-	    des_ecb_encrypt(&challenge, &challenge, sched, 1);
-	    Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
-	}
-#endif
-	break;
-
-    case KRB_FORWARD:
-	{
-	    des_key_schedule ks;
-	    unsigned char netcred[sizeof(CREDENTIALS)];
-	    CREDENTIALS cred;
-	    int ret;
-	    if(cnt > sizeof(cred))
-		abort();
-
-	    memcpy (session_key, adat.session, sizeof(session_key));
-	    des_set_key(&session_key, ks);
-	    des_pcbc_encrypt((void*)data, (void*)netcred, cnt, 
-			     ks, &session_key, DES_DECRYPT);
-	    unpack_cred(netcred, cnt, &cred);
-	    {
-		if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) ||
-		   strncmp(cred.instance, cred.realm, sizeof(cred.instance)) ||
-		   cred.lifetime < 0 || cred.lifetime > 255 ||
-		   cred.kvno < 0 || cred.kvno > 255 ||
-		   cred.issue_date < 0 || 
-		   cred.issue_date > time(0) + CLOCK_SKEW ||
-		   strncmp(cred.pname, adat.pname, sizeof(cred.pname)) ||
-		   strncmp(cred.pinst, adat.pinst, sizeof(cred.pinst))){
-		    Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1);
-		}else{
-		    if((ret = tf_setup(&cred,
-				       cred.pname,
-				       cred.pinst)) == KSUCCESS){
-		        struct passwd *pw = getpwnam(UserNameRequested);
-
-			if (pw)
-			  chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-			Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-		    } else{
-			Data(ap, KRB_FORWARD_REJECT, 
-			     krb_get_err_text(ret), -1);
-		    }
-		}
-	    }
-	    memset(data, 0, cnt);
-	    memset(ks, 0, sizeof(ks));
-	    memset(&cred, 0, sizeof(cred));
-	}
-	
-	break;
-
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	Data(ap, KRB_REJECT, 0, 0);
-	break;
-    }
-}
-
-void
-kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt)
-{
-    Session_Key skey;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_REJECT:
-	if(auth_done){ /* XXX Ick! */
-	    printf("[ Kerberos V4 received unknown opcode ]\r\n");
-	}else{
-	    printf("[ Kerberos V4 refuses authentication ");
-	    if (cnt > 0) 
-		printf("because %.*s ", cnt, data);
-	    printf("]\r\n");
-	    auth_send_retry();
-	}
-	return;
-    case KRB_ACCEPT:
-	printf("[ Kerberos V4 accepts you ]\r\n");
-	auth_done = 1;
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    /*
-	     * Send over the encrypted challenge.
-	     */
-	    Data(ap, KRB_CHALLENGE, session_key, 
-		 sizeof(session_key));
-	    des_ecb_encrypt(&session_key, &session_key, sched, 1);
-	    skey.type = SK_DES;
-	    skey.length = 8;
-	    skey.data = session_key;
-	    encrypt_session_key(&skey, 0);
-#if 0
-	    kerberos4_forward(ap, &cred_session);
-#endif
-	    return;
-	}
-	auth_finished(ap, AUTH_USER);
-	return;
-    case KRB_RESPONSE:
-	/* make sure the response is correct */
-	if ((cnt != sizeof(des_cblock)) ||
-	    (memcmp(data, challenge, sizeof(challenge)))){
-	    printf("[ Kerberos V4 challenge failed!!! ]\r\n");
-	    auth_send_retry();
-	    return;
-	}
-	printf("[ Kerberos V4 challenge successful ]\r\n");
-	auth_finished(ap, AUTH_USER);
-	break;
-    case KRB_FORWARD_ACCEPT:
-	printf("[ Kerberos V4 accepted forwarded credentials ]\r\n");
-	break;
-    case KRB_FORWARD_REJECT:
-	printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n",
-	       cnt, data);
-	break;
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	return;
-    }
-}
-
-int
-kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
-{
-    if (level < AUTH_USER)
-	return(level);
-
-    if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
-	strlcpy(name, UserNameRequested, name_sz);
-	return(AUTH_VALID);
-    } else
-	return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-void
-kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    int i;
-
-    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-    buflen -= 1;
-
-    switch(data[3]) {
-    case KRB_REJECT:		/* Rejected (reason might follow) */
-	strlcpy((char *)buf, " REJECT ", buflen);
-	goto common;
-
-    case KRB_ACCEPT:		/* Accepted (name might follow) */
-	strlcpy((char *)buf, " ACCEPT ", buflen);
-    common:
-	BUMP(buf, buflen);
-	if (cnt <= 4)
-	    break;
-	ADDC(buf, buflen, '"');
-	for (i = 4; i < cnt; i++)
-	    ADDC(buf, buflen, data[i]);
-	ADDC(buf, buflen, '"');
-	ADDC(buf, buflen, '\0');
-	break;
-
-    case KRB_AUTH:			/* Authentication data follows */
-	strlcpy((char *)buf, " AUTH", buflen);
-	goto common2;
-
-    case KRB_CHALLENGE:
-	strlcpy((char *)buf, " CHALLENGE", buflen);
-	goto common2;
-
-    case KRB_RESPONSE:
-	strlcpy((char *)buf, " RESPONSE", buflen);
-	goto common2;
-
-    default:
-	snprintf((char*)buf, buflen, " %d (unknown)", data[3]);
-    common2:
-	BUMP(buf, buflen);
-	for (i = 4; i < cnt; i++) {
-	    snprintf((char*)buf, buflen, " %d", data[i]);
-	    BUMP(buf, buflen);
-	}
-	break;
-    }
-}
-
-int
-kerberos4_cksum(unsigned char *d, int n)
-{
-    int ck = 0;
-
-    /*
-     * A comment is probably needed here for those not
-     * well versed in the "C" language.  Yes, this is
-     * supposed to be a "switch" with the body of the
-     * "switch" being a "while" statement.  The whole
-     * purpose of the switch is to allow us to jump into
-     * the middle of the while() loop, and then not have
-     * to do any more switch()s.
-     *
-     * Some compilers will spit out a warning message
-     * about the loop not being entered at the top.
-     */
-    switch (n&03)
-	while (n > 0) {
-	case 0:
-	    ck ^= (int)*d++ << 24;
-	    --n;
-	case 3:
-	    ck ^= (int)*d++ << 16;
-	    --n;
-	case 2:
-	    ck ^= (int)*d++ << 8;
-	    --n;
-	case 1:
-	    ck ^= (int)*d++;
-	    --n;
-	}
-    return(ck);
-}
-
-static int
-pack_cred(CREDENTIALS *cred, unsigned char *buf)
-{
-    unsigned char *p = buf;
-    
-    memcpy (p, cred->service, ANAME_SZ);
-    p += ANAME_SZ;
-    memcpy (p, cred->instance, INST_SZ);
-    p += INST_SZ;
-    memcpy (p, cred->realm, REALM_SZ);
-    p += REALM_SZ;
-    memcpy(p, cred->session, 8);
-    p += 8;
-    p += KRB_PUT_INT(cred->lifetime, p, 4, 4);
-    p += KRB_PUT_INT(cred->kvno, p, 4, 4);
-    p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4);
-    memcpy(p, cred->ticket_st.dat, cred->ticket_st.length);
-    p += cred->ticket_st.length;
-    p += KRB_PUT_INT(0, p, 4, 4);
-    p += KRB_PUT_INT(cred->issue_date, p, 4, 4);
-    memcpy (p, cred->pname, ANAME_SZ);
-    p += ANAME_SZ;
-    memcpy (p, cred->pinst, INST_SZ);
-    p += INST_SZ;
-    return p - buf;
-}
-
-static int
-unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
-{
-    char *p = (char*)buf;
-    u_int32_t tmp;
-
-    strncpy (cred->service, p, ANAME_SZ);
-    cred->service[ANAME_SZ - 1] = '\0';
-    p += ANAME_SZ;
-    strncpy (cred->instance, p, INST_SZ);
-    cred->instance[INST_SZ - 1] = '\0';
-    p += INST_SZ;
-    strncpy (cred->realm, p, REALM_SZ);
-    cred->realm[REALM_SZ - 1] = '\0';
-    p += REALM_SZ;
-
-    memcpy(cred->session, p, 8);
-    p += 8;
-    p += krb_get_int(p, &tmp, 4, 0);
-    cred->lifetime = tmp;
-    p += krb_get_int(p, &tmp, 4, 0);
-    cred->kvno = tmp;
-
-    p += krb_get_int(p, &cred->ticket_st.length, 4, 0);
-    memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
-    p += cred->ticket_st.length;
-    p += krb_get_int(p, &tmp, 4, 0);
-    cred->ticket_st.mbz = 0;
-    p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, 0);
-
-    strncpy (cred->pname, p, ANAME_SZ);
-    cred->pname[ANAME_SZ - 1] = '\0';
-    p += ANAME_SZ;
-    strncpy (cred->pinst, p, INST_SZ);
-    cred->pinst[INST_SZ - 1] = '\0';
-    p += INST_SZ;
-    return 0;
-}
-
-
-int
-kerberos4_forward(Authenticator *ap, void *v)
-{
-    des_cblock *key = (des_cblock *)v;
-    CREDENTIALS cred;
-    char *realm;
-    des_key_schedule ks;
-    int len;
-    unsigned char netcred[sizeof(CREDENTIALS)];
-    int ret;
-
-    realm = krb_realmofhost(RemoteHostName);
-    if(realm == NULL)
-	return -1;
-    memset(&cred, 0, sizeof(cred));
-    ret = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
-		       realm,
-		       realm, 
-		       &cred);
-    if(ret)
-	return ret;
-    des_set_key(key, ks);
-    len = pack_cred(&cred, netcred);
-    des_pcbc_encrypt((void*)netcred, (void*)netcred, len,
-		     ks, key, DES_ENCRYPT);
-    memset(ks, 0, sizeof(ks));
-    Data(ap, KRB_FORWARD, netcred, len);
-    memset(netcred, 0, sizeof(netcred));
-    return 0;
-}
-
-#endif /* KRB4 */
-
diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
deleted file mode 100644
index 18677f27e537..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
+++ /dev/null
@@ -1,867 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include <config.h>
-
-RCSID("$Id: kerberos5.c,v 1.53 2002/09/20 14:37:46 joda Exp $");
-
-#ifdef	KRB5
-
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <netdb.h>
-#include <ctype.h>
-#include <pwd.h>
-#define Authenticator k5_Authenticator
-#include <krb5.h>
-#undef Authenticator
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-#if defined(DCE)
-int dfsk5ok = 0;
-int dfspag = 0;
-int dfsfwd = 0;
-#endif
-
-int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
-
-int forward(int);
-int forwardable(int);
-
-/* These values need to be the same as those defined in telnet/main.c. */
-/* Either define them in both places, or put in some common header file. */
-#define OPTS_FORWARD_CREDS	0x00000002
-#define OPTS_FORWARDABLE_CREDS	0x00000001
-
-
-void kerberos5_forward (Authenticator *);
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KERBEROS_V5, };
-
-#define	KRB_AUTH		0	/* Authentication data follows */
-#define	KRB_REJECT		1	/* Rejected (reason might follow) */
-#define	KRB_ACCEPT		2	/* Accepted */
-#define	KRB_RESPONSE		3	/* Response for mutual auth. */
-
-#define KRB_FORWARD     	4       /* Forwarded credentials follow */
-#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
-#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
-
-static	krb5_data auth;
-static  krb5_ticket *ticket;
-
-static krb5_context context;
-static krb5_auth_context auth_context;
-
-static int
-Data(Authenticator *ap, int type, void *d, int c)
-{
-    unsigned char *p = str_data + 4;
-    unsigned char *cd = (unsigned char *)d;
-
-    if (c == -1)
-	c = strlen((char*)cd);
-
-    if (auth_debug_mode) {
-	printf("%s:%d: [%d] (%d)",
-	       str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-	       str_data[3],
-	       type, c);
-	printd(d, c);
-	printf("\r\n");
-    }
-    *p++ = ap->type;
-    *p++ = ap->way;
-    *p++ = type;
-    while (c-- > 0) {
-	if ((*p++ = *cd++) == IAC)
-	    *p++ = IAC;
-    }
-    *p++ = IAC;
-    *p++ = SE;
-    if (str_data[3] == TELQUAL_IS)
-	printsub('>', &str_data[2], p - &str_data[2]);
-    return(telnet_net_write(str_data, p - str_data));
-}
-
-int
-kerberos5_init(Authenticator *ap, int server)
-{
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return 0;
-    if (server) {
-	krb5_keytab kt;
-	krb5_kt_cursor cursor;
-
-	ret = krb5_kt_default(context, &kt);
-	if (ret)
-	    return 0;
-
-	ret = krb5_kt_start_seq_get (context, kt, &cursor);
-	if (ret) {
-	    krb5_kt_close (context, kt);
-	    return 0;
-	}
-	krb5_kt_end_seq_get (context, kt, &cursor);
-	krb5_kt_close (context, kt);
-
-	str_data[3] = TELQUAL_REPLY;
-    } else
-	str_data[3] = TELQUAL_IS;
-    return(1);
-}
-
-extern int net;
-static int
-kerberos5_send(char *name, Authenticator *ap)
-{
-    krb5_error_code ret;
-    krb5_ccache ccache;
-    int ap_opts;
-    krb5_data cksum_data;
-    char foo[2];
-    
-    if (!UserNameRequested) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V5: no user name supplied\r\n");
-	}
-	return(0);
-    }
-    
-    ret = krb5_cc_default(context, &ccache);
-    if (ret) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V5: could not get default ccache: %s\r\n",
-		   krb5_get_err_text (context, ret));
-	}
-	return 0;
-    }
-	
-    if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
-	ap_opts = AP_OPTS_MUTUAL_REQUIRED;
-    else
-	ap_opts = 0;
-
-    ap_opts |= AP_OPTS_USE_SUBKEY;
-    
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret) {
-	if (auth_debug_mode) {
-	    printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
-		   krb5_get_err_text(context, ret));
-	}
-	return(0);
-    }
-
-    ret = krb5_auth_con_setaddrs_from_fd (context,
-					  auth_context,
-					  &net);
-    if (ret) {
-	if (auth_debug_mode) {
-	    printf ("Kerberos V5:"
-		    " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
-		    krb5_get_err_text(context, ret));
-	}
-	return(0);
-    }
-
-    krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES);
-
-    foo[0] = ap->type;
-    foo[1] = ap->way;
-
-    cksum_data.length = sizeof(foo);
-    cksum_data.data   = foo;
-
-
-    {
-	krb5_principal service;
-	char sname[128];
-
-
-	ret = krb5_sname_to_principal (context,
-				       RemoteHostName,
-				       NULL,
-				       KRB5_NT_SRV_HST,
-				       &service);
-	if(ret) {
-	    if (auth_debug_mode) {
-		printf ("Kerberos V5:"
-			" krb5_sname_to_principal(%s) failed (%s)\r\n",
-			RemoteHostName, krb5_get_err_text(context, ret));
-	    }
-	    return 0;
-	}
-	ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname));
-	if(ret) {
-	    if (auth_debug_mode) {
-		printf ("Kerberos V5:"
-			" krb5_unparse_name_fixed failed (%s)\r\n",
-			krb5_get_err_text(context, ret));
-	    }
-	    return 0;
-	}
-	printf("[ Trying %s (%s)... ]\r\n", name, sname);
-	ret = krb5_mk_req_exact(context, &auth_context, ap_opts,
-				service, 
-				&cksum_data, ccache, &auth);
-	krb5_free_principal (context, service);
-
-    }
-    if (ret) {
-	if (1 || auth_debug_mode) {
-	    printf("Kerberos V5: mk_req failed (%s)\r\n",
-		   krb5_get_err_text(context, ret));
-	}
-	return(0);
-    }
-
-    if (!auth_sendname((unsigned char *)UserNameRequested,
-		       strlen(UserNameRequested))) {
-	if (auth_debug_mode)
-	    printf("Not enough room for user name\r\n");
-	return(0);
-    }
-    if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-	return(0);
-    }
-    if (auth_debug_mode) {
-	printf("Sent Kerberos V5 credentials to server\r\n");
-    }
-    return(1);
-}
-
-int
-kerberos5_send_mutual(Authenticator *ap)
-{
-    return kerberos5_send("mutual KERBEROS5", ap);
-}
-
-int
-kerberos5_send_oneway(Authenticator *ap)
-{
-    return kerberos5_send("KERBEROS5", ap);
-}
-
-void
-kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
-{
-    krb5_error_code ret;
-    krb5_data outbuf;
-    krb5_keyblock *key_block;
-    char *name;
-    krb5_principal server;
-    int zero = 0;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_AUTH:
-	auth.data = (char *)data;
-	auth.length = cnt;
-
-	auth_context = NULL;
-
-	ret = krb5_auth_con_init (context, &auth_context);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	ret = krb5_auth_con_setaddrs_from_fd (context,
-					      auth_context,
-					      &zero);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	ret = krb5_sock_to_principal (context,
-				      0,
-				      "host",
-				      KRB5_NT_SRV_HST,
-				      &server);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_sock_to_principal failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	ret = krb5_rd_req(context,
-			  &auth_context,
-			  &auth, 
-			  server,
-			  NULL,
-			  NULL,
-			  &ticket);
-
-	krb5_free_principal (context, server);
-	if (ret) {
-	    char *errbuf;
-
-	    asprintf(&errbuf,
-		     "Read req failed: %s",
-		     krb5_get_err_text(context, ret));
-	    Data(ap, KRB_REJECT, errbuf, -1);
-	    if (auth_debug_mode)
-		printf("%s\r\n", errbuf);
-	    free (errbuf);
-	    return;
-	}
-	
-	{
-	    char foo[2];
-	    
-	    foo[0] = ap->type;
-	    foo[1] = ap->way;
-	    
-	    ret = krb5_verify_authenticator_checksum(context,
-						     auth_context,
-						     foo, 
-						     sizeof(foo));
-
-	    if (ret) {
-		char *errbuf;
-		asprintf(&errbuf, "Bad checksum: %s", 
-			 krb5_get_err_text(context, ret));
-		Data(ap, KRB_REJECT, errbuf, -1);
-		if (auth_debug_mode)
-		    printf ("%s\r\n", errbuf);
-		free(errbuf);
-		return;
-	    }
-	}
-	ret = krb5_auth_con_getremotesubkey (context,
-					     auth_context,
-					     &key_block);
-
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getremotesubkey failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	if (key_block == NULL) {
-	    ret = krb5_auth_con_getkey(context,
-				       auth_context,
-				       &key_block);
-	}
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getkey failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
-	if (key_block == NULL) {
-	    Data(ap, KRB_REJECT, "no subkey received", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getremotesubkey returned NULL key\r\n");
-	    return;
-	}
-
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    ret = krb5_mk_rep(context, auth_context, &outbuf);
-	    if (ret) {
-		Data(ap, KRB_REJECT,
-		     "krb5_mk_rep failed", -1);
-		auth_finished(ap, AUTH_REJECT);
-		if (auth_debug_mode)
-		    printf("Kerberos V5: "
-			   "krb5_mk_rep failed (%s)\r\n",
-			   krb5_get_err_text(context, ret));
-		return;
-	    }
-	    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
-	}
-	if (krb5_unparse_name(context, ticket->client, &name))
-	    name = 0;
-
-	if(UserNameRequested && krb5_kuserok(context,
-					     ticket->client,
-					     UserNameRequested)) {
-	    Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
-	    if (auth_debug_mode) {
-		printf("Kerberos5 identifies him as ``%s''\r\n",
-		       name ? name : "");
-	    }
-
-	    if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
-	       key_block->keytype == ETYPE_DES_CBC_MD4 ||
-	       key_block->keytype == ETYPE_DES_CBC_CRC) {
-		Session_Key skey;
-
-		skey.type = SK_DES;
-		skey.length = 8;
-		skey.data = key_block->keyvalue.data;
-		encrypt_session_key(&skey, 0);
-	    }
-
-	} else {
-	    char *msg;
-
-	    asprintf (&msg, "user `%s' is not authorized to "
-		      "login as `%s'", 
-		      name ? name : "<unknown>",
-		      UserNameRequested ? UserNameRequested : "<nobody>");
-	    if (msg == NULL)
-		Data(ap, KRB_REJECT, NULL, 0);
-	    else {
-		Data(ap, KRB_REJECT, (void *)msg, -1);
-		free(msg);
-	    }
-	    auth_finished (ap, AUTH_REJECT);
-	    krb5_free_keyblock_contents(context, key_block);
-	    break;
-	}
-	auth_finished(ap, AUTH_USER);
-	krb5_free_keyblock_contents(context, key_block);
-	
-	break;
-    case KRB_FORWARD: {
-	struct passwd *pwd;
-	char ccname[1024];	/* XXX */
-	krb5_data inbuf;
-	krb5_ccache ccache;
-	inbuf.data = (char *)data;
-	inbuf.length = cnt;
-
-	pwd = getpwnam (UserNameRequested);
-	if (pwd == NULL)
-	    break;
-
-	snprintf (ccname, sizeof(ccname),
-		  "FILE:/tmp/krb5cc_%u", pwd->pw_uid);
-
-	ret = krb5_cc_resolve (context, ccname, &ccache);
-	if (ret) {
-	    if (auth_debug_mode)
-		printf ("Kerberos V5: could not get ccache: %s\r\n",
-			krb5_get_err_text(context, ret));
-	    break;
-	}
-
-	ret = krb5_cc_initialize (context,
-				  ccache,
-				  ticket->client);
-	if (ret) {
-	    if (auth_debug_mode)
-		printf ("Kerberos V5: could not init ccache: %s\r\n",
-			krb5_get_err_text(context, ret));
-	    break;
-	}
-
-#if defined(DCE)
-	esetenv("KRB5CCNAME", ccname, 1);
-#endif
-	ret = krb5_rd_cred2 (context,
-			     auth_context,
-			     ccache,
-			     &inbuf);
-	if(ret) {
-	    char *errbuf;
-
-	    asprintf (&errbuf,
-		      "Read forwarded creds failed: %s",
-		      krb5_get_err_text (context, ret));
-	    if(errbuf == NULL)
-		Data(ap, KRB_FORWARD_REJECT, NULL, 0);
-	    else
-		Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
-	    if (auth_debug_mode)
-		printf("Could not read forwarded credentials: %s\r\n",
-		       errbuf);
-	    free (errbuf);
-	} else {
-	    Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-#if defined(DCE)
-	    dfsfwd = 1;
-#endif
-	}
-	chown (ccname + 5, pwd->pw_uid, -1);
-	if (auth_debug_mode)
-	    printf("Forwarded credentials obtained\r\n");
-	break;
-    }
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	Data(ap, KRB_REJECT, 0, 0);
-	break;
-    }
-}
-
-void
-kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
-{
-    static int mutual_complete = 0;
-
-    if (cnt-- < 1)
-	return;
-    switch (*data++) {
-    case KRB_REJECT:
-	if (cnt > 0) {
-	    printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
-		   cnt, data);
-	} else
-	    printf("[ Kerberos V5 refuses authentication ]\r\n");
-	auth_send_retry();
-	return;
-    case KRB_ACCEPT: {
-	krb5_error_code ret;
-	Session_Key skey;
-	krb5_keyblock *keyblock;
-	
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
-	    !mutual_complete) {
-	    printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
-	    auth_send_retry();
-	    return;
-	}
-	if (cnt)
-	    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
-	else
-	    printf("[ Kerberos V5 accepts you ]\r\n");
-	      
-	ret = krb5_auth_con_getlocalsubkey (context,
-					    auth_context,
-					    &keyblock);
-	if (ret)
-	    ret = krb5_auth_con_getkey (context,
-					auth_context,
-					&keyblock);
-	if(ret) {
-	    printf("[ krb5_auth_con_getkey: %s ]\r\n",
-		   krb5_get_err_text(context, ret));
-	    auth_send_retry();
-	    return;
-	}
-	      
-	skey.type = SK_DES;
-	skey.length = 8;
-	skey.data = keyblock->keyvalue.data;
-	encrypt_session_key(&skey, 0);
-	krb5_free_keyblock_contents (context, keyblock);
-	auth_finished(ap, AUTH_USER);
-	if (forward_flags & OPTS_FORWARD_CREDS)
-	    kerberos5_forward(ap);
-	break;
-    }
-    case KRB_RESPONSE:
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    /* the rest of the reply should contain a krb_ap_rep */
-	  krb5_ap_rep_enc_part *reply;
-	  krb5_data inbuf;
-	  krb5_error_code ret;
-	    
-	  inbuf.length = cnt;
-	  inbuf.data = (char *)data;
-
-	  ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
-	  if (ret) {
-	      printf("[ Mutual authentication failed: %s ]\r\n",
-		     krb5_get_err_text (context, ret));
-	      auth_send_retry();
-	      return;
-	  }
-	  krb5_free_ap_rep_enc_part(context, reply);
-	  mutual_complete = 1;
-	}
-	return;
-    case KRB_FORWARD_ACCEPT:
-	printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
-	return;
-    case KRB_FORWARD_REJECT:
-	printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
-	       cnt, data);
-	return;
-    default:
-	if (auth_debug_mode)
-	    printf("Unknown Kerberos option %d\r\n", data[-1]);
-	return;
-    }
-}
-
-int
-kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
-{
-    if (level < AUTH_USER)
-	return(level);
-
-    if (UserNameRequested &&
-	krb5_kuserok(context,
-		     ticket->client,
-		     UserNameRequested))
-	{
-	    strlcpy(name, UserNameRequested, name_sz);
-#if defined(DCE)
-	    dfsk5ok = 1;
-#endif
-	    return(AUTH_VALID);
-	} else
-	    return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-void
-kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
-{
-    int i;
-
-    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-    buflen -= 1;
-
-    switch(data[3]) {
-    case KRB_REJECT:		/* Rejected (reason might follow) */
-	strlcpy((char *)buf, " REJECT ", buflen);
-	goto common;
-
-    case KRB_ACCEPT:		/* Accepted (name might follow) */
-	strlcpy((char *)buf, " ACCEPT ", buflen);
-    common:
-	BUMP(buf, buflen);
-	if (cnt <= 4)
-	    break;
-	ADDC(buf, buflen, '"');
-	for (i = 4; i < cnt; i++)
-	    ADDC(buf, buflen, data[i]);
-	ADDC(buf, buflen, '"');
-	ADDC(buf, buflen, '\0');
-	break;
-
-
-    case KRB_AUTH:			/* Authentication data follows */
-	strlcpy((char *)buf, " AUTH", buflen);
-	goto common2;
-
-    case KRB_RESPONSE:
-	strlcpy((char *)buf, " RESPONSE", buflen);
-	goto common2;
-
-    case KRB_FORWARD:		/* Forwarded credentials follow */
-	strlcpy((char *)buf, " FORWARD", buflen);
-	goto common2;
-
-    case KRB_FORWARD_ACCEPT:	/* Forwarded credentials accepted */
-	strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
-	goto common2;
-
-    case KRB_FORWARD_REJECT:	/* Forwarded credentials rejected */
-	/* (reason might follow) */
-	strlcpy((char *)buf, " FORWARD_REJECT", buflen);
-	goto common2;
-
-    default:
-	snprintf((char*)buf, buflen, " %d (unknown)", data[3]);
-    common2:
-	BUMP(buf, buflen);
-	for (i = 4; i < cnt; i++) {
-	    snprintf((char*)buf, buflen, " %d", data[i]);
-	    BUMP(buf, buflen);
-	}
-	break;
-    }
-}
-
-void
-kerberos5_forward(Authenticator *ap)
-{
-    krb5_error_code ret;
-    krb5_ccache     ccache;
-    krb5_creds      creds;
-    krb5_kdc_flags  flags;
-    krb5_data       out_data;
-    krb5_principal  principal;
-
-    ret = krb5_cc_default (context, &ccache);
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("KerberosV5: could not get default ccache: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("KerberosV5: could not get principal: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    memset (&creds, 0, sizeof(creds));
-
-    creds.client = principal;
-    
-    ret = krb5_build_principal (context,
-				&creds.server,
-				strlen(principal->realm),
-				principal->realm,
-				"krbtgt",
-				principal->realm,
-				NULL);
-
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("KerberosV5: could not get principal: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    creds.times.endtime = 0;
-
-    flags.i = 0;
-    flags.b.forwarded = 1;
-    if (forward_flags & OPTS_FORWARDABLE_CREDS)
-	flags.b.forwardable = 1;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    flags.i,
-				    RemoteHostName,
-				    &creds,
-				    &out_data);
-    if (ret) {
-	if (auth_debug_mode)
-	    printf ("Kerberos V5: error getting forwarded creds: %s\r\n",
-		    krb5_get_err_text (context, ret));
-	return;
-    }
-
-    if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-    } else {
-	if (auth_debug_mode)
-	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
-    }
-}
-
-#if defined(DCE)
-/* if this was a K5 authentication try and join a PAG for the user. */
-void
-kerberos5_dfspag(void)
-{
-    if (dfsk5ok) {
-	dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client,
-			      UserNameRequested);
-    }
-}
-#endif
-
-int
-kerberos5_set_forward(int on)
-{
-    if(on == 0)
-	forward_flags &= ~OPTS_FORWARD_CREDS;
-    if(on == 1)
-	forward_flags |= OPTS_FORWARD_CREDS;
-    if(on == -1)
-	forward_flags ^= OPTS_FORWARD_CREDS;
-    return 0;
-}
-
-int
-kerberos5_set_forwardable(int on)
-{
-    if(on == 0)
-	forward_flags &= ~OPTS_FORWARDABLE_CREDS;
-    if(on == 1)
-	forward_flags |= OPTS_FORWARDABLE_CREDS;
-    if(on == -1)
-	forward_flags ^= OPTS_FORWARDABLE_CREDS;
-    return 0;
-}
-
-#endif /* KRB5 */
diff --git a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
deleted file mode 100644
index 0a4ff86d858d..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c
+++ /dev/null
@@ -1,436 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: krb4encpwd.c,v 1.19 2001/02/15 04:20:52 assar Exp $");
-
-#ifdef	KRB4_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <pwd.h>
-#include <stdio.h>
-
-#include <krb.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-int krb_mk_encpwd_req (KTEXT, char *, char *, char *, char *, char *, char *);
-int krb_rd_encpwd_req (KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *);
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KRB4_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	KRB4_ENCPWD_AUTH	0	/* Authentication data follows */
-#define	KRB4_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
-#define KRB4_ENCPWD_ACCEPT	2	/* Accepted */
-#define	KRB4_ENCPWD_CHALLENGE	3	/* Challenge for mutual auth. */
-#define	KRB4_ENCPWD_ACK		4	/* Acknowledge */
-
-#define KRB_SERVICE_NAME    "rcmd"
-
-static	KTEXT_ST auth;
-static	char name[ANAME_SZ];
-static	char user_passwd[ANAME_SZ];
-static	AUTH_DAT adat = { 0 };
-static des_key_schedule sched;
-static char  challenge[REALM_SZ];
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-	unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen(cd);
-
-	if (0) {
-		printf("%s:%d: [%d] (%d)",
-			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-			str_data[3],
-			type, c);
-		printd(d, c);
-		printf("\r\n");
-	}
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-	while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(telnet_net_write(str_data, p - str_data));
-}
-
-	int
-krb4encpwd_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	char hostname[80], *cp, *realm;
-	des_clock skey;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-	} else {
-		str_data[3] = TELQUAL_IS;
-		gethostname(hostname, sizeof(hostname));
-		realm = krb_realmofhost(hostname);
-		cp = strchr(hostname, '.');
-		if (*cp != NULL) *cp = NULL;
-		if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
-					KEYFILE, (char *)skey)) {
-		  return(0);
-		}
-	}
-	return(1);
-}
-
-	int
-krb4encpwd_send(ap)
-	Authenticator *ap;
-{
-
-	printf("[ Trying KRB4ENCPWD ... ]\r\n");
-	if (!UserNameRequested) {
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, KRB4_ENCPWD_ACK, NULL, 0)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-krb4encpwd_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	des_cblock datablock;
-	char  r_passwd[ANAME_SZ], r_user[ANAME_SZ];
-	char  lhostname[ANAME_SZ], *cp;
-	int r;
-	time_t now;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB4_ENCPWD_AUTH:
-		memmove(auth.dat, data, auth.length = cnt);
-
-		gethostname(lhostname, sizeof(lhostname));
-		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
-
-		if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
-			Data(ap, KRB4_ENCPWD_REJECT, "Auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-		auth_encrypt_userpwd(r_passwd);
-		if (passwdok(UserNameRequested, UserPassword) == 0) {
-		  /*
-		   *  illegal username and password
-		   */
-		  Data(ap, KRB4_ENCPWD_REJECT, "Illegal password", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-
-		memmove(session_key, adat.session, sizeof(des_cblock));
-		Data(ap, KRB4_ENCPWD_ACCEPT, 0, 0);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	case KRB4_ENCPWD_CHALLENGE:
-		/*
-		 *  Take the received random challenge text and save
-		 *  for future authentication.
-		 */
-		memmove(challenge, data, sizeof(des_cblock));
-		break;
-
-
-	case KRB4_ENCPWD_ACK:
-		/*
-		 *  Receive ack, if mutual then send random challenge
-		 */
-
-		/*
-		 * If we are doing mutual authentication, get set up to send
-		 * the challenge, and verify it when the response comes back.
-		 */
-
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		  int i;
-
-		  time(&now);
-		  snprintf(challenge, sizeof(challenge), "%x", now);
-		  Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
-		}
-		break;
-
-	default:
-		Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-krb4encpwd_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	KTEXT_ST krb_token;
-	des_cblock enckey;
-	CREDENTIALS cred;
-	int r;
-	char	randchal[REALM_SZ], instance[ANAME_SZ], *cp;
-	char	hostname[80], *realm;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB4_ENCPWD_REJECT:
-		if (cnt > 0) {
-			printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case KRB4_ENCPWD_ACCEPT:
-		printf("[ KRB4_ENCPWD accepts you ]\r\n");
-		auth_finished(ap, AUTH_USER);
-		return;
-	case KRB4_ENCPWD_CHALLENGE:
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-
-		gethostname(hostname, sizeof(hostname));
-		realm = krb_realmofhost(hostname);
-		memmove(challenge, data, cnt);
-		memset(user_passwd, 0, sizeof(user_passwd));
-		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
-		UserPassword = user_passwd;
-		Challenge = challenge;
-		strlcpy(instance, RemoteHostName, sizeof(instance));
-		if ((cp = strchr(instance, '.')) != 0)  *cp = '\0';
-
-		if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
-		  krb_token.length = 0;
-		}
-
-		if (!Data(ap, KRB4_ENCPWD_AUTH, krb_token.dat, krb_token.length)) {
-		  return;
-		}
-
-		break;
-
-	default:
-		return;
-	}
-}
-
-	int
-krb4encpwd_status(ap, name, name_sz, level)
-	Authenticator *ap;
-	char *name;
-	size_t name_sz;
-	int level;
-{
-
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
-		strlcpy(name, UserNameRequested, name_sz);
-		return(AUTH_VALID);
-	} else {
-		return(AUTH_USER);
-	}
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-krb4encpwd_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case KRB4_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strlcpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case KRB4_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strlcpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case KRB4_ENCPWD_AUTH:		/* Authentication data follows */
-		strlcpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case KRB4_ENCPWD_CHALLENGE:
-		strlcpy((char *)buf, " CHALLENGE", buflen);
-		goto common2;
-
-	case KRB4_ENCPWD_ACK:
-		strlcpy((char *)buf, " ACK", buflen);
-		goto common2;
-
-	default:
-		snprintf(buf, buflen, " %d (unknown)", data[3]);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(buf, buflen, " %d", data[i]);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-int passwdok(name, passwd)
-char *name, *passwd;
-{
-  char *crypt();
-  char *salt, *p;
-  struct passwd *pwd;
-  int   passwdok_status = 0;
-
-  if (pwd = k_getpwnam(name))
-    salt = pwd->pw_passwd;
-  else salt = "xx";
-
-  p = crypt(passwd, salt);
-
-  if (pwd && !strcmp(p, pwd->pw_passwd)) {
-    passwdok_status = 1;
-  } else passwdok_status = 0;
-  return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
deleted file mode 100644
index 7bbafa5c9475..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/* $Id: misc-proto.h,v 1.9 2000/11/15 23:00:21 assar Exp $ */
-
-#ifndef	__MISC_PROTO__
-#define	__MISC_PROTO__
-
-void auth_encrypt_init (const char *, const char *, const char *, int);
-void auth_encrypt_user(const char *name);
-void auth_encrypt_connect (int);
-void printd (const unsigned char *, int);
-
-char** genget (char *name, char **table, int stlen);
-int isprefix(char *s1, char *s2);
-int Ambiguous(void *s);
-
-/*
- * These functions are imported from the application
- */
-int telnet_net_write (unsigned char *, int);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (const char *);
-char *telnet_gets (char *, char *, int, int);
-void printsub(int direction, unsigned char *pointer, int length);
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc.c b/crypto/heimdal/appl/telnet/libtelnet/misc.c
deleted file mode 100644
index b7af23756b1c..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/misc.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: misc.c,v 1.15 2000/01/25 23:24:58 assar Exp $");
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-#include "misc.h"
-#include "auth.h"
-#include "encrypt.h"
-
-
-const char *RemoteHostName;
-const char *LocalHostName;
-char *UserNameRequested = 0;
-int ConnectedCount = 0;
-
-void
-auth_encrypt_init(const char *local, const char *remote, const char *name,
-		  int server)
-{
-    RemoteHostName = remote;
-    LocalHostName = local;
-#ifdef AUTHENTICATION
-    auth_init(name, server);
-#endif
-#ifdef ENCRYPTION
-    encrypt_init(name, server);
-#endif
-    if (UserNameRequested) {
-	free(UserNameRequested);
-	UserNameRequested = 0;
-    }
-}
-
-void
-auth_encrypt_user(const char *name)
-{
-    if (UserNameRequested)
-	free(UserNameRequested);
-    UserNameRequested = name ? strdup(name) : 0;
-}
-
-void
-auth_encrypt_connect(int cnt)
-{
-}
-
-void
-printd(const unsigned char *data, int cnt)
-{
-    if (cnt > 16)
-	cnt = 16;
-    while (cnt-- > 0) {
-	printf(" %02x", *data);
-	++data;
-    }
-}
diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc.h b/crypto/heimdal/appl/telnet/libtelnet/misc.h
deleted file mode 100644
index e31556530aa5..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/misc.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc.h	8.1 (Berkeley) 6/4/93
- */
-
-extern char *UserNameRequested;
-extern const char *LocalHostName;
-extern const char *RemoteHostName;
-extern int ConnectedCount;
-extern int ReservedPort;
-
-#include "misc-proto.h"
diff --git a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c b/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
deleted file mode 100644
index 4c5e8751cbb4..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c
+++ /dev/null
@@ -1,487 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: rsaencpwd.c,v 1.19 2002/08/12 15:09:17 joda Exp $");
-
-#ifdef	RSA_ENCPWD
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <pwd.h>
-#include <stdio.h>
-
-#include <stdlib.h>
-#include <string.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-#include "cdc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_RSA_ENCPWD, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	RSA_ENCPWD_AUTH	0	/* Authentication data follows */
-#define	RSA_ENCPWD_REJECT	1	/* Rejected (reason might follow) */
-#define RSA_ENCPWD_ACCEPT	2	/* Accepted */
-#define	RSA_ENCPWD_CHALLENGEKEY	3	/* Challenge and public key */
-
-#define NAME_SZ   40
-#define CHAL_SZ   20
-#define PWD_SZ    40
-
-static	KTEXT_ST auth;
-static	char name[NAME_SZ];
-static	char user_passwd[PWD_SZ];
-static  char key_file[2*NAME_SZ];
-static  char lhostname[NAME_SZ];
-static char  challenge[CHAL_SZ];
-static int   challenge_len;
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-	unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-	if (0) {
-		printf("%s:%d: [%d] (%d)",
-			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-			str_data[3],
-			type, c);
-		printd(d, c);
-		printf("\r\n");
-	}
-	*p++ = ap->type;
-	*p++ = ap->way;
-	if (type != NULL) *p++ = type;
-	while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(telnet_net_write(str_data, p - str_data));
-}
-
-	int
-rsaencpwd_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	char  *cp;
-	FILE  *fp;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		memset(key_file, 0, sizeof(key_file));
-		gethostname(lhostname, sizeof(lhostname));
-		if ((cp = strchr(lhostname, '.')) != 0)  *cp = '\0';
-		snprintf(key_file, sizeof(key_file),
-			 SYSCONFDIR "/.%s_privkey", lhostname);
-		if ((fp=fopen(key_file, "r"))==NULL) return(0);
-		fclose(fp);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-rsaencpwd_send(ap)
-	Authenticator *ap;
-{
-
-	printf("[ Trying RSAENCPWD ... ]\r\n");
-	if (!UserNameRequested) {
-		return(0);
-	}
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-	if (!Data(ap, NULL, NULL, 0)) {
-		return(0);
-	}
-
-
-	return(1);
-}
-
-	void
-rsaencpwd_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	des_cblock datablock;
-	char  r_passwd[PWD_SZ], r_user[NAME_SZ];
-	char  *cp, key[160];
-	char  chalkey[160], *ptr;
-	FILE  *fp;
-	int r, i, j, chalkey_len, len;
-	time_t now;
-
-	cnt--;
-	switch (*data++) {
-	case RSA_ENCPWD_AUTH:
-		memmove(auth.dat, data, auth.length = cnt);
-
-		if ((fp=fopen(key_file, "r"))==NULL) {
-		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-		/*
-		 *  get privkey
-		 */
-		fscanf(fp, "%x;", &len);
-		for (i=0;i<len;i++) {
-		  j = getc(fp);  key[i]=j;
-		}
-		fclose(fp);
-
-		r = accept_rsa_encpwd(&auth, key, challenge,
-				      challenge_len, r_passwd);
-		if (r < 0) {
-		  Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-		auth_encrypt_userpwd(r_passwd);
-		if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
-		  /*
-		   *  illegal username and password
-		   */
-		  Data(ap, RSA_ENCPWD_REJECT, "Illegal password", -1);
-		  auth_finished(ap, AUTH_REJECT);
-		  return;
-		}
-
-		Data(ap, RSA_ENCPWD_ACCEPT, 0, 0);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-
-	case IAC:
-
-		/*
-		 * If we are doing mutual authentication, get set up to send
-		 * the challenge, and verify it when the response comes back.
-		 */
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
-		  int i;
-
-
-		  time(&now);
-		  if ((now % 2) == 0) {
-		    snprintf(challenge, sizeof(challenge), "%x", now);
-		    challenge_len = strlen(challenge);
-		  } else {
-		    strlcpy(challenge, "randchal", sizeof(challenge));
-		    challenge_len = 8;
-		  }
-
-		  if ((fp=fopen(key_file, "r"))==NULL) {
-		    Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
-		    auth_finished(ap, AUTH_REJECT);
-		    return;
-		  }
-		  /*
-		   *  skip privkey
-		   */
-		  fscanf(fp, "%x;", &len);
-		  for (i=0;i<len;i++) {
-		    j = getc(fp);
-		  }
-		  /*
-		   * get pubkey
-		   */
-		  fscanf(fp, "%x;", &len);
-		  for (i=0;i<len;i++) {
-		    j = getc(fp);  key[i]=j;
-		  }
-		  fclose(fp);
-		  chalkey[0] = 0x30;
-		  ptr = (char *) &chalkey[1];
-		  chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
-		  EncodeLength(ptr, chalkey_len);
-		  ptr +=NumEncodeLengthOctets(chalkey_len);
-		  *ptr++ = 0x04;  /* OCTET STRING */
-		  *ptr++ = challenge_len;
-		  memmove(ptr, challenge, challenge_len);
-		  ptr += challenge_len;
-		  *ptr++ = 0x04;  /* OCTET STRING */
-		  EncodeLength(ptr, i);
-		  ptr += NumEncodeLengthOctets(i);
-		  memmove(ptr, key, i);
-		  chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
-		  Data(ap, RSA_ENCPWD_CHALLENGEKEY, chalkey, chalkey_len);
-		}
-		break;
-
-	default:
-		Data(ap, RSA_ENCPWD_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-rsaencpwd_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	KTEXT_ST token;
-	des_cblock enckey;
-	int r, pubkey_len;
-	char	randchal[CHAL_SZ], *cp;
-	char	chalkey[160], pubkey[128], *ptr;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case RSA_ENCPWD_REJECT:
-		if (cnt > 0) {
-			printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ RSA_ENCPWD refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case RSA_ENCPWD_ACCEPT:
-		printf("[ RSA_ENCPWD accepts you ]\r\n");
-		auth_finished(ap, AUTH_USER);
-		return;
-	case RSA_ENCPWD_CHALLENGEKEY:
-		/*
-		 * Verify that the response to the challenge is correct.
-		 */
-
-		memmove(chalkey, data, cnt);
-		ptr = (char *) &chalkey[0];
-		ptr += DecodeHeaderLength(chalkey);
-		if (*ptr != 0x04) {
-		  return;
-		}
-		*ptr++;
-		challenge_len = DecodeValueLength(ptr);
-		ptr += NumEncodeLengthOctets(challenge_len);
-		memmove(challenge, ptr, challenge_len);
-		ptr += challenge_len;
-		if (*ptr != 0x04) {
-		  return;
-		}
-		*ptr++;
-		pubkey_len = DecodeValueLength(ptr);
-		ptr += NumEncodeLengthOctets(pubkey_len);
-		memmove(pubkey, ptr, pubkey_len);
-		memset(user_passwd, 0, sizeof(user_passwd));
-		des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
-		UserPassword = user_passwd;
-		Challenge = challenge;
-		r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
-		if (r < 0) {
-		  token.length = 1;
-		}
-
-		if (!Data(ap, RSA_ENCPWD_AUTH, token.dat, token.length)) {
-		  return;
-		}
-
-		break;
-
-	default:
-		return;
-	}
-}
-
-	int
-rsaencpwd_status(ap, name, name_sz, level)
-	Authenticator *ap;
-	char *name;
-	size_t name_sz;
-	int level;
-{
-
-	if (level < AUTH_USER)
-		return(level);
-
-	if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
-		strlcpy(name, UserNameRequested, name_sz);
-		return(AUTH_VALID);
-	} else {
-		return(AUTH_USER);
-	}
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-rsaencpwd_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case RSA_ENCPWD_REJECT:	/* Rejected (reason might follow) */
-		strlcpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case RSA_ENCPWD_ACCEPT:	/* Accepted (name might follow) */
-		strlcpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case RSA_ENCPWD_AUTH:		/* Authentication data follows */
-		strlcpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case RSA_ENCPWD_CHALLENGEKEY:
-		strlcpy((char *)buf, " CHALLENGEKEY", buflen);
-		goto common2;
-
-	default:
-		snprintf(buf, buflen, " %d (unknown)", data[3]);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(buf, buflen, " %d", data[i]);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-int rsaencpwd_passwdok(name, passwd)
-char *name, *passwd;
-{
-  char *crypt();
-  char *salt, *p;
-  struct passwd *pwd;
-  int   passwdok_status = 0;
-
-  if (pwd = k_getpwnam(name))
-    salt = pwd->pw_passwd;
-  else salt = "xx";
-
-  p = crypt(passwd, salt);
-
-  if (pwd && !strcmp(p, pwd->pw_passwd)) {
-    passwdok_status = 1;
-  } else passwdok_status = 0;
-  return(passwdok_status);
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/libtelnet/spx.c b/crypto/heimdal/appl/telnet/libtelnet/spx.c
deleted file mode 100644
index 9155ef2f3df8..000000000000
--- a/crypto/heimdal/appl/telnet/libtelnet/spx.c
+++ /dev/null
@@ -1,586 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-
-RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $");
-
-#ifdef	SPX
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-#include <stdio.h>
-#include "gssapi_defs.h"
-#include <stdlib.h>
-#include <string.h>
-
-#include <pwd.h>
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_SPX, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	SPX_AUTH	0		/* Authentication data follows */
-#define	SPX_REJECT	1		/* Rejected (reason might follow) */
-#define SPX_ACCEPT	2		/* Accepted */
-
-static des_key_schedule sched;
-static des_cblock	challenge	= { 0 };
-
-
-/*******************************************************************/
-
-gss_OID_set		actual_mechs;
-gss_OID			actual_mech_type, output_name_type;
-int			major_status, status, msg_ctx = 0, new_status;
-int			req_flags = 0, ret_flags, lifetime_rec;
-gss_cred_id_t		gss_cred_handle;
-gss_ctx_id_t		actual_ctxhandle, context_handle;
-gss_buffer_desc		output_token, input_token, input_name_buffer;
-gss_buffer_desc		status_string;
-gss_name_t		desired_targname, src_name;
-gss_channel_bindings	input_chan_bindings;
-char			lhostname[GSS_C_MAX_PRINTABLE_NAME];
-char			targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-int			to_addr=0, from_addr=0;
-char			*address;
-gss_buffer_desc		fullname_buffer;
-gss_OID			fullname_type;
-gss_cred_id_t		gss_delegated_cred_handle;
-
-/*******************************************************************/
-
-
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-	unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-	if (0) {
-		printf("%s:%d: [%d] (%d)",
-			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-			str_data[3],
-			type, c);
-		printd(d, c);
-		printf("\r\n");
-	}
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-	while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(telnet_net_write(str_data, p - str_data));
-}
-
-	int
-spx_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	gss_cred_id_t	tmp_cred_handle;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		gethostname(lhostname, sizeof(lhostname));
-		snprintf (targ_printable, sizeof(targ_printable),
-			  "SERVICE:rcmd@%s", lhostname);
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-		major_status = gss_import_name(&status,
-					&input_name_buffer,
-					GSS_C_NULL_OID,
-					&desired_targname);
-		major_status = gss_acquire_cred(&status,
-					desired_targname,
-					0,
-					GSS_C_NULL_OID_SET,
-					GSS_C_ACCEPT,
-					&tmp_cred_handle,
-					&actual_mechs,
-					&lifetime_rec);
-		if (major_status != GSS_S_COMPLETE) return(0);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-spx_send(ap)
-	Authenticator *ap;
-{
-	des_cblock enckey;
-	int r;
-
-	gss_OID	actual_mech_type, output_name_type;
-	int	msg_ctx = 0, new_status, status;
-	int	req_flags = 0, ret_flags, lifetime_rec, major_status;
-	gss_buffer_desc  output_token, input_token, input_name_buffer;
-	gss_buffer_desc  output_name_buffer, status_string;
-	gss_name_t    desired_targname;
-	gss_channel_bindings  input_chan_bindings;
-	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-	int  from_addr=0, to_addr=0, myhostlen, j;
-	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
-	char *address;
-
-	printf("[ Trying SPX ... ]\r\n");
-	snprintf (targ_printable, sizeof(targ_printable),
-		  "SERVICE:rcmd@%s", RemoteHostName);
-
-	input_name_buffer.length = strlen(targ_printable);
-	input_name_buffer.value = targ_printable;
-
-	if (!UserNameRequested) {
-		return(0);
-	}
-
-	major_status = gss_import_name(&status,
-					&input_name_buffer,
-					GSS_C_NULL_OID,
-					&desired_targname);
-
-
-	major_status = gss_display_name(&status,
-					desired_targname,
-					&output_name_buffer,
-					&output_name_type);
-
-	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
-
-	major_status = gss_release_buffer(&status, &output_name_buffer);
-
-	input_chan_bindings = (gss_channel_bindings)
-	  malloc(sizeof(gss_channel_bindings_desc));
-
-	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->initiator_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->initiator_address.value = (char *) address;
-	address[0] = ((from_addr & 0xff000000) >> 24);
-	address[1] = ((from_addr & 0xff0000) >> 16);
-	address[2] = ((from_addr & 0xff00) >> 8);
-	address[3] = (from_addr & 0xff);
-	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->acceptor_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->acceptor_address.value = (char *) address;
-	address[0] = ((to_addr & 0xff000000) >> 24);
-	address[1] = ((to_addr & 0xff0000) >> 16);
-	address[2] = ((to_addr & 0xff00) >> 8);
-	address[3] = (to_addr & 0xff);
-	input_chan_bindings->application_data.length = 0;
-
-	req_flags = 0;
-	if (deleg_flag)  req_flags = req_flags | 1;
-	if (mutual_flag) req_flags = req_flags | 2;
-	if (replay_flag) req_flags = req_flags | 4;
-	if (seq_flag)    req_flags = req_flags | 8;
-
-	major_status = gss_init_sec_context(&status,         /* minor status */
-					GSS_C_NO_CREDENTIAL, /* cred handle */
-					&actual_ctxhandle,   /* ctx handle */
-					desired_targname,    /* target name */
-					GSS_C_NULL_OID,      /* mech type */
-					req_flags,           /* req flags */
-					0,                   /* time req */
-					input_chan_bindings, /* chan binding */
-					GSS_C_NO_BUFFER,     /* input token */
-					&actual_mech_type,   /* actual mech */
-					&output_token,       /* output token */
-					&ret_flags,          /* ret flags */
-					&lifetime_rec);      /* time rec */
-
-	if ((major_status != GSS_S_COMPLETE) &&
-	    (major_status != GSS_S_CONTINUE_NEEDED)) {
-	  gss_display_status(&new_status,
-				status,
-				GSS_C_MECH_CODE,
-				GSS_C_NULL_OID,
-				&msg_ctx,
-				&status_string);
-	  printf("%s\n", status_string.value);
-	  return(0);
-	}
-
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-spx_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	des_cblock datablock;
-	int r;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_AUTH:
-		input_token.length = cnt;
-		input_token.value = (char *) data;
-
-		gethostname(lhostname, sizeof(lhostname));
-
-		snprintf(targ_printable, sizeof(targ_printable),
-			 "SERVICE:rcmd@%s", lhostname);
-
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-
-		major_status = gss_import_name(&status,
-					&input_name_buffer,
-					GSS_C_NULL_OID,
-					&desired_targname);
-
-		major_status = gss_acquire_cred(&status,
-					desired_targname,
-					0,
-					GSS_C_NULL_OID_SET,
-					GSS_C_ACCEPT,
-					&gss_cred_handle,
-					&actual_mechs,
-					&lifetime_rec);
-
-		major_status = gss_release_name(&status, desired_targname);
-
-		input_chan_bindings = (gss_channel_bindings)
-		  malloc(sizeof(gss_channel_bindings_desc));
-
-		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->initiator_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->initiator_address.value = (char *) address;
-		address[0] = ((from_addr & 0xff000000) >> 24);
-		address[1] = ((from_addr & 0xff0000) >> 16);
-		address[2] = ((from_addr & 0xff00) >> 8);
-		address[3] = (from_addr & 0xff);
-		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->acceptor_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->acceptor_address.value = (char *) address;
-		address[0] = ((to_addr & 0xff000000) >> 24);
-		address[1] = ((to_addr & 0xff0000) >> 16);
-		address[2] = ((to_addr & 0xff00) >> 8);
-		address[3] = (to_addr & 0xff);
-		input_chan_bindings->application_data.length = 0;
-
-		major_status = gss_accept_sec_context(&status,
-						&context_handle,
-						gss_cred_handle,
-						&input_token,
-						input_chan_bindings,
-						&src_name,
-						&actual_mech_type,
-						&output_token,
-						&ret_flags,
-						&lifetime_rec,
-						&gss_delegated_cred_handle);
-
-
-		if (major_status != GSS_S_COMPLETE) {
-
-		  major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-			Data(ap, SPX_REJECT, "auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-
-
-		Data(ap, SPX_ACCEPT, output_token.value, output_token.length);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	default:
-		Data(ap, SPX_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-spx_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_REJECT:
-		if (cnt > 0) {
-			printf("[ SPX refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ SPX refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case SPX_ACCEPT:
-		printf("[ SPX accepts you ]\r\n");
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-			/*
-			 * Send over the encrypted challenge.
-		 	 */
-		  input_token.value = (char *) data;
-		  input_token.length = cnt;
-
-		  major_status = gss_init_sec_context(&status, /* minor stat */
-					GSS_C_NO_CREDENTIAL, /* cred handle */
-					&actual_ctxhandle,   /* ctx handle */
-					desired_targname,    /* target name */
-					GSS_C_NULL_OID,      /* mech type */
-					req_flags,           /* req flags */
-					0,                   /* time req */
-					input_chan_bindings, /* chan binding */
-					&input_token,        /* input token */
-					&actual_mech_type,   /* actual mech */
-					&output_token,       /* output token */
-					&ret_flags,          /* ret flags */
-					&lifetime_rec);      /* time rec */
-
-		  if (major_status != GSS_S_COMPLETE) {
-		    gss_display_status(&new_status,
-					status,
-					GSS_C_MECH_CODE,
-					GSS_C_NULL_OID,
-					&msg_ctx,
-					&status_string);
-		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
-			 status_string.value);
-		    auth_send_retry();
-		    return;
-		  }
-		}
-		auth_finished(ap, AUTH_USER);
-		return;
-
-	default:
-		return;
-	}
-}
-
-	int
-spx_status(ap, name, name_sz, level)
-	Authenticator *ap;
-	char *name;
-	size_t name_sz;
-	int level;
-{
-
-	gss_buffer_desc  fullname_buffer, acl_file_buffer;
-	gss_OID          fullname_type;
-	char acl_file[160], fullname[160];
-	int major_status, status = 0;
-	struct passwd  *pwd;
-
-	/*
-	 * hard code fullname to
-	 *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
-	 * and acl_file to "~kannan/.sphinx"
-	 */
-
-	pwd = k_getpwnam(UserNameRequested);
-	if (pwd == NULL) {
-	  return(AUTH_USER);   /*  not authenticated  */
-	}
-
-	snprintf (acl_file, sizeof(acl_file),
-		  "%s/.sphinx", pwd->pw_dir);
-
-	acl_file_buffer.value = acl_file;
-	acl_file_buffer.length = strlen(acl_file);
-
-	major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-
-	if (level < AUTH_USER)
-		return(level);
-
-	major_status = gss__check_acl(&status, &fullname_buffer,
-					&acl_file_buffer);
-
-	if (major_status == GSS_S_COMPLETE) {
-	  strlcpy(name, UserNameRequested, name_sz);
-	  return(AUTH_VALID);
-	} else {
-	   return(AUTH_USER);
-	}
-
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-spx_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case SPX_REJECT:		/* Rejected (reason might follow) */
-		strlcpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case SPX_ACCEPT:		/* Accepted (name might follow) */
-		strlcpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case SPX_AUTH:			/* Authentication data follows */
-		strlcpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	default:
-		snprintf(buf, buflen, " %d (unknown)", data[3]);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(buf, buflen, " %d", data[i]);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnet.state b/crypto/heimdal/appl/telnet/telnet.state
deleted file mode 100644
index 1927a2b4bb5b..000000000000
--- a/crypto/heimdal/appl/telnet/telnet.state
+++ /dev/null
@@ -1,80 +0,0 @@
-
-   Three pieces of state need to be kept for each side of each option.
-   (You need the localside, sending WILL/WONT & receiving DO/DONT, and
-   the remoteside, sending DO/DONT and receiving WILL/WONT)
-
-	MY_STATE:	What state am I in?
-	WANT_STATE:	What state do I want?
-	WANT_RESP:	How many requests have I initiated?
-
-   Default values:
-	MY_STATE = WANT_STATE = DONT
-	WANT_RESP = 0
-
-   The local setup will change based on the state of the Telnet
-   variables.  When we are the originator, we can either make the
-   local setup changes at option request time (in which case if
-   the option is denied we need to change things back) or when
-   the option is acknowledged.
-
-   To initiate a switch to NEW_STATE:
-
-	if ((WANT_RESP == 0 && NEW_STATE == MY_STATE) ||
-			WANT_STATE == NEW_STATE) {
-	    do nothing;
-	} else {
-	    /*
-	     * This is where the logic goes to change the local setup
-	     * if we are doing so at request initiation
-	     */
-	    WANT_STATE = NEW_STATE;
-	    send NEW_STATE;
-	    WANT_RESP += 1;
-	}
-
-   When receiving NEW_STATE:
-
-	if (WANT_RESP) {
-	    --WANT_RESP;
-	    if (WANT_RESP && (NEW_STATE == MY_STATE))
-		--WANT_RESP;
-	}
-	if (WANT_RESP == 0) {
-	    if (NEW_STATE != WANT_STATE) {
-		/*
-		 * This is where the logic goes to decide if it is ok
-		 * to switch to NEW_STATE, and if so, do any necessary
-		 * local setup changes.
-		 */
-		if (ok_to_switch_to NEW_STATE)
-		    WANT_STATE = NEW_STATE;
-		else
-		    WANT_RESP++;
-*		if (MY_STATE != WANT_STATE)
-		    reply with WANT_STATE;
-	    } else {
-		/*
-		 * This is where the logic goes to change the local setup
-		 * if we are doing so at request acknowledgment
-		 */
-	    }
-	}
-	MY_STATE = NEW_STATE;
-
-* This if() line is not needed, it should be ok to always do the
-  "reply with WANT_STATE".  With the if() line, asking to turn on
-  an option that the other side doesn't understand is:
-		Send DO option
-		Recv WONT option
-  Without the if() line, it is:
-		Send DO option
-		Recv WONT option
-		Send DONT option
-  If the other side does not expect to receive the latter case,
-  but generates the latter case, then there is a potential for
-  option negotiation loops.  An implementation that does not expect
-  to get the second case should not generate it, an implementation
-  that does expect to get it may or may not generate it, and things
-  will still work.  Being conservative in what we send, we have the
-  if() statement in, but we expect the other side to generate the
-  last response.
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile b/crypto/heimdal/appl/telnet/telnet/Makefile
deleted file mode 100644
index 7551baaa5f71..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/Makefile
+++ /dev/null
@@ -1,661 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/telnet/telnet/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.16 2001/08/28 11:21:16 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = telnet
-
-CHECK_LOCAL = 
-
-telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \
-		  sys_bsd.c telnet.c terminal.c \
-		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
-
-
-man_MANS = telnet.1
-
-LDADD = ../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_tgetent) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-subdir = appl/telnet/telnet
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = telnet$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_telnet_OBJECTS = authenc.$(OBJEXT) commands.$(OBJEXT) main.$(OBJEXT) \
-	network.$(OBJEXT) ring.$(OBJEXT) sys_bsd.$(OBJEXT) \
-	telnet.$(OBJEXT) terminal.$(OBJEXT) utilities.$(OBJEXT)
-telnet_OBJECTS = $(am_telnet_OBJECTS)
-telnet_LDADD = $(LDADD)
-telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#telnet_DEPENDENCIES = ../libtelnet/libtelnet.a
-#telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la \
-#	$(top_builddir)/lib/kdfs/libkdfs.la
-##telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \
-##	$(top_builddir)/lib/kdfs/libkdfs.la
-telnet_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(telnet_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(telnet_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/telnet/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-telnet$(EXEEXT): $(telnet_OBJECTS) $(telnet_DEPENDENCIES) 
-	@rm -f telnet$(EXEEXT)
-	$(LINK) $(telnet_LDFLAGS) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.am b/crypto/heimdal/appl/telnet/telnet/Makefile.am
deleted file mode 100644
index cb516cbd3841..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.am
+++ /dev/null
@@ -1,23 +0,0 @@
-# $Id: Makefile.am,v 1.16 2001/08/28 11:21:16 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-bin_PROGRAMS = telnet
-
-CHECK_LOCAL = 
-
-telnet_SOURCES  = authenc.c commands.c main.c network.c ring.c \
-		  sys_bsd.c telnet.c terminal.c \
-		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
-
-man_MANS = telnet.1
-
-LDADD = ../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_tgetent) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in
deleted file mode 100644
index 3a04cd4cb547..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/Makefile.in
+++ /dev/null
@@ -1,657 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.16 2001/08/28 11:21:16 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = telnet
-
-CHECK_LOCAL = 
-
-telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \
-		  sys_bsd.c telnet.c terminal.c \
-		  utilities.c defines.h externs.h ring.h telnet_locl.h types.h
-
-
-man_MANS = telnet.1
-
-LDADD = ../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_tgetent) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-subdir = appl/telnet/telnet
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = telnet$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_telnet_OBJECTS = authenc.$(OBJEXT) commands.$(OBJEXT) main.$(OBJEXT) \
-	network.$(OBJEXT) ring.$(OBJEXT) sys_bsd.$(OBJEXT) \
-	telnet.$(OBJEXT) terminal.$(OBJEXT) utilities.$(OBJEXT)
-telnet_OBJECTS = $(am_telnet_OBJECTS)
-telnet_LDADD = $(LDADD)
-@DCE_FALSE@@KRB5_TRUE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@DCE_FALSE@@KRB5_FALSE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a
-@DCE_TRUE@@KRB5_TRUE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kdfs/libkdfs.la
-@DCE_TRUE@@KRB5_FALSE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \
-@DCE_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kdfs/libkdfs.la
-telnet_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(telnet_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(telnet_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/telnet/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-telnet$(EXEEXT): $(telnet_OBJECTS) $(telnet_DEPENDENCIES) 
-	@rm -f telnet$(EXEEXT)
-	$(LINK) $(telnet_LDFLAGS) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-man1 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnet/authenc.c b/crypto/heimdal/appl/telnet/telnet/authenc.c
deleted file mode 100644
index f1da7358d098..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/authenc.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: authenc.c,v 1.12 2001/12/20 20:39:51 joda Exp $");
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-int
-telnet_net_write(unsigned char *str, int len)
-{
-	if (NETROOM() > len) {
-		ring_supply_data(&netoring, str, len);
-		if (str[0] == IAC && str[1] == SE)
-			printsub('>', &str[2], len-2);
-		return(len);
-	}
-	return(0);
-}
-
-void
-net_encrypt(void)
-{
-#if	defined(ENCRYPTION)
-	if (encrypt_output)
-		ring_encrypt(&netoring, encrypt_output);
-	else
-		ring_clearto(&netoring);
-#endif
-}
-
-int
-telnet_spin(void)
-{
-    extern int scheduler_lockout_tty;
-
-    scheduler_lockout_tty = 1;
-    Scheduler(0);
-    scheduler_lockout_tty = 0;
-    
-    return 0;
-
-}
-
-char *
-telnet_getenv(const char *val)
-{
-	return((char *)env_getvalue((unsigned char *)val));
-}
-
-char *
-telnet_gets(char *prompt, char *result, int length, int echo)
-{
-	int om = globalmode;
-	char *res;
-
-	TerminalNewMode(-1);
-	if (echo) {
-		printf("%s", prompt);
-		res = fgets(result, length, stdin);
-	} else if ((res = getpass(prompt))) {
-		strlcpy(result, res, length);
-		res = result;
-	}
-	TerminalNewMode(om);
-	return(res);
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnet/commands.c b/crypto/heimdal/appl/telnet/telnet/commands.c
deleted file mode 100644
index 6c610a55e112..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/commands.c
+++ /dev/null
@@ -1,2694 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: commands.c,v 1.72 2002/08/28 21:04:59 joda Exp $");
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-int tos = -1;
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-
-char	*hostname;
-static char _hostname[MaxHostNameLen];
-
-typedef int (*intrtn_t)(int, char**);
-static int call(intrtn_t, ...);
-
-typedef struct {
-	char	*name;		/* command name */
-	char	*help;		/* help string (NULL for no help) */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-} Command;
-
-static char line[256];
-static char saveline[256];
-static int margc;
-static char *margv[20];
-
-static void
-makeargv()
-{
-    char *cp, *cp2, c;
-    char **argp = margv;
-
-    margc = 0;
-    cp = line;
-    if (*cp == '!') {		/* Special case shell escape */
-	/* save for shell command */
-	strlcpy(saveline, line, sizeof(saveline));
-	*argp++ = "!";		/* No room in string to get this */
-	margc++;
-	cp++;
-    }
-    while ((c = *cp)) {
-	int inquote = 0;
-	while (isspace(c))
-	    c = *++cp;
-	if (c == '\0')
-	    break;
-	*argp++ = cp;
-	margc += 1;
-	for (cp2 = cp; c != '\0'; c = *++cp) {
-	    if (inquote) {
-		if (c == inquote) {
-		    inquote = 0;
-		    continue;
-		}
-	    } else {
-		if (c == '\\') {
-		    if ((c = *++cp) == '\0')
-			break;
-		} else if (c == '"') {
-		    inquote = '"';
-		    continue;
-		} else if (c == '\'') {
-		    inquote = '\'';
-		    continue;
-		} else if (isspace(c))
-		    break;
-	    }
-	    *cp2++ = c;
-	}
-	*cp2 = '\0';
-	if (c == '\0')
-	    break;
-	cp++;
-    }
-    *argp++ = 0;
-}
-
-/*
- * Make a character string into a number.
- *
- * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
- */
-
-static char
-special(char *s)
-{
-	char c;
-	char b;
-
-	switch (*s) {
-	case '^':
-		b = *++s;
-		if (b == '?') {
-		    c = b | 0x40;		/* DEL */
-		} else {
-		    c = b & 0x1f;
-		}
-		break;
-	default:
-		c = *s;
-		break;
-	}
-	return c;
-}
-
-/*
- * Construct a control character sequence
- * for a special character.
- */
-static char *
-control(cc_t c)
-{
-	static char buf[5];
-	/*
-	 * The only way I could get the Sun 3.5 compiler
-	 * to shut up about
-	 *	if ((unsigned int)c >= 0x80)
-	 * was to assign "c" to an unsigned int variable...
-	 * Arggg....
-	 */
-	unsigned int uic = (unsigned int)c;
-
-	if (uic == 0x7f)
-		return ("^?");
-	if (c == (cc_t)_POSIX_VDISABLE) {
-		return "off";
-	}
-	if (uic >= 0x80) {
-		buf[0] = '\\';
-		buf[1] = ((c>>6)&07) + '0';
-		buf[2] = ((c>>3)&07) + '0';
-		buf[3] = (c&07) + '0';
-		buf[4] = 0;
-	} else if (uic >= 0x20) {
-		buf[0] = c;
-		buf[1] = 0;
-	} else {
-		buf[0] = '^';
-		buf[1] = '@'+c;
-		buf[2] = 0;
-	}
-	return (buf);
-}
-
-
-
-/*
- *	The following are data structures and routines for
- *	the "send" command.
- *
- */
-
-struct sendlist {
-    char	*name;		/* How user refers to it (case independent) */
-    char	*help;		/* Help information (0 ==> no help) */
-    int		needconnect;	/* Need to be connected */
-    int		narg;		/* Number of arguments */
-    int		(*handler)();	/* Routine to perform (for special ops) */
-    int		nbyte;		/* Number of bytes to send this command */
-    int		what;		/* Character to be sent (<0 ==> special) */
-};
-
-
-static int
-	send_esc (void),
-	send_help (void),
-	send_docmd (char *),
-	send_dontcmd (char *),
-	send_willcmd (char *),
-	send_wontcmd (char *);
-
-static struct sendlist Sendlist[] = {
-    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
-    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
-    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
-    { "break",	0,					1, 0, 0, 2, BREAK },
-    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
-    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
-    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
-    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
-    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
-    { "intp",	0,					1, 0, 0, 2, IP },
-    { "interrupt", 0,					1, 0, 0, 2, IP },
-    { "intr",	0,					1, 0, 0, 2, IP },
-    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
-    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
-    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
-    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
-    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
-    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
-    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
-    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
-    { "help",	0,					0, 0, send_help, 0, 0 },
-    { "do",	0,					0, 1, send_docmd, 3, 0 },
-    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
-    { "will",	0,					0, 1, send_willcmd, 3, 0 },
-    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
-    { 0 }
-};
-
-#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
-				sizeof(struct sendlist)))
-
-static int
-sendcmd(int argc, char **argv)
-{
-    int count;		/* how many bytes we are going to need to send */
-    int i;
-    struct sendlist *s;	/* pointer to current command */
-    int success = 0;
-    int needconnect = 0;
-
-    if (argc < 2) {
-	printf("need at least one argument for 'send' command\r\n");
-	printf("'send ?' for help\r\n");
-	return 0;
-    }
-    /*
-     * First, validate all the send arguments.
-     * In addition, we see how much space we are going to need, and
-     * whether or not we will be doing a "SYNCH" operation (which
-     * flushes the network queue).
-     */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	s = GETSEND(argv[i]);
-	if (s == 0) {
-	    printf("Unknown send argument '%s'\r\n'send ?' for help.\r\n",
-			argv[i]);
-	    return 0;
-	} else if (Ambiguous(s)) {
-	    printf("Ambiguous send argument '%s'\r\n'send ?' for help.\r\n",
-			argv[i]);
-	    return 0;
-	}
-	if (i + s->narg >= argc) {
-	    fprintf(stderr,
-	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\r\n",
-		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
-	    return 0;
-	}
-	count += s->nbyte;
-	if (s->handler == send_help) {
-	    send_help();
-	    return 0;
-	}
-
-	i += s->narg;
-	needconnect += s->needconnect;
-    }
-    if (!connected && needconnect) {
-	printf("?Need to be connected first.\r\n");
-	printf("'send ?' for help\r\n");
-	return 0;
-    }
-    /* Now, do we have enough room? */
-    if (NETROOM() < count) {
-	printf("There is not enough room in the buffer TO the network\r\n");
-	printf("to process your request.  Nothing will be done.\r\n");
-	printf("('send synch' will throw away most data in the network\r\n");
-	printf("buffer, if this might help.)\r\n");
-	return 0;
-    }
-    /* OK, they are all OK, now go through again and actually send */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	if ((s = GETSEND(argv[i])) == 0) {
-	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\r\n");
-	    quit();
-	    /*NOTREACHED*/
-	}
-	if (s->handler) {
-	    count++;
-	    success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
-				  (s->narg > 1) ? argv[i+2] : 0);
-	    i += s->narg;
-	} else {
-	    NET2ADD(IAC, s->what);
-	    printoption("SENT", IAC, s->what);
-	}
-    }
-    return (count == success);
-}
-
-static int
-send_tncmd(void (*func)(), char *cmd, char *name);
-
-static int
-send_esc()
-{
-    NETADD(escape);
-    return 1;
-}
-
-static int
-send_docmd(char *name)
-{
-    return(send_tncmd(send_do, "do", name));
-}
-
-static int
-send_dontcmd(char *name)
-{
-    return(send_tncmd(send_dont, "dont", name));
-}
-
-static int
-send_willcmd(char *name)
-{
-    return(send_tncmd(send_will, "will", name));
-}
-
-static int
-send_wontcmd(char *name)
-{
-    return(send_tncmd(send_wont, "wont", name));
-}
-
-extern char *telopts[];		/* XXX */
-
-static int
-send_tncmd(void (*func)(), char *cmd, char *name)
-{
-    char **cpp;
-    int val = 0;
-
-    if (isprefix(name, "help") || isprefix(name, "?")) {
-	int col, len;
-
-	printf("Usage: send %s <value|option>\r\n", cmd);
-	printf("\"value\" must be from 0 to 255\r\n");
-	printf("Valid options are:\r\n\t");
-
-	col = 8;
-	for (cpp = telopts; *cpp; cpp++) {
-	    len = strlen(*cpp) + 3;
-	    if (col + len > 65) {
-		printf("\r\n\t");
-		col = 8;
-	    }
-	    printf(" \"%s\"", *cpp);
-	    col += len;
-	}
-	printf("\r\n");
-	return 0;
-    }
-    cpp = genget(name, telopts, sizeof(char *));
-    if (Ambiguous(cpp)) {
-	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\r\n",
-					name, cmd);
-	return 0;
-    }
-    if (cpp) {
-	val = cpp - telopts;
-    } else {
-	char *cp = name;
-
-	while (*cp >= '0' && *cp <= '9') {
-	    val *= 10;
-	    val += *cp - '0';
-	    cp++;
-	}
-	if (*cp != 0) {
-	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\r\n",
-					name, cmd);
-	    return 0;
-	} else if (val < 0 || val > 255) {
-	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\r\n",
-					name, cmd);
-	    return 0;
-	}
-    }
-    if (!connected) {
-	printf("?Need to be connected first.\r\n");
-	return 0;
-    }
-    (*func)(val, 1);
-    return 1;
-}
-
-static int
-send_help()
-{
-    struct sendlist *s;	/* pointer to current command */
-    for (s = Sendlist; s->name; s++) {
-	if (s->help)
-	    printf("%-15s %s\r\n", s->name, s->help);
-    }
-    return(0);
-}
-
-/*
- * The following are the routines and data structures referred
- * to by the arguments to the "toggle" command.
- */
-
-static int
-lclchars()
-{
-    donelclchars = 1;
-    return 1;
-}
-
-static int
-togdebug()
-{
-#ifndef	NOT43
-    if (net > 0 &&
-	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
-	    perror("setsockopt (SO_DEBUG)");
-    }
-#else	/* NOT43 */
-    if (debug) {
-	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
-	    perror("setsockopt (SO_DEBUG)");
-    } else
-	printf("Cannot turn off socket debugging\r\n");
-#endif	/* NOT43 */
-    return 1;
-}
-
-#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
-#include <krb.h>
-
-static int
-togkrbdebug(void)
-{
-    if(krb_debug)
-	krb_enable_debug();
-    else
-	krb_disable_debug();
-    return 1;
-}
-#endif
-
-static int
-togcrlf()
-{
-    if (crlf) {
-	printf("Will send carriage returns as telnet <CR><LF>.\r\n");
-    } else {
-	printf("Will send carriage returns as telnet <CR><NUL>.\r\n");
-    }
-    return 1;
-}
-
-int binmode;
-
-static int
-togbinary(int val)
-{
-    donebinarytoggle = 1;
-
-    if (val >= 0) {
-	binmode = val;
-    } else {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-				my_want_state_is_do(TELOPT_BINARY)) {
-	    binmode = 1;
-	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
-				my_want_state_is_dont(TELOPT_BINARY)) {
-	    binmode = 0;
-	}
-	val = binmode ? 0 : 1;
-    }
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-					my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already operating in binary mode with remote host.\r\n");
-	} else {
-	    printf("Negotiating binary mode with remote host.\r\n");
-	    tel_enter_binary(3);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY) &&
-					my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already in network ascii mode with remote host.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode with remote host.\r\n");
-	    tel_leave_binary(3);
-	}
-    }
-    return 1;
-}
-
-static int
-togrbinary(int val)
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already receiving in binary mode.\r\n");
-	} else {
-	    printf("Negotiating binary mode on input.\r\n");
-	    tel_enter_binary(1);
-	}
-    } else {
-	if (my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already receiving in network ascii mode.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode on input.\r\n");
-	    tel_leave_binary(1);
-	}
-    }
-    return 1;
-}
-
-static int
-togxbinary(int val)
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY)) {
-	    printf("Already transmitting in binary mode.\r\n");
-	} else {
-	    printf("Negotiating binary mode on output.\r\n");
-	    tel_enter_binary(2);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    printf("Already transmitting in network ascii mode.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode on output.\r\n");
-	    tel_leave_binary(2);
-	}
-    }
-    return 1;
-}
-
-
-static int togglehelp (void);
-#if	defined(AUTHENTICATION)
-extern int auth_togdebug (int);
-#endif
-#if	defined(ENCRYPTION)
-extern int EncryptAutoEnc (int);
-extern int EncryptAutoDec (int);
-extern int EncryptDebug (int);
-extern int EncryptVerbose (int);
-#endif
-
-struct togglelist {
-    char	*name;		/* name of toggle */
-    char	*help;		/* help message */
-    int		(*handler)();	/* routine to do actual setting */
-    int		*variable;
-    char	*actionexplanation;
-};
-
-static struct togglelist Togglelist[] = {
-    { "autoflush",
-	"flushing of output when sending interrupt characters",
-	    0,
-		&autoflush,
-		    "flush output when sending interrupt characters" },
-    { "autosynch",
-	"automatic sending of interrupt characters in urgent mode",
-	    0,
-		&autosynch,
-		    "send interrupt characters in urgent mode" },
-#if	defined(AUTHENTICATION)
-    { "autologin",
-	"automatic sending of login and/or authentication info",
-	    0,
-		&autologin,
-		    "send login name and/or authentication information" },
-    { "authdebug",
-	"authentication debugging",
-	    auth_togdebug,
-		0,
-		     "print authentication debugging information" },
-#endif
-#if	defined(ENCRYPTION)
-    { "autoencrypt",
-	"automatic encryption of data stream",
-	    EncryptAutoEnc,
-		0,
-		    "automatically encrypt output" },
-    { "autodecrypt",
-	"automatic decryption of data stream",
-	    EncryptAutoDec,
-		0,
-		    "automatically decrypt input" },
-    { "verbose_encrypt",
-	"verbose encryption output",
-	    EncryptVerbose,
-		0,
-		    "print verbose encryption output" },
-    { "encdebug",
-	"encryption debugging",
-	    EncryptDebug,
-		0,
-		    "print encryption debugging information" },
-#endif
-#if defined(KRB5)
-    { "forward",
-	"credentials forwarding",
-	    kerberos5_set_forward,
-		0,
-		    "forward credentials" },
-    { "forwardable",
-	"forwardable flag of forwarded credentials",
-	    kerberos5_set_forwardable,
-		0,
-		    "forward forwardable credentials" },
-#endif
-   { "skiprc",
-	"don't read ~/.telnetrc file",
-	    0,
-		&skiprc,
-		    "skip reading of ~/.telnetrc file" },
-    { "binary",
-	"sending and receiving of binary data",
-	    togbinary,
-		0,
-		    0 },
-    { "inbinary",
-	"receiving of binary data",
-	    togrbinary,
-		0,
-		    0 },
-    { "outbinary",
-	"sending of binary data",
-	    togxbinary,
-		0,
-		    0 },
-    { "crlf",
-	"sending carriage returns as telnet <CR><LF>",
-	    togcrlf,
-		&crlf,
-		    0 },
-    { "crmod",
-	"mapping of received carriage returns",
-	    0,
-		&crmod,
-		    "map carriage return on output" },
-    { "localchars",
-	"local recognition of certain control characters",
-	    lclchars,
-		&localchars,
-		    "recognize certain control characters" },
-    { " ", "", 0 },		/* empty line */
-    { "debug",
-	"debugging",
-	    togdebug,
-		&debug,
-		    "turn on socket level debugging" },
-#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
-    { "krb_debug",
-      "kerberos 4 debugging",
-      togkrbdebug,
-      &krb_debug,
-      "turn on kerberos 4 debugging" },
-#endif
-    { "netdata",
-	"printing of hexadecimal network data (debugging)",
-	    0,
-		&netdata,
-		    "print hexadecimal representation of network traffic" },
-    { "prettydump",
-	"output of \"netdata\" to user readable format (debugging)",
-	    0,
-		&prettydump,
-		    "print user readable output for \"netdata\"" },
-    { "options",
-	"viewing of options processing (debugging)",
-	    0,
-		&showoptions,
-		    "show option processing" },
-    { "termdata",
-	"printing of hexadecimal terminal data (debugging)",
-	    0,
-		&termdata,
-		    "print hexadecimal representation of terminal traffic" },
-    { "?",
-	0,
-	    togglehelp },
-    { "help",
-	0,
-	    togglehelp },
-    { 0 }
-};
-
-static int
-togglehelp()
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s toggle %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    printf("\r\n");
-    printf("%-15s %s\r\n", "?", "display help information");
-    return 0;
-}
-
-static void
-settogglehelp(int set)
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s %s\r\n", c->name, set ? "enable" : "disable",
-						c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-#define	GETTOGGLE(name) (struct togglelist *) \
-		genget(name, (char **) Togglelist, sizeof(struct togglelist))
-
-static int
-toggle(int argc, char *argv[])
-{
-    int retval = 1;
-    char *name;
-    struct togglelist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'toggle' command.  'toggle ?' for help.\r\n");
-	return 0;
-    }
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	c = GETTOGGLE(name);
-	if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\r\n",
-					name);
-	    return 0;
-	} else if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\r\n",
-					name);
-	    return 0;
-	} else {
-	    if (c->variable) {
-		*c->variable = !*c->variable;		/* invert it */
-		if (c->actionexplanation) {
-		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler) {
-		retval &= (*c->handler)(-1);
-	    }
-	}
-    }
-    return retval;
-}
-
-/*
- * The following perform the "set" command.
- */
-
-struct termios new_tc = { 0 };
-
-struct setlist {
-    char *name;				/* name */
-    char *help;				/* help information */
-    void (*handler)();
-    cc_t *charp;			/* where it is located at */
-};
-
-static struct setlist Setlist[] = {
-#ifdef	KLUDGELINEMODE
-    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
-#endif
-    { "escape",	"character to escape back to telnet command mode", 0, &escape },
-    { "rlogin", "rlogin escape character", 0, &rlogin },
-    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
-    { " ", "" },
-    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
-    { "flushoutput", "character to cause an Abort Output", 0, &termFlushChar },
-    { "interrupt", "character to cause an Interrupt Process", 0, &termIntChar },
-    { "quit",	"character to cause an Abort process", 0, &termQuitChar },
-    { "eof",	"character to cause an EOF ", 0, &termEofChar },
-    { " ", "" },
-    { " ", "The following are for local editing in linemode", 0, 0 },
-    { "erase",	"character to use to erase a character", 0, &termEraseChar },
-    { "kill",	"character to use to erase a line", 0, &termKillChar },
-    { "lnext",	"character to use for literal next", 0, &termLiteralNextChar },
-    { "susp",	"character to cause a Suspend Process", 0, &termSuspChar },
-    { "reprint", "character to use for line reprint", 0, &termRprntChar },
-    { "worderase", "character to use to erase a word", 0, &termWerasChar },
-    { "start",	"character to use for XON", 0, &termStartChar },
-    { "stop",	"character to use for XOFF", 0, &termStopChar },
-    { "forw1",	"alternate end of line character", 0, &termForw1Char },
-    { "forw2",	"alternate end of line character", 0, &termForw2Char },
-    { "ayt",	"alternate AYT character", 0, &termAytChar },
-    { 0 }
-};
-
-static struct setlist *
-getset(char *name)
-{
-    return (struct setlist *)
-		genget(name, (char **) Setlist, sizeof(struct setlist));
-}
-
-void
-set_escape_char(char *s)
-{
-	if (rlogin != _POSIX_VDISABLE) {
-		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet rlogin escape character is '%s'.\r\n",
-					control(rlogin));
-	} else {
-		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet escape character is '%s'.\r\n", control(escape));
-	}
-}
-
-static int
-setcmd(int argc, char *argv[])
-{
-    int value;
-    struct setlist *ct;
-    struct togglelist *c;
-
-    if (argc < 2 || argc > 3) {
-	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
-	return 0;
-    }
-    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\r\n", ct->name, ct->help);
-	printf("\r\n");
-	settogglehelp(1);
-	printf("%-15s %s\r\n", "?", "display help information");
-	return 0;
-    }
-
-    ct = getset(argv[1]);
-    if (ct == 0) {
-	c = GETTOGGLE(argv[1]);
-	if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\r\n",
-			argv[1]);
-	    return 0;
-	} else if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
-			argv[1]);
-	    return 0;
-	}
-	if (c->variable) {
-	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
-		*c->variable = 1;
-	    else if (strcmp("off", argv[2]) == 0)
-		*c->variable = 0;
-	    else {
-		printf("Format is 'set togglename [on|off]'\r\n'set ?' for help.\r\n");
-		return 0;
-	    }
-	    if (c->actionexplanation) {
-		printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-	    }
-	}
-	if (c->handler)
-	    (*c->handler)(1);
-    } else if (argc != 3) {
-	printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
-	return 0;
-    } else if (Ambiguous(ct)) {
-	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
-			argv[1]);
-	return 0;
-    } else if (ct->handler) {
-	(*ct->handler)(argv[2]);
-	printf("%s set to \"%s\".\r\n", ct->name, (char *)ct->charp);
-    } else {
-	if (strcmp("off", argv[2])) {
-	    value = special(argv[2]);
-	} else {
-	    value = _POSIX_VDISABLE;
-	}
-	*(ct->charp) = (cc_t)value;
-	printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
-    }
-    slc_check();
-    return 1;
-}
-
-static int
-unsetcmd(int argc, char *argv[])
-{
-    struct setlist *ct;
-    struct togglelist *c;
-    char *name;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'unset' command.  'unset ?' for help.\r\n");
-	return 0;
-    }
-    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\r\n", ct->name, ct->help);
-	printf("\r\n");
-	settogglehelp(0);
-	printf("%-15s %s\r\n", "?", "display help information");
-	return 0;
-    }
-
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	ct = getset(name);
-	if (ct == 0) {
-	    c = GETTOGGLE(name);
-	    if (c == 0) {
-		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\r\n",
-			name);
-		return 0;
-	    } else if (Ambiguous(c)) {
-		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
-			name);
-		return 0;
-	    }
-	    if (c->variable) {
-		*c->variable = 0;
-		if (c->actionexplanation) {
-		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler)
-		(*c->handler)(0);
-	} else if (Ambiguous(ct)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
-			name);
-	    return 0;
-	} else if (ct->handler) {
-	    (*ct->handler)(0);
-	    printf("%s reset to \"%s\".\r\n", ct->name, (char *)ct->charp);
-	} else {
-	    *(ct->charp) = _POSIX_VDISABLE;
-	    printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
-	}
-    }
-    return 1;
-}
-
-/*
- * The following are the data structures and routines for the
- * 'mode' command.
- */
-#ifdef	KLUDGELINEMODE
-
-static int
-dokludgemode(void)
-{
-    kludgelinemode = 1;
-    send_wont(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_SGA, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;
-}
-#endif
-
-static int
-dolinemode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_dont(TELOPT_SGA, 1);
-#endif
-    send_will(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;
-}
-
-static int
-docharmode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_do(TELOPT_SGA, 1);
-    else
-#endif
-    send_wont(TELOPT_LINEMODE, 1);
-    send_do(TELOPT_ECHO, 1);
-    return 1;
-}
-
-static int
-dolmmode(int bit, int on)
-{
-    unsigned char c;
-
-    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
-	printf("?Need to have LINEMODE option enabled first.\r\n");
-	printf("'mode ?' for help.\r\n");
- 	return 0;
-    }
-
-    if (on)
-	c = (linemode | bit);
-    else
-	c = (linemode & ~bit);
-    lm_mode(&c, 1, 1);
-    return 1;
-}
-
-static int
-tn_setmode(int bit)
-{
-    return dolmmode(bit, 1);
-}
-
-static int
-tn_clearmode(int bit)
-{
-    return dolmmode(bit, 0);
-}
-
-struct modelist {
-	char	*name;		/* command name */
-	char	*help;		/* help string */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-	int	arg1;
-};
-
-static int modehelp(void);
-
-static struct modelist ModeList[] = {
-    { "character", "Disable LINEMODE option",	docharmode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or disable obsolete line-by-line mode)", 0 },
-#endif
-    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or enable obsolete line-by-line mode)", 0 },
-#endif
-    { "", "", 0 },
-    { "",	"These require the LINEMODE option to be enabled", 0 },
-    { "isig",	"Enable signal trapping",	tn_setmode, 1, MODE_TRAPSIG },
-    { "+isig",	0,				tn_setmode, 1, MODE_TRAPSIG },
-    { "-isig",	"Disable signal trapping",	tn_clearmode, 1, MODE_TRAPSIG },
-    { "edit",	"Enable character editing",	tn_setmode, 1, MODE_EDIT },
-    { "+edit",	0,				tn_setmode, 1, MODE_EDIT },
-    { "-edit",	"Disable character editing",	tn_clearmode, 1, MODE_EDIT },
-    { "softtabs", "Enable tab expansion",	tn_setmode, 1, MODE_SOFT_TAB },
-    { "+softtabs", 0,				tn_setmode, 1, MODE_SOFT_TAB },
-    { "-softtabs", "Disable tab expansion",	tn_clearmode, 1, MODE_SOFT_TAB },
-    { "litecho", "Enable literal character echo", tn_setmode, 1, MODE_LIT_ECHO },
-    { "+litecho", 0,				tn_setmode, 1, MODE_LIT_ECHO },
-    { "-litecho", "Disable literal character echo", tn_clearmode, 1, MODE_LIT_ECHO },
-    { "help",	0,				modehelp, 0 },
-#ifdef	KLUDGELINEMODE
-    { "kludgeline", 0,				dokludgemode, 1 },
-#endif
-    { "", "", 0 },
-    { "?",	"Print help information",	modehelp, 0 },
-    { 0 },
-};
-
-
-static int
-modehelp(void)
-{
-    struct modelist *mt;
-
-    printf("format is:  'mode Mode', where 'Mode' is one of:\r\n\r\n");
-    for (mt = ModeList; mt->name; mt++) {
-	if (mt->help) {
-	    if (*mt->help)
-		printf("%-15s %s\r\n", mt->name, mt->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-#define	GETMODECMD(name) (struct modelist *) \
-		genget(name, (char **) ModeList, sizeof(struct modelist))
-
-static int
-modecmd(int argc, char **argv)
-{
-    struct modelist *mt;
-
-    if (argc != 2) {
-	printf("'mode' command requires an argument\r\n");
-	printf("'mode ?' for help.\r\n");
-    } else if ((mt = GETMODECMD(argv[1])) == 0) {
-	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\r\n", argv[1]);
-    } else if (Ambiguous(mt)) {
-	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\r\n", argv[1]);
-    } else if (mt->needconnect && !connected) {
-	printf("?Need to be connected first.\r\n");
-	printf("'mode ?' for help.\r\n");
-    } else if (mt->handler) {
-	return (*mt->handler)(mt->arg1);
-    }
-    return 0;
-}
-
-/*
- * The following data structures and routines implement the
- * "display" command.
- */
-
-static int
-display(int argc, char *argv[])
-{
-    struct togglelist *tl;
-    struct setlist *sl;
-
-#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
-			    if (*tl->variable) { \
-				printf("will"); \
-			    } else { \
-				printf("won't"); \
-			    } \
-			    printf(" %s.\r\n", tl->actionexplanation); \
-			}
-
-#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
-			if (sl->handler == 0) \
-			    printf("%-15s [%s]\r\n", sl->name, control(*sl->charp)); \
-			else \
-			    printf("%-15s \"%s\"\r\n", sl->name, (char *)sl->charp); \
-		    }
-
-    if (argc == 1) {
-	for (tl = Togglelist; tl->name; tl++) {
-	    dotog(tl);
-	}
-	printf("\r\n");
-	for (sl = Setlist; sl->name; sl++) {
-	    doset(sl);
-	}
-    } else {
-	int i;
-
-	for (i = 1; i < argc; i++) {
-	    sl = getset(argv[i]);
-	    tl = GETTOGGLE(argv[i]);
-	    if (Ambiguous(sl) || Ambiguous(tl)) {
-		printf("?Ambiguous argument '%s'.\r\n", argv[i]);
-		return 0;
-	    } else if (!sl && !tl) {
-		printf("?Unknown argument '%s'.\r\n", argv[i]);
-		return 0;
-	    } else {
-		if (tl) {
-		    dotog(tl);
-		}
-		if (sl) {
-		    doset(sl);
-		}
-	    }
-	}
-    }
-/*@*/optionstatus();
-#if	defined(ENCRYPTION)
-    EncryptStatus();
-#endif
-    return 1;
-#undef	doset
-#undef	dotog
-}
-
-/*
- * The following are the data structures, and many of the routines,
- * relating to command processing.
- */
-
-/*
- * Set the escape character.
- */
-static int
-setescape(int argc, char *argv[])
-{
-	char *arg;
-	char buf[50];
-
-	printf(
-	    "Deprecated usage - please use 'set escape%s%s' in the future.\r\n",
-				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
-	if (argc > 2)
-		arg = argv[1];
-	else {
-		printf("new escape character: ");
-		fgets(buf, sizeof(buf), stdin);
-		arg = buf;
-	}
-	if (arg[0] != '\0')
-		escape = arg[0];
-	printf("Escape character is '%s'.\r\n", control(escape));
-
-	fflush(stdout);
-	return 1;
-}
-
-static int
-togcrmod()
-{
-    crmod = !crmod;
-    printf("Deprecated usage - please use 'toggle crmod' in the future.\r\n");
-    printf("%s map carriage return on output.\r\n", crmod ? "Will" : "Won't");
-    fflush(stdout);
-    return 1;
-}
-
-static int
-telnetsuspend()
-{
-#ifdef	SIGTSTP
-    setcommandmode();
-    {
-	long oldrows, oldcols, newrows, newcols, err;
-
-	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-	kill(0, SIGTSTP);
-	/*
-	 * If we didn't get the window size before the SUSPEND, but we
-	 * can get them now (?), then send the NAWS to make sure that
-	 * we are set up for the right window size.
-	 */
-	if (TerminalWindowSize(&newrows, &newcols) && connected &&
-	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		sendnaws();
-	}
-    }
-    /* reget parameters in case they were changed */
-    TerminalSaveState();
-    setconnmode(0);
-#else
-    printf("Suspend is not supported.  Try the '!' command instead\r\n");
-#endif
-    return 1;
-}
-
-static int
-shell(int argc, char **argv)
-{
-    long oldrows, oldcols, newrows, newcols, err;
-
-    setcommandmode();
-
-    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-    switch(fork()) {
-    case -1:
-	perror("Fork failed\r\n");
-	break;
-
-    case 0:
-	{
-	    /*
-	     * Fire up the shell in the child.
-	     */
-	    char *shellp, *shellname;
-
-	    shellp = getenv("SHELL");
-	    if (shellp == NULL)
-		shellp = "/bin/sh";
-	    if ((shellname = strrchr(shellp, '/')) == 0)
-		shellname = shellp;
-	    else
-		shellname++;
-	    if (argc > 1)
-		execl(shellp, shellname, "-c", &saveline[1], 0);
-	    else
-		execl(shellp, shellname, 0);
-	    perror("Execl");
-	    _exit(1);
-	}
-    default:
-	    wait((int *)0);	/* Wait for the shell to complete */
-
-	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
-		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		    sendnaws();
-	    }
-	    break;
-    }
-    return 1;
-}
-
-static int
-bye(int argc, char **argv)
-{
-    if (connected) {
-	shutdown(net, 2);
-	printf("Connection closed.\r\n");
-	NetClose(net);
-	connected = 0;
-	resettermname = 1;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_connect(connected);
-#endif
-	/* reset options */
-	tninit();
-    }
-    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) 
-	longjmp(toplevel, 1);
-    return 0;	/* NOTREACHED */
-}
-
-int
-quit(void)
-{
-	call(bye, "bye", "fromquit", 0);
-	Exit(0);
-	return 0; /*NOTREACHED*/
-}
-
-static int
-logout()
-{
-	send_do(TELOPT_LOGOUT, 1);
-	netflush();
-	return 1;
-}
-
-
-/*
- * The SLC command.
- */
-
-struct slclist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	arg;
-};
-
-static void slc_help(void);
-
-struct slclist SlcList[] = {
-    { "export",	"Use local special character definitions",
-						slc_mode_export,	0 },
-    { "import",	"Use remote special character definitions",
-						slc_mode_import,	1 },
-    { "check",	"Verify remote special character definitions",
-						slc_mode_import,	0 },
-    { "help",	0,				slc_help,		0 },
-    { "?",	"Print help information",	slc_help,		0 },
-    { 0 },
-};
-
-static void
-slc_help(void)
-{
-    struct slclist *c;
-
-    for (c = SlcList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-static struct slclist *
-getslc(char *name)
-{
-    return (struct slclist *)
-		genget(name, (char **) SlcList, sizeof(struct slclist));
-}
-
-static int
-slccmd(int argc, char **argv)
-{
-    struct slclist *c;
-
-    if (argc != 2) {
-	fprintf(stderr,
-	    "Need an argument to 'slc' command.  'slc ?' for help.\r\n");
-	return 0;
-    }
-    c = getslc(argv[1]);
-    if (c == 0) {
-	fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (Ambiguous(c)) {
-	fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    (*c->handler)(c->arg);
-    slcstate();
-    return 1;
-}
-
-/*
- * The ENVIRON command.
- */
-
-struct envlist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	narg;
-};
-
-static void env_help (void);
-
-struct envlist EnvList[] = {
-    { "define",	"Define an environment variable",
-						(void (*)())env_define,	2 },
-    { "undefine", "Undefine an environment variable",
-						env_undefine,	1 },
-    { "export",	"Mark an environment variable for automatic export",
-						env_export,	1 },
-    { "unexport", "Don't mark an environment variable for automatic export",
-						env_unexport,	1 },
-    { "send",	"Send an environment variable", env_send,	1 },
-    { "list",	"List the current environment variables",
-						env_list,	0 },
-    { "help",	0,				env_help,		0 },
-    { "?",	"Print help information",	env_help,		0 },
-    { 0 },
-};
-
-static void
-env_help()
-{
-    struct envlist *c;
-
-    for (c = EnvList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-static struct envlist *
-getenvcmd(char *name)
-{
-    return (struct envlist *)
-		genget(name, (char **) EnvList, sizeof(struct envlist));
-}
-
-static int
-env_cmd(int argc, char **argv)
-{
-    struct envlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'environ' command.  'environ ?' for help.\r\n");
-	return 0;
-    }
-    c = getenvcmd(argv[1]);
-    if (c == 0) {
-	fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (Ambiguous(c)) {
-	fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\r\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    (*c->handler)(argv[2], argv[3]);
-    return 1;
-}
-
-struct env_lst {
-	struct env_lst *next;	/* pointer to next structure */
-	struct env_lst *prev;	/* pointer to previous structure */
-	unsigned char *var;	/* pointer to variable name */
-	unsigned char *value;	/* pointer to variable value */
-	int export;		/* 1 -> export with default list of variables */
-	int welldefined;	/* A well defined variable */
-};
-
-struct env_lst envlisthead;
-
-struct env_lst *
-env_find(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		if (strcmp((char *)ep->var, (char *)var) == 0)
-			return(ep);
-	}
-	return(NULL);
-}
-
-#ifdef IRIX4
-#define environ _environ
-#endif
-
-void
-env_init(void)
-{
-	char **epp, *cp;
-	struct env_lst *ep;
-
-	for (epp = environ; *epp; epp++) {
-		if ((cp = strchr(*epp, '='))) {
-			*cp = '\0';
-			ep = env_define((unsigned char *)*epp,
-					(unsigned char *)cp+1);
-			ep->export = 0;
-			*cp = '=';
-		}
-	}
-	/*
-	 * Special case for DISPLAY variable.  If it is ":0.0" or
-	 * "unix:0.0", we have to get rid of "unix" and insert our
-	 * hostname.
-	 */
-	if ((ep = env_find((unsigned char*)"DISPLAY"))
-	    && (*ep->value == ':'
-	    || strncmp((char *)ep->value, "unix:", 5) == 0)) {
-		char hbuf[256+1];
-		char *cp2 = strchr((char *)ep->value, ':');
-
-		/* XXX - should be k_gethostname? */
-		gethostname(hbuf, 256);
-		hbuf[256] = '\0';
-
-		/* If this is not the full name, try to get it via DNS */
-		if (strchr(hbuf, '.') == 0) {
-			struct addrinfo hints, *ai, *a;
-			int error;
-
-			memset (&hints, 0, sizeof(hints));
-			hints.ai_flags = AI_CANONNAME;
-
-			error = getaddrinfo (hbuf, NULL, &hints, &ai);
-			if (error == 0) {
-				for (a = ai; a != NULL; a = a->ai_next)
-					if (a->ai_canonname != NULL) {
-						strlcpy (hbuf,
-							 ai->ai_canonname,
-							 256);
-						break;
-					}
-				freeaddrinfo (ai);
-			}
-		}
-
-		asprintf (&cp, "%s%s", hbuf, cp2);
-		free (ep->value);
-		ep->value = (unsigned char *)cp;
-	}
-	/*
-	 * If USER is not defined, but LOGNAME is, then add
-	 * USER with the value from LOGNAME.  By default, we
-	 * don't export the USER variable.
-	 */
-	if ((env_find((unsigned char*)"USER") == NULL) && 
-	    (ep = env_find((unsigned char*)"LOGNAME"))) {
-		env_define((unsigned char *)"USER", ep->value);
-		env_unexport((unsigned char *)"USER");
-	}
-	env_export((unsigned char *)"DISPLAY");
-	env_export((unsigned char *)"PRINTER");
-	env_export((unsigned char *)"XAUTHORITY");
-}
-
-struct env_lst *
-env_define(unsigned char *var, unsigned char *value)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var))) {
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-	} else {
-		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
-		ep->next = envlisthead.next;
-		envlisthead.next = ep;
-		ep->prev = &envlisthead;
-		if (ep->next)
-			ep->next->prev = ep;
-	}
-	ep->welldefined = opt_welldefined((char *)var);
-	ep->export = 1;
-	ep->var = (unsigned char *)strdup((char *)var);
-	ep->value = (unsigned char *)strdup((char *)value);
-	return(ep);
-}
-
-void
-env_undefine(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var))) {
-		ep->prev->next = ep->next;
-		if (ep->next)
-			ep->next->prev = ep->prev;
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-		free(ep);
-	}
-}
-
-void
-env_export(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		ep->export = 1;
-}
-
-void
-env_unexport(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		ep->export = 0;
-}
-
-void
-env_send(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if (my_state_is_wont(TELOPT_NEW_ENVIRON)
-#ifdef	OLD_ENVIRON
-	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
-#endif
-		) {
-		fprintf(stderr,
-		    "Cannot send '%s': Telnet ENVIRON option not enabled\r\n",
-									var);
-		return;
-	}
-	ep = env_find(var);
-	if (ep == 0) {
-		fprintf(stderr, "Cannot send '%s': variable not defined\r\n",
-									var);
-		return;
-	}
-	env_opt_start_info();
-	env_opt_add(ep->var);
-	env_opt_end(0);
-}
-
-void
-env_list(void)
-{
-	struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
-					ep->var, ep->value);
-	}
-}
-
-unsigned char *
-env_default(int init, int welldefined)
-{
-	static struct env_lst *nep = NULL;
-
-	if (init) {
-		nep = &envlisthead;
-		return NULL;
-	}
-	if (nep) {
-		while ((nep = nep->next)) {
-			if (nep->export && (nep->welldefined == welldefined))
-				return(nep->var);
-		}
-	}
-	return(NULL);
-}
-
-unsigned char *
-env_getvalue(unsigned char *var)
-{
-	struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		return(ep->value);
-	return(NULL);
-}
-
-
-#if	defined(AUTHENTICATION)
-/*
- * The AUTHENTICATE command.
- */
-
-struct authlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	narg;
-};
-
-static int
-	auth_help (void);
-
-struct authlist AuthList[] = {
-    { "status",	"Display current status of authentication information",
-						auth_status,	0 },
-    { "disable", "Disable an authentication type ('auth disable ?' for more)",
-						auth_disable,	1 },
-    { "enable", "Enable an authentication type ('auth enable ?' for more)",
-						auth_enable,	1 },
-    { "help",	0,				auth_help,		0 },
-    { "?",	"Print help information",	auth_help,		0 },
-    { 0 },
-};
-
-static int
-auth_help()
-{
-    struct authlist *c;
-
-    for (c = AuthList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-static int
-auth_cmd(int argc, char **argv)
-{
-    struct authlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'auth' command.  'auth ?' for help.\r\n");
-	return 0;
-    }
-
-    c = (struct authlist *)
-		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
-    if (c == 0) {
-	fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (Ambiguous(c)) {
-	fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n",
-    				argv[1]);
-	return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\r\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    return((*c->handler)(argv[2], argv[3]));
-}
-#endif
-
-
-#if	defined(ENCRYPTION)
-/*
- * The ENCRYPT command.
- */
-
-struct encryptlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	needconnect;
-	int	minarg;
-	int	maxarg;
-};
-
-static int
-	EncryptHelp (void);
-
-struct encryptlist EncryptList[] = {
-    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
-						EncryptEnable, 1, 1, 2 },
-    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
-						EncryptDisable, 0, 1, 2 },
-    { "type", "Set encryptiong type. ('encrypt type ?' for more)",
-						EncryptType, 0, 1, 1 },
-    { "start", "Start encryption. ('encrypt start ?' for more)",
-						EncryptStart, 1, 0, 1 },
-    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
-						EncryptStop, 1, 0, 1 },
-    { "input", "Start encrypting the input stream",
-						EncryptStartInput, 1, 0, 0 },
-    { "-input", "Stop encrypting the input stream",
-						EncryptStopInput, 1, 0, 0 },
-    { "output", "Start encrypting the output stream",
-						EncryptStartOutput, 1, 0, 0 },
-    { "-output", "Stop encrypting the output stream",
-						EncryptStopOutput, 1, 0, 0 },
-
-    { "status",	"Display current status of authentication information",
-						EncryptStatus,	0, 0, 0 },
-    { "help",	0,				EncryptHelp,	0, 0, 0 },
-    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
-    { 0 },
-};
-
-static int
-EncryptHelp()
-{
-    struct encryptlist *c;
-
-    for (c = EncryptList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-static int
-encrypt_cmd(int argc, char **argv)
-{
-    struct encryptlist *c;
-
-    c = (struct encryptlist *)
-		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n",
-    				argv[1]);
-        return 0;
-    }
-    argc -= 2;
-    if (argc < c->minarg || argc > c->maxarg) {
-	if (c->minarg == c->maxarg) {
-	    fprintf(stderr, "Need %s%d argument%s ",
-		c->minarg < argc ? "only " : "", c->minarg,
-		c->minarg == 1 ? "" : "s");
-	} else {
-	    fprintf(stderr, "Need %s%d-%d arguments ",
-		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
-	}
-	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\r\n",
-		c->name);
-	return 0;
-    }
-    if (c->needconnect && !connected) {
-	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
-	    printf("?Need to be connected first.\r\n");
-	    return 0;
-	}
-    }
-    return ((*c->handler)(argc > 0 ? argv[2] : 0,
-			argc > 1 ? argv[3] : 0,
-			argc > 2 ? argv[4] : 0));
-}
-#endif
-
-
-/*
- * Print status about the connection.
- */
-
-static int
-status(int argc, char **argv)
-{
-    if (connected) {
-	printf("Connected to %s.\r\n", hostname);
-	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
-	    int mode = getconnmode();
-
-	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
-		printf("Operating with LINEMODE option\r\n");
-		printf("%s line editing\r\n", (mode&MODE_EDIT) ? "Local" : "No");
-		printf("%s catching of signals\r\n",
-					(mode&MODE_TRAPSIG) ? "Local" : "No");
-		slcstate();
-#ifdef	KLUDGELINEMODE
-	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
-		printf("Operating in obsolete linemode\r\n");
-#endif
-	    } else {
-		printf("Operating in single character mode\r\n");
-		if (localchars)
-		    printf("Catching signals locally\r\n");
-	    }
-	    printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
-	    if (my_want_state_is_will(TELOPT_LFLOW))
-		printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
-#if	defined(ENCRYPTION)
-	    encrypt_display();
-#endif
-	}
-    } else {
-	printf("No connection.\r\n");
-    }
-    printf("Escape character is '%s'.\r\n", control(escape));
-    fflush(stdout);
-    return 1;
-}
-
-#ifdef	SIGINFO
-/*
- * Function that gets called when SIGINFO is received.
- */
-RETSIGTYPE
-ayt_status(int ignore)
-{
-    call(status, "status", "notmuch", 0);
-}
-#endif
-
-static Command *getcmd(char *name);
-
-static void
-cmdrc(char *m1, char *m2)
-{
-    static char rcname[128];
-    Command *c;
-    FILE *rcfile;
-    int gotmachine = 0;
-    int l1 = strlen(m1);
-    int l2 = strlen(m2);
-    char m1save[64];
-
-    if (skiprc)
-	return;
-
-    strlcpy(m1save, m1, sizeof(m1save));
-    m1 = m1save;
-
-    if (rcname[0] == 0) {
-	char *home = getenv("HOME");
-
-	snprintf (rcname, sizeof(rcname), "%s/.telnetrc",
-		  home ? home : "");
-    }
-
-    if ((rcfile = fopen(rcname, "r")) == 0) {
-	return;
-    }
-
-    for (;;) {
-	if (fgets(line, sizeof(line), rcfile) == NULL)
-	    break;
-	if (line[0] == 0)
-	    break;
-	if (line[0] == '#')
-	    continue;
-	if (gotmachine) {
-	    if (!isspace(line[0]))
-		gotmachine = 0;
-	}
-	if (gotmachine == 0) {
-	    if (isspace(line[0]))
-		continue;
-	    if (strncasecmp(line, m1, l1) == 0)
-		strncpy(line, &line[l1], sizeof(line) - l1);
-	    else if (strncasecmp(line, m2, l2) == 0)
-		strncpy(line, &line[l2], sizeof(line) - l2);
-	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
-		strncpy(line, &line[7], sizeof(line) - 7);
-	    else
-		continue;
-	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
-		continue;
-	    gotmachine = 1;
-	}
-	makeargv();
-	if (margv[0] == 0)
-	    continue;
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command: %s\r\n", margv[0]);
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command: %s\r\n", margv[0]);
-	    continue;
-	}
-	/*
-	 * This should never happen...
-	 */
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first for %s.\r\n", margv[0]);
-	    continue;
-	}
-	(*c->handler)(margc, margv);
-    }
-    fclose(rcfile);
-}
-
-int
-tn(int argc, char **argv)
-{
-    struct servent *sp = 0;
-    char *cmd, *hostp = 0, *portp = 0;
-    char *user = 0;
-    int port = 0;
-
-    /* clear the socket address prior to use */
-
-    if (connected) {
-	printf("?Already connected to %s\r\n", hostname);
-	return 0;
-    }
-    if (argc < 2) {
-	strlcpy(line, "open ", sizeof(line));
-	printf("(to) ");
-	fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
-	makeargv();
-	argc = margc;
-	argv = margv;
-    }
-    cmd = *argv;
-    --argc; ++argv;
-    while (argc) {
-	if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
-	    goto usage;
-	if (strcmp(*argv, "-l") == 0) {
-	    --argc; ++argv;
-	    if (argc == 0)
-		goto usage;
-	    user = strdup(*argv++);
-	    --argc;
-	    continue;
-	}
-	if (strcmp(*argv, "-a") == 0) {
-	    --argc; ++argv;
-	    autologin = 1;
-	    continue;
-	}
-	if (hostp == 0) {
-	    hostp = *argv++;
-	    --argc;
-	    continue;
-	}
-	if (portp == 0) {
-	    portp = *argv++;
-	    --argc;
-	    continue;
-	}
-    usage:
-	printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
-	return 0;
-    }
-    if (hostp == 0)
-	goto usage;
-
-    strlcpy (_hostname, hostp, sizeof(_hostname));
-    hostp = _hostname;
-    if (hostp[0] == '@' || hostp[0] == '!') {
-	char *p;
-	hostname = NULL;
-	for (p = hostp + 1; *p; p++) {
-	    if (*p == ',' || *p == '@')
-		hostname = p;
-	}
-	if (hostname == NULL) {
-	    fprintf(stderr, "%s: bad source route specification\n", hostp);
-	    return 0;
-	}
-	*hostname++ = '\0';
-    } else
-	hostname = hostp;
-
-    if (portp) {
-	if (*portp == '-') {
-	    portp++;
-	    telnetport = 1;
-	} else
-	    telnetport = 0;
-	port = atoi(portp);
-	if (port == 0) {
-	    sp = roken_getservbyname(portp, "tcp");
-	    if (sp)
-		port = sp->s_port;
-	    else {
-		printf("%s: bad port number\r\n", portp);
-		return 0;
-	    }
-	} else {
-	    port = htons(port);
-	}
-    } else {
-	if (sp == 0) {
-	    sp = roken_getservbyname("telnet", "tcp");
-	    if (sp == 0) {
-		fprintf(stderr, "telnet: tcp/telnet: unknown service\r\n");
-		return 0;
-	    }
-	    port = sp->s_port;
-	}
-	telnetport = 1;
-    }
-
-    {
-	struct addrinfo *ai, *a, hints;
-	int error;
-	char portstr[NI_MAXSERV];
-
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-	hints.ai_flags    = AI_CANONNAME;
-
-	snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-	error = getaddrinfo (hostname, portstr, &hints, &ai);
-	if (error) {
-	    fprintf (stderr, "%s: %s\r\n", hostname, gai_strerror (error));
-	    return 0;
-	}
-
-	for (a = ai; a != NULL && connected == 0; a = a->ai_next) {
-	    char addrstr[256];
-
-	    if (a->ai_canonname != NULL)
-		strlcpy (_hostname, a->ai_canonname, sizeof(_hostname));
-
-	    if (getnameinfo (a->ai_addr, a->ai_addrlen,
-			     addrstr, sizeof(addrstr),
-			     NULL, 0, NI_NUMERICHOST) != 0)
-		strlcpy (addrstr, "unknown address", sizeof(addrstr));
-			     
-	    printf("Trying %s...\r\n", addrstr);
-
-	    net = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	    if (net < 0) {
-		warn ("socket");
-		continue;
-	    }
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP) && defined(HAVE_SETSOCKOPT)
-	if (hostp[0] == '@' || hostp[0] == '!') {
-	    char *srp = 0;
-	    int srlen;
-	    int proto, opt;
-
-	    if ((srlen = sourceroute(a, hostp, &srp, &proto, &opt)) < 0) {
-		(void) NetClose(net);
-		net = -1;
-		continue;
-	    }
-	    if (srp && setsockopt(net, proto, opt, srp, srlen) < 0)
-		perror("setsockopt (source route)");
-	}
-#endif
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	    if (a->ai_family == AF_INET) {
-# if	defined(HAVE_GETTOSBYNAME)
-		struct tosent *tp;
-		if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-		    tos = tp->t_tos;
-# endif
-		if (tos < 0)
-		    tos = 020;	/* Low Delay bit */
-		if (tos
-		    && (setsockopt(net, IPPROTO_IP, IP_TOS,
-				   (void *)&tos, sizeof(int)) < 0)
-		    && (errno != ENOPROTOOPT))
-		    perror("telnet: setsockopt (IP_TOS) (ignored)");
-	    }
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-	    if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
-		perror("setsockopt (SO_DEBUG)");
-	    }
-
-	    if (connect (net, a->ai_addr, a->ai_addrlen) < 0) {
-		fprintf (stderr, "telnet: connect to address %s: %s\n",
-			 addrstr, strerror(errno));
-		NetClose(net);
-		if (a->ai_next != NULL) {
-		    continue;
-		} else {
-		    freeaddrinfo (ai);
-		    return 0;
-		}
-	    }
-	    ++connected;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	    auth_encrypt_connect(connected);
-#endif
-	}
-	freeaddrinfo (ai);
-	if (connected == 0)
-	    return 0;
-    }
-    cmdrc(hostp, hostname);
-    set_forward_options();
-    if (autologin && user == NULL)
-	user = (char *)get_default_username ();
-    if (user) {
-	env_define((unsigned char *)"USER", (unsigned char *)user);
-	env_export((unsigned char *)"USER");
-    }
-    call(status, "status", "notmuch", 0);
-    if (setjmp(peerdied) == 0)
-	my_telnet((char *)user);
-    NetClose(net);
-    ExitString("Connection closed by foreign host.\r\n",1);
-    /*NOTREACHED*/
-    return 0;
-}
-
-#define HELPINDENT ((int)sizeof ("connect"))
-
-static char
-	openhelp[] =	"connect to a site",
-	closehelp[] =	"close current connection",
-	logouthelp[] =	"forcibly logout remote user and close the connection",
-	quithelp[] =	"exit telnet",
-	statushelp[] =	"print status information",
-	helphelp[] =	"print help information",
-	sendhelp[] =	"transmit special characters ('send ?' for more)",
-	sethelp[] = 	"set operating parameters ('set ?' for more)",
-	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
-	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
-	slchelp[] =	"change state of special charaters ('slc ?' for more)",
-	displayhelp[] =	"display operating parameters",
-#if	defined(AUTHENTICATION)
-	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
-#endif
-#if	defined(ENCRYPTION)
-	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
-#endif
-	zhelp[] =	"suspend telnet",
-	shellhelp[] =	"invoke a subshell",
-	envhelp[] =	"change environment variables ('environ ?' for more)",
-	modestring[] = "try to enter line or character mode ('mode ?' for more)";
-
-static int help(int argc, char **argv);
-
-static Command cmdtab[] = {
-	{ "close",	closehelp,	bye,		1 },
-	{ "logout",	logouthelp,	logout,		1 },
-	{ "display",	displayhelp,	display,	0 },
-	{ "mode",	modestring,	modecmd,	0 },
-	{ "open",	openhelp,	tn,		0 },
-	{ "quit",	quithelp,	quit,		0 },
-	{ "send",	sendhelp,	sendcmd,	0 },
-	{ "set",	sethelp,	setcmd,		0 },
-	{ "unset",	unsethelp,	unsetcmd,	0 },
-	{ "status",	statushelp,	status,		0 },
-	{ "toggle",	togglestring,	toggle,		0 },
-	{ "slc",	slchelp,	slccmd,		0 },
-#if	defined(AUTHENTICATION)
-	{ "auth",	authhelp,	auth_cmd,	0 },
-#endif
-#if	defined(ENCRYPTION)
-	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
-#endif
-	{ "z",		zhelp,		telnetsuspend,	0 },
-	{ "!",		shellhelp,	shell,		0 },
-	{ "environ",	envhelp,	env_cmd,	0 },
-	{ "?",		helphelp,	help,		0 },
-	{ 0,            0,              0,              0 }
-};
-
-static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
-static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
-
-static Command cmdtab2[] = {
-	{ "help",	0,		help,		0 },
-	{ "escape",	escapehelp,	setescape,	0 },
-	{ "crmod",	crmodhelp,	togcrmod,	0 },
-	{ 0,            0,		0, 		0 }
-};
-
-
-/*
- * Call routine with argc, argv set from args (terminated by 0).
- */
-
-static int
-call(intrtn_t routine, ...)
-{
-    va_list ap;
-    char *args[100];
-    int argno = 0;
-
-    va_start(ap, routine);
-    while ((args[argno++] = va_arg(ap, char *)) != 0);
-    va_end(ap);
-    return (*routine)(argno-1, args);
-}
-
-
-static Command
-*getcmd(char *name)
-{
-    Command *cm;
-
-    if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
-	return cm;
-    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
-}
-
-void
-command(int top, char *tbuf, int cnt)
-{
-    Command *c;
-
-    setcommandmode();
-    if (!top) {
-	putchar('\n');
-    } else {
-	signal(SIGINT, SIG_DFL);
-	signal(SIGQUIT, SIG_DFL);
-    }
-    for (;;) {
-	if (rlogin == _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	if (tbuf) {
-	    char *cp;
-	    cp = line;
-	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
-		cnt--;
-	    tbuf = 0;
-	    if (cp == line || *--cp != '\n' || cp == line)
-		goto getline;
-	    *cp = '\0';
-	    if (rlogin == _POSIX_VDISABLE)
-		printf("%s\r\n", line);
-	} else {
-	getline:
-	    if (rlogin != _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	    if (fgets(line, sizeof(line), stdin) == NULL) {
-		if (feof(stdin) || ferror(stdin)) {
-		    quit();
-		    /*NOTREACHED*/
-		}
-		break;
-	    }
-	}
-	if (line[0] == 0)
-	    break;
-	makeargv();
-	if (margv[0] == 0) {
-	    break;
-	}
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command\r\n");
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command\r\n");
-	    continue;
-	}
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first.\r\n");
-	    continue;
-	}
-	if ((*c->handler)(margc, margv)) {
-	    break;
-	}
-    }
-    if (!top) {
-	if (!connected) {
-	    longjmp(toplevel, 1);
-	    /*NOTREACHED*/
-	}
-	setconnmode(0);
-    }
-}
-
-/*
- * Help command.
- */
-static int
-help(int argc, char **argv)
-{
-	Command *c;
-
-	if (argc == 1) {
-		printf("Commands may be abbreviated.  Commands are:\r\n\r\n");
-		for (c = cmdtab; c->name; c++)
-			if (c->help) {
-				printf("%-*s\t%s\r\n", HELPINDENT, c->name,
-								    c->help);
-			}
-		return 0;
-	}
-	while (--argc > 0) {
-		char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (Ambiguous(c))
-			printf("?Ambiguous help command %s\r\n", arg);
-		else if (c == (Command *)0)
-			printf("?Invalid help command %s\r\n", arg);
-		else
-			printf("%s\r\n", c->help);
-	}
-	return 0;
-}
-
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-
-/*
- * Source route is handed in as
- *	[!]@hop1@hop2...@dst
- *
- * If the leading ! is present, it is a strict source route, otherwise it is
- * assmed to be a loose source route.  Note that leading ! is effective
- * only for IPv4 case.
- *
- * We fill in the source route option as
- *	hop1,hop2,hop3...dest
- * and return a pointer to hop1, which will
- * be the address to connect() to.
- *
- * Arguments:
- *	ai:	The address (by struct addrinfo) for the final destination.
- *
- *	arg:	Pointer to route list to decipher
- *
- *	cpp: 	Pointer to a pointer, so that sourceroute() can return
- *		the address of result buffer (statically alloc'ed).
- *
- *	protop/optp:
- *		Pointer to an integer.  The pointed variable
- *	lenp:	pointer to an integer that contains the
- *		length of *cpp if *cpp != NULL.
- *
- * Return values:
- *
- *	Returns the length of the option pointed to by *cpp.  If the
- *	return value is -1, there was a syntax error in the
- *	option, either arg contained unknown characters or too many hosts,
- *	or hostname cannot be resolved.
- *
- *	The caller needs to pass return value (len), *cpp, *protop and *optp
- *	to setsockopt(2).
- *
- *	*cpp:	Points to the result buffer.  The region is statically
- *		allocated by the function.
- *
- *	*protop:
- *		protocol # to be passed to setsockopt(2).
- *
- *	*optp:	option # to be passed to setsockopt(2).
- *
- */
-int
-sourceroute(struct addrinfo *ai,
-	    char *arg,
-	    char **cpp,
-	    int *protop,
-	    int *optp)
-{
-	char *cp, *cp2, *lsrp = NULL, *lsrep = NULL;
-	struct addrinfo hints, *res;
-	int len, error;
-	struct sockaddr_in *sin;
-	register char c;
-	static char lsr[44];
-#ifdef INET6
-	struct cmsghdr *cmsg = NULL;
-	struct sockaddr_in6 *sin6;
-	static char rhbuf[1024];
-#endif
-
-	/*
-	 * Verify the arguments.
-	 */
-	if (cpp == NULL)
-		return -1;
-
-	cp = arg;
-
-	*cpp = NULL;
-	switch (ai->ai_family) {
-	case AF_INET:
-		lsrp = lsr;
-		lsrep = lsrp + sizeof(lsr);
-
-		/*
-		 * Next, decide whether we have a loose source
-		 * route or a strict source route, and fill in
-		 * the begining of the option.
-		 */
-		if (*cp == '!') {
-			cp++;
-			*lsrp++ = IPOPT_SSRR;
-		} else
-			*lsrp++ = IPOPT_LSRR;
-		if (*cp != '@')
-			return -1;
-		lsrp++;		/* skip over length, we'll fill it in later */
-		*lsrp++ = 4;
-		cp++;
-		*protop = IPPROTO_IP;
-		*optp = IP_OPTIONS;
-		break;
-#ifdef INET6
-	case AF_INET6:
-/* this needs to be updated for rfc2292bis */
-#ifdef IPV6_PKTOPTIONS
-		cmsg = inet6_rthdr_init(rhbuf, IPV6_RTHDR_TYPE_0);
-		if (*cp != '@')
-			return -1;
-		cp++;
-		*protop = IPPROTO_IPV6;
-		*optp = IPV6_PKTOPTIONS;
-		break;
-#else
-		return -1;
-#endif
-#endif
-	default:
-		return -1;
-	}
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = ai->ai_family;
-	hints.ai_socktype = SOCK_STREAM;
-
-	for (c = 0;;) {
-		if (c == ':')
-			cp2 = 0;
-		else for (cp2 = cp; (c = *cp2) != '\0'; cp2++) {
-			if (c == ',') {
-				*cp2++ = '\0';
-				if (*cp2 == '@')
-					cp2++;
-			} else if (c == '@') {
-				*cp2++ = '\0';
-			}
-#if 0	/*colon conflicts with IPv6 address*/
-			else if (c == ':') {
-				*cp2++ = '\0';
-			}
-#endif
-			else
-				continue;
-			break;
-		}
-		if (!c)
-			cp2 = 0;
-
-		error = getaddrinfo(cp, NULL, &hints, &res);
-		if (error) {
-			fprintf(stderr, "%s: %s\n", cp, gai_strerror(error));
-			return -1;
-		}
-		if (ai->ai_family != res->ai_family) {
-			freeaddrinfo(res);
-			return -1;
-		}
-		if (ai->ai_family == AF_INET) {
-			/*
-			 * Check to make sure there is space for address
-			 */
-			if (lsrp + 4 > lsrep) {
-				freeaddrinfo(res);
-				return -1;
-			}
-			sin = (struct sockaddr_in *)res->ai_addr;
-			memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr));
-			lsrp += sizeof(struct in_addr);
-		}
-#ifdef INET6
-		else if (ai->ai_family == AF_INET6) {
-			sin6 = (struct sockaddr_in6 *)res->ai_addr;
-			inet6_rthdr_add(cmsg, &sin6->sin6_addr,
-				IPV6_RTHDR_LOOSE);
-		}
-#endif
-		else {
-			freeaddrinfo(res);
-			return -1;
-		}
-		freeaddrinfo(res);
-		if (cp2)
-			cp = cp2;
-		else
-			break;
-	}
-	if (ai->ai_family == AF_INET) {
-		/* record the last hop */
-		if (lsrp + 4 > lsrep)
-			return -1;
-		sin = (struct sockaddr_in *)ai->ai_addr;
-		memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr));
-		lsrp += sizeof(struct in_addr);
-#ifndef	sysV88
-		lsr[IPOPT_OLEN] = lsrp - lsr;
-		if (lsr[IPOPT_OLEN] <= 7 || lsr[IPOPT_OLEN] > 40)
-			return -1;
-		*lsrp++ = IPOPT_NOP;	/*32bit word align*/
-		len = lsrp - lsr;
-		*cpp = lsr;
-#else
-		ipopt.io_len = lsrp - lsr;
-		if (ipopt.io_len <= 5)	/*is 3 better?*/
-			return -1;
-		*cpp = (char 8)&ipopt;
-#endif
-	}
-#ifdef INET6
-	else if (ai->ai_family == AF_INET6) {
-		inet6_rthdr_lasthop(cmsg, IPV6_RTHDR_LOOSE);
-		len = cmsg->cmsg_len;
-		*cpp = rhbuf;
-	}
-#endif
-	else
-		return -1;
-	return len;
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnet/defines.h b/crypto/heimdal/appl/telnet/telnet/defines.h
deleted file mode 100644
index 5c1ac2bcc658..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/defines.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defines.h	8.1 (Berkeley) 6/6/93
- */
-
-#define	settimer(x)	clocks.x = clocks.system++
-
-#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
-#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
-#define	NETBYTES()	(ring_full_count(&netoring))
-#define	NETROOM()	(ring_empty_count(&netoring))
-
-#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
-				*ttyoring.supply = c; \
-				ring_supplied(&ttyoring, 1); \
-			}
-#define	TTYBYTES()	(ring_full_count(&ttyoring))
-#define	TTYROOM()	(ring_empty_count(&ttyoring))
-
-/*	Various modes */
-#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
-#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
-#define	MODE_COMMAND_LINE(m)	((m)==-1)
-
-#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
-
-
-/* XXX extra mode bits, these should be synced with <arpa/telnet.h> */
-
-#define MODE_OUT8	0x8000 /* binary mode sans -opost */
diff --git a/crypto/heimdal/appl/telnet/telnet/externs.h b/crypto/heimdal/appl/telnet/telnet/externs.h
deleted file mode 100644
index 09f058c2bec6..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/externs.h
+++ /dev/null
@@ -1,441 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)externs.h	8.3 (Berkeley) 5/30/95
- */
-
-/* $Id: externs.h,v 1.25 2002/08/28 20:58:23 joda Exp $ */
-
-#ifndef	BSD
-# define BSD 43
-#endif
-
-#ifndef	_POSIX_VDISABLE
-# ifdef sun
-#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
-# endif
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((cc_t)'\377')
-# endif
-#endif
-
-#define	SUBBUFSIZE	256
-
-extern int
-    autologin,		/* Autologin enabled */
-    skiprc,		/* Don't process the ~/.telnetrc file */
-    eight,		/* use eight bit mode (binary in and/or out */
-    binary,
-    flushout,		/* flush output */
-    connected,		/* Are we connected to the other side? */
-    globalmode,		/* Mode tty should be in */
-    telnetport,		/* Are we connected to the telnet port? */
-    localflow,		/* Flow control handled locally */
-    restartany,		/* If flow control, restart output on any character */
-    localchars,		/* we recognize interrupt/quit */
-    donelclchars,	/* the user has set "localchars" */
-    showoptions,
-    wantencryption,	/* User has requested encryption */
-    net,		/* Network file descriptor */
-    tin,		/* Terminal input file descriptor */
-    tout,		/* Terminal output file descriptor */
-    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-    autoflush,		/* flush output when interrupting? */
-    autosynch,		/* send interrupt characters with SYNCH? */
-    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
-    donebinarytoggle,	/* the user has put us in binary */
-    dontlecho,		/* do we suppress local echoing right now? */
-    crmod,
-    netdata,		/* Print out network data flow */
-    prettydump,		/* Print "netdata" output in user readable format */
-    termdata,		/* Print out terminal data flow */
-    debug;		/* Debug level */
-
-extern int intr_happened, intr_waiting;	/* for interrupt handling */
-
-extern cc_t escape;	/* Escape to command mode */
-extern cc_t rlogin;	/* Rlogin mode escape character */
-#ifdef	KLUDGELINEMODE
-extern cc_t echoc;	/* Toggle local echoing */
-#endif
-
-extern char
-    *prompt;		/* Prompt for command. */
-
-extern char
-    doopt[],
-    dont[],
-    will[],
-    wont[],
-    do_dont_resp[],
-    will_wont_resp[],
-    options[],		/* All the little options */
-    *hostname;		/* Who are we connected to? */
-#if	defined(ENCRYPTION)
-extern void (*encrypt_output) (unsigned char *, int);
-extern int (*decrypt_input) (int);
-#endif
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
-#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
-#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
-#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
-
-#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
-#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
-#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
-#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
-
-/*
- * Make everything symmetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-
-extern FILE
-    *NetTrace;		/* Where debugging output goes */
-extern char
-    NetTraceFile[];	/* Name of file where debugging output goes */
-extern void
-    SetNetTrace (char *);	/* Function to change where debugging goes */
-
-extern jmp_buf
-    peerdied,
-    toplevel;		/* For error conditions. */
-
-/* authenc.c */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-int telnet_net_write(unsigned char *str, int len);
-void net_encrypt(void);
-int telnet_spin(void);
-char *telnet_getenv(const char *val);
-char *telnet_gets(char *prompt, char *result, int length, int echo);
-#endif
-
-/* commands.c */
-
-struct env_lst *env_define (unsigned char *, unsigned char *);
-struct env_lst *env_find(unsigned char *var);
-void env_init (void);
-void env_undefine (unsigned char *);
-void env_export (unsigned char *);
-void env_unexport (unsigned char *);
-void env_send (unsigned char *);
-void env_list (void);
-unsigned char * env_default(int init, int welldefined);
-unsigned char * env_getvalue(unsigned char *var);
-
-void set_escape_char(char *s);
-int sourceroute(struct addrinfo *ai, char *arg, char **cpp,
-		int *prototp, int *optp);
-
-#if	defined(AUTHENTICATION)
-int auth_enable (char *);
-int auth_disable (char *);
-int auth_status (void);
-#endif
-
-#if defined(ENCRYPTION)
-int 	EncryptEnable (char *, char *);
-int 	EncryptDisable (char *, char *);
-int 	EncryptType (char *, char *);
-int 	EncryptStart (char *);
-int 	EncryptStartInput (void);
-int 	EncryptStartOutput (void);
-int 	EncryptStop (char *);
-int 	EncryptStopInput (void);
-int 	EncryptStopOutput (void);
-int 	EncryptStatus (void);
-#endif
-
-#ifdef SIGINFO
-RETSIGTYPE ayt_status(int);
-#endif
-int tn(int argc, char **argv);
-void command(int top, char *tbuf, int cnt);
-
-/* main.c */
-
-void tninit(void);
-void usage(void);
-void set_forward_options(void);
-
-/* network.c */
-
-void init_network(void);
-int stilloob(void);
-void setneturg(void);
-int netflush(void);
-
-/* sys_bsd.c */
-
-void init_sys(void);
-int TerminalWrite(char *buf, int n);
-int TerminalRead(unsigned char *buf, int n);
-int TerminalAutoFlush(void);
-int TerminalSpecialChars(int c);
-void TerminalFlushOutput(void);
-void TerminalSaveState(void);
-void TerminalDefaultChars(void);
-void TerminalNewMode(int f);
-cc_t *tcval(int func);
-void TerminalSpeeds(long *input_speed, long *output_speed);
-int TerminalWindowSize(long *rows, long *cols);
-int NetClose(int fd);
-void NetNonblockingIO(int fd, int onoff);
-int process_rings(int netin, int netout, int netex, int ttyin, int ttyout,
-		  int poll);
-
-/* telnet.c */
-
-void init_telnet(void);
-
-void tel_leave_binary(int rw);
-void tel_enter_binary(int rw);
-int opt_welldefined(char *ep);
-int telrcv(void);
-int rlogin_susp(void);
-void intp(void);
-void sendbrk(void);
-void sendabort(void);
-void sendsusp(void);
-void sendeof(void);
-void sendayt(void);
-
-void xmitAO(void);
-void xmitEL(void);
-void xmitEC(void);
-
-
-void     Dump (char, unsigned char *, int);
-void     printoption (char *, int, int);
-void     printsub (int, unsigned char *, int);
-void     sendnaws (void);
-void     setconnmode (int);
-void     setcommandmode (void);
-void     setneturg (void);
-void     sys_telnet_init (void);
-void     my_telnet (char *);
-void     tel_enter_binary (int);
-void     TerminalFlushOutput (void);
-void     TerminalNewMode (int);
-void     TerminalRestoreState (void);
-void     TerminalSaveState (void);
-void     willoption (int);
-void     wontoption (int);
-
-
-void     send_do (int, int);
-void     send_dont (int, int);
-void     send_will (int, int);
-void     send_wont (int, int);
-
-void     lm_will (unsigned char *, int);
-void     lm_wont (unsigned char *, int);
-void     lm_do (unsigned char *, int);
-void     lm_dont (unsigned char *, int);
-void     lm_mode (unsigned char *, int, int);
-
-void     slc_init (void);
-void     slcstate (void);
-void     slc_mode_export (void);
-void     slc_mode_import (int);
-void     slc_import (int);
-void     slc_export (void);
-void     slc (unsigned char *, int);
-void     slc_check (void);
-void     slc_start_reply (void);
-void     slc_add_reply (unsigned char, unsigned char, cc_t);
-void     slc_end_reply (void);
-int	 slc_update (void);
-
-void     env_opt (unsigned char *, int);
-void     env_opt_start (void);
-void     env_opt_start_info (void);
-void     env_opt_add (unsigned char *);
-void     env_opt_end (int);
-
-unsigned char     *env_default (int, int);
-unsigned char     *env_getvalue (unsigned char *);
-
-int get_status (void);
-int dosynch (void);
-
-cc_t *tcval (int);
-
-int quit (void);
-
-/* terminal.c */
-
-void init_terminal(void);
-int ttyflush(int drop);
-int getconnmode(void);
-
-/* utilities.c */
-
-int SetSockOpt(int fd, int level, int option, int yesno);
-void SetNetTrace(char *file);
-void Dump(char direction, unsigned char *buffer, int length);
-void printoption(char *direction, int cmd, int option);
-void optionstatus(void);
-void printsub(int direction, unsigned char *pointer, int length);
-void EmptyTerminal(void);
-void SetForExit(void);
-void Exit(int returnCode);
-void ExitString(char *string, int returnCode);
-
-extern struct	termios new_tc;
-
-# define termEofChar		new_tc.c_cc[VEOF]
-# define termEraseChar		new_tc.c_cc[VERASE]
-# define termIntChar		new_tc.c_cc[VINTR]
-# define termKillChar		new_tc.c_cc[VKILL]
-# define termQuitChar		new_tc.c_cc[VQUIT]
-
-# ifndef	VSUSP
-extern cc_t termSuspChar;
-# else
-#  define termSuspChar		new_tc.c_cc[VSUSP]
-# endif
-# if	defined(VFLUSHO) && !defined(VDISCARD)
-#  define VDISCARD VFLUSHO
-# endif
-# ifndef	VDISCARD
-extern cc_t termFlushChar;
-# else
-#  define termFlushChar		new_tc.c_cc[VDISCARD]
-# endif
-# ifndef VWERASE
-extern cc_t termWerasChar;
-# else
-#  define termWerasChar		new_tc.c_cc[VWERASE]
-# endif
-# ifndef	VREPRINT
-extern cc_t termRprntChar;
-# else
-#  define termRprntChar		new_tc.c_cc[VREPRINT]
-# endif
-# ifndef	VLNEXT
-extern cc_t termLiteralNextChar;
-# else
-#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
-# endif
-# ifndef	VSTART
-extern cc_t termStartChar;
-# else
-#  define termStartChar		new_tc.c_cc[VSTART]
-# endif
-# ifndef	VSTOP
-extern cc_t termStopChar;
-# else
-#  define termStopChar		new_tc.c_cc[VSTOP]
-# endif
-# ifndef	VEOL
-extern cc_t termForw1Char;
-# else
-#  define termForw1Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VEOL2
-extern cc_t termForw2Char;
-# else
-#  define termForw2Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VSTATUS
-extern cc_t termAytChar;
-#else
-#  define termAytChar		new_tc.c_cc[VSTATUS]
-#endif
-
-/* Ring buffer structures which are shared */
-
-extern Ring
-    netoring,
-    netiring,
-    ttyoring,
-    ttyiring;
-
-extern int resettermname;
-extern int linemode;
-#ifdef KLUDGELINEMODE
-extern int kludgelinemode;
-#endif
-extern int want_status_response;
diff --git a/crypto/heimdal/appl/telnet/telnet/main.c b/crypto/heimdal/appl/telnet/telnet/main.c
deleted file mode 100644
index aaecfd7bed11..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/main.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-static char *copyright[] = {
-    "@(#) Copyright (c) 1988, 1990, 1993\n"
-    "\tThe Regents of the University of California.  All rights reserved.\n",
-    (char*)copyright
-};
-
-#include "telnet_locl.h"
-RCSID("$Id: main.c,v 1.38 2002/08/28 21:05:22 joda Exp $");
-
-#if KRB5
-#define FORWARD
-#endif
-
-/*
- * Initialize variables.
- */
-void
-tninit(void)
-{
-    init_terminal();
-
-    init_network();
-
-    init_telnet();
-
-    init_sys();
-}
-
-void
-usage(void)
-{
-  fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
-#ifdef	AUTHENTICATION
-	  "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
-	  "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
-#else
-	  "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
-	  "\n\t[-n tracefile]",
-#endif
-	  "[-r] ",
-#ifdef	ENCRYPTION
-	  "[-x] [host-name [port]]"
-#else
-	  "[host-name [port]]"
-#endif
-    );
-  exit(1);
-}
-
-/*
- * main.  Parse arguments, invoke the protocol or command parser.
- */
-
-
-#ifdef	FORWARD
-int forward_option = 0; /* forward flags set from command line */
-#endif	/* FORWARD */
-void
-set_forward_options(void)
-{
-#ifdef FORWARD
-	switch(forward_option) {
-	case 'f':
-		kerberos5_set_forward(1);
-		kerberos5_set_forwardable(0);
-		break;
-	case 'F':
-		kerberos5_set_forward(1);
-		kerberos5_set_forwardable(1);
-		break;
-	case 'G':
-		kerberos5_set_forward(0);
-		kerberos5_set_forwardable(0);
-		break;
-	default:
-		break;
-	}
-#endif
-}
-
-#ifdef KRB5
-/* XXX ugly hack to setup dns-proxy stuff */
-#define Authenticator asn1_Authenticator
-#include <krb5.h>
-static void
-krb5_init(void)
-{
-    krb5_context context;
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return;
-
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-    if (krb5_config_get_bool (context, NULL,
-         "libdefaults", "forward", NULL)) {
-	    kerberos5_set_forward(1);
-    }
-    if (krb5_config_get_bool (context, NULL,
-         "libdefaults", "forwardable", NULL)) {
-	    kerberos5_set_forwardable(1);
-    }
-#endif
-#ifdef  ENCRYPTION
-    if (krb5_config_get_bool (context, NULL,
-        "libdefaults", "encrypt", NULL)) {
-          encrypt_auto(1);
-          decrypt_auto(1); 
-	  wantencryption = 1;
-          EncryptVerbose(1);
-        }
-#endif
-
-    krb5_free_context(context);
-}
-#endif
-
-#if defined(AUTHENTICATION) && defined(KRB4)
-extern char *dest_realm, dst_realm_buf[];
-extern int dst_realm_sz;
-#endif
-
-int
-main(int argc, char **argv)
-{
-	int ch;
-	char *user;
-
-#ifdef KRB5
-	krb5_init();
-#endif
-	
-	tninit();		/* Clear out things */
-
-	TerminalSaveState();
-
-	if ((prompt = strrchr(argv[0], '/')))
-		++prompt;
-	else
-		prompt = argv[0];
-
-	user = NULL;
-
-	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
-
-	/* 
-	 * if AUTHENTICATION and ENCRYPTION is set autologin will be
-	 * se to true after the getopt switch; unless the -K option is
-	 * passed 
-	 */
-	autologin = -1;
-
-	if (argc == 2 && strcmp(argv[1], "--version") == 0) {
-	    print_version(NULL);
-	    exit(0);
-	}
-
-	while((ch = getopt(argc, argv,
-			   "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
-		switch(ch) {
-		case '8':
-			eight = 3;	/* binary output and input */
-			break;
-		case '7':
-			eight = 0;
-			break;
-		case 'b':
-		    binary = 3;
-		    break;
-		case 'D': {
-		    /* sometimes we don't want a mangled display */
-		    char *p;
-		    if((p = getenv("DISPLAY")))
-			env_define((unsigned char*)"DISPLAY", (unsigned char*)p);
-		    break;
-		}
-		case 'E':
-			rlogin = escape = _POSIX_VDISABLE;
-			break;
-		case 'K':
-#ifdef	AUTHENTICATION
-			autologin = 0;
-#endif
-			break;
-		case 'L':
-			eight |= 2;	/* binary output only */
-			break;
-		case 'S':
-		    {
-#ifdef	HAVE_PARSETOS
-			extern int tos;
-
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s%s\n",
-					prompt, ": Bad TOS argument '",
-					optarg,
-					"; will try to use default TOS");
-#else
-			fprintf(stderr,
-			   "%s: Warning: -S ignored, no parsetos() support.\n",
-								prompt);
-#endif
-		    }
-			break;
-		case 'X':
-#ifdef	AUTHENTICATION
-			auth_disable_name(optarg);
-#endif
-			break;
-		case 'a':
-			autologin = 1;
-			break;
-		case 'c':
-			skiprc = 1;
-			break;
-		case 'd':
-			debug = 1;
-			break;
-		case 'e':
-			set_escape_char(optarg);
-			break;
-		case 'f':
-		case 'F':
-		case 'G':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_option) {
-			    fprintf(stderr,
-				    "%s: Only one of -f, -F and -G allowed.\n",
-				    prompt);
-			    usage();
-			}
-			forward_option = ch;
-#else
-			fprintf(stderr,
-			 "%s: Warning: -%c ignored, no Kerberos V5 support.\n",
-				prompt, ch);
-#endif
-			break;
-		case 'k':
-#if defined(AUTHENTICATION) && defined(KRB4)
-		    {
-			dest_realm = dst_realm_buf;
-			strlcpy(dest_realm, optarg, dst_realm_sz);
-		    }
-#else
-			fprintf(stderr,
-			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
-								prompt);
-#endif
-			break;
-		case 'l':
-		  if(autologin == 0){
-		    fprintf(stderr, "%s: Warning: -K ignored\n", prompt);
-		    autologin = -1;
-		  }
-			user = optarg;
-			break;
-		case 'n':
-				SetNetTrace(optarg);
-			break;
-		case 'r':
-			rlogin = '~';
-			break;
-		case 'x':
-#ifdef	ENCRYPTION
-			encrypt_auto(1);
-			decrypt_auto(1);
-			wantencryption = 1;
-			EncryptVerbose(1);
-#else
-			fprintf(stderr,
-			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
-								prompt);
-#endif
-			break;
-
-		case '?':
-		default:
-			usage();
-			/* NOTREACHED */
-		}
-	}
-
-	if (autologin == -1) {		/* esc@magic.fi; force  */
-#if defined(AUTHENTICATION)
-		autologin = 1;
-#endif
-#if defined(ENCRYPTION)
-		encrypt_auto(1);
-		decrypt_auto(1);
-		wantencryption = -1;
-#endif
-	}
-
-	if (autologin == -1)
-		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
-
-	argc -= optind;
-	argv += optind;
-
-	if (argc) {
-		char *args[7], **argp = args;
-
-		if (argc > 2)
-			usage();
-		*argp++ = prompt;
-		if (user) {
-			*argp++ = "-l";
-			*argp++ = user;
-		}
-		*argp++ = argv[0];		/* host */
-		if (argc > 1)
-			*argp++ = argv[1];	/* port */
-		*argp = 0;
-
-		if (setjmp(toplevel) != 0)
-			Exit(0);
-		if (tn(argp - args, args) == 1)
-			return (0);
-		else
-			return (1);
-	}
-	setjmp(toplevel);
-	for (;;) {
-			command(1, 0, 0);
-	}
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/network.c b/crypto/heimdal/appl/telnet/telnet/network.c
deleted file mode 100644
index 53818f0a11ee..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/network.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: network.c,v 1.11 2000/10/08 13:28:21 assar Exp $");
-
-Ring		netoring, netiring;
-unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
-
-/*
- * Initialize internal network data structures.
- */
-
-void
-init_network(void)
-{
-    if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) {
-	exit(1);
-    }
-    NetTrace = stdout;
-}
-
-
-/*
- * Check to see if any out-of-band data exists on a socket (for
- * Telnet "synch" processing).
- */
-
-int
-stilloob(void)
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    do {
-	FD_ZERO(&excepts);
-	if (net >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(net, &excepts);
-	value = select(net+1, 0, 0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	perror("select");
-	quit();
-	/* NOTREACHED */
-    }
-    if (FD_ISSET(net, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-
-/*
- *  setneturg()
- *
- *	Sets "neturg" to the current location.
- */
-
-void
-setneturg(void)
-{
-    ring_mark(&netoring);
-}
-
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- *
- *		The return value indicates whether we did any
- *	useful work.
- */
-
-
-int
-netflush(void)
-{
-    int n, n1;
-
-#if	defined(ENCRYPTION)
-    if (encrypt_output)
-	ring_encrypt(&netoring, encrypt_output);
-#endif
-    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
-	if (!ring_at_mark(&netoring)) {
-	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
-	} else {
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
-	}
-    }
-    if (n < 0) {
-	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
-	    setcommandmode();
-	    perror(hostname);
-	    NetClose(net);
-	    ring_clear_mark(&netoring);
-	    longjmp(peerdied, -1);
-	    /*NOTREACHED*/
-	}
-	n = 0;
-    }
-    if (netdata && n) {
-	Dump('>', netoring.consume, n);
-    }
-    if (n) {
-	ring_consumed(&netoring, n);
-	/*
-	 * If we sent all, and more to send, then recurse to pick
-	 * up the other half.
-	 */
-	if ((n1 == n) && ring_full_consecutive(&netoring)) {
-	    netflush();
-	}
-	return 1;
-    } else {
-	return 0;
-    }
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/ring.c b/crypto/heimdal/appl/telnet/telnet/ring.c
deleted file mode 100644
index 597c79ab2347..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/ring.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: ring.c,v 1.11 2000/02/06 05:15:21 assar Exp $");
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-
-/* Internal macros */
-
-#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
-					(a)-(b): (((a)-(b))+(d)->size))
-
-#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
-					(a)+(c) : (((a)+(c))-(d)->size))
-
-#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
-					(a)-(c) : (((a)-(c))-(d)->size))
-
-
-/*
- * The following is a clock, used to determine full, empty, etc.
- *
- * There is some trickiness here.  Since the ring buffers are initialized
- * to ZERO on allocation, we need to make sure, when interpreting the
- * clock, that when the times are EQUAL, then the buffer is FULL.
- */
-static u_long ring_clock = 0;
-
-
-#define	ring_empty(d) (((d)->consume == (d)->supply) && \
-				((d)->consumetime >= (d)->supplytime))
-#define	ring_full(d) (((d)->supply == (d)->consume) && \
-				((d)->supplytime > (d)->consumetime))
-
-
-
-
-
-/* Buffer state transition routines */
-
-int
-ring_init(Ring *ring, unsigned char *buffer, int count)
-{
-    memset(ring, 0, sizeof *ring);
-
-    ring->size = count;
-
-    ring->supply = ring->consume = ring->bottom = buffer;
-
-    ring->top = ring->bottom+ring->size;
-
-#if	defined(ENCRYPTION)
-    ring->clearto = 0;
-#endif
-
-    return 1;
-}
-
-/* Mark routines */
-
-/*
- * Mark the most recently supplied byte.
- */
-
-void
-ring_mark(Ring *ring)
-{
-    ring->mark = ring_decrement(ring, ring->supply, 1);
-}
-
-/*
- * Is the ring pointing to the mark?
- */
-
-int
-ring_at_mark(Ring *ring)
-{
-    if (ring->mark == ring->consume) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * Clear any mark set on the ring.
- */
-
-void
-ring_clear_mark(Ring *ring)
-{
-    ring->mark = 0;
-}
-
-/*
- * Add characters from current segment to ring buffer.
- */
-void
-ring_supplied(Ring *ring, int count)
-{
-    ring->supply = ring_increment(ring, ring->supply, count);
-    ring->supplytime = ++ring_clock;
-}
-
-/*
- * We have just consumed "c" bytes.
- */
-void
-ring_consumed(Ring *ring, int count)
-{
-    if (count == 0)	/* don't update anything */
-	return;
-
-    if (ring->mark &&
-		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
-	ring->mark = 0;
-    }
-#if	defined(ENCRYPTION)
-    if (ring->consume < ring->clearto &&
-		ring->clearto <= ring->consume + count)
-	ring->clearto = 0;
-    else if (ring->consume + count > ring->top &&
-		ring->bottom <= ring->clearto &&
-		ring->bottom + ((ring->consume + count) - ring->top))
-	ring->clearto = 0;
-#endif
-    ring->consume = ring_increment(ring, ring->consume, count);
-    ring->consumetime = ++ring_clock;
-    /*
-     * Try to encourage "ring_empty_consecutive()" to be large.
-     */
-    if (ring_empty(ring)) {
-	ring->consume = ring->supply = ring->bottom;
-    }
-}
-
-
-
-/* Buffer state query routines */
-
-
-/* Number of bytes that may be supplied */
-int
-ring_empty_count(Ring *ring)
-{
-    if (ring_empty(ring)) {	/* if empty */
-	    return ring->size;
-    } else {
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* number of CONSECUTIVE bytes that may be supplied */
-int
-ring_empty_consecutive(Ring *ring)
-{
-    if ((ring->consume < ring->supply) || ring_empty(ring)) {
-			    /*
-			     * if consume is "below" supply, or empty, then
-			     * return distance to the top
-			     */
-	return ring_subtract(ring, ring->top, ring->supply);
-    } else {
-				    /*
-				     * else, return what we may.
-				     */
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* Return the number of bytes that are available for consuming
- * (but don't give more than enough to get to cross over set mark)
- */
-
-int
-ring_full_count(Ring *ring)
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if (ring_full(ring)) {
-	    return ring->size;	/* nothing consumed, but full */
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	return ring_subtract(ring, ring->mark, ring->consume);
-    }
-}
-
-/*
- * Return the number of CONSECUTIVE bytes available for consuming.
- * However, don't return more than enough to cross over set mark.
- */
-int
-ring_full_consecutive(Ring *ring)
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if ((ring->supply < ring->consume) || ring_full(ring)) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	if (ring->mark < ring->consume) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {	/* Else, distance to mark */
-	    return ring_subtract(ring, ring->mark, ring->consume);
-	}
-    }
-}
-
-/*
- * Move data into the "supply" portion of of the ring buffer.
- */
-void
-ring_supply_data(Ring *ring, unsigned char *buffer, int count)
-{
-    int i;
-
-    while (count) {
-	i = min(count, ring_empty_consecutive(ring));
-	memmove(ring->supply, buffer, i);
-	ring_supplied(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-
-#ifdef notdef
-
-/*
- * Move data from the "consume" portion of the ring buffer
- */
-void
-ring_consume_data(Ring *ring, unsigned char *buffer, int count)
-{
-    int i;
-
-    while (count) {
-	i = min(count, ring_full_consecutive(ring));
-	memmove(buffer, ring->consume, i);
-	ring_consumed(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-#endif
-
-#if	defined(ENCRYPTION)
-void
-ring_encrypt(Ring *ring, void (*encryptor)(unsigned char *, int))
-{
-    unsigned char *s, *c;
-
-    if (ring_empty(ring) || ring->clearto == ring->supply)
-	return;
-
-    if (!(c = ring->clearto))
-	c = ring->consume;
-
-    s = ring->supply;
-
-    if (s <= c) {
-	(*encryptor)(c, ring->top - c);
-	(*encryptor)(ring->bottom, s - ring->bottom);
-    } else
-	(*encryptor)(c, s - c);
-
-    ring->clearto = ring->supply;
-}
-
-void
-ring_clearto(Ring *ring)
-{
-    if (!ring_empty(ring))
-	ring->clearto = ring->supply;
-    else
-	ring->clearto = 0;
-}
-#endif
-
diff --git a/crypto/heimdal/appl/telnet/telnet/ring.h b/crypto/heimdal/appl/telnet/telnet/ring.h
deleted file mode 100644
index 1644a9607728..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/ring.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ring.h	8.1 (Berkeley) 6/6/93
- */
-
-/* $Id: ring.h,v 1.4 2000/02/06 05:15:47 assar Exp $ */
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-typedef struct {
-    unsigned char	*consume,	/* where data comes out of */
-			*supply,	/* where data comes in to */
-			*bottom,	/* lowest address in buffer */
-			*top,		/* highest address+1 in buffer */
-			*mark;		/* marker (user defined) */
-#if	defined(ENCRYPTION)
-    unsigned char	*clearto;	/* Data to this point is clear text */
-    unsigned char	*encryyptedto;	/* Data is encrypted to here */
-#endif
-    int		size;		/* size in bytes of buffer */
-    u_long	consumetime,	/* help us keep straight full, empty, etc. */
-		supplytime;
-} Ring;
-
-/* Here are some functions and macros to deal with the ring buffer */
-
-/* Initialization routine */
-extern int
-	ring_init (Ring *ring, unsigned char *buffer, int count);
-
-/* Data movement routines */
-extern void
-	ring_supply_data (Ring *ring, unsigned char *buffer, int count);
-#ifdef notdef
-extern void
-	ring_consume_data (Ring *ring, unsigned char *buffer, int count);
-#endif
-
-/* Buffer state transition routines */
-extern void
-	ring_supplied (Ring *ring, int count),
-	ring_consumed (Ring *ring, int count);
-
-/* Buffer state query routines */
-extern int
-	ring_empty_count (Ring *ring),
-	ring_empty_consecutive (Ring *ring),
-	ring_full_count (Ring *ring),
-	ring_full_consecutive (Ring *ring);
-
-#if	defined(ENCRYPTION)
-extern void
-	ring_encrypt (Ring *ring, void (*func)(unsigned char *, int)),
-	ring_clearto (Ring *ring);
-#endif
-
-extern int ring_at_mark(Ring *ring);
-
-extern void
-    ring_clear_mark(Ring *ring),
-    ring_mark(Ring *ring);
diff --git a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
deleted file mode 100644
index 1144e8fe9ab9..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c
+++ /dev/null
@@ -1,979 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: sys_bsd.c,v 1.30 2002/04/18 16:18:43 joda Exp $");
-
-/*
- * The following routines try to encapsulate what is system dependent
- * (at least between 4.x and dos) which is used in telnet.c.
- */
-
-int
-	tout,			/* Output file descriptor */
-	tin,			/* Input file descriptor */
-	net;
-
-struct	termios old_tc = { 0 };
-extern struct termios new_tc;
-
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
-#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
-#  ifdef CIBAUD
-#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
-#  else
-#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
-#  endif
-# endif /* TCSANOW */
-
-static fd_set ibits, obits, xbits;
-
-
-void
-init_sys(void)
-{
-    tout = fileno(stdout);
-    tin = fileno(stdin);
-    FD_ZERO(&ibits);
-    FD_ZERO(&obits);
-    FD_ZERO(&xbits);
-
-    errno = 0;
-}
-
-
-int
-TerminalWrite(char *buf, int n)
-{
-    return write(tout, buf, n);
-}
-
-int
-TerminalRead(unsigned char *buf, int n)
-{
-    return read(tin, buf, n);
-}
-
-/*
- *
- */
-
-int
-TerminalAutoFlush(void)
-{
-#if	defined(LNOFLSH)
-    int flush;
-
-    ioctl(0, TIOCLGET, (char *)&flush);
-    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
-#else	/* LNOFLSH */
-    return 1;
-#endif	/* LNOFLSH */
-}
-
-/*
- * TerminalSpecialChars()
- *
- * Look at an input character to see if it is a special character
- * and decide what to do.
- *
- * Output:
- *
- *	0	Don't add this character.
- *	1	Do add this character
- */
-
-int
-TerminalSpecialChars(int c)
-{
-    if (c == termIntChar) {
-	intp();
-	return 0;
-    } else if (c == termQuitChar) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return 0;
-    } else if (c == termEofChar) {
-	if (my_want_state_is_will(TELOPT_LINEMODE)) {
-	    sendeof();
-	    return 0;
-	}
-	return 1;
-    } else if (c == termSuspChar) {
-	sendsusp();
-	return(0);
-    } else if (c == termFlushChar) {
-	xmitAO();		/* Transmit Abort Output */
-	return 0;
-    } else if (!MODE_LOCAL_CHARS(globalmode)) {
-	if (c == termKillChar) {
-	    xmitEL();
-	    return 0;
-	} else if (c == termEraseChar) {
-	    xmitEC();		/* Transmit Erase Character */
-	    return 0;
-	}
-    }
-    return 1;
-}
-
-
-/*
- * Flush output to the terminal
- */
-
-void
-TerminalFlushOutput(void)
-{
-#ifdef	TIOCFLUSH
-    ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
-#else
-    ioctl(fileno(stdout), TCFLSH, (char *) 0);
-#endif
-}
-
-void
-TerminalSaveState(void)
-{
-    tcgetattr(0, &old_tc);
-
-    new_tc = old_tc;
-
-#ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-#endif
-#ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-#endif
-#ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-#endif
-#ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-#endif
-#ifndef	VSTART
-    termStartChar = CONTROL('Q');
-#endif
-#ifndef	VSTOP
-    termStopChar = CONTROL('S');
-#endif
-#ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-#endif
-}
-
-cc_t*
-tcval(int func)
-{
-    switch(func) {
-    case SLC_IP:	return(&termIntChar);
-    case SLC_ABORT:	return(&termQuitChar);
-    case SLC_EOF:	return(&termEofChar);
-    case SLC_EC:	return(&termEraseChar);
-    case SLC_EL:	return(&termKillChar);
-    case SLC_XON:	return(&termStartChar);
-    case SLC_XOFF:	return(&termStopChar);
-    case SLC_FORW1:	return(&termForw1Char);
-    case SLC_FORW2:	return(&termForw2Char);
-# ifdef	VDISCARD
-    case SLC_AO:	return(&termFlushChar);
-# endif
-# ifdef	VSUSP
-    case SLC_SUSP:	return(&termSuspChar);
-# endif
-# ifdef	VWERASE
-    case SLC_EW:	return(&termWerasChar);
-# endif
-# ifdef	VREPRINT
-    case SLC_RP:	return(&termRprntChar);
-# endif
-# ifdef	VLNEXT
-    case SLC_LNEXT:	return(&termLiteralNextChar);
-# endif
-# ifdef	VSTATUS
-    case SLC_AYT:	return(&termAytChar);
-# endif
-
-    case SLC_SYNCH:
-    case SLC_BRK:
-    case SLC_EOR:
-    default:
-	return((cc_t *)0);
-    }
-}
-
-void
-TerminalDefaultChars(void)
-{
-    memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
-# ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-# endif
-# ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-# endif
-# ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-# endif
-# ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-# endif
-# ifndef	VSTART
-    termStartChar = CONTROL('Q');
-# endif
-# ifndef	VSTOP
-    termStopChar = CONTROL('S');
-# endif
-# ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-# endif
-}
-
-#ifdef notdef
-void
-TerminalRestoreState()
-{
-}
-#endif
-
-/*
- * TerminalNewMode - set up terminal to a specific mode.
- *	MODE_ECHO: do local terminal echo
- *	MODE_FLOW: do local flow control
- *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
- *	MODE_EDIT: do local line editing
- *
- *	Command mode:
- *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
- *		local echo
- *		local editing
- *		local xon/xoff
- *		local signal mapping
- *
- *	Linemode:
- *		local/no editing
- *	Both Linemode and Single Character mode:
- *		local/remote echo
- *		local/no xon/xoff
- *		local/no signal mapping
- */
-
-
-#ifdef	SIGTSTP
-static RETSIGTYPE susp(int);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-static RETSIGTYPE ayt(int);
-#endif
-
-void
-TerminalNewMode(int f)
-{
-    static int prevmode = 0;
-    struct termios tmp_tc;
-    int onoff;
-    int old;
-    cc_t esc;
-
-    globalmode = f&~MODE_FORCE;
-    if (prevmode == f)
-	return;
-
-    /*
-     * Write any outstanding data before switching modes
-     * ttyflush() returns 0 only when there is no more data
-     * left to write out, it returns -1 if it couldn't do
-     * anything at all, otherwise it returns 1 + the number
-     * of characters left to write.
-     */
-    old = ttyflush(SYNCHing|flushout);
-    if (old < 0 || old > 1) {
-	tcgetattr(tin, &tmp_tc);
-	do {
-	    /*
-	     * Wait for data to drain, then flush again.
-	     */
-	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
-	    old = ttyflush(SYNCHing|flushout);
-	} while (old < 0 || old > 1);
-    }
-
-    old = prevmode;
-    prevmode = f&~MODE_FORCE;
-    tmp_tc = new_tc;
-
-    if (f&MODE_ECHO) {
-	tmp_tc.c_lflag |= ECHO;
-	tmp_tc.c_oflag |= ONLCR;
-	if (crlf)
-		tmp_tc.c_iflag |= ICRNL;
-    } else {
-	tmp_tc.c_lflag &= ~ECHO;
-	tmp_tc.c_oflag &= ~ONLCR;
-# ifdef notdef
-	if (crlf)
-		tmp_tc.c_iflag &= ~ICRNL;
-# endif
-    }
-
-    if ((f&MODE_FLOW) == 0) {
-	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
-    } else {
-	if (restartany < 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
-	} else if (restartany > 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
-	} else {
-		tmp_tc.c_iflag |= IXOFF|IXON;
-		tmp_tc.c_iflag &= ~IXANY;
-	}
-    }
-
-    if ((f&MODE_TRAPSIG) == 0) {
-	tmp_tc.c_lflag &= ~ISIG;
-	localchars = 0;
-    } else {
-	tmp_tc.c_lflag |= ISIG;
-	localchars = 1;
-    }
-
-    if (f&MODE_EDIT) {
-	tmp_tc.c_lflag |= ICANON;
-    } else {
-	tmp_tc.c_lflag &= ~ICANON;
-	tmp_tc.c_iflag &= ~ICRNL;
-	tmp_tc.c_cc[VMIN] = 1;
-	tmp_tc.c_cc[VTIME] = 0;
-    }
-
-    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
-# ifdef VLNEXT
-	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
-# endif
-    }
-
-    if (f&MODE_SOFT_TAB) {
-# ifdef	OXTABS
-	tmp_tc.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-	tmp_tc.c_oflag |= TAB3;
-# endif
-    } else {
-# ifdef	OXTABS
-	tmp_tc.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-# endif
-    }
-
-    if (f&MODE_LIT_ECHO) {
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag &= ~ECHOCTL;
-# endif
-    } else {
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag |= ECHOCTL;
-# endif
-    }
-
-    if (f == -1) {
-	onoff = 0;
-    } else {
-	if (f & MODE_INBIN)
-		tmp_tc.c_iflag &= ~ISTRIP;
-	else
-		tmp_tc.c_iflag |= ISTRIP;
-	if ((f & MODE_OUTBIN) || (f & MODE_OUT8)) {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= CS8;
-		if(f & MODE_OUTBIN)
-		    tmp_tc.c_oflag &= ~OPOST;
-		else
-		    tmp_tc.c_oflag |= OPOST;
-	} else {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
-		tmp_tc.c_oflag |= OPOST;
-	}
-	onoff = 1;
-    }
-
-    if (f != -1) {
-
-#ifdef	SIGTSTP
-	signal(SIGTSTP, susp);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-	signal(SIGINFO, ayt);
-#endif
-#ifdef NOKERNINFO
-	tmp_tc.c_lflag |= NOKERNINFO;
-#endif
-	/*
-	 * We don't want to process ^Y here.  It's just another
-	 * character that we'll pass on to the back end.  It has
-	 * to process it because it will be processed when the
-	 * user attempts to read it, not when we send it.
-	 */
-# ifdef	VDSUSP
-	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
-# endif
-	/*
-	 * If the VEOL character is already set, then use VEOL2,
-	 * otherwise use VEOL.
-	 */
-	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
-	if ((tmp_tc.c_cc[VEOL] != esc)
-# ifdef	VEOL2
-	    && (tmp_tc.c_cc[VEOL2] != esc)
-# endif
-	    ) {
-		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL] = esc;
-# ifdef	VEOL2
-		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL2] = esc;
-# endif
-	}
-    } else {
-        sigset_t sm;
-
-#ifdef	SIGINFO
-	signal(SIGINFO, ayt_status);
-#endif
-#ifdef	SIGTSTP
-	signal(SIGTSTP, SIG_DFL);
-	sigemptyset(&sm);
-	sigaddset(&sm, SIGTSTP);
-	sigprocmask(SIG_UNBLOCK, &sm, NULL);
-#endif	/* SIGTSTP */
-	tmp_tc = old_tc;
-    }
-    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
-	tcsetattr(tin, TCSANOW, &tmp_tc);
-
-    ioctl(tin, FIONBIO, (char *)&onoff);
-    ioctl(tout, FIONBIO, (char *)&onoff);
-
-}
-
-/*
- * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
- */
-#if B4800 != 4800
-#define	DECODE_BAUD
-#endif
-
-#ifdef	DECODE_BAUD
-#ifndef	B7200
-#define B7200   B4800
-#endif
-
-#ifndef	B14400
-#define B14400  B9600
-#endif
-
-#ifndef	B19200
-# define B19200 B14400
-#endif
-
-#ifndef	B28800
-#define B28800  B19200
-#endif
-
-#ifndef	B38400
-# define B38400 B28800
-#endif
-
-#ifndef B57600
-#define B57600  B38400
-#endif
-
-#ifndef B76800
-#define B76800  B57600
-#endif
-
-#ifndef B115200
-#define B115200 B76800
-#endif
-
-#ifndef B230400
-#define B230400 B115200
-#endif
-
-
-/*
- * This code assumes that the values B0, B50, B75...
- * are in ascending order.  They do not have to be
- * contiguous.
- */
-struct termspeeds {
-	long speed;
-	long value;
-} termspeeds[] = {
-	{ 0,      B0 },      { 50,    B50 },    { 75,     B75 },
-	{ 110,    B110 },    { 134,   B134 },   { 150,    B150 },
-	{ 200,    B200 },    { 300,   B300 },   { 600,    B600 },
-	{ 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
-	{ 4800,   B4800 },   { 7200,  B7200 },  { 9600,   B9600 },
-	{ 14400,  B14400 },  { 19200, B19200 }, { 28800,  B28800 },
-	{ 38400,  B38400 },  { 57600, B57600 }, { 115200, B115200 },
-	{ 230400, B230400 }, { -1,    B230400 }
-};
-#endif	/* DECODE_BAUD */
-
-void
-TerminalSpeeds(long *input_speed, long *output_speed)
-{
-#ifdef	DECODE_BAUD
-    struct termspeeds *tp;
-#endif	/* DECODE_BAUD */
-    long in, out;
-
-    out = cfgetospeed(&old_tc);
-    in = cfgetispeed(&old_tc);
-    if (in == 0)
-	in = out;
-
-#ifdef	DECODE_BAUD
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < in))
-	tp++;
-    *input_speed = tp->speed;
-
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < out))
-	tp++;
-    *output_speed = tp->speed;
-#else	/* DECODE_BAUD */
-	*input_speed = in;
-	*output_speed = out;
-#endif	/* DECODE_BAUD */
-}
-
-int
-TerminalWindowSize(long *rows, long *cols)
-{
-    struct winsize ws;
-
-    if (get_window_size (STDIN_FILENO, &ws) == 0) {
-	*rows = ws.ws_row;
-	*cols = ws.ws_col;
-	return 1;
-    } else
-	return 0;
-}
-
-int
-NetClose(int fd)
-{
-    return close(fd);
-}
-
-
-void
-NetNonblockingIO(int fd, int onoff)
-{
-    ioctl(fd, FIONBIO, (char *)&onoff);
-}
-
-
-/*
- * Various signal handling routines.
- */
-
-static RETSIGTYPE deadpeer(int),
-  intr(int), intr2(int), susp(int), sendwin(int);
-#ifdef SIGINFO
-static RETSIGTYPE ayt(int);
-#endif
-  
-
-    /* ARGSUSED */
-static RETSIGTYPE
-deadpeer(int sig)
-{
-	setcommandmode();
-	longjmp(peerdied, -1);
-}
-
-int intr_happened = 0;
-int intr_waiting = 0;
-
-    /* ARGSUSED */
-static RETSIGTYPE
-intr(int sig)
-{
-    if (intr_waiting) {
-	intr_happened = 1;
-	return;
-    }
-    if (localchars) {
-	intp();
-	return;
-    }
-    setcommandmode();
-    longjmp(toplevel, -1);
-}
-
-    /* ARGSUSED */
-static RETSIGTYPE
-intr2(int sig)
-{
-    if (localchars) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return;
-    }
-}
-
-#ifdef	SIGTSTP
-    /* ARGSUSED */
-static RETSIGTYPE
-susp(int sig)
-{
-    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
-	return;
-    if (localchars)
-	sendsusp();
-}
-#endif
-
-#ifdef	SIGWINCH
-    /* ARGSUSED */
-static RETSIGTYPE
-sendwin(int sig)
-{
-    if (connected) {
-	sendnaws();
-    }
-}
-#endif
-
-#ifdef	SIGINFO
-    /* ARGSUSED */
-static RETSIGTYPE
-ayt(int sig)
-{
-    if (connected)
-	sendayt();
-    else
-	ayt_status(sig);
-}
-#endif
-
-
-void
-sys_telnet_init(void)
-{
-    signal(SIGINT, intr);
-    signal(SIGQUIT, intr2);
-    signal(SIGPIPE, deadpeer);
-#ifdef	SIGWINCH
-    signal(SIGWINCH, sendwin);
-#endif
-#ifdef	SIGTSTP
-    signal(SIGTSTP, susp);
-#endif
-#ifdef	SIGINFO
-    signal(SIGINFO, ayt);
-#endif
-
-    setconnmode(0);
-
-    NetNonblockingIO(net, 1);
-
-
-#if	defined(SO_OOBINLINE)
-    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1)
-	perror("setsockopt (SO_OOBINLINE) (ignored)");
-#endif	/* defined(SO_OOBINLINE) */
-}
-
-/*
- * Process rings -
- *
- *	This routine tries to fill up/empty our various rings.
- *
- *	The parameter specifies whether this is a poll operation,
- *	or a block-until-something-happens operation.
- *
- *	The return value is 1 if something happened, 0 if not.
- */
-
-int
-process_rings(int netin,
-	      int netout,
-	      int netex,
-	      int ttyin,
-	      int ttyout,
-	      int poll) /* If 0, then block until something to do */
-{
-    int c;
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue = 0;
-    static struct timeval TimeValue = { 0 };
-
-    if (net >= FD_SETSIZE
-	|| tout >= FD_SETSIZE
-	|| tin >= FD_SETSIZE)
-	errx (1, "fd too large");
-
-    if (netout) {
-	FD_SET(net, &obits);
-    }
-    if (ttyout) {
-	FD_SET(tout, &obits);
-    }
-    if (ttyin) {
-	FD_SET(tin, &ibits);
-    }
-    if (netin) {
-	FD_SET(net, &ibits);
-    }
-#if !defined(SO_OOBINLINE)
-    if (netex) {
-	FD_SET(net, &xbits);
-    }
-#endif
-    if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits,
-			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
-	if (c == -1) {
-		    /*
-		     * we can get EINTR if we are in line mode,
-		     * and the user does an escape (TSTP), or
-		     * some other signal generator.
-		     */
-	    if (errno == EINTR) {
-		return 0;
-	    }
-		    /* I don't like this, does it ever happen? */
-	    printf("sleep(5) from telnet, after select\r\n");
-	    sleep(5);
-	}
-	return 0;
-    }
-
-    /*
-     * Any urgent data?
-     */
-    if (FD_ISSET(net, &xbits)) {
-	FD_CLR(net, &xbits);
-	SYNCHing = 1;
-	ttyflush(1);	/* flush already enqueued data */
-    }
-
-    /*
-     * Something to read from the network...
-     */
-    if (FD_ISSET(net, &ibits)) {
-	int canread;
-
-	FD_CLR(net, &ibits);
-	canread = ring_empty_consecutive(&netiring);
-#if	!defined(SO_OOBINLINE)
-	    /*
-	     * In 4.2 (and some early 4.3) systems, the
-	     * OOB indication and data handling in the kernel
-	     * is such that if two separate TCP Urgent requests
-	     * come in, one byte of TCP data will be overlaid.
-	     * This is fatal for Telnet, but we try to live
-	     * with it.
-	     *
-	     * In addition, in 4.2 (and...), a special protocol
-	     * is needed to pick up the TCP Urgent data in
-	     * the correct sequence.
-	     *
-	     * What we do is:  if we think we are in urgent
-	     * mode, we look to see if we are "at the mark".
-	     * If we are, we do an OOB receive.  If we run
-	     * this twice, we will do the OOB receive twice,
-	     * but the second will fail, since the second
-	     * time we were "at the mark", but there wasn't
-	     * any data there (the kernel doesn't reset
-	     * "at the mark" until we do a normal read).
-	     * Once we've read the OOB data, we go ahead
-	     * and do normal reads.
-	     *
-	     * There is also another problem, which is that
-	     * since the OOB byte we read doesn't put us
-	     * out of OOB state, and since that byte is most
-	     * likely the TELNET DM (data mark), we would
-	     * stay in the TELNET SYNCH (SYNCHing) state.
-	     * So, clocks to the rescue.  If we've "just"
-	     * received a DM, then we test for the
-	     * presence of OOB data when the receive OOB
-	     * fails (and AFTER we did the normal mode read
-	     * to clear "at the mark").
-	     */
-	if (SYNCHing) {
-	    int atmark;
-	    static int bogus_oob = 0, first = 1;
-
-	    ioctl(net, SIOCATMARK, (char *)&atmark);
-	    if (atmark) {
-		c = recv(net, netiring.supply, canread, MSG_OOB);
-		if ((c == -1) && (errno == EINVAL)) {
-		    c = recv(net, netiring.supply, canread, 0);
-		    if (clocks.didnetreceive < clocks.gotDM) {
-			SYNCHing = stilloob();
-		    }
-		} else if (first && c > 0) {
-		    /*
-		     * Bogosity check.  Systems based on 4.2BSD
-		     * do not return an error if you do a second
-		     * recv(MSG_OOB).  So, we do one.  If it
-		     * succeeds and returns exactly the same
-		     * data, then assume that we are running
-		     * on a broken system and set the bogus_oob
-		     * flag.  (If the data was different, then
-		     * we probably got some valid new data, so
-		     * increment the count...)
-		     */
-		    int i;
-		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
-		    if (i == c &&
-			 memcmp(netiring.supply, netiring.supply + c, i) == 0) {
-			bogus_oob = 1;
-			first = 0;
-		    } else if (i < 0) {
-			bogus_oob = 0;
-			first = 0;
-		    } else
-			c += i;
-		}
-		if (bogus_oob && c > 0) {
-		    int i;
-		    /*
-		     * Bogosity.  We have to do the read
-		     * to clear the atmark to get out of
-		     * an infinate loop.
-		     */
-		    i = read(net, netiring.supply + c, canread - c);
-		    if (i > 0)
-			c += i;
-		}
-	    } else {
-		c = recv(net, netiring.supply, canread, 0);
-	    }
-	} else {
-	    c = recv(net, netiring.supply, canread, 0);
-	}
-	settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE) */
-	c = recv(net, (char *)netiring.supply, canread, 0);
-#endif	/* !defined(SO_OOBINLINE) */
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else if (c <= 0) {
-	    return -1;
-	}
-	if (netdata) {
-	    Dump('<', netiring.supply, c);
-	}
-	if (c)
-	    ring_supplied(&netiring, c);
-	returnValue = 1;
-    }
-
-    /*
-     * Something to read from the tty...
-     */
-    if (FD_ISSET(tin, &ibits)) {
-	FD_CLR(tin, &ibits);
-	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
-	if (c < 0 && errno == EIO)
-	    c = 0;
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else {
-	    /* EOF detection for line mode!!!! */
-	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
-			/* must be an EOF... */
-		*ttyiring.supply = termEofChar;
-		c = 1;
-	    }
-	    if (c <= 0) {
-		return -1;
-	    }
-	    if (termdata) {
-		Dump('<', ttyiring.supply, c);
-	    }
-	    ring_supplied(&ttyiring, c);
-	}
-	returnValue = 1;		/* did something useful */
-    }
-
-    if (FD_ISSET(net, &obits)) {
-	FD_CLR(net, &obits);
-	returnValue |= netflush();
-    }
-    if (FD_ISSET(tout, &obits)) {
-	FD_CLR(tout, &obits);
-	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
-    }
-
-    return returnValue;
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.1 b/crypto/heimdal/appl/telnet/telnet/telnet.1
deleted file mode 100644
index 82852a73291b..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet.1
+++ /dev/null
@@ -1,1369 +0,0 @@
-.\" Copyright (c) 1983, 1990, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnet.1	8.6 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNET 1
-.Os BSD 4.2
-.Sh NAME
-.Nm telnet
-.Nd user interface to the
-.Tn TELNET
-protocol
-.Sh SYNOPSIS
-.Nm telnet
-.Op Fl 78EFKLacdfrx
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl e Ar escapechar
-.Op Fl k Ar realm
-.Op Fl l Ar user
-.Op Fl n Ar tracefile
-.Oo
-.Ar host
-.Op port
-.Oc
-.Sh DESCRIPTION
-The
-.Nm telnet
-command
-is used to communicate with another host using the
-.Tn TELNET
-protocol.
-If
-.Nm telnet
-is invoked without the
-.Ar host
-argument, it enters command mode,
-indicated by its prompt
-.Pq Nm telnet\&> .
-In this mode, it accepts and executes the commands listed below.
-If it is invoked with arguments, it performs an
-.Ic open
-command with those arguments.
-.Pp
-Options:
-.Bl -tag -width indent
-.It Fl 8
-Specifies an 8-bit data path.  This causes an attempt to
-negotiate the
-.Dv TELNET BINARY
-option on both input and output.
-.It Fl 7
-Do not try to negotiate
-.Dv TELNET BINARY
-option.
-.It Fl E
-Stops any character from being recognized as an escape character.
-.It Fl F
-If Kerberos V5 authentication is being used, the
-.Fl F
-option allows the local credentials to be forwarded
-to the remote system, including any credentials that
-have already been forwarded into the local environment.
-.It Fl K
-Specifies no automatic login to the remote system.
-.It Fl L
-Specifies an 8-bit data path on output.  This causes the
-BINARY option to be negotiated on output.
-.It Fl S Ar tos
-Sets the IP type-of-service (TOS) option for the telnet
-connection to the value
-.Ar tos ,
-which can be a numeric TOS value
-or, on systems that support it, a symbolic
-TOS name found in the /etc/iptos file.
-.It Fl X Ar atype
-Disables the
-.Ar atype
-type of authentication.
-.It Fl a
-Attempt automatic login.
-Currently, this sends the user name via the
-.Ev USER
-variable
-of the
-.Ev ENVIRON
-option if supported by the remote system.
-The name used is that of the current user as returned by
-.Xr getlogin 2
-if it agrees with the current user ID,
-otherwise it is the name associated with the user ID.
-.It Fl c
-Disables the reading of the user's
-.Pa \&.telnetrc
-file.  (See the
-.Ic toggle skiprc
-command on this man page.)
-.It Fl d
-Sets the initial value of the
-.Ic debug
-toggle to
-.Dv TRUE
-.It Fl e Ar escape char
-Sets the initial
-.Nm
-.Nm telnet
-escape character to
-.Ar escape char .
-If
-.Ar escape char
-is omitted, then
-there will be no escape character.
-.It Fl f
-If Kerberos V5 authentication is being used, the
-.Fl f
-option allows the local credentials to be forwarded to the remote system.
-.It Fl k Ar realm
-If Kerberos authentication is being used, the
-.Fl k
-option requests that telnet obtain tickets for the remote host in
-realm realm instead of the remote host's realm, as determined
-by
-.Xr krb_realmofhost 3 .
-.It Fl l Ar user
-When connecting to the remote system, if the remote system
-understands the
-.Ev ENVIRON
-option, then
-.Ar user
-will be sent to the remote system as the value for the variable USER.
-This option implies the
-.Fl a
-option.
-This option may also be used with the
-.Ic open
-command.
-.It Fl n Ar tracefile
-Opens
-.Ar tracefile
-for recording trace information.
-See the
-.Ic set tracefile
-command below.
-.It Fl r
-Specifies a user interface similar to
-.Xr rlogin 1 .
-In this
-mode, the escape character is set to the tilde (~) character,
-unless modified by the -e option.
-.It Fl x
-Turn on encryption of the data stream.  When this option is turned on,
-.B telnet
-will exit with an error if authentication cannot be negotiated or if
-encryption cannot be turned on.
-.It Ar host
-Indicates the official name, an alias, or the Internet address
-of a remote host.
-.It Ar port
-Indicates a port number (address of an application).  If a number is
-not specified, the default
-.Nm telnet
-port is used.
-.El
-.Pp
-When in rlogin mode, a line of the form ~.  disconnects from the
-remote host; ~ is the telnet escape character.
-Similarly, the line ~^Z suspends the telnet session.
-The line ~^] escapes to the normal telnet escape prompt.
-.Pp
-Once a connection has been opened,
-.Nm telnet
-will attempt to enable the
-.Dv TELNET LINEMODE
-option.
-If this fails, then
-.Nm telnet
-will revert to one of two input modes:
-either \*(Lqcharacter at a time\*(Rq
-or \*(Lqold line by line\*(Rq
-depending on what the remote system supports.
-.Pp
-When
-.Dv LINEMODE
-is enabled, character processing is done on the
-local system, under the control of the remote system.  When input
-editing or character echoing is to be disabled, the remote system
-will relay that information.  The remote system will also relay
-changes to any special characters that happen on the remote
-system, so that they can take effect on the local system.
-.Pp
-In \*(Lqcharacter at a time\*(Rq mode, most
-text typed is immediately sent to the remote host for processing.
-.Pp
-In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
-and (normally) only completed lines are sent to the remote host.
-The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
-to turn off and on the local echo
-(this would mostly be used to enter passwords
-without the password being echoed).
-.Pp
-If the
-.Dv LINEMODE
-option is enabled, or if the
-.Ic localchars
-toggle is
-.Dv TRUE
-(the default for \*(Lqold line by line\*(Lq; see below),
-the user's
-.Ic quit  ,
-.Ic intr ,
-and
-.Ic flush
-characters are trapped locally, and sent as
-.Tn TELNET
-protocol sequences to the remote side.
-If
-.Dv LINEMODE
-has ever been enabled, then the user's
-.Ic susp
-and
-.Ic eof
-are also sent as
-.Tn TELNET
-protocol sequences,
-and
-.Ic quit
-is sent as a
-.Dv TELNET ABORT
-instead of
-.Dv BREAK
-There are options (see
-.Ic toggle
-.Ic autoflush
-and
-.Ic toggle
-.Ic autosynch
-below)
-which cause this action to flush subsequent output to the terminal
-(until the remote host acknowledges the
-.Tn TELNET
-sequence) and flush previous terminal input
-(in the case of
-.Ic quit
-and
-.Ic intr  ) .
-.Pp
-While connected to a remote host,
-.Nm telnet
-command mode may be entered by typing the
-.Nm telnet
-\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
-When in command mode, the normal terminal editing conventions are available.
-.Pp
-The following
-.Nm telnet
-commands are available.
-Only enough of each command to uniquely identify it need be typed
-(this is also true for arguments to the
-.Ic mode  ,
-.Ic set ,
-.Ic toggle  ,
-.Ic unset ,
-.Ic slc  ,
-.Ic environ ,
-and
-.Ic display
-commands).
-.Pp
-.Bl -tag -width "mode type"
-.It Ic auth Ar argument ...
-The auth command manipulates the information sent through the
-.Dv TELNET AUTHENTICATE
-option.  Valid arguments for the
-auth command are as follows:
-.Bl -tag -width "disable type"
-.It Ic disable Ar type
-Disables the specified type of authentication.  To
-obtain a list of available types, use the
-.Ic auth disable ?\&
-command.
-.It Ic enable Ar type
-Enables the specified type of authentication.  To
-obtain a list of available types, use the
-.Ic auth enable ?\&
-command.
-.It Ic status
-Lists the current status of the various types of
-authentication.
-.El
-.It Ic close
-Close a
-.Tn TELNET
-session and return to command mode.
-.It Ic display Ar argument ...
-Displays all, or some, of the
-.Ic set
-and
-.Ic toggle
-values (see below).
-.It Ic encrypt Ar argument ...
-The encrypt command manipulates the information sent through the
-.Dv TELNET ENCRYPT
-option.
-.Pp
-Note:  Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside of the United States and Canada.
-.Pp
-Valid arguments for the encrypt command are as follows:
-.Bl -tag -width Ar
-.It Ic disable Ar type Xo
-.Op Cm input | output
-.Xc
-Disables the specified type of encryption.  If you
-omit the input and output, both input and output
-are disabled.  To obtain a list of available
-types, use the
-.Ic encrypt disable ?\&
-command.
-.It Ic enable Ar type Xo
-.Op Cm input | output
-.Xc
-Enables the specified type of encryption.  If you
-omit input and output, both input and output are
-enabled.  To obtain a list of available types, use the
-.Ic encrypt enable ?\&
-command.
-.It Ic input
-This is the same as the
-.Ic encrypt start input
-command.
-.It Ic -input
-This is the same as the
-.Ic encrypt stop input
-command.
-.It Ic output
-This is the same as the
-.Ic encrypt start output
-command.
-.It Ic -output
-This is the same as the
-.Ic encrypt stop output
-command.
-.It Ic start Op Cm input | output
-Attempts to start encryption.  If you omit
-.Ic input
-and
-.Ic output ,
-both input and output are enabled.  To
-obtain a list of available types, use the
-.Ic encrypt enable ?\&
-command.
-.It Ic status
-Lists the current status of encryption.
-.It Ic stop Op Cm input | output
-Stops encryption.  If you omit input and output,
-encryption is on both input and output.
-.It Ic type Ar type
-Sets the default type of encryption to be used
-with later
-.Ic encrypt start
-or
-.Ic encrypt stop
-commands.
-.El
-.It Ic environ Ar arguments ...
-The
-.Ic environ
-command is used to manipulate the
-the variables that my be sent through the
-.Dv TELNET ENVIRON
-option.
-The initial set of variables is taken from the users
-environment, with only the
-.Ev DISPLAY
-and
-.Ev PRINTER
-variables being exported by default.
-The
-.Ev USER
-variable is also exported if the
-.Fl a
-or
-.Fl l
-options are used.
-.Pp
-Valid arguments for the
-.Ic environ
-command are:
-.Bl -tag -width Fl
-.It Ic define Ar variable value
-Define the variable
-.Ar variable
-to have a value of
-.Ar value .
-Any variables defined by this command are automatically exported.
-The
-.Ar value
-may be enclosed in single or double quotes so
-that tabs and spaces may be included.
-.It Ic undefine Ar variable
-Remove
-.Ar variable
-from the list of environment variables.
-.It Ic export Ar variable
-Mark the variable
-.Ar variable
-to be exported to the remote side.
-.It Ic unexport Ar variable
-Mark the variable
-.Ar variable
-to not be exported unless
-explicitly asked for by the remote side.
-.It Ic list
-List the current set of environment variables.
-Those marked with a
-.Cm *
-will be sent automatically,
-other variables will only be sent if explicitly requested.
-.It Ic ?\&
-Prints out help information for the
-.Ic environ
-command.
-.El
-.It Ic logout
-Sends the
-.Dv TELNET LOGOUT
-option to the remote side.
-This command is similar to a
-.Ic close
-command; however, if the remote side does not support the
-.Dv LOGOUT
-option, nothing happens.
-If, however, the remote side does support the
-.Dv LOGOUT
-option, this command should cause the remote side to close the
-.Tn TELNET
-connection.
-If the remote side also supports the concept of
-suspending a user's session for later reattachment,
-the logout argument indicates that you
-should terminate the session immediately.
-.It Ic mode Ar type
-.Ar Type
-is one of several options, depending on the state of the
-.Tn TELNET
-session.
-The remote host is asked for permission to go into the requested mode.
-If the remote host is capable of entering that mode, the requested
-mode will be entered.
-.Bl -tag -width Ar
-.It Ic character
-Disable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then enter \*(Lqcharacter at a time\*(Lq mode.
-.It Ic line
-Enable the
-.Dv TELNET LINEMODE
-option, or, if the remote side does not understand the
-.Dv LINEMODE
-option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
-.It Ic isig Pq Ic \-isig
-Attempt to enable (disable) the
-.Dv TRAPSIG
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic edit Pq Ic \-edit
-Attempt to enable (disable) the
-.Dv EDIT
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic softtabs Pq Ic \-softtabs
-Attempt to enable (disable) the
-.Dv SOFT_TAB
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic litecho Pq Ic \-litecho
-Attempt to enable (disable) the
-.Dv LIT_ECHO
-mode of the
-.Dv LINEMODE
-option.
-This requires that the
-.Dv LINEMODE
-option be enabled.
-.It Ic ?\&
-Prints out help information for the
-.Ic mode
-command.
-.El
-.It Xo
-.Ic open Ar host
-.Op Fl l Ar user
-.Op Oo Fl Oc Ns Ar port
-.Xc
-Open a connection to the named host.
-If no port number
-is specified,
-.Nm telnet
-will attempt to contact a
-.Tn TELNET
-server at the default port.
-The host specification may be either a host name (see
-.Xr hosts  5  )
-or an Internet address specified in the \*(Lqdot notation\*(Rq (see
-.Xr inet 3 ) .
-The
-.Op Fl l
-option may be used to specify the user name
-to be passed to the remote system via the
-.Ev ENVIRON
-option.
-When connecting to a non-standard port,
-.Nm telnet
-omits any automatic initiation of
-.Tn TELNET
-options.  When the port number is preceded by a minus sign,
-the initial option negotiation is done.
-After establishing a connection, the file
-.Pa \&.telnetrc
-in the
-users home directory is opened.  Lines beginning with a # are
-comment lines.  Blank lines are ignored.  Lines that begin
-without white space are the start of a machine entry.  The
-first thing on the line is the name of the machine that is
-being connected to.  The rest of the line, and successive
-lines that begin with white space are assumed to be
-.Nm telnet
-commands and are processed as if they had been typed
-in manually to the
-.Nm telnet
-command prompt.
-.It Ic quit
-Close any open
-.Tn TELNET
-session and exit
-.Nm telnet  .
-An end of file (in command mode) will also close a session and exit.
-.It Ic send Ar arguments
-Sends one or more special character sequences to the remote host.
-The following are the arguments which may be specified
-(more than one argument may be specified at a time):
-.Pp
-.Bl -tag -width escape
-.It Ic abort
-Sends the
-.Dv TELNET ABORT
-(Abort
-processes)
-sequence.
-.It Ic ao
-Sends the
-.Dv TELNET AO
-(Abort Output) sequence, which should cause the remote system to flush
-all output
-.Em from
-the remote system
-.Em to
-the user's terminal.
-.It Ic ayt
-Sends the
-.Dv TELNET AYT
-(Are You There)
-sequence, to which the remote system may or may not choose to respond.
-.It Ic brk
-Sends the
-.Dv TELNET BRK
-(Break) sequence, which may have significance to the remote
-system.
-.It Ic ec
-Sends the
-.Dv TELNET EC
-(Erase Character)
-sequence, which should cause the remote system to erase the last character
-entered.
-.It Ic el
-Sends the
-.Dv TELNET EL
-(Erase Line)
-sequence, which should cause the remote system to erase the line currently
-being entered.
-.It Ic eof
-Sends the
-.Dv TELNET EOF
-(End Of File)
-sequence.
-.It Ic eor
-Sends the
-.Dv TELNET EOR
-(End of Record)
-sequence.
-.It Ic escape
-Sends the current
-.Nm telnet
-escape character (initially \*(Lq^\*(Rq).
-.It Ic ga
-Sends the
-.Dv TELNET GA
-(Go Ahead)
-sequence, which likely has no significance to the remote system.
-.It Ic getstatus
-If the remote side supports the
-.Dv TELNET STATUS
-command,
-.Ic getstatus
-will send the subnegotiation to request that the server send
-its current option status.
-.It Ic ip
-Sends the
-.Dv TELNET IP
-(Interrupt Process) sequence, which should cause the remote
-system to abort the currently running process.
-.It Ic nop
-Sends the
-.Dv TELNET NOP
-(No OPeration)
-sequence.
-.It Ic susp
-Sends the
-.Dv TELNET SUSP
-(SUSPend process)
-sequence.
-.It Ic synch
-Sends the
-.Dv TELNET SYNCH
-sequence.
-This sequence causes the remote system to discard all previously typed
-(but not yet read) input.
-This sequence is sent as
-.Tn TCP
-urgent
-data (and may not work if the remote system is a
-.Bx 4.2
-system -- if
-it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
-.It Ic do Ar cmd
-.It Ic dont Ar cmd
-.It Ic will Ar cmd
-.It Ic wont Ar cmd
-Sends the
-.Dv TELNET DO
-.Ar cmd
-sequence.
-.Ar Cmd
-can be either a decimal number between 0 and 255,
-or a symbolic name for a specific
-.Dv TELNET
-command.
-.Ar Cmd
-can also be either
-.Ic help
-or
-.Ic ?\&
-to print out help information, including
-a list of known symbolic names.
-.It Ic ?\&
-Prints out help information for the
-.Ic send
-command.
-.El
-.It Ic set Ar argument value
-.It Ic unset Ar argument value
-The
-.Ic set
-command will set any one of a number of
-.Nm telnet
-variables to a specific value or to
-.Dv TRUE .
-The special value
-.Ic off
-turns off the function associated with
-the variable, this is equivalent to using the
-.Ic unset
-command.
-The
-.Ic unset
-command will disable or set to
-.Dv FALSE
-any of the specified functions.
-The values of variables may be interrogated with the
-.Ic display
-command.
-The variables which may be set or unset, but not toggled, are
-listed here.  In addition, any of the variables for the
-.Ic toggle
-command may be explicitly set or unset using
-the
-.Ic set
-and
-.Ic unset
-commands.
-.Bl -tag -width escape
-.It Ic ayt
-If
-.Tn TELNET
-is in localchars mode, or
-.Dv LINEMODE
-is enabled, and the status character is typed, a
-.Dv TELNET AYT
-sequence (see
-.Ic send ayt
-preceding) is sent to the
-remote host.  The initial value for the "Are You There"
-character is the terminal's status character.
-.It Ic echo
-This is the value (initially \*(Lq^E\*(Rq) which, when in
-\*(Lqline by line\*(Rq mode, toggles between doing local echoing
-of entered characters (for normal processing), and suppressing
-echoing of entered characters (for entering, say, a password).
-.It Ic eof
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Rq mode, entering this character
-as the first character on a line will cause this character to be
-sent to the remote system.
-The initial value of the eof character is taken to be the terminal's
-.Ic eof
-character.
-.It Ic erase
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Sy and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EC
-sequence (see
-.Ic send
-.Ic ec
-above)
-is sent to the remote system.
-The initial value for the erase character is taken to be
-the terminal's
-.Ic erase
-character.
-.It Ic escape
-This is the
-.Nm telnet
-escape character (initially \*(Lq^[\*(Rq) which causes entry
-into
-.Nm telnet
-command mode (when connected to a remote system).
-.It Ic flushoutput
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic flushoutput
-character is typed, a
-.Dv TELNET AO
-sequence (see
-.Ic send
-.Ic ao
-above)
-is sent to the remote host.
-The initial value for the flush character is taken to be
-the terminal's
-.Ic flush
-character.
-.It Ic forw1
-.It Ic forw2
-If
-.Tn TELNET
-is operating in
-.Dv LINEMODE ,
-these are the
-characters that, when typed, cause partial lines to be
-forwarded to the remote system.  The initial value for
-the forwarding characters are taken from the terminal's
-eol and eol2 characters.
-.It Ic interrupt
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic interrupt
-character is typed, a
-.Dv TELNET IP
-sequence (see
-.Ic send
-.Ic ip
-above)
-is sent to the remote host.
-The initial value for the interrupt character is taken to be
-the terminal's
-.Ic intr
-character.
-.It Ic kill
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below),
-.Ic and
-if
-.Nm telnet
-is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
-character is typed, a
-.Dv TELNET EL
-sequence (see
-.Ic send
-.Ic el
-above)
-is sent to the remote system.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic kill
-character.
-.It Ic lnext
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic lnext
-character.
-The initial value for the lnext character is taken to be
-the terminal's
-.Ic lnext
-character.
-.It Ic quit
-If
-.Nm telnet
-is in
-.Ic localchars
-mode (see
-.Ic toggle
-.Ic localchars
-below)
-and the
-.Ic quit
-character is typed, a
-.Dv TELNET BRK
-sequence (see
-.Ic send
-.Ic brk
-above)
-is sent to the remote host.
-The initial value for the quit character is taken to be
-the terminal's
-.Ic quit
-character.
-.It Ic reprint
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic reprint
-character.
-The initial value for the reprint character is taken to be
-the terminal's
-.Ic reprint
-character.
-.It Ic rlogin
-This is the rlogin escape character.
-If set, the normal
-.Tn TELNET
-escape character is ignored unless it is
-preceded by this character at the beginning of a line.
-This character, at the beginning of a line followed by
-a "."  closes the connection; when followed by a ^Z it
-suspends the telnet command.  The initial state is to
-disable the rlogin escape character.
-.It Ic start
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic start
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic start
-character.
-.It Ic stop
-If the
-.Dv TELNET TOGGLE-FLOW-CONTROL
-option has been enabled,
-then this character is taken to
-be the terminal's
-.Ic stop
-character.
-The initial value for the kill character is taken to be
-the terminal's
-.Ic stop
-character.
-.It Ic susp
-If
-.Nm telnet
-is in
-.Ic localchars
-mode, or
-.Dv LINEMODE
-is enabled, and the
-.Ic suspend
-character is typed, a
-.Dv TELNET SUSP
-sequence (see
-.Ic send
-.Ic susp
-above)
-is sent to the remote host.
-The initial value for the suspend character is taken to be
-the terminal's
-.Ic suspend
-character.
-.It Ic tracefile
-This is the file to which the output, caused by
-.Ic netdata
-or
-.Ic option
-tracing being
-.Dv TRUE ,
-will be written.  If it is set to
-.Dq Fl ,
-then tracing information will be written to standard output (the default).
-.It Ic worderase
-If
-.Nm telnet
-is operating in
-.Dv LINEMODE
-or \*(Lqold line by line\*(Lq mode, then this character is taken to
-be the terminal's
-.Ic worderase
-character.
-The initial value for the worderase character is taken to be
-the terminal's
-.Ic worderase
-character.
-.It Ic ?\&
-Displays the legal
-.Ic set
-.Pq Ic unset
-commands.
-.El
-.It Ic slc Ar state
-The
-.Ic slc
-command (Set Local Characters) is used to set
-or change the state of the the special
-characters when the
-.Dv TELNET LINEMODE
-option has
-been enabled.  Special characters are characters that get
-mapped to
-.Tn TELNET
-commands sequences (like
-.Ic ip
-or
-.Ic quit  )
-or line editing characters (like
-.Ic erase
-and
-.Ic kill  ) .
-By default, the local special characters are exported.
-.Bl -tag -width Fl
-.It Ic check
-Verify the current settings for the current special characters.
-The remote side is requested to send all the current special
-character settings, and if there are any discrepancies with
-the local side, the local side will switch to the remote value.
-.It Ic export
-Switch to the local defaults for the special characters.  The
-local default characters are those of the local terminal at
-the time when
-.Nm telnet
-was started.
-.It Ic import
-Switch to the remote defaults for the special characters.
-The remote default characters are those of the remote system
-at the time when the
-.Tn TELNET
-connection was established.
-.It Ic ?\&
-Prints out help information for the
-.Ic slc
-command.
-.El
-.It Ic status
-Show the current status of
-.Nm telnet  .
-This includes the peer one is connected to, as well
-as the current mode.
-.It Ic toggle Ar arguments ...
-Toggle (between
-.Dv TRUE
-and
-.Dv FALSE )
-various flags that control how
-.Nm telnet
-responds to events.
-These flags may be set explicitly to
-.Dv TRUE
-or
-.Dv FALSE
-using the
-.Ic set
-and
-.Ic unset
-commands listed above.
-More than one argument may be specified.
-The state of these flags may be interrogated with the
-.Ic display
-command.
-Valid arguments are:
-.Bl -tag -width Ar
-.It Ic authdebug
-Turns on debugging information for the authentication code.
-.It Ic autoflush
-If
-.Ic autoflush
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when the
-.Ic ao  ,
-or
-.Ic quit
-characters are recognized (and transformed into
-.Tn TELNET
-sequences; see
-.Ic set
-above for details),
-.Nm telnet
-refuses to display any data on the user's terminal
-until the remote system acknowledges (via a
-.Dv TELNET TIMING MARK
-option)
-that it has processed those
-.Tn TELNET
-sequences.
-The initial value for this toggle is
-.Dv TRUE
-if the terminal user had not
-done an "stty noflsh", otherwise
-.Dv FALSE
-(see
-.Xr stty  1  ) .
-.It Ic autodecrypt
-When the
-.Dv TELNET ENCRYPT
-option is negotiated, by
-default the actual encryption (decryption) of the data
-stream does not start automatically.  The autoencrypt
-(autodecrypt) command states that encryption of the
-output (input) stream should be enabled as soon as
-possible.
-.Pp
-Note:  Because of export controls, the
-.Dv TELNET ENCRYPT
-option is not supported outside the United States and Canada.
-.It Ic autologin
-If the remote side supports the
-.Dv TELNET AUTHENTICATION
-option
-.Tn TELNET
-attempts to use it to perform automatic authentication.  If the
-.Dv AUTHENTICATION
-option is not supported, the user's login
-name are propagated through the
-.Dv TELNET ENVIRON
-option.
-This command is the same as specifying
-.Ar a
-option on the
-.Ic open
-command.
-.It Ic autosynch
-If
-.Ic autosynch
-and
-.Ic localchars
-are both
-.Dv TRUE ,
-then when either the
-.Ic intr
-or
-.Ic quit
-characters is typed (see
-.Ic set
-above for descriptions of the
-.Ic intr
-and
-.Ic quit
-characters), the resulting
-.Tn TELNET
-sequence sent is followed by the
-.Dv TELNET SYNCH
-sequence.
-This procedure
-.Ic should
-cause the remote system to begin throwing away all previously
-typed input until both of the
-.Tn TELNET
-sequences have been read and acted upon.
-The initial value of this toggle is
-.Dv FALSE .
-.It Ic binary
-Enable or disable the
-.Dv TELNET BINARY
-option on both input and output.
-.It Ic inbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on input.
-.It Ic outbinary
-Enable or disable the
-.Dv TELNET BINARY
-option on output.
-.It Ic crlf
-If this is
-.Dv TRUE ,
-then carriage returns will be sent as
-.Li <CR><LF> .
-If this is
-.Dv FALSE ,
-then carriage returns will be send as
-.Li <CR><NUL> .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic crmod
-Toggle carriage return mode.
-When this mode is enabled, most carriage return characters received from
-the remote host will be mapped into a carriage return followed by
-a line feed.
-This mode does not affect those characters typed by the user, only
-those received from the remote host.
-This mode is not very useful unless the remote host
-only sends carriage return, but never line feed.
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic debug
-Toggles socket level debugging (useful only to the
-.Ic super user  ) .
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic encdebug
-Turns on debugging information for the encryption code.
-.It Ic localchars
-If this is
-.Dv TRUE ,
-then the
-.Ic flush  ,
-.Ic interrupt ,
-.Ic quit  ,
-.Ic erase ,
-and
-.Ic kill
-characters (see
-.Ic set
-above) are recognized locally, and transformed into (hopefully) appropriate
-.Tn TELNET
-control sequences
-(respectively
-.Ic ao  ,
-.Ic ip ,
-.Ic brk  ,
-.Ic ec ,
-and
-.Ic el  ;
-see
-.Ic send
-above).
-The initial value for this toggle is
-.Dv TRUE
-in \*(Lqold line by line\*(Rq mode,
-and
-.Dv FALSE
-in \*(Lqcharacter at a time\*(Rq mode.
-When the
-.Dv LINEMODE
-option is enabled, the value of
-.Ic localchars
-is ignored, and assumed to always be
-.Dv TRUE .
-If
-.Dv LINEMODE
-has ever been enabled, then
-.Ic quit
-is sent as
-.Ic abort  ,
-and
-.Ic eof
-and
-.Ic suspend
-are sent as
-.Ic eof
-and
-.Ic susp ,
-see
-.Ic send
-above).
-.It Ic netdata
-Toggles the display of all network data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic options
-Toggles the display of some internal
-.Nm telnet
-protocol processing (having to do with
-.Tn TELNET
-options).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic prettydump
-When the
-.Ic netdata
-toggle is enabled, if
-.Ic prettydump
-is enabled the output from the
-.Ic netdata
-command will be formatted in a more user readable format.
-Spaces are put between each character in the output, and the
-beginning of any
-.Tn TELNET
-escape sequence is preceded by a '*' to aid in locating them.
-.It Ic skiprc
-When the skiprc toggle is
-.Dv TRUE ,
-.Tn TELNET
-skips the reading of the
-.Pa \&.telnetrc
-file in the users home
-directory when connections are opened.  The initial
-value for this toggle is
-.Dv FALSE .
-.It Ic termdata
-Toggles the display of all terminal data (in hexadecimal format).
-The initial value for this toggle is
-.Dv FALSE .
-.It Ic verbose_encrypt
-When the
-.Ic verbose_encrypt
-toggle is
-.Dv TRUE ,
-.Tn TELNET
-prints out a message each time encryption is enabled or
-disabled.  The initial value for this toggle is
-.Dv FALSE .
-Note:  Because of export controls, data encryption
-is not supported outside of the United States and Canada.
-.It Ic \&?
-Displays the legal
-.Ic toggle
-commands.
-.El
-.It Ic z
-Suspend
-.Nm telnet  .
-This command only works when the user is using the
-.Xr csh  1  .
-.It Ic \&! Op Ar command
-Execute a single command in a subshell on the local
-system.  If
-.Ic command
-is omitted, then an interactive
-subshell is invoked.
-.It Ic ?\& Op Ar command
-Get help.  With no arguments,
-.Nm telnet
-prints a help summary.
-If a command is specified,
-.Nm telnet
-will print the help information for just that command.
-.El
-.Sh ENVIRONMENT
-.Nm Telnet
-uses at least the
-.Ev HOME ,
-.Ev SHELL ,
-.Ev DISPLAY ,
-and
-.Ev TERM
-environment variables.
-Other environment variables may be propagated
-to the other side via the
-.Dv TELNET ENVIRON
-option.
-.Sh FILES
-.Bl -tag -width ~/.telnetrc -compact
-.It Pa ~/.telnetrc
-user customized telnet startup values
-.El
-.Sh HISTORY
-The
-.Nm Telnet
-command appeared in
-.Bx 4.2 .
-.Sh NOTES
-.Pp
-On some remote systems, echo has to be turned off manually when in
-\*(Lqold line by line\*(Rq mode.
-.Pp
-In \*(Lqold line by line\*(Rq mode or
-.Dv LINEMODE
-the terminal's
-.Ic eof
-character is only recognized (and sent to the remote system)
-when it is the first character on a line.
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.c b/crypto/heimdal/appl/telnet/telnet/telnet.c
deleted file mode 100644
index bbc99990e201..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet.c
+++ /dev/null
@@ -1,2399 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-#ifdef HAVE_TERMCAP_H
-#include <termcap.h>
-#endif
-
-RCSID("$Id: telnet.c,v 1.34 2002/05/03 10:19:43 joda Exp $");
-
-#define	strip(x) (eight ? (x) : ((x) & 0x7f))
-
-static unsigned char	subbuffer[SUBBUFSIZE],
-			*subpointer, *subend;	 /* buffer for sub-options */
-#define	SB_CLEAR()	subpointer = subbuffer;
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-				*subpointer++ = (c); \
-			}
-
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_PEEK()	((*subpointer)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-char	options[256];		/* The combined options */
-char	do_dont_resp[256];
-char	will_wont_resp[256];
-
-int
-	eight = 3,
-	binary = 0,
-	autologin = 0,	/* Autologin anyone? */
-	skiprc = 0,
-	connected,
-	showoptions,
-	ISend,		/* trying to send network data in */
-	debug = 0,
-	crmod,
-	netdata,	/* Print out network data flow */
-	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-	telnetport,
-        wantencryption = 0,
-	SYNCHing,	/* we are in TELNET SYNCH mode */
-	flushout,	/* flush output */
-	autoflush = 0,	/* flush output when interrupting? */
-	autosynch,	/* send interrupt characters with SYNCH? */
-	localflow,	/* we handle flow control locally */
-	restartany,	/* if flow control enabled, restart on any character */
-	localchars,	/* we recognize interrupt/quit */
-	donelclchars,	/* the user has set "localchars" */
-	donebinarytoggle,	/* the user has put us in binary */
-	dontlecho,	/* do we suppress local echoing right now? */
-	globalmode;
-
-char *prompt = 0;
-
-int scheduler_lockout_tty = 0;
-
-cc_t escape;
-cc_t rlogin;
-#ifdef	KLUDGELINEMODE
-cc_t echoc;
-#endif
-
-/*
- * Telnet receiver states for fsm
- */
-#define	TS_DATA		0
-#define	TS_IAC		1
-#define	TS_WILL		2
-#define	TS_WONT		3
-#define	TS_DO		4
-#define	TS_DONT		5
-#define	TS_CR		6
-#define	TS_SB		7		/* sub-option collection */
-#define	TS_SE		8		/* looking for sub-option end */
-
-static int	telrcv_state;
-#ifdef	OLD_ENVIRON
-unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
-#else
-# define telopt_environ TELOPT_NEW_ENVIRON
-#endif
-
-jmp_buf	toplevel;
-jmp_buf	peerdied;
-
-int	flushline;
-int	linemode;
-
-#ifdef	KLUDGELINEMODE
-int	kludgelinemode = 1;
-#endif
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-Clocks clocks;
-
-static int is_unique(char *name, char **as, char **ae);
-
-
-/*
- * Initialize telnet environment.
- */
-
-void
-init_telnet(void)
-{
-    env_init();
-
-    SB_CLEAR();
-    memset(options, 0, sizeof options);
-
-    connected = ISend = localflow = donebinarytoggle = 0;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-    restartany = -1;
-
-    SYNCHing = 0;
-
-    /* Don't change NetTrace */
-
-    escape = CONTROL(']');
-    rlogin = _POSIX_VDISABLE;
-#ifdef	KLUDGELINEMODE
-    echoc = CONTROL('E');
-#endif
-
-    flushline = 1;
-    telrcv_state = TS_DATA;
-}
-
-
-/*
- * These routines are in charge of sending option negotiations
- * to the other side.
- *
- * The basic idea is that we send the negotiation if either side
- * is in disagreement as to what the current state should be.
- */
-
-void
-send_do(int c, int init)
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
-				my_want_state_is_do(c))
-	    return;
-	set_my_want_state_do(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DO);
-    NETADD(c);
-    printoption("SENT", DO, c);
-}
-
-void
-send_dont(int c, int init)
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
-				my_want_state_is_dont(c))
-	    return;
-	set_my_want_state_dont(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DONT);
-    NETADD(c);
-    printoption("SENT", DONT, c);
-}
-
-void
-send_will(int c, int init)
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
-				my_want_state_is_will(c))
-	    return;
-	set_my_want_state_will(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WILL);
-    NETADD(c);
-    printoption("SENT", WILL, c);
-}
-
-void
-send_wont(int c, int init)
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
-				my_want_state_is_wont(c))
-	    return;
-	set_my_want_state_wont(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WONT);
-    NETADD(c);
-    printoption("SENT", WONT, c);
-}
-
-
-void
-willoption(int option)
-{
-	int new_state_ok = 0;
-
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_do(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_ECHO:
-	    case TELOPT_BINARY:
-	    case TELOPT_SGA:
-		settimer(modenegotiated);
-		/* FALL THROUGH */
-	    case TELOPT_STATUS:
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-#endif
-#if	defined(ENCRYPTION)
-	    case TELOPT_ENCRYPT:
-#endif
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		/*
-		 * Special case for TM.  If we get back a WILL,
-		 * pretend we got back a WONT.
-		 */
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;			/* Never reply to TM will's/wont's */
-
-	    case TELOPT_LINEMODE:
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_do(option);
-		send_do(option, 0);
-		setconnmode(0);		/* possibly set new tty mode */
-	    } else {
-		do_dont_resp[option]++;
-		send_dont(option, 0);
-	    }
-	}
-	set_my_state_do(option);
-#if	defined(ENCRYPTION)
-	if (option == TELOPT_ENCRYPT)
-		encrypt_send_support();
-#endif
-}
-
-void
-wontoption(int option)
-{
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_dont(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
-
-	    switch (option) {
-
-#ifdef	KLUDGELINEMODE
-	    case TELOPT_SGA:
-		if (!kludgelinemode)
-		    break;
-		/* FALL THROUGH */
-#endif
-	    case TELOPT_ECHO:
-		settimer(modenegotiated);
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;		/* Never reply to TM will's/wont's */
-
-#ifdef ENCRYPTION
-  	    case TELOPT_ENCRYPT:
-	      encrypt_not();
-	      break;
-#endif
-	    default:
-		break;
-	    }
-	    set_my_want_state_dont(option);
-	    if (my_state_is_do(option))
-		send_dont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	} else if (option == TELOPT_TM) {
-	    /*
-	     * Special case for TM.
-	     */
-	    if (flushout)
-		flushout = 0;
-	    set_my_want_state_dont(option);
-	}
-	set_my_state_dont(option);
-}
-
-static void
-dooption(int option)
-{
-	int new_state_ok = 0;
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_will(option))
-		--will_wont_resp[option];
-	}
-
-	if (will_wont_resp[option] == 0) {
-	  if (my_want_state_is_wont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_TM:
-		/*
-		 * Special case for TM.  We send a WILL, but pretend
-		 * we sent WONT.
-		 */
-		send_will(option, 0);
-		set_my_want_state_wont(TELOPT_TM);
-		set_my_state_wont(TELOPT_TM);
-		return;
-
-	    case TELOPT_BINARY:		/* binary mode */
-	    case TELOPT_NAWS:		/* window size */
-	    case TELOPT_TSPEED:		/* terminal speed */
-	    case TELOPT_LFLOW:		/* local flow control */
-	    case TELOPT_TTYPE:		/* terminal type option */
-	    case TELOPT_SGA:		/* no big deal */
-#if	defined(ENCRYPTION)
-	    case TELOPT_ENCRYPT:	/* encryption variable option */
-#endif
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
-#ifdef	OLD_ENVIRON
-		if (my_state_is_will(TELOPT_OLD_ENVIRON))
-			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
-		goto env_common;
-	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
-		if (my_state_is_will(TELOPT_NEW_ENVIRON))
-			break;		/* Don't enable if new one is in use! */
-	    env_common:
-		telopt_environ = option;
-#endif
-		new_state_ok = 1;
-		break;
-
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-		if (autologin)
-			new_state_ok = 1;
-		break;
-#endif
-
-	    case TELOPT_XDISPLOC:	/* X Display location */
-		if (env_getvalue((unsigned char *)"DISPLAY"))
-		    new_state_ok = 1;
-		break;
-
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_want_state_will(TELOPT_LINEMODE);
-		send_will(option, 0);
-		set_my_state_will(TELOPT_LINEMODE);
-		slc_init();
-		return;
-
-	    case TELOPT_ECHO:		/* We're never going to echo... */
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_will(option);
-		send_will(option, 0);
-		setconnmode(0);			/* Set new tty mode */
-	    } else {
-		will_wont_resp[option]++;
-		send_wont(option, 0);
-	    }
-	  } else {
-	    /*
-	     * Handle options that need more things done after the
-	     * other side has acknowledged the option.
-	     */
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_state_will(option);
-		slc_init();
-		send_do(TELOPT_SGA, 0);
-		return;
-	    }
-	  }
-	}
-	set_my_state_will(option);
-}
-
-static void
-dontoption(int option)
-{
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_wont(option))
-		--will_wont_resp[option];
-	}
-
-	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-		linemode = 0;	/* put us back to the default state */
-		break;
-#ifdef	OLD_ENVIRON
-	    case TELOPT_NEW_ENVIRON:
-		/*
-		 * The new environ option wasn't recognized, try
-		 * the old one.
-		 */
-		send_will(TELOPT_OLD_ENVIRON, 1);
-		telopt_environ = TELOPT_OLD_ENVIRON;
-		break;
-#endif
-#if 0
-#ifdef ENCRYPTION
-	    case TELOPT_ENCRYPT:
-	      encrypt_not();
-	      break;
-#endif
-#endif
-	    }
-	    /* we always accept a DONT */
-	    set_my_want_state_wont(option);
-	    if (my_state_is_will(option))
-		send_wont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	}
-	set_my_state_wont(option);
-}
-
-/*
- * Given a buffer returned by tgetent(), this routine will turn
- * the pipe seperated list of names in the buffer into an array
- * of pointers to null terminated names.  We toss out any bad,
- * duplicate, or verbose names (names with spaces).
- */
-
-static char *name_unknown = "UNKNOWN";
-static char *unknown[] = { 0, 0 };
-
-static char **
-mklist(char *buf, char *name)
-{
-	int n;
-	char c, *cp, **argvp, *cp2, **argv, **avt;
-
-	if (name) {
-		if ((int)strlen(name) > 40) {
-			name = 0;
-			unknown[0] = name_unknown;
-		} else {
-			unknown[0] = name;
-			strupr(name);
-		}
-	} else
-		unknown[0] = name_unknown;
-	/*
-	 * Count up the number of names.
-	 */
-	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
-		if (*cp == '|')
-			n++;
-	}
-	/*
-	 * Allocate an array to put the name pointers into
-	 */
-	argv = (char **)malloc((n+3)*sizeof(char *));
-	if (argv == 0)
-		return(unknown);
-
-	/*
-	 * Fill up the array of pointers to names.
-	 */
-	*argv = 0;
-	argvp = argv+1;
-	n = 0;
-	for (cp = cp2 = buf; (c = *cp);  cp++) {
-		if (c == '|' || c == ':') {
-			*cp++ = '\0';
-			/*
-			 * Skip entries that have spaces or are over 40
-			 * characters long.  If this is our environment
-			 * name, then put it up front.  Otherwise, as
-			 * long as this is not a duplicate name (case
-			 * insensitive) add it to the list.
-			 */
-			if (n || (cp - cp2 > 41))
-				;
-			else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
-				*argv = cp2;
-			else if (is_unique(cp2, argv+1, argvp))
-				*argvp++ = cp2;
-			if (c == ':')
-				break;
-			/*
-			 * Skip multiple delimiters. Reset cp2 to
-			 * the beginning of the next name. Reset n,
-			 * the flag for names with spaces.
-			 */
-			while ((c = *cp) == '|')
-				cp++;
-			cp2 = cp;
-			n = 0;
-		}
-		/*
-		 * Skip entries with spaces or non-ascii values.
-		 * Convert lower case letters to upper case.
-		 */
-#define ISASCII(c) (!((c)&0x80))
-		if ((c == ' ') || !ISASCII(c))
-			n = 1;
-		else if (islower((unsigned char)c))
-			*cp = toupper(c);
-	}
-
-	/*
-	 * Check for an old V6 2 character name.  If the second
-	 * name points to the beginning of the buffer, and is
-	 * only 2 characters long, move it to the end of the array.
-	 */
-	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
-		--argvp;
-		for (avt = &argv[1]; avt < argvp; avt++)
-			*avt = *(avt+1);
-		*argvp++ = buf;
-	}
-
-	/*
-	 * Duplicate last name, for TTYPE option, and null
-	 * terminate the array.  If we didn't find a match on
-	 * our terminal name, put that name at the beginning.
-	 */
-	cp = *(argvp-1);
-	*argvp++ = cp;
-	*argvp = 0;
-
-	if (*argv == 0) {
-		if (name)
-			*argv = name;
-		else {
-			--argvp;
-			for (avt = argv; avt < argvp; avt++)
-				*avt = *(avt+1);
-		}
-	}
-	if (*argv)
-		return(argv);
-	else
-		return(unknown);
-}
-
-static int
-is_unique(char *name, char **as, char **ae)
-{
-	char **ap;
-	int n;
-
-	n = strlen(name) + 1;
-	for (ap = as; ap < ae; ap++)
-		if (strncasecmp(*ap, name, n) == 0)
-			return(0);
-	return (1);
-}
-
-static char termbuf[1024];
-
-static int
-telnet_setupterm(const char *tname, int fd, int *errp)
-{
-#ifdef HAVE_TGETENT
-    if (tgetent(termbuf, tname) == 1) {
-	termbuf[1023] = '\0';
-	if (errp)
-	    *errp = 1;
-	return(0);
-    }
-    if (errp)
-	*errp = 0;
-    return(-1);
-#else
-    strlcpy(termbuf, tname, sizeof(termbuf));
-    if(errp) *errp = 1;
-    return 0;
-#endif
-}
-
-int resettermname = 1;
-
-static char *
-gettermname()
-{
-	char *tname;
-	static char **tnamep = 0;
-	static char **next;
-	int err;
-
-	if (resettermname) {
-		resettermname = 0;
-		if (tnamep && tnamep != unknown)
-			free(tnamep);
-		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
-				telnet_setupterm(tname, 1, &err) == 0) {
-			tnamep = mklist(termbuf, tname);
-		} else {
-			if (tname && ((int)strlen(tname) <= 40)) {
-				unknown[0] = tname;
-				strupr(tname);
-			} else
-				unknown[0] = name_unknown;
-			tnamep = unknown;
-		}
-		next = tnamep;
-	}
-	if (*next == 0)
-		next = tnamep;
-	return(*next++);
-}
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *		Terminal type, send request.
- *		Terminal speed (send request).
- *		Local flow control (is request).
- *		Linemode
- */
-
-static void
-suboption()
-{
-    unsigned char subchar;
-
-    printsub('<', subbuffer, SB_LEN()+2);
-    switch (subchar = SB_GET()) {
-    case TELOPT_TTYPE:
-	if (my_want_state_is_wont(TELOPT_TTYPE))
-	    return;
-	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
-	    return;
-	} else {
-	    char *name;
-	    unsigned char temp[50];
-	    int len;
-
-	    name = gettermname();
-	    len = strlen(name) + 4 + 2;
-	    if (len < NETROOM()) {
-		snprintf((char *)temp, sizeof(temp),
-			 "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
-			 TELQUAL_IS, name, IAC, SE);
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', &temp[2], len-2);
-	    } else {
-		ExitString("No room in buffer for terminal type.\n", 1);
-		/*NOTREACHED*/
-	    }
-	}
-	break;
-    case TELOPT_TSPEED:
-	if (my_want_state_is_wont(TELOPT_TSPEED))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    long output_speed, input_speed;
-	    unsigned char temp[50];
-	    int len;
-
-	    TerminalSpeeds(&input_speed, &output_speed);
-
-	    snprintf((char *)temp, sizeof(temp),
-		     "%c%c%c%c%u,%u%c%c", IAC, SB, TELOPT_TSPEED,
-		     TELQUAL_IS,
-		     (unsigned)output_speed,
-		     (unsigned)input_speed, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-    case TELOPT_LFLOW:
-	if (my_want_state_is_wont(TELOPT_LFLOW))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch(SB_GET()) {
-	case LFLOW_RESTART_ANY:
-	    restartany = 1;
-	    break;
-	case LFLOW_RESTART_XON:
-	    restartany = 0;
-	    break;
-	case LFLOW_ON:
-	    localflow = 1;
-	    break;
-	case LFLOW_OFF:
-	    localflow = 0;
-	    break;
-	default:
-	    return;
-	}
-	setcommandmode();
-	setconnmode(0);
-	break;
-
-    case TELOPT_LINEMODE:
-	if (my_want_state_is_wont(TELOPT_LINEMODE))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch (SB_GET()) {
-	case WILL:
-	    lm_will(subpointer, SB_LEN());
-	    break;
-	case WONT:
-	    lm_wont(subpointer, SB_LEN());
-	    break;
-	case DO:
-	    lm_do(subpointer, SB_LEN());
-	    break;
-	case DONT:
-	    lm_dont(subpointer, SB_LEN());
-	    break;
-	case LM_SLC:
-	    slc(subpointer, SB_LEN());
-	    break;
-	case LM_MODE:
-	    lm_mode(subpointer, SB_LEN(), 0);
-	    break;
-	default:
-	    break;
-	}
-	break;
-
-#ifdef	OLD_ENVIRON
-    case TELOPT_OLD_ENVIRON:
-#endif
-    case TELOPT_NEW_ENVIRON:
-	if (SB_EOF())
-	    return;
-	switch(SB_PEEK()) {
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-	    if (my_want_state_is_dont(subchar))
-		return;
-	    break;
-	case TELQUAL_SEND:
-	    if (my_want_state_is_wont(subchar)) {
-		return;
-	    }
-	    break;
-	default:
-	    return;
-	}
-	env_opt(subpointer, SB_LEN());
-	break;
-
-    case TELOPT_XDISPLOC:
-	if (my_want_state_is_wont(TELOPT_XDISPLOC))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    unsigned char temp[50], *dp;
-	    int len;
-
-	    if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
-		/*
-		 * Something happened, we no longer have a DISPLAY
-		 * variable.  So, turn off the option.
-		 */
-		send_wont(TELOPT_XDISPLOC, 1);
-		break;
-	    }
-	    snprintf((char *)temp, sizeof(temp),
-		     "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
-		     TELQUAL_IS, dp, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION: {
-		if (!autologin)
-			break;
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case TELQUAL_IS:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_is(subpointer, SB_LEN());
-			break;
-		case TELQUAL_SEND:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_send(subpointer, SB_LEN());
-			break;
-		case TELQUAL_REPLY:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_reply(subpointer, SB_LEN());
-			break;
-		case TELQUAL_NAME:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_name(subpointer, SB_LEN());
-			break;
-		}
-	}
-	break;
-#endif
-#if	defined(ENCRYPTION)
-	case TELOPT_ENCRYPT:
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case ENCRYPT_START:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_END:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_end();
-			break;
-		case ENCRYPT_SUPPORT:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_support(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQSTART:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_request_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQEND:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			/*
-			 * We can always send an REQEND so that we cannot
-			 * get stuck encrypting.  We should only get this
-			 * if we have been able to get in the correct mode
-			 * anyhow.
-			 */
-			encrypt_request_end();
-			break;
-		case ENCRYPT_IS:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_is(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REPLY:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_reply(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_ENC_KEYID:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_enc_keyid(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_DEC_KEYID:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_dec_keyid(subpointer, SB_LEN());
-			break;
-		default:
-			break;
-		}
-		break;
-#endif
-    default:
-	break;
-    }
-}
-
-static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
-
-void
-lm_will(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	str_lm[3] = DONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_will: not enough room in buffer\n");
-	break;
-    }
-}
-
-void
-lm_wont(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	/* We are always DONT, so don't respond */
-	return;
-    }
-}
-
-void
-lm_do(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	str_lm[3] = WONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_do: not enough room in buffer\n");
-	break;
-    }
-}
-
-void
-lm_dont(unsigned char *cmd, int len)
-{
-    if (len < 1) {
-/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	/* we are always WONT, so don't respond */
-	break;
-    }
-}
-
-static unsigned char str_lm_mode[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
-};
-
-void
-lm_mode(unsigned char *cmd, int len, int init)
-{
-	if (len != 1)
-		return;
-	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
-		return;
-	if (*cmd&MODE_ACK)
-		return;
-	linemode = *cmd&(MODE_MASK&~MODE_ACK);
-	str_lm_mode[4] = linemode;
-	if (!init)
-	    str_lm_mode[4] |= MODE_ACK;
-	if (NETROOM() > sizeof(str_lm_mode)) {
-	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
-	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
-	}
-/*@*/	else printf("lm_mode: not enough room in buffer\n");
-	setconnmode(0);	/* set changed mode */
-}
-
-
-
-/*
- * slc()
- * Handle special character suboption of LINEMODE.
- */
-
-struct spc {
-	cc_t val;
-	cc_t *valp;
-	char flags;	/* Current flags & level */
-	char mylevel;	/* Maximum level & flags */
-} spc_data[NSLC+1];
-
-#define SLC_IMPORT	0
-#define	SLC_EXPORT	1
-#define SLC_RVALUE	2
-static int slc_mode = SLC_EXPORT;
-
-void
-slc_init()
-{
-	struct spc *spcp;
-
-	localchars = 1;
-	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
-		spcp->val = 0;
-		spcp->valp = 0;
-		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
-	}
-
-#define	initfunc(func, flags) { \
-					spcp = &spc_data[func]; \
-					if ((spcp->valp = tcval(func))) { \
-					    spcp->val = *spcp->valp; \
-					    spcp->mylevel = SLC_VARIABLE|flags; \
-					} else { \
-					    spcp->val = 0; \
-					    spcp->mylevel = SLC_DEFAULT; \
-					} \
-				    }
-
-	initfunc(SLC_SYNCH, 0);
-	/* No BRK */
-	initfunc(SLC_AO, 0);
-	initfunc(SLC_AYT, 0);
-	/* No EOR */
-	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
-	initfunc(SLC_EOF, 0);
-	initfunc(SLC_SUSP, SLC_FLUSHIN);
-	initfunc(SLC_EC, 0);
-	initfunc(SLC_EL, 0);
-	initfunc(SLC_EW, 0);
-	initfunc(SLC_RP, 0);
-	initfunc(SLC_LNEXT, 0);
-	initfunc(SLC_XON, 0);
-	initfunc(SLC_XOFF, 0);
-	initfunc(SLC_FORW1, 0);
-	initfunc(SLC_FORW2, 0);
-	/* No FORW2 */
-
-	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
-#undef	initfunc
-
-	if (slc_mode == SLC_EXPORT)
-		slc_export();
-	else
-		slc_import(1);
-
-}
-
-void
-slcstate()
-{
-    printf("Special characters are %s values\n",
-		slc_mode == SLC_IMPORT ? "remote default" :
-		slc_mode == SLC_EXPORT ? "local" :
-					 "remote");
-}
-
-void
-slc_mode_export()
-{
-    slc_mode = SLC_EXPORT;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_export();
-}
-
-void
-slc_mode_import(int def)
-{
-    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_import(def);
-}
-
-unsigned char slc_import_val[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
-};
-unsigned char slc_import_def[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
-};
-
-void
-slc_import(int def)
-{
-    if (NETROOM() > sizeof(slc_import_val)) {
-	if (def) {
-	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
-	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
-	} else {
-	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
-	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
-	}
-    }
-/*@*/ else printf("slc_import: not enough room\n");
-}
-
-void
-slc_export()
-{
-    struct spc *spcp;
-
-    TerminalDefaultChars();
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->mylevel != SLC_NOSUPPORT) {
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    if (spcp->valp)
-		spcp->val = *spcp->valp;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    slc_update();
-    setconnmode(1);	/* Make sure the character values are set */
-}
-
-void
-slc(unsigned char *cp, int len)
-{
-	struct spc *spcp;
-	int func,level;
-
-	slc_start_reply();
-
-	for (; len >= 3; len -=3, cp +=3) {
-
-		func = cp[SLC_FUNC];
-
-		if (func == 0) {
-			/*
-			 * Client side: always ignore 0 function.
-			 */
-			continue;
-		}
-		if (func > NSLC) {
-			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
-				slc_add_reply(func, SLC_NOSUPPORT, 0);
-			continue;
-		}
-
-		spcp = &spc_data[func];
-
-		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
-
-		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
-		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
-			continue;
-		}
-
-		if (level == (SLC_DEFAULT|SLC_ACK)) {
-			/*
-			 * This is an error condition, the SLC_ACK
-			 * bit should never be set for the SLC_DEFAULT
-			 * level.  Our best guess to recover is to
-			 * ignore the SLC_ACK bit.
-			 */
-			cp[SLC_FLAGS] &= ~SLC_ACK;
-		}
-
-		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
-			spcp->val = (cc_t)cp[SLC_VALUE];
-			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
-			continue;
-		}
-
-		level &= ~SLC_ACK;
-
-		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
-			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
-			spcp->val = (cc_t)cp[SLC_VALUE];
-		}
-		if (level == SLC_DEFAULT) {
-			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
-				spcp->flags = spcp->mylevel;
-			else
-				spcp->flags = SLC_NOSUPPORT;
-		}
-		slc_add_reply(func, spcp->flags, spcp->val);
-	}
-	slc_end_reply();
-	if (slc_update())
-		setconnmode(1);	/* set the  new character values */
-}
-
-void
-slc_check()
-{
-    struct spc *spcp;
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->valp && spcp->val != *spcp->valp) {
-	    spcp->val = *spcp->valp;
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    setconnmode(1);
-}
-
-
-unsigned char slc_reply[128];
-unsigned char *slc_replyp;
-
-void
-slc_start_reply()
-{
-	slc_replyp = slc_reply;
-	*slc_replyp++ = IAC;
-	*slc_replyp++ = SB;
-	*slc_replyp++ = TELOPT_LINEMODE;
-	*slc_replyp++ = LM_SLC;
-}
-
-void
-slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
-{
-	if ((*slc_replyp++ = func) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = flags) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = (unsigned char)value) == IAC)
-		*slc_replyp++ = IAC;
-}
-
-void
-slc_end_reply()
-{
-    int len;
-
-    *slc_replyp++ = IAC;
-    *slc_replyp++ = SE;
-    len = slc_replyp - slc_reply;
-    if (len <= 6)
-	return;
-    if (NETROOM() > len) {
-	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
-	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
-    }
-/*@*/else printf("slc_end_reply: not enough room\n");
-}
-
-int
-slc_update()
-{
-	struct spc *spcp;
-	int need_update = 0;
-
-	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-		if (!(spcp->flags&SLC_ACK))
-			continue;
-		spcp->flags &= ~SLC_ACK;
-		if (spcp->valp && (*spcp->valp != spcp->val)) {
-			*spcp->valp = spcp->val;
-			need_update = 1;
-		}
-	}
-	return(need_update);
-}
-
-#ifdef	OLD_ENVIRON
-#  define old_env_var OLD_ENV_VAR
-#  define old_env_value OLD_ENV_VALUE
-#endif
-
-void
-env_opt(unsigned char *buf, int len)
-{
-	unsigned char *ep = 0, *epc = 0;
-	int i;
-
-	switch(buf[0]&0xff) {
-	case TELQUAL_SEND:
-		env_opt_start();
-		if (len == 1) {
-			env_opt_add(NULL);
-		} else for (i = 1; i < len; i++) {
-			switch (buf[i]&0xff) {
-#ifdef	OLD_ENVIRON
-			case OLD_ENV_VAR:
-			case OLD_ENV_VALUE:
-				/*
-				 * Although OLD_ENV_VALUE is not legal, we will
-				 * still recognize it, just in case it is an
-				 * old server that has VAR & VALUE mixed up...
-				 */
-				/* FALL THROUGH */
-#else
-			case NEW_ENV_VAR:
-#endif
-			case ENV_USERVAR:
-				if (ep) {
-					*epc = 0;
-					env_opt_add(ep);
-				}
-				ep = epc = &buf[i+1];
-				break;
-			case ENV_ESC:
-				i++;
-				/*FALL THROUGH*/
-			default:
-				if (epc)
-					*epc++ = buf[i];
-				break;
-			}
-		}
-		if (ep) {
-			*epc = 0;
-			env_opt_add(ep);
-		}
-		env_opt_end(1);
-		break;
-
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-		/* Ignore for now.  We shouldn't get it anyway. */
-		break;
-
-	default:
-		break;
-	}
-}
-
-#define	OPT_REPLY_SIZE	256
-unsigned char *opt_reply;
-unsigned char *opt_replyp;
-unsigned char *opt_replyend;
-
-void
-env_opt_start()
-{
-	if (opt_reply) {
-		void *tmp = realloc (opt_reply, OPT_REPLY_SIZE);
-		if (tmp != NULL) {
-			opt_reply = tmp;
-		} else {
-			free (opt_reply);
-			opt_reply = NULL;
-		}
-	} else
-		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
-	if (opt_reply == NULL) {
-/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
-		opt_reply = opt_replyp = opt_replyend = NULL;
-		return;
-	}
-	opt_replyp = opt_reply;
-	opt_replyend = opt_reply + OPT_REPLY_SIZE;
-	*opt_replyp++ = IAC;
-	*opt_replyp++ = SB;
-	*opt_replyp++ = telopt_environ;
-	*opt_replyp++ = TELQUAL_IS;
-}
-
-void
-env_opt_start_info()
-{
-	env_opt_start();
-	if (opt_replyp)
-	    opt_replyp[-1] = TELQUAL_INFO;
-}
-
-void
-env_opt_add(unsigned char *ep)
-{
-	unsigned char *vp, c;
-
-	if (opt_reply == NULL)		/*XXX*/
-		return;			/*XXX*/
-
-	if (ep == NULL || *ep == '\0') {
-		/* Send user defined variables first. */
-		env_default(1, 0);
-		while ((ep = env_default(0, 0)))
-			env_opt_add(ep);
-
-		/* Now add the list of well know variables.  */
-		env_default(1, 1);
-		while ((ep = env_default(0, 1)))
-			env_opt_add(ep);
-		return;
-	}
-	vp = env_getvalue(ep);
-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
-				strlen((char *)ep) + 6 > opt_replyend)
-	{
-		int len;
-		void *tmp;
-		opt_replyend += OPT_REPLY_SIZE;
-		len = opt_replyend - opt_reply;
-		tmp = realloc(opt_reply, len);
-		if (tmp == NULL) {
-/*@*/			printf("env_opt_add: realloc() failed!!!\n");
-			opt_reply = opt_replyp = opt_replyend = NULL;
-			return;
-		}
-		opt_reply = tmp;
-		opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
-		opt_replyend = opt_reply + len;
-	}
-	if (opt_welldefined((char *)ep)) {
-#ifdef	OLD_ENVIRON
-		if (telopt_environ == TELOPT_OLD_ENVIRON)
-			*opt_replyp++ = old_env_var;
-		else
-#endif
-			*opt_replyp++ = NEW_ENV_VAR;
-	} else
-		*opt_replyp++ = ENV_USERVAR;
-	for (;;) {
-		while ((c = *ep++)) {
-			switch(c&0xff) {
-			case IAC:
-				*opt_replyp++ = IAC;
-				break;
-			case NEW_ENV_VAR:
-			case NEW_ENV_VALUE:
-			case ENV_ESC:
-			case ENV_USERVAR:
-				*opt_replyp++ = ENV_ESC;
-				break;
-			}
-			*opt_replyp++ = c;
-		}
-		if ((ep = vp)) {
-#ifdef	OLD_ENVIRON
-			if (telopt_environ == TELOPT_OLD_ENVIRON)
-				*opt_replyp++ = old_env_value;
-			else
-#endif
-				*opt_replyp++ = NEW_ENV_VALUE;
-			vp = NULL;
-		} else
-			break;
-	}
-}
-
-int
-opt_welldefined(char *ep)
-{
-	if ((strcmp(ep, "USER") == 0) ||
-	    (strcmp(ep, "DISPLAY") == 0) ||
-	    (strcmp(ep, "PRINTER") == 0) ||
-	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
-	    (strcmp(ep, "JOB") == 0) ||
-	    (strcmp(ep, "ACCT") == 0))
-		return(1);
-	return(0);
-}
-
-void
-env_opt_end(int emptyok)
-{
-	int len;
-
-	len = opt_replyp - opt_reply + 2;
-	if (emptyok || len > 6) {
-		*opt_replyp++ = IAC;
-		*opt_replyp++ = SE;
-		if (NETROOM() > len) {
-			ring_supply_data(&netoring, opt_reply, len);
-			printsub('>', &opt_reply[2], len - 2);
-		}
-/*@*/		else printf("slc_end_reply: not enough room\n");
-	}
-	if (opt_reply) {
-		free(opt_reply);
-		opt_reply = opt_replyp = opt_replyend = NULL;
-	}
-}
-
-
-
-int
-telrcv(void)
-{
-    int c;
-    int scc;
-    unsigned char *sbp = NULL;
-    int count;
-    int returnValue = 0;
-
-    scc = 0;
-    count = 0;
-    while (TTYROOM() > 2) {
-	if (scc == 0) {
-	    if (count) {
-		ring_consumed(&netiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    sbp = netiring.consume;
-	    scc = ring_full_consecutive(&netiring);
-	    if (scc == 0) {
-		/* No more data coming in */
-		break;
-	    }
-	}
-
-	c = *sbp++ & 0xff, scc--; count++;
-#if	defined(ENCRYPTION)
-	if (decrypt_input)
-		c = (*decrypt_input)(c);
-#endif
-
-	switch (telrcv_state) {
-
-	case TS_CR:
-	    telrcv_state = TS_DATA;
-	    if (c == '\0') {
-		break;	/* Ignore \0 after CR */
-	    }
-	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
-		TTYADD(c);
-		break;
-	    }
-	    /* Else, fall through */
-
-	case TS_DATA:
-	    if (c == IAC) {
-		telrcv_state = TS_IAC;
-		break;
-	    }
-		    /* 
-		     * The 'crmod' hack (see following) is needed
-		     * since we can't set CRMOD on output only.
-		     * Machines like MULTICS like to send \r without
-		     * \n; since we must turn off CRMOD to get proper
-		     * input, the mapping is done here (sigh).
-		     */
-	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
-		if (scc > 0) {
-		    c = *sbp&0xff;
-#if	defined(ENCRYPTION)
-		    if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif
-		    if (c == 0) {
-			sbp++, scc--; count++;
-			/* a "true" CR */
-			TTYADD('\r');
-		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
-					(c == '\n')) {
-			sbp++, scc--; count++;
-			TTYADD('\n');
-		    } else {
-#if	defined(ENCRYPTION)
-		        if (decrypt_input)
-			    (*decrypt_input)(-1);
-#endif
-
-			TTYADD('\r');
-			if (crmod) {
-				TTYADD('\n');
-			}
-		    }
-		} else {
-		    telrcv_state = TS_CR;
-		    TTYADD('\r');
-		    if (crmod) {
-			    TTYADD('\n');
-		    }
-		}
-	    } else {
-		TTYADD(c);
-	    }
-	    continue;
-
-	case TS_IAC:
-process_iac:
-	    switch (c) {
-
-	    case WILL:
-		telrcv_state = TS_WILL;
-		continue;
-
-	    case WONT:
-		telrcv_state = TS_WONT;
-		continue;
-
-	    case DO:
-		telrcv_state = TS_DO;
-		continue;
-
-	    case DONT:
-		telrcv_state = TS_DONT;
-		continue;
-
-	    case DM:
-		    /*
-		     * We may have missed an urgent notification,
-		     * so make sure we flush whatever is in the
-		     * buffer currently.
-		     */
-		printoption("RCVD", IAC, DM);
-		SYNCHing = 1;
-		ttyflush(1);
-		SYNCHing = stilloob();
-		settimer(gotDM);
-		break;
-
-	    case SB:
-		SB_CLEAR();
-		telrcv_state = TS_SB;
-		continue;
-
-
-	    case IAC:
-		TTYADD(IAC);
-		break;
-
-	    case NOP:
-	    case GA:
-	    default:
-		printoption("RCVD", IAC, c);
-		break;
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WILL:
-	    printoption("RCVD", WILL, c);
-	    willoption(c);
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WONT:
-	    printoption("RCVD", WONT, c);
-	    wontoption(c);
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DO:
-	    printoption("RCVD", DO, c);
-	    dooption(c);
-	    if (c == TELOPT_NAWS) {
-		sendnaws();
-	    } else if (c == TELOPT_LFLOW) {
-		localflow = 1;
-		setcommandmode();
-		setconnmode(0);
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DONT:
-	    printoption("RCVD", DONT, c);
-	    dontoption(c);
-	    flushline = 1;
-	    setconnmode(0);	/* set new tty mode (maybe) */
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_SB:
-	    if (c == IAC) {
-		telrcv_state = TS_SE;
-	    } else {
-		SB_ACCUM(c);
-	    }
-	    continue;
-
-	case TS_SE:
-	    if (c != SE) {
-		if (c != IAC) {
-		    /*
-		     * This is an error.  We only expect to get
-		     * "IAC IAC" or "IAC SE".  Several things may
-		     * have happend.  An IAC was not doubled, the
-		     * IAC SE was left off, or another option got
-		     * inserted into the suboption are all possibilities.
-		     * If we assume that the IAC was not doubled,
-		     * and really the IAC SE was left off, we could
-		     * get into an infinate loop here.  So, instead,
-		     * we terminate the suboption, and process the
-		     * partial suboption if we can.
-		     */
-		    SB_ACCUM(IAC);
-		    SB_ACCUM(c);
-		    subpointer -= 2;
-		    SB_TERM();
-
-		    printoption("In SUBOPTION processing, RCVD", IAC, c);
-		    suboption();	/* handle sub-option */
-		    telrcv_state = TS_IAC;
-		    goto process_iac;
-		}
-		SB_ACCUM(c);
-		telrcv_state = TS_SB;
-	    } else {
-		SB_ACCUM(IAC);
-		SB_ACCUM(SE);
-		subpointer -= 2;
-		SB_TERM();
-		suboption();	/* handle sub-option */
-		telrcv_state = TS_DATA;
-	    }
-	}
-    }
-    if (count)
-	ring_consumed(&netiring, count);
-    return returnValue||count;
-}
-
-static int bol = 1, local = 0;
-
-int
-rlogin_susp(void)
-{
-    if (local) {
-	local = 0;
-	bol = 1;
-	command(0, "z\n", 2);
-	return(1);
-    }
-    return(0);
-}
-
-static int
-telsnd()
-{
-    int tcc;
-    int count;
-    int returnValue = 0;
-    unsigned char *tbp = NULL;
-
-    tcc = 0;
-    count = 0;
-    while (NETROOM() > 2) {
-	int sc;
-	int c;
-
-	if (tcc == 0) {
-	    if (count) {
-		ring_consumed(&ttyiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    tbp = ttyiring.consume;
-	    tcc = ring_full_consecutive(&ttyiring);
-	    if (tcc == 0) {
-		break;
-	    }
-	}
-	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
-	if (rlogin != _POSIX_VDISABLE) {
-		if (bol) {
-			bol = 0;
-			if (sc == rlogin) {
-				local = 1;
-				continue;
-			}
-		} else if (local) {
-			local = 0;
-			if (sc == '.' || c == termEofChar) {
-				bol = 1;
-				command(0, "close\n", 6);
-				continue;
-			}
-			if (sc == termSuspChar) {
-				bol = 1;
-				command(0, "z\n", 2);
-				continue;
-			}
-			if (sc == escape) {
-				command(0, (char *)tbp, tcc);
-				bol = 1;
-				count += tcc;
-				tcc = 0;
-				flushline = 1;
-				break;
-			}
-			if (sc != rlogin) {
-				++tcc;
-				--tbp;
-				--count;
-				c = sc = rlogin;
-			}
-		}
-		if ((sc == '\n') || (sc == '\r'))
-			bol = 1;
-	} else if (sc == escape) {
-	    /*
-	     * Double escape is a pass through of a single escape character.
-	     */
-	    if (tcc && strip(*tbp) == escape) {
-		tbp++;
-		tcc--;
-		count++;
-		bol = 0;
-	    } else {
-		command(0, (char *)tbp, tcc);
-		bol = 1;
-		count += tcc;
-		tcc = 0;
-		flushline = 1;
-		break;
-	    }
-	} else
-	    bol = 0;
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
-	    if (tcc > 0 && strip(*tbp) == echoc) {
-		tcc--; tbp++; count++;
-	    } else {
-		dontlecho = !dontlecho;
-		settimer(echotoggle);
-		setconnmode(0);
-		flushline = 1;
-		break;
-	    }
-	}
-#endif
-	if (MODE_LOCAL_CHARS(globalmode)) {
-	    if (TerminalSpecialChars(sc) == 0) {
-		bol = 1;
-		break;
-	    }
-	}
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    switch (c) {
-	    case '\n':
-		    /*
-		     * If we are in CRMOD mode (\r ==> \n)
-		     * on our local machine, then probably
-		     * a newline (unix) is CRLF (TELNET).
-		     */
-		if (MODE_LOCAL_CHARS(globalmode)) {
-		    NETADD('\r');
-		}
-		NETADD('\n');
-		bol = flushline = 1;
-		break;
-	    case '\r':
-		if (!crlf) {
-		    NET2ADD('\r', '\0');
-		} else {
-		    NET2ADD('\r', '\n');
-		}
-		bol = flushline = 1;
-		break;
-	    case IAC:
-		NET2ADD(IAC, IAC);
-		break;
-	    default:
-		NETADD(c);
-		break;
-	    }
-	} else if (c == IAC) {
-	    NET2ADD(IAC, IAC);
-	} else {
-	    NETADD(c);
-	}
-    }
-    if (count)
-	ring_consumed(&ttyiring, count);
-    return returnValue||count;		/* Non-zero if we did anything */
-}
-
-/*
- * Scheduler()
- *
- * Try to do something.
- *
- * If we do something useful, return 1; else return 0.
- *
- */
-
-
-    int
-Scheduler(int block) /* should we block in the select ? */
-{
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue;
-    int netin, netout, netex, ttyin, ttyout;
-
-    /* Decide which rings should be processed */
-
-    netout = ring_full_count(&netoring) &&
-	    (flushline ||
-		(my_want_state_is_wont(TELOPT_LINEMODE)
-#ifdef	KLUDGELINEMODE
-			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
-#endif
-		) ||
-			my_want_state_is_will(TELOPT_BINARY));
-    ttyout = ring_full_count(&ttyoring);
-
-    ttyin = ring_empty_count(&ttyiring);
-
-    netin = !ISend && ring_empty_count(&netiring);
-
-    netex = !SYNCHing;
-
-    /* If we have seen a signal recently, reset things */
-
-    if (scheduler_lockout_tty) {
-        ttyin = ttyout = 0;
-    }
-
-    /* Call to system code to process rings */
-
-    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
-
-    /* Now, look at the input rings, looking for work to do. */
-
-    if (ring_full_count(&ttyiring)) {
-	    returnValue |= telsnd();
-    }
-
-    if (ring_full_count(&netiring)) {
-	returnValue |= telrcv();
-    }
-    return returnValue;
-}
-
-/*
- * Select from tty and network...
- */
-void
-my_telnet(char *user)
-{
-    int printed_encrypt = 0;
-    
-    sys_telnet_init();
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    {
-	static char local_host[256] = { 0 };
-
-	if (!local_host[0]) {
-		/* XXX - should be k_gethostname? */
-		gethostname(local_host, sizeof(local_host));
-		local_host[sizeof(local_host)-1] = 0;
-	}
-	auth_encrypt_init(local_host, hostname, "TELNET", 0);
-	auth_encrypt_user(user);
-    }
-#endif
-    if (telnetport) {
-#if	defined(AUTHENTICATION)
-	if (autologin)
-		send_will(TELOPT_AUTHENTICATION, 1);
-#endif
-#if	defined(ENCRYPTION)
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-#endif
-	send_do(TELOPT_SGA, 1);
-	send_will(TELOPT_TTYPE, 1);
-	send_will(TELOPT_NAWS, 1);
-	send_will(TELOPT_TSPEED, 1);
-	send_will(TELOPT_LFLOW, 1);
-	send_will(TELOPT_LINEMODE, 1);
-	send_will(TELOPT_NEW_ENVIRON, 1);
-	send_do(TELOPT_STATUS, 1);
-	if (env_getvalue((unsigned char *)"DISPLAY"))
-	    send_will(TELOPT_XDISPLOC, 1);
-	if (binary)
-	    tel_enter_binary(binary);
-    }
-
-#ifdef ENCRYPTION
-    /*
-     * Note: we assume a tie to the authentication option here.  This
-     * is necessary so that authentication fails, we don't spin
-     * forever. 
-     */
-    if (telnetport && wantencryption) {
-	extern int auth_has_failed;
-	time_t timeout = time(0) + 60;
-
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-	while (1) {
-	    if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) {
-		if (wantencryption == -1) {
-		    break;
-		} else {
-		    printf("\nServer refused to negotiate authentication,\n");
-		    printf("which is required for encryption.\n");
-		    Exit(1);
-		}
-	    }
-	    if (auth_has_failed) {
-		printf("\nAuthentication negotation has failed,\n");
-		printf("which is required for encryption.\n");
-		Exit(1);
-	    }
-	    if (my_want_state_is_dont(TELOPT_ENCRYPT) ||
-		my_want_state_is_wont(TELOPT_ENCRYPT)) {
-		printf("\nServer refused to negotiate encryption.\n");
-		Exit(1);
-	    }
-	    if (encrypt_is_encrypting())
-		break;
-	    if (time(0) > timeout) {
-		printf("\nEncryption could not be enabled.\n");
-		Exit(1);
-	    }
-	    if (printed_encrypt == 0) {
-		    printed_encrypt = 1;
-		    printf("Waiting for encryption to be negotiated...\n");
-		    /*
-		     * Turn on MODE_TRAPSIG and then turn off localchars 
-		     * so that ^C will cause telnet to exit.
-		     */
-		    TerminalNewMode(getconnmode()|MODE_TRAPSIG);
-		    intr_waiting = 1;
-	    }
-	    if (intr_happened) {
-		    printf("\nUser interrupt.\n");
-		    Exit(1);
-	    }
-	    telnet_spin();
-	}
-	if (printed_encrypt) {
-		printf("Encryption negotiated.\n");
-		intr_waiting = 0;
-		setconnmode(0);
-	}
-    }
-#endif
-
-    for (;;) {
-	int schedValue;
-
-	while ((schedValue = Scheduler(0)) != 0) {
-	    if (schedValue == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-
-	if (Scheduler(1) == -1) {
-	    setcommandmode();
-	    return;
-	}
-    }
-}
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-
-static void
-netclear()
-{
-#if	0	/* XXX */
-    char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-    thisitem = netobuf;
-
-    while ((next = nextitem(thisitem)) <= netobuf.send) {
-	thisitem = next;
-    }
-
-    /* Now, thisitem is first before/at boundary. */
-
-    good = netobuf;	/* where the good bytes go */
-
-    while (netoring.add > thisitem) {
-	if (wewant(thisitem)) {
-	    int length;
-
-	    next = thisitem;
-	    do {
-		next = nextitem(next);
-	    } while (wewant(next) && (nfrontp > next));
-	    length = next-thisitem;
-	    memmove(good, thisitem, length);
-	    good += length;
-	    thisitem = next;
-	} else {
-	    thisitem = nextitem(thisitem);
-	}
-    }
-
-#endif	/* 0 */
-}
-
-/*
- * These routines add various telnet commands to the data stream.
- */
-
-static void
-doflush()
-{
-    NET2ADD(IAC, DO);
-    NETADD(TELOPT_TM);
-    flushline = 1;
-    flushout = 1;
-    ttyflush(1);			/* Flush/drop output */
-    /* do printoption AFTER flush, otherwise the output gets tossed... */
-    printoption("SENT", DO, TELOPT_TM);
-}
-
-void
-xmitAO(void)
-{
-    NET2ADD(IAC, AO);
-    printoption("SENT", IAC, AO);
-    if (autoflush) {
-	doflush();
-    }
-}
-
-
-void
-xmitEL(void)
-{
-    NET2ADD(IAC, EL);
-    printoption("SENT", IAC, EL);
-}
-
-void
-xmitEC(void)
-{
-    NET2ADD(IAC, EC);
-    printoption("SENT", IAC, EC);
-}
-
-
-int
-dosynch()
-{
-    netclear();			/* clear the path to the network */
-    NETADD(IAC);
-    setneturg();
-    NETADD(DM);
-    printoption("SENT", IAC, DM);
-    return 1;
-}
-
-int want_status_response = 0;
-
-int
-get_status()
-{
-    unsigned char tmp[16];
-    unsigned char *cp;
-
-    if (my_want_state_is_dont(TELOPT_STATUS)) {
-	printf("Remote side does not support STATUS option\n");
-	return 0;
-    }
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_STATUS;
-    *cp++ = TELQUAL_SEND;
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-    ++want_status_response;
-    return 1;
-}
-
-void
-intp(void)
-{
-    NET2ADD(IAC, IP);
-    printoption("SENT", IAC, IP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendbrk(void)
-{
-    NET2ADD(IAC, BREAK);
-    printoption("SENT", IAC, BREAK);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendabort(void)
-{
-    NET2ADD(IAC, ABORT);
-    printoption("SENT", IAC, ABORT);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendsusp(void)
-{
-    NET2ADD(IAC, SUSP);
-    printoption("SENT", IAC, SUSP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch();
-    }
-}
-
-void
-sendeof(void)
-{
-    NET2ADD(IAC, xEOF);
-    printoption("SENT", IAC, xEOF);
-}
-
-void
-sendayt(void)
-{
-    NET2ADD(IAC, AYT);
-    printoption("SENT", IAC, AYT);
-}
-
-/*
- * Send a window size update to the remote system.
- */
-
-void
-sendnaws()
-{
-    long rows, cols;
-    unsigned char tmp[16];
-    unsigned char *cp;
-
-    if (my_state_is_wont(TELOPT_NAWS))
-	return;
-
-#undef PUTSHORT
-#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
-			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
-
-    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
-	return;
-    }
-
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_NAWS;
-    PUTSHORT(cp, cols);
-    PUTSHORT(cp, rows);
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-}
-
-void
-tel_enter_binary(int rw)
-{
-    if (rw&1)
-	send_do(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_will(TELOPT_BINARY, 1);
-}
-
-void
-tel_leave_binary(int rw)
-{
-    if (rw&1)
-	send_dont(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_wont(TELOPT_BINARY, 1);
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.cat1 b/crypto/heimdal/appl/telnet/telnet/telnet.cat1
deleted file mode 100644
index 5bf4a649f97b..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet.cat1
+++ /dev/null
@@ -1,714 +0,0 @@
-TELNET(1)                   NetBSD Reference Manual                  TELNET(1)
-
-NNAAMMEE
-     tteellnneett - user interface to the TELNET protocol
-
-SSYYNNOOPPSSIISS
-     tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m]
-            [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]]
-
-DDEESSCCRRIIPPTTIIOONN
-     The tteellnneett command is used to communicate with another host using the
-     TELNET protocol.  If tteellnneett is invoked without the _h_o_s_t argument, it en-
-     ters command mode, indicated by its prompt (tteellnneett>>).  In this mode, it
-     accepts and executes the commands listed below.  If it is invoked with
-     arguments, it performs an ooppeenn command with those arguments.
-
-     Options:
-
-     --88      Specifies an 8-bit data path.  This causes an attempt to negoti-
-             ate the TELNET BINARY option on both input and output.
-
-     --77      Do not try to negotiate TELNET BINARY option.
-
-     --EE      Stops any character from being recognized as an escape character.
-
-     --FF      If Kerberos V5 authentication is being used, the --FF option allows
-             the local credentials to be forwarded to the remote system, in-
-             cluding any credentials that have already been forwarded into the
-             local environment.
-
-     --KK      Specifies no automatic login to the remote system.
-
-     --LL      Specifies an 8-bit data path on output.  This causes the BINARY
-             option to be negotiated on output.
-
-     --SS _t_o_s  Sets the IP type-of-service (TOS) option for the telnet connec-
-             tion to the value _t_o_s, which can be a numeric TOS value or, on
-             systems that support it, a symbolic TOS name found in the
-             /etc/iptos file.
-
-     --XX _a_t_y_p_e
-             Disables the _a_t_y_p_e type of authentication.
-
-     --aa      Attempt automatic login.  Currently, this sends the user name via
-             the USER variable of the ENVIRON option if supported by the re-
-             mote system.  The name used is that of the current user as re-
-             turned by getlogin(2) if it agrees with the current user ID, oth-
-             erwise it is the name associated with the user ID.
-
-     --cc      Disables the reading of the user's _._t_e_l_n_e_t_r_c file.  (See the
-             ttooggggllee sskkiipprrcc command on this man page.)
-
-     --dd      Sets the initial value of the ddeebbuugg toggle to TRUE
-
-     --ee _e_s_c_a_p_e _c_h_a_r
-             Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r.
-             If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac-
-             ter.
-
-     --ff      If Kerberos V5 authentication is being used, the --ff option allows
-             the local credentials to be forwarded to the remote system.
-
-     --kk _r_e_a_l_m
-             If Kerberos authentication is being used, the --kk option requests
-             that telnet obtain tickets for the remote host in realm realm in-
-             stead of the remote host's realm, as determined by
-             krb_realmofhost(3).
-
-     --ll _u_s_e_r
-             When connecting to the remote system, if the remote system under-
-             stands the ENVIRON option, then _u_s_e_r will be sent to the remote
-             system as the value for the variable USER.  This option implies
-             the --aa option.  This option may also be used with the ooppeenn com-
-             mand.
-
-     --nn _t_r_a_c_e_f_i_l_e
-             Opens _t_r_a_c_e_f_i_l_e for recording trace information.  See the sseett
-             ttrraacceeffiillee command below.
-
-     --rr      Specifies a user interface similar to rlogin(1).  In this mode,
-             the escape character is set to the tilde (~) character, unless
-             modified by the -e option.
-
-     --xx      Turn on encryption of the data stream.  When this option is
-             turned on, will exit with an error if authentication cannot be
-             negotiated or if encryption cannot be turned on.
-
-     _h_o_s_t    Indicates the official name, an alias, or the Internet address of
-             a remote host.
-
-     _p_o_r_t    Indicates a port number (address of an application).  If a number
-             is not specified, the default tteellnneett port is used.
-
-     When in rlogin mode, a line of the form ~.  disconnects from the remote
-     host; ~ is the telnet escape character.  Similarly, the line ~^Z suspends
-     the telnet session.  The line ~^] escapes to the normal telnet escape
-     prompt.
-
-     Once a connection has been opened, tteellnneett will attempt to enable the
-     TELNET LINEMODE option.  If this fails, then tteellnneett will revert to one of
-     two input modes: either ``character at a time'' or ``old line by line''
-     depending on what the remote system supports.
-
-     When LINEMODE is enabled, character processing is done on the local sys-
-     tem, under the control of the remote system.  When input editing or char-
-     acter echoing is to be disabled, the remote system will relay that infor-
-     mation.  The remote system will also relay changes to any special charac-
-     ters that happen on the remote system, so that they can take effect on
-     the local system.
-
-     In ``character at a time'' mode, most text typed is immediately sent to
-     the remote host for processing.
-
-     In ``old line by line'' mode, all text is echoed locally, and (normally)
-     only completed lines are sent to the remote host.  The ``local echo char-
-     acter'' (initially ``^E'') may be used to turn off and on the local echo
-     (this would mostly be used to enter passwords without the password being
-     echoed).
-
-     If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE
-     (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr,
-     and fflluusshh characters are trapped locally, and sent as TELNET protocol se-
-     quences to the remote side.  If LINEMODE has ever been enabled, then the
-     user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt
-     is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee
-     aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush
-     subsequent output to the terminal (until the remote host acknowledges the
-     TELNET sequence) and flush previous terminal input (in the case of qquuiitt
-     and iinnttrr).
-
-     While connected to a remote host, tteellnneett command mode may be entered by
-     typing the tteellnneett ``escape character'' (initially ``^]'').  When in com-
-     mand mode, the normal terminal editing conventions are available.
-
-     The following tteellnneett commands are available.  Only enough of each command
-     to uniquely identify it need be typed (this is also true for arguments to
-     the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands).
-
-     aauutthh _a_r_g_u_m_e_n_t _._._.
-                The auth command manipulates the information sent through the
-                TELNET AUTHENTICATE option.  Valid arguments for the auth com-
-                mand are as follows:
-
-                ddiissaabbllee _t_y_p_e  Disables the specified type of authentication.
-                              To obtain a list of available types, use the
-                              aauutthh ddiissaabbllee ?? command.
-
-                eennaabbllee _t_y_p_e   Enables the specified type of authentication.
-                              To obtain a list of available types, use the
-                              aauutthh eennaabbllee ?? command.
-
-                ssttaattuuss        Lists the current status of the various types of
-                              authentication.
-
-     cclloossee      Close a TELNET session and return to command mode.
-
-     ddiissppllaayy _a_r_g_u_m_e_n_t _._._.
-                Displays all, or some, of the sseett and ttooggggllee values (see be-
-                low).
-
-     eennccrryypptt _a_r_g_u_m_e_n_t _._._.
-                The encrypt command manipulates the information sent through
-                the TELNET ENCRYPT option.
-
-                Note:  Because of export controls, the TELNET ENCRYPT option
-                is not supported outside of the United States and Canada.
-
-                Valid arguments for the encrypt command are as follows:
-
-                ddiissaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
-                              Disables the specified type of encryption.  If
-                              you omit the input and output, both input and
-                              output are disabled.  To obtain a list of avail-
-                              able types, use the eennccrryypptt ddiissaabbllee ?? command.
-
-                eennaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
-                              Enables the specified type of encryption.  If
-                              you omit input and output, both input and output
-                              are enabled.  To obtain a list of available
-                              types, use the eennccrryypptt eennaabbllee ?? command.
-
-                iinnppuutt         This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com-
-                              mand.
-
-                --iinnppuutt        This is the same as the eennccrryypptt ssttoopp iinnppuutt com-
-                              mand.
-
-                oouuttppuutt        This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt
-                              command.
-
-                --oouuttppuutt       This is the same as the eennccrryypptt ssttoopp oouuttppuutt com-
-                              mand.
-
-                ssttaarrtt [iinnppuutt | oouuttppuutt]
-                              Attempts to start encryption.  If you omit iinnppuutt
-                              and oouuttppuutt, both input and output are enabled.
-                              To obtain a list of available types, use the
-                              eennccrryypptt eennaabbllee ?? command.
-
-                ssttaattuuss        Lists the current status of encryption.
-
-                ssttoopp [iinnppuutt | oouuttppuutt]
-                              Stops encryption.  If you omit input and output,
-                              encryption is on both input and output.
-
-                ttyyppee _t_y_p_e     Sets the default type of encryption to be used
-                              with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com-
-                              mands.
-
-     eennvviirroonn _a_r_g_u_m_e_n_t_s _._._.
-                The eennvviirroonn command is used to manipulate the the variables
-                that my be sent through the TELNET ENVIRON option.  The ini-
-                tial set of variables is taken from the users environment,
-                with only the DISPLAY and PRINTER variables being exported by
-                default.  The USER variable is also exported if the --aa or --ll
-                options are used.
-
-                Valid arguments for the eennvviirroonn command are:
-
-                ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e
-                            Define the variable _v_a_r_i_a_b_l_e to have a value of
-                            _v_a_l_u_e.  Any variables defined by this command are
-                            automatically exported.  The _v_a_l_u_e may be enclosed
-                            in single or double quotes so that tabs and spaces
-                            may be included.
-
-                uunnddeeffiinnee _v_a_r_i_a_b_l_e
-                            Remove _v_a_r_i_a_b_l_e from the list of environment vari-
-                            ables.
-
-                eexxppoorrtt _v_a_r_i_a_b_l_e
-                            Mark the variable _v_a_r_i_a_b_l_e to be exported to the
-                            remote side.
-
-                uunneexxppoorrtt _v_a_r_i_a_b_l_e
-                            Mark the variable _v_a_r_i_a_b_l_e to not be exported un-
-                            less explicitly asked for by the remote side.
-
-                lliisstt        List the current set of environment variables.
-                            Those marked with a ** will be sent automatically,
-                            other variables will only be sent if explicitly
-                            requested.
-
-                ??           Prints out help information for the eennvviirroonn com-
-                            mand.
-
-     llooggoouutt     Sends the TELNET LOGOUT option to the remote side.  This com-
-                mand is similar to a cclloossee command; however, if the remote
-                side does not support the LOGOUT option, nothing happens.  If,
-                however, the remote side does support the LOGOUT option, this
-                command should cause the remote side to close the TELNET con-
-                nection.  If the remote side also supports the concept of sus-
-                pending a user's session for later reattachment, the logout
-                argument indicates that you should terminate the session imme-
-                diately.
-
-     mmooddee _t_y_p_e  _T_y_p_e is one of several options, depending on the state of the
-                TELNET session.  The remote host is asked for permission to go
-                into the requested mode.  If the remote host is capable of en-
-                tering that mode, the requested mode will be entered.
-
-                cchhaarraacctteerr     Disable the TELNET LINEMODE option, or, if the
-                              remote side does not understand the LINEMODE op-
-                              tion, then enter ``character at a time`` mode.
-
-                lliinnee          Enable the TELNET LINEMODE option, or, if the
-                              remote side does not understand the LINEMODE op-
-                              tion, then attempt to enter ``old-line-by-line``
-                              mode.
-
-                iissiigg (--iissiigg)  Attempt to enable (disable) the TRAPSIG mode of
-                              the LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                eeddiitt (--eeddiitt)  Attempt to enable (disable) the EDIT mode of the
-                              LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                ssooffttttaabbss (--ssooffttttaabbss)
-                              Attempt to enable (disable) the SOFT_TAB mode of
-                              the LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                lliitteecchhoo (--lliitteecchhoo)
-                              Attempt to enable (disable) the LIT_ECHO mode of
-                              the LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                ??             Prints out help information for the mmooddee com-
-                              mand.
-
-     ooppeenn _h_o_s_t [--ll _u_s_e_r] [[--]_p_o_r_t]
-                Open a connection to the named host.  If no port number is
-                specified, tteellnneett will attempt to contact a TELNET server at
-                the default port.  The host specification may be either a host
-                name (see hosts(5)) or an Internet address specified in the
-                ``dot notation'' (see inet(3)).  The [--ll] option may be used
-                to specify the user name to be passed to the remote system via
-                the ENVIRON option.  When connecting to a non-standard port,
-                tteellnneett omits any automatic initiation of TELNET options.  When
-                the port number is preceded by a minus sign, the initial op-
-                tion negotiation is done.  After establishing a connection,
-                the file _._t_e_l_n_e_t_r_c in the users home directory is opened.
-                Lines beginning with a # are comment lines.  Blank lines are
-                ignored.  Lines that begin without white space are the start
-                of a machine entry.  The first thing on the line is the name
-                of the machine that is being connected to.  The rest of the
-                line, and successive lines that begin with white space are as-
-                sumed to be tteellnneett commands and are processed as if they had
-                been typed in manually to the tteellnneett command prompt.
-
-     qquuiitt       Close any open TELNET session and exit tteellnneett.  An end of file
-                (in command mode) will also close a session and exit.
-
-     sseenndd _a_r_g_u_m_e_n_t_s
-                Sends one or more special character sequences to the remote
-                host.  The following are the arguments which may be specified
-                (more than one argument may be specified at a time):
-
-                aabboorrtt   Sends the TELNET ABORT (Abort processes) sequence.
-
-                aaoo      Sends the TELNET AO (Abort Output) sequence, which
-                        should cause the remote system to flush all output
-                        _f_r_o_m the remote system _t_o the user's terminal.
-
-                aayytt     Sends the TELNET AYT (Are You There) sequence, to
-                        which the remote system may or may not choose to re-
-                        spond.
-
-                bbrrkk     Sends the TELNET BRK (Break) sequence, which may have
-                        significance to the remote system.
-
-                eecc      Sends the TELNET EC (Erase Character) sequence, which
-                        should cause the remote system to erase the last char-
-                        acter entered.
-
-                eell      Sends the TELNET EL (Erase Line) sequence, which
-                        should cause the remote system to erase the line cur-
-                        rently being entered.
-
-                eeooff     Sends the TELNET EOF (End Of File) sequence.
-
-                eeoorr     Sends the TELNET EOR (End of Record) sequence.
-
-                eessccaappee  Sends the current tteellnneett escape character (initially
-                        ``^'').
-
-                ggaa      Sends the TELNET GA (Go Ahead) sequence, which likely
-                        has no significance to the remote system.
-
-                ggeettssttaattuuss
-                        If the remote side supports the TELNET STATUS command,
-                        ggeettssttaattuuss will send the subnegotiation to request that
-                        the server send its current option status.
-
-                iipp      Sends the TELNET IP (Interrupt Process) sequence,
-                        which should cause the remote system to abort the cur-
-                        rently running process.
-
-                nnoopp     Sends the TELNET NOP (No OPeration) sequence.
-
-                ssuusspp    Sends the TELNET SUSP (SUSPend process) sequence.
-
-                ssyynncchh   Sends the TELNET SYNCH sequence.  This sequence causes
-                        the remote system to discard all previously typed (but
-                        not yet read) input.  This sequence is sent as TCP ur-
-                        gent data (and may not work if the remote system is a
-                        4.2BSD system -- if it doesn't work, a lower case
-                        ``r'' may be echoed on the terminal).
-
-                ddoo _c_m_d
-
-                ddoonntt _c_m_d
-
-                wwiillll _c_m_d
-
-                wwoonntt _c_m_d
-                        Sends the TELNET DO _c_m_d sequence.  _C_m_d can be either a
-                        decimal number between 0 and 255, or a symbolic name
-                        for a specific TELNET command.  _C_m_d can also be either
-                        hheellpp or ?? to print out help information, including a
-                        list of known symbolic names.
-
-                ??       Prints out help information for the sseenndd command.
-
-     sseett _a_r_g_u_m_e_n_t _v_a_l_u_e
-
-     uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e
-                The sseett command will set any one of a number of tteellnneett vari-
-                ables to a specific value or to TRUE.  The special value ooffff
-                turns off the function associated with the variable, this is
-                equivalent to using the uunnsseett command.  The uunnsseett command will
-                disable or set to FALSE any of the specified functions.  The
-                values of variables may be interrogated with the ddiissppllaayy com-
-                mand.  The variables which may be set or unset, but not tog-
-                gled, are listed here.  In addition, any of the variables for
-                the ttooggggllee command may be explicitly set or unset using the
-                sseett and uunnsseett commands.
-
-                aayytt     If TELNET is in localchars mode, or LINEMODE is en-
-                        abled, and the status character is typed, a TELNET AYT
-                        sequence (see sseenndd aayytt preceding) is sent to the re-
-                        mote host.  The initial value for the "Are You There"
-                        character is the terminal's status character.
-
-                eecchhoo    This is the value (initially ``^E'') which, when in
-                        ``line by line'' mode, toggles between doing local
-                        echoing of entered characters (for normal processing),
-                        and suppressing echoing of entered characters (for en-
-                        tering, say, a password).
-
-                eeooff     If tteellnneett is operating in LINEMODE or ``old line by
-                        line'' mode, entering this character as the first
-                        character on a line will cause this character to be
-                        sent to the remote system.  The initial value of the
-                        eof character is taken to be the terminal's eeooff char-
-                        acter.
-
-                eerraassee   If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below), aanndd if tteellnneett is operating in ``character at a
-                        time'' mode, then when this character is typed, a
-                        TELNET EC sequence (see sseenndd eecc above) is sent to the
-                        remote system.  The initial value for the erase char-
-                        acter is taken to be the terminal's eerraassee character.
-
-                eessccaappee  This is the tteellnneett escape character (initially ``^['')
-                        which causes entry into tteellnneett command mode (when con-
-                        nected to a remote system).
-
-                fflluusshhoouuttppuutt
-                        If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below) and the fflluusshhoouuttppuutt character is typed, a
-                        TELNET AO sequence (see sseenndd aaoo above) is sent to the
-                        remote host.  The initial value for the flush charac-
-                        ter is taken to be the terminal's fflluusshh character.
-
-                ffoorrww11
-
-                ffoorrww22   If TELNET is operating in LINEMODE, these are the
-                        characters that, when typed, cause partial lines to be
-                        forwarded to the remote system.  The initial value for
-                        the forwarding characters are taken from the termi-
-                        nal's eol and eol2 characters.
-
-                iinntteerrrruupptt
-                        If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below) and the iinntteerrrruupptt character is typed, a TELNET
-                        IP sequence (see sseenndd iipp above) is sent to the remote
-                        host.  The initial value for the interrupt character
-                        is taken to be the terminal's iinnttrr character.
-
-                kkiillll    If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below), aanndd if tteellnneett is operating in ``character at a
-                        time'' mode, then when this character is typed, a
-                        TELNET EL sequence (see sseenndd eell above) is sent to the
-                        remote system.  The initial value for the kill charac-
-                        ter is taken to be the terminal's kkiillll character.
-
-                llnneexxtt   If tteellnneett is operating in LINEMODE or ``old line by
-                        line`` mode, then this character is taken to be the
-                        terminal's llnneexxtt character.  The initial value for the
-                        lnext character is taken to be the terminal's llnneexxtt
-                        character.
-
-                qquuiitt    If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below) and the qquuiitt character is typed, a TELNET BRK
-                        sequence (see sseenndd bbrrkk above) is sent to the remote
-                        host.  The initial value for the quit character is
-                        taken to be the terminal's qquuiitt character.
-
-                rreepprriinntt
-                        If tteellnneett is operating in LINEMODE or ``old line by
-                        line`` mode, then this character is taken to be the
-                        terminal's rreepprriinntt character.  The initial value for
-                        the reprint character is taken to be the terminal's
-                        rreepprriinntt character.
-
-                rrllooggiinn  This is the rlogin escape character.  If set, the nor-
-                        mal TELNET escape character is ignored unless it is
-                        preceded by this character at the beginning of a line.
-                        This character, at the beginning of a line followed by
-                        a "."  closes the connection; when followed by a ^Z it
-                        suspends the telnet command.  The initial state is to
-                        disable the rlogin escape character.
-
-                ssttaarrtt   If the TELNET TOGGLE-FLOW-CONTROL option has been en-
-                        abled, then this character is taken to be the termi-
-                        nal's ssttaarrtt character.  The initial value for the kill
-                        character is taken to be the terminal's ssttaarrtt charac-
-                        ter.
-
-                ssttoopp    If the TELNET TOGGLE-FLOW-CONTROL option has been en-
-                        abled, then this character is taken to be the termi-
-                        nal's ssttoopp character.  The initial value for the kill
-                        character is taken to be the terminal's ssttoopp charac-
-                        ter.
-
-                ssuusspp    If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en-
-                        abled, and the ssuussppeenndd character is typed, a TELNET
-                        SUSP sequence (see sseenndd ssuusspp above) is sent to the re-
-                        mote host.  The initial value for the suspend charac-
-                        ter is taken to be the terminal's ssuussppeenndd character.
-
-                ttrraacceeffiillee
-                        This is the file to which the output, caused by
-                        nneettddaattaa or ooppttiioonn tracing being TRUE, will be written.
-                        If it is set to ``--'', then tracing information will
-                        be written to standard output (the default).
-
-                wwoorrddeerraassee
-                        If tteellnneett is operating in LINEMODE or ``old line by
-                        line`` mode, then this character is taken to be the
-                        terminal's wwoorrddeerraassee character.  The initial value for
-                        the worderase character is taken to be the terminal's
-                        wwoorrddeerraassee character.
-
-                ??       Displays the legal sseett (uunnsseett) commands.
-
-     ssllcc _s_t_a_t_e  The ssllcc command (Set Local Characters) is used to set or
-                change the state of the the special characters when the TELNET
-                LINEMODE option has been enabled.  Special characters are
-                characters that get mapped to TELNET commands sequences (like
-                iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll).
-                By default, the local special characters are exported.
-
-                cchheecckk       Verify the current settings for the current spe-
-                            cial characters.  The remote side is requested to
-                            send all the current special character settings,
-                            and if there are any discrepancies with the local
-                            side, the local side will switch to the remote
-                            value.
-
-                eexxppoorrtt      Switch to the local defaults for the special char-
-                            acters.  The local default characters are those of
-                            the local terminal at the time when tteellnneett was
-                            started.
-
-                iimmppoorrtt      Switch to the remote defaults for the special
-                            characters.  The remote default characters are
-                            those of the remote system at the time when the
-                            TELNET connection was established.
-
-                ??           Prints out help information for the ssllcc command.
-
-     ssttaattuuss     Show the current status of tteellnneett.  This includes the peer one
-                is connected to, as well as the current mode.
-
-     ttooggggllee _a_r_g_u_m_e_n_t_s _._._.
-                Toggle (between TRUE and FALSE) various flags that control how
-                tteellnneett responds to events.  These flags may be set explicitly
-                to TRUE or FALSE using the sseett and uunnsseett commands listed
-                above.  More than one argument may be specified.  The state of
-                these flags may be interrogated with the ddiissppllaayy command.
-                Valid arguments are:
-
-                aauutthhddeebbuugg     Turns on debugging information for the authenti-
-                              cation code.
-
-                aauuttoofflluusshh     If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then
-                              when the aaoo, or qquuiitt characters are recognized
-                              (and transformed into TELNET sequences; see sseett
-                              above for details), tteellnneett refuses to display
-                              any data on the user's terminal until the remote
-                              system acknowledges (via a TELNET TIMING MARK
-                              option) that it has processed those TELNET se-
-                              quences.  The initial value for this toggle is
-                              TRUE if the terminal user had not done an "stty
-                              noflsh", otherwise FALSE (see stty(1)).
-
-                aauuttooddeeccrryypptt   When the TELNET ENCRYPT option is negotiated, by
-                              default the actual encryption (decryption) of
-                              the data stream does not start automatically.
-                              The autoencrypt (autodecrypt) command states
-                              that encryption of the output (input) stream
-                              should be enabled as soon as possible.
-
-                              Note:  Because of export controls, the TELNET
-                              ENCRYPT option is not supported outside the
-                              United States and Canada.
-
-                aauuttoollooggiinn     If the remote side supports the TELNET
-                              AUTHENTICATION option TELNET attempts to use it
-                              to perform automatic authentication.  If the
-                              AUTHENTICATION option is not supported, the us-
-                              er's login name are propagated through the
-                              TELNET ENVIRON option.  This command is the same
-                              as specifying _a option on the ooppeenn command.
-
-                aauuttoossyynncchh     If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then
-                              when either the iinnttrr or qquuiitt characters is typed
-                              (see sseett above for descriptions of the iinnttrr and
-                              qquuiitt characters), the resulting TELNET sequence
-                              sent is followed by the TELNET SYNCH sequence.
-                              This procedure sshhoouulldd cause the remote system to
-                              begin throwing away all previously typed input
-                              until both of the TELNET sequences have been
-                              read and acted upon.  The initial value of this
-                              toggle is FALSE.
-
-                bbiinnaarryy        Enable or disable the TELNET BINARY option on
-                              both input and output.
-
-                iinnbbiinnaarryy      Enable or disable the TELNET BINARY option on
-                              input.
-
-                oouuttbbiinnaarryy     Enable or disable the TELNET BINARY option on
-                              output.
-
-                ccrrllff          If this is TRUE, then carriage returns will be
-                              sent as <CR><LF>.  If this is FALSE, then car-
-                              riage returns will be send as <CR><NUL>.  The
-                              initial value for this toggle is FALSE.
-
-                ccrrmmoodd         Toggle carriage return mode.  When this mode is
-                              enabled, most carriage return characters re-
-                              ceived from the remote host will be mapped into
-                              a carriage return followed by a line feed.  This
-                              mode does not affect those characters typed by
-                              the user, only those received from the remote
-                              host.  This mode is not very useful unless the
-                              remote host only sends carriage return, but nev-
-                              er line feed.  The initial value for this toggle
-                              is FALSE.
-
-                ddeebbuugg         Toggles socket level debugging (useful only to
-                              the ssuuppeerr uusseerr).  The initial value for this
-                              toggle is FALSE.
-
-                eennccddeebbuugg      Turns on debugging information for the encryp-
-                              tion code.
-
-                llooccaallcchhaarrss    If this is TRUE, then the fflluusshh, iinntteerrrruupptt,
-                              qquuiitt, eerraassee, and kkiillll characters (see sseett above)
-                              are recognized locally, and transformed into
-                              (hopefully) appropriate TELNET control sequences
-                              (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd
-                              above).  The initial value for this toggle is
-                              TRUE in ``old line by line'' mode, and FALSE in
-                              ``character at a time'' mode.  When the LINEMODE
-                              option is enabled, the value of llooccaallcchhaarrss is
-                              ignored, and assumed to always be TRUE.  If
-                              LINEMODE has ever been enabled, then qquuiitt is
-                              sent as aabboorrtt, and eeooff and ssuussppeenndd are sent as
-                              eeooff and ssuusspp, see sseenndd above).
-
-                nneettddaattaa       Toggles the display of all network data (in hex-
-                              adecimal format).  The initial value for this
-                              toggle is FALSE.
-
-                ooppttiioonnss       Toggles the display of some internal tteellnneett pro-
-                              tocol processing (having to do with TELNET op-
-                              tions).  The initial value for this toggle is
-                              FALSE.
-
-                pprreettttyydduummpp    When the nneettddaattaa toggle is enabled, if
-                              pprreettttyydduummpp is enabled the output from the
-                              nneettddaattaa command will be formatted in a more user
-                              readable format.  Spaces are put between each
-                              character in the output, and the beginning of
-                              any TELNET escape sequence is preceded by a '*'
-                              to aid in locating them.
-
-                sskkiipprrcc        When the skiprc toggle is TRUE, TELNET skips the
-                              reading of the _._t_e_l_n_e_t_r_c file in the users home
-                              directory when connections are opened.  The ini-
-                              tial value for this toggle is FALSE.
-
-                tteerrmmddaattaa      Toggles the display of all terminal data (in
-                              hexadecimal format).  The initial value for this
-                              toggle is FALSE.
-
-                vveerrbboossee__eennccrryypptt
-                              When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET
-                              prints out a message each time encryption is en-
-                              abled or disabled.  The initial value for this
-                              toggle is FALSE.  Note:  Because of export con-
-                              trols, data encryption is not supported outside
-                              of the United States and Canada.
-
-                ??             Displays the legal ttooggggllee commands.
-
-     zz          Suspend tteellnneett.  This command only works when the user is us-
-                ing the csh(1).
-
-     !! [_c_o_m_m_a_n_d]
-                Execute a single command in a subshell on the local system.
-                If ccoommmmaanndd is omitted, then an interactive subshell is in-
-                voked.
-
-     ?? [_c_o_m_m_a_n_d]
-                Get help.  With no arguments, tteellnneett prints a help summary.
-                If a command is specified, tteellnneett will print the help informa-
-                tion for just that command.
-
-EENNVVIIRROONNMMEENNTT
-     TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari-
-     ables.  Other environment variables may be propagated to the other side
-     via the TELNET ENVIRON option.
-
-FFIILLEESS
-     ~/.telnetrc  user customized telnet startup values
-
-HHIISSTTOORRYY
-     The TTeellnneett command appeared in 4.2BSD.
-
-NNOOTTEESS
-     On some remote systems, echo has to be turned off manually when in ``old
-     line by line'' mode.
-
-     In ``old line by line'' mode or LINEMODE the terminal's eeooff character is
-     only recognized (and sent to the remote system) when it is the first
-     character on a line.
-
-4.2 Berkeley Distribution        June 1, 1994                               11
diff --git a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h b/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
deleted file mode 100644
index 1183b677dee5..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: telnet_locl.h,v 1.21 2001/12/20 20:39:52 joda Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <ctype.h>
-#ifdef HAVE_SIGNAL_H
-#include <signal.h>
-#endif
-#include <errno.h>
-#include <setjmp.h>
-#ifdef HAVE_BSDSETJMP_H
-#include <bsdsetjmp.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-/* termios.h *must* be included before curses.h */
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-
-#if defined(SOCKS) && defined(HAVE_CURSES_H)
-#include <curses.h>
-#endif
-
-#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
-#include <sys/termio.h>
-#endif
-
-#if defined(HAVE_TERMCAP_H)
-#include <termcap.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-/* not with SunOS 4 */
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif /* HAVE_SYS_RESOURCE_H */
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_SYSTM_H
-#include <netinet/in_systm.h>
-#endif
-#ifdef HAVE_NETINET_IP_H
-#include <netinet/ip.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#ifdef _AIX
-struct sockaddr_dl; /* AIX fun */
-struct ether_addr;
-#endif
-#include <arpa/inet.h>
-#endif
-
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#ifdef SOCKS
-#include <socks.h>
-#endif
-
-#include <err.h>
-#include <roken.h>
-/* krb.h? */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <libtelnet/auth.h>
-#include <libtelnet/encrypt.h>
-#endif
-#include <libtelnet/misc.h>
-#include <libtelnet/misc-proto.h>
-
-#define LINEMODE
-#ifndef KLUDGELINEMODE
-#define KLUDGELINEMODE
-#endif
-
-#include "ring.h"
-#include "externs.h"
-#include "defines.h"
-#include "types.h"
-
-/* prototypes */
-
diff --git a/crypto/heimdal/appl/telnet/telnet/terminal.c b/crypto/heimdal/appl/telnet/telnet/terminal.c
deleted file mode 100644
index 44e16111fca4..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/terminal.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnet_locl.h"
-
-RCSID("$Id: terminal.c,v 1.11 2001/03/06 20:10:14 assar Exp $");
-
-Ring		ttyoring, ttyiring;
-unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
-
-int termdata;			/* Debugging flag */
-
-# ifndef VDISCARD
-cc_t termFlushChar;
-# endif
-# ifndef VLNEXT
-cc_t termLiteralNextChar;
-# endif
-# ifndef VSUSP
-cc_t termSuspChar;
-# endif
-# ifndef VWERASE
-cc_t termWerasChar;
-# endif
-# ifndef VREPRINT
-cc_t termRprntChar;
-# endif
-# ifndef VSTART
-cc_t termStartChar;
-# endif
-# ifndef VSTOP
-cc_t termStopChar;
-# endif
-# ifndef VEOL
-cc_t termForw1Char;
-# endif
-# ifndef VEOL2
-cc_t termForw2Char;
-# endif
-# ifndef VSTATUS
-cc_t termAytChar;
-# endif
-
-/*
- * initialize the terminal data structures.
- */
-
-void
-init_terminal(void)
-{
-    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
-	exit(1);
-    }
-    autoflush = TerminalAutoFlush();
-}
-
-
-/*
- *		Send as much data as possible to the terminal.
- *
- *		Return value:
- *			-1: No useful work done, data waiting to go out.
- *			 0: No data was waiting, so nothing was done.
- *			 1: All waiting data was written out.
- *			 n: All data - n was written out.
- */
-
-
-int
-ttyflush(int drop)
-{
-    int n, n0, n1;
-
-    n0 = ring_full_count(&ttyoring);
-    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
-	if (drop) {
-	    TerminalFlushOutput();
-	    /* we leave 'n' alone! */
-	} else {
-	    n = TerminalWrite((char *)ttyoring.consume, n);
-	}
-    }
-    if (n > 0) {
-	if (termdata && n) {
-	    Dump('>', ttyoring.consume, n);
-	}
-	/*
-	 * If we wrote everything, and the full count is
-	 * larger than what we wrote, then write the
-	 * rest of the buffer.
-	 */
-	if (n1 == n && n0 > n) {
-		n1 = n0 - n;
-		if (!drop)
-			n1 = TerminalWrite((char *)ttyoring.bottom, n1);
-		if (n1 > 0)
-			n += n1;
-	}
-	ring_consumed(&ttyoring, n);
-    }
-    if (n < 0)
-	return -1;
-    if (n == n0) {
-	if (n0)
-	    return -1;
-	return 0;
-    }
-    return n0 - n + 1;
-}
-
-
-/*
- * These routines decides on what the mode should be (based on the values
- * of various global variables).
- */
-
-
-int
-getconnmode(void)
-{
-    int mode = 0;
-
-    if (my_want_state_is_dont(TELOPT_ECHO))
-	mode |= MODE_ECHO;
-
-    if (localflow)
-	mode |= MODE_FLOW;
-
-    if ((eight & 1) || my_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_INBIN;
-
-    if (eight & 2)
-	mode |= MODE_OUT8;
-    if (his_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_OUTBIN;
-
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode) {
-	if (my_want_state_is_dont(TELOPT_SGA)) {
-	    mode |= (MODE_TRAPSIG|MODE_EDIT);
-	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
-		mode &= ~MODE_ECHO;
-	    }
-	}
-	return(mode);
-    }
-#endif
-    if (my_want_state_is_will(TELOPT_LINEMODE))
-	mode |= linemode;
-    return(mode);
-}
-
-    void
-setconnmode(force)
-    int force;
-{
-#ifdef	ENCRYPTION
-    static int enc_passwd = 0;
-#endif
-    int newmode;
-
-    newmode = getconnmode()|(force?MODE_FORCE:0);
-
-    TerminalNewMode(newmode);
-    
-#ifdef  ENCRYPTION
-    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
-	if (my_want_state_is_will(TELOPT_ENCRYPT)
-				&& (enc_passwd == 0) && !encrypt_output) {
-	    encrypt_request_start(0, 0);
-	    enc_passwd = 1;
-	}
-    } else {
-	if (enc_passwd) {
-	    encrypt_request_end();
-	    enc_passwd = 0;
-	}
-    }
-#endif
-
-}
-
-
-    void
-setcommandmode()
-{
-    TerminalNewMode(-1);
-}
diff --git a/crypto/heimdal/appl/telnet/telnet/types.h b/crypto/heimdal/appl/telnet/telnet/types.h
deleted file mode 100644
index 191d311fd154..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/types.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)types.h	8.1 (Berkeley) 6/6/93
- */
-
-typedef struct {
-    char *modedescriptions;
-    char modetype;
-} Modelist;
-
-extern Modelist modelist[];
-
-typedef struct {
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	gotDM;			/* when did we last see a data mark */
-} Clocks;
-
-extern Clocks clocks;
diff --git a/crypto/heimdal/appl/telnet/telnet/utilities.c b/crypto/heimdal/appl/telnet/telnet/utilities.c
deleted file mode 100644
index c326d5aad7e7..000000000000
--- a/crypto/heimdal/appl/telnet/telnet/utilities.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#define TELOPTS
-#define TELCMDS
-#define SLC_NAMES
-
-#include "telnet_locl.h"
-
-RCSID("$Id: utilities.c,v 1.25 2001/08/29 00:45:21 assar Exp $");
-
-FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
-int	prettydump;
-
-/*
- * SetSockOpt()
- *
- * Compensate for differences in 4.2 and 4.3 systems.
- */
-
-int
-SetSockOpt(int fd, int level, int option, int yesno)
-{
-#ifdef HAVE_SETSOCKOPT
-#ifndef	NOT43
-    return setsockopt(fd, level, option,
-				(void *)&yesno, sizeof yesno);
-#else	/* NOT43 */
-    if (yesno == 0) {		/* Can't do that in 4.2! */
-	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
-				option);
-	return -1;
-    }
-    return setsockopt(fd, level, option, 0, 0);
-#endif	/* NOT43 */
-#else
-    return -1;
-#endif
-}
-
-/*
- * The following are routines used to print out debugging information.
- */
-
-char NetTraceFile[256] = "(standard output)";
-
-void
-SetNetTrace(char *file)
-{
-    if (NetTrace && NetTrace != stdout)
-	fclose(NetTrace);
-    if (file  && (strcmp(file, "-") != 0)) {
-	NetTrace = fopen(file, "w");
-	if (NetTrace) {
-	    strlcpy(NetTraceFile, file, sizeof(NetTraceFile));
-	    return;
-	}
-	fprintf(stderr, "Cannot open %s.\n", file);
-    }
-    NetTrace = stdout;
-    strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
-}
-
-void
-Dump(char direction, unsigned char *buffer, int length)
-{
-#   define BYTES_PER_LINE	32
-    unsigned char *pThis;
-    int offset;
-
-    offset = 0;
-
-    while (length) {
-	/* print one line */
-	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
-	pThis = buffer;
-	if (prettydump) {
-	    buffer = buffer + min(length, BYTES_PER_LINE/2);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%c%.2x",
-		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
-		    (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE/2;
-	    offset += BYTES_PER_LINE/2;
-	} else {
-	    buffer = buffer + min(length, BYTES_PER_LINE);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE;
-	    offset += BYTES_PER_LINE;
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	if (length < 0) {
-	    fflush(NetTrace);
-	    return;
-	}
-	/* find next unique line */
-    }
-    fflush(NetTrace);
-}
-
-
-void
-printoption(char *direction, int cmd, int option)
-{
-	if (!showoptions)
-		return;
-	if (cmd == IAC) {
-		if (TELCMD_OK(option))
-		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
-		else
-		    fprintf(NetTrace, "%s IAC %d", direction, option);
-	} else {
-		char *fmt;
-		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
-			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
-		if (fmt) {
-		    fprintf(NetTrace, "%s %s ", direction, fmt);
-		    if (TELOPT_OK(option))
-			fprintf(NetTrace, "%s", TELOPT(option));
-		    else if (option == TELOPT_EXOPL)
-			fprintf(NetTrace, "EXOPL");
-		    else
-			fprintf(NetTrace, "%d", option);
-		} else
-		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	    fflush(NetTrace);
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	return;
-}
-
-void
-optionstatus(void)
-{
-    int i;
-
-    for (i = 0; i < 256; i++) {
-	if (do_dont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
-	    else
-		printf("resp DO_DONT %d: %d\n", i,
-				do_dont_resp[i]);
-	    if (my_want_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("want DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DO   %s\n", TELCMD(i));
-		else
-		    printf("want DO   %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want DONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DONT %s\n", TELCMD(i));
-		else
-		    printf("want DONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("     DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     DO   %s\n", TELCMD(i));
-		else
-		    printf("     DO   %d\n", i);
-	    }
-	}
-	if (will_wont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
-	    else
-		printf("resp WILL_WONT %d: %d\n",
-				i, will_wont_resp[i]);
-	    if (my_want_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("want WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WILL %s\n", TELCMD(i));
-		else
-		    printf("want WILL %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want WONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WONT %s\n", TELCMD(i));
-		else
-		    printf("want WONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("     WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     WILL %s\n", TELCMD(i));
-		else
-		    printf("     WILL %d\n", i);
-	    }
-	}
-    }
-
-}
-
-void
-printsub(int direction, unsigned char *pointer, int length)
-{
-    int i;
-    unsigned char buf[512];
-
-    if (showoptions || direction == 0 ||
-	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
-	if (direction) {
-	    fprintf(NetTrace, "%s IAC SB ",
-				(direction == '<')? "RCVD":"SENT");
-	    if (length >= 3) {
-		int j;
-
-		i = pointer[length-2];
-		j = pointer[length-1];
-
-		if (i != IAC || j != SE) {
-		    fprintf(NetTrace, "(terminated by ");
-		    if (TELOPT_OK(i))
-			fprintf(NetTrace, "%s ", TELOPT(i));
-		    else if (TELCMD_OK(i))
-			fprintf(NetTrace, "%s ", TELCMD(i));
-		    else
-			fprintf(NetTrace, "%d ", i);
-		    if (TELOPT_OK(j))
-			fprintf(NetTrace, "%s", TELOPT(j));
-		    else if (TELCMD_OK(j))
-			fprintf(NetTrace, "%s", TELCMD(j));
-		    else
-			fprintf(NetTrace, "%d", j);
-		    fprintf(NetTrace, ", not IAC SE!) ");
-		}
-	    }
-	    length -= 2;
-	}
-	if (length < 1) {
-	    fprintf(NetTrace, "(Empty suboption??\?)");
-	    if (NetTrace == stdout)
-		fflush(NetTrace);
-	    return;
-	}
-	switch (pointer[0]) {
-	case TELOPT_TTYPE:
-	    fprintf(NetTrace, "TERMINAL-TYPE ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace,
-				"- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-	case TELOPT_TSPEED:
-	    fprintf(NetTrace, "TERMINAL-SPEED");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " IS ");
-		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
-		break;
-	    default:
-		if (pointer[1] == 1)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    }
-	    break;
-
-	case TELOPT_LFLOW:
-	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case LFLOW_OFF:
-		fprintf(NetTrace, " OFF"); break;
-	    case LFLOW_ON:
-		fprintf(NetTrace, " ON"); break;
-	    case LFLOW_RESTART_ANY:
-		fprintf(NetTrace, " RESTART-ANY"); break;
-	    case LFLOW_RESTART_XON:
-		fprintf(NetTrace, " RESTART-XON"); break;
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    }
-	    for (i = 2; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-	case TELOPT_NAWS:
-	    fprintf(NetTrace, "NAWS");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    if (length == 2) {
-		fprintf(NetTrace, " ?%d?", pointer[1]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[1], pointer[2],
-		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
-	    if (length == 4) {
-		fprintf(NetTrace, " ?%d?", pointer[3]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[3], pointer[4],
-		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
-	    for (i = 5; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION:
-	    fprintf(NetTrace, "AUTHENTICATION");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_REPLY:
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
-							"IS" : "REPLY");
-		if (AUTHTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, "%d ", pointer[2]);
-		if (length < 3) {
-		    fprintf(NetTrace, "(partial suboption??\?)");
-		    break;
-		}
-		fprintf(NetTrace, "%s|%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY");
-
-		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case TELQUAL_SEND:
-		i = 2;
-		fprintf(NetTrace, " SEND ");
-		while (i < length) {
-		    if (AUTHTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    if (++i >= length) {
-			fprintf(NetTrace, "(partial suboption??\?)");
-			break;
-		    }
-		    fprintf(NetTrace, "%s|%s ",
-			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-							"CLIENT" : "SERVER",
-			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-							"MUTUAL" : "ONE-WAY");
-		    ++i;
-		}
-		break;
-
-	    case TELQUAL_NAME:
-		i = 2;
-		fprintf(NetTrace, " NAME \"");
-		while (i < length)
-		    putc(pointer[i++], NetTrace);
-		putc('"', NetTrace);
-		break;
-
-	    default:
-		    for (i = 2; i < length; i++)
-			fprintf(NetTrace, " ?%d?", pointer[i]);
-		    break;
-	    }
-	    break;
-#endif
-
-#if	defined(ENCRYPTION)
-	case TELOPT_ENCRYPT:
-	    fprintf(NetTrace, "ENCRYPT");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		fprintf(NetTrace, " START");
-		break;
-
-	    case ENCRYPT_END:
-		fprintf(NetTrace, " END");
-		break;
-
-	    case ENCRYPT_REQSTART:
-		fprintf(NetTrace, " REQUEST-START");
-		break;
-
-	    case ENCRYPT_REQEND:
-		fprintf(NetTrace, " REQUEST-END");
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
-							"IS" : "REPLY");
-		if (length < 3) {
-		    fprintf(NetTrace, " (partial suboption?)");
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
-
-		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		fprintf(NetTrace, " SUPPORT ");
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		fprintf(NetTrace, " ENC_KEYID ");
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		fprintf(NetTrace, " DEC_KEYID ");
-		goto encommon;
-
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    encommon:
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-		break;
-	    }
-	    break;
-#endif
-
-	case TELOPT_LINEMODE:
-	    fprintf(NetTrace, "LINEMODE ");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case WILL:
-		fprintf(NetTrace, "WILL ");
-		goto common;
-	    case WONT:
-		fprintf(NetTrace, "WONT ");
-		goto common;
-	    case DO:
-		fprintf(NetTrace, "DO ");
-		goto common;
-	    case DONT:
-		fprintf(NetTrace, "DONT ");
-	    common:
-		if (length < 3) {
-		    fprintf(NetTrace, "(no option??\?)");
-		    break;
-		}
-		switch (pointer[2]) {
-		case LM_FORWARDMASK:
-		    fprintf(NetTrace, "Forward Mask");
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %x", pointer[i]);
-		    break;
-		default:
-		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %d", pointer[i]);
-		    break;
-		}
-		break;
-
-	    case LM_SLC:
-		fprintf(NetTrace, "SLC");
-		for (i = 2; i < length - 2; i += 3) {
-		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
-		    else
-			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
-		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		    case SLC_NOSUPPORT:
-			fprintf(NetTrace, " NOSUPPORT"); break;
-		    case SLC_CANTCHANGE:
-			fprintf(NetTrace, " CANTCHANGE"); break;
-		    case SLC_VARIABLE:
-			fprintf(NetTrace, " VARIABLE"); break;
-		    case SLC_DEFAULT:
-			fprintf(NetTrace, " DEFAULT"); break;
-		    }
-		    fprintf(NetTrace, "%s%s%s",
-			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-						SLC_FLUSHOUT| SLC_LEVELBITS))
-			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
-		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
-		    if ((pointer[i+SLC_VALUE] == IAC) &&
-			(pointer[i+SLC_VALUE+1] == IAC))
-				i++;
-		}
-		for (; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-
-	    case LM_MODE:
-		fprintf(NetTrace, "MODE ");
-		if (length < 3) {
-		    fprintf(NetTrace, "(no mode??\?)");
-		    break;
-		}
-		{
-		    char tbuf[64];
-		    snprintf(tbuf, sizeof(tbuf),
-			     "%s%s%s%s%s",
-			     pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			     pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			     pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			     pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			     pointer[2]&MODE_ACK ? "|ACK" : "");
-		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
-		}
-		if (pointer[2]&~(MODE_MASK))
-		    fprintf(NetTrace, " (0x%x)", pointer[2]);
-		for (i = 3; i < length; i++)
-		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
-		break;
-	    default:
-		fprintf(NetTrace, "%d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-	    }
-	    break;
-
-	case TELOPT_STATUS: {
-	    char *cp;
-	    int j, k;
-
-	    fprintf(NetTrace, "STATUS");
-
-	    switch (pointer[1]) {
-	    default:
-		if (pointer[1] == TELQUAL_SEND)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    case TELQUAL_IS:
-		if (--want_status_response < 0)
-		    want_status_response = 0;
-		if (NetTrace == stdout)
-		    fprintf(NetTrace, " IS\r\n");
-		else
-		    fprintf(NetTrace, " IS\n");
-
-		for (i = 2; i < length; i++) {
-		    switch(pointer[i]) {
-		    case DO:	cp = "DO"; goto common2;
-		    case DONT:	cp = "DONT"; goto common2;
-		    case WILL:	cp = "WILL"; goto common2;
-		    case WONT:	cp = "WONT"; goto common2;
-		    common2:
-			i++;
-			if (TELOPT_OK((int)pointer[i]))
-			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
-			else
-			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-			break;
-
-		    case SB:
-			fprintf(NetTrace, " SB ");
-			i++;
-			j = k = i;
-			while (j < length) {
-			    if (pointer[j] == SE) {
-				if (j+1 == length)
-				    break;
-				if (pointer[j+1] == SE)
-				    j++;
-				else
-				    break;
-			    }
-			    pointer[k++] = pointer[j++];
-			}
-			printsub(0, &pointer[i], k - i);
-			if (i < length) {
-			    fprintf(NetTrace, " SE");
-			    i = j;
-			} else
-			    i = j - 1;
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-
-			break;
-
-		    default:
-			fprintf(NetTrace, " %d", pointer[i]);
-			break;
-		    }
-		}
-		break;
-	    }
-	    break;
-	  }
-
-	case TELOPT_XDISPLOC:
-	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-
-	case TELOPT_NEW_ENVIRON:
-	    fprintf(NetTrace, "NEW-ENVIRON ");
-#ifdef	OLD_ENVIRON
-	    goto env_common1;
-	case TELOPT_OLD_ENVIRON:
-	    fprintf(NetTrace, "OLD-ENVIRON");
-	env_common1:
-#endif
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS ");
-		goto env_common;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND ");
-		goto env_common;
-	    case TELQUAL_INFO:
-		fprintf(NetTrace, "INFO ");
-	    env_common:
-		{
-		    int noquote = 2;
-		    for (i = 2; i < length; i++ ) {
-			switch (pointer[i]) {
-			case NEW_ENV_VALUE:
-#ifdef OLD_ENVIRON
-		     /*	case NEW_ENV_OVAR: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-				    fprintf(NetTrace, "\" VAR " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VALUE " + noquote);
-			    noquote = 2;
-			    break;
-
-			case NEW_ENV_VAR:
-#ifdef OLD_ENVIRON
-		     /* case OLD_ENV_VALUE: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-				    fprintf(NetTrace, "\" VALUE " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_ESC:
-			    fprintf(NetTrace, "\" ESC " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_USERVAR:
-			    fprintf(NetTrace, "\" USERVAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			default:
-			    if (isprint(pointer[i]) && pointer[i] != '"') {
-				if (noquote) {
-				    putc('"', NetTrace);
-				    noquote = 0;
-				}
-				putc(pointer[i], NetTrace);
-			    } else {
-				fprintf(NetTrace, "\" %03o " + noquote,
-							pointer[i]);
-				noquote = 2;
-			    }
-			    break;
-			}
-		    }
-		    if (!noquote)
-			putc('"', NetTrace);
-		    break;
-		}
-	    }
-	    break;
-
-	default:
-	    if (TELOPT_OK(pointer[0]))
-		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
-	    else
-		fprintf(NetTrace, "%d (unknown)", pointer[0]);
-	    for (i = 1; i < length; i++)
-		fprintf(NetTrace, " %d", pointer[i]);
-	    break;
-	}
-	if (direction) {
-	    if (NetTrace == stdout)
-		fprintf(NetTrace, "\r\n");
-	    else
-		fprintf(NetTrace, "\n");
-	}
-	if (NetTrace == stdout)
-	    fflush(NetTrace);
-    }
-}
-
-/* EmptyTerminal - called to make sure that the terminal buffer is empty.
- *			Note that we consider the buffer to run all the
- *			way to the kernel (thus the select).
- */
-
-void
-EmptyTerminal(void)
-{
-    fd_set	outs;
-
-    FD_ZERO(&outs);
-
-    if (tout >= FD_SETSIZE)
-	ExitString("fd too large", 1);
-
-    if (TTYBYTES() == 0) {
-	FD_SET(tout, &outs);
-	select(tout+1, 0, &outs, 0,
-		      (struct timeval *) 0); /* wait for TTLOWAT */
-    } else {
-	while (TTYBYTES()) {
-	    ttyflush(0);
-	    FD_SET(tout, &outs);
-	    select(tout+1, 0, &outs, 0,
-			  (struct timeval *) 0); /* wait for TTLOWAT */
-	}
-    }
-}
-
-void
-SetForExit(void)
-{
-    setconnmode(0);
-    do {
-	telrcv();			/* Process any incoming data */
-	EmptyTerminal();
-    } while (ring_full_count(&netiring));	/* While there is any */
-    setcommandmode();
-    fflush(stdout);
-    fflush(stderr);
-    setconnmode(0);
-    EmptyTerminal();			/* Flush the path to the tty */
-    setcommandmode();
-}
-
-void
-Exit(int returnCode)
-{
-    SetForExit();
-    exit(returnCode);
-}
-
-void
-ExitString(char *string, int returnCode)
-{
-    SetForExit();
-    fwrite(string, 1, strlen(string), stderr);
-    exit(returnCode);
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile b/crypto/heimdal/appl/telnet/telnetd/Makefile
deleted file mode 100644
index ba4aa6c14b4d..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile
+++ /dev/null
@@ -1,665 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/telnet/telnetd/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.18 2001/08/28 11:21:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-libexec_PROGRAMS = telnetd
-
-CHECK_LOCAL = 
-
-telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \
-		   utility.c global.c authenc.c defs.h ext.h telnetd.h
-
-
-man_MANS = telnetd.8
-
-LDADD = \
-	../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_tgetent) \
-	$(LIB_logwtmp) \
-	$(LIB_logout) \
-	$(LIB_openpty) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-subdir = appl/telnet/telnetd
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = telnetd$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-am_telnetd_OBJECTS = telnetd.$(OBJEXT) state.$(OBJEXT) \
-	termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) \
-	utility.$(OBJEXT) global.$(OBJEXT) authenc.$(OBJEXT)
-telnetd_OBJECTS = $(am_telnetd_OBJECTS)
-telnetd_LDADD = $(LDADD)
-telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a
-#telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la \
-#	$(top_builddir)/lib/kdfs/libkdfs.la
-##telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \
-##	$(top_builddir)/lib/kdfs/libkdfs.la
-telnetd_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(telnetd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(telnetd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/telnetd/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-telnetd$(EXEEXT): $(telnetd_OBJECTS) $(telnetd_DEPENDENCIES) 
-	@rm -f telnetd$(EXEEXT)
-	$(LINK) $(telnetd_LDFLAGS) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.am b/crypto/heimdal/appl/telnet/telnetd/Makefile.am
deleted file mode 100644
index 19e10bc8b942..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.am
+++ /dev/null
@@ -1,26 +0,0 @@
-# $Id: Makefile.am,v 1.18 2001/08/28 11:21:17 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-libexec_PROGRAMS = telnetd
-
-CHECK_LOCAL = 
-
-telnetd_SOURCES  = telnetd.c state.c termstat.c slc.c sys_term.c \
-		   utility.c global.c authenc.c defs.h ext.h telnetd.h
-
-man_MANS = telnetd.8
-
-LDADD = \
-	../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_tgetent) \
-	$(LIB_logwtmp) \
-	$(LIB_logout) \
-	$(LIB_openpty) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in
deleted file mode 100644
index eabaabb87978..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in
+++ /dev/null
@@ -1,661 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.18 2001/08/28 11:21:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-libexec_PROGRAMS = telnetd
-
-CHECK_LOCAL = 
-
-telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \
-		   utility.c global.c authenc.c defs.h ext.h telnetd.h
-
-
-man_MANS = telnetd.8
-
-LDADD = \
-	../libtelnet/libtelnet.a \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_tgetent) \
-	$(LIB_logwtmp) \
-	$(LIB_logout) \
-	$(LIB_openpty) \
-	$(LIB_kdfs) \
-	$(LIB_roken)
-
-subdir = appl/telnet/telnetd
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = telnetd$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS)
-
-am_telnetd_OBJECTS = telnetd.$(OBJEXT) state.$(OBJEXT) \
-	termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) \
-	utility.$(OBJEXT) global.$(OBJEXT) authenc.$(OBJEXT)
-telnetd_OBJECTS = $(am_telnetd_OBJECTS)
-telnetd_LDADD = $(LDADD)
-@DCE_FALSE@@KRB5_TRUE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@DCE_FALSE@@KRB5_FALSE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a
-@DCE_TRUE@@KRB5_TRUE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la \
-@DCE_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kdfs/libkdfs.la
-@DCE_TRUE@@KRB5_FALSE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \
-@DCE_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kdfs/libkdfs.la
-telnetd_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(telnetd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(telnetd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/telnet/telnetd/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-telnetd$(EXEEXT): $(telnetd_OBJECTS) $(telnetd_DEPENDENCIES) 
-	@rm -f telnetd$(EXEEXT)
-	$(LINK) $(telnetd_LDFLAGS) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/telnet/telnetd/authenc.c b/crypto/heimdal/appl/telnet/telnetd/authenc.c
deleted file mode 100644
index 14594ea22cb5..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/authenc.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: authenc.c,v 1.10 2000/11/15 23:20:43 assar Exp $");
-
-#ifdef AUTHENTICATION
-
-int
-telnet_net_write(unsigned char *str, int len)
-{
-    if (nfrontp + len < netobuf + BUFSIZ) {
-	memmove(nfrontp, str, len);
-	nfrontp += len;
-	return(len);
-    }
-    return(0);
-}
-
-void
-net_encrypt(void)
-{
-#ifdef ENCRYPTION
-    char *s = (nclearto > nbackp) ? nclearto : nbackp;
-    if (s < nfrontp && encrypt_output) {
-	(*encrypt_output)((unsigned char *)s, nfrontp - s);
-    }
-    nclearto = nfrontp;
-#endif
-}
-
-int
-telnet_spin(void)
-{
-    return ttloop();
-}
-
-char *
-telnet_getenv(const char *val)
-{
-    return(getenv(val));
-}
-
-char *
-telnet_gets(char *prompt, char *result, int length, int echo)
-{
-    return NULL;
-}
-#endif
diff --git a/crypto/heimdal/appl/telnet/telnetd/defs.h b/crypto/heimdal/appl/telnet/telnetd/defs.h
deleted file mode 100644
index add8fd21518a..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/defs.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defs.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Telnet server defines
- */
-
-#ifndef __DEFS_H__
-#define __DEFS_H__
-
-#ifndef	BSD
-# define	BSD 43
-#endif
-
-#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
-#define TELOPTS
-#define TELCMDS
-#define	SLC_NAMES
-#endif
-
-#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
-# define	TIOCSCTTY TCSETCTTY
-#endif
-
-#ifndef TIOCPKT_FLUSHWRITE
-#define TIOCPKT_FLUSHWRITE      0x02
-#endif
- 
-#ifndef TIOCPKT_NOSTOP
-#define TIOCPKT_NOSTOP  0x10
-#endif
- 
-#ifndef TIOCPKT_DOSTOP
-#define TIOCPKT_DOSTOP  0x20
-#endif
-
-/*
- * I/O data buffers defines
- */
-#define	NETSLOP	64
-#ifdef _CRAY
-#undef BUFSIZ
-#define BUFSIZ  2048
-#endif
-
-#define	NIACCUM(c)	{   *netip++ = c; \
-			    ncc++; \
-			}
-
-/* clock manipulations */
-#define	settimer(x)	(clocks.x = ++clocks.system)
-#define	sequenceIs(x,y)	(clocks.x < clocks.y)
-
-/*
- * Structures of information for each special character function.
- */
-typedef struct {
-	unsigned char	flag;		/* the flags for this function */
-	cc_t		val;		/* the value of the special character */
-} slcent, *Slcent;
-
-typedef struct {
-	slcent		defset;		/* the default settings */
-	slcent		current;	/* the current settings */
-	cc_t		*sptr;		/* a pointer to the char in */
-					/* system data structures */
-} slcfun, *Slcfun;
-
-#ifdef DIAGNOSTICS
-/*
- * Diagnostics capabilities
- */
-#define	TD_REPORT	0x01	/* Report operations to client */
-#define TD_EXERCISE	0x02	/* Exercise client's implementation */
-#define TD_NETDATA	0x04	/* Display received data stream */
-#define TD_PTYDATA	0x08	/* Display data passed to pty */
-#define	TD_OPTIONS	0x10	/* Report just telnet options */
-#endif /* DIAGNOSTICS */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
-#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
-#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
-#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
-
-#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
-#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
-#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
-#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
-
-/*
- * Tricky code here.  What we want to know is if the MY_STATE_WILL
- * and MY_WANT_STATE_WILL bits have the same value.  Since the two
- * bits are adjacent, a little arithmatic will show that by adding
- * in the lower bit, the upper bit will be set if the two bits were
- * different, and clear if they were the same.
- */
-#define my_will_wont_is_changing(opt) \
-			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
-
-#define my_do_dont_is_changing(opt) \
-			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
-
-/*
- * Make everything symmetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-#define his_will_wont_is_changing	my_do_dont_is_changing
-#define his_do_dont_is_changing		my_will_wont_is_changing
-
-#endif /* __DEFS_H__ */
diff --git a/crypto/heimdal/appl/telnet/telnetd/ext.h b/crypto/heimdal/appl/telnet/telnetd/ext.h
deleted file mode 100644
index 8f9993415e78..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/ext.h
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ext.h	8.2 (Berkeley) 12/15/93
- */
-
-/* $Id: ext.h,v 1.23 2001/08/29 00:45:22 assar Exp $ */
-
-#ifndef __EXT_H__
-#define __EXT_H__
-
-/*
- * Telnet server variable declarations
- */
-extern char	options[256];
-extern char	do_dont_resp[256];
-extern char	will_wont_resp[256];
-extern int	flowmode;	/* current flow control state */
-extern int	restartany;	/* restart output on any character state */
-#ifdef DIAGNOSTICS
-extern int	diagnostic;	/* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-extern int	require_otp;
-#ifdef AUTHENTICATION
-extern int	auth_level;
-#endif
-extern const char *new_login;
-
-extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
-
-extern char	*terminaltype;
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-extern char	netibuf[BUFSIZ], *netip;
-
-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-extern char	*neturg;		/* one past last bye of urgent data */
-
-extern int	pcc, ncc;
-
-extern int	ourpty, net;
-extern char	*line;
-extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
-
-int telnet_net_write (unsigned char *str, int len);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (const char *val);
-char *telnet_gets (char *prompt, char *result, int length, int echo);
-void get_slc_defaults (void);
-void telrcv (void);
-void send_do (int option, int init);
-void willoption (int option);
-void send_dont (int option, int init);
-void wontoption (int option);
-void send_will (int option, int init);
-void dooption (int option);
-void send_wont (int option, int init);
-void dontoption (int option);
-void suboption (void);
-void doclientstat (void);
-void send_status (void);
-void init_termbuf (void);
-void set_termbuf (void);
-int spcset (int func, cc_t *valp, cc_t **valpp);
-void set_utid (void);
-int getpty (int *ptynum);
-int tty_isecho (void);
-int tty_flowmode (void);
-int tty_restartany (void);
-void tty_setecho (int on);
-int tty_israw (void);
-void tty_binaryin (int on);
-void tty_binaryout (int on);
-int tty_isbinaryin (void);
-int tty_isbinaryout (void);
-int tty_issofttab (void);
-void tty_setsofttab (int on);
-int tty_islitecho (void);
-void tty_setlitecho (int on);
-int tty_iscrnl (void);
-void tty_tspeed (int val);
-void tty_rspeed (int val);
-void getptyslave (void);
-int cleanopen (char *line);
-void startslave (const char *host, const char *, int autologin, char *autoname);
-void init_env (void);
-void start_login (const char *host, int autologin, char *name);
-void cleanup (int sig);
-int main (int argc, char **argv);
-int getterminaltype (char *name, size_t);
-void _gettermname (void);
-int terminaltypeok (char *s);
-void my_telnet (int f, int p, const char*, const char *, int, char*);
-void interrupt (void);
-void sendbrk (void);
-void sendsusp (void);
-void recv_ayt (void);
-void doeof (void);
-void flowstat (void);
-void clientstat (int code, int parm1, int parm2);
-int ttloop (void);
-int stilloob (int s);
-void ptyflush (void);
-char *nextitem (char *current);
-void netclear (void);
-void netflush (void);
-void writenet (unsigned char *ptr, int len);
-void fatal (int f, char *msg);
-void fatalperror (int f, const char *msg);
-void fatalperror_errno (int f, const char *msg, int error);
-void edithost (char *pat, char *host);
-void putstr (char *s);
-void putchr (int cc);
-void putf (char *cp, char *where);
-void printoption (char *fmt, int option);
-void printsub (int direction, unsigned char *pointer, int length);
-void printdata (char *tag, char *ptr, int cnt);
-int login_tty(int t);
-
-#ifdef ENCRYPTION
-extern void	(*encrypt_output) (unsigned char *, int);
-extern int	(*decrypt_input) (int);
-extern char	*nclearto;
-#endif
-
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-struct clocks_t{
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	ttypesubopt,		/* ttype subopt is received */
-	tspeedsubopt,		/* tspeed subopt is received */
-	environsubopt,		/* environ subopt is received */
-	oenvironsubopt,		/* old environ subopt is received */
-	xdisplocsubopt,		/* xdisploc subopt is received */
-	baseline,		/* time started to do timed action */
-	gotDM;			/* when did we last see a data mark */
-};
-extern struct clocks_t clocks;
-
-extern int log_unauth;
-extern int no_warn;
-
-extern int def_tspeed, def_rspeed;
-#ifdef	TIOCSWINSZ
-extern int def_row, def_col;
-#endif
-
-#ifdef STREAMSPTY
-extern int really_stream;
-#endif
-
-#ifndef USE_IM
-# ifdef CRAY
-#  define USE_IM "Cray UNICOS (%h) (%t)"
-# endif
-# ifdef _AIX
-#  define USE_IM "%s %v.%r (%h) (%t)"
-# endif
-# ifndef USE_IM
-#  define USE_IM "%s %r (%h) (%t)"
-# endif
-#endif
-
-#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n"
-
-#endif /* __EXT_H__ */
diff --git a/crypto/heimdal/appl/telnet/telnetd/global.c b/crypto/heimdal/appl/telnet/telnetd/global.c
deleted file mode 100644
index 54d1a777abb2..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/global.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* a *lot* of ugly global definitions that really should be removed...
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: global.c,v 1.13 2001/07/19 16:00:42 assar Exp $");
-
-/*
- * Telnet server variable declarations
- */
-char	options[256];
-char	do_dont_resp[256];
-char	will_wont_resp[256];
-int	linemode;	/* linemode on/off */
-int	flowmode;	/* current flow control state */
-int	restartany;	/* restart output on any character state */
-#ifdef DIAGNOSTICS
-int	diagnostic;	/* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-int	require_otp;
-
-slcfun	slctab[NSLC + 1];	/* slc mapping table */
-
-char	*terminaltype;
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-char	netibuf[BUFSIZ], *netip;
-
-char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-char	*neturg;		/* one past last bye of urgent data */
-
-int	pcc, ncc;
-
-int	ourpty, net;
-int	SYNCHing;		/* we are in TELNET SYNCH mode */
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-struct clocks_t clocks;
-
-
-/* whether to log unauthenticated login attempts */
-int log_unauth;
-
-/* do not print warning if connection is not encrypted */
-int no_warn;
-
-/*
- * This function appends data to nfrontp and advances nfrontp.
- */
-
-int
-output_data (const char *format, ...)
-{
-  va_list args;
-  int remaining, ret;
-
-  va_start(args, format);
-  remaining = BUFSIZ - (nfrontp - netobuf);
-  ret = vsnprintf (nfrontp,
-		   remaining,
-		   format,
-		   args);
-  nfrontp += min(ret, remaining-1);
-  va_end(args);
-  return ret;
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/slc.c b/crypto/heimdal/appl/telnet/telnetd/slc.c
deleted file mode 100644
index 799d2d807c20..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/slc.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: slc.c,v 1.10 1997/05/11 06:30:00 assar Exp $");
-
-/*
- * get_slc_defaults
- *
- * Initialize the slc mapping table.
- */
-void
-get_slc_defaults(void)
-{
-    int i;
-    
-    init_termbuf();
-    
-    for (i = 1; i <= NSLC; i++) {
-	slctab[i].defset.flag =
-	    spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
-	slctab[i].current.flag = SLC_NOSUPPORT;
-	slctab[i].current.val = 0;
-    }
-    
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/state.c b/crypto/heimdal/appl/telnet/telnetd/state.c
deleted file mode 100644
index 987d99b1cf7e..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/state.c
+++ /dev/null
@@ -1,1356 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: state.c,v 1.14 2000/10/02 05:06:02 assar Exp $");
-
-unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
-unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
-unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
-unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
-int	not42 = 1;
-
-/*
- * Buffer for sub-options, and macros
- * for suboptions buffer manipulations
- */
-unsigned char subbuffer[2048], *subpointer= subbuffer, *subend= subbuffer;
-
-#define	SB_CLEAR()	subpointer = subbuffer
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-    *subpointer++ = (c); \
-			     }
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-#ifdef	ENV_HACK
-unsigned char *subsave;
-#define SB_SAVE()	subsave = subpointer;
-#define	SB_RESTORE()	subpointer = subsave;
-#endif
-
-
-/*
- * State for recv fsm
- */
-#define	TS_DATA		0	/* base state */
-#define	TS_IAC		1	/* look for double IAC's */
-#define	TS_CR		2	/* CR-LF ->'s CR */
-#define	TS_SB		3	/* throw away begin's... */
-#define	TS_SE		4	/* ...end's (suboption negotiation) */
-#define	TS_WILL		5	/* will option negotiation */
-#define	TS_WONT		6	/* wont -''- */
-#define	TS_DO		7	/* do -''- */
-#define	TS_DONT		8	/* dont -''- */
-
-void
-telrcv(void)
-{
-    int c;
-    static int state = TS_DATA;
-
-    while (ncc > 0) {
-	if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
-	    break;
-	c = *netip++ & 0377, ncc--;
-#ifdef ENCRYPTION
-	if (decrypt_input)
-	    c = (*decrypt_input)(c);
-#endif
-	switch (state) {
-
-	case TS_CR:
-	    state = TS_DATA;
-	    /* Strip off \n or \0 after a \r */
-	    if ((c == 0) || (c == '\n')) {
-		break;
-	    }
-	    /* FALL THROUGH */
-
-	case TS_DATA:
-	    if (c == IAC) {
-		state = TS_IAC;
-		break;
-	    }
-	    /*
-	     * We now map \r\n ==> \r for pragmatic reasons.
-	     * Many client implementations send \r\n when
-	     * the user hits the CarriageReturn key.
-	     *
-	     * We USED to map \r\n ==> \n, since \r\n says
-	     * that we want to be in column 1 of the next
-	     * printable line, and \n is the standard
-	     * unix way of saying that (\r is only good
-	     * if CRMOD is set, which it normally is).
-	     */
-	    if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
-		int nc = *netip;
-#ifdef ENCRYPTION
-		if (decrypt_input)
-		    nc = (*decrypt_input)(nc & 0xff);
-#endif
-		{
-#ifdef ENCRYPTION
-		    if (decrypt_input)
-			(void)(*decrypt_input)(-1);
-#endif
-		    state = TS_CR;
-		}
-	    }
-	    *pfrontp++ = c;
-	    break;
-
-	case TS_IAC:
-	gotiac:			switch (c) {
-
-	    /*
-	     * Send the process on the pty side an
-	     * interrupt.  Do this with a NULL or
-	     * interrupt char; depending on the tty mode.
-	     */
-	case IP:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    interrupt();
-	    break;
-
-	case BREAK:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    sendbrk();
-	    break;
-
-	    /*
-	     * Are You There?
-	     */
-	case AYT:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    recv_ayt();
-	    break;
-
-	    /*
-	     * Abort Output
-	     */
-	case AO:
-	    {
-		DIAG(TD_OPTIONS,
-		     printoption("td: recv IAC", c));
-		ptyflush();	/* half-hearted */
-		init_termbuf();
-
-		if (slctab[SLC_AO].sptr &&
-		    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
-		    *pfrontp++ =
-			(unsigned char)*slctab[SLC_AO].sptr;
-		}
-
-		netclear();	/* clear buffer back */
-		output_data ("%c%c", IAC, DM);
-		neturg = nfrontp-1; /* off by one XXX */
-		DIAG(TD_OPTIONS,
-		     printoption("td: send IAC", DM));
-		break;
-	    }
-
-	/*
-	 * Erase Character and
-	 * Erase Line
-	 */
-	case EC:
-	case EL:
-	    {
-		cc_t ch;
-
-		DIAG(TD_OPTIONS,
-		     printoption("td: recv IAC", c));
-		ptyflush();	/* half-hearted */
-		init_termbuf();
-		if (c == EC)
-		    ch = *slctab[SLC_EC].sptr;
-		else
-		    ch = *slctab[SLC_EL].sptr;
-		if (ch != (cc_t)(_POSIX_VDISABLE))
-		    *pfrontp++ = (unsigned char)ch;
-		break;
-	    }
-
-	/*
-	 * Check for urgent data...
-	 */
-	case DM:
-	    DIAG(TD_OPTIONS,
-		 printoption("td: recv IAC", c));
-	    SYNCHing = stilloob(net);
-	    settimer(gotDM);
-	    break;
-
-
-	    /*
-	     * Begin option subnegotiation...
-	     */
-	case SB:
-	    state = TS_SB;
-	    SB_CLEAR();
-	    continue;
-
-	case WILL:
-	    state = TS_WILL;
-	    continue;
-
-	case WONT:
-	    state = TS_WONT;
-	    continue;
-
-	case DO:
-	    state = TS_DO;
-	    continue;
-
-	case DONT:
-	    state = TS_DONT;
-	    continue;
-	case EOR:
-	    if (his_state_is_will(TELOPT_EOR))
-		doeof();
-	    break;
-
-	    /*
-	     * Handle RFC 10xx Telnet linemode option additions
-	     * to command stream (EOF, SUSP, ABORT).
-	     */
-	case xEOF:
-	    doeof();
-	    break;
-
-	case SUSP:
-	    sendsusp();
-	    break;
-
-	case ABORT:
-	    sendbrk();
-	    break;
-
-	case IAC:
-	    *pfrontp++ = c;
-	    break;
-	}
-	state = TS_DATA;
-	break;
-
-	case TS_SB:
-	    if (c == IAC) {
-		state = TS_SE;
-	    } else {
-		SB_ACCUM(c);
-	    }
-	    break;
-
-	case TS_SE:
-	    if (c != SE) {
-		if (c != IAC) {
-		    /*
-		     * bad form of suboption negotiation.
-		     * handle it in such a way as to avoid
-		     * damage to local state.  Parse
-		     * suboption buffer found so far,
-		     * then treat remaining stream as
-		     * another command sequence.
-		     */
-
-		    /* for DIAGNOSTICS */
-		    SB_ACCUM(IAC);
-		    SB_ACCUM(c);
-		    subpointer -= 2;
-
-		    SB_TERM();
-		    suboption();
-		    state = TS_IAC;
-		    goto gotiac;
-		}
-		SB_ACCUM(c);
-		state = TS_SB;
-	    } else {
-		/* for DIAGNOSTICS */
-		SB_ACCUM(IAC);
-		SB_ACCUM(SE);
-		subpointer -= 2;
-
-		SB_TERM();
-		suboption();	/* handle sub-option */
-		state = TS_DATA;
-	    }
-	    break;
-
-	case TS_WILL:
-	    willoption(c);
-	    state = TS_DATA;
-	    continue;
-
-	case TS_WONT:
-	    wontoption(c);
-	    if (c==TELOPT_ENCRYPT && his_do_dont_is_changing(TELOPT_ENCRYPT) )
-                dontoption(c);
-	    state = TS_DATA;
-	    continue;
-
-	case TS_DO:
-	    dooption(c);
-	    state = TS_DATA;
-	    continue;
-
-	case TS_DONT:
-	    dontoption(c);
-	    state = TS_DATA;
-	    continue;
-
-	default:
-	    syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
-	    printf("telnetd: panic state=%d\n", state);
-	    exit(1);
-	}
-    }
-}  /* end of telrcv */
-
-/*
- * The will/wont/do/dont state machines are based on Dave Borman's
- * Telnet option processing state machine.
- *
- * These correspond to the following states:
- *	my_state = the last negotiated state
- *	want_state = what I want the state to go to
- *	want_resp = how many requests I have sent
- * All state defaults are negative, and resp defaults to 0.
- *
- * When initiating a request to change state to new_state:
- *
- * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
- *	do nothing;
- * } else {
- *	want_state = new_state;
- *	send new_state;
- *	want_resp++;
- * }
- *
- * When receiving new_state:
- *
- * if (want_resp) {
- *	want_resp--;
- *	if (want_resp && (new_state == my_state))
- *		want_resp--;
- * }
- * if ((want_resp == 0) && (new_state != want_state)) {
- *	if (ok_to_switch_to new_state)
- *		want_state = new_state;
- *	else
- *		want_resp++;
- *	send want_state;
- * }
- * my_state = new_state;
- *
- * Note that new_state is implied in these functions by the function itself.
- * will and do imply positive new_state, wont and dont imply negative.
- *
- * Finally, there is one catch.  If we send a negative response to a
- * positive request, my_state will be the positive while want_state will
- * remain negative.  my_state will revert to negative when the negative
- * acknowlegment arrives from the peer.  Thus, my_state generally tells
- * us not only the last negotiated state, but also tells us what the peer
- * wants to be doing as well.  It is important to understand this difference
- * as we may wish to be processing data streams based on our desired state
- * (want_state) or based on what the peer thinks the state is (my_state).
- *
- * This all works fine because if the peer sends a positive request, the data
- * that we receive prior to negative acknowlegment will probably be affected
- * by the positive state, and we can process it as such (if we can; if we
- * can't then it really doesn't matter).  If it is that important, then the
- * peer probably should be buffering until this option state negotiation
- * is complete.
- *
- */
-void
-send_do(int option, int init)
-{
-    if (init) {
-	if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
-	    his_want_state_is_will(option))
-	    return;
-	/*
-	 * Special case for TELOPT_TM:  We send a DO, but pretend
-	 * that we sent a DONT, so that we can send more DOs if
-	 * we want to.
-	 */
-	if (option == TELOPT_TM)
-	    set_his_want_state_wont(option);
-	else
-	    set_his_want_state_will(option);
-	do_dont_resp[option]++;
-    }
-    output_data((const char *)doopt, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send do", option));
-}
-
-#ifdef	AUTHENTICATION
-extern void auth_request(void);
-#endif
-#ifdef	ENCRYPTION
-extern void encrypt_send_support();
-#endif
-
-void
-willoption(int option)
-{
-    int changeok = 0;
-    void (*func)() = 0;
-
-    /*
-     * process input from peer.
-     */
-
-    DIAG(TD_OPTIONS, printoption("td: recv will", option));
-
-    if (do_dont_resp[option]) {
-	do_dont_resp[option]--;
-	if (do_dont_resp[option] && his_state_is_will(option))
-	    do_dont_resp[option]--;
-    }
-    if (do_dont_resp[option] == 0) {
-	if (his_want_state_is_wont(option)) {
-	    switch (option) {
-
-	    case TELOPT_BINARY:
-		init_termbuf();
-		tty_binaryin(1);
-		set_termbuf();
-		changeok++;
-		break;
-
-	    case TELOPT_ECHO:
-		/*
-		 * See comments below for more info.
-		 */
-		not42 = 0;	/* looks like a 4.2 system */
-		break;
-
-	    case TELOPT_TM:
-		/*
-		 * We never respond to a WILL TM, and
-		 * we leave the state WONT.
-		 */
-		return;
-
-	    case TELOPT_LFLOW:
-		/*
-		 * If we are going to support flow control
-		 * option, then don't worry peer that we can't
-		 * change the flow control characters.
-		 */
-		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
-		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
-	    case TELOPT_TTYPE:
-	    case TELOPT_SGA:
-	    case TELOPT_NAWS:
-	    case TELOPT_TSPEED:
-	    case TELOPT_XDISPLOC:
-	    case TELOPT_NEW_ENVIRON:
-	    case TELOPT_OLD_ENVIRON:
-		changeok++;
-		break;
-
-
-#ifdef	AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		func = auth_request;
-		changeok++;
-		break;
-#endif
-
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:
-		func = encrypt_send_support;
-		changeok++;
-		break;
-#endif
-			
-	    default:
-		break;
-	    }
-	    if (changeok) {
-		set_his_want_state_will(option);
-		send_do(option, 0);
-	    } else {
-		do_dont_resp[option]++;
-		send_dont(option, 0);
-	    }
-	} else {
-	    /*
-	     * Option processing that should happen when
-	     * we receive conformation of a change in
-	     * state that we had requested.
-	     */
-	    switch (option) {
-	    case TELOPT_ECHO:
-		not42 = 0;	/* looks like a 4.2 system */
-		/*
-		 * Egads, he responded "WILL ECHO".  Turn
-		 * it off right now!
-		 */
-		send_dont(option, 1);
-		/*
-		 * "WILL ECHO".  Kludge upon kludge!
-		 * A 4.2 client is now echoing user input at
-		 * the tty.  This is probably undesireable and
-		 * it should be stopped.  The client will
-		 * respond WONT TM to the DO TM that we send to
-		 * check for kludge linemode.  When the WONT TM
-		 * arrives, linemode will be turned off and a
-		 * change propogated to the pty.  This change
-		 * will cause us to process the new pty state
-		 * in localstat(), which will notice that
-		 * linemode is off and send a WILL ECHO
-		 * so that we are properly in character mode and
-		 * all is well.
-		 */
-		break;
-
-#ifdef	AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		func = auth_request;
-		break;
-#endif
-
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:
-		func = encrypt_send_support;
-		break;
-#endif
-
-	    case TELOPT_LFLOW:
-		func = flowstat;
-		break;
-	    }
-	}
-    }
-    set_his_state_will(option);
-    if (func)
-	(*func)();
-}  /* end of willoption */
-
-void
-send_dont(int option, int init)
-{
-    if (init) {
-	if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
-	    his_want_state_is_wont(option))
-	    return;
-	set_his_want_state_wont(option);
-	do_dont_resp[option]++;
-    }
-    output_data((const char *)dont, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send dont", option));
-}
-
-void
-wontoption(int option)
-{
-    /*
-     * Process client input.
-	 */
-
-    DIAG(TD_OPTIONS, printoption("td: recv wont", option));
-
-    if (do_dont_resp[option]) {
-	do_dont_resp[option]--;
-	if (do_dont_resp[option] && his_state_is_wont(option))
-	    do_dont_resp[option]--;
-    }
-    if (do_dont_resp[option] == 0) {
-	if (his_want_state_is_will(option)) {
-	    /* it is always ok to change to negative state */
-	    switch (option) {
-	    case TELOPT_ECHO:
-		not42 = 1; /* doesn't seem to be a 4.2 system */
-		break;
-
-	    case TELOPT_BINARY:
-		init_termbuf();
-		tty_binaryin(0);
-		set_termbuf();
-		break;
-
-	    case TELOPT_TM:
-		/*
-		 * If we get a WONT TM, and had sent a DO TM,
-		 * don't respond with a DONT TM, just leave it
-		 * as is.  Short circut the state machine to
-		 * achive this.
-		 */
-		set_his_want_state_wont(TELOPT_TM);
-		return;
-
-	    case TELOPT_LFLOW:
-		/*
-		 * If we are not going to support flow control
-		 * option, then let peer know that we can't
-		 * change the flow control characters.
-		 */
-		slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
-		slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-		slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
-		break;
-
-#ifdef AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		auth_finished(0, AUTH_REJECT);
-		break;
-#endif
-
-		/*
-		 * For options that we might spin waiting for
-		 * sub-negotiation, if the client turns off the
-		 * option rather than responding to the request,
-		 * we have to treat it here as if we got a response
-		 * to the sub-negotiation, (by updating the timers)
-		 * so that we'll break out of the loop.
-		 */
-	    case TELOPT_TTYPE:
-		settimer(ttypesubopt);
-		break;
-
-	    case TELOPT_TSPEED:
-		settimer(tspeedsubopt);
-		break;
-
-	    case TELOPT_XDISPLOC:
-		settimer(xdisplocsubopt);
-		break;
-
-	    case TELOPT_OLD_ENVIRON:
-		settimer(oenvironsubopt);
-		break;
-
-	    case TELOPT_NEW_ENVIRON:
-		settimer(environsubopt);
-		break;
-
-	    default:
-		break;
-	    }
-	    set_his_want_state_wont(option);
-	    if (his_state_is_will(option))
-		send_dont(option, 0);
-	} else {
-	    switch (option) {
-	    case TELOPT_TM:
-		break;
-
-#ifdef AUTHENTICATION
-	    case TELOPT_AUTHENTICATION:
-		auth_finished(0, AUTH_REJECT);
-		break;
-#endif
-	    default:
-		break;
-	    }
-	}
-    }
-    set_his_state_wont(option);
-
-}  /* end of wontoption */
-
-void
-send_will(int option, int init)
-{
-    if (init) {
-	if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
-	    my_want_state_is_will(option))
-	    return;
-	set_my_want_state_will(option);
-	will_wont_resp[option]++;
-    }
-    output_data ((const char *)will, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send will", option));
-}
-
-/*
- * When we get a DONT SGA, we will try once to turn it
- * back on.  If the other side responds DONT SGA, we
- * leave it at that.  This is so that when we talk to
- * clients that understand KLUDGELINEMODE but not LINEMODE,
- * we'll keep them in char-at-a-time mode.
- */
-int turn_on_sga = 0;
-
-void
-dooption(int option)
-{
-    int changeok = 0;
-
-    /*
-     * Process client input.
-     */
-
-    DIAG(TD_OPTIONS, printoption("td: recv do", option));
-
-    if (will_wont_resp[option]) {
-	will_wont_resp[option]--;
-	if (will_wont_resp[option] && my_state_is_will(option))
-	    will_wont_resp[option]--;
-    }
-    if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
-	switch (option) {
-	case TELOPT_ECHO:
-	    {
-		init_termbuf();
-		tty_setecho(1);
-		set_termbuf();
-	    }
-	changeok++;
-	break;
-
-	case TELOPT_BINARY:
-	    init_termbuf();
-	    tty_binaryout(1);
-	    set_termbuf();
-	    changeok++;
-	    break;
-
-	case TELOPT_SGA:
-	    turn_on_sga = 0;
-	    changeok++;
-	    break;
-
-	case TELOPT_STATUS:
-	    changeok++;
-	    break;
-
-	case TELOPT_TM:
-	    /*
-	     * Special case for TM.  We send a WILL, but
-	     * pretend we sent a WONT.
-	     */
-	    send_will(option, 0);
-	    set_my_want_state_wont(option);
-	    set_my_state_wont(option);
-	    return;
-
-	case TELOPT_LOGOUT:
-	    /*
-	     * When we get a LOGOUT option, respond
-	     * with a WILL LOGOUT, make sure that
-	     * it gets written out to the network,
-	     * and then just go away...
-	     */
-	    set_my_want_state_will(TELOPT_LOGOUT);
-	    send_will(TELOPT_LOGOUT, 0);
-	    set_my_state_will(TELOPT_LOGOUT);
-	    netflush();
-	    cleanup(0);
-	    /* NOT REACHED */
-	    break;
-
-#ifdef ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    changeok++;
-	    break;
-#endif
-	case TELOPT_LINEMODE:
-	case TELOPT_TTYPE:
-	case TELOPT_NAWS:
-	case TELOPT_TSPEED:
-	case TELOPT_LFLOW:
-	case TELOPT_XDISPLOC:
-#ifdef	TELOPT_ENVIRON
-	case TELOPT_NEW_ENVIRON:
-#endif
-	case TELOPT_OLD_ENVIRON:
-	default:
-	    break;
-	}
-	if (changeok) {
-	    set_my_want_state_will(option);
-	    send_will(option, 0);
-	} else {
-	    will_wont_resp[option]++;
-	    send_wont(option, 0);
-	}
-    }
-    set_my_state_will(option);
-
-}  /* end of dooption */
-
-void
-send_wont(int option, int init)
-{
-    if (init) {
-	if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
-	    my_want_state_is_wont(option))
-	    return;
-	set_my_want_state_wont(option);
-	will_wont_resp[option]++;
-    }
-    output_data ((const char *)wont, option);
-
-    DIAG(TD_OPTIONS, printoption("td: send wont", option));
-}
-
-void
-dontoption(int option)
-{
-    /*
-     * Process client input.
-	 */
-
-
-    DIAG(TD_OPTIONS, printoption("td: recv dont", option));
-
-    if (will_wont_resp[option]) {
-	will_wont_resp[option]--;
-	if (will_wont_resp[option] && my_state_is_wont(option))
-	    will_wont_resp[option]--;
-    }
-    if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
-	switch (option) {
-	case TELOPT_BINARY:
-	    init_termbuf();
-	    tty_binaryout(0);
-	    set_termbuf();
-	    break;
-
-	case TELOPT_ECHO:	/* we should stop echoing */
-	    {
-		init_termbuf();
-		tty_setecho(0);
-		set_termbuf();
-	    }
-	break;
-
-	case TELOPT_SGA:
-	    set_my_want_state_wont(option);
-	    if (my_state_is_will(option))
-		send_wont(option, 0);
-	    set_my_state_wont(option);
-	    if (turn_on_sga ^= 1)
-		send_will(option, 1);
-	    return;
-
-	default:
-	    break;
-	}
-
-	set_my_want_state_wont(option);
-	if (my_state_is_will(option))
-	    send_wont(option, 0);
-    }
-    set_my_state_wont(option);
-
-}  /* end of dontoption */
-
-#ifdef	ENV_HACK
-int env_ovar = -1;
-int env_ovalue = -1;
-#else	/* ENV_HACK */
-# define env_ovar OLD_ENV_VAR
-# define env_ovalue OLD_ENV_VALUE
-#endif	/* ENV_HACK */
-
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *	Terminal type is
- *	Linemode
- *	Window size
- *	Terminal speed
- */
-void
-suboption(void)
-{
-    int subchar;
-
-    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
-
-    subchar = SB_GET();
-    switch (subchar) {
-    case TELOPT_TSPEED: {
-	int xspeed, rspeed;
-
-	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
-	    break;
-
-	settimer(tspeedsubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-	    return;
-
-	xspeed = atoi((char *)subpointer);
-
-	while (SB_GET() != ',' && !SB_EOF());
-	if (SB_EOF())
-	    return;
-
-	rspeed = atoi((char *)subpointer);
-	clientstat(TELOPT_TSPEED, xspeed, rspeed);
-
-	break;
-
-    }  /* end of case TELOPT_TSPEED */
-
-    case TELOPT_TTYPE: {		/* Yaaaay! */
-	static char terminalname[41];
-
-	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
-	    break;
-	settimer(ttypesubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
-	    return;		/* ??? XXX but, this is the most robust */
-	}
-
-	terminaltype = terminalname;
-
-	while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
-	       !SB_EOF()) {
-	    int c;
-
-	    c = SB_GET();
-	    if (isupper(c)) {
-		c = tolower(c);
-	    }
-	    *terminaltype++ = c;    /* accumulate name */
-	}
-	*terminaltype = 0;
-	terminaltype = terminalname;
-	break;
-    }  /* end of case TELOPT_TTYPE */
-
-    case TELOPT_NAWS: {
-	int xwinsize, ywinsize;
-
-	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
-	    break;
-
-	if (SB_EOF())
-	    return;
-	xwinsize = SB_GET() << 8;
-	if (SB_EOF())
-	    return;
-	xwinsize |= SB_GET();
-	if (SB_EOF())
-	    return;
-	ywinsize = SB_GET() << 8;
-	if (SB_EOF())
-	    return;
-	ywinsize |= SB_GET();
-	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
-
-	break;
-
-    }  /* end of case TELOPT_NAWS */
-
-    case TELOPT_STATUS: {
-	int mode;
-
-	if (SB_EOF())
-	    break;
-	mode = SB_GET();
-	switch (mode) {
-	case TELQUAL_SEND:
-	    if (my_state_is_will(TELOPT_STATUS))
-		send_status();
-	    break;
-
-	case TELQUAL_IS:
-	    break;
-
-	default:
-	    break;
-	}
-	break;
-    }  /* end of case TELOPT_STATUS */
-
-    case TELOPT_XDISPLOC: {
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-	    return;
-	settimer(xdisplocsubopt);
-	subpointer[SB_LEN()] = '\0';
-	esetenv("DISPLAY", (char *)subpointer, 1);
-	break;
-    }  /* end of case TELOPT_XDISPLOC */
-
-#ifdef	TELOPT_NEW_ENVIRON
-    case TELOPT_NEW_ENVIRON:
-#endif
-    case TELOPT_OLD_ENVIRON: {
-	int c;
-	char *cp, *varp, *valp;
-
-	if (SB_EOF())
-	    return;
-	c = SB_GET();
-	if (c == TELQUAL_IS) {
-	    if (subchar == TELOPT_OLD_ENVIRON)
-		settimer(oenvironsubopt);
-	    else
-		settimer(environsubopt);
-	} else if (c != TELQUAL_INFO) {
-	    return;
-	}
-
-#ifdef	TELOPT_NEW_ENVIRON
-	if (subchar == TELOPT_NEW_ENVIRON) {
-	    while (!SB_EOF()) {
-		c = SB_GET();
-		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
-		    break;
-	    }
-	} else
-#endif
-	    {
-#ifdef	ENV_HACK
-		/*
-		 * We only want to do this if we haven't already decided
-		 * whether or not the other side has its VALUE and VAR
-		 * reversed.
-		 */
-		if (env_ovar < 0) {
-		    int last = -1;		/* invalid value */
-		    int empty = 0;
-		    int got_var = 0, got_value = 0, got_uservar = 0;
-
-		    /*
-		     * The other side might have its VALUE and VAR values
-		     * reversed.  To be interoperable, we need to determine
-		     * which way it is.  If the first recognized character
-		     * is a VAR or VALUE, then that will tell us what
-		     * type of client it is.  If the fist recognized
-		     * character is a USERVAR, then we continue scanning
-		     * the suboption looking for two consecutive
-		     * VAR or VALUE fields.  We should not get two
-		     * consecutive VALUE fields, so finding two
-		     * consecutive VALUE or VAR fields will tell us
-		     * what the client is.
-		     */
-		    SB_SAVE();
-		    while (!SB_EOF()) {
-			c = SB_GET();
-			switch(c) {
-			case OLD_ENV_VAR:
-			    if (last < 0 || last == OLD_ENV_VAR
-				|| (empty && (last == OLD_ENV_VALUE)))
-				goto env_ovar_ok;
-			    got_var++;
-			    last = OLD_ENV_VAR;
-			    break;
-			case OLD_ENV_VALUE:
-			    if (last < 0 || last == OLD_ENV_VALUE
-				|| (empty && (last == OLD_ENV_VAR)))
-				goto env_ovar_wrong;
-			    got_value++;
-			    last = OLD_ENV_VALUE;
-			    break;
-			case ENV_USERVAR:
-			    /* count strings of USERVAR as one */
-			    if (last != ENV_USERVAR)
-				got_uservar++;
-			    if (empty) {
-				if (last == OLD_ENV_VALUE)
-				    goto env_ovar_ok;
-				if (last == OLD_ENV_VAR)
-				    goto env_ovar_wrong;
-			    }
-			    last = ENV_USERVAR;
-			    break;
-			case ENV_ESC:
-			    if (!SB_EOF())
-				c = SB_GET();
-			    /* FALL THROUGH */
-			default:
-			    empty = 0;
-			    continue;
-			}
-			empty = 1;
-		    }
-		    if (empty) {
-			if (last == OLD_ENV_VALUE)
-			    goto env_ovar_ok;
-			if (last == OLD_ENV_VAR)
-			    goto env_ovar_wrong;
-		    }
-		    /*
-		     * Ok, the first thing was a USERVAR, and there
-		     * are not two consecutive VAR or VALUE commands,
-		     * and none of the VAR or VALUE commands are empty.
-		     * If the client has sent us a well-formed option,
-		     * then the number of VALUEs received should always
-		     * be less than or equal to the number of VARs and
-		     * USERVARs received.
-		     *
-		     * If we got exactly as many VALUEs as VARs and
-		     * USERVARs, the client has the same definitions.
-		     *
-		     * If we got exactly as many VARs as VALUEs and
-		     * USERVARS, the client has reversed definitions.
-		     */
-		    if (got_uservar + got_var == got_value) {
-		    env_ovar_ok:
-			env_ovar = OLD_ENV_VAR;
-			env_ovalue = OLD_ENV_VALUE;
-		    } else if (got_uservar + got_value == got_var) {
-		    env_ovar_wrong:
-			env_ovar = OLD_ENV_VALUE;
-			env_ovalue = OLD_ENV_VAR;
-			DIAG(TD_OPTIONS, {
-			    output_data("ENVIRON VALUE and VAR are reversed!\r\n");
-			});
-
-		    }
-		}
-		SB_RESTORE();
-#endif
-
-		while (!SB_EOF()) {
-		    c = SB_GET();
-		    if ((c == env_ovar) || (c == ENV_USERVAR))
-			break;
-		}
-	    }
-
-	if (SB_EOF())
-	    return;
-
-	cp = varp = (char *)subpointer;
-	valp = 0;
-
-	while (!SB_EOF()) {
-	    c = SB_GET();
-	    if (subchar == TELOPT_OLD_ENVIRON) {
-		if (c == env_ovar)
-		    c = NEW_ENV_VAR;
-		else if (c == env_ovalue)
-		    c = NEW_ENV_VALUE;
-	    }
-	    switch (c) {
-
-	    case NEW_ENV_VALUE:
-		*cp = '\0';
-		cp = valp = (char *)subpointer;
-		break;
-
-	    case NEW_ENV_VAR:
-	    case ENV_USERVAR:
-		*cp = '\0';
-		if (valp)
-		    esetenv(varp, valp, 1);
-		else
-		    unsetenv(varp);
-		cp = varp = (char *)subpointer;
-		valp = 0;
-		break;
-
-	    case ENV_ESC:
-		if (SB_EOF())
-		    break;
-		c = SB_GET();
-		/* FALL THROUGH */
-	    default:
-		*cp++ = c;
-		break;
-	    }
-	}
-	*cp = '\0';
-	if (valp)
-	    esetenv(varp, valp, 1);
-	else
-	    unsetenv(varp);
-	break;
-    }  /* end of case TELOPT_NEW_ENVIRON */
-#ifdef AUTHENTICATION
-    case TELOPT_AUTHENTICATION:
-	if (SB_EOF())
-	    break;
-	switch(SB_GET()) {
-	case TELQUAL_SEND:
-	case TELQUAL_REPLY:
-	    /*
-	     * These are sent by us and cannot be sent by
-	     * the client.
-	     */
-	    break;
-	case TELQUAL_IS:
-	    auth_is(subpointer, SB_LEN());
-	    break;
-	case TELQUAL_NAME:
-	    auth_name(subpointer, SB_LEN());
-	    break;
-	}
-	break;
-#endif
-#ifdef ENCRYPTION
-    case TELOPT_ENCRYPT:
-	if (SB_EOF())
-	    break;
-	switch(SB_GET()) {
-	case ENCRYPT_SUPPORT:
-	    encrypt_support(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_IS:
-	    encrypt_is(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_REPLY:
-	    encrypt_reply(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_START:
-	    encrypt_start(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_END:
-	    encrypt_end();
-	    break;
-	case ENCRYPT_REQSTART:
-	    encrypt_request_start(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_REQEND:
-	    /*
-	     * We can always send an REQEND so that we cannot
-	     * get stuck encrypting.  We should only get this
-	     * if we have been able to get in the correct mode
-	     * anyhow.
-	     */
-	    encrypt_request_end();
-	    break;
-	case ENCRYPT_ENC_KEYID:
-	    encrypt_enc_keyid(subpointer, SB_LEN());
-	    break;
-	case ENCRYPT_DEC_KEYID:
-	    encrypt_dec_keyid(subpointer, SB_LEN());
-	    break;
-	default:
-	    break;
-	}
-	break;
-#endif
-
-    default:
-	break;
-    }  /* end of switch */
-
-}  /* end of suboption */
-
-void
-doclientstat(void)
-{
-    clientstat(TELOPT_LINEMODE, WILL, 0);
-}
-
-#define	ADD(c)	 *ncp++ = c
-#define	ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
-
-void
-send_status(void)
-{
-    unsigned char statusbuf[256];
-    unsigned char *ncp;
-    unsigned char i;
-
-    ncp = statusbuf;
-
-    netflush();	/* get rid of anything waiting to go out */
-
-    ADD(IAC);
-    ADD(SB);
-    ADD(TELOPT_STATUS);
-    ADD(TELQUAL_IS);
-
-    /*
-     * We check the want_state rather than the current state,
-     * because if we received a DO/WILL for an option that we
-     * don't support, and the other side didn't send a DONT/WONT
-     * in response to our WONT/DONT, then the "state" will be
-     * WILL/DO, and the "want_state" will be WONT/DONT.  We
-     * need to go by the latter.
-     */
-    for (i = 0; i < (unsigned char)NTELOPTS; i++) {
-	if (my_want_state_is_will(i)) {
-	    ADD(WILL);
-	    ADD_DATA(i);
-	}
-	if (his_want_state_is_will(i)) {
-	    ADD(DO);
-	    ADD_DATA(i);
-	}
-    }
-
-    if (his_want_state_is_will(TELOPT_LFLOW)) {
-	ADD(SB);
-	ADD(TELOPT_LFLOW);
-	if (flowmode) {
-	    ADD(LFLOW_ON);
-	} else {
-	    ADD(LFLOW_OFF);
-	}
-	ADD(SE);
-
-	if (restartany >= 0) {
-	    ADD(SB);
-	    ADD(TELOPT_LFLOW);
-	    if (restartany) {
-		ADD(LFLOW_RESTART_ANY);
-	    } else {
-		ADD(LFLOW_RESTART_XON);
-	    }
-	    ADD(SE);
-	}
-    }
-
-
-    ADD(IAC);
-    ADD(SE);
-
-    writenet(statusbuf, ncp - statusbuf);
-    netflush();	/* Send it on its way */
-
-    DIAG(TD_OPTIONS,
-	 {printsub('>', statusbuf, ncp - statusbuf); netflush();});
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/sys_term.c b/crypto/heimdal/appl/telnet/telnetd/sys_term.c
deleted file mode 100644
index 23b24682ea75..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/sys_term.c
+++ /dev/null
@@ -1,1899 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: sys_term.c,v 1.104 2001/09/17 02:09:04 assar Exp $");
-
-#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
-# define PARENT_DOES_UTMP
-#endif
-
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-
-#ifdef HAVE_UTMPX_H
-struct	utmpx wtmp;
-#elif defined(HAVE_UTMP_H)
-struct	utmp wtmp;
-#endif /* HAVE_UTMPX_H */
-
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-int	utmp_len = sizeof(wtmp.ut_host);
-#else
-int	utmp_len = MaxHostNameLen;
-#endif
-
-#ifndef UTMP_FILE
-#ifdef _PATH_UTMP
-#define UTMP_FILE _PATH_UTMP
-#else
-#define UTMP_FILE "/etc/utmp"
-#endif
-#endif
-
-#if !defined(WTMP_FILE) && defined(_PATH_WTMP)
-#define WTMP_FILE _PATH_WTMP
-#endif
-
-#ifndef PARENT_DOES_UTMP
-#ifdef WTMP_FILE
-char	wtmpf[] = WTMP_FILE;
-#else
-char	wtmpf[]	= "/usr/adm/wtmp";
-#endif
-char	utmpf[] = UTMP_FILE;
-#else /* PARENT_DOES_UTMP */
-#ifdef WTMP_FILE
-char	wtmpf[] = WTMP_FILE;
-#else
-char	wtmpf[]	= "/etc/wtmp";
-#endif
-#endif /* PARENT_DOES_UTMP */
-
-#ifdef HAVE_TMPDIR_H
-#include <tmpdir.h>
-#endif	/* CRAY */
-
-#ifdef	STREAMSPTY
-
-#ifdef HAVE_SAC_H
-#include <sac.h>
-#endif
-
-#ifdef HAVE_SYS_STROPTS_H
-#include <sys/stropts.h>
-#endif
-
-#endif /* STREAMSPTY */
-
-#undef NOERROR
-
-#ifdef	HAVE_SYS_STREAM_H
-#ifdef  HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef __hpux
-#undef SE
-#endif
-#include <sys/stream.h>
-#endif
-#if !(defined(__sgi) || defined(__linux) || defined(_AIX)) && defined(HAVE_SYS_TTY)
-#include <sys/tty.h>
-#endif
-#ifdef	t_erase
-#undef	t_erase
-#undef	t_kill
-#undef	t_intrc
-#undef	t_quitc
-#undef	t_startc
-#undef	t_stopc
-#undef	t_eofc
-#undef	t_brkc
-#undef	t_suspc
-#undef	t_dsuspc
-#undef	t_rprntc
-#undef	t_flushc
-#undef	t_werasc
-#undef	t_lnextc
-#endif
-
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#else
-#ifdef HAVE_TERMIO_H
-#include <termio.h>
-#endif
-#endif
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
-#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-(tp)->c_cflag |= (val)
-#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
-#  ifdef CIBAUD
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
-     (tp)->c_cflag |= ((val)<<IBSHIFT)
-#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
-#  else
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-     (tp)->c_cflag |= (val)
-#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
-#  endif
-# endif /* TCSANOW */
-     struct termios termbuf, termbuf2;	/* pty control structure */
-# ifdef  STREAMSPTY
-     static int ttyfd = -1;
-     int really_stream = 0;
-# endif
-
-     const char *new_login = _PATH_LOGIN;
-
-/*
- * init_termbuf()
- * copy_termbuf(cp)
- * set_termbuf()
- *
- * These three routines are used to get and set the "termbuf" structure
- * to and from the kernel.  init_termbuf() gets the current settings.
- * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
- * set_termbuf() writes the structure into the kernel.
- */
-
-     void
-     init_termbuf(void)
-{
-# ifdef  STREAMSPTY
-    if (really_stream)
-	tcgetattr(ttyfd, &termbuf);
-    else
-# endif
-	tcgetattr(ourpty, &termbuf);
-    termbuf2 = termbuf;
-}
-
-void
-set_termbuf(void)
-{
-    /*
-     * Only make the necessary changes.
-	 */
-    if (memcmp(&termbuf, &termbuf2, sizeof(termbuf)))
-# ifdef  STREAMSPTY
-	if (really_stream)
-	    tcsetattr(ttyfd, TCSANOW, &termbuf);
-	else
-# endif
-	    tcsetattr(ourpty, TCSANOW, &termbuf);
-}
-
-
-/*
- * spcset(func, valp, valpp)
- *
- * This function takes various special characters (func), and
- * sets *valp to the current value of that character, and
- * *valpp to point to where in the "termbuf" structure that
- * value is kept.
- *
- * It returns the SLC_ level of support for this function.
- */
-
-
-int
-spcset(int func, cc_t *valp, cc_t **valpp)
-{
-
-#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
-    *valpp = &termbuf.c_cc[a]; \
-				   return(b);
-#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
-
-    switch(func) {
-    case SLC_EOF:
-	setval(VEOF, SLC_VARIABLE);
-    case SLC_EC:
-	setval(VERASE, SLC_VARIABLE);
-    case SLC_EL:
-	setval(VKILL, SLC_VARIABLE);
-    case SLC_IP:
-	setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-    case SLC_ABORT:
-	setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-    case SLC_XON:
-#ifdef	VSTART
-	setval(VSTART, SLC_VARIABLE);
-#else
-	defval(0x13);
-#endif
-    case SLC_XOFF:
-#ifdef	VSTOP
-	setval(VSTOP, SLC_VARIABLE);
-#else
-	defval(0x11);
-#endif
-    case SLC_EW:
-#ifdef	VWERASE
-	setval(VWERASE, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-    case SLC_RP:
-#ifdef	VREPRINT
-	setval(VREPRINT, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-    case SLC_LNEXT:
-#ifdef	VLNEXT
-	setval(VLNEXT, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-    case SLC_AO:
-#if	!defined(VDISCARD) && defined(VFLUSHO)
-# define VDISCARD VFLUSHO
-#endif
-#ifdef	VDISCARD
-	setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
-#else
-	defval(0);
-#endif
-    case SLC_SUSP:
-#ifdef	VSUSP
-	setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
-#else
-	defval(0);
-#endif
-#ifdef	VEOL
-    case SLC_FORW1:
-	setval(VEOL, SLC_VARIABLE);
-#endif
-#ifdef	VEOL2
-    case SLC_FORW2:
-	setval(VEOL2, SLC_VARIABLE);
-#endif
-    case SLC_AYT:
-#ifdef	VSTATUS
-	setval(VSTATUS, SLC_VARIABLE);
-#else
-	defval(0);
-#endif
-
-    case SLC_BRK:
-    case SLC_SYNCH:
-    case SLC_EOR:
-	defval(0);
-
-    default:
-	*valp = 0;
-	*valpp = 0;
-	return(SLC_NOSUPPORT);
-    }
-}
-
-#ifdef _CRAY
-/*
- * getnpty()
- *
- * Return the number of pty's configured into the system.
- */
-int
-getnpty()
-{
-#ifdef _SC_CRAY_NPTY
-    int numptys;
-
-    if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
-	return numptys;
-    else
-#endif /* _SC_CRAY_NPTY */
-	return 128;
-}
-#endif /* CRAY */
-
-/*
- * getpty()
- *
- * Allocate a pty.  As a side effect, the external character
- * array "line" contains the name of the slave side.
- *
- * Returns the file descriptor of the opened pty.
- */
-
-static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-char *line = Xline;
-
-#ifdef	_CRAY
-char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-#endif	/* CRAY */
-
-#if !defined(HAVE_PTSNAME) && defined(STREAMSPTY)
-static char *ptsname(int fd)
-{
-#ifdef HAVE_TTYNAME
-    return ttyname(fd);
-#else
-    return NULL;
-#endif
-}
-#endif
-
-int getpty(int *ptynum)
-{
-#ifdef __osf__ /* XXX */
-    int master;
-    int slave;
-    if(openpty(&master, &slave, line, 0, 0) == 0){
-	close(slave);
-	return master;
-    }
-    return -1;
-#else
-#ifdef HAVE__GETPTY
-    int master, slave;
-    char *p;
-    p = _getpty(&master, O_RDWR, 0600, 1);
-    if(p == NULL)
-	return -1;
-    strlcpy(line, p, sizeof(Xline));
-    return master;
-#else
-
-    int p;
-    char *cp, *p1, *p2;
-    int i;
-#if SunOS == 40
-    int dummy;
-#endif
-#if __linux
-    int master;
-    int slave;
-    if(openpty(&master, &slave, line, 0, 0) == 0){
-	close(slave);
-	return master;
-    }
-#else
-#ifdef	STREAMSPTY
-    char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", 
-		      "/dev/ptym/clone", 0 };
-
-    char **q;
-    for(q=clone; *q; q++){
-	p=open(*q, O_RDWR);
-	if(p >= 0){
-#ifdef HAVE_GRANTPT
-	    grantpt(p);
-#endif
-#ifdef HAVE_UNLOCKPT
-	    unlockpt(p);
-#endif
-	    strlcpy(line, ptsname(p), sizeof(Xline));
-	    really_stream = 1;
-	    return p;
-	}
-    }
-#endif /* STREAMSPTY */
-#ifndef _CRAY
-
-#ifndef	__hpux
-    snprintf(line, sizeof(Xline), "/dev/ptyXX");
-    p1 = &line[8];
-    p2 = &line[9];
-#else
-    snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
-    p1 = &line[13];
-    p2 = &line[14];
-#endif
-
-	
-    for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
-	struct stat stb;
-
-	*p1 = *cp;
-	*p2 = '0';
-	/*
-	 * This stat() check is just to keep us from
-	 * looping through all 256 combinations if there
-	 * aren't that many ptys available.
-	 */
-	if (stat(line, &stb) < 0)
-	    break;
-	for (i = 0; i < 16; i++) {
-	    *p2 = "0123456789abcdef"[i];
-	    p = open(line, O_RDWR);
-	    if (p > 0) {
-#ifndef	__hpux
-		line[5] = 't';
-#else
-		for (p1 = &line[8]; *p1; p1++)
-		    *p1 = *(p1+1);
-		line[9] = 't';
-#endif
-		chown(line, 0, 0);
-		chmod(line, 0600);
-#if SunOS == 40
-		if (ioctl(p, TIOCGPGRP, &dummy) == 0
-		    || errno != EIO) {
-		    chmod(line, 0666);
-		    close(p);
-		    line[5] = 'p';
-		} else
-#endif /* SunOS == 40 */
-		    return(p);
-	    }
-	}
-    }
-#else	/* CRAY */
-    extern lowpty, highpty;
-    struct stat sb;
-
-    for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
-	snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
-	p = open(myline, 2);
-	if (p < 0)
-	    continue;
-	snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
-	/*
-	 * Here are some shenanigans to make sure that there
-	 * are no listeners lurking on the line.
-	 */
-	if(stat(line, &sb) < 0) {
-	    close(p);
-	    continue;
-	}
-	if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
-	    chown(line, 0, 0);
-	    chmod(line, 0600);
-	    close(p);
-	    p = open(myline, 2);
-	    if (p < 0)
-		continue;
-	}
-	/*
-	 * Now it should be safe...check for accessability.
-	 */
-	if (access(line, 6) == 0)
-	    return(p);
-	else {
-	    /* no tty side to pty so skip it */
-	    close(p);
-	}
-    }
-#endif	/* CRAY */
-#endif	/* STREAMSPTY */
-#endif /* OPENPTY */
-    return(-1);
-#endif
-}
-
-
-int
-tty_isecho(void)
-{
-    return (termbuf.c_lflag & ECHO);
-}
-
-int
-tty_flowmode(void)
-{
-    return((termbuf.c_iflag & IXON) ? 1 : 0);
-}
-
-int
-tty_restartany(void)
-{
-    return((termbuf.c_iflag & IXANY) ? 1 : 0);
-}
-
-void
-tty_setecho(int on)
-{
-    if (on)
-	termbuf.c_lflag |= ECHO;
-    else
-	termbuf.c_lflag &= ~ECHO;
-}
-
-int
-tty_israw(void)
-{
-    return(!(termbuf.c_lflag & ICANON));
-}
-
-void
-tty_binaryin(int on)
-{
-    if (on) {
-	termbuf.c_iflag &= ~ISTRIP;
-    } else {
-	termbuf.c_iflag |= ISTRIP;
-    }
-}
-
-void
-tty_binaryout(int on)
-{
-    if (on) {
-	termbuf.c_cflag &= ~(CSIZE|PARENB);
-	termbuf.c_cflag |= CS8;
-	termbuf.c_oflag &= ~OPOST;
-    } else {
-	termbuf.c_cflag &= ~CSIZE;
-	termbuf.c_cflag |= CS7|PARENB;
-	termbuf.c_oflag |= OPOST;
-    }
-}
-
-int
-tty_isbinaryin(void)
-{
-    return(!(termbuf.c_iflag & ISTRIP));
-}
-
-int
-tty_isbinaryout(void)
-{
-    return(!(termbuf.c_oflag&OPOST));
-}
-
-
-int
-tty_issofttab(void)
-{
-# ifdef	OXTABS
-    return (termbuf.c_oflag & OXTABS);
-# endif
-# ifdef	TABDLY
-    return ((termbuf.c_oflag & TABDLY) == TAB3);
-# endif
-}
-
-void
-tty_setsofttab(int on)
-{
-    if (on) {
-# ifdef	OXTABS
-	termbuf.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-	termbuf.c_oflag &= ~TABDLY;
-	termbuf.c_oflag |= TAB3;
-# endif
-    } else {
-# ifdef	OXTABS
-	termbuf.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-	termbuf.c_oflag &= ~TABDLY;
-	termbuf.c_oflag |= TAB0;
-# endif
-    }
-}
-
-int
-tty_islitecho(void)
-{
-# ifdef	ECHOCTL
-    return (!(termbuf.c_lflag & ECHOCTL));
-# endif
-# ifdef	TCTLECH
-    return (!(termbuf.c_lflag & TCTLECH));
-# endif
-# if	!defined(ECHOCTL) && !defined(TCTLECH)
-    return (0);	/* assumes ctl chars are echoed '^x' */
-# endif
-}
-
-void
-tty_setlitecho(int on)
-{
-# ifdef	ECHOCTL
-    if (on)
-	termbuf.c_lflag &= ~ECHOCTL;
-    else
-	termbuf.c_lflag |= ECHOCTL;
-# endif
-# ifdef	TCTLECH
-    if (on)
-	termbuf.c_lflag &= ~TCTLECH;
-    else
-	termbuf.c_lflag |= TCTLECH;
-# endif
-}
-
-int
-tty_iscrnl(void)
-{
-    return (termbuf.c_iflag & ICRNL);
-}
-
-/*
- * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
- */
-#if B4800 != 4800
-#define	DECODE_BAUD
-#endif
-
-#ifdef	DECODE_BAUD
-
-/*
- * A table of available terminal speeds
- */
-struct termspeeds {
-    int	speed;
-    int	value;
-} termspeeds[] = {
-    { 0,      B0 },      { 50,    B50 },    { 75,     B75 },
-    { 110,    B110 },    { 134,   B134 },   { 150,    B150 },
-    { 200,    B200 },    { 300,   B300 },   { 600,    B600 },
-    { 1200,   B1200 },   { 1800,  B1800 },  { 2400,   B2400 },
-    { 4800,   B4800 },
-#ifdef	B7200
-    { 7200,  B7200 },
-#endif
-    { 9600,   B9600 },
-#ifdef	B14400
-    { 14400,  B14400 },
-#endif
-#ifdef	B19200
-    { 19200,  B19200 },
-#endif
-#ifdef	B28800
-    { 28800,  B28800 },
-#endif
-#ifdef	B38400
-    { 38400,  B38400 },
-#endif
-#ifdef	B57600
-    { 57600,  B57600 },
-#endif
-#ifdef	B115200
-    { 115200, B115200 },
-#endif
-#ifdef	B230400
-    { 230400, B230400 },
-#endif
-    { -1,     0 }
-};
-#endif	/* DECODE_BUAD */
-
-void
-tty_tspeed(int val)
-{
-#ifdef	DECODE_BAUD
-    struct termspeeds *tp;
-
-    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-	;
-    if (tp->speed == -1)	/* back up to last valid value */
-	--tp;
-    cfsetospeed(&termbuf, tp->value);
-#else	/* DECODE_BUAD */
-    cfsetospeed(&termbuf, val);
-#endif	/* DECODE_BUAD */
-}
-
-void
-tty_rspeed(int val)
-{
-#ifdef	DECODE_BAUD
-    struct termspeeds *tp;
-
-    for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-	;
-    if (tp->speed == -1)	/* back up to last valid value */
-	--tp;
-    cfsetispeed(&termbuf, tp->value);
-#else	/* DECODE_BAUD */
-    cfsetispeed(&termbuf, val);
-#endif	/* DECODE_BAUD */
-}
-
-#ifdef PARENT_DOES_UTMP
-extern	struct utmp wtmp;
-extern char wtmpf[];
-
-extern void utmp_sig_init (void);
-extern void utmp_sig_reset (void);
-extern void utmp_sig_wait (void);
-extern void utmp_sig_notify (int);
-# endif /* PARENT_DOES_UTMP */
-
-#ifdef STREAMSPTY
-
-/* I_FIND seems to live a life of its own */
-static int my_find(int fd, char *module)
-{
-#if defined(I_FIND) && defined(I_LIST)
-    static int flag;
-    static struct str_list sl;
-    int n;
-    int i;
-  
-    if(!flag){
-	n = ioctl(fd, I_LIST, 0);
-	if(n < 0){
-	    perror("ioctl(fd, I_LIST, 0)");
-	    return -1;
-	}
-	sl.sl_modlist=(struct str_mlist*)malloc(n * sizeof(struct str_mlist));
-	sl.sl_nmods = n;
-	n = ioctl(fd, I_LIST, &sl);
-	if(n < 0){
-	    perror("ioctl(fd, I_LIST, n)");
-	    return -1;
-	}
-	flag = 1;
-    }
-  
-    for(i=0; i<sl.sl_nmods; i++)
-	if(!strcmp(sl.sl_modlist[i].l_name, module))
-	    return 1;
-#endif
-    return 0;
-}
-
-static void maybe_push_modules(int fd, char **modules)
-{
-    char **p;
-    int err;
-
-    for(p=modules; *p; p++){
-	err = my_find(fd, *p);
-	if(err == 1)
-	    break;
-	if(err < 0 && errno != EINVAL)
-	    fatalperror(net, "my_find()");
-	/* module not pushed or does not exist */
-    }
-    /* p points to null or to an already pushed module, now push all
-       modules before this one */
-  
-    for(p--; p >= modules; p--){
-	err = ioctl(fd, I_PUSH, *p);
-	if(err < 0 && errno != EINVAL)
-	    fatalperror(net, "I_PUSH");
-    }
-}
-#endif
-
-/*
- * getptyslave()
- *
- * Open the slave side of the pty, and do any initialization
- * that is necessary.  The return value is a file descriptor
- * for the slave side.
- */
-void getptyslave(void)
-{
-    int t = -1;
-
-    struct winsize ws;
-    /*
-     * Opening the slave side may cause initilization of the
-     * kernel tty structure.  We need remember the state of
-     * 	if linemode was turned on
-     *	terminal window size
-     *	terminal speed
-     * so that we can re-set them if we need to.
-     */
-
-
-    /*
-     * Make sure that we don't have a controlling tty, and
-     * that we are the session (process group) leader.
-     */
-
-#ifdef HAVE_SETSID
-    if(setsid()<0)
-	fatalperror(net, "setsid()");
-#else
-# ifdef	TIOCNOTTY
-    t = open(_PATH_TTY, O_RDWR);
-    if (t >= 0) {
-	ioctl(t, TIOCNOTTY, (char *)0);
-	close(t);
-    }
-# endif
-#endif
-
-# ifdef PARENT_DOES_UTMP
-    /*
-     * Wait for our parent to get the utmp stuff to get done.
-     */
-    utmp_sig_wait();
-# endif
-
-    t = cleanopen(line);
-    if (t < 0)
-	fatalperror(net, line);
-
-#ifdef  STREAMSPTY
-    ttyfd = t;
-	  
-
-    /*
-     * Not all systems have (or need) modules ttcompat and pckt so
-     * don't flag it as a fatal error if they don't exist.
-     */
-
-    if (really_stream)
-	{
-	    /* these are the streams modules that we want pushed. note
-	       that they are in reverse order, ptem will be pushed
-	       first. maybe_push_modules() will try to push all modules
-	       before the first one that isn't already pushed. i.e if
-	       ldterm is pushed, only ttcompat will be attempted.
-
-	       all this is because we don't know which modules are
-	       available, and we don't know which modules are already
-	       pushed (via autopush, for instance).
-
-	       */
-	     
-	    char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
-	    char *ptymodules[] = { "pckt", NULL };
-
-	    maybe_push_modules(t, ttymodules);
-	    maybe_push_modules(ourpty, ptymodules);
-	}
-#endif
-    /*
-     * set up the tty modes as we like them to be.
-     */
-    init_termbuf();
-# ifdef	TIOCSWINSZ
-    if (def_row || def_col) {
-	memset(&ws, 0, sizeof(ws));
-	ws.ws_col = def_col;
-	ws.ws_row = def_row;
-	ioctl(t, TIOCSWINSZ, (char *)&ws);
-    }
-# endif
-
-    /*
-     * Settings for sgtty based systems
-     */
-
-    /*
-     * Settings for UNICOS (and HPUX)
-     */
-# if defined(_CRAY) || defined(__hpux)
-    termbuf.c_oflag = OPOST|ONLCR|TAB3;
-    termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
-    termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
-    termbuf.c_cflag = EXTB|HUPCL|CS8;
-# endif
-
-    /*
-     * Settings for all other termios/termio based
-     * systems, other than 4.4BSD.  In 4.4BSD the
-     * kernel does the initial terminal setup.
-     */
-# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43)
-#  ifndef	OXTABS
-#   define OXTABS	0
-#  endif
-    termbuf.c_lflag |= ECHO;
-    termbuf.c_oflag |= ONLCR|OXTABS;
-    termbuf.c_iflag |= ICRNL;
-    termbuf.c_iflag &= ~IXOFF;
-# endif
-    tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
-    tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
-
-    /*
-     * Set the tty modes, and make this our controlling tty.
-     */
-    set_termbuf();
-    if (login_tty(t) == -1)
-	fatalperror(net, "login_tty");
-    if (net > 2)
-	close(net);
-    if (ourpty > 2) {
-	close(ourpty);
-	ourpty = -1;
-    }
-}
-
-#ifndef	O_NOCTTY
-#define	O_NOCTTY	0
-#endif
-/*
- * Open the specified slave side of the pty,
- * making sure that we have a clean tty.
- */
-
-int cleanopen(char *line)
-{
-    int t;
-
-#ifdef STREAMSPTY
-    if (!really_stream)
-#endif
-	{
-	    /*
-	     * Make sure that other people can't open the
-	     * slave side of the connection.
-	     */
-	    chown(line, 0, 0);
-	    chmod(line, 0600);
-	}
-
-#ifdef HAVE_REVOKE
-    revoke(line);
-#endif
-
-    t = open(line, O_RDWR|O_NOCTTY);
-
-    if (t < 0)
-	return(-1);
-
-    /*
-     * Hangup anybody else using this ttyp, then reopen it for
-     * ourselves.
-     */
-# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
-    signal(SIGHUP, SIG_IGN);
-#ifdef HAVE_VHANGUP
-    vhangup();
-#else
-#endif
-    signal(SIGHUP, SIG_DFL);
-    t = open(line, O_RDWR|O_NOCTTY);
-    if (t < 0)
-	return(-1);
-# endif
-# if	defined(_CRAY) && defined(TCVHUP)
-    {
-	int i;
-	signal(SIGHUP, SIG_IGN);
-	ioctl(t, TCVHUP, (char *)0);
-	signal(SIGHUP, SIG_DFL);
-
-	i = open(line, O_RDWR);
-
-	if (i < 0)
-	    return(-1);
-	close(t);
-	t = i;
-    }
-# endif	/* defined(CRAY) && defined(TCVHUP) */
-    return(t);
-}
-
-#if !defined(BSD4_4)
-
-int login_tty(int t)
-{
-# if defined(TIOCSCTTY) && !defined(__hpux)
-    if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
-	fatalperror(net, "ioctl(sctty)");
-#  ifdef _CRAY
-    /*
-     * Close the hard fd to /dev/ttypXXX, and re-open through
-     * the indirect /dev/tty interface.
-     */
-    close(t);
-    if ((t = open("/dev/tty", O_RDWR)) < 0)
-	fatalperror(net, "open(/dev/tty)");
-#  endif
-# else
-    /*
-     * We get our controlling tty assigned as a side-effect
-     * of opening up a tty device.  But on BSD based systems,
-     * this only happens if our process group is zero.  The
-     * setsid() call above may have set our pgrp, so clear
-     * it out before opening the tty...
-     */
-#ifdef HAVE_SETPGID
-    setpgid(0, 0);
-#else
-    setpgrp(0, 0); /* if setpgid isn't available, setpgrp
-		      probably takes arguments */
-#endif
-    close(open(line, O_RDWR));
-# endif
-    if (t != 0)
-	dup2(t, 0);
-    if (t != 1)
-	dup2(t, 1);
-    if (t != 2)
-	dup2(t, 2);
-    if (t > 2)
-	close(t);
-    return(0);
-}
-#endif	/* BSD <= 43 */
-
-/*
- * This comes from ../../bsd/tty.c and should not really be here.
- */
-
-/*
- * Clean the tty name.  Return a pointer to the cleaned version.
- */
-
-static char *
-clean_ttyname (char *tty)
-{
-  char *res = tty;
-
-  if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
-    res += strlen(_PATH_DEV);
-  if (strncmp (res, "pty/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "ptym/", 5) == 0)
-    res += 5;
-  return res;
-}
-
-/*
- * Generate a name usable as an `ut_id', typically without `tty'.
- */
-
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-static char *
-make_id (char *tty)
-{
-  char *res = tty;
-  
-  if (strncmp (res, "pts/", 4) == 0)
-    res += 4;
-  if (strncmp (res, "tty", 3) == 0)
-    res += 3;
-  return res;
-}
-#endif
-
-/*
- * startslave(host)
- *
- * Given a hostname, do whatever
- * is necessary to startup the login process on the slave side of the pty.
- */
-
-/* ARGSUSED */
-void
-startslave(const char *host, const char *utmp_host,
-	   int autologin, char *autoname)
-{
-    int i;
-
-#ifdef AUTHENTICATION
-    if (!autoname || !autoname[0])
-	autologin = 0;
-
-    if (autologin < auth_level) {
-	fatal(net, "Authorization failed");
-	exit(1);
-    }
-#endif
-
-    {
-	char *tbuf =
-	    "\r\n*** Connection not encrypted! "
-	    "Communication may be eavesdropped. ***\r\n";
-#ifdef ENCRYPTION
-	if (!no_warn && (encrypt_output == 0 || decrypt_input == 0))
-#endif
-	    writenet((unsigned char*)tbuf, strlen(tbuf));
-    }
-# ifdef	PARENT_DOES_UTMP
-    utmp_sig_init();
-# endif	/* PARENT_DOES_UTMP */
-
-    if ((i = fork()) < 0)
-	fatalperror(net, "fork");
-    if (i) {
-# ifdef PARENT_DOES_UTMP
-	/*
-	 * Cray parent will create utmp entry for child and send
-	 * signal to child to tell when done.  Child waits for signal
-	 * before doing anything important.
-	 */
-	int pid = i;
-	void sigjob (int);
-
-	setpgrp();
-	utmp_sig_reset();		/* reset handler to default */
-	/*
-	 * Create utmp entry for child
-	 */
-	wtmp.ut_time = time(NULL);
-	wtmp.ut_type = LOGIN_PROCESS;
-	wtmp.ut_pid = pid;
-	strncpy(wtmp.ut_user,  "LOGIN", sizeof(wtmp.ut_user));
-	strncpy(wtmp.ut_host,  utmp_host, sizeof(wtmp.ut_host));
-	strncpy(wtmp.ut_line,  clean_ttyname(line), sizeof(wtmp.ut_line));
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-	strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id));
-#endif
-
-	pututline(&wtmp);
-	endutent();
-	if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
-	    write(i, &wtmp, sizeof(struct utmp));
-	    close(i);
-	}
-#ifdef	_CRAY
-	signal(WJSIGNAL, sigjob);
-#endif
-	utmp_sig_notify(pid);
-# endif	/* PARENT_DOES_UTMP */
-    } else {
-	getptyslave();
-#if defined(DCE)
-	/* if we authenticated via K5, try and join the PAG */
-	kerberos5_dfspag();
-#endif
-	start_login(host, autologin, autoname);
-	/*NOTREACHED*/
-    }
-}
-
-char	*envinit[3];
-extern char **environ;
-
-void
-init_env(void)
-{
-    char **envp;
-
-    envp = envinit;
-    if ((*envp = getenv("TZ")))
-	*envp++ -= 3;
-#if defined(_CRAY) || defined(__hpux)
-    else
-	*envp++ = "TZ=GMT0";
-#endif
-    *envp = 0;
-    environ = envinit;
-}
-
-/*
- * scrub_env()
- *
- * We only accept the environment variables listed below.
- */
-
-static void
-scrub_env(void)
-{
-    static const char *reject[] = {
-	"TERMCAP=/",
-	NULL
-    };
-
-    static const char *accept[] = {
-	"XAUTH=", "XAUTHORITY=", "DISPLAY=",
-	"TERM=",
-	"EDITOR=",
-	"PAGER=",
-	"PRINTER=",
-	"LOGNAME=",
-	"POSIXLY_CORRECT=",
-	"TERMCAP=",
-	NULL
-    };
-
-    char **cpp, **cpp2;
-    const char **p;
-  
-    for (cpp2 = cpp = environ; *cpp; cpp++) {
-	int reject_it = 0;
-
-	for(p = reject; *p; p++)
-	    if(strncmp(*cpp, *p, strlen(*p)) == 0) {
-		reject_it = 1;
-		break;
-	    }
-	if (reject_it)
-	    continue;
-
-	for(p = accept; *p; p++)
-	    if(strncmp(*cpp, *p, strlen(*p)) == 0)
-		break;
-	if(*p != NULL)
-	    *cpp2++ = *cpp;
-    }
-    *cpp2 = NULL;
-}
-
-
-struct arg_val {
-    int size;
-    int argc;
-    const char **argv;
-};
-
-static void addarg(struct arg_val*, const char*);
-
-/*
- * start_login(host)
- *
- * Assuming that we are now running as a child processes, this
- * function will turn us into the login process.
- */
-
-void
-start_login(const char *host, int autologin, char *name)
-{
-    struct arg_val argv;
-    char *user;
-    int save_errno;
-
-#ifdef HAVE_UTMPX_H
-    int pid = getpid();
-    struct utmpx utmpx;
-    char *clean_tty;
-
-    /*
-     * Create utmp entry for child
-     */
-
-    clean_tty = clean_ttyname(line);
-    memset(&utmpx, 0, sizeof(utmpx));
-    strncpy(utmpx.ut_user,  ".telnet", sizeof(utmpx.ut_user));
-    strncpy(utmpx.ut_line,  clean_tty, sizeof(utmpx.ut_line));
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-    strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
-#endif
-    utmpx.ut_pid = pid;
-	
-    utmpx.ut_type = LOGIN_PROCESS;
-
-    gettimeofday (&utmpx.ut_tv, NULL);
-    if (pututxline(&utmpx) == NULL)
-	fatal(net, "pututxline failed");
-#endif
-
-    scrub_env();
-	
-    /*
-     * -h : pass on name of host.
-     *		WARNING:  -h is accepted by login if and only if
-     *			getuid() == 0.
-     * -p : don't clobber the environment (so terminal type stays set).
-     *
-     * -f : force this login, he has already been authenticated
-     */
-
-    /* init argv structure */ 
-    argv.size=0;
-    argv.argc=0;
-    argv.argv=malloc(0); /*so we can call realloc later */
-    addarg(&argv, "login");
-    addarg(&argv, "-h");
-    addarg(&argv, host);
-    addarg(&argv, "-p");
-    if(name[0])
-	user = name;
-    else
-	user = getenv("USER");
-#ifdef AUTHENTICATION
-    if (auth_level < 0 || autologin != AUTH_VALID) {
-	if(!no_warn) {
-	    printf("User not authenticated. ");
-	    if (require_otp)
-		printf("Using one-time password\r\n");
-	    else
-		printf("Using plaintext username and password\r\n");
-	}
-	if (require_otp) {
-	    addarg(&argv, "-a");
-	    addarg(&argv, "otp");
-	}
-	if(log_unauth) 
-	    syslog(LOG_INFO, "unauthenticated access from %s (%s)", 
-		   host, user ? user : "unknown user");
-    }
-    if (auth_level >= 0 && autologin == AUTH_VALID)
-	addarg(&argv, "-f");
-#endif
-    if(user){
-	addarg(&argv, "--");
-	addarg(&argv, strdup(user));
-    }
-    if (getenv("USER")) {
-	/*
-	 * Assume that login will set the USER variable
-	 * correctly.  For SysV systems, this means that
-	 * USER will no longer be set, just LOGNAME by
-	 * login.  (The problem is that if the auto-login
-	 * fails, and the user then specifies a different
-	 * account name, he can get logged in with both
-	 * LOGNAME and USER in his environment, but the
-	 * USER value will be wrong.
-	 */
-	unsetenv("USER");
-    }
-    closelog();
-    /*
-     * This sleep(1) is in here so that telnetd can
-     * finish up with the tty.  There's a race condition
-     * the login banner message gets lost...
-     */
-    sleep(1);
-
-    execv(new_login, argv.argv);
-    save_errno = errno;
-    syslog(LOG_ERR, "%s: %m\n", new_login);
-    fatalperror_errno(net, new_login, save_errno);
-    /*NOTREACHED*/
-}
-
-static void
-addarg(struct arg_val *argv, const char *val)
-{
-    if(argv->size <= argv->argc+1) {
-	argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10));
-	if (argv->argv == NULL)
-	    fatal (net, "realloc: out of memory");
-	argv->size+=10;
-    }
-    argv->argv[argv->argc++] = val;
-    argv->argv[argv->argc]   = NULL;
-}
-
-
-/*
- * rmut()
- *
- * This is the function called by cleanup() to
- * remove the utmp entry for this person.
- */
-
-#ifdef HAVE_UTMPX_H
-static void
-rmut(void)
-{
-    struct utmpx utmpx, *non_save_utxp;
-    char *clean_tty = clean_ttyname(line);
-
-    /*
-     * This updates the utmpx and utmp entries and make a wtmp/x entry
-     */
-
-    setutxent();
-    memset(&utmpx, 0, sizeof(utmpx));
-    strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
-    utmpx.ut_type = LOGIN_PROCESS;
-    non_save_utxp = getutxline(&utmpx);
-    if (non_save_utxp) {
-	struct utmpx *utxp;
-	char user0;
-
-	utxp = malloc(sizeof(struct utmpx));
-	*utxp = *non_save_utxp;
-	user0 = utxp->ut_user[0];
-	utxp->ut_user[0] = '\0';
-	utxp->ut_type = DEAD_PROCESS;
-#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
-#ifdef _STRUCT___EXIT_STATUS
-	utxp->ut_exit.__e_termination = 0;
-	utxp->ut_exit.__e_exit = 0;
-#elif defined(__osf__) /* XXX */
-	utxp->ut_exit.ut_termination = 0;
-	utxp->ut_exit.ut_exit = 0;
-#else	
-	utxp->ut_exit.e_termination = 0;
-	utxp->ut_exit.e_exit = 0;
-#endif
-#endif
-	gettimeofday(&utxp->ut_tv, NULL);
-	pututxline(utxp);
-#ifdef WTMPX_FILE
-	utxp->ut_user[0] = user0;
-	updwtmpx(WTMPX_FILE, utxp);
-#elif defined(WTMP_FILE)
-	/* This is a strange system with a utmpx and a wtmp! */
-	{
-	  int f = open(wtmpf, O_WRONLY|O_APPEND);
-	  struct utmp wtmp;
-	  if (f >= 0) {
-	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
-	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
-#endif
-	    wtmp.ut_time = time(NULL);
-	    write(f, &wtmp, sizeof(wtmp));
-	    close(f);
-	  }
-	}
-#endif
-	free (utxp);
-    }
-    endutxent();
-}  /* end of rmut */
-#endif
-
-#if !defined(HAVE_UTMPX_H) && !(defined(_CRAY) || defined(__hpux)) && BSD <= 43
-static void
-rmut(void)
-{
-    int f;
-    int found = 0;
-    struct utmp *u, *utmp;
-    int nutmp;
-    struct stat statbf;
-    char *clean_tty = clean_ttyname(line);
-
-    f = open(utmpf, O_RDWR);
-    if (f >= 0) {
-	fstat(f, &statbf);
-	utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
-	if (!utmp)
-	    syslog(LOG_ERR, "utmp malloc failed");
-	if (statbf.st_size && utmp) {
-	    nutmp = read(f, utmp, (int)statbf.st_size);
-	    nutmp /= sizeof(struct utmp);
-
-	    for (u = utmp ; u < &utmp[nutmp] ; u++) {
-		if (strncmp(u->ut_line,
-			    clean_tty,
-			    sizeof(u->ut_line)) ||
-		    u->ut_name[0]==0)
-		    continue;
-		lseek(f, ((long)u)-((long)utmp), L_SET);
-		strncpy(u->ut_name,  "", sizeof(u->ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-		strncpy(u->ut_host,  "", sizeof(u->ut_host));
-#endif
-		u->ut_time = time(NULL);
-		write(f, u, sizeof(wtmp));
-		found++;
-	    }
-	}
-	close(f);
-    }
-    if (found) {
-	f = open(wtmpf, O_WRONLY|O_APPEND);
-	if (f >= 0) {
-	    strncpy(wtmp.ut_line,  clean_tty, sizeof(wtmp.ut_line));
-	    strncpy(wtmp.ut_name,  "", sizeof(wtmp.ut_name));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-	    strncpy(wtmp.ut_host,  "", sizeof(wtmp.ut_host));
-#endif
-	    wtmp.ut_time = time(NULL);
-	    write(f, &wtmp, sizeof(wtmp));
-	    close(f);
-	}
-    }
-    chmod(line, 0666);
-    chown(line, 0, 0);
-    line[strlen("/dev/")] = 'p';
-    chmod(line, 0666);
-    chown(line, 0, 0);
-}  /* end of rmut */
-#endif	/* CRAY */
-
-#if defined(__hpux) && !defined(HAVE_UTMPX_H)
-static void
-rmut (char *line)
-{
-    struct utmp utmp;
-    struct utmp *utptr;
-    int fd;			/* for /etc/wtmp */
-
-    utmp.ut_type = USER_PROCESS;
-    strncpy(utmp.ut_line, clean_ttyname(line), sizeof(utmp.ut_line));
-    setutent();
-    utptr = getutline(&utmp);
-    /* write it out only if it exists */
-    if (utptr) {
-	utptr->ut_type = DEAD_PROCESS;
-	utptr->ut_time = time(NULL);
-	pututline(utptr);
-	/* set wtmp entry if wtmp file exists */
-	if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
-	    write(fd, utptr, sizeof(utmp));
-	    close(fd);
-	}
-    }
-    endutent();
-
-    chmod(line, 0666);
-    chown(line, 0, 0);
-    line[14] = line[13];
-    line[13] = line[12];
-    line[8] = 'm';
-    line[9] = '/';
-    line[10] = 'p';
-    line[11] = 't';
-    line[12] = 'y';
-    chmod(line, 0666);
-    chown(line, 0, 0);
-}
-#endif
-
-/*
- * cleanup()
- *
- * This is the routine to call when we are all through, to
- * clean up anything that needs to be cleaned up.
- */
-
-#ifdef PARENT_DOES_UTMP
-
-void
-cleanup(int sig)
-{
-#ifdef _CRAY
-    static int incleanup = 0;
-    int t;
-    int child_status; /* status of child process as returned by waitpid */
-    int flags = WNOHANG|WUNTRACED;
-    
-    /*
-     * 1: Pick up the zombie, if we are being called
-     *    as the signal handler.
-     * 2: If we are a nested cleanup(), return.
-     * 3: Try to clean up TMPDIR.
-     * 4: Fill in utmp with shutdown of process.
-     * 5: Close down the network and pty connections.
-     * 6: Finish up the TMPDIR cleanup, if needed.
-     */
-    if (sig == SIGCHLD) {
-	while (waitpid(-1, &child_status, flags) > 0)
-	    ;	/* VOID */
-	/* Check if the child process was stopped
-	 * rather than exited.  We want cleanup only if
-	 * the child has died.
-	 */
-	if (WIFSTOPPED(child_status)) {
-	    return;
-	}
-    }
-    t = sigblock(sigmask(SIGCHLD));
-    if (incleanup) {
-	sigsetmask(t);
-	return;
-    }
-    incleanup = 1;
-    sigsetmask(t);
-    
-    t = cleantmp(&wtmp);
-    setutent();	/* just to make sure */
-#endif /* CRAY */
-    rmut(line);
-    close(ourpty);
-    shutdown(net, 2);
-#ifdef _CRAY
-    if (t == 0)
-	cleantmp(&wtmp);
-#endif /* CRAY */
-    exit(1);
-}
-
-#else /* PARENT_DOES_UTMP */
-
-void
-cleanup(int sig)
-{
-#if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
-    rmut();
-#ifdef HAVE_VHANGUP
-#ifndef __sgi
-    vhangup(); /* XXX */
-#endif
-#endif
-#else
-    char *p;
-    
-    p = line + sizeof("/dev/") - 1;
-    if (logout(p))
-	logwtmp(p, "", "");
-    chmod(line, 0666);
-    chown(line, 0, 0);
-    *p = 'p';
-    chmod(line, 0666);
-    chown(line, 0, 0);
-#endif
-    shutdown(net, 2);
-    exit(1);
-}
-
-#endif /* PARENT_DOES_UTMP */
-
-#ifdef PARENT_DOES_UTMP
-/*
- * _utmp_sig_rcv
- * utmp_sig_init
- * utmp_sig_wait
- *	These three functions are used to coordinate the handling of
- *	the utmp file between the server and the soon-to-be-login shell.
- *	The server actually creates the utmp structure, the child calls
- *	utmp_sig_wait(), until the server calls utmp_sig_notify() and
- *	signals the future-login shell to proceed.
- */
-static int caught=0;		/* NZ when signal intercepted */
-static void (*func)();		/* address of previous handler */
-
-void
-_utmp_sig_rcv(sig)
-     int sig;
-{
-    caught = 1;
-    signal(SIGUSR1, func);
-}
-
-void
-utmp_sig_init()
-{
-    /*
-     * register signal handler for UTMP creation
-     */
-    if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
-	fatalperror(net, "telnetd/signal");
-}
-
-void
-utmp_sig_reset()
-{
-    signal(SIGUSR1, func);	/* reset handler to default */
-}
-
-# ifdef __hpux
-# define sigoff() /* do nothing */
-# define sigon() /* do nothing */
-# endif
-
-void
-utmp_sig_wait()
-{
-    /*
-     * Wait for parent to write our utmp entry.
-	 */
-    sigoff();
-    while (caught == 0) {
-	pause();	/* wait until we get a signal (sigon) */
-	sigoff();	/* turn off signals while we check caught */
-    }
-    sigon();		/* turn on signals again */
-}
-
-void
-utmp_sig_notify(pid)
-{
-    kill(pid, SIGUSR1);
-}
-
-#ifdef _CRAY
-static int gotsigjob = 0;
-
-	/*ARGSUSED*/
-void
-sigjob(sig)
-     int sig;
-{
-    int jid;
-    struct jobtemp *jp;
-
-    while ((jid = waitjob(NULL)) != -1) {
-	if (jid == 0) {
-	    return;
-	}
-	gotsigjob++;
-	jobend(jid, NULL, NULL);
-    }
-}
-
-/*
- *	jid_getutid:
- *		called by jobend() before calling cleantmp()
- *		to find the correct $TMPDIR to cleanup.
- */
-
-struct utmp *
-jid_getutid(jid)
-     int jid;
-{
-    struct utmp *cur = NULL;
-
-    setutent();	/* just to make sure */
-    while (cur = getutent()) {
-	if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
-	    return(cur);
-	}
-    }
-
-    return(0);
-}
-
-/*
- * Clean up the TMPDIR that login created.
- * The first time this is called we pick up the info
- * from the utmp.  If the job has already gone away,
- * then we'll clean up and be done.  If not, then
- * when this is called the second time it will wait
- * for the signal that the job is done.
- */
-int
-cleantmp(wtp)
-     struct utmp *wtp;
-{
-    struct utmp *utp;
-    static int first = 1;
-    int mask, omask, ret;
-    extern struct utmp *getutid (const struct utmp *_Id);
-
-
-    mask = sigmask(WJSIGNAL);
-
-    if (first == 0) {
-	omask = sigblock(mask);
-	while (gotsigjob == 0)
-	    sigpause(omask);
-	return(1);
-    }
-    first = 0;
-    setutent();	/* just to make sure */
-
-    utp = getutid(wtp);
-    if (utp == 0) {
-	syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
-	return(-1);
-    }
-    /*
-     * Nothing to clean up if the user shell was never started.
-     */
-    if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
-	return(1);
-
-    /*
-     * Block the WJSIGNAL while we are in jobend().
-     */
-    omask = sigblock(mask);
-    ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
-    sigsetmask(omask);
-    return(ret);
-}
-
-int
-jobend(jid, path, user)
-     int jid;
-     char *path;
-     char *user;
-{
-    static int saved_jid = 0;
-    static int pty_saved_jid = 0;
-    static char saved_path[sizeof(wtmp.ut_tpath)+1];
-    static char saved_user[sizeof(wtmp.ut_user)+1];
-
-    /*
-     * this little piece of code comes into play
-     * only when ptyreconnect is used to reconnect
-     * to an previous session.
-     *
-     * this is the only time when the
-     * "saved_jid != jid" code is executed.
-     */
-
-    if ( saved_jid && saved_jid != jid ) {
-	if (!path) {	/* called from signal handler */
-	    pty_saved_jid = jid;
-	} else {
-	    pty_saved_jid = saved_jid;
-	}
-    }
-
-    if (path) {
-	strncpy(saved_path, path, sizeof(wtmp.ut_tpath));
-	strncpy(saved_user, user, sizeof(wtmp.ut_user));
-	saved_path[sizeof(saved_path)] = '\0';
-	saved_user[sizeof(saved_user)] = '\0';
-    }
-    if (saved_jid == 0) {
-	saved_jid = jid;
-	return(0);
-    }
-
-    /* if the jid has changed, get the correct entry from the utmp file */
-
-    if ( saved_jid != jid ) {
-	struct utmp *utp = NULL;
-	struct utmp *jid_getutid();
-
-	utp = jid_getutid(pty_saved_jid);
-
-	if (utp == 0) {
-	    syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
-	    return(-1);
-	}
-
-	cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
-	return(1);
-    }
-
-    cleantmpdir(jid, saved_path, saved_user);
-    return(1);
-}
-
-/*
- * Fork a child process to clean up the TMPDIR
- */
-cleantmpdir(jid, tpath, user)
-     int jid;
-     char *tpath;
-     char *user;
-{
-    switch(fork()) {
-    case -1:
-	syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n",
-	       tpath);
-	break;
-    case 0:
-	execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
-	syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
-	       tpath, CLEANTMPCMD);
-	exit(1);
-    default:
-	/*
-	 * Forget about child.  We will exit, and
-	 * /etc/init will pick it up.
-	 */
-	break;
-    }
-}
-#endif /* CRAY */
-#endif	/* defined(PARENT_DOES_UTMP) */
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.8
deleted file mode 100644
index fd7d0bde43d2..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.8
+++ /dev/null
@@ -1,532 +0,0 @@
-.\" Copyright (c) 1983, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnetd.8	8.4 (Berkeley) 6/1/94
-.\"
-.Dd June 1, 1994
-.Dt TELNETD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm telnetd
-.Nd DARPA
-.Tn TELNET
-protocol server
-.Sh SYNOPSIS
-.Nm telnetd
-.Op Fl BUhkln
-.Op Fl D Ar debugmode
-.Op Fl S Ar tos
-.Op Fl X Ar authtype
-.Op Fl a Ar authmode
-.Op Fl r Ns Ar lowpty-highpty
-.Op Fl u Ar len
-.Op Fl debug
-.Op Fl L Ar /bin/login
-.Op Fl y
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm telnetd
-command is a server which supports the
-.Tn DARPA
-standard
-.Tn TELNET
-virtual terminal protocol.
-.Nm Telnetd
-is normally invoked by the internet server (see
-.Xr inetd 8 )
-for requests to connect to the
-.Tn TELNET
-port as indicated by the
-.Pa /etc/services
-file (see
-.Xr services 5 ) .
-The
-.Fl debug
-option may be used to start up
-.Nm telnetd
-manually, instead of through
-.Xr inetd 8 .
-If started up this way,
-.Ar port
-may be specified to run
-.Nm telnetd
-on an alternate
-.Tn TCP
-port number.
-.Pp
-The
-.Nm telnetd
-command accepts the following options:
-.Bl -tag -width "-a authmode"
-.It Fl a Ar authmode
-This option may be used for specifying what mode should
-be used for authentication.
-Note that this option is only useful if
-.Nm telnetd
-has been compiled with support for the
-.Dv AUTHENTICATION
-option.
-There are several valid values for
-.Ar authmode :
-.Bl -tag -width debug
-.It debug
-Turns on authentication debugging code.
-.It user
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user,
-and is allowed access to the specified account
-without providing a password.
-.It valid
-Only allow connections when the remote user
-can provide valid authentication information
-to identify the remote user.
-The
-.Xr login 1
-command will provide any additional user verification
-needed if the remote user is not allowed automatic
-access to the specified account.
-.It other
-Only allow connections that supply some authentication information.
-This option is currently not supported
-by any of the existing authentication mechanisms,
-and is thus the same as specifying
-.Fl a
-.Cm valid .
-.It otp
-Only allow authenticated connections (as with
-.Fl a
-.Cm user )
-and also logins with one-time passwords (OTPs).  This option will call
-login with an option so that only OTPs are accepted.  The user can of
-course still type secret information at the prompt.
-.It none
-This is the default state.
-Authentication information is not required.
-If no or insufficient authentication information
-is provided, then the
-.Xr login 1
-program will provide the necessary user
-verification.
-.It off
-This disables the authentication code.
-All user verification will happen through the
-.Xr login 1
-program.
-.El
-.It Fl B
-Ignored.
-.It Fl D Ar debugmode
-This option may be used for debugging purposes.
-This allows
-.Nm telnetd
-to print out debugging information
-to the connection, allowing the user to see what
-.Nm telnetd
-is doing.
-There are several possible values for
-.Ar debugmode :
-.Bl -tag -width exercise
-.It Cm options
-Prints information about the negotiation of
-.Tn TELNET
-options.
-.It Cm report
-Prints the
-.Cm options
-information, plus some additional information
-about what processing is going on.
-.It Cm netdata
-Displays the data stream received by
-.Nm telnetd .
-.It Cm ptydata
-Displays data written to the pty.
-.It Cm exercise
-Has not been implemented yet.
-.El
-.It Fl h
-Disables the printing of host-specific information before
-login has been completed.
-.It Fl k
-.It Fl l
-Ignored.
-.It Fl n
-Disable
-.Dv TCP
-keep-alives.  Normally
-.Nm telnetd
-enables the
-.Tn TCP
-keep-alive mechanism to probe connections that
-have been idle for some period of time to determine
-if the client is still there, so that idle connections
-from machines that have crashed or can no longer
-be reached may be cleaned up.
-.It Fl r Ar lowpty-highpty
-This option is only enabled when
-.Nm telnetd
-is compiled for
-.Dv UNICOS .
-It specifies an inclusive range of pseudo-terminal devices to
-use.  If the system has sysconf variable
-.Dv _SC_CRAY_NPTY
-configured, the default pty search range is 0 to
-.Dv _SC_CRAY_NPTY ;
-otherwise, the default range is 0 to 128.  Either
-.Ar lowpty
-or
-.Ar highpty
-may be omitted to allow changing
-either end of the search range.  If
-.Ar lowpty
-is omitted, the - character is still required so that
-.Nm telnetd
-can differentiate
-.Ar highpty
-from
-.Ar lowpty .
-.It Fl S Ar tos
-.It Fl u Ar len
-This option is used to specify the size of the field
-in the
-.Dv utmp
-structure that holds the remote host name.
-If the resolved host name is longer than
-.Ar len ,
-the dotted decimal value will be used instead.
-This allows hosts with very long host names that
-overflow this field to still be uniquely identified.
-Specifying
-.Fl u0
-indicates that only dotted decimal addresses
-should be put into the
-.Pa utmp
-file.
-.It Fl U
-This option causes
-.Nm telnetd
-to refuse connections from addresses that
-cannot be mapped back into a symbolic name
-via the
-.Xr gethostbyaddr 3
-routine.
-.It Fl X Ar authtype
-This option is only valid if
-.Nm telnetd
-has been built with support for the authentication option.
-It disables the use of
-.Ar authtype
-authentication, and
-can be used to temporarily disable
-a specific authentication type without having to recompile
-.Nm telnetd .
-.It Fl L Ar pathname
-Specify pathname to an alternative login program.
-.It Fl y
-Makes
-.Nm
-not warn when a user is trying to login with a cleartext password.
-.El
-.Pp
-.Nm Telnetd
-operates by allocating a pseudo-terminal device (see
-.Xr pty 4 )
-for a client, then creating a login process which has
-the slave side of the pseudo-terminal as
-.Dv stdin ,
-.Dv stdout
-and
-.Dv stderr .
-.Nm Telnetd
-manipulates the master side of the pseudo-terminal,
-implementing the
-.Tn TELNET
-protocol and passing characters
-between the remote client and the login process.
-.Pp
-When a
-.Tn TELNET
-session is started up,
-.Nm telnetd
-sends
-.Tn TELNET
-options to the client side indicating
-a willingness to do the
-following
-.Tn TELNET
-options, which are described in more detail below:
-.Bd -literal -offset indent
-DO AUTHENTICATION
-WILL ENCRYPT
-DO TERMINAL TYPE
-DO TSPEED
-DO XDISPLOC
-DO NEW-ENVIRON
-DO ENVIRON
-WILL SUPPRESS GO AHEAD
-DO ECHO
-DO LINEMODE
-DO NAWS
-WILL STATUS
-DO LFLOW
-DO TIMING-MARK
-.Ed
-.Pp
-The pseudo-terminal allocated to the client is configured
-to operate in
-.Dq cooked
-mode, and with
-.Dv XTABS and
-.Dv CRMOD
-enabled (see
-.Xr tty 4 ) .
-.Pp
-.Nm Telnetd
-has support for enabling locally the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "WILL ECHO"
-When the
-.Dv LINEMODE
-option is enabled, a
-.Dv WILL ECHO
-or
-.Dv WONT ECHO
-will be sent to the client to indicate the
-current state of terminal echoing.
-When terminal echo is not desired, a
-.Dv WILL ECHO
-is sent to indicate that
-.Tn telnetd
-will take care of echoing any data that needs to be
-echoed to the terminal, and then nothing is echoed.
-When terminal echo is desired, a
-.Dv WONT ECHO
-is sent to indicate that
-.Tn telnetd
-will not be doing any terminal echoing, so the
-client should do any terminal echoing that is needed.
-.It "WILL BINARY"
-Indicates that the client is willing to send a
-8 bits of data, rather than the normal 7 bits
-of the Network Virtual Terminal.
-.It "WILL SGA"
-Indicates that it will not be sending
-.Dv IAC GA ,
-go ahead, commands.
-.It "WILL STATUS"
-Indicates a willingness to send the client, upon
-request, of the current status of all
-.Tn TELNET
-options.
-.It "WILL TIMING-MARK"
-Whenever a
-.Dv DO TIMING-MARK
-command is received, it is always responded
-to with a
-.Dv WILL TIMING-MARK
-.It "WILL LOGOUT"
-When a
-.Dv DO LOGOUT
-is received, a
-.Dv WILL LOGOUT
-is sent in response, and the
-.Tn TELNET
-session is shut down.
-.It "WILL ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.El
-.Pp
-.Nm Telnetd
-has support for enabling remotely the following
-.Tn TELNET
-options:
-.Bl -tag -width "DO AUTHENTICATION"
-.It "DO BINARY"
-Sent to indicate that
-.Tn telnetd
-is willing to receive an 8 bit data stream.
-.It "DO LFLOW"
-Requests that the client handle flow control
-characters remotely.
-.It "DO ECHO"
-This is not really supported, but is sent to identify a 4.2BSD
-.Xr telnet 1
-client, which will improperly respond with
-.Dv WILL ECHO .
-If a
-.Dv WILL ECHO
-is received, a
-.Dv DONT ECHO
-will be sent in response.
-.It "DO TERMINAL-TYPE"
-Indicates a desire to be able to request the
-name of the type of terminal that is attached
-to the client side of the connection.
-.It "DO SGA"
-Indicates that it does not need to receive
-.Dv IAC GA ,
-the go ahead command.
-.It "DO NAWS"
-Requests that the client inform the server when
-the window (display) size changes.
-.It "DO TERMINAL-SPEED"
-Indicates a desire to be able to request information
-about the speed of the serial line to which
-the client is attached.
-.It "DO XDISPLOC"
-Indicates a desire to be able to request the name
-of the X windows display that is associated with
-the telnet client.
-.It "DO NEW-ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1572.
-.It "DO ENVIRON"
-Indicates a desire to be able to request environment
-variable information, as described in RFC 1408.
-.It "DO LINEMODE"
-Only sent if
-.Nm telnetd
-is compiled with support for linemode, and
-requests that the client do line by line processing.
-.It "DO TIMING-MARK"
-Only sent if
-.Nm telnetd
-is compiled with support for both linemode and
-kludge linemode, and the client responded with
-.Dv WONT LINEMODE .
-If the client responds with
-.Dv WILL TM ,
-the it is assumed that the client supports
-kludge linemode.
-Note that the
-.Op Fl k
-option can be used to disable this.
-.It "DO AUTHENTICATION"
-Only sent if
-.Nm telnetd
-is compiled with support for authentication, and
-indicates a willingness to receive authentication
-information for automatic login.
-.It "DO ENCRYPT"
-Only sent if
-.Nm telnetd
-is compiled with support for data encryption, and
-indicates a willingness to decrypt
-the data stream.
-.El
-.Sh FILES
-.Bl -tag -width /etc/services -compact
-.It Pa /etc/services
-.It Pa /etc/inittab
-(UNICOS systems only)
-.It Pa /etc/iptos
-(if supported)
-.El
-.Sh "SEE ALSO"
-.Xr telnet 1 ,
-.Xr login 1
-.Sh STANDARDS
-.Bl -tag -compact -width RFC-1572
-.It Cm RFC-854
-.Tn TELNET
-PROTOCOL SPECIFICATION
-.It Cm RFC-855
-TELNET OPTION SPECIFICATIONS
-.It Cm RFC-856
-TELNET BINARY TRANSMISSION
-.It Cm RFC-857
-TELNET ECHO OPTION
-.It Cm RFC-858
-TELNET SUPPRESS GO AHEAD OPTION
-.It Cm RFC-859
-TELNET STATUS OPTION
-.It Cm RFC-860
-TELNET TIMING MARK OPTION
-.It Cm RFC-861
-TELNET EXTENDED OPTIONS - LIST OPTION
-.It Cm RFC-885
-TELNET END OF RECORD OPTION
-.It Cm RFC-1073
-Telnet Window Size Option
-.It Cm RFC-1079
-Telnet Terminal Speed Option
-.It Cm RFC-1091
-Telnet Terminal-Type Option
-.It Cm RFC-1096
-Telnet X Display Location Option
-.It Cm RFC-1123
-Requirements for Internet Hosts -- Application and Support
-.It Cm RFC-1184
-Telnet Linemode Option
-.It Cm RFC-1372
-Telnet Remote Flow Control Option
-.It Cm RFC-1416
-Telnet Authentication Option
-.It Cm RFC-1411
-Telnet Authentication: Kerberos Version 4
-.It Cm RFC-1412
-Telnet Authentication: SPX
-.It Cm RFC-1571
-Telnet Environment Option Interoperability Issues
-.It Cm RFC-1572
-Telnet Environment Option
-.El
-.Sh BUGS
-Some
-.Tn TELNET
-commands are only partially implemented.
-.Pp
-Because of bugs in the original 4.2 BSD
-.Xr telnet 1 ,
-.Nm telnetd
-performs some dubious protocol exchanges to try to discover if the remote
-client is, in fact, a 4.2 BSD
-.Xr telnet 1 .
-.Pp
-Binary mode
-has no common interpretation except between similar operating systems
-(Unix in this case).
-.Pp
-The terminal type name received from the remote client is converted to
-lower case.
-.Pp
-.Nm Telnetd
-never sends
-.Tn TELNET
-.Dv IAC GA
-(go ahead) commands.
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.c b/crypto/heimdal/appl/telnet/telnetd/telnetd.c
deleted file mode 100644
index fa2bfef30f10..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.c
+++ /dev/null
@@ -1,1375 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: telnetd.c,v 1.69 2002/08/23 19:28:01 assar Exp $");
-
-#ifdef _SC_CRAY_SECURE_SYS
-#include <sys/sysv.h>
-#include <sys/secdev.h>
-#include <sys/secparm.h>
-#include <sys/usrv.h>
-int	secflag;
-char	tty_dev[16];
-struct	secdev dv;
-struct	sysv sysv;
-struct	socksec ss;
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-#ifdef AUTHENTICATION
-int	auth_level = 0;
-#endif
-
-extern	int utmp_len;
-int	registerd_host_only = 0;
-
-#undef NOERROR
-
-#ifdef	STREAMSPTY
-# include <stropts.h>
-# include <termios.h>
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif /* HAVE_SYS_UIO_H */
-#ifdef HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif
-
-#ifdef _AIX
-#include <sys/termio.h>
-#endif
-# ifdef HAVE_SYS_STRTTY_H
-# include <sys/strtty.h>
-# endif
-# ifdef HAVE_SYS_STR_TTY_H
-# include <sys/str_tty.h>
-# endif
-/* make sure we don't get the bsd version */
-/* what is this here for? solaris? /joda */
-# ifdef HAVE_SYS_TTY_H
-# include "/usr/include/sys/tty.h"
-# endif
-# ifdef HAVE_SYS_PTYVAR_H
-# include <sys/ptyvar.h>
-# endif
-
-/*
- * Because of the way ptyibuf is used with streams messages, we need
- * ptyibuf+1 to be on a full-word boundary.  The following wierdness
- * is simply to make that happen.
- */
-long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
-char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
-char	*ptyip = ((char *)&ptyibufbuf[1])-1;
-char	ptyibuf2[BUFSIZ];
-unsigned char ctlbuf[BUFSIZ];
-struct	strbuf strbufc, strbufd;
-
-int readstream(int, char*, int);
-
-#else	/* ! STREAMPTY */
-
-/*
- * I/O data buffers,
- * pointers, and counters.
- */
-char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
-char	ptyibuf2[BUFSIZ];
-
-#endif /* ! STREAMPTY */
-
-int	hostinfo = 1;			/* do we print login banner? */
-
-#ifdef	_CRAY
-extern int      newmap; /* nonzero if \n maps to ^M^J */
-int	lowpty = 0, highpty;	/* low, high pty numbers */
-#endif /* CRAY */
-
-int debug = 0;
-int keepalive = 1;
-char *progname;
-
-static void usage (void);
-
-/*
- * The string to pass to getopt().  We do it this way so
- * that only the actual options that we support will be
- * passed off to getopt().
- */
-char valid_opts[] = "Bd:hklnS:u:UL:y"
-#ifdef AUTHENTICATION
-		    "a:X:z"
-#endif
-#ifdef DIAGNOSTICS
-		    "D:"
-#endif
-#ifdef _CRAY
-		    "r:"
-#endif
-		    ;
-
-static void doit(struct sockaddr*, int);
-
-#ifdef ENCRYPTION
-extern int des_check_key;
-#endif
-
-int
-main(int argc, char **argv)
-{
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    int on = 1;
-    socklen_t sa_size;
-    int ch;
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-    int tos = -1;
-#endif
-#ifdef ENCRYPTION
-    des_check_key = 1;	/* Kludge for Mac NCSA telnet 2.6 /bg */
-#endif
-    pfrontp = pbackp = ptyobuf;
-    netip = netibuf;
-    nfrontp = nbackp = netobuf;
-
-    progname = *argv;
-#ifdef ENCRYPTION
-    nclearto = 0;
-#endif
-
-#ifdef _CRAY
-    /*
-     * Get number of pty's before trying to process options,
-     * which may include changing pty range.
-     */
-    highpty = getnpty();
-#endif /* CRAY */
-
-    if (argc == 2 && strcmp(argv[1], "--version") == 0) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    while ((ch = getopt(argc, argv, valid_opts)) != -1) {
-	switch(ch) {
-
-#ifdef	AUTHENTICATION
-	case 'a':
-	    /*
-	     * Check for required authentication level
-	     */
-	    if (strcmp(optarg, "debug") == 0) {
-		auth_debug_mode = 1;
-	    } else if (strcasecmp(optarg, "none") == 0) {
-		auth_level = 0;
-	    } else if (strcasecmp(optarg, "otp") == 0) {
-		auth_level = 0;
-		require_otp = 1;
-	    } else if (strcasecmp(optarg, "other") == 0) {
-		auth_level = AUTH_OTHER;
-	    } else if (strcasecmp(optarg, "user") == 0) {
-		auth_level = AUTH_USER;
-	    } else if (strcasecmp(optarg, "valid") == 0) {
-		auth_level = AUTH_VALID;
-	    } else if (strcasecmp(optarg, "off") == 0) {
-		/*
-		 * This hack turns off authentication
-		 */
-		auth_level = -1;
-	    } else {
-		fprintf(stderr,
-			"telnetd: unknown authorization level for -a\n");
-	    }
-	    break;
-#endif	/* AUTHENTICATION */
-
-	case 'B': /* BFTP mode is not supported any more */
-	    break;
-	case 'd':
-	    if (strcmp(optarg, "ebug") == 0) {
-		debug++;
-		break;
-	    }
-	    usage();
-	    /* NOTREACHED */
-	    break;
-
-#ifdef DIAGNOSTICS
-	case 'D':
-	    /*
-	     * Check for desired diagnostics capabilities.
-	     */
-	    if (!strcmp(optarg, "report")) {
-		diagnostic |= TD_REPORT|TD_OPTIONS;
-	    } else if (!strcmp(optarg, "exercise")) {
-		diagnostic |= TD_EXERCISE;
-	    } else if (!strcmp(optarg, "netdata")) {
-		diagnostic |= TD_NETDATA;
-	    } else if (!strcmp(optarg, "ptydata")) {
-		diagnostic |= TD_PTYDATA;
-	    } else if (!strcmp(optarg, "options")) {
-		diagnostic |= TD_OPTIONS;
-	    } else {
-		usage();
-		/* NOT REACHED */
-	    }
-	    break;
-#endif /* DIAGNOSTICS */
-
-
-	case 'h':
-	    hostinfo = 0;
-	    break;
-
-	case 'k': /* Linemode is not supported any more */
-	case 'l':
-	    break;
-
-	case 'n':
-	    keepalive = 0;
-	    break;
-
-#ifdef _CRAY
-	case 'r':
-	    {
-		char *strchr();
-		char *c;
-
-		/*
-		 * Allow the specification of alterations
-		 * to the pty search range.  It is legal to
-		 * specify only one, and not change the
-		 * other from its default.
-		 */
-		c = strchr(optarg, '-');
-		if (c) {
-		    *c++ = '\0';
-		    highpty = atoi(c);
-		}
-		if (*optarg != '\0')
-		    lowpty = atoi(optarg);
-		if ((lowpty > highpty) || (lowpty < 0) ||
-		    (highpty > 32767)) {
-		    usage();
-		    /* NOT REACHED */
-		}
-		break;
-	    }
-#endif	/* CRAY */
-
-	case 'S':
-#ifdef	HAVE_PARSETOS
-	    if ((tos = parsetos(optarg, "tcp")) < 0)
-		fprintf(stderr, "%s%s%s\n",
-			"telnetd: Bad TOS argument '", optarg,
-			"'; will try to use default TOS");
-#else
-	    fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
-		    "-S flag not supported\n");
-#endif
-	    break;
-
-	case 'u': {
-	    char *eptr;
-
-	    utmp_len = strtol(optarg, &eptr, 0);
-	    if (optarg == eptr)
-		fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
-	    break;
-	}
-
-	case 'U':
-	    registerd_host_only = 1;
-	    break;
-
-#ifdef	AUTHENTICATION
-	case 'X':
-	    /*
-	     * Check for invalid authentication types
-	     */
-	    auth_disable_name(optarg);
-	    break;
-#endif
-	case 'y':
-	    no_warn = 1;
-	    break;
-#ifdef AUTHENTICATION
-	case 'z':
-	    log_unauth = 1;
-	    break;
-
-#endif	/* AUTHENTICATION */
-
-	case 'L':
-	    new_login = optarg;
-	    break;
-			
-	default:
-	    fprintf(stderr, "telnetd: %c: unknown option\n", ch);
-	    /* FALLTHROUGH */
-	case '?':
-	    usage();
-	    /* NOTREACHED */
-	}
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (debug) {
-	int port = 0;
-	struct servent *sp;
-
-	if (argc > 1) {
-	    usage ();
-	} else if (argc == 1) {
-	    sp = roken_getservbyname (*argv, "tcp");
-	    if (sp)
-		port = sp->s_port;
-	    else
-		port = htons(atoi(*argv));
-	} else {
-#ifdef KRB5
-	    port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
-#else
-	    port = k_getportbyname("telnet", "tcp", htons(23));
-#endif
-	}
-	mini_inetd (port);
-    } else if (argc > 0) {
-	usage();
-	/* NOT REACHED */
-    }
-
-#ifdef _SC_CRAY_SECURE_SYS
-    secflag = sysconf(_SC_CRAY_SECURE_SYS);
-
-    /*
-     *	Get socket's security label
-     */
-    if (secflag)  {
-	socklen_t szss = sizeof(ss);
-	int sock_multi;
-	socklen_t szi = sizeof(int);
-
-	memset(&dv, 0, sizeof(dv));
-
-	if (getsysv(&sysv, sizeof(struct sysv)) != 0) 
-	    fatalperror(net, "getsysv");
-
-	/*
-	 *	Get socket security label and set device values
-	 *	   {security label to be set on ttyp device}
-	 */
-#ifdef SO_SEC_MULTI			/* 8.0 code */
-	if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
-			(void *)&ss, &szss) < 0) ||
-	    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
-			(void *)&sock_multi, &szi) < 0)) 
-	    fatalperror(net, "getsockopt");
-	else {
-	    dv.dv_actlvl = ss.ss_actlabel.lt_level;
-	    dv.dv_actcmp = ss.ss_actlabel.lt_compart;
-	    if (!sock_multi) {
-		dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
-		dv.dv_valcmp = dv.dv_actcmp;
-	    } else {
-		dv.dv_minlvl = ss.ss_minlabel.lt_level;
-		dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
-		dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
-	    }
-	    dv.dv_devflg = 0;
-	}
-#else /* SO_SEC_MULTI */		/* 7.0 code */
-	if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
-		       (void *)&ss, &szss) >= 0) {
-	    dv.dv_actlvl = ss.ss_slevel;
-	    dv.dv_actcmp = ss.ss_compart;
-	    dv.dv_minlvl = ss.ss_minlvl;
-	    dv.dv_maxlvl = ss.ss_maxlvl;
-	    dv.dv_valcmp = ss.ss_maxcmp;
-	}
-#endif /* SO_SEC_MULTI */
-    }
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-    roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
-    sa_size = sizeof (__ss);
-    if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
-	fprintf(stderr, "%s: ", progname);
-	perror("getpeername");
-	_exit(1);
-    }
-    if (keepalive &&
-	setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
-		   (void *)&on, sizeof (on)) < 0) {
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-    }
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    {
-# ifdef HAVE_GETTOSBYNAME
-	struct tosent *tp;
-	if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-	    tos = tp->t_tos;
-# endif
-	if (tos < 0)
-	    tos = 020;	/* Low Delay bit */
-	if (tos
-	    && sa->sa_family == AF_INET
-	    && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
-			   (void *)&tos, sizeof(tos)) < 0)
-	    && (errno != ENOPROTOOPT) )
-	    syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-    }
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-    net = STDIN_FILENO;
-    doit(sa, sa_size);
-    /* NOTREACHED */
-    return 0;
-}  /* end of main */
-
-static void
-usage(void)
-{
-    fprintf(stderr, "Usage: telnetd");
-#ifdef	AUTHENTICATION
-    fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
-#endif
-    fprintf(stderr, " [-debug]");
-#ifdef DIAGNOSTICS
-    fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
-#endif
-#ifdef	AUTHENTICATION
-    fprintf(stderr, " [-edebug]");
-#endif
-    fprintf(stderr, " [-h]");
-    fprintf(stderr, " [-L login]");
-    fprintf(stderr, " [-n]");
-#ifdef	_CRAY
-    fprintf(stderr, " [-r[lowpty]-[highpty]]");
-#endif
-    fprintf(stderr, "\n\t");
-#ifdef	HAVE_GETTOSBYNAME
-    fprintf(stderr, " [-S tos]");
-#endif
-#ifdef	AUTHENTICATION
-    fprintf(stderr, " [-X auth-type] [-y] [-z]");
-#endif
-    fprintf(stderr, " [-u utmp_hostname_length] [-U]");
-    fprintf(stderr, " [port]\n");
-    exit(1);
-}
-
-/*
- * getterminaltype
- *
- *	Ask the other end to send along its terminal type and speed.
- * Output is the variable terminaltype filled in.
- */
-static unsigned char ttytype_sbbuf[] = {
-    IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
-};
-
-int
-getterminaltype(char *name, size_t name_sz)
-{
-    int retval = -1;
-
-    settimer(baseline);
-#ifdef AUTHENTICATION
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	retval = auth_wait(name, name_sz);
-    }
-#endif
-
-#ifdef ENCRYPTION
-    send_will(TELOPT_ENCRYPT, 1);
-    send_do(TELOPT_ENCRYPT, 1);	/* esc@magic.fi */
-#endif
-    send_do(TELOPT_TTYPE, 1);
-    send_do(TELOPT_TSPEED, 1);
-    send_do(TELOPT_XDISPLOC, 1);
-    send_do(TELOPT_NEW_ENVIRON, 1);
-    send_do(TELOPT_OLD_ENVIRON, 1);
-    while (
-#ifdef ENCRYPTION
-	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-#endif
-	   his_will_wont_is_changing(TELOPT_TTYPE) ||
-	   his_will_wont_is_changing(TELOPT_TSPEED) ||
-	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
-	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
-	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
-	ttloop();
-    }
-#ifdef ENCRYPTION
-    /*
-     * Wait for the negotiation of what type of encryption we can
-     * send with.  If autoencrypt is not set, this will just return.
-     */
-    if (his_state_is_will(TELOPT_ENCRYPT)) {
-	encrypt_wait();
-    }
-#endif
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	static unsigned char sb[] =
-	{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	telnet_net_write (sb, sizeof sb);
-	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-
-	telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
-	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
-				  sizeof ttytype_sbbuf - 2););
-    }
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	while (sequenceIs(tspeedsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	while (sequenceIs(xdisplocsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	while (sequenceIs(environsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	while (sequenceIs(oenvironsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-	char first[256], last[256];
-
-	while (sequenceIs(ttypesubopt, baseline))
-	    ttloop();
-
-	/*
-	 * If the other side has already disabled the option, then
-	 * we have to just go with what we (might) have already gotten.
-	 */
-	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    strlcpy(first, terminaltype, sizeof(first));
-	    for(;;) {
-		/*
-		 * Save the unknown name, and request the next name.
-		 */
-		strlcpy(last, terminaltype, sizeof(last));
-		_gettermname();
-		if (terminaltypeok(terminaltype))
-		    break;
-		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
-		    his_state_is_wont(TELOPT_TTYPE)) {
-		    /*
-		     * We've hit the end.  If this is the same as
-		     * the first name, just go with it.
-		     */
-		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
-			break;
-		    /*
-		     * Get the terminal name one more time, so that
-		     * RFC1091 compliant telnets will cycle back to
-		     * the start of the list.
-		     */
-		    _gettermname();
-		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-			strcpy(terminaltype, first);
-		    break;
-		}
-	    }
-	}
-    }
-    return(retval);
-}  /* end of getterminaltype */
-
-void
-_gettermname(void)
-{
-    /*
-     * If the client turned off the option,
-     * we can't send another request, so we
-     * just return.
-     */
-    if (his_state_is_wont(TELOPT_TTYPE))
-	return;
-    settimer(baseline);
-    telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
-    DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
-			      sizeof ttytype_sbbuf - 2););
-    while (sequenceIs(ttypesubopt, baseline))
-	ttloop();
-}
-
-int
-terminaltypeok(char *s)
-{
-    return 1;
-}
-
-
-char host_name[MaxHostNameLen];
-char remote_host_name[MaxHostNameLen];
-char remote_utmp_name[MaxHostNameLen];
-
-/*
- * Get a pty, scan input lines.
- */
-static void
-doit(struct sockaddr *who, int who_len)
-{
-    int level;
-    int ptynum;
-    char user_name[256];
-    int error;
-
-    /*
-     * Find an available pty to use.
-     */
-    ourpty = getpty(&ptynum);
-    if (ourpty < 0)
-	fatal(net, "All network ports in use");
-
-#ifdef _SC_CRAY_SECURE_SYS
-    /*
-     *	set ttyp line security label
-     */
-    if (secflag) {
-	char slave_dev[16];
-
-	snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
-	if (setdevs(tty_dev, &dv) < 0)
-	    fatal(net, "cannot set pty security");
-	snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
-	if (setdevs(slave_dev, &dv) < 0)
-	    fatal(net, "cannot set tty security");
-    }
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-    error = getnameinfo_verified (who, who_len,
-				  remote_host_name,
-				  sizeof(remote_host_name),
-				  NULL, 0, 
-				  registerd_host_only ? NI_NAMEREQD : 0);
-    if (error)
-	fatal(net, "Couldn't resolve your address into a host name.\r\n\
-Please contact your net administrator");
-
-    gethostname(host_name, sizeof (host_name));
-
-    strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name));
-
-    /* Only trim if too long (and possible) */
-    if (strlen(remote_utmp_name) > utmp_len) {
-	char *domain = strchr(host_name, '.');
-	char *p = strchr(remote_utmp_name, '.');
-	if (domain != NULL && p != NULL && (strcmp(p, domain) == 0))
-	    *p = '\0'; /* remove domain part */
-    }
-
-    /*
-     * If hostname still doesn't fit utmp, use ipaddr.
-     */
-    if (strlen(remote_utmp_name) > utmp_len) {
-	error = getnameinfo (who, who_len,
-			     remote_utmp_name,
-			     sizeof(remote_utmp_name),
-			     NULL, 0,
-			     NI_NUMERICHOST);
-	if (error)
-	    fatal(net, "Couldn't get numeric address\r\n");
-    }
-
-#ifdef AUTHENTICATION
-    auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1);
-#endif
-
-    init_env();
-    /*
-     * get terminal type.
-     */
-    *user_name = 0;
-    level = getterminaltype(user_name, sizeof(user_name));
-    esetenv("TERM", terminaltype ? terminaltype : "network", 1);
-
-#ifdef _SC_CRAY_SECURE_SYS
-    if (secflag) {
-	if (setulvl(dv.dv_actlvl) < 0)
-	    fatal(net,"cannot setulvl()");
-	if (setucmp(dv.dv_actcmp) < 0)
-	    fatal(net, "cannot setucmp()");
-    }
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-    /* begin server processing */
-    my_telnet(net, ourpty, remote_host_name, remote_utmp_name,
-	      level, user_name);
-    /*NOTREACHED*/
-}  /* end of doit */
-
-/* output contents of /etc/issue.net, or /etc/issue */
-static void
-show_issue(void)
-{
-    FILE *f;
-    char buf[128];
-    f = fopen(SYSCONFDIR "/issue.net", "r");
-    if(f == NULL)
-	f = fopen(SYSCONFDIR "/issue", "r");
-    if(f){
-	while(fgets(buf, sizeof(buf)-2, f)){
-	    strcpy(buf + strcspn(buf, "\r\n"), "\r\n");
-	    writenet((unsigned char*)buf, strlen(buf));
-	}
-	fclose(f);
-    }
-}
-
-/*
- * Main loop.  Select from pty and network, and
- * hand data to telnet receiver finite state machine.
- */
-void
-my_telnet(int f, int p, const char *host, const char *utmp_host,
-	  int level, char *autoname)
-{
-    int on = 1;
-    char *he;
-    char *IM;
-    int nfd;
-    int startslave_called = 0;
-    time_t timeout;
-
-    /*
-     * Initialize the slc mapping table.
-     */
-    get_slc_defaults();
-
-    /*
-     * Do some tests where it is desireable to wait for a response.
-     * Rather than doing them slowly, one at a time, do them all
-     * at once.
-     */
-    if (my_state_is_wont(TELOPT_SGA))
-	send_will(TELOPT_SGA, 1);
-    /*
-     * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
-     * because 4.2 clients are unable to deal with TCP urgent data.
-     *
-     * To find out, we send out a "DO ECHO".  If the remote system
-     * answers "WILL ECHO" it is probably a 4.2 client, and we note
-     * that fact ("WILL ECHO" ==> that the client will echo what
-     * WE, the server, sends it; it does NOT mean that the client will
-     * echo the terminal input).
-     */
-    send_do(TELOPT_ECHO, 1);
-
-    /*
-     * Send along a couple of other options that we wish to negotiate.
-     */
-    send_do(TELOPT_NAWS, 1);
-    send_will(TELOPT_STATUS, 1);
-    flowmode = 1;		/* default flow control state */
-    restartany = -1;	/* uninitialized... */
-    send_do(TELOPT_LFLOW, 1);
-
-    /*
-     * Spin, waiting for a response from the DO ECHO.  However,
-     * some REALLY DUMB telnets out there might not respond
-     * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
-     * telnets so far seem to respond with WONT for a DO that
-     * they don't understand...) because by the time we get the
-     * response, it will already have processed the DO ECHO.
-     * Kludge upon kludge.
-     */
-    while (his_will_wont_is_changing(TELOPT_NAWS))
-	ttloop();
-
-    /*
-     * But...
-     * The client might have sent a WILL NAWS as part of its
-     * startup code; if so, we'll be here before we get the
-     * response to the DO ECHO.  We'll make the assumption
-     * that any implementation that understands about NAWS
-     * is a modern enough implementation that it will respond
-     * to our DO ECHO request; hence we'll do another spin
-     * waiting for the ECHO option to settle down, which is
-     * what we wanted to do in the first place...
-     */
-    if (his_want_state_is_will(TELOPT_ECHO) &&
-	his_state_is_will(TELOPT_NAWS)) {
-	while (his_will_wont_is_changing(TELOPT_ECHO))
-	    ttloop();
-    }
-    /*
-     * On the off chance that the telnet client is broken and does not
-     * respond to the DO ECHO we sent, (after all, we did send the
-     * DO NAWS negotiation after the DO ECHO, and we won't get here
-     * until a response to the DO NAWS comes back) simulate the
-     * receipt of a will echo.  This will also send a WONT ECHO
-     * to the client, since we assume that the client failed to
-     * respond because it believes that it is already in DO ECHO
-     * mode, which we do not want.
-     */
-    if (his_want_state_is_will(TELOPT_ECHO)) {
-	DIAG(TD_OPTIONS,
-	     {output_data("td: simulating recv\r\n");
-	     });
-	willoption(TELOPT_ECHO);
-    }
-
-    /*
-     * Finally, to clean things up, we turn on our echo.  This
-     * will break stupid 4.2 telnets out of local terminal echo.
-     */
-
-    if (my_state_is_wont(TELOPT_ECHO))
-	send_will(TELOPT_ECHO, 1);
-
-#ifdef TIOCPKT
-#ifdef	STREAMSPTY
-    if (!really_stream)
-#endif
-	/*
-	 * Turn on packet mode
-	 */
-	ioctl(p, TIOCPKT, (char *)&on);
-#endif
-
-
-    /*
-     * Call telrcv() once to pick up anything received during
-     * terminal type negotiation, 4.2/4.3 determination, and
-     * linemode negotiation.
-     */
-    telrcv();
-
-    ioctl(f, FIONBIO, (char *)&on);
-    ioctl(p, FIONBIO, (char *)&on);
-
-#if	defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
-    setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-	       (void *)&on, sizeof on);
-#endif	/* defined(SO_OOBINLINE) */
-
-#ifdef	SIGTSTP
-    signal(SIGTSTP, SIG_IGN);
-#endif
-#ifdef	SIGTTOU
-    /*
-     * Ignoring SIGTTOU keeps the kernel from blocking us
-     * in ttioct() in /sys/tty.c.
-     */
-    signal(SIGTTOU, SIG_IGN);
-#endif
-
-    signal(SIGCHLD, cleanup);
-
-#ifdef  TIOCNOTTY
-    {
-	int t;
-	t = open(_PATH_TTY, O_RDWR);
-	if (t >= 0) {
-	    ioctl(t, TIOCNOTTY, (char *)0);
-	    close(t);
-	}
-    }
-#endif
-
-    show_issue();
-    /*
-     * Show banner that getty never gave.
-     *
-     * We put the banner in the pty input buffer.  This way, it
-     * gets carriage return null processing, etc., just like all
-     * other pty --> client data.
-     */
-
-    if (getenv("USER"))
-	hostinfo = 0;
-
-    IM = DEFAULT_IM;
-    he = 0;
-    edithost(he, host_name);
-    if (hostinfo && *IM)
-	putf(IM, ptyibuf2);
-
-    if (pcc)
-	strncat(ptyibuf2, ptyip, pcc+1);
-    ptyip = ptyibuf2;
-    pcc = strlen(ptyip);
-
-    DIAG(TD_REPORT, {
-	output_data("td: Entering processing loop\r\n");
-    });
-
-
-    nfd = ((f > p) ? f : p) + 1;
-    timeout = time(NULL) + 5;
-    for (;;) {
-	fd_set ibits, obits, xbits;
-	int c;
-
-	/* wait for encryption to be turned on, but don't wait
-           indefinitely */
-	if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
-	    startslave_called = 1;
-	    startslave(host, utmp_host, level, autoname);
-	}
-
-	if (ncc < 0 && pcc < 0)
-	    break;
-
-	FD_ZERO(&ibits);
-	FD_ZERO(&obits);
-	FD_ZERO(&xbits);
-
-	if (f >= FD_SETSIZE
-	    || p >= FD_SETSIZE)
-	    fatal(net, "fd too large");
-
-	/*
-	 * Never look for input if there's still
-	 * stuff in the corresponding output buffer
-	 */
-	if (nfrontp - nbackp || pcc > 0) {
-	    FD_SET(f, &obits);
-	} else {
-	    FD_SET(p, &ibits);
-	}
-	if (pfrontp - pbackp || ncc > 0) {
-	    FD_SET(p, &obits);
-	} else {
-	    FD_SET(f, &ibits);
-	}
-	if (!SYNCHing) {
-	    FD_SET(f, &xbits);
-	}
-	if ((c = select(nfd, &ibits, &obits, &xbits,
-			(struct timeval *)0)) < 1) {
-	    if (c == -1) {
-		if (errno == EINTR) {
-		    continue;
-		}
-	    }
-	    sleep(5);
-	    continue;
-	}
-
-	/*
-	 * Any urgent data?
-	 */
-	if (FD_ISSET(net, &xbits)) {
-	    SYNCHing = 1;
-	}
-
-	/*
-	 * Something to read from the network...
-	 */
-	if (FD_ISSET(net, &ibits)) {
-#ifndef SO_OOBINLINE
-	    /*
-	     * In 4.2 (and 4.3 beta) systems, the
-	     * OOB indication and data handling in the kernel
-	     * is such that if two separate TCP Urgent requests
-	     * come in, one byte of TCP data will be overlaid.
-	     * This is fatal for Telnet, but we try to live
-	     * with it.
-	     *
-	     * In addition, in 4.2 (and...), a special protocol
-	     * is needed to pick up the TCP Urgent data in
-	     * the correct sequence.
-	     *
-	     * What we do is:  if we think we are in urgent
-	     * mode, we look to see if we are "at the mark".
-	     * If we are, we do an OOB receive.  If we run
-	     * this twice, we will do the OOB receive twice,
-	     * but the second will fail, since the second
-	     * time we were "at the mark", but there wasn't
-	     * any data there (the kernel doesn't reset
-	     * "at the mark" until we do a normal read).
-	     * Once we've read the OOB data, we go ahead
-	     * and do normal reads.
-	     *
-	     * There is also another problem, which is that
-	     * since the OOB byte we read doesn't put us
-	     * out of OOB state, and since that byte is most
-	     * likely the TELNET DM (data mark), we would
-	     * stay in the TELNET SYNCH (SYNCHing) state.
-	     * So, clocks to the rescue.  If we've "just"
-	     * received a DM, then we test for the
-	     * presence of OOB data when the receive OOB
-	     * fails (and AFTER we did the normal mode read
-	     * to clear "at the mark").
-	     */
-	    if (SYNCHing) {
-		int atmark;
-
-		ioctl(net, SIOCATMARK, (char *)&atmark);
-		if (atmark) {
-		    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
-		    if ((ncc == -1) && (errno == EINVAL)) {
-			ncc = read(net, netibuf, sizeof (netibuf));
-			if (sequenceIs(didnetreceive, gotDM)) {
-			    SYNCHing = stilloob(net);
-			}
-		    }
-		} else {
-		    ncc = read(net, netibuf, sizeof (netibuf));
-		}
-	    } else {
-		ncc = read(net, netibuf, sizeof (netibuf));
-	    }
-	    settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE)) */
-	    ncc = read(net, netibuf, sizeof (netibuf));
-#endif	/* !defined(SO_OOBINLINE)) */
-	    if (ncc < 0 && errno == EWOULDBLOCK)
-		ncc = 0;
-	    else {
-		if (ncc <= 0) {
-		    break;
-		}
-		netip = netibuf;
-	    }
-	    DIAG((TD_REPORT | TD_NETDATA), {
-		output_data("td: netread %d chars\r\n", ncc);
-		});
-	    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
-	}
-
-	/*
-	 * Something to read from the pty...
-	 */
-	if (FD_ISSET(p, &ibits)) {
-#ifdef STREAMSPTY
-	    if (really_stream)
-		pcc = readstream(p, ptyibuf, BUFSIZ);
-	    else
-#endif
-		pcc = read(p, ptyibuf, BUFSIZ);
-
-	    /*
-	     * On some systems, if we try to read something
-	     * off the master side before the slave side is
-	     * opened, we get EIO.
-	     */
-	    if (pcc < 0 && (errno == EWOULDBLOCK ||
-#ifdef	EAGAIN
-			    errno == EAGAIN ||
-#endif
-			    errno == EIO)) {
-		pcc = 0;
-	    } else {
-		if (pcc <= 0)
-		    break;
-		if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
-		    netclear();	/* clear buffer back */
-#ifndef	NO_URGENT
-		    /*
-		     * There are client telnets on some
-		     * operating systems get screwed up
-		     * royally if we send them urgent
-		     * mode data.
-		     */
-		    output_data ("%c%c", IAC, DM);
-
-		    neturg = nfrontp-1; /* off by one XXX */
-		    DIAG(TD_OPTIONS,
-			 printoption("td: send IAC", DM));
-
-#endif
-		}
-		if (his_state_is_will(TELOPT_LFLOW) &&
-		    (ptyibuf[0] &
-		     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
-		    int newflow =
-			ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
-		    if (newflow != flowmode) {
-			flowmode = newflow;
-			output_data("%c%c%c%c%c%c",
-				    IAC, SB, TELOPT_LFLOW,
-				    flowmode ? LFLOW_ON
-				    : LFLOW_OFF,
-				    IAC, SE);
-			DIAG(TD_OPTIONS, printsub('>',
-						  (unsigned char *)nfrontp-4,
-						  4););
-		    }
-		}
-		pcc--;
-		ptyip = ptyibuf+1;
-	    }
-	}
-
-	while (pcc > 0) {
-	    if ((&netobuf[BUFSIZ] - nfrontp) < 3)
-		break;
-	    c = *ptyip++ & 0377, pcc--;
-	    if (c == IAC)
-		*nfrontp++ = c;
-	    *nfrontp++ = c;
-	    if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
-		if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
-		    *nfrontp++ = *ptyip++ & 0377;
-		    pcc--;
-		} else
-		    *nfrontp++ = '\0';
-	    }
-	}
-
-	if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
-	    netflush();
-	if (ncc > 0)
-	    telrcv();
-	if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
-	    ptyflush();
-    }
-    cleanup(0);
-}
-
-#ifndef	TCSIG
-# ifdef	TIOCSIG
-#  define TCSIG TIOCSIG
-# endif
-#endif
-
-#ifdef	STREAMSPTY
-
-    int flowison = -1;  /* current state of flow: -1 is unknown */
-
-int
-readstream(int p, char *ibuf, int bufsize)
-{
-    int flags = 0;
-    int ret = 0;
-    struct termios *tsp;
-#if 0
-    struct termio *tp;
-#endif
-    struct iocblk *ip;
-    char vstop, vstart;
-    int ixon;
-    int newflow;
-
-    strbufc.maxlen = BUFSIZ;
-    strbufc.buf = (char *)ctlbuf;
-    strbufd.maxlen = bufsize-1;
-    strbufd.len = 0;
-    strbufd.buf = ibuf+1;
-    ibuf[0] = 0;
-
-    ret = getmsg(p, &strbufc, &strbufd, &flags);
-    if (ret < 0)  /* error of some sort -- probably EAGAIN */
-	return(-1);
-
-    if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
-	/* data message */
-	if (strbufd.len > 0) {			/* real data */
-	    return(strbufd.len + 1);	/* count header char */
-	} else {
-	    /* nothing there */
-	    errno = EAGAIN;
-	    return(-1);
-	}
-    }
-
-    /*
-     * It's a control message.  Return 1, to look at the flag we set
-     */
-
-    switch (ctlbuf[0]) {
-    case M_FLUSH:
-	if (ibuf[1] & FLUSHW)
-	    ibuf[0] = TIOCPKT_FLUSHWRITE;
-	return(1);
-
-    case M_IOCTL:
-	ip = (struct iocblk *) (ibuf+1);
-
-	switch (ip->ioc_cmd) {
-#ifdef TCSETS
-	case TCSETS:
-	case TCSETSW:
-	case TCSETSF:
-	    tsp = (struct termios *)
-		(ibuf+1 + sizeof(struct iocblk));
-	    vstop = tsp->c_cc[VSTOP];
-	    vstart = tsp->c_cc[VSTART];
-	    ixon = tsp->c_iflag & IXON;
-	    break;
-#endif
-#if 0
-	case TCSETA:
-	case TCSETAW:
-	case TCSETAF:
-	    tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
-	    vstop = tp->c_cc[VSTOP];
-	    vstart = tp->c_cc[VSTART];
-	    ixon = tp->c_iflag & IXON;
-	    break;
-#endif
-	default:
-	    errno = EAGAIN;
-	    return(-1);
-	}
-
-	newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
-	if (newflow != flowison) {  /* it's a change */
-	    flowison = newflow;
-	    ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
-	    return(1);
-	}
-    }
-
-    /* nothing worth doing anything about */
-    errno = EAGAIN;
-    return(-1);
-}
-#endif /* STREAMSPTY */
-
-/*
- * Send interrupt to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write intr char.
- */
-void
-interrupt()
-{
-    ptyflush();	/* half-hearted */
-
-#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
-    /* Streams PTY style ioctl to post a signal */
-    if (really_stream)
-	{
-	    int sig = SIGINT;
-	    ioctl(ourpty, TIOCSIGNAL, &sig);
-	    ioctl(ourpty, I_FLUSH, FLUSHR);
-	}
-#else
-#ifdef	TCSIG
-    ioctl(ourpty, TCSIG, (char *)SIGINT);
-#else	/* TCSIG */
-    init_termbuf();
-    *pfrontp++ = slctab[SLC_IP].sptr ?
-	(unsigned char)*slctab[SLC_IP].sptr : '\177';
-#endif	/* TCSIG */
-#endif
-}
-
-/*
- * Send quit to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write quit char.
- */
-void
-sendbrk()
-{
-    ptyflush();	/* half-hearted */
-#ifdef	TCSIG
-    ioctl(ourpty, TCSIG, (char *)SIGQUIT);
-#else	/* TCSIG */
-    init_termbuf();
-    *pfrontp++ = slctab[SLC_ABORT].sptr ?
-	(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
-#endif	/* TCSIG */
-}
-
-void
-sendsusp()
-{
-#ifdef	SIGTSTP
-    ptyflush();	/* half-hearted */
-# ifdef	TCSIG
-    ioctl(ourpty, TCSIG, (char *)SIGTSTP);
-# else	/* TCSIG */
-    *pfrontp++ = slctab[SLC_SUSP].sptr ?
-	(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
-# endif	/* TCSIG */
-#endif	/* SIGTSTP */
-}
-
-/*
- * When we get an AYT, if ^T is enabled, use that.  Otherwise,
- * just send back "[Yes]".
- */
-void
-recv_ayt()
-{
-#if	defined(SIGINFO) && defined(TCSIG)
-    if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
-	ioctl(ourpty, TCSIG, (char *)SIGINFO);
-	return;
-    }
-#endif
-    output_data("\r\n[Yes]\r\n");
-}
-
-void
-doeof()
-{
-    init_termbuf();
-
-    *pfrontp++ = slctab[SLC_EOF].sptr ?
-	(unsigned char)*slctab[SLC_EOF].sptr : '\004';
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8
deleted file mode 100644
index ce4c714fb85d..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8
+++ /dev/null
@@ -1,293 +0,0 @@
-TELNETD(8)              NetBSD System Manager's Manual              TELNETD(8)
-
-NNAAMMEE
-     tteellnneettdd - DARPA TELNET protocol server
-
-SSYYNNOOPPSSIISS
-     tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e]
-             [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [--yy] [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
-     The tteellnneettdd command is a server which supports the DARPA standard TELNET
-     virtual terminal protocol.  TTeellnneettdd is normally invoked by the internet
-     server (see inetd(8)) for requests to connect to the TELNET port as indi-
-     cated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)).  The --ddeebbuugg option may
-     be used to start up tteellnneettdd manually, instead of through inetd(8).  If
-     started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alternate
-     TCP port number.
-
-     The tteellnneettdd command accepts the following options:
-
-     --aa _a_u_t_h_m_o_d_e  This option may be used for specifying what mode should be
-                  used for authentication.  Note that this option is only use-
-                  ful if tteellnneettdd has been compiled with support for the
-                  AUTHENTICATION option.  There are several valid values for
-                  _a_u_t_h_m_o_d_e:
-
-                  debug  Turns on authentication debugging code.
-
-                  user   Only allow connections when the remote user can pro-
-                         vide valid authentication information to identify the
-                         remote user, and is allowed access to the specified
-                         account without providing a password.
-
-                  valid  Only allow connections when the remote user can pro-
-                         vide valid authentication information to identify the
-                         remote user.  The login(1) command will provide any
-                         additional user verification needed if the remote us-
-                         er is not allowed automatic access to the specified
-                         account.
-
-                  other  Only allow connections that supply some authentica-
-                         tion information.  This option is currently not sup-
-                         ported by any of the existing authentication mecha-
-                         nisms, and is thus the same as specifying --aa vvaalliidd.
-
-                  otp    Only allow authenticated connections (as with --aa
-                         uusseerr) and also logins with one-time passwords (OTPs).
-                         This option will call login with an option so that
-                         only OTPs are accepted.  The user can of course still
-                         type secret information at the prompt.
-
-                  none   This is the default state.  Authentication informa-
-                         tion is not required.  If no or insufficient authen-
-                         tication information is provided, then the login(1)
-                         program will provide the necessary user verification.
-
-                  off    This disables the authentication code.  All user ver-
-                         ification will happen through the login(1) program.
-
-     --BB           Ignored.
-
-     --DD _d_e_b_u_g_m_o_d_e
-                  This option may be used for debugging purposes.  This allows
-                  tteellnneettdd to print out debugging information to the connec-
-                  tion, allowing the user to see what tteellnneettdd is doing.  There
-                  are several possible values for _d_e_b_u_g_m_o_d_e:
-
-                  ooppttiioonnss   Prints information about the negotiation of TELNET
-                            options.
-
-                  rreeppoorrtt    Prints the ooppttiioonnss information, plus some addi-
-                            tional information about what processing is going
-                            on.
-
-                  nneettddaattaa   Displays the data stream received by tteellnneettdd.
-
-                  ppttyyddaattaa   Displays data written to the pty.
-
-                  eexxeerrcciissee  Has not been implemented yet.
-
-     --hh           Disables the printing of host-specific information before
-                  login has been completed.
-
-     --kk
-
-     --ll           Ignored.
-
-     --nn           Disable TCP keep-alives.  Normally tteellnneettdd enables the TCP
-                  keep-alive mechanism to probe connections that have been
-                  idle for some period of time to determine if the client is
-                  still there, so that idle connections from machines that
-                  have crashed or can no longer be reached may be cleaned up.
-
-     --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y
-                  This option is only enabled when tteellnneettdd is compiled for
-                  UNICOS.  It specifies an inclusive range of pseudo-terminal
-                  devices to use.  If the system has sysconf variable
-                  _SC_CRAY_NPTY configured, the default pty search range is 0
-                  to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128.
-                  Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing
-                  either end of the search range.  If _l_o_w_p_t_y is omitted, the -
-                  character is still required so that tteellnneettdd can differenti-
-                  ate _h_i_g_h_p_t_y from _l_o_w_p_t_y.
-
-     --SS _t_o_s
-
-     --uu _l_e_n       This option is used to specify the size of the field in the
-                  utmp structure that holds the remote host name.  If the re-
-                  solved host name is longer than _l_e_n, the dotted decimal val-
-                  ue will be used instead.  This allows hosts with very long
-                  host names that overflow this field to still be uniquely
-                  identified.  Specifying --uu00 indicates that only dotted deci-
-                  mal addresses should be put into the _u_t_m_p file.
-
-     --UU           This option causes tteellnneettdd to refuse connections from ad-
-                  dresses that cannot be mapped back into a symbolic name via
-                  the gethostbyaddr(3) routine.
-
-     --XX _a_u_t_h_t_y_p_e  This option is only valid if tteellnneettdd has been built with
-                  support for the authentication option.  It disables the use
-                  of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily
-                  disable a specific authentication type without having to re-
-                  compile tteellnneettdd.
-
-     --LL _p_a_t_h_n_a_m_e  Specify pathname to an alternative login program.
-
-     --yy           Makes tteellnneettdd not warn when a user is trying to login with a
-                  cleartext password.
-
-     TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4)) for
-     a client, then creating a login process which has the slave side of the
-     pseudo-terminal as stdin, stdout and stderr.  TTeellnneettdd manipulates the
-     master side of the pseudo-terminal, implementing the TELNET protocol and
-     passing characters between the remote client and the login process.
-
-     When a TELNET session is started up, tteellnneettdd sends TELNET options to the
-     client side indicating a willingness to do the following TELNET options,
-     which are described in more detail below:
-
-           DO AUTHENTICATION
-           WILL ENCRYPT
-           DO TERMINAL TYPE
-           DO TSPEED
-           DO XDISPLOC
-           DO NEW-ENVIRON
-           DO ENVIRON
-           WILL SUPPRESS GO AHEAD
-           DO ECHO
-           DO LINEMODE
-           DO NAWS
-           WILL STATUS
-           DO LFLOW
-           DO TIMING-MARK
-
-     The pseudo-terminal allocated to the client is configured to operate in
-     ``cooked'' mode, and with XTABS and CRMOD enabled (see tty(4)).
-
-     TTeellnneettdd has support for enabling locally the following TELNET options:
-
-     WILL ECHO          When the LINEMODE option is enabled, a WILL ECHO or
-                        WONT ECHO will be sent to the client to indicate the
-                        current state of terminal echoing.  When terminal echo
-                        is not desired, a WILL ECHO is sent to indicate that
-                        telnetd will take care of echoing any data that needs
-                        to be echoed to the terminal, and then nothing is
-                        echoed.  When terminal echo is desired, a WONT ECHO is
-                        sent to indicate that telnetd will not be doing any
-                        terminal echoing, so the client should do any terminal
-                        echoing that is needed.
-
-     WILL BINARY        Indicates that the client is willing to send a 8 bits
-                        of data, rather than the normal 7 bits of the Network
-                        Virtual Terminal.
-
-     WILL SGA           Indicates that it will not be sending IAC GA, go
-                        ahead, commands.
-
-     WILL STATUS        Indicates a willingness to send the client, upon re-
-                        quest, of the current status of all TELNET options.
-
-     WILL TIMING-MARK   Whenever a DO TIMING-MARK command is received, it is
-                        always responded to with a WILL TIMING-MARK
-
-     WILL LOGOUT        When a DO LOGOUT is received, a WILL LOGOUT is sent in
-                        response, and the TELNET session is shut down.
-
-     WILL ENCRYPT       Only sent if tteellnneettdd is compiled with support for data
-                        encryption, and indicates a willingness to decrypt the
-                        data stream.
-
-     TTeellnneettdd has support for enabling remotely the following TELNET options:
-
-     DO BINARY          Sent to indicate that telnetd is willing to receive an
-                        8 bit data stream.
-
-     DO LFLOW           Requests that the client handle flow control charac-
-                        ters remotely.
-
-     DO ECHO            This is not really supported, but is sent to identify
-                        a 4.2BSD telnet(1) client, which will improperly re-
-                        spond with WILL ECHO.  If a WILL ECHO is received, a
-                        DONT ECHO will be sent in response.
-
-     DO TERMINAL-TYPE   Indicates a desire to be able to request the name of
-                        the type of terminal that is attached to the client
-                        side of the connection.
-
-     DO SGA             Indicates that it does not need to receive IAC GA, the
-                        go ahead command.
-
-     DO NAWS            Requests that the client inform the server when the
-                        window (display) size changes.
-
-     DO TERMINAL-SPEED  Indicates a desire to be able to request information
-                        about the speed of the serial line to which the client
-                        is attached.
-
-     DO XDISPLOC        Indicates a desire to be able to request the name of
-                        the X windows display that is associated with the tel-
-                        net client.
-
-     DO NEW-ENVIRON     Indicates a desire to be able to request environment
-                        variable information, as described in RFC 1572.
-
-     DO ENVIRON         Indicates a desire to be able to request environment
-                        variable information, as described in RFC 1408.
-
-     DO LINEMODE        Only sent if tteellnneettdd is compiled with support for
-                        linemode, and requests that the client do line by line
-                        processing.
-
-     DO TIMING-MARK     Only sent if tteellnneettdd is compiled with support for both
-                        linemode and kludge linemode, and the client responded
-                        with WONT LINEMODE.  If the client responds with WILL
-                        TM, the it is assumed that the client supports kludge
-                        linemode.  Note that the [--kk] option can be used to
-                        disable this.
-
-     DO AUTHENTICATION  Only sent if tteellnneettdd is compiled with support for au-
-                        thentication, and indicates a willingness to receive
-                        authentication information for automatic login.
-
-     DO ENCRYPT         Only sent if tteellnneettdd is compiled with support for data
-                        encryption, and indicates a willingness to decrypt the
-                        data stream.
-
-FFIILLEESS
-     /etc/services
-     /etc/inittab   (UNICOS systems only)
-     /etc/iptos     (if supported)
-
-SSEEEE AALLSSOO
-     telnet(1), login(1)
-
-SSTTAANNDDAARRDDSS
-     RRFFCC--885544   TELNET PROTOCOL SPECIFICATION
-     RRFFCC--885555   TELNET OPTION SPECIFICATIONS
-     RRFFCC--885566   TELNET BINARY TRANSMISSION
-     RRFFCC--885577   TELNET ECHO OPTION
-     RRFFCC--885588   TELNET SUPPRESS GO AHEAD OPTION
-     RRFFCC--885599   TELNET STATUS OPTION
-     RRFFCC--886600   TELNET TIMING MARK OPTION
-     RRFFCC--886611   TELNET EXTENDED OPTIONS - LIST OPTION
-     RRFFCC--888855   TELNET END OF RECORD OPTION
-     RRFFCC--11007733  Telnet Window Size Option
-     RRFFCC--11007799  Telnet Terminal Speed Option
-     RRFFCC--11009911  Telnet Terminal-Type Option
-     RRFFCC--11009966  Telnet X Display Location Option
-     RRFFCC--11112233  Requirements for Internet Hosts -- Application and Support
-     RRFFCC--11118844  Telnet Linemode Option
-     RRFFCC--11337722  Telnet Remote Flow Control Option
-     RRFFCC--11441166  Telnet Authentication Option
-     RRFFCC--11441111  Telnet Authentication: Kerberos Version 4
-     RRFFCC--11441122  Telnet Authentication: SPX
-     RRFFCC--11557711  Telnet Environment Option Interoperability Issues
-     RRFFCC--11557722  Telnet Environment Option
-
-BBUUGGSS
-     Some TELNET commands are only partially implemented.
-
-     Because of bugs in the original 4.2 BSD telnet(1), tteellnneettdd performs some
-     dubious protocol exchanges to try to discover if the remote client is, in
-     fact, a 4.2 BSD telnet(1).
-
-     Binary mode has no common interpretation except between similar operating
-     systems (Unix in this case).
-
-     The terminal type name received from the remote client is converted to
-     lower case.
-
-     TTeellnneettdd never sends TELNET IAC GA (go ahead) commands.
-
-4.2 Berkeley Distribution        June 1, 1994                                5
diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.h b/crypto/heimdal/appl/telnet/telnetd/telnetd.h
deleted file mode 100644
index 65046073e923..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/telnetd.h
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
- */
-
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif /* HAVE_SYS_RESOURCE_H */
-
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-/* including both <sys/ioctl.h> and <termios.h> in SunOS 4 generates a
-   lot of warnings */
-
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-
-#include <signal.h>
-#include <errno.h>
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#include <ctype.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <termios.h>
-
-#ifdef HAVE_PTY_H
-#include <pty.h>
-#endif
-
-#include "defs.h"
-
-#ifndef _POSIX_VDISABLE
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((unsigned char)'\377')
-# endif
-#endif
-
-
-#ifdef HAVE_SYS_PTY_H
-#include <sys/pty.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#ifdef HAVE_SYS_PTYIO_H
-#include <sys/ptyio.h>
-#endif
-
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
-#include "ext.h"
-
-#ifdef SOCKS
-#include <socks.h>
-/* This doesn't belong here. */
-struct tm *localtime(const time_t *);
-struct hostent  *gethostbyname(const char *);
-#endif
-
-#ifdef KRB4
-#include <krb.h>
-#endif
-
-#ifdef AUTHENTICATION
-#include <libtelnet/auth.h>
-#include <libtelnet/misc.h>
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-#endif
-
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-
-#include <roken.h>
-
-/* Don't use the system login, use our version instead */
-
-/* BINDIR should be defined somewhere else... */
-
-#ifndef BINDIR
-#define BINDIR "/usr/athena/bin"
-#endif
-
-#undef _PATH_LOGIN
-#define _PATH_LOGIN	BINDIR "/login"
-
-/* fallbacks */
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-
-#ifndef _PATH_TTY
-#define _PATH_TTY "/dev/tty"
-#endif /* _PATH_TTY */
-
-#ifdef	DIAGNOSTICS
-#define	DIAG(a,b)	if (diagnostic & (a)) b
-#else
-#define	DIAG(a,b)
-#endif
-
-/* other external variables */
-extern	char **environ;
-
-/* prototypes */
-
-/* appends data to nfrontp and advances */
-int output_data (const char *format, ...)
-#ifdef __GNUC__
-__attribute__ ((format (printf, 1, 2)))
-#endif
-;
diff --git a/crypto/heimdal/appl/telnet/telnetd/termstat.c b/crypto/heimdal/appl/telnet/telnetd/termstat.c
deleted file mode 100644
index a223269f0374..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/termstat.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "telnetd.h"
-
-RCSID("$Id: termstat.c,v 1.12 2001/08/29 00:45:23 assar Exp $");
-
-/*
- * local variables
- */
-int def_tspeed = -1, def_rspeed = -1;
-#ifdef	TIOCSWINSZ
-int def_row = 0, def_col = 0;
-#endif
-
-/*
- * flowstat
- *
- * Check for changes to flow control
- */
-void
-flowstat(void)
-{
-    if (his_state_is_will(TELOPT_LFLOW)) {
-	if (tty_flowmode() != flowmode) {
-	    flowmode = tty_flowmode();
-	    output_data("%c%c%c%c%c%c",
-			IAC, SB, TELOPT_LFLOW,
-			flowmode ? LFLOW_ON : LFLOW_OFF,
-			IAC, SE);
-	}
-	if (tty_restartany() != restartany) {
-	    restartany = tty_restartany();
-	    output_data("%c%c%c%c%c%c",
-			IAC, SB, TELOPT_LFLOW,
-			restartany ? LFLOW_RESTART_ANY
-			: LFLOW_RESTART_XON,
-			IAC, SE);
-	}
-    }
-}
-
-/*
- * clientstat
- *
- * Process linemode related requests from the client.
- * Client can request a change to only one of linemode, editmode or slc's
- * at a time, and if using kludge linemode, then only linemode may be
- * affected.
- */
-void
-clientstat(int code, int parm1, int parm2)
-{
-    /*
-     * Get a copy of terminal characteristics.
-     */
-    init_termbuf();
-
-    /*
-     * Process request from client. code tells what it is.
-     */
-    switch (code) {
-    case TELOPT_NAWS:
-#ifdef	TIOCSWINSZ
-	{
-	    struct winsize ws;
-
-	    def_col = parm1;
-	    def_row = parm2;
-
-	    /*
-	     * Change window size as requested by client.
-	     */
-
-	    ws.ws_col = parm1;
-	    ws.ws_row = parm2;
-	    ioctl(ourpty, TIOCSWINSZ, (char *)&ws);
-	}
-#endif	/* TIOCSWINSZ */
-
-    break;
-
-    case TELOPT_TSPEED:
-	{
-	    def_tspeed = parm1;
-	    def_rspeed = parm2;
-	    /*
-	     * Change terminal speed as requested by client.
-	     * We set the receive speed first, so that if we can't
-	     * store seperate receive and transmit speeds, the transmit
-	     * speed will take precedence.
-	     */
-	    tty_rspeed(parm2);
-	    tty_tspeed(parm1);
-	    set_termbuf();
-
-	    break;
-
-	}  /* end of case TELOPT_TSPEED */
-
-    default:
-	/* What? */
-	break;
-    }  /* end of switch */
-
-    netflush();
-
-}
diff --git a/crypto/heimdal/appl/telnet/telnetd/utility.c b/crypto/heimdal/appl/telnet/telnetd/utility.c
deleted file mode 100644
index a98b3fc79060..000000000000
--- a/crypto/heimdal/appl/telnet/telnetd/utility.c
+++ /dev/null
@@ -1,1170 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#define PRINTOPTIONS
-#include "telnetd.h"
-
-RCSID("$Id: utility.c,v 1.27 2001/09/03 05:54:17 assar Exp $");
-
-/*
- * utility functions performing io related tasks
- */
-
-/*
- * ttloop
- *
- * A small subroutine to flush the network output buffer, get some
- * data from the network, and pass it through the telnet state
- * machine.  We also flush the pty input buffer (by dropping its data)
- * if it becomes too full.
- *
- * return 0 if OK or 1 if interrupted by a signal.
- */
-
-int
-ttloop(void)
-{
-    DIAG(TD_REPORT, {
-	output_data("td: ttloop\r\n");
-    });
-    if (nfrontp-nbackp)
-	netflush();
-    ncc = read(net, netibuf, sizeof netibuf);
-    if (ncc < 0) {
-	if (errno == EINTR)
-	    return 1;
-	syslog(LOG_INFO, "ttloop:  read: %m\n");
-	exit(1);
-    } else if (ncc == 0) {
-	syslog(LOG_INFO, "ttloop:  peer died\n");
-	exit(1);
-    }
-    DIAG(TD_REPORT, {
-	output_data("td: ttloop read %d chars\r\n", ncc);
-    });
-    netip = netibuf;
-    telrcv();			/* state machine */
-    if (ncc > 0) {
-	pfrontp = pbackp = ptyobuf;
-	telrcv();
-    }
-    return 0;
-}  /* end of ttloop */
-
-/*
- * Check a descriptor to see if out of band data exists on it.
- */
-int
-stilloob(int s)
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    if (s >= FD_SETSIZE)
-	fatal(ourpty, "fd too large");
-
-    do {
-	FD_ZERO(&excepts);
-	FD_SET(s, &excepts);
-	value = select(s+1, 0, 0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	fatalperror(ourpty, "select");
-    }
-    if (FD_ISSET(s, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-void
-ptyflush(void)
-{
-    int n;
-
-    if ((n = pfrontp - pbackp) > 0) {
-	DIAG((TD_REPORT | TD_PTYDATA), { 
-	    output_data("td: ptyflush %d chars\r\n", n);
-	});
-	DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
-	n = write(ourpty, pbackp, n);
-    }
-    if (n < 0) {
-	if (errno == EWOULDBLOCK || errno == EINTR)
-	    return;
-	cleanup(0);
-    }
-    pbackp += n;
-    if (pbackp == pfrontp)
-	pbackp = pfrontp = ptyobuf;
-}
-
-/*
- * nextitem()
- *
- *	Return the address of the next "item" in the TELNET data
- * stream.  This will be the address of the next character if
- * the current address is a user data character, or it will
- * be the address of the character following the TELNET command
- * if the current address is a TELNET IAC ("I Am a Command")
- * character.
- */
-char *
-nextitem(char *current)
-{
-    if ((*current&0xff) != IAC) {
-	return current+1;
-    }
-    switch (*(current+1)&0xff) {
-    case DO:
-    case DONT:
-    case WILL:
-    case WONT:
-	return current+3;
-    case SB:{
-	/* loop forever looking for the SE */
-	char *look = current+2;
-
-	for (;;) {
-	    if ((*look++&0xff) == IAC) {
-		if ((*look++&0xff) == SE) {
-		    return look;
-		}
-	    }
-	}
-    }
-    default:
-	return current+2;
-    }
-}
-
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-void
-netclear(void)
-{
-    char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-			 ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-#ifdef ENCRYPTION
-	thisitem = nclearto > netobuf ? nclearto : netobuf;
-#else
-	thisitem = netobuf;
-#endif
-
-	while ((next = nextitem(thisitem)) <= nbackp) {
-	    thisitem = next;
-	}
-
-	/* Now, thisitem is first before/at boundary. */
-
-#ifdef ENCRYPTION
-	good = nclearto > netobuf ? nclearto : netobuf;
-#else
-	good = netobuf;	/* where the good bytes go */
-#endif
-
-	while (nfrontp > thisitem) {
-	    if (wewant(thisitem)) {
-		int length;
-
-		next = thisitem;
-		do {
-		    next = nextitem(next);
-		} while (wewant(next) && (nfrontp > next));
-		length = next-thisitem;
-		memmove(good, thisitem, length);
-		good += length;
-		thisitem = next;
-	    } else {
-		thisitem = nextitem(thisitem);
-	    }
-	}
-
-	nbackp = netobuf;
-	nfrontp = good;		/* next byte to be sent */
-	neturg = 0;
-}  /* end of netclear */
-
-extern int not42;
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- */
-void
-netflush(void)
-{
-    int n;
-
-    if ((n = nfrontp - nbackp) > 0) {
-	DIAG(TD_REPORT,
-	     { n += output_data("td: netflush %d chars\r\n", n);
-	     });
-#ifdef ENCRYPTION
-	if (encrypt_output) {
-	    char *s = nclearto ? nclearto : nbackp;
-	    if (nfrontp - s > 0) {
-		(*encrypt_output)((unsigned char *)s, nfrontp-s);
-		nclearto = nfrontp;
-	    }
-	}
-#endif
-	/*
-	 * if no urgent data, or if the other side appears to be an
-	 * old 4.2 client (and thus unable to survive TCP urgent data),
-	 * write the entire buffer in non-OOB mode.
-	 */
-#if 1 /* remove this to make it work between solaris 2.6 and linux */
-	if ((neturg == 0) || (not42 == 0)) {
-#endif
-	    n = write(net, nbackp, n);	/* normal write */
-#if 1 /* remove this to make it work between solaris 2.6 and linux */
-	} else {
-	    n = neturg - nbackp;
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    if (n > 1) {
-		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
-	    } else {
-		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
-	    }
-	}
-#endif
-    }
-    if (n < 0) {
-	if (errno == EWOULDBLOCK || errno == EINTR)
-	    return;
-	cleanup(0);
-    }
-    nbackp += n;
-#ifdef ENCRYPTION
-    if (nbackp > nclearto)
-	nclearto = 0;
-#endif
-    if (nbackp >= neturg) {
-	neturg = 0;
-    }
-    if (nbackp == nfrontp) {
-	nbackp = nfrontp = netobuf;
-#ifdef ENCRYPTION
-	nclearto = 0;
-#endif
-    }
-    return;
-}
-
-
-/*
- * writenet
- *
- * Just a handy little function to write a bit of raw data to the net.
- * It will force a transmit of the buffer if necessary
- *
- * arguments
- *    ptr - A pointer to a character string to write
- *    len - How many bytes to write
- */
-void
-writenet(unsigned char *ptr, int len)
-{
-    /* flush buffer if no room for new data) */
-    while ((&netobuf[BUFSIZ] - nfrontp) < len) {
-	/* if this fails, don't worry, buffer is a little big */
-	netflush();
-    }
-
-    memmove(nfrontp, ptr, len);
-    nfrontp += len;
-}
-
-
-/*
- * miscellaneous functions doing a variety of little jobs follow ...
- */
-
-
-void fatal(int f, char *msg)
-{
-    char buf[BUFSIZ];
-
-    snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
-#ifdef ENCRYPTION
-    if (encrypt_output) {
-	/*
-	 * Better turn off encryption first....
-	 * Hope it flushes...
-	 */
-	encrypt_send_end();
-	netflush();
-    }
-#endif
-    write(f, buf, (int)strlen(buf));
-    sleep(1);	/*XXX*/
-    exit(1);
-}
-
-void
-fatalperror_errno(int f, const char *msg, int error)
-{
-    char buf[BUFSIZ];
-    
-    snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(error));
-    fatal(f, buf);
-}
-
-void
-fatalperror(int f, const char *msg)
-{
-    fatalperror_errno(f, msg, errno);
-}
-
-char editedhost[32];
-
-void edithost(char *pat, char *host)
-{
-    char *res = editedhost;
-
-    if (!pat)
-	pat = "";
-    while (*pat) {
-	switch (*pat) {
-
-	case '#':
-	    if (*host)
-		host++;
-	    break;
-
-	case '@':
-	    if (*host)
-		*res++ = *host++;
-	    break;
-
-	default:
-	    *res++ = *pat;
-	    break;
-	}
-	if (res == &editedhost[sizeof editedhost - 1]) {
-	    *res = '\0';
-	    return;
-	}
-	pat++;
-    }
-    if (*host)
-	strlcpy (res, host,
-			 sizeof editedhost - (res - editedhost));
-    else
-	*res = '\0';
-    editedhost[sizeof editedhost - 1] = '\0';
-}
-
-static char *putlocation;
-
-void
-putstr(char *s)
-{
-
-    while (*s)
-	putchr(*s++);
-}
-
-void
-putchr(int cc)
-{
-    *putlocation++ = cc;
-}
-
-/*
- * This is split on two lines so that SCCS will not see the M
- * between two % signs and expand it...
- */
-static char fmtstr[] = { "%l:%M" "%P on %A, %d %B %Y" };
-
-void putf(char *cp, char *where)
-{
-#ifdef HAVE_UNAME
-    struct utsname name;
-#endif
-    char *slash;
-    time_t t;
-    char db[100];
-
-    /* if we don't have uname, set these to sensible values */
-    char *sysname = "Unix", 
-	*machine = "", 
-	*release = "",
-	*version = ""; 
-
-#ifdef HAVE_UNAME
-    uname(&name);
-    sysname=name.sysname;
-    machine=name.machine;
-    release=name.release;
-    version=name.version;
-#endif
-
-    putlocation = where;
-
-    while (*cp) {
-	if (*cp != '%') {
-	    putchr(*cp++);
-	    continue;
-	}
-	switch (*++cp) {
-
-	case 't':
-#ifdef	STREAMSPTY
-	    /* names are like /dev/pts/2 -- we want pts/2 */
-	    slash = strchr(line+1, '/');
-#else
-	    slash = strrchr(line, '/');
-#endif
-	    if (slash == (char *) 0)
-		putstr(line);
-	    else
-		putstr(&slash[1]);
-	    break;
-
-	case 'h':
-	    putstr(editedhost);
-	    break;
-
-	case 's':
-	    putstr(sysname);
-	    break;
-
-	case 'm':
-	    putstr(machine);
-	    break;
-
-	case 'r':
-	    putstr(release);
-	    break;
-
-	case 'v':
-	    putstr(version);
-	    break;
-
-	case 'd':
-	    time(&t);
-	    strftime(db, sizeof(db), fmtstr, localtime(&t));
-	    putstr(db);
-	    break;
-
-	case '%':
-	    putchr('%');
-	    break;
-	}
-	cp++;
-    }
-}
-
-#ifdef DIAGNOSTICS
-/*
- * Print telnet options and commands in plain text, if possible.
- */
-void
-printoption(char *fmt, int option)
-{
-    if (TELOPT_OK(option))
-	output_data("%s %s\r\n",
-		    fmt,
-		    TELOPT(option));
-    else if (TELCMD_OK(option))
-	output_data("%s %s\r\n",
-		    fmt,
-		    TELCMD(option));
-    else
-	output_data("%s %d\r\n",
-		    fmt,
-		    option);
-    return;
-}
-
-void
-printsub(int direction, unsigned char *pointer, int length)
-        		          	/* '<' or '>' */
-                 	         	/* where suboption data sits */
-       			       		/* length of suboption data */
-{
-    int i = 0;
-    unsigned char buf[512];
-
-    if (!(diagnostic & TD_OPTIONS))
-	return;
-
-    if (direction) {
-	output_data("td: %s suboption ",
-		    direction == '<' ? "recv" : "send");
-	if (length >= 3) {
-	    int j;
-
-	    i = pointer[length-2];
-	    j = pointer[length-1];
-
-	    if (i != IAC || j != SE) {
-		output_data("(terminated by ");
-		if (TELOPT_OK(i))
-		    output_data("%s ",
-				TELOPT(i));
-		else if (TELCMD_OK(i))
-		    output_data("%s ",
-				TELCMD(i));
-		else
-		    output_data("%d ",
-				i);
-		if (TELOPT_OK(j))
-		    output_data("%s",
-				TELOPT(j));
-		else if (TELCMD_OK(j))
-		    output_data("%s",
-				TELCMD(j));
-		else
-		    output_data("%d",
-				j);
-		output_data(", not IAC SE!) ");
-	    }
-	}
-	length -= 2;
-    }
-    if (length < 1) {
-	output_data("(Empty suboption??\?)");
-	return;
-    }
-    switch (pointer[0]) {
-    case TELOPT_TTYPE:
-	output_data("TERMINAL-TYPE ");
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data("IS \"%.*s\"",
-			length-2,
-			(char *)pointer+2);
-	    break;
-	case TELQUAL_SEND:
-	    output_data("SEND");
-	    break;
-	default:
-	    output_data("- unknown qualifier %d (0x%x).",
-			pointer[1], pointer[1]);
-	}
-	break;
-    case TELOPT_TSPEED:
-	output_data("TERMINAL-SPEED");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data(" IS %.*s", length-2, (char *)pointer+2);
-	    break;
-	default:
-	    if (pointer[1] == 1)
-		output_data(" SEND");
-	    else
-		output_data(" %d (unknown)", pointer[1]);
-	    for (i = 2; i < length; i++) {
-		output_data(" ?%d?", pointer[i]);
-	    }
-	    break;
-	}
-	break;
-
-    case TELOPT_LFLOW:
-	output_data("TOGGLE-FLOW-CONTROL");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case LFLOW_OFF:
-	    output_data(" OFF");
-	    break;
-	case LFLOW_ON:
-	    output_data(" ON");
-	    break;
-	case LFLOW_RESTART_ANY:
-	    output_data(" RESTART-ANY");
-	    break;
-	case LFLOW_RESTART_XON:
-	    output_data(" RESTART-XON");
-	    break;
-	default:
-	    output_data(" %d (unknown)",
-			pointer[1]);
-	}
-	for (i = 2; i < length; i++) {
-	    output_data(" ?%d?",
-			pointer[i]);
-	}
-	break;
-
-    case TELOPT_NAWS:
-	output_data("NAWS");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	if (length == 2) {
-	    output_data(" ?%d?",
-			pointer[1]);
-	    break;
-	}
-	output_data(" %u %u(%u)",
-		    pointer[1],
-		    pointer[2],
-		    (((unsigned int)pointer[1])<<8) + pointer[2]);
-	if (length == 4) {
-	    output_data(" ?%d?",
-			pointer[3]);
-	    break;
-	}
-	output_data(" %u %u(%u)",
-		    pointer[3],
-		    pointer[4],
-		    (((unsigned int)pointer[3])<<8) + pointer[4]);
-	for (i = 5; i < length; i++) {
-	    output_data(" ?%d?",
-			pointer[i]);
-	}
-	break;
-
-    case TELOPT_LINEMODE:
-	output_data("LINEMODE ");
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case WILL:
-	    output_data("WILL ");
-	    goto common;
-	case WONT:
-	    output_data("WONT ");
-	    goto common;
-	case DO:
-	    output_data("DO ");
-	    goto common;
-	case DONT:
-	    output_data("DONT ");
-	common:
-	    if (length < 3) {
-		output_data("(no option??\?)");
-		break;
-	    }
-	    switch (pointer[2]) {
-	    case LM_FORWARDMASK:
-		output_data("Forward Mask");
-		for (i = 3; i < length; i++) {
-		    output_data(" %x", pointer[i]);
-		}
-		break;
-	    default:
-		output_data("%d (unknown)",
-			    pointer[2]);
-		for (i = 3; i < length; i++) {
-		    output_data(" %d",
-				pointer[i]);
-		}
-		break;
-	    }
-	    break;
-
-	case LM_SLC:
-	    output_data("SLC");
-	    for (i = 2; i < length - 2; i += 3) {
-		if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-		    output_data(" %s",
-				SLC_NAME(pointer[i+SLC_FUNC]));
-		else
-		    output_data(" %d",
-				pointer[i+SLC_FUNC]);
-		switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		case SLC_NOSUPPORT:
-		    output_data(" NOSUPPORT");
-		    break;
-		case SLC_CANTCHANGE:
-		    output_data(" CANTCHANGE");
-		    break;
-		case SLC_VARIABLE:
-		    output_data(" VARIABLE");
-		    break;
-		case SLC_DEFAULT:
-		    output_data(" DEFAULT");
-		    break;
-		}
-		output_data("%s%s%s",
-			    pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			    pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			    pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-					    SLC_FLUSHOUT| SLC_LEVELBITS)) {
-		    output_data("(0x%x)",
-				pointer[i+SLC_FLAGS]);
-		}
-		output_data(" %d;",
-			    pointer[i+SLC_VALUE]);
-		if ((pointer[i+SLC_VALUE] == IAC) &&
-		    (pointer[i+SLC_VALUE+1] == IAC))
-		    i++;
-	    }
-	    for (; i < length; i++) {
-		output_data(" ?%d?",
-			    pointer[i]);
-	    }
-	    break;
-
-	case LM_MODE:
-	    output_data("MODE ");
-	    if (length < 3) {
-		output_data("(no mode??\?)");
-		break;
-	    }
-	    {
-		char tbuf[32];
-		snprintf(tbuf,
-			 sizeof(tbuf),
-			 "%s%s%s%s%s",
-			 pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			 pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			 pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			 pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			 pointer[2]&MODE_ACK ? "|ACK" : "");
-		output_data("%s",
-			    tbuf[1] ? &tbuf[1] : "0");
-	    }
-	    if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
-		output_data(" (0x%x)",
-			    pointer[2]);
-	    }
-	    for (i = 3; i < length; i++) {
-		output_data(" ?0x%x?",
-			 pointer[i]);
-	    }
-	    break;
-	default:
-	    output_data("%d (unknown)",
-			pointer[1]);
-	    for (i = 2; i < length; i++) {
-		output_data(" %d", pointer[i]);
-	    }
-	}
-	break;
-
-    case TELOPT_STATUS: {
-	char *cp;
-	int j, k;
-
-	output_data("STATUS");
-
-	switch (pointer[1]) {
-	default:
-	    if (pointer[1] == TELQUAL_SEND)
-		output_data(" SEND");
-	    else
-		output_data(" %d (unknown)",
-			    pointer[1]);
-	    for (i = 2; i < length; i++) {
-		output_data(" ?%d?",
-			    pointer[i]);
-	    }
-	    break;
-	case TELQUAL_IS:
-	    output_data(" IS\r\n");
-
-	    for (i = 2; i < length; i++) {
-		switch(pointer[i]) {
-		case DO:	cp = "DO"; goto common2;
-		case DONT:	cp = "DONT"; goto common2;
-		case WILL:	cp = "WILL"; goto common2;
-		case WONT:	cp = "WONT"; goto common2;
-		common2:
-		i++;
-		if (TELOPT_OK(pointer[i]))
-		    output_data(" %s %s",
-				cp,
-				TELOPT(pointer[i]));
-		else
-		    output_data(" %s %d",
-				cp,
-				pointer[i]);
-
-		output_data("\r\n");
-		break;
-
-		case SB:
-		    output_data(" SB ");
-		    i++;
-		    j = k = i;
-		    while (j < length) {
-			if (pointer[j] == SE) {
-			    if (j+1 == length)
-				break;
-			    if (pointer[j+1] == SE)
-				j++;
-			    else
-				break;
-			}
-			pointer[k++] = pointer[j++];
-		    }
-		    printsub(0, &pointer[i], k - i);
-		    if (i < length) {
-			output_data(" SE");
-			i = j;
-		    } else
-			i = j - 1;
-
-		    output_data("\r\n");
-
-		    break;
-
-		default:
-		    output_data(" %d",
-				pointer[i]);
-		    break;
-		}
-	    }
-	    break;
-	}
-	break;
-    }
-
-    case TELOPT_XDISPLOC:
-	output_data("X-DISPLAY-LOCATION ");
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data("IS \"%.*s\"",
-			length-2,
-			(char *)pointer+2);
-	    break;
-	case TELQUAL_SEND:
-	    output_data("SEND");
-	    break;
-	default:
-	    output_data("- unknown qualifier %d (0x%x).",
-			pointer[1], pointer[1]);
-	}
-	break;
-
-    case TELOPT_NEW_ENVIRON:
-	output_data("NEW-ENVIRON ");
-	goto env_common1;
-    case TELOPT_OLD_ENVIRON:
-	output_data("OLD-ENVIRON");
-    env_common1:
-	switch (pointer[1]) {
-	case TELQUAL_IS:
-	    output_data("IS ");
-	    goto env_common;
-	case TELQUAL_SEND:
-	    output_data("SEND ");
-	    goto env_common;
-	case TELQUAL_INFO:
-	    output_data("INFO ");
-	env_common:
-	    {
-		int noquote = 2;
-		for (i = 2; i < length; i++ ) {
-		    switch (pointer[i]) {
-		    case NEW_ENV_VAR:
-			output_data("\" VAR " + noquote);
-			noquote = 2;
-			break;
-
-		    case NEW_ENV_VALUE:
-			output_data("\" VALUE " + noquote);
-			noquote = 2;
-			break;
-
-		    case ENV_ESC:
-			output_data("\" ESC " + noquote);
-			noquote = 2;
-			break;
-
-		    case ENV_USERVAR:
-			output_data("\" USERVAR " + noquote);
-			noquote = 2;
-			break;
-
-		    default:
-			if (isprint(pointer[i]) && pointer[i] != '"') {
-			    if (noquote) {
-				output_data ("\"");
-				noquote = 0;
-			    }
-			    output_data ("%c", pointer[i]);
-			} else {
-			    output_data("\" %03o " + noquote,
-					pointer[i]);
-			    noquote = 2;
-			}
-			break;
-		    }
-		}
-		if (!noquote)
-		    output_data ("\"");
-		break;
-	    }
-	}
-	break;
-
-#ifdef AUTHENTICATION
-    case TELOPT_AUTHENTICATION:
-	output_data("AUTHENTICATION");
-
-	if (length < 2) {
-	    output_data(" (empty suboption??\?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case TELQUAL_REPLY:
-	case TELQUAL_IS:
-	    output_data(" %s ",
-			(pointer[1] == TELQUAL_IS) ?
-			"IS" : "REPLY");
-	    if (AUTHTYPE_NAME_OK(pointer[2]))
-		output_data("%s ",
-			    AUTHTYPE_NAME(pointer[2]));
-	    else
-		output_data("%d ",
-			    pointer[2]);
-	    if (length < 3) {
-		output_data("(partial suboption??\?)");
-		break;
-	    }
-	    output_data("%s|%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY");
-
-	    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-	    output_data("%s",
-			buf);
-	    break;
-
-	case TELQUAL_SEND:
-	    i = 2;
-	    output_data(" SEND ");
-	    while (i < length) {
-		if (AUTHTYPE_NAME_OK(pointer[i]))
-		    output_data("%s ",
-				AUTHTYPE_NAME(pointer[i]));
-		else
-		    output_data("%d ",
-				pointer[i]);
-		if (++i >= length) {
-		    output_data("(partial suboption??\?)");
-		    break;
-		}
-		output_data("%s|%s ",
-			    ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			    "CLIENT" : "SERVER",
-			    ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			    "MUTUAL" : "ONE-WAY");
-		++i;
-	    }
-	    break;
-
-	case TELQUAL_NAME:
-	    i = 2;
-	    output_data(" NAME \"%.*s\"",
-			length - 2,
-			pointer);
-	    break;
-
-	default:
-	    for (i = 2; i < length; i++) {
-		output_data(" ?%d?",
-			    pointer[i]);
-	    }
-	    break;
-	}
-	break;
-#endif
-
-#ifdef ENCRYPTION
-    case TELOPT_ENCRYPT:
-	output_data("ENCRYPT");
-	if (length < 2) {
-	    output_data(" (empty suboption?)");
-	    break;
-	}
-	switch (pointer[1]) {
-	case ENCRYPT_START:
-	    output_data(" START");
-	    break;
-
-	case ENCRYPT_END:
-	    output_data(" END");
-	    break;
-
-	case ENCRYPT_REQSTART:
-	    output_data(" REQUEST-START");
-	    break;
-
-	case ENCRYPT_REQEND:
-	    output_data(" REQUEST-END");
-	    break;
-
-	case ENCRYPT_IS:
-	case ENCRYPT_REPLY:
-	    output_data(" %s ",
-			(pointer[1] == ENCRYPT_IS) ?
-			"IS" : "REPLY");
-	    if (length < 3) {
-		output_data(" (partial suboption?)");
-		break;
-	    }
-	    if (ENCTYPE_NAME_OK(pointer[2]))
-		output_data("%s ",
-			    ENCTYPE_NAME(pointer[2]));
-	    else
-		output_data(" %d (unknown)",
-			    pointer[2]);
-
-	    encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-	    output_data("%s",
-			buf);
-	    break;
-
-	case ENCRYPT_SUPPORT:
-	    i = 2;
-	    output_data(" SUPPORT ");
-	    while (i < length) {
-		if (ENCTYPE_NAME_OK(pointer[i]))
-		    output_data("%s ",
-				ENCTYPE_NAME(pointer[i]));
-		else
-		    output_data("%d ",
-				pointer[i]);
-		i++;
-	    }
-	    break;
-
-	case ENCRYPT_ENC_KEYID:
-	    output_data(" ENC_KEYID %d", pointer[1]);
-	    goto encommon;
-
-	case ENCRYPT_DEC_KEYID:
-	    output_data(" DEC_KEYID %d", pointer[1]);
-	    goto encommon;
-
-	default:
-	    output_data(" %d (unknown)", pointer[1]);
-	encommon:
-	    for (i = 2; i < length; i++) {
-		output_data(" %d", pointer[i]);
-	    }
-	    break;
-	}
-	break;
-#endif
-
-    default:
-	if (TELOPT_OK(pointer[0]))
-	    output_data("%s (unknown)",
-			TELOPT(pointer[0]));
-	else
-	    output_data("%d (unknown)",
-			pointer[i]);
-	for (i = 1; i < length; i++) {
-	    output_data(" %d", pointer[i]);
-	}
-	break;
-    }
-    output_data("\r\n");
-}
-
-/*
- * Dump a data buffer in hex and ascii to the output data stream.
- */
-void
-printdata(char *tag, char *ptr, int cnt)
-{
-    int i;
-    char xbuf[30];
-
-    while (cnt) {
-	/* flush net output buffer if no room for new data) */
-	if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
-	    netflush();
-	}
-
-	/* add a line of output */
-	output_data("%s: ", tag);
-	for (i = 0; i < 20 && cnt; i++) {
-	    output_data("%02x", *ptr);
-	    if (isprint((unsigned char)*ptr)) {
-		xbuf[i] = *ptr;
-	    } else {
-		xbuf[i] = '.';
-	    }
-	    if (i % 2) {
-		output_data(" ");
-	    }
-	    cnt--;
-	    ptr++;
-	}
-	xbuf[i] = '\0';
-	output_data(" %s\r\n", xbuf);
-    }
-}
-#endif /* DIAGNOSTICS */
diff --git a/crypto/heimdal/appl/test/Makefile b/crypto/heimdal/appl/test/Makefile
deleted file mode 100644
index af508b0d1702..000000000000
--- a/crypto/heimdal/appl/test/Makefile
+++ /dev/null
@@ -1,673 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/test/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
-	uu_server uu_client nt_gss_server nt_gss_client
-
-
-tcp_client_SOURCES = tcp_client.c common.c test_locl.h
-
-tcp_server_SOURCES = tcp_server.c common.c test_locl.h
-
-gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-
-gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-
-uu_server_SOURCES = uu_server.c common.c test_locl.h
-
-uu_client_SOURCES = uu_client.c common.c test_locl.h
-
-gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-
-gssapi_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c common.c
-
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c
-
-nt_gss_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_server_LDADD = $(nt_gss_client_LDADD)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = appl/test
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-noinst_PROGRAMS = tcp_client$(EXEEXT) tcp_server$(EXEEXT) \
-	gssapi_server$(EXEEXT) gssapi_client$(EXEEXT) \
-	uu_server$(EXEEXT) uu_client$(EXEEXT) nt_gss_server$(EXEEXT) \
-	nt_gss_client$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-am_gssapi_client_OBJECTS = gssapi_client.$(OBJEXT) gss_common.$(OBJEXT) \
-	common.$(OBJEXT)
-gssapi_client_OBJECTS = $(am_gssapi_client_OBJECTS)
-gssapi_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-gssapi_client_LDFLAGS =
-am_gssapi_server_OBJECTS = gssapi_server.$(OBJEXT) gss_common.$(OBJEXT) \
-	common.$(OBJEXT)
-gssapi_server_OBJECTS = $(am_gssapi_server_OBJECTS)
-gssapi_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-gssapi_server_LDFLAGS =
-am_nt_gss_client_OBJECTS = nt_gss_client.$(OBJEXT) \
-	nt_gss_common.$(OBJEXT) common.$(OBJEXT)
-nt_gss_client_OBJECTS = $(am_nt_gss_client_OBJECTS)
-nt_gss_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-nt_gss_client_LDFLAGS =
-am_nt_gss_server_OBJECTS = nt_gss_server.$(OBJEXT) \
-	nt_gss_common.$(OBJEXT)
-nt_gss_server_OBJECTS = $(am_nt_gss_server_OBJECTS)
-nt_gss_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-nt_gss_server_LDFLAGS =
-am_tcp_client_OBJECTS = tcp_client.$(OBJEXT) common.$(OBJEXT)
-tcp_client_OBJECTS = $(am_tcp_client_OBJECTS)
-tcp_client_LDADD = $(LDADD)
-tcp_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-tcp_client_LDFLAGS =
-am_tcp_server_OBJECTS = tcp_server.$(OBJEXT) common.$(OBJEXT)
-tcp_server_OBJECTS = $(am_tcp_server_OBJECTS)
-tcp_server_LDADD = $(LDADD)
-tcp_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-tcp_server_LDFLAGS =
-am_uu_client_OBJECTS = uu_client.$(OBJEXT) common.$(OBJEXT)
-uu_client_OBJECTS = $(am_uu_client_OBJECTS)
-uu_client_LDADD = $(LDADD)
-uu_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-uu_client_LDFLAGS =
-am_uu_server_OBJECTS = uu_server.$(OBJEXT) common.$(OBJEXT)
-uu_server_OBJECTS = $(am_uu_server_OBJECTS)
-uu_server_LDADD = $(LDADD)
-uu_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-uu_server_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
-	$(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) \
-	$(tcp_client_SOURCES) $(tcp_server_SOURCES) \
-	$(uu_client_SOURCES) $(uu_server_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) $(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) $(tcp_client_SOURCES) $(tcp_server_SOURCES) $(uu_client_SOURCES) $(uu_server_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/test/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-gssapi_client$(EXEEXT): $(gssapi_client_OBJECTS) $(gssapi_client_DEPENDENCIES) 
-	@rm -f gssapi_client$(EXEEXT)
-	$(LINK) $(gssapi_client_LDFLAGS) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS)
-gssapi_server$(EXEEXT): $(gssapi_server_OBJECTS) $(gssapi_server_DEPENDENCIES) 
-	@rm -f gssapi_server$(EXEEXT)
-	$(LINK) $(gssapi_server_LDFLAGS) $(gssapi_server_OBJECTS) $(gssapi_server_LDADD) $(LIBS)
-nt_gss_client$(EXEEXT): $(nt_gss_client_OBJECTS) $(nt_gss_client_DEPENDENCIES) 
-	@rm -f nt_gss_client$(EXEEXT)
-	$(LINK) $(nt_gss_client_LDFLAGS) $(nt_gss_client_OBJECTS) $(nt_gss_client_LDADD) $(LIBS)
-nt_gss_server$(EXEEXT): $(nt_gss_server_OBJECTS) $(nt_gss_server_DEPENDENCIES) 
-	@rm -f nt_gss_server$(EXEEXT)
-	$(LINK) $(nt_gss_server_LDFLAGS) $(nt_gss_server_OBJECTS) $(nt_gss_server_LDADD) $(LIBS)
-tcp_client$(EXEEXT): $(tcp_client_OBJECTS) $(tcp_client_DEPENDENCIES) 
-	@rm -f tcp_client$(EXEEXT)
-	$(LINK) $(tcp_client_LDFLAGS) $(tcp_client_OBJECTS) $(tcp_client_LDADD) $(LIBS)
-tcp_server$(EXEEXT): $(tcp_server_OBJECTS) $(tcp_server_DEPENDENCIES) 
-	@rm -f tcp_server$(EXEEXT)
-	$(LINK) $(tcp_server_LDFLAGS) $(tcp_server_OBJECTS) $(tcp_server_LDADD) $(LIBS)
-uu_client$(EXEEXT): $(uu_client_OBJECTS) $(uu_client_DEPENDENCIES) 
-	@rm -f uu_client$(EXEEXT)
-	$(LINK) $(uu_client_LDFLAGS) $(uu_client_OBJECTS) $(uu_client_LDADD) $(LIBS)
-uu_server$(EXEEXT): $(uu_server_OBJECTS) $(uu_server_DEPENDENCIES) 
-	@rm -f uu_server$(EXEEXT)
-	$(LINK) $(uu_server_LDFLAGS) $(uu_server_OBJECTS) $(uu_server_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/test/Makefile.am b/crypto/heimdal/appl/test/Makefile.am
deleted file mode 100644
index 154b407644f8..000000000000
--- a/crypto/heimdal/appl/test/Makefile.am
+++ /dev/null
@@ -1,37 +0,0 @@
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
-	uu_server uu_client nt_gss_server nt_gss_client
-
-tcp_client_SOURCES = tcp_client.c common.c test_locl.h
-
-tcp_server_SOURCES = tcp_server.c common.c test_locl.h
-
-gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-uu_server_SOURCES = uu_server.c common.c test_locl.h
-
-uu_client_SOURCES = uu_client.c common.c test_locl.h
-
-gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-
-gssapi_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c common.c
-
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c
-
-nt_gss_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_server_LDADD = $(nt_gss_client_LDADD)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in
deleted file mode 100644
index 097ba7d34b8d..000000000000
--- a/crypto/heimdal/appl/test/Makefile.in
+++ /dev/null
@@ -1,670 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
-	uu_server uu_client nt_gss_server nt_gss_client
-
-
-tcp_client_SOURCES = tcp_client.c common.c test_locl.h
-
-tcp_server_SOURCES = tcp_server.c common.c test_locl.h
-
-gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-
-gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
-	gss_common.h test_locl.h
-
-
-uu_server_SOURCES = uu_server.c common.c test_locl.h
-
-uu_client_SOURCES = uu_client.c common.c test_locl.h
-
-gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
-
-gssapi_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c common.c
-
-nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c
-
-nt_gss_client_LDADD = $(gssapi_server_LDADD)
-
-nt_gss_server_LDADD = $(nt_gss_client_LDADD)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = appl/test
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-noinst_PROGRAMS = tcp_client$(EXEEXT) tcp_server$(EXEEXT) \
-	gssapi_server$(EXEEXT) gssapi_client$(EXEEXT) \
-	uu_server$(EXEEXT) uu_client$(EXEEXT) nt_gss_server$(EXEEXT) \
-	nt_gss_client$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-am_gssapi_client_OBJECTS = gssapi_client.$(OBJEXT) gss_common.$(OBJEXT) \
-	common.$(OBJEXT)
-gssapi_client_OBJECTS = $(am_gssapi_client_OBJECTS)
-gssapi_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-gssapi_client_LDFLAGS =
-am_gssapi_server_OBJECTS = gssapi_server.$(OBJEXT) gss_common.$(OBJEXT) \
-	common.$(OBJEXT)
-gssapi_server_OBJECTS = $(am_gssapi_server_OBJECTS)
-gssapi_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-gssapi_server_LDFLAGS =
-am_nt_gss_client_OBJECTS = nt_gss_client.$(OBJEXT) \
-	nt_gss_common.$(OBJEXT) common.$(OBJEXT)
-nt_gss_client_OBJECTS = $(am_nt_gss_client_OBJECTS)
-nt_gss_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-nt_gss_client_LDFLAGS =
-am_nt_gss_server_OBJECTS = nt_gss_server.$(OBJEXT) \
-	nt_gss_common.$(OBJEXT)
-nt_gss_server_OBJECTS = $(am_nt_gss_server_OBJECTS)
-nt_gss_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-nt_gss_server_LDFLAGS =
-am_tcp_client_OBJECTS = tcp_client.$(OBJEXT) common.$(OBJEXT)
-tcp_client_OBJECTS = $(am_tcp_client_OBJECTS)
-tcp_client_LDADD = $(LDADD)
-tcp_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-tcp_client_LDFLAGS =
-am_tcp_server_OBJECTS = tcp_server.$(OBJEXT) common.$(OBJEXT)
-tcp_server_OBJECTS = $(am_tcp_server_OBJECTS)
-tcp_server_LDADD = $(LDADD)
-tcp_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-tcp_server_LDFLAGS =
-am_uu_client_OBJECTS = uu_client.$(OBJEXT) common.$(OBJEXT)
-uu_client_OBJECTS = $(am_uu_client_OBJECTS)
-uu_client_LDADD = $(LDADD)
-uu_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-uu_client_LDFLAGS =
-am_uu_server_OBJECTS = uu_server.$(OBJEXT) common.$(OBJEXT)
-uu_server_OBJECTS = $(am_uu_server_OBJECTS)
-uu_server_LDADD = $(LDADD)
-uu_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-uu_server_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
-	$(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) \
-	$(tcp_client_SOURCES) $(tcp_server_SOURCES) \
-	$(uu_client_SOURCES) $(uu_server_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) $(nt_gss_client_SOURCES) $(nt_gss_server_SOURCES) $(tcp_client_SOURCES) $(tcp_server_SOURCES) $(uu_client_SOURCES) $(uu_server_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/test/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-gssapi_client$(EXEEXT): $(gssapi_client_OBJECTS) $(gssapi_client_DEPENDENCIES) 
-	@rm -f gssapi_client$(EXEEXT)
-	$(LINK) $(gssapi_client_LDFLAGS) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS)
-gssapi_server$(EXEEXT): $(gssapi_server_OBJECTS) $(gssapi_server_DEPENDENCIES) 
-	@rm -f gssapi_server$(EXEEXT)
-	$(LINK) $(gssapi_server_LDFLAGS) $(gssapi_server_OBJECTS) $(gssapi_server_LDADD) $(LIBS)
-nt_gss_client$(EXEEXT): $(nt_gss_client_OBJECTS) $(nt_gss_client_DEPENDENCIES) 
-	@rm -f nt_gss_client$(EXEEXT)
-	$(LINK) $(nt_gss_client_LDFLAGS) $(nt_gss_client_OBJECTS) $(nt_gss_client_LDADD) $(LIBS)
-nt_gss_server$(EXEEXT): $(nt_gss_server_OBJECTS) $(nt_gss_server_DEPENDENCIES) 
-	@rm -f nt_gss_server$(EXEEXT)
-	$(LINK) $(nt_gss_server_LDFLAGS) $(nt_gss_server_OBJECTS) $(nt_gss_server_LDADD) $(LIBS)
-tcp_client$(EXEEXT): $(tcp_client_OBJECTS) $(tcp_client_DEPENDENCIES) 
-	@rm -f tcp_client$(EXEEXT)
-	$(LINK) $(tcp_client_LDFLAGS) $(tcp_client_OBJECTS) $(tcp_client_LDADD) $(LIBS)
-tcp_server$(EXEEXT): $(tcp_server_OBJECTS) $(tcp_server_DEPENDENCIES) 
-	@rm -f tcp_server$(EXEEXT)
-	$(LINK) $(tcp_server_LDFLAGS) $(tcp_server_OBJECTS) $(tcp_server_LDADD) $(LIBS)
-uu_client$(EXEEXT): $(uu_client_OBJECTS) $(uu_client_DEPENDENCIES) 
-	@rm -f uu_client$(EXEEXT)
-	$(LINK) $(uu_client_LDFLAGS) $(uu_client_OBJECTS) $(uu_client_LDADD) $(LIBS)
-uu_server$(EXEEXT): $(uu_server_OBJECTS) $(uu_server_DEPENDENCIES) 
-	@rm -f uu_server$(EXEEXT)
-	$(LINK) $(uu_server_LDFLAGS) $(uu_server_OBJECTS) $(uu_server_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/test/common.c b/crypto/heimdal/appl/test/common.c
deleted file mode 100644
index 58b9fdf699d6..000000000000
--- a/crypto/heimdal/appl/test/common.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-
-RCSID("$Id: common.c,v 1.11 2000/08/27 04:29:34 assar Exp $");
-
-static int help_flag;
-static int version_flag;
-static char *port_str;
-static char *keytab_str;
-krb5_keytab keytab;
-char *service = SERVICE;
-int fork_flag;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "service", 's', arg_string, &service, "service to use", "service" },
-    { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" },
-    { "fork", 'f', arg_flag, &fork_flag, "do fork" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-server_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-static void
-client_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "host");
-    exit(code);
-}
-
-
-static int
-common_setup(krb5_context *context, int *argc, char **argv, 
-	     void (*usage)(int, struct getargs*, int))
-{
-    int port = 0;
-    *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
-
-    if(help_flag)
-	(*usage)(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str){
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, PORT, "tcp", 4711);
-    
-    return port;
-}
-
-int
-server_setup(krb5_context *context, int argc, char **argv)
-{
-    int port = common_setup(context, &argc, argv, server_usage);
-    krb5_error_code ret;
-
-    if(argv[argc] != NULL)
-	server_usage(1, args, num_args);
-    if (keytab_str != NULL)
-	ret = krb5_kt_resolve (*context, keytab_str, &keytab);
-    else
-	ret = krb5_kt_default (*context, &keytab);
-    if (ret)
-	krb5_err (*context, 1, ret, "krb5_kt_resolve/default");
-    return port;
-}
-
-int
-client_setup(krb5_context *context, int *argc, char **argv)
-{
-    int optind = *argc;
-    int port = common_setup(context, &optind, argv, client_usage);
-    if(*argc - optind != 1)
-	client_usage(1, args, num_args);
-    *argc = optind;
-    return port;
-}
-
-int
-client_doit (const char *hostname, int port, const char *service,
-	     int (*func)(int, const char *hostname, const char *service))
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) {
-	errx (1, "%s: %s", hostname, gai_strerror(error));
-	return -1;
-    }
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return (*func) (s, hostname, service);
-    }
-    warnx ("failed to contact %s", hostname);
-    freeaddrinfo (ai);
-    return 1;
-}
diff --git a/crypto/heimdal/appl/test/gss_common.c b/crypto/heimdal/appl/test/gss_common.c
deleted file mode 100644
index 4b5319a1f0b5..000000000000
--- a/crypto/heimdal/appl/test/gss_common.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-RCSID("$Id: gss_common.c,v 1.9 2000/11/15 23:05:27 assar Exp $");
-
-void
-write_token (int sock, gss_buffer_t buf)
-{
-    u_int32_t len, net_len;
-    OM_uint32 min_stat;
-
-    len = buf->length;
-
-    net_len = htonl(len);
-
-    if (net_write (sock, &net_len, 4) != 4)
-	err (1, "write");
-    if (net_write (sock, buf->value, len) != len)
-	err (1, "write");
-
-    gss_release_buffer (&min_stat, buf);
-}
-
-static void
-enet_read(int fd, void *buf, size_t len)
-{
-    ssize_t ret;
-
-    ret = net_read (fd, buf, len);
-    if (ret == 0)
-	errx (1, "EOF in read");
-    else if (ret < 0)
-	errx (1, "read");
-}
-
-void
-read_token (int sock, gss_buffer_t buf)
-{
-    u_int32_t len, net_len;
-
-    enet_read (sock, &net_len, 4);
-    len = ntohl(net_len);
-    buf->length = len;
-    buf->value  = emalloc(len);
-    enet_read (sock, buf->value, len);
-}
-
-void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	fprintf (stderr, "%s\n", (char *)status_string.value);
-	gss_release_buffer (&new_stat, &status_string);
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-void
-gss_verr(int exitval, int status, const char *fmt, va_list ap)
-{
-    vwarnx (fmt, ap);
-    gss_print_errors (status);
-    exit (exitval);
-}
-
-void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    gss_verr (exitval, status, fmt, args);
-    va_end(args);
-}
-
diff --git a/crypto/heimdal/appl/test/gss_common.h b/crypto/heimdal/appl/test/gss_common.h
deleted file mode 100644
index 775126b91b1c..000000000000
--- a/crypto/heimdal/appl/test/gss_common.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gss_common.h,v 1.5 1999/12/02 17:04:56 joda Exp $ */
-
-void write_token (int sock, gss_buffer_t buf);
-void read_token (int sock, gss_buffer_t buf);
-
-void gss_print_errors (int min_stat);
-
-void gss_verr(int exitval, int status, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 3, 0)));
-
-void gss_err(int exitval, int status, const char *fmt, ...)
-    __attribute__ ((format (printf, 3, 4)));
diff --git a/crypto/heimdal/appl/test/gssapi_client.c b/crypto/heimdal/appl/test/gssapi_client.c
deleted file mode 100644
index 126ce910b057..000000000000
--- a/crypto/heimdal/appl/test/gssapi_client.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-RCSID("$Id: gssapi_client.c,v 1.16 2000/08/09 20:53:06 assar Exp $");
-
-static int
-do_trans (int sock, gss_ctx_id_t context_hdl)
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-
-    /* get_mic */
-
-    input_token->length = 3;
-    input_token->value  = strdup("hej");
-
-    maj_stat = gss_get_mic(&min_stat,
-			   context_hdl,
-			   GSS_C_QOP_DEFAULT,
-			   input_token,
-			   output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_get_mic");
-
-    write_token (sock, input_token);
-    write_token (sock, output_token);
-
-    /* wrap */
-
-    input_token->length = 7;
-    input_token->value  = "hemligt";
-
-
-    maj_stat = gss_wrap (&min_stat,
-			 context_hdl,
-			 1,
-			 GSS_C_QOP_DEFAULT,
-			 input_token,
-			 NULL,
-			 output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_wrap");
-
-    write_token (sock, output_token);
-
-    return 0;
-}
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-
-    int context_established = 0;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t server;
-    gss_buffer_desc name_token;
-    struct gss_channel_bindings_struct input_chan_bindings;
-    u_char init_buf[4];
-    u_char acct_buf[4];
-
-    name_token.length = asprintf ((char **)&name_token.value,
-				  "%s@%s", service, hostname);
-
-    maj_stat = gss_import_name (&min_stat,
-				&name_token,
-				GSS_C_NT_HOSTBASED_SERVICE,
-				&server);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat,
-		 "Error importing name `%s@%s':\n", service, hostname);
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname(%s)", hostname);
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername(%s)", hostname);
-
-    input_token->length = 0;
-    output_token->length = 0;
-
-    input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
-    input_chan_bindings.initiator_address.length = 4;
-    init_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
-    init_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
-    init_buf[2] = (local.sin_addr.s_addr >>  8) & 0xFF;
-    init_buf[3] = (local.sin_addr.s_addr >>  0) & 0xFF;
-    input_chan_bindings.initiator_address.value = init_buf;
-
-    input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
-    input_chan_bindings.acceptor_address.length = 4;
-    acct_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
-    acct_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
-    acct_buf[2] = (remote.sin_addr.s_addr >>  8) & 0xFF;
-    acct_buf[3] = (remote.sin_addr.s_addr >>  0) & 0xFF;
-    input_chan_bindings.acceptor_address.value = acct_buf;
-    
-#if 0
-    input_chan_bindings.application_data.value = emalloc(4);
-    * (unsigned short*)input_chan_bindings.application_data.value = local.sin_port;
-    * ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port;
-    input_chan_bindings.application_data.length = 4;
-#else
-    input_chan_bindings.application_data.length = 0;
-    input_chan_bindings.application_data.value = NULL;
-#endif
-
-    while(!context_established) {
-	maj_stat =
-	    gss_init_sec_context(&min_stat,
-				 GSS_C_NO_CREDENTIAL,
-				 &context_hdl,
-				 server,
-				 GSS_C_NO_OID,
-				 GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
-				 | GSS_C_DELEG_FLAG,
-				 0,
-				 &input_chan_bindings,
-				 input_token,
-				 NULL,
-				 output_token,
-				 NULL,
-				 NULL);
-	if (GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_init_sec_context");
-	if (output_token->length != 0)
-	    write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    read_token (sock, input_token);
-	} else {
-	    context_established = 1;
-	}
-
-    }
-    if (fork_flag) {
-	pid_t pid;
-	int pipefd[2];
-
-	if (pipe (pipefd) < 0)
-	    err (1, "pipe");
-
-	pid = fork ();
-	if (pid < 0)
-	    err (1, "fork");
-	if (pid != 0) {
-	    gss_buffer_desc buf;
-
-	    maj_stat = gss_export_sec_context (&min_stat,
-					       &context_hdl,
-					       &buf);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_export_sec_context");
-	    write_token (pipefd[1], &buf);
-	    exit (0);
-	} else {
-	    gss_ctx_id_t context_hdl;
-	    gss_buffer_desc buf;
-
-	    close (pipefd[1]);
-	    read_token (pipefd[0], &buf);
-	    close (pipefd[0]);
-	    maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_import_sec_context");
-	    gss_release_buffer (&min_stat, &buf);
-	    return do_trans (sock, context_hdl);
-	}
-    } else {
-	return do_trans (sock, context_hdl);
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context; /* XXX */
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/gssapi_server.c b/crypto/heimdal/appl/test/gssapi_server.c
deleted file mode 100644
index 3d4affd2387c..000000000000
--- a/crypto/heimdal/appl/test/gssapi_server.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "gss_common.h"
-RCSID("$Id: gssapi_server.c,v 1.15 2000/08/09 20:53:07 assar Exp $");
-
-static int
-process_it(int sock,
-	   gss_ctx_id_t context_hdl,
-	   gss_name_t client_name
-	   )
-{
-    OM_uint32 maj_stat, min_stat;
-    gss_buffer_desc name_token;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-
-    maj_stat = gss_display_name (&min_stat,
-				 client_name,
-				 &name_token,
-				 NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_display_name");
-
-    fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
-	    (char *)name_token.value);
-
-    gss_release_buffer (&min_stat, &name_token);
-
-    /* gss_verify_mic */
-
-    read_token (sock, input_token);
-    read_token (sock, output_token);
-
-    maj_stat = gss_verify_mic (&min_stat,
-			       context_hdl,
-			       input_token,
-			       output_token,
-			       NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_verify_mic");
-
-    fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
-	    (char *)input_token->value);
-
-    gss_release_buffer (&min_stat, input_token);
-    gss_release_buffer (&min_stat, output_token);
-
-    /* gss_unwrap */
-
-    read_token (sock, input_token);
-
-    maj_stat = gss_unwrap (&min_stat,
-			   context_hdl,
-			   input_token,
-			   output_token,
-			   NULL,
-			   NULL);
-    if(GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_unwrap");
-
-    fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
-	    (char *)output_token->value);
-
-    gss_release_buffer (&min_stat, input_token);
-    gss_release_buffer (&min_stat, output_token);
-
-    return 0;
-}
-
-static int
-proto (int sock, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_desc real_input_token, real_output_token;
-    gss_buffer_t input_token = &real_input_token,
-	output_token = &real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    struct gss_channel_bindings_struct input_chan_bindings;
-    gss_cred_id_t delegated_cred_handle = NULL;
-    krb5_ccache ccache;
-    u_char init_buf[4];
-    u_char acct_buf[4];
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname)");
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername");
-
-    input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
-    input_chan_bindings.initiator_address.length = 4;
-    init_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
-    init_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
-    init_buf[2] = (remote.sin_addr.s_addr >>  8) & 0xFF;
-    init_buf[3] = (remote.sin_addr.s_addr >>  0) & 0xFF;
-
-    input_chan_bindings.initiator_address.value = init_buf;
-    input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
-
-    input_chan_bindings.acceptor_address.length = 4;
-    acct_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
-    acct_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
-    acct_buf[2] = (local.sin_addr.s_addr >>  8) & 0xFF;
-    acct_buf[3] = (local.sin_addr.s_addr >>  0) & 0xFF;
-    input_chan_bindings.acceptor_address.value = acct_buf;
-    input_chan_bindings.application_data.value = emalloc(4);
-#if 0
-    * (unsigned short *)input_chan_bindings.application_data.value =
-                          remote.sin_port;
-    * ((unsigned short *)input_chan_bindings.application_data.value + 1) =
-                          local.sin_port;
-    input_chan_bindings.application_data.length = 4;
-#else
-    input_chan_bindings.application_data.length = 0;
-    input_chan_bindings.application_data.value = NULL;
-#endif
-    
-    delegated_cred_handle = emalloc(sizeof(*delegated_cred_handle));
-    memset((char*)delegated_cred_handle, 0, sizeof(*delegated_cred_handle));
-    
-    do {
-	read_token (sock, input_token);
-	maj_stat =
-	    gss_accept_sec_context (&min_stat,
-				    &context_hdl,
-				    GSS_C_NO_CREDENTIAL,
-				    input_token,
-				    &input_chan_bindings,
-				    &client_name,
-				    NULL,
-				    output_token,
-				    NULL,
-				    NULL,
-				    /*&delegated_cred_handle*/ NULL);
-	if(GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_accept_sec_context");
-	if (output_token->length != 0)
-	    write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-    } while(maj_stat & GSS_S_CONTINUE_NEEDED);
-    
-    if (delegated_cred_handle->ccache) {
-       krb5_context context;
-
-       maj_stat = krb5_init_context(&context);
-       maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
-       maj_stat = krb5_cc_copy_cache(context,
-                                      delegated_cred_handle->ccache, ccache);
-       krb5_cc_close(context, ccache);
-       krb5_cc_destroy(context, delegated_cred_handle->ccache);
-    }
-
-    if (fork_flag) {
-	pid_t pid;
-	int pipefd[2];
-
-	if (pipe (pipefd) < 0)
-	    err (1, "pipe");
-
-	pid = fork ();
-	if (pid < 0)
-	    err (1, "fork");
-	if (pid != 0) {
-	    gss_buffer_desc buf;
-
-	    maj_stat = gss_export_sec_context (&min_stat,
-					       &context_hdl,
-					       &buf);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_export_sec_context");
-	    write_token (pipefd[1], &buf);
-	    exit (0);
-	} else {
-	    gss_ctx_id_t context_hdl;
-	    gss_buffer_desc buf;
-
-	    close (pipefd[1]);
-	    read_token (pipefd[0], &buf);
-	    close (pipefd[0]);
-	    maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
-	    if (GSS_ERROR(maj_stat))
-		gss_err (1, min_stat, "gss_import_sec_context");
-	    gss_release_buffer (&min_stat, &buf);
-	    return process_it (sock, context_hdl, client_name);
-	}
-    } else {
-	return process_it (sock, context_hdl, client_name);
-    }
-}
-
-static int
-doit (int port, const char *service)
-{
-    int sock, sock2;
-    struct sockaddr_in my_addr;
-    int one = 1;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    memset (&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family      = AF_INET;
-    my_addr.sin_port        = port;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
-		    (void *)&one, sizeof(one)) < 0)
-	warn ("setsockopt SO_REUSEADDR");
-
-    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
-	err (1, "bind");
-
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
-
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
-
-    return proto (sock2, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context = NULL; /* XXX */
-    int port = server_setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/test/nt_gss_client.c b/crypto/heimdal/appl/test/nt_gss_client.c
deleted file mode 100644
index 4fabd662b158..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_client.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "nt_gss_common.h"
-
-RCSID("$Id: nt_gss_client.c,v 1.4 2000/08/09 20:53:07 assar Exp $");
-
-/*
- * This program tries to act as a client for the sample in `Sample
- * SSPI Code' in Windows 2000 RC1 SDK.
- */
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-
-    int context_established = 0;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_t input_token, output_token;
-    gss_buffer_desc real_input_token, real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t server;
-    gss_buffer_desc name_token;
-
-    name_token.length = asprintf ((char **)&name_token.value,
-				  "%s@%s", service, hostname);
-
-    maj_stat = gss_import_name (&min_stat,
-				&name_token,
-				GSS_C_NT_HOSTBASED_SERVICE,
-				&server);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat,
-		 "Error importing name `%s@%s':\n", service, hostname);
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname(%s)", hostname);
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername(%s)", hostname);
-
-    input_token = &real_input_token;
-    output_token = &real_output_token;
-
-    input_token->length = 0;
-    output_token->length = 0;
-
-    while(!context_established) {
-	maj_stat =
-	    gss_init_sec_context(&min_stat,
-				 GSS_C_NO_CREDENTIAL,
-				 &context_hdl,
-				 server,
-				 GSS_C_NO_OID,
-				 GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
-				 0,
-				 GSS_C_NO_CHANNEL_BINDINGS,
-				 input_token,
-				 NULL,
-				 output_token,
-				 NULL,
-				 NULL);
-	if (GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_init_sec_context");
-	if (output_token->length != 0)
-	    nt_write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-	if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-	    nt_read_token (sock, input_token);
-	} else {
-	    context_established = 1;
-	}
-
-    }
-
-    /* get_mic */
-
-    input_token->length = 3;
-    input_token->value  = strdup("hej");
-
-    maj_stat = gss_get_mic(&min_stat,
-			   context_hdl,
-			   GSS_C_QOP_DEFAULT,
-			   input_token,
-			   output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_get_mic");
-
-    nt_write_token (sock, input_token);
-    nt_write_token (sock, output_token);
-
-    /* wrap */
-
-    input_token->length = 7;
-    input_token->value  = "hemligt";
-
-
-    maj_stat = gss_wrap (&min_stat,
-			 context_hdl,
-			 1,
-			 GSS_C_QOP_DEFAULT,
-			 input_token,
-			 NULL,
-			 output_token);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_wrap");
-
-    nt_write_token (sock, output_token);
-
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context; /* XXX */
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/nt_gss_common.c b/crypto/heimdal/appl/test/nt_gss_common.c
deleted file mode 100644
index ab10355a054d..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_common.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include "nt_gss_common.h"
-
-RCSID("$Id: nt_gss_common.c,v 1.3 1999/12/02 17:04:57 joda Exp $");
-
-/*
- * These are functions that are needed to interoperate with the
- * `Sample SSPI Code' in Windows 2000 RC1 SDK.
- */
-
-/*
- * Write the `gss_buffer_t' in `buf' onto the fd `sock', but remember that 
- * the length is written in little-endian-order.
- */
-
-void
-nt_write_token (int sock, gss_buffer_t buf)
-{
-    unsigned char net_len[4];
-    u_int32_t len;
-    OM_uint32 min_stat;
-
-    len = buf->length;
-
-    net_len[0] = (len >>  0) & 0xFF;
-    net_len[1] = (len >>  8) & 0xFF;
-    net_len[2] = (len >> 16) & 0xFF;
-    net_len[3] = (len >> 24) & 0xFF;
-
-    if (write (sock, net_len, 4) != 4)
-	err (1, "write");
-    if (write (sock, buf->value, len) != len)
-	err (1, "write");
-
-    gss_release_buffer (&min_stat, buf);
-}
-
-/*
- *
- */
-
-void
-nt_read_token (int sock, gss_buffer_t buf)
-{
-    unsigned char net_len[4];
-    u_int32_t len;
-
-    if (read(sock, net_len, 4) != 4)
-	err (1, "read");
-    len = (net_len[0] <<  0)
-	| (net_len[1] <<  8)
-	| (net_len[2] << 16)
-	| (net_len[3] << 24);
-
-    buf->length = len;
-    buf->value  = malloc(len);
-    if (read (sock, buf->value, len) != len)
-	err (1, "read");
-}
-
-void
-gss_print_errors (int min_stat)
-{
-    OM_uint32 new_stat;
-    OM_uint32 msg_ctx = 0;
-    gss_buffer_desc status_string;
-    OM_uint32 ret;
-
-    do {
-	ret = gss_display_status (&new_stat,
-				  min_stat,
-				  GSS_C_MECH_CODE,
-				  GSS_C_NO_OID,
-				  &msg_ctx,
-				  &status_string);
-	fprintf (stderr, "%s\n", (char *)status_string.value);
-	gss_release_buffer (&new_stat, &status_string);
-    } while (!GSS_ERROR(ret) && msg_ctx != 0);
-}
-
-void
-gss_verr(int exitval, int status, const char *fmt, va_list ap)
-{
-    vwarnx (fmt, ap);
-    gss_print_errors (status);
-    exit (exitval);
-}
-
-void
-gss_err(int exitval, int status, const char *fmt, ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    gss_verr (exitval, status, fmt, args);
-    va_end(args);
-}
diff --git a/crypto/heimdal/appl/test/nt_gss_common.h b/crypto/heimdal/appl/test/nt_gss_common.h
deleted file mode 100644
index 07428ddcd912..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_common.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: nt_gss_common.h,v 1.2 1999/12/02 17:04:57 joda Exp $ */
-
-void nt_write_token (int sock, gss_buffer_t buf);
-void nt_read_token (int sock, gss_buffer_t buf);
-
-void gss_print_errors (int min_stat);
-
-void gss_verr(int exitval, int status, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 3, 0)));
-
-void gss_err(int exitval, int status, const char *fmt, ...)
-    __attribute__ ((format (printf, 3, 4)));
diff --git a/crypto/heimdal/appl/test/nt_gss_server.c b/crypto/heimdal/appl/test/nt_gss_server.c
deleted file mode 100644
index 05b6bcb9929f..000000000000
--- a/crypto/heimdal/appl/test/nt_gss_server.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-#include <gssapi.h>
-#include <krb5.h>
-#include "nt_gss_common.h"
-
-RCSID("$Id: nt_gss_server.c,v 1.5 2000/08/09 20:53:07 assar Exp $");
-
-/*
- * This program tries to act as a server for the sample in `Sample
- * SSPI Code' in Windows 2000 RC1 SDK.
- *
- * use --dump-auth to get a binary dump of the authorization data in the ticket
- */
-
-static int help_flag;
-static int version_flag;
-static char *port_str;
-char *service = SERVICE;
-static char *auth_file;
-
-static struct getargs args[] = {
-    { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
-    { "service", 's', arg_string, &service, "service to use", "service" },
-    { "dump-auth", 0, arg_string, &auth_file, "dump authorization data",
-      "file" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static int
-proto (int sock, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-    gss_buffer_t input_token, output_token;
-    gss_buffer_desc real_input_token, real_output_token;
-    OM_uint32 maj_stat, min_stat;
-    gss_name_t client_name;
-    gss_buffer_desc name_token;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname)");
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername");
-
-    input_token = &real_input_token;
-    output_token = &real_output_token;
-
-    do {
-	nt_read_token (sock, input_token);
-	maj_stat =
-	    gss_accept_sec_context (&min_stat,
-				    &context_hdl,
-				    GSS_C_NO_CREDENTIAL,
-				    input_token,
-				    GSS_C_NO_CHANNEL_BINDINGS,
-				    &client_name,
-				    NULL,
-				    output_token,
-				    NULL,
-				    NULL,
-				    NULL);
-	if(GSS_ERROR(maj_stat))
-	    gss_err (1, min_stat, "gss_accept_sec_context");
-	if (output_token->length != 0)
-	    nt_write_token (sock, output_token);
-	if (GSS_ERROR(maj_stat)) {
-	    if (context_hdl != GSS_C_NO_CONTEXT)
-		gss_delete_sec_context (&min_stat,
-					&context_hdl,
-					GSS_C_NO_BUFFER);
-	    break;
-	}
-    } while(maj_stat & GSS_S_CONTINUE_NEEDED);
-
-    if (auth_file != NULL) {
-	int fd = open (auth_file, O_WRONLY | O_CREAT, 0666);
-	krb5_ticket *ticket = context_hdl->ticket;
-	krb5_data *data = &ticket->ticket.authorization_data->val[0].ad_data;
-
-	if(fd < 0)
-	    err (1, "open %s", auth_file);
-	if (write (fd, data->data, data->length) != data->length)
-	    errx (1, "write to %s failed", auth_file);
-	if (close (fd))
-	    err (1, "close %s", auth_file);
-    }
-
-    maj_stat = gss_display_name (&min_stat,
-				 client_name,
-				 &name_token,
-				 NULL);
-    if (GSS_ERROR(maj_stat))
-	gss_err (1, min_stat, "gss_display_name");
-
-    fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
-	    (char *)name_token.value);
-
-    /* write something back */
-
-    output_token->value  = strdup ("hejsan");
-    output_token->length = strlen (output_token->value) + 1;
-    nt_write_token (sock, output_token);
-
-    output_token->value  = strdup ("hoppsan");
-    output_token->length = strlen (output_token->value) + 1;
-    nt_write_token (sock, output_token);
-
-    return 0;
-}
-
-static int
-doit (int port, const char *service)
-{
-    int sock, sock2;
-    struct sockaddr_in my_addr;
-    int one = 1;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    memset (&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family      = AF_INET;
-    my_addr.sin_port        = port;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
-		    (void *)&one, sizeof(one)) < 0)
-	warn ("setsockopt SO_REUSEADDR");
-
-    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
-	err (1, "bind");
-
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
-
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
-
-    return proto (sock2, service);
-}
-
-static void
-usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-static int
-common_setup(krb5_context *context, int *argc, char **argv, 
-	     void (*usage)(int, struct getargs*, int))
-{
-    int port = 0;
-    *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
-
-    if(help_flag)
-	(*usage)(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(port_str){
-	struct servent *s = roken_getservbyname(port_str, "tcp");
-	if(s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		errx (1, "Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
-    if (port == 0)
-	port = krb5_getportbyname (*context, PORT, "tcp", 4711);
-    
-    return port;
-}
-
-static int
-setup(krb5_context *context, int argc, char **argv)
-{
-    int port = common_setup(context, &argc, argv, usage);
-    if(argv[argc] != NULL)
-	usage(1, args, num_args);
-    return port;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context = NULL; /* XXX */
-    int port = setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/test/tcp_client.c b/crypto/heimdal/appl/test/tcp_client.c
deleted file mode 100644
index 7affc432a194..000000000000
--- a/crypto/heimdal/appl/test/tcp_client.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: tcp_client.c,v 1.15 1999/12/16 10:30:17 assar Exp $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_data data;
-    krb5_data packet;
-    u_int32_t len, net_len;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_init");
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status)
-	krb5_err (context, 1, status, "krb5_sname_to_principal");
-
-    status = krb5_sendauth (context,
-			    &auth_context,
-			    &sock,
-			    VERSION,
-			    NULL,
-			    server,
-			    AP_OPTS_MUTUAL_REQUIRED,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL,
-			    NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_sendauth");
-
-    data.data   = "hej";
-    data.length = 3;
-
-    krb5_data_zero (&packet);
-
-    status = krb5_mk_safe (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_mk_safe");
-
-    len = packet.length;
-    net_len = htonl(len);
-
-    if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-	err (1, "krb5_net_write");
-    if (krb5_net_write (context, &sock, packet.data, len) != len)
-	err (1, "krb5_net_write");
-
-    data.data   = "hemligt";
-    data.length = 7;
-
-    krb5_data_free (&packet);
-
-    status = krb5_mk_priv (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_mk_priv");
-
-    len = packet.length;
-    net_len = htonl(len);
-
-    if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-	err (1, "krb5_net_write");
-    if (krb5_net_write (context, &sock, packet.data, len) != len)
-	err (1, "krb5_net_write");
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/tcp_server.c b/crypto/heimdal/appl/test/tcp_server.c
deleted file mode 100644
index 4469c5850e1e..000000000000
--- a/crypto/heimdal/appl/test/tcp_server.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: tcp_server.c,v 1.16 1999/12/16 10:31:08 assar Exp $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *service)
-{
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal server;
-    krb5_ticket *ticket;
-    char *name;
-    char hostname[MAXHOSTNAMELEN];
-    krb5_data packet;
-    krb5_data data;
-    u_int32_t len, net_len;
-    ssize_t n;
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_init");
-
-    status = krb5_auth_con_setaddrs_from_fd (context,
-					     auth_context,
-					     &sock);
-
-    if (status)
-	krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
-
-    if(gethostname (hostname, sizeof(hostname)) < 0)
-	krb5_err (context, 1, errno, "gethostname");
-
-    status = krb5_sname_to_principal (context,
-				      hostname,
-				      service,
-				      KRB5_NT_SRV_HST,
-				      &server);
-    if (status)
-	krb5_err (context, 1, status, "krb5_sname_to_principal");
-
-    status = krb5_recvauth (context,
-			    &auth_context,
-			    &sock,
-			    VERSION,
-			    server,
-			    0,
-			    NULL,
-			    &ticket);
-    if (status)
-	krb5_err (context, 1, status, "krb5_recvauth");
-
-    status = krb5_unparse_name (context,
-				ticket->client,
-				&name);
-    if (status)
-	krb5_err (context, 1, status, "krb5_unparse_name");
-
-    fprintf (stderr, "User is `%s'\n", name);
-    free (name);
-
-    krb5_data_zero (&data);
-    krb5_data_zero (&packet);
-
-    n = krb5_net_read (context, &sock, &net_len, 4);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-
-    len = ntohl(net_len);
-
-    krb5_data_alloc (&packet, len);
-
-    n = krb5_net_read (context, &sock, packet.data, len);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-    
-    status = krb5_rd_safe (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_rd_safe");
-
-    fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    n = krb5_net_read (context, &sock, &net_len, 4);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-
-    len = ntohl(net_len);
-
-    krb5_data_alloc (&packet, len);
-
-    n = krb5_net_read (context, &sock, packet.data, len);
-    if (n == 0)
-	krb5_errx (context, 1, "EOF in krb5_net_read");
-    if (n < 0)
-	krb5_err (context, 1, errno, "krb5_net_read");
-    
-    status = krb5_rd_priv (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	krb5_err (context, 1, status, "krb5_rd_priv");
-
-    fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    return 0;
-}
-
-static int
-doit (int port, const char *service)
-{
-    mini_inetd (port);
-
-    return proto (STDIN_FILENO, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = server_setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/test/test_locl.h b/crypto/heimdal/appl/test/test_locl.h
deleted file mode 100644
index 56f874574f46..000000000000
--- a/crypto/heimdal/appl/test/test_locl.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: test_locl.h,v 1.9 2000/08/27 04:29:54 assar Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <errno.h>
-#include <roken.h>
-#include <getarg.h>
-#include <err.h>
-#include <krb5.h>
-
-#define SERVICE "test"
-
-#define PORT "test"
-
-extern char *service;
-extern krb5_keytab keytab;
-extern int fork_flag;
-int server_setup(krb5_context*, int, char**);
-int client_setup(krb5_context*, int*, char**);
-int client_doit (const char *hostname, int port, const char *service,
-		 int (*func)(int, const char *hostname, const char *service));
diff --git a/crypto/heimdal/appl/test/uu_client.c b/crypto/heimdal/appl/test/uu_client.c
deleted file mode 100644
index fae5bcbdb198..000000000000
--- a/crypto/heimdal/appl/test/uu_client.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: uu_client.c,v 1.7 2000/12/31 07:41:39 assar Exp $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *hostname, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    krb5_address remote_addr, local_addr;
-    krb5_context context;
-    krb5_ccache ccache;
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_principal client;
-    krb5_data data;
-    krb5_data packet;
-    krb5_creds mcred, cred;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname(%s)", hostname);
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername(%s)", hostname);
-
-    status = krb5_init_context(&context);
-    if (status)
-	errx(1, "krb5_init_context failed: %d", status);
-
-    status = krb5_cc_default (context, &ccache);
-    if (status)
-	krb5_err(context, 1, status, "krb5_cc_default");
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_init");
-
-    local_addr.addr_type = AF_INET;
-    local_addr.address.length = sizeof(local.sin_addr);
-    local_addr.address.data   = &local.sin_addr;
-
-    remote_addr.addr_type = AF_INET;
-    remote_addr.address.length = sizeof(remote.sin_addr);
-    remote_addr.address.data   = &remote.sin_addr;
-
-    status = krb5_auth_con_setaddrs (context,
-				     auth_context,
-				     &local_addr,
-				     &remote_addr);
-    if (status)
-	krb5_err(context, 1, status, "krb5_auth_con_setaddr");
-
-    status = krb5_cc_get_principal(context, ccache, &client);
-    if(status)
-	krb5_err(context, 1, status, "krb5_cc_get_principal");
-    status = krb5_make_principal(context, &mcred.server,
-				 *krb5_princ_realm(context, client), 
-				 "krbtgt", 
-				 *krb5_princ_realm(context, client),
-				 NULL);
-    if(status)
-	krb5_err(context, 1, status, "krb5_make_principal");
-    
-    status = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
-    if(status)
-	krb5_err(context, 1, status, "krb5_cc_retrieve_cred");
-
-    {
-	char *client_name;
-	krb5_data data;
-	status = krb5_unparse_name(context, cred.client, &client_name);
-	if(status)
-	    krb5_err(context, 1, status, "krb5_unparse_name");
-	data.data = client_name;
-	data.length = strlen(client_name) + 1;
-	status = krb5_write_message(context, &sock, &data);
-	if(status)
-	    krb5_err(context, 1, status, "krb5_write_message");
-	free(client_name);
-    }
-
-    status = krb5_write_message(context, &sock, &cred.ticket);
-    if(status)
-	krb5_err(context, 1, status, "krb5_write_message");
-
-    status = krb5_auth_con_setuserkey(context, auth_context, &cred.session);
-    if(status)
-	krb5_err(context, 1, status, "krb5_auth_con_setuserkey");
-    
-    status = krb5_recvauth(context, &auth_context, &sock, 
-			   VERSION, client, 0, NULL, NULL);
-
-    if (status)
-	krb5_err(context, 1, status, "krb5_recvauth");
-    
-    data.data   = "hej";
-    data.length = 3;
-
-    krb5_data_zero (&packet);
-
-    status = krb5_mk_safe (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err(context, 1, status, "krb5_mk_safe");
-
-    status = krb5_write_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_write_message");
-
-    data.data   = "hemligt";
-    data.length = 7;
-
-    krb5_data_free (&packet);
-
-    status = krb5_mk_priv (context,
-			   auth_context,
-			   &data,
-			   &packet,
-			   NULL);
-    if (status)
-	krb5_err(context, 1, status, "krb5_mk_priv");
-
-    status = krb5_write_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_write_message");
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = client_setup(&context, &argc, argv);
-    return client_doit (argv[argc], port, service, proto);
-}
diff --git a/crypto/heimdal/appl/test/uu_server.c b/crypto/heimdal/appl/test/uu_server.c
deleted file mode 100644
index 34a0927795b6..000000000000
--- a/crypto/heimdal/appl/test/uu_server.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "test_locl.h"
-RCSID("$Id: uu_server.c,v 1.7 2000/08/09 20:53:08 assar Exp $");
-
-krb5_context context;
-
-static int
-proto (int sock, const char *service)
-{
-    struct sockaddr_in remote, local;
-    socklen_t addrlen;
-    krb5_address remote_addr, local_addr;
-    krb5_ccache ccache;
-    krb5_auth_context auth_context;
-    krb5_error_code status;
-    krb5_data packet;
-    krb5_data data;
-    krb5_data client_name;
-    krb5_creds in_creds, *out_creds;
-
-    addrlen = sizeof(local);
-    if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
-	|| addrlen != sizeof(local))
-	err (1, "getsockname)");
-
-    addrlen = sizeof(remote);
-    if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
-	|| addrlen != sizeof(remote))
-	err (1, "getpeername");
-
-    status = krb5_auth_con_init (context, &auth_context);
-    if (status)
-	errx (1, "krb5_auth_con_init: %s",
-	      krb5_get_err_text(context, status));
-
-    local_addr.addr_type = AF_INET;
-    local_addr.address.length = sizeof(local.sin_addr);
-    local_addr.address.data   = &local.sin_addr;
-
-    remote_addr.addr_type = AF_INET;
-    remote_addr.address.length = sizeof(remote.sin_addr);
-    remote_addr.address.data   = &remote.sin_addr;
-
-    status = krb5_auth_con_setaddrs (context,
-				     auth_context,
-				     &local_addr,
-				     &remote_addr);
-    if (status)
-	errx (1, "krb5_auth_con_setaddr: %s",
-	      krb5_get_err_text(context, status));
-
-    status = krb5_read_message(context, &sock, &client_name);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    
-    memset(&in_creds, 0, sizeof(in_creds));
-    status = krb5_cc_default(context, &ccache);
-    status = krb5_cc_get_principal(context, ccache, &in_creds.client);
-
-    status = krb5_read_message(context, &sock, &in_creds.second_ticket);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-
-    status = krb5_parse_name(context, client_name.data, &in_creds.server);
-    if(status)
-	krb5_err(context, 1, status, "krb5_parse_name");
-    
-    status = krb5_get_credentials(context, KRB5_GC_USER_USER, ccache, 
-				  &in_creds, &out_creds);
-    if(status)
-	krb5_err(context, 1, status, "krb5_get_credentials");
-
-    status = krb5_cc_default(context, &ccache);
-
-    status = krb5_sendauth(context, 
-			   &auth_context,
-			   &sock, 
-			   VERSION, 
-			   in_creds.client,
-			   in_creds.server,
-			   AP_OPTS_USE_SESSION_KEY,
-			   NULL,
-			   out_creds,
-			   ccache,
-			   NULL,
-			   NULL,
-			   NULL);
-			   
-    if (status)
-	krb5_err(context, 1, status, "krb5_sendauth");
-    
-    fprintf (stderr, "User is `%.*s'\n", (int)client_name.length,
-	    (char *)client_name.data);
-
-    krb5_data_zero (&data);
-    krb5_data_zero (&packet);
-
-    status = krb5_read_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    
-    status = krb5_rd_safe (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	errx (1, "krb5_rd_safe: %s",
-	      krb5_get_err_text(context, status));
-
-    fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    status = krb5_read_message(context, &sock, &packet);
-    if(status)
-	krb5_err(context, 1, status, "krb5_read_message");
-    
-    status = krb5_rd_priv (context,
-			   auth_context,
-			   &packet,
-			   &data,
-			   NULL);
-    if (status)
-	errx (1, "krb5_rd_priv: %s",
-	      krb5_get_err_text(context, status));
-
-    fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
-	    (char *)data.data);
-
-    return 0;
-}
-
-static int
-doit (int port, const char *service)
-{
-    int sock, sock2;
-    struct sockaddr_in my_addr;
-    int one = 1;
-
-    sock = socket (AF_INET, SOCK_STREAM, 0);
-    if (sock < 0)
-	err (1, "socket");
-
-    memset (&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family      = AF_INET;
-    my_addr.sin_port        = port;
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, 
-		    (void *)&one, sizeof(one)) < 0)
-	warn ("setsockopt SO_REUSEADDR");
-
-    if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
-	err (1, "bind");
-
-    if (listen (sock, 1) < 0)
-	err (1, "listen");
-
-    sock2 = accept (sock, NULL, NULL);
-    if (sock2 < 0)
-	err (1, "accept");
-
-    return proto (sock2, service);
-}
-
-int
-main(int argc, char **argv)
-{
-    int port = server_setup(&context, argc, argv);
-    return doit (port, service);
-}
diff --git a/crypto/heimdal/appl/xnlock/ChangeLog b/crypto/heimdal/appl/xnlock/ChangeLog
deleted file mode 100644
index 13863a3d549b..000000000000
--- a/crypto/heimdal/appl/xnlock/ChangeLog
+++ /dev/null
@@ -1,76 +0,0 @@
-2002-08-23  Assar Westerlund  <assar@kth.se>
-
-	* xnlock.c: add --version as a special case
-
-2001-06-24  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c (verify_krb5): remove unused variable
-
-2001-03-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* xnlock.c: don't explicitly set the krb4 ticket file
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c (main): handle krb5_init_context failure consistently
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: use conditional for X
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c (verfiy_krb5): get the v4-realm from the v5-ticket and
-	not from the default one.
-	* xnlock.c (verify_krb5): add obtainting of v4 tickets.
-
-1999-11-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: only build when we have X11.  From: Simon Josefsson
- 	<jas@pdc.kth.se>
-
-Thu Mar 18 11:21:44 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Wed Mar 17 23:35:51 1999  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c (verify): use KRB_VERIFY_SECURE instead of 1
-
-Tue Mar 16 22:29:14 1999  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c: krb_verify_user_multiple -> krb_verify_user
-
-Thu Mar 11 14:59:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* xnlock.c: add some if-braces to keep gcc happy
-
-Sun Nov 22 10:36:45 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Wed Jul  8 01:37:37 1998  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c (main): create place-holder ticket file with
- 	open(O_EXCL | O_CREAT) instead of creat
-
-Sat Mar 28 12:53:46 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (install, uninstall): transform the man page
-
-Tue Mar 24 05:20:34 1998  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c: remove redundant preprocessor stuff
-
-Sat Mar 21 14:36:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c (init_words): recognize both `-p' and `-prog'
-
-Sat Feb  7 10:08:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* xnlock.c: Don't use REALM_SZ + 1, just REALM_SZ
-
-Sat Nov 29 04:58:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* xnlock.c: Make it build w/o krb4.
-
diff --git a/crypto/heimdal/appl/xnlock/Makefile b/crypto/heimdal/appl/xnlock/Makefile
deleted file mode 100644
index 6276ea6baf02..000000000000
--- a/crypto/heimdal/appl/xnlock/Makefile
+++ /dev/null
@@ -1,659 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# appl/xnlock/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = xnlock
-#bin_PROGRAMS = 
-
-man_MANS = xnlock.1
-
-EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \
-	nose.down nose.front nose.left.front nose.right.front
-
-
-LDADD = \
-	$(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS)
-
-subdir = appl/xnlock
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = xnlock$(EXEEXT)
-#bin_PROGRAMS =
-PROGRAMS = $(bin_PROGRAMS)
-
-xnlock_SOURCES = xnlock.c
-xnlock_OBJECTS = xnlock.$(OBJEXT)
-xnlock_LDADD = $(LDADD)
-xnlock_DEPENDENCIES = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-#xnlock_DEPENDENCIES =
-#xnlock_DEPENDENCIES = \
-#	$(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-##xnlock_DEPENDENCIES = \
-##	$(top_builddir)/lib/kafs/libkafs.la
-xnlock_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = xnlock.c
-MANS = $(man_MANS)
-DIST_COMMON = README ChangeLog Makefile.am Makefile.in
-SOURCES = xnlock.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/xnlock/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-xnlock$(EXEEXT): $(xnlock_OBJECTS) $(xnlock_DEPENDENCIES) 
-	@rm -f xnlock$(EXEEXT)
-	$(LINK) $(xnlock_LDFLAGS) $(xnlock_OBJECTS) $(xnlock_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/xnlock/Makefile.am b/crypto/heimdal/appl/xnlock/Makefile.am
deleted file mode 100644
index a8e6440a93cd..000000000000
--- a/crypto/heimdal/appl/xnlock/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-if HAVE_X
-
-bin_PROGRAMS = xnlock
-
-else
-
-bin_PROGRAMS =
-
-endif
-
-man_MANS = xnlock.1
-
-EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \
-	nose.down nose.front nose.left.front nose.right.front
-
-LDADD = \
-	$(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS)
diff --git a/crypto/heimdal/appl/xnlock/Makefile.in b/crypto/heimdal/appl/xnlock/Makefile.in
deleted file mode 100644
index 9ea65a786e75..000000000000
--- a/crypto/heimdal/appl/xnlock/Makefile.in
+++ /dev/null
@@ -1,659 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@HAVE_X_TRUE@bin_PROGRAMS = xnlock
-@HAVE_X_FALSE@bin_PROGRAMS = 
-
-man_MANS = xnlock.1
-
-EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \
-	nose.down nose.front nose.left.front nose.right.front
-
-
-LDADD = \
-	$(LIB_kafs) \
-	$(LIB_krb5) \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS)
-
-subdir = appl/xnlock
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-@HAVE_X_TRUE@bin_PROGRAMS = xnlock$(EXEEXT)
-@HAVE_X_FALSE@bin_PROGRAMS =
-PROGRAMS = $(bin_PROGRAMS)
-
-xnlock_SOURCES = xnlock.c
-xnlock_OBJECTS = xnlock.$(OBJEXT)
-xnlock_LDADD = $(LDADD)
-@KRB4_FALSE@@KRB5_TRUE@xnlock_DEPENDENCIES = \
-@KRB4_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@@KRB5_FALSE@xnlock_DEPENDENCIES =
-@KRB4_TRUE@@KRB5_TRUE@xnlock_DEPENDENCIES = \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/kafs/libkafs.la \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_TRUE@@KRB5_FALSE@xnlock_DEPENDENCIES = \
-@KRB4_TRUE@@KRB5_FALSE@	$(top_builddir)/lib/kafs/libkafs.la
-xnlock_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = xnlock.c
-MANS = $(man_MANS)
-DIST_COMMON = README ChangeLog Makefile.am Makefile.in
-SOURCES = xnlock.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  appl/xnlock/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-xnlock$(EXEEXT): $(xnlock_OBJECTS) $(xnlock_DEPENDENCIES) 
-	@rm -f xnlock$(EXEEXT)
-	$(LINK) $(xnlock_LDFLAGS) $(xnlock_OBJECTS) $(xnlock_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-binPROGRAMS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/appl/xnlock/README b/crypto/heimdal/appl/xnlock/README
deleted file mode 100644
index 5b16c522fd6b..000000000000
--- a/crypto/heimdal/appl/xnlock/README
+++ /dev/null
@@ -1,21 +0,0 @@
-xnlock -- Dan Heller, 1990
-"nlock" is a "new lockscreen" type program... something that prevents
-screen burnout by making most of it "black" while providing something
-of interest to be displayed in case anyone is watching.  The program
-also provides added security.
-
-"xnlock" is the X11 version of the program.
-
-Original sunview version written by Dan Heller 1985 (not included).
-
-For a real description of how this program works, read the
-man page or just try running it.
-
-The one major outstanding bug with this program is that every
-once in a while, two horizontal lines appear below the little
-figure that runs around the screen.  If someone can find and
-fix this bug, *please* let me know -- I don't have time to
-look and if I waited till I had time, you'd never see this
-program...  It has something to do with the "looking down"
-position and then directly moving up and right or left...
-
diff --git a/crypto/heimdal/appl/xnlock/nose.0.left b/crypto/heimdal/appl/xnlock/nose.0.left
deleted file mode 100644
index cb3d152863a0..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.0.left
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_0_left_width 64
-#define nose_0_left_height 64
-static unsigned char nose_0_left_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
- 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
- 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
- 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
- 0x08,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x20,0x00,
- 0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,0xf0,0x03,0x00,0x00,0x80,0x00,
- 0x00,0x00,0x0e,0x0c,0x00,0x00,0x80,0x01,0x00,0x00,0x03,0x30,0x00,0x00,0x00,
- 0x01,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x40,0x00,0xc0,0x00,0x00,
- 0x00,0x02,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,
- 0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x00,
- 0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,
- 0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
- 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
- 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
- 0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x01,0x00,0x00,
- 0x18,0x00,0x20,0x00,0x00,0x01,0x00,0x00,0x08,0x00,0x40,0x00,0x80,0x00,0x00,
- 0x00,0x08,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x0c,0x00,0x00,0x01,0x20,0x00,
- 0x00,0x00,0x04,0x00,0x00,0x06,0x18,0x00,0x00,0x00,0x06,0x00,0x00,0xf8,0x07,
- 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0x01,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf8,0x0f,0x00,0x00,0x00,
- 0x00,0xff,0x00,0x04,0x10,0x00,0x00,0x00,0xc0,0x00,0x03,0x03,0x10,0x00,0x00,
- 0x00,0x30,0x00,0x0c,0x01,0x20,0x00,0x00,0x00,0x08,0x00,0x98,0x00,0x20,0x00,
- 0x00,0x00,0x0c,0x03,0x60,0x00,0x20,0x00,0x00,0x00,0xc2,0x00,0xc0,0x00,0x20,
- 0x00,0x00,0x00,0x42,0x00,0x80,0x00,0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x01,
- 0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x01,0x20,0x00,0x00,0x00,0x21,0x00,0x00,
- 0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x01,0x00,
- 0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x02,
- 0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
- 0x18,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x10,0x00,0x00,
- 0x00,0xc0,0xff,0xff,0xff,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.0.right b/crypto/heimdal/appl/xnlock/nose.0.right
deleted file mode 100644
index f387baa7304f..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.0.right
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_0_right_width 64
-#define nose_0_right_height 64
-static unsigned char nose_0_right_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00,
- 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,
- 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,
- 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,
- 0x04,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x10,0x00,
- 0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x01,0x00,0x00,0xc0,0x0f,
- 0x00,0x00,0x80,0x01,0x00,0x00,0x30,0x70,0x00,0x00,0x80,0x00,0x00,0x00,0x0c,
- 0xc0,0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x40,0x00,0x00,0x00,
- 0x03,0x00,0x02,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x20,0x00,0x00,
- 0x00,0x00,0x00,0x08,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00,
- 0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
- 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
- 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
- 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,
- 0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x18,0x00,0x00,0x80,0x00,
- 0x00,0x08,0x00,0x10,0x00,0x00,0x80,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,
- 0x01,0x00,0x02,0x00,0x30,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x20,0x00,0x00,
- 0x00,0x04,0x80,0x00,0x00,0x60,0x00,0x00,0x00,0x18,0x60,0x00,0x00,0x40,0x00,
- 0x00,0x00,0xe0,0x1f,0x00,0x00,0x80,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf0,0x1f,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x08,0x20,0x00,0xff,0x00,0x00,0x00,0x00,0x08,0xc0,0xc0,0x00,0x03,0x00,
- 0x00,0x00,0x04,0x80,0x30,0x00,0x0c,0x00,0x00,0x00,0x04,0x00,0x19,0x00,0x10,
- 0x00,0x00,0x00,0x04,0x00,0x06,0xc0,0x30,0x00,0x00,0x00,0x04,0x00,0x03,0x00,
- 0x43,0x00,0x00,0x00,0x04,0x00,0x01,0x00,0x42,0x00,0x00,0x00,0x04,0x80,0x00,
- 0x00,0x84,0x00,0x00,0x00,0x04,0x80,0x00,0x00,0x84,0x00,0x00,0x00,0x04,0x00,
- 0x00,0x00,0x84,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,
- 0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,
- 0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,
- 0x00,0x04,0x00,0x00,0x00,0x18,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x0e,0x00,
- 0x00,0x00,0xf0,0xff,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.1.left b/crypto/heimdal/appl/xnlock/nose.1.left
deleted file mode 100644
index 8a6b82952612..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.1.left
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_1_left_width 64
-#define nose_1_left_height 64
-static unsigned char nose_1_left_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
- 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
- 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
- 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
- 0x08,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x20,0x00,
- 0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,0xf0,0x03,0x00,0x00,0x80,0x00,
- 0x00,0x00,0x0e,0x0c,0x00,0x00,0x80,0x01,0x00,0x00,0x03,0x30,0x00,0x00,0x00,
- 0x01,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x40,0x00,0xc0,0x00,0x00,
- 0x00,0x02,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,
- 0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x00,
- 0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00,
- 0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
- 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
- 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
- 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x01,0x00,0x00,
- 0x18,0x00,0x10,0x00,0x00,0x01,0x00,0x00,0x08,0x00,0x20,0x00,0x80,0x00,0x00,
- 0x00,0x08,0x00,0x40,0x00,0x40,0x00,0x00,0x00,0x0c,0x00,0x80,0x00,0x20,0x00,
- 0x00,0x00,0xe4,0x00,0x00,0x03,0x18,0x00,0x00,0x00,0x26,0x03,0x00,0xfc,0x07,
- 0x00,0x00,0x00,0x12,0x0c,0x00,0x00,0xf8,0xff,0xff,0xff,0x11,0x10,0x80,0x1f,
- 0x00,0x00,0x00,0x00,0x08,0x20,0x60,0x60,0xc0,0x07,0x00,0x00,0x04,0x40,0x10,
- 0xc0,0x20,0x08,0x00,0x1f,0x02,0x40,0x08,0x00,0x21,0x10,0xc0,0x60,0x02,0x40,
- 0x04,0x00,0x12,0x20,0x20,0x80,0x02,0x20,0xc2,0x00,0x14,0x40,0x18,0x00,0x03,
- 0x20,0x22,0x00,0x0c,0x80,0x04,0x03,0x02,0x10,0x12,0x00,0x08,0x80,0x86,0x00,
- 0x04,0x10,0x12,0x00,0x10,0x80,0x42,0x00,0x18,0x08,0x12,0x00,0x10,0x40,0x42,
- 0x00,0x00,0x04,0x02,0x00,0x20,0x40,0x42,0x00,0x00,0x04,0x02,0x00,0x00,0x20,
- 0x42,0x00,0x00,0x02,0x04,0x00,0x00,0x20,0x02,0x00,0x00,0x01,0x04,0x00,0x00,
- 0x20,0x02,0x00,0x00,0x01,0x08,0x00,0x00,0x20,0x04,0x00,0x80,0x00,0x10,0x00,
- 0x00,0x20,0x0c,0x00,0x80,0x00,0x60,0x00,0x00,0x10,0x08,0x00,0x40,0x00,0x80,
- 0xff,0xff,0x0f,0x30,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0x0f,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.1.right b/crypto/heimdal/appl/xnlock/nose.1.right
deleted file mode 100644
index f7c8962c0262..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.1.right
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_1_right_width 64
-#define nose_1_right_height 64
-static unsigned char nose_1_right_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00,
- 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,
- 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,
- 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,
- 0x04,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x10,0x00,
- 0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x01,0x00,0x00,0xc0,0x0f,
- 0x00,0x00,0x80,0x01,0x00,0x00,0x30,0x70,0x00,0x00,0x80,0x00,0x00,0x00,0x0c,
- 0xc0,0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x40,0x00,0x00,0x00,
- 0x03,0x00,0x02,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x20,0x00,0x00,
- 0x00,0x00,0x00,0x08,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00,
- 0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,
- 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
- 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,
- 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,
- 0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x18,0x00,0x00,0x80,0x00,
- 0x00,0x08,0x00,0x10,0x00,0x00,0x80,0x00,0x00,0x08,0x00,0x10,0x00,0x00,0x00,
- 0x01,0x00,0x04,0x00,0x30,0x00,0x00,0x00,0x02,0x00,0x02,0x00,0x27,0x00,0x00,
- 0x00,0x04,0x00,0x01,0xc0,0x64,0x00,0x00,0x00,0x18,0xc0,0x00,0x30,0x48,0x00,
- 0x00,0x00,0xe0,0x3f,0x00,0x08,0x88,0xff,0xff,0xff,0x1f,0x00,0x00,0x04,0x10,
- 0x00,0x00,0x00,0x00,0xf8,0x01,0x02,0x20,0x00,0x00,0xe0,0x03,0x06,0x06,0x02,
- 0x40,0xf8,0x00,0x10,0x04,0x03,0x08,0x02,0x40,0x06,0x03,0x08,0x84,0x00,0x10,
- 0x04,0x40,0x01,0x04,0x04,0x48,0x00,0x20,0x04,0xc0,0x00,0x18,0x02,0x28,0x00,
- 0x43,0x08,0x40,0xc0,0x20,0x01,0x30,0x00,0x44,0x08,0x20,0x00,0x61,0x01,0x10,
- 0x00,0x48,0x10,0x18,0x00,0x42,0x01,0x08,0x00,0x48,0x20,0x00,0x00,0x42,0x02,
- 0x08,0x00,0x48,0x20,0x00,0x00,0x42,0x02,0x04,0x00,0x40,0x40,0x00,0x00,0x42,
- 0x04,0x00,0x00,0x40,0x80,0x00,0x00,0x40,0x04,0x00,0x00,0x20,0x80,0x00,0x00,
- 0x40,0x04,0x00,0x00,0x20,0x00,0x01,0x00,0x20,0x04,0x00,0x00,0x10,0x00,0x01,
- 0x00,0x30,0x04,0x00,0x00,0x08,0x00,0x02,0x00,0x10,0x08,0x00,0x00,0x06,0x00,
- 0x0c,0x00,0x0c,0xf0,0xff,0xff,0x01,0x00,0xf0,0xff,0x03,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.down b/crypto/heimdal/appl/xnlock/nose.down
deleted file mode 100644
index e8bdba4f45b6..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.down
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_down_width 64
-#define nose_down_height 64
-static unsigned char nose_down_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0xfc,0xff,0x01,0x00,0x00,0x00,0x00,0xc0,0x03,0x00,0x1e,0x00,
- 0x00,0x00,0x00,0x38,0x00,0x00,0xe0,0x00,0x00,0x00,0x00,0x06,0x00,0x00,0x00,
- 0x03,0x00,0x00,0x80,0x01,0x00,0x00,0x00,0x04,0x00,0x00,0x40,0x00,0x00,0x00,
- 0x00,0x08,0x00,0x00,0x20,0x00,0x00,0x00,0x00,0x30,0x00,0x00,0x10,0x00,0x80,
- 0x1f,0x00,0x40,0x00,0x00,0x08,0x00,0x60,0x60,0x00,0x80,0x00,0x00,0x08,0x00,
- 0x10,0x80,0x00,0x80,0x00,0x00,0x04,0x00,0x08,0x00,0x01,0x00,0x01,0x00,0x04,
- 0x00,0x08,0x00,0x01,0x00,0x01,0x00,0x02,0x00,0x18,0x80,0x01,0x00,0x02,0x00,
- 0x02,0x00,0x68,0x60,0x01,0x00,0x02,0x00,0x02,0x00,0x88,0x1f,0x01,0x00,0x02,
- 0x00,0x02,0x00,0x08,0x00,0x01,0x00,0x02,0x00,0x02,0x00,0x10,0x80,0x00,0x00,
- 0x03,0x00,0x06,0x00,0x60,0x60,0x00,0x80,0x02,0x00,0x0c,0x00,0x80,0x1f,0x00,
- 0x40,0x01,0x00,0x14,0x00,0x00,0x00,0x00,0x20,0x01,0x00,0x28,0x00,0x00,0x00,
- 0x00,0x90,0x00,0x00,0x50,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0xa0,0x01,0x00,
- 0x00,0x00,0x26,0x00,0x00,0x40,0x1e,0x00,0x00,0xc0,0x11,0x00,0x00,0x80,0xe1,
- 0x03,0x00,0x3c,0x0c,0x00,0x00,0x00,0x0e,0xfc,0xff,0x83,0x03,0x00,0x00,0x00,
- 0xf0,0x01,0x00,0x78,0x00,0x00,0x00,0x00,0x00,0xfe,0xff,0x0f,0x00,0x00,0x00,
- 0x00,0x80,0x03,0x00,0x0c,0x00,0x00,0x00,0x00,0x80,0x02,0x00,0x14,0x00,0x00,
- 0x00,0x00,0x60,0x04,0x00,0x12,0x00,0x00,0xc0,0x7f,0x10,0x04,0x00,0x22,0xe0,
- 0x01,0x70,0xc0,0x18,0x08,0x00,0x61,0x1c,0x06,0x10,0x00,0x0f,0x30,0xc0,0x80,
- 0x07,0x08,0x08,0x00,0x06,0xc0,0x3f,0x80,0x01,0x08,0x08,0x00,0x18,0x00,0x02,
- 0xc0,0x00,0x10,0x04,0x00,0x30,0x00,0x05,0x30,0x00,0x10,0x04,0x00,0x00,0x80,
- 0x08,0x18,0x00,0x20,0x04,0x00,0x00,0x80,0x08,0x00,0x00,0x20,0x04,0x00,0x00,
- 0x40,0x10,0x00,0x00,0x20,0x24,0x00,0x00,0x40,0x10,0x00,0x00,0x22,0x24,0x00,
- 0x00,0x40,0x10,0x00,0x00,0x22,0x44,0x00,0x00,0x40,0x10,0x00,0x00,0x11,0x84,
- 0x01,0x00,0xc0,0x18,0x00,0xc0,0x10,0x08,0x00,0x00,0x80,0x08,0x00,0x00,0x08,
- 0x30,0x00,0x00,0x80,0x08,0x00,0x00,0x04,0xe0,0xff,0xff,0xff,0xf8,0xff,0xff,
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.front b/crypto/heimdal/appl/xnlock/nose.front
deleted file mode 100644
index 64b82015c6a7..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.front
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_front_width 64
-#define nose_front_height 64
-static unsigned char nose_front_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
- 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
- 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
- 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
- 0x08,0x00,0xc0,0x1f,0x00,0x20,0x00,0x00,0x08,0x00,0x30,0x60,0x00,0x20,0x00,
- 0x00,0xf8,0xff,0x0f,0x80,0xff,0x3f,0x00,0x00,0x00,0x02,0x02,0x00,0x82,0x00,
- 0x00,0x00,0x00,0x03,0x01,0x00,0x84,0x01,0x00,0x00,0x00,0x81,0x00,0x00,0x08,
- 0x01,0x00,0x00,0x80,0x80,0x00,0x00,0x08,0x02,0x00,0x00,0x80,0x40,0x00,0x00,
- 0x10,0x02,0x00,0x00,0x40,0x40,0x00,0x00,0x10,0x04,0x00,0x00,0x40,0x20,0x00,
- 0x00,0x20,0x04,0x00,0x00,0x60,0x20,0x00,0x00,0x20,0x0c,0x00,0x00,0x20,0x20,
- 0x00,0x00,0x20,0x08,0x00,0x00,0x20,0x20,0x00,0x00,0x20,0x08,0x00,0x00,0x10,
- 0x20,0x00,0x00,0x20,0x10,0x00,0x00,0x10,0x20,0x00,0x00,0x20,0x10,0x00,0x00,
- 0x10,0x20,0x00,0x00,0x20,0x10,0x00,0x00,0x10,0x40,0x00,0x00,0x10,0x10,0x00,
- 0x00,0x10,0x40,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x80,0x00,0x00,0x08,0x10,
- 0x00,0x00,0x10,0x80,0x00,0x00,0x08,0x10,0x00,0x00,0x30,0x00,0x01,0x00,0x04,
- 0x18,0x00,0x00,0x20,0x00,0x02,0x00,0x02,0x08,0x00,0x00,0x20,0x00,0x0c,0x80,
- 0x01,0x08,0x00,0x00,0x60,0x00,0x30,0x60,0x00,0x0c,0x00,0x00,0x40,0x00,0xc0,
- 0x1f,0x00,0x04,0x00,0x00,0xc0,0x00,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xfe,0xff,0xff,0xff,0x01,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x0f,0xc0,0x0f,0x00,0x00,0x00,
- 0x00,0x40,0x10,0x20,0x10,0x00,0x00,0x00,0x00,0x20,0x60,0x30,0x20,0x00,0x00,
- 0x00,0x00,0x20,0xc0,0x18,0x20,0x00,0x00,0xc0,0x7f,0x10,0x80,0x0d,0x40,0xe0,
- 0x01,0x70,0xc0,0x18,0x00,0x05,0x40,0x1c,0x06,0x10,0x00,0x0f,0x00,0x05,0x80,
- 0x07,0x08,0x08,0x00,0x06,0x00,0x05,0x80,0x01,0x08,0x08,0x00,0x18,0x00,0x05,
- 0xc0,0x00,0x10,0x04,0x00,0x30,0x00,0x05,0x30,0x00,0x10,0x04,0x00,0x00,0x80,
- 0x08,0x18,0x00,0x20,0x04,0x00,0x00,0x80,0x08,0x00,0x00,0x20,0x04,0x00,0x00,
- 0x40,0x10,0x00,0x00,0x20,0x24,0x00,0x00,0x40,0x10,0x00,0x00,0x22,0x24,0x00,
- 0x00,0x40,0x10,0x00,0x00,0x22,0x44,0x00,0x00,0x40,0x10,0x00,0x00,0x11,0x84,
- 0x01,0x00,0xc0,0x18,0x00,0xc0,0x10,0x08,0x00,0x00,0x80,0x08,0x00,0x00,0x08,
- 0x30,0x00,0x00,0x80,0x08,0x00,0x00,0x04,0xe0,0xff,0xff,0xff,0xf8,0xff,0xff,
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.left.front b/crypto/heimdal/appl/xnlock/nose.left.front
deleted file mode 100644
index 3a871eaaa150..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.left.front
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_left_front_width 64
-#define nose_left_front_height 64
-static unsigned char nose_left_front_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00,
- 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,
- 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
- 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,
- 0x08,0x00,0xe0,0x0f,0x00,0x20,0x00,0x00,0x08,0x00,0x18,0x30,0x00,0x20,0x00,
- 0x00,0xf8,0xff,0x07,0xc0,0xff,0x3f,0x00,0x00,0x00,0x02,0x01,0x00,0x81,0x00,
- 0x00,0x00,0x00,0x83,0x00,0x00,0x82,0x01,0x00,0x00,0x00,0x41,0x00,0x00,0x04,
- 0x01,0x00,0x00,0x80,0x40,0x00,0x00,0x04,0x02,0x00,0x00,0x80,0x20,0x00,0x00,
- 0x08,0x02,0x00,0x00,0x40,0x20,0x00,0x00,0x08,0x04,0x00,0x00,0x40,0x10,0x00,
- 0x00,0x10,0x04,0x00,0x00,0x60,0x10,0x00,0x00,0x10,0x0c,0x00,0x00,0x20,0x10,
- 0x00,0x00,0x10,0x08,0x00,0x00,0x30,0x10,0x00,0x00,0x10,0x08,0x00,0x00,0x10,
- 0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,
- 0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x20,0x00,0x00,0x08,0x10,0x00,
- 0x00,0x10,0x20,0x00,0x00,0x08,0x10,0x00,0x00,0x10,0x40,0x00,0x00,0x04,0x10,
- 0x00,0x00,0x30,0x40,0x00,0x00,0x04,0x10,0x00,0x00,0x20,0x80,0x00,0x00,0x02,
- 0x18,0x00,0x00,0x20,0x00,0x01,0x00,0x01,0x08,0x00,0x00,0x60,0x00,0x06,0xc0,
- 0x00,0x08,0x00,0x00,0x80,0x00,0x18,0x30,0x00,0x0c,0x00,0x00,0x80,0x00,0xe0,
- 0x0f,0x00,0x04,0x00,0x00,0x80,0x01,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x01,
- 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xfe,0xff,0xff,0xff,0x01,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf8,0x0f,0x00,0x00,0x00,
- 0x00,0xff,0x00,0x04,0x10,0x00,0x00,0x00,0xe0,0x00,0x07,0x02,0x10,0x00,0x00,
- 0x00,0x30,0x00,0x8c,0x01,0x20,0x00,0x00,0x00,0x0c,0x00,0x90,0x00,0x20,0x00,
- 0x00,0x00,0x04,0x03,0x60,0x00,0x20,0x00,0x00,0x00,0xc2,0x00,0xc0,0x00,0x20,
- 0x00,0x00,0x00,0x42,0x00,0x00,0x01,0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x02,
- 0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x06,0x20,0x00,0x00,0x00,0x21,0x00,0x00,
- 0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x03,0x00,
- 0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x02,
- 0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
- 0x18,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x10,0x00,0x00,
- 0x00,0xc0,0xff,0xff,0xff,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/nose.right.front b/crypto/heimdal/appl/xnlock/nose.right.front
deleted file mode 100644
index f8214174e87c..000000000000
--- a/crypto/heimdal/appl/xnlock/nose.right.front
+++ /dev/null
@@ -1,38 +0,0 @@
-#define nose_right_front_width 64
-#define nose_right_front_height 64
-static unsigned char nose_right_front_bits[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00,
- 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,
- 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,
- 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,
- 0x04,0x00,0xf0,0x07,0x00,0x10,0x00,0x00,0x04,0x00,0x0c,0x18,0x00,0x10,0x00,
- 0x00,0xfc,0xff,0x03,0xe0,0xff,0x1f,0x00,0x00,0x00,0x81,0x00,0x80,0x40,0x00,
- 0x00,0x00,0x80,0x41,0x00,0x00,0xc1,0x00,0x00,0x00,0x80,0x20,0x00,0x00,0x82,
- 0x00,0x00,0x00,0x40,0x20,0x00,0x00,0x02,0x01,0x00,0x00,0x40,0x10,0x00,0x00,
- 0x04,0x01,0x00,0x00,0x20,0x10,0x00,0x00,0x04,0x02,0x00,0x00,0x20,0x08,0x00,
- 0x00,0x08,0x02,0x00,0x00,0x30,0x08,0x00,0x00,0x08,0x06,0x00,0x00,0x10,0x08,
- 0x00,0x00,0x08,0x04,0x00,0x00,0x10,0x08,0x00,0x00,0x08,0x0c,0x00,0x00,0x08,
- 0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,
- 0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x10,0x00,0x00,0x04,0x08,0x00,
- 0x00,0x08,0x10,0x00,0x00,0x04,0x08,0x00,0x00,0x08,0x20,0x00,0x00,0x02,0x08,
- 0x00,0x00,0x08,0x20,0x00,0x00,0x02,0x0c,0x00,0x00,0x18,0x40,0x00,0x00,0x01,
- 0x04,0x00,0x00,0x10,0x80,0x00,0x80,0x00,0x04,0x00,0x00,0x10,0x00,0x03,0x60,
- 0x00,0x06,0x00,0x00,0x30,0x00,0x0c,0x18,0x00,0x01,0x00,0x00,0x20,0x00,0xf0,
- 0x07,0x00,0x01,0x00,0x00,0x60,0x00,0x00,0x00,0x80,0x01,0x00,0x00,0x40,0x00,
- 0x00,0x00,0x80,0x00,0x00,0x00,0x80,0xff,0xff,0xff,0x7f,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf0,0x1f,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x08,0x20,0x00,0xff,0x00,0x00,0x00,0x00,0x08,0x40,0xe0,0x00,0x07,0x00,
- 0x00,0x00,0x04,0x80,0x31,0x00,0x0c,0x00,0x00,0x00,0x04,0x00,0x09,0x00,0x30,
- 0x00,0x00,0x00,0x04,0x00,0x06,0xc0,0x20,0x00,0x00,0x00,0x04,0x00,0x03,0x00,
- 0x43,0x00,0x00,0x00,0x04,0x80,0x00,0x00,0x42,0x00,0x00,0x00,0x04,0x40,0x00,
- 0x00,0x84,0x00,0x00,0x00,0x04,0x60,0x00,0x00,0x84,0x00,0x00,0x00,0x04,0x00,
- 0x00,0x00,0x84,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,
- 0x00,0x00,0x00,0xc0,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,
- 0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,
- 0x00,0x04,0x00,0x00,0x00,0x18,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x0e,0x00,
- 0x00,0x00,0xf0,0xff,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00};
diff --git a/crypto/heimdal/appl/xnlock/xnlock.1 b/crypto/heimdal/appl/xnlock/xnlock.1
deleted file mode 100644
index c62417d06228..000000000000
--- a/crypto/heimdal/appl/xnlock/xnlock.1
+++ /dev/null
@@ -1,123 +0,0 @@
-.\" xnlock -- Dan Heller 1985 <argv@sun.com>
-.TH XNLOCK 1L "19 April 1990"
-.SH NAME
-xnlock \- amusing lock screen program with message for passers-by
-.SH SYNOPSIS
-.B xnlock
-[
-\fIoptions\fP
-]
-[
-\fImessage\fP
-]
-.SH DESCRIPTION
-.I xnlock
-is a program that acts as a screen saver for workstations running X11.
-It also "locks" the screen such that the workstation can be left
-unattended without worry that someone else will walk up to it and
-mess everything up.  When \fIxnlock\fP is running, a little man with
-a big nose and a hat runs around spewing out messages to the screen.
-By default, the messages are "humorous", but that depends on your
-sense of humor.
-.LP
-If a key or mouse button is pressed, a prompt is printed requesting the
-user's password.  If a RETURN is not typed within 30 seconds,
-the little man resumes running around.
-.LP
-Text on the command line is used as the message.  For example:
-.br
-	% xnlock I\'m out to lunch for a couple of hours.
-.br
-Note the need to quote shell metacharacters.
-.LP
-In the absence of flags or text, \fIxnlock\fP displays random fortunes.
-.SH OPTIONS
-Command line options override all resource specifications.
-All arguments that are not associated with a command line option
-is taken to be message text that the little man will "say" every
-once in a while.  The resource \fBxnlock.text\fP may be set to
-a string.
-.TP
-.BI \-fn " fontname"
-The default font is the first 18 point font in the \fInew century schoolbook\fP
-family.  While larger fonts are recokmmended over smaller ones, any font
-in the server's font list will work.  The resource to use for this option
-is \fBxnlock.font\fP.
-.TP
-.BI \-filename "  filename"
-Take the message to be displayed from the file \fIfilename\fP.
-If \fIfilename\fP is not specified, \fI$HOME/.msgfile\fP is used.
-If the contents of the file are changed during runtime, the most recent text
-of the file is used (allowing the displayed message to be altered remotely).
-Carriage returns within the text are allowed, but tabs or other control
-characters are not translated and should not be used.
-The resource available for this option is \fBxnlock.file\fP.
-.TP
-.BI \-ar
-Accept root's password to unlock screen.  This option is true by
-default.  The reason for this is so that someone's screen may be
-unlocked by autorized users in case of emergency and the person
-running the program is still out to lunch.  The resource available
-for specifying this option is \fBxnlock.acceptRootPasswd\fP.
-.TP
-.BI \-noar
-Don't accept root's password.  This option is for paranoids who
-fear their peers might breakin using root's password and remove
-their files anyway.  Specifying this option on the command line
-overrides the \fBxnlock.acceptRootPasswd\fP if set to True.
-.TP
-.BI \-ip
-Ignore password prompt.
-The resource available for this option is \fBxnlock.ignorePasswd\fP.
-.TP
-.BI \-noip
-Don't ignore password prompt.  This is available in order to
-override the resource \fBignorePasswd\fP if set to True.
-.TP
-.BI -fg " color"
-Specifies the foreground color.  The resource available for this
-is \fBxnlock.foreground\fP.
-.TP
-.BI -bg " color"
-Specifies the background color.  The resource available for this
-is \fBxnlock.background\fP.
-.TP
-.BI \-rv
-Reverse the foreground and background colors.
-The resource for this is \fBxvnlock.reverseVideo\fP.
-.TP
-.BI \-norv
-Don't use reverse video.  This is available to override the reverseVideo
-resource if set to True.
-.TP
-.BI \-prog " program"
-Receive message text from the running program \fIprogram\fP. If there
-are arguments to \fIprogram\fP, encase them with the name of the program in
-quotes (e.g. xnlock -t "fortune -o").
-The resource for this is \fBxnlock.program\fP.
-.SH RESOURCES
-.br
-xnlock.font:               fontname
-.br
-xnlock.foreground:         color
-.br
-xnlock.background:         color
-.br
-xnlock.reverseVideo:       True/False
-.br
-xnlock.text:               Some random text string
-.br
-xnlock.program:            program [args]
-.br
-xnlock.ignorePasswd:       True/False
-.br
-xnlock.acceptRootPasswd:   True/False
-.SH FILES
-\fIxnlock\fP               executable file
-.br
-~/.msgfile                 default message file
-.SH AUTHOR
-Dan Heller <argv@sun.com>  Copyright (c) 1985, 1990.
-.br
-The original version of this program was written using pixrects on
-a Sun 2 running SunOS 1.1.
diff --git a/crypto/heimdal/appl/xnlock/xnlock.c b/crypto/heimdal/appl/xnlock/xnlock.c
deleted file mode 100644
index acfff2f09d36..000000000000
--- a/crypto/heimdal/appl/xnlock/xnlock.c
+++ /dev/null
@@ -1,1135 +0,0 @@
-/*
- * xnlock -- Dan Heller, 1990
- * "nlock" is a "new lockscreen" type program... something that prevents
- * screen burnout by making most of it "black" while providing something
- * of interest to be displayed in case anyone is watching.
- * "xnlock" is the X11 version of the program.
- * Original sunview version written by Dan Heller 1985 (not included here).
- */
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: xnlock.c,v 1.90 2002/08/23 19:29:38 assar Exp $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <X11/StringDefs.h>
-#include <X11/Intrinsic.h>
-#include <X11/keysym.h>
-#include <X11/Shell.h>
-#include <X11/Xos.h>
-#ifdef strerror
-#undef strerror
-#endif
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#include <kafs.h>
-#endif
-
-#include <roken.h>
-#include <err.h>
-
-static char login[16];
-static char userprompt[128];
-#ifdef KRB4
-static char name[ANAME_SZ];
-static char inst[INST_SZ];
-static char realm[REALM_SZ];
-#endif
-#ifdef KRB5
-static krb5_context context;
-static krb5_principal client;
-#endif
-
-#define font_height(font)	  	(font->ascent + font->descent)
-
-static char *SPACE_STRING = "                                                      ";
-static char STRING[] = "****************";
-
-#define STRING_LENGTH (sizeof(STRING))
-#define MAX_PASSWD_LENGTH 256
-/* (sizeof(STRING)) */
-
-#define PROMPT	    "Password: "
-#define FAIL_MSG    "Sorry, try again"
-#define LEFT 	001
-#define RIGHT 	002
-#define DOWN 	004
-#define UP 	010
-#define FRONT	020
-#define X_INCR 3
-#define Y_INCR 2
-#define XNLOCK_CTRL 1
-#define XNLOCK_NOCTRL 0
-
-static XtAppContext	app;
-static Display        *dpy;
-static unsigned short	Width, Height;
-static Widget		widget;
-static GC		gc;
-static XtIntervalId	timeout_id;
-static char	       *words;
-static int		x, y;
-static Pixel		Black, White;
-static XFontStruct    *font;
-static char		root_cpass[128];
-static char		user_cpass[128];
-static int		time_left, prompt_x, prompt_y, time_x, time_y;
-static unsigned long	interval;
-static Pixmap		left0, left1, right0, right1, left_front,
-			right_front, front, down;
-
-#define MAXLINES 40
-
-#define IS_MOVING  1
-#define GET_PASSWD 2
-static int state; /* indicates states: walking or getting passwd */
-
-static int ALLOW_LOGOUT = (60*10);	/* Allow logout after nn seconds */
-#define LOGOUT_PASSWD "enuHDmTo5Lq4g" /* when given password "LOGOUT" */
-static time_t locked_at;
-
-struct appres_t {
-    Pixel bg;
-    Pixel fg;
-    XFontStruct *font;
-    Boolean ignore_passwd;
-    Boolean do_reverse;
-    Boolean accept_root;
-    char *text, *text_prog, *file, *logoutPasswd;
-    Boolean no_screensaver;
-    Boolean destroytickets;
-} appres;
-
-static XtResource resources[] = {
-    { XtNbackground, XtCBackground, XtRPixel, sizeof(Pixel), 
-      XtOffsetOf(struct appres_t, bg), XtRString, "black" },
-
-    { XtNforeground, XtCForeground, XtRPixel, sizeof(Pixel), 
-      XtOffsetOf(struct appres_t, fg), XtRString, "white" },
-
-    { XtNfont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
-      XtOffsetOf(struct appres_t, font), 
-      XtRString, "-*-new century schoolbook-*-*-*-18-*" },
-
-    { "ignorePasswd", "IgnorePasswd", XtRBoolean, sizeof(Boolean),
-      XtOffsetOf(struct appres_t,ignore_passwd),XtRImmediate,(XtPointer)False },
-
-    { "acceptRootPasswd", "AcceptRootPasswd", XtRBoolean, sizeof(Boolean),
-      XtOffsetOf(struct appres_t, accept_root), XtRImmediate, (XtPointer)True },
-
-    { "text", "Text", XtRString, sizeof(String),
-      XtOffsetOf(struct appres_t, text), XtRString, "I'm out running around." },
-    
-    { "program", "Program", XtRString, sizeof(String),
-      XtOffsetOf(struct appres_t, text_prog), XtRImmediate, NULL },
-
-    { "file", "File", XtRString, sizeof(String),
-      XtOffsetOf(struct appres_t,file), XtRImmediate, NULL },
-
-    { "logoutPasswd", "logoutPasswd", XtRString, sizeof(String),
-      XtOffsetOf(struct appres_t, logoutPasswd), XtRString, LOGOUT_PASSWD },
-    
-    { "noScreenSaver", "NoScreenSaver", XtRBoolean, sizeof(Boolean),
-      XtOffsetOf(struct appres_t,no_screensaver), XtRImmediate, (XtPointer)True },
-
-    { "destroyTickets", "DestroyTickets", XtRBoolean, sizeof(Boolean),
-      XtOffsetOf(struct appres_t,destroytickets), XtRImmediate, (XtPointer)True },
-};
-
-static XrmOptionDescRec options[] = {
-    { "-fg", ".foreground", XrmoptionSepArg, NULL }, 
-    { "-foreground", ".foreground", XrmoptionSepArg, NULL }, 
-    { "-fn", ".font", XrmoptionSepArg, NULL }, 
-    { "-font", ".font", XrmoptionSepArg, NULL }, 
-    { "-ip", ".ignorePasswd", XrmoptionNoArg, "True" },
-    { "-noip", ".ignorePasswd", XrmoptionNoArg, "False" },
-    { "-ar",  ".acceptRootPasswd", XrmoptionNoArg, "True" },
-    { "-noar", ".acceptRootPasswd", XrmoptionNoArg, "False" },
-    { "-nonoscreensaver", ".noScreenSaver", XrmoptionNoArg, "False" },
-    { "-nodestroytickets", ".destroyTickets", XrmoptionNoArg, "False" },
-};
-
-static char*
-get_words(void)
-{
-    FILE *pp = NULL;
-    static char buf[512];
-    long n;
-
-    if (appres.text_prog) {
-	pp = popen(appres.text_prog, "r");
-	if (!pp) {
-	    warn("popen %s", appres.text_prog);
-	    return appres.text;
-	}
-	n = fread(buf, 1, sizeof(buf) - 1, pp);
-	buf[n] = 0;
-	pclose(pp);
-	return buf;
-    }
-    if (appres.file) {
-	pp = fopen(appres.file, "r");
-	if (!pp) {
-	    warn("fopen %s", appres.file);
-	    return appres.text;
-	}
-	n = fread(buf, 1, sizeof(buf) - 1, pp);
-	buf[n] = 0;
-	fclose(pp);
-	return buf;
-    }
-
-    return appres.text;
-}
-
-static void
-usage(void)
-{
-    fprintf(stderr, "usage: %s [options] [message]\n", getprogname());
-    fprintf(stderr, "-fg color     foreground color\n");
-    fprintf(stderr, "-bg color     background color\n");
-    fprintf(stderr, "-rv           reverse foreground/background colors\n");
-    fprintf(stderr, "-nrv          no reverse video\n");
-    fprintf(stderr, "-ip           ignore passwd\n");
-    fprintf(stderr, "-nip          don't ignore passwd\n");
-    fprintf(stderr, "-ar           accept root's passwd to unlock\n");
-    fprintf(stderr, "-nar          don't accept root's passwd\n");
-    fprintf(stderr, "-f [file]     message is read from file or ~/.msgfile\n");
-    fprintf(stderr, "-prog program  text is gotten from executing `program'\n");
-    fprintf(stderr, "-nodestroytickets keep kerberos tickets\n");
-    exit(1);
-}
-
-static void
-init_words (int argc, char **argv)
-{
-    int i = 0;
-
-    while(argv[i]) {
-	if(strcmp(argv[i], "-p") == 0
-	   || strcmp(argv[i], "-prog") == 0) {
-	    i++;
-	    if(argv[i]) {
-		appres.text_prog = argv[i];
-		i++;
-	    } else {
-		warnx ("-p requires an argument");
-		usage();
-	    }
-	} else if(strcmp(argv[i], "-f") == 0) {
-	    i++;
-	    if(argv[i]) {
-		appres.file = argv[i];
-		i++;
-	    } else {
-		asprintf (&appres.file,
-			  "%s/.msgfile", getenv("HOME"));
-		if (appres.file == NULL)
-		    errx (1, "cannot allocate memory for message");
-	    }
-	} else if(strcmp(argv[i], "--version") == 0) {
-	    print_version(NULL);
-	    exit(0);
-	} else {
-	    int j;
-	    int len = 1;
-	    for(j = i; argv[j]; j++)
-		len += strlen(argv[j]) + 1;
-	    appres.text = malloc(len);
-	    if (appres.text == NULL)
-		errx (1, "cannot allocate memory for message");
-	    appres.text[0] = 0;
-	    for(; i < j; i++){
-		strlcat(appres.text, argv[i], len);
-		strlcat(appres.text, " ", len);
-	    }
-	}
-    }
-}
-
-static void
-ScreenSaver(int save)
-{
-    static int timeout, interval, prefer_blank, allow_exp;
-    if(!appres.no_screensaver){
-	if (save) {
-	    XGetScreenSaver(dpy, &timeout, &interval, 
-			    &prefer_blank, &allow_exp);
-	    XSetScreenSaver(dpy, 0, interval, prefer_blank, allow_exp);
-	} else
-	    /* restore state */
-	    XSetScreenSaver(dpy, timeout, interval, prefer_blank, allow_exp);
-    }
-}
-
-/* Forward decls necessary */
-static void talk(int force_erase);
-static unsigned long look(void);
-
-static int
-zrefresh(void)
-{
-  switch (fork()) {
-  case -1:
-      warn ("zrefresh: fork");
-      return -1;
-  case 0:
-      /* Child */
-      execlp("zrefresh", "zrefresh", 0);
-      execl(BINDIR "/zrefresh", "zrefresh", 0);
-      return -1;
-  default:
-      /* Parent */
-      break;
-  }
-  return 0;
-}
-
-static void
-leave(void)
-{
-    XUngrabPointer(dpy, CurrentTime);
-    XUngrabKeyboard(dpy, CurrentTime);
-    ScreenSaver(0);
-    XCloseDisplay(dpy);
-    zrefresh();
-    exit(0);
-}
-
-static void
-walk(int dir)
-{
-    int incr = 0;
-    static int lastdir;
-    static int up = 1;
-    static Pixmap frame;
-
-    XSetForeground(dpy, gc, White);
-    XSetBackground(dpy, gc, Black);
-    if (dir & (LEFT|RIGHT)) { /* left/right movement (mabye up/down too) */
-	up = -up; /* bouncing effect (even if hit a wall) */
-	if (dir & LEFT) {
-	    incr = X_INCR;
-	    frame = (up < 0) ? left0 : left1;
-	} else {
-	    incr = -X_INCR;
-	    frame = (up < 0) ? right0 : right1;
-	}
-	if ((lastdir == FRONT || lastdir == DOWN) && dir & UP) {
-	    /* workaround silly bug that leaves screen dust when
-	     * guy is facing forward or down and moves up-left/right.
-	     */
-	    XCopyPlane(dpy, frame, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L);
-	    XFlush(dpy);
-	}
-	/* note that maybe neither UP nor DOWN is set! */
-	if (dir & UP && y > Y_INCR)
-	    y -= Y_INCR;
-	else if (dir & DOWN && y < (int)Height - 64)
-	    y += Y_INCR;
-    }
-    /* Explicit up/down movement only (no left/right) */
-    else if (dir == UP)
-	XCopyPlane(dpy, front, XtWindow(widget), gc,
-	    0,0, 64,64, x, y -= Y_INCR, 1L);
-    else if (dir == DOWN)
-	XCopyPlane(dpy, down, XtWindow(widget), gc,
-	    0,0, 64,64, x, y += Y_INCR, 1L);
-    else if (dir == FRONT && frame != front) {
-	if (up > 0)
-	    up = -up;
-	if (lastdir & LEFT)
-	    frame = left_front;
-	else if (lastdir & RIGHT)
-	    frame = right_front;
-	else
-	    frame = front;
-	XCopyPlane(dpy, frame, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L);
-    }
-    if (dir & LEFT)
-	while(--incr >= 0) {
-	    XCopyPlane(dpy, frame, XtWindow(widget), gc,
-		0,0, 64,64, --x, y+up, 1L);
-	    XFlush(dpy);
-	}
-    else if (dir & RIGHT)
-	while(++incr <= 0) {
-	    XCopyPlane(dpy, frame, XtWindow(widget), gc,
-		0,0, 64,64, ++x, y+up, 1L);
-	    XFlush(dpy);
-	}
-    lastdir = dir;
-}
-
-static long
-my_random (void)
-{
-#ifdef HAVE_RANDOM
-    return random();
-#else
-    return rand();
-#endif
-}
-
-static int
-think(void)
-{
-    if (my_random() & 1)
-	walk(FRONT);
-    if (my_random() & 1) {
-	words = get_words();
-	return 1;
-    }
-    return 0;
-}
-
-static void
-move(XtPointer _p, XtIntervalId *_id)
-{
-    static int length, dir;
-
-    if (!length) {
-	int tries = 0;
-	dir = 0;
-	if ((my_random() & 1) && think()) {
-	    talk(0); /* sets timeout to itself */
-	    return;
-	}
-	if (!(my_random() % 3) && (interval = look())) {
-	    timeout_id = XtAppAddTimeOut(app, interval, move, NULL);
-	    return;
-	}
-	interval = 20 + my_random() % 100;
-	do  {
-	    if (!tries)
-		length = Width/100 + my_random() % 90, tries = 8;
-	    else
-		tries--;
-	    switch (my_random() % 8) {
-		case 0:
-		    if (x - X_INCR*length >= 5)
-			dir = LEFT;
-		case 1:
-		    if (x + X_INCR*length <= (int)Width - 70)
-			dir = RIGHT;
-		case 2:
-		    if (y - (Y_INCR*length) >= 5)
-			dir = UP, interval = 40;
-		case 3:
-		    if (y + Y_INCR*length <= (int)Height - 70)
-			dir = DOWN, interval = 20;
-		case 4:
-		    if (x - X_INCR*length >= 5 && y - (Y_INCR*length) >= 5)
-			dir = (LEFT|UP);
-		case 5:
-		    if (x + X_INCR * length <= (int)Width - 70 &&
-			y-Y_INCR * length >= 5)
-			dir = (RIGHT|UP);
-		case 6:
-		    if (x - X_INCR * length >= 5 &&
-			y + Y_INCR * length <= (int)Height - 70)
-			dir = (LEFT|DOWN);
-		case 7:
-		    if (x + X_INCR*length <= (int)Width - 70 &&
-			y + Y_INCR*length <= (int)Height - 70)
-			dir = (RIGHT|DOWN);
-	    }
-	} while (!dir);
-    }
-    walk(dir);
-    --length;
-    timeout_id = XtAppAddTimeOut(app, interval, move, NULL);
-}
-
-static void
-post_prompt_box(Window window)
-{
-    int width = (Width / 3);
-    int height = font_height(font) * 6;
-    int box_x, box_y;
-
-    /* make sure the entire nose icon fits in the box */
-    if (height < 100)
-	height = 100;
-
-    if(width < 105 + font->max_bounds.width*STRING_LENGTH)
-	width = 105 + font->max_bounds.width*STRING_LENGTH;
-    box_x = (Width - width) / 2;
-    time_x = prompt_x = box_x + 105;
-
-    time_y = prompt_y = Height / 2;
-    box_y = prompt_y - 3 * font_height(font);
-
-    /* erase current guy -- text message may still exist */
-    XSetForeground(dpy, gc, Black);
-    XFillRectangle(dpy, window, gc, x, y, 64, 64);
-    talk(1); /* forcefully erase message if one is being displayed */
-    /* Clear area in middle of screen for prompt box */
-    XSetForeground(dpy, gc, White);
-    XFillRectangle(dpy, window, gc, box_x, box_y, width, height);
-
-    /* make a box that's 5 pixels thick. Then add a thin box inside it */
-    XSetForeground(dpy, gc, Black);
-    XSetLineAttributes(dpy, gc, 5, 0, 0, 0);
-    XDrawRectangle(dpy, window, gc, box_x+5, box_y+5, width-10, height-10);
-    XSetLineAttributes(dpy, gc, 0, 0, 0, 0);
-    XDrawRectangle(dpy, window, gc, box_x+12, box_y+12, width-23, height-23);
-
-    XDrawString(dpy, window, gc,
-		prompt_x, prompt_y-font_height(font), 
-		userprompt, strlen(userprompt));
-    XDrawString(dpy, window, gc, prompt_x, prompt_y, PROMPT, strlen(PROMPT));
-    /* set background for copyplane and DrawImageString; need reverse video */
-    XSetBackground(dpy, gc, White);
-    XCopyPlane(dpy, right0, window, gc, 0,0, 64,64,
-	       box_x + 20, box_y + (height - 64)/2, 1L);
-    prompt_x += XTextWidth(font, PROMPT, strlen(PROMPT));
-    time_y += 2*font_height(font);
-}
-
-static void
-RaiseWindow(Widget w, XEvent *ev, String *s, Cardinal *n)
-{
-  Widget x;
-  if(!XtIsRealized(w))
-    return;
-  x = XtParent(w);
-  XRaiseWindow(dpy, XtWindow(x));
-}
-
-
-static void
-ClearWindow(Widget w, XEvent *_event, String *_s, Cardinal *_n)
-{
-    XExposeEvent *event = (XExposeEvent *)_event;
-    if (!XtIsRealized(w))
-	return;
-    XClearArea(dpy, XtWindow(w), event->x, event->y, 
-	       event->width, event->height, False);
-    if (state == GET_PASSWD)
-	post_prompt_box(XtWindow(w));
-    if (timeout_id == 0 && event->count == 0) {
-	timeout_id = XtAppAddTimeOut(app, 1000L, move, NULL);
-	/* first grab the input focus */
-	XSetInputFocus(dpy, XtWindow(w), RevertToPointerRoot, CurrentTime);
-	/* now grab the pointer and keyboard and contrain to this window */
-	XGrabPointer(dpy, XtWindow(w), TRUE, 0, GrabModeAsync,
-	     GrabModeAsync, XtWindow(w), None, CurrentTime);
-    }
-}
-
-static void
-countdown(XtPointer _t, XtIntervalId *_d)
-{
-    int *timeout = (int *)_t;
-    char buf[128];
-    time_t seconds;
-
-    if (--(*timeout) < 0) {
-	XExposeEvent event;
-	XtRemoveTimeOut(timeout_id);
-	state = IS_MOVING;
-	event.x = event.y = 0;
-	event.width = Width, event.height = Height;
-	ClearWindow(widget, (XEvent *)&event, 0, 0);
-	timeout_id = XtAppAddTimeOut(app, 200L, move, NULL);
-	return;
-    }
-    seconds = time(0) - locked_at;
-    if (seconds >= 3600)
-      snprintf(buf, sizeof(buf),
-	       "Locked for %d:%02d:%02d    ",
-	       (int)seconds/3600, (int)seconds/60%60, (int)seconds%60);
-    else
-      snprintf(buf, sizeof(buf),
-	       "Locked for %2d:%02d    ",
-	       (int)seconds/60, (int)seconds%60);
-      
-    XDrawImageString(dpy, XtWindow(widget), gc,
-	time_x, time_y, buf, strlen(buf));
-    XtAppAddTimeOut(app, 1000L, countdown, timeout);
-    return;
-}
-
-#ifdef KRB5
-static int
-verify_krb5(const char *password)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-    
-    krb5_cc_default(context, &id);
-    ret = krb5_verify_user(context,
-			   client, 
-			   id,
-			   password, 
-			   0,
-			   NULL);
-    if (ret == 0){
-#ifdef KRB4
-	if (krb5_config_get_bool(context, NULL,
-				 "libdefaults",
-				 "krb4_get_tickets",
-				 NULL)) {
-	    CREDENTIALS c;
-	    krb5_creds mcred, cred;
-
-	    krb5_make_principal(context, &mcred.server,
-				client->realm,
-				"krbtgt",
-				client->realm,
-				NULL);
-	    ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
-	    if(ret == 0) {
-		ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c);
-		if(ret == 0) 
-		    tf_setup(&c, c.pname, c.pinst);
-		memset(&c, 0, sizeof(c));
-		krb5_free_creds_contents(context, &cred);
-	    }
-	    krb5_free_principal(context, mcred.server);
-	}
-	if (k_hasafs())
-	    krb5_afslog(context, id, NULL, NULL);
-#endif
-	return 0;
-    }
-    if (ret != KRB5KRB_AP_ERR_MODIFIED)
-	krb5_warn(context, ret, "verify_krb5");
-    
-    return -1;
-}
-#endif
-
-static int
-verify(char *password)
-{
-    int ret;
-
-    /*
-     * First try with root password, if allowed.
-     */
-    if (   appres.accept_root
-	&& strcmp(crypt(password, root_cpass), root_cpass) == 0)
-      return 0;
-
-    /*
-     * Password that log out user
-     */
-    if (getuid() != 0 &&
-	geteuid() != 0 &&
-	(time(0) - locked_at) > ALLOW_LOGOUT &&
-	strcmp(crypt(password, appres.logoutPasswd), appres.logoutPasswd) == 0)
-	    {
-		signal(SIGHUP, SIG_IGN);
-		kill(-1, SIGHUP);
-		sleep(5);
-		/* If the X-server shut down then so will we, else
-		 * continue */
-		signal(SIGHUP, SIG_DFL);
-	    }
-
-    /*
-     * Try copy of users password.
-     */
-    if (strcmp(crypt(password, user_cpass), user_cpass) == 0)
-      return 0;
-
-    /*
-     * Try to verify as user in case password change.
-     */
-    if (unix_verify_user(login, password) == 0)
-	return 0;
-
-#ifdef KRB5
-    /*
-     * Try to verify as user with kerberos 5.
-     */
-    if(verify_krb5(password) == 0)
-	return 0;
-#endif
-
-#ifdef KRB4
-    /*
-     * Try to verify as user with kerberos 4.
-     */
-    ret = krb_verify_user(name, inst, realm, password,
-			  KRB_VERIFY_NOT_SECURE, NULL);
-    if (ret == KSUCCESS){
-	if (k_hasafs())
-	    krb_afslog(NULL, NULL);
-	return 0;
-    }
-    if (ret != INTK_BADPW)
-	warnx ("warning: %s",
-	       (ret < 0) ? strerror(ret) : krb_get_err_text(ret));
-#endif
-    
-    return -1;
-}
-
-
-static void
-GetPasswd(Widget w, XEvent *_event, String *_s, Cardinal *_n)
-{
-    XKeyEvent *event = (XKeyEvent *)_event;
-    static char passwd[MAX_PASSWD_LENGTH];
-    static int cnt;
-    static int is_ctrl = XNLOCK_NOCTRL;
-    char c;
-    KeySym keysym;
-    int echolen;
-    int old_state = state;
-
-    if (event->type == ButtonPress) {
-	x = event->x, y = event->y;
-	return;
-    }
-    if (state == IS_MOVING) {
-	/* guy is running around--change to post prompt box. */
-	XtRemoveTimeOut(timeout_id);
-	state = GET_PASSWD;
-	if (appres.ignore_passwd || !strlen(user_cpass))
-	    leave();
-	post_prompt_box(XtWindow(w));
-	cnt = 0;
-	time_left = 30;
-	countdown((XtPointer)&time_left, 0);
-    }
-    if (event->type == KeyRelease) {
-      keysym = XLookupKeysym(event, 0);
-      if (keysym == XK_Control_L || keysym == XK_Control_R) {
-	is_ctrl = XNLOCK_NOCTRL;
-      }
-    }
-    if (event->type != KeyPress)
-	return;
-
-    time_left = 30;
-    
-    keysym = XLookupKeysym(event, 0);
-    if (keysym == XK_Control_L || keysym == XK_Control_R) {
-      is_ctrl = XNLOCK_CTRL;
-      return;
-    }
-    if (!XLookupString(event, &c, 1, &keysym, 0))
-	return;
-    if (keysym == XK_Return || keysym == XK_Linefeed) {
-	passwd[cnt] = 0;
-	if(old_state == IS_MOVING)
-	    return;
-	XtRemoveTimeOut(timeout_id);
-
-	if(verify(passwd) == 0)
-	    leave();
-
-	cnt = 0;
-
-	XDrawImageString(dpy, XtWindow(widget), gc,
-	    time_x, time_y, FAIL_MSG, strlen(FAIL_MSG));
-	time_left = 0;
-	timeout_id = XtAppAddTimeOut(app, 2000L, countdown, &time_left);
-	return;
-    }
-    if (keysym == XK_BackSpace || keysym == XK_Delete || keysym == XK_Left) {
-	if (cnt)
-	    passwd[cnt--] = ' ';
-    } else if (keysym == XK_u && is_ctrl == XNLOCK_CTRL) {
-      while (cnt) {
-	passwd[cnt--] = ' ';
-	echolen = min(cnt, STRING_LENGTH);
-	XDrawImageString(dpy, XtWindow(w), gc,
-		    prompt_x, prompt_y, STRING, echolen);
-	XDrawImageString(dpy, XtWindow(w), gc,
-			 prompt_x + XTextWidth(font, STRING, echolen),
-			 prompt_y, SPACE_STRING, STRING_LENGTH - echolen + 1);
-      }
-    } else if (isprint(c)) {
-	if ((cnt + 1) >= MAX_PASSWD_LENGTH)
-	    XBell(dpy, 50);
-	else
-	    passwd[cnt++] = c;
-    } else
-	return;
-    echolen = min(cnt, STRING_LENGTH);
-    XDrawImageString(dpy, XtWindow(w), gc,
-	prompt_x, prompt_y, STRING, echolen);
-    XDrawImageString(dpy, XtWindow(w), gc,
-	prompt_x + XTextWidth(font, STRING, echolen),
-	prompt_y, SPACE_STRING, STRING_LENGTH - echolen +1);
-}
-
-#include "nose.0.left"
-#include "nose.1.left"
-#include "nose.0.right"
-#include "nose.1.right"
-#include "nose.left.front"
-#include "nose.right.front"
-#include "nose.front"
-#include "nose.down"
-
-static void
-init_images(void)
-{
-    static Pixmap *images[] = {
-	&left0, &left1, &right0, &right1,
-	&left_front, &right_front, &front, &down 
-    };
-    static unsigned char *bits[] = {
-	nose_0_left_bits, nose_1_left_bits, nose_0_right_bits,
-	nose_1_right_bits, nose_left_front_bits, nose_right_front_bits,
-	nose_front_bits, nose_down_bits
-    };
-    int i;
-
-    for (i = 0; i < XtNumber(images); i++)
-	if (!(*images[i] =
-		XCreatePixmapFromBitmapData(dpy, DefaultRootWindow(dpy),
-		    (char*)(bits[i]), 64, 64, 1, 0, 1)))
-	    XtError("Can't load nose images");
-}
-
-static void
-talk(int force_erase)
-{
-    int width = 0, height, Z, total = 0;
-    static int X, Y, talking;
-    static struct { int x, y, width, height; } s_rect;
-    char *p, *p2;
-    char buf[BUFSIZ], args[MAXLINES][256];
-
-    /* clear what we've written */
-    if (talking || force_erase) {
-	if (!talking)
-	    return;
-	if (talking == 2) {
-	    XSetForeground(dpy, gc, Black);
-	    XDrawString(dpy, XtWindow(widget), gc, X, Y, words, strlen(words));
-	} else if (talking == 1) {
-	    XSetForeground(dpy, gc, Black);
-	    XFillRectangle(dpy, XtWindow(widget), gc, s_rect.x-5, s_rect.y-5,
-			   s_rect.width+10, s_rect.height+10);
-	}
-	talking = 0;
-	if (!force_erase)
-	    timeout_id = XtAppAddTimeOut(app, 40L,
-					 (XtTimerCallbackProc)move,
-					 NULL);
-	return;
-    }
-    XSetForeground(dpy, gc, White);
-    talking = 1;
-    walk(FRONT);
-    strlcpy (buf, words, sizeof(buf));
-    p = buf;
-
-    /* possibly avoid a lot of work here
-     * if no CR or only one, then just print the line
-     */
-    if (!(p2 = strchr(p, '\n')) || !p2[1]) {
-	int w;
-
-	if (p2)
-	    *p2 = 0;
-	w = XTextWidth(font, words, strlen(words));
-	X = x + 32 - w/2;
-	Y = y - 5 - font_height(font);
-	/* give us a nice 5 pixel margin */
-	if (X < 5)
-	    X = 5;
-	else if (X + w + 15 > (int)Width + 5)
-	    X = Width - w - 5;
-	if (Y < 5)
-	    Y = y + 64 + 5 + font_height(font);
-	XDrawString(dpy, XtWindow(widget), gc, X, Y, words, strlen(words));
-	timeout_id = XtAppAddTimeOut(app, 5000L, (XtTimerCallbackProc)talk, 
-				     NULL);
-	talking++;
-	return;
-    }
-
-    /* p2 now points to the first '\n' */
-    for (height = 0; p; height++) {
-	int w;
-	*p2 = 0;
-	if ((w = XTextWidth(font, p, p2 - p)) > width)
-	    width = w;
-	total += p2 - p; /* total chars; count to determine reading time */
-	strlcpy(args[height], p, sizeof(args[height]));
-	if (height == MAXLINES - 1) {
-	    puts("Message too long!");
-	    break;
-	}
-	p = p2+1;
-	if (!(p2 = strchr(p, '\n')))
-	    break;
-    }
-    height++;
-
-    /* Figure out the height and width in pixels (height, width) extend
-     * the new box by 15 pixels on the sides (30 total) top and bottom.
-     */
-    s_rect.width = width + 30;
-    s_rect.height = height * font_height(font) + 30;
-    if (x - s_rect.width - 10 < 5)
-	s_rect.x = 5;
-    else
-	if ((s_rect.x = x+32-(s_rect.width+15)/2)
-					 + s_rect.width+15 > (int)Width-5)
-	    s_rect.x = Width - 15 - s_rect.width;
-    if (y - s_rect.height - 10 < 5)
-	s_rect.y = y + 64 + 5;
-    else
-	s_rect.y = y - 5 - s_rect.height;
-
-    XSetForeground(dpy, gc, White);
-    XFillRectangle(dpy, XtWindow(widget), gc,
-       s_rect.x-5, s_rect.y-5, s_rect.width+10, s_rect.height+10);
-
-    /* make a box that's 5 pixels thick. Then add a thin box inside it */
-    XSetForeground(dpy, gc, Black);
-    XSetLineAttributes(dpy, gc, 5, 0, 0, 0);
-    XDrawRectangle(dpy, XtWindow(widget), gc,
-		   s_rect.x, s_rect.y, s_rect.width-1, s_rect.height-1);
-    XSetLineAttributes(dpy, gc, 0, 0, 0, 0);
-    XDrawRectangle(dpy, XtWindow(widget), gc,
-		   s_rect.x + 7, s_rect.y + 7, s_rect.width - 15, 
-		   s_rect.height - 15);
-
-    X = 15;
-    Y = 15 + font_height(font);
-
-    /* now print each string in reverse order (start at bottom of box) */
-    for (Z = 0; Z < height; Z++) {
-	XDrawString(dpy, XtWindow(widget), gc, s_rect.x+X, s_rect.y+Y,
-	    args[Z], strlen(args[Z]));
-	Y += font_height(font);
-    }
-    timeout_id = XtAppAddTimeOut(app, (total/15) * 1000, 
-				 (XtTimerCallbackProc)talk, NULL);
-}
-
-static unsigned long
-look(void)
-{
-    XSetForeground(dpy, gc, White);
-    XSetBackground(dpy, gc, Black);
-    if (my_random() % 3) {
-	XCopyPlane(dpy, (my_random() & 1)? down : front, XtWindow(widget), gc,
-	    0, 0, 64,64, x, y, 1L);
-	return 1000L;
-    }
-    if (!(my_random() % 5))
-	return 0;
-    if (my_random() % 3) {
-	XCopyPlane(dpy, (my_random() & 1)? left_front : right_front,
-	    XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L);
-	return 1000L;
-    }
-    if (!(my_random() % 5))
-	return 0;
-    XCopyPlane(dpy, (my_random() & 1)? left0 : right0, XtWindow(widget), gc,
-	0, 0, 64,64, x, y, 1L);
-    return 1000L;
-}
-
-int
-main (int argc, char **argv)
-{
-    int i;
-    Widget override;
-    XGCValues gcvalues;
-
-    setprogname (argv[0]);
-
-    /*
-     * Must be setuid root to read /etc/shadow, copy encrypted
-     * passwords here and then switch to sane uid.
-     */
-    {
-      struct passwd *pw;
-      uid_t uid = getuid();
-      if (!(pw = k_getpwuid(0)))
-	errx (1, "can't get root's passwd!");
-      strlcpy(root_cpass, pw->pw_passwd, sizeof(root_cpass));
-
-      if (!(pw = k_getpwuid(uid)))
-	errx (1, "Can't get your password entry!");
-      strlcpy(user_cpass, pw->pw_passwd, sizeof(user_cpass));
-      setuid(uid);
-      if (uid != 0 && setuid(0) != -1) {
-	fprintf(stderr, "Failed to drop privileges!\n");
-	exit(1);
-      }
-      /* Now we're no longer running setuid root. */
-      strlcpy(login, pw->pw_name, sizeof(login));
-    }
-
-#if defined(HAVE_SRANDOMDEV)
-    srandomdev();
-#elif defined(HAVE_RANDOM)
-    srandom(time(NULL));
-#else
-    srand (time(NULL));
-#endif
-    for (i = 0; i < STRING_LENGTH; i++)
-	STRING[i] = ((unsigned long)my_random() % ('~' - ' ')) + ' ';
-
-    locked_at = time(0);
-
-    snprintf(userprompt, sizeof(userprompt), "User: %s", login);
-#ifdef KRB4
-    krb_get_default_principal(name, inst, realm);
-    snprintf(userprompt, sizeof(userprompt), "User: %s", 
-	     krb_unparse_name_long(name, inst, realm));
-#endif
-#ifdef KRB5
-    {
-	krb5_error_code ret;
-	char *str;
-
-	ret = krb5_init_context(&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-	krb5_get_default_principal(context, &client);
-	krb5_unparse_name(context, client, &str);
-	snprintf(userprompt, sizeof(userprompt), "User: %s", str);
-	free(str);
-    }
-#endif
-
-    override = XtVaAppInitialize(&app, "XNlock", options, XtNumber(options),
-				 (Cardinal*)&argc, argv, NULL, 
-				 XtNoverrideRedirect, True, 
-				 NULL);
-    
-    XtVaGetApplicationResources(override,(XtPointer)&appres,
-				resources,XtNumber(resources),
-				NULL);
-    /* the background is black and the little guy is white */
-    Black = appres.bg;
-    White = appres.fg;
-
-    if (appres.destroytickets) {
-#ifdef KRB4
-	int fd;
-
-        dest_tkt();		/* Nuke old ticket file */
-				/* but keep a place holder */
-	fd = open (TKT_FILE, O_WRONLY | O_CREAT | O_EXCL, 0600);
-	if (fd >= 0)
-	    close (fd);
-#endif
-    }
-
-    dpy = XtDisplay(override);
-    
-    if (dpy == 0)
-      errx (1, "Error: Can't open display");
-
-    Width = DisplayWidth(dpy, DefaultScreen(dpy)) + 2;
-    Height = DisplayHeight(dpy, DefaultScreen(dpy)) + 2;
-    
-    for(i = 0; i < ScreenCount(dpy); i++){
-	Widget shell, core;
-
-	struct xxx{
-	    Pixel bg;
-	}res;
-	
-	XtResource Res[] = {
-	    { XtNbackground, XtCBackground, XtRPixel, sizeof(Pixel),
-	      XtOffsetOf(struct xxx, bg), XtRString, "black" }
-	};
-
-	if(i == DefaultScreen(dpy))
-	    continue;
-      
-	shell = XtVaAppCreateShell(NULL,NULL, applicationShellWidgetClass, dpy, 
-				   XtNscreen, ScreenOfDisplay(dpy, i), 
-				   XtNoverrideRedirect, True, 
-				   XtNx, -1, 
-				   XtNy, -1,
-				   NULL);
-      
-	XtVaGetApplicationResources(shell, (XtPointer)&res, 
-				    Res, XtNumber(Res),
-				    NULL);
-
-	core = XtVaCreateManagedWidget("_foo", widgetClass, shell,
-				       XtNwidth, DisplayWidth(dpy, i),
-				       XtNheight, DisplayHeight(dpy, i),
-				       XtNbackground, res.bg, 
-				       NULL);
-	XtRealizeWidget(shell);
-    }
-
-    widget = XtVaCreateManagedWidget("_foo", widgetClass, override,
-				     XtNwidth,	Width,
-				     XtNheight,	Height,
-				     XtNbackground, Black, 
-				     NULL);
-
-    init_words(--argc, ++argv);
-    init_images();
-
-    gcvalues.foreground = Black;
-    gcvalues.background = White;
-
-
-    font = appres.font;
-    gcvalues.font = font->fid;
-    gcvalues.graphics_exposures = False;
-    gc = XCreateGC(dpy, DefaultRootWindow(dpy),
-	GCForeground | GCBackground | GCGraphicsExposures | GCFont,
-	&gcvalues);
-
-    x = Width / 2;
-    y = Height / 2;
-    srand (time(0));
-    state = IS_MOVING;
-
-    {
-	static XtActionsRec actions[] = {
-	    { "ClearWindow",	ClearWindow  },
-	    { "GetPasswd",	GetPasswd    },
-	    { "RaiseWindow", 	RaiseWindow  },
-	};
-	XtAppAddActions(app, actions, XtNumber(actions));
-	XtOverrideTranslations(widget,
-	       XtParseTranslationTable(
-				       "<Expose>:	ClearWindow()	\n"
-				       "<BtnDown>:	GetPasswd()	\n"
-				       "<Visible>: RaiseWindow() \n"
-				       "<KeyRelease>:  GetPasswd()     \n"
-				       "<KeyPress>:	GetPasswd()"));
-    }
-
-    XtRealizeWidget(override);
-    if((i = XGrabPointer(dpy, XtWindow(widget), True, 0, GrabModeAsync,
-			 GrabModeAsync, XtWindow(widget), 
-			 None, CurrentTime)) != 0) 
-	errx(1, "Failed to grab pointer (%d)", i);
-	
-    if((i = XGrabKeyboard(dpy, XtWindow(widget), True, GrabModeAsync,
-			  GrabModeAsync, CurrentTime)) != 0)
-	errx(1, "Failed to grab keyboard (%d)", i);
-    ScreenSaver(1);
-    XtAppMainLoop(app);
-    exit(0);
-}
-
diff --git a/crypto/heimdal/appl/xnlock/xnlock.cat1 b/crypto/heimdal/appl/xnlock/xnlock.cat1
deleted file mode 100644
index d358eee405b6..000000000000
--- a/crypto/heimdal/appl/xnlock/xnlock.cat1
+++ /dev/null
@@ -1,123 +0,0 @@
-XNLOCK(1L)                                             XNLOCK(1L)
-
-
-
-NNAAMMEE
-       xnlock  -  amusing  lock  screen  program with message for
-       passers-by
-
-SSYYNNOOPPSSIISS
-       xxnnlloocckk [ _o_p_t_i_o_n_s ] [ _m_e_s_s_a_g_e ]
-
-DDEESSCCRRIIPPTTIIOONN
-       _x_n_l_o_c_k is a program that acts as a screen saver for  work-
-       stations  running  X11.   It  also "locks" the screen such
-       that the workstation can be left unattended without  worry
-       that  someone  else will walk up to it and mess everything
-       up.  When _x_n_l_o_c_k is running, a little man with a big  nose
-       and  a hat runs around spewing out messages to the screen.
-       By default, the messages are "humorous", but that  depends
-       on your sense of humor.
-
-       If  a  key or mouse button is pressed, a prompt is printed
-       requesting the user's password.  If a RETURN is not  typed
-       within  30 seconds, the little man resumes running around.
-
-       Text on the command line is  used  as  the  message.   For
-       example:
-            % xnlock I'm out to lunch for a couple of hours.
-       Note the need to quote shell metacharacters.
-
-       In  the  absence  of flags or text, _x_n_l_o_c_k displays random
-       fortunes.
-
-OOPPTTIIOONNSS
-       Command line options override all resource specifications.
-       All  arguments that are not associated with a command line
-       option is taken to be message text  that  the  little  man
-       will   "say"   every   once  in  a  while.   The  resource
-       xxnnlloocckk..tteexxtt may be set to a string.
-
-       --ffnn _f_o_n_t_n_a_m_e
-              The default font is the first 18 point font in  the
-              _n_e_w  _c_e_n_t_u_r_y _s_c_h_o_o_l_b_o_o_k family.  While larger fonts
-              are recokmmended over smaller ones, any font in the
-              server's  font list will work.  The resource to use
-              for this option is xxnnlloocckk..ffoonntt.
-
-       --ffiilleennaammee  _f_i_l_e_n_a_m_e
-              Take the message to  be  displayed  from  the  file
-              _f_i_l_e_n_a_m_e.     If   _f_i_l_e_n_a_m_e   is   not   specified,
-              _$_H_O_M_E_/_._m_s_g_f_i_l_e is used.  If  the  contents  of  the
-              file  are  changed  during runtime, the most recent
-              text of the file is used  (allowing  the  displayed
-              message  to be altered remotely).  Carriage returns
-              within the text are allowed, but tabs or other con-
-              trol  characters  are not translated and should not
-              be used.  The resource available for this option is
-              xxnnlloocckk..ffiillee.
-
-       --aarr    Accept  root's  password  to  unlock  screen.  This
-              option is true by default.  The reason for this  is
-              so  that someone's screen may be unlocked by autor-
-              ized users in case of emergency and the person run-
-              ning  the  program  is  still  out  to  lunch.  The
-              resource available for specifying  this  option  is
-              xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd.
-
-       --nnooaarr  Don't  accept  root's password.  This option is for
-              paranoids who fear their peers might breakin  using
-              root's  password  and  remove  their  files anyway.
-              Specifying this option on the  command  line  over-
-              rides the xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd if set to True.
-
-       --iipp    Ignore password prompt.  The resource available for
-              this option is xxnnlloocckk..iiggnnoorreePPaasssswwdd.
-
-       --nnooiipp  Don't ignore password prompt.  This is available in
-              order  to override the resource iiggnnoorreePPaasssswwdd if set
-              to True.
-
-       --ffgg _c_o_l_o_r
-              Specifies  the  foreground  color.   The   resource
-              available for this is xxnnlloocckk..ffoorreeggrroouunndd.
-
-       --bbgg _c_o_l_o_r
-              Specifies   the  background  color.   The  resource
-              available for this is xxnnlloocckk..bbaacckkggrroouunndd.
-
-       --rrvv    Reverse the foreground and background colors.   The
-              resource for this is xxvvnnlloocckk..rreevveerrsseeVViiddeeoo.
-
-       --nnoorrvv  Don't  use  reverse  video.   This  is available to
-              override the reverseVideo resource if set to  True.
-
-       --pprroogg _p_r_o_g_r_a_m
-              Receive  message text from the running program _p_r_o_-
-              _g_r_a_m. If there are  arguments  to  _p_r_o_g_r_a_m,  encase
-              them  with  the name of the program in quotes (e.g.
-              xnlock -t "fortune -o").  The resource for this  is
-              xxnnlloocckk..pprrooggrraamm.
-
-RREESSOOUURRCCEESS
-       xnlock.font:               fontname
-       xnlock.foreground:         color
-       xnlock.background:         color
-       xnlock.reverseVideo:       True/False
-       xnlock.text:               Some random text string
-       xnlock.program:            program [args]
-       xnlock.ignorePasswd:       True/False
-       xnlock.acceptRootPasswd:   True/False
-
-FFIILLEESS
-       _x_n_l_o_c_k               executable file
-       ~/.msgfile                 default message file
-
-AAUUTTHHOORR
-       Dan Heller <argv@sun.com>  Copyright (c) 1985, 1990.
-       The  original  version  of  this program was written using
-       pixrects on a Sun 2 running SunOS 1.1.
-
-
-
-                          19 April 1990                XNLOCK(1L)
diff --git a/crypto/heimdal/cf/ChangeLog b/crypto/heimdal/cf/ChangeLog
deleted file mode 100644
index 16787e16fc28..000000000000
--- a/crypto/heimdal/cf/ChangeLog
+++ /dev/null
@@ -1,810 +0,0 @@
-2003-05-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: change install-data-local to
-	install-data-hook
-
-2003-05-05  Assar Westerlund  <assar@kth.se>
-
-	* crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY
-
-2003-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: check if libcrypto needs -lnsl or -lsocket
-	
-2003-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* crypto.m4: in the case where se don't link with kerberos 4, use
-	${with_openssl_include} if its are set (not
-	${with_openssl}/include) same for with_openssl_lib
-	
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am.common: always define LIB_kafs
-	
-2003-03-12  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-compile-et.m4: check if the output of compile_et needs
-	initialize_error_table_r
-
-2003-02-17  Love H�rnquist �strand  <lha@it.su.se>
-
-	* check-var.m4: add a check if the variable is avaible when we
-	include the headerfiles
-
-2002-12-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard
-	Chu
-
-2002-10-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: do a better job at matching headers to libraries
-
-2002-10-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sunos.m4: more quoting
-
-2002-09-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* make-proto.pl: check the processed string for closing ), not the
-	source
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: use m4 macros for test cases, also test for older
-	hash names
-
-	* test-package.m4: include dep libraries in LIB_*
-
-	* crypto.m4: move krb4 test before test for openssl, and bail out
-	if krb4 is requested, but the crypto library is not the same as
-	krb4
-
-	* db.m4: filter contents of LDFLAGS
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* auth-modules.m4: rename to rk_AUTH_MODULES
-
-	* auth-modules.m4: only include modules explicitly asked for
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for res_nsearch
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* roken-frag.m4: check for sys/mman.h and mmap (used by
-	parse_reply-test)
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* krb-readline.m4: also add LIB_tgetent in the case of editline
-
-	* crypto.m4: define HAVE_OPENSSL even if we got to hear about it
-	by krb4
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb-readline.m4: add LIB_tgetent to LIB_readline if we have to
-
-	* sunos.m4: various sunos tests
-
-	* crypto.m4: try to extract the crypto compiler flags from
-	{INCLUDE,LIB}_krb4
-	(XXX this is really horrible)
-
-	* krb-readline.m4: don't add -rpath to LIB_readline (libtool
-	should to this for us), also don't append LIB_tgetent to
-	LIB_readline (TEST_PACKAGE should do this)
-
-	* test-package.m4: add the possibility to use a *-config program
-	to get flags; rename to rk_TEST_PACKAGE while here
-
-	* krb-bigendian.m4: move ENDIANESS_IN_SYS_PARAM_H tests here
-
-	* aix.m4: rename to rk_AIX
-
-	* telnet.m4: move telnet tests here
-
-	* aix.m4: restructure this somewhat
-
-	* dlopen.m4: test for dlopen suitable for AC_REQUIRE
-
-	* irix.m4: move some stuff here and rename to irix.m4
-
-	* krb-sys-nextstep.m4: move SGTTY stuff to read_pwd.c
-
-2002-08-28  Jacques Vidrine  <nectar@kth.se>
-
-	* auth-modules.m4: do not build pam_krb4 on freebsd
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* roken-frag.m4: test for the vis, strvis functions requiring
-	prototypes
-
-2002-08-23  Johan Danielsson  <joda@pdc.kth.se>
-
-	* need-proto.m4: missing comma
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: some rototilling
-
-	* need-proto.m4: use AS_TR_CPP
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: HAVE_TYPE instead of CHECK_TYPE ssize_t
-
-	* krb-version.m4: use PACKAGE_TARNAME and PACKAGE_STRING
-
-	* broken-getaddrinfo.m4: can't test for EAI_SERVICE here since AIX
-	is even more fsck:ed
-
-	* roken-frag.m4: test for altzone
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: only define ROKEN_RENAME if do_roken_rename
-
-2002-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: add ROKEN_RENAME variable
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* make-proto.pl: include <stdarg.h> to get va_list
-
-	* destdirs.m4: also define localstatedir and sysconfdir
-
-2002-08-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: newer openssl seems to take the address of the
-	schedule parameter to des_cbc_encrypt, so we need to feed it a
-	variable, not just NULL (from Magnus Holmberg)
-
-2002-05-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* misc.m4: change \100 back to @; some m4's (probably some regex)
-	doesn't like this as a replacement regexp; the reason it was once
-	changed to \100 was probably because of some autoconf bug at the
-	time
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* broken2.m4 []-less is apparently the way to go
-
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* otp.m4: check db_type instead of precence of dbm_firstkey
-
-	* roken-frag.m4: don't AC_LIBOBJ more than one function at a time
-
-	* find-if-not-broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/
-
-	* broken2.m4: s/AC_LIBOBJ/rk_LIBOBJ/
-
-	* broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/
-
-	* misc.m4: automake can't handle macros passed to AC_LIBOBJ, so
-	add an alias to it called rk_LIBOBJ; this requires that the
-	relevant source are manually included in roken/Makefile.am
-
-	* aix.m4: ac_enable --diable-dynamic-afs
-
-	* roken-frag.m4: use AC_LIBOBJ
-
-	* krb-func-getcwd-broken.m4: use AC_LIBOBJ
-
-	* find-if-not-broken.m4: use AC_LIBOBJ
-
-	* broken2.m4: use AC_LIBOBJ
-
-	* broken.m4: use AC_LIBOBJ
-
-	* aix.m4: recognise aix5
-	
-2002-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* crypto.m4: am-conditionalise HAVE_OPENSSL
-
-	* db.m4: make it possible to run this twice
-
-	* Makefile.am.common: also install nodist_include_HEADERS
-
-2002-05-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* make-proto.pl: make it possible to redefine the "private" regexp
-
-2002-05-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* db.m4: am_cond HAVE_*
-
-2002-04-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb-ipv6.m4: use AC_HELP_STRING; fix logic bug in AC_MSG_RESULT
-	call
-
-	* test-package.m4: use AC_HELP_STRING
-
-	* roken.m4: use AC_HELP_STRING
-
-	* osfc2.m4: use AC_HELP_STRING
-
-	* mips-abi.m4: use AC_HELP_STRING
-
-	* krb-bigendian.m4: use AC_HELP_STRING
-
-	* db.m4: rework this somewhat; check for db3/4 in subdirs, change
-	--with to --enable; it should really be possible to point it to
-	some directory --with-berkeley-db=/foo
-
-	* otp.m4: OTP test
-
-2002-04-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* destdirs.m4: define BINDIR et al
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* misc.m4: remove some stuff that is defined elsewhere
-
-	* make-proto.pl: optionally remove __P and parameter names
-
-2001-11-30  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: move ipv6 tests after -lsocket (to handle Solaris
-	8)
-
-2001-09-29  Assar Westerlund  <assar@sics.se>
-
-	* install-catman.sh: handle man pages without SYNOPSIS but looking
-	for both SYNOPSIS and DESCRIPTION
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: include freeaddrinfo if using getaddrinfo
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: test for the ndbm database really being a .db one
-	and use it when moving/removing database files
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: prefer ndbm.h to dbm.h
-	* roken-frag.m4: check for atexit and on_exit
-
-2001-09-02  Assar Westerlund  <assar@sics.se>
-
-	* check-compile-et.m4: only add /usr/include/et to CPPFLAGS if
-	it's actually used
-
-2001-09-01  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (AUTOMAKE_OPTIONS): set 1.4b here so that
-	users are warned if using earlier automake versions
-
-	* find-func-no-libs2.m4: ignore "no" as a library - another
-	special case to make it easy to send the result from this macro
-	into another invocation
-
-2001-08-30  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: check for ndbm functions in db3 library too
-
-2001-08-29  Jacques Vidrine  <n@nectar.com>
-
-	* check-compile-et.m4: Check for already-installed com_err.
-	* Makefile.am.common: Use the compile_et discovered at
-	  configuration time.
-
-2001-08-29  Assar Westerlund  <assar@sics.se>
-
-	* crypto.m4: use AC_WITH_ALL to allow separate specification of
-	include and lib
-	* with-all.m4: new macro for doing --with-foo, --with-foo-include,
-	and --with-foo-lib in a sensible way
-
-	* find-func-no-libs2.m4: handle both -llib and lib in the second
-	argument also yes -> "" as a library, to ease callers that send in
-	results from this macro (this might be a little bit unclean)
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: test for issetugid
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common: change one += to = to AM_CFLAGS to avoid an
-	error with recent automake
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* crypto.m4: SHA1_CTX should be SHA_CTX
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: remove all winsock.h
-	for now, it does more harm than good under cygwin and if it should be
-	used, the correct conditional needs to be found
-	from <tol@stacken.kth.se>
-
-2001-08-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-var.m4: AC_TR_CPP -> AS_TR_CPP to make autoconf 2.52 happy
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* krb-ipv6.m4: add test for non-existant in6addr_loopback in AIX
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for getaddrinfo's that doesn't like numeric
-	services
-
-	* broken-getaddrinfo.m4: test for getaddrinfo's that doesn't like
-	numeric services
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: do a separate test for gdbm/ndbm.h and -lgdbm
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* db.m4: ac_cv_funclib_\func can be yes
-	* db.m4: use AC_FIND_FUNC_NO_LIBS to test in libc
-	anset cache variables after first attempt at finding dbm_firstkey (how
-	should this be done?)
-	* db.m4: do not test for ndbm library when ndbm-db was found in libc
-	* db.m4: test for ndbm-compatability with db
-	* db.m4: add forgotten AC_SUBST
-	* db.m4: first steps towards a new db test
-
-	* roken-frag.m4: remove header files checked by rk_db
-
-2001-08-05  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: remove header files checked by rk_db
-
-2001-06-24  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: make sure of building getaddrinfo et al if
-	missing
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* install-catman.sh: try to install links to manpages
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* broken-glob.m4: try to handle FreeBSD's GLOB_MAXPATH
-
-2001-06-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for getaddrinfo needs netdb.h on Tru64
-
-2001-06-17  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4 (AC_CHECK_HEADERS): test for random
-	* roken-frag.m4 (AC_CHECK_HEADERS): test for initstate and
-	setstate
-
-	* roken-frag.m4 (AC_BROKEN): test for
-	emalloc,ecalloc,erealloc,estrdup
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: bswap{16,32}
-	
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* broken-glob.m4: also test for GLOB_LIMIT
-	* krb-ipv6.m4: restore CFLAGS if v6 is not detected
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: check for getprogname, setprogname
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (LIB_kdfs): set.  use it.  from Ake Sandgren
- 	<ake@cs.umu.se>
-
-2000-12-26  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: remove some dnl that weren't the correct with
-	modern autoconf
-
-2000-12-15  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4 (inet_ntoa, inet_ntop, inet_pton): add necessary
-	includes when testing
-	* broken2.m4: new variant of broken, with includes and arguments
-
-	* test-package.m4: s/ifval/m4_ifval/ to keep in sync with
- 	autoconf.  from Ake Sandgren <ake@cs.umu.se>
-	* check-var.m4: s/ifval/m4_ifval/ to keep in sync with autoconf.
-  	from Ake Sandgren <ake@cs.umu.se>
-
-2000-12-13  Assar Westerlund  <assar@sics.se>
-
-	* krb-irix.m4: need to set irix to no first.  From Ake Sandgren
-	<ake@cs.umu.se>
-
-2000-12-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: move sa_len test to before test for broken
-	getnameinfo
-
-2000-12-12  Assar Westerlund  <assar@sics.se>
-
-	* roken-frag.m4: only test for broken getnameinfo if it exists
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: ifaddrs.h
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: test for unvis, and vis.h
-
-	* roken-frag.m4: test for strvis*
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: just warn if we fail to setuid a program
-
-	* broken-getnameinfo.m4: add more quotes
-
-	* roken-frag.m4: test for getifaddrs
-
-	* roken-frag.m4: test for broken AIX getnameinfo
-
-	* broken-getnameinfo.m4: test for broken getnameinfo
-
-2000-12-01  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common: add kludge for LIBS
-
-2000-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-man.m4: update this after recent changes
-
-	* Makefile.am.common: use install-catman.sh
-
-	* install-catman.sh: script to install preformatted manual pages
-
-	* Makefile.am.common: change cat handling
-
-2000-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: don't use AC_CONFIG_FILES here, since it doesn't
-	work with automake
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* krb-readline.m4: link against the libtool-versions of
-	libeditline and libel_compat
-
-	* Makefile.am.common (INCLUDES): add $(INCLUDES_roken)
-	* roken-frag.m4 (CPPFLAGS_roken): rename to INCLUDES_roken
-
-2000-11-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* aix.m4: set aix
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* krb-bigendian.m4: merge from arla: make it work better
-
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-frag.m4: check getsockname for proto compat
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am.common: add library for pidfile
-
-	* roken-frag.m4: tests for util.h and pidfile
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-var.m4: rename to rk_CHECK_VAR, transposing the arguments,
-	and making the second optional, AU_DEFINE AC_CHECK_VAR to
-	rk_CHECK_VAR
-
-	* roken-frag.m4: other roken tests
-
-	* db.m4: db tests
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* mips-abi.m4: AC_ERROR -> AC_MSG_ERROR
-
-	* check-netinet-ip-and-tcp.m4: use cache_check, and make this work
-	with new autoconf
-
-	* aix.m4: don't subst AFS_EXTRA_LD
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-var.m4: workaround feature of newer autoconf
-
-	* find-func-no-libs2.m4: use cleaner autoheader trick
-
-	* have-type.m4: use cleaner autoheader trick
-
-	* have-types.m4: use cleaner autoheader trick
-
-	* test-package.m4: add 6th parameter for now
-
-	* broken.m4: use cleaner autoheader trick
-
-	* retsigtype.m4: test for signal handler return type
-
-	* broken-realloc.m4: test for broken realloc
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* roken.m4: set CPPFLAGS_roken and call AC_CONFIG_SUBDIRS
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (CP): set and use
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (INCLUDE_openldap, LIB_openldap): add
-
-2000-03-28  Assar Westerlund  <assar@sics.se>
-
-	* krb-prog-yacc.m4: AC_MSG_WARNING should be AC_MSG_WARN
-
-	* shared-libs.m4: try to update to freebsd5 (and elf)
-
-2000-03-16  Assar Westerlund  <assar@sics.se>
-
-	* krb-prog-yacc.m4: warn we do not find any yacc
-
-2000-01-08  Assar Westerlund  <assar@sics.se>
-
-	* krb-bigendian.m4: new file, replacement for ac_c_bigendian
-
-2000-01-01  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: re-organize: test for type of stack first so that
-	we can find the libraries that we might have to link the test
-	program against.  not linking the test program means we don't know
-	if the right stuff is in the libraries.  also cosmetic changes to
-	make sure we print the checking for... nicely
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: try linking, not only compiling
-	* krb-ipv6.m4: add --without-ipv6 make sure we have `in6addr_any'
- 	which we use in the code.  This test avoids false positives on
- 	OpenBSD
-
-1999-11-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* grok-type.m4: inttypes.h
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing
-
-1999-11-01  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install-build-headers): use `cp' instead of
- 	INSTALL_DATA for copying header files inside the build tree.  The
- 	user might have redefined INSTALL_DATA to specify owners and other
- 	information.
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* find-func-no-libs2.m4: add yet another argument to allow specify
- 	linker flags that will be added _before_ the library when trying
- 	to link
-
-	* find-func-no-libs.m4: add yet another argument to allow specify
- 	linker flags that will be added _before_ the library when trying
- 	to link
-
-1999-10-12  Assar Westerlund  <assar@sics.se>
-
-	* find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument
- 	`extra libs'
-
-	* find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra
- 	libs'
-
-1999-09-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* capabilities.m4: sgi capabilities
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* have-struct-field.m4: quote macros when undefining
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install-build-headers): add dependencies
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-	
-	* have-type.m4: try to get autoheader to co-operate
-
-	* have-type.m4: stolen from Arla
-
-	* krb-struct-sockaddr-sa-len.m4: not used any longer.  removed.
-
-1999-06-13  Assar Westerlund  <assar@sics.se>
-
-	* krb-struct-spwd.m4: consequent name of cache variables
-
-	* krb-func-getlogin.m4: new file for testing for posix (broken)
- 	getlogin
-
-	* shared-libs.m4 (freebsd[34]): don't use ld -Bshareable
-
-1999-06-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check-x.m4: extended test for X
-	
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* check-netinet-ip-and-tcp.m4: proper autoheader tricks
-
-	* check-netinet-ip-and-tcp.m4: new file for checking for
- 	netinet/{ip,tcp}.h.  These are special as they on Irix 6.5.3
-	require <standards.h> to be included in advance.
- 
-	* check-xau.m4: we also need to check for XauFilename since it's
- 	used by appl/kx.  And on Irix 6.5 that function requires linking
- 	with -lX11.
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* krb-find-db.m4: try with more header files than ndbm.h
-
-1999-04-19  Assar Westerlund  <assar@sics.se>
-
-	* test-package.m4: try to handle the case of --without-package
- 	correctly
-
-1999-04-17  Assar Westerlund  <assar@sics.se>
-
-	* make-aclocal: removed.  Not used anymore, being replaced by
-	aclocal from automake.
-
-Thu Apr 15 14:17:26 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* make-proto.pl: handle __attribute__
-
-Fri Apr  9 20:37:18 1999  Assar Westerlund  <assar@sics.se>
-
-	* shared-libs.m4: quote $@
-	(freebsd3): add install_symlink_command2
-
-Wed Apr  7 20:40:22 1999  Assar Westerlund  <assar@sics.se>
-
-	* shared-libs.m4 (hpux): no library dependencies
-
-Mon Apr  5 16:13:08 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* test-package.m4: compile and link, rather than looking for
- 	files; also export more information, so it's possible to add rpath
- 	information
-
-Tue Mar 30 13:49:54 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am.common: CFLAGS -> AM_CFLAGS
-
-Mon Mar 29 16:51:12 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* check-xau.m4: check for XauWriteAuth before checking for
- 	XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX
- 	6.5 that doesn't work with -lXau
-
-Sat Mar 27 18:03:58 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* osfc2.m4: --enable-osfc2
-
-Fri Mar 19 15:34:52 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* shared-libs.m4: move shared lib stuff here
-
-Wed Mar 24 23:24:51 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install-build-headers): simplify loop
-
-Tue Mar 23 17:31:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's
- 	posix or not
-
-Tue Mar 23 00:00:13 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am.common (install_build_headers): try to make it work
- 	better when list of headers is empty.  handle make rewriting the
- 	filenames.
-
-	* Makefile.am.common: hesoid -> hesiod
-
-Sun Mar 21 14:48:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* grok-type.m4: <bind/bitypes.h>
-
-	* Makefile.am.common: fix for automake bug/feature; add more LIB_*
-
-	* test-package.m4: fix typo
-
-	* check-man.m4: fix some typos
-
-	* auth-modules.m4: tests for authentication modules
-
-Thu Mar 18 11:02:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am.common: make install-build-headers a multi
- 	dependency target
-
-	* Makefile.am.common: remove include_dir hack
-
-	* Makefile.am.common: define LIB_kafs and LIB_gssapi
-
-	* krb-find-db.m4: subst DBLIB also
-
-	* check-xau.m4: test for Xau{Read,Write}Auth
-
-Wed Mar 10 19:29:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* wflags.m4: AC_WFLAGS
-
-Mon Mar  1 11:23:41 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* have-struct-field.m4: remove extra AC_MSG_RESULT
-
-	* proto-compat.m4: typo
-
-	* krb-func-getcwd-broken.m4: update to autoconf 2.13
-
-	* krb-find-db.m4: update to autoconf 2.13
-
-	* check-declaration.m4: typo
-
-	* have-pragma-weak.m4: update to autoconf 2.13
-
-	* have-struct-field.m4: better handling of types with spaces
-
-Mon Feb 22 20:05:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* broken-glob.m4: check for broken glob
-
-Sun Jan 31 06:50:33 1999  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: more magic for different v6 implementations.  From
- 	Jun-ichiro itojun Hagino <itojun@kame.net>
-
-Sun Nov 22 12:16:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* krb-struct-spwd.m4: new file
-
-Thu Jun  4 04:07:41 1998  Assar Westerlund  <assar@sics.se>
-
-	* find-func-no-libs2.m4: new file
-
-Fri May  1 23:31:28 1998  Assar Westerlund  <assar@sics.se>
-
-	* c-attribute.m4, c-function.m4: new files (from arla)
-
-Wed Mar 18 23:11:29 1998  Assar Westerlund  <assar@sics.se>
-
-	* krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
-
-Thu Feb 26 02:37:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* make-proto.pl: should work with perl4
-
diff --git a/crypto/heimdal/cf/Makefile.am.common b/crypto/heimdal/cf/Makefile.am.common
deleted file mode 100644
index bd7a73d6e02b..000000000000
--- a/crypto/heimdal/cf/Makefile.am.common
+++ /dev/null
@@ -1,211 +0,0 @@
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-if do_roken_rename
-ROKEN_RENAME = -DROKEN_RENAME
-endif
-
-AM_CFLAGS = $(WFLAGS)
-
-CP	= cp
-
-## set build_HEADERZ to headers that should just be installed in build tree
-
-buildinclude = $(top_builddir)/include
-
-## these aren't detected by automake
-LIB_XauReadAuth		= @LIB_XauReadAuth@
-LIB_crypt		= @LIB_crypt@
-LIB_dbm_firstkey	= @LIB_dbm_firstkey@
-LIB_dbopen		= @LIB_dbopen@
-LIB_dlopen		= @LIB_dlopen@
-LIB_dn_expand		= @LIB_dn_expand@
-LIB_el_init		= @LIB_el_init@
-LIB_getattr		= @LIB_getattr@
-LIB_gethostbyname	= @LIB_gethostbyname@
-LIB_getpwent_r		= @LIB_getpwent_r@
-LIB_getpwnam_r		= @LIB_getpwnam_r@
-LIB_getsockopt		= @LIB_getsockopt@
-LIB_logout		= @LIB_logout@
-LIB_logwtmp		= @LIB_logwtmp@
-LIB_odm_initialize	= @LIB_odm_initialize@
-LIB_openpty		= @LIB_openpty@
-LIB_pidfile		= @LIB_pidfile@
-LIB_res_search		= @LIB_res_search@
-LIB_setpcred		= @LIB_setpcred@
-LIB_setsockopt		= @LIB_setsockopt@
-LIB_socket		= @LIB_socket@
-LIB_syslog		= @LIB_syslog@
-LIB_tgetent		= @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-LEXLIB = @LEXLIB@
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-SUFFIXES += .x
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-
-SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-NROFF_MAN = groff -mandoc -Tascii
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-## MAINTAINERCLEANFILES += 
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-if KRB5
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-endif
-
-if DCE
-LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-endif
diff --git a/crypto/heimdal/cf/aix.m4 b/crypto/heimdal/cf/aix.m4
deleted file mode 100644
index 8cca23941edc..000000000000
--- a/crypto/heimdal/cf/aix.m4
+++ /dev/null
@@ -1,57 +0,0 @@
-dnl
-dnl $Id: aix.m4,v 1.9 2002/08/28 19:19:43 joda Exp $
-dnl
-
-AC_DEFUN(rk_AIX,[
-
-aix=no
-case "$host" in 
-*-*-aix3*)
-	aix=3
-	;;
-*-*-aix4*|*-*-aix5*)
-	aix=4
-	;;
-esac
-
-AM_CONDITIONAL(AIX, test "$aix" != no)dnl
-AM_CONDITIONAL(AIX4, test "$aix" = 4)
-
-
-AC_ARG_ENABLE(dynamic-afs,
-	AC_HELP_STRING([--disable-dynamic-afs],
-		[do not use loaded AFS library with AIX]))
-
-if test "$aix" != no; then
-	if test "$enable_dynamic_afs" != no; then
-		AC_REQUIRE([rk_DLOPEN])
-		if test "$ac_cv_func_dlopen" = no; then
-			AC_FIND_FUNC_NO_LIBS(loadquery, ld)
-		fi
-		if test "$ac_cv_func_dlopen" != no; then
-			AIX_EXTRA_KAFS='$(LIB_dlopen)'
-		elif test "$ac_cv_func_loadquery" != no; then
-			AIX_EXTRA_KAFS='$(LIB_loadquery)'
-		else
-			AC_MSG_NOTICE([not using dynloaded AFS library])
-			AIX_EXTRA_KAFS=
-			enable_dynamic_afs=no
-		fi
-	else
-		AIX_EXTRA_KAFS=
-	fi
-fi
-
-AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl
-AC_SUBST(AIX_EXTRA_KAFS)dnl
-
-AH_BOTTOM([#if _AIX
-#define _ALL_SOURCE
-/* XXX this is gross, but kills about a gazillion warnings */
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif])
-
-])
diff --git a/crypto/heimdal/cf/auth-modules.m4 b/crypto/heimdal/cf/auth-modules.m4
deleted file mode 100644
index 18036c2b8e0b..000000000000
--- a/crypto/heimdal/cf/auth-modules.m4
+++ /dev/null
@@ -1,45 +0,0 @@
-dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $
-dnl
-dnl Figure what authentication modules should be built
-dnl
-dnl rk_AUTH_MODULES(module-list)
-
-AC_DEFUN(rk_AUTH_MODULES,[
-AC_MSG_CHECKING([which authentication modules should be built])
-
-z='m4_ifval([$1], $1, [sia pam afskauthlib])'
-LIB_AUTH_SUBDIRS=
-for i in $z; do
-case $i in
-sia)
-if test "$ac_cv_header_siad_h" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
-fi
-;;
-pam)
-case "${host}" in
-*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
-*)		ac_cv_want_pam_krb4=yes ;;
-esac
-
-if test "$ac_cv_want_pam_krb4" = yes -a \
-    "$ac_cv_header_security_pam_modules_h" = yes -a \
-    "$enable_shared" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
-fi
-;;
-afskauthlib)
-case "${host}" in
-*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
-esac
-;;
-esac
-done
-if test "$LIB_AUTH_SUBDIRS"; then
-	AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
-else
-	AC_MSG_RESULT(none)
-fi
-
-AC_SUBST(LIB_AUTH_SUBDIRS)dnl
-])
diff --git a/crypto/heimdal/cf/broken-getaddrinfo.m4 b/crypto/heimdal/cf/broken-getaddrinfo.m4
deleted file mode 100644
index bb1c129f5f9d..000000000000
--- a/crypto/heimdal/cf/broken-getaddrinfo.m4
+++ /dev/null
@@ -1,24 +0,0 @@
-dnl $Id: broken-getaddrinfo.m4,v 1.3 2002/08/20 14:09:40 joda Exp $
-dnl
-dnl test if getaddrinfo can handle numeric services
-
-AC_DEFUN(rk_BROKEN_GETADDRINFO,[
-AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv,
-AC_TRY_RUN([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-	struct addrinfo hints, *ai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
-		return 1;
-	return 0;
-}
-]], ac_cv_func_getaddrinfo_numserv=yes, ac_cv_func_getaddrinfo_numserv=no))])
diff --git a/crypto/heimdal/cf/broken-getnameinfo.m4 b/crypto/heimdal/cf/broken-getnameinfo.m4
deleted file mode 100644
index da206c04a06e..000000000000
--- a/crypto/heimdal/cf/broken-getnameinfo.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl $Id: broken-getnameinfo.m4,v 1.2 2000/12/05 09:09:00 joda Exp $
-dnl
-dnl test for broken AIX getnameinfo
-
-AC_DEFUN(rk_BROKEN_GETNAMEINFO,[
-AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken,
-AC_TRY_RUN([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-  struct sockaddr_in sin;
-  char host[256];
-  memset(&sin, 0, sizeof(sin));
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-  sin.sin_len = sizeof(sin);
-#endif
-  sin.sin_family = AF_INET;
-  sin.sin_addr.s_addr = 0xffffffff;
-  sin.sin_port = 0;
-  return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
-	      NULL, 0, 0);
-}
-]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))])
diff --git a/crypto/heimdal/cf/broken-glob.m4 b/crypto/heimdal/cf/broken-glob.m4
deleted file mode 100644
index 1c01cdf3e131..000000000000
--- a/crypto/heimdal/cf/broken-glob.m4
+++ /dev/null
@@ -1,29 +0,0 @@
-dnl $Id: broken-glob.m4,v 1.4 2001/06/19 09:59:46 assar Exp $
-dnl
-dnl check for glob(3)
-dnl
-AC_DEFUN(AC_BROKEN_GLOB,[
-AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
-ac_cv_func_glob_working=yes
-AC_TRY_LINK([
-#include <stdio.h>
-#include <glob.h>],[
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-GLOB_MAXPATH
-#else
-GLOB_LIMIT
-#endif
-,
-NULL, NULL);
-],:,ac_cv_func_glob_working=no,:))
-
-if test "$ac_cv_func_glob_working" = yes; then
-	AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks 
-	GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
-fi
-if test "$ac_cv_func_glob_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>
-#include <glob.h>],glob)
-fi
-])
diff --git a/crypto/heimdal/cf/broken-realloc.m4 b/crypto/heimdal/cf/broken-realloc.m4
deleted file mode 100644
index 15692559b2a2..000000000000
--- a/crypto/heimdal/cf/broken-realloc.m4
+++ /dev/null
@@ -1,26 +0,0 @@
-dnl
-dnl $Id: broken-realloc.m4,v 1.1 2000/07/15 18:05:36 joda Exp $
-dnl
-dnl Test for realloc that doesn't handle NULL as first parameter
-dnl
-AC_DEFUN(rk_BROKEN_REALLOC, [
-AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [
-ac_cv_func_realloc_broken=no
-AC_TRY_RUN([
-#include <stddef.h>
-#include <stdlib.h>
-
-int main()
-{
-	return realloc(NULL, 17) == NULL;
-}
-],:, ac_cv_func_realloc_broken=yes, :)
-])
-if test "$ac_cv_func_realloc_broken" = yes ; then
-	AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.])
-fi
-AH_BOTTOM([#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif])
-])
diff --git a/crypto/heimdal/cf/broken-snprintf.m4 b/crypto/heimdal/cf/broken-snprintf.m4
deleted file mode 100644
index 4b66f97b02be..000000000000
--- a/crypto/heimdal/cf/broken-snprintf.m4
+++ /dev/null
@@ -1,54 +0,0 @@
-dnl $Id: broken-snprintf.m4,v 1.4 2001/09/01 11:56:05 assar Exp $
-dnl
-AC_DEFUN(AC_BROKEN_SNPRINTF, [
-AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
-ac_cv_func_snprintf_working=yes
-AC_TRY_RUN([
-#include <stdio.h>
-#include <string.h>
-int main()
-{
-	char foo[[3]];
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1");
-}],:,ac_cv_func_snprintf_working=no,:))
-
-if test "$ac_cv_func_snprintf_working" = yes; then
-	AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
-fi
-if test "$ac_cv_func_snprintf_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>],snprintf)
-fi
-])
-
-AC_DEFUN(AC_BROKEN_VSNPRINTF,[
-AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
-ac_cv_func_vsnprintf_working=yes
-AC_TRY_RUN([
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-int foo(int num, ...)
-{
-	char bar[[3]];
-	va_list arg;
-	va_start(arg, num);
-	vsnprintf(bar, 2, "%s", arg);
-	va_end(arg);
-	return strcmp(bar, "1");
-}
-
-
-int main()
-{
-	return foo(0, "12");
-}],:,ac_cv_func_vsnprintf_working=no,:))
-
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-	AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
-fi
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
-fi
-])
diff --git a/crypto/heimdal/cf/broken.m4 b/crypto/heimdal/cf/broken.m4
deleted file mode 100644
index 92b84dd348a7..000000000000
--- a/crypto/heimdal/cf/broken.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: broken.m4,v 1.6 2002/05/19 19:36:52 joda Exp $
-dnl
-dnl
-dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
-dnl libraries 
-
-AC_DEFUN([AC_BROKEN],
-[AC_FOREACH([rk_func], [$1],
-	[AC_CHECK_FUNC(rk_func,
-		[AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1, 
-			[Define if you have the function `]rk_func['.])],
-		[rk_LIBOBJ(rk_func)])])])
diff --git a/crypto/heimdal/cf/broken2.m4 b/crypto/heimdal/cf/broken2.m4
deleted file mode 100644
index 56ed7a110979..000000000000
--- a/crypto/heimdal/cf/broken2.m4
+++ /dev/null
@@ -1,26 +0,0 @@
-dnl $Id: broken2.m4,v 1.4 2002/05/19 22:16:46 joda Exp $
-dnl
-dnl AC_BROKEN but with more arguments
-
-dnl AC_BROKEN2(func, includes, arguments)
-AC_DEFUN([AC_BROKEN2],
-[AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_func_[]$1,
-[AC_TRY_LINK([$2],
-[
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$1) || defined (__stub___$1)
-choke me
-#else
-$1($3)
-#endif
-], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])])
-if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then
-  AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define)
-  AC_MSG_RESULT(yes)
-else
-  AC_MSG_RESULT(no)
-  rk_LIBOBJ($1)
-fi])
diff --git a/crypto/heimdal/cf/c-attribute.m4 b/crypto/heimdal/cf/c-attribute.m4
deleted file mode 100644
index 87cea037b173..000000000000
--- a/crypto/heimdal/cf/c-attribute.m4
+++ /dev/null
@@ -1,31 +0,0 @@
-dnl
-dnl $Id: c-attribute.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
-dnl
-
-dnl
-dnl Test for __attribute__
-dnl
-
-AC_DEFUN(AC_C___ATTRIBUTE__, [
-AC_MSG_CHECKING(for __attribute__)
-AC_CACHE_VAL(ac_cv___attribute__, [
-AC_TRY_COMPILE([
-#include <stdlib.h>
-],
-[
-static void foo(void) __attribute__ ((noreturn));
-
-static void
-foo(void)
-{
-  exit(1);
-}
-],
-ac_cv___attribute__=yes,
-ac_cv___attribute__=no)])
-if test "$ac_cv___attribute__" = "yes"; then
-  AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
-fi
-AC_MSG_RESULT($ac_cv___attribute__)
-])
-
diff --git a/crypto/heimdal/cf/c-function.m4 b/crypto/heimdal/cf/c-function.m4
deleted file mode 100644
index b16d5562bb0a..000000000000
--- a/crypto/heimdal/cf/c-function.m4
+++ /dev/null
@@ -1,33 +0,0 @@
-dnl
-dnl $Id: c-function.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
-dnl
-
-dnl
-dnl Test for __FUNCTION__
-dnl
-
-AC_DEFUN(AC_C___FUNCTION__, [
-AC_MSG_CHECKING(for __FUNCTION__)
-AC_CACHE_VAL(ac_cv___function__, [
-AC_TRY_RUN([
-#include <string.h>
-
-static char *foo()
-{
-  return __FUNCTION__;
-}
-
-int main()
-{
-  return strcmp(foo(), "foo") != 0;
-}
-],
-ac_cv___function__=yes,
-ac_cv___function__=no,
-ac_cv___function__=no)])
-if test "$ac_cv___function__" = "yes"; then
-  AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__])
-fi
-AC_MSG_RESULT($ac_cv___function__)
-])
-
diff --git a/crypto/heimdal/cf/capabilities.m4 b/crypto/heimdal/cf/capabilities.m4
deleted file mode 100644
index 6d2669bfe130..000000000000
--- a/crypto/heimdal/cf/capabilities.m4
+++ /dev/null
@@ -1,14 +0,0 @@
-dnl
-dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $
-dnl
-
-dnl
-dnl Test SGI capabilities
-dnl
-
-AC_DEFUN(KRB_CAPABILITIES,[
-
-AC_CHECK_HEADERS(capability.h sys/capability.h)
-
-AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
-])
diff --git a/crypto/heimdal/cf/check-compile-et.m4 b/crypto/heimdal/cf/check-compile-et.m4
deleted file mode 100644
index 096b2676e72f..000000000000
--- a/crypto/heimdal/cf/check-compile-et.m4
+++ /dev/null
@@ -1,93 +0,0 @@
-dnl $Id: check-compile-et.m4,v 1.7 2003/03/12 16:48:52 lha Exp $
-dnl
-dnl CHECK_COMPILE_ET
-AC_DEFUN([CHECK_COMPILE_ET], [
-
-AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
-
-krb_cv_compile_et="no"
-krb_cv_com_err_need_r=""
-if test "${COMPILE_ET}" = "compile_et"; then
-
-dnl We have compile_et.  Now let's see if it supports `prefix' and `index'.
-AC_MSG_CHECKING(whether compile_et has the features we need)
-cat > conftest_et.et <<'EOF'
-error_table conf
-prefix CONFTEST
-index 1
-error_code CODE1, "CODE1"
-index 128
-error_code CODE2, "CODE2"
-end
-EOF
-if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
-  dnl XXX Some systems have <et/com_err.h>.
-  save_CPPFLAGS="${save_CPPFLAGS}"
-  if test -d "/usr/include/et"; then
-    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
-  fi
-  dnl Check that the `prefix' and `index' directives were honored.
-  AC_TRY_RUN([
-#include <com_err.h>
-#include <string.h>
-#include "conftest_et.h"
-int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
-  ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"])
-fi
-AC_MSG_RESULT(${krb_cv_compile_et})
-if test "${krb_cv_compile_et}" = "yes"; then
-  AC_MSG_CHECKING(for if com_err needs to have a initialize_error_table_r)
-  save2_CPPFLAGS="$CPPFLAGS"
-  CPPFLAGS="$CPPFLAGS"
-  AC_EGREP_CPP(initialize_error_table_r,[#include "conftest_et.c"],
-     [krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);"
-      CPPFLAGS="$save2_CPPFLAGS"],
-     [CPPFLAGS="${save_CPPFLAGS}"])
-  if test X"$krb_cv_com_err_need_r" = X ; then
-    AC_MSG_RESULT(no)
-  else
-    AC_MSG_RESULT(yes)
-  fi
-fi
-rm -fr conftest*
-fi
-
-if test "${krb_cv_compile_et}" = "yes"; then
-  dnl Since compile_et seems to work, let's check libcom_err
-  krb_cv_save_LIBS="${LIBS}"
-  LIBS="${LIBS} -lcom_err"
-  AC_MSG_CHECKING(for com_err)
-  AC_TRY_LINK([#include <com_err.h>],[
-    const char *p;
-    p = error_message(0);
-    $krb_cv_com_err_need_r
-  ],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
-  AC_MSG_RESULT(${krb_cv_com_err})
-  LIBS="${krb_cv_save_LIBS}"
-else
-  dnl Since compile_et doesn't work, forget about libcom_err
-  krb_cv_com_err="no"
-fi
-
-dnl Only use the system's com_err if we found compile_et, libcom_err, and
-dnl com_err.h.
-if test "${krb_cv_com_err}" = "yes"; then
-    DIR_com_err=""
-    LIB_com_err="-lcom_err"
-    LIB_com_err_a=""
-    LIB_com_err_so=""
-    AC_MSG_NOTICE(Using the already-installed com_err)
-else
-    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    AC_MSG_NOTICE(Using our own com_err)
-fi
-AC_SUBST(DIR_com_err)
-AC_SUBST(LIB_com_err)
-AC_SUBST(LIB_com_err_a)
-AC_SUBST(LIB_com_err_so)
-
-])
diff --git a/crypto/heimdal/cf/check-declaration.m4 b/crypto/heimdal/cf/check-declaration.m4
deleted file mode 100644
index 5f584e5c38f3..000000000000
--- a/crypto/heimdal/cf/check-declaration.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
-dnl
-dnl
-dnl Check if we need the declaration of a variable
-dnl
-
-dnl AC_HAVE_DECLARATION(includes, variable)
-AC_DEFUN(AC_CHECK_DECLARATION, [
-AC_MSG_CHECKING([if $2 is properly declared])
-AC_CACHE_VAL(ac_cv_var_$2_declaration, [
-AC_TRY_COMPILE([$1
-extern struct { int foo; } $2;],
-[$2.foo = 1;],
-eval "ac_cv_var_$2_declaration=no",
-eval "ac_cv_var_$2_declaration=yes")
-])
-
-define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
-
-AC_MSG_RESULT($ac_cv_var_$2_declaration)
-if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
-	AC_DEFINE(foo, 1, [define if your system declares $2])
-fi
-undefine([foo])
-])
diff --git a/crypto/heimdal/cf/check-getpwnam_r-posix.m4 b/crypto/heimdal/cf/check-getpwnam_r-posix.m4
deleted file mode 100644
index cc75666a6daf..000000000000
--- a/crypto/heimdal/cf/check-getpwnam_r-posix.m4
+++ /dev/null
@@ -1,24 +0,0 @@
-dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
-dnl
-dnl check for getpwnam_r, and if it's posix or not
-
-AC_DEFUN(AC_CHECK_GETPWNAM_R_POSIX,[
-AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
-	ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	AC_TRY_RUN([
-#include <pwd.h>
-int main()
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:)
-LIBS="$ac_libs")
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-	AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
-fi
-fi
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/check-man.m4 b/crypto/heimdal/cf/check-man.m4
deleted file mode 100644
index adf5477f9d7e..000000000000
--- a/crypto/heimdal/cf/check-man.m4
+++ /dev/null
@@ -1,58 +0,0 @@
-dnl $Id: check-man.m4,v 1.3 2000/11/30 01:47:17 joda Exp $
-dnl check how to format manual pages
-dnl
-
-AC_DEFUN(rk_CHECK_MAN,
-[AC_PATH_PROG(NROFF, nroff)
-AC_PATH_PROG(GROFF, groff)
-AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
-[cat > conftest.1 << END
-.Dd January 1, 1970
-.Dt CONFTEST 1
-.Sh NAME
-.Nm conftest
-.Nd
-foobar
-END
-
-if test "$NROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$NROFF" $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$NROFF $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$GROFF -Tascii $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format"; then
-	ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
-fi
-])
-if test "$ac_cv_sys_man_format"; then
-	CATMAN="$ac_cv_sys_man_format"
-	AC_SUBST(CATMAN)
-fi
-AM_CONDITIONAL(CATMAN, test "$CATMAN")
-AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
-[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
-	ac_cv_sys_catman_ext=0
-else
-	ac_cv_sys_catman_ext=number
-fi
-])
-if test "$ac_cv_sys_catman_ext" = number; then
-	CATMANEXT='$$section'
-else
-	CATMANEXT=0
-fi
-AC_SUBST(CATMANEXT)
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4 b/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4
deleted file mode 100644
index 70b58f5b1a7e..000000000000
--- a/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4
+++ /dev/null
@@ -1,33 +0,0 @@
-dnl
-dnl $Id: check-netinet-ip-and-tcp.m4,v 1.3 2000/07/18 10:33:02 joda Exp $
-dnl
-
-dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
-dnl you have to include standards.h before including these files
-
-AC_DEFUN(CHECK_NETINET_IP_AND_TCP,
-[
-AC_CHECK_HEADERS(standards.h)
-for i in netinet/ip.h netinet/tcp.h; do
-
-cv=`echo "$i" | sed 'y%./+-%__p_%'`
-
-AC_CACHE_CHECK([for $i],ac_cv_header_$cv,
-[AC_TRY_CPP([\
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-#include <$i>
-],
-eval "ac_cv_header_$cv=yes",
-eval "ac_cv_header_$cv=no")])
-ac_res=`eval echo \\$ac_cv_header_$cv`
-if test "$ac_res" = yes; then
-	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-	AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
-fi
-done
-if false;then
-	AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h)
-fi
-])
diff --git a/crypto/heimdal/cf/check-type-extra.m4 b/crypto/heimdal/cf/check-type-extra.m4
deleted file mode 100644
index e6af4bd51377..000000000000
--- a/crypto/heimdal/cf/check-type-extra.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-dnl $Id: check-type-extra.m4,v 1.2 1999/03/01 09:52:23 joda Exp $
-dnl
-dnl ac_check_type + extra headers
-
-dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
-AC_DEFUN(AC_CHECK_TYPE_EXTRA,
-[AC_REQUIRE([AC_HEADER_STDC])dnl
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL(ac_cv_type_$1,
-[AC_EGREP_CPP(dnl
-changequote(<<,>>)dnl
-<<$1[^a-zA-Z_0-9]>>dnl
-changequote([,]), [#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
-AC_MSG_RESULT($ac_cv_type_$1)
-if test $ac_cv_type_$1 = no; then
-  AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
-fi
-])
diff --git a/crypto/heimdal/cf/check-var.m4 b/crypto/heimdal/cf/check-var.m4
deleted file mode 100644
index 1960f724d01a..000000000000
--- a/crypto/heimdal/cf/check-var.m4
+++ /dev/null
@@ -1,29 +0,0 @@
-dnl $Id: check-var.m4,v 1.7 2003/02/17 00:44:57 lha Exp $
-dnl
-dnl rk_CHECK_VAR(variable, includes)
-AC_DEFUN([rk_CHECK_VAR], [
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL(ac_cv_var_$1, [
-m4_ifval([$2],[
-	AC_TRY_LINK([$2
-	void * foo() { return &$1; }],
-	    [foo()],
-	    ac_cv_var_$1=yes, ac_cv_var_$1=no)])
-if test "$ac_cv_var_$1" != yes ; then
-AC_TRY_LINK([extern int $1;
-int foo() { return $1; }],
-	    [foo()],
-	    ac_cv_var_$1=yes, ac_cv_var_$1=no)
-fi
-])
-ac_foo=`eval echo \\$ac_cv_var_$1`
-AC_MSG_RESULT($ac_foo)
-if test "$ac_foo" = yes; then
-	AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, 
-		[Define if you have the `]$1[' variable.])
-	m4_ifval([$2], AC_CHECK_DECLARATION([$2],[$1]))
-fi
-])
-
-AC_WARNING_ENABLE([obsolete])
-AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
diff --git a/crypto/heimdal/cf/check-x.m4 b/crypto/heimdal/cf/check-x.m4
deleted file mode 100644
index 1791e5aaf95b..000000000000
--- a/crypto/heimdal/cf/check-x.m4
+++ /dev/null
@@ -1,52 +0,0 @@
-dnl 
-dnl See if there is any X11 present
-dnl
-dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $
-
-AC_DEFUN(KRB_CHECK_X,[
-AC_PATH_XTRA
-
-# try to figure out if we need any additional ld flags, like -R
-# and yes, the autoconf X test is utterly broken
-if test "$no_x" != yes; then
-	AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
-	ac_save_libs="$LIBS"
-	ac_save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS $X_CFLAGS"
-	krb_cv_sys_x_libs_rpath=""
-	krb_cv_sys_x_libs=""
-	for rflag in "" "-R" "-R " "-rpath "; do
-		if test "$rflag" = ""; then
-			foo="$X_LIBS"
-		else
-			foo=""
-			for flag in $X_LIBS; do
-			case $flag in
-			-L*)
-				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
-				;;
-			*)
-				foo="$foo $flag"
-				;;
-			esac
-			done
-		fi
-		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
-		AC_TRY_RUN([
-		#include <X11/Xlib.h>
-		foo()
-		{
-		XOpenDisplay(NULL);
-		}
-		main()
-		{
-		return 0;
-		}
-		], krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:)
-	done
-	LIBS="$ac_save_libs"
-	CFLAGS="$ac_save_cflags"
-	])
-	X_LIBS="$krb_cv_sys_x_libs"
-fi
-])
diff --git a/crypto/heimdal/cf/check-xau.m4 b/crypto/heimdal/cf/check-xau.m4
deleted file mode 100644
index bad2a6023be5..000000000000
--- a/crypto/heimdal/cf/check-xau.m4
+++ /dev/null
@@ -1,64 +0,0 @@
-dnl $Id: check-xau.m4,v 1.3 1999/05/14 01:17:06 assar Exp $
-dnl
-dnl check for Xau{Read,Write}Auth and XauFileName
-dnl
-AC_DEFUN(AC_CHECK_XAU,[
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-## check for XauWriteAuth first, so we detect the case where
-## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
-## could be done by checking for XauReadAuth in -lXau first, but this
-## breaks in IRIX 6.5
-
-AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau)
-ac_xxx="$LIBS"
-LIBS="$LIB_XauWriteAuth $LIBS"
-AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau)
-LIBS="$LIB_XauReadAauth $LIBS"
-AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau)
-LIBS="$ac_xxx"
-
-## set LIB_XauReadAuth to union of these tests, since this is what the
-## Makefiles are using
-case "$ac_cv_funclib_XauWriteAuth" in
-yes)	;;
-no)	;;
-*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	else
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	fi
-	;;
-esac
-
-if test "$AUTOMAKE" != ""; then
-	AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
-else
-	AC_SUBST(NEED_WRITEAUTH_TRUE)
-	AC_SUBST(NEED_WRITEAUTH_FALSE)
-	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-		NEED_WRITEAUTH_TRUE=
-		NEED_WRITEAUTH_FALSE='#'
-	else
-		NEED_WRITEAUTH_TRUE='#'
-		NEED_WRITEAUTH_FALSE=
-	fi
-fi
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-])
diff --git a/crypto/heimdal/cf/crypto.m4 b/crypto/heimdal/cf/crypto.m4
deleted file mode 100644
index c79ba4cfc73f..000000000000
--- a/crypto/heimdal/cf/crypto.m4
+++ /dev/null
@@ -1,185 +0,0 @@
-dnl $Id: crypto.m4,v 1.16.2.1 2003/05/05 20:08:32 joda Exp $
-dnl
-dnl test for crypto libraries:
-dnl - libcrypto (from openssl)
-dnl - libdes (from krb4)
-dnl - own-built libdes
-
-m4_define([test_headers], [
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#define OPENSSL_DES_LIBDES_COMPATIBILITY
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/rand.h>
-		#else
-		#include <md4.h>
-		#include <md5.h>
-		#include <sha.h>
-		#include <des.h>
-		#include <rc4.h>
-		#endif
-		#ifdef OLD_HASH_NAMES
-		typedef struct md4 MD4_CTX;
-		#define MD4_Init(C) md4_init((C))
-		#define MD4_Update(C, D, L) md4_update((C), (D), (L))
-		#define MD4_Final(D, C) md4_finito((C), (D))
-		typedef struct md5 MD5_CTX;
-		#define MD5_Init(C) md5_init((C))
-		#define MD5_Update(C, D, L) md5_update((C), (D), (L))
-		#define MD5_Final(D, C) md5_finito((C), (D))
-		typedef struct sha SHA_CTX;
-		#define SHA1_Init(C) sha_init((C))
-		#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
-		#define SHA1_Final(D, C) sha_finito((C), (D))
-		#endif
-		])
-m4_define([test_body], [
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		#endif
-
-		des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);])
-
-
-AC_DEFUN([KRB_CRYPTO],[
-crypto_lib=unknown
-AC_WITH_ALL([openssl])
-
-DIR_des=
-
-AC_MSG_CHECKING([for crypto library])
-
-openssl=no
-old_hash=no
-
-if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
-	save_CPPFLAGS="$CPPFLAGS"
-	save_LIBS="$LIBS"
-
-	cdirs= clibs=
-	for i in $LIB_krb4; do
-		case "$i" in
-		-L*) cdirs="$cdirs $i";;
-		-l*) clibs="$clibs $i";;
-		esac
-	done
-
-	ires=
-	for i in $INCLUDE_krb4; do
-		CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_TRY_LINK(test_headers, test_body,
-					openssl=yes ires="$i" lres="$j $k"; break 3)
-			done
-		done
-		CFLAGS="$i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_TRY_LINK(test_headers, test_body,
-					openssl=no ires="$i" lres="$j $k"; break 3)
-			done
-		done
-		CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				AC_TRY_LINK(test_headers, test_body,
-					openssl=no ires="$i" lres="$j $k"; break 3)
-			done
-		done
-	done
-		
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-	if test "$ires" -a "$lres"; then
-		INCLUDE_des="$ires"
-		LIB_des="$lres"
-		crypto_lib=krb4
-		AC_MSG_RESULT([same as krb4])
-		LIB_des_a='$(LIB_des)'
-		LIB_des_so='$(LIB_des)'
-		LIB_des_appl='$(LIB_des)'
-	fi
-fi
-
-if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	INCLUDE_des=
-	LIB_des=
-	if test "$with_openssl_include" != ""; then
-		INCLUDE_des="-I${with_openssl_include}"
-	fi
-	if test "$with_openssl_lib" != ""; then
-		LIB_des="-L${with_openssl_lib}"
-	fi
-	CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
-	saved_LIB_des="$LIB_des"
-	for lres in "" "-lnsl -lsocket"; do
-		LIB_des="${saved_LIB_des} -lcrypto $lres"
-		LIB_des_a="$LIB_des"
-		LIB_des_so="$LIB_des"
-		LIB_des_appl="$LIB_des"
-		LIBS="${LIBS} ${LIB_des}"
-		AC_TRY_LINK(test_headers, test_body, [
-			crypto_lib=libcrypto openssl=yes
-			AC_MSG_RESULT([libcrypto])
-		])
-		if test "$crypto_lib" = libcrypto ; then
-			break;
-		fi
-	done
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$crypto_lib" = "unknown"; then
-
-  DIR_des='des'
-  LIB_des='$(top_builddir)/lib/des/libdes.la'
-  LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a'
-  LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so'
-  LIB_des_appl="-ldes"
-
-  AC_MSG_RESULT([included libdes])
-
-fi
-
-if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
-	AC_MSG_ERROR([the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer 
-Kerberos 4 or configure --without-krb4])
-fi
-
-if test "$openssl" = "yes"; then
-  AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
-fi
-if test "$old_hash" = yes; then
-  AC_DEFINE([HAVE_OLD_HASH_NAMES], 1,
-		[define if you have hash functions like md4_finito()])
-fi
-AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
-
-AC_SUBST(DIR_des)
-AC_SUBST(INCLUDE_des)
-AC_SUBST(LIB_des)
-AC_SUBST(LIB_des_a)
-AC_SUBST(LIB_des_so)
-AC_SUBST(LIB_des_appl)
-])
diff --git a/crypto/heimdal/cf/db.m4 b/crypto/heimdal/cf/db.m4
deleted file mode 100644
index 7646bf640d80..000000000000
--- a/crypto/heimdal/cf/db.m4
+++ /dev/null
@@ -1,204 +0,0 @@
-dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $
-dnl
-dnl tests for various db libraries
-dnl
-AC_DEFUN([rk_DB],[
-AC_ARG_ENABLE(berkeley-db,
-                       AC_HELP_STRING([--disable-berkeley-db],
-                                      [if you don't want berkeley db]),[
-])
-
-have_ndbm=no
-db_type=unknown
-
-if test "$enable_berkeley_db" != no; then
-
-  AC_CHECK_HEADERS([				\
-	db4/db.h				\
-	db3/db.h				\
-	db.h					\
-	db_185.h				\
-  ])
-
-dnl db_create is used by db3 and db4
-
-  AC_FIND_FUNC_NO_LIBS(db_create, db4 db3 db, [
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-  ],[NULL, NULL, 0])
-
-  if test "$ac_cv_func_db_create" = "yes"; then
-    db_type=db3
-    if test "$ac_cv_funclib_db_create" != "yes"; then
-      DBLIB="$ac_cv_funclib_db_create"
-    else
-      DBLIB=""
-    fi
-    AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4 library])
-  else
-
-dnl dbopen is used by db1/db2
-
-    AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [
-    #include <stdio.h>
-    #if defined(HAVE_DB2_DB_H)
-    #include <db2/db.h>
-    #elif defined(HAVE_DB_185_H)
-    #include <db_185.h>
-    #elif defined(HAVE_DB_H)
-    #include <db.h>
-    #else
-    #error no db.h
-    #endif
-    ],[NULL, 0, 0, 0, NULL])
-
-    if test "$ac_cv_func_dbopen" = "yes"; then
-      db_type=db1
-      if test "$ac_cv_funclib_dbopen" != "yes"; then
-        DBLIB="$ac_cv_funclib_dbopen"
-      else
-        DBLIB=""
-      fi
-      AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library])
-    fi
-  fi
-
-dnl test for ndbm compatability
-
-  if test "$ac_cv_func_dbm_firstkey" != yes; then
-    AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-    ],[NULL])
-  
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-      AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db])
-      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
-    else
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-    fi
-  fi
-
-fi # berkeley db
-
-if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
-
-  AC_CHECK_HEADERS([				\
-	dbm.h					\
-	ndbm.h					\
-  ])
-
-  AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [
-  #include <stdio.h>
-  #if defined(HAVE_NDBM_H)
-  #include <ndbm.h>
-  #elif defined(HAVE_DBM_H)
-  #include <dbm.h>
-  #endif
-  DBM *dbm;
-  ],[NULL])
-
-  if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-    if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-      LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-    else
-      LIB_NDBM=""
-    fi
-    AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
-    have_ndbm=yes
-    if test "$db_type" = "unknown"; then
-      db_type=ndbm
-      DBLIB="$LIB_NDBM"
-    fi
-  else
-
-    $as_unset ac_cv_func_dbm_firstkey
-    $as_unset ac_cv_funclib_dbm_firstkey
-
-    AC_CHECK_HEADERS([				\
-	  gdbm/ndbm.h				\
-    ])
-
-    AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [
-    #include <stdio.h>
-    #include <gdbm/ndbm.h>
-    DBM *dbm;
-    ],[NULL])
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-	LIB_NDBM=""
-      fi
-      AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
-      have_ndbm=yes
-      if test "$db_type" = "unknown"; then
-	db_type=ndbm
-	DBLIB="$LIB_NDBM"
-      fi
-    fi
-  fi
-
-fi # unknown
-
-if test "$have_ndbm" = "yes"; then
-  AC_MSG_CHECKING([if ndbm is implemented with db])
-  AC_TRY_RUN([
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-int main()
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if (d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}],[
-    if test -f conftest.db; then
-      AC_MSG_RESULT([yes])
-      AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
-    else
-      AC_MSG_RESULT([no])
-    fi],[AC_MSG_RESULT([no])])
-fi
-
-AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
-AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
-AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
-
-## it's probably not correct to include LDFLAGS here, but we might
-## need it, for now just add any possible -L
-z=""
-for i in $LDFLAGS; do
-	case "$i" in
-	-L*) z="$z $i";;
-	esac
-done
-DBLIB="$z $DBLIB"
-AC_SUBST(DBLIB)dnl
-AC_SUBST(LIB_NDBM)dnl
-])
diff --git a/crypto/heimdal/cf/destdirs.m4 b/crypto/heimdal/cf/destdirs.m4
deleted file mode 100644
index 0d56e9cc41dc..000000000000
--- a/crypto/heimdal/cf/destdirs.m4
+++ /dev/null
@@ -1,18 +0,0 @@
-dnl
-dnl $Id: destdirs.m4,v 1.2 2002/08/12 15:12:50 joda Exp $
-dnl
-
-AC_DEFUN([rk_DESTDIRS], [
-# This is done by AC_OUTPUT but we need the result here.
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [
-	x="${rk_dir[]dir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-	AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])])
-])
diff --git a/crypto/heimdal/cf/dlopen.m4 b/crypto/heimdal/cf/dlopen.m4
deleted file mode 100644
index 322f8b9e93fb..000000000000
--- a/crypto/heimdal/cf/dlopen.m4
+++ /dev/null
@@ -1,8 +0,0 @@
-dnl
-dnl $Id: dlopen.m4,v 1.1 2002/08/28 16:32:16 joda Exp $
-dnl
-
-AC_DEFUN([rk_DLOPEN], [
-	AC_FIND_FUNC_NO_LIBS(dlopen, dl)
-	AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no)
-])
diff --git a/crypto/heimdal/cf/find-func-no-libs.m4 b/crypto/heimdal/cf/find-func-no-libs.m4
deleted file mode 100644
index 3deab02b9d9d..000000000000
--- a/crypto/heimdal/cf/find-func-no-libs.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $
-dnl
-dnl
-dnl Look for function in any of the specified libraries
-dnl
-
-dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
-AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
-AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
diff --git a/crypto/heimdal/cf/find-func-no-libs2.m4 b/crypto/heimdal/cf/find-func-no-libs2.m4
deleted file mode 100644
index 45e3f13a5a35..000000000000
--- a/crypto/heimdal/cf/find-func-no-libs2.m4
+++ /dev/null
@@ -1,63 +0,0 @@
-dnl $Id: find-func-no-libs2.m4,v 1.6 2001/09/01 10:57:32 assar Exp $
-dnl
-dnl
-dnl Look for function in any of the specified libraries
-dnl
-
-dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
-AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
-
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_funclib_$1,
-[
-if eval "test \"\$ac_cv_func_$1\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in $2; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS="$6 $ac_lib $5 $ac_save_LIBS"
-		AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
-	done
-	eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
-	LIBS="$ac_save_LIBS"
-fi
-])
-
-eval "ac_res=\$ac_cv_funclib_$1"
-
-if false; then
-	AC_CHECK_FUNCS($1)
-dnl	AC_CHECK_LIBS($2, foo)
-fi
-# $1
-eval "ac_tr_func=HAVE_[]upcase($1)"
-eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
-eval "LIB_$1=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_$1=yes"
-	eval "LIB_$1="
-	AC_DEFINE_UNQUOTED($ac_tr_func)
-	AC_MSG_RESULT([yes])
-	;;
-	no)
-	eval "ac_cv_func_$1=no"
-	eval "LIB_$1="
-	AC_MSG_RESULT([no])
-	;;
-	*)
-	eval "ac_cv_func_$1=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	AC_DEFINE_UNQUOTED($ac_tr_func)
-	AC_DEFINE_UNQUOTED($ac_tr_lib)
-	AC_MSG_RESULT([yes, in $ac_res])
-	;;
-esac
-AC_SUBST(LIB_$1)
-])
diff --git a/crypto/heimdal/cf/find-func.m4 b/crypto/heimdal/cf/find-func.m4
deleted file mode 100644
index bb2b3ac70966..000000000000
--- a/crypto/heimdal/cf/find-func.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id: find-func.m4,v 1.1 1997/12/14 15:58:58 joda Exp $
-dnl
-dnl AC_FIND_FUNC(func, libraries, includes, arguments)
-AC_DEFUN(AC_FIND_FUNC, [
-AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
-if test -n "$LIB_$1"; then
-	LIBS="$LIB_$1 $LIBS"
-fi
-])
diff --git a/crypto/heimdal/cf/find-if-not-broken.m4 b/crypto/heimdal/cf/find-if-not-broken.m4
deleted file mode 100644
index 88d4fc0ba2db..000000000000
--- a/crypto/heimdal/cf/find-if-not-broken.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: find-if-not-broken.m4,v 1.4 2002/05/19 19:37:08 joda Exp $
-dnl
-dnl
-dnl Mix between AC_FIND_FUNC and AC_BROKEN
-dnl
-
-AC_DEFUN(AC_FIND_IF_NOT_BROKEN,
-[AC_FIND_FUNC([$1], [$2], [$3], [$4])
-if eval "test \"$ac_cv_func_$1\" != yes"; then 
-	rk_LIBOBJ([$1])
-fi
-])
diff --git a/crypto/heimdal/cf/grok-type.m4 b/crypto/heimdal/cf/grok-type.m4
deleted file mode 100644
index 5bc6a66241fb..000000000000
--- a/crypto/heimdal/cf/grok-type.m4
+++ /dev/null
@@ -1,38 +0,0 @@
-dnl $Id: grok-type.m4,v 1.4 1999/11/29 11:16:48 joda Exp $
-dnl
-AC_DEFUN(AC_GROK_TYPE, [
-AC_CACHE_VAL(ac_cv_type_$1, 
-AC_TRY_COMPILE([
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-],
-$i x;
-,
-eval ac_cv_type_$1=yes,
-eval ac_cv_type_$1=no))])
-
-AC_DEFUN(AC_GROK_TYPES, [
-for i in $1; do
-	AC_MSG_CHECKING(for $i)
-	AC_GROK_TYPE($i)
-	eval ac_res=\$ac_cv_type_$i
-	if test "$ac_res" = yes; then
-		type=HAVE_[]upcase($i)
-		AC_DEFINE_UNQUOTED($type)
-	fi
-	AC_MSG_RESULT($ac_res)
-done
-])
diff --git a/crypto/heimdal/cf/have-pragma-weak.m4 b/crypto/heimdal/cf/have-pragma-weak.m4
deleted file mode 100644
index 330e6012c8f2..000000000000
--- a/crypto/heimdal/cf/have-pragma-weak.m4
+++ /dev/null
@@ -1,37 +0,0 @@
-dnl $Id: have-pragma-weak.m4,v 1.3 1999/03/01 11:55:25 joda Exp $
-dnl
-AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [
-if test "${enable_shared}" = "yes"; then
-AC_MSG_CHECKING(for pragma weak)
-AC_CACHE_VAL(ac_have_pragma_weak, [
-ac_have_pragma_weak=no
-cat > conftest_foo.$ac_ext <<'EOF'
-[#]line __oline__ "configure"
-#include "confdefs.h"
-#pragma weak foo = _foo
-int _foo = 17;
-EOF
-cat > conftest_bar.$ac_ext <<'EOF'
-[#]line __oline__ "configure"
-#include "confdefs.h"
-extern int foo;
-
-int t() {
-  return foo;
-}
-
-int main() {
-  return t();
-}
-EOF
-if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
-ac_have_pragma_weak=yes
-fi
-rm -rf conftest*
-])
-if test "$ac_have_pragma_weak" = "yes"; then
-	AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl
-fi
-AC_MSG_RESULT($ac_have_pragma_weak)
-fi
-])
diff --git a/crypto/heimdal/cf/have-struct-field.m4 b/crypto/heimdal/cf/have-struct-field.m4
deleted file mode 100644
index 88ad5c3b29ab..000000000000
--- a/crypto/heimdal/cf/have-struct-field.m4
+++ /dev/null
@@ -1,19 +0,0 @@
-dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $
-dnl
-dnl check for fields in a structure
-dnl
-dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
-
-AC_DEFUN(AC_HAVE_STRUCT_FIELD, [
-define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
-AC_CACHE_CHECK([for $2 in $1], cache_val,[
-AC_TRY_COMPILE([$3],[$1 x; x.$2;],
-cache_val=yes,
-cache_val=no)])
-if test "$cache_val" = yes; then
-	define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
-	AC_DEFINE(foo, 1, [Define if $1 has field $2.])
-	undefine([foo])
-fi
-undefine([cache_val])
-])
diff --git a/crypto/heimdal/cf/have-type.m4 b/crypto/heimdal/cf/have-type.m4
deleted file mode 100644
index 4b79e1e91632..000000000000
--- a/crypto/heimdal/cf/have-type.m4
+++ /dev/null
@@ -1,30 +0,0 @@
-dnl $Id: have-type.m4,v 1.6 2000/07/15 18:10:00 joda Exp $
-dnl
-dnl check for existance of a type
-
-dnl AC_HAVE_TYPE(TYPE,INCLUDES)
-AC_DEFUN(AC_HAVE_TYPE, [
-AC_REQUIRE([AC_HEADER_STDC])
-cv=`echo "$1" | sed 'y%./+- %__p__%'`
-AC_MSG_CHECKING(for $1)
-AC_CACHE_VAL([ac_cv_type_$cv],
-AC_TRY_COMPILE(
-[#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-$2],
-[$1 foo;],
-eval "ac_cv_type_$cv=yes",
-eval "ac_cv_type_$cv=no"))dnl
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-AC_MSG_RESULT($ac_foo)
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	AC_CHECK_TYPES($1)
-fi
-  AC_DEFINE_UNQUOTED($ac_tr_hdr, 1, [Define if you have type `$1'])
-fi
-])
diff --git a/crypto/heimdal/cf/have-types.m4 b/crypto/heimdal/cf/have-types.m4
deleted file mode 100644
index b968d4b072e9..000000000000
--- a/crypto/heimdal/cf/have-types.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl
-dnl $Id: have-types.m4,v 1.2 2000/07/15 18:09:16 joda Exp $
-dnl
-
-AC_DEFUN(AC_HAVE_TYPES, [
-for i in $1; do
-        AC_HAVE_TYPE($i)
-done
-if false;then
-	AC_CHECK_FUNCS($1)
-fi
-])
diff --git a/crypto/heimdal/cf/install-catman.sh b/crypto/heimdal/cf/install-catman.sh
deleted file mode 100755
index 4a5aa8ef77c7..000000000000
--- a/crypto/heimdal/cf/install-catman.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/sh
-#
-# $Id: install-catman.sh,v 1.3 2001/09/29 16:05:38 assar Exp $
-#
-# install preformatted manual pages
-
-INSTALL_DATA="$1"; shift
-mkinstalldirs="$1"; shift
-srcdir="$1"; shift
-manbase="$1"; shift
-suffix="$1"; shift
-
-for f in "$@"; do
-	base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
-	section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'`
-	mandir="$manbase/man$section"
-	catdir="$manbase/cat$section"
-	c="$base.cat$section"
-
-	if test -f "$srcdir/$c"; then
-		if test \! -d "$catdir"; then
-			eval "$mkinstalldirs $catdir"
-		fi
-		eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
-		eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
-	fi
-	for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do
-		if [ "$link" != "$base" ]; then
-			target="$mandir/$link.$section"
-			for cmd in "ln -f $mandir/$base.$section $target" \
-				   "ln -s $base.$section $target" \
-				   "cp -f $mandir/$base.$section $target"
-			do
-				if eval "$cmd"; then
-					eval echo "$cmd"
-					break
-				fi
-			done
-			if test -f "$srcdir/$c"; then
-				target="$catdir/$link.$suffix"
-				for cmd in "ln -f $catdir/$base.$suffix $target" \
-					   "ln -fs $base.$suffix $target" \
-					   "cp -f $catdir/$base.$suffix $target"
-				do
-					if eval "$cmd"; then
-						eval echo "$cmd"
-						break
-					fi
-				done
-			fi
-		fi
-	done
-done
diff --git a/crypto/heimdal/cf/irix.m4 b/crypto/heimdal/cf/irix.m4
deleted file mode 100644
index b62e2c319272..000000000000
--- a/crypto/heimdal/cf/irix.m4
+++ /dev/null
@@ -1,26 +0,0 @@
-dnl
-dnl $Id: irix.m4,v 1.1 2002/08/28 19:11:44 joda Exp $
-dnl
-
-AC_DEFUN([rk_IRIX],
-[
-irix=no
-case "$host" in
-*-*-irix4*) 
-	AC_DEFINE([IRIX4], 1,
-		[Define if you are running IRIX 4.])
-	irix=yes
-	;;
-*-*-irix*) 
-	irix=yes
-	;;
-esac
-AM_CONDITIONAL(IRIX, test "$irix" != no)dnl
-
-AH_BOTTOM([
-/* IRIX 4 braindamage */
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
-])
-])
diff --git a/crypto/heimdal/cf/krb-bigendian.m4 b/crypto/heimdal/cf/krb-bigendian.m4
deleted file mode 100644
index 4aa73d277a6f..000000000000
--- a/crypto/heimdal/cf/krb-bigendian.m4
+++ /dev/null
@@ -1,62 +0,0 @@
-dnl
-dnl $Id: krb-bigendian.m4,v 1.8 2002/08/28 19:20:19 joda Exp $
-dnl
-
-dnl check if this computer is little or big-endian
-dnl if we can figure it out at compile-time then don't define the cpp symbol
-dnl otherwise test for it and define it.  also allow options for overriding
-dnl it when cross-compiling
-
-AC_DEFUN(KRB_C_BIGENDIAN, [
-AC_ARG_ENABLE(bigendian,
-	AC_HELP_STRING([--enable-bigendian],[the target is big endian]),
-krb_cv_c_bigendian=yes)
-AC_ARG_ENABLE(littleendian,
-	AC_HELP_STRING([--enable-littleendian],[the target is little endian]),
-krb_cv_c_bigendian=no)
-AC_CACHE_CHECK(whether byte order is known at compile time,
-krb_cv_c_bigendian_compile,
-[AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/param.h>],[
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif], krb_cv_c_bigendian_compile=yes, krb_cv_c_bigendian_compile=no)])
-AC_CACHE_CHECK(whether byte ordering is bigendian, krb_cv_c_bigendian,[
-  if test "$krb_cv_c_bigendian_compile" = "yes"; then
-    AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/param.h>],[
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif], krb_cv_c_bigendian=yes, krb_cv_c_bigendian=no)
-  else
-    AC_TRY_RUN([main () {
-      /* Are we little or big endian?  From Harbison&Steele.  */
-      union
-      {
-	long l;
-	char c[sizeof (long)];
-    } u;
-    u.l = 1;
-    exit (u.c[sizeof (long) - 1] == 1);
-  }], krb_cv_c_bigendian=no, krb_cv_c_bigendian=yes,
-  AC_MSG_ERROR([specify either --enable-bigendian or --enable-littleendian]))
-  fi
-])
-if test "$krb_cv_c_bigendian" = "yes"; then
-  AC_DEFINE(WORDS_BIGENDIAN, 1, [define if target is big endian])dnl
-fi
-if test "$krb_cv_c_bigendian_compile" = "yes"; then
-  AC_DEFINE(ENDIANESS_IN_SYS_PARAM_H, 1, [define if sys/param.h defines the endiness])dnl
-fi
-AH_BOTTOM([
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-])
-])
diff --git a/crypto/heimdal/cf/krb-find-db.m4 b/crypto/heimdal/cf/krb-find-db.m4
deleted file mode 100644
index 5d38f2e2a718..000000000000
--- a/crypto/heimdal/cf/krb-find-db.m4
+++ /dev/null
@@ -1,100 +0,0 @@
-dnl $Id: krb-find-db.m4,v 1.6 2000/08/16 03:58:51 assar Exp $
-dnl
-dnl find a suitable database library
-dnl
-dnl AC_FIND_DB(libraries)
-AC_DEFUN(KRB_FIND_DB, [
-
-lib_dbm=no
-lib_db=no
-
-for i in $1; do
-
-	if test "$i"; then
-		m="lib$i"
-		l="-l$i"
-	else
-		m="libc"
-		l=""
-	fi	
-
-	AC_MSG_CHECKING(for dbm_open in $m)
-	AC_CACHE_VAL(ac_cv_krb_dbm_open_$m, [
-
-	save_LIBS="$LIBS"
-	LIBS="$l $LIBS"
-	AC_TRY_RUN([
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#elif defined(HAVE_RPCSVC_DBM_H)
-#include <rpcsvc/dbm.h>
-#elif defined(HAVE_DB_H)
-#define DB_DBM_HSEARCH 1
-#include <db.h>
-#endif
-int main()
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if(d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}], [
-	if test -f conftest.db; then
-		ac_res=db
-	else
-		ac_res=dbm
-	fi], ac_res=no, ac_res=no)
-
-	LIBS="$save_LIBS"
-
-	eval ac_cv_krb_dbm_open_$m=$ac_res])
-	eval ac_res=\$ac_cv_krb_dbm_open_$m
-	AC_MSG_RESULT($ac_res)
-
-	if test "$lib_dbm" = no -a $ac_res = dbm; then
-		lib_dbm="$l"
-	elif test "$lib_db" = no -a $ac_res = db; then
-		lib_db="$l"
-		break
-	fi
-done
-
-AC_MSG_CHECKING(for NDBM library)
-ac_ndbm=no
-if test "$lib_db" != no; then
-	LIB_DBM="$lib_db"
-	ac_ndbm=yes
-	AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files ending in .db).])
-	if test "$LIB_DBM"; then
-		ac_res="yes, $LIB_DBM"
-	else
-		ac_res=yes
-	fi
-elif test "$lib_dbm" != no; then
-	LIB_DBM="$lib_dbm"
-	ac_ndbm=yes
-	if test "$LIB_DBM"; then
-		ac_res="yes, $LIB_DBM"
-	else
-		ac_res=yes
-	fi
-else
-	LIB_DBM=""
-	ac_res=no
-fi
-test "$ac_ndbm" = yes && AC_DEFINE(NDBM, 1, [Define if you have NDBM (and not DBM)])dnl
-AC_SUBST(LIB_DBM)
-DBLIB="$LIB_DBM"
-AC_SUBST(DBLIB)
-AC_MSG_RESULT($ac_res)
-
-])
diff --git a/crypto/heimdal/cf/krb-func-getcwd-broken.m4 b/crypto/heimdal/cf/krb-func-getcwd-broken.m4
deleted file mode 100644
index 3f0803048458..000000000000
--- a/crypto/heimdal/cf/krb-func-getcwd-broken.m4
+++ /dev/null
@@ -1,41 +0,0 @@
-dnl $Id: krb-func-getcwd-broken.m4,v 1.3 2002/05/19 19:17:35 joda Exp $
-dnl
-dnl
-dnl test for broken getcwd in (SunOS braindamage)
-dnl
-
-AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
-if test "$ac_cv_func_getcwd" = yes; then
-AC_MSG_CHECKING(if getcwd is broken)
-AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
-ac_cv_func_getcwd_broken=no
-
-AC_TRY_RUN([
-#include <errno.h>
-char *getcwd(char*, int);
-
-void *popen(char *cmd, char *mode)
-{
-	errno = ENOTTY;
-	return 0;
-}
-
-int main()
-{
-	char *ret;
-	ret = getcwd(0, 1024);
-	if(ret == 0 && errno == ENOTTY)
-		return 0;
-	return 1;
-}
-], ac_cv_func_getcwd_broken=yes,:,:)
-])
-if test "$ac_cv_func_getcwd_broken" = yes; then
-	AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
-	AC_LIBOBJ(getcwd)
-	AC_MSG_RESULT($ac_cv_func_getcwd_broken)
-else
-	AC_MSG_RESULT([seems ok])
-fi
-fi
-])
diff --git a/crypto/heimdal/cf/krb-func-getlogin.m4 b/crypto/heimdal/cf/krb-func-getlogin.m4
deleted file mode 100644
index 921c5ab8dff0..000000000000
--- a/crypto/heimdal/cf/krb-func-getlogin.m4
+++ /dev/null
@@ -1,22 +0,0 @@
-dnl
-dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $
-dnl
-dnl test for POSIX (broken) getlogin
-dnl
-
-
-AC_DEFUN(AC_FUNC_GETLOGIN, [
-AC_CHECK_FUNCS(getlogin setlogin)
-if test "$ac_cv_func_getlogin" = yes; then
-AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
-if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
-	ac_cv_func_getlogin_posix=no
-else
-	ac_cv_func_getlogin_posix=yes
-fi
-])
-if test "$ac_cv_func_getlogin_posix" = yes; then
-	AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
-fi
-fi
-])
diff --git a/crypto/heimdal/cf/krb-ipv6.m4 b/crypto/heimdal/cf/krb-ipv6.m4
deleted file mode 100644
index ba66be7ba6e5..000000000000
--- a/crypto/heimdal/cf/krb-ipv6.m4
+++ /dev/null
@@ -1,149 +0,0 @@
-dnl $Id: krb-ipv6.m4,v 1.13 2002/04/30 16:48:13 joda Exp $
-dnl
-dnl test for IPv6
-dnl
-AC_DEFUN(AC_KRB_IPV6, [
-AC_ARG_WITH(ipv6,
-	AC_HELP_STRING([--without-ipv6],[do not enable IPv6 support]),[
-if test "$withval" = "no"; then
-	ac_cv_lib_ipv6=no
-fi])
-save_CFLAGS="${CFLAGS}"
-AC_CACHE_CHECK([for IPv6 stack type], v6type,
-[dnl check for different v6 implementations (by itojun)
-v6type=unknown
-v6lib=none
-
-for i in v6d toshiba kame inria zeta linux; do
-	case $i in
-	v6d)
-		AC_EGREP_CPP(yes, [
-#include </usr/local/v6/include/sys/types.h>
-#ifdef __V6D__
-yes
-#endif],
-			[v6type=$i; v6lib=v6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-I/usr/local/v6/include $CFLAGS"])
-		;;
-	toshiba)
-		AC_EGREP_CPP(yes, [
-#include <sys/param.h>
-#ifdef _TOSHIBA_INET6
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	kame)
-		AC_EGREP_CPP(yes, [
-#include <netinet/in.h>
-#ifdef __KAME__
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	inria)
-		AC_EGREP_CPP(yes, [
-#include <netinet/in.h>
-#ifdef IPV6_INRIA_VERSION
-yes
-#endif],
-			[v6type=$i; CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	zeta)
-		AC_EGREP_CPP(yes, [
-#include <sys/param.h>
-#ifdef _ZETA_MINAMI_INET6
-yes
-#endif],
-			[v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"])
-		;;
-	linux)
-		if test -d /usr/inet6; then
-			v6type=$i
-			v6lib=inet6
-			v6libdir=/usr/inet6
-			CFLAGS="-DINET6 $CFLAGS"
-		fi
-		;;
-	esac
-	if test "$v6type" != "unknown"; then
-		break
-	fi
-done
-
-if test "$v6lib" != "none"; then
-	for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
-		if test -d $dir -a -f $dir/lib$v6lib.a; then
-			LIBS="-L$dir -l$v6lib $LIBS"
-			break
-		fi
-	done
-fi
-])
-
-AC_CACHE_CHECK([for IPv6], ac_cv_lib_ipv6, [
-AC_TRY_LINK([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-],
-[
- struct sockaddr_in6 sin6;
- int s;
-
- s = socket(AF_INET6, SOCK_DGRAM, 0);
-
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(17);
- sin6.sin6_addr = in6addr_any;
- bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
-],
-ac_cv_lib_ipv6=yes,
-ac_cv_lib_ipv6=no)])
-if test "$ac_cv_lib_ipv6" = yes; then
-  AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
-else
-  CFLAGS="${save_CFLAGS}"
-fi
-
-## test for AIX missing in6addr_loopback
-if test "$ac_cv_lib_ipv6" = yes; then
-	AC_CACHE_CHECK([for in6addr_loopback],[ac_cv_var_in6addr_loopback],[
-	AC_TRY_LINK([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif],[
-struct sockaddr_in6 sin6;
-sin6.sin6_addr = in6addr_loopback;
-],ac_cv_var_in6addr_loopback=yes,ac_cv_var_in6addr_loopback=no)])
-	if test "$ac_cv_var_in6addr_loopback" = yes; then
-		AC_DEFINE(HAVE_IN6ADDR_LOOPBACK, 1, 
-			[Define if you have the in6addr_loopback variable])
-	fi
-fi
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/krb-irix.m4 b/crypto/heimdal/cf/krb-irix.m4
deleted file mode 100644
index cdde69c147b0..000000000000
--- a/crypto/heimdal/cf/krb-irix.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl
-dnl $Id: krb-irix.m4,v 1.2 2000/12/13 12:48:45 assar Exp $
-dnl
-
-dnl requires AC_CANONICAL_HOST
-AC_DEFUN(KRB_IRIX,[
-irix=no
-case "$host_os" in
-irix*) irix=yes ;;
-esac
-AM_CONDITIONAL(IRIX, test "$irix" != no)dnl
-])
diff --git a/crypto/heimdal/cf/krb-prog-ln-s.m4 b/crypto/heimdal/cf/krb-prog-ln-s.m4
deleted file mode 100644
index efb706ec2a68..000000000000
--- a/crypto/heimdal/cf/krb-prog-ln-s.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl $Id: krb-prog-ln-s.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
-dnl
-dnl
-dnl Better test for ln -s, ln or cp
-dnl
-
-AC_DEFUN(AC_KRB_PROG_LN_S,
-[AC_MSG_CHECKING(for ln -s or something else)
-AC_CACHE_VAL(ac_cv_prog_LN_S,
-[rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi])dnl
-LN_S="$ac_cv_prog_LN_S"
-AC_MSG_RESULT($ac_cv_prog_LN_S)
-AC_SUBST(LN_S)dnl
-])
-
diff --git a/crypto/heimdal/cf/krb-prog-ranlib.m4 b/crypto/heimdal/cf/krb-prog-ranlib.m4
deleted file mode 100644
index fd1d3db2b9d7..000000000000
--- a/crypto/heimdal/cf/krb-prog-ranlib.m4
+++ /dev/null
@@ -1,8 +0,0 @@
-dnl $Id: krb-prog-ranlib.m4,v 1.1 1997/12/14 15:59:01 joda Exp $
-dnl
-dnl
-dnl Also look for EMXOMF for OS/2
-dnl
-
-AC_DEFUN(AC_KRB_PROG_RANLIB,
-[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
diff --git a/crypto/heimdal/cf/krb-prog-yacc.m4 b/crypto/heimdal/cf/krb-prog-yacc.m4
deleted file mode 100644
index f0b6e449f986..000000000000
--- a/crypto/heimdal/cf/krb-prog-yacc.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-dnl $Id: krb-prog-yacc.m4,v 1.3 2000/03/28 12:12:23 assar Exp $
-dnl
-dnl
-dnl We prefer byacc or yacc because they do not use `alloca'
-dnl
-
-AC_DEFUN(AC_KRB_PROG_YACC,
-[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')
-if test "$YACC" = ""; then
-  AC_MSG_WARN([yacc not found - some stuff will not build])
-fi
-])
diff --git a/crypto/heimdal/cf/krb-readline.m4 b/crypto/heimdal/cf/krb-readline.m4
deleted file mode 100644
index 656a0885fd6f..000000000000
--- a/crypto/heimdal/cf/krb-readline.m4
+++ /dev/null
@@ -1,39 +0,0 @@
-dnl $Id: krb-readline.m4,v 1.5 2002/08/29 02:22:32 assar Exp $
-dnl
-dnl Tests for readline functions
-dnl
-
-dnl el_init
-
-AC_DEFUN(KRB_READLINE,[
-AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
-if test "$ac_cv_func_el_init" = yes ; then
-	AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
-		AC_TRY_COMPILE([#include <stdio.h>
-			#include <histedit.h>],
-			[el_init("", NULL, NULL, NULL);],
-			ac_cv_func_el_init_four=yes,
-			ac_cv_func_el_init_four=no)])
-	if test "$ac_cv_func_el_init_four" = yes; then
-		AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.])
-	fi
-fi
-
-dnl readline
-
-ac_foo=no
-if test "$with_readline" = yes; then
-	:
-elif test "$ac_cv_func_readline" = yes; then
-	:
-elif test "$ac_cv_func_el_init" = yes; then
-	ac_foo=yes
-	LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
-else
-	LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
-fi
-AM_CONDITIONAL(el_compat, test "$ac_foo" = yes)
-AC_DEFINE(HAVE_READLINE, 1, 
-	[Define if you have a readline compatible library.])dnl
-
-])
diff --git a/crypto/heimdal/cf/krb-struct-spwd.m4 b/crypto/heimdal/cf/krb-struct-spwd.m4
deleted file mode 100644
index 4ab81fd34f52..000000000000
--- a/crypto/heimdal/cf/krb-struct-spwd.m4
+++ /dev/null
@@ -1,22 +0,0 @@
-dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $
-dnl
-dnl Test for `struct spwd'
-
-AC_DEFUN(AC_KRB_STRUCT_SPWD, [
-AC_MSG_CHECKING(for struct spwd)
-AC_CACHE_VAL(ac_cv_struct_spwd, [
-AC_TRY_COMPILE(
-[#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif],
-[struct spwd foo;],
-ac_cv_struct_spwd=yes,
-ac_cv_struct_spwd=no)
-])
-AC_MSG_RESULT($ac_cv_struct_spwd)
-
-if test "$ac_cv_struct_spwd" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
-fi
-])
diff --git a/crypto/heimdal/cf/krb-struct-winsize.m4 b/crypto/heimdal/cf/krb-struct-winsize.m4
deleted file mode 100644
index 8b2e1a2b167d..000000000000
--- a/crypto/heimdal/cf/krb-struct-winsize.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: krb-struct-winsize.m4,v 1.3 2001/09/01 11:56:05 assar Exp $
-dnl
-dnl
-dnl Search for struct winsize
-dnl
-
-AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [
-AC_MSG_CHECKING(for struct winsize)
-AC_CACHE_VAL(ac_cv_struct_winsize, [
-ac_cv_struct_winsize=no
-for i in sys/termios.h sys/ioctl.h; do
-AC_EGREP_HEADER(
-struct[[ 	]]*winsize,dnl
-$i, ac_cv_struct_winsize=yes; break)dnl
-done
-])
-if test "$ac_cv_struct_winsize" = "yes"; then
-  AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
-fi
-AC_MSG_RESULT($ac_cv_struct_winsize)
-AC_EGREP_HEADER(ws_xpixel, termios.h, 
-	AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
-AC_EGREP_HEADER(ws_ypixel, termios.h, 
-	AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
-])
diff --git a/crypto/heimdal/cf/krb-sys-aix.m4 b/crypto/heimdal/cf/krb-sys-aix.m4
deleted file mode 100644
index a538005513a2..000000000000
--- a/crypto/heimdal/cf/krb-sys-aix.m4
+++ /dev/null
@@ -1,15 +0,0 @@
-dnl $Id: krb-sys-aix.m4,v 1.1 1997/12/14 15:59:02 joda Exp $
-dnl
-dnl
-dnl AIX have a very different syscall convention
-dnl
-AC_DEFUN(AC_KRB_SYS_AIX, [
-AC_MSG_CHECKING(for AIX)
-AC_CACHE_VAL(krb_cv_sys_aix,
-AC_EGREP_CPP(yes, 
-[#ifdef _AIX
-	yes
-#endif 
-], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
-AC_MSG_RESULT($krb_cv_sys_aix)
-])
diff --git a/crypto/heimdal/cf/krb-sys-nextstep.m4 b/crypto/heimdal/cf/krb-sys-nextstep.m4
deleted file mode 100644
index 6e9e3169eeb3..000000000000
--- a/crypto/heimdal/cf/krb-sys-nextstep.m4
+++ /dev/null
@@ -1,18 +0,0 @@
-dnl $Id: krb-sys-nextstep.m4,v 1.4 2002/08/28 18:44:32 joda Exp $
-dnl
-dnl NEXTSTEP is not posix compliant by default,
-dnl you need a switch -posix to the compiler
-dnl
-
-AC_DEFUN(rk_SYS_NEXTSTEP, [
-AC_CACHE_CHECK(for NeXTSTEP, rk_cv_sys_nextstep, [
-AC_EGREP_CPP(yes, 
-[#if defined(NeXT) && !defined(__APPLE__)
-	yes
-#endif 
-], rk_cv_sys_nextstep=yes, rk_cv_sys_nextstep=no)])
-if test "$rk_cv_sys_nextstep" = "yes"; then
-  CFLAGS="$CFLAGS -posix"
-  LIBS="$LIBS -posix"
-fi
-])
diff --git a/crypto/heimdal/cf/krb-version.m4 b/crypto/heimdal/cf/krb-version.m4
deleted file mode 100644
index 4b555901edc4..000000000000
--- a/crypto/heimdal/cf/krb-version.m4
+++ /dev/null
@@ -1,24 +0,0 @@
-dnl $Id: krb-version.m4,v 1.3 2002/08/20 15:49:58 joda Exp $
-dnl
-dnl
-dnl output a C header-file with some version strings
-dnl
-
-AC_DEFUN(AC_KRB_VERSION,[
-cat > include/newversion.h.in <<FOOBAR
-const char *${PACKAGE_TARNAME}_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *${PACKAGE_TARNAME}_version = "$PACKAGE_STRING";
-FOOBAR
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
-])
diff --git a/crypto/heimdal/cf/make-proto.pl b/crypto/heimdal/cf/make-proto.pl
deleted file mode 100644
index 769d96cc0278..000000000000
--- a/crypto/heimdal/cf/make-proto.pl
+++ /dev/null
@@ -1,239 +0,0 @@
-# Make prototypes from .c files
-# $Id: make-proto.pl,v 1.16 2002/09/19 19:29:42 joda Exp $
-
-##use Getopt::Std;
-require 'getopts.pl';
-
-$brace = 0;
-$line = "";
-$debug = 0;
-$oproto = 1;
-$private_func_re = "^_";
-
-do Getopts('o:p:dqR:P:') || die "foo";
-
-if($opt_d) {
-    $debug = 1;
-}
-
-if($opt_q) {
-    $oproto = 0;
-}
-
-if($opt_R) {
-    $private_func_re = $opt_R;
-}
-
-while(<>) {
-    print $brace, " ", $_ if($debug);
-    if(/^\#if 0/) {
-	$if_0 = 1;
-    }
-    if($if_0 && /^\#endif/) {
-	$if_0 = 0;
-    }
-    if($if_0) { next }
-    if(/^\s*\#/) {
-	next;
-    }
-    if(/^\s*$/) {
-	$line = "";
-	next;
-    }
-    if(/\{/){
-	if (!/\}/) {
-	    $brace++;
-	}
-	$_ = $line;
-	while(s/\*\//\ca/){
-	    s/\/\*(.|\n)*\ca//;
-	}
-	s/^\s*//;
-	s/\s*$//;
-	s/\s+/ /g;
-	if($_ =~ /\)$/){
-	    if(!/^static/ && !/^PRIVATE/){
-		if(/(.*)(__attribute__\s?\(.*\))/) {
-		    $attr = $2;
-		    $_ = $1;
-		} else {
-		    $attr = "";
-		}
-		# remove outer ()
-		s/\s*\(/</;
-		s/\)\s?$/>/;
-		# remove , within ()
-		while(s/\(([^()]*),(.*)\)/($1\$$2)/g){}
-		s/\<\s*void\s*\>/<>/;
-		# remove parameter names 
-		if($opt_P eq "remove") {
-		    s/(\s*)([a-zA-Z0-9_]+)([,>])/$3/g;
-		    s/\(\*(\s*)([a-zA-Z0-9_]+)\)/(*)/g;
-		} elsif($opt_P eq "comment") {
-		    s/([a-zA-Z0-9_]+)([,>])/\/\*$1\*\/$2/g;
-		    s/\(\*([a-zA-Z0-9_]+)\)/(*\/\*$1\*\/)/g;
-		}
-		s/\<\>/<void>/;
-		# add newlines before parameters
-		s/,\s*/,\n\t/g;
-		# fix removed ,
-		s/\$/,/g;
-		# match function name
-		/([a-zA-Z0-9_]+)\s*\</;
-		$f = $1;
-		if($oproto) {
-		    $LP = "__P((";
-		    $RP = "))";
-		} else {
-		    $LP = "(";
-		    $RP = ")";
-		}
-		# only add newline if more than one parameter
-                if(/,/){ 
-		    s/\</ $LP\n\t/;
-		}else{
-		    s/\</ $LP/;
-		}
-		s/\>/$RP/;
-		# insert newline before function name
-		s/(.*)\s([a-zA-Z0-9_]+ \Q$LP\E)/$1\n$2/;
-		if($attr ne "") {
-		    $_ .= "\n    $attr";
-		}
-		$_ = $_ . ";";
-		$funcs{$f} = $_;
-	    }
-	}
-	$line = "";
-    }
-    if(/\}/){
-	$brace--;
-    }
-    if(/^\}/){
-	$brace = 0;
-    }
-    if($brace == 0) {
-	$line = $line . " " . $_;
-    }
-}
-
-sub foo {
-    local ($arg) = @_;
-    $_ = $arg;
-    s/.*\/([^\/]*)/$1/;
-    s/[^a-zA-Z0-9]/_/g;
-    "__" . $_ . "__";
-}
-
-if($opt_o) {
-    open(OUT, ">$opt_o");
-    $block = &foo($opt_o);
-} else {
-    $block = "__public_h__";
-}
-
-if($opt_p) {
-    open(PRIV, ">$opt_p");
-    $private = &foo($opt_p);
-} else {
-    $private = "__private_h__";
-}
-
-$public_h = "";
-$private_h = "";
-
-$public_h_header = "/* This is a generated file */
-#ifndef $block
-#define $block
-
-";
-if ($oproto) {
-$public_h_header .= "#ifdef __STDC__
-#include <stdarg.h>
-#ifndef __P
-#define __P(x) x
-#endif
-#else
-#ifndef __P
-#define __P(x) ()
-#endif
-#endif
-
-";
-} else {
-    $public_h_header .= "#include <stdarg.h>
-
-";
-}
-
-$private_h_header = "/* This is a generated file */
-#ifndef $private
-#define $private
-
-";
-if($oproto) {
-$private_h_header .= "#ifdef __STDC__
-#include <stdarg.h>
-#ifndef __P
-#define __P(x) x
-#endif
-#else
-#ifndef __P
-#define __P(x) ()
-#endif
-#endif
-
-";
-} else {
-    $private_h_header .= "#include <stdarg.h>
-
-";
-}
-foreach(sort keys %funcs){
-    if(/^(main)$/) { next }
-    if(/$private_func_re/) {
-	$private_h .= $funcs{$_} . "\n\n";
-	if($funcs{$_} =~ /__attribute__/) {
-	    $private_attribute_seen = 1;
-	}
-    } else {
-	$public_h .= $funcs{$_} . "\n\n";
-	if($funcs{$_} =~ /__attribute__/) {
-	    $public_attribute_seen = 1;
-	}
-    }
-}
-
-if ($public_attribute_seen) {
-    $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-";
-}
-
-if ($private_attribute_seen) {
-    $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-";
-}
-
-
-if ($public_h ne "") {
-    $public_h = $public_h_header . $public_h . "#endif /* $block */\n";
-}
-if ($private_h ne "") {
-    $private_h = $private_h_header . $private_h . "#endif /* $private */\n";
-}
-
-if($opt_o) {
-    print OUT $public_h;
-} 
-if($opt_p) {
-    print PRIV $private_h;
-} 
-
-close OUT;
-close PRIV;
diff --git a/crypto/heimdal/cf/mips-abi.m4 b/crypto/heimdal/cf/mips-abi.m4
deleted file mode 100644
index 5ad464c8ddd1..000000000000
--- a/crypto/heimdal/cf/mips-abi.m4
+++ /dev/null
@@ -1,87 +0,0 @@
-dnl $Id: mips-abi.m4,v 1.6 2002/04/30 16:46:05 joda Exp $
-dnl
-dnl
-dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
-dnl value.
-
-AC_DEFUN(AC_MIPS_ABI, [
-AC_ARG_WITH(mips_abi,
-	AC_HELP_STRING([--with-mips-abi=abi],[ABI to use for IRIX (32, n32, or 64)]))
-
-case "$host_os" in
-irix*)
-with_mips_abi="${with_mips_abi:-yes}"
-if test -n "$GCC"; then
-
-# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
-# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
-#
-# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
-# GCC and revert back to O32. The same goes if O32 is asked for - old
-# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
-#
-# Don't you just love *all* the different SGI ABIs?
-
-case "${with_mips_abi}" in 
-        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
-       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
-        64) abi='-mabi=64';  abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) AC_MSG_ERROR("Invalid ABI specified") ;;
-esac
-if test -n "$abi" ; then
-ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-dnl
-dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
-dnl AC_MSG_RESULT
-dnl
-AC_MSG_CHECKING([if $CC supports the $abi option])
-AC_CACHE_VAL($ac_foo, [
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $abi"
-AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no)
-CFLAGS="$save_CFLAGS"
-])
-ac_res=`eval echo \\\$$ac_foo`
-AC_MSG_RESULT($ac_res)
-if test $ac_res = no; then
-# Try to figure out why that failed...
-case $abi in
-	-mabi=32) 
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS -mabi=n32"
-	AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no)
-	CLAGS="$save_CFLAGS"
-	if test $ac_res = yes; then
-		# New GCC
-		AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
-	fi
-	# Old GCC
-	abi=''
-	abilibdirext=''
-	;;
-	-mabi=n32|-mabi=64)
-		if test $with_mips_abi = yes; then
-			# Old GCC, default to O32
-			abi=''
-			abilibdirext=''
-		else
-			# Some broken GCC
-			AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
-		fi
-	;;
-esac
-fi #if test $ac_res = no; then
-fi #if test -n "$abi" ; then
-else
-case "${with_mips_abi}" in
-        32|o32) abi='-32'; abilibdirext=''     ;;
-       n32|yes) abi='-n32'; abilibdirext='32'  ;;
-        64) abi='-64'; abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) AC_MSG_ERROR("Invalid ABI specified") ;;
-esac
-fi #if test -n "$GCC"; then
-;;
-esac
-])
diff --git a/crypto/heimdal/cf/misc.m4 b/crypto/heimdal/cf/misc.m4
deleted file mode 100644
index a825834f81a0..000000000000
--- a/crypto/heimdal/cf/misc.m4
+++ /dev/null
@@ -1,15 +0,0 @@
-
-dnl $Id: misc.m4,v 1.5 2002/05/24 15:35:32 joda Exp $
-dnl
-AC_DEFUN([upcase],[`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`])dnl
-AC_DEFUN([rk_LIBOBJ],[AC_LIBOBJ([$1])])dnl
-AC_DEFUN([rk_CONFIG_HEADER],[AH_TOP([#ifndef RCSID
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-])])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/need-proto.m4 b/crypto/heimdal/cf/need-proto.m4
deleted file mode 100644
index 52f05bada9cc..000000000000
--- a/crypto/heimdal/cf/need-proto.m4
+++ /dev/null
@@ -1,24 +0,0 @@
-dnl $Id: need-proto.m4,v 1.4 2002/08/23 15:07:41 joda Exp $
-dnl
-dnl
-dnl Check if we need the prototype for a function
-dnl
-
-dnl AC_NEED_PROTO(includes, function)
-
-AC_DEFUN(AC_NEED_PROTO, [
-if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
-AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
-AC_TRY_COMPILE([$1],
-[struct foo { int foo; } xx;
-extern int $2 (struct foo*);
-$2(&xx);
-],
-eval "ac_cv_func_$2_noproto=yes",
-eval "ac_cv_func_$2_noproto=no"))
-if test "$ac_cv_func_$2_noproto" = yes; then
-	AC_DEFINE(AS_TR_CPP(NEED_[]$2[]_PROTO), 1,
-		[define if the system is missing a prototype for $2()])
-fi
-fi
-])
diff --git a/crypto/heimdal/cf/osfc2.m4 b/crypto/heimdal/cf/osfc2.m4
deleted file mode 100644
index af305966befc..000000000000
--- a/crypto/heimdal/cf/osfc2.m4
+++ /dev/null
@@ -1,14 +0,0 @@
-dnl $Id: osfc2.m4,v 1.3 2002/04/30 16:46:18 joda Exp $
-dnl
-dnl enable OSF C2 stuff
-
-AC_DEFUN(AC_CHECK_OSFC2,[
-AC_ARG_ENABLE(osfc2,
-	AC_HELP_STRING([--enable-osfc2],[enable some OSF C2 support]))
-LIB_security=
-if test "$enable_osfc2" = yes; then
-	AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
-	LIB_security=-lsecurity
-fi
-AC_SUBST(LIB_security)
-])
diff --git a/crypto/heimdal/cf/otp.m4 b/crypto/heimdal/cf/otp.m4
deleted file mode 100644
index 37265ef2914f..000000000000
--- a/crypto/heimdal/cf/otp.m4
+++ /dev/null
@@ -1,27 +0,0 @@
-dnl $Id: otp.m4,v 1.2 2002/05/19 20:51:08 joda Exp $
-dnl
-dnl check requirements for OTP library
-dnl
-AC_DEFUN([rk_OTP],[
-AC_REQUIRE([rk_DB])dnl
-AC_ARG_ENABLE(otp,
-	AC_HELP_STRING([--disable-otp],[if you don't want OTP support]))
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	AC_MSG_ERROR([OTP requires a NDBM/DB compatible library])
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-	AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.])
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-	AC_SUBST(LIB_otp)
-fi
-AC_MSG_CHECKING([whether to enable OTP library])
-AC_MSG_RESULT($enable_otp)
-AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl
-])
diff --git a/crypto/heimdal/cf/proto-compat.m4 b/crypto/heimdal/cf/proto-compat.m4
deleted file mode 100644
index 942f658889d2..000000000000
--- a/crypto/heimdal/cf/proto-compat.m4
+++ /dev/null
@@ -1,22 +0,0 @@
-dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
-dnl
-dnl
-dnl Check if the prototype of a function is compatible with another one
-dnl
-
-dnl AC_PROTO_COMPAT(includes, function, prototype)
-
-AC_DEFUN(AC_PROTO_COMPAT, [
-AC_CACHE_CHECK([if $2 is compatible with system prototype],
-ac_cv_func_$2_proto_compat,
-AC_TRY_COMPILE([$1],
-[$3;],
-eval "ac_cv_func_$2_proto_compat=yes",
-eval "ac_cv_func_$2_proto_compat=no"))
-define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
-if test "$ac_cv_func_$2_proto_compat" = yes; then
-	AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
-	$3])
-fi
-undefine([foo])
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/retsigtype.m4 b/crypto/heimdal/cf/retsigtype.m4
deleted file mode 100644
index 4c3ecbdff017..000000000000
--- a/crypto/heimdal/cf/retsigtype.m4
+++ /dev/null
@@ -1,18 +0,0 @@
-dnl
-dnl $Id: retsigtype.m4,v 1.1 2000/07/15 18:05:56 joda Exp $
-dnl
-dnl Figure out return type of signal handlers, and define SIGRETURN macro
-dnl that can be used to return from one
-dnl
-AC_DEFUN(rk_RETSIGTYPE,[
-AC_TYPE_SIGNAL
-if test "$ac_cv_type_signal" = "void" ; then
-	AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if signal handlers return void.])
-fi
-AC_SUBST(VOID_RETSIGTYPE)
-AH_BOTTOM([#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif])
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/roken-frag.m4 b/crypto/heimdal/cf/roken-frag.m4
deleted file mode 100644
index fc263ade27a0..000000000000
--- a/crypto/heimdal/cf/roken-frag.m4
+++ /dev/null
@@ -1,651 +0,0 @@
-dnl $Id: roken-frag.m4,v 1.45 2002/12/18 17:34:25 joda Exp $
-dnl
-dnl some code to get roken working
-dnl
-dnl rk_ROKEN(subdir)
-dnl
-AC_DEFUN(rk_ROKEN, [
-
-AC_REQUIRE([rk_CONFIG_HEADER])
-
-DIR_roken=roken
-LIB_roken='$(top_builddir)/$1/libroken.la'
-INCLUDES_roken='-I$(top_builddir)/$1 -I$(top_srcdir)/$1'
-
-dnl Checks for programs
-AC_REQUIRE([AC_PROG_CC])
-AC_REQUIRE([AC_PROG_AWK])
-AC_REQUIRE([AC_OBJEXT])
-AC_REQUIRE([AC_EXEEXT])
-AC_REQUIRE([AC_PROG_LIBTOOL])
-
-AC_REQUIRE([AC_MIPS_ABI])
-
-dnl C characteristics
-
-AC_REQUIRE([AC_C___ATTRIBUTE__])
-AC_REQUIRE([AC_C_INLINE])
-AC_REQUIRE([AC_C_CONST])
-AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
-
-AC_REQUIRE([rk_DB])
-
-dnl C types
-
-AC_REQUIRE([AC_TYPE_SIZE_T])
-AC_HAVE_TYPE([ssize_t],[#include <unistd.h>])
-AC_REQUIRE([AC_TYPE_PID_T])
-AC_REQUIRE([AC_TYPE_UID_T])
-AC_HAVE_TYPE([long long])
-
-AC_REQUIRE([rk_RETSIGTYPE])
-
-dnl Checks for header files.
-AC_REQUIRE([AC_HEADER_STDC])
-AC_REQUIRE([AC_HEADER_TIME])
-
-AC_CHECK_HEADERS([\
-	arpa/inet.h				\
-	arpa/nameser.h				\
-	config.h				\
-	crypt.h					\
-	dirent.h				\
-	errno.h					\
-	err.h					\
-	fcntl.h					\
-	grp.h					\
-	ifaddrs.h				\
-	net/if.h				\
-	netdb.h					\
-	netinet/in.h				\
-	netinet/in6.h				\
-	netinet/in_systm.h			\
-	netinet6/in6.h				\
-	netinet6/in6_var.h			\
-	paths.h					\
-	pwd.h					\
-	resolv.h				\
-	rpcsvc/ypclnt.h				\
-	shadow.h				\
-	sys/bswap.h				\
-	sys/ioctl.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/proc.h				\
-	sys/resource.h				\
-	sys/socket.h				\
-	sys/sockio.h				\
-	sys/stat.h				\
-	sys/sysctl.h				\
-	sys/time.h				\
-	sys/tty.h				\
-	sys/types.h				\
-	sys/uio.h				\
-	sys/utsname.h				\
-	sys/wait.h				\
-	syslog.h				\
-	termios.h				\
-	unistd.h				\
-	userconf.h				\
-	usersec.h				\
-	util.h					\
-	vis.h					\
-])
-	
-AC_REQUIRE([CHECK_NETINET_IP_AND_TCP])
-
-AM_CONDITIONAL(have_err_h, test "$ac_cv_header_err_h" = yes)
-AM_CONDITIONAL(have_fnmatch_h, test "$ac_cv_header_fnmatch_h" = yes)
-AM_CONDITIONAL(have_ifaddrs_h, test "$ac_cv_header_ifaddrs_h" = yes)
-AM_CONDITIONAL(have_vis_h, test "$ac_cv_header_vis_h" = yes)
-
-dnl Check for functions and libraries
-
-AC_FIND_FUNC(socket, socket)
-AC_FIND_FUNC(gethostbyname, nsl)
-AC_FIND_FUNC(syslog, syslog)
-
-AC_KRB_IPV6
-
-AC_FIND_FUNC(gethostbyname2, inet6 ip6)
-
-AC_FIND_FUNC(res_search, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0])
-
-AC_FIND_FUNC(res_nsearch, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0,0])
-
-AC_FIND_FUNC(dn_expand, resolv,
-[
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-],
-[0,0,0,0,0])
-
-rk_CHECK_VAR(_res, 
-[#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif])
-
-
-AC_BROKEN_SNPRINTF
-AC_BROKEN_VSNPRINTF
-
-AC_BROKEN_GLOB
-if test "$ac_cv_func_glob_working" != yes; then
-	AC_LIBOBJ(glob)
-fi
-AM_CONDITIONAL(have_glob_h, test "$ac_cv_func_glob_working" = yes)
-
-
-AC_CHECK_FUNCS([				\
-	asnprintf				\
-	asprintf				\
-	atexit					\
-	cgetent					\
-	getconfattr				\
-	getprogname				\
-	getrlimit				\
-	getspnam				\
-	initstate				\
-	issetugid				\
-	on_exit					\
-	random					\
-	setprogname				\
-	setstate				\
-	strsvis					\
-	strunvis				\
-	strvis					\
-	strvisx					\
-	svis					\
-	sysconf					\
-	sysctl					\
-	uname					\
-	unvis					\
-	vasnprintf				\
-	vasprintf				\
-	vis					\
-])
-
-if test "$ac_cv_func_cgetent" = no; then
-	AC_LIBOBJ(getcap)
-fi
-
-AC_REQUIRE([AC_FUNC_GETLOGIN])
-
-AC_REQUIRE([AC_FUNC_MMAP])
-
-AC_FIND_FUNC_NO_LIBS(getsockopt,,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif],
-[0,0,0,0,0])
-AC_FIND_FUNC_NO_LIBS(setsockopt,,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif],
-[0,0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],
-17)
-AC_NEED_PROTO([
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],
-hstrerror)
-
-AC_FOREACH([rk_func], [asprintf vasprintf asnprintf vasnprintf],
-	[AC_NEED_PROTO([
-	#include <stdio.h>
-	#include <string.h>],
-	rk_func)])
-
-AC_FIND_FUNC_NO_LIBS(bswap16,,
-[#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif],0)
-
-AC_FIND_FUNC_NO_LIBS(bswap32,,
-[#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif],0)
-
-AC_FIND_FUNC_NO_LIBS(pidfile,util,
-[#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif],0)
-
-AC_FIND_IF_NOT_BROKEN(getaddrinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(getnameinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0,0,0,0,0,0,0])
-
-AC_FIND_IF_NOT_BROKEN(freeaddrinfo,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0])
-
-AC_FIND_IF_NOT_BROKEN(gai_strerror,,
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif],[0])
-
-AC_BROKEN([					\
-	chown					\
-	copyhostent				\
-	daemon					\
-	ecalloc					\
-	emalloc					\
-	erealloc				\
-	estrdup					\
-	err					\
-	errx					\
-	fchown					\
-	flock					\
-	fnmatch					\
-	freehostent				\
-	getcwd					\
-	getdtablesize				\
-	getegid					\
-	geteuid					\
-	getgid					\
-	gethostname				\
-	getifaddrs				\
-	getipnodebyaddr				\
-	getipnodebyname				\
-	getopt					\
-	gettimeofday				\
-	getuid					\
-	getusershell				\
-	initgroups				\
-	innetgr					\
-	iruserok				\
-	localtime_r				\
-	lstat					\
-	memmove					\
-	mkstemp					\
-	putenv					\
-	rcmd					\
-	readv					\
-	recvmsg					\
-	sendmsg					\
-	setegid					\
-	setenv					\
-	seteuid					\
-	strcasecmp				\
-	strdup					\
-	strerror				\
-	strftime				\
-	strlcat					\
-	strlcpy					\
-	strlwr					\
-	strncasecmp				\
-	strndup					\
-	strnlen					\
-	strptime				\
-	strsep					\
-	strsep_copy				\
-	strtok_r				\
-	strupr					\
-	swab					\
-	unsetenv				\
-	verr					\
-	verrx					\
-	vsyslog					\
-	vwarn					\
-	vwarnx					\
-	warn					\
-	warnx					\
-	writev					\
-])
-
-AC_FOREACH([rk_func], [strndup strsep strtok_r],
-	[AC_NEED_PROTO([#include <string.h>], rk_func)])
-
-AC_FOREACH([rk_func], [strsvis strunvis strvis strvisx svis unvis vis],
-[AC_NEED_PROTO([#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif], rk_func)])
-
-AC_BROKEN2(inet_aton,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0,0])
-
-AC_BROKEN2(inet_ntop,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0, 0, 0, 0])
-
-AC_BROKEN2(inet_pton,
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-[0,0,0])
-
-dnl
-dnl Check for sa_len in struct sockaddr, 
-dnl needs to come before the getnameinfo test
-dnl
-AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include <sys/types.h>
-#include <sys/socket.h>])
-
-if test "$ac_cv_func_getnameinfo" = "yes"; then
-  rk_BROKEN_GETNAMEINFO
-  if test "$ac_cv_func_getnameinfo_broken" = yes; then
-	AC_LIBOBJ(getnameinfo)
-  fi
-fi
-
-if test "$ac_cv_func_getaddrinfo" = "yes"; then
-  rk_BROKEN_GETADDRINFO
-  if test "$ac_cv_func_getaddrinfo_numserv" = no; then
-	AC_LIBOBJ(getaddrinfo)
-	AC_LIBOBJ(freeaddrinfo)
-  fi
-fi
-
-AC_NEED_PROTO([#include <stdlib.h>], setenv)
-AC_NEED_PROTO([#include <stdlib.h>], unsetenv)
-AC_NEED_PROTO([#include <unistd.h>], gethostname)
-AC_NEED_PROTO([#include <unistd.h>], mkstemp)
-AC_NEED_PROTO([#include <unistd.h>], getusershell)
-
-AC_NEED_PROTO([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif],
-inet_aton)
-
-AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl
-
-AC_REQUIRE([rk_BROKEN_REALLOC])dnl
-
-dnl AC_KRB_FUNC_GETCWD_BROKEN
-
-dnl
-dnl Checks for prototypes and declarations
-dnl
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-gethostbyname, struct hostent *gethostbyname(const char *))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-],
-getservbyname, struct servent *getservbyname(const char *, const char *))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-],
-getsockname, int getsockname(int, struct sockaddr*, socklen_t*))
-
-AC_PROTO_COMPAT([
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-],
-openlog, void openlog(const char *, int, int))
-
-AC_NEED_PROTO([
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-],
-crypt)
-
-dnl variables
-
-rk_CHECK_VAR(h_errno, 
-[#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR(h_errlist, 
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR(h_nerr, 
-[#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif])
-
-rk_CHECK_VAR([__progname], 
-[#ifdef HAVE_ERR_H
-#include <err.h>
-#endif])
-
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], optarg)
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], optind)
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], opterr)
-AC_CHECK_DECLARATION([#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif], optopt)
-
-AC_CHECK_DECLARATION([#include <stdlib.h>], environ)
-
-dnl
-dnl Check for fields in struct tm
-dnl
-
-AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include <time.h>])
-AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include <time.h>])
-
-dnl
-dnl or do we have a variable `timezone' ?
-dnl
-
-rk_CHECK_VAR(timezone,[#include <time.h>])
-rk_CHECK_VAR(altzone,[#include <time.h>])
-
-AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
-AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
-AC_HAVE_TYPE([struct sockaddr], [#include <sys/socket.h>])
-AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
-AC_HAVE_TYPE([struct addrinfo], [#include <netdb.h>])
-AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>])
-AC_HAVE_TYPE([struct iovec],[
-#include <sys/types.h>
-#include <sys/uio.h>
-])
-AC_HAVE_TYPE([struct msghdr],[
-#include <sys/types.h>
-#include <sys/socket.h>
-])
-
-dnl
-dnl Check for struct winsize
-dnl
-
-AC_KRB_STRUCT_WINSIZE
-
-dnl
-dnl Check for struct spwd
-dnl
-
-AC_KRB_STRUCT_SPWD
-
-dnl won't work with automake
-dnl moved to AC_OUTPUT in configure.in
-dnl AC_CONFIG_FILES($1/Makefile)
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-AC_SUBST(DIR_roken)dnl
-AC_SUBST(LIB_roken)dnl
-AC_SUBST(INCLUDES_roken)dnl
-])
diff --git a/crypto/heimdal/cf/roken.m4 b/crypto/heimdal/cf/roken.m4
deleted file mode 100644
index c835a15a6666..000000000000
--- a/crypto/heimdal/cf/roken.m4
+++ /dev/null
@@ -1,64 +0,0 @@
-dnl $Id: roken.m4,v 1.3 2002/04/30 16:46:33 joda Exp $
-dnl
-dnl try to look for an installed roken library with sufficient stuff
-dnl
-dnl set LIB_roken to the what we should link with
-dnl set DIR_roken to if the directory should be built
-dnl set CPPFLAGS_roken to stuff to add to CPPFLAGS
-
-dnl AC_ROKEN(version,directory-to-try,roken-dir,fallback-library,fallback-cppflags)
-AC_DEFUN(AC_ROKEN, [
-
-AC_ARG_WITH(roken,
-	AC_HELP_STRING([--with-roken=dir],[use the roken library in dir]),
-[if test "$withval" = "no"; then
-  AC_MSG_ERROR(roken is required)
-fi])
-
-save_CPPFLAGS="${CPPFLAGS}"
-
-case $with_roken in
-yes|"")
-  dirs="$2" ;;
-*)
-  dirs="$with_roken" ;;
-esac
-
-roken_installed=no
-
-for i in $dirs; do
-
-AC_MSG_CHECKING(for roken in $i)
-
-CPPFLAGS="-I$i/include ${CPPFLAGS}"
-
-AC_TRY_CPP(
-[#include <roken.h>
-#if ROKEN_VERSION < $1
-#error old roken version, should be $1
-fail
-#endif
-],[roken_installed=yes; break])
-
-AC_MSG_RESULT($roken_installed)
-
-done
-
-CPPFLAGS="$save_CPPFLAGS"
-
-if test "$roken_installed" != "yes"; then
-  DIR_roken="roken"
-  LIB_roken='$4'
-  CPPFLAGS_roken='$5'
-  AC_CONFIG_SUBDIRS(lib/roken)
-else
-  LIB_roken="$i/lib/libroken.la"
-  CPPFLAGS_roken="-I$i/include"
-fi
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-AC_SUBST(LIB_roken)dnl
-AC_SUBST(DIR_roken)dnl
-AC_SUBST(CPPFLAGS_roken)dnl
-])
diff --git a/crypto/heimdal/cf/shared-libs.m4 b/crypto/heimdal/cf/shared-libs.m4
deleted file mode 100644
index bddc1211abca..000000000000
--- a/crypto/heimdal/cf/shared-libs.m4
+++ /dev/null
@@ -1,192 +0,0 @@
-dnl
-dnl $Id: shared-libs.m4,v 1.6 2000/11/17 02:59:27 assar Exp $
-dnl
-dnl Shared library stuff has to be different everywhere
-dnl
-
-AC_DEFUN(AC_SHARED_LIBS, [
-
-dnl Check if we want to use shared libraries
-AC_ARG_ENABLE(shared,
-[  --enable-shared         create shared libraries for Kerberos])
-
-AC_SUBST(CFLAGS)dnl
-AC_SUBST(LDFLAGS)dnl
-
-case ${enable_shared} in
-  yes ) enable_shared=yes;;
-  no  ) enable_shared=no;;
-  *   ) enable_shared=no;;
-esac
-
-# NOTE: Building shared libraries may not work if you do not use gcc!
-#
-# OS		$SHLIBEXT
-# HP-UX		sl
-# Linux		so
-# NetBSD	so
-# FreeBSD	so
-# OSF		so
-# SunOS5	so
-# SunOS4	so.0.5
-# Irix		so
-#
-# LIBEXT is the extension we should build (.a or $SHLIBEXT)
-LINK='$(CC)'
-AC_SUBST(LINK)
-lib_deps=yes
-REAL_PICFLAGS="-fpic"
-LDSHARED='$(CC) $(PICFLAGS) -shared'
-LIBPREFIX=lib
-build_symlink_command=@true
-install_symlink_command=@true
-install_symlink_command2=@true
-REAL_SHLIBEXT=so
-changequote({,})dnl
-SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'`
-SHLIB_SONAME=`echo $VERSION | sed 's/\([0-9]*\).*/\1/'`
-changequote([,])dnl
-case "${host}" in
-*-*-hpux*)
-	REAL_SHLIBEXT=sl
-	REAL_LD_FLAGS='-Wl,+b$(libdir)'
-	if test -z "$GCC"; then
-		LDSHARED="ld -b"
-		REAL_PICFLAGS="+z"
-	fi
-	lib_deps=no
-	;;
-*-*-linux*)
-	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
-	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
-	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
-	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
-	;;
-changequote(,)dnl
-*-*-freebsd[345]* | *-*-freebsdelf[345]*)
-changequote([,])dnl
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	REAL_LD_FLAGS='-Wl,-R$(libdir)'
-	build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
-	install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
-	install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
-	;;
-*-*-*bsd*)
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	LDSHARED='ld -Bshareable'
-	REAL_LD_FLAGS='-Wl,-R$(libdir)'
-	;;
-*-*-osf*)
-	REAL_LD_FLAGS='-Wl,-rpath,$(libdir)'
-	REAL_PICFLAGS=
-	LDSHARED='ld -shared -expect_unresolved \*'
-	;;
-*-*-solaris2*)
-	LDSHARED='$(CC) -shared -Wl,-soname,$(LIBNAME).so.'"${SHLIB_SONAME}"
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	build_symlink_command='$(LN_S) [$][@] $(LIBNAME).so'
-	install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
-	install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
-	REAL_LD_FLAGS='-Wl,-R$(libdir)'
-	if test -z "$GCC"; then
-		LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
-		REAL_PICFLAGS="-Kpic"
-	fi
-	;;
-*-fujitsu-uxpv*)
-	REAL_LD_FLAGS='' # really: LD_RUN_PATH=$(libdir) cc -o ...
-	REAL_LINK='LD_RUN_PATH=$(libdir) $(CC)'
-	LDSHARED='$(CC) -G'
-	REAL_PICFLAGS="-Kpic"
-	lib_deps=no # fails in mysterious ways
-	;;
-*-*-sunos*)
-	REAL_SHLIBEXT=so.$SHLIB_VERSION
-	REAL_LD_FLAGS='-Wl,-L$(libdir)'
-	lib_deps=no
-	;;
-*-*-irix*)
-        libdir="${libdir}${abilibdirext}"
-        REAL_LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
-        LD_FLAGS="${abi} -Wl,-rpath,\$(libdir)"
-	LDSHARED="\$(CC) -shared ${abi}"
-        REAL_PICFLAGS=
-        CFLAGS="${abi} ${CFLAGS}"
-	;;
-*-*-os2*)
-	LIBPREFIX=
-	EXECSUFFIX='.exe'
-	RANLIB=EMXOMF
-	LD_FLAGS=-Zcrtdll
-	REAL_SHLIBEXT=nobuild
-	;;
-*-*-cygwin32*)
-	EXECSUFFIX='.exe'
-	REAL_SHLIBEXT=nobuild
-	;;
-*)	REAL_SHLIBEXT=nobuild
-	REAL_PICFLAGS= 
-	;;
-esac
-
-if test "${enable_shared}" != "yes" ; then 
- PICFLAGS=""
- SHLIBEXT="nobuild"
- LIBEXT="a"
- build_symlink_command=@true
- install_symlink_command=@true
- install_symlink_command2=@true
-else
- PICFLAGS="$REAL_PICFLAGS"
- SHLIBEXT="$REAL_SHLIBEXT"
- LIBEXT="$SHLIBEXT"
- AC_MSG_CHECKING(whether to use -rpath)
- case "$libdir" in
-   /lib | /usr/lib | /usr/local/lib)
-     AC_MSG_RESULT(no)
-     REAL_LD_FLAGS=
-     LD_FLAGS=
-     ;;
-   *)
-     LD_FLAGS="$REAL_LD_FLAGS"
-     test "$REAL_LINK" && LINK="$REAL_LINK"
-     AC_MSG_RESULT($LD_FLAGS)
-     ;;
-   esac
-fi
-
-if test "$lib_deps" = yes; then
-	lib_deps_yes=""
-	lib_deps_no="# "
-else
-	lib_deps_yes="# "
-	lib_deps_no=""
-fi
-AC_SUBST(lib_deps_yes)
-AC_SUBST(lib_deps_no)
-
-# use supplied ld-flags, or none if `no'
-if test "$with_ld_flags" = no; then
-	LD_FLAGS=
-elif test -n "$with_ld_flags"; then
-	LD_FLAGS="$with_ld_flags"
-fi
-
-AC_SUBST(REAL_PICFLAGS) dnl
-AC_SUBST(REAL_SHLIBEXT) dnl
-AC_SUBST(REAL_LD_FLAGS) dnl
-
-AC_SUBST(PICFLAGS) dnl
-AC_SUBST(SHLIBEXT) dnl
-AC_SUBST(LDSHARED) dnl
-AC_SUBST(LD_FLAGS) dnl
-AC_SUBST(LIBEXT) dnl
-AC_SUBST(LIBPREFIX) dnl
-AC_SUBST(EXECSUFFIX) dnl
-
-AC_SUBST(build_symlink_command)dnl
-AC_SUBST(install_symlink_command)dnl
-AC_SUBST(install_symlink_command2)dnl
-])
diff --git a/crypto/heimdal/cf/sunos.m4 b/crypto/heimdal/cf/sunos.m4
deleted file mode 100644
index 6572d0b80ff6..000000000000
--- a/crypto/heimdal/cf/sunos.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl
-dnl $Id: sunos.m4,v 1.2 2002/10/16 14:42:13 joda Exp $
-dnl
-
-AC_DEFUN([rk_SUNOS],[
-sunos=no
-case "$host" in 
-*-*-sunos4*)
-	sunos=40
-	;;
-*-*-solaris2.7)
-	sunos=57
-	;;
-*-*-solaris2.[[89]])
-	sunos=58
-	;;
-*-*-solaris2*)
-	sunos=50
-	;;
-esac
-if test "$sunos" != no; then
-	AC_DEFINE_UNQUOTED(SunOS, $sunos, 
-		[Define to what version of SunOS you are running.])
-fi
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/cf/telnet.m4 b/crypto/heimdal/cf/telnet.m4
deleted file mode 100644
index add065c3d893..000000000000
--- a/crypto/heimdal/cf/telnet.m4
+++ /dev/null
@@ -1,78 +0,0 @@
-dnl
-dnl $Id: telnet.m4,v 1.1 2002/08/28 19:19:01 joda Exp $
-dnl
-dnl stuff used by telnet
-
-AC_DEFUN([rk_TELNET],[
-AC_DEFINE(AUTHENTICATION, 1, 
-	[Define if you want authentication support in telnet.])dnl
-AC_DEFINE(ENCRYPTION, 1,
-	[Define if you want encryption support in telnet.])dnl
-AC_DEFINE(DES_ENCRYPTION, 1,
-	[Define if you want to use DES encryption in telnet.])dnl
-AC_DEFINE(DIAGNOSTICS, 1,
-	[Define this to enable diagnostics in telnet.])dnl
-AC_DEFINE(OLD_ENVIRON, 1,
-	[Define this to enable old environment option in telnet.])dnl
-if false; then
-	AC_DEFINE(ENV_HACK, 1,
-		[Define this if you want support for broken ENV_{VAR,VAL} telnets.])
-fi
-
-# Simple test for streamspty, based on the existance of getmsg(), alas
-# this breaks on SunOS4 which have streams but BSD-like ptys
-#
-# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
-
-case "$host" in
-*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[[01]]*)
-	;;
-*)
-	AC_CHECK_FUNC(getmsg)
-	if test "$ac_cv_func_getmsg" = "yes"; then
-		AC_CACHE_CHECK([if getmsg works], ac_cv_func_getmsg_works,
-		AC_TRY_RUN([
-			#include <stdio.h>
-			#include <errno.h>
-
-			int main()
-			{
-			  int ret;
-			  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-			  if(ret < 0 && errno == ENOSYS)
-			    return 1;
-			  return 0;
-			}
-			], ac_cv_func_getmsg_works=yes, 
-			ac_cv_func_getmsg_works=no,
-			ac_cv_func_getmsg_works=no))
-		if test "$ac_cv_func_getmsg_works" = "yes"; then
-			AC_DEFINE(HAVE_GETMSG, 1,
-				[Define if you have a working getmsg.])
-			AC_DEFINE(STREAMSPTY, 1,
-				[Define if you have streams ptys.])
-		fi
-	fi
-	;;
-esac
-
-AH_BOTTOM([
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd 
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-#undef USE_IM
-
-/* Used with login -p */
-#undef LOGIN_ARGS
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-])
-])
diff --git a/crypto/heimdal/cf/test-package.m4 b/crypto/heimdal/cf/test-package.m4
deleted file mode 100644
index 9cdccc7b6faa..000000000000
--- a/crypto/heimdal/cf/test-package.m4
+++ /dev/null
@@ -1,125 +0,0 @@
-dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $
-dnl
-dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
-dnl			default locations, conditional, config-program)
-
-AC_DEFUN(rk_TEST_PACKAGE,[
-AC_ARG_WITH($1,
-	AC_HELP_STRING([--with-$1=dir],[use $1 in dir]))
-AC_ARG_WITH($1-lib,
-	AC_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-AC_ARG_WITH($1-include,
-	AC_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-AC_ARG_WITH($1-config,
-	AC_HELP_STRING([--with-$1-config=path],[config program for $1]))
-
-m4_ifval([$6],
-	m4_define([rk_pkgname], $6),
-	m4_define([rk_pkgname], AS_TR_CPP($1)))
-
-AC_MSG_CHECKING(for $1)
-
-case "$with_$1" in
-yes|"") d='$5' ;;
-no)	d= ;;
-*)	d="$with_$1" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_$1_include" = ""; then
-		if test -d "$i/include/$1"; then
-			header_dirs="$header_dirs $i/include/$1"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_$1_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_$1_include"; then
-	header_dirs="$with_$1_include $header_dirs"
-fi
-if test "$with_$1_lib"; then
-	lib_dirs="$with_$1_lib $lib_dirs"
-fi
-
-if test "$with_$1_config" = ""; then
-	with_$1_config='$7'
-fi
-
-$1_cflags=
-$1_libs=
-
-case "$with_$1_config" in
-yes|no|"")
-	;;
-*)
-	$1_cflags="`$with_$1_config --cflags 2>&1`"
-	$1_libs="`$with_$1_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_$1" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$[]$1_cflags" -a "$[]$1_libs"; then
-		CFLAGS="$[]$1_cflags $save_CFLAGS"
-		LIBS="$[]$1_libs $save_LIBS"
-		AC_TRY_LINK([$2],,[
-			INCLUDE_$1="$[]$1_cflags"
-			LIB_$1="$[]$1_libs"
-			AC_MSG_RESULT([from $with_$1_config])
-			found=yes])
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			AC_TRY_COMPILE([$2],,ires=$i;break)
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i $3 $4 $save_LIBS"
-			AC_TRY_LINK([$2],,lres=$i;break)
-		done
-		if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
-			INCLUDE_$1="-I$ires"
-			LIB_$1="-L$lres $3 $4"
-			found=yes
-			AC_MSG_RESULT([headers $ires, libraries $lres])
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-	AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.])
-	with_$1=yes
-else
-	with_$1=no
-	INCLUDE_$1=
-	LIB_$1=
-	AC_MSG_RESULT(no)
-fi
-
-AC_SUBST(INCLUDE_$1)
-AC_SUBST(LIB_$1)
-])
diff --git a/crypto/heimdal/cf/wflags.m4 b/crypto/heimdal/cf/wflags.m4
deleted file mode 100644
index 6d9e0736618b..000000000000
--- a/crypto/heimdal/cf/wflags.m4
+++ /dev/null
@@ -1,21 +0,0 @@
-dnl $Id: wflags.m4,v 1.3 1999/03/11 12:11:41 joda Exp $
-dnl
-dnl set WFLAGS
-
-AC_DEFUN(AC_WFLAGS,[
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="ifelse($#, 0,-Wall, $1)"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-AC_SUBST(WFLAGS)dnl
-AC_SUBST(WFLAGS_NOUNUSED)dnl
-AC_SUBST(WFLAGS_NOIMPLICITINT)dnl
-])
diff --git a/crypto/heimdal/cf/with-all.m4 b/crypto/heimdal/cf/with-all.m4
deleted file mode 100644
index 1b9d39ff146d..000000000000
--- a/crypto/heimdal/cf/with-all.m4
+++ /dev/null
@@ -1,42 +0,0 @@
-dnl
-dnl $Id: with-all.m4,v 1.1 2001/08/29 17:01:23 assar Exp $
-dnl
-
-dnl AC_WITH_ALL(name)
-
-AC_DEFUN([AC_WITH_ALL], [
-AC_ARG_WITH($1,
-	AC_HELP_STRING([--with-$1=dir],
-		[use $1 in dir]))
-
-AC_ARG_WITH($1-lib,
-	AC_HELP_STRING([--with-$1-lib=dir],
-		[use $1 libraries in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-lib])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-
-AC_ARG_WITH($1-include,
-	AC_HELP_STRING([--with-$1-include=dir],
-		[use $1 headers in dir]),
-[if test "$withval" = "yes" -o "$withval" = "no"; then
-  AC_MSG_ERROR([No argument for --with-$1-include])
-elif test "X$with_$1" = "X"; then
-  with_$1=yes
-fi])
-
-case "$with_$1" in
-yes)	;;
-no)	;;
-"")	;;
-*)	if test "$with_$1_include" = ""; then
-		with_$1_include="$with_$1/include"
-	fi
-	if test "$with_$1_lib" = ""; then
-		with_$1_lib="$with_$1/lib$abilibdirext"
-	fi
-	;;
-esac
-])
-\ No newline at end of file
diff --git a/crypto/heimdal/compile b/crypto/heimdal/compile
deleted file mode 100755
index 9bb997a6a9b4..000000000000
--- a/crypto/heimdal/compile
+++ /dev/null
@@ -1,99 +0,0 @@
-#! /bin/sh
-
-# Wrapper for compilers which do not understand `-c -o'.
-
-# Copyright 1999, 2000 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Usage:
-# compile PROGRAM [ARGS]...
-# `-o FOO.o' is removed from the args passed to the actual compile.
-
-prog=$1
-shift
-
-ofile=
-cfile=
-args=
-while test $# -gt 0; do
-   case "$1" in
-    -o)
-       # configure might choose to run compile as `compile cc -o foo foo.c'.
-       # So we do something ugly here.
-       ofile=$2
-       shift
-       case "$ofile" in
-	*.o | *.obj)
-	   ;;
-	*)
-	   args="$args -o $ofile"
-	   ofile=
-	   ;;
-       esac
-       ;;
-    *.c)
-       cfile=$1
-       args="$args $1"
-       ;;
-    *)
-       args="$args $1"
-       ;;
-   esac
-   shift
-done
-
-if test -z "$ofile" || test -z "$cfile"; then
-   # If no `-o' option was seen then we might have been invoked from a
-   # pattern rule where we don't need one.  That is ok -- this is a
-   # normal compilation that the losing compiler can handle.  If no
-   # `.c' file was seen then we are probably linking.  That is also
-   # ok.
-   exec "$prog" $args
-fi
-
-# Name of file we expect compiler to create.
-cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
-
-# Create the lock directory.
-# Note: use `[/.-]' here to ensure that we don't use the same name
-# that we are using for the .o file.  Also, base the name on the expected
-# object file name, since that is what matters with a parallel build.
-lockdir=`echo $cofile | sed -e 's|[/.-]|_|g'`.d
-while true; do
-   if mkdir $lockdir > /dev/null 2>&1; then
-      break
-   fi
-   sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir $lockdir; exit 1" 1 2 15
-
-# Run the compile.
-"$prog" $args
-status=$?
-
-if test -f "$cofile"; then
-   mv "$cofile" "$ofile"
-fi
-
-rmdir $lockdir
-exit $status
diff --git a/crypto/heimdal/config.guess b/crypto/heimdal/config.guess
deleted file mode 100755
index ed2e03b7f2b9..000000000000
--- a/crypto/heimdal/config.guess
+++ /dev/null
@@ -1,1321 +0,0 @@
-#! /bin/sh
-# Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002 Free Software Foundation, Inc.
-
-timestamp='2002-03-20'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Originally written by Per Bothner <per@bothner.com>.
-# Please send patches to <config-patches@gnu.org>.  Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# This script attempts to guess a canonical system name similar to
-# config.sub.  If it succeeds, it prints the system name on stdout, and
-# exits with 0.  Otherwise, it exits with 1.
-#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION]
-
-Output the configuration name of the system \`$me' is run on.
-
-Operation modes:
-  -h, --help         print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version      print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.guess ($timestamp)
-
-Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
-    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit 0 ;;
-    --version | -v )
-       echo "$version" ; exit 0 ;;
-    --help | --h* | -h )
-       echo "$usage"; exit 0 ;;
-    -- )     # Stop option processing
-       shift; break ;;
-    - )	# Use stdin as input.
-       break ;;
-    -* )
-       echo "$me: invalid option $1$help" >&2
-       exit 1 ;;
-    * )
-       break ;;
-  esac
-done
-
-if test $# != 0; then
-  echo "$me: too many arguments$help" >&2
-  exit 1
-fi
-
-
-dummy=dummy-$$
-trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15
-
-# CC_FOR_BUILD -- compiler used by this script.
-# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
-# use `HOST_CC' if defined, but it is deprecated.
-
-set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,)    echo "int dummy(){}" > $dummy.c ;
-	for c in cc gcc c89 c99 ; do
-	  ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ;
-	  if test $? = 0 ; then
-	     CC_FOR_BUILD="$c"; break ;
-	  fi ;
-	done ;
-	rm -f $dummy.c $dummy.o $dummy.rel ;
-	if test x"$CC_FOR_BUILD" = x ; then
-	  CC_FOR_BUILD=no_compiler_found ;
-	fi
-	;;
- ,,*)   CC_FOR_BUILD=$CC ;;
- ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac'
-
-# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
-	PATH=$PATH:/.attbin ; export PATH
-fi
-
-UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
-UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
-UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-
-# Note: order is significant - the case branches are not exclusive.
-
-case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
-    *:NetBSD:*:*)
-	# NetBSD (nbsd) targets should (where applicable) match one or
-	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
-	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
-	# switched to ELF, *-*-netbsd* would select the old
-	# object file format.  This provides both forward
-	# compatibility and a consistent mechanism for selecting the
-	# object file format.
-	#
-	# Note: NetBSD doesn't particularly care about the vendor
-	# portion of the name.  We always set it to "unknown".
-	sysctl="sysctl -n hw.machine_arch"
-	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
-	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
-	case "${UNAME_MACHINE_ARCH}" in
-	    arm*) machine=arm-unknown ;;
-	    sh3el) machine=shl-unknown ;;
-	    sh3eb) machine=sh-unknown ;;
-	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
-	esac
-	# The Operating System including object format, if it has switched
-	# to ELF recently, or will in the future.
-	case "${UNAME_MACHINE_ARCH}" in
-	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
-		eval $set_cc_for_build
-		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
-			| grep __ELF__ >/dev/null
-		then
-		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
-		    # Return netbsd for either.  FIX?
-		    os=netbsd
-		else
-		    os=netbsdelf
-		fi
-		;;
-	    *)
-	        os=netbsd
-		;;
-	esac
-	# The OS release
-	release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
-	# contains redundant information, the shorter form:
-	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
-	echo "${machine}-${os}${release}"
-	exit 0 ;;
-    amiga:OpenBSD:*:*)
-	echo m68k-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    arc:OpenBSD:*:*)
-	echo mipsel-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    hp300:OpenBSD:*:*)
-	echo m68k-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    mac68k:OpenBSD:*:*)
-	echo m68k-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    macppc:OpenBSD:*:*)
-	echo powerpc-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    mvme68k:OpenBSD:*:*)
-	echo m68k-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    mvme88k:OpenBSD:*:*)
-	echo m88k-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    mvmeppc:OpenBSD:*:*)
-	echo powerpc-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    pmax:OpenBSD:*:*)
-	echo mipsel-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    sgi:OpenBSD:*:*)
-	echo mipseb-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    sun3:OpenBSD:*:*)
-	echo m68k-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    wgrisc:OpenBSD:*:*)
-	echo mipsel-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    *:OpenBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    alpha:OSF1:*:*)
-	if test $UNAME_RELEASE = "V4.0"; then
-		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
-	fi
-	# A Vn.n version is a released version.
-	# A Tn.n version is a released field test version.
-	# A Xn.n version is an unreleased experimental baselevel.
-	# 1.2 uses "1.2" for uname -r.
-	cat <<EOF >$dummy.s
-	.data
-\$Lformat:
-	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
-
-	.text
-	.globl main
-	.align 4
-	.ent main
-main:
-	.frame \$30,16,\$26,0
-	ldgp \$29,0(\$27)
-	.prologue 1
-	.long 0x47e03d80 # implver \$0
-	lda \$2,-1
-	.long 0x47e20c21 # amask \$2,\$1
-	lda \$16,\$Lformat
-	mov \$0,\$17
-	not \$1,\$18
-	jsr \$26,printf
-	ldgp \$29,0(\$26)
-	mov 0,\$16
-	jsr \$26,exit
-	.end main
-EOF
-	eval $set_cc_for_build
-	$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
-	if test "$?" = 0 ; then
-		case `./$dummy` in
-			0-0)
-				UNAME_MACHINE="alpha"
-				;;
-			1-0)
-				UNAME_MACHINE="alphaev5"
-				;;
-			1-1)
-				UNAME_MACHINE="alphaev56"
-				;;
-			1-101)
-				UNAME_MACHINE="alphapca56"
-				;;
-			2-303)
-				UNAME_MACHINE="alphaev6"
-				;;
-			2-307)
-				UNAME_MACHINE="alphaev67"
-				;;
-			2-1307)
-				UNAME_MACHINE="alphaev68"
-				;;
-		esac
-	fi
-	rm -f $dummy.s $dummy
-	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-	exit 0 ;;
-    Alpha\ *:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# Should we change UNAME_MACHINE based on the output of uname instead
-	# of the specific Alpha model?
-	echo alpha-pc-interix
-	exit 0 ;;
-    21064:Windows_NT:50:3)
-	echo alpha-dec-winnt3.5
-	exit 0 ;;
-    Amiga*:UNIX_System_V:4.0:*)
-	echo m68k-unknown-sysv4
-	exit 0;;
-    *:[Aa]miga[Oo][Ss]:*:*)
-	echo ${UNAME_MACHINE}-unknown-amigaos
-	exit 0 ;;
-    *:[Mm]orph[Oo][Ss]:*:*)
-	echo ${UNAME_MACHINE}-unknown-morphos
-	exit 0 ;;
-    *:OS/390:*:*)
-	echo i370-ibm-openedition
-	exit 0 ;;
-    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
-	echo arm-acorn-riscix${UNAME_RELEASE}
-	exit 0;;
-    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
-	echo hppa1.1-hitachi-hiuxmpp
-	exit 0;;
-    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
-	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
-	if test "`(/bin/universe) 2>/dev/null`" = att ; then
-		echo pyramid-pyramid-sysv3
-	else
-		echo pyramid-pyramid-bsd
-	fi
-	exit 0 ;;
-    NILE*:*:*:dcosx)
-	echo pyramid-pyramid-svr4
-	exit 0 ;;
-    sun4H:SunOS:5.*:*)
-	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
-    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
-	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
-    i86pc:SunOS:5.*:*)
-	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
-    sun4*:SunOS:6*:*)
-	# According to config.sub, this is the proper way to canonicalize
-	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
-	# it's likely to be more like Solaris than SunOS4.
-	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
-    sun4*:SunOS:*:*)
-	case "`/usr/bin/arch -k`" in
-	    Series*|S4*)
-		UNAME_RELEASE=`uname -v`
-		;;
-	esac
-	# Japanese Language versions have a version number like `4.1.3-JL'.
-	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
-	exit 0 ;;
-    sun3*:SunOS:*:*)
-	echo m68k-sun-sunos${UNAME_RELEASE}
-	exit 0 ;;
-    sun*:*:4.2BSD:*)
-	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
-	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
-	case "`/bin/arch`" in
-	    sun3)
-		echo m68k-sun-sunos${UNAME_RELEASE}
-		;;
-	    sun4)
-		echo sparc-sun-sunos${UNAME_RELEASE}
-		;;
-	esac
-	exit 0 ;;
-    aushp:SunOS:*:*)
-	echo sparc-auspex-sunos${UNAME_RELEASE}
-	exit 0 ;;
-    # The situation for MiNT is a little confusing.  The machine name
-    # can be virtually everything (everything which is not
-    # "atarist" or "atariste" at least should have a processor
-    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
-    # to the lowercase version "mint" (or "freemint").  Finally
-    # the system name "TOS" denotes a system which is actually not
-    # MiNT.  But MiNT is downward compatible to TOS, so this should
-    # be no problem.
-    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
-        echo m68k-atari-mint${UNAME_RELEASE}
-	exit 0 ;;
-    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
-	echo m68k-atari-mint${UNAME_RELEASE}
-        exit 0 ;;
-    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
-        echo m68k-atari-mint${UNAME_RELEASE}
-	exit 0 ;;
-    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
-        echo m68k-milan-mint${UNAME_RELEASE}
-        exit 0 ;;
-    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
-        echo m68k-hades-mint${UNAME_RELEASE}
-        exit 0 ;;
-    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
-        echo m68k-unknown-mint${UNAME_RELEASE}
-        exit 0 ;;
-    powerpc:machten:*:*)
-	echo powerpc-apple-machten${UNAME_RELEASE}
-	exit 0 ;;
-    RISC*:Mach:*:*)
-	echo mips-dec-mach_bsd4.3
-	exit 0 ;;
-    RISC*:ULTRIX:*:*)
-	echo mips-dec-ultrix${UNAME_RELEASE}
-	exit 0 ;;
-    VAX*:ULTRIX*:*:*)
-	echo vax-dec-ultrix${UNAME_RELEASE}
-	exit 0 ;;
-    2020:CLIX:*:* | 2430:CLIX:*:*)
-	echo clipper-intergraph-clix${UNAME_RELEASE}
-	exit 0 ;;
-    mips:*:*:UMIPS | mips:*:*:RISCos)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-#ifdef __cplusplus
-#include <stdio.h>  /* for printf() prototype */
-	int main (int argc, char *argv[]) {
-#else
-	int main (argc, argv) int argc; char *argv[]; {
-#endif
-	#if defined (host_mips) && defined (MIPSEB)
-	#if defined (SYSTYPE_SYSV)
-	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
-	#endif
-	#if defined (SYSTYPE_SVR4)
-	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
-	#endif
-	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
-	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
-	#endif
-	#endif
-	  exit (-1);
-	}
-EOF
-	$CC_FOR_BUILD $dummy.c -o $dummy \
-	  && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-	  && rm -f $dummy.c $dummy && exit 0
-	rm -f $dummy.c $dummy
-	echo mips-mips-riscos${UNAME_RELEASE}
-	exit 0 ;;
-    Motorola:PowerMAX_OS:*:*)
-	echo powerpc-motorola-powermax
-	exit 0 ;;
-    Night_Hawk:Power_UNIX:*:*)
-	echo powerpc-harris-powerunix
-	exit 0 ;;
-    m88k:CX/UX:7*:*)
-	echo m88k-harris-cxux7
-	exit 0 ;;
-    m88k:*:4*:R4*)
-	echo m88k-motorola-sysv4
-	exit 0 ;;
-    m88k:*:3*:R3*)
-	echo m88k-motorola-sysv3
-	exit 0 ;;
-    AViiON:dgux:*:*)
-        # DG/UX returns AViiON for all architectures
-        UNAME_PROCESSOR=`/usr/bin/uname -p`
-	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
-	then
-	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
-	       [ ${TARGET_BINARY_INTERFACE}x = x ]
-	    then
-		echo m88k-dg-dgux${UNAME_RELEASE}
-	    else
-		echo m88k-dg-dguxbcs${UNAME_RELEASE}
-	    fi
-	else
-	    echo i586-dg-dgux${UNAME_RELEASE}
-	fi
- 	exit 0 ;;
-    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
-	echo m88k-dolphin-sysv3
-	exit 0 ;;
-    M88*:*:R3*:*)
-	# Delta 88k system running SVR3
-	echo m88k-motorola-sysv3
-	exit 0 ;;
-    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
-	echo m88k-tektronix-sysv3
-	exit 0 ;;
-    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
-	echo m68k-tektronix-bsd
-	exit 0 ;;
-    *:IRIX*:*:*)
-	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
-	exit 0 ;;
-    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
-	echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
-	exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
-    i*86:AIX:*:*)
-	echo i386-ibm-aix
-	exit 0 ;;
-    ia64:AIX:*:*)
-	if [ -x /usr/bin/oslevel ] ; then
-		IBM_REV=`/usr/bin/oslevel`
-	else
-		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
-	fi
-	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
-	exit 0 ;;
-    *:AIX:2:3)
-	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-		eval $set_cc_for_build
-		sed 's/^		//' << EOF >$dummy.c
-		#include <sys/systemcfg.h>
-
-		main()
-			{
-			if (!__power_pc())
-				exit(1);
-			puts("powerpc-ibm-aix3.2.5");
-			exit(0);
-			}
-EOF
-		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
-		rm -f $dummy.c $dummy
-		echo rs6000-ibm-aix3.2.5
-	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
-		echo rs6000-ibm-aix3.2.4
-	else
-		echo rs6000-ibm-aix3.2
-	fi
-	exit 0 ;;
-    *:AIX:*:[45])
-	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
-	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
-		IBM_ARCH=rs6000
-	else
-		IBM_ARCH=powerpc
-	fi
-	if [ -x /usr/bin/oslevel ] ; then
-		IBM_REV=`/usr/bin/oslevel`
-	else
-		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
-	fi
-	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
-	exit 0 ;;
-    *:AIX:*:*)
-	echo rs6000-ibm-aix
-	exit 0 ;;
-    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
-	echo romp-ibm-bsd4.4
-	exit 0 ;;
-    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
-	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
-	exit 0 ;;                           # report: romp-ibm BSD 4.3
-    *:BOSX:*:*)
-	echo rs6000-bull-bosx
-	exit 0 ;;
-    DPX/2?00:B.O.S.:*:*)
-	echo m68k-bull-sysv3
-	exit 0 ;;
-    9000/[34]??:4.3bsd:1.*:*)
-	echo m68k-hp-bsd
-	exit 0 ;;
-    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
-	echo m68k-hp-bsd4.4
-	exit 0 ;;
-    9000/[34678]??:HP-UX:*:*)
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	case "${UNAME_MACHINE}" in
-	    9000/31? )            HP_ARCH=m68000 ;;
-	    9000/[34]?? )         HP_ARCH=m68k ;;
-	    9000/[678][0-9][0-9])
-		if [ -x /usr/bin/getconf ]; then
-		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
-                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
-                    case "${sc_cpu_version}" in
-                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
-                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
-                      532)                      # CPU_PA_RISC2_0
-                        case "${sc_kernel_bits}" in
-                          32) HP_ARCH="hppa2.0n" ;;
-                          64) HP_ARCH="hppa2.0w" ;;
-			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
-                        esac ;;
-                    esac
-		fi
-		if [ "${HP_ARCH}" = "" ]; then
-		    eval $set_cc_for_build
-		    sed 's/^              //' << EOF >$dummy.c
-
-              #define _HPUX_SOURCE
-              #include <stdlib.h>
-              #include <unistd.h>
-
-              int main ()
-              {
-              #if defined(_SC_KERNEL_BITS)
-                  long bits = sysconf(_SC_KERNEL_BITS);
-              #endif
-                  long cpu  = sysconf (_SC_CPU_VERSION);
-
-                  switch (cpu)
-              	{
-              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
-              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
-              	case CPU_PA_RISC2_0:
-              #if defined(_SC_KERNEL_BITS)
-              	    switch (bits)
-              		{
-              		case 64: puts ("hppa2.0w"); break;
-              		case 32: puts ("hppa2.0n"); break;
-              		default: puts ("hppa2.0"); break;
-              		} break;
-              #else  /* !defined(_SC_KERNEL_BITS) */
-              	    puts ("hppa2.0"); break;
-              #endif
-              	default: puts ("hppa1.0"); break;
-              	}
-                  exit (0);
-              }
-EOF
-		    (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy`
-		    if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
-		    rm -f $dummy.c $dummy
-		fi ;;
-	esac
-	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
-	exit 0 ;;
-    ia64:HP-UX:*:*)
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	echo ia64-hp-hpux${HPUX_REV}
-	exit 0 ;;
-    3050*:HI-UX:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#include <unistd.h>
-	int
-	main ()
-	{
-	  long cpu = sysconf (_SC_CPU_VERSION);
-	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
-	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
-	     results, however.  */
-	  if (CPU_IS_PA_RISC (cpu))
-	    {
-	      switch (cpu)
-		{
-		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
-		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
-		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
-		  default: puts ("hppa-hitachi-hiuxwe2"); break;
-		}
-	    }
-	  else if (CPU_IS_HP_MC68K (cpu))
-	    puts ("m68k-hitachi-hiuxwe2");
-	  else puts ("unknown-hitachi-hiuxwe2");
-	  exit (0);
-	}
-EOF
-	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
-	rm -f $dummy.c $dummy
-	echo unknown-hitachi-hiuxwe2
-	exit 0 ;;
-    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
-	echo hppa1.1-hp-bsd
-	exit 0 ;;
-    9000/8??:4.3bsd:*:*)
-	echo hppa1.0-hp-bsd
-	exit 0 ;;
-    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
-	echo hppa1.0-hp-mpeix
-	exit 0 ;;
-    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
-	echo hppa1.1-hp-osf
-	exit 0 ;;
-    hp8??:OSF1:*:*)
-	echo hppa1.0-hp-osf
-	exit 0 ;;
-    i*86:OSF1:*:*)
-	if [ -x /usr/sbin/sysversion ] ; then
-	    echo ${UNAME_MACHINE}-unknown-osf1mk
-	else
-	    echo ${UNAME_MACHINE}-unknown-osf1
-	fi
-	exit 0 ;;
-    parisc*:Lites*:*:*)
-	echo hppa1.1-hp-lites
-	exit 0 ;;
-    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
-	echo c1-convex-bsd
-        exit 0 ;;
-    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
-	if getsysinfo -f scalar_acc
-	then echo c32-convex-bsd
-	else echo c2-convex-bsd
-	fi
-        exit 0 ;;
-    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
-	echo c34-convex-bsd
-        exit 0 ;;
-    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
-	echo c38-convex-bsd
-        exit 0 ;;
-    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
-	echo c4-convex-bsd
-        exit 0 ;;
-    CRAY*Y-MP:*:*:*)
-	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    CRAY*[A-Z]90:*:*:*)
-	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
-	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-	      -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    CRAY*TS:*:*:*)
-	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    CRAY*T3D:*:*:*)
-	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    CRAY*T3E:*:*:*)
-	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    CRAY*SV1:*:*:*)
-	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit 0 ;;
-    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
-	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
-        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
-        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-        exit 0 ;;
-    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
-	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
-	exit 0 ;;
-    sparc*:BSD/OS:*:*)
-	echo sparc-unknown-bsdi${UNAME_RELEASE}
-	exit 0 ;;
-    *:BSD/OS:*:*)
-	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
-	exit 0 ;;
-    *:FreeBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
-	exit 0 ;;
-    i*:CYGWIN*:*)
-	echo ${UNAME_MACHINE}-pc-cygwin
-	exit 0 ;;
-    i*:MINGW*:*)
-	echo ${UNAME_MACHINE}-pc-mingw32
-	exit 0 ;;
-    i*:PW*:*)
-	echo ${UNAME_MACHINE}-pc-pw32
-	exit 0 ;;
-    x86:Interix*:3*)
-	echo i386-pc-interix3
-	exit 0 ;;
-    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
-	# UNAME_MACHINE based on the output of uname instead of i386?
-	echo i386-pc-interix
-	exit 0 ;;
-    i*:UWIN*:*)
-	echo ${UNAME_MACHINE}-pc-uwin
-	exit 0 ;;
-    p*:CYGWIN*:*)
-	echo powerpcle-unknown-cygwin
-	exit 0 ;;
-    prep*:SunOS:5.*:*)
-	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit 0 ;;
-    *:GNU:*:*)
-	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
-	exit 0 ;;
-    i*86:Minix:*:*)
-	echo ${UNAME_MACHINE}-pc-minix
-	exit 0 ;;
-    arm*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
-    ia64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
-    m68*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
-    mips:Linux:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#undef CPU
-	#undef mips
-	#undef mipsel
-	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-	CPU=mipsel
-	#else
-	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-	CPU=mips
-	#else
-	CPU=
-	#endif
-	#endif
-EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	rm -f $dummy.c
-	test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
-	;;
-    ppc:Linux:*:*)
-	echo powerpc-unknown-linux-gnu
-	exit 0 ;;
-    ppc64:Linux:*:*)
-	echo powerpc64-unknown-linux-gnu
-	exit 0 ;;
-    alpha:Linux:*:*)
-	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
-	  EV5)   UNAME_MACHINE=alphaev5 ;;
-	  EV56)  UNAME_MACHINE=alphaev56 ;;
-	  PCA56) UNAME_MACHINE=alphapca56 ;;
-	  PCA57) UNAME_MACHINE=alphapca56 ;;
-	  EV6)   UNAME_MACHINE=alphaev6 ;;
-	  EV67)  UNAME_MACHINE=alphaev67 ;;
-	  EV68*) UNAME_MACHINE=alphaev68 ;;
-        esac
-	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
-	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
-	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
-	exit 0 ;;
-    parisc:Linux:*:* | hppa:Linux:*:*)
-	# Look for CPU level
-	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
-	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
-	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
-	  *)    echo hppa-unknown-linux-gnu ;;
-	esac
-	exit 0 ;;
-    parisc64:Linux:*:* | hppa64:Linux:*:*)
-	echo hppa64-unknown-linux-gnu
-	exit 0 ;;
-    s390:Linux:*:* | s390x:Linux:*:*)
-	echo ${UNAME_MACHINE}-ibm-linux
-	exit 0 ;;
-    sh*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
-    sparc:Linux:*:* | sparc64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-gnu
-	exit 0 ;;
-    x86_64:Linux:*:*)
-	echo x86_64-unknown-linux-gnu
-	exit 0 ;;
-    i*86:Linux:*:*)
-	# The BFD linker knows what the default object file format is, so
-	# first see if it will tell us. cd to the root directory to prevent
-	# problems with other programs or directories called `ld' in the path.
-	# Set LC_ALL=C to ensure ld outputs messages in English.
-	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
-			 | sed -ne '/supported targets:/!d
-				    s/[ 	][ 	]*/ /g
-				    s/.*supported targets: *//
-				    s/ .*//
-				    p'`
-        case "$ld_supported_targets" in
-	  elf32-i386)
-		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
-		;;
-	  a.out-i386-linux)
-		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
-		exit 0 ;;		
-	  coff-i386)
-		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
-		exit 0 ;;
-	  "")
-		# Either a pre-BFD a.out linker (linux-gnuoldld) or
-		# one that does not give us useful --help.
-		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
-		exit 0 ;;
-	esac
-	# Determine whether the default compiler is a.out or elf
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#include <features.h>
-	#ifdef __ELF__
-	# ifdef __GLIBC__
-	#  if __GLIBC__ >= 2
-	LIBC=gnu
-	#  else
-	LIBC=gnulibc1
-	#  endif
-	# else
-	LIBC=gnulibc1
-	# endif
-	#else
-	#ifdef __INTEL_COMPILER
-	LIBC=gnu
-	#else
-	LIBC=gnuaout
-	#endif
-	#endif
-EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	rm -f $dummy.c
-	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
-	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
-	;;
-    i*86:DYNIX/ptx:4*:*)
-	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
-	# earlier versions are messed up and put the nodename in both
-	# sysname and nodename.
-	echo i386-sequent-sysv4
-	exit 0 ;;
-    i*86:UNIX_SV:4.2MP:2.*)
-        # Unixware is an offshoot of SVR4, but it has its own version
-        # number series starting with 2...
-        # I am not positive that other SVR4 systems won't match this,
-	# I just have to hope.  -- rms.
-        # Use sysv4.2uw... so that sysv4* matches it.
-	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
-	exit 0 ;;
-    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
-	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
-	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
-	else
-		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
-	fi
-	exit 0 ;;
-    i*86:*:5:[78]*)
-	case `/bin/uname -X | grep "^Machine"` in
-	    *486*)	     UNAME_MACHINE=i486 ;;
-	    *Pentium)	     UNAME_MACHINE=i586 ;;
-	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
-	esac
-	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
-	exit 0 ;;
-    i*86:*:3.2:*)
-	if test -f /usr/options/cb.name; then
-		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
-		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
-	elif /bin/uname -X 2>/dev/null >/dev/null ; then
-		UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
-		(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
-		(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
-			&& UNAME_MACHINE=i586
-		(/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
-			&& UNAME_MACHINE=i686
-		(/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
-			&& UNAME_MACHINE=i686
-		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
-	else
-		echo ${UNAME_MACHINE}-pc-sysv32
-	fi
-	exit 0 ;;
-    i*86:*DOS:*:*)
-	echo ${UNAME_MACHINE}-pc-msdosdjgpp
-	exit 0 ;;
-    pc:*:*:*)
-	# Left here for compatibility:
-        # uname -m prints for DJGPP always 'pc', but it prints nothing about
-        # the processor, so we play safe by assuming i386.
-	echo i386-pc-msdosdjgpp
-        exit 0 ;;
-    Intel:Mach:3*:*)
-	echo i386-pc-mach3
-	exit 0 ;;
-    paragon:*:*:*)
-	echo i860-intel-osf1
-	exit 0 ;;
-    i860:*:4.*:*) # i860-SVR4
-	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
-	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
-	else # Add other i860-SVR4 vendors below as they are discovered.
-	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
-	fi
-	exit 0 ;;
-    mini*:CTIX:SYS*5:*)
-	# "miniframe"
-	echo m68010-convergent-sysv
-	exit 0 ;;
-    M68*:*:R3V[567]*:*)
-	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
-    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
-	OS_REL=''
-	test -r /etc/.relid \
-	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
-	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-	  && echo i486-ncr-sysv4.3${OS_REL} && exit 0
-	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-	  && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
-    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
-        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-          && echo i486-ncr-sysv4 && exit 0 ;;
-    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
-	echo m68k-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
-    mc68030:UNIX_System_V:4.*:*)
-	echo m68k-atari-sysv4
-	exit 0 ;;
-    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
-	echo i386-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
-    TSUNAMI:LynxOS:2.*:*)
-	echo sparc-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
-    rs6000:LynxOS:2.*:*)
-	echo rs6000-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
-    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
-	echo powerpc-unknown-lynxos${UNAME_RELEASE}
-	exit 0 ;;
-    SM[BE]S:UNIX_SV:*:*)
-	echo mips-dde-sysv${UNAME_RELEASE}
-	exit 0 ;;
-    RM*:ReliantUNIX-*:*:*)
-	echo mips-sni-sysv4
-	exit 0 ;;
-    RM*:SINIX-*:*:*)
-	echo mips-sni-sysv4
-	exit 0 ;;
-    *:SINIX-*:*:*)
-	if uname -p 2>/dev/null >/dev/null ; then
-		UNAME_MACHINE=`(uname -p) 2>/dev/null`
-		echo ${UNAME_MACHINE}-sni-sysv4
-	else
-		echo ns32k-sni-sysv
-	fi
-	exit 0 ;;
-    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
-                      # says <Richard.M.Bartel@ccMail.Census.GOV>
-        echo i586-unisys-sysv4
-        exit 0 ;;
-    *:UNIX_System_V:4*:FTX*)
-	# From Gerald Hewes <hewes@openmarket.com>.
-	# How about differentiating between stratus architectures? -djm
-	echo hppa1.1-stratus-sysv4
-	exit 0 ;;
-    *:*:*:FTX*)
-	# From seanf@swdc.stratus.com.
-	echo i860-stratus-sysv4
-	exit 0 ;;
-    *:VOS:*:*)
-	# From Paul.Green@stratus.com.
-	echo hppa1.1-stratus-vos
-	exit 0 ;;
-    mc68*:A/UX:*:*)
-	echo m68k-apple-aux${UNAME_RELEASE}
-	exit 0 ;;
-    news*:NEWS-OS:6*:*)
-	echo mips-sony-newsos6
-	exit 0 ;;
-    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
-	if [ -d /usr/nec ]; then
-	        echo mips-nec-sysv${UNAME_RELEASE}
-	else
-	        echo mips-unknown-sysv${UNAME_RELEASE}
-	fi
-        exit 0 ;;
-    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
-	echo powerpc-be-beos
-	exit 0 ;;
-    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
-	echo powerpc-apple-beos
-	exit 0 ;;
-    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
-	echo i586-pc-beos
-	exit 0 ;;
-    SX-4:SUPER-UX:*:*)
-	echo sx4-nec-superux${UNAME_RELEASE}
-	exit 0 ;;
-    SX-5:SUPER-UX:*:*)
-	echo sx5-nec-superux${UNAME_RELEASE}
-	exit 0 ;;
-    Power*:Rhapsody:*:*)
-	echo powerpc-apple-rhapsody${UNAME_RELEASE}
-	exit 0 ;;
-    *:Rhapsody:*:*)
-	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
-	exit 0 ;;
-    *:Darwin:*:*)
-	echo `uname -p`-apple-darwin${UNAME_RELEASE}
-	exit 0 ;;
-    *:procnto*:*:* | *:QNX:[0123456789]*:*)
-	UNAME_PROCESSOR=`uname -p`
-	if test "$UNAME_PROCESSOR" = "x86"; then
-		UNAME_PROCESSOR=i386
-		UNAME_MACHINE=pc
-	fi
-	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
-	exit 0 ;;
-    *:QNX:*:4*)
-	echo i386-pc-qnx
-	exit 0 ;;
-    NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*)
-	echo nsr-tandem-nsk${UNAME_RELEASE}
-	exit 0 ;;
-    *:NonStop-UX:*:*)
-	echo mips-compaq-nonstopux
-	exit 0 ;;
-    BS2000:POSIX*:*:*)
-	echo bs2000-siemens-sysv
-	exit 0 ;;
-    DS/*:UNIX_System_V:*:*)
-	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
-	exit 0 ;;
-    *:Plan9:*:*)
-	# "uname -m" is not consistent, so use $cputype instead. 386
-	# is converted to i386 for consistency with other x86
-	# operating systems.
-	if test "$cputype" = "386"; then
-	    UNAME_MACHINE=i386
-	else
-	    UNAME_MACHINE="$cputype"
-	fi
-	echo ${UNAME_MACHINE}-unknown-plan9
-	exit 0 ;;
-    i*86:OS/2:*:*)
-	# If we were able to find `uname', then EMX Unix compatibility
-	# is probably installed.
-	echo ${UNAME_MACHINE}-pc-os2-emx
-	exit 0 ;;
-    *:TOPS-10:*:*)
-	echo pdp10-unknown-tops10
-	exit 0 ;;
-    *:TENEX:*:*)
-	echo pdp10-unknown-tenex
-	exit 0 ;;
-    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
-	echo pdp10-dec-tops20
-	exit 0 ;;
-    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
-	echo pdp10-xkl-tops20
-	exit 0 ;;
-    *:TOPS-20:*:*)
-	echo pdp10-unknown-tops20
-	exit 0 ;;
-    *:ITS:*:*)
-	echo pdp10-unknown-its
-	exit 0 ;;
-    i*86:XTS-300:*:STOP)
-	echo ${UNAME_MACHINE}-unknown-stop
-	exit 0 ;;
-    i*86:atheos:*:*)
-	echo ${UNAME_MACHINE}-unknown-atheos
-	exit 0 ;;
-esac
-
-#echo '(No uname command or uname output not recognized.)' 1>&2
-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
-
-eval $set_cc_for_build
-cat >$dummy.c <<EOF
-#ifdef _SEQUENT_
-# include <sys/types.h>
-# include <sys/utsname.h>
-#endif
-main ()
-{
-#if defined (sony)
-#if defined (MIPSEB)
-  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
-     I don't know....  */
-  printf ("mips-sony-bsd\n"); exit (0);
-#else
-#include <sys/param.h>
-  printf ("m68k-sony-newsos%s\n",
-#ifdef NEWSOS4
-          "4"
-#else
-	  ""
-#endif
-         ); exit (0);
-#endif
-#endif
-
-#if defined (__arm) && defined (__acorn) && defined (__unix)
-  printf ("arm-acorn-riscix"); exit (0);
-#endif
-
-#if defined (hp300) && !defined (hpux)
-  printf ("m68k-hp-bsd\n"); exit (0);
-#endif
-
-#if defined (NeXT)
-#if !defined (__ARCHITECTURE__)
-#define __ARCHITECTURE__ "m68k"
-#endif
-  int version;
-  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
-  if (version < 4)
-    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
-  else
-    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
-  exit (0);
-#endif
-
-#if defined (MULTIMAX) || defined (n16)
-#if defined (UMAXV)
-  printf ("ns32k-encore-sysv\n"); exit (0);
-#else
-#if defined (CMU)
-  printf ("ns32k-encore-mach\n"); exit (0);
-#else
-  printf ("ns32k-encore-bsd\n"); exit (0);
-#endif
-#endif
-#endif
-
-#if defined (__386BSD__)
-  printf ("i386-pc-bsd\n"); exit (0);
-#endif
-
-#if defined (sequent)
-#if defined (i386)
-  printf ("i386-sequent-dynix\n"); exit (0);
-#endif
-#if defined (ns32000)
-  printf ("ns32k-sequent-dynix\n"); exit (0);
-#endif
-#endif
-
-#if defined (_SEQUENT_)
-    struct utsname un;
-
-    uname(&un);
-
-    if (strncmp(un.version, "V2", 2) == 0) {
-	printf ("i386-sequent-ptx2\n"); exit (0);
-    }
-    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
-	printf ("i386-sequent-ptx1\n"); exit (0);
-    }
-    printf ("i386-sequent-ptx\n"); exit (0);
-
-#endif
-
-#if defined (vax)
-# if !defined (ultrix)
-#  include <sys/param.h>
-#  if defined (BSD)
-#   if BSD == 43
-      printf ("vax-dec-bsd4.3\n"); exit (0);
-#   else
-#    if BSD == 199006
-      printf ("vax-dec-bsd4.3reno\n"); exit (0);
-#    else
-      printf ("vax-dec-bsd\n"); exit (0);
-#    endif
-#   endif
-#  else
-    printf ("vax-dec-bsd\n"); exit (0);
-#  endif
-# else
-    printf ("vax-dec-ultrix\n"); exit (0);
-# endif
-#endif
-
-#if defined (alliant) && defined (i860)
-  printf ("i860-alliant-bsd\n"); exit (0);
-#endif
-
-  exit (1);
-}
-EOF
-
-$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0
-rm -f $dummy.c $dummy
-
-# Apollos put the system type in the environment.
-
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
-
-# Convex versions that predate uname can use getsysinfo(1)
-
-if [ -x /usr/convex/getsysinfo ]
-then
-    case `getsysinfo -f cpu_type` in
-    c1*)
-	echo c1-convex-bsd
-	exit 0 ;;
-    c2*)
-	if getsysinfo -f scalar_acc
-	then echo c32-convex-bsd
-	else echo c2-convex-bsd
-	fi
-	exit 0 ;;
-    c34*)
-	echo c34-convex-bsd
-	exit 0 ;;
-    c38*)
-	echo c38-convex-bsd
-	exit 0 ;;
-    c4*)
-	echo c4-convex-bsd
-	exit 0 ;;
-    esac
-fi
-
-cat >&2 <<EOF
-$0: unable to guess system type
-
-This script, last modified $timestamp, has failed to recognize
-the operating system you are using. It is advised that you
-download the most up to date version of the config scripts from
-
-    ftp://ftp.gnu.org/pub/gnu/config/
-
-If the version you run ($0) is already up to date, please
-send the following data and any information you think might be
-pertinent to <config-patches@gnu.org> in order to provide the needed
-information to handle your system.
-
-config.guess timestamp = $timestamp
-
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
-
-hostinfo               = `(hostinfo) 2>/dev/null`
-/bin/universe          = `(/bin/universe) 2>/dev/null`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
-/bin/arch              = `(/bin/arch) 2>/dev/null`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
-
-UNAME_MACHINE = ${UNAME_MACHINE}
-UNAME_RELEASE = ${UNAME_RELEASE}
-UNAME_SYSTEM  = ${UNAME_SYSTEM}
-UNAME_VERSION = ${UNAME_VERSION}
-EOF
-
-exit 1
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
diff --git a/crypto/heimdal/config.log b/crypto/heimdal/config.log
deleted file mode 100644
index ee5052a9ca87..000000000000
--- a/crypto/heimdal/config.log
+++ /dev/null
@@ -1,8316 +0,0 @@
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by Heimdal configure 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  $ ./configure --enable-shared
-
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = shade.nectar.cc
-uname -m = i386
-uname -r = 5.0-CURRENT
-uname -s = FreeBSD
-uname -v = FreeBSD 5.0-CURRENT #30: Thu Aug 22 12:04:07 CDT 2002     nectar@shade.nectar.cc:/usr/obj/usr/src/sys/SHADE 
-
-/usr/bin/uname -p = i386
-/bin/uname -X     = unknown
-
-/bin/arch              = unknown
-/usr/bin/arch -k       = unknown
-/usr/convex/getsysinfo = unknown
-hostinfo               = unknown
-/bin/machine           = unknown
-/usr/bin/oslevel       = unknown
-/bin/universe          = unknown
-
-PATH: /usr/local/bin
-PATH: /usr/local/sbin
-PATH: /usr/X11R6/bin
-PATH: /usr/X11R6/sbin
-PATH: /usr/bin
-PATH: /usr/sbin
-PATH: /bin
-PATH: /sbin
-PATH: /usr/games
-PATH: /home/nectar/bin
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-configure:1473: checking for gcc
-configure:1489: found /usr/bin/gcc
-configure:1499: result: gcc
-configure:1743: checking for C compiler version
-configure:1746: gcc --version </dev/null >&5
-gcc (GCC) 3.1 [FreeBSD] 20020509 (prerelease)
-Copyright (C) 2002 Free Software Foundation, Inc.
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-configure:1749: $? = 0
-configure:1751: gcc -v </dev/null >&5
-Using built-in specs.
-Configured with: FreeBSD/i386 system compiler
-Thread model: posix
-gcc version 3.1 [FreeBSD] 20020509 (prerelease)
-configure:1754: $? = 0
-configure:1756: gcc -V </dev/null >&5
-gcc: argument to `-V' is missing
-configure:1759: $? = 1
-configure:1785: checking for C compiler default output
-configure:1788: gcc    conftest.c  >&5
-configure:1791: $? = 0
-configure:1824: result: a.out
-configure:1829: checking whether the C compiler works
-configure:1835: ./a.out
-configure:1838: $? = 0
-configure:1853: result: yes
-configure:1860: checking whether we are cross compiling
-configure:1862: result: no
-configure:1865: checking for suffix of executables
-configure:1867: gcc -o conftest    conftest.c  >&5
-configure:1870: $? = 0
-configure:1892: result: 
-configure:1898: checking for suffix of object files
-configure:1922: gcc -c   conftest.c >&5
-configure:1925: $? = 0
-configure:1944: result: o
-configure:1948: checking whether we are using the GNU C compiler
-configure:1975: gcc -c   conftest.c >&5
-configure:1978: $? = 0
-configure:1981: test -s conftest.o
-configure:1984: $? = 0
-configure:1996: result: yes
-configure:2002: checking whether gcc accepts -g
-configure:2026: gcc -c -g  conftest.c >&5
-configure:2029: $? = 0
-configure:2032: test -s conftest.o
-configure:2035: $? = 0
-configure:2045: result: yes
-configure:2072: gcc -c -g -O2  conftest.c >&5
-conftest.c:2: syntax error before "me"
-configure:2075: $? = 1
-configure: failed program was:
-#ifndef __cplusplus
-  choke me
-#endif
-configure:2190: checking how to run the C preprocessor
-configure:2216: gcc -E  conftest.c
-configure:2222: $? = 0
-configure:2249: gcc -E  conftest.c
-configure:2246:28: ac_nonexistent.h: No such file or directory
-configure:2255: $? = 1
-configure: failed program was:
-#line 2245 "configure"
-#include "confdefs.h"
-#include <ac_nonexistent.h>
-configure:2292: result: gcc -E
-configure:2307: gcc -E  conftest.c
-configure:2313: $? = 0
-configure:2340: gcc -E  conftest.c
-configure:2337:28: ac_nonexistent.h: No such file or directory
-configure:2346: $? = 1
-configure: failed program was:
-#line 2336 "configure"
-#include "confdefs.h"
-#include <ac_nonexistent.h>
-configure:2386: checking for gcc option to accept ANSI C
-configure:2449: gcc  -c -g -O2  conftest.c >&5
-configure:2452: $? = 0
-configure:2455: test -s conftest.o
-configure:2458: $? = 0
-configure:2475: result: none needed
-configure:2522: checking for a BSD-compatible install
-configure:2576: result: /usr/bin/install -c
-configure:2587: checking whether build environment is sane
-configure:2630: result: yes
-configure:2663: checking for gawk
-configure:2679: found /usr/bin/gawk
-configure:2689: result: gawk
-configure:2699: checking whether make sets ${MAKE}
-configure:2719: result: yes
-configure:2748: checking for style of include used by make
-configure:2776: result: GNU
-configure:2938: checking dependency style of gcc
-configure:3000: result: none
-configure:3018: checking build system type
-configure:3036: result: i386-unknown-freebsd5.0
-configure:3044: checking host system type
-configure:3058: result: i386-unknown-freebsd5.0
-configure:3082: checking for bison
-configure:3098: found /usr/local/bin/bison
-configure:3108: result: bison -y
-configure:3123: checking for flex
-configure:3139: found /usr/bin/flex
-configure:3149: result: flex
-configure:3162: checking for yywrap in -lfl
-configure:3195: gcc -o conftest -g -O2   conftest.c -lfl   >&5
-configure:3198: $? = 0
-configure:3201: test -s conftest
-configure:3204: $? = 0
-configure:3215: result: yes
-configure:3284: checking lex output file root
-configure:3295: flex conftest.l
-configure:3298: $? = 0
-configure:3310: result: lex.yy
-configure:3315: checking whether yytext is a pointer
-configure:3331: gcc -o conftest -g -O2   conftest.c  -lfl >&5
-configure:3334: $? = 0
-configure:3337: test -s conftest
-configure:3340: $? = 0
-configure:3352: result: yes
-configure:3370: checking for gawk
-configure:3396: result: gawk
-configure:3406: checking for ln -s or something else
-configure:3427: result: ln -s
-configure:3603: checking for __attribute__
-configure:3638: gcc  -c -g -O2  conftest.c >&5
-configure:3641: $? = 0
-configure:3644: test -s conftest.o
-configure:3647: $? = 0
-configure:3665: result: yes
-configure:3757: checking for ld used by GCC
-configure:3820: result: /usr/libexec/elf/ld
-configure:3829: checking if the linker (/usr/libexec/elf/ld) is GNU ld
-GNU ld version 2.12.0 [FreeBSD] 2002-04-10
-configure:3841: result: yes
-configure:3846: checking for /usr/libexec/elf/ld option to reload object files
-configure:3853: result: -r
-configure:3858: checking for BSD-compatible nm
-configure:3894: result: /usr/bin/nm -B
-configure:3897: checking whether ln -s works
-configure:3901: result: yes
-configure:3908: checking how to recognise dependant libraries
-configure:4086: result: pass_all
-configure:4096: checking command to parse /usr/bin/nm -B output
-configure:4177: gcc  -c -g -O2  conftest.c >&5
-configure:4180: $? = 0
-configure:4184: /usr/bin/nm -B conftest.o \| sed -n -e 's/^.*[ 	]\([ABCDGISTW][ABCDGISTW]*\)[ 	][ 	]*\(\)\([_A-Za-z][_A-Za-z0-9]*\)$/\1 \2\3 \3/p' \> conftest.nm
-configure:4187: $? = 0
-configure:4239: gcc  -o conftest -g -O2   conftest.c conftstm.o >&5
-configure:4242: $? = 0
-configure:4286: result: ok
-configure:4291: checking for ANSI C header files
-configure:4305: gcc -E  conftest.c
-configure:4311: $? = 0
-configure:4398: gcc  -o conftest -g -O2   conftest.c  >&5
-configure:4401: $? = 0
-configure:4403: ./conftest
-configure:4406: $? = 0
-configure:4420: result: yes
-configure:4444: checking for sys/types.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for sys/stat.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for stdlib.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for string.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for memory.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for strings.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for inttypes.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for stdint.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4444: checking for unistd.h
-configure:4457: gcc  -c -g -O2  conftest.c >&5
-configure:4460: $? = 0
-configure:4463: test -s conftest.o
-configure:4466: $? = 0
-configure:4476: result: yes
-configure:4502: checking dlfcn.h usability
-configure:4511: gcc  -c -g -O2  conftest.c >&5
-configure:4514: $? = 0
-configure:4517: test -s conftest.o
-configure:4520: $? = 0
-configure:4529: result: yes
-configure:4533: checking dlfcn.h presence
-configure:4540: gcc -E  conftest.c
-configure:4546: $? = 0
-configure:4564: result: yes
-configure:4582: checking for dlfcn.h
-configure:4589: result: yes
-configure:4786: checking for ranlib
-configure:4802: found /usr/bin/ranlib
-configure:4813: result: ranlib
-configure:4866: checking for strip
-configure:4882: found /usr/bin/strip
-configure:4893: result: strip
-configure:5104: checking for objdir
-configure:5115: result: .libs
-configure:5132: checking for gcc option to produce PIC
-configure:5282: result: -fPIC
-configure:5286: checking if gcc PIC flag -fPIC works
-configure:5312: gcc  -c -g -O2 -fPIC -DPIC  conftest.c >&5
-configure:5315: $? = 0
-configure:5318: test -s conftest.o
-configure:5321: $? = 0
-configure:5358: result: yes
-configure:5374: checking if gcc static flag -static works
-configure:5401: gcc  -o conftest -g -O2   -static conftest.c  >&5
-configure:5404: $? = 0
-configure:5407: test -s conftest
-configure:5410: $? = 0
-configure:5425: result: yes
-configure:5437: checking if gcc supports -c -o file.o
-configure:5457: gcc  -c -g -O2 -o out/conftest2.o  conftest.c >&5
-configure:5481: result: yes
-configure:5486: checking if gcc supports -c -o file.lo
-configure:5516: gcc  -c -g -O2 -c -o conftest.lo  conftest.c >&5
-configure:5519: $? = 0
-configure:5522: test -s conftest.lo
-configure:5525: $? = 0
-configure:5546: result: yes
-configure:5577: checking if gcc supports -fno-rtti -fno-exceptions
-configure:5602: gcc  -c -g -O2 -fno-rtti -fno-exceptions -c conftest.c  conftest.c >&5
-configure:5605: $? = 0
-configure:5608: test -s conftest.o
-configure:5611: $? = 0
-configure:5627: result: yes
-configure:5638: checking whether the linker (/usr/libexec/elf/ld) supports shared libraries
-configure:6318: result: yes
-configure:6323: checking how to hardcode library paths into programs
-configure:6347: result: immediate
-configure:6352: checking whether stripping libraries is possible
-configure:6357: result: yes
-configure:6368: checking dynamic linker characteristics
-configure:6761: result: freebsd5.0 ld.so
-configure:6766: checking if libtool supports shared libraries
-configure:6768: result: yes
-configure:6771: checking whether to build shared libraries
-configure:6792: result: yes
-configure:6795: checking whether to build static libraries
-configure:6799: result: yes
-configure:7461: checking whether -lc should be explicitly linked in
-configure:7469: gcc  -c -g -O2  conftest.c >&5
-configure:7472: $? = 0
-configure:7486: gcc  -shared conftest.o  -v -Wl,-soname -Wl,conftest -o conftest 2\>\&1 \| grep  -lc  \>/dev/null 2\>\&1
-configure:7489: $? = 1
-configure:7502: result: yes
-configure:8123: checking db4/db.h usability
-configure:8132: gcc  -c -g -O2  conftest.c >&5
-configure:8161:20: db4/db.h: No such file or directory
-configure:8135: $? = 1
-configure: failed program was:
-#line 8126 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <db4/db.h>
-configure:8150: result: no
-configure:8154: checking db4/db.h presence
-configure:8161: gcc -E  conftest.c
-configure:8158:20: db4/db.h: No such file or directory
-configure:8167: $? = 1
-configure: failed program was:
-#line 8157 "configure"
-#include "confdefs.h"
-#include <db4/db.h>
-configure:8185: result: no
-configure:8203: checking for db4/db.h
-configure:8210: result: no
-configure:8123: checking db3/db.h usability
-configure:8132: gcc  -c -g -O2  conftest.c >&5
-configure:8161:20: db3/db.h: No such file or directory
-configure:8135: $? = 1
-configure: failed program was:
-#line 8126 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <db3/db.h>
-configure:8150: result: no
-configure:8154: checking db3/db.h presence
-configure:8161: gcc -E  conftest.c
-configure:8158:20: db3/db.h: No such file or directory
-configure:8167: $? = 1
-configure: failed program was:
-#line 8157 "configure"
-#include "confdefs.h"
-#include <db3/db.h>
-configure:8185: result: no
-configure:8203: checking for db3/db.h
-configure:8210: result: no
-configure:8123: checking db.h usability
-configure:8132: gcc  -c -g -O2  conftest.c >&5
-configure:8135: $? = 0
-configure:8138: test -s conftest.o
-configure:8141: $? = 0
-configure:8150: result: yes
-configure:8154: checking db.h presence
-configure:8161: gcc -E  conftest.c
-configure:8167: $? = 0
-configure:8185: result: yes
-configure:8203: checking for db.h
-configure:8210: result: yes
-configure:8123: checking db_185.h usability
-configure:8132: gcc  -c -g -O2  conftest.c >&5
-configure:8161:20: db_185.h: No such file or directory
-configure:8135: $? = 1
-configure: failed program was:
-#line 8126 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <db_185.h>
-configure:8150: result: no
-configure:8154: checking db_185.h presence
-configure:8161: gcc -E  conftest.c
-configure:8158:20: db_185.h: No such file or directory
-configure:8167: $? = 1
-configure: failed program was:
-#line 8157 "configure"
-#include "confdefs.h"
-#include <db_185.h>
-configure:8185: result: no
-configure:8203: checking for db_185.h
-configure:8210: result: no
-configure:8228: checking for db_create
-configure:8273: gcc  -o conftest -g -O2   conftest.c     >&5
-/var/tmp//ccHtREmr.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:8266: undefined reference to `db_create'
-configure:8276: $? = 1
-configure: failed program was:
-#line 8246 "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-configure:8273: gcc  -o conftest -g -O2   conftest.c  -ldb4   >&5
-/usr/libexec/elf/ld: cannot find -ldb4
-configure:8276: $? = 1
-configure: failed program was:
-#line 8246 "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-configure:8273: gcc  -o conftest -g -O2   conftest.c  -ldb3   >&5
-/usr/libexec/elf/ld: cannot find -ldb3
-configure:8276: $? = 1
-configure: failed program was:
-#line 8246 "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-configure:8273: gcc  -o conftest -g -O2   conftest.c  -ldb   >&5
-/usr/libexec/elf/ld: cannot find -ldb
-configure:8276: $? = 1
-configure: failed program was:
-#line 8246 "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-configure:8397: result: no
-configure:8436: checking for dbopen
-configure:8483: gcc  -o conftest -g -O2   conftest.c     >&5
-configure:8486: $? = 0
-configure:8489: test -s conftest
-configure:8492: $? = 0
-configure:8601: result: yes
-configure:8647: checking for dbm_firstkey
-configure:8688: gcc  -o conftest -g -O2   conftest.c     >&5
-configure:8670: syntax error before '*' token
-configure:8670: warning: data definition has no type or storage class
-configure:8691: $? = 1
-configure: failed program was:
-#line 8665 "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-configure:8812: result: no
-configure:8877: checking dbm.h usability
-configure:8886: gcc  -c -g -O2  conftest.c >&5
-configure:8915:17: dbm.h: No such file or directory
-configure:8889: $? = 1
-configure: failed program was:
-#line 8880 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <dbm.h>
-configure:8904: result: no
-configure:8908: checking dbm.h presence
-configure:8915: gcc -E  conftest.c
-configure:8912:17: dbm.h: No such file or directory
-configure:8921: $? = 1
-configure: failed program was:
-#line 8911 "configure"
-#include "confdefs.h"
-#include <dbm.h>
-configure:8939: result: no
-configure:8957: checking for dbm.h
-configure:8964: result: no
-configure:8877: checking ndbm.h usability
-configure:8886: gcc  -c -g -O2  conftest.c >&5
-configure:8889: $? = 0
-configure:8892: test -s conftest.o
-configure:8895: $? = 0
-configure:8904: result: yes
-configure:8908: checking ndbm.h presence
-configure:8915: gcc -E  conftest.c
-configure:8921: $? = 0
-configure:8939: result: yes
-configure:8957: checking for ndbm.h
-configure:8964: result: yes
-configure:8981: checking for dbm_firstkey
-configure:9025: gcc  -o conftest -g -O2   conftest.c     >&5
-configure:9028: $? = 0
-configure:9031: test -s conftest
-configure:9034: $? = 0
-configure:9143: result: yes
-configure:9516: checking if ndbm is implemented with db
-configure:9548: gcc  -o conftest -g -O2   conftest.c  >&5
-configure:9551: $? = 0
-configure:9553: ./conftest
-configure:9556: $? = 0
-configure:9560: result: yes
-configure:9617: checking for inline
-configure:9634: gcc  -c -g -O2  conftest.c >&5
-configure:9637: $? = 0
-configure:9640: test -s conftest.o
-configure:9643: $? = 0
-configure:9654: result: inline
-configure:9669: checking for an ANSI C-conforming const
-configure:9739: gcc  -c -g -O2  conftest.c >&5
-configure:9742: $? = 0
-configure:9745: test -s conftest.o
-configure:9748: $? = 0
-configure:9758: result: yes
-configure:9768: checking for size_t
-configure:9795: gcc  -c -g -O2  conftest.c >&5
-configure:9798: $? = 0
-configure:9801: test -s conftest.o
-configure:9804: $? = 0
-configure:9814: result: yes
-configure:9826: checking for pid_t
-configure:9853: gcc  -c -g -O2  conftest.c >&5
-configure:9856: $? = 0
-configure:9859: test -s conftest.o
-configure:9862: $? = 0
-configure:9872: result: yes
-configure:9884: checking for uid_t in sys/types.h
-configure:9904: result: yes
-configure:9920: checking return type of signal handlers
-configure:9954: gcc  -c -g -O2  conftest.c >&5
-configure:9957: $? = 0
-configure:9960: test -s conftest.o
-configure:9963: $? = 0
-configure:9973: result: void
-configure:9992: checking whether time.h and sys/time.h may both be included
-configure:10020: gcc  -c -g -O2  conftest.c >&5
-configure:10023: $? = 0
-configure:10026: test -s conftest.o
-configure:10029: $? = 0
-configure:10039: result: yes
-configure:10064: checking standards.h usability
-configure:10073: gcc  -c -g -O2  conftest.c >&5
-configure:10102:23: standards.h: No such file or directory
-configure:10076: $? = 1
-configure: failed program was:
-#line 10067 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <standards.h>
-configure:10091: result: no
-configure:10095: checking standards.h presence
-configure:10102: gcc -E  conftest.c
-configure:10099:23: standards.h: No such file or directory
-configure:10108: $? = 1
-configure: failed program was:
-#line 10098 "configure"
-#include "confdefs.h"
-#include <standards.h>
-configure:10126: result: no
-configure:10144: checking for standards.h
-configure:10151: result: no
-configure:10168: checking for netinet/ip.h
-configure:10183: gcc -E  conftest.c
-configure:10189: $? = 0
-configure:10208: result: yes
-configure:10168: checking for netinet/tcp.h
-configure:10183: gcc -E  conftest.c
-configure:10189: $? = 0
-configure:10208: result: yes
-configure:10343: checking for getlogin
-configure:10386: gcc  -o conftest -g -O2   conftest.c  >&5
-configure:10389: $? = 0
-configure:10392: test -s conftest
-configure:10395: $? = 0
-configure:10405: result: yes
-configure:10343: checking for setlogin
-configure:10386: gcc  -o conftest -g -O2   conftest.c  >&5
-configure:10389: $? = 0
-configure:10392: test -s conftest
-configure:10395: $? = 0
-configure:10405: result: yes
-configure:10416: checking if getlogin is posix
-configure:10429: result: no
-configure:10441: checking if realloc if broken
-configure:10465: gcc  -o conftest -g -O2   conftest.c  >&5
-configure:10468: $? = 0
-configure:10470: ./conftest
-configure:10473: $? = 0
-configure:10487: result: no
-configure:10541: checking for ssize_t
-configure:10570: gcc  -c -g -O2  conftest.c >&5
-configure:10573: $? = 0
-configure:10576: test -s conftest.o
-configure:10579: $? = 0
-configure:10590: result: yes
-configure:10665: checking for long long
-configure:10694: gcc  -c -g -O2  conftest.c >&5
-configure:10697: $? = 0
-configure:10700: test -s conftest.o
-configure:10703: $? = 0
-configure:10714: result: yes
-configure:10892: checking arpa/inet.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking arpa/inet.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for arpa/inet.h
-configure:10979: result: yes
-configure:10892: checking arpa/nameser.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking arpa/nameser.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for arpa/nameser.h
-configure:10979: result: yes
-configure:10892: checking config.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:20: config.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <config.h>
-configure:10919: result: no
-configure:10923: checking config.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:20: config.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <config.h>
-configure:10954: result: no
-configure:10972: checking for config.h
-configure:10979: result: no
-configure:10892: checking crypt.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:19: crypt.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <crypt.h>
-configure:10919: result: no
-configure:10923: checking crypt.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:19: crypt.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <crypt.h>
-configure:10954: result: no
-configure:10972: checking for crypt.h
-configure:10979: result: no
-configure:10892: checking dirent.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking dirent.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for dirent.h
-configure:10979: result: yes
-configure:10892: checking errno.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking errno.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for errno.h
-configure:10979: result: yes
-configure:10892: checking err.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking err.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for err.h
-configure:10979: result: yes
-configure:10892: checking fcntl.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking fcntl.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for fcntl.h
-configure:10979: result: yes
-configure:10892: checking grp.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking grp.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for grp.h
-configure:10979: result: yes
-configure:10892: checking ifaddrs.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking ifaddrs.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for ifaddrs.h
-configure:10979: result: yes
-configure:10892: checking net/if.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-In file included from configure:10930:
-/usr/include/net/if.h:225: field `ifru_addr' has incomplete type
-/usr/include/net/if.h:226: field `ifru_dstaddr' has incomplete type
-/usr/include/net/if.h:227: field `ifru_broadaddr' has incomplete type
-/usr/include/net/if.h:259: field `ifra_addr' has incomplete type
-/usr/include/net/if.h:260: field `ifra_broadaddr' has incomplete type
-/usr/include/net/if.h:261: field `ifra_mask' has incomplete type
-/usr/include/net/if.h:262: confused by earlier errors, bailing out
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <net/if.h>
-configure:10919: result: no
-configure:10923: checking net/if.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10965: WARNING: net/if.h: present but cannot be compiled
-configure:10967: WARNING: net/if.h: check for missing prerequisite headers?
-configure:10969: WARNING: net/if.h: proceeding with the preprocessor's result
-configure:10972: checking for net/if.h
-configure:10979: result: yes
-configure:10892: checking netdb.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking netdb.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for netdb.h
-configure:10979: result: yes
-configure:10892: checking netinet/in.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking netinet/in.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for netinet/in.h
-configure:10979: result: yes
-configure:10892: checking netinet/in6.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:25: netinet/in6.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <netinet/in6.h>
-configure:10919: result: no
-configure:10923: checking netinet/in6.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:25: netinet/in6.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <netinet/in6.h>
-configure:10954: result: no
-configure:10972: checking for netinet/in6.h
-configure:10979: result: no
-configure:10892: checking netinet/in_systm.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking netinet/in_systm.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for netinet/in_systm.h
-configure:10979: result: yes
-configure:10892: checking netinet6/in6.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-In file included from configure:10930:
-/usr/include/netinet6/in6.h:69:2: #error "do not include netinet6/in6.h directly, include netinet/in.h.  see RFC2553"
-In file included from configure:10930:
-/usr/include/netinet6/in6.h:151: syntax error before "sa_family_t"
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <netinet6/in6.h>
-configure:10919: result: no
-configure:10923: checking netinet6/in6.h presence
-configure:10930: gcc -E  conftest.c
-In file included from configure:10927:
-/usr/include/netinet6/in6.h:69:2: #error "do not include netinet6/in6.h directly, include netinet/in.h.  see RFC2553"
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <netinet6/in6.h>
-configure:10954: result: no
-configure:10972: checking for netinet6/in6.h
-configure:10979: result: no
-configure:10892: checking netinet6/in6_var.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-In file included from configure:10930:
-/usr/include/netinet6/in6_var.h:94: field `ia_ifa' has incomplete type
-/usr/include/netinet6/in6_var.h:97: field `ia_addr' has incomplete type
-/usr/include/netinet6/in6_var.h:98: field `ia_net' has incomplete type
-/usr/include/netinet6/in6_var.h:99: field `ia_dstaddr' has incomplete type
-/usr/include/netinet6/in6_var.h:100: field `ia_prefixmask' has incomplete type
-/usr/include/netinet6/in6_var.h:111: confused by earlier errors, bailing out
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <netinet6/in6_var.h>
-configure:10919: result: no
-configure:10923: checking netinet6/in6_var.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10965: WARNING: netinet6/in6_var.h: present but cannot be compiled
-configure:10967: WARNING: netinet6/in6_var.h: check for missing prerequisite headers?
-configure:10969: WARNING: netinet6/in6_var.h: proceeding with the preprocessor's result
-configure:10972: checking for netinet6/in6_var.h
-configure:10979: result: yes
-configure:10892: checking paths.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking paths.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for paths.h
-configure:10979: result: yes
-configure:10892: checking pwd.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking pwd.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for pwd.h
-configure:10979: result: yes
-configure:10892: checking resolv.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-In file included from configure:10930:
-/usr/include/resolv.h:104: field `nsaddr_list' has incomplete type
-/usr/include/resolv.h:114: field `addr' has incomplete type
-/usr/include/resolv.h:116: confused by earlier errors, bailing out
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <resolv.h>
-configure:10919: result: no
-configure:10923: checking resolv.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10965: WARNING: resolv.h: present but cannot be compiled
-configure:10967: WARNING: resolv.h: check for missing prerequisite headers?
-configure:10969: WARNING: resolv.h: proceeding with the preprocessor's result
-configure:10972: checking for resolv.h
-configure:10979: result: yes
-configure:10892: checking rpcsvc/ypclnt.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking rpcsvc/ypclnt.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for rpcsvc/ypclnt.h
-configure:10979: result: yes
-configure:10892: checking shadow.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:20: shadow.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <shadow.h>
-configure:10919: result: no
-configure:10923: checking shadow.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:20: shadow.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <shadow.h>
-configure:10954: result: no
-configure:10972: checking for shadow.h
-configure:10979: result: no
-configure:10892: checking sys/bswap.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:23: sys/bswap.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/bswap.h>
-configure:10919: result: no
-configure:10923: checking sys/bswap.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:23: sys/bswap.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <sys/bswap.h>
-configure:10954: result: no
-configure:10972: checking for sys/bswap.h
-configure:10979: result: no
-configure:10892: checking sys/ioctl.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/ioctl.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/ioctl.h
-configure:10979: result: yes
-configure:10892: checking sys/param.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/param.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/param.h
-configure:10979: result: yes
-configure:10892: checking sys/proc.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-In file included from /usr/include/sys/proc.h:58,
-                 from configure:10930:
-/usr/include/sys/ucred.h:81: `NGROUPS' undeclared here (not in a function)
-/usr/include/sys/ucred.h:83: confused by earlier errors, bailing out
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/proc.h>
-configure:10919: result: no
-configure:10923: checking sys/proc.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10965: WARNING: sys/proc.h: present but cannot be compiled
-configure:10967: WARNING: sys/proc.h: check for missing prerequisite headers?
-configure:10969: WARNING: sys/proc.h: proceeding with the preprocessor's result
-configure:10972: checking for sys/proc.h
-configure:10979: result: yes
-configure:10892: checking sys/resource.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/resource.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/resource.h
-configure:10979: result: yes
-configure:10892: checking sys/socket.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/socket.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/socket.h
-configure:10979: result: yes
-configure:10892: checking sys/sockio.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/sockio.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/sockio.h
-configure:10979: result: yes
-configure:10883: checking for sys/stat.h
-configure:10888: result: yes
-configure:10892: checking sys/sysctl.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/sysctl.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/sysctl.h
-configure:10979: result: yes
-configure:10892: checking sys/time.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/time.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/time.h
-configure:10979: result: yes
-configure:10892: checking sys/tty.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/tty.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/tty.h
-configure:10979: result: yes
-configure:10883: checking for sys/types.h
-configure:10888: result: yes
-configure:10892: checking sys/uio.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/uio.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/uio.h
-configure:10979: result: yes
-configure:10892: checking sys/utsname.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/utsname.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/utsname.h
-configure:10979: result: yes
-configure:10892: checking sys/wait.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking sys/wait.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for sys/wait.h
-configure:10979: result: yes
-configure:10892: checking syslog.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking syslog.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for syslog.h
-configure:10979: result: yes
-configure:10892: checking termios.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking termios.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for termios.h
-configure:10979: result: yes
-configure:10883: checking for unistd.h
-configure:10888: result: yes
-configure:10892: checking userconf.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:22: userconf.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <userconf.h>
-configure:10919: result: no
-configure:10923: checking userconf.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:22: userconf.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <userconf.h>
-configure:10954: result: no
-configure:10972: checking for userconf.h
-configure:10979: result: no
-configure:10892: checking usersec.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:21: usersec.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <usersec.h>
-configure:10919: result: no
-configure:10923: checking usersec.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:21: usersec.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <usersec.h>
-configure:10954: result: no
-configure:10972: checking for usersec.h
-configure:10979: result: no
-configure:10892: checking util.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10930:18: util.h: No such file or directory
-configure:10904: $? = 1
-configure: failed program was:
-#line 10895 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <util.h>
-configure:10919: result: no
-configure:10923: checking util.h presence
-configure:10930: gcc -E  conftest.c
-configure:10927:18: util.h: No such file or directory
-configure:10936: $? = 1
-configure: failed program was:
-#line 10926 "configure"
-#include "confdefs.h"
-#include <util.h>
-configure:10954: result: no
-configure:10972: checking for util.h
-configure:10979: result: no
-configure:10892: checking vis.h usability
-configure:10901: gcc  -c -g -O2  conftest.c >&5
-configure:10904: $? = 0
-configure:10907: test -s conftest.o
-configure:10910: $? = 0
-configure:10919: result: yes
-configure:10923: checking vis.h presence
-configure:10930: gcc -E  conftest.c
-configure:10936: $? = 0
-configure:10954: result: yes
-configure:10972: checking for vis.h
-configure:10979: result: yes
-configure:11041: checking for socket
-configure:11077: gcc  -o conftest -g -O2   conftest.c     >&5
-configure:11080: $? = 0
-configure:11083: test -s conftest
-configure:11086: $? = 0
-configure:11195: result: yes
-configure:11229: checking for gethostbyname
-configure:11265: gcc  -o conftest -g -O2   conftest.c     >&5
-configure:11268: $? = 0
-configure:11271: test -s conftest
-configure:11274: $? = 0
-configure:11383: result: yes
-configure:11417: checking for syslog
-configure:11453: gcc  -o conftest -g -O2   conftest.c     >&5
-configure:11456: $? = 0
-configure:11459: test -s conftest
-configure:11462: $? = 0
-configure:11571: result: yes
-configure:11613: checking for IPv6 stack type
-configure:11627:45: /usr/local/v6/include/sys/types.h: No such file or directory
-configure:11740: result: kame
-configure:11743: checking for IPv6
-configure:11791: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:11794: $? = 0
-configure:11797: test -s conftest
-configure:11800: $? = 0
-configure:11810: result: yes
-configure:11823: checking for in6addr_loopback
-configure:11863: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:11866: $? = 0
-configure:11869: test -s conftest
-configure:11872: $? = 0
-configure:11882: result: yes
-configure:11898: checking for gethostbyname2
-configure:11934: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:11937: $? = 0
-configure:11940: test -s conftest
-configure:11943: $? = 0
-configure:12052: result: yes
-configure:12087: checking for res_search
-configure:12137: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:12140: $? = 0
-configure:12143: test -s conftest
-configure:12146: $? = 0
-configure:12255: result: yes
-configure:12290: checking for dn_expand
-configure:12340: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:12343: $? = 0
-configure:12346: test -s conftest
-configure:12349: $? = 0
-configure:12458: result: yes
-configure:12490: checking for _res
-configure:12516: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:12519: $? = 0
-configure:12522: test -s conftest
-configure:12525: $? = 0
-configure:12538: result: yes
-configure:12547: checking if _res is properly declared
-configure:12585: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:12568: conflicting types for `_res'
-/usr/include/resolv.h:201: previous declaration of `_res'
-configure:12588: $? = 1
-configure: failed program was:
-#line 12554 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-extern struct { int foo; } _res;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-_res.foo = 1;
-  ;
-  return 0;
-}
-configure:12609: result: yes
-configure:12625: checking for working snprintf
-configure:12648: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:12651: $? = 0
-configure:12653: ./conftest
-configure:12656: $? = 0
-configure:12669: result: yes
-configure:12682: checking if snprintf needs a prototype
-configure:12709: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:12700: conflicting types for `snprintf'
-/usr/include/stdio.h:261: previous declaration of `snprintf'
-configure:12700: warning: extern declaration of `snprintf' doesn't match global one
-configure:12712: $? = 1
-configure: failed program was:
-#line 12688 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int snprintf (struct foo*);
-snprintf(&xx);
-
-  ;
-  return 0;
-}
-configure:12728: result: no
-configure:12742: checking for working vsnprintf
-configure:12776: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:12779: $? = 0
-configure:12781: ./conftest
-configure:12784: $? = 0
-configure:12797: result: yes
-configure:12810: checking if vsnprintf needs a prototype
-configure:12837: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:12828: conflicting types for `vsnprintf'
-/usr/include/stdio.h:263: previous declaration of `vsnprintf'
-configure:12828: warning: extern declaration of `vsnprintf' doesn't match global one
-configure:12840: $? = 1
-configure: failed program was:
-#line 12816 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vsnprintf (struct foo*);
-vsnprintf(&xx);
-
-  ;
-  return 0;
-}
-configure:12856: result: no
-configure:12871: checking for working glob
-configure:12907: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:12910: $? = 0
-configure:12913: test -s conftest
-configure:12916: $? = 0
-configure:12926: result: yes
-configure:12939: checking if glob needs a prototype
-configure:12967: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:12958: conflicting types for `glob'
-/usr/include/glob.h:99: previous declaration of `glob'
-configure:12958: warning: extern declaration of `glob' doesn't match global one
-configure:12970: $? = 1
-configure: failed program was:
-#line 12945 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <glob.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int glob (struct foo*);
-glob(&xx);
-
-  ;
-  return 0;
-}
-configure:12986: result: no
-configure:13070: checking for asnprintf
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cc2TZ5om.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `asnprintf'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char asnprintf (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char asnprintf ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_asnprintf) || defined (__stub___asnprintf)
-choke me
-#else
-f = asnprintf;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for asprintf
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for atexit
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for cgetent
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for getconfattr
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccN38noV.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `getconfattr'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getconfattr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getconfattr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getconfattr) || defined (__stub___getconfattr)
-choke me
-#else
-f = getconfattr;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for getprogname
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for getrlimit
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for getspnam
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccuTNlTk.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `getspnam'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getspnam (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getspnam ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getspnam) || defined (__stub___getspnam)
-choke me
-#else
-f = getspnam;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for initstate
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for issetugid
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for on_exit
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccDJIDL2.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `on_exit'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char on_exit (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char on_exit ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_on_exit) || defined (__stub___on_exit)
-choke me
-#else
-f = on_exit;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for random
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for setprogname
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for setstate
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for strsvis
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cc79BzAP.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `strsvis'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsvis (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strsvis ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strsvis) || defined (__stub___strsvis)
-choke me
-#else
-f = strsvis;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for strunvis
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for strvis
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for strvisx
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for svis
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cc44iOXX.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `svis'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char svis (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char svis ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_svis) || defined (__stub___svis)
-choke me
-#else
-f = svis;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for sysconf
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for sysctl
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for uname
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for unvis
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for vasnprintf
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccwNpsOz.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:13104: undefined reference to `vasnprintf'
-configure:13116: $? = 1
-configure: failed program was:
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vasnprintf (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vasnprintf ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vasnprintf) || defined (__stub___vasnprintf)
-choke me
-#else
-f = vasnprintf;
-#endif
-
-  ;
-  return 0;
-}
-configure:13132: result: no
-configure:13070: checking for vasprintf
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13070: checking for vis
-configure:13113: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:13116: $? = 0
-configure:13119: test -s conftest
-configure:13122: $? = 0
-configure:13132: result: yes
-configure:13152: checking for getsockopt
-configure:13193: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:13196: $? = 0
-configure:13199: test -s conftest
-configure:13202: $? = 0
-configure:13311: result: yes
-configure:13340: checking for setsockopt
-configure:13381: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:13384: $? = 0
-configure:13387: test -s conftest
-configure:13390: $? = 0
-configure:13499: result: yes
-configure:13530: checking for hstrerror
-configure:13568: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:13571: $? = 0
-configure:13574: test -s conftest
-configure:13577: $? = 0
-configure:13686: result: yes
-configure:13722: checking if hstrerror needs a prototype
-configure:13752: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:13743: conflicting types for `hstrerror'
-/usr/include/netdb.h:229: previous declaration of `hstrerror'
-configure:13743: warning: extern declaration of `hstrerror' doesn't match global one
-configure:13755: $? = 1
-configure: failed program was:
-#line 13728 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int hstrerror (struct foo*);
-hstrerror(&xx);
-
-  ;
-  return 0;
-}
-configure:13771: result: no
-configure:13785: checking if asprintf needs a prototype
-configure:13814: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:13805: conflicting types for `asprintf'
-/usr/include/stdio.h:318: previous declaration of `asprintf'
-configure:13805: warning: extern declaration of `asprintf' doesn't match global one
-configure:13817: $? = 1
-configure: failed program was:
-#line 13791 "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int asprintf (struct foo*);
-asprintf(&xx);
-
-  ;
-  return 0;
-}
-configure:13833: result: no
-configure:13845: checking if vasprintf needs a prototype
-configure:13874: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:13865: conflicting types for `vasprintf'
-/usr/include/stdio.h:331: previous declaration of `vasprintf'
-configure:13865: warning: extern declaration of `vasprintf' doesn't match global one
-configure:13877: $? = 1
-configure: failed program was:
-#line 13851 "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vasprintf (struct foo*);
-vasprintf(&xx);
-
-  ;
-  return 0;
-}
-configure:13893: result: no
-configure:13905: checking if asnprintf needs a prototype
-configure:13934: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:13937: $? = 0
-configure:13940: test -s conftest.o
-configure:13943: $? = 0
-configure:13953: result: yes
-configure:13965: checking if vasnprintf needs a prototype
-configure:13994: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:13997: $? = 0
-configure:14000: test -s conftest.o
-configure:14003: $? = 0
-configure:14013: result: yes
-configure:14028: checking for bswap16
-configure:14066: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccFKdMFM.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:14059: undefined reference to `bswap16'
-configure:14069: $? = 1
-configure: failed program was:
-#line 14046 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-bswap16(0)
-  ;
-  return 0;
-}
-configure:14190: result: no
-configure:14214: checking for bswap32
-configure:14252: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccoPpl5z.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:14245: undefined reference to `bswap32'
-configure:14255: $? = 1
-configure: failed program was:
-#line 14232 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-bswap32(0)
-  ;
-  return 0;
-}
-configure:14376: result: no
-configure:14400: checking for pidfile
-configure:14438: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccyQOns0.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:14431: undefined reference to `pidfile'
-configure:14441: $? = 1
-configure: failed program was:
-#line 14418 "configure"
-#include "confdefs.h"
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-pidfile(0)
-  ;
-  return 0;
-}
-configure:14438: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lutil   >&5
-/var/tmp//ccs6tJX7.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:14431: undefined reference to `pidfile'
-configure:14441: $? = 1
-configure: failed program was:
-#line 14418 "configure"
-#include "confdefs.h"
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-pidfile(0)
-  ;
-  return 0;
-}
-configure:14562: result: no
-configure:14587: checking for getaddrinfo
-configure:14625: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:14628: $? = 0
-configure:14631: test -s conftest
-configure:14634: $? = 0
-configure:14743: result: yes
-configure:14782: checking for getnameinfo
-configure:14820: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:14823: $? = 0
-configure:14826: test -s conftest
-configure:14829: $? = 0
-configure:14938: result: yes
-configure:14977: checking for freeaddrinfo
-configure:15015: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:15018: $? = 0
-configure:15021: test -s conftest
-configure:15024: $? = 0
-configure:15133: result: yes
-configure:15172: checking for gai_strerror
-configure:15210: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:15213: $? = 0
-configure:15216: test -s conftest
-configure:15219: $? = 0
-configure:15328: result: yes
-configure:15363: checking for chown
-configure:15406: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:15409: $? = 0
-configure:15412: test -s conftest
-configure:15415: $? = 0
-configure:15425: result: yes
-configure:15436: checking for copyhostent
-configure:15479: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccL6rDNd.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:15470: undefined reference to `copyhostent'
-configure:15482: $? = 1
-configure: failed program was:
-#line 15442 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char copyhostent (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char copyhostent ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_copyhostent) || defined (__stub___copyhostent)
-choke me
-#else
-f = copyhostent;
-#endif
-
-  ;
-  return 0;
-}
-configure:15498: result: no
-configure:15509: checking for daemon
-configure:15552: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:15555: $? = 0
-configure:15558: test -s conftest
-configure:15561: $? = 0
-configure:15571: result: yes
-configure:15582: checking for ecalloc
-configure:15625: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccbL9aKG.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:15616: undefined reference to `ecalloc'
-configure:15628: $? = 1
-configure: failed program was:
-#line 15588 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char ecalloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char ecalloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_ecalloc) || defined (__stub___ecalloc)
-choke me
-#else
-f = ecalloc;
-#endif
-
-  ;
-  return 0;
-}
-configure:15644: result: no
-configure:15655: checking for emalloc
-configure:15698: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccuYlSdk.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:15689: undefined reference to `emalloc'
-configure:15701: $? = 1
-configure: failed program was:
-#line 15661 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char emalloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char emalloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_emalloc) || defined (__stub___emalloc)
-choke me
-#else
-f = emalloc;
-#endif
-
-  ;
-  return 0;
-}
-configure:15717: result: no
-configure:15728: checking for erealloc
-configure:15771: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cchEY2y8.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:15762: undefined reference to `erealloc'
-configure:15774: $? = 1
-configure: failed program was:
-#line 15734 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char erealloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char erealloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_erealloc) || defined (__stub___erealloc)
-choke me
-#else
-f = erealloc;
-#endif
-
-  ;
-  return 0;
-}
-configure:15790: result: no
-configure:15801: checking for estrdup
-configure:15844: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccKg2EqN.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:15835: undefined reference to `estrdup'
-configure:15847: $? = 1
-configure: failed program was:
-#line 15807 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char estrdup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char estrdup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_estrdup) || defined (__stub___estrdup)
-choke me
-#else
-f = estrdup;
-#endif
-
-  ;
-  return 0;
-}
-configure:15863: result: no
-configure:15874: checking for err
-configure:15917: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:15920: $? = 0
-configure:15923: test -s conftest
-configure:15926: $? = 0
-configure:15936: result: yes
-configure:15947: checking for errx
-configure:15990: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:15993: $? = 0
-configure:15996: test -s conftest
-configure:15999: $? = 0
-configure:16009: result: yes
-configure:16020: checking for fchown
-configure:16063: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16066: $? = 0
-configure:16069: test -s conftest
-configure:16072: $? = 0
-configure:16082: result: yes
-configure:16093: checking for flock
-configure:16136: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16139: $? = 0
-configure:16142: test -s conftest
-configure:16145: $? = 0
-configure:16155: result: yes
-configure:16166: checking for fnmatch
-configure:16209: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16212: $? = 0
-configure:16215: test -s conftest
-configure:16218: $? = 0
-configure:16228: result: yes
-configure:16239: checking for freehostent
-configure:16282: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16285: $? = 0
-configure:16288: test -s conftest
-configure:16291: $? = 0
-configure:16301: result: yes
-configure:16312: checking for getcwd
-configure:16355: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16358: $? = 0
-configure:16361: test -s conftest
-configure:16364: $? = 0
-configure:16374: result: yes
-configure:16385: checking for getdtablesize
-configure:16428: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16431: $? = 0
-configure:16434: test -s conftest
-configure:16437: $? = 0
-configure:16447: result: yes
-configure:16458: checking for getegid
-configure:16501: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16504: $? = 0
-configure:16507: test -s conftest
-configure:16510: $? = 0
-configure:16520: result: yes
-configure:16531: checking for geteuid
-configure:16574: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16577: $? = 0
-configure:16580: test -s conftest
-configure:16583: $? = 0
-configure:16593: result: yes
-configure:16604: checking for getgid
-configure:16647: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16650: $? = 0
-configure:16653: test -s conftest
-configure:16656: $? = 0
-configure:16666: result: yes
-configure:16677: checking for gethostname
-configure:16720: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16723: $? = 0
-configure:16726: test -s conftest
-configure:16729: $? = 0
-configure:16739: result: yes
-configure:16750: checking for getifaddrs
-configure:16793: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16796: $? = 0
-configure:16799: test -s conftest
-configure:16802: $? = 0
-configure:16812: result: yes
-configure:16823: checking for getipnodebyaddr
-configure:16866: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16869: $? = 0
-configure:16872: test -s conftest
-configure:16875: $? = 0
-configure:16885: result: yes
-configure:16896: checking for getipnodebyname
-configure:16939: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:16942: $? = 0
-configure:16945: test -s conftest
-configure:16948: $? = 0
-configure:16958: result: yes
-configure:16969: checking for getopt
-configure:17012: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17015: $? = 0
-configure:17018: test -s conftest
-configure:17021: $? = 0
-configure:17031: result: yes
-configure:17042: checking for gettimeofday
-configure:17085: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17088: $? = 0
-configure:17091: test -s conftest
-configure:17094: $? = 0
-configure:17104: result: yes
-configure:17115: checking for getuid
-configure:17158: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17161: $? = 0
-configure:17164: test -s conftest
-configure:17167: $? = 0
-configure:17177: result: yes
-configure:17188: checking for getusershell
-configure:17231: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17234: $? = 0
-configure:17237: test -s conftest
-configure:17240: $? = 0
-configure:17250: result: yes
-configure:17261: checking for initgroups
-configure:17304: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17307: $? = 0
-configure:17310: test -s conftest
-configure:17313: $? = 0
-configure:17323: result: yes
-configure:17334: checking for innetgr
-configure:17377: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17380: $? = 0
-configure:17383: test -s conftest
-configure:17386: $? = 0
-configure:17396: result: yes
-configure:17407: checking for iruserok
-configure:17450: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17453: $? = 0
-configure:17456: test -s conftest
-configure:17459: $? = 0
-configure:17469: result: yes
-configure:17480: checking for localtime_r
-configure:17523: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17526: $? = 0
-configure:17529: test -s conftest
-configure:17532: $? = 0
-configure:17542: result: yes
-configure:17553: checking for lstat
-configure:17596: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17599: $? = 0
-configure:17602: test -s conftest
-configure:17605: $? = 0
-configure:17615: result: yes
-configure:17626: checking for memmove
-configure:17669: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17672: $? = 0
-configure:17675: test -s conftest
-configure:17678: $? = 0
-configure:17688: result: yes
-configure:17699: checking for mkstemp
-configure:17742: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17745: $? = 0
-configure:17748: test -s conftest
-configure:17751: $? = 0
-configure:17761: result: yes
-configure:17772: checking for putenv
-configure:17815: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17818: $? = 0
-configure:17821: test -s conftest
-configure:17824: $? = 0
-configure:17834: result: yes
-configure:17845: checking for rcmd
-configure:17888: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17891: $? = 0
-configure:17894: test -s conftest
-configure:17897: $? = 0
-configure:17907: result: yes
-configure:17918: checking for readv
-configure:17961: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:17964: $? = 0
-configure:17967: test -s conftest
-configure:17970: $? = 0
-configure:17980: result: yes
-configure:17991: checking for recvmsg
-configure:18034: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18037: $? = 0
-configure:18040: test -s conftest
-configure:18043: $? = 0
-configure:18053: result: yes
-configure:18064: checking for sendmsg
-configure:18107: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18110: $? = 0
-configure:18113: test -s conftest
-configure:18116: $? = 0
-configure:18126: result: yes
-configure:18137: checking for setegid
-configure:18180: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18183: $? = 0
-configure:18186: test -s conftest
-configure:18189: $? = 0
-configure:18199: result: yes
-configure:18210: checking for setenv
-configure:18253: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18256: $? = 0
-configure:18259: test -s conftest
-configure:18262: $? = 0
-configure:18272: result: yes
-configure:18283: checking for seteuid
-configure:18326: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18329: $? = 0
-configure:18332: test -s conftest
-configure:18335: $? = 0
-configure:18345: result: yes
-configure:18356: checking for strcasecmp
-configure:18399: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18402: $? = 0
-configure:18405: test -s conftest
-configure:18408: $? = 0
-configure:18418: result: yes
-configure:18429: checking for strdup
-configure:18472: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18475: $? = 0
-configure:18478: test -s conftest
-configure:18481: $? = 0
-configure:18491: result: yes
-configure:18502: checking for strerror
-configure:18545: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18548: $? = 0
-configure:18551: test -s conftest
-configure:18554: $? = 0
-configure:18564: result: yes
-configure:18575: checking for strftime
-configure:18618: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18621: $? = 0
-configure:18624: test -s conftest
-configure:18627: $? = 0
-configure:18637: result: yes
-configure:18648: checking for strlcat
-configure:18691: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18694: $? = 0
-configure:18697: test -s conftest
-configure:18700: $? = 0
-configure:18710: result: yes
-configure:18721: checking for strlcpy
-configure:18764: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18767: $? = 0
-configure:18770: test -s conftest
-configure:18773: $? = 0
-configure:18783: result: yes
-configure:18794: checking for strlwr
-configure:18837: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccBM87Cq.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:18828: undefined reference to `strlwr'
-configure:18840: $? = 1
-configure: failed program was:
-#line 18800 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlwr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlwr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlwr) || defined (__stub___strlwr)
-choke me
-#else
-f = strlwr;
-#endif
-
-  ;
-  return 0;
-}
-configure:18856: result: no
-configure:18867: checking for strncasecmp
-configure:18910: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:18913: $? = 0
-configure:18916: test -s conftest
-configure:18919: $? = 0
-configure:18929: result: yes
-configure:18940: checking for strndup
-configure:18983: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccbddYKQ.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:18974: undefined reference to `strndup'
-configure:18986: $? = 1
-configure: failed program was:
-#line 18946 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strndup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strndup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strndup) || defined (__stub___strndup)
-choke me
-#else
-f = strndup;
-#endif
-
-  ;
-  return 0;
-}
-configure:19002: result: no
-configure:19013: checking for strnlen
-configure:19056: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccRSFIIo.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:19047: undefined reference to `strnlen'
-configure:19059: $? = 1
-configure: failed program was:
-#line 19019 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strnlen (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strnlen ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strnlen) || defined (__stub___strnlen)
-choke me
-#else
-f = strnlen;
-#endif
-
-  ;
-  return 0;
-}
-configure:19075: result: no
-configure:19086: checking for strptime
-configure:19129: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19132: $? = 0
-configure:19135: test -s conftest
-configure:19138: $? = 0
-configure:19148: result: yes
-configure:19159: checking for strsep
-configure:19202: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19205: $? = 0
-configure:19208: test -s conftest
-configure:19211: $? = 0
-configure:19221: result: yes
-configure:19232: checking for strsep_copy
-configure:19275: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccoUfjlx.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:19266: undefined reference to `strsep_copy'
-configure:19278: $? = 1
-configure: failed program was:
-#line 19238 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep_copy (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strsep_copy ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strsep_copy) || defined (__stub___strsep_copy)
-choke me
-#else
-f = strsep_copy;
-#endif
-
-  ;
-  return 0;
-}
-configure:19294: result: no
-configure:19305: checking for strtok_r
-configure:19348: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19351: $? = 0
-configure:19354: test -s conftest
-configure:19357: $? = 0
-configure:19367: result: yes
-configure:19378: checking for strupr
-configure:19421: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccd3Onrk.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:19412: undefined reference to `strupr'
-configure:19424: $? = 1
-configure: failed program was:
-#line 19384 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strupr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strupr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strupr) || defined (__stub___strupr)
-choke me
-#else
-f = strupr;
-#endif
-
-  ;
-  return 0;
-}
-configure:19440: result: no
-configure:19451: checking for swab
-configure:19494: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19497: $? = 0
-configure:19500: test -s conftest
-configure:19503: $? = 0
-configure:19513: result: yes
-configure:19524: checking for unsetenv
-configure:19567: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19570: $? = 0
-configure:19573: test -s conftest
-configure:19576: $? = 0
-configure:19586: result: yes
-configure:19597: checking for verr
-configure:19640: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19643: $? = 0
-configure:19646: test -s conftest
-configure:19649: $? = 0
-configure:19659: result: yes
-configure:19670: checking for verrx
-configure:19713: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19716: $? = 0
-configure:19719: test -s conftest
-configure:19722: $? = 0
-configure:19732: result: yes
-configure:19743: checking for vsyslog
-configure:19786: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19789: $? = 0
-configure:19792: test -s conftest
-configure:19795: $? = 0
-configure:19805: result: yes
-configure:19816: checking for vwarn
-configure:19859: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19862: $? = 0
-configure:19865: test -s conftest
-configure:19868: $? = 0
-configure:19878: result: yes
-configure:19889: checking for vwarnx
-configure:19932: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:19935: $? = 0
-configure:19938: test -s conftest
-configure:19941: $? = 0
-configure:19951: result: yes
-configure:19962: checking for warn
-configure:20005: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:20008: $? = 0
-configure:20011: test -s conftest
-configure:20014: $? = 0
-configure:20024: result: yes
-configure:20035: checking for warnx
-configure:20078: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:20081: $? = 0
-configure:20084: test -s conftest
-configure:20087: $? = 0
-configure:20097: result: yes
-configure:20108: checking for writev
-configure:20151: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:20154: $? = 0
-configure:20157: test -s conftest
-configure:20160: $? = 0
-configure:20170: result: yes
-configure:20185: checking if strndup needs a prototype
-configure:20212: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:20215: $? = 0
-configure:20218: test -s conftest.o
-configure:20221: $? = 0
-configure:20231: result: yes
-configure:20243: checking if strsep needs a prototype
-configure:20270: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20261: conflicting types for `strsep'
-/usr/include/string.h:100: previous declaration of `strsep'
-configure:20261: warning: extern declaration of `strsep' doesn't match global one
-configure:20273: $? = 1
-configure: failed program was:
-#line 20249 "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strsep (struct foo*);
-strsep(&xx);
-
-  ;
-  return 0;
-}
-configure:20289: result: no
-configure:20301: checking if strtok_r needs a prototype
-configure:20328: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20319: conflicting types for `strtok_r'
-/usr/include/string.h:87: previous declaration of `strtok_r'
-configure:20319: warning: extern declaration of `strtok_r' doesn't match global one
-configure:20331: $? = 1
-configure: failed program was:
-#line 20307 "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strtok_r (struct foo*);
-strtok_r(&xx);
-
-  ;
-  return 0;
-}
-configure:20347: result: no
-configure:20361: checking if strsvis needs a prototype
-configure:20390: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:20393: $? = 0
-configure:20396: test -s conftest.o
-configure:20399: $? = 0
-configure:20409: result: yes
-configure:20421: checking if strunvis needs a prototype
-configure:20450: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20441: conflicting types for `strunvis'
-/usr/include/vis.h:89: previous declaration of `strunvis'
-configure:20441: warning: extern declaration of `strunvis' doesn't match global one
-configure:20453: $? = 1
-configure: failed program was:
-#line 20427 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strunvis (struct foo*);
-strunvis(&xx);
-
-  ;
-  return 0;
-}
-configure:20469: result: no
-configure:20481: checking if strvis needs a prototype
-configure:20510: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20501: conflicting types for `strvis'
-/usr/include/vis.h:87: previous declaration of `strvis'
-configure:20501: warning: extern declaration of `strvis' doesn't match global one
-configure:20513: $? = 1
-configure: failed program was:
-#line 20487 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strvis (struct foo*);
-strvis(&xx);
-
-  ;
-  return 0;
-}
-configure:20529: result: no
-configure:20541: checking if strvisx needs a prototype
-configure:20570: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20561: conflicting types for `strvisx'
-/usr/include/vis.h:88: previous declaration of `strvisx'
-configure:20561: warning: extern declaration of `strvisx' doesn't match global one
-configure:20573: $? = 1
-configure: failed program was:
-#line 20547 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strvisx (struct foo*);
-strvisx(&xx);
-
-  ;
-  return 0;
-}
-configure:20589: result: no
-configure:20601: checking if svis needs a prototype
-configure:20630: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:20633: $? = 0
-configure:20636: test -s conftest.o
-configure:20639: $? = 0
-configure:20649: result: yes
-configure:20661: checking if unvis needs a prototype
-configure:20690: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20681: conflicting types for `unvis'
-/usr/include/vis.h:91: previous declaration of `unvis'
-configure:20681: warning: extern declaration of `unvis' doesn't match global one
-configure:20693: $? = 1
-configure: failed program was:
-#line 20667 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int unvis (struct foo*);
-unvis(&xx);
-
-  ;
-  return 0;
-}
-configure:20709: result: no
-configure:20721: checking if vis needs a prototype
-configure:20750: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:20741: conflicting types for `vis'
-/usr/include/vis.h:86: previous declaration of `vis'
-configure:20741: warning: extern declaration of `vis' doesn't match global one
-configure:20753: $? = 1
-configure: failed program was:
-#line 20727 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vis (struct foo*);
-vis(&xx);
-
-  ;
-  return 0;
-}
-configure:20769: result: no
-configure:20781: checking for inet_aton
-configure:20825: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:20828: $? = 0
-configure:20831: test -s conftest
-configure:20834: $? = 0
-configure:20851: result: yes
-configure:20859: checking for inet_ntop
-configure:20903: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:20906: $? = 0
-configure:20909: test -s conftest
-configure:20912: $? = 0
-configure:20929: result: yes
-configure:20937: checking for inet_pton
-configure:20981: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:20984: $? = 0
-configure:20987: test -s conftest
-configure:20990: $? = 0
-configure:21007: result: yes
-configure:21017: checking for sa_len in struct sockaddr
-configure:21043: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:21046: $? = 0
-configure:21049: test -s conftest.o
-configure:21052: $? = 0
-configure:21062: result: yes
-configure:21078: checking if getnameinfo is broken
-configure:21115: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:21118: $? = 0
-configure:21120: ./conftest
-configure:21123: $? = 0
-configure:21136: result: no
-configure:21145: checking if getaddrinfo handles numeric services
-configure:21178: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:21181: $? = 0
-configure:21183: ./conftest
-configure:21186: $? = 0
-configure:21199: result: yes
-configure:21209: checking if setenv needs a prototype
-configure:21236: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21227: conflicting types for `setenv'
-/usr/include/stdlib.h:134: previous declaration of `setenv'
-configure:21227: warning: extern declaration of `setenv' doesn't match global one
-configure:21239: $? = 1
-configure: failed program was:
-#line 21215 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int setenv (struct foo*);
-setenv(&xx);
-
-  ;
-  return 0;
-}
-configure:21255: result: no
-configure:21268: checking if unsetenv needs a prototype
-configure:21295: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21286: conflicting types for `unsetenv'
-/usr/include/stdlib.h:211: previous declaration of `unsetenv'
-configure:21286: warning: extern declaration of `unsetenv' doesn't match global one
-configure:21298: $? = 1
-configure: failed program was:
-#line 21274 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int unsetenv (struct foo*);
-unsetenv(&xx);
-
-  ;
-  return 0;
-}
-configure:21314: result: no
-configure:21327: checking if gethostname needs a prototype
-configure:21354: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21345: conflicting types for `gethostname'
-/usr/include/unistd.h:167: previous declaration of `gethostname'
-configure:21345: warning: extern declaration of `gethostname' doesn't match global one
-configure:21357: $? = 1
-configure: failed program was:
-#line 21333 "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int gethostname (struct foo*);
-gethostname(&xx);
-
-  ;
-  return 0;
-}
-configure:21373: result: no
-configure:21386: checking if mkstemp needs a prototype
-configure:21413: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21404: conflicting types for `mkstemp'
-/usr/include/unistd.h:257: previous declaration of `mkstemp'
-configure:21404: warning: extern declaration of `mkstemp' doesn't match global one
-configure:21416: $? = 1
-configure: failed program was:
-#line 21392 "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int mkstemp (struct foo*);
-mkstemp(&xx);
-
-  ;
-  return 0;
-}
-configure:21432: result: no
-configure:21445: checking if getusershell needs a prototype
-configure:21472: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21463: conflicting types for `getusershell'
-/usr/include/unistd.h:250: previous declaration of `getusershell'
-configure:21463: warning: extern declaration of `getusershell' doesn't match global one
-configure:21475: $? = 1
-configure: failed program was:
-#line 21451 "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int getusershell (struct foo*);
-getusershell(&xx);
-
-  ;
-  return 0;
-}
-configure:21491: result: no
-configure:21505: checking if inet_aton needs a prototype
-configure:21544: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21535: conflicting types for `__inet_aton'
-/usr/include/arpa/inet.h:149: previous declaration of `__inet_aton'
-configure:21535: warning: extern declaration of `__inet_aton' doesn't match global one
-configure:21547: $? = 1
-configure: failed program was:
-#line 21511 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int inet_aton (struct foo*);
-inet_aton(&xx);
-
-  ;
-  return 0;
-}
-configure:21563: result: no
-configure:21578: checking for crypt
-configure:21614: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccbTCVBM.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:21607: undefined reference to `crypt'
-configure:21617: $? = 1
-configure: failed program was:
-#line 21596 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-crypt()
-  ;
-  return 0;
-}
-configure:21614: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lcrypt   >&5
-configure:21617: $? = 0
-configure:21620: test -s conftest
-configure:21623: $? = 0
-configure:21752: result: yes, in -lcrypt
-configure:21762: checking if gethostbyname is compatible with system prototype
-configure:21802: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:21805: $? = 0
-configure:21808: test -s conftest.o
-configure:21811: $? = 0
-configure:21821: result: yes
-configure:21835: checking if gethostbyaddr is compatible with system prototype
-configure:21875: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:21868: conflicting types for `gethostbyaddr'
-/usr/include/netdb.h:212: previous declaration of `gethostbyaddr'
-configure:21868: warning: extern declaration of `gethostbyaddr' doesn't match global one
-configure:21878: $? = 1
-configure: failed program was:
-#line 21841 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct hostent *gethostbyaddr(const void *, size_t, int);
-  ;
-  return 0;
-}
-configure:21894: result: no
-configure:21908: checking if getservbyname is compatible with system prototype
-configure:21948: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:21951: $? = 0
-configure:21954: test -s conftest.o
-configure:21957: $? = 0
-configure:21967: result: yes
-configure:21981: checking if getsockname is compatible with system prototype
-configure:22012: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22015: $? = 0
-configure:22018: test -s conftest.o
-configure:22021: $? = 0
-configure:22031: result: yes
-configure:22045: checking if openlog is compatible with system prototype
-configure:22073: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22076: $? = 0
-configure:22079: test -s conftest.o
-configure:22082: $? = 0
-configure:22092: result: yes
-configure:22107: checking if crypt needs a prototype
-configure:22141: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:22132: conflicting types for `crypt'
-/usr/include/unistd.h:198: previous declaration of `crypt'
-configure:22132: warning: extern declaration of `crypt' doesn't match global one
-configure:22144: $? = 1
-configure: failed program was:
-#line 22113 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int crypt (struct foo*);
-crypt(&xx);
-
-  ;
-  return 0;
-}
-configure:22160: result: no
-configure:22174: checking for h_errno
-configure:22200: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:22203: $? = 0
-configure:22206: test -s conftest
-configure:22209: $? = 0
-configure:22222: result: yes
-configure:22231: checking if h_errno is properly declared
-configure:22262: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22245: conflicting types for `h_errno'
-/usr/include/netdb.h:85: previous declaration of `h_errno'
-configure:22265: $? = 1
-configure: failed program was:
-#line 22238 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_errno;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_errno.foo = 1;
-  ;
-  return 0;
-}
-configure:22286: result: yes
-configure:22301: checking for h_errlist
-configure:22327: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:22330: $? = 0
-configure:22333: test -s conftest
-configure:22336: $? = 0
-configure:22349: result: yes
-configure:22358: checking if h_errlist is properly declared
-configure:22386: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22389: $? = 0
-configure:22392: test -s conftest.o
-configure:22395: $? = 0
-configure:22410: result: no
-configure:22425: checking for h_nerr
-configure:22451: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:22454: $? = 0
-configure:22457: test -s conftest
-configure:22460: $? = 0
-configure:22473: result: yes
-configure:22482: checking if h_nerr is properly declared
-configure:22510: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22513: $? = 0
-configure:22516: test -s conftest.o
-configure:22519: $? = 0
-configure:22534: result: no
-configure:22549: checking for __progname
-configure:22575: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:22578: $? = 0
-configure:22581: test -s conftest
-configure:22584: $? = 0
-configure:22597: result: yes
-configure:22606: checking if __progname is properly declared
-configure:22634: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22637: $? = 0
-configure:22640: test -s conftest.o
-configure:22643: $? = 0
-configure:22658: result: no
-configure:22673: checking if optarg is properly declared
-configure:22702: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22685: conflicting types for `optarg'
-/usr/include/unistd.h:142: previous declaration of `optarg'
-configure:22705: $? = 1
-configure: failed program was:
-#line 22680 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optarg;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optarg.foo = 1;
-  ;
-  return 0;
-}
-configure:22726: result: yes
-configure:22738: checking if optind is properly declared
-configure:22767: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22750: conflicting types for `optind'
-/usr/include/unistd.h:143: previous declaration of `optind'
-configure:22770: $? = 1
-configure: failed program was:
-#line 22745 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optind;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optind.foo = 1;
-  ;
-  return 0;
-}
-configure:22791: result: yes
-configure:22803: checking if opterr is properly declared
-configure:22832: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22815: conflicting types for `opterr'
-/usr/include/unistd.h:143: previous declaration of `opterr'
-configure:22835: $? = 1
-configure: failed program was:
-#line 22810 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } opterr;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-opterr.foo = 1;
-  ;
-  return 0;
-}
-configure:22856: result: yes
-configure:22868: checking if optopt is properly declared
-configure:22897: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22880: conflicting types for `optopt'
-/usr/include/unistd.h:143: previous declaration of `optopt'
-configure:22900: $? = 1
-configure: failed program was:
-#line 22875 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optopt;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optopt.foo = 1;
-  ;
-  return 0;
-}
-configure:22921: result: yes
-configure:22934: checking if environ is properly declared
-configure:22960: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:22963: $? = 0
-configure:22966: test -s conftest.o
-configure:22969: $? = 0
-configure:22984: result: no
-configure:22999: checking for tm_gmtoff in struct tm
-configure:23024: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23027: $? = 0
-configure:23030: test -s conftest.o
-configure:23033: $? = 0
-configure:23043: result: yes
-configure:23058: checking for tm_zone in struct tm
-configure:23083: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23086: $? = 0
-configure:23089: test -s conftest.o
-configure:23092: $? = 0
-configure:23102: result: yes
-configure:23118: checking for timezone
-configure:23144: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:23147: $? = 0
-configure:23150: test -s conftest
-configure:23153: $? = 0
-configure:23166: result: yes
-configure:23175: checking if timezone is properly declared
-configure:23201: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23184: `timezone' redeclared as different kind of symbol
-/usr/include/time.h:152: previous declaration of `timezone'
-configure:23204: $? = 1
-configure: failed program was:
-#line 23182 "configure"
-#include "confdefs.h"
-#include <time.h>
-extern struct { int foo; } timezone;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-timezone.foo = 1;
-  ;
-  return 0;
-}
-configure:23225: result: yes
-configure:23239: checking for altzone
-configure:23265: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cc8HiFRW.o: In function `foo':
-/usr/home/nectar/devel/heimdal/configure:23248: undefined reference to `altzone'
-configure:23268: $? = 1
-configure: failed program was:
-#line 23246 "configure"
-#include "confdefs.h"
-extern int altzone;
-int foo() { return altzone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-configure:23287: result: no
-configure:23363: checking for sa_family_t
-configure:23392: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23395: $? = 0
-configure:23398: test -s conftest.o
-configure:23401: $? = 0
-configure:23412: result: yes
-configure:23485: checking for socklen_t
-configure:23514: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23517: $? = 0
-configure:23520: test -s conftest.o
-configure:23523: $? = 0
-configure:23534: result: yes
-configure:23607: checking for struct sockaddr
-configure:23636: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23639: $? = 0
-configure:23642: test -s conftest.o
-configure:23645: $? = 0
-configure:23656: result: yes
-configure:23729: checking for struct sockaddr_storage
-configure:23758: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23761: $? = 0
-configure:23764: test -s conftest.o
-configure:23767: $? = 0
-configure:23778: result: yes
-configure:23851: checking for struct addrinfo
-configure:23880: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:23883: $? = 0
-configure:23886: test -s conftest.o
-configure:23889: $? = 0
-configure:23900: result: yes
-configure:23973: checking for struct ifaddrs
-configure:24002: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:24005: $? = 0
-configure:24008: test -s conftest.o
-configure:24011: $? = 0
-configure:24022: result: yes
-configure:24095: checking for struct iovec
-configure:24127: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:24130: $? = 0
-configure:24133: test -s conftest.o
-configure:24136: $? = 0
-configure:24147: result: yes
-configure:24220: checking for struct msghdr
-configure:24252: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:24255: $? = 0
-configure:24258: test -s conftest.o
-configure:24261: $? = 0
-configure:24272: result: yes
-configure:24345: checking for struct winsize
-configure:24375: result: yes
-configure:24413: checking for struct spwd
-configure:24441: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:24434: storage size of `foo' isn't known
-configure:24444: $? = 1
-configure: failed program was:
-#line 24420 "configure"
-#include "confdefs.h"
-#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct spwd foo;
-  ;
-  return 0;
-}
-configure:24462: result: no
-configure:24520: checking for openldap
-configure:24725: result: no
-configure:24777: checking for krb4
-configure:24979: result: no
-configure:26329: checking whether to enable OTP library
-configure:26331: result: yes
-configure:26364: checking for nroff
-configure:26382: found /usr/bin/nroff
-configure:26394: result: /usr/bin/nroff
-configure:26403: checking for groff
-configure:26421: found /usr/bin/groff
-configure:26433: result: /usr/bin/groff
-configure:26440: checking how to format man pages
-configure:26477: result: /usr/bin/nroff -mdoc $< > $@
-configure:26493: checking extension of pre-formatted manual pages
-configure:26505: result: number
-configure:26555: checking for readline
-configure:26760: result: no
-configure:26808: checking for hesiod
-configure:27010: result: no
-configure:27029: checking whether byte order is known at compile time
-configure:27058: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:27061: $? = 0
-configure:27064: test -s conftest.o
-configure:27067: $? = 0
-configure:27077: result: yes
-configure:27079: checking whether byte ordering is bigendian
-configure:27110: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure: In function `main':
-configure:27102: syntax error before "big"
-configure:27113: $? = 1
-configure: failed program was:
-#line 27087 "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif
-  ;
-  return 0;
-}
-configure:27172: result: no
-configure:27189: checking for inline
-configure:27226: result: inline
-configure:27246: checking for dlopen
-configure:27282: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-configure:27285: $? = 0
-configure:27288: test -s conftest
-configure:27291: $? = 0
-configure:27400: result: yes
-configure:27746: checking for X
-configure:27962: result: libraries /usr/X11R6/lib, headers /usr/X11R6/include
-configure:28120: gcc  -o conftest -DINET6 -g -O2   conftest.c   -L/usr/X11R6/lib -lX11 >&5
-configure:28123: $? = 0
-configure:28126: test -s conftest
-configure:28129: $? = 0
-configure:28267: checking for gethostbyname
-configure:28329: result: yes
-configure:28462: checking for connect
-configure:28505: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:28508: $? = 0
-configure:28511: test -s conftest
-configure:28514: $? = 0
-configure:28524: result: yes
-configure:28590: checking for remove
-configure:28633: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:28636: $? = 0
-configure:28639: test -s conftest
-configure:28642: $? = 0
-configure:28652: result: yes
-configure:28718: checking for shmat
-configure:28761: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:28764: $? = 0
-configure:28767: test -s conftest
-configure:28770: $? = 0
-configure:28780: result: yes
-configure:28855: checking for IceConnectionNumber in -lICE
-configure:28888: gcc  -o conftest -DINET6 -g -O2   -L/usr/X11R6/lib conftest.c -lICE   >&5
-configure:28891: $? = 0
-configure:28894: test -s conftest
-configure:28897: $? = 0
-configure:28908: result: yes
-configure:28922: checking for special X linker flags
-configure:28971: gcc  -o conftest -DINET6 -g -O2  -I/usr/X11R6/include   conftest.c   -L/usr/X11R6/lib  -lSM -lICE -lX11  >&5
-configure:28974: $? = 0
-configure:28976: ./conftest
-configure:28979: $? = 0
-configure:28996: result: 
-configure:29025: checking for XauWriteAuth
-configure:29061: gcc  -o conftest  -I/usr/X11R6/include -DINET6 -g -O2    -L/usr/X11R6/lib conftest.c     -lSM -lICE   >&5
-/var/tmp//ccT4SKor.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:29054: undefined reference to `XauWriteAuth'
-configure:29064: $? = 1
-configure: failed program was:
-#line 29043 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauWriteAuth()
-  ;
-  return 0;
-}
-configure:29061: gcc  -o conftest  -I/usr/X11R6/include -DINET6 -g -O2    -L/usr/X11R6/lib conftest.c  -lX11   -lSM -lICE   >&5
-/var/tmp//ccPjS8Km.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:29054: undefined reference to `XauWriteAuth'
-configure:29064: $? = 1
-configure: failed program was:
-#line 29043 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauWriteAuth()
-  ;
-  return 0;
-}
-configure:29061: gcc  -o conftest  -I/usr/X11R6/include -DINET6 -g -O2    -L/usr/X11R6/lib conftest.c  -lXau   -lSM -lICE   >&5
-configure:29064: $? = 0
-configure:29067: test -s conftest
-configure:29070: $? = 0
-configure:29199: result: yes, in -lXau
-configure:29210: checking for XauReadAuth
-configure:29246: gcc  -o conftest  -I/usr/X11R6/include -DINET6 -g -O2    -L/usr/X11R6/lib conftest.c    -lXau  -lSM -lICE   >&5
-configure:29249: $? = 0
-configure:29252: test -s conftest
-configure:29255: $? = 0
-configure:29364: result: yes
-configure:29394: checking for XauFileName
-configure:29430: gcc  -o conftest  -I/usr/X11R6/include -DINET6 -g -O2    -L/usr/X11R6/lib conftest.c     -lXau  -lSM -lICE   >&5
-configure:29433: $? = 0
-configure:29436: test -s conftest
-configure:29439: $? = 0
-configure:29548: result: yes
-configure:29623: checking for an ANSI C-conforming const
-configure:29712: result: yes
-configure:29722: checking for off_t
-configure:29749: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:29752: $? = 0
-configure:29755: test -s conftest.o
-configure:29758: $? = 0
-configure:29768: result: yes
-configure:29780: checking for mode_t
-configure:29804: result: yes
-configure:29814: checking for sig_atomic_t
-configure:29838: result: yes
-configure:29851: checking for long long
-configure:29900: result: yes
-configure:29970: checking whether time.h and sys/time.h may both be included
-configure:30017: result: yes
-configure:30027: checking whether struct tm is in sys/time.h or time.h
-configure:30053: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30056: $? = 0
-configure:30059: test -s conftest.o
-configure:30062: $? = 0
-configure:30072: result: time.h
-configure:30083: checking for ANSI C header files
-configure:30212: result: yes
-configure:30333: checking arpa/ftp.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking arpa/ftp.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for arpa/ftp.h
-configure:30420: result: yes
-configure:30333: checking arpa/telnet.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking arpa/telnet.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for arpa/telnet.h
-configure:30420: result: yes
-configure:30333: checking bind/bitypes.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:26: bind/bitypes.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <bind/bitypes.h>
-configure:30360: result: no
-configure:30364: checking bind/bitypes.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:26: bind/bitypes.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <bind/bitypes.h>
-configure:30395: result: no
-configure:30413: checking for bind/bitypes.h
-configure:30420: result: no
-configure:30333: checking bsdsetjmp.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:23: bsdsetjmp.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <bsdsetjmp.h>
-configure:30360: result: no
-configure:30364: checking bsdsetjmp.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:23: bsdsetjmp.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <bsdsetjmp.h>
-configure:30395: result: no
-configure:30413: checking for bsdsetjmp.h
-configure:30420: result: no
-configure:30333: checking curses.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking curses.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for curses.h
-configure:30420: result: yes
-configure:30324: checking for dlfcn.h
-configure:30329: result: yes
-configure:30333: checking fnmatch.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking fnmatch.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for fnmatch.h
-configure:30420: result: yes
-configure:30324: checking for inttypes.h
-configure:30329: result: yes
-configure:30333: checking io.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:16: io.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <io.h>
-configure:30360: result: no
-configure:30364: checking io.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:16: io.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <io.h>
-configure:30395: result: no
-configure:30413: checking for io.h
-configure:30420: result: no
-configure:30333: checking libutil.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking libutil.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for libutil.h
-configure:30420: result: yes
-configure:30333: checking limits.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking limits.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for limits.h
-configure:30420: result: yes
-configure:30333: checking maillock.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:22: maillock.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <maillock.h>
-configure:30360: result: no
-configure:30364: checking maillock.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:22: maillock.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <maillock.h>
-configure:30395: result: no
-configure:30413: checking for maillock.h
-configure:30420: result: no
-configure:30333: checking netinet/in6_machtypes.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:35: netinet/in6_machtypes.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <netinet/in6_machtypes.h>
-configure:30360: result: no
-configure:30364: checking netinet/in6_machtypes.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:35: netinet/in6_machtypes.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <netinet/in6_machtypes.h>
-configure:30395: result: no
-configure:30413: checking for netinet/in6_machtypes.h
-configure:30420: result: no
-configure:30333: checking netinfo/ni.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:24: netinfo/ni.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <netinfo/ni.h>
-configure:30360: result: no
-configure:30364: checking netinfo/ni.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:24: netinfo/ni.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <netinfo/ni.h>
-configure:30395: result: no
-configure:30413: checking for netinfo/ni.h
-configure:30420: result: no
-configure:30333: checking pthread.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking pthread.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for pthread.h
-configure:30420: result: yes
-configure:30333: checking pty.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:17: pty.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <pty.h>
-configure:30360: result: no
-configure:30364: checking pty.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:17: pty.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <pty.h>
-configure:30395: result: no
-configure:30413: checking for pty.h
-configure:30420: result: no
-configure:30333: checking sac.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:17: sac.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sac.h>
-configure:30360: result: no
-configure:30364: checking sac.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:17: sac.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sac.h>
-configure:30395: result: no
-configure:30413: checking for sac.h
-configure:30420: result: no
-configure:30333: checking security/pam_modules.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking security/pam_modules.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for security/pam_modules.h
-configure:30420: result: yes
-configure:30333: checking sgtty.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sgtty.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sgtty.h
-configure:30420: result: yes
-configure:30333: checking siad.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:18: siad.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <siad.h>
-configure:30360: result: no
-configure:30364: checking siad.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:18: siad.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <siad.h>
-configure:30395: result: no
-configure:30413: checking for siad.h
-configure:30420: result: no
-configure:30333: checking signal.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking signal.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for signal.h
-configure:30420: result: yes
-configure:30333: checking stropts.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:21: stropts.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <stropts.h>
-configure:30360: result: no
-configure:30364: checking stropts.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:21: stropts.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <stropts.h>
-configure:30395: result: no
-configure:30413: checking for stropts.h
-configure:30420: result: no
-configure:30333: checking sys/bitypes.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:25: sys/bitypes.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/bitypes.h>
-configure:30360: result: no
-configure:30364: checking sys/bitypes.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:25: sys/bitypes.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/bitypes.h>
-configure:30395: result: no
-configure:30413: checking for sys/bitypes.h
-configure:30420: result: no
-configure:30333: checking sys/category.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:26: sys/category.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/category.h>
-configure:30360: result: no
-configure:30364: checking sys/category.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:26: sys/category.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/category.h>
-configure:30395: result: no
-configure:30413: checking for sys/category.h
-configure:30420: result: no
-configure:30333: checking sys/file.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/file.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/file.h
-configure:30420: result: yes
-configure:30333: checking sys/filio.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/filio.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/filio.h
-configure:30420: result: yes
-configure:30333: checking sys/ioccom.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/ioccom.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/ioccom.h
-configure:30420: result: yes
-configure:30333: checking sys/pty.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:21: sys/pty.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/pty.h>
-configure:30360: result: no
-configure:30364: checking sys/pty.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:21: sys/pty.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/pty.h>
-configure:30395: result: no
-configure:30413: checking for sys/pty.h
-configure:30420: result: no
-configure:30333: checking sys/ptyio.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:23: sys/ptyio.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/ptyio.h>
-configure:30360: result: no
-configure:30364: checking sys/ptyio.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:23: sys/ptyio.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/ptyio.h>
-configure:30395: result: no
-configure:30413: checking for sys/ptyio.h
-configure:30420: result: no
-configure:30333: checking sys/ptyvar.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:24: sys/ptyvar.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/ptyvar.h>
-configure:30360: result: no
-configure:30364: checking sys/ptyvar.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:24: sys/ptyvar.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/ptyvar.h>
-configure:30395: result: no
-configure:30413: checking for sys/ptyvar.h
-configure:30420: result: no
-configure:30333: checking sys/select.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/select.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/select.h
-configure:30420: result: yes
-configure:30333: checking sys/str_tty.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:25: sys/str_tty.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/str_tty.h>
-configure:30360: result: no
-configure:30364: checking sys/str_tty.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:25: sys/str_tty.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/str_tty.h>
-configure:30395: result: no
-configure:30413: checking for sys/str_tty.h
-configure:30420: result: no
-configure:30333: checking sys/stream.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:24: sys/stream.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/stream.h>
-configure:30360: result: no
-configure:30364: checking sys/stream.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:24: sys/stream.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/stream.h>
-configure:30395: result: no
-configure:30413: checking for sys/stream.h
-configure:30420: result: no
-configure:30333: checking sys/stropts.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:25: sys/stropts.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/stropts.h>
-configure:30360: result: no
-configure:30364: checking sys/stropts.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:25: sys/stropts.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/stropts.h>
-configure:30395: result: no
-configure:30413: checking for sys/stropts.h
-configure:30420: result: no
-configure:30333: checking sys/strtty.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:24: sys/strtty.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/strtty.h>
-configure:30360: result: no
-configure:30364: checking sys/strtty.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:24: sys/strtty.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/strtty.h>
-configure:30395: result: no
-configure:30413: checking for sys/strtty.h
-configure:30420: result: no
-configure:30333: checking sys/syscall.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/syscall.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/syscall.h
-configure:30420: result: yes
-configure:30333: checking sys/termio.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:24: sys/termio.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <sys/termio.h>
-configure:30360: result: no
-configure:30364: checking sys/termio.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:24: sys/termio.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <sys/termio.h>
-configure:30395: result: no
-configure:30413: checking for sys/termio.h
-configure:30420: result: no
-configure:30333: checking sys/timeb.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/timeb.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/timeb.h
-configure:30420: result: yes
-configure:30333: checking sys/times.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/times.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/times.h
-configure:30420: result: yes
-configure:30333: checking sys/un.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking sys/un.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for sys/un.h
-configure:30420: result: yes
-configure:30333: checking term.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking term.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for term.h
-configure:30420: result: yes
-configure:30333: checking termcap.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking termcap.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for termcap.h
-configure:30420: result: yes
-configure:30333: checking termio.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:20: termio.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <termio.h>
-configure:30360: result: no
-configure:30364: checking termio.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:20: termio.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <termio.h>
-configure:30395: result: no
-configure:30413: checking for termio.h
-configure:30420: result: no
-configure:30333: checking time.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking time.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for time.h
-configure:30420: result: yes
-configure:30333: checking tmpdir.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:20: tmpdir.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <tmpdir.h>
-configure:30360: result: no
-configure:30364: checking tmpdir.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:20: tmpdir.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <tmpdir.h>
-configure:30395: result: no
-configure:30413: checking for tmpdir.h
-configure:30420: result: no
-configure:30333: checking udb.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:17: udb.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <udb.h>
-configure:30360: result: no
-configure:30364: checking udb.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:17: udb.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <udb.h>
-configure:30395: result: no
-configure:30413: checking for udb.h
-configure:30420: result: no
-configure:30333: checking utmp.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30345: $? = 0
-configure:30348: test -s conftest.o
-configure:30351: $? = 0
-configure:30360: result: yes
-configure:30364: checking utmp.h presence
-configure:30371: gcc -E  conftest.c
-configure:30377: $? = 0
-configure:30395: result: yes
-configure:30413: checking for utmp.h
-configure:30420: result: yes
-configure:30333: checking utmpx.h usability
-configure:30342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:30371:19: utmpx.h: No such file or directory
-configure:30345: $? = 1
-configure: failed program was:
-#line 30336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <utmpx.h>
-configure:30360: result: no
-configure:30364: checking utmpx.h presence
-configure:30371: gcc -E  conftest.c
-configure:30368:19: utmpx.h: No such file or directory
-configure:30377: $? = 1
-configure: failed program was:
-#line 30367 "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-configure:30395: result: no
-configure:30413: checking for utmpx.h
-configure:30420: result: no
-configure:30452: checking for logwtmp
-configure:30488: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//cc8xptXg.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:30481: undefined reference to `logwtmp'
-configure:30491: $? = 1
-configure: failed program was:
-#line 30470 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-logwtmp()
-  ;
-  return 0;
-}
-configure:30488: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lutil   >&5
-configure:30491: $? = 0
-configure:30494: test -s conftest
-configure:30497: $? = 0
-configure:30626: result: yes, in -lutil
-configure:30635: checking for logout
-configure:30671: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//cc52FYG1.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:30664: undefined reference to `logout'
-configure:30674: $? = 1
-configure: failed program was:
-#line 30653 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-logout()
-  ;
-  return 0;
-}
-configure:30671: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lutil   >&5
-configure:30674: $? = 0
-configure:30677: test -s conftest
-configure:30680: $? = 0
-configure:30809: result: yes, in -lutil
-configure:30818: checking for openpty
-configure:30854: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccTqE1Vi.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:30847: undefined reference to `openpty'
-configure:30857: $? = 1
-configure: failed program was:
-#line 30836 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-openpty()
-  ;
-  return 0;
-}
-configure:30854: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lutil   >&5
-configure:30857: $? = 0
-configure:30860: test -s conftest
-configure:30863: $? = 0
-configure:30992: result: yes, in -lutil
-configure:31001: checking for tgetent
-configure:31037: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccgIQ9hT.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31030: undefined reference to `tgetent'
-configure:31040: $? = 1
-configure: failed program was:
-#line 31019 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-tgetent()
-  ;
-  return 0;
-}
-configure:31037: gcc  -o conftest -DINET6 -g -O2   conftest.c  -ltermcap   >&5
-configure:31040: $? = 0
-configure:31043: test -s conftest
-configure:31046: $? = 0
-configure:31175: result: yes, in -ltermcap
-configure:31243: checking for _getpty
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cclw3hBa.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `_getpty'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char _getpty (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char _getpty ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub__getpty) || defined (__stub____getpty)
-choke me
-#else
-f = _getpty;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for _scrsize
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccjKOSKA.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `_scrsize'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char _scrsize (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char _scrsize ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub__scrsize) || defined (__stub____scrsize)
-choke me
-#else
-f = _scrsize;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for fcntl
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for grantpt
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccGn22zp.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `grantpt'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char grantpt (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char grantpt ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_grantpt) || defined (__stub___grantpt)
-choke me
-#else
-f = grantpt;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for mktime
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for ptsname
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccdMhxaz.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `ptsname'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char ptsname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char ptsname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_ptsname) || defined (__stub___ptsname)
-choke me
-#else
-f = ptsname;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for rand
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for revoke
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for select
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setitimer
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setpcred
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cconK9tz.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `setpcred'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setpcred (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setpcred ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setpcred) || defined (__stub___setpcred)
-choke me
-#else
-f = setpcred;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for setpgid
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setproctitle
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setregid
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setresgid
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setresuid
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setreuid
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setsid
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for setutent
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccpb7Gmc.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `setutent'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setutent (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setutent ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setutent) || defined (__stub___setutent)
-choke me
-#else
-f = setutent;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for sigaction
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for strstr
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31259: warning: conflicting types for built-in function `strstr'
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for timegm
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for ttyname
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for ttyslot
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for umask
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31243: checking for unlockpt
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccOVHBbb.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `unlockpt'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char unlockpt (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char unlockpt ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_unlockpt) || defined (__stub___unlockpt)
-choke me
-#else
-f = unlockpt;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for vhangup
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccf5smP1.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31277: undefined reference to `vhangup'
-configure:31289: $? = 1
-configure: failed program was:
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vhangup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vhangup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vhangup) || defined (__stub___vhangup)
-choke me
-#else
-f = vhangup;
-#endif
-
-  ;
-  return 0;
-}
-configure:31305: result: no
-configure:31243: checking for yp_get_default_domain
-configure:31286: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:31289: $? = 0
-configure:31292: test -s conftest
-configure:31295: $? = 0
-configure:31305: result: yes
-configure:31333: checking capability.h usability
-configure:31342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:31371:24: capability.h: No such file or directory
-configure:31345: $? = 1
-configure: failed program was:
-#line 31336 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
-#include <capability.h>
-configure:31360: result: no
-configure:31364: checking capability.h presence
-configure:31371: gcc -E  conftest.c
-configure:31368:24: capability.h: No such file or directory
-configure:31377: $? = 1
-configure: failed program was:
-#line 31367 "configure"
-#include "confdefs.h"
-#include <capability.h>
-configure:31395: result: no
-configure:31413: checking for capability.h
-configure:31420: result: no
-configure:31333: checking sys/capability.h usability
-configure:31342: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:31345: $? = 0
-configure:31348: test -s conftest.o
-configure:31351: $? = 0
-configure:31360: result: yes
-configure:31364: checking sys/capability.h presence
-configure:31371: gcc -E  conftest.c
-configure:31377: $? = 0
-configure:31395: result: yes
-configure:31413: checking for sys/capability.h
-configure:31420: result: yes
-configure:31439: checking for sgi_getcapabilitybyname
-configure:31482: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//cckTepo7.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31473: undefined reference to `sgi_getcapabilitybyname'
-configure:31485: $? = 1
-configure: failed program was:
-#line 31445 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char sgi_getcapabilitybyname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char sgi_getcapabilitybyname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_sgi_getcapabilitybyname) || defined (__stub___sgi_getcapabilitybyname)
-choke me
-#else
-f = sgi_getcapabilitybyname;
-#endif
-
-  ;
-  return 0;
-}
-configure:31501: result: no
-configure:31439: checking for cap_set_proc
-configure:31482: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccrfpAWB.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31473: undefined reference to `cap_set_proc'
-configure:31485: $? = 1
-configure: failed program was:
-#line 31445 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char cap_set_proc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char cap_set_proc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_cap_set_proc) || defined (__stub___cap_set_proc)
-choke me
-#else
-f = cap_set_proc;
-#endif
-
-  ;
-  return 0;
-}
-configure:31501: result: no
-configure:31517: checking for getpwnam_r
-configure:31553: gcc  -o conftest -DINET6 -g -O2   conftest.c     >&5
-/var/tmp//ccSvSC7w.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31546: undefined reference to `getpwnam_r'
-configure:31556: $? = 1
-configure: failed program was:
-#line 31535 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getpwnam_r()
-  ;
-  return 0;
-}
-configure:31553: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lc_r   >&5
-/var/tmp//ccyJuZdq.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31546: undefined reference to `getpwnam_r'
-configure:31556: $? = 1
-configure: failed program was:
-#line 31535 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getpwnam_r()
-  ;
-  return 0;
-}
-configure:31677: result: no
-configure:31760: checking for getudbnam
-configure:31803: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccb4fP3j.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31794: undefined reference to `getudbnam'
-configure:31806: $? = 1
-configure: failed program was:
-#line 31766 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getudbnam (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getudbnam ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getudbnam) || defined (__stub___getudbnam)
-choke me
-#else
-f = getudbnam;
-#endif
-
-  ;
-  return 0;
-}
-configure:31822: result: no
-configure:31760: checking for setlim
-configure:31803: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccXMI3QU.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:31794: undefined reference to `setlim'
-configure:31806: $? = 1
-configure: failed program was:
-#line 31766 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setlim (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setlim ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setlim) || defined (__stub___setlim)
-choke me
-#else
-f = setlim;
-#endif
-
-  ;
-  return 0;
-}
-configure:31822: result: no
-configure:31837: checking for ut_addr in struct utmp
-configure:31862: gcc  -c -DINET6 -g -O2  conftest.c >&5
-In file included from configure:31845:
-/usr/include/utmp.h:54: syntax error before "int32_t"
-/usr/include/utmp.h:63: syntax error before "int32_t"
-configure: In function `main':
-configure:31855: structure has no member named `ut_addr'
-configure:31865: $? = 1
-configure: failed program was:
-#line 31844 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_addr;
-  ;
-  return 0;
-}
-configure:31881: result: no
-configure:31896: checking for ut_host in struct utmp
-configure:31921: gcc  -c -DINET6 -g -O2  conftest.c >&5
-In file included from configure:31904:
-/usr/include/utmp.h:54: syntax error before "int32_t"
-/usr/include/utmp.h:63: syntax error before "int32_t"
-configure:31924: $? = 1
-configure: failed program was:
-#line 31903 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_host;
-  ;
-  return 0;
-}
-configure:31940: result: no
-configure:31955: checking for ut_id in struct utmp
-configure:31980: gcc  -c -DINET6 -g -O2  conftest.c >&5
-In file included from configure:31963:
-/usr/include/utmp.h:54: syntax error before "int32_t"
-/usr/include/utmp.h:63: syntax error before "int32_t"
-configure: In function `main':
-configure:31973: structure has no member named `ut_id'
-configure:31983: $? = 1
-configure: failed program was:
-#line 31962 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_id;
-  ;
-  return 0;
-}
-configure:31999: result: no
-configure:32014: checking for ut_pid in struct utmp
-configure:32039: gcc  -c -DINET6 -g -O2  conftest.c >&5
-In file included from configure:32022:
-/usr/include/utmp.h:54: syntax error before "int32_t"
-/usr/include/utmp.h:63: syntax error before "int32_t"
-configure: In function `main':
-configure:32032: structure has no member named `ut_pid'
-configure:32042: $? = 1
-configure: failed program was:
-#line 32021 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_pid;
-  ;
-  return 0;
-}
-configure:32058: result: no
-configure:32073: checking for ut_type in struct utmp
-configure:32098: gcc  -c -DINET6 -g -O2  conftest.c >&5
-In file included from configure:32081:
-/usr/include/utmp.h:54: syntax error before "int32_t"
-/usr/include/utmp.h:63: syntax error before "int32_t"
-configure: In function `main':
-configure:32091: structure has no member named `ut_type'
-configure:32101: $? = 1
-configure: failed program was:
-#line 32080 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_type;
-  ;
-  return 0;
-}
-configure:32117: result: no
-configure:32132: checking for ut_user in struct utmp
-configure:32157: gcc  -c -DINET6 -g -O2  conftest.c >&5
-In file included from configure:32140:
-/usr/include/utmp.h:54: syntax error before "int32_t"
-/usr/include/utmp.h:63: syntax error before "int32_t"
-configure: In function `main':
-configure:32150: structure has no member named `ut_user'
-configure:32160: $? = 1
-configure: failed program was:
-#line 32139 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_user;
-  ;
-  return 0;
-}
-configure:32176: result: no
-configure:32191: checking for ut_exit in struct utmpx
-configure:32216: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32199:19: utmpx.h: No such file or directory
-configure: In function `main':
-configure:32209: storage size of `x' isn't known
-configure:32219: $? = 1
-configure: failed program was:
-#line 32198 "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmpx x; x.ut_exit;
-  ;
-  return 0;
-}
-configure:32235: result: no
-configure:32250: checking for ut_syslen in struct utmpx
-configure:32275: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32258:19: utmpx.h: No such file or directory
-configure: In function `main':
-configure:32268: storage size of `x' isn't known
-configure:32278: $? = 1
-configure: failed program was:
-#line 32257 "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmpx x; x.ut_syslen;
-  ;
-  return 0;
-}
-configure:32294: result: no
-configure:32308: checking for int8_t
-configure:32352: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32355: $? = 0
-configure:32358: test -s conftest.o
-configure:32361: $? = 0
-configure:32371: result: yes
-configure:32381: checking for int16_t
-configure:32425: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32428: $? = 0
-configure:32431: test -s conftest.o
-configure:32434: $? = 0
-configure:32444: result: yes
-configure:32454: checking for int32_t
-configure:32498: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32501: $? = 0
-configure:32504: test -s conftest.o
-configure:32507: $? = 0
-configure:32517: result: yes
-configure:32527: checking for int64_t
-configure:32571: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32574: $? = 0
-configure:32577: test -s conftest.o
-configure:32580: $? = 0
-configure:32590: result: yes
-configure:32600: checking for u_int8_t
-configure:32644: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32647: $? = 0
-configure:32650: test -s conftest.o
-configure:32653: $? = 0
-configure:32663: result: yes
-configure:32673: checking for u_int16_t
-configure:32717: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32720: $? = 0
-configure:32723: test -s conftest.o
-configure:32726: $? = 0
-configure:32736: result: yes
-configure:32746: checking for u_int32_t
-configure:32790: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32793: $? = 0
-configure:32796: test -s conftest.o
-configure:32799: $? = 0
-configure:32809: result: yes
-configure:32819: checking for u_int64_t
-configure:32863: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32866: $? = 0
-configure:32869: test -s conftest.o
-configure:32872: $? = 0
-configure:32882: result: yes
-configure:32892: checking for uint8_t
-configure:32936: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:32939: $? = 0
-configure:32942: test -s conftest.o
-configure:32945: $? = 0
-configure:32955: result: yes
-configure:32965: checking for uint16_t
-configure:33009: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:33012: $? = 0
-configure:33015: test -s conftest.o
-configure:33018: $? = 0
-configure:33028: result: yes
-configure:33038: checking for uint32_t
-configure:33082: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:33085: $? = 0
-configure:33088: test -s conftest.o
-configure:33091: $? = 0
-configure:33101: result: yes
-configure:33111: checking for uint64_t
-configure:33155: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:33158: $? = 0
-configure:33161: test -s conftest.o
-configure:33164: $? = 0
-configure:33174: result: yes
-configure:33238: checking for crypto library
-configure:33297: gcc  -o conftest -DINET6 -g -O2    conftest.c   -lcrypto >&5
-configure:33300: $? = 0
-configure:33303: test -s conftest
-configure:33306: $? = 0
-configure:33310: result: libcrypto
-configure:33618: checking for el_init
-configure:33654: gcc  -o conftest -DINET6 -g -O2   conftest.c   -ltermcap  >&5
-/var/tmp//cc0a06cs.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:33647: undefined reference to `el_init'
-configure:33657: $? = 1
-configure: failed program was:
-#line 33636 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-el_init()
-  ;
-  return 0;
-}
-configure:33654: gcc  -o conftest -DINET6 -g -O2   conftest.c  -ledit -ltermcap  >&5
-configure:33657: $? = 0
-configure:33660: test -s conftest
-configure:33663: $? = 0
-configure:33792: result: yes, in -ledit
-configure:33799: checking for four argument el_init
-configure:33825: gcc  -c -DINET6 -g -O2  conftest.c >&5
-configure:33828: $? = 0
-configure:33831: test -s conftest.o
-configure:33834: $? = 0
-configure:33844: result: yes
-configure:33922: checking for getmsg
-configure:33965: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-/var/tmp//ccNHXtL8.o: In function `main':
-/usr/home/nectar/devel/heimdal/configure:33956: undefined reference to `getmsg'
-configure:33968: $? = 1
-configure: failed program was:
-#line 33928 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getmsg) || defined (__stub___getmsg)
-choke me
-#else
-f = getmsg;
-#endif
-
-  ;
-  return 0;
-}
-configure:33984: result: no
-configure:34061: checking for compile_et
-configure:34077: found /usr/bin/compile_et
-configure:34087: result: compile_et
-configure:34098: checking whether compile_et has the features we need
-configure:34130: gcc  -o conftest -DINET6 -g -O2   conftest.c  >&5
-configure:34133: $? = 0
-configure:34135: ./conftest
-configure:34138: $? = 0
-configure:34151: result: yes
-configure:34159: checking for com_err
-configure:34183: gcc  -o conftest -DINET6 -g -O2   conftest.c  -lcom_err >&5
-configure:34186: $? = 0
-configure:34189: test -s conftest
-configure:34192: $? = 0
-configure:34201: result: yes
-configure:34213: Using the already-installed com_err
-configure:34232: checking which authentication modules should be built
-configure:34256: result: 
-configure:34593: creating ./config.status
-
-## ---------------------- ##
-## Running config.status. ##
-## ---------------------- ##
-
-This file was extended by Heimdal config.status 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  CONFIG_FILES    = 
-  CONFIG_HEADERS  = 
-  CONFIG_LINKS    = 
-  CONFIG_COMMANDS = 
-  $ ./config.status 
-
-on shade.nectar.cc
-
-config.status:35438: creating Makefile
-config.status:35438: creating include/Makefile
-config.status:35438: creating include/kadm5/Makefile
-config.status:35438: creating lib/Makefile
-config.status:35438: creating lib/45/Makefile
-config.status:35438: creating lib/auth/Makefile
-config.status:35438: creating lib/auth/afskauthlib/Makefile
-config.status:35438: creating lib/auth/pam/Makefile
-config.status:35438: creating lib/auth/sia/Makefile
-config.status:35438: creating lib/asn1/Makefile
-config.status:35438: creating lib/com_err/Makefile
-config.status:35438: creating lib/des/Makefile
-config.status:35474: error: cannot find input file: lib/des/Makefile.in
-
-## ---------------- ##
-## Cache variables. ##
-## ---------------- ##
-
-ac_cv_type_u_int8_t=yes
-ac_cv_header_sys_pty_h=no
-ac_cv_var_optarg_declaration=yes
-ac_cv_func_unsetenv_noproto=no
-ac_cv_func_strtok_r_noproto=no
-ac_cv_func_gethostname=yes
-ac_cv_func_strunvis=yes
-ac_cv_func_asprintf=yes
-ac_cv_func_glob_noproto=no
-ac_cv_type_size_t=yes
-am_cv_CC_dependencies_compiler_type=none
-ac_cv_func_sgi_getcapabilitybyname=no
-ac_cv_header_libutil_h=yes
-ac_cv_var_optind_declaration=yes
-ac_cv_func_warnx=yes
-ac_cv_func_seteuid=yes
-ac_cv_func_getcwd=yes
-ac_cv_func_vasprintf=yes
-ac_cv_var__res=yes
-ac_cv_header_netinet_in_h=yes
-ac_cv_header_crypt_h=no
-ac_cv_lib_fl_yywrap=yes
-ac_cv_type_struct_utmp_ut_type=no
-ac_cv_type_struct_utmp_ut_addr=no
-ac_cv_func_getudbnam=no
-ac_cv_header_sys_times_h=yes
-ac_cv_var_h_errlist=yes
-ac_cv_funclib_crypt=-lcrypt
-ac_cv_func_vwarnx=yes
-ac_cv_func_getconfattr=no
-ac_cv_header_util_h=no
-ac_cv_header_grp_h=yes
-ac_cv_header_err_h=yes
-ac_cv_func_select=yes
-ac_cv_lib_crypt=yes
-ac_cv_func_crypt=yes
-ac_cv_func_initgroups=yes
-ac_cv_func_getusershell=yes
-ac_cv_header_netdb_h=yes
-ac_cv_header_netinet_ip_h=yes
-ac_cv_header_stdlib_h=yes
-lt_cv_file_magic_cmd='$MAGIC_CMD'
-ac_cv_lib_util=yes
-ac_cv_header_stropts_h=no
-ac_cv_funclib_XauFileName=yes
-ac_cv_funclib_XauWriteAuth=-lXau
-ac_cv_funclib_dlopen=yes
-ac_cv_var___progname_declaration=no
-ac_cv_func_strncasecmp=yes
-ac_cv_func_memmove=yes
-ac_cv_func_err=yes
-ac_cv_funclib_bswap32=no
-ac_cv_func_random=yes
-ac_cv_func_on_exit=no
-ac_cv_header_sys_tty_h=yes
-ac_cv_header_sys_time_h=yes
-ac_cv_header_pwd_h=yes
-ac_cv_want_pam_krb4=no
-ac_cv_func_cap_set_proc=no
-ac_cv_func_XauFileName=yes
-ac_cv_func_XauWriteAuth=yes
-ac_cv_func_dlopen=yes
-ac_cv_type_struct_sockaddr_sa_len=yes
-ac_cv_func_verr=yes
-ac_cv_func_recvmsg=yes
-ac_cv_func_innetgr=yes
-ac_cv_func_getuid=yes
-ac_cv_func_getdtablesize=yes
-ac_cv_func_bswap32=no
-ac_cv_func_strsvis=no
-ac_cv___attribute__=yes
-ac_cv_prog_cc_g=yes
-ac_cv_env_LDFLAGS_set=
-ac_cv_type_u_int32_t=yes
-ac_cv_func_timegm=yes
-ac_cv_func_ptsname=no
-ac_cv_header_sys_category_h=no
-ac_cv_header_io_h=no
-ac_cv_funclib_bswap16=no
-ac_cv_func_unvis=yes
-ac_cv_func_setstate=yes
-ac_cv_func_setprogname=yes
-ac_cv_var__res_declaration=yes
-ac_cv_header_usersec_h=no
-lt_cv_prog_cc_can_build_shared=yes
-ac_cv_path_install='/usr/bin/install -c'
-ac_cv_c_compiler_gnu=yes
-ac_cv_exeext=
-ac_cv_env_CFLAGS_set=
-ac_cv_header_sys_capability_h=yes
-ac_cv_func_vhangup=no
-ac_cv_var_h_errlist_declaration=no
-ac_cv_func_setenv_noproto=no
-ac_cv_func_strftime=yes
-ac_cv_func_flock=yes
-ac_cv_func_errx=yes
-ac_cv_func_erealloc=no
-ac_cv_func_bswap16=no
-ac_cv_func_strvis=yes
-ac_cv_header_shadow_h=no
-ac_cv_header_dirent_h=yes
-ac_cv_header_db_185_h=no
-ac_cv_type_u_int16_t=yes
-ac_cv_funclib_tgetent=-ltermcap
-ac_cv_func_verrx=yes
-ac_cv_func_freehostent=yes
-ac_cv_func_fchown=yes
-ac_cv_func_ecalloc=no
-ac_cv_funclib_getpwnam_r=no
-ac_cv_func_unlockpt=no
-ac_cv_func_tgetent=yes
-ac_cv_path_GROFF=/usr/bin/groff
-ac_cv_header_sys_proc_h=yes
-ac_cv_header_netinet_in_systm_h=yes
-ac_cv_func_getmsg=no
-ac_cv_func_getpwnam_r=no
-ac_cv_func_ttyslot=yes
-ac_cv_func_mktime=yes
-ac_cv_func__getpty=no
-ac_cv_header_utmp_h=yes
-ac_cv_header_sgtty_h=yes
-ac_cv_header_maillock_h=no
-ac_cv_func_strlwr=no
-ac_cv_func_readv=yes
-ac_cv_func_strvisx=yes
-ac_cv_header_sys_wait_h=yes
-ac_cv_funclib_db_create=no
-ac_cv_env_CPP_value=
-ac_cv_env_CPPFLAGS_set=
-ac_cv_type_u_int64_t=yes
-ac_cv_header_arpa_ftp_h=yes
-ac_cv_func_strlcat=yes
-ac_cv_func_strcasecmp=yes
-ac_cv_func_svis=no
-ac_cv_funclib_socket=yes
-ac_cv_header_vis_h=yes
-ac_cv_func_db_create=no
-lt_cv_prog_cc_static_works=yes
-lt_cv_prog_cc_no_builtin=
-ac_cv_func_sigaction=yes
-ac_cv_header_sys_ioccom_h=yes
-ac_cv_header_siad_h=no
-krb_cv_c_bigendian=no
-ac_cv_func_gethostbyaddr_proto_compat=no
-ac_cv_func_inet_aton=yes
-ac_cv_func_strupr=no
-ac_cv_func_socket=yes
-ac_cv_header_ndbm_h=yes
-lt_cv_prog_cc_shlib=
-ac_cv_header_utmpx_h=no
-ac_cv_header_bind_bitypes_h=no
-ac_cv_var_h_errno=yes
-ac_cv_func_strndup_noproto=yes
-ac_cv_func_iruserok=yes
-ac_cv_func_vis=yes
-ac_cv_header_sys_sysctl_h=yes
-ac_cv_header_fcntl_h=yes
-ac_cv_header_standards_h=no
-lt_cv_prog_cc_static=-static
-ac_cv_env_host_alias_set=
-ac_cv_func_yp_get_default_domain=yes
-ac_cv_func_strstr=yes
-ac_cv_func_setproctitle=yes
-ac_cv_func_grantpt=no
-ac_cv_func_getegid=yes
-ac_cv_funclib_getaddrinfo=yes
-ac_cv_funclib_hstrerror=yes
-ac_cv_func_uname=yes
-ac_cv_c_const=yes
-ac_cv_prog_YACC='bison -y'
-ac_cv_func_setsid=yes
-ac_cv_func_revoke=yes
-ac_cv_func_fcntl=yes
-ac_cv_header_sys_str_tty_h=no
-krb_cv_sys_x_libs=' -L/usr/X11R6/lib'
-ac_cv_var_opterr_declaration=yes
-ac_cv_func_mkstemp=yes
-ac_cv_func_getaddrinfo=yes
-ac_cv_func_asnprintf_noproto=yes
-ac_cv_func_hstrerror=yes
-ac_cv_header_termios_h=yes
-lt_cv_ld_reload_flag=-r
-ac_cv_func_ttyname=yes
-ac_cv_lib_Xau=yes
-ac_cv_path_NROFF=/usr/bin/nroff
-ac_cv_func_getnameinfo_broken=no
-ac_cv_func_getipnodebyaddr=yes
-ac_cv_func_vasnprintf_noproto=yes
-ac_cv_header_sys_resource_h=yes
-ac_cv_header_netinet_in6_h=no
-ac_cv_header_ifaddrs_h=yes
-lt_cv_sys_path_separator=:
-ac_cv_func_setlim=no
-ac_cv_header_tmpdir_h=no
-ac_cv_header_termio_h=no
-ac_cv_header_sys_ptyvar_h=no
-ac_cv_type_mode_t=yes
-ac_cv_funclib_XauReadAuth=yes
-ac_cv_func_remove=yes
-ac_cv_func_unsetenv=yes
-ac_cv_func_strtok_r=yes
-ac_cv_func_strptime=yes
-ac_cv_funclib_pidfile=no
-lt_cv_archive_cmds_need_lc=yes
-ac_cv_header_sys_stat_h=yes
-lt_cv_prog_gnu_ld=yes
-ac_cv_prog_lex_root=lex.yy
-ac_cv_env_build_alias_set=
-ac_cv_func_el_init_four=yes
-ac_cv_func_rand=yes
-ac_cv_header_sys_select_h=yes
-ac_cv_func_XauReadAuth=yes
-ac_cv_var_h_errno_declaration=yes
-ac_cv_func_gethostbyname_proto_compat=yes
-ac_cv_func_emalloc=no
-ac_cv_func_pidfile=no
-ac_cv_func_atexit=yes
-ac_cv_func_realloc_broken=no
-ac_cv_lib_edit=yes
-ac_cv_header_limits_h=yes
-ac_cv_struct_spwd=no
-ac_cv_type_struct_sockaddr_storage=yes
-ac_cv_var_h_nerr=yes
-ac_cv_func_getsockname_proto_compat=yes
-ac_cv_func_strsep_noproto=no
-ac_cv_func_rcmd=yes
-ac_cv_func_localtime_r=yes
-ac_cv_func_sysconf=yes
-ac_cv_func_snprintf_working=yes
-ac_cv_header_dbm_h=no
-ac_cv_prog_LN_S='ln -s'
-ac_cv_env_LDFLAGS_value=
-ac_cv_env_target_alias_set=
-ac_cv_header_fnmatch_h=yes
-ac_cv_func_getservbyname_proto_compat=yes
-ac_cv_func_strnlen=no
-ac_cv_funclib_getnameinfo=yes
-ac_cv_func_vsnprintf_working=yes
-ac_cv_func_getlogin_posix=no
-ac_cv_header_db3_db_h=no
-ac_cv_host_alias=i386-unknown-freebsd5.0
-ac_cv_prog_cc_stdc=
-ac_cv_env_CFLAGS_value=
-ac_cv_env_CC_set=
-ac_cv_func_setutent=no
-ac_cv_func_setresgid=yes
-ac_cv_header_sys_stropts_h=no
-ac_cv_header_sys_ptyio_h=no
-ac_cv_header_bsdsetjmp_h=no
-ac_cv_header_arpa_telnet_h=yes
-ac_cv_func_shmat=yes
-ac_cv_have_x='have_x=yes 		ac_x_includes=/usr/X11R6/include ac_x_libraries=/usr/X11R6/lib'
-ac_cv_type_struct_addrinfo=yes
-ac_cv_func_gettimeofday=yes
-ac_cv_func_estrdup=no
-ac_cv_func_getnameinfo=yes
-ac_cv_funclib_dbm_firstkey=yes
-ac_cv_header_db4_db_h=no
-lt_cv_prog_cc_wl=-Wl,
-ac_cv_header_sys_types_h=yes
-ac_cv_header_stdc=yes
-krb_cv_com_err=yes
-ac_cv_type_uint8_t=yes
-ac_cv_type_int8_t=yes
-ac_cv_header_pty_h=no
-ac_cv_header_curses_h=yes
-ac_cv_type_struct_msghdr=yes
-ac_cv_var_timezone=yes
-ac_cv_func_gethostname_noproto=no
-ac_cv_func_strunvis_noproto=no
-ac_cv_func_getopt=yes
-ac_cv_func_getipnodebyname=yes
-ac_cv_func_fnmatch=yes
-ac_cv_func_asprintf_noproto=no
-ac_cv_header_paths_h=yes
-ac_cv_header_time=yes
-ac_cv_func_dbm_firstkey=yes
-ac_cv_header_strings_h=yes
-ac_cv_func_setregid=yes
-ac_cv_funclib_logwtmp=-lutil
-ac_cv_header_sac_h=no
-ac_cv_func_chown=yes
-ac_cv_func_vasprintf_noproto=no
-ac_cv_func_glob_working=yes
-ac_cv_funclib_gethostbyname=yes
-ac_cv_header_sys_uio_h=yes
-ac_cv_type_signal=void
-ac_cv_header_stdint_h=yes
-ac_cv_header_inttypes_h=yes
-ac_cv_prog_make_make_set=yes
-krb_cv_compile_et=yes
-ac_cv_funclib_el_init=-ledit
-ac_cv_func_logwtmp=yes
-ac_cv_header_sys_timeb_h=yes
-ac_cv_header_sys_syscall_h=yes
-ac_cv_var_h_nerr_declaration=no
-ac_cv_func_setenv=yes
-ac_cv_funclib_getsockopt=yes
-ac_cv_var_in6addr_loopback=yes
-ac_cv_func_gethostbyname=yes
-ac_cv_header_sys_param_h=yes
-ac_cv_c_inline=inline
-ac_cv_header_unistd_h=yes
-ac_cv_header_string_h=yes
-lt_cv_global_symbol_to_cdecl='sed -n -e '\''s/^. .* \(.*\)$/extern char \1;/p'\'''
-lt_cv_path_LD=/usr/libexec/elf/ld
-ac_cv_build_alias=i386-unknown-freebsd5.0
-ac_cv_env_CPPFLAGS_value=
-krb_cv_save_LIBS=
-ac_cv_func_el_init=yes
-ac_cv_type_struct_utmp_ut_pid=no
-ac_cv_func_umask=yes
-ac_cv_type_struct_sockaddr=yes
-ac_cv_var_optopt_declaration=yes
-ac_cv_func_crypt_noproto=no
-ac_cv_func_getusershell_noproto=no
-ac_cv_func_getsockopt=yes
-ac_cv_lib_ipv6=yes
-ac_cv_func_getlogin=yes
-ac_cv_func_setpcred=no
-ac_cv_header_time_h=yes
-ac_cv_header_sys_filio_h=yes
-ac_cv_func_swab=yes
-ac_cv_func_setegid=yes
-ac_cv_func_getifaddrs=yes
-ac_cv_header_sys_utsname_h=yes
-ac_cv_header_sys_sockio_h=yes
-ac_cv_header_netinet6_in6_var_h=yes
-ac_cv_prog_ac_ct_RANLIB=ranlib
-ac_cv_header_memory_h=yes
-ac_cv_prog_COMPILE_ET=compile_et
-ac_cv_header_udb_h=no
-ac_cv_header_pthread_h=yes
-ac_cv_type_sig_atomic_t=yes
-ac_cv_var_timezone_declaration=yes
-ac_cv_func_inet_pton=yes
-ac_cv_func_inet_ntop=yes
-ac_cv_func_strsvis_noproto=yes
-ac_cv_funclib_res_search=yes
-ac_cv_header_sys_socket_h=yes
-ac_cv_header_db_h=yes
-ac_cv_prog_ac_ct_STRIP=strip
-ac_cv_host=i386-unknown-freebsd5.0
-ac_cv_env_host_alias_value=
-ac_cv_type_uint32_t=yes
-ac_cv_type_int32_t=yes
-ac_cv_funclib_openpty=-lutil
-ac_cv_funclib_logout=-lutil
-ac_cv_header_sys_file_h=yes
-ac_cv_type_off_t=yes
-ac_cv_type_struct_iovec=yes
-ac_cv_func_unvis_noproto=no
-ac_cv_func_strsep_copy=no
-ac_cv_func_strerror=yes
-ac_cv_func_geteuid=yes
-ac_cv_func_issetugid=yes
-ac_cv_func_getrlimit=yes
-ac_cv_func_res_search=yes
-ac_cv_header_resolv_h=yes
-ac_cv_header_errno_h=yes
-ac_cv_header_capability_h=no
-ac_cv_func_openpty=yes
-ac_cv_func_logout=yes
-ac_cv_header_sys_bitypes_h=no
-krb_cv_sys_x_libs_rpath=
-ac_cv_var_altzone=no
-ac_cv_func_strvis_noproto=no
-ac_cv_header_net_if_h=yes
-lt_cv_global_symbol_to_c_name_address='sed -n -e '\''s/^: \([^ ]*\) $/  {\"\1\", (lt_ptr) 0},/p'\'' -e '\''s/^[BCDEGRST] \([^ ]*\) \([^ ]*\)$/  {"\2", (lt_ptr) \&\2},/p'\'''
-ac_cv_type_uint16_t=yes
-ac_cv_type_int16_t=yes
-ac_cv_type_struct_utmpx_ut_syslen=no
-ac_cv_type_struct_utmp_ut_id=no
-ac_cv_header_sys_stream_h=no
-ac_cv_func_strndup=no
-ac_cv_func_getgid=yes
-ac_cv_func_daemon=yes
-ac_cv_header_config_h=no
-ac_cv_type_pid_t=yes
-lt_cv_compiler_c_o=yes
-lt_cv_prog_cc_pic_works=yes
-lt_cv_file_magic_test_file=
-ac_cv_header_termcap_h=yes
-ac_cv_func_connect=yes
-ac_cv_func_strlcpy=yes
-ac_cv_func_getspnam=no
-ac_cv_func_cgetent=yes
-ac_cv_header_netinet6_in6_h=no
-ac_cv_build=i386-unknown-freebsd5.0
-ac_cv_prog_AWK=gawk
-ac_cv_prog_CPP='gcc -E'
-ac_cv_env_build_alias_value=
-ac_cv_header_netinet_in6_machtypes_h=no
-ac_cv_struct_tm=time.h
-ac_cv_type_struct_ifaddrs=yes
-ac_cv_type_struct_tm_tm_zone=yes
-ac_cv_func_strvisx_noproto=no
-ac_cv_func_lstat=yes
-ac_cv_func_initstate=yes
-ac_cv_func_asnprintf=no
-ac_cv_type_long_long=yes
-lt_cv_prog_cc_pic=' -fPIC'
-lt_cv_sys_global_symbol_pipe='sed -n -e '\''s/^.*[ 	]\([ABCDGISTW][ABCDGISTW]*\)[ 	][ 	]*\(\)\([_A-Za-z][_A-Za-z0-9]*\)$/\1 \2\3 \3/p'\'''
-lt_cv_deplibs_check_method=pass_all
-ac_cv_prog_lex_yytext_pointer=yes
-ac_cv_prog_ac_ct_CC=gcc
-ac_cv_type_uint64_t=yes
-ac_cv_type_int64_t=yes
-ac_cv_func_setitimer=yes
-ac_cv_lib_termcap=yes
-krb_cv_c_bigendian_compile=yes
-ac_cv_func_svis_noproto=yes
-ac_cv_func_copyhostent=no
-ac_cv_func_vasnprintf=no
-ac_cv_func_getprogname=yes
-ac_cv_funclib_dbopen=yes
-lt_cv_compiler_o_lo=yes
-ac_cv_env_target_alias_value=
-ac_cv_func__scrsize=no
-ac_cv_header_sys_un_h=yes
-ac_cv_header_sys_termio_h=no
-ac_cv_sys_catman_ext=number
-ac_cv_sys_man_format='/usr/bin/nroff -mdoc $< > $@'
-ac_cv_func_inet_aton_noproto=no
-ac_cv_funclib_freeaddrinfo=yes
-ac_cv_funclib_dn_expand=yes
-ac_cv_funclib_gethostbyname2=yes
-ac_cv_header_syslog_h=yes
-ac_cv_header_sys_ioctl_h=yes
-ac_cv_func_dbopen=yes
-ac_cv_env_CC_value=
-ac_cv_func_setresuid=yes
-ac_cv_header_term_h=yes
-ac_cv_type_socklen_t=yes
-ac_cv_func_openlog_proto_compat=yes
-ac_cv_func_vis_noproto=no
-ac_cv_func_freeaddrinfo=yes
-ac_cv_func_snprintf_noproto=no
-ac_cv_func_dn_expand=yes
-ac_cv_func_gethostbyname2=yes
-ac_cv_funclib_syslog=yes
-ac_cv_header_userconf_h=no
-ac_cv_header_arpa_inet_h=yes
-ac_cv_header_netinet_tcp_h=yes
-ac_cv_type_uid_t=yes
-lt_cv_path_NM='/usr/bin/nm -B'
-ac_cv_env_CPP_set=
-ac_cv_type_struct_utmpx_ut_exit=no
-ac_cv_header_security_pam_modules_h=yes
-ac_cv_header_netinfo_ni_h=no
-ac_cv_type_struct_tm_tm_gmtoff=yes
-ac_cv_func_getaddrinfo_numserv=yes
-ac_cv_func_writev=yes
-ac_cv_func_strsep=yes
-ac_cv_funclib_setsockopt=yes
-ac_cv_func_vsnprintf_noproto=no
-ac_cv_func_syslog=yes
-ac_cv_header_sys_bswap_h=no
-ac_cv_header_dlfcn_h=yes
-ac_cv_type_struct_utmp_ut_host=no
-ac_cv_func_setreuid=yes
-ac_cv_func_setpgid=yes
-ac_cv_header_sys_strtty_h=no
-ac_cv_lib_ICE_IceConnectionNumber=yes
-ac_cv_func_mkstemp_noproto=no
-ac_cv_func_warn=yes
-ac_cv_func_vsyslog=yes
-ac_cv_func_strdup=yes
-ac_cv_func_putenv=yes
-ac_cv_funclib_gai_strerror=yes
-ac_cv_func_hstrerror_noproto=no
-ac_cv_func_setsockopt=yes
-ac_cv_func_sysctl=yes
-ac_cv_type_ssize_t=yes
-ac_cv_func_setlogin=yes
-ac_cv_prog_LEX=flex
-ac_cv_type_struct_utmp_ut_user=no
-ac_cv_header_signal_h=yes
-ac_cv_struct_winsize=yes
-ac_cv_type_sa_family_t=yes
-ac_cv_var_environ_declaration=no
-ac_cv_var___progname=yes
-ac_cv_func_vwarn=yes
-ac_cv_func_sendmsg=yes
-ac_cv_func_gai_strerror=yes
-ac_cv_header_rpcsvc_ypclnt_h=yes
-ac_cv_header_arpa_nameser_h=yes
-ac_cv_objext=o
-
-## ----------- ##
-## confdefs.h. ##
-## ----------- ##
-
-#define PACKAGE_NAME "Heimdal"
-#define PACKAGE_TARNAME "heimdal"
-#define PACKAGE_VERSION "0.4f"
-#define PACKAGE_STRING "Heimdal 0.4f"
-#define PACKAGE_BUGREPORT "heimdal-bugs@pdc.kth.se"
-#define PACKAGE "heimdal"
-#define VERSION "0.4f"
-#define _GNU_SOURCE 1
-#define YYTEXT_POINTER 1
-#define HAVE___ATTRIBUTE__ 1
-#define STDC_HEADERS 1
-#define HAVE_SYS_TYPES_H 1
-#define HAVE_SYS_STAT_H 1
-#define HAVE_STDLIB_H 1
-#define HAVE_STRING_H 1
-#define HAVE_MEMORY_H 1
-#define HAVE_STRINGS_H 1
-#define HAVE_INTTYPES_H 1
-#define HAVE_STDINT_H 1
-#define HAVE_UNISTD_H 1
-#define HAVE_DLFCN_H 1
-#define HAVE_DB_H 1
-#define HAVE_DBOPEN 1
-#define HAVE_DB1 1
-#define HAVE_NDBM_H 1
-#define HAVE_DBM_FIRSTKEY 1
-#define HAVE_NDBM 1
-#define HAVE_NEW_DB 1
-#define RETSIGTYPE void
-#define VOID_RETSIGTYPE 1
-#define TIME_WITH_SYS_TIME 1
-#define HAVE_NETINET_IP_H 1
-#define HAVE_NETINET_TCP_H 1
-#define HAVE_GETLOGIN 1
-#define HAVE_SETLOGIN 1
-#define HAVE_SSIZE_T 1
-#define HAVE_LONG_LONG 1
-#define HAVE_ARPA_INET_H 1
-#define HAVE_ARPA_NAMESER_H 1
-#define HAVE_DIRENT_H 1
-#define HAVE_ERRNO_H 1
-#define HAVE_ERR_H 1
-#define HAVE_FCNTL_H 1
-#define HAVE_GRP_H 1
-#define HAVE_IFADDRS_H 1
-#define HAVE_NET_IF_H 1
-#define HAVE_NETDB_H 1
-#define HAVE_NETINET_IN_H 1
-#define HAVE_NETINET_IN_SYSTM_H 1
-#define HAVE_NETINET6_IN6_VAR_H 1
-#define HAVE_PATHS_H 1
-#define HAVE_PWD_H 1
-#define HAVE_RESOLV_H 1
-#define HAVE_RPCSVC_YPCLNT_H 1
-#define HAVE_SYS_IOCTL_H 1
-#define HAVE_SYS_PARAM_H 1
-#define HAVE_SYS_PROC_H 1
-#define HAVE_SYS_RESOURCE_H 1
-#define HAVE_SYS_SOCKET_H 1
-#define HAVE_SYS_SOCKIO_H 1
-#define HAVE_SYS_STAT_H 1
-#define HAVE_SYS_SYSCTL_H 1
-#define HAVE_SYS_TIME_H 1
-#define HAVE_SYS_TTY_H 1
-#define HAVE_SYS_TYPES_H 1
-#define HAVE_SYS_UIO_H 1
-#define HAVE_SYS_UTSNAME_H 1
-#define HAVE_SYS_WAIT_H 1
-#define HAVE_SYSLOG_H 1
-#define HAVE_TERMIOS_H 1
-#define HAVE_UNISTD_H 1
-#define HAVE_VIS_H 1
-#define HAVE_SOCKET 1
-#define HAVE_GETHOSTBYNAME 1
-#define HAVE_SYSLOG 1
-#define HAVE_IPV6 1
-#define HAVE_IN6ADDR_LOOPBACK 1
-#define HAVE_GETHOSTBYNAME2 1
-#define HAVE_RES_SEARCH 1
-#define HAVE_DN_EXPAND 1
-#define HAVE__RES 1
-#define HAVE__RES_DECLARATION 1
-#define HAVE_SNPRINTF 1
-#define HAVE_VSNPRINTF 1
-#define HAVE_GLOB 1
-#define HAVE_ASPRINTF 1
-#define HAVE_ATEXIT 1
-#define HAVE_CGETENT 1
-#define HAVE_GETPROGNAME 1
-#define HAVE_GETRLIMIT 1
-#define HAVE_INITSTATE 1
-#define HAVE_ISSETUGID 1
-#define HAVE_RANDOM 1
-#define HAVE_SETPROGNAME 1
-#define HAVE_SETSTATE 1
-#define HAVE_STRUNVIS 1
-#define HAVE_STRVIS 1
-#define HAVE_STRVISX 1
-#define HAVE_SYSCONF 1
-#define HAVE_SYSCTL 1
-#define HAVE_UNAME 1
-#define HAVE_UNVIS 1
-#define HAVE_VASPRINTF 1
-#define HAVE_VIS 1
-#define HAVE_GETSOCKOPT 1
-#define HAVE_SETSOCKOPT 1
-#define HAVE_HSTRERROR 1
-#define NEED_ASNPRINTF_PROTO 1
-#define NEED_VASNPRINTF_PROTO 1
-#define HAVE_GETADDRINFO 1
-#define HAVE_GETNAMEINFO 1
-#define HAVE_FREEADDRINFO 1
-#define HAVE_GAI_STRERROR 1
-#define HAVE_CHOWN 1
-#define HAVE_DAEMON 1
-#define HAVE_ERR 1
-#define HAVE_ERRX 1
-#define HAVE_FCHOWN 1
-#define HAVE_FLOCK 1
-#define HAVE_FNMATCH 1
-#define HAVE_FREEHOSTENT 1
-#define HAVE_GETCWD 1
-#define HAVE_GETDTABLESIZE 1
-#define HAVE_GETEGID 1
-#define HAVE_GETEUID 1
-#define HAVE_GETGID 1
-#define HAVE_GETHOSTNAME 1
-#define HAVE_GETIFADDRS 1
-#define HAVE_GETIPNODEBYADDR 1
-#define HAVE_GETIPNODEBYNAME 1
-#define HAVE_GETOPT 1
-#define HAVE_GETTIMEOFDAY 1
-#define HAVE_GETUID 1
-#define HAVE_GETUSERSHELL 1
-#define HAVE_INITGROUPS 1
-#define HAVE_INNETGR 1
-#define HAVE_IRUSEROK 1
-#define HAVE_LOCALTIME_R 1
-#define HAVE_LSTAT 1
-#define HAVE_MEMMOVE 1
-#define HAVE_MKSTEMP 1
-#define HAVE_PUTENV 1
-#define HAVE_RCMD 1
-#define HAVE_READV 1
-#define HAVE_RECVMSG 1
-#define HAVE_SENDMSG 1
-#define HAVE_SETEGID 1
-#define HAVE_SETENV 1
-#define HAVE_SETEUID 1
-#define HAVE_STRCASECMP 1
-#define HAVE_STRDUP 1
-#define HAVE_STRERROR 1
-#define HAVE_STRFTIME 1
-#define HAVE_STRLCAT 1
-#define HAVE_STRLCPY 1
-#define HAVE_STRNCASECMP 1
-#define HAVE_STRPTIME 1
-#define HAVE_STRSEP 1
-#define HAVE_STRTOK_R 1
-#define HAVE_SWAB 1
-#define HAVE_UNSETENV 1
-#define HAVE_VERR 1
-#define HAVE_VERRX 1
-#define HAVE_VSYSLOG 1
-#define HAVE_VWARN 1
-#define HAVE_VWARNX 1
-#define HAVE_WARN 1
-#define HAVE_WARNX 1
-#define HAVE_WRITEV 1
-#define NEED_STRNDUP_PROTO 1
-#define NEED_STRSVIS_PROTO 1
-#define NEED_SVIS_PROTO 1
-#define HAVE_INET_ATON 1
-#define HAVE_INET_NTOP 1
-#define HAVE_INET_PTON 1
-#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
-#define HAVE_CRYPT 1
-#define HAVE_LIBCRYPT 1
-#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
-#define GETSERVBYNAME_PROTO_COMPATIBLE 1
-#define GETSOCKNAME_PROTO_COMPATIBLE 1
-#define OPENLOG_PROTO_COMPATIBLE 1
-#define HAVE_H_ERRNO 1
-#define HAVE_H_ERRNO_DECLARATION 1
-#define HAVE_H_ERRLIST 1
-#define HAVE_H_NERR 1
-#define HAVE___PROGNAME 1
-#define HAVE_OPTARG_DECLARATION 1
-#define HAVE_OPTIND_DECLARATION 1
-#define HAVE_OPTERR_DECLARATION 1
-#define HAVE_OPTOPT_DECLARATION 1
-#define HAVE_STRUCT_TM_TM_GMTOFF 1
-#define HAVE_STRUCT_TM_TM_ZONE 1
-#define HAVE_TIMEZONE 1
-#define HAVE_TIMEZONE_DECLARATION 1
-#define HAVE_SA_FAMILY_T 1
-#define HAVE_SOCKLEN_T 1
-#define HAVE_STRUCT_SOCKADDR 1
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-#define HAVE_STRUCT_ADDRINFO 1
-#define HAVE_STRUCT_IFADDRS 1
-#define HAVE_STRUCT_IOVEC 1
-#define HAVE_STRUCT_MSGHDR 1
-#define HAVE_STRUCT_WINSIZE 1
-#define HAVE_WS_XPIXEL 1
-#define HAVE_WS_YPIXEL 1
-#define KRB5 1
-#define OTP 1
-#define ENDIANESS_IN_SYS_PARAM_H 1
-#define HAVE_DLOPEN 1
-#define HAVE_XAUWRITEAUTH 1
-#define HAVE_LIBXAU 1
-#define HAVE_XAUREADAUTH 1
-#define HAVE_XAUFILENAME 1
-#define HAVE_LONG_LONG 1
-#define TIME_WITH_SYS_TIME 1
-#define STDC_HEADERS 1
-#define HAVE_ARPA_FTP_H 1
-#define HAVE_ARPA_TELNET_H 1
-#define HAVE_CURSES_H 1
-#define HAVE_DLFCN_H 1
-#define HAVE_FNMATCH_H 1
-#define HAVE_INTTYPES_H 1
-#define HAVE_LIBUTIL_H 1
-#define HAVE_LIMITS_H 1
-#define HAVE_PTHREAD_H 1
-#define HAVE_SECURITY_PAM_MODULES_H 1
-#define HAVE_SGTTY_H 1
-#define HAVE_SIGNAL_H 1
-#define HAVE_SYS_FILE_H 1
-#define HAVE_SYS_FILIO_H 1
-#define HAVE_SYS_IOCCOM_H 1
-#define HAVE_SYS_SELECT_H 1
-#define HAVE_SYS_SYSCALL_H 1
-#define HAVE_SYS_TIMEB_H 1
-#define HAVE_SYS_TIMES_H 1
-#define HAVE_SYS_UN_H 1
-#define HAVE_TERM_H 1
-#define HAVE_TERMCAP_H 1
-#define HAVE_TIME_H 1
-#define HAVE_UTMP_H 1
-#define HAVE_LOGWTMP 1
-#define HAVE_LIBUTIL 1
-#define HAVE_LOGOUT 1
-#define HAVE_LIBUTIL 1
-#define HAVE_OPENPTY 1
-#define HAVE_LIBUTIL 1
-#define HAVE_TGETENT 1
-#define HAVE_LIBTERMCAP 1
-#define HAVE_FCNTL 1
-#define HAVE_MKTIME 1
-#define HAVE_RAND 1
-#define HAVE_REVOKE 1
-#define HAVE_SELECT 1
-#define HAVE_SETITIMER 1
-#define HAVE_SETPGID 1
-#define HAVE_SETPROCTITLE 1
-#define HAVE_SETREGID 1
-#define HAVE_SETRESGID 1
-#define HAVE_SETRESUID 1
-#define HAVE_SETREUID 1
-#define HAVE_SETSID 1
-#define HAVE_SIGACTION 1
-#define HAVE_STRSTR 1
-#define HAVE_TIMEGM 1
-#define HAVE_TTYNAME 1
-#define HAVE_TTYSLOT 1
-#define HAVE_UMASK 1
-#define HAVE_YP_GET_DEFAULT_DOMAIN 1
-#define HAVE_SYS_CAPABILITY_H 1
-#define HAVE_INT8_T 1
-#define HAVE_INT16_T 1
-#define HAVE_INT32_T 1
-#define HAVE_INT64_T 1
-#define HAVE_U_INT8_T 1
-#define HAVE_U_INT16_T 1
-#define HAVE_U_INT32_T 1
-#define HAVE_U_INT64_T 1
-#define HAVE_UINT8_T 1
-#define HAVE_UINT16_T 1
-#define HAVE_UINT32_T 1
-#define HAVE_UINT64_T 1
-#define HAVE_OPENSSL 1
-#define HAVE_EL_INIT 1
-#define HAVE_LIBEDIT 1
-#define HAVE_FOUR_VALUED_EL_INIT 1
-#define HAVE_READLINE 1
-#define AUTHENTICATION 1
-#define ENCRYPTION 1
-#define DES_ENCRYPTION 1
-#define DIAGNOSTICS 1
-#define OLD_ENVIRON 1
-#define BINDIR "/usr/heimdal/bin"
-#define LIBDIR "/usr/heimdal/lib"
-#define LIBEXECDIR "/usr/heimdal/libexec"
-#define LOCALSTATEDIR "/var/heimdal"
-#define SBINDIR "/usr/heimdal/sbin"
-#define SYSCONFDIR "/etc"
-
-configure: exit 1
-
-## ---------------------- ##
-## Running config.status. ##
-## ---------------------- ##
-
-This file was extended by Heimdal config.status 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  CONFIG_FILES    = 
-  CONFIG_HEADERS  = 
-  CONFIG_LINKS    = 
-  CONFIG_COMMANDS = 
-  $ ./config.status 
-
-on shade.nectar.cc
-
-config.status:35438: creating Makefile
-config.status:35438: creating include/Makefile
-config.status:35438: creating include/kadm5/Makefile
-config.status:35438: creating lib/Makefile
-config.status:35438: creating lib/45/Makefile
-config.status:35438: creating lib/auth/Makefile
-config.status:35438: creating lib/auth/afskauthlib/Makefile
-config.status:35438: creating lib/auth/pam/Makefile
-config.status:35438: creating lib/auth/sia/Makefile
-config.status:35438: creating lib/asn1/Makefile
-config.status:35438: creating lib/com_err/Makefile
-config.status:35438: creating lib/editline/Makefile
-config.status:35438: creating lib/gssapi/Makefile
-config.status:35438: creating lib/hdb/Makefile
-config.status:35438: creating lib/kadm5/Makefile
-config.status:35438: creating lib/kafs/Makefile
-config.status:35438: creating lib/kdfs/Makefile
-config.status:35474: error: cannot find input file: lib/kdfs/Makefile.in
-
-## ---------------------- ##
-## Running config.status. ##
-## ---------------------- ##
-
-This file was extended by Heimdal config.status 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  CONFIG_FILES    = 
-  CONFIG_HEADERS  = 
-  CONFIG_LINKS    = 
-  CONFIG_COMMANDS = 
-  $ ./config.status 
-
-on shade.nectar.cc
-
-config.status:35438: creating Makefile
-config.status:35438: creating include/Makefile
-config.status:35438: creating include/kadm5/Makefile
-config.status:35438: creating lib/Makefile
-config.status:35438: creating lib/45/Makefile
-config.status:35438: creating lib/auth/Makefile
-config.status:35438: creating lib/auth/afskauthlib/Makefile
-config.status:35438: creating lib/auth/pam/Makefile
-config.status:35438: creating lib/auth/sia/Makefile
-config.status:35438: creating lib/asn1/Makefile
-config.status:35438: creating lib/com_err/Makefile
-config.status:35438: creating lib/editline/Makefile
-config.status:35438: creating lib/gssapi/Makefile
-config.status:35438: creating lib/hdb/Makefile
-config.status:35438: creating lib/kadm5/Makefile
-config.status:35438: creating lib/kafs/Makefile
-config.status:35438: creating lib/krb5/Makefile
-config.status:35438: creating lib/otp/Makefile
-config.status:35438: creating lib/roken/Makefile
-config.status:35438: creating lib/sl/Makefile
-config.status:35438: creating lib/vers/Makefile
-config.status:35438: creating kuser/Makefile
-config.status:35438: creating kpasswd/Makefile
-config.status:35438: creating kadmin/Makefile
-config.status:35438: creating admin/Makefile
-config.status:35438: creating kdc/Makefile
-config.status:35438: creating appl/Makefile
-config.status:35438: creating appl/afsutil/Makefile
-config.status:35438: creating appl/ftp/Makefile
-config.status:35438: creating appl/ftp/common/Makefile
-config.status:35438: creating appl/ftp/ftp/Makefile
-config.status:35438: creating appl/ftp/ftpd/Makefile
-config.status:35438: creating appl/kx/Makefile
-config.status:35438: creating appl/login/Makefile
-config.status:35438: creating appl/otp/Makefile
-config.status:35438: creating appl/popper/Makefile
-config.status:35438: creating appl/push/Makefile
-config.status:35438: creating appl/rsh/Makefile
-config.status:35438: creating appl/rcp/Makefile
-config.status:35438: creating appl/su/Makefile
-config.status:35438: creating appl/xnlock/Makefile
-config.status:35438: creating appl/telnet/Makefile
-config.status:35438: creating appl/telnet/libtelnet/Makefile
-config.status:35438: creating appl/telnet/telnet/Makefile
-config.status:35438: creating appl/telnet/telnetd/Makefile
-config.status:35438: creating appl/test/Makefile
-config.status:35438: creating appl/kf/Makefile
-config.status:35438: creating appl/dceutils/Makefile
-config.status:35438: creating doc/Makefile
-config.status:35438: creating tools/Makefile
-config.status:35541: creating include/config.h
-config.status:35785: executing depfiles commands
diff --git a/crypto/heimdal/config.status b/crypto/heimdal/config.status
deleted file mode 100755
index feb84b6d5608..000000000000
--- a/crypto/heimdal/config.status
+++ /dev/null
@@ -1,1885 +0,0 @@
-#! /bin/sh
-# Generated by configure.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
-    { $as_unset LANG || test "${LANG+set}" != set; } ||
-      { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
-    { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
-      { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
-    { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
-      { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
-    { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
-      { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
-    { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
-      { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
-    { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
-      { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
-    { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
-      { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
-    { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
-      { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conftest.sh
-  echo  "exit 0"   >>conftest.sh
-  chmod +x conftest.sh
-  if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conftest.sh
-fi
-
-
-  as_lineno_1=34688
-  as_lineno_2=34689
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { { echo "$as_me:34713: error: cannot find myself; rerun with an absolute path" >&5
-echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
-	 /*)
-	   if ("$as_dir/$as_base" -c '
-  as_lineno_1=34728
-  as_lineno_2=34729
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
-
-  # Create $as_me.lineno as a copy of $as_myself, but with 34743
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that 34748 is not a special case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
-    sed '
-      N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
-      t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
-    ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
-    { { echo "$as_me:34762: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
-  # Exit status is that of the last command.
-  exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-exec 6>&1
-
-# Open the log real soon, to keep \$[0] and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.  Logging --version etc. is OK.
-exec 5>>config.log
-{
-  echo
-  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
-} >&5
-cat >&5 <<_CSEOF
-
-This file was extended by Heimdal $as_me 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  CONFIG_FILES    = $CONFIG_FILES
-  CONFIG_HEADERS  = $CONFIG_HEADERS
-  CONFIG_LINKS    = $CONFIG_LINKS
-  CONFIG_COMMANDS = $CONFIG_COMMANDS
-  $ $0 $@
-
-_CSEOF
-echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-echo >&5
-config_files=" Makefile include/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/editline/Makefile lib/gssapi/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile doc/Makefile tools/Makefile"
-config_headers=" include/config.h"
-config_commands=" depfiles"
-
-ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
-
-Usage: $0 [OPTIONS] [FILE]...
-
-  -h, --help       print this help, then exit
-  -V, --version    print version number, then exit
-  -d, --debug      don't remove temporary files
-      --recheck    update $as_me by reconfiguring in the same conditions
-  --file=FILE[:TEMPLATE]
-                   instantiate the configuration file FILE
-  --header=FILE[:TEMPLATE]
-                   instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Configuration commands:
-$config_commands
-
-Report bugs to <bug-autoconf@gnu.org>."
-ac_cs_version="\
-Heimdal config.status 0.4f
-configured by ./configure, generated by GNU Autoconf 2.53,
-  with options \"'--enable-shared'\"
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-srcdir=.
-INSTALL="/usr/bin/install -c"
-# If no file are specified by the user, then we need to provide default
-# value.  By we need to know if files were specified by the user.
-ac_need_defaults=:
-while test $# != 0
-do
-  case $1 in
-  --*=*)
-    ac_option=`expr "x$1" : 'x\([^=]*\)='`
-    ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
-    shift
-    set dummy "$ac_option" "$ac_optarg" ${1+"$@"}
-    shift
-    ;;
-  -*);;
-  *) # This is not an option, so the user has probably given explicit
-     # arguments.
-     ac_need_defaults=false;;
-  esac
-
-  case $1 in
-  # Handling of the options.
-  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-    echo "running /bin/sh ./configure " '--enable-shared' " --no-create --no-recursion"
-    exec /bin/sh ./configure '--enable-shared' --no-create --no-recursion ;;
-  --version | --vers* | -V )
-    echo "$ac_cs_version"; exit 0 ;;
-  --he | --h)
-    # Conflict between --help and --header
-    { { echo "$as_me:34945: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; };;
-  --help | --hel | -h )
-    echo "$ac_cs_usage"; exit 0 ;;
-  --debug | --d* | -d )
-    debug=: ;;
-  --file | --fil | --fi | --f )
-    shift
-    CONFIG_FILES="$CONFIG_FILES $1"
-    ac_need_defaults=false;;
-  --header | --heade | --head | --hea )
-    shift
-    CONFIG_HEADERS="$CONFIG_HEADERS $1"
-    ac_need_defaults=false;;
-
-  # This is an error.
-  -*) { { echo "$as_me:34964: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; } ;;
-
-  *) ac_config_targets="$ac_config_targets $1" ;;
-
-  esac
-  shift
-done
-
-#
-# INIT-COMMANDS section.
-#
-
-AMDEP_TRUE="" ac_aux_dir="."
-
-for ac_config_target in $ac_config_targets
-do
-  case "$ac_config_target" in
-  # Handling of arguments.
-  "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-  "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
-  "include/kadm5/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/kadm5/Makefile" ;;
-  "lib/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
-  "lib/45/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/45/Makefile" ;;
-  "lib/auth/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;;
-  "lib/auth/afskauthlib/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/afskauthlib/Makefile" ;;
-  "lib/auth/pam/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/pam/Makefile" ;;
-  "lib/auth/sia/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/sia/Makefile" ;;
-  "lib/asn1/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/asn1/Makefile" ;;
-  "lib/com_err/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/com_err/Makefile" ;;
-  "lib/editline/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/editline/Makefile" ;;
-  "lib/gssapi/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile" ;;
-  "lib/hdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/hdb/Makefile" ;;
-  "lib/kadm5/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile" ;;
-  "lib/kafs/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kafs/Makefile" ;;
-  "lib/krb5/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile" ;;
-  "lib/otp/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;;
-  "lib/roken/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;;
-  "lib/sl/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;;
-  "lib/vers/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;;
-  "kuser/Makefile" ) CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;;
-  "kpasswd/Makefile" ) CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;;
-  "kadmin/Makefile" ) CONFIG_FILES="$CONFIG_FILES kadmin/Makefile" ;;
-  "admin/Makefile" ) CONFIG_FILES="$CONFIG_FILES admin/Makefile" ;;
-  "kdc/Makefile" ) CONFIG_FILES="$CONFIG_FILES kdc/Makefile" ;;
-  "appl/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/Makefile" ;;
-  "appl/afsutil/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/afsutil/Makefile" ;;
-  "appl/ftp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/Makefile" ;;
-  "appl/ftp/common/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/common/Makefile" ;;
-  "appl/ftp/ftp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/ftp/Makefile" ;;
-  "appl/ftp/ftpd/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/ftpd/Makefile" ;;
-  "appl/kx/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/kx/Makefile" ;;
-  "appl/login/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/login/Makefile" ;;
-  "appl/otp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/otp/Makefile" ;;
-  "appl/popper/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/popper/Makefile" ;;
-  "appl/push/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/push/Makefile" ;;
-  "appl/rsh/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/rsh/Makefile" ;;
-  "appl/rcp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/rcp/Makefile" ;;
-  "appl/su/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/su/Makefile" ;;
-  "appl/xnlock/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/xnlock/Makefile" ;;
-  "appl/telnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/Makefile" ;;
-  "appl/telnet/libtelnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/libtelnet/Makefile" ;;
-  "appl/telnet/telnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/telnet/Makefile" ;;
-  "appl/telnet/telnetd/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/telnetd/Makefile" ;;
-  "appl/test/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/test/Makefile" ;;
-  "appl/kf/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/kf/Makefile" ;;
-  "appl/dceutils/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/dceutils/Makefile" ;;
-  "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
-  "tools/Makefile" ) CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
-  "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
-  "include/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
-  *) { { echo "$as_me:35048: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used.  Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
-  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
-fi
-
-# Create a temporary directory, and hook for its removal unless debugging.
-$debug ||
-{
-  trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
-  trap '{ (exit 1); exit 1; }' 1 2 13 15
-}
-
-# Create a (secure) tmp directory for tmp files.
-: ${TMPDIR=/tmp}
-{
-  tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` &&
-  test -n "$tmp" && test -d "$tmp"
-}  ||
-{
-  tmp=$TMPDIR/cs$$-$RANDOM
-  (umask 077 && mkdir $tmp)
-} ||
-{
-   echo "$me: cannot create a temporary directory in $TMPDIR" >&2
-   { (exit 1); exit 1; }
-}
-
-
-#
-# CONFIG_FILES section.
-#
-
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
-if test -n "$CONFIG_FILES"; then
-  # Protect against being on the right side of a sed subst in config.status.
-  sed 's/,@/@@/; s/@,/@@/; s/,;t t$/@;t t/; /@;t t$/s/[\\&,]/\\&/g;
-   s/@@/,@/; s/@@/@,/; s/@;t t$/,;t t/' >$tmp/subs.sed <<\CEOF
-s,@SHELL@,/bin/sh,;t t
-s,@PATH_SEPARATOR@,:,;t t
-s,@PACKAGE_NAME@,Heimdal,;t t
-s,@PACKAGE_TARNAME@,heimdal,;t t
-s,@PACKAGE_VERSION@,0.4f,;t t
-s,@PACKAGE_STRING@,Heimdal 0.4f,;t t
-s,@PACKAGE_BUGREPORT@,heimdal-bugs@pdc.kth.se,;t t
-s,@exec_prefix@,${prefix},;t t
-s,@prefix@,/usr/heimdal,;t t
-s,@program_transform_name@,s,x,x,,;t t
-s,@bindir@,${exec_prefix}/bin,;t t
-s,@sbindir@,${exec_prefix}/sbin,;t t
-s,@libexecdir@,${exec_prefix}/libexec,;t t
-s,@datadir@,${prefix}/share,;t t
-s,@sysconfdir@,/etc,;t t
-s,@sharedstatedir@,${prefix}/com,;t t
-s,@localstatedir@,/var/heimdal,;t t
-s,@libdir@,${exec_prefix}/lib,;t t
-s,@includedir@,${prefix}/include,;t t
-s,@oldincludedir@,/usr/include,;t t
-s,@infodir@,${prefix}/info,;t t
-s,@mandir@,${prefix}/man,;t t
-s,@build_alias@,,;t t
-s,@host_alias@,,;t t
-s,@target_alias@,,;t t
-s,@DEFS@,-DHAVE_CONFIG_H,;t t
-s,@ECHO_C@,,;t t
-s,@ECHO_N@,-n,;t t
-s,@ECHO_T@,,;t t
-s,@LIBS@,,;t t
-s,@CC@,gcc ,;t t
-s,@CFLAGS@,-DINET6 -g -O2,;t t
-s,@LDFLAGS@,,;t t
-s,@CPPFLAGS@,,;t t
-s,@ac_ct_CC@,gcc,;t t
-s,@EXEEXT@,,;t t
-s,@OBJEXT@,o,;t t
-s,@CPP@,gcc -E,;t t
-s,@INSTALL_PROGRAM@,${INSTALL},;t t
-s,@INSTALL_SCRIPT@,${INSTALL},;t t
-s,@INSTALL_DATA@,${INSTALL} -m 644,;t t
-s,@PACKAGE@,heimdal,;t t
-s,@VERSION@,0.4f,;t t
-s,@ACLOCAL@,${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6,;t t
-s,@AUTOCONF@,${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf,;t t
-s,@AUTOMAKE@,${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6,;t t
-s,@AUTOHEADER@,${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader,;t t
-s,@MAKEINFO@,${SHELL} /usr/home/nectar/devel/heimdal/missing --run makeinfo,;t t
-s,@AMTAR@,${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar,;t t
-s,@install_sh@,/usr/home/nectar/devel/heimdal/install-sh,;t t
-s,@STRIP@,strip,;t t
-s,@ac_ct_STRIP@,strip,;t t
-s,@INSTALL_STRIP_PROGRAM@,${SHELL} $(install_sh) -c -s,;t t
-s,@AWK@,gawk,;t t
-s,@SET_MAKE@,,;t t
-s,@DEPDIR@,.deps,;t t
-s,@am__include@,include,;t t
-s,@am__quote@,,;t t
-s,@AMDEP_TRUE@,,;t t
-s,@AMDEP_FALSE@,#,;t t
-s,@AMDEPBACKSLASH@,\,;t t
-s,@CCDEPMODE@,depmode=none,;t t
-s,@build@,i386-unknown-freebsd5.0,;t t
-s,@build_cpu@,i386,;t t
-s,@build_vendor@,unknown,;t t
-s,@build_os@,freebsd5.0,;t t
-s,@host@,i386-unknown-freebsd5.0,;t t
-s,@host_cpu@,i386,;t t
-s,@host_vendor@,unknown,;t t
-s,@host_os@,freebsd5.0,;t t
-s,@CANONICAL_HOST@,i386-unknown-freebsd5.0,;t t
-s,@YACC@,bison -y,;t t
-s,@LEX@,flex,;t t
-s,@LEXLIB@,-lfl,;t t
-s,@LEX_OUTPUT_ROOT@,lex.yy,;t t
-s,@LN_S@,ln -s,;t t
-s,@ECHO@,echo,;t t
-s,@RANLIB@,ranlib,;t t
-s,@ac_ct_RANLIB@,ranlib,;t t
-s,@LIBTOOL@,$(SHELL) $(top_builddir)/libtool,;t t
-s,@WFLAGS@,-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs,;t t
-s,@WFLAGS_NOUNUSED@,,;t t
-s,@WFLAGS_NOIMPLICITINT@,,;t t
-s,@LIB_db_create@,,;t t
-s,@LIB_dbopen@,,;t t
-s,@LIB_dbm_firstkey@,,;t t
-s,@HAVE_DB1_TRUE@,,;t t
-s,@HAVE_DB1_FALSE@,#,;t t
-s,@HAVE_DB3_TRUE@,#,;t t
-s,@HAVE_DB3_FALSE@,,;t t
-s,@HAVE_NDBM_TRUE@,#,;t t
-s,@HAVE_NDBM_FALSE@,,;t t
-s,@DBLIB@, ,;t t
-s,@LIB_NDBM@,,;t t
-s,@VOID_RETSIGTYPE@,,;t t
-s,@have_err_h_TRUE@,,;t t
-s,@have_err_h_FALSE@,#,;t t
-s,@have_fnmatch_h_TRUE@,#,;t t
-s,@have_fnmatch_h_FALSE@,,;t t
-s,@have_ifaddrs_h_TRUE@,,;t t
-s,@have_ifaddrs_h_FALSE@,#,;t t
-s,@have_vis_h_TRUE@,,;t t
-s,@have_vis_h_FALSE@,#,;t t
-s,@LIB_socket@,,;t t
-s,@LIB_gethostbyname@,,;t t
-s,@LIB_syslog@,,;t t
-s,@LIB_gethostbyname2@,,;t t
-s,@LIB_res_search@,,;t t
-s,@LIB_dn_expand@,,;t t
-s,@LIBOBJS@, copyhostent.o ecalloc.o emalloc.o erealloc.o estrdup.o strlwr.o strndup.o strnlen.o strsep_copy.o strupr.o,;t t
-s,@have_glob_h_TRUE@,,;t t
-s,@have_glob_h_FALSE@,#,;t t
-s,@LIB_getsockopt@,,;t t
-s,@LIB_setsockopt@,,;t t
-s,@LIB_hstrerror@,,;t t
-s,@LIB_bswap16@,,;t t
-s,@LIB_bswap32@,,;t t
-s,@LIB_pidfile@,,;t t
-s,@LIB_getaddrinfo@,,;t t
-s,@LIB_getnameinfo@,,;t t
-s,@LIB_freeaddrinfo@,,;t t
-s,@LIB_gai_strerror@,,;t t
-s,@LIB_crypt@,-lcrypt,;t t
-s,@DIR_roken@,roken,;t t
-s,@LIB_roken@,$(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen),;t t
-s,@INCLUDES_roken@,-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken,;t t
-s,@INCLUDE_openldap@,,;t t
-s,@LIB_openldap@,,;t t
-s,@INCLUDE_krb4@,,;t t
-s,@LIB_krb4@,,;t t
-s,@EXTRA_LIB45@,,;t t
-s,@LIB_krb_enable_debug@,,;t t
-s,@LIB_krb_disable_debug@,,;t t
-s,@LIB_krb_get_our_ip_for_realm@,,;t t
-s,@LIB_krb_kdctimeofday@,,;t t
-s,@LIB_krb_get_kdc_time_diff@,,;t t
-s,@KRB4_TRUE@,#,;t t
-s,@KRB4_FALSE@,,;t t
-s,@KRB5_TRUE@,,;t t
-s,@KRB5_FALSE@,#,;t t
-s,@do_roken_rename_TRUE@,,;t t
-s,@do_roken_rename_FALSE@,#,;t t
-s,@LIB_kdb@,,;t t
-s,@DCE_TRUE@,#,;t t
-s,@DCE_FALSE@,,;t t
-s,@dpagaix_cflags@,-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce,;t t
-s,@dpagaix_ldadd@,-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r,;t t
-s,@dpagaix_ldflags@,-Wl,-bI:dfspag.exp,;t t
-s,@LIB_otp@,$(top_builddir)/lib/otp/libotp.la,;t t
-s,@OTP_TRUE@,,;t t
-s,@OTP_FALSE@,#,;t t
-s,@LIB_security@,,;t t
-s,@NROFF@,/usr/bin/nroff,;t t
-s,@GROFF@,/usr/bin/groff,;t t
-s,@CATMAN@,/usr/bin/nroff -mdoc $< > $@,;t t
-s,@CATMAN_TRUE@,,;t t
-s,@CATMAN_FALSE@,#,;t t
-s,@CATMANEXT@,$$section,;t t
-s,@INCLUDE_readline@,,;t t
-s,@LIB_readline@,$(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent),;t t
-s,@INCLUDE_hesiod@,,;t t
-s,@LIB_hesiod@,,;t t
-s,@AIX_TRUE@,#,;t t
-s,@AIX_FALSE@,,;t t
-s,@AIX4_TRUE@,#,;t t
-s,@AIX4_FALSE@,,;t t
-s,@LIB_dlopen@,,;t t
-s,@HAVE_DLOPEN_TRUE@,,;t t
-s,@HAVE_DLOPEN_FALSE@,#,;t t
-s,@LIB_loadquery@,,;t t
-s,@AIX_DYNAMIC_AFS_TRUE@,,;t t
-s,@AIX_DYNAMIC_AFS_FALSE@,#,;t t
-s,@AIX_EXTRA_KAFS@,,;t t
-s,@IRIX_TRUE@,#,;t t
-s,@IRIX_FALSE@,,;t t
-s,@X_CFLAGS@, -I/usr/X11R6/include,;t t
-s,@X_PRE_LIBS@, -lSM -lICE,;t t
-s,@X_LIBS@, -L/usr/X11R6/lib,;t t
-s,@X_EXTRA_LIBS@,,;t t
-s,@HAVE_X_TRUE@,,;t t
-s,@HAVE_X_FALSE@,#,;t t
-s,@LIB_XauWriteAuth@,-lXau,;t t
-s,@LIB_XauReadAuth@,-lXau,;t t
-s,@LIB_XauFileName@,,;t t
-s,@NEED_WRITEAUTH_TRUE@,#,;t t
-s,@NEED_WRITEAUTH_FALSE@,,;t t
-s,@LIB_logwtmp@,-lutil,;t t
-s,@LIB_logout@,-lutil,;t t
-s,@LIB_openpty@,-lutil,;t t
-s,@LIB_tgetent@,-ltermcap,;t t
-s,@LIB_getpwnam_r@,,;t t
-s,@HAVE_OPENSSL_TRUE@,,;t t
-s,@HAVE_OPENSSL_FALSE@,#,;t t
-s,@DIR_des@,,;t t
-s,@INCLUDE_des@,,;t t
-s,@LIB_des@, -lcrypto,;t t
-s,@LIB_des_a@, -lcrypto,;t t
-s,@LIB_des_so@, -lcrypto,;t t
-s,@LIB_des_appl@, -lcrypto,;t t
-s,@LIB_el_init@,-ledit,;t t
-s,@el_compat_TRUE@,,;t t
-s,@el_compat_FALSE@,#,;t t
-s,@COMPILE_ET@,compile_et,;t t
-s,@DIR_com_err@,,;t t
-s,@LIB_com_err@,-lcom_err,;t t
-s,@LIB_com_err_a@,,;t t
-s,@LIB_com_err_so@,,;t t
-s,@LIB_AUTH_SUBDIRS@,,;t t
-s,@LTLIBOBJS@, copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo,;t t
-CEOF
-
-  # Split the substitutions into bite-sized pieces for seds with
-  # small command number limits, like on Digital OSF/1 and HP-UX.
-  ac_max_sed_lines=48
-  ac_sed_frag=1 # Number of current file.
-  ac_beg=1 # First line for current file.
-  ac_end=$ac_max_sed_lines # Line after last line for current file.
-  ac_more_lines=:
-  ac_sed_cmds=
-  while $ac_more_lines; do
-    if test $ac_beg -gt 1; then
-      sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    else
-      sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    fi
-    if test ! -s $tmp/subs.frag; then
-      ac_more_lines=false
-    else
-      # The purpose of the label and of the branching condition is to
-      # speed up the sed processing (if there are no `@' at all, there
-      # is no need to browse any of the substitutions).
-      # These are the two extra sed commands mentioned above.
-      (echo ':t
-  /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
-      if test -z "$ac_sed_cmds"; then
-  	ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
-      else
-  	ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
-      fi
-      ac_sed_frag=`expr $ac_sed_frag + 1`
-      ac_beg=$ac_end
-      ac_end=`expr $ac_end + $ac_max_sed_lines`
-    fi
-  done
-  if test -z "$ac_sed_cmds"; then
-    ac_sed_cmds=cat
-  fi
-fi # test -n "$CONFIG_FILES"
-
-for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-        cat >$tmp/stdin
-        ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
-  esac
-
-  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
-  ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_file" : 'X\(//\)[^/]' \| \
-         X"$ac_file" : 'X\(//\)$' \| \
-         X"$ac_file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:35392: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-  ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
-  case $INSTALL in
-  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
-  esac
-
-  if test x"$ac_file" != x-; then
-    { echo "$as_me:35438: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-    rm -f "$ac_file"
-  fi
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    configure_input=
-  else
-    configure_input="$ac_file.  "
-  fi
-  configure_input=$configure_input"Generated from `echo $ac_file_in |
-                                     sed 's,.*/,,'` by configure."
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-         # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:35461: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         echo $f;;
-      *) # Relative
-         if test -f "$f"; then
-           # Build tree
-           echo $f
-         elif test -f "$srcdir/$f"; then
-           # Source tree
-           echo $srcdir/$f
-         else
-           # /dev/null tree
-           { { echo "$as_me:35474: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-  sed "/^[ 	]*VPATH[ 	]*=/{
-s/:*\$(srcdir):*/:/;
-s/:*\${srcdir}:*/:/;
-s/:*@srcdir@:*/:/;
-s/^\([^=]*=[ 	]*\):*/\1/;
-s/:*$//;
-s/^[^=]*=[ 	]*$//;
-}
-
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s,@configure_input@,$configure_input,;t t
-s,@srcdir@,$ac_srcdir,;t t
-s,@abs_srcdir@,$ac_abs_srcdir,;t t
-s,@top_srcdir@,$ac_top_srcdir,;t t
-s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-s,@builddir@,$ac_builddir,;t t
-s,@abs_builddir@,$ac_abs_builddir,;t t
-s,@top_builddir@,$ac_top_builddir,;t t
-s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
-s,@INSTALL@,$ac_INSTALL,;t t
-" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
-  rm -f $tmp/stdin
-  if test x"$ac_file" != x-; then
-    mv $tmp/out $ac_file
-  else
-    cat $tmp/out
-    rm -f $tmp/out
-  fi
-
-done
-
-#
-# CONFIG_HEADER section.
-#
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s,^\([ 	]*\)#\([ 	]*define[ 	][ 	]*\)'
-ac_dB='[ 	].*$,\1#\2'
-ac_dC=' '
-ac_dD=',;t'
-# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_uA='s,^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
-ac_uB='$,\1#\2define\3'
-ac_uC=' '
-ac_uD=',;t'
-
-for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-        cat >$tmp/stdin
-        ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
-  esac
-
-  test x"$ac_file" != x- && { echo "$as_me:35541: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-         # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:35552: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         echo $f;;
-      *) # Relative
-         if test -f "$f"; then
-           # Build tree
-           echo $f
-         elif test -f "$srcdir/$f"; then
-           # Source tree
-           echo $srcdir/$f
-         else
-           # /dev/null tree
-           { { echo "$as_me:35565: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-  # Remove the trailing spaces.
-  sed 's/[ 	]*$//' $ac_file_inputs >$tmp/in
-
-  # Handle all the #define templates only if necessary.
-  if egrep "^[ 	]*#[ 	]*define" $tmp/in >/dev/null; then
-  # If there are no defines, we may have an empty if/fi
-  :
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}PACKAGE_NAME${ac_dB}PACKAGE_NAME${ac_dC}"Heimdal"${ac_dD}
-${ac_dA}PACKAGE_TARNAME${ac_dB}PACKAGE_TARNAME${ac_dC}"heimdal"${ac_dD}
-${ac_dA}PACKAGE_VERSION${ac_dB}PACKAGE_VERSION${ac_dC}"0.4f"${ac_dD}
-${ac_dA}PACKAGE_STRING${ac_dB}PACKAGE_STRING${ac_dC}"Heimdal 0.4f"${ac_dD}
-${ac_dA}PACKAGE_BUGREPORT${ac_dB}PACKAGE_BUGREPORT${ac_dC}"heimdal-bugs@pdc.kth.se"${ac_dD}
-${ac_dA}PACKAGE${ac_dB}PACKAGE${ac_dC}"heimdal"${ac_dD}
-${ac_dA}VERSION${ac_dB}VERSION${ac_dC}"0.4f"${ac_dD}
-${ac_dA}_GNU_SOURCE${ac_dB}_GNU_SOURCE${ac_dC}1${ac_dD}
-${ac_dA}YYTEXT_POINTER${ac_dB}YYTEXT_POINTER${ac_dC}1${ac_dD}
-${ac_dA}HAVE___ATTRIBUTE__${ac_dB}HAVE___ATTRIBUTE__${ac_dC}1${ac_dD}
-${ac_dA}STDC_HEADERS${ac_dB}STDC_HEADERS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_TYPES_H${ac_dB}HAVE_SYS_TYPES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_STAT_H${ac_dB}HAVE_SYS_STAT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STDLIB_H${ac_dB}HAVE_STDLIB_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRING_H${ac_dB}HAVE_STRING_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_MEMORY_H${ac_dB}HAVE_MEMORY_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRINGS_H${ac_dB}HAVE_STRINGS_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INTTYPES_H${ac_dB}HAVE_INTTYPES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STDINT_H${ac_dB}HAVE_STDINT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UNISTD_H${ac_dB}HAVE_UNISTD_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DLFCN_H${ac_dB}HAVE_DLFCN_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DB_H${ac_dB}HAVE_DB_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DBOPEN${ac_dB}HAVE_DBOPEN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DB1${ac_dB}HAVE_DB1${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NDBM_H${ac_dB}HAVE_NDBM_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DBM_FIRSTKEY${ac_dB}HAVE_DBM_FIRSTKEY${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NDBM${ac_dB}HAVE_NDBM${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NEW_DB${ac_dB}HAVE_NEW_DB${ac_dC}1${ac_dD}
-${ac_dA}RETSIGTYPE${ac_dB}RETSIGTYPE${ac_dC}void${ac_dD}
-${ac_dA}VOID_RETSIGTYPE${ac_dB}VOID_RETSIGTYPE${ac_dC}1${ac_dD}
-${ac_dA}TIME_WITH_SYS_TIME${ac_dB}TIME_WITH_SYS_TIME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NETINET_IP_H${ac_dB}HAVE_NETINET_IP_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NETINET_TCP_H${ac_dB}HAVE_NETINET_TCP_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETLOGIN${ac_dB}HAVE_GETLOGIN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETLOGIN${ac_dB}HAVE_SETLOGIN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SSIZE_T${ac_dB}HAVE_SSIZE_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LONG_LONG${ac_dB}HAVE_LONG_LONG${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ARPA_INET_H${ac_dB}HAVE_ARPA_INET_H${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_ARPA_NAMESER_H${ac_dB}HAVE_ARPA_NAMESER_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DIRENT_H${ac_dB}HAVE_DIRENT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ERRNO_H${ac_dB}HAVE_ERRNO_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ERR_H${ac_dB}HAVE_ERR_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FCNTL_H${ac_dB}HAVE_FCNTL_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GRP_H${ac_dB}HAVE_GRP_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_IFADDRS_H${ac_dB}HAVE_IFADDRS_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NET_IF_H${ac_dB}HAVE_NET_IF_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NETDB_H${ac_dB}HAVE_NETDB_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NETINET_IN_H${ac_dB}HAVE_NETINET_IN_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NETINET_IN_SYSTM_H${ac_dB}HAVE_NETINET_IN_SYSTM_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_NETINET6_IN6_VAR_H${ac_dB}HAVE_NETINET6_IN6_VAR_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_PATHS_H${ac_dB}HAVE_PATHS_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_PWD_H${ac_dB}HAVE_PWD_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RESOLV_H${ac_dB}HAVE_RESOLV_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RPCSVC_YPCLNT_H${ac_dB}HAVE_RPCSVC_YPCLNT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_IOCTL_H${ac_dB}HAVE_SYS_IOCTL_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_PARAM_H${ac_dB}HAVE_SYS_PARAM_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_PROC_H${ac_dB}HAVE_SYS_PROC_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_RESOURCE_H${ac_dB}HAVE_SYS_RESOURCE_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_SOCKET_H${ac_dB}HAVE_SYS_SOCKET_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_SOCKIO_H${ac_dB}HAVE_SYS_SOCKIO_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_STAT_H${ac_dB}HAVE_SYS_STAT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_SYSCTL_H${ac_dB}HAVE_SYS_SYSCTL_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_TIME_H${ac_dB}HAVE_SYS_TIME_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_TTY_H${ac_dB}HAVE_SYS_TTY_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_TYPES_H${ac_dB}HAVE_SYS_TYPES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_UIO_H${ac_dB}HAVE_SYS_UIO_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_UTSNAME_H${ac_dB}HAVE_SYS_UTSNAME_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_WAIT_H${ac_dB}HAVE_SYS_WAIT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYSLOG_H${ac_dB}HAVE_SYSLOG_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TERMIOS_H${ac_dB}HAVE_TERMIOS_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UNISTD_H${ac_dB}HAVE_UNISTD_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VIS_H${ac_dB}HAVE_VIS_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SOCKET${ac_dB}HAVE_SOCKET${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETHOSTBYNAME${ac_dB}HAVE_GETHOSTBYNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYSLOG${ac_dB}HAVE_SYSLOG${ac_dC}1${ac_dD}
-${ac_dA}HAVE_IPV6${ac_dB}HAVE_IPV6${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_IN6ADDR_LOOPBACK${ac_dB}HAVE_IN6ADDR_LOOPBACK${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETHOSTBYNAME2${ac_dB}HAVE_GETHOSTBYNAME2${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RES_SEARCH${ac_dB}HAVE_RES_SEARCH${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DN_EXPAND${ac_dB}HAVE_DN_EXPAND${ac_dC}1${ac_dD}
-${ac_dA}HAVE__RES${ac_dB}HAVE__RES${ac_dC}1${ac_dD}
-${ac_dA}HAVE__RES_DECLARATION${ac_dB}HAVE__RES_DECLARATION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SNPRINTF${ac_dB}HAVE_SNPRINTF${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VSNPRINTF${ac_dB}HAVE_VSNPRINTF${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GLOB${ac_dB}HAVE_GLOB${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ASPRINTF${ac_dB}HAVE_ASPRINTF${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ATEXIT${ac_dB}HAVE_ATEXIT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_CGETENT${ac_dB}HAVE_CGETENT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETPROGNAME${ac_dB}HAVE_GETPROGNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETRLIMIT${ac_dB}HAVE_GETRLIMIT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INITSTATE${ac_dB}HAVE_INITSTATE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ISSETUGID${ac_dB}HAVE_ISSETUGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RANDOM${ac_dB}HAVE_RANDOM${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETPROGNAME${ac_dB}HAVE_SETPROGNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETSTATE${ac_dB}HAVE_SETSTATE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUNVIS${ac_dB}HAVE_STRUNVIS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRVIS${ac_dB}HAVE_STRVIS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRVISX${ac_dB}HAVE_STRVISX${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYSCONF${ac_dB}HAVE_SYSCONF${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYSCTL${ac_dB}HAVE_SYSCTL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UNAME${ac_dB}HAVE_UNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UNVIS${ac_dB}HAVE_UNVIS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VASPRINTF${ac_dB}HAVE_VASPRINTF${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VIS${ac_dB}HAVE_VIS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETSOCKOPT${ac_dB}HAVE_GETSOCKOPT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETSOCKOPT${ac_dB}HAVE_SETSOCKOPT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_HSTRERROR${ac_dB}HAVE_HSTRERROR${ac_dC}1${ac_dD}
-${ac_dA}NEED_ASNPRINTF_PROTO${ac_dB}NEED_ASNPRINTF_PROTO${ac_dC}1${ac_dD}
-${ac_dA}NEED_VASNPRINTF_PROTO${ac_dB}NEED_VASNPRINTF_PROTO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETADDRINFO${ac_dB}HAVE_GETADDRINFO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETNAMEINFO${ac_dB}HAVE_GETNAMEINFO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FREEADDRINFO${ac_dB}HAVE_FREEADDRINFO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GAI_STRERROR${ac_dB}HAVE_GAI_STRERROR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_CHOWN${ac_dB}HAVE_CHOWN${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_DAEMON${ac_dB}HAVE_DAEMON${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ERR${ac_dB}HAVE_ERR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ERRX${ac_dB}HAVE_ERRX${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FCHOWN${ac_dB}HAVE_FCHOWN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FLOCK${ac_dB}HAVE_FLOCK${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FNMATCH${ac_dB}HAVE_FNMATCH${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FREEHOSTENT${ac_dB}HAVE_FREEHOSTENT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETCWD${ac_dB}HAVE_GETCWD${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETDTABLESIZE${ac_dB}HAVE_GETDTABLESIZE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETEGID${ac_dB}HAVE_GETEGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETEUID${ac_dB}HAVE_GETEUID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETGID${ac_dB}HAVE_GETGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETHOSTNAME${ac_dB}HAVE_GETHOSTNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETIFADDRS${ac_dB}HAVE_GETIFADDRS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETIPNODEBYADDR${ac_dB}HAVE_GETIPNODEBYADDR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETIPNODEBYNAME${ac_dB}HAVE_GETIPNODEBYNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETOPT${ac_dB}HAVE_GETOPT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETTIMEOFDAY${ac_dB}HAVE_GETTIMEOFDAY${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETUID${ac_dB}HAVE_GETUID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_GETUSERSHELL${ac_dB}HAVE_GETUSERSHELL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INITGROUPS${ac_dB}HAVE_INITGROUPS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INNETGR${ac_dB}HAVE_INNETGR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_IRUSEROK${ac_dB}HAVE_IRUSEROK${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LOCALTIME_R${ac_dB}HAVE_LOCALTIME_R${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LSTAT${ac_dB}HAVE_LSTAT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_MEMMOVE${ac_dB}HAVE_MEMMOVE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_MKSTEMP${ac_dB}HAVE_MKSTEMP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_PUTENV${ac_dB}HAVE_PUTENV${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RCMD${ac_dB}HAVE_RCMD${ac_dC}1${ac_dD}
-${ac_dA}HAVE_READV${ac_dB}HAVE_READV${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RECVMSG${ac_dB}HAVE_RECVMSG${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SENDMSG${ac_dB}HAVE_SENDMSG${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETEGID${ac_dB}HAVE_SETEGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETENV${ac_dB}HAVE_SETENV${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETEUID${ac_dB}HAVE_SETEUID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRCASECMP${ac_dB}HAVE_STRCASECMP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRDUP${ac_dB}HAVE_STRDUP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRERROR${ac_dB}HAVE_STRERROR${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_STRFTIME${ac_dB}HAVE_STRFTIME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRLCAT${ac_dB}HAVE_STRLCAT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRLCPY${ac_dB}HAVE_STRLCPY${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRNCASECMP${ac_dB}HAVE_STRNCASECMP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRPTIME${ac_dB}HAVE_STRPTIME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRSEP${ac_dB}HAVE_STRSEP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRTOK_R${ac_dB}HAVE_STRTOK_R${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SWAB${ac_dB}HAVE_SWAB${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UNSETENV${ac_dB}HAVE_UNSETENV${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VERR${ac_dB}HAVE_VERR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VERRX${ac_dB}HAVE_VERRX${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VSYSLOG${ac_dB}HAVE_VSYSLOG${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VWARN${ac_dB}HAVE_VWARN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_VWARNX${ac_dB}HAVE_VWARNX${ac_dC}1${ac_dD}
-${ac_dA}HAVE_WARN${ac_dB}HAVE_WARN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_WARNX${ac_dB}HAVE_WARNX${ac_dC}1${ac_dD}
-${ac_dA}HAVE_WRITEV${ac_dB}HAVE_WRITEV${ac_dC}1${ac_dD}
-${ac_dA}NEED_STRNDUP_PROTO${ac_dB}NEED_STRNDUP_PROTO${ac_dC}1${ac_dD}
-${ac_dA}NEED_STRSVIS_PROTO${ac_dB}NEED_STRSVIS_PROTO${ac_dC}1${ac_dD}
-${ac_dA}NEED_SVIS_PROTO${ac_dB}NEED_SVIS_PROTO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INET_ATON${ac_dB}HAVE_INET_ATON${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INET_NTOP${ac_dB}HAVE_INET_NTOP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INET_PTON${ac_dB}HAVE_INET_PTON${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_SOCKADDR_SA_LEN${ac_dB}HAVE_STRUCT_SOCKADDR_SA_LEN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_CRYPT${ac_dB}HAVE_CRYPT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBCRYPT${ac_dB}HAVE_LIBCRYPT${ac_dC}1${ac_dD}
-${ac_dA}GETHOSTBYNAME_PROTO_COMPATIBLE${ac_dB}GETHOSTBYNAME_PROTO_COMPATIBLE${ac_dC}1${ac_dD}
-${ac_dA}GETSERVBYNAME_PROTO_COMPATIBLE${ac_dB}GETSERVBYNAME_PROTO_COMPATIBLE${ac_dC}1${ac_dD}
-${ac_dA}GETSOCKNAME_PROTO_COMPATIBLE${ac_dB}GETSOCKNAME_PROTO_COMPATIBLE${ac_dC}1${ac_dD}
-${ac_dA}OPENLOG_PROTO_COMPATIBLE${ac_dB}OPENLOG_PROTO_COMPATIBLE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_H_ERRNO${ac_dB}HAVE_H_ERRNO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_H_ERRNO_DECLARATION${ac_dB}HAVE_H_ERRNO_DECLARATION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_H_ERRLIST${ac_dB}HAVE_H_ERRLIST${ac_dC}1${ac_dD}
-${ac_dA}HAVE_H_NERR${ac_dB}HAVE_H_NERR${ac_dC}1${ac_dD}
-${ac_dA}HAVE___PROGNAME${ac_dB}HAVE___PROGNAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_OPTARG_DECLARATION${ac_dB}HAVE_OPTARG_DECLARATION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_OPTIND_DECLARATION${ac_dB}HAVE_OPTIND_DECLARATION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_OPTERR_DECLARATION${ac_dB}HAVE_OPTERR_DECLARATION${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_OPTOPT_DECLARATION${ac_dB}HAVE_OPTOPT_DECLARATION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_TM_TM_GMTOFF${ac_dB}HAVE_STRUCT_TM_TM_GMTOFF${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_TM_TM_ZONE${ac_dB}HAVE_STRUCT_TM_TM_ZONE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TIMEZONE${ac_dB}HAVE_TIMEZONE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TIMEZONE_DECLARATION${ac_dB}HAVE_TIMEZONE_DECLARATION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SA_FAMILY_T${ac_dB}HAVE_SA_FAMILY_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SOCKLEN_T${ac_dB}HAVE_SOCKLEN_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_SOCKADDR${ac_dB}HAVE_STRUCT_SOCKADDR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_SOCKADDR_STORAGE${ac_dB}HAVE_STRUCT_SOCKADDR_STORAGE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_ADDRINFO${ac_dB}HAVE_STRUCT_ADDRINFO${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_IFADDRS${ac_dB}HAVE_STRUCT_IFADDRS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_IOVEC${ac_dB}HAVE_STRUCT_IOVEC${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_MSGHDR${ac_dB}HAVE_STRUCT_MSGHDR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRUCT_WINSIZE${ac_dB}HAVE_STRUCT_WINSIZE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_WS_XPIXEL${ac_dB}HAVE_WS_XPIXEL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_WS_YPIXEL${ac_dB}HAVE_WS_YPIXEL${ac_dC}1${ac_dD}
-${ac_dA}KRB5${ac_dB}KRB5${ac_dC}1${ac_dD}
-${ac_dA}OTP${ac_dB}OTP${ac_dC}1${ac_dD}
-${ac_dA}ENDIANESS_IN_SYS_PARAM_H${ac_dB}ENDIANESS_IN_SYS_PARAM_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DLOPEN${ac_dB}HAVE_DLOPEN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_XAUWRITEAUTH${ac_dB}HAVE_XAUWRITEAUTH${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBXAU${ac_dB}HAVE_LIBXAU${ac_dC}1${ac_dD}
-${ac_dA}HAVE_XAUREADAUTH${ac_dB}HAVE_XAUREADAUTH${ac_dC}1${ac_dD}
-${ac_dA}HAVE_XAUFILENAME${ac_dB}HAVE_XAUFILENAME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LONG_LONG${ac_dB}HAVE_LONG_LONG${ac_dC}1${ac_dD}
-${ac_dA}TIME_WITH_SYS_TIME${ac_dB}TIME_WITH_SYS_TIME${ac_dC}1${ac_dD}
-${ac_dA}STDC_HEADERS${ac_dB}STDC_HEADERS${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ARPA_FTP_H${ac_dB}HAVE_ARPA_FTP_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_ARPA_TELNET_H${ac_dB}HAVE_ARPA_TELNET_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_CURSES_H${ac_dB}HAVE_CURSES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_DLFCN_H${ac_dB}HAVE_DLFCN_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FNMATCH_H${ac_dB}HAVE_FNMATCH_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INTTYPES_H${ac_dB}HAVE_INTTYPES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBUTIL_H${ac_dB}HAVE_LIBUTIL_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIMITS_H${ac_dB}HAVE_LIMITS_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_PTHREAD_H${ac_dB}HAVE_PTHREAD_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SECURITY_PAM_MODULES_H${ac_dB}HAVE_SECURITY_PAM_MODULES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SGTTY_H${ac_dB}HAVE_SGTTY_H${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_SIGNAL_H${ac_dB}HAVE_SIGNAL_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_FILE_H${ac_dB}HAVE_SYS_FILE_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_FILIO_H${ac_dB}HAVE_SYS_FILIO_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_IOCCOM_H${ac_dB}HAVE_SYS_IOCCOM_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_SELECT_H${ac_dB}HAVE_SYS_SELECT_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_SYSCALL_H${ac_dB}HAVE_SYS_SYSCALL_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_TIMEB_H${ac_dB}HAVE_SYS_TIMEB_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_TIMES_H${ac_dB}HAVE_SYS_TIMES_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_UN_H${ac_dB}HAVE_SYS_UN_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TERM_H${ac_dB}HAVE_TERM_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TERMCAP_H${ac_dB}HAVE_TERMCAP_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TIME_H${ac_dB}HAVE_TIME_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UTMP_H${ac_dB}HAVE_UTMP_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LOGWTMP${ac_dB}HAVE_LOGWTMP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBUTIL${ac_dB}HAVE_LIBUTIL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LOGOUT${ac_dB}HAVE_LOGOUT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBUTIL${ac_dB}HAVE_LIBUTIL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_OPENPTY${ac_dB}HAVE_OPENPTY${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBUTIL${ac_dB}HAVE_LIBUTIL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TGETENT${ac_dB}HAVE_TGETENT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBTERMCAP${ac_dB}HAVE_LIBTERMCAP${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FCNTL${ac_dB}HAVE_FCNTL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_MKTIME${ac_dB}HAVE_MKTIME${ac_dC}1${ac_dD}
-${ac_dA}HAVE_RAND${ac_dB}HAVE_RAND${ac_dC}1${ac_dD}
-${ac_dA}HAVE_REVOKE${ac_dB}HAVE_REVOKE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SELECT${ac_dB}HAVE_SELECT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETITIMER${ac_dB}HAVE_SETITIMER${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETPGID${ac_dB}HAVE_SETPGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETPROCTITLE${ac_dB}HAVE_SETPROCTITLE${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETREGID${ac_dB}HAVE_SETREGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETRESGID${ac_dB}HAVE_SETRESGID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETRESUID${ac_dB}HAVE_SETRESUID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETREUID${ac_dB}HAVE_SETREUID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SETSID${ac_dB}HAVE_SETSID${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SIGACTION${ac_dB}HAVE_SIGACTION${ac_dC}1${ac_dD}
-${ac_dA}HAVE_STRSTR${ac_dB}HAVE_STRSTR${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TIMEGM${ac_dB}HAVE_TIMEGM${ac_dC}1${ac_dD}
-${ac_dA}HAVE_TTYNAME${ac_dB}HAVE_TTYNAME${ac_dC}1${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/defines.sed <<CEOF
-/^[ 	]*#[ 	]*define/!b
-t clr
-: clr
-${ac_dA}HAVE_TTYSLOT${ac_dB}HAVE_TTYSLOT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UMASK${ac_dB}HAVE_UMASK${ac_dC}1${ac_dD}
-${ac_dA}HAVE_YP_GET_DEFAULT_DOMAIN${ac_dB}HAVE_YP_GET_DEFAULT_DOMAIN${ac_dC}1${ac_dD}
-${ac_dA}HAVE_SYS_CAPABILITY_H${ac_dB}HAVE_SYS_CAPABILITY_H${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INT8_T${ac_dB}HAVE_INT8_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INT16_T${ac_dB}HAVE_INT16_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INT32_T${ac_dB}HAVE_INT32_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_INT64_T${ac_dB}HAVE_INT64_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_U_INT8_T${ac_dB}HAVE_U_INT8_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_U_INT16_T${ac_dB}HAVE_U_INT16_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_U_INT32_T${ac_dB}HAVE_U_INT32_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_U_INT64_T${ac_dB}HAVE_U_INT64_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UINT8_T${ac_dB}HAVE_UINT8_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UINT16_T${ac_dB}HAVE_UINT16_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UINT32_T${ac_dB}HAVE_UINT32_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_UINT64_T${ac_dB}HAVE_UINT64_T${ac_dC}1${ac_dD}
-${ac_dA}HAVE_OPENSSL${ac_dB}HAVE_OPENSSL${ac_dC}1${ac_dD}
-${ac_dA}HAVE_EL_INIT${ac_dB}HAVE_EL_INIT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_LIBEDIT${ac_dB}HAVE_LIBEDIT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_FOUR_VALUED_EL_INIT${ac_dB}HAVE_FOUR_VALUED_EL_INIT${ac_dC}1${ac_dD}
-${ac_dA}HAVE_READLINE${ac_dB}HAVE_READLINE${ac_dC}1${ac_dD}
-${ac_dA}AUTHENTICATION${ac_dB}AUTHENTICATION${ac_dC}1${ac_dD}
-${ac_dA}ENCRYPTION${ac_dB}ENCRYPTION${ac_dC}1${ac_dD}
-${ac_dA}DES_ENCRYPTION${ac_dB}DES_ENCRYPTION${ac_dC}1${ac_dD}
-${ac_dA}DIAGNOSTICS${ac_dB}DIAGNOSTICS${ac_dC}1${ac_dD}
-${ac_dA}OLD_ENVIRON${ac_dB}OLD_ENVIRON${ac_dC}1${ac_dD}
-${ac_dA}BINDIR${ac_dB}BINDIR${ac_dC}"/usr/heimdal/bin"${ac_dD}
-${ac_dA}LIBDIR${ac_dB}LIBDIR${ac_dC}"/usr/heimdal/lib"${ac_dD}
-${ac_dA}LIBEXECDIR${ac_dB}LIBEXECDIR${ac_dC}"/usr/heimdal/libexec"${ac_dD}
-${ac_dA}LOCALSTATEDIR${ac_dB}LOCALSTATEDIR${ac_dC}"/var/heimdal"${ac_dD}
-${ac_dA}SBINDIR${ac_dB}SBINDIR${ac_dC}"/usr/heimdal/sbin"${ac_dD}
-${ac_dA}SYSCONFDIR${ac_dB}SYSCONFDIR${ac_dC}"/etc"${ac_dD}
-CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  fi # egrep
-
-  # Handle all the #undef templates
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}PACKAGE_NAME${ac_uB}PACKAGE_NAME${ac_uC}"Heimdal"${ac_uD}
-${ac_uA}PACKAGE_TARNAME${ac_uB}PACKAGE_TARNAME${ac_uC}"heimdal"${ac_uD}
-${ac_uA}PACKAGE_VERSION${ac_uB}PACKAGE_VERSION${ac_uC}"0.4f"${ac_uD}
-${ac_uA}PACKAGE_STRING${ac_uB}PACKAGE_STRING${ac_uC}"Heimdal 0.4f"${ac_uD}
-${ac_uA}PACKAGE_BUGREPORT${ac_uB}PACKAGE_BUGREPORT${ac_uC}"heimdal-bugs@pdc.kth.se"${ac_uD}
-${ac_uA}PACKAGE${ac_uB}PACKAGE${ac_uC}"heimdal"${ac_uD}
-${ac_uA}VERSION${ac_uB}VERSION${ac_uC}"0.4f"${ac_uD}
-${ac_uA}_GNU_SOURCE${ac_uB}_GNU_SOURCE${ac_uC}1${ac_uD}
-${ac_uA}YYTEXT_POINTER${ac_uB}YYTEXT_POINTER${ac_uC}1${ac_uD}
-${ac_uA}HAVE___ATTRIBUTE__${ac_uB}HAVE___ATTRIBUTE__${ac_uC}1${ac_uD}
-${ac_uA}STDC_HEADERS${ac_uB}STDC_HEADERS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_TYPES_H${ac_uB}HAVE_SYS_TYPES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_STAT_H${ac_uB}HAVE_SYS_STAT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STDLIB_H${ac_uB}HAVE_STDLIB_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRING_H${ac_uB}HAVE_STRING_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_MEMORY_H${ac_uB}HAVE_MEMORY_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRINGS_H${ac_uB}HAVE_STRINGS_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INTTYPES_H${ac_uB}HAVE_INTTYPES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STDINT_H${ac_uB}HAVE_STDINT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UNISTD_H${ac_uB}HAVE_UNISTD_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DLFCN_H${ac_uB}HAVE_DLFCN_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DB_H${ac_uB}HAVE_DB_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DBOPEN${ac_uB}HAVE_DBOPEN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DB1${ac_uB}HAVE_DB1${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NDBM_H${ac_uB}HAVE_NDBM_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DBM_FIRSTKEY${ac_uB}HAVE_DBM_FIRSTKEY${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NDBM${ac_uB}HAVE_NDBM${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NEW_DB${ac_uB}HAVE_NEW_DB${ac_uC}1${ac_uD}
-${ac_uA}RETSIGTYPE${ac_uB}RETSIGTYPE${ac_uC}void${ac_uD}
-${ac_uA}VOID_RETSIGTYPE${ac_uB}VOID_RETSIGTYPE${ac_uC}1${ac_uD}
-${ac_uA}TIME_WITH_SYS_TIME${ac_uB}TIME_WITH_SYS_TIME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NETINET_IP_H${ac_uB}HAVE_NETINET_IP_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NETINET_TCP_H${ac_uB}HAVE_NETINET_TCP_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETLOGIN${ac_uB}HAVE_GETLOGIN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETLOGIN${ac_uB}HAVE_SETLOGIN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SSIZE_T${ac_uB}HAVE_SSIZE_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LONG_LONG${ac_uB}HAVE_LONG_LONG${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ARPA_INET_H${ac_uB}HAVE_ARPA_INET_H${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_ARPA_NAMESER_H${ac_uB}HAVE_ARPA_NAMESER_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DIRENT_H${ac_uB}HAVE_DIRENT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ERRNO_H${ac_uB}HAVE_ERRNO_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ERR_H${ac_uB}HAVE_ERR_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FCNTL_H${ac_uB}HAVE_FCNTL_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GRP_H${ac_uB}HAVE_GRP_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_IFADDRS_H${ac_uB}HAVE_IFADDRS_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NET_IF_H${ac_uB}HAVE_NET_IF_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NETDB_H${ac_uB}HAVE_NETDB_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NETINET_IN_H${ac_uB}HAVE_NETINET_IN_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NETINET_IN_SYSTM_H${ac_uB}HAVE_NETINET_IN_SYSTM_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_NETINET6_IN6_VAR_H${ac_uB}HAVE_NETINET6_IN6_VAR_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_PATHS_H${ac_uB}HAVE_PATHS_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_PWD_H${ac_uB}HAVE_PWD_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RESOLV_H${ac_uB}HAVE_RESOLV_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RPCSVC_YPCLNT_H${ac_uB}HAVE_RPCSVC_YPCLNT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_IOCTL_H${ac_uB}HAVE_SYS_IOCTL_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_PARAM_H${ac_uB}HAVE_SYS_PARAM_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_PROC_H${ac_uB}HAVE_SYS_PROC_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_RESOURCE_H${ac_uB}HAVE_SYS_RESOURCE_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_SOCKET_H${ac_uB}HAVE_SYS_SOCKET_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_SOCKIO_H${ac_uB}HAVE_SYS_SOCKIO_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_STAT_H${ac_uB}HAVE_SYS_STAT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_SYSCTL_H${ac_uB}HAVE_SYS_SYSCTL_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_TIME_H${ac_uB}HAVE_SYS_TIME_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_TTY_H${ac_uB}HAVE_SYS_TTY_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_TYPES_H${ac_uB}HAVE_SYS_TYPES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_UIO_H${ac_uB}HAVE_SYS_UIO_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_UTSNAME_H${ac_uB}HAVE_SYS_UTSNAME_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_WAIT_H${ac_uB}HAVE_SYS_WAIT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYSLOG_H${ac_uB}HAVE_SYSLOG_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TERMIOS_H${ac_uB}HAVE_TERMIOS_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UNISTD_H${ac_uB}HAVE_UNISTD_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VIS_H${ac_uB}HAVE_VIS_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SOCKET${ac_uB}HAVE_SOCKET${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETHOSTBYNAME${ac_uB}HAVE_GETHOSTBYNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYSLOG${ac_uB}HAVE_SYSLOG${ac_uC}1${ac_uD}
-${ac_uA}HAVE_IPV6${ac_uB}HAVE_IPV6${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_IN6ADDR_LOOPBACK${ac_uB}HAVE_IN6ADDR_LOOPBACK${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETHOSTBYNAME2${ac_uB}HAVE_GETHOSTBYNAME2${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RES_SEARCH${ac_uB}HAVE_RES_SEARCH${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DN_EXPAND${ac_uB}HAVE_DN_EXPAND${ac_uC}1${ac_uD}
-${ac_uA}HAVE__RES${ac_uB}HAVE__RES${ac_uC}1${ac_uD}
-${ac_uA}HAVE__RES_DECLARATION${ac_uB}HAVE__RES_DECLARATION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SNPRINTF${ac_uB}HAVE_SNPRINTF${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VSNPRINTF${ac_uB}HAVE_VSNPRINTF${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GLOB${ac_uB}HAVE_GLOB${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ASPRINTF${ac_uB}HAVE_ASPRINTF${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ATEXIT${ac_uB}HAVE_ATEXIT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_CGETENT${ac_uB}HAVE_CGETENT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETPROGNAME${ac_uB}HAVE_GETPROGNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETRLIMIT${ac_uB}HAVE_GETRLIMIT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INITSTATE${ac_uB}HAVE_INITSTATE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ISSETUGID${ac_uB}HAVE_ISSETUGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RANDOM${ac_uB}HAVE_RANDOM${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETPROGNAME${ac_uB}HAVE_SETPROGNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETSTATE${ac_uB}HAVE_SETSTATE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUNVIS${ac_uB}HAVE_STRUNVIS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRVIS${ac_uB}HAVE_STRVIS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRVISX${ac_uB}HAVE_STRVISX${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYSCONF${ac_uB}HAVE_SYSCONF${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYSCTL${ac_uB}HAVE_SYSCTL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UNAME${ac_uB}HAVE_UNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UNVIS${ac_uB}HAVE_UNVIS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VASPRINTF${ac_uB}HAVE_VASPRINTF${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VIS${ac_uB}HAVE_VIS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETSOCKOPT${ac_uB}HAVE_GETSOCKOPT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETSOCKOPT${ac_uB}HAVE_SETSOCKOPT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_HSTRERROR${ac_uB}HAVE_HSTRERROR${ac_uC}1${ac_uD}
-${ac_uA}NEED_ASNPRINTF_PROTO${ac_uB}NEED_ASNPRINTF_PROTO${ac_uC}1${ac_uD}
-${ac_uA}NEED_VASNPRINTF_PROTO${ac_uB}NEED_VASNPRINTF_PROTO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETADDRINFO${ac_uB}HAVE_GETADDRINFO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETNAMEINFO${ac_uB}HAVE_GETNAMEINFO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FREEADDRINFO${ac_uB}HAVE_FREEADDRINFO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GAI_STRERROR${ac_uB}HAVE_GAI_STRERROR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_CHOWN${ac_uB}HAVE_CHOWN${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_DAEMON${ac_uB}HAVE_DAEMON${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ERR${ac_uB}HAVE_ERR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ERRX${ac_uB}HAVE_ERRX${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FCHOWN${ac_uB}HAVE_FCHOWN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FLOCK${ac_uB}HAVE_FLOCK${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FNMATCH${ac_uB}HAVE_FNMATCH${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FREEHOSTENT${ac_uB}HAVE_FREEHOSTENT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETCWD${ac_uB}HAVE_GETCWD${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETDTABLESIZE${ac_uB}HAVE_GETDTABLESIZE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETEGID${ac_uB}HAVE_GETEGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETEUID${ac_uB}HAVE_GETEUID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETGID${ac_uB}HAVE_GETGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETHOSTNAME${ac_uB}HAVE_GETHOSTNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETIFADDRS${ac_uB}HAVE_GETIFADDRS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETIPNODEBYADDR${ac_uB}HAVE_GETIPNODEBYADDR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETIPNODEBYNAME${ac_uB}HAVE_GETIPNODEBYNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETOPT${ac_uB}HAVE_GETOPT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETTIMEOFDAY${ac_uB}HAVE_GETTIMEOFDAY${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETUID${ac_uB}HAVE_GETUID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_GETUSERSHELL${ac_uB}HAVE_GETUSERSHELL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INITGROUPS${ac_uB}HAVE_INITGROUPS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INNETGR${ac_uB}HAVE_INNETGR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_IRUSEROK${ac_uB}HAVE_IRUSEROK${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LOCALTIME_R${ac_uB}HAVE_LOCALTIME_R${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LSTAT${ac_uB}HAVE_LSTAT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_MEMMOVE${ac_uB}HAVE_MEMMOVE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_MKSTEMP${ac_uB}HAVE_MKSTEMP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_PUTENV${ac_uB}HAVE_PUTENV${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RCMD${ac_uB}HAVE_RCMD${ac_uC}1${ac_uD}
-${ac_uA}HAVE_READV${ac_uB}HAVE_READV${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RECVMSG${ac_uB}HAVE_RECVMSG${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SENDMSG${ac_uB}HAVE_SENDMSG${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETEGID${ac_uB}HAVE_SETEGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETENV${ac_uB}HAVE_SETENV${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETEUID${ac_uB}HAVE_SETEUID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRCASECMP${ac_uB}HAVE_STRCASECMP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRDUP${ac_uB}HAVE_STRDUP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRERROR${ac_uB}HAVE_STRERROR${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_STRFTIME${ac_uB}HAVE_STRFTIME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRLCAT${ac_uB}HAVE_STRLCAT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRLCPY${ac_uB}HAVE_STRLCPY${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRNCASECMP${ac_uB}HAVE_STRNCASECMP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRPTIME${ac_uB}HAVE_STRPTIME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRSEP${ac_uB}HAVE_STRSEP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRTOK_R${ac_uB}HAVE_STRTOK_R${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SWAB${ac_uB}HAVE_SWAB${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UNSETENV${ac_uB}HAVE_UNSETENV${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VERR${ac_uB}HAVE_VERR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VERRX${ac_uB}HAVE_VERRX${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VSYSLOG${ac_uB}HAVE_VSYSLOG${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VWARN${ac_uB}HAVE_VWARN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_VWARNX${ac_uB}HAVE_VWARNX${ac_uC}1${ac_uD}
-${ac_uA}HAVE_WARN${ac_uB}HAVE_WARN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_WARNX${ac_uB}HAVE_WARNX${ac_uC}1${ac_uD}
-${ac_uA}HAVE_WRITEV${ac_uB}HAVE_WRITEV${ac_uC}1${ac_uD}
-${ac_uA}NEED_STRNDUP_PROTO${ac_uB}NEED_STRNDUP_PROTO${ac_uC}1${ac_uD}
-${ac_uA}NEED_STRSVIS_PROTO${ac_uB}NEED_STRSVIS_PROTO${ac_uC}1${ac_uD}
-${ac_uA}NEED_SVIS_PROTO${ac_uB}NEED_SVIS_PROTO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INET_ATON${ac_uB}HAVE_INET_ATON${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INET_NTOP${ac_uB}HAVE_INET_NTOP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INET_PTON${ac_uB}HAVE_INET_PTON${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_SOCKADDR_SA_LEN${ac_uB}HAVE_STRUCT_SOCKADDR_SA_LEN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_CRYPT${ac_uB}HAVE_CRYPT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBCRYPT${ac_uB}HAVE_LIBCRYPT${ac_uC}1${ac_uD}
-${ac_uA}GETHOSTBYNAME_PROTO_COMPATIBLE${ac_uB}GETHOSTBYNAME_PROTO_COMPATIBLE${ac_uC}1${ac_uD}
-${ac_uA}GETSERVBYNAME_PROTO_COMPATIBLE${ac_uB}GETSERVBYNAME_PROTO_COMPATIBLE${ac_uC}1${ac_uD}
-${ac_uA}GETSOCKNAME_PROTO_COMPATIBLE${ac_uB}GETSOCKNAME_PROTO_COMPATIBLE${ac_uC}1${ac_uD}
-${ac_uA}OPENLOG_PROTO_COMPATIBLE${ac_uB}OPENLOG_PROTO_COMPATIBLE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_H_ERRNO${ac_uB}HAVE_H_ERRNO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_H_ERRNO_DECLARATION${ac_uB}HAVE_H_ERRNO_DECLARATION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_H_ERRLIST${ac_uB}HAVE_H_ERRLIST${ac_uC}1${ac_uD}
-${ac_uA}HAVE_H_NERR${ac_uB}HAVE_H_NERR${ac_uC}1${ac_uD}
-${ac_uA}HAVE___PROGNAME${ac_uB}HAVE___PROGNAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_OPTARG_DECLARATION${ac_uB}HAVE_OPTARG_DECLARATION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_OPTIND_DECLARATION${ac_uB}HAVE_OPTIND_DECLARATION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_OPTERR_DECLARATION${ac_uB}HAVE_OPTERR_DECLARATION${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_OPTOPT_DECLARATION${ac_uB}HAVE_OPTOPT_DECLARATION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_TM_TM_GMTOFF${ac_uB}HAVE_STRUCT_TM_TM_GMTOFF${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_TM_TM_ZONE${ac_uB}HAVE_STRUCT_TM_TM_ZONE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TIMEZONE${ac_uB}HAVE_TIMEZONE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TIMEZONE_DECLARATION${ac_uB}HAVE_TIMEZONE_DECLARATION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SA_FAMILY_T${ac_uB}HAVE_SA_FAMILY_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SOCKLEN_T${ac_uB}HAVE_SOCKLEN_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_SOCKADDR${ac_uB}HAVE_STRUCT_SOCKADDR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_SOCKADDR_STORAGE${ac_uB}HAVE_STRUCT_SOCKADDR_STORAGE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_ADDRINFO${ac_uB}HAVE_STRUCT_ADDRINFO${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_IFADDRS${ac_uB}HAVE_STRUCT_IFADDRS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_IOVEC${ac_uB}HAVE_STRUCT_IOVEC${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_MSGHDR${ac_uB}HAVE_STRUCT_MSGHDR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRUCT_WINSIZE${ac_uB}HAVE_STRUCT_WINSIZE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_WS_XPIXEL${ac_uB}HAVE_WS_XPIXEL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_WS_YPIXEL${ac_uB}HAVE_WS_YPIXEL${ac_uC}1${ac_uD}
-${ac_uA}KRB5${ac_uB}KRB5${ac_uC}1${ac_uD}
-${ac_uA}OTP${ac_uB}OTP${ac_uC}1${ac_uD}
-${ac_uA}ENDIANESS_IN_SYS_PARAM_H${ac_uB}ENDIANESS_IN_SYS_PARAM_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DLOPEN${ac_uB}HAVE_DLOPEN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_XAUWRITEAUTH${ac_uB}HAVE_XAUWRITEAUTH${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBXAU${ac_uB}HAVE_LIBXAU${ac_uC}1${ac_uD}
-${ac_uA}HAVE_XAUREADAUTH${ac_uB}HAVE_XAUREADAUTH${ac_uC}1${ac_uD}
-${ac_uA}HAVE_XAUFILENAME${ac_uB}HAVE_XAUFILENAME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LONG_LONG${ac_uB}HAVE_LONG_LONG${ac_uC}1${ac_uD}
-${ac_uA}TIME_WITH_SYS_TIME${ac_uB}TIME_WITH_SYS_TIME${ac_uC}1${ac_uD}
-${ac_uA}STDC_HEADERS${ac_uB}STDC_HEADERS${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ARPA_FTP_H${ac_uB}HAVE_ARPA_FTP_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_ARPA_TELNET_H${ac_uB}HAVE_ARPA_TELNET_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_CURSES_H${ac_uB}HAVE_CURSES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_DLFCN_H${ac_uB}HAVE_DLFCN_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FNMATCH_H${ac_uB}HAVE_FNMATCH_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INTTYPES_H${ac_uB}HAVE_INTTYPES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBUTIL_H${ac_uB}HAVE_LIBUTIL_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIMITS_H${ac_uB}HAVE_LIMITS_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_PTHREAD_H${ac_uB}HAVE_PTHREAD_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SECURITY_PAM_MODULES_H${ac_uB}HAVE_SECURITY_PAM_MODULES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SGTTY_H${ac_uB}HAVE_SGTTY_H${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_SIGNAL_H${ac_uB}HAVE_SIGNAL_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_FILE_H${ac_uB}HAVE_SYS_FILE_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_FILIO_H${ac_uB}HAVE_SYS_FILIO_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_IOCCOM_H${ac_uB}HAVE_SYS_IOCCOM_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_SELECT_H${ac_uB}HAVE_SYS_SELECT_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_SYSCALL_H${ac_uB}HAVE_SYS_SYSCALL_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_TIMEB_H${ac_uB}HAVE_SYS_TIMEB_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_TIMES_H${ac_uB}HAVE_SYS_TIMES_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_UN_H${ac_uB}HAVE_SYS_UN_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TERM_H${ac_uB}HAVE_TERM_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TERMCAP_H${ac_uB}HAVE_TERMCAP_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TIME_H${ac_uB}HAVE_TIME_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UTMP_H${ac_uB}HAVE_UTMP_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LOGWTMP${ac_uB}HAVE_LOGWTMP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBUTIL${ac_uB}HAVE_LIBUTIL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LOGOUT${ac_uB}HAVE_LOGOUT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBUTIL${ac_uB}HAVE_LIBUTIL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_OPENPTY${ac_uB}HAVE_OPENPTY${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBUTIL${ac_uB}HAVE_LIBUTIL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TGETENT${ac_uB}HAVE_TGETENT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBTERMCAP${ac_uB}HAVE_LIBTERMCAP${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FCNTL${ac_uB}HAVE_FCNTL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_MKTIME${ac_uB}HAVE_MKTIME${ac_uC}1${ac_uD}
-${ac_uA}HAVE_RAND${ac_uB}HAVE_RAND${ac_uC}1${ac_uD}
-${ac_uA}HAVE_REVOKE${ac_uB}HAVE_REVOKE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SELECT${ac_uB}HAVE_SELECT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETITIMER${ac_uB}HAVE_SETITIMER${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETPGID${ac_uB}HAVE_SETPGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETPROCTITLE${ac_uB}HAVE_SETPROCTITLE${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETREGID${ac_uB}HAVE_SETREGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETRESGID${ac_uB}HAVE_SETRESGID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETRESUID${ac_uB}HAVE_SETRESUID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETREUID${ac_uB}HAVE_SETREUID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SETSID${ac_uB}HAVE_SETSID${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SIGACTION${ac_uB}HAVE_SIGACTION${ac_uC}1${ac_uD}
-${ac_uA}HAVE_STRSTR${ac_uB}HAVE_STRSTR${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TIMEGM${ac_uB}HAVE_TIMEGM${ac_uC}1${ac_uD}
-${ac_uA}HAVE_TTYNAME${ac_uB}HAVE_TTYNAME${ac_uC}1${ac_uD}
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  cat >$tmp/undefs.sed <<CEOF
-/^[ 	]*#[ 	]*undef/!b
-t clr
-: clr
-${ac_uA}HAVE_TTYSLOT${ac_uB}HAVE_TTYSLOT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UMASK${ac_uB}HAVE_UMASK${ac_uC}1${ac_uD}
-${ac_uA}HAVE_YP_GET_DEFAULT_DOMAIN${ac_uB}HAVE_YP_GET_DEFAULT_DOMAIN${ac_uC}1${ac_uD}
-${ac_uA}HAVE_SYS_CAPABILITY_H${ac_uB}HAVE_SYS_CAPABILITY_H${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INT8_T${ac_uB}HAVE_INT8_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INT16_T${ac_uB}HAVE_INT16_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INT32_T${ac_uB}HAVE_INT32_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_INT64_T${ac_uB}HAVE_INT64_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_U_INT8_T${ac_uB}HAVE_U_INT8_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_U_INT16_T${ac_uB}HAVE_U_INT16_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_U_INT32_T${ac_uB}HAVE_U_INT32_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_U_INT64_T${ac_uB}HAVE_U_INT64_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UINT8_T${ac_uB}HAVE_UINT8_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UINT16_T${ac_uB}HAVE_UINT16_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UINT32_T${ac_uB}HAVE_UINT32_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_UINT64_T${ac_uB}HAVE_UINT64_T${ac_uC}1${ac_uD}
-${ac_uA}HAVE_OPENSSL${ac_uB}HAVE_OPENSSL${ac_uC}1${ac_uD}
-${ac_uA}HAVE_EL_INIT${ac_uB}HAVE_EL_INIT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_LIBEDIT${ac_uB}HAVE_LIBEDIT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_FOUR_VALUED_EL_INIT${ac_uB}HAVE_FOUR_VALUED_EL_INIT${ac_uC}1${ac_uD}
-${ac_uA}HAVE_READLINE${ac_uB}HAVE_READLINE${ac_uC}1${ac_uD}
-${ac_uA}AUTHENTICATION${ac_uB}AUTHENTICATION${ac_uC}1${ac_uD}
-${ac_uA}ENCRYPTION${ac_uB}ENCRYPTION${ac_uC}1${ac_uD}
-${ac_uA}DES_ENCRYPTION${ac_uB}DES_ENCRYPTION${ac_uC}1${ac_uD}
-${ac_uA}DIAGNOSTICS${ac_uB}DIAGNOSTICS${ac_uC}1${ac_uD}
-${ac_uA}OLD_ENVIRON${ac_uB}OLD_ENVIRON${ac_uC}1${ac_uD}
-${ac_uA}BINDIR${ac_uB}BINDIR${ac_uC}"/usr/heimdal/bin"${ac_uD}
-${ac_uA}LIBDIR${ac_uB}LIBDIR${ac_uC}"/usr/heimdal/lib"${ac_uD}
-${ac_uA}LIBEXECDIR${ac_uB}LIBEXECDIR${ac_uC}"/usr/heimdal/libexec"${ac_uD}
-${ac_uA}LOCALSTATEDIR${ac_uB}LOCALSTATEDIR${ac_uC}"/var/heimdal"${ac_uD}
-${ac_uA}SBINDIR${ac_uB}SBINDIR${ac_uC}"/usr/heimdal/sbin"${ac_uD}
-${ac_uA}SYSCONFDIR${ac_uB}SYSCONFDIR${ac_uC}"/etc"${ac_uD}
-s,^[ 	]*#[ 	]*undef[ 	][ 	]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    echo "/* Generated by configure.  */" >$tmp/config.h
-  else
-    echo "/* $ac_file.  Generated by configure.  */" >$tmp/config.h
-  fi
-  cat $tmp/in >>$tmp/config.h
-  rm -f $tmp/in
-  if test x"$ac_file" != x-; then
-    if cmp -s $ac_file $tmp/config.h 2>/dev/null; then
-      { echo "$as_me:35682: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
-    else
-      ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_file" : 'X\(//\)[^/]' \| \
-         X"$ac_file" : 'X\(//\)$' \| \
-         X"$ac_file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-      { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:35710: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-      rm -f $ac_file
-      mv $tmp/config.h $ac_file
-    fi
-  else
-    cat $tmp/config.h
-    rm -f $tmp/config.h
-  fi
-  # Run the commands associated with the file.
-  case $ac_file in
-    include/config.h ) # update the timestamp
-echo 'timestamp for include/config.h' >"include/stamp-h1"
- ;;
-  esac
-done
-
-#
-# CONFIG_COMMANDS section.
-#
-for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
-  ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
-  ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
-  ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
-$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_dest" : 'X\(//\)[^/]' \| \
-         X"$ac_dest" : 'X\(//\)$' \| \
-         X"$ac_dest" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_dest" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
-  { echo "$as_me:35785: executing $ac_dest commands" >&5
-echo "$as_me: executing $ac_dest commands" >&6;}
-  case $ac_dest in
-    depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
-  # Strip MF so we end up with the name of the file.
-  mf=`echo "$mf" | sed -e 's/:.*$//'`
-  # Check whether this is an Automake generated Makefile or not.
-  # We used to match only the files named `Makefile.in', but
-  # some people rename them; so instead we look at the file content.
-  # Grep'ing the first line is not enough: some people post-process
-  # each Makefile.in and add a new line on top of each file to say so.
-  # So let's grep whole file.
-  if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
-    dirpart=`(dirname "$mf") 2>/dev/null ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$mf" : 'X\(//\)[^/]' \| \
-         X"$mf" : 'X\(//\)$' \| \
-         X"$mf" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$mf" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  else
-    continue
-  fi
-  grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue
-  # Extract the definition of DEP_FILES from the Makefile without
-  # running `make'.
-  DEPDIR=`sed -n -e '/^DEPDIR = / s///p' < "$mf"`
-  test -z "$DEPDIR" && continue
-  # When using ansi2knr, U may be empty or an underscore; expand it
-  U=`sed -n -e '/^U = / s///p' < "$mf"`
-  test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR"
-  # We invoke sed twice because it is the simplest approach to
-  # changing $(DEPDIR) to its actual value in the expansion.
-  for file in `sed -n -e '
-    /^DEP_FILES = .*\\\\$/ {
-      s/^DEP_FILES = //
-      :loop
-	s/\\\\$//
-	p
-	n
-	/\\\\$/ b loop
-      p
-    }
-    /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \
-       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
-    # Make sure the directory exists.
-    test -f "$dirpart/$file" && continue
-    fdir=`(dirname "$file") 2>/dev/null ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$file" : 'X\(//\)[^/]' \| \
-         X"$file" : 'X\(//\)$' \| \
-         X"$file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-    { case $dirpart/$fdir in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy=$dirpart/$fdir
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:35862: error: cannot create $dirpart/$fdir" >&5
-echo "$as_me: error: cannot create $dirpart/$fdir" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-    # echo "creating $dirpart/$file"
-    echo '# dummy' > "$dirpart/$file"
-  done
-done
- ;;
-  esac
-done
-
-{ (exit 0); exit 0; }
diff --git a/crypto/heimdal/config.sub b/crypto/heimdal/config.sub
deleted file mode 100755
index f3657978c740..000000000000
--- a/crypto/heimdal/config.sub
+++ /dev/null
@@ -1,1443 +0,0 @@
-#! /bin/sh
-# Configuration validation subroutine script.
-#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002 Free Software Foundation, Inc.
-
-timestamp='2002-03-07'
-
-# This file is (in principle) common to ALL GNU software.
-# The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine.  It does not imply ALL GNU software can.
-#
-# This file is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Please send patches to <config-patches@gnu.org>.  Submit a context
-# diff and a properly formatted ChangeLog entry.
-#
-# Configuration subroutine to validate and canonicalize a configuration type.
-# Supply the specified configuration type as an argument.
-# If it is invalid, we print an error message on stderr and exit with code 1.
-# Otherwise, we print the canonical config type on stdout and succeed.
-
-# This file is supposed to be the same for all GNU packages
-# and recognize all the CPU types, system types and aliases
-# that are meaningful with *any* GNU software.
-# Each package is responsible for reporting which valid configurations
-# it does not support.  The user should be able to distinguish
-# a failure to support a valid configuration from a meaningless
-# configuration.
-
-# The goal of this file is to map all the various variations of a given
-# machine specification into a single specification in the form:
-#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or in some cases, the newer four-part form:
-#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# It is wrong to echo any other type of specification.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
-       $0 [OPTION] ALIAS
-
-Canonicalize a configuration name.
-
-Operation modes:
-  -h, --help         print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version      print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.sub ($timestamp)
-
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
-    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit 0 ;;
-    --version | -v )
-       echo "$version" ; exit 0 ;;
-    --help | --h* | -h )
-       echo "$usage"; exit 0 ;;
-    -- )     # Stop option processing
-       shift; break ;;
-    - )	# Use stdin as input.
-       break ;;
-    -* )
-       echo "$me: invalid option $1$help"
-       exit 1 ;;
-
-    *local*)
-       # First pass through any local machine types.
-       echo $1
-       exit 0;;
-
-    * )
-       break ;;
-  esac
-done
-
-case $# in
- 0) echo "$me: missing argument$help" >&2
-    exit 1;;
- 1) ;;
- *) echo "$me: too many arguments$help" >&2
-    exit 1;;
-esac
-
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
-  nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*)
-    os=-$maybe_os
-    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
-    ;;
-  *)
-    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
-    if [ $basic_machine != $1 ]
-    then os=`echo $1 | sed 's/.*-/-/'`
-    else os=; fi
-    ;;
-esac
-
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work.  We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
-	-sun*os*)
-		# Prevent following clause from handling this invalid input.
-		;;
-	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis)
-		os=
-		basic_machine=$1
-		;;
-	-sim | -cisco | -oki | -wec | -winbond)
-		os=
-		basic_machine=$1
-		;;
-	-scout)
-		;;
-	-wrs)
-		os=-vxworks
-		basic_machine=$1
-		;;
-	-chorusos*)
-		os=-chorusos
-		basic_machine=$1
-		;;
- 	-chorusrdb)
- 		os=-chorusrdb
-		basic_machine=$1
- 		;;
-	-hiux*)
-		os=-hiuxwe2
-		;;
-	-sco5)
-		os=-sco3.2v5
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco4)
-		os=-sco3.2v4
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2.[4-9]*)
-		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2v[4-9]*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco*)
-		os=-sco3.2v2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-udk*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-isc)
-		os=-isc2.2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-clix*)
-		basic_machine=clipper-intergraph
-		;;
-	-isc*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-lynx*)
-		os=-lynxos
-		;;
-	-ptx*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
-		;;
-	-windowsnt*)
-		os=`echo $os | sed -e 's/windowsnt/winnt/'`
-		;;
-	-psos*)
-		os=-psos
-		;;
-	-mint | -mint[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-esac
-
-# Decode aliases for certain CPU-COMPANY combinations.
-case $basic_machine in
-	# Recognize the basic CPU types without company name.
-	# Some are omitted here because they have special meanings below.
-	1750a | 580 \
-	| a29k \
-	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
-	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
-	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
-	| c4x | clipper \
-	| d10v | d30v | dsp16xx \
-	| fr30 \
-	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
-	| i370 | i860 | i960 | ia64 \
-	| m32r | m68000 | m68k | m88k | mcore \
-	| mips | mips16 | mips64 | mips64el | mips64orion | mips64orionel \
-	| mips64vr4100 | mips64vr4100el | mips64vr4300 \
-	| mips64vr4300el | mips64vr5000 | mips64vr5000el \
-	| mipsbe | mipseb | mipsel | mipsle | mipstx39 | mipstx39el \
-	| mipsisa32 | mipsisa64 \
-	| mn10200 | mn10300 \
-	| ns16k | ns32k \
-	| openrisc | or32 \
-	| pdp10 | pdp11 | pj | pjl \
-	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
-	| pyramid \
-	| sh | sh[34] | sh[34]eb | shbe | shle | sh64 \
-	| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
-	| strongarm \
-	| tahoe | thumb | tic80 | tron \
-	| v850 | v850e \
-	| we32k \
-	| x86 | xscale | xstormy16 | xtensa \
-	| z8k)
-		basic_machine=$basic_machine-unknown
-		;;
-	m6811 | m68hc11 | m6812 | m68hc12)
-		# Motorola 68HC11/12.
-		basic_machine=$basic_machine-unknown
-		os=-none
-		;;
-	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
-		;;
-
-	# We use `pc' rather than `unknown'
-	# because (1) that's what they normally are, and
-	# (2) the word "unknown" tends to confuse beginning users.
-	i*86 | x86_64)
-	  basic_machine=$basic_machine-pc
-	  ;;
-	# Object if more than one company name word.
-	*-*-*)
-		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
-		exit 1
-		;;
-	# Recognize the basic CPU types with company name.
-	580-* \
-	| a29k-* \
-	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
-	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
-	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
-	| arm-*  | armbe-* | armle-* | armv*-* \
-	| avr-* \
-	| bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c54x-* \
-	| clipper-* | cydra-* \
-	| d10v-* | d30v-* \
-	| elxsi-* \
-	| f30[01]-* | f700-* | fr30-* | fx80-* \
-	| h8300-* | h8500-* \
-	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
-	| i*86-* | i860-* | i960-* | ia64-* \
-	| m32r-* \
-	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | mcore-* \
-	| mips-* | mips16-* | mips64-* | mips64el-* | mips64orion-* \
-	| mips64orionel-* | mips64vr4100-* | mips64vr4100el-* \
-	| mips64vr4300-* | mips64vr4300el-* | mipsbe-* | mipseb-* \
-	| mipsle-* | mipsel-* | mipstx39-* | mipstx39el-* \
-	| none-* | np1-* | ns16k-* | ns32k-* \
-	| orion-* \
-	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
-	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
-	| pyramid-* \
-	| romp-* | rs6000-* \
-	| sh-* | sh[34]-* | sh[34]eb-* | shbe-* | shle-* | sh64-* \
-	| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
-	| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
-	| tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \
-	| v850-* | v850e-* | vax-* \
-	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
-	| xtensa-* \
-	| ymp-* \
-	| z8k-*)
-		;;
-	# Recognize the various machine names and aliases which stand
-	# for a CPU type and a company and sometimes even an OS.
-	386bsd)
-		basic_machine=i386-unknown
-		os=-bsd
-		;;
-	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
-		basic_machine=m68000-att
-		;;
-	3b*)
-		basic_machine=we32k-att
-		;;
-	a29khif)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	adobe68k)
-		basic_machine=m68010-adobe
-		os=-scout
-		;;
-	alliant | fx80)
-		basic_machine=fx80-alliant
-		;;
-	altos | altos3068)
-		basic_machine=m68k-altos
-		;;
-	am29k)
-		basic_machine=a29k-none
-		os=-bsd
-		;;
-	amdahl)
-		basic_machine=580-amdahl
-		os=-sysv
-		;;
-	amiga | amiga-*)
-		basic_machine=m68k-unknown
-		;;
-	amigaos | amigados)
-		basic_machine=m68k-unknown
-		os=-amigaos
-		;;
-	amigaunix | amix)
-		basic_machine=m68k-unknown
-		os=-sysv4
-		;;
-	apollo68)
-		basic_machine=m68k-apollo
-		os=-sysv
-		;;
-	apollo68bsd)
-		basic_machine=m68k-apollo
-		os=-bsd
-		;;
-	aux)
-		basic_machine=m68k-apple
-		os=-aux
-		;;
-	balance)
-		basic_machine=ns32k-sequent
-		os=-dynix
-		;;
-	c90)
-		basic_machine=c90-cray
-		os=-unicos
-		;;
-	convex-c1)
-		basic_machine=c1-convex
-		os=-bsd
-		;;
-	convex-c2)
-		basic_machine=c2-convex
-		os=-bsd
-		;;
-	convex-c32)
-		basic_machine=c32-convex
-		os=-bsd
-		;;
-	convex-c34)
-		basic_machine=c34-convex
-		os=-bsd
-		;;
-	convex-c38)
-		basic_machine=c38-convex
-		os=-bsd
-		;;
-	cray | j90)
-		basic_machine=j90-cray
-		os=-unicos
-		;;
-	crds | unos)
-		basic_machine=m68k-crds
-		;;
-	cris | cris-* | etrax*)
-		basic_machine=cris-axis
-		;;
-	da30 | da30-*)
-		basic_machine=m68k-da30
-		;;
-	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
-		basic_machine=mips-dec
-		;;
-	decsystem10* | dec10*)
-		basic_machine=pdp10-dec
-		os=-tops10
-		;;
-	decsystem20* | dec20*)
-		basic_machine=pdp10-dec
-		os=-tops20
-		;;
-	delta | 3300 | motorola-3300 | motorola-delta \
-	      | 3300-motorola | delta-motorola)
-		basic_machine=m68k-motorola
-		;;
-	delta88)
-		basic_machine=m88k-motorola
-		os=-sysv3
-		;;
-	dpx20 | dpx20-*)
-		basic_machine=rs6000-bull
-		os=-bosx
-		;;
-	dpx2* | dpx2*-bull)
-		basic_machine=m68k-bull
-		os=-sysv3
-		;;
-	ebmon29k)
-		basic_machine=a29k-amd
-		os=-ebmon
-		;;
-	elxsi)
-		basic_machine=elxsi-elxsi
-		os=-bsd
-		;;
-	encore | umax | mmax)
-		basic_machine=ns32k-encore
-		;;
-	es1800 | OSE68k | ose68k | ose | OSE)
-		basic_machine=m68k-ericsson
-		os=-ose
-		;;
-	fx2800)
-		basic_machine=i860-alliant
-		;;
-	genix)
-		basic_machine=ns32k-ns
-		;;
-	gmicro)
-		basic_machine=tron-gmicro
-		os=-sysv
-		;;
-	go32)
-		basic_machine=i386-pc
-		os=-go32
-		;;
-	h3050r* | hiux*)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	h8300hms)
-		basic_machine=h8300-hitachi
-		os=-hms
-		;;
-	h8300xray)
-		basic_machine=h8300-hitachi
-		os=-xray
-		;;
-	h8500hms)
-		basic_machine=h8500-hitachi
-		os=-hms
-		;;
-	harris)
-		basic_machine=m88k-harris
-		os=-sysv3
-		;;
-	hp300-*)
-		basic_machine=m68k-hp
-		;;
-	hp300bsd)
-		basic_machine=m68k-hp
-		os=-bsd
-		;;
-	hp300hpux)
-		basic_machine=m68k-hp
-		os=-hpux
-		;;
-	hp3k9[0-9][0-9] | hp9[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hp9k2[0-9][0-9] | hp9k31[0-9])
-		basic_machine=m68000-hp
-		;;
-	hp9k3[2-9][0-9])
-		basic_machine=m68k-hp
-		;;
-	hp9k6[0-9][0-9] | hp6[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hp9k7[0-79][0-9] | hp7[0-79][0-9])
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k78[0-9] | hp78[0-9])
-		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
-		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[0-9][13679] | hp8[0-9][13679])
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[0-9][0-9] | hp8[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hppa-next)
-		os=-nextstep3
-		;;
-	hppaosf)
-		basic_machine=hppa1.1-hp
-		os=-osf
-		;;
-	hppro)
-		basic_machine=hppa1.1-hp
-		os=-proelf
-		;;
-	i370-ibm* | ibm*)
-		basic_machine=i370-ibm
-		;;
-# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
-	i*86v32)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv32
-		;;
-	i*86v4*)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv4
-		;;
-	i*86v)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv
-		;;
-	i*86sol2)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-solaris2
-		;;
-	i386mach)
-		basic_machine=i386-mach
-		os=-mach
-		;;
-	i386-vsta | vsta)
-		basic_machine=i386-unknown
-		os=-vsta
-		;;
-	iris | iris4d)
-		basic_machine=mips-sgi
-		case $os in
-		    -irix*)
-			;;
-		    *)
-			os=-irix4
-			;;
-		esac
-		;;
-	isi68 | isi)
-		basic_machine=m68k-isi
-		os=-sysv
-		;;
-	m88k-omron*)
-		basic_machine=m88k-omron
-		;;
-	magnum | m3230)
-		basic_machine=mips-mips
-		os=-sysv
-		;;
-	merlin)
-		basic_machine=ns32k-utek
-		os=-sysv
-		;;
-	mingw32)
-		basic_machine=i386-pc
-		os=-mingw32
-		;;
-	miniframe)
-		basic_machine=m68000-convergent
-		;;
-	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-	mips3*-*)
-		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
-		;;
-	mips3*)
-		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
-		;;
-	mmix*)
-		basic_machine=mmix-knuth
-		os=-mmixware
-		;;
-	monitor)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	morphos)
-		basic_machine=powerpc-unknown
-		os=-morphos
-		;;
-	msdos)
-		basic_machine=i386-pc
-		os=-msdos
-		;;
-	mvs)
-		basic_machine=i370-ibm
-		os=-mvs
-		;;
-	ncr3000)
-		basic_machine=i486-ncr
-		os=-sysv4
-		;;
-	netbsd386)
-		basic_machine=i386-unknown
-		os=-netbsd
-		;;
-	netwinder)
-		basic_machine=armv4l-rebel
-		os=-linux
-		;;
-	news | news700 | news800 | news900)
-		basic_machine=m68k-sony
-		os=-newsos
-		;;
-	news1000)
-		basic_machine=m68030-sony
-		os=-newsos
-		;;
-	news-3600 | risc-news)
-		basic_machine=mips-sony
-		os=-newsos
-		;;
-	necv70)
-		basic_machine=v70-nec
-		os=-sysv
-		;;
-	next | m*-next )
-		basic_machine=m68k-next
-		case $os in
-		    -nextstep* )
-			;;
-		    -ns2*)
-		      os=-nextstep2
-			;;
-		    *)
-		      os=-nextstep3
-			;;
-		esac
-		;;
-	nh3000)
-		basic_machine=m68k-harris
-		os=-cxux
-		;;
-	nh[45]000)
-		basic_machine=m88k-harris
-		os=-cxux
-		;;
-	nindy960)
-		basic_machine=i960-intel
-		os=-nindy
-		;;
-	mon960)
-		basic_machine=i960-intel
-		os=-mon960
-		;;
-	nonstopux)
-		basic_machine=mips-compaq
-		os=-nonstopux
-		;;
-	np1)
-		basic_machine=np1-gould
-		;;
-	nsr-tandem)
-		basic_machine=nsr-tandem
-		;;
-	op50n-* | op60c-*)
-		basic_machine=hppa1.1-oki
-		os=-proelf
-		;;
-	or32 | or32-*)
-		basic_machine=or32-unknown
-		os=-coff
-		;;
-	OSE68000 | ose68000)
-		basic_machine=m68000-ericsson
-		os=-ose
-		;;
-	os68k)
-		basic_machine=m68k-none
-		os=-os68k
-		;;
-	pa-hitachi)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	paragon)
-		basic_machine=i860-intel
-		os=-osf
-		;;
-	pbd)
-		basic_machine=sparc-tti
-		;;
-	pbb)
-		basic_machine=m68k-tti
-		;;
-        pc532 | pc532-*)
-		basic_machine=ns32k-pc532
-		;;
-	pentium | p5 | k5 | k6 | nexgen | viac3)
-		basic_machine=i586-pc
-		;;
-	pentiumpro | p6 | 6x86 | athlon)
-		basic_machine=i686-pc
-		;;
-	pentiumii | pentium2)
-		basic_machine=i686-pc
-		;;
-	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
-		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentiumpro-* | p6-* | 6x86-* | athlon-*)
-		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentiumii-* | pentium2-*)
-		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pn)
-		basic_machine=pn-gould
-		;;
-	power)	basic_machine=power-ibm
-		;;
-	ppc)	basic_machine=powerpc-unknown
-	        ;;
-	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppcle | powerpclittle | ppc-le | powerpc-little)
-		basic_machine=powerpcle-unknown
-	        ;;
-	ppcle-* | powerpclittle-*)
-		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppc64)	basic_machine=powerpc64-unknown
-	        ;;
-	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
-		basic_machine=powerpc64le-unknown
-	        ;;
-	ppc64le-* | powerpc64little-*)
-		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ps2)
-		basic_machine=i386-ibm
-		;;
-	pw32)
-		basic_machine=i586-unknown
-		os=-pw32
-		;;
-	rom68k)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	rm[46]00)
-		basic_machine=mips-siemens
-		;;
-	rtpc | rtpc-*)
-		basic_machine=romp-ibm
-		;;
-	s390 | s390-*)
-		basic_machine=s390-ibm
-		;;
-	s390x | s390x-*)
-		basic_machine=s390x-ibm
-		;;
-	sa29200)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	sequent)
-		basic_machine=i386-sequent
-		;;
-	sh)
-		basic_machine=sh-hitachi
-		os=-hms
-		;;
-	sparclite-wrs | simso-wrs)
-		basic_machine=sparclite-wrs
-		os=-vxworks
-		;;
-	sps7)
-		basic_machine=m68k-bull
-		os=-sysv2
-		;;
-	spur)
-		basic_machine=spur-unknown
-		;;
-	st2000)
-		basic_machine=m68k-tandem
-		;;
-	stratus)
-		basic_machine=i860-stratus
-		os=-sysv4
-		;;
-	sun2)
-		basic_machine=m68000-sun
-		;;
-	sun2os3)
-		basic_machine=m68000-sun
-		os=-sunos3
-		;;
-	sun2os4)
-		basic_machine=m68000-sun
-		os=-sunos4
-		;;
-	sun3os3)
-		basic_machine=m68k-sun
-		os=-sunos3
-		;;
-	sun3os4)
-		basic_machine=m68k-sun
-		os=-sunos4
-		;;
-	sun4os3)
-		basic_machine=sparc-sun
-		os=-sunos3
-		;;
-	sun4os4)
-		basic_machine=sparc-sun
-		os=-sunos4
-		;;
-	sun4sol2)
-		basic_machine=sparc-sun
-		os=-solaris2
-		;;
-	sun3 | sun3-*)
-		basic_machine=m68k-sun
-		;;
-	sun4)
-		basic_machine=sparc-sun
-		;;
-	sun386 | sun386i | roadrunner)
-		basic_machine=i386-sun
-		;;
-        sv1)
-		basic_machine=sv1-cray
-		os=-unicos
-		;;
-	symmetry)
-		basic_machine=i386-sequent
-		os=-dynix
-		;;
-	t3d)
-		basic_machine=alpha-cray
-		os=-unicos
-		;;
-	t3e)
-		basic_machine=alphaev5-cray
-		os=-unicos
-		;;
-	t90)
-		basic_machine=t90-cray
-		os=-unicos
-		;;
-	tic54x | c54x*)
-		basic_machine=tic54x-unknown
-		os=-coff
-		;;
-	tx39)
-		basic_machine=mipstx39-unknown
-		;;
-	tx39el)
-		basic_machine=mipstx39el-unknown
-		;;
-	toad1)
-		basic_machine=pdp10-xkl
-		os=-tops20
-		;;
-	tower | tower-32)
-		basic_machine=m68k-ncr
-		;;
-	udi29k)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	ultra3)
-		basic_machine=a29k-nyu
-		os=-sym1
-		;;
-	v810 | necv810)
-		basic_machine=v810-nec
-		os=-none
-		;;
-	vaxv)
-		basic_machine=vax-dec
-		os=-sysv
-		;;
-	vms)
-		basic_machine=vax-dec
-		os=-vms
-		;;
-	vpp*|vx|vx-*)
-               basic_machine=f301-fujitsu
-               ;;
-	vxworks960)
-		basic_machine=i960-wrs
-		os=-vxworks
-		;;
-	vxworks68)
-		basic_machine=m68k-wrs
-		os=-vxworks
-		;;
-	vxworks29k)
-		basic_machine=a29k-wrs
-		os=-vxworks
-		;;
-	w65*)
-		basic_machine=w65-wdc
-		os=-none
-		;;
-	w89k-*)
-		basic_machine=hppa1.1-winbond
-		os=-proelf
-		;;
-	windows32)
-		basic_machine=i386-pc
-		os=-windows32-msvcrt
-		;;
-        xps | xps100)
-		basic_machine=xps100-honeywell
-		;;
-	ymp)
-		basic_machine=ymp-cray
-		os=-unicos
-		;;
-	z8k-*-coff)
-		basic_machine=z8k-unknown
-		os=-sim
-		;;
-	none)
-		basic_machine=none-none
-		os=-none
-		;;
-
-# Here we handle the default manufacturer of certain CPU types.  It is in
-# some cases the only manufacturer, in others, it is the most popular.
-	w89k)
-		basic_machine=hppa1.1-winbond
-		;;
-	op50n)
-		basic_machine=hppa1.1-oki
-		;;
-	op60c)
-		basic_machine=hppa1.1-oki
-		;;
-	romp)
-		basic_machine=romp-ibm
-		;;
-	rs6000)
-		basic_machine=rs6000-ibm
-		;;
-	vax)
-		basic_machine=vax-dec
-		;;
-	pdp10)
-		# there are many clones, so DEC is not a safe bet
-		basic_machine=pdp10-unknown
-		;;
-	pdp11)
-		basic_machine=pdp11-dec
-		;;
-	we32k)
-		basic_machine=we32k-att
-		;;
-	sh3 | sh4 | sh3eb | sh4eb)
-		basic_machine=sh-unknown
-		;;
-	sh64)
-		basic_machine=sh64-unknown
-		;;
-	sparc | sparcv9 | sparcv9b)
-		basic_machine=sparc-sun
-		;;
-        cydra)
-		basic_machine=cydra-cydrome
-		;;
-	orion)
-		basic_machine=orion-highlevel
-		;;
-	orion105)
-		basic_machine=clipper-highlevel
-		;;
-	mac | mpw | mac-mpw)
-		basic_machine=m68k-apple
-		;;
-	pmac | pmac-mpw)
-		basic_machine=powerpc-apple
-		;;
-	c4x*)
-		basic_machine=c4x-none
-		os=-coff
-		;;
-	*-unknown)
-		# Make sure to match an already-canonicalized machine name.
-		;;
-	*)
-		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
-		exit 1
-		;;
-esac
-
-# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
-	*-digital*)
-		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
-		;;
-	*-commodore*)
-		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
-		;;
-	*)
-		;;
-esac
-
-# Decode manufacturer-specific aliases for certain operating systems.
-
-if [ x"$os" != x"" ]
-then
-case $os in
-        # First match some system type aliases
-        # that might get confused with valid system types.
-	# -solaris* is a basic system type, with this one exception.
-	-solaris1 | -solaris1.*)
-		os=`echo $os | sed -e 's|solaris1|sunos4|'`
-		;;
-	-solaris)
-		os=-solaris2
-		;;
-	-svr4*)
-		os=-sysv4
-		;;
-	-unixware*)
-		os=-sysv4.2uw
-		;;
-	-gnu/linux*)
-		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
-		;;
-	# First accept the basic system types.
-	# The portable systems comes first.
-	# Each alternative MUST END IN A *, to match a version number.
-	# -sysv* is not here because it comes later, after sysvr4.
-	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
-	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
-	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* \
-	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
-	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
-	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
-	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
-	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* \
-	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
-	      | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
-	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
-	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
-	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
-	      | -morphos* | -superux* | -rtmk* | -rtmk-nova*)
-	# Remember, each alternative MUST END IN *, to match a version number.
-		;;
-	-qnx*)
-		case $basic_machine in
-		    x86-* | i*86-*)
-			;;
-		    *)
-			os=-nto$os
-			;;
-		esac
-		;;
-	-nto*)
-		os=-nto-qnx
-		;;
-	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
-	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
-		;;
-	-mac*)
-		os=`echo $os | sed -e 's|mac|macos|'`
-		;;
-	-linux*)
-		os=`echo $os | sed -e 's|linux|linux-gnu|'`
-		;;
-	-sunos5*)
-		os=`echo $os | sed -e 's|sunos5|solaris2|'`
-		;;
-	-sunos6*)
-		os=`echo $os | sed -e 's|sunos6|solaris3|'`
-		;;
-	-opened*)
-		os=-openedition
-		;;
-	-wince*)
-		os=-wince
-		;;
-	-osfrose*)
-		os=-osfrose
-		;;
-	-osf*)
-		os=-osf
-		;;
-	-utek*)
-		os=-bsd
-		;;
-	-dynix*)
-		os=-bsd
-		;;
-	-acis*)
-		os=-aos
-		;;
-	-atheos*)
-		os=-atheos
-		;;
-	-386bsd)
-		os=-bsd
-		;;
-	-ctix* | -uts*)
-		os=-sysv
-		;;
-	-nova*)
-		os=-rtmk-nova
-		;;
-	-ns2 )
-	        os=-nextstep2
-		;;
-	-nsk*)
-		os=-nsk
-		;;
-	# Preserve the version number of sinix5.
-	-sinix5.*)
-		os=`echo $os | sed -e 's|sinix|sysv|'`
-		;;
-	-sinix*)
-		os=-sysv4
-		;;
-	-triton*)
-		os=-sysv3
-		;;
-	-oss*)
-		os=-sysv3
-		;;
-	-svr4)
-		os=-sysv4
-		;;
-	-svr3)
-		os=-sysv3
-		;;
-	-sysvr4)
-		os=-sysv4
-		;;
-	# This must come after -sysvr4.
-	-sysv*)
-		;;
-	-ose*)
-		os=-ose
-		;;
-	-es1800*)
-		os=-ose
-		;;
-	-xenix)
-		os=-xenix
-		;;
-        -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-	        os=-mint
-		;;
-	-none)
-		;;
-	*)
-		# Get rid of the `-' at the beginning of $os.
-		os=`echo $os | sed 's/[^-]*-//'`
-		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
-		exit 1
-		;;
-esac
-else
-
-# Here we handle the default operating systems that come with various machines.
-# The value should be what the vendor currently ships out the door with their
-# machine or put another way, the most popular os provided with the machine.
-
-# Note that if you're going to try to match "-MANUFACTURER" here (say,
-# "-sun"), then you have to tell the case statement up towards the top
-# that MANUFACTURER isn't an operating system.  Otherwise, code above
-# will signal an error saying that MANUFACTURER isn't an operating
-# system, and we'll never get to this point.
-
-case $basic_machine in
-	*-acorn)
-		os=-riscix1.2
-		;;
-	arm*-rebel)
-		os=-linux
-		;;
-	arm*-semi)
-		os=-aout
-		;;
-	# This must come before the *-dec entry.
-	pdp10-*)
-		os=-tops20
-		;;
-        pdp11-*)
-		os=-none
-		;;
-	*-dec | vax-*)
-		os=-ultrix4.2
-		;;
-	m68*-apollo)
-		os=-domain
-		;;
-	i386-sun)
-		os=-sunos4.0.2
-		;;
-	m68000-sun)
-		os=-sunos3
-		# This also exists in the configure program, but was not the
-		# default.
-		# os=-sunos4
-		;;
-	m68*-cisco)
-		os=-aout
-		;;
-	mips*-cisco)
-		os=-elf
-		;;
-	mips*-*)
-		os=-elf
-		;;
-	or32-*)
-		os=-coff
-		;;
-	*-tti)	# must be before sparc entry or we get the wrong os.
-		os=-sysv3
-		;;
-	sparc-* | *-sun)
-		os=-sunos4.1.1
-		;;
-	*-be)
-		os=-beos
-		;;
-	*-ibm)
-		os=-aix
-		;;
-	*-wec)
-		os=-proelf
-		;;
-	*-winbond)
-		os=-proelf
-		;;
-	*-oki)
-		os=-proelf
-		;;
-	*-hp)
-		os=-hpux
-		;;
-	*-hitachi)
-		os=-hiux
-		;;
-	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
-		os=-sysv
-		;;
-	*-cbm)
-		os=-amigaos
-		;;
-	*-dg)
-		os=-dgux
-		;;
-	*-dolphin)
-		os=-sysv3
-		;;
-	m68k-ccur)
-		os=-rtu
-		;;
-	m88k-omron*)
-		os=-luna
-		;;
-	*-next )
-		os=-nextstep
-		;;
-	*-sequent)
-		os=-ptx
-		;;
-	*-crds)
-		os=-unos
-		;;
-	*-ns)
-		os=-genix
-		;;
-	i370-*)
-		os=-mvs
-		;;
-	*-next)
-		os=-nextstep3
-		;;
-        *-gould)
-		os=-sysv
-		;;
-        *-highlevel)
-		os=-bsd
-		;;
-	*-encore)
-		os=-bsd
-		;;
-        *-sgi)
-		os=-irix
-		;;
-        *-siemens)
-		os=-sysv4
-		;;
-	*-masscomp)
-		os=-rtu
-		;;
-	f30[01]-fujitsu | f700-fujitsu)
-		os=-uxpv
-		;;
-	*-rom68k)
-		os=-coff
-		;;
-	*-*bug)
-		os=-coff
-		;;
-	*-apple)
-		os=-macos
-		;;
-	*-atari*)
-		os=-mint
-		;;
-	*)
-		os=-none
-		;;
-esac
-fi
-
-# Here we handle the case where we know the os, and the CPU type, but not the
-# manufacturer.  We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
-	*-unknown)
-		case $os in
-			-riscix*)
-				vendor=acorn
-				;;
-			-sunos*)
-				vendor=sun
-				;;
-			-aix*)
-				vendor=ibm
-				;;
-			-beos*)
-				vendor=be
-				;;
-			-hpux*)
-				vendor=hp
-				;;
-			-mpeix*)
-				vendor=hp
-				;;
-			-hiux*)
-				vendor=hitachi
-				;;
-			-unos*)
-				vendor=crds
-				;;
-			-dgux*)
-				vendor=dg
-				;;
-			-luna*)
-				vendor=omron
-				;;
-			-genix*)
-				vendor=ns
-				;;
-			-mvs* | -opened*)
-				vendor=ibm
-				;;
-			-ptx*)
-				vendor=sequent
-				;;
-			-vxsim* | -vxworks*)
-				vendor=wrs
-				;;
-			-aux*)
-				vendor=apple
-				;;
-			-hms*)
-				vendor=hitachi
-				;;
-			-mpw* | -macos*)
-				vendor=apple
-				;;
-			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-				vendor=atari
-				;;
-			-vos*)
-				vendor=stratus
-				;;
-		esac
-		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
-		;;
-esac
-
-echo $basic_machine$os
-exit 0
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
diff --git a/crypto/heimdal/configure b/crypto/heimdal/configure
deleted file mode 100755
index c2fecc8d8122..000000000000
--- a/crypto/heimdal/configure
+++ /dev/null
@@ -1,37659 +0,0 @@
-#! /bin/sh
-# From configure.in Revision: 1.331.2.2 .
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.53 for Heimdal 0.6.
-#
-# Report bugs to <heimdal-bugs@pdc.kth.se>.
-#
-# Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-
-# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) lt_cv_sys_path_separator=';' ;;
-    *)     lt_cv_sys_path_separator=':' ;;
-  esac
-  PATH_SEPARATOR=$lt_cv_sys_path_separator
-fi
-
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$ECHO in
-X*--fallback-echo)
-  # Remove one level of quotation (which was required for Make).
-  ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
-  ;;
-esac
-
-echo=${ECHO-echo}
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-
-EOF
-  exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-if test -z "$ECHO"; then
-if test "X${echo_test_string+set}" != Xset; then
-# find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string="`eval $cmd`") 2>/dev/null &&
-       echo_test_string="`eval $cmd`" &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
-    then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  IFS="${IFS= 	}"; save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for dir in $PATH /usr/ucb; do
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running configure again with it.
-      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
-	  then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "$0"'; then
-	  echo_test_string=`eval $prev`
-	  export echo_test_string
-	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-ECHO=$echo
-if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
-   ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
-fi
-
-
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
-    { $as_unset LANG || test "${LANG+set}" != set; } ||
-      { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
-    { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
-      { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
-    { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
-      { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
-    { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
-      { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
-    { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
-      { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
-    { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
-      { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
-    { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
-      { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
-    { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
-      { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conftest.sh
-  echo  "exit 0"   >>conftest.sh
-  chmod +x conftest.sh
-  if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conftest.sh
-fi
-
-
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
-	 /*)
-	   if ("$as_dir/$as_base" -c '
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
-
-  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that $LINENO is not a special case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
-    sed '
-      N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
-      t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
-    ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
-    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
-  # Exit status is that of the last command.
-  exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-exec 6>&1
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Maximum number of lines to put in a shell here document.
-# This variable seems obsolete.  It should probably be removed, and
-# only ac_max_sed_lines should be used.
-: ${ac_max_here_lines=38}
-
-# Identity of this package.
-PACKAGE_NAME='Heimdal'
-PACKAGE_TARNAME='heimdal'
-PACKAGE_VERSION='0.6'
-PACKAGE_STRING='Heimdal 0.6'
-PACKAGE_BUGREPORT='heimdal-bugs@pdc.kth.se'
-
-ac_unique_file="kuser/kinit.c"
-ac_default_prefix=/usr/heimdal
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
-
-ac_prev=
-for ac_option
-do
-  # If the previous option needs an argument, assign it.
-  if test -n "$ac_prev"; then
-    eval "$ac_prev=\$ac_option"
-    ac_prev=
-    continue
-  fi
-
-  ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
-
-  # Accept the important Cygnus configure options, so we can diagnose typos.
-
-  case $ac_option in
-
-  -bindir | --bindir | --bindi | --bind | --bin | --bi)
-    ac_prev=bindir ;;
-  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
-    bindir=$ac_optarg ;;
-
-  -build | --build | --buil | --bui | --bu)
-    ac_prev=build_alias ;;
-  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
-    build_alias=$ac_optarg ;;
-
-  -cache-file | --cache-file | --cache-fil | --cache-fi \
-  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
-    ac_prev=cache_file ;;
-  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
-  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
-    cache_file=$ac_optarg ;;
-
-  --config-cache | -C)
-    cache_file=config.cache ;;
-
-  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
-    ac_prev=datadir ;;
-  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
-  | --da=*)
-    datadir=$ac_optarg ;;
-
-  -disable-* | --disable-*)
-    ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-   { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
-    eval "enable_$ac_feature=no" ;;
-
-  -enable-* | --enable-*)
-    ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-   { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
-    case $ac_option in
-      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "enable_$ac_feature='$ac_optarg'" ;;
-
-  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
-  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
-  | --exec | --exe | --ex)
-    ac_prev=exec_prefix ;;
-  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
-  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
-  | --exec=* | --exe=* | --ex=*)
-    exec_prefix=$ac_optarg ;;
-
-  -gas | --gas | --ga | --g)
-    # Obsolete; use --with-gas.
-    with_gas=yes ;;
-
-  -help | --help | --hel | --he | -h)
-    ac_init_help=long ;;
-  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
-    ac_init_help=recursive ;;
-  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
-    ac_init_help=short ;;
-
-  -host | --host | --hos | --ho)
-    ac_prev=host_alias ;;
-  -host=* | --host=* | --hos=* | --ho=*)
-    host_alias=$ac_optarg ;;
-
-  -includedir | --includedir | --includedi | --included | --include \
-  | --includ | --inclu | --incl | --inc)
-    ac_prev=includedir ;;
-  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
-  | --includ=* | --inclu=* | --incl=* | --inc=*)
-    includedir=$ac_optarg ;;
-
-  -infodir | --infodir | --infodi | --infod | --info | --inf)
-    ac_prev=infodir ;;
-  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
-    infodir=$ac_optarg ;;
-
-  -libdir | --libdir | --libdi | --libd)
-    ac_prev=libdir ;;
-  -libdir=* | --libdir=* | --libdi=* | --libd=*)
-    libdir=$ac_optarg ;;
-
-  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
-  | --libexe | --libex | --libe)
-    ac_prev=libexecdir ;;
-  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
-  | --libexe=* | --libex=* | --libe=*)
-    libexecdir=$ac_optarg ;;
-
-  -localstatedir | --localstatedir | --localstatedi | --localstated \
-  | --localstate | --localstat | --localsta | --localst \
-  | --locals | --local | --loca | --loc | --lo)
-    ac_prev=localstatedir ;;
-  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
-  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
-  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
-    localstatedir=$ac_optarg ;;
-
-  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
-    ac_prev=mandir ;;
-  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
-    mandir=$ac_optarg ;;
-
-  -nfp | --nfp | --nf)
-    # Obsolete; use --without-fp.
-    with_fp=no ;;
-
-  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c | -n)
-    no_create=yes ;;
-
-  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
-    no_recursion=yes ;;
-
-  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
-  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
-  | --oldin | --oldi | --old | --ol | --o)
-    ac_prev=oldincludedir ;;
-  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
-  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
-  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
-    oldincludedir=$ac_optarg ;;
-
-  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-    ac_prev=prefix ;;
-  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-    prefix=$ac_optarg ;;
-
-  -program-prefix | --program-prefix | --program-prefi | --program-pref \
-  | --program-pre | --program-pr | --program-p)
-    ac_prev=program_prefix ;;
-  -program-prefix=* | --program-prefix=* | --program-prefi=* \
-  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
-    program_prefix=$ac_optarg ;;
-
-  -program-suffix | --program-suffix | --program-suffi | --program-suff \
-  | --program-suf | --program-su | --program-s)
-    ac_prev=program_suffix ;;
-  -program-suffix=* | --program-suffix=* | --program-suffi=* \
-  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
-    program_suffix=$ac_optarg ;;
-
-  -program-transform-name | --program-transform-name \
-  | --program-transform-nam | --program-transform-na \
-  | --program-transform-n | --program-transform- \
-  | --program-transform | --program-transfor \
-  | --program-transfo | --program-transf \
-  | --program-trans | --program-tran \
-  | --progr-tra | --program-tr | --program-t)
-    ac_prev=program_transform_name ;;
-  -program-transform-name=* | --program-transform-name=* \
-  | --program-transform-nam=* | --program-transform-na=* \
-  | --program-transform-n=* | --program-transform-=* \
-  | --program-transform=* | --program-transfor=* \
-  | --program-transfo=* | --program-transf=* \
-  | --program-trans=* | --program-tran=* \
-  | --progr-tra=* | --program-tr=* | --program-t=*)
-    program_transform_name=$ac_optarg ;;
-
-  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-  | -silent | --silent | --silen | --sile | --sil)
-    silent=yes ;;
-
-  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
-    ac_prev=sbindir ;;
-  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-  | --sbi=* | --sb=*)
-    sbindir=$ac_optarg ;;
-
-  -sharedstatedir | --sharedstatedir | --sharedstatedi \
-  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
-  | --sharedst | --shareds | --shared | --share | --shar \
-  | --sha | --sh)
-    ac_prev=sharedstatedir ;;
-  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
-  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
-  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
-  | --sha=* | --sh=*)
-    sharedstatedir=$ac_optarg ;;
-
-  -site | --site | --sit)
-    ac_prev=site ;;
-  -site=* | --site=* | --sit=*)
-    site=$ac_optarg ;;
-
-  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
-    ac_prev=srcdir ;;
-  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
-    srcdir=$ac_optarg ;;
-
-  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
-  | --syscon | --sysco | --sysc | --sys | --sy)
-    ac_prev=sysconfdir ;;
-  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
-  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
-    sysconfdir=$ac_optarg ;;
-
-  -target | --target | --targe | --targ | --tar | --ta | --t)
-    ac_prev=target_alias ;;
-  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
-    target_alias=$ac_optarg ;;
-
-  -v | -verbose | --verbose | --verbos | --verbo | --verb)
-    verbose=yes ;;
-
-  -version | --version | --versio | --versi | --vers | -V)
-    ac_init_version=: ;;
-
-  -with-* | --with-*)
-    ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid package name: $ac_package" >&2
-   { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package| sed 's/-/_/g'`
-    case $ac_option in
-      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "with_$ac_package='$ac_optarg'" ;;
-
-  -without-* | --without-*)
-    ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid package name: $ac_package" >&2
-   { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package | sed 's/-/_/g'`
-    eval "with_$ac_package=no" ;;
-
-  --x)
-    # Obsolete; use --with-x.
-    with_x=yes ;;
-
-  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
-  | --x-incl | --x-inc | --x-in | --x-i)
-    ac_prev=x_includes ;;
-  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
-  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
-    x_includes=$ac_optarg ;;
-
-  -x-libraries | --x-libraries | --x-librarie | --x-librari \
-  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
-    ac_prev=x_libraries ;;
-  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
-  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
-    x_libraries=$ac_optarg ;;
-
-  -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
-   { (exit 1); exit 1; }; }
-    ;;
-
-  *=*)
-    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
-   { (exit 1); exit 1; }; }
-    ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
-    eval "$ac_envvar='$ac_optarg'"
-    export $ac_envvar ;;
-
-  *)
-    # FIXME: should be removed in autoconf 3.0.
-    echo "$as_me: WARNING: you should use --build, --host, --target" >&2
-    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      echo "$as_me: WARNING: invalid host type: $ac_option" >&2
-    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
-    ;;
-
-  esac
-done
-
-if test -n "$ac_prev"; then
-  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
-  { echo "$as_me: error: missing argument to $ac_option" >&2
-   { (exit 1); exit 1; }; }
-fi
-
-# Be sure to have absolute paths.
-for ac_var in exec_prefix prefix
-do
-  eval ac_val=$`echo $ac_var`
-  case $ac_val in
-    [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
-    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# Be sure to have absolute paths.
-for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
-              localstatedir libdir includedir oldincludedir infodir mandir
-do
-  eval ac_val=$`echo $ac_var`
-  case $ac_val in
-    [\\/$]* | ?:[\\/]* ) ;;
-    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
-  if test "x$build_alias" = x; then
-    cross_compiling=maybe
-    echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
-    If a cross compiler is detected then cross compile mode will be used." >&2
-  elif test "x$build_alias" != "x$host_alias"; then
-    cross_compiling=yes
-  fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
-  ac_srcdir_defaulted=yes
-  # Try the directory containing this script, then its parent.
-  ac_confdir=`(dirname "$0") 2>/dev/null ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$0" : 'X\(//\)[^/]' \| \
-         X"$0" : 'X\(//\)$' \| \
-         X"$0" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$0" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  srcdir=$ac_confdir
-  if test ! -r $srcdir/$ac_unique_file; then
-    srcdir=..
-  fi
-else
-  ac_srcdir_defaulted=no
-fi
-if test ! -r $srcdir/$ac_unique_file; then
-  if test "$ac_srcdir_defaulted" = yes; then
-    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
-   { (exit 1); exit 1; }; }
-  else
-    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
-   { (exit 1); exit 1; }; }
-  fi
-fi
-srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
-ac_env_build_alias_set=${build_alias+set}
-ac_env_build_alias_value=$build_alias
-ac_cv_env_build_alias_set=${build_alias+set}
-ac_cv_env_build_alias_value=$build_alias
-ac_env_host_alias_set=${host_alias+set}
-ac_env_host_alias_value=$host_alias
-ac_cv_env_host_alias_set=${host_alias+set}
-ac_cv_env_host_alias_value=$host_alias
-ac_env_target_alias_set=${target_alias+set}
-ac_env_target_alias_value=$target_alias
-ac_cv_env_target_alias_set=${target_alias+set}
-ac_cv_env_target_alias_value=$target_alias
-ac_env_CC_set=${CC+set}
-ac_env_CC_value=$CC
-ac_cv_env_CC_set=${CC+set}
-ac_cv_env_CC_value=$CC
-ac_env_CFLAGS_set=${CFLAGS+set}
-ac_env_CFLAGS_value=$CFLAGS
-ac_cv_env_CFLAGS_set=${CFLAGS+set}
-ac_cv_env_CFLAGS_value=$CFLAGS
-ac_env_LDFLAGS_set=${LDFLAGS+set}
-ac_env_LDFLAGS_value=$LDFLAGS
-ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
-ac_cv_env_LDFLAGS_value=$LDFLAGS
-ac_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_env_CPPFLAGS_value=$CPPFLAGS
-ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_cv_env_CPPFLAGS_value=$CPPFLAGS
-ac_env_CPP_set=${CPP+set}
-ac_env_CPP_value=$CPP
-ac_cv_env_CPP_set=${CPP+set}
-ac_cv_env_CPP_value=$CPP
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
-  # Omit some internal or obsolete options to make the list less imposing.
-  # This message is too long to be a string in the A/UX 3.1 sh.
-  cat <<_ACEOF
-\`configure' configures Heimdal 0.6 to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE.  See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
-  -h, --help              display this help and exit
-      --help=short        display options specific to this package
-      --help=recursive    display the short help of all the included packages
-  -V, --version           display version information and exit
-  -q, --quiet, --silent   do not print \`checking...' messages
-      --cache-file=FILE   cache test results in FILE [disabled]
-  -C, --config-cache      alias for \`--cache-file=config.cache'
-  -n, --no-create         do not create output files
-      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
-
-_ACEOF
-
-  cat <<_ACEOF
-Installation directories:
-  --prefix=PREFIX         install architecture-independent files in PREFIX
-                          [$ac_default_prefix]
-  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
-                          [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
-  --bindir=DIR           user executables [EPREFIX/bin]
-  --sbindir=DIR          system admin executables [EPREFIX/sbin]
-  --libexecdir=DIR       program executables [EPREFIX/libexec]
-  --datadir=DIR          read-only architecture-independent data [PREFIX/share]
-  --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
-  --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
-  --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
-  --libdir=DIR           object code libraries [EPREFIX/lib]
-  --includedir=DIR       C header files [PREFIX/include]
-  --oldincludedir=DIR    C header files for non-gcc [/usr/include]
-  --infodir=DIR          info documentation [PREFIX/info]
-  --mandir=DIR           man documentation [PREFIX/man]
-_ACEOF
-
-  cat <<\_ACEOF
-
-Program names:
-  --program-prefix=PREFIX            prepend PREFIX to installed program names
-  --program-suffix=SUFFIX            append SUFFIX to installed program names
-  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
-
-X features:
-  --x-includes=DIR    X include files are in DIR
-  --x-libraries=DIR   X library files are in DIR
-
-System types:
-  --build=BUILD     configure for building on BUILD [guessed]
-  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-  case $ac_init_help in
-     short | recursive ) echo "Configuration of Heimdal 0.6:";;
-   esac
-  cat <<\_ACEOF
-
-Optional Features:
-  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
-  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
-  --disable-dependency-tracking Speeds up one-time builds
-  --enable-dependency-tracking  Do not reject slow dependency extractors
-  --enable-maintainer-mode enable make rules and dependencies not useful
-                          (and sometimes confusing) to the casual installer
-  --disable-largefile     omit support for large files
-  --enable-shared=PKGS  build shared libraries default=no
-  --enable-static=PKGS  build static libraries default=yes
-  --enable-fast-install=PKGS  optimize for fast installation default=yes
-  --disable-libtool-lock  avoid locking (might break parallel builds)
-  --enable-dce            if you want support for DCE/DFS PAG's
-  --disable-berkeley-db   if you don't want berkeley db
-  --disable-otp           if you don't want OTP support
-  --enable-osfc2          enable some OSF C2 support
-  --disable-mmap          disable use of mmap
-  --enable-bigendian      the target is big endian
-  --enable-littleendian   the target is little endian
-  --disable-dynamic-afs   do not use loaded AFS library with AIX
-  --enable-netinfo        enable netinfo for configuration lookup
-
-Optional Packages:
-  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
-  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
-  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)
-  --with-gnu-ld           assume the C compiler uses GNU ld default=no
-  --with-pic              try to use only PIC/non-PIC objects default=use both
-  --with-openldap=dir     use openldap in dir
-  --with-openldap-lib=dir use openldap libraries in dir
-  --with-openldap-include=dir
-                          use openldap headers in dir
-  --with-openldap-config=path
-                          config program for openldap
-  --with-krb4=dir         use krb4 in dir
-  --with-krb4-lib=dir     use krb4 libraries in dir
-  --with-krb4-include=dir use krb4 headers in dir
-  --with-krb4-config=path config program for krb4
-  --with-openssl=dir      use openssl in dir
-  --with-openssl-lib=dir  use openssl libraries in dir
-  --with-openssl-include=dir
-                          use openssl headers in dir
-  --without-ipv6          do not enable IPv6 support
-  --with-readline=dir     use readline in dir
-  --with-readline-lib=dir use readline libraries in dir
-  --with-readline-include=dir
-                          use readline headers in dir
-  --with-readline-config=path
-                          config program for readline
-  --with-hesiod=dir       use hesiod in dir
-  --with-hesiod-lib=dir   use hesiod libraries in dir
-  --with-hesiod-include=dir
-                          use hesiod headers in dir
-  --with-hesiod-config=path
-                          config program for hesiod
-  --with-x                use the X Window System
-
-Some influential environment variables:
-  CC          C compiler command
-  CFLAGS      C compiler flags
-  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
-              nonstandard directory <lib dir>
-  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
-              headers in a nonstandard directory <include dir>
-  CPP         C preprocessor
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to <heimdal-bugs@pdc.kth.se>.
-_ACEOF
-fi
-
-if test "$ac_init_help" = "recursive"; then
-  # If there are subdirs, report their specific --help.
-  ac_popdir=`pwd`
-  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
-    test -d $ac_dir || continue
-    ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-    cd $ac_dir
-    # Check for guested configure; otherwise get Cygnus style configure.
-    if test -f $ac_srcdir/configure.gnu; then
-      echo
-      $SHELL $ac_srcdir/configure.gnu  --help=recursive
-    elif test -f $ac_srcdir/configure; then
-      echo
-      $SHELL $ac_srcdir/configure  --help=recursive
-    elif test -f $ac_srcdir/configure.ac ||
-           test -f $ac_srcdir/configure.in; then
-      echo
-      $ac_configure --help
-    else
-      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-    fi
-    cd $ac_popdir
-  done
-fi
-
-test -n "$ac_init_help" && exit 0
-if $ac_init_version; then
-  cat <<\_ACEOF
-Heimdal configure 0.6
-generated by GNU Autoconf 2.53
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
-Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
-  exit 0
-fi
-exec 5>config.log
-cat >&5 <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by Heimdal $as_me 0.6, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  $ $0 $@
-
-_ACEOF
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
-
-/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-hostinfo               = `(hostinfo) 2>/dev/null               || echo unknown`
-/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
-/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  echo "PATH: $as_dir"
-done
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Also quote any args containing shell meta-characters.
-ac_configure_args=
-ac_sep=
-for ac_arg
-do
-  case $ac_arg in
-  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c | -n ) continue ;;
-  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
-    continue ;;
-  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
-    ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-  esac
-  case " $ac_configure_args " in
-    *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
-    *) ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
-       ac_sep=" " ;;
-  esac
-  # Get rid of the leading space.
-done
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log.  We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Be sure not to use single quotes in there, as some shells,
-# such as our DU 5.0 friend, will then `close' the trap.
-trap 'exit_status=$?
-  # Save into config.log some information that might help in debugging.
-  {
-    echo
-    cat <<\_ASBOX
-## ---------------- ##
-## Cache variables. ##
-## ---------------- ##
-_ASBOX
-    echo
-    # The following way of writing the cache mishandles newlines in values,
-{
-  (set) 2>&1 |
-    case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
-    *ac_space=\ *)
-      sed -n \
-        "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
-    	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
-      ;;
-    *)
-      sed -n \
-        "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
-      ;;
-    esac;
-}
-    echo
-    if test -s confdefs.h; then
-      cat <<\_ASBOX
-## ----------- ##
-## confdefs.h. ##
-## ----------- ##
-_ASBOX
-      echo
-      sed "/^$/d" confdefs.h
-      echo
-    fi
-    test "$ac_signal" != 0 &&
-      echo "$as_me: caught signal $ac_signal"
-    echo "$as_me: exit $exit_status"
-  } >&5
-  rm -f core core.* *.core &&
-  rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
-    exit $exit_status
-     ' 0
-for ac_signal in 1 2 13 15; do
-  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo >confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
-  if test "x$prefix" != xNONE; then
-    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
-  else
-    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-  fi
-fi
-for ac_site_file in $CONFIG_SITE; do
-  if test -r "$ac_site_file"; then
-    { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
-    sed 's/^/| /' "$ac_site_file" >&5
-    . "$ac_site_file"
-  fi
-done
-
-if test -r "$cache_file"; then
-  # Some versions of bash will fail to source /dev/null (special
-  # files actually), so we avoid doing that.
-  if test -f "$cache_file"; then
-    { echo "$as_me:$LINENO: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
-    case $cache_file in
-      [\\/]* | ?:[\\/]* ) . $cache_file;;
-      *)                      . ./$cache_file;;
-    esac
-  fi
-else
-  { echo "$as_me:$LINENO: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
-  >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in `(set) 2>&1 |
-               sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
-  eval ac_old_set=\$ac_cv_env_${ac_var}_set
-  eval ac_new_set=\$ac_env_${ac_var}_set
-  eval ac_old_val="\$ac_cv_env_${ac_var}_value"
-  eval ac_new_val="\$ac_env_${ac_var}_value"
-  case $ac_old_set,$ac_new_set in
-    set,)
-      { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
-      ac_cache_corrupted=: ;;
-    ,set)
-      { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
-      ac_cache_corrupted=: ;;
-    ,);;
-    *)
-      if test "x$ac_old_val" != "x$ac_new_val"; then
-        { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
-        { echo "$as_me:$LINENO:   former value:  $ac_old_val" >&5
-echo "$as_me:   former value:  $ac_old_val" >&2;}
-        { echo "$as_me:$LINENO:   current value: $ac_new_val" >&5
-echo "$as_me:   current value: $ac_new_val" >&2;}
-        ac_cache_corrupted=:
-      fi;;
-  esac
-  # Pass precious variables to config.status.
-  if test "$ac_new_set" = set; then
-    case $ac_new_val in
-    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
-      ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
-    *) ac_arg=$ac_var=$ac_new_val ;;
-    esac
-    case " $ac_configure_args " in
-      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
-      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
-    esac
-  fi
-done
-if $ac_cache_corrupted; then
-  { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
-  { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Add the stamp file to the list of files AC keeps track of,
-# along with our hook.
-ac_config_headers="$ac_config_headers include/config.h"
-
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="${ac_tool_prefix}gcc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="gcc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  CC=$ac_ct_CC
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="${ac_tool_prefix}cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  CC=$ac_ct_CC
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-fi
-if test -z "$CC"; then
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-  ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-       ac_prog_rejected=yes
-       continue
-     fi
-    ac_cv_prog_CC="cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-if test $ac_prog_rejected = yes; then
-  # We found a bogon in the path, so make sure we never use it.
-  set dummy $ac_cv_prog_CC
-  shift
-  if test $# != 0; then
-    # We chose a different compiler from the bogus one.
-    # However, it has the same basename, so the bogon will be chosen
-    # first if we set CC to just the basename; use the full file name.
-    shift
-    set dummy "$as_dir/$ac_word" ${1+"$@"}
-    shift
-    ac_cv_prog_CC="$@"
-  fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  for ac_prog in cl
-  do
-    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-    test -n "$CC" && break
-  done
-fi
-if test -z "$CC"; then
-  ac_ct_CC=$CC
-  for ac_prog in cl
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$ac_ct_CC" && break
-done
-
-  CC=$ac_ct_CC
-fi
-
-fi
-
-
-test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH" >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-echo "$as_me:$LINENO:" \
-     "checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
-  (eval $ac_compiler --version </dev/null >&5) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
-  (eval $ac_compiler -v </dev/null >&5) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
-  (eval $ac_compiler -V </dev/null >&5) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-echo "$as_me:$LINENO: checking for C compiler default output" >&5
-echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
-  (eval $ac_link_default) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # Find the output, starting from the most likely.  This scheme is
-# not robust to junk in `.', hence go to wildcards (a.*) only as a last
-# resort.
-
-# Be careful to initialize this variable, since it used to be cached.
-# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
-ac_cv_exeext=
-for ac_file in `ls a_out.exe a.exe conftest.exe 2>/dev/null;
-                ls a.out conftest 2>/dev/null;
-                ls a.* conftest.* 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb | *.xSYM ) ;;
-    a.out ) # We found the default executable, but exeext='' is most
-            # certainly right.
-            break;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-          # FIXME: I believe we export ac_cv_exeext for Libtool --akim.
-          export ac_cv_exeext
-          break;;
-    * ) break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: C compiler cannot create executables" >&5
-echo "$as_me: error: C compiler cannot create executables" >&2;}
-   { (exit 77); exit 77; }; }
-fi
-
-ac_exeext=$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6
-
-# Check the compiler produces executables we can run.  If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
-  if { ac_try='./$ac_file'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-    cross_compiling=no
-  else
-    if test "$cross_compiling" = maybe; then
-	cross_compiling=yes
-    else
-	{ { echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'." >&2;}
-   { (exit 1); exit 1; }; }
-    fi
-  fi
-fi
-echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-rm -f a.out a.exe conftest$ac_cv_exeext
-ac_clean_files=$ac_clean_files_save
-# Check the compiler produces executables we can run.  If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6
-
-echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-          export ac_cv_exeext
-          break;;
-    * ) break;;
-  esac
-done
-else
-  { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link" >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
-if test "${ac_cv_objext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
-       break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile" >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-#ifndef __GNUC__
-       choke me
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_compiler_gnu=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_compiler_gnu=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
-GCC=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_g+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_cc_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_prog_cc_g=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
-if test "$ac_test_CFLAGS" = set; then
-  CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
-  if test "$GCC" = yes; then
-    CFLAGS="-g -O2"
-  else
-    CFLAGS="-g"
-  fi
-else
-  if test "$GCC" = yes; then
-    CFLAGS="-O2"
-  else
-    CFLAGS=
-  fi
-fi
-# Some people use a C++ compiler to compile C.  Since we use `exit',
-# in C++ we need to declare it.  In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-#ifndef __cplusplus
-  choke me
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  for ac_declaration in \
-   ''\
-   '#include <stdlib.h>' \
-   'extern "C" void std::exit (int) throw (); using std::exit;' \
-   'extern "C" void std::exit (int); using std::exit;' \
-   'extern "C" void exit (int) throw ();' \
-   'extern "C" void exit (int);' \
-   'void exit (int);'
-do
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-$ac_declaration
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-continue
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_declaration
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-rm -f conftest*
-if test -n "$ac_declaration"; then
-  echo '#ifdef __cplusplus' >>confdefs.h
-  echo $ac_declaration      >>confdefs.h
-  echo '#endif'             >>confdefs.h
-fi
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
-  CPP=
-fi
-if test -z "$CPP"; then
-  if test "${ac_cv_prog_CPP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-      # Double quotes because CPP needs to be expanded
-    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
-    do
-      ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <assert.h>
-                     Syntax error
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether non-existent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <ac_nonexistent.h>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  break
-fi
-
-    done
-    ac_cv_prog_CPP=$CPP
-
-fi
-  CPP=$ac_cv_prog_CPP
-else
-  ac_cv_prog_CPP=$CPP
-fi
-echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <assert.h>
-                     Syntax error
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether non-existent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <ac_nonexistent.h>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  :
-else
-  { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check" >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_prog_cc_stdc=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
-     char **p;
-     int i;
-{
-  return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
-  char *s;
-  va_list v;
-  va_start (v,p);
-  s = g (p, va_arg (v,int));
-  va_end (v);
-  return s;
-}
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
-  ;
-  return 0;
-}
-_ACEOF
-# Don't try gcc -ansi; that turns off useful extensions and
-# breaks some systems' header files.
-# AIX			-qlanglvl=ansi
-# Ultrix and OSF/1	-std1
-# HP-UX 10.20 and later	-Ae
-# HP-UX older versions	-Aa -D_HPUX_SOURCE
-# SVR4			-Xc -D__EXTENSIONS__
-for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
-  CC="$ac_save_CC $ac_arg"
-  rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_cc_stdc=$ac_arg
-break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
-done
-rm -f conftest.$ac_ext conftest.$ac_objext
-CC=$ac_save_CC
-
-fi
-
-case "x$ac_cv_prog_cc_stdc" in
-  x|xno)
-    echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6 ;;
-  *)
-    echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
-    CC="$CC $ac_cv_prog_cc_stdc" ;;
-esac
-
-
-am__api_version="1.6"
-ac_aux_dir=
-for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
-  if test -f $ac_dir/install-sh; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/install-sh -c"
-    break
-  elif test -f $ac_dir/install.sh; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/install.sh -c"
-    break
-  elif test -f $ac_dir/shtool; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/shtool install -c"
-    break
-  fi
-done
-if test -z "$ac_aux_dir"; then
-  { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
-echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-ac_config_guess="$SHELL $ac_aux_dir/config.guess"
-ac_config_sub="$SHELL $ac_aux_dir/config.sub"
-ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
-
-# Find a good install program.  We prefer a C program (faster),
-# so one script is as good as another.  But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
-  ./ | .// | /cC/* | \
-  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
-  /usr/ucb/* ) ;;
-  *)
-    # OSF1 and SCO ODT 3.0 have their own names for install.
-    # Don't use installbsd from OSF since it installs stuff as root
-    # by default.
-    for ac_prog in ginstall scoinst install; do
-      for ac_exec_ext in '' $ac_executable_extensions; do
-        if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
-          if test $ac_prog = install &&
-            grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
-            # AIX install.  It has an incompatible calling convention.
-            :
-          elif test $ac_prog = install &&
-            grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
-            # program-specific install script used by HP pwplus--don't use.
-            :
-          else
-            ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
-            break 3
-          fi
-        fi
-      done
-    done
-    ;;
-esac
-done
-
-
-fi
-  if test "${ac_cv_path_install+set}" = set; then
-    INSTALL=$ac_cv_path_install
-  else
-    # As a last resort, use the slow shell script.  We don't cache a
-    # path for INSTALL within a source directory, because that will
-    # break other packages using the cache if that directory is
-    # removed, or if the path is relative.
-    INSTALL=$ac_install_sh
-  fi
-fi
-echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-echo "$as_me:$LINENO: checking whether build environment is sane" >&5
-echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments.  Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
-   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
-   if test "$*" = "X"; then
-      # -L didn't work.
-      set X `ls -t $srcdir/configure conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$*" != "X $srcdir/configure conftest.file" \
-      && test "$*" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      { { echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&5
-echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&2;}
-   { (exit 1); exit 1; }; }
-   fi
-
-   test "$2" = conftest.file
-   )
-then
-   # Ok.
-   :
-else
-   { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
-Check your system clock" >&5
-echo "$as_me: error: newly created file is older than distributed files!
-Check your system clock" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-test "$program_prefix" != NONE &&
-  program_transform_name="s,^,$program_prefix,;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
-  program_transform_name="s,\$,$program_suffix,;$program_transform_name"
-# Double any \ or $.  echo might interpret backslashes.
-# By default was `s,x,x', remove it if useless.
-cat <<\_ACEOF >conftest.sed
-s/[\\$]/&&/g;s/;s,x,x,$//
-_ACEOF
-program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
-rm conftest.sed
-
-
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
-else
-  am_missing_run=
-  { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
-echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
-fi
-
-for ac_prog in gawk mawk nawk awk
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_AWK+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AWK"; then
-  ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_AWK="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
-  echo "$as_me:$LINENO: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$AWK" && break
-done
-
-echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \${MAKE}" >&5
-echo $ECHO_N "checking whether ${MAKE-make} sets \${MAKE}... $ECHO_C" >&6
-set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,./+-,__p_,'`
-if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.make <<\_ACEOF
-all:
-	@echo 'ac_maketemp="${MAKE}"'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=`
-if test -n "$ac_maketemp"; then
-  eval ac_cv_prog_make_${ac_make}_set=yes
-else
-  eval ac_cv_prog_make_${ac_make}_set=no
-fi
-rm -f conftest.make
-fi
-if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-  SET_MAKE=
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-  SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -f .deps 2>/dev/null
-mkdir .deps 2>/dev/null
-if test -d .deps; then
-  DEPDIR=.deps
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  DEPDIR=_deps
-fi
-rmdir .deps 2>/dev/null
-
-
-ac_config_commands="$ac_config_commands depfiles"
-
-
-am_make=${MAKE-make}
-cat > confinc << 'END'
-doit:
-	@echo done
-END
-# If we don't find an include directive, just comment out the code.
-echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
-echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6
-am__include="#"
-am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | fgrep -v 'ing directory'`" = "done"; then
-   am__include=include
-   am__quote=
-   _am_result=GNU
-fi
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
-   echo '.include "confinc"' > confmf
-   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
-      am__include=.include
-      am__quote="\""
-      _am_result=BSD
-   fi
-fi
-
-
-echo "$as_me:$LINENO: result: $_am_result" >&5
-echo "${ECHO_T}$_am_result" >&6
-rm -f confinc confmf
-
-# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then
-  enableval="$enable_dependency_tracking"
-
-fi;
-if test "x$enable_dependency_tracking" != xno; then
-  am_depcomp="$ac_aux_dir/depcomp"
-  AMDEPBACKSLASH='\'
-fi
-
-
-if test "x$enable_dependency_tracking" != xno; then
-  AMDEP_TRUE=
-  AMDEP_FALSE='#'
-else
-  AMDEP_TRUE='#'
-  AMDEP_FALSE=
-fi
-
-
-
- # test to see if srcdir already configured
-if test "`cd $srcdir && pwd`" != "`pwd`" &&
-   test -f $srcdir/config.status; then
-  { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
-echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-# Define the identity of the package.
- PACKAGE=heimdal
- VERSION=0.6
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE "$PACKAGE"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define VERSION "$VERSION"
-_ACEOF
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-
-AMTAR=${AMTAR-"${am_missing_run}tar"}
-
-install_sh=${install_sh-"$am_aux_dir/install-sh"}
-
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$STRIP"; then
-  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
-  echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
-  ac_ct_STRIP=$STRIP
-  # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_STRIP"; then
-  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_STRIP="strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  STRIP=$ac_ct_STRIP
-else
-  STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
-
-# We need awk for the "check" target.  The system "awk" is bad on
-# some platforms.
-
-
-depcc="$CC"   am_compiler_list=
-
-echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
-echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
-if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
-  # We make a subdir and do the tests there.  Otherwise we can end up
-  # making bogus files that we don't know about and never remove.  For
-  # instance it was reported that on HP-UX the gcc test will end up
-  # making a dummy file named `D' -- because `-MD' means `put the output
-  # in D'.
-  mkdir conftest.dir
-  # Copy depcomp to subdir because otherwise we won't find it if we're
-  # using a relative directory.
-  cp "$am_depcomp" conftest.dir
-  cd conftest.dir
-
-  am_cv_CC_dependencies_compiler_type=none
-  if test "$am_compiler_list" = ""; then
-     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
-  fi
-  for depmode in $am_compiler_list; do
-    # We need to recreate these files for each test, as the compiler may
-    # overwrite some of them when testing with obscure command lines.
-    # This happens at least with the AIX C compiler.
-    echo '#include "conftest.h"' > conftest.c
-    echo 'int i;' > conftest.h
-    echo "${am__include} ${am__quote}conftest.Po${am__quote}" > confmf
-
-    case $depmode in
-    nosideeffect)
-      # after this tag, mechanisms are not by side-effect, so they'll
-      # only be used when explicitly requested
-      if test "x$enable_dependency_tracking" = xyes; then
-	continue
-      else
-	break
-      fi
-      ;;
-    none) break ;;
-    esac
-    # We check with `-c' and `-o' for the sake of the "dashmstdout"
-    # mode.  It turns out that the SunPro C++ compiler does not properly
-    # handle `-M -o', and we need to detect this.
-    if depmode=$depmode \
-       source=conftest.c object=conftest.o \
-       depfile=conftest.Po tmpdepfile=conftest.TPo \
-       $SHELL ./depcomp $depcc -c conftest.c -o conftest.o >/dev/null 2>&1 &&
-       grep conftest.h conftest.Po > /dev/null 2>&1 &&
-       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
-      am_cv_CC_dependencies_compiler_type=$depmode
-      break
-    fi
-  done
-
-  cd ..
-  rm -rf conftest.dir
-else
-  am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
-echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
-
-
-echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5
-echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6
-    # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given.
-if test "${enable_maintainer_mode+set}" = set; then
-  enableval="$enable_maintainer_mode"
-  USE_MAINTAINER_MODE=$enableval
-else
-  USE_MAINTAINER_MODE=no
-fi;
-  echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5
-echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6
-
-
-if test $USE_MAINTAINER_MODE = yes; then
-  MAINTAINER_MODE_TRUE=
-  MAINTAINER_MODE_FALSE='#'
-else
-  MAINTAINER_MODE_TRUE='#'
-  MAINTAINER_MODE_FALSE=
-fi
-
-  MAINT=$MAINTAINER_MODE_TRUE
-
-
-
-
-
-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-
-# Make sure we can run config.sub.
-$ac_config_sub sun4 >/dev/null 2>&1 ||
-  { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
-echo "$as_me: error: cannot run $ac_config_sub" >&2;}
-   { (exit 1); exit 1; }; }
-
-echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6
-if test "${ac_cv_build+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_build_alias=$build_alias
-test -z "$ac_cv_build_alias" &&
-  ac_cv_build_alias=`$ac_config_guess`
-test -z "$ac_cv_build_alias" &&
-  { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
-   { (exit 1); exit 1; }; }
-ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
-  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6
-build=$ac_cv_build
-build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-
-echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6
-if test "${ac_cv_host+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_host_alias=$host_alias
-test -z "$ac_cv_host_alias" &&
-  ac_cv_host_alias=$ac_cv_build_alias
-ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
-  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6
-host=$ac_cv_host
-host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-
-CANONICAL_HOST=$host
-
-
-# Check whether --enable-largefile or --disable-largefile was given.
-if test "${enable_largefile+set}" = set; then
-  enableval="$enable_largefile"
-
-fi;
-if test "$enable_largefile" != no; then
-
-  echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5
-echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6
-if test "${ac_cv_sys_largefile_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_sys_largefile_CC=no
-     if test "$GCC" != yes; then
-       ac_save_CC=$CC
-       while :; do
-     	 # IRIX 6.2 and later do not support large files by default,
-     	 # so use the C compiler's -n32 option if that helps.
-         cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-     	 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
-     	 CC="$CC -n32"
-     	 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_sys_largefile_CC=' -n32'; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
-         break
-       done
-       CC=$ac_save_CC
-       rm -f conftest.$ac_ext
-    fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5
-echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6
-  if test "$ac_cv_sys_largefile_CC" != no; then
-    CC=$CC$ac_cv_sys_largefile_CC
-  fi
-
-  echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5
-echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6
-if test "${ac_cv_sys_file_offset_bits+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  while :; do
-  ac_cv_sys_file_offset_bits=no
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#define _FILE_OFFSET_BITS 64
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_sys_file_offset_bits=64; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  break
-done
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5
-echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6
-if test "$ac_cv_sys_file_offset_bits" != no; then
-
-cat >>confdefs.h <<_ACEOF
-#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
-_ACEOF
-
-fi
-rm -f conftest*
-  echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5
-echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6
-if test "${ac_cv_sys_large_files+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  while :; do
-  ac_cv_sys_large_files=no
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#define _LARGE_FILES 1
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_sys_large_files=1; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  break
-done
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5
-echo "${ECHO_T}$ac_cv_sys_large_files" >&6
-if test "$ac_cv_sys_large_files" != no; then
-
-cat >>confdefs.h <<_ACEOF
-#define _LARGE_FILES $ac_cv_sys_large_files
-_ACEOF
-
-fi
-rm -f conftest*
-fi
-
-if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
-	CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
-fi
-
-
-cat >>confdefs.h <<\_ACEOF
-#define _GNU_SOURCE 1
-_ACEOF
-
-
-
-
-
-for ac_prog in 'bison -y' byacc
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_YACC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$YACC"; then
-  ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_YACC="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
-  echo "$as_me:$LINENO: result: $YACC" >&5
-echo "${ECHO_T}$YACC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-for ac_prog in flex lex
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_LEX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$LEX"; then
-  ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_LEX="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
-  echo "$as_me:$LINENO: result: $LEX" >&5
-echo "${ECHO_T}$LEX" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
-if test -z "$LEXLIB"
-then
-  echo "$as_me:$LINENO: checking for yywrap in -lfl" >&5
-echo $ECHO_N "checking for yywrap in -lfl... $ECHO_C" >&6
-if test "${ac_cv_lib_fl_yywrap+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lfl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char yywrap ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-yywrap ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_fl_yywrap=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_fl_yywrap=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_fl_yywrap" >&5
-echo "${ECHO_T}$ac_cv_lib_fl_yywrap" >&6
-if test $ac_cv_lib_fl_yywrap = yes; then
-  LEXLIB="-lfl"
-else
-  echo "$as_me:$LINENO: checking for yywrap in -ll" >&5
-echo $ECHO_N "checking for yywrap in -ll... $ECHO_C" >&6
-if test "${ac_cv_lib_l_yywrap+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ll  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char yywrap ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-yywrap ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_l_yywrap=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_l_yywrap=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_l_yywrap" >&5
-echo "${ECHO_T}$ac_cv_lib_l_yywrap" >&6
-if test $ac_cv_lib_l_yywrap = yes; then
-  LEXLIB="-ll"
-fi
-
-fi
-
-fi
-
-if test "x$LEX" != "x:"; then
-  echo "$as_me:$LINENO: checking lex output file root" >&5
-echo $ECHO_N "checking lex output file root... $ECHO_C" >&6
-if test "${ac_cv_prog_lex_root+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # The minimal lex program is just a single line: %%.  But some broken lexes
-# (Solaris, I think it was) want two %% lines, so accommodate them.
-cat >conftest.l <<_ACEOF
-%%
-%%
-_ACEOF
-{ (eval echo "$as_me:$LINENO: \"$LEX conftest.l\"") >&5
-  (eval $LEX conftest.l) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-if test -f lex.yy.c; then
-  ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
-  ac_cv_prog_lex_root=lexyy
-else
-  { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5
-echo "$as_me: error: cannot find output from $LEX; giving up" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5
-echo "${ECHO_T}$ac_cv_prog_lex_root" >&6
-rm -f conftest.l
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5
-echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6
-if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent. Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-echo 'extern char *yytext;' >>$LEX_OUTPUT_ROOT.c
-ac_save_LIBS=$LIBS
-LIBS="$LIBS $LEXLIB"
-cat >conftest.$ac_ext <<_ACEOF
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_lex_yytext_pointer=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_save_LIBS
-rm -f "${LEX_OUTPUT_ROOT}.c"
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5
-echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define YYTEXT_POINTER 1
-_ACEOF
-
-fi
-
-fi
-if test "$LEX" = :; then
-  LEX=${am_missing_run}flex
-fi
-for ac_prog in gawk mawk nawk awk
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_AWK+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AWK"; then
-  ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_AWK="$ac_prog"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
-  echo "$as_me:$LINENO: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$AWK" && break
-done
-
-echo "$as_me:$LINENO: checking for ln -s or something else" >&5
-echo $ECHO_N "checking for ln -s or something else... $ECHO_C" >&6
-if test "${ac_cv_prog_LN_S+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi
-fi
-LN_S="$ac_cv_prog_LN_S"
-echo "$as_me:$LINENO: result: $ac_cv_prog_LN_S" >&5
-echo "${ECHO_T}$ac_cv_prog_LN_S" >&6
-
-
-
-
-# Check whether --with-mips_abi or --without-mips_abi was given.
-if test "${with_mips_abi+set}" = set; then
-  withval="$with_mips_abi"
-
-fi;
-
-case "$host_os" in
-irix*)
-with_mips_abi="${with_mips_abi:-yes}"
-if test -n "$GCC"; then
-
-# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
-# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
-#
-# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
-# GCC and revert back to O32. The same goes if O32 is asked for - old
-# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
-#
-# Don't you just love *all* the different SGI ABIs?
-
-case "${with_mips_abi}" in
-        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
-       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
-        64) abi='-mabi=64';  abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
-esac
-if test -n "$abi" ; then
-ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-echo "$as_me:$LINENO: checking if $CC supports the $abi option" >&5
-echo $ECHO_N "checking if $CC supports the $abi option... $ECHO_C" >&6
-if eval "test \"\${$ac_foo+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $abi"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int x;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval $ac_foo=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval $ac_foo=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-CFLAGS="$save_CFLAGS"
-
-fi
-
-ac_res=`eval echo \\\$$ac_foo`
-echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6
-if test $ac_res = no; then
-# Try to figure out why that failed...
-case $abi in
-	-mabi=32)
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS -mabi=n32"
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int x;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_res=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_res=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-	CLAGS="$save_CFLAGS"
-	if test $ac_res = yes; then
-		# New GCC
-		{ { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
-	fi
-	# Old GCC
-	abi=''
-	abilibdirext=''
-	;;
-	-mabi=n32|-mabi=64)
-		if test $with_mips_abi = yes; then
-			# Old GCC, default to O32
-			abi=''
-			abilibdirext=''
-		else
-			# Some broken GCC
-			{ { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
-		fi
-	;;
-esac
-fi #if test $ac_res = no; then
-fi #if test -n "$abi" ; then
-else
-case "${with_mips_abi}" in
-        32|o32) abi='-32'; abilibdirext=''     ;;
-       n32|yes) abi='-n32'; abilibdirext='32'  ;;
-        64) abi='-64'; abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
-esac
-fi #if test -n "$GCC"; then
-;;
-esac
-
-CC="$CC $abi"
-libdir="$libdir$abilibdirext"
-
-
-echo "$as_me:$LINENO: checking for __attribute__" >&5
-echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6
-if test "${ac_cv___attribute__+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdlib.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-static void foo(void) __attribute__ ((noreturn));
-
-static void
-foo(void)
-{
-  exit(1);
-}
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv___attribute__=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv___attribute__=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-if test "$ac_cv___attribute__" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE___ATTRIBUTE__ 1
-_ACEOF
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv___attribute__" >&5
-echo "${ECHO_T}$ac_cv___attribute__" >&6
-
-
-# Check whether --enable-shared or --disable-shared was given.
-if test "${enable_shared+set}" = set; then
-  enableval="$enable_shared"
-  p=${PACKAGE-default}
-case $enableval in
-yes) enable_shared=yes ;;
-no) enable_shared=no ;;
-*)
-  enable_shared=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_shared=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac
-else
-  enable_shared=no
-fi;
-# Check whether --enable-static or --disable-static was given.
-if test "${enable_static+set}" = set; then
-  enableval="$enable_static"
-  p=${PACKAGE-default}
-case $enableval in
-yes) enable_static=yes ;;
-no) enable_static=no ;;
-*)
-  enable_static=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_static=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac
-else
-  enable_static=yes
-fi;
-# Check whether --enable-fast-install or --disable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then
-  enableval="$enable_fast_install"
-  p=${PACKAGE-default}
-case $enableval in
-yes) enable_fast_install=yes ;;
-no) enable_fast_install=no ;;
-*)
-  enable_fast_install=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_fast_install=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac
-else
-  enable_fast_install=yes
-fi;
-# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) lt_cv_sys_path_separator=';' ;;
-    *)     lt_cv_sys_path_separator=':' ;;
-  esac
-  PATH_SEPARATOR=$lt_cv_sys_path_separator
-fi
-
-
-# Check whether --with-gnu-ld or --without-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then
-  withval="$with_gnu_ld"
-  test "$withval" = no || with_gnu_ld=yes
-else
-  with_gnu_ld=no
-fi;
-ac_prog=ld
-if test "$GCC" = yes; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  echo "$as_me:$LINENO: checking for ld used by GCC" >&5
-echo $ECHO_N "checking for ld used by GCC... $ECHO_C" >&6
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [\\/]* | [A-Za-z]:[\\/]*)
-      re_direlt='/[^/][^/]*/\.\./'
-      # Canonicalize the path of ld
-      ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD="$ac_prog"
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test "$with_gnu_ld" = yes; then
-  echo "$as_me:$LINENO: checking for GNU ld" >&5
-echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
-else
-  echo "$as_me:$LINENO: checking for non-GNU ld" >&5
-echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
-fi
-if test "${lt_cv_path_LD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -z "$LD"; then
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD="$ac_dir/$ac_prog"
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some GNU ld's only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      if "$lt_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then
-	test "$with_gnu_ld" != no && break
-      else
-	test "$with_gnu_ld" != yes && break
-      fi
-    fi
-  done
-  IFS="$ac_save_ifs"
-else
-  lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
-  echo "$as_me:$LINENO: result: $LD" >&5
-echo "${ECHO_T}$LD" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
-echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
-echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
-if test "${lt_cv_prog_gnu_ld+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # I'd rather use --version here, but apparently some GNU ld's only accept -v.
-if $LD -v 2>&1 </dev/null | egrep '(GNU|with BFD)' 1>&5; then
-  lt_cv_prog_gnu_ld=yes
-else
-  lt_cv_prog_gnu_ld=no
-fi
-fi
-echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
-echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
-echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
-if test "${lt_cv_ld_reload_flag+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_ld_reload_flag='-r'
-fi
-echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
-echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
-reload_flag=$lt_cv_ld_reload_flag
-test -n "$reload_flag" && reload_flag=" $reload_flag"
-
-echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
-echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
-if test "${lt_cv_path_NM+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM="$NM"
-else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
-    test -z "$ac_dir" && ac_dir=.
-    tmp_nm=$ac_dir/${ac_tool_prefix}nm
-    if test -f $tmp_nm || test -f $tmp_nm$ac_exeext ; then
-      # Check to see if the nm accepts a BSD-compat flag.
-      # Adding the `sed 1q' prevents false positives on HP-UX, which says:
-      #   nm: unknown option "B" ignored
-      # Tru64's nm complains that /dev/null is an invalid object file
-      if ($tmp_nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep '(/dev/null|Invalid file or object type)' >/dev/null; then
-	lt_cv_path_NM="$tmp_nm -B"
-	break
-      elif ($tmp_nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
-	lt_cv_path_NM="$tmp_nm -p"
-	break
-      else
-	lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	continue # so that we can try to find one that supports BSD flags
-      fi
-    fi
-  done
-  IFS="$ac_save_ifs"
-  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
-fi
-fi
-
-NM="$lt_cv_path_NM"
-echo "$as_me:$LINENO: result: $NM" >&5
-echo "${ECHO_T}$NM" >&6
-
-echo "$as_me:$LINENO: checking whether ln -s works" >&5
-echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:$LINENO: result: no, using $LN_S" >&5
-echo "${ECHO_T}no, using $LN_S" >&6
-fi
-
-echo "$as_me:$LINENO: checking how to recognise dependant libraries" >&5
-echo $ECHO_N "checking how to recognise dependant libraries... $ECHO_C" >&6
-if test "${lt_cv_deplibs_check_method+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given egrep regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix4* | aix5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi4*)
-  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin* | mingw* | pw32*)
-  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method='file_magic Mach-O dynamically linked shared library'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  case "$host_os" in
-  rhapsody* | darwin1.[012])
-    lt_cv_file_magic_test_file=`echo /System/Library/Frameworks/System.framework/Versions/*/System | head -1`
-    ;;
-  *) # Darwin 1.3 on
-    lt_cv_file_magic_test_file='/usr/lib/libSystem.dylib'
-    ;;
-  esac
-  ;;
-
-freebsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD)/i[3-9]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20*|hpux11*)
-  lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libc.sl
-  ;;
-
-irix5* | irix6*)
-  case $host_os in
-  irix5*)
-    # this will be overridden with pass_all, but let us keep it just in case
-    lt_cv_deplibs_check_method="file_magic ELF 32-bit MSB dynamic lib MIPS - version 1"
-    ;;
-  *)
-    case $LD in
-    *-32|*"-32 ") libmagic=32-bit;;
-    *-n32|*"-n32 ") libmagic=N32;;
-    *-64|*"-64 ") libmagic=64-bit;;
-    *) libmagic=never-match;;
-    esac
-    # this will be overridden with pass_all, but let us keep it just in case
-    lt_cv_deplibs_check_method="file_magic ELF ${libmagic} MSB mips-[1234] dynamic lib MIPS - version 1"
-    ;;
-  esac
-  lt_cv_file_magic_test_file=`echo /lib${libsuff}/libc.so*`
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  case $host_cpu in
-  alpha* | hppa* | i*86 | powerpc* | sparc* | ia64* )
-    lt_cv_deplibs_check_method=pass_all ;;
-  *)
-    # glibc up to 2.1.1 does not perform some relocations on ARM
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;;
-  esac
-  lt_cv_file_magic_test_file=`echo /lib/libc.so* /lib/libc-*.so`
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[^/\.]+\.so\.[0-9]+\.[0-9]+$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[^/\.]+\.so$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-openbsd*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB shared object'
-  else
-    lt_cv_deplibs_check_method='file_magic OpenBSD.* shared library'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  # this will be overridden with pass_all, but let us keep it just in case
-  lt_cv_deplibs_check_method='file_magic COFF format alpha shared library'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sco3.2v5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  lt_cv_file_magic_test_file=/lib/libc.so
-  ;;
-
-sysv5uw[78]* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  esac
-  ;;
-esac
-
-fi
-echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
-echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-
-
-
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-echo "$as_me:$LINENO: checking command to parse $NM output" >&5
-echo $ECHO_N "checking command to parse $NM output... $ECHO_C" >&6
-if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Transform the above into a raw symbol and a C symbol.
-symxfrm='\1 \2\3 \3'
-
-# Transform an extracted symbol line into a proper C declaration
-lt_cv_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[BCDT]'
-  ;;
-cygwin* | mingw* | pw32*)
-  symcode='[ABCDGISTW]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  lt_cv_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-  lt_cv_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  ;;
-irix*)
-  symcode='[BCDEGRST]'
-  ;;
-solaris* | sysv5*)
-  symcode='[BDT]'
-  ;;
-sysv4)
-  symcode='[DFNSTU]'
-  ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $host_os in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
-  symcode='[ABCDGISTW]'
-fi
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Write the raw and C identifiers.
-lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ 	]\($symcode$symcode*\)[ 	][ 	]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-  rm -f conftest*
-  cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
-  (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if egrep ' nm_test_var$' "$nlist" >/dev/null; then
-	if egrep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_global_symbol_to_cdecl"' < "$nlist" >> conftest.$ac_ext'
-
-	  cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr void *
-#else
-# define lt_ptr char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr address;
-}
-lt_preloaded_symbols[] =
-{
-EOF
-	  sed "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr) \&\2},/" < "$nlist" >> conftest.$ac_ext
-	  cat <<\EOF >> conftest.$ac_ext
-  {0, (lt_ptr) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  save_LIBS="$LIBS"
-	  save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$ac_objext"
-	  CFLAGS="$CFLAGS$no_builtin_flag"
-	  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest; then
-	    pipe_works=yes
-	  fi
-	  LIBS="$save_LIBS"
-	  CFLAGS="$save_CFLAGS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&5
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&5
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
-    fi
-  else
-    echo "$progname: failed program was:" >&5
-    cat conftest.$ac_ext >&5
-  fi
-  rm -f conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-
-fi
-
-global_symbol_pipe="$lt_cv_sys_global_symbol_pipe"
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  global_symbol_to_cdecl=
-  global_symbol_to_c_name_address=
-else
-  global_symbol_to_cdecl="$lt_cv_global_symbol_to_cdecl"
-  global_symbol_to_c_name_address="$lt_cv_global_symbol_to_c_name_address"
-fi
-if test -z "$global_symbol_pipe$global_symbol_to_cdec$global_symbol_to_c_name_address";
-then
-  echo "$as_me:$LINENO: result: failed" >&5
-echo "${ECHO_T}failed" >&6
-else
-  echo "$as_me:$LINENO: result: ok" >&5
-echo "${ECHO_T}ok" >&6
-fi
-
-
-echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
-if test "${ac_cv_header_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_cv_header_stdc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_cv_header_stdc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "memchr" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "free" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <ctype.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
-                     || ('j' <= (c) && (c) <= 'r') \
-                     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-        || toupper (i) != TOUPPER (i))
-      exit(2);
-  exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
-                  inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_Header=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in dlfcn.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-# Only perform the check for file, if the check method requires it
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
-echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $MAGIC_CMD in
-  /*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-  ?:/*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a dos path.
-  ;;
-  *)
-  ac_save_MAGIC_CMD="$MAGIC_CMD"
-  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="/usr/bin:$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/${ac_tool_prefix}file; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    egrep "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  MAGIC_CMD="$ac_save_MAGIC_CMD"
-  ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    echo "$as_me:$LINENO: checking for file" >&5
-echo $ECHO_N "checking for file... $ECHO_C" >&6
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $MAGIC_CMD in
-  /*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-  ?:/*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a dos path.
-  ;;
-  *)
-  ac_save_MAGIC_CMD="$MAGIC_CMD"
-  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="/usr/bin:$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/file; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/file"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    egrep "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  MAGIC_CMD="$ac_save_MAGIC_CMD"
-  ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  else
-    MAGIC_CMD=:
-  fi
-fi
-
-  fi
-  ;;
-esac
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_RANLIB+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$RANLIB"; then
-  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
-  echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
-  ac_ct_RANLIB=$RANLIB
-  # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_RANLIB"; then
-  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_RANLIB="ranlib"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
-  echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  RANLIB=$ac_ct_RANLIB
-else
-  RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$STRIP"; then
-  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
-  echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
-  ac_ct_STRIP=$STRIP
-  # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_STRIP"; then
-  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_STRIP="strip"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  STRIP=$ac_ct_STRIP
-else
-  STRIP="$ac_cv_prog_STRIP"
-fi
-
-
-enable_dlopen=no
-enable_win32_dll=no
-
-# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then
-  enableval="$enable_libtool_lock"
-
-fi;
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-*-*-irix6*)
-  # Find out which ABI we are using.
-  echo '#line 5268 "configure"' > conftest.$ac_ext
-  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -32"
-      ;;
-    *N32*)
-      LD="${LD-ld} -n32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -64"
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -belf"
-  echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
-echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
-if test "${lt_cv_cc_needs_belf+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-     cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lt_cv_cc_needs_belf=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-lt_cv_cc_needs_belf=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
-echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
-  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS="$SAVE_CFLAGS"
-  fi
-  ;;
-
-
-esac
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e s/^X//'
-sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Constants:
-rm="rm -f"
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a `.a' archive for static linking (except M$VC,
-# which needs '.lib').
-libext=a
-ltmain="$ac_aux_dir/ltmain.sh"
-ofile="$default_ofile"
-with_gnu_ld="$lt_cv_prog_gnu_ld"
-need_locks="$enable_libtool_lock"
-
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$NM" && NM=nm
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$ac_objext" && ac_objext=o
-
-if test x"$host" != x"$build"; then
-  ac_tool_prefix=${host_alias}-
-else
-  ac_tool_prefix=
-fi
-
-# Transform linux* to *-*-linux-gnu*, to support old configure scripts.
-case $host_os in
-linux-gnu*) ;;
-linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'`
-esac
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  openbsd*)
-    old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
-    ;;
-  *)
-    old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-fi
-
-# Allow CC to be a program name with arguments.
-set dummy $CC
-compiler="$2"
-
-echo "$as_me:$LINENO: checking for objdir" >&5
-echo $ECHO_N "checking for objdir... $ECHO_C" >&6
-rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-echo "$as_me:$LINENO: result: $objdir" >&5
-echo "${ECHO_T}$objdir" >&6
-
-
-
-# Check whether --with-pic or --without-pic was given.
-if test "${with_pic+set}" = set; then
-  withval="$with_pic"
-  pic_mode="$withval"
-else
-  pic_mode=default
-fi;
-test -z "$pic_mode" && pic_mode=default
-
-# We assume here that the value for lt_cv_prog_cc_pic will not be cached
-# in isolation, and that seeing it set (from the cache) indicates that
-# the associated values are set (in the cache) correctly too.
-echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
-if test "${lt_cv_prog_cc_pic+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-   lt_cv_prog_cc_pic=
-  lt_cv_prog_cc_shlib=
-  lt_cv_prog_cc_wl=
-  lt_cv_prog_cc_static=
-  lt_cv_prog_cc_no_builtin=
-  lt_cv_prog_cc_can_build_shared=$can_build_shared
-
-  if test "$GCC" = yes; then
-    lt_cv_prog_cc_wl='-Wl,'
-    lt_cv_prog_cc_static='-static'
-
-    case $host_os in
-    aix*)
-      # Below there is a dirty hack to force normal static linking with -ldl
-      # The problem is because libdl dynamically linked with both libc and
-      # libC (AIX C++ library), which obviously doesn't included in libraries
-      # list by gcc. This cause undefined symbols with -static flags.
-      # This hack allows C programs to be linked with "-static -ldl", but
-      # not sure about C++ programs.
-      lt_cv_prog_cc_static="$lt_cv_prog_cc_static ${lt_cv_prog_cc_wl}-lC"
-      ;;
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_cv_prog_cc_pic='-m68020 -resident32 -malways-restore-a4'
-      ;;
-    beos* | irix5* | irix6* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_cv_prog_cc_pic='-fno-common'
-      ;;
-    cygwin* | mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	 lt_cv_prog_cc_pic=-Kconform_pic
-      fi
-      ;;
-    *)
-      lt_cv_prog_cc_pic='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for PIC flags for the system compiler.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      lt_cv_prog_cc_wl='-Wl,'
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_cv_prog_cc_static='-Bstatic'
-      else
-	lt_cv_prog_cc_static='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      # Is there a better lt_cv_prog_cc_static that works with the bundled CC?
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static="${lt_cv_prog_cc_wl}-a ${lt_cv_prog_cc_wl}archive"
-      lt_cv_prog_cc_pic='+Z'
-      ;;
-
-    irix5* | irix6*)
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static='-non_shared'
-      # PIC (with -KPIC) is the default.
-      ;;
-
-    cygwin* | mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-
-    newsos6)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      # All OSF/1 code is PIC.
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static='-non_shared'
-      ;;
-
-    sco3.2v5*)
-      lt_cv_prog_cc_pic='-Kpic'
-      lt_cv_prog_cc_static='-dn'
-      lt_cv_prog_cc_shlib='-belf'
-      ;;
-
-    solaris*)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      lt_cv_prog_cc_wl='-Wl,'
-      ;;
-
-    sunos4*)
-      lt_cv_prog_cc_pic='-PIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      lt_cv_prog_cc_wl='-Qoption ld '
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      if test "x$host_vendor" = xsni; then
-	lt_cv_prog_cc_wl='-LD'
-      else
-	lt_cv_prog_cc_wl='-Wl,'
-      fi
-      ;;
-
-    uts4*)
-      lt_cv_prog_cc_pic='-pic'
-      lt_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	lt_cv_prog_cc_pic='-Kconform_pic'
-	lt_cv_prog_cc_static='-Bstatic'
-      fi
-      ;;
-
-    *)
-      lt_cv_prog_cc_can_build_shared=no
-      ;;
-    esac
-  fi
-
-fi
-
-if test -z "$lt_cv_prog_cc_pic"; then
-  echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6
-else
-  echo "$as_me:$LINENO: result: $lt_cv_prog_cc_pic" >&5
-echo "${ECHO_T}$lt_cv_prog_cc_pic" >&6
-
-  # Check to make sure the pic_flag actually works.
-  echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_cv_prog_cc_pic works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_cv_prog_cc_pic works... $ECHO_C" >&6
-  if test "${lt_cv_prog_cc_pic_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-      save_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS $lt_cv_prog_cc_pic -DPIC"
-    cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-        case $host_os in
-      hpux9* | hpux10* | hpux11*)
-	# On HP-UX, both CC and GCC only warn that PIC is supported... then
-	# they create non-PIC objects.  So, if there were any warnings, we
-	# assume that PIC is not supported.
-	if test -s conftest.err; then
-	  lt_cv_prog_cc_pic_works=no
-	else
-	  lt_cv_prog_cc_pic_works=yes
-	fi
-	;;
-      *)
-	lt_cv_prog_cc_pic_works=yes
-	;;
-      esac
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-      lt_cv_prog_cc_pic_works=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-    CFLAGS="$save_CFLAGS"
-
-fi
-
-
-  if test "X$lt_cv_prog_cc_pic_works" = Xno; then
-    lt_cv_prog_cc_pic=
-    lt_cv_prog_cc_can_build_shared=no
-  else
-    lt_cv_prog_cc_pic=" $lt_cv_prog_cc_pic"
-  fi
-
-  echo "$as_me:$LINENO: result: $lt_cv_prog_cc_pic_works" >&5
-echo "${ECHO_T}$lt_cv_prog_cc_pic_works" >&6
-fi
-
-# Check for any special shared library compilation flags.
-if test -n "$lt_cv_prog_cc_shlib"; then
-  { echo "$as_me:$LINENO: WARNING: \`$CC' requires \`$lt_cv_prog_cc_shlib' to build shared libraries" >&5
-echo "$as_me: WARNING: \`$CC' requires \`$lt_cv_prog_cc_shlib' to build shared libraries" >&2;}
-  if echo "$old_CC $old_CFLAGS " | egrep -e "[ 	]$lt_cv_prog_cc_shlib[ 	]" >/dev/null; then :
-  else
-   { echo "$as_me:$LINENO: WARNING: add \`$lt_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&5
-echo "$as_me: WARNING: add \`$lt_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&2;}
-    lt_cv_prog_cc_can_build_shared=no
-  fi
-fi
-
-echo "$as_me:$LINENO: checking if $compiler static flag $lt_cv_prog_cc_static works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_cv_prog_cc_static works... $ECHO_C" >&6
-if test "${lt_cv_prog_cc_static_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-    lt_cv_prog_cc_static_works=no
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS $lt_cv_prog_cc_static"
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lt_cv_prog_cc_static_works=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-  LDFLAGS="$save_LDFLAGS"
-
-fi
-
-
-# Belt *and* braces to stop my trousers falling down:
-test "X$lt_cv_prog_cc_static_works" = Xno && lt_cv_prog_cc_static=
-echo "$as_me:$LINENO: result: $lt_cv_prog_cc_static_works" >&5
-echo "${ECHO_T}$lt_cv_prog_cc_static_works" >&6
-
-pic_flag="$lt_cv_prog_cc_pic"
-special_shlib_compile_flags="$lt_cv_prog_cc_shlib"
-wl="$lt_cv_prog_cc_wl"
-link_static_flag="$lt_cv_prog_cc_static"
-no_builtin_flag="$lt_cv_prog_cc_no_builtin"
-can_build_shared="$lt_cv_prog_cc_can_build_shared"
-
-
-# Check to see if options -o and -c are simultaneously supported by compiler
-echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
-if test "${lt_cv_compiler_c_o+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-$rm -r conftest 2>/dev/null
-mkdir conftest
-cd conftest
-echo "int some_variable = 0;" > conftest.$ac_ext
-mkdir out
-# According to Tom Tromey, Ian Lance Taylor reported there are C compilers
-# that will create temporary files in the current directory regardless of
-# the output directory.  Thus, making CWD read-only will cause this test
-# to fail, enabling locking or at least warning the user not to do parallel
-# builds.
-chmod -w .
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS -o out/conftest2.$ac_objext"
-compiler_c_o=no
-if { (eval echo configure:5804: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then
-  # The compiler can only warn and ignore the option if not recognized
-  # So say no if there are warnings
-  if test -s out/conftest.err; then
-    lt_cv_compiler_c_o=no
-  else
-    lt_cv_compiler_c_o=yes
-  fi
-else
-  # Append any errors to the config.log.
-  cat out/conftest.err 1>&5
-  lt_cv_compiler_c_o=no
-fi
-CFLAGS="$save_CFLAGS"
-chmod u+w .
-$rm conftest* out/*
-rmdir out
-cd ..
-rmdir conftest
-$rm -r conftest 2>/dev/null
-
-fi
-
-compiler_c_o=$lt_cv_compiler_c_o
-echo "$as_me:$LINENO: result: $compiler_c_o" >&5
-echo "${ECHO_T}$compiler_c_o" >&6
-
-if test x"$compiler_c_o" = x"yes"; then
-  # Check to see if we can write to a .lo
-  echo "$as_me:$LINENO: checking if $compiler supports -c -o file.lo" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.lo... $ECHO_C" >&6
-  if test "${lt_cv_compiler_o_lo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-  lt_cv_compiler_o_lo=no
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -c -o conftest.lo"
-  save_objext="$ac_objext"
-  ac_objext=lo
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int some_variable = 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-      # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-    if test -s conftest.err; then
-      lt_cv_compiler_o_lo=no
-    else
-      lt_cv_compiler_o_lo=yes
-    fi
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  ac_objext="$save_objext"
-  CFLAGS="$save_CFLAGS"
-
-fi
-
-  compiler_o_lo=$lt_cv_compiler_o_lo
-  echo "$as_me:$LINENO: result: $compiler_o_lo" >&5
-echo "${ECHO_T}$compiler_o_lo" >&6
-else
-  compiler_o_lo=no
-fi
-
-# Check to see if we can do hard links to lock some files if needed
-hard_links="nottested"
-if test "$compiler_c_o" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6
-  if test "$hard_links" = no; then
-    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-if test "$GCC" = yes; then
-  # Check to see if options -fno-rtti -fno-exceptions are supported by compiler
-  echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.$ac_ext"
-  compiler_rtti_exceptions=no
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int some_variable = 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-      # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-    if test -s conftest.err; then
-      compiler_rtti_exceptions=no
-    else
-      compiler_rtti_exceptions=yes
-    fi
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  CFLAGS="$save_CFLAGS"
-  echo "$as_me:$LINENO: result: $compiler_rtti_exceptions" >&5
-echo "${ECHO_T}$compiler_rtti_exceptions" >&6
-
-  if test "$compiler_rtti_exceptions" = "yes"; then
-    no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'
-  else
-    no_builtin_flag=' -fno-builtin'
-  fi
-fi
-
-# See if the linker supports building shared libraries.
-echo "$as_me:$LINENO: checking whether the linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the linker ($LD) supports shared libraries... $ECHO_C" >&6
-
-allow_undefined_flag=
-no_undefined_flag=
-need_lib_prefix=unknown
-need_version=unknown
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-archive_cmds=
-archive_expsym_cmds=
-old_archive_from_new_cmds=
-old_archive_from_expsyms_cmds=
-export_dynamic_flag_spec=
-whole_archive_flag_spec=
-thread_safe_flag_spec=
-hardcode_into_libs=no
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-hardcode_shlibpath_var=unsupported
-runpath_var=
-link_all_deplibs=unknown
-always_export_symbols=no
-export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols'
-# include_expsyms should be a list of space-separated symbols to be *always*
-# included in the symbol list
-include_expsyms=
-# exclude_expsyms can be an egrep regular expression of symbols to exclude
-# it will be wrapped by ` (' and `)$', so one must not match beginning or
-# end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-# as well as any symbol that contains `d'.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-# platforms (ab)use it in PIC code, but their linkers get confused if
-# the symbol is explicitly referenced.  Since portable code cannot
-# rely on this symbol name, it's probably fine to never include it in
-# preloaded symbol tables.
-extract_expsyms_cmds=
-
-case $host_os in
-cygwin* | mingw* | pw32*)
-  # FIXME: the MSVC++ port hasn't been tested in a loooong time
-  # When not using gcc, we currently assume that we are using
-  # Microsoft Visual C++.
-  if test "$GCC" != yes; then
-    with_gnu_ld=no
-  fi
-  ;;
-openbsd*)
-  with_gnu_ld=no
-  ;;
-esac
-
-ld_shlibs=yes
-if test "$with_gnu_ld" = yes; then
-  # If archive_cmds runs LD, not CC, wlarc should be empty
-  wlarc='${wl}'
-
-  # See if GNU ld supports shared libraries.
-  case $host_os in
-  aix3* | aix4* | aix5*)
-    # On AIX, the GNU linker is very broken
-    # Note:Check GNU linker on AIX 5-IA64 when/if it becomes available.
-    ld_shlibs=no
-    cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-
-    # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-    # that the semantics of dynamic libraries on AmigaOS, at least up
-    # to version 4, is to share data among multiple programs linked
-    # with the same dynamic library.  Since this doesn't match the
-    # behavior of shared libraries on other platforms, we can use
-    # them.
-    ld_shlibs=no
-    ;;
-
-  beos*)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      allow_undefined_flag=unsupported
-      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-      # support --undefined.  This deserves some investigation.  FIXME
-      archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec='-L$libdir'
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-
-    extract_expsyms_cmds='test -f $output_objdir/impgen.c || \
-      sed -e "/^# \/\* impgen\.c starts here \*\//,/^# \/\* impgen.c ends here \*\// { s/^# //;s/^# *$//; p; }" -e d < $''0 > $output_objdir/impgen.c~
-      test -f $output_objdir/impgen.exe || (cd $output_objdir && \
-      if test "x$HOST_CC" != "x" ; then $HOST_CC -o impgen impgen.c ; \
-      else $CC -o impgen impgen.c ; fi)~
-      $output_objdir/impgen $dir/$soroot > $output_objdir/$soname-def'
-
-    old_archive_from_expsyms_cmds='$DLLTOOL --as=$AS --dllname $soname --def $output_objdir/$soname-def --output-lib $output_objdir/$newlib'
-
-    # cygwin and mingw dlls have different entry points and sets of symbols
-    # to exclude.
-    # FIXME: what about values for MSVC?
-    dll_entry=__cygwin_dll_entry@12
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12~
-    case $host_os in
-    mingw*)
-      # mingw values
-      dll_entry=_DllMainCRTStartup@12
-      dll_exclude_symbols=DllMain@12,DllMainCRTStartup@12,DllEntryPoint@12~
-      ;;
-    esac
-
-    # mingw and cygwin differ, and it's simplest to just exclude the union
-    # of the two symbol sets.
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12,DllMainCRTStartup@12,DllEntryPoint@12
-
-    # recent cygwin and mingw systems supply a stub DllMain which the user
-    # can override, but on older systems we have to supply one (in ltdll.c)
-    if test "x$lt_cv_need_dllmain" = "xyes"; then
-      ltdll_obj='$output_objdir/$soname-ltdll.'"$ac_objext "
-      ltdll_cmds='test -f $output_objdir/$soname-ltdll.c || sed -e "/^# \/\* ltdll\.c starts here \*\//,/^# \/\* ltdll.c ends here \*\// { s/^# //; p; }" -e d < $''0 > $output_objdir/$soname-ltdll.c~
-	test -f $output_objdir/$soname-ltdll.$ac_objext || (cd $output_objdir && $CC -c $soname-ltdll.c)~'
-    else
-      ltdll_obj=
-      ltdll_cmds=
-    fi
-
-    # Extract the symbol export list from an `--export-all' def file,
-    # then regenerate the def file from the symbol export list, so that
-    # the compiled dll only exports the symbol export list.
-    # Be careful not to strip the DATA tag left be newer dlltools.
-    export_symbols_cmds="$ltdll_cmds"'
-      $DLLTOOL --export-all --exclude-symbols '$dll_exclude_symbols' --output-def $output_objdir/$soname-def '$ltdll_obj'$libobjs $convenience~
-      sed -e "1,/EXPORTS/d" -e "s/ @ [0-9]*//" -e "s/ *;.*$//" < $output_objdir/$soname-def > $export_symbols'
-
-    # If the export-symbols file already is a .def file (1st line
-    # is EXPORTS), use it as is.
-    # If DATA tags from a recent dlltool are present, honour them!
-    archive_expsym_cmds='if test "x`head -1 $export_symbols`" = xEXPORTS; then
-	cp $export_symbols $output_objdir/$soname-def;
-      else
-	echo EXPORTS > $output_objdir/$soname-def;
-	_lt_hint=1;
-	cat $export_symbols | while read symbol; do
-	 set dummy \$symbol;
-	 case \$# in
-	   2) echo "   \$2 @ \$_lt_hint ; " >> $output_objdir/$soname-def;;
-	   *) echo "     \$2 @ \$_lt_hint \$3 ; " >> $output_objdir/$soname-def;;
-	 esac;
-	 _lt_hint=`expr 1 + \$_lt_hint`;
-	done;
-      fi~
-      '"$ltdll_cmds"'
-      $CC -Wl,--base-file,$output_objdir/$soname-base '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp~
-      $CC -Wl,--base-file,$output_objdir/$soname-base $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp --output-lib $output_objdir/$libname.dll.a~
-      $CC $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags'
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-      wlarc=
-    else
-      archive_cmds='$CC -shared -nodefaultlibs $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared -nodefaultlibs $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    fi
-    ;;
-
-  solaris* | sysv5*)
-    if $LD -v 2>&1 | egrep 'BFD 2\.8' > /dev/null; then
-      ld_shlibs=no
-      cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-    elif $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  sunos4*)
-    archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    wlarc=
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-  esac
-
-  if test "$ld_shlibs" = yes; then
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec='${wl}--export-dynamic'
-    case $host_os in
-    cygwin* | mingw* | pw32*)
-      # dlltool doesn't understand --whole-archive et. al.
-      whole_archive_flag_spec=
-      ;;
-    *)
-      # ancient GNU ld didn't support --whole-archive et. al.
-      if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-	whole_archive_flag_spec=
-      fi
-      ;;
-    esac
-  fi
-else
-  # PORTME fill in a description of your system's linker (not GNU ld)
-  case $host_os in
-  aix3*)
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-    archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-    # Note: this linker hardcodes the directories in LIBPATH if there
-    # are no directories specified by -L.
-    hardcode_minus_L=yes
-    if test "$GCC" = yes && test -z "$link_static_flag"; then
-      # Neither direct hardcoding nor static linking is supported with a
-      # broken collect2.
-      hardcode_direct=unsupported
-    fi
-    ;;
-
-  aix4* | aix5*)
-    if test "$host_cpu" = ia64; then
-      # On IA64, the linker does run time linking by default, so we don't
-      # have to do anything special.
-      aix_use_runtimelinking=no
-      exp_sym_flag='-Bexport'
-      no_entry_flag=""
-    else
-      aix_use_runtimelinking=no
-
-      # Test if we are trying to use run time linking or normal
-      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-      # need to do runtime linking.
-      case $host_os in aix4.[23]|aix4.[23].*|aix5*)
-	for ld_flag in $LDFLAGS; do
-	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	done
-      esac
-
-      exp_sym_flag='-bexport'
-      no_entry_flag='-bnoentry'
-    fi
-
-    # When large executables or shared objects are built, AIX ld can
-    # have problems creating the table of contents.  If linking a library
-    # or program results in "error TOC overflow" add -mminimal-toc to
-    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-    hardcode_direct=yes
-    archive_cmds=''
-    hardcode_libdir_separator=':'
-    if test "$GCC" = yes; then
-      case $host_os in aix4.[012]|aix4.[012].*)
-	collect2name=`${CC} -print-prog-name=collect2`
-	if test -f "$collect2name" && \
-	  strings "$collect2name" | grep resolve_lib_name >/dev/null
-	then
-	  # We have reworked collect2
-	  hardcode_direct=yes
-	else
-	  # We have old collect2
-	  hardcode_direct=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  hardcode_minus_L=yes
-	  hardcode_libdir_flag_spec='-L$libdir'
-	  hardcode_libdir_separator=
-	fi
-      esac
-
-      shared_flag='-shared'
-    else
-      # not using gcc
-      if test "$host_cpu" = ia64; then
-	shared_flag='${wl}-G'
-      else
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag='${wl}-G'
-	else
-	  shared_flag='${wl}-bM:SRE'
-	fi
-      fi
-    fi
-
-    # It seems that -bexpall can do strange things, so it is better to
-    # generate a list of symbols to export.
-    always_export_symbols=yes
-    if test "$aix_use_runtimelinking" = yes; then
-      # Warning - without using the other runtime loading flags (-brtl),
-      # -berok will link without error, but may produce a broken library.
-      allow_undefined_flag='-berok'
-      hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:/usr/lib:/lib'
-      archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-    else
-      if test "$host_cpu" = ia64; then
-	hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
-	allow_undefined_flag="-z nodefs"
-	archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname ${wl}-h$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
-      else
-	hardcode_libdir_flag_spec='${wl}-bnolibpath ${wl}-blibpath:$libdir:/usr/lib:/lib'
-	# Warning - without using the other run time loading flags,
-	# -berok will link without error, but may produce a broken library.
-	allow_undefined_flag='${wl}-berok'
-	# This is a bit strange, but is similar to how AIX traditionally builds
-	# it's shared libraries.
-	archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"' ~$AR -crlo $objdir/$libname$release.a $objdir/$soname'
-      fi
-    fi
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    # see comment about different semantics on the GNU ld section
-    ld_shlibs=no
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec=' '
-    allow_undefined_flag=unsupported
-    # Tell ltmain to make .lib files, not .a files.
-    libext=lib
-    # FIXME: Setting linknames here is a bad hack.
-    archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | sed -e '\''s/ -lc$//'\''` -link -dll~linknames='
-    # The linker will automatically build a .lib file if we build a DLL.
-    old_archive_from_new_cmds='true'
-    # FIXME: Should let the user specify the lib program.
-    old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
-    fix_srcfile_path='`cygpath -w "$srcfile"`'
-    ;;
-
-  darwin* | rhapsody*)
-    case "$host_os" in
-    rhapsody* | darwin1.[012])
-      allow_undefined_flag='-undefined suppress'
-      ;;
-    *) # Darwin 1.3 on
-      allow_undefined_flag='-flat_namespace -undefined suppress'
-      ;;
-    esac
-    # FIXME: Relying on posixy $() will cause problems for
-    #        cross-compilation, but unfortunately the echo tests do not
-    #        yet detect zsh echo's removal of \ escapes.
-    archive_cmds='$nonopt $(test "x$module" = xyes && echo -bundle || echo -dynamiclib) $allow_undefined_flag -o $lib $libobjs $deplibs$linker_flags -install_name $rpath/$soname $verstring'
-    # We need to add '_' to the symbols in $export_symbols first
-    #archive_expsym_cmds="$archive_cmds"' && strip -s $export_symbols'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    whole_archive_flag_spec='-all_load $convenience'
-    ;;
-
-  freebsd1*)
-    ld_shlibs=no
-    ;;
-
-  # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-  # support.  Future versions do this automatically, but an explicit c++rt0.o
-  # does not break anything, and helps significantly (at the cost of a little
-  # extra space).
-  freebsd2.2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-  freebsd2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-  freebsd*)
-    archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  hpux9* | hpux10* | hpux11*)
-    case $host_os in
-    hpux9*) archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' ;;
-    *) archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' ;;
-    esac
-    hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_direct=yes
-    hardcode_minus_L=yes # Not in the search PATH, but as the default
-			 # location of the library.
-    export_dynamic_flag_spec='${wl}-E'
-    ;;
-
-  irix5* | irix6*)
-    if test "$GCC" = yes; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    link_all_deplibs=yes
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-    else
-      archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-    fi
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  newsos6)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_shlibpath_var=no
-    ;;
-
-  openbsd*)
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-      archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-      export_dynamic_flag_spec='${wl}-E'
-    else
-      case "$host_os" in
-      openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
-	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	hardcode_libdir_flag_spec='-R$libdir'
-        ;;
-      *)
-        archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $linker_flags'
-        hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-        ;;
-      esac
-    fi
-    ;;
-
-  os2*)
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    allow_undefined_flag=unsupported
-    archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-    old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-    ;;
-
-  osf3*)
-    if test "$GCC" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    ;;
-
-  osf4* | osf5*)	# as osf3* with the addition of -msym flag
-    if test "$GCC" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      archive_expsym_cmds='for i in `cat $export_symbols`; do printf "-exported_symbol " >> $lib.exp; echo "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-      $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${objdir}/so_locations -o $lib~$rm $lib.exp'
-
-      #Both c and cxx compiler support -rpath directly
-      hardcode_libdir_flag_spec='-rpath $libdir'
-    fi
-    hardcode_libdir_separator=:
-    ;;
-
-  sco3.2v5*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    runpath_var=LD_RUN_PATH
-    hardcode_runpath_var=yes
-    export_dynamic_flag_spec='${wl}-Bexport'
-    ;;
-
-  solaris*)
-    # gcc --version < 3.0 without binutils cannot create self contained
-    # shared libraries reliably, requiring libgcc.a to resolve some of
-    # the object symbols generated in some cases.  Libraries that use
-    # assert need libgcc.a to resolve __eprintf, for example.  Linking
-    # a copy of libgcc.a into every shared library to guarantee resolving
-    # such symbols causes other problems:  According to Tim Van Holder
-    # <tim.van.holder@pandora.be>, C++ libraries end up with a separate
-    # (to the application) exception stack for one thing.
-    no_undefined_flag=' -z defs'
-    if test "$GCC" = yes; then
-      case `$CC --version 2>/dev/null` in
-      [12].*)
-	cat <<EOF 1>&2
-
-*** Warning: Releases of GCC earlier than version 3.0 cannot reliably
-*** create self contained shared libraries on Solaris systems, without
-*** introducing a dependency on libgcc.a.  Therefore, libtool is disabling
-*** -no-undefined support, which will at least allow you to build shared
-*** libraries.  However, you may find that when you link such libraries
-*** into an application without using GCC, you have to manually add
-*** \`gcc --print-libgcc-file-name\` to the link command.  We urge you to
-*** upgrade to a newer version of GCC.  Another option is to rebuild your
-*** current GCC to use the GNU linker from GNU binutils 2.9.1 or newer.
-
-EOF
-        no_undefined_flag=
-	;;
-      esac
-    fi
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_shlibpath_var=no
-    case $host_os in
-    solaris2.[0-5] | solaris2.[0-5].*) ;;
-    *) # Supported since Solaris 2.6 (maybe 2.5.1?)
-      whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
-    esac
-    link_all_deplibs=yes
-    ;;
-
-  sunos4*)
-    if test "x$host_vendor" = xsequent; then
-      # Use $CC to link under sequent, because it throws in some extra .o
-      # files that make .init and .fini sections work.
-      archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-    else
-      archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-    fi
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4)
-    if test "x$host_vendor" = xsno; then
-      archive_cmds='$LD -G -Bsymbolic -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=yes # is this really true???
-    else
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=no #Motorola manual says yes, but my tests say they lie
-    fi
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4.3*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    export_dynamic_flag_spec='-Bexport'
-    ;;
-
-  sysv5*)
-    no_undefined_flag=' -z text'
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec=
-    hardcode_shlibpath_var=no
-    runpath_var='LD_RUN_PATH'
-    ;;
-
-  uts4*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  dgux*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4*MP*)
-    if test -d /usr/nec; then
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var=no
-      runpath_var=LD_RUN_PATH
-      hardcode_runpath_var=yes
-      ld_shlibs=yes
-    fi
-    ;;
-
-  sysv4.2uw2*)
-    archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=no
-    hardcode_shlibpath_var=no
-    hardcode_runpath_var=yes
-    runpath_var=LD_RUN_PATH
-    ;;
-
-  sysv5uw7* | unixware7*)
-    no_undefined_flag='${wl}-z ${wl}text'
-    if test "$GCC" = yes; then
-      archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-    else
-      archive_cmds='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-    fi
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    ld_shlibs=no
-    ;;
-  esac
-fi
-echo "$as_me:$LINENO: result: $ld_shlibs" >&5
-echo "${ECHO_T}$ld_shlibs" >&6
-test "$ld_shlibs" = no && can_build_shared=no
-
-# Check hardcoding attributes.
-echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
-   test -n "$runpath_var"; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$hardcode_shlibpath_var" != no &&
-     test "$hardcode_minus_L" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action=unsupported
-fi
-echo "$as_me:$LINENO: result: $hardcode_action" >&5
-echo "${ECHO_T}$hardcode_action" >&6
-
-striplib=
-old_striplib=
-echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
-echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-# PORTME Fill in your ld.so characteristics
-echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}.so$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}.so$major ${libname}${release}.so$versuffix $libname.so'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[01] | aix4.[01].*)
-	if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	     echo ' yes '
-	     echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	  :
-	else
-	  can_build_shared=no
-	fi
-	;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can
-    # not hardcode correct soname into executable. Probably we can
-    # add versioning support to collect2, so additional links can
-    # be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}.so$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}.so'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi4*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  export_dynamic_flag_spec=-rdynamic
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  need_version=no
-  need_lib_prefix=no
-  case $GCC,$host_os in
-  yes,cygwin*)
-    library_names_spec='$libname.dll.a'
-    soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-    postinstall_cmds='dlpath=`bash 2>&1 -c '\''. $dir/${file}i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog .libs/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`bash 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    ;;
-  yes,mingw*)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-    sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | sed -e "s/^libraries://" -e "s/;/ /g"`
-    ;;
-  yes,pw32*)
-    library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | sed -e 's/./-/g'`${versuffix}.dll'
-    ;;
-  *)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  # FIXME: Relying on posixy $() will cause problems for
-  #        cross-compilation, but unfortunately the echo tests do not
-  #        yet detect zsh echo's removal of \ escapes.
-  library_names_spec='${libname}${release}${versuffix}.$(test .$module = .yes && echo so || echo dylib) ${libname}${release}${major}.$(test .$module = .yes && echo so || echo dylib) ${libname}.$(test .$module = .yes && echo so || echo dylib)'
-  soname_spec='${libname}${release}${major}.$(test .$module = .yes && echo so || echo dylib)'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-freebsd*)
-  objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}.so$versuffix $libname.so$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  *)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  dynamic_linker="$host_os dld.sl"
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  shlibpath_var=SHLIB_PATH
-  shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-  library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl'
-  soname_spec='${libname}${release}.sl$major'
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-irix5* | irix6*)
-  version_type=irix
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so $libname.so'
-  case $host_os in
-  irix5*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so'
-    soname_spec='${libname}${release}.so$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case "$host_os" in
-    openbsd2.[89] | openbsd2.[89].*)
-      shlibpath_overrides_runpath=no
-      ;;
-    *)
-      shlibpath_overrides_runpath=yes
-      ;;
-    esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-os2*)
-  libname_spec='$name'
-  need_lib_prefix=no
-  library_names_spec='$libname.dll $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_version=no
-  soname_spec='${libname}${release}.so'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-sco3.2v5*)
-  version_type=osf
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so'
-    soname_spec='$libname.so.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6
-test "$dynamic_linker" = no && can_build_shared=no
-
-# Report the final consequences.
-echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
-echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $can_build_shared" >&5
-echo "${ECHO_T}$can_build_shared" >&6
-
-echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
-echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case "$host_os" in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-  ;;
-esac
-echo "$as_me:$LINENO: result: $enable_shared" >&5
-echo "${ECHO_T}$enable_shared" >&6
-
-echo "$as_me:$LINENO: checking whether to build static libraries" >&5
-echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-echo "$as_me:$LINENO: result: $enable_static" >&5
-echo "${ECHO_T}$enable_static" >&6
-
-if test "$hardcode_action" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen="load_add_on"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    lt_cv_dlopen="LoadLibrary"
-    lt_cv_dlopen_libs=
-   ;;
-
-  *)
-    echo "$as_me:$LINENO: checking for shl_load" >&5
-echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
-if test "${ac_cv_func_shl_load+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shl_load (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shl_load ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shl_load) || defined (__stub___shl_load)
-choke me
-#else
-f = shl_load;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_shl_load=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_shl_load=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
-echo "${ECHO_T}$ac_cv_func_shl_load" >&6
-if test $ac_cv_func_shl_load = yes; then
-  lt_cv_dlopen="shl_load"
-else
-  echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
-echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
-if test "${ac_cv_lib_dld_shl_load+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shl_load ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-shl_load ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dld_shl_load=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dld_shl_load=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
-if test $ac_cv_lib_dld_shl_load = yes; then
-  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
-else
-  echo "$as_me:$LINENO: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
-if test "${ac_cv_func_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char dlopen (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_dlopen) || defined (__stub___dlopen)
-choke me
-#else
-f = dlopen;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
-echo "${ECHO_T}$ac_cv_func_dlopen" >&6
-if test $ac_cv_func_dlopen = yes; then
-  lt_cv_dlopen="dlopen"
-else
-  echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dl_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dl_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
-if test $ac_cv_lib_dl_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-  echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
-echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
-if test "${ac_cv_lib_svld_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_svld_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_svld_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
-if test $ac_cv_lib_svld_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
-else
-  echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
-echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
-if test "${ac_cv_lib_dld_dld_link+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dld_link ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dld_link ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dld_dld_link=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dld_dld_link=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
-if test $ac_cv_lib_dld_dld_link = yes; then
-  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-    ;;
-  esac
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  else
-    enable_dlopen=no
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS="$CPPFLAGS"
-        test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS="$LDFLAGS"
-    eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS="$LIBS"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
-echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
-if test "${lt_cv_dlopen_self+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  	  if test "$cross_compiling" = yes; then :
-  lt_cv_dlopen_self=cross
-else
-    lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-#line 7597 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-
-    exit (status);
-}
-EOF
-  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
-      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
-      x$lt_unknown|x*) lt_cv_dlopen_self=no ;;
-    esac
-  else :
-    # compilation failed
-    lt_cv_dlopen_self=no
-  fi
-fi
-rm -fr conftest*
-
-
-fi
-echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self" >&6
-
-    if test "x$lt_cv_dlopen_self" = xyes; then
-      LDFLAGS="$LDFLAGS $link_static_flag"
-      echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
-echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
-if test "${lt_cv_dlopen_self_static+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  	  if test "$cross_compiling" = yes; then :
-  lt_cv_dlopen_self_static=cross
-else
-    lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-#line 7695 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-
-    exit (status);
-}
-EOF
-  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
-      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
-      x$lt_unknown|x*) lt_cv_dlopen_self_static=no ;;
-    esac
-  else :
-    # compilation failed
-    lt_cv_dlopen_self_static=no
-  fi
-fi
-rm -fr conftest*
-
-
-fi
-echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
-    fi
-
-    CPPFLAGS="$save_CPPFLAGS"
-    LDFLAGS="$save_LDFLAGS"
-    LIBS="$save_LIBS"
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-
-
-if test "$enable_shared" = yes && test "$GCC" = yes; then
-  case $archive_cmds in
-  *'~'*)
-    # FIXME: we may have to deal with multi-command sequences.
-    ;;
-  '$CC '*)
-    # Test whether the compiler implicitly links with -lc since on some
-    # systems, -lgcc has to come before -lc. If gcc already passes -lc
-    # to ld, don't add -lc before -lgcc.
-    echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
-    if test "${lt_cv_archive_cmds_need_lc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  $rm conftest*
-    echo 'static int dummy;' > conftest.$ac_ext
-
-    if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-      soname=conftest
-      lib=conftest
-      libobjs=conftest.$ac_objext
-      deplibs=
-      wl=$lt_cv_prog_cc_wl
-      compiler_flags=-v
-      linker_flags=-v
-      verstring=
-      output_objdir=.
-      libname=conftest
-      save_allow_undefined_flag=$allow_undefined_flag
-      allow_undefined_flag=
-      if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
-  (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }
-      then
-	lt_cv_archive_cmds_need_lc=no
-      else
-	lt_cv_archive_cmds_need_lc=yes
-      fi
-      allow_undefined_flag=$save_allow_undefined_flag
-    else
-      cat conftest.err 1>&5
-    fi
-fi
-
-    echo "$as_me:$LINENO: result: $lt_cv_archive_cmds_need_lc" >&5
-echo "${ECHO_T}$lt_cv_archive_cmds_need_lc" >&6
-    ;;
-  esac
-fi
-need_lc=${lt_cv_archive_cmds_need_lc-yes}
-
-# The second clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  :
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  test -f Makefile && make "$ltmain"
-fi
-
-if test -f "$ltmain"; then
-  trap "$rm \"${ofile}T\"; exit 1" 1 2 15
-  $rm -f "${ofile}T"
-
-  echo creating $ofile
-
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS \
-    AR AR_FLAGS CC LD LN_S NM SHELL \
-    reload_flag reload_cmds wl \
-    pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \
-    thread_safe_flag_spec whole_archive_flag_spec libname_spec \
-    library_names_spec soname_spec \
-    RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \
-    old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \
-    postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \
-    old_striplib striplib file_magic_cmd export_symbols_cmds \
-    deplibs_check_method allow_undefined_flag no_undefined_flag \
-    finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \
-    global_symbol_to_c_name_address \
-    hardcode_libdir_flag_spec hardcode_libdir_separator  \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    compiler_c_o compiler_o_lo need_locks exclude_expsyms include_expsyms; do
-
-    case $var in
-    reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    export_symbols_cmds | archive_cmds | archive_expsym_cmds | \
-    extract_expsyms_cmds | old_archive_from_expsyms_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  cat <<__EOF__ > "${ofile}T"
-#! $SHELL
-
-# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$need_lc
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# The default C compiler.
-CC=$lt_CC
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_wl
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_pic_flag
-pic_mode=$pic_mode
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_compiler_c_o
-
-# Can we write directly to a .lo ?
-compiler_o_lo=$lt_compiler_o_lo
-
-# Must we lock files when doing compilation ?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_link_static_flag
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# ### END LIBTOOL CONFIG
-
-__EOF__
-
-  case $host_os in
-  aix3*)
-    cat <<\EOF >> "${ofile}T"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-    ;;
-  esac
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | os2*)
-    cat <<'EOF' >> "${ofile}T"
-      # This is a source program that is used to create dlls on Windows
-      # Don't remove nor modify the starting and closing comments
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# #  ifdef __CYGWIN32__
-# #    define __CYGWIN__ __CYGWIN32__
-# #  endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-#   __hDllInstance_base = hInst;
-#   return TRUE;
-# }
-# /* ltdll.c ends here */
-	# This is a source program that is used to create import libraries
-	# on Windows for dlls which lack them. Don't remove nor modify the
-	# starting and closing comments
-# /* impgen.c starts here */
-# /*   Copyright (C) 1999-2000 Free Software Foundation, Inc.
-#
-#  This file is part of GNU libtool.
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#  */
-#
-# #include <stdio.h>		/* for printf() */
-# #include <unistd.h>		/* for open(), lseek(), read() */
-# #include <fcntl.h>		/* for O_RDONLY, O_BINARY */
-# #include <string.h>		/* for strdup() */
-#
-# /* O_BINARY isn't required (or even defined sometimes) under Unix */
-# #ifndef O_BINARY
-# #define O_BINARY 0
-# #endif
-#
-# static unsigned int
-# pe_get16 (fd, offset)
-#      int fd;
-#      int offset;
-# {
-#   unsigned char b[2];
-#   lseek (fd, offset, SEEK_SET);
-#   read (fd, b, 2);
-#   return b[0] + (b[1]<<8);
-# }
-#
-# static unsigned int
-# pe_get32 (fd, offset)
-#     int fd;
-#     int offset;
-# {
-#   unsigned char b[4];
-#   lseek (fd, offset, SEEK_SET);
-#   read (fd, b, 4);
-#   return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# static unsigned int
-# pe_as32 (ptr)
-#      void *ptr;
-# {
-#   unsigned char *b = ptr;
-#   return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# int
-# main (argc, argv)
-#     int argc;
-#     char *argv[];
-# {
-#     int dll;
-#     unsigned long pe_header_offset, opthdr_ofs, num_entries, i;
-#     unsigned long export_rva, export_size, nsections, secptr, expptr;
-#     unsigned long name_rvas, nexp;
-#     unsigned char *expdata, *erva;
-#     char *filename, *dll_name;
-#
-#     filename = argv[1];
-#
-#     dll = open(filename, O_RDONLY|O_BINARY);
-#     if (dll < 1)
-# 	return 1;
-#
-#     dll_name = filename;
-#
-#     for (i=0; filename[i]; i++)
-# 	if (filename[i] == '/' || filename[i] == '\\'  || filename[i] == ':')
-# 	    dll_name = filename + i +1;
-#
-#     pe_header_offset = pe_get32 (dll, 0x3c);
-#     opthdr_ofs = pe_header_offset + 4 + 20;
-#     num_entries = pe_get32 (dll, opthdr_ofs + 92);
-#
-#     if (num_entries < 1) /* no exports */
-# 	return 1;
-#
-#     export_rva = pe_get32 (dll, opthdr_ofs + 96);
-#     export_size = pe_get32 (dll, opthdr_ofs + 100);
-#     nsections = pe_get16 (dll, pe_header_offset + 4 +2);
-#     secptr = (pe_header_offset + 4 + 20 +
-# 	      pe_get16 (dll, pe_header_offset + 4 + 16));
-#
-#     expptr = 0;
-#     for (i = 0; i < nsections; i++)
-#     {
-# 	char sname[8];
-# 	unsigned long secptr1 = secptr + 40 * i;
-# 	unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
-# 	unsigned long vsize = pe_get32 (dll, secptr1 + 16);
-# 	unsigned long fptr = pe_get32 (dll, secptr1 + 20);
-# 	lseek(dll, secptr1, SEEK_SET);
-# 	read(dll, sname, 8);
-# 	if (vaddr <= export_rva && vaddr+vsize > export_rva)
-# 	{
-# 	    expptr = fptr + (export_rva - vaddr);
-# 	    if (export_rva + export_size > vaddr + vsize)
-# 		export_size = vsize - (export_rva - vaddr);
-# 	    break;
-# 	}
-#     }
-#
-#     expdata = (unsigned char*)malloc(export_size);
-#     lseek (dll, expptr, SEEK_SET);
-#     read (dll, expdata, export_size);
-#     erva = expdata - export_rva;
-#
-#     nexp = pe_as32 (expdata+24);
-#     name_rvas = pe_as32 (expdata+32);
-#
-#     printf ("EXPORTS\n");
-#     for (i = 0; i<nexp; i++)
-#     {
-# 	unsigned long name_rva = pe_as32 (erva+name_rvas+i*4);
-# 	printf ("\t%s @ %ld ;\n", erva+name_rva, 1+ i);
-#     }
-#
-#     return 0;
-# }
-# /* impgen.c ends here */
-
-EOF
-    ;;
-  esac
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "${ofile}T" || (rm -f "${ofile}T"; exit 1)
-
-  mv -f "${ofile}T" "$ofile" || \
-    (rm -f "$ofile" && cp "${ofile}T" "$ofile" && rm -f "${ofile}T")
-  chmod +x "$ofile"
-fi
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-# Prevent multiple expansion
-
-
-
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-
-
-
-
-# Check whether --with-openldap or --without-openldap was given.
-if test "${with_openldap+set}" = set; then
-  withval="$with_openldap"
-
-fi;
-
-# Check whether --with-openldap-lib or --without-openldap-lib was given.
-if test "${with_openldap_lib+set}" = set; then
-  withval="$with_openldap_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openldap-lib" >&5
-echo "$as_me: error: No argument for --with-openldap-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openldap" = "X"; then
-  with_openldap=yes
-fi
-fi;
-
-# Check whether --with-openldap-include or --without-openldap-include was given.
-if test "${with_openldap_include+set}" = set; then
-  withval="$with_openldap_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openldap-include" >&5
-echo "$as_me: error: No argument for --with-openldap-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openldap" = "X"; then
-  with_openldap=yes
-fi
-fi;
-
-# Check whether --with-openldap-config or --without-openldap-config was given.
-if test "${with_openldap_config+set}" = set; then
-  withval="$with_openldap_config"
-
-fi;
-
-
-
-echo "$as_me:$LINENO: checking for openldap" >&5
-echo $ECHO_N "checking for openldap... $ECHO_C" >&6
-
-case "$with_openldap" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_openldap" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_openldap_include" = ""; then
-		if test -d "$i/include/openldap"; then
-			header_dirs="$header_dirs $i/include/openldap"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_openldap_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_openldap_include"; then
-	header_dirs="$with_openldap_include $header_dirs"
-fi
-if test "$with_openldap_lib"; then
-	lib_dirs="$with_openldap_lib $lib_dirs"
-fi
-
-if test "$with_openldap_config" = ""; then
-	with_openldap_config=''
-fi
-
-openldap_cflags=
-openldap_libs=
-
-case "$with_openldap_config" in
-yes|no|"")
-	;;
-*)
-	openldap_cflags="`$with_openldap_config --cflags 2>&1`"
-	openldap_libs="`$with_openldap_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_openldap" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$openldap_cflags" -a "$openldap_libs"; then
-		CFLAGS="$openldap_cflags $save_CFLAGS"
-		LIBS="$openldap_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <lber.h>
-#include <ldap.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_openldap="$openldap_cflags"
-			LIB_openldap="$openldap_libs"
-			echo "$as_me:$LINENO: result: from $with_openldap_config" >&5
-echo "${ECHO_T}from $with_openldap_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <lber.h>
-#include <ldap.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lldap -llber  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <lber.h>
-#include <ldap.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then
-			INCLUDE_openldap="-I$ires"
-			LIB_openldap="-L$lres -lldap -llber "
-			found=yes
-			echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define OPENLDAP 1
-_ACEOF
-
-	with_openldap=yes
-else
-	with_openldap=no
-	INCLUDE_openldap=
-	LIB_openldap=
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-
-
-# Check whether --with-krb4 or --without-krb4 was given.
-if test "${with_krb4+set}" = set; then
-  withval="$with_krb4"
-
-fi;
-
-# Check whether --with-krb4-lib or --without-krb4-lib was given.
-if test "${with_krb4_lib+set}" = set; then
-  withval="$with_krb4_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-krb4-lib" >&5
-echo "$as_me: error: No argument for --with-krb4-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_krb4" = "X"; then
-  with_krb4=yes
-fi
-fi;
-
-# Check whether --with-krb4-include or --without-krb4-include was given.
-if test "${with_krb4_include+set}" = set; then
-  withval="$with_krb4_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-krb4-include" >&5
-echo "$as_me: error: No argument for --with-krb4-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_krb4" = "X"; then
-  with_krb4=yes
-fi
-fi;
-
-# Check whether --with-krb4-config or --without-krb4-config was given.
-if test "${with_krb4_config+set}" = set; then
-  withval="$with_krb4_config"
-
-fi;
-
-
-
-echo "$as_me:$LINENO: checking for krb4" >&5
-echo $ECHO_N "checking for krb4... $ECHO_C" >&6
-
-case "$with_krb4" in
-yes|"") d='/usr/athena' ;;
-no)	d= ;;
-*)	d="$with_krb4" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_krb4_include" = ""; then
-		if test -d "$i/include/krb4"; then
-			header_dirs="$header_dirs $i/include/krb4"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_krb4_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_krb4_include"; then
-	header_dirs="$with_krb4_include $header_dirs"
-fi
-if test "$with_krb4_lib"; then
-	lib_dirs="$with_krb4_lib $lib_dirs"
-fi
-
-if test "$with_krb4_config" = ""; then
-	with_krb4_config='krb4-config'
-fi
-
-krb4_cflags=
-krb4_libs=
-
-case "$with_krb4_config" in
-yes|no|"")
-	;;
-*)
-	krb4_cflags="`$with_krb4_config --cflags 2>&1`"
-	krb4_libs="`$with_krb4_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_krb4" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$krb4_cflags" -a "$krb4_libs"; then
-		CFLAGS="$krb4_cflags $save_CFLAGS"
-		LIBS="$krb4_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_krb4="$krb4_cflags"
-			LIB_krb4="$krb4_libs"
-			echo "$as_me:$LINENO: result: from $with_krb4_config" >&5
-echo "${ECHO_T}from $with_krb4_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lkrb -ldes $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_krb4" != "no"; then
-			INCLUDE_krb4="-I$ires"
-			LIB_krb4="-L$lres -lkrb -ldes"
-			found=yes
-			echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define KRB4 1
-_ACEOF
-
-	with_krb4=yes
-else
-	with_krb4=no
-	INCLUDE_krb4=
-	LIB_krb4=
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-LIB_kdb=
-if test "$with_krb4" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS $INCLUDE_krb4"
-	save_LIBS="$LIBS"
-	LIBS="$LIB_krb4 $LIBS"
-	EXTRA_LIB45=lib45.a
-
-	echo "$as_me:$LINENO: checking for four valued krb_put_int" >&5
-echo $ECHO_N "checking for four valued krb_put_int... $ECHO_C" >&6
-if test "${ac_cv_func_krb_put_int_four+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		char tmp[4];
-		krb_put_int(17, tmp, 4, sizeof(tmp));
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_put_int_four=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_put_int_four=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_krb_put_int_four" >&5
-echo "${ECHO_T}$ac_cv_func_krb_put_int_four" >&6
-	if test "$ac_cv_func_krb_put_int_four" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_FOUR_VALUED_KRB_PUT_INT 1
-_ACEOF
-
-	fi
-
-
-	echo "$as_me:$LINENO: checking for KRB_VERIFY_SECURE" >&5
-echo $ECHO_N "checking for KRB_VERIFY_SECURE... $ECHO_C" >&6
-if test "${ac_cv_func_krb_verify_secure+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		int x = KRB_VERIFY_SECURE
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_verify_secure=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_verify_secure=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_krb_verify_secure" >&5
-echo "${ECHO_T}$ac_cv_func_krb_verify_secure" >&6
-	if test "$ac_cv_func_krb_verify_secure" != yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_VERIFY_SECURE 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_VERIFY_SECURE_FAIL 2
-_ACEOF
-
-	fi
-	echo "$as_me:$LINENO: checking for KRB_VERIFY_NOT_SECURE" >&5
-echo $ECHO_N "checking for KRB_VERIFY_NOT_SECURE... $ECHO_C" >&6
-if test "${ac_cv_func_krb_verify_not_secure+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		int x = KRB_VERIFY_NOT_SECURE
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_verify_not_secure=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_verify_not_secure=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_krb_verify_not_secure" >&5
-echo "${ECHO_T}$ac_cv_func_krb_verify_not_secure" >&6
-	if test "$ac_cv_func_krb_verify_not_secure" != yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_VERIFY_NOT_SECURE 0
-_ACEOF
-
-	fi
-
-
-
-
-echo "$as_me:$LINENO: checking for krb_enable_debug" >&5
-echo $ECHO_N "checking for krb_enable_debug... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_enable_debug+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_enable_debug\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_enable_debug()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_enable_debug=$ac_lib; else ac_cv_funclib_krb_enable_debug=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_enable_debug=\${ac_cv_funclib_krb_enable_debug-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_enable_debug"
-
-if false; then
-
-for ac_func in krb_enable_debug
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_enable_debug
-eval "ac_tr_func=HAVE_`echo krb_enable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_enable_debug=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_enable_debug=yes"
-	eval "LIB_krb_enable_debug="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_enable_debug=no"
-	eval "LIB_krb_enable_debug="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_enable_debug=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_enable_debug"; then
-	LIBS="$LIB_krb_enable_debug $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for krb_disable_debug" >&5
-echo $ECHO_N "checking for krb_disable_debug... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_disable_debug+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_disable_debug\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_disable_debug()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_disable_debug=$ac_lib; else ac_cv_funclib_krb_disable_debug=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_disable_debug=\${ac_cv_funclib_krb_disable_debug-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_disable_debug"
-
-if false; then
-
-for ac_func in krb_disable_debug
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_disable_debug
-eval "ac_tr_func=HAVE_`echo krb_disable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_disable_debug=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_disable_debug=yes"
-	eval "LIB_krb_disable_debug="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_disable_debug=no"
-	eval "LIB_krb_disable_debug="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_disable_debug=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_disable_debug"; then
-	LIBS="$LIB_krb_disable_debug $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for krb_get_our_ip_for_realm" >&5
-echo $ECHO_N "checking for krb_get_our_ip_for_realm... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_get_our_ip_for_realm+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_get_our_ip_for_realm\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_get_our_ip_for_realm()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_our_ip_for_realm=$ac_lib; else ac_cv_funclib_krb_get_our_ip_for_realm=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_get_our_ip_for_realm=\${ac_cv_funclib_krb_get_our_ip_for_realm-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_get_our_ip_for_realm"
-
-if false; then
-
-for ac_func in krb_get_our_ip_for_realm
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_get_our_ip_for_realm
-eval "ac_tr_func=HAVE_`echo krb_get_our_ip_for_realm | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_get_our_ip_for_realm=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_get_our_ip_for_realm=yes"
-	eval "LIB_krb_get_our_ip_for_realm="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_get_our_ip_for_realm=no"
-	eval "LIB_krb_get_our_ip_for_realm="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_get_our_ip_for_realm=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_get_our_ip_for_realm"; then
-	LIBS="$LIB_krb_get_our_ip_for_realm $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for krb_kdctimeofday" >&5
-echo $ECHO_N "checking for krb_kdctimeofday... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_kdctimeofday+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_kdctimeofday\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_kdctimeofday()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_kdctimeofday=$ac_lib; else ac_cv_funclib_krb_kdctimeofday=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_kdctimeofday=\${ac_cv_funclib_krb_kdctimeofday-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_kdctimeofday"
-
-if false; then
-
-for ac_func in krb_kdctimeofday
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_kdctimeofday
-eval "ac_tr_func=HAVE_`echo krb_kdctimeofday | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_kdctimeofday=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_kdctimeofday=yes"
-	eval "LIB_krb_kdctimeofday="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_kdctimeofday=no"
-	eval "LIB_krb_kdctimeofday="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_kdctimeofday=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_kdctimeofday"; then
-	LIBS="$LIB_krb_kdctimeofday $LIBS"
-fi
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for krb_get_kdc_time_diff" >&5
-echo $ECHO_N "checking for krb_get_kdc_time_diff... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_get_kdc_time_diff+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_get_kdc_time_diff\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_get_kdc_time_diff()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_kdc_time_diff=$ac_lib; else ac_cv_funclib_krb_get_kdc_time_diff=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_get_kdc_time_diff=\${ac_cv_funclib_krb_get_kdc_time_diff-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_get_kdc_time_diff"
-
-if false; then
-
-for ac_func in krb_get_kdc_time_diff
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_get_kdc_time_diff
-eval "ac_tr_func=HAVE_`echo krb_get_kdc_time_diff | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_get_kdc_time_diff=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_get_kdc_time_diff=yes"
-	eval "LIB_krb_get_kdc_time_diff="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_get_kdc_time_diff=no"
-	eval "LIB_krb_get_kdc_time_diff="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_get_kdc_time_diff=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_get_kdc_time_diff"; then
-	LIBS="$LIB_krb_get_kdc_time_diff $LIBS"
-fi
-
-
-
-	echo "$as_me:$LINENO: checking for KRB_SENDAUTH_VERS" >&5
-echo $ECHO_N "checking for KRB_SENDAUTH_VERS... $ECHO_C" >&6
-if test "${ac_cv_func_krb_sendauth_vers+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-			#include <prot.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		char *x = KRB_SENDAUTH_VERS
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_sendauth_vers=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_sendauth_vers=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_krb_sendauth_vers" >&5
-echo "${ECHO_T}$ac_cv_func_krb_sendauth_vers" >&6
-	if test "$ac_cv_func_krb_sendauth_vers" != yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_SENDAUTH_VERS "AUTHV0.1"
-_ACEOF
-
-	fi
-	echo "$as_me:$LINENO: checking for krb_mk_req with const arguments" >&5
-echo $ECHO_N "checking for krb_mk_req with const arguments... $ECHO_C" >&6
-if test "${ac_cv_func_krb_mk_req_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <krb.h>
-		int krb_mk_req(KTEXT a, const char *s, const char *i,
-			       const char *r, int32_t checksum)
-		{ return 17; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_mk_req_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_mk_req_const=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_krb_mk_req_const" >&5
-echo "${ECHO_T}$ac_cv_func_krb_mk_req_const" >&6
-	if test "$ac_cv_func_krb_mk_req_const" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_MK_REQ_CONST 1
-_ACEOF
-
-	fi
-
-	LIBS="$save_LIBS"
-	CFLAGS="$save_CFLAGS"
-	LIB_kdb="-lkdb -lkrb"
-fi
-
-
-if test "$with_krb4" != "no"; then
-  KRB4_TRUE=
-  KRB4_FALSE='#'
-else
-  KRB4_TRUE='#'
-  KRB4_FALSE=
-fi
-
-
-
-if true; then
-  KRB5_TRUE=
-  KRB5_FALSE='#'
-else
-  KRB5_TRUE='#'
-  KRB5_FALSE=
-fi
-
-
-
-if true; then
-  do_roken_rename_TRUE=
-  do_roken_rename_FALSE='#'
-else
-  do_roken_rename_TRUE='#'
-  do_roken_rename_FALSE=
-fi
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB5 1
-_ACEOF
-
-
-crypto_lib=unknown
-
-
-# Check whether --with-openssl or --without-openssl was given.
-if test "${with_openssl+set}" = set; then
-  withval="$with_openssl"
-
-fi;
-
-
-# Check whether --with-openssl-lib or --without-openssl-lib was given.
-if test "${with_openssl_lib+set}" = set; then
-  withval="$with_openssl_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openssl-lib" >&5
-echo "$as_me: error: No argument for --with-openssl-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openssl" = "X"; then
-  with_openssl=yes
-fi
-fi;
-
-
-# Check whether --with-openssl-include or --without-openssl-include was given.
-if test "${with_openssl_include+set}" = set; then
-  withval="$with_openssl_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-openssl-include" >&5
-echo "$as_me: error: No argument for --with-openssl-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openssl" = "X"; then
-  with_openssl=yes
-fi
-fi;
-
-case "$with_openssl" in
-yes)	;;
-no)	;;
-"")	;;
-*)	if test "$with_openssl_include" = ""; then
-		with_openssl_include="$with_openssl/include"
-	fi
-	if test "$with_openssl_lib" = ""; then
-		with_openssl_lib="$with_openssl/lib$abilibdirext"
-	fi
-	;;
-esac
-
-
-DIR_des=
-
-echo "$as_me:$LINENO: checking for crypto library" >&5
-echo $ECHO_N "checking for crypto library... $ECHO_C" >&6
-
-openssl=no
-old_hash=no
-
-if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
-	save_CPPFLAGS="$CPPFLAGS"
-	save_LIBS="$LIBS"
-
-	cdirs= clibs=
-	for i in $LIB_krb4; do
-		case "$i" in
-		-L*) cdirs="$cdirs $i";;
-		-l*) clibs="$clibs $i";;
-		esac
-	done
-
-	ires=
-	for i in $INCLUDE_krb4; do
-		CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#define OPENSSL_DES_LIBDES_COMPATIBILITY
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/rand.h>
-		#else
-		#include <md4.h>
-		#include <md5.h>
-		#include <sha.h>
-		#include <des.h>
-		#include <rc4.h>
-		#endif
-		#ifdef OLD_HASH_NAMES
-		typedef struct md4 MD4_CTX;
-		#define MD4_Init(C) md4_init((C))
-		#define MD4_Update(C, D, L) md4_update((C), (D), (L))
-		#define MD4_Final(D, C) md4_finito((C), (D))
-		typedef struct md5 MD5_CTX;
-		#define MD5_Init(C) md5_init((C))
-		#define MD5_Update(C, D, L) md5_update((C), (D), (L))
-		#define MD5_Final(D, C) md5_finito((C), (D))
-		typedef struct sha SHA_CTX;
-		#define SHA1_Init(C) sha_init((C))
-		#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
-		#define SHA1_Final(D, C) sha_finito((C), (D))
-		#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		#endif
-
-		des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  openssl=yes ires="$i" lres="$j $k"; break 3
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-			done
-		done
-		CFLAGS="$i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#define OPENSSL_DES_LIBDES_COMPATIBILITY
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/rand.h>
-		#else
-		#include <md4.h>
-		#include <md5.h>
-		#include <sha.h>
-		#include <des.h>
-		#include <rc4.h>
-		#endif
-		#ifdef OLD_HASH_NAMES
-		typedef struct md4 MD4_CTX;
-		#define MD4_Init(C) md4_init((C))
-		#define MD4_Update(C, D, L) md4_update((C), (D), (L))
-		#define MD4_Final(D, C) md4_finito((C), (D))
-		typedef struct md5 MD5_CTX;
-		#define MD5_Init(C) md5_init((C))
-		#define MD5_Update(C, D, L) md5_update((C), (D), (L))
-		#define MD5_Final(D, C) md5_finito((C), (D))
-		typedef struct sha SHA_CTX;
-		#define SHA1_Init(C) sha_init((C))
-		#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
-		#define SHA1_Final(D, C) sha_finito((C), (D))
-		#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		#endif
-
-		des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  openssl=no ires="$i" lres="$j $k"; break 3
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-			done
-		done
-		CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS"
-		for j in $cdirs; do
-			for k in $clibs; do
-				LIBS="$j $k $save_LIBS"
-				cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#define OPENSSL_DES_LIBDES_COMPATIBILITY
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/rand.h>
-		#else
-		#include <md4.h>
-		#include <md5.h>
-		#include <sha.h>
-		#include <des.h>
-		#include <rc4.h>
-		#endif
-		#ifdef OLD_HASH_NAMES
-		typedef struct md4 MD4_CTX;
-		#define MD4_Init(C) md4_init((C))
-		#define MD4_Update(C, D, L) md4_update((C), (D), (L))
-		#define MD4_Final(D, C) md4_finito((C), (D))
-		typedef struct md5 MD5_CTX;
-		#define MD5_Init(C) md5_init((C))
-		#define MD5_Update(C, D, L) md5_update((C), (D), (L))
-		#define MD5_Final(D, C) md5_finito((C), (D))
-		typedef struct sha SHA_CTX;
-		#define SHA1_Init(C) sha_init((C))
-		#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
-		#define SHA1_Final(D, C) sha_finito((C), (D))
-		#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		#endif
-
-		des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  openssl=no ires="$i" lres="$j $k"; break 3
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-			done
-		done
-	done
-
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-	if test "$ires" -a "$lres"; then
-		INCLUDE_des="$ires"
-		LIB_des="$lres"
-		crypto_lib=krb4
-		echo "$as_me:$LINENO: result: same as krb4" >&5
-echo "${ECHO_T}same as krb4" >&6
-		LIB_des_a='$(LIB_des)'
-		LIB_des_so='$(LIB_des)'
-		LIB_des_appl='$(LIB_des)'
-	fi
-fi
-
-if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	INCLUDE_des=
-	LIB_des=
-	if test "$with_openssl_include" != ""; then
-		INCLUDE_des="-I${with_openssl_include}"
-	fi
-	if test "$with_openssl_lib" != ""; then
-		LIB_des="-L${with_openssl_lib}"
-	fi
-	CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
-	saved_LIB_des="$LIB_des"
-	for lres in "" "-lnsl -lsocket"; do
-		LIB_des="${saved_LIB_des} -lcrypto $lres"
-		LIB_des_a="$LIB_des"
-		LIB_des_so="$LIB_des"
-		LIB_des_appl="$LIB_des"
-		LIBS="${LIBS} ${LIB_des}"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-		#undef KRB5 /* makes md4.h et al unhappy */
-		#ifdef HAVE_OPENSSL
-		#include <openssl/md4.h>
-		#include <openssl/md5.h>
-		#include <openssl/sha.h>
-		#define OPENSSL_DES_LIBDES_COMPATIBILITY
-		#include <openssl/des.h>
-		#include <openssl/rc4.h>
-		#include <openssl/rand.h>
-		#else
-		#include <md4.h>
-		#include <md5.h>
-		#include <sha.h>
-		#include <des.h>
-		#include <rc4.h>
-		#endif
-		#ifdef OLD_HASH_NAMES
-		typedef struct md4 MD4_CTX;
-		#define MD4_Init(C) md4_init((C))
-		#define MD4_Update(C, D, L) md4_update((C), (D), (L))
-		#define MD4_Final(D, C) md4_finito((C), (D))
-		typedef struct md5 MD5_CTX;
-		#define MD5_Init(C) md5_init((C))
-		#define MD5_Update(C, D, L) md5_update((C), (D), (L))
-		#define MD5_Final(D, C) md5_finito((C), (D))
-		typedef struct sha SHA_CTX;
-		#define SHA1_Init(C) sha_init((C))
-		#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
-		#define SHA1_Final(D, C) sha_finito((C), (D))
-		#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		void *schedule = 0;
-		MD4_CTX md4;
-		MD5_CTX md5;
-		SHA_CTX sha1;
-
-		MD4_Init(&md4);
-		MD5_Init(&md5);
-		SHA1_Init(&sha1);
-		#ifdef HAVE_OPENSSL
-		RAND_status();
-		#endif
-
-		des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-		RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			crypto_lib=libcrypto openssl=yes
-			echo "$as_me:$LINENO: result: libcrypto" >&5
-echo "${ECHO_T}libcrypto" >&6
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		if test "$crypto_lib" = libcrypto ; then
-			break;
-		fi
-	done
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$crypto_lib" = "unknown"; then
-
-  DIR_des='des'
-  LIB_des='$(top_builddir)/lib/des/libdes.la'
-  LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a'
-  LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so'
-  LIB_des_appl="-ldes"
-
-  echo "$as_me:$LINENO: result: included libdes" >&5
-echo "${ECHO_T}included libdes" >&6
-
-fi
-
-if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
-	{ { echo "$as_me:$LINENO: error: the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer
-Kerberos 4 or configure --without-krb4" >&5
-echo "$as_me: error: the crypto library used by krb4 lacks features
-required by Kerberos 5; to continue, you need to install a newer
-Kerberos 4 or configure --without-krb4" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-if test "$openssl" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPENSSL 1
-_ACEOF
-
-fi
-if test "$old_hash" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OLD_HASH_NAMES 1
-_ACEOF
-
-fi
-
-
-if test "$openssl" = yes; then
-  HAVE_OPENSSL_TRUE=
-  HAVE_OPENSSL_FALSE='#'
-else
-  HAVE_OPENSSL_TRUE='#'
-  HAVE_OPENSSL_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-# Check whether --enable-dce or --disable-dce was given.
-if test "${enable_dce+set}" = set; then
-  enableval="$enable_dce"
-
-fi;
-if test "$enable_dce" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define DCE 1
-_ACEOF
-
-fi
-
-
-if test "$enable_dce" = yes; then
-  DCE_TRUE=
-  DCE_FALSE='#'
-else
-  DCE_TRUE='#'
-  DCE_FALSE=
-fi
-
-
-## XXX quite horrible:
-if test -f /etc/ibmcxx.cfg; then
-	dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'`
-	dpagaix_ldflags=
-else
-	dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
-	dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
-	dpagaix_ldflags="-Wl,-bI:dfspag.exp"
-fi
-
-
-
-
-
-# Check whether --enable-berkeley-db or --disable-berkeley-db was given.
-if test "${enable_berkeley_db+set}" = set; then
-  enableval="$enable_berkeley_db"
-
-
-fi;
-
-have_ndbm=no
-db_type=unknown
-
-if test "$enable_berkeley_db" != no; then
-
-
-
-
-
-for ac_header in 				\
-	db4/db.h				\
-	db3/db.h				\
-	db.h					\
-	db_185.h				\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for db_create" >&5
-echo $ECHO_N "checking for db_create... $ECHO_C" >&6
-if test "${ac_cv_funclib_db_create+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_db_create\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" db4 db3 db; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_db_create=$ac_lib; else ac_cv_funclib_db_create=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_db_create=\${ac_cv_funclib_db_create-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_db_create"
-
-if false; then
-
-for ac_func in db_create
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# db_create
-eval "ac_tr_func=HAVE_`echo db_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_db_create=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_db_create=yes"
-	eval "LIB_db_create="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_db_create=no"
-	eval "LIB_db_create="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_db_create=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-  if test "$ac_cv_func_db_create" = "yes"; then
-    db_type=db3
-    if test "$ac_cv_funclib_db_create" != "yes"; then
-      DBLIB="$ac_cv_funclib_db_create"
-    else
-      DBLIB=""
-    fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB3 1
-_ACEOF
-
-  else
-
-
-
-
-
-echo "$as_me:$LINENO: checking for dbopen" >&5
-echo $ECHO_N "checking for dbopen... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" db2 db; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #if defined(HAVE_DB2_DB_H)
-    #include <db2/db.h>
-    #elif defined(HAVE_DB_185_H)
-    #include <db_185.h>
-    #elif defined(HAVE_DB_H)
-    #include <db.h>
-    #else
-    #error no db.h
-    #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbopen(NULL, 0, 0, 0, NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbopen"
-
-if false; then
-
-for ac_func in dbopen
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbopen
-eval "ac_tr_func=HAVE_`echo dbopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbopen=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbopen=yes"
-	eval "LIB_dbopen="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbopen=no"
-	eval "LIB_dbopen="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbopen=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbopen" = "yes"; then
-      db_type=db1
-      if test "$ac_cv_funclib_dbopen" != "yes"; then
-        DBLIB="$ac_cv_funclib_dbopen"
-      else
-        DBLIB=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB1 1
-_ACEOF
-
-    fi
-  fi
-
-
-  if test "$ac_cv_func_dbm_firstkey" != yes; then
-
-
-echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in $ac_cv_funclib_dbopen $ac_cv_funclib_db_create; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB_NDBM 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NEW_DB 1
-_ACEOF
-
-    else
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-    fi
-  fi
-
-fi # berkeley db
-
-if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
-
-
-
-for ac_header in 				\
-	dbm.h					\
-	ndbm.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ndbm; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #if defined(HAVE_NDBM_H)
-  #include <ndbm.h>
-  #elif defined(HAVE_DBM_H)
-  #include <dbm.h>
-  #endif
-  DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-  if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-    if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-      LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-    else
-      LIB_NDBM=""
-    fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NDBM 1
-_ACEOF
-    have_ndbm=yes
-    if test "$db_type" = "unknown"; then
-      db_type=ndbm
-      DBLIB="$LIB_NDBM"
-    fi
-  else
-
-    $as_unset ac_cv_func_dbm_firstkey
-    $as_unset ac_cv_funclib_dbm_firstkey
-
-
-for ac_header in 				\
-	  gdbm/ndbm.h				\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" gdbm; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #include <gdbm/ndbm.h>
-    DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-	LIB_NDBM=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NDBM 1
-_ACEOF
-      have_ndbm=yes
-      if test "$db_type" = "unknown"; then
-	db_type=ndbm
-	DBLIB="$LIB_NDBM"
-      fi
-    fi
-  fi
-
-fi # unknown
-
-if test "$have_ndbm" = "yes"; then
-  echo "$as_me:$LINENO: checking if ndbm is implemented with db" >&5
-echo $ECHO_N "checking if ndbm is implemented with db... $ECHO_C" >&6
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-int main()
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if (d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-    if test -f conftest.db; then
-      echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NEW_DB 1
-_ACEOF
-
-    else
-      echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-    fi
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-
-
-
-if test "$db_type" = db1; then
-  HAVE_DB1_TRUE=
-  HAVE_DB1_FALSE='#'
-else
-  HAVE_DB1_TRUE='#'
-  HAVE_DB1_FALSE=
-fi
-
-
-if test "$db_type" = db3; then
-  HAVE_DB3_TRUE=
-  HAVE_DB3_FALSE='#'
-else
-  HAVE_DB3_TRUE='#'
-  HAVE_DB3_FALSE=
-fi
-
-
-if test "$db_type" = ndbm; then
-  HAVE_NDBM_TRUE=
-  HAVE_NDBM_FALSE='#'
-else
-  HAVE_NDBM_TRUE='#'
-  HAVE_NDBM_FALSE=
-fi
-
-z=""
-for i in $LDFLAGS; do
-	case "$i" in
-	-L*) z="$z $i";;
-	esac
-done
-DBLIB="$z $DBLIB"
-
-
-
-
-
-echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6
-if test "${ac_cv_c_inline+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifndef __cplusplus
-static $ac_kw int static_foo () {return 0; }
-$ac_kw int foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_inline=$ac_kw; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  no)
-cat >>confdefs.h <<\_ACEOF
-#define inline
-_ACEOF
- ;;
-  *)  cat >>confdefs.h <<_ACEOF
-#define inline $ac_cv_c_inline
-_ACEOF
- ;;
-esac
-
-echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
-if test "${ac_cv_c_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this.  */
-  typedef int charset[2];
-  const charset x;
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *ccp;
-  char **p;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  ccp = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++ccp;
-  p = (char**) ccp;
-  ccp = (char const *const *) p;
-  { /* SCO 3.2v4 cc rejects this.  */
-    char *t;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; };
-    struct s *b; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-  }
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_const=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6
-if test $ac_cv_c_const = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6
-if test "${ac_cv_type_size_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((size_t *) 0)
-  return 0;
-if (sizeof (size_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_size_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_size_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
-echo "${ECHO_T}$ac_cv_type_size_t" >&6
-if test $ac_cv_type_size_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define size_t unsigned
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for pid_t" >&5
-echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
-if test "${ac_cv_type_pid_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((pid_t *) 0)
-  return 0;
-if (sizeof (pid_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_pid_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_pid_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
-echo "${ECHO_T}$ac_cv_type_pid_t" >&6
-if test $ac_cv_type_pid_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define pid_t int
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
-echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
-if test "${ac_cv_type_uid_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "uid_t" >/dev/null 2>&1; then
-  ac_cv_type_uid_t=yes
-else
-  ac_cv_type_uid_t=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
-echo "${ECHO_T}$ac_cv_type_uid_t" >&6
-if test $ac_cv_type_uid_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define uid_t int
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define gid_t int
-_ACEOF
-
-fi
-
-
-echo "$as_me:$LINENO: checking return type of signal handlers" >&5
-echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
-if test "${ac_cv_type_signal+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <signal.h>
-#ifdef signal
-# undef signal
-#endif
-#ifdef __cplusplus
-extern "C" void (*signal (int, void (*)(int)))(int);
-#else
-void (*signal ()) ();
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int i;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_signal=void
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_signal=int
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
-echo "${ECHO_T}$ac_cv_type_signal" >&6
-
-cat >>confdefs.h <<_ACEOF
-#define RETSIGTYPE $ac_cv_type_signal
-_ACEOF
-
-
-if test "$ac_cv_type_signal" = "void" ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define VOID_RETSIGTYPE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
-if test "${ac_cv_header_time+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_header_time=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_header_time=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
-
-fi
-
-
-
-for ac_header in standards.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-for i in netinet/ip.h netinet/tcp.h; do
-
-cv=`echo "$i" | sed 'y%./+-%__p_%'`
-
-echo "$as_me:$LINENO: checking for $i" >&5
-echo $ECHO_N "checking for $i... $ECHO_C" >&6
-if eval "test \"\${ac_cv_header_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-\
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-#include <$i>
-
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  eval "ac_cv_header_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  eval "ac_cv_header_$cv=no"
-fi
-rm -f conftest.err conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'ac_cv_header_$cv'}'`" >&5
-echo "${ECHO_T}`eval echo '${'ac_cv_header_$cv'}'`" >&6
-ac_res=`eval echo \\$ac_cv_header_$cv`
-if test "$ac_res" = yes; then
-	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-done
-if false;then
-
-
-for ac_header in netinet/ip.h netinet/tcp.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-fi
-
-
-
-
-for ac_func in getlogin setlogin
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-if test "$ac_cv_func_getlogin" = yes; then
-echo "$as_me:$LINENO: checking if getlogin is posix" >&5
-echo $ECHO_N "checking if getlogin is posix... $ECHO_C" >&6
-if test "${ac_cv_func_getlogin_posix+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
-	ac_cv_func_getlogin_posix=no
-else
-	ac_cv_func_getlogin_posix=yes
-fi
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getlogin_posix" >&5
-echo "${ECHO_T}$ac_cv_func_getlogin_posix" >&6
-if test "$ac_cv_func_getlogin_posix" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define POSIX_GETLOGIN 1
-_ACEOF
-
-fi
-fi
-
-
-
-for ac_header in stdlib.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-for ac_func in getpagesize
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-echo "$as_me:$LINENO: checking for working mmap" >&5
-echo $ECHO_N "checking for working mmap... $ECHO_C" >&6
-if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_mmap_fixed_mapped=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-/* malloc might have been renamed as rpl_malloc. */
-#undef malloc
-
-/* Thanks to Mike Haertel and Jim Avera for this test.
-   Here is a matrix of mmap possibilities:
-	mmap private not fixed
-	mmap private fixed at somewhere currently unmapped
-	mmap private fixed at somewhere already mapped
-	mmap shared not fixed
-	mmap shared fixed at somewhere currently unmapped
-	mmap shared fixed at somewhere already mapped
-   For private mappings, we should verify that changes cannot be read()
-   back from the file, nor mmap's back from the file at a different
-   address.  (There have been systems where private was not correctly
-   implemented like the infamous i386 svr4.0, and systems where the
-   VM page cache was not coherent with the file system buffer cache
-   like early versions of FreeBSD and possibly contemporary NetBSD.)
-   For shared mappings, we should conversely verify that changes get
-   propagated back to all the places they're supposed to be.
-
-   Grep wants private fixed already mapped.
-   The main things grep needs to know about mmap are:
-   * does it exist and is it safe to write into the mmap'd area
-   * how to use it (BSD variants)  */
-
-#include <fcntl.h>
-#include <sys/mman.h>
-
-#if !STDC_HEADERS && !HAVE_STDLIB_H
-char *malloc ();
-#endif
-
-/* This mess was copied from the GNU getpagesize.h.  */
-#if !HAVE_GETPAGESIZE
-/* Assume that all systems that can run configure have sys/param.h.  */
-# if !HAVE_SYS_PARAM_H
-#  define HAVE_SYS_PARAM_H 1
-# endif
-
-# ifdef _SC_PAGESIZE
-#  define getpagesize() sysconf(_SC_PAGESIZE)
-# else /* no _SC_PAGESIZE */
-#  if HAVE_SYS_PARAM_H
-#   include <sys/param.h>
-#   ifdef EXEC_PAGESIZE
-#    define getpagesize() EXEC_PAGESIZE
-#   else /* no EXEC_PAGESIZE */
-#    ifdef NBPG
-#     define getpagesize() NBPG * CLSIZE
-#     ifndef CLSIZE
-#      define CLSIZE 1
-#     endif /* no CLSIZE */
-#    else /* no NBPG */
-#     ifdef NBPC
-#      define getpagesize() NBPC
-#     else /* no NBPC */
-#      ifdef PAGESIZE
-#       define getpagesize() PAGESIZE
-#      endif /* PAGESIZE */
-#     endif /* no NBPC */
-#    endif /* no NBPG */
-#   endif /* no EXEC_PAGESIZE */
-#  else /* no HAVE_SYS_PARAM_H */
-#   define getpagesize() 8192	/* punt totally */
-#  endif /* no HAVE_SYS_PARAM_H */
-# endif /* no _SC_PAGESIZE */
-
-#endif /* no HAVE_GETPAGESIZE */
-
-int
-main ()
-{
-  char *data, *data2, *data3;
-  int i, pagesize;
-  int fd;
-
-  pagesize = getpagesize ();
-
-  /* First, make a file with some known garbage in it. */
-  data = (char *) malloc (pagesize);
-  if (!data)
-    exit (1);
-  for (i = 0; i < pagesize; ++i)
-    *(data + i) = rand ();
-  umask (0);
-  fd = creat ("conftest.mmap", 0600);
-  if (fd < 0)
-    exit (1);
-  if (write (fd, data, pagesize) != pagesize)
-    exit (1);
-  close (fd);
-
-  /* Next, try to mmap the file at a fixed address which already has
-     something else allocated at it.  If we can, also make sure that
-     we see the same garbage.  */
-  fd = open ("conftest.mmap", O_RDWR);
-  if (fd < 0)
-    exit (1);
-  data2 = (char *) malloc (2 * pagesize);
-  if (!data2)
-    exit (1);
-  data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1);
-  if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
-                     MAP_PRIVATE | MAP_FIXED, fd, 0L))
-    exit (1);
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data2 + i))
-      exit (1);
-
-  /* Finally, make sure that changes to the mapped area do not
-     percolate back to the file as seen by read().  (This is a bug on
-     some variants of i386 svr4.0.)  */
-  for (i = 0; i < pagesize; ++i)
-    *(data2 + i) = *(data2 + i) + 1;
-  data3 = (char *) malloc (pagesize);
-  if (!data3)
-    exit (1);
-  if (read (fd, data3, pagesize) != pagesize)
-    exit (1);
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data3 + i))
-      exit (1);
-  close (fd);
-  exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_mmap_fixed_mapped=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_mmap_fixed_mapped=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
-echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6
-if test $ac_cv_func_mmap_fixed_mapped = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_MMAP 1
-_ACEOF
-
-fi
-rm -f conftest.mmap
-
-
-echo "$as_me:$LINENO: checking if realloc if broken" >&5
-echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6
-if test "${ac_cv_func_realloc_broken+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-ac_cv_func_realloc_broken=no
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stddef.h>
-#include <stdlib.h>
-
-int main()
-{
-	return realloc(NULL, 17) == NULL;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_realloc_broken=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_realloc_broken" >&5
-echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6
-if test "$ac_cv_func_realloc_broken" = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define BROKEN_REALLOC 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-DIR_roken=roken
-LIB_roken='$(top_builddir)/lib/roken/libroken.la'
-INCLUDES_roken='-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-
-
-
-
-
-
-
-
-cv=`echo "ssize_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-ssize_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo ssize_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
-if test "${ac_cv_type_ssize_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((ssize_t *) 0)
-  return 0;
-if (sizeof (ssize_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_ssize_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_ssize_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
-echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
-if test $ac_cv_type_ssize_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SSIZE_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-
-cv=`echo "long long" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-long long foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if test "${ac_cv_type_long_long+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((long long *) 0)
-  return 0;
-if (sizeof (long long))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_long_long=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6
-if test $ac_cv_type_long_long = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in \
-	arpa/inet.h				\
-	arpa/nameser.h				\
-	config.h				\
-	crypt.h					\
-	dirent.h				\
-	errno.h					\
-	err.h					\
-	fcntl.h					\
-	grp.h					\
-	ifaddrs.h				\
-	net/if.h				\
-	netdb.h					\
-	netinet/in.h				\
-	netinet/in6.h				\
-	netinet/in_systm.h			\
-	netinet6/in6.h				\
-	netinet6/in6_var.h			\
-	paths.h					\
-	pwd.h					\
-	resolv.h				\
-	rpcsvc/ypclnt.h				\
-	shadow.h				\
-	sys/bswap.h				\
-	sys/ioctl.h				\
-	sys/mman.h				\
-	sys/param.h				\
-	sys/proc.h				\
-	sys/resource.h				\
-	sys/socket.h				\
-	sys/sockio.h				\
-	sys/stat.h				\
-	sys/sysctl.h				\
-	sys/time.h				\
-	sys/tty.h				\
-	sys/types.h				\
-	sys/uio.h				\
-	sys/utsname.h				\
-	sys/wait.h				\
-	syslog.h				\
-	termios.h				\
-	unistd.h				\
-	userconf.h				\
-	usersec.h				\
-	util.h					\
-	vis.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-if test "$ac_cv_header_err_h" = yes; then
-  have_err_h_TRUE=
-  have_err_h_FALSE='#'
-else
-  have_err_h_TRUE='#'
-  have_err_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_header_fnmatch_h" = yes; then
-  have_fnmatch_h_TRUE=
-  have_fnmatch_h_FALSE='#'
-else
-  have_fnmatch_h_TRUE='#'
-  have_fnmatch_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_header_ifaddrs_h" = yes; then
-  have_ifaddrs_h_TRUE=
-  have_ifaddrs_h_FALSE='#'
-else
-  have_ifaddrs_h_TRUE='#'
-  have_ifaddrs_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_header_vis_h" = yes; then
-  have_vis_h_TRUE=
-  have_vis_h_FALSE='#'
-else
-  have_vis_h_TRUE='#'
-  have_vis_h_FALSE=
-fi
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for socket" >&5
-echo $ECHO_N "checking for socket... $ECHO_C" >&6
-if test "${ac_cv_funclib_socket+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_socket\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" socket; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-socket()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_socket"
-
-if false; then
-
-for ac_func in socket
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# socket
-eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_socket=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_socket=yes"
-	eval "LIB_socket="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_socket=no"
-	eval "LIB_socket="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_socket=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_socket"; then
-	LIBS="$LIB_socket $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for gethostbyname" >&5
-echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
-if test "${ac_cv_funclib_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" nsl; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gethostbyname"
-
-if false; then
-
-for ac_func in gethostbyname
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gethostbyname
-eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gethostbyname=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gethostbyname=yes"
-	eval "LIB_gethostbyname="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_gethostbyname=no"
-	eval "LIB_gethostbyname="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_gethostbyname=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_gethostbyname"; then
-	LIBS="$LIB_gethostbyname $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for syslog" >&5
-echo $ECHO_N "checking for syslog... $ECHO_C" >&6
-if test "${ac_cv_funclib_syslog+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" syslog; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-syslog()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_syslog"
-
-if false; then
-
-for ac_func in syslog
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# syslog
-eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_syslog=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_syslog=yes"
-	eval "LIB_syslog="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_syslog=no"
-	eval "LIB_syslog="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_syslog=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_syslog"; then
-	LIBS="$LIB_syslog $LIBS"
-fi
-
-
-
-
-# Check whether --with-ipv6 or --without-ipv6 was given.
-if test "${with_ipv6+set}" = set; then
-  withval="$with_ipv6"
-
-if test "$withval" = "no"; then
-	ac_cv_lib_ipv6=no
-fi
-fi;
-save_CFLAGS="${CFLAGS}"
-echo "$as_me:$LINENO: checking for IPv6 stack type" >&5
-echo $ECHO_N "checking for IPv6 stack type... $ECHO_C" >&6
-if test "${v6type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  v6type=unknown
-v6lib=none
-
-for i in v6d toshiba kame inria zeta linux; do
-	case $i in
-	v6d)
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include </usr/local/v6/include/sys/types.h>
-#ifdef __V6D__
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=v6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-I/usr/local/v6/include $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	toshiba)
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/param.h>
-#ifdef _TOSHIBA_INET6
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	kame)
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <netinet/in.h>
-#ifdef __KAME__
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	inria)
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <netinet/in.h>
-#ifdef IPV6_INRIA_VERSION
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	zeta)
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/param.h>
-#ifdef _ZETA_MINAMI_INET6
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	linux)
-		if test -d /usr/inet6; then
-			v6type=$i
-			v6lib=inet6
-			v6libdir=/usr/inet6
-			CFLAGS="-DINET6 $CFLAGS"
-		fi
-		;;
-	esac
-	if test "$v6type" != "unknown"; then
-		break
-	fi
-done
-
-if test "$v6lib" != "none"; then
-	for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
-		if test -d $dir -a -f $dir/lib$v6lib.a; then
-			LIBS="-L$dir -l$v6lib $LIBS"
-			break
-		fi
-	done
-fi
-
-fi
-echo "$as_me:$LINENO: result: $v6type" >&5
-echo "${ECHO_T}$v6type" >&6
-
-echo "$as_me:$LINENO: checking for IPv6" >&5
-echo $ECHO_N "checking for IPv6... $ECHO_C" >&6
-if test "${ac_cv_lib_ipv6+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- struct sockaddr_in6 sin6;
- int s;
-
- s = socket(AF_INET6, SOCK_DGRAM, 0);
-
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(17);
- sin6.sin6_addr = in6addr_any;
- bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_ipv6=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipv6=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ipv6" >&5
-echo "${ECHO_T}$ac_cv_lib_ipv6" >&6
-if test "$ac_cv_lib_ipv6" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_IPV6 1
-_ACEOF
-
-else
-  CFLAGS="${save_CFLAGS}"
-fi
-
-if test "$ac_cv_lib_ipv6" = yes; then
-	echo "$as_me:$LINENO: checking for in6addr_loopback" >&5
-echo $ECHO_N "checking for in6addr_loopback... $ECHO_C" >&6
-if test "${ac_cv_var_in6addr_loopback+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-struct sockaddr_in6 sin6;
-sin6.sin6_addr = in6addr_loopback;
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_in6addr_loopback=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_in6addr_loopback=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_var_in6addr_loopback" >&5
-echo "${ECHO_T}$ac_cv_var_in6addr_loopback" >&6
-	if test "$ac_cv_var_in6addr_loopback" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_IN6ADDR_LOOPBACK 1
-_ACEOF
-
-	fi
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for gethostbyname2" >&5
-echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6
-if test "${ac_cv_funclib_gethostbyname2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" inet6 ip6; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname2()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gethostbyname2=\${ac_cv_funclib_gethostbyname2-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gethostbyname2"
-
-if false; then
-
-for ac_func in gethostbyname2
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gethostbyname2
-eval "ac_tr_func=HAVE_`echo gethostbyname2 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gethostbyname2=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gethostbyname2=yes"
-	eval "LIB_gethostbyname2="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_gethostbyname2=no"
-	eval "LIB_gethostbyname2="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_gethostbyname2=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_gethostbyname2"; then
-	LIBS="$LIB_gethostbyname2 $LIBS"
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for res_search" >&5
-echo $ECHO_N "checking for res_search... $ECHO_C" >&6
-if test "${ac_cv_funclib_res_search+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-res_search(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_res_search"
-
-if false; then
-
-for ac_func in res_search
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# res_search
-eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_res_search=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_res_search=yes"
-	eval "LIB_res_search="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_res_search=no"
-	eval "LIB_res_search="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_res_search=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_res_search"; then
-	LIBS="$LIB_res_search $LIBS"
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for res_nsearch" >&5
-echo $ECHO_N "checking for res_nsearch... $ECHO_C" >&6
-if test "${ac_cv_funclib_res_nsearch+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-res_nsearch(0,0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_nsearch=$ac_lib; else ac_cv_funclib_res_nsearch=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_res_nsearch=\${ac_cv_funclib_res_nsearch-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_res_nsearch"
-
-if false; then
-
-for ac_func in res_nsearch
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# res_nsearch
-eval "ac_tr_func=HAVE_`echo res_nsearch | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_res_nsearch=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_res_nsearch=yes"
-	eval "LIB_res_nsearch="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_res_nsearch=no"
-	eval "LIB_res_nsearch="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_res_nsearch=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_res_nsearch"; then
-	LIBS="$LIB_res_nsearch $LIBS"
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for dn_expand" >&5
-echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6
-if test "${ac_cv_funclib_dn_expand+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dn_expand(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dn_expand"
-
-if false; then
-
-for ac_func in dn_expand
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dn_expand
-eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dn_expand=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dn_expand=yes"
-	eval "LIB_dn_expand="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dn_expand=no"
-	eval "LIB_dn_expand="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dn_expand=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_dn_expand"; then
-	LIBS="$LIB_dn_expand $LIBS"
-fi
-
-
-
-echo "$as_me:$LINENO: checking for _res" >&5
-echo $ECHO_N "checking for _res... $ECHO_C" >&6
-if test "${ac_cv_var__res+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-	void * foo() { return &_res; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var__res=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var__res=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var__res" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int _res;
-int foo() { return _res; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var__res=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var__res=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var__res`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE__RES 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if _res is properly declared" >&5
-echo $ECHO_N "checking if _res is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var__res_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-extern struct { int foo; } _res;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-_res.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var__res_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var__res_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var__res_declaration" >&5
-echo "${ECHO_T}$ac_cv_var__res_declaration" >&6
-if eval "test \"\$ac_cv_var__res_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE__RES_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for working snprintf" >&5
-echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6
-if test "${ac_cv_func_snprintf_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_snprintf_working=yes
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <string.h>
-int main()
-{
-	char foo[3];
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1");
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_snprintf_working=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_working" >&5
-echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6
-
-if test "$ac_cv_func_snprintf_working" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SNPRINTF 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_snprintf_working" = yes; then
-
-if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
-echo "$as_me:$LINENO: checking if snprintf needs a prototype" >&5
-echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_snprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int snprintf (struct foo*);
-snprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_snprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_snprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6
-if test "$ac_cv_func_snprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-echo "$as_me:$LINENO: checking for working vsnprintf" >&5
-echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6
-if test "${ac_cv_func_vsnprintf_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_vsnprintf_working=yes
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-int foo(int num, ...)
-{
-	char bar[3];
-	va_list arg;
-	va_start(arg, num);
-	vsnprintf(bar, 2, "%s", arg);
-	va_end(arg);
-	return strcmp(bar, "1");
-}
-
-
-int main()
-{
-	return foo(0, "12");
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_vsnprintf_working=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_working" >&5
-echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6
-
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VSNPRINTF 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-
-if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then
-echo "$as_me:$LINENO: checking if vsnprintf needs a prototype" >&5
-echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vsnprintf (struct foo*);
-vsnprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vsnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vsnprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6
-if test "$ac_cv_func_vsnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VSNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking for working glob" >&5
-echo $ECHO_N "checking for working glob... $ECHO_C" >&6
-if test "${ac_cv_func_glob_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_glob_working=yes
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <glob.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-GLOB_MAXPATH
-#else
-GLOB_LIMIT
-#endif
-,
-NULL, NULL);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_glob_working=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_glob_working" >&5
-echo "${ECHO_T}$ac_cv_func_glob_working" >&6
-
-if test "$ac_cv_func_glob_working" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GLOB 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_glob_working" = yes; then
-
-if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
-echo "$as_me:$LINENO: checking if glob needs a prototype" >&5
-echo $ECHO_N "checking if glob needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_glob_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <glob.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int glob (struct foo*);
-glob(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_glob_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_glob_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_glob_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_glob_noproto" >&6
-if test "$ac_cv_func_glob_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GLOB_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-if test "$ac_cv_func_glob_working" != yes; then
-	LIBOBJS="$LIBOBJS glob.$ac_objext"
-fi
-
-
-if test "$ac_cv_func_glob_working" = yes; then
-  have_glob_h_TRUE=
-  have_glob_h_FALSE='#'
-else
-  have_glob_h_TRUE='#'
-  have_glob_h_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in 				\
-	asnprintf				\
-	asprintf				\
-	atexit					\
-	cgetent					\
-	getconfattr				\
-	getprogname				\
-	getrlimit				\
-	getspnam				\
-	initstate				\
-	issetugid				\
-	on_exit					\
-	random					\
-	setprogname				\
-	setstate				\
-	strsvis					\
-	strunvis				\
-	strvis					\
-	strvisx					\
-	svis					\
-	sysconf					\
-	sysctl					\
-	uname					\
-	unvis					\
-	vasnprintf				\
-	vasprintf				\
-	vis					\
-
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-if test "$ac_cv_func_cgetent" = no; then
-	LIBOBJS="$LIBOBJS getcap.$ac_objext"
-fi
-
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for getsockopt" >&5
-echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6
-if test "${ac_cv_funclib_getsockopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getsockopt(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getsockopt"
-
-if false; then
-
-for ac_func in getsockopt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getsockopt
-eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getsockopt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getsockopt=yes"
-	eval "LIB_getsockopt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getsockopt=no"
-	eval "LIB_getsockopt="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getsockopt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:$LINENO: checking for setsockopt" >&5
-echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6
-if test "${ac_cv_funclib_setsockopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-setsockopt(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_setsockopt"
-
-if false; then
-
-for ac_func in setsockopt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# setsockopt
-eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_setsockopt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_setsockopt=yes"
-	eval "LIB_setsockopt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_setsockopt=no"
-	eval "LIB_setsockopt="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_setsockopt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for hstrerror" >&5
-echo $ECHO_N "checking for hstrerror... $ECHO_C" >&6
-if test "${ac_cv_funclib_hstrerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-hstrerror(17)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_hstrerror"
-
-if false; then
-
-for ac_func in hstrerror
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# hstrerror
-eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_hstrerror=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_hstrerror=yes"
-	eval "LIB_hstrerror="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_hstrerror=no"
-	eval "LIB_hstrerror="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_hstrerror=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_hstrerror"; then
-	LIBS="$LIB_hstrerror $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
-	LIBOBJS="$LIBOBJS hstrerror.$ac_objext"
-fi
-
-
-if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
-echo "$as_me:$LINENO: checking if hstrerror needs a prototype" >&5
-echo $ECHO_N "checking if hstrerror needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_hstrerror_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int hstrerror (struct foo*);
-hstrerror(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_hstrerror_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_hstrerror_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_hstrerror_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_hstrerror_noproto" >&6
-if test "$ac_cv_func_hstrerror_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_HSTRERROR_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_asprintf+set" != set -o "$ac_cv_func_asprintf" = yes; then
-echo "$as_me:$LINENO: checking if asprintf needs a prototype" >&5
-echo $ECHO_N "checking if asprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_asprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int asprintf (struct foo*);
-asprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_asprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_asprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_asprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_asprintf_noproto" >&6
-if test "$ac_cv_func_asprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_ASPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vasprintf+set" != set -o "$ac_cv_func_vasprintf" = yes; then
-echo "$as_me:$LINENO: checking if vasprintf needs a prototype" >&5
-echo $ECHO_N "checking if vasprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vasprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vasprintf (struct foo*);
-vasprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vasprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vasprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vasprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vasprintf_noproto" >&6
-if test "$ac_cv_func_vasprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VASPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_asnprintf+set" != set -o "$ac_cv_func_asnprintf" = yes; then
-echo "$as_me:$LINENO: checking if asnprintf needs a prototype" >&5
-echo $ECHO_N "checking if asnprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_asnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int asnprintf (struct foo*);
-asnprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_asnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_asnprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_asnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_asnprintf_noproto" >&6
-if test "$ac_cv_func_asnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_ASNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vasnprintf+set" != set -o "$ac_cv_func_vasnprintf" = yes; then
-echo "$as_me:$LINENO: checking if vasnprintf needs a prototype" >&5
-echo $ECHO_N "checking if vasnprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vasnprintf (struct foo*);
-vasnprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vasnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vasnprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vasnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vasnprintf_noproto" >&6
-if test "$ac_cv_func_vasnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VASNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for bswap16" >&5
-echo $ECHO_N "checking for bswap16... $ECHO_C" >&6
-if test "${ac_cv_funclib_bswap16+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-bswap16(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap16=$ac_lib; else ac_cv_funclib_bswap16=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_bswap16=\${ac_cv_funclib_bswap16-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_bswap16"
-
-if false; then
-
-for ac_func in bswap16
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# bswap16
-eval "ac_tr_func=HAVE_`echo bswap16 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_bswap16=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_bswap16=yes"
-	eval "LIB_bswap16="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_bswap16=no"
-	eval "LIB_bswap16="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_bswap16=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for bswap32" >&5
-echo $ECHO_N "checking for bswap32... $ECHO_C" >&6
-if test "${ac_cv_funclib_bswap32+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-bswap32(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap32=$ac_lib; else ac_cv_funclib_bswap32=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_bswap32=\${ac_cv_funclib_bswap32-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_bswap32"
-
-if false; then
-
-for ac_func in bswap32
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# bswap32
-eval "ac_tr_func=HAVE_`echo bswap32 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_bswap32=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_bswap32=yes"
-	eval "LIB_bswap32="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_bswap32=no"
-	eval "LIB_bswap32="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_bswap32=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for pidfile" >&5
-echo $ECHO_N "checking for pidfile... $ECHO_C" >&6
-if test "${ac_cv_funclib_pidfile+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-pidfile(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_pidfile=$ac_lib; else ac_cv_funclib_pidfile=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_pidfile=\${ac_cv_funclib_pidfile-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_pidfile"
-
-if false; then
-
-for ac_func in pidfile
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# pidfile
-eval "ac_tr_func=HAVE_`echo pidfile | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_pidfile=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_pidfile=yes"
-	eval "LIB_pidfile="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_pidfile=no"
-	eval "LIB_pidfile="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_pidfile=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for getaddrinfo" >&5
-echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6
-if test "${ac_cv_funclib_getaddrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getaddrinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getaddrinfo(0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getaddrinfo=$ac_lib; else ac_cv_funclib_getaddrinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getaddrinfo=\${ac_cv_funclib_getaddrinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getaddrinfo"
-
-if false; then
-
-for ac_func in getaddrinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getaddrinfo
-eval "ac_tr_func=HAVE_`echo getaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getaddrinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getaddrinfo=yes"
-	eval "LIB_getaddrinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getaddrinfo=no"
-	eval "LIB_getaddrinfo="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getaddrinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_getaddrinfo"; then
-	LIBS="$LIB_getaddrinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_getaddrinfo\" != yes"; then
-	LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for getnameinfo" >&5
-echo $ECHO_N "checking for getnameinfo... $ECHO_C" >&6
-if test "${ac_cv_funclib_getnameinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getnameinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getnameinfo(0,0,0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getnameinfo=$ac_lib; else ac_cv_funclib_getnameinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getnameinfo=\${ac_cv_funclib_getnameinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getnameinfo"
-
-if false; then
-
-for ac_func in getnameinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getnameinfo
-eval "ac_tr_func=HAVE_`echo getnameinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getnameinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getnameinfo=yes"
-	eval "LIB_getnameinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getnameinfo=no"
-	eval "LIB_getnameinfo="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getnameinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_getnameinfo"; then
-	LIBS="$LIB_getnameinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_getnameinfo\" != yes"; then
-	LIBOBJS="$LIBOBJS getnameinfo.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for freeaddrinfo" >&5
-echo $ECHO_N "checking for freeaddrinfo... $ECHO_C" >&6
-if test "${ac_cv_funclib_freeaddrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_freeaddrinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-freeaddrinfo(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_freeaddrinfo=$ac_lib; else ac_cv_funclib_freeaddrinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_freeaddrinfo=\${ac_cv_funclib_freeaddrinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_freeaddrinfo"
-
-if false; then
-
-for ac_func in freeaddrinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# freeaddrinfo
-eval "ac_tr_func=HAVE_`echo freeaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_freeaddrinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_freeaddrinfo=yes"
-	eval "LIB_freeaddrinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_freeaddrinfo=no"
-	eval "LIB_freeaddrinfo="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_freeaddrinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_freeaddrinfo"; then
-	LIBS="$LIB_freeaddrinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_freeaddrinfo\" != yes"; then
-	LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for gai_strerror" >&5
-echo $ECHO_N "checking for gai_strerror... $ECHO_C" >&6
-if test "${ac_cv_funclib_gai_strerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gai_strerror\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gai_strerror(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gai_strerror=$ac_lib; else ac_cv_funclib_gai_strerror=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gai_strerror=\${ac_cv_funclib_gai_strerror-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gai_strerror"
-
-if false; then
-
-for ac_func in gai_strerror
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gai_strerror
-eval "ac_tr_func=HAVE_`echo gai_strerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gai_strerror=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gai_strerror=yes"
-	eval "LIB_gai_strerror="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_gai_strerror=no"
-	eval "LIB_gai_strerror="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_gai_strerror=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_gai_strerror"; then
-	LIBS="$LIB_gai_strerror $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_gai_strerror\" != yes"; then
-	LIBOBJS="$LIBOBJS gai_strerror.$ac_objext"
-fi
-
-
-echo "$as_me:$LINENO: checking for chown" >&5
-echo $ECHO_N "checking for chown... $ECHO_C" >&6
-if test "${ac_cv_func_chown+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char chown (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char chown ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_chown) || defined (__stub___chown)
-choke me
-#else
-f = chown;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_chown=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_chown=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_chown" >&5
-echo "${ECHO_T}$ac_cv_func_chown" >&6
-if test $ac_cv_func_chown = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_CHOWN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS chown.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for copyhostent" >&5
-echo $ECHO_N "checking for copyhostent... $ECHO_C" >&6
-if test "${ac_cv_func_copyhostent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char copyhostent (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char copyhostent ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_copyhostent) || defined (__stub___copyhostent)
-choke me
-#else
-f = copyhostent;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_copyhostent=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_copyhostent=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_copyhostent" >&5
-echo "${ECHO_T}$ac_cv_func_copyhostent" >&6
-if test $ac_cv_func_copyhostent = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_COPYHOSTENT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS copyhostent.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for daemon" >&5
-echo $ECHO_N "checking for daemon... $ECHO_C" >&6
-if test "${ac_cv_func_daemon+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char daemon (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char daemon ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_daemon) || defined (__stub___daemon)
-choke me
-#else
-f = daemon;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_daemon=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_daemon=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5
-echo "${ECHO_T}$ac_cv_func_daemon" >&6
-if test $ac_cv_func_daemon = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DAEMON 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS daemon.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for ecalloc" >&5
-echo $ECHO_N "checking for ecalloc... $ECHO_C" >&6
-if test "${ac_cv_func_ecalloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char ecalloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char ecalloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_ecalloc) || defined (__stub___ecalloc)
-choke me
-#else
-f = ecalloc;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_ecalloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_ecalloc=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_ecalloc" >&5
-echo "${ECHO_T}$ac_cv_func_ecalloc" >&6
-if test $ac_cv_func_ecalloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ECALLOC 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS ecalloc.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for emalloc" >&5
-echo $ECHO_N "checking for emalloc... $ECHO_C" >&6
-if test "${ac_cv_func_emalloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char emalloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char emalloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_emalloc) || defined (__stub___emalloc)
-choke me
-#else
-f = emalloc;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_emalloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_emalloc=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_emalloc" >&5
-echo "${ECHO_T}$ac_cv_func_emalloc" >&6
-if test $ac_cv_func_emalloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_EMALLOC 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS emalloc.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for erealloc" >&5
-echo $ECHO_N "checking for erealloc... $ECHO_C" >&6
-if test "${ac_cv_func_erealloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char erealloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char erealloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_erealloc) || defined (__stub___erealloc)
-choke me
-#else
-f = erealloc;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_erealloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_erealloc=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_erealloc" >&5
-echo "${ECHO_T}$ac_cv_func_erealloc" >&6
-if test $ac_cv_func_erealloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_EREALLOC 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS erealloc.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for estrdup" >&5
-echo $ECHO_N "checking for estrdup... $ECHO_C" >&6
-if test "${ac_cv_func_estrdup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char estrdup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char estrdup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_estrdup) || defined (__stub___estrdup)
-choke me
-#else
-f = estrdup;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_estrdup=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_estrdup=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_estrdup" >&5
-echo "${ECHO_T}$ac_cv_func_estrdup" >&6
-if test $ac_cv_func_estrdup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ESTRDUP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS estrdup.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for err" >&5
-echo $ECHO_N "checking for err... $ECHO_C" >&6
-if test "${ac_cv_func_err+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char err (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char err ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_err) || defined (__stub___err)
-choke me
-#else
-f = err;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_err=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_err=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_err" >&5
-echo "${ECHO_T}$ac_cv_func_err" >&6
-if test $ac_cv_func_err = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ERR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS err.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for errx" >&5
-echo $ECHO_N "checking for errx... $ECHO_C" >&6
-if test "${ac_cv_func_errx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char errx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char errx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_errx) || defined (__stub___errx)
-choke me
-#else
-f = errx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_errx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_errx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_errx" >&5
-echo "${ECHO_T}$ac_cv_func_errx" >&6
-if test $ac_cv_func_errx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ERRX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS errx.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for fchown" >&5
-echo $ECHO_N "checking for fchown... $ECHO_C" >&6
-if test "${ac_cv_func_fchown+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char fchown (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char fchown ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_fchown) || defined (__stub___fchown)
-choke me
-#else
-f = fchown;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_fchown=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_fchown=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_fchown" >&5
-echo "${ECHO_T}$ac_cv_func_fchown" >&6
-if test $ac_cv_func_fchown = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FCHOWN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS fchown.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for flock" >&5
-echo $ECHO_N "checking for flock... $ECHO_C" >&6
-if test "${ac_cv_func_flock+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char flock (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char flock ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_flock) || defined (__stub___flock)
-choke me
-#else
-f = flock;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_flock=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_flock=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_flock" >&5
-echo "${ECHO_T}$ac_cv_func_flock" >&6
-if test $ac_cv_func_flock = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FLOCK 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS flock.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for fnmatch" >&5
-echo $ECHO_N "checking for fnmatch... $ECHO_C" >&6
-if test "${ac_cv_func_fnmatch+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char fnmatch (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char fnmatch ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_fnmatch) || defined (__stub___fnmatch)
-choke me
-#else
-f = fnmatch;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_fnmatch=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_fnmatch=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_fnmatch" >&5
-echo "${ECHO_T}$ac_cv_func_fnmatch" >&6
-if test $ac_cv_func_fnmatch = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FNMATCH 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS fnmatch.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for freehostent" >&5
-echo $ECHO_N "checking for freehostent... $ECHO_C" >&6
-if test "${ac_cv_func_freehostent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char freehostent (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char freehostent ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_freehostent) || defined (__stub___freehostent)
-choke me
-#else
-f = freehostent;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_freehostent=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_freehostent=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_freehostent" >&5
-echo "${ECHO_T}$ac_cv_func_freehostent" >&6
-if test $ac_cv_func_freehostent = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FREEHOSTENT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS freehostent.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getcwd" >&5
-echo $ECHO_N "checking for getcwd... $ECHO_C" >&6
-if test "${ac_cv_func_getcwd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getcwd (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getcwd ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getcwd) || defined (__stub___getcwd)
-choke me
-#else
-f = getcwd;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getcwd=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getcwd=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getcwd" >&5
-echo "${ECHO_T}$ac_cv_func_getcwd" >&6
-if test $ac_cv_func_getcwd = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETCWD 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getcwd.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getdtablesize" >&5
-echo $ECHO_N "checking for getdtablesize... $ECHO_C" >&6
-if test "${ac_cv_func_getdtablesize+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getdtablesize (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getdtablesize ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getdtablesize) || defined (__stub___getdtablesize)
-choke me
-#else
-f = getdtablesize;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getdtablesize=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getdtablesize=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getdtablesize" >&5
-echo "${ECHO_T}$ac_cv_func_getdtablesize" >&6
-if test $ac_cv_func_getdtablesize = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETDTABLESIZE 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getdtablesize.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getegid" >&5
-echo $ECHO_N "checking for getegid... $ECHO_C" >&6
-if test "${ac_cv_func_getegid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getegid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getegid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getegid) || defined (__stub___getegid)
-choke me
-#else
-f = getegid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getegid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getegid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getegid" >&5
-echo "${ECHO_T}$ac_cv_func_getegid" >&6
-if test $ac_cv_func_getegid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETEGID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getegid.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for geteuid" >&5
-echo $ECHO_N "checking for geteuid... $ECHO_C" >&6
-if test "${ac_cv_func_geteuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char geteuid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char geteuid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_geteuid) || defined (__stub___geteuid)
-choke me
-#else
-f = geteuid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_geteuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_geteuid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_geteuid" >&5
-echo "${ECHO_T}$ac_cv_func_geteuid" >&6
-if test $ac_cv_func_geteuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETEUID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS geteuid.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getgid" >&5
-echo $ECHO_N "checking for getgid... $ECHO_C" >&6
-if test "${ac_cv_func_getgid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getgid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getgid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getgid) || defined (__stub___getgid)
-choke me
-#else
-f = getgid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getgid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getgid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getgid" >&5
-echo "${ECHO_T}$ac_cv_func_getgid" >&6
-if test $ac_cv_func_getgid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETGID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getgid.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for gethostname" >&5
-echo $ECHO_N "checking for gethostname... $ECHO_C" >&6
-if test "${ac_cv_func_gethostname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gethostname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_gethostname) || defined (__stub___gethostname)
-choke me
-#else
-f = gethostname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_gethostname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gethostname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_gethostname" >&5
-echo "${ECHO_T}$ac_cv_func_gethostname" >&6
-if test $ac_cv_func_gethostname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETHOSTNAME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS gethostname.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getifaddrs" >&5
-echo $ECHO_N "checking for getifaddrs... $ECHO_C" >&6
-if test "${ac_cv_func_getifaddrs+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getifaddrs (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getifaddrs ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getifaddrs) || defined (__stub___getifaddrs)
-choke me
-#else
-f = getifaddrs;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getifaddrs=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getifaddrs=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getifaddrs" >&5
-echo "${ECHO_T}$ac_cv_func_getifaddrs" >&6
-if test $ac_cv_func_getifaddrs = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIFADDRS 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getifaddrs.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getipnodebyaddr" >&5
-echo $ECHO_N "checking for getipnodebyaddr... $ECHO_C" >&6
-if test "${ac_cv_func_getipnodebyaddr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getipnodebyaddr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getipnodebyaddr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getipnodebyaddr) || defined (__stub___getipnodebyaddr)
-choke me
-#else
-f = getipnodebyaddr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getipnodebyaddr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getipnodebyaddr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyaddr" >&5
-echo "${ECHO_T}$ac_cv_func_getipnodebyaddr" >&6
-if test $ac_cv_func_getipnodebyaddr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIPNODEBYADDR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getipnodebyaddr.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getipnodebyname" >&5
-echo $ECHO_N "checking for getipnodebyname... $ECHO_C" >&6
-if test "${ac_cv_func_getipnodebyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getipnodebyname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getipnodebyname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getipnodebyname) || defined (__stub___getipnodebyname)
-choke me
-#else
-f = getipnodebyname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getipnodebyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getipnodebyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyname" >&5
-echo "${ECHO_T}$ac_cv_func_getipnodebyname" >&6
-if test $ac_cv_func_getipnodebyname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIPNODEBYNAME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getipnodebyname.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getopt" >&5
-echo $ECHO_N "checking for getopt... $ECHO_C" >&6
-if test "${ac_cv_func_getopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getopt (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getopt ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getopt) || defined (__stub___getopt)
-choke me
-#else
-f = getopt;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getopt=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getopt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getopt" >&5
-echo "${ECHO_T}$ac_cv_func_getopt" >&6
-if test $ac_cv_func_getopt = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETOPT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getopt.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for gettimeofday" >&5
-echo $ECHO_N "checking for gettimeofday... $ECHO_C" >&6
-if test "${ac_cv_func_gettimeofday+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gettimeofday (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gettimeofday ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_gettimeofday) || defined (__stub___gettimeofday)
-choke me
-#else
-f = gettimeofday;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_gettimeofday=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gettimeofday=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_gettimeofday" >&5
-echo "${ECHO_T}$ac_cv_func_gettimeofday" >&6
-if test $ac_cv_func_gettimeofday = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETTIMEOFDAY 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS gettimeofday.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getuid" >&5
-echo $ECHO_N "checking for getuid... $ECHO_C" >&6
-if test "${ac_cv_func_getuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getuid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getuid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getuid) || defined (__stub___getuid)
-choke me
-#else
-f = getuid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getuid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getuid" >&5
-echo "${ECHO_T}$ac_cv_func_getuid" >&6
-if test $ac_cv_func_getuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getuid.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for getusershell" >&5
-echo $ECHO_N "checking for getusershell... $ECHO_C" >&6
-if test "${ac_cv_func_getusershell+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getusershell (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getusershell ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getusershell) || defined (__stub___getusershell)
-choke me
-#else
-f = getusershell;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getusershell=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getusershell=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getusershell" >&5
-echo "${ECHO_T}$ac_cv_func_getusershell" >&6
-if test $ac_cv_func_getusershell = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUSERSHELL 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getusershell.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for initgroups" >&5
-echo $ECHO_N "checking for initgroups... $ECHO_C" >&6
-if test "${ac_cv_func_initgroups+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char initgroups (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char initgroups ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_initgroups) || defined (__stub___initgroups)
-choke me
-#else
-f = initgroups;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_initgroups=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_initgroups=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_initgroups" >&5
-echo "${ECHO_T}$ac_cv_func_initgroups" >&6
-if test $ac_cv_func_initgroups = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INITGROUPS 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS initgroups.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for innetgr" >&5
-echo $ECHO_N "checking for innetgr... $ECHO_C" >&6
-if test "${ac_cv_func_innetgr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char innetgr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char innetgr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_innetgr) || defined (__stub___innetgr)
-choke me
-#else
-f = innetgr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_innetgr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_innetgr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_innetgr" >&5
-echo "${ECHO_T}$ac_cv_func_innetgr" >&6
-if test $ac_cv_func_innetgr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INNETGR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS innetgr.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for iruserok" >&5
-echo $ECHO_N "checking for iruserok... $ECHO_C" >&6
-if test "${ac_cv_func_iruserok+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char iruserok (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char iruserok ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_iruserok) || defined (__stub___iruserok)
-choke me
-#else
-f = iruserok;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_iruserok=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_iruserok=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_iruserok" >&5
-echo "${ECHO_T}$ac_cv_func_iruserok" >&6
-if test $ac_cv_func_iruserok = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_IRUSEROK 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS iruserok.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for localtime_r" >&5
-echo $ECHO_N "checking for localtime_r... $ECHO_C" >&6
-if test "${ac_cv_func_localtime_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char localtime_r (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char localtime_r ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_localtime_r) || defined (__stub___localtime_r)
-choke me
-#else
-f = localtime_r;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_localtime_r=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_localtime_r=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_localtime_r" >&5
-echo "${ECHO_T}$ac_cv_func_localtime_r" >&6
-if test $ac_cv_func_localtime_r = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LOCALTIME_R 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS localtime_r.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for lstat" >&5
-echo $ECHO_N "checking for lstat... $ECHO_C" >&6
-if test "${ac_cv_func_lstat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char lstat (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char lstat ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_lstat) || defined (__stub___lstat)
-choke me
-#else
-f = lstat;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_lstat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_lstat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_lstat" >&5
-echo "${ECHO_T}$ac_cv_func_lstat" >&6
-if test $ac_cv_func_lstat = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LSTAT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS lstat.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for memmove" >&5
-echo $ECHO_N "checking for memmove... $ECHO_C" >&6
-if test "${ac_cv_func_memmove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char memmove (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char memmove ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_memmove) || defined (__stub___memmove)
-choke me
-#else
-f = memmove;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_memmove=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_memmove=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_memmove" >&5
-echo "${ECHO_T}$ac_cv_func_memmove" >&6
-if test $ac_cv_func_memmove = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_MEMMOVE 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS memmove.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for mkstemp" >&5
-echo $ECHO_N "checking for mkstemp... $ECHO_C" >&6
-if test "${ac_cv_func_mkstemp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char mkstemp (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char mkstemp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_mkstemp) || defined (__stub___mkstemp)
-choke me
-#else
-f = mkstemp;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_mkstemp=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_mkstemp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp" >&5
-echo "${ECHO_T}$ac_cv_func_mkstemp" >&6
-if test $ac_cv_func_mkstemp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_MKSTEMP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS mkstemp.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for putenv" >&5
-echo $ECHO_N "checking for putenv... $ECHO_C" >&6
-if test "${ac_cv_func_putenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char putenv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char putenv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_putenv) || defined (__stub___putenv)
-choke me
-#else
-f = putenv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_putenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_putenv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_putenv" >&5
-echo "${ECHO_T}$ac_cv_func_putenv" >&6
-if test $ac_cv_func_putenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_PUTENV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS putenv.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for rcmd" >&5
-echo $ECHO_N "checking for rcmd... $ECHO_C" >&6
-if test "${ac_cv_func_rcmd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char rcmd (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char rcmd ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_rcmd) || defined (__stub___rcmd)
-choke me
-#else
-f = rcmd;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_rcmd=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_rcmd=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_rcmd" >&5
-echo "${ECHO_T}$ac_cv_func_rcmd" >&6
-if test $ac_cv_func_rcmd = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_RCMD 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS rcmd.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for readv" >&5
-echo $ECHO_N "checking for readv... $ECHO_C" >&6
-if test "${ac_cv_func_readv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char readv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char readv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_readv) || defined (__stub___readv)
-choke me
-#else
-f = readv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_readv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_readv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_readv" >&5
-echo "${ECHO_T}$ac_cv_func_readv" >&6
-if test $ac_cv_func_readv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_READV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS readv.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for recvmsg" >&5
-echo $ECHO_N "checking for recvmsg... $ECHO_C" >&6
-if test "${ac_cv_func_recvmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char recvmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char recvmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_recvmsg) || defined (__stub___recvmsg)
-choke me
-#else
-f = recvmsg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_recvmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_recvmsg=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_recvmsg" >&5
-echo "${ECHO_T}$ac_cv_func_recvmsg" >&6
-if test $ac_cv_func_recvmsg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_RECVMSG 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS recvmsg.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for sendmsg" >&5
-echo $ECHO_N "checking for sendmsg... $ECHO_C" >&6
-if test "${ac_cv_func_sendmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char sendmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char sendmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_sendmsg) || defined (__stub___sendmsg)
-choke me
-#else
-f = sendmsg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_sendmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_sendmsg=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_sendmsg" >&5
-echo "${ECHO_T}$ac_cv_func_sendmsg" >&6
-if test $ac_cv_func_sendmsg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SENDMSG 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS sendmsg.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for setegid" >&5
-echo $ECHO_N "checking for setegid... $ECHO_C" >&6
-if test "${ac_cv_func_setegid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setegid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setegid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setegid) || defined (__stub___setegid)
-choke me
-#else
-f = setegid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_setegid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_setegid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_setegid" >&5
-echo "${ECHO_T}$ac_cv_func_setegid" >&6
-if test $ac_cv_func_setegid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETEGID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS setegid.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for setenv" >&5
-echo $ECHO_N "checking for setenv... $ECHO_C" >&6
-if test "${ac_cv_func_setenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setenv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setenv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setenv) || defined (__stub___setenv)
-choke me
-#else
-f = setenv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_setenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_setenv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_setenv" >&5
-echo "${ECHO_T}$ac_cv_func_setenv" >&6
-if test $ac_cv_func_setenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETENV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS setenv.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for seteuid" >&5
-echo $ECHO_N "checking for seteuid... $ECHO_C" >&6
-if test "${ac_cv_func_seteuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char seteuid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char seteuid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_seteuid) || defined (__stub___seteuid)
-choke me
-#else
-f = seteuid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_seteuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_seteuid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_seteuid" >&5
-echo "${ECHO_T}$ac_cv_func_seteuid" >&6
-if test $ac_cv_func_seteuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETEUID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS seteuid.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strcasecmp" >&5
-echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6
-if test "${ac_cv_func_strcasecmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strcasecmp (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strcasecmp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strcasecmp) || defined (__stub___strcasecmp)
-choke me
-#else
-f = strcasecmp;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strcasecmp=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strcasecmp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strcasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6
-if test $ac_cv_func_strcasecmp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRCASECMP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strcasecmp.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strdup" >&5
-echo $ECHO_N "checking for strdup... $ECHO_C" >&6
-if test "${ac_cv_func_strdup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strdup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strdup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strdup) || defined (__stub___strdup)
-choke me
-#else
-f = strdup;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strdup=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strdup=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strdup" >&5
-echo "${ECHO_T}$ac_cv_func_strdup" >&6
-if test $ac_cv_func_strdup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRDUP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strdup.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strerror" >&5
-echo $ECHO_N "checking for strerror... $ECHO_C" >&6
-if test "${ac_cv_func_strerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strerror (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strerror ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strerror) || defined (__stub___strerror)
-choke me
-#else
-f = strerror;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strerror=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strerror=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strerror" >&5
-echo "${ECHO_T}$ac_cv_func_strerror" >&6
-if test $ac_cv_func_strerror = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRERROR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strerror.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strftime" >&5
-echo $ECHO_N "checking for strftime... $ECHO_C" >&6
-if test "${ac_cv_func_strftime+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strftime (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strftime ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strftime) || defined (__stub___strftime)
-choke me
-#else
-f = strftime;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strftime=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strftime=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strftime" >&5
-echo "${ECHO_T}$ac_cv_func_strftime" >&6
-if test $ac_cv_func_strftime = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRFTIME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strftime.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strlcat" >&5
-echo $ECHO_N "checking for strlcat... $ECHO_C" >&6
-if test "${ac_cv_func_strlcat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlcat (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlcat ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlcat) || defined (__stub___strlcat)
-choke me
-#else
-f = strlcat;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strlcat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strlcat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strlcat" >&5
-echo "${ECHO_T}$ac_cv_func_strlcat" >&6
-if test $ac_cv_func_strlcat = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLCAT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strlcat.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strlcpy" >&5
-echo $ECHO_N "checking for strlcpy... $ECHO_C" >&6
-if test "${ac_cv_func_strlcpy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlcpy (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlcpy ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlcpy) || defined (__stub___strlcpy)
-choke me
-#else
-f = strlcpy;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strlcpy=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strlcpy=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strlcpy" >&5
-echo "${ECHO_T}$ac_cv_func_strlcpy" >&6
-if test $ac_cv_func_strlcpy = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLCPY 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strlcpy.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strlwr" >&5
-echo $ECHO_N "checking for strlwr... $ECHO_C" >&6
-if test "${ac_cv_func_strlwr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlwr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlwr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlwr) || defined (__stub___strlwr)
-choke me
-#else
-f = strlwr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strlwr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strlwr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strlwr" >&5
-echo "${ECHO_T}$ac_cv_func_strlwr" >&6
-if test $ac_cv_func_strlwr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLWR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strlwr.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strncasecmp" >&5
-echo $ECHO_N "checking for strncasecmp... $ECHO_C" >&6
-if test "${ac_cv_func_strncasecmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strncasecmp (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strncasecmp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strncasecmp) || defined (__stub___strncasecmp)
-choke me
-#else
-f = strncasecmp;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strncasecmp=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strncasecmp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strncasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strncasecmp" >&6
-if test $ac_cv_func_strncasecmp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNCASECMP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strncasecmp.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strndup" >&5
-echo $ECHO_N "checking for strndup... $ECHO_C" >&6
-if test "${ac_cv_func_strndup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strndup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strndup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strndup) || defined (__stub___strndup)
-choke me
-#else
-f = strndup;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strndup=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strndup=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strndup" >&5
-echo "${ECHO_T}$ac_cv_func_strndup" >&6
-if test $ac_cv_func_strndup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNDUP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strndup.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strnlen" >&5
-echo $ECHO_N "checking for strnlen... $ECHO_C" >&6
-if test "${ac_cv_func_strnlen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strnlen (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strnlen ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strnlen) || defined (__stub___strnlen)
-choke me
-#else
-f = strnlen;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strnlen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strnlen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strnlen" >&5
-echo "${ECHO_T}$ac_cv_func_strnlen" >&6
-if test $ac_cv_func_strnlen = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNLEN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strnlen.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strptime" >&5
-echo $ECHO_N "checking for strptime... $ECHO_C" >&6
-if test "${ac_cv_func_strptime+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strptime (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strptime ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strptime) || defined (__stub___strptime)
-choke me
-#else
-f = strptime;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strptime=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strptime=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strptime" >&5
-echo "${ECHO_T}$ac_cv_func_strptime" >&6
-if test $ac_cv_func_strptime = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRPTIME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strptime.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strsep" >&5
-echo $ECHO_N "checking for strsep... $ECHO_C" >&6
-if test "${ac_cv_func_strsep+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strsep ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strsep) || defined (__stub___strsep)
-choke me
-#else
-f = strsep;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strsep=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strsep=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strsep" >&5
-echo "${ECHO_T}$ac_cv_func_strsep" >&6
-if test $ac_cv_func_strsep = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRSEP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strsep.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strsep_copy" >&5
-echo $ECHO_N "checking for strsep_copy... $ECHO_C" >&6
-if test "${ac_cv_func_strsep_copy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep_copy (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strsep_copy ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strsep_copy) || defined (__stub___strsep_copy)
-choke me
-#else
-f = strsep_copy;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strsep_copy=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strsep_copy=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strsep_copy" >&5
-echo "${ECHO_T}$ac_cv_func_strsep_copy" >&6
-if test $ac_cv_func_strsep_copy = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRSEP_COPY 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strsep_copy.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strtok_r" >&5
-echo $ECHO_N "checking for strtok_r... $ECHO_C" >&6
-if test "${ac_cv_func_strtok_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strtok_r (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strtok_r ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strtok_r) || defined (__stub___strtok_r)
-choke me
-#else
-f = strtok_r;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strtok_r=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strtok_r=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r" >&5
-echo "${ECHO_T}$ac_cv_func_strtok_r" >&6
-if test $ac_cv_func_strtok_r = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRTOK_R 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strtok_r.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for strupr" >&5
-echo $ECHO_N "checking for strupr... $ECHO_C" >&6
-if test "${ac_cv_func_strupr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strupr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strupr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strupr) || defined (__stub___strupr)
-choke me
-#else
-f = strupr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strupr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strupr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strupr" >&5
-echo "${ECHO_T}$ac_cv_func_strupr" >&6
-if test $ac_cv_func_strupr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUPR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strupr.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for swab" >&5
-echo $ECHO_N "checking for swab... $ECHO_C" >&6
-if test "${ac_cv_func_swab+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char swab (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char swab ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_swab) || defined (__stub___swab)
-choke me
-#else
-f = swab;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_swab=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_swab=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_swab" >&5
-echo "${ECHO_T}$ac_cv_func_swab" >&6
-if test $ac_cv_func_swab = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SWAB 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS swab.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for unsetenv" >&5
-echo $ECHO_N "checking for unsetenv... $ECHO_C" >&6
-if test "${ac_cv_func_unsetenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char unsetenv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char unsetenv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_unsetenv) || defined (__stub___unsetenv)
-choke me
-#else
-f = unsetenv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_unsetenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_unsetenv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv" >&5
-echo "${ECHO_T}$ac_cv_func_unsetenv" >&6
-if test $ac_cv_func_unsetenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UNSETENV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS unsetenv.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for verr" >&5
-echo $ECHO_N "checking for verr... $ECHO_C" >&6
-if test "${ac_cv_func_verr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char verr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char verr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_verr) || defined (__stub___verr)
-choke me
-#else
-f = verr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_verr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_verr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_verr" >&5
-echo "${ECHO_T}$ac_cv_func_verr" >&6
-if test $ac_cv_func_verr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VERR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS verr.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for verrx" >&5
-echo $ECHO_N "checking for verrx... $ECHO_C" >&6
-if test "${ac_cv_func_verrx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char verrx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char verrx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_verrx) || defined (__stub___verrx)
-choke me
-#else
-f = verrx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_verrx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_verrx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_verrx" >&5
-echo "${ECHO_T}$ac_cv_func_verrx" >&6
-if test $ac_cv_func_verrx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VERRX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS verrx.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for vsyslog" >&5
-echo $ECHO_N "checking for vsyslog... $ECHO_C" >&6
-if test "${ac_cv_func_vsyslog+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vsyslog (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vsyslog ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vsyslog) || defined (__stub___vsyslog)
-choke me
-#else
-f = vsyslog;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_vsyslog=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_vsyslog=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vsyslog" >&5
-echo "${ECHO_T}$ac_cv_func_vsyslog" >&6
-if test $ac_cv_func_vsyslog = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VSYSLOG 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS vsyslog.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for vwarn" >&5
-echo $ECHO_N "checking for vwarn... $ECHO_C" >&6
-if test "${ac_cv_func_vwarn+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vwarn (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vwarn ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vwarn) || defined (__stub___vwarn)
-choke me
-#else
-f = vwarn;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_vwarn=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_vwarn=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vwarn" >&5
-echo "${ECHO_T}$ac_cv_func_vwarn" >&6
-if test $ac_cv_func_vwarn = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VWARN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS vwarn.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for vwarnx" >&5
-echo $ECHO_N "checking for vwarnx... $ECHO_C" >&6
-if test "${ac_cv_func_vwarnx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vwarnx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vwarnx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vwarnx) || defined (__stub___vwarnx)
-choke me
-#else
-f = vwarnx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_vwarnx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_vwarnx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vwarnx" >&5
-echo "${ECHO_T}$ac_cv_func_vwarnx" >&6
-if test $ac_cv_func_vwarnx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VWARNX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS vwarnx.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for warn" >&5
-echo $ECHO_N "checking for warn... $ECHO_C" >&6
-if test "${ac_cv_func_warn+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char warn (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char warn ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_warn) || defined (__stub___warn)
-choke me
-#else
-f = warn;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_warn=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_warn=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_warn" >&5
-echo "${ECHO_T}$ac_cv_func_warn" >&6
-if test $ac_cv_func_warn = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WARN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS warn.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for warnx" >&5
-echo $ECHO_N "checking for warnx... $ECHO_C" >&6
-if test "${ac_cv_func_warnx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char warnx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char warnx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_warnx) || defined (__stub___warnx)
-choke me
-#else
-f = warnx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_warnx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_warnx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_warnx" >&5
-echo "${ECHO_T}$ac_cv_func_warnx" >&6
-if test $ac_cv_func_warnx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WARNX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS warnx.$ac_objext"
-fi
-echo "$as_me:$LINENO: checking for writev" >&5
-echo $ECHO_N "checking for writev... $ECHO_C" >&6
-if test "${ac_cv_func_writev+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char writev (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char writev ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_writev) || defined (__stub___writev)
-choke me
-#else
-f = writev;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_writev=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_writev=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_writev" >&5
-echo "${ECHO_T}$ac_cv_func_writev" >&6
-if test $ac_cv_func_writev = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WRITEV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS writev.$ac_objext"
-fi
-
-
-
-if test "$ac_cv_func_strndup+set" != set -o "$ac_cv_func_strndup" = yes; then
-echo "$as_me:$LINENO: checking if strndup needs a prototype" >&5
-echo $ECHO_N "checking if strndup needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strndup_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strndup (struct foo*);
-strndup(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strndup_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strndup_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strndup_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strndup_noproto" >&6
-if test "$ac_cv_func_strndup_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRNDUP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
-echo "$as_me:$LINENO: checking if strsep needs a prototype" >&5
-echo $ECHO_N "checking if strsep needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strsep_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strsep (struct foo*);
-strsep(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strsep_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strsep_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strsep_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strsep_noproto" >&6
-if test "$ac_cv_func_strsep_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRSEP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
-echo "$as_me:$LINENO: checking if strtok_r needs a prototype" >&5
-echo $ECHO_N "checking if strtok_r needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strtok_r_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strtok_r (struct foo*);
-strtok_r(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strtok_r_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strtok_r_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strtok_r_noproto" >&6
-if test "$ac_cv_func_strtok_r_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRTOK_R_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_strsvis+set" != set -o "$ac_cv_func_strsvis" = yes; then
-echo "$as_me:$LINENO: checking if strsvis needs a prototype" >&5
-echo $ECHO_N "checking if strsvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strsvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strsvis (struct foo*);
-strsvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strsvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strsvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strsvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strsvis_noproto" >&6
-if test "$ac_cv_func_strsvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRSVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strunvis+set" != set -o "$ac_cv_func_strunvis" = yes; then
-echo "$as_me:$LINENO: checking if strunvis needs a prototype" >&5
-echo $ECHO_N "checking if strunvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strunvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strunvis (struct foo*);
-strunvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strunvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strunvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strunvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strunvis_noproto" >&6
-if test "$ac_cv_func_strunvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRUNVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strvis+set" != set -o "$ac_cv_func_strvis" = yes; then
-echo "$as_me:$LINENO: checking if strvis needs a prototype" >&5
-echo $ECHO_N "checking if strvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strvis (struct foo*);
-strvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strvis_noproto" >&6
-if test "$ac_cv_func_strvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strvisx+set" != set -o "$ac_cv_func_strvisx" = yes; then
-echo "$as_me:$LINENO: checking if strvisx needs a prototype" >&5
-echo $ECHO_N "checking if strvisx needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strvisx_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strvisx (struct foo*);
-strvisx(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strvisx_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strvisx_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strvisx_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strvisx_noproto" >&6
-if test "$ac_cv_func_strvisx_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRVISX_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_svis+set" != set -o "$ac_cv_func_svis" = yes; then
-echo "$as_me:$LINENO: checking if svis needs a prototype" >&5
-echo $ECHO_N "checking if svis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_svis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int svis (struct foo*);
-svis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_svis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_svis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_svis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_svis_noproto" >&6
-if test "$ac_cv_func_svis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_unvis+set" != set -o "$ac_cv_func_unvis" = yes; then
-echo "$as_me:$LINENO: checking if unvis needs a prototype" >&5
-echo $ECHO_N "checking if unvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_unvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int unvis (struct foo*);
-unvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_unvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_unvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_unvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_unvis_noproto" >&6
-if test "$ac_cv_func_unvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_UNVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vis+set" != set -o "$ac_cv_func_vis" = yes; then
-echo "$as_me:$LINENO: checking if vis needs a prototype" >&5
-echo $ECHO_N "checking if vis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vis (struct foo*);
-vis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_vis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vis_noproto" >&6
-if test "$ac_cv_func_vis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-echo "$as_me:$LINENO: checking for inet_aton" >&5
-echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6
-if test "${ac_cv_func_inet_aton+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_aton) || defined (__stub___inet_aton)
-choke me
-#else
-inet_aton(0,0)
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_aton=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_aton=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_aton}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_ATON 1
-_ACEOF
-
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-  LIBOBJS="$LIBOBJS inet_aton.$ac_objext"
-fi
-
-echo "$as_me:$LINENO: checking for inet_ntop" >&5
-echo $ECHO_N "checking for inet_ntop... $ECHO_C" >&6
-if test "${ac_cv_func_inet_ntop+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_ntop) || defined (__stub___inet_ntop)
-choke me
-#else
-inet_ntop(0, 0, 0, 0)
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_ntop=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_ntop=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_ntop}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_NTOP 1
-_ACEOF
-
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-  LIBOBJS="$LIBOBJS inet_ntop.$ac_objext"
-fi
-
-echo "$as_me:$LINENO: checking for inet_pton" >&5
-echo $ECHO_N "checking for inet_pton... $ECHO_C" >&6
-if test "${ac_cv_func_inet_pton+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_pton) || defined (__stub___inet_pton)
-choke me
-#else
-inet_pton(0,0,0)
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_pton=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_pton=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_pton}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_PTON 1
-_ACEOF
-
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-  LIBOBJS="$LIBOBJS inet_pton.$ac_objext"
-fi
-
-
-
-echo "$as_me:$LINENO: checking for sa_len in struct sockaddr" >&5
-echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6
-if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct sockaddr x; x.sa_len;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_sockaddr_sa_len=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_sa_len=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6
-if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
-_ACEOF
-
-
-fi
-
-
-
-if test "$ac_cv_func_getnameinfo" = "yes"; then
-
-echo "$as_me:$LINENO: checking if getnameinfo is broken" >&5
-echo $ECHO_N "checking if getnameinfo is broken... $ECHO_C" >&6
-if test "${ac_cv_func_getnameinfo_broken+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-  struct sockaddr_in sin;
-  char host[256];
-  memset(&sin, 0, sizeof(sin));
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-  sin.sin_len = sizeof(sin);
-#endif
-  sin.sin_family = AF_INET;
-  sin.sin_addr.s_addr = 0xffffffff;
-  sin.sin_port = 0;
-  return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
-	      NULL, 0, 0);
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getnameinfo_broken=no
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getnameinfo_broken=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getnameinfo_broken" >&5
-echo "${ECHO_T}$ac_cv_func_getnameinfo_broken" >&6
-  if test "$ac_cv_func_getnameinfo_broken" = yes; then
-	LIBOBJS="$LIBOBJS getnameinfo.$ac_objext"
-  fi
-fi
-
-if test "$ac_cv_func_getaddrinfo" = "yes"; then
-
-echo "$as_me:$LINENO: checking if getaddrinfo handles numeric services" >&5
-echo $ECHO_N "checking if getaddrinfo handles numeric services... $ECHO_C" >&6
-if test "${ac_cv_func_getaddrinfo_numserv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-	struct addrinfo hints, *ai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
-		return 1;
-	return 0;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getaddrinfo_numserv=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getaddrinfo_numserv=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo_numserv" >&5
-echo "${ECHO_T}$ac_cv_func_getaddrinfo_numserv" >&6
-  if test "$ac_cv_func_getaddrinfo_numserv" = no; then
-	LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
-	LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
-  fi
-fi
-
-
-if test "$ac_cv_func_setenv+set" != set -o "$ac_cv_func_setenv" = yes; then
-echo "$as_me:$LINENO: checking if setenv needs a prototype" >&5
-echo $ECHO_N "checking if setenv needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_setenv_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int setenv (struct foo*);
-setenv(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_setenv_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_setenv_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_setenv_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_setenv_noproto" >&6
-if test "$ac_cv_func_setenv_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SETENV_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_unsetenv+set" != set -o "$ac_cv_func_unsetenv" = yes; then
-echo "$as_me:$LINENO: checking if unsetenv needs a prototype" >&5
-echo $ECHO_N "checking if unsetenv needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_unsetenv_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int unsetenv (struct foo*);
-unsetenv(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_unsetenv_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_unsetenv_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_unsetenv_noproto" >&6
-if test "$ac_cv_func_unsetenv_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_UNSETENV_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
-echo "$as_me:$LINENO: checking if gethostname needs a prototype" >&5
-echo $ECHO_N "checking if gethostname needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_gethostname_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int gethostname (struct foo*);
-gethostname(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_gethostname_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostname_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_gethostname_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_gethostname_noproto" >&6
-if test "$ac_cv_func_gethostname_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GETHOSTNAME_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
-echo "$as_me:$LINENO: checking if mkstemp needs a prototype" >&5
-echo $ECHO_N "checking if mkstemp needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_mkstemp_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int mkstemp (struct foo*);
-mkstemp(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_mkstemp_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_mkstemp_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_mkstemp_noproto" >&6
-if test "$ac_cv_func_mkstemp_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_MKSTEMP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
-echo "$as_me:$LINENO: checking if getusershell needs a prototype" >&5
-echo $ECHO_N "checking if getusershell needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_getusershell_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int getusershell (struct foo*);
-getusershell(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_getusershell_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getusershell_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getusershell_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_getusershell_noproto" >&6
-if test "$ac_cv_func_getusershell_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GETUSERSHELL_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
-echo "$as_me:$LINENO: checking if inet_aton needs a prototype" >&5
-echo $ECHO_N "checking if inet_aton needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_inet_aton_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int inet_aton (struct foo*);
-inet_aton(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_aton_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_aton_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_inet_aton_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_inet_aton_noproto" >&6
-if test "$ac_cv_func_inet_aton_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_INET_ATON_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for crypt" >&5
-echo $ECHO_N "checking for crypt... $ECHO_C" >&6
-if test "${ac_cv_funclib_crypt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" crypt; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-crypt()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_crypt"
-
-if false; then
-
-for ac_func in crypt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# crypt
-eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_crypt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_crypt=yes"
-	eval "LIB_crypt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_crypt=no"
-	eval "LIB_crypt="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_crypt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking if gethostbyname is compatible with system prototype" >&5
-echo $ECHO_N "checking if gethostbyname is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct hostent *gethostbyname(const char *);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_gethostbyname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostbyname_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyname_proto_compat" >&6
-
-if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking if gethostbyaddr is compatible with system prototype" >&5
-echo $ECHO_N "checking if gethostbyaddr is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct hostent *gethostbyaddr(const void *, size_t, int);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostbyaddr_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyaddr_proto_compat" >&6
-
-if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking if getservbyname is compatible with system prototype" >&5
-echo $ECHO_N "checking if getservbyname is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct servent *getservbyname(const char *, const char *);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_getservbyname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getservbyname_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getservbyname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_getservbyname_proto_compat" >&6
-
-if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETSERVBYNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking if getsockname is compatible with system prototype" >&5
-echo $ECHO_N "checking if getsockname is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int getsockname(int, struct sockaddr*, socklen_t*);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_getsockname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getsockname_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getsockname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_getsockname_proto_compat" >&6
-
-if test "$ac_cv_func_getsockname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETSOCKNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking if openlog is compatible with system prototype" >&5
-echo $ECHO_N "checking if openlog is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_openlog_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-void openlog(const char *, int, int);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_openlog_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_openlog_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_openlog_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_openlog_proto_compat" >&6
-
-if test "$ac_cv_func_openlog_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OPENLOG_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
-echo "$as_me:$LINENO: checking if crypt needs a prototype" >&5
-echo $ECHO_N "checking if crypt needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_crypt_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int crypt (struct foo*);
-crypt(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_crypt_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_crypt_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_crypt_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_crypt_noproto" >&6
-if test "$ac_cv_func_crypt_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_CRYPT_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for h_errno" >&5
-echo $ECHO_N "checking for h_errno... $ECHO_C" >&6
-if test "${ac_cv_var_h_errno+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-	void * foo() { return &h_errno; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_errno=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errno=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_h_errno" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int h_errno;
-int foo() { return h_errno; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_errno=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errno=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_errno`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_ERRNO 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if h_errno is properly declared" >&5
-echo $ECHO_N "checking if h_errno is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_h_errno_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_errno;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_errno.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_h_errno_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_errno_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_h_errno_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_h_errno_declaration" >&6
-if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_H_ERRNO_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking for h_errlist" >&5
-echo $ECHO_N "checking for h_errlist... $ECHO_C" >&6
-if test "${ac_cv_var_h_errlist+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-	void * foo() { return &h_errlist; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_errlist=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errlist=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_h_errlist" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int h_errlist;
-int foo() { return h_errlist; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_errlist=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errlist=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_errlist`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_ERRLIST 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if h_errlist is properly declared" >&5
-echo $ECHO_N "checking if h_errlist is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_h_errlist_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_errlist;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_errlist.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_h_errlist_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_errlist_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_h_errlist_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_h_errlist_declaration" >&6
-if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_H_ERRLIST_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking for h_nerr" >&5
-echo $ECHO_N "checking for h_nerr... $ECHO_C" >&6
-if test "${ac_cv_var_h_nerr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-	void * foo() { return &h_nerr; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_nerr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_nerr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_h_nerr" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int h_nerr;
-int foo() { return h_nerr; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_nerr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_nerr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_nerr`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_NERR 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if h_nerr is properly declared" >&5
-echo $ECHO_N "checking if h_nerr is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_h_nerr_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_nerr;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_nerr.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_h_nerr_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_nerr_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_h_nerr_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_h_nerr_declaration" >&6
-if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_H_NERR_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking for __progname" >&5
-echo $ECHO_N "checking for __progname... $ECHO_C" >&6
-if test "${ac_cv_var___progname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_ERR_H
-#include <err.h>
-#endif
-	void * foo() { return &__progname; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var___progname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var___progname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var___progname" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int __progname;
-int foo() { return __progname; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var___progname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var___progname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var___progname`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE___PROGNAME 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if __progname is properly declared" >&5
-echo $ECHO_N "checking if __progname is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var___progname_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifdef HAVE_ERR_H
-#include <err.h>
-#endif
-extern struct { int foo; } __progname;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-__progname.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var___progname_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var___progname_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var___progname_declaration" >&5
-echo "${ECHO_T}$ac_cv_var___progname_declaration" >&6
-if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE___PROGNAME_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking if optarg is properly declared" >&5
-echo $ECHO_N "checking if optarg is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_optarg_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optarg;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optarg.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_optarg_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optarg_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_optarg_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_optarg_declaration" >&6
-if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTARG_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking if optind is properly declared" >&5
-echo $ECHO_N "checking if optind is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_optind_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optind;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optind.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_optind_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optind_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_optind_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_optind_declaration" >&6
-if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTIND_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking if opterr is properly declared" >&5
-echo $ECHO_N "checking if opterr is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_opterr_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } opterr;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-opterr.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_opterr_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_opterr_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_opterr_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_opterr_declaration" >&6
-if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTERR_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking if optopt is properly declared" >&5
-echo $ECHO_N "checking if optopt is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_optopt_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optopt;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optopt.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_optopt_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optopt_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_optopt_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_optopt_declaration" >&6
-if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTOPT_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking if environ is properly declared" >&5
-echo $ECHO_N "checking if environ is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_environ_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-extern struct { int foo; } environ;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-environ.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_environ_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_environ_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_environ_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_environ_declaration" >&6
-if eval "test \"\$ac_cv_var_environ_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_ENVIRON_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for tm_gmtoff in struct tm" >&5
-echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6
-if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <time.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct tm x; x.tm_gmtoff;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_tm_tm_gmtoff=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_gmtoff=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
-echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6
-if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_TM_TM_GMTOFF 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for tm_zone in struct tm" >&5
-echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6
-if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <time.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct tm x; x.tm_zone;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_tm_tm_zone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_zone=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_zone" >&5
-echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6
-if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_TM_TM_ZONE 1
-_ACEOF
-
-
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for timezone" >&5
-echo $ECHO_N "checking for timezone... $ECHO_C" >&6
-if test "${ac_cv_var_timezone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <time.h>
-	void * foo() { return &timezone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_timezone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_timezone=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_timezone" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int timezone;
-int foo() { return timezone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_timezone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_timezone=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_timezone`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_TIMEZONE 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if timezone is properly declared" >&5
-echo $ECHO_N "checking if timezone is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_timezone_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <time.h>
-extern struct { int foo; } timezone;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-timezone.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_timezone_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_timezone_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_timezone_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_timezone_declaration" >&6
-if eval "test \"\$ac_cv_var_timezone_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_TIMEZONE_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-echo "$as_me:$LINENO: checking for altzone" >&5
-echo $ECHO_N "checking for altzone... $ECHO_C" >&6
-if test "${ac_cv_var_altzone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <time.h>
-	void * foo() { return &altzone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_altzone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_altzone=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_var_altzone" != yes ; then
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-extern int altzone;
-int foo() { return altzone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_altzone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_altzone=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_altzone`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ALTZONE 1
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking if altzone is properly declared" >&5
-echo $ECHO_N "checking if altzone is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_altzone_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <time.h>
-extern struct { int foo; } altzone;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-altzone.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_altzone_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_altzone_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: result: $ac_cv_var_altzone_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_altzone_declaration" >&6
-if eval "test \"\$ac_cv_var_altzone_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_ALTZONE_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-
-cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-sa_family_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
-if test "${ac_cv_type_sa_family_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((sa_family_t *) 0)
-  return 0;
-if (sizeof (sa_family_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_sa_family_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_sa_family_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_sa_family_t" >&5
-echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6
-if test $ac_cv_type_sa_family_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SA_FAMILY_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-socklen_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
-if test "${ac_cv_type_socklen_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((socklen_t *) 0)
-  return 0;
-if (sizeof (socklen_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_socklen_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_socklen_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
-echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
-if test $ac_cv_type_socklen_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SOCKLEN_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for struct sockaddr" >&5
-echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct sockaddr foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for struct sockaddr" >&5
-echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
-if test "${ac_cv_type_struct_sockaddr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct sockaddr *) 0)
-  return 0;
-if (sizeof (struct sockaddr))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_sockaddr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6
-if test $ac_cv_type_struct_sockaddr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SOCKADDR 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct sockaddr_storage foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
-if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct sockaddr_storage *) 0)
-  return 0;
-if (sizeof (struct sockaddr_storage))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_sockaddr_storage=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_storage=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_storage" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6
-if test $ac_cv_type_struct_sockaddr_storage = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <netdb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct addrinfo foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
-if test "${ac_cv_type_struct_addrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct addrinfo *) 0)
-  return 0;
-if (sizeof (struct addrinfo))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_addrinfo=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_addrinfo=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_addrinfo" >&5
-echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6
-if test $ac_cv_type_struct_addrinfo = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_ADDRINFO 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct ifaddrs" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for struct ifaddrs" >&5
-echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <ifaddrs.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct ifaddrs foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct ifaddrs | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for struct ifaddrs" >&5
-echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6
-if test "${ac_cv_type_struct_ifaddrs+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct ifaddrs *) 0)
-  return 0;
-if (sizeof (struct ifaddrs))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_ifaddrs=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_ifaddrs=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_ifaddrs" >&5
-echo "${ECHO_T}$ac_cv_type_struct_ifaddrs" >&6
-if test $ac_cv_type_struct_ifaddrs = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_IFADDRS 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct iovec" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for struct iovec" >&5
-echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct iovec foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct iovec | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for struct iovec" >&5
-echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6
-if test "${ac_cv_type_struct_iovec+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct iovec *) 0)
-  return 0;
-if (sizeof (struct iovec))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_iovec=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_iovec=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_iovec" >&5
-echo "${ECHO_T}$ac_cv_type_struct_iovec" >&6
-if test $ac_cv_type_struct_iovec = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_IOVEC 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct msghdr" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for struct msghdr" >&5
-echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct msghdr foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct msghdr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for struct msghdr" >&5
-echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6
-if test "${ac_cv_type_struct_msghdr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct msghdr *) 0)
-  return 0;
-if (sizeof (struct msghdr))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_msghdr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_msghdr=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_msghdr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_msghdr" >&6
-if test $ac_cv_type_struct_msghdr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_MSGHDR 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for struct winsize" >&5
-echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6
-if test "${ac_cv_struct_winsize+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-ac_cv_struct_winsize=no
-for i in sys/termios.h sys/ioctl.h; do
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$i>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "struct[ 	]*winsize" >/dev/null 2>&1; then
-  ac_cv_struct_winsize=yes; break
-fi
-rm -f conftest*
-done
-
-fi
-
-if test "$ac_cv_struct_winsize" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_WINSIZE 1
-_ACEOF
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_struct_winsize" >&5
-echo "${ECHO_T}$ac_cv_struct_winsize" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <termios.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ws_xpixel" >/dev/null 2>&1; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_WS_XPIXEL 1
-_ACEOF
-
-fi
-rm -f conftest*
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <termios.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ws_ypixel" >/dev/null 2>&1; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_WS_YPIXEL 1
-_ACEOF
-
-fi
-rm -f conftest*
-
-
-
-
-
-echo "$as_me:$LINENO: checking for struct spwd" >&5
-echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6
-if test "${ac_cv_struct_spwd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct spwd foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_struct_spwd=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_spwd=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-echo "$as_me:$LINENO: result: $ac_cv_struct_spwd" >&5
-echo "${ECHO_T}$ac_cv_struct_spwd" >&6
-
-if test "$ac_cv_struct_spwd" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_SPWD 1
-_ACEOF
-
-fi
-
-
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-
-LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
-
-
-# Check whether --enable-otp or --disable-otp was given.
-if test "${enable_otp+set}" = set; then
-  enableval="$enable_otp"
-
-fi;
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	{ { echo "$as_me:$LINENO: error: OTP requires a NDBM/DB compatible library" >&5
-echo "$as_me: error: OTP requires a NDBM/DB compatible library" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OTP 1
-_ACEOF
-
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-
-fi
-echo "$as_me:$LINENO: checking whether to enable OTP library" >&5
-echo $ECHO_N "checking whether to enable OTP library... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $enable_otp" >&5
-echo "${ECHO_T}$enable_otp" >&6
-
-
-if test "$enable_otp" = yes; then
-  OTP_TRUE=
-  OTP_FALSE='#'
-else
-  OTP_TRUE='#'
-  OTP_FALSE=
-fi
-
-
-
-# Check whether --enable-osfc2 or --disable-osfc2 was given.
-if test "${enable_osfc2+set}" = set; then
-  enableval="$enable_osfc2"
-
-fi;
-LIB_security=
-if test "$enable_osfc2" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OSFC2 1
-_ACEOF
-
-	LIB_security=-lsecurity
-fi
-
-
-
-# Check whether --enable-mmap or --disable-mmap was given.
-if test "${enable_mmap+set}" = set; then
-  enableval="$enable_mmap"
-
-fi;
-if test "$enable_mmap" = "no"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NO_MMAP 1
-_ACEOF
-
-fi
-
-# Extract the first word of "nroff", so it can be a program name with args.
-set dummy nroff; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_NROFF+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $NROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  ;;
-esac
-fi
-NROFF=$ac_cv_path_NROFF
-
-if test -n "$NROFF"; then
-  echo "$as_me:$LINENO: result: $NROFF" >&5
-echo "${ECHO_T}$NROFF" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-# Extract the first word of "groff", so it can be a program name with args.
-set dummy groff; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_GROFF+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $GROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  ;;
-esac
-fi
-GROFF=$ac_cv_path_GROFF
-
-if test -n "$GROFF"; then
-  echo "$as_me:$LINENO: result: $GROFF" >&5
-echo "${ECHO_T}$GROFF" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-echo "$as_me:$LINENO: checking how to format man pages" >&5
-echo $ECHO_N "checking how to format man pages... $ECHO_C" >&6
-if test "${ac_cv_sys_man_format+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat > conftest.1 << END
-.Dd January 1, 1970
-.Dt CONFTEST 1
-.Sh NAME
-.Nm conftest
-.Nd
-foobar
-END
-
-if test "$NROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$NROFF" $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$NROFF $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$GROFF -Tascii $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format"; then
-	ac_cv_sys_man_format="$ac_cv_sys_man_format \$< > \$@"
-fi
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_man_format" >&5
-echo "${ECHO_T}$ac_cv_sys_man_format" >&6
-if test "$ac_cv_sys_man_format"; then
-	CATMAN="$ac_cv_sys_man_format"
-
-fi
-
-
-if test "$CATMAN"; then
-  CATMAN_TRUE=
-  CATMAN_FALSE='#'
-else
-  CATMAN_TRUE='#'
-  CATMAN_FALSE=
-fi
-
-echo "$as_me:$LINENO: checking extension of pre-formatted manual pages" >&5
-echo $ECHO_N "checking extension of pre-formatted manual pages... $ECHO_C" >&6
-if test "${ac_cv_sys_catman_ext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if grep _suffix /etc/man.conf > /dev/null 2>&1; then
-	ac_cv_sys_catman_ext=0
-else
-	ac_cv_sys_catman_ext=number
-fi
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_catman_ext" >&5
-echo "${ECHO_T}$ac_cv_sys_catman_ext" >&6
-if test "$ac_cv_sys_catman_ext" = number; then
-	CATMANEXT='$$section'
-else
-	CATMANEXT=0
-fi
-
-
-
-
-
-# Check whether --with-readline or --without-readline was given.
-if test "${with_readline+set}" = set; then
-  withval="$with_readline"
-
-fi;
-
-# Check whether --with-readline-lib or --without-readline-lib was given.
-if test "${with_readline_lib+set}" = set; then
-  withval="$with_readline_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-readline-lib" >&5
-echo "$as_me: error: No argument for --with-readline-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_readline" = "X"; then
-  with_readline=yes
-fi
-fi;
-
-# Check whether --with-readline-include or --without-readline-include was given.
-if test "${with_readline_include+set}" = set; then
-  withval="$with_readline_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-readline-include" >&5
-echo "$as_me: error: No argument for --with-readline-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_readline" = "X"; then
-  with_readline=yes
-fi
-fi;
-
-# Check whether --with-readline-config or --without-readline-config was given.
-if test "${with_readline_config+set}" = set; then
-  withval="$with_readline_config"
-
-fi;
-
-
-
-echo "$as_me:$LINENO: checking for readline" >&5
-echo $ECHO_N "checking for readline... $ECHO_C" >&6
-
-case "$with_readline" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_readline" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_readline_include" = ""; then
-		if test -d "$i/include/readline"; then
-			header_dirs="$header_dirs $i/include/readline"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_readline_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_readline_include"; then
-	header_dirs="$with_readline_include $header_dirs"
-fi
-if test "$with_readline_lib"; then
-	lib_dirs="$with_readline_lib $lib_dirs"
-fi
-
-if test "$with_readline_config" = ""; then
-	with_readline_config=''
-fi
-
-readline_cflags=
-readline_libs=
-
-case "$with_readline_config" in
-yes|no|"")
-	;;
-*)
-	readline_cflags="`$with_readline_config --cflags 2>&1`"
-	readline_libs="`$with_readline_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_readline" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$readline_cflags" -a "$readline_libs"; then
-		CFLAGS="$readline_cflags $save_CFLAGS"
-		LIBS="$readline_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
- #include <readline.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_readline="$readline_cflags"
-			LIB_readline="$readline_libs"
-			echo "$as_me:$LINENO: result: from $with_readline_config" >&5
-echo "${ECHO_T}from $with_readline_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
- #include <readline.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lreadline  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
- #include <readline.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_readline" != "no"; then
-			INCLUDE_readline="-I$ires"
-			LIB_readline="-L$lres -lreadline "
-			found=yes
-			echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define READLINE 1
-_ACEOF
-
-	with_readline=yes
-else
-	with_readline=no
-	INCLUDE_readline=
-	LIB_readline=
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-
-
-# Check whether --with-hesiod or --without-hesiod was given.
-if test "${with_hesiod+set}" = set; then
-  withval="$with_hesiod"
-
-fi;
-
-# Check whether --with-hesiod-lib or --without-hesiod-lib was given.
-if test "${with_hesiod_lib+set}" = set; then
-  withval="$with_hesiod_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-lib" >&5
-echo "$as_me: error: No argument for --with-hesiod-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_hesiod" = "X"; then
-  with_hesiod=yes
-fi
-fi;
-
-# Check whether --with-hesiod-include or --without-hesiod-include was given.
-if test "${with_hesiod_include+set}" = set; then
-  withval="$with_hesiod_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-include" >&5
-echo "$as_me: error: No argument for --with-hesiod-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_hesiod" = "X"; then
-  with_hesiod=yes
-fi
-fi;
-
-# Check whether --with-hesiod-config or --without-hesiod-config was given.
-if test "${with_hesiod_config+set}" = set; then
-  withval="$with_hesiod_config"
-
-fi;
-
-
-
-echo "$as_me:$LINENO: checking for hesiod" >&5
-echo $ECHO_N "checking for hesiod... $ECHO_C" >&6
-
-case "$with_hesiod" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_hesiod" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_hesiod_include" = ""; then
-		if test -d "$i/include/hesiod"; then
-			header_dirs="$header_dirs $i/include/hesiod"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_hesiod_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_hesiod_include"; then
-	header_dirs="$with_hesiod_include $header_dirs"
-fi
-if test "$with_hesiod_lib"; then
-	lib_dirs="$with_hesiod_lib $lib_dirs"
-fi
-
-if test "$with_hesiod_config" = ""; then
-	with_hesiod_config=''
-fi
-
-hesiod_cflags=
-hesiod_libs=
-
-case "$with_hesiod_config" in
-yes|no|"")
-	;;
-*)
-	hesiod_cflags="`$with_hesiod_config --cflags 2>&1`"
-	hesiod_libs="`$with_hesiod_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_hesiod" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$hesiod_cflags" -a "$hesiod_libs"; then
-		CFLAGS="$hesiod_cflags $save_CFLAGS"
-		LIBS="$hesiod_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <hesiod.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_hesiod="$hesiod_cflags"
-			LIB_hesiod="$hesiod_libs"
-			echo "$as_me:$LINENO: result: from $with_hesiod_config" >&5
-echo "${ECHO_T}from $with_hesiod_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <hesiod.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lhesiod  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <hesiod.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then
-			INCLUDE_hesiod="-I$ires"
-			LIB_hesiod="-L$lres -lhesiod "
-			found=yes
-			echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HESIOD 1
-_ACEOF
-
-	with_hesiod=yes
-else
-	with_hesiod=no
-	INCLUDE_hesiod=
-	LIB_hesiod=
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-
-# Check whether --enable-bigendian or --disable-bigendian was given.
-if test "${enable_bigendian+set}" = set; then
-  enableval="$enable_bigendian"
-  krb_cv_c_bigendian=yes
-fi;
-# Check whether --enable-littleendian or --disable-littleendian was given.
-if test "${enable_littleendian+set}" = set; then
-  enableval="$enable_littleendian"
-  krb_cv_c_bigendian=no
-fi;
-echo "$as_me:$LINENO: checking whether byte order is known at compile time" >&5
-echo $ECHO_N "checking whether byte order is known at compile time... $ECHO_C" >&6
-if test "${krb_cv_c_bigendian_compile+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian_compile=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_c_bigendian_compile=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $krb_cv_c_bigendian_compile" >&5
-echo "${ECHO_T}$krb_cv_c_bigendian_compile" >&6
-echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
-if test "${krb_cv_c_bigendian+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-  if test "$krb_cv_c_bigendian_compile" = "yes"; then
-    cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_c_bigendian=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  else
-    if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: specify either --enable-bigendian or --enable-littleendian" >&5
-echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-main () {
-      /* Are we little or big endian?  From Harbison&Steele.  */
-      union
-      {
-	long l;
-	char c[sizeof (long)];
-    } u;
-    u.l = 1;
-    exit (u.c[sizeof (long) - 1] == 1);
-  }
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian=no
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-krb_cv_c_bigendian=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-  fi
-
-fi
-echo "$as_me:$LINENO: result: $krb_cv_c_bigendian" >&5
-echo "${ECHO_T}$krb_cv_c_bigendian" >&6
-if test "$krb_cv_c_bigendian" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define WORDS_BIGENDIAN 1
-_ACEOF
-fi
-if test "$krb_cv_c_bigendian_compile" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENDIANESS_IN_SYS_PARAM_H 1
-_ACEOF
-fi
-
-
-
-echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6
-if test "${ac_cv_c_inline+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifndef __cplusplus
-static $ac_kw int static_foo () {return 0; }
-$ac_kw int foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_inline=$ac_kw; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  no)
-cat >>confdefs.h <<\_ACEOF
-#define inline
-_ACEOF
- ;;
-  *)  cat >>confdefs.h <<_ACEOF
-#define inline $ac_cv_c_inline
-_ACEOF
- ;;
-esac
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
-if test "${ac_cv_funclib_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" dl; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dlopen"
-
-if false; then
-
-for ac_func in dlopen
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dlopen
-eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dlopen=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dlopen=yes"
-	eval "LIB_dlopen="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dlopen=no"
-	eval "LIB_dlopen="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dlopen=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-if test "$ac_cv_funclib_dlopen" != no; then
-  HAVE_DLOPEN_TRUE=
-  HAVE_DLOPEN_FALSE='#'
-else
-  HAVE_DLOPEN_TRUE='#'
-  HAVE_DLOPEN_FALSE=
-fi
-
-
-
-
-aix=no
-case "$host" in
-*-*-aix3*)
-	aix=3
-	;;
-*-*-aix4*|*-*-aix5*)
-	aix=4
-	;;
-esac
-
-
-
-if test "$aix" != no; then
-  AIX_TRUE=
-  AIX_FALSE='#'
-else
-  AIX_TRUE='#'
-  AIX_FALSE=
-fi
-
-
-if test "$aix" = 4; then
-  AIX4_TRUE=
-  AIX4_FALSE='#'
-else
-  AIX4_TRUE='#'
-  AIX4_FALSE=
-fi
-
-
-
-# Check whether --enable-dynamic-afs or --disable-dynamic-afs was given.
-if test "${enable_dynamic_afs+set}" = set; then
-  enableval="$enable_dynamic_afs"
-
-fi;
-
-if test "$aix" != no; then
-	if test "$enable_dynamic_afs" != no; then
-
-		if test "$ac_cv_func_dlopen" = no; then
-
-
-
-echo "$as_me:$LINENO: checking for loadquery" >&5
-echo $ECHO_N "checking for loadquery... $ECHO_C" >&6
-if test "${ac_cv_funclib_loadquery+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_loadquery\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ld; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-loadquery()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_loadquery=$ac_lib; else ac_cv_funclib_loadquery=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_loadquery=\${ac_cv_funclib_loadquery-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_loadquery"
-
-if false; then
-
-for ac_func in loadquery
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# loadquery
-eval "ac_tr_func=HAVE_`echo loadquery | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_loadquery=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_loadquery=yes"
-	eval "LIB_loadquery="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_loadquery=no"
-	eval "LIB_loadquery="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_loadquery=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-		fi
-		if test "$ac_cv_func_dlopen" != no; then
-			AIX_EXTRA_KAFS='$(LIB_dlopen)'
-		elif test "$ac_cv_func_loadquery" != no; then
-			AIX_EXTRA_KAFS='$(LIB_loadquery)'
-		else
-			{ echo "$as_me:$LINENO: not using dynloaded AFS library" >&5
-echo "$as_me: not using dynloaded AFS library" >&6;}
-			AIX_EXTRA_KAFS=
-			enable_dynamic_afs=no
-		fi
-	else
-		AIX_EXTRA_KAFS=
-	fi
-fi
-
-
-
-if test "$enable_dynamic_afs" != no; then
-  AIX_DYNAMIC_AFS_TRUE=
-  AIX_DYNAMIC_AFS_FALSE='#'
-else
-  AIX_DYNAMIC_AFS_TRUE='#'
-  AIX_DYNAMIC_AFS_FALSE=
-fi
-
-
-
-
-
-
-irix=no
-case "$host" in
-*-*-irix4*)
-
-cat >>confdefs.h <<\_ACEOF
-#define IRIX4 1
-_ACEOF
-
-	irix=yes
-	;;
-*-*-irix*)
-	irix=yes
-	;;
-esac
-
-
-if test "$irix" != no; then
-  IRIX_TRUE=
-  IRIX_FALSE='#'
-else
-  IRIX_TRUE='#'
-  IRIX_FALSE=
-fi
-
-
-
-
-
-sunos=no
-case "$host" in
-*-*-sunos4*)
-	sunos=40
-	;;
-*-*-solaris2.7)
-	sunos=57
-	;;
-*-*-solaris2.[89])
-	sunos=58
-	;;
-*-*-solaris2*)
-	sunos=50
-	;;
-esac
-if test "$sunos" != no; then
-
-cat >>confdefs.h <<_ACEOF
-#define SunOS $sunos
-_ACEOF
-
-fi
-
-
-echo "$as_me:$LINENO: checking for X" >&5
-echo $ECHO_N "checking for X... $ECHO_C" >&6
-
-
-# Check whether --with-x or --without-x was given.
-if test "${with_x+set}" = set; then
-  withval="$with_x"
-
-fi;
-# $have_x is `yes', `no', `disabled', or empty when we do not yet know.
-if test "x$with_x" = xno; then
-  # The user explicitly disabled X.
-  have_x=disabled
-else
-  if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then
-    # Both variables are already set.
-    have_x=yes
-  else
-    if test "${ac_cv_have_x+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # One or both of the vars are not set, and there is no cached value.
-ac_x_includes=no ac_x_libraries=no
-rm -fr conftest.dir
-if mkdir conftest.dir; then
-  cd conftest.dir
-  # Make sure to not put "make" in the Imakefile rules, since we grep it out.
-  cat >Imakefile <<'_ACEOF'
-acfindx:
-	@echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"'
-_ACEOF
-  if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then
-    # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-    eval `${MAKE-make} acfindx 2>/dev/null | grep -v make`
-    # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR.
-    for ac_extension in a so sl; do
-      if test ! -f $ac_im_usrlibdir/libX11.$ac_extension &&
-         test -f $ac_im_libdir/libX11.$ac_extension; then
-        ac_im_usrlibdir=$ac_im_libdir; break
-      fi
-    done
-    # Screen out bogus values from the imake configuration.  They are
-    # bogus both because they are the default anyway, and because
-    # using them would break gcc on systems where it needs fixed includes.
-    case $ac_im_incroot in
-	/usr/include) ;;
-	*) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes=$ac_im_incroot;;
-    esac
-    case $ac_im_usrlibdir in
-	/usr/lib | /lib) ;;
-	*) test -d "$ac_im_usrlibdir" && ac_x_libraries=$ac_im_usrlibdir ;;
-    esac
-  fi
-  cd ..
-  rm -fr conftest.dir
-fi
-
-# Standard set of common directories for X headers.
-# Check X11 before X11Rn because it is often a symlink to the current release.
-ac_x_header_dirs='
-/usr/X11/include
-/usr/X11R6/include
-/usr/X11R5/include
-/usr/X11R4/include
-
-/usr/include/X11
-/usr/include/X11R6
-/usr/include/X11R5
-/usr/include/X11R4
-
-/usr/local/X11/include
-/usr/local/X11R6/include
-/usr/local/X11R5/include
-/usr/local/X11R4/include
-
-/usr/local/include/X11
-/usr/local/include/X11R6
-/usr/local/include/X11R5
-/usr/local/include/X11R4
-
-/usr/X386/include
-/usr/x386/include
-/usr/XFree86/include/X11
-
-/usr/include
-/usr/local/include
-/usr/unsupported/include
-/usr/athena/include
-/usr/local/x11r5/include
-/usr/lpp/Xamples/include
-
-/usr/openwin/include
-/usr/openwin/share/include'
-
-if test "$ac_x_includes" = no; then
-  # Guess where to find include files, by looking for Intrinsic.h.
-  # First, try using that file with no special directory specified.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <X11/Intrinsic.h>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  # We can compile using X headers with no special include directory.
-ac_x_includes=
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  for ac_dir in $ac_x_header_dirs; do
-  if test -r "$ac_dir/X11/Intrinsic.h"; then
-    ac_x_includes=$ac_dir
-    break
-  fi
-done
-fi
-rm -f conftest.err conftest.$ac_ext
-fi # $ac_x_includes = no
-
-if test "$ac_x_libraries" = no; then
-  # Check for the libraries.
-  # See if we find them without any special options.
-  # Don't add to $LIBS permanently.
-  ac_save_LIBS=$LIBS
-  LIBS="-lXt $LIBS"
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <X11/Intrinsic.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XtMalloc (0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  LIBS=$ac_save_LIBS
-# We can link X programs with no special library path.
-ac_x_libraries=
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-LIBS=$ac_save_LIBS
-for ac_dir in `echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g`
-do
-  # Don't even attempt the hair of trying to link an X program!
-  for ac_extension in a so sl; do
-    if test -r $ac_dir/libXt.$ac_extension; then
-      ac_x_libraries=$ac_dir
-      break 2
-    fi
-  done
-done
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi # $ac_x_libraries = no
-
-if test "$ac_x_includes" = no || test "$ac_x_libraries" = no; then
-  # Didn't find X anywhere.  Cache the known absence of X.
-  ac_cv_have_x="have_x=no"
-else
-  # Record where we found X for the cache.
-  ac_cv_have_x="have_x=yes \
-	        ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries"
-fi
-fi
-
-  fi
-  eval "$ac_cv_have_x"
-fi # $with_x != no
-
-if test "$have_x" != yes; then
-  echo "$as_me:$LINENO: result: $have_x" >&5
-echo "${ECHO_T}$have_x" >&6
-  no_x=yes
-else
-  # If each of the values was on the command line, it overrides each guess.
-  test "x$x_includes" = xNONE && x_includes=$ac_x_includes
-  test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries
-  # Update the cache value to reflect the command line values.
-  ac_cv_have_x="have_x=yes \
-		ac_x_includes=$x_includes ac_x_libraries=$x_libraries"
-  echo "$as_me:$LINENO: result: libraries $x_libraries, headers $x_includes" >&5
-echo "${ECHO_T}libraries $x_libraries, headers $x_includes" >&6
-fi
-
-
-if test "$no_x" = yes; then
-  # Not all programs may use this symbol, but it does not hurt to define it.
-
-cat >>confdefs.h <<\_ACEOF
-#define X_DISPLAY_MISSING 1
-_ACEOF
-
-  X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS=
-else
-  if test -n "$x_includes"; then
-    X_CFLAGS="$X_CFLAGS -I$x_includes"
-  fi
-
-  # It would also be nice to do this for all -L options, not just this one.
-  if test -n "$x_libraries"; then
-    X_LIBS="$X_LIBS -L$x_libraries"
-    # For Solaris; some versions of Sun CC require a space after -R and
-    # others require no space.  Words are not sufficient . . . .
-    case `(uname -sr) 2>/dev/null` in
-    "SunOS 5"*)
-      echo "$as_me:$LINENO: checking whether -R must be followed by a space" >&5
-echo $ECHO_N "checking whether -R must be followed by a space... $ECHO_C" >&6
-      ac_xsave_LIBS=$LIBS; LIBS="$LIBS -R$x_libraries"
-      cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_R_nospace=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_R_nospace=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-      if test $ac_R_nospace = yes; then
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	X_LIBS="$X_LIBS -R$x_libraries"
-      else
-	LIBS="$ac_xsave_LIBS -R $x_libraries"
-	cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_R_space=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_R_space=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	if test $ac_R_space = yes; then
-	  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	  X_LIBS="$X_LIBS -R $x_libraries"
-	else
-	  echo "$as_me:$LINENO: result: neither works" >&5
-echo "${ECHO_T}neither works" >&6
-	fi
-      fi
-      LIBS=$ac_xsave_LIBS
-    esac
-  fi
-
-  # Check for system-dependent libraries X programs must link with.
-  # Do this before checking for the system-independent R6 libraries
-  # (-lICE), since we may need -lsocket or whatever for X linking.
-
-  if test "$ISC" = yes; then
-    X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet"
-  else
-    # Martyn Johnson says this is needed for Ultrix, if the X
-    # libraries were built with DECnet support.  And Karl Berry says
-    # the Alpha needs dnet_stub (dnet does not exist).
-    ac_xsave_LIBS="$LIBS"; LIBS="$LIBS $X_LIBS -lX11"
-    cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char XOpenDisplay ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XOpenDisplay ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet" >&5
-echo $ECHO_N "checking for dnet_ntoa in -ldnet... $ECHO_C" >&6
-if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldnet  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dnet_ntoa ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dnet_ntoa ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dnet_dnet_ntoa=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dnet_dnet_ntoa=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_dnet_ntoa" >&5
-echo "${ECHO_T}$ac_cv_lib_dnet_dnet_ntoa" >&6
-if test $ac_cv_lib_dnet_dnet_ntoa = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
-fi
-
-    if test $ac_cv_lib_dnet_dnet_ntoa = no; then
-      echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet_stub" >&5
-echo $ECHO_N "checking for dnet_ntoa in -ldnet_stub... $ECHO_C" >&6
-if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldnet_stub  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dnet_ntoa ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dnet_ntoa ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dnet_stub_dnet_ntoa=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dnet_stub_dnet_ntoa=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5
-echo "${ECHO_T}$ac_cv_lib_dnet_stub_dnet_ntoa" >&6
-if test $ac_cv_lib_dnet_stub_dnet_ntoa = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
-fi
-
-    fi
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-    LIBS="$ac_xsave_LIBS"
-
-    # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT,
-    # to get the SysV transport functions.
-    # Chad R. Larson says the Pyramis MIS-ES running DC/OSx (SVR4)
-    # needs -lnsl.
-    # The nsl library prevents programs from opening the X display
-    # on Irix 5.2, according to T.E. Dickey.
-    # The functions gethostbyname, getservbyname, and inet_addr are
-    # in -lbsd on LynxOS 3.0.1/i386, according to Lars Hecking.
-    echo "$as_me:$LINENO: checking for gethostbyname" >&5
-echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
-if test "${ac_cv_func_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gethostbyname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_gethostbyname) || defined (__stub___gethostbyname)
-choke me
-#else
-f = gethostbyname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gethostbyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyname" >&6
-
-    if test $ac_cv_func_gethostbyname = no; then
-      echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5
-echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6
-if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnsl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_nsl_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_nsl_gethostbyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6
-if test $ac_cv_lib_nsl_gethostbyname = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
-fi
-
-      if test $ac_cv_lib_nsl_gethostbyname = no; then
-        echo "$as_me:$LINENO: checking for gethostbyname in -lbsd" >&5
-echo $ECHO_N "checking for gethostbyname in -lbsd... $ECHO_C" >&6
-if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lbsd  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_bsd_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_bsd_gethostbyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_bsd_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_lib_bsd_gethostbyname" >&6
-if test $ac_cv_lib_bsd_gethostbyname = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lbsd"
-fi
-
-      fi
-    fi
-
-    # lieder@skyler.mavd.honeywell.com says without -lsocket,
-    # socket/setsockopt and other routines are undefined under SCO ODT
-    # 2.0.  But -lsocket is broken on IRIX 5.2 (and is not necessary
-    # on later versions), says Simon Leinen: it contains gethostby*
-    # variants that don't use the nameserver (or something).  -lsocket
-    # must be given before -lnsl if both are needed.  We assume that
-    # if connect needs -lnsl, so does gethostbyname.
-    echo "$as_me:$LINENO: checking for connect" >&5
-echo $ECHO_N "checking for connect... $ECHO_C" >&6
-if test "${ac_cv_func_connect+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char connect (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char connect ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_connect) || defined (__stub___connect)
-choke me
-#else
-f = connect;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_connect=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_connect=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_connect" >&5
-echo "${ECHO_T}$ac_cv_func_connect" >&6
-
-    if test $ac_cv_func_connect = no; then
-      echo "$as_me:$LINENO: checking for connect in -lsocket" >&5
-echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6
-if test "${ac_cv_lib_socket_connect+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char connect ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-connect ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_socket_connect=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_socket_connect=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_connect" >&5
-echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6
-if test $ac_cv_lib_socket_connect = yes; then
-  X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
-fi
-
-    fi
-
-    # Guillermo Gomez says -lposix is necessary on A/UX.
-    echo "$as_me:$LINENO: checking for remove" >&5
-echo $ECHO_N "checking for remove... $ECHO_C" >&6
-if test "${ac_cv_func_remove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char remove (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char remove ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_remove) || defined (__stub___remove)
-choke me
-#else
-f = remove;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_remove=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_remove=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_remove" >&5
-echo "${ECHO_T}$ac_cv_func_remove" >&6
-
-    if test $ac_cv_func_remove = no; then
-      echo "$as_me:$LINENO: checking for remove in -lposix" >&5
-echo $ECHO_N "checking for remove in -lposix... $ECHO_C" >&6
-if test "${ac_cv_lib_posix_remove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lposix  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char remove ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-remove ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_posix_remove=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_posix_remove=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_posix_remove" >&5
-echo "${ECHO_T}$ac_cv_lib_posix_remove" >&6
-if test $ac_cv_lib_posix_remove = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
-fi
-
-    fi
-
-    # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
-    echo "$as_me:$LINENO: checking for shmat" >&5
-echo $ECHO_N "checking for shmat... $ECHO_C" >&6
-if test "${ac_cv_func_shmat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shmat (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shmat ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shmat) || defined (__stub___shmat)
-choke me
-#else
-f = shmat;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_shmat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_shmat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_shmat" >&5
-echo "${ECHO_T}$ac_cv_func_shmat" >&6
-
-    if test $ac_cv_func_shmat = no; then
-      echo "$as_me:$LINENO: checking for shmat in -lipc" >&5
-echo $ECHO_N "checking for shmat in -lipc... $ECHO_C" >&6
-if test "${ac_cv_lib_ipc_shmat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lipc  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shmat ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-shmat ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_ipc_shmat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipc_shmat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ipc_shmat" >&5
-echo "${ECHO_T}$ac_cv_lib_ipc_shmat" >&6
-if test $ac_cv_lib_ipc_shmat = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
-fi
-
-    fi
-  fi
-
-  # Check for libraries that X11R6 Xt/Xaw programs need.
-  ac_save_LDFLAGS=$LDFLAGS
-  test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries"
-  # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to
-  # check for ICE first), but we must link in the order -lSM -lICE or
-  # we get undefined symbols.  So assume we have SM if we have ICE.
-  # These have to be linked with before -lX11, unlike the other
-  # libraries we check for below, so use a different variable.
-  # John Interrante, Karl Berry
-  echo "$as_me:$LINENO: checking for IceConnectionNumber in -lICE" >&5
-echo $ECHO_N "checking for IceConnectionNumber in -lICE... $ECHO_C" >&6
-if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lICE $X_EXTRA_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char IceConnectionNumber ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-IceConnectionNumber ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_ICE_IceConnectionNumber=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ICE_IceConnectionNumber=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5
-echo "${ECHO_T}$ac_cv_lib_ICE_IceConnectionNumber" >&6
-if test $ac_cv_lib_ICE_IceConnectionNumber = yes; then
-  X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
-fi
-
-  LDFLAGS=$ac_save_LDFLAGS
-
-fi
-
-
-# try to figure out if we need any additional ld flags, like -R
-# and yes, the autoconf X test is utterly broken
-if test "$no_x" != yes; then
-	echo "$as_me:$LINENO: checking for special X linker flags" >&5
-echo $ECHO_N "checking for special X linker flags... $ECHO_C" >&6
-if test "${krb_cv_sys_x_libs_rpath+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ac_save_libs="$LIBS"
-	ac_save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS $X_CFLAGS"
-	krb_cv_sys_x_libs_rpath=""
-	krb_cv_sys_x_libs=""
-	for rflag in "" "-R" "-R " "-rpath "; do
-		if test "$rflag" = ""; then
-			foo="$X_LIBS"
-		else
-			foo=""
-			for flag in $X_LIBS; do
-			case $flag in
-			-L*)
-				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
-				;;
-			*)
-				foo="$foo $flag"
-				;;
-			esac
-			done
-		fi
-		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
-		if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-		#include <X11/Xlib.h>
-		foo()
-		{
-		XOpenDisplay(NULL);
-		}
-		main()
-		{
-		return 0;
-		}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-:
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-	done
-	LIBS="$ac_save_libs"
-	CFLAGS="$ac_save_cflags"
-
-fi
-echo "$as_me:$LINENO: result: $krb_cv_sys_x_libs_rpath" >&5
-echo "${ECHO_T}$krb_cv_sys_x_libs_rpath" >&6
-	X_LIBS="$krb_cv_sys_x_libs"
-fi
-
-
-
-
-if test "$no_x" != yes; then
-  HAVE_X_TRUE=
-  HAVE_X_FALSE='#'
-else
-  HAVE_X_TRUE='#'
-  HAVE_X_FALSE=
-fi
-
-
-
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-
-
-
-
-echo "$as_me:$LINENO: checking for XauWriteAuth" >&5
-echo $ECHO_N "checking for XauWriteAuth... $ECHO_C" >&6
-if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauWriteAuth()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauWriteAuth"
-
-if false; then
-
-for ac_func in XauWriteAuth
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauWriteAuth
-eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauWriteAuth=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauWriteAuth=yes"
-	eval "LIB_XauWriteAuth="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_XauWriteAuth=no"
-	eval "LIB_XauWriteAuth="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_XauWriteAuth=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-ac_xxx="$LIBS"
-LIBS="$LIB_XauWriteAuth $LIBS"
-
-
-
-echo "$as_me:$LINENO: checking for XauReadAuth" >&5
-echo $ECHO_N "checking for XauReadAuth... $ECHO_C" >&6
-if test "${ac_cv_funclib_XauReadAuth+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauReadAuth()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauReadAuth"
-
-if false; then
-
-for ac_func in XauReadAuth
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauReadAuth
-eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauReadAuth=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "LIB_XauReadAuth="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_XauReadAuth=no"
-	eval "LIB_XauReadAuth="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-LIBS="$LIB_XauReadAauth $LIBS"
-
-
-
-echo "$as_me:$LINENO: checking for XauFileName" >&5
-echo $ECHO_N "checking for XauFileName... $ECHO_C" >&6
-if test "${ac_cv_funclib_XauFileName+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauFileName()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauFileName"
-
-if false; then
-
-for ac_func in XauFileName
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauFileName
-eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauFileName=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauFileName=yes"
-	eval "LIB_XauFileName="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_XauFileName=no"
-	eval "LIB_XauFileName="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_XauFileName=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-LIBS="$ac_xxx"
-
-case "$ac_cv_funclib_XauWriteAuth" in
-yes)	;;
-no)	;;
-*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	else
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	fi
-	;;
-esac
-
-if test "$AUTOMAKE" != ""; then
-
-
-if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-  NEED_WRITEAUTH_TRUE=
-  NEED_WRITEAUTH_FALSE='#'
-else
-  NEED_WRITEAUTH_TRUE='#'
-  NEED_WRITEAUTH_FALSE=
-fi
-
-else
-
-
-	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-		NEED_WRITEAUTH_TRUE=
-		NEED_WRITEAUTH_FALSE='#'
-	else
-		NEED_WRITEAUTH_TRUE='#'
-		NEED_WRITEAUTH_FALSE=
-	fi
-fi
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-
-
-
-echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
-if test "${ac_cv_c_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this.  */
-  typedef int charset[2];
-  const charset x;
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *ccp;
-  char **p;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  ccp = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++ccp;
-  p = (char**) ccp;
-  ccp = (char const *const *) p;
-  { /* SCO 3.2v4 cc rejects this.  */
-    char *t;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; };
-    struct s *b; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-  }
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_const=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6
-if test $ac_cv_c_const = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for off_t" >&5
-echo $ECHO_N "checking for off_t... $ECHO_C" >&6
-if test "${ac_cv_type_off_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((off_t *) 0)
-  return 0;
-if (sizeof (off_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_off_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_off_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5
-echo "${ECHO_T}$ac_cv_type_off_t" >&6
-if test $ac_cv_type_off_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define off_t long
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for mode_t" >&5
-echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
-if test "${ac_cv_type_mode_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-  ac_cv_type_mode_t=yes
-else
-  ac_cv_type_mode_t=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5
-echo "${ECHO_T}$ac_cv_type_mode_t" >&6
-if test $ac_cv_type_mode_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define mode_t unsigned short
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
-echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
-if test "${ac_cv_type_sig_atomic_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <signal.h>
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-  ac_cv_type_sig_atomic_t=yes
-else
-  ac_cv_type_sig_atomic_t=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
-echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
-if test $ac_cv_type_sig_atomic_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define sig_atomic_t int
-_ACEOF
-
-fi
-
-
-
-cv=`echo "long long" | sed 'y%./+- %__p__%'`
-echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-long long foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:$LINENO: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if test "${ac_cv_type_long_long+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((long long *) 0)
-  return 0;
-if (sizeof (long long))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_long_long=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6
-if test $ac_cv_type_long_long = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
-if test "${ac_cv_header_time+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_header_time=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_header_time=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
-echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
-if test "${ac_cv_struct_tm+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct tm *tp; tp->tm_sec;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_struct_tm=time.h
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_tm=sys/time.h
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
-echo "${ECHO_T}$ac_cv_struct_tm" >&6
-if test $ac_cv_struct_tm = sys/time.h; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TM_IN_SYS_TIME 1
-_ACEOF
-
-fi
-
-
-echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
-if test "${ac_cv_header_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_cv_header_stdc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_cv_header_stdc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "memchr" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "free" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <ctype.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
-                     || ('j' <= (c) && (c) <= 'r') \
-                     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-        || toupper (i) != TOUPPER (i))
-      exit(2);
-  exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in \
-	arpa/ftp.h				\
-	arpa/telnet.h				\
-	bind/bitypes.h				\
-	bsdsetjmp.h				\
-	curses.h				\
-	dlfcn.h					\
-	fnmatch.h				\
-	inttypes.h				\
-	io.h					\
-	libutil.h				\
-	limits.h				\
-	maillock.h				\
-	netgroup.h				\
-	netinet/in6_machtypes.h			\
-	netinfo/ni.h				\
-	pthread.h				\
-	pty.h					\
-	sac.h					\
-	security/pam_modules.h			\
-	sgtty.h					\
-	siad.h					\
-	signal.h				\
-	stropts.h				\
-	sys/bitypes.h				\
-	sys/category.h				\
-	sys/file.h				\
-	sys/filio.h				\
-	sys/ioccom.h				\
-	sys/mman.h				\
-	sys/pty.h				\
-	sys/ptyio.h				\
-	sys/ptyvar.h				\
-	sys/select.h				\
-	sys/str_tty.h				\
-	sys/stream.h				\
-	sys/stropts.h				\
-	sys/strtty.h				\
-	sys/syscall.h				\
-	sys/termio.h				\
-	sys/timeb.h				\
-	sys/times.h				\
-	sys/un.h				\
-	term.h					\
-	termcap.h				\
-	termio.h				\
-	time.h					\
-	tmpdir.h				\
-	udb.h					\
-	utmp.h					\
-	utmpx.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-# Check whether --enable-netinfo or --disable-netinfo was given.
-if test "${enable_netinfo+set}" = set; then
-  enableval="$enable_netinfo"
-
-fi;
-
-if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NETINFO 1
-_ACEOF
-
-fi
-
-
-
-
-
-echo "$as_me:$LINENO: checking for logwtmp" >&5
-echo $ECHO_N "checking for logwtmp... $ECHO_C" >&6
-if test "${ac_cv_funclib_logwtmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-logwtmp()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_logwtmp"
-
-if false; then
-
-for ac_func in logwtmp
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# logwtmp
-eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_logwtmp=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_logwtmp=yes"
-	eval "LIB_logwtmp="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_logwtmp=no"
-	eval "LIB_logwtmp="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_logwtmp=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:$LINENO: checking for logout" >&5
-echo $ECHO_N "checking for logout... $ECHO_C" >&6
-if test "${ac_cv_funclib_logout+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_logout\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-logout()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_logout"
-
-if false; then
-
-for ac_func in logout
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# logout
-eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_logout=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_logout=yes"
-	eval "LIB_logout="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_logout=no"
-	eval "LIB_logout="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_logout=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:$LINENO: checking for openpty" >&5
-echo $ECHO_N "checking for openpty... $ECHO_C" >&6
-if test "${ac_cv_funclib_openpty+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_openpty\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-openpty()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_openpty=$ac_lib; else ac_cv_funclib_openpty=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_openpty=\${ac_cv_funclib_openpty-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_openpty"
-
-if false; then
-
-for ac_func in openpty
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# openpty
-eval "ac_tr_func=HAVE_`echo openpty | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_openpty=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_openpty=yes"
-	eval "LIB_openpty="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_openpty=no"
-	eval "LIB_openpty="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_openpty=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:$LINENO: checking for tgetent" >&5
-echo $ECHO_N "checking for tgetent... $ECHO_C" >&6
-if test "${ac_cv_funclib_tgetent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" termcap ncurses curses; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-tgetent()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_tgetent"
-
-if false; then
-
-for ac_func in tgetent
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# tgetent
-eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_tgetent=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_tgetent=yes"
-	eval "LIB_tgetent="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_tgetent=no"
-	eval "LIB_tgetent="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_tgetent=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in 				\
-	_getpty					\
-	_scrsize				\
-	fcntl					\
-	grantpt					\
-	mktime					\
-	ptsname					\
-	rand					\
-	revoke					\
-	select					\
-	setitimer				\
-	setpcred				\
-	setpgid					\
-	setproctitle				\
-	setregid				\
-	setresgid				\
-	setresuid				\
-	setreuid				\
-	setsid					\
-	setutent				\
-	sigaction				\
-	strstr					\
-	timegm					\
-	ttyname					\
-	ttyslot					\
-	umask					\
-	unlockpt				\
-	vhangup					\
-	yp_get_default_domain			\
-
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-for ac_header in stdlib.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-for ac_func in getpagesize
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-echo "$as_me:$LINENO: checking for working mmap" >&5
-echo $ECHO_N "checking for working mmap... $ECHO_C" >&6
-if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_mmap_fixed_mapped=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-/* malloc might have been renamed as rpl_malloc. */
-#undef malloc
-
-/* Thanks to Mike Haertel and Jim Avera for this test.
-   Here is a matrix of mmap possibilities:
-	mmap private not fixed
-	mmap private fixed at somewhere currently unmapped
-	mmap private fixed at somewhere already mapped
-	mmap shared not fixed
-	mmap shared fixed at somewhere currently unmapped
-	mmap shared fixed at somewhere already mapped
-   For private mappings, we should verify that changes cannot be read()
-   back from the file, nor mmap's back from the file at a different
-   address.  (There have been systems where private was not correctly
-   implemented like the infamous i386 svr4.0, and systems where the
-   VM page cache was not coherent with the file system buffer cache
-   like early versions of FreeBSD and possibly contemporary NetBSD.)
-   For shared mappings, we should conversely verify that changes get
-   propagated back to all the places they're supposed to be.
-
-   Grep wants private fixed already mapped.
-   The main things grep needs to know about mmap are:
-   * does it exist and is it safe to write into the mmap'd area
-   * how to use it (BSD variants)  */
-
-#include <fcntl.h>
-#include <sys/mman.h>
-
-#if !STDC_HEADERS && !HAVE_STDLIB_H
-char *malloc ();
-#endif
-
-/* This mess was copied from the GNU getpagesize.h.  */
-#if !HAVE_GETPAGESIZE
-/* Assume that all systems that can run configure have sys/param.h.  */
-# if !HAVE_SYS_PARAM_H
-#  define HAVE_SYS_PARAM_H 1
-# endif
-
-# ifdef _SC_PAGESIZE
-#  define getpagesize() sysconf(_SC_PAGESIZE)
-# else /* no _SC_PAGESIZE */
-#  if HAVE_SYS_PARAM_H
-#   include <sys/param.h>
-#   ifdef EXEC_PAGESIZE
-#    define getpagesize() EXEC_PAGESIZE
-#   else /* no EXEC_PAGESIZE */
-#    ifdef NBPG
-#     define getpagesize() NBPG * CLSIZE
-#     ifndef CLSIZE
-#      define CLSIZE 1
-#     endif /* no CLSIZE */
-#    else /* no NBPG */
-#     ifdef NBPC
-#      define getpagesize() NBPC
-#     else /* no NBPC */
-#      ifdef PAGESIZE
-#       define getpagesize() PAGESIZE
-#      endif /* PAGESIZE */
-#     endif /* no NBPC */
-#    endif /* no NBPG */
-#   endif /* no EXEC_PAGESIZE */
-#  else /* no HAVE_SYS_PARAM_H */
-#   define getpagesize() 8192	/* punt totally */
-#  endif /* no HAVE_SYS_PARAM_H */
-# endif /* no _SC_PAGESIZE */
-
-#endif /* no HAVE_GETPAGESIZE */
-
-int
-main ()
-{
-  char *data, *data2, *data3;
-  int i, pagesize;
-  int fd;
-
-  pagesize = getpagesize ();
-
-  /* First, make a file with some known garbage in it. */
-  data = (char *) malloc (pagesize);
-  if (!data)
-    exit (1);
-  for (i = 0; i < pagesize; ++i)
-    *(data + i) = rand ();
-  umask (0);
-  fd = creat ("conftest.mmap", 0600);
-  if (fd < 0)
-    exit (1);
-  if (write (fd, data, pagesize) != pagesize)
-    exit (1);
-  close (fd);
-
-  /* Next, try to mmap the file at a fixed address which already has
-     something else allocated at it.  If we can, also make sure that
-     we see the same garbage.  */
-  fd = open ("conftest.mmap", O_RDWR);
-  if (fd < 0)
-    exit (1);
-  data2 = (char *) malloc (2 * pagesize);
-  if (!data2)
-    exit (1);
-  data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1);
-  if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
-                     MAP_PRIVATE | MAP_FIXED, fd, 0L))
-    exit (1);
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data2 + i))
-      exit (1);
-
-  /* Finally, make sure that changes to the mapped area do not
-     percolate back to the file as seen by read().  (This is a bug on
-     some variants of i386 svr4.0.)  */
-  for (i = 0; i < pagesize; ++i)
-    *(data2 + i) = *(data2 + i) + 1;
-  data3 = (char *) malloc (pagesize);
-  if (!data3)
-    exit (1);
-  if (read (fd, data3, pagesize) != pagesize)
-    exit (1);
-  for (i = 0; i < pagesize; ++i)
-    if (*(data + i) != *(data3 + i))
-      exit (1);
-  close (fd);
-  exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_mmap_fixed_mapped=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_mmap_fixed_mapped=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
-echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6
-if test $ac_cv_func_mmap_fixed_mapped = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_MMAP 1
-_ACEOF
-
-fi
-rm -f conftest.mmap
-
-
-
-
-
-
-for ac_header in capability.h sys/capability.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-for ac_func in sgi_getcapabilitybyname cap_set_proc
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for getpwnam_r" >&5
-echo $ECHO_N "checking for getpwnam_r... $ECHO_C" >&6
-if test "${ac_cv_funclib_getpwnam_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" c_r; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getpwnam_r()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getpwnam_r"
-
-if false; then
-
-for ac_func in getpwnam_r
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getpwnam_r
-eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getpwnam_r=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getpwnam_r=yes"
-	eval "LIB_getpwnam_r="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getpwnam_r=no"
-	eval "LIB_getpwnam_r="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getpwnam_r=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	echo "$as_me:$LINENO: checking if getpwnam_r is posix" >&5
-echo $ECHO_N "checking if getpwnam_r is posix... $ECHO_C" >&6
-if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <pwd.h>
-int main()
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getpwnam_r_posix=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getpwnam_r_posix=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-LIBS="$ac_libs"
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getpwnam_r_posix" >&5
-echo "${ECHO_T}$ac_cv_func_getpwnam_r_posix" >&6
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define POSIX_GETPWNAM_R 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-for ac_func in getudbnam setlim
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_addr in struct utmp" >&5
-echo $ECHO_N "checking for ut_addr in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_addr;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_addr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_addr=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_addr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_addr" >&6
-if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_ADDR 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_host in struct utmp" >&5
-echo $ECHO_N "checking for ut_host in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_host;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_host=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_host=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_host" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_host" >&6
-if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_HOST 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_id in struct utmp" >&5
-echo $ECHO_N "checking for ut_id in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_id;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_id=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_id=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_id" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_id" >&6
-if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_ID 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_pid in struct utmp" >&5
-echo $ECHO_N "checking for ut_pid in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_pid;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_pid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_pid=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_pid" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_pid" >&6
-if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_PID 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_type in struct utmp" >&5
-echo $ECHO_N "checking for ut_type in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_type;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_type=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_type=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_type" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_type" >&6
-if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_TYPE 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_user in struct utmp" >&5
-echo $ECHO_N "checking for ut_user in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_user;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_user=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_user=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_user" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_user" >&6
-if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_USER 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_exit in struct utmpx" >&5
-echo $ECHO_N "checking for ut_exit in struct utmpx... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmpx x; x.ut_exit;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmpx_ut_exit=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmpx_ut_exit=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_exit" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_exit" >&6
-if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMPX_UT_EXIT 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:$LINENO: checking for ut_syslen in struct utmpx" >&5
-echo $ECHO_N "checking for ut_syslen in struct utmpx... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmpx x; x.ut_syslen;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmpx_ut_syslen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmpx_ut_syslen=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_syslen" >&6
-if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1
-_ACEOF
-
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking for int8_t" >&5
-echo $ECHO_N "checking for int8_t... $ECHO_C" >&6
-if test "${ac_cv_type_int8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int8_t *) 0)
-  return 0;
-if (sizeof (int8_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int8_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_int8_t" >&6
-if test $ac_cv_type_int8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT8_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for int16_t" >&5
-echo $ECHO_N "checking for int16_t... $ECHO_C" >&6
-if test "${ac_cv_type_int16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int16_t *) 0)
-  return 0;
-if (sizeof (int16_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int16_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_int16_t" >&6
-if test $ac_cv_type_int16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT16_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for int32_t" >&5
-echo $ECHO_N "checking for int32_t... $ECHO_C" >&6
-if test "${ac_cv_type_int32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int32_t *) 0)
-  return 0;
-if (sizeof (int32_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int32_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_int32_t" >&6
-if test $ac_cv_type_int32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT32_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for int64_t" >&5
-echo $ECHO_N "checking for int64_t... $ECHO_C" >&6
-if test "${ac_cv_type_int64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int64_t *) 0)
-  return 0;
-if (sizeof (int64_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int64_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_int64_t" >&6
-if test $ac_cv_type_int64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT64_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for u_int8_t" >&5
-echo $ECHO_N "checking for u_int8_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int8_t *) 0)
-  return 0;
-if (sizeof (u_int8_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int8_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_u_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int8_t" >&6
-if test $ac_cv_type_u_int8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT8_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for u_int16_t" >&5
-echo $ECHO_N "checking for u_int16_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int16_t *) 0)
-  return 0;
-if (sizeof (u_int16_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int16_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_u_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int16_t" >&6
-if test $ac_cv_type_u_int16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT16_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for u_int32_t" >&5
-echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int32_t *) 0)
-  return 0;
-if (sizeof (u_int32_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int32_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_u_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6
-if test $ac_cv_type_u_int32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT32_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for u_int64_t" >&5
-echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int64_t *) 0)
-  return 0;
-if (sizeof (u_int64_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int64_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_u_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6
-if test $ac_cv_type_u_int64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT64_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for uint8_t" >&5
-echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint8_t *) 0)
-  return 0;
-if (sizeof (uint8_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint8_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint8_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint8_t" >&6
-if test $ac_cv_type_uint8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT8_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for uint16_t" >&5
-echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint16_t *) 0)
-  return 0;
-if (sizeof (uint16_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint16_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint16_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint16_t" >&6
-if test $ac_cv_type_uint16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT16_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for uint32_t" >&5
-echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint32_t *) 0)
-  return 0;
-if (sizeof (uint32_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint32_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint32_t" >&6
-if test $ac_cv_type_uint32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT32_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:$LINENO: checking for uint64_t" >&5
-echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint64_t *) 0)
-  return 0;
-if (sizeof (uint64_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint64_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint64_t" >&6
-if test $ac_cv_type_uint64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT64_T 1
-_ACEOF
-
-
-fi
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking for el_init" >&5
-echo $ECHO_N "checking for el_init... $ECHO_C" >&6
-if test "${ac_cv_funclib_el_init+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" edit; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-el_init()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_el_init"
-
-if false; then
-
-for ac_func in el_init
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# el_init
-eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_el_init=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_el_init=yes"
-	eval "LIB_el_init="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_el_init=no"
-	eval "LIB_el_init="
-	echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_el_init=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test "$ac_cv_func_el_init" = yes ; then
-	echo "$as_me:$LINENO: checking for four argument el_init" >&5
-echo $ECHO_N "checking for four argument el_init... $ECHO_C" >&6
-if test "${ac_cv_func_el_init_four+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-		cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdio.h>
-			#include <histedit.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-el_init("", NULL, NULL, NULL);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_el_init_four=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_el_init_four=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_el_init_four" >&5
-echo "${ECHO_T}$ac_cv_func_el_init_four" >&6
-	if test "$ac_cv_func_el_init_four" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_FOUR_VALUED_EL_INIT 1
-_ACEOF
-
-	fi
-fi
-
-
-ac_foo=no
-if test "$with_readline" = yes; then
-	:
-elif test "$ac_cv_func_readline" = yes; then
-	:
-elif test "$ac_cv_func_el_init" = yes; then
-	ac_foo=yes
-	LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
-else
-	LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
-fi
-
-
-if test "$ac_foo" = yes; then
-  el_compat_TRUE=
-  el_compat_FALSE='#'
-else
-  el_compat_TRUE='#'
-  el_compat_FALSE=
-fi
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_READLINE 1
-_ACEOF
-
-
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define AUTHENTICATION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define ENCRYPTION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define DES_ENCRYPTION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define DIAGNOSTICS 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define OLD_ENVIRON 1
-_ACEOF
-if false; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENV_HACK 1
-_ACEOF
-
-fi
-
-# Simple test for streamspty, based on the existance of getmsg(), alas
-# this breaks on SunOS4 which have streams but BSD-like ptys
-#
-# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
-
-case "$host" in
-*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[01]*)
-	;;
-*)
-	echo "$as_me:$LINENO: checking for getmsg" >&5
-echo $ECHO_N "checking for getmsg... $ECHO_C" >&6
-if test "${ac_cv_func_getmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getmsg) || defined (__stub___getmsg)
-choke me
-#else
-f = getmsg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getmsg=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getmsg" >&5
-echo "${ECHO_T}$ac_cv_func_getmsg" >&6
-
-	if test "$ac_cv_func_getmsg" = "yes"; then
-		echo "$as_me:$LINENO: checking if getmsg works" >&5
-echo $ECHO_N "checking if getmsg works... $ECHO_C" >&6
-if test "${ac_cv_func_getmsg_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_getmsg_works=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-			#include <stdio.h>
-			#include <errno.h>
-
-			int main()
-			{
-			  int ret;
-			  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-			  if(ret < 0 && errno == ENOSYS)
-			    return 1;
-			  return 0;
-			}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getmsg_works=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getmsg_works=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getmsg_works" >&5
-echo "${ECHO_T}$ac_cv_func_getmsg_works" >&6
-		if test "$ac_cv_func_getmsg_works" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GETMSG 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define STREAMSPTY 1
-_ACEOF
-
-		fi
-	fi
-	;;
-esac
-
-
-
-
-
-
-
-# Extract the first word of "compile_et", so it can be a program name with args.
-set dummy compile_et; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_COMPILE_ET+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$COMPILE_ET"; then
-  ac_cv_prog_COMPILE_ET="$COMPILE_ET" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_COMPILE_ET="compile_et"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-COMPILE_ET=$ac_cv_prog_COMPILE_ET
-if test -n "$COMPILE_ET"; then
-  echo "$as_me:$LINENO: result: $COMPILE_ET" >&5
-echo "${ECHO_T}$COMPILE_ET" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-krb_cv_compile_et="no"
-krb_cv_com_err_need_r=""
-if test "${COMPILE_ET}" = "compile_et"; then
-
-echo "$as_me:$LINENO: checking whether compile_et has the features we need" >&5
-echo $ECHO_N "checking whether compile_et has the features we need... $ECHO_C" >&6
-cat > conftest_et.et <<'EOF'
-error_table conf
-prefix CONFTEST
-index 1
-error_code CODE1, "CODE1"
-index 128
-error_code CODE2, "CODE2"
-end
-EOF
-if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
-    save_CPPFLAGS="${save_CPPFLAGS}"
-  if test -d "/usr/include/et"; then
-    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
-  fi
-    if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <com_err.h>
-#include <string.h>
-#include "conftest_et.h"
-int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_compile_et="yes"
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-CPPFLAGS="${save_CPPFLAGS}"
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:$LINENO: result: ${krb_cv_compile_et}" >&5
-echo "${ECHO_T}${krb_cv_compile_et}" >&6
-if test "${krb_cv_compile_et}" = "yes"; then
-  echo "$as_me:$LINENO: checking for if com_err needs to have a initialize_error_table_r" >&5
-echo $ECHO_N "checking for if com_err needs to have a initialize_error_table_r... $ECHO_C" >&6
-  save2_CPPFLAGS="$CPPFLAGS"
-  CPPFLAGS="$CPPFLAGS"
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include "conftest_et.c"
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "initialize_error_table_r" >/dev/null 2>&1; then
-  krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);"
-      CPPFLAGS="$save2_CPPFLAGS"
-else
-  CPPFLAGS="${save_CPPFLAGS}"
-fi
-rm -f conftest*
-
-  if test X"$krb_cv_com_err_need_r" = X ; then
-    echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-  else
-    echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-  fi
-fi
-rm -fr conftest*
-fi
-
-if test "${krb_cv_compile_et}" = "yes"; then
-    krb_cv_save_LIBS="${LIBS}"
-  LIBS="${LIBS} -lcom_err"
-  echo "$as_me:$LINENO: checking for com_err" >&5
-echo $ECHO_N "checking for com_err... $ECHO_C" >&6
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <com_err.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-    const char *p;
-    p = error_message(0);
-    $krb_cv_com_err_need_r
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_com_err="yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-  echo "$as_me:$LINENO: result: ${krb_cv_com_err}" >&5
-echo "${ECHO_T}${krb_cv_com_err}" >&6
-  LIBS="${krb_cv_save_LIBS}"
-else
-    krb_cv_com_err="no"
-fi
-
-if test "${krb_cv_com_err}" = "yes"; then
-    DIR_com_err=""
-    LIB_com_err="-lcom_err"
-    LIB_com_err_a=""
-    LIB_com_err_so=""
-    { echo "$as_me:$LINENO: Using the already-installed com_err" >&5
-echo "$as_me: Using the already-installed com_err" >&6;}
-else
-    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    { echo "$as_me:$LINENO: Using our own com_err" >&5
-echo "$as_me: Using our own com_err" >&6;}
-fi
-
-
-
-
-
-
-
-
-echo "$as_me:$LINENO: checking which authentication modules should be built" >&5
-echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6
-
-z='sia afskauthlib'
-LIB_AUTH_SUBDIRS=
-for i in $z; do
-case $i in
-sia)
-if test "$ac_cv_header_siad_h" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
-fi
-;;
-pam)
-case "${host}" in
-*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
-*)		ac_cv_want_pam_krb4=yes ;;
-esac
-
-if test "$ac_cv_want_pam_krb4" = yes -a \
-    "$ac_cv_header_security_pam_modules_h" = yes -a \
-    "$enable_shared" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
-fi
-;;
-afskauthlib)
-case "${host}" in
-*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
-esac
-;;
-esac
-done
-if test "$LIB_AUTH_SUBDIRS"; then
-	echo "$as_me:$LINENO: result: $LIB_AUTH_SUBDIRS" >&5
-echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6
-else
-	echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6
-fi
-
-
-
-
-# This is done by AC_OUTPUT but we need the result here.
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-
-	x="${bindir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define BINDIR "$x"
-_ACEOF
-
-	x="${libdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LIBDIR "$x"
-_ACEOF
-
-	x="${libexecdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LIBEXECDIR "$x"
-_ACEOF
-
-	x="${localstatedir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LOCALSTATEDIR "$x"
-_ACEOF
-
-	x="${sbindir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define SBINDIR "$x"
-_ACEOF
-
-	x="${sysconfdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define SYSCONFDIR "$x"
-_ACEOF
-
-
-
-LTLIBOBJS=`echo "$LIBOBJS" |
-	sed 's,\.[^.]* ,.lo ,g;s,\.[^.]*$,.lo,'`
-
-
-
-
-
-ac_config_files="$ac_config_files Makefile include/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/des/Makefile lib/editline/Makefile lib/gssapi/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile doc/Makefile tools/Makefile"
-
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems.  If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overriden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-{
-  (set) 2>&1 |
-    case `(ac_space=' '; set | grep ac_space) 2>&1` in
-    *ac_space=\ *)
-      # `set' does not quote correctly, so add quotes (double-quote
-      # substitution turns \\\\ into \\, and sed turns \\ into \).
-      sed -n \
-        "s/'/'\\\\''/g;
-    	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
-      ;;
-    *)
-      # `set' quotes correctly as required by POSIX, so do not add quotes.
-      sed -n \
-        "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
-      ;;
-    esac;
-} |
-  sed '
-     t clear
-     : clear
-     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
-     t end
-     /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
-     : end' >>confcache
-if cmp -s $cache_file confcache; then :; else
-  if test -w $cache_file; then
-    test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
-    cat confcache >$cache_file
-  else
-    echo "not updating unwritable cache $cache_file"
-  fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
-  ac_vpsub='/^[ 	]*VPATH[ 	]*=/{
-s/:*\$(srcdir):*/:/;
-s/:*\${srcdir}:*/:/;
-s/:*@srcdir@:*/:/;
-s/^\([^=]*=[ 	]*\):*/\1/;
-s/:*$//;
-s/^[^=]*=[ 	]*$//;
-}'
-fi
-
-DEFS=-DHAVE_CONFIG_H
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KRB4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"KRB5\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KRB5\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"do_roken_rename\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"do_roken_rename\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"DCE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"DCE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB1\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DB1\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DB3_TRUE}" && test -z "${HAVE_DB3_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB3\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DB3\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_NDBM_TRUE}" && test -z "${HAVE_NDBM_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_NDBM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_NDBM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_err_h_TRUE}" && test -z "${have_err_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_err_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_err_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_fnmatch_h_TRUE}" && test -z "${have_fnmatch_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_fnmatch_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_fnmatch_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_ifaddrs_h_TRUE}" && test -z "${have_ifaddrs_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_ifaddrs_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_ifaddrs_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_vis_h_TRUE}" && test -z "${have_vis_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_vis_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_vis_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_glob_h_TRUE}" && test -z "${have_glob_h_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"have_glob_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_glob_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"OTP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"OTP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${CATMAN_TRUE}" && test -z "${CATMAN_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"CATMAN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"CATMAN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX_TRUE}" && test -z "${AIX_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX4_TRUE}" && test -z "${AIX4_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AIX4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DLOPEN_TRUE}" && test -z "${HAVE_DLOPEN_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_DLOPEN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DLOPEN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX_DYNAMIC_AFS_TRUE}" && test -z "${AIX_DYNAMIC_AFS_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${IRIX_TRUE}" && test -z "${IRIX_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"IRIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"IRIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_X_TRUE}" && test -z "${HAVE_X_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"HAVE_X\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_X\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${NEED_WRITEAUTH_TRUE}" && test -z "${NEED_WRITEAUTH_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"NEED_WRITEAUTH\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"NEED_WRITEAUTH\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then
-  { { echo "$as_me:$LINENO: error: conditional \"el_compat\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"el_compat\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-: ${CONFIG_STATUS=./config.status}
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
-    { $as_unset LANG || test "${LANG+set}" != set; } ||
-      { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
-    { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
-      { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
-    { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
-      { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
-    { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
-      { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
-    { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
-      { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
-    { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
-      { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
-    { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
-      { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
-    { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
-      { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conftest.sh
-  echo  "exit 0"   >>conftest.sh
-  chmod +x conftest.sh
-  if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conftest.sh
-fi
-
-
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
-echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
-	 /*)
-	   if ("$as_dir/$as_base" -c '
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
-
-  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that $LINENO is not a special case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
-    sed '
-      N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
-      t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
-    ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
-    { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
-  # Exit status is that of the last command.
-  exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-exec 6>&1
-
-# Open the log real soon, to keep \$[0] and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.  Logging --version etc. is OK.
-exec 5>>config.log
-{
-  echo
-  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
-} >&5
-cat >&5 <<_CSEOF
-
-This file was extended by Heimdal $as_me 0.6, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  CONFIG_FILES    = $CONFIG_FILES
-  CONFIG_HEADERS  = $CONFIG_HEADERS
-  CONFIG_LINKS    = $CONFIG_LINKS
-  CONFIG_COMMANDS = $CONFIG_COMMANDS
-  $ $0 $@
-
-_CSEOF
-echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-echo >&5
-_ACEOF
-
-# Files that config.status was made for.
-if test -n "$ac_config_files"; then
-  echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_headers"; then
-  echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_links"; then
-  echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_commands"; then
-  echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
-
-Usage: $0 [OPTIONS] [FILE]...
-
-  -h, --help       print this help, then exit
-  -V, --version    print version number, then exit
-  -d, --debug      don't remove temporary files
-      --recheck    update $as_me by reconfiguring in the same conditions
-  --file=FILE[:TEMPLATE]
-                   instantiate the configuration file FILE
-  --header=FILE[:TEMPLATE]
-                   instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Configuration commands:
-$config_commands
-
-Report bugs to <bug-autoconf@gnu.org>."
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-ac_cs_version="\\
-Heimdal config.status 0.6
-configured by $0, generated by GNU Autoconf 2.53,
-  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-srcdir=$srcdir
-INSTALL="$INSTALL"
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value.  By we need to know if files were specified by the user.
-ac_need_defaults=:
-while test $# != 0
-do
-  case $1 in
-  --*=*)
-    ac_option=`expr "x$1" : 'x\([^=]*\)='`
-    ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
-    shift
-    set dummy "$ac_option" "$ac_optarg" ${1+"$@"}
-    shift
-    ;;
-  -*);;
-  *) # This is not an option, so the user has probably given explicit
-     # arguments.
-     ac_need_defaults=false;;
-  esac
-
-  case $1 in
-  # Handling of the options.
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-    echo "running $SHELL $0 " $ac_configure_args " --no-create --no-recursion"
-    exec $SHELL $0 $ac_configure_args --no-create --no-recursion ;;
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-  --version | --vers* | -V )
-    echo "$ac_cs_version"; exit 0 ;;
-  --he | --h)
-    # Conflict between --help and --header
-    { { echo "$as_me:$LINENO: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; };;
-  --help | --hel | -h )
-    echo "$ac_cs_usage"; exit 0 ;;
-  --debug | --d* | -d )
-    debug=: ;;
-  --file | --fil | --fi | --f )
-    shift
-    CONFIG_FILES="$CONFIG_FILES $1"
-    ac_need_defaults=false;;
-  --header | --heade | --head | --hea )
-    shift
-    CONFIG_HEADERS="$CONFIG_HEADERS $1"
-    ac_need_defaults=false;;
-
-  # This is an error.
-  -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; } ;;
-
-  *) ac_config_targets="$ac_config_targets $1" ;;
-
-  esac
-  shift
-done
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-#
-# INIT-COMMANDS section.
-#
-
-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
-
-_ACEOF
-
-
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_config_target in $ac_config_targets
-do
-  case "$ac_config_target" in
-  # Handling of arguments.
-  "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-  "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
-  "include/kadm5/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/kadm5/Makefile" ;;
-  "lib/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
-  "lib/45/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/45/Makefile" ;;
-  "lib/auth/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;;
-  "lib/auth/afskauthlib/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/afskauthlib/Makefile" ;;
-  "lib/auth/pam/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/pam/Makefile" ;;
-  "lib/auth/sia/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/sia/Makefile" ;;
-  "lib/asn1/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/asn1/Makefile" ;;
-  "lib/com_err/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/com_err/Makefile" ;;
-  "lib/des/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/des/Makefile" ;;
-  "lib/editline/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/editline/Makefile" ;;
-  "lib/gssapi/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile" ;;
-  "lib/hdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/hdb/Makefile" ;;
-  "lib/kadm5/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile" ;;
-  "lib/kafs/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kafs/Makefile" ;;
-  "lib/kdfs/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kdfs/Makefile" ;;
-  "lib/krb5/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile" ;;
-  "lib/otp/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;;
-  "lib/roken/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;;
-  "lib/sl/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;;
-  "lib/vers/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;;
-  "kuser/Makefile" ) CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;;
-  "kpasswd/Makefile" ) CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;;
-  "kadmin/Makefile" ) CONFIG_FILES="$CONFIG_FILES kadmin/Makefile" ;;
-  "admin/Makefile" ) CONFIG_FILES="$CONFIG_FILES admin/Makefile" ;;
-  "kdc/Makefile" ) CONFIG_FILES="$CONFIG_FILES kdc/Makefile" ;;
-  "appl/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/Makefile" ;;
-  "appl/afsutil/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/afsutil/Makefile" ;;
-  "appl/ftp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/Makefile" ;;
-  "appl/ftp/common/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/common/Makefile" ;;
-  "appl/ftp/ftp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/ftp/Makefile" ;;
-  "appl/ftp/ftpd/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/ftpd/Makefile" ;;
-  "appl/kx/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/kx/Makefile" ;;
-  "appl/login/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/login/Makefile" ;;
-  "appl/otp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/otp/Makefile" ;;
-  "appl/popper/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/popper/Makefile" ;;
-  "appl/push/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/push/Makefile" ;;
-  "appl/rsh/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/rsh/Makefile" ;;
-  "appl/rcp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/rcp/Makefile" ;;
-  "appl/su/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/su/Makefile" ;;
-  "appl/xnlock/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/xnlock/Makefile" ;;
-  "appl/telnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/Makefile" ;;
-  "appl/telnet/libtelnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/libtelnet/Makefile" ;;
-  "appl/telnet/telnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/telnet/Makefile" ;;
-  "appl/telnet/telnetd/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/telnetd/Makefile" ;;
-  "appl/test/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/test/Makefile" ;;
-  "appl/kf/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/kf/Makefile" ;;
-  "appl/dceutils/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/dceutils/Makefile" ;;
-  "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
-  "tools/Makefile" ) CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
-  "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
-  "include/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
-  *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used.  Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
-  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
-fi
-
-# Create a temporary directory, and hook for its removal unless debugging.
-$debug ||
-{
-  trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
-  trap '{ (exit 1); exit 1; }' 1 2 13 15
-}
-
-# Create a (secure) tmp directory for tmp files.
-: ${TMPDIR=/tmp}
-{
-  tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` &&
-  test -n "$tmp" && test -d "$tmp"
-}  ||
-{
-  tmp=$TMPDIR/cs$$-$RANDOM
-  (umask 077 && mkdir $tmp)
-} ||
-{
-   echo "$me: cannot create a temporary directory in $TMPDIR" >&2
-   { (exit 1); exit 1; }
-}
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-
-#
-# CONFIG_FILES section.
-#
-
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
-if test -n "\$CONFIG_FILES"; then
-  # Protect against being on the right side of a sed subst in config.status.
-  sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
-   s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
-s,@SHELL@,$SHELL,;t t
-s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
-s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
-s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
-s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
-s,@exec_prefix@,$exec_prefix,;t t
-s,@prefix@,$prefix,;t t
-s,@program_transform_name@,$program_transform_name,;t t
-s,@bindir@,$bindir,;t t
-s,@sbindir@,$sbindir,;t t
-s,@libexecdir@,$libexecdir,;t t
-s,@datadir@,$datadir,;t t
-s,@sysconfdir@,$sysconfdir,;t t
-s,@sharedstatedir@,$sharedstatedir,;t t
-s,@localstatedir@,$localstatedir,;t t
-s,@libdir@,$libdir,;t t
-s,@includedir@,$includedir,;t t
-s,@oldincludedir@,$oldincludedir,;t t
-s,@infodir@,$infodir,;t t
-s,@mandir@,$mandir,;t t
-s,@build_alias@,$build_alias,;t t
-s,@host_alias@,$host_alias,;t t
-s,@target_alias@,$target_alias,;t t
-s,@DEFS@,$DEFS,;t t
-s,@ECHO_C@,$ECHO_C,;t t
-s,@ECHO_N@,$ECHO_N,;t t
-s,@ECHO_T@,$ECHO_T,;t t
-s,@LIBS@,$LIBS,;t t
-s,@CC@,$CC,;t t
-s,@CFLAGS@,$CFLAGS,;t t
-s,@LDFLAGS@,$LDFLAGS,;t t
-s,@CPPFLAGS@,$CPPFLAGS,;t t
-s,@ac_ct_CC@,$ac_ct_CC,;t t
-s,@EXEEXT@,$EXEEXT,;t t
-s,@OBJEXT@,$OBJEXT,;t t
-s,@CPP@,$CPP,;t t
-s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
-s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
-s,@INSTALL_DATA@,$INSTALL_DATA,;t t
-s,@PACKAGE@,$PACKAGE,;t t
-s,@VERSION@,$VERSION,;t t
-s,@ACLOCAL@,$ACLOCAL,;t t
-s,@AUTOCONF@,$AUTOCONF,;t t
-s,@AUTOMAKE@,$AUTOMAKE,;t t
-s,@AUTOHEADER@,$AUTOHEADER,;t t
-s,@MAKEINFO@,$MAKEINFO,;t t
-s,@AMTAR@,$AMTAR,;t t
-s,@install_sh@,$install_sh,;t t
-s,@STRIP@,$STRIP,;t t
-s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t
-s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
-s,@AWK@,$AWK,;t t
-s,@SET_MAKE@,$SET_MAKE,;t t
-s,@DEPDIR@,$DEPDIR,;t t
-s,@am__include@,$am__include,;t t
-s,@am__quote@,$am__quote,;t t
-s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t
-s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t
-s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
-s,@CCDEPMODE@,$CCDEPMODE,;t t
-s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t
-s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t
-s,@MAINT@,$MAINT,;t t
-s,@build@,$build,;t t
-s,@build_cpu@,$build_cpu,;t t
-s,@build_vendor@,$build_vendor,;t t
-s,@build_os@,$build_os,;t t
-s,@host@,$host,;t t
-s,@host_cpu@,$host_cpu,;t t
-s,@host_vendor@,$host_vendor,;t t
-s,@host_os@,$host_os,;t t
-s,@CANONICAL_HOST@,$CANONICAL_HOST,;t t
-s,@YACC@,$YACC,;t t
-s,@LEX@,$LEX,;t t
-s,@LEXLIB@,$LEXLIB,;t t
-s,@LEX_OUTPUT_ROOT@,$LEX_OUTPUT_ROOT,;t t
-s,@LN_S@,$LN_S,;t t
-s,@ECHO@,$ECHO,;t t
-s,@RANLIB@,$RANLIB,;t t
-s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
-s,@LIBTOOL@,$LIBTOOL,;t t
-s,@WFLAGS@,$WFLAGS,;t t
-s,@WFLAGS_NOUNUSED@,$WFLAGS_NOUNUSED,;t t
-s,@WFLAGS_NOIMPLICITINT@,$WFLAGS_NOIMPLICITINT,;t t
-s,@INCLUDE_openldap@,$INCLUDE_openldap,;t t
-s,@LIB_openldap@,$LIB_openldap,;t t
-s,@INCLUDE_krb4@,$INCLUDE_krb4,;t t
-s,@LIB_krb4@,$LIB_krb4,;t t
-s,@EXTRA_LIB45@,$EXTRA_LIB45,;t t
-s,@LIB_krb_enable_debug@,$LIB_krb_enable_debug,;t t
-s,@LIB_krb_disable_debug@,$LIB_krb_disable_debug,;t t
-s,@LIB_krb_get_our_ip_for_realm@,$LIB_krb_get_our_ip_for_realm,;t t
-s,@LIB_krb_kdctimeofday@,$LIB_krb_kdctimeofday,;t t
-s,@LIB_krb_get_kdc_time_diff@,$LIB_krb_get_kdc_time_diff,;t t
-s,@KRB4_TRUE@,$KRB4_TRUE,;t t
-s,@KRB4_FALSE@,$KRB4_FALSE,;t t
-s,@KRB5_TRUE@,$KRB5_TRUE,;t t
-s,@KRB5_FALSE@,$KRB5_FALSE,;t t
-s,@do_roken_rename_TRUE@,$do_roken_rename_TRUE,;t t
-s,@do_roken_rename_FALSE@,$do_roken_rename_FALSE,;t t
-s,@LIB_kdb@,$LIB_kdb,;t t
-s,@HAVE_OPENSSL_TRUE@,$HAVE_OPENSSL_TRUE,;t t
-s,@HAVE_OPENSSL_FALSE@,$HAVE_OPENSSL_FALSE,;t t
-s,@DIR_des@,$DIR_des,;t t
-s,@INCLUDE_des@,$INCLUDE_des,;t t
-s,@LIB_des@,$LIB_des,;t t
-s,@LIB_des_a@,$LIB_des_a,;t t
-s,@LIB_des_so@,$LIB_des_so,;t t
-s,@LIB_des_appl@,$LIB_des_appl,;t t
-s,@DCE_TRUE@,$DCE_TRUE,;t t
-s,@DCE_FALSE@,$DCE_FALSE,;t t
-s,@dpagaix_cflags@,$dpagaix_cflags,;t t
-s,@dpagaix_ldadd@,$dpagaix_ldadd,;t t
-s,@dpagaix_ldflags@,$dpagaix_ldflags,;t t
-s,@LIB_db_create@,$LIB_db_create,;t t
-s,@LIB_dbopen@,$LIB_dbopen,;t t
-s,@LIB_dbm_firstkey@,$LIB_dbm_firstkey,;t t
-s,@HAVE_DB1_TRUE@,$HAVE_DB1_TRUE,;t t
-s,@HAVE_DB1_FALSE@,$HAVE_DB1_FALSE,;t t
-s,@HAVE_DB3_TRUE@,$HAVE_DB3_TRUE,;t t
-s,@HAVE_DB3_FALSE@,$HAVE_DB3_FALSE,;t t
-s,@HAVE_NDBM_TRUE@,$HAVE_NDBM_TRUE,;t t
-s,@HAVE_NDBM_FALSE@,$HAVE_NDBM_FALSE,;t t
-s,@DBLIB@,$DBLIB,;t t
-s,@LIB_NDBM@,$LIB_NDBM,;t t
-s,@VOID_RETSIGTYPE@,$VOID_RETSIGTYPE,;t t
-s,@have_err_h_TRUE@,$have_err_h_TRUE,;t t
-s,@have_err_h_FALSE@,$have_err_h_FALSE,;t t
-s,@have_fnmatch_h_TRUE@,$have_fnmatch_h_TRUE,;t t
-s,@have_fnmatch_h_FALSE@,$have_fnmatch_h_FALSE,;t t
-s,@have_ifaddrs_h_TRUE@,$have_ifaddrs_h_TRUE,;t t
-s,@have_ifaddrs_h_FALSE@,$have_ifaddrs_h_FALSE,;t t
-s,@have_vis_h_TRUE@,$have_vis_h_TRUE,;t t
-s,@have_vis_h_FALSE@,$have_vis_h_FALSE,;t t
-s,@LIB_socket@,$LIB_socket,;t t
-s,@LIB_gethostbyname@,$LIB_gethostbyname,;t t
-s,@LIB_syslog@,$LIB_syslog,;t t
-s,@LIB_gethostbyname2@,$LIB_gethostbyname2,;t t
-s,@LIB_res_search@,$LIB_res_search,;t t
-s,@LIB_res_nsearch@,$LIB_res_nsearch,;t t
-s,@LIB_dn_expand@,$LIB_dn_expand,;t t
-s,@LIBOBJS@,$LIBOBJS,;t t
-s,@have_glob_h_TRUE@,$have_glob_h_TRUE,;t t
-s,@have_glob_h_FALSE@,$have_glob_h_FALSE,;t t
-s,@LIB_getsockopt@,$LIB_getsockopt,;t t
-s,@LIB_setsockopt@,$LIB_setsockopt,;t t
-s,@LIB_hstrerror@,$LIB_hstrerror,;t t
-s,@LIB_bswap16@,$LIB_bswap16,;t t
-s,@LIB_bswap32@,$LIB_bswap32,;t t
-s,@LIB_pidfile@,$LIB_pidfile,;t t
-s,@LIB_getaddrinfo@,$LIB_getaddrinfo,;t t
-s,@LIB_getnameinfo@,$LIB_getnameinfo,;t t
-s,@LIB_freeaddrinfo@,$LIB_freeaddrinfo,;t t
-s,@LIB_gai_strerror@,$LIB_gai_strerror,;t t
-s,@LIB_crypt@,$LIB_crypt,;t t
-s,@DIR_roken@,$DIR_roken,;t t
-s,@LIB_roken@,$LIB_roken,;t t
-s,@INCLUDES_roken@,$INCLUDES_roken,;t t
-s,@LIB_otp@,$LIB_otp,;t t
-s,@OTP_TRUE@,$OTP_TRUE,;t t
-s,@OTP_FALSE@,$OTP_FALSE,;t t
-s,@LIB_security@,$LIB_security,;t t
-s,@NROFF@,$NROFF,;t t
-s,@GROFF@,$GROFF,;t t
-s,@CATMAN@,$CATMAN,;t t
-s,@CATMAN_TRUE@,$CATMAN_TRUE,;t t
-s,@CATMAN_FALSE@,$CATMAN_FALSE,;t t
-s,@CATMANEXT@,$CATMANEXT,;t t
-s,@INCLUDE_readline@,$INCLUDE_readline,;t t
-s,@LIB_readline@,$LIB_readline,;t t
-s,@INCLUDE_hesiod@,$INCLUDE_hesiod,;t t
-s,@LIB_hesiod@,$LIB_hesiod,;t t
-s,@AIX_TRUE@,$AIX_TRUE,;t t
-s,@AIX_FALSE@,$AIX_FALSE,;t t
-s,@AIX4_TRUE@,$AIX4_TRUE,;t t
-s,@AIX4_FALSE@,$AIX4_FALSE,;t t
-s,@LIB_dlopen@,$LIB_dlopen,;t t
-s,@HAVE_DLOPEN_TRUE@,$HAVE_DLOPEN_TRUE,;t t
-s,@HAVE_DLOPEN_FALSE@,$HAVE_DLOPEN_FALSE,;t t
-s,@LIB_loadquery@,$LIB_loadquery,;t t
-s,@AIX_DYNAMIC_AFS_TRUE@,$AIX_DYNAMIC_AFS_TRUE,;t t
-s,@AIX_DYNAMIC_AFS_FALSE@,$AIX_DYNAMIC_AFS_FALSE,;t t
-s,@AIX_EXTRA_KAFS@,$AIX_EXTRA_KAFS,;t t
-s,@IRIX_TRUE@,$IRIX_TRUE,;t t
-s,@IRIX_FALSE@,$IRIX_FALSE,;t t
-s,@X_CFLAGS@,$X_CFLAGS,;t t
-s,@X_PRE_LIBS@,$X_PRE_LIBS,;t t
-s,@X_LIBS@,$X_LIBS,;t t
-s,@X_EXTRA_LIBS@,$X_EXTRA_LIBS,;t t
-s,@HAVE_X_TRUE@,$HAVE_X_TRUE,;t t
-s,@HAVE_X_FALSE@,$HAVE_X_FALSE,;t t
-s,@LIB_XauWriteAuth@,$LIB_XauWriteAuth,;t t
-s,@LIB_XauReadAuth@,$LIB_XauReadAuth,;t t
-s,@LIB_XauFileName@,$LIB_XauFileName,;t t
-s,@NEED_WRITEAUTH_TRUE@,$NEED_WRITEAUTH_TRUE,;t t
-s,@NEED_WRITEAUTH_FALSE@,$NEED_WRITEAUTH_FALSE,;t t
-s,@LIB_logwtmp@,$LIB_logwtmp,;t t
-s,@LIB_logout@,$LIB_logout,;t t
-s,@LIB_openpty@,$LIB_openpty,;t t
-s,@LIB_tgetent@,$LIB_tgetent,;t t
-s,@LIB_getpwnam_r@,$LIB_getpwnam_r,;t t
-s,@LIB_el_init@,$LIB_el_init,;t t
-s,@el_compat_TRUE@,$el_compat_TRUE,;t t
-s,@el_compat_FALSE@,$el_compat_FALSE,;t t
-s,@COMPILE_ET@,$COMPILE_ET,;t t
-s,@DIR_com_err@,$DIR_com_err,;t t
-s,@LIB_com_err@,$LIB_com_err,;t t
-s,@LIB_com_err_a@,$LIB_com_err_a,;t t
-s,@LIB_com_err_so@,$LIB_com_err_so,;t t
-s,@LIB_AUTH_SUBDIRS@,$LIB_AUTH_SUBDIRS,;t t
-s,@LTLIBOBJS@,$LTLIBOBJS,;t t
-CEOF
-
-_ACEOF
-
-  cat >>$CONFIG_STATUS <<\_ACEOF
-  # Split the substitutions into bite-sized pieces for seds with
-  # small command number limits, like on Digital OSF/1 and HP-UX.
-  ac_max_sed_lines=48
-  ac_sed_frag=1 # Number of current file.
-  ac_beg=1 # First line for current file.
-  ac_end=$ac_max_sed_lines # Line after last line for current file.
-  ac_more_lines=:
-  ac_sed_cmds=
-  while $ac_more_lines; do
-    if test $ac_beg -gt 1; then
-      sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    else
-      sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    fi
-    if test ! -s $tmp/subs.frag; then
-      ac_more_lines=false
-    else
-      # The purpose of the label and of the branching condition is to
-      # speed up the sed processing (if there are no `@' at all, there
-      # is no need to browse any of the substitutions).
-      # These are the two extra sed commands mentioned above.
-      (echo ':t
-  /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
-      if test -z "$ac_sed_cmds"; then
-  	ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
-      else
-  	ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
-      fi
-      ac_sed_frag=`expr $ac_sed_frag + 1`
-      ac_beg=$ac_end
-      ac_end=`expr $ac_end + $ac_max_sed_lines`
-    fi
-  done
-  if test -z "$ac_sed_cmds"; then
-    ac_sed_cmds=cat
-  fi
-fi # test -n "$CONFIG_FILES"
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-        cat >$tmp/stdin
-        ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
-  esac
-
-  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
-  ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_file" : 'X\(//\)[^/]' \| \
-         X"$ac_file" : 'X\(//\)$' \| \
-         X"$ac_file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:$LINENO: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-  ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
-  case $INSTALL in
-  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
-  esac
-
-  if test x"$ac_file" != x-; then
-    { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-    rm -f "$ac_file"
-  fi
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    configure_input=
-  else
-    configure_input="$ac_file.  "
-  fi
-  configure_input=$configure_input"Generated from `echo $ac_file_in |
-                                     sed 's,.*/,,'` by configure."
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-         # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         echo $f;;
-      *) # Relative
-         if test -f "$f"; then
-           # Build tree
-           echo $f
-         elif test -f "$srcdir/$f"; then
-           # Source tree
-           echo $srcdir/$f
-         else
-           # /dev/null tree
-           { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-  sed "$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s,@configure_input@,$configure_input,;t t
-s,@srcdir@,$ac_srcdir,;t t
-s,@abs_srcdir@,$ac_abs_srcdir,;t t
-s,@top_srcdir@,$ac_top_srcdir,;t t
-s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-s,@builddir@,$ac_builddir,;t t
-s,@abs_builddir@,$ac_abs_builddir,;t t
-s,@top_builddir@,$ac_top_builddir,;t t
-s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
-s,@INSTALL@,$ac_INSTALL,;t t
-" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
-  rm -f $tmp/stdin
-  if test x"$ac_file" != x-; then
-    mv $tmp/out $ac_file
-  else
-    cat $tmp/out
-    rm -f $tmp/out
-  fi
-
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-#
-# CONFIG_HEADER section.
-#
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s,^\([ 	]*\)#\([ 	]*define[ 	][ 	]*\)'
-ac_dB='[ 	].*$,\1#\2'
-ac_dC=' '
-ac_dD=',;t'
-# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_uA='s,^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
-ac_uB='$,\1#\2define\3'
-ac_uC=' '
-ac_uD=',;t'
-
-for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-        cat >$tmp/stdin
-        ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
-  esac
-
-  test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-         # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         echo $f;;
-      *) # Relative
-         if test -f "$f"; then
-           # Build tree
-           echo $f
-         elif test -f "$srcdir/$f"; then
-           # Source tree
-           echo $srcdir/$f
-         else
-           # /dev/null tree
-           { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-  # Remove the trailing spaces.
-  sed 's/[ 	]*$//' $ac_file_inputs >$tmp/in
-
-_ACEOF
-
-# Transform confdefs.h into two sed scripts, `conftest.defines' and
-# `conftest.undefs', that substitutes the proper values into
-# config.h.in to produce config.h.  The first handles `#define'
-# templates, and the second `#undef' templates.
-# And first: Protect against being on the right side of a sed subst in
-# config.status.  Protect against being in an unquoted here document
-# in config.status.
-rm -f conftest.defines conftest.undefs
-# Using a here document instead of a string reduces the quoting nightmare.
-# Putting comments in sed scripts is not portable.
-#
-# `end' is used to avoid that the second main sed command (meant for
-# 0-ary CPP macros) applies to n-ary macro definitions.
-# See the Autoconf documentation for `clear'.
-cat >confdef2sed.sed <<\_ACEOF
-s/[\\&,]/\\&/g
-s,[\\$`],\\&,g
-t clear
-: clear
-s,^[ 	]*#[ 	]*define[ 	][ 	]*\([^ 	(][^ 	(]*\)\(([^)]*)\)[ 	]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
-t end
-s,^[ 	]*#[ 	]*define[ 	][ 	]*\([^ 	][^ 	]*\)[ 	]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
-: end
-_ACEOF
-# If some macros were called several times there might be several times
-# the same #defines, which is useless.  Nevertheless, we may not want to
-# sort them, since we want the *last* AC-DEFINE to be honored.
-uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
-sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
-rm -f confdef2sed.sed
-
-# This sed command replaces #undef with comments.  This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-cat >>conftest.undefs <<\_ACEOF
-s,^[ 	]*#[ 	]*undef[ 	][ 	]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-_ACEOF
-
-# Break up conftest.defines because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo '  # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
-echo '  if egrep "^[ 	]*#[ 	]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
-echo '  # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
-echo '  :' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.defines >/dev/null
-do
-  # Write a limited-size here document to $tmp/defines.sed.
-  echo '  cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
-  # Speed up: don't consider the non `#define' lines.
-  echo '/^[ 	]*#[ 	]*define/!b' >>$CONFIG_STATUS
-  # Work around the forget-to-reset-the-flag bug.
-  echo 't clr' >>$CONFIG_STATUS
-  echo ': clr' >>$CONFIG_STATUS
-  sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
-  echo 'CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
-  sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
-  rm -f conftest.defines
-  mv conftest.tail conftest.defines
-done
-rm -f conftest.defines
-echo '  fi # egrep' >>$CONFIG_STATUS
-echo >>$CONFIG_STATUS
-
-# Break up conftest.undefs because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo '  # Handle all the #undef templates' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.undefs >/dev/null
-do
-  # Write a limited-size here document to $tmp/undefs.sed.
-  echo '  cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
-  # Speed up: don't consider the non `#undef'
-  echo '/^[ 	]*#[ 	]*undef/!b' >>$CONFIG_STATUS
-  # Work around the forget-to-reset-the-flag bug.
-  echo 't clr' >>$CONFIG_STATUS
-  echo ': clr' >>$CONFIG_STATUS
-  sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
-  echo 'CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
-  sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
-  rm -f conftest.undefs
-  mv conftest.tail conftest.undefs
-done
-rm -f conftest.undefs
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    echo "/* Generated by configure.  */" >$tmp/config.h
-  else
-    echo "/* $ac_file.  Generated by configure.  */" >$tmp/config.h
-  fi
-  cat $tmp/in >>$tmp/config.h
-  rm -f $tmp/in
-  if test x"$ac_file" != x-; then
-    if cmp -s $ac_file $tmp/config.h 2>/dev/null; then
-      { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
-    else
-      ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_file" : 'X\(//\)[^/]' \| \
-         X"$ac_file" : 'X\(//\)$' \| \
-         X"$ac_file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-      { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:$LINENO: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-      rm -f $ac_file
-      mv $tmp/config.h $ac_file
-    fi
-  else
-    cat $tmp/config.h
-    rm -f $tmp/config.h
-  fi
-  # Run the commands associated with the file.
-  case $ac_file in
-    include/config.h ) # update the timestamp
-echo 'timestamp for include/config.h' >"include/stamp-h1"
- ;;
-  esac
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-#
-# CONFIG_COMMANDS section.
-#
-for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
-  ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
-  ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
-  ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
-$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_dest" : 'X\(//\)[^/]' \| \
-         X"$ac_dest" : 'X\(//\)$' \| \
-         X"$ac_dest" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_dest" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
-  { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
-echo "$as_me: executing $ac_dest commands" >&6;}
-  case $ac_dest in
-    depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
-  # Strip MF so we end up with the name of the file.
-  mf=`echo "$mf" | sed -e 's/:.*$//'`
-  if (sed 1q $mf | fgrep 'generated by automake') > /dev/null 2>&1; then
-    dirpart=`(dirname "$mf") 2>/dev/null ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$mf" : 'X\(//\)[^/]' \| \
-         X"$mf" : 'X\(//\)$' \| \
-         X"$mf" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$mf" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  else
-    continue
-  fi
-  grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue
-  # Extract the definition of DEP_FILES from the Makefile without
-  # running `make'.
-  DEPDIR=`sed -n -e '/^DEPDIR = / s///p' < "$mf"`
-  test -z "$DEPDIR" && continue
-  # When using ansi2knr, U may be empty or an underscore; expand it
-  U=`sed -n -e '/^U = / s///p' < "$mf"`
-  test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR"
-  # We invoke sed twice because it is the simplest approach to
-  # changing $(DEPDIR) to its actual value in the expansion.
-  for file in `sed -n -e '
-    /^DEP_FILES = .*\\\\$/ {
-      s/^DEP_FILES = //
-      :loop
-	s/\\\\$//
-	p
-	n
-	/\\\\$/ b loop
-      p
-    }
-    /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \
-       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
-    # Make sure the directory exists.
-    test -f "$dirpart/$file" && continue
-    fdir=`(dirname "$file") 2>/dev/null ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$file" : 'X\(//\)[^/]' \| \
-         X"$file" : 'X\(//\)$' \| \
-         X"$file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-    { case $dirpart/$fdir in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy=$dirpart/$fdir
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:$LINENO: error: cannot create $dirpart/$fdir" >&5
-echo "$as_me: error: cannot create $dirpart/$fdir" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-    # echo "creating $dirpart/$file"
-    echo '# dummy' > "$dirpart/$file"
-  done
-done
- ;;
-  esac
-done
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-{ (exit 0); exit 0; }
-_ACEOF
-chmod +x $CONFIG_STATUS
-ac_clean_files=$ac_clean_files_save
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded.  So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status.  When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
-  ac_cs_success=:
-  exec 5>/dev/null
-  $SHELL $CONFIG_STATUS || ac_cs_success=false
-  exec 5>>config.log
-  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
-  # would make configure fail if this is the last instruction.
-  $ac_cs_success || { (exit 1); exit 1; }
-fi
-
-
-
-cat > include/newversion.h.in <<EOF
-const char *heimdal_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *heimdal_version = "Heimdal 0.6";
-EOF
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
diff --git a/crypto/heimdal/configure.in b/crypto/heimdal/configure.in
deleted file mode 100644
index fcd448ff1faa..000000000000
--- a/crypto/heimdal/configure.in
+++ /dev/null
@@ -1,479 +0,0 @@
-dnl Process this file with autoconf to produce a configure script.
-AC_REVISION($Revision: 1.331.2.2 $)
-AC_PREREQ(2.53)
-##test -z "$CFLAGS" && CFLAGS="-g"
-AC_INIT(Heimdal, 0.6, heimdal-bugs@pdc.kth.se)
-AC_CONFIG_SRCDIR([kuser/kinit.c])
-AM_CONFIG_HEADER(include/config.h)
-
-dnl Checks for programs.
-AC_PROG_CC
-AC_PROG_CPP
-AC_PROG_CC_STDC
-
-AM_INIT_AUTOMAKE
-AM_MAINTAINER_MODE
-
-AC_PREFIX_DEFAULT(/usr/heimdal)
-
-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-
-AC_CANONICAL_HOST
-CANONICAL_HOST=$host
-AC_SUBST(CANONICAL_HOST)
-
-AC_SYS_LARGEFILE
-dnl need to set this on the command line, since it might otherwise break
-dnl with generated code, such as lex
-if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
-	CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
-fi
-
-dnl
-dnl this is needed to run the configure tests against glibc
-dnl
-AC_DEFINE([_GNU_SOURCE], 1,
-	[Define to enable extensions on glibc-based systems such as Linux.])
-
-AC_OBJEXT
-AC_EXEEXT
-
-dnl AC_KRB_PROG_YACC
-AC_PROG_YACC
-AM_PROG_LEX
-dnl AC_PROG_RANLIB
-AC_PROG_AWK
-AC_KRB_PROG_LN_S
-
-AC_MIPS_ABI
-CC="$CC $abi"
-libdir="$libdir$abilibdirext"
-
-AC_C___ATTRIBUTE__
-
-AC_ENABLE_SHARED(no)
-AC_PROG_LIBTOOL
-
-AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
-
-rk_TEST_PACKAGE(openldap,
-[#include <lber.h>
-#include <ldap.h>],
-[-lldap -llber],,,OPENLDAP)
-
-rk_TEST_PACKAGE(krb4,[#include <krb.h>],-lkrb,-ldes,/usr/athena, KRB4, krb4-config)
-
-LIB_kdb=
-if test "$with_krb4" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS $INCLUDE_krb4"
-	save_LIBS="$LIBS"
-	LIBS="$LIB_krb4 $LIBS"
-	EXTRA_LIB45=lib45.a
-	AC_SUBST(EXTRA_LIB45)
-	AC_CACHE_CHECK(for four valued krb_put_int, ac_cv_func_krb_put_int_four,
-		[AC_TRY_COMPILE([#include <krb.h>],[
-		char tmp[4];
-		krb_put_int(17, tmp, 4, sizeof(tmp));],
-		ac_cv_func_krb_put_int_four=yes,
-		ac_cv_func_krb_put_int_four=no)
-	])
-	if test "$ac_cv_func_krb_put_int_four" = yes; then
-		AC_DEFINE(HAVE_FOUR_VALUED_KRB_PUT_INT, 1,
-			[define if krb_put_int takes four arguments.])
-	fi
-	AH_BOTTOM([#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
-#else
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
-#endif
-])
-	AC_CACHE_CHECK(for KRB_VERIFY_SECURE, ac_cv_func_krb_verify_secure,
-		[AC_TRY_COMPILE([#include <krb.h>],[
-		int x = KRB_VERIFY_SECURE],
-		ac_cv_func_krb_verify_secure=yes,
-		ac_cv_func_krb_verify_secure=no)
-	])
-	if test "$ac_cv_func_krb_verify_secure" != yes; then
-		AC_DEFINE(KRB_VERIFY_SECURE, 1,
-			[Define to one if your krb.h doesn't])
-		AC_DEFINE(KRB_VERIFY_SECURE_FAIL, 2,
-			[Define to two if your krb.h doesn't])
-	fi
-	AC_CACHE_CHECK(for KRB_VERIFY_NOT_SECURE,
-		ac_cv_func_krb_verify_not_secure,
-		[AC_TRY_COMPILE([#include <krb.h>],[
-		int x = KRB_VERIFY_NOT_SECURE],
-		ac_cv_func_krb_verify_not_secure=yes,
-		ac_cv_func_krb_verify_not_secure=no)
-	])
-	if test "$ac_cv_func_krb_verify_not_secure" != yes; then
-		AC_DEFINE(KRB_VERIFY_NOT_SECURE, 0,
-			[Define to zero if your krb.h doesn't])
-	fi
-	AC_FIND_FUNC(krb_enable_debug)
-	AC_FIND_FUNC(krb_disable_debug)
-	AC_FIND_FUNC(krb_get_our_ip_for_realm)
-	AC_FIND_FUNC(krb_kdctimeofday)
-	AH_BOTTOM(
-	[#ifndef HAVE_KRB_KDCTIMEOFDAY
-#define krb_kdctimeofday(X) gettimeofday((X), NULL)
-#endif])
-	AC_FIND_FUNC(krb_get_kdc_time_diff)
-	AH_BOTTOM(
-	[#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
-#define krb_get_kdc_time_diff() (0)
-#endif])
-	AC_CACHE_CHECK([for KRB_SENDAUTH_VERS],
-		ac_cv_func_krb_sendauth_vers,
-		[AC_TRY_COMPILE([#include <krb.h>
-			#include <prot.h>],[
-		char *x = KRB_SENDAUTH_VERS],
-		ac_cv_func_krb_sendauth_vers=yes,
-		ac_cv_func_krb_sendauth_vers=no)
-	])
-	if test "$ac_cv_func_krb_sendauth_vers" != yes; then
-		AC_DEFINE(KRB_SENDAUTH_VERS, ["AUTHV0.1"],
-			[This is the krb4 sendauth version.])
-	fi
-	AC_CACHE_CHECK(for krb_mk_req with const arguments,
-		ac_cv_func_krb_mk_req_const,
-		[AC_TRY_COMPILE([#include <krb.h>
-		int krb_mk_req(KTEXT a, const char *s, const char *i,
-			       const char *r, int32_t checksum)
-		{ return 17; }], [],
-		ac_cv_func_krb_mk_req_const=yes,
-		ac_cv_func_krb_mk_req_const=no)
-	])
-	if test "$ac_cv_func_krb_mk_req_const" = "yes"; then
-		AC_DEFINE(KRB_MK_REQ_CONST, 1,
-			[Define if krb_mk_req takes const char *])
-	fi
-
-	LIBS="$save_LIBS"
-	CFLAGS="$save_CFLAGS"
-	LIB_kdb="-lkdb -lkrb"
-fi
-AM_CONDITIONAL(KRB4, test "$with_krb4" != "no")
-AM_CONDITIONAL(KRB5, true)
-AM_CONDITIONAL(do_roken_rename, true)
-
-AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl
-AC_SUBST(LIB_kdb)dnl
-
-KRB_CRYPTO
-
-AC_ARG_ENABLE(dce, 
-	AC_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
-if test "$enable_dce" = yes; then
-    AC_DEFINE(DCE, 1, [Define if you want support for DCE/DFS PAG's.])
-fi
-AM_CONDITIONAL(DCE, test "$enable_dce" = yes)
-
-## XXX quite horrible:
-if test -f /etc/ibmcxx.cfg; then
-	dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[[^=]]*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[[^=]]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'`
-	dpagaix_ldflags=
-else
-	dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
-	dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
-	dpagaix_ldflags="-Wl,-bI:dfspag.exp"
-fi
-AC_SUBST(dpagaix_cflags)
-AC_SUBST(dpagaix_ldadd)
-AC_SUBST(dpagaix_ldflags)
-
-rk_DB
-
-dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
-
-rk_ROKEN(lib/roken)
-LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
-
-rk_OTP
-
-AC_CHECK_OSFC2
-
-AC_ARG_ENABLE(mmap,
-	AC_HELP_STRING([--disable-mmap],[disable use of mmap]))
-if test "$enable_mmap" = "no"; then
-	AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
-fi
-
-rk_CHECK_MAN
-
-rk_TEST_PACKAGE(readline,
-[#include <stdio.h>
- #include <readline.h>],-lreadline,,, READLINE)
-
-rk_TEST_PACKAGE(hesiod,[#include <hesiod.h>],-lhesiod,,, HESIOD)
-
-KRB_C_BIGENDIAN
-AC_C_INLINE
-
-rk_AIX
-rk_IRIX
-rk_SUNOS
-
-KRB_CHECK_X
-
-AM_CONDITIONAL(HAVE_X, test "$no_x" != yes)
-
-AC_CHECK_XAU
-
-dnl AM_C_PROTOTYPES
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_TYPE_OFF_T
-AC_CHECK_TYPE_EXTRA(mode_t, unsigned short, [])
-AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include <signal.h>])
-AC_HAVE_TYPE([long long])
-AC_HEADER_TIME
-AC_STRUCT_TM
-
-dnl Checks for header files.
-AC_HEADER_STDC
-
-AC_CHECK_HEADERS([\
-	arpa/ftp.h				\
-	arpa/telnet.h				\
-	bind/bitypes.h				\
-	bsdsetjmp.h				\
-	curses.h				\
-	dlfcn.h					\
-	fnmatch.h				\
-	inttypes.h				\
-	io.h					\
-	libutil.h				\
-	limits.h				\
-	maillock.h				\
-	netgroup.h				\
-	netinet/in6_machtypes.h			\
-	netinfo/ni.h				\
-	pthread.h				\
-	pty.h					\
-	sac.h					\
-	security/pam_modules.h			\
-	sgtty.h					\
-	siad.h					\
-	signal.h				\
-	stropts.h				\
-	sys/bitypes.h				\
-	sys/category.h				\
-	sys/file.h				\
-	sys/filio.h				\
-	sys/ioccom.h				\
-	sys/mman.h				\
-	sys/pty.h				\
-	sys/ptyio.h				\
-	sys/ptyvar.h				\
-	sys/select.h				\
-	sys/str_tty.h				\
-	sys/stream.h				\
-	sys/stropts.h				\
-	sys/strtty.h				\
-	sys/syscall.h				\
-	sys/termio.h				\
-	sys/timeb.h				\
-	sys/times.h				\
-	sys/un.h				\
-	term.h					\
-	termcap.h				\
-	termio.h				\
-	time.h					\
-	tmpdir.h				\
-	udb.h					\
-	utmp.h					\
-	utmpx.h					\
-])
-
-AC_ARG_ENABLE(netinfo,
-	AC_HELP_STRING([--enable-netinfo],[enable netinfo for configuration lookup]))
-
-if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
-       AC_DEFINE(HAVE_NETINFO, 1,
-               [Define if you want to use Netinfo instead of krb5.conf.])
-fi
-
-dnl Checks for libraries.
-
-AC_FIND_FUNC_NO_LIBS(logwtmp, util)
-AC_FIND_FUNC_NO_LIBS(logout, util)
-AC_FIND_FUNC_NO_LIBS(openpty, util)
-AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses)
-
-dnl Checks for library functions.
-
-AC_CHECK_FUNCS([				\
-	_getpty					\
-	_scrsize				\
-	fcntl					\
-	grantpt					\
-	mktime					\
-	ptsname					\
-	rand					\
-	revoke					\
-	select					\
-	setitimer				\
-	setpcred				\
-	setpgid					\
-	setproctitle				\
-	setregid				\
-	setresgid				\
-	setresuid				\
-	setreuid				\
-	setsid					\
-	setutent				\
-	sigaction				\
-	strstr					\
-	timegm					\
-	ttyname					\
-	ttyslot					\
-	umask					\
-	unlockpt				\
-	vhangup					\
-	yp_get_default_domain			\
-])
-
-AC_FUNC_MMAP
-
-KRB_CAPABILITIES
-
-AC_CHECK_GETPWNAM_R_POSIX
-
-dnl Cray stuff
-AC_CHECK_FUNCS(getudbnam setlim)
-
-dnl AC_KRB_FUNC_GETCWD_BROKEN
-
-dnl
-dnl Check for fields in struct utmp
-dnl
-
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, [#include <utmp.h>])
-AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, [#include <utmpx.h>])
-AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, [#include <utmpx.h>])
-
-AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, 
-	u_int8_t, u_int16_t, u_int32_t, u_int64_t,
-	uint8_t, uint16_t, uint32_t, uint64_t],,,[
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-])
-
-KRB_READLINE
-
-rk_TELNET
-
-dnl Some operating systems already have com_err and compile_et
-CHECK_COMPILE_ET
-
-rk_AUTH_MODULES([sia afskauthlib])
-
-rk_DESTDIRS
-
-LTLIBOBJS=`echo "$LIB@&t@OBJS" |
-	sed 's,\.[[^.]]* ,.lo ,g;s,\.[[^.]]*$,.lo,'`
-AC_SUBST(LTLIBOBJS)
-
-AH_BOTTOM([#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif])
-
-AC_CONFIG_FILES(Makefile 		\
-	include/Makefile		\
-	include/kadm5/Makefile		\
-	lib/Makefile			\
-	lib/45/Makefile			\
-	lib/auth/Makefile		\
-	lib/auth/afskauthlib/Makefile	\
-	lib/auth/pam/Makefile		\
-	lib/auth/sia/Makefile		\
-	lib/asn1/Makefile		\
-	lib/com_err/Makefile		\
-	lib/des/Makefile		\
-	lib/editline/Makefile		\
-	lib/gssapi/Makefile		\
-	lib/hdb/Makefile		\
-	lib/kadm5/Makefile		\
-	lib/kafs/Makefile		\
-	lib/kdfs/Makefile		\
-	lib/krb5/Makefile		\
-	lib/otp/Makefile		\
-	lib/roken/Makefile		\
-	lib/sl/Makefile			\
-	lib/vers/Makefile		\
-	kuser/Makefile			\
-	kpasswd/Makefile		\
-	kadmin/Makefile			\
-	admin/Makefile			\
-	kdc/Makefile			\
-	appl/Makefile			\
-	appl/afsutil/Makefile		\
-	appl/ftp/Makefile		\
-	appl/ftp/common/Makefile	\
-	appl/ftp/ftp/Makefile		\
-	appl/ftp/ftpd/Makefile		\
-	appl/kx/Makefile		\
-	appl/login/Makefile		\
-	appl/otp/Makefile		\
-	appl/popper/Makefile		\
-	appl/push/Makefile		\
-	appl/rsh/Makefile		\
-	appl/rcp/Makefile		\
-	appl/su/Makefile		\
-	appl/xnlock/Makefile		\
-	appl/telnet/Makefile		\
-	appl/telnet/libtelnet/Makefile	\
-	appl/telnet/telnet/Makefile	\
-	appl/telnet/telnetd/Makefile	\
-	appl/test/Makefile		\
-	appl/kf/Makefile		\
-	appl/dceutils/Makefile		\
-	doc/Makefile			\
-	tools/Makefile			\
-)
-
-AC_OUTPUT
-
-dnl
-dnl This is the release version name-number[beta]
-dnl
-
-cat > include/newversion.h.in <<EOF
-const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *heimdal_version = "AC_PACKAGE_STRING";
-EOF
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
diff --git a/crypto/heimdal/configure.lineno b/crypto/heimdal/configure.lineno
deleted file mode 100755
index 107d11a87b50..000000000000
--- a/crypto/heimdal/configure.lineno
+++ /dev/null
@@ -1,35921 +0,0 @@
-#! /bin/sh
-# From configure.in Revision: 1.320 .
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.53 for Heimdal 0.4f.
-#
-# Report bugs to <heimdal-bugs@pdc.kth.se>.
-#
-# Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-
-# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) lt_cv_sys_path_separator=';' ;;
-    *)     lt_cv_sys_path_separator=':' ;;
-  esac
-  PATH_SEPARATOR=$lt_cv_sys_path_separator
-fi
-
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-case X$ECHO in
-X*--fallback-echo)
-  # Remove one level of quotation (which was required for Make).
-  ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
-  ;;
-esac
-
-echo=${ECHO-echo}
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-
-EOF
-  exit 0
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-if test -z "$ECHO"; then
-if test "X${echo_test_string+set}" != Xset; then
-# find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string="`eval $cmd`") 2>/dev/null &&
-       echo_test_string="`eval $cmd`" &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
-    then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  IFS="${IFS= 	}"; save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for dir in $PATH /usr/ucb; do
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running configure again with it.
-      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
-	  then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "$0"'; then
-	  echo_test_string=`eval $prev`
-	  export echo_test_string
-	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-fi
-
-# Copy echo and quote the copy suitably for passing to libtool from
-# the Makefile, instead of quoting the original, which is used later.
-ECHO=$echo
-if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
-   ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
-fi
-
-
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
-    { $as_unset LANG || test "${LANG+set}" != set; } ||
-      { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
-    { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
-      { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
-    { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
-      { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
-    { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
-      { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
-    { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
-      { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
-    { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
-      { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
-    { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
-      { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
-    { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
-      { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conftest.sh
-  echo  "exit 0"   >>conftest.sh
-  chmod +x conftest.sh
-  if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conftest.sh
-fi
-
-
-  as_lineno_1=259
-  as_lineno_2=260
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
-	 /*)
-	   if ("$as_dir/$as_base" -c '
-  as_lineno_1=298
-  as_lineno_2=299
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
-
-  # Create $as_me.lineno as a copy of $as_myself, but with 313
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that 318 is not a special case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
-    sed '
-      N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
-      t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
-    ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
-    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
-  # Exit status is that of the last command.
-  exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-exec 6>&1
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Maximum number of lines to put in a shell here document.
-# This variable seems obsolete.  It should probably be removed, and
-# only ac_max_sed_lines should be used.
-: ${ac_max_here_lines=38}
-
-# Identity of this package.
-PACKAGE_NAME='Heimdal'
-PACKAGE_TARNAME='heimdal'
-PACKAGE_VERSION='0.4f'
-PACKAGE_STRING='Heimdal 0.4f'
-PACKAGE_BUGREPORT='heimdal-bugs@pdc.kth.se'
-
-ac_default_prefix=/usr/heimdal
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-#  include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
-
-ac_prev=
-for ac_option
-do
-  # If the previous option needs an argument, assign it.
-  if test -n "$ac_prev"; then
-    eval "$ac_prev=\$ac_option"
-    ac_prev=
-    continue
-  fi
-
-  ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
-
-  # Accept the important Cygnus configure options, so we can diagnose typos.
-
-  case $ac_option in
-
-  -bindir | --bindir | --bindi | --bind | --bin | --bi)
-    ac_prev=bindir ;;
-  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
-    bindir=$ac_optarg ;;
-
-  -build | --build | --buil | --bui | --bu)
-    ac_prev=build_alias ;;
-  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
-    build_alias=$ac_optarg ;;
-
-  -cache-file | --cache-file | --cache-fil | --cache-fi \
-  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
-    ac_prev=cache_file ;;
-  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
-  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
-    cache_file=$ac_optarg ;;
-
-  --config-cache | -C)
-    cache_file=config.cache ;;
-
-  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
-    ac_prev=datadir ;;
-  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
-  | --da=*)
-    datadir=$ac_optarg ;;
-
-  -disable-* | --disable-*)
-    ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-   { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
-    eval "enable_$ac_feature=no" ;;
-
-  -enable-* | --enable-*)
-    ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
-   { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
-    case $ac_option in
-      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "enable_$ac_feature='$ac_optarg'" ;;
-
-  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
-  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
-  | --exec | --exe | --ex)
-    ac_prev=exec_prefix ;;
-  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
-  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
-  | --exec=* | --exe=* | --ex=*)
-    exec_prefix=$ac_optarg ;;
-
-  -gas | --gas | --ga | --g)
-    # Obsolete; use --with-gas.
-    with_gas=yes ;;
-
-  -help | --help | --hel | --he | -h)
-    ac_init_help=long ;;
-  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
-    ac_init_help=recursive ;;
-  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
-    ac_init_help=short ;;
-
-  -host | --host | --hos | --ho)
-    ac_prev=host_alias ;;
-  -host=* | --host=* | --hos=* | --ho=*)
-    host_alias=$ac_optarg ;;
-
-  -includedir | --includedir | --includedi | --included | --include \
-  | --includ | --inclu | --incl | --inc)
-    ac_prev=includedir ;;
-  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
-  | --includ=* | --inclu=* | --incl=* | --inc=*)
-    includedir=$ac_optarg ;;
-
-  -infodir | --infodir | --infodi | --infod | --info | --inf)
-    ac_prev=infodir ;;
-  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
-    infodir=$ac_optarg ;;
-
-  -libdir | --libdir | --libdi | --libd)
-    ac_prev=libdir ;;
-  -libdir=* | --libdir=* | --libdi=* | --libd=*)
-    libdir=$ac_optarg ;;
-
-  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
-  | --libexe | --libex | --libe)
-    ac_prev=libexecdir ;;
-  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
-  | --libexe=* | --libex=* | --libe=*)
-    libexecdir=$ac_optarg ;;
-
-  -localstatedir | --localstatedir | --localstatedi | --localstated \
-  | --localstate | --localstat | --localsta | --localst \
-  | --locals | --local | --loca | --loc | --lo)
-    ac_prev=localstatedir ;;
-  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
-  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
-  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
-    localstatedir=$ac_optarg ;;
-
-  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
-    ac_prev=mandir ;;
-  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
-    mandir=$ac_optarg ;;
-
-  -nfp | --nfp | --nf)
-    # Obsolete; use --without-fp.
-    with_fp=no ;;
-
-  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c | -n)
-    no_create=yes ;;
-
-  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
-    no_recursion=yes ;;
-
-  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
-  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
-  | --oldin | --oldi | --old | --ol | --o)
-    ac_prev=oldincludedir ;;
-  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
-  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
-  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
-    oldincludedir=$ac_optarg ;;
-
-  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-    ac_prev=prefix ;;
-  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-    prefix=$ac_optarg ;;
-
-  -program-prefix | --program-prefix | --program-prefi | --program-pref \
-  | --program-pre | --program-pr | --program-p)
-    ac_prev=program_prefix ;;
-  -program-prefix=* | --program-prefix=* | --program-prefi=* \
-  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
-    program_prefix=$ac_optarg ;;
-
-  -program-suffix | --program-suffix | --program-suffi | --program-suff \
-  | --program-suf | --program-su | --program-s)
-    ac_prev=program_suffix ;;
-  -program-suffix=* | --program-suffix=* | --program-suffi=* \
-  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
-    program_suffix=$ac_optarg ;;
-
-  -program-transform-name | --program-transform-name \
-  | --program-transform-nam | --program-transform-na \
-  | --program-transform-n | --program-transform- \
-  | --program-transform | --program-transfor \
-  | --program-transfo | --program-transf \
-  | --program-trans | --program-tran \
-  | --progr-tra | --program-tr | --program-t)
-    ac_prev=program_transform_name ;;
-  -program-transform-name=* | --program-transform-name=* \
-  | --program-transform-nam=* | --program-transform-na=* \
-  | --program-transform-n=* | --program-transform-=* \
-  | --program-transform=* | --program-transfor=* \
-  | --program-transfo=* | --program-transf=* \
-  | --program-trans=* | --program-tran=* \
-  | --progr-tra=* | --program-tr=* | --program-t=*)
-    program_transform_name=$ac_optarg ;;
-
-  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
-  | -silent | --silent | --silen | --sile | --sil)
-    silent=yes ;;
-
-  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
-    ac_prev=sbindir ;;
-  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-  | --sbi=* | --sb=*)
-    sbindir=$ac_optarg ;;
-
-  -sharedstatedir | --sharedstatedir | --sharedstatedi \
-  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
-  | --sharedst | --shareds | --shared | --share | --shar \
-  | --sha | --sh)
-    ac_prev=sharedstatedir ;;
-  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
-  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
-  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
-  | --sha=* | --sh=*)
-    sharedstatedir=$ac_optarg ;;
-
-  -site | --site | --sit)
-    ac_prev=site ;;
-  -site=* | --site=* | --sit=*)
-    site=$ac_optarg ;;
-
-  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
-    ac_prev=srcdir ;;
-  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
-    srcdir=$ac_optarg ;;
-
-  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
-  | --syscon | --sysco | --sysc | --sys | --sy)
-    ac_prev=sysconfdir ;;
-  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
-  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
-    sysconfdir=$ac_optarg ;;
-
-  -target | --target | --targe | --targ | --tar | --ta | --t)
-    ac_prev=target_alias ;;
-  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
-    target_alias=$ac_optarg ;;
-
-  -v | -verbose | --verbose | --verbos | --verbo | --verb)
-    verbose=yes ;;
-
-  -version | --version | --versio | --versi | --vers | -V)
-    ac_init_version=: ;;
-
-  -with-* | --with-*)
-    ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid package name: $ac_package" >&2
-   { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package| sed 's/-/_/g'`
-    case $ac_option in
-      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "with_$ac_package='$ac_optarg'" ;;
-
-  -without-* | --without-*)
-    ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid package name: $ac_package" >&2
-   { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package | sed 's/-/_/g'`
-    eval "with_$ac_package=no" ;;
-
-  --x)
-    # Obsolete; use --with-x.
-    with_x=yes ;;
-
-  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
-  | --x-incl | --x-inc | --x-in | --x-i)
-    ac_prev=x_includes ;;
-  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
-  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
-    x_includes=$ac_optarg ;;
-
-  -x-libraries | --x-libraries | --x-librarie | --x-librari \
-  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
-    ac_prev=x_libraries ;;
-  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
-  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
-    x_libraries=$ac_optarg ;;
-
-  -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
-   { (exit 1); exit 1; }; }
-    ;;
-
-  *=*)
-    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
-    # Reject names that are not valid shell variable names.
-    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
-      { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
-   { (exit 1); exit 1; }; }
-    ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
-    eval "$ac_envvar='$ac_optarg'"
-    export $ac_envvar ;;
-
-  *)
-    # FIXME: should be removed in autoconf 3.0.
-    echo "$as_me: WARNING: you should use --build, --host, --target" >&2
-    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
-      echo "$as_me: WARNING: invalid host type: $ac_option" >&2
-    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
-    ;;
-
-  esac
-done
-
-if test -n "$ac_prev"; then
-  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
-  { echo "$as_me: error: missing argument to $ac_option" >&2
-   { (exit 1); exit 1; }; }
-fi
-
-# Be sure to have absolute paths.
-for ac_var in exec_prefix prefix
-do
-  eval ac_val=$`echo $ac_var`
-  case $ac_val in
-    [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
-    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# Be sure to have absolute paths.
-for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
-              localstatedir libdir includedir oldincludedir infodir mandir
-do
-  eval ac_val=$`echo $ac_var`
-  case $ac_val in
-    [\\/$]* | ?:[\\/]* ) ;;
-    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
-  if test "x$build_alias" = x; then
-    cross_compiling=maybe
-    echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
-    If a cross compiler is detected then cross compile mode will be used." >&2
-  elif test "x$build_alias" != "x$host_alias"; then
-    cross_compiling=yes
-  fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
-  ac_srcdir_defaulted=yes
-  # Try the directory containing this script, then its parent.
-  ac_confdir=`(dirname "$0") 2>/dev/null ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$0" : 'X\(//\)[^/]' \| \
-         X"$0" : 'X\(//\)$' \| \
-         X"$0" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$0" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  srcdir=$ac_confdir
-  if test ! -r $srcdir/$ac_unique_file; then
-    srcdir=..
-  fi
-else
-  ac_srcdir_defaulted=no
-fi
-if test ! -r $srcdir/$ac_unique_file; then
-  if test "$ac_srcdir_defaulted" = yes; then
-    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
-   { (exit 1); exit 1; }; }
-  else
-    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
-   { (exit 1); exit 1; }; }
-  fi
-fi
-srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
-ac_env_build_alias_set=${build_alias+set}
-ac_env_build_alias_value=$build_alias
-ac_cv_env_build_alias_set=${build_alias+set}
-ac_cv_env_build_alias_value=$build_alias
-ac_env_host_alias_set=${host_alias+set}
-ac_env_host_alias_value=$host_alias
-ac_cv_env_host_alias_set=${host_alias+set}
-ac_cv_env_host_alias_value=$host_alias
-ac_env_target_alias_set=${target_alias+set}
-ac_env_target_alias_value=$target_alias
-ac_cv_env_target_alias_set=${target_alias+set}
-ac_cv_env_target_alias_value=$target_alias
-ac_env_CC_set=${CC+set}
-ac_env_CC_value=$CC
-ac_cv_env_CC_set=${CC+set}
-ac_cv_env_CC_value=$CC
-ac_env_CFLAGS_set=${CFLAGS+set}
-ac_env_CFLAGS_value=$CFLAGS
-ac_cv_env_CFLAGS_set=${CFLAGS+set}
-ac_cv_env_CFLAGS_value=$CFLAGS
-ac_env_LDFLAGS_set=${LDFLAGS+set}
-ac_env_LDFLAGS_value=$LDFLAGS
-ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
-ac_cv_env_LDFLAGS_value=$LDFLAGS
-ac_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_env_CPPFLAGS_value=$CPPFLAGS
-ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_cv_env_CPPFLAGS_value=$CPPFLAGS
-ac_env_CPP_set=${CPP+set}
-ac_env_CPP_value=$CPP
-ac_cv_env_CPP_set=${CPP+set}
-ac_cv_env_CPP_value=$CPP
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
-  # Omit some internal or obsolete options to make the list less imposing.
-  # This message is too long to be a string in the A/UX 3.1 sh.
-  cat <<_ACEOF
-\`configure' configures Heimdal 0.4f to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE.  See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
-  -h, --help              display this help and exit
-      --help=short        display options specific to this package
-      --help=recursive    display the short help of all the included packages
-  -V, --version           display version information and exit
-  -q, --quiet, --silent   do not print \`checking...' messages
-      --cache-file=FILE   cache test results in FILE [disabled]
-  -C, --config-cache      alias for \`--cache-file=config.cache'
-  -n, --no-create         do not create output files
-      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
-
-_ACEOF
-
-  cat <<_ACEOF
-Installation directories:
-  --prefix=PREFIX         install architecture-independent files in PREFIX
-                          [$ac_default_prefix]
-  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
-                          [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
-  --bindir=DIR           user executables [EPREFIX/bin]
-  --sbindir=DIR          system admin executables [EPREFIX/sbin]
-  --libexecdir=DIR       program executables [EPREFIX/libexec]
-  --datadir=DIR          read-only architecture-independent data [PREFIX/share]
-  --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
-  --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
-  --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
-  --libdir=DIR           object code libraries [EPREFIX/lib]
-  --includedir=DIR       C header files [PREFIX/include]
-  --oldincludedir=DIR    C header files for non-gcc [/usr/include]
-  --infodir=DIR          info documentation [PREFIX/info]
-  --mandir=DIR           man documentation [PREFIX/man]
-_ACEOF
-
-  cat <<\_ACEOF
-
-Program names:
-  --program-prefix=PREFIX            prepend PREFIX to installed program names
-  --program-suffix=SUFFIX            append SUFFIX to installed program names
-  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
-
-X features:
-  --x-includes=DIR    X include files are in DIR
-  --x-libraries=DIR   X library files are in DIR
-
-System types:
-  --build=BUILD     configure for building on BUILD [guessed]
-  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-  case $ac_init_help in
-     short | recursive ) echo "Configuration of Heimdal 0.4f:";;
-   esac
-  cat <<\_ACEOF
-
-Optional Features:
-  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
-  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
-  --disable-dependency-tracking Speeds up one-time builds
-  --enable-dependency-tracking  Do not reject slow dependency extractors
-  --enable-shared=PKGS  build shared libraries default=no
-  --enable-static=PKGS  build static libraries default=yes
-  --enable-fast-install=PKGS  optimize for fast installation default=yes
-  --disable-libtool-lock  avoid locking (might break parallel builds)
-  --disable-berkeley-db   if you don't want berkeley db
-  --enable-dce            if you want support for DCE/DFS PAG's
-  --disable-otp           if you don't want OTP support
-  --enable-osfc2          enable some OSF C2 support
-  --enable-bigendian      the target is big endian
-  --enable-littleendian   the target is little endian
-  --disable-dynamic-afs   do not use loaded AFS library with AIX
-  --enable-netinfo        enable netinfo for configuration lookup
-
-Optional Packages:
-  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
-  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
-  --with-mips-abi=abi     ABI to use for IRIX (32, n32, or 64)
-  --with-gnu-ld           assume the C compiler uses GNU ld default=no
-  --with-pic              try to use only PIC/non-PIC objects default=use both
-  --without-ipv6          do not enable IPv6 support
-  --with-openldap=dir     use openldap in dir
-  --with-openldap-lib=dir use openldap libraries in dir
-  --with-openldap-include=dir
-                          use openldap headers in dir
-  --with-openldap-config=path
-                          config program for openldap
-  --with-krb4=dir         use krb4 in dir
-  --with-krb4-lib=dir     use krb4 libraries in dir
-  --with-krb4-include=dir use krb4 headers in dir
-  --with-krb4-config=path config program for krb4
-  --with-readline=dir     use readline in dir
-  --with-readline-lib=dir use readline libraries in dir
-  --with-readline-include=dir
-                          use readline headers in dir
-  --with-readline-config=path
-                          config program for readline
-  --with-hesiod=dir       use hesiod in dir
-  --with-hesiod-lib=dir   use hesiod libraries in dir
-  --with-hesiod-include=dir
-                          use hesiod headers in dir
-  --with-hesiod-config=path
-                          config program for hesiod
-  --with-x                use the X Window System
-  --with-openssl=dir      use openssl in dir
-  --with-openssl-lib=dir  use openssl libraries in dir
-  --with-openssl-include=dir
-                          use openssl headers in dir
-
-Some influential environment variables:
-  CC          C compiler command
-  CFLAGS      C compiler flags
-  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
-              nonstandard directory <lib dir>
-  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
-              headers in a nonstandard directory <include dir>
-  CPP         C preprocessor
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to <heimdal-bugs@pdc.kth.se>.
-_ACEOF
-fi
-
-if test "$ac_init_help" = "recursive"; then
-  # If there are subdirs, report their specific --help.
-  ac_popdir=`pwd`
-  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
-    test -d $ac_dir || continue
-    ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-    cd $ac_dir
-    # Check for guested configure; otherwise get Cygnus style configure.
-    if test -f $ac_srcdir/configure.gnu; then
-      echo
-      $SHELL $ac_srcdir/configure.gnu  --help=recursive
-    elif test -f $ac_srcdir/configure; then
-      echo
-      $SHELL $ac_srcdir/configure  --help=recursive
-    elif test -f $ac_srcdir/configure.ac ||
-           test -f $ac_srcdir/configure.in; then
-      echo
-      $ac_configure --help
-    else
-      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-    fi
-    cd $ac_popdir
-  done
-fi
-
-test -n "$ac_init_help" && exit 0
-if $ac_init_version; then
-  cat <<\_ACEOF
-Heimdal configure 0.4f
-generated by GNU Autoconf 2.53
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
-Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
-  exit 0
-fi
-exec 5>config.log
-cat >&5 <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by Heimdal $as_me 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  $ $0 $@
-
-_ACEOF
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
-
-/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-hostinfo               = `(hostinfo) 2>/dev/null               || echo unknown`
-/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
-/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  echo "PATH: $as_dir"
-done
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Also quote any args containing shell meta-characters.
-ac_configure_args=
-ac_sep=
-for ac_arg
-do
-  case $ac_arg in
-  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
-  | --no-cr | --no-c | -n ) continue ;;
-  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
-  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
-    continue ;;
-  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
-    ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-  esac
-  case " $ac_configure_args " in
-    *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
-    *) ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
-       ac_sep=" " ;;
-  esac
-  # Get rid of the leading space.
-done
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log.  We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Be sure not to use single quotes in there, as some shells,
-# such as our DU 5.0 friend, will then `close' the trap.
-trap 'exit_status=$?
-  # Save into config.log some information that might help in debugging.
-  {
-    echo
-    cat <<\_ASBOX
-## ---------------- ##
-## Cache variables. ##
-## ---------------- ##
-_ASBOX
-    echo
-    # The following way of writing the cache mishandles newlines in values,
-{
-  (set) 2>&1 |
-    case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
-    *ac_space=\ *)
-      sed -n \
-        "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
-    	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
-      ;;
-    *)
-      sed -n \
-        "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
-      ;;
-    esac;
-}
-    echo
-    if test -s confdefs.h; then
-      cat <<\_ASBOX
-## ----------- ##
-## confdefs.h. ##
-## ----------- ##
-_ASBOX
-      echo
-      sed "/^$/d" confdefs.h
-      echo
-    fi
-    test "$ac_signal" != 0 &&
-      echo "$as_me: caught signal $ac_signal"
-    echo "$as_me: exit $exit_status"
-  } >&5
-  rm -f core core.* *.core &&
-  rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
-    exit $exit_status
-     ' 0
-for ac_signal in 1 2 13 15; do
-  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo >confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
-  if test "x$prefix" != xNONE; then
-    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
-  else
-    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-  fi
-fi
-for ac_site_file in $CONFIG_SITE; do
-  if test -r "$ac_site_file"; then
-    { echo "$as_me:1314: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
-    sed 's/^/| /' "$ac_site_file" >&5
-    . "$ac_site_file"
-  fi
-done
-
-if test -r "$cache_file"; then
-  # Some versions of bash will fail to source /dev/null (special
-  # files actually), so we avoid doing that.
-  if test -f "$cache_file"; then
-    { echo "$as_me:1325: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
-    case $cache_file in
-      [\\/]* | ?:[\\/]* ) . $cache_file;;
-      *)                      . ./$cache_file;;
-    esac
-  fi
-else
-  { echo "$as_me:1333: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
-  >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in `(set) 2>&1 |
-               sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
-  eval ac_old_set=\$ac_cv_env_${ac_var}_set
-  eval ac_new_set=\$ac_env_${ac_var}_set
-  eval ac_old_val="\$ac_cv_env_${ac_var}_value"
-  eval ac_new_val="\$ac_env_${ac_var}_value"
-  case $ac_old_set,$ac_new_set in
-    set,)
-      { echo "$as_me:1349: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
-      ac_cache_corrupted=: ;;
-    ,set)
-      { echo "$as_me:1353: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
-      ac_cache_corrupted=: ;;
-    ,);;
-    *)
-      if test "x$ac_old_val" != "x$ac_new_val"; then
-        { echo "$as_me:1359: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
-        { echo "$as_me:1361:   former value:  $ac_old_val" >&5
-echo "$as_me:   former value:  $ac_old_val" >&2;}
-        { echo "$as_me:1363:   current value: $ac_new_val" >&5
-echo "$as_me:   current value: $ac_new_val" >&2;}
-        ac_cache_corrupted=:
-      fi;;
-  esac
-  # Pass precious variables to config.status.
-  if test "$ac_new_set" = set; then
-    case $ac_new_val in
-    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
-      ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
-    *) ac_arg=$ac_var=$ac_new_val ;;
-    esac
-    case " $ac_configure_args " in
-      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
-      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
-    esac
-  fi
-done
-if $ac_cache_corrupted; then
-  { echo "$as_me:1382: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
-  { { echo "$as_me:1384: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Add the stamp file to the list of files AC keeps track of,
-# along with our hook.
-ac_config_headers="$ac_config_headers include/config.h"
-
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:1435: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="${ac_tool_prefix}gcc"
-    echo "$as_me:1451: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:1461: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:1464: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-echo "$as_me:1473: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="gcc"
-    echo "$as_me:1489: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:1499: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:1502: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  CC=$ac_ct_CC
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:1515: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="${ac_tool_prefix}cc"
-    echo "$as_me:1531: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:1541: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:1544: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:1553: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="cc"
-    echo "$as_me:1569: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:1579: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:1582: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  CC=$ac_ct_CC
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-fi
-if test -z "$CC"; then
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:1595: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-  ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-       ac_prog_rejected=yes
-       continue
-     fi
-    ac_cv_prog_CC="cc"
-    echo "$as_me:1616: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-if test $ac_prog_rejected = yes; then
-  # We found a bogon in the path, so make sure we never use it.
-  set dummy $ac_cv_prog_CC
-  shift
-  if test $# != 0; then
-    # We chose a different compiler from the bogus one.
-    # However, it has the same basename, so the bogon will be chosen
-    # first if we set CC to just the basename; use the full file name.
-    shift
-    set dummy "$as_dir/$ac_word" ${1+"$@"}
-    shift
-    ac_cv_prog_CC="$@"
-  fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:1640: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:1643: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  for ac_prog in cl
-  do
-    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:1654: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-    echo "$as_me:1670: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  echo "$as_me:1680: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
-  echo "$as_me:1683: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-    test -n "$CC" && break
-  done
-fi
-if test -z "$CC"; then
-  ac_ct_CC=$CC
-  for ac_prog in cl
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:1696: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="$ac_prog"
-    echo "$as_me:1712: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:1722: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:1725: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$ac_ct_CC" && break
-done
-
-  CC=$ac_ct_CC
-fi
-
-fi
-
-
-test -z "$CC" && { { echo "$as_me:1738: error: no acceptable C compiler found in \$PATH" >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-echo "$as_me:1743:" \
-     "checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:1746: \"$ac_compiler --version </dev/null >&5\"") >&5
-  (eval $ac_compiler --version </dev/null >&5) 2>&5
-  ac_status=$?
-  echo "$as_me:1749: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (eval echo "$as_me:1751: \"$ac_compiler -v </dev/null >&5\"") >&5
-  (eval $ac_compiler -v </dev/null >&5) 2>&5
-  ac_status=$?
-  echo "$as_me:1754: \$? = $ac_status" >&5
-  (exit $ac_status); }
-{ (eval echo "$as_me:1756: \"$ac_compiler -V </dev/null >&5\"") >&5
-  (eval $ac_compiler -V </dev/null >&5) 2>&5
-  ac_status=$?
-  echo "$as_me:1759: \$? = $ac_status" >&5
-  (exit $ac_status); }
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 1763 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-echo "$as_me:1785: checking for C compiler default output" >&5
-echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:1788: \"$ac_link_default\"") >&5
-  (eval $ac_link_default) 2>&5
-  ac_status=$?
-  echo "$as_me:1791: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # Find the output, starting from the most likely.  This scheme is
-# not robust to junk in `.', hence go to wildcards (a.*) only as a last
-# resort.
-
-# Be careful to initialize this variable, since it used to be cached.
-# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
-ac_cv_exeext=
-for ac_file in `ls a_out.exe a.exe conftest.exe 2>/dev/null;
-                ls a.out conftest 2>/dev/null;
-                ls a.* conftest.* 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb | *.xSYM ) ;;
-    a.out ) # We found the default executable, but exeext='' is most
-            # certainly right.
-            break;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-          # FIXME: I believe we export ac_cv_exeext for Libtool --akim.
-          export ac_cv_exeext
-          break;;
-    * ) break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:1818: error: C compiler cannot create executables" >&5
-echo "$as_me: error: C compiler cannot create executables" >&2;}
-   { (exit 77); exit 77; }; }
-fi
-
-ac_exeext=$ac_cv_exeext
-echo "$as_me:1824: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6
-
-# Check the compiler produces executables we can run.  If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:1829: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
-  if { ac_try='./$ac_file'
-  { (eval echo "$as_me:1835: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:1838: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-    cross_compiling=no
-  else
-    if test "$cross_compiling" = maybe; then
-	cross_compiling=yes
-    else
-	{ { echo "$as_me:1845: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'." >&2;}
-   { (exit 1); exit 1; }; }
-    fi
-  fi
-fi
-echo "$as_me:1853: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-rm -f a.out a.exe conftest$ac_cv_exeext
-ac_clean_files=$ac_clean_files_save
-# Check the compiler produces executables we can run.  If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:1860: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:1862: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6
-
-echo "$as_me:1865: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
-if { (eval echo "$as_me:1867: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:1870: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-          export ac_cv_exeext
-          break;;
-    * ) break;;
-  esac
-done
-else
-  { { echo "$as_me:1886: error: cannot compute suffix of executables: cannot compile and link" >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest$ac_cv_exeext
-echo "$as_me:1892: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-echo "$as_me:1898: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
-if test "${ac_cv_objext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 1904 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:1922: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1925: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-  for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
-  case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb ) ;;
-    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
-       break;;
-  esac
-done
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:1937: error: cannot compute suffix of object files: cannot compile" >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-echo "$as_me:1944: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-echo "$as_me:1948: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 1954 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-#ifndef __GNUC__
-       choke me
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1975: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:1978: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1981: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:1984: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_compiler_gnu=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_compiler_gnu=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-echo "$as_me:1996: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
-GCC=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:2002: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_g+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2008 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2026: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2029: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2032: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:2035: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_cc_g=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_prog_cc_g=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:2045: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
-if test "$ac_test_CFLAGS" = set; then
-  CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
-  if test "$GCC" = yes; then
-    CFLAGS="-g -O2"
-  else
-    CFLAGS="-g"
-  fi
-else
-  if test "$GCC" = yes; then
-    CFLAGS="-O2"
-  else
-    CFLAGS=
-  fi
-fi
-# Some people use a C++ compiler to compile C.  Since we use `exit',
-# in C++ we need to declare it.  In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-#ifndef __cplusplus
-  choke me
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2072: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2075: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2078: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:2081: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  for ac_declaration in \
-   ''\
-   '#include <stdlib.h>' \
-   'extern "C" void std::exit (int) throw (); using std::exit;' \
-   'extern "C" void std::exit (int); using std::exit;' \
-   'extern "C" void exit (int) throw ();' \
-   'extern "C" void exit (int);' \
-   'void exit (int);'
-do
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2093 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-$ac_declaration
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2112: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2115: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2118: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:2121: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-continue
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2131 "configure"
-#include "confdefs.h"
-$ac_declaration
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2149: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2152: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2155: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:2158: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-rm -f conftest*
-if test -n "$ac_declaration"; then
-  echo '#ifdef __cplusplus' >>confdefs.h
-  echo $ac_declaration      >>confdefs.h
-  echo '#endif'             >>confdefs.h
-fi
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:2190: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
-  CPP=
-fi
-if test -z "$CPP"; then
-  if test "${ac_cv_prog_CPP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-      # Double quotes because CPP needs to be expanded
-    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
-    do
-      ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2211 "configure"
-#include "confdefs.h"
-#include <assert.h>
-                     Syntax error
-_ACEOF
-if { (eval echo "$as_me:2216: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:2222: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether non-existent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2245 "configure"
-#include "confdefs.h"
-#include <ac_nonexistent.h>
-_ACEOF
-if { (eval echo "$as_me:2249: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:2255: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  break
-fi
-
-    done
-    ac_cv_prog_CPP=$CPP
-
-fi
-  CPP=$ac_cv_prog_CPP
-else
-  ac_cv_prog_CPP=$CPP
-fi
-echo "$as_me:2292: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2302 "configure"
-#include "confdefs.h"
-#include <assert.h>
-                     Syntax error
-_ACEOF
-if { (eval echo "$as_me:2307: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:2313: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether non-existent headers
-  # can be detected and how.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 2336 "configure"
-#include "confdefs.h"
-#include <ac_nonexistent.h>
-_ACEOF
-if { (eval echo "$as_me:2340: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:2346: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  # Broken: success on invalid input.
-continue
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
-  :
-else
-  { { echo "$as_me:2374: error: C preprocessor \"$CPP\" fails sanity check" >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-echo "$as_me:2386: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_prog_cc_stdc=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-#line 2394 "configure"
-#include "confdefs.h"
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
-     char **p;
-     int i;
-{
-  return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
-  char *s;
-  va_list v;
-  va_start (v,p);
-  s = g (p, va_arg (v,int));
-  va_end (v);
-  return s;
-}
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
-  ;
-  return 0;
-}
-_ACEOF
-# Don't try gcc -ansi; that turns off useful extensions and
-# breaks some systems' header files.
-# AIX			-qlanglvl=ansi
-# Ultrix and OSF/1	-std1
-# HP-UX 10.20 and later	-Ae
-# HP-UX older versions	-Aa -D_HPUX_SOURCE
-# SVR4			-Xc -D__EXTENSIONS__
-for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
-  CC="$ac_save_CC $ac_arg"
-  rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2449: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:2452: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2455: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:2458: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_cc_stdc=$ac_arg
-break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
-done
-rm -f conftest.$ac_ext conftest.$ac_objext
-CC=$ac_save_CC
-
-fi
-
-case "x$ac_cv_prog_cc_stdc" in
-  x|xno)
-    echo "$as_me:2475: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6 ;;
-  *)
-    echo "$as_me:2478: result: $ac_cv_prog_cc_stdc" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
-    CC="$CC $ac_cv_prog_cc_stdc" ;;
-esac
-
-
-am__api_version="1.6"
-ac_aux_dir=
-for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
-  if test -f $ac_dir/install-sh; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/install-sh -c"
-    break
-  elif test -f $ac_dir/install.sh; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/install.sh -c"
-    break
-  elif test -f $ac_dir/shtool; then
-    ac_aux_dir=$ac_dir
-    ac_install_sh="$ac_aux_dir/shtool install -c"
-    break
-  fi
-done
-if test -z "$ac_aux_dir"; then
-  { { echo "$as_me:2502: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
-echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-ac_config_guess="$SHELL $ac_aux_dir/config.guess"
-ac_config_sub="$SHELL $ac_aux_dir/config.sub"
-ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
-
-# Find a good install program.  We prefer a C program (faster),
-# so one script is as good as another.  But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:2522: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
-  ./ | .// | /cC/* | \
-  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
-  /usr/ucb/* ) ;;
-  *)
-    # OSF1 and SCO ODT 3.0 have their own names for install.
-    # Don't use installbsd from OSF since it installs stuff as root
-    # by default.
-    for ac_prog in ginstall scoinst install; do
-      for ac_exec_ext in '' $ac_executable_extensions; do
-        if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
-          if test $ac_prog = install &&
-            grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
-            # AIX install.  It has an incompatible calling convention.
-            :
-          elif test $ac_prog = install &&
-            grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
-            # program-specific install script used by HP pwplus--don't use.
-            :
-          else
-            ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
-            break 3
-          fi
-        fi
-      done
-    done
-    ;;
-esac
-done
-
-
-fi
-  if test "${ac_cv_path_install+set}" = set; then
-    INSTALL=$ac_cv_path_install
-  else
-    # As a last resort, use the slow shell script.  We don't cache a
-    # path for INSTALL within a source directory, because that will
-    # break other packages using the cache if that directory is
-    # removed, or if the path is relative.
-    INSTALL=$ac_install_sh
-  fi
-fi
-echo "$as_me:2576: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-echo "$as_me:2587: checking whether build environment is sane" >&5
-echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
-# Just in case
-sleep 1
-echo timestamp > conftest.file
-# Do `set' in a subshell so we don't clobber the current shell's
-# arguments.  Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
-   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
-   if test "$*" = "X"; then
-      # -L didn't work.
-      set X `ls -t $srcdir/configure conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$*" != "X $srcdir/configure conftest.file" \
-      && test "$*" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      { { echo "$as_me:2611: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&5
-echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" >&2;}
-   { (exit 1); exit 1; }; }
-   fi
-
-   test "$2" = conftest.file
-   )
-then
-   # Ok.
-   :
-else
-   { { echo "$as_me:2624: error: newly created file is older than distributed files!
-Check your system clock" >&5
-echo "$as_me: error: newly created file is older than distributed files!
-Check your system clock" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-echo "$as_me:2630: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-test "$program_prefix" != NONE &&
-  program_transform_name="s,^,$program_prefix,;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
-  program_transform_name="s,\$,$program_suffix,;$program_transform_name"
-# Double any \ or $.  echo might interpret backslashes.
-# By default was `s,x,x', remove it if useless.
-cat <<\_ACEOF >conftest.sed
-s/[\\$]/&&/g;s/;s,x,x,$//
-_ACEOF
-program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
-rm conftest.sed
-
-
-# expand $ac_aux_dir to an absolute path
-am_aux_dir=`cd $ac_aux_dir && pwd`
-
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
-else
-  am_missing_run=
-  { echo "$as_me:2655: WARNING: \`missing' script is too old or missing" >&5
-echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
-fi
-
-for ac_prog in gawk mawk nawk awk
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:2663: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_AWK+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AWK"; then
-  ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_AWK="$ac_prog"
-    echo "$as_me:2679: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
-  echo "$as_me:2689: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6
-else
-  echo "$as_me:2692: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$AWK" && break
-done
-
-echo "$as_me:2699: checking whether ${MAKE-make} sets \${MAKE}" >&5
-echo $ECHO_N "checking whether ${MAKE-make} sets \${MAKE}... $ECHO_C" >&6
-set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,./+-,__p_,'`
-if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.make <<\_ACEOF
-all:
-	@echo 'ac_maketemp="${MAKE}"'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=`
-if test -n "$ac_maketemp"; then
-  eval ac_cv_prog_make_${ac_make}_set=yes
-else
-  eval ac_cv_prog_make_${ac_make}_set=no
-fi
-rm -f conftest.make
-fi
-if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
-  echo "$as_me:2719: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-  SET_MAKE=
-else
-  echo "$as_me:2723: result: no" >&5
-echo "${ECHO_T}no" >&6
-  SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -f .deps 2>/dev/null
-mkdir .deps 2>/dev/null
-if test -d .deps; then
-  DEPDIR=.deps
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  DEPDIR=_deps
-fi
-rmdir .deps 2>/dev/null
-
-
-ac_config_commands="$ac_config_commands depfiles"
-
-
-am_make=${MAKE-make}
-cat > confinc << 'END'
-doit:
-	@echo done
-END
-# If we don't find an include directive, just comment out the code.
-echo "$as_me:2748: checking for style of include used by $am_make" >&5
-echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6
-am__include="#"
-am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | fgrep -v 'ing directory'`" = "done"; then
-   am__include=include
-   am__quote=
-   _am_result=GNU
-fi
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
-   echo '.include "confinc"' > confmf
-   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
-      am__include=.include
-      am__quote="\""
-      _am_result=BSD
-   fi
-fi
-
-
-echo "$as_me:2776: result: $_am_result" >&5
-echo "${ECHO_T}$_am_result" >&6
-rm -f confinc confmf
-
-# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then
-  enableval="$enable_dependency_tracking"
-
-fi;
-if test "x$enable_dependency_tracking" != xno; then
-  am_depcomp="$ac_aux_dir/depcomp"
-  AMDEPBACKSLASH='\'
-fi
-
-
-if test "x$enable_dependency_tracking" != xno; then
-  AMDEP_TRUE=
-  AMDEP_FALSE='#'
-else
-  AMDEP_TRUE='#'
-  AMDEP_FALSE=
-fi
-
-
-
- # test to see if srcdir already configured
-if test "`cd $srcdir && pwd`" != "`pwd`" &&
-   test -f $srcdir/config.status; then
-  { { echo "$as_me:2804: error: source directory already configured; run \"make distclean\" there first" >&5
-echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-# Define the identity of the package.
- PACKAGE=heimdal
- VERSION=0.4f
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE "$PACKAGE"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define VERSION "$VERSION"
-_ACEOF
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-
-AMTAR=${AMTAR-"${am_missing_run}tar"}
-
-install_sh=${install_sh-"$am_aux_dir/install-sh"}
-
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:2852: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$STRIP"; then
-  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-    echo "$as_me:2868: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
-  echo "$as_me:2878: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6
-else
-  echo "$as_me:2881: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
-  ac_ct_STRIP=$STRIP
-  # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-echo "$as_me:2890: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_STRIP"; then
-  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_STRIP="strip"
-    echo "$as_me:2906: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:2917: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6
-else
-  echo "$as_me:2920: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  STRIP=$ac_ct_STRIP
-else
-  STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
-
-# We need awk for the "check" target.  The system "awk" is bad on
-# some platforms.
-
-
-depcc="$CC"   am_compiler_list=
-
-echo "$as_me:2938: checking dependency style of $depcc" >&5
-echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
-if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
-  # We make a subdir and do the tests there.  Otherwise we can end up
-  # making bogus files that we don't know about and never remove.  For
-  # instance it was reported that on HP-UX the gcc test will end up
-  # making a dummy file named `D' -- because `-MD' means `put the output
-  # in D'.
-  mkdir conftest.dir
-  # Copy depcomp to subdir because otherwise we won't find it if we're
-  # using a relative directory.
-  cp "$am_depcomp" conftest.dir
-  cd conftest.dir
-
-  am_cv_CC_dependencies_compiler_type=none
-  if test "$am_compiler_list" = ""; then
-     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
-  fi
-  for depmode in $am_compiler_list; do
-    # We need to recreate these files for each test, as the compiler may
-    # overwrite some of them when testing with obscure command lines.
-    # This happens at least with the AIX C compiler.
-    echo '#include "conftest.h"' > conftest.c
-    echo 'int i;' > conftest.h
-    echo "${am__include} ${am__quote}conftest.Po${am__quote}" > confmf
-
-    case $depmode in
-    nosideeffect)
-      # after this tag, mechanisms are not by side-effect, so they'll
-      # only be used when explicitly requested
-      if test "x$enable_dependency_tracking" = xyes; then
-	continue
-      else
-	break
-      fi
-      ;;
-    none) break ;;
-    esac
-    # We check with `-c' and `-o' for the sake of the "dashmstdout"
-    # mode.  It turns out that the SunPro C++ compiler does not properly
-    # handle `-M -o', and we need to detect this.
-    if depmode=$depmode \
-       source=conftest.c object=conftest.o \
-       depfile=conftest.Po tmpdepfile=conftest.TPo \
-       $SHELL ./depcomp $depcc -c conftest.c -o conftest.o >/dev/null 2>&1 &&
-       grep conftest.h conftest.Po > /dev/null 2>&1 &&
-       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
-      am_cv_CC_dependencies_compiler_type=$depmode
-      break
-    fi
-  done
-
-  cd ..
-  rm -rf conftest.dir
-else
-  am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-echo "$as_me:3000: result: $am_cv_CC_dependencies_compiler_type" >&5
-echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
-
-
-
-
-
-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-
-# Make sure we can run config.sub.
-$ac_config_sub sun4 >/dev/null 2>&1 ||
-  { { echo "$as_me:3014: error: cannot run $ac_config_sub" >&5
-echo "$as_me: error: cannot run $ac_config_sub" >&2;}
-   { (exit 1); exit 1; }; }
-
-echo "$as_me:3018: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6
-if test "${ac_cv_build+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_build_alias=$build_alias
-test -z "$ac_cv_build_alias" &&
-  ac_cv_build_alias=`$ac_config_guess`
-test -z "$ac_cv_build_alias" &&
-  { { echo "$as_me:3027: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
-   { (exit 1); exit 1; }; }
-ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
-  { { echo "$as_me:3031: error: $ac_config_sub $ac_cv_build_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:3036: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6
-build=$ac_cv_build
-build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-
-echo "$as_me:3044: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6
-if test "${ac_cv_host+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_host_alias=$host_alias
-test -z "$ac_cv_host_alias" &&
-  ac_cv_host_alias=$ac_cv_build_alias
-ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
-  { { echo "$as_me:3053: error: $ac_config_sub $ac_cv_host_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
-   { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:3058: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6
-host=$ac_cv_host
-host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-
-CANONICAL_HOST=$host
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define _GNU_SOURCE 1
-_ACEOF
-
-
-
-
-
-for ac_prog in 'bison -y' byacc
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:3082: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_YACC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$YACC"; then
-  ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_YACC="$ac_prog"
-    echo "$as_me:3098: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
-  echo "$as_me:3108: result: $YACC" >&5
-echo "${ECHO_T}$YACC" >&6
-else
-  echo "$as_me:3111: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-for ac_prog in flex lex
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:3123: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_LEX+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$LEX"; then
-  ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_LEX="$ac_prog"
-    echo "$as_me:3139: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
-  echo "$as_me:3149: result: $LEX" >&5
-echo "${ECHO_T}$LEX" >&6
-else
-  echo "$as_me:3152: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
-if test -z "$LEXLIB"
-then
-  echo "$as_me:3162: checking for yywrap in -lfl" >&5
-echo $ECHO_N "checking for yywrap in -lfl... $ECHO_C" >&6
-if test "${ac_cv_lib_fl_yywrap+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lfl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 3170 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char yywrap ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-yywrap ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3195: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:3198: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3201: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:3204: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_fl_yywrap=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_fl_yywrap=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:3215: result: $ac_cv_lib_fl_yywrap" >&5
-echo "${ECHO_T}$ac_cv_lib_fl_yywrap" >&6
-if test $ac_cv_lib_fl_yywrap = yes; then
-  LEXLIB="-lfl"
-else
-  echo "$as_me:3220: checking for yywrap in -ll" >&5
-echo $ECHO_N "checking for yywrap in -ll... $ECHO_C" >&6
-if test "${ac_cv_lib_l_yywrap+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ll  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 3228 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char yywrap ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-yywrap ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3253: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:3256: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3259: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:3262: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_l_yywrap=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_l_yywrap=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:3273: result: $ac_cv_lib_l_yywrap" >&5
-echo "${ECHO_T}$ac_cv_lib_l_yywrap" >&6
-if test $ac_cv_lib_l_yywrap = yes; then
-  LEXLIB="-ll"
-fi
-
-fi
-
-fi
-
-if test "x$LEX" != "x:"; then
-  echo "$as_me:3284: checking lex output file root" >&5
-echo $ECHO_N "checking lex output file root... $ECHO_C" >&6
-if test "${ac_cv_prog_lex_root+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # The minimal lex program is just a single line: %%.  But some broken lexes
-# (Solaris, I think it was) want two %% lines, so accommodate them.
-cat >conftest.l <<_ACEOF
-%%
-%%
-_ACEOF
-{ (eval echo "$as_me:3295: \"$LEX conftest.l\"") >&5
-  (eval $LEX conftest.l) 2>&5
-  ac_status=$?
-  echo "$as_me:3298: \$? = $ac_status" >&5
-  (exit $ac_status); }
-if test -f lex.yy.c; then
-  ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
-  ac_cv_prog_lex_root=lexyy
-else
-  { { echo "$as_me:3305: error: cannot find output from $LEX; giving up" >&5
-echo "$as_me: error: cannot find output from $LEX; giving up" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-fi
-echo "$as_me:3310: result: $ac_cv_prog_lex_root" >&5
-echo "${ECHO_T}$ac_cv_prog_lex_root" >&6
-rm -f conftest.l
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-echo "$as_me:3315: checking whether yytext is a pointer" >&5
-echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6
-if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent. Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-echo 'extern char *yytext;' >>$LEX_OUTPUT_ROOT.c
-ac_save_LIBS=$LIBS
-LIBS="$LIBS $LEXLIB"
-cat >conftest.$ac_ext <<_ACEOF
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3331: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:3334: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3337: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:3340: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_lex_yytext_pointer=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_save_LIBS
-rm -f "${LEX_OUTPUT_ROOT}.c"
-
-fi
-echo "$as_me:3352: result: $ac_cv_prog_lex_yytext_pointer" >&5
-echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define YYTEXT_POINTER 1
-_ACEOF
-
-fi
-
-fi
-if test "$LEX" = :; then
-  LEX=${am_missing_run}flex
-fi
-for ac_prog in gawk mawk nawk awk
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:3370: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_AWK+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$AWK"; then
-  ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_AWK="$ac_prog"
-    echo "$as_me:3386: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
-  echo "$as_me:3396: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6
-else
-  echo "$as_me:3399: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  test -n "$AWK" && break
-done
-
-echo "$as_me:3406: checking for ln -s or something else" >&5
-echo $ECHO_N "checking for ln -s or something else... $ECHO_C" >&6
-if test "${ac_cv_prog_LN_S+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  rm -f conftestdata
-if ln -s X conftestdata 2>/dev/null
-then
-  rm -f conftestdata
-  ac_cv_prog_LN_S="ln -s"
-else
-  touch conftestdata1
-  if ln conftestdata1 conftestdata2; then
-    rm -f conftestdata*
-    ac_cv_prog_LN_S=ln
-  else
-    ac_cv_prog_LN_S=cp
-  fi
-fi
-fi
-LN_S="$ac_cv_prog_LN_S"
-echo "$as_me:3427: result: $ac_cv_prog_LN_S" >&5
-echo "${ECHO_T}$ac_cv_prog_LN_S" >&6
-
-
-
-
-# Check whether --with-mips_abi or --without-mips_abi was given.
-if test "${with_mips_abi+set}" = set; then
-  withval="$with_mips_abi"
-
-fi;
-
-case "$host_os" in
-irix*)
-with_mips_abi="${with_mips_abi:-yes}"
-if test -n "$GCC"; then
-
-# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
-# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
-#
-# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
-# GCC and revert back to O32. The same goes if O32 is asked for - old
-# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
-#
-# Don't you just love *all* the different SGI ABIs?
-
-case "${with_mips_abi}" in
-        32|o32) abi='-mabi=32';  abilibdirext=''     ;;
-       n32|yes) abi='-mabi=n32'; abilibdirext='32'  ;;
-        64) abi='-mabi=64';  abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:3458: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
-esac
-if test -n "$abi" ; then
-ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
-echo "$as_me:3464: checking if $CC supports the $abi option" >&5
-echo $ECHO_N "checking if $CC supports the $abi option... $ECHO_C" >&6
-if eval "test \"\${$ac_foo+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS $abi"
-cat >conftest.$ac_ext <<_ACEOF
-#line 3473 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int x;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3491: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:3494: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3497: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:3500: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval $ac_foo=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval $ac_foo=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-CFLAGS="$save_CFLAGS"
-
-fi
-
-ac_res=`eval echo \\\$$ac_foo`
-echo "$as_me:3514: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6
-if test $ac_res = no; then
-# Try to figure out why that failed...
-case $abi in
-	-mabi=32)
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS -mabi=n32"
-	cat >conftest.$ac_ext <<_ACEOF
-#line 3523 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int x;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3541: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:3544: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3547: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:3550: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_res=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_res=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-	CLAGS="$save_CFLAGS"
-	if test $ac_res = yes; then
-		# New GCC
-		{ { echo "$as_me:3562: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
-	fi
-	# Old GCC
-	abi=''
-	abilibdirext=''
-	;;
-	-mabi=n32|-mabi=64)
-		if test $with_mips_abi = yes; then
-			# Old GCC, default to O32
-			abi=''
-			abilibdirext=''
-		else
-			# Some broken GCC
-			{ { echo "$as_me:3577: error: $CC does not support the $with_mips_abi ABI" >&5
-echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
-   { (exit 1); exit 1; }; }
-		fi
-	;;
-esac
-fi #if test $ac_res = no; then
-fi #if test -n "$abi" ; then
-else
-case "${with_mips_abi}" in
-        32|o32) abi='-32'; abilibdirext=''     ;;
-       n32|yes) abi='-n32'; abilibdirext='32'  ;;
-        64) abi='-64'; abilibdirext='64'   ;;
-	no) abi=''; abilibdirext='';;
-         *) { { echo "$as_me:3591: error: \"Invalid ABI specified\"" >&5
-echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
-   { (exit 1); exit 1; }; } ;;
-esac
-fi #if test -n "$GCC"; then
-;;
-esac
-
-CC="$CC $abi"
-libdir="$libdir$abilibdirext"
-
-
-echo "$as_me:3603: checking for __attribute__" >&5
-echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6
-if test "${ac_cv___attribute__+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 3610 "configure"
-#include "confdefs.h"
-
-#include <stdlib.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-static void foo(void) __attribute__ ((noreturn));
-
-static void
-foo(void)
-{
-  exit(1);
-}
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3638: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:3641: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3644: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:3647: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv___attribute__=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv___attribute__=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-if test "$ac_cv___attribute__" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE___ATTRIBUTE__ 1
-_ACEOF
-
-fi
-echo "$as_me:3665: result: $ac_cv___attribute__" >&5
-echo "${ECHO_T}$ac_cv___attribute__" >&6
-
-
-# Check whether --enable-shared or --disable-shared was given.
-if test "${enable_shared+set}" = set; then
-  enableval="$enable_shared"
-  p=${PACKAGE-default}
-case $enableval in
-yes) enable_shared=yes ;;
-no) enable_shared=no ;;
-*)
-  enable_shared=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_shared=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac
-else
-  enable_shared=no
-fi;
-# Check whether --enable-static or --disable-static was given.
-if test "${enable_static+set}" = set; then
-  enableval="$enable_static"
-  p=${PACKAGE-default}
-case $enableval in
-yes) enable_static=yes ;;
-no) enable_static=no ;;
-*)
-  enable_static=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_static=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac
-else
-  enable_static=yes
-fi;
-# Check whether --enable-fast-install or --disable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then
-  enableval="$enable_fast_install"
-  p=${PACKAGE-default}
-case $enableval in
-yes) enable_fast_install=yes ;;
-no) enable_fast_install=no ;;
-*)
-  enable_fast_install=no
-  # Look at the argument we got.  We use all the common list separators.
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
-  for pkg in $enableval; do
-    if test "X$pkg" = "X$p"; then
-      enable_fast_install=yes
-    fi
-  done
-  IFS="$ac_save_ifs"
-  ;;
-esac
-else
-  enable_fast_install=yes
-fi;
-# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) lt_cv_sys_path_separator=';' ;;
-    *)     lt_cv_sys_path_separator=':' ;;
-  esac
-  PATH_SEPARATOR=$lt_cv_sys_path_separator
-fi
-
-
-# Check whether --with-gnu-ld or --without-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then
-  withval="$with_gnu_ld"
-  test "$withval" = no || with_gnu_ld=yes
-else
-  with_gnu_ld=no
-fi;
-ac_prog=ld
-if test "$GCC" = yes; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  echo "$as_me:3757: checking for ld used by GCC" >&5
-echo $ECHO_N "checking for ld used by GCC... $ECHO_C" >&6
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [\\/]* | [A-Za-z]:[\\/]*)
-      re_direlt='/[^/][^/]*/\.\./'
-      # Canonicalize the path of ld
-      ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD="$ac_prog"
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test "$with_gnu_ld" = yes; then
-  echo "$as_me:3787: checking for GNU ld" >&5
-echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
-else
-  echo "$as_me:3790: checking for non-GNU ld" >&5
-echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
-fi
-if test "${lt_cv_path_LD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -z "$LD"; then
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD="$ac_dir/$ac_prog"
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some GNU ld's only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      if "$lt_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then
-	test "$with_gnu_ld" != no && break
-      else
-	test "$with_gnu_ld" != yes && break
-      fi
-    fi
-  done
-  IFS="$ac_save_ifs"
-else
-  lt_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$lt_cv_path_LD"
-if test -n "$LD"; then
-  echo "$as_me:3820: result: $LD" >&5
-echo "${ECHO_T}$LD" >&6
-else
-  echo "$as_me:3823: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-test -z "$LD" && { { echo "$as_me:3826: error: no acceptable ld found in \$PATH" >&5
-echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
-   { (exit 1); exit 1; }; }
-echo "$as_me:3829: checking if the linker ($LD) is GNU ld" >&5
-echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
-if test "${lt_cv_prog_gnu_ld+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # I'd rather use --version here, but apparently some GNU ld's only accept -v.
-if $LD -v 2>&1 </dev/null | egrep '(GNU|with BFD)' 1>&5; then
-  lt_cv_prog_gnu_ld=yes
-else
-  lt_cv_prog_gnu_ld=no
-fi
-fi
-echo "$as_me:3841: result: $lt_cv_prog_gnu_ld" >&5
-echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-echo "$as_me:3846: checking for $LD option to reload object files" >&5
-echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
-if test "${lt_cv_ld_reload_flag+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_ld_reload_flag='-r'
-fi
-echo "$as_me:3853: result: $lt_cv_ld_reload_flag" >&5
-echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
-reload_flag=$lt_cv_ld_reload_flag
-test -n "$reload_flag" && reload_flag=" $reload_flag"
-
-echo "$as_me:3858: checking for BSD-compatible nm" >&5
-echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
-if test "${lt_cv_path_NM+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM="$NM"
-else
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
-    test -z "$ac_dir" && ac_dir=.
-    tmp_nm=$ac_dir/${ac_tool_prefix}nm
-    if test -f $tmp_nm || test -f $tmp_nm$ac_exeext ; then
-      # Check to see if the nm accepts a BSD-compat flag.
-      # Adding the `sed 1q' prevents false positives on HP-UX, which says:
-      #   nm: unknown option "B" ignored
-      # Tru64's nm complains that /dev/null is an invalid object file
-      if ($tmp_nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep '(/dev/null|Invalid file or object type)' >/dev/null; then
-	lt_cv_path_NM="$tmp_nm -B"
-	break
-      elif ($tmp_nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
-	lt_cv_path_NM="$tmp_nm -p"
-	break
-      else
-	lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	continue # so that we can try to find one that supports BSD flags
-      fi
-    fi
-  done
-  IFS="$ac_save_ifs"
-  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
-fi
-fi
-
-NM="$lt_cv_path_NM"
-echo "$as_me:3894: result: $NM" >&5
-echo "${ECHO_T}$NM" >&6
-
-echo "$as_me:3897: checking whether ln -s works" >&5
-echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
-  echo "$as_me:3901: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:3904: result: no, using $LN_S" >&5
-echo "${ECHO_T}no, using $LN_S" >&6
-fi
-
-echo "$as_me:3908: checking how to recognise dependant libraries" >&5
-echo $ECHO_N "checking how to recognise dependant libraries... $ECHO_C" >&6
-if test "${lt_cv_deplibs_check_method+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# `unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# which responds to the $file_magic_cmd with a given egrep regex.
-# If you have `file' or equivalent on your system and you're not sure
-# whether `pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix4* | aix5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi4*)
-  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin* | mingw* | pw32*)
-  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method='file_magic Mach-O dynamically linked shared library'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  case "$host_os" in
-  rhapsody* | darwin1.[012])
-    lt_cv_file_magic_test_file=`echo /System/Library/Frameworks/System.framework/Versions/*/System | head -1`
-    ;;
-  *) # Darwin 1.3 on
-    lt_cv_file_magic_test_file='/usr/lib/libSystem.dylib'
-    ;;
-  esac
-  ;;
-
-freebsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD)/i[3-9]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20*|hpux11*)
-  lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libc.sl
-  ;;
-
-irix5* | irix6*)
-  case $host_os in
-  irix5*)
-    # this will be overridden with pass_all, but let us keep it just in case
-    lt_cv_deplibs_check_method="file_magic ELF 32-bit MSB dynamic lib MIPS - version 1"
-    ;;
-  *)
-    case $LD in
-    *-32|*"-32 ") libmagic=32-bit;;
-    *-n32|*"-n32 ") libmagic=N32;;
-    *-64|*"-64 ") libmagic=64-bit;;
-    *) libmagic=never-match;;
-    esac
-    # this will be overridden with pass_all, but let us keep it just in case
-    lt_cv_deplibs_check_method="file_magic ELF ${libmagic} MSB mips-[1234] dynamic lib MIPS - version 1"
-    ;;
-  esac
-  lt_cv_file_magic_test_file=`echo /lib${libsuff}/libc.so*`
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  case $host_cpu in
-  alpha* | hppa* | i*86 | powerpc* | sparc* | ia64* )
-    lt_cv_deplibs_check_method=pass_all ;;
-  *)
-    # glibc up to 2.1.1 does not perform some relocations on ARM
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;;
-  esac
-  lt_cv_file_magic_test_file=`echo /lib/libc.so* /lib/libc-*.so`
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[^/\.]+\.so\.[0-9]+\.[0-9]+$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[^/\.]+\.so$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-openbsd*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB shared object'
-  else
-    lt_cv_deplibs_check_method='file_magic OpenBSD.* shared library'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  # this will be overridden with pass_all, but let us keep it just in case
-  lt_cv_deplibs_check_method='file_magic COFF format alpha shared library'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sco3.2v5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  lt_cv_file_magic_test_file=/lib/libc.so
-  ;;
-
-sysv5uw[78]* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  esac
-  ;;
-esac
-
-fi
-echo "$as_me:4086: result: $lt_cv_deplibs_check_method" >&5
-echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-
-
-
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-echo "$as_me:4096: checking command to parse $NM output" >&5
-echo $ECHO_N "checking command to parse $NM output... $ECHO_C" >&6
-if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Transform the above into a raw symbol and a C symbol.
-symxfrm='\1 \2\3 \3'
-
-# Transform an extracted symbol line into a proper C declaration
-lt_cv_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[BCDT]'
-  ;;
-cygwin* | mingw* | pw32*)
-  symcode='[ABCDGISTW]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  lt_cv_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
-  lt_cv_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
-  ;;
-irix*)
-  symcode='[BCDEGRST]'
-  ;;
-solaris* | sysv5*)
-  symcode='[BDT]'
-  ;;
-sysv4)
-  symcode='[DFNSTU]'
-  ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $host_os in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
-  symcode='[ABCDGISTW]'
-fi
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Write the raw and C identifiers.
-lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ 	]\($symcode$symcode*\)[ 	][ 	]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-  rm -f conftest*
-  cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  if { (eval echo "$as_me:4177: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4180: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if { (eval echo "$as_me:4184: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
-  (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
-  ac_status=$?
-  echo "$as_me:4187: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if egrep ' nm_test_var$' "$nlist" >/dev/null; then
-	if egrep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_global_symbol_to_cdecl"' < "$nlist" >> conftest.$ac_ext'
-
-	  cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr void *
-#else
-# define lt_ptr char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr address;
-}
-lt_preloaded_symbols[] =
-{
-EOF
-	  sed "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr) \&\2},/" < "$nlist" >> conftest.$ac_ext
-	  cat <<\EOF >> conftest.$ac_ext
-  {0, (lt_ptr) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  save_LIBS="$LIBS"
-	  save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$ac_objext"
-	  CFLAGS="$CFLAGS$no_builtin_flag"
-	  if { (eval echo "$as_me:4239: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4242: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest; then
-	    pipe_works=yes
-	  fi
-	  LIBS="$save_LIBS"
-	  CFLAGS="$save_CFLAGS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&5
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&5
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
-    fi
-  else
-    echo "$progname: failed program was:" >&5
-    cat conftest.$ac_ext >&5
-  fi
-  rm -f conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-
-fi
-
-global_symbol_pipe="$lt_cv_sys_global_symbol_pipe"
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  global_symbol_to_cdecl=
-  global_symbol_to_c_name_address=
-else
-  global_symbol_to_cdecl="$lt_cv_global_symbol_to_cdecl"
-  global_symbol_to_c_name_address="$lt_cv_global_symbol_to_c_name_address"
-fi
-if test -z "$global_symbol_pipe$global_symbol_to_cdec$global_symbol_to_c_name_address";
-then
-  echo "$as_me:4283: result: failed" >&5
-echo "${ECHO_T}failed" >&6
-else
-  echo "$as_me:4286: result: ok" >&5
-echo "${ECHO_T}ok" >&6
-fi
-
-
-echo "$as_me:4291: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
-if test "${ac_cv_header_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 4297 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-_ACEOF
-if { (eval echo "$as_me:4305: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:4311: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_cv_header_stdc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_cv_header_stdc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 4333 "configure"
-#include "confdefs.h"
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "memchr" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 4351 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "free" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 4372 "configure"
-#include "confdefs.h"
-#include <ctype.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
-                     || ('j' <= (c) && (c) <= 'r') \
-                     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-        || toupper (i) != TOUPPER (i))
-      exit(2);
-  exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:4398: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4401: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:4403: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:4406: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-fi
-echo "$as_me:4420: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
-                  inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:4444: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 4450 "configure"
-#include "confdefs.h"
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4457: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4460: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:4463: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:4466: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_Header=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_Header=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:4476: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-for ac_header in dlfcn.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:4493: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:4498: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:4502: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 4505 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:4511: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4514: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:4517: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:4520: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:4529: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:4533: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 4536 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:4540: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:4546: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:4564: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:4570: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:4572: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:4575: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:4577: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:4579: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:4582: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:4589: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-# Only perform the check for file, if the check method requires it
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    echo "$as_me:4610: checking for ${ac_tool_prefix}file" >&5
-echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $MAGIC_CMD in
-  /*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-  ?:/*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a dos path.
-  ;;
-  *)
-  ac_save_MAGIC_CMD="$MAGIC_CMD"
-  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="/usr/bin:$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/${ac_tool_prefix}file; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    egrep "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  MAGIC_CMD="$ac_save_MAGIC_CMD"
-  ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  echo "$as_me:4665: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6
-else
-  echo "$as_me:4668: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    echo "$as_me:4674: checking for file" >&5
-echo $ECHO_N "checking for file... $ECHO_C" >&6
-if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $MAGIC_CMD in
-  /*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
-  ;;
-  ?:/*)
-  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a dos path.
-  ;;
-  *)
-  ac_save_MAGIC_CMD="$MAGIC_CMD"
-  IFS="${IFS=   }"; ac_save_ifs="$IFS"; IFS=":"
-  ac_dummy="/usr/bin:$PATH"
-  for ac_dir in $ac_dummy; do
-    test -z "$ac_dir" && ac_dir=.
-    if test -f $ac_dir/file; then
-      lt_cv_path_MAGIC_CMD="$ac_dir/file"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`"
-	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    egrep "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS="$ac_save_ifs"
-  MAGIC_CMD="$ac_save_MAGIC_CMD"
-  ;;
-esac
-fi
-
-MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
-if test -n "$MAGIC_CMD"; then
-  echo "$as_me:4729: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6
-else
-  echo "$as_me:4732: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  else
-    MAGIC_CMD=:
-  fi
-fi
-
-  fi
-  ;;
-esac
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:4748: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_RANLIB+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$RANLIB"; then
-  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
-    echo "$as_me:4764: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
-  echo "$as_me:4774: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6
-else
-  echo "$as_me:4777: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
-  ac_ct_RANLIB=$RANLIB
-  # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-echo "$as_me:4786: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_RANLIB"; then
-  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_RANLIB="ranlib"
-    echo "$as_me:4802: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
-  echo "$as_me:4813: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6
-else
-  echo "$as_me:4816: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  RANLIB=$ac_ct_RANLIB
-else
-  RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:4828: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$STRIP"; then
-  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-    echo "$as_me:4844: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
-  echo "$as_me:4854: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6
-else
-  echo "$as_me:4857: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
-  ac_ct_STRIP=$STRIP
-  # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-echo "$as_me:4866: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_STRIP"; then
-  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_STRIP="strip"
-    echo "$as_me:4882: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:4893: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6
-else
-  echo "$as_me:4896: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  STRIP=$ac_ct_STRIP
-else
-  STRIP="$ac_cv_prog_STRIP"
-fi
-
-
-enable_dlopen=no
-enable_win32_dll=no
-
-# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then
-  enableval="$enable_libtool_lock"
-
-fi;
-test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-*-*-irix6*)
-  # Find out which ABI we are using.
-  echo '#line 4921 "configure"' > conftest.$ac_ext
-  if { (eval echo "$as_me:4922: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:4925: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-    case `/usr/bin/file conftest.$ac_objext` in
-    *32-bit*)
-      LD="${LD-ld} -32"
-      ;;
-    *N32*)
-      LD="${LD-ld} -n32"
-      ;;
-    *64-bit*)
-      LD="${LD-ld} -64"
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -belf"
-  echo "$as_me:4946: checking whether the C compiler needs -belf" >&5
-echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
-if test "${lt_cv_cc_needs_belf+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-     cat >conftest.$ac_ext <<_ACEOF
-#line 4960 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4978: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:4981: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4984: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:4987: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lt_cv_cc_needs_belf=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-lt_cv_cc_needs_belf=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-     ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-echo "$as_me:5003: result: $lt_cv_cc_needs_belf" >&5
-echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
-  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS="$SAVE_CFLAGS"
-  fi
-  ;;
-
-
-esac
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e s/^X//'
-sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Constants:
-rm="rm -f"
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a `.a' archive for static linking (except M$VC,
-# which needs '.lib').
-libext=a
-ltmain="$ac_aux_dir/ltmain.sh"
-ofile="$default_ofile"
-with_gnu_ld="$lt_cv_prog_gnu_ld"
-need_locks="$enable_libtool_lock"
-
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$NM" && NM=nm
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$ac_objext" && ac_objext=o
-
-if test x"$host" != x"$build"; then
-  ac_tool_prefix=${host_alias}-
-else
-  ac_tool_prefix=
-fi
-
-# Transform linux* to *-*-linux-gnu*, to support old configure scripts.
-case $host_os in
-linux-gnu*) ;;
-linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'`
-esac
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  openbsd*)
-    old_postinstall_cmds="\$RANLIB -t \$oldlib~$old_postinstall_cmds"
-    ;;
-  *)
-    old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
-fi
-
-# Allow CC to be a program name with arguments.
-set dummy $CC
-compiler="$2"
-
-echo "$as_me:5104: checking for objdir" >&5
-echo $ECHO_N "checking for objdir... $ECHO_C" >&6
-rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-echo "$as_me:5115: result: $objdir" >&5
-echo "${ECHO_T}$objdir" >&6
-
-
-
-# Check whether --with-pic or --without-pic was given.
-if test "${with_pic+set}" = set; then
-  withval="$with_pic"
-  pic_mode="$withval"
-else
-  pic_mode=default
-fi;
-test -z "$pic_mode" && pic_mode=default
-
-# We assume here that the value for lt_cv_prog_cc_pic will not be cached
-# in isolation, and that seeing it set (from the cache) indicates that
-# the associated values are set (in the cache) correctly too.
-echo "$as_me:5132: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
-if test "${lt_cv_prog_cc_pic+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-   lt_cv_prog_cc_pic=
-  lt_cv_prog_cc_shlib=
-  lt_cv_prog_cc_wl=
-  lt_cv_prog_cc_static=
-  lt_cv_prog_cc_no_builtin=
-  lt_cv_prog_cc_can_build_shared=$can_build_shared
-
-  if test "$GCC" = yes; then
-    lt_cv_prog_cc_wl='-Wl,'
-    lt_cv_prog_cc_static='-static'
-
-    case $host_os in
-    aix*)
-      # Below there is a dirty hack to force normal static linking with -ldl
-      # The problem is because libdl dynamically linked with both libc and
-      # libC (AIX C++ library), which obviously doesn't included in libraries
-      # list by gcc. This cause undefined symbols with -static flags.
-      # This hack allows C programs to be linked with "-static -ldl", but
-      # not sure about C++ programs.
-      lt_cv_prog_cc_static="$lt_cv_prog_cc_static ${lt_cv_prog_cc_wl}-lC"
-      ;;
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      lt_cv_prog_cc_pic='-m68020 -resident32 -malways-restore-a4'
-      ;;
-    beos* | irix5* | irix6* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      lt_cv_prog_cc_pic='-fno-common'
-      ;;
-    cygwin* | mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	 lt_cv_prog_cc_pic=-Kconform_pic
-      fi
-      ;;
-    *)
-      lt_cv_prog_cc_pic='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for PIC flags for the system compiler.
-    case $host_os in
-    aix3* | aix4* | aix5*)
-      lt_cv_prog_cc_wl='-Wl,'
-      # All AIX code is PIC.
-      if test "$host_cpu" = ia64; then
-	# AIX 5 now supports IA64 processor
-	lt_cv_prog_cc_static='-Bstatic'
-      else
-	lt_cv_prog_cc_static='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      # Is there a better lt_cv_prog_cc_static that works with the bundled CC?
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static="${lt_cv_prog_cc_wl}-a ${lt_cv_prog_cc_wl}archive"
-      lt_cv_prog_cc_pic='+Z'
-      ;;
-
-    irix5* | irix6*)
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static='-non_shared'
-      # PIC (with -KPIC) is the default.
-      ;;
-
-    cygwin* | mingw* | pw32* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      lt_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-
-    newsos6)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      # All OSF/1 code is PIC.
-      lt_cv_prog_cc_wl='-Wl,'
-      lt_cv_prog_cc_static='-non_shared'
-      ;;
-
-    sco3.2v5*)
-      lt_cv_prog_cc_pic='-Kpic'
-      lt_cv_prog_cc_static='-dn'
-      lt_cv_prog_cc_shlib='-belf'
-      ;;
-
-    solaris*)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      lt_cv_prog_cc_wl='-Wl,'
-      ;;
-
-    sunos4*)
-      lt_cv_prog_cc_pic='-PIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      lt_cv_prog_cc_wl='-Qoption ld '
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-      lt_cv_prog_cc_pic='-KPIC'
-      lt_cv_prog_cc_static='-Bstatic'
-      if test "x$host_vendor" = xsni; then
-	lt_cv_prog_cc_wl='-LD'
-      else
-	lt_cv_prog_cc_wl='-Wl,'
-      fi
-      ;;
-
-    uts4*)
-      lt_cv_prog_cc_pic='-pic'
-      lt_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	lt_cv_prog_cc_pic='-Kconform_pic'
-	lt_cv_prog_cc_static='-Bstatic'
-      fi
-      ;;
-
-    *)
-      lt_cv_prog_cc_can_build_shared=no
-      ;;
-    esac
-  fi
-
-fi
-
-if test -z "$lt_cv_prog_cc_pic"; then
-  echo "$as_me:5279: result: none" >&5
-echo "${ECHO_T}none" >&6
-else
-  echo "$as_me:5282: result: $lt_cv_prog_cc_pic" >&5
-echo "${ECHO_T}$lt_cv_prog_cc_pic" >&6
-
-  # Check to make sure the pic_flag actually works.
-  echo "$as_me:5286: checking if $compiler PIC flag $lt_cv_prog_cc_pic works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_cv_prog_cc_pic works... $ECHO_C" >&6
-  if test "${lt_cv_prog_cc_pic_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-      save_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS $lt_cv_prog_cc_pic -DPIC"
-    cat >conftest.$ac_ext <<_ACEOF
-#line 5294 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:5312: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:5315: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:5318: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:5321: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-        case $host_os in
-      hpux9* | hpux10* | hpux11*)
-	# On HP-UX, both CC and GCC only warn that PIC is supported... then
-	# they create non-PIC objects.  So, if there were any warnings, we
-	# assume that PIC is not supported.
-	if test -s conftest.err; then
-	  lt_cv_prog_cc_pic_works=no
-	else
-	  lt_cv_prog_cc_pic_works=yes
-	fi
-	;;
-      *)
-	lt_cv_prog_cc_pic_works=yes
-	;;
-      esac
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-      lt_cv_prog_cc_pic_works=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-    CFLAGS="$save_CFLAGS"
-
-fi
-
-
-  if test "X$lt_cv_prog_cc_pic_works" = Xno; then
-    lt_cv_prog_cc_pic=
-    lt_cv_prog_cc_can_build_shared=no
-  else
-    lt_cv_prog_cc_pic=" $lt_cv_prog_cc_pic"
-  fi
-
-  echo "$as_me:5358: result: $lt_cv_prog_cc_pic_works" >&5
-echo "${ECHO_T}$lt_cv_prog_cc_pic_works" >&6
-fi
-
-# Check for any special shared library compilation flags.
-if test -n "$lt_cv_prog_cc_shlib"; then
-  { echo "$as_me:5364: WARNING: \`$CC' requires \`$lt_cv_prog_cc_shlib' to build shared libraries" >&5
-echo "$as_me: WARNING: \`$CC' requires \`$lt_cv_prog_cc_shlib' to build shared libraries" >&2;}
-  if echo "$old_CC $old_CFLAGS " | egrep -e "[ 	]$lt_cv_prog_cc_shlib[ 	]" >/dev/null; then :
-  else
-   { echo "$as_me:5368: WARNING: add \`$lt_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&5
-echo "$as_me: WARNING: add \`$lt_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" >&2;}
-    lt_cv_prog_cc_can_build_shared=no
-  fi
-fi
-
-echo "$as_me:5374: checking if $compiler static flag $lt_cv_prog_cc_static works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_cv_prog_cc_static works... $ECHO_C" >&6
-if test "${lt_cv_prog_cc_static_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-    lt_cv_prog_cc_static_works=no
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS $lt_cv_prog_cc_static"
-  cat >conftest.$ac_ext <<_ACEOF
-#line 5383 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5401: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:5404: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5407: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:5410: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lt_cv_prog_cc_static_works=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-  LDFLAGS="$save_LDFLAGS"
-
-fi
-
-
-# Belt *and* braces to stop my trousers falling down:
-test "X$lt_cv_prog_cc_static_works" = Xno && lt_cv_prog_cc_static=
-echo "$as_me:5425: result: $lt_cv_prog_cc_static_works" >&5
-echo "${ECHO_T}$lt_cv_prog_cc_static_works" >&6
-
-pic_flag="$lt_cv_prog_cc_pic"
-special_shlib_compile_flags="$lt_cv_prog_cc_shlib"
-wl="$lt_cv_prog_cc_wl"
-link_static_flag="$lt_cv_prog_cc_static"
-no_builtin_flag="$lt_cv_prog_cc_no_builtin"
-can_build_shared="$lt_cv_prog_cc_can_build_shared"
-
-
-# Check to see if options -o and -c are simultaneously supported by compiler
-echo "$as_me:5437: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
-if test "${lt_cv_compiler_c_o+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-$rm -r conftest 2>/dev/null
-mkdir conftest
-cd conftest
-echo "int some_variable = 0;" > conftest.$ac_ext
-mkdir out
-# According to Tom Tromey, Ian Lance Taylor reported there are C compilers
-# that will create temporary files in the current directory regardless of
-# the output directory.  Thus, making CWD read-only will cause this test
-# to fail, enabling locking or at least warning the user not to do parallel
-# builds.
-chmod -w .
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS -o out/conftest2.$ac_objext"
-compiler_c_o=no
-if { (eval echo configure:5457: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then
-  # The compiler can only warn and ignore the option if not recognized
-  # So say no if there are warnings
-  if test -s out/conftest.err; then
-    lt_cv_compiler_c_o=no
-  else
-    lt_cv_compiler_c_o=yes
-  fi
-else
-  # Append any errors to the config.log.
-  cat out/conftest.err 1>&5
-  lt_cv_compiler_c_o=no
-fi
-CFLAGS="$save_CFLAGS"
-chmod u+w .
-$rm conftest* out/*
-rmdir out
-cd ..
-rmdir conftest
-$rm -r conftest 2>/dev/null
-
-fi
-
-compiler_c_o=$lt_cv_compiler_c_o
-echo "$as_me:5481: result: $compiler_c_o" >&5
-echo "${ECHO_T}$compiler_c_o" >&6
-
-if test x"$compiler_c_o" = x"yes"; then
-  # Check to see if we can write to a .lo
-  echo "$as_me:5486: checking if $compiler supports -c -o file.lo" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.lo... $ECHO_C" >&6
-  if test "${lt_cv_compiler_o_lo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-  lt_cv_compiler_o_lo=no
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -c -o conftest.lo"
-  save_objext="$ac_objext"
-  ac_objext=lo
-  cat >conftest.$ac_ext <<_ACEOF
-#line 5498 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int some_variable = 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:5516: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:5519: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:5522: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:5525: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-      # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-    if test -s conftest.err; then
-      lt_cv_compiler_o_lo=no
-    else
-      lt_cv_compiler_o_lo=yes
-    fi
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  ac_objext="$save_objext"
-  CFLAGS="$save_CFLAGS"
-
-fi
-
-  compiler_o_lo=$lt_cv_compiler_o_lo
-  echo "$as_me:5546: result: $compiler_o_lo" >&5
-echo "${ECHO_T}$compiler_o_lo" >&6
-else
-  compiler_o_lo=no
-fi
-
-# Check to see if we can do hard links to lock some files if needed
-hard_links="nottested"
-if test "$compiler_c_o" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  echo "$as_me:5556: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  echo "$as_me:5564: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6
-  if test "$hard_links" = no; then
-    { echo "$as_me:5567: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
-echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-if test "$GCC" = yes; then
-  # Check to see if options -fno-rtti -fno-exceptions are supported by compiler
-  echo "$as_me:5577: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.$ac_ext"
-  compiler_rtti_exceptions=no
-  cat >conftest.$ac_ext <<_ACEOF
-#line 5584 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int some_variable = 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:5602: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:5605: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:5608: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:5611: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-      # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-    if test -s conftest.err; then
-      compiler_rtti_exceptions=no
-    else
-      compiler_rtti_exceptions=yes
-    fi
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  CFLAGS="$save_CFLAGS"
-  echo "$as_me:5627: result: $compiler_rtti_exceptions" >&5
-echo "${ECHO_T}$compiler_rtti_exceptions" >&6
-
-  if test "$compiler_rtti_exceptions" = "yes"; then
-    no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'
-  else
-    no_builtin_flag=' -fno-builtin'
-  fi
-fi
-
-# See if the linker supports building shared libraries.
-echo "$as_me:5638: checking whether the linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the linker ($LD) supports shared libraries... $ECHO_C" >&6
-
-allow_undefined_flag=
-no_undefined_flag=
-need_lib_prefix=unknown
-need_version=unknown
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-archive_cmds=
-archive_expsym_cmds=
-old_archive_from_new_cmds=
-old_archive_from_expsyms_cmds=
-export_dynamic_flag_spec=
-whole_archive_flag_spec=
-thread_safe_flag_spec=
-hardcode_into_libs=no
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-hardcode_shlibpath_var=unsupported
-runpath_var=
-link_all_deplibs=unknown
-always_export_symbols=no
-export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols'
-# include_expsyms should be a list of space-separated symbols to be *always*
-# included in the symbol list
-include_expsyms=
-# exclude_expsyms can be an egrep regular expression of symbols to exclude
-# it will be wrapped by ` (' and `)$', so one must not match beginning or
-# end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-# as well as any symbol that contains `d'.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-# platforms (ab)use it in PIC code, but their linkers get confused if
-# the symbol is explicitly referenced.  Since portable code cannot
-# rely on this symbol name, it's probably fine to never include it in
-# preloaded symbol tables.
-extract_expsyms_cmds=
-
-case $host_os in
-cygwin* | mingw* | pw32*)
-  # FIXME: the MSVC++ port hasn't been tested in a loooong time
-  # When not using gcc, we currently assume that we are using
-  # Microsoft Visual C++.
-  if test "$GCC" != yes; then
-    with_gnu_ld=no
-  fi
-  ;;
-openbsd*)
-  with_gnu_ld=no
-  ;;
-esac
-
-ld_shlibs=yes
-if test "$with_gnu_ld" = yes; then
-  # If archive_cmds runs LD, not CC, wlarc should be empty
-  wlarc='${wl}'
-
-  # See if GNU ld supports shared libraries.
-  case $host_os in
-  aix3* | aix4* | aix5*)
-    # On AIX, the GNU linker is very broken
-    # Note:Check GNU linker on AIX 5-IA64 when/if it becomes available.
-    ld_shlibs=no
-    cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-
-    # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-    # that the semantics of dynamic libraries on AmigaOS, at least up
-    # to version 4, is to share data among multiple programs linked
-    # with the same dynamic library.  Since this doesn't match the
-    # behavior of shared libraries on other platforms, we can use
-    # them.
-    ld_shlibs=no
-    ;;
-
-  beos*)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      allow_undefined_flag=unsupported
-      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-      # support --undefined.  This deserves some investigation.  FIXME
-      archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec='-L$libdir'
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-
-    extract_expsyms_cmds='test -f $output_objdir/impgen.c || \
-      sed -e "/^# \/\* impgen\.c starts here \*\//,/^# \/\* impgen.c ends here \*\// { s/^# //;s/^# *$//; p; }" -e d < $''0 > $output_objdir/impgen.c~
-      test -f $output_objdir/impgen.exe || (cd $output_objdir && \
-      if test "x$HOST_CC" != "x" ; then $HOST_CC -o impgen impgen.c ; \
-      else $CC -o impgen impgen.c ; fi)~
-      $output_objdir/impgen $dir/$soroot > $output_objdir/$soname-def'
-
-    old_archive_from_expsyms_cmds='$DLLTOOL --as=$AS --dllname $soname --def $output_objdir/$soname-def --output-lib $output_objdir/$newlib'
-
-    # cygwin and mingw dlls have different entry points and sets of symbols
-    # to exclude.
-    # FIXME: what about values for MSVC?
-    dll_entry=__cygwin_dll_entry@12
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12~
-    case $host_os in
-    mingw*)
-      # mingw values
-      dll_entry=_DllMainCRTStartup@12
-      dll_exclude_symbols=DllMain@12,DllMainCRTStartup@12,DllEntryPoint@12~
-      ;;
-    esac
-
-    # mingw and cygwin differ, and it's simplest to just exclude the union
-    # of the two symbol sets.
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12,DllMainCRTStartup@12,DllEntryPoint@12
-
-    # recent cygwin and mingw systems supply a stub DllMain which the user
-    # can override, but on older systems we have to supply one (in ltdll.c)
-    if test "x$lt_cv_need_dllmain" = "xyes"; then
-      ltdll_obj='$output_objdir/$soname-ltdll.'"$ac_objext "
-      ltdll_cmds='test -f $output_objdir/$soname-ltdll.c || sed -e "/^# \/\* ltdll\.c starts here \*\//,/^# \/\* ltdll.c ends here \*\// { s/^# //; p; }" -e d < $''0 > $output_objdir/$soname-ltdll.c~
-	test -f $output_objdir/$soname-ltdll.$ac_objext || (cd $output_objdir && $CC -c $soname-ltdll.c)~'
-    else
-      ltdll_obj=
-      ltdll_cmds=
-    fi
-
-    # Extract the symbol export list from an `--export-all' def file,
-    # then regenerate the def file from the symbol export list, so that
-    # the compiled dll only exports the symbol export list.
-    # Be careful not to strip the DATA tag left be newer dlltools.
-    export_symbols_cmds="$ltdll_cmds"'
-      $DLLTOOL --export-all --exclude-symbols '$dll_exclude_symbols' --output-def $output_objdir/$soname-def '$ltdll_obj'$libobjs $convenience~
-      sed -e "1,/EXPORTS/d" -e "s/ @ [0-9]*//" -e "s/ *;.*$//" < $output_objdir/$soname-def > $export_symbols'
-
-    # If the export-symbols file already is a .def file (1st line
-    # is EXPORTS), use it as is.
-    # If DATA tags from a recent dlltool are present, honour them!
-    archive_expsym_cmds='if test "x`head -1 $export_symbols`" = xEXPORTS; then
-	cp $export_symbols $output_objdir/$soname-def;
-      else
-	echo EXPORTS > $output_objdir/$soname-def;
-	_lt_hint=1;
-	cat $export_symbols | while read symbol; do
-	 set dummy \$symbol;
-	 case \$# in
-	   2) echo "   \$2 @ \$_lt_hint ; " >> $output_objdir/$soname-def;;
-	   *) echo "     \$2 @ \$_lt_hint \$3 ; " >> $output_objdir/$soname-def;;
-	 esac;
-	 _lt_hint=`expr 1 + \$_lt_hint`;
-	done;
-      fi~
-      '"$ltdll_cmds"'
-      $CC -Wl,--base-file,$output_objdir/$soname-base '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp~
-      $CC -Wl,--base-file,$output_objdir/$soname-base $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp --output-lib $output_objdir/$libname.dll.a~
-      $CC $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $output_objdir/$soname '$ltdll_obj'$libobjs $deplibs $compiler_flags'
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-      wlarc=
-    else
-      archive_cmds='$CC -shared -nodefaultlibs $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared -nodefaultlibs $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    fi
-    ;;
-
-  solaris* | sysv5*)
-    if $LD -v 2>&1 | egrep 'BFD 2\.8' > /dev/null; then
-      ld_shlibs=no
-      cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-    elif $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  sunos4*)
-    archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    wlarc=
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-  esac
-
-  if test "$ld_shlibs" = yes; then
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
-    export_dynamic_flag_spec='${wl}--export-dynamic'
-    case $host_os in
-    cygwin* | mingw* | pw32*)
-      # dlltool doesn't understand --whole-archive et. al.
-      whole_archive_flag_spec=
-      ;;
-    *)
-      # ancient GNU ld didn't support --whole-archive et. al.
-      if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-	whole_archive_flag_spec=
-      fi
-      ;;
-    esac
-  fi
-else
-  # PORTME fill in a description of your system's linker (not GNU ld)
-  case $host_os in
-  aix3*)
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-    archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-    # Note: this linker hardcodes the directories in LIBPATH if there
-    # are no directories specified by -L.
-    hardcode_minus_L=yes
-    if test "$GCC" = yes && test -z "$link_static_flag"; then
-      # Neither direct hardcoding nor static linking is supported with a
-      # broken collect2.
-      hardcode_direct=unsupported
-    fi
-    ;;
-
-  aix4* | aix5*)
-    if test "$host_cpu" = ia64; then
-      # On IA64, the linker does run time linking by default, so we don't
-      # have to do anything special.
-      aix_use_runtimelinking=no
-      exp_sym_flag='-Bexport'
-      no_entry_flag=""
-    else
-      aix_use_runtimelinking=no
-
-      # Test if we are trying to use run time linking or normal
-      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-      # need to do runtime linking.
-      case $host_os in aix4.[23]|aix4.[23].*|aix5*)
-	for ld_flag in $LDFLAGS; do
-	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	done
-      esac
-
-      exp_sym_flag='-bexport'
-      no_entry_flag='-bnoentry'
-    fi
-
-    # When large executables or shared objects are built, AIX ld can
-    # have problems creating the table of contents.  If linking a library
-    # or program results in "error TOC overflow" add -mminimal-toc to
-    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-    hardcode_direct=yes
-    archive_cmds=''
-    hardcode_libdir_separator=':'
-    if test "$GCC" = yes; then
-      case $host_os in aix4.[012]|aix4.[012].*)
-	collect2name=`${CC} -print-prog-name=collect2`
-	if test -f "$collect2name" && \
-	  strings "$collect2name" | grep resolve_lib_name >/dev/null
-	then
-	  # We have reworked collect2
-	  hardcode_direct=yes
-	else
-	  # We have old collect2
-	  hardcode_direct=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  hardcode_minus_L=yes
-	  hardcode_libdir_flag_spec='-L$libdir'
-	  hardcode_libdir_separator=
-	fi
-      esac
-
-      shared_flag='-shared'
-    else
-      # not using gcc
-      if test "$host_cpu" = ia64; then
-	shared_flag='${wl}-G'
-      else
-	if test "$aix_use_runtimelinking" = yes; then
-	  shared_flag='${wl}-G'
-	else
-	  shared_flag='${wl}-bM:SRE'
-	fi
-      fi
-    fi
-
-    # It seems that -bexpall can do strange things, so it is better to
-    # generate a list of symbols to export.
-    always_export_symbols=yes
-    if test "$aix_use_runtimelinking" = yes; then
-      # Warning - without using the other runtime loading flags (-brtl),
-      # -berok will link without error, but may produce a broken library.
-      allow_undefined_flag='-berok'
-      hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:/usr/lib:/lib'
-      archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols $shared_flag"
-    else
-      if test "$host_cpu" = ia64; then
-	hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
-	allow_undefined_flag="-z nodefs"
-	archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname ${wl}-h$soname $libobjs $deplibs $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"
-      else
-	hardcode_libdir_flag_spec='${wl}-bnolibpath ${wl}-blibpath:$libdir:/usr/lib:/lib'
-	# Warning - without using the other run time loading flags,
-	# -berok will link without error, but may produce a broken library.
-	allow_undefined_flag='${wl}-berok'
-	# This is a bit strange, but is similar to how AIX traditionally builds
-	# it's shared libraries.
-	archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${allow_undefined_flag} '"\${wl}$no_entry_flag \${wl}$exp_sym_flag:\$export_symbols"' ~$AR -crlo $objdir/$libname$release.a $objdir/$soname'
-      fi
-    fi
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    # see comment about different semantics on the GNU ld section
-    ld_shlibs=no
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec=' '
-    allow_undefined_flag=unsupported
-    # Tell ltmain to make .lib files, not .a files.
-    libext=lib
-    # FIXME: Setting linknames here is a bad hack.
-    archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | sed -e '\''s/ -lc$//'\''` -link -dll~linknames='
-    # The linker will automatically build a .lib file if we build a DLL.
-    old_archive_from_new_cmds='true'
-    # FIXME: Should let the user specify the lib program.
-    old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
-    fix_srcfile_path='`cygpath -w "$srcfile"`'
-    ;;
-
-  darwin* | rhapsody*)
-    case "$host_os" in
-    rhapsody* | darwin1.[012])
-      allow_undefined_flag='-undefined suppress'
-      ;;
-    *) # Darwin 1.3 on
-      allow_undefined_flag='-flat_namespace -undefined suppress'
-      ;;
-    esac
-    # FIXME: Relying on posixy $() will cause problems for
-    #        cross-compilation, but unfortunately the echo tests do not
-    #        yet detect zsh echo's removal of \ escapes.
-    archive_cmds='$nonopt $(test "x$module" = xyes && echo -bundle || echo -dynamiclib) $allow_undefined_flag -o $lib $libobjs $deplibs$linker_flags -install_name $rpath/$soname $verstring'
-    # We need to add '_' to the symbols in $export_symbols first
-    #archive_expsym_cmds="$archive_cmds"' && strip -s $export_symbols'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    whole_archive_flag_spec='-all_load $convenience'
-    ;;
-
-  freebsd1*)
-    ld_shlibs=no
-    ;;
-
-  # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-  # support.  Future versions do this automatically, but an explicit c++rt0.o
-  # does not break anything, and helps significantly (at the cost of a little
-  # extra space).
-  freebsd2.2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-  freebsd2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-  freebsd*)
-    archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  hpux9* | hpux10* | hpux11*)
-    case $host_os in
-    hpux9*) archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' ;;
-    *) archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' ;;
-    esac
-    hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_direct=yes
-    hardcode_minus_L=yes # Not in the search PATH, but as the default
-			 # location of the library.
-    export_dynamic_flag_spec='${wl}-E'
-    ;;
-
-  irix5* | irix6*)
-    if test "$GCC" = yes; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    link_all_deplibs=yes
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-    else
-      archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-    fi
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  newsos6)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_shlibpath_var=no
-    ;;
-
-  openbsd*)
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-      archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-      export_dynamic_flag_spec='${wl}-E'
-    else
-      case "$host_os" in
-      openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
-	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-	hardcode_libdir_flag_spec='-R$libdir'
-        ;;
-      *)
-        archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $linker_flags'
-        hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
-        ;;
-      esac
-    fi
-    ;;
-
-  os2*)
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    allow_undefined_flag=unsupported
-    archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-    old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-    ;;
-
-  osf3*)
-    if test "$GCC" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    ;;
-
-  osf4* | osf5*)	# as osf3* with the addition of -msym flag
-    if test "$GCC" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-      archive_expsym_cmds='for i in `cat $export_symbols`; do printf "-exported_symbol " >> $lib.exp; echo "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
-      $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${objdir}/so_locations -o $lib~$rm $lib.exp'
-
-      #Both c and cxx compiler support -rpath directly
-      hardcode_libdir_flag_spec='-rpath $libdir'
-    fi
-    hardcode_libdir_separator=:
-    ;;
-
-  sco3.2v5*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    runpath_var=LD_RUN_PATH
-    hardcode_runpath_var=yes
-    export_dynamic_flag_spec='${wl}-Bexport'
-    ;;
-
-  solaris*)
-    # gcc --version < 3.0 without binutils cannot create self contained
-    # shared libraries reliably, requiring libgcc.a to resolve some of
-    # the object symbols generated in some cases.  Libraries that use
-    # assert need libgcc.a to resolve __eprintf, for example.  Linking
-    # a copy of libgcc.a into every shared library to guarantee resolving
-    # such symbols causes other problems:  According to Tim Van Holder
-    # <tim.van.holder@pandora.be>, C++ libraries end up with a separate
-    # (to the application) exception stack for one thing.
-    no_undefined_flag=' -z defs'
-    if test "$GCC" = yes; then
-      case `$CC --version 2>/dev/null` in
-      [12].*)
-	cat <<EOF 1>&2
-
-*** Warning: Releases of GCC earlier than version 3.0 cannot reliably
-*** create self contained shared libraries on Solaris systems, without
-*** introducing a dependency on libgcc.a.  Therefore, libtool is disabling
-*** -no-undefined support, which will at least allow you to build shared
-*** libraries.  However, you may find that when you link such libraries
-*** into an application without using GCC, you have to manually add
-*** \`gcc --print-libgcc-file-name\` to the link command.  We urge you to
-*** upgrade to a newer version of GCC.  Another option is to rebuild your
-*** current GCC to use the GNU linker from GNU binutils 2.9.1 or newer.
-
-EOF
-        no_undefined_flag=
-	;;
-      esac
-    fi
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_shlibpath_var=no
-    case $host_os in
-    solaris2.[0-5] | solaris2.[0-5].*) ;;
-    *) # Supported since Solaris 2.6 (maybe 2.5.1?)
-      whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
-    esac
-    link_all_deplibs=yes
-    ;;
-
-  sunos4*)
-    if test "x$host_vendor" = xsequent; then
-      # Use $CC to link under sequent, because it throws in some extra .o
-      # files that make .init and .fini sections work.
-      archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-    else
-      archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-    fi
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4)
-    if test "x$host_vendor" = xsno; then
-      archive_cmds='$LD -G -Bsymbolic -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=yes # is this really true???
-    else
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_direct=no #Motorola manual says yes, but my tests say they lie
-    fi
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4.3*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    export_dynamic_flag_spec='-Bexport'
-    ;;
-
-  sysv5*)
-    no_undefined_flag=' -z text'
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec=
-    hardcode_shlibpath_var=no
-    runpath_var='LD_RUN_PATH'
-    ;;
-
-  uts4*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  dgux*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4*MP*)
-    if test -d /usr/nec; then
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var=no
-      runpath_var=LD_RUN_PATH
-      hardcode_runpath_var=yes
-      ld_shlibs=yes
-    fi
-    ;;
-
-  sysv4.2uw2*)
-    archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=no
-    hardcode_shlibpath_var=no
-    hardcode_runpath_var=yes
-    runpath_var=LD_RUN_PATH
-    ;;
-
-  sysv5uw7* | unixware7*)
-    no_undefined_flag='${wl}-z ${wl}text'
-    if test "$GCC" = yes; then
-      archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-    else
-      archive_cmds='$CC -G ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
-    fi
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    ld_shlibs=no
-    ;;
-  esac
-fi
-echo "$as_me:6318: result: $ld_shlibs" >&5
-echo "${ECHO_T}$ld_shlibs" >&6
-test "$ld_shlibs" = no && can_build_shared=no
-
-# Check hardcoding attributes.
-echo "$as_me:6323: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
-   test -n "$runpath_var"; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$hardcode_shlibpath_var" != no &&
-     test "$hardcode_minus_L" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action=unsupported
-fi
-echo "$as_me:6347: result: $hardcode_action" >&5
-echo "${ECHO_T}$hardcode_action" >&6
-
-striplib=
-old_striplib=
-echo "$as_me:6352: checking whether stripping libraries is possible" >&5
-echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  echo "$as_me:6357: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:6360: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-# PORTME Fill in your ld.so characteristics
-echo "$as_me:6368: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-case $host_os in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}.so$major'
-  ;;
-
-aix4* | aix5*)
-  version_type=linux
-  if test "$host_cpu" = ia64; then
-    # AIX 5 supports IA64
-    library_names_spec='${libname}${release}.so$major ${libname}${release}.so$versuffix $libname.so'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line `#! .'.  This would cause the generated library to
-    # depend on `.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[01] | aix4.[01].*)
-	if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	     echo ' yes '
-	     echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
-	  :
-	else
-	  can_build_shared=no
-	fi
-	;;
-    esac
-    # AIX (on Power*) has no versioning support, so currently we can
-    # not hardcode correct soname into executable. Probably we can
-    # add versioning support to collect2, so additional links can
-    # be useful in future.
-    if test "$aix_use_runtimelinking" = yes; then
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-    else
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='${libname}${release}.a $libname.a'
-      soname_spec='${libname}${release}.so$major'
-    fi
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}.so'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi4*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  export_dynamic_flag_spec=-rdynamic
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32*)
-  version_type=windows
-  need_version=no
-  need_lib_prefix=no
-  case $GCC,$host_os in
-  yes,cygwin*)
-    library_names_spec='$libname.dll.a'
-    soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-    postinstall_cmds='dlpath=`bash 2>&1 -c '\''. $dir/${file}i;echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog .libs/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`bash 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $rm \$dlpath'
-    ;;
-  yes,mingw*)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-    sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | sed -e "s/^libraries://" -e "s/;/ /g"`
-    ;;
-  yes,pw32*)
-    library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | sed -e 's/./-/g'`${versuffix}.dll'
-    ;;
-  *)
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib'
-    ;;
-  esac
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  # FIXME: Relying on posixy $() will cause problems for
-  #        cross-compilation, but unfortunately the echo tests do not
-  #        yet detect zsh echo's removal of \ escapes.
-  library_names_spec='${libname}${release}${versuffix}.$(test .$module = .yes && echo so || echo dylib) ${libname}${release}${major}.$(test .$module = .yes && echo so || echo dylib) ${libname}.$(test .$module = .yes && echo so || echo dylib)'
-  soname_spec='${libname}${release}${major}.$(test .$module = .yes && echo so || echo dylib)'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-freebsd*)
-  objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}.so$versuffix $libname.so$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  *)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  dynamic_linker="$host_os dld.sl"
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  shlibpath_var=SHLIB_PATH
-  shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-  library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl'
-  soname_spec='${libname}${release}.sl$major'
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-irix5* | irix6*)
-  version_type=irix
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so $libname.so'
-  case $host_os in
-  irix5*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so'
-    soname_spec='${libname}${release}.so$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-openbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-    case "$host_os" in
-    openbsd2.[89] | openbsd2.[89].*)
-      shlibpath_overrides_runpath=no
-      ;;
-    *)
-      shlibpath_overrides_runpath=yes
-      ;;
-    esac
-  else
-    shlibpath_overrides_runpath=yes
-  fi
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-os2*)
-  libname_spec='$name'
-  need_lib_prefix=no
-  library_names_spec='$libname.dll $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_version=no
-  soname_spec='${libname}${release}.so'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-sco3.2v5*)
-  version_type=osf
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so'
-    soname_spec='$libname.so.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-echo "$as_me:6761: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6
-test "$dynamic_linker" = no && can_build_shared=no
-
-# Report the final consequences.
-echo "$as_me:6766: checking if libtool supports shared libraries" >&5
-echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
-echo "$as_me:6768: result: $can_build_shared" >&5
-echo "${ECHO_T}$can_build_shared" >&6
-
-echo "$as_me:6771: checking whether to build shared libraries" >&5
-echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case "$host_os" in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4*)
-  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
-    test "$enable_shared" = yes && enable_static=no
-  fi
-  ;;
-esac
-echo "$as_me:6792: result: $enable_shared" >&5
-echo "${ECHO_T}$enable_shared" >&6
-
-echo "$as_me:6795: checking whether to build static libraries" >&5
-echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-echo "$as_me:6799: result: $enable_static" >&5
-echo "${ECHO_T}$enable_static" >&6
-
-if test "$hardcode_action" = relink; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$GCC" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen="load_add_on"
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  cygwin* | mingw* | pw32*)
-    lt_cv_dlopen="LoadLibrary"
-    lt_cv_dlopen_libs=
-   ;;
-
-  *)
-    echo "$as_me:6837: checking for shl_load" >&5
-echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
-if test "${ac_cv_func_shl_load+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 6843 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shl_load (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shl_load ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shl_load) || defined (__stub___shl_load)
-choke me
-#else
-f = shl_load;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6880: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6883: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6886: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:6889: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_shl_load=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_shl_load=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:6899: result: $ac_cv_func_shl_load" >&5
-echo "${ECHO_T}$ac_cv_func_shl_load" >&6
-if test $ac_cv_func_shl_load = yes; then
-  lt_cv_dlopen="shl_load"
-else
-  echo "$as_me:6904: checking for shl_load in -ldld" >&5
-echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
-if test "${ac_cv_lib_dld_shl_load+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 6912 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shl_load ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-shl_load ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6937: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6940: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6943: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:6946: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dld_shl_load=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dld_shl_load=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:6957: result: $ac_cv_lib_dld_shl_load" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
-if test $ac_cv_lib_dld_shl_load = yes; then
-  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
-else
-  echo "$as_me:6962: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
-if test "${ac_cv_func_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 6968 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char dlopen (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_dlopen) || defined (__stub___dlopen)
-choke me
-#else
-f = dlopen;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7005: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7008: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7011: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:7014: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:7024: result: $ac_cv_func_dlopen" >&5
-echo "${ECHO_T}$ac_cv_func_dlopen" >&6
-if test $ac_cv_func_dlopen = yes; then
-  lt_cv_dlopen="dlopen"
-else
-  echo "$as_me:7029: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 7037 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7062: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7065: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7068: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:7071: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dl_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dl_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:7082: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
-if test $ac_cv_lib_dl_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-  echo "$as_me:7087: checking for dlopen in -lsvld" >&5
-echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
-if test "${ac_cv_lib_svld_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 7095 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7120: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7123: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7126: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:7129: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_svld_dlopen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_svld_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:7140: result: $ac_cv_lib_svld_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
-if test $ac_cv_lib_svld_dlopen = yes; then
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
-else
-  echo "$as_me:7145: checking for dld_link in -ldld" >&5
-echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
-if test "${ac_cv_lib_dld_dld_link+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 7153 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dld_link ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dld_link ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7178: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7181: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7184: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:7187: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dld_dld_link=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dld_dld_link=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:7198: result: $ac_cv_lib_dld_dld_link" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
-if test $ac_cv_lib_dld_dld_link = yes; then
-  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-    ;;
-  esac
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  else
-    enable_dlopen=no
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS="$CPPFLAGS"
-        test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS="$LDFLAGS"
-    eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS="$LIBS"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    echo "$as_me:7239: checking whether a program can dlopen itself" >&5
-echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
-if test "${lt_cv_dlopen_self+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  	  if test "$cross_compiling" = yes; then :
-  lt_cv_dlopen_self=cross
-else
-    lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-#line 7250 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-
-    exit (status);
-}
-EOF
-  if { (eval echo "$as_me:7311: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7314: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
-      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
-      x$lt_unknown|x*) lt_cv_dlopen_self=no ;;
-    esac
-  else :
-    # compilation failed
-    lt_cv_dlopen_self=no
-  fi
-fi
-rm -fr conftest*
-
-
-fi
-echo "$as_me:7332: result: $lt_cv_dlopen_self" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self" >&6
-
-    if test "x$lt_cv_dlopen_self" = xyes; then
-      LDFLAGS="$LDFLAGS $link_static_flag"
-      echo "$as_me:7337: checking whether a statically linked program can dlopen itself" >&5
-echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
-if test "${lt_cv_dlopen_self_static+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  	  if test "$cross_compiling" = yes; then :
-  lt_cv_dlopen_self_static=cross
-else
-    lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<EOF
-#line 7348 "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-#ifdef __cplusplus
-extern "C" void exit (int);
-#endif
-
-void fnord() { int i=42;}
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
-      /* dlclose (self); */
-    }
-
-    exit (status);
-}
-EOF
-  if { (eval echo "$as_me:7409: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:7412: \$? = $ac_status" >&5
-  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
-    (./conftest; exit; ) 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
-      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
-      x$lt_unknown|x*) lt_cv_dlopen_self_static=no ;;
-    esac
-  else :
-    # compilation failed
-    lt_cv_dlopen_self_static=no
-  fi
-fi
-rm -fr conftest*
-
-
-fi
-echo "$as_me:7430: result: $lt_cv_dlopen_self_static" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
-    fi
-
-    CPPFLAGS="$save_CPPFLAGS"
-    LDFLAGS="$save_LDFLAGS"
-    LIBS="$save_LIBS"
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-
-
-if test "$enable_shared" = yes && test "$GCC" = yes; then
-  case $archive_cmds in
-  *'~'*)
-    # FIXME: we may have to deal with multi-command sequences.
-    ;;
-  '$CC '*)
-    # Test whether the compiler implicitly links with -lc since on some
-    # systems, -lgcc has to come before -lc. If gcc already passes -lc
-    # to ld, don't add -lc before -lgcc.
-    echo "$as_me:7461: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
-    if test "${lt_cv_archive_cmds_need_lc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  $rm conftest*
-    echo 'static int dummy;' > conftest.$ac_ext
-
-    if { (eval echo "$as_me:7469: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:7472: \$? = $ac_status" >&5
-  (exit $ac_status); }; then
-      soname=conftest
-      lib=conftest
-      libobjs=conftest.$ac_objext
-      deplibs=
-      wl=$lt_cv_prog_cc_wl
-      compiler_flags=-v
-      linker_flags=-v
-      verstring=
-      output_objdir=.
-      libname=conftest
-      save_allow_undefined_flag=$allow_undefined_flag
-      allow_undefined_flag=
-      if { (eval echo "$as_me:7486: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
-  (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
-  ac_status=$?
-  echo "$as_me:7489: \$? = $ac_status" >&5
-  (exit $ac_status); }
-      then
-	lt_cv_archive_cmds_need_lc=no
-      else
-	lt_cv_archive_cmds_need_lc=yes
-      fi
-      allow_undefined_flag=$save_allow_undefined_flag
-    else
-      cat conftest.err 1>&5
-    fi
-fi
-
-    echo "$as_me:7502: result: $lt_cv_archive_cmds_need_lc" >&5
-echo "${ECHO_T}$lt_cv_archive_cmds_need_lc" >&6
-    ;;
-  esac
-fi
-need_lc=${lt_cv_archive_cmds_need_lc-yes}
-
-# The second clause should only fire when bootstrapping the
-# libtool distribution, otherwise you forgot to ship ltmain.sh
-# with your package, and you will get complaints that there are
-# no rules to generate ltmain.sh.
-if test -f "$ltmain"; then
-  :
-else
-  # If there is no Makefile yet, we rely on a make rule to execute
-  # `config.status --recheck' to rerun these tests and create the
-  # libtool script then.
-  test -f Makefile && make "$ltmain"
-fi
-
-if test -f "$ltmain"; then
-  trap "$rm \"${ofile}T\"; exit 1" 1 2 15
-  $rm -f "${ofile}T"
-
-  echo creating $ofile
-
-  # Now quote all the things that may contain metacharacters while being
-  # careful not to overquote the AC_SUBSTed values.  We take copies of the
-  # variables and quote the copies for generation of the libtool script.
-  for var in echo old_CC old_CFLAGS \
-    AR AR_FLAGS CC LD LN_S NM SHELL \
-    reload_flag reload_cmds wl \
-    pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \
-    thread_safe_flag_spec whole_archive_flag_spec libname_spec \
-    library_names_spec soname_spec \
-    RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \
-    old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \
-    postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \
-    old_striplib striplib file_magic_cmd export_symbols_cmds \
-    deplibs_check_method allow_undefined_flag no_undefined_flag \
-    finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \
-    global_symbol_to_c_name_address \
-    hardcode_libdir_flag_spec hardcode_libdir_separator  \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    compiler_c_o compiler_o_lo need_locks exclude_expsyms include_expsyms; do
-
-    case $var in
-    reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    export_symbols_cmds | archive_cmds | archive_expsym_cmds | \
-    extract_expsyms_cmds | old_archive_from_expsyms_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
-      ;;
-    *)
-      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
-      ;;
-    esac
-  done
-
-  cat <<__EOF__ > "${ofile}T"
-#! $SHELL
-
-# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$need_lc
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-
-# An echo program that does not interpret backslashes.
-echo=$lt_echo
-
-# The archiver.
-AR=$lt_AR
-AR_FLAGS=$lt_AR_FLAGS
-
-# The default C compiler.
-CC=$lt_CC
-
-# Is the compiler the GNU C compiler?
-with_gcc=$GCC
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# Whether we need hard or soft links.
-LN_S=$lt_LN_S
-
-# A BSD-compatible nm program.
-NM=$lt_NM
-
-# A symbol stripping program
-STRIP=$STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$lt_wl
-
-# Object file suffix (normally "o").
-objext="$ac_objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_pic_flag
-pic_mode=$pic_mode
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_compiler_c_o
-
-# Can we write directly to a .lo ?
-compiler_o_lo=$lt_compiler_o_lo
-
-# Must we lock files when doing compilation ?
-need_locks=$lt_need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_link_static_flag
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$lt_thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$lt_RANLIB
-old_archive_cmds=$lt_old_archive_cmds
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-postinstall_cmds=$lt_postinstall_cmds
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$lt_file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$lt_finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$lt_global_symbol_to_cdecl
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address=$lt_global_symbol_to_c_name_address
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# ### END LIBTOOL CONFIG
-
-__EOF__
-
-  case $host_os in
-  aix3*)
-    cat <<\EOF >> "${ofile}T"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-    ;;
-  esac
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | os2*)
-    cat <<'EOF' >> "${ofile}T"
-      # This is a source program that is used to create dlls on Windows
-      # Don't remove nor modify the starting and closing comments
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# #  ifdef __CYGWIN32__
-# #    define __CYGWIN__ __CYGWIN32__
-# #  endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-#   __hDllInstance_base = hInst;
-#   return TRUE;
-# }
-# /* ltdll.c ends here */
-	# This is a source program that is used to create import libraries
-	# on Windows for dlls which lack them. Don't remove nor modify the
-	# starting and closing comments
-# /* impgen.c starts here */
-# /*   Copyright (C) 1999-2000 Free Software Foundation, Inc.
-#
-#  This file is part of GNU libtool.
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#  */
-#
-# #include <stdio.h>		/* for printf() */
-# #include <unistd.h>		/* for open(), lseek(), read() */
-# #include <fcntl.h>		/* for O_RDONLY, O_BINARY */
-# #include <string.h>		/* for strdup() */
-#
-# /* O_BINARY isn't required (or even defined sometimes) under Unix */
-# #ifndef O_BINARY
-# #define O_BINARY 0
-# #endif
-#
-# static unsigned int
-# pe_get16 (fd, offset)
-#      int fd;
-#      int offset;
-# {
-#   unsigned char b[2];
-#   lseek (fd, offset, SEEK_SET);
-#   read (fd, b, 2);
-#   return b[0] + (b[1]<<8);
-# }
-#
-# static unsigned int
-# pe_get32 (fd, offset)
-#     int fd;
-#     int offset;
-# {
-#   unsigned char b[4];
-#   lseek (fd, offset, SEEK_SET);
-#   read (fd, b, 4);
-#   return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# static unsigned int
-# pe_as32 (ptr)
-#      void *ptr;
-# {
-#   unsigned char *b = ptr;
-#   return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# int
-# main (argc, argv)
-#     int argc;
-#     char *argv[];
-# {
-#     int dll;
-#     unsigned long pe_header_offset, opthdr_ofs, num_entries, i;
-#     unsigned long export_rva, export_size, nsections, secptr, expptr;
-#     unsigned long name_rvas, nexp;
-#     unsigned char *expdata, *erva;
-#     char *filename, *dll_name;
-#
-#     filename = argv[1];
-#
-#     dll = open(filename, O_RDONLY|O_BINARY);
-#     if (dll < 1)
-# 	return 1;
-#
-#     dll_name = filename;
-#
-#     for (i=0; filename[i]; i++)
-# 	if (filename[i] == '/' || filename[i] == '\\'  || filename[i] == ':')
-# 	    dll_name = filename + i +1;
-#
-#     pe_header_offset = pe_get32 (dll, 0x3c);
-#     opthdr_ofs = pe_header_offset + 4 + 20;
-#     num_entries = pe_get32 (dll, opthdr_ofs + 92);
-#
-#     if (num_entries < 1) /* no exports */
-# 	return 1;
-#
-#     export_rva = pe_get32 (dll, opthdr_ofs + 96);
-#     export_size = pe_get32 (dll, opthdr_ofs + 100);
-#     nsections = pe_get16 (dll, pe_header_offset + 4 +2);
-#     secptr = (pe_header_offset + 4 + 20 +
-# 	      pe_get16 (dll, pe_header_offset + 4 + 16));
-#
-#     expptr = 0;
-#     for (i = 0; i < nsections; i++)
-#     {
-# 	char sname[8];
-# 	unsigned long secptr1 = secptr + 40 * i;
-# 	unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
-# 	unsigned long vsize = pe_get32 (dll, secptr1 + 16);
-# 	unsigned long fptr = pe_get32 (dll, secptr1 + 20);
-# 	lseek(dll, secptr1, SEEK_SET);
-# 	read(dll, sname, 8);
-# 	if (vaddr <= export_rva && vaddr+vsize > export_rva)
-# 	{
-# 	    expptr = fptr + (export_rva - vaddr);
-# 	    if (export_rva + export_size > vaddr + vsize)
-# 		export_size = vsize - (export_rva - vaddr);
-# 	    break;
-# 	}
-#     }
-#
-#     expdata = (unsigned char*)malloc(export_size);
-#     lseek (dll, expptr, SEEK_SET);
-#     read (dll, expdata, export_size);
-#     erva = expdata - export_rva;
-#
-#     nexp = pe_as32 (expdata+24);
-#     name_rvas = pe_as32 (expdata+32);
-#
-#     printf ("EXPORTS\n");
-#     for (i = 0; i<nexp; i++)
-#     {
-# 	unsigned long name_rva = pe_as32 (erva+name_rvas+i*4);
-# 	printf ("\t%s @ %ld ;\n", erva+name_rva, 1+ i);
-#     }
-#
-#     return 0;
-# }
-# /* impgen.c ends here */
-
-EOF
-    ;;
-  esac
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "${ofile}T" || (rm -f "${ofile}T"; exit 1)
-
-  mv -f "${ofile}T" "$ofile" || \
-    (rm -f "$ofile" && cp "${ofile}T" "$ofile" && rm -f "${ofile}T")
-  chmod +x "$ofile"
-fi
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-# Prevent multiple expansion
-
-
-
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-
-
-
-# Check whether --enable-berkeley-db or --disable-berkeley-db was given.
-if test "${enable_berkeley_db+set}" = set; then
-  enableval="$enable_berkeley_db"
-
-
-fi;
-
-have_ndbm=no
-db_type=unknown
-
-if test "$enable_berkeley_db" != no; then
-
-
-
-
-
-for ac_header in 				\
-	db4/db.h				\
-	db3/db.h				\
-	db.h					\
-	db_185.h				\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:8114: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:8119: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:8123: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 8126 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8132: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:8135: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:8138: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8141: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:8150: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:8154: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 8157 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:8161: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:8167: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:8185: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:8191: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:8193: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:8196: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:8198: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:8200: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:8203: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:8210: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-echo "$as_me:8228: checking for db_create" >&5
-echo $ECHO_N "checking for db_create... $ECHO_C" >&6
-if test "${ac_cv_funclib_db_create+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_db_create\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" db4 db3 db; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 8246 "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #ifdef HAVE_DB4_DB_H
-  #include <db4/db.h>
-  #elif defined(HAVE_DB3_DB_H)
-  #include <db3/db.h>
-  #else
-  #include <db.h>
-  #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-db_create(NULL, NULL, 0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8273: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8276: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8279: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8282: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_db_create=$ac_lib; else ac_cv_funclib_db_create=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_db_create=\${ac_cv_funclib_db_create-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_db_create"
-
-if false; then
-
-for ac_func in db_create
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:8305: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 8311 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8348: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8351: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8354: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8357: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:8367: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# db_create
-eval "ac_tr_func=HAVE_`echo db_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_db_create=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_db_create=yes"
-	eval "LIB_db_create="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:8391: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_db_create=no"
-	eval "LIB_db_create="
-	echo "$as_me:8397: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_db_create=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:8411: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-  if test "$ac_cv_func_db_create" = "yes"; then
-    db_type=db3
-    if test "$ac_cv_funclib_db_create" != "yes"; then
-      DBLIB="$ac_cv_funclib_db_create"
-    else
-      DBLIB=""
-    fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB3 1
-_ACEOF
-
-  else
-
-
-
-
-
-echo "$as_me:8436: checking for dbopen" >&5
-echo $ECHO_N "checking for dbopen... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" db2 db; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 8454 "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #if defined(HAVE_DB2_DB_H)
-    #include <db2/db.h>
-    #elif defined(HAVE_DB_185_H)
-    #include <db_185.h>
-    #elif defined(HAVE_DB_H)
-    #include <db.h>
-    #else
-    #error no db.h
-    #endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbopen(NULL, 0, 0, 0, NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8483: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8486: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8489: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8492: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbopen"
-
-if false; then
-
-for ac_func in dbopen
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:8515: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 8521 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8558: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8561: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8564: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8567: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:8577: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbopen
-eval "ac_tr_func=HAVE_`echo dbopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbopen=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbopen=yes"
-	eval "LIB_dbopen="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:8601: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbopen=no"
-	eval "LIB_dbopen="
-	echo "$as_me:8607: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbopen=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:8621: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbopen" = "yes"; then
-      db_type=db1
-      if test "$ac_cv_funclib_dbopen" != "yes"; then
-        DBLIB="$ac_cv_funclib_dbopen"
-      else
-        DBLIB=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB1 1
-_ACEOF
-
-    fi
-  fi
-
-
-  if test "$ac_cv_func_dbm_firstkey" != yes; then
-
-
-echo "$as_me:8647: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in $ac_cv_funclib_dbopen $ac_cv_funclib_db_create; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 8665 "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #define DB_DBM_HSEARCH 1
-    #include <db.h>
-    DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8688: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8691: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8694: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8697: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:8720: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 8726 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8763: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8766: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8769: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8772: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:8782: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:8806: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	echo "$as_me:8812: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:8826: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-        LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-        LIB_NDBM=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DB_NDBM 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NEW_DB 1
-_ACEOF
-
-    else
-      $as_unset ac_cv_func_dbm_firstkey
-      $as_unset ac_cv_funclib_dbm_firstkey
-    fi
-  fi
-
-fi # berkeley db
-
-if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
-
-
-
-for ac_header in 				\
-	dbm.h					\
-	ndbm.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:8868: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:8873: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:8877: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 8880 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8886: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:8889: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:8892: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8895: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:8904: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:8908: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 8911 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:8915: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:8921: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:8939: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:8945: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:8947: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:8950: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:8952: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:8954: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:8957: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:8964: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-echo "$as_me:8981: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ndbm; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 8999 "configure"
-#include "confdefs.h"
-
-  #include <stdio.h>
-  #if defined(HAVE_NDBM_H)
-  #include <ndbm.h>
-  #elif defined(HAVE_DBM_H)
-  #include <dbm.h>
-  #endif
-  DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:9025: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9028: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:9031: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9034: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:9057: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9063 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:9100: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9103: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:9106: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9109: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:9119: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:9143: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	echo "$as_me:9149: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:9163: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-  if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-    if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-      LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-    else
-      LIB_NDBM=""
-    fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NDBM 1
-_ACEOF
-    have_ndbm=yes
-    if test "$db_type" = "unknown"; then
-      db_type=ndbm
-      DBLIB="$LIB_NDBM"
-    fi
-  else
-
-    $as_unset ac_cv_func_dbm_firstkey
-    $as_unset ac_cv_funclib_dbm_firstkey
-
-
-for ac_header in 				\
-	  gdbm/ndbm.h				\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:9197: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:9202: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:9206: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 9209 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9215: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9218: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9221: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9224: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:9233: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:9237: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 9240 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:9244: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:9250: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:9268: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:9274: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:9276: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:9279: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:9281: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:9283: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:9286: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:9293: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-echo "$as_me:9310: checking for dbm_firstkey" >&5
-echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6
-if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" gdbm; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 9328 "configure"
-#include "confdefs.h"
-
-    #include <stdio.h>
-    #include <gdbm/ndbm.h>
-    DBM *dbm;
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dbm_firstkey(NULL)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:9350: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9353: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:9356: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9359: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
-
-if false; then
-
-for ac_func in dbm_firstkey
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:9382: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9388 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:9425: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9428: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:9431: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9434: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:9444: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dbm_firstkey
-eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dbm_firstkey=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "LIB_dbm_firstkey="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:9468: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dbm_firstkey=no"
-	eval "LIB_dbm_firstkey="
-	echo "$as_me:9474: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dbm_firstkey=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:9488: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-    if test "$ac_cv_func_dbm_firstkey" = "yes"; then
-      if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
-	LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
-      else
-	LIB_NDBM=""
-      fi
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NDBM 1
-_ACEOF
-      have_ndbm=yes
-      if test "$db_type" = "unknown"; then
-	db_type=ndbm
-	DBLIB="$LIB_NDBM"
-      fi
-    fi
-  fi
-
-fi # unknown
-
-if test "$have_ndbm" = "yes"; then
-  echo "$as_me:9516: checking if ndbm is implemented with db" >&5
-echo $ECHO_N "checking if ndbm is implemented with db... $ECHO_C" >&6
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:9519: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9524 "configure"
-#include "confdefs.h"
-
-#include <unistd.h>
-#include <fcntl.h>
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-int main()
-{
-  DBM *d;
-
-  d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
-  if (d == NULL)
-    return 1;
-  dbm_close(d);
-  return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:9548: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:9551: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:9553: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9556: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-    if test -f conftest.db; then
-      echo "$as_me:9560: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NEW_DB 1
-_ACEOF
-
-    else
-      echo "$as_me:9568: result: no" >&5
-echo "${ECHO_T}no" >&6
-    fi
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-echo "$as_me:9576: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-
-
-
-if test "$db_type" = db1; then
-  HAVE_DB1_TRUE=
-  HAVE_DB1_FALSE='#'
-else
-  HAVE_DB1_TRUE='#'
-  HAVE_DB1_FALSE=
-fi
-
-
-if test "$db_type" = db3; then
-  HAVE_DB3_TRUE=
-  HAVE_DB3_FALSE='#'
-else
-  HAVE_DB3_TRUE='#'
-  HAVE_DB3_FALSE=
-fi
-
-
-if test "$db_type" = ndbm; then
-  HAVE_NDBM_TRUE=
-  HAVE_NDBM_FALSE='#'
-else
-  HAVE_NDBM_TRUE='#'
-  HAVE_NDBM_FALSE=
-fi
-
-DBLIB="$LDFLAGS $DBLIB"
-
-
-
-
-
-echo "$as_me:9617: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6
-if test "${ac_cv_c_inline+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9625 "configure"
-#include "confdefs.h"
-#ifndef __cplusplus
-static $ac_kw int static_foo () {return 0; }
-$ac_kw int foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9634: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9637: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9640: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9643: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_inline=$ac_kw; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-
-fi
-echo "$as_me:9654: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  no)
-cat >>confdefs.h <<\_ACEOF
-#define inline
-_ACEOF
- ;;
-  *)  cat >>confdefs.h <<_ACEOF
-#define inline $ac_cv_c_inline
-_ACEOF
- ;;
-esac
-
-echo "$as_me:9669: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
-if test "${ac_cv_c_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9675 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this.  */
-  typedef int charset[2];
-  const charset x;
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *ccp;
-  char **p;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  ccp = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++ccp;
-  p = (char**) ccp;
-  ccp = (char const *const *) p;
-  { /* SCO 3.2v4 cc rejects this.  */
-    char *t;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; };
-    struct s *b; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-  }
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9739: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9742: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9745: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9748: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_const=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:9758: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6
-if test $ac_cv_c_const = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
-
-fi
-
-echo "$as_me:9768: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6
-if test "${ac_cv_type_size_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9774 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((size_t *) 0)
-  return 0;
-if (sizeof (size_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9795: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9798: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9801: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9804: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_size_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_size_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:9814: result: $ac_cv_type_size_t" >&5
-echo "${ECHO_T}$ac_cv_type_size_t" >&6
-if test $ac_cv_type_size_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define size_t unsigned
-_ACEOF
-
-fi
-
-echo "$as_me:9826: checking for pid_t" >&5
-echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
-if test "${ac_cv_type_pid_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9832 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((pid_t *) 0)
-  return 0;
-if (sizeof (pid_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9853: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9856: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9859: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9862: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_pid_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_pid_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:9872: result: $ac_cv_type_pid_t" >&5
-echo "${ECHO_T}$ac_cv_type_pid_t" >&6
-if test $ac_cv_type_pid_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define pid_t int
-_ACEOF
-
-fi
-
-echo "$as_me:9884: checking for uid_t in sys/types.h" >&5
-echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
-if test "${ac_cv_type_uid_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9890 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "uid_t" >/dev/null 2>&1; then
-  ac_cv_type_uid_t=yes
-else
-  ac_cv_type_uid_t=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:9904: result: $ac_cv_type_uid_t" >&5
-echo "${ECHO_T}$ac_cv_type_uid_t" >&6
-if test $ac_cv_type_uid_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define uid_t int
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define gid_t int
-_ACEOF
-
-fi
-
-
-echo "$as_me:9920: checking return type of signal handlers" >&5
-echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
-if test "${ac_cv_type_signal+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9926 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <signal.h>
-#ifdef signal
-# undef signal
-#endif
-#ifdef __cplusplus
-extern "C" void (*signal (int, void (*)(int)))(int);
-#else
-void (*signal ()) ();
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int i;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9954: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:9957: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9960: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:9963: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_signal=void
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_signal=int
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:9973: result: $ac_cv_type_signal" >&5
-echo "${ECHO_T}$ac_cv_type_signal" >&6
-
-cat >>confdefs.h <<_ACEOF
-#define RETSIGTYPE $ac_cv_type_signal
-_ACEOF
-
-
-if test "$ac_cv_type_signal" = "void" ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define VOID_RETSIGTYPE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:9992: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
-if test "${ac_cv_header_time+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 9998 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10020: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10023: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10026: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10029: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_header_time=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_header_time=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:10039: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
-
-fi
-
-
-
-for ac_header in standards.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:10055: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:10060: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:10064: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 10067 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10073: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10076: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10079: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10082: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:10091: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:10095: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 10098 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:10102: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:10108: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:10126: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:10132: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:10134: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:10137: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:10139: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:10141: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:10144: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:10151: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-for i in netinet/ip.h netinet/tcp.h; do
-
-cv=`echo "$i" | sed 'y%./+-%__p_%'`
-
-echo "$as_me:10168: checking for $i" >&5
-echo $ECHO_N "checking for $i... $ECHO_C" >&6
-if eval "test \"\${ac_cv_header_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10174 "configure"
-#include "confdefs.h"
-\
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-#include <$i>
-
-_ACEOF
-if { (eval echo "$as_me:10183: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:10189: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  eval "ac_cv_header_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  eval "ac_cv_header_$cv=no"
-fi
-rm -f conftest.err conftest.$ac_ext
-fi
-echo "$as_me:10208: result: `eval echo '${'ac_cv_header_$cv'}'`" >&5
-echo "${ECHO_T}`eval echo '${'ac_cv_header_$cv'}'`" >&6
-ac_res=`eval echo \\$ac_cv_header_$cv`
-if test "$ac_res" = yes; then
-	ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-done
-if false;then
-
-
-for ac_header in netinet/ip.h netinet/tcp.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:10226: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:10231: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:10235: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 10238 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10244: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10247: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10250: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10253: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:10262: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:10266: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 10269 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:10273: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:10279: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:10297: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:10303: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:10305: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:10308: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:10310: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:10312: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:10315: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:10322: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-fi
-
-
-
-
-for ac_func in getlogin setlogin
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:10343: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10349 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:10386: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10389: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:10392: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10395: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:10405: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-if test "$ac_cv_func_getlogin" = yes; then
-echo "$as_me:10416: checking if getlogin is posix" >&5
-echo $ECHO_N "checking if getlogin is posix... $ECHO_C" >&6
-if test "${ac_cv_func_getlogin_posix+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
-	ac_cv_func_getlogin_posix=no
-else
-	ac_cv_func_getlogin_posix=yes
-fi
-
-fi
-echo "$as_me:10429: result: $ac_cv_func_getlogin_posix" >&5
-echo "${ECHO_T}$ac_cv_func_getlogin_posix" >&6
-if test "$ac_cv_func_getlogin_posix" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define POSIX_GETLOGIN 1
-_ACEOF
-
-fi
-fi
-
-
-echo "$as_me:10441: checking if realloc if broken" >&5
-echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6
-if test "${ac_cv_func_realloc_broken+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-ac_cv_func_realloc_broken=no
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10452 "configure"
-#include "confdefs.h"
-
-#include <stddef.h>
-#include <stdlib.h>
-
-int main()
-{
-	return realloc(NULL, 17) == NULL;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:10465: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:10468: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:10470: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10473: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_realloc_broken=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-fi
-echo "$as_me:10487: result: $ac_cv_func_realloc_broken" >&5
-echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6
-if test "$ac_cv_func_realloc_broken" = yes ; then
-
-cat >>confdefs.h <<\_ACEOF
-#define BROKEN_REALLOC 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-DIR_roken=roken
-LIB_roken='$(top_builddir)/lib/roken/libroken.la'
-INCLUDES_roken='-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-WFLAGS_NOUNUSED=""
-WFLAGS_NOIMPLICITINT=""
-if test -z "$WFLAGS" -a "$GCC" = "yes"; then
-  # -Wno-implicit-int for broken X11 headers
-  # leave these out for now:
-  #   -Wcast-align doesn't work well on alpha osf/1
-  #   -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
-  #   -Wmissing-declarations -Wnested-externs
-  WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs"
-  WFLAGS_NOUNUSED="-Wno-unused"
-  WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
-fi
-
-
-
-
-
-
-
-
-cv=`echo "ssize_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:10541: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10547 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-ssize_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10570: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10573: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10576: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10579: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:10590: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo ssize_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:10595: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
-if test "${ac_cv_type_ssize_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10601 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((ssize_t *) 0)
-  return 0;
-if (sizeof (ssize_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10622: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10625: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10628: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10631: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_ssize_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_ssize_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:10641: result: $ac_cv_type_ssize_t" >&5
-echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
-if test $ac_cv_type_ssize_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SSIZE_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-
-cv=`echo "long long" | sed 'y%./+- %__p__%'`
-echo "$as_me:10665: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10671 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-long long foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10694: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10697: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10700: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10703: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:10714: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:10719: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if test "${ac_cv_type_long_long+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 10725 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((long long *) 0)
-  return 0;
-if (sizeof (long long))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10746: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10749: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10752: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10755: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_long_long=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:10765: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6
-if test $ac_cv_type_long_long = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in \
-	arpa/inet.h				\
-	arpa/nameser.h				\
-	config.h				\
-	crypt.h					\
-	dirent.h				\
-	errno.h					\
-	err.h					\
-	fcntl.h					\
-	grp.h					\
-	ifaddrs.h				\
-	net/if.h				\
-	netdb.h					\
-	netinet/in.h				\
-	netinet/in6.h				\
-	netinet/in_systm.h			\
-	netinet6/in6.h				\
-	netinet6/in6_var.h			\
-	paths.h					\
-	pwd.h					\
-	resolv.h				\
-	rpcsvc/ypclnt.h				\
-	shadow.h				\
-	sys/bswap.h				\
-	sys/ioctl.h				\
-	sys/param.h				\
-	sys/proc.h				\
-	sys/resource.h				\
-	sys/socket.h				\
-	sys/sockio.h				\
-	sys/stat.h				\
-	sys/sysctl.h				\
-	sys/time.h				\
-	sys/tty.h				\
-	sys/types.h				\
-	sys/uio.h				\
-	sys/utsname.h				\
-	sys/wait.h				\
-	syslog.h				\
-	termios.h				\
-	unistd.h				\
-	userconf.h				\
-	usersec.h				\
-	util.h					\
-	vis.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:10883: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:10888: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:10892: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 10895 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10901: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:10904: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10907: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:10910: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:10919: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:10923: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 10926 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:10930: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:10936: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:10954: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:10960: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:10962: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:10965: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:10967: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:10969: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:10972: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:10979: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-if test "$ac_cv_header_err_h" = yes; then
-  have_err_h_TRUE=
-  have_err_h_FALSE='#'
-else
-  have_err_h_TRUE='#'
-  have_err_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_header_fnmatch_h" = yes; then
-  have_fnmatch_h_TRUE=
-  have_fnmatch_h_FALSE='#'
-else
-  have_fnmatch_h_TRUE='#'
-  have_fnmatch_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_header_ifaddrs_h" = yes; then
-  have_ifaddrs_h_TRUE=
-  have_ifaddrs_h_FALSE='#'
-else
-  have_ifaddrs_h_TRUE='#'
-  have_ifaddrs_h_FALSE=
-fi
-
-
-
-if test "$ac_cv_header_vis_h" = yes; then
-  have_vis_h_TRUE=
-  have_vis_h_FALSE='#'
-else
-  have_vis_h_TRUE='#'
-  have_vis_h_FALSE=
-fi
-
-
-
-
-
-
-
-echo "$as_me:11041: checking for socket" >&5
-echo $ECHO_N "checking for socket... $ECHO_C" >&6
-if test "${ac_cv_funclib_socket+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_socket\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" socket; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11059 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-socket()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11077: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11080: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11083: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11086: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_socket"
-
-if false; then
-
-for ac_func in socket
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:11109: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 11115 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11152: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11155: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11158: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11161: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:11171: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# socket
-eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_socket=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_socket=yes"
-	eval "LIB_socket="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:11195: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_socket=no"
-	eval "LIB_socket="
-	echo "$as_me:11201: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_socket=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:11215: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_socket"; then
-	LIBS="$LIB_socket $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:11229: checking for gethostbyname" >&5
-echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
-if test "${ac_cv_funclib_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" nsl; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11247 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11265: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11268: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11271: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11274: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gethostbyname"
-
-if false; then
-
-for ac_func in gethostbyname
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:11297: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 11303 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11340: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11343: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11346: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11349: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:11359: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gethostbyname
-eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gethostbyname=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gethostbyname=yes"
-	eval "LIB_gethostbyname="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:11383: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_gethostbyname=no"
-	eval "LIB_gethostbyname="
-	echo "$as_me:11389: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_gethostbyname=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:11403: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_gethostbyname"; then
-	LIBS="$LIB_gethostbyname $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:11417: checking for syslog" >&5
-echo $ECHO_N "checking for syslog... $ECHO_C" >&6
-if test "${ac_cv_funclib_syslog+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" syslog; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11435 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-syslog()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11453: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11456: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11459: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11462: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_syslog"
-
-if false; then
-
-for ac_func in syslog
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:11485: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 11491 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11528: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11531: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11534: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11537: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:11547: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# syslog
-eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_syslog=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_syslog=yes"
-	eval "LIB_syslog="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:11571: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_syslog=no"
-	eval "LIB_syslog="
-	echo "$as_me:11577: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_syslog=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:11591: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_syslog"; then
-	LIBS="$LIB_syslog $LIBS"
-fi
-
-
-
-
-# Check whether --with-ipv6 or --without-ipv6 was given.
-if test "${with_ipv6+set}" = set; then
-  withval="$with_ipv6"
-
-if test "$withval" = "no"; then
-	ac_cv_lib_ipv6=no
-fi
-fi;
-save_CFLAGS="${CFLAGS}"
-echo "$as_me:11613: checking for IPv6 stack type" >&5
-echo $ECHO_N "checking for IPv6 stack type... $ECHO_C" >&6
-if test "${v6type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  v6type=unknown
-v6lib=none
-
-for i in v6d toshiba kame inria zeta linux; do
-	case $i in
-	v6d)
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11625 "configure"
-#include "confdefs.h"
-
-#include </usr/local/v6/include/sys/types.h>
-#ifdef __V6D__
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=v6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-I/usr/local/v6/include $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	toshiba)
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11644 "configure"
-#include "confdefs.h"
-
-#include <sys/param.h>
-#ifdef _TOSHIBA_INET6
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	kame)
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11663 "configure"
-#include "confdefs.h"
-
-#include <netinet/in.h>
-#ifdef __KAME__
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	inria)
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11682 "configure"
-#include "confdefs.h"
-
-#include <netinet/in.h>
-#ifdef IPV6_INRIA_VERSION
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	zeta)
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11699 "configure"
-#include "confdefs.h"
-
-#include <sys/param.h>
-#ifdef _ZETA_MINAMI_INET6
-yes
-#endif
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "yes" >/dev/null 2>&1; then
-  v6type=$i; v6lib=inet6;
-			v6libdir=/usr/local/v6/lib;
-			CFLAGS="-DINET6 $CFLAGS"
-fi
-rm -f conftest*
-
-		;;
-	linux)
-		if test -d /usr/inet6; then
-			v6type=$i
-			v6lib=inet6
-			v6libdir=/usr/inet6
-			CFLAGS="-DINET6 $CFLAGS"
-		fi
-		;;
-	esac
-	if test "$v6type" != "unknown"; then
-		break
-	fi
-done
-
-if test "$v6lib" != "none"; then
-	for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
-		if test -d $dir -a -f $dir/lib$v6lib.a; then
-			LIBS="-L$dir -l$v6lib $LIBS"
-			break
-		fi
-	done
-fi
-
-fi
-echo "$as_me:11740: result: $v6type" >&5
-echo "${ECHO_T}$v6type" >&6
-
-echo "$as_me:11743: checking for IPv6" >&5
-echo $ECHO_N "checking for IPv6... $ECHO_C" >&6
-if test "${ac_cv_lib_ipv6+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 11750 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- struct sockaddr_in6 sin6;
- int s;
-
- s = socket(AF_INET6, SOCK_DGRAM, 0);
-
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(17);
- sin6.sin6_addr = in6addr_any;
- bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11791: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11794: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11797: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11800: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_ipv6=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipv6=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:11810: result: $ac_cv_lib_ipv6" >&5
-echo "${ECHO_T}$ac_cv_lib_ipv6" >&6
-if test "$ac_cv_lib_ipv6" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_IPV6 1
-_ACEOF
-
-else
-  CFLAGS="${save_CFLAGS}"
-fi
-
-if test "$ac_cv_lib_ipv6" = yes; then
-	echo "$as_me:11823: checking for in6addr_loopback" >&5
-echo $ECHO_N "checking for in6addr_loopback... $ECHO_C" >&6
-if test "${ac_cv_var_in6addr_loopback+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	cat >conftest.$ac_ext <<_ACEOF
-#line 11830 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-struct sockaddr_in6 sin6;
-sin6.sin6_addr = in6addr_loopback;
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11863: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11866: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11869: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11872: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_in6addr_loopback=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_in6addr_loopback=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:11882: result: $ac_cv_var_in6addr_loopback" >&5
-echo "${ECHO_T}$ac_cv_var_in6addr_loopback" >&6
-	if test "$ac_cv_var_in6addr_loopback" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_IN6ADDR_LOOPBACK 1
-_ACEOF
-
-	fi
-fi
-
-
-
-
-
-
-echo "$as_me:11898: checking for gethostbyname2" >&5
-echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6
-if test "${ac_cv_funclib_gethostbyname2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" inet6 ip6; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 11916 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname2()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:11934: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:11937: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:11940: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:11943: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gethostbyname2=\${ac_cv_funclib_gethostbyname2-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gethostbyname2"
-
-if false; then
-
-for ac_func in gethostbyname2
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:11966: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 11972 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12009: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12012: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12015: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12018: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:12028: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gethostbyname2
-eval "ac_tr_func=HAVE_`echo gethostbyname2 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gethostbyname2=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gethostbyname2=yes"
-	eval "LIB_gethostbyname2="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:12052: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_gethostbyname2=no"
-	eval "LIB_gethostbyname2="
-	echo "$as_me:12058: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_gethostbyname2=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:12072: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_gethostbyname2"; then
-	LIBS="$LIB_gethostbyname2 $LIBS"
-fi
-
-
-
-
-
-
-echo "$as_me:12087: checking for res_search" >&5
-echo $ECHO_N "checking for res_search... $ECHO_C" >&6
-if test "${ac_cv_funclib_res_search+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 12105 "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-res_search(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12137: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12140: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12143: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12146: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_res_search"
-
-if false; then
-
-for ac_func in res_search
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:12169: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12175 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12212: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12215: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12218: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12221: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:12231: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# res_search
-eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_res_search=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_res_search=yes"
-	eval "LIB_res_search="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:12255: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_res_search=no"
-	eval "LIB_res_search="
-	echo "$as_me:12261: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_res_search=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:12275: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_res_search"; then
-	LIBS="$LIB_res_search $LIBS"
-fi
-
-
-
-
-
-
-echo "$as_me:12290: checking for dn_expand" >&5
-echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6
-if test "${ac_cv_funclib_dn_expand+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 12308 "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dn_expand(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12340: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12343: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12346: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12349: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dn_expand"
-
-if false; then
-
-for ac_func in dn_expand
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:12372: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12378 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12415: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12418: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12421: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12424: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:12434: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dn_expand
-eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dn_expand=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dn_expand=yes"
-	eval "LIB_dn_expand="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:12458: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dn_expand=no"
-	eval "LIB_dn_expand="
-	echo "$as_me:12464: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dn_expand=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:12478: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_dn_expand"; then
-	LIBS="$LIB_dn_expand $LIBS"
-fi
-
-
-
-echo "$as_me:12490: checking for _res" >&5
-echo $ECHO_N "checking for _res... $ECHO_C" >&6
-if test "${ac_cv_var__res+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 12497 "configure"
-#include "confdefs.h"
-extern int _res;
-int foo() { return _res; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12516: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12519: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12522: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12525: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var__res=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var__res=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var__res`
-echo "$as_me:12538: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE__RES 1
-_ACEOF
-
-
-echo "$as_me:12547: checking if _res is properly declared" >&5
-echo $ECHO_N "checking if _res is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var__res_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 12554 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-extern struct { int foo; } _res;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-_res.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12585: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12588: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12591: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12594: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var__res_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var__res_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:12609: result: $ac_cv_var__res_declaration" >&5
-echo "${ECHO_T}$ac_cv_var__res_declaration" >&6
-if eval "test \"\$ac_cv_var__res_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE__RES_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-
-echo "$as_me:12625: checking for working snprintf" >&5
-echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6
-if test "${ac_cv_func_snprintf_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_snprintf_working=yes
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12635 "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <string.h>
-int main()
-{
-	char foo[3];
-	snprintf(foo, 2, "12");
-	return strcmp(foo, "1");
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:12648: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12651: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:12653: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12656: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_snprintf_working=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:12669: result: $ac_cv_func_snprintf_working" >&5
-echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6
-
-if test "$ac_cv_func_snprintf_working" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SNPRINTF 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_snprintf_working" = yes; then
-
-if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
-echo "$as_me:12682: checking if snprintf needs a prototype" >&5
-echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_snprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12688 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int snprintf (struct foo*);
-snprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12709: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12712: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12715: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12718: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_snprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_snprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:12728: result: $ac_cv_func_snprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6
-if test "$ac_cv_func_snprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-echo "$as_me:12742: checking for working vsnprintf" >&5
-echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6
-if test "${ac_cv_func_vsnprintf_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_vsnprintf_working=yes
-if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12752 "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-
-int foo(int num, ...)
-{
-	char bar[3];
-	va_list arg;
-	va_start(arg, num);
-	vsnprintf(bar, 2, "%s", arg);
-	va_end(arg);
-	return strcmp(bar, "1");
-}
-
-
-int main()
-{
-	return foo(0, "12");
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:12776: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12779: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:12781: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12784: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_vsnprintf_working=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:12797: result: $ac_cv_func_vsnprintf_working" >&5
-echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6
-
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VSNPRINTF 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_vsnprintf_working" = yes; then
-
-if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then
-echo "$as_me:12810: checking if vsnprintf needs a prototype" >&5
-echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12816 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vsnprintf (struct foo*);
-vsnprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12837: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12840: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12843: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12846: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vsnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vsnprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:12856: result: $ac_cv_func_vsnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6
-if test "$ac_cv_func_vsnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VSNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-
-
-echo "$as_me:12871: checking for working glob" >&5
-echo $ECHO_N "checking for working glob... $ECHO_C" >&6
-if test "${ac_cv_func_glob_working+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_func_glob_working=yes
-cat >conftest.$ac_ext <<_ACEOF
-#line 12878 "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <glob.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
-#ifdef GLOB_MAXPATH
-GLOB_MAXPATH
-#else
-GLOB_LIMIT
-#endif
-,
-NULL, NULL);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:12907: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:12910: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:12913: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12916: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_glob_working=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:12926: result: $ac_cv_func_glob_working" >&5
-echo "${ECHO_T}$ac_cv_func_glob_working" >&6
-
-if test "$ac_cv_func_glob_working" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GLOB 1
-_ACEOF
-
-fi
-if test "$ac_cv_func_glob_working" = yes; then
-
-if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
-echo "$as_me:12939: checking if glob needs a prototype" >&5
-echo $ECHO_N "checking if glob needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_glob_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 12945 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <glob.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int glob (struct foo*);
-glob(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12967: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:12970: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12973: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:12976: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_glob_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_glob_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:12986: result: $ac_cv_func_glob_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_glob_noproto" >&6
-if test "$ac_cv_func_glob_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GLOB_PROTO 1
-_ACEOF
-
-fi
-fi
-
-fi
-
-if test "$ac_cv_func_glob_working" != yes; then
-	LIBOBJS="$LIBOBJS glob.$ac_objext"
-fi
-
-
-if test "$ac_cv_func_glob_working" = yes; then
-  have_glob_h_TRUE=
-  have_glob_h_FALSE='#'
-else
-  have_glob_h_TRUE='#'
-  have_glob_h_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in 				\
-	asnprintf				\
-	asprintf				\
-	atexit					\
-	cgetent					\
-	getconfattr				\
-	getprogname				\
-	getrlimit				\
-	getspnam				\
-	initstate				\
-	issetugid				\
-	on_exit					\
-	random					\
-	setprogname				\
-	setstate				\
-	strsvis					\
-	strunvis				\
-	strvis					\
-	strvisx					\
-	svis					\
-	sysconf					\
-	sysctl					\
-	uname					\
-	unvis					\
-	vasnprintf				\
-	vasprintf				\
-	vis					\
-
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:13070: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13076 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13113: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13116: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13119: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13122: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:13132: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-if test "$ac_cv_func_cgetent" = no; then
-	LIBOBJS="$LIBOBJS getcap.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:13152: checking for getsockopt" >&5
-echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6
-if test "${ac_cv_funclib_getsockopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 13170 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getsockopt(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13193: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13196: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13199: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13202: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getsockopt"
-
-if false; then
-
-for ac_func in getsockopt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:13225: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13231 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13268: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13271: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13274: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13277: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:13287: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getsockopt
-eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getsockopt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getsockopt=yes"
-	eval "LIB_getsockopt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:13311: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getsockopt=no"
-	eval "LIB_getsockopt="
-	echo "$as_me:13317: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getsockopt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:13331: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:13340: checking for setsockopt" >&5
-echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6
-if test "${ac_cv_funclib_setsockopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 13358 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-setsockopt(0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13381: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13384: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13387: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13390: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_setsockopt"
-
-if false; then
-
-for ac_func in setsockopt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:13413: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13419 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13456: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13459: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13462: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13465: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:13475: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# setsockopt
-eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_setsockopt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_setsockopt=yes"
-	eval "LIB_setsockopt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:13499: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_setsockopt=no"
-	eval "LIB_setsockopt="
-	echo "$as_me:13505: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_setsockopt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:13519: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-
-echo "$as_me:13530: checking for hstrerror" >&5
-echo $ECHO_N "checking for hstrerror... $ECHO_C" >&6
-if test "${ac_cv_funclib_hstrerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" resolv; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 13548 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-hstrerror(17)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13568: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13571: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13574: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13577: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_hstrerror"
-
-if false; then
-
-for ac_func in hstrerror
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:13600: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13606 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13643: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:13646: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13649: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13652: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:13662: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# hstrerror
-eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_hstrerror=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_hstrerror=yes"
-	eval "LIB_hstrerror="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:13686: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_hstrerror=no"
-	eval "LIB_hstrerror="
-	echo "$as_me:13692: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_hstrerror=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:13706: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_hstrerror"; then
-	LIBS="$LIB_hstrerror $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
-	LIBOBJS="$LIBOBJS hstrerror.$ac_objext"
-fi
-
-
-if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
-echo "$as_me:13722: checking if hstrerror needs a prototype" >&5
-echo $ECHO_N "checking if hstrerror needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_hstrerror_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13728 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int hstrerror (struct foo*);
-hstrerror(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13752: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13755: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13758: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13761: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_hstrerror_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_hstrerror_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:13771: result: $ac_cv_func_hstrerror_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_hstrerror_noproto" >&6
-if test "$ac_cv_func_hstrerror_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_HSTRERROR_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_asprintf+set" != set -o "$ac_cv_func_asprintf" = yes; then
-echo "$as_me:13785: checking if asprintf needs a prototype" >&5
-echo $ECHO_N "checking if asprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_asprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13791 "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int asprintf (struct foo*);
-asprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13814: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13817: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13820: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13823: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_asprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_asprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:13833: result: $ac_cv_func_asprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_asprintf_noproto" >&6
-if test "$ac_cv_func_asprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_ASPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vasprintf+set" != set -o "$ac_cv_func_vasprintf" = yes; then
-echo "$as_me:13845: checking if vasprintf needs a prototype" >&5
-echo $ECHO_N "checking if vasprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vasprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13851 "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vasprintf (struct foo*);
-vasprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13874: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13877: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13880: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13883: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vasprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vasprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:13893: result: $ac_cv_func_vasprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vasprintf_noproto" >&6
-if test "$ac_cv_func_vasprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VASPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_asnprintf+set" != set -o "$ac_cv_func_asnprintf" = yes; then
-echo "$as_me:13905: checking if asnprintf needs a prototype" >&5
-echo $ECHO_N "checking if asnprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_asnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13911 "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int asnprintf (struct foo*);
-asnprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13934: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13937: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13940: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:13943: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_asnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_asnprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:13953: result: $ac_cv_func_asnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_asnprintf_noproto" >&6
-if test "$ac_cv_func_asnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_ASNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vasnprintf+set" != set -o "$ac_cv_func_vasnprintf" = yes; then
-echo "$as_me:13965: checking if vasnprintf needs a prototype" >&5
-echo $ECHO_N "checking if vasnprintf needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 13971 "configure"
-#include "confdefs.h"
-
-	#include <stdio.h>
-	#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vasnprintf (struct foo*);
-vasnprintf(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13994: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:13997: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:14000: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14003: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vasnprintf_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vasnprintf_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:14013: result: $ac_cv_func_vasnprintf_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vasnprintf_noproto" >&6
-if test "$ac_cv_func_vasnprintf_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VASNPRINTF_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-
-echo "$as_me:14028: checking for bswap16" >&5
-echo $ECHO_N "checking for bswap16... $ECHO_C" >&6
-if test "${ac_cv_funclib_bswap16+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 14046 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-bswap16(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14066: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14069: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14072: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14075: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap16=$ac_lib; else ac_cv_funclib_bswap16=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_bswap16=\${ac_cv_funclib_bswap16-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_bswap16"
-
-if false; then
-
-for ac_func in bswap16
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:14098: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 14104 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14141: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14144: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14147: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14150: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:14160: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# bswap16
-eval "ac_tr_func=HAVE_`echo bswap16 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_bswap16=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_bswap16=yes"
-	eval "LIB_bswap16="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:14184: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_bswap16=no"
-	eval "LIB_bswap16="
-	echo "$as_me:14190: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_bswap16=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:14204: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-echo "$as_me:14214: checking for bswap32" >&5
-echo $ECHO_N "checking for bswap32... $ECHO_C" >&6
-if test "${ac_cv_funclib_bswap32+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 14232 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_BSWAP_H
-#include <sys/bswap.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-bswap32(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14252: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14255: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14258: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14261: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap32=$ac_lib; else ac_cv_funclib_bswap32=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_bswap32=\${ac_cv_funclib_bswap32-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_bswap32"
-
-if false; then
-
-for ac_func in bswap32
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:14284: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 14290 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14327: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14330: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14333: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14336: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:14346: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# bswap32
-eval "ac_tr_func=HAVE_`echo bswap32 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_bswap32=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_bswap32=yes"
-	eval "LIB_bswap32="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:14370: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_bswap32=no"
-	eval "LIB_bswap32="
-	echo "$as_me:14376: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_bswap32=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:14390: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-echo "$as_me:14400: checking for pidfile" >&5
-echo $ECHO_N "checking for pidfile... $ECHO_C" >&6
-if test "${ac_cv_funclib_pidfile+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 14418 "configure"
-#include "confdefs.h"
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-pidfile(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14438: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14441: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14444: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14447: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_pidfile=$ac_lib; else ac_cv_funclib_pidfile=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_pidfile=\${ac_cv_funclib_pidfile-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_pidfile"
-
-if false; then
-
-for ac_func in pidfile
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:14470: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 14476 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14513: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14516: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14519: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14522: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:14532: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# pidfile
-eval "ac_tr_func=HAVE_`echo pidfile | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_pidfile=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_pidfile=yes"
-	eval "LIB_pidfile="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:14556: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_pidfile=no"
-	eval "LIB_pidfile="
-	echo "$as_me:14562: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_pidfile=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:14576: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-
-echo "$as_me:14587: checking for getaddrinfo" >&5
-echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6
-if test "${ac_cv_funclib_getaddrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getaddrinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 14605 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getaddrinfo(0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14625: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14628: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14631: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14634: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getaddrinfo=$ac_lib; else ac_cv_funclib_getaddrinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getaddrinfo=\${ac_cv_funclib_getaddrinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getaddrinfo"
-
-if false; then
-
-for ac_func in getaddrinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:14657: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 14663 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14700: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14703: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14706: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14709: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:14719: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getaddrinfo
-eval "ac_tr_func=HAVE_`echo getaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getaddrinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getaddrinfo=yes"
-	eval "LIB_getaddrinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:14743: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getaddrinfo=no"
-	eval "LIB_getaddrinfo="
-	echo "$as_me:14749: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getaddrinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:14763: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_getaddrinfo"; then
-	LIBS="$LIB_getaddrinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_getaddrinfo\" != yes"; then
-	LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:14782: checking for getnameinfo" >&5
-echo $ECHO_N "checking for getnameinfo... $ECHO_C" >&6
-if test "${ac_cv_funclib_getnameinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getnameinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 14800 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getnameinfo(0,0,0,0,0,0,0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14820: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14823: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14826: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14829: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getnameinfo=$ac_lib; else ac_cv_funclib_getnameinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getnameinfo=\${ac_cv_funclib_getnameinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getnameinfo"
-
-if false; then
-
-for ac_func in getnameinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:14852: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 14858 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14895: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:14898: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14901: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:14904: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:14914: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getnameinfo
-eval "ac_tr_func=HAVE_`echo getnameinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getnameinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getnameinfo=yes"
-	eval "LIB_getnameinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:14938: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getnameinfo=no"
-	eval "LIB_getnameinfo="
-	echo "$as_me:14944: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getnameinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:14958: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_getnameinfo"; then
-	LIBS="$LIB_getnameinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_getnameinfo\" != yes"; then
-	LIBOBJS="$LIBOBJS getnameinfo.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:14977: checking for freeaddrinfo" >&5
-echo $ECHO_N "checking for freeaddrinfo... $ECHO_C" >&6
-if test "${ac_cv_funclib_freeaddrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_freeaddrinfo\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 14995 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-freeaddrinfo(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15015: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15018: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15021: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15024: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_freeaddrinfo=$ac_lib; else ac_cv_funclib_freeaddrinfo=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_freeaddrinfo=\${ac_cv_funclib_freeaddrinfo-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_freeaddrinfo"
-
-if false; then
-
-for ac_func in freeaddrinfo
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:15047: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15053 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15090: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15093: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15096: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15099: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15109: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# freeaddrinfo
-eval "ac_tr_func=HAVE_`echo freeaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_freeaddrinfo=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_freeaddrinfo=yes"
-	eval "LIB_freeaddrinfo="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:15133: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_freeaddrinfo=no"
-	eval "LIB_freeaddrinfo="
-	echo "$as_me:15139: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_freeaddrinfo=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:15153: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_freeaddrinfo"; then
-	LIBS="$LIB_freeaddrinfo $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_freeaddrinfo\" != yes"; then
-	LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
-fi
-
-
-
-
-
-
-echo "$as_me:15172: checking for gai_strerror" >&5
-echo $ECHO_N "checking for gai_strerror... $ECHO_C" >&6
-if test "${ac_cv_funclib_gai_strerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_gai_strerror\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 15190 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gai_strerror(0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15210: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15213: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15216: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15219: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_gai_strerror=$ac_lib; else ac_cv_funclib_gai_strerror=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_gai_strerror=\${ac_cv_funclib_gai_strerror-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_gai_strerror"
-
-if false; then
-
-for ac_func in gai_strerror
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:15242: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15248 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15285: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15288: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15291: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15294: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15304: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# gai_strerror
-eval "ac_tr_func=HAVE_`echo gai_strerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_gai_strerror=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_gai_strerror=yes"
-	eval "LIB_gai_strerror="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:15328: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_gai_strerror=no"
-	eval "LIB_gai_strerror="
-	echo "$as_me:15334: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_gai_strerror=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:15348: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_gai_strerror"; then
-	LIBS="$LIB_gai_strerror $LIBS"
-fi
-
-if eval "test \"$ac_cv_func_gai_strerror\" != yes"; then
-	LIBOBJS="$LIBOBJS gai_strerror.$ac_objext"
-fi
-
-
-echo "$as_me:15363: checking for chown" >&5
-echo $ECHO_N "checking for chown... $ECHO_C" >&6
-if test "${ac_cv_func_chown+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15369 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char chown (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char chown ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_chown) || defined (__stub___chown)
-choke me
-#else
-f = chown;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15406: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15409: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15412: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15415: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_chown=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_chown=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15425: result: $ac_cv_func_chown" >&5
-echo "${ECHO_T}$ac_cv_func_chown" >&6
-if test $ac_cv_func_chown = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_CHOWN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS chown.$ac_objext"
-fi
-echo "$as_me:15436: checking for copyhostent" >&5
-echo $ECHO_N "checking for copyhostent... $ECHO_C" >&6
-if test "${ac_cv_func_copyhostent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15442 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char copyhostent (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char copyhostent ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_copyhostent) || defined (__stub___copyhostent)
-choke me
-#else
-f = copyhostent;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15479: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15482: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15485: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15488: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_copyhostent=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_copyhostent=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15498: result: $ac_cv_func_copyhostent" >&5
-echo "${ECHO_T}$ac_cv_func_copyhostent" >&6
-if test $ac_cv_func_copyhostent = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_COPYHOSTENT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS copyhostent.$ac_objext"
-fi
-echo "$as_me:15509: checking for daemon" >&5
-echo $ECHO_N "checking for daemon... $ECHO_C" >&6
-if test "${ac_cv_func_daemon+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15515 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char daemon (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char daemon ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_daemon) || defined (__stub___daemon)
-choke me
-#else
-f = daemon;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15552: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15555: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15558: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15561: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_daemon=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_daemon=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15571: result: $ac_cv_func_daemon" >&5
-echo "${ECHO_T}$ac_cv_func_daemon" >&6
-if test $ac_cv_func_daemon = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DAEMON 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS daemon.$ac_objext"
-fi
-echo "$as_me:15582: checking for ecalloc" >&5
-echo $ECHO_N "checking for ecalloc... $ECHO_C" >&6
-if test "${ac_cv_func_ecalloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15588 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char ecalloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char ecalloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_ecalloc) || defined (__stub___ecalloc)
-choke me
-#else
-f = ecalloc;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15625: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15628: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15631: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15634: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_ecalloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_ecalloc=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15644: result: $ac_cv_func_ecalloc" >&5
-echo "${ECHO_T}$ac_cv_func_ecalloc" >&6
-if test $ac_cv_func_ecalloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ECALLOC 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS ecalloc.$ac_objext"
-fi
-echo "$as_me:15655: checking for emalloc" >&5
-echo $ECHO_N "checking for emalloc... $ECHO_C" >&6
-if test "${ac_cv_func_emalloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15661 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char emalloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char emalloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_emalloc) || defined (__stub___emalloc)
-choke me
-#else
-f = emalloc;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15698: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15701: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15704: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15707: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_emalloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_emalloc=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15717: result: $ac_cv_func_emalloc" >&5
-echo "${ECHO_T}$ac_cv_func_emalloc" >&6
-if test $ac_cv_func_emalloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_EMALLOC 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS emalloc.$ac_objext"
-fi
-echo "$as_me:15728: checking for erealloc" >&5
-echo $ECHO_N "checking for erealloc... $ECHO_C" >&6
-if test "${ac_cv_func_erealloc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15734 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char erealloc (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char erealloc ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_erealloc) || defined (__stub___erealloc)
-choke me
-#else
-f = erealloc;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15771: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15774: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15777: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15780: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_erealloc=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_erealloc=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15790: result: $ac_cv_func_erealloc" >&5
-echo "${ECHO_T}$ac_cv_func_erealloc" >&6
-if test $ac_cv_func_erealloc = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_EREALLOC 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS erealloc.$ac_objext"
-fi
-echo "$as_me:15801: checking for estrdup" >&5
-echo $ECHO_N "checking for estrdup... $ECHO_C" >&6
-if test "${ac_cv_func_estrdup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15807 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char estrdup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char estrdup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_estrdup) || defined (__stub___estrdup)
-choke me
-#else
-f = estrdup;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15844: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15847: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15850: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15853: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_estrdup=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_estrdup=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15863: result: $ac_cv_func_estrdup" >&5
-echo "${ECHO_T}$ac_cv_func_estrdup" >&6
-if test $ac_cv_func_estrdup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ESTRDUP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS estrdup.$ac_objext"
-fi
-echo "$as_me:15874: checking for err" >&5
-echo $ECHO_N "checking for err... $ECHO_C" >&6
-if test "${ac_cv_func_err+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15880 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char err (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char err ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_err) || defined (__stub___err)
-choke me
-#else
-f = err;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15917: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15920: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15923: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15926: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_err=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_err=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:15936: result: $ac_cv_func_err" >&5
-echo "${ECHO_T}$ac_cv_func_err" >&6
-if test $ac_cv_func_err = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ERR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS err.$ac_objext"
-fi
-echo "$as_me:15947: checking for errx" >&5
-echo $ECHO_N "checking for errx... $ECHO_C" >&6
-if test "${ac_cv_func_errx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 15953 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char errx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char errx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_errx) || defined (__stub___errx)
-choke me
-#else
-f = errx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:15990: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:15993: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:15996: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:15999: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_errx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_errx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16009: result: $ac_cv_func_errx" >&5
-echo "${ECHO_T}$ac_cv_func_errx" >&6
-if test $ac_cv_func_errx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ERRX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS errx.$ac_objext"
-fi
-echo "$as_me:16020: checking for fchown" >&5
-echo $ECHO_N "checking for fchown... $ECHO_C" >&6
-if test "${ac_cv_func_fchown+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16026 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char fchown (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char fchown ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_fchown) || defined (__stub___fchown)
-choke me
-#else
-f = fchown;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16063: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16066: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16069: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16072: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_fchown=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_fchown=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16082: result: $ac_cv_func_fchown" >&5
-echo "${ECHO_T}$ac_cv_func_fchown" >&6
-if test $ac_cv_func_fchown = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FCHOWN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS fchown.$ac_objext"
-fi
-echo "$as_me:16093: checking for flock" >&5
-echo $ECHO_N "checking for flock... $ECHO_C" >&6
-if test "${ac_cv_func_flock+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16099 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char flock (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char flock ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_flock) || defined (__stub___flock)
-choke me
-#else
-f = flock;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16136: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16139: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16142: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16145: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_flock=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_flock=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16155: result: $ac_cv_func_flock" >&5
-echo "${ECHO_T}$ac_cv_func_flock" >&6
-if test $ac_cv_func_flock = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FLOCK 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS flock.$ac_objext"
-fi
-echo "$as_me:16166: checking for fnmatch" >&5
-echo $ECHO_N "checking for fnmatch... $ECHO_C" >&6
-if test "${ac_cv_func_fnmatch+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16172 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char fnmatch (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char fnmatch ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_fnmatch) || defined (__stub___fnmatch)
-choke me
-#else
-f = fnmatch;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16209: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16212: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16215: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16218: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_fnmatch=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_fnmatch=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16228: result: $ac_cv_func_fnmatch" >&5
-echo "${ECHO_T}$ac_cv_func_fnmatch" >&6
-if test $ac_cv_func_fnmatch = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FNMATCH 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS fnmatch.$ac_objext"
-fi
-echo "$as_me:16239: checking for freehostent" >&5
-echo $ECHO_N "checking for freehostent... $ECHO_C" >&6
-if test "${ac_cv_func_freehostent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16245 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char freehostent (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char freehostent ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_freehostent) || defined (__stub___freehostent)
-choke me
-#else
-f = freehostent;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16282: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16285: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16288: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16291: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_freehostent=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_freehostent=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16301: result: $ac_cv_func_freehostent" >&5
-echo "${ECHO_T}$ac_cv_func_freehostent" >&6
-if test $ac_cv_func_freehostent = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_FREEHOSTENT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS freehostent.$ac_objext"
-fi
-echo "$as_me:16312: checking for getcwd" >&5
-echo $ECHO_N "checking for getcwd... $ECHO_C" >&6
-if test "${ac_cv_func_getcwd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16318 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getcwd (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getcwd ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getcwd) || defined (__stub___getcwd)
-choke me
-#else
-f = getcwd;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16355: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16358: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16361: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16364: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getcwd=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getcwd=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16374: result: $ac_cv_func_getcwd" >&5
-echo "${ECHO_T}$ac_cv_func_getcwd" >&6
-if test $ac_cv_func_getcwd = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETCWD 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getcwd.$ac_objext"
-fi
-echo "$as_me:16385: checking for getdtablesize" >&5
-echo $ECHO_N "checking for getdtablesize... $ECHO_C" >&6
-if test "${ac_cv_func_getdtablesize+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16391 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getdtablesize (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getdtablesize ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getdtablesize) || defined (__stub___getdtablesize)
-choke me
-#else
-f = getdtablesize;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16428: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16431: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16434: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16437: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getdtablesize=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getdtablesize=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16447: result: $ac_cv_func_getdtablesize" >&5
-echo "${ECHO_T}$ac_cv_func_getdtablesize" >&6
-if test $ac_cv_func_getdtablesize = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETDTABLESIZE 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getdtablesize.$ac_objext"
-fi
-echo "$as_me:16458: checking for getegid" >&5
-echo $ECHO_N "checking for getegid... $ECHO_C" >&6
-if test "${ac_cv_func_getegid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16464 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getegid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getegid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getegid) || defined (__stub___getegid)
-choke me
-#else
-f = getegid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16501: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16504: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16507: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16510: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getegid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getegid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16520: result: $ac_cv_func_getegid" >&5
-echo "${ECHO_T}$ac_cv_func_getegid" >&6
-if test $ac_cv_func_getegid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETEGID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getegid.$ac_objext"
-fi
-echo "$as_me:16531: checking for geteuid" >&5
-echo $ECHO_N "checking for geteuid... $ECHO_C" >&6
-if test "${ac_cv_func_geteuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16537 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char geteuid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char geteuid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_geteuid) || defined (__stub___geteuid)
-choke me
-#else
-f = geteuid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16574: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16577: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16580: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16583: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_geteuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_geteuid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16593: result: $ac_cv_func_geteuid" >&5
-echo "${ECHO_T}$ac_cv_func_geteuid" >&6
-if test $ac_cv_func_geteuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETEUID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS geteuid.$ac_objext"
-fi
-echo "$as_me:16604: checking for getgid" >&5
-echo $ECHO_N "checking for getgid... $ECHO_C" >&6
-if test "${ac_cv_func_getgid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16610 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getgid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getgid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getgid) || defined (__stub___getgid)
-choke me
-#else
-f = getgid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16647: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16650: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16653: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16656: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getgid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getgid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16666: result: $ac_cv_func_getgid" >&5
-echo "${ECHO_T}$ac_cv_func_getgid" >&6
-if test $ac_cv_func_getgid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETGID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getgid.$ac_objext"
-fi
-echo "$as_me:16677: checking for gethostname" >&5
-echo $ECHO_N "checking for gethostname... $ECHO_C" >&6
-if test "${ac_cv_func_gethostname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16683 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gethostname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_gethostname) || defined (__stub___gethostname)
-choke me
-#else
-f = gethostname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16720: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16723: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16726: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16729: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_gethostname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gethostname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16739: result: $ac_cv_func_gethostname" >&5
-echo "${ECHO_T}$ac_cv_func_gethostname" >&6
-if test $ac_cv_func_gethostname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETHOSTNAME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS gethostname.$ac_objext"
-fi
-echo "$as_me:16750: checking for getifaddrs" >&5
-echo $ECHO_N "checking for getifaddrs... $ECHO_C" >&6
-if test "${ac_cv_func_getifaddrs+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16756 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getifaddrs (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getifaddrs ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getifaddrs) || defined (__stub___getifaddrs)
-choke me
-#else
-f = getifaddrs;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16793: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16796: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16799: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16802: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getifaddrs=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getifaddrs=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16812: result: $ac_cv_func_getifaddrs" >&5
-echo "${ECHO_T}$ac_cv_func_getifaddrs" >&6
-if test $ac_cv_func_getifaddrs = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIFADDRS 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getifaddrs.$ac_objext"
-fi
-echo "$as_me:16823: checking for getipnodebyaddr" >&5
-echo $ECHO_N "checking for getipnodebyaddr... $ECHO_C" >&6
-if test "${ac_cv_func_getipnodebyaddr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16829 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getipnodebyaddr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getipnodebyaddr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getipnodebyaddr) || defined (__stub___getipnodebyaddr)
-choke me
-#else
-f = getipnodebyaddr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16866: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16869: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16872: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16875: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getipnodebyaddr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getipnodebyaddr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16885: result: $ac_cv_func_getipnodebyaddr" >&5
-echo "${ECHO_T}$ac_cv_func_getipnodebyaddr" >&6
-if test $ac_cv_func_getipnodebyaddr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIPNODEBYADDR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getipnodebyaddr.$ac_objext"
-fi
-echo "$as_me:16896: checking for getipnodebyname" >&5
-echo $ECHO_N "checking for getipnodebyname... $ECHO_C" >&6
-if test "${ac_cv_func_getipnodebyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16902 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getipnodebyname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getipnodebyname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getipnodebyname) || defined (__stub___getipnodebyname)
-choke me
-#else
-f = getipnodebyname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:16939: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:16942: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:16945: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:16948: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getipnodebyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getipnodebyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:16958: result: $ac_cv_func_getipnodebyname" >&5
-echo "${ECHO_T}$ac_cv_func_getipnodebyname" >&6
-if test $ac_cv_func_getipnodebyname = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETIPNODEBYNAME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getipnodebyname.$ac_objext"
-fi
-echo "$as_me:16969: checking for getopt" >&5
-echo $ECHO_N "checking for getopt... $ECHO_C" >&6
-if test "${ac_cv_func_getopt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 16975 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getopt (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getopt ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getopt) || defined (__stub___getopt)
-choke me
-#else
-f = getopt;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17012: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17015: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17018: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17021: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getopt=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getopt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17031: result: $ac_cv_func_getopt" >&5
-echo "${ECHO_T}$ac_cv_func_getopt" >&6
-if test $ac_cv_func_getopt = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETOPT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getopt.$ac_objext"
-fi
-echo "$as_me:17042: checking for gettimeofday" >&5
-echo $ECHO_N "checking for gettimeofday... $ECHO_C" >&6
-if test "${ac_cv_func_gettimeofday+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17048 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gettimeofday (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gettimeofday ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_gettimeofday) || defined (__stub___gettimeofday)
-choke me
-#else
-f = gettimeofday;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17085: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17088: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17091: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17094: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_gettimeofday=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gettimeofday=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17104: result: $ac_cv_func_gettimeofday" >&5
-echo "${ECHO_T}$ac_cv_func_gettimeofday" >&6
-if test $ac_cv_func_gettimeofday = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETTIMEOFDAY 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS gettimeofday.$ac_objext"
-fi
-echo "$as_me:17115: checking for getuid" >&5
-echo $ECHO_N "checking for getuid... $ECHO_C" >&6
-if test "${ac_cv_func_getuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17121 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getuid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getuid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getuid) || defined (__stub___getuid)
-choke me
-#else
-f = getuid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17158: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17161: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17164: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17167: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getuid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17177: result: $ac_cv_func_getuid" >&5
-echo "${ECHO_T}$ac_cv_func_getuid" >&6
-if test $ac_cv_func_getuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getuid.$ac_objext"
-fi
-echo "$as_me:17188: checking for getusershell" >&5
-echo $ECHO_N "checking for getusershell... $ECHO_C" >&6
-if test "${ac_cv_func_getusershell+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17194 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getusershell (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getusershell ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getusershell) || defined (__stub___getusershell)
-choke me
-#else
-f = getusershell;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17231: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17234: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17237: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17240: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getusershell=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getusershell=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17250: result: $ac_cv_func_getusershell" >&5
-echo "${ECHO_T}$ac_cv_func_getusershell" >&6
-if test $ac_cv_func_getusershell = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUSERSHELL 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS getusershell.$ac_objext"
-fi
-echo "$as_me:17261: checking for initgroups" >&5
-echo $ECHO_N "checking for initgroups... $ECHO_C" >&6
-if test "${ac_cv_func_initgroups+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17267 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char initgroups (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char initgroups ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_initgroups) || defined (__stub___initgroups)
-choke me
-#else
-f = initgroups;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17304: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17307: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17310: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17313: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_initgroups=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_initgroups=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17323: result: $ac_cv_func_initgroups" >&5
-echo "${ECHO_T}$ac_cv_func_initgroups" >&6
-if test $ac_cv_func_initgroups = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INITGROUPS 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS initgroups.$ac_objext"
-fi
-echo "$as_me:17334: checking for innetgr" >&5
-echo $ECHO_N "checking for innetgr... $ECHO_C" >&6
-if test "${ac_cv_func_innetgr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17340 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char innetgr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char innetgr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_innetgr) || defined (__stub___innetgr)
-choke me
-#else
-f = innetgr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17377: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17380: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17383: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17386: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_innetgr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_innetgr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17396: result: $ac_cv_func_innetgr" >&5
-echo "${ECHO_T}$ac_cv_func_innetgr" >&6
-if test $ac_cv_func_innetgr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INNETGR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS innetgr.$ac_objext"
-fi
-echo "$as_me:17407: checking for iruserok" >&5
-echo $ECHO_N "checking for iruserok... $ECHO_C" >&6
-if test "${ac_cv_func_iruserok+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17413 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char iruserok (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char iruserok ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_iruserok) || defined (__stub___iruserok)
-choke me
-#else
-f = iruserok;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17450: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17453: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17456: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17459: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_iruserok=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_iruserok=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17469: result: $ac_cv_func_iruserok" >&5
-echo "${ECHO_T}$ac_cv_func_iruserok" >&6
-if test $ac_cv_func_iruserok = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_IRUSEROK 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS iruserok.$ac_objext"
-fi
-echo "$as_me:17480: checking for localtime_r" >&5
-echo $ECHO_N "checking for localtime_r... $ECHO_C" >&6
-if test "${ac_cv_func_localtime_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17486 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char localtime_r (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char localtime_r ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_localtime_r) || defined (__stub___localtime_r)
-choke me
-#else
-f = localtime_r;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17523: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17526: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17529: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17532: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_localtime_r=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_localtime_r=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17542: result: $ac_cv_func_localtime_r" >&5
-echo "${ECHO_T}$ac_cv_func_localtime_r" >&6
-if test $ac_cv_func_localtime_r = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LOCALTIME_R 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS localtime_r.$ac_objext"
-fi
-echo "$as_me:17553: checking for lstat" >&5
-echo $ECHO_N "checking for lstat... $ECHO_C" >&6
-if test "${ac_cv_func_lstat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17559 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char lstat (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char lstat ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_lstat) || defined (__stub___lstat)
-choke me
-#else
-f = lstat;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17596: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17599: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17602: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17605: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_lstat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_lstat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17615: result: $ac_cv_func_lstat" >&5
-echo "${ECHO_T}$ac_cv_func_lstat" >&6
-if test $ac_cv_func_lstat = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LSTAT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS lstat.$ac_objext"
-fi
-echo "$as_me:17626: checking for memmove" >&5
-echo $ECHO_N "checking for memmove... $ECHO_C" >&6
-if test "${ac_cv_func_memmove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17632 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char memmove (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char memmove ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_memmove) || defined (__stub___memmove)
-choke me
-#else
-f = memmove;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17669: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17672: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17675: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17678: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_memmove=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_memmove=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17688: result: $ac_cv_func_memmove" >&5
-echo "${ECHO_T}$ac_cv_func_memmove" >&6
-if test $ac_cv_func_memmove = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_MEMMOVE 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS memmove.$ac_objext"
-fi
-echo "$as_me:17699: checking for mkstemp" >&5
-echo $ECHO_N "checking for mkstemp... $ECHO_C" >&6
-if test "${ac_cv_func_mkstemp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17705 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char mkstemp (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char mkstemp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_mkstemp) || defined (__stub___mkstemp)
-choke me
-#else
-f = mkstemp;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17742: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17745: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17748: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17751: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_mkstemp=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_mkstemp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17761: result: $ac_cv_func_mkstemp" >&5
-echo "${ECHO_T}$ac_cv_func_mkstemp" >&6
-if test $ac_cv_func_mkstemp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_MKSTEMP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS mkstemp.$ac_objext"
-fi
-echo "$as_me:17772: checking for putenv" >&5
-echo $ECHO_N "checking for putenv... $ECHO_C" >&6
-if test "${ac_cv_func_putenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17778 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char putenv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char putenv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_putenv) || defined (__stub___putenv)
-choke me
-#else
-f = putenv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17815: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17818: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17821: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17824: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_putenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_putenv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17834: result: $ac_cv_func_putenv" >&5
-echo "${ECHO_T}$ac_cv_func_putenv" >&6
-if test $ac_cv_func_putenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_PUTENV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS putenv.$ac_objext"
-fi
-echo "$as_me:17845: checking for rcmd" >&5
-echo $ECHO_N "checking for rcmd... $ECHO_C" >&6
-if test "${ac_cv_func_rcmd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17851 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char rcmd (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char rcmd ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_rcmd) || defined (__stub___rcmd)
-choke me
-#else
-f = rcmd;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17888: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17891: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17894: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17897: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_rcmd=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_rcmd=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17907: result: $ac_cv_func_rcmd" >&5
-echo "${ECHO_T}$ac_cv_func_rcmd" >&6
-if test $ac_cv_func_rcmd = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_RCMD 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS rcmd.$ac_objext"
-fi
-echo "$as_me:17918: checking for readv" >&5
-echo $ECHO_N "checking for readv... $ECHO_C" >&6
-if test "${ac_cv_func_readv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17924 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char readv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char readv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_readv) || defined (__stub___readv)
-choke me
-#else
-f = readv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:17961: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:17964: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:17967: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:17970: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_readv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_readv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:17980: result: $ac_cv_func_readv" >&5
-echo "${ECHO_T}$ac_cv_func_readv" >&6
-if test $ac_cv_func_readv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_READV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS readv.$ac_objext"
-fi
-echo "$as_me:17991: checking for recvmsg" >&5
-echo $ECHO_N "checking for recvmsg... $ECHO_C" >&6
-if test "${ac_cv_func_recvmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 17997 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char recvmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char recvmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_recvmsg) || defined (__stub___recvmsg)
-choke me
-#else
-f = recvmsg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18034: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18037: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18040: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18043: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_recvmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_recvmsg=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18053: result: $ac_cv_func_recvmsg" >&5
-echo "${ECHO_T}$ac_cv_func_recvmsg" >&6
-if test $ac_cv_func_recvmsg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_RECVMSG 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS recvmsg.$ac_objext"
-fi
-echo "$as_me:18064: checking for sendmsg" >&5
-echo $ECHO_N "checking for sendmsg... $ECHO_C" >&6
-if test "${ac_cv_func_sendmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18070 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char sendmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char sendmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_sendmsg) || defined (__stub___sendmsg)
-choke me
-#else
-f = sendmsg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18107: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18110: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18113: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18116: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_sendmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_sendmsg=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18126: result: $ac_cv_func_sendmsg" >&5
-echo "${ECHO_T}$ac_cv_func_sendmsg" >&6
-if test $ac_cv_func_sendmsg = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SENDMSG 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS sendmsg.$ac_objext"
-fi
-echo "$as_me:18137: checking for setegid" >&5
-echo $ECHO_N "checking for setegid... $ECHO_C" >&6
-if test "${ac_cv_func_setegid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18143 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setegid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setegid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setegid) || defined (__stub___setegid)
-choke me
-#else
-f = setegid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18180: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18183: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18186: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18189: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_setegid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_setegid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18199: result: $ac_cv_func_setegid" >&5
-echo "${ECHO_T}$ac_cv_func_setegid" >&6
-if test $ac_cv_func_setegid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETEGID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS setegid.$ac_objext"
-fi
-echo "$as_me:18210: checking for setenv" >&5
-echo $ECHO_N "checking for setenv... $ECHO_C" >&6
-if test "${ac_cv_func_setenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18216 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char setenv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char setenv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setenv) || defined (__stub___setenv)
-choke me
-#else
-f = setenv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18253: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18256: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18259: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18262: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_setenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_setenv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18272: result: $ac_cv_func_setenv" >&5
-echo "${ECHO_T}$ac_cv_func_setenv" >&6
-if test $ac_cv_func_setenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETENV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS setenv.$ac_objext"
-fi
-echo "$as_me:18283: checking for seteuid" >&5
-echo $ECHO_N "checking for seteuid... $ECHO_C" >&6
-if test "${ac_cv_func_seteuid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18289 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char seteuid (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char seteuid ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_seteuid) || defined (__stub___seteuid)
-choke me
-#else
-f = seteuid;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18326: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18329: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18332: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18335: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_seteuid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_seteuid=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18345: result: $ac_cv_func_seteuid" >&5
-echo "${ECHO_T}$ac_cv_func_seteuid" >&6
-if test $ac_cv_func_seteuid = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SETEUID 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS seteuid.$ac_objext"
-fi
-echo "$as_me:18356: checking for strcasecmp" >&5
-echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6
-if test "${ac_cv_func_strcasecmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18362 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strcasecmp (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strcasecmp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strcasecmp) || defined (__stub___strcasecmp)
-choke me
-#else
-f = strcasecmp;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18399: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18402: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18405: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18408: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strcasecmp=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strcasecmp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18418: result: $ac_cv_func_strcasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6
-if test $ac_cv_func_strcasecmp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRCASECMP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strcasecmp.$ac_objext"
-fi
-echo "$as_me:18429: checking for strdup" >&5
-echo $ECHO_N "checking for strdup... $ECHO_C" >&6
-if test "${ac_cv_func_strdup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18435 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strdup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strdup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strdup) || defined (__stub___strdup)
-choke me
-#else
-f = strdup;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18472: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18475: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18478: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18481: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strdup=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strdup=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18491: result: $ac_cv_func_strdup" >&5
-echo "${ECHO_T}$ac_cv_func_strdup" >&6
-if test $ac_cv_func_strdup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRDUP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strdup.$ac_objext"
-fi
-echo "$as_me:18502: checking for strerror" >&5
-echo $ECHO_N "checking for strerror... $ECHO_C" >&6
-if test "${ac_cv_func_strerror+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18508 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strerror (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strerror ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strerror) || defined (__stub___strerror)
-choke me
-#else
-f = strerror;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18545: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18548: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18551: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18554: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strerror=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strerror=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18564: result: $ac_cv_func_strerror" >&5
-echo "${ECHO_T}$ac_cv_func_strerror" >&6
-if test $ac_cv_func_strerror = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRERROR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strerror.$ac_objext"
-fi
-echo "$as_me:18575: checking for strftime" >&5
-echo $ECHO_N "checking for strftime... $ECHO_C" >&6
-if test "${ac_cv_func_strftime+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18581 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strftime (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strftime ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strftime) || defined (__stub___strftime)
-choke me
-#else
-f = strftime;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18618: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18621: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18624: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18627: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strftime=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strftime=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18637: result: $ac_cv_func_strftime" >&5
-echo "${ECHO_T}$ac_cv_func_strftime" >&6
-if test $ac_cv_func_strftime = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRFTIME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strftime.$ac_objext"
-fi
-echo "$as_me:18648: checking for strlcat" >&5
-echo $ECHO_N "checking for strlcat... $ECHO_C" >&6
-if test "${ac_cv_func_strlcat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18654 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlcat (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlcat ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlcat) || defined (__stub___strlcat)
-choke me
-#else
-f = strlcat;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18691: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18694: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18697: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18700: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strlcat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strlcat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18710: result: $ac_cv_func_strlcat" >&5
-echo "${ECHO_T}$ac_cv_func_strlcat" >&6
-if test $ac_cv_func_strlcat = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLCAT 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strlcat.$ac_objext"
-fi
-echo "$as_me:18721: checking for strlcpy" >&5
-echo $ECHO_N "checking for strlcpy... $ECHO_C" >&6
-if test "${ac_cv_func_strlcpy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18727 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlcpy (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlcpy ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlcpy) || defined (__stub___strlcpy)
-choke me
-#else
-f = strlcpy;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18764: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18767: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18770: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18773: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strlcpy=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strlcpy=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18783: result: $ac_cv_func_strlcpy" >&5
-echo "${ECHO_T}$ac_cv_func_strlcpy" >&6
-if test $ac_cv_func_strlcpy = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLCPY 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strlcpy.$ac_objext"
-fi
-echo "$as_me:18794: checking for strlwr" >&5
-echo $ECHO_N "checking for strlwr... $ECHO_C" >&6
-if test "${ac_cv_func_strlwr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18800 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strlwr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strlwr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strlwr) || defined (__stub___strlwr)
-choke me
-#else
-f = strlwr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18837: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18840: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18843: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18846: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strlwr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strlwr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18856: result: $ac_cv_func_strlwr" >&5
-echo "${ECHO_T}$ac_cv_func_strlwr" >&6
-if test $ac_cv_func_strlwr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRLWR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strlwr.$ac_objext"
-fi
-echo "$as_me:18867: checking for strncasecmp" >&5
-echo $ECHO_N "checking for strncasecmp... $ECHO_C" >&6
-if test "${ac_cv_func_strncasecmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18873 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strncasecmp (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strncasecmp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strncasecmp) || defined (__stub___strncasecmp)
-choke me
-#else
-f = strncasecmp;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18910: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18913: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18916: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18919: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strncasecmp=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strncasecmp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:18929: result: $ac_cv_func_strncasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strncasecmp" >&6
-if test $ac_cv_func_strncasecmp = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNCASECMP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strncasecmp.$ac_objext"
-fi
-echo "$as_me:18940: checking for strndup" >&5
-echo $ECHO_N "checking for strndup... $ECHO_C" >&6
-if test "${ac_cv_func_strndup+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 18946 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strndup (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strndup ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strndup) || defined (__stub___strndup)
-choke me
-#else
-f = strndup;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:18983: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:18986: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:18989: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:18992: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strndup=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strndup=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19002: result: $ac_cv_func_strndup" >&5
-echo "${ECHO_T}$ac_cv_func_strndup" >&6
-if test $ac_cv_func_strndup = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNDUP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strndup.$ac_objext"
-fi
-echo "$as_me:19013: checking for strnlen" >&5
-echo $ECHO_N "checking for strnlen... $ECHO_C" >&6
-if test "${ac_cv_func_strnlen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19019 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strnlen (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strnlen ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strnlen) || defined (__stub___strnlen)
-choke me
-#else
-f = strnlen;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19056: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19059: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19062: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19065: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strnlen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strnlen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19075: result: $ac_cv_func_strnlen" >&5
-echo "${ECHO_T}$ac_cv_func_strnlen" >&6
-if test $ac_cv_func_strnlen = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRNLEN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strnlen.$ac_objext"
-fi
-echo "$as_me:19086: checking for strptime" >&5
-echo $ECHO_N "checking for strptime... $ECHO_C" >&6
-if test "${ac_cv_func_strptime+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19092 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strptime (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strptime ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strptime) || defined (__stub___strptime)
-choke me
-#else
-f = strptime;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19129: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19132: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19135: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19138: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strptime=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strptime=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19148: result: $ac_cv_func_strptime" >&5
-echo "${ECHO_T}$ac_cv_func_strptime" >&6
-if test $ac_cv_func_strptime = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRPTIME 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strptime.$ac_objext"
-fi
-echo "$as_me:19159: checking for strsep" >&5
-echo $ECHO_N "checking for strsep... $ECHO_C" >&6
-if test "${ac_cv_func_strsep+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19165 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strsep ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strsep) || defined (__stub___strsep)
-choke me
-#else
-f = strsep;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19202: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19205: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19208: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19211: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strsep=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strsep=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19221: result: $ac_cv_func_strsep" >&5
-echo "${ECHO_T}$ac_cv_func_strsep" >&6
-if test $ac_cv_func_strsep = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRSEP 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strsep.$ac_objext"
-fi
-echo "$as_me:19232: checking for strsep_copy" >&5
-echo $ECHO_N "checking for strsep_copy... $ECHO_C" >&6
-if test "${ac_cv_func_strsep_copy+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19238 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strsep_copy (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strsep_copy ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strsep_copy) || defined (__stub___strsep_copy)
-choke me
-#else
-f = strsep_copy;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19275: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19278: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19281: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19284: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strsep_copy=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strsep_copy=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19294: result: $ac_cv_func_strsep_copy" >&5
-echo "${ECHO_T}$ac_cv_func_strsep_copy" >&6
-if test $ac_cv_func_strsep_copy = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRSEP_COPY 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strsep_copy.$ac_objext"
-fi
-echo "$as_me:19305: checking for strtok_r" >&5
-echo $ECHO_N "checking for strtok_r... $ECHO_C" >&6
-if test "${ac_cv_func_strtok_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19311 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strtok_r (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strtok_r ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strtok_r) || defined (__stub___strtok_r)
-choke me
-#else
-f = strtok_r;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19348: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19351: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19354: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19357: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strtok_r=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strtok_r=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19367: result: $ac_cv_func_strtok_r" >&5
-echo "${ECHO_T}$ac_cv_func_strtok_r" >&6
-if test $ac_cv_func_strtok_r = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRTOK_R 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strtok_r.$ac_objext"
-fi
-echo "$as_me:19378: checking for strupr" >&5
-echo $ECHO_N "checking for strupr... $ECHO_C" >&6
-if test "${ac_cv_func_strupr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19384 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char strupr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char strupr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_strupr) || defined (__stub___strupr)
-choke me
-#else
-f = strupr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19421: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19424: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19427: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19430: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_strupr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strupr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19440: result: $ac_cv_func_strupr" >&5
-echo "${ECHO_T}$ac_cv_func_strupr" >&6
-if test $ac_cv_func_strupr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUPR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS strupr.$ac_objext"
-fi
-echo "$as_me:19451: checking for swab" >&5
-echo $ECHO_N "checking for swab... $ECHO_C" >&6
-if test "${ac_cv_func_swab+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19457 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char swab (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char swab ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_swab) || defined (__stub___swab)
-choke me
-#else
-f = swab;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19494: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19497: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19500: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19503: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_swab=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_swab=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19513: result: $ac_cv_func_swab" >&5
-echo "${ECHO_T}$ac_cv_func_swab" >&6
-if test $ac_cv_func_swab = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SWAB 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS swab.$ac_objext"
-fi
-echo "$as_me:19524: checking for unsetenv" >&5
-echo $ECHO_N "checking for unsetenv... $ECHO_C" >&6
-if test "${ac_cv_func_unsetenv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19530 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char unsetenv (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char unsetenv ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_unsetenv) || defined (__stub___unsetenv)
-choke me
-#else
-f = unsetenv;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19567: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19570: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19573: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19576: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_unsetenv=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_unsetenv=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19586: result: $ac_cv_func_unsetenv" >&5
-echo "${ECHO_T}$ac_cv_func_unsetenv" >&6
-if test $ac_cv_func_unsetenv = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UNSETENV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS unsetenv.$ac_objext"
-fi
-echo "$as_me:19597: checking for verr" >&5
-echo $ECHO_N "checking for verr... $ECHO_C" >&6
-if test "${ac_cv_func_verr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19603 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char verr (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char verr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_verr) || defined (__stub___verr)
-choke me
-#else
-f = verr;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19640: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19643: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19646: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19649: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_verr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_verr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19659: result: $ac_cv_func_verr" >&5
-echo "${ECHO_T}$ac_cv_func_verr" >&6
-if test $ac_cv_func_verr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VERR 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS verr.$ac_objext"
-fi
-echo "$as_me:19670: checking for verrx" >&5
-echo $ECHO_N "checking for verrx... $ECHO_C" >&6
-if test "${ac_cv_func_verrx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19676 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char verrx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char verrx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_verrx) || defined (__stub___verrx)
-choke me
-#else
-f = verrx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19713: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19716: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19719: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19722: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_verrx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_verrx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19732: result: $ac_cv_func_verrx" >&5
-echo "${ECHO_T}$ac_cv_func_verrx" >&6
-if test $ac_cv_func_verrx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VERRX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS verrx.$ac_objext"
-fi
-echo "$as_me:19743: checking for vsyslog" >&5
-echo $ECHO_N "checking for vsyslog... $ECHO_C" >&6
-if test "${ac_cv_func_vsyslog+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19749 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vsyslog (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vsyslog ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vsyslog) || defined (__stub___vsyslog)
-choke me
-#else
-f = vsyslog;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19786: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19789: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19792: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19795: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_vsyslog=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_vsyslog=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19805: result: $ac_cv_func_vsyslog" >&5
-echo "${ECHO_T}$ac_cv_func_vsyslog" >&6
-if test $ac_cv_func_vsyslog = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VSYSLOG 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS vsyslog.$ac_objext"
-fi
-echo "$as_me:19816: checking for vwarn" >&5
-echo $ECHO_N "checking for vwarn... $ECHO_C" >&6
-if test "${ac_cv_func_vwarn+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19822 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vwarn (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vwarn ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vwarn) || defined (__stub___vwarn)
-choke me
-#else
-f = vwarn;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19859: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19862: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19865: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19868: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_vwarn=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_vwarn=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19878: result: $ac_cv_func_vwarn" >&5
-echo "${ECHO_T}$ac_cv_func_vwarn" >&6
-if test $ac_cv_func_vwarn = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VWARN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS vwarn.$ac_objext"
-fi
-echo "$as_me:19889: checking for vwarnx" >&5
-echo $ECHO_N "checking for vwarnx... $ECHO_C" >&6
-if test "${ac_cv_func_vwarnx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19895 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char vwarnx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char vwarnx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_vwarnx) || defined (__stub___vwarnx)
-choke me
-#else
-f = vwarnx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:19932: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:19935: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:19938: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:19941: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_vwarnx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_vwarnx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:19951: result: $ac_cv_func_vwarnx" >&5
-echo "${ECHO_T}$ac_cv_func_vwarnx" >&6
-if test $ac_cv_func_vwarnx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_VWARNX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS vwarnx.$ac_objext"
-fi
-echo "$as_me:19962: checking for warn" >&5
-echo $ECHO_N "checking for warn... $ECHO_C" >&6
-if test "${ac_cv_func_warn+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 19968 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char warn (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char warn ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_warn) || defined (__stub___warn)
-choke me
-#else
-f = warn;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20005: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20008: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:20011: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20014: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_warn=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_warn=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:20024: result: $ac_cv_func_warn" >&5
-echo "${ECHO_T}$ac_cv_func_warn" >&6
-if test $ac_cv_func_warn = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WARN 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS warn.$ac_objext"
-fi
-echo "$as_me:20035: checking for warnx" >&5
-echo $ECHO_N "checking for warnx... $ECHO_C" >&6
-if test "${ac_cv_func_warnx+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20041 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char warnx (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char warnx ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_warnx) || defined (__stub___warnx)
-choke me
-#else
-f = warnx;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20078: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20081: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:20084: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20087: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_warnx=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_warnx=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:20097: result: $ac_cv_func_warnx" >&5
-echo "${ECHO_T}$ac_cv_func_warnx" >&6
-if test $ac_cv_func_warnx = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WARNX 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS warnx.$ac_objext"
-fi
-echo "$as_me:20108: checking for writev" >&5
-echo $ECHO_N "checking for writev... $ECHO_C" >&6
-if test "${ac_cv_func_writev+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20114 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char writev (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char writev ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_writev) || defined (__stub___writev)
-choke me
-#else
-f = writev;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20151: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20154: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:20157: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20160: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_writev=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_writev=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:20170: result: $ac_cv_func_writev" >&5
-echo "${ECHO_T}$ac_cv_func_writev" >&6
-if test $ac_cv_func_writev = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_WRITEV 1
-_ACEOF
-
-else
-  LIBOBJS="$LIBOBJS writev.$ac_objext"
-fi
-
-
-
-if test "$ac_cv_func_strndup+set" != set -o "$ac_cv_func_strndup" = yes; then
-echo "$as_me:20185: checking if strndup needs a prototype" >&5
-echo $ECHO_N "checking if strndup needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strndup_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20191 "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strndup (struct foo*);
-strndup(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20212: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20215: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20218: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20221: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strndup_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strndup_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20231: result: $ac_cv_func_strndup_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strndup_noproto" >&6
-if test "$ac_cv_func_strndup_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRNDUP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
-echo "$as_me:20243: checking if strsep needs a prototype" >&5
-echo $ECHO_N "checking if strsep needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strsep_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20249 "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strsep (struct foo*);
-strsep(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20270: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20273: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20276: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20279: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strsep_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strsep_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20289: result: $ac_cv_func_strsep_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strsep_noproto" >&6
-if test "$ac_cv_func_strsep_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRSEP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
-echo "$as_me:20301: checking if strtok_r needs a prototype" >&5
-echo $ECHO_N "checking if strtok_r needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strtok_r_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20307 "configure"
-#include "confdefs.h"
-#include <string.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strtok_r (struct foo*);
-strtok_r(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20328: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20331: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20334: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20337: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strtok_r_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strtok_r_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20347: result: $ac_cv_func_strtok_r_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strtok_r_noproto" >&6
-if test "$ac_cv_func_strtok_r_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRTOK_R_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_strsvis+set" != set -o "$ac_cv_func_strsvis" = yes; then
-echo "$as_me:20361: checking if strsvis needs a prototype" >&5
-echo $ECHO_N "checking if strsvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strsvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20367 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strsvis (struct foo*);
-strsvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20390: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20393: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20396: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20399: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strsvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strsvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20409: result: $ac_cv_func_strsvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strsvis_noproto" >&6
-if test "$ac_cv_func_strsvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRSVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strunvis+set" != set -o "$ac_cv_func_strunvis" = yes; then
-echo "$as_me:20421: checking if strunvis needs a prototype" >&5
-echo $ECHO_N "checking if strunvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strunvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20427 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strunvis (struct foo*);
-strunvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20450: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20453: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20456: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20459: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strunvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strunvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20469: result: $ac_cv_func_strunvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strunvis_noproto" >&6
-if test "$ac_cv_func_strunvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRUNVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strvis+set" != set -o "$ac_cv_func_strvis" = yes; then
-echo "$as_me:20481: checking if strvis needs a prototype" >&5
-echo $ECHO_N "checking if strvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20487 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strvis (struct foo*);
-strvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20510: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20513: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20516: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20519: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20529: result: $ac_cv_func_strvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strvis_noproto" >&6
-if test "$ac_cv_func_strvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_strvisx+set" != set -o "$ac_cv_func_strvisx" = yes; then
-echo "$as_me:20541: checking if strvisx needs a prototype" >&5
-echo $ECHO_N "checking if strvisx needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_strvisx_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20547 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int strvisx (struct foo*);
-strvisx(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20570: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20573: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20576: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20579: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_strvisx_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_strvisx_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20589: result: $ac_cv_func_strvisx_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_strvisx_noproto" >&6
-if test "$ac_cv_func_strvisx_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_STRVISX_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_svis+set" != set -o "$ac_cv_func_svis" = yes; then
-echo "$as_me:20601: checking if svis needs a prototype" >&5
-echo $ECHO_N "checking if svis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_svis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20607 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int svis (struct foo*);
-svis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20630: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20633: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20636: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20639: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_svis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_svis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20649: result: $ac_cv_func_svis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_svis_noproto" >&6
-if test "$ac_cv_func_svis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_unvis+set" != set -o "$ac_cv_func_unvis" = yes; then
-echo "$as_me:20661: checking if unvis needs a prototype" >&5
-echo $ECHO_N "checking if unvis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_unvis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20667 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int unvis (struct foo*);
-unvis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20690: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20693: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20696: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20699: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_unvis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_unvis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20709: result: $ac_cv_func_unvis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_unvis_noproto" >&6
-if test "$ac_cv_func_unvis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_UNVIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-if test "$ac_cv_func_vis+set" != set -o "$ac_cv_func_vis" = yes; then
-echo "$as_me:20721: checking if vis needs a prototype" >&5
-echo $ECHO_N "checking if vis needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_vis_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20727 "configure"
-#include "confdefs.h"
-#ifdef HAVE_VIS_H
-#include <vis.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int vis (struct foo*);
-vis(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:20750: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:20753: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:20756: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20759: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_vis_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_vis_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:20769: result: $ac_cv_func_vis_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_vis_noproto" >&6
-if test "$ac_cv_func_vis_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_VIS_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-echo "$as_me:20781: checking for inet_aton" >&5
-echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6
-if test "${ac_cv_func_inet_aton+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20787 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_aton) || defined (__stub___inet_aton)
-choke me
-#else
-inet_aton(0,0)
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20825: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20828: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:20831: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20834: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_aton=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_aton=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_aton}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_ATON 1
-_ACEOF
-
-  echo "$as_me:20851: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:20854: result: no" >&5
-echo "${ECHO_T}no" >&6
-  LIBOBJS="$LIBOBJS inet_aton.$ac_objext"
-fi
-
-echo "$as_me:20859: checking for inet_ntop" >&5
-echo $ECHO_N "checking for inet_ntop... $ECHO_C" >&6
-if test "${ac_cv_func_inet_ntop+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20865 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_ntop) || defined (__stub___inet_ntop)
-choke me
-#else
-inet_ntop(0, 0, 0, 0)
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20903: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20906: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:20909: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20912: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_ntop=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_ntop=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_ntop}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_NTOP 1
-_ACEOF
-
-  echo "$as_me:20929: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:20932: result: no" >&5
-echo "${ECHO_T}no" >&6
-  LIBOBJS="$LIBOBJS inet_ntop.$ac_objext"
-fi
-
-echo "$as_me:20937: checking for inet_pton" >&5
-echo $ECHO_N "checking for inet_pton... $ECHO_C" >&6
-if test "${ac_cv_func_inet_pton+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 20943 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_inet_pton) || defined (__stub___inet_pton)
-choke me
-#else
-inet_pton(0,0,0)
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:20981: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:20984: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:20987: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:20990: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_pton=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_pton=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-
-if eval "test \"\${ac_cv_func_inet_pton}\" = yes"; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INET_PTON 1
-_ACEOF
-
-  echo "$as_me:21007: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
-  echo "$as_me:21010: result: no" >&5
-echo "${ECHO_T}no" >&6
-  LIBOBJS="$LIBOBJS inet_pton.$ac_objext"
-fi
-
-
-
-echo "$as_me:21017: checking for sa_len in struct sockaddr" >&5
-echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6
-if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 21024 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct sockaddr x; x.sa_len;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21043: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21046: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21049: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21052: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_sockaddr_sa_len=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_sa_len=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21062: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6
-if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
-_ACEOF
-
-
-fi
-
-
-
-if test "$ac_cv_func_getnameinfo" = "yes"; then
-
-echo "$as_me:21078: checking if getnameinfo is broken" >&5
-echo $ECHO_N "checking if getnameinfo is broken... $ECHO_C" >&6
-if test "${ac_cv_func_getnameinfo_broken+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:21084: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21089 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-  struct sockaddr_in sin;
-  char host[256];
-  memset(&sin, 0, sizeof(sin));
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-  sin.sin_len = sizeof(sin);
-#endif
-  sin.sin_family = AF_INET;
-  sin.sin_addr.s_addr = 0xffffffff;
-  sin.sin_port = 0;
-  return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
-	      NULL, 0, 0);
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:21115: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21118: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:21120: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21123: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getnameinfo_broken=no
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getnameinfo_broken=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:21136: result: $ac_cv_func_getnameinfo_broken" >&5
-echo "${ECHO_T}$ac_cv_func_getnameinfo_broken" >&6
-  if test "$ac_cv_func_getnameinfo_broken" = yes; then
-	LIBOBJS="$LIBOBJS getnameinfo.$ac_objext"
-  fi
-fi
-
-if test "$ac_cv_func_getaddrinfo" = "yes"; then
-
-echo "$as_me:21145: checking if getaddrinfo handles numeric services" >&5
-echo $ECHO_N "checking if getaddrinfo handles numeric services... $ECHO_C" >&6
-if test "${ac_cv_func_getaddrinfo_numserv+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:21151: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21156 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
-	struct addrinfo hints, *ai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-	if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
-		return 1;
-	return 0;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:21178: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21181: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:21183: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21186: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getaddrinfo_numserv=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getaddrinfo_numserv=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:21199: result: $ac_cv_func_getaddrinfo_numserv" >&5
-echo "${ECHO_T}$ac_cv_func_getaddrinfo_numserv" >&6
-  if test "$ac_cv_func_getaddrinfo_numserv" = no; then
-	LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
-	LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
-  fi
-fi
-
-
-if test "$ac_cv_func_setenv+set" != set -o "$ac_cv_func_setenv" = yes; then
-echo "$as_me:21209: checking if setenv needs a prototype" >&5
-echo $ECHO_N "checking if setenv needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_setenv_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21215 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int setenv (struct foo*);
-setenv(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21236: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21239: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21242: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21245: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_setenv_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_setenv_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21255: result: $ac_cv_func_setenv_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_setenv_noproto" >&6
-if test "$ac_cv_func_setenv_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_SETENV_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_unsetenv+set" != set -o "$ac_cv_func_unsetenv" = yes; then
-echo "$as_me:21268: checking if unsetenv needs a prototype" >&5
-echo $ECHO_N "checking if unsetenv needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_unsetenv_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21274 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int unsetenv (struct foo*);
-unsetenv(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21295: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21298: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21301: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21304: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_unsetenv_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_unsetenv_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21314: result: $ac_cv_func_unsetenv_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_unsetenv_noproto" >&6
-if test "$ac_cv_func_unsetenv_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_UNSETENV_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
-echo "$as_me:21327: checking if gethostname needs a prototype" >&5
-echo $ECHO_N "checking if gethostname needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_gethostname_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21333 "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int gethostname (struct foo*);
-gethostname(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21354: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21357: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21360: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21363: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_gethostname_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostname_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21373: result: $ac_cv_func_gethostname_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_gethostname_noproto" >&6
-if test "$ac_cv_func_gethostname_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GETHOSTNAME_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
-echo "$as_me:21386: checking if mkstemp needs a prototype" >&5
-echo $ECHO_N "checking if mkstemp needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_mkstemp_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21392 "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int mkstemp (struct foo*);
-mkstemp(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21413: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21416: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21419: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21422: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_mkstemp_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_mkstemp_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21432: result: $ac_cv_func_mkstemp_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_mkstemp_noproto" >&6
-if test "$ac_cv_func_mkstemp_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_MKSTEMP_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
-echo "$as_me:21445: checking if getusershell needs a prototype" >&5
-echo $ECHO_N "checking if getusershell needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_getusershell_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21451 "configure"
-#include "confdefs.h"
-#include <unistd.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int getusershell (struct foo*);
-getusershell(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21472: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21475: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21478: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21481: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_getusershell_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getusershell_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21491: result: $ac_cv_func_getusershell_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_getusershell_noproto" >&6
-if test "$ac_cv_func_getusershell_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_GETUSERSHELL_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
-echo "$as_me:21505: checking if inet_aton needs a prototype" >&5
-echo $ECHO_N "checking if inet_aton needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_inet_aton_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21511 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int inet_aton (struct foo*);
-inet_aton(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21544: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21547: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21550: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21553: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_inet_aton_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_inet_aton_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21563: result: $ac_cv_func_inet_aton_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_inet_aton_noproto" >&6
-if test "$ac_cv_func_inet_aton_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_INET_ATON_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-
-echo "$as_me:21578: checking for crypt" >&5
-echo $ECHO_N "checking for crypt... $ECHO_C" >&6
-if test "${ac_cv_funclib_crypt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" crypt; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 21596 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-crypt()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21614: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21617: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:21620: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21623: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_crypt"
-
-if false; then
-
-for ac_func in crypt
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:21646: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21652 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:21689: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:21692: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:21695: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21698: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:21708: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# crypt
-eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_crypt=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_crypt=yes"
-	eval "LIB_crypt="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:21732: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_crypt=no"
-	eval "LIB_crypt="
-	echo "$as_me:21738: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_crypt=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:21752: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-echo "$as_me:21762: checking if gethostbyname is compatible with system prototype" >&5
-echo $ECHO_N "checking if gethostbyname is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21768 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct hostent *gethostbyname(const char *);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21802: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21805: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21808: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21811: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_gethostbyname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostbyname_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21821: result: $ac_cv_func_gethostbyname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyname_proto_compat" >&6
-
-if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:21835: checking if gethostbyaddr is compatible with system prototype" >&5
-echo $ECHO_N "checking if gethostbyaddr is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21841 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct hostent *gethostbyaddr(const void *, size_t, int);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21875: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21878: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21881: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21884: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_gethostbyaddr_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21894: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyaddr_proto_compat" >&6
-
-if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:21908: checking if getservbyname is compatible with system prototype" >&5
-echo $ECHO_N "checking if getservbyname is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21914 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct servent *getservbyname(const char *, const char *);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:21948: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:21951: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:21954: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:21957: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_getservbyname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getservbyname_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:21967: result: $ac_cv_func_getservbyname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_getservbyname_proto_compat" >&6
-
-if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETSERVBYNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:21981: checking if getsockname is compatible with system prototype" >&5
-echo $ECHO_N "checking if getsockname is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 21987 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-int getsockname(int, struct sockaddr*, socklen_t*);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22012: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22015: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22018: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22021: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_getsockname_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_getsockname_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:22031: result: $ac_cv_func_getsockname_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_getsockname_proto_compat" >&6
-
-if test "$ac_cv_func_getsockname_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define GETSOCKNAME_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:22045: checking if openlog is compatible with system prototype" >&5
-echo $ECHO_N "checking if openlog is compatible with system prototype... $ECHO_C" >&6
-if test "${ac_cv_func_openlog_proto_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 22051 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-void openlog(const char *, int, int);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22073: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22076: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22079: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22082: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_openlog_proto_compat=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_openlog_proto_compat=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:22092: result: $ac_cv_func_openlog_proto_compat" >&5
-echo "${ECHO_T}$ac_cv_func_openlog_proto_compat" >&6
-
-if test "$ac_cv_func_openlog_proto_compat" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OPENLOG_PROTO_COMPATIBLE 1
-_ACEOF
-
-fi
-
-
-
-
-if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
-echo "$as_me:22107: checking if crypt needs a prototype" >&5
-echo $ECHO_N "checking if crypt needs a prototype... $ECHO_C" >&6
-if test "${ac_cv_func_crypt_noproto+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 22113 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct foo { int foo; } xx;
-extern int crypt (struct foo*);
-crypt(&xx);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22141: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22144: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22147: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22150: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_func_crypt_noproto=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_func_crypt_noproto=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:22160: result: $ac_cv_func_crypt_noproto" >&5
-echo "${ECHO_T}$ac_cv_func_crypt_noproto" >&6
-if test "$ac_cv_func_crypt_noproto" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define NEED_CRYPT_PROTO 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-echo "$as_me:22174: checking for h_errno" >&5
-echo $ECHO_N "checking for h_errno... $ECHO_C" >&6
-if test "${ac_cv_var_h_errno+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22181 "configure"
-#include "confdefs.h"
-extern int h_errno;
-int foo() { return h_errno; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:22200: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:22203: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:22206: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22209: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_errno=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errno=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_errno`
-echo "$as_me:22222: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_ERRNO 1
-_ACEOF
-
-
-echo "$as_me:22231: checking if h_errno is properly declared" >&5
-echo $ECHO_N "checking if h_errno is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_h_errno_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22238 "configure"
-#include "confdefs.h"
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_errno;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_errno.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22262: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22265: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22268: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22271: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_h_errno_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_errno_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22286: result: $ac_cv_var_h_errno_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_h_errno_declaration" >&6
-if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_H_ERRNO_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:22301: checking for h_errlist" >&5
-echo $ECHO_N "checking for h_errlist... $ECHO_C" >&6
-if test "${ac_cv_var_h_errlist+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22308 "configure"
-#include "confdefs.h"
-extern int h_errlist;
-int foo() { return h_errlist; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:22327: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:22330: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:22333: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22336: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_errlist=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_errlist=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_errlist`
-echo "$as_me:22349: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_ERRLIST 1
-_ACEOF
-
-
-echo "$as_me:22358: checking if h_errlist is properly declared" >&5
-echo $ECHO_N "checking if h_errlist is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_h_errlist_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22365 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_errlist;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_errlist.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22386: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22389: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22392: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22395: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_h_errlist_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_errlist_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22410: result: $ac_cv_var_h_errlist_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_h_errlist_declaration" >&6
-if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_H_ERRLIST_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:22425: checking for h_nerr" >&5
-echo $ECHO_N "checking for h_nerr... $ECHO_C" >&6
-if test "${ac_cv_var_h_nerr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22432 "configure"
-#include "confdefs.h"
-extern int h_nerr;
-int foo() { return h_nerr; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:22451: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:22454: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:22457: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22460: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_h_nerr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_h_nerr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_h_nerr`
-echo "$as_me:22473: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_H_NERR 1
-_ACEOF
-
-
-echo "$as_me:22482: checking if h_nerr is properly declared" >&5
-echo $ECHO_N "checking if h_nerr is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_h_nerr_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22489 "configure"
-#include "confdefs.h"
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-extern struct { int foo; } h_nerr;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-h_nerr.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22510: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22513: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22516: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22519: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_h_nerr_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_h_nerr_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22534: result: $ac_cv_var_h_nerr_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_h_nerr_declaration" >&6
-if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_H_NERR_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:22549: checking for __progname" >&5
-echo $ECHO_N "checking for __progname... $ECHO_C" >&6
-if test "${ac_cv_var___progname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22556 "configure"
-#include "confdefs.h"
-extern int __progname;
-int foo() { return __progname; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:22575: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:22578: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:22581: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22584: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var___progname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var___progname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var___progname`
-echo "$as_me:22597: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE___PROGNAME 1
-_ACEOF
-
-
-echo "$as_me:22606: checking if __progname is properly declared" >&5
-echo $ECHO_N "checking if __progname is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var___progname_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22613 "configure"
-#include "confdefs.h"
-#ifdef HAVE_ERR_H
-#include <err.h>
-#endif
-extern struct { int foo; } __progname;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-__progname.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22634: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22637: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22640: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22643: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var___progname_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var___progname_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22658: result: $ac_cv_var___progname_declaration" >&5
-echo "${ECHO_T}$ac_cv_var___progname_declaration" >&6
-if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE___PROGNAME_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-echo "$as_me:22673: checking if optarg is properly declared" >&5
-echo $ECHO_N "checking if optarg is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_optarg_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22680 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optarg;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optarg.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22702: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22705: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22708: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22711: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_optarg_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optarg_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22726: result: $ac_cv_var_optarg_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_optarg_declaration" >&6
-if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTARG_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:22738: checking if optind is properly declared" >&5
-echo $ECHO_N "checking if optind is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_optind_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22745 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optind;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optind.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22767: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22770: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22773: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22776: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_optind_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optind_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22791: result: $ac_cv_var_optind_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_optind_declaration" >&6
-if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTIND_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:22803: checking if opterr is properly declared" >&5
-echo $ECHO_N "checking if opterr is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_opterr_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22810 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } opterr;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-opterr.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22832: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22835: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22838: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22841: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_opterr_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_opterr_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22856: result: $ac_cv_var_opterr_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_opterr_declaration" >&6
-if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTERR_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:22868: checking if optopt is properly declared" >&5
-echo $ECHO_N "checking if optopt is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_optopt_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22875 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-extern struct { int foo; } optopt;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-optopt.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22897: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22900: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22903: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22906: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_optopt_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_optopt_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22921: result: $ac_cv_var_optopt_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_optopt_declaration" >&6
-if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPTOPT_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:22934: checking if environ is properly declared" >&5
-echo $ECHO_N "checking if environ is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_environ_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 22941 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-extern struct { int foo; } environ;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-environ.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:22960: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:22963: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:22966: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:22969: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_environ_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_environ_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:22984: result: $ac_cv_var_environ_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_environ_declaration" >&6
-if eval "test \"\$ac_cv_var_environ_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_ENVIRON_DECLARATION 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-echo "$as_me:22999: checking for tm_gmtoff in struct tm" >&5
-echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6
-if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 23006 "configure"
-#include "confdefs.h"
-#include <time.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct tm x; x.tm_gmtoff;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23024: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23027: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23030: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23033: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_tm_tm_gmtoff=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_gmtoff=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23043: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
-echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6
-if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_TM_TM_GMTOFF 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:23058: checking for tm_zone in struct tm" >&5
-echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6
-if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 23065 "configure"
-#include "confdefs.h"
-#include <time.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct tm x; x.tm_zone;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23083: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23086: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23089: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23092: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_tm_tm_zone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_tm_tm_zone=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23102: result: $ac_cv_type_struct_tm_tm_zone" >&5
-echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6
-if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_TM_TM_ZONE 1
-_ACEOF
-
-
-fi
-
-
-
-
-
-echo "$as_me:23118: checking for timezone" >&5
-echo $ECHO_N "checking for timezone... $ECHO_C" >&6
-if test "${ac_cv_var_timezone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 23125 "configure"
-#include "confdefs.h"
-extern int timezone;
-int foo() { return timezone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:23144: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:23147: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:23150: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23153: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_timezone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_timezone=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_timezone`
-echo "$as_me:23166: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_TIMEZONE 1
-_ACEOF
-
-
-echo "$as_me:23175: checking if timezone is properly declared" >&5
-echo $ECHO_N "checking if timezone is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_timezone_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 23182 "configure"
-#include "confdefs.h"
-#include <time.h>
-extern struct { int foo; } timezone;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-timezone.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23201: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23204: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23207: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23210: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_timezone_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_timezone_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:23225: result: $ac_cv_var_timezone_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_timezone_declaration" >&6
-if eval "test \"\$ac_cv_var_timezone_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_TIMEZONE_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-echo "$as_me:23239: checking for altzone" >&5
-echo $ECHO_N "checking for altzone... $ECHO_C" >&6
-if test "${ac_cv_var_altzone+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 23246 "configure"
-#include "confdefs.h"
-extern int altzone;
-int foo() { return altzone; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-foo()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:23265: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:23268: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:23271: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23274: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_var_altzone=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_var_altzone=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-
-ac_foo=`eval echo \\$ac_cv_var_altzone`
-echo "$as_me:23287: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_ALTZONE 1
-_ACEOF
-
-
-echo "$as_me:23296: checking if altzone is properly declared" >&5
-echo $ECHO_N "checking if altzone is properly declared... $ECHO_C" >&6
-if test "${ac_cv_var_altzone_declaration+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 23303 "configure"
-#include "confdefs.h"
-#include <time.h>
-extern struct { int foo; } altzone;
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-altzone.foo = 1;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23322: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23325: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23328: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23331: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_var_altzone_declaration=no"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_var_altzone_declaration=yes"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-
-
-
-echo "$as_me:23346: result: $ac_cv_var_altzone_declaration" >&5
-echo "${ECHO_T}$ac_cv_var_altzone_declaration" >&6
-if eval "test \"\$ac_cv_var_altzone_declaration\" = yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_ALTZONE_DECLARATION 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-
-
-cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:23363: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23369 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-sa_family_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23392: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23395: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23398: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23401: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:23412: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:23417: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
-if test "${ac_cv_type_sa_family_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23423 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((sa_family_t *) 0)
-  return 0;
-if (sizeof (sa_family_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23444: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23447: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23450: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23453: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_sa_family_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_sa_family_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23463: result: $ac_cv_type_sa_family_t" >&5
-echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6
-if test $ac_cv_type_sa_family_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SA_FAMILY_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
-echo "$as_me:23485: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23491 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-socklen_t foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23514: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23517: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23520: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23523: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:23534: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:23539: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
-if test "${ac_cv_type_socklen_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23545 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((socklen_t *) 0)
-  return 0;
-if (sizeof (socklen_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23566: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23569: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23572: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23575: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_socklen_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_socklen_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23585: result: $ac_cv_type_socklen_t" >&5
-echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
-if test $ac_cv_type_socklen_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SOCKLEN_T 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'`
-echo "$as_me:23607: checking for struct sockaddr" >&5
-echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23613 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct sockaddr foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23636: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23639: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23642: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23645: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:23656: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:23661: checking for struct sockaddr" >&5
-echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6
-if test "${ac_cv_type_struct_sockaddr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23667 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct sockaddr *) 0)
-  return 0;
-if (sizeof (struct sockaddr))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23688: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23691: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23694: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23697: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_sockaddr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23707: result: $ac_cv_type_struct_sockaddr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6
-if test $ac_cv_type_struct_sockaddr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SOCKADDR 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
-echo "$as_me:23729: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23735 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct sockaddr_storage foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23758: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23761: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23764: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23767: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:23778: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:23783: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
-if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23789 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct sockaddr_storage *) 0)
-  return 0;
-if (sizeof (struct sockaddr_storage))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23810: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23813: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23816: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23819: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_sockaddr_storage=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_sockaddr_storage=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23829: result: $ac_cv_type_struct_sockaddr_storage" >&5
-echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6
-if test $ac_cv_type_struct_sockaddr_storage = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'`
-echo "$as_me:23851: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23857 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <netdb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct addrinfo foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23880: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23883: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23886: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23889: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:23900: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:23905: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
-if test "${ac_cv_type_struct_addrinfo+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23911 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct addrinfo *) 0)
-  return 0;
-if (sizeof (struct addrinfo))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:23932: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:23935: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:23938: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:23941: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_addrinfo=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_addrinfo=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:23951: result: $ac_cv_type_struct_addrinfo" >&5
-echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6
-if test $ac_cv_type_struct_addrinfo = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_ADDRINFO 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct ifaddrs" | sed 'y%./+- %__p__%'`
-echo "$as_me:23973: checking for struct ifaddrs" >&5
-echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 23979 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <ifaddrs.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct ifaddrs foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24002: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24005: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24008: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24011: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:24022: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct ifaddrs | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:24027: checking for struct ifaddrs" >&5
-echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6
-if test "${ac_cv_type_struct_ifaddrs+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 24033 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct ifaddrs *) 0)
-  return 0;
-if (sizeof (struct ifaddrs))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24054: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24057: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24060: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24063: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_ifaddrs=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_ifaddrs=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:24073: result: $ac_cv_type_struct_ifaddrs" >&5
-echo "${ECHO_T}$ac_cv_type_struct_ifaddrs" >&6
-if test $ac_cv_type_struct_ifaddrs = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_IFADDRS 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct iovec" | sed 'y%./+- %__p__%'`
-echo "$as_me:24095: checking for struct iovec" >&5
-echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 24101 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct iovec foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24127: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24130: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24133: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24136: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:24147: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct iovec | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:24152: checking for struct iovec" >&5
-echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6
-if test "${ac_cv_type_struct_iovec+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 24158 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct iovec *) 0)
-  return 0;
-if (sizeof (struct iovec))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24179: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24182: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24185: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24188: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_iovec=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_iovec=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:24198: result: $ac_cv_type_struct_iovec" >&5
-echo "${ECHO_T}$ac_cv_type_struct_iovec" >&6
-if test $ac_cv_type_struct_iovec = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_IOVEC 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-cv=`echo "struct msghdr" | sed 'y%./+- %__p__%'`
-echo "$as_me:24220: checking for struct msghdr" >&5
-echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 24226 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct msghdr foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24252: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24255: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24258: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24261: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:24272: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo struct msghdr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:24277: checking for struct msghdr" >&5
-echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6
-if test "${ac_cv_type_struct_msghdr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 24283 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct msghdr *) 0)
-  return 0;
-if (sizeof (struct msghdr))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24304: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24307: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24310: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24313: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_msghdr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_msghdr=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:24323: result: $ac_cv_type_struct_msghdr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_msghdr" >&6
-if test $ac_cv_type_struct_msghdr = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_MSGHDR 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-
-
-
-echo "$as_me:24345: checking for struct winsize" >&5
-echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6
-if test "${ac_cv_struct_winsize+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-ac_cv_struct_winsize=no
-for i in sys/termios.h sys/ioctl.h; do
-cat >conftest.$ac_ext <<_ACEOF
-#line 24354 "configure"
-#include "confdefs.h"
-#include <$i>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "struct[ 	]*winsize" >/dev/null 2>&1; then
-  ac_cv_struct_winsize=yes; break
-fi
-rm -f conftest*
-done
-
-fi
-
-if test "$ac_cv_struct_winsize" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_WINSIZE 1
-_ACEOF
-
-fi
-echo "$as_me:24375: result: $ac_cv_struct_winsize" >&5
-echo "${ECHO_T}$ac_cv_struct_winsize" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 24378 "configure"
-#include "confdefs.h"
-#include <termios.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ws_xpixel" >/dev/null 2>&1; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_WS_XPIXEL 1
-_ACEOF
-
-fi
-rm -f conftest*
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 24394 "configure"
-#include "confdefs.h"
-#include <termios.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "ws_ypixel" >/dev/null 2>&1; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_WS_YPIXEL 1
-_ACEOF
-
-fi
-rm -f conftest*
-
-
-
-
-
-echo "$as_me:24413: checking for struct spwd" >&5
-echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6
-if test "${ac_cv_struct_spwd+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 24420 "configure"
-#include "confdefs.h"
-#include <pwd.h>
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct spwd foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24441: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24444: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24447: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24450: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_struct_spwd=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_spwd=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-
-echo "$as_me:24462: result: $ac_cv_struct_spwd" >&5
-echo "${ECHO_T}$ac_cv_struct_spwd" >&6
-
-if test "$ac_cv_struct_spwd" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_SPWD 1
-_ACEOF
-
-fi
-
-
-
-LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
-
-
-LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
-
-
-
-# Check whether --with-openldap or --without-openldap was given.
-if test "${with_openldap+set}" = set; then
-  withval="$with_openldap"
-
-fi;
-
-# Check whether --with-openldap-lib or --without-openldap-lib was given.
-if test "${with_openldap_lib+set}" = set; then
-  withval="$with_openldap_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:24492: error: No argument for --with-openldap-lib" >&5
-echo "$as_me: error: No argument for --with-openldap-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openldap" = "X"; then
-  with_openldap=yes
-fi
-fi;
-
-# Check whether --with-openldap-include or --without-openldap-include was given.
-if test "${with_openldap_include+set}" = set; then
-  withval="$with_openldap_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:24504: error: No argument for --with-openldap-include" >&5
-echo "$as_me: error: No argument for --with-openldap-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openldap" = "X"; then
-  with_openldap=yes
-fi
-fi;
-
-# Check whether --with-openldap-config or --without-openldap-config was given.
-if test "${with_openldap_config+set}" = set; then
-  withval="$with_openldap_config"
-
-fi;
-
-
-
-echo "$as_me:24520: checking for openldap" >&5
-echo $ECHO_N "checking for openldap... $ECHO_C" >&6
-
-case "$with_openldap" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_openldap" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_openldap_include" = ""; then
-		if test -d "$i/include/openldap"; then
-			header_dirs="$header_dirs $i/include/openldap"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_openldap_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_openldap_include"; then
-	header_dirs="$with_openldap_include $header_dirs"
-fi
-if test "$with_openldap_lib"; then
-	lib_dirs="$with_openldap_lib $lib_dirs"
-fi
-
-if test "$with_openldap_config" = ""; then
-	with_openldap_config=''
-fi
-
-openldap_cflags=
-openldap_libs=
-
-case "$with_openldap_config" in
-yes|no|"")
-	;;
-*)
-	openldap_cflags="`$with_openldap_config --cflags 2>&1`"
-	openldap_libs="`$with_openldap_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_openldap" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$openldap_cflags" -a "$openldap_libs"; then
-		CFLAGS="$openldap_cflags $save_CFLAGS"
-		LIBS="$openldap_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 24578 "configure"
-#include "confdefs.h"
-#include <lber.h>
-#include <ldap.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:24597: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:24600: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:24603: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24606: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_openldap="$openldap_cflags"
-			LIB_openldap="$openldap_libs"
-			echo "$as_me:24611: result: from $with_openldap_config" >&5
-echo "${ECHO_T}from $with_openldap_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 24625 "configure"
-#include "confdefs.h"
-#include <lber.h>
-#include <ldap.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24644: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24647: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24650: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24653: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lldap -llber  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 24665 "configure"
-#include "confdefs.h"
-#include <lber.h>
-#include <ldap.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:24684: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:24687: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:24690: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24693: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then
-			INCLUDE_openldap="-I$ires"
-			LIB_openldap="-L$lres -lldap -llber"
-			found=yes
-			echo "$as_me:24706: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define OPENLDAP 1
-_ACEOF
-
-	with_openldap=yes
-else
-	with_openldap=no
-	INCLUDE_openldap=
-	LIB_openldap=
-	echo "$as_me:24725: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-if test "$openldap_libdir"; then
-	LIB_openldap="-R $openldap_libdir $LIB_openldap"
-fi
-
-
-
-# Check whether --with-krb4 or --without-krb4 was given.
-if test "${with_krb4+set}" = set; then
-  withval="$with_krb4"
-
-fi;
-
-# Check whether --with-krb4-lib or --without-krb4-lib was given.
-if test "${with_krb4_lib+set}" = set; then
-  withval="$with_krb4_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:24749: error: No argument for --with-krb4-lib" >&5
-echo "$as_me: error: No argument for --with-krb4-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_krb4" = "X"; then
-  with_krb4=yes
-fi
-fi;
-
-# Check whether --with-krb4-include or --without-krb4-include was given.
-if test "${with_krb4_include+set}" = set; then
-  withval="$with_krb4_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:24761: error: No argument for --with-krb4-include" >&5
-echo "$as_me: error: No argument for --with-krb4-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_krb4" = "X"; then
-  with_krb4=yes
-fi
-fi;
-
-# Check whether --with-krb4-config or --without-krb4-config was given.
-if test "${with_krb4_config+set}" = set; then
-  withval="$with_krb4_config"
-
-fi;
-
-
-
-echo "$as_me:24777: checking for krb4" >&5
-echo $ECHO_N "checking for krb4... $ECHO_C" >&6
-
-case "$with_krb4" in
-yes|"") d='/usr/athena' ;;
-no)	d= ;;
-*)	d="$with_krb4" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_krb4_include" = ""; then
-		if test -d "$i/include/krb4"; then
-			header_dirs="$header_dirs $i/include/krb4"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_krb4_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_krb4_include"; then
-	header_dirs="$with_krb4_include $header_dirs"
-fi
-if test "$with_krb4_lib"; then
-	lib_dirs="$with_krb4_lib $lib_dirs"
-fi
-
-if test "$with_krb4_config" = ""; then
-	with_krb4_config='krb4-config'
-fi
-
-krb4_cflags=
-krb4_libs=
-
-case "$with_krb4_config" in
-yes|no|"")
-	;;
-*)
-	krb4_cflags="`$with_krb4_config --cflags 2>&1`"
-	krb4_libs="`$with_krb4_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_krb4" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$krb4_cflags" -a "$krb4_libs"; then
-		CFLAGS="$krb4_cflags $save_CFLAGS"
-		LIBS="$krb4_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 24835 "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:24853: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:24856: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:24859: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24862: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_krb4="$krb4_cflags"
-			LIB_krb4="$krb4_libs"
-			echo "$as_me:24867: result: from $with_krb4_config" >&5
-echo "${ECHO_T}from $with_krb4_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 24881 "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:24899: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:24902: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:24905: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24908: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lkrb -ldes $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 24920 "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:24938: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:24941: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:24944: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:24947: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_krb4" != "no"; then
-			INCLUDE_krb4="-I$ires"
-			LIB_krb4="-L$lres -lkrb"
-			found=yes
-			echo "$as_me:24960: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define KRB4 1
-_ACEOF
-
-	with_krb4=yes
-else
-	with_krb4=no
-	INCLUDE_krb4=
-	LIB_krb4=
-	echo "$as_me:24979: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-LIB_kdb=
-if test "$with_krb4" != "no"; then
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS $INCLUDE_krb4"
-	save_LIBS="$LIBS"
-	LIBS="$LIB_krb4 $LIBS"
-	EXTRA_LIB45=lib45.a
-
-	echo "$as_me:24995: checking for four valued krb_put_int" >&5
-echo $ECHO_N "checking for four valued krb_put_int... $ECHO_C" >&6
-if test "${ac_cv_func_krb_put_int_four+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25001 "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		char tmp[4];
-		krb_put_int(17, tmp, 4, sizeof(tmp));
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:25021: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:25024: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:25027: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25030: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_put_int_four=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_put_int_four=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:25041: result: $ac_cv_func_krb_put_int_four" >&5
-echo "${ECHO_T}$ac_cv_func_krb_put_int_four" >&6
-	if test "$ac_cv_func_krb_put_int_four" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_FOUR_VALUED_KRB_PUT_INT 1
-_ACEOF
-
-	fi
-
-
-	echo "$as_me:25052: checking for KRB_VERIFY_SECURE" >&5
-echo $ECHO_N "checking for KRB_VERIFY_SECURE... $ECHO_C" >&6
-if test "${ac_cv_func_krb_verify_secure+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25058 "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		int x = KRB_VERIFY_SECURE
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:25077: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:25080: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:25083: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25086: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_verify_secure=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_verify_secure=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:25097: result: $ac_cv_func_krb_verify_secure" >&5
-echo "${ECHO_T}$ac_cv_func_krb_verify_secure" >&6
-	if test "$ac_cv_func_krb_verify_secure" != yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_VERIFY_SECURE 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_VERIFY_SECURE_FAIL 2
-_ACEOF
-
-	fi
-	echo "$as_me:25111: checking for KRB_VERIFY_NOT_SECURE" >&5
-echo $ECHO_N "checking for KRB_VERIFY_NOT_SECURE... $ECHO_C" >&6
-if test "${ac_cv_func_krb_verify_not_secure+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25117 "configure"
-#include "confdefs.h"
-#include <krb.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		int x = KRB_VERIFY_NOT_SECURE
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:25136: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:25139: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:25142: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25145: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_verify_not_secure=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_verify_not_secure=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:25156: result: $ac_cv_func_krb_verify_not_secure" >&5
-echo "${ECHO_T}$ac_cv_func_krb_verify_not_secure" >&6
-	if test "$ac_cv_func_krb_verify_not_secure" != yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_VERIFY_NOT_SECURE 0
-_ACEOF
-
-	fi
-
-
-
-
-echo "$as_me:25169: checking for krb_enable_debug" >&5
-echo $ECHO_N "checking for krb_enable_debug... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_enable_debug+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_enable_debug\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 25187 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_enable_debug()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25205: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25208: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25211: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25214: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_enable_debug=$ac_lib; else ac_cv_funclib_krb_enable_debug=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_enable_debug=\${ac_cv_funclib_krb_enable_debug-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_enable_debug"
-
-if false; then
-
-for ac_func in krb_enable_debug
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:25237: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25243 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25280: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25283: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25286: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25289: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:25299: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_enable_debug
-eval "ac_tr_func=HAVE_`echo krb_enable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_enable_debug=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_enable_debug=yes"
-	eval "LIB_krb_enable_debug="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:25323: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_enable_debug=no"
-	eval "LIB_krb_enable_debug="
-	echo "$as_me:25329: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_enable_debug=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:25343: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_enable_debug"; then
-	LIBS="$LIB_krb_enable_debug $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:25357: checking for krb_disable_debug" >&5
-echo $ECHO_N "checking for krb_disable_debug... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_disable_debug+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_disable_debug\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 25375 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_disable_debug()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25393: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25396: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25399: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25402: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_disable_debug=$ac_lib; else ac_cv_funclib_krb_disable_debug=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_disable_debug=\${ac_cv_funclib_krb_disable_debug-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_disable_debug"
-
-if false; then
-
-for ac_func in krb_disable_debug
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:25425: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25431 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25468: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25471: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25474: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25477: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:25487: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_disable_debug
-eval "ac_tr_func=HAVE_`echo krb_disable_debug | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_disable_debug=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_disable_debug=yes"
-	eval "LIB_krb_disable_debug="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:25511: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_disable_debug=no"
-	eval "LIB_krb_disable_debug="
-	echo "$as_me:25517: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_disable_debug=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:25531: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_disable_debug"; then
-	LIBS="$LIB_krb_disable_debug $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:25545: checking for krb_get_our_ip_for_realm" >&5
-echo $ECHO_N "checking for krb_get_our_ip_for_realm... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_get_our_ip_for_realm+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_get_our_ip_for_realm\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 25563 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_get_our_ip_for_realm()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25581: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25584: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25587: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25590: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_our_ip_for_realm=$ac_lib; else ac_cv_funclib_krb_get_our_ip_for_realm=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_get_our_ip_for_realm=\${ac_cv_funclib_krb_get_our_ip_for_realm-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_get_our_ip_for_realm"
-
-if false; then
-
-for ac_func in krb_get_our_ip_for_realm
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:25613: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25619 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25656: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25659: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25662: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25665: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:25675: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_get_our_ip_for_realm
-eval "ac_tr_func=HAVE_`echo krb_get_our_ip_for_realm | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_get_our_ip_for_realm=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_get_our_ip_for_realm=yes"
-	eval "LIB_krb_get_our_ip_for_realm="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:25699: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_get_our_ip_for_realm=no"
-	eval "LIB_krb_get_our_ip_for_realm="
-	echo "$as_me:25705: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_get_our_ip_for_realm=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:25719: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_get_our_ip_for_realm"; then
-	LIBS="$LIB_krb_get_our_ip_for_realm $LIBS"
-fi
-
-
-
-
-
-echo "$as_me:25733: checking for krb_kdctimeofday" >&5
-echo $ECHO_N "checking for krb_kdctimeofday... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_kdctimeofday+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_kdctimeofday\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 25751 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_kdctimeofday()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25769: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25772: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25775: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25778: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_kdctimeofday=$ac_lib; else ac_cv_funclib_krb_kdctimeofday=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_kdctimeofday=\${ac_cv_funclib_krb_kdctimeofday-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_kdctimeofday"
-
-if false; then
-
-for ac_func in krb_kdctimeofday
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:25801: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25807 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25844: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25847: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25850: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25853: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:25863: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_kdctimeofday
-eval "ac_tr_func=HAVE_`echo krb_kdctimeofday | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_kdctimeofday=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_kdctimeofday=yes"
-	eval "LIB_krb_kdctimeofday="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:25887: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_kdctimeofday=no"
-	eval "LIB_krb_kdctimeofday="
-	echo "$as_me:25893: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_kdctimeofday=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:25907: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_kdctimeofday"; then
-	LIBS="$LIB_krb_kdctimeofday $LIBS"
-fi
-
-
-
-
-
-
-
-echo "$as_me:25923: checking for krb_get_kdc_time_diff" >&5
-echo $ECHO_N "checking for krb_get_kdc_time_diff... $ECHO_C" >&6
-if test "${ac_cv_funclib_krb_get_kdc_time_diff+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_krb_get_kdc_time_diff\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 25941 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-krb_get_kdc_time_diff()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:25959: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:25962: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:25965: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:25968: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_krb_get_kdc_time_diff=$ac_lib; else ac_cv_funclib_krb_get_kdc_time_diff=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_krb_get_kdc_time_diff=\${ac_cv_funclib_krb_get_kdc_time_diff-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_krb_get_kdc_time_diff"
-
-if false; then
-
-for ac_func in krb_get_kdc_time_diff
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:25991: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 25997 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:26034: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:26037: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:26040: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26043: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:26053: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# krb_get_kdc_time_diff
-eval "ac_tr_func=HAVE_`echo krb_get_kdc_time_diff | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_krb_get_kdc_time_diff=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_krb_get_kdc_time_diff=yes"
-	eval "LIB_krb_get_kdc_time_diff="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:26077: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_krb_get_kdc_time_diff=no"
-	eval "LIB_krb_get_kdc_time_diff="
-	echo "$as_me:26083: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_krb_get_kdc_time_diff=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:26097: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test -n "$LIB_krb_get_kdc_time_diff"; then
-	LIBS="$LIB_krb_get_kdc_time_diff $LIBS"
-fi
-
-
-
-	echo "$as_me:26109: checking for KRB_SENDAUTH_VERS" >&5
-echo $ECHO_N "checking for KRB_SENDAUTH_VERS... $ECHO_C" >&6
-if test "${ac_cv_func_krb_sendauth_vers+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 26115 "configure"
-#include "confdefs.h"
-#include <krb.h>
-			#include <prot.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-		char *x = KRB_SENDAUTH_VERS
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:26135: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:26138: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:26141: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26144: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_sendauth_vers=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_sendauth_vers=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:26155: result: $ac_cv_func_krb_sendauth_vers" >&5
-echo "${ECHO_T}$ac_cv_func_krb_sendauth_vers" >&6
-	if test "$ac_cv_func_krb_sendauth_vers" != yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_SENDAUTH_VERS "AUTHV0.1"
-_ACEOF
-
-	fi
-	echo "$as_me:26164: checking for krb_mk_req with const arguments" >&5
-echo $ECHO_N "checking for krb_mk_req with const arguments... $ECHO_C" >&6
-if test "${ac_cv_func_krb_mk_req_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 26170 "configure"
-#include "confdefs.h"
-#include <krb.h>
-		int krb_mk_req(KTEXT a, const char *s, const char *i,
-			       const char *r, int32_t checksum)
-		{ return 17; }
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:26191: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:26194: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:26197: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26200: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_krb_mk_req_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_krb_mk_req_const=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:26211: result: $ac_cv_func_krb_mk_req_const" >&5
-echo "${ECHO_T}$ac_cv_func_krb_mk_req_const" >&6
-	if test "$ac_cv_func_krb_mk_req_const" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB_MK_REQ_CONST 1
-_ACEOF
-
-	fi
-
-	LIBS="$save_LIBS"
-	CFLAGS="$save_CFLAGS"
-	LIB_kdb="-lkdb -lkrb"
-	if test "$krb4_libdir"; then
-		LIB_krb4="-R $krb4_libdir $LIB_krb4"
-		LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb"
-	fi
-fi
-
-
-if test "$with_krb4" != "no"; then
-  KRB4_TRUE=
-  KRB4_FALSE='#'
-else
-  KRB4_TRUE='#'
-  KRB4_FALSE=
-fi
-
-
-
-if true; then
-  KRB5_TRUE=
-  KRB5_FALSE='#'
-else
-  KRB5_TRUE='#'
-  KRB5_FALSE=
-fi
-
-
-
-if true; then
-  do_roken_rename_TRUE=
-  do_roken_rename_FALSE='#'
-else
-  do_roken_rename_TRUE='#'
-  do_roken_rename_FALSE=
-fi
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define KRB5 1
-_ACEOF
-
-# Check whether --enable-dce or --disable-dce was given.
-if test "${enable_dce+set}" = set; then
-  enableval="$enable_dce"
-
-fi;
-if test "$enable_dce" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define DCE 1
-_ACEOF
-
-fi
-
-
-if test "$enable_dce" = yes; then
-  DCE_TRUE=
-  DCE_FALSE='#'
-else
-  DCE_TRUE='#'
-  DCE_FALSE=
-fi
-
-
-## XXX quite horrible:
-if test -f /etc/ibmcxx.cfg; then
-	dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'`
-	dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'`
-	dpagaix_ldflags=
-else
-	dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
-	dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
-	dpagaix_ldflags="-Wl,-bI:dfspag.exp"
-fi
-
-
-
-
-
-# Check whether --enable-otp or --disable-otp was given.
-if test "${enable_otp+set}" = set; then
-  enableval="$enable_otp"
-
-fi;
-if test "$enable_otp" = yes -a "$db_type" = unknown; then
-	{ { echo "$as_me:26309: error: OTP requires a NDBM/DB compatible library" >&5
-echo "$as_me: error: OTP requires a NDBM/DB compatible library" >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test "$enable_otp" != no; then
-	if test "$db_type" != unknown; then
-		enable_otp=yes
-	else
-		enable_otp=no
-	fi
-fi
-if test "$enable_otp" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define OTP 1
-_ACEOF
-
-	LIB_otp='$(top_builddir)/lib/otp/libotp.la'
-
-fi
-echo "$as_me:26329: checking whether to enable OTP library" >&5
-echo $ECHO_N "checking whether to enable OTP library... $ECHO_C" >&6
-echo "$as_me:26331: result: $enable_otp" >&5
-echo "${ECHO_T}$enable_otp" >&6
-
-
-if test "$enable_otp" = yes; then
-  OTP_TRUE=
-  OTP_FALSE='#'
-else
-  OTP_TRUE='#'
-  OTP_FALSE=
-fi
-
-
-
-# Check whether --enable-osfc2 or --disable-osfc2 was given.
-if test "${enable_osfc2+set}" = set; then
-  enableval="$enable_osfc2"
-
-fi;
-LIB_security=
-if test "$enable_osfc2" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OSFC2 1
-_ACEOF
-
-	LIB_security=-lsecurity
-fi
-
-
-
-# Extract the first word of "nroff", so it can be a program name with args.
-set dummy nroff; ac_word=$2
-echo "$as_me:26364: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_NROFF+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $NROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:26382: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  ;;
-esac
-fi
-NROFF=$ac_cv_path_NROFF
-
-if test -n "$NROFF"; then
-  echo "$as_me:26394: result: $NROFF" >&5
-echo "${ECHO_T}$NROFF" >&6
-else
-  echo "$as_me:26397: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-# Extract the first word of "groff", so it can be a program name with args.
-set dummy groff; ac_word=$2
-echo "$as_me:26403: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_GROFF+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $GROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:26421: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  ;;
-esac
-fi
-GROFF=$ac_cv_path_GROFF
-
-if test -n "$GROFF"; then
-  echo "$as_me:26433: result: $GROFF" >&5
-echo "${ECHO_T}$GROFF" >&6
-else
-  echo "$as_me:26436: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-echo "$as_me:26440: checking how to format man pages" >&5
-echo $ECHO_N "checking how to format man pages... $ECHO_C" >&6
-if test "${ac_cv_sys_man_format+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat > conftest.1 << END
-.Dd January 1, 1970
-.Dt CONFTEST 1
-.Sh NAME
-.Nm conftest
-.Nd
-foobar
-END
-
-if test "$NROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$NROFF" $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$NROFF $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
-	for i in "-mdoc" "-mandoc"; do
-		if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
-			grep Jan > /dev/null 2>&1 ; then
-			ac_cv_sys_man_format="$GROFF -Tascii $i"
-			break
-		fi
-	done
-fi
-if test "$ac_cv_sys_man_format"; then
-	ac_cv_sys_man_format="$ac_cv_sys_man_format \$< > \$@"
-fi
-
-fi
-echo "$as_me:26477: result: $ac_cv_sys_man_format" >&5
-echo "${ECHO_T}$ac_cv_sys_man_format" >&6
-if test "$ac_cv_sys_man_format"; then
-	CATMAN="$ac_cv_sys_man_format"
-
-fi
-
-
-if test "$CATMAN"; then
-  CATMAN_TRUE=
-  CATMAN_FALSE='#'
-else
-  CATMAN_TRUE='#'
-  CATMAN_FALSE=
-fi
-
-echo "$as_me:26493: checking extension of pre-formatted manual pages" >&5
-echo $ECHO_N "checking extension of pre-formatted manual pages... $ECHO_C" >&6
-if test "${ac_cv_sys_catman_ext+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if grep _suffix /etc/man.conf > /dev/null 2>&1; then
-	ac_cv_sys_catman_ext=0
-else
-	ac_cv_sys_catman_ext=number
-fi
-
-fi
-echo "$as_me:26505: result: $ac_cv_sys_catman_ext" >&5
-echo "${ECHO_T}$ac_cv_sys_catman_ext" >&6
-if test "$ac_cv_sys_catman_ext" = number; then
-	CATMANEXT='$$section'
-else
-	CATMANEXT=0
-fi
-
-
-
-
-
-# Check whether --with-readline or --without-readline was given.
-if test "${with_readline+set}" = set; then
-  withval="$with_readline"
-
-fi;
-
-# Check whether --with-readline-lib or --without-readline-lib was given.
-if test "${with_readline_lib+set}" = set; then
-  withval="$with_readline_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:26527: error: No argument for --with-readline-lib" >&5
-echo "$as_me: error: No argument for --with-readline-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_readline" = "X"; then
-  with_readline=yes
-fi
-fi;
-
-# Check whether --with-readline-include or --without-readline-include was given.
-if test "${with_readline_include+set}" = set; then
-  withval="$with_readline_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:26539: error: No argument for --with-readline-include" >&5
-echo "$as_me: error: No argument for --with-readline-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_readline" = "X"; then
-  with_readline=yes
-fi
-fi;
-
-# Check whether --with-readline-config or --without-readline-config was given.
-if test "${with_readline_config+set}" = set; then
-  withval="$with_readline_config"
-
-fi;
-
-
-
-echo "$as_me:26555: checking for readline" >&5
-echo $ECHO_N "checking for readline... $ECHO_C" >&6
-
-case "$with_readline" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_readline" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_readline_include" = ""; then
-		if test -d "$i/include/readline"; then
-			header_dirs="$header_dirs $i/include/readline"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_readline_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_readline_include"; then
-	header_dirs="$with_readline_include $header_dirs"
-fi
-if test "$with_readline_lib"; then
-	lib_dirs="$with_readline_lib $lib_dirs"
-fi
-
-if test "$with_readline_config" = ""; then
-	with_readline_config=''
-fi
-
-readline_cflags=
-readline_libs=
-
-case "$with_readline_config" in
-yes|no|"")
-	;;
-*)
-	readline_cflags="`$with_readline_config --cflags 2>&1`"
-	readline_libs="`$with_readline_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_readline" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$readline_cflags" -a "$readline_libs"; then
-		CFLAGS="$readline_cflags $save_CFLAGS"
-		LIBS="$readline_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 26613 "configure"
-#include "confdefs.h"
-#include <stdio.h>
- #include <readline.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:26632: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:26635: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:26638: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26641: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_readline="$readline_cflags"
-			LIB_readline="$readline_libs"
-			echo "$as_me:26646: result: from $with_readline_config" >&5
-echo "${ECHO_T}from $with_readline_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 26660 "configure"
-#include "confdefs.h"
-#include <stdio.h>
- #include <readline.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:26679: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:26682: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:26685: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26688: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lreadline  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 26700 "configure"
-#include "confdefs.h"
-#include <stdio.h>
- #include <readline.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:26719: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:26722: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:26725: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26728: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_readline" != "no"; then
-			INCLUDE_readline="-I$ires"
-			LIB_readline="-L$lres -lreadline"
-			found=yes
-			echo "$as_me:26741: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define READLINE 1
-_ACEOF
-
-	with_readline=yes
-else
-	with_readline=no
-	INCLUDE_readline=
-	LIB_readline=
-	echo "$as_me:26760: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-
-
-# Check whether --with-hesiod or --without-hesiod was given.
-if test "${with_hesiod+set}" = set; then
-  withval="$with_hesiod"
-
-fi;
-
-# Check whether --with-hesiod-lib or --without-hesiod-lib was given.
-if test "${with_hesiod_lib+set}" = set; then
-  withval="$with_hesiod_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:26780: error: No argument for --with-hesiod-lib" >&5
-echo "$as_me: error: No argument for --with-hesiod-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_hesiod" = "X"; then
-  with_hesiod=yes
-fi
-fi;
-
-# Check whether --with-hesiod-include or --without-hesiod-include was given.
-if test "${with_hesiod_include+set}" = set; then
-  withval="$with_hesiod_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:26792: error: No argument for --with-hesiod-include" >&5
-echo "$as_me: error: No argument for --with-hesiod-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_hesiod" = "X"; then
-  with_hesiod=yes
-fi
-fi;
-
-# Check whether --with-hesiod-config or --without-hesiod-config was given.
-if test "${with_hesiod_config+set}" = set; then
-  withval="$with_hesiod_config"
-
-fi;
-
-
-
-echo "$as_me:26808: checking for hesiod" >&5
-echo $ECHO_N "checking for hesiod... $ECHO_C" >&6
-
-case "$with_hesiod" in
-yes|"") d='' ;;
-no)	d= ;;
-*)	d="$with_hesiod" ;;
-esac
-
-header_dirs=
-lib_dirs=
-for i in $d; do
-	if test "$with_hesiod_include" = ""; then
-		if test -d "$i/include/hesiod"; then
-			header_dirs="$header_dirs $i/include/hesiod"
-		fi
-		if test -d "$i/include"; then
-			header_dirs="$header_dirs $i/include"
-		fi
-	fi
-	if test "$with_hesiod_lib" = ""; then
-		if test -d "$i/lib$abilibdirext"; then
-			lib_dirs="$lib_dirs $i/lib$abilibdirext"
-		fi
-	fi
-done
-
-if test "$with_hesiod_include"; then
-	header_dirs="$with_hesiod_include $header_dirs"
-fi
-if test "$with_hesiod_lib"; then
-	lib_dirs="$with_hesiod_lib $lib_dirs"
-fi
-
-if test "$with_hesiod_config" = ""; then
-	with_hesiod_config=''
-fi
-
-hesiod_cflags=
-hesiod_libs=
-
-case "$with_hesiod_config" in
-yes|no|"")
-	;;
-*)
-	hesiod_cflags="`$with_hesiod_config --cflags 2>&1`"
-	hesiod_libs="`$with_hesiod_config --libs 2>&1`"
-	;;
-esac
-
-found=no
-if test "$with_hesiod" != no; then
-	save_CFLAGS="$CFLAGS"
-	save_LIBS="$LIBS"
-	if test "$hesiod_cflags" -a "$hesiod_libs"; then
-		CFLAGS="$hesiod_cflags $save_CFLAGS"
-		LIBS="$hesiod_libs $save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 26866 "configure"
-#include "confdefs.h"
-#include <hesiod.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:26884: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:26887: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:26890: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26893: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-			INCLUDE_hesiod="$hesiod_cflags"
-			LIB_hesiod="$hesiod_libs"
-			echo "$as_me:26898: result: from $with_hesiod_config" >&5
-echo "${ECHO_T}from $with_hesiod_config" >&6
-			found=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	fi
-	if test "$found" = no; then
-		ires= lres=
-		for i in $header_dirs; do
-			CFLAGS="-I$i $save_CFLAGS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 26912 "configure"
-#include "confdefs.h"
-#include <hesiod.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:26930: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:26933: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:26936: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26939: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		done
-		for i in $lib_dirs; do
-			LIBS="-L$i -lhesiod  $save_LIBS"
-			cat >conftest.$ac_ext <<_ACEOF
-#line 26951 "configure"
-#include "confdefs.h"
-#include <hesiod.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:26969: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:26972: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:26975: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:26978: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres=$i;break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-		done
-		if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then
-			INCLUDE_hesiod="-I$ires"
-			LIB_hesiod="-L$lres -lhesiod"
-			found=yes
-			echo "$as_me:26991: result: headers $ires, libraries $lres" >&5
-echo "${ECHO_T}headers $ires, libraries $lres" >&6
-		fi
-	fi
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-fi
-
-if test "$found" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HESIOD 1
-_ACEOF
-
-	with_hesiod=yes
-else
-	with_hesiod=no
-	INCLUDE_hesiod=
-	LIB_hesiod=
-	echo "$as_me:27010: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-
-
-
-# Check whether --enable-bigendian or --disable-bigendian was given.
-if test "${enable_bigendian+set}" = set; then
-  enableval="$enable_bigendian"
-  krb_cv_c_bigendian=yes
-fi;
-# Check whether --enable-littleendian or --disable-littleendian was given.
-if test "${enable_littleendian+set}" = set; then
-  enableval="$enable_littleendian"
-  krb_cv_c_bigendian=no
-fi;
-echo "$as_me:27029: checking whether byte order is known at compile time" >&5
-echo $ECHO_N "checking whether byte order is known at compile time... $ECHO_C" >&6
-if test "${krb_cv_c_bigendian_compile+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27035 "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:27058: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:27061: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:27064: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27067: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian_compile=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_c_bigendian_compile=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:27077: result: $krb_cv_c_bigendian_compile" >&5
-echo "${ECHO_T}$krb_cv_c_bigendian_compile" >&6
-echo "$as_me:27079: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
-if test "${krb_cv_c_bigendian+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-  if test "$krb_cv_c_bigendian_compile" = "yes"; then
-    cat >conftest.$ac_ext <<_ACEOF
-#line 27087 "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-#if BYTE_ORDER != BIG_ENDIAN
-  not big endian
-#endif
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:27110: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:27113: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:27116: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27119: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_c_bigendian=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-  else
-    if test "$cross_compiling" = yes; then
-  { { echo "$as_me:27130: error: specify either --enable-bigendian or --enable-littleendian" >&5
-echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27135 "configure"
-#include "confdefs.h"
-main () {
-      /* Are we little or big endian?  From Harbison&Steele.  */
-      union
-      {
-	long l;
-	char c[sizeof (long)];
-    } u;
-    u.l = 1;
-    exit (u.c[sizeof (long) - 1] == 1);
-  }
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:27149: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:27152: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:27154: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27157: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_c_bigendian=no
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-krb_cv_c_bigendian=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-  fi
-
-fi
-echo "$as_me:27172: result: $krb_cv_c_bigendian" >&5
-echo "${ECHO_T}$krb_cv_c_bigendian" >&6
-if test "$krb_cv_c_bigendian" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define WORDS_BIGENDIAN 1
-_ACEOF
-fi
-if test "$krb_cv_c_bigendian_compile" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENDIANESS_IN_SYS_PARAM_H 1
-_ACEOF
-fi
-
-
-
-echo "$as_me:27189: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6
-if test "${ac_cv_c_inline+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27197 "configure"
-#include "confdefs.h"
-#ifndef __cplusplus
-static $ac_kw int static_foo () {return 0; }
-$ac_kw int foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:27206: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:27209: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:27212: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27215: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_inline=$ac_kw; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-
-fi
-echo "$as_me:27226: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  no)
-cat >>confdefs.h <<\_ACEOF
-#define inline
-_ACEOF
- ;;
-  *)  cat >>confdefs.h <<_ACEOF
-#define inline $ac_cv_c_inline
-_ACEOF
- ;;
-esac
-
-
-
-
-
-
-echo "$as_me:27246: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
-if test "${ac_cv_funclib_dlopen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" dl; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 27264 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:27282: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:27285: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:27288: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27291: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_dlopen"
-
-if false; then
-
-for ac_func in dlopen
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:27314: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27320 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:27357: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:27360: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:27363: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27366: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:27376: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# dlopen
-eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_dlopen=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_dlopen=yes"
-	eval "LIB_dlopen="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:27400: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_dlopen=no"
-	eval "LIB_dlopen="
-	echo "$as_me:27406: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_dlopen=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:27420: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-if test "$ac_cv_funclib_dlopen" != no; then
-  HAVE_DLOPEN_TRUE=
-  HAVE_DLOPEN_FALSE='#'
-else
-  HAVE_DLOPEN_TRUE='#'
-  HAVE_DLOPEN_FALSE=
-fi
-
-
-
-
-aix=no
-case "$host" in
-*-*-aix3*)
-	aix=3
-	;;
-*-*-aix4*|*-*-aix5*)
-	aix=4
-	;;
-esac
-
-
-
-if test "$aix" != no; then
-  AIX_TRUE=
-  AIX_FALSE='#'
-else
-  AIX_TRUE='#'
-  AIX_FALSE=
-fi
-
-
-if test "$aix" = 4; then
-  AIX4_TRUE=
-  AIX4_FALSE='#'
-else
-  AIX4_TRUE='#'
-  AIX4_FALSE=
-fi
-
-
-
-# Check whether --enable-dynamic-afs or --disable-dynamic-afs was given.
-if test "${enable_dynamic_afs+set}" = set; then
-  enableval="$enable_dynamic_afs"
-
-fi;
-
-if test "$aix" != no; then
-	if test "$enable_dynamic_afs" != no; then
-
-		if test "$ac_cv_func_dlopen" = no; then
-
-
-
-echo "$as_me:27483: checking for loadquery" >&5
-echo $ECHO_N "checking for loadquery... $ECHO_C" >&6
-if test "${ac_cv_funclib_loadquery+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_loadquery\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" ld; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 27501 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-loadquery()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:27519: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:27522: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:27525: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27528: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_loadquery=$ac_lib; else ac_cv_funclib_loadquery=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_loadquery=\${ac_cv_funclib_loadquery-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_loadquery"
-
-if false; then
-
-for ac_func in loadquery
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:27551: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27557 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:27594: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:27597: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:27600: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27603: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:27613: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# loadquery
-eval "ac_tr_func=HAVE_`echo loadquery | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_loadquery=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_loadquery=yes"
-	eval "LIB_loadquery="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:27637: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_loadquery=no"
-	eval "LIB_loadquery="
-	echo "$as_me:27643: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_loadquery=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:27657: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-		fi
-		if test "$ac_cv_func_dlopen" != no; then
-			AIX_EXTRA_KAFS='$(LIB_dlopen)'
-		elif test "$ac_cv_func_loadquery" != no; then
-			AIX_EXTRA_KAFS='$(LIB_loadquery)'
-		else
-			{ echo "$as_me:27669: not using dynloaded AFS library" >&5
-echo "$as_me: not using dynloaded AFS library" >&6;}
-			AIX_EXTRA_KAFS=
-			enable_dynamic_afs=no
-		fi
-	else
-		AIX_EXTRA_KAFS=
-	fi
-fi
-
-
-
-if test "$enable_dynamic_afs" != no; then
-  AIX_DYNAMIC_AFS_TRUE=
-  AIX_DYNAMIC_AFS_FALSE='#'
-else
-  AIX_DYNAMIC_AFS_TRUE='#'
-  AIX_DYNAMIC_AFS_FALSE=
-fi
-
-
-
-
-
-
-irix=no
-case "$host" in
-*-*-irix4*)
-
-cat >>confdefs.h <<\_ACEOF
-#define IRIX4 1
-_ACEOF
-
-	irix=yes
-	;;
-*-*-irix*)
-	irix=yes
-	;;
-esac
-
-
-if test "$irix" != no; then
-  IRIX_TRUE=
-  IRIX_FALSE='#'
-else
-  IRIX_TRUE='#'
-  IRIX_FALSE=
-fi
-
-
-
-
-
-sunos=no
-case "$host" in
-*-*-sunos4*)
-	sunos=40
-	;;
-*-*-solaris2.7)
-	sunos=57
-	;;
-*-*-solaris2.89)
-	sunos=58
-	;;
-*-*-solaris2*)
-	sunos=50
-	;;
-esac
-if test "$sunos" != no; then
-
-cat >>confdefs.h <<_ACEOF
-#define SunOS $sunos
-_ACEOF
-
-fi
-
-
-echo "$as_me:27746: checking for X" >&5
-echo $ECHO_N "checking for X... $ECHO_C" >&6
-
-
-# Check whether --with-x or --without-x was given.
-if test "${with_x+set}" = set; then
-  withval="$with_x"
-
-fi;
-# $have_x is `yes', `no', `disabled', or empty when we do not yet know.
-if test "x$with_x" = xno; then
-  # The user explicitly disabled X.
-  have_x=disabled
-else
-  if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then
-    # Both variables are already set.
-    have_x=yes
-  else
-    if test "${ac_cv_have_x+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  # One or both of the vars are not set, and there is no cached value.
-ac_x_includes=no ac_x_libraries=no
-rm -fr conftest.dir
-if mkdir conftest.dir; then
-  cd conftest.dir
-  # Make sure to not put "make" in the Imakefile rules, since we grep it out.
-  cat >Imakefile <<'_ACEOF'
-acfindx:
-	@echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"'
-_ACEOF
-  if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then
-    # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-    eval `${MAKE-make} acfindx 2>/dev/null | grep -v make`
-    # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR.
-    for ac_extension in a so sl; do
-      if test ! -f $ac_im_usrlibdir/libX11.$ac_extension &&
-         test -f $ac_im_libdir/libX11.$ac_extension; then
-        ac_im_usrlibdir=$ac_im_libdir; break
-      fi
-    done
-    # Screen out bogus values from the imake configuration.  They are
-    # bogus both because they are the default anyway, and because
-    # using them would break gcc on systems where it needs fixed includes.
-    case $ac_im_incroot in
-	/usr/include) ;;
-	*) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes=$ac_im_incroot;;
-    esac
-    case $ac_im_usrlibdir in
-	/usr/lib | /lib) ;;
-	*) test -d "$ac_im_usrlibdir" && ac_x_libraries=$ac_im_usrlibdir ;;
-    esac
-  fi
-  cd ..
-  rm -fr conftest.dir
-fi
-
-# Standard set of common directories for X headers.
-# Check X11 before X11Rn because it is often a symlink to the current release.
-ac_x_header_dirs='
-/usr/X11/include
-/usr/X11R6/include
-/usr/X11R5/include
-/usr/X11R4/include
-
-/usr/include/X11
-/usr/include/X11R6
-/usr/include/X11R5
-/usr/include/X11R4
-
-/usr/local/X11/include
-/usr/local/X11R6/include
-/usr/local/X11R5/include
-/usr/local/X11R4/include
-
-/usr/local/include/X11
-/usr/local/include/X11R6
-/usr/local/include/X11R5
-/usr/local/include/X11R4
-
-/usr/X386/include
-/usr/x386/include
-/usr/XFree86/include/X11
-
-/usr/include
-/usr/local/include
-/usr/unsupported/include
-/usr/athena/include
-/usr/local/x11r5/include
-/usr/lpp/Xamples/include
-
-/usr/openwin/include
-/usr/openwin/share/include'
-
-if test "$ac_x_includes" = no; then
-  # Guess where to find include files, by looking for Intrinsic.h.
-  # First, try using that file with no special directory specified.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27844 "configure"
-#include "confdefs.h"
-#include <X11/Intrinsic.h>
-_ACEOF
-if { (eval echo "$as_me:27848: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:27854: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  # We can compile using X headers with no special include directory.
-ac_x_includes=
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  for ac_dir in $ac_x_header_dirs; do
-  if test -r "$ac_dir/X11/Intrinsic.h"; then
-    ac_x_includes=$ac_dir
-    break
-  fi
-done
-fi
-rm -f conftest.err conftest.$ac_ext
-fi # $ac_x_includes = no
-
-if test "$ac_x_libraries" = no; then
-  # Check for the libraries.
-  # See if we find them without any special options.
-  # Don't add to $LIBS permanently.
-  ac_save_LIBS=$LIBS
-  LIBS="-lXt $LIBS"
-  cat >conftest.$ac_ext <<_ACEOF
-#line 27887 "configure"
-#include "confdefs.h"
-#include <X11/Intrinsic.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XtMalloc (0)
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:27905: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:27908: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:27911: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:27914: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  LIBS=$ac_save_LIBS
-# We can link X programs with no special library path.
-ac_x_libraries=
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-LIBS=$ac_save_LIBS
-for ac_dir in `echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g`
-do
-  # Don't even attempt the hair of trying to link an X program!
-  for ac_extension in a so sl; do
-    if test -r $ac_dir/libXt.$ac_extension; then
-      ac_x_libraries=$ac_dir
-      break 2
-    fi
-  done
-done
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi # $ac_x_libraries = no
-
-if test "$ac_x_includes" = no || test "$ac_x_libraries" = no; then
-  # Didn't find X anywhere.  Cache the known absence of X.
-  ac_cv_have_x="have_x=no"
-else
-  # Record where we found X for the cache.
-  ac_cv_have_x="have_x=yes \
-	        ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries"
-fi
-fi
-
-  fi
-  eval "$ac_cv_have_x"
-fi # $with_x != no
-
-if test "$have_x" != yes; then
-  echo "$as_me:27952: result: $have_x" >&5
-echo "${ECHO_T}$have_x" >&6
-  no_x=yes
-else
-  # If each of the values was on the command line, it overrides each guess.
-  test "x$x_includes" = xNONE && x_includes=$ac_x_includes
-  test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries
-  # Update the cache value to reflect the command line values.
-  ac_cv_have_x="have_x=yes \
-		ac_x_includes=$x_includes ac_x_libraries=$x_libraries"
-  echo "$as_me:27962: result: libraries $x_libraries, headers $x_includes" >&5
-echo "${ECHO_T}libraries $x_libraries, headers $x_includes" >&6
-fi
-
-
-if test "$no_x" = yes; then
-  # Not all programs may use this symbol, but it does not hurt to define it.
-
-cat >>confdefs.h <<\_ACEOF
-#define X_DISPLAY_MISSING 1
-_ACEOF
-
-  X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS=
-else
-  if test -n "$x_includes"; then
-    X_CFLAGS="$X_CFLAGS -I$x_includes"
-  fi
-
-  # It would also be nice to do this for all -L options, not just this one.
-  if test -n "$x_libraries"; then
-    X_LIBS="$X_LIBS -L$x_libraries"
-    # For Solaris; some versions of Sun CC require a space after -R and
-    # others require no space.  Words are not sufficient . . . .
-    case `(uname -sr) 2>/dev/null` in
-    "SunOS 5"*)
-      echo "$as_me:27987: checking whether -R must be followed by a space" >&5
-echo $ECHO_N "checking whether -R must be followed by a space... $ECHO_C" >&6
-      ac_xsave_LIBS=$LIBS; LIBS="$LIBS -R$x_libraries"
-      cat >conftest.$ac_ext <<_ACEOF
-#line 27991 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28009: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28012: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28015: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28018: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_R_nospace=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_R_nospace=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-      if test $ac_R_nospace = yes; then
-	echo "$as_me:28028: result: no" >&5
-echo "${ECHO_T}no" >&6
-	X_LIBS="$X_LIBS -R$x_libraries"
-      else
-	LIBS="$ac_xsave_LIBS -R $x_libraries"
-	cat >conftest.$ac_ext <<_ACEOF
-#line 28034 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28052: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28055: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28058: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28061: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_R_space=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_R_space=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	if test $ac_R_space = yes; then
-	  echo "$as_me:28071: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	  X_LIBS="$X_LIBS -R $x_libraries"
-	else
-	  echo "$as_me:28075: result: neither works" >&5
-echo "${ECHO_T}neither works" >&6
-	fi
-      fi
-      LIBS=$ac_xsave_LIBS
-    esac
-  fi
-
-  # Check for system-dependent libraries X programs must link with.
-  # Do this before checking for the system-independent R6 libraries
-  # (-lICE), since we may need -lsocket or whatever for X linking.
-
-  if test "$ISC" = yes; then
-    X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet"
-  else
-    # Martyn Johnson says this is needed for Ultrix, if the X
-    # libraries were built with DECnet support.  And Karl Berry says
-    # the Alpha needs dnet_stub (dnet does not exist).
-    ac_xsave_LIBS="$LIBS"; LIBS="$LIBS $X_LIBS -lX11"
-    cat >conftest.$ac_ext <<_ACEOF
-#line 28095 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char XOpenDisplay ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XOpenDisplay ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28120: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28123: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28126: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28129: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-echo "$as_me:28135: checking for dnet_ntoa in -ldnet" >&5
-echo $ECHO_N "checking for dnet_ntoa in -ldnet... $ECHO_C" >&6
-if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldnet  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28143 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dnet_ntoa ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dnet_ntoa ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28168: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28171: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28174: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28177: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dnet_dnet_ntoa=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dnet_dnet_ntoa=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28188: result: $ac_cv_lib_dnet_dnet_ntoa" >&5
-echo "${ECHO_T}$ac_cv_lib_dnet_dnet_ntoa" >&6
-if test $ac_cv_lib_dnet_dnet_ntoa = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
-fi
-
-    if test $ac_cv_lib_dnet_dnet_ntoa = no; then
-      echo "$as_me:28195: checking for dnet_ntoa in -ldnet_stub" >&5
-echo $ECHO_N "checking for dnet_ntoa in -ldnet_stub... $ECHO_C" >&6
-if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldnet_stub  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28203 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char dnet_ntoa ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dnet_ntoa ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28228: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28231: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28234: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28237: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_dnet_stub_dnet_ntoa=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dnet_stub_dnet_ntoa=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28248: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5
-echo "${ECHO_T}$ac_cv_lib_dnet_stub_dnet_ntoa" >&6
-if test $ac_cv_lib_dnet_stub_dnet_ntoa = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
-fi
-
-    fi
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-    LIBS="$ac_xsave_LIBS"
-
-    # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT,
-    # to get the SysV transport functions.
-    # Chad R. Larson says the Pyramis MIS-ES running DC/OSx (SVR4)
-    # needs -lnsl.
-    # The nsl library prevents programs from opening the X display
-    # on Irix 5.2, according to T.E. Dickey.
-    # The functions gethostbyname, getservbyname, and inet_addr are
-    # in -lbsd on LynxOS 3.0.1/i386, according to Lars Hecking.
-    echo "$as_me:28267: checking for gethostbyname" >&5
-echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6
-if test "${ac_cv_func_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 28273 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char gethostbyname (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_gethostbyname) || defined (__stub___gethostbyname)
-choke me
-#else
-f = gethostbyname;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28310: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28313: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28316: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28319: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_gethostbyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:28329: result: $ac_cv_func_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_func_gethostbyname" >&6
-
-    if test $ac_cv_func_gethostbyname = no; then
-      echo "$as_me:28333: checking for gethostbyname in -lnsl" >&5
-echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6
-if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnsl  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28341 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28366: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28369: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28372: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28375: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_nsl_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_nsl_gethostbyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28386: result: $ac_cv_lib_nsl_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6
-if test $ac_cv_lib_nsl_gethostbyname = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
-fi
-
-      if test $ac_cv_lib_nsl_gethostbyname = no; then
-        echo "$as_me:28393: checking for gethostbyname in -lbsd" >&5
-echo $ECHO_N "checking for gethostbyname in -lbsd... $ECHO_C" >&6
-if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lbsd  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28401 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char gethostbyname ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28426: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28429: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28432: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28435: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_bsd_gethostbyname=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_bsd_gethostbyname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28446: result: $ac_cv_lib_bsd_gethostbyname" >&5
-echo "${ECHO_T}$ac_cv_lib_bsd_gethostbyname" >&6
-if test $ac_cv_lib_bsd_gethostbyname = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lbsd"
-fi
-
-      fi
-    fi
-
-    # lieder@skyler.mavd.honeywell.com says without -lsocket,
-    # socket/setsockopt and other routines are undefined under SCO ODT
-    # 2.0.  But -lsocket is broken on IRIX 5.2 (and is not necessary
-    # on later versions), says Simon Leinen: it contains gethostby*
-    # variants that don't use the nameserver (or something).  -lsocket
-    # must be given before -lnsl if both are needed.  We assume that
-    # if connect needs -lnsl, so does gethostbyname.
-    echo "$as_me:28462: checking for connect" >&5
-echo $ECHO_N "checking for connect... $ECHO_C" >&6
-if test "${ac_cv_func_connect+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 28468 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char connect (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char connect ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_connect) || defined (__stub___connect)
-choke me
-#else
-f = connect;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28505: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28508: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28511: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28514: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_connect=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_connect=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:28524: result: $ac_cv_func_connect" >&5
-echo "${ECHO_T}$ac_cv_func_connect" >&6
-
-    if test $ac_cv_func_connect = no; then
-      echo "$as_me:28528: checking for connect in -lsocket" >&5
-echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6
-if test "${ac_cv_lib_socket_connect+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28536 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char connect ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-connect ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28561: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28564: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28567: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28570: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_socket_connect=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_socket_connect=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28581: result: $ac_cv_lib_socket_connect" >&5
-echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6
-if test $ac_cv_lib_socket_connect = yes; then
-  X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
-fi
-
-    fi
-
-    # Guillermo Gomez says -lposix is necessary on A/UX.
-    echo "$as_me:28590: checking for remove" >&5
-echo $ECHO_N "checking for remove... $ECHO_C" >&6
-if test "${ac_cv_func_remove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 28596 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char remove (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char remove ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_remove) || defined (__stub___remove)
-choke me
-#else
-f = remove;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28633: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28636: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28639: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28642: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_remove=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_remove=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:28652: result: $ac_cv_func_remove" >&5
-echo "${ECHO_T}$ac_cv_func_remove" >&6
-
-    if test $ac_cv_func_remove = no; then
-      echo "$as_me:28656: checking for remove in -lposix" >&5
-echo $ECHO_N "checking for remove in -lposix... $ECHO_C" >&6
-if test "${ac_cv_lib_posix_remove+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lposix  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28664 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char remove ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-remove ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28689: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28692: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28695: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28698: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_posix_remove=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_posix_remove=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28709: result: $ac_cv_lib_posix_remove" >&5
-echo "${ECHO_T}$ac_cv_lib_posix_remove" >&6
-if test $ac_cv_lib_posix_remove = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
-fi
-
-    fi
-
-    # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
-    echo "$as_me:28718: checking for shmat" >&5
-echo $ECHO_N "checking for shmat... $ECHO_C" >&6
-if test "${ac_cv_func_shmat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 28724 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shmat (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shmat ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shmat) || defined (__stub___shmat)
-choke me
-#else
-f = shmat;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28761: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28764: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28767: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28770: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_shmat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_shmat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:28780: result: $ac_cv_func_shmat" >&5
-echo "${ECHO_T}$ac_cv_func_shmat" >&6
-
-    if test $ac_cv_func_shmat = no; then
-      echo "$as_me:28784: checking for shmat in -lipc" >&5
-echo $ECHO_N "checking for shmat in -lipc... $ECHO_C" >&6
-if test "${ac_cv_lib_ipc_shmat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lipc  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28792 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char shmat ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-shmat ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28817: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28820: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28823: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28826: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_ipc_shmat=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ipc_shmat=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28837: result: $ac_cv_lib_ipc_shmat" >&5
-echo "${ECHO_T}$ac_cv_lib_ipc_shmat" >&6
-if test $ac_cv_lib_ipc_shmat = yes; then
-  X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
-fi
-
-    fi
-  fi
-
-  # Check for libraries that X11R6 Xt/Xaw programs need.
-  ac_save_LDFLAGS=$LDFLAGS
-  test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries"
-  # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to
-  # check for ICE first), but we must link in the order -lSM -lICE or
-  # we get undefined symbols.  So assume we have SM if we have ICE.
-  # These have to be linked with before -lX11, unlike the other
-  # libraries we check for below, so use a different variable.
-  # John Interrante, Karl Berry
-  echo "$as_me:28855: checking for IceConnectionNumber in -lICE" >&5
-echo $ECHO_N "checking for IceConnectionNumber in -lICE... $ECHO_C" >&6
-if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lICE $X_EXTRA_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 28863 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char IceConnectionNumber ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-IceConnectionNumber ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:28888: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28891: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:28894: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28897: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_ICE_IceConnectionNumber=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ICE_IceConnectionNumber=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:28908: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5
-echo "${ECHO_T}$ac_cv_lib_ICE_IceConnectionNumber" >&6
-if test $ac_cv_lib_ICE_IceConnectionNumber = yes; then
-  X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
-fi
-
-  LDFLAGS=$ac_save_LDFLAGS
-
-fi
-
-
-# try to figure out if we need any additional ld flags, like -R
-# and yes, the autoconf X test is utterly broken
-if test "$no_x" != yes; then
-	echo "$as_me:28922: checking for special X linker flags" >&5
-echo $ECHO_N "checking for special X linker flags... $ECHO_C" >&6
-if test "${krb_cv_sys_x_libs_rpath+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ac_save_libs="$LIBS"
-	ac_save_cflags="$CFLAGS"
-	CFLAGS="$CFLAGS $X_CFLAGS"
-	krb_cv_sys_x_libs_rpath=""
-	krb_cv_sys_x_libs=""
-	for rflag in "" "-R" "-R " "-rpath "; do
-		if test "$rflag" = ""; then
-			foo="$X_LIBS"
-		else
-			foo=""
-			for flag in $X_LIBS; do
-			case $flag in
-			-L*)
-				foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
-				;;
-			*)
-				foo="$foo $flag"
-				;;
-			esac
-			done
-		fi
-		LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
-		if test "$cross_compiling" = yes; then
-  { { echo "$as_me:28951: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 28956 "configure"
-#include "confdefs.h"
-
-		#include <X11/Xlib.h>
-		foo()
-		{
-		XOpenDisplay(NULL);
-		}
-		main()
-		{
-		return 0;
-		}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:28971: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:28974: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:28976: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:28979: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-:
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-	done
-	LIBS="$ac_save_libs"
-	CFLAGS="$ac_save_cflags"
-
-fi
-echo "$as_me:28996: result: $krb_cv_sys_x_libs_rpath" >&5
-echo "${ECHO_T}$krb_cv_sys_x_libs_rpath" >&6
-	X_LIBS="$krb_cv_sys_x_libs"
-fi
-
-
-
-
-if test "$no_x" != yes; then
-  HAVE_X_TRUE=
-  HAVE_X_FALSE='#'
-else
-  HAVE_X_TRUE='#'
-  HAVE_X_FALSE=
-fi
-
-
-
-save_CFLAGS="$CFLAGS"
-CFLAGS="$X_CFLAGS $CFLAGS"
-save_LIBS="$LIBS"
-LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
-save_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS $X_LIBS"
-
-
-
-
-
-echo "$as_me:29025: checking for XauWriteAuth" >&5
-echo $ECHO_N "checking for XauWriteAuth... $ECHO_C" >&6
-if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 29043 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauWriteAuth()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:29061: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:29064: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:29067: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29070: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauWriteAuth"
-
-if false; then
-
-for ac_func in XauWriteAuth
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:29093: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29099 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:29136: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:29139: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:29142: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29145: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:29155: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauWriteAuth
-eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauWriteAuth=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauWriteAuth=yes"
-	eval "LIB_XauWriteAuth="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:29179: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_XauWriteAuth=no"
-	eval "LIB_XauWriteAuth="
-	echo "$as_me:29185: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_XauWriteAuth=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:29199: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-ac_xxx="$LIBS"
-LIBS="$LIB_XauWriteAuth $LIBS"
-
-
-
-echo "$as_me:29210: checking for XauReadAuth" >&5
-echo $ECHO_N "checking for XauReadAuth... $ECHO_C" >&6
-if test "${ac_cv_funclib_XauReadAuth+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 29228 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauReadAuth()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:29246: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:29249: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:29252: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29255: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauReadAuth"
-
-if false; then
-
-for ac_func in XauReadAuth
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:29278: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29284 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:29321: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:29324: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:29327: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29330: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:29340: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauReadAuth
-eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauReadAuth=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "LIB_XauReadAuth="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:29364: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_XauReadAuth=no"
-	eval "LIB_XauReadAuth="
-	echo "$as_me:29370: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_XauReadAuth=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:29384: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-LIBS="$LIB_XauReadAauth $LIBS"
-
-
-
-echo "$as_me:29394: checking for XauFileName" >&5
-echo $ECHO_N "checking for XauFileName... $ECHO_C" >&6
-if test "${ac_cv_funclib_XauFileName+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" X11 Xau; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 29412 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-XauFileName()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:29430: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:29433: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:29436: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29439: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_XauFileName"
-
-if false; then
-
-for ac_func in XauFileName
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:29462: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29468 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:29505: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:29508: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:29511: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29514: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:29524: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# XauFileName
-eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_XauFileName=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_XauFileName=yes"
-	eval "LIB_XauFileName="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:29548: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_XauFileName=no"
-	eval "LIB_XauFileName="
-	echo "$as_me:29554: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_XauFileName=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:29568: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-LIBS="$ac_xxx"
-
-case "$ac_cv_funclib_XauWriteAuth" in
-yes)	;;
-no)	;;
-*)	if test "$ac_cv_funclib_XauReadAuth" = yes; then
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	else
-		if test "$ac_cv_funclib_XauFileName" = yes; then
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
-		else
-			LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
-		fi
-	fi
-	;;
-esac
-
-if test "$AUTOMAKE" != ""; then
-
-
-if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-  NEED_WRITEAUTH_TRUE=
-  NEED_WRITEAUTH_FALSE='#'
-else
-  NEED_WRITEAUTH_TRUE='#'
-  NEED_WRITEAUTH_FALSE=
-fi
-
-else
-
-
-	if test "$ac_cv_func_XauWriteAuth" != "yes"; then
-		NEED_WRITEAUTH_TRUE=
-		NEED_WRITEAUTH_FALSE='#'
-	else
-		NEED_WRITEAUTH_TRUE='#'
-		NEED_WRITEAUTH_FALSE=
-	fi
-fi
-CFLAGS=$save_CFLAGS
-LIBS=$save_LIBS
-LDFLAGS=$save_LDFLAGS
-
-
-
-echo "$as_me:29623: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
-if test "${ac_cv_c_const+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29629 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this.  */
-  typedef int charset[2];
-  const charset x;
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *ccp;
-  char **p;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  ccp = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++ccp;
-  p = (char**) ccp;
-  ccp = (char const *const *) p;
-  { /* SCO 3.2v4 cc rejects this.  */
-    char *t;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; };
-    struct s *b; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-  }
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:29693: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:29696: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:29699: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29702: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_c_const=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_const=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:29712: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6
-if test $ac_cv_c_const = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
-
-fi
-
-echo "$as_me:29722: checking for off_t" >&5
-echo $ECHO_N "checking for off_t... $ECHO_C" >&6
-if test "${ac_cv_type_off_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29728 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((off_t *) 0)
-  return 0;
-if (sizeof (off_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:29749: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:29752: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:29755: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29758: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_off_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_off_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:29768: result: $ac_cv_type_off_t" >&5
-echo "${ECHO_T}$ac_cv_type_off_t" >&6
-if test $ac_cv_type_off_t = yes; then
-  :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define off_t long
-_ACEOF
-
-fi
-
-echo "$as_me:29780: checking for mode_t" >&5
-echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
-if test "${ac_cv_type_mode_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29786 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-  ac_cv_type_mode_t=yes
-else
-  ac_cv_type_mode_t=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:29804: result: $ac_cv_type_mode_t" >&5
-echo "${ECHO_T}$ac_cv_type_mode_t" >&6
-if test $ac_cv_type_mode_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define mode_t unsigned short
-_ACEOF
-
-fi
-
-echo "$as_me:29814: checking for sig_atomic_t" >&5
-echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
-if test "${ac_cv_type_sig_atomic_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29820 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#include <signal.h>
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-  ac_cv_type_sig_atomic_t=yes
-else
-  ac_cv_type_sig_atomic_t=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:29838: result: $ac_cv_type_sig_atomic_t" >&5
-echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
-if test $ac_cv_type_sig_atomic_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define sig_atomic_t int
-_ACEOF
-
-fi
-
-
-
-cv=`echo "long long" | sed 'y%./+- %__p__%'`
-echo "$as_me:29851: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if eval "test \"\${ac_cv_type_$cv+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29857 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-long long foo;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:29880: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:29883: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:29886: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29889: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "ac_cv_type_$cv=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "ac_cv_type_$cv=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-ac_foo=`eval echo \\$ac_cv_type_$cv`
-echo "$as_me:29900: result: $ac_foo" >&5
-echo "${ECHO_T}$ac_foo" >&6
-if test "$ac_foo" = yes; then
-  ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
-if false; then
-	echo "$as_me:29905: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
-if test "${ac_cv_type_long_long+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29911 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((long long *) 0)
-  return 0;
-if (sizeof (long long))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:29932: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:29935: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:29938: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:29941: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_long_long=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:29951: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6
-if test $ac_cv_type_long_long = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-fi
-
-fi
-
-cat >>confdefs.h <<_ACEOF
-#define $ac_tr_hdr 1
-_ACEOF
-
-fi
-
-echo "$as_me:29970: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
-if test "${ac_cv_header_time+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 29976 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:29998: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:30001: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:30004: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30007: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_header_time=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_header_time=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:30017: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
-
-fi
-
-echo "$as_me:30027: checking whether struct tm is in sys/time.h or time.h" >&5
-echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
-if test "${ac_cv_struct_tm+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30033 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct tm *tp; tp->tm_sec;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:30053: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:30056: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:30059: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30062: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_struct_tm=time.h
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_struct_tm=sys/time.h
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:30072: result: $ac_cv_struct_tm" >&5
-echo "${ECHO_T}$ac_cv_struct_tm" >&6
-if test $ac_cv_struct_tm = sys/time.h; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TM_IN_SYS_TIME 1
-_ACEOF
-
-fi
-
-
-echo "$as_me:30083: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
-if test "${ac_cv_header_stdc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30089 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-_ACEOF
-if { (eval echo "$as_me:30097: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:30103: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_cv_header_stdc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_cv_header_stdc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30125 "configure"
-#include "confdefs.h"
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "memchr" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30143 "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  egrep "free" >/dev/null 2>&1; then
-  :
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30164 "configure"
-#include "confdefs.h"
-#include <ctype.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
-                     || ('j' <= (c) && (c) <= 'r') \
-                     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-        || toupper (i) != TOUPPER (i))
-      exit(2);
-  exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:30190: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30193: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:30195: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30198: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-fi
-echo "$as_me:30212: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in \
-	arpa/ftp.h				\
-	arpa/telnet.h				\
-	bind/bitypes.h				\
-	bsdsetjmp.h				\
-	curses.h				\
-	dlfcn.h					\
-	fnmatch.h				\
-	inttypes.h				\
-	io.h					\
-	libutil.h				\
-	limits.h				\
-	maillock.h				\
-	netinet/in6_machtypes.h			\
-	netinfo/ni.h				\
-	pthread.h				\
-	pty.h					\
-	sac.h					\
-	security/pam_modules.h			\
-	sgtty.h					\
-	siad.h					\
-	signal.h				\
-	stropts.h				\
-	sys/bitypes.h				\
-	sys/category.h				\
-	sys/file.h				\
-	sys/filio.h				\
-	sys/ioccom.h				\
-	sys/pty.h				\
-	sys/ptyio.h				\
-	sys/ptyvar.h				\
-	sys/select.h				\
-	sys/str_tty.h				\
-	sys/stream.h				\
-	sys/stropts.h				\
-	sys/strtty.h				\
-	sys/syscall.h				\
-	sys/termio.h				\
-	sys/timeb.h				\
-	sys/times.h				\
-	sys/un.h				\
-	term.h					\
-	termcap.h				\
-	termio.h				\
-	time.h					\
-	tmpdir.h				\
-	udb.h					\
-	utmp.h					\
-	utmpx.h					\
-
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:30324: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:30329: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:30333: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 30336 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:30342: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:30345: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:30348: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30351: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:30360: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:30364: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 30367 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:30371: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:30377: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:30395: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:30401: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:30403: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:30406: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:30408: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:30410: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:30413: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:30420: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-# Check whether --enable-netinfo or --disable-netinfo was given.
-if test "${enable_netinfo+set}" = set; then
-  enableval="$enable_netinfo"
-
-fi;
-
-if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_NETINFO 1
-_ACEOF
-
-fi
-
-
-
-
-
-echo "$as_me:30452: checking for logwtmp" >&5
-echo $ECHO_N "checking for logwtmp... $ECHO_C" >&6
-if test "${ac_cv_funclib_logwtmp+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 30470 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-logwtmp()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:30488: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30491: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:30494: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30497: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_logwtmp"
-
-if false; then
-
-for ac_func in logwtmp
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:30520: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30526 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:30563: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30566: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:30569: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30572: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:30582: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# logwtmp
-eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_logwtmp=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_logwtmp=yes"
-	eval "LIB_logwtmp="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:30606: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_logwtmp=no"
-	eval "LIB_logwtmp="
-	echo "$as_me:30612: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_logwtmp=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:30626: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:30635: checking for logout" >&5
-echo $ECHO_N "checking for logout... $ECHO_C" >&6
-if test "${ac_cv_funclib_logout+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_logout\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 30653 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-logout()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:30671: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30674: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:30677: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30680: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_logout"
-
-if false; then
-
-for ac_func in logout
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:30703: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30709 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:30746: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30749: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:30752: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30755: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:30765: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# logout
-eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_logout=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_logout=yes"
-	eval "LIB_logout="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:30789: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_logout=no"
-	eval "LIB_logout="
-	echo "$as_me:30795: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_logout=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:30809: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:30818: checking for openpty" >&5
-echo $ECHO_N "checking for openpty... $ECHO_C" >&6
-if test "${ac_cv_funclib_openpty+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_openpty\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" util; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 30836 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-openpty()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:30854: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30857: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:30860: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30863: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_openpty=$ac_lib; else ac_cv_funclib_openpty=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_openpty=\${ac_cv_funclib_openpty-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_openpty"
-
-if false; then
-
-for ac_func in openpty
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:30886: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 30892 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:30929: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:30932: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:30935: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:30938: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:30948: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# openpty
-eval "ac_tr_func=HAVE_`echo openpty | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_openpty=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_openpty=yes"
-	eval "LIB_openpty="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:30972: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_openpty=no"
-	eval "LIB_openpty="
-	echo "$as_me:30978: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_openpty=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:30992: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-echo "$as_me:31001: checking for tgetent" >&5
-echo $ECHO_N "checking for tgetent... $ECHO_C" >&6
-if test "${ac_cv_funclib_tgetent+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" termcap ncurses curses; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 31019 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-tgetent()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31037: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31040: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31043: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31046: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_tgetent"
-
-if false; then
-
-for ac_func in tgetent
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:31069: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 31075 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31112: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31115: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31118: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31121: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:31131: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# tgetent
-eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_tgetent=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_tgetent=yes"
-	eval "LIB_tgetent="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:31155: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_tgetent=no"
-	eval "LIB_tgetent="
-	echo "$as_me:31161: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_tgetent=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:31175: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in 				\
-	_getpty					\
-	_scrsize				\
-	fcntl					\
-	grantpt					\
-	mktime					\
-	ptsname					\
-	rand					\
-	revoke					\
-	select					\
-	setitimer				\
-	setpcred				\
-	setpgid					\
-	setproctitle				\
-	setregid				\
-	setresgid				\
-	setresuid				\
-	setreuid				\
-	setsid					\
-	setutent				\
-	sigaction				\
-	strstr					\
-	timegm					\
-	ttyname					\
-	ttyslot					\
-	umask					\
-	unlockpt				\
-	vhangup					\
-	yp_get_default_domain			\
-
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:31243: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 31249 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31286: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31289: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31292: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31295: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:31305: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-for ac_header in capability.h sys/capability.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:31324: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:31329: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
-  # Is the header compilable?
-echo "$as_me:31333: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 31336 "configure"
-#include "confdefs.h"
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:31342: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:31345: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:31348: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31351: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_header_compiler=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:31360: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:31364: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line 31367 "configure"
-#include "confdefs.h"
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:31371: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-  ac_status=$?
-  egrep -v '^ *\+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:31377: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
-  ac_header_preproc=yes
-else
-  echo "$as_me: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:31395: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So?  What about this header?
-case $ac_header_compiler:$ac_header_preproc in
-  yes:no )
-    { echo "$as_me:31401: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-    { echo "$as_me:31403: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-  no:yes )
-    { echo "$as_me:31406: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-    { echo "$as_me:31408: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-    { echo "$as_me:31410: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:31413: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:31420: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-for ac_func in sgi_getcapabilitybyname cap_set_proc
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:31439: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 31445 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31482: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31485: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31488: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31491: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:31501: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-
-echo "$as_me:31517: checking for getpwnam_r" >&5
-echo $ECHO_N "checking for getpwnam_r... $ECHO_C" >&6
-if test "${ac_cv_funclib_getpwnam_r+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" c_r; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib  $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 31535 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getpwnam_r()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31553: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31556: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31559: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31562: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_getpwnam_r"
-
-if false; then
-
-for ac_func in getpwnam_r
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:31585: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 31591 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31628: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31631: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31634: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31637: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:31647: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# getpwnam_r
-eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_getpwnam_r=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_getpwnam_r=yes"
-	eval "LIB_getpwnam_r="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:31671: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_getpwnam_r=no"
-	eval "LIB_getpwnam_r="
-	echo "$as_me:31677: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_getpwnam_r=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:31691: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test "$ac_cv_func_getpwnam_r" = yes; then
-	echo "$as_me:31698: checking if getpwnam_r is posix" >&5
-echo $ECHO_N "checking if getpwnam_r is posix... $ECHO_C" >&6
-if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_libs="$LIBS"
-	LIBS="$LIBS $LIB_getpwnam_r"
-	if test "$cross_compiling" = yes; then
-  :
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 31709 "configure"
-#include "confdefs.h"
-
-#include <pwd.h>
-int main()
-{
-	struct passwd pw, *pwd;
-	return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:31721: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31724: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:31726: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31729: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getpwnam_r_posix=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getpwnam_r_posix=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-LIBS="$ac_libs"
-fi
-echo "$as_me:31743: result: $ac_cv_func_getpwnam_r_posix" >&5
-echo "${ECHO_T}$ac_cv_func_getpwnam_r_posix" >&6
-if test "$ac_cv_func_getpwnam_r_posix" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define POSIX_GETPWNAM_R 1
-_ACEOF
-
-fi
-fi
-
-
-
-
-for ac_func in getudbnam setlim
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:31760: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 31766 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:31803: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:31806: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:31809: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31812: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:31822: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-echo "$as_me:31837: checking for ut_addr in struct utmp" >&5
-echo $ECHO_N "checking for ut_addr in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 31844 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_addr;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:31862: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:31865: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:31868: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31871: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_addr=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_addr=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:31881: result: $ac_cv_type_struct_utmp_ut_addr" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_addr" >&6
-if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_ADDR 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:31896: checking for ut_host in struct utmp" >&5
-echo $ECHO_N "checking for ut_host in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 31903 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_host;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:31921: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:31924: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:31927: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31930: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_host=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_host=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:31940: result: $ac_cv_type_struct_utmp_ut_host" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_host" >&6
-if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_HOST 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:31955: checking for ut_id in struct utmp" >&5
-echo $ECHO_N "checking for ut_id in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 31962 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_id;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:31980: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:31983: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:31986: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:31989: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_id=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_id=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:31999: result: $ac_cv_type_struct_utmp_ut_id" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_id" >&6
-if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_ID 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:32014: checking for ut_pid in struct utmp" >&5
-echo $ECHO_N "checking for ut_pid in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 32021 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_pid;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32039: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32042: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32045: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32048: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_pid=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_pid=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32058: result: $ac_cv_type_struct_utmp_ut_pid" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_pid" >&6
-if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_PID 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:32073: checking for ut_type in struct utmp" >&5
-echo $ECHO_N "checking for ut_type in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 32080 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_type;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32098: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32101: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32104: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32107: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_type=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_type=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32117: result: $ac_cv_type_struct_utmp_ut_type" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_type" >&6
-if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_TYPE 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:32132: checking for ut_user in struct utmp" >&5
-echo $ECHO_N "checking for ut_user in struct utmp... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 32139 "configure"
-#include "confdefs.h"
-#include <utmp.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmp x; x.ut_user;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32157: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32160: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32163: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32166: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmp_ut_user=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmp_ut_user=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32176: result: $ac_cv_type_struct_utmp_ut_user" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_user" >&6
-if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMP_UT_USER 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:32191: checking for ut_exit in struct utmpx" >&5
-echo $ECHO_N "checking for ut_exit in struct utmpx... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 32198 "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmpx x; x.ut_exit;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32216: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32219: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32222: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32225: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmpx_ut_exit=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmpx_ut_exit=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32235: result: $ac_cv_type_struct_utmpx_ut_exit" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_exit" >&6
-if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMPX_UT_EXIT 1
-_ACEOF
-
-
-fi
-
-
-
-
-echo "$as_me:32250: checking for ut_syslen in struct utmpx" >&5
-echo $ECHO_N "checking for ut_syslen in struct utmpx... $ECHO_C" >&6
-if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-cat >conftest.$ac_ext <<_ACEOF
-#line 32257 "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-struct utmpx x; x.ut_syslen;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32275: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32278: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32281: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32284: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_struct_utmpx_ut_syslen=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_struct_utmpx_ut_syslen=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32294: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5
-echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_syslen" >&6
-if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1
-_ACEOF
-
-
-fi
-
-
-
-echo "$as_me:32308: checking for int8_t" >&5
-echo $ECHO_N "checking for int8_t... $ECHO_C" >&6
-if test "${ac_cv_type_int8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32314 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int8_t *) 0)
-  return 0;
-if (sizeof (int8_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32352: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32355: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32358: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32361: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int8_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32371: result: $ac_cv_type_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_int8_t" >&6
-if test $ac_cv_type_int8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT8_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32381: checking for int16_t" >&5
-echo $ECHO_N "checking for int16_t... $ECHO_C" >&6
-if test "${ac_cv_type_int16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32387 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int16_t *) 0)
-  return 0;
-if (sizeof (int16_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32425: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32428: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32431: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32434: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int16_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32444: result: $ac_cv_type_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_int16_t" >&6
-if test $ac_cv_type_int16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT16_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32454: checking for int32_t" >&5
-echo $ECHO_N "checking for int32_t... $ECHO_C" >&6
-if test "${ac_cv_type_int32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32460 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int32_t *) 0)
-  return 0;
-if (sizeof (int32_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32498: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32501: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32504: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32507: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int32_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32517: result: $ac_cv_type_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_int32_t" >&6
-if test $ac_cv_type_int32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT32_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32527: checking for int64_t" >&5
-echo $ECHO_N "checking for int64_t... $ECHO_C" >&6
-if test "${ac_cv_type_int64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32533 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int64_t *) 0)
-  return 0;
-if (sizeof (int64_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32571: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32574: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32577: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32580: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_int64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int64_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32590: result: $ac_cv_type_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_int64_t" >&6
-if test $ac_cv_type_int64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_INT64_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32600: checking for u_int8_t" >&5
-echo $ECHO_N "checking for u_int8_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32606 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int8_t *) 0)
-  return 0;
-if (sizeof (u_int8_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32644: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32647: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32650: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32653: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int8_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32663: result: $ac_cv_type_u_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int8_t" >&6
-if test $ac_cv_type_u_int8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT8_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32673: checking for u_int16_t" >&5
-echo $ECHO_N "checking for u_int16_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32679 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int16_t *) 0)
-  return 0;
-if (sizeof (u_int16_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32717: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32720: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32723: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32726: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int16_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32736: result: $ac_cv_type_u_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int16_t" >&6
-if test $ac_cv_type_u_int16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT16_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32746: checking for u_int32_t" >&5
-echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32752 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int32_t *) 0)
-  return 0;
-if (sizeof (u_int32_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32790: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32793: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32796: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32799: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int32_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32809: result: $ac_cv_type_u_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6
-if test $ac_cv_type_u_int32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT32_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32819: checking for u_int64_t" >&5
-echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6
-if test "${ac_cv_type_u_int64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32825 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((u_int64_t *) 0)
-  return 0;
-if (sizeof (u_int64_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32863: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32866: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32869: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32872: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_u_int64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_u_int64_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32882: result: $ac_cv_type_u_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6
-if test $ac_cv_type_u_int64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_U_INT64_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32892: checking for uint8_t" >&5
-echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint8_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32898 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint8_t *) 0)
-  return 0;
-if (sizeof (uint8_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:32936: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:32939: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:32942: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:32945: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint8_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint8_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:32955: result: $ac_cv_type_uint8_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint8_t" >&6
-if test $ac_cv_type_uint8_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT8_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:32965: checking for uint16_t" >&5
-echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint16_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 32971 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint16_t *) 0)
-  return 0;
-if (sizeof (uint16_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:33009: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:33012: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:33015: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33018: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint16_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint16_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:33028: result: $ac_cv_type_uint16_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint16_t" >&6
-if test $ac_cv_type_uint16_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT16_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:33038: checking for uint32_t" >&5
-echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint32_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 33044 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint32_t *) 0)
-  return 0;
-if (sizeof (uint32_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:33082: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:33085: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:33088: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33091: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint32_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint32_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:33101: result: $ac_cv_type_uint32_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint32_t" >&6
-if test $ac_cv_type_uint32_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT32_T 1
-_ACEOF
-
-
-fi
-echo "$as_me:33111: checking for uint64_t" >&5
-echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint64_t+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 33117 "configure"
-#include "confdefs.h"
-
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((uint64_t *) 0)
-  return 0;
-if (sizeof (uint64_t))
-  return 0;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:33155: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:33158: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:33161: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33164: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_uint64_t=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_uint64_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:33174: result: $ac_cv_type_uint64_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint64_t" >&6
-if test $ac_cv_type_uint64_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_UINT64_T 1
-_ACEOF
-
-
-fi
-
-
-
-crypto_lib=unknown
-
-
-# Check whether --with-openssl or --without-openssl was given.
-if test "${with_openssl+set}" = set; then
-  withval="$with_openssl"
-
-fi;
-
-
-# Check whether --with-openssl-lib or --without-openssl-lib was given.
-if test "${with_openssl_lib+set}" = set; then
-  withval="$with_openssl_lib"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:33201: error: No argument for --with-openssl-lib" >&5
-echo "$as_me: error: No argument for --with-openssl-lib" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openssl" = "X"; then
-  with_openssl=yes
-fi
-fi;
-
-
-# Check whether --with-openssl-include or --without-openssl-include was given.
-if test "${with_openssl_include+set}" = set; then
-  withval="$with_openssl_include"
-  if test "$withval" = "yes" -o "$withval" = "no"; then
-  { { echo "$as_me:33214: error: No argument for --with-openssl-include" >&5
-echo "$as_me: error: No argument for --with-openssl-include" >&2;}
-   { (exit 1); exit 1; }; }
-elif test "X$with_openssl" = "X"; then
-  with_openssl=yes
-fi
-fi;
-
-case "$with_openssl" in
-yes)	;;
-no)	;;
-"")	;;
-*)	if test "$with_openssl_include" = ""; then
-		with_openssl_include="$with_openssl/include"
-	fi
-	if test "$with_openssl_lib" = ""; then
-		with_openssl_lib="$with_openssl/lib$abilibdirext"
-	fi
-	;;
-esac
-
-
-DIR_des=
-
-echo "$as_me:33238: checking for crypto library" >&5
-echo $ECHO_N "checking for crypto library... $ECHO_C" >&6
-
-openssl=no
-if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
-
-  save_CPPFLAGS="$CPPFLAGS"
-  save_LIBS="$LIBS"
-  INCLUDE_des=
-  LIB_des=
-  if test "$with_openssl_include" != ""; then
-    INCLUDE_des="-I${with_openssl}/include"
-  fi
-  if test "$with_openssl_lib" != ""; then
-    LIB_des="-L${with_openssl}/lib"
-  fi
-  CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}"
-  LIB_des="${LIB_des} -lcrypto"
-  LIB_des_a="$LIB_des"
-  LIB_des_so="$LIB_des"
-  LIB_des_appl="$LIB_des"
-  LIBS="${LIBS} ${LIB_des}"
-  cat >conftest.$ac_ext <<_ACEOF
-#line 33261 "configure"
-#include "confdefs.h"
-
-  #include <openssl/md4.h>
-  #include <openssl/md5.h>
-  #include <openssl/sha.h>
-  #include <openssl/des.h>
-  #include <openssl/rc4.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-    void *schedule = 0;
-    MD4_CTX md4;
-    MD5_CTX md5;
-    SHA_CTX sha1;
-
-    MD4_Init(&md4);
-    MD5_Init(&md5);
-    SHA1_Init(&sha1);
-
-    des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
-    RC4(0, 0, 0, 0);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:33297: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:33300: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:33303: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33306: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-  crypto_lib=libcrypto openssl=yes
-  echo "$as_me:33310: result: libcrypto" >&5
-echo "${ECHO_T}libcrypto" >&6
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-  CPPFLAGS="$save_CPPFLAGS"
-  LIBS="$save_LIBS"
-fi
-
-if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
-	save_CPPFLAGS="$CPPFLAGS"
-	save_LIBS="$LIBS"
-
-	cdirs= clibs=
-	for i in $LIB_krb4; do
-		case "$i" in
-		-L*) cdirs="$cdirs $i";;
-		-l*) clibs="$clibs $i";;
-		esac
-	done
-
-	ires=
-	for i in $INCLUDE_krb4; do
-		CFLAGS="$i $save_CFLAGS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 33337 "configure"
-#include "confdefs.h"
-
-			#undef KRB5 /* makes md4.h et al unhappy */
-			#define KRB4
-			#include <openssl/md4.h>
-			#include <openssl/md5.h>
-			#include <openssl/sha.h>
-			#include <openssl/des.h>
-			#include <openssl/rc4.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-			MD4_CTX md4;
-			MD5_CTX md5;
-			SHA_CTX sha1;
-
-			MD4_Init(&md4);
-			MD5_Init(&md5);
-			SHA1_Init(&sha1);
-
-			des_cbc_encrypt(0, 0, 0, 0, 0, 0);
-			RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:33373: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:33376: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:33379: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33382: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  openssl=yes ires="$i"; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-		cat >conftest.$ac_ext <<_ACEOF
-#line 33391 "configure"
-#include "confdefs.h"
-
-			#undef KRB5 /* makes md4.h et al unhappy */
-			#define KRB4
-			#include <md4.h>
-			#include <md5.h>
-			#include <sha.h>
-			#include <des.h>
-			#include <rc4.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-			MD4_CTX md4;
-			MD5_CTX md5;
-			SHA_CTX sha1;
-
-			MD4_Init(&md4);
-			MD5_Init(&md5);
-			SHA1_Init(&sha1);
-
-			des_cbc_encrypt(0, 0, 0, 0, 0, 0);
-			RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:33427: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:33430: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:33433: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33436: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ires="$i"; break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-	done
-	lres=
-	for i in $cdirs; do
-		for j in $clibs; do
-			LIBS="$i $j $save_LIBS"
-			if test "$openssl" = yes; then
-			cat >conftest.$ac_ext <<_ACEOF
-#line 33451 "configure"
-#include "confdefs.h"
-
-				#undef KRB5 /* makes md4.h et al unhappy */
-				#define KRB4
-				#include <openssl/md4.h>
-				#include <openssl/md5.h>
-				#include <openssl/sha.h>
-				#include <openssl/des.h>
-				#include <openssl/rc4.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-				MD4_CTX md4;
-				MD5_CTX md5;
-				SHA_CTX sha1;
-
-				MD4_Init(&md4);
-				MD5_Init(&md5);
-				SHA1_Init(&sha1);
-
-				des_cbc_encrypt(0, 0, 0, 0, 0, 0);
-				RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:33487: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:33490: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:33493: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33496: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres="$i $j"; break 2
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-			else
-			cat >conftest.$ac_ext <<_ACEOF
-#line 33506 "configure"
-#include "confdefs.h"
-
-				#undef KRB5 /* makes md4.h et al unhappy */
-				#define KRB4
-				#include <md4.h>
-				#include <md5.h>
-				#include <sha.h>
-				#include <des.h>
-				#include <rc4.h>
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-				MD4_CTX md4;
-				MD5_CTX md5;
-				SHA_CTX sha1;
-
-				MD4_Init(&md4);
-				MD5_Init(&md5);
-				SHA1_Init(&sha1);
-
-				des_cbc_encrypt(0, 0, 0, 0, 0, 0);
-				RC4(0, 0, 0, 0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:33542: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:33545: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:33548: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33551: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  lres="$i $j"; break 2
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-			fi
-		done
-	done
-	CFLAGS="$save_CFLAGS"
-	LIBS="$save_LIBS"
-	if test "$ires" -a "$lres"; then
-		INCLUDE_des="$ires"
-		LIB_des="$lres"
-		crypto_lib=krb4
-		echo "$as_me:33568: result: same as krb4" >&5
-echo "${ECHO_T}same as krb4" >&6
-		LIB_des_a='$(LIB_des)'
-		LIB_des_so='$(LIB_des)'
-		LIB_des_appl='$(LIB_des)'
-	fi
-fi
-
-if test "$crypto_lib" = "unknown"; then
-
-  DIR_des='des'
-  LIB_des='$(top_builddir)/lib/des/libdes.la'
-  LIB_des_a='$(top_builddir)/lib/des/.libs/libdes.a'
-  LIB_des_so='$(top_builddir)/lib/des/.libs/libdes.so'
-  LIB_des_appl="-ldes"
-
-  echo "$as_me:33584: result: included libdes" >&5
-echo "${ECHO_T}included libdes" >&6
-
-fi
-
-if test "$openssl" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPENSSL 1
-_ACEOF
-
-fi
-
-
-if test "$openssl" = yes; then
-  HAVE_OPENSSL_TRUE=
-  HAVE_OPENSSL_FALSE='#'
-else
-  HAVE_OPENSSL_TRUE='#'
-  HAVE_OPENSSL_FALSE=
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-echo "$as_me:33618: checking for el_init" >&5
-echo $ECHO_N "checking for el_init... $ECHO_C" >&6
-if test "${ac_cv_funclib_el_init+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
-	ac_save_LIBS="$LIBS"
-	for ac_lib in "" edit; do
-		case "$ac_lib" in
-		"") ;;
-		yes) ac_lib="" ;;
-		no) continue ;;
-		-l*) ;;
-		*) ac_lib="-l$ac_lib" ;;
-		esac
-		LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
-		cat >conftest.$ac_ext <<_ACEOF
-#line 33636 "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-el_init()
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:33654: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:33657: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:33660: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33663: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-	done
-	eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}"
-	LIBS="$ac_save_LIBS"
-fi
-
-fi
-
-
-eval "ac_res=\$ac_cv_funclib_el_init"
-
-if false; then
-
-for ac_func in el_init
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:33686: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 33692 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:33729: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:33732: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:33735: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33738: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:33748: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-fi
-# el_init
-eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
-eval "LIB_el_init=$ac_res"
-
-case "$ac_res" in
-	yes)
-	eval "ac_cv_func_el_init=yes"
-	eval "LIB_el_init="
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	echo "$as_me:33772: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-	;;
-	no)
-	eval "ac_cv_func_el_init=no"
-	eval "LIB_el_init="
-	echo "$as_me:33778: result: no" >&5
-echo "${ECHO_T}no" >&6
-	;;
-	*)
-	eval "ac_cv_func_el_init=yes"
-	eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_func 1
-_ACEOF
-
-	cat >>confdefs.h <<_ACEOF
-#define $ac_tr_lib 1
-_ACEOF
-
-	echo "$as_me:33792: result: yes, in $ac_res" >&5
-echo "${ECHO_T}yes, in $ac_res" >&6
-	;;
-esac
-
-
-if test "$ac_cv_func_el_init" = yes ; then
-	echo "$as_me:33799: checking for four argument el_init" >&5
-echo $ECHO_N "checking for four argument el_init... $ECHO_C" >&6
-if test "${ac_cv_func_el_init_four+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-		cat >conftest.$ac_ext <<_ACEOF
-#line 33806 "configure"
-#include "confdefs.h"
-#include <stdio.h>
-			#include <histedit.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-el_init("", NULL, NULL, NULL);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:33825: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
-  ac_status=$?
-  echo "$as_me:33828: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:33831: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33834: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_el_init_four=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_el_init_four=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:33844: result: $ac_cv_func_el_init_four" >&5
-echo "${ECHO_T}$ac_cv_func_el_init_four" >&6
-	if test "$ac_cv_func_el_init_four" = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_FOUR_VALUED_EL_INIT 1
-_ACEOF
-
-	fi
-fi
-
-
-ac_foo=no
-if test "$with_readline" = yes; then
-	:
-elif test "$ac_cv_func_readline" = yes; then
-	:
-elif test "$ac_cv_func_el_init" = yes; then
-	ac_foo=yes
-	LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
-else
-	LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
-fi
-
-
-if test "$ac_foo" = yes; then
-  el_compat_TRUE=
-  el_compat_FALSE='#'
-else
-  el_compat_TRUE='#'
-  el_compat_FALSE=
-fi
-
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_READLINE 1
-_ACEOF
-
-
-
-
-
-cat >>confdefs.h <<\_ACEOF
-#define AUTHENTICATION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define ENCRYPTION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define DES_ENCRYPTION 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define DIAGNOSTICS 1
-_ACEOF
-
-cat >>confdefs.h <<\_ACEOF
-#define OLD_ENVIRON 1
-_ACEOF
-if false; then
-
-cat >>confdefs.h <<\_ACEOF
-#define ENV_HACK 1
-_ACEOF
-
-fi
-
-# Simple test for streamspty, based on the existance of getmsg(), alas
-# this breaks on SunOS4 which have streams but BSD-like ptys
-#
-# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
-
-case "$host" in
-*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[01]*)
-	;;
-*)
-	echo "$as_me:33922: checking for getmsg" >&5
-echo $ECHO_N "checking for getmsg... $ECHO_C" >&6
-if test "${ac_cv_func_getmsg+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 33928 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char getmsg (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char getmsg ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_getmsg) || defined (__stub___getmsg)
-choke me
-#else
-f = getmsg;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:33965: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:33968: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:33971: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:33974: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getmsg=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getmsg=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:33984: result: $ac_cv_func_getmsg" >&5
-echo "${ECHO_T}$ac_cv_func_getmsg" >&6
-
-	if test "$ac_cv_func_getmsg" = "yes"; then
-		echo "$as_me:33988: checking if getmsg works" >&5
-echo $ECHO_N "checking if getmsg works... $ECHO_C" >&6
-if test "${ac_cv_func_getmsg_works+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test "$cross_compiling" = yes; then
-  ac_cv_func_getmsg_works=no
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 33997 "configure"
-#include "confdefs.h"
-
-			#include <stdio.h>
-			#include <errno.h>
-
-			int main()
-			{
-			  int ret;
-			  ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
-			  if(ret < 0 && errno == ENOSYS)
-			    return 1;
-			  return 0;
-			}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:34014: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:34017: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:34019: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:34022: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func_getmsg_works=yes
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_func_getmsg_works=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:34035: result: $ac_cv_func_getmsg_works" >&5
-echo "${ECHO_T}$ac_cv_func_getmsg_works" >&6
-		if test "$ac_cv_func_getmsg_works" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_GETMSG 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define STREAMSPTY 1
-_ACEOF
-
-		fi
-	fi
-	;;
-esac
-
-
-
-
-
-
-
-# Extract the first word of "compile_et", so it can be a program name with args.
-set dummy compile_et; ac_word=$2
-echo "$as_me:34061: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_COMPILE_ET+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$COMPILE_ET"; then
-  ac_cv_prog_COMPILE_ET="$COMPILE_ET" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_COMPILE_ET="compile_et"
-    echo "$as_me:34077: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-fi
-fi
-COMPILE_ET=$ac_cv_prog_COMPILE_ET
-if test -n "$COMPILE_ET"; then
-  echo "$as_me:34087: result: $COMPILE_ET" >&5
-echo "${ECHO_T}$COMPILE_ET" >&6
-else
-  echo "$as_me:34090: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-krb_cv_compile_et="no"
-if test "${COMPILE_ET}" = "compile_et"; then
-
-echo "$as_me:34098: checking whether compile_et has the features we need" >&5
-echo $ECHO_N "checking whether compile_et has the features we need... $ECHO_C" >&6
-cat > conftest_et.et <<'EOF'
-error_table conf
-prefix CONFTEST
-index 1
-error_code CODE1, "CODE1"
-index 128
-error_code CODE2, "CODE2"
-end
-EOF
-if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
-    save_CPPFLAGS="${save_CPPFLAGS}"
-  if test -d "/usr/include/et"; then
-    CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
-  fi
-    if test "$cross_compiling" = yes; then
-  { { echo "$as_me:34115: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
-   { (exit 1); exit 1; }; }
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line 34120 "configure"
-#include "confdefs.h"
-
-#include <com_err.h>
-#include <string.h>
-#include "conftest_et.h"
-int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:34130: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:34133: \$? = $ac_status" >&5
-  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:34135: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:34138: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_compile_et="yes"
-else
-  echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-CPPFLAGS="${save_CPPFLAGS}"
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-echo "$as_me:34151: result: ${krb_cv_compile_et}" >&5
-echo "${ECHO_T}${krb_cv_compile_et}" >&6
-rm -fr conftest*
-fi
-
-if test "${krb_cv_compile_et}" = "yes"; then
-    krb_cv_save_LIBS="${LIBS}"
-  LIBS="${LIBS} -lcom_err"
-  echo "$as_me:34159: checking for com_err" >&5
-echo $ECHO_N "checking for com_err... $ECHO_C" >&6
-  cat >conftest.$ac_ext <<_ACEOF
-#line 34162 "configure"
-#include "confdefs.h"
-#include <com_err.h>
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
-    const char *p;
-    p = error_message(0);
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:34183: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:34186: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:34189: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:34192: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  krb_cv_com_err="yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-  echo "$as_me:34201: result: ${krb_cv_com_err}" >&5
-echo "${ECHO_T}${krb_cv_com_err}" >&6
-  LIBS="${krb_cv_save_LIBS}"
-else
-    krb_cv_com_err="no"
-fi
-
-if test "${krb_cv_com_err}" = "yes"; then
-    DIR_com_err=""
-    LIB_com_err="-lcom_err"
-    LIB_com_err_a=""
-    LIB_com_err_so=""
-    { echo "$as_me:34213: Using the already-installed com_err" >&5
-echo "$as_me: Using the already-installed com_err" >&6;}
-else
-    COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
-    DIR_com_err="com_err"
-    LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
-    LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
-    LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
-    { echo "$as_me:34221: Using our own com_err" >&5
-echo "$as_me: Using our own com_err" >&6;}
-fi
-
-
-
-
-
-
-
-
-echo "$as_me:34232: checking which authentication modules should be built" >&5
-echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6
-
-LIB_AUTH_SUBDIRS=
-
-if test "$ac_cv_header_siad_h" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
-fi
-
-case "${host}" in
-*-*-freebsd*)	ac_cv_want_pam_krb4=no ;;
-*)		ac_cv_want_pam_krb4=yes ;;
-esac
-
-if test "$ac_cv_want_pam_krb4" = yes -a \
-    "$ac_cv_header_security_pam_modules_h" = yes -a \
-    "$enable_shared" = yes; then
-	LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
-fi
-
-case "${host}" in
-*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
-esac
-
-echo "$as_me:34256: result: $LIB_AUTH_SUBDIRS" >&5
-echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6
-
-
-
-
-# This is done by AC_OUTPUT but we need the result here.
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-
-	x="${bindir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define BINDIR "$x"
-_ACEOF
-
-	x="${libdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LIBDIR "$x"
-_ACEOF
-
-	x="${libexecdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LIBEXECDIR "$x"
-_ACEOF
-
-	x="${localstatedir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define LOCALSTATEDIR "$x"
-_ACEOF
-
-	x="${sbindir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define SBINDIR "$x"
-_ACEOF
-
-	x="${sysconfdir}"
-	eval y="$x"
-	while test "x$y" != "x$x"; do
-		x="$y"
-		eval y="$x"
-	done
-
-cat >>confdefs.h <<_ACEOF
-#define SYSCONFDIR "$x"
-_ACEOF
-
-
-
-LTLIBOBJS=`echo "$LIBOBJS" |
-	sed 's,\.[^.]* ,.lo ,g;s,\.[^.]*$,.lo,'`
-
-
-
-
-
-ac_config_files="$ac_config_files Makefile include/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/des/Makefile lib/editline/Makefile lib/gssapi/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile doc/Makefile tools/Makefile"
-
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems.  If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overriden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-{
-  (set) 2>&1 |
-    case `(ac_space=' '; set | grep ac_space) 2>&1` in
-    *ac_space=\ *)
-      # `set' does not quote correctly, so add quotes (double-quote
-      # substitution turns \\\\ into \\, and sed turns \\ into \).
-      sed -n \
-        "s/'/'\\\\''/g;
-    	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
-      ;;
-    *)
-      # `set' quotes correctly as required by POSIX, so do not add quotes.
-      sed -n \
-        "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
-      ;;
-    esac;
-} |
-  sed '
-     t clear
-     : clear
-     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
-     t end
-     /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
-     : end' >>confcache
-if cmp -s $cache_file confcache; then :; else
-  if test -w $cache_file; then
-    test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
-    cat confcache >$cache_file
-  else
-    echo "not updating unwritable cache $cache_file"
-  fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
-  ac_vpsub='/^[ 	]*VPATH[ 	]*=/{
-s/:*\$(srcdir):*/:/;
-s/:*\${srcdir}:*/:/;
-s/:*@srcdir@:*/:/;
-s/^\([^=]*=[ 	]*\):*/\1/;
-s/:*$//;
-s/^[^=]*=[ 	]*$//;
-}'
-fi
-
-DEFS=-DHAVE_CONFIG_H
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
-  { { echo "$as_me:34422: error: conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then
-  { { echo "$as_me:34429: error: conditional \"HAVE_DB1\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DB1\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DB3_TRUE}" && test -z "${HAVE_DB3_FALSE}"; then
-  { { echo "$as_me:34436: error: conditional \"HAVE_DB3\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DB3\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_NDBM_TRUE}" && test -z "${HAVE_NDBM_FALSE}"; then
-  { { echo "$as_me:34443: error: conditional \"HAVE_NDBM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_NDBM\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_err_h_TRUE}" && test -z "${have_err_h_FALSE}"; then
-  { { echo "$as_me:34450: error: conditional \"have_err_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_err_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_fnmatch_h_TRUE}" && test -z "${have_fnmatch_h_FALSE}"; then
-  { { echo "$as_me:34457: error: conditional \"have_fnmatch_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_fnmatch_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_ifaddrs_h_TRUE}" && test -z "${have_ifaddrs_h_FALSE}"; then
-  { { echo "$as_me:34464: error: conditional \"have_ifaddrs_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_ifaddrs_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_vis_h_TRUE}" && test -z "${have_vis_h_FALSE}"; then
-  { { echo "$as_me:34471: error: conditional \"have_vis_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_vis_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${have_glob_h_TRUE}" && test -z "${have_glob_h_FALSE}"; then
-  { { echo "$as_me:34478: error: conditional \"have_glob_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"have_glob_h\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then
-  { { echo "$as_me:34485: error: conditional \"KRB4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KRB4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then
-  { { echo "$as_me:34492: error: conditional \"KRB5\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"KRB5\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then
-  { { echo "$as_me:34499: error: conditional \"do_roken_rename\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"do_roken_rename\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then
-  { { echo "$as_me:34506: error: conditional \"DCE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"DCE\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then
-  { { echo "$as_me:34513: error: conditional \"OTP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"OTP\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${CATMAN_TRUE}" && test -z "${CATMAN_FALSE}"; then
-  { { echo "$as_me:34520: error: conditional \"CATMAN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"CATMAN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX_TRUE}" && test -z "${AIX_FALSE}"; then
-  { { echo "$as_me:34527: error: conditional \"AIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX4_TRUE}" && test -z "${AIX4_FALSE}"; then
-  { { echo "$as_me:34534: error: conditional \"AIX4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX4\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_DLOPEN_TRUE}" && test -z "${HAVE_DLOPEN_FALSE}"; then
-  { { echo "$as_me:34541: error: conditional \"HAVE_DLOPEN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_DLOPEN\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${AIX_DYNAMIC_AFS_TRUE}" && test -z "${AIX_DYNAMIC_AFS_FALSE}"; then
-  { { echo "$as_me:34548: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${IRIX_TRUE}" && test -z "${IRIX_FALSE}"; then
-  { { echo "$as_me:34555: error: conditional \"IRIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"IRIX\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_X_TRUE}" && test -z "${HAVE_X_FALSE}"; then
-  { { echo "$as_me:34562: error: conditional \"HAVE_X\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_X\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${NEED_WRITEAUTH_TRUE}" && test -z "${NEED_WRITEAUTH_FALSE}"; then
-  { { echo "$as_me:34569: error: conditional \"NEED_WRITEAUTH\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"NEED_WRITEAUTH\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then
-  { { echo "$as_me:34576: error: conditional \"HAVE_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then
-  { { echo "$as_me:34583: error: conditional \"el_compat\" was never defined.
-Usually this means the macro was only invoked conditionally." >&5
-echo "$as_me: error: conditional \"el_compat\" was never defined.
-Usually this means the macro was only invoked conditionally." >&2;}
-   { (exit 1); exit 1; }; }
-fi
-
-: ${CONFIG_STATUS=./config.status}
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:34593: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-## --------------------- ##
-## M4sh Initialization.  ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
-  emulate sh
-  NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
-  as_unset=unset
-else
-  as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
-    { $as_unset LANG || test "${LANG+set}" != set; } ||
-      { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
-    { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
-      { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
-    { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
-      { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
-    { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
-      { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
-    { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
-      { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
-    { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
-      { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
-    { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
-      { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
-    { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
-      { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
-	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conftest.sh
-  echo  "exit 0"   >>conftest.sh
-  chmod +x conftest.sh
-  if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conftest.sh
-fi
-
-
-  as_lineno_1=34688
-  as_lineno_2=34689
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { { echo "$as_me:34713: error: cannot find myself; rerun with an absolute path" >&5
-echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
-	 /*)
-	   if ("$as_dir/$as_base" -c '
-  as_lineno_1=34728
-  as_lineno_2=34729
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
-
-  # Create $as_me.lineno as a copy of $as_myself, but with 34743
-  # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that 34748 is not a special case at line end.
-  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
-    sed '
-      N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
-      t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
-    ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
-    { { echo "$as_me:34762: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
-   { (exit 1); exit 1; }; }
-
-  # Don't try to exec as it changes $[0], causing all sort of problems
-  # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
-  # Exit status is that of the last command.
-  exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
-  as_expr=expr
-else
-  as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
-    as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
-  as_ln_s=ln
-else
-  as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-exec 6>&1
-
-# Open the log real soon, to keep \$[0] and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.  Logging --version etc. is OK.
-exec 5>>config.log
-{
-  echo
-  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
-} >&5
-cat >&5 <<_CSEOF
-
-This file was extended by Heimdal $as_me 0.4f, which was
-generated by GNU Autoconf 2.53.  Invocation command line was
-
-  CONFIG_FILES    = $CONFIG_FILES
-  CONFIG_HEADERS  = $CONFIG_HEADERS
-  CONFIG_LINKS    = $CONFIG_LINKS
-  CONFIG_COMMANDS = $CONFIG_COMMANDS
-  $ $0 $@
-
-_CSEOF
-echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-echo >&5
-_ACEOF
-
-# Files that config.status was made for.
-if test -n "$ac_config_files"; then
-  echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_headers"; then
-  echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_links"; then
-  echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_commands"; then
-  echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
-
-Usage: $0 [OPTIONS] [FILE]...
-
-  -h, --help       print this help, then exit
-  -V, --version    print version number, then exit
-  -d, --debug      don't remove temporary files
-      --recheck    update $as_me by reconfiguring in the same conditions
-  --file=FILE[:TEMPLATE]
-                   instantiate the configuration file FILE
-  --header=FILE[:TEMPLATE]
-                   instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Configuration commands:
-$config_commands
-
-Report bugs to <bug-autoconf@gnu.org>."
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-ac_cs_version="\\
-Heimdal config.status 0.4f
-configured by $0, generated by GNU Autoconf 2.53,
-  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-srcdir=$srcdir
-INSTALL="$INSTALL"
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value.  By we need to know if files were specified by the user.
-ac_need_defaults=:
-while test $# != 0
-do
-  case $1 in
-  --*=*)
-    ac_option=`expr "x$1" : 'x\([^=]*\)='`
-    ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
-    shift
-    set dummy "$ac_option" "$ac_optarg" ${1+"$@"}
-    shift
-    ;;
-  -*);;
-  *) # This is not an option, so the user has probably given explicit
-     # arguments.
-     ac_need_defaults=false;;
-  esac
-
-  case $1 in
-  # Handling of the options.
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
-    echo "running $SHELL $0 " $ac_configure_args " --no-create --no-recursion"
-    exec $SHELL $0 $ac_configure_args --no-create --no-recursion ;;
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-  --version | --vers* | -V )
-    echo "$ac_cs_version"; exit 0 ;;
-  --he | --h)
-    # Conflict between --help and --header
-    { { echo "$as_me:34945: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; };;
-  --help | --hel | -h )
-    echo "$ac_cs_usage"; exit 0 ;;
-  --debug | --d* | -d )
-    debug=: ;;
-  --file | --fil | --fi | --f )
-    shift
-    CONFIG_FILES="$CONFIG_FILES $1"
-    ac_need_defaults=false;;
-  --header | --heade | --head | --hea )
-    shift
-    CONFIG_HEADERS="$CONFIG_HEADERS $1"
-    ac_need_defaults=false;;
-
-  # This is an error.
-  -*) { { echo "$as_me:34964: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; } ;;
-
-  *) ac_config_targets="$ac_config_targets $1" ;;
-
-  esac
-  shift
-done
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-#
-# INIT-COMMANDS section.
-#
-
-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
-
-_ACEOF
-
-
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_config_target in $ac_config_targets
-do
-  case "$ac_config_target" in
-  # Handling of arguments.
-  "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-  "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
-  "include/kadm5/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/kadm5/Makefile" ;;
-  "lib/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
-  "lib/45/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/45/Makefile" ;;
-  "lib/auth/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;;
-  "lib/auth/afskauthlib/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/afskauthlib/Makefile" ;;
-  "lib/auth/pam/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/pam/Makefile" ;;
-  "lib/auth/sia/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/auth/sia/Makefile" ;;
-  "lib/asn1/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/asn1/Makefile" ;;
-  "lib/com_err/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/com_err/Makefile" ;;
-  "lib/des/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/des/Makefile" ;;
-  "lib/editline/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/editline/Makefile" ;;
-  "lib/gssapi/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile" ;;
-  "lib/hdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/hdb/Makefile" ;;
-  "lib/kadm5/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile" ;;
-  "lib/kafs/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kafs/Makefile" ;;
-  "lib/kdfs/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/kdfs/Makefile" ;;
-  "lib/krb5/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile" ;;
-  "lib/otp/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;;
-  "lib/roken/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;;
-  "lib/sl/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;;
-  "lib/vers/Makefile" ) CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;;
-  "kuser/Makefile" ) CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;;
-  "kpasswd/Makefile" ) CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;;
-  "kadmin/Makefile" ) CONFIG_FILES="$CONFIG_FILES kadmin/Makefile" ;;
-  "admin/Makefile" ) CONFIG_FILES="$CONFIG_FILES admin/Makefile" ;;
-  "kdc/Makefile" ) CONFIG_FILES="$CONFIG_FILES kdc/Makefile" ;;
-  "appl/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/Makefile" ;;
-  "appl/afsutil/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/afsutil/Makefile" ;;
-  "appl/ftp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/Makefile" ;;
-  "appl/ftp/common/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/common/Makefile" ;;
-  "appl/ftp/ftp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/ftp/Makefile" ;;
-  "appl/ftp/ftpd/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/ftp/ftpd/Makefile" ;;
-  "appl/kx/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/kx/Makefile" ;;
-  "appl/login/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/login/Makefile" ;;
-  "appl/otp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/otp/Makefile" ;;
-  "appl/popper/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/popper/Makefile" ;;
-  "appl/push/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/push/Makefile" ;;
-  "appl/rsh/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/rsh/Makefile" ;;
-  "appl/rcp/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/rcp/Makefile" ;;
-  "appl/su/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/su/Makefile" ;;
-  "appl/xnlock/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/xnlock/Makefile" ;;
-  "appl/telnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/Makefile" ;;
-  "appl/telnet/libtelnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/libtelnet/Makefile" ;;
-  "appl/telnet/telnet/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/telnet/Makefile" ;;
-  "appl/telnet/telnetd/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/telnet/telnetd/Makefile" ;;
-  "appl/test/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/test/Makefile" ;;
-  "appl/kf/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/kf/Makefile" ;;
-  "appl/dceutils/Makefile" ) CONFIG_FILES="$CONFIG_FILES appl/dceutils/Makefile" ;;
-  "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
-  "tools/Makefile" ) CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
-  "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
-  "include/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
-  *) { { echo "$as_me:35048: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used.  Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
-  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
-  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
-fi
-
-# Create a temporary directory, and hook for its removal unless debugging.
-$debug ||
-{
-  trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
-  trap '{ (exit 1); exit 1; }' 1 2 13 15
-}
-
-# Create a (secure) tmp directory for tmp files.
-: ${TMPDIR=/tmp}
-{
-  tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` &&
-  test -n "$tmp" && test -d "$tmp"
-}  ||
-{
-  tmp=$TMPDIR/cs$$-$RANDOM
-  (umask 077 && mkdir $tmp)
-} ||
-{
-   echo "$me: cannot create a temporary directory in $TMPDIR" >&2
-   { (exit 1); exit 1; }
-}
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-
-#
-# CONFIG_FILES section.
-#
-
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
-if test -n "\$CONFIG_FILES"; then
-  # Protect against being on the right side of a sed subst in config.status.
-  sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
-   s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
-s,@SHELL@,$SHELL,;t t
-s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
-s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
-s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
-s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
-s,@exec_prefix@,$exec_prefix,;t t
-s,@prefix@,$prefix,;t t
-s,@program_transform_name@,$program_transform_name,;t t
-s,@bindir@,$bindir,;t t
-s,@sbindir@,$sbindir,;t t
-s,@libexecdir@,$libexecdir,;t t
-s,@datadir@,$datadir,;t t
-s,@sysconfdir@,$sysconfdir,;t t
-s,@sharedstatedir@,$sharedstatedir,;t t
-s,@localstatedir@,$localstatedir,;t t
-s,@libdir@,$libdir,;t t
-s,@includedir@,$includedir,;t t
-s,@oldincludedir@,$oldincludedir,;t t
-s,@infodir@,$infodir,;t t
-s,@mandir@,$mandir,;t t
-s,@build_alias@,$build_alias,;t t
-s,@host_alias@,$host_alias,;t t
-s,@target_alias@,$target_alias,;t t
-s,@DEFS@,$DEFS,;t t
-s,@ECHO_C@,$ECHO_C,;t t
-s,@ECHO_N@,$ECHO_N,;t t
-s,@ECHO_T@,$ECHO_T,;t t
-s,@LIBS@,$LIBS,;t t
-s,@CC@,$CC,;t t
-s,@CFLAGS@,$CFLAGS,;t t
-s,@LDFLAGS@,$LDFLAGS,;t t
-s,@CPPFLAGS@,$CPPFLAGS,;t t
-s,@ac_ct_CC@,$ac_ct_CC,;t t
-s,@EXEEXT@,$EXEEXT,;t t
-s,@OBJEXT@,$OBJEXT,;t t
-s,@CPP@,$CPP,;t t
-s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
-s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
-s,@INSTALL_DATA@,$INSTALL_DATA,;t t
-s,@PACKAGE@,$PACKAGE,;t t
-s,@VERSION@,$VERSION,;t t
-s,@ACLOCAL@,$ACLOCAL,;t t
-s,@AUTOCONF@,$AUTOCONF,;t t
-s,@AUTOMAKE@,$AUTOMAKE,;t t
-s,@AUTOHEADER@,$AUTOHEADER,;t t
-s,@MAKEINFO@,$MAKEINFO,;t t
-s,@AMTAR@,$AMTAR,;t t
-s,@install_sh@,$install_sh,;t t
-s,@STRIP@,$STRIP,;t t
-s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t
-s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
-s,@AWK@,$AWK,;t t
-s,@SET_MAKE@,$SET_MAKE,;t t
-s,@DEPDIR@,$DEPDIR,;t t
-s,@am__include@,$am__include,;t t
-s,@am__quote@,$am__quote,;t t
-s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t
-s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t
-s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
-s,@CCDEPMODE@,$CCDEPMODE,;t t
-s,@build@,$build,;t t
-s,@build_cpu@,$build_cpu,;t t
-s,@build_vendor@,$build_vendor,;t t
-s,@build_os@,$build_os,;t t
-s,@host@,$host,;t t
-s,@host_cpu@,$host_cpu,;t t
-s,@host_vendor@,$host_vendor,;t t
-s,@host_os@,$host_os,;t t
-s,@CANONICAL_HOST@,$CANONICAL_HOST,;t t
-s,@YACC@,$YACC,;t t
-s,@LEX@,$LEX,;t t
-s,@LEXLIB@,$LEXLIB,;t t
-s,@LEX_OUTPUT_ROOT@,$LEX_OUTPUT_ROOT,;t t
-s,@LN_S@,$LN_S,;t t
-s,@ECHO@,$ECHO,;t t
-s,@RANLIB@,$RANLIB,;t t
-s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
-s,@LIBTOOL@,$LIBTOOL,;t t
-s,@WFLAGS@,$WFLAGS,;t t
-s,@WFLAGS_NOUNUSED@,$WFLAGS_NOUNUSED,;t t
-s,@WFLAGS_NOIMPLICITINT@,$WFLAGS_NOIMPLICITINT,;t t
-s,@LIB_db_create@,$LIB_db_create,;t t
-s,@LIB_dbopen@,$LIB_dbopen,;t t
-s,@LIB_dbm_firstkey@,$LIB_dbm_firstkey,;t t
-s,@HAVE_DB1_TRUE@,$HAVE_DB1_TRUE,;t t
-s,@HAVE_DB1_FALSE@,$HAVE_DB1_FALSE,;t t
-s,@HAVE_DB3_TRUE@,$HAVE_DB3_TRUE,;t t
-s,@HAVE_DB3_FALSE@,$HAVE_DB3_FALSE,;t t
-s,@HAVE_NDBM_TRUE@,$HAVE_NDBM_TRUE,;t t
-s,@HAVE_NDBM_FALSE@,$HAVE_NDBM_FALSE,;t t
-s,@DBLIB@,$DBLIB,;t t
-s,@LIB_NDBM@,$LIB_NDBM,;t t
-s,@VOID_RETSIGTYPE@,$VOID_RETSIGTYPE,;t t
-s,@have_err_h_TRUE@,$have_err_h_TRUE,;t t
-s,@have_err_h_FALSE@,$have_err_h_FALSE,;t t
-s,@have_fnmatch_h_TRUE@,$have_fnmatch_h_TRUE,;t t
-s,@have_fnmatch_h_FALSE@,$have_fnmatch_h_FALSE,;t t
-s,@have_ifaddrs_h_TRUE@,$have_ifaddrs_h_TRUE,;t t
-s,@have_ifaddrs_h_FALSE@,$have_ifaddrs_h_FALSE,;t t
-s,@have_vis_h_TRUE@,$have_vis_h_TRUE,;t t
-s,@have_vis_h_FALSE@,$have_vis_h_FALSE,;t t
-s,@LIB_socket@,$LIB_socket,;t t
-s,@LIB_gethostbyname@,$LIB_gethostbyname,;t t
-s,@LIB_syslog@,$LIB_syslog,;t t
-s,@LIB_gethostbyname2@,$LIB_gethostbyname2,;t t
-s,@LIB_res_search@,$LIB_res_search,;t t
-s,@LIB_dn_expand@,$LIB_dn_expand,;t t
-s,@LIBOBJS@,$LIBOBJS,;t t
-s,@have_glob_h_TRUE@,$have_glob_h_TRUE,;t t
-s,@have_glob_h_FALSE@,$have_glob_h_FALSE,;t t
-s,@LIB_getsockopt@,$LIB_getsockopt,;t t
-s,@LIB_setsockopt@,$LIB_setsockopt,;t t
-s,@LIB_hstrerror@,$LIB_hstrerror,;t t
-s,@LIB_bswap16@,$LIB_bswap16,;t t
-s,@LIB_bswap32@,$LIB_bswap32,;t t
-s,@LIB_pidfile@,$LIB_pidfile,;t t
-s,@LIB_getaddrinfo@,$LIB_getaddrinfo,;t t
-s,@LIB_getnameinfo@,$LIB_getnameinfo,;t t
-s,@LIB_freeaddrinfo@,$LIB_freeaddrinfo,;t t
-s,@LIB_gai_strerror@,$LIB_gai_strerror,;t t
-s,@LIB_crypt@,$LIB_crypt,;t t
-s,@DIR_roken@,$DIR_roken,;t t
-s,@LIB_roken@,$LIB_roken,;t t
-s,@INCLUDES_roken@,$INCLUDES_roken,;t t
-s,@INCLUDE_openldap@,$INCLUDE_openldap,;t t
-s,@LIB_openldap@,$LIB_openldap,;t t
-s,@INCLUDE_krb4@,$INCLUDE_krb4,;t t
-s,@LIB_krb4@,$LIB_krb4,;t t
-s,@EXTRA_LIB45@,$EXTRA_LIB45,;t t
-s,@LIB_krb_enable_debug@,$LIB_krb_enable_debug,;t t
-s,@LIB_krb_disable_debug@,$LIB_krb_disable_debug,;t t
-s,@LIB_krb_get_our_ip_for_realm@,$LIB_krb_get_our_ip_for_realm,;t t
-s,@LIB_krb_kdctimeofday@,$LIB_krb_kdctimeofday,;t t
-s,@LIB_krb_get_kdc_time_diff@,$LIB_krb_get_kdc_time_diff,;t t
-s,@KRB4_TRUE@,$KRB4_TRUE,;t t
-s,@KRB4_FALSE@,$KRB4_FALSE,;t t
-s,@KRB5_TRUE@,$KRB5_TRUE,;t t
-s,@KRB5_FALSE@,$KRB5_FALSE,;t t
-s,@do_roken_rename_TRUE@,$do_roken_rename_TRUE,;t t
-s,@do_roken_rename_FALSE@,$do_roken_rename_FALSE,;t t
-s,@LIB_kdb@,$LIB_kdb,;t t
-s,@DCE_TRUE@,$DCE_TRUE,;t t
-s,@DCE_FALSE@,$DCE_FALSE,;t t
-s,@dpagaix_cflags@,$dpagaix_cflags,;t t
-s,@dpagaix_ldadd@,$dpagaix_ldadd,;t t
-s,@dpagaix_ldflags@,$dpagaix_ldflags,;t t
-s,@LIB_otp@,$LIB_otp,;t t
-s,@OTP_TRUE@,$OTP_TRUE,;t t
-s,@OTP_FALSE@,$OTP_FALSE,;t t
-s,@LIB_security@,$LIB_security,;t t
-s,@NROFF@,$NROFF,;t t
-s,@GROFF@,$GROFF,;t t
-s,@CATMAN@,$CATMAN,;t t
-s,@CATMAN_TRUE@,$CATMAN_TRUE,;t t
-s,@CATMAN_FALSE@,$CATMAN_FALSE,;t t
-s,@CATMANEXT@,$CATMANEXT,;t t
-s,@INCLUDE_readline@,$INCLUDE_readline,;t t
-s,@LIB_readline@,$LIB_readline,;t t
-s,@INCLUDE_hesiod@,$INCLUDE_hesiod,;t t
-s,@LIB_hesiod@,$LIB_hesiod,;t t
-s,@AIX_TRUE@,$AIX_TRUE,;t t
-s,@AIX_FALSE@,$AIX_FALSE,;t t
-s,@AIX4_TRUE@,$AIX4_TRUE,;t t
-s,@AIX4_FALSE@,$AIX4_FALSE,;t t
-s,@LIB_dlopen@,$LIB_dlopen,;t t
-s,@HAVE_DLOPEN_TRUE@,$HAVE_DLOPEN_TRUE,;t t
-s,@HAVE_DLOPEN_FALSE@,$HAVE_DLOPEN_FALSE,;t t
-s,@LIB_loadquery@,$LIB_loadquery,;t t
-s,@AIX_DYNAMIC_AFS_TRUE@,$AIX_DYNAMIC_AFS_TRUE,;t t
-s,@AIX_DYNAMIC_AFS_FALSE@,$AIX_DYNAMIC_AFS_FALSE,;t t
-s,@AIX_EXTRA_KAFS@,$AIX_EXTRA_KAFS,;t t
-s,@IRIX_TRUE@,$IRIX_TRUE,;t t
-s,@IRIX_FALSE@,$IRIX_FALSE,;t t
-s,@X_CFLAGS@,$X_CFLAGS,;t t
-s,@X_PRE_LIBS@,$X_PRE_LIBS,;t t
-s,@X_LIBS@,$X_LIBS,;t t
-s,@X_EXTRA_LIBS@,$X_EXTRA_LIBS,;t t
-s,@HAVE_X_TRUE@,$HAVE_X_TRUE,;t t
-s,@HAVE_X_FALSE@,$HAVE_X_FALSE,;t t
-s,@LIB_XauWriteAuth@,$LIB_XauWriteAuth,;t t
-s,@LIB_XauReadAuth@,$LIB_XauReadAuth,;t t
-s,@LIB_XauFileName@,$LIB_XauFileName,;t t
-s,@NEED_WRITEAUTH_TRUE@,$NEED_WRITEAUTH_TRUE,;t t
-s,@NEED_WRITEAUTH_FALSE@,$NEED_WRITEAUTH_FALSE,;t t
-s,@LIB_logwtmp@,$LIB_logwtmp,;t t
-s,@LIB_logout@,$LIB_logout,;t t
-s,@LIB_openpty@,$LIB_openpty,;t t
-s,@LIB_tgetent@,$LIB_tgetent,;t t
-s,@LIB_getpwnam_r@,$LIB_getpwnam_r,;t t
-s,@HAVE_OPENSSL_TRUE@,$HAVE_OPENSSL_TRUE,;t t
-s,@HAVE_OPENSSL_FALSE@,$HAVE_OPENSSL_FALSE,;t t
-s,@DIR_des@,$DIR_des,;t t
-s,@INCLUDE_des@,$INCLUDE_des,;t t
-s,@LIB_des@,$LIB_des,;t t
-s,@LIB_des_a@,$LIB_des_a,;t t
-s,@LIB_des_so@,$LIB_des_so,;t t
-s,@LIB_des_appl@,$LIB_des_appl,;t t
-s,@LIB_el_init@,$LIB_el_init,;t t
-s,@el_compat_TRUE@,$el_compat_TRUE,;t t
-s,@el_compat_FALSE@,$el_compat_FALSE,;t t
-s,@COMPILE_ET@,$COMPILE_ET,;t t
-s,@DIR_com_err@,$DIR_com_err,;t t
-s,@LIB_com_err@,$LIB_com_err,;t t
-s,@LIB_com_err_a@,$LIB_com_err_a,;t t
-s,@LIB_com_err_so@,$LIB_com_err_so,;t t
-s,@LIB_AUTH_SUBDIRS@,$LIB_AUTH_SUBDIRS,;t t
-s,@LTLIBOBJS@,$LTLIBOBJS,;t t
-CEOF
-
-_ACEOF
-
-  cat >>$CONFIG_STATUS <<\_ACEOF
-  # Split the substitutions into bite-sized pieces for seds with
-  # small command number limits, like on Digital OSF/1 and HP-UX.
-  ac_max_sed_lines=48
-  ac_sed_frag=1 # Number of current file.
-  ac_beg=1 # First line for current file.
-  ac_end=$ac_max_sed_lines # Line after last line for current file.
-  ac_more_lines=:
-  ac_sed_cmds=
-  while $ac_more_lines; do
-    if test $ac_beg -gt 1; then
-      sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    else
-      sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    fi
-    if test ! -s $tmp/subs.frag; then
-      ac_more_lines=false
-    else
-      # The purpose of the label and of the branching condition is to
-      # speed up the sed processing (if there are no `@' at all, there
-      # is no need to browse any of the substitutions).
-      # These are the two extra sed commands mentioned above.
-      (echo ':t
-  /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
-      if test -z "$ac_sed_cmds"; then
-  	ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
-      else
-  	ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
-      fi
-      ac_sed_frag=`expr $ac_sed_frag + 1`
-      ac_beg=$ac_end
-      ac_end=`expr $ac_end + $ac_max_sed_lines`
-    fi
-  done
-  if test -z "$ac_sed_cmds"; then
-    ac_sed_cmds=cat
-  fi
-fi # test -n "$CONFIG_FILES"
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-        cat >$tmp/stdin
-        ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
-  esac
-
-  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
-  ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_file" : 'X\(//\)[^/]' \| \
-         X"$ac_file" : 'X\(//\)$' \| \
-         X"$ac_file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:35392: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-  ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
-  case $INSTALL in
-  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
-  esac
-
-  if test x"$ac_file" != x-; then
-    { echo "$as_me:35438: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-    rm -f "$ac_file"
-  fi
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    configure_input=
-  else
-    configure_input="$ac_file.  "
-  fi
-  configure_input=$configure_input"Generated from `echo $ac_file_in |
-                                     sed 's,.*/,,'` by configure."
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-         # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:35461: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         echo $f;;
-      *) # Relative
-         if test -f "$f"; then
-           # Build tree
-           echo $f
-         elif test -f "$srcdir/$f"; then
-           # Source tree
-           echo $srcdir/$f
-         else
-           # /dev/null tree
-           { { echo "$as_me:35474: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
-  sed "$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s,@configure_input@,$configure_input,;t t
-s,@srcdir@,$ac_srcdir,;t t
-s,@abs_srcdir@,$ac_abs_srcdir,;t t
-s,@top_srcdir@,$ac_top_srcdir,;t t
-s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-s,@builddir@,$ac_builddir,;t t
-s,@abs_builddir@,$ac_abs_builddir,;t t
-s,@top_builddir@,$ac_top_builddir,;t t
-s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
-s,@INSTALL@,$ac_INSTALL,;t t
-" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
-  rm -f $tmp/stdin
-  if test x"$ac_file" != x-; then
-    mv $tmp/out $ac_file
-  else
-    cat $tmp/out
-    rm -f $tmp/out
-  fi
-
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-#
-# CONFIG_HEADER section.
-#
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s,^\([ 	]*\)#\([ 	]*define[ 	][ 	]*\)'
-ac_dB='[ 	].*$,\1#\2'
-ac_dC=' '
-ac_dD=',;t'
-# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_uA='s,^\([ 	]*\)#\([ 	]*\)undef\([ 	][ 	]*\)'
-ac_uB='$,\1#\2define\3'
-ac_uC=' '
-ac_uD=',;t'
-
-for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-        cat >$tmp/stdin
-        ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-        ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
-  esac
-
-  test x"$ac_file" != x- && { echo "$as_me:35541: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-         # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:35552: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         echo $f;;
-      *) # Relative
-         if test -f "$f"; then
-           # Build tree
-           echo $f
-         elif test -f "$srcdir/$f"; then
-           # Source tree
-           echo $srcdir/$f
-         else
-           # /dev/null tree
-           { { echo "$as_me:35565: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-         fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-  # Remove the trailing spaces.
-  sed 's/[ 	]*$//' $ac_file_inputs >$tmp/in
-
-_ACEOF
-
-# Transform confdefs.h into two sed scripts, `conftest.defines' and
-# `conftest.undefs', that substitutes the proper values into
-# config.h.in to produce config.h.  The first handles `#define'
-# templates, and the second `#undef' templates.
-# And first: Protect against being on the right side of a sed subst in
-# config.status.  Protect against being in an unquoted here document
-# in config.status.
-rm -f conftest.defines conftest.undefs
-# Using a here document instead of a string reduces the quoting nightmare.
-# Putting comments in sed scripts is not portable.
-#
-# `end' is used to avoid that the second main sed command (meant for
-# 0-ary CPP macros) applies to n-ary macro definitions.
-# See the Autoconf documentation for `clear'.
-cat >confdef2sed.sed <<\_ACEOF
-s/[\\&,]/\\&/g
-s,[\\$`],\\&,g
-t clear
-: clear
-s,^[ 	]*#[ 	]*define[ 	][ 	]*\([^ 	(][^ 	(]*\)\(([^)]*)\)[ 	]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
-t end
-s,^[ 	]*#[ 	]*define[ 	][ 	]*\([^ 	][^ 	]*\)[ 	]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
-: end
-_ACEOF
-# If some macros were called several times there might be several times
-# the same #defines, which is useless.  Nevertheless, we may not want to
-# sort them, since we want the *last* AC-DEFINE to be honored.
-uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
-sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
-rm -f confdef2sed.sed
-
-# This sed command replaces #undef with comments.  This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-cat >>conftest.undefs <<\_ACEOF
-s,^[ 	]*#[ 	]*undef[ 	][ 	]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-_ACEOF
-
-# Break up conftest.defines because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo '  # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
-echo '  if egrep "^[ 	]*#[ 	]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
-echo '  # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
-echo '  :' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.defines >/dev/null
-do
-  # Write a limited-size here document to $tmp/defines.sed.
-  echo '  cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
-  # Speed up: don't consider the non `#define' lines.
-  echo '/^[ 	]*#[ 	]*define/!b' >>$CONFIG_STATUS
-  # Work around the forget-to-reset-the-flag bug.
-  echo 't clr' >>$CONFIG_STATUS
-  echo ': clr' >>$CONFIG_STATUS
-  sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
-  echo 'CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
-  sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
-  rm -f conftest.defines
-  mv conftest.tail conftest.defines
-done
-rm -f conftest.defines
-echo '  fi # egrep' >>$CONFIG_STATUS
-echo >>$CONFIG_STATUS
-
-# Break up conftest.undefs because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo '  # Handle all the #undef templates' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.undefs >/dev/null
-do
-  # Write a limited-size here document to $tmp/undefs.sed.
-  echo '  cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
-  # Speed up: don't consider the non `#undef'
-  echo '/^[ 	]*#[ 	]*undef/!b' >>$CONFIG_STATUS
-  # Work around the forget-to-reset-the-flag bug.
-  echo 't clr' >>$CONFIG_STATUS
-  echo ': clr' >>$CONFIG_STATUS
-  sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
-  echo 'CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
-  sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
-  rm -f conftest.undefs
-  mv conftest.tail conftest.undefs
-done
-rm -f conftest.undefs
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    echo "/* Generated by configure.  */" >$tmp/config.h
-  else
-    echo "/* $ac_file.  Generated by configure.  */" >$tmp/config.h
-  fi
-  cat $tmp/in >>$tmp/config.h
-  rm -f $tmp/in
-  if test x"$ac_file" != x-; then
-    if cmp -s $ac_file $tmp/config.h 2>/dev/null; then
-      { echo "$as_me:35682: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
-    else
-      ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_file" : 'X\(//\)[^/]' \| \
-         X"$ac_file" : 'X\(//\)$' \| \
-         X"$ac_file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-      { case "$ac_dir" in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:35710: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-      rm -f $ac_file
-      mv $tmp/config.h $ac_file
-    fi
-  else
-    cat $tmp/config.h
-    rm -f $tmp/config.h
-  fi
-  # Run the commands associated with the file.
-  case $ac_file in
-    include/config.h ) # update the timestamp
-echo 'timestamp for include/config.h' >"include/stamp-h1"
- ;;
-  esac
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-#
-# CONFIG_COMMANDS section.
-#
-for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
-  ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
-  ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
-  ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
-$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$ac_dest" : 'X\(//\)[^/]' \| \
-         X"$ac_dest" : 'X\(//\)$' \| \
-         X"$ac_dest" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_dest" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  ac_builddir=.
-
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
-  { echo "$as_me:35785: executing $ac_dest commands" >&5
-echo "$as_me: executing $ac_dest commands" >&6;}
-  case $ac_dest in
-    depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
-  # Strip MF so we end up with the name of the file.
-  mf=`echo "$mf" | sed -e 's/:.*$//'`
-  # Check whether this is an Automake generated Makefile or not.
-  # We used to match only the files named `Makefile.in', but
-  # some people rename them; so instead we look at the file content.
-  # Grep'ing the first line is not enough: some people post-process
-  # each Makefile.in and add a new line on top of each file to say so.
-  # So let's grep whole file.
-  if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
-    dirpart=`(dirname "$mf") 2>/dev/null ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$mf" : 'X\(//\)[^/]' \| \
-         X"$mf" : 'X\(//\)$' \| \
-         X"$mf" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$mf" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  else
-    continue
-  fi
-  grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue
-  # Extract the definition of DEP_FILES from the Makefile without
-  # running `make'.
-  DEPDIR=`sed -n -e '/^DEPDIR = / s///p' < "$mf"`
-  test -z "$DEPDIR" && continue
-  # When using ansi2knr, U may be empty or an underscore; expand it
-  U=`sed -n -e '/^U = / s///p' < "$mf"`
-  test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR"
-  # We invoke sed twice because it is the simplest approach to
-  # changing $(DEPDIR) to its actual value in the expansion.
-  for file in `sed -n -e '
-    /^DEP_FILES = .*\\\\$/ {
-      s/^DEP_FILES = //
-      :loop
-	s/\\\\$//
-	p
-	n
-	/\\\\$/ b loop
-      p
-    }
-    /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \
-       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
-    # Make sure the directory exists.
-    test -f "$dirpart/$file" && continue
-    fdir=`(dirname "$file") 2>/dev/null ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-         X"$file" : 'X\(//\)[^/]' \| \
-         X"$file" : 'X\(//\)$' \| \
-         X"$file" : 'X\(/\)' \| \
-         .     : '\(.\)' 2>/dev/null ||
-echo X"$file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-    { case $dirpart/$fdir in
-  [\\/]* | ?:[\\/]* ) as_incr_dir=;;
-  *)                      as_incr_dir=.;;
-esac
-as_dummy=$dirpart/$fdir
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
-  case $as_mkdir_dir in
-    # Skip DOS drivespec
-    ?:) as_incr_dir=$as_mkdir_dir ;;
-    *)
-      as_incr_dir=$as_incr_dir/$as_mkdir_dir
-      test -d "$as_incr_dir" ||
-        mkdir "$as_incr_dir" ||
-	{ { echo "$as_me:35862: error: cannot create $dirpart/$fdir" >&5
-echo "$as_me: error: cannot create $dirpart/$fdir" >&2;}
-   { (exit 1); exit 1; }; }
-    ;;
-  esac
-done; }
-
-    # echo "creating $dirpart/$file"
-    echo '# dummy' > "$dirpart/$file"
-  done
-done
- ;;
-  esac
-done
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-{ (exit 0); exit 0; }
-_ACEOF
-chmod +x $CONFIG_STATUS
-ac_clean_files=$ac_clean_files_save
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded.  So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status.  When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
-  ac_cs_success=:
-  exec 5>/dev/null
-  $SHELL $CONFIG_STATUS || ac_cs_success=false
-  exec 5>>config.log
-  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
-  # would make configure fail if this is the last instruction.
-  $ac_cs_success || { (exit 1); exit 1; }
-fi
-
-
-
-cat > include/newversion.h.in <<EOF
-const char *heimdal_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
-const char *heimdal_version = "Heimdal 0.4f";
-EOF
-
-if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
-	echo "include/version.h is unchanged"
-	rm -f include/newversion.h.in
-else
- 	echo "creating include/version.h"
- 	User=${USER-${LOGNAME}}
- 	Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
- 	Date=`date`
-	mv -f include/newversion.h.in include/version.h.in
-	sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
-fi
diff --git a/crypto/heimdal/doc/Makefile b/crypto/heimdal/doc/Makefile
deleted file mode 100644
index 28b638346f3d..000000000000
--- a/crypto/heimdal/doc/Makefile
+++ /dev/null
@@ -1,584 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# doc/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:16 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 no-texinfo.tex
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-info_TEXINFOS = heimdal.texi
-heimdal_TEXINFOS = intro.texi install.texi setup.texi kerberos4.texi
-subdir = doc
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-INFO_DEPS = heimdal.info
-DVIS = heimdal.dvi
-TEXINFOS = heimdal.texi
-DIST_COMMON = $(heimdal_TEXINFOS) Makefile.am Makefile.in mdate-sh
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .info .ps .texi
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  doc/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-
-heimdal.info: heimdal.texi $(heimdal_TEXINFOS)
-heimdal.dvi: heimdal.texi $(heimdal_TEXINFOS)
-
-.texi.info:
-	@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
-	cd $(srcdir) \
-	  && $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) \
-	       `echo $< | sed 's,.*/,,'`
-
-.texi.dvi:
-	TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" \
-	MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
-	$(TEXI2DVI) $<
-
-.texi:
-	@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
-	cd $(srcdir) \
-	  && $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) \
-	       `echo $< | sed 's,.*/,,'`
-
-MAKEINFO = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run makeinfo
-TEXI2DVI = texi2dvi
-DVIPS = dvips
-.dvi.ps:
-	$(DVIPS) $< -o $@
-
-uninstall-info-am:
-	$(PRE_UNINSTALL)
-	@if (install-info --version && \
-	     install-info --version | fgrep -i -v debian) >/dev/null 2>&1; then \
-	  list='$(INFO_DEPS)'; \
-	  for file in $$list; do \
-	    echo " install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$file"; \
-	    install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$file; \
-	  done; \
-	else :; fi
-	@$(NORMAL_UNINSTALL)
-	@list='$(INFO_DEPS)'; \
-	for file in $$list; do \
-	  (if cd $(DESTDIR)$(infodir); then \
-	     echo " rm -f $$file $$file-[0-9] $$file-[0-9][0-9])"; \
-	     rm -f $$file $$file-[0-9] $$file-[0-9][0-9]; \
-	   else :; fi); \
-	done
-
-dist-info: $(INFO_DEPS)
-	list='$(INFO_DEPS)'; \
-	for base in $$list; do \
-	  d=$(srcdir); \
-	  for file in $$d/$$base*; do \
-	    relfile=`expr "$$file" : "$$d/\(.*\)"`; \
-	    test -f $(distdir)/$$relfile || \
-	      cp -p $$file $(distdir)/$$relfile; \
-	  done; \
-	done
-
-mostlyclean-aminfo:
-	-rm -f heimdal.aux heimdal.cp heimdal.cps heimdal.dvi heimdal.fn heimdal.ky \
-	  heimdal.log heimdal.pg heimdal.ps heimdal.tmp heimdal.toc \
-	  heimdal.tp heimdal.vr
-
-maintainer-clean-aminfo:
-	cd $(srcdir) && \
-	list='$(INFO_DEPS)'; for i in $$list; do \
-	  rm -f $$i; \
-	  if test "`echo $$i-[0-9]*`" != "$$i-[0-9]*"; then \
-	    rm -f $$i-[0-9]*; \
-	  fi; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-info dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(INFO_DEPS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(infodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am: $(DVIS)
-
-info: info-am
-
-info-am: $(INFO_DEPS)
-
-install-data-am: install-data-local install-info-am
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-info-am: $(INFO_DEPS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(infodir)
-	@list='$(INFO_DEPS)'; \
-	for file in $$list; do \
-	  d=$(srcdir); \
-	  for ifile in echo $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9]; do \
-	    if test -f $$ifile; then \
-	      relfile=`expr "$$ifile" : "$$d/\(.*\)"`; \
-	      echo " $(INSTALL_DATA) $$ifile $(DESTDIR)$(infodir)/$$relfile"; \
-	      $(INSTALL_DATA) $$ifile $(DESTDIR)$(infodir)/$$relfile; \
-	    else : ; fi; \
-	  done; \
-	done
-	@$(POST_INSTALL)
-	@if (install-info --version && \
-	     install-info --version | fgrep -i -v debian) >/dev/null 2>&1; then \
-	  list='$(INFO_DEPS)'; \
-	  for file in $$list; do \
-	    echo " install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file";\
-	    install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file || :;\
-	  done; \
-	else : ; fi
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-aminfo \
-	maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-aminfo mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-info distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am info \
-	info-am install install-am install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-aminfo maintainer-clean-generic mostlyclean \
-	mostlyclean-aminfo mostlyclean-generic mostlyclean-libtool \
-	uninstall uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/doc/Makefile.am b/crypto/heimdal/doc/Makefile.am
deleted file mode 100644
index 734bf62dae83..000000000000
--- a/crypto/heimdal/doc/Makefile.am
+++ /dev/null
@@ -1,8 +0,0 @@
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:16 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-AUTOMAKE_OPTIONS += no-texinfo.tex
-
-info_TEXINFOS = heimdal.texi
-heimdal_TEXINFOS = intro.texi install.texi setup.texi kerberos4.texi
diff --git a/crypto/heimdal/doc/Makefile.in b/crypto/heimdal/doc/Makefile.in
deleted file mode 100644
index 9ebf564b72e7..000000000000
--- a/crypto/heimdal/doc/Makefile.in
+++ /dev/null
@@ -1,586 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:16 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 no-texinfo.tex
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-info_TEXINFOS = heimdal.texi
-heimdal_TEXINFOS = intro.texi install.texi setup.texi kerberos4.texi
-subdir = doc
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-INFO_DEPS = heimdal.info
-DVIS = heimdal.dvi
-TEXINFOS = heimdal.texi
-DIST_COMMON = $(heimdal_TEXINFOS) Makefile.am Makefile.in mdate-sh
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .info .ps .texi
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  doc/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-
-heimdal.info: heimdal.texi $(heimdal_TEXINFOS)
-heimdal.dvi: heimdal.texi $(heimdal_TEXINFOS)
-
-.texi.info:
-	@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
-	cd $(srcdir) \
-	  && $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) \
-	       `echo $< | sed 's,.*/,,'`
-
-.texi.dvi:
-	TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" \
-	MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
-	$(TEXI2DVI) $<
-
-.texi:
-	@cd $(srcdir) && rm -f $@ $@-[0-9] $@-[0-9][0-9]
-	cd $(srcdir) \
-	  && $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) \
-	       `echo $< | sed 's,.*/,,'`
-
-MAKEINFO = @MAKEINFO@
-TEXI2DVI = texi2dvi
-DVIPS = dvips
-.dvi.ps:
-	$(DVIPS) $< -o $@
-
-uninstall-info-am:
-	$(PRE_UNINSTALL)
-	@if (install-info --version && \
-	     install-info --version | fgrep -i -v debian) >/dev/null 2>&1; then \
-	  list='$(INFO_DEPS)'; \
-	  for file in $$list; do \
-	    echo " install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$file"; \
-	    install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$file; \
-	  done; \
-	else :; fi
-	@$(NORMAL_UNINSTALL)
-	@list='$(INFO_DEPS)'; \
-	for file in $$list; do \
-	  (if cd $(DESTDIR)$(infodir); then \
-	     echo " rm -f $$file $$file-[0-9] $$file-[0-9][0-9])"; \
-	     rm -f $$file $$file-[0-9] $$file-[0-9][0-9]; \
-	   else :; fi); \
-	done
-
-dist-info: $(INFO_DEPS)
-	list='$(INFO_DEPS)'; \
-	for base in $$list; do \
-	  d=$(srcdir); \
-	  for file in $$d/$$base*; do \
-	    relfile=`expr "$$file" : "$$d/\(.*\)"`; \
-	    test -f $(distdir)/$$relfile || \
-	      cp -p $$file $(distdir)/$$relfile; \
-	  done; \
-	done
-
-mostlyclean-aminfo:
-	-rm -f heimdal.aux heimdal.cp heimdal.cps heimdal.dvi heimdal.fn heimdal.ky \
-	  heimdal.log heimdal.pg heimdal.ps heimdal.toc heimdal.tp \
-	  heimdal.vr
-
-maintainer-clean-aminfo:
-	cd $(srcdir) && \
-	for i in $(INFO_DEPS); do \
-	  rm -f $$i; \
-	  if test "`echo $$i-[0-9]*`" != "$$i-[0-9]*"; then \
-	    rm -f $$i-[0-9]*; \
-	  fi; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-info dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(INFO_DEPS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(infodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am: $(DVIS)
-
-info: info-am
-
-info-am: $(INFO_DEPS)
-
-install-data-am: install-info-am
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-info-am: $(INFO_DEPS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(infodir)
-	@list='$(INFO_DEPS)'; \
-	for file in $$list; do \
-	  d=$(srcdir); \
-	  for ifile in echo $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9]; do \
-	    if test -f $$ifile; then \
-	      relfile=`expr "$$ifile" : "$$d/\(.*\)"`; \
-	      echo " $(INSTALL_DATA) $$ifile $(DESTDIR)$(infodir)/$$relfile"; \
-	      $(INSTALL_DATA) $$ifile $(DESTDIR)$(infodir)/$$relfile; \
-	    else : ; fi; \
-	  done; \
-	done
-	@$(POST_INSTALL)
-	@if (install-info --version && \
-	     install-info --version | fgrep -i -v debian) >/dev/null 2>&1; then \
-	  list='$(INFO_DEPS)'; \
-	  for file in $$list; do \
-	    echo " install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file";\
-	    install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$file || :;\
-	  done; \
-	else : ; fi
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-aminfo \
-	maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-aminfo mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool dist-info distclean \
-	distclean-generic distclean-libtool distdir dvi dvi-am info \
-	info-am install install-am install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-aminfo \
-	maintainer-clean-generic mostlyclean mostlyclean-aminfo \
-	mostlyclean-generic mostlyclean-libtool uninstall uninstall-am \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/doc/ack.texi b/crypto/heimdal/doc/ack.texi
deleted file mode 100644
index 458baa3f72fb..000000000000
--- a/crypto/heimdal/doc/ack.texi
+++ /dev/null
@@ -1,68 +0,0 @@
-@c $Id: ack.texi,v 1.16 2003/03/15 14:21:41 lha Exp $
-
-@node  Acknowledgments, , Migration, Top
-@comment  node-name,  next,  previous,  up
-@appendix Acknowledgments
-
-Eric Young wrote ``libdes''.
-
-The University of California at Berkeley initially wrote @code{telnet},
-and @code{telnetd}.  The authentication and encryption code of
-@code{telnet} and @code{telnetd} was added by David Borman (then of Cray
-Research, Inc).  The encryption code was removed when this was exported
-and then added back by Juha Eskelinen, @email{esc@@magic.fi}.
-
-The @code{popper} was also a Berkeley program initially.
-
-Some of the functions in @file{libroken} also come from Berkeley by way
-of NetBSD/FreeBSD.
-
-@code{editline} was written by Simmule Turner and Rich Salz.
-
-The @code{getifaddrs} implementation for Linux was written by Hideaki
-YOSHIFUJI for the Usagi project.
-
-Bugfixes, documentation, encouragement, and code has been contributed by:
-@table @asis
-@item Derrick J Brashear
-@email{shadow@@dementia.org}
-@item Ken Hornstein
-@email{kenh@@cmf.nrl.navy.mil}
-@item Johan Ihr�n
-@email{johani@@pdc.kth.se}
-@item Love H�rnquist-�strand
-@email{lha@@stacken.kth.se}
-@item Magnus Ahltorp
-@email{map@@stacken.kth.se}
-@item Mark Eichin
-@email{eichin@@cygnus.com}
-@item Marc Horowitz
-@email{marc@@cygnus.com}
-@item Luke Howard
-@email{lukeh@@xedoc.com.au}
-@item Brandon S. Allbery KF8NH
-@email{allbery@@kf8nh.apk.net}
-@item Jun-ichiro itojun Hagino
-@email{itojun@@kame.net}
-@item Daniel Kouril
-@email{kouril@@informatics.muni.cz}
-@item �ke Sandgren 
-@email{ake@@cs.umu.se}
-@item Michal Vocu
-@email{michal@@karlin.mff.cuni.cz}
-@item Miroslav Ruda
-@email{ruda@@ics.muni.cz}
-@item Brian A May
-@email{bmay@@snoopy.apana.org.au}
-@item Chaskiel M Grundman
-@email{cg2v@@andrew.cmu.edu}
-@item Richard Nyberg
-@email{rnyberg@@it.su.se}
-@item Frank van der Linden
-@email{fvdl@@netbsd.org}
-@item Cizzi Storm
-@email{cizzi@@it.su.se}
-@item and we hope that those not mentioned here will forgive us.
-@end table
-
-All bugs were introduced by ourselves.
diff --git a/crypto/heimdal/doc/heimdal.texi b/crypto/heimdal/doc/heimdal.texi
deleted file mode 100644
index 6bc92a92ebf0..000000000000
--- a/crypto/heimdal/doc/heimdal.texi
+++ /dev/null
@@ -1,250 +0,0 @@
-\input texinfo @c -*- texinfo -*-
-@c %**start of header
-@c $Id: heimdal.texi,v 1.17 2001/02/24 05:09:24 assar Exp $
-@setfilename heimdal.info
-@settitle HEIMDAL
-@iftex
-@afourpaper
-@end iftex
-@c some sensible characters, please?
-@tex
-\input latin1.tex
-@end tex
-@setchapternewpage on
-@syncodeindex pg cp
-@c %**end of header
-
-@c not yet @include version.texi
-@set UPDATED $Date: 2001/02/24 05:09:24 $
-@set EDITION 0.1
-@set VERSION 0.3a
-
-@ifinfo
-@dircategory Heimdal
-@direntry
-* Heimdal: (heimdal).           The Kerberos 5 distribution from KTH
-@end direntry
-@end ifinfo
-
-@c title page
-@titlepage
-@title Heimdal
-@subtitle Kerberos 5 from KTH
-@subtitle Edition @value{EDITION}, for version @value{VERSION}
-@subtitle 1999
-@author Johan Danielsson
-@author Assar Westerlund
-@author last updated @value{UPDATED}
-
-@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
-@def@copyrightstart{}
-@def@copyrightend{}
-@page
-@copyrightstart
-Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan 
-(Royal Institute of Technology, Stockholm, Sweden).
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the Institute nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (C) 1995-1997 Eric Young (eay@@mincom.oz.au)
-All rights reserved.
-
-This package is an DES implementation written by Eric Young (eay@@mincom.oz.au).
-The implementation was written so as to conform with MIT's libdes.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of that the SSL library.  This can be in the form of a textual
-message at program startup or in documentation (online or textual) provided
-with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   This product includes software developed by Eric Young (eay@@mincom.oz.au)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright (C) 1990 by the Massachusetts Institute of Technology
-
-Export of this software from the United States of America may
-require a specific license from the United States Government.
-It is the responsibility of any person or organization contemplating
-export to obtain such a license before exporting.
-
-WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-distribute this software and its documentation for any purpose and
-without fee is hereby granted, provided that the above copyright
-notice appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation, and that
-the name of M.I.T. not be used in advertising or publicity pertaining
-to distribution of the software without specific, written prior
-permission.  M.I.T. makes no representations about the suitability of
-this software for any purpose.  It is provided "as is" without express
-or implied warranty.
-
-@copynext
-
-Copyright (c) 1988, 1990, 1993
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-     This product includes software developed by the University of
-     California, Berkeley and its contributors.
-
-4. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-@copynext
-
-Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
-
-This software is not subject to any license of the American Telephone 
-and Telegraph Company or of the Regents of the University of California. 
-
-Permission is granted to anyone to use this software for any purpose on
-any computer system, and to alter it and redistribute it freely, subject
-to the following restrictions:
-
-1. The authors are not responsible for the consequences of use of this
-   software, no matter how awful, even if they arise from flaws in it.
-
-2. The origin of this software must not be misrepresented, either by
-   explicit claim or by omission.  Since few users ever read sources,
-   credits must appear in the documentation.
-
-3. Altered versions must be plainly marked as such, and must not be
-   misrepresented as being the original software.  Since few users
-   ever read sources, credits must appear in the documentation.
-
-4. This notice may not be removed or altered.
-
-@copyrightend
-@end titlepage
-
-@c Less filling! Tastes great!
-@iftex
-@parindent=0pt
-@global@parskip 6pt plus 1pt
-@global@chapheadingskip = 15pt plus 4pt minus 2pt 
-@global@secheadingskip = 12pt plus 3pt minus 2pt
-@global@subsecheadingskip = 9pt plus 2pt minus 2pt
-@end iftex
-@ifinfo
-@paragraphindent 0
-@end ifinfo
-
-@ifinfo
-@node Top, Introduction, (dir), (dir)
-@top Heimdal
-@end ifinfo
-
-@menu
-* Introduction::                
-* What is Kerberos?::           
-* Building and Installing::     
-* Setting up a realm::          
-* Things in search for a better place::  
-* Kerberos 4 issues::           
-* Windows 2000 compatability::
-* Programming with Kerberos::
-* Migration::
-* Acknowledgments::             
-
-@end menu
-
-@include intro.texi
-@include whatis.texi
-@include install.texi
-@include setup.texi
-@include misc.texi
-@include kerberos4.texi
-@include win2k.texi
-@include programming.texi
-@include migration.texi
-@include ack.texi
-
-@c @shortcontents
-@contents
-
-@bye
diff --git a/crypto/heimdal/doc/init-creds b/crypto/heimdal/doc/init-creds
deleted file mode 100644
index 13667e0434e5..000000000000
--- a/crypto/heimdal/doc/init-creds
+++ /dev/null
@@ -1,374 +0,0 @@
-Currently, getting an initial ticket for a user involves many function
-calls, especially when a full set of features including password
-expiration and challenge preauthentication is desired.  In order to
-solve this problem, a new api is proposed.
-
-typedef struct _krb5_prompt {
-    char *prompt;
-    int hidden;
-    krb5_data *reply;
-} krb5_prompt;
-
-typedef int (*krb5_prompter_fct)(krb5_context context,
-				 void *data,
-				 const char *banner,
-				 int num_prompts,
-				 krb5_prompt prompts[]);
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    int forwardable;
-    int proxiable;
-    krb5_enctype *etype_list;
-    int etype_list_length;
-    krb5_address **address_list;
-	/* XXX the next three should not be used, as they may be
-	removed later */
-    krb5_preauthtype *preauth_list;
-    int preauth_list_length;
-    krb5_data *salt;
-} krb5_get_init_creds_opt;
-
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
-
-void krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt);
-
-void krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
-					  krb5_deltat tkt_life);
-void krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
-					    krb5_deltat renew_life);
-void krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
-					     int forwardable);
-void krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
-					   int proxiable);
-void krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
-					    krb5_enctype *etype_list,
-					    int etype_list_length);
-void krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
-					      krb5_address **addresses);
-void krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					      krb5_preauthtype *preauth_list,
-					      int preauth_list_length);
-void krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				      krb5_data *salt);
-
-krb5_error_code
-krb5_get_init_creds_password(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     char *password,
-			     krb5_prompter_fct prompter,
-			     void *data,
-			     krb5_deltat start_time,
-			     char *in_tkt_service,
-			     krb5_get_init_creds_opt *options);
-
-This function will attempt to acquire an initial ticket.  The function
-will perform whatever tasks are necessary to do so.  This may include
-changing an expired password, preauthentication.
-
-The arguments divide into two types.  Some arguments are basically
-invariant and arbitrary across all initial tickets, and if not
-specified are determined by configuration or library defaults.  Some
-arguments are different for each execution or application, and if not
-specified can be determined correctly from system configuration or
-environment.  The former arguments are contained in a structure whose
-pointer is passed to the function.  A bitmask specifies which elements
-of the structure should be used.  In most cases, a NULL pointer can be
-used.  The latter arguments are specified as individual arguments to
-the function.
-
-If a pointer to a credential is specified, the initial credential is
-filled in.  If the caller only wishes to do a simple password check
-and will not be doing any other kerberos functions, then a NULL
-pointer may be specified, and the credential will be destroyed.
-
-If the client name is non-NULL, the initial ticket requested will be
-for that principal.  Otherwise, the principal will be the the username
-specified by the USER environment variable, or if the USER environment
-variable is not set, the username corresponding to the real user id of
-the caller.
-
-If the password is non-NULL, then this string is used as the password.
-Otherwise, the prompter function will be used to prompt the user for
-the password.
-
-If a prompter function is non-NULL, it will be used if additional user
-input is required, such as if the user's password has expired and
-needs to be changed, or if input preauthentication is necessary.  If
-no function is specified and input is required, then the login will
-fail.
-
-	The context argument is the same as that passed to krb5_login.
-	The data argument is passed unmodified to the prompter
-	function and is intended to be used to pass application data
-	(such as a display handle) to the prompter function.
-
-	The banner argument, if non-NULL, will indicate what sort of
-	input is expected from the user (for example, "Password has
-	expired and must be changed" or "Enter Activcard response for
-	challenge 012345678"), and should be displayed accordingly.
-	
-	The num_prompts argument indicates the number of values which
-	should be prompted for.  If num_prompts == 0, then the banner
-	contains an informational message which should be displayed to
-	the user.
-
-	The prompts argument contains an array describing the values
-	for which the user should be prompted.  The prompt member
-	indicates the prompt for each value ("Enter new
-	password"/"Enter it again", or "Challenge response").  The
-	hidden member is nonzero if the response should not be
-	displayed back to the user.  The reply member is a pointer to
-	krb5_data structure which has already been allocated.  The
-	prompter should fill in the structure with the NUL-terminated
-	response from the user.
-
-	If the response data does not fit, or if any other error
-	occurs, then the prompter function should return a non-zero
-	value which will be returned by the krb5_get_init_creds
-	function. Otherwise, zero should be returned.
-
-	The library function krb5_prompter_posix() implements
-	a prompter using a posix terminal for user in.  This function
-	does not use the data argument.
-
-If the start_time is zero, then the requested ticket will be valid
-beginning immediately.  Otherwise, the start_time indicates how far in
-the future the ticket should be postdated.
-
-If the in_tkt_service name is non-NULL, that principal name will be
-used as the server name for the initial ticket request.  The realm of
-the name specified will be ignored and will be set to the realm of the
-client name.  If no in_tkt_service name is specified,
-krbtgt/CLIENT-REALM@CLIENT-REALM will be used.
-
-For the rest of arguments, a configuration or library default will be
-used if no value is specified in the options structure.
-
-If a tkt_life is specified, that will be the lifetime of the ticket.
-The library default is 10 hours; there is no configuration variable
-(there should be, but it's not there now).
-
-If a renew_life is specified and non-zero, then the RENEWABLE option
-on the ticket will be set, and the value of the argument will be the
-the renewable lifetime.  The configuration variable [libdefaults]
-"renew_lifetime" is the renewable lifetime if none is passed in.  The
-library default is not to set the RENEWABLE option.
-
-If forwardable is specified, the FORWARDABLE option on the ticket will
-be set if and only if forwardable is non-zero.  The configuration
-variable [libdefaults] "forwardable" is used if no value is passed in.
-The option will be set if and only if the variable is "y", "yes",
-"true", "t", "1", or "on", case insensitive.  The library default is
-not to set the FORWARDABLE option.
-
-If proxiable is specified, the PROXIABLE option on the ticket will be
-set if and only if proxiable is non-zero.  The configuration variable
-[libdefaults] "proxiable" is used if no value is passed in.  The
-option will be set if and only if the variable is "y", "yes", "true",
-"t", "1", or "on", case insensitive.  The library default is not to
-set the PROXIABLE option.
-
-If etype_list is specified, it will be used as the list of desired
-encryption algorithms in the request.  The configuration variable
-[libdefaults] "default_tkt_enctypes" is used if no value is passed in.
-The library default is "des-cbc-md5 des-cbc-crc".
-
-If address_list is specified, it will be used as the list of addresses
-for which the ticket will be valid.  The library default is to use all
-local non-loopback addresses.  There is no configuration variable.
-
-If preauth_list is specified, it names preauth data types which will
-be included in the request.  The library default is to interact with
-the kdc to determine the required preauth types.  There is no
-configuration variable.
-
-If salt is specified, it specifies the salt which will be used when
-converting the password to a key.  The library default is to interact
-with the kdc to determine the correct salt.  There is no configuration
-variable.
-
-================================================================
-
-typedef struct _krb5_verify_init_creds_opt {
-    krb5_flags flags;
-    int ap_req_nofail;
-} krb5_verify_init_creds_opt;
-
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
-
-void krb5_verify_init_creds_opt_init(krb5_init_creds_opt *options);
-void krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_init_creds_opt *options,
-						  int ap_req_nofail);
-
-krb5_error_code
-krb5_verify_init_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_principal ap_req_server,
-		       krb5_keytab ap_req_keytab,
-		       krb5_ccache *ccache,
-		       krb5_verify_init_creds_opt *options);
-
-This function will use the initial ticket in creds to make an AP_REQ
-and verify it to insure that the AS_REP has not been spoofed.
-
-If the ap_req_server name is non-NULL, then this service name will be
-used for the AP_REQ; otherwise, the default host key
-(host/hostname.domain@LOCAL-REALM) will be used.
-
-If ap_req_keytab is non-NULL, the service key for the verification
-will be read from that keytab; otherwise, the service key will be read
-from the default keytab. 
-
-If the service of the ticket in creds is the same as the service name
-for the AP_REQ, then this ticket will be used directly.  If the ticket
-is a tgt, then it will be used to obtain credentials for the service.
-Otherwise, the verification will fail, and return an error.
-
-Other failures of the AP_REQ verification may or may not be considered
-errors, as described below.
-
-If a pointer to a credential cache handle is specified, and the handle
-is NULL, a credential cache handle referring to all credentials
-obtained in the course of verifying the user will be returned.  In
-order to avoid potential setuid race conditions and other problems
-related to file system access, this handle will refer to a memory
-credential cache.  If the handle is non-NULL, then the credentials
-will be added to the existing ccache.  If the caller only wishes to
-verify the password and will not be doing any other kerberos
-functions, then a NULL pointer may be specified, and the credentials
-will be deleted before the function returns.
-
-If ap_req_nofail is specified, then failures of the AP_REQ
-verification are considered errors if and only if ap_req_nofail is
-non-zero.
-
-Whether or not AP_REQ validation is performed and what failures mean
-depends on these inputs:
-
- A) The appropriate keytab exists and contains the named key.
-
- B) An AP_REQ request to the kdc succeeds, and the resulting AP_REQ
-can be decrypted and verified.
-
- C) The administrator has specified in a configuration file that
-AP_REQ validation must succeed.  This is basically a paranoid bit, and
-can be overridden by the application based on a command line flag or
-other application-specific info.  This flag is especially useful if
-the admin is concerned that DNS might be spoofed while determining the
-host/FQDN name.  The configuration variable [libdefaults]
-"verify_ap_req_nofail" is used if no value is passed in.  The library
-default is not to set this option.
-
-Initial ticket verification will succeed if and only if:
-
- - A && B    or
- - !A && !C
-
-================================================================
-
-For illustrative purposes, here's the invocations I expect some
-programs will use.  Of course, error checking needs to be added.
-
-kinit:
-
-    /* Fill in client from the command line || existing ccache, and,
-       start_time, and options.{tkt_life,renew_life,forwardable,proxiable}
-       from the command line.  Some or all may remain unset. */
-
-    krb5_get_init_creds(context, &creds, client,
-			krb5_initial_prompter_posix, NULL,
-			start_time, NULL, &options);
-    krb5_cc_store_cred(context, ccache, &creds);
-    krb5_free_cred_contents(context, &creds);
-
-login:
-
-    krb5_get_init_creds(context, &creds, client,
-			krb5_initial_prompter_posix, NULL,
-			0, NULL, NULL);
-    krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
-    /* setuid */
-    krb5_cc_store_cred(context, ccache, &creds);
-    krb5_cc_copy(context, vcc, ccache);
-    krb5_free_cred_contents(context, &creds);
-    krb5_cc_destroy(context, vcc);
-
-xdm:
-
-    krb5_get_initial_creds(context, &creds, client,
-			   krb5_initial_prompter_xt, (void *) &xtstuff,
-			   0, NULL, NULL);
-    krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
-    /* setuid */
-    krb5_cc_store_cred(context, ccache, &creds);
-    krb5_free_cred_contents(context, &creds);
-    krb5_cc_copy(context, vcc, ccache);
-    krb5_cc_destroy(context, vcc);
-
-passwd:
-
-    krb5_init_creds_opt_init(&options);
-    krb5_init_creds_opt_set_tkt_life = 300;
-    krb5_get_initial_creds(context, &creds, client,
-			   krb5_initial_prompter_posix, NULL,
-			   0, "kadmin/changepw", &options);
-    /* change password */
-    krb5_free_cred_contents(context, &creds);
-
-pop3d (simple password validator when no user interation possible):
-
-    krb5_get_initial_creds(context, &creds, client,
-			   NULL, NULL, 0, NULL, NULL);
-    krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
-    krb5_cc_destroy(context, vcc);
-
-================================================================
-
-password expiration has a subtlety.  When a password expires and is
-changed, there is a delay between when the master gets the new key
-(immediately), and the slaves (propogation interval).  So, when
-getting an in_tkt, if the password is expired, the request should be
-reissued to the master (this kind of sucks if you have SAM, oh well).
-If this says expired, too, then the password should be changed, and
-then the initial ticket request should be issued to the master again.
-If the master times out, then a message that the password has expired
-and cannot be changed due to the master being unreachable should be
-displayed.
-
-================================================================
-
-get_init_creds reads config stuff from:
-
-[libdefaults]
-	varname1 = defvalue
-	REALM = {
-		varname1 = value
-		varname2 = value
-	}
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;	/* varname = "ticket_lifetime" */
-    krb5_deltat renew_life;	/* varname = "renew_lifetime" */
-    int forwardable;		/* varname = "forwardable" */
-    int proxiable;		/* varname = "proxiable" */
-    krb5_enctype *etype_list;	/* varname = "default_tkt_enctypes" */
-    int etype_list_length;
-    krb5_address **address_list; /* no varname */
-    krb5_preauthtype *preauth_list; /* no varname */
-    int preauth_list_length;
-    krb5_data *salt;
-} krb5_get_init_creds_opt;
-
-
diff --git a/crypto/heimdal/doc/install.texi b/crypto/heimdal/doc/install.texi
deleted file mode 100644
index d12ace9bf355..000000000000
--- a/crypto/heimdal/doc/install.texi
+++ /dev/null
@@ -1,106 +0,0 @@
-@c $Id: install.texi,v 1.18 2002/09/04 03:18:48 assar Exp $
-
-@node Building and Installing, Setting up a realm, What is Kerberos?, Top
-@comment  node-name,  next,  previous,  up
-@chapter Building and Installing
-
-Heimdal uses GNU Autoconf to configure for specific hosts, and GNU
-Automake to manage makefiles. If this is new to you, the short
-instruction is to run the @code{configure} script in the top level
-directory, and when that finishes @code{make}.
-
-If you want to build the distribution in a different directory from the
-source directory, you will need a make that implements VPATH correctly,
-such as GNU make.
-
-You will need to build the distribution:
-
-@itemize @bullet
-@item
-A compiler that supports a ``loose'' ANSI C mode, such as @code{gcc}.
-@item
-lex or flex
-@item
-awk
-@item
-yacc or bison
-@item
-a socket library
-@item
-NDBM or Berkeley DB for building the server side.
-@end itemize
-
-When everything is built, you can install by doing @kbd{make
-install}. The default location for installation is @file{/usr/heimdal},
-but this can be changed by running @code{configure} with
-@samp{--prefix=/some/other/place}.
-
-If you need to change the default behavior, configure understands the
-following options:
-
-@table @asis
-@item @kbd{--without-berkeley-db}
-DB is preferred before NDBM, but if you for some reason want to use NDBM
-instead, you can use this option.
-
-@item @kbd{--with-krb4=@file{dir}}
-Gives the location of Kerberos 4 libraries and headers. This enables
-Kerberos 4 support in the applications (telnet, rsh, popper, etc) and
-the KDC. It is automatically check for in @file{/usr/athena}. If you
-keep libraries and headers in different places, you can instead give the
-path to each with the @kbd{--with-krb4-lib=@file{dir}}, and
-@kbd{--with-krb4-include=@file{dir}} options.
-
-You will need a fairly recent version of our Kerberos 4 distribution for
-@code{rshd} and @code{popper} to support version 4 clients.
-
-@item @kbd{--enable-dce}
-Enables support for getting DCE credentials and tokens.  See the README
-files in @file{appl/dceutils} for more information.
-
-@item @kbd{--disable-otp}
-By default some of the application programs will build with support for
-one-time passwords (OTP).  Use this option to disable that support.
-
-@item @kbd{--enable-osfc2}
-Enable some C2 support for OSF/Digital Unix/Tru64.  Use this option if
-you are running your OSF operating system in C2 mode.
-
-@item @kbd{--with-readline=@file{dir}}
-Gives the path for the GNU Readline library, which will be used in some
-programs. If no readline library is found, the (simpler) editline
-library will be used instead.
-
-@item @kbd{--with-hesiod=@file{dir}}
-Enables hesiod support in push.
-
-@item @kbd{--enable-netinfo}
-Add support for using netinfo to lookup configuration information.
-Probably only useful (and working) on NextStep/Mac OS X.
-
-@item @kbd{--without-ipv6}
-Disable the IPv6 support.
-
-@item @kbd{--with-openldap}
-Compile Heimdal with support for storing the database in LDAP.  Requires
-OpenLDAP @url{http://www.openldap.org}.  See
-@url{http://www.padl.com/~lukeh/heimdal/} for more information.
-
-@item @kbd{--enable-bigendian}
-@item @kbd{--enable-littleendian}
-Normally, the build process will figure out by itself if the machine is
-big or little endian.  It might fail in some cases when
-cross-compiling.  If it does fail to figure it out, use the relevant of
-these two options.
-
-@item @kbd{--with-mips-abi=@var{abi}}
-On Irix there are three different ABIs that can be used (@samp{32},
-@samp{n32}, or @samp{64}).  This option allows you to override the
-automatic selection.
-
-@item @kbd{--disable-mmap}
-Do not use the mmap system call.  Normally, configure detects if there
-is a working mmap and it is only used if there is one.  Only try this
-option if it fails to work anyhow.
-
-@end table
diff --git a/crypto/heimdal/doc/intro.texi b/crypto/heimdal/doc/intro.texi
deleted file mode 100644
index c190fe218259..000000000000
--- a/crypto/heimdal/doc/intro.texi
+++ /dev/null
@@ -1,101 +0,0 @@
-@c $Id: intro.texi,v 1.13 2003/03/15 13:42:16 lha Exp $
-
-@node Introduction, What is Kerberos?, Top, Top
-@c @node Introduction, What is Kerberos?, Top, Top
-@comment  node-name,  next,  previous,  up
-@chapter Introduction
-
-@heading What is Heimdal?
-
-Heimdal is a free implementation of Kerberos 5. The goals are to:
-
-@itemize @bullet
-@item
-have an implementation that can be freely used by anyone
-@item
-be protocol compatible with existing implementations and, if not in
-conflict, with RFC 1510 (and any future updated RFC)
-@item
-be reasonably compatible with the M.I.T Kerberos V5 API
-@item
-have support for Kerberos V5 over GSS-API (RFC1964)
-@item
-include the most important and useful application programs (rsh, telnet,
-popper, etc.)
-@item
-include enough backwards compatibility with Kerberos V4
-@end itemize
-
-@heading Status
-
-Heimdal has the following features (this does not mean any of this
-works):
-
-@itemize @bullet
-@item
-a stub generator and a library to encode/decode/whatever ASN.1/DER
-stuff
-@item
-a @code{libkrb5} library that should be possible to get to work with
-simple applications
-@item
-a GSS-API library that should have all the important functions for
-building applications
-@item
-Eric Young's @file{libdes}
-@item
-@file{kinit}, @file{klist}, @file{kdestroy}
-@item
-@file{telnet}, @file{telnetd}
-@item
-@file{rsh}, @file{rshd}
-@item
-@file{popper}, @file{push} (a movemail equivalent)
-@item
-@file{ftp}, and @file{ftpd}
-@item
-a library @file{libkafs} for authenticating to AFS and a program
-@file{afslog} that uses it
-@item
-some simple test programs
-@item
-a KDC that supports most things; optionally, it may also support
-Kerberos V4 and kaserver,
-@item
-simple programs for distributing databases between a KDC master and
-slaves
-@item
-a password changing daemon @file{kpasswdd}, library functions for
-changing passwords and a simple client
-@item
-some kind of administration system
-@item
-Kerberos V4 support in many of the applications.
-@end itemize
-
-@heading Bug reports
-
-If you find bugs in this software, make sure it is a genuine bug and not
-just a part of the code that isn't implemented.
-
-Bug reports should be sent to @email{heimdal-bugs@@pdc.kth.se}. Please
-include information on what machine and operating system (including
-version) you are running, what you are trying to do, what happens, what
-you think should have happened, an example for us to repeat, the output
-you get when trying the example, and a patch for the problem if you have
-one. Please make any patches with @code{diff -u} or @code{diff -c}.
-
-Suggestions, comments and other non bug reports are also welcome.
-
-@heading Mailing list
-
-There are two mailing lists with talk about
-Heimdal. @email{heimdal-announce@@sics.se} is a low-volume announcement
-list, while @email{heimdal-discuss@@sics.se} is for general discussion.
-Send a message to @email{majordomo@@sics.se} to subscribe.
-
-@heading Heimdal source code, binaries and the manual
-
-The source code for heimdal, links to binaries and the manual (this
-document) can be found on our web-page at
-@url{http://www.pdc.kth.se/heimdal/}.
diff --git a/crypto/heimdal/doc/kerberos4.texi b/crypto/heimdal/doc/kerberos4.texi
deleted file mode 100644
index 42a5f898f17e..000000000000
--- a/crypto/heimdal/doc/kerberos4.texi
+++ /dev/null
@@ -1,226 +0,0 @@
-@c $Id: kerberos4.texi,v 1.16 2001/07/19 17:17:46 assar Exp $
-
-@node Kerberos 4 issues, Windows 2000 compatability, Things in search for a better place, Top
-@comment  node-name,  next,  previous,  up
-@chapter Kerberos 4 issues
-
-If compiled with version 4 support, the KDC can serve requests from a
-Kerberos 4 client. There are a few things you must do for this to work.
-
-The KDC will also have kaserver emulation and be able to handle
-AFS-clients that use @code{klog}.
-
-@menu
-* Principal conversion issues::  
-* Converting a version 4 database::  
-* kaserver::
-@end menu
-
-@node Principal conversion issues, Converting a version 4 database, Kerberos 4 issues, Kerberos 4 issues
-@section Principal conversion issues
-
-First, Kerberos 4 and Kerberos 5 principals are different. A version 4
-principal consists of a name, an instance, and a realm. A version 5
-principal has one or more components, and a realm (the terms ``name''
-and ``instance'' are still used, for the first and second component,
-respectively).    Also, in some cases the name of a version 4 principal
-differs from the first component of the corresponding version 5
-principal. One notable example is the ``host'' type principals, where
-the version 4 name is @samp{rcmd} (for ``remote command''), and the
-version 5 name is @samp{host}. For the class of principals that has a
-hostname as instance, there is an other major difference, Kerberos 4
-uses only the first component of the hostname, whereas Kerberos 5 uses
-the fully qualified hostname.
-
-Because of this it can be hard or impossible to correctly convert a
-version 4 principal to a version 5 principal @footnote{the other way is
-not always trivial either, but usually easier}. The biggest problem is
-to know if the conversion resulted in a valid principal. To give an
-example, suppose you want to convert the principal @samp{rcmd.foo}.
-
-The @samp{rcmd} name suggests that the instance is a hostname (even if
-there are exceptions to this rule). To correctly convert the instance
-@samp{foo} to a hostname, you have to know which host it is referring
-to. You can to this by either guessing (from the realm) which domain
-name to append, or you have to have a list of possible hostnames. In the
-simplest cases you can cover most principals with the first rule. If you
-have several domains sharing a single realm this will not usually
-work. If the exceptions are few you can probably come by with a lookup
-table for the exceptions.
-
-In a complex scenario you will need some kind of host lookup mechanism.
-Using DNS for this is tempting, but DNS is error prone, slow and unsafe
-@footnote{at least until secure DNS is commonly available}.
-
-Fortunately, the KDC has a trump on hand: it can easily tell if a
-principal exists in the database. The KDC will use
-@code{krb5_425_conv_principal_ext} to convert principals when handling
-to version 4 requests.
-
-@node Converting a version 4 database, kaserver , Principal conversion issues, Kerberos 4 issues
-@section Converting a version 4 database
-
-If you want to convert an existing version 4 database, the principal
-conversion issue arises too.
-
-If you decide to convert your database once and for all, you will only
-have to do this conversion once. It is also possible to run a version 5
-KDC as a slave to a version 4 KDC. In this case this conversion will
-happen every time the database is propagated.  When doing this
-conversion, there are a few things to look out for. If you have stale
-entries in the database, these entries will not be converted. This might
-be because these principals are not used anymore, or it might be just
-because the principal couldn't be converted.
-
-You might also see problems with a many-to-one mapping of
-principals. For instance, if you are using DNS lookups and you have two
-principals @samp{rcmd.foo} and @samp{rcmd.bar}, where `foo' is a CNAME
-for `bar', the resulting principals will be the same. Since the
-conversion function can't tell which is correct, these conflicts will
-have to be resolved manually.
-
-@subsection Conversion example
-
-Given the following set of hosts and services:
-
-@example
-foo.se          rcmd
-mail.foo.se     rcmd, pop
-ftp.bar.se      rcmd, ftp
-@end example
-
-you have a database that consists of the following principals:
-
-@samp{rcmd.foo}, @samp{rcmd.mail}, @samp{pop.mail}, @samp{rcmd.ftp}, and
-@samp{ftp.ftp}.
-
-lets say you also got these extra principals: @samp{rcmd.gone},
-@samp{rcmd.old-mail}, where @samp{gone.foo.se} was a machine that has
-now passed away, and @samp{old-mail.foo.se} was an old mail machine that
-is now a CNAME for @samp{mail.foo.se}.
-
-When you convert this database you want the following conversions to be
-done:
-@example
-rcmd.foo         host/foo.se
-rcmd.mail        host/mail.foo.se
-pop.mail         pop/mail.foo.se
-rcmd.ftp         host/ftp.bar.se
-ftp.ftp          ftp/ftp.bar.se
-rcmd.gone        @i{removed}
-rcmd.old-mail    @i{removed}
-@end example
-
-A @file{krb5.conf} that does this looks like:
-
-@example
-[realms]
-        FOO.SE = @{
-                v4_name_convert = @{
-                        host = @{
-                                ftp = ftp
-                                pop = pop
-                                rcmd = host
-                        @}
-                @}
-                v4_instance_convert = @{
-                        foo = foo.se
-                        ftp = ftp.bar.se
-                @}
-                default_domain = foo.se
-        @}
-@end example
-
-The @samp{v4_name_convert} section says which names should be considered
-having an instance consisting of a hostname, and it also says how the
-names should be converted (for instance @samp{rcmd} should be converted
-to @samp{host}). The @samp{v4_instance_convert} section says how a
-hostname should be qualified (this is just a hosts-file in
-disguise). Host-instances that aren't covered by
-@samp{v4_instance_convert} are qualified by appending the contents of
-the @samp{default_domain}.
-
-Actually, this example doesn't work. Or rather, it works to well. Since
-it has no way of knowing which hostnames are valid and which are not, it
-will happily convert @samp{rcmd.gone} to @samp{host/gone.foo.se}. This
-isn't a big problem, but if you have run your kerberos realm for a few
-years, chances are big that you have quite a few `junk' principals.
-
-If you don't want this you can remove the @samp{default_domain}
-statement, but then you will have to add entries for @emph{all} your hosts
-in the @samp{v4_instance_convert} section.
-
-Instead of doing this you can use DNS to convert instances. This is not
-a solution without problems, but it is probably easier than adding lots
-of static host entries. 
-
-To enable DNS lookup you should turn on @samp{v4_instance_resolve} in
-the @samp{[libdefaults]} section.
-
-@subsection Converting a database
-
-The database conversion is done with @samp{hprop}. You can run this
-command to propagate the database to the machine called
-@samp{slave-server} (which should be running a @samp{hpropd}).
-
-@example
-hprop --source=krb4-db --master-key=/.m slave-server
-@end example
-
-This command can also be to use for converting the v4 database on the
-server:
-
-@example
-hprop -n --source=krb4-db -d /var/kerberos/principal --master-key=/.m | hpropd -n
-@end example
-
-@section Version 4 Kadmin
-
-@samp{kadmind} can act as a version 4 kadmind, and you can do most
-operations, but with some restrictions (since the version 4 kadmin
-protocol is, lets say, very ad hoc.) One example is that it only passes
-des keys when creating principals and changing passwords (modern kpasswd
-clients do send the password, so it's possible to to password quality
-checks). Because of this you can only create principals with des keys,
-and you can't set any flags or do any other fancy stuff.
-
-To get this to work, you have to add another entry to inetd (since
-version 4 uses port 751, not 749).
-
-@emph{And then there are a many more things you can do; more on this in
-a later version of this manual. Until then, UTSL.}
-
-@node kaserver, , Converting a version 4 database, Kerberos 4 issues
-@section kaserver
-
-@subsection kaserver emulation
-
-The Heimdal kdc can emulate a kaserver. The kaserver is a Kerberos 4
-server with pre-authentication using Rx as the on-wire protocol. The kdc
-contains a minimalistic Rx implementation.
-
-There are three parts of the kaserver; KAA (Authentication), KAT (Ticket
-Granting), and KAM (Maintenance). The KAA interface and KAT interface
-both passes over DES encrypted data-blobs (just like the
-Kerberos-protocol) and thus do not need any other protection.  The KAM
-interface uses @code{rxkad} (Kerberos authentication layer for Rx) for
-security and data protection, and is used for example for changing
-passwords.  This part is not implemented in the kdc.
-
-Another difference between the ka-protocol and the Kerberos 4 protocol
-is that the pass-phrase is salted with the cellname in the @code{string to
-key} function in the ka-protocol, while in the Kerberos 4 protocol there
-is no salting of the password at all. To make sure AFS-compatible keys
-are added to each principals when they are created or their password are
-changed, @samp{afs3-salt} should be added to
-@samp{[kadmin]default_keys}.
-
-@subsection Transarc AFS Windows client
-
-The Transarc Windows client uses Kerberos 4 to obtain tokens, and thus
-does not need a kaserver. The Windows client assumes that the Kerberos
-server is on the same machine as the AFS-database server. If you do not
-like to do that you can add a small program that runs on the database
-servers that forward all kerberos requests to the real kerberos
-server. A program that does this is @code{krb-forward}
-(@url{ftp://ftp.stacken.kth.se/pub/projekts/krb-forward}).
diff --git a/crypto/heimdal/doc/latin1.tex b/crypto/heimdal/doc/latin1.tex
deleted file mode 100644
index e683dd271dc1..000000000000
--- a/crypto/heimdal/doc/latin1.tex
+++ /dev/null
@@ -1,95 +0,0 @@
-% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts.
-% Jan Michael Rynning <jmr@nada.kth.se> 1990-10-12
-\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi}
-\global\catcode`\^^a0=\active \global\let^^a0=~		% no-break space
-\global\catcode`\^^a1=\active \global\def^^a1{!`}		% inverted exclamation mark
-\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}}	% cent sign
-\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}}	% pound sign
-% currency sign, yen sign, broken bar
-\global\catcode`\^^a7=\active \global\let^^a7=\S		% section sign
-\global\catcode`\^^a8=\active \global\def^^a8{\"{}}		% diaeresis
-\global\catcode`\^^a9=\active \global\let^^a9=\copyright	% copyright sign
-% feminine ordinal indicator, left angle quotation mark
-\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign
-\global\catcode`\^^ad=\active \global\let^^ad=\-		% soft hyphen
-% registered trade mark sign
-\global\catcode`\^^af=\active \global\def^^af{\={}}		% macron
-% ...
-\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm}	% plus minus
-\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}}
-\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}}
-\global\catcode`\^^b4=\active \global\def^^b4{\'{}}		% acute accent
-\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu}	% mu
-\global\catcode`\^^b6=\active \global\let^^b6=\P		% pilcroy
-\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}}
-\global\catcode`\^^b8=\active \global\def^^b8{\c{}}		% cedilla
-\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}}
-% ...
-\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}}
-\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}}
-\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}}
-\global\catcode`\^^bf=\active \global\def^^bf{?`}		% inverted question mark
-\global\catcode`\^^c0=\active \global\def^^c0{\`A}
-\global\catcode`\^^c1=\active \global\def^^c1{\'A}
-\global\catcode`\^^c2=\active \global\def^^c2{\^A}
-\global\catcode`\^^c3=\active \global\def^^c3{\~A}
-\global\catcode`\^^c4=\active \global\def^^c4{\"A}		% capital a with diaeresis
-\global\catcode`\^^c5=\active \global\let^^c5=\AA		% capital a with ring above
-\global\catcode`\^^c6=\active \global\let^^c6=\AE
-\global\catcode`\^^c7=\active \global\def^^c7{\c C}
-\global\catcode`\^^c8=\active \global\def^^c8{\`E}
-\global\catcode`\^^c9=\active \global\def^^c9{\'E}
-\global\catcode`\^^ca=\active \global\def^^ca{\^E}
-\global\catcode`\^^cb=\active \global\def^^cb{\"E}
-\global\catcode`\^^cc=\active \global\def^^cc{\`I}
-\global\catcode`\^^cd=\active \global\def^^cd{\'I}
-\global\catcode`\^^ce=\active \global\def^^ce{\^I}
-\global\catcode`\^^cf=\active \global\def^^cf{\"I}
-% capital eth
-\global\catcode`\^^d1=\active \global\def^^d1{\~N}
-\global\catcode`\^^d2=\active \global\def^^d2{\`O}
-\global\catcode`\^^d3=\active \global\def^^d3{\'O}
-\global\catcode`\^^d4=\active \global\def^^d4{\^O}
-\global\catcode`\^^d5=\active \global\def^^d5{\~O}
-\global\catcode`\^^d6=\active \global\def^^d6{\"O}		% capital o with diaeresis
-\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign
-\global\catcode`\^^d8=\active \global\let^^d8=\O
-\global\catcode`\^^d9=\active \global\def^^d9{\`U}
-\global\catcode`\^^da=\active \global\def^^da{\'U}
-\global\catcode`\^^db=\active \global\def^^db{\^U}
-\global\catcode`\^^dc=\active \global\def^^dc{\"U}
-\global\catcode`\^^dd=\active \global\def^^dd{\'Y}
-% capital thorn
-\global\catcode`\^^df=\active \global\def^^df{\ss}
-\global\catcode`\^^e0=\active \global\def^^e0{\`a}
-\global\catcode`\^^e1=\active \global\def^^e1{\'a}
-\global\catcode`\^^e2=\active \global\def^^e2{\^a}
-\global\catcode`\^^e3=\active \global\def^^e3{\~a}
-\global\catcode`\^^e4=\active \global\def^^e4{\"a}		% small a with diaeresis
-\global\catcode`\^^e5=\active \global\let^^e5=\aa		% small a with ring above
-\global\catcode`\^^e6=\active \global\let^^e6=\ae
-\global\catcode`\^^e7=\active \global\def^^e7{\c c}
-\global\catcode`\^^e8=\active \global\def^^e8{\`e}
-\global\catcode`\^^e9=\active \global\def^^e9{\'e}
-\global\catcode`\^^ea=\active \global\def^^ea{\^e}
-\global\catcode`\^^eb=\active \global\def^^eb{\"e}
-\global\catcode`\^^ec=\active \global\def^^ec{\`\i}
-\global\catcode`\^^ed=\active \global\def^^ed{\'\i}
-\global\catcode`\^^ee=\active \global\def^^ee{\^\i}
-\global\catcode`\^^ef=\active \global\def^^ef{\"\i}
-% small eth
-\global\catcode`\^^f1=\active \global\def^^f1{\~n}
-\global\catcode`\^^f2=\active \global\def^^f2{\`o}
-\global\catcode`\^^f3=\active \global\def^^f3{\'o}
-\global\catcode`\^^f4=\active \global\def^^f4{\^o}
-\global\catcode`\^^f5=\active \global\def^^f5{\~o}
-\global\catcode`\^^f6=\active \global\def^^f6{\"o}		% small o with diaeresis
-\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign
-\global\catcode`\^^f8=\active \global\let^^f8=\o
-\global\catcode`\^^f9=\active \global\def^^f9{\`u}
-\global\catcode`\^^fa=\active \global\def^^fa{\'u}
-\global\catcode`\^^fb=\active \global\def^^fb{\^u}
-\global\catcode`\^^fc=\active \global\def^^fc{\"u}
-\global\catcode`\^^fd=\active \global\def^^fd{\'y}
-% capital thorn
-\global\catcode`\^^ff=\active \global\def^^ff{\"y}
diff --git a/crypto/heimdal/doc/layman.asc b/crypto/heimdal/doc/layman.asc
deleted file mode 100644
index d4fbe64be99d..000000000000
--- a/crypto/heimdal/doc/layman.asc
+++ /dev/null
@@ -1,1855 +0,0 @@
-A Layman's Guide to a Subset of ASN.1, BER, and DER
-
-An RSA Laboratories Technical Note
-Burton S. Kaliski Jr.
-Revised November 1, 1993
-
-
-Supersedes June 3, 1991 version, which was also published as
-NIST/OSI Implementors' Workshop document SEC-SIG-91-17.
-PKCS documents are available by electronic mail to
-<pkcs@rsa.com>.
-
-Copyright (C) 1991-1993 RSA Laboratories, a division of RSA
-Data Security, Inc. License to copy this document is granted
-provided that it is identified as "RSA Data Security, Inc.
-Public-Key Cryptography Standards (PKCS)" in all material
-mentioning or referencing this document.
-003-903015-110-000-000
-
-
-Abstract. This note gives a layman's introduction to a
-subset of OSI's Abstract Syntax Notation One (ASN.1), Basic
-Encoding Rules (BER), and Distinguished Encoding Rules
-(DER). The particular purpose of this note is to provide
-background material sufficient for understanding and
-implementing the PKCS family of standards.
-
-
-1. Introduction
-
-It is a generally accepted design principle that abstraction
-is a key to managing software development. With abstraction,
-a designer can specify a part of a system without concern
-for how the part is actually implemented or represented.
-Such a practice leaves the implementation open; it
-simplifies the specification; and it makes it possible to
-state "axioms" about the part that can be proved when the
-part is implemented, and assumed when the part is employed
-in another, higher-level part. Abstraction is the hallmark
-of most modern software specifications.
-
-One of the most complex systems today, and one that also
-involves a great deal of abstraction, is Open Systems
-Interconnection (OSI, described in X.200). OSI is an
-internationally standardized architecture that governs the
-interconnection of computers from the physical layer up to
-the user application layer. Objects at higher layers are
-defined abstractly and intended to be implemented with
-objects at lower layers. For instance, a service at one
-layer may require transfer of certain abstract objects
-between computers; a lower layer may provide transfer
-services for strings of ones and zeroes, using encoding
-rules to transform the abstract objects into such strings.
-OSI is called an open system because it supports many
-different implementations of the services at each layer.
-
-OSI's method of specifying abstract objects is called ASN.1
-(Abstract Syntax Notation One, defined in X.208), and one
-set of rules for representing such objects as strings of
-ones and zeros is called the BER (Basic Encoding Rules,
-defined in X.209). ASN.1 is a flexible notation that allows
-one to define a variety data types, from simple types such
-as integers and bit strings to structured types such as sets
-and sequences, as well as complex types defined in terms of
-others. BER describes how to represent or encode values of
-each ASN.1 type as a string of eight-bit octets. There is
-generally more than one way to BER-encode a given value.
-Another set of rules, called the Distinguished Encoding
-Rules (DER), which is a subset of BER, gives a unique
-encoding to each ASN.1 value.
-
-The purpose of this note is to describe a subset of ASN.1,
-BER and DER sufficient to understand and implement one OSI-
-based application, RSA Data Security, Inc.'s Public-Key
-Cryptography Standards. The features described include an
-overview of ASN.1, BER, and DER and an abridged list of
-ASN.1 types and their BER and DER encodings. Sections 2-4
-give an overview of ASN.1, BER, and DER, in that order.
-Section 5 lists some ASN.1 types, giving their notation,
-specific encoding rules, examples, and comments about their
-application to PKCS. Section 6 concludes with an example,
-X.500 distinguished names.
-
-Advanced features of ASN.1, such as macros, are not
-described in this note, as they are not needed to implement
-PKCS. For information on the other features, and for more
-detail generally, the reader is referred to CCITT
-Recommendations X.208 and X.209, which define ASN.1 and BER.
-
-Terminology and notation. In this note, an octet is an eight-
-bit unsigned integer. Bit 8 of the octet is the most
-significant and bit 1 is the least significant.
-
-The following meta-syntax is used for in describing ASN.1
-notation:
-
-     BIT  monospace denotes literal characters in the type
-          and value notation; in examples, it generally
-          denotes an octet value in hexadecimal
-
-     n1   bold italics denotes a variable
-
-     []   bold square brackets indicate that a term is
-          optional
-
-     {}   bold braces group related terms
-
-     |    bold vertical bar delimits alternatives with a
-          group
-
-     ...  bold ellipsis indicates repeated occurrences
-
-     =    bold equals sign expresses terms as subterms
-
-
-2. Abstract Syntax Notation One
-
-Abstract Syntax Notation One, abbreviated ASN.1, is a
-notation for describing abstract types and values.
-
-In ASN.1, a type is a set of values. For some types, there
-are a finite number of values, and for other types there are
-an infinite number. A value of a given ASN.1 type is an
-element of the type's set. ASN.1 has four kinds of type:
-simple types, which are "atomic" and have no components;
-structured types, which have components; tagged types, which
-are derived from other types; and other types, which include
-the CHOICE type and the ANY type. Types and values can be
-given names with the ASN.1 assignment operator (::=) , and
-those names can be used in defining other types and values.
-
-Every ASN.1 type other than CHOICE and ANY has a tag, which
-consists of a class and a nonnegative tag number. ASN.1
-types are abstractly the same if and only if their tag
-numbers are the same. In other words, the name of an ASN.1
-type does not affect its abstract meaning, only the tag
-does. There are four classes of tag:
-
-     Universal, for types whose meaning is the same in all
-          applications; these types are only defined in
-          X.208.
-
-     Application, for types whose meaning is specific to an
-          application, such as X.500 directory services;
-          types in two different applications may have the
-          same application-specific tag and different
-          meanings.
-
-     Private, for types whose meaning is specific to a given
-          enterprise.
-
-     Context-specific, for types whose meaning is specific
-          to a given structured type; context-specific tags
-          are used to distinguish between component types
-          with the same underlying tag within the context of
-          a given structured type, and component types in
-          two different structured types may have the same
-          tag and different meanings.
-
-The types with universal tags are defined in X.208, which
-also gives the types' universal tag numbers. Types with
-other tags are defined in many places, and are always
-obtained by implicit or explicit tagging (see Section 2.3).
-Table 1 lists some ASN.1 types and their universal-class
-tags.
-
-    Type                     Tag number     Tag number
-                             (decimal)      (hexadecimal)
-    INTEGER                  2              02
-    BIT STRING               3              03
-    OCTET STRING             4              04
-    NULL                     5              05
-    OBJECT IDENTIFIER        6              06
-    SEQUENCE and SEQUENCE OF 16             10
-    SET and SET OF           17             11
-    PrintableString          19             13
-    T61String                20             14
-    IA5String                22             16
-    UTCTime                  23             17
-
-     Table 1. Some types and their universal-class tags.
-
-ASN.1 types and values are expressed in a flexible,
-programming-language-like notation, with the following
-special rules:
-
-     o    Layout is not significant; multiple spaces and
-          line breaks can be considered as a single space.
-
-     o    Comments are delimited by pairs of hyphens (--),
-          or a pair of hyphens and a line break.
-
-     o    Identifiers (names of values and fields) and type
-          references (names of types) consist of upper- and
-          lower-case letters, digits, hyphens, and spaces;
-          identifiers begin with lower-case letters; type
-          references begin with upper-case letters.
-
-The following four subsections give an overview of simple
-types, structured types, implicitly and explicitly tagged
-types, and other types. Section 5 describes specific types
-in more detail.
-
-
-2.1 Simple types
-
-Simple types are those not consisting of components; they
-are the "atomic" types. ASN.1 defines several; the types
-that are relevant to the PKCS standards are the following:
-
-     BIT STRING, an arbitrary string of bits (ones and
-          zeroes).
-
-     IA5String, an arbitrary string of IA5 (ASCII)
-          characters.
-
-     INTEGER, an arbitrary integer.
-
-     NULL, a null value.
-
-     OBJECT IDENTIFIER, an object identifier, which is a
-          sequence of integer components that identify an
-          object such as an algorithm or attribute type.
-
-     OCTET STRING, an arbitrary string of octets (eight-bit
-          values).
-
-     PrintableString, an arbitrary string of printable
-          characters.
-
-     T61String, an arbitrary string of T.61 (eight-bit)
-          characters.
-
-     UTCTime, a "coordinated universal time" or Greenwich
-          Mean Time (GMT) value.
-
-Simple types fall into two categories: string types and non-
-string types. BIT STRING, IA5String, OCTET STRING,
-PrintableString, T61String, and UTCTime are string types.
-
-String types can be viewed, for the purposes of encoding, as
-consisting of components, where the components are
-substrings. This view allows one to encode a value whose
-length is not known in advance (e.g., an octet string value
-input from a file stream) with a constructed, indefinite-
-length encoding (see Section 3).
-
-The string types can be given size constraints limiting the
-length of values.
-
-
-2.2 Structured types
-
-Structured types are those consisting of components. ASN.1
-defines four, all of which are relevant to the PKCS
-standards:
-
-     SEQUENCE, an ordered collection of one or more types.
-
-     SEQUENCE OF, an ordered collection of zero or more
-          occurrences of a given type.
-
-     SET, an unordered collection of one or more types.
-
-     SET OF, an unordered collection of zero or more
-          occurrences of a given type.
-
-The structured types can have optional components, possibly
-with default values.
-
-
-2.3 Implicitly and explicitly tagged types
-
-Tagging is useful to distinguish types within an
-application; it is also commonly used to distinguish
-component types within a structured type. For instance,
-optional components of a SET or SEQUENCE type are typically
-given distinct context-specific tags to avoid ambiguity.
-
-There are two ways to tag a type: implicitly and explicitly.
-
-Implicitly tagged types are derived from other types by
-changing the tag of the underlying type. Implicit tagging is
-denoted by the ASN.1 keywords [class number] IMPLICIT (see
-Section 5.1).
-
-Explicitly tagged types are derived from other types by
-adding an outer tag to the underlying type. In effect,
-explicitly tagged types are structured types consisting of
-one component, the underlying type. Explicit tagging is
-denoted by the ASN.1 keywords [class number] EXPLICIT (see
-Section 5.2).
-
-The keyword [class number] alone is the same as explicit
-tagging, except when the "module" in which the ASN.1 type is
-defined has implicit tagging by default. ("Modules" are
-among the advanced features not described in this note.)
-
-For purposes of encoding, an implicitly tagged type is
-considered the same as the underlying type, except that the
-tag is different. An explicitly tagged type is considered
-like a structured type with one component, the underlying
-type. Implicit tags result in shorter encodings, but
-explicit tags may be necessary to avoid ambiguity if the tag
-of the underlying type is indeterminate (e.g., the
-underlying type is CHOICE or ANY).
-
-
-2.4 Other types
-
-Other types in ASN.1 include the CHOICE and ANY types. The
-CHOICE type denotes a union of one or more alternatives; the
-ANY type denotes an arbitrary value of an arbitrary type,
-where the arbitrary type is possibly defined in the
-registration of an object identifier or integer value.
-
-
-3. Basic Encoding Rules
-
-The Basic Encoding Rules for ASN.1, abbreviated BER, give
-one or more ways to represent any ASN.1 value as an octet
-string. (There are certainly other ways to represent ASN.1
-values, but BER is the standard for interchanging such
-values in OSI.)
-
-There are three methods to encode an ASN.1 value under BER,
-the choice of which depends on the type of value and whether
-the length of the value is known. The three methods are
-primitive, definite-length encoding; constructed, definite-
-length encoding; and constructed, indefinite-length
-encoding. Simple non-string types employ the primitive,
-definite-length method; structured types employ either of
-the constructed methods; and simple string types employ any
-of the methods, depending on whether the length of the value
-is known. Types derived by implicit tagging employ the
-method of the underlying type and types derived by explicit
-tagging employ the constructed methods.
-
-In each method, the BER encoding has three or four parts:
-
-     Identifier octets. These identify the class and tag
-          number of the ASN.1 value, and indicate whether
-          the method is primitive or constructed.
-
-     Length octets. For the definite-length methods, these
-          give the number of contents octets. For the
-          constructed, indefinite-length method, these
-          indicate that the length is indefinite.
-
-     Contents octets. For the primitive, definite-length
-          method, these give a concrete representation of
-          the  value. For the constructed methods, these
-          give the concatenation of the BER encodings of the
-          components of the value.
-
-     End-of-contents octets. For the constructed, indefinite-
-          length method, these denote the end of the
-          contents. For the other methods, these are absent.
-
-The three methods of encoding are described in the following
-sections.
-
-
-3.1 Primitive, definite-length method
-
-This method applies to simple types and types derived from
-simple types by implicit tagging. It requires that the
-length of the value be known in advance. The parts of the
-BER encoding are as follows:
-
-Identifier octets. There are two forms: low tag number (for
-tag numbers between 0 and 30) and high tag number (for tag
-numbers 31 and greater).
-
-     Low-tag-number form. One octet. Bits 8 and 7 specify
-          the class (see Table 2), bit 6 has value "0,"
-          indicating that the encoding is primitive, and
-          bits 5-1 give the tag number.
-
-                  Class            Bit  Bit
-                                   8    7
-                  universal        0    0
-                  application      0    1
-                  context-specific 1    0
-                  private          1    1
-
-        Table 2. Class encoding in identifier octets.
-
-     High-tag-number form. Two or more octets. First octet
-          is as in low-tag-number form, except that bits 5-1
-          all have value "1." Second and following octets
-          give the tag number, base 128, most significant
-          digit first, with as few digits as possible, and
-          with the bit 8 of each octet except the last set
-          to "1."
-
-Length octets. There are two forms: short (for lengths
-between 0 and 127), and long definite (for lengths between 0
-and 21008-1).
-
-     Short form. One octet. Bit 8 has value "0" and bits 7-1
-          give the length.
-
-     Long form. Two to 127 octets. Bit 8 of first octet has
-          value "1" and bits 7-1 give the number of
-          additional length octets. Second and following
-          octets give the length, base 256, most significant
-          digit first.
-
-Contents octets. These give a concrete representation of the
-value (or the value of the underlying type, if the type is
-derived by implicit tagging). Details for particular types
-are given in Section 5.
-
-
-3.2 Constructed, definite-length method
-
-This method applies to simple string types, structured
-types, types derived simple string types and structured
-types by implicit tagging, and types derived from anything
-by explicit tagging. It requires that the length of the
-value be known in advance. The parts of the BER encoding are
-as follows:
-
-Identifier octets. As described in Section 3.1, except that
-bit 6 has value "1," indicating that the encoding is
-constructed.
-
-Length octets. As described in Section 3.1.
-
-Contents octets. The concatenation of the BER encodings of
-the components of the value:
-
-     o    For simple string types and types derived from
-          them by implicit tagging, the concatenation of the
-          BER encodings of consecutive substrings of the
-          value (underlying value for implicit tagging).
-
-     o    For structured types and types derived from them
-          by implicit tagging, the concatenation of the BER
-          encodings of components of the value (underlying
-          value for implicit tagging).
-
-     o    For types derived from anything by explicit
-          tagging, the BER encoding of the underlying value.
-
-Details for particular types are given in Section 5.
-
-
-3.3 Constructed, indefinite-length method
-
-This method applies to simple string types, structured
-types, types derived simple string types and structured
-types by implicit tagging, and types derived from anything
-by explicit tagging. It does not require that the length of
-the value be known in advance. The parts of the BER encoding
-are as follows:
-
-Identifier octets. As described in Section 3.2.
-
-Length octets. One octet, 80.
-
-Contents octets. As described in Section 3.2.
-
-End-of-contents octets. Two octets, 00 00.
-
-Since the end-of-contents octets appear where an ordinary
-BER encoding might be expected (e.g., in the contents octets
-of a sequence value), the 00 and 00 appear as identifier and
-length octets, respectively. Thus the end-of-contents octets
-is really the primitive, definite-length encoding of a value
-with universal class, tag number 0, and length 0.
-
-
-4. Distinguished Encoding Rules
-
-The Distinguished Encoding Rules for ASN.1, abbreviated DER,
-are a subset of BER, and give exactly one way to represent
-any ASN.1 value as an octet string. DER is intended for
-applications in which a unique octet string encoding is
-needed, as is the case when a digital signature is computed
-on an ASN.1 value. DER is defined in Section 8.7 of X.509.
-
-DER adds the following restrictions to the rules given in
-Section 3:
-
-     1.   When the length is between 0 and 127, the short
-          form of length must be used
-
-     2.   When the length is 128 or greater, the long form
-          of length must be used, and the length must be
-          encoded in the minimum number of octets.
-
-     3.   For simple string types and implicitly tagged
-          types derived from simple string types, the
-          primitive, definite-length method must be
-          employed.
-
-     4.   For structured types, implicitly tagged types
-          derived from structured types, and explicitly
-          tagged types derived from anything, the
-          constructed, definite-length method must be
-          employed.
-
-Other restrictions are defined for particular types (such as
-BIT STRING, SEQUENCE, SET, and SET OF), and can be found in
-Section 5.
-
-
-5. Notation and encodings for some types
-
-This section gives the notation for some ASN.1 types and
-describes how to encode values of those types under both BER
-and DER.
-
-The types described are those presented in Section 2. They
-are listed alphabetically here.
-
-Each description includes ASN.1 notation, BER encoding, and
-DER encoding. The focus of the encodings is primarily on the
-contents octets; the tag and length octets follow Sections 3
-and 4. The descriptions also explain where each type is used
-in PKCS and related standards. ASN.1 notation is generally
-only for types, although for the type OBJECT IDENTIFIER,
-value notation is given as well.
-
-
-5.1 Implicitly tagged types
-
-An implicitly tagged type is a type derived from another
-type by changing the tag of the underlying type.
-
-Implicit tagging is used for optional SEQUENCE components
-with underlying type other than ANY throughout PKCS, and for
-the extendedCertificate alternative of PKCS #7's
-ExtendedCertificateOrCertificate type.
-
-ASN.1 notation:
-
-[[class] number] IMPLICIT Type
-
-class = UNIVERSAL  |  APPLICATION  |  PRIVATE
-
-where Type is a type, class is an optional class name, and
-number is the tag number within the class, a nonnegative
-integer.
-
-In ASN.1 "modules" whose default tagging method is implicit
-tagging, the notation [[class] number] Type is also
-acceptable, and the keyword IMPLICIT is implied. (See
-Section 2.3.) For definitions stated outside a module, the
-explicit inclusion of the keyword IMPLICIT is preferable to
-prevent ambiguity.
-
-If the class name is absent, then the tag is context-
-specific. Context-specific tags can only appear in a
-component of a structured or CHOICE type.
-
-Example: PKCS #8's PrivateKeyInfo type has an optional
-attributes component with an implicit, context-specific tag:
-
-PrivateKeyInfo ::= SEQUENCE {
-  version Version,
-  privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
-  privateKey PrivateKey,
-  attributes [0] IMPLICIT Attributes OPTIONAL }
-
-Here the underlying type is Attributes, the class is absent
-(i.e., context-specific), and the tag number within the
-class is 0.
-
-BER encoding. Primitive or constructed, depending on the
-underlying type. Contents octets are as for the BER encoding
-of the underlying value.
-
-Example: The BER encoding of the attributes component of a
-PrivateKeyInfo value is as follows:
-
-     o    the identifier octets are 80 if the underlying
-          Attributes value has a primitive BER encoding and
-          a0 if the underlying Attributes value has a
-          constructed BER encoding
-
-     o    the length and contents octets are the same as the
-          length and contents octets of the BER encoding of
-          the underlying Attributes value
-
-DER encoding. Primitive or constructed, depending on the
-underlying type. Contents octets are as for the DER encoding
-of the underlying value.
-
-
-5.2 Explicitly tagged types
-
-Explicit tagging denotes a type derived from another type by
-adding an outer tag to the underlying type.
-
-Explicit tagging is used for optional SEQUENCE components
-with underlying type ANY throughout PKCS, and for the
-version component of X.509's Certificate type.
-
-ASN.1 notation:
-
-[[class] number] EXPLICIT Type
-
-class = UNIVERSAL  |  APPLICATION  |  PRIVATE
-
-where Type is a type, class is an optional class name, and
-number is the tag number within the class, a nonnegative
-integer.
-
-If the class name is absent, then the tag is context-
-specific. Context-specific tags can only appear in a
-component of a SEQUENCE, SET or CHOICE type.
-
-In ASN.1 "modules" whose default tagging method is explicit
-tagging, the notation [[class] number] Type is also
-acceptable, and the keyword EXPLICIT is implied. (See
-Section 2.3.) For definitions stated outside a module, the
-explicit inclusion of the keyword EXPLICIT is preferable to
-prevent ambiguity.
-
-Example 1: PKCS #7's ContentInfo type has an optional
-content component with an explicit, context-specific tag:
-
-ContentInfo ::= SEQUENCE {
-  contentType ContentType,
-  content
-    [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
-Here the underlying type is ANY DEFINED BY contentType, the
-class is absent (i.e., context-specific), and the tag number
-within the class is 0.
-
-Example 2: X.509's Certificate type has a version component
-with an explicit, context-specific tag, where the EXPLICIT
-keyword is omitted:
-
-Certificate ::= ...
-  version [0] Version DEFAULT v1988,
-...
-
-The tag is explicit because the default tagging method for
-the ASN.1 "module" in X.509 that defines the Certificate
-type is explicit tagging.
-
-BER encoding. Constructed. Contents octets are the BER
-encoding of the underlying value.
-
-Example: the BER encoding of the content component of a
-ContentInfo value is as follows:
-
-     o    identifier octets are a0
-
-     o    length octets represent the length of the BER
-          encoding of the underlying ANY DEFINED BY
-          contentType value
-
-     o    contents octets are the BER encoding of the
-          underlying ANY DEFINED BY contentType value
-
-DER encoding. Constructed. Contents octets are the DER
-encoding of the underlying value.
-
-
-5.3 ANY
-
-The ANY type denotes an arbitrary value of an arbitrary
-type, where the arbitrary type is possibly defined in the
-registration of an object identifier or associated with an
-integer index.
-
-The ANY type is used for content of a particular content
-type in PKCS #7's ContentInfo type, for parameters of a
-particular algorithm in X.509's AlgorithmIdentifier type,
-and for attribute values in X.501's Attribute and
-AttributeValueAssertion types. The Attribute type is used by
-PKCS #6, #7, #8, #9 and #10, and the AttributeValueAssertion
-type is used in X.501 distinguished names.
-
-ASN.1 notation:
-
-ANY [DEFINED BY identifier]
-
-where identifier is an optional identifier.
-
-In the ANY form, the actual type is indeterminate.
-
-The ANY DEFINED BY identifier form can only appear in a
-component of a SEQUENCE or SET type for which identifier
-identifies some other component, and that other component
-has type INTEGER or OBJECT IDENTIFIER (or a type derived
-from either of those by tagging). In that form, the actual
-type is determined by the value of the other component,
-either in the registration of the object identifier value,
-or in a table of integer values.
-
-Example: X.509's AlgorithmIdentifier type has a component of
-type ANY:
-
-AlgorithmIdentifier ::= SEQUENCE {
-  algorithm OBJECT IDENTIFIER,
-  parameters ANY DEFINED BY algorithm OPTIONAL }
-
-Here the actual type of the parameter component depends on
-the value of the algorithm component. The actual type would
-be defined in the registration of object identifier values
-for the algorithm component.
-
-BER encoding. Same as the BER encoding of the actual value.
-
-Example: The BER encoding of the value of the parameter
-component is the BER encoding of the value of the actual
-type as defined in the registration of object identifier
-values for the algorithm component.
-
-DER encoding. Same as the DER encoding of the actual value.
-
-
-5.4 BIT STRING
-
-The BIT STRING type denotes an arbitrary string of bits
-(ones and zeroes). A BIT STRING value can have any length,
-including zero. This type is a string type.
-
-The BIT STRING type is used for digital signatures on
-extended certificates in PKCS #6's ExtendedCertificate type,
-for digital signatures on certificates in X.509's
-Certificate type, and for public keys in certificates in
-X.509's SubjectPublicKeyInfo type.
-
-ASN.1 notation:
-
-BIT STRING
-
-Example: X.509's SubjectPublicKeyInfo type has a component
-of type BIT STRING:
-
-SubjectPublicKeyInfo ::= SEQUENCE {
-  algorithm AlgorithmIdentifier,
-  publicKey BIT STRING }
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the first contents octet gives the number of bits
-by which the length of the bit string is less than the next
-multiple of eight (this is called the "number of unused
-bits"). The second and following contents octets give the
-value of the bit string, converted to an octet string. The
-conversion process is as follows:
-
-     1.   The bit string is padded after the last bit with
-          zero to seven bits of any value to make the length
-          of the bit string a multiple of eight. If the
-          length of the bit string is a multiple of eight
-          already, no padding is done.
-
-     2.   The padded bit string is divided into octets. The
-          first eight bits of the padded bit string become
-          the first octet, bit 8 to bit 1, and so on through
-          the last eight bits of the padded bit string.
-
-In a constructed encoding, the contents octets give the
-concatenation of the BER encodings of consecutive substrings
-of the bit string, where each substring except the last has
-a length that is a multiple of eight bits.
-
-Example: The BER encoding of the BIT STRING value
-"011011100101110111" can be any of the following, among
-others, depending on the choice of padding bits, the form of
-length octets, and whether the encoding is primitive or
-constructed:
-
-03 04 06 6e 5d c0                               DER encoding
-
-03 04 06 6e 5d e0                       padded with "100000"
-
-03 81 04 06 6e 5d c0              long form of length octets
-
-23 09        constructed encoding: "0110111001011101" + "11"
-   03 03 00 6e 5d
-   03 02 06 c0
-
-DER encoding. Primitive. The contents octects are as for a
-primitive BER encoding, except that the bit string is padded
-with zero-valued bits.
-
-Example: The DER encoding of the BIT STRING value
-"011011100101110111" is
-
-03 04 06 6e 5d c0
-
-
-5.5 CHOICE
-
-The CHOICE type denotes a union of one or more alternatives.
-
-The CHOICE type is used to represent the union of an
-extended certificate and an X.509 certificate in PKCS #7's
-ExtendedCertificateOrCertificate type.
-
-ASN.1 notation:
-
-CHOICE {
-  [identifier1] Type1,
-  ...,
-  [identifiern] Typen }
-
-where identifier1 , ..., identifiern are optional, distinct
-identifiers for the alternatives, and Type1, ..., Typen are
-the types of the alternatives. The identifiers are primarily
-for documentation; they do not affect values of the type or
-their encodings in any way.
-
-The types must have distinct tags. This requirement is
-typically satisfied with explicit or implicit tagging on
-some of the alternatives.
-
-Example: PKCS #7's ExtendedCertificateOrCertificate type is
-a CHOICE type:
-
-ExtendedCertificateOrCertificate ::= CHOICE {
-  certificate Certificate, -- X.509
-  extendedCertificate [0] IMPLICIT ExtendedCertificate
-}
-
-Here the identifiers for the alternatives are certificate
-and extendedCertificate, and the types of the alternatives
-are Certificate and [0] IMPLICIT ExtendedCertificate.
-
-BER encoding. Same as the BER encoding of the chosen
-alternative. The fact that the alternatives have distinct
-tags makes it possible to distinguish between their BER
-encodings.
-
-Example: The identifier octets for the BER encoding are 30
-if the chosen alternative is certificate, and a0 if the
-chosen alternative is extendedCertificate.
-
-DER encoding. Same as the DER encoding of the chosen
-alternative.
-
-
-5.6 IA5String
-
-The IA5String type denotes an arbtrary string of IA5
-characters. IA5 stands for International Alphabet 5, which
-is the same as ASCII. The character set includes non-
-printing control characters. An IA5String value can have any
-length, including zero. This type is a string type.
-
-The IA5String type is used in PKCS #9's electronic-mail
-address, unstructured-name, and unstructured-address
-attributes.
-
-ASN.1 notation:
-
-IA5String
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the IA5
-string, encoded in ASCII. In a constructed encoding, the
-contents octets give the concatenation of the BER encodings
-of consecutive substrings of the IA5 string.
-
-Example: The BER encoding of the IA5String value
-"test1@rsa.com" can be any of the following, among others,
-depending on the form of length octets and whether the
-encoding is primitive or constructed:
-
-16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d DER encoding
-
-16 81 0d                       long form of length octets
-   74 65 73 74 31 40 72 73 61 2e 63 6f 6d
-
-36 13     constructed encoding: "test1" + "@" + "rsa.com"
-   16 05 74 65 73 74 31
-   16 01 40
-   16 07 72 73 61 2e 63 6f 6d
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The DER encoding of the IA5String value
-"test1@rsa.com" is
-
-16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d
-
-
-5.7 INTEGER
-
-The INTEGER type denotes an arbitrary integer. INTEGER
-values can be positive, negative, or zero, and can have any
-magnitude.
-
-The INTEGER type is used for version numbers throughout
-PKCS, cryptographic values such as modulus, exponent, and
-primes in PKCS #1's RSAPublicKey and RSAPrivateKey types and
-PKCS #3's DHParameter type, a message-digest iteration count
-in PKCS #5's PBEParameter type, and version numbers and
-serial numbers in X.509's Certificate type.
-
-ASN.1 notation:
-
-INTEGER [{ identifier1(value1) ... identifiern(valuen) }]
-
-where identifier1, ..., identifiern are optional distinct
-identifiers and value1, ..., valuen are optional integer
-values. The identifiers, when present, are associated with
-values of the type.
-
-Example: X.509's Version type is an INTEGER type with
-identified values:
-
-Version ::= INTEGER { v1988(0) }
-
-The identifier v1988 is associated with the value 0. X.509's
-Certificate type uses the identifier v1988 to give a default
-value of 0 for the version component:
-
-Certificate ::= ...
-  version Version DEFAULT v1988,
-...
-
-BER encoding. Primitive. Contents octets give the value of
-the integer, base 256, in two's complement form, most
-significant digit first, with the minimum number of octets.
-The value 0 is encoded as a single 00 octet.
-
-Some example BER encodings (which also happen to be DER
-encodings) are given in Table 3.
-
-                    Integer   BER encoding
-                    value
-                    0         02 01 00
-                    127       02 01 7F
-                    128       02 02 00 80
-                    256       02 02 01 00
-                    -128      02 01 80
-                    -129      02 02 FF 7F
-
-      Table 3. Example BER encodings of INTEGER values.
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-
-5.8 NULL
-
-The NULL type denotes a null value.
-
-The NULL type is used for algorithm parameters in several
-places in PKCS.
-
-ASN.1 notation:
-
-NULL
-
-BER encoding. Primitive. Contents octets are empty.
-
-Example: The BER encoding of a NULL value can be either of
-the following, as well as others, depending on the form of
-the length octets:
-
-05 00
-
-05 81 00
-
-DER encoding. Primitive. Contents octets are empty; the DER
-encoding of a NULL value is always 05 00.
-
-
-5.9 OBJECT IDENTIFIER
-
-The OBJECT IDENTIFIER type denotes an object identifier, a
-sequence of integer components that identifies an object
-such as an algorithm, an attribute type, or perhaps a
-registration authority that defines other object
-identifiers. An OBJECT IDENTIFIER value can have any number
-of components, and components can generally have any
-nonnegative value. This type is a non-string type.
-
-OBJECT IDENTIFIER values are given meanings by registration
-authorities. Each registration authority is responsible for
-all sequences of components beginning with a given sequence.
-A registration authority typically delegates responsibility
-for subsets of the sequences in its domain to other
-registration authorities, or for particular types of object.
-There are always at least two components.
-
-The OBJECT IDENTIFIER type is used to identify content in
-PKCS #7's ContentInfo type, to identify algorithms in
-X.509's AlgorithmIdentifier type, and to identify attributes
-in X.501's Attribute and AttributeValueAssertion types. The
-Attribute type is used by PKCS #6, #7, #8, #9, and #10, and
-the AttributeValueAssertion type is used in X.501
-distinguished names. OBJECT IDENTIFIER values are defined
-throughout PKCS.
-
-ASN.1 notation:
-
-OBJECT IDENTIFIER
-
-The ASN.1 notation for values of the OBJECT IDENTIFIER type
-is
-
-{ [identifier] component1 ... componentn }
-
-componenti = identifieri | identifieri (valuei) | valuei
-
-where identifier, identifier1, ..., identifiern are
-identifiers, and value1, ..., valuen are optional integer
-values.
-
-The form without identifier is the "complete" value with all
-its components; the form with identifier abbreviates the
-beginning components with another object identifier value.
-The identifiers identifier1, ..., identifiern are intended
-primarily for documentation, but they must correspond to the
-integer value when both are present. These identifiers can
-appear without integer values only if they are among a small
-set of identifiers defined in X.208.
-
-Example: The following values both refer to the object
-identifier assigned to RSA Data Security, Inc.:
-
-{ iso(1) member-body(2) 840 113549 }
-{ 1 2 840 113549 }
-
-(In this example, which gives ASN.1 value notation, the
-object identifier values are decimal, not hexadecimal.)
-Table 4 gives some other object identifier values and their
-meanings.
-
- Object identifier value       Meaning
- { 1 2 }                       ISO member bodies
- { 1 2 840 }                   US (ANSI)
- { 1 2 840 113549 }            RSA Data Security, Inc.
- { 1 2 840 113549 1 }          RSA Data Security, Inc. PKCS
- { 2 5 }                       directory services (X.500)
- { 2 5 8 }                     directory services-algorithms
-
- Table 4. Some object identifier values and their meanings.
-
-BER encoding. Primitive. Contents octets are as follows,
-where value1, ..., valuen denote the integer values of the
-components in the complete object identifier:
-
-     1.   The first octet has value 40 * value1 + value2.
-          (This is unambiguous, since value1 is limited to
-          values 0, 1, and 2; value2 is limited to the range
-          0 to 39 when value1 is 0 or 1; and, according to
-          X.208, n is always at least 2.)
-
-     2.   The following octets, if any, encode value3, ...,
-          valuen. Each value is encoded base 128, most
-          significant digit first, with as few digits as
-          possible, and the most significant bit of each
-          octet except the last in the value's encoding set
-          to "1."
-
-Example: The first octet of the BER encoding of RSA Data
-Security, Inc.'s object identifier is 40 * 1 + 2 = 42 =
-2a16. The encoding of 840 = 6 * 128 + 4816 is 86 48 and the
-encoding of 113549 = 6 * 1282 + 7716 * 128 + d16 is 86 f7
-0d. This leads to the following BER encoding:
-
-06 06 2a 86 48 86 f7 0d
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-
-5.10 OCTET STRING
-
-The OCTET STRING type denotes an arbitrary string of octets
-(eight-bit values). An OCTET STRING value can have any
-length, including zero. This type is a string type.
-
-The OCTET STRING type is used for salt values in PKCS #5's
-PBEParameter type, for message digests, encrypted message
-digests, and encrypted content in PKCS #7, and for private
-keys and encrypted private keys in PKCS #8.
-
-ASN.1 notation:
-
-OCTET STRING [SIZE ({size | size1..size2})]
-
-where size, size1, and size2 are optional size constraints.
-In the OCTET STRING SIZE (size) form, the octet string must
-have size octets. In the OCTET STRING SIZE (size1..size2)
-form, the octet string must have between size1 and size2
-octets. In the OCTET STRING form, the octet string can have
-any size.
-
-Example: PKCS #5's PBEParameter type has a component of type
-OCTET STRING:
-
-PBEParameter ::= SEQUENCE {
-  salt OCTET STRING SIZE(8),
-  iterationCount INTEGER }
-
-Here the size of the salt component is always eight octets.
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the value of the octet
-string, first octet to last octet. In a constructed
-encoding, the contents octets give the concatenation of the
-BER encodings of substrings of the OCTET STRING value.
-
-Example: The BER encoding of the OCTET STRING value 01 23 45
-67 89 ab cd ef can be any of the following, among others,
-depending on the form of length octets and whether the
-encoding is primitive or constructed:
-
-04 08 01 23 45 67 89 ab cd ef                   DER encoding
-
-04 81 08 01 23 45 67 89 ab cd ef  long form of length octets
-
-24 0c            constructed encoding: 01 ... 67 + 89 ... ef
-   04 04 01 23 45 67
-   04 04 89 ab cd ef
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The BER encoding of the OCTET STRING value 01 23 45
-67 89 ab cd ef is
-
-04 08 01 23 45 67 89 ab cd ef
-
-
-5.11 PrintableString
-
-The PrintableString type denotes an arbitrary string of
-printable characters from the following character set:
-
-                         A, B, ..., Z
-                         a, b, ..., z
-                         0, 1, ..., 9
-               (space) ' ( ) + , - . / : = ?
-
-This type is a string type.
-
-The PrintableString type is used in PKCS #9's challenge-
-password and unstructuerd-address attributes, and in several
-X.521 distinguished names attributes.
-
-ASN.1 notation:
-
-PrintableString
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the
-printable string, encoded in ASCII. In a constructed
-encoding, the contents octets give the concatenation of the
-BER encodings of consecutive substrings of the string.
-
-Example: The BER encoding of the PrintableString value "Test
-User 1" can be any of the following, among others, depending
-on the form of length octets and whether the encoding is
-primitive or constructed:
-
-13 0b 54 65 73 74 20 55 73 65 72 20 31          DER encoding
-
-13 81 0b                          long form of length octets
-   54 65 73 74 20 55 73 65 72 20 31
-
-33 0f               constructed encoding: "Test " + "User 1"
-   13 05 54 65 73 74 20
-   13 06 55 73 65 72 20 31
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The DER encoding of the PrintableString value "Test
-User 1" is
-
-13 0b 54 65 73 74 20 55 73 65 72 20 31
-
-
-5.12 SEQUENCE
-
-The SEQUENCE type denotes an ordered collection of one or
-more types.
-
-The SEQUENCE type is used throughout PKCS and related
-standards.
-
-ASN.1 notation:
-
-SEQUENCE {
-  [identifier1] Type1 [{OPTIONAL | DEFAULT value1}],
-  ...,
-  [identifiern] Typen [{OPTIONAL | DEFAULT valuen}]}
-
-where identifier1 , ..., identifiern are optional, distinct
-identifiers for the components, Type1, ..., Typen are the
-types of the components, and value1, ..., valuen are optional
-default values for the components. The identifiers are
-primarily for documentation; they do not affect values of
-the type or their encodings in any way.
-
-The OPTIONAL qualifier indicates that the value of a
-component is optional and need not be present in the
-sequence. The DEFAULT qualifier also indicates that the
-value of a component is optional, and assigns a default
-value to the component when the component is absent.
-
-The types of any consecutive series of components with the
-OPTIONAL or DEFAULT qualifier, as well as of any component
-immediately following that series, must have distinct tags.
-This requirement is typically satisfied with explicit or
-implicit tagging on some of the components.
-
-Example: X.509's Validity type is a SEQUENCE type with two
-components:
-
-Validity ::= SEQUENCE {
-  start UTCTime,
-  end UTCTime }
-
-Here the identifiers for the components are start and end,
-and the types of the components are both UTCTime.
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-components of the sequence, in order of definition, with the
-following rules for components with the OPTIONAL and DEFAULT
-qualifiers:
-
-     o    if the value of a component with the OPTIONAL or
-          DEFAULT qualifier is absent from the sequence,
-          then the encoding of that component is not
-          included in the contents octets
-
-     o    if the value of a component with the DEFAULT
-          qualifier is the default value, then the encoding
-          of that component may or may not be included in
-          the contents octets
-
-DER encoding. Constructed. Contents octets are the same as
-the BER encoding, except that if the value of a component
-with the DEFAULT qualifier is the default value, the
-encoding of that component is not included in the contents
-octets.
-
-
-5.13 SEQUENCE OF
-
-The SEQUENCE OF type denotes an ordered collection of zero
-or more occurrences of a given type.
-
-The SEQUENCE OF type is used in X.501 distinguished names.
-
-ASN.1 notation:
-
-SEQUENCE OF Type
-
-where Type is a type.
-
-Example: X.501's RDNSequence type consists of zero or more
-occurences of the RelativeDistinguishedName type, most
-significant occurrence first:
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-occurrences in the collection, in order of occurence.
-
-DER encoding. Constructed. Contents octets are the
-concatenation of the DER encodings of the values of the
-occurrences in the collection, in order of occurence.
-
-
-5.14 SET
-
-The SET type denotes an unordered collection of one or more
-types.
-
-The SET type is not used in PKCS.
-
-ASN.1 notation:
-
-SET {
-  [identifier1] Type1 [{OPTIONAL | DEFAULT value1}],
-  ...,
-  [identifiern] Typen [{OPTIONAL | DEFAULT valuen}]}
-
-where identifier1, ..., identifiern are optional, distinct
-identifiers for the components, Type1, ..., Typen are the
-types of the components, and value1, ..., valuen are
-optional default values for the components. The identifiers
-are primarily for documentation; they do not affect values
-of the type or their encodings in any way.
-
-The OPTIONAL qualifier indicates that the value of a
-component is optional and need not be present in the set.
-The DEFAULT qualifier also indicates that the value of a
-component is optional, and assigns a default value to the
-component when the component is absent.
-
-The types must have distinct tags. This requirement is
-typically satisfied with explicit or implicit tagging on
-some of the components.
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-components of the set, in any order, with the following
-rules for components with the OPTIONAL and DEFAULT
-qualifiers:
-
-     o    if the value of a component with the OPTIONAL or
-          DEFAULT qualifier is absent from the set, then the
-          encoding of that component is not included in the
-          contents octets
-
-     o    if the value of a component with the DEFAULT
-          qualifier is the default value, then the encoding
-          of that component may or may not be included in
-          the contents octets
-
-DER encoding. Constructed. Contents octets are the same as
-for the BER encoding, except that:
-
-     1.   If the value of a component with the DEFAULT
-          qualifier is the default value, the encoding of
-          that component is not included.
-
-     2.   There is an order to the components, namely
-          ascending order by tag.
-
-
-5.15 SET OF
-
-The SET OF type denotes an unordered collection of zero or
-more occurrences of a given type.
-
-The SET OF type is used for sets of attributes in PKCS #6,
-#7, #8, #9 and #10, for sets of message-digest algorithm
-identifiers, signer information, and recipient information
-in PKCS #7, and in X.501 distinguished names.
-
-ASN.1 notation:
-
-SET OF Type
-
-where Type is a type.
-
-Example: X.501's RelativeDistinguishedName type consists of
-zero or more occurrences of the AttributeValueAssertion
-type, where the order is unimportant:
-
-RelativeDistinguishedName ::=
-  SET OF AttributeValueAssertion
-
-BER encoding. Constructed. Contents octets are the
-concatenation of the BER encodings of the values of the
-occurrences in the collection, in any order.
-
-DER encoding. Constructed. Contents octets are the same as
-for the BER encoding, except that there is an order, namely
-ascending lexicographic order of BER encoding. Lexicographic
-comparison of two different BER encodings is done as
-follows: Logically pad the shorter BER encoding after the
-last octet with dummy octets that are smaller in value than
-any normal octet. Scan the BER encodings from left to right
-until a difference is found. The smaller-valued BER encoding
-is the one with the smaller-valued octet at the point of
-difference.
-
-
-5.16 T61String
-
-The T61String type denotes an arbtrary string of T.61
-characters. T.61 is an eight-bit extension to the ASCII
-character set. Special "escape" sequences specify the
-interpretation of subsequent character values as, for
-example, Japanese; the initial interpretation is Latin. The
-character set includes non-printing control characters. The
-T61String type allows only the Latin and Japanese character
-interepretations, and implementors' agreements for directory
-names exclude control characters [NIST92]. A T61String value
-can have any length, including zero. This type is a string
-type.
-
-The T61String type is used in PKCS #9's unstructured-address
-and challenge-password attributes, and in several X.521
-attributes.
-
-ASN.1 notation:
-
-T61String
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the
-T.61 string, encoded in ASCII. In a constructed encoding,
-the contents octets give the concatenation of the BER
-encodings of consecutive substrings of the T.61 string.
-
-Example: The BER encoding of the T61String value "cl'es
-publiques" (French for "public keys") can be any of the
-following, among others, depending on the form of length
-octets and whether the encoding is primitive or constructed:
-
-14 0f                                           DER encoding
-   63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
-
-14 81 0f                          long form of length octets
-   63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
-
-34 15      constructed encoding: "cl'es" + " " + "publiques"
-   14 05 63 6c c2 65 73
-   14 01 20
-   14 09 70 75 62 6c 69 71 75 65 73
-
-The eight-bit character c2 is a T.61 prefix that adds an
-acute accent (') to the next character.
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-Example: The DER encoding of the T61String value "cl'es
-publiques" is
-
-14 0f 63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
-
-
-5.17 UTCTime
-
-The UTCTime type denotes a "coordinated universal time" or
-Greenwich Mean Time (GMT) value. A UTCTime value includes
-the local time precise to either minutes or seconds, and an
-offset from GMT in hours and minutes. It takes any of the
-following forms:
-
-YYMMDDhhmmZ
-YYMMDDhhmm+hh'mm'
-YYMMDDhhmm-hh'mm'
-YYMMDDhhmmssZ
-YYMMDDhhmmss+hh'mm'
-YYMMDDhhmmss-hh'mm'
-
-where:
-
-     YY is the least significant two digits of the year
-
-     MM is the month (01 to 12)
-
-     DD is the day (01 to 31)
-
-     hh is the hour (00 to 23)
-
-     mm are the minutes (00 to 59)
-
-     ss are the seconds (00 to 59)
-
-     Z indicates that local time is GMT, + indicates that
-          local time is later than GMT, and - indicates that
-          local time is earlier than GMT
-
-     hh' is the absolute value of the offset from GMT in
-          hours
-
-     mm' is the absolute value of the offset from GMT in
-          minutes
-
-This type is a string type.
-
-The UTCTime type is used for signing times in PKCS #9's
-signing-time attribute and for certificate validity periods
-in X.509's Validity type.
-
-ASN.1 notation:
-
-UTCTime
-
-BER encoding. Primitive or constructed. In a primitive
-encoding, the contents octets give the characters in the
-string, encoded in ASCII. In a constructed encoding, the
-contents octets give the concatenation of the BER encodings
-of consecutive substrings of the string. (The constructed
-encoding is not particularly interesting, since UTCTime
-values are so short, but the constructed encoding is
-permitted.)
-
-Example: The time this sentence was originally written was
-4:45:40 p.m. Pacific Daylight Time on May 6, 1991, which can
-be represented with either of the following UTCTime values,
-among others:
-
-"910506164540-0700"
-
-"910506234540Z"
-
-These values have the following BER encodings, among others:
-
-17 0d 39 31 30 35 30 36 32 33 34 35 34 30 5a
-
-17 11 39 31 30 35 30 36 31 36 34 35 34 30 2D 30 37 30
-      30
-
-DER encoding. Primitive. Contents octets are as for a
-primitive BER encoding.
-
-
-6. An example
-
-This section gives an example of ASN.1 notation and DER
-encoding: the X.501 type Name.
-
-
-6.1 Abstract notation
-
-This section gives the ASN.1 notation for the X.501 type
-Name.
-
-Name ::= CHOICE {
-  RDNSequence }
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-RelativeDistinguishedName ::=
-  SET OF AttributeValueAssertion
-
-AttributeValueAssertion ::= SEQUENCE {
-   AttributeType,
-   AttributeValue }
-
-AttributeType ::= OBJECT IDENTIFIER
-
-AttributeValue ::= ANY
-
-The Name type identifies an object in an X.500 directory.
-Name is a CHOICE type consisting of one alternative:
-RDNSequence. (Future revisions of X.500 may have other
-alternatives.)
-
-The RDNSequence type gives a path through an X.500 directory
-tree starting at the root. RDNSequence is a SEQUENCE OF type
-consisting of zero or more occurences of
-RelativeDistinguishedName.
-
-The RelativeDistinguishedName type gives a unique name to an
-object relative to the object superior to it in the
-directory tree. RelativeDistinguishedName is a SET OF type
-consisting of zero or more occurrences of
-AttributeValueAssertion.
-
-The AttributeValueAssertion type assigns a value to some
-attribute of a relative distinguished name, such as country
-name or common name. AttributeValueAssertion is a SEQUENCE
-type consisting of two components, an AttributeType type and
-an AttributeValue type.
-
-The AttributeType type identifies an attribute by object
-identifier. The AttributeValue type gives an arbitrary
-attribute value. The actual type of the attribute value is
-determined by the attribute type.
-
-
-6.2 DER encoding
-
-This section gives an example of a DER encoding of a value
-of type Name, working from the bottom up.
-
-The name is that of the Test User 1 from the PKCS examples
-[Kal93]. The name is represented by the following path:
-
-                           (root)
-                              |
-                     countryName = "US"
-                              |
-          organizationName = "Example Organization"
-                              |
-                 commonName = "Test User 1"
-
-Each level corresponds to one RelativeDistinguishedName
-value, each of which happens for this name to consist of one
-AttributeValueAssertion value. The AttributeType value is
-before the equals sign, and the AttributeValue value (a
-printable string for the given attribute types) is after the
-equals sign.
-
-The countryName, organizationName, and commonUnitName are
-attribute types defined in X.520 as:
-
-attributeType OBJECT IDENTIFIER ::=
-  { joint-iso-ccitt(2) ds(5) 4 }
-
-countryName OBJECT IDENTIFIER ::= { attributeType 6 }
-organizationName OBJECT IDENTIFIER ::=
-  { attributeType 10 }
-commonUnitName OBJECT IDENTIFIER ::=
-  { attributeType 3 }
-
-
-6.2.1 AttributeType
-
-The three AttributeType values are OCTET STRING values, so
-their DER encoding follows the primitive, definite-length
-method:
-
-06 03 55 04 06                                   countryName
-
-06 03 55 04 0a                              organizationName
-
-06 03 55 04 03                                    commonName
-
-The identifier octets follow the low-tag form, since the tag
-is 6 for OBJECT IDENTIFIER. Bits 8 and 7 have value "0,"
-indicating universal class, and bit 6 has value "0,"
-indicating that the encoding is primitive. The length octets
-follow the short form. The contents octets are the
-concatenation of three octet strings derived from
-subidentifiers (in decimal): 40 * 2 + 5 = 85 = 5516; 4; and
-6, 10, or 3.
-
-
-6.2.2 AttributeValue
-
-The three AttributeValue values are PrintableString values,
-so their encodings follow the primitive, definite-length
-method:
-
-13 02 55 53                                             "US"
-
-13 14                                 "Example Organization"
-   45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61
-   74 69 6f 6e
-
-13 0b                                          "Test User 1"
-   54 65 73 74 20 55 73 65 72 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for PrintableString, 19 (decimal), is between 0 and
-30. Bits 8 and 7 have value "0" since PrintableString is in
-the universal class. Bit 6 has value "0" since the encoding
-is primitive. The length octets follow the short form, and
-the contents octets are the ASCII representation of the
-attribute value.
-
-
-6.2.3 AttributeValueAssertion
-
-The three AttributeValueAssertion values are SEQUENCE
-values, so their DER encodings follow the constructed,
-definite-length method:
-
-30 09                                     countryName = "US"
-   06 03 55 04 06
-   13 02 55 53
-
-30 1b              organizationName = "Example Organizaiton"
-   06 03 55 04 0a
-   13 14 ... 6f 6e
-
-30 12                             commonName = "Test User 1"
-   06 03 55 04 0b
-   13 0b ... 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for SEQUENCE, 16 (decimal), is between 0 and 30.
-Bits 8 and 7 have value "0" since SEQUENCE is in the
-universal class. Bit 6 has value "1" since the encoding is
-constructed. The length octets follow the short form, and
-the contents octets are the concatenation of the DER
-encodings of the attributeType and attributeValue
-components.
-
-
-6.2.4 RelativeDistinguishedName
-
-The three RelativeDistinguishedName values are SET OF
-values, so their DER encodings follow the constructed,
-definite-length method:
-
-31 0b
-   30 09 ... 55 53
-
-31 1d
-   30 1b ... 6f 6e
-
-31 14
-   30 12 ... 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for SET OF, 17 (decimal), is between 0 and 30. Bits
-8 and 7 have value "0" since SET OF is in the universal
-class Bit 6 has value "1" since the encoding is constructed.
-The lengths octets follow the short form, and the contents
-octets are the DER encodings of the respective
-AttributeValueAssertion values, since there is only one
-value in each set.
-
-
-6.2.5 RDNSequence
-
-The RDNSequence value is a SEQUENCE OF value, so its DER
-encoding follows the constructed, definite-length method:
-
-30 42
-   31 0b ... 55 53
-   31 1d ... 6f 6e
-   31 14 ... 20 31
-
-The identifier octets follow the low-tag-number form, since
-the tag for SEQUENCE OF, 16 (decimal), is between 0 and 30.
-Bits 8 and 7 have value "0" since SEQUENCE OF is in the
-universal class. Bit 6 has value "1" since the encoding is
-constructed. The lengths octets follow the short form, and
-the contents octets are the concatenation of the DER
-encodings of the three RelativeDistinguishedName values, in
-order of occurrence.
-
-
-6.2.6 Name
-
-The Name value is a CHOICE value, so its DER encoding is the
-same as that of the RDNSequence value:
-
-30 42
-   31 0b
-      30 09
-         06 03 55 04 06          attributeType = countryName
-         13 02 55 53                   attributeValue = "US"
-   31 1d
-      30 1b
-         06 03 55 04 0a     attributeType = organizationName
-         13 14       attributeValue = "Example Organization"
-            45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61
-            74 69 6f 6e
-
-   31 14
-      30 12
-         06 03 55 04 03           attributeType = commonName
-         13 0b                attributeValue = "Test User 1"
-            54 65 73 74 20 55 73 65 72 20 31
-
-
-References
-
-PKCS #1   RSA Laboratories. PKCS #1: RSA Encryption
-          Standard. Version 1.5, November 1993.
-
-PKCS #3   RSA Laboratories. PKCS #3: Diffie-Hellman Key-
-          Agreement Standard. Version 1.4, November 1993.
-
-PKCS #5   RSA Laboratories. PKCS #5: Password-Based
-          Encryption Standard. Version 1.5, November 1993.
-
-PKCS #6   RSA Laboratories. PKCS #6: Extended-Certificate
-          Syntax Standard. Version 1.5, November 1993.
-
-PKCS #7   RSA Laboratories. PKCS #7: Cryptographic Message
-          Syntax Standard. Version 1.5, November 1993.
-
-PKCS #8   RSA Laboratories. PKCS #8: Private-Key Information
-          Syntax Standard. Version 1.2, November 1993.
-
-PKCS #9   RSA Laboratories. PKCS #9: Selected Attribute
-          Types. Version 1.1, November 1993.
-
-PKCS #10  RSA Laboratories. PKCS #10: Certification Request
-          Syntax Standard. Version 1.0, November 1993.
-
-X.200     CCITT. Recommendation X.200: Reference Model of
-          Open Systems Interconnection for CCITT
-          Applications. 1984.
-
-X.208     CCITT. Recommendation X.208: Specification of
-          Abstract Syntax Notation One (ASN.1). 1988.
-
-X.209     CCITT. Recommendation X.209: Specification of
-          Basic Encoding Rules for Abstract Syntax Notation
-          One (ASN.1). 1988.
-
-X.500     CCITT. Recommendation X.500: The
-          Directory--Overview of Concepts, Models and
-          Services. 1988.
-
-X.501     CCITT. Recommendation X.501: The Directory--
-          Models. 1988.
-
-X.509     CCITT. Recommendation X.509: The Directory--
-          Authentication Framework. 1988.
-
-X.520     CCITT. Recommendation X.520: The Directory--
-          Selected Attribute Types. 1988.
-
-[Kal93]   Burton S. Kaliski Jr. Some Examples of the PKCS
-          Standards. RSA Laboratories, November 1993.
-
-[NIST92]  NIST. Special Publication 500-202: Stable
-          Implementation Agreements for Open Systems
-          Interconnection Protocols. Part 11 (Directory
-          Services Protocols). December 1992.
-
-
-Revision history
-
-
-June 3, 1991 version
-
-The June 3, 1991 version is part of the initial public
-release of PKCS. It was published as NIST/OSI Implementors'
-Workshop document SEC-SIG-91-17.
-
-
-November 1, 1993 version
-
-The November 1, 1993 version incorporates several editorial
-changes, including the addition of a revision history. It is
-updated to be consistent with the following versions of the
-PKCS documents:
-
-     PKCS #1: RSA Encryption Standard. Version 1.5, November
-          1993.
-
-     PKCS #3: Diffie-Hellman Key-Agreement Standard. Version
-          1.4, November 1993.
-
-     PKCS #5: Password-Based Encryption Standard. Version
-          1.5, November 1993.
-
-     PKCS #6: Extended-Certificate Syntax Standard. Version
-          1.5, November 1993.
-
-     PKCS #7: Cryptographic Message Syntax Standard. Version
-          1.5, November 1993.
-
-     PKCS #8: Private-Key Information Syntax Standard.
-          Version 1.2, November 1993.
-
-     PKCS #9: Selected Attribute Types. Version 1.1,
-          November 1993.
-
-     PKCS #10: Certification Request Syntax Standard.
-          Version 1.0, November 1993.
-
-The following substantive changes were made:
-
-     Section 5: Description of T61String type is added.
-
-     Section 6: Names are changed, consistent with other
-          PKCS examples.
-
-
-Author's address
-
-Burton S. Kaliski Jr., Ph.D.
-Chief Scientist
-RSA Laboratories              (415) 595-7703
-100 Marine Parkway            (415) 595-4126 (fax)
-Redwood City, CA  94065  USA  burt@rsa.com
diff --git a/crypto/heimdal/doc/mdate-sh b/crypto/heimdal/doc/mdate-sh
deleted file mode 100755
index 37171f21fbd9..000000000000
--- a/crypto/heimdal/doc/mdate-sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/sh
-# Get modification time of a file or directory and pretty-print it.
-# Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc.
-# written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, June 1995
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software Foundation,
-# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-# Prevent date giving response in another language.
-LANG=C
-export LANG
-LC_ALL=C
-export LC_ALL
-LC_TIME=C
-export LC_TIME
-
-# Get the extended ls output of the file or directory.
-# On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below.
-if ls -L /dev/null 1>/dev/null 2>&1; then
-  set - x`ls -L -l -d $1`
-else
-  set - x`ls -l -d $1`
-fi
-# The month is at least the fourth argument
-# (3 shifts here, the next inside the loop).
-shift
-shift
-shift
-
-# Find the month.  Next argument is day, followed by the year or time.
-month=
-until test $month
-do
-  shift
-  case $1 in
-    Jan) month=January; nummonth=1;;
-    Feb) month=February; nummonth=2;;
-    Mar) month=March; nummonth=3;;
-    Apr) month=April; nummonth=4;;
-    May) month=May; nummonth=5;;
-    Jun) month=June; nummonth=6;;
-    Jul) month=July; nummonth=7;;
-    Aug) month=August; nummonth=8;;
-    Sep) month=September; nummonth=9;;
-    Oct) month=October; nummonth=10;;
-    Nov) month=November; nummonth=11;;
-    Dec) month=December; nummonth=12;;
-  esac
-done
-
-day=$2
-
-# Here we have to deal with the problem that the ls output gives either
-# the time of day or the year.
-case $3 in
-  *:*) set `date`; eval year=\$$#
-       case $2 in
-	 Jan) nummonthtod=1;;
-	 Feb) nummonthtod=2;;
-	 Mar) nummonthtod=3;;
-	 Apr) nummonthtod=4;;
-	 May) nummonthtod=5;;
-	 Jun) nummonthtod=6;;
-	 Jul) nummonthtod=7;;
-	 Aug) nummonthtod=8;;
-	 Sep) nummonthtod=9;;
-	 Oct) nummonthtod=10;;
-	 Nov) nummonthtod=11;;
-	 Dec) nummonthtod=12;;
-       esac
-       # For the first six month of the year the time notation can also
-       # be used for files modified in the last year.
-       if (expr $nummonth \> $nummonthtod) > /dev/null;
-       then
-	 year=`expr $year - 1`
-       fi;;
-  *) year=$3;;
-esac
-
-# The result.
-echo $day $month $year
diff --git a/crypto/heimdal/doc/migration.texi b/crypto/heimdal/doc/migration.texi
deleted file mode 100644
index 67b843ae75b0..000000000000
--- a/crypto/heimdal/doc/migration.texi
+++ /dev/null
@@ -1,43 +0,0 @@
-@c $Id: migration.texi,v 1.3 2001/02/24 05:09:24 assar Exp $
-
-@node Migration, Acknowledgments, Programming with Kerberos, Top
-@chapter Migration
-
-@section General issues
-
-When migrating from a Kerberos 4 KDC.
-
-@section Order in what to do things:
-
-@itemize @bullet
-
-@item Convert the database, check all principals that hprop complains
-about.
-
-@samp{hprop -n --source=<NNN>| hpropd -n}
-
-Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
-
-@item Run a Kerberos 5 slave for a while.
-
-@c XXX Add you slave first to your kdc list in you kdc.
-
-@item Figure out if it does everything you want it to.
-
-Make sure that all things that you use works for you.
-
-@item Let a small number of controlled users use Kerberos 5 tools.
-
-Find a sample population of your users and check what programs they use,
-you can also check the kdc-log to check what ticket are checked out.
-
-@item Burn the bridge and change the master.
-@item Let all users use the Kerberos 5 tools by default.
-@item Turn off services that do not need Kerberos 4 authentication.
-
-Things that might be hard to get away is old programs with support for
-Kerberos 4. Example applications are old Eudora installations using
-KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
-kdc.
-
-@end itemize
diff --git a/crypto/heimdal/doc/misc.texi b/crypto/heimdal/doc/misc.texi
deleted file mode 100644
index 83c2a4ad8b85..000000000000
--- a/crypto/heimdal/doc/misc.texi
+++ /dev/null
@@ -1,126 +0,0 @@
-@c $Id: misc.texi,v 1.13 2003/03/30 21:30:59 lha Exp $
-
-@node Things in search for a better place, Kerberos 4 issues, Setting up a realm, Top
-@chapter Things in search for a better place
-
-@section Making things work on Ciscos
-
-Modern versions of Cisco IOS has some support for authenticating via
-Kerberos 5. This can be used both by having the router get a ticket when
-you login (boring), and by using Kerberos authenticated telnet to access
-your router (less boring). The following has been tested on IOS
-11.2(12), things might be different with other versions. Old versions
-are known to have bugs.
-
-To make this work, you will first have to configure your router to use
-Kerberos (this is explained in the documentation). A sample
-configuration looks like the following:
-
-@example
-aaa new-model
-aaa authentication login default krb5-telnet krb5 enable
-aaa authorization exec krb5-instance
-kerberos local-realm FOO.SE
-kerberos srvtab entry host/router.foo.se 0 891725446 4 1 8 012345678901234567
-kerberos server FOO.SE 10.0.0.1
-kerberos instance map admin 15
-@end example
-
-This tells you (among other things) that when logging in, the router
-should try to authenticate with kerberised telnet, and if that fails try
-to verify a plain text password via a Kerberos ticket exchange (as
-opposed to a local database, RADIUS or something similar), and if that
-fails try the local enable password. If you're not careful when you
-specify the `login default' authentication mechanism, you might not be
-able to login at all. The `instance map' and `authorization exec' lines
-says that people with `admin' instances should be given `enabled' shells
-when logging in.
-
-The numbers after the principal on the `srvtab' line are principal type,
-time stamp (in seconds since 1970), key version number (4), keytype (1 ==
-des), key length (always 8 with des), and then the key.
-
-To make the Heimdal KDC produce tickets that the Cisco can decode you
-might have to turn on the @samp{encode_as_rep_as_tgs_rep} flag in the
-KDC. You will also have to specify that the router can't handle anything
-but @samp{des-cbc-crc}. This can be done with the @samp{del_enctype}
-command of @samp{kadmin}.
-
-This all fine and so, but unless you have an IOS version with encryption
-(available only in the U.S) it doesn't really solve any problems. Sure
-you don't have to send your password over the wire, but since the telnet
-connection isn't protected it's still possible for someone to steal your
-session. This won't be fixed until someone adds integrity to the telnet
-protocol.
-
-A working solution would be to hook up a machine with a real operating
-system to the console of the Cisco and then use it as a backwards
-terminal server.
-
-@section Making things work on Transarc/OpenAFS AFS
-
-@subsection How to get a KeyFile
-
-@file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM}
-
-or you can extract it with kadmin
-
-@example
-kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@@My.CELL.NAME
-@end example
-
-You have to make sure you have a @code{des-cbc-md5} encryption type since that
-is the key that will be converted.
-
-@subsection How to convert a srvtab to a KeyFile
-
-You need a @file{/usr/vice/etc/ThisCell} containing the cellname of you
-AFS-cell.
-
-@file{ktutil copy krb4:/root/afs-srvtab AFSKEYFILE:/usr/afs/etc/KeyFile}.
-
-If keyfile already exists, this will add the new key in afs-srvtab to
-KeyFile.
-
-@section Using 2b tokens with AFS
-
-@subsection What is 2b ?
-
-2b is the name of the proposal that was implemented to give basic
-Kerberos 5 support to AFS in rxkad. Its not real Kerberos 5 support
-since it still uses fcrypt for data encryption and not Kerberos
-encryption types.
-
-Its only possible (in all cases) to do this for DES encryption types because
-only then the token (the AFS equivalent of a ticket) will be be smaller
-than the maximum size that can fit in the token cache in
-OpenAFS/Transarc client. Its so tight fit that some extra wrapping on the ASN1/DER encoding is removed from the Kerberos ticket.
-
-2b uses a Kerberos 5 EncTicketPart instead of a Kerberos 4 ditto for
-the part of the ticket that is encrypted with the service's key. The
-client doesn't know what's inside the encrypted data so to the client it doesn't matter.
-
-To  differentiate between Kerberos 4 tickets and Kerberos 5 tickets 2b
-uses a special kvno, 213 for 2b tokens and 255 for Kerberos 5 tokens.
-
-Its a requirement that all AFS servers that support 2b also support
-native Kerberos 5 in rxkad.
-
-@subsection Configuring Heimdal to use 2b tokens
-
-Support for 2b tokens are turned on for specific principals by adding
-them to the string list option @code{[kdc]use_2b} in the kdc's
-@file{krb5.conf} file.
-
-@example
-[kdc]
-	use_2b = @{
-		afs@@SU.SE = yes
-		afs/it.su.se@@SU.SE = yes
-	@}
-@end example
-
-@subsection Configuring AFS clients
-
-There is no need to configure AFS clients. The only software that
-needs to be installed/upgrade is a Kerberos 5 enabled @file{afslog}.
diff --git a/crypto/heimdal/doc/programming.texi b/crypto/heimdal/doc/programming.texi
deleted file mode 100644
index 63f07150fd37..000000000000
--- a/crypto/heimdal/doc/programming.texi
+++ /dev/null
@@ -1,287 +0,0 @@
-@c $Id: programming.texi,v 1.2.8.1 2003/04/24 11:55:45 lha Exp $
-
-@node Programming with Kerberos
-@chapter Programming with Kerberos
-
-First you need to know how the Kerberos model works, go read the
-introduction text (@pxref{What is Kerberos?}).
-
-@macro manpage{man, section}
-@cite{\man\(\section\)}
-@end macro
-
-@menu
-* Kerberos 5 API Overview::     
-* Walkthru a sample Kerberos 5 client::  
-* Validating a password in a server application::  
-@end menu
-
-@node Kerberos 5 API Overview, Walkthru a sample Kerberos 5 client, Programming with Kerberos, Programming with Kerberos
-@section Kerberos 5 API Overview
-
-Most functions are documenteded in manual pages.  This overview only
-tries to point to where to look for a specific function.
-
-@subsection Kerberos context
-
-A kerberos context (@code{krb5_context}) holds all per thread state. All global variables that
-are context specific are stored in this struture, including default
-encryption types, credential-cache (ticket file), and default realms.
-
-See the manual pages for @manpage{krb5_context,3} and
-@manpage{krb5_init_context,3}.
-
-@subsection Kerberos authenication context
-
-Kerberos authentication context (@code{krb5_auth_context}) holds all
-context related to an authenticated connection, in a similar way to the
-kerberos context that holds the context for the thread or process.
-
-The @code{krb5_auth_context} is used by various functions that are
-directly related to authentication between the server/client. Example of
-data that this structure contains are various flags, addresses of client
-and server, port numbers, keyblocks (and subkeys), sequence numbers,
-replay cache, and checksum types.
-
-See the manual page for @manpage{krb5_auth_context,3}.
-
-@subsection Keytab management
-
-A keytab is a storage for locally stored keys. Heimdal includes keytab
-support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's,
-and for storing keys in memory.
-
-See also manual page for @manpage{krb5_keytab,3}
-
-@node Walkthru a sample Kerberos 5 client, Validating a password in a server application, Kerberos 5 API Overview, Programming with Kerberos
-@section Walkthru a sample Kerberos 5 client
-
-This example contains parts of a sample TCP Kerberos 5 clients, if you
-want a real working client, please look in @file{appl/test} directory in
-the Heimdal distribution.
-
-All Kerberos error-codes that are returned from kerberos functions in
-this program are passed to @code{krb5_err}, that will print a
-descriptive text of the error code and exit. Graphical programs can
-convert error-code to a humal readable error-string with the
-@manpage{krb5_get_err_text,3} function.
-
-Note that you should not use any Kerberos function before
-@code{krb5_init_context()} have completed successfully. That is the
-reson @code{err()} is used when @code{krb5_init_context()} fails.
-
-First the client needs to call @code{krb5_init_context} to initialize
-the Kerberos 5 library. This is only needed once per thread
-in the program. If the function returns a non-zero value it indicates
-that either the Kerberos implemtation is failing or its disabled on
-this host.
-
-@example
-#include <krb5.h>
-
-int
-main(int argc, char **argv)
-@{
-        krb5_context context;
-
-        if (krb5_context(&context))
-                errx (1, "krb5_context");
-@end example
-
-Now the client wants to connect to the host at the other end. The
-preferred way of doing this is using @manpage{getaddrinfo,3} (for
-operating system that have this function implemented), since getaddrinfo
-is neutral to the address type and can use any protocol that is available.
-
-@example
-        struct addrinfo *ai, *a;
-        struct addrinfo hints;
-        int error;
-
-        memset (&hints, 0, sizeof(hints));
-        hints.ai_socktype = SOCK_STREAM;
-        hints.ai_protocol = IPPROTO_TCP;
-
-        error = getaddrinfo (hostname, "pop3", &hints, &ai);
-        if (error)
-                errx (1, "%s: %s", hostname, gai_strerror(error));
-
-        for (a = ai; a != NULL; a = a->ai_next) @{
-                int s;
-
-                s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-                if (s < 0)
-                        continue;
-                if (connect (s, a->ai_addr, a->ai_addrlen) < 0) @{
-                        warn ("connect(%s)", hostname);
-                            close (s);
-                            continue;
-                @}
-                freeaddrinfo (ai);
-                ai = NULL;
-        @}
-        if (ai) @{
-                    freeaddrinfo (ai);
-                    errx ("failed to contact %s", hostname);
-        @}
-@end example
-
-Before authenticating, an authentication context needs to be
-created. This context keeps all information for one (to be) authenticated
-connection (see @manpage{krb5_auth_context,3}).
-
-@example
-        status = krb5_auth_con_init (context, &auth_context);
-        if (status)
-                krb5_err (context, 1, status, "krb5_auth_con_init");
-@end example
-
-For setting the address in the authentication there is a help function
-@code{krb5_auth_con_setaddrs_from_fd} that does everthing that is needed
-when given a connected file descriptor to the socket.
-
-@example
-        status = krb5_auth_con_setaddrs_from_fd (context,
-                                                 auth_context,
-                                                 &sock);
-        if (status)
-                krb5_err (context, 1, status, 
-                          "krb5_auth_con_setaddrs_from_fd");
-@end example
-
-The next step is to build a server principal for the service we want
-to connect to. (See also @manpage{krb5_sname_to_principal,3}.)
-
-@example
-        status = krb5_sname_to_principal (context,
-                                          hostname,
-                                          service,
-                                          KRB5_NT_SRV_HST,
-                                          &server);
-        if (status)
-                krb5_err (context, 1, status, "krb5_sname_to_principal");
-@end example
-
-The client principal is not passed to @manpage{krb5_sendauth,3}
-function, this causes the @code{krb5_sendauth} function to try to figure it
-out itself.
-
-The server program is using the function @manpage{krb5_recvauth,3} to
-receive the Kerberos 5 authenticator.
-
-In this case, mutual authenication will be tried. That means that the server
-will authenticate to the client. Using mutual authenication
-is good since it enables the user to verify that they are talking to the
-right server (a server that knows the key).
-
-If you are using a non-blocking socket you will need to do all work of
-@code{krb5_sendauth} yourself. Basically you need to send over the
-authenticator from @manpage{krb5_mk_req,3} and, in case of mutual
-authentication, verifying the result from the server with
-@manpage{krb5_rd_rep,3}.
-
-@example
-        status = krb5_sendauth (context,
-                                &auth_context,
-                                &sock,
-                                VERSION,
-                                NULL,
-                                server,
-                                AP_OPTS_MUTUAL_REQUIRED,
-                                NULL,
-                                NULL,
-                                NULL,
-                                NULL,
-                                NULL,
-                                NULL);
-        if (status)
-                krb5_err (context, 1, status, "krb5_sendauth");
-@end example
-
-Once authentication has been performed, it is time to send some
-data. First we create a krb5_data structure, then we sign it with
-@manpage{krb5_mk_safe,3} using the @code{auth_context} that contains the
-session-key that was exchanged in the
-@manpage{krb5_sendauth,3}/@manpage{krb5_recvauth,3} authentication
-sequence.
-
-@example
-        data.data   = "hej";
-        data.length = 3;
-
-        krb5_data_zero (&packet);
-
-        status = krb5_mk_safe (context,
-                               auth_context,
-                               &data,
-                               &packet,
-                               NULL);
-        if (status)
-                krb5_err (context, 1, status, "krb5_mk_safe");
-@end example
-
-And send it over the network.
-
-@example
-        len = packet.length;
-        net_len = htonl(len);
-
-        if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-                err (1, "krb5_net_write");
-        if (krb5_net_write (context, &sock, packet.data, len) != len)
-                err (1, "krb5_net_write");
-@end example
-
-To send encrypted (and signed) data @manpage{krb5_mk_priv,3} should be
-used instead. @manpage{krb5_mk_priv,3} works the same way as
-@manpage{krb5_mk_safe,3}, with the exception that it encrypts the data
-in addition to signing it.
-
-@example
-        data.data   = "hemligt";
-        data.length = 7;
-
-        krb5_data_free (&packet);
-
-        status = krb5_mk_priv (context,
-                               auth_context,
-                               &data,
-                               &packet,
-                               NULL);
-        if (status)
-                krb5_err (context, 1, status, "krb5_mk_priv");
-@end example
-
-And send it over the network.
-
-@example
-        len = packet.length;
-        net_len = htonl(len);
-
-        if (krb5_net_write (context, &sock, &net_len, 4) != 4)
-                err (1, "krb5_net_write");
-        if (krb5_net_write (context, &sock, packet.data, len) != len)
-                err (1, "krb5_net_write");
-
-@end example
-
-The server is using @manpage{krb5_rd_safe,3} and
-@manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet.
-
-@node Validating a password in a server application,  , Walkthru a sample Kerberos 5 client, Programming with Kerberos
-@section Validating a password in an application
-
-See the manual page for @manpage{krb5_verify_user,3}.
-
-@c @node Why you should use GSS-API for new applications, Walkthru a sample GSS-API client, Validating a password in a server application, Programming with Kerberos
-@c @section Why you should use GSS-API for new applications
-@c 
-@c SSPI, bah, bah, microsoft, bah, bah, almost GSS-API.
-@c 
-@c It would also be possible for other mechanisms then Kerberos, but that
-@c doesn't exist any other GSS-API implementations today.
-@c 
-@c @node Walkthru a sample GSS-API client, , Why you should use GSS-API for new applications, Programming with Kerberos
-@c @section Walkthru a sample GSS-API client
-@c 
-@c Write about how gssapi_clent.c works.
diff --git a/crypto/heimdal/doc/setup.texi b/crypto/heimdal/doc/setup.texi
deleted file mode 100644
index c9ed938175ba..000000000000
--- a/crypto/heimdal/doc/setup.texi
+++ /dev/null
@@ -1,500 +0,0 @@
-@c $Id: setup.texi,v 1.27 2003/03/30 21:43:00 lha Exp $
-
-@node Setting up a realm, Things in search for a better place, Building and Installing, Top
-
-@chapter Setting up a realm
-
-@menu
-* Configuration file::          
-* Creating the database::       
-* keytabs::                     
-* Serving Kerberos 4/524/kaserver::
-* Remote administration::       
-* Password changing::           
-* Testing clients and servers::  
-* Slave Servers::               
-* Incremental propagation::     
-* Salting::
-@end menu
-
-A
-@cindex realm
-realm is an administrative domain.  The name of a Kerberos realm is
-usually the Internet domain name in uppercase.  Call your realm the same
-as your Internet domain name if you do not have strong reasons for not
-doing so.  It will make life easier for you and everyone else.
-
-@node  Configuration file, Creating the database, Setting up a realm, Setting up a realm
-@section Configuration file
-
-To setup a realm you will first have to create a configuration file:
-@file{/etc/krb5.conf}. The @file{krb5.conf} file can contain many
-configuration options, some of which are described here.
-
-There is a sample @file{krb5.conf} supplied with the distribution.
-
-The configuration file is a hierarchical structure consisting of
-sections, each containing a list of bindings (either variable
-assignments or subsections). A section starts with
-@samp{[section-name]}.  A binding consists of a left hand side, an equal
-(@samp{=}) and a right hand side (the left hand side tag must be
-separated from the equal with some whitespace.) Subsections has a
-@samp{@{} as the first non-whitespace character after the equal. All
-other bindings are treated as variable assignments. The value of a
-variable extends to the end of the line.
-
-@example
-[section1]
-        a-subsection = @{
-                var = value1
-                other-var = value with @{@}
-                sub-sub-section = @{ 
-                        var = 123
-                @}
-        @}
-        var = some other value
-[section2]
-        var = yet another value
-@end example
-
-In this manual, names of sections and bindings will be given as strings
-separated by slashes (@samp{/}). The @samp{other-var} variable will thus
-be @samp{section1/a-subsection/other-var}.
-
-For in-depth information about the contents of the config file, refer to
-the @file{krb5.conf} manual page. Some of the more important sections
-are briefly described here.
-
-The @samp{libdefaults} section contains a list of library configuration
-parameters, such as the default realm and the timeout for kdc
-responses. The @samp{realms} section contains information about specific
-realms, such as where they hide their KDC. This section serves the same
-purpose as the Kerberos 4 @file{krb.conf} file, but can contain more
-information. Finally the @samp{domain_realm} section contains a list of
-mappings from domains to realms, equivalent to the Kerberos 4
-@file{krb.realms} file.
-
-To continue with the realm setup, you will have to create a config file,
-with contents similar to the following.
-
-@example
-[libdefaults]
-        default_realm = MY.REALM
-[realms]
-        MY.REALM = @{
-                kdc = my.kdc
-        @}
-[domain_realm]
-        .my.domain = MY.REALM
-
-@end example
-
-If you use a realm name equal to your domain name, you can omit the
-@samp{libdefaults}, and @samp{domain_realm}, sections. If you have a
-SRV-record for your realm, or your kerberos server has CNAME called
-@samp{kerberos.my.realm}, you can omit the @samp{realms} section too.
-
-@node Creating the database, keytabs, Configuration file, Setting up a realm
-@section Creating the database
-
-The database library will look for the database in @file{/var/heimdal},
-so you should probably create that directory.
-
-The keys of all the principals are stored in the database.  If you
-choose to, these can be encrypted with a master key.  You do not have to
-remember this key (or password), but just to enter it once and it will
-be stored in a file (@file{/var/heimdal/m-key}).  If you want to have a
-master key, run @samp{kstash} to create this master key:
-
-@example
-# kstash
-Master key: 
-Verifying password - Master key: 
-@end example
-
-To initialise the database use the @code{kadmin} program, with the
-@samp{-l} option (to enable local database mode). First issue a
-@kbd{init MY.REALM} command. This will create the database and insert
-default principals for that realm. You can have more than one realm in
-one database, so @samp{init} does not destroy any old database.
-
-Before creating the database, @samp{init} will ask you some questions
-about max ticket lifetimes.
-
-After creating the database you should probably add yourself to it. You
-do this with the @samp{add} command. It takes as argument the name of a
-principal. The principal should contain a realm, so if you haven't setup
-a default realm, you will need to explicitly include the realm.
-
-@example
-# kadmin -l
-kadmin> init MY.REALM
-Realm max ticket life [unlimited]:
-Realm max renewable ticket life [unlimited]:
-kadmin> add me  
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Attributes []:
-Password: 
-Verifying password - Password: 
-@end example
-
-Now start the KDC and try getting a ticket.
-
-@example
-# kdc &
-# kinit me
-me@@MY.REALMS's Password:
-# klist
-Credentials cache: /tmp/krb5cc_0
-        Principal: me@@MY.REALM
-
-  Issued           Expires          Principal
-Aug 25 07:25:55  Aug 25 17:25:55  krbtgt/MY.REALM@@MY.REALM
-@end example
-
-If you are curious you can use the @samp{dump} command to list all the
-entries in the database.  It should look something similar to the
-following example (note that the entries here are truncated for
-typographical reasons):
-
-@smallexample
-kadmin> dump
-me@@MY.REALM 1:0:1:0b01d3cb7c293b57:-:0:7:8aec316b9d1629e3baf8 ...
-kadmin/admin@@MY.REALM 1:0:1:e5c8a2675b37a443:-:0:7:cb913ebf85 ...
-krbtgt/MY.REALM@@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
-kadmin/changepw@@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
-@end smallexample
-
-@node keytabs, Serving Kerberos 4/524/kaserver, Creating the database, Setting up a realm
-@section keytabs
-
-To extract a service ticket from the database and put it in a keytab you
-need to first create the principal in the database with @samp{ank}
-(using the @kbd{--random-key} flag to get a random key) and then
-extract it with @samp{ext_keytab}.
-
-@example
-kadmin> add --random-key host/my.host.name
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Attributes []:
-kadmin> ext host/my.host.name
-# ktutil list
-Version  Type             Principal
-     1   des-cbc-md5      host/my.host.name@@MY.REALM
-     1   des-cbc-md4      host/my.host.name@@MY.REALM
-     1   des-cbc-crc      host/my.host.name@@MY.REALM
-     1   des3-cbc-sha1    host/my.host.name@@MY.REALM
-@end example
-
-@node Serving Kerberos 4/524/kaserver, Remote administration, keytabs, Setting up a realm
-@section Serving Kerberos 4/524/kaserver
-
-Heimdal can be configured to support 524, Kerberos 4 or kaserver. All
-theses services are default turned off. Kerberos 4 support also
-depends on if Kerberos 4 support is compiled in with heimdal.
-
-@subsection 524
-
-524 is a service that allows the kdc to convert Kerberos 5 tickets to
-Kerberos 4 tickets for backward compatibility. See also Using 2b
-tokens with AFS in @xref{Things in search for a better place}.
-
-524 can be turned on by adding this to the configuration file
-
-@example
-[kdc]
-	enable-524 = yes
-@end example
-
-@subsection Kerberos 4
-
-Kerberos 4 is the predecessor to to Kerberos 5. It only support single
-DES. You should only enable Kerberos 4 support if you have a need for
-for compatibility with an installed base of Kerberos 4 clients/servers.
-
-Kerberos 4 can be turned on by adding this to the configuration file
-
-@example
-[kdc]
-	enable-kerberos4 = yes
-@end example
-
-@subsection kaserver
-
-Kaserver is a Kerberos 4 that is used in AFS, the protocol have some
-features over plain Kerberos 4, but like kerberos 4 only use single
-DES too.
-
-You should only enable Kerberos 4 support if you have a need for for
-compatibility with an installed base of AFS machines.
-
-Kaserver can be turned on by adding this to the configuration file
-
-@example
-[kdc]
-	enable-kaserver = yes
-@end example
-
-@node Remote administration, Password changing, Serving Kerberos 4/524/kaserver, Setting up a realm
-@section Remote administration
-
-The administration server, @samp{kadmind}, can be started by
-@samp{inetd} (which isn't recommended) or run as a normal daemon. If you
-want to start it from @samp{inetd} you should add a line similar to the
-one below to your @file{/etc/inetd.conf}.
-
-@example
-kerberos-adm stream     tcp     nowait  root /usr/heimdal/libexec/kadmind kadmind
-@end example
-
-You might need to add @samp{kerberos-adm} to your @file{/etc/services}
-as 749/tcp.
-
-Access to the admin server is controlled by an acl-file, (default
-@file{/var/heimdal/kadmind.acl}.) The lines in the access file, has the
-following syntax:
-@smallexample
-principal       [priv1,priv2,...]       [glob-pattern]
-@end smallexample
-
-The matching is from top to bottom for matching principal (and if given,
-glob-pattern).  When there is a match, the rights of that lines are
-used.
-
-The privileges you can assign to a principal are: @samp{add},
-@samp{change-password} (or @samp{cpw} for short), @samp{delete},
-@samp{get}, @samp{list}, and @samp{modify}, or the special privilege
-@samp{all}. All of these roughly corresponds to the different commands
-in @samp{kadmin}.
-
-If a @var{glob-pattern} is given on a line, it restricts the right for
-the principal to only apply for the subjects that match the pattern.
-The patters are of the same type as those used in shell globbing, see
-@url{none,,fnmatch(3)}.
-
-In the example below @samp{lha/admin} can change every principal in the
-database. @samp{jimmy/admin} can only modify principals that belong to
-the realm @samp{E.KTH.SE}. @samp{mille/admin} is working at the
-helpdesk, so he should only be able to change the passwords for single
-component principals (ordinary users). He will not be able to change any
-@samp{/admin} principal.
-
-@example
-lha/admin@@E.KTH.SE	all
-jimmy/admin@@E.KTH.SE	all		*@@E.KTH.SE
-jimmy/admin@@E.KTH.SE	all		*/*@@E.KTH.SE
-mille/admin@@E.KTH.SE	change-password	*@@E.KTH.SE
-@end example
-
-@node Password changing, Testing clients and servers, Remote administration, Setting up a realm
-@section Password changing
-
-To allow users to change their passwords, you should run @samp{kpasswdd}.
-It is not run from @samp{inetd}.
-
-You might need to add @samp{kpasswd} to your @file{/etc/services} as
-464/udp.
-
-@subsection Password quality assurance
-
-It is important that users have good passwords, both to make it harder
-to guess them and to avoid off-line attacks (pre-authentication provides
-some defense against off-line attacks).  To ensure that the users choose
-good passwords, you can enable password quality controls in
-@samp{kpasswdd}.  The controls themselves are done in a shared library
-that is used by @samp{kpasswdd}.  To configure in these controls, add
-lines similar to the following to your @file{/etc/krb5.conf}:
-
-@example
-[password_quality]
-        check_library = @var{library}
-        check_function = @var{function}
-@end example
-
-The function @var{function} in the shared library @var{library} will be
-called for proposed new passwords.  The function should be declared as:
-
-@example
-const char *
-function(krb5_context context, krb5_principal principal, krb5_data *pwd);
-@end example
-
-The function should verify that @var{pwd} is a good password for
-@var{principal} and if so return @code{NULL}.  If it is deemed to be of
-low quality, it should return a string explaining why that password
-should not be used.
-
-Code for a password quality checking function that uses the cracklib
-library can be found in @file{lib/kadm5/sample_password_check.c} in the
-source code distribution.  It requires the cracklib library built with
-the patch available at
-@url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
-
-If no password quality checking function is configured, it is only
-verified that it is at least six characters of length.
-
-@node Testing clients and servers, Slave Servers, Password changing, Setting up a realm
-@section Testing clients and servers
-
-Now you should be able to run all the clients and servers.  Refer to the
-appropriate man pages for information on how to use them.
-
-@node Slave Servers, Incremental propagation, Testing clients and servers, Setting up a realm
-@section Slave servers, Incremental propagation, Testing clients and servers, Setting up a realm
-
-It is desirable to have at least one backup (slave) server in case the
-master server fails. It is possible to have any number of such slave
-servers but more than three usually doesn't buy much more redundancy.
-
-All Kerberos servers for a realm shall have the same database so that
-they present the same service to all the users.  The
-@pindex hprop
-@code{hprop} program, running on the master, will propagate the database
-to the slaves, running
-@pindex hpropd
-@code{hpropd} processes.
-
-Every slave needs a keytab with a principal,
-@samp{hprop/@var{hostname}}.  Add that with the
-@pindex ktutil
-@code{ktutil} command and start
-@pindex hpropd
-@code{propd}, as follows:
-
-@example
-slave# ktutil get -p foo/admin hprop/`hostname`
-slave# hpropd
-@end example
-
-The master will use the principal @samp{kadmin/hprop} to authenticate to
-the slaves.  This principal should be added when running @kbd{kadmin -l
-init} but if you do not have it in your database for whatever reason,
-please add it with @kbd{kadmin -l add}.
-
-Then run
-@pindex hprop
-@code{hprop} on the master:
-
-@example
-master# hprop slave
-@end example
-
-This was just an on-hands example to make sure that everything was
-working properly.  Doing it manually is of course the wrong way and to
-automate this you will want to start
-@pindex hpropd
-@code{hpropd} from @code{inetd} on the slave(s) and regularly run
-@pindex hprop
-@code{hprop} on the master to regularly propagate the database.
-Starting the propagation once an hour from @code{cron} is probably a
-good idea.
-
-@node Incremental propagation, Salting , Slave Servers, Setting up a realm
-@section Incremental propagation
-
-There is also a newer and still somewhat experimental mechanism for
-doing incremental propagation in Heimdal.  Instead of sending the whole
-database regularly, it sends the changes as they happen on the master to
-the slaves.  The master keeps track of all the changes by assigned a
-version number to every change to the database.  The slaves know which
-was the latest version they saw and in this way it can be determined if
-they are in sync or not.  A log of all the changes is kept on the master
-and when a slave is at an older versioner than the oldest one in the
-log, the whole database has to be sent.
-
-Protocol-wise, all the slaves connects to the master and as a greeting
-tell it the latest version that they have (@samp{IHAVE} message).  The
-master then responds by sending all the changes between that version and
-the current version at the master (a series of @samp{FORYOU} messages)
-or the whole database in a @samp{TELLYOUEVERYTHING} message.
-
-@subsection Configuring incremental propagation
-
-The program that runs on the master is @code{ipropd-master} and all
-clients run @code{ipropd-slave}.
-
-Create the file @file{/var/heimdal/slaves} on the master containing all
-the slaves that the database should be propagated to.  Each line contains
-the full name of the principal (for example
-@samp{iprop/hemligare.foo.se@@FOO.SE}).
-
-You should already have @samp{iprop/tcp} defined as 2121, in your
-@file{/etc/services}.  Otherwise, or if you need to use a different port
-for some peculiar reason, you can use the @kbd{--port} option.  This is
-useful when you have multiple realms to distribute from one server.
-
-Then you need to create these principals that you added in the
-configuration file.  Create one @samp{iprop/hostname} for the master and
-for every slave.
-
-
-@example
-master# /usr/heimdal/sbin/ktutil get iprop/`hostname`
-@end example
-
-The next step is to start the @code{ipropd-master} process on the master
-server.  The @code{ipropd-master} listens on the UNIX-socket
-@file{/var/heimdal/signal} to know when changes have been made to the
-database so they can be propagated to the slaves.  There is also a
-safety feature of testing the version number regularly (every 30
-seconds) to see if it has been modified by some means that do not raise
-this signal.  Then, start @code{ipropd-slave} on all the slaves:
-
-@example
-master# /usr/heimdal/libexec/ipropd-master &
-slave#  /usr/heimdal/libexec/ipropd-slave master &
-@end example
-
-@node Salting, , Incremental propagation, Setting up a realm
-@section Salting
-@cindex Salting
-
-Salting is used to make it harder to precalculate all possible
-keys. Using a salt increases the search space to make it almost
-impossible to precalculate all keys. Salting is the process of mixing a
-public string (the salt) with the password, then sending it through an
-encryption-type specific string-to-key function that will output the
-fixed size encryption key.
-
-In Kerberos 5 the salt is determined by the encryption-type, except
-in some special cases.
-
-In @code{des} there is the Kerberos 4 salt
-(none at all) or the afs-salt (using the cell (realm in
-afs-lingo)).
-
-In @code{arcfour} (the encryption type that Microsoft Windows 2000 uses)
-there is no salt. This is to be compatible with NTLM keys in Windows
-NT 4.
-
-@code{[kadmin]default_keys} in @file{krb5.conf} controls
-what salting to use,
-
-The syntax of @code{[kadmin]default_keys} is
-@samp{[etype:]salt-type[:salt-string]}. @samp{etype} is the encryption
-type (des, des3, arcfour), @code{salt-type} is the type of salt (pw-salt
-or afs3-salt), and the salt-string is the string that will be used as
-salt (remember that if the salt is appened/prepended, the empty salt ""
-is the same thing as no salt at all).
-
-Common types of salting includes
-
-@itemize @bullet
-@item @code{v4} (or @code{des:pw-salt:})
-
-The Kerberos 4 salting is using no salt att all. Reason there is colon
-that the end or the salt string is that it makes the salt the empty
-string (same as no salt).
-
-@item @code{v5} (or @code{pw-salt})
-
-@code{pw-salt} means all regular encryption-types that is regular 
-
-@item @code{afs3-salt}
-
-@code{afs3-salt} is the salting that is used with Transarc kaserver. Its
-the cell appended to the password.
-
-@end itemize
diff --git a/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-01.txt b/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-01.txt
deleted file mode 100644
index a97ef9d191e0..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-01.txt
+++ /dev/null
@@ -1,412 +0,0 @@
-CAT working group                                              M. Swift 
-Internet Draft                                                J. Brezak 
-Document: draft-brezak-win2k-krb-rc4-hmac-01.txt              Microsoft 
-Category: Informational                                    October 1999 
- 
- 
-           The Windows 2000 RC4-HMAC Kerberos encryption type 
- 
- 
-Status of this Memo 
- 
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are 
-   working documents of the Internet Engineering Task Force (IETF), its 
-   areas, and its working groups. Note that other groups may also 
-   distribute working documents as Internet-Drafts. Internet-Drafts are 
-   draft documents valid for a maximum of six months and may be 
-   updated, replaced, or obsoleted by other documents at any time. It 
-   is inappropriate to use Internet- Drafts as reference material or to 
-   cite them other than as "work in progress." 
-     
-   The list of current Internet-Drafts can be accessed at 
-   http://www.ietf.org/ietf/1id-abstracts.txt  
-
-   The list of Internet-Draft Shadow Directories can be accessed at 
-   http://www.ietf.org/shadow.html. 
-    
-1. Abstract 
-    
-   The Windows 2000 implementation of Kerberos introduces a new 
-   encryption type based on the RC4 encryption algorithm and using an 
-   MD5 HMAC for checksum. This is offered as an alternative to using 
-   the existing DES based encryption types. 
-    
-   The RC4-HMAC encryption types are used to ease upgrade of existing 
-   Windows NT environments, provide strong crypto (128-bit key 
-   lengths), and provide exportable (meet United States government 
-   export restriction requirements) encryption. 
-    
-   The Windows 2000 implementation of Kerberos contains new encryption 
-   and checksum types for two reasons: for export reasons early in the 
-   development process, 56 bit DES encryption could not be exported, 
-   and because upon upgrade from Windows NT 4.0 to Windows 2000, 
-   accounts will not have the appropriate DES keying material to do the 
-   standard DES encryption. Furthermore, 3DES is not available for 
-   export, and there was a desire to use a single flavor of encryption 
-   in the product for both US and international products. 
-    
-   As a result, there are two new encryption types and one new checksum 
-   type introduced in Windows 2000. 
-    
-    
-2. Conventions used in this document 
-    
-
-  
-Swift                  Category - Informational                      1 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-    
-3. Key Generation 
-    
-   On upgrade from existing Windows NT domains, the user accounts would 
-   not have a DES based key available to enable the use of DES base 
-   encryption types specified in RFC 1510. The key used for RC4-HMAC is 
-   the same as the existing Windows NT key (NT Password Hash) for 
-   compatibility reasons. Once the account password is changed, the DES 
-   based keys are created and maintained. Once the DES keys are 
-   available DES based encryption types can be used with Kerberos.  
-    
-   The RC4-HMAC String to key function is defined as follow: 
-    
-   String2Key(password) 
-    
-        K = MD4(UNICODE(password)) 
-         
-   The RC4-HMAC keys are generated by using the Windows UNICODE version 
-   of the password. Each Windows UNICODE character is encoded in 
-   little-endian format of 2 octets each. Then performing an MD4 [6] 
-   hash operation on just the UNICODE characters of the password (not 
-   including the terminating zero octets). 
-    
-4. Basic Operations 
-    
-   The MD5 HMAC function is defined in [3]. It is used in this 
-   encryption type for checksum operations. Refer to [3] for details on 
-   its operation. In this document this function is referred to as 
-   HMAC(Key, Data) returning the checksum using the specified key on 
-   the data. 
-    
-   The basic MD5 hash operation is used in this encryption type and 
-   defined in [7]. In this document this function is referred to as 
-   MD5(Data) returning the checksum of the data. 
-    
-   The basic RC4 encryption operation is used in this encryption type 
-   and defined in [8]. In this document the function is referred to as 
-   RC4(Key, Data) returning the encrypted data using the specified key 
-   on the data. 
-    
-   These encryption types use key derivation as defined in [9] (RFC-
-   1510BIS) in Section titled "Key Derivation". With each message, the 
-   message type (T) is used as a component of the keying material. 
-    
-   All strings in this document are ASCII unless otherwise specified. 
-   The lengths of ASCII encoded character strings include the trailing 
-   terminator character (0). 
-    
-   The concat(a,b,c,...) function will return the logical concatenation 
-   (left to right) of the values of the arguments. 
-  
-Swift                  Category - Informational                      2 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-    
-   The nonce(n) function returns a pseudo-random number of "n" octets. 
-    
-5. Checksum Types 
-    
-   There is one checksum type used in this encryption type. The 
-   Kerberos constant for this type is: 
-        #define KERB_CHECKSUM_HMAC_MD5 (-138) 
-    
-   The function is defined as follows: 
-    
-   K - is the Key 
-   T - the message type, encoded as a little-endian four byte integer 
-    
-   CHKSUM(K, T, data) 
-    
-        Ksign = HMAC(K, "signature key")  //includes zero octet at end 
-        tmp = MD5(concat(T, data)) 
-        CHKSUM = HMAC(Ksign, tmp) 
-    
-    
-6. Encryption Types 
-    
-   There are two encryption types used in these encryption types. The 
-   Kerberos constants for these types are: 
-        #define KERB_ETYPE_RC4_HMAC             23 
-        #define KERB_ETYPE_RC4_HMAC_EXP         24 
-    
-   The basic encryption function is defined as follow: 
-    
-   T = the message type, encoded as a little-endian four byte integer. 
-    
-   ENCRYPT(K, T, data) 
-        if (K.enctype == KERB_ETYPE_RC4_HMAC_EXP) 
-                L = concat("fortybits", T) //includes zero octet at 
-                                           //end of string constant 
-        Else 
-                L = T 
-        Ksign = HMAC(K,L) 
-        Confounder = nonce(8) // get an 8 octet nonce for a confounder 
-        Checksum = HMAC(Ksign, concat(Confounder, data)) 
-        Ke = Ksign 
-        if (K.enctype == KERB_ETYPE_RC4_HMAC_EXP) 
-                memset(&Ke[7], 0x0ab, 9) 
-        Ke2 = HMAC(Ke, Checksum) 
-        data = RC4(Ke2, data) 
-    
-   The header field on the encrypted data in KDC messages is: 
-    
-        typedef struct _RC4_MDx_HEADER { 
-            UCHAR Checksum[16]; 
-            UCHAR Confounder[8]; 
-        } RC4_MDx_HEADER, *PRC4_MDx_HEADER; 
-  
-Swift                  Category - Informational                      3 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-    
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-7. Key Strength Negotiation 
-    
-   A Kerberos client and server can negotiate over key length if they 
-   are using mutual authentication. If the client is unable to perform 
-   full strength encryption, it may propose a key in the "subkey" field 
-   of the authenticator, using a weaker encryption type. The server 
-   must then either return the same key or suggest its own key in the 
-   subkey field of the AP reply message. The key used to encrypt data 
-   is derived from the key returned by the server. If the client is 
-   able to perform strong encryption but the server is not, it may 
-   propose a subkey in the AP reply without first being sent a subkey 
-   in the authenticator. 
- 
-8. GSSAPI Kerberos V5 Mechanism Type  
- 
-8.1 Mechanism Specific Changes 
-    
-   The GSSAPI per-message tokens also require new checksum and 
-   encryption types. The GSS-API per-message tokens must be changed to 
-   support these new encryption types (See [5] Section 1.2.2). The 
-   sealing algorithm identifier (SEAL_ALG) for an RC4 based encryption 
-   is: 
-        Byte 4..5 SEAL_ALG      0x10 0x00 - RC4 
-    
-   The signing algorithm identifier (SGN_ALG) for MD5 HMAC is: 
-        Byte 2..3 SGN ALG       0x11 0x00 - HMAC 
-    
-   The only support quality of protection is: 
-        #define GSS_KRB5_INTEG_C_QOP_DEFAULT    0x0 
-    
-   In addition, when using an RC4 based encryption type, the sequence 
-   number is sent in big-endian rather than little-endian order. 
-    
-8.2 GSSAPI Checksum Type 
-    
-   The GSSAPI checksum type and algorithm is defined in Section 5. Only 
-   the first 8 octets of the checksum are used. The resulting checksum 
-   is stored in the SGN_CKSUM field (See [5] Section 1.2) for 
-   GSS_GetMIC() and GSS_Wrap(conf_flag=FALSE). 
-    
-8.3 GSSAPI Encryption Types 
-    
-   There are two encryption types for GSSAPI message tokens, one that 
-   is 128 bits in strength, and one that is 56 bits in strength as 
-   defined in Section 6. 
-    
-
-  
-Swift                  Category - Informational                      4 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-   All padding is rounded up to 1 byte. One byte is needed to say that 
-   there is 1 byte of padding. The DES based mechanism type uses 8 byte 
-   padding. See [5] Section 1.2.2.3. 
-    
-   The encryption mechanism used for GSS based messages is as follow: 
-    
-   T = the message type, encoded as a little-endian four byte integer. 
-    
-   GSS-ENCRYPT(K, T, data) 
-        IV = SND_SEQ 
-        K = XOR(K, 0xf0f0f0f0f0f0f0f0f0f0f0f0f0f0f0) 
-        if (K.enctype == KERB_ETYPE_RC4_HMAC_EXP) 
-                L = concat("fortybits", T) //includes zero octet at end 
-        else 
-                L = T 
-        Ksign = HMAC(K, L) 
-        Ke = Ksign 
-        if (K.enctype == KERB_ETYPE_RC4_HMAC_EXP) 
-                memset(&Ke[7], 0x0ab, 9) 
-        Ke2 = HMAC(Ke, IV) 
-        Data = RC4(Ke2, data) 
-        SND_SEQ = RC4(Ke, seq#) 
-         
-   The sequence number (SND_SEQ) and IV are used as defined in [5] 
-   Section 1.2.2. 
-    
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-8. Security Considerations 
- 
-   Care must be taken in implementing this encryption type because it 
-   uses a stream cipher. If a different IV isn�t used in each direction 
-   when using a session key, the encryption is weak. By using the 
-   sequence number as an IV, this is avoided. 
-    
-9. References 
- 
-   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-      9, RFC 2026, October 1996. 
-    
-   2  Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-      Levels", BCP 14, RFC 2119, March 1997 
-    
-   3  Krawczyk, H., Bellare, M., Canetti, R.,"HMAC: Keyed-Hashing for 
-      Message Authentication", RFC 2104, February 1997 
-    
-   4  Kohl, J., Neuman, C., "The Kerberos Network Authentication 
-      Service (V5)", RFC 1510, September 1993 
- 
- 
-  
-Swift                  Category - Informational                      5 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
- 
-   5  Linn, J., "The Kerberos Version 5 GSS-API Mechanism", RFC-1964, 
-      June 1996 
- 
-   6  R. Rivest, "The MD4 Message-Digest Algorithm", RFC-1320, April 
-      1992 
- 
-   7  R. Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, April 
-      1992 
- 
-   8  RC4 is a proprietary encryption algorithm available under license 
-             from RSA Data Security Inc.  For licensing information, 
-      contact: 
-             RSA Data Security, Inc. 
-             100 Marine Parkway 
-             Redwood City, CA 94065-1031 
- 
-   9  Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network 
-      Authentication Service (V5)", draft-ietf-cat-kerberos-revisions-
-      04.txt, June 25, 1999 
- 
-    
-10. Author's Addresses 
-    
-   Mike Swift 
-   Microsoft 
-   One Microsoft Way 
-   Redmond, Washington 
-   Email: mikesw@microsoft.com  
-    
-   John Brezak 
-   Microsoft 
-   One Microsoft Way 
-   Redmond, Washington 
-   Email: jbrezak@microsoft.com 
-    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                  Category - Informational                      6 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-    
-11. Full Copyright Statement 
- 
-   Copyright (C) The Internet Society (1999).  All Rights Reserved. 
-    
-   This document and translations of it may be copied and furnished to 
-   others, and derivative works that comment on or otherwise explain it 
-   or assist in its implementation may be prepared, copied, published 
-   and distributed, in whole or in part, without restriction of any 
-   kind, provided that the above copyright notice and this paragraph 
-   are included on all such copies and derivative works.  However, this   
-   document itself may not be modified in any way, such as by removing   
-   the copyright notice or references to the Internet Society or other   
-   Internet organizations, except as needed for the purpose of 
-   developing Internet standards in which case the procedures for 
-   copyrights defined in the Internet Standards process must be 
-   followed, or as required to translate it into languages other than 
-   English. 
-    
-   The limited permissions granted above are perpetual and will not be 
-   revoked by the Internet Society or its successors or assigns. 
-    
-   This document and the information contained herein is provided on an 
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                  Category - Informational                      7 
-
-\ No newline at end of file
diff --git a/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-02.txt b/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-02.txt
deleted file mode 100644
index 1fc9927dea4c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-02.txt
+++ /dev/null
@@ -1,589 +0,0 @@
-
-
-CAT working group                                              M. Swift 
-Internet Draft                                                J. Brezak 
-Document: draft-brezak-win2k-krb-rc4-hmac-02.txt              Microsoft 
-Category: Informational                                   November 2000 
-
-
-           The Windows 2000 RC4-HMAC Kerberos encryption type 
-
-
-tatus of this Memo 
-
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are 
-   working documents of the Internet Engineering Task Force (IETF), its 
-   areas, and its working groups. Note that other groups may also 
-   distribute working documents as Internet-Drafts. Internet-Drafts are 
-   draft documents valid for a maximum of six months and may be 
-   updated, replaced, or obsoleted by other documents at any time. It 
-   is inappropriate to use Internet- Drafts as reference material or to 
-   cite them other than as "work in progress." 
-     
-   The list of current Internet-Drafts can be accessed at 
-   http://www.ietf.org/ietf/1id-abstracts.txt  
-   The list of Internet-Draft Shadow Directories can be accessed at 
-   http://www.ietf.org/shadow.html. 
-    
-. Abstract 
-    
-   The Windows 2000 implementation of Kerberos introduces a new 
-   encryption type based on the RC4 encryption algorithm and using an 
-   MD5 HMAC for checksum. This is offered as an alternative to using 
-   the existing DES based encryption types. 
-    
-   The RC4-HMAC encryption types are used to ease upgrade of existing 
-   Windows NT environments, provide strong crypto (128-bit key 
-   lengths), and provide exportable (meet United States government 
-   export restriction requirements) encryption. 
-    
-   The Windows 2000 implementation of Kerberos contains new encryption 
-   and checksum types for two reasons: for export reasons early in the 
-   development process, 56 bit DES encryption could not be exported, 
-   and because upon upgrade from Windows NT 4.0 to Windows 2000, 
-   accounts will not have the appropriate DES keying material to do the 
-   standard DES encryption. Furthermore, 3DES is not available for 
-   export, and there was a desire to use a single flavor of encryption 
-   in the product for both US and international products. 
-    
-   As a result, there are two new encryption types and one new checksum 
-   type introduced in Windows 2000. 
-    
-    
-. Conventions used in this document 
-    
-
- 
-wift                  Category - Informational                      1 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-    
-. Key Generation 
-    
-   On upgrade from existing Windows NT domains, the user accounts would 
-   not have a DES based key available to enable the use of DES base 
-   encryption types specified in RFC 1510. The key used for RC4-HMAC is 
-   the same as the existing Windows NT key (NT Password Hash) for 
-   compatibility reasons. Once the account password is changed, the DES 
-   based keys are created and maintained. Once the DES keys are 
-   available DES based encryption types can be used with Kerberos.  
-    
-   The RC4-HMAC String to key function is defined as follow: 
-    
-   String2Key(password) 
-    
-        K = MD4(UNICODE(password)) 
-         
-   The RC4-HMAC keys are generated by using the Windows UNICODE version 
-   of the password. Each Windows UNICODE character is encoded in 
-   little-endian format of 2 octets each. Then performing an MD4 [6] 
-   hash operation on just the UNICODE characters of the password (not 
-   including the terminating zero octets). 
-    
-   For an account with a password of "foo", this String2Key("foo") will 
-   return: 
-    
-        0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe, 
-        0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc 
-    
-. Basic Operations 
-    
-   The MD5 HMAC function is defined in [3]. It is used in this 
-   encryption type for checksum operations. Refer to [3] for details on 
-   its operation. In this document this function is referred to as 
-   HMAC(Key, Data) returning the checksum using the specified key on 
-   the data. 
-    
-   The basic MD5 hash operation is used in this encryption type and 
-   defined in [7]. In this document this function is referred to as 
-   MD5(Data) returning the checksum of the data. 
-    
-   RC4 is a stream cipher licensed by RSA Data Security [RSADSI]. A       
-   compatible cipher is described in [8]. In this document the function 
-   is referred to as RC4(Key, Data) returning the encrypted data using 
-   the specified key on the data. 
-    
-   These encryption types use key derivation as defined in [9] (RFC-
-   1510BIS) in Section titled "Key Derivation". With each message, the 
-   message type (T) is used as a component of the keying material. This 
-   summarizes the different key derivation values used in the various 
- 
-wift                  Category - Informational                      2 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-   operations. Note that these differ from the key derivations used in 
-   other Kerberos encryption types. 
-    
-        T = 1 for TS-ENC-TS in the AS-Request 
-        T = 8 for the AS-Reply  
-        T = 7 for the Authenticator in the TGS-Request 
-        T = 8 for the TGS-Reply  
-        T = 2 for the Server Ticket in the AP-Request 
-        T = 11 for the Authenticator in the AP-Request 
-        T = 12 for the Server returned AP-Reply 
-        T = 15 in the generation of checksum for the MIC token 
-        T = 0 in the generation of sequence number for the MIC token  
-        T = 13 in the generation of checksum for the WRAP token 
-        T = 0 in the generation of sequence number for the WRAP token  
-        T = 0 in the generation of encrypted data for the WRAPPED token 
-    
-   All strings in this document are ASCII unless otherwise specified. 
-   The lengths of ASCII encoded character strings include the trailing 
-   terminator character (0). 
-    
-   The concat(a,b,c,...) function will return the logical concatenation 
-   (left to right) of the values of the arguments. 
-    
-   The nonce(n) function returns a pseudo-random number of "n" octets. 
-    
-. Checksum Types 
-    
-   There is one checksum type used in this encryption type. The 
-   Kerberos constant for this type is: 
-        #define KERB_CHECKSUM_HMAC_MD5 (-138) 
-    
-   The function is defined as follows: 
-    
-   K - is the Key 
-   T - the message type, encoded as a little-endian four byte integer 
-    
-   CHKSUM(K, T, data) 
-    
-        Ksign = HMAC(K, "signaturekey")  //includes zero octet at end 
-        tmp = MD5(concat(T, data)) 
-        CHKSUM = HMAC(Ksign, tmp) 
-    
-    
-. Encryption Types 
-    
-   There are two encryption types used in these encryption types. The 
-   Kerberos constants for these types are: 
-        #define KERB_ETYPE_RC4_HMAC             23 
-        #define KERB_ETYPE_RC4_HMAC_EXP         24 
-    
-   The basic encryption function is defined as follow: 
-    
-   T = the message type, encoded as a little-endian four byte integer. 
- 
-wift                  Category - Informational                      3 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-    
-        BYTE L40[14] = "fortybits"; 
-        BYTE SK = "signaturekey"; 
-         
-        ENCRYPT (K, fRC4_EXP, T, data, data_len, edata, edata_len) 
-        { 
-            if (fRC4_EXP){ 
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 10 + 4, K1); 
-            }else{ 
-                HMAC (K, &T, 4, K1); 
-            } 
-            memcpy (K2, K1, 16); 
-            if (fRC4_EXP) memset (K1+7, 0xAB, 9); 
-            add_8_random_bytes(data, data_len, conf_plus_data); 
-            HMAC (K2, conf_plus_data, 8 + data_len, checksum); 
-            HMAC (K1, checksum, 16, K3); 
-            RC4(K3, conf_plus_data, 8 + data_len, edata + 16); 
-            memcpy (edata, checksum, 16); 
-            edata_len = 16 + 8 + data_len; 
-        }         
-         
-        DECRYPT (K, fRC4_EXP, T, edata, edata_len, data, data_len) 
-        { 
-            if (fRC4_EXP){ 
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K1); 
-            }else{ 
-                HMAC (K, &T, 4, K1); 
-            } 
-            memcpy (K2, K1, 16); 
-            if (fRC4_EXP) memset (K1+7, 0xAB, 9); 
-            HMAC (K1, edata, 16, K3); // checksum is at edata 
-            RC4(K3, edata + 16, edata_len - 16, edata + 16); 
-            data_len = edata_len - 16 - 8; 
-            memcpy (data, edata + 16 + 8, data_len); 
-             
-            // verify generated and received checksums 
-            HMAC (K2, edata + 16, edata_len - 16, checksum); 
-            if (memcmp(edata, checksum, 16) != 0)  
-                printf("CHECKSUM ERROR  !!!!!!\n"); 
-        } 
-    
-   The header field on the encrypted data in KDC messages is: 
-    
-        typedef struct _RC4_MDx_HEADER { 
-            UCHAR Checksum[16]; 
-            UCHAR Confounder[8]; 
-        } RC4_MDx_HEADER, *PRC4_MDx_HEADER; 
-         
-   The KDC message is encrypted using the ENCRYPT function not 
-   including the Checksum in the RC4_MDx_HEADER. 
-    
- 
-wift                  Category - Informational                      4 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-. Key Strength Negotiation 
-    
-   A Kerberos client and server can negotiate over key length if they 
-   are using mutual authentication. If the client is unable to perform 
-   full strength encryption, it may propose a key in the "subkey" field 
-   of the authenticator, using a weaker encryption type. The server 
-   must then either return the same key or suggest its own key in the 
-   subkey field of the AP reply message. The key used to encrypt data 
-   is derived from the key returned by the server. If the client is 
-   able to perform strong encryption but the server is not, it may 
-   propose a subkey in the AP reply without first being sent a subkey 
-   in the authenticator. 
-
-. GSSAPI Kerberos V5 Mechanism Type  
-
-.1 Mechanism Specific Changes 
-    
-   The GSSAPI per-message tokens also require new checksum and 
-   encryption types. The GSS-API per-message tokens must be changed to 
-   support these new encryption types (See [5] Section 1.2.2). The 
-   sealing algorithm identifier (SEAL_ALG) for an RC4 based encryption 
-   is: 
-        Byte 4..5 SEAL_ALG      0x10 0x00 - RC4 
-    
-   The signing algorithm identifier (SGN_ALG) for MD5 HMAC is: 
-        Byte 2..3 SGN ALG       0x11 0x00 - HMAC 
-    
-   The only support quality of protection is: 
-        #define GSS_KRB5_INTEG_C_QOP_DEFAULT    0x0 
-    
-   In addition, when using an RC4 based encryption type, the sequence 
-   number is sent in big-endian rather than little-endian order. 
-    
-   The Windows 2000 implementation also defines new GSSAPI flags in the 
-   initial token passed when initializing a security context. These 
-   flags are passed in the checksum field of the authenticator (See [5] 
-   Section 1.1.1). 
-    
-   GSS_C_DCE_STYLE - This flag was added for use with Microsoft�s 
-   implementation of DCE RPC, which initially expected three legs of 
-   authentication. Setting this flag causes an extra AP reply to be 
-   sent from the client back to the server after receiving the server�s 
-   AP reply. In addition, the context negotiation tokens do not have 
-   GSSAPI framing - they are raw AP message and do not include object 
-   identifiers. 
-        #define GSS_C_DCE_STYLE                 0x1000 
-    
-
- 
-wift                  Category - Informational                      5 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-   GSS_C_IDENTIFY_FLAG - This flag allows the client to indicate to the 
-   server that it should only allow the server application to identify 
-   the client by name and ID, but not to impersonate the client. 
-        #define GSS_C_IDENTIFY_FLAG             0x2000 
-         
-   GSS_C_EXTENDED_ERROR_FLAG - Setting this flag indicates that the 
-   client wants to be informed of extended error information. In 
-   particular, Windows 2000 status codes may be returned in the data 
-   field of a Kerberos error message. This allows the client to 
-   understand a server failure more precisely. In addition, the server 
-   may return errors to the client that are normally handled at the 
-   application layer in the server, in order to let the client try to 
-   recover. After receiving an error message, the client may attempt to 
-   resubmit an AP request. 
-        #define GSS_C_EXTENDED_ERROR_FLAG       0x4000 
-    
-   These flags are only used if a client is aware of these conventions 
-   when using the SSPI on the Windows platform, they are not generally 
-   used by default. 
-    
-   When NetBIOS addresses are used in the GSSAPI, they are identified 
-   by the GSS_C_AF_NETBIOS value. This value is defined as: 
-        #define GSS_C_AF_NETBIOS                0x14 
-   NetBios addresses are 16-octet addresses typically composed of 1 to                                                                  th   15 characters, trailing blank (ascii char 20) filled, with a 16  
-   octet of 0x0. 
-    
-.2 GSSAPI Checksum Type 
-    
-   The GSSAPI checksum type and algorithm is defined in Section 5. Only 
-   the first 8 octets of the checksum are used. The resulting checksum 
-   is stored in the SGN_CKSUM field (See [5] Section 1.2) for 
-   GSS_GetMIC() and GSS_Wrap(conf_flag=FALSE). 
-    
-        MIC (K, fRC4_EXP, seq_num, MIC_hdr, msg, msg_len, 
-             MIC_seq, MIC_checksum) 
-        { 
-            HMAC (K, SK, 13, K4); 
-            T = 15; 
-            memcpy (T_plus_hdr_plus_msg + 00, &T, 4); 
-            memcpy (T_plus_hdr_plus_msg + 04, MIC_hdr, 8);  
-                                                // 0101 1100 FFFFFFFF 
-            memcpy (T_plus_hdr_plus_msg + 12, msg, msg_len); 
-            MD5 (T_hdr_msg, 4 + 8 + msg_len, MD5_of_T_hdr_msg); 
-            HMAC (K4, MD5_of_T_hdr_msg, CHKSUM); 
-            memcpy (MIC_checksum, CHKSUM, 8); // use only first 8 bytes 
-          
-            T = 0; 
-            if (fRC4_EXP){  
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K5); 
-            }else{ 
-                HMAC (K, &T, 4, K5); 
- 
-wift                  Category - Informational                      6 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-            } 
-            if (fRC4_EXP) memset(K5+7, 0xAB, 9); 
-            HMAC(K5, MIT_checksum, 8, K6); 
-            copy_seq_num_in_big_endian(seq_num, seq_plus_direction); 
-        //0x12345678 
-            copy_direction_flag (direction_flag, seq_plus_direction + 
-        4); //0x12345678FFFFFFFF 
-            RC4(K6, seq_plus_direction, 8, MIC_seq); 
-        } 
-    
-.3 GSSAPI Encryption Types 
-    
-   There are two encryption types for GSSAPI message tokens, one that 
-   is 128 bits in strength, and one that is 56 bits in strength as 
-   defined in Section 6. 
-    
-   All padding is rounded up to 1 byte. One byte is needed to say that 
-   there is 1 byte of padding. The DES based mechanism type uses 8 byte 
-   padding. See [5] Section 1.2.2.3. 
-    
-   The encryption mechanism used for GSS wrap based messages is as 
-   follow: 
-    
-    
-        WRAP (K, fRC4_EXP, seq_num, WRAP_hdr, msg, msg_len, 
-              WRAP_seq, WRAP_checksum, edata, edata_len) 
-        { 
-            HMAC (K, SK, 13, K7); 
-            T = 13; 
-            PAD = 1; 
-            memcpy (T_hdr_conf_msg_pad + 00, &T, 4); 
-            memcpy (T_hdr_conf_msg_pad + 04, WRAP_hdr, 8); // 0101 1100 
-        FFFFFFFF 
-            memcpy (T_hdr_conf_msg_pad + 12, msg, msg_len); 
-            memcpy (T_hdr_conf_msg_pad + 12 + msg_len, &PAD, 1); 
-            MD5 (T_hdr_conf_msg_pad, 
-                 4 + 8 + 8 + msg_len + 1, 
-                 MD5_of_T_hdr_conf_msg_pad); 
-            HMAC (K7, MD5_of_T_hdr_conf_msg_pad, CHKSUM); 
-            memcpy (WRAP_checksum, CHKSUM, 8); // use only first 8 
-        bytes 
-          
-            T = 0; 
-            if (fRC4_EXP){  
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K8); 
-            }else{ 
-                HMAC (K, &T, 4, K8); 
-            } 
-            if (fRC4_EXP) memset(K8+7, 0xAB, 9); 
-            HMAC(K8, WRAP_checksum, 8, K9); 
-            copy_seq_num_in_big_endian(seq_num, seq_plus_direction); 
-        //0x12345678 
- 
-wift                  Category - Informational                      7 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-            copy_direction_flag (direction_flag, seq_plus_direction + 
-        4); //0x12345678FFFFFFFF 
-            RC4(K9, seq_plus_direction, 8, WRAP_seq); 
-          
-            for (i = 0; i < 16; i++) K10 [i] ^= 0xF0; // XOR each byte 
-        of key with 0xF0 
-            T = 0; 
-            if (fRC4_EXP){ 
-                *(DWORD *)(L40+10) = T; 
-                HMAC(K10, L40, 14, K11); 
-                memset(K11+7, 0xAB, 9); 
-            }else{ 
-                HMAC(K10, &T, 4, K11);  
-            } 
-            HMAC(K11, seq_num, 4, K12); 
-            RC4(K12, T_hdr_conf_msg_pad + 4 + 8, 8 + msg_len + 1, 
-        edata); /* skip T & hdr */ 
-            edata_len = 8 + msg_len + 1; // conf + msg_len + pad 
-         } 
-          
-    
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-. Security Considerations 
-
-   Care must be taken in implementing this encryption type because it 
-   uses a stream cipher. If a different IV isn�t used in each direction 
-   when using a session key, the encryption is weak. By using the 
-   sequence number as an IV, this is avoided. 
-    
-0. Acknowledgements 
-    
-   We would like to thank Salil Dangi for the valuable input in 
-   refining the descriptions of the functions and review input. 
-     
-1. References 
-
-   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-      9, RFC 2026, October 1996. 
-    
-   2  Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-      Levels", BCP 14, RFC 2119, March 1997 
-    
-   3  Krawczyk, H., Bellare, M., Canetti, R.,"HMAC: Keyed-Hashing for 
-      Message Authentication", RFC 2104, February 1997 
-    
-   4  Kohl, J., Neuman, C., "The Kerberos Network Authentication 
-      Service (V5)", RFC 1510, September 1993 
-
-
- 
-wift                  Category - Informational                      8 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
-
-
-
-   5  Linn, J., "The Kerberos Version 5 GSS-API Mechanism", RFC-1964, 
-      June 1996 
-
-   6  R. Rivest, "The MD4 Message-Digest Algorithm", RFC-1320, April 
-      1992 
-
-   7  R. Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, April 
-      1992 
-
-   8  Thayer, R. and K. Kaukonen, "A Stream Cipher Encryption             
-      Algorithm", Work in Progress. 
-
-   9  RC4 is a proprietary encryption algorithm available under license 
-      from RSA Data Security Inc.  For licensing information, contact: 
-       
-         RSA Data Security, Inc. 
-         100 Marine Parkway 
-         Redwood City, CA 94065-1031 
-
-   10 Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network 
-      Authentication Service (V5)", draft-ietf-cat-kerberos-revisions-
-      04.txt, June 25, 1999 
-
-    
-2. Author's Addresses 
-    
-   Mike Swift 
-   Dept. of Computer Science 
-   Sieg Hall 
-   University of Washington 
-   Seattle, WA 98105 
-   Email: mikesw@cs.washington.edu  
-    
-   John Brezak 
-   Microsoft 
-   One Microsoft Way 
-   Redmond, Washington 
-   Email: jbrezak@microsoft.com 
-    
-    
-
-
-
-
-
-
-
-
-
-
-
-
- 
-wift                  Category - Informational                      9 
-
-               Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
-
-
-    
-3. Full Copyright Statement 
-
-   "Copyright (C) The Internet Society (2000). All Rights Reserved. 
-    
-   This document and translations of it may be copied and          
-   furnished to others, and derivative works that comment on or          
-   otherwise explain it or assist in its implementation may be          
-   prepared, copied, published and distributed, in whole or in          
-   part, without restriction of any kind, provided that the above          
-   copyright notice and this paragraph are included on all such          
-   copies and derivative works.  However, this document itself may          
-   not be modified in any way, such as by removing the copyright          
-   notice or references to the Internet Society or other Internet          
-   organizations, except as needed for the purpose of developing          
-   Internet standards in which case the procedures for copyrights          
-   defined in the Internet Standards process must be followed, or          
-   as required to translate it into languages other than English. 
-    
-   The limited permissions granted above are perpetual and will          
-   not be revoked by the Internet Society or its successors or          
-   assigns. 
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 
-wift                  Category - Informational                     10 
-
diff --git a/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-03.txt b/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-03.txt
deleted file mode 100644
index 202d44e8639c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-brezak-win2k-krb-rc4-hmac-03.txt
+++ /dev/null
@@ -1,587 +0,0 @@
-CAT working group                                              M. Swift 
-Internet Draft                                                J. Brezak 
-Document: draft-brezak-win2k-krb-rc4-hmac-03.txt              Microsoft 
-Category: Informational                                       June 2000 
- 
- 
-           The Windows 2000 RC4-HMAC Kerberos encryption type 
- 
- 
-Status of this Memo 
- 
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are 
-   working documents of the Internet Engineering Task Force (IETF), its 
-   areas, and its working groups. Note that other groups may also 
-   distribute working documents as Internet-Drafts. Internet-Drafts are 
-   draft documents valid for a maximum of six months and may be 
-   updated, replaced, or obsoleted by other documents at any time. It 
-   is inappropriate to use Internet- Drafts as reference material or to 
-   cite them other than as "work in progress." 
-     
-   The list of current Internet-Drafts can be accessed at 
-   http://www.ietf.org/ietf/1id-abstracts.txt  
-   The list of Internet-Draft Shadow Directories can be accessed at 
-   http://www.ietf.org/shadow.html. 
-    
-1. Abstract 
-    
-   The Windows 2000 implementation of Kerberos introduces a new 
-   encryption type based on the RC4 encryption algorithm and using an 
-   MD5 HMAC for checksum. This is offered as an alternative to using 
-   the existing DES based encryption types. 
-    
-   The RC4-HMAC encryption types are used to ease upgrade of existing 
-   Windows NT environments, provide strong crypto (128-bit key 
-   lengths), and provide exportable (meet United States government 
-   export restriction requirements) encryption. 
-    
-   The Windows 2000 implementation of Kerberos contains new encryption 
-   and checksum types for two reasons: for export reasons early in the 
-   development process, 56 bit DES encryption could not be exported, 
-   and because upon upgrade from Windows NT 4.0 to Windows 2000, 
-   accounts will not have the appropriate DES keying material to do the 
-   standard DES encryption. Furthermore, 3DES is not available for 
-   export, and there was a desire to use a single flavor of encryption 
-   in the product for both US and international products. 
-    
-   As a result, there are two new encryption types and one new checksum 
-   type introduced in Windows 2000. 
-    
-    
-2. Conventions used in this document 
-    
-
-  
-Swift                  Category - Informational                      1 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-    
-3. Key Generation 
-    
-   On upgrade from existing Windows NT domains, the user accounts would 
-   not have a DES based key available to enable the use of DES base 
-   encryption types specified in RFC 1510. The key used for RC4-HMAC is 
-   the same as the existing Windows NT key (NT Password Hash) for 
-   compatibility reasons. Once the account password is changed, the DES 
-   based keys are created and maintained. Once the DES keys are 
-   available DES based encryption types can be used with Kerberos.  
-    
-   The RC4-HMAC String to key function is defined as follow: 
-    
-   String2Key(password) 
-    
-        K = MD4(UNICODE(password)) 
-         
-   The RC4-HMAC keys are generated by using the Windows UNICODE version 
-   of the password. Each Windows UNICODE character is encoded in 
-   little-endian format of 2 octets each. Then performing an MD4 [6] 
-   hash operation on just the UNICODE characters of the password (not 
-   including the terminating zero octets). 
-    
-   For an account with a password of "foo", this String2Key("foo") will 
-   return: 
-    
-        0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe, 
-        0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc 
-    
-4. Basic Operations 
-    
-   The MD5 HMAC function is defined in [3]. It is used in this 
-   encryption type for checksum operations. Refer to [3] for details on 
-   its operation. In this document this function is referred to as 
-   HMAC(Key, Data) returning the checksum using the specified key on 
-   the data. 
-    
-   The basic MD5 hash operation is used in this encryption type and 
-   defined in [7]. In this document this function is referred to as 
-   MD5(Data) returning the checksum of the data. 
-    
-   RC4 is a stream cipher licensed by RSA Data Security [RSADSI]. A       
-   compatible cipher is described in [8]. In this document the function 
-   is referred to as RC4(Key, Data) returning the encrypted data using 
-   the specified key on the data. 
-    
-   These encryption types use key derivation as defined in [9] (RFC-
-   1510BIS) in Section titled "Key Derivation". With each message, the 
-   message type (T) is used as a component of the keying material. This 
-   summarizes the different key derivation values used in the various 
-  
-Swift                  Category - Informational                      2 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   operations. Note that these differ from the key derivations used in 
-   other Kerberos encryption types. 
-    
-        T = 1 for TS-ENC-TS in the AS-Request 
-        T = 8 for the AS-Reply  
-        T = 7 for the Authenticator in the TGS-Request 
-        T = 8 for the TGS-Reply  
-        T = 2 for the Server Ticket in the AP-Request 
-        T = 11 for the Authenticator in the AP-Request 
-        T = 12 for the Server returned AP-Reply 
-        T = 15 in the generation of checksum for the MIC token 
-        T = 0 in the generation of sequence number for the MIC token  
-        T = 13 in the generation of checksum for the WRAP token 
-        T = 0 in the generation of sequence number for the WRAP token  
-        T = 0 in the generation of encrypted data for the WRAPPED token 
-    
-   All strings in this document are ASCII unless otherwise specified. 
-   The lengths of ASCII encoded character strings include the trailing 
-   terminator character (0). 
-    
-   The concat(a,b,c,...) function will return the logical concatenation 
-   (left to right) of the values of the arguments. 
-    
-   The nonce(n) function returns a pseudo-random number of "n" octets. 
-    
-5. Checksum Types 
-    
-   There is one checksum type used in this encryption type. The 
-   Kerberos constant for this type is: 
-        #define KERB_CHECKSUM_HMAC_MD5 (-138) 
-    
-   The function is defined as follows: 
-    
-   K - is the Key 
-   T - the message type, encoded as a little-endian four byte integer 
-    
-   CHKSUM(K, T, data) 
-    
-        Ksign = HMAC(K, "signaturekey")  //includes zero octet at end 
-        tmp = MD5(concat(T, data)) 
-        CHKSUM = HMAC(Ksign, tmp) 
-    
-    
-6. Encryption Types 
-    
-   There are two encryption types used in these encryption types. The 
-   Kerberos constants for these types are: 
-        #define KERB_ETYPE_RC4_HMAC             23 
-        #define KERB_ETYPE_RC4_HMAC_EXP         24 
-    
-   The basic encryption function is defined as follow: 
-    
-   T = the message type, encoded as a little-endian four byte integer. 
-  
-Swift                  Category - Informational                      3 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-    
-        BYTE L40[14] = "fortybits"; 
-        BYTE SK = "signaturekey"; 
-         
-        ENCRYPT (K, fRC4_EXP, T, data, data_len, edata, edata_len) 
-        { 
-            if (fRC4_EXP){ 
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 10 + 4, K1); 
-            }else{ 
-                HMAC (K, &T, 4, K1); 
-            } 
-            memcpy (K2, K1, 16); 
-            if (fRC4_EXP) memset (K1+7, 0xAB, 9); 
-            add_8_random_bytes(data, data_len, conf_plus_data); 
-            HMAC (K2, conf_plus_data, 8 + data_len, checksum); 
-            HMAC (K1, checksum, 16, K3); 
-            RC4(K3, conf_plus_data, 8 + data_len, edata + 16); 
-            memcpy (edata, checksum, 16); 
-            edata_len = 16 + 8 + data_len; 
-        }         
-         
-        DECRYPT (K, fRC4_EXP, T, edata, edata_len, data, data_len) 
-        { 
-            if (fRC4_EXP){ 
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K1); 
-            }else{ 
-                HMAC (K, &T, 4, K1); 
-            } 
-            memcpy (K2, K1, 16); 
-            if (fRC4_EXP) memset (K1+7, 0xAB, 9); 
-            HMAC (K1, edata, 16, K3); // checksum is at edata 
-            RC4(K3, edata + 16, edata_len - 16, edata + 16); 
-            data_len = edata_len - 16 - 8; 
-            memcpy (data, edata + 16 + 8, data_len); 
-             
-            // verify generated and received checksums 
-            HMAC (K2, edata + 16, edata_len - 16, checksum); 
-            if (memcmp(edata, checksum, 16) != 0)  
-                printf("CHECKSUM ERROR  !!!!!!\n"); 
-        } 
-    
-   The header field on the encrypted data in KDC messages is: 
-    
-        typedef struct _RC4_MDx_HEADER { 
-            UCHAR Checksum[16]; 
-            UCHAR Confounder[8]; 
-        } RC4_MDx_HEADER, *PRC4_MDx_HEADER; 
-         
-   The KDC message is encrypted using the ENCRYPT function not 
-   including the Checksum in the RC4_MDx_HEADER. 
-    
-  
-Swift                  Category - Informational                      4 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-7. Key Strength Negotiation 
-    
-   A Kerberos client and server can negotiate over key length if they 
-   are using mutual authentication. If the client is unable to perform 
-   full strength encryption, it may propose a key in the "subkey" field 
-   of the authenticator, using a weaker encryption type. The server 
-   must then either return the same key or suggest its own key in the 
-   subkey field of the AP reply message. The key used to encrypt data 
-   is derived from the key returned by the server. If the client is 
-   able to perform strong encryption but the server is not, it may 
-   propose a subkey in the AP reply without first being sent a subkey 
-   in the authenticator. 
- 
-8. GSSAPI Kerberos V5 Mechanism Type  
- 
-8.1 Mechanism Specific Changes 
-    
-   The GSSAPI per-message tokens also require new checksum and 
-   encryption types. The GSS-API per-message tokens must be changed to 
-   support these new encryption types (See [5] Section 1.2.2). The 
-   sealing algorithm identifier (SEAL_ALG) for an RC4 based encryption 
-   is: 
-        Byte 4..5 SEAL_ALG      0x10 0x00 - RC4 
-    
-   The signing algorithm identifier (SGN_ALG) for MD5 HMAC is: 
-        Byte 2..3 SGN ALG       0x11 0x00 - HMAC 
-    
-   The only support quality of protection is: 
-        #define GSS_KRB5_INTEG_C_QOP_DEFAULT    0x0 
-    
-   In addition, when using an RC4 based encryption type, the sequence 
-   number is sent in big-endian rather than little-endian order. 
-    
-   The Windows 2000 implementation also defines new GSSAPI flags in the 
-   initial token passed when initializing a security context. These 
-   flags are passed in the checksum field of the authenticator (See [5] 
-   Section 1.1.1). 
-    
-   GSS_C_DCE_STYLE - This flag was added for use with Microsoft�s 
-   implementation of DCE RPC, which initially expected three legs of 
-   authentication. Setting this flag causes an extra AP reply to be 
-   sent from the client back to the server after receiving the server�s 
-   AP reply. In addition, the context negotiation tokens do not have 
-   GSSAPI framing - they are raw AP message and do not include object 
-   identifiers. 
-        #define GSS_C_DCE_STYLE                 0x1000 
-    
-
-  
-Swift                  Category - Informational                      5 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   GSS_C_IDENTIFY_FLAG - This flag allows the client to indicate to the 
-   server that it should only allow the server application to identify 
-   the client by name and ID, but not to impersonate the client. 
-        #define GSS_C_IDENTIFY_FLAG             0x2000 
-         
-   GSS_C_EXTENDED_ERROR_FLAG - Setting this flag indicates that the 
-   client wants to be informed of extended error information. In 
-   particular, Windows 2000 status codes may be returned in the data 
-   field of a Kerberos error message. This allows the client to 
-   understand a server failure more precisely. In addition, the server 
-   may return errors to the client that are normally handled at the 
-   application layer in the server, in order to let the client try to 
-   recover. After receiving an error message, the client may attempt to 
-   resubmit an AP request. 
-        #define GSS_C_EXTENDED_ERROR_FLAG       0x4000 
-    
-   These flags are only used if a client is aware of these conventions 
-   when using the SSPI on the Windows platform, they are not generally 
-   used by default. 
-    
-   When NetBIOS addresses are used in the GSSAPI, they are identified 
-   by the GSS_C_AF_NETBIOS value. This value is defined as: 
-        #define GSS_C_AF_NETBIOS                0x14 
-   NetBios addresses are 16-octet addresses typically composed of 1 to 
-                                                                 th
-   15 characters, trailing blank (ascii char 20) filled, with a 16  
-   octet of 0x0. 
-    
-8.2 GSSAPI Checksum Type 
-    
-   The GSSAPI checksum type and algorithm is defined in Section 5. Only 
-   the first 8 octets of the checksum are used. The resulting checksum 
-   is stored in the SGN_CKSUM field (See [5] Section 1.2) for 
-   GSS_GetMIC() and GSS_Wrap(conf_flag=FALSE). 
-    
-        MIC (K, fRC4_EXP, seq_num, MIC_hdr, msg, msg_len, 
-             MIC_seq, MIC_checksum) 
-        { 
-            HMAC (K, SK, 13, K4); 
-            T = 15; 
-            memcpy (T_plus_hdr_plus_msg + 00, &T, 4); 
-            memcpy (T_plus_hdr_plus_msg + 04, MIC_hdr, 8);  
-                                                // 0101 1100 FFFFFFFF 
-            memcpy (T_plus_hdr_plus_msg + 12, msg, msg_len); 
-            MD5 (T_hdr_msg, 4 + 8 + msg_len, MD5_of_T_hdr_msg); 
-            HMAC (K4, MD5_of_T_hdr_msg, CHKSUM); 
-            memcpy (MIC_checksum, CHKSUM, 8); // use only first 8 bytes 
-          
-            T = 0; 
-            if (fRC4_EXP){  
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K5); 
-            }else{ 
-                HMAC (K, &T, 4, K5); 
-  
-Swift                  Category - Informational                      6 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-            } 
-            if (fRC4_EXP) memset(K5+7, 0xAB, 9); 
-            HMAC(K5, MIT_checksum, 8, K6); 
-            copy_seq_num_in_big_endian(seq_num, seq_plus_direction); 
-        //0x12345678 
-            copy_direction_flag (direction_flag, seq_plus_direction + 
-        4); //0x12345678FFFFFFFF 
-            RC4(K6, seq_plus_direction, 8, MIC_seq); 
-        } 
-    
-8.3 GSSAPI Encryption Types 
-    
-   There are two encryption types for GSSAPI message tokens, one that 
-   is 128 bits in strength, and one that is 56 bits in strength as 
-   defined in Section 6. 
-    
-   All padding is rounded up to 1 byte. One byte is needed to say that 
-   there is 1 byte of padding. The DES based mechanism type uses 8 byte 
-   padding. See [5] Section 1.2.2.3. 
-    
-   The encryption mechanism used for GSS wrap based messages is as 
-   follow: 
-    
-    
-        WRAP (K, fRC4_EXP, seq_num, WRAP_hdr, msg, msg_len, 
-              WRAP_seq, WRAP_checksum, edata, edata_len) 
-        { 
-            HMAC (K, SK, 13, K7); 
-            T = 13; 
-            PAD = 1; 
-            memcpy (T_hdr_conf_msg_pad + 00, &T, 4); 
-            memcpy (T_hdr_conf_msg_pad + 04, WRAP_hdr, 8); // 0101 1100 
-        FFFFFFFF 
-            memcpy (T_hdr_conf_msg_pad + 12, msg, msg_len); 
-            memcpy (T_hdr_conf_msg_pad + 12 + msg_len, &PAD, 1); 
-            MD5 (T_hdr_conf_msg_pad, 
-                 4 + 8 + 8 + msg_len + 1, 
-                 MD5_of_T_hdr_conf_msg_pad); 
-            HMAC (K7, MD5_of_T_hdr_conf_msg_pad, CHKSUM); 
-            memcpy (WRAP_checksum, CHKSUM, 8); // use only first 8 
-        bytes 
-          
-            T = 0; 
-            if (fRC4_EXP){  
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K8); 
-            }else{ 
-                HMAC (K, &T, 4, K8); 
-            } 
-            if (fRC4_EXP) memset(K8+7, 0xAB, 9); 
-            HMAC(K8, WRAP_checksum, 8, K9); 
-            copy_seq_num_in_big_endian(seq_num, seq_plus_direction); 
-        //0x12345678 
-  
-Swift                  Category - Informational                      7 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-            copy_direction_flag (direction_flag, seq_plus_direction + 
-        4); //0x12345678FFFFFFFF 
-            RC4(K9, seq_plus_direction, 8, WRAP_seq); 
-          
-            for (i = 0; i < 16; i++) K10 [i] ^= 0xF0; // XOR each byte 
-        of key with 0xF0 
-            T = 0; 
-            if (fRC4_EXP){ 
-                *(DWORD *)(L40+10) = T; 
-                HMAC(K10, L40, 14, K11); 
-                memset(K11+7, 0xAB, 9); 
-            }else{ 
-                HMAC(K10, &T, 4, K11);  
-            } 
-            HMAC(K11, seq_num, 4, K12); 
-            RC4(K12, T_hdr_conf_msg_pad + 4 + 8, 8 + msg_len + 1, 
-        edata); /* skip T & hdr */ 
-            edata_len = 8 + msg_len + 1; // conf + msg_len + pad 
-         } 
-          
-    
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-9. Security Considerations 
- 
-   Care must be taken in implementing this encryption type because it 
-   uses a stream cipher. If a different IV isn�t used in each direction 
-   when using a session key, the encryption is weak. By using the 
-   sequence number as an IV, this is avoided. 
-    
-10. Acknowledgements 
-    
-   We would like to thank Salil Dangi for the valuable input in 
-   refining the descriptions of the functions and review input. 
-     
-11. References 
- 
-   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-      9, RFC 2026, October 1996. 
-    
-   2  Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-      Levels", BCP 14, RFC 2119, March 1997 
-    
-   3  Krawczyk, H., Bellare, M., Canetti, R.,"HMAC: Keyed-Hashing for 
-      Message Authentication", RFC 2104, February 1997 
-    
-   4  Kohl, J., Neuman, C., "The Kerberos Network Authentication 
-      Service (V5)", RFC 1510, September 1993 
- 
- 
-  
-Swift                  Category - Informational                      8 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
- 
-   5  Linn, J., "The Kerberos Version 5 GSS-API Mechanism", RFC-1964, 
-      June 1996 
- 
-   6  R. Rivest, "The MD4 Message-Digest Algorithm", RFC-1320, April 
-      1992 
- 
-   7  R. Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, April 
-      1992 
- 
-   8  Thayer, R. and K. Kaukonen, "A Stream Cipher Encryption             
-      Algorithm", Work in Progress. 
- 
-   9  RC4 is a proprietary encryption algorithm available under license 
-      from RSA Data Security Inc.  For licensing information, contact: 
-       
-         RSA Data Security, Inc. 
-         100 Marine Parkway 
-         Redwood City, CA 94065-1031 
- 
-   10 Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network 
-      Authentication Service (V5)", draft-ietf-cat-kerberos-revisions-
-      04.txt, June 25, 1999 
- 
-    
-12. Author's Addresses 
-    
-   Mike Swift 
-   Dept. of Computer Science 
-   Sieg Hall 
-   University of Washington 
-   Seattle, WA 98105 
-   Email: mikesw@cs.washington.edu  
-    
-   John Brezak 
-   Microsoft 
-   One Microsoft Way 
-   Redmond, Washington 
-   Email: jbrezak@microsoft.com 
-    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                  Category - Informational                      9 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-    
-13. Full Copyright Statement 
- 
-   "Copyright (C) The Internet Society (2000). All Rights Reserved. 
-    
-   This document and translations of it may be copied and          
-   furnished to others, and derivative works that comment on or          
-   otherwise explain it or assist in its implementation may be          
-   prepared, copied, published and distributed, in whole or in          
-   part, without restriction of any kind, provided that the above          
-   copyright notice and this paragraph are included on all such          
-   copies and derivative works.  However, this document itself may          
-   not be modified in any way, such as by removing the copyright          
-   notice or references to the Internet Society or other Internet          
-   organizations, except as needed for the purpose of developing          
-   Internet standards in which case the procedures for copyrights          
-   defined in the Internet Standards process must be followed, or          
-   as required to translate it into languages other than English. 
-    
-   The limited permissions granted above are perpetual and will          
-   not be revoked by the Internet Society or its successors or          
-   assigns. 
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                  Category - Informational                     10 
-
diff --git a/crypto/heimdal/doc/standardisation/draft-foo b/crypto/heimdal/doc/standardisation/draft-foo
deleted file mode 100644
index 8174d4678f8d..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-foo
+++ /dev/null
@@ -1,171 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                   Assar Westerlund
-<draft-ietf-cat-krb5-ipv6.txt>                                      SICS
-Internet-Draft                                             October, 1997
-Expire in six months
-
-                           Kerberos over IPv6
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet- Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   To view the entire list of current Internet-Drafts, please check the
-   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
-   Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
-   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-   ftp.isi.edu (US West Coast).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   <cat-ietf@mit.edu> mailing list.
-
-Abstract
-
-   This document specifies the address types and transport types
-   necessary for using Kerberos [RFC1510] over IPv6 [RFC1883].
-
-Specification
-
-   IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB
-   order.  The type of IPv6 addresses is twenty-four (24).
-
-   The following addresses (see [RFC1884]) MUST not appear in any
-   Kerberos packet:
-
-   the Unspecified Address
-   the Loopback Address
-   Link-Local addresses
-
-   IPv4-mapped IPv6 addresses MUST be represented as addresses of type
-   2.
-
-
-
-
-Westerlund                                                      [Page 1]
-
-Internet Draft             Kerberos over IPv6              October, 1997
-
-
-   Communication with the KDC over IPv6 MUST be done as in section 8.2.1
-   of [RFC1510].
-
-Discussion
-
-   [RFC1510] suggests using the address family constants in
-   <sys/socket.h> from BSD.  This cannot be done for IPv6 as these
-   numbers have diverged and are different on different BSD-derived
-   systems.  [RFC2133] does not either specify a value for AF_INET6.
-   Thus a value has to be decided and the implementations have to
-   convert between the value used in Kerberos HostAddress and the local
-   AF_INET6.
-
-   There are a few different address types in IPv6, see [RFC1884].  Some
-   of these are used for quite special purposes and it makes no sense to
-   include them in Kerberos packets.
-
-   It is necessary to represent IPv4-mapped addresses as Internet
-   addresses (type 2) to be compatible with Kerberos implementations
-   that only support IPv4.
-
-Security considerations
-
-   This memo does not introduce any known security considerations in
-   addition to those mentioned in [RFC1510].
-
-References
-
-   [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-   Authentication Service (V5)", RFC 1510, September 1993.
-
-   [RFC1883] Deering, S., Hinden, R., "Internet Protocol, Version 6
-   (IPv6) Specification", RFC 1883, December 1995.
-
-   [RFC1884] Hinden, R., Deering, S., "IP Version 6 Addressing
-   Architecture", RFC 1884, December 1995.
-
-   [RFC2133] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic
-   Socket Interface Extensions for IPv6", RFC2133, April 1997.
-
-Author's Address
-
-   Assar Westerlund
-   Swedish Institute of Computer Science
-   Box 1263
-   S-164 29  KISTA
-   Sweden
-
-
-
-
-Westerlund                                                      [Page 2]
-
-Internet Draft             Kerberos over IPv6              October, 1997
-
-
-   Phone: +46-8-7521526
-   Fax:   +46-8-7517230
-   EMail: assar@sics.se
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Westerlund                                                      [Page 3]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-foo.ms b/crypto/heimdal/doc/standardisation/draft-foo.ms
deleted file mode 100644
index 62b109afa52c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-foo.ms
+++ /dev/null
@@ -1,136 +0,0 @@
-.pl 10.0i
-.po 0
-.ll 7.2i
-.lt 7.2i
-.nr LL 7.2i
-.nr LT 7.2i
-.ds LF Westerlund
-.ds RF [Page %]
-.ds CF
-.ds LH Internet Draft
-.ds RH October, 1997
-.ds CH Kerberos over IPv6
-.hy 0
-.ad l
-.in 0
-.ta \n(.luR
-Network Working Group	Assar Westerlund
-<draft-ietf-cat-krb5-ipv6.txt>	SICS
-Internet-Draft	October, 1997
-Expire in six months
-
-.ce
-Kerberos over IPv6
-
-.ti 0
-Status of this Memo
-
-.in 3
-This document is an Internet-Draft.  Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its
-areas, and its working groups.  Note that other groups may also
-distribute working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other
-documents at any time.  It is inappropriate to use Internet-
-Drafts as reference material or to cite them other than as
-"work in progress."
-
-To view the entire list of current Internet-Drafts, please check
-the "1id-abstracts.txt" listing contained in the Internet-Drafts
-Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net
-(Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East
-Coast), or ftp.isi.edu (US West Coast).
-
-Distribution of this memo is unlimited.  Please send comments to the
-<cat-ietf@mit.edu> mailing list.
-
-.ti 0
-Abstract
-
-.in 3
-This document specifies the address types and transport types
-necessary for using Kerberos [RFC1510] over IPv6 [RFC1883].
-
-.ti 0
-Specification
-
-.in 3
-IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB
-order.  The type of IPv6 addresses is twenty-four (24).
-
-The following addresses (see [RFC1884]) MUST not appear in any
-Kerberos packet:
-
-the Unspecified Address
-.br
-the Loopback Address
-.br
-Link-Local addresses
-
-IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
-
-Communication with the KDC over IPv6 MUST be done as in section
-8.2.1 of [RFC1510].
-
-.ti 0
-Discussion
-
-.in 3
-[RFC1510] suggests using the address family constants in
-<sys/socket.h> from BSD.  This cannot be done for IPv6 as these
-numbers have diverged and are different on different BSD-derived
-systems.  [RFC2133] does not either specify a value for AF_INET6.
-Thus a value has to be decided and the implementations have to convert
-between the value used in Kerberos HostAddress and the local AF_INET6.
-
-There are a few different address types in IPv6, see [RFC1884].  Some
-of these are used for quite special purposes and it makes no sense to
-include them in Kerberos packets.
-
-It is necessary to represent IPv4-mapped addresses as Internet
-addresses (type 2) to be compatible with Kerberos implementations that
-only support IPv4.
-
-.ti 0
-Security considerations
-
-.in 3
-This memo does not introduce any known security considerations in
-addition to those mentioned in [RFC1510].
-
-.ti 0
-References
-
-.in 3
-[RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-Authentication Service (V5)", RFC 1510, September 1993.
-
-[RFC1883] Deering, S., Hinden, R., "Internet Protocol, Version 6
-(IPv6) Specification", RFC 1883, December 1995.
-
-[RFC1884] Hinden, R., Deering, S., "IP Version 6 Addressing
-Architecture", RFC 1884, December 1995.
-
-[RFC2133] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic
-Socket Interface Extensions for IPv6", RFC2133, April 1997.
-
-.ti 0
-Author's Address
-
-Assar Westerlund
-.br
-Swedish Institute of Computer Science
-.br
-Box 1263
-.br
-S-164 29  KISTA
-.br
-Sweden
-
-Phone: +46-8-7521526
-.br
-Fax:   +46-8-7517230
-.br
-EMail: assar@sics.se
diff --git a/crypto/heimdal/doc/standardisation/draft-foo2 b/crypto/heimdal/doc/standardisation/draft-foo2
deleted file mode 100644
index 0fa695f640f8..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-foo2
+++ /dev/null
@@ -1,171 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                   Assar Westerlund
-<draft-ietf-cat-krb5-tcp.txt>                                       SICS
-Internet-Draft                                          Johan Danielsson
-November, 1997                                                  PDC, KTH
-Expire in six months
-
-                           Kerberos over TCP
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet- Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   To view the entire list of current Internet-Drafts, please check the
-   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
-   Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
-   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-   ftp.isi.edu (US West Coast).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   <cat-ietf@mit.edu> mailing list.
-
-Abstract
-
-   This document specifies how the communication should be done between
-   a client and a KDC using Kerberos [RFC1510] with TCP as the transport
-   protocol.
-
-Specification
-
-   This draft specifies an extension to section 8.2.1 of RFC1510.
-
-   A Kerberos server MAY accept requests on TCP port 88 (decimal).
-
-   The data sent from the client to the KDC should consist of 4 bytes
-   containing the length, in network byte order, of the Kerberos
-   request, followed by the request (AS-REQ or TGS-REQ) itself.  The
-   reply from the KDC should consist of the length of the reply packet
-   (4 bytes, network byte order) followed by the packet itself (AS-REP,
-   TGS-REP, or KRB-ERROR).
-
-
-
-
-Westerlund, Danielsson                                          [Page 1]
-
-Internet Draft             Kerberos over TCP              November, 1997
-
-
-   C->S: Open connection to TCP port 88 at the server
-   C->S: length of request
-   C->S: AS-REQ or TGS-REQ
-   S->C: length of reply
-   S->C: AS-REP, TGS-REP, or KRB-ERROR
-
-Discussion
-
-   Even though the preferred way of sending kerberos packets is over UDP
-   there are several occasions when it's more practical to use TCP.
-
-   Mainly, it's usually much less cumbersome to get TCP through
-   firewalls than UDP.
-
-   In theory, there's no reason for having explicit length fields, that
-   information is already encoded in the ASN1 encoding of the Kerberos
-   packets.  But having explicit lengths makes it unnecessary to have to
-   decode the ASN.1 encoding just to know how much data has to be read.
-
-   Another way of signaling the end of the request of the reply would be
-   to do a half-close after the request and a full-close after the
-   reply.  This does not work well with all kinds of firewalls.
-
-Security considerations
-
-   This memo does not introduce any known security considerations in
-   addition to those mentioned in [RFC1510].
-
-References
-
-   [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-   Authentication Service (V5)", RFC 1510, September 1993.
-
-Authors' Addresses
-
-   Assar Westerlund
-   Swedish Institute of Computer Science
-   Box 1263
-   S-164 29  KISTA
-   Sweden
-
-   Phone: +46-8-7521526
-   Fax:   +46-8-7517230
-   EMail: assar@sics.se
-
-   Johan Danielsson
-   PDC, KTH
-   S-100 44  STOCKHOLM
-
-
-
-Westerlund, Danielsson                                          [Page 2]
-
-Internet Draft             Kerberos over TCP              November, 1997
-
-
-   Sweden
-
-   Phone: +46-8-7907885
-   Fax:   +46-8-247784
-   EMail: joda@pdc.kth.se
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Westerlund, Danielsson                                          [Page 3]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-foo2.ms b/crypto/heimdal/doc/standardisation/draft-foo2.ms
deleted file mode 100644
index 7e0fa0a6281b..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-foo2.ms
+++ /dev/null
@@ -1,145 +0,0 @@
-.pl 10.0i
-.po 0
-.ll 7.2i
-.lt 7.2i
-.nr LL 7.2i
-.nr LT 7.2i
-.ds LF Westerlund, Danielsson
-.ds RF [Page %]
-.ds CF
-.ds LH Internet Draft
-.ds RH November, 1997
-.ds CH Kerberos over TCP
-.hy 0
-.ad l
-.in 0
-.ta \n(.luR
-.nf
-Network Working Group	Assar Westerlund
-<draft-ietf-cat-krb5-tcp.txt>	SICS
-Internet-Draft	Johan Danielsson
-November, 1997	PDC, KTH
-Expire in six months
-.fi
-
-.ce
-Kerberos over TCP
-
-.ti 0
-Status of this Memo
-
-.in 3
-This document is an Internet-Draft.  Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its
-areas, and its working groups.  Note that other groups may also
-distribute working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other
-documents at any time.  It is inappropriate to use Internet-
-Drafts as reference material or to cite them other than as
-"work in progress."
-
-To view the entire list of current Internet-Drafts, please check
-the "1id-abstracts.txt" listing contained in the Internet-Drafts
-Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net
-(Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East
-Coast), or ftp.isi.edu (US West Coast).
-
-Distribution of this memo is unlimited.  Please send comments to the
-<cat-ietf@mit.edu> mailing list.
-
-.ti 0
-Abstract
-
-.in 3
-This document specifies how the communication should be done between a
-client and a KDC using Kerberos [RFC1510] with TCP as the transport
-protocol.
-
-.ti 0
-Specification
-
-This draft specifies an extension to section 8.2.1 of RFC1510. 
-
-A Kerberos server MAY accept requests on TCP port 88 (decimal).
-
-The data sent from the client to the KDC should consist of 4 bytes
-containing the length, in network byte order, of the Kerberos request,
-followed by the request (AS-REQ or TGS-REQ) itself.  The reply from
-the KDC should consist of the length of the reply packet (4 bytes,
-network byte order) followed by the packet itself (AS-REP, TGS-REP, or
-KRB-ERROR).
-
-.nf
-C->S: Open connection to TCP port 88 at the server
-C->S: length of request
-C->S: AS-REQ or TGS-REQ
-S->C: length of reply
-S->C: AS-REP, TGS-REP, or KRB-ERROR
-.fi
-
-.ti 0
-Discussion
-
-Even though the preferred way of sending kerberos packets is over UDP
-there are several occasions when it's more practical to use TCP.
-
-Mainly, it's usually much less cumbersome to get TCP through firewalls
-than UDP.
-
-In theory, there's no reason for having explicit length fields, that
-information is already encoded in the ASN1 encoding of the Kerberos
-packets.  But having explicit lengths makes it unnecessary to have to
-decode the ASN.1 encoding just to know how much data has to be read.
-
-Another way of signaling the end of the request of the reply would be
-to do a half-close after the request and a full-close after the reply.
-This does not work well with all kinds of firewalls.
-
-.ti 0
-Security considerations
-
-.in 3
-This memo does not introduce any known security considerations in
-addition to those mentioned in [RFC1510].
-
-.ti 0
-References
-
-.in 3
-[RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-Authentication Service (V5)", RFC 1510, September 1993.
-
-.ti 0
-Authors' Addresses
-
-Assar Westerlund
-.br
-Swedish Institute of Computer Science
-.br
-Box 1263
-.br
-S-164 29  KISTA
-.br
-Sweden
-
-Phone: +46-8-7521526
-.br
-Fax:   +46-8-7517230
-.br
-EMail: assar@sics.se
-
-Johan Danielsson
-.br
-PDC, KTH
-.br
-S-100 44  STOCKHOLM
-.br
-Sweden
-
-Phone: +46-8-7907885
-.br
-Fax:   +46-8-247784
-.br
-EMail: joda@pdc.kth.se
diff --git a/crypto/heimdal/doc/standardisation/draft-foo3 b/crypto/heimdal/doc/standardisation/draft-foo3
deleted file mode 100644
index 2b8b7bb5775c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-foo3
+++ /dev/null
@@ -1,227 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                   Assar Westerlund
-<draft-ietf-cat-krb5-firewalls.txt>                                 SICS
-Internet-Draft                                          Johan Danielsson
-November, 1997                                                  PDC, KTH
-Expire in six months
-
-                         Kerberos vs firewalls
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet- Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   To view the entire list of current Internet-Drafts, please check the
-   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
-   Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
-   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-   ftp.isi.edu (US West Coast).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   <cat-ietf@mit.edu> mailing list.
-
-Abstract
-
-Introduction
-
-   Kerberos[RFC1510] is a protocol for authenticating parties
-   communicating over insecure networks.
-
-   Firewalling is a technique for achieving an illusion of security by
-   putting restrictions on what kinds of packets and how these are sent
-   between the internal (so called "secure") network and the global (or
-   "insecure") Internet.
-
-Definitions
-
-   client: the user, process, and host acquiring tickets from the KDC
-   and authenticating itself to the kerberised server.
-
-   KDC: the Kerberos Key Distribution Center
-
-
-
-
-Westerlund, Danielsson                                          [Page 1]
-
-Internet Draft           Kerberos vs firewalls            November, 1997
-
-
-   Kerberised server: the server using Kerberos to authenticate the
-   client, for example telnetd.
-
-Firewalls
-
-   A firewall is usually placed between the "inside" and the "outside"
-   networks, and is supposed to protect the inside from the evils on the
-   outside.  There are different kinds of firewalls.  The main
-   differences are in the way they forward packets.
-
-   o+  The most straight forward type is the one that just imposes
-      restrictions on incoming packets. Such a firewall could be
-      described as a router that filters packets that match some
-      criteria.
-
-   o+  They may also "hide" some or all addresses on the inside of the
-      firewall, replacing the addresses in the outgoing packets with the
-      address of the firewall (aka network address translation, or NAT).
-      NAT can also be used without any packet filtering, for instance
-      when you have more than one host sharing a single address (for
-      example, with a dialed-in PPP connection).
-
-   There are also firewalls that does NAT both on the inside and the
-   outside (a server on the inside will see this as a connection from
-   the firewall).
-
-   o+  A third type is the proxy type firewall, that parses the contents
-      of the packets, basically acting as a server to the client, and as
-      a client to the server (man-in-the-middle). If Kerberos is to be
-      used with this kind of firewall, a protocol module that handles
-      KDC requests has to be written.
-
-   This type of firewall might also cause extra trouble when used with
-   kerberised versions of protocols that the proxy understands, in
-   addition to the ones mentioned below. This is the case with the FTP
-   Security Extensions [RFC2228], that adds a new set of commands to the
-   FTP protocol [RFC959], for integrity, confidentiality, and privacy
-   protecting commands. When transferring data, the FTP protocol uses a
-   separate data channel, and an FTP proxy will have to look out for
-   commands that start a data transfer. If all commands are encrypted,
-   this is impossible. A protocol that doesn't suffer from this is the
-   Telnet Authentication Option [RFC1416] that does all authentication
-   and encryption in-bound.
-
-Scenarios
-
-   Here the different scenarios we have considered are described, the
-   problems they introduce and the proposed ways of solving them.
-
-
-
-Westerlund, Danielsson                                          [Page 2]
-
-Internet Draft           Kerberos vs firewalls            November, 1997
-
-
-   Combinations of these can also occur.
-
- Client behind firewall
-
-   This is the most typical and common scenario.  First of all the
-   client needs some way of communicating with the KDC.  This can be
-   done with whatever means and is usually much simpler when the KDC is
-   able to communicate over TCP.
-
-   Apart from that, the client needs to be sure that the ticket it will
-   acquire from the KDC can be used to authenticate to a server outside
-   its firewall.  For this, it needs to add the address(es) of potential
-   firewalls between itself and the KDC/server, to the list of its own
-   addresses when requesting the ticket.  We are not aware of any
-   protocol for determining this set of addresses, thus this will have
-   to be manually configured in the client.
-
-   The client could also request a ticket with no addresses, but some
-   KDCs and servers might not accept such a ticket.
-
-   With the ticket in possession, communication with the kerberised
-   server will not need to be any different from communicating between a
-   non-kerberised client and server.
-
- Kerberised server behind firewall
-
-   The kerberised server does not talk to the KDC at all so nothing
-   beyond normal firewall-traversal techniques for reaching the server
-   itself needs to be applied.
-
-   The kerberised server needs to be able to retrieve the original
-   address (before its firewall) that the request was sent for.  If this
-   is done via some out-of-band mechanism or it's directly able to see
-   it doesn't matter.
-
- KDC behind firewall
-
-   The same restrictions applies for a KDC as for any other server.
-
-Specification
-
-Security considerations
-
-   This memo does not introduce any known security considerations in
-   addition to those mentioned in [RFC1510].
-
-References
-
-
-
-
-Westerlund, Danielsson                                          [Page 3]
-
-Internet Draft           Kerberos vs firewalls            November, 1997
-
-
-   [RFC959] Postel, J. and Reynolds, J., "File Transfer Protocol (FTP)",
-   RFC 969, October 1985
-
-   [RFC1416] Borman, D., "Telnet Authentication Option", RFC 1416,
-   February 1993.
-
-   [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-   Authentication Service (V5)", RFC 1510, September 1993.
-
-   [RFC2228] Horowitz, M. and Lunt, S., "FTP Security Extensions",
-   RFC2228, October 1997.
-
-Authors' Addresses
-
-   Assar Westerlund
-   Swedish Institute of Computer Science
-   Box 1263
-   S-164 29  KISTA
-   Sweden
-
-   Phone: +46-8-7521526
-   Fax:   +46-8-7517230
-   EMail: assar@sics.se
-
-   Johan Danielsson
-   PDC, KTH
-   S-100 44  STOCKHOLM
-   Sweden
-
-   Phone: +46-8-7907885
-   Fax:   +46-8-247784
-   EMail: joda@pdc.kth.se
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Westerlund, Danielsson                                          [Page 4]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-foo3.ms b/crypto/heimdal/doc/standardisation/draft-foo3.ms
deleted file mode 100644
index c024ca355cd4..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-foo3.ms
+++ /dev/null
@@ -1,260 +0,0 @@
-.\" even if this file is called .ms, it's using the me macros.
-.\" to format try something like `nroff -me'
-.\" level 2 heading
-.de HH
-.$p "\\$2" "" "\\$1"
-.$0 "\\$2"
-..
-.\" make sure footnotes produce the right thing with nroff
-.ie t \
-\{\
-.ds { \v'-0.4m'\x'\\n(0x=0*-0.2m'\s-3
-.ds } \s0\v'0.4m'
-.\}
-.el \
-\{\
-.ds { [
-.ds } ]
-.\}
-.ds * \\*{\\n($f\\*}\k*
-.\" page footer
-.fo 'Westerlund, Danielsson''[Page %]'
-.\" date
-.ds RH \*(mo, 19\n(yr
-.\" left margin
-.nr lm 6
-.\" heading indent per level
-.nr si 3n
-.\" footnote indent
-.nr fi 0
-.\" paragraph indent
-.nr po 0
-.\" don't hyphenate
-.hy 0
-.\" left adjustment
-.ad l
-.\" indent 0
-.in 0
-.\" line length 16cm and page length 25cm (~10 inches)
-.ll 16c
-.pl 25c
-.ta \n(.luR
-.nf
-Network Working Group	Assar Westerlund
-<draft-ietf-cat-krb5-firewalls.txt>	SICS
-Internet-Draft	Johan Danielsson
-\*(RH	PDC, KTH
-Expire in six months	
-.fi
-
-.\" page header, has to be set here so it won't appear on page 1
-.he 'Internet Draft'Kerberos vs firewalls'\*(RH'
-.ce
-.b "Kerberos vs firewalls"
-
-.HH 1 "Status of this Memo"
-.lp
-This document is an Internet-Draft.  Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its areas,
-and its working groups.  Note that other groups may also distribute
-working documents as Internet-Drafts.
-.lp
-Internet-Drafts are draft documents valid for a maximum of six months
-and may be updated, replaced, or obsoleted by other documents at any
-time.  It is inappropriate to use Internet- Drafts as reference
-material or to cite them other than as \*(lqwork in progress.\*(rq
-.lp
-To view the entire list of current Internet-Drafts, please check the
-\*(lq1id-abstracts.txt\*(rq listing contained in the Internet-Drafts
-Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
-munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-ftp.isi.edu (US West Coast).
-.lp
-Distribution of this memo is unlimited.  Please send comments to the
-<cat-ietf@mit.edu> mailing list.
-.HH 1 "Abstract"
-.lp
-Kerberos and firewalls both deal with security, but doesn't get along
-very well. This memo discusses ways to use Kerberos in a firewalled
-environment.
-.HH 1 "Introduction"
-.lp
-Kerberos[RFC1510]
-.(d
-[RFC1510]
-Kohl, J. and Neuman, C., \*(lqThe Kerberos Network Authentication
-Service (V5)\*(rq, RFC 1510, September 1993.
-.)d
-is a protocol for authenticating parties communicating over insecure
-networks.  Firewalling is a technique for achieving an illusion of
-security by putting restrictions on what kinds of packets and how
-these are sent between the internal (so called \*(lqsecure\*(rq)
-network and the global (or \*(lqinsecure\*(rq) Internet.  The problems
-with firewalls are many, but to name a few:
-.np
-Firewalls usually doesn't allow people to use UDP. The reason for this
-is that UDP is (by firewall advocates) considered insecure. This
-belief is probably based on the fact that many \*(lqinsecure\*(rq
-protocols (like NFS) use UDP. UDP packets are also considered easy to
-fake.
-.np
-Firewalls usually doesn't allow people to connect to arbitrary ports,
-such as the ports used when talking to the KDC.
-.np
-In many non-computer organisations, the computer staff isn't what
-you'd call \*(lqwizards\*(rq; a typical case is an academic
-institution, where someone is taking care of the computers part time,
-and is doing research the rest of the time. Adding a complex device
-like a firewall to an environment like this, often leads to poorly run
-systems that is more a hindrance for the legitimate users than to
-possible crackers.
-.lp
-The easiest way to deal with firewalls is to ignore them, however in
-some cases this just isn't possible. You might have users that are
-stuck behind a firewall, but also has to access your system, or you
-might find yourself behind a firewall, for instance when out
-travelling.
-.lp
-To make it possible for people to use Kerberos from behind a firewall,
-there are several things to consider.
-.(q
-.i
-Add things to do when stuck behind a firewall, like talking about the
-problem with local staff, making them open some port in the firewall,
-using some other port, or proxy.
-.r
-.)q
-.HH 1 "Firewalls"
-.lp
-A firewall is usually placed between the \*(lqinside\*(rq and the
-\*(lqoutside\*(rq networks, and is supposed to protect the inside from the
-evils on the outside.  There are different kinds of firewalls.  The
-main differences are in the way they forward (or doesn't) packets.
-.ip \(bu
-The most straight forward type is the one that just imposes
-restrictions on incoming packets. Such a firewall could be described
-as a router that filters packets that match some criteria.
-.ip \(bu
-They may also \*(lqhide\*(rq some or all addresses on the inside of the
-firewall, replacing the addresses in the outgoing packets with the
-address of the firewall (aka network address translation, or NAT). NAT
-can also be used without any packet filtering, for instance when you
-have more than one host sharing a single address (e.g with a dialed-in
-PPP connection).
-.ip
-There are also firewalls that does NAT both on the inside and the
-outside (a server on the inside will see this as a connection from the
-firewall).
-.ip \(bu
-A third type is the proxy type firewall, that parses the contents of
-the packets, basically acting as a server to the client, and as a
-client to the server (man-in-the-middle). If Kerberos is to be used
-with this kind of firewall, a protocol module that handles KDC
-requests has to be written\**.
-.(f
-\**Instead of writing a new module for Kerberos, it can be possible to
-hitch a ride on some other protocol, that's already beeing handled by
-the proxy.
-.)f
-.lp
-The last type of firewall might also cause extra trouble when used
-with kerberised versions of protocols that the proxy understands, in
-addition to the ones mentioned below. This is the case with the FTP
-Security Extensions [RFC2228],
-.(d
-[RFC2228]
-Horowitz, M. and Lunt, S., \*(lqFTP Security Extensions\*(rq, RFC2228,
-October 1997.
-.)d
-that adds a new set of commands to the FTP protocol [RFC959],
-.(d
-[RFC959] Postel, J. and Reynolds, J., \*(lqFile Transfer Protocol
-(FTP)\*(rq, RFC 969, October 1985
-.)d
-for integrity, confidentiality, and privacy protecting commands, and
-data. When transferring data, the FTP protocol uses a separate data
-channel, and an FTP proxy will have to look out for commands that
-start a data transfer. If all commands are encrypted, this is
-impossible. A protocol that doesn't suffer from this is the Telnet
-Authentication Option [RFC1416]
-.(d
-[RFC1416]
-Borman, D., \*(lqTelnet Authentication Option\*(rq, RFC 1416, February
-1993.
-.)d
-that does all
-authentication and encryption in-bound.
-.HH 1 "Scenarios"
-.lp
-Here the different scenarios we have considered are described, the
-problems they introduce and the proposed ways of solving them.
-Combinations of these can also occur.
-.HH 2 "Client behind firewall"
-.lp
-This is the most typical and common scenario.  First of all the client
-needs some way of communicating with the KDC.  This can be done with
-whatever means and is usually much simpler when the KDC is able to
-communicate over TCP.
-.lp
-Apart from that, the client needs to be sure that the ticket it will
-acquire from the KDC can be used to authenticate to a server outside
-its firewall.  For this, it needs to add the address(es) of potential
-firewalls between itself and the KDC/server, to the list of its own
-addresses when requesting the ticket.  We are not aware of any
-protocol for determining this set of addresses, thus this will have to
-be manually configured in the client.
-.lp
-The client could also request a ticket with no addresses. This is not
-a recommended way to solve this problem. The address was put into the
-ticket to make it harder to use a stolen ticket.  A ticket without
-addresses will therefore be less \*(lqsecure.\*(rq RFC1510 also says that
-the KDC may refuse to issue, and the server may refuse to accept an
-address-less ticket.
-.lp
-With the ticket in possession, communication with the kerberised
-server will not need to be any different from communicating between a
-non-kerberised client and server.
-.HH 2 "Kerberised server behind firewall"
-.lp
-The kerberised server does not talk to the KDC at all, so nothing
-beyond normal firewall-traversal techniques for reaching the server
-itself needs to be applied.
-.lp
-If the firewall rewrites the clients address, the server will have to
-use some other (possibly firewall specific) protocol to retrieve the
-original address. If this is not possible, the address field will have
-to be ignored. This has the same effect as if there were no addresses
-in the ticket (see the discussion above).
-.HH 2 "KDC behind firewall"
-.lp
-The KDC is in this respect basically just like any other server.
-.\" .uh "Specification"
-.HH 1 "Security considerations"
-.lp
-Since the whole network behind a NAT-type firewall looks like one
-computer from the outside, any security added by the addresses in the
-ticket will be lost.
-.HH 1 "References"
-.lp
-.pd
-.HH 1 "Authors' Addresses"
-.lp
-.nf
-Assar Westerlund
-Swedish Institute of Computer Science
-Box 1263
-S-164 29 KISTA
-.sp
-Phone: +46-8-7521526
-Fax: +46-8-7517230
-EMail: assar@sics.se
-.sp 2
-Johan Danielsson
-Center for Parallel Computers
-KTH
-S-100 44 STOCKHOLM
-.sp
-Phone: +46-8-7906356
-Fax: +46-8-247784
-EMail: joda@pdc.kth.se
-.fi
-\ No newline at end of file
diff --git a/crypto/heimdal/doc/standardisation/draft-hornstein-dhc-kerbauth-02.txt b/crypto/heimdal/doc/standardisation/draft-hornstein-dhc-kerbauth-02.txt
deleted file mode 100644
index 89e64524c475..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-hornstein-dhc-kerbauth-02.txt
+++ /dev/null
@@ -1,1594 +0,0 @@
-
-DHC Working Group                                          Ken Hornstein
-INTERNET-DRAFT                                                       NRL
-Category: Standards Track                                      Ted Lemon
-<draft-hornstein-dhc-kerbauth-02.txt>             Internet Engines, Inc.
-20 February 2000                                           Bernard Aboba
-Expires: September 1, 2000                                     Microsoft
-                                                        Jonathan Trostle
-                                                           Cisco Systems
-
-                   DHCP Authentication Via Kerberos V
-
-This document is an Internet-Draft and is in full conformance with all
-provisions of Section 10 of RFC2026.
-
-Internet-Drafts are working documents of the Internet Engineering Task
-Force (IETF), its areas, and its working groups.  Note that other groups
-may also distribute working documents as Internet- Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six months
-and may be updated, replaced, or obsoleted by other documents at any
-time.  It is inappropriate to use Internet-Drafts as reference material
-or to cite them other than as "work in progress."
-
-The list of current Internet-Drafts can be accessed at
-http://www.ietf.org/ietf/1id-abstracts.txt
-
-The list of Internet-Draft Shadow Directories can be accessed at
-http://www.ietf.org/shadow.html.
-
-The distribution of this memo is unlimited.
-
-1.  Copyright Notice
-
-Copyright (C) The Internet Society (2000).  All Rights Reserved.
-
-2.  Abstract
-
-The Dynamic Host Configuration Protocol (DHCP) provides a mechanism for
-host configuration. In some circumstances, it is useful for the DHCP
-client and server to be able to mutually authenticate as well as to
-guarantee the integrity of DHCP packets in transit.  This document
-describes how Kerberos V may be used in order to allow a DHCP client and
-server to mutually authenticate as well as to protect the integrity of
-the DHCP exchange. The protocol described in this document is capable of
-handling both intra-realm and inter-realm authentication.
-
-
-
-
-
-
-Hornstein, et al.            Standards Track                    [Page 1]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-3.  Introduction
-
-The Dynamic Host Configuration Protocol (DHCP) provides a mechanism for
-host configuration. In some circumstances, it is useful for the DHCP
-client and server to be able to mutually authenticate as well as to
-guarantee the integrity of DHCP packets in transit.  This document
-describes how Kerberos V may be used in order to allow a DHCP client and
-server to mutually authenticate as well as to protect the integrity of
-the DHCP exchange.  The protocol described in this document is capable
-of handling both intra-realm and inter-realm authentication.
-
-3.1.  Terminology
-
-This document uses the following terms:
-
-DHCP client
-          A DHCP client or "client" is an Internet host using DHCP to
-          obtain configuration parameters such as a network address.
-
-DHCP server
-          A DHCP server or "server" is an Internet host that returns
-          configuration parameters to DHCP clients.
-
-Home KDC  The KDC corresponding to the DHCP client's realm.
-
-Local KDC The KDC corresponding to the DHCP server's realm.
-
-3.2.  Requirements language
-
-In this document, the key words "MAY", "MUST,  "MUST  NOT",  "optional",
-"recommended",  "SHOULD",  and  "SHOULD  NOT",  are to be interpreted as
-described in [1].
-
-4.  Protocol overview
-
-In DHCP authentication via Kerberos V, DHCP clients and servers utilize
-a Kerberos session key in order to compute a message integrity check
-value included within the DHCP authentication option. The message
-integrity check serves to authenticate as well as integrity protect the
-messages, while remaining compatible with the operation of a DHCP relay.
-Replay protection is also provided by a replay counter within the
-authentication option, as described in [3].
-
-Each server maintains a list of session keys and identifiers for
-clients, so that the server can retrieve the session key and identifier
-used by a client to which the server has provided previous configuration
-information.  Each server MUST save the replay counter from the previous
-authenticated message. To avoid replay attacks, the server MUST discard
-
-
-
-Hornstein, et al.            Standards Track                    [Page 2]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-any incoming message whose replay counter is not strictly greater than
-the replay counter from the previous message.
-
-DHCP authentication, described in [3], must work within the existing
-DHCP state machine described in [4].  For a client in INIT state, this
-means that the client must obtain a valid TGT, as well as a session key,
-within the two round-trips provided by the
-DHCPDISCOVER/OFFER/REQUEST/ACK sequence.
-
-In INIT state, the DHCP client submits an incomplete AS_REQ to the DHCP
-server within the DHCPDISCOVER message.  The DHCP server then completes
-the AS_REQ using the IP address to be assigned to the client, and
-submits this to the client's home KDC in order to obtain a TGT on the
-client's behalf. Once the home KDC responds with an AS_REP, the DHCP
-server extracts the client TGT and submits this along with its own TGT
-to the home KDC, in order to obtain a user-to-user ticket to the DHCP
-client. The AS_REP as well as the AP_REQ are included by the DHCP server
-in the DHCPOFFER. The DHCP client can then decrypt the AS_REP to obtain
-a home realm TGT and TGT session key, using the latter to decrypt the
-user-to-user ticket to obtain the user-to-user session key. It is the
-user-to-user session key that is used to authenticate and integrity
-protect the client's DHCPREQUEST, and DHCPDECLINE messages. Similarly,
-this same session key is used to compute the integrity attribute in the
-server's DHCPOFFER, DHCPACK and DHCPNAK messages, as described in [3].
-
-In the INIT-REBOOT, REBINDING, or RENEWING states, the server can submit
-the home realm TGT in the DHCPREQUEST, along with authenticating and
-integrity protecting the message using an integrity attribute within the
-authentication option. The integrity attribute is computed using the
-existing session key.  The DHCP server can then return a renewed user-
-to-user ticket within the DHCPACK message. The authenticated DHCPREQUEST
-message from a client in INIT-REBOOT state can only be validated by
-servers that used the same session key to compute the integrity
-attribute in their DHCPOFFER messages.
-
-Other servers will discard the DHCPREQUEST messages. Thus, only servers
-that used the user-to-user session key selected by the client will be
-able to determine that their offered configuration information was not
-selected, returning the offered network address to the server's pool of
-available addresses.  The servers that cannot validate the DHCPREQUEST
-message will eventually return their offered network addresses to their
-pool of available addresses as described in section 3.1 of the DHCP
-specification [4].
-
-When sending a DHCPINFORM, there are two possible procedures.  If the
-client knows the DHCP server it will be interacting with, then it can
-obtain a ticket to the DHCP server from the local realm KDC. This will
-require obtaining a TGT to its home realm, as well as possibly a cross-
-
-
-
-Hornstein, et al.            Standards Track                    [Page 3]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-realm TGT to the local realm if the local and home realms differ. Once
-the DHCP client has a local realm TGT, it can then request a DHCP server
-ticket in a TGS_REQ. The DHCP client can then include AP_REQ and
-integrity attributes within the DHCPINFORM. The integrity attribute is
-computed as described in [3], using the session key obtained from the
-TGS_REP. The DHCP server replies with a DHCPACK/DHCPNAK, authenticated
-using the same session key.
-
-If the DHCP client does not know the DHCP server it is interacting with
-then it will not be able to obtain a ticket to it and a different
-procedure is needed.  In this case, the client will include in the
-DHCPINFORM an authentication option with a ticket attribute containing
-its home realm TGT. The DHCP server will then use this TGT in order to
-request a user-to-user ticket from the home KDC in a TGS_REQ.  The DHCP
-server will return the user-to-user ticket and will authenticate and
-integrity protect the DHCPACK/DHCPNAK message. This is accomplished by
-including AP_REQ and integrity attributes within the authentication
-option included with the DHCPACK/DHCPNAK messages.
-
-In order to support the DHCP client's ability to authenticate the DHCP
-server in the case where the server name is unknown, the Kerberos
-principal name for the DHCP server must be of type KRB_NT_SRV_HST with
-the service name component equal to 'dhcp'. For example, the DHCP server
-principal name for the host srv.foo.org would be of the form
-dhcp/srv.foo.org.  The client MUST validate that the DHCP server
-principal name has the above format. This convention requires that the
-administrator ensure that non-DHCP server principals do not have names
-that match the above format.
-
-4.1.  Authentication Option Format
-
-A summary of the authentication option  format for DHCP authentication
-via Kerberos V is shown below.  The fields are transmitted from left to
-right.
-
-0                   1                   2                   3
-0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|     Code      |     Length    |   Protocol    | Algorithm     |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|                      Global Replay Counter                    |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|                      Global Replay Counter                    |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-|                           Attributes...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-Code
-
-
-
-Hornstein, et al.            Standards Track                    [Page 4]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-   TBD - DHCP Authentication
-
-Length
-
-   The length field is a single octet and indicates the length of the
-   Protocol, Algorith, and Authentication Information fields.  Octets
-   outside the range of the length field should be ignored on reception.
-
-Protocol
-
-   TBD - DHCP Kerberos V authentication
-
-Algorithm
-
-   The algorithm field is a single octet and defines the specific
-   algorithm to be used for computation of the authentication option.
-   Values for the field are as follows:
-
-   0 - reserved
-   1 - HMAC-MD5
-   2 - HMAC-SHA
-   3 - 255 reserved
-
-Global Replay Counter
-
-   As described in [3], the global replay counter field is 8 octets in
-   length. It MUST be set to the value of a monotonically increasing
-   counter. Using a counter value such as the current time of day (e.g.,
-   an NTP-format timestamp [10]) can reduce the danger of replay
-   attacks.
-
-Attributes
-
-   The attributes field consists of type-length-value attributes of the
-   following format:
-
-   0                   1                   2                   3
-   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |     Type      |  Reserved     |       Payload Length          |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                           Attribute value...
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-Type
-   The type field is a single octet and is defined as follows:
-
-   0  - Integrity check
-
-
-
-Hornstein, et al.            Standards Track                    [Page 5]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-   1  - TICKET
-   2  - Authenticator
-   3  - EncTicketPart
-   10 - AS_REQ
-   11 - AS_REP
-   12 - TGS_REQ
-   13 - TGS_REP
-   14 - AP_REQ
-   15 - AP_REP
-   20 - KRB_SAFE
-   21 - KRB_PRIV
-   22 - KRB_CRED
-   25 - EncASRepPart
-   26 - EncTGSRepPart
-   27 - EncAPRepPart
-   28 - EncKrbPrvPart
-   29 - EncKrbCredPart
-   30 - KRB_ERROR
-
-   Note that the values of the Type field are the same as in the
-   Kerberos MSG-TYPE field. As a result, no new number spaces are
-   created for IANA administration.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Hornstein, et al.            Standards Track                    [Page 6]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-   The following attribute types are allowed within the following
-   messages:
-
-   DISCOVER  OFFER  REQUEST  DECLINE   #    Attribute
-   --------------------------------------------------------
-      0        1       1        1      0    Integrity check
-      0        0      0-1       0      1    Ticket
-      1        0       0        0     10    AS_REQ
-      0        1       0        0     11    AS_REP
-      0        1       0        0     14    AP_REQ
-      0       0-1      0        0     30    KRB_ERROR
-
-   RELEASE   ACK   NAK    INFORM   INFORM      #    Attribute
-                          w/known  w/unknown
-                          server   server
-   ---------------------------------------------------------------
-      1       1     1        1        0        0    Integrity check
-      0       0     0        0        1        1    Ticket
-      0       0     0        0        0       10    AS_REQ
-      0       0     0        0        0       11    AS_REP
-      0      0-1    0        1        0       14    AP_REQ
-      0       0    0-1       0        0       30    KRB_ERROR
-
-4.2.  Client behavior
-
-The following section, which incorporates material from [3], describes
-client behavior in detail.
-
-4.2.1.  INIT state
-
-When in INIT state, the client behaves as follows:
-
-
-[1]  As described in [3], the client MUST include the authentication
-     request option in its DHCPDISCOVER message along with option 61
-     [11] to identify itself uniquely to the server. An AS_REQ attribute
-     MUST be included within the authentication request option. This
-     (incomplete) AS_REQ will set the FORWARDABLE and RENEWABLE flags
-     and MAY include pre-authentication data (PADATA) if the client
-     knows what PADATA its home KDC will require. The ADDRESSES field in
-     the AS_REQ will be ommitted since the client does not yet know its
-     IP address. The ETYPE field will be set to an encryption type that
-     the client can accept.
-
-[2]  The client MUST validate DHCPOFFER messages that include an
-     authentication option. Messages including an authentication option
-     with a KRB_ERROR attribute and no integrity attribute are treated
-     as though they are unauthenticated. More typically, authentication
-
-
-
-Hornstein, et al.            Standards Track                    [Page 7]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-     options within the DHCPOFFER message will include AS_REP, AP_REQ,
-     and integrity attributes. To validate the authentication option,
-     the client decrypts the enc-part of the AS_REP in order to obtain
-     the TGT session key. This is used to decrypt the enc-part of the
-     AP_REQ in order to obtain the user-to-user session key. The user-
-     to-user session key is then used to compute the message integrity
-     check as described in [3], and the computed value is compared to
-     the value within the integrity attribute. The client MUST discard
-     any messages which fail to pass validation and MAY log the
-     validation failure.
-
-     As described in [3], the client selects one DHCPOFFER message as
-     its selected configuration. If none of the DHCPOFFER messages
-     received by the client include an authentication option, the client
-     MAY choose an unauthenticated message as its selected
-     configuration.  DHCPOFFER messages including an authentication
-     option with a KRB_ERROR attribute and no integrity attribute are
-     treated as though they are unauthenticated.  The client SHOULD be
-     configurable to accept or reject unauthenticated DHCPOFFER
-     messages.
-
-[3]  The client replies with a DHCPREQUEST message that MUST include an
-     authentication option. The authentication option MUST include an
-     integrity attribute, computed as described in [3], using the user
-     to user session key recovered in step 2.
-
-[4]  As noted in [3], the client MUST validate a DHCPACK message from
-     the server that includes an authentication option. DHCPACK or
-     DHCPNAK messages including an authentication option with a
-     KRB_ERROR attribute and no integrity attribute are treated as
-     though they are unauthenticated. The client MUST silently discard
-     the DHCPACK if the message fails to pass validation and MAY log the
-     validation failure. If the DHCPACK fails to pass validation, the
-     client MUST revert to the INIT state and return to step 1. The
-     client MAY choose to remember which server replied with an invalid
-     DHCPACK message and discard subsequent messages from that server.
-
-4.2.2.  INIT-REBOOT state
-
-When in INIT-REBOOT state, if the user-to-user ticket is still valid,
-the client MUST re-use the session key from the DHCP server user-to-user
-ticket in its DHCPREQUEST message. This is used to generate the
-integrity attribute contained within the authentication option, as
-described in [3]. In the DHCPREQUEST, the DHCP client also includes its
-home realm TGT in a ticket attribute in the authentication option in
-order to assist the DHCP server in renewing the user-to-user ticket.  To
-ensure that the user-to-user ticket remains valid throughout the DHCP
-lease period so that the renewal process can proceed, the Kerberos
-
-
-
-Hornstein, et al.            Standards Track                    [Page 8]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-ticket lifetime SHOULD be set to exceed the DHCP lease time.  If the
-user-to-user ticket is expired, then the client MUST return to the INIT
-state.
-
-The client MAY choose to accept unauthenticated DHCPACK/DHCPNAK messages
-if no authenticated messages were received. DHCPACK/DHCPNAK messages
-with an authentication option containing a KRB_ERROR attribute and no
-integrity attribute are treated as though they are unauthenticated. The
-client MUST treat the receipt (or lack thereof) of any DHCPACK/DHCPNAK
-messages as specified in section 3.2 of the DHCP specification [4].
-
-4.2.3.  RENEWING state
-
-When in RENEWING state, the DHCP client can be assumed to have a valid
-IP address, as well as a TGT to the home realm, a user-to-user ticket
-provided by the DHCP server, and a session key with the DHCP server, all
-obtained during the original DHCP conversation.  If the user-to-user
-ticket is still valid, the client MUST re-use the session key from the
-user-to-user ticket in its DHCPREQUEST message to generate the integrity
-attribute contained within the authentication option.
-
-Since the DHCP client can renew the TGT to the home realm, it is
-possible for it to continue to hold a valid home realm TGT.  However,
-since the DHCP client did not obtain the user-to-user ticket on its own,
-it will need to rely on the DHCP server to renew this ticket. In the
-DHCPREQUEST, the DHCP client includes its home realm TGT in a ticket
-attribute in the authentication option in order to assist the DHCP
-server in renewing the user-to-user ticket.
-
-If the DHCP server user-to-user ticket is expired, then the client MUST
-return to INIT state.  To ensure that the user-to-user ticket remains
-valid throughout the DHCP lease period so that the renewal process can
-proceed, the Kerberos ticket lifetime SHOULD be set to exceed the DHCP
-lease time.  If client receives no DHCPACK messages or none of the
-DHCPACK messages pass validation, the client behaves as if it had not
-received a DHCPACK message in section 4.4.5 of the DHCP specification
-[4].
-
-4.2.4.  REBINDING state
-
-When in REBINDING state, the DHCP client can be assumed to have a valid
-IP address, as well as a TGT to the home realm, a user-to-user ticket
-and a session key with the DHCP server, all obtained during the original
-DHCP conversation.  If the user-to-user ticket is still valid, the
-client MUST re-use the session key from the user-to-user ticket in its
-DHCPREQUEST message to generate the integrity attribute contained within
-the authentication option, as described in [3].
-
-
-
-
-Hornstein, et al.            Standards Track                    [Page 9]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-Since the DHCP client can renew the TGT to the home realm, it is
-possible for it to continue to hold a valid home realm TGT.  However,
-since the DHCP client did not obtain the user-to-user ticket on its own,
-it will need to rely on the DHCP server to renew this ticket. In the
-DHCPREQUEST, the DHCP client includes its home realm TGT in a ticket
-attribute in the authentication option in order to assist the DHCP
-server in renewing the user-to-user ticket.
-
-If the user-to-user ticket is expired, then the client MUST return to
-INIT state.  To ensure that the user-to-user ticket remains valid
-throughout the DHCP lease period so that the renewal process can
-proceed, the Kerberos ticket lifetime SHOULD be set to exceed the DHCP
-lease time.  If client receives no DHCPACK messages or none of the
-DHCPACK messages pass validation, the client behaves as if it had not
-received a DHCPACK message in section 4.4.5 of the DHCP specification
-[4].
-
-4.2.5.  DHCPRELEASE message
-
-Clients sending a DHCPRELEASE MUST include an authentication option. The
-authentication option MUST include an integrity attribute, computed as
-described in [3], using the user to user session key.
-
-4.2.6.  DHCPDECLINE message
-
-Clients sending a DHCPDECLINE MUST include an authentication option. The
-authentication option MUST include an integrity attribute, computed as
-described in [3], using the user to user session key.
-
-4.2.7.  DHCPINFORM message
-
-Since the client already has some configuration information, it can be
-assumed that it has the ability to obtain a home or local realm TGT
-prior to sending the DHCPINFORM.
-
-If the DHCP client knows which DHCP server it will be interacting with,
-then it SHOULD include an authentication option containing AP_REQ and
-integrity attributes within the DHCPINFORM.  The DHCP client first
-requests a TGT to the local realm via an AS_REQ and then using the TGT
-returned in the AS_REP to request a ticket to the DHCP server from the
-local KDC in a TGS_REQ. The session key obtained from the TGS_REP will
-be used to generate the integrity attribute as described in [3].
-
-If the DHCP client does not know what DHCP server it will be talking to,
-then it cannot obtain a ticket to the DHCP server. In this case, the
-DHCP client MAY send an unauthenticated DHCPINFORM or it MAY include an
-authentication option including a ticket attribute only.  The ticket
-attribute includes a TGT for the home realm. The client MUST validate
-
-
-
-Hornstein, et al.            Standards Track                   [Page 10]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-that the DHCP server name in the received Kerberos AP_REQ message is of
-the form dhcp/.... as described in section 4.
-
-The client MAY choose to accept unauthenticated DHCPACK/DHCPNAK messages
-if no authenticated messages were received. DHCPACK/DHCPNAK messages
-with an authentication option containing a KRB_ERROR attribute and no
-integrity attribute are treated as though they are unauthenticated. The
-client MUST treat the receipt (or lack thereof) of any DHCPACK/DHCPNAK
-messages as specified in section 3.2 of the DHCP specification [4].
-
-4.3.  Server behavior
-
-This section, which relies on material from [3], describes the behavior
-of a server in response to client messages.
-
-4.3.1.  After receiving a DHCPDISCOVER message
-
-For installations where IP addresses are required within tickets, the
-DHCP server MAY complete the AS_REQ by filling in the ADDRESSES field
-based on the IP address that it will include in the DHCPOFFER.  The DHCP
-server sends the AS_REQ to the home KDC with the FORWARDABLE flag set.
-The home KDC then replies to the DHCP server with an AS_REP.  The DHCP
-server extracts the client TGT from the AS_REP and forms a TGS_REQ,
-which it sends to  the home KDC.
-
-If the DHCP server and client are in different realms, then the DHCP
-server will need to obtain a TGT to the home realm from the KDC of its
-own (local) realm prior to sending the TGS_REQ. The TGS_REQ includes the
-DHCP server's TGT within the home realm, has the ENC-TKT-IN-SKEY flag
-set and includes the client home realm TGT in the ADDITIONAL-TICKETS
-field, thus requesting a user-to ticket to the DHCP client.  The home
-KDC then returns a user-to-user ticket in a TGS_REP. The user-to-user
-ticket is encrypted in the client's home realm TGT session key.
-
-In order to recover the user-to-user session key, the DHCP server
-decrypts the enc-part of the TGS_REP. To accomplish this, the DHCP
-server uses the session key that it shares with the home realm, obtained
-in the AS_REQ/AS_REP conversation that it used to obtain its own TGT to
-the home realm.
-
-The DHCP server then sends a DHCPOFFER to the client, including AS_REP,
-AP_REQ and integrity attributes within the authentication option.  The
-AS_REP attribute encapsulates the AS_REP sent to the DHCP server by the
-home KDC. The AP_REQ attribute includes an AP_REQ constructed by the
-DHCP server based on the TGS_REP sent to it by the home KDC. The server
-also includes an integrity attribute generated as specified in [3] from
-the user-to-user session key.  The server MUST record the user-to-user
-session key selected for the client and use that session key for
-
-
-
-Hornstein, et al.            Standards Track                   [Page 11]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-validating subsequent messages with the client.
-
-4.3.2.  After receiving a DHCPREQUEST message
-
-The DHCP server uses the user-to-user session key in order to validate
-the integrity attribute contained within the authentication option,
-using the method specified in [3]. If the message fails to pass
-validation, it MUST discard the message and MAY choose to log the
-validation failure.
-
-If the message passes the validation procedure, the server responds as
-described in [4], including an integrity attribute computed as specified
-in [3] within the DHCPACK or DHCPNAK message.
-
-If the authentication option included within the DHCPREQUEST message
-contains a ticket attribute then the DHCP server will use the home realm
-TGT included in the ticket attribute in order to renew the user-to-user
-ticket, which it returns in an AP_REQ attribute within the DHCPACK.
-DHCPACK or DHCPNAK messages then include an integrity attribute
-generated as specified in [3], using the new user-to-user session key
-included within the AP_REQ.
-
-4.3.3.  After receiving a DHCPINFORM message
-
-The server MAY choose to accept unauthenticated DHCPINFORM messages, or
-only accept authenticated DHCPINFORM messages based on a site policy.
-
-When a client includes an authentication option in a DHCPINFORM message,
-the server MUST respond with an authenticated DHCPACK or DHCPNAK
-message. If the DHCPINFORM message includes an authentication option
-including AP_REQ and integrity attributes, the DHCP server decrypts the
-AP_REQ attribute and then recovers the session key. The DHCP server than
-validates the integrity attribute included in the authentication option
-using the session key. If the integrity attribute is invalid then the
-DHCP server MUST silently discard the DHCPINFORM message.
-
-If the authentication option only includes a ticket attribute and no
-integrity or AP_REQ attributes, then the DHCP server should assume that
-the client needs the server to obtain a user-to-user ticket from the
-home realm KDC.  In this case, the DHCP server includes the client home
-realm TGT and its own home realm TGT in a TGS_REQ to the home realm KDC.
-It then receives a user-to-user ticket from the home realm KDC in a
-TGS_REP. The DHCP server will then include AP_REQ and integrity
-attributes within the DHCPACK/DHCPNAK.
-
-If the client does not include an authentication option in the
-DHCPINFORM, the server can either respond with an unauthenticated
-DHCPACK message, or a DHCPNAK if the server does not accept
-
-
-
-Hornstein, et al.            Standards Track                   [Page 12]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-unauthenticated clients.
-
-4.3.4.  After receiving a DHCPRELEASE message
-
-The DHCP server uses the session key in order to validate the integrity
-attribute contained within the authentication option, using the method
-specified in [3]. If the message fails to pass validation, it MUST
-discard the message and MAY choose to log the validation failure.
-
-If the message passes the validation procedure, the server responds as
-described in [4], marking the client's network address as not allocated.
-
-4.3.5.  After receiving a DHCPDECLINE message
-
-The DHCP server uses the session key in order to validate the integrity
-attribute contained within the authentication option, using the method
-specified in [3]. If the message fails to pass validation, it MUST
-discard the message and MAY choose to log the validation failure.
-
-If the message passes the validation procedure, the server proceeds as
-described in [4].
-
-4.4.  Error handling
-
-When an error condition occurs during a Kerberos exchange, Kerberos
-error messages can be returned by either side.  These Kerberos error
-messages MAY be logged by the receiving and sending parties.
-
-In some cases, it may be possible for these error messages to be
-included within the authentication option via the KRB_ERROR attribute.
-However, in most cases, errors will result in messages being silently
-discarded and so no response will be returned.
-
-For example, if the home KDC returns a KRB_ERROR in response to the
-AS_REQ submitted by the DHCP server on the client's behalf, then the
-DHCP server will conclude that the DHCPDISCOVER was not authentic, and
-will silently discard it.
-
-However, if the AS_REQ included PADATA and the home KDC responds with an
-AS_REP, then the DHCP server can conclude that the client is authentic.
-If the subsequent TGS_REQ is unsuccessful, with a KRB_ERROR returned by
-the home KDC in the TGS_REP, then the fault may lie with the DHCP server
-rather than with the client. In this case, the DHCP server MAY choose to
-return a KRB_ERROR within the authentication option included in the
-DHCPOFFER. The client will then treat this as an unauthenticated
-DHCPOFFER.
-
-
-
-
-
-Hornstein, et al.            Standards Track                   [Page 13]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-Similarly, if the integrity attribute contained in the DHCPOFFER proves
-invalid, the client will silently discard the DHCPOFFER and instead
-accept an offer from another server if one is available. If the
-integrity attribute included in the DHCPACK/DHCPNAK proves invalid, then
-the client behaves as if it did not receive a DHCPACK/DHCPNAK.
-
-When in INIT-REBOOT, REBINDING or RENEWING state, the client will
-include a ticket attribute and integrity attribute within the
-authentication option of the DHCPREQUEST, in order to assist the DHCP
-server in renewing the user-to-user ticket.  If the integrity attribute
-is invalid, then the DHCP server MUST silently discard the DHCPREQUEST.
-
-However, if the integrity attribute is successfully validated by the
-DHCP server, but the home realm TGT included in the ticket attribute is
-invalid (e.g. expired), then the DHCP server will receive a KRB_ERROR in
-response to its TGS_REQ to the home KDC.  In this case, the DHCP server
-MAY respond with a DHCPNAK including a KRB_ERROR attribute and no
-integrity attribute within the authentication option. This will force
-the client back to the INIT state, where it can receive a valid home
-realm TGT.
-
-Where the client included PADATA in the AS_REQ attribute of the
-authentication option within the DHCPDISCOVER and the AS_REQ was
-successfully validated by the KDC, the DHCP server will conclude that
-the DHCP client is authentic. In this case if the client successfully
-validates the integrity attribute in the DHCPOFFER, but the server does
-not validate the integrity attribute in the client's DHCPREQUEST, the
-server MAY choose to respond with an authenticated DHCPNAK containing a
-KRB_ERROR attribute.
-
-4.5.  PKINIT issues
-
-When public key authentication is supported with Kerberos as described
-in [8], the client certificate and a signature accompany the initial
-request in the preauthentication fields.  As a result, it is conceivable
-that the incomplete AS_REQ included in the DHCPDISCOVER packet may
-exceed the size of a single DHCP option, or even the MTU size.  As noted
-in [4], a single option may be as large as 255 octets. If the value to
-be passed is larger than this the client concatenates together the
-values of multiple instances of the same option.
-
-4.6.  Examples
-
-4.6.1.  INIT state
-
-In the intra-realm case where the DHCP Kerberos mutual authentication is
-successful, the conversation will appear as follows:
-
-
-
-
-Hornstein, et al.            Standards Track                   [Page 14]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-                   AS_REQ ->
-                                      <- AS_REP
-                   TGS_REQ
-                    U-2-U ->
-                                      <- TGS_REP
-                <- DHCPOFFER,
-                    (AS_REP,
-                    AP_REQ,
-                    Integrity)
-DHCPREQUEST
- (Integrity) ->
-                <- DHCPACK
-                    (Integrity)
-
-In the case where the KDC returns a KRB_ERROR in response to the AS_REQ,
-the server will silently discard the DHCPDISCOVER and the conversation
-will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-                   AS_REQ ->
-                                     <- KRB_ERROR
-
-In the inter-realm case where the DHCP Kerberos mutual authentication is
-successful, the conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-DHCPDISCOVER
-(Incomplete
- AS_REQ)  ->
-                   AS_REQ ->
-                                <- AS_REP
-                   TGS_REQ ->
-                   (cross realm,
-                   for home
-                   KDC)
-
-
-
-Hornstein, et al.            Standards Track                   [Page 15]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-                                           <- TGS_REP
-
-                   TGS_REQ
-                    U-2-U ->
-                                <- TGS_REP
-                <- DHCPOFFER,
-                    (AS_REP,
-                    AP_REQ,
-                    Integrity)
-DHCPREQUEST
- (Integrity) ->
-                <- DHCPACK
-                    (Integrity)
-
-In the case where the client includes PADATA in the AS_REQ attribute
-within the authentication option of the DHCPDISCOVER and the KDC returns
-an error-free AS_REP indicating successful validation of the PADATA, the
-DHCP server will conclude that the DHCP client is authentic.  If the KDC
-then returns a KRB_ERROR in response to the TGS_REQ, indicating a fault
-that lies with the DHCP server, the server MAY choose not to silently
-discard the DHCPDISCOVER.  Instead it MAY respond with a DHCPOFFER
-including a KRB_ERROR attribute within the authentication option. The
-client will then treat this as an unauthenticated DHCPOFFER.  The
-conversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-DHCPDISCOVER
- (Incomplete
- AS_REQ
- w/PADATA)  ->
-                   AS_REQ ->
-                                     <- AS_REP
-                   TGS_REQ
-                    U-2-U ->
-                                     <- KRB_ERROR
-                <- DHCPOFFER,
-                    (KRB_ERROR)
-DHCPREQUEST ->
-                <- DHCPACK
-
-In the intra-realm case where the client included PADATA in the AS_REQ
-attribute of the authentication option and the AS_REQ was successfully
-validated by the KDC, the DHCP server will conclude that the DHCP client
-is authentic. In this case if the client successfully validates the
-integrity attribute in the DHCPOFFER, but the server does not validate
-the integrity attribute in the client's DHCPREQUEST, the server MAY
-
-
-
-Hornstein, et al.            Standards Track                   [Page 16]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-choose to respond with an authenticated DHCPNAK containing a KRB_ERROR
-attribute.  The conversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-DHCPDISCOVER
- (Incomplete
- AS_REQ
- w/PADATA)  ->
-                   AS_REQ ->
-                                     <- AS_REP
-                   TGS_REQ
-                    U-2-U ->
-                                     <- TGS_REP
-                <- DHCPOFFER,
-                    (AS_REP,
-                    AP_REQ,
-                    Integrity)
-DHCPREQUEST
- (Integrity) ->
-                <- DHCNAK
-                    (KRB_ERROR,
-                     Integrity)
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-
-In the intra-realm case where the DHCP client cannot validate the
-integrity attribute in the DHCPOFFER, the client silently discards the
-DHCPOFFER. The conversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-                   AS_REQ ->
-                                     <- AS_REP
-                   TGS_REQ
-                    U-2-U ->
-                                     <- TGS_REP
-                <- DHCPOFFER,
-                   (AS_REP,
-                   AP_REQ,
-                   Integrity)
-DHCPREQUEST
-
-
-
-Hornstein, et al.            Standards Track                   [Page 17]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
- [To another server]
- (Integrity) ->
-
-In the intra-realm case where the DHCP client cannot validate the
-integrity attribute in the DHCPACK, the client reverts to INIT state.
-The conversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-DHCPDISCOVER
-(Incomplete
- AS_REQ)  ->
-                   AS_REQ ->
-                                     <- AS_REP
-                   TGS_REQ
-                    U-2-U ->
-                                     <- TGS_REP
-                <- DHCPOFFER,
-                    (AS_REP,
-                    AP_REQ,
-                    Integrity)
-DHCPREQUEST
- (Integrity) ->
-                <- DHCPACK
-                    (Integrity)
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-
-4.6.2.  INIT-REBOOT, RENEWING or REBINDING
-
-In the intra-realm or inter-realm case where the original user-to-user
-ticket is still valid, and the DHCP server still has a valid TGT to the
-home realm, the conversation will appear as follows:
-
-   DHCP               DHCP             Home
-   Client             Server            KDC
---------------     -------------     ---------
-
-DHCPREQUEST
- (TGT,
- Integrity)  ->
-                   TGS_REQ
-                    U-2-U ->
-                                     <- TGS_REP
-                <- DHCPACK
-                    (AP_REQ,
-
-
-
-Hornstein, et al.            Standards Track                   [Page 18]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-                    Integrity)
-
-In the intra-realm or inter-realm case where the DHCP server validates
-the integrity attribute in the DHCPREQUEST, but receives a KRB_ERROR in
-response to the TGS_REQ to the KDC, the DHCP sever MAY choose not to
-silently discard the DHCPREQUEST and MAY return an authenticated DHCPNAK
-to the client instead, using the user-to-user session key previously
-established with the client. The conversation appears as follows:
-
-   DHCP               DHCP             Home
-   Client             Server            KDC
---------------     -------------     ---------
-
-DHCPREQUEST
- (TGT,
- Integrity)  ->
-                   TGS_REQ
-                    U-2-U ->
-                                     <- KRB_ERROR
-                <- DHCPNAK
-                    (KRB_ERROR,
-                    Integrity)
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-
-In the intra-realm or inter-realm case where the DHCP server cannot
-validate the integrity attribute in the DHCPREQUEST, the DHCP server
-MUST silently discard the DHCPREQUEST and the conversation will appear
-as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-
-DHCPREQUEST
- (TGT,
- Integrity)  ->
-                   Silent discard
-[Sequence repeats
- until timeout]
-
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-
-In the intra-realm or inter-realm case where the original user-to-user
-ticket is still valid, the server validates the integrity attribute in
-
-
-
-Hornstein, et al.            Standards Track                   [Page 19]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-the DHCPREQUEST, but the client fails to validate the integrity
-attribute in the DHCPACK, the client will silently discard the DHCPACK.
-The conversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-
-DHCPREQUEST
- (TGT,
- Integrity)  ->
-
-                <- DHCPACK
-                    (AP_REQ,
-                    Integrity)
-DHCPDISCOVER
- (Incomplete
- AS_REQ)  ->
-
-4.6.3.  DHCPINFORM (with known DHCP server)
-
-In the case where the DHCP client knows the DHCP server it will be
-interacting with, the DHCP client will obtain a ticket to the DHCP
-server and will include AP_REQ and integrity attributes within the
-DHCPINFORM.
-
-Where the DHCP Kerberos mutual authentication is successful, the
-conversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-AS_REQ ->
-                                     <- AS_REP
-TGS_REQ ->
-                                     <- TGS_REP
-DHCPINFORM
- (AP_REQ,
- Integrity) ->
-                <- DHCPACK
-                    (Integrity)
-
-In the inter-realm case where the DHCP Kerberos mutual authentication is
-successful, the conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-
-
-
-Hornstein, et al.            Standards Track                   [Page 20]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-AS_REQ ->
-                                          <- AS_REP
-TGS_REQ ->
-                                          <- TGS_REP
-TGS_REQ ->
-                               <- TGS_REP
-DHCPINFORM
- (AP_REQ,
- Integrity) ->
-                <- DHCPACK
-                    (Integrity)
-
-In the inter-realm case where the DHCP server fails to validate the
-integrity attribute in the DHCPINFORM, the server MUST silently discard
-the DHCPINFORM. The conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-AS_REQ ->
-                                          <- AS_REP
-TGS_REQ ->
-                                          <- TGS_REP
-TGS_REQ ->
-                               <- TGS_REP
-DHCPINFORM
- (AP_REQ,
- Integrity) ->
-                <- DHCPACK
-                    (Integrity)
-DHCPINFORM
- (AP_REQ,
- Integrity) ->
-
-In the inter-realm case where the DHCP client fails to validate the
-integrity attribute in the DHCPACK, the client MUST silently discard the
-DHCPACK.  The conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-AS_REQ ->
-                                          <- AS_REP
-TGS_REQ ->
-                                          <- TGS_REP
-TGS_REQ ->
-                               <- TGS_REP
-DHCPINFORM
-
-
-
-Hornstein, et al.            Standards Track                   [Page 21]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
- (AP_REQ,
- Integrity) ->
-
-4.6.4.  DHCPINFORM (with unknown DHCP server)
-
-In the case where the DHCP client does not know the DHCP server it will
-be interacting with, the DHCP client will only include a ticket
-attribute within the DHCPINFORM.  Thus the DHCP server will not be able
-to validate the authentication option.
-
-Where the DHCP client is able to validate the DHCPACK and no error
-occur, the onversation will appear as follows:
-
-   DHCP               DHCP
-   Client             Server            KDC
---------------     -------------     ---------
-AS_REQ ->
-                                     <- AS_REP
-DHCPINFORM
- (Ticket) ->
-                   TGS_REQ
-                    U-2-U ->
-                                     <- TGS_REP
-                <- DHCPACK
-                    (AP_REQ,
-                    Integrity)
-
-In the inter-realm case where the DHCP server needs to obtain a TGT to
-the home realm, and where the client successfully validates the DHCPACK,
-the conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-AS_REQ ->
-                                          <- AS_REP
-DHCPINFORM
- (Ticket) ->
-                   AS_REQ ->
-                                <- AS_REP
-                   TGS_REQ ->
-                   (cross realm,
-                   for home
-                   KDC)
-                                           <- TGS_REP
-
-                   TGS_REQ
-                    U-2-U ->
-
-
-
-Hornstein, et al.            Standards Track                   [Page 22]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-                                <- TGS_REP
-                <- DHCPACK
-                    (AP_REQ,
-                    Integrity)
-
-In the inter-realm case where the local KDC returns a KRB_ERROR in
-response to the TGS_REQ from the DHCP server, the DHCP server MAY return
-a KRB_ERROR within the DHCP authentication option included in a DHCPNAK.
-The conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-AS_REQ ->
-                                          <- AS_REP
-DHCPINFORM
- (Ticket) ->
-                   AS_REQ ->
-                                <- AS_REP
-                   TGS_REQ ->
-                   (cross realm,
-                   for home
-                   KDC)
-                                           <- KRB_ERROR
-                <- DHCPNAK
-                    (KRB_ERROR)
-
-
-In the inter-realm case where the DHCP client fails to validate the
-integrity attribute in the DHCPACK, the client MUST silently discard the
-DHCPACK.  The conversation will appear as follows:
-
-   DHCP            DHCP           Home      Local
-   Client          Server         KDC        KDC
---------------  -------------  ---------  ---------
-AS_REQ ->
-                                          <- AS_REP
-DHCPINFORM
- (Ticket) ->
-                   AS_REQ ->
-                                <- AS_REP
-                   TGS_REQ ->
-                   (cross realm,
-                   for home
-                   KDC)
-                                           <- TGS_REP
-
-                   TGS_REQ
-
-
-
-Hornstein, et al.            Standards Track                   [Page 23]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-                    U-2-U ->
-                                <- TGS_REP
-                <- DHCPACK
-                    (AP_REQ,
-                    Integrity)
-DHCPINFORM
- (Ticket) ->
-
-5.  References
-
-
-[1]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
-     Levels", BCP 14, RFC 2119, March 1997.
-
-[2]  Kohl, J., Neuman, C., "The Kerberos Network Authentication Service
-     (V5)", RFC 1510, September 1993.
-
-[3]  Droms, R., Arbaugh, W., "Authentication for DHCP Messages",
-     Internet draft (work in progress), draft-ietf-dhc-
-     authentication-11.txt, June 1999.
-
-[4]  Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March
-     1997.
-
-[5]  Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor
-     Extensions", RFC 2132, March 1997.
-
-[6]  Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
-
-[7]  Jain, V., Congdon, P., Roese, J., "Network Port Authentication",
-     IEEE 802.1 PAR submission, June 1999.
-
-[8]  Tung, B., Neuman, C., Hur, M., Medvinsky, A., Medvinsky, S., Wray,
-     J., Trostle, J., "Public Key Cryptography for Initial
-     Authentication in Kerberos", Internet draft (work in progress),
-     draft-ietf-cat-kerberos-pk-init-09.txt, June 1999.
-
-[9]  Tung, B., Ryutov, T., Neuman, C., Tsudik, G., Sommerfeld, B.,
-     Medvinsky, A., Hur, M.,  "Public Key Cryptography for Cross-Realm
-     Authentication in Kerberos", Internet draft (work in progress),
-     draft-ietf-cat-kerberos-pk-cross-04.txt, June 1999.
-
-[10] Mills, D., "Network Time Protocol (Version 3)", RFC-1305, March
-     1992.
-
-[11] Henry, M., "DHCP Option 61 UUID Type Definition", Internet draft
-     (work in progress), draft-henry-DHCP-opt61-UUID-type-00.txt,
-     November 1998.
-
-
-
-Hornstein, et al.            Standards Track                   [Page 24]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-6.  Security Considerations
-
-DHCP authentication, described in [3], addresses the following threats:
-
-     Modification of messages
-     Rogue servers
-     Unauthorized clients
-
-This section describes how DHCP authentication via Kerberos V addresses
-each of these threats.
-
-6.1.  Client security
-
-As noted in [3], it may be desirable to ensure that IP addresses are
-only allocated to authorized clients. This can serve to protect against
-denial of service attacks. To address this issue it is necessary for
-DHCP client messages to be authenticated. In order to guard against
-message modification, it is also necessary for DHCP client messages to
-be integrity protected.
-
-Note that this protocol does not make use of KRB_SAFE, so as to allow
-modification of mutable fields by the DHCP relay. Replay protection is
-therefore provided within the DHCP authentication option itself.
-
-In DHCP authentication via Kerberos V the DHCP client will authenticate,
-integrity and replay-protect the DHCPREQUEST, DHCPDECLINE and
-DHCPRELEASE messages using a user-to-user session key obtained by the
-DHCP server from the home KDC. If the DHCP client knows the DHCP server
-it will be interacting with, then the DHCP client MAY also authenticate,
-integrity and replay-protect the DHCPINFORM message using a session key
-obtained from the local realm KDC for the DHCP server it expects to
-converse with.
-
-Since the client has not yet obtained a session key, DHCPDISCOVER
-packets cannot be authenticated using the session key. However, the
-client MAY include pre-authentication data in the PADATA field included
-in the DHCPDISCOVER packet. Since the PADATA will then be used by the
-DHCP server to request a ticket on the client's behalf, the DHCP server
-will learn from the AS_REP whether the PADATA was acceptable or not.
-Therefore in this case, the DHCPDISCOVER will be authenticated but not
-integrity protected.
-
-Where the DHCP client does not know the DHCP server it will be
-interacting with ahead of time, the DHCPINFORM message will not be
-authenticated, integrity or replay protected.
-
-Note that snooping of PADATA and TGTs on the wire may provide an
-attacker with a means of mounting a dictionary attack, since these items
-
-
-
-Hornstein, et al.            Standards Track                   [Page 25]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-are typically encrypted with a key derived from the user's password.
-Thus use of strong passwords and/or pre-authentication methods utilizing
-strong cryptography (see [8]) are recommended.
-
-6.2.  Network access control
-
-DHCP authentication has been proposed as a method of limiting access to
-network media that are not physically secured such as wireless LANs and
-ports in college residence halls.  However, it is not particularly well
-suited to this purpose since even if address allocation is denied an
-inauthentic client may use a statically assigned IP address instead, or
-may attempt to access the network using non-IP protocols.  As a result,
-other methods, described in [6]-[7], have been proposed for controlling
-access to wireless media and switched LANs.
-
-6.3.  Server security
-
-As noted in [3], it may be desirable to protect against rogue DHCP
-servers put on the network either intentionally or by accident.  To
-address this issue it is necessary for DHCP server messages to be
-authenticated. In order to guard against message modification, it is
-also necessary for DHCP server messages to be integrity protected.
-Replay protection is also provided within the DHCP authentication
-option.
-
-All messages sent by the DHCP server are authenticated and integrity and
-replaly protected using a session key.  This includes the DHCPOFFER,
-DHCPACK, and DHCPNAK messages.  The session key is used to compute the
-DHCP authentication option, which is verified by the client.
-
-In order to provide protection against rogue servers it is necessary to
-prevent rogue servers from obtaining the credentials necessary to act as
-a DHCP server. As noted in Section 4, the Kerberos principal name for
-the DHCP server  must be of type KRB_NT_SRV_HST with  the service name
-component equal to 'dhcp'. The client MUST validate that the DHCP server
-principal name has the above  format. This convention requires that the
-administrator ensure that non-DHCP  server principals do not have names
-that match the above format.
-
-7.  IANA Considerations
-
-This draft does not create any new number spaces for IANA
-administration.
-
-8.  Acknowledgements
-
-The authors would like to acknowledge Ralph Droms and William Arbaugh,
-authors of the DHCP authentication draft [3]. This draft incorporates
-
-
-
-Hornstein, et al.            Standards Track                   [Page 26]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-material from their work; however, any mistakes in this document are
-solely the responsibility of the authors.
-
-9.  Authors' Addresses
-
-Ken Hornstein
-US Naval Research Laboratory
-Bldg A-49, Room 2
-4555 Overlook Avenue
-Washington DC  20375 USA
-
-Phone: +1 (202) 404-4765
-EMail: kenh@cmf.nrl.navy.mil
-
-Ted Lemon
-Internet Engines, Inc.
-950 Charter Street
-Redwood City, CA 94063
-
-Phone: +1 (650) 779 6031
-Email: mellon@iengines.net
-
-Bernard Aboba
-Microsoft Corporation
-One Microsoft Way
-Redmond, WA 98052
-
-Phone: +1 (425) 936-6605
-EMail: bernarda@microsoft.com
-
-Jonathan Trostle
-170 W. Tasman Dr.
-San Jose, CA 95134, U.S.A.
-
-Email: jtrostle@cisco.com
-Phone: +1 (408) 527-6201
-
-
-10.  Intellectual Property Statement
-
-The IETF takes no position regarding the validity or scope of any
-intellectual property or other rights that might be claimed to  pertain
-to the implementation or use of the technology described in this
-document or the extent to which any license under such rights might or
-might not be available; neither does it represent that it has made any
-effort to identify any such rights.  Information on the IETF's
-procedures with respect to rights in standards-track and standards-
-related documentation can be found in BCP-11.  Copies of claims of
-
-
-
-Hornstein, et al.            Standards Track                   [Page 27]
-
-
-INTERNET-DRAFT     DHCP Authentication Via Kerberos V   20 February 2000
-
-
-rights made available for publication and any assurances of licenses to
-be made available, or the result of an attempt made to obtain a general
-license or permission for the use of such proprietary rights by
-implementors or users of this specification can be obtained from the
-IETF Secretariat.
-
-The IETF invites any interested party to bring to its attention any
-copyrights, patents or patent applications, or other proprietary rights
-which may cover technology that may be required to practice this
-standard.  Please address the information to the IETF Executive
-Director.
-
-11.  Full Copyright Statement
-
-Copyright (C) The Internet Society (2000).  All Rights Reserved.
-This document and translations of it may be copied and furnished to
-others, and derivative works that comment on or otherwise explain it or
-assist in its implmentation may be prepared, copied, published and
-distributed, in whole or in part, without restriction of any kind,
-provided that the above copyright notice and this paragraph are included
-on all such copies and derivative works.  However, this document itself
-may not be modified in any way, such as by removing the copyright notice
-or references to the Internet Society or other Internet organizations,
-except as needed for the purpose of developing Internet standards in
-which case the procedures for copyrights defined in the Internet
-Standards process must be followed, or as required to translate it into
-languages other than English.  The limited permissions granted above are
-perpetual and will not be revoked by the Internet Society or its
-successors or assigns.  This document and the information contained
-herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
-INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
-INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
-
-12.  Expiration Date
-
-This memo is filed as <draft-hornstein-dhc-kerbauth-02.txt>,  and
-expires October 1, 2000.
-
-
-
-
-
-
-
-
-
-
-
-
-Hornstein, et al.            Standards Track                   [Page 28]
-
-
diff --git a/crypto/heimdal/doc/standardisation/draft-horowitz-key-derivation-01.txt b/crypto/heimdal/doc/standardisation/draft-horowitz-key-derivation-01.txt
deleted file mode 100644
index 4dcff486b936..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-horowitz-key-derivation-01.txt
+++ /dev/null
@@ -1,244 +0,0 @@
-Network Working Group                                        M. Horowitz
-<draft-horowitz-key-derivation-01.txt>                  Cygnus Solutions
-Internet-Draft                                               March, 1997
-
-
-       Key Derivation for Authentication, Integrity, and Privacy
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as ``work in progress.''
-
-   To learn the current status of any Internet-Draft, please check the
-   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
-   Directories on ds.internic.net (US East Coast), nic.nordu.net
-   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
-   Rim).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   author.
-
-Abstract
-
-   Recent advances in cryptography have made it desirable to use longer
-   cryptographic keys, and to make more careful use of these keys.  In
-   particular, it is considered unwise by some cryptographers to use the
-   same key for multiple purposes.  Since most cryptographic-based
-   systems perform a range of functions, such as authentication, key
-   exchange, integrity, and encryption, it is desirable to use different
-   cryptographic keys for these purposes.
-
-   This RFC does not define a particular protocol, but defines a set of
-   cryptographic transformations for use with arbitrary network
-   protocols and block cryptographic algorithm.
-
-
-Deriving Keys
-
-   In order to use multiple keys for different functions, there are two
-   possibilities:
-
-    - Each protocol ``key'' contains multiple cryptographic keys.  The
-      implementation would know how to break up the protocol ``key'' for
-      use by the underlying cryptographic routines.
-
-    - The protocol ``key'' is used to derive the cryptographic keys.
-      The implementation would perform this derivation before calling
-
-
-
-Horowitz                                                        [Page 1]
-
-Internet Draft               Key Derivation                  March, 1997
-
-
-      the underlying cryptographic routines.
-
-   In the first solution, the system has the opportunity to provide
-   separate keys for different functions.  This has the advantage that
-   if one of these keys is broken, the others remain secret.  However,
-   this comes at the cost of larger ``keys'' at the protocol layer.  In
-   addition, since these ``keys'' may be encrypted, compromising the
-   cryptographic key which is used to encrypt them compromises all the
-   component keys.  Also, the not all ``keys'' are used for all possible
-   functions.  Some ``keys'', especially those derived from passwords,
-   are generated from limited amounts of entropy.  Wasting some of this
-   entropy on cryptographic keys which are never used is unwise.
-
-   The second solution uses keys derived from a base key to perform
-   cryptographic operations.  By carefully specifying how this key is
-   used, all of the advantages of the first solution can be kept, while
-   eliminating some disadvantages.  In particular, the base key must be
-   used only for generating the derived keys, and this derivation must
-   be non-invertible and entropy-preserving.  Given these restrictions,
-   compromise of one derived keys does not compromise the other subkeys.
-   Attack of the base key is limited, since it is only used for
-   derivation, and is not exposed to any user data.
-
-   Since the derived key has as much entropy as the base keys (if the
-   cryptosystem is good), password-derived keys have the full benefit of
-   all the entropy in the password.
-
-   To generate a derived key from a base key:
-
-      Derived Key = DK(Base Key, Well-Known Constant)
-
-   where
-
-      DK(Key, Constant) = n-truncate(E(Key, Constant))
-
-   In this construction, E(Key, Plaintext) is a block cipher, Constant
-   is a well-known constant defined by the protocol, and n-truncate
-   truncates its argument by taking the first n bits; here, n is the key
-   size of E.
-
-   If the output of E is is shorter than n bits, then some entropy in
-   the key will be lost.  If the Constant is smaller than the block size
-   of E, then it must be padded so it may be encrypted.  If the Constant
-   is larger than the block size, then it must be folded down to the
-   block size to avoid chaining, which affects the distribution of
-   entropy.
-
-   In any of these situations, a variation of the above construction is
-   used, where the folded Constant is encrypted, and the resulting
-   output is fed back into the encryption as necessary (the | indicates
-   concatentation):
-
-      K1 = E(Key, n-fold(Constant))
-      K2 = E(Key, K1)
-
-
-
-Horowitz                                                        [Page 2]
-
-Internet Draft               Key Derivation                  March, 1997
-
-
-      K3 = E(Key, K2)
-      K4 = ...
-
-      DK(Key, Constant) = n-truncate(K1 | K2 | K3 | K4 ...)
-
-   n-fold is an algorithm which takes m input bits and ``stretches''
-   them to form n output bits with no loss of entropy, as described in
-   [Blumenthal96].  In this document, n-fold is always used to produce n
-   bits of output, where n is the key size of E.
-
-   If the size of the Constant is not equal to the block size of E, then
-   the Constant must be n-folded to the block size of E.  This number is
-   used as input to E.  If the block size of E is less than the key
-   size, then the output from E is taken as input to a second invocation
-   of E.  This process is repeated until the number of bits accumulated
-   is greater than or equal to the key size of E.  When enough bits have
-   been computed, the first n are taken as the derived key.
-
-   Since the derived key is the result of one or more encryptions in the
-   base key, deriving the base key from the derived key is equivalent to
-   determining the key from a very small number of plaintext/ciphertext
-   pairs.  Thus, this construction is as strong as the cryptosystem
-   itself.
-
-
-Deriving Keys from Passwords
-
-   When protecting information with a password or other user data, it is
-   necessary to convert an arbitrary bit string into an encryption key.
-   In addition, it is sometimes desirable that the transformation from
-   password to key be difficult to reverse.  A simple variation on the
-   construction in the prior section can be used:
-
-      Key = DK(n-fold(Password), Well-Known Constant)
-
-   The n-fold algorithm is reversible, so recovery of the n-fold output
-   is equivalent to recovery of Password.  However, recovering the n-
-   fold output is difficult for the same reason recovering the base key
-   from a derived key is difficult.
-
-
-
-   Traditionally, the transformation from plaintext to ciphertext, or
-   vice versa, is determined by the cryptographic algorithm and the key.
-   A simple way to think of derived keys is that the transformation is
-   determined by the cryptographic algorithm, the constant, and the key.
-
-   For interoperability, the constants used to derive keys for different
-   purposes must be specified in the protocol specification.  The
-   constants must not be specified on the wire, or else an attacker who
-   determined one derived key could provide the associated constant and
-   spoof data using that derived key, rather than the one the protocol
-   designer intended.
-
-
-
-
-Horowitz                                                        [Page 3]
-
-Internet Draft               Key Derivation                  March, 1997
-
-
-   Determining which parts of a protocol require their own constants is
-   an issue for the designer of protocol using derived keys.
-
-
-Security Considerations
-
-   This entire document deals with security considerations relating to
-   the use of cryptography in network protocols.
-
-
-Acknowledgements
-
-   I would like to thank Uri Blumenthal, Hugo Krawczyk, and Bill
-   Sommerfeld for their contributions to this document.
-
-
-References
-
-   [Blumenthal96] Blumenthal, U., "A Better Key Schedule for DES-Like
-      Ciphers", Proceedings of PRAGOCRYPT '96, 1996.
-
-
-Author's Address
-
-   Marc Horowitz
-   Cygnus Solutions
-   955 Massachusetts Avenue
-   Cambridge, MA 02139
-
-   Phone: +1 617 354 7688
-   Email: marc@cygnus.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz                                                        [Page 4]
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-gssv2-08.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-gssv2-08.txt
deleted file mode 100644
index ccba35eeb4ab..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-gssv2-08.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-A new Request for Comments is now available in online RFC libraries.
-
-
-        RFC 2078
-
-        Title:      Generic Security Service Application Program
-                    Interface, Version 2
-        Author:     J. Linn
-        Date:       January 1997
-        Mailbox:    John.Linn@ov.com
-        Pages:      85
-        Characters: 185990
-        Obsoletes:  1508
-
-        URL:        ftp://ds.internic.net/rfc/rfc2078.txt
-
-
-This memo revises RFC-1508, making specific, incremental changes in
-response to implementation experience and liaison requests. It is
-intended, therefore, that this memo or a successor version thereto
-will become the basis for subsequent progression of the GSS-API
-specification on the standards track.  This document is a product of
-the Common Authentication Technology Working Group.
-
-This is now a Proposed Standard Protocol.
-
-This document specifies an Internet standards track protocol for the
-Internet community, and requests discussion and suggestions for
-improvements.  Please refer to the current edition of the "Internet
-Official Protocol Standards" (STD 1) for the standardization state and
-status of this protocol.  Distribution of this memo is unlimited.
-
-This announcement is sent to the IETF list and the RFC-DIST list.
-Requests to be added to or deleted from the IETF distribution list
-should be sent to IETF-REQUEST@CNRI.RESTON.VA.US.  Requests to be
-added to or deleted from the RFC-DIST distribution list should
-be sent to RFC-DIST-REQUEST@ISI.EDU.
-
-Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
-an EMAIL message to rfc-info@ISI.EDU with the message body 
-help: ways_to_get_rfcs.  For example:
-
-        To: rfc-info@ISI.EDU
-        Subject: getting rfcs
-
-        help: ways_to_get_rfcs
-
-Requests for special distribution should be addressed to either the
-author of the RFC in question, or to admin@DS.INTERNIC.NET.  Unless
-specifically noted otherwise on the RFC itself, all RFCs are for
-unlimited distribution.
-
-Submissions for Requests for Comments should be sent to
-RFC-EDITOR@ISI.EDU.  Please consult RFC 1543, Instructions to RFC
-Authors, for further information.
-
-
-Joyce K. Reynolds and Mary Kennedy
-USC/Information Sciences Institute
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-gssv2-cbind-04.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-gssv2-cbind-04.txt
deleted file mode 100644
index 518f4c63d171..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-gssv2-cbind-04.txt
+++ /dev/null
@@ -1,6188 +0,0 @@
-
-   Internet draft                                                    J.Wray
-   IETF Common Authentication Technology WG   Digital Equipment Corporation
-   <draft-ietf-cat-gssv2-cbind-04.txt>                           March 1997
-
-
-
-             Generic Security Service API Version 2 : C-bindings
-
-
-   1. STATUS OF THIS MEMO
-
-   This document is an Internet Draft.  Internet Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its Areas, and
-   its Working Groups.  Note that other groups may also distribute working
-   documents as Internet Drafts.  Internet Drafts are draft documents valid
-   for a maximum of six months. Internet Drafts may be updated, replaced,
-   or obsoleted by other documents at any time.  It is not appropriate to
-   use Internet Drafts as reference material or to cite them other than as
-   a "working draft" or "work in progress." Please check the I-D abstract
-   listing contained in each Internet Draft directory to learn the current
-   status of this or any other Internet Draft.
-
-   Comments on this document should be sent to "cat-ietf@MIT.EDU", the IETF
-   Common Authentication Technology WG discussion list.
-
-
-   2. ABSTRACT
-
-   This draft document specifies C language bindings for Version 2 of the
-   Generic Security Service Application Program Interface (GSSAPI), which
-   is described at a language-independent conceptual level in other drafts
-   [GSSAPI]. It revises RFC-1509, making specific incremental changes in
-   response to implementation experience and liaison requests.  It is
-   intended, therefore, that this draft or a successor version thereof will
-   become the basis for subsequent progression of the GSS-API specification
-   on the standards track.
-
-   The Generic Security Service Application Programming Interface provides
-   security services to its callers, and is intended for implementation
-   atop a variety of underlying cryptographic mechanisms.  Typically,
-   GSSAPI callers will be application protocols into which security
-   enhancements are integrated through invocation of services provided by
-   the GSSAPI. The GSSAPI allows a caller application to authenticate a
-   principal identity associated with a peer application, to delegate
-   rights to a peer, and to apply security services such as confidentiality
-   and integrity on a per-message basis.
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 1]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   3. INTRODUCTION
-
-   The Generic Security Service Application Programming Interface [GSSAPI]
-   provides security services to calling applications.  It allows a
-   communicating application to authenticate the user associated with
-   another application, to delegate rights to another application, and to
-   apply security services such as confidentiality and integrity on a per-
-   message basis.
-
-   There are four stages to using the GSSAPI:
-
-     (a) The application acquires a set of credentials with which it may
-         prove its identity to other processes.  The application's
-         credentials vouch for its global identity, which may or may not be
-         related to any local username under which it may be running.
-
-     (b) A pair of communicating applications establish a joint security
-         context using their credentials.  The security context is a pair
-         of GSSAPI data structures that contain shared state information,
-         which is required in order that per-message security services may
-         be provided.  Examples of state that might be shared between
-         applications as part of a security context are cryptographic keys,
-         and message sequence numbers.  As part of the establishment of a
-         security context, the context initiator is authenticated to the
-         responder, and may require that the responder is authenticated in
-         turn.  The initiator may optionally give the responder the right
-         to initiate further security contexts, acting as an agent or
-         delegate of the initiator.  This transfer of rights is termed
-         delegation, and is achieved by creating a set of credentials,
-         similar to those used by the initiating application, but which may
-         be used by the responder.
-
-         To establish and maintain the shared information that makes up the
-         security context, certain GSSAPI calls will return a token data
-         structure, which is a cryptographically protected opaque data
-         type.  The caller of such a GSSAPI routine is responsible for
-         transferring the token to the peer application, encapsulated if
-         necessary in an application-application protocol.  On receipt of
-         such a token, the peer application should pass it to a
-         corresponding GSSAPI routine which will decode the token and
-         extract the information, updating the security context state
-         information accordingly.
-
-     (c) Per-message services are invoked to apply either:
-
-           (i) integrity and data origin authentication, or
-
-          (ii) confidentiality, integrity and data origin authentication
-
-         to application data, which are treated by GSSAPI as arbitrary
-         octet-strings.  An application transmitting a message that it
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 2]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-         wishes to protect will call the appropriate GSSAPI routine
-         (gss_get_mic or gss_wrap) to apply protection, specifying the
-         appropriate security context, and send the resulting token to the
-         receiving application.  The receiver will pass the received token
-         (and, in the case of data protected by gss_get_mic, the
-         accompanying message-data) to the corresponding decoding routine
-         (gss_verify_mic or gss_unwrap) to remove the protection and
-         validate the data.
-
-     (d) At the completion of a communications session (which may extend
-         across several transport connections), each application calls a
-         GSSAPI routine to delete the security context.  Multiple contexts
-         may also be used (either successively or simultaneously) within a
-         single communications association, at the option of the
-         applications.
-
-
-   4. GSSAPI ROUTINES
-
-   This section lists the routines that make up the GSSAPI, and offers a
-   brief description of the purpose of each routine.  Detailed descriptions
-   of each routine are listed in alphabetical order in section 7.
-
-   Table 4-1  GSSAPI Credential-management Routines
-
-         ROUTINE            SECTION        FUNCTION
-
-     gss_acquire_cred          7.2  Assume a global identity;
-                                    Obtain a GSSAPI credential
-                                    handle for pre-existing
-                                    credentials.
-
-     gss_add_cred              7.3  Construct credentials
-                                    incrementally
-
-     gss_inquire_cred          7.21 Obtain information about
-                                    a credential.
-
-     gss_inquire_cred_by_mech  7.22 Obtain per-mechanism information
-                                    about a credential.
-
-     gss_release_cred          7.27 Discard a credential handle.
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 3]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Table 4-2  GSSAPI Context-level Routines
-
-         ROUTINE            SECTION        FUNCTION
-
-     gss_init_sec_context      7.19 Initiate a security context
-                                    with a peer application
-
-
-     gss_accept_sec_context    7.1  Accept a security context
-                                    initiated by a peer
-                                    application
-
-     gss_delete_sec_context    7.9  Discard a security context
-
-     gss_process_context_token 7.25 Process a token on a security
-                                    context from a peer
-                                    application
-
-     gss_context_time          7.7  Determine for how long a
-                                    context will remain valid
-
-     gss_inquire_context       7.20 Obtain information about a
-                                    security context
-
-     gss_wrap_size_limit       7.33 Determine token-size limit for
-                                    gss_wrap on a context
-
-     gss_export_sec_context    7.14 Transfer a security context to
-                                    another process
-
-     gss_import_sec_context    7.17 Import a transferred context
-
-
-
-
-   Table 4-3  GSSAPI Per-message Routines
-
-         ROUTINE            SECTION        FUNCTION
-
-     gss_get_mic               7.15 Calculate a cryptographic
-                                    Message Integrity Code (MIC)
-                                    for a message; integrity service
-
-     gss_verify_mic            7.32 Check a MIC against a message;
-                                    verify integrity of a received
-                                    message
-
-     gss_wrap                  7.36 Attach a MIC to a message, and
-                                    optionally encrypt the message
-                                    content; confidentiality service
-
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 4]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-     gss_unwrap                7.31 Verify a message with attached
-                                    MIC, and decrypt message
-                                    content if necessary.
-
-
-
-
-   Table 4-4  GSSAPI Name manipulation Routines
-
-         ROUTINE              SECTION        FUNCTION
-
-     gss_import_name            7.16 Convert a contiguous string name
-                                     to internal-form
-
-     gss_display_name           7.10 Convert internal-form name
-                                     to text
-
-     gss_compare_name           7.6  Compare two internal-form names
-
-     gss_release_name           7.28 Discard an internal-form name
-
-     gss_inquire_names_for_mech 7.24 List the name-types supported
-                                     by a specified mechanism
-
-     gss_inquire_mechs_for_name 7.23 List mechanisms that support
-                                     a given nametype
-
-     gss_canonicalize_name      7.5  Convert an internal name to
-                                     an MN.
-
-     gss_export_name            7.13 Convert an MN to export form
-
-     gss_duplicate_name         7.12 Create a copy of an internal name
-
-
-
-
-   Table 4-5  GSSAPI Miscellaneous Routines
-
-         ROUTINE              SECTION        FUNCTION
-
-     gss_display_status         7.11 Convert a GSSAPI status code
-                                     to text
-
-     gss_indicate_mechs         7.18 Determine available underlying
-                                     authentication mechanisms
-
-     gss_release_buffer         7.26 Discard a buffer
-
-     gss_release_oid_set        7.29 Discard a set of object
-                                     identifiers
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 5]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-     gss_create_empty_oid_set   7.8  Create a set containing no
-                                     object identifiers
-
-     gss_add_oid_set_member     7.4  Add an object identifier to
-                                     a set
-
-     gss_test_oid_set_member    7.30 Determines whether an object
-                                     identifier is a member of a set
-
-
-
-
-
-   Individual GSSAPI implementations may augment these routines by
-   providing additional mechanism-specific routines if required
-   functionality is not available from the generic forms.  Applications are
-   encouraged to use the generic routines wherever possible on portability
-   grounds.
-
-
-   5. DATA TYPES AND CALLING CONVENTIONS
-
-   The following conventions are used by the GSSAPI C-language bindings:
-
-   5.1.  Integer types
-
-   GSSAPI uses the following integer data type:
-
-        OM_uint32      32-bit unsigned integer
-
-   Where guaranteed minimum bit-count is important, this portable data type
-   is used by the GSSAPI routine definitions.  Individual GSSAPI
-   implementations will include appropriate typedef definitions to map this
-   type onto a built-in data type.  If the platform supports the X/Open
-   xom.h header file, the OM_uint32 definition contained therein should be
-   used; the GSSAPI header file in Appendix A contains logic that will
-   detect the prior inclusion of xom.h, and will not attempt to re-declare
-   OM_uint32.  If the X/Open header file is not available on the platform,
-   the GSSAPI implementation should use the smallest natural unsigned
-   integer type that provides at least 32 bits of precision.
-
-   5.2.  String and similar data
-
-   Many of the GSSAPI routines take arguments and return values that
-   describe contiguous octet-strings.  All such data is passed between the
-   GSSAPI and the caller using the gss_buffer_t data type.  This data type
-   is a pointer to a buffer descriptor, which consists of a length field
-   that contains the total number of bytes in the datum, and a value field
-   which contains a pointer to the actual datum:
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 6]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-        typedef struct gss_buffer_desc_struct {
-           size_t  length;
-           void    *value;
-        } gss_buffer_desc, *gss_buffer_t;
-
-   Storage for data returned to the application by a GSSAPI routine using
-   the gss_buffer_t conventions is allocated by the GSSAPI routine.  The
-   application may free this storage by invoking the gss_release_buffer
-   routine.  Allocation of the gss_buffer_desc object is always the
-   responsibility of the application;  unused gss_buffer_desc objects may
-   be initialized to the value GSS_C_EMPTY_BUFFER.
-
-   5.2.1.  Opaque data types
-
-   Certain multiple-word data items are considered opaque data types at the
-   GSSAPI, because their internal structure has no significance either to
-   the GSSAPI or to the caller.  Examples of such opaque data types are the
-   input_token parameter to gss_init_sec_context (which is opaque to the
-   caller), and the input_message parameter to gss_wrap (which is opaque to
-   the GSSAPI).  Opaque data is passed between the GSSAPI and the
-   application using the gss_buffer_t datatype.
-
-   5.2.2.  Character strings
-
-   Certain multiple-word data items may be regarded as simple ISO Latin-1
-   character strings.  Examples are the printable strings passed to
-   gss_import_name via the input_name_buffer parameter. Some GSSAPI
-   routines also return character strings.  All such character strings are
-   passed between the application and the GSSAPI implementation using the
-   gss_buffer_t datatype, which is a pointer to a gss_buffer_desc object.
-
-   When a gss_buffer_desc object describes a printable string, the length
-   field of the gss_buffer_desc should only count printable characters
-   within the string.  In particular, a trailing NUL character should NOT
-   be included in the length count, nor should either the GSSAPI
-   implementation or the application assume the presence of an uncounted
-   trailing NUL.
-
-   5.3.  Object Identifiers
-
-   Certain GSSAPI procedures take parameters of the type gss_OID, or Object
-   identifier.  This is a type containing ISO-defined tree-structured
-   values, and is used by the GSSAPI caller to select an underlying
-   security mechanism and to specify namespaces.  A value of type gss_OID
-   has the following structure:
-
-        typedef struct gss_OID_desc_struct {
-           OM_uint32 length;
-           void      *elements;
-        } gss_OID_desc, *gss_OID;
-
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 7]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   The elements field of this structure points to the first byte of an
-   octet string containing the ASN.1 BER encoding of the value portion of
-   the normal BER TLV encoding of the gss_OID.  The length field contains
-   the number of bytes in this value.  For example, the gss_OID value
-   corresponding to {iso(1) identified-organization(3) icd-ecma(12)
-   member-company(2) dec(1011) cryptoAlgorithms(7) DASS(5)}, meaning the
-   DASS X.509 authentication mechanism, has a length field of 7 and an
-   elements field pointing to seven octets containing the following octal
-   values: 53,14,2,207,163,7,5. GSSAPI implementations should provide
-   constant gss_OID values to allow applications to request any supported
-   mechanism, although applications are encouraged on portability grounds
-   to accept the default mechanism.  gss_OID values should also be provided
-   to allow applications to specify particular name types (see section
-   5.10).  Applications should treat gss_OID_desc values returned by GSSAPI
-   routines as read-only.  In particular, the application should not
-   attempt to deallocate them with free().  The gss_OID_desc datatype is
-   equivalent to the X/Open OM_object_identifier datatype[XOM].
-
-   5.4.  Object Identifier Sets
-
-   Certain GSSAPI procedures take parameters of the type gss_OID_set.  This
-   type represents one or more object identifiers (section 5.3).  A
-   gss_OID_set object has the following structure:
-
-        typedef struct gss_OID_set_desc_struct {
-           size_t       count;
-           gss_OID   elements;
-        } gss_OID_set_desc, *gss_OID_set;
-
-   The count field contains the number of OIDs within the set.  The
-   elements field is a pointer to an array of gss_OID_desc objects, each of
-   which describes a single OID.  gss_OID_set values are used to name the
-   available mechanisms supported by the GSSAPI, to request the use of
-   specific mechanisms, and to indicate which mechanisms a given credential
-   supports.
-
-   All OID sets returned to the application by GSSAPI are dynamic objects
-   (the gss_OID_set_desc, the "elements" array of the set, and the
-   "elements" array of each member OID are all dynamically allocated), and
-   this storage must be deallocated by the application using the
-   gss_release_oid_set() routine.
-
-
-   5.5.  Credentials
-
-   A credential handle is a caller-opaque atomic datum that identifies a
-   GSSAPI credential data structure.  It is represented by the caller-
-   opaque type gss_cred_id_t, which should be implemented as a pointer or
-   arithmetic type.  If a pointer implementation is chosen, care must be
-   taken to ensure that two gss_cred_id_t values may be compared with the
-   == operator.
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 8]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSSAPI credentials can contain mechanism-specific principal
-   authentication data for multiple mechanisms.  A GSSAPI credential is
-   composed of a set of credential-elements, each of which is applicable to
-   a single mechanism.  A credential may contain at most one credential-
-   element for each supported mechanism. A credential-element identifies
-   the data needed by a single mechanism to authenticate a single
-   principal, and conceptually contains two credential-references that
-   describing the actual mechanism-specific authentication data, one to be
-   used by GSSAPI for initiating contexts,  and one to be used for
-   accepting contexts.  For mechanisms that do not distinguish between
-   acceptor and initiator credentials, both references would point to the
-   same underlying mechanism-specific authentication data.
-
-   Credentials describe a set of mechanism-specific principals, and give
-   their holder the ability to act as any of those principals.  All
-   principal identities asserted by a single GSSAPI credential should
-   belong to the same entity, although enforcement of this property is an
-   implementation-specific matter.  The GSSAPI does not make the actual
-   credentials available to applications; instead a credential handle is
-   used to identify a particular credential, held internally by GSSAPI.
-   The combination of GSSAPI credential handle and mechanism identifies the
-   principal whose identity will be asserted by the credential when used
-   with that mechanism.
-
-   The gss_init_sec_context and gss_accept_sec_context routines allow the
-   value GSS_C_NO_CREDENTIAL to be specified as their credential handle
-   parameter.  This special credential-handle indicates a desire by the
-   application to act as a default principal.  While individual GSSAPI
-   implementations are free to determine such default behavior as
-   appropriate to the mechanism, the following default behavior by these
-   routines is recommended for portability:
-
-     (a) gss_init_sec_context
-
-           (i) If there is only a single principal capable of initiating
-               security contexts for the chosen mechanism that the
-               application is authorized to act on behalf of, then that
-               principal shall be used, otherwise
-
-          (ii) If the platform maintains a concept of a default network-
-               identity for the chosen mechanism, and if the application is
-               authorized to act on behalf of that identity for the purpose
-               of initiating security contexts, then the principal
-               corresponding to that identity shall be used, otherwise
-
-         (iii) If the platform maintains a concept of a default local
-               identity, and provides a means to map local identities into
-               network-identities for the chosen mechanism, and if the
-               application is authorized to act on behalf of the network-
-               identity image of the default local identity for the purpose
-               of initiating security contexts using the chosen mechanism,
-
-
-
-   Wray             Document Expiration: 1 September 1997          [Page 9]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-               then the principal corresponding to that identity shall be
-               used, otherwise
-
-          (iv) A user-configurable default identity should be used.
-
-     (b) gss_accept_sec_context
-
-           (i) If there is only a single authorized principal identity
-               capable of accepting security contexts for the chosen
-               mechanism, then that principal shall be used, otherwise
-
-          (ii) If the mechanism can determine the identity of the target
-               principal by examining the context-establishment token, and
-               if the accepting application is authorized to act as that
-               principal for the purpose of accepting security contexts
-               using the chosen mechanism, then that principal identity
-               shall be used, otherwise
-
-         (iii) If the mechanism supports context acceptance by any
-               principal, and if mutual authentication was not requested,
-               any principal that the application is authorized to accept
-               security contexts under using the chosen mechanism may be
-               used, otherwise
-
-          (iv) A user-configurable default identity shall be used.
-
-   The purpose of the above rules is to allow security contexts to be
-   established by both initiator and acceptor using the default behavior
-   wherever possible.  Applications requesting default behavior are likely
-   to be more portable across mechanisms and platforms than ones that use
-   gss_acquire_cred to request a specific identity.
-
-   5.6.  Contexts
-
-   The gss_ctx_id_t data type contains a caller-opaque atomic value that
-   identifies one end of a GSSAPI security context.  It should be
-   implemented as a pointer or arithmetic type.  If a pointer type is
-   chosen, care should be taken to ensure that two gss_ctx_id_t values may
-   be compared with the == operator.
-
-   The security context holds state information about each end of a peer
-   communication, including cryptographic state information.
-
-   5.7.  Authentication tokens
-
-   A token is a caller-opaque type that GSSAPI uses to maintain
-   synchronization between the context data structures at each end of a
-   GSSAPI security context.  The token is a cryptographically protected
-   octet-string, generated by the underlying mechanism at one end of a
-   GSSAPI security context for use by the peer mechanism at the other end.
-   Encapsulation (if required) and transfer of the token are the
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 10]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   responsibility of the peer applications.  A token is passed between the
-   GSSAPI and the application using the gss_buffer_t conventions.
-
-   5.8.  Interprocess tokens
-
-   Certain GSSAPI routines are intended to transfer data between processes
-   in multi-process programs.  These routines use a caller-opaque octet-
-   string, generated by the GSSAPI in one process for use by the GSSAPI in
-   another process.  The calling application is responsible for
-   transferring such tokens between processes in an OS-specific manner.
-   Note that, while GSSAPI implementors are encouraged to avoid placing
-   sensitive information within interprocess tokens, or to
-   cryptographically protect them, many implementations will be unable to
-   avoid placing key material or other sensitive data within them.  It is
-   the application's responsibility to ensure that interprocess tokens are
-   protected in transit, and transferred only to processes that are
-   trustworthy. An interprocess token is passed between the GSSAPI and the
-   application using the gss_buffer_t conventions.
-
-   5.9.  Status values
-
-   One or more status codes are returned by each GSSAPI routine.  Two
-   distinct sorts of status codes are returned.  These are termed GSS
-   status codes and Mechanism status codes.
-
-   5.9.1.  GSS status codes
-
-   GSSAPI routines return GSS status codes as their OM_uint32 function
-   value.  These codes indicate errors that are independent of the
-   underlying mechanism(s) used to provide the security service.  The
-   errors that can be indicated via a GSS status code are either generic
-   API routine errors (errors that are defined in the GSS-API
-   specification) or calling errors (errors that are specific to these
-   language bindings).
-
-   A GSS status code can indicate a single fatal generic API error from the
-   routine and a single calling error.  In addition, supplementary status
-   information may be indicated via the setting of bits in the
-   supplementary info field of a GSS status code.
-
-   These errors are encoded into the 32-bit GSS status code as follows:
-
-       MSB                                                        LSB
-       |------------------------------------------------------------|
-       | Calling Error | Routine Error  |    Supplementary Info     |
-       |------------------------------------------------------------|
-    Bit 31           24 23            16 15                        0
-
-
-   Hence if a GSS-API routine returns a GSS status code whose upper 16 bits
-   contain a non-zero value, the call failed.  If the calling error field
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 11]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   is non-zero, the invoking application's call of the routine was
-   erroneous.  Calling errors are defined in table 5-1.  If the routine
-   error field is non-zero, the routine failed for one of the routine-
-   specific reasons listed below in table 5-2.  Whether or not the upper 16
-   bits indicate a failure or a success, the routine may indicate
-   additional information by setting bits in the supplementary info field
-   of the status code.  The meaning of individual bits is listed below in
-   table 5-3.
-
-   Table 5-1  Calling Errors
-
-         Name                    Value in        Meaning
-                                   Field
-    GSS_S_CALL_INACCESSIBLE_READ     1           A required input
-                                                 parameter could
-                                                 not be read.
-    GSS_S_CALL_INACCESSIBLE_WRITE    2           A required output
-                                                 parameter could
-                                                 not be written.
-    GSS_S_CALL_BAD_STRUCTURE         3           A parameter was
-                                                 malformed
-
-
-
-
-   Table 5-2  Routine Errors
-
-          Name             Value in       Meaning
-                            Field
-
-    GSS_S_BAD_MECH             1      An unsupported mechanism was
-                                      requested
-    GSS_S_BAD_NAME             2      An invalid name was supplied
-    GSS_S_BAD_NAMETYPE         3      A supplied name was of an
-                                      unsupported type
-    GSS_S_BAD_BINDINGS         4      Incorrect channel bindings
-                                      were supplied
-    GSS_S_BAD_STATUS           5      An invalid status code was
-                                      supplied
-    GSS_S_BAD_SIG              6      A token had an invalid
-    GSS_S_BAD_MIC                     MIC
-    GSS_S_NO_CRED              7      No credentials were supplied,
-                                      or the credentials were
-                                      unavailable or inaccessible.
-    GSS_S_NO_CONTEXT           8      No context has been
-                                      established
-    GSS_S_DEFECTIVE_TOKEN      9      A token was invalid
-    GSS_S_DEFECTIVE_CREDENTIAL 10     A credential was invalid
-    GSS_S_CREDENTIALS_EXPIRED  11     The referenced credentials
-                                      have expired
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 12]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-    GSS_S_CONTEXT_EXPIRED      12     The context has expired
-    GSS_S_FAILURE              13     Miscellaneous failure
-                                      (see text)
-    GSS_S_BAD_QOP              14     The quality-of-protection
-                                      requested could not be
-                                      provide
-    GSS_S_UNAUTHORIZED         15     The operation is forbidden by
-                                      local security policy
-    GSS_S_UNAVAILABLE          16     The operation or option is not
-                                      available
-    GSS_S_DUPLICATE_ELEMENT    17     The requested credential element
-                                      already exists
-    GSS_S_NAME_NOT_MN          18     The provided name was not a
-                                      mechanism name.
-
-
-
-
-
-   Table 5-3  Supplementary Status Bits
-
-    Name                Bit Number         Meaning
-    GSS_S_CONTINUE_NEEDED   0 (LSB)  The routine must be called
-                                     again to complete its function.
-                                     See routine documentation for
-                                     detailed description.
-    GSS_S_DUPLICATE_TOKEN   1        The token was a duplicate of
-                                     an earlier token
-    GSS_S_OLD_TOKEN         2        The token's validity period
-                                     has expired
-    GSS_S_UNSEQ_TOKEN       3        A later token has already been
-                                     processed
-    GSS_S_GAP_TOKEN         4        An expected per-message token
-                                     was not received
-
-
-   The routine documentation also uses the name GSS_S_COMPLETE, which is a
-   zero value, to indicate an absence of any API errors or supplementary
-   information bits.
-
-   All GSS_S_xxx symbols equate to complete OM_uint32 status codes, rather
-   than to bitfield values.  For example, the actual value of the symbol
-   GSS_S_BAD_NAMETYPE (value 3 in the routine error field) is 3 << 16.
-
-   The macros GSS_CALLING_ERROR(), GSS_ROUTINE_ERROR() and
-   GSS_SUPPLEMENTARY_INFO() are provided, each of which takes a GSS status
-   code and removes all but the relevant field.  For example, the value
-   obtained by applying GSS_ROUTINE_ERROR to a status code removes the
-   calling errors and supplementary info fields, leaving only the routine
-   errors field.  The values delivered by these macros may be directly
-   compared with a GSS_S_xxx symbol of the appropriate type.  The macro
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 13]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_ERROR() is also provided, which when applied to a GSS status code
-   returns a non-zero value if the status code indicated a calling or
-   routine error, and a zero value otherwise.  All macros defined by GSS-
-   API evaluate their argument(s) exactly once.
-
-   A GSS-API implementation may choose to signal calling errors in a
-   platform-specific manner instead of, or in addition to the routine
-   value;  routine errors and supplementary info should be returned via
-   routine status values only.
-
-   5.9.2.  Mechanism-specific status codes
-
-   GSS-API routines return a minor_status parameter, which is used to
-   indicate specialized errors from the underlying security mechanism.
-   This parameter may contain a single mechanism-specific error, indicated
-   by a OM_uint32 value.
-
-   The minor_status parameter will always be set by a GSS-API routine, even
-   if it returns a calling error or one of the generic API errors indicated
-   above as fatal, although most other output parameters may remain unset
-   in such cases.  However, output parameters that are expected to return
-   pointers to storage allocated by a routine must always be set by the
-   routine, even in the event of an error, although in such cases the GSS-
-   API routine may elect to set the returned parameter value to NULL to
-   indicate that no storage was actually allocated.  Any length field
-   associated with such pointers (as in a gss_buffer_desc structure) should
-   also be set to zero in such cases.
-
-   The GSS status code GSS_S_FAILURE is used to indicate that the
-   underlying mechanism detected an error for which no specific GSS status
-   code is defined.  The mechanism status code will provide more details
-   about the error.
-
-   5.10.  Names
-
-   A name is used to identify a person or entity.  GSS-API authenticates
-   the relationship between a name and the entity claiming the name.
-
-   Since different authentication mechanisms may employ different
-   namespaces for identifying their principals, GSSAPI's naming support is
-   necessarily complex in multi-mechanism environments (or even in some
-   single-mechanism environments where the underlying mechanism supports
-   multiple namespaces).
-
-   Two distinct representations are defined for names:
-
-     (a) An internal form.  This is the GSSAPI "native" format for names,
-         represented by the implementation-specific gss_name_t type.  It is
-         opaque to GSSAPI callers.  A single gss_name_t object may contain
-         multiple names from different namespaces, but all names should
-         refer to the same entity.  An example of such an internal name
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 14]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-         would be the name returned from a call to the gss_inquire_cred
-         routine, when applied to a credential containing credential
-         elements for multiple authentication mechanisms employing
-         different namespaces.  This gss_name_t object will contain a
-         distinct name for the entity for each authentication mechanism.
-
-         For GSSAPI implementations supporting multiple namespaces, objects
-         of type gss_name_t must contain sufficient information to
-         determine the namespace to which each primitive name belongs.
-
-     (b) Mechanism-specific contiguous octet-string forms.  A format
-         capable of containing a single name (from a single namespace).
-         Contiguous string names are always accompanied by an object
-         identifier specifying the namespace to which the name belongs, and
-         their format is dependent on the authentication mechanism that
-         employs the name.  Many, but not all, contiguous string names will
-         be printable, and may therefore be used by GSSAPI applications for
-         communication with their users.
-
-   Routines (gss_import_name and gss_display_name) are provided to convert
-   names between contiguous string representations and the internal
-   gss_name_t type.  gss_import_name may support multiple syntaxes for each
-   supported namespace, allowing users the freedom to choose a preferred
-   name representation.  gss_display_name should use an implementation-
-   chosen printable syntax for each supported name-type.
-
-   If an application calls gss_display_name(), passing the internal name
-   resulting from a call to gss_import_name(), there is no guarantee the
-   the resulting contiguous string name will be the same as the original
-   imported string name.  Nor do name-space identifiers necessarily survive
-   unchanged after a journey through the internal name-form.  An example of
-   this might be a mechanism that authenticates X.500 names, but provides
-   an algorithmic mapping of Internet DNS names into X.500.  That
-   mechanism's implementation of gss_import_name() might, when presented
-   with a DNS name, generate an internal name that contained both the
-   original DNS name and the equivalent X.500 name. Alternatively, it might
-   only store the X.500 name.  In the latter case, gss_display_name() would
-   most likely generate a printable X.500 name, rather than the original
-   DNS name.
-
-   The process of authentication delivers to the context acceptor an
-   internal name.  Since this name has been authenticated by a single
-   mechanism, it contains only a single name (even if the internal name
-   presented by the context initiator to gss_init_sec_context had multiple
-   components).  Such names are termed internal mechanism names, or "MN"s
-   and the names emitted by gss_accept_sec_context() are always of this
-   type.  Since some applications may require MNs without wanting to incur
-   the overhead of an authentication operation, a second function,
-   gss_canonicalize_name(), is provided to convert a general internal name
-   into an MN.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 15]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Comparison of internal-form names may be accomplished via the
-   gss_compare_name() routine, which returns true if the two names being
-   compared refer to the same entity.  This removes the need for the
-   application program to understand the syntaxes of the various printable
-   names that a given GSS-API implementation may support.  Since GSSAPI
-   assumes that all primitive names contained within a given internal name
-   refer to the same entity, gss_compare_name() can return true if the two
-   names have at least one primitive name in common.  If the implementation
-   embodies knowledge of equivalence relationships between names taken from
-   different namespaces, this knowledge may also allow successful
-   comparison of internal names containing no overlapping primitive
-   elements.
-
-   When used in large access control lists, the overhead of invoking
-   gss_import_name() and gss_compare_name() on each name from the ACL may
-   be prohibitive.  As an alternative way of supporting this case, GSSAPI
-   defines a special form of the contiguous string name which may be
-   compared directly (e.g. with memcmp()).  Contigous names suitable for
-   comparison are generated by the gss_export_name() routine, which
-   requires an MN as input.  Exported names may be re-imported by the
-   gss_import_name() routine, and the resulting internal name will also be
-   an MN.  The gss_OID constant GSS_C_NT_EXPORT_NAME indentifies the
-   "export name" type, and the value of this constant is given in Appendix
-   A.     Structurally, an exported name object consists of a header
-   containing an OID identifying the mechanism that authenticated the name,
-   and a trailer containing the name itself, where the syntax of the
-   trailer is defined by the individual mechanism specification.   The
-   precise format of an export name is defined in the language-independent
-   GSSAPI specification [GSSAPI].
-
-   Note that the results obtained by using gss_compare_name() will in
-   general be different from those obtained by invoking
-   gss_canonicalize_name() and gss_export_name(), and then comparing the
-   exported names.  The first series of operation determines whether two
-   (unauthenticated) names identify the same principal; the second whether
-   a particular mechanism would authenticate them as the same principal.
-   These two operations will in general give the same results only for MNs.
-
-   The gss_name_t datatype should be implemented as a pointer type.  To
-   allow the compiler to aid the application programmer by performing
-   type-checking, the use of (void *) is discouraged.  A pointer to an
-   implementation-defined type is the preferred choice.
-
-   Storage is allocated by routines that return gss_name_t values.  A
-   procedure, gss_release_name, is provided to free storage associated with
-   an internal-form name.
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 16]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   5.11.  Channel Bindings
-
-   GSS-API supports the use of user-specified tags to identify a given
-   context to the peer application.  These tags are intended to be used to
-   identify the particular communications channel that carries the context.
-   Channel bindings are communicated to the GSS-API using the following
-   structure:
-
-        typedef struct gss_channel_bindings_struct {
-           OM_uint32       initiator_addrtype;
-           gss_buffer_desc initiator_address;
-           OM_uint32       acceptor_addrtype;
-           gss_buffer_desc acceptor_address;
-           gss_buffer_desc application_data;
-        } *gss_channel_bindings_t;
-
-   The initiator_addrtype and acceptor_addrtype fields denote the type of
-   addresses contained in the initiator_address and acceptor_address
-   buffers.  The address type should be one of the following:
-
-        GSS_C_AF_UNSPEC      Unspecified address type
-        GSS_C_AF_LOCAL       Host-local address type
-        GSS_C_AF_INET        Internet address type (e.g. IP)
-        GSS_C_AF_IMPLINK     ARPAnet IMP address type
-        GSS_C_AF_PUP         pup protocols (eg BSP) address type
-        GSS_C_AF_CHAOS       MIT CHAOS protocol address type
-        GSS_C_AF_NS          XEROX NS address type
-        GSS_C_AF_NBS         nbs address type
-        GSS_C_AF_ECMA        ECMA address type
-        GSS_C_AF_DATAKIT     datakit protocols address type
-        GSS_C_AF_CCITT       CCITT protocols
-        GSS_C_AF_SNA         IBM SNA address type
-        GSS_C_AF_DECnet      DECnet address type
-        GSS_C_AF_DLI         Direct data link interface address type
-        GSS_C_AF_LAT         LAT address type
-        GSS_C_AF_HYLINK      NSC Hyperchannel address type
-        GSS_C_AF_APPLETALK   AppleTalk address type
-        GSS_C_AF_BSC         BISYNC 2780/3780 address type
-        GSS_C_AF_DSS         Distributed system services address type
-        GSS_C_AF_OSI         OSI TP4 address type
-        GSS_C_AF_X25         X25
-        GSS_C_AF_NULLADDR    No address specified
-
-   Note that these symbols name address families rather than specific
-   addressing formats.  For address families that contain several
-   alternative address forms, the initiator_address and acceptor_address
-   fields must contain sufficient information to determine which address
-   form is used.  When not otherwise specified, addresses should be
-   specified in network byte-order (that is, native byte-ordering for the
-   address family).
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 17]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Conceptually, the GSS-API concatenates the initiator_addrtype,
-   initiator_address, acceptor_addrtype, acceptor_address and
-   application_data to form an octet string.  The mechanism calculates a
-   MIC over this octet string, and binds the MIC to the context
-   establishment token emitted by gss_init_sec_context.  The same bindings
-   are presented by the context acceptor to gss_accept_sec_context, and a
-   MIC is calculated in the same way.  The calculated MIC is compared with
-   that found in the token, and if the MICs differ, gss_accept_sec_context
-   will return a GSS_S_BAD_BINDINGS error, and the context will not be
-   established.  Some mechanisms may include the actual channel binding
-   data in the token (rather than just a MIC); applications should
-   therefore not use confidential data as channel-binding components.
-   Individual mechanisms may impose additional constraints on addresses and
-   address types that may appear in channel bindings.  For example, a
-   mechanism may verify that the initiator_address field of the channel
-   bindings presented to gss_init_sec_context contains the correct network
-   address of the host system.  Portable applications should therefore
-   ensure that they either provide correct information for the address
-   fields, or omit addressing information, specifying GSS_C_AF_NULLADDR as
-   the address-types.
-
-   5.12.  Optional parameters
-
-   Various parameters are described as optional.  This means that they
-   follow a convention whereby a default value may be requested.  The
-   following conventions are used for omitted parameters.  These
-   conventions apply only to those parameters that are explicitly
-   documented as optional.
-
-   5.12.1.  gss_buffer_t types
-
-   Specify GSS_C_NO_BUFFER as a value.  For an input parameter this
-   signifies that default behavior is requested, while for an output
-   parameter it indicates that the information that would be returned via
-   the parameter is not required by the application.
-
-   5.12.2.  Integer types (input)
-
-   Individual parameter documentation lists values to be used to indicate
-   default actions.
-
-   5.12.3.  Integer types (output)
-
-   Specify NULL as the value for the pointer.
-
-   5.12.4.  Pointer types
-
-   Specify NULL as the value.
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 18]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   5.12.5.  Object IDs
-
-   Specify GSS_C_NO_OID as the value.
-
-   5.12.6.  Object ID Sets
-
-   Specify GSS_C_NO_OID_SET as the value.
-
-   5.12.7.  Channel Bindings
-
-   Specify GSS_C_NO_CHANNEL_BINDINGS to indicate that channel bindings are
-   not to be used.
-
-
-   6. ADDITIONAL CONTROLS
-
-   This section discusses the optional services that a context initiator
-   may request of the GSS-API at context establishment.  Each of these
-   services is requested by setting a flag in the req_flags input parameter
-   to gss_init_sec_context.
-
-   The optional services currently defined are:
-
-   Delegation - The (usually temporary) transfer of rights from initiator
-         to acceptor, enabling the acceptor to authenticate itself as an
-         agent of the initiator.
-
-   Mutual Authentication - In addition to the initiator authenticating its
-         identity to the context acceptor, the context acceptor should also
-         authenticate itself to the initiator.
-
-   Replay detection - In addition to providing message integrity services,
-         gss_get_mic and gss_wrap should include message numbering
-         information to enable gss_verify_mic and gss_unwrap to detect if a
-         message has been duplicated.
-
-   Out-of-sequence detection - In addition to providing message integrity
-         services, gss_get_mic and gss_wrap should include message
-         sequencing information to enable gss_verify_mic and gss_unwrap to
-         detect if a message has been received out of sequence.
-
-   Anonymous authentication - The establishment of the security context
-         should not reveal the initiator's identity to the context
-         acceptor.
-
-   Any currently undefined bits within such flag arguments should be
-   ignored by GSS-API implementations when presented by an application, and
-   should be set to zero when returned to the application by the GSS-API
-   implementation.
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 19]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Some mechanisms may not support all optional services, and some
-   mechanisms may only support some services in conjunction with others.
-   Both gss_init_sec_context and gss_accept_sec_context inform the
-   applications which services will be available from the context when the
-   establishment phase is complete, via the ret_flags output parameter.  In
-   general, if the security mechanism is capable of providing a requested
-   service, it should do so, even if additional services must be enabled in
-   order to provide the requested service.  If the mechanism is incapable
-   of providing a requested service, it should proceed without the service,
-   leaving the application to abort the context establishment process if it
-   considers the requested service to be mandatory.
-
-   Some mechanisms may specify that support for some services is optional,
-   and that implementors of the mechanism need not provide it.  This is
-   most commonly true of the confidentiality service, often because of
-   legal restrictions on the use of data-encryption, but may apply to any
-   of the services.  Such mechanisms are required to send at least one
-   token from acceptor to initiator during context establishment when the
-   initiator indicates a desire to use such a service, so that the
-   initiating GSSAPI can correctly indicate whether the service is
-   supported by the acceptor's GSSAPI.
-
-   6.1.  Delegation
-
-   The GSS-API allows delegation to be controlled by the initiating
-   application via a boolean parameter to gss_init_sec_context(), the
-   routine that establishes a security context.  Some mechanisms do not
-   support delegation, and for such mechanisms attempts by an application
-   to enable delegation are ignored.
-
-   The acceptor of a security context for which the initiator enabled
-   delegation will receive (via the delegated_cred_handle parameter of
-   gss_accept_sec_context) a credential handle that contains the delegated
-   identity, and this credential handle may be used to initiate subsequent
-   GSSAPI security contexts as an agent or delegate of the initiator.  If
-   the original initiator's identity is "A" and the delegate's identity is
-   "B", then, depending on the underlying mechanism, the identity embodied
-   by the delegated credential may be either "A" or "B acting for A".
-
-   For many mechanisms that support delegation, a simple boolean does not
-   provide enough control.  Examples of additional aspects of delegation
-   control that a mechanism might provide to an application are duration of
-   delegation, network addresses from which delegation is valid, and
-   constraints on the tasks that may be performed by a delegate.  Such
-   controls are presently outside the scope of the GSS-API.  GSS-API
-   implementations supporting mechanisms offering additional controls
-   should provide extension routines that allow these controls to be
-   exercised (perhaps by modifying the initiator's GSS-API credential prior
-   to its use in establishing a context).  However, the simple delegation
-   control provided by GSS-API should always be able to over-ride other
-   mechanism-specific delegation controls - If the application instructs
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 20]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   gss_init_sec_context() that delegation is not desired, then the
-   implementation must not permit delegation to occur.  This is an
-   exception to the general rule that a mechanism may enable services even
-   if they are not requested - delegation may only be provide at the
-   explicit request of the application.
-
-   6.2.  Mutual authentication
-
-   Usually, a context acceptor will require that a context initiator
-   authenticate itself so that the acceptor may make an access-control
-   decision prior to performing a service for the initiator.  In some
-   cases, the initiator may also request that the acceptor authenticate
-   itself.  GSS-API allows the initiating application to request this
-   mutual authentication service by setting a flag when calling
-   gss_init_sec_context.
-
-   The initiating application is informed as to whether or not mutual
-   authentication is being requested of the context acceptor.  Note that
-   some mechanisms may not support mutual authentication, and other
-   mechanisms may always perform mutual authentication, whether or not the
-   initiating application requests it.  In particular, mutual
-   authentication my be required by some mechanisms in order to support
-   replay or out-of-sequence message detection, and for such mechanisms a
-   request for either of these services will automatically enable mutual
-   authentication.
-
-   6.3.  Replay and out-of-sequence detection
-
-   The GSS-API may provide detection of mis-ordered message once a security
-   context has been established.  Protection may be applied to messages by
-   either application, by calling either gss_get_mic or gss_wrap, and
-   verified by the peer application by calling gss_verify_mic or
-   gss_unwrap.
-
-   gss_get_mic calculates a cryptographic checksum of an application
-   message, and returns that checksum in a token.  The application should
-   pass both the token and the message to the peer application, which
-   presents them to gss_verify_mic.
-
-   gss_wrap calculates a cryptographic checksum of an application message,
-   and places both the checksum and the message inside a single token.  The
-   application should pass the token to the peer application, which
-   presents it to gss_unwrap to extract the message and verify the
-   checksum.
-
-   Either pair of routines may be capable of detecting out-of-sequence
-   message delivery, or duplication of messages. Details of such mis-
-   ordered messages are indicated through supplementary status bits in the
-   major status code returned by gss_verify_mic or gss_unwrap.  The
-   relevant supplementary bits are:
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 21]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_DUPLICATE_TOKEN - The token is a duplicate of one that has already
-         been received and processed.  Contexts that do not claim to
-         provide replay detection may still set this bit if the duplicate
-         message is processed immediately after the original, with no
-         intervening messages.
-
-   GSS_S_OLD_TOKEN - The token is too old to determine whether or not it is
-         a duplicate.  Contexts supporting out-of-sequence detection but
-         not replay detection should always set this bit if
-         GSS_S_UNSEQ_TOKEN is set; contexts that support replay detection
-         should only set this bit if the token is so old that it cannot be
-         checked for duplication.
-
-   GSS_S_UNSEQ_TOKEN - A later token has already been processed.
-
-   GSS_S_GAP_TOKEN - An earlier token has not yet been received.
-
-   A mechanism need not maintain a list of all tokens that have been
-   processed in order to support these status codes.  A typical mechanism
-   might retain information about only the most recent "N" tokens
-   processed, allowing it to distinguish duplicates and missing tokens
-   within the most recent "N" messages; the receipt of a token older than
-   the most recent "N" would result in a GSS_S_OLD_TOKEN status.
-
-   6.4.  Anonymous Authentication
-
-   In certain situations, an application may wish to initiate the
-   authentication process to authenticate a peer, without revealing its own
-   identity.  As an example, consider an application providing access to a
-   database containing medical information, and offering unrestricted
-   access to the service.  A client of such a service might wish to
-   authenticate the service (in order to establish trust in any information
-   retrieved from it), but might not wish the service to be able to obtain
-   the client's identity (perhaps due to privacy concerns about the
-   specific inquiries, or perhaps simply to avoid being placed on mailing-
-   lists).
-
-   In normal use of the GSS-API, the initiator's identity is made available
-   to the acceptor as a result of the context establishment process.
-   However, context initiators may request that their identity not be
-   revealed to the context acceptor.  Many mechanisms do not support
-   anonymous authentication, and for such mechanisms the request will not
-   be honored.  An authentication token will be still be generated, but the
-   application is always informed if a requested service is unavailable,
-   and has the option to abort context establishment if anonymity is valued
-   above the other security services that would require a context to be
-   established.
-
-   In addition to informing the application that a context is established
-   anonymously (via the ret_flags outputs from gss_init_sec_context and
-   gss_accept_sec_context), the optional src_name output from
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 22]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   gss_accept_sec_context and gss_inquire_context will, for such contexts,
-   return a reserved internal-form name, defined by the implementation.
-   When presented to gss_display_name, this reserved internal-form name
-   will result in a printable name that is syntactically distinguishable
-   from any valid principal name supported by the implementation,
-   associated with a name-type object identifier with the value
-   GSS_C_NT_ANONYMOUS, whose value us given in Appendix A.  The printable
-   form of an anonymous name should be chosen such that it implies
-   anonymity, since this name may appear in, for example, audit logs.  For
-   example, the string "<anonymous>" might be a good choice, if no valid
-   printable names supported by the implementation can begin with "<" and
-   end with ">".
-
-   6.5.  Confidentiality
-
-   If a context supports the confidentiality service, gss_wrap may be used
-   to encrypt application messages.  Messages are selectively encrypted,
-   under the control of the conf_req_flag input parameter to gss_wrap.
-
-   6.6.  Inter-process context transfer
-
-   GSSAPI V2 provides routines (gss_export_sec_context and
-   gss_import_sec_context) which allow a security context to be transferred
-   between processes on a single machine.  The most common use for such a
-   feature is a client-server design where the server is implemented as a
-   single process that accepts incoming security contexts, which then
-   launches child processes to deal with the data on these contexts.  In
-   such a design, the child processes must have access to the security
-   context data structure created within the parent by its call to
-   gss_accept_sec_context so that they can use per-message protection
-   services and delete the security context when the communication session
-   ends.
-
-   Since the security context data structure is expected to contain
-   sequencing information, it is impractical in general to share a context
-   between processes.  Thus GSSAPI provides a call (gss_export_sec_context)
-   that the process which currently owns the context can call to declare
-   that it has no intention to use the context subsequently, and to create
-   an inter-process token containing information needed by the adopting
-   process to successfully import the context.  After successful completion
-   of this call, the original security context is made inaccessible to the
-   calling process by GSSAPI, and any context handles referring to this
-   context are no longer valid.  The originating process transfers the
-   inter-process token to the adopting process, which passes it to
-   gss_import_sec_context, and a fresh gss_ctx_id_t is created such that it
-   is functionally identical to the original context.
-
-   The inter-process token may contain sensitive data from the original
-   security context (including cryptographic keys).  Applications using
-   inter-process tokens to transfer security contexts must take appropriate
-   steps to protect these tokens in transit.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 23]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Implementations are not required to support the inter-process transfer
-   of security contexts.  The ability to transfer a security context is
-   indicated when the context is created, by gss_init_sec_context or
-   gss_accept_sec_context setting the GSS_C_TRANS_FLAG bit in their
-   ret_flags parameter.
-
-
-   6.7.  The use of incomplete contexts
-
-   Some mechanisms may allow the per-message services to be used before the
-   context establishment process is complete.  For example, a mechanism may
-   include sufficient information in its initial context-level token for
-   the context acceptor to immediately decode messages protected with
-   gss_wrap or gss_get_mic.  For such a mechanism, the initiating
-   application need not wait until subsequent context-level tokens have
-   been sent and received before invoking the per-message protection
-   services.
-
-   The ability of a context to provide per-message services in advance of
-   complete context establishment is indicated by the setting of the
-   GSS_C_PROT_READY_FLAG bit in the ret_flags parameter from
-   gss_init_sec_context and gss_accept_sec_context.  Applications wishing
-   to use per-message protection services on partially-established contexts
-   should check this flag before attempting to invoke gss_wrap or
-   gss_get_mic.
-
-
-
-   7. GSS-API routine descriptions
-
-   In addition to the explicit major status codes documented here, the code
-   GSS_S_FAILURE may be returned by any routine, indicating an
-   implementation-specific or mechanism-specific error condition, further
-   details of which are reported via the minor_status parameter.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 24]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.1.  gss_accept_sec_context
-
-   OM_uint32 gss_accept_sec_context (
-        OM_uint32 *              minor_status,
-        gss_ctx_id_t *           context_handle,
-        const gss_cred_id_t      acceptor_cred_handle,
-        const gss_buffer_t       input_token_buffer,
-        const gss_channel_bindings_t
-                                 input_chan_bindings,
-        const gss_name_t *       src_name,
-        gss_OID *                mech_type,
-        gss_buffer_t             output_token,
-        OM_uint32 *              ret_flags,
-        OM_uint32 *              time_rec,
-        gss_cred_id_t *          delegated_cred_handle)
-
-   Purpose:
-
-   Allows a remotely initiated security context between the application and
-   a remote peer to be established.  The routine may return a output_token
-   which should be transferred to the peer application, where the peer
-   application will present it to gss_init_sec_context.  If no token need
-   be sent, gss_accept_sec_context will indicate this by setting the length
-   field of the output_token argument to zero.  To complete the context
-   establishment, one or more reply tokens may be required from the peer
-   application; if so, gss_accept_sec_context  will return a status flag of
-   GSS_S_CONTINUE_NEEDED, in which case it should be called again when the
-   reply token is received from the peer application, passing the token to
-   gss_accept_sec_context via the input_token parameters.
-
-   Portable applications should be constructed to use the token length and
-   return status to determine whether a token needs to be sent or waited
-   for.  Thus a typical portable caller should always invoke
-   gss_accept_sec_context within a loop:
-
-       gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-       ...
-
-       do {
-          receive_token_from_peer(input_token);
-          maj_stat = gss_accept_sec_context(&min_stat,
-                                            &context_hdl,
-                                            cred_hdl,
-                                            input_token,
-                                            input_bindings,
-                                            &client_name,
-                                            &mech_type,
-                                            output_token,
-                                            &ret_flags,
-                                            &time_rec,
-                                            &deleg_cred);
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 25]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-          if (GSS_ERROR(maj_stat)) {
-             report_error(maj_stat, min_stat);
-          };
-          if (output_token->length != 0) {
-             send_token_to_peer(output_token);
-             gss_release_buffer(&min_stat,
-                                output_token)
-          };
-          if (GSS_ERROR(maj_stat)) {
-             if (context_hdl != GSS_C_NO_CONTEXT)
-                gss_delete_sec_context(&min_stat,
-                                       &context_hdl,
-                                       GSS_C_NO_BUFFER);
-             break;
-          };
-       } while (maj_stat & GSS_S_CONTINUE_NEEDED);
-
-
-   Whenever the routine returns a major status that includes the value
-   GSS_S_CONTINUE_NEEDED, the context is not fully established and the
-   following restrictions apply to the output parameters:
-
-     (a) The value returned via the time_rec parameter is undefined
-
-     (b) Unless the accompanying ret_flags parameter contains the bit
-         GSS_C_PROT_READY_FLAG, indicating that per-message services may be
-         applied in advance of a successful completion status, the value
-         returned via the mech_type parameter may be undefined until the
-         routine returns a major status value of GSS_S_COMPLETE.
-
-     (c) The values of the GSS_C_DELEG_FLAG, GSS_C_MUTUAL_FLAG,
-         GSS_C_REPLAY_FLAG, GSS_C_SEQUENCE_FLAG, GSS_C_CONF_FLAG,
-         GSS_C_INTEG_FLAG and GSS_C_ANON_FLAG bits returned via the
-         ret_flags parameter should contain the values that the
-         implementation expects would be valid if context establishment
-         were to succeed.
-
-         The values of the GSS_C_PROT_READY_FLAG and GSS_C_TRANS_FLAG bits
-         within ret_flags should indicate the actual state at the time
-         gss_accept_sec_context returns, whether or not the context is
-         fully established.
-
-         Although this requires that GSSAPI implementations set the
-         GSS_C_PROT_READY_FLAG in the final ret_flags returned to a caller
-         (i.e. when accompanied by a GSS_S_COMPLETE status code),
-         applications should not rely on this behavior as the flag was not
-         defined in Version 1 of the GSSAPI. Instead, applications should
-         be prepared to use per-message services after a successful context
-         establishment, according to the GSS_C_INTEG_FLAG and
-         GSS_C_CONF_FLAG values.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 26]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-         All other bits within the ret_flags argument should be set to
-         zero.
-
-
-   While the routine returns GSS_S_CONTINUE_NEEDED, the values returned via
-   the ret_flags argument indicate the services that the implementation
-   expects to be available from the established context.
-
-   If the initial call of gss_accept_sec_context() fails, the
-   implementation should not create a context object, and should leave the
-   value of the context_handle parameter set to GSS_C_NO_CONTEXT to
-   indicate this.  In the event of a failure on a subsequent call, the
-   implementation is permitted to delete the "half-built" security context
-   (in which case it should set the context_handle parameter to
-   GSS_C_NO_CONTEXT), but the preferred behavior is to leave the security
-   context (and the context_handle parameter) untouched for the application
-   to delete (using gss_delete_sec_context).
-
-   Parameters:
-
-   context_handle    gss_ctx_id_t, read/modify
-                     context handle for new context.  Supply
-                     GSS_C_NO_CONTEXT for first call; use value
-                     returned in subsequent calls.  Once
-                     gss_accept_sec_context() has returned a value
-                     via this parameter, resources have been assigned
-                     to the corresponding context, and must be
-                     freed by the application after use with a call
-                     to gss_delete_sec_context().
-
-
-   acceptor_cred_handle  gss_cred_id_t, read
-                     Credential handle claimed by context acceptor.
-                     Specify GSS_C_NO_CREDENTIAL to accept the
-                     context as a default principal.  If
-                     GSS_C_NO_CREDENTIAL is specified, but no
-                     default acceptor principal is defined,
-                     GSS_S_NO_CRED will be returned.
-
-   input_token_buffer  buffer, opaque, read
-                     token obtained from remote application.
-
-   input_chan_bindings  channel bindings, read, optional
-                     Application-specified bindings.  Allows
-                     application to securely bind channel
-                     identification information to the security
-                     context.  If channel bindings are not
-                     used, specify GSS_C_NO_CHANNEL_BINDINGS.
-
-   src_name          gss_name_t, modify, optional
-                     Authenticated name of context initiator.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 27]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     After use, this name should be deallocated by
-                     passing it to gss_release_name().  If not
-                     required, specify NULL.
-
-   mech_type         Object ID, modify, optional
-                     Security mechanism used.  The returned
-                     OID value will be a pointer into static
-                     storage, and should be treated as read-only
-                     by the caller (in particular, it does not
-                     need to be freed).  If not required, specify
-                     NULL.
-
-   output_token      buffer, opaque, modify
-                     Token to be passed to peer application. If the
-                     length field of the returned token buffer is 0,
-                     then no token need be passed to the peer
-                     application.  If a non-zero length field is
-                     returned, the associated storage must be freed
-                     after use by the application with a call to
-                     gss_release_buffer().
-
-   ret_flags         bit-mask, modify, optional
-                     Contains various independent flags, each of
-                     which indicates that the context supports a
-                     specific service option.  If not needed,
-                     specify NULL.  Symbolic names are
-                     provided for each flag, and the symbolic names
-                     corresponding to the required flags
-                     should be logically-ANDed with the ret_flags
-                     value to test whether a given option is
-                     supported by the context.  The flags are:
-                     GSS_C_DELEG_FLAG
-                           True - Delegated credentials are available
-                                  via the delegated_cred_handle
-                                  parameter
-                           False - No credentials were delegated
-                     GSS_C_MUTUAL_FLAG
-                           True - Remote peer asked for mutual
-                                  authentication
-                           False - Remote peer did not ask for mutual
-                                   authentication
-                     GSS_C_REPLAY_FLAG
-                           True - replay of protected messages
-                                  will be detected
-                           False - replayed messages will not be
-                                   detected
-                     GSS_C_SEQUENCE_FLAG
-                           True - out-of-sequence protected
-                                  messages will be detected
-                           False - out-of-sequence messages will not
-                                   be detected
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 28]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     GSS_C_CONF_FLAG
-                           True - Confidentiality service may be invoked
-                                  by calling the gss_wrap routine
-                           False - No confidentiality service (via
-                                   gss_wrap) available. gss_wrap will
-                                   provide message encapsulation,
-                                   data-origin authentication and
-                                   integrity services only.
-                     GSS_C_INTEG_FLAG
-                           True - Integrity service may be invoked by
-                                  calling either gss_get_mic or gss_wrap
-                                  routines.
-                           False - Per-message integrity service
-                                   unavailable.
-                     GSS_C_ANON_FLAG
-                           True - The initiator does not wish to
-                                  be authenticated; the src_name
-                                  parameter (if requested) contains
-                                  an anonymous internal name.
-                           False - The initiator has been
-                                   authenticated normally.
-                     GSS_C_PROT_READY_FLAG
-                           True - Protection services (as specified
-                                  by the states of the GSS_C_CONF_FLAG
-                                  and GSS_C_INTEG_FLAG) are available
-                                  if the accompanying major status return
-                                  value is either GSS_S_COMPLETE or
-                                  GSS_S_CONTINUE_NEEDED.
-                           False - Protection services (as specified
-                                   by the states of the GSS_C_CONF_FLAG
-                                   and GSS_C_INTEG_FLAG) are available
-                                   only if the accompanying major status
-                                   return value is GSS_S_COMPLETE.
-                     GSS_C_TRANS_FLAG
-                           True - The resultant security context may
-                                  be transferred to other processes via
-                                  a call to gss_export_sec_context().
-                           False - The security context is not
-                                   transferrable.
-                     All other bits should be set to zero.
-
-   time_rec          Integer, modify, optional
-                     number of seconds for which the context
-                     will remain valid. Specify NULL if not required.
-
-   delegated_cred_handle
-                     gss_cred_id_t, modify, optional
-                     credential handle for credentials received from
-                     context initiator.  Only valid if deleg_flag in
-                     ret_flags is true, in which case an explicit
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 29]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     credential handle (i.e. not GSS_C_NO_CREDENTIAL)
-                     will be returned; if deleg_flag is false,
-                     gss_accept_context() will set this parameter to
-                     GSS_C_NO_CREDENTIAL.  If a credential handle is
-                     returned, the associated resources must be released
-                     by the application after use with a call to
-                     gss_release_cred().  Specify NULL if not required.
-
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-
-   Function value:  GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTINUE_NEEDED Indicates that a token from the peer application
-                     is required to complete the context, and that
-                     gss_accept_sec_context must be called again with that
-                     token.
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on the
-                     input_token failed.
-
-   GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks performed
-                     on the credential failed.
-
-   GSS_S_NO_CRED     The supplied credentials were not valid for context
-                     acceptance, or the credential handle did not reference
-                     any credentials.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.
-
-   GSS_S_BAD_BINDINGS The input_token contains different channel bindings
-                     to those specified via the input_chan_bindings
-                     parameter.
-
-   GSS_S_NO_CONTEXT  Indicates that the supplied context handle did not
-                     refer to a valid context.
-
-   GSS_S_BAD_SIG     The input_token contains an invalid MIC.
-
-   GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal error
-                     during context establishment.
-
-   GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of a
-                     token already processed.  This is a fatal error during
-                     context establishment.
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 30]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_BAD_MECH    The received token specified a mechanism that is not
-                     supported by the implementation or the provided
-                     credential.
-
-
-
-
-
-
-
-   7.2.  gss_acquire_cred
-
-
-   OM_uint32 gss_acquire_cred (
-        OM_uint32 *              minor_status,
-        const gss_name_t         desired_name,
-        OM_uint32                time_req,
-        const gss_OID_set        desired_mechs,
-        gss_cred_usage_t         cred_usage,
-        gss_cred_id_t *          output_cred_handle,
-        gss_OID_set *            actual_mechs,
-        OM_uint32 *              time_rec)
-
-   Purpose:
-
-   Allows an application to acquire a handle for a pre-existing credential
-   by name.  GSS-API implementations must impose a local access-control
-   policy on callers of this routine to prevent unauthorized callers from
-   acquiring credentials to which they are not entitled.  This routine is
-   not intended to provide a ``login to the network'' function, as such a
-   function would involve the creation of new credentials rather than
-   merely acquiring a handle to existing credentials.  Such functions, if
-   required, should be defined in implementation-specific extensions to the
-   API.
-
-   If desired_name is GSS_C_NO_NAME, the call is interpreted as a request
-   for a credential handle that will invoke default behavior when passed to
-   gss_init_sec_context() (if cred_usage is GSS_C_INITIATE or GSS_C_BOTH)
-   or gss_accept_sec_context() (if cred_usage is GSS_C_ACCEPT or
-   GSS_C_BOTH).
-
-   This routine is expected to be used primarily by context acceptors,
-   since implementations are likely to provide mechanism-specific ways of
-   obtaining GSS-API initiator credentials from the system login process.
-   Some implementations may therefore not support the acquisition of
-   GSS_C_INITIATE or GSS_C_BOTH credentials via gss_acquire_cred for any
-   name other than an empty name.
-
-   If credential acquisition is time-consuming for a mechanism, the
-   mechanism may chooses to delay the actual acquisition until the
-   credential is required (e.g. by gss_init_sec_context or
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 31]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   gss_accept_sec_context).  Such mechanism-specific implementation
-   decisions should be invisible to the calling application; thus a call of
-   gss_inquire_cred immediately following the call of gss_acquire_cred must
-   return valid credential data, and may therefore incur the overhead of a
-   deferred credential acquisition.
-
-   Parameters:
-
-   desired_name      gss_name_t, read
-                     Name of principal whose credential
-                     should be acquired
-
-   time_req          Integer, read, optional
-                     number of seconds that credentials
-                     should remain valid. Specify GSS_C_INDEFINITE
-                     to request that the credentials have the maximum
-                     permitted lifetime.
-
-   desired_mechs     Set of Object IDs, read, optional
-                     set of underlying security mechanisms that
-                     may be used.  GSS_C_NO_OID_SET may be used
-                     to obtain an implementation-specific default.
-
-   cred_usage        gss_cred_usage_t, read
-                     GSS_C_BOTH - Credentials may be used
-                                  either to initiate or accept
-                                  security contexts.
-                     GSS_C_INITIATE - Credentials will only be
-                                      used to initiate security
-                                      contexts.
-                     GSS_C_ACCEPT - Credentials will only be used to
-                                    accept security contexts.
-
-   output_cred_handle  gss_cred_id_t, modify
-                     The returned credential handle.  Resources
-                     associated with this credential handle must
-                     be released by the application after use
-                     with a call to gss_release_cred().
-
-   actual_mechs      Set of Object IDs, modify, optional
-                     The set of mechanisms for which the
-                     credential is valid.  Storage associated
-                     with the returned OID-set must be released by
-                     the application after use with a call to
-                     gss_release_oid_set().  Specify NULL if not
-                     required.
-
-   time_rec          Integer, modify, optional
-                     Actual number of seconds for which the
-                     returned credentials will remain valid.  If the
-                     implementation does not support expiration of
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 32]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     credentials, the value GSS_C_INDEFINITE will
-                     be returned. Specify NULL if not required
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   Function value:  GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_MECH    Unavailable mechanism requested
-
-   GSS_S_BAD_NAMETYPE Type contained within desired_name parameter is not
-                     supported
-
-   GSS_S_BAD_NAME    Value supplied for desired_name parameter is ill-
-                     formed.
-
-   GSS_S_CREDENTIALS_EXPIRED The credentials could not be acquired because
-                     they have expired.
-
-   GSS_S_NO_CRED     No credentials were found for the specified name.
-
-
-
-
-
-
-
-   7.3.  gss_add_cred
-
-
-   OM_uint32 gss_add_cred (
-        OM_uint32 *              minor_status,
-        const gss_cred_id_t      input_cred_handle,
-        const gss_name_t         desired_name,
-        const gss_OID            desired_mech,
-        gss_cred_usage_t         cred_usage,
-        OM_uint32                initiator_time_req,
-        OM_uint32                acceptor_time_req,
-        gss_cred_id_t *          output_cred_handle,
-        gss_OID_set *            actual_mechs,
-        OM_uint32 *              initiator_time_rec,
-        OM_uint32 *              acceptor_time_rec)
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 33]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Purpose:
-
-   Adds a credential-element to a credential.  The credential-element is
-   identified by the name of the principal to which it refers.  GSSAPI
-   implementations must impose a local access-control policy on callers of
-   this routine to prevent unauthorized callers from acquiring credential-
-   elements to which they are not entitled. This routine is not intended to
-   provide a ``login to the network'' function, as such a function would
-   involve the creation of new mechanism-specific authentication data,
-   rather than merely acquiring a GSSAPI handle to existing data.  Such
-   functions, if required, should be defined in implementation-specific
-   extensions to the API.
-
-   This routine is expected to be used primarily by context acceptors,
-   since implementations are likely to provide mechanism-specific ways of
-   obtaining GSS-API initiator credentials from the system login process.
-   Some implementations may therefore not support the acquisition of
-   GSS_C_INITIATE or GSS_C_BOTH credentials via gss_acquire_cred.
-
-   If credential acquisition is time-consuming for a mechanism, the
-   mechanism may chooses to delay the actual acquisition until the
-   credential is required (e.g. by gss_init_sec_context or
-   gss_accept_sec_context).  Such mechanism-specific implementation
-   decisions should be invisible to the calling application; thus a call of
-   gss_inquire_cred immediately following the call of gss_acquire_cred must
-   return valid credential data, and may therefore incur the overhead of a
-   deferred credential acquisition.
-
-   This routine can be used to either create a new credential containing
-   all credential-elements of the original in addition to the newly-acquire
-   credential-element, or to add the new credential-element to an existing
-   credential. If NULL is specified for the output_cred_handle parameter
-   argument, the new credential-element will be added to the credential
-   identified by input_cred_handle; if a valid pointer is specified for the
-   output_cred_handle parameter, a new credential and handle will be
-   created.
-
-   If GSS_C_NO_CREDENTIAL is specified as the input_cred_handle, the
-   gss_add_cred will create its output_cred_handle based on default
-   behavior.  That is, the call will have the same effect as if the
-   application had first made a call to gss_acquire_cred(), specifying the
-   same usage and passing GSS_C_NO_NAME as the desired_name parameter to
-   obtain an explicit credential handle embodying default behavior, passed
-   this credential handle to gss_add_cred(), and finally called
-   gss_release_cred() on the first credential handle.
-
-   If GSS_C_NO_CREDENTIAL is specified as the input_cred_handle parameter,
-   a non-NULL output_cred_handle must be supplied.
-
-   Parameters:
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 34]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   input_cred_handle gss_cred_id_t, read, optional
-                     The credential to which a credential-element
-                     will be added.  If GSS_C_NO_CREDENTIAL is
-                     specified, the routine will create the new
-                     credential based on default behavior (see
-                     description above).  Note that, while the
-                     credential-handle is not modified by
-                     gss_add_cred(), the underlying credential
-                     will be modified if output_credential_handle
-                     is NULL.
-
-   desired_name      gss_name_t, read.
-                     Name of principal whose credential
-                     should be acquired.
-
-   desired_mech      Object ID, read
-                     Underlying security mechanism with which the
-                     credential may be used.
-
-   cred_usage        gss_cred_usage_t, read
-                     GSS_C_BOTH - Credential may be used
-                                  either to initiate or accept
-                                  security contexts.
-                     GSS_C_INITIATE - Credential will only be
-                                      used to initiate security
-                                      contexts.
-                     GSS_C_ACCEPT - Credential will only be used to
-                                    accept security contexts.
-
-   initiator_time_req Integer, read, optional
-                     number of seconds that the credential
-                     should remain valid for initiating security
-                     contexts.  This argument is ignored if the
-                     created credentials are of type GSS_C_ACCEPT.
-                     Specify GSS_C_INDEFINITE to request that the
-                     credentials have the maximum permitted initiator
-                     lifetime.
-
-   acceptor_time_req Integer, read, optional
-                     number of seconds that the credential
-                     should remain valid for accepting security
-                     contexts.  This argument is ignored if the
-                     created credentials are of type GSS_C_INITIATE.
-                     Specify GSS_C_INDEFINITE to request that the
-                     credentials have the maximum permitted initiator
-                     lifetime.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 35]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   output_cred_handle gss_cred_id_t, modify, optional
-                     The returned credential handle, containing
-                     the new credential-element and all the
-                     credential-elements from input_cred_handle.
-                     If a valid pointer to a gss_cred_id_t is
-                     supplied for this parameter, gss_add_cred
-                     creates a new credential handle containing all
-                     credential-elements from the input_cred_handle
-                     and the newly acquired credential-element; if
-                     NULL is specified for this parameter, the newly
-                     acquired credential-element will be added
-                     to the credential identified by input_cred_handle.
-                     The resources associated with any credential
-                     handle returned via this parameter must be
-                     released by the application after use with a
-                     call to gss_release_cred().
-
-   actual_mechs      Set of Object IDs, modify, optional
-                     The complete set of mechanisms for which
-                     the new credential is valid.  Storage for
-                     the returned OID-set must be freed by the
-                     application after use with a call to
-                     gss_release_oid_set(). Specify NULL if
-                     not required.
-
-   initiator_time_rec Integer, modify, optional
-                     Actual number of seconds for which the
-                     returned credentials will remain valid for
-                     initiating contexts using the specified
-                     mechanism.  If the implementation or mechanism
-                     does not support expiration of credentials, the
-                     value GSS_C_INDEFINITE will be returned. Specify
-                     NULL if not required
-
-   acceptor_time_rec Integer, modify, optional
-                     Actual number of seconds for which the
-                     returned credentials will remain valid for
-                     accepting security contexts using the specified
-                     mechanism.  If the implementation or mechanism
-                     does not support expiration of credentials, the
-                     value GSS_C_INDEFINITE will be returned. Specify
-                     NULL if not required
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_MECH    Unavailable mechanism requested
-
-   GSS_S_BAD_NAMETYPE Type contained within desired_name parameter is not
-                     supported
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 36]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_BAD_NAME    Value supplied for desired_name parameter is ill-
-                     formed.
-
-   GSS_S_DUPLICATE_ELEMENT The credential already contains an element for
-                     the requested mechanism with overlapping usage and
-                     validity period.
-
-   GSS_S_CREDENTIALS_EXPIRED The required credentials could not be added
-                     because they have expired.
-
-   GSS_S_NO_CRED     No credentials were found for the specified name.
-
-
-
-
-
-
-
-   7.4.  gss_add_oid_set_member
-
-   OM_uint32 gss_add_oid_set_member (
-        OM_uint32  *             minor_status,
-        const gss_OID            member_oid,
-        gss_OID_set *            oid_set)
-
-   Purpose:
-
-   Add an Object Identifier to an Object Identifier set.  This routine is
-   intended for use in conjunction with gss_create_empty_oid_set when
-   constructing a set of mechanism OIDs for input to gss_acquire_cred.
-
-   The oid_set parameter must refer to an OID-set that was created by
-   GSSAPI (e.g. a set returned by gss_create_empty_oid_set()).  GSSAPI
-   creates a copy of the member_oid and inserts this copy into the set,
-   expanding the storage allocated to the OID-set's elements array if
-   necessary.  The routine may add the new member OID anywhere within the
-   elements array, and implementations should verify that the new
-   member_oid is not already contained within the elements array.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   member_oid        Object ID, read
-                     The object identifier to copied into
-                     the set.
-
-   oid_set           Set of Object ID, modify
-                     The set in which the object identifier
-                     should be inserted.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 37]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-   7.5.  gss_canonicalize_name
-
-   OM_uint32 gss_canonicalize_name (
-        OM_uint32  *             minor_status,
-        const gss_name_t         input_name,
-        const gss_OID            mech_type,
-        gss_name_t *             output_name)
-
-   Purpose:
-
-   Generate a canonical mechanism name (MN) from an arbitrary internal
-   name.  The mechanism name is the name that would be returned to a
-   context acceptor on successful authentication of a context where the
-   initiator used the input_name in a successful call to gss_acquire_cred,
-   specifying an OID set containing <mech_type> as its only member,
-   followed by a call to gss_init_sec_context, specifying <mech_type> as
-   the authentication mechanism.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   input_name        gss_name_t, read
-                     The name for which a canonical form is
-                     desired
-
-   mech_type         Object ID, read
-                     The authentication mechanism for which the
-                     canonical form of the name is desired.  The
-                     desired mechanism must be specified explicitly;
-                     no default is provided.
-
-   output_name       gss_name_t, modify
-                     The resultant canonical name.  Storage
-                     associated with this name must be freed by
-                     the application after use with a call to
-                     gss_release_name().
-
-   Function value:   GSS status code
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 38]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_COMPLETE    Successful completion.
-
-   GSS_S_BAD_MECH    The identified mechanism is not supported.
-
-   GSS_S_BAD_NAMETYPE The provided internal name contains no elements that
-                     could be processed by the sepcified mechanism.
-
-   GSS_S_BAD_NAME    The provided internal name was ill-formed.
-
-
-
-
-
-
-
-   7.6.  gss_compare_name
-
-   OM_uint32 gss_compare_name (
-        OM_uint32 *              minor_status,
-        const gss_name_t         name1,
-        const gss_name_t         name2,
-        int *                    name_equal)
-
-   Purpose:
-
-   Allows an application to compare two internal-form names to determine
-   whether they refer to the same entity.
-
-   If either name presented to gss_compare_name denotes an anonymous
-   principal, the routines should indicate that the two names do not refer
-   to the same identity.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   name1             gss_name_t, read
-                     internal-form name
-
-   name2             gss_name_t, read
-                     internal-form name
-
-   name_equal        boolean, modify
-                     non-zero - names refer to same entity
-                     zero - names refer to different entities
-                            (strictly, the names are not known
-                            to refer to the same identity).
-
-   Function value:   GSS status code
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 39]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAMETYPE The two names were of incomparable types.
-
-   GSS_S_BAD_NAME    One or both of name1 or name2 was ill-formed
-
-
-
-
-
-
-
-   7.7.  gss_context_time
-
-   OM_uint32 gss_context_time (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        OM_uint32 *              time_rec)
-
-   Purpose:
-
-   Determines the number of seconds for which the specified context will
-   remain valid.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context to be interrogated.
-
-   time_rec          Integer, modify
-                     Number of seconds that the context will remain
-                     valid.  If the context has already expired,
-                     zero will be returned.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a valid
-                     context
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 40]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.8.  gss_create_empty_oid_set
-
-   OM_uint32 gss_create_empty_oid_set (
-        OM_uint32  *             minor_status,
-        gss_OID_set *            oid_set)
-
-   Purpose:
-
-   Create an object-identifier set containing no object identifiers, to
-   which members may be subsequently added using the
-   gss_add_oid_set_member() routine.  These routines are intended to be
-   used to construct sets of mechanism object identifiers, for input to
-   gss_acquire_cred.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   oid_set           Set of Object IDs, modify
-                     The empty object identifier set.
-                     The routine will allocate the
-                     gss_OID_set_desc object, which the
-                     application must free after use with
-                     a call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-   7.9.  gss_delete_sec_context
-
-   OM_uint32 gss_delete_sec_context (
-       OM_uint32 *               minor_status,
-       gss_ctx_id_t *            context_handle,
-       gss_buffer_t              output_token)
-
-   Purpose:
-
-   Delete a security context.  gss_delete_sec_context will delete the local
-   data structures associated with the specified security context, and may
-   generate an output_token, which when passed to the peer
-   gss_process_context_token will instruct it to do likewise.  If no token
-   is required by the mechanism, the GSS-API should set the length field of
-   the output_token (if provided) to zero.  No further security services
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 41]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   may be obtained using the context specified by context_handle.
-
-   In addition to deleting established security contexts,
-   gss_delete_sec_context must also be able to delete "half-built" security
-   contexts resulting from an incomplete sequence of
-   gss_init_sec_context()/gss_accept_sec_context() calls.
-
-   The output_token parameter is retained for compatibility with version 1
-   of the GSS-API.  It is recommended that both peer applications invoke
-   gss_delete_sec_context passing the value GSS_C_NO_BUFFER for the
-   output_token parameter, indicating that no token is required, and that
-   gss_delete_sec_context should simply delete local context data
-   structures.  If the application does pass a valid buffer to
-   gss_delete_sec_context, mechanisms are encouraged to return a zero-
-   length token, indicating that no peer action is necessary, and that no
-   token should be transferred by the application.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, modify
-                     context handle identifying context to delete.
-                     After deleting the context, the GSSAPI will set
-                     this context handle to GSS_C_NO_CONTEXT.
-
-   output_token      buffer, opaque, modify, optional
-                     token to be sent to remote application to
-                     instruct it to also delete the context.  It
-                     is recommended that applications specify
-                     GSS_C_NO_BUFFER for this parameter, requesting
-                     local deletion only.  If a buffer parameter is
-                     provided by the application, the mechanism may
-                     return a token in it;  mechanisms that implement
-                     only local deletion should set the length field of
-                     this token to zero to indicate to the application
-                     that no token is to be sent to the peer.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CONTEXT  No valid context was supplied
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 42]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.10.  gss_display_name
-
-   OM_uint32 gss_display_name (
-        OM_uint32 *              minor_status,
-        const gss_name_t         input_name,
-        gss_buffer_t             output_name_buffer,
-        gss_OID *                output_name_type)
-
-   Purpose:
-
-   Allows an application to obtain a textual representation of an opaque
-   internal-form  name for display purposes.  The syntax of a printable
-   name is defined by the GSS-API implementation.
-
-   If input_name denotes an anonymous principal, the implementation should
-   return the gss_OID value GSS_C_NT_ANONYMOUS as the output_name_type, and
-   a textual name that is syntactically distinct from all valid supported
-   printable names in output_name_buffer.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   input_name        gss_name_t, read
-                     name to be displayed
-
-   output_name_buffer  buffer, character-string, modify
-                     buffer to receive textual name string.
-                     The application must free storage associated
-                     with this name after use with a call to
-                     gss_release_buffer().
-
-   output_name_type  Object ID, modify, optional
-                     The type of the returned name.  The returned
-                     gss_OID will be a pointer into static storage,
-                     and should be treated as read-only by the caller
-                     (in particular, it does not need to be freed).
-                     Specify NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    input_name was ill-formed
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 43]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.11.  gss_display_status
-
-   OM_uint32 gss_display_status (
-        OM_uint32 *              minor_status,
-        OM_uint32                status_value,
-        int                      status_type,
-        const gss_OID            mech_type,
-        OM_uint32 *              message_context,
-        gss_buffer_t             status_string)
-
-   Purpose:
-
-   Allows an application to obtain a textual representation of a GSS-API
-   status code, for display to the user or for logging purposes.  Since
-   some status values may indicate multiple conditions, applications may
-   need to call gss_display_status multiple times, each call generating a
-   single text string.  The message_context parameter is used by
-   gss_acquire_cred to store state information about which error messages
-   have already been extracted from a given status_value; message_context
-   must be initialized to 0 by the application prior to the first call, and
-   gss_display_status will return a non-zero value in this parameter if
-   there are further messages to extract.  The message_context parameter
-   contains all state information required by gss_display_status in order
-   to extract further messages from the status_value;  even when a non-zero
-   value is returned in this parameter, the application is not required to
-   call gss_display_status again unless subsequent messages are desired.
-   The following code extracts all messages from a given status code and
-   prints them to stderr:
-
-
-       OM_uint32 message_context;
-       OM_uint32 status_code;
-       OM_uint32 maj_status;
-       OM_uint32 min_status;
-       gss_buffer_desc status_string;
-
-       ...
-
-       message_context = 0;
-
-       do {
-
-           maj_status = gss_display_status (&min_status,
-                                            status_code,
-                                            GSS_C_GSS_CODE,
-                                            GSS_C_NO_OID,
-                                            &message_context,
-                                            &status_string)
-
-           fprintf(stderr,
-                   "%.*s\n",
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 44]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                   status_string.length,
-                   status_string.value);
-
-           gss_release_buffer(&min_status,
-                              &status_string);
-
-       } while (message_context != 0);
-
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   status_value      Integer, read
-                     Status value to be converted
-
-   status_type       Integer, read
-                     GSS_C_GSS_CODE - status_value is a GSS status
-                                      code
-                     GSS_C_MECH_CODE - status_value is a mechanism
-                                       status code
-
-   mech_type         Object ID, read, optional
-                     Underlying mechanism (used to interpret a
-                     minor status value) Supply GSS_C_NO_OID to
-                     obtain the system default.
-
-   message_context   Integer, read/modify
-                     Should be initialized to zero by the
-                     application prior to the first call.
-                     On return from gss_display_status(),
-                     a non-zero status_value parameter indicates
-                     that additional messages may be extracted
-                     from the status code via subsequent calls
-                     to gss_display_status(), passing the same
-                     status_value, status_type, mech_type, and
-                     message_context parameters.
-
-   status_string     buffer, character string, modify
-                     textual interpretation of the status_value.
-                     Storage associated with this parameter must
-                     be freed by the application after use with
-                     a call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 45]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_BAD_MECH    Indicates that translation in accordance with an
-                     unsupported mechanism type was requested
-
-   GSS_S_BAD_STATUS  The status value was not recognized, or the status
-                     type was neither GSS_C_GSS_CODE nor GSS_C_MECH_CODE.
-
-
-
-
-
-
-
-   7.12.  gss_duplicate_name
-
-   OM_uint32 gss_duplicate_name (
-        OM_uint32 *              minor_status,
-        const gss_name_t         src_name,
-        gss_name_t *             dest_name)
-
-   Purpose:
-
-   Create an exact duplicate of the existing internal name src_name.  The
-   new dest_name will be independent of src_name (i.e. src_name and
-   dest_name must both be released, and the release of one shall not affect
-   the validity of the other).
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   src_name          gss_name_t, read
-                     internal name to be duplicated.
-
-   dest_name         gss_name_t, modify
-                     The resultant copy of <src_name>.
-                     Storage associated with this name must
-                     be freed by the application after use
-                     with a call to gss_release_name().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    The src_name parameter was ill-formed.
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 46]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.13.  gss_export_name
-
-   OM_uint32 gss_export_name (
-        OM_uint32 *              minor_status,
-        const gss_name_t         input_name,
-        gss_buffer_t             exported_name)
-
-   Purpose:
-
-   To produce a canonical contiguous string representation of a mechanism
-   name (MN), suitable for direct comparison (e.g. with memcmp) for use in
-   authorization functions (e.g. matching entries in an access-control
-   list).
-
-   The <input_name> parameter must specify a valid MN (i.e. an internal
-   name generated by gss_accept_sec_context or by gss_canonicalize_name).
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   input_name        gss_name_t, read
-                     The MN to be exported
-
-   exported_name     gss_buffer_t, octet-string, modify
-                     The canonical contiguous string form of
-                     <input_name>.  Storage associated with
-                     this string must freed by the application
-                     after use with gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NAME_NOT_MN The provided internal name was not a mechanism name.
-
-   GSS_S_BAD_NAME    The provide internal name was ill-formed.
-
-   GSS_S_BAD_NAMETYPE The internal name was of a type not supported by the
-                     GSSAPI implementation.
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 47]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.14.  gss_export_sec_context
-
-   OM_uint32 gss_export_sec_context (
-        OM_uint32  *             minor_status,
-        gss_ctx_id_t *           context_handle,
-        gss_buffer_t             interprocess_token)
-
-   Purpose:
-
-   Provided to support the sharing of work between multiple processes.
-   This routine will typically be used by the context-acceptor, in an
-   application where a single process receives incoming connection requests
-   and accepts security contexts over them, then passes the established
-   context to one or more other processes for message exchange.
-   gss_export_sec_context() deactivates the security context for the
-   calling process and creates an interprocess token which, when passed to
-   gss_import_sec_context in another process, will re-activate the context
-   in the second process. Only a single instantiation of a given context
-   may be active at any one time; a subsequent attempt by a context
-   exporter to access the exported security context will fail.
-
-   The implementation may constrain the set of processes by which the
-   interprocess token may be imported, either as a function of local
-   security policy, or as a result of implementation decisions.  For
-   example, some implementations may constrain contexts to be passed only
-   between processes that run under the same account, or which are part of
-   the same process group.
-
-   The interprocess token may contain security-sensitive information (for
-   example cryptographic keys).  While mechanisms are encouraged to either
-   avoid placing such sensitive information within interprocess tokens, or
-   to encrypt the token before returning it to the application, in a
-   typical object-library GSSAPI implementation this may not be possible.
-   Thus the application must take care to protect the interprocess token,
-   and ensure that any process to which the token is transferred is
-   trustworthy.
-
-   If creation of the interprocess token is succesful, the implementation
-   shall deallocate all process-wide resources associated with the security
-   context, and set the context_handle to GSS_C_NO_CONTEXT.  In the event
-   of an error that makes it impossible to complete the export of the
-   security context, the implementation must not return an interprocess
-   token, and should strive to leave the security context referenced by the
-   context_handle parameter untouched.  If this is impossible, it is
-   permissible for the implementation to delete the security context,
-   providing it also sets the context_handle parameter to GSS_C_NO_CONTEXT.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 48]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   context_handle    gss_ctx_id_t, modify
-                     context handle identifying the context to transfer.
-
-   interprocess_token   buffer, opaque, modify
-                        token to be transferred to target process.
-                        Storage associated with this token must be
-                        freed by the application after use with a
-                        call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has expired
-
-   GSS_S_NO_CONTEXT  The context was invalid
-
-   GSS_S_UNAVAILABLE The operation is not supported.
-
-
-
-
-
-
-
-   7.15.  gss_get_mic
-
-   OM_uint32 gss_get_mic (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        gss_qop_t                qop_req,
-        const gss_buffer_t       message_buffer,
-        gss_buffer_t             msg_token)
-
-   Purpose:
-
-   Generates a cryptographic MIC for the supplied message, and places the
-   MIC in a token for transfer to the peer application.  The qop_req
-   parameter allows a choice between several cryptographic algorithms, if
-   supported by the chosen mechanism.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     identifies the context on which the message
-                     will be sent
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 49]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-   qop_req           gss_qop_t, read, optional
-                     Specifies requested quality of protection.
-                     Callers are encouraged, on portability grounds,
-                     to accept the default quality of protection
-                     offered by the chosen mechanism, which may be
-                     requested by specifying GSS_C_QOP_DEFAULT for
-                     this parameter.  If an unsupported protection
-                     strength is requested, gss_get_mic will return a
-                     major_status of GSS_S_BAD_QOP.
-
-   message_buffer    buffer, opaque, read
-                     message to be protected
-
-   msg_token         buffer, opaque, modify
-                     buffer to receive token.  The application must
-                     free storage associated with this buffer after
-                     use with a call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a valid
-                     context
-
-   GSS_S_BAD_QOP     The specified QOP is not supported by the mechanism.
-
-
-
-
-
-
-
-   7.16.  gss_import_name
-
-   OM_uint32 gss_import_name (
-        OM_uint32 *              minor_status,
-        const gss_buffer_t       input_name_buffer,
-        const gss_OID            input_name_type,
-        gss_name_t *             output_name)
-
-   Purpose:
-
-   Convert a contiguous string name to internal form.  In general, the
-   internal name returned (via the <output_name> parameter) will not be an
-   MN; the exception to this is if the <input_name_type> indicates that the
-   contiguous string provided via the <input_name_buffer> parameter is of
-   type GSS_C_NT_EXPORT_NAME, in which case the returned internal name will
-   be an MN for the mechanism that exported the name.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 50]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   input_name_buffer  buffer, octet-string, read
-                     buffer containing contiguous string name to convert
-
-   input_name_type   Object ID, read, optional
-                     Object ID specifying type of printable
-                     name.  Applications may specify either
-                     GSS_C_NO_OID to use a mechanism-specific
-                     default printable syntax, or an OID registered
-                     by the GSS-API implementation to name a
-                     specific namespace.
-
-   output_name       gss_name_t, modify
-                     returned name in internal form.  Storage
-                     associated with this name must be freed
-                     by the application after use with a call
-                     to gss_release_name().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAMETYPE The input_name_type was unrecognized
-
-   GSS_S_BAD_NAME    The input_name parameter could not be interpreted as a
-                     name of the specified type
-
-
-
-
-
-
-
-
-   7.17.  gss_import_sec_context
-
-   OM_uint32 gss_import_sec_context (
-        OM_uint32  *             minor_status,
-        const gss_buffer_t       interprocess_token,
-        gss_ctx_id_t *           context_handle)
-
-   Purpose:
-
-   Allows a process to import a security context established by another
-   process.  A given interprocess token may be imported only once.  See
-   gss_export_sec_context.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 51]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   interprocess_token  buffer, opaque, modify
-                     token received from exporting process
-
-   context_handle    gss_ctx_id_t, modify
-                     context handle of newly reactivated context.
-                     Resources associated with this context handle
-                     must be released by the application after use
-                     with a call to gss_delete_sec_context().
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion.
-
-   GSS_S_NO_CONTEXT  The token did not contain a valid context reference.
-
-   GSS_S_DEFECTIVE_TOKEN The token was invalid.
-
-   GSS_S_UNAVAILABLE The operation is unavailable.
-
-   GSS_S_UNAUTHORIZED Local policy prevents the import of this context by
-                     the current process..
-
-
-
-
-
-
-
-   7.18.  gss_indicate_mechs
-
-   OM_uint32 gss_indicate_mechs (
-        OM_uint32 *              minor_status,
-        gss_OID_set *            mech_set)
-
-   Purpose:
-
-   Allows an application to determine which underlying security mechanisms
-   are available.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 52]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-   mech_set          set of Object IDs, modify
-                     set of implementation-supported mechanisms.
-                     The returned gss_OID_set value will be a
-                     dynamically-allocated OID set, that should
-                     be released by the caller after use with a
-                     call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-   7.19.  gss_init_sec_context
-
-   OM_uint32 gss_init_sec_context (
-        OM_uint32 *              minor_status,
-        const gss_cred_id_t      initiator_cred_handle,
-        gss_ctx_id_t *           context_handle,
-        const gss_name_t         target_name,
-        const gss_OID            mech_type,
-        OM_uint32                req_flags,
-        OM_uint32                time_req,
-        const gss_channel_bindings_t
-                                 input_chan_bindings,
-        const gss_buffer_t       input_token
-        gss_OID *                actual_mech_type,
-        gss_buffer_t             output_token,
-        OM_uint32 *              ret_flags,
-        OM_uint32 *              time_rec )
-
-   Purpose:
-
-   Initiates the establishment of a security context between the
-   application and a remote peer.  Initially, the input_token parameter
-   should be specified either as GSS_C_NO_BUFFER, or as a pointer to a
-   gss_buffer_desc object whose length field contains the value zero.  The
-   routine may return a output_token which should be transferred to the
-   peer application, where the peer application will present it to
-   gss_accept_sec_context.  If no token need be sent, gss_init_sec_context
-   will indicate this by setting the length field of the output_token
-   argument to zero.  To complete the context establishment, one or more
-   reply tokens may be required from the peer application; if so,
-   gss_init_sec_context will return a status containing the supplementary
-   information bit GSS_S_CONTINUE_NEEDED.  In this case,
-   gss_init_sec_context should be called again when the reply token is
-   received from the peer application, passing the reply token to
-   gss_init_sec_context via the input_token parameters.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 53]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Portable applications should be constructed to use the token length and
-   return status to determine whether a token needs to be sent or waited
-   for.  Thus a typical portable caller should always invoke
-   gss_init_sec_context within a loop:
-
-       int context_established = 0;
-       gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-       ...
-       input_token->length = 0;
-
-       while (!context_established) {
-          maj_stat = gss_init_sec_context(&min_stat,
-                                          cred_hdl,
-                                          &context_hdl,
-                                          target_name,
-                                          desired_mech,
-                                          desired_services,
-                                          desired_time,
-                                          input_bindings,
-                                          input_token,
-                                          &actual_mech,
-                                          output_token,
-                                          &actual_services,
-                                          &actual_time);
-          if (GSS_ERROR(maj_stat)) {
-             report_error(maj_stat, min_stat);
-          };
-          if (output_token->length != 0) {
-             send_token_to_peer(output_token);
-             gss_release_buffer(&min_stat,
-                                output_token)
-          };
-          if (GSS_ERROR(maj_stat)) {
-             if (context_hdl != GSS_C_NO_CONTEXT)
-                gss_delete_sec_context(&min_stat,
-                                       &context_hdl,
-                                       GSS_C_NO_BUFFER);
-             break;
-          };
-          if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-             receive_token_from_peer(input_token);
-          } else {
-             context_established = 1;
-          };
-       };
-
-   Whenever the routine returns a major status that includes the value
-   GSS_S_CONTINUE_NEEDED, the context is not fully established and the
-   following restrictions apply to the output parameters:
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 54]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-     (a) The value returned via the time_rec parameter is undefined
-
-     (b) Unless the accompanying ret_flags parameter contains the bit
-         GSS_C_PROT_READY_FLAG, indicating that per-message services may be
-         applied in advance of a successful completion status, the value
-         returned via the actual_mech_type parameter is undefined until the
-         routine returns a major status value of GSS_S_COMPLETE.
-
-     (c) The values of the GSS_C_DELEG_FLAG, GSS_C_MUTUAL_FLAG,
-         GSS_C_REPLAY_FLAG, GSS_C_SEQUENCE_FLAG, GSS_C_CONF_FLAG,
-         GSS_C_INTEG_FLAG and GSS_C_ANON_FLAG bits returned via the
-         ret_flags parameter should contain the values that the
-         implementation expects would be valid if context establishment
-         were to succeed.  In particular, if the application has requested
-         a service such as delegation or anonymous authentication via the
-         req_flags argument, and such a service is unavailable from the
-         underlying mechanism, gss_init_sec_context should generate a token
-         that will not provide the service, and indicate via the ret_flags
-         argument that the service will not be supported.  The application
-         may choose to abort the context establishment by calling
-         gss_delete_sec_context (if it cannot continue in the absence of
-         the service), or it may choose to transmit the token and continue
-         context establishment (if the service was merely desired but not
-         mandatory).
-
-         The values of the GSS_C_PROT_READY_FLAG and GSS_C_TRANS_FLAG bits
-         within ret_flags should indicate the actual state at the time
-         gss_init_sec_context returns, whether or not the context is fully
-         established.
-
-         Although this requires that GSSAPI implementations set the
-         GSS_C_PROT_READY_FLAG in the final ret_flags returned to a caller
-         (i.e. when accompanied by a GSS_S_COMPLETE status code),
-         applications should not rely on this behavior as the flag was not
-         defined in Version 1 of the GSSAPI. Instead, applications should
-         be prepared to use per-message services after a successful context
-         establishment, according to the GSS_C_INTEG_FLAG and
-         GSS_C_CONF_FLAG values.
-
-         All other bits within the ret_flags argument should be set to
-         zero.
-
-   If the initial call of gss_init_sec_context() fails, the implementation
-   should not create a context object, and should leave the value of the
-   context_handle parameter set to GSS_C_NO_CONTEXT to indicate this.  In
-   the event of a failure on a subsequent call, the implementation is
-   permitted to delete the "half-built" security context (in which case it
-   should set the context_handle parameter to GSS_C_NO_CONTEXT), but the
-   preferred behavior is to leave the security context untouched for the
-   application to delete (using gss_delete_sec_context).
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 55]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Parameters:
-
-   minor_status      Integer,  modify
-                     Mechanism specific status code.
-
-   initiator_cred_handle  gss_cred_id_t, read, optional
-                     handle for credentials claimed.  Supply
-                     GSS_C_NO_CREDENTIAL to act as a default
-                     initiator principal.  If no default
-                     initiator is defined, the function will
-                     return GSS_S_NO_CRED.
-
-   context_handle    gss_ctx_id_t, read/modify
-                     context handle for new context.  Supply
-                     GSS_C_NO_CONTEXT for first call; use value
-                     returned by first call in continuation calls.
-                     Resources associated with this context-handle
-                     must be released by the application after use
-                     with a call to gee_delete_sec_context().
-
-   target_name       gss_name_t, read
-                     Name of target
-
-   mech_type         OID, read, optional
-                     Object ID of desired mechanism. Supply
-                     GSS_C_NO_OID to obtain an implementation
-                     specific default
-
-   req_flags         bit-mask, read
-                     Contains various independent flags, each of
-                     which requests that the context support a
-                     specific service option.  Symbolic
-                     names are provided for each flag, and the
-                     symbolic names corresponding to the required
-                     flags should be logically-ORed
-                     together to form the bit-mask value.  The
-                     flags are:
-
-                     GSS_C_DELEG_FLAG
-                           True - Delegate credentials to remote peer
-                           False - Don't delegate
-                     GSS_C_MUTUAL_FLAG
-                           True - Request that remote peer
-                                  authenticate itself
-                           False - Authenticate self to remote peer
-                                   only
-                     GSS_C_REPLAY_FLAG
-                           True - Enable replay detection for
-                                  messages protected with gss_wrap
-                                  or gss_get_mic
-                           False - Don't attempt to detect
-                                   replayed messages
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 56]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     GSS_C_SEQUENCE_FLAG
-                           True - Enable detection of out-of-sequence
-                                  protected messages
-                           False - Don't attempt to detect
-                                   out-of-sequence messages
-                     GSS_C_ANON_FLAG
-                           True - Do not reveal the initiator's
-                                  identity to the acceptor.
-                           False - Authenticate normally.
-
-   time_req          Integer, read, optional
-                     Desired number of seconds for which context
-                     should remain valid.  Supply 0 to request a
-                     default validity period.
-
-   input_chan_bindings  channel bindings, read, optional
-                     Application-specified bindings.  Allows
-                     application to securely bind channel
-                     identification information to the security
-                     context.  Specify GSS_C_NO_CHANNEL_BINDINGS
-                     if channel bindings are not used.
-
-   input_token       buffer, opaque, read, optional (see text)
-                     Token received from peer application.
-                     Supply GSS_C_NO_BUFFER, or a pointer to
-                     a buffer containing the value GSS_C_EMPTY_BUFFER
-                     on initial call.
-
-   actual_mech_type  OID, modify, optional
-                     Actual mechanism used.  The OID returned via
-                     this parameter will be a pointer to static
-                     storage that should be treated as read-only;
-                     In particular the application should not attempt
-                     to free it.  Specify NULL if not required.
-
-   output_token      buffer, opaque, modify
-                     token to be sent to peer application.  If
-                     the length field of the returned buffer is
-                     zero, no token need be sent to the peer
-                     application.  Storage associated with this
-                     buffer must be freed by the application
-                     after use with a call to gss_release_buffer().
-
-   ret_flags         bit-mask, modify, optional
-                     Contains various independent flags, each of which
-                     indicates that the context supports a specific
-                     service option.  Specify NULL if not
-                     required.  Symbolic names are provided
-                     for each flag, and the symbolic names
-                     corresponding to the required flags should be
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 57]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     logically-ANDed with the ret_flags value to test
-                     whether a given option is supported by the
-                     context.  The flags are:
-
-                     GSS_C_DELEG_FLAG
-                           True - Credentials were delegated to
-                                  the remote peer
-                           False - No credentials were delegated
-                     GSS_C_MUTUAL_FLAG
-                           True - Remote peer has been asked to
-                                  authenticated itself
-                           False - Remote peer has not been asked to
-                                   authenticate itself
-                     GSS_C_REPLAY_FLAG
-                           True - replay of protected messages
-                                  will be detected
-                           False - replayed messages will not be
-                                   detected
-                     GSS_C_SEQUENCE_FLAG
-                           True - out-of-sequence protected
-                                  messages will be detected
-                           False - out-of-sequence messages will
-                                   not be detected
-                     GSS_C_CONF_FLAG
-                           True - Confidentiality service may be
-                                  invoked by calling gss_wrap routine
-                           False - No confidentiality service (via
-                                   gss_wrap) available. gss_wrap will
-                                   provide message encapsulation,
-                                   data-origin authentication and
-                                   integrity services only.
-                     GSS_C_INTEG_FLAG
-                           True - Integrity service may be invoked by
-                                  calling either gss_get_mic or gss_wrap
-                                  routines.
-                           False - Per-message integrity service
-                                   unavailable.
-                     GSS_C_ANON_FLAG
-                           True - The initiator's identity has not been
-                                  revealed, and will not be revealed if
-                                  any emitted token is passed to the
-                                  acceptor.
-                           False - The initiator's identity has been or
-                                   will be authenticated normally.
-                     GSS_C_PROT_READY_FLAG
-                           True - Protection services (as specified
-                                  by the states of the GSS_C_CONF_FLAG
-                                  and GSS_C_INTEG_FLAG) are available for
-                                  use if the accompanying major status
-                                  return value is either GSS_S_COMPLETE or
-                                  GSS_S_CONTINUE_NEEDED.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 58]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                           False - Protection services (as specified
-                                   by the states of the GSS_C_CONF_FLAG
-                                   and GSS_C_INTEG_FLAG) are available
-                                   only if the accompanying major status
-                                   return value is GSS_S_COMPLETE.
-                     GSS_C_TRANS_FLAG
-                           True - The resultant security context may
-                                  be transferred to other processes via
-                                  a call to gss_export_sec_context().
-                           False - The security context is not
-                                   transferrable.
-                     All other bits should be set to zero.
-
-   time_rec          Integer, modify, optional
-                     number of seconds for which the context
-                     will remain valid. If the implementation does
-                     not support context expiration, the value
-                     GSS_C_INDEFINITE will be returned.  Specify
-                     NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTINUE_NEEDED Indicates that a token from the peer application
-                     is required to complete the context, and that
-                     gss_init_sec_context must be called again with that
-                     token.
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on the
-                     input_token failed
-
-   GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks performed
-                     on the credential failed.
-
-   GSS_S_NO_CRED     The supplied credentials were not valid for context
-                     initiation, or the credential handle did not reference
-                     any credentials.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired
-
-   GSS_S_BAD_BINDINGS The input_token contains different channel bindings
-                     to those specified via the input_chan_bindings
-                     parameter
-
-   GSS_S_BAD_SIG     The input_token contains an invalid MIC, or a MIC that
-                     could not be verified
-
-   GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal error
-                     during context establishment
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 59]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of a
-                     token already processed.  This is a fatal error during
-                     context establishment.
-
-   GSS_S_NO_CONTEXT  Indicates that the supplied context handle did not
-                     refer to a valid context
-
-   GSS_S_BAD_NAMETYPE The provided target_name parameter contained an
-                     invalid or unsupported type of name
-
-   GSS_S_BAD_NAME    The provided target_name parameter was ill-formed.
-
-   GSS_S_BAD_MECH    The specified mechanism is not supported by the
-                     provided credential, or is unrecognized by the
-                     implementation.
-
-
-
-
-
-
-
-   7.20.  gss_inquire_context
-
-   OM_uint32 gss_inquire_context (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        gss_name_t *             src_name,
-        gss_name_t *             targ_name,
-        OM_uint32 *              lifetime_rec,
-        gss_OID *                mech_type,
-        OM_uint32 *              ctx_flags,
-        int *                    locally_initiated,
-        int *                    open )
-
-   Purpose:
-
-   Obtains information about a security context.  The caller must already
-   have obtained a handle that refers to the context, although the context
-   need not be fully established.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   context_handle    gss_ctx_id_t, read
-                     A handle that refers to the security context.
-
-   src_name          gss_name_t, modify, optional
-                     The name of the context initiator.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 60]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     If the context was established using anonymous
-                     authentication, and if the application invoking
-                     gss_inquire_context is the context acceptor,
-                     an anonymous name will be returned.  Storage
-                     associated with this name must be freed by the
-                     application after use with a call to
-                     gss_release_name().  Specify NULL if not
-                     required.
-
-   targ_name         gss_name_t, modify, optional
-                     The name of the context acceptor.
-                     Storage associated with this name must be
-                     freed by the application after use with a call
-                     to gss_release_name().  Specify NULL if not
-                     Specify NULL if not required.
-
-   lifetime_rec      Integer, modify, optional
-                     The number of seconds for which the context
-                     will remain valid.  If the context has
-                     expired, this parameter will be set to zero.
-                     If the implementation does not support
-                     context expiration, the value
-                     GSS_C_INDEFINITE will be returned.  Specify
-                     NULL if not required.
-
-   mech_type         gss_OID, modify, optional
-                     The security mechanism providing the
-                     context.  The returned OID will be a
-                     pointer to static storage that should
-                     be treated as read-only by the application;
-                     in particular the application should not
-                     attempt to free it.  Specify NULL if not
-                     required.
-
-   ctx_flags         bit-mask, modify, optional
-                     Contains various independent flags, each of
-                     which indicates that the context supports
-                     (or is expected to support, if ctx_open is
-                     false) a specific service option.  If not
-                     needed, specify NULL.  Symbolic names are
-                     provided for each flag, and the symbolic names
-                     corresponding to the required flags
-                     should be logically-ANDed with the ret_flags
-                     value to test whether a given option is
-                     supported by the context.  The flags are:
-
-                     GSS_C_DELEG_FLAG
-                           True - Credentials were delegated from
-                                  the initiator to the acceptor.
-                           False - No credentials were delegated
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 61]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-                     GSS_C_MUTUAL_FLAG
-                           True - The acceptor was authenticated
-                                  to the initiator
-                           False - The acceptor did not authenticate
-                                   itself.
-                     GSS_C_REPLAY_FLAG
-                           True - replay of protected messages
-                                  will be detected
-                           False - replayed messages will not be
-                                   detected
-                     GSS_C_SEQUENCE_FLAG
-                           True - out-of-sequence protected
-                                  messages will be detected
-                           False - out-of-sequence messages will not
-                                   be detected
-                     GSS_C_CONF_FLAG
-                           True - Confidentiality service may be invoked
-                                  by calling gss_wrap routine
-                           False - No confidentiality service (via
-                                   gss_wrap) available. gss_wrap will
-                                   provide message encapsulation,
-                                   data-origin authentication and
-                                   integrity services only.
-                     GSS_C_INTEG_FLAG
-                           True - Integrity service may be invoked by
-                                  calling either gss_get_mic or gss_wrap
-                                  routines.
-                           False - Per-message integrity service
-                                   unavailable.
-                     GSS_C_ANON_FLAG
-                           True - The initiator's identity will not
-                                  be revealed to the acceptor.
-                                  The src_name parameter (if
-                                  requested) contains an anonymous
-                                  internal name.
-                           False - The initiator has been
-                                   authenticated normally.
-                     GSS_C_PROT_READY_FLAG
-                           True - Protection services (as specified
-                                  by the states of the GSS_C_CONF_FLAG
-                                  and GSS_C_INTEG_FLAG) are available
-                                  for use.
-                           False - Protection services (as specified
-                                   by the states of the GSS_C_CONF_FLAG
-                                   and GSS_C_INTEG_FLAG) are available
-                                   only if the context is fully
-                                   established (i.e. if the open parameter
-                                   is non-zero).
-                     GSS_C_TRANS_FLAG
-                           True - The resultant security context may
-                                  be transferred to other processes via
-                                  a call to gss_export_sec_context().
-                           False - The security context is not
-                                   transferrable.
-
-   Wray             Document Expiration: 1 September 1997         [Page 62]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-
-
-   locally_initiated Boolean, modify
-                     Non-zero if the invoking application is the
-                     context initiator.
-                     Specify NULL if not required.
-
-   open              Boolean, modify
-                     Non-zero if the context is fully established;
-                     Zero if a context-establishment token
-                     is expected from the peer application.
-                     Specify NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CONTEXT  The referenced context could not be accessed.
-
-   GSS_S_CONTEXT_EXPIRED The context has expired.  If the lifetime_rec
-                     parameter was requested, it will be set to 0.
-
-
-
-
-
-
-
-   7.21.  gss_inquire_cred
-
-   OM_uint32 gss_inquire_cred (
-        OM_uint32  *             minor_status,
-        const gss_cred_id_t      cred_handle,
-        gss_name_t *             name,
-        OM_uint32 *              lifetime,
-        gss_cred_usage_t *       cred_usage,
-        gss_OID_set *            mechanisms )
-
-   Purpose:
-
-   Obtains information about a credential.  The caller must already have
-   obtained a handle that refers to the credential.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   cred_handle       gss_cred_id_t, read
-                     A handle that refers to the target credential.
-                     Specify GSS_C_NO_CREDENTIAL to inquire about
-                     the default initiator principal.
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 63]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-
-   name              gss_name_t, modify, optional
-                     The name whose identity the credential asserts.
-                     Storage associated with this name should be freed
-                     by the application after use with a call to
-                     gss_release_name().  Specify NULL if not required.
-
-   lifetime          Integer, modify, optional
-                     The number of seconds for which the credential
-                     will remain valid.  If the credential has
-                     expired, this parameter will be set to zero.
-                     If the implementation does not support
-                     credential expiration, the value
-                     GSS_C_INDEFINITE will be returned.  Specify
-                     NULL if not required.
-
-   cred_usage        gss_cred_usage_t, modify, optional
-                     How the credential may be used.  One of the
-                     following:
-                        GSS_C_INITIATE
-                        GSS_C_ACCEPT
-                        GSS_C_BOTH
-                     Specify NULL if not required.
-
-   mechanisms        gss_OID_set, modify, optional
-                     Set of mechanisms supported by the credential.
-                     Storage associated with this OID set must be
-                     freed by the application after use with a call
-                     to gss_release_oid_set().  Specify NULL if not
-                     required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CRED     The referenced credentials could not be accessed.
-
-   GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials were invalid.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.  If
-                     the lifetime parameter was not passed as NULL, it will
-                     be set to 0.
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 64]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.22.  gss_inquire_cred_by_mech
-
-   OM_uint32 gss_inquire_cred_by_mech (
-        OM_uint32 *              minor_status,
-        const gss_cred_id_t      cred_handle,
-        const gss_OID            mech_type,
-        gss_name_t *             name,
-        OM_uint32 *              initiator_lifetime,
-        OM_uint32 *              acceptor_lifetime,
-        gss_cred_usage_t *       cred_usage )
-
-   Purpose:
-
-   Obtains per-mechanism information about a credential.  The caller must
-   already have obtained a handle that refers to the credential.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   cred_handle       gss_cred_id_t, read
-                     A handle that refers to the target credential.
-                     Specify GSS_C_NO_CREDENTIAL to inquire about
-                     the default initiator principal.
-
-   mech_type         gss_OID, read
-                     The mechanism for which information should be
-                     returned.
-
-   name              gss_name_t, modify, optional
-                     The name whose identity the credential asserts.
-                     Storage associated with this name must be
-                     freed by the application after use with a call
-                     to gss_release_name().  Specify NULL if not
-                     required.
-
-   initiator_lifetime  Integer, modify, optional
-                     The number of seconds for which the credential
-                     will remain capable of initiating security contexts
-                     under the specified mechanism.  If the credential
-                     can no longer be used to initiate contexts, or if
-                     the credential usage for this mechanism is
-   GSS_C_ACCEPT,
-                     this parameter will be set to zero.  If the
-                     implementation does not support expiration of
-                     initiator credentials, the value GSS_C_INDEFINITE
-                     will be returned.  Specify NULL if not required.
-
-   acceptor_lifetime Integer, modify, optional
-                     The number of seconds for which the credential
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 65]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     will remain capable of accepting security contexts
-                     under the specified mechanism.  If the credential
-                     can no longer be used to accept contexts, or if
-                     the credential usage for this mechanism is
-                     GSS_C_INITIATE, this parameter will be set to zero.
-                     If the implementation does not support expiration
-                     of acceptor credentials, the value GSS_C_INDEFINITE
-                     will be returned.  Specify NULL if not required.
-
-   cred_usage        gss_cred_usage_t, modify, optional
-                     How the credential may be used with the specified
-                     mechanism.  One of the following:
-                        GSS_C_INITIATE
-                        GSS_C_ACCEPT
-                        GSS_C_BOTH
-                     Specify NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CRED     The referenced credentials could not be accessed.
-
-   GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials were invalid.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.  If
-                     the lifetime parameter was not passed as NULL, it will
-                     be set to 0.
-
-
-
-
-
-
-
-   7.23.  gss_inquire_mechs_for_name
-
-   OM_uint32 gss_inquire_mechs_for_name (
-        OM_uint32 *              minor_status,
-        const gss_name_t         input_name,
-        gss_OID_set *            mech_types )
-
-   Purpose:
-
-   Returns the set of mechanisms supported by the GSSAPI implementation
-   that may be able to process the specified name.
-
-   Each mechanism returned will recognize at least one element within the
-   name.  It is permissible for this routine to be implemented within a
-   mechanism-independent GSSAPI layer, using the type information contained
-   within the presented name, and based on registration information
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 66]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   provided by individual mechanism implementations.  This means that the
-   returned mech_types set may indicate that a particular mechanism will
-   understand the name when in fact it would refuse to accept the name as
-   input to gss_canonicalize_name, gss_init_sec_context, gss_acquire_cred
-   or gss_add_cred (due to some property of the specific name, as opposed
-   to the name type).  Thus this routine should be used only as a pre-
-   filter for a call to a subsequent mechanism-specific routine.
-
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   input_name        gss_name_t, read
-                     The name to which the inquiry relates.
-
-   mech_types        gss_OID_set, modify
-                     Set of mechanisms that may support the
-                     specified name.  The returned OID set
-                     must be freed by the caller after use
-                     with a call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    The input_name parameter was ill-formed.
-
-   GSS_S_BAD_NAMETYPE The input_name parameter contained an invalid or
-                     unsupported type of name
-
-
-
-
-
-
-   7.24.  gss_inquire_names_for_mech
-
-   OM_uint32 gss_inquire_names_for_mech (
-        OM_uint32 *              minor_status,
-        const gss_OID            mechanism,
-        gss_OID_set *            name_types)
-
-   Purpose:
-
-   Returns the set of nametypes supported by the specified mechanism.
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 67]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   mechanism         gss_OID, read
-                     The mechanism to be interrogated.
-
-   name_types        gss_OID_set, modify
-                     Set of name-types supported by the specified
-                     mechanism.  The returned OID set must be
-                     freed by the application after use with a
-                     call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-   7.25.  gss_process_context_token
-
-   OM_uint32 gss_process_context_token (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        const gss_buffer_t       token_buffer)
-
-   Purpose:
-
-   Provides a way to pass a token to the security service.  Used with
-   tokens emitted by gss_delete_sec_context.  Note that mechanisms are
-   encouraged to perform local deletion, and not emit tokens from
-   gss_delete_sec_context.  This routine, therefore, is primarily for
-   backwards compatibility with V1 applications.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     context handle of context on which token is to
-                     be processed
-
-   token_buffer      buffer, opaque, read
-                     token to process
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 68]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on the
-                     token failed
-
-   GSS_S_NO_CONTEXT  The context_handle did not refer to a valid context
-
-
-
-
-
-
-
-   7.26.  gss_release_buffer
-
-   OM_uint32 gss_release_buffer (
-        OM_uint32 *              minor_status,
-        gss_buffer_t             buffer)
-
-   Purpose:
-
-   Free storage associated with a buffer.  The storage must have been
-   allocated by a GSS-API routine.  In addition to freeing the associated
-   storage, the routine will zero the length field in the descriptor to
-   which the buffer parameter refers.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   buffer            buffer, modify
-                     The storage associated with the buffer will be
-                     deleted.  The gss_buffer_desc object will not
-                     be freed, but its length field will be zeroed.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 69]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.27.  gss_release_cred
-
-   OM_uint32 gss_release_cred (
-        OM_uint32 *              minor_status,
-        gss_cred_id_t *          cred_handle)
-
-   Purpose:
-
-   Informs GSS-API that the specified credential handle is no longer
-   required by the application, and frees associated resources.
-
-   Parameters:
-
-   cred_handle       gss_cred_id_t, modify, optional
-                     Opaque handle identifying credential
-                     to be released.  If GSS_C_NO_CREDENTIAL
-                     is supplied, the routine will complete
-                     successfully, but will do nothing.
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CRED     Credentials could not be accessed.
-
-
-
-
-
-
-
-   7.28.  gss_release_name
-
-   OM_uint32 gss_release_name (
-        OM_uint32 *              minor_status,
-        gss_name_t *             name)
-
-   Purpose:
-
-   Free GSSAPI-allocated storage by associated with an internal-form name.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   name              gss_name_t, modify
-                     The name to be deleted
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 70]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    The name parameter did not contain a valid name
-
-
-
-
-
-
-
-   7.29.  gss_release_oid_set
-
-   OM_uint32 gss_release_oid_set (
-        OM_uint32 *              minor_status,
-        gss_OID_set *            set)
-
-   Purpose:
-
-   Free storage associated with a GSSAPI-generated gss_OID_set object.  The
-   set parameter must refer to an OID-set that was returned from a GSSAPI
-   routine.  gss_release_oid_set() will free the storage associated with
-   each individual member OID, the OID set's elements array, and the
-   gss_OID_set_desc.
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   set               Set of Object IDs, modify
-                     The storage associated with the gss_OID_set
-                     will be deleted.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 71]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   7.30.  gss_test_oid_set_member
-
-   OM_uint32 gss_test_oid_set_member (
-        OM_uint32  *             minor_status,
-        const gss_OID            member,
-        const gss_OID_set        set,
-        int *                    present)
-
-   Purpose:
-
-   Interrogate an Object Identifier set to determine whether a specified
-   Object Identifier is a member.  This routine is intended to be used with
-   OID sets returned by gss_indicate_mechs(), gss_acquire_cred(), and
-   gss_inquire_cred(), but will also work with user-generated sets.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   member            Object ID, read
-                     The object identifier whose presence
-                     is to be tested.
-
-   set               Set of Object ID, read
-                     The Object Identifier set.
-
-   present           Boolean, modify
-                     non-zero if the specified OID is a member
-                     of the set, zero if not.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-   7.31.  gss_unwrap
-
-   OM_uint32 gss_unwrap (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        const gss_buffer_t       input_message_buffer,
-        gss_buffer_t             output_message_buffer,
-        int *                    conf_state,
-        gss_qop_t *              qop_state)
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 72]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Purpose:
-
-   Converts a message previously protected by gss_wrap back to a usable
-   form, verifying the embedded MIC.  The conf_state parameter indicates
-   whether the message was encrypted; the qop_state parameter indicates the
-   strength of protection that was used to provide the confidentiality and
-   integrity services.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context on which the message
-                     arrived
-
-   input_message_buffer  buffer, opaque, read
-                     protected message
-
-   output_message_buffer  buffer, opaque, modify
-                     Buffer to receive unwrapped message.
-                     Storage associated with this buffer must
-                     be freed by the application after use use
-                     with a call to gss_release_buffer().
-
-   conf_state        boolean, modify, optional
-                     Non-zero - Confidentiality and integrity protection
-                                were used
-                     Zero - Integrity service only was used
-                     Specify NULL if not required
-
-   qop_state         gss_qop_t, modify, optional
-                     Quality of protection gained from MIC.
-                     Specify NULL if not required
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
-
-   GSS_S_BAD_SIG     The MIC was incorrect
-
-   GSS_S_DUPLICATE_TOKEN The token was valid, and contained a correct MIC
-                     for the message, but it had already been processed
-
-   GSS_S_OLD_TOKEN   The token was valid, and contained a correct MIC for
-                     the message, but it is too old to check for
-                     duplication.
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 73]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct MIC for
-                     the message, but has been verified out of sequence; a
-                     later token has already been received.
-
-   GSS_S_GAP_TOKEN   The token was valid, and contained a correct MIC for
-                     the message, but has been verified out of sequence;
-                     an earlier expected token has not yet been received.
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a valid
-                     context
-
-
-
-
-
-
-
-   7.32.  gss_verify_mic
-
-   OM_uint32 gss_verify_mic (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        const gss_buffer_t       message_buffer,
-        const gss_buffer_t       token_buffer,
-        gss_qop_t *              qop_state)
-
-   Purpose:
-
-   Verifies that a cryptographic MIC, contained in the token parameter,
-   fits the supplied message.  The qop_state parameter allows a message
-   recipient to determine the strength of protection that was applied to
-   the message.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context on which the message
-                     arrived
-
-   message_buffer    buffer, opaque, read
-                     Message to be verified
-
-   token_buffer      buffer, opaque, read
-                     Token associated with message
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 74]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-   qop_state         gss_qop_t, modify, optional
-                     quality of protection gained from MIC
-                     Specify NULL if not required
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
-
-   GSS_S_BAD_SIG     The MIC was incorrect
-
-   GSS_S_DUPLICATE_TOKEN The token was valid, and contained a correct MIC
-                     for the message, but it had already been processed
-
-   GSS_S_OLD_TOKEN   The token was valid, and contained a correct MIC for
-                     the message, but it is too old to check for
-                     duplication.
-
-   GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct MIC for
-                     the message, but has been verified out of sequence; a
-                     later token has already been received.
-
-   GSS_S_GAP_TOKEN   The token was valid, and contained a correct MIC for
-                     the message, but has been verified out of sequence;
-                     an earlier expected token has not yet been received.
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a valid
-                     context
-
-
-
-
-
-
-
-   7.33.  gss_wrap
-
-   OM_uint32 gss_wrap (
-        OM_uint32 *              minor_status,
-        const gss_ctx_id_t       context_handle,
-        int                      conf_req_flag,
-        gss_qop_t                qop_req
-        const gss_buffer_t       input_message_buffer,
-        int *                    conf_state,
-        gss_buffer_t             output_message_buffer )
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 75]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   Purpose:
-
-   Attaches a cryptographic MIC and optionally encrypts the specified
-   input_message.  The output_message contains both the MIC and the
-   message.  The qop_req parameter allows a choice between several
-   cryptographic algorithms, if supported by the chosen mechanism.
-
-   Since some application-level protocols may wish to use tokens emitted by
-   gss_wrap() to provide "secure framing", implementations should support
-   the wrapping of zero-length messages.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context on which the message
-                     will be sent
-
-   conf_req_flag     boolean, read
-                     Non-zero - Both confidentiality and integrity
-                                services are requested
-                     Zero - Only integrity service is requested
-
-   qop_req           gss_qop_t, read, optional
-                     Specifies required quality of protection.  A
-                     mechanism-specific default may be requested by
-                     setting qop_req to GSS_C_QOP_DEFAULT.  If an
-                     unsupported protection strength is requested,
-                     gss_wrap will return a major_status of
-                     GSS_S_BAD_QOP.
-
-   input_message_buffer  buffer, opaque, read
-                     Message to be protected
-
-   conf_state        boolean, modify, optional
-                     Non-zero - Confidentiality, data origin
-                                authentication and integrity
-                                services have been applied
-                     Zero - Integrity and data origin services only
-                            has been applied.
-                     Specify NULL if not required
-
-   output_message_buffer  buffer, opaque, modify
-                     Buffer to receive protected message.
-                     Storage associated with this message must
-                     be freed by the application after use with
-                     a call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 76]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a valid
-                     context
-
-   GSS_S_BAD_QOP     The specified QOP is not supported by the mechanism.
-
-
-
-
-
-
-
-   7.34.  gss_wrap_size_limit
-
-   OM_uint32 gss_wrap_size_limit (
-        OM_uint32  *             minor_status,
-        const gss_ctx_id_t       context_handle,
-        int                      conf_req_flag,
-        gss_qop_t                qop_req,
-        OM_uint32                req_output_size,
-        OM_uint32 *              max_input_size)
-
-   Purpose:
-
-   Allows an application to determine the maximum message size that, if
-   presented to gss_wrap with the same conf_req_flag and qop_req
-   parameters, will result in an output token containing no more than
-   req_output_size bytes.
-
-   This call is intended for use by applications that communicate over
-   protocols that impose a maximum message size.  It enables the
-   application to fragment messages prior to applying protection.
-
-   Successful completion of this call does not guarantee that gss_wrap will
-   be able to protect a message of length max_input_size bytes, since this
-   ability may depend on the availability of system resources at the time
-   that gss_wrap is called.  However, if the implementation itself imposes
-   an upper limit on the length of messages that may be processed by
-   gss_wrap, the implementation should not return a value via
-   max_input_bytes that is greater than this length.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   context_handle    gss_ctx_id_t, read
-                     A handle that refers to the security over
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 77]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-                     which the messages will be sent.
-
-   conf_req_flag     Boolean, read
-                     Indicates whether gss_wrap will be asked
-                     to apply confidentiality protection in
-                     addition to integrity protection.  See
-                     the routine description for gss_wrap
-                     for more details.
-
-   qop_req           gss_qop_t, read
-                     Indicates the level of protection that
-                     gss_wrap will be asked to provide.  See
-                     the routine description for gss_wrap for
-                     more details.
-
-   req_output_size   Integer, read
-                     The desired maximum size for tokens emitted
-                     by gss_wrap.
-
-   max_input_size    Integer, modify
-                     The maximum input message size that may
-                     be presented to gss_wrap in order to
-                     guarantee that the emitted token shall
-                     be no larger than req_output_size bytes.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CONTEXT  The referenced context could not be accessed.
-
-   GSS_S_CONTEXT_EXPIRED The context has expired.
-
-   GSS_S_BAD_QOP     The specified QOP is not supported by the mechanism.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 78]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   APPENDIX A. GSS-API C header file gssapi.h
-
-   C-language GSS-API implementations should include a copy of the
-   following header-file.
-
-   #ifndef GSSAPI_H_
-   #define GSSAPI_H_
-
-
-
-   /*
-    * First, include stddef.h to get size_t defined.
-    */
-   #include <stddef.h>
-
-   /*
-    * If the platform supports the xom.h header file, it should be
-    * included here.
-    */
-   #include <xom.h>
-
-
-
-   /*
-    * Now define the three implementation-dependent types.
-    */
-   typedef <platform-specific> gss_ctx_id_t;
-   typedef <platform-specific> gss_cred_id_t;
-   typedef <platform-specific> gss_name_t;
-
-   /*
-    * The following type must be defined as the smallest natural
-    * unsigned integer supported by the platform that has at least
-    * 32 bits of precision.
-    */
-   typedef <platform-specific> gss_uint32;
-
-
-   #ifdef OM_STRING
-   /*
-    * We have included the xom.h header file.  Verify that OM_uint32
-    * is defined correctly.
-    */
-
-   #if sizeof(gss_uint32) != sizeof(OM_uint32)
-   #error Incompatible definition of OM_uint32 from xom.h
-   #endif
-
-   typedef OM_object_identifier gss_OID_desc, *gss_OID;
-
-   #else
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 79]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   /*
-    * We can't use X/Open definitions, so roll our own.
-    */
-
-   typedef gss_uint32 OM_uint32;
-
-   typedef struct gss_OID_desc_struct {
-         OM_uint32 length;
-         void      *elements;
-   } gss_OID_desc, *gss_OID;
-
-   #endif
-
-   typedef struct gss_OID_set_desc_struct  {
-         size_t     count;
-         gss_OID    elements;
-   } gss_OID_set_desc, *gss_OID_set;
-
-   typedef struct gss_buffer_desc_struct {
-         size_t length;
-         void *value;
-   } gss_buffer_desc, *gss_buffer_t;
-
-   typedef struct gss_channel_bindings_struct {
-         OM_uint32 initiator_addrtype;
-         gss_buffer_desc initiator_address;
-         OM_uint32 acceptor_addrtype;
-         gss_buffer_desc acceptor_address;
-         gss_buffer_desc application_data;
-   } *gss_channel_bindings_t;
-
-
-   /*
-    * For now, define a QOP-type as an OM_uint32
-    */
-   typedef OM_uint32 gss_qop_t;
-
-   typedef int gss_cred_usage_t;
-
-   /*
-    * Flag bits for context-level services.
-    */
-   #define GSS_C_DELEG_FLAG 1
-   #define GSS_C_MUTUAL_FLAG 2
-   #define GSS_C_REPLAY_FLAG 4
-   #define GSS_C_SEQUENCE_FLAG 8
-   #define GSS_C_CONF_FLAG 16
-   #define GSS_C_INTEG_FLAG 32
-   #define GSS_C_ANON_FLAG 64
-   #define GSS_C_PROT_READY_FLAG 128
-   #define GSS_C_TRANS_FLAG 256
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 80]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   /*
-    * Credential usage options
-    */
-   #define GSS_C_BOTH 0
-   #define GSS_C_INITIATE 1
-   #define GSS_C_ACCEPT 2
-
-   /*
-    * Status code types for gss_display_status
-    */
-   #define GSS_C_GSS_CODE 1
-   #define GSS_C_MECH_CODE 2
-
-   /*
-    * The constant definitions for channel-bindings address families
-    */
-   #define GSS_C_AF_UNSPEC     0
-   #define GSS_C_AF_LOCAL      1
-   #define GSS_C_AF_INET       2
-   #define GSS_C_AF_IMPLINK    3
-   #define GSS_C_AF_PUP        4
-   #define GSS_C_AF_CHAOS      5
-   #define GSS_C_AF_NS         6
-   #define GSS_C_AF_NBS        7
-   #define GSS_C_AF_ECMA       8
-   #define GSS_C_AF_DATAKIT    9
-   #define GSS_C_AF_CCITT      10
-   #define GSS_C_AF_SNA        11
-   #define GSS_C_AF_DECnet     12
-   #define GSS_C_AF_DLI        13
-   #define GSS_C_AF_LAT        14
-   #define GSS_C_AF_HYLINK     15
-   #define GSS_C_AF_APPLETALK  16
-   #define GSS_C_AF_BSC        17
-   #define GSS_C_AF_DSS        18
-   #define GSS_C_AF_OSI        19
-   #define GSS_C_AF_X25        21
-
-   #define GSS_C_AF_NULLADDR   255
-
-   /*
-    * Various Null values
-    */
-   #define GSS_C_NO_NAME ((gss_name_t) 0)
-   #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-   #define GSS_C_NO_OID ((gss_OID) 0)
-   #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-   #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-   #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-   #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-   #define GSS_C_EMPTY_BUFFER {0, NULL}
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 81]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   /*
-    * Some alternate names for a couple of the above
-    * values.  These are defined for V1 compatibility.
-    */
-   #define GSS_C_NULL_OID GSS_C_NO_OID
-   #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-   /*
-    * Define the default Quality of Protection for per-message
-    * services.  Note that an implementation that offers multiple
-    * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
-    * (as done here) to mean "default protection", or to a specific
-    * explicit QOP value.  However, a value of 0 should always be
-    * interpreted by a GSSAPI implementation as a request for the
-    * default protection level.
-    */
-   #define GSS_C_QOP_DEFAULT 0
-
-   /*
-    * Expiration time of 2^32-1 seconds means infinite lifetime for a
-    * credential or security context
-    */
-   #define GSS_C_INDEFINITE 0xfffffffful
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    *              "\x01\x02\x01\x01"},
-    * corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
-    * GSS_C_NT_USER_NAME should be initialized to point
-    * to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_USER_NAME;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    *              "\x01\x02\x01\x02"},
-    * corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
-    * The constant GSS_C_NT_MACHINE_UID_NAME should be
-    * initialized to point to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-   /*
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 82]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    *              "\x01\x02\x01\x03"},
-    * corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
-    * The constant GSS_C_NT_STRING_UID_NAME should be
-    * initialized to point to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
-    * corresponding to an object-identifier value of
-    * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
-    * 6(nametypes), 2(gss-host-based-services)}.  The constant
-    * GSS_C_NT_HOSTBASED_SERVICE should be initialized to point
-    * to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
-    * corresponding to an object identifier value of
-    * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
-    * 6(nametypes), 3(gss-anonymous-name)}.  The constant
-    * and GSS_C_NT_ANONYMOUS should be initialized to point
-    * to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_ANONYMOUS;
-
-
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
-    * corresponding to an object-identifier value of
-    * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
-    * 6(nametypes), 4(gss-api-exported-name)}.  The constant
-    * GSS_C_NT_EXPORT_NAME should be initialized to point
-    * to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 83]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   /* Major status codes */
-
-   #define GSS_S_COMPLETE 0
-
-   /*
-    * Some "helper" definitions to make the status code macros obvious.
-    */
-   #define GSS_C_CALLING_ERROR_OFFSET 24
-   #define GSS_C_ROUTINE_ERROR_OFFSET 16
-   #define GSS_C_SUPPLEMENTARY_OFFSET 0
-   #define GSS_C_CALLING_ERROR_MASK 0377ul
-   #define GSS_C_ROUTINE_ERROR_MASK 0377ul
-   #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-   /*
-    * The macros that test status codes for error conditions.
-    * Note that the GSS_ERROR() macro has changed slightly from
-    * the V1 GSSAPI so that it now evaluates its argument
-    * only once.
-    */
-   #define GSS_CALLING_ERROR(x) \
-     (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-   #define GSS_ROUTINE_ERROR(x) \
-     (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-   #define GSS_SUPPLEMENTARY_INFO(x) \
-     (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-   #define GSS_ERROR(x) \
-     (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-           (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-
-   /*
-    * Now the actual status code definitions
-    */
-
-   /*
-    * Calling errors:
-    */
-   #define GSS_S_CALL_INACCESSIBLE_READ \
-                                (1ul << GSS_C_CALLING_ERROR_OFFSET)
-   #define GSS_S_CALL_INACCESSIBLE_WRITE \
-                                (2ul << GSS_C_CALLING_ERROR_OFFSET)
-   #define GSS_S_CALL_BAD_STRUCTURE \
-                                (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-   /*
-    * Routine errors:
-    */
-   #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 84]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_MIC GSS_S_BAD_SIG
-   #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-   /*
-    * Supplementary info bits:
-    */
-   #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-   #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-   #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-   #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-   #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-
-   /*
-    * Finally, function prototypes for the GSS-API routines.
-    */
-
-   OM_uint32 gss_acquire_cred
-              (OM_uint32 *,             /*  minor_status */
-               const gss_name_t,        /* desired_name */
-               OM_uint32,               /* time_req */
-               const gss_OID_set,       /* desired_mechs */
-               gss_cred_usage_t,        /* cred_usage */
-               gss_cred_id_t *,         /* output_cred_handle */
-               gss_OID_set *,           /* actual_mechs */
-               OM_uint32 *              /* time_rec */
-              );
-
-   OM_uint32 gss_release_cred
-              (OM_uint32 *,             /* minor_status */
-               gss_cred_id_t *          /* cred_handle */
-              );
-
-   OM_uint32 gss_init_sec_context
-              (OM_uint32 *,             /* minor_status */
-               const gss_cred_id_t,     /* initiator_cred_handle */
-               gss_ctx_id_t *,          /* context_handle */
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 85]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-               const gss_name_t,        /* target_name */
-               const gss_OID,           /* mech_type */
-               OM_uint32,               /* req_flags */
-               OM_uint32,               /* time_req */
-               const gss_channel_bindings_t,
-                                        /* input_chan_bindings */
-               const gss_buffer_t,      /* input_token */
-               gss_OID *,               /* actual_mech_type */
-               gss_buffer_t,            /* output_token */
-               OM_uint32 *,             /* ret_flags */
-               OM_uint32 *              /* time_rec */
-              );
-
-   OM_uint32 gss_accept_sec_context
-              (OM_uint32 *,             /* minor_status */
-               gss_ctx_id_t *,          /* context_handle */
-               const gss_cred_id_t,     /* acceptor_cred_handle */
-               const gss_buffer_t,      /* input_token_buffer */
-               const gss_channel_bindings_t,
-                                        /* input_chan_bindings */
-               gss_name_t *,            /* src_name */
-               gss_OID *,               /* mech_type */
-               gss_buffer_t,            /* output_token */
-               OM_uint32 *,             /* ret_flags */
-               OM_uint32 *,             /* time_rec */
-               gss_cred_id_t *          /* delegated_cred_handle */
-              );
-
-   OM_uint32 gss_process_context_token
-              (OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               const gss_buffer_t       /* token_buffer */
-              );
-
-   OM_uint32 gss_delete_sec_context
-              (OM_uint32 *,             /* minor_status */
-               gss_ctx_id_t *,          /* context_handle */
-               gss_buffer_t             /* output_token */
-              );
-
-   OM_uint32 gss_context_time
-              (OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               OM_uint32 *              /* time_rec */
-              );
-
-   OM_uint32 gss_get_mic
-              (OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               gss_qop_t,               /* qop_req */
-               const gss_buffer_t,      /* message_buffer */
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 86]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-               gss_buffer_t             /* message_token */
-              );
-
-
-   OM_uint32 gss_verify_mic
-              (OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               const gss_buffer_t,      /* message_buffer */
-               const gss_buffer_t,      /* token_buffer */
-               gss_qop_t *              /* qop_state */
-              );
-
-   OM_uint32 gss_wrap
-              (OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               int,                     /* conf_req_flag */
-               gss_qop_t,               /* qop_req */
-               const gss_buffer_t,      /* input_message_buffer */
-               int *,                   /* conf_state */
-               gss_buffer_t             /* output_message_buffer */
-              );
-
-
-   OM_uint32 gss_unwrap
-              (OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               const gss_buffer_t,      /* input_message_buffer */
-               gss_buffer_t,            /* output_message_buffer */
-               int *,                   /* conf_state */
-               gss_qop_t *              /* qop_state */
-              );
-
-
-
-   OM_uint32 gss_display_status
-              (OM_uint32 *,             /* minor_status */
-               OM_uint32,               /* status_value */
-               int,                     /* status_type */
-               const gss_OID,           /* mech_type */
-               OM_uint32 *,             /* message_context */
-               gss_buffer_t             /* status_string */
-              );
-
-   OM_uint32 gss_indicate_mechs
-              (OM_uint32 *,             /* minor_status */
-               gss_OID_set *            /* mech_set */
-              );
-
-   OM_uint32 gss_compare_name
-              (OM_uint32 *,             /* minor_status */
-               const gss_name_t,        /* name1 */
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 87]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-               const gss_name_t,        /* name2 */
-               int *                    /* name_equal */
-              );
-
-   OM_uint32 gss_display_name
-              (OM_uint32 *,             /* minor_status */
-               const gss_name_t,        /* input_name */
-               gss_buffer_t,            /* output_name_buffer */
-               gss_OID *                /* output_name_type */
-              );
-
-   OM_uint32 gss_import_name
-              (OM_uint32 *,             /* minor_status */
-               const gss_buffer_t,      /* input_name_buffer */
-               const gss_OID,           /* input_name_type */
-               gss_name_t *             /* output_name */
-              );
-
-   OM_uint32 gss_export_name
-              (OM_uint32  *,            /* minor_status */
-               const gss_name_t,        /* input_name */
-               gss_buffer_t             /* exported_name */
-              );
-
-   OM_uint32 gss_release_name
-              (OM_uint32 *,             /* minor_status */
-               gss_name_t *             /* input_name */
-              );
-
-   OM_uint32 gss_release_buffer
-              (OM_uint32 *,             /* minor_status */
-               gss_buffer_t             /* buffer */
-              );
-
-   OM_uint32 gss_release_oid_set
-              (OM_uint32 *,             /* minor_status */
-               gss_OID_set *            /* set */
-              );
-
-   OM_uint32 gss_inquire_cred
-              (OM_uint32 *,             /* minor_status */
-               const gss_cred_id_t,     /* cred_handle */
-               gss_name_t *,            /* name */
-               OM_uint32 *,             /* lifetime */
-               gss_cred_usage_t *,      /* cred_usage */
-               gss_OID_set *            /* mechanisms */
-              );
-
-   OM_uint32 gss_inquire_context (
-               OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 88]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-               gss_name_t *,            /* src_name */
-               gss_name_t *,            /* targ_name */
-               OM_uint32 *,             /* lifetime_rec */
-               gss_OID *,               /* mech_type */
-               OM_uint32 *,             /* ctx_flags */
-               int *,                   /* locally_initiated */
-               int *                    /* open */
-              );
-
-   OM_uint32 gss_wrap_size_limit (
-               OM_uint32 *,             /* minor_status */
-               const gss_ctx_id_t,      /* context_handle */
-               int,                     /* conf_req_flag */
-               gss_qop_t,               /* qop_req */
-               OM_uint32,               /* req_output_size */
-               OM_uint32 *              /* max_input_size */
-              );
-
-
-   OM_uint32 gss_add_cred (
-               OM_uint32 *,             /* minor_status */
-               const gss_cred_id_t,     /* input_cred_handle */
-               const gss_name_t,        /* desired_name */
-               const gss_OID,           /* desired_mech */
-               gss_cred_usage_t,        /* cred_usage */
-               OM_uint32,               /* initiator_time_req */
-               OM_uint32,               /* acceptor_time_req */
-               gss_cred_id_t *,         /* output_cred_handle */
-               gss_OID_set *,           /* actual_mechs */
-               OM_uint32 *,             /* initiator_time_rec */
-               OM_uint32 *              /* acceptor_time_rec */
-              );
-
-
-   OM_uint32 gss_inquire_cred_by_mech (
-               OM_uint32 *,             /* minor_status */
-               const gss_cred_id_t,     /* cred_handle */
-               const gss_OID,           /* mech_type */
-               gss_name_t *,            /* name */
-               OM_uint32 *,             /* initiator_lifetime */
-               OM_uint32 *,             /* acceptor_lifetime */
-               gss_cred_usage_t *       /* cred_usage */
-              );
-
-   OM_uint32 gss_export_sec_context (
-               OM_uint32 *,             /* minor_status */
-               gss_ctx_id_t *,          /* context_handle */
-               gss_buffer_t             /* interprocess_token */
-              );
-
-   OM_uint32 gss_import_sec_context (
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 89]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-               OM_uint32 *,             /* minor_status */
-               const gss_buffer_t,      /* interprocess_token */
-               gss_ctx_id_t *           /* context_handle */
-              );
-
-   OM_uint32 gss_create_empty_oid_set (
-               OM_uint32 *,             /* minor_status */
-               gss_OID_set *            /* oid_set */
-              );
-
-   OM_uint32 gss_add_oid_set_member (
-               OM_uint32 *,             /* minor_status */
-               const gss_OID,           /* member_oid */
-               gss_OID_set *            /* oid_set */
-              );
-
-   OM_uint32 gss_test_oid_set_member (
-               OM_uint32 *,             /* minor_status */
-               const gss_OID,           /* member */
-               const gss_OID_set,       /* set */
-               int *                    /* present */
-              );
-
-   OM_uint32 gss_inquire_names_for_mech (
-               OM_uint32 *,             /* minor_status */
-               const gss_OID,           /* mechanism */
-               gss_OID_set *            /* name_types */
-              );
-
-   OM_uint32 gss_inquire_mechs_for_name (
-               OM_uint32 *,             /* minor_status */
-               const gss_name_t,        /* input_name */
-               gss_OID_set *            /* mech_types */
-              );
-
-   OM_uint32 gss_canonicalize_name (
-               OM_uint32 *,             /* minor_status */
-               const gss_name_t,        /* input_name */
-               const gss_OID,           /* mech_type */
-               gss_name_t *             /* output_name */
-              );
-
-   OM_uint32 gss_duplicate_name (
-               OM_uint32 *,             /* minor_status */
-               const gss_name_t,        /* src_name */
-               gss_name_t *             /* dest_name */
-              );
-
-   /*
-    * The following routines are obsolete variants of gss_get_mic,
-    * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 90]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-    * provided by GSSAPI V2 implementations for backwards
-    * compatibility with V1 applications.  Distinct entrypoints
-    * (as opposed to #defines) should be provided, both to allow
-    * GSSAPI V1 applications to link against GSSAPI V2 implementations,
-    * and to retain the slight parameter type differences between the
-    * obsolete versions of these routines and their current forms.
-    */
-
-   OM_uint32 gss_sign
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               int,                /* qop_req */
-               gss_buffer_t,       /* message_buffer */
-               gss_buffer_t        /* message_token */
-              );
-
-
-   OM_uint32 gss_verify
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               gss_buffer_t,       /* message_buffer */
-               gss_buffer_t,       /* token_buffer */
-               int *               /* qop_state */
-              );
-
-   OM_uint32 gss_seal
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               int,                /* conf_req_flag */
-               int,                /* qop_req */
-               gss_buffer_t,       /* input_message_buffer */
-               int *,              /* conf_state */
-               gss_buffer_t        /* output_message_buffer */
-              );
-
-
-   OM_uint32 gss_unseal
-              (OM_uint32 *,        /* minor_status */
-               gss_ctx_id_t,       /* context_handle */
-               gss_buffer_t,       /* input_message_buffer */
-               gss_buffer_t,       /* output_message_buffer */
-               int *,              /* conf_state */
-               int *               /* qop_state */
-              );
-
-
-
-
-   #endif /* GSSAPI_H_ */
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 91]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   APPENDIX B. Additional constraints for application binary portability
-
-   The purpose of this C-bindings document is to encourage source-level
-   portability of applications across GSS-API implementations on different
-   platforms and atop different mechanisms.  Additional goals that have not
-   been explicitly addressed by this document are link-time and run-time
-   portability.
-
-   Link-time portability provides the ability to compile an application
-   against one implementation of GSS-API, and then link it against a
-   different implementation on the same platform.  It is a stricter
-   requirement than source-level portability.
-
-   Run-time portability differs from link-time portability only on those
-   platforms that implement dynamically loadable GSS-API implementations,
-   but do not offer load-time symbol resolution.  On such platforms, run-
-   time portability is a stricter requirement than link-time portability,
-   and will typically include the precise placement of the various GSS-API
-   routines within library entrypoint vectors.
-
-   Individual platforms will impose their own rules that must be followed
-   to achieve link-time (and run-time, if different) portability.  In order
-   to ensure either form of binary portability, an ABI specification must
-   be written for GSS-API implementations on that platform.  However, it is
-   recognized that there are some issues that are likely to be common to
-   all such ABI specifications. This appendix is intended to be a
-   repository for such common issues, and contains some suggestions that
-   individual ABI specifications may choose to reference.  Since machine
-   architectures vary greatly, it may not be possible or desirable to
-   follow these suggestions on all platforms.
-
-   B.1.  Pointers
-
-   While ANSI-C provides a single pointer type for each declared type, plus
-   a single (void *) type, some platforms (notably those using segmented
-   memory architectures) augment this with various modified pointer types
-   (e.g. far pointers, near pointers).  These language bindings assume
-   ANSI-C, and thus do not address such non-standard implementations.
-   GSS-API implementations for such platforms must choose an appropriate
-   memory model, and should use it consistently throughout.  For example,
-   if a memory model is chosen that requires the use of far pointers when
-   passing routine parameters, then far pointers should also be used within
-   the structures defined by GSS-API.
-
-   B.2.  Internal structure alignment
-
-   GSS-API defines several data-structures containing differently-sized
-   fields.  An ABI specification should include a detailed description of
-   how the fields of such structures are aligned, and if there is any
-   internal padding in these data structures.  The use of compiler defaults
-   for the platform is recommended.
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 92]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   B.3.  Handle types
-
-   The C bindings specify that the gss_cred_id_t and gss_ctx_id_t types
-   should be implemented as either pointer or arithmetic types, and that if
-   pointer types are used, care should be taken to ensure that two handles
-   may be compared with the == operator.  Note that ANSI-C does not
-   guarantee that two pointer values may be compared with the == operator
-   unless either the two pointers point to members of a single array, or at
-   least one of the pointers contains a NULL value.
-
-   For binary portability, additional constraints are required.  The
-   following is an attempt at defining platform-independent constraints.
-
-     (a) The size of the handle type must be the same as sizeof(void *),
-         using the appropriate memory model.
-
-     (b) The == operator for the chosen type must be a simple bit-wise
-         comparison.  That is, for two in-memory handle objects h1 and h2,
-         the boolean value of the expression
-
-              (h1 == h2)
-
-         should always be the same as the boolean value of the expression
-
-              (memcmp(&h1, &h2, sizeof(h1)) == 0)
-
-     (c) The actual use of the type (void *) for handle types is
-         discouraged, not for binary portability reasons, but since it
-         effectively disables much of the compile-time type-checking that
-         the compiler can otherwise perform, and is therefore not
-         "programmer-friendly".  If a pointer implementation is desired,
-         and if the platform's implementation of pointers permits, the
-         handles should be implemented as pointers to distinct
-         implementation-defined types.
-
-   B.4.  The gss_name_t type
-
-   The gss_name_t type, representing the internal name object, should be
-   implemented as a pointer type.  The use of the (void *) type is
-   discouraged as it does not allow the compiler to perform strong type-
-   checking.  However, the pointer type chosen should be of the same size
-   as the (void *) type.  Provided this rule is obeyed, ABI specifications
-   need not further constrain the implementation of gss_name_t objects.
-
-   B.5.  The int and size_t types
-
-   Some platforms may support differently sized implementations of the
-   "int" and "size_t" types, perhaps chosen through compiler switches, and
-   perhaps dependent on memory model.  An ABI specification for such a
-   platform should include required implementations for these types. It is
-   recommended that the default implementation (for the chosen memory
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 93]
-
-
-
-
-
-
-
-   INTERNET-DRAFT          GSS-API V2 - C bindings               March 1997
-
-
-
-   model, if appropriate) is chosen.
-
-   B.6.  Procedure-calling conventions
-
-   Some platforms support a variety of different binary conventions for
-   calling procedures.  Such conventions cover things like the format of
-   the stack frame, the order in which the routine parameters are pushed
-   onto the stack, whether or not a parameter count is pushed onto the
-   stack, whether some argument(s) or return values are to be passed in
-   registers, and whether the called routine or the caller is responsible
-   for removing the stack frame on return.  For such platforms, an ABI
-   specification should specify which calling convention is to be used for
-   GSSAPI implementations.
-
-
-   REFERENCES
-
-   [GSSAPI]    J. Linn, "Generic Security Service Application Program
-               Interface, Version 2", Internet-Draft draft-ietf-cat-gssv2-
-               08, 26 August 1996.  (This Internet-Draft, like all other
-               Internet-Drafts, is not an archival document and is subject
-               to change or deletion.  It is available at the time of this
-               writing by anonymous ftp from ds.internic.net, directory
-               internet-drafts. Would-be readers should check for successor
-               Internet-Draft versions or Internet RFCs before relying on
-               this document.)
-
-   [XOM]       OSI Object Management API Specification, Version 2.0 t",
-               X.400 API Association & X/Open Company Limited, August 24,
-               1990.  Specification of datatypes and routines for
-               manipulating information objects.
-
-
-   AUTHOR'S ADDRESS
-
-   John Wray                       Internet email: Wray@tuxedo.enet.dec.com
-   Digital Equipment Corporation                 Telephone: +1-508-486-5210
-   550 King Street, LKG2-2/Z7
-   Littleton, MA  01460
-   USA
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-   Wray             Document Expiration: 1 September 1997         [Page 94]
-
-
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-iakerb-04.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-iakerb-04.txt
deleted file mode 100644
index 208d057f24c8..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-iakerb-04.txt
+++ /dev/null
@@ -1,301 +0,0 @@
-INTERNET-DRAFT                                        Mike Swift
-draft-ietf-cat-iakerb-04.txt                          Microsoft
-Updates: RFC 1510                                     Jonathan Trostle
-July 2000					      Cisco Systems
-                                  
-
-         Initial Authentication and Pass Through Authentication 
-                Using Kerberos V5 and the GSS-API (IAKERB)
-
-
-0. Status Of This Memo
-
-   This document is an Internet-Draft and is in full conformance
-   with all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as
-   Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six
-   months and may be updated, replaced, or obsoleted by other
-   documents at any time.  It is inappropriate to use Internet-
-   Drafts as reference material or to cite them other than as
-   "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   This draft expires on January 31st, 2001.
-
-
-1. Abstract
-
-   This document defines an extension to the Kerberos protocol
-   specification (RFC 1510 [1]) and GSSAPI Kerberos mechanism (RFC 
-   1964 [2]) that enables a client to obtain Kerberos tickets for 
-   services where:
-
-   (1) The client knows its principal name and password, but not
-   its realm name (applicable in the situation where a user is already 
-   on the network but needs to authenticate to an ISP, and the user  
-   does not know his ISP realm name).
-   (2) The client is able to obtain the IP address of the service in 
-   a realm which it wants to send a request to, but is otherwise unable 
-   to locate or communicate with a KDC in the service realm or one of 
-   the intermediate realms. (One example would be a dial up user who 
-   does not have direct IP connectivity).
-   (3) The client does not know the realm name of the service.
-
-
-2. Motivation
-
-   When authenticating using Kerberos V5, clients obtain tickets from
-   a KDC and present them to services. This method of operation works
-
-   well in many situations, but is not always applicable since it
-   requires the client to know its own realm, the realm of the target 
-   service, the names of the KDC's, and to be able to connect to the 
-   KDC's. 
-  
-   This document defines an extension to the Kerberos protocol
-   specification (RFC 1510) [1] that enables a client to obtain
-   Kerberos tickets for services where:
-
-   (1) The client knows its principal name and password, but not
-   its realm name (applicable in the situation where a user is already 
-   on the network but needs to authenticate to an ISP, and the user 
-   does not know his ISP realm name).
-   (2) The client is able to obtain the IP address of the service in 
-   a realm which it wants to send a request to, but is otherwise unable 
-   to locate or communicate with a KDC in the service realm or one of 
-   the intermediate realms. (One example would be a dial up user who 
-   does not have direct IP connectivity).
-   (3) The client does not know the realm name of the service.
-
-   In this proposal, the client sends KDC request messages directly 
-   to application servers if one of the above failure cases develops. 
-   The application server acts as a proxy, forwarding messages back
-   and forth between the client and various KDC's (see Figure 1).
-
-
-           Client <---------> App Server <----------> KDC
-                               proxies
-
-
-                     Figure 1: IAKERB proxying
-
-
-   In the case where the client has sent a TGS_REQ message to the 
-   application server without a realm name in the request, the 
-   application server will forward an error message to the client 
-   with its realm name in the e-data field of the error message. 
-   The client will attempt to proceed using conventional Kerberos. 
-
-3. When Clients Should Use IAKERB
-
-   We list several, but possibly not all, cases where the client
-   should use IAKERB. In general, the existing Kerberos paradigm
-   where clients contact the KDC to obtain service tickets should
-   be preserved where possible.
-
-   (a) AS_REQ cases:
-
-   (i) The client is unable to locate the user's KDC or the KDC's
-   in the user's realm are not responding, or
-   (ii) The user has not entered a name which can be converted 
-   into a realm name (and the realm name cannot be derived from
-   a certificate). 
-
-   (b) TGS_REQ cases:
-
-   (i) the client determines that the KDC(s) in either an 
-   intermediate realm or the service realm are not responding or
-
-   the client is unable to locate a KDC, 
-
-   (ii) the client is not able to generate the application server 
-   realm name. 
-
-
-4. GSSAPI Encapsulation
-
-   The mechanism ID for IAKERB GSS-API Kerberos, in accordance with the 
-   mechanism proposed by SPNEGO for negotiating protocol variations, is:
-   {iso(1) member-body(2) United States(840) mit(113554) infosys(1) 
-   gssapi(2) krb5(2) initialauth(4)}
-
-   The AS request, AS reply, TGS request, and TGS reply messages are all 
-   encapsulated using the format defined by RFC1964 [2].  This consists 
-   of the GSS-API token framing defined in appendix B of RFC1508 [3]: 
-
-   InitialContextToken ::= 
-   [APPLICATION 0] IMPLICIT SEQUENCE { 
-           thisMech        MechType 
-                   -- MechType is OBJECT IDENTIFIER 
-                   -- representing "Kerberos V5" 
-           innerContextToken ANY DEFINED BY thisMech
-                   -- contents mechanism-specific;
-                   -- ASN.1 usage within innerContextToken
-                   -- is not required
-           }
-
-   The innerContextToken consists of a 2-byte TOK_ID field (defined 
-   below), followed by the Kerberos V5 KRB-AS-REQ, KRB-AS-REP, 
-   KRB-TGS-REQ, or KRB-TGS-REP messages, as appropriate. The TOK_ID field
-   shall be one of the following values, to denote that the message is 
-   either a request to the KDC or a response from the KDC.
-
-   Message         TOK_ID
-   KRB-KDC-REQ      00 03
-   KRB-KDC-REP      01 03
-   
-
-5. The Protocol
-
-   a. The user supplies a password (AS_REQ): Here the Kerberos client
-      will send an AS_REQ message to the application server if it cannot
-      locate a KDC for the user's realm, or such KDC's do not respond,
-      or the user does not enter a name from which the client can derive
-      the user's realm name. The client sets the realm field of the 
-      request equal to its own realm if the realm name is known, 
-      otherwise the realm length is set to 0. Upon receipt of the AS_REQ 
-      message, the application server checks if the client has included 
-      a realm. 
-
-      If the realm was not included in the original request, the 
-      application server must determine the realm and add it to the 
-      AS_REQ message before forwarding it. If the application server 
-      cannot determine the client realm, it returns the 
-      KRB_AP_ERR_REALM_REQUIRED error-code in an error message to 
-      the client:
-
-            KRB_AP_ERR_REALM_REQUIRED         77  
-
-      The error message can be sent in response to either an AS_REQ
-      message, or in response to a TGS_REQ message, in which case the 
-      realm and principal name of the application server are placed
-      into the realm and sname fields respectively, of the KRB-ERROR 
-      message. In the AS_REQ case, once the realm is filled in, the 
-      application server forwards the request to a KDC in the user's 
-      realm. It will retry the request if necessary, and forward the 
-      KDC response back to the client.
-
-      At the time the user enters a username and password, the client
-      should create a new credential with an INTERNAL NAME [3] that can
-      be used as an input into the GSS_Acquire_cred function call.
-
-      This functionality is useful when there is no trust relationship
-      between the user's logon realm and the target realm (Figure 2).
-
-
-                                     User Realm KDC        
-                                      /                
-                                     /                
-                                    /                
-                                   / 2,3   
-                      1,4         /      
-           Client<-------------->App Server
-
-
-      1 Client sends AS_REQ to App Server
-      2 App server forwards AS_REQ to User Realm KDC
-      3 App server receives AS_REP from User Realm KDC
-      4 App server sends AS_REP back to Client
-
-
-                      Figure 2: IAKERB AS_REQ
-
-
-
-   b. The user does not supply a password (TGS_REQ): The user includes a 
-      TGT targetted at the user's realm, or an intermediate realm, in a 
-      TGS_REQ message. The TGS_REQ message is sent to the application 
-      server. 
-
-      If the client has included the realm name in the TGS request, then
-      the application server will forward the request to a KDC in the
-      request TGT srealm. It will forward the response back to the client.
-
-      If the client has not included the realm name in the TGS request,
-      then the application server will return its realm name and principal 
-      name to the client using the KRB_AP_ERR_REALM_REQUIRED error 
-      described above. Sending a TGS_REQ message to the application server 
-      without a realm name in the request, followed by a TGS request using 
-      the returned realm name and then sending an AP request with a mutual 
-      authentication flag should be subject to a local policy decision 
-      (see security considerations below). Using the returned server 
-      principal name in a TGS request followed by sending an AP request 
-      message using the received ticket MUST NOT set any mutual 
-      authentication flags.
-
-
-6. Addresses in Tickets
-
-   In IAKERB, the machine sending requests to the KDC is the server and 
-   not the client. As a result, the client should not include its 
-   addresses in any KDC requests for two reasons. First, the KDC may
-   reject the forwarded request as being from the wrong client. Second,
-   in the case of initial authentication for a dial-up client, the client
-   machine may not yet possess a network address. Hence, as allowed by 
-   RFC1510 [1], the addresses field of the AS and TGS requests should be
-   blank and the caddr field of the ticket should similarly be left blank. 
-
-
-7. Combining IAKERB with Other Kerberos Extensions
-   
-   This protocol is usable with other proposed Kerberos extensions such as 
-   PKINIT (Public Key Cryptography for Initial Authentication in Kerberos 
-   [4]). In such cases, the messages which would normally be sent to the 
-   KDC by the GSS runtime are instead sent by the client application to the 
-   server, which then forwards them to a KDC.
-
-
-8. Security Considerations
-
-   A principal is identified by its principal name and realm. A client
-   that sends a TGS request to an application server without the request
-   realm name will only be able to mutually authenticate the server
-   up to its principal name. Thus when requesting mutual authentication, 
-   it is preferable if clients can either determine the server realm name 
-   beforehand, or apply some policy checks to the realm name obtained from 
-   the returned error message.
-   
-
-9. Bibliography
- 
-   [1] J. Kohl, C. Neuman. The Kerberos Network Authentication
-   Service (V5). Request for Comments 1510.
-
-   [2]  J. Linn.  The Kerberos Version 5 GSS-API Mechanism. Request 
-   for Comments 1964 
-
-   [3]  J. Linn. Generic Security Service Application Program Interface.  
-   Request for Comments 1508 
-
-   [4] B. Tung, C. Neuman, M. Hur, A. Medvinsky, S. Medvinsky, J. Wray, 
-   J. Trostle, Public Key Cryptography for Initial Authentication in 
-   Kerberos, http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-
-   pkinit-10.txt.
-
-
-10. This draft expires on January 31st, 2001. 
-
-
-11. Authors' Addresses
-
-   Michael Swift
-   Microsoft
-   One Microsoft Way
-   Redmond, Washington, 98052, U.S.A.
-   Email: mikesw@microsoft.com
-
-   Jonathan Trostle
-   170 W. Tasman Dr. 
-   San Jose, CA 95134, U.S.A.
-   Email: jtrostle@cisco.com
-   Phone: (408) 527-6201
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-chg-password-02.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-chg-password-02.txt
deleted file mode 100644
index e235bec58c02..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-chg-password-02.txt
+++ /dev/null
@@ -1,311 +0,0 @@
-
-
-
-
-Network Working Group                                        M. Horowitz
-<draft-ietf-cat-kerb-chg-password-02.txt>                Stonecast, Inc.
-Internet-Draft                                              August, 1998
-
-                   Kerberos Change Password Protocol
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as ``work in progress.''
-
-   To learn the current status of any Internet-Draft, please check the
-   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
-   Directories on ftp.ietf.org (US East Coast), nic.nordu.net
-   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
-   Rim).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   <cat-ietf@mit.edu> mailing list.
-
-Abstract
-
-   The Kerberos V5 protocol [RFC1510] does not describe any mechanism
-   for users to change their own passwords.  In order to promote
-   interoperability between workstations, personal computers, terminal
-   servers, routers, and KDC's from multiple vendors, a common password
-   changing protocol is required.
-
-
-
-Overview
-
-   When a user wishes to change his own password, or is required to by
-   local policy, a simple request of a password changing service is
-   necessary.  This service must be implemented on at least one host for
-   each Kerberos realm, probably on one of the kdc's for that realm.
-   The service must accept requests on UDP port 464 (kpasswd), and may
-   accept requests on TCP port 464 as well.
-
-   The protocol itself consists of a single request message followed by
-   a single reply message.  For UDP transport, each message must be
-   fully contained in a single UDP packet.
-
-
-
-
-
-
-
-
-Horowitz                                                        [Page 1]
-
-Internet Draft      Kerberos Change Password Protocol       August, 1998
-
-
-Request Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REQ length        |         AP-REQ data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                        KRB-PRIV message                       /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   message length (16 bits)
-      Contains the length of the message, including this field, in bytes
-      (big-endian integer)
-   protocol version number (16 bits)
-      Contains the hex constant 0x0001 (big-endian integer)
-   AP-REQ length (16 bits)
-      length (big-endian integer) of AP-REQ data, in bytes.
-   AP-REQ data, as described in RFC1510 (variable length)
-      This AP-REQ must be for the service principal
-      kadmin/changepw@REALM, where REALM is the REALM of the user who
-      wishes to change his password.  The Ticket in the AP-REQ must be
-      derived from an AS request (thus having the INITIAL flag set), and
-      must include a subkey in the Authenticator.
-   KRB-PRIV message, as described in RFC1510 (variable length)
-      This KRB-PRIV message must be generated using the subkey in the
-      Authenticator in the AP-REQ data.  The user-data component of the
-      message must consist of the user's new password.
-
-   The server must verify the AP-REQ message, decrypt the new password,
-   perform any local policy checks (such as password quality, history,
-   authorization, etc.) required, then set the password to the new value
-   specified.
-
-   The principal whose password is to be changed is the principal which
-   authenticated to the password changing service.  This protocol does
-   not address administrators who want to change passwords of principal
-   besides their own.
-
-
-Reply Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REP length        |         AP-REP data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                KRB-PRIV or KRB-ERROR message                  /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   message length (16 bits)
-
-
-
-Horowitz                                                        [Page 2]
-
-Internet Draft      Kerberos Change Password Protocol       August, 1998
-
-
-      Contains the length of the message, including this field, in bytes
-      (big-endian integer),
-   protocol version number (16 bits)
-      Contains the hex constant 0x0001 (big-endian integer)
-   AP-REP length (16 bits)
-      length of AP-REP data, in bytes.  If the the length is zero, then
-      the last field will contain a KRB-ERROR message instead of a KRB-
-      PRIV message.
-   AP-REP data, as described in RFC1510 (variable length)
-      The AP-REP corresponding to the AP-REQ in the request packet.
-   KRB-PRIV or KRB-ERROR message, as described in RFC1510 (variable
-      length)
-      If the AP-REP length is zero, then this field contains a KRB-ERROR
-      message.  Otherwise, it contains a KRB-PRIV message.  This KRB-
-      PRIV message must be generated using the subkey in the
-      Authenticator in the AP-REQ data.
-
-      The user-data component of the KRB-PRIV message, or e-data
-      component of the KRB-ERROR message, must consist of the following
-      data:
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          result code          |        result string          /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-      result code (16 bits)
-         The result code must have one of the following values (big-
-         endian integer):
-         0x0000 if the request succeeds.  (This value is not permitted
-            in a KRB-ERROR message.)
-         0x0001 if the request fails due to being malformed
-         0x0002 if the request fails due to a "hard" error processing
-            the request (for example, there is a resource or other
-            problem causing the request to fail)
-         0x0003 if the request fails due to an error in authentication
-            processing
-         0x0004 if the request fails due to a "soft" error processing
-            the request (for example, some policy or other similar
-            consideration is causing the request to be rejected).
-         0xFFFF if the request fails for some other reason.
-         Although only a few non-zero result codes are specified here,
-         the client should accept any non-zero result code as indicating
-         failure.
-      result string (variable length)
-         This field should contain information which the server thinks
-         might be useful to the user, such as feedback about policy
-         failures.  The string must be encoded in UTF-8.  It may be
-         omitted if the server does not wish to include it.  If it is
-         present, the client should display the string to the user.
-         This field is analogous to the string which follows the numeric
-         code in SMTP, FTP, and similar protocols.
-
-
-
-
-Horowitz                                                        [Page 3]
-
-Internet Draft      Kerberos Change Password Protocol       August, 1998
-
-
-Dropped and Modified Messages
-
-   An attacker (or simply a lossy network) could cause either the
-   request or reply to be dropped, or modified by substituting a KRB-
-   ERROR message in the reply.
-
-   If a request is dropped, no modification of the password/key database
-   will take place.  If a reply is dropped, the server will (assuming a
-   valid request) make the password change.  However, the client cannot
-   distinguish between these two cases.
-
-   In this situation, the client should construct a new authenticator,
-   re-encrypt the request, and retransmit.  If the original request was
-   lost, the server will treat this as a valid request, and the password
-   will be changed normally.  If the reply was lost, then the server
-   should take care to notice that the request was a duplicate of the
-   prior request, because the "new" password is the current password,
-   and the password change time is within some implementation-defined
-   replay time window.  The server should then return a success reply
-   (an AP-REP message with result code == 0x0000) without actually
-   changing the password or any other information (such as modification
-   timestamps).
-
-   If a success reply was replaced with an error reply, then the
-   application performing the request would return an error to the user.
-   In this state, the user's password has been changed, but the user
-   believes that it has not.  If the user attempts to change the
-   password again, this will probably fail, because the user cannot
-   successfully provide the old password to get an INITIAL ticket to
-   make the request.  This situation requires administrative
-   intervention as if a password was lost.  This situation is,
-   unfortunately, impossible to prevent.
-
-
-Security Considerations
-
-   This document deals with changing passwords for Kerberos.  Because
-   Kerberos is used for authentication and key distribution, it is
-   important that this protocol use the highest level of security
-   services available to a particular installation.  Mutual
-   authentication is performed, so that the server knows the request is
-   valid, and the client knows that the request has been received and
-   processed by the server.
-
-   There are also security issues relating to dropped or modified
-   messages which are addressed explicitly.
-
-
-References
-
-   [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-      Authentication Service (V5)", RFC 1510, September 1993.
-
-
-
-
-
-Horowitz                                                        [Page 4]
-
-Internet Draft      Kerberos Change Password Protocol       August, 1998
-
-
-Author's Address
-
-   Marc Horowitz
-   Stonecast, Inc.
-   108 Stow Road
-   Harvard, MA 01451
-
-   Phone: +1 978 456 9103
-   Email: marc@stonecast.net
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz                                                        [Page 5]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt
deleted file mode 100644
index 2583a84da0a4..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt
+++ /dev/null
@@ -1,127 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                        M. Horowitz
-<draft-ietf-cat-kerb-des3-hmac-sha1-00.txt>             Cygnus Solutions
-Internet-Draft                                            November, 1996
-
-
-           Triple DES with HMAC-SHA1 Kerberos Encryption Type
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as ``work in progress.''
-
-   To learn the current status of any Internet-Draft, please check the
-   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
-   Directories on ds.internic.net (US East Coast), nic.nordu.net
-   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
-   Rim).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   <cat-ietf@mit.edu> mailing list.
-
-Abstract
-
-   This document defines a new encryption type and a new checksum type
-   for use with Kerberos V5 [RFC1510].  This encryption type is based on
-   the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message
-   authentication algorithm.
-
-   The des3-cbc-hmac-sha1 encryption type has been assigned the value 7.
-   The hmac-sha1-des3 checksum type has been assigned the value 12.
-
-
-Encryption Type des3-cbc-hmac-sha1
-
-   EncryptedData using this type must be generated as described in
-   [Horowitz96].  The encryption algorithm is Triple DES in Outer-CBC
-   mode.  The keyed hash algorithm is HMAC-SHA1.  Unless otherwise
-   specified, a zero IV must be used.  If the length of the input data
-   is not a multiple of the block size, zero octets must be used to pad
-   the plaintext to the next eight-octet boundary.  The counfounder must
-   be eight random octets (one block).
-
-
-Checksum Type hmac-sha1-des3
-
-   Checksums using this type must be generated as described in
-   [Horowitz96].  The keyed hash algorithm is HMAC-SHA1.
-
-
-
-Horowitz                                                        [Page 1]
-
-Internet Draft     Kerberos Triple DES with HMAC-SHA1     November, 1996
-
-
-Common Requirements
-
-   Where the Triple DES key is represented as an EncryptionKey, it shall
-   be represented as three DES keys, with parity bits, concatenated
-   together.  The key shall be represented with the most significant bit
-   first.
-
-   When keys are generated by the derivation function, a key length of
-   168 bits shall be used.  The output bit string will be converted to a
-   valid Triple DES key by inserting DES parity bits after every seventh
-   bit.
-
-   Any implementation which implements either of the encryption or
-   checksum types in this document must support both.
-
-
-Security Considerations
-
-   This entire document defines encryption and checksum types for use
-   with Kerberos V5.
-
-
-References
-
-   [Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
-      horowitz-kerb-key-derivation-00.txt, November 1996.
-   [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
-      Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
-      md5-01.txt, August, 1996.
-   [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
-      Authentication Service (V5)", RFC 1510, September 1993.
-
-
-Author's Address
-
-   Marc Horowitz
-   Cygnus Solutions
-   955 Massachusetts Avenue
-   Cambridge, MA 02139
-
-   Phone: +1 617 354 7688
-   Email: marc@cygnus.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz                                                        [Page 2]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-key-derivation-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-key-derivation-00.txt
deleted file mode 100644
index 46a415852706..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-key-derivation-00.txt
+++ /dev/null
@@ -1,250 +0,0 @@
-
-
-
-
-
-Network Working Group                                        M. Horowitz
-<draft-ietf-cat-kerb-key-derivation-00.txt>             Cygnus Solutions
-Internet-Draft                                            November, 1996
-
-
-                     Key Derivation for Kerberos V5
-
-Status of this Memo
-
-   This document is an Internet-Draft.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as ``work in progress.''
-
-   To learn the current status of any Internet-Draft, please check the
-   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
-   Directories on ds.internic.net (US East Coast), nic.nordu.net
-   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
-   Rim).
-
-   Distribution of this memo is unlimited.  Please send comments to the
-   <cat-ietf@mit.edu> mailing list.
-
-Abstract
-
-   In the Kerberos protocol [RFC1510], cryptographic keys are used in a
-   number of places.  In order to minimize the effect of compromising a
-   key, it is desirable to use a different key for each of these places.
-   Key derivation [Horowitz96] can be used to construct different keys
-   for each operation from the keys transported on the network.  For
-   this to be possible, a small change to the specification is
-   necessary.
-
-
-Overview
-
-   Under RFC1510 as stated, key derivation could be specified as a set
-   of encryption types which share the same key type.  The constant for
-   each derivation would be a function of the encryption type.  However,
-   it is generally accepted that, for interoperability, key types and
-   encryption types must map one-to-one onto each other.  (RFC 1510 is
-   being revised to address this issue.)  Therefore, to use key
-   derivcation with Kerberos V5 requires a small change to the
-   specification.
-
-   For each place where a key is used in Kerberos, a ``key usage'' must
-   be specified for that purpose.  The key, key usage, and
-   encryption/checksum type together describe the transformation from
-   plaintext to ciphertext, or plaintext to checksum.  For backward
-
-
-
-Horowitz                                                        [Page 1]
-
-Internet Draft       Key Derivation for Kerberos V5       November, 1996
-
-
-   compatibility, old encryption types would be defined independently of
-   the key usage.
-
-
-Key Usage Values
-
-   This is a complete list of places keys are used in the kerberos
-   protocol, with key usage values and RFC 1510 section numbers:
-
-      1.  AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-          client key (section 5.4.1)
-      2.  AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-          application session key), encrypted with the service key
-          (section 5.4.2)
-      3.  AS-REP encrypted part (includes tgs session key or application
-          session key), encrypted with the client key (section 5.4.2)
-
-      4.  TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          session key (section 5.4.1)
-      5.  TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          authenticator subkey (section 5.4.1)
-      6.  TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-          with the tgs session key (sections 5.3.2, 5.4.1)
-      7.  TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-          authenticator subkey), encrypted with the tgs session key
-          (section 5.3.2)
-      8.  TGS-REP encrypted part (includes application session key),
-          encrypted with the tgs session key (section 5.4.2)
-      9.  TGS-REP encrypted part (includes application session key),
-          encrypted with the tgs authenticator subkey (section 5.4.2)
-
-      10. AP-REQ Authenticator cksum, keyed with the application session
-          key (section 5.3.2)
-      11. AP-REQ Authenticator (includes application authenticator
-          subkey), encrypted with the application session key (section
-          5.3.2)
-      12. AP-REP encrypted part (includes application session subkey),
-          encrypted with the application session key (section 5.5.2)
-
-      13. KRB-PRIV encrypted part, encrypted with a key chosen by the
-          application (section 5.7.1)
-      14. KRB-CRED encrypted part, encrypted with a key chosen by the
-          application (section 5.6.1)
-      15. KRB-SAVE cksum, keyed with a key chosen by the application
-          (section 5.8.1)
-
-      16. Data which is defined in some specification outside of
-          Kerberos to be encrypted using an RFC1510 encryption type.
-      17. Data which is defined in some specification outside of
-          Kerberos to be checksummed using an RFC1510 checksum type.
-
-   A few of these key usages need a little clarification.  A service
-   which receives an AP-REQ has no way to know if the enclosed Ticket
-   was part of an AS-REP or TGS-REP.  Therefore, key usage 2 must always
-
-
-
-Horowitz                                                        [Page 2]
-
-Internet Draft       Key Derivation for Kerberos V5       November, 1996
-
-
-   be used for generating a Ticket, whether it is in response to an AS-
-   REQ or TGS-REQ.
-
-   There might exist other documents which define protocols in terms of
-   the RFC1510 encryption types or checksum types.  Such documents would
-   not know about key usages.  In order that these documents continue to
-   be meaningful until they are updated, key usages 16 and 17 must be
-   used to derive keys for encryption and checksums, respectively.  New
-   protocols defined in terms of the Kerberos encryption and checksum
-   types should use their own key usages.  Key usages may be registered
-   with IANA to avoid conflicts.  Key usages shall be unsigned 32 bit
-   integers.  Zero is not permitted.
-
-
-Defining Cryptosystems Using Key Derivation
-
-   Kerberos requires that the ciphertext component of EncryptedData be
-   tamper-resistant as well as confidential.  This implies encryption
-   and integrity functions, which must each use their own separate keys.
-   So, for each key usage, two keys must be generated, one for
-   encryption (Ke), and one for integrity (Ki):
-
-      Ke = DK(protocol key, key usage | 0xAA)
-      Ki = DK(protocol key, key usage | 0x55)
-
-   where the key usage is represented as a 32 bit integer in network
-   byte order.  The ciphertest must be generated from the plaintext as
-   follows:
-
-      ciphertext = E(Ke, confounder | length | plaintext | padding) |
-                   H(Ki, confounder | length | plaintext | padding)
-
-   The confounder and padding are specific to the encryption algorithm
-   E.
-
-   When generating a checksum only, there is no need for a confounder or
-   padding.  Again, a new key (Kc) must be used.  Checksums must be
-   generated from the plaintext as follows:
-
-      Kc = DK(protocol key, key usage | 0x99)
-
-      MAC = H(Kc, length | plaintext)
-
-   Note that each enctype is described by an encryption algorithm E and
-   a keyed hash algorithm H, and each checksum type is described by a
-   keyed hash algorithm H.  HMAC, with an appropriate hash, is
-   recommended for use as H.
-
-
-Security Considerations
-
-   This entire document addresses shortcomings in the use of
-   cryptographic keys in Kerberos V5.
-
-
-
-
-Horowitz                                                        [Page 3]
-
-Internet Draft       Key Derivation for Kerberos V5       November, 1996
-
-
-Acknowledgements
-
-   I would like to thank Uri Blumenthal, Sam Hartman, and Bill
-   Sommerfeld for their contributions to this document.
-
-
-References
-
-   [Horowitz96] Horowitz, M., "Key Derivation for Authentication,
-      Integrity, and Privacy", draft-horowitz-key-derivation-00.txt,
-      November 1996.  [RFC1510] Kohl, J. and Neuman, C., "The Kerberos
-      Network Authentication Service (V5)", RFC 1510, September 1993.
-
-
-Author's Address
-
-   Marc Horowitz
-   Cygnus Solutions
-   955 Massachusetts Avenue
-   Cambridge, MA 02139
-
-   Phone: +1 617 354 7688
-   Email: marc@cygnus.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz                                                        [Page 4]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-err-msg-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-err-msg-00.txt
deleted file mode 100644
index c5e4d05e7e3e..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-err-msg-00.txt
+++ /dev/null
@@ -1,252 +0,0 @@
-
-INTERNET-DRAFT                                           Ari Medvinsky
-draft-ietf-cat-kerberos-err-msg-00.txt                        Matt Hur
-Updates: RFC 1510                                  Dominique Brezinski
-expires September 30, 1997                       CyberSafe Corporation
-                                                           Gene Tsudik
-                                                            Brian Tung
-                                                                   ISI
-
-Integrity Protection for the Kerberos Error Message
-
-0.  Status Of this Memo
-
-    This document is an Internet-Draft.  Internet-Drafts are working
-    documents of the Internet Engineering Task Force (IETF), its
-    areas, and its working groups.  Note that other groups may also
-    distribute working documents as Internet-Drafts.
-
-    Internet-Drafts are draft documents valid for a maximum of six
-    months and may be updated, replaced, or obsoleted by other
-    documents at any time.  It is inappropriate to use Internet-Drafts
-    as reference material or to cite them other than as "work in
-    progress."
-
-    To learn the current status of any Internet-Draft, please check
-    the "1id-abstracts.txt" listing contained in the Internet-Drafts
-    Shadow Directories on ds.internic.net (US East Coast),
-    nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-    munnari.oz.au (Pacific Rim).
-
-    The distribution of this memo is unlimited.  It is filed as
-    draft-ietf-cat-kerberos-pk-init-03.txt, and expires June xx, 1997.
-    Please send comments to the authors.
-
-1.  Abstract
-
-    The Kerberos error message, as defined in RFC 1510, is transmitted 
-    to the client without any integrity assurance.  Therefore, the 
-    client has no means to distinguish between a valid error message 
-    sent from the KDC and one sent by an attacker.  This draft describes 
-    a method for assuring the integrity of Kerberos error messages, and 
-    proposes a consistent format for the e-data field in the KRB_ERROR 
-    message.  This e-data format enables the storage of cryptographic 
-    checksums by providing an extensible mechanism for specifying e-data 
-    types.
-
-
-2.  Motivation      
-
-    In the Kerberos protocol [1], if an error occurs for AS_REQ,
-    TGS_REQ, or AP_REQ, a clear text error message is returned to the
-    client.  An attacker may exploit this vulnerability by sending a
-    false error message as a reply to any of the above requests.  For
-    example, an attacker may send the KDC_ERR_KEY_EXPIRED error message
-    in order to force a user to change their password in hope that the
-    new key will not be as strong as the current key, and thus, easier
-    to break.
-
-    Since false error messages may be utilized by an attacker, a
-    Kerberos client should have a means for determining how much trust
-    to place in a given error message.  The rest of this draft
-    describes a method for assuring the integrity of Kerberos error
-    messages.
-
-
-3.  Approach
-
-    We propose taking a cryptographic checksum over the entire KRB-ERROR
-    message.  This checksum would be returned as part of the error
-    message and would enable the client to verify the integrity of the
-    error message.  For interoperability reasons, no new fields are
-    added to the KRB-ERROR message.  Instead, the e-data field (see
-    figure 1) is utilized to carry the cryptographic checksum.
-
-
-3.1 Cryptographic checksums in error messages for AS_REQ,
-    TGS_REQ & AP_REQ
-
-    If an error occurs for the AS request, the only key that is
-    available to the KDC is the shared secret (the key derived from the
-    clients password) registered in the KDCs database.  The KDC will
-    use this key to sign the error message, if and only if, the client
-    already proved knowledge of the shared secret in the AS request
-    (e.g. via PA-ENC-TIMESTAMP in preauth data).  This policy is needed
-    to prevent an attacker from getting the KDC to send a signed error
-    message and then launching an off-line attack in order to obtain a
-    key of a given principal. 
-
-    If an error occurs for a TGS or an AP request, the server will use
-    the session key sealed in the clients ticket granting ticket to
-    compute the checksum over the error message.  If the checksum could
-    not be computed (e.g. error while decrypting the ticket) the error
-    message is returned to the client without the checksum.  The client
-    then has the option to treat unprotected error messages differently.
-
-
-    KRB-ERROR ::=  [APPLICATION 30] SEQUENCE {
-            pvno       [0]  integer,
-            msg-type   [1]  integer,
-            ctime      [2]  KerberosTime OPTIONAL,
-            cusec      [3]  INTEGER OPTIONAL,
-            stime      [4]  KerberosTime,
-            susec      [5]  INTEGER,
-            error-code [6]  INTEGER, 
-            crealm     [7]  Realm OPTIONAL,
-            cname      [8]  PrincipalName OPTIONAL,
-            realm      [9]  Realm,         --Correct realm  
-            sname      [10] PrincipalName, --Correct name  
-            e-text     [11] GeneralString OPTIONAL,
-            e-data     [12] OCTET STRING OPTIONAL
-    }
-    Figure 1
-
-
-3.2 Format of the e-data field
-
-    We propose to place the cryptographic checksum in the e-data field.
-    First, we review the format of the e-data field, as specified in
-    RFC 1510.  The format of e-data is specified only in two cases [2].
-    "If the error code is KDC_ERR_PREAUTH_REQUIRED, then the e-data
-    field will contain an encoding of a sequence of padata fields":
-
-    METHOD-DATA ::=  SEQUENCE of PA-DATA
-    PA-DATA ::= SEQUENCE {
-                padata-type    [1] INTEGER,
-                padata-value   [2] OCTET STRING
-    }
-
-    The second case deals with the KRB_AP_ERR_METHOD error code.  The
-    e-data field will contain an encoding of the following sequence:
-
-    METHOD-DATA ::=  SEQUENCE {
-                     method-type    [0] INTEGER,
-                     method-data    [1] OCTET STRING OPTIONAL
-    }
-
-    method-type indicates the required alternate authentication method.
-
-    It should be noted that, in the case of KRB_AP_ERR_METHOD, a signed
-    checksum is not returned as part of the error message, since the
-    error code indicates that the Kerberos credentials provided in the
-    AP_REQ message are unacceptable.
-
-    We propose that the e-data field have the following format for all
-    error-codes (except KRB_AP_ERR_METHOD):
-
-    E-DATA ::=  SEQUENCE {
-                data-type    [1] INTEGER,
-                data-value   [2] OCTET STRING,
-    }
-
-    The data-type field specifies the type of information that is
-    carried in the data-value field.  Thus, to send a cryptographic
-    checksum back to the client, the data-type is set to CHECKSUM, the
-    data-value is set to the ASN.1 encoding of the following sequence:
-
-    Checksum  ::=  SEQUENCE {
-                   cksumtype  [0] INTEGER,
-                   checksum   [1] OCTET STRING
-    }
-
-
-3.3 Computing the checksum 
-
-    After the error message is filled out, the error structure is
-    converted into ASN.1 representation.  A cryptographic checksum is
-    then taken over the encoded error message; the result is placed in
-    the error message structure, as the last item in the e-data field.
-    To send the error message, ASN.1 encoding is again performed over
-    the error message, which now includes the cryptographic checksum.
-
-
-3.4 Verifying the integrity of the error message
-
-    In addition to verifying the cryptographic checksum for the error
-    message, the client must verify that the error message is bound to
-    its request.  This is done by comparing the ctime field in the
-    error message to its counterpart in the request message.
-
-
-4.  E-DATA types
-
-    Since the e-data types must not conflict with preauthentication data
-    types, we propose that the preauthentication data types in the range
-    of 2048 and above be reserved for use as e-data types.
-
-    We define the following e-data type in support of integrity checking
-    for the Kerberos error message:
-
-    CHECKSUM = 2048 -- the keyed checksum described above
-
-
-5.  Discussion
-
-
-5.1 e-data types
-
-    The extension for Kerberos error messages, as outlined above, is
-    extensible to allow for definition of other error data types. 
-    We propose that the following e-data types be reserved:
-
-    KDCTIME = 2049
-    The error data would consist of the KDCs time in KerberosTime.
-    This data would be used by the client to adjust for clock skew.
-
-    REDIRECT = 2050
-    The error data would consist of a hostname.  The hostname would
-    indicate the authoritative KDC from which to obtain a TGT.
-
-
-5.2 e-data types vs. error code specific data formats
-
-    Since RFC 1510 does not define an error data type, the data format
-    must be explicitly specified for each error code.  This draft has
-    proposed an extension to RFC 1510 that would introduce the concept
-    of error data types.  This would allow for a manageable set of data
-    types to be used for any error message.  The authors assume that
-    the introduction of this e-data structure will not break any
-    existing Kerberos implementations.
-
-
-6.  Bibliography
-
-    [1] J. Kohl, C. Neuman.  The Kerberos Network Authentication
-        Service (V5).  Request for Comments: 1510
-    [2] J. Kohl, C. Neuman.  The Kerberos Network Authentication
-        Service (V5).  Request for Comments: 1510 p.67
-
-
-7.  Authors
-
-    Ari Medvinsky       <ari.medvinsky@cybersafe.com>
-    Matthew Hur         <matt.hur@cybersafe.com>
-    Dominique Brezinski <dominique.brezinski@cybersafe.com>
-
-    CyberSafe Corporation 
-    1605 NW Sammamish Road
-    Suite 310
-    Issaquah, WA 98027-5378
-    Phone: (206) 391-6000
-    Fax:   (206) 391-0508
-    http:/www.cybersafe.com
-
-
-    Brian Tung  <brian@isi.edu>
-    Gene Tsudik <gts@isi.edu>
-
-    USC Information Sciences Institute
-    4676 Admiralty Way Suite 1001
-    Marina del Rey CA 90292-6695
-    Phone: (310) 822-1511
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-extra-tgt-02.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-extra-tgt-02.txt
deleted file mode 100644
index b3ec336b6513..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-extra-tgt-02.txt
+++ /dev/null
@@ -1,174 +0,0 @@
-INTERNET-DRAFT                                        Jonathan Trostle
-draft-ietf-cat-kerberos-extra-tgt-02.txt              Cisco Systems
-Updates: RFC 1510                                     Michael M. Swift
-expires January 30, 2000                              University of WA
-
-
-    Extension to Kerberos V5 For Additional Initial Encryption
-
-0. Status Of This Memo
-
-   This document is an Internet-Draft and is in full conformance
-   with all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as
-   Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six
-   months and may be updated, replaced, or obsoleted by other
-   documents at any time.  It is inappropriate to use Internet-
-   Drafts as reference material or to cite them other than as
-   "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-1. Abstract
-
-   This document defines an extension to the Kerberos protocol
-   specification (RFC 1510) [1] to enable a preauthentication field in
-   the AS_REQ message to carry a ticket granting ticket. The session
-   key from this ticket granting ticket will be used to
-   cryptographically strengthen the initial exchange in either the
-   conventional Kerberos V5 case or in the case the user stores their
-   encrypted private key on the KDC [2].
-
-
-2. Motivation
-
-   In Kerberos V5, the initial exchange with the KDC consists of the
-   AS_REQ and AS_REP messages. For users, the encrypted part of the
-   AS_REP message is encrypted in a key derived from a password.
-   Although a password policy may be in place to prevent dictionary
-   attacks, brute force attacks may still be a concern due to
-   insufficient key length.
-
-   This draft specifies an extension to the Kerberos V5 protocol to
-   allow a ticket granting ticket to be included in an AS_REQ message
-   preauthentication field. The session key from this ticket granting
-   ticket will be used to cryptographically strengthen the initial
-
-   exchange in either the conventional Kerberos V5 case or in the case
-   the user stores their encrypted private key on the KDC [2]. The
-   session key from the ticket granting ticket is combined with the
-   user password key (key K2 in the encrypted private key on KDC
-   option) using HMAC to obtain a new triple des key that is used in
-   place of the user key in the initial exchange. The ticket granting
-   ticket could be obtained by the workstation using its host key.
-
-3. The Extension
-
-   The following new preauthentication type is proposed:
-
-      PA-EXTRA-TGT                         22
-
-   The preauthentication-data field contains a ticket granting ticket
-   encoded as an ASN.1 octet string. The server realm of the ticket
-   granting ticket must be equal to the realm in the KDC-REQ-BODY of
-   the AS_REQ message. In the absence of a trust relationship, the
-   local Kerberos client should send the AS_REQ message without this
-   extension.
-
-   In the conventional (non-pkinit) case, we require the RFC 1510
-   PA-ENC-TIMESTAMP preauthentication field in the AS_REQ message.
-   If neither it or the PA-PK-KEY-REQ preauthentication field is
-   included in the AS_REQ message, the KDC will reply with a
-   KDC_ERR_PREAUTH_FAILED error message.
-
-   We propose the following new etypes:
-
-     des3-cbc-md5-xor                              16
-     des3-cbc-sha1-xor                             17
-
-   The encryption key is obtained by:
-
-   (1) Obtaining an output M from the HMAC-SHA1 function [3] using
-       the user password key (the key K2 in the encrypted private
-       key on KDC option of pkinit) as the text and the triple des
-       session key as the K input in HMAC:
-
-       M = H(K XOR opad, H(K XOR ipad, text)) where H = SHA1.
-
-       The session key from the accompanying ticket granting ticket
-       must be a triple des key when one of the triple des xor
-       encryption types is used.
-   (2) Concatenate the output M (20 bytes) with the first 8 non-parity
-       bits of the triple-des ticket granting ticket session key to
-       get 168 bits that will be used for the new triple-des encryption
-       key.
-   (3) Set the parity bits of the resulting key.
-
-   The resulting triple des key is used to encrypt the timestamp
-   for the PA-ENC-TIMESTAMP preauthentication value (or in the
-   encrypted private key on KDC option of pkinit, it is used in
-   place of the key K2 to both sign in the PA-PK-KEY-REQ and for
-   encryption in the PA-PK-KEY-REP preauthentication types).
-
-   If the KDC decrypts the encrypted timestamp and it is not within
-   the appropriate clock skew period, the KDC will reply with the
-   KDC_ERR_PREAUTH_FAILED error. The same error will also be sent if
-   the above ticket granting ticket fails to decrypt properly, or if
-   it is not a valid ticket.
-
-   The KDC will create the shared triple des key from the ticket
-   granting ticket session key and the user password key (the key K2
-   in the encrypted private key on KDC case) using HMAC as specified
-   above and use it to validate the AS_REQ message and then to
-   encrypt the encrypted part of the AS_REP message (use it in place
-   of the key K2 for encryption in the PA-PK-KEY-REP preauthentication
-   field).
-
-   Local workstation policy will determine the exact behaviour of
-   the Kerberos client with respect to the extension protocol. For
-   example, the client should consult policy to decide when to use
-   use the extension. This policy could be dependent on the user
-   identity, or whether the workstation is in the same realm as the
-   user. One possibility is for the workstation logon to fail if
-   the extension is not used. Another possibility is for the KDC
-   to set a flag in tickets issued when this extension is used.
-
-   A similar idea was proposed in OSF DCE RFC 26.0 [4]; there a
-   preauthentication field containing a ticket granting ticket,
-   a randomly generated subkey encrypted in the session key from
-   the ticket, and a timestamp structure encrypted in the user
-   password and then the randomly generated subkey was proposed.
-   Some advantages of the current proposal are that the KDC has two
-   fewer decryptions to perform per request and the client does not
-   have to generate a random key.
-
-4. Bibliography
-
-   [1] J. Kohl, C. Neuman. The Kerberos Network Authentication
-   Service (V5). Request for Comments 1510.
-
-   [2] B. Tung, C. Neuman, J. Wray, A. Medvinsky, M. Hur, J. Trostle.
-   Public Key Cryptography for Initial Authentication in Kerberos.
-   ftp://ds.internic.net/internet-drafts/
-   draft-ietf-cat-kerberos-pkinit-08.txt
-
-   [3] H. Krawczyk, M. Bellare, R. Canetti. HMAC: Keyed-Hashing for
-   Message Authentication. Request for Comments 2104.
-
-   [4] J. Pato. Using Pre-authentication to Avoid Password Guessing
-   Attacks. OSF DCE SIG Request for Comments 26.0.
-
-5. Acknowledgement: We thank Ken Hornstein for some helpful comments.
-
-6. Expires January 30, 2000.
-
-7. Authors' Addresses
-
-   Jonathan Trostle
-   170 W. Tasman Dr.
-   San Jose, CA 95134, U.S.A.
-
-   Email: jtrostle@cisco.com
-   Phone: (408) 527-6201
-
-   Michael Swift
-   Email: mikesw@cs.washington.edu
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-extra-tgt-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-extra-tgt-03.txt
deleted file mode 100644
index d09a2ded5bc5..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-extra-tgt-03.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-This Internet-Draft has expired and is no longer available.
-
-Unrevised documents placed in the Internet-Drafts directories have a
-maximum life of six months. After that time, they must be updated, or
-they will be deleted. This document was deleted on March 20, 2000.
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-cross-01.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-cross-01.txt
deleted file mode 100644
index 4b193c57390c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-cross-01.txt
+++ /dev/null
@@ -1,282 +0,0 @@
-INTERNET-DRAFT                                              Brian Tung
-draft-ietf-cat-kerberos-pk-cross-01.txt                 Tatyana Ryutov
-Updates: RFC 1510                                      Clifford Neuman
-expires September 30, 1997                                 Gene Tsudik
-                                                                   ISI
-                                                       Bill Sommerfeld
-                                                       Hewlett-Packard
-                                                         Ari Medvinsky
-                                                           Matthew Hur
-                                                 CyberSafe Corporation
-
-
-    Public Key Cryptography for Cross-Realm Authentication in Kerberos
-
-
-0.  Status Of this Memo
-
-    This document is an Internet-Draft.  Internet-Drafts are working
-    documents of the Internet Engineering Task Force (IETF), its
-    areas, and its working groups.  Note that other groups may also
-    distribute working documents as Internet-Drafts.
-
-    Internet-Drafts are draft documents valid for a maximum of six
-    months and may be updated, replaced, or obsoleted by other
-    documents at any time.  It is inappropriate to use Internet-Drafts
-    as reference material or to cite them other than as ``work in
-    progress.''
-
-    To learn the current status of any Internet-Draft, please check
-    the ``1id-abstracts.txt'' listing contained in the Internet-Drafts
-    Shadow Directories on ds.internic.net (US East Coast),
-    nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-    munnari.oz.au (Pacific Rim).
-
-    The distribution of this memo is unlimited.  It is filed as
-    draft-ietf-cat-kerberos-pk-cross-01.txt, and expires September 30,
-    1997.  Please send comments to the authors.
-
-
-1.  Abstract
-
-    This document defines extensions to the Kerberos protocol
-    specification (RFC 1510, "The Kerberos Network Authentication
-    Service (V5)", September 1993) to provide a method for using
-    public key cryptography during cross-realm authentication.  The
-    methods defined here specify the way in which message exchanges
-    are to be used to transport cross-realm secret keys protected by
-    encryption under public keys certified as belonging to KDCs.
-
-
-2.  Motivation
-
-    The advantages provided by public key cryptography--ease of
-    recoverability in the event of a compromise, the possibility of
-    an autonomous authentication infrastructure, to name a few--have
-    produced a demand for use by Kerberos authentication protocol.  A
-    draft describing the use of public key cryptography in the initial
-    authentication exchange in Kerberos has already been submitted.
-    This draft describes its use in cross-realm authentication.
-
-    The principal advantage provided by public key cryptography in
-    cross-realm authentication lies in the ability to leverage the
-    existing public key infrastructure.  It frees the Kerberos realm
-    administrator from having to maintain separate keys for each other
-    realm with which it wishes to exchange authentication information,
-    or to utilize a hierarchical arrangement, which may pose problems
-    of trust.
-
-    Even with the multi-hop cross-realm authentication, there must be
-    some way to locate the path by which separate realms are to be
-    transited.  The current method, which makes use of the DNS-like
-    realm names typical to Kerberos, requires trust of the intermediate
-    KDCs.
-
-    The methods described in this draft allow a realm to specify, at
-    the time of authentication, which certification paths it will
-    trust.  A shared key for cross-realm authentication can be
-    established, for a period of time.  Furthermore, these methods are
-    transparent to the client, so that only the KDC's need to be
-    modified to use them.
-
-    It is not necessary to implement the changes described in the
-    "Public Key Cryptography for Initial Authentication" draft to make
-    use of the changes in this draft.  We solicit comments about the
-    interaction between the two protocol changes, but as of this
-    writing, the authors do not perceive any obstacles to using both.
-
-
-3.  Protocol Amendments
-
-    We assume that the user has already obtained a TGT.  To perform
-    cross-realm authentication, the user sends a request to the local
-    KDC as per RFC 1510.  If the two realms share a secret key, then
-    cross-realm authentication proceeds as usual.  Otherwise, the
-    local KDC may attempt to establish a shared key with the remote
-    KDC using public key cryptography, and exchange this key through
-    the cross-realm ticket granting ticket.
-
-    We will consider the specific channel on which the message
-    exchanges take place in Section 5 below.
-
-
-3.1.  Changes to the Cross-Realm Ticket Granting Ticket
-
-    In order to avoid the need for changes to the "installed base" of
-    Kerberos application clients and servers, the only protocol change
-    is to the way in which cross-realm ticket granting tickets (TGTs)
-    are encrypted; as these tickets are opaque to clients and servers,
-    the only change visible to them will be the increased size of the
-    tickets.
-
-    Cross-realm TGTs are granted by a local KDC to authenticate a user
-    to a remote KDC's ticket granting service.  In standard Kerberos,
-    they are encrypted using a shared secret key manually configured
-    into each KDC.
-
-    In order to incorporate public key cryptography, we define a new
-    encryption type, "ENCTYPE_PK_CROSS".  Operationally, this encryption
-    type transforms an OCTET STRING of plaintext (normally an EncTktPart)
-    into the following SEQUENCE:
-
-        PKCrossOutput ::= SEQUENCE {
-            certificate [0]     OCTET STRING OPTIONAL,
-                                    -- public key certificate
-                                    -- of local KDC
-            encSharedKey [1]    EncryptedData,
-                                    -- of type EncryptionKey
-                                    -- containing random symmetric key
-                                    -- encrypted using public key
-                                    -- of remote KDC
-            sigSharedKey [2]    Signature,
-                                    -- of encSharedKey
-                                    -- using signature key
-                                    -- of local KDC
-            pkEncData [3]       EncryptedData,
-                                    -- (normally) of type EncTktPart
-                                    -- encrypted using encryption key
-                                    -- found in encSharedKey
-        }
-
-    PKCROSS operates as follows: when a client submits a request for
-    cross-realm authentication, the local KDC checks to see if it has
-    a long-term shared key established for that realm.  If so, it uses
-    this key as per RFC 1510.
-
-    If not, it sends a request for information to the remote KDC.  The
-    content of this message is immaterial, as it does not need to be
-    processed by the remote KDC; for the sake of consistency, we define
-    it as follows:
-
-        RemoteRequest ::= [APPLICATION 41] SEQUENCE {
-            nonce [0]                   INTEGER
-        }
-
-    The remote KDC replies with a list of all trusted certifiers and
-    all its (the remote KDC's) certificates.  We note that this response
-    is universal and does not depend on which KDC makes the request:
-
-        RemoteReply ::= [APPLICATION 42] SEQUENCE {
-            trustedCertifiers [0]       SEQUENCE OF PrincipalName,
-            certificates[1]             SEQUENCE OF Certificate,
-            encTypeToUse [1]            SEQUENCE OF INTEGER
-                                            -- encryption types usable
-                                            -- for encrypting pkEncData
-        }
-
-        Certificate ::= SEQUENCE {
-            CertType                [0] INTEGER,
-                                        -- type of certificate
-                                        -- 1 = X.509v3 (DER encoding)
-                                        -- 2 = PGP (per PGP draft)
-            CertData                [1] OCTET STRING
-                                        -- actual certificate
-                                        -- type determined by CertType
-        } -- from pk-init draft
-
-    Upon receiving this reply, the local KDC determines whether it has
-    a certificate the remote KDC trusts, and whether the remote KDC has
-    a certificate the local KDC trusts.  If so, it issues a ticket
-    encrypted using the ENCTYPE_PK_CROSS encryption type defined above.
-
-
-3.2.  Profile Caches
-
-    We observe that using PKCROSS as specified above requires two
-    private key operations: a signature generation by the local KDC and
-    a decryption by the remote KDC.  This cost can be reduced in the
-    long term by judicious caching of the encSharedKey and the
-    sigSharedKey.
-
-    Let us define a "profile" as the encSharedKey and sigSharedKey, in
-    conjunction with the associated remote realm name and decrypted
-    shared key (the key encrypted in the encSharedKey).
-
-    To optimize these interactions, each KDC maintains two caches, one
-    for outbound profiles and one for inbound profiles.  When generating
-    an outbound TGT for another realm, the local KDC first checks to see
-    if the corresponding entry exists in the outbound profile cache; if
-    so, it uses its contents to form the first three fields of the
-    PKCrossOutput; the shared key is used to encrypt the data for the
-    fourth field.  If not, the components are generated fresh and stored
-    in the outbound profile cache.
-
-    Upon receipt of the TGT, the remote realm checks its inbound profile
-    cache for the corresponding entry.  If it exists, then it uses the
-    contents of the entry to decrypt the data encrypted in the pkEncData.
-    If not, then it goes through the full process of verifying and
-    extracting the shared key; if this is successful, then a new entry
-    is created in the inbound profile cache.
-
-    The inbound profile cache should support multiple entries per realm,
-    in the event that the initiating realm is replicated.
-
-
-4.  Finding Realms Supporting PKCROSS
-
-    If either the local realm or the destination realm does not support
-    PKCROSS, or both do not, the mechanism specified in Section 3 can
-    still be used in obtaining the desired remote TGT.
-
-    In the reference Kerberos implementations, the default behavior is
-    to traverse a path up and down the realm name hierarchy, if the
-    two realms do not share a key.  There is, however, the possibility
-    of using cross links--i.e., keys shared between two realms that
-    are non-contiguous in the realm name hierarchy--to shorten the
-    path, both to minimize delay and the number of intermediate realms
-    that need to be trusted.
-
-    PKCROSS can be used as a way to provide cross-links even in the
-    absence of shared keys.  If the client is aware that one or two
-    intermediate realms support PKCROSS, then a combination of
-    PKCROSS and conventional cross-realm authentication can be used
-    to reach the final destination realm.
-
-    We solicit discussion on the best methods for clients and KDCs to
-    determine or advertise support for PKCROSS.
-
-
-5.  Message Ports
-
-    We have not specified the port on which KDCs supporting PKCROSS
-    should listen to receive the request for information messages noted
-    above.  We solicit discussion on which port should be used.  We
-    propose to use the standard Kerberos ports (well-known 88 or 750),
-    but another possibility is to use a completely different port.
-
-    We also solicit discussion on what other approaches can be taken to
-    obtain the information in the RemoteReply (e.g., secure DNS or some
-    other repository).
-
-
-6.  Expiration Date
-
-    This Internet-Draft will expire on September 30, 1997.
-
-
-7.  Authors' Addresses
-
-    Brian Tung
-    Tatyana Ryutov
-    Clifford Neuman
-    Gene Tsudik
-    USC/Information Sciences Institute
-    4676 Admiralty Way Suite 1001
-    Marina del Rey, CA 90292-6695
-    Phone: +1 310 822 1511
-    E-Mail: {brian, tryutov, bcn, gts}@isi.edu
-
-    Bill Sommerfeld
-    Hewlett Packard
-    300 Apollo Drive
-    Chelmsford MA 01824
-    Phone: +1 508 436 4352
-    E-Mail: sommerfeld@apollo.hp.com
-
-    Ari Medvinsky
-    Matthew Hur
-    CyberSafe Corporation
-    1605 NW Sammamish Road Suite 310
-    Issaquah WA 98027-5378
-    Phone: +1 206 391 6000
-    E-mail: {ari.medvinsky, matt.hur}@cybersafe.com
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-cross-06.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-cross-06.txt
deleted file mode 100644
index 1ab2b03e079d..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-cross-06.txt
+++ /dev/null
@@ -1,523 +0,0 @@
-
-INTERNET-DRAFT                                               Matthew Hur
-draft-ietf-cat-kerberos-pk-cross-06.txt            CyberSafe Corporation
-Updates: RFC 1510                                             Brian Tung
-expires October 10, 2000                                  Tatyana Ryutov
-                                                         Clifford Neuman
-                                                             Gene Tsudik
-                                                                     ISI
-                                                           Ari Medvinsky
-                                                                Keen.com
-                                                         Bill Sommerfeld
-                                                         Hewlett-Packard
-
-
-    Public Key Cryptography for Cross-Realm Authentication in Kerberos
-
-
-0.  Status Of this Memo
-
-    This document is an Internet-Draft and is in full conformance with
-    all provisions of Section 10 of RFC 2026.  Internet-Drafts are
-    working documents of the Internet Engineering Task Force (IETF),
-    its areas, and its working groups.  Note that other groups may
-    also distribute working documents as Internet-Drafts.
-
-    Internet-Drafts are draft documents valid for a maximum of six
-    months and may be updated, replaced, or obsoleted by other
-    documents at any time.  It is inappropriate to use Internet-Drafts
-    as reference material or to cite them other than as ``work in
-    progress.''
-
-     The list of current Internet-Drafts can be accessed at
-     http://www.ietf.org/ietf/1id-abstracts.txt
-
-     The list of Internet-Draft Shadow Directories can be accessed at
-     http://www.ietf.org/shadow.html.
-
-
-
-    To learn the current status of any Internet-Draft, please check
-    the ``1id-abstracts.txt'' listing contained in the Internet-Drafts
-    Shadow Directories on ftp.ietf.org (US East Coast),
-    nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-    munnari.oz.au (Pacific Rim).
-
-    The distribution of this memo is unlimited.  It is filed as
-    draft-ietf-cat-kerberos-pk-cross-06.txt, and expires May 15, 1999.
-    Please send comments to the authors.
-
-
-1.  Abstract
-
-    This document defines extensions to the Kerberos protocol 
-    specification [1] to provide a method for using public key 
-    cryptography to enable cross-realm authentication.  The methods 
-    defined here specify the way in which message exchanges are to be 
-    used to transport cross-realm secret keys protected by encryption 
-    under public keys certified as belonging to KDCs.
-
-
-2.  Introduction
-
-    The Kerberos authentication protocol [2]  can leverage the 
-    advantages provided by public key cryptography.  PKINIT [3] 
-    describes the use of public key cryptography in the initial 
-    authentication exchange in Kerberos.  PKTAPP [4] describes how an 
-    application service can essentially issue a kerberos ticket to 
-    itself after utilizing public key cryptography for authentication. 
-    Another informational document species the use of public key 
-    crypography for anonymous authentication in Kerberos [5].  This 
-    specification describes the use of public key crpytography in cross- 
-    realm authentication.
-
-    Without the use of public key cryptography, administrators must 
-    maintain separate keys for every realm which wishes to exchange 
-    authentication information with another realm (which implies n(n-1) 
-    keys), or they must utilize a hierachichal arrangement of realms, 
-    which may complicate the trust model by requiring evaluation of 
-    transited realms.
-
-    Even with the multi-hop cross-realm authentication, there must be 
-    some way to locate the path by which separate realms are to be 
-    transited.  The current method, which makes use of the DNS-like 
-    realm names typical to Kerberos, requires trust of the intermediate 
-    KDCs.
-
-    PKCROSS utilizes a public key infrastructure (PKI) [6] to simplify 
-    the administrative burden of maintaining cross-realm keys.  Such 
-    usage leverages a PKI for a non-centrally-administratable environment 
-    (namely, inter-realm).  Thus, a shared key for cross-realm 
-    authentication can be established for a set period of time, and a 
-    remote realm is able to issue policy information that is returned to 
-    itself when a client requests cross-realm authentication. Such policy 
-    information may be in the form of restrictions [7].  Furthermore, 
-    these methods are transparent to the client; therefore, only the KDCs 
-    need to be modified to use them.  In this way, we take advantage of 
-    the the distributed trust management capabilities of public key 
-    crypography while maintaining the advantages of localized trust 
-    management provided by Kerberos.
-
-
-    Although this specification utilizes the protocol specfied in the 
-    PKINIT specification, it is not necessary to implement client 
-    changes in order to make use of the changes in this document.
-
-
-3.  Objectives
-
-    The objectives of this specification are as follows:
-    
-      1.  Simplify the administration required to establish Kerberos
-          cross-realm keys.
-          
-      2.  Avoid modification of clients and application servers.
-
-      3.  Allow remote KDC to control its policy on cross-realm
-          keys shared between KDCs, and on cross-realm tickets
-          presented by clients.
-
-      4.  Remove any need for KDCs to maintain state about keys
-          shared with other KDCs.
-
-      5.  Leverage the work done for PKINIT to provide the public key
-          protocol for establishing symmetric cross realm keys.
-
-
-4.  Definitions
-
-    The following notation is used throughout this specification:
-    KDC_l ........... local KDC
-    KDC_r ........... remote KDC
-    XTKT_(l,r) ...... PKCROSS ticket that the remote KDC issues to the
-                      local KDC
-    TGT_(c,r) ....... cross-realm TGT that the local KDC issues to the
-                      client for presentation to the remote KDC
-
-    This specification defines the following new types to be added to the 
-    Kerberos specification:
-      PKCROSS kdc-options field in the AS_REQ is bit 9
-      TE-TYPE-PKCROSS-KDC       2
-      TE-TYPE-PKCROSS-CLIENT    3
-
-    This specification defines the following ASN.1 type for conveying
-    policy information:
-    CrossRealmTktData ::= SEQUENCE OF TypedData
-
-    This specification defines the following types for policy information 
-    conveyed in CrossRealmTktData:
-      PLC_LIFETIME              1
-      PLC_SET_TKT_FLAGS         2
-      PLC_NOSET_TKT_FLAGS       3
-
-    TicketExtensions are defined per the Kerberos specification [8]:
-    TicketExtensions ::= SEQUENCE OF TypedData
-      Where
-        TypedData ::=   SEQUENCE {
-            data-type[0]   INTEGER,
-            data-value[1]  OCTET STRING OPTIONAL
-        }
-
-
-5.  Protocol Specification
-
-    We assume that the client has already obtained a TGT.  To perform
-    cross-realm authentication, the client does exactly what it does
-    with ordinary (i.e. non-public-key-enabled) Kerberos; the only
-    changes are in the KDC; although the ticket which the client
-    forwards to the remote realm may be changed.  This is acceptable
-    since the client treats the ticket as opaque.
-
-
-5.1.  Overview of Protocol
-
-    The basic operation of the PKCROSS protocol is as follows:
-
-        1.  The client submits a request to the local KDC for
-            credentials for the remote realm.  This is just a typical
-            cross realm request that may occur with or without PKCROSS. 
-
-        2.  The local KDC submits a PKINIT request to the remote KDC to
-            obtain a "special" PKCROSS ticket.  This is a standard
-            PKINIT request, except that PKCROSS flag (bit 9) is set in
-            the kdc-options field in the AS_REQ.
-
-        3.  The remote KDC responds as per PKINIT, except that
-            the ticket contains a TicketExtension, which contains
-            policy information such as lifetime of cross realm tickets
-            issued by KDC_l to a client.  The local KDC must reflect
-            this policy information in the credentials it forwards to
-            the client.  Call this ticket XTKT_(l,r) to indicate that
-            this ticket is used to authenticate the local KDC to the
-            remote KDC.
-
-        4.  The local KDC passes a ticket, TGT_(c,r) (the cross realm
-            TGT between the client and remote KDC), to the client.
-            This ticket contains in its TicketExtension field the
-            ticket, XTKT_(l,r), which contains the cross-realm key.
-            The TGT_(c,r) ticket is encrypted using the key sealed in
-            XTKT_(l,r).  (The TicketExtension field is not encrypted.)
-            The local KDC may optionally include another TicketExtension
-            type that indicates the hostname and/or IP address for the
-            remote KDC.
-
-        5.  The client submits the request directly to the remote
-            KDC, as before.
-            
-        6.  The remote KDC extracts XTKT_(l,r) from the TicketExtension
-            in order to decrypt the encrypted part of TGT_(c,r).
-
-    --------------------------------------------------------------------
-    
-    Client                Local KDC (KDC_l)           Remote KDC (KDC_r)
-    ------                -----------------           ------------------
-    Normal Kerberos
-    request for
-    cross-realm
-    ticket for KDC_r
-    ---------------------->
-    
-                          PKINIT request for
-                          XTKT(l,r) - PKCROSS flag
-                          set in the AS-REQ
-                          * ------------------------->
-                          
-                                                      PKINIT reply with
-                                                      XTKT_(l,r) and
-                                                      policy info in
-                                                      ticket extension
-                                           <-------------------------- *
-
-                          Normal Kerberos reply
-                          with TGT_(c,r) and
-                          XTKT(l,r) in ticket
-                          extension
-         <--------------------------------- 
-
-    Normal Kerberos
-    cross-realm TGS-REQ
-    for remote
-    application
-    service with
-    TGT_(c,r) and
-    XTKT(l,r) in ticket
-    extension
-    ------------------------------------------------->
-
-                                                      Normal Kerberos
-                                                      cross-realm
-                                                      TGS-REP
-        <---------------------------------------------------------------
-
-    * Note that the KDC to KDC messages occur only periodically, since
-      the local KDC caches the XTKT_(l,r).
-    --------------------------------------------------------------------
-    
-
-    Sections 5.2 through 5.4 describe in detail steps 2 through 4
-    above.  Section 5.6 describes the conditions under which steps
-    2 and 3 may be skipped.
-
-    Note that the mechanism presented above requires infrequent KDC to 
-    KDC communication (as dictated by policy - this is discussed
-    later).  Without such an exchange, there are the following issues:
-    1) KDC_l would have to issue a ticket with the expectation that
-       KDC_r will accept it.
-    2) In the message that the client sends to KDC_r, KDC_l would have
-       to authenticate KDC_r with credentials that KDC_r trusts.
-    3) There is no way for KDC_r to convey policy information to KDC_l.
-    4) If, based on local policy, KDC_r does not accept a ticket from
-       KDC_l, then the client gets stuck in the middle.  To address such
-       an issue would require modifications to standard client
-       processing behavior.
-    Therefore, the infreqeunt use of KDC to KDC communication assures
-    that inter-realm KDC keys may be established in accordance with local
-    policies and that clients may continue to operate without
-    modification.
-
-
-5.2.  Local KDC's Request to Remote KDC
-
-    When the local KDC receives a request for cross-realm authentication, 
-    it first checks its ticket cache to see if it has a valid PKCROSS 
-    ticket, XTKT_(l,r).  If it has a valid XTKT_(l,r), then it does not 
-    need to send a request to the remote KDC (see section 5.5).
-
-    If the local KDC does not have a valid XTKT_(l,r), it sends a     
-    request to the remote KDC in order to establish a cross realm key and 
-    obtain the XTKT_(l,r).  This request is in fact a PKINIT request as 
-    described in the PKINIT specification; i.e., it consists of an AS-REQ 
-    with a PA-PK-AS-REQ included as a preauthentication field.  Note, 
-    that the AS-REQ MUST have the PKCROSS flag (bit 9) set in the 
-    kdc_options field of the AS-REQ.  Otherwise, this exchange exactly 
-    follows the description given in the PKINIT specification.  In 
-    addition, the naming
-
-
-5.3.  Remote KDC's Response to Local KDC
-
-    When the remote KDC receives the PKINIT/PKCROSS request from the
-    local KDC, it sends back a PKINIT response as described in
-    the PKINIT specification with the following exception: the encrypted
-    part of the Kerberos ticket is not encrypted with the krbtgt key;
-    instead, it is encrypted with the ticket granting server's PKCROSS
-    key.  This key, rather than the krbtgt key, is used because it
-    encrypts a ticket used for verifying a cross realm request rather
-    than for issuing an application service ticket.  Note that, as a
-    matter of policy, the session key for the XTKT_(l,r) MAY be of
-    greater strength than that of a session key for a normal PKINIT
-    reply, since the XTKT_(l,r) SHOULD be much longer lived than a
-    normal application service ticket.
-
-    In addition, the remote KDC SHOULD include policy information in the 
-    XTKT_(l,r).  This policy information would then be reflected in the 
-    cross-realm TGT, TGT_(c,r).  Otherwise, the policy for TGT_(c,r) 
-    would be dictated by KDC_l rather than by KDC_r.  The local KDC MAY 
-    enforce a more restrictive local policy when creating a cross-realm 
-    ticket, TGT_(c,r).  For example, KDC_r  may dictate a lifetime 
-    policy of eight hours, but KDC_l may create TKT_(c,r) with a 
-    lifetime of four hours, as dictated by local policy.  Also, the 
-    remote KDC MAY include other information about itself along with the 
-    PKCROSS ticket.  These items are further discussed in section 6 
-    below.
-
-
-5.4.  Local KDC's Response to Client
-
-    Upon receipt of the PKINIT/CROSS response from the remote KDC,
-    the local KDC formulates a response to the client.  This reply
-    is constructed exactly as in the Kerberos specification, except
-    for the following:
-
-    A) The local KDC places XTKT_(l,r) in the TicketExtension field of
-       the client's cross-realm, ticket, TGT_(c,r), for the remote realm.
-       Where
-          data-type   equals 3 for TE-TYPE-PKCROSS-CLIENT
-          data-value  is ASN.1 encoding of XTKT_(l,r)
-     
-    B) The local KDC adds the name of its CA to the transited field of
-       TGT_(c,r).
-
-
-5.5   Remote KDC's Processing of Client Request
-
-    When the remote KDC, KDC_r, receives a cross-realm ticket, 
-    TGT_(c,r), and it detects that the ticket contains a ticket 
-    extension of type TE-TYPE-PKCROSS-CLIENT, KDC_r must first decrypt 
-    the ticket, XTKT_(l,r), that is encoded in the ticket extension.  
-    KDC_r uses its PKCROSS key in order to decrypt XTKT_(l,r).  KDC_r 
-    then uses the key obtained from XTKT_(l,r) in order to decrypt the 
-    cross-realm ticket, TGT_(c,r).
-
-    KDC_r MUST verify that the cross-realm ticket, TGT_(c,r) is in 
-    compliance with any policy information contained in XTKT_(l,r) (see 
-    section 6).  If the TGT_(c,r) is not in compliance with policy, then 
-    the KDC_r responds to the client with a KRB-ERROR message of type 
-    KDC_ERR_POLICY.
-
-    
-5.6.  Short-Circuiting the KDC-to-KDC Exchange
-
-    As we described earlier, the KDC to KDC exchange is required only 
-    for establishing a symmetric, inter-realm key.  Once this key is 
-    established (via the PKINIT exchange), no KDC to KDC communication 
-    is required until that key needs to be renewed.  This section 
-    describes the circumstances under which the KDC to KDC exchange 
-    described in Sections 5.2 and 5.3 may be skipped.
-
-    The local KDC has a known lifetime for TGT_(c,r).  This lifetime may 
-    be determined by policy information included in XTKT_(l,r), and/or 
-    it may be determined by local KDC policy.  If the local KDC already 
-    has a ticket XTKT(l,r), and the start time plus the lifetime for 
-    TGT_(c,r) does not exceed the expiration time for XTGT_(l,r), then 
-    the local KDC may skip the exchange with the remote KDC, and issue a 
-    cross-realm ticket to the client as described in Section 5.4.
-
-    Since the remote KDC may change its PKCROSS key (referred to in 
-    Section 5.2) while there are PKCROSS tickets still active, it SHOULD 
-    cache the old PKCROSS keys until the last issued PKCROSS ticket 
-    expires.  Otherwise, the remote KDC will respond to a client with a 
-    KRB-ERROR message of type KDC_ERR_TGT_REVOKED.
-
-
-6.  Extensions for the PKCROSS Ticket
-
-    As stated in section 5.3, the remote KDC SHOULD include policy 
-    information in XTKT_(l,r).  This policy information is contained in 
-    a TicketExtension, as defined by the Kerberos specification, and the 
-    authorization data of the ticket will contain an authorization 
-    record of type AD-IN-Ticket-Extensions.  The TicketExtension defined 
-    for use by PKCROSS is TE-TYPE-PKCROSS-KDC.
-      Where
-        data-type   equals 2 for TE-TYPE-PKCROSS-KDC
-        data-value  is ASN.1 encoding of CrossRealmTktData
-
-      CrossRealmTktData ::= SEQUENCE OF TypedData
-
-
-      ------------------------------------------------------------------
-      CrossRealmTktData types and the corresponding data are interpreted 
-      as follows:
-
-                                                            ASN.1 data
-      type                value   interpretation            encoding
-      ----------------    -----   --------------            ----------
-      PLC_LIFETIME          1     lifetime (in seconds)     INTEGER
-                                  for TGT_(c,r) 
-                                  - cross-realm tickets
-                                    issued for clients by
-                                    TGT_l
-
-      PLC_SET_TKT_FLAGS     2     TicketFlags that must     BITSTRING
-                                  be set
-                                  - format defined by
-                                    Kerberos specification
-
-      PLC_NOSET_TKT_FLAGS   3     TicketFlags that must     BITSTRING
-                                  not be set
-                                  - format defined by
-                                    Kerberos specification
-
-      Further types may be added to this table.
-      ------------------------------------------------------------------
-
-
-7.  Usage of Certificates
-
-    In the cases of PKINIT and PKCROSS, the trust in a certification 
-    authority is equivalent to Kerberos cross realm trust.  For this 
-    reason, an implementation MAY choose to use the same KDC certificate 
-    when the KDC is acting in any of the following three roles:
-      1) KDC is authenticating clients via PKINIT
-      2) KDC is authenticating another KDC for PKCROSS 
-      3) KDC is the client in a PKCROSS exchange with another KDC
-
-    Note that per PKINIT, the KDC X.509 certificate (the server in a 
-    PKINIT exchange) MUST contain the principal name of the KDC in the 
-    subjectAltName field.
-
-
-8.  Transport Issues
-
-    Because the messages between the KDCs involve PKINIT exchanges, and 
-    PKINIT recommends TCP as a transport mechanism (due to the length of 
-    the messages and the likelihood that they will fragment), the same 
-    recommendation for TCP applies to PKCROSS as well.
-
-    
-9. Security Considerations
-
-   Since PKCROSS utilizes PKINIT, it is subject to the same security
-   considerations as PKINIT.  Administrators should assure adherence 
-   to security policy - for example, this affects the PKCROSS policies
-   for cross realm key lifetime and for policy propogation from the 
-   PKCROSS ticket, issued from a remote KDC to a local KDC, to
-   cross realm tickets that are issued by a local KDC to a client.
-
-
-10. Bibliography
-
-  [1] J. Kohl, C. Neuman.  The Kerberos Network Authentication Service 
-  (V5).  Request for Comments 1510.
-
-  [2] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service
-  for Computer Networks, IEEE Communications, 32(9):33-38.  September
-  1994.
-
-  [3] B. Tung, C. Neuman, M. Hur, A. Medvinsky, S.Medvinsky, J. Wray
-  J. Trostle.  Public Key Cryptography for Initial Authentication
-  in Kerberos.
-  draft-ietf-cat-kerberos-pk-init-11.txt
-
-  [4] A. Medvinsky, M. Hur, S. Medvinsky, B. Clifford Neuman.  Public 
-  Key Utilizing Tickets for Application Servers (PKTAPP). draft-ietf-
-  cat-pktapp-02.txt
-
-  [5] A. Medvinsky, J. Cargille, M. Hur.  Anonymous Credentials in
-  Kerberos. draft-ietf-cat-kerberos-anoncred-01.txt
-
-  [6] ITU-T (formerly CCITT) Information technology - Open Systems
-  Interconnection - The Directory: Authentication Framework
-  Recommendation X.509 ISO/IEC 9594-8
-    
-  [7] B.C. Neuman, Proxy-Based Authorization and Accounting for 
-  Distributed Systems.  In Proceedings of the 13th International 
-  Conference on Distributed Computing Systems, May 1993.
-
-  [8] C.Neuman, J. Kohl, T. Ts'o.  The Kerberos Network Authentication 
-  Service (V5). draft-ietf-cat-kerberos-revisions-05.txt
-
-
-11. Authors' Addresses
-
-    Matthew Hur
-    CyberSafe Corporation
-    1605 NW Sammamish Road
-    Issaquah WA 98027-5378
-    Phone: +1 425 391 6000
-    E-mail: matt.hur@cybersafe.com
-
-    Brian Tung
-    Tatyana Ryutov
-    Clifford Neuman
-    Gene Tsudik
-    USC/Information Sciences Institute
-    4676 Admiralty Way Suite 1001
-    Marina del Rey, CA 90292-6695
-    Phone: +1 310 822 1511
-    E-Mail: {brian, tryutov, bcn, gts}@isi.edu
-
-    Ari Medvinsky
-    Keen.com
-    2480 Sand Hill Road, Suite 200
-    Menlo Park, CA 94025
-    Phone +1 650 289 3134
-    E-mail: ari@keen.com
-
-    Bill Sommerfeld
-    Hewlett Packard
-    300 Apollo Drive
-    Chelmsford MA 01824
-    Phone: +1 508 436 4352
-    E-Mail: sommerfeld@apollo.hp.com
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-03.txt
deleted file mode 100644
index d91c087dddf9..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-03.txt
+++ /dev/null
@@ -1,589 +0,0 @@
-
-INTERNET-DRAFT                                         Clifford Neuman
-draft-ietf-cat-kerberos-pk-init-03.txt                      Brian Tung
-Updates: RFC 1510                                                  ISI
-expires September 30, 1997                                   John Wray
-                                         Digital Equipment Corporation
-                                                         Ari Medvinsky
-                                                           Matthew Hur
-                                                 CyberSafe Corporation
-                                                      Jonathan Trostle
-                                                                Novell
-
-
-    Public Key Cryptography for Initial Authentication in Kerberos
-
-
-0.  Status Of this Memo
-
-    This document is an Internet-Draft.  Internet-Drafts are working
-    documents of the Internet Engineering Task Force (IETF), its
-    areas, and its working groups.  Note that other groups may also
-    distribute working documents as Internet-Drafts.
-
-    Internet-Drafts are draft documents valid for a maximum of six
-    months and may be updated, replaced, or obsoleted by other
-    documents at any time.  It is inappropriate to use Internet-Drafts
-    as reference material or to cite them other than as "work in
-    progress."
-
-    To learn the current status of any Internet-Draft, please check
-    the "1id-abstracts.txt" listing contained in the Internet-Drafts
-    Shadow Directories on ds.internic.net (US East Coast),
-    nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-    munnari.oz.au (Pacific Rim).
-
-    The distribution of this memo is unlimited.  It is filed as
-    draft-ietf-cat-kerberos-pk-init-03.txt, and expires September 30,
-    1997.  Please send comments to the authors.
-
-
-1.  Abstract
-
-    This document defines extensions (PKINIT) to the Kerberos protocol
-    specification (RFC 1510 [1]) to provide a method for using public
-    key cryptography during initial authentication.  The methods
-    defined specify the ways in which preauthentication data fields and
-    error data fields in Kerberos messages are to be used to transport
-    public key data.
-
-
-2.  Introduction
-
-    The popularity of public key cryptography has produced a desire for
-    its support in Kerberos [2].  The advantages provided by public key
-    cryptography include simplified key management (from the Kerberos
-    perspective) and the ability to leverage existing and developing
-    public key certification infrastructures.
-
-    Public key cryptography can be integrated into Kerberos in a number
-    of ways.  One is to to associate a key pair with each realm, which
-    can then be used to facilitate cross-realm authentication; this is
-    the topic of another draft proposal.  Another way is to allow users
-    with public key certificates to use them in initial authentication.
-    This is the concern of the current document.
-
-    One of the guiding principles in the design of PKINIT is that
-    changes should be as minimal as possible.  As a result, the basic
-    mechanism of PKINIT is as follows:  The user sends a request to the
-    KDC as before, except that if that user is to use public key
-    cryptography in the initial authentication step, his certificate
-    accompanies the initial request, in the preauthentication fields.
-
-    Upon receipt of this request, the KDC verifies the certificate and
-    issues a ticket granting ticket (TGT) as before, except that instead
-    of being encrypted in the user's long-term key (which is derived
-    from a password), it is encrypted in a randomly-generated key.  This
-    random key is in turn encrypted using the public key certificate
-    that came with the request and signed using the KDC's signature key,
-    and accompanies the reply, in the preauthentication fields.
-
-    PKINIT also allows for users with only digital signature keys to
-    authenticate using those keys, and for users to store and retrieve
-    private keys on the KDC.
-
-    The PKINIT specification may also be used for direct peer to peer
-    authentication without contacting a central KDC. This application
-    of PKINIT is described in PKTAPP [4] and is based on concepts
-    introduced in [5, 6]. For direct client-to-server authentication,
-    the client uses PKINIT to authenticate to the end server (instead
-    of a central KDC), which then issues a ticket for itself.  This
-    approach has an advantage over SSL [7] in that the server does not
-    need to save state (cache session keys).  Furthermore, an
-    additional benefit is that Kerberos tickets can facilitate
-    delegation (see [8]).
-
-
-3.  Proposed Extensions
-
-    This section describes extensions to RFC 1510 for supporting the
-    use of public key cryptography in the initial request for a ticket
-    granting ticket (TGT).
-
-    In summary, the following changes to RFC 1510 are proposed:
-
-        --> Users may authenticate using either a public key pair or a
-            conventional (symmetric) key.  If public key cryptography is
-            used, public key data is transported in preauthentication
-            data fields to help establish identity.
-        --> Users may store private keys on the KDC for retrieval during
-            Kerberos initial authentication.
-
-    This proposal addresses two ways that users may use public key
-    cryptography for initial authentication.  Users may present public
-    key certificates, or they may generate their own session key,
-    signed by their digital signature key.  In either case, the end
-    result is that the user obtains an ordinary TGT that may be used for
-    subsequent authentication, with such authentication using only
-    conventional cryptography.
-
-    Section 3.1 provides definitions to help specify message formats.
-    Section 3.2 and 3.3 describe the extensions for the two initial
-    authentication methods.  Section 3.3 describes a way for the user to
-    store and retrieve his private key on the KDC.
-
-
-3.1.  Definitions
-
-    Hash and encryption types will be specified using ENCTYPE tags; we
-    propose the addition of the following types:
-
-        #define ENCTYPE_SIGN_DSA_GENERATE   0x0011
-        #define ENCTYPE_SIGN_DSA_VERIFY     0x0012
-        #define ENCTYPE_ENCRYPT_RSA_PRIV    0x0021
-        #define ENCTYPE_ENCRYPT_RSA_PUB     0x0022
-
-    allowing further signature types to be defined in the range 0x0011
-    through 0x001f, and further encryption types to be defined in the
-    range 0x0021 through 0x002f.
-
-    The extensions involve new preauthentication fields.  The
-    preauthentication data types are in the range 17 through 21.
-    These values are also specified along with their corresponding
-    ASN.1 definition.
-
-        #define PA-PK-AS-REQ                17
-        #define PA-PK-AS-REP                18
-        #define PA-PK-AS-SIGN               19
-        #define PA-PK-KEY-REQ               20
-        #define PA-PK-KEY-REP               21
-
-    The extensions also involve new error types.  The new error types
-    are in the range 227 through 229.  They are:
-
-        #define KDC_ERROR_CLIENT_NOT_TRUSTED    227
-        #define KDC_ERROR_KDC_NOT_TRUSTED       228
-        #define KDC_ERROR_INVALID_SIG           229
-
-    In the exposition below, we use the following terms: encryption key,
-    decryption key, signature key, verification key.  It should be
-    understood that encryption and verification keys are essentially
-    public keys, and decryption and signature keys are essentially
-    private keys.  The fact that they are logically distinct does
-    not preclude the assignment of bitwise identical keys.
-
-
-3.2.  Standard Public Key Authentication
-
-    Implementation of the changes in this section is REQUIRED for
-    compliance with pk-init.
-
-    It is assumed that all public keys are signed by some certification
-    authority (CA).  The initial authentication request is sent as per
-    RFC 1510, except that a preauthentication field containing data
-    signed by the user's signature key accompanies the request:
-
-    PA-PK-AS-REQ ::- SEQUENCE {
-                                -- PA TYPE 17
-        signedPKAuth            [0] SignedPKAuthenticator,
-        userCert                [1] SEQUENCE OF Certificate OPTIONAL,
-                                    -- the user's certificate
-                                    -- optionally followed by that
-                                    -- certificate's certifier chain
-        trustedCertifiers       [2] SEQUENCE OF PrincipalName OPTIONAL
-                                    -- CAs that the client trusts
-    }
-
-    SignedPKAuthenticator ::= SEQUENCE {
-        pkAuth                  [0] PKAuthenticator,
-        pkAuthSig               [1] Signature,
-                                    -- of pkAuth
-                                    -- using user's signature key
-    }
-
-    PKAuthenticator ::= SEQUENCE {
-        cusec                   [0] INTEGER,
-                                    -- for replay prevention
-        ctime                   [1] KerberosTime,
-                                    -- for replay prevention
-        nonce                   [2] INTEGER,
-                                    -- binds response to this request
-        kdcName                 [3] PrincipalName,
-        clientPubValue          [4] SubjectPublicKeyInfo OPTIONAL,
-                                    -- for Diffie-Hellman algorithm
-    }
-
-    Signature ::= SEQUENCE {
-        signedHash              [0] EncryptedData
-                                    -- of type Checksum
-                                    -- encrypted under signature key
-    }
-
-    Checksum ::=   SEQUENCE {
-        cksumtype               [0] INTEGER,
-        checksum                [1] OCTET STRING
-    }   -- as specified by RFC 1510
-
-    SubjectPublicKeyInfo ::= SEQUENCE {
-        algorithm               [0] algorithmIdentifier,
-        subjectPublicKey        [1] BIT STRING
-    }   -- as specified by the X.509 recommendation [9]
-
-    Certificate ::= SEQUENCE {
-        CertType                [0] INTEGER,
-                                    -- type of certificate
-                                    -- 1 = X.509v3 (DER encoding)
-                                    -- 2 = PGP (per PGP draft)
-        CertData                [1] OCTET STRING
-                                    -- actual certificate
-                                    -- type determined by CertType
-    }
-
-    Note: If the signature uses RSA keys, then it is to be performed
-    as per PKCS #1.
-
-    The PKAuthenticator carries information to foil replay attacks,
-    to bind the request and response, and to optionally pass the
-    client's Diffie-Hellman public value (i.e. for using DSA in
-    combination with Diffie-Hellman).  The PKAuthenticator is signed
-    with the private key corresponding to the public key in the
-    certificate found in userCert (or cached by the KDC).
-
-    In the PKAuthenticator, the client may specify the KDC name in one
-    of two ways: 1) a Kerberos principal name, or 2) the name in the
-    KDC's certificate (e.g., an X.500 name, or a PGP name).  Note that
-    case #1 requires that the certificate name and the Kerberos principal
-    name be bound together (e.g., via an X.509v3 extension).
-
-    The userCert field is a sequence of certificates, the first of which
-    must be the user's public key certificate. Any subsequent
-    certificates will be certificates of the certifiers of the user's
-    certificate.  These cerificates may be used by the KDC to verify the
-    user's public key.  This field is empty if the KDC already has the
-    user's certifcate.
-
-    The trustedCertifiers field contains a list of certification
-    authorities trusted by the client, in the case that the client does
-    not possess the KDC's public key certificate.
-
-    Upon receipt of the AS_REQ with PA-PK-AS-REQ pre-authentication
-    type, the KDC attempts to verify the user's certificate chain
-    (userCert), if one is provided in the request.  This is done by
-    verifying the certification path against the KDC's policy of
-    legitimate certifiers.  This may be based on a certification
-    hierarchy, or it may be simply a list of recognized certifiers in a
-    system like PGP.  If the certification path does not match one of
-    the KDC's trusted certifiers, the KDC sends back an error message of
-    type KDC_ERROR_CLIENT_NOT_TRUSTED, and it includes in the error data
-    field a list of its own trusted certifiers, upon which the client
-    resends the request.
-
-    If  trustedCertifiers is provided in the PA-PK-AS-REQ, the KDC
-    verifies that it has a certificate issued by one of the certifiers
-    trusted by the client.  If it does not have a suitable certificate,
-    the KDC returns an error message of type KDC_ERROR_KDC_NOT_TRUSTED
-    to the client. 
-
-    If a trust relationship exists, the KDC then verifies the client's
-    signature on PKAuthenticator.  If that fails, the KDC returns an
-    error message of type KDC_ERROR_INVALID_SIG.  Otherwise, the KDC
-    uses the timestamp in the PKAuthenticator to assure that the request
-    is not a replay.   The KDC also verifies that its name is specified
-    in PKAuthenticator.
-
-    Assuming no errors, the KDC replies as per RFC 1510, except that it
-    encrypts the reply not with the user's key, but with a random key
-    generated only for this particular response.  This random key
-    is sealed in the preauthentication field:
-
-    PA-PK-AS-REP ::= SEQUENCE {
-                               -- PA TYPE 18
-        kdcCert                 [0] SEQUENCE OF Certificate OPTIONAL,
-                                    -- the KDC's certificate
-                                    -- optionally followed by that
-                                    -- certificate's certifier chain
-        encPaReply              [1] EncryptedData,
-                                    -- of type PaReply
-                                    -- using either the client public
-                                    -- key or the Diffie-Hellman key
-                                    -- specified by SignedDHPublicValue
-        signedDHPublicValue     [2] SignedDHPublicValue OPTIONAL
-    }
-
-
-    PaReply ::= SEQUENCE {
-        replyEncKeyPack         [0] ReplyEncKeyPack,
-        replyEncKeyPackSig      [1] Signature,
-                                    -- of replyEncKeyPack
-                                    -- using KDC's signature key
-    }
-
-    ReplyEncKeyPack ::= SEQUENCE {
-        replyEncKey             [0] EncryptionKey,
-                                    -- used to encrypt main reply
-        nonce                   [1] INTEGER
-                                    -- binds response to the request
-                                    -- passed in the PKAuthenticator
-    }
-
-    SignedDHPublicValue ::= SEQUENCE {
-        dhPublicValue           [0] SubjectPublicKeyInfo,
-        dhPublicValueSig        [1] Signature
-                                    -- of dhPublicValue
-                                    -- using KDC's signature key
-    }
-
-    The kdcCert field is a sequence of certificates, the first of which
-    must have as its root certifier one of the certifiers sent to the
-    KDC in the PA-PK-AS-REQ. Any subsequent certificates will be 
-    certificates of the certifiers of the KDC's certificate.  These
-    cerificates may be used by the client to verify the KDC's public
-    key.  This field is empty if the client did not send to the KDC a
-    list of trusted certifiers (the trustedCertifiers field was empty).
-    
-    Since each certifier in the certification path of a user's
-    certificate is essentially a separate realm, the name of each
-    certifier shall be added to the transited field of the ticket.  The
-    format of these realm names shall follow the naming constraints set
-    forth in RFC 1510 (sections 7.1 and 3.3.3.1).  Note that this will
-    require new nametypes to be defined for PGP certifiers and other
-    types of realms as they arise.
-
-    The KDC's certificate must bind the public key to a name derivable
-    from the name of the realm for that KDC.  The client then extracts
-    the random key used to encrypt the main reply.  This random key (in
-    encPaReply) is encrypted with either the client's public key or
-    with a key derived from the DH values exchanged between the client
-    and the KDC.
-
-
-3.3.  Digital Signature
-
-    Implementation of the changes in this section are OPTIONAL for
-    compliance with pk-init.
-
-    We offer this option with the warning that it requires the client to
-    generate a random key; the client may not be able to guarantee the
-    same level of randomness as the KDC.
-
-    If the user registered a digital signature key with the KDC instead
-    of an encryption key, then a separate exchange must be used.  The
-    client sends a request for a TGT as usual, except that it (rather
-    than the KDC) generates the random key that will be used to encrypt
-    the KDC response.  This key is sent to the KDC along with the
-    request in a preauthentication field:
-
-    PA-PK-AS-SIGN ::= SEQUENCE {
-                                -- PA TYPE 19
-        encSignedKeyPack        [0] EncryptedData
-                                    -- of SignedKeyPack
-                                    -- using the KDC's public key
-    }
-
-    SignedKeyPack ::= SEQUENCE {
-        signedKey               [0] KeyPack,
-        signedKeyAuth           [1] PKAuthenticator,
-        signedKeySig            [2] Signature
-                                    -- of signedKey.signedKeyAuth
-                                    -- using user's signature key
-    }
-
-    KeyPack ::= SEQUENCE {
-        randomKey               [0] EncryptionKey,
-                                    -- will be used to encrypt reply
-        nonce                   [1] INTEGER
-    }
-
-    where the nonce is copied from the request.
-
-    Upon receipt of the PA-PK-AS-SIGN, the KDC decrypts then verifies
-    the randomKey.  It then replies as per RFC 1510, except that the
-    reply is encrypted not with a password-derived user key, but with
-    the randomKey sent in the request.  Since the client already knows
-    this key, there is no need to accompany the reply with an extra
-    preauthentication field.  The transited field of the ticket should
-    specify the certification path as described in Section 3.2.
-
-
-3.4.  Retrieving the Private Key From the KDC
-
-    Implementation of the changes in this section is RECOMMENDED for
-    compliance with pk-init.
-
-    When the user's private key is not stored local to the user, he may
-    choose to store the private key (normally encrypted using a
-    password-derived key) on the KDC.  We provide this option to present
-    the user with an alternative to storing the private key on local
-    disk at each machine where he expects to authenticate himself using
-    pk-init.  It should be noted that it replaces the added risk of
-    long-term storage of the private key on possibly many workstations
-    with the added risk of storing the private key on the KDC in a
-    form vulnerable to brute-force attack.
-
-    In order to obtain a private key, the client includes a
-    preauthentication field with the AS-REQ message:
-
-    PA-PK-KEY-REQ ::= SEQUENCE {
-                                -- PA TYPE 20
-        patimestamp             [0] KerberosTime OPTIONAL, 
-                                    -- used to address replay attacks.
-        pausec                  [1] INTEGER OPTIONAL,
-                                    -- used to address replay attacks.
-        nonce                   [2] INTEGER,
-                                    -- binds the reply to this request
-        privkeyID               [3] SEQUENCE OF KeyID OPTIONAL
-                                    -- constructed as a hash of
-                                    -- public key corresponding to
-                                    -- desired private key
-    }
-
-    KeyID ::= SEQUENCE {
-        KeyIdentifier           [0] OCTET STRING
-    }
-
-    The client may request a specific private key by sending the
-    corresponding ID.  If this field is left empty, then all
-    private keys are returned.
-
-    If all checks out, the KDC responds as described in the above
-    sections, except that an additional preauthentication field,
-    containing the user's private key, accompanies the reply:
-
-    PA-PK-KEY-REP ::= SEQUENCE {
-                                -- PA TYPE 21
-        nonce                   [0] INTEGER,
-                                    -- binds the reply to the request
-        KeyData                 [1] SEQUENCE OF KeyPair
-    }
-
-    KeyPair ::= SEQUENCE {
-        privKeyID               [0] OCTET STRING,
-                                    -- corresponding to encPrivKey
-        encPrivKey              [1] OCTET STRING
-    }
-
-
-3.4.1.  Additional Protection of Retrieved Private Keys
-
-    We solicit discussion on the following proposal: that the client may
-    optionally include in its request additional data to encrypt the
-    private key, which is currently only protected by the user's
-    password.  One possibility is that the client might generate a
-    random string of bits, encrypt it with the public key of the KDC (as
-    in the SignedKeyPack, but with an ordinary OCTET STRING in place of
-    an EncryptionKey), and include this with the request.  The KDC then
-    XORs each returned key with this random bit string.  (If the bit
-    string is too short, the KDC could either return an error, or XOR
-    the returned key with a repetition of the bit string.)
-
-    In order to make this work, additional means of preauthentication
-    need to be devised in order to prevent attackers from simply
-    inserting their own bit string.  One way to do this is to store
-    a hash of the password-derived key (the one used to encrypt the
-    private key).  This hash is then used in turn to derive a second
-    key (called the hash-key); the hash-key is used to encrypt an ASN.1
-    structure containing the generated bit string and a nonce value
-    that binds it to the request.
-
-    Since the KDC possesses the hash, it can generate the hash-key and
-    verify this (weaker) preauthentication, and yet cannot reproduce
-    the private key itself, since the hash is a one-way function.
-
-
-4.  Logistics and Policy Issues
-
-    We solicit discussion on how clients and KDCs should be configured
-    in order to determine which of the options described above (if any)
-    should be used.  One possibility is to set the user's database
-    record to indicate that authentication is to use public key
-    cryptography; this will not work, however, in the event that the
-    client needs to know before making the initial request.
-
-5.  Compatibility with One-Time Passcodes
-
-    We solicit discussion on how the protocol changes proposed in this
-    draft will interact with the proposed use of one-time passcodes
-    discussed in draft-ietf-cat-kerberos-passwords-00.txt.
-
-
-6.  Strength of Cryptographic Schemes
-
-    In light of recent findings on the strength of MD5 and DES,
-    we solicit discussion on which encryption types to incorporate
-    into the protocol changes.
-
-
-7.  Bibliography
-
-    [1] J. Kohl, C. Neuman.  The Kerberos Network Authentication
-    Service (V5).  Request for Comments: 1510
-
-    [2] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service
-    for Computer Networks, IEEE Communications, 32(9):33-38.
-    September 1994.
-
-    [3] A. Medvinsky, M. Hur.  Addition of Kerberos Cipher Suites to
-    Transport Layer Security (TLS).
-    draft-ietf-tls-kerb-cipher-suites-00.txt
-
-    [4] A. Medvinsky, M. Hur, B. Clifford Neuman.  Public Key Utilizing
-    Tickets for Application Servers (PKTAPP).
-    draft-ietf-cat-pktapp-00.txt
-
-    [5] M. Sirbu, J. Chuang.  Distributed Authentication in Kerberos Using 
-    Public Key Cryptography.  Symposium On Network and Distributed System 
-    Security, 1997.
-
-    [6] B. Cox, J.D. Tygar, M. Sirbu.  NetBill Security and Transaction 
-    Protocol.  In Proceedings of the USENIX Workshop on Electronic Commerce,
-    July 1995.
-
-    [7] Alan O. Freier, Philip Karlton and Paul C. Kocher.
-    The SSL Protocol, Version 3.0 - IETF Draft. 
-
-    [8] B.C. Neuman, Proxy-Based Authorization and Accounting for 
-    Distributed Systems.  In Proceedings of the 13th International 
-    Conference on Distributed Computing Systems, May 1993
-
-    [9] ITU-T (formerly CCITT)
-    Information technology - Open Systems Interconnection -
-    The Directory: Authentication Framework Recommendation X.509
-    ISO/IEC 9594-8
-
-
-8.  Acknowledgements
-
-    Some of the ideas on which this proposal is based arose during
-    discussions over several years between members of the SAAG, the IETF
-    CAT working group, and the PSRG, regarding integration of Kerberos
-    and SPX.  Some ideas have also been drawn from the DASS system.
-    These changes are by no means endorsed by these groups.  This is an
-    attempt to revive some of the goals of those groups, and this
-    proposal approaches those goals primarily from the Kerberos
-    perspective.  Lastly, comments from groups working on similar ideas
-    in DCE have been invaluable.
-
-
-9.  Expiration Date
-
-    This draft expires September 30, 1997.
-
-
-10.  Authors
-
-    Clifford Neuman
-    Brian Tung
-    USC Information Sciences Institute
-    4676 Admiralty Way Suite 1001
-    Marina del Rey CA 90292-6695
-    Phone: +1 310 822 1511
-    E-mail: {bcn, brian}@isi.edu
-
-    John Wray
-    Digital Equipment Corporation
-    550 King Street, LKG2-2/Z7
-    Littleton, MA 01460
-    Phone: +1 508 486 5210
-    E-mail: wray@tuxedo.enet.dec.com
-
-    Ari Medvinsky
-    Matthew Hur
-    CyberSafe Corporation
-    1605 NW Sammamish Road Suite 310
-    Issaquah WA 98027-5378
-    Phone: +1 206 391 6000
-    E-mail: {ari.medvinsky, matt.hur}@cybersafe.com
-
-    Jonathan Trostle
-    Novell
-    E-mail: jonathan.trostle@novell.com
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-11.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-11.txt
deleted file mode 100644
index 9b0e76adad98..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-11.txt
+++ /dev/null
@@ -1,1059 +0,0 @@
-INTERNET-DRAFT                                                Brian Tung
-draft-ietf-cat-kerberos-pk-init-11.txt                   Clifford Neuman
-Updates: RFC 1510                                                USC/ISI
-expires September 15, 2000                                   Matthew Hur
-                                                   CyberSafe Corporation
-                                                           Ari Medvinsky
-                                                          Keen.com, Inc.
-                                                         Sasha Medvinsky
-                                                                Motorola
-                                                               John Wray
-                                                   Iris Associates, Inc.
-                                                        Jonathan Trostle
-                                                                   Cisco
-
-    Public Key Cryptography for Initial Authentication in Kerberos
-
-0.  Status Of This Memo
-
-    This document is an Internet-Draft and is in full conformance with
-    all provisions of Section 10 of RFC 2026.  Internet-Drafts are
-    working documents of the Internet Engineering Task Force (IETF),
-    its areas, and its working groups.  Note that other groups may also
-    distribute working documents as Internet-Drafts.
-
-    Internet-Drafts are draft documents valid for a maximum of six
-    months and may be updated, replaced, or obsoleted by other
-    documents at any time.  It is inappropriate to use Internet-Drafts
-    as reference material or to cite them other than as "work in
-    progress."
-
-    The list of current Internet-Drafts can be accessed at
-    http://www.ietf.org/ietf/1id-abstracts.txt
-
-    The list of Internet-Draft Shadow Directories can be accessed at
-    http://www.ietf.org/shadow.html.
-
-    To learn the current status of any Internet-Draft, please check
-    the "1id-abstracts.txt" listing contained in the Internet-Drafts
-    Shadow Directories on ftp.ietf.org (US East Coast),
-    nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-    munnari.oz.au (Pacific Rim).
-
-    The distribution of this memo is unlimited.  It is filed as
-    draft-ietf-cat-kerberos-pk-init-11.txt, and expires September 15,
-    2000.  Please send comments to the authors.
-
-1.  Abstract
-
-    This document defines extensions (PKINIT) to the Kerberos protocol
-    specification (RFC 1510 [1]) to provide a method for using public
-    key cryptography during initial authentication.  The methods
-    defined specify the ways in which preauthentication data fields and
-    error data fields in Kerberos messages are to be used to transport
-    public key data.
-
-2.  Introduction
-
-    The popularity of public key cryptography has produced a desire for
-    its support in Kerberos [2].  The advantages provided by public key
-    cryptography include simplified key management (from the Kerberos
-    perspective) and the ability to leverage existing and developing
-    public key certification infrastructures.
-
-    Public key cryptography can be integrated into Kerberos in a number
-    of ways.  One is to associate a key pair with each realm, which can
-    then be used to facilitate cross-realm authentication; this is the
-    topic of another draft proposal.  Another way is to allow users with
-    public key certificates to use them in initial authentication.  This
-    is the concern of the current document.
-
-    PKINIT utilizes ephemeral-ephemeral Diffie-Hellman keys in
-    combination with digital signature keys as the primary, required
-    mechanism.  It also allows for the use of RSA keys and/or (static)
-    Diffie-Hellman certificates.  Note in particular that PKINIT supports
-    the use of separate signature and encryption keys.
-
-    PKINIT enables access to Kerberos-secured services based on initial
-    authentication utilizing public key cryptography.  PKINIT utilizes
-    standard public key signature and encryption data formats within the
-    standard Kerberos messages.  The basic mechanism is as follows:  The
-    user sends an AS-REQ message to the KDC as before, except that if that
-    user is to use public key cryptography in the initial authentication
-    step, his certificate and a signature accompany the initial request
-    in the preauthentication fields.  Upon receipt of this request, the
-    KDC verifies the certificate and issues a ticket granting ticket
-    (TGT) as before, except that the encPart from the AS-REP message
-    carrying the TGT is now encrypted utilizing either a Diffie-Hellman
-    derived key or the user's public key.  This message is authenticated
-    utilizing the public key signature of the KDC.
-
-    Note that PKINIT does not require the use of certificates.  A KDC
-    may store the public key of a principal as part of that principal's
-    record.  In this scenario, the KDC is the trusted party that vouches
-    for the principal (as in a standard, non-cross realm, Kerberos
-    environment).  Thus, for any principal, the KDC may maintain a
-    secret key, a public key, or both.
-
-    The PKINIT specification may also be used as a building block for
-    other specifications.  PKCROSS [3] utilizes PKINIT for establishing
-    the inter-realm key and associated inter-realm policy to be applied
-    in issuing cross realm service tickets.  As specified in [4],
-    anonymous Kerberos tickets can be issued by applying a NULL
-    signature in combination with Diffie-Hellman in the PKINIT exchange.
-    Additionally, the PKINIT specification may be used for direct peer
-    to peer authentication without contacting a central KDC. This
-    application of PKINIT is described in PKTAPP [5] and is based on
-    concepts introduced in [6, 7]. For direct client-to-server
-    authentication, the client uses PKINIT to authenticate to the end
-    server (instead of a central KDC), which then issues a ticket for
-    itself.  This approach has an advantage over TLS [8] in that the
-    server does not need to save state (cache session keys).
-    Furthermore, an additional benefit is that Kerberos tickets can
-    facilitate delegation (see [9]).
-
-3.  Proposed Extensions
-
-    This section describes extensions to RFC 1510 for supporting the
-    use of public key cryptography in the initial request for a ticket
-    granting ticket (TGT).
-
-    In summary, the following change to RFC 1510 is proposed:
-
-        * Users may authenticate using either a public key pair or a
-          conventional (symmetric) key.  If public key cryptography is
-          used, public key data is transported in preauthentication
-          data fields to help establish identity.  The user presents
-          a public key certificate and obtains an ordinary TGT that may
-          be used for subsequent authentication, with such
-          authentication using only conventional cryptography.
-
-    Section 3.1 provides definitions to help specify message formats.
-    Section 3.2 describes the extensions for the initial authentication
-    method.
-
-3.1.  Definitions
-
-    The extensions involve new preauthentication fields; we introduce
-    the following preauthentication types:
-
-        PA-PK-AS-REQ                            14
-        PA-PK-AS-REP                            15
-
-    The extensions also involve new error types; we introduce the
-    following types:
-
-        KDC_ERR_CLIENT_NOT_TRUSTED              62
-        KDC_ERR_KDC_NOT_TRUSTED                 63
-        KDC_ERR_INVALID_SIG                     64
-        KDC_ERR_KEY_TOO_WEAK                    65
-        KDC_ERR_CERTIFICATE_MISMATCH            66
-        KDC_ERR_CANT_VERIFY_CERTIFICATE         70
-        KDC_ERR_INVALID_CERTIFICATE             71
-        KDC_ERR_REVOKED_CERTIFICATE             72
-        KDC_ERR_REVOCATION_STATUS_UNKNOWN       73
-        KDC_ERR_REVOCATION_STATUS_UNAVAILABLE   74
-        KDC_ERR_CLIENT_NAME_MISMATCH            75
-        KDC_ERR_KDC_NAME_MISMATCH               76
-
-    We utilize the following typed data for errors:
-
-        TD-PKINIT-CMS-CERTIFICATES             101
-        TD-KRB-PRINCIPAL                       102
-        TD-KRB-REALM                           103
-        TD-TRUSTED-CERTIFIERS                  104
-        TD-CERTIFICATE-INDEX                   105
-
-    We utilize the following encryption types (which map directly to
-    OIDs):
-
-        dsaWithSHA1-CmsOID                       9
-        md5WithRSAEncryption-CmsOID             10
-        sha1WithRSAEncryption-CmsOID            11
-        rc2CBC-EnvOID                           12
-        rsaEncryption-EnvOID (PKCS#1 v1.5)      13
-        rsaES-OAEP-ENV-OID   (PKCS#1 v2.0)      14
-        des-ede3-cbc-Env-OID                    15
-
-    These mappings are provided so that a client may send the
-    appropriate enctypes in the AS-REQ message in order to indicate
-    support for the corresponding OIDs (for performing PKINIT).
-
-    In many cases, PKINIT requires the encoding of the X.500 name of a
-    certificate authority as a Realm.  When such a name appears as
-    a realm it will be represented using the "other" form of the realm
-    name as specified in the naming constraints section of RFC1510.
-    For a realm derived from an X.500 name, NAMETYPE will have the value
-    X500-RFC2253.  The full realm name will appear as follows:
-
-        <nametype> + ":" + <string>
-
-    where nametype is "X500-RFC2253" and string is the result of doing
-    an RFC2253 encoding of the distinguished name, i.e.
-
-        "X500-RFC2253:" + RFC2253Encode(DistinguishedName)
-
-    where DistinguishedName is an X.500 name, and RFC2253Encode is a
-    function returing a readable UTF encoding of an X.500 name, as
-    defined by RFC 2253 [14] (part of LDAPv3 [18]).
-
-    To ensure that this encoding is unique, we add the following rule
-    to those specified by RFC 2253:
-
-        The order in which the attributes appear in the RFC 2253
-        encoding must be the reverse of the order in the ASN.1
-        encoding of the X.500 name that appears in the public key
-        certificate. The order of the relative distinguished names
-        (RDNs), as well as the order of the AttributeTypeAndValues
-        within each RDN, will be reversed. (This is despite the fact
-        that an RDN is defined as a SET of AttributeTypeAndValues, where
-        an order is normally not important.)
-
-    Similarly, in cases where the KDC does not provide a specific
-    policy based mapping from the X.500 name or X.509 Version 3
-    SubjectAltName extension in the user's certificate to a Kerberos
-    principal name, PKINIT requires the direct encoding of the X.500
-    name as a PrincipalName.  In this case, the name-type of the
-    principal name shall be set to KRB_NT-X500-PRINCIPAL.  This new
-    name type is defined in RFC 1510 as:
-
-        KRB_NT_X500_PRINCIPAL    6
-
-    The name-string shall be set as follows:
-
-        RFC2253Encode(DistinguishedName)
-
-    as described above.  When this name type is used, the principal's
-    realm shall be set to the certificate authority's distinguished
-    name using the X500-RFC2253 realm name format described earlier in
-    this section
-
-    RFC 1510 specifies the ASN.1 structure for PrincipalName as follows:
-
-        PrincipalName ::=   SEQUENCE {
-                        name-type[0]     INTEGER,
-                        name-string[1]   SEQUENCE OF GeneralString
-        }
-
-    For the purposes of encoding an X.500 name as a Kerberos name for
-    use in Kerberos structures, the name-string shall be encoded as a
-    single GeneralString.  The name-type should be KRB_NT_X500_PRINCIPAL,
-    as noted above.  All Kerberos names must conform to validity
-    requirements as given in RFC 1510.  Note that name mapping may be
-    required or optional, based on policy.
-
-    We also define the following similar ASN.1 structure:
-
-        CertPrincipalName ::= SEQUENCE {
-                        name-type[0]     INTEGER,
-                        name-string[1]   SEQUENCE OF UTF8String
-        }
-
-    When a Kerberos PrincipalName is to be placed within an X.509 data
-    structure, the CertPrincipalName structure is to be used, with the
-    name-string encoded as a single UTF8String.  The name-type should be
-    as identified in the original PrincipalName structure.  The mapping
-    between the GeneralString and UTF8String formats can be found in
-    [19].
-
-    The following rules relate to the the matching of PrincipalNames (or
-    corresponding CertPrincipalNames) with regard to the PKI name
-    constraints for CAs as laid out in RFC 2459 [15].  In order to be
-    regarded as a match (for permitted and excluded name trees), the
-    following must be satisfied.
-
-        1.  If the constraint is given as a user plus realm name, or
-            as a user plus instance plus realm name (as specified in
-            RFC 1510), the realm name must be valid (see 2.a-d below)
-            and the match must be exact, byte for byte.
-
-        2.  If the constraint is given only as a realm name, matching
-            depends on the type of the realm:
-
-            a.  If the realm contains a colon (':') before any equal
-                sign ('='), it is treated as a realm of type Other,
-                and must match exactly, byte for byte.
-
-            b.  Otherwise, if the realm contains an equal sign, it
-                is treated as an X.500 name.  In order to match, every
-                component in the constraint MUST be in the principal
-                name, and have the same value.  For example, 'C=US'
-                matches 'C=US/O=ISI' but not 'C=UK'.
-
-            c.  Otherwise, if the realm name conforms to rules regarding
-                the format of DNS names, it is considered a realm name of
-                type Domain.  The constraint may be given as a realm
-                name 'FOO.BAR', which matches any PrincipalName within
-                the realm 'FOO.BAR' but not those in subrealms such as
-                'CAR.FOO.BAR'.  A constraint of the form '.FOO.BAR'
-                matches PrincipalNames in subrealms of the form
-                'CAR.FOO.BAR' but not the realm 'FOO.BAR' itself.
-
-            d.  Otherwise, the realm name is invalid and does not match
-                under any conditions.
-
-3.1.1.  Encryption and Key Formats
-
-    In the exposition below, we use the terms public key and private
-    key generically.  It should be understood that the term "public
-    key" may be used to refer to either a public encryption key or a
-    signature verification key, and that the term "private key" may be
-    used to refer to either a private decryption key or a signature
-    generation key.  The fact that these are logically distinct does
-    not preclude the assignment of bitwise identical keys for RSA
-    keys.
-
-    In the case of Diffie-Hellman, the key shall be produced from the
-    agreed bit string as follows:
-
-        * Truncate the bit string to the appropriate length.
-        * Rectify parity in each byte (if necessary) to obtain the key.
-
-    For instance, in the case of a DES key, we take the first eight
-    bytes of the bit stream, and then adjust the least significant bit
-    of each byte to ensure that each byte has odd parity.
-
-3.1.2. Algorithm Identifiers
-
-    PKINIT does not define, but does permit, the algorithm identifiers
-    listed below.
-
-3.1.2.1. Signature Algorithm Identifiers
-
-    The following signature algorithm identifiers specified in [11] and
-    in [15] shall be used with PKINIT:
-
-    id-dsa-with-sha1       (DSA with SHA1)
-    md5WithRSAEncryption   (RSA with MD5)
-    sha-1WithRSAEncryption (RSA with SHA1)
-
-3.1.2.2 Diffie-Hellman Key Agreement Algorithm Identifier
-
-    The following algorithm identifier shall be used within the
-    SubjectPublicKeyInfo data structure: dhpublicnumber
-
-    This identifier and the associated algorithm parameters are
-    specified in RFC 2459 [15].
-
-3.1.2.3. Algorithm Identifiers for RSA Encryption
-
-    These algorithm identifiers are used inside the EnvelopedData data
-    structure, for encrypting the temporary key with a public key:
-
-        rsaEncryption (RSA encryption, PKCS#1 v1.5)
-        id-RSAES-OAEP (RSA encryption, PKCS#1 v2.0)
-
-    Both of the above RSA encryption schemes are specified in [16].
-    Currently, only PKCS#1 v1.5 is specified by CMS [11], although the
-    CMS specification says that it will likely include PKCS#1 v2.0 in
-    the future.  (PKCS#1 v2.0 addresses adaptive chosen ciphertext
-    vulnerability discovered in PKCS#1 v1.5.)
-
-3.1.2.4. Algorithm Identifiers for Encryption with Secret Keys
-
-    These algorithm identifiers are used inside the EnvelopedData data
-    structure in the PKINIT Reply, for encrypting the reply key with the
-    temporary key:
-        des-ede3-cbc (3-key 3-DES, CBC mode)
-        rc2-cbc      (RC2, CBC mode)
-
-    The full definition of the above algorithm identifiers and their
-    corresponding parameters (an IV for block chaining) is provided in
-    the CMS specification [11].
-
-3.2.  Public Key Authentication
-
-    Implementation of the changes in this section is REQUIRED for
-    compliance with PKINIT.
-
-3.2.1.  Client Request
-
-    Public keys may be signed by some certification authority (CA), or
-    they may be maintained by the KDC in which case the KDC is the
-    trusted authority.  Note that the latter mode does not require the
-    use of certificates.
-
-    The initial authentication request is sent as per RFC 1510, except
-    that a preauthentication field containing data signed by the user's
-    private key accompanies the request:
-
-    PA-PK-AS-REQ ::= SEQUENCE {
-                                -- PA TYPE 14
-        signedAuthPack          [0] SignedData
-                                    -- Defined in CMS [11];
-                                    -- AuthPack (below) defines the
-                                    -- data that is signed.
-        trustedCertifiers       [1] SEQUENCE OF TrustedCas OPTIONAL,
-                                    -- This is a list of CAs that the
-                                    -- client trusts and that certify
-                                    -- KDCs.
-        kdcCert                 [2] IssuerAndSerialNumber OPTIONAL
-                                    -- As defined in CMS [11];
-                                    -- specifies a particular KDC
-                                    -- certificate if the client
-                                    -- already has it.
-        encryptionCert          [3] IssuerAndSerialNumber OPTIONAL
-                                    -- For example, this may be the
-                                    -- client's Diffie-Hellman
-                                    -- certificate, or it may be the
-                                    -- client's RSA encryption
-                                    -- certificate.
-    }
-
-    TrustedCas ::= CHOICE {
-        principalName         [0] KerberosName,
-                                  -- as defined below
-        caName                [1] Name
-                                  -- fully qualified X.500 name
-                                  -- as defined by X.509
-        issuerAndSerial       [2] IssuerAndSerialNumber
-                                  -- Since a CA may have a number of
-                                  -- certificates, only one of which
-                                  -- a client trusts
-    }
-
-    Usage of SignedData:
-
-        The SignedData data type is specified in the Cryptographic
-        Message Syntax, a product of the S/MIME working group of the
-        IETF.  The following describes how to fill in the fields of
-        this data:
-
-        1.  The encapContentInfo field must contain the PKAuthenticator
-            and, optionally, the client's Diffie Hellman public value.
-
-            a.  The eContentType field shall contain the OID value for
-                pkdata: iso (1) org (3) dod (6) internet (1) security (5)
-                kerberosv5 (2) pkinit (3) pkdata (1)
-
-            b.  The eContent field is data of the type AuthPack (below).
-
-        2.  The signerInfos field contains the signature of AuthPack.
-
-        3.  The Certificates field, when non-empty, contains the client's
-            certificate chain.  If present, the KDC uses the public key
-            from the client's certificate to verify the signature in the
-            request.  Note that the client may pass different certificate
-            chains that are used for signing or for encrypting.  Thus,
-            the KDC may utilize a different client certificate for
-            signature verification than the one it uses to encrypt the
-            reply to the client.  For example, the client may place a
-            Diffie-Hellman certificate in this field in order to convey
-            its static Diffie Hellman certificate to the KDC to enable
-            static-ephemeral Diffie-Hellman mode for the reply; in this
-            case, the client does NOT place its public value in the
-            AuthPack (defined below).  As another example, the client may
-            place an RSA encryption certificate in this field.  However,
-            there must always be (at least) a signature certificate.
-
-    AuthPack ::= SEQUENCE {
-        pkAuthenticator         [0] PKAuthenticator,
-        clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL
-                                    -- if client is using Diffie-Hellman
-                                    -- (ephemeral-ephemeral only)
-    }
-
-    PKAuthenticator ::= SEQUENCE {
-        kdcName                 [0] PrincipalName,
-        kdcRealm                [1] Realm,
-        cusec                   [2] INTEGER,
-                                    -- for replay prevention as in RFC1510
-        ctime                   [3] KerberosTime,
-                                    -- for replay prevention as in RFC1510
-        nonce                   [4] INTEGER
-    }
-
-    SubjectPublicKeyInfo ::= SEQUENCE {
-        algorithm                   AlgorithmIdentifier,
-                                    -- dhKeyAgreement
-        subjectPublicKey            BIT STRING
-                                    -- for DH, equals
-                                    -- public exponent (INTEGER encoded
-                                    -- as payload of BIT STRING)
-    }   -- as specified by the X.509 recommendation [10]
-
-    AlgorithmIdentifier ::= SEQUENCE {
-        algorithm                   ALGORITHM.&id,
-        parameters                  ALGORITHM.&type
-    }   -- as specified by the X.509 recommendation [10]
-
-    If the client passes an issuer and serial number in the request,
-    the KDC is requested to use the referred-to certificate.  If none
-    exists, then the KDC returns an error of type
-    KDC_ERR_CERTIFICATE_MISMATCH.  It also returns this error if, on the
-    other hand, the client does not pass any trustedCertifiers,
-    believing that it has the KDC's certificate, but the KDC has more
-    than one certificate.  The KDC should include information in the
-    KRB-ERROR message that indicates the KDC certificate(s) that a
-    client may utilize.  This data is specified in the e-data, which
-    is defined in RFC 1510 revisions as a SEQUENCE of TypedData:
-
-    TypedData ::=  SEQUENCE {
-                    data-type      [0] INTEGER,
-                    data-value     [1] OCTET STRING,
-    } -- per Kerberos RFC 1510 revisions
-
-    where:
-    data-type = TD-PKINIT-CMS-CERTIFICATES = 101
-    data-value = CertificateSet // as specified by CMS [11]
-
-    The PKAuthenticator carries information to foil replay attacks, and
-    to bind the request and response.  The PKAuthenticator is signed
-    with the client's signature key.
-
-3.2.2.  KDC Response
-
-    Upon receipt of the AS_REQ with PA-PK-AS-REQ pre-authentication
-    type, the KDC attempts to verify the user's certificate chain
-    (userCert), if one is provided in the request.  This is done by
-    verifying the certification path against the KDC's policy of
-    legitimate certifiers.  This may be based on a certification
-    hierarchy, or it may be simply a list of recognized certifiers in a
-    system like PGP.
-
-    If the client's certificate chain contains no certificate signed by
-    a CA trusted by the KDC, then the KDC sends back an error message
-    of type KDC_ERR_CANT_VERIFY_CERTIFICATE.  The accompanying e-data
-    is a SEQUENCE of one TypedData (with type TD-TRUSTED-CERTIFIERS=104)
-    whose data-value is an OCTET STRING which is the DER encoding of
-
-        TrustedCertifiers ::= SEQUENCE OF PrincipalName
-                              -- X.500 name encoded as a principal name
-                              -- see Section 3.1
-
-    If while verifying a certificate chain the KDC determines that the
-    signature on one of the certificates in the CertificateSet from
-    the signedAuthPack fails verification, then the KDC returns an
-    error of type KDC_ERR_INVALID_CERTIFICATE.  The accompanying
-    e-data is a SEQUENCE of one TypedData (with type
-    TD-CERTIFICATE-INDEX=105) whose data-value is an OCTET STRING
-    which is the DER encoding of the index into the CertificateSet
-    ordered as sent by the client.
-
-        CertificateIndex  ::= INTEGER
-                              -- 0 = 1st certificate,
-                              --     (in order of encoding)
-                              -- 1 = 2nd certificate, etc
-
-    The KDC may also check whether any of the certificates in the
-    client's chain has been revoked.  If one of the certificates has
-    been revoked, then the KDC returns an error of type
-    KDC_ERR_REVOKED_CERTIFICATE; if such a query reveals that
-    the certificate's revocation status is unknown or not
-    available, then if required by policy, the KDC returns the
-    appropriate error of type KDC_ERR_REVOCATION_STATUS_UNKNOWN or
-    KDC_ERR_REVOCATION_STATUS_UNAVAILABLE.  In any of these three
-    cases, the affected certificate is identified by the accompanying
-    e-data, which contains a CertificateIndex as described for
-    KDC_ERR_INVALID_CERTIFICATE.
-
-    If the certificate chain can be verified, but the name of the
-    client in the certificate does not match the client's name in the
-    request, then the KDC returns an error of type
-    KDC_ERR_CLIENT_NAME_MISMATCH.  There is no accompanying e-data
-    field in this case.
-
-    Finally, if the certificate chain is verified, but the KDC's name
-    or realm as given in the PKAuthenticator does not match the KDC's
-    actual principal name, then the KDC returns an error of type
-    KDC_ERR_KDC_NAME_MISMATCH.  The accompanying e-data field is again
-    a SEQUENCE of one TypedData (with type TD-KRB-PRINCIPAL=102 or
-    TD-KRB-REALM=103 as appropriate) whose data-value is an OCTET
-    STRING whose data-value is the DER encoding of a PrincipalName or
-    Realm as defined in RFC 1510 revisions.
-
-    Even if all succeeds, the KDC may--for policy reasons--decide not
-    to trust the client.  In this case, the KDC returns an error message
-    of type KDC_ERR_CLIENT_NOT_TRUSTED.  One specific case of this is
-    the presence or absence of an Enhanced Key Usage (EKU) OID within
-    the certificate extensions.  The rules regarding acceptability of
-    an EKU sequence (or the absence of any sequence) are a matter of
-    local policy.  For the benefit of implementers, we define a PKINIT
-    EKU OID as the following: iso (1) org (3) dod (6) internet (1)
-    security (5) kerberosv5 (2) pkinit (3) pkekuoid (2).
-
-    If a trust relationship exists, the KDC then verifies the client's
-    signature on AuthPack.  If that fails, the KDC returns an error
-    message of type KDC_ERR_INVALID_SIG.  Otherwise, the KDC uses the
-    timestamp (ctime and cusec) in the PKAuthenticator to assure that
-    the request is not a replay.  The KDC also verifies that its name
-    is specified in the PKAuthenticator.
-
-    If the clientPublicValue field is filled in, indicating that the
-    client wishes to use Diffie-Hellman key agreement, then the KDC
-    checks to see that the parameters satisfy its policy.  If they do
-    not (e.g., the prime size is insufficient for the expected
-    encryption type), then the KDC sends back an error message of type
-    KDC_ERR_KEY_TOO_WEAK.  Otherwise, it generates its own public and
-    private values for the response.
-
-    The KDC also checks that the timestamp in the PKAuthenticator is
-    within the allowable window and that the principal name and realm
-    are correct.  If the local (server) time and the client time in the
-    authenticator differ by more than the allowable clock skew, then the
-    KDC returns an error message of type KRB_AP_ERR_SKEW as defined in 1510.
-
-    Assuming no errors, the KDC replies as per RFC 1510, except as
-    follows.  The user's name in the ticket is determined by the
-    following decision algorithm:
-
-        1.  If the KDC has a mapping from the name in the certificate
-            to a Kerberos name, then use that name.
-            Else
-        2.  If the certificate contains the SubjectAltName extention
-            and the local KDC policy defines a mapping from the
-            SubjectAltName to a Kerberos name, then use that name.
-            Else
-        3.  Use the name as represented in the certificate, mapping
-            mapping as necessary (e.g., as per RFC 2253 for X.500
-            names).  In this case the realm in the ticket shall be the
-            name of the certifier that issued the user's certificate.
-
-    Note that a principal name may be carried in the subject alt name
-    field of a certificate. This name may be mapped to a principal
-    record in a security database based on local policy, for example
-    the subject alt name may be kerberos/principal@realm format.  In
-    this case the realm name is not that of the CA but that of the
-    local realm doing the mapping (or some realm name chosen by that
-    realm).
-
-    If a non-KDC X.509 certificate contains the principal name within
-    the subjectAltName version 3 extension , that name may utilize
-    KerberosName as defined below, or, in the case of an S/MIME
-    certificate [17], may utilize the email address.  If the KDC
-    is presented with an S/MIME certificate, then the email address
-    within subjectAltName will be interpreted as a principal and realm
-    separated by the "@" sign, or as a name that needs to be
-    canonicalized.  If the resulting name does not correspond to a
-    registered principal name, then the principal name is formed as
-    defined in section 3.1.
-
-    The trustedCertifiers field contains a list of certification
-    authorities trusted by the client, in the case that the client does
-    not possess the KDC's public key certificate.  If the KDC has no
-    certificate signed by any of the trustedCertifiers, then it returns
-    an error of type KDC_ERR_KDC_NOT_TRUSTED.
-
-    KDCs should try to (in order of preference):
-    1. Use the KDC certificate identified by the serialNumber included
-       in the client's request.
-    2. Use a certificate issued to the KDC by the client's CA (if in the
-       middle of a CA key roll-over, use the KDC cert issued under same
-       CA key as user cert used to verify request).
-    3. Use a certificate issued to the KDC by one of the client's
-       trustedCertifier(s);
-    If the KDC is unable to comply with any of these options, then the
-    KDC returns an error message of type KDC_ERR_KDC_NOT_TRUSTED to the
-    client.
-
-    The KDC encrypts the reply not with the user's long-term key, but
-    with the Diffie Hellman derived key or a random key generated
-    for this particular response which is carried in the padata field of
-    the TGS-REP message.
-
-    PA-PK-AS-REP ::= CHOICE {
-                            -- PA TYPE 15
-        dhSignedData       [0] SignedData,
-                            -- Defined in CMS and used only with
-                            -- Diffie-Hellman key exchange (if the
-                            -- client public value was present in the
-                            -- request).
-                            -- This choice MUST be supported
-                            -- by compliant implementations.
-        encKeyPack         [1] EnvelopedData,
-                            -- Defined in CMS
-                            -- The temporary key is encrypted
-                            -- using the client public key
-                            -- key
-                            -- SignedReplyKeyPack, encrypted
-                            -- with the temporary key, is also
-                            -- included.
-    }
-
-    Usage of SignedData:
-
-        When the Diffie-Hellman option is used, dhSignedData in
-        PA-PK-AS-REP provides authenticated Diffie-Hellman parameters
-        of the KDC.  The reply key used to encrypt part of the KDC reply
-        message is derived from the Diffie-Hellman exchange:
-
-        1.  Both the KDC and the client calculate a secret value
-            (g^ab mod p), where a is the client's private exponent and
-            b is the KDC's private exponent.
-
-        2.  Both the KDC and the client take the first N bits of this
-            secret value and convert it into a reply key.  N depends on
-            the reply key type.
-
-        3.  If the reply key is DES, N=64 bits, where some of the bits
-            are replaced with parity bits, according to FIPS PUB 74.
-
-        4.  If the reply key is (3-key) 3-DES, N=192 bits, where some
-            of the bits are replaced with parity bits, according to
-            FIPS PUB 74.
-
-        5.  The encapContentInfo field must contain the KdcDHKeyInfo as
-            defined below.
-
-            a.  The eContentType field shall contain the OID value for
-                pkdata: iso (1) org (3) dod (6) internet (1) security (5)
-                kerberosv5 (2) pkinit (3) pkdata (1)
-
-            b.  The eContent field is data of the type KdcDHKeyInfo
-                (below).
-
-        6.  The certificates field must contain the certificates
-            necessary for the client to establish trust in the KDC's
-            certificate based on the list of trusted certifiers sent by
-            the client in the PA-PK-AS-REQ.  This field may be empty if
-            the client did not send to the KDC a list of trusted
-            certifiers (the trustedCertifiers field was empty, meaning
-            that the client already possesses the KDC's certificate).
-
-        7.  The signerInfos field is a SET that must contain at least
-            one member, since it contains the actual signature.
-
-    KdcDHKeyInfo ::= SEQUENCE {
-                              -- used only when utilizing Diffie-Hellman
-      nonce                 [0] INTEGER,
-                                -- binds responce to the request
-      subjectPublicKey      [2] BIT STRING
-                                -- Equals public exponent (g^a mod p)
-                                -- INTEGER encoded as payload of
-                                -- BIT STRING
-    }
-
-    Usage of EnvelopedData:
-
-        The EnvelopedData data type is specified in the Cryptographic
-        Message Syntax, a product of the S/MIME working group of the
-        IETF.  It contains a temporary key encrypted with the PKINIT
-        client's public key.  It also contains a signed and encrypted
-        reply key.
-
-        1.  The originatorInfo field is not required, since that
-            information may be presented in the signedData structure
-            that is encrypted within the encryptedContentInfo field.
-
-        2.  The optional unprotectedAttrs field is not required for
-            PKINIT.
-
-        3.  The recipientInfos field is a SET which must contain exactly
-            one member of the KeyTransRecipientInfo type for encryption
-            with an RSA public key.
-
-            a.  The encryptedKey field (in KeyTransRecipientInfo)
-                contains the temporary key which is encrypted with the
-                PKINIT client's public key.
-
-        4.  The encryptedContentInfo field contains the signed and
-            encrypted reply key.
-
-            a.  The contentType field shall contain the OID value for
-                id-signedData: iso (1) member-body (2) us (840)
-                rsadsi (113549) pkcs (1) pkcs7 (7) signedData (2)
-
-            b.  The encryptedContent field is encrypted data of the CMS
-                type signedData as specified below.
-
-                i.  The encapContentInfo field must contains the
-                    ReplyKeyPack.
-
-                    * The eContentType field shall contain the OID value
-                      for pkdata: iso (1) org (3) dod (6) internet (1)
-                      security (5) kerberosv5 (2) pkinit (3) pkdata (1)
-
-                    * The eContent field is data of the type ReplyKeyPack
-                      (below).
-
-                ii.  The certificates field must contain the certificates
-                     necessary for the client to establish trust in the
-                     KDC's certificate based on the list of trusted
-                     certifiers sent by the client in the PA-PK-AS-REQ.
-                     This field may be empty if the client did not send
-                     to the KDC a list of trusted certifiers (the
-                     trustedCertifiers field was empty, meaning that the
-                     client already possesses the KDC's certificate).
-
-                iii.  The signerInfos field is a SET that must contain at
-                      least one member, since it contains the actual
-                      signature.
-
-    ReplyKeyPack ::= SEQUENCE {
-                              -- not used for Diffie-Hellman
-        replyKey             [0] EncryptionKey,
-                                 -- used to encrypt main reply
-                                 -- ENCTYPE is at least as strong as
-                                 -- ENCTYPE of session key
-        nonce                [1] INTEGER,
-                                 -- binds response to the request
-                                 -- must be same as the nonce
-                                 -- passed in the PKAuthenticator
-    }
-
-    Since each certifier in the certification path of a user's
-    certificate is equivalent to a separate Kerberos realm, the name
-    of each certifier in the certificate chain must be added to the
-    transited field of the ticket.  The format of these realm names is
-    defined in Section 3.1 of this document.  If applicable, the
-    transit-policy-checked flag should be set in the issued ticket.
-
-    The KDC's certificate(s) must bind the public key(s) of the KDC to
-    a name derivable from the name of the realm for that KDC.  X.509
-    certificates shall contain the principal name of the KDC
-    (defined in section 8.2 of RFC 1510) as the SubjectAltName version
-    3 extension. Below is the definition of this version 3 extension,
-    as specified by the X.509 standard:
-
-        subjectAltName EXTENSION ::= {
-            SYNTAX GeneralNames
-            IDENTIFIED BY id-ce-subjectAltName
-        }
-
-        GeneralNames ::= SEQUENCE SIZE(1..MAX) OF GeneralName
-
-        GeneralName ::= CHOICE {
-            otherName       [0] OtherName,
-            ...
-        }
-
-        OtherName ::= SEQUENCE {
-            type-id         OBJECT IDENTIFIER,
-            value           [0] EXPLICIT ANY DEFINED BY type-id
-        }
-
-    For the purpose of specifying a Kerberos principal name, the value
-    in OtherName shall be a KerberosName as defined in RFC 1510, but with
-    the PrincipalName replaced by CertPrincipalName as mentioned in
-    Section 3.1:
-
-        KerberosName ::= SEQUENCE {
-            realm           [0] Realm,
-            principalName   [1] CertPrincipalName  -- defined above
-        }
-
-    This specific syntax is identified within subjectAltName by setting
-    the type-id in OtherName to krb5PrincipalName, where (from the
-    Kerberos specification) we have
-
-        krb5 OBJECT IDENTIFIER ::= { iso (1)
-                                     org (3)
-                                     dod (6)
-                                     internet (1)
-                                     security (5)
-                                     kerberosv5 (2) }
-
-        krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
-
-    (This specification may also be used to specify a Kerberos name
-    within the user's certificate.)  The KDC's certificate may be signed
-    directly by a CA, or there may be intermediaries if the server resides
-    within a large organization, or it may be unsigned if the client
-    indicates possession (and trust) of the KDC's certificate.
-
-    The client then extracts the random key used to encrypt the main
-    reply.  This random key (in encPaReply) is encrypted with either the
-    client's public key or with a key derived from the DH values
-    exchanged between the client and the KDC.  The client uses this
-    random key to decrypt the main reply, and subsequently proceeds as
-    described in RFC 1510.
-
-3.2.3. Required Algorithms
-
-    Not all of the algorithms in the PKINIT protocol specification have
-    to be implemented in order to comply with the proposed standard.
-    Below is a list of the required algorithms:
-
-    * Diffie-Hellman public/private key pairs
-        * utilizing Diffie-Hellman ephemeral-ephemeral mode
-    * SHA1 digest and DSA for signatures
-    * 3-key triple DES keys derived from the Diffie-Hellman Exchange
-    * 3-key triple DES Temporary and Reply keys
-
-4.  Logistics and Policy
-
-    This section describes a way to define the policy on the use of
-    PKINIT for each principal and request.
-
-    The KDC is not required to contain a database record for users
-    who use public key authentication.  However, if these users are
-    registered with the KDC, it is recommended that the database record
-    for these users be modified to an additional flag in the attributes
-    field to indicate that the user should authenticate using PKINIT.
-    If this flag is set and a request message does not contain the
-    PKINIT preauthentication field, then the KDC sends back as error of
-    type KDC_ERR_PREAUTH_REQUIRED indicating that a preauthentication
-    field of type PA-PK-AS-REQ must be included in the request.
-
-5.  Security Considerations
-
-    PKINIT raises a few security considerations, which we will address
-    in this section.
-
-    First of all, PKINIT introduces a new trust model, where KDCs do not
-    (necessarily) certify the identity of those for whom they issue
-    tickets.  PKINIT does allow KDCs to act as their own CAs, in the
-    limited capacity of self-signing their certificates, but one of the
-    additional benefits is to align Kerberos authentication with a global
-    public key infrastructure.  Anyone using PKINIT in this way must be
-    aware of how the certification infrastructure they are linking to
-    works.
-
-    Secondly, PKINIT also introduces the possibility of interactions
-    between different cryptosystems, which may be of widely varying
-    strengths.  Many systems, for instance, allow the use of 512-bit
-    public keys.  Using such keys to wrap data encrypted under strong
-    conventional cryptosystems, such as triple-DES, is inappropriate;
-    it adds a weak link to a strong one at extra cost.  Implementors
-    and administrators should take care to avoid such wasteful and
-    deceptive interactions.
-
-    Lastly, PKINIT calls for randomly generated keys for conventional
-    cryptosystems.  Many such systems contain systematically "weak"
-    keys.  PKINIT implementations MUST avoid use of these keys, either
-    by discarding those keys when they are generated, or by fixing them
-    in some way (e.g., by XORing them with a given mask).  These
-    precautions vary from system to system; it is not our intention to
-    give an explicit recipe for them here.
-
-6.  Transport Issues
-
-    Certificate chains can potentially grow quite large and span several
-    UDP packets; this in turn increases the probability that a Kerberos
-    message involving PKINIT extensions will be broken in transit.  In
-    light of the possibility that the Kerberos specification will
-    require KDCs to accept requests using TCP as a transport mechanism,
-    we make the same recommendation with respect to the PKINIT
-    extensions as well.
-
-7.  Bibliography
-
-    [1] J. Kohl, C. Neuman.  The Kerberos Network Authentication Service
-    (V5).  Request for Comments 1510.
-
-    [2] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service
-    for Computer Networks, IEEE Communications, 32(9):33-38.  September
-    1994.
-
-    [3] B. Tung, T. Ryutov, C. Neuman, G. Tsudik, B. Sommerfeld,
-    A. Medvinsky, M. Hur.  Public Key Cryptography for Cross-Realm
-    Authentication in Kerberos.  draft-ietf-cat-kerberos-pk-cross-04.txt
-
-    [4] A. Medvinsky, J. Cargille, M. Hur.  Anonymous Credentials in
-    Kerberos.  draft-ietf-cat-kerberos-anoncred-00.txt
-
-    [5] Ari Medvinsky, M. Hur, Alexander Medvinsky, B. Clifford Neuman.
-    Public Key Utilizing Tickets for Application Servers (PKTAPP).
-    draft-ietf-cat-pktapp-02.txt
-
-    [6] M. Sirbu, J. Chuang.  Distributed Authentication in Kerberos
-    Using Public Key Cryptography.  Symposium On Network and Distributed
-    System Security, 1997.
-
-    [7] B. Cox, J.D. Tygar, M. Sirbu.  NetBill Security and Transaction
-    Protocol.  In Proceedings of the USENIX Workshop on Electronic
-    Commerce, July 1995.
-
-    [8] T. Dierks, C. Allen.  The TLS Protocol, Version 1.0
-    Request for Comments 2246, January 1999.
-
-    [9] B.C. Neuman, Proxy-Based Authorization and Accounting for
-    Distributed Systems.  In Proceedings of the 13th International
-    Conference on Distributed Computing Systems, May 1993.
-
-    [10] ITU-T (formerly CCITT) Information technology - Open Systems
-    Interconnection - The Directory: Authentication Framework
-    Recommendation X.509 ISO/IEC 9594-8
-
-    [11] R. Housley. Cryptographic Message Syntax.
-    draft-ietf-smime-cms-13.txt, April 1999, approved for publication
-    as RFC.
-
-    [12] PKCS #7: Cryptographic Message Syntax Standard,
-    An RSA Laboratories Technical Note Version 1.5
-    Revised November 1, 1993
-
-    [13] R. Rivest, MIT Laboratory for Computer Science and RSA Data
-    Security, Inc. A Description of the RC2(r) Encryption Algorithm
-    March 1998.
-    Request for Comments 2268.
-
-    [14] M. Wahl, S. Kille, T. Howes. Lightweight Directory Access
-    Protocol (v3): UTF-8 String Representation of Distinguished Names.
-    Request for Comments 2253.
-
-    [15] R. Housley, W. Ford, W. Polk, D. Solo. Internet X.509 Public
-    Key Infrastructure, Certificate and CRL Profile, January 1999.
-    Request for Comments 2459.
-
-    [16] B. Kaliski, J. Staddon. PKCS #1: RSA Cryptography
-    Specifications, October 1998.  Request for Comments 2437.
-
-    [17] S. Dusse, P. Hoffman, B. Ramsdell, J. Weinstein.  S/MIME
-    Version 2 Certificate Handling, March 1998.  Request for
-    Comments 2312.
-
-    [18] M. Wahl, T. Howes, S. Kille.  Lightweight Directory Access
-    Protocol (v3), December 1997.  Request for Comments 2251.
-
-    [19] ITU-T (formerly CCITT) Information Processing Systems - Open
-    Systems Interconnection - Specification of Abstract Syntax Notation
-    One (ASN.1) Rec. X.680 ISO/IEC 8824-1
-
-8.  Acknowledgements
-
-    Some of the ideas on which this proposal is based arose during
-    discussions over several years between members of the SAAG, the IETF
-    CAT working group, and the PSRG, regarding integration of Kerberos
-    and SPX.  Some ideas have also been drawn from the DASS system.
-    These changes are by no means endorsed by these groups.  This is an
-    attempt to revive some of the goals of those groups, and this
-    proposal approaches those goals primarily from the Kerberos
-    perspective.  Lastly, comments from groups working on similar ideas
-    in DCE have been invaluable.
-
-9.  Expiration Date
-
-    This draft expires September 15, 2000.
-
-10. Authors
-
-    Brian Tung
-    Clifford Neuman
-    USC Information Sciences Institute
-    4676 Admiralty Way Suite 1001
-    Marina del Rey CA 90292-6695
-    Phone: +1 310 822 1511
-    E-mail: {brian, bcn}@isi.edu
-
-    Matthew Hur
-    CyberSafe Corporation
-    1605 NW Sammamish Road
-    Issaquah WA 98027-5378
-    Phone: +1 425 391 6000
-    E-mail: matt.hur@cybersafe.com
-
-    Ari Medvinsky
-    Keen.com, Inc.
-    150 Independence Drive
-    Menlo Park CA 94025
-    Phone: +1 650 289 3134
-    E-mail: ari@keen.com
-
-    Sasha Medvinsky
-    Motorola
-    6450 Sequence Drive
-    San Diego, CA 92121
-    Phone +1 619 404 2825
-    E-mail: smedvinsky@gi.com
-
-    John Wray
-    Iris Associates, Inc.
-    5 Technology Park Dr.
-    Westford, MA 01886
-    E-mail: John_Wray@iris.com
-
-    Jonathan Trostle
-    170 W. Tasman Dr.
-    San Jose, CA 95134
-    E-mail: jtrostle@cisco.com
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-12.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-12.txt
deleted file mode 100644
index b1e596836eb8..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-init-12.txt
+++ /dev/null
@@ -1,1080 +0,0 @@
-INTERNET-DRAFT                                                Brian Tung
-draft-ietf-cat-kerberos-pk-init-12.txt                   Clifford Neuman
-Updates: RFC 1510                                                USC/ISI
-expires January 15, 2001                                     Matthew Hur
-                                                   CyberSafe Corporation
-                                                           Ari Medvinsky
-                                                          Keen.com, Inc.
-                                                         Sasha Medvinsky
-                                                                Motorola
-                                                               John Wray
-                                                   Iris Associates, Inc.
-                                                        Jonathan Trostle
-                                                                   Cisco
-
-    Public Key Cryptography for Initial Authentication in Kerberos
-
-0.  Status Of This Memo
-
-    This document is an Internet-Draft and is in full conformance with
-    all provisions of Section 10 of RFC 2026.  Internet-Drafts are
-    working documents of the Internet Engineering Task Force (IETF),
-    its areas, and its working groups.  Note that other groups may also
-    distribute working documents as Internet-Drafts.
-
-    Internet-Drafts are draft documents valid for a maximum of six
-    months and may be updated, replaced, or obsoleted by other
-    documents at any time.  It is inappropriate to use Internet-Drafts
-    as reference material or to cite them other than as "work in
-    progress."
-
-    The list of current Internet-Drafts can be accessed at
-    http://www.ietf.org/ietf/1id-abstracts.txt
-
-    The list of Internet-Draft Shadow Directories can be accessed at
-    http://www.ietf.org/shadow.html.
-
-    To learn the current status of any Internet-Draft, please check
-    the "1id-abstracts.txt" listing contained in the Internet-Drafts
-    Shadow Directories on ftp.ietf.org (US East Coast),
-    nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-    munnari.oz.au (Pacific Rim).
-
-    The distribution of this memo is unlimited.  It is filed as
-    draft-ietf-cat-kerberos-pk-init-11.txt, and expires January 15,
-    2001.  Please send comments to the authors.
-
-1.  Abstract
-
-    This document defines extensions (PKINIT) to the Kerberos protocol
-    specification (RFC 1510 [1]) to provide a method for using public
-    key cryptography during initial authentication.  The methods
-    defined specify the ways in which preauthentication data fields and
-    error data fields in Kerberos messages are to be used to transport
-    public key data.
-
-2.  Introduction
-
-    The popularity of public key cryptography has produced a desire for
-    its support in Kerberos [2].  The advantages provided by public key
-    cryptography include simplified key management (from the Kerberos
-    perspective) and the ability to leverage existing and developing
-    public key certification infrastructures.
-
-    Public key cryptography can be integrated into Kerberos in a number
-    of ways.  One is to associate a key pair with each realm, which can
-    then be used to facilitate cross-realm authentication; this is the
-    topic of another draft proposal.  Another way is to allow users with
-    public key certificates to use them in initial authentication.  This
-    is the concern of the current document.
-
-    PKINIT utilizes ephemeral-ephemeral Diffie-Hellman keys in
-    combination with digital signature keys as the primary, required
-    mechanism.  It also allows for the use of RSA keys and/or (static)
-    Diffie-Hellman certificates.  Note in particular that PKINIT supports
-    the use of separate signature and encryption keys.
-
-    PKINIT enables access to Kerberos-secured services based on initial
-    authentication utilizing public key cryptography.  PKINIT utilizes
-    standard public key signature and encryption data formats within the
-    standard Kerberos messages.  The basic mechanism is as follows:  The
-    user sends an AS-REQ message to the KDC as before, except that if that
-    user is to use public key cryptography in the initial authentication
-    step, his certificate and a signature accompany the initial request
-    in the preauthentication fields.  Upon receipt of this request, the
-    KDC verifies the certificate and issues a ticket granting ticket
-    (TGT) as before, except that the encPart from the AS-REP message
-    carrying the TGT is now encrypted utilizing either a Diffie-Hellman
-    derived key or the user's public key.  This message is authenticated
-    utilizing the public key signature of the KDC.
-
-    Note that PKINIT does not require the use of certificates.  A KDC
-    may store the public key of a principal as part of that principal's
-    record.  In this scenario, the KDC is the trusted party that vouches
-    for the principal (as in a standard, non-cross realm, Kerberos
-    environment).  Thus, for any principal, the KDC may maintain a
-    secret key, a public key, or both.
-
-    The PKINIT specification may also be used as a building block for
-    other specifications.  PKCROSS [3] utilizes PKINIT for establishing
-    the inter-realm key and associated inter-realm policy to be applied
-    in issuing cross realm service tickets.  As specified in [4],
-    anonymous Kerberos tickets can be issued by applying a NULL
-    signature in combination with Diffie-Hellman in the PKINIT exchange.
-    Additionally, the PKINIT specification may be used for direct peer
-    to peer authentication without contacting a central KDC. This
-    application of PKINIT is described in PKTAPP [5] and is based on
-    concepts introduced in [6, 7]. For direct client-to-server
-    authentication, the client uses PKINIT to authenticate to the end
-    server (instead of a central KDC), which then issues a ticket for
-    itself.  This approach has an advantage over TLS [8] in that the
-    server does not need to save state (cache session keys).
-    Furthermore, an additional benefit is that Kerberos tickets can
-    facilitate delegation (see [9]).
-
-3.  Proposed Extensions
-
-    This section describes extensions to RFC 1510 for supporting the
-    use of public key cryptography in the initial request for a ticket
-    granting ticket (TGT).
-
-    In summary, the following change to RFC 1510 is proposed:
-
-        * Users may authenticate using either a public key pair or a
-          conventional (symmetric) key.  If public key cryptography is
-          used, public key data is transported in preauthentication
-          data fields to help establish identity.  The user presents
-          a public key certificate and obtains an ordinary TGT that may
-          be used for subsequent authentication, with such
-          authentication using only conventional cryptography.
-
-    Section 3.1 provides definitions to help specify message formats.
-    Section 3.2 describes the extensions for the initial authentication
-    method.
-
-3.1.  Definitions
-
-    The extensions involve new preauthentication fields; we introduce
-    the following preauthentication types:
-
-        PA-PK-AS-REQ                            14
-        PA-PK-AS-REP                            15
-
-    The extensions also involve new error types; we introduce the
-    following types:
-
-        KDC_ERR_CLIENT_NOT_TRUSTED              62
-        KDC_ERR_KDC_NOT_TRUSTED                 63
-        KDC_ERR_INVALID_SIG                     64
-        KDC_ERR_KEY_TOO_WEAK                    65
-        KDC_ERR_CERTIFICATE_MISMATCH            66
-        KDC_ERR_CANT_VERIFY_CERTIFICATE         70
-        KDC_ERR_INVALID_CERTIFICATE             71
-        KDC_ERR_REVOKED_CERTIFICATE             72
-        KDC_ERR_REVOCATION_STATUS_UNKNOWN       73
-        KDC_ERR_REVOCATION_STATUS_UNAVAILABLE   74
-        KDC_ERR_CLIENT_NAME_MISMATCH            75
-        KDC_ERR_KDC_NAME_MISMATCH               76
-
-    We utilize the following typed data for errors:
-
-        TD-PKINIT-CMS-CERTIFICATES             101
-        TD-KRB-PRINCIPAL                       102
-        TD-KRB-REALM                           103
-        TD-TRUSTED-CERTIFIERS                  104
-        TD-CERTIFICATE-INDEX                   105
-
-    We utilize the following encryption types (which map directly to
-    OIDs):
-
-        dsaWithSHA1-CmsOID                       9
-        md5WithRSAEncryption-CmsOID             10
-        sha1WithRSAEncryption-CmsOID            11
-        rc2CBC-EnvOID                           12
-        rsaEncryption-EnvOID (PKCS#1 v1.5)      13
-        rsaES-OAEP-ENV-OID   (PKCS#1 v2.0)      14
-        des-ede3-cbc-Env-OID                    15
-
-    These mappings are provided so that a client may send the
-    appropriate enctypes in the AS-REQ message in order to indicate
-    support for the corresponding OIDs (for performing PKINIT).
-
-    In many cases, PKINIT requires the encoding of the X.500 name of a
-    certificate authority as a Realm.  When such a name appears as
-    a realm it will be represented using the "other" form of the realm
-    name as specified in the naming constraints section of RFC1510.
-    For a realm derived from an X.500 name, NAMETYPE will have the value
-    X500-RFC2253.  The full realm name will appear as follows:
-
-        <nametype> + ":" + <string>
-
-    where nametype is "X500-RFC2253" and string is the result of doing
-    an RFC2253 encoding of the distinguished name, i.e.
-
-        "X500-RFC2253:" + RFC2253Encode(DistinguishedName)
-
-    where DistinguishedName is an X.500 name, and RFC2253Encode is a
-    function returing a readable UTF encoding of an X.500 name, as
-    defined by RFC 2253 [14] (part of LDAPv3 [18]).
-
-    To ensure that this encoding is unique, we add the following rule
-    to those specified by RFC 2253:
-
-        The order in which the attributes appear in the RFC 2253
-        encoding must be the reverse of the order in the ASN.1
-        encoding of the X.500 name that appears in the public key
-        certificate. The order of the relative distinguished names
-        (RDNs), as well as the order of the AttributeTypeAndValues
-        within each RDN, will be reversed. (This is despite the fact
-        that an RDN is defined as a SET of AttributeTypeAndValues, where
-        an order is normally not important.)
-
-    Similarly, in cases where the KDC does not provide a specific
-    policy based mapping from the X.500 name or X.509 Version 3
-    SubjectAltName extension in the user's certificate to a Kerberos
-    principal name, PKINIT requires the direct encoding of the X.500
-    name as a PrincipalName.  In this case, the name-type of the
-    principal name shall be set to KRB_NT-X500-PRINCIPAL.  This new
-    name type is defined in RFC 1510 as:
-
-        KRB_NT_X500_PRINCIPAL    6
-
-    The name-string shall be set as follows:
-
-        RFC2253Encode(DistinguishedName)
-
-    as described above.  When this name type is used, the principal's
-    realm shall be set to the certificate authority's distinguished
-    name using the X500-RFC2253 realm name format described earlier in
-    this section
-
-    RFC 1510 specifies the ASN.1 structure for PrincipalName as follows:
-
-        PrincipalName ::=   SEQUENCE {
-                        name-type[0]     INTEGER,
-                        name-string[1]   SEQUENCE OF GeneralString
-        }
-
-    For the purposes of encoding an X.500 name as a Kerberos name for
-    use in Kerberos structures, the name-string shall be encoded as a
-    single GeneralString.  The name-type should be KRB_NT_X500_PRINCIPAL,
-    as noted above.  All Kerberos names must conform to validity
-    requirements as given in RFC 1510.  Note that name mapping may be
-    required or optional, based on policy.
-
-    We also define the following similar ASN.1 structure:
-
-        CertPrincipalName ::= SEQUENCE {
-                        name-type[0]     INTEGER,
-                        name-string[1]   SEQUENCE OF UTF8String
-        }
-
-    When a Kerberos PrincipalName is to be placed within an X.509 data
-    structure, the CertPrincipalName structure is to be used, with the
-    name-string encoded as a single UTF8String.  The name-type should be
-    as identified in the original PrincipalName structure.  The mapping
-    between the GeneralString and UTF8String formats can be found in
-    [19].
-
-    The following rules relate to the the matching of PrincipalNames (or
-    corresponding CertPrincipalNames) with regard to the PKI name
-    constraints for CAs as laid out in RFC 2459 [15].  In order to be
-    regarded as a match (for permitted and excluded name trees), the
-    following must be satisfied.
-
-        1.  If the constraint is given as a user plus realm name, or
-            as a user plus instance plus realm name (as specified in
-            RFC 1510), the realm name must be valid (see 2.a-d below)
-            and the match must be exact, byte for byte.
-
-        2.  If the constraint is given only as a realm name, matching
-            depends on the type of the realm:
-
-            a.  If the realm contains a colon (':') before any equal
-                sign ('='), it is treated as a realm of type Other,
-                and must match exactly, byte for byte.
-
-            b.  Otherwise, if the realm contains an equal sign, it
-                is treated as an X.500 name.  In order to match, every
-                component in the constraint MUST be in the principal
-                name, and have the same value.  For example, 'C=US'
-                matches 'C=US/O=ISI' but not 'C=UK'.
-
-            c.  Otherwise, if the realm name conforms to rules regarding
-                the format of DNS names, it is considered a realm name of
-                type Domain.  The constraint may be given as a realm
-                name 'FOO.BAR', which matches any PrincipalName within
-                the realm 'FOO.BAR' but not those in subrealms such as
-                'CAR.FOO.BAR'.  A constraint of the form '.FOO.BAR'
-                matches PrincipalNames in subrealms of the form
-                'CAR.FOO.BAR' but not the realm 'FOO.BAR' itself.
-
-            d.  Otherwise, the realm name is invalid and does not match
-                under any conditions.
-
-3.1.1.  Encryption and Key Formats
-
-    In the exposition below, we use the terms public key and private
-    key generically.  It should be understood that the term "public
-    key" may be used to refer to either a public encryption key or a
-    signature verification key, and that the term "private key" may be
-    used to refer to either a private decryption key or a signature
-    generation key.  The fact that these are logically distinct does
-    not preclude the assignment of bitwise identical keys for RSA
-    keys.
-
-    In the case of Diffie-Hellman, the key shall be produced from the
-    agreed bit string as follows:
-
-        * Truncate the bit string to the appropriate length.
-        * Rectify parity in each byte (if necessary) to obtain the key.
-
-    For instance, in the case of a DES key, we take the first eight
-    bytes of the bit stream, and then adjust the least significant bit
-    of each byte to ensure that each byte has odd parity.
-
-3.1.2. Algorithm Identifiers
-
-    PKINIT does not define, but does permit, the algorithm identifiers
-    listed below.
-
-3.1.2.1. Signature Algorithm Identifiers
-
-    The following signature algorithm identifiers specified in [11] and
-    in [15] shall be used with PKINIT:
-
-    id-dsa-with-sha1       (DSA with SHA1)
-    md5WithRSAEncryption   (RSA with MD5)
-    sha-1WithRSAEncryption (RSA with SHA1)
-
-3.1.2.2 Diffie-Hellman Key Agreement Algorithm Identifier
-
-    The following algorithm identifier shall be used within the
-    SubjectPublicKeyInfo data structure: dhpublicnumber
-
-    This identifier and the associated algorithm parameters are
-    specified in RFC 2459 [15].
-
-3.1.2.3. Algorithm Identifiers for RSA Encryption
-
-    These algorithm identifiers are used inside the EnvelopedData data
-    structure, for encrypting the temporary key with a public key:
-
-        rsaEncryption (RSA encryption, PKCS#1 v1.5)
-        id-RSAES-OAEP (RSA encryption, PKCS#1 v2.0)
-
-    Both of the above RSA encryption schemes are specified in [16].
-    Currently, only PKCS#1 v1.5 is specified by CMS [11], although the
-    CMS specification says that it will likely include PKCS#1 v2.0 in
-    the future.  (PKCS#1 v2.0 addresses adaptive chosen ciphertext
-    vulnerability discovered in PKCS#1 v1.5.)
-
-3.1.2.4. Algorithm Identifiers for Encryption with Secret Keys
-
-    These algorithm identifiers are used inside the EnvelopedData data
-    structure in the PKINIT Reply, for encrypting the reply key with the
-    temporary key:
-        des-ede3-cbc (3-key 3-DES, CBC mode)
-        rc2-cbc      (RC2, CBC mode)
-
-    The full definition of the above algorithm identifiers and their
-    corresponding parameters (an IV for block chaining) is provided in
-    the CMS specification [11].
-
-3.2.  Public Key Authentication
-
-    Implementation of the changes in this section is REQUIRED for
-    compliance with PKINIT.
-
-3.2.1.  Client Request
-
-    Public keys may be signed by some certification authority (CA), or
-    they may be maintained by the KDC in which case the KDC is the
-    trusted authority.  Note that the latter mode does not require the
-    use of certificates.
-
-    The initial authentication request is sent as per RFC 1510, except
-    that a preauthentication field containing data signed by the user's
-    private key accompanies the request:
-
-    PA-PK-AS-REQ ::= SEQUENCE {
-                                -- PA TYPE 14
-        signedAuthPack          [0] SignedData
-                                    -- Defined in CMS [11];
-                                    -- AuthPack (below) defines the
-                                    -- data that is signed.
-        trustedCertifiers       [1] SEQUENCE OF TrustedCas OPTIONAL,
-                                    -- This is a list of CAs that the
-                                    -- client trusts and that certify
-                                    -- KDCs.
-        kdcCert                 [2] IssuerAndSerialNumber OPTIONAL
-                                    -- As defined in CMS [11];
-                                    -- specifies a particular KDC
-                                    -- certificate if the client
-                                    -- already has it.
-        encryptionCert          [3] IssuerAndSerialNumber OPTIONAL
-                                    -- For example, this may be the
-                                    -- client's Diffie-Hellman
-                                    -- certificate, or it may be the
-                                    -- client's RSA encryption
-                                    -- certificate.
-    }
-
-    TrustedCas ::= CHOICE {
-        principalName         [0] KerberosName,
-                                  -- as defined below
-        caName                [1] Name
-                                  -- fully qualified X.500 name
-                                  -- as defined by X.509
-        issuerAndSerial       [2] IssuerAndSerialNumber
-                                  -- Since a CA may have a number of
-                                  -- certificates, only one of which
-                                  -- a client trusts
-    }
-
-    Usage of SignedData:
-
-        The SignedData data type is specified in the Cryptographic
-        Message Syntax, a product of the S/MIME working group of the
-        IETF.  The following describes how to fill in the fields of
-        this data:
-
-        1.  The encapContentInfo field must contain the PKAuthenticator
-            and, optionally, the client's Diffie Hellman public value.
-
-            a.  The eContentType field shall contain the OID value for
-                pkauthdata: iso (1) org (3) dod (6) internet (1)
-                security (5) kerberosv5 (2) pkinit (3) pkauthdata (1)
-
-            b.  The eContent field is data of the type AuthPack (below).
-
-        2.  The signerInfos field contains the signature of AuthPack.
-
-        3.  The Certificates field, when non-empty, contains the client's
-            certificate chain.  If present, the KDC uses the public key
-            from the client's certificate to verify the signature in the
-            request.  Note that the client may pass different certificate
-            chains that are used for signing or for encrypting.  Thus,
-            the KDC may utilize a different client certificate for
-            signature verification than the one it uses to encrypt the
-            reply to the client.  For example, the client may place a
-            Diffie-Hellman certificate in this field in order to convey
-            its static Diffie Hellman certificate to the KDC to enable
-            static-ephemeral Diffie-Hellman mode for the reply; in this
-            case, the client does NOT place its public value in the
-            AuthPack (defined below).  As another example, the client may
-            place an RSA encryption certificate in this field.  However,
-            there must always be (at least) a signature certificate.
-
-    AuthPack ::= SEQUENCE {
-        pkAuthenticator         [0] PKAuthenticator,
-        clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL
-                                    -- if client is using Diffie-Hellman
-                                    -- (ephemeral-ephemeral only)
-    }
-
-    PKAuthenticator ::= SEQUENCE {
-        cusec                   [0] INTEGER,
-                                    -- for replay prevention as in RFC1510
-        ctime                   [1] KerberosTime,
-                                    -- for replay prevention as in RFC1510
-        nonce                   [2] INTEGER,
-        pachecksum              [3] Checksum
-                                    -- Checksum over KDC-REQ-BODY
-                                    -- Defined by Kerberos spec
-    }
-
-    SubjectPublicKeyInfo ::= SEQUENCE {
-        algorithm                   AlgorithmIdentifier,
-                                    -- dhKeyAgreement
-        subjectPublicKey            BIT STRING
-                                    -- for DH, equals
-                                    -- public exponent (INTEGER encoded
-                                    -- as payload of BIT STRING)
-    }   -- as specified by the X.509 recommendation [10]
-
-    AlgorithmIdentifier ::= SEQUENCE {
-        algorithm                   OBJECT IDENTIFIER,
-                                    -- for dhKeyAgreement, this is
-                                    -- { iso (1) member-body (2) US (840)
-                                    -- rsadsi (113459) pkcs (1) 3 1 }
-                                    -- from PKCS #3 [20]
-        parameters                  ANY DEFINED by algorithm OPTIONAL
-                                    -- for dhKeyAgreement, this is
-                                    -- DHParameter
-    }   -- as specified by the X.509 recommendation [10]
-
-    DHParameter ::= SEQUENCE {
-        prime                       INTEGER,
-                                    -- p
-        base                        INTEGER,
-                                    -- g
-        privateValueLength          INTEGER OPTIONAL
-                                    -- l
-    }   -- as defined in PKCS #3 [20]
-
-    If the client passes an issuer and serial number in the request,
-    the KDC is requested to use the referred-to certificate.  If none
-    exists, then the KDC returns an error of type
-    KDC_ERR_CERTIFICATE_MISMATCH.  It also returns this error if, on the
-    other hand, the client does not pass any trustedCertifiers,
-    believing that it has the KDC's certificate, but the KDC has more
-    than one certificate.  The KDC should include information in the
-    KRB-ERROR message that indicates the KDC certificate(s) that a
-    client may utilize.  This data is specified in the e-data, which
-    is defined in RFC 1510 revisions as a SEQUENCE of TypedData:
-
-    TypedData ::=  SEQUENCE {
-                    data-type      [0] INTEGER,
-                    data-value     [1] OCTET STRING,
-    } -- per Kerberos RFC 1510 revisions
-
-    where:
-    data-type = TD-PKINIT-CMS-CERTIFICATES = 101
-    data-value = CertificateSet // as specified by CMS [11]
-
-    The PKAuthenticator carries information to foil replay attacks, to
-    bind the pre-authentication data to the KDC-REQ-BODY, and to bind the
-    request and response.  The PKAuthenticator is signed with the client's
-    signature key.
-
-3.2.2.  KDC Response
-
-    Upon receipt of the AS_REQ with PA-PK-AS-REQ pre-authentication
-    type, the KDC attempts to verify the user's certificate chain
-    (userCert), if one is provided in the request.  This is done by
-    verifying the certification path against the KDC's policy of
-    legitimate certifiers.  This may be based on a certification
-    hierarchy, or it may be simply a list of recognized certifiers in a
-    system like PGP.
-
-    If the client's certificate chain contains no certificate signed by
-    a CA trusted by the KDC, then the KDC sends back an error message
-    of type KDC_ERR_CANT_VERIFY_CERTIFICATE.  The accompanying e-data
-    is a SEQUENCE of one TypedData (with type TD-TRUSTED-CERTIFIERS=104)
-    whose data-value is an OCTET STRING which is the DER encoding of
-
-        TrustedCertifiers ::= SEQUENCE OF PrincipalName
-                              -- X.500 name encoded as a principal name
-                              -- see Section 3.1
-
-    If while verifying a certificate chain the KDC determines that the
-    signature on one of the certificates in the CertificateSet from
-    the signedAuthPack fails verification, then the KDC returns an
-    error of type KDC_ERR_INVALID_CERTIFICATE.  The accompanying
-    e-data is a SEQUENCE of one TypedData (with type
-    TD-CERTIFICATE-INDEX=105) whose data-value is an OCTET STRING
-    which is the DER encoding of the index into the CertificateSet
-    ordered as sent by the client.
-
-        CertificateIndex  ::= INTEGER
-                              -- 0 = 1st certificate,
-                              --     (in order of encoding)
-                              -- 1 = 2nd certificate, etc
-
-    The KDC may also check whether any of the certificates in the
-    client's chain has been revoked.  If one of the certificates has
-    been revoked, then the KDC returns an error of type
-    KDC_ERR_REVOKED_CERTIFICATE; if such a query reveals that
-    the certificate's revocation status is unknown or not
-    available, then if required by policy, the KDC returns the
-    appropriate error of type KDC_ERR_REVOCATION_STATUS_UNKNOWN or
-    KDC_ERR_REVOCATION_STATUS_UNAVAILABLE.  In any of these three
-    cases, the affected certificate is identified by the accompanying
-    e-data, which contains a CertificateIndex as described for
-    KDC_ERR_INVALID_CERTIFICATE.
-
-    If the certificate chain can be verified, but the name of the
-    client in the certificate does not match the client's name in the
-    request, then the KDC returns an error of type
-    KDC_ERR_CLIENT_NAME_MISMATCH.  There is no accompanying e-data
-    field in this case.
-
-    Finally, if the certificate chain is verified, but the KDC's name
-    or realm as given in the PKAuthenticator does not match the KDC's
-    actual principal name, then the KDC returns an error of type
-    KDC_ERR_KDC_NAME_MISMATCH.  The accompanying e-data field is again
-    a SEQUENCE of one TypedData (with type TD-KRB-PRINCIPAL=102 or
-    TD-KRB-REALM=103 as appropriate) whose data-value is an OCTET
-    STRING whose data-value is the DER encoding of a PrincipalName or
-    Realm as defined in RFC 1510 revisions.
-
-    Even if all succeeds, the KDC may--for policy reasons--decide not
-    to trust the client.  In this case, the KDC returns an error message
-    of type KDC_ERR_CLIENT_NOT_TRUSTED.  One specific case of this is
-    the presence or absence of an Enhanced Key Usage (EKU) OID within
-    the certificate extensions.  The rules regarding acceptability of
-    an EKU sequence (or the absence of any sequence) are a matter of
-    local policy.  For the benefit of implementers, we define a PKINIT
-    EKU OID as the following: iso (1) org (3) dod (6) internet (1)
-    security (5) kerberosv5 (2) pkinit (3) pkekuoid (2).
-
-    If a trust relationship exists, the KDC then verifies the client's
-    signature on AuthPack.  If that fails, the KDC returns an error
-    message of type KDC_ERR_INVALID_SIG.  Otherwise, the KDC uses the
-    timestamp (ctime and cusec) in the PKAuthenticator to assure that
-    the request is not a replay.  The KDC also verifies that its name
-    is specified in the PKAuthenticator.
-
-    If the clientPublicValue field is filled in, indicating that the
-    client wishes to use Diffie-Hellman key agreement, then the KDC
-    checks to see that the parameters satisfy its policy.  If they do
-    not (e.g., the prime size is insufficient for the expected
-    encryption type), then the KDC sends back an error message of type
-    KDC_ERR_KEY_TOO_WEAK.  Otherwise, it generates its own public and
-    private values for the response.
-
-    The KDC also checks that the timestamp in the PKAuthenticator is
-    within the allowable window and that the principal name and realm
-    are correct.  If the local (server) time and the client time in the
-    authenticator differ by more than the allowable clock skew, then the
-    KDC returns an error message of type KRB_AP_ERR_SKEW as defined in 1510.
-
-    Assuming no errors, the KDC replies as per RFC 1510, except as
-    follows.  The user's name in the ticket is determined by the
-    following decision algorithm:
-
-        1.  If the KDC has a mapping from the name in the certificate
-            to a Kerberos name, then use that name.
-            Else
-        2.  If the certificate contains the SubjectAltName extention
-            and the local KDC policy defines a mapping from the
-            SubjectAltName to a Kerberos name, then use that name.
-            Else
-        3.  Use the name as represented in the certificate, mapping
-            mapping as necessary (e.g., as per RFC 2253 for X.500
-            names).  In this case the realm in the ticket shall be the
-            name of the certifier that issued the user's certificate.
-
-    Note that a principal name may be carried in the subject alt name
-    field of a certificate. This name may be mapped to a principal
-    record in a security database based on local policy, for example
-    the subject alt name may be kerberos/principal@realm format.  In
-    this case the realm name is not that of the CA but that of the
-    local realm doing the mapping (or some realm name chosen by that
-    realm).
-
-    If a non-KDC X.509 certificate contains the principal name within
-    the subjectAltName version 3 extension , that name may utilize
-    KerberosName as defined below, or, in the case of an S/MIME
-    certificate [17], may utilize the email address.  If the KDC
-    is presented with an S/MIME certificate, then the email address
-    within subjectAltName will be interpreted as a principal and realm
-    separated by the "@" sign, or as a name that needs to be
-    canonicalized.  If the resulting name does not correspond to a
-    registered principal name, then the principal name is formed as
-    defined in section 3.1.
-
-    The trustedCertifiers field contains a list of certification
-    authorities trusted by the client, in the case that the client does
-    not possess the KDC's public key certificate.  If the KDC has no
-    certificate signed by any of the trustedCertifiers, then it returns
-    an error of type KDC_ERR_KDC_NOT_TRUSTED.
-
-    KDCs should try to (in order of preference):
-    1. Use the KDC certificate identified by the serialNumber included
-       in the client's request.
-    2. Use a certificate issued to the KDC by the client's CA (if in the
-       middle of a CA key roll-over, use the KDC cert issued under same
-       CA key as user cert used to verify request).
-    3. Use a certificate issued to the KDC by one of the client's
-       trustedCertifier(s);
-    If the KDC is unable to comply with any of these options, then the
-    KDC returns an error message of type KDC_ERR_KDC_NOT_TRUSTED to the
-    client.
-
-    The KDC encrypts the reply not with the user's long-term key, but
-    with the Diffie Hellman derived key or a random key generated
-    for this particular response which is carried in the padata field of
-    the TGS-REP message.
-
-    PA-PK-AS-REP ::= CHOICE {
-                            -- PA TYPE 15
-        dhSignedData       [0] SignedData,
-                            -- Defined in CMS and used only with
-                            -- Diffie-Hellman key exchange (if the
-                            -- client public value was present in the
-                            -- request).
-                            -- This choice MUST be supported
-                            -- by compliant implementations.
-        encKeyPack         [1] EnvelopedData,
-                            -- Defined in CMS
-                            -- The temporary key is encrypted
-                            -- using the client public key
-                            -- key
-                            -- SignedReplyKeyPack, encrypted
-                            -- with the temporary key, is also
-                            -- included.
-    }
-
-    Usage of SignedData:
-
-        When the Diffie-Hellman option is used, dhSignedData in
-        PA-PK-AS-REP provides authenticated Diffie-Hellman parameters
-        of the KDC.  The reply key used to encrypt part of the KDC reply
-        message is derived from the Diffie-Hellman exchange:
-
-        1.  Both the KDC and the client calculate a secret value
-            (g^ab mod p), where a is the client's private exponent and
-            b is the KDC's private exponent.
-
-        2.  Both the KDC and the client take the first N bits of this
-            secret value and convert it into a reply key.  N depends on
-            the reply key type.
-
-        3.  If the reply key is DES, N=64 bits, where some of the bits
-            are replaced with parity bits, according to FIPS PUB 74.
-
-        4.  If the reply key is (3-key) 3-DES, N=192 bits, where some
-            of the bits are replaced with parity bits, according to
-            FIPS PUB 74.
-
-        5.  The encapContentInfo field must contain the KdcDHKeyInfo as
-            defined below.
-
-            a.  The eContentType field shall contain the OID value for
-                pkdhkeydata: iso (1) org (3) dod (6) internet (1)
-                security (5) kerberosv5 (2) pkinit (3) pkdhkeydata (2)
-
-            b.  The eContent field is data of the type KdcDHKeyInfo
-                (below).
-
-        6.  The certificates field must contain the certificates
-            necessary for the client to establish trust in the KDC's
-            certificate based on the list of trusted certifiers sent by
-            the client in the PA-PK-AS-REQ.  This field may be empty if
-            the client did not send to the KDC a list of trusted
-            certifiers (the trustedCertifiers field was empty, meaning
-            that the client already possesses the KDC's certificate).
-
-        7.  The signerInfos field is a SET that must contain at least
-            one member, since it contains the actual signature.
-
-    KdcDHKeyInfo ::= SEQUENCE {
-                              -- used only when utilizing Diffie-Hellman
-      nonce                 [0] INTEGER,
-                                -- binds responce to the request
-      subjectPublicKey      [2] BIT STRING
-                                -- Equals public exponent (g^a mod p)
-                                -- INTEGER encoded as payload of
-                                -- BIT STRING
-    }
-
-    Usage of EnvelopedData:
-
-        The EnvelopedData data type is specified in the Cryptographic
-        Message Syntax, a product of the S/MIME working group of the
-        IETF.  It contains a temporary key encrypted with the PKINIT
-        client's public key.  It also contains a signed and encrypted
-        reply key.
-
-        1.  The originatorInfo field is not required, since that
-            information may be presented in the signedData structure
-            that is encrypted within the encryptedContentInfo field.
-
-        2.  The optional unprotectedAttrs field is not required for
-            PKINIT.
-
-        3.  The recipientInfos field is a SET which must contain exactly
-            one member of the KeyTransRecipientInfo type for encryption
-            with an RSA public key.
-
-            a.  The encryptedKey field (in KeyTransRecipientInfo)
-                contains the temporary key which is encrypted with the
-                PKINIT client's public key.
-
-        4.  The encryptedContentInfo field contains the signed and
-            encrypted reply key.
-
-            a.  The contentType field shall contain the OID value for
-                id-signedData: iso (1) member-body (2) us (840)
-                rsadsi (113549) pkcs (1) pkcs7 (7) signedData (2)
-
-            b.  The encryptedContent field is encrypted data of the CMS
-                type signedData as specified below.
-
-                i.  The encapContentInfo field must contains the
-                    ReplyKeyPack.
-
-                    * The eContentType field shall contain the OID value
-                      for pkrkeydata: iso (1) org (3) dod (6) internet (1)
-                      security (5) kerberosv5 (2) pkinit (3) pkrkeydata (3)
-
-                    * The eContent field is data of the type ReplyKeyPack
-                      (below).
-
-                ii.  The certificates field must contain the certificates
-                     necessary for the client to establish trust in the
-                     KDC's certificate based on the list of trusted
-                     certifiers sent by the client in the PA-PK-AS-REQ.
-                     This field may be empty if the client did not send
-                     to the KDC a list of trusted certifiers (the
-                     trustedCertifiers field was empty, meaning that the
-                     client already possesses the KDC's certificate).
-
-                iii.  The signerInfos field is a SET that must contain at
-                      least one member, since it contains the actual
-                      signature.
-
-    ReplyKeyPack ::= SEQUENCE {
-                              -- not used for Diffie-Hellman
-        replyKey             [0] EncryptionKey,
-                                 -- used to encrypt main reply
-                                 -- ENCTYPE is at least as strong as
-                                 -- ENCTYPE of session key
-        nonce                [1] INTEGER,
-                                 -- binds response to the request
-                                 -- must be same as the nonce
-                                 -- passed in the PKAuthenticator
-    }
-
-    Since each certifier in the certification path of a user's
-    certificate is equivalent to a separate Kerberos realm, the name
-    of each certifier in the certificate chain must be added to the
-    transited field of the ticket.  The format of these realm names is
-    defined in Section 3.1 of this document.  If applicable, the
-    transit-policy-checked flag should be set in the issued ticket.
-
-    The KDC's certificate(s) must bind the public key(s) of the KDC to
-    a name derivable from the name of the realm for that KDC.  X.509
-    certificates shall contain the principal name of the KDC
-    (defined in section 8.2 of RFC 1510) as the SubjectAltName version
-    3 extension. Below is the definition of this version 3 extension,
-    as specified by the X.509 standard:
-
-        subjectAltName EXTENSION ::= {
-            SYNTAX GeneralNames
-            IDENTIFIED BY id-ce-subjectAltName
-        }
-
-        GeneralNames ::= SEQUENCE SIZE(1..MAX) OF GeneralName
-
-        GeneralName ::= CHOICE {
-            otherName       [0] OtherName,
-            ...
-        }
-
-        OtherName ::= SEQUENCE {
-            type-id         OBJECT IDENTIFIER,
-            value           [0] EXPLICIT ANY DEFINED BY type-id
-        }
-
-    For the purpose of specifying a Kerberos principal name, the value
-    in OtherName shall be a KerberosName as defined in RFC 1510, but with
-    the PrincipalName replaced by CertPrincipalName as mentioned in
-    Section 3.1:
-
-        KerberosName ::= SEQUENCE {
-            realm           [0] Realm,
-            principalName   [1] CertPrincipalName  -- defined above
-        }
-
-    This specific syntax is identified within subjectAltName by setting
-    the type-id in OtherName to krb5PrincipalName, where (from the
-    Kerberos specification) we have
-
-        krb5 OBJECT IDENTIFIER ::= { iso (1)
-                                     org (3)
-                                     dod (6)
-                                     internet (1)
-                                     security (5)
-                                     kerberosv5 (2) }
-
-        krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
-
-    (This specification may also be used to specify a Kerberos name
-    within the user's certificate.)  The KDC's certificate may be signed
-    directly by a CA, or there may be intermediaries if the server resides
-    within a large organization, or it may be unsigned if the client
-    indicates possession (and trust) of the KDC's certificate.
-
-    The client then extracts the random key used to encrypt the main
-    reply.  This random key (in encPaReply) is encrypted with either the
-    client's public key or with a key derived from the DH values
-    exchanged between the client and the KDC.  The client uses this
-    random key to decrypt the main reply, and subsequently proceeds as
-    described in RFC 1510.
-
-3.2.3. Required Algorithms
-
-    Not all of the algorithms in the PKINIT protocol specification have
-    to be implemented in order to comply with the proposed standard.
-    Below is a list of the required algorithms:
-
-    * Diffie-Hellman public/private key pairs
-        * utilizing Diffie-Hellman ephemeral-ephemeral mode
-    * SHA1 digest and DSA for signatures
-    * SHA1 digest also for the Checksum in the PKAuthenticator
-    * 3-key triple DES keys derived from the Diffie-Hellman Exchange
-    * 3-key triple DES Temporary and Reply keys
-
-4.  Logistics and Policy
-
-    This section describes a way to define the policy on the use of
-    PKINIT for each principal and request.
-
-    The KDC is not required to contain a database record for users
-    who use public key authentication.  However, if these users are
-    registered with the KDC, it is recommended that the database record
-    for these users be modified to an additional flag in the attributes
-    field to indicate that the user should authenticate using PKINIT.
-    If this flag is set and a request message does not contain the
-    PKINIT preauthentication field, then the KDC sends back as error of
-    type KDC_ERR_PREAUTH_REQUIRED indicating that a preauthentication
-    field of type PA-PK-AS-REQ must be included in the request.
-
-5.  Security Considerations
-
-    PKINIT raises a few security considerations, which we will address
-    in this section.
-
-    First of all, PKINIT introduces a new trust model, where KDCs do not
-    (necessarily) certify the identity of those for whom they issue
-    tickets.  PKINIT does allow KDCs to act as their own CAs, in the
-    limited capacity of self-signing their certificates, but one of the
-    additional benefits is to align Kerberos authentication with a global
-    public key infrastructure.  Anyone using PKINIT in this way must be
-    aware of how the certification infrastructure they are linking to
-    works.
-
-    Secondly, PKINIT also introduces the possibility of interactions
-    between different cryptosystems, which may be of widely varying
-    strengths.  Many systems, for instance, allow the use of 512-bit
-    public keys.  Using such keys to wrap data encrypted under strong
-    conventional cryptosystems, such as triple-DES, is inappropriate;
-    it adds a weak link to a strong one at extra cost.  Implementors
-    and administrators should take care to avoid such wasteful and
-    deceptive interactions.
-
-    Lastly, PKINIT calls for randomly generated keys for conventional
-    cryptosystems.  Many such systems contain systematically "weak"
-    keys.  PKINIT implementations MUST avoid use of these keys, either
-    by discarding those keys when they are generated, or by fixing them
-    in some way (e.g., by XORing them with a given mask).  These
-    precautions vary from system to system; it is not our intention to
-    give an explicit recipe for them here.
-
-6.  Transport Issues
-
-    Certificate chains can potentially grow quite large and span several
-    UDP packets; this in turn increases the probability that a Kerberos
-    message involving PKINIT extensions will be broken in transit.  In
-    light of the possibility that the Kerberos specification will
-    require KDCs to accept requests using TCP as a transport mechanism,
-    we make the same recommendation with respect to the PKINIT
-    extensions as well.
-
-7.  Bibliography
-
-    [1] J. Kohl, C. Neuman.  The Kerberos Network Authentication Service
-    (V5).  Request for Comments 1510.
-
-    [2] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service
-    for Computer Networks, IEEE Communications, 32(9):33-38.  September
-    1994.
-
-    [3] B. Tung, T. Ryutov, C. Neuman, G. Tsudik, B. Sommerfeld,
-    A. Medvinsky, M. Hur.  Public Key Cryptography for Cross-Realm
-    Authentication in Kerberos.  draft-ietf-cat-kerberos-pk-cross-04.txt
-
-    [4] A. Medvinsky, J. Cargille, M. Hur.  Anonymous Credentials in
-    Kerberos.  draft-ietf-cat-kerberos-anoncred-00.txt
-
-    [5] Ari Medvinsky, M. Hur, Alexander Medvinsky, B. Clifford Neuman.
-    Public Key Utilizing Tickets for Application Servers (PKTAPP).
-    draft-ietf-cat-pktapp-02.txt
-
-    [6] M. Sirbu, J. Chuang.  Distributed Authentication in Kerberos
-    Using Public Key Cryptography.  Symposium On Network and Distributed
-    System Security, 1997.
-
-    [7] B. Cox, J.D. Tygar, M. Sirbu.  NetBill Security and Transaction
-    Protocol.  In Proceedings of the USENIX Workshop on Electronic
-    Commerce, July 1995.
-
-    [8] T. Dierks, C. Allen.  The TLS Protocol, Version 1.0
-    Request for Comments 2246, January 1999.
-
-    [9] B.C. Neuman, Proxy-Based Authorization and Accounting for
-    Distributed Systems.  In Proceedings of the 13th International
-    Conference on Distributed Computing Systems, May 1993.
-
-    [10] ITU-T (formerly CCITT) Information technology - Open Systems
-    Interconnection - The Directory: Authentication Framework
-    Recommendation X.509 ISO/IEC 9594-8
-
-    [11] R. Housley. Cryptographic Message Syntax.
-    draft-ietf-smime-cms-13.txt, April 1999, approved for publication
-    as RFC.
-
-    [12] PKCS #7: Cryptographic Message Syntax Standard,
-    An RSA Laboratories Technical Note Version 1.5
-    Revised November 1, 1993
-
-    [13] R. Rivest, MIT Laboratory for Computer Science and RSA Data
-    Security, Inc. A Description of the RC2(r) Encryption Algorithm
-    March 1998.
-    Request for Comments 2268.
-
-    [14] M. Wahl, S. Kille, T. Howes. Lightweight Directory Access
-    Protocol (v3): UTF-8 String Representation of Distinguished Names.
-    Request for Comments 2253.
-
-    [15] R. Housley, W. Ford, W. Polk, D. Solo. Internet X.509 Public
-    Key Infrastructure, Certificate and CRL Profile, January 1999.
-    Request for Comments 2459.
-
-    [16] B. Kaliski, J. Staddon. PKCS #1: RSA Cryptography
-    Specifications, October 1998.  Request for Comments 2437.
-
-    [17] S. Dusse, P. Hoffman, B. Ramsdell, J. Weinstein.  S/MIME
-    Version 2 Certificate Handling, March 1998.  Request for
-    Comments 2312.
-
-    [18] M. Wahl, T. Howes, S. Kille.  Lightweight Directory Access
-    Protocol (v3), December 1997.  Request for Comments 2251.
-
-    [19] ITU-T (formerly CCITT) Information Processing Systems - Open
-    Systems Interconnection - Specification of Abstract Syntax Notation
-    One (ASN.1) Rec. X.680 ISO/IEC 8824-1
-
-    [20] PKCS #3: Diffie-Hellman Key-Agreement Standard, An RSA
-    Laboratories Technical Note, Version 1.4, Revised November 1, 1993.
-
-8.  Acknowledgements
-
-    Some of the ideas on which this proposal is based arose during
-    discussions over several years between members of the SAAG, the IETF
-    CAT working group, and the PSRG, regarding integration of Kerberos
-    and SPX.  Some ideas have also been drawn from the DASS system.
-    These changes are by no means endorsed by these groups.  This is an
-    attempt to revive some of the goals of those groups, and this
-    proposal approaches those goals primarily from the Kerberos
-    perspective.  Lastly, comments from groups working on similar ideas
-    in DCE have been invaluable.
-
-9.  Expiration Date
-
-    This draft expires January 15, 2001.
-
-10. Authors
-
-    Brian Tung
-    Clifford Neuman
-    USC Information Sciences Institute
-    4676 Admiralty Way Suite 1001
-    Marina del Rey CA 90292-6695
-    Phone: +1 310 822 1511
-    E-mail: {brian, bcn}@isi.edu
-
-    Matthew Hur
-    CyberSafe Corporation
-    1605 NW Sammamish Road
-    Issaquah WA 98027-5378
-    Phone: +1 425 391 6000
-    E-mail: matt.hur@cybersafe.com
-
-    Ari Medvinsky
-    Keen.com, Inc.
-    150 Independence Drive
-    Menlo Park CA 94025
-    Phone: +1 650 289 3134
-    E-mail: ari@keen.com
-
-    Sasha Medvinsky
-    Motorola
-    6450 Sequence Drive
-    San Diego, CA 92121
-    +1 858 404 2367
-    E-mail: smedvinsky@gi.com
-
-    John Wray
-    Iris Associates, Inc.
-    5 Technology Park Dr.
-    Westford, MA 01886
-    E-mail: John_Wray@iris.com
-
-    Jonathan Trostle
-    170 W. Tasman Dr.
-    San Jose, CA 95134
-    E-mail: jtrostle@cisco.com
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-tapp-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-tapp-03.txt
deleted file mode 100644
index 6581dd5810a5..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-tapp-03.txt
+++ /dev/null
@@ -1,378 +0,0 @@
-INTERNET-DRAFT                                    Ari Medvinsky
-draft-ietf-cat-kerberos-pk-tapp-03.txt            Keen.com, Inc.
-Expires January 14, 2001                          Matthew Hur
-Informational					  CyberSafe Corporation
-						  Sasha Medvinsky
-						  Motorola
-                                                  Clifford Neuman
-                                                  USC/ISI
-
-Public Key Utilizing Tickets for Application Servers (PKTAPP)
-
-
-0. Status Of this Memo
-
-This document is an Internet-Draft and is in full conformance with
-all provisions of Section 10 of RFC 2026.  Internet-Drafts are
-working documents of the Internet Engineering Task Force (IETF),
-its areas, and its working groups.  Note that other groups may also
-distribute working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other
-documents at any time.  It is inappropriate to use Internet-Drafts
-as reference material or to cite them other than as "work in
-progress."
-
-The list of current Internet-Drafts can be accessed at
-http://www.ietf.org/ietf/1id-abstracts.txt
-
-The list of Internet-Draft Shadow Directories can be accessed at
-http://www.ietf.org/shadow.html.
-
-To learn the current status of any Internet-Draft, please check
-the "1id-abstracts.txt" listing contained in the Internet-Drafts
-Shadow Directories on ftp.ietf.org (US East Coast),
-nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-munnari.oz.au (Pacific Rim).
-
-The distribution of this memo is unlimited.  It is filed as
-draft-ietf-cat-kerberos-pk-init-10.txt, and expires April 30,
-2000.  Please send comments to the authors.
-
-1. Abstract
-
-Public key based Kerberos for Distributed Authentication[1], (PKDA) 
-proposed by Sirbu & Chuang, describes PK based authentication that 
-eliminates the use of a centralized key distribution center while 
-retaining the advantages of Kerberos tickets.  This draft describes how, 
-without any modification, the PKINIT specification[2] may be used to 
-implement the ideas introduced in PKDA.  The benefit is that only a 
-single PK Kerberos extension is needed to address the goals of PKINIT & 
-PKDA.
-
-
-
-2. Introduction
-
-With the proliferation of public key cryptography, a number of public 
-key extensions to Kerberos have been proposed to provide 
-interoperability with the PK infrastructure and to improve the Kerberos 
-authentication system [4].  Among these are PKINIT[2] (under development
-in the CAT working group) and more recently PKDA [1] proposed by Sirbu & 
-Chuang of CMU.  One of the principal goals of PKINIT is to provide for 
-interoperability between a PK infrastructure and Kerberos.  Using 
-PKINIT, a user can authenticate to the KDC via a public key certificate.  
-A ticket granting ticket (TGT), returned by the KDC, enables a PK user 
-to obtain tickets and authenticate to kerberized services.  The PKDA 
-proposal goes a step further.  It supports direct client to server 
-authentication, eliminating the need for an online key distribution 
-center.  In this draft, we describe how, without any modification, the 
-PKINIT protocol may be applied to achieve the goals of PKDA. For direct 
-client to server authentication, the client will use PKINIT to 
-authenticate to the end server (instead of a central KDC), which then, 
-will issue a ticket for itself.  The benefit of this proposal, is that a 
-single PK extension to Kerberos can addresses the goals of PKINIT and 
-PKDA.
-
-
-3. PKDA background
-
-The PKDA proposal provides direct client to server authentication, thus 
-eliminating the need for an online key distribution center.  A client 
-and server take part in an initial PK based authentication exchange, 
-with an added caveat that the server acts as a Kerberos ticket granting 
-service and issues a traditional Kerberos ticket for itself.  In 
-subsequent communication, the client makes use of the Kerberos ticket, 
-thus eliminating the need for public key operations on the server.  This 
-approach has an advantage over SSL in that the server does not need to 
-save state (cache session keys).  Furthermore, an additional benefit, is 
-that Kerberos tickets can facilitate delegation (see Neuman[3]). 
-
-Below is a brief overview of the PKDA protocol.  For a more detailed 
-description see [1]. 
-
-SCERT_REQ: Client to Server
-The client requests a certificate from the server.  If the server�s 
-certificate is cached locally, SCERT_REQ and SCERT_REP are omitted.
-
-SCERT_REP:  Server to Client
-The server returns its certificate to the client.
-
-PKTGS_REQ: Client to Server
-The client sends a request for a service ticket to the server.  To 
-authenticate the request, the client signs, among other fields, a time 
-stamp and a newly generated symmetric key .  The time stamp is used to 
-foil replay attacks;  the symmetric key is used by the server to secure 
-the PKTGS_REP message. 
-The client provides a certificate in the request (the certificate 
-enables the server to verify the validity of the client�s signature) and 
-seals it along with the signed information using the server�s public 
-key.  
-
- 
-PKTGS_REP:  Server to Client
-The server returns a service ticket (which it issued for itself) along 
-with the session key for the ticket.  The session key is protected by 
-the client-generated key from the PKTGS_REQ message.  
-
-AP_REQ:  Client to Server
-After the above exchange, the client can proceed in a normal fashion, 
-using the conventional Kerberos ticket in an AP_REQ message.
-
-
-4. PKINIT background
-
-One of the principal goals of PKINIT is to provide for interoperability 
-between a public key infrastructure and Kerberos.  Using a public key 
-certificate, a client can authenticate to the KDC and receive a TGT 
-which enables the client to obtain service tickets to kerberized 
-services..  In PKINIT, the AS-REQ and AS-REP messages remain the same; 
-new preauthentication data types are used to conduct the PK exchange.  
-Client and server certificates are exchanged via the preauthentication 
-data.  Thus, the exchange of certificates , PK authentication, and 
-delivery of a TGT can occur in two messages.
-
-Below is a brief overview of the PKINIT protocol.  For a more detailed 
-description see [2]. 
-
-PreAuthentication data of AS-REQ:  Client to Server
-The client sends a list of trusted certifiers, a signed PK 
-authenticator, and its certificate.  The PK authenticator, based on the 
-Kerberos authenticator, contains the name of the KDC, a timestamp, and a 
-nonce.
-
-PreAuthentication data of AS-REP:  Server to Client
-The server responds with its certificate and the key used for decrypting 
-the encrypted part of the AS-REQ.  This key is encrypted with the 
-client�s public key.
-
-AP_REQ:  Client to Server
-After the above exchange, the client can proceed in a normal fashion, 
-using the conventional Kerberos ticket in an AP_REQ message.
-
-
-5. Application of PKINIT to achieve equivalence to PKDA
-
-While PKINIT is normally used to retrieve a ticket granting ticket 
-(TGT), it may also be used to request an end service ticket.  When used 
-in this fashion, PKINIT is functionally equivalent to PKDA.  We 
-introduce the concept of a local ticket granting server (LTGS) to 
-illustrate how PKINIT may be used for issuing end service tickets based 
-on public key authentication.  It is important to note that the LTGS may 
-be built into an application server, or it may be a stand-alone server 
-used for issuing tickets within a well-defined realm, such as a single 
-machine.  We will discuss both of these options.
-
-
-5.1. The LTGS
-
-The LTGS processes the Kerberos AS-REQ and AS-REP messages with PKINIT 
-preauthentication data.  When a client submits an AS-REQ to the LTGS, it
-specifies an application server, in order to receive an end service 
-ticket instead of a TGT.
-
-
-5.1.1. The LTGS as a standalone server
-
-The LTGS may run as a separate process that serves applications which 
-reside on the same machine. This serves to consolidate administrative 
-functions and provide an easier migration path for a heterogeneous 
-environment consisting of both public key and Kerberos.  The LTGS would 
-use one well-known port (port #88 - same as the KDC) for all message 
-traffic and would share a symmetric with each service.  After the client 
-receives a service ticket, it then contacts the application server 
-directly.  This approach is similar to the one suggested by Sirbu , et 
-al [1].
-
-5.1.1.1. Ticket Policy for PKTAPP Clients
-
-It is desirable for the LTGS to have access to a PKTAPP client ticket
-policy. This policy will contain information for each client, such as 
-the maximum lifetime of a ticket, whether or not a ticket can be 
-forwardable, etc. PKTAPP clients, however, use the PKINIT protocol for
-authentication and are not required to be registered as Kerberos 
-principals.
-
-As one possible solution, each public key Certification Authority could
-be registered in a secure database, along with the ticket policy 
-information for all PKTAPP clients that are certified by this
-Certification Authority.
-
-5.1.1.2. LTGS as a Kerberos Principal
-
-Since the LTGS serves only PKTAPP clients and returns only end service
-tickets for other services, it does not require a Kerberos service key 
-or a Kerberos principal identity. It is therefore not necessary for the
-LTGS to even be registered as a Kerberos principal.
-
-The LTGS still requires public key credentials for the PKINIT exchange,
-and it may be desired to have some global restrictions on the Kerberos
-tickets that it can issue. It is recommended (but not required) that
-this information be associated with a Kerberos principal entry for the
-LTGS.
-
-
-5.1.1.3. Kerberos Principal Database
-
-Since the LTGS issues tickets for Kerberos services, it will require
-access to a Kerberos principal database containing entries for at least
-the end services. Each entry must contain a service key and may also
-contain restrictions on the service tickets that are issued to clients.
-It is recommended that (for ease of administration) this principal
-database be centrally administered and distributed (replicated) to all
-hosts where an LTGS may be running.
-
-In the case that there are other clients that do not support PKINIT
-protocol, but still need access to the same Kerberos services, this
-principal database will also require entries for Kerberos clients and
-for the TGS entries.
-
-5.1.2. The LTGS as part of an application server
-
-The LTGS may be combined with an application server.  This accomplishes 
-direct client to application server authentication; however, it requires 
-that applications be modified to process AS-REQ and AS-REP messages.  
-The LTGS would communicate over the port assigned to the application 
-server or over the well known Kerberos port for that particular 
-application.
-
-5.1.2.2. Ticket Policy for PKTAPP Clients
-
-Application servers normally do not have access to a distributed 
-principal database. Therefore, they will have to find another means of
-keeping track of the ticket policy information for PKTAPP clients. It is
-recommended that this ticket policy be kept in a directory service (such
-as LDAP).  
-
-It is critical, however, that both read and write access to this ticket
-policy is restricted with strong authentication and encryption to only
-the correct application server.  An unauthorized party should not have
-the authority to modify the ticket policy. Disclosing the ticket policy
-to a 3rd party may aid an adversary in determining the best way to
-compromise the network.
-
-It is just as critical for the application server to authenticate the
-directory service. Otherwise an adversary could use a man-in-the-middle
-attack to substitute a false ticket policy with a false directory
-service.
-
-5.1.2.3. LTGS Credentials
-
-Each LTGS (combined with an application service) will require public key
-credentials in order to use the PKINIT protocol. These credentials can 
-be stored in a single file that is both encrypted with a password-
-derived symmetric key and also secured by an operating system. This
-symmetric key may be stashed somewhere on the machine for convenience,
-although such practice potentially weakens the overall system security
-and is strongly discouraged.
-
-For added security, it is recommended that the LTGS private keys are
-stored inside a temper-resistant hardware module that requires a pin
-code for access.
-
-
-5.1.2.4. Compatibility With Standard Kerberos
-
-Even though an application server is combined with the LTGS, for
-backward compatibility it should still accept service tickets that have
-been issued by the KDC. This will allow Kerberos clients that do not
-support PKTAPP to authenticate to the same application server (with the
-help of a KDC).
-
-5.1.3. Cross-Realm Authentication
-
-According to the PKINIT draft, the client's realm is the X.500 name of
-the Certification Authority that issued the client certificate. A 
-Kerberos application service will be in a standard Kerberos realm, which
-implies that the LTGS will need to issue cross-realm end service 
-tickets. This is the only case, where cross-realm end service tickets
-are issued. In a standard Kerberos model, a client first acquires a
-cross-realm TGT, and then gets an end service ticket from the KDC that
-is in the same realm as the application service.
-
-6. Protocol differences between PKINIT and PKDA
-
-Both PKINIT and PKDA will accomplish the same goal of issuing end 
-service tickets, based on initial public key authentication.  A PKINIT-
-based implementation and a PKDA implementation would be functionally 
-equivalent.  The primary differences are that 1)PKDA requires the client 
-to create the symmetric key while PKINIT requires the server to create 
-the key and 2)PKINIT accomplishes in two messages what PKDA accomplishes 
-in four messages.
-
-7. Summary
-
-The PKINIT protocol can be used, without modification to facilitate 
-client to server authentication without the use of a central KDC.  The 
-approach described in this draft  (and originally proposed in PKDA[1]) 
-is essentially a public key authentication protocol that retains the 
-advantages of Kerberos tickets.
-
-Given that PKINIT has progressed through the CAT working group of the 
-IETF, with plans for non-commercial distribution (via MIT�s v5 Kerberos)  
-as well as commercial support, it is worthwhile to provide PKDA 
-functionality, under the PKINIT umbrella.
-
-8. Security Considerations
-
-PKTAPP is based on the PKINIT protocol and all security considerations
-already listed in [2] apply here.
-
-When the LTGS is implemented as part of each application server, the
-secure storage of its public key credentials and of its ticket policy
-are both a concern.  The respective security considerations are already
-covered in sections 5.1.2.3 and 5.1.2.2 of this document.  
-
-
-9. Bibliography
-
-[1] M. Sirbu, J. Chuang.  Distributed Authentication in Kerberos Using 
-Public Key Cryptography.  Symposium On Network and Distributed System 
-Security, 1997.
-
-[2] B. Tung, C. Neuman, M. Hur, A. Medvinsky, S. Medvinsky, J. Wray,
-J. Trostle.  Public Key Cryptography for Initial Authentication in
-Kerberos.  Internet Draft, October 1999. 
-(ftp://ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-10.txt)
-
-[3] C. Neuman, Proxy-Based Authorization and Accounting for 
-Distributed Systems.  In Proceedings of the 13th International 
-Conference on Distributed Computing Systems, May 1993.
-
-[4] J. Kohl, C. Neuman.  The Kerberos Network Authentication Service
-(V5).  Request for Comments 1510.
-
-10.  Expiration Date
-
-This draft expires April 24, 2000.
-
-11. Authors
-
-Ari Medvinsky
-Keen.com, Inc.
-150 Independence Dr.
-Menlo Park, CA 94025
-Phone +1 650 289 3134
-E-mail: ari@keen.com
-
-Matthew Hur
-CyberSafe Corporation
-1605 NW Sammamish Road
-Issaquah, WA 98027-5378
-Phone: +1 425 391 6000
-E-mail: matt.hur@cybersafe.com
-
-Alexander Medvinsky
-Motorola
-6450 Sequence Dr.
-San Diego, CA 92121
-Phone: +1 858 404 2367
-E-mail: smedvinsky@gi.com
-
-Clifford Neuman
-USC Information Sciences Institute
-4676 Admiralty Way Suite 1001
-Marina del Rey CA 90292-6695
-Phone: +1 310 822 1511
-E-mail: bcn@isi.edu
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-00.txt
deleted file mode 100644
index 2284c3c6b57b..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-00.txt
+++ /dev/null
@@ -1,8277 +0,0 @@
-
-INTERNET-DRAFT                               Clifford Neuman
-                                                   John Kohl
-                                               Theodore Ts'o
-                                                11 July 1997
-
-
-
-     The Kerberos  Network Authentication Service (V5)
-
-
-STATUS OF THIS MEMO
-
-     This document is  an  Internet-Draft.   Internet-Drafts
-are working documents of the Internet Engineering Task Force
-(IETF), its areas, and its working groups.  Note that  other
-groups  may  also  distribute working documents as Internet-
-Drafts.
-
-     Internet-Drafts are draft documents valid for a maximum
-of  six months and may be updated, replaced, or obsoleted by
-other documents at any time.  It  is  inappropriate  to  use
-Internet-Drafts  as reference material or to cite them other
-than as "work in progress."
-
-     To learn the  current  status  of  any  Internet-Draft,
-please  check  the  "1id-abstracts.txt" listing contained in
-the Internet-Drafts Shadow  Directories  on  ds.internic.net
-(US  East  Coast),  nic.nordu.net  (Europe), ftp.isi.edu (US
-West Coast), or munnari.oz.au (Pacific Rim).
-
-     The distribution of this  memo  is  unlimited.   It  is
-filed  as  draft-ietf-cat-kerberos-revisions-00.txt,  and expires 
-11 January 1998.  Please send comments to:
-
-   krb-protocol@MIT.EDU
-
-ABSTRACT
-
-
-     This document provides an overview and specification of
-Version  5  of the Kerberos protocol, and updates RFC1510 to
-clarify aspects of the protocol and its  intended  use  that
-require  more  detailed or clearer explanation than was pro-
-vided in RFC1510.  This document is intended  to  provide  a
-detailed description of the protocol, suitable for implemen-
-tation, together with descriptions of the appropriate use of
-protocol messages and fields within those messages.
-
-     This document is not intended to describe  Kerberos  to
-__________________________
-Project Athena, Athena, and Kerberos are trademarks  of
-the  Massachusetts  Institute  of Technology (MIT).  No
-commercial use of these trademarks may be made  without
-prior written permission of MIT.
-
-
-
-Overview                   - 1 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-the  end  user,   system   administrator,   or   application
-developer.   Higher level papers describing Version 5 of the
-Kerberos system [1] and documenting  version  4   [23],  are
-available elsewhere.
-
-OVERVIEW
-
-     This INTERNET-DRAFT describes the  concepts  and  model
-upon  which  the  Kerberos  network authentication system is
-based.  It also specifies Version 5 of the  Kerberos  proto-
-col.
-
-     The  motivations,  goals,  assumptions,  and  rationale
-behind most design decisions are treated cursorily; they are
-more fully described in a paper available in IEEE communica-
-tions  [1] and earlier in the Kerberos portion of the Athena
-Technical Plan [2].  The  protocols  have  been  a  proposed
-standard  and are being considered for advancement for draft
-standard through the IETF standard  process.   Comments  are
-encouraged  on  the presentation, but only minor refinements
-to the protocol as implemented or extensions that fit within
-current protocol framework will be considered at this time.
-
-     Requests for addition to an electronic mailing list for
-discussion  of  Kerberos, kerberos@MIT.EDU, may be addressed
-to kerberos-request@MIT.EDU.  This mailing list is gatewayed
-onto   the  Usenet  as  the  group  comp.protocols.kerberos.
-Requests for further information,  including  documents  and
-code availability, may be sent to info-kerberos@MIT.EDU.
-
-BACKGROUND
-
-     The Kerberos model is based  in  part  on  Needham  and
-Schroeder's  trusted third-party authentication protocol [4]
-and on modifications suggested by  Denning  and  Sacco  [5].
-The  original design and implementation of Kerberos Versions
-1 through 4 was the work of two former Project Athena  staff
-members,  Steve  Miller of Digital Equipment Corporation and
-Clifford Neuman (now at the Information  Sciences  Institute
-of the University of Southern California), along with Jerome
-Saltzer, Technical Director of Project Athena,  and  Jeffrey
-Schiller, MIT Campus Network Manager.  Many other members of
-Project Athena have also contributed to  the  work  on  Ker-
-beros.
-
-     Version 5 of the Kerberos protocol (described  in  this
-document)  has  evolved from Version 4 based on new require-
-ments and desires for features not available in  Version  4.
-The  design of Version 5 of the Kerberos protocol was led by
-Clifford Neuman and John Kohl with much input from the  com-
-munity.  The development of the MIT reference implementation
-was led at MIT by John Kohl and Theodore T'so, with help and
-contributed  code  from  many others.  Reference implementa-
-tions of both version 4 and version 5 of Kerberos  are  pub-
-licly  available  and  commercial  implementations have been
-
-Overview                   - 2 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-developed and are widely used.
-
-     Details on the differences between Kerberos Versions  4
-and 5 can be found in [6].
-
-1.  Introduction
-
-     Kerberos provides a means of verifying  the  identities
-of principals, (e.g. a workstation user or a network server)
-on an open  (unprotected)  network.   This  is  accomplished
-without  relying on assertions by the host operating system,
-without basing trust on host  addresses,  without  requiring
-physical security of all the hosts on the network, and under
-the assumption that packets traveling along the network  can
-be read, modified, and inserted at will[1].   Kerberos  per-
-forms  authentication  under  these  conditions as a trusted
-third-party authentication  service  by  using  conventional
-(shared secret key[2])  cryptography.   Kerberos  extensions
-have  been proposed and implemented that provide for the use
-of public key cryptography  during  certain  phases  of  the
-authentication   protocol.   These  extensions  provide  for
-authentication of users registered with public key  certifi-
-cation  authorities, and allow the system to provide certain
-benefits of public key cryptography in situations where they
-are needed.
-
-     The basic Kerberos authentication process  proceeds  as
-follows:  A  client  sends  a  request to the authentication
-server (AS) requesting "credentials"  for  a  given  server.
-The  AS  responds  with  these credentials, encrypted in the
-client's key.  The credentials consist of 1) a "ticket"  for
-the server and 2) a temporary encryption key (often called a
-"session key").  The client transmits the ticket (which con-
-tains  the  client's identity and a copy of the session key,
-all encrypted in the server's key) to the server.  The  ses-
-sion  key  (now  shared by the client and server) is used to
-authenticate the client,  and  may  optionally  be  used  to
-__________________________
-[1] Note, however, that many applications use Kerberos'
-functions  only  upon  the initiation of a stream-based
-network connection.  Unless an application subsequently
-provides  integrity protection for the data stream, the
-identity verification applies only to the initiation of
-the  connection, and does not guarantee that subsequent
-messages on the  connection  originate  from  the  same
-principal.
-[2] Secret  and  private are often used interchangeably
-in the literature.  In our  usage,  it  takes  two  (or
-more)  to  share  a  secret, thus a shared DES key is a
-secret key.  Something is only private when no one  but
-its owner knows it.  Thus, in public key cryptosystems,
-one has a public and a private key.
-
-
-
-Section 1.                 - 3 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-authenticate the server.  It may also  be  used  to  encrypt
-further communication between the two parties or to exchange
-a separate sub-session key to be  used  to  encrypt  further
-communication.
-
-     Implementation of the basic protocol consists of one or
-more  authentication  servers  running  on physically secure
-hosts.  The authentication servers maintain  a  database  of
-principals  (i.e., users and servers) and their secret keys.
-Code libraries provide encryption and implement the Kerberos
-protocol.   In  order  to add authentication to its transac-
-tions, a typical network application adds one or  two  calls
-to  the  Kerberos  library  directly  or through the Generic
-Security Services Application Programming Interface, GSSAPI,
-described  in  separate document.  These calls result in the
-transmission of the necessary messages to achieve  authenti-
-cation.
-
-     The Kerberos protocol consists of several sub-protocols
-(or  exchanges).   There  are  two  basic methods by which a
-client can ask a Kerberos server for  credentials.   In  the
-first  approach,  the client sends a cleartext request for a
-ticket for the desired server to the AS.  The reply is  sent
-encrypted  in the client's secret key.  Usually this request
-is for a ticket-granting ticket (TGT)  which  can  later  be
-used  with  the ticket-granting server (TGS).  In the second
-method, the client sends a request to the TGS.   The  client
-uses  the  TGT to authenticate itself to the TGS in the same
-manner as if it were contacting any other application server
-that   requires   Kerberos  authentication.   The  reply  is
-encrypted in the session key from the TGT.  Though the  pro-
-tocol specification describes the AS and the TGS as separate
-servers, they are implemented in practice as different  pro-
-tocol entry points within a single Kerberos server.
-
-     Once obtained, credentials may be used  to  verify  the
-identity  of  the principals in a transaction, to ensure the
-integrity of messages exchanged between them, or to preserve
-privacy  of the messages.  The application is free to choose
-whatever protection may be necessary.
-
-     To verify the identities of the principals in  a  tran-
-saction,  the client transmits the ticket to the application
-server.  Since the ticket is sent "in the clear"  (parts  of
-it are encrypted, but this encryption doesn't thwart replay)
-and might be intercepted and reused by  an  attacker,  addi-
-tional  information  is  sent to prove that the message ori-
-ginated with the principal to whom the  ticket  was  issued.
-This  information (called the authenticator) is encrypted in
-the session key, and includes a  timestamp.   The  timestamp
-proves  that the message was recently generated and is not a
-replay.  Encrypting the authenticator  in  the  session  key
-proves  that it was generated by a party possessing the ses-
-sion key.  Since no one except the requesting principal  and
-
-
-Section 1.                 - 4 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-the  server  know the session key (it is never sent over the
-network in the clear) this guarantees the  identity  of  the
-client.
-
-     The integrity of the messages exchanged between princi-
-pals can also be guaranteed using the session key (passed in
-the ticket and contained in the credentials).  This approach
-provides detection of both replay attacks and message stream
-modification attacks.  It is accomplished by generating  and
-transmitting  a collision-proof checksum (elsewhere called a
-hash or digest function) of the client's message, keyed with
-the  session  key.   Privacy  and  integrity of the messages
-exchanged between principals can be  secured  by  encrypting
-the data to be passed using the session key contained in the
-ticket or the subsession key found in the authenticator.
-
-     The authentication exchanges  mentioned  above  require
-read-only  access to the Kerberos database.  Sometimes, how-
-ever, the entries in the database must be modified, such  as
-when  adding  new  principals or changing a principal's key.
-This is done using a protocol between a client and  a  third
-Kerberos  server, the Kerberos Administration Server (KADM).
-There is also a protocol for maintaining multiple copies  of
-the  Kerberos  database.   Neither  of  these  protocols are
-described in this document.
-
-1.1.  Cross-Realm Operation
-
-     The Kerberos protocol is  designed  to  operate  across
-organizational boundaries.  A client in one organization can
-be authenticated to a server in another.  Each  organization
-wishing  to  run  a  Kerberos  server  establishes  its  own
-"realm".  The name  of  the  realm  in  which  a  client  is
-registered  is part of the client's name, and can be used by
-the end-service to decide whether to honor a request.
-
-     By establishing "inter-realm" keys, the  administrators
-of  two realms can allow a client authenticated in the local
-realm to prove its identity to servers in  other  realms[3].
-The exchange of inter-realm keys (a separate key may be used
-for each direction) registers the ticket-granting service of
-each  realm  as a principal in the other realm.  A client is
-then able to obtain a ticket-granting ticket for the  remote
-realm's  ticket-granting service from its local realm.  When
-that ticket-granting ticket  is  used,  the  remote  ticket-
-granting  service  uses  the  inter-realm key (which usually
-__________________________
-[3] Of course, with appropriate permission  the  client
-could  arrange registration of a separately-named prin-
-cipal in a remote realm, and engage in normal exchanges
-with  that  realm's  services.  However, for even small
-numbers of clients this becomes  cumbersome,  and  more
-automatic methods as described here are necessary.
-
-
-Section 1.1.               - 5 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-differs from its own normal TGS key) to decrypt the  ticket-
-granting  ticket,  and is thus certain that it was issued by
-the client's own TGS.  Tickets issued by the remote  ticket-
-granting  service  will indicate to the end-service that the
-client was authenticated from another realm.
-
-     A realm is said to communicate with  another  realm  if
-the  two  realms  share  an inter-realm key, or if the local
-realm shares an inter-realm key with an  intermediate  realm
-that  communicates with the remote realm.  An authentication
-path is the sequence of intermediate realms that  are  tran-
-sited in communicating from one realm to another.
-
-     Realms are typically  organized  hierarchically.   Each
-realm  shares a key with its parent and a different key with
-each child.  If an inter-realm key is not directly shared by
-two  realms, the hierarchical organization allows an authen-
-tication path to be easily constructed.  If  a  hierarchical
-organization  is  not used, it may be necessary to consult a
-database  in  order  to  construct  an  authentication  path
-between realms.
-
-     Although realms are typically hierarchical,  intermedi-
-ate  realms may be bypassed to achieve cross-realm authenti-
-cation through alternate authentication paths  (these  might
-be established to make communication between two realms more
-efficient).  It is important for  the  end-service  to  know
-which  realms were transited when deciding how much faith to
-place in the authentication  process.   To  facilitate  this
-decision,  a  field in each ticket contains the names of the
-realms that were involved in authenticating the client.
-
-1.2.  Authorization
-
-As an authentication service, Kerberos provides a  means  of
-verifying  the identity of principals on a network.  Authen-
-tication is usually useful primarily as a first step in  the
-process  of  authorization, determining whether a client may
-use a service,  which  objects  the  client  is  allowed  to
-access,  and  the type of access allowed for each.  Kerberos
-does not, by itself, provide authorization.  Possession of a
-client ticket for a service provides only for authentication
-of the client to that service,  and  in  the  absence  of  a
-separate  authorization  procedure,  it  should  not be con-
-sidered by an application as authorizing  the  use  of  that
-service.
-
-     Such separate authorization methods may be  implemented
-as  application specific access control functions and may be
-based on  files  such  as  the  application  server,  or  on
-separately  issued  authorization  credentials such as those
-based on proxies [7] , or on other authorization services.
-
-     Applications should  not  be  modified  to  accept  the
-issuance of a service ticket by the Kerberos server (even by
-
-Section 1.2.               - 6 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-an modified Kerberos server) as granting  authority  to  use
-the  service,  since such applications may become vulnerable
-to the bypass of this authorization check in an  environment
-where  they  interoperate  with  other  KDCs  or where other
-options for application authentication (e.g. the PKTAPP pro-
-posal) are provided.
-
-1.3.  Environmental assumptions
-
-Kerberos imposes a few assumptions  on  the  environment  in
-which it can properly function:
-
-+    "Denial of service" attacks are not  solved  with  Ker-
-     beros.   There  are  places in these protocols where an
-     intruder can prevent an application from  participating
-     in  the  proper  authentication  steps.   Detection and
-     solution of such attacks (some of which can  appear  to
-     be  not-uncommon "normal" failure modes for the system)
-     is usually best left to the  human  administrators  and
-     users.
-
-+    Principals must keep their secret keys secret.   If  an
-     intruder  somehow  steals a principal's key, it will be
-     able to masquerade as that principal or impersonate any
-     server to the legitimate principal.
-
-+    "Password guessing" attacks are not solved by Kerberos.
-     If  a  user chooses a poor password, it is possible for
-     an attacker to successfully mount an offline dictionary
-     attack  by  repeatedly attempting to decrypt, with suc-
-     cessive entries from a  dictionary,  messages  obtained
-     which are encrypted under a key derived from the user's
-     password.
-
-+    Each host on the network must have  a  clock  which  is
-     "loosely  synchronized" to the time of the other hosts;
-     this synchronization is used to reduce the  bookkeeping
-     needs of application servers when they do replay detec-
-     tion.  The degree of "looseness" can be configured on a
-     per-server  basis,  but  is typically on the order of 5
-     minutes.  If the clocks are synchronized over the  net-
-     work, the clock synchronization protocol must itself be
-     secured from network attackers.
-
-+    Principal identifiers are not recycled on a  short-term
-     basis.   A  typical  mode  of  access  control will use
-     access control lists (ACLs)  to  grant  permissions  to
-     particular  principals.   If  a stale ACL entry remains
-     for a deleted principal and the principal identifier is
-     reused, the new principal will inherit rights specified
-     in the stale ACL  entry.   By  not  re-using  principal
-     identifiers,   the  danger  of  inadvertent  access  is
-     removed.
-
-
-
-Section 1.3.               - 7 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-1.4.  Glossary of terms
-
-Below is a list of terms used throughout this document.
-
-
-Authentication      Verifying  the  claimed  identity  of  a
-                    principal.
-
-
-Authentication headerA record containing  a  Ticket  and  an
-                    Authenticator   to  be  presented  to  a
-                    server as  part  of  the  authentication
-                    process.
-
-
-Authentication path A sequence of intermediate realms  tran-
-                    sited in the authentication process when
-                    communicating from one realm to another.
-
-
-Authenticator       A record containing information that can
-                    be shown to have been recently generated
-                    using the session key known only by  the
-                    client and server.
-
-
-Authorization       The process  of  determining  whether  a
-                    client may use a service,  which objects
-                    the client is allowed to access, and the
-                    type of access allowed for each.
-
-
-Capability          A token that grants the  bearer  permis-
-                    sion to access an object or service.  In
-                    Kerberos, this might be a  ticket  whose
-                    use is restricted by the contents of the
-                    authorization  data  field,  but   which
-                    lists  no  network  addresses,  together
-                    with the session key  necessary  to  use
-                    the ticket.
-
-
-Ciphertext          The output of  an  encryption  function.
-                    Encryption   transforms  plaintext  into
-                    ciphertext.
-
-
-Client              A process that makes use  of  a  network
-                    service  on behalf of a user.  Note that
-                    in some cases a Server may itself  be  a
-                    client  of  some  other  server  (e.g. a
-                    print server may be a client of  a  file
-                    server).
-
-
-
-Section 1.4.               - 8 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-Credentials         A ticket plus  the  secret  session  key
-                    necessary   to   successfully  use  that
-                    ticket in an authentication exchange.
-
-
-KDC                 Key Distribution Center, a network  ser-
-                    vice that supplies tickets and temporary
-                    session keys; or  an  instance  of  that
-                    service  or  the  host on which it runs.
-                    The KDC services both initial ticket and
-                    ticket-granting  ticket  requests.   The
-                    initial  ticket  portion  is   sometimes
-                    referred to as the Authentication Server
-                    (or   service).    The   ticket-granting
-                    ticket  portion is sometimes referred to
-                    as the ticket-granting server  (or  ser-
-                    vice).
-
-
-Kerberos            Aside from  the  3-headed  dog  guarding
-                    Hades,   the   name   given  to  Project
-                    Athena's  authentication  service,   the
-                    protocol  used  by  that service, or the
-                    code used to implement  the  authentica-
-                    tion service.
-
-
-Plaintext           The input to an encryption  function  or
-                    the  output  of  a  decryption function.
-                    Decryption  transforms  ciphertext  into
-                    plaintext.
-
-
-Principal           A  uniquely  named  client   or   server
-                    instance  that participates in a network
-                    communication.
-
-
-Principal identifierThe name used to uniquely identify  each
-                    different principal.
-
-
-Seal                To encipher a record containing  several
-                    fields  in  such  a  way that the fields
-                    cannot be individually replaced  without
-                    either  knowledge  of the encryption key
-                    or leaving evidence of tampering.
-
-
-Secret key          An encryption key shared by a  principal
-                    and  the  KDC,  distributed  outside the
-                    bounds of the system, with a long  life-
-                    time.   In  the  case  of a human user's
-                    principal, the  secret  key  is  derived
-
-
-Section 1.4.               - 9 -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                    from a password.
-
-
-Server              A particular Principal which provides  a
-                    resource to network clients.  The server
-                    is sometimes refered to as the  Applica-
-                    tion Server.
-
-
-Service             A resource provided to network  clients;
-                    often  provided  by more than one server
-                    (for example, remote file service).
-
-
-Session key         A temporary encryption key used  between
-                    two  principals, with a lifetime limited
-                    to the duration of a single login  "ses-
-                    sion".
-
-
-Sub-session key     A temporary encryption key used  between
-                    two  principals,  selected and exchanged
-                    by the principals using the session key,
-                    and with a lifetime limited to the dura-
-                    tion of a single association.
-
-
-Ticket              A record that helps a  client  authenti-
-                    cate itself to a server; it contains the
-                    client's  identity,  a  session  key,  a
-                    timestamp,  and  other  information, all
-                    sealed using the  server's  secret  key.
-                    It  only serves to authenticate a client
-                    when  presented  along  with   a   fresh
-                    Authenticator.
-
-2.  Ticket flag uses and requests
-
-Each Kerberos ticket contains a set of flags which are  used
-to  indicate  various attributes of that ticket.  Most flags
-may be requested by a client when the  ticket  is  obtained;
-some  are  automatically  turned  on  and  off by a Kerberos
-server as required.  The following sections explain what the
-various  flags  mean,  and  gives examples of reasons to use
-such a flag.
-
-2.1.  Initial and pre-authenticated tickets
-
-     The INITIAL flag indicates that  a  ticket  was  issued
-using  the  AS  protocol  and  not issued based on a ticket-
-granting ticket.  Application servers that want  to  require
-the  demonstrated knowledge of a client's secret key (e.g. a
-password-changing program) can insist that this flag be  set
-in  any  tickets  they  accept, and thus be assured that the
-
-
-Section 2.1.               - 10 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-client's key  was  recently  presented  to  the  application
-client.
-
-     The PRE-AUTHENT and HW-AUTHENT flags  provide  addition
-information  about the initial authentication, regardless of
-whether the current ticket was  issued  directly  (in  which
-case  INITIAL  will also be set) or issued on the basis of a
-ticket-granting ticket (in which case the  INITIAL  flag  is
-clear,  but the PRE-AUTHENT and HW-AUTHENT flags are carried
-forward from the ticket-granting ticket).
-
-2.2.  Invalid tickets
-
-     The INVALID flag indicates that a  ticket  is  invalid.
-Application servers must reject tickets which have this flag
-set.  A postdated ticket will  usually  be  issued  in  this
-form.   Invalid  tickets must be validated by the KDC before
-use, by presenting them to the KDC in a TGS request with the
-VALIDATE option specified.  The KDC will only validate tick-
-ets after their starttime has  passed.   The  validation  is
-required  so  that  postdated tickets which have been stolen
-before their starttime can be rendered  permanently  invalid
-(through a hot-list mechanism) (see section 3.3.3.1).
-
-2.3.  Renewable tickets
-
-     Applications may desire to hold tickets  which  can  be
-valid  for  long  periods of time.  However, this can expose
-their  credentials  to  potential  theft  for  equally  long
-periods,  and  those stolen credentials would be valid until
-the expiration time of the ticket(s).  Simply  using  short-
-lived  tickets  and  obtaining  new  ones periodically would
-require the client to have long-term access  to  its  secret
-key, an even greater risk.  Renewable tickets can be used to
-mitigate the consequences of theft.  Renewable tickets  have
-two  "expiration  times":  the  first  is  when  the current
-instance of the ticket expires, and the second is the latest
-permissible  value  for  an  individual expiration time.  An
-application  client  must  periodically  (i.e.   before   it
-expires)  present  a  renewable  ticket to the KDC, with the
-RENEW option set in the KDC request.  The KDC will  issue  a
-new  ticket  with  a  new session key and a later expiration
-time.  All other fields of the ticket are left unmodified by
-the renewal process.  When the latest permissible expiration
-time arrives,  the  ticket  expires  permanently.   At  each
-renewal,  the KDC may consult a hot-list to determine if the
-ticket had been reported stolen since its last  renewal;  it
-will  refuse  to  renew  such  stolen  tickets, and thus the
-usable lifetime of stolen tickets is reduced.
-
-     The RENEWABLE flag in a ticket is normally only  inter-
-preted  by  the  ticket-granting service (discussed below in
-section 3.3).  It can  usually  be  ignored  by  application
-servers.   However,  some  particularly  careful application
-
-
-Section 2.3.               - 11 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-servers may wish to disallow renewable tickets.
-
-     If a renewable ticket is not renewed by its  expiration
-time, the KDC will not renew the ticket.  The RENEWABLE flag
-is reset by default, but a client may request it be  set  by
-setting  the RENEWABLE option in the KRB_AS_REQ message.  If
-it is set, then the renew-till field in the ticket  contains
-the time after which the ticket may not be renewed.
-
-2.4.  Postdated tickets
-
-     Applications may occasionally need  to  obtain  tickets
-for  use  much  later,  e.g. a batch submission system would
-need tickets to be valid at the time the batch job  is  ser-
-viced.   However, it is dangerous to hold valid tickets in a
-batch queue, since they will  be  on-line  longer  and  more
-prone  to  theft.  Postdated tickets provide a way to obtain
-these tickets from the KDC at job submission  time,  but  to
-leave  them "dormant" until they are activated and validated
-by a further request of the KDC.  If  a  ticket  theft  were
-reported  in  the  interim, the KDC would refuse to validate
-the ticket, and the thief would be foiled.
-
-     The MAY-POSTDATE flag in  a  ticket  is  normally  only
-interpreted  by  the  ticket-granting  service.  It  can  be
-ignored by application servers.  This flag must be set in  a
-ticket-granting  ticket in order to issue a postdated ticket
-based on the presented ticket.  It is reset by  default;  it
-may  be  requested by a client by setting the ALLOW-POSTDATE
-option in the KRB_AS_REQ message.  This flag does not  allow
-a client to obtain a postdated ticket-granting ticket; post-
-dated  ticket-granting  tickets  can  only  by  obtained  by
-requesting  the  postdating  in the KRB_AS_REQ message.  The
-life (endtime-starttime) of a postdated ticket will  be  the
-remaining  life of the ticket-granting ticket at the time of
-the request, unless the RENEWABLE option  is  also  set,  in
-which  case  it  can be the full life (endtime-starttime) of
-the ticket-granting ticket.  The KDC may limit  how  far  in
-the future a ticket may be postdated.
-
-     The POSTDATED flag indicates that  a  ticket  has  been
-postdated.   The  application  server can check the authtime
-field in the ticket to see when the original  authentication
-occurred.   Some  services  may  choose  to reject postdated
-tickets, or they may  only  accept  them  within  a  certain
-period  after  the  original  authentication.   When the KDC
-issues a  POSTDATED  ticket,  it  will  also  be  marked  as
-INVALID,  so  that  the  application client must present the
-ticket to the KDC to be validated before use.
-
-2.5.  Proxiable and proxy tickets
-
-     At times it may be necessary for a principal to allow a
-service  to perform an operation on its behalf.  The service
-
-
-Section 2.5.               - 12 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-must be able to take on the identity of the client, but only
-for  a  particular purpose.  A principal can allow a service
-to take on the principal's identity for a particular purpose
-by granting it a proxy.
-
-     The process of granting a proxy  using  the  proxy  and
-proxiable  flags is used to provide credentials for use with
-specific services.  Though conceptually also a proxy, user's
-wishing  to delegate their identity for ANY purpose must use
-the ticket forwarding mechanism described in the  next  sec-
-tion to forward a ticket granting ticket.
-
-     The PROXIABLE flag in a ticket is normally only  inter-
-preted  by the ticket-granting service. It can be ignored by
-application servers.  When set, this flag tells the  ticket-
-granting server that it is OK to issue a new ticket (but not
-a ticket-granting ticket) with a different  network  address
-based  on this ticket.  This flag is set if requested by the
-client on initial authentication.  By  default,  the  client
-will  request that it be set when requesting a ticket grant-
-ing ticket, and reset when requesting any other ticket.
-
-     This flag allows a client to pass a proxy to  a  server
-to perform a remote request on its behalf, e.g. a print ser-
-vice client can give the print server a proxy to access  the
-client's  files  on  a  particular  file  server in order to
-satisfy a print request.
-
-     In order to complicate the use of  stolen  credentials,
-Kerberos  tickets  are usually valid from only those network
-addresses specifically  included  in  the  ticket[4].   When
-granting  a  proxy,  the client must specify the new network
-address from which the proxy is to be used, or indicate that
-the proxy is to be issued for use from any address.
-
-     The PROXY flag is set in a ticket by the  TGS  when  it
-issues  a  proxy ticket.  Application servers may check this
-flag and at their option they may require additional authen-
-tication  from  the  agent  presenting the proxy in order to
-provide an audit trail.
-
-2.6.  Forwardable tickets
-
-     Authentication forwarding is an  instance  of  a  proxy
-where  the  service  is granted complete use of the client's
-identity.  An example where it might be used is when a  user
-logs  in to a remote system and wants authentication to work
-from that system as if the login were local.
-
-     The FORWARDABLE flag  in  a  ticket  is  normally  only
-__________________________
-[4] Though it is permissible to request or issue  tick-
-ets with no network addresses specified.
-
-
-Section 2.6.               - 13 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-interpreted by  the  ticket-granting  service.   It  can  be
-ignored by application servers.  The FORWARDABLE flag has an
-interpretation similar to that of the PROXIABLE flag, except
-ticket-granting  tickets  may  also be issued with different
-network addresses.  This flag is reset by default, but users
-may request that it be set by setting the FORWARDABLE option
-in the AS request when they request  their  initial  ticket-
-granting ticket.
-
-     This flag allows for authentication forwarding  without
-requiring  the  user to enter a password again.  If the flag
-is not set, then authentication forwarding is not permitted,
-but  the  same  result  can  still  be  achieved if the user
-engages in the AS exchange specifying the requested  network
-addresses and supplies a password.
-
-     The FORWARDED flag is set by  the  TGS  when  a  client
-presents a ticket with the FORWARDABLE flag set and requests
-a forwarded ticket by specifying the  FORWARDED  KDC  option
-and  supplying a set of addresses for the new ticket.  It is
-also set in all tickets issued based  on  tickets  with  the
-FORWARDED  flag set.  Application servers may choose to pro-
-cess FORWARDED tickets differently than non-FORWARDED  tick-
-ets.
-
-2.7.  Other KDC options
-
-     There are two additional options which may be set in  a
-client's  request of the KDC.  The RENEWABLE-OK option indi-
-cates that the client will accept a renewable  ticket  if  a
-ticket with the requested life cannot otherwise be provided.
-If a ticket with the requested life cannot be provided, then
-the KDC may issue a renewable ticket with a renew-till equal
-to the the requested endtime.  The value of  the  renew-till
-field  may  still  be  adjusted by site-determined limits or
-limits imposed by the individual principal or server.
-
-     The ENC-TKT-IN-SKEY  option  is  honored  only  by  the
-ticket-granting service.  It indicates that the ticket to be
-issued for the end server is to be encrypted in the  session
-key from the a additional second ticket-granting ticket pro-
-vided with the request.   See  section  3.3.3  for  specific
-details.
-
-__________________________
-[5] The password-changing request must not  be  honored
-unless  the requester can provide the old password (the
-user's current secret key).   Otherwise,  it  would  be
-possible  for  someone to walk up to an unattended ses-
-sion and change another user's password.
-[6] To authenticate a user logging on to a  local  sys-
-tem,  the  credentials  obtained in the AS exchange may
-first be used in a TGS exchange to  obtain  credentials
-
-
-Section 3.1.               - 14 -    Expires 11 January 1998
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-
-3.  Message Exchanges
-
-The following sections  describe  the  interactions  between
-network  clients  and  servers  and the messages involved in
-those exchanges.
-
-3.1.  The Authentication Service Exchange
-
-                          Summary
-      Message direction       Message type    Section
-      1. Client to Kerberos   KRB_AS_REQ      5.4.1
-      2. Kerberos to client   KRB_AS_REP or   5.4.2
-                              KRB_ERROR       5.9.1
-
-
-     The Authentication Service (AS)  Exchange  between  the
-client  and  the Kerberos Authentication Server is initiated
-by a client when it wishes to obtain authentication  creden-
-tials for a given server but currently holds no credentials.
-In its basic form, the client's secret key is used  for  en-
-cryption and decryption.  This exchange is typically used at
-the initiation of a login session to obtain credentials  for
-a  Ticket-Granting Server which will subsequently be used to
-obtain credentials  for  other  servers  (see  section  3.3)
-without  requiring  further  use of the client's secret key.
-This exchange is also used to request credentials  for  ser-
-vices which must not be mediated through the Ticket-Granting
-Service, but rather require a principal's secret  key,  such
-as the password-changing service[5].  This exchange does not
-by  itself  provide any assurance of the the identity of the
-user[6].
-
-     The exchange consists of two messages: KRB_AS_REQ  from
-the  client  to  Kerberos,  and  KRB_AS_REP  or KRB_ERROR in
-reply.  The formats for these messages are described in sec-
-tions 5.4.1, 5.4.2, and 5.9.1.
-
-     In the request, the client sends (in cleartext) its own
-identity  and  the  identity  of  the server for which it is
-requesting credentials.  The response, KRB_AS_REP,  contains
-a ticket for the client to present to the server, and a ses-
-sion key that will be shared by the client and  the  server.
-The  session key and additional information are encrypted in
-the client's secret key.  The  KRB_AS_REP  message  contains
-information  which  can  be  used  to detect replays, and to
-associate it with the message to which it replies.   Various
-errors  can  occur; these are indicated by an error response
-(KRB_ERROR) instead of the KRB_AS_REP response.   The  error
-__________________________
-for  a  local  server.   Those credentials must then be
-verified by a local server through  successful  comple-
-tion of the Client/Server exchange.
-
-
-
-Section 3.1.               - 15 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-message is not encrypted.  The  KRB_ERROR  message  contains
-information  which can be used to associate it with the mes-
-sage to which it replies.  The lack  of  encryption  in  the
-KRB_ERROR  message  precludes the ability to detect replays,
-fabrications, or modifications of such messages.
-
-     Without  preautentication,  the  authentication  server
-does  not  know whether the client is actually the principal
-named in the request.  It simply sends a reply without know-
-ing or caring whether they are the same.  This is acceptable
-because nobody but the principal whose identity was given in
-the  request  will  be  able  to use the reply. Its critical
-information is encrypted in that principal's key.  The  ini-
-tial  request supports an optional field that can be used to
-pass additional information that might  be  needed  for  the
-initial   exchange.    This  field  may  be  used  for  pre-
-authentication as described in section <<sec preauth>>.
-
-3.1.1.  Generation of KRB_AS_REQ message
-
-     The client may specify a number of options in the  ini-
-tial   request.    Among  these  options  are  whether  pre-
-authentication is to be  performed;  whether  the  requested
-ticket  is  to  be  renewable,  proxiable,  or  forwardable;
-whether it  should  be  postdated  or  allow  postdating  of
-derivative  tickets;  and whether a renewable ticket will be
-accepted in lieu of a non-renewable ticket if the  requested
-ticket  expiration  date  cannot  be  satisfied  by  a  non-
-renewable ticket (due to configuration constraints; see sec-
-tion 4).  See section A.1 for pseudocode.
-
-     The client prepares the KRB_AS_REQ message and sends it
-to the KDC.
-
-3.1.2.  Receipt of KRB_AS_REQ message
-
-     If all goes well,  processing  the  KRB_AS_REQ  message
-will  result  in  the creation of a ticket for the client to
-present to  the  server.   The  format  for  the  ticket  is
-described  in section 5.3.1.  The contents of the ticket are
-determined as follows.
-
-3.1.3.  Generation of KRB_AS_REP message
-
-     The authentication  server  looks  up  the  client  and
-server  principals  named in the KRB_AS_REQ in its database,
-extracting their respective keys.  If required,  the  server
-pre-authenticates the request, and if the pre-authentication
-check   fails,   an   error   message    with    the    code
-KDC_ERR_PREAUTH_FAILED  is  returned.   If the server cannot
-accommodate the requested encryption type, an error  message
-with  code  KDC_ERR_ETYPE_NOSUPP  is returned.  Otherwise it
-generates a "random" session key[7].
-__________________________
-
-
-Section 3.1.3.             - 16 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     If there are multiple encryption keys registered for  a
-client  in  the  Kerberos database (or if the key registered
-supports multiple encryption  types;  e.g.  DES-CBC-CRC  and
-DES-CBC-MD5),  then  the  etype field from the AS request is
-used by the KDC to select the encryption method to  be  used
-for encrypting the response to the client.  If there is more
-than one supported, strong  encryption  type  in  the  etype
-list,  the  first valid etype for which an encryption key is
-available is used.  The encryption method used to respond to
-a  TGS  request is taken from the keytype of the session key
-found in the ticket granting ticket.
-
-     When the etype field  is  present  in  a  KDC  request,
-whether an AS or TGS request, the KDC will attempt to assign
-the type of the random session key from the list of  methods
-in  the  etype  field.   The KDC will select the appropriate
-type using the list of methods provided together with infor-
-mation  from  the  Kerberos  database  indicating acceptable
-encryption methods for the application server.  The KDC will
-not issue tickets with a weak session key encryption type.
-
-     If the requested start time is absent, indicates a time
-in  the  past,  or  is within the window of acceptable clock
-skew for the KDC and the POSTDATE option has not been speci-
-fied,  then  the  start  time  of  the  ticket is set to the
-authentication server's current time.   If  it  indicates  a
-time in the future beyond the acceptable clock skew, but the
-POSTDATED option has  not  been  specified  then  the  error
-KDC_ERR_CANNOT_POSTDATE    is   returned.    Otherwise   the
-requested start time is checked against the  policy  of  the
-local realm (the administrator might decide to prohibit cer-
-tain types or ranges of postdated tickets), and  if  accept-
-able,  the  ticket's  start time is set as requested and the
-INVALID flag is set in the new ticket. The postdated  ticket
-must  be  validated  before  use by presenting it to the KDC
-after the start time has been reached.
-
-
-
-
-
-
-
-
-
-__________________________
-[7] "Random" means that, among other things, it  should
-be  impossible  to  guess the next session key based on
-knowledge of past  session  keys.   This  can  only  be
-achieved  in  a pseudo-random number generator if it is
-based on cryptographic principles.  It is  more  desir-
-able  to  use  a truly random number generator, such as
-one based on measurements of random physical phenomena.
-
-
-
-Section 3.1.3.             - 17 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-The expiration time of the ticket will be set to the minimum
-of the following:
-
-+The expiration time (endtime) requested in  the  KRB_AS_REQ
- message.
-
-+The ticket's start time plus the maximum allowable lifetime
- associated  with  the  client principal (the authentication
- server's database includes a maximum ticket lifetime  field
- in each principal's record; see section 4).
-
-+The ticket's start time plus the maximum allowable lifetime
- associated with the server principal.
-
-+The ticket's start time plus the maximum  lifetime  set  by
- the policy of the local realm.
-
-     If the requested expiration time minus the  start  time
-(as determined above) is less than a site-determined minimum
-lifetime, an error message with code KDC_ERR_NEVER_VALID  is
-returned.   If  the requested expiration time for the ticket
-exceeds  what  was  determined  as   above,   and   if   the
-"RENEWABLE-OK"  option  was  requested, then the "RENEWABLE"
-flag is set in the new ticket, and the renew-till  value  is
-set  as  if the "RENEWABLE" option were requested (the field
-and option names are described fully in section 5.4.1).
-
-If the  RENEWABLE  option  has  been  requested  or  if  the
-RENEWABLE-OK  option  has been set and a renewable ticket is
-to be issued, then  the  renew-till  field  is  set  to  the
-minimum of:
-
-+Its requested value.
-
-+The start time of the ticket plus the minimum  of  the  two
- maximum renewable lifetimes associated with the principals'
- database entries.
-
-+The start time of the ticket  plus  the  maximum  renewable
- lifetime set by the policy of the local realm.
-
-     The flags field of the new ticket will have the follow-
-ing  options set if they have been requested and if the pol-
-icy of the local realm  allows:  FORWARDABLE,  MAY-POSTDATE,
-POSTDATED,  PROXIABLE, RENEWABLE. If the new ticket is post-
-dated (the start time is in the future),  its  INVALID  flag
-will also be set.
-
-     If all of the  above  succeed,  the  server  formats  a
-KRB_AS_REP   message   (see   section  5.4.2),  copying  the
-addresses in the request into the  caddr  of  the  response,
-placing any required pre-authentication data into the padata
-of the response, and encrypts the  ciphertext  part  in  the
-client's  key  using  the  requested  encryption method, and
-
-
-Section 3.1.3.             - 18 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-sends it to the client.  See section A.2 for pseudocode.
-
-3.1.4.  Generation of KRB_ERROR message
-
-     Several errors can occur, and the Authentication Server
-responds  by  returning  an error message, KRB_ERROR, to the
-client,  with  the  error-code  and  e-text  fields  set  to
-appropriate  values.  The error message contents and details
-are described in Section 5.9.1.
-
-3.1.5.  Receipt of KRB_AS_REP message
-
-     If the reply  message  type  is  KRB_AS_REP,  then  the
-client  verifies  that  the  cname  and crealm fields in the
-cleartext portion of the reply match what it requested.   If
-any  padata  fields  are present, they may be used to derive
-the proper secret key to decrypt the  message.   The  client
-decrypts the encrypted part of the response using its secret
-key, verifies that the nonce in the encrypted  part  matches
-the  nonce  it  supplied in its request (to detect replays).
-It also verifies that the sname and srealm in  the  response
-match  those  in  the  request  (or  are  otherwise expected
-values), and that the host address field  is  also  correct.
-It then stores the ticket, session key, start and expiration
-times, and  other  information  for  later  use.   The  key-
-expiration field from the encrypted part of the response may
-be checked to notify the user of  impending  key  expiration
-(the client program could then suggest remedial action, such
-as a password change).  See section A.3 for pseudocode.
-
-     Proper decryption of the KRB_AS_REP message is not suf-
-ficient  to verify the identity of the user; the user and an
-attacker could cooperate to  generate  a  KRB_AS_REP  format
-message  which  decrypts properly but is not from the proper
-KDC.  If the host wishes to verify the identity of the user,
-it  must require the user to present application credentials
-which can be verified using a securely-stored secret key for
-the  host.   If  those credentials can be verified, then the
-identity of the user can be assured.
-
-3.1.6.  Receipt of KRB_ERROR message
-
-     If the reply message type is KRB_ERROR, then the client
-interprets   it   as   an   error   and   performs  whatever
-application-specific tasks are necessary to recover.
-
-3.2.  The Client/Server Authentication Exchange
-
-                             Summary
-Message direction                         Message type    Section
-Client to Application server              KRB_AP_REQ      5.5.1
-[optional] Application server to client   KRB_AP_REP or   5.5.2
-                                          KRB_ERROR       5.9.1
-
-
-
-Section 3.2.               - 19 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     The client/server authentication (CS) exchange is  used
-by  network  applications  to authenticate the client to the
-server  and  vice  versa.   The  client  must  have  already
-acquired  credentials  for  the  server  using the AS or TGS
-exchange.
-
-3.2.1.  The KRB_AP_REQ message
-
-     The  KRB_AP_REQ  contains  authentication   information
-which  should  be  part of the first message in an authenti-
-cated transaction.  It contains a ticket, an  authenticator,
-and  some  additional  bookkeeping  information (see section
-5.5.1 for the exact format).  The ticket by itself is insuf-
-ficient  to  authenticate a client, since tickets are passed
-across the network in cleartext[8], so the authenticator  is
-used  to prevent invalid replay of tickets by proving to the
-server that the client knows the session key of  the  ticket
-and thus is entitled to use the ticket.  The KRB_AP_REQ mes-
-sage  is  referred  to  elsewhere  as  the   "authentication
-header."
-
-3.2.2.  Generation of a KRB_AP_REQ message
-
-     When a client wishes to initiate  authentication  to  a
-server,  it obtains (either through a credentials cache, the
-AS exchange, or the TGS exchange) a ticket and  session  key
-for  the desired service.  The client may re-use any tickets
-it holds until they expire.  To use a ticket the client con-
-structs  a  new  Authenticator from the the system time, its
-name, and optionally an application  specific  checksum,  an
-initial  sequence  number to be used in KRB_SAFE or KRB_PRIV
-messages, and/or a session subkey to be used in negotiations
-for  a  session  key  unique  to  this  particular  session.
-Authenticators may not be re-used and will  be  rejected  if
-replayed to a server[9].  If a  sequence  number  is  to  be
-included,  it  should  be randomly chosen so that even after
-many messages have been exchanged it is not likely  to  col-
-lide with other sequence numbers in use.
-
-     The  client  may  indicate  a  requirement  of   mutual
-__________________________
-[8] Tickets contain both an encrypted  and  unencrypted
-portion,  so  cleartext here refers to the entire unit,
-which can be copied from one message  and  replayed  in
-another without any cryptographic skill.
-[9] Note  that  this can make applications based on un-
-reliable transports difficult to code correctly. If the
-transport  might  deliver duplicated messages, either a
-new authenticator must be generated for each retry,  or
-the  application server must match requests and replies
-and replay the first reply in response  to  a  detected
-duplicate.
-
-
-
-Section 3.2.2.             - 20 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-authentication or the use of a session-key based  ticket  by
-setting  the  appropriate flag(s) in the ap-options field of
-the message.
-
-     The Authenticator is encrypted in the session  key  and
-combined  with  the  ticket  to  form the KRB_AP_REQ message
-which is then sent to the end server along  with  any  addi-
-tional  application-specific  information.   See section A.9
-for pseudocode.
-
-3.2.3.  Receipt of KRB_AP_REQ message
-
-     Authentication is based on the server's current time of
-day  (clocks  must be loosely synchronized), the authentica-
-tor, and the ticket.  Several errors are  possible.   If  an
-error  occurs, the server is expected to reply to the client
-with a KRB_ERROR message.  This message may be  encapsulated
-in the application protocol if its "raw" form is not accept-
-able to the protocol.   The  format  of  error  messages  is
-described in section 5.9.1.
-
-     The algorithm for verifying authentication  information
-is  as  follows.  If the message type is not KRB_AP_REQ, the
-server returns the KRB_AP_ERR_MSG_TYPE error.   If  the  key
-version indicated by the Ticket in the KRB_AP_REQ is not one
-the server can use (e.g., it indicates an old key,  and  the
-server  no  longer  possesses  a  copy  of the old key), the
-KRB_AP_ERR_BADKEYVER  error  is  returned.   If   the   USE-
-SESSION-KEY  flag  is  set in the ap-options field, it indi-
-cates to the server that the ticket is encrypted in the ses-
-sion  key  from  the  server's ticket-granting ticket rather
-than its secret key[10].   Since  it  is  possible  for  the
-server  to  be registered in multiple realms, with different
-keys in each, the srealm field in the unencrypted portion of
-the ticket in the KRB_AP_REQ is used to specify which secret
-key the server should  use  to  decrypt  that  ticket.   The
-KRB_AP_ERR_NOKEY  error  code  is  returned  if  the  server
-doesn't have the proper key to decipher the ticket.
-
-     The ticket  is  decrypted  using  the  version  of  the
-server's  key  specified  by  the ticket.  If the decryption
-routines detect a modification of the ticket  (each  encryp-
-tion  system  must  provide  safeguards  to  detect modified
-ciphertext; see  section  6),  the  KRB_AP_ERR_BAD_INTEGRITY
-error is returned (chances are good that different keys were
-used to encrypt and decrypt).
-
-     The authenticator is decrypted using  the  session  key
-extracted from the decrypted ticket.  If decryption shows it
-to have been modified, the KRB_AP_ERR_BAD_INTEGRITY error is
-__________________________
-[10] This is used for  user-to-user  authentication  as
-described in  [8].
-
-
-Section 3.2.3.             - 21 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-returned.  The name and realm of the client from the  ticket
-are  compared  against the same fields in the authenticator.
-If  they  don't  match,  the  KRB_AP_ERR_BADMATCH  error  is
-returned  (they  might  not match, for example, if the wrong
-session key was used to  encrypt  the  authenticator).   The
-addresses  in  the  ticket (if any) are then searched for an
-address matching the operating-system  reported  address  of
-the  client.   If no match is found or the server insists on
-ticket addresses but none are present  in  the  ticket,  the
-KRB_AP_ERR_BADADDR error is returned.
-
-     If the local (server) time and the client time  in  the
-authenticator  differ  by more than the allowable clock skew
-(e.g., 5 minutes), the KRB_AP_ERR_SKEW  error  is  returned.
-If  the  server  name,  along with the client name, time and
-microsecond  fields  from  the   Authenticator   match   any
-recently-seen  such  tuples,  the KRB_AP_ERR_REPEAT error is
-returned[11].  The server must  remember  any  authenticator
-presented  within the allowable clock skew, so that a replay
-attempt is guaranteed to fail.  If a server loses  track  of
-any authenticator presented within the allowable clock skew,
-it must reject all requests until the  clock  skew  interval
-has passed.  This assures that any lost or re-played authen-
-ticators will fall outside the allowable clock skew and  can
-no  longer be successfully replayed (If this is not done, an
-attacker could conceivably record the ticket and authentica-
-tor  sent  over  the  network  to a server, then disable the
-client's host, pose as the disabled  host,  and  replay  the
-ticket  and  authenticator  to subvert the authentication.).
-If a sequence number is provided in the  authenticator,  the
-server  saves it for later use in processing KRB_SAFE and/or
-KRB_PRIV messages.  If  a  subkey  is  present,  the  server
-either  saves  it  for later use or uses it to help generate
-its own choice for a subkey to be returned in  a  KRB_AP_REP
-message.
-
-     The server  computes  the  age  of  the  ticket:  local
-(server)  time  minus  the start time inside the Ticket.  If
-the start time is later than the current time by  more  than
-the  allowable  clock  skew or if the INVALID flag is set in
-the ticket, the KRB_AP_ERR_TKT_NYV error is returned.   Oth-
-erwise,  if  the current time is later than end time by more
-than the allowable clock  skew,  the  KRB_AP_ERR_TKT_EXPIRED
-error is returned.
-
-     If all these  checks  succeed  without  an  error,  the
-__________________________
-[11] Note that the rejection here is restricted to  au-
-thenticators  from  the  same  principal  to  the  same
-server.  Other client principals communicating with the
-same  server principal should not be have their authen-
-ticators rejected if the time  and  microsecond  fields
-happen to match some other client's authenticator.
-
-
-Section 3.2.3.             - 22 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-server is assured that the client possesses the  credentials
-of  the  principal  named in the ticket and thus, the client
-has been authenticated to the server.  See section A.10  for
-pseudocode.
-
-     Passing these checks provides  only  authentication  of
-the  named principal; it does not imply authorization to use
-the  named  service.   Applications  must  make  a  separate
-authorization decisions based upon the authenticated name of
-the user,  the  requested  operation,  local  acces  control
-information such as that contained in a .k5login or .k5users
-file, and possibly a separate distributed authorization ser-
-vice.
-
-3.2.4.  Generation of a KRB_AP_REP message
-
-     Typically, a client's request  will  include  both  the
-authentication  information  and  its initial request in the
-same message, and the server need not  explicitly  reply  to
-the KRB_AP_REQ.  However, if mutual authentication (not only
-authenticating the client to the server, but also the server
-to  the  client)  is being performed, the KRB_AP_REQ message
-will have MUTUAL-REQUIRED set in its ap-options field, and a
-KRB_AP_REP  message  is  required  in response.  As with the
-error message, this  message  may  be  encapsulated  in  the
-application  protocol if its "raw" form is not acceptable to
-the application's protocol.  The timestamp  and  microsecond
-field  used  in the reply must be the client's timestamp and
-microsecond field (as provided  in  the  authenticator)[12].
-If  a  sequence  number is to be included, it should be ran-
-domly chosen as described above for  the  authenticator.   A
-subkey  may be included if the server desires to negotiate a
-different subkey.  The KRB_AP_REP message  is  encrypted  in
-the session key extracted from the ticket.  See section A.11
-for pseudocode.
-
-3.2.5.  Receipt of KRB_AP_REP message
-
-
-     If a KRB_AP_REP message is returned,  the  client  uses
-the  session  key  from  the  credentials  obtained  for the
-server[13] to decrypt the message,  and  verifies  that  the
-__________________________
-[12] In the Kerberos version 4 protocol, the  timestamp
-in the reply was the client's timestamp plus one.  This
-is not necessary in version 5 because  version  5  mes-
-sages are formatted in such a way that it is not possi-
-ble to create the reply by  judicious  message  surgery
-(even  in  encrypted form) without knowledge of the ap-
-propriate encryption keys.
-[13] Note that for encrypting the  KRB_AP_REP  message,
-the sub-session key is not used, even if present in the
-Authenticator.
-
-
-Section 3.2.5.             - 23 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-timestamp and microsecond fields match those in the  Authen-
-ticator  it  sent  to  the  server.  If they match, then the
-client is assured that the server is genuine.  The  sequence
-number  and  subkey (if present) are retained for later use.
-See section A.12 for pseudocode.
-
-
-3.2.6.  Using the encryption key
-
-     After the KRB_AP_REQ/KRB_AP_REP exchange has  occurred,
-the  client  and server share an encryption key which can be
-used by the application.  The "true session key" to be  used
-for  KRB_PRIV,  KRB_SAFE, or other application-specific uses
-may be chosen by the application based on the subkeys in the
-KRB_AP_REP  message  and  the  authenticator[14].   In  some
-cases,  the  use of this session key will be implicit in the
-protocol; in others the method of use must  be  chosen  from
-several alternatives.  We leave the protocol negotiations of
-how to use the key (e.g.  selecting an encryption or  check-
-sum type) to the application programmer; the Kerberos proto-
-col does not constrain the implementation  options,  but  an
-example of how this might be done follows.
-
-     One way that an application may choose to  negotiate  a
-key  to  be used for subequent integrity and privacy protec-
-tion is for the client to propose a key in the subkey  field
-of  the  authenticator.   The  server  can then choose a key
-using the proposed key from the client as  input,  returning
-the new subkey in the subkey field of the application reply.
-This key could then be used  for  subsequent  communication.
-To make this example more concrete, if the encryption method
-in use required a 56 bit key, and for whatever  reason,  one
-of the parties was prevented from using a key with more than
-40 unknown bits, this method would allow the the party which
-is  prevented from using more than 40 bits to either propose
-(if the client) an initial key with a known quantity for  16
-of  those  bits,  or  to mask 16 of the bits (if the server)
-with the known quantity.   The  application  implementor  is
-warned,  however,  that this is only an example, and that an
-analysis of the particular crytosystem to be used,  and  the
-reasons  for  limiting  the  key length, must be made before
-deciding whether it is acceptable to mask bits of the key.
-
-     With  both  the  one-way  and   mutual   authentication
-exchanges,  the peers should take care not to send sensitive
-information to each other  without  proper  assurances.   In
-particular,  applications  that require privacy or integrity
-should use the KRB_AP_REP response from the server to client
-__________________________
-[14] Implementations of the protocol may wish  to  pro-
-vide  routines  to choose subkeys based on session keys
-and random numbers and to generate a negotiated key  to
-be returned in the KRB_AP_REP message.
-
-
-Section 3.2.6.             - 24 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-to assure both client and server of their  peer's  identity.
-If an application protocol requires privacy of its messages,
-it can use the KRB_PRIV message (section 3.5).  The KRB_SAFE
-message (section 3.4) can be used to assure integrity.
-
-
-3.3.  The Ticket-Granting Service (TGS) Exchange
-
-                          Summary
-      Message direction       Message type     Section
-      1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-      2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                              KRB_ERROR        5.9.1
-
-
-     The TGS exchange between  a  client  and  the  Kerberos
-Ticket-Granting  Server  is  initiated  by  a client when it
-wishes to obtain  authentication  credentials  for  a  given
-server  (which  might be registered in a remote realm), when
-it wishes to renew or validate an existing ticket,  or  when
-it  wishes to obtain a proxy ticket.  In the first case, the
-client must already have acquired a ticket for  the  Ticket-
-Granting  Service using the AS exchange (the ticket-granting
-ticket is usually obtained when a client initially authenti-
-cates to the system, such as when a user logs in).  The mes-
-sage format for the TGS exchange is almost identical to that
-for the AS exchange.  The primary difference is that encryp-
-tion and decryption in the TGS exchange does not take  place
-under  the  client's key.  Instead, the session key from the
-ticket-granting ticket or renewable ticket,  or  sub-session
-key  from  an Authenticator is used.  As is the case for all
-application servers, expired tickets are not accepted by the
-TGS,  so once a renewable or ticket-granting ticket expires,
-the client must use a  separate  exchange  to  obtain  valid
-tickets.
-
-     The TGS exchange consists of two  messages:  A  request
-(KRB_TGS_REQ)  from  the  client  to  the  Kerberos  Ticket-
-Granting Server, and a  reply  (KRB_TGS_REP  or  KRB_ERROR).
-The  KRB_TGS_REQ message includes information authenticating
-the client plus a request for credentials.  The  authentica-
-tion  information  consists  of  the  authentication  header
-(KRB_AP_REQ) which includes the client's previously obtained
-ticket-granting,  renewable,  or  invalid  ticket.   In  the
-ticket-granting ticket and  proxy  cases,  the  request  may
-include  one or more of: a list of network addresses, a col-
-lection of typed authorization data  to  be  sealed  in  the
-ticket  for  authorization use by the application server, or
-additional tickets (the use of which are  described  later).
-The  TGS  reply (KRB_TGS_REP) contains the requested creden-
-tials, encrypted in the session key from the ticket-granting
-ticket  or  renewable  ticket,  or  if  present, in the sub-
-session key from the Authenticator (part of the  authentica-
-tion  header).  The KRB_ERROR message contains an error code
-
-
-Section 3.3.               - 25 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-and text explaining what went wrong.  The KRB_ERROR  message
-is not encrypted.  The KRB_TGS_REP message contains informa-
-tion which can be used to detect replays, and  to  associate
-it with the message to which it replies.  The KRB_ERROR mes-
-sage also contains information which can be used to  associ-
-ate it with the message to which it replies, but the lack of
-encryption in the KRB_ERROR message precludes the ability to
-detect replays or fabrications of such messages.
-
-3.3.1.  Generation of KRB_TGS_REQ message
-
-     Before sending a request to  the  ticket-granting  ser-
-vice,  the client must determine in which realm the applica-
-tion server is  registered[15].   If  the  client  does  not
-already possess a ticket-granting ticket for the appropriate
-realm, then one must be obtained.  This is  first  attempted
-by  requesting  a ticket-granting ticket for the destination
-realm from a Kerberos  server  for  which  the  client  does
-posess  a ticket-granting ticket (using the KRB_TGS_REQ mes-
-sage recursively).  The Kerberos server may return a TGT for
-the  desired  realm in which case one can proceed.  Alterna-
-tively, the Kerberos server may return a  TGT  for  a  realm
-which  is  "closer"  to the desired realm (further along the
-standard hierarchical path), in which case this step must be
-repeated  with  a  Kerberos server in the realm specified in
-the returned TGT.  If neither are returned, then the request
-must be retried with a Kerberos server for a realm higher in
-the hierarchy.  This request will itself require  a  ticket-
-granting  ticket for the higher realm which must be obtained
-by recursively applying these directions.
-
-
-     Once the client obtains a  ticket-granting  ticket  for
-the  appropriate realm, it determines which Kerberos servers
-serve that realm, and  contacts  one.   The  list  might  be
-obtained  through a configuration file or network service or
-it may be generated from the name of the realm; as  long  as
-the  secret  keys  exchanged by realms are kept secret, only
-denial of  service  results  from  using  a  false  Kerberos
-server.
-__________________________
-[15] This can be  accomplished  in  several  ways.   It
-might  be  known beforehand (since the realm is part of
-the principal identifier), it  might  be  stored  in  a
-nameserver,  or  it might be obtained from a configura-
-tion file.  If the realm to be used is obtained from  a
-nameserver,  there  is a danger of being spoofed if the
-nameservice providing the realm name is  not  authenti-
-cated.   This  might result in the use of a realm which
-has been compromised, and would result in an attacker's
-ability  to compromise the authentication of the appli-
-cation server to the client.
-
-
-
-Section 3.3.1.             - 26 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     As in the AS exchange, the client may specify a  number
-of  options in the KRB_TGS_REQ message.  The client prepares
-the KRB_TGS_REQ message, providing an authentication  header
-as  an  element  of the padata field, and including the same
-fields as used in the KRB_AS_REQ message along with  several
-optional fields: the enc-authorization-data field for appli-
-cation server use and additional tickets  required  by  some
-options.
-
-     In preparing the authentication header, the client  can
-select  a  sub-session key under which the response from the
-Kerberos server will be encrypted[16].  If  the  sub-session
-key  is  not  specified,  the  session  key from the ticket-
-granting ticket will be used.  If the enc-authorization-data
-is  present, it must be encrypted in the sub-session key, if
-present, from the authenticator portion of  the  authentica-
-tion  header,  or if not present, using the session key from
-the ticket-granting ticket.
-
-     Once prepared, the message is sent to a Kerberos server
-for the destination realm.  See section A.5 for pseudocode.
-
-3.3.2.  Receipt of KRB_TGS_REQ message
-
-     The KRB_TGS_REQ message is processed in a manner  simi-
-lar to the KRB_AS_REQ message, but there are many additional
-checks to be performed.  First,  the  Kerberos  server  must
-determine which server the accompanying ticket is for and it
-must select the appropriate key to decrypt it.  For a normal
-KRB_TGS_REQ message, it will be for the ticket granting ser-
-vice, and the TGS's key will be used.  If the TGT was issued
-by  another realm, then the appropriate inter-realm key must
-be used.  If the accompanying ticket is not a ticket  grant-
-ing  ticket for the current realm, but is for an application
-server in the current realm, the RENEW, VALIDATE,  or  PROXY
-options  are  specified  in  the request, and the server for
-which a ticket is requested  is  the  server  named  in  the
-accompanying ticket, then the KDC will decrypt the ticket in
-the authentication header using the key of  the  server  for
-which  it  was  issued.   If  no  ticket can be found in the
-padata  field,  the  KDC_ERR_PADATA_TYPE_NOSUPP   error   is
-returned.
-
-     Once the accompanying ticket has  been  decrypted,  the
-user-supplied checksum in the Authenticator must be verified
-against  the  contents  of  the  request,  and  the  message
-rejected  if  the checksums do not match (with an error code
-__________________________
-[16] If the client selects a sub-session key, care must
-be  taken to ensure the randomness of the selected sub-
-session key.  One approach would be to generate a  ran-
-dom  number  and  XOR  it with the session key from the
-ticket-granting ticket.
-
-
-Section 3.3.2.             - 27 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-of KRB_AP_ERR_MODIFIED) or if the checksum is not  keyed  or
-not    collision-proof    (with    an    error    code    of
-KRB_AP_ERR_INAPP_CKSUM).  If the checksum type is  not  sup-
-ported,  the  KDC_ERR_SUMTYPE_NOSUPP  error is returned.  If
-the authorization-data are present, they are decrypted using
-the sub-session key from the Authenticator.
-
-     If any of the  decryptions  indicate  failed  integrity
-checks, the KRB_AP_ERR_BAD_INTEGRITY error is returned.
-
-3.3.3.  Generation of KRB_TGS_REP message
-
-     The KRB_TGS_REP message  shares  its  format  with  the
-KRB_AS_REP  (KRB_KDC_REP),  but  with  its type field set to
-KRB_TGS_REP.   The  detailed  specification  is  in  section
-5.4.2.
-
-     The response will include a ticket  for  the  requested
-server.   The  Kerberos  database is queried to retrieve the
-record for the requested  server  (including  the  key  with
-which  the ticket will be encrypted).  If the request is for
-a ticket granting ticket for a remote realm, and if  no  key
-is shared with the requested realm, then the Kerberos server
-will select the realm "closest" to the requested realm  with
-which it does share a key, and use that realm instead.  This
-is the only case where the response from the KDC will be for
-a different server than that requested by the client.
-
-     By default, the address field, the  client's  name  and
-realm,  the  list  of  transited realms, the time of initial
-authentication, the expiration time, and  the  authorization
-data  of  the  newly-issued  ticket  will be copied from the
-ticket-granting ticket (TGT) or renewable  ticket.   If  the
-transited  field needs to be updated, but the transited type
-is  not  supported,  the  KDC_ERR_TRTYPE_NOSUPP   error   is
-returned.
-
-     If the request specifies an endtime, then  the  endtime
-of the new ticket is set to the minimum of (a) that request,
-(b) the endtime from the TGT, and (c) the starttime  of  the
-TGT plus the minimum of the maximum life for the application
-server and the maximum life for the local realm (the maximum
-life  for  the requesting principal was already applied when
-the TGT was issued).  If the new ticket is to be a  renewal,
-then the endtime above is replaced by the minimum of (a) the
-value of the renew_till field of  the  ticket  and  (b)  the
-starttime  for  the  new  ticket  plus  the  life  (endtime-
-starttime) of the old ticket.
-
-     If the FORWARDED option has been  requested,  then  the
-resulting ticket will contain the addresses specified by the
-client.  This option will only be honored if the FORWARDABLE
-flag  is  set in the TGT.  The PROXY option is similar;  the
-resulting ticket will contain the addresses specified by the
-
-
-Section 3.3.3.             - 28 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-client.   It  will  be honored only if the PROXIABLE flag in
-the TGT is set.  The PROXY option will  not  be  honored  on
-requests for additional ticket-granting tickets.
-
-     If the requested start time is absent, indicates a time
-in  the  past,  or  is within the window of acceptable clock
-skew for the KDC and the POSTDATE option has not been speci-
-fied,  then  the  start  time  of  the  ticket is set to the
-authentication server's current time.   If  it  indicates  a
-time in the future beyond the acceptable clock skew, but the
-POSTDATED option has not been specified or the  MAY-POSTDATE
-flag   is   not   set   in   the   TGT,   then   the   error
-KDC_ERR_CANNOT_POSTDATE  is  returned.   Otherwise,  if  the
-ticket-granting  ticket  has the MAY-POSTDATE flag set, then
-the resulting ticket will be  postdated  and  the  requested
-starttime  is checked against the policy of the local realm.
-If acceptable, the ticket's start time is set as  requested,
-and  the  INVALID flag is set.  The postdated ticket must be
-validated before use by presenting it to the KDC  after  the
-starttime  has  been  reached.   However, in no case may the
-starttime, endtime, or renew-till  time  of  a  newly-issued
-postdated  ticket  extend  beyond the renew-till time of the
-ticket-granting ticket.
-
-     If the ENC-TKT-IN-SKEY option has been specified and an
-additional  ticket has been included in the request, the KDC
-will decrypt the additional ticket using  the  key  for  the
-server  to which the additional ticket was issued and verify
-that it is a ticket-granting ticket.  If  the  name  of  the
-requested  server  is  missing from the request, the name of
-the client in the additional ticket will be used.  Otherwise
-the  name  of  the  requested server will be compared to the
-name of the client in the  additional  ticket  and  if  dif-
-ferent,  the  request  will  be  rejected.   If  the request
-succeeds, the session key from the additional ticket will be
-used  to  encrypt  the  new ticket that is issued instead of
-using the key of the server for which the new ticket will be
-used[17].
-
-     If the name  of  the  server  in  the  ticket  that  is
-presented to the KDC as part of the authentication header is
-not that of the ticket-granting server itself, the server is
-registered  in the realm of the KDC, and the RENEW option is
-requested, then the KDC will verify that the RENEWABLE  flag
-is  set  in  the ticket, that the INVALID flag is not set in
-the ticket, and that the renew_till time  is  still  in  the
-future.   If  the VALIDATE option is rqeuested, the KDC will
-__________________________
-[17] This allows easy  implementation  of  user-to-user
-authentication  [8],  which uses ticket-granting ticket
-session keys in lieu of secret server  keys  in  situa-
-tions  where  such secret keys could be easily comprom-
-ised.
-
-
-Section 3.3.3.             - 29 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-check that the starttime has passed and the INVALID flag  is
-set.   If  the  PROXY option is requested, then the KDC will
-check that the PROXIABLE flag is set in the ticket.  If  the
-tests  succeed,  and  the  ticket  passes  the hotlist check
-described in the next paragraph,  the  KDC  will  issue  the
-appropriate new ticket.
-
-
-3.3.3.1.  Checking for revoked tickets
-
-     Whenever a  request  is  made  to  the  ticket-granting
-server,  the  presented  ticket(s) is(are) checked against a
-hot-list of tickets which have been canceled.  This hot-list
-might  be implemented by storing a range of issue timestamps
-for "suspect tickets"; if a presented ticket had an authtime
-in  that range, it would be rejected.  In this way, a stolen
-ticket-granting ticket or renewable ticket cannot be used to
-gain  additional  tickets  (renewals  or otherwise) once the
-theft has been reported.  Any normal ticket obtained  before
-it  was  reported  stolen  will still be valid (because they
-require no interaction with the KDC), but only  until  their
-normal expiration time.
-
-     The ciphertext part of the response in the  KRB_TGS_REP
-message is encrypted in the sub-session key from the Authen-
-ticator, if  present,  or  the  session  key  key  from  the
-ticket-granting  ticket.   It  is  not  encrypted  using the
-client's  secret  key.   Furthermore,  the  client's   key's
-expiration  date  and the key version number fields are left
-out since these values are stored along  with  the  client's
-database  record, and that record is not needed to satisfy a
-request based on a ticket-granting ticket.  See section  A.6
-for pseudocode.
-
-3.3.3.2.  Encoding the transited field
-
-     If the identity of  the  server  in  the  TGT  that  is
-presented to the KDC as part of the authentication header is
-that of the ticket-granting service, but the TGT was  issued
-from another realm, the KDC will look up the inter-realm key
-shared with that realm and  use  that  key  to  decrypt  the
-ticket.  If the ticket is valid, then the KDC will honor the
-request, subject to the constraints outlined  above  in  the
-section  describing  the AS exchange.  The realm part of the
-client's identity will be  taken  from  the  ticket-granting
-ticket.   The  name  of  the  realm  that issued the ticket-
-granting ticket will be added to the transited field of  the
-ticket  to  be  issued.  This is accomplished by reading the
-transited field from the ticket-granting  ticket  (which  is
-treated  as an unordered set of realm names), adding the new
-realm to the set, then  constructing  and  writing  out  its
-encoded  (shorthand)  form (this may involve a rearrangement
-of the existing encoding).
-
-
-
-Section 3.3.3.2.           - 30 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     Note that the ticket-granting service does not add  the
-name  of  its  own realm.  Instead, its responsibility is to
-add the name of the previous realm.  This prevents  a  mali-
-cious Kerberos server from intentionally leaving out its own
-name (it could, however, omit other realms' names).
-
-     The  names  of  neither  the  local   realm   nor   the
-principal's realm are to be included in the transited field.
-They appear elsewhere in the ticket and both  are  known  to
-have  taken part in authenticating the principal.  Since the
-endpoints  are  not  included,  both  local  and  single-hop
-inter-realm  authentication result in a transited field that
-is empty.
-
-     Because the name of each realm transited  is  added  to
-this  field, it might potentially be very long.  To decrease
-the length of this field, its  contents  are  encoded.   The
-initially  supported  encoding  is  optimized for the normal
-case of inter-realm communication: a  hierarchical  arrange-
-ment  of  realms  using  either  domain or X.500 style realm
-names.  This encoding (called DOMAIN-X500-COMPRESS)  is  now
-described.
-
-     Realm names in the transited field are separated  by  a
-",".   The ",", "\", trailing "."s, and leading spaces (" ")
-are special characters, and if they  are  part  of  a  realm
-name,  they must be quoted in the transited field by preced-
-ing them with a "\".
-
-     A realm name ending with a "." is interpreted as  being
-prepended to the previous realm.  For example, we can encode
-traversal of EDU, MIT.EDU,  ATHENA.MIT.EDU,  WASHINGTON.EDU,
-and CS.WASHINGTON.EDU as:
-
-     "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were  end-
-points,  that  they would not be included in this field, and
-we would have:
-
-     "EDU,MIT.,WASHINGTON.EDU"
-
-A realm name beginning with a "/" is  interpreted  as  being
-appended to the previous realm[18].  If it is  to  stand  by
-itself,  then  it  should be preceded by a space (" ").  For
-example, we can encode traversal of /COM/HP/APOLLO, /COM/HP,
-/COM, and /COM/DEC as:
-
-     "/COM,/HP,/APOLLO, /COM/DEC".
-__________________________
-[18] For the purpose of appending, the realm  preceding
-the  first  listed  realm  is considered to be the null
-realm ("").
-
-
-Section 3.3.3.2.           - 31 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-Like the example above, if /COM/HP/APOLLO and  /COM/DEC  are
-endpoints,  they  they  would not be included in this field,
-and we would have:
-
-     "/COM,/HP"
-
-
-     A null subfield preceding or following a ","  indicates
-that  all  realms  between  the  previous realm and the next
-realm have been traversed[19].  Thus,  ","  means  that  all
-realms along the path between the client and the server have
-been traversed. ",EDU, /COM," means  that  that  all  realms
-from the client's realm up to EDU (in a domain style hierar-
-chy) have been traversed, and that everything from /COM down
-to  the  server's  realm  in  an  X.500  style has also been
-traversed.  This could occur if the EDU realm in one hierar-
-chy  shares  an inter-realm key directly with the /COM realm
-in another hierarchy.
-
-3.3.4.  Receipt of KRB_TGS_REP message
-
-When the KRB_TGS_REP is received by the client, it  is  pro-
-cessed  in  the  same  manner  as  the KRB_AS_REP processing
-described above.  The primary difference is that the cipher-
-text  part  of the response must be decrypted using the ses-
-sion key from the ticket-granting  ticket  rather  than  the
-client's secret key.  See section A.7 for pseudocode.
-
-
-3.4.  The KRB_SAFE Exchange
-
-     The KRB_SAFE message may be used by  clients  requiring
-the   ability  to  detect  modifications  of  messages  they
-exchange.  It achieves this by including a keyed  collision-
-proof  checksum  of  the user data and some control informa-
-tion.  The checksum is keyed with an encryption key (usually
-the  last  key negotiated via subkeys, or the session key if
-no negotiation has occured).
-
-3.4.1.  Generation of a KRB_SAFE message
-
-When an application wishes to send a  KRB_SAFE  message,  it
-collects  its  data  and the appropriate control information
-and computes a checksum over them.  The  checksum  algorithm
-should  be  a  keyed one-way hash function (such as the RSA-
-MD5-DES checksum algorithm specified in  section  6.4.5,  or
-the  DES  MAC),  generated  using  the  sub-session  key  if
-present, or the session key.  Different  algorithms  may  be
-__________________________
-[19] For the purpose of  interpreting  null  subfields,
-the  client's  realm  is considered to precede those in
-the transited field, and the  server's  realm  is  con-
-sidered to follow them.
-
-
-Section 3.4.1.             - 32 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-selected by changing  the  checksum  type  in  the  message.
-Unkeyed  or  non-collision-proof  checksums are not suitable
-for this use.
-
-     The  control  information  for  the  KRB_SAFE   message
-includes  both  a  timestamp  and  a  sequence  number.  The
-designer of an application using the KRB_SAFE  message  must
-choose  at  least  one  of  the two mechanisms.  This choice
-should be based on the needs of the application protocol.
-
-     Sequence numbers are useful when all messages sent will
-be  received  by  one's peer.  Connection state is presently
-required to maintain the session  key,  so  maintaining  the
-next  sequence number should not present an additional prob-
-lem.
-
-     If the application protocol  is  expected  to  tolerate
-lost  messages  without  them  being  resent, the use of the
-timestamp is the  appropriate  replay  detection  mechanism.
-Using  timestamps  is  also  the  appropriate  mechanism for
-multi-cast protocols where all of one's peers share a common
-sub-session  key, but some messages will be sent to a subset
-of one's peers.
-
-     After computing the checksum, the client then transmits
-the information and checksum to the recipient in the message
-format specified in section 5.6.1.
-
-3.4.2.  Receipt of KRB_SAFE message
-
-When an application receives a KRB_SAFE message, it verifies
-it  as  follows.   If  any  error  occurs,  an error code is
-reported for use by the application.
-
-     The message is first checked by verifying that the pro-
-tocol  version and type fields match the current version and
-KRB_SAFE,   respectively.    A    mismatch    generates    a
-KRB_AP_ERR_BADVERSION  or  KRB_AP_ERR_MSG_TYPE  error.   The
-application verifies that the checksum used is a  collision-
-proof    keyed    checksum,    and   if   it   is   not,   a
-KRB_AP_ERR_INAPP_CKSUM error is  generated.   The  recipient
-verifies  that the operating system's report of the sender's
-address matches the sender's address in the message, and (if
-a  recipient  address is specified or the recipient requires
-an address) that one of the recipient's addresses appears as
-the  recipient's address in the message.  A failed match for
-either case generates a KRB_AP_ERR_BADADDR error.  Then  the
-timestamp  and  usec  and/or  the sequence number fields are
-checked.   If  timestamp  and  usec  are  expected  and  not
-present,   or   they   are  present  but  not  current,  the
-KRB_AP_ERR_SKEW error is generated.   If  the  server  name,
-along with the client name, time and microsecond fields from
-the  Authenticator  match   any   recently-seen   (sent   or
-received[20] ) such tuples, the KRB_AP_ERR_REPEAT  error  is
-__________________________
-[20] This means that a client and server running on the
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-generated.  If an incorrect sequence number is included,  or
-a   sequence   number  is  expected  but  not  present,  the
-KRB_AP_ERR_BADORDER error is generated.  If neither a  time-
-stamp   and   usec  or  a  sequence  number  is  present,  a
-KRB_AP_ERR_MODIFIED error is generated.  Finally, the check-
-sum  is  computed over the data and control information, and
-if   it   doesn't   match   the   received    checksum,    a
-KRB_AP_ERR_MODIFIED error is generated.
-
-     If all the checks succeed, the application  is  assured
-that the message was generated by its peer and was not modi-
-fied in transit.
-
-3.5.  The KRB_PRIV Exchange
-
-     The KRB_PRIV message may be used by  clients  requiring
-confidentiality  and  the ability to detect modifications of
-exchanged messages.  It achieves this by encrypting the mes-
-sages and adding control information.
-
-3.5.1.  Generation of a KRB_PRIV message
-
-When an application wishes to send a  KRB_PRIV  message,  it
-collects  its  data  and the appropriate control information
-(specified in section 5.7.1)  and  encrypts  them  under  an
-encryption key (usually the last key negotiated via subkeys,
-or the session key if no negotiation has occured).  As  part
-of  the  control  information, the client must choose to use
-either a timestamp or a sequence number (or both);  see  the
-discussion  in section 3.4.1 for guidelines on which to use.
-After the user data and control information  are  encrypted,
-the  client  transmits  the  ciphertext  and some "envelope"
-information to the recipient.
-
-3.5.2.  Receipt of KRB_PRIV message
-
-When an application receives a KRB_PRIV message, it verifies
-it  as  follows.   If  any  error  occurs,  an error code is
-reported for use by the application.
-
-     The message is first checked by verifying that the pro-
-tocol  version and type fields match the current version and
-KRB_PRIV,   respectively.    A    mismatch    generates    a
-KRB_AP_ERR_BADVERSION  or  KRB_AP_ERR_MSG_TYPE  error.   The
-application then decrypts the ciphertext and  processes  the
-resultant  plaintext.   If decryption shows the data to have
-been modified,  a  KRB_AP_ERR_BAD_INTEGRITY  error  is  gen-
-erated.   The recipient verifies that the operating system's
-report of the sender's address matches the sender's  address
-__________________________
-same  host and communicating with one another using the
-KRB_SAFE messages should  not  share  a  common  replay
-cache to detect KRB_SAFE replays.
-
-
-
-Section 3.5.2.             - 34 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-in the message, and (if a recipient address is specified  or
-the   recipient   requires  an  address)  that  one  of  the
-recipient's addresses appears as the recipient's address  in
-the  message.   A  failed  match for either case generates a
-KRB_AP_ERR_BADADDR  error.   Then  the  timestamp  and  usec
-and/or the sequence number fields are checked.  If timestamp
-and usec are expected and not present, or they  are  present
-but  not current, the KRB_AP_ERR_SKEW error is generated. If
-the server name,  along  with  the  client  name,  time  and
-microsecond   fields   from   the  Authenticator  match  any
-recently-seen such tuples, the  KRB_AP_ERR_REPEAT  error  is
-generated.   If an incorrect sequence number is included, or
-a  sequence  number  is  expected  but  not   present,   the
-KRB_AP_ERR_BADORDER  error is generated.  If neither a time-
-stamp  and  usec  or  a  sequence  number  is   present,   a
-KRB_AP_ERR_MODIFIED error is generated.
-
-     If all the checks succeed, the application  can  assume
-the  message  was  generated  by  its peer, and was securely
-transmitted (without intruders able to see  the  unencrypted
-contents).
-
-3.6.  The KRB_CRED Exchange
-
-     The KRB_CRED message may be used by  clients  requiring
-the  ability  to  send Kerberos credentials from one host to
-another.  It achieves this by sending the  tickets  together
-with  encrypted  data  containing the session keys and other
-information associated with the tickets.
-
-3.6.1.  Generation of a KRB_CRED message
-
-When an application wishes to send  a  KRB_CRED  message  it
-first (using the KRB_TGS exchange) obtains credentials to be
-sent to the remote host.  It then constructs a KRB_CRED mes-
-sage  using  the  ticket or tickets so obtained, placing the
-session key needed to use each ticket in the  key  field  of
-the corresponding KrbCredInfo sequence of the encrypted part
-of the the KRB_CRED message.
-
-     Other  information  associated  with  each  ticket  and
-obtained  during  the KRB_TGS exchange is also placed in the
-corresponding KrbCredInfo sequence in the encrypted part  of
-the KRB_CRED message.  The current time and, if specifically
-required by the application the  nonce,  s-address,  and  r-
-address  fields,  are  placed  in  the encrypted part of the
-KRB_CRED message which is then encrypted under an encryption
-key previosuly exchanged in the KRB_AP exchange (usually the
-last key negotiated via subkeys, or the session  key  if  no
-negotiation has occured).
-
-3.6.2.  Receipt of KRB_CRED message
-
-When an application receives a KRB_CRED message, it verifies
-
-
-Section 3.6.2.             - 35 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-it.   If any error occurs, an error code is reported for use
-by the application.  The message  is  verified  by  checking
-that  the protocol version and type fields match the current
-version and KRB_CRED, respectively.  A mismatch generates  a
-KRB_AP_ERR_BADVERSION  or  KRB_AP_ERR_MSG_TYPE  error.   The
-application then decrypts the ciphertext and  processes  the
-resultant  plaintext.   If decryption shows the data to have
-been modified,  a  KRB_AP_ERR_BAD_INTEGRITY  error  is  gen-
-erated.
-
-     If present or required, the recipient verifies that the
-operating  system's  report  of the sender's address matches
-the sender's address in the message, and  that  one  of  the
-recipient's  addresses appears as the recipient's address in
-the message.  A failed match for  either  case  generates  a
-KRB_AP_ERR_BADADDR  error.   The  timestamp  and usec fields
-(and the nonce field if required) are checked next.  If  the
-timestamp  and usec are not present, or they are present but
-not current, the KRB_AP_ERR_SKEW error is generated.
-
-     If all the checks succeed, the application stores  each
-of  the  new  tickets  in its ticket cache together with the
-session key  and  other  information  in  the  corresponding
-KrbCredInfo sequence from the encrypted part of the KRB_CRED
-message.
-
-4.  The Kerberos Database
-
-The Kerberos server must have access to a database  contain-
-ing  the principal identifiers and secret keys of principals
-to be authenticated[21].
-
-4.1.  Database contents
-
-A database entry  should  contain  at  least  the  following
-fields:
-
-Field                Value
-
-name                 Principal's                    identif-
-ier
-key                  Principal's secret key
-p_kvno               Principal's key version
-max_life             Maximum lifetime for Tickets
-__________________________
-[21] The implementation of the Kerberos server need not
-combine  the  database  and  the  server  on  the  same
-machine; it is feasible to store the principal database
-in, say, a network name service, as long as the entries
-stored therein are protected  from  disclosure  to  and
-modification  by  unauthorized  parties.   However,  we
-recommend against such strategies,  as  they  can  make
-system management and threat analysis quite complex.
-
-
-Section 4.1.               - 36 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-max_renewable_life   Maximum total lifetime for renewable Tickets
-
-The name field is an encoding of the principal's identifier.
-The  key  field contains an encryption key.  This key is the
-principal's secret key.  (The key can  be  encrypted  before
-storage  under a Kerberos "master key" to protect it in case
-the database is compromised but the master key is  not.   In
-that case, an extra field must be added to indicate the mas-
-ter key version used, see below.) The p_kvno  field  is  the
-key  version  number  of  the  principal's  secret key.  The
-max_life field contains the maximum allowable lifetime (end-
-time  - starttime) for any Ticket issued for this principal.
-The max_renewable_life field contains the maximum  allowable
-total  lifetime  for  any  renewable  Ticket issued for this
-principal.  (See section 3.1 for a description of how  these
-lifetimes  are  used  in determining the lifetime of a given
-Ticket.)
-
-     A server may provide KDC service to several realms,  as
-long  as the database representation provides a mechanism to
-distinguish between principal records with identifiers which
-differ only in the realm name.
-
-     When an application server's key changes, if the change
-is  routine  (i.e.  not  the result of disclosure of the old
-key), the old key should be retained by the server until all
-tickets  that  had  been issued using that key have expired.
-Because of this, it is  possible  for  several  keys  to  be
-active  for  a  single principal.  Ciphertext encrypted in a
-principal's key is always tagged with the version of the key
-that was used for encryption, to help the recipient find the
-proper key for decryption.
-
-     When more than one key is active for a particular prin-
-cipal,  the  principal will have more than one record in the
-Kerberos database.  The keys and key  version  numbers  will
-differ  between  the  records (the rest of the fields may or
-may not be the same). Whenever Kerberos issues a ticket,  or
-responds  to  a request for initial authentication, the most
-recent key (known by the Kerberos server) will be  used  for
-encryption.   This  is  the key with the highest key version
-number.
-
-4.2.  Additional fields
-
-Project Athena's KDC implementation uses  additional  fields
-in its database:
-
-Field        Value
-
-K_kvno       Kerberos' key version
-expiration   Expiration date for entry
-attributes   Bit field of attributes
-mod_date     Timestamp of last modification
-
-
-Section 4.2.               - 37 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-mod_name     Modifying principal's identifier
-
-
-The K_kvno field indicates the key version of  the  Kerberos
-master  key  under  which  the  principal's  secret  key  is
-encrypted.
-
-     After an entry's expiration date has  passed,  the  KDC
-will  return an error to any client attempting to gain tick-
-ets as or for the principal.  (A database may want to  main-
-tain  two  expiration  dates: one for the principal, and one
-for the principal's current key.  This allows password aging
-to  work  independently  of the principal's expiration date.
-However, due to the limited space in the responses, the  KDC
-must  combine  the  key  expiration and principal expiration
-date into a single value called "key_exp", which is used  as
-a hint to the user to take administrative action.)
-
-     The attributes field is a bitfield used to  govern  the
-operations  involving  the  principal.   This field might be
-useful in conjunction with user registration procedures, for
-site-specific   policy   implementations   (Project   Athena
-currently uses it for their user registration  process  con-
-trolled  by the system-wide database service, Moira [9]), to
-identify whether a principal can play the role of  a  client
-or  server  or both, to note whether a server is appropriate
-trusted to recieve credentials delegated by a client, or  to
-identify the "string to key" conversion algorithm used for a
-principal's key[22].  Other bits are used to  indicate  that
-certain  ticket  options  should  not  be allowed in tickets
-encrypted under a principal's key (one bit each):   Disallow
-issuing  postdated  tickets,  disallow  issuing  forwardable
-tickets, disallow issuing tickets based on  TGT  authentica-
-tion,  disallow  issuing renewable tickets, disallow issuing
-proxiable tickets, and disallow issuing  tickets  for  which
-the principal is the server.
-
-     The mod_date field contains the time of last  modifica-
-tion  of the entry, and the mod_name field contains the name
-of the principal which last modified the entry.
-
-4.3.  Frequently Changing Fields
-
-     Some KDC implementations may wish to maintain the  last
-time  that  a  request  was  made by a particular principal.
-Information that might be maintained includes  the  time  of
-the  last  request,  the  time  of  the  last  request for a
-ticket-granting ticket, the  time  of  the  last  use  of  a
-ticket-granting  ticket,  or  other times.  This information
-can then be returned to the user in the last-req field  (see
-__________________________
-[22] See the discussion of the padata field in  section
-5.4.2 for details on why this can be useful.
-
-
-Section 4.3.               - 38 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-section 5.2).
-
-     Other frequently changing information that can be main-
-tained  is  the  latest expiration time for any tickets that
-have been issued using each key.  This field would  be  used
-to indicate how long old keys must remain valid to allow the
-continued use of outstanding tickets.
-
-4.4.  Site Constants
-
-     The KDC implementation should have the following confi-
-gurable  constants  or options, to allow an administrator to
-make and enforce policy decisions:
-
-+  The minimum supported lifetime (used to determine whether
-   the  KDC_ERR_NEVER_VALID error should be returned).  This
-   constant  should  reflect  reasonable   expectations   of
-   round-trip  time  to the KDC, encryption/decryption time,
-   and processing time by the client and target server,  and
-   it should allow for a minimum "useful" lifetime.
-
-+  The maximum allowable total  (renewable)  lifetime  of  a
-   ticket (renew_till - starttime).
-
-+  The maximum allowable lifetime of  a  ticket  (endtime  -
-   starttime).
-
-+  Whether to allow the issue of tickets with empty  address
-   fields  (including the ability to specify that such tick-
-   ets may only be issued  if  the  request  specifies  some
-   authorization_data).
-
-+  Whether proxiable, forwardable, renewable or post-datable
-   tickets are to be issued.
-
-
-5.  Message Specifications
-
-     The following sections describe the exact contents  and
-encoding  of  protocol messages and objects.  The ASN.1 base
-definitions are presented  in  the  first  subsection.   The
-remaining  subsections specify the protocol objects (tickets
-and authenticators) and messages.  Specification of  encryp-
-tion  and  checksum  techniques,  and  the fields related to
-them, appear in section 6.
-
-5.1.  ASN.1 Distinguished Encoding Representation
-
-     All uses of  ASN.1  in  Kerberos  shall  use  the  Dis-
-tinguished  Encoding  Representation of the data elements as
-described in the X.509 specification, section 8.7  [10].
-
-
-
-
-
-Section 5.1.               - 39 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-5.2.  ASN.1 Base Definitions
-
-     The following ASN.1 base definitions are  used  in  the
-rest  of this section.  Note that since the underscore char-
-acter (_) is not permitted in ASN.1 names, the hyphen (-) is
-used in its place for the purposes of ASN.1 names.
-
-Realm ::=           GeneralString
-PrincipalName ::=   SEQUENCE {
-                    name-type[0]     INTEGER,
-                    name-string[1]   SEQUENCE OF GeneralString
-}
-
-
-Kerberos realms are encoded as GeneralStrings.  Realms shall
-not  contain  a  character  with the code 0 (the ASCII NUL).
-Most realms  will  usually  consist  of  several  components
-separated  by  periods  (.), in the style of Internet Domain
-Names, or separated by slashes (/) in  the  style  of  X.500
-names.   Acceptable  forms  for realm names are specified in
-section 7.  A PrincipalName is  a  typed  sequence  of  com-
-ponents consisting of the following sub-fields:
-
-name-type This field specifies the type of  name  that  fol-
-          lows.   Pre-defined  values  for  this  field  are
-          specified in section 7.2.  The name-type should be
-          treated as a hint.  Ignoring the name type, no two
-          names can be the same (i.e. at least  one  of  the
-          components,  or  the  realm,  must  be different).
-          This constraint may be eliminated in the future.
-
-name-stringThis field encodes a sequence of components  that
-          form  a name, each component encoded as a General-
-          String.  Taken together,  a  PrincipalName  and  a
-          Realm  form  a principal identifier.  Most Princi-
-          palNames will have only a  few  components  (typi-
-          cally one or two).
-
-
-
-        KerberosTime ::=   GeneralizedTime
-                           -- Specifying UTC time zone (Z)
-
-
-     The timestamps used in Kerberos are encoded as General-
-izedTimes.   An encoding shall specify the UTC time zone (Z)
-and  shall  not  include  any  fractional  portions  of  the
-seconds.   It  further  shall  not  include  any separators.
-Example: The only valid format for UTC time  6  minutes,  27
-seconds after 9 pm on 6 November 1985 is 19851106210627Z.
-
- HostAddress ::=     SEQUENCE  {
-                     addr-type[0]             INTEGER,
-                     address[1]               OCTET STRING
-
-
-Section 5.2.               - 40 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
- }
-
- HostAddresses ::=   SEQUENCE OF SEQUENCE {
-                     addr-type[0]             INTEGER,
-                     address[1]               OCTET STRING
- }
-
-
-     The host adddress encodings consists of two fields:
-
-addr-type This field  specifies the  type  of  address  that
-          follows.   Pre-defined  values  for this field are
-          specified in section 8.1.
-
-
-address   This field encodes a single address of type  addr-
-          type.
-
-The two forms differ slightly. HostAddress contains  exactly
-one  address;  HostAddresses contains a sequence of possibly
-many addresses.
-
-AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                        ad-type[0]               INTEGER,
-                        ad-data[1]               OCTET STRING
-}
-
-
-ad-data   This  field  contains  authorization  data  to  be
-          interpreted   according   to   the  value  of  the
-          corresponding ad-type field.
-
-ad-type   This field specifies the format  for  the  ad-data
-          subfield.   All  negative  values are reserved for
-          local use.  Non-negative values are  reserved  for
-          registered use.
-
-                APOptions ::=   BIT STRING {
-                                reserved(0),
-                                use-session-key(1),
-                                mutual-required(2)
-                }
-
-
-          TicketFlags ::=   BIT STRING {
-                            reserved(0),
-                            forwardable(1),
-                            forwarded(2),
-                            proxiable(3),
-                            proxy(4),
-                            may-postdate(5),
-                            postdated(6),
-                            invalid(7),
-                            renewable(8),
-                            initial(9),
-
-
-Section 5.2.               - 41 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                            pre-authent(10),
-                            hw-authent(11),
-                            transited-policy-checked(12),
-                            ok-as-delegate(13)
-          }
-
-
-           KDCOptions ::=   BIT STRING {
-                            reserved(0),
-                            forwardable(1),
-                            forwarded(2),
-                            proxiable(3),
-                            proxy(4),
-                            allow-postdate(5),
-                            postdated(6),
-                            unused7(7),
-                            renewable(8),
-                            unused9(9),
-                            unused10(10),
-                            unused11(11),
-                            unused12(12),
-                            unused13(13),
-                            disable-transited-check(26),
-                            renewable-ok(27),
-                            enc-tkt-in-skey(28),
-                            renew(30),
-                            validate(31)
-           }
-
-          ASN.1 Bit strings have a length and a value.  When
-          used  in  Kerberos for the APOptions, TicketFlags,
-          and KDCOptions, the length of the  bit  string  on
-          generated  values  should be the smallest multiple
-          of 32 bits needed to include the highest order bit
-          that is set (1), but in no case less than 32 bits.
-          Implementations  should  accept  values   of   bit
-          strings of any length and treat the value of flags
-          cooresponding to bits beyond the end  of  the  bit
-          string as if the bit were reset (0).  Comparisonof
-          bit strings of different length should  treat  the
-          smaller  string  as  if  it were padded with zeros
-          beyond the high order bits to the  length  of  the
-          longer string[23].
-
-__________________________
-[23] Warning for implementations that unpack and repack
-data  structures during the generation and verification
-of embedded checksums: Because any checksums applied to
-data  structures  must  be checked against the original
-data the length of bit strings must be preserved within
-a  data  structure  between the time that a checksum is
-generated through transmission to  the  time  that  the
-checksum is verified.
-
-
-
-Section 5.2.               - 42 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-         LastReq ::=   SEQUENCE OF SEQUENCE {
-                       lr-type[0]               INTEGER,
-                       lr-value[1]              KerberosTime
-         }
-
-
-lr-type   This field indicates how  the  following  lr-value
-          field is to be interpreted.  Negative values indi-
-          cate that the information  pertains  only  to  the
-          responding server.  Non-negative values pertain to
-          all servers for the realm.
-
-          If the lr-type field is zero (0), then no informa-
-          tion is conveyed by the lr-value subfield.  If the
-          absolute value of the lr-type field  is  one  (1),
-          then  the  lr-value  subfield  is the time of last
-          initial request for a TGT.  If it is two (2), then
-          the  lr-value subfield is the time of last initial
-          request.  If it is three (3),  then  the  lr-value
-          subfield  is  the  time  of  issue  for the newest
-          ticket-granting ticket used.  If it is  four  (4),
-          then the lr-value subfield is the time of the last
-          renewal.  If it is five  (5),  then  the  lr-value
-          subfield  is  the  time  of  last  request (of any
-          type).
-
-
-lr-value  This field contains the time of the last  request.
-          The time must be interpreted according to the con-
-          tents of the accompanying lr-type subfield.
-
-     See section 6 for the definitions of  Checksum,  Check-
-sumType,  EncryptedData,  EncryptionKey, EncryptionType, and
-KeyType.
-
-
-5.3.  Tickets and Authenticators
-
-     This section describes the format and encryption param-
-eters  for  tickets  and  authenticators.   When a ticket or
-authenticator is  included  in  a  protocol  message  it  is
-treated as an opaque object.
-
-5.3.1.  Tickets
-
-     A ticket is a record that helps a  client  authenticate
-to a service.  A Ticket contains the following information:
-
-Ticket ::=                    [APPLICATION 1] SEQUENCE {
-                              tkt-vno[0]                   INTEGER,
-                              realm[1]                     Realm,
-                              sname[2]                     PrincipalName,
-                              enc-part[3]                  EncryptedData
-}
-
-
-Section 5.3.1.             - 43 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-                  flags[0]                     TicketFlags,
-                  key[1]                       EncryptionKey,
-                  crealm[2]                    Realm,
-                  cname[3]                     PrincipalName,
-                  transited[4]                 TransitedEncoding,
-                  authtime[5]                  KerberosTime,
-                  starttime[6]                 KerberosTime OPTIONAL,
-                  endtime[7]                   KerberosTime,
-                  renew-till[8]                KerberosTime OPTIONAL,
-                  caddr[9]                     HostAddresses OPTIONAL,
-                  authorization-data[10]       AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=   SEQUENCE {
-                        tr-type[0]             INTEGER, -- must be registered
-                        contents[1]            OCTET STRING
-}
-
-The encoding of EncTicketPart is encrypted in the key shared
-by  Kerberos  and  the end server (the server's secret key).
-See section 6 for the format of the ciphertext.
-
-tkt-vno   This field specifies the version  number  for  the
-          ticket  format.   This  document describes version
-          number 5.
-
-
-realm     This field  specifies  the  realm  that  issued  a
-          ticket.  It also serves to identify the realm part
-          of the server's  principal  identifier.   Since  a
-          Kerberos server can only issue tickets for servers
-          within its realm, the two will always  be  identi-
-          cal.
-
-
-sname     This field specifies the name part of the server's
-          identity.
-
-
-enc-part  This field holds the  encrypted  encoding  of  the
-          EncTicketPart sequence.
-
-
-flags     This field indicates which of various options were
-          used  or requested when the ticket was issued.  It
-          is a bit-field, where  the  selected  options  are
-          indicated  by  the  bit  being  set  (1),  and the
-          unselected options and reserved fields being reset
-          (0).   Bit  0  is  the  most significant bit.  The
-          encoding of the bits is specified in section  5.2.
-          The  flags  are  described in more detail above in
-          section 2.  The meanings of the flags are:
-
-
-Section 5.3.1.             - 44 -    Expires 11 January 1998
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     Bit(s)      Name         Description
-
-     0           RESERVED
-                              Reserved for future  expansion  of  this
-                              field.
-
-     1           FORWARDABLE 
-                              The FORWARDABLE flag  is  normally  only
-                              interpreted  by  the  TGS,  and  can  be
-                              ignored by end servers.  When set,  this
-                              flag  tells  the  ticket-granting server
-                              that it is OK to  issue  a  new  ticket-
-                              granting ticket with a different network
-                              address based on the presented ticket.
-
-     2           FORWARDED   
-                              When set, this flag indicates  that  the
-                              ticket  has either been forwarded or was
-                              issued based on authentication involving
-                              a forwarded ticket-granting ticket.
-
-     3           PROXIABLE   
-                              The  PROXIABLE  flag  is  normally  only
-                              interpreted  by  the  TGS,  and  can  be
-                              ignored by end servers.   The  PROXIABLE
-                              flag  has an interpretation identical to
-                              that of  the  FORWARDABLE  flag,  except
-                              that   the   PROXIABLE  flag  tells  the
-                              ticket-granting server  that  only  non-
-                              ticket-granting  tickets  may  be issued
-                              with different network addresses.
-
-     4           PROXY       
-                              When set, this  flag  indicates  that  a
-                              ticket is a proxy.
-
-     5           MAY-POSTDATE 
-                              The MAY-POSTDATE flag is  normally  only
-                              interpreted  by  the  TGS,  and  can  be
-                              ignored by end servers.  This flag tells
-                              the  ticket-granting server that a post-
-                              dated ticket may be issued based on this
-                              ticket-granting ticket.
-
-     6           POSTDATED    
-                              This flag indicates that this ticket has
-                              been  postdated.   The  end-service  can
-                              check the authtime field to see when the
-                              original authentication occurred.
-
-     7           INVALID      
-                              This flag indicates  that  a  ticket  is
-                              invalid, and it must be validated by the
-                              KDC  before  use.   Application  servers
-                              must reject tickets which have this flag
-                              set.
-
-
-
-
-
-
-
-
-Section 5.3.1.             - 45 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     8           RENEWABLE                        
-                              The  RENEWABLE  flag  is  normally  only
-                              interpreted  by the TGS, and can usually
-                              be ignored by end servers (some particu-
-                              larly careful servers may wish to disal-
-                              low  renewable  tickets).   A  renewable
-                              ticket  can be used to obtain a replace-
-                              ment ticket  that  expires  at  a  later
-                              date.
-
-     9           INITIAL                    
-                              This flag indicates that this ticket was
-                              issued  using  the  AS protocol, and not
-                              issued  based   on   a   ticket-granting
-                              ticket.
-
-     10          PRE-AUTHENT              
-                              This flag indicates that during  initial
-                              authentication, the client was authenti-
-                              cated by the KDC  before  a  ticket  was
-                              issued.    The   strength  of  the  pre-
-                              authentication method is not  indicated,
-                              but is acceptable to the KDC.
-
-     11          HW-AUTHENT                    
-                              This flag indicates  that  the  protocol
-                              employed   for   initial  authentication
-                              required the use of hardware expected to
-                              be possessed solely by the named client.
-                              The hardware  authentication  method  is
-                              selected  by the KDC and the strength of
-                              the method is not indicated.
-
-
-
-
-Section 5.3.1.             - 46 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     12           TRANSITED   This flag indicates that the KDC for the
-             POLICY-CHECKED   realm has checked the transited field
-			      against a realm defined policy for
-			      trusted certifiers.  If this flag is
-			      reset (0), then the application server
-			      must check the transited field itself,
-			      and if unable to do so it must reject
-			      the authentication.  If the flag is set
-			      (1) then the application server may skip
-			      its own validation of the transited
-			      field, relying on the validation
-			      performed by the KDC.  At its option the
-			      application server may still apply its
-			      own validation based on a separate
-			      policy for acceptance.
-
-Section 5.3.1.             - 47 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     13      OK-AS-DELEGATE   This flag indicates that the server (not
-			      the client) specified in the ticket has
-			      been determined by policy of the realm
-			      to be a suitable recipient of
-			      delegation.  A client can use the
-			      presence of this flag to help it make a
-			      decision whether to delegate credentials
-			      (either grant a proxy or a forwarded
-			      ticket granting ticket) to this server.
-			      The client is free to ignore the value
-			      of this flag.  When setting this flag,
-			      an administrator should consider the
-			      security and placement of the server on
-			      which the service will run, as well as
-			      whether the service requires the use of
-			      delegated credentials.
-
-
-
-
-Section 5.3.1.             - 48 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     14          ANONYMOUS                
-                              This flag indicates that  the  principal
-                              named in the ticket is a generic princi-
-                              pal for the realm and does not  identify
-                              the  individual  using  the ticket.  The
-                              purpose  of  the  ticket  is   only   to
-                              securely  distribute  a session key, and
-                              not to identify  the  user.   Subsequent
-                              requests  using the same ticket and ses-
-                              sion may be  considered  as  originating
-                              from  the  same  user, but requests with
-                              the same username but a different ticket
-                              are  likely  to originate from different
-                              users.
-
-     15-31       RESERVED                
-                              Reserved for future use.
-
-
-
-key       This field  exists  in  the  ticket  and  the  KDC
-          response  and is used to pass the session key from
-          Kerberos to the application server and the client.
-          The field's encoding is described in section 6.2.
-
-crealm    This field contains the name of the realm in which
-          the  client  is  registered  and  in which initial
-          authentication took place.
-
-
-cname     This field contains the name part of the  client's
-          principal identifier.
-
-
-transited This field lists the names of the Kerberos  realms
-          that  took part in authenticating the user to whom
-          this ticket was issued.  It does not  specify  the
-          order  in  which  the  realms were transited.  See
-          section 3.3.3.2 for  details  on  how  this  field
-          encodes the traversed realms.
-
-
-authtime  This field indicates the time of initial authenti-
-          cation for the named principal.  It is the time of
-          issue for the original ticket on which this ticket
-          is based.  It is included in the ticket to provide
-          additional information to the end service, and  to
-          provide  the necessary information for implementa-
-          tion of a `hot list' service at the KDC.   An  end
-          service that is particularly paranoid could refuse
-          to accept tickets for which the initial  authenti-
-          cation occurred "too far" in the past.
-
-          This  field  is  also  returned  as  part  of  the
-          response  from  the KDC.  When returned as part of
-          the    response    to    initial    authentication
-
-
-Section 5.3.1.             - 49 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          (KRB_AS_REP), this is the current time on the Ker-
-          beros server[24].
-
-
-starttime This field in the ticket specifies the time  after
-          which the ticket is valid.  Together with endtime,
-          this field specifies the life of the  ticket.   If
-          it  is absent from the ticket, its value should be
-          treated as that of the authtime field.
-
-
-endtime   This field  contains  the  time  after  which  the
-          ticket  will not be honored (its expiration time).
-          Note that individual services may place their  own
-          limits  on  the  life  of  a ticket and may reject
-          tickets which have not yet expired.  As such, this
-          is  really  an  upper bound on the expiration time
-          for the ticket.
-
-
-renew-tillThis field is only present in  tickets  that  have
-          the  RENEWABLE  flag  set  in the flags field.  It
-          indicates the maximum endtime that may be included
-          in  a  renewal.  It can be thought of as the abso-
-          lute expiration time for the ticket, including all
-          renewals.
-
-
-caddr     This field in a ticket contains zero (if  omitted)
-          or  more  (if  present) host addresses.  These are
-          the addresses from which the ticket can  be  used.
-          If  there are no addresses, the ticket can be used
-          from any location.  The decision  by  the  KDC  to
-          issue  or by the end server to accept zero-address
-          tickets is a policy decision and is  left  to  the
-          Kerberos  and end-service administrators; they may
-          refuse to issue or accept such tickets.  The  sug-
-          gested  and  default policy, however, is that such
-          tickets will only be issued or accepted when addi-
-          tional  information  that  can be used to restrict
-          the  use  of  the  ticket  is  included   in   the
-          authorization_data  field.   Such  a  ticket  is a
-          capability.
-
-          Network addresses are included in  the  ticket  to
-          make  it  harder  for  an  attacker  to use stolen
-          credentials.  Because the session key is not  sent
-          over  the  network in cleartext, credentials can't
-__________________________
-[24] It is NOT recommended that this time value be used
-to adjust the workstation's clock since the workstation
-cannot reliably determine that such a KRB_AS_REP  actu-
-ally came from the proper KDC in a timely manner.
-
-
-Section 5.3.1.             - 50 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          be stolen simply by listening to the  network;  an
-          attacker  has  to  gain  access to the session key
-          (perhaps   through   operating   system   security
-          breaches  or a careless user's unattended session)
-          to make use of stolen tickets.
-
-          It is important to note that the  network  address
-          from  which  a  connection  is  received cannot be
-          reliably determined.  Even  if  it  could  be,  an
-          attacker who has compromised the client's worksta-
-          tion  could  use  the  credentials   from   there.
-          Including the network addresses only makes it more
-          difficult, not impossible, for an attacker to walk
-          off with stolen credentials and then use them from
-          a "safe" location.
-
-
-authorization-data
-          The  authorization-data  field  is  used  to  pass
-          authorization  data  from  the  principal on whose
-          behalf a ticket was issued to the application ser-
-          vice.   If no authorization data is included, this
-          field will be left out.  Experience has shown that
-          the  name  of  this field is confusing, and that a
-          better name for this field would be  restrictions.
-          Unfortunately,  it  is  not possible to change the
-          name of this field at this time.
-
-          This field contains restrictions on any  authority
-          obtained  on the bases of authentication using the
-          ticket.  It  is  possible  for  any  principal  in
-          posession  of  credentials  to  add entries to the
-          authorization  data  field  since  these   entries
-          further restrict what can be done with the ticket.
-          Such additions can be made by specifying the addi-
-          tional  entries when a new ticket is obtained dur-
-          ing the TGS exchange, or they may be added  during
-          chained  delegation  using  the authorization data
-          field of the authenticator.
-
-          Because entries may be added to this field by  the
-          holder of credentials, it is not allowable for the
-          presence of an entry  in  the  authorization  data
-          field  of  a  ticket to amplify the priveleges one
-          would obtain from using a ticket.
-
-          The data in this field may be specific to the  end
-          service;  the field will contain the names of ser-
-          vice specific objects, and  the  rights  to  those
-          objects.   The  format for this field is described
-          in section 5.2.  Although  Kerberos  is  not  con-
-          cerned with the format of the contents of the sub-
-          fields, it does carry type information (ad-type).
-
-
-
-Section 5.3.1.             - 51 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          By using the authorization_data field, a principal
-          is  able  to  issue  a  proxy  that is valid for a
-          specific purpose.  For example, a  client  wishing
-          to  print a file can obtain a file server proxy to
-          be passed to the print server.  By specifying  the
-          name  of the file in the authorization_data field,
-          the file server knows that the  print  server  can
-          only  use  the  client's rights when accessing the
-          particular file to be printed.
-
-          A separate service providing providing  authoriza-
-          tion  or  certifying group membership may be built
-          using the authorization-data field.  In this case,
-          the entity granting authorization (not the author-
-          ized entity), obtains a ticket  in  its  own  name
-          (e.g.  the  ticket  is  issued  in  the  name of a
-          privelege server), and this entity  adds  restric-
-          tions  on its own authority and delegates the res-
-          tricted authority through a proxy to  the  client.
-          The  client  would then present this authorization
-          credential to the  application  server  separately
-          from the authentication exchange.
-
-          Similarly, if one specifies the authorization-data
-          field  of  a  proxy  and leaves the host addresses
-          blank, the resulting ticket and session key can be
-          treated  as  a  capability.  See [7] for some sug-
-          gested uses of this field.
-
-          The authorization-data field is optional and  does
-          not have to be included in a ticket.
-
-
-5.3.2.  Authenticators
-
-     An authenticator is a record sent with a  ticket  to  a
-server  to  certify the client's knowledge of the encryption
-key in the ticket, to help the server detect replays, and to
-help  choose a "true session key" to use with the particular
-session.  The encoding is encrypted in the ticket's  session
-key shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::= [APPLICATION 2] SEQUENCE  {
-                  authenticator-vno[0]          INTEGER,
-                  crealm[1]                     Realm,
-                  cname[2]                      PrincipalName,
-                  cksum[3]                      Checksum OPTIONAL,
-                  cusec[4]                      INTEGER,
-                  ctime[5]                      KerberosTime,
-                  subkey[6]                     EncryptionKey OPTIONAL,
-                  seq-number[7]                 INTEGER OPTIONAL,
-                  authorization-data[8]         AuthorizationData OPTIONAL
-}
-
-
-
-Section 5.3.2.             - 52 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-authenticator-vno
-          This field specifies the version  number  for  the
-          format of the authenticator.  This document speci-
-          fies version 5.
-
-
-crealm and cname
-          These fields are the same as those  described  for
-          the ticket in section 5.3.1.
-
-
-cksum     This field contains a checksum of the the applica-
-          tion data that accompanies the KRB_AP_REQ.
-
-
-cusec     This field contains the microsecond  part  of  the
-          client's timestamp.  Its value (before encryption)
-          ranges from 0 to 999999.  It often  appears  along
-          with  ctime.   The two fields are used together to
-          specify a reasonably accurate timestamp.
-
-
-ctime     This  field  contains  the  current  time  on  the
-          client's host.
-
-
-subkey    This field contains the  client's  choice  for  an
-          encryption key which is to be used to protect this
-          specific application session.  Unless an  applica-
-          tion  specifies  otherwise,  if this field is left
-          out the session key from the ticket will be used.
-
-seq-numberThis optional field includes the initial  sequence
-          number to be used by the KRB_PRIV or KRB_SAFE mes-
-          sages when sequence numbers  are  used  to  detect
-          replays  (It  may  also  be  used  by  application
-          specific messages).  When included in the  authen-
-          ticator  this field specifies the initial sequence
-          number for messages from the client to the server.
-          When  included  in the AP-REP message, the initial
-          sequence number is  that  for  messages  from  the
-          server  to  the  client.  When used in KRB_PRIV or
-          KRB_SAFE messages, it is incremented by one  after
-          each message is sent.
-
-          For sequence numbers  to  adequately  support  the
-          detection of replays they should be non-repeating,
-          even across connection  boundaries.   The  initial
-          sequence  number  should  be  random and uniformly
-          distributed across  the  full  space  of  possible
-          sequence  numbers, so that it cannot be guessed by
-          an attacker and so  that  it  and  the  successive
-          sequence numbers do not repeat other sequences.
-
-
-
-Section 5.3.2.             - 53 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-authorization-data
-          This field is the same as described for the ticket
-          in  section  5.3.1.   It is optional and will only
-          appear when  additional  restrictions  are  to  be
-          placed  on  the use of a ticket, beyond those car-
-          ried in the ticket itself.
-
-5.4.  Specifications for the AS and TGS exchanges
-
-     This section specifies the format of the messages  used
-in  the exchange between the client and the Kerberos server.
-The format of possible error  messages  appears  in  section
-5.9.1.
-
-5.4.1.  KRB_KDC_REQ definition
-
-     The  KRB_KDC_REQ  message  has  no  type  of  its  own.
-Instead,  its  type  is  one  of  KRB_AS_REQ  or KRB_TGS_REQ
-depending on whether the request is for an initial ticket or
-an  additional  ticket.  In either case, the message is sent
-from the client to  the  Authentication  Server  to  request
-credentials for a service.
-
-     The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-KDC-REQ ::=        SEQUENCE {
-                   pvno[1]            INTEGER,
-                   msg-type[2]        INTEGER,
-                   padata[3]          SEQUENCE OF PA-DATA OPTIONAL,
-                   req-body[4]        KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-                   padata-type[1]     INTEGER,
-                   padata-value[2]    OCTET STRING,
-                                      -- might be encoded AP-REQ
-}
-
-KDC-REQ-BODY ::=   SEQUENCE {
-                    kdc-options[0]         KDCOptions,
-                    cname[1]               PrincipalName OPTIONAL,
-                                           -- Used only in AS-REQ
-                    realm[2]               Realm, -- Server's realm
-                                           -- Also client's in AS-REQ
-                    sname[3]               PrincipalName OPTIONAL,
-                    from[4]                KerberosTime OPTIONAL,
-                    till[5]                KerberosTime OPTIONAL,
-                    rtime[6]               KerberosTime OPTIONAL,
-                    nonce[7]               INTEGER,
-                    etype[8]               SEQUENCE OF INTEGER, 
-                                           -- EncryptionType,
-                                           -- in preference order
-
-
-Section 5.4.1.             - 54 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                    addresses[9]           HostAddresses OPTIONAL,
-                enc-authorization-data[10] EncryptedData OPTIONAL,
-                                           -- Encrypted AuthorizationData 
-                                           -- encoding
-                    additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-The fields in this message are:
-
-
-pvno      This field is included in each message, and speci-
-          fies  the  protocol version number.  This document
-          specifies protocol version 5.
-
-
-msg-type  This field indicates the type of a  protocol  mes-
-          sage.   It  will  almost always be the same as the
-          application identifier associated with a  message.
-          It is included to make the identifier more readily
-          accessible to the application.   For  the  KDC-REQ
-          message,   this   type   will   be  KRB_AS_REQ  or
-          KRB_TGS_REQ.
-
-
-padata    The padata (pre-authentication  data)  field  con-
-          tains  a  sequence  of  authentication information
-          which may be  needed  before  credentials  can  be
-          issued  or decrypted.  In the case of requests for
-          additional tickets (KRB_TGS_REQ), this field  will
-          include  an element with padata-type of PA-TGS-REQ
-          and data  of  an  authentication  header  (ticket-
-          granting  ticket and authenticator).  The checksum
-          in the authenticator  (which  must  be  collision-
-          proof)  is  to  be  computed over the KDC-REQ-BODY
-          encoding.  In most requests for initial  authenti-
-          cation  (KRB_AS_REQ)  and  most replies (KDC-REP),
-          the padata field will be left out.
-
-          This field may also contain information needed  by
-          certain  extensions to the Kerberos protocol.  For
-          example, it might be used to initially verify  the
-          identity  of  a  client  before  any  response  is
-          returned.  This  is  accomplished  with  a  padata
-          field  with  padata-type equal to PA-ENC-TIMESTAMP
-          and padata-value defined as follows:
-
-padata-type     ::= PA-ENC-TIMESTAMP
-padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-PA-ENC-TS-ENC   ::= SEQUENCE {
-                patimestamp[0]     KerberosTime, -- client's time
-                pausec[1]          INTEGER OPTIONAL
-}
-
-          with patimestamp containing the client's time  and
-
-
-Section 5.4.1.             - 55 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          pausec  containing  the  microseconds which may be
-          omitted if a client will not  generate  more  than
-          one  request  per second.  The ciphertext (padata-
-          value) consists  of  the  PA-ENC-TS-ENC  sequence,
-          encrypted using the client's secret key.
-
-          The padata  field  can  also  contain  information
-          needed  to  help  the KDC or the client select the
-          key  needed  for  generating  or  decrypting   the
-          response.   This  form of the padata is useful for
-          supporting the use of  certain  token  cards  with
-          Kerberos.   The  details  of  such  extensions are
-          specified in separate  documents.   See  [11]  for
-          additional uses of this field.
-
-padata-type
-          The padata-type element of the padata field  indi-
-          cates  the way that the padata-value element is to
-          be interpreted.  Negative  values  of  padata-type
-          are  reserved  for  unregistered use; non-negative
-          values are used for a registered interpretation of
-          the element type.
-
-
-req-body  This field is a placeholder delimiting the  extent
-          of  the  remaining fields.  If a checksum is to be
-          calculated over the request, it is calculated over
-          an  encoding of the KDC-REQ-BODY sequence which is
-          enclosed within the req-body field.
-
-
-kdc-options
-          This  field  appears   in   the   KRB_AS_REQ   and
-          KRB_TGS_REQ  requests to the KDC and indicates the
-          flags that the client wants set on the tickets  as
-          well  as  other  information that is to modify the
-          behavior of the KDC.  Where appropriate, the  name
-          of  an  option may be the same as the flag that is
-          set by that option.  Although in  most  case,  the
-          bit  in the options field will be the same as that
-          in the flags field, this is not guaranteed, so  it
-          is not acceptable to simply copy the options field
-          to the flags field.  There are various checks that
-          must be made before honoring an option anyway.
-
-          The kdc_options field is a  bit-field,  where  the
-          selected  options  are  indicated by the bit being
-          set (1), and the unselected options  and  reserved
-          fields  being reset (0).  The encoding of the bits
-          is specified in  section  5.2.   The  options  are
-          described  in more detail above in section 2.  The
-          meanings of the options are:
-
-
-
-
-Section 5.4.1.             - 56 -    Expires 11 January 1998
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-   Bit(s)    Name                Description
-    0        RESERVED
-                                 Reserved for future  expansion  of  this
-                                 field.
-
-    1        FORWARDABLE
-                                 The FORWARDABLE  option  indicates  that
-                                 the  ticket  to be issued is to have its
-                                 forwardable flag set.  It  may  only  be
-                                 set on the initial request, or in a sub-
-                                 sequent request if  the  ticket-granting
-                                 ticket on which it is based is also for-
-                                 wardable.
-
-    2        FORWARDED
-                                 The FORWARDED option is  only  specified
-                                 in  a  request  to  the  ticket-granting
-                                 server and will only be honored  if  the
-                                 ticket-granting  ticket  in  the request
-                                 has  its  FORWARDABLE  bit  set.    This
-                                 option  indicates that this is a request
-                                 for forwarding.  The address(es) of  the
-                                 host  from which the resulting ticket is
-                                 to  be  valid  are   included   in   the
-                                 addresses field of the request.
-
-    3        PROXIABLE
-                                 The PROXIABLE option indicates that  the
-                                 ticket to be issued is to have its prox-
-                                 iable flag set.  It may only be  set  on
-                                 the  initial request, or in a subsequent
-                                 request if the ticket-granting ticket on
-                                 which it is based is also proxiable.
-
-    4        PROXY
-                                 The PROXY option indicates that this  is
-                                 a request for a proxy.  This option will
-                                 only be honored if  the  ticket-granting
-                                 ticket  in the request has its PROXIABLE
-                                 bit set.  The address(es)  of  the  host
-                                 from which the resulting ticket is to be
-                                  valid  are  included  in  the  addresses
-                                 field of the request.
-
-    5        ALLOW-POSTDATE
-                                 The ALLOW-POSTDATE option indicates that
-                                 the  ticket  to be issued is to have its
-                                 MAY-POSTDATE flag set.  It may  only  be
-                                 set on the initial request, or in a sub-
-                                 sequent request if  the  ticket-granting
-                                 ticket on which it is based also has its
-                                 MAY-POSTDATE flag set.
-
-
-
-
-
-
-
-Section 5.4.1.             - 57 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-    6        POSTDATED
-                                 The POSTDATED option indicates that this
-                                 is  a  request  for  a postdated ticket.
-                                 This option will only be honored if  the
-                                 ticket-granting  ticket  on  which it is
-                                 based has  its  MAY-POSTDATE  flag  set.
-                                 The  resulting ticket will also have its
-                                 INVALID flag set, and that flag  may  be
-                                 reset by a subsequent request to the KDC
-                                 after the starttime in  the  ticket  has
-                                 been reached.
-
-    7        UNUSED
-                                 This option is presently unused.
-
-    8        RENEWABLE
-                                 The RENEWABLE option indicates that  the
-                                 ticket  to  be  issued  is  to  have its
-                                 RENEWABLE flag set.  It may only be  set
-                                 on  the  initial  request,  or  when the
-                                 ticket-granting  ticket  on  which   the
-                                 request  is based is also renewable.  If
-                                 this option is requested, then the rtime
-                                 field   in   the  request  contains  the
-                                 desired absolute expiration time for the
-                                 ticket.
-
-    9-13     UNUSED
-                                 These options are presently unused.
-
-    14       REQUEST-ANONYMOUS
-                                 The REQUEST-ANONYMOUS  option  indicates
-                                 that  the  ticket to be issued is not to
-                                 identify  the  user  to  which  it   was
-                                 issued.  Instead, the principal identif-
-                                 ier is to be generic,  as  specified  by
-                                 the  policy  of  the realm (e.g. usually
-                                 anonymous@realm).  The  purpose  of  the
-                                 ticket  is only to securely distribute a
-                                 session key, and  not  to  identify  the
-                                 user.   The ANONYMOUS flag on the ticket
-                                 to be returned should be  set.   If  the
-                                 local  realms  policy  does  not  permit
-                                 anonymous credentials, the request is to
-                                 be rejected.
-
-    15-25    RESERVED
-                                 Reserved for future use.
-
-    26       DISABLE-TRANSITED-CHECK
-				 By default the KDC will check the
-				 transited field of a ticket-granting-
-				 ticket against the policy of the local
-				 realm before it will issue derivative
-				 tickets based on the ticket granting
-				 ticket.  If this flag is set in the
-				 request, checking of the transited field
-				 is disabled.  Tickets issued without the
-				 performance of this check will be noted
-				 by the reset (0) value of the
-				 TRANSITED-POLICY-CHECKED flag,
-				 indicating to the application server
-				 that the tranisted field must be checked
-				 locally.  KDC's are encouraged but not
-				 required to honor the
-				 DISABLE-TRANSITED-CHECK option.
-
-
-
-Section 5.4.1.             - 58 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-    27       RENEWABLE-OK
-                                 The RENEWABLE-OK option indicates that a
-                                 renewable ticket will be acceptable if a
-                                 ticket with the  requested  life  cannot
-                                 otherwise be provided.  If a ticket with
-                                 the requested life cannot  be  provided,
-                                 then  a  renewable  ticket may be issued
-                                 with  a  renew-till  equal  to  the  the
-                                 requested  endtime.   The  value  of the
-                                 renew-till field may still be limited by
-                                 local  limits, or limits selected by the
-                                 individual principal or server.
-
-    28       ENC-TKT-IN-SKEY
-                                 This option is used only by the  ticket-
-                                 granting  service.   The ENC-TKT-IN-SKEY
-                                 option indicates that the ticket for the
-                                 end  server  is  to  be encrypted in the
-                                 session key from the additional  ticket-
-                                 granting ticket provided.
-
-    29       RESERVED
-                                 Reserved for future use.
-
-    30       RENEW
-                                 This option is used only by the  ticket-
-                                 granting   service.   The  RENEW  option
-                                 indicates that the  present  request  is
-                                 for  a  renewal.  The ticket provided is
-                                 encrypted in  the  secret  key  for  the
-                                 server  on  which  it  is  valid.   This
-                                 option  will  only  be  honored  if  the
-                                 ticket  to  be renewed has its RENEWABLE
-                                 flag set and if the time in  its  renew-
-                                 till  field  has not passed.  The ticket
-                                 to be renewed is passed  in  the  padata
-                                 field  as  part  of  the  authentication
-                                 header.
-
-    31       VALIDATE
-                                 This option is used only by the  ticket-
-                                 granting  service.   The VALIDATE option
-                                 indicates that the request is  to  vali-
-                                 date  a  postdated ticket.  It will only
-                                 be honored if the  ticket  presented  is
-                                 postdated,  presently  has  its  INVALID
-                                 flag set, and would be otherwise  usable
-                                 at  this time.  A ticket cannot be vali-
-                                 dated before its starttime.  The  ticket
-                                 presented for validation is encrypted in
-                                 the key of the server for  which  it  is
-                                 valid  and is passed in the padata field
-                                 as part of the authentication header.
-
-cname and sname
-          These fields are the same as those  described  for
-          the  ticket  in  section 5.3.1.  sname may only be
-
-
-Section 5.4.1.             - 59 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          absent when the ENC-TKT-IN-SKEY option  is  speci-
-          fied.   If absent, the name of the server is taken
-          from the name of the client in the  ticket  passed
-          as additional-tickets.
-
-
-enc-authorization-data
-          The enc-authorization-data, if present (and it can
-          only be present in the TGS_REQ form), is an encod-
-          ing of the  desired  authorization-data  encrypted
-          under  the  sub-session  key  if  present  in  the
-          Authenticator, or alternatively from  the  session
-          key  in  the ticket-granting ticket, both from the
-          padata field in the KRB_AP_REQ.
-
-
-realm     This  field  specifies  the  realm  part  of   the
-          server's   principal   identifier.    In   the  AS
-          exchange, this is  also  the  realm  part  of  the
-          client's principal identifier.
-
-
-from      This field  is  included  in  the  KRB_AS_REQ  and
-          KRB_TGS_REQ  ticket  requests  when  the requested
-          ticket  is  to  be  postdated.  It  specifies  the
-          desired start time for the requested ticket.
-
-
-
-till      This field contains the expiration date  requested
-          by  the  client in a ticket request.  It is option
-          and if omitted the requested ticket is to have the
-          maximum  endtime permitted according to KDC policy
-          for the parties to the authentication exchange  as
-          limited  by expiration date of the ticket granting
-          ticket or other preauthentication credentials.
-
-
-rtime     This field is the requested renew-till  time  sent
-          from  a client to the KDC in a ticket request.  It
-          is optional.
-
-
-nonce     This  field  is  part  of  the  KDC  request   and
-          response.   It it intended to hold a random number
-          generated by the client.  If the  same  number  is
-          included  in  the encrypted response from the KDC,
-          it provides evidence that the  response  is  fresh
-          and  has not been replayed by an attacker.  Nonces
-          must never be re-used.  Ideally, it should be gen-
-          erated randomly, but if the correct time is known,
-          it may suffice[25].
-__________________________
-[25] Note, however, that if the time  is  used  as  the
-
-Section 5.4.1.             - 60 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-etype     This field specifies the desired encryption  algo-
-          rithm to be used in the response.
-
-
-addresses This field is included in the initial request  for
-          tickets,  and  optionally included in requests for
-          additional  tickets   from   the   ticket-granting
-          server.  It specifies the addresses from which the
-          requested ticket is  to  be  valid.   Normally  it
-          includes  the addresses for the client's host.  If
-          a proxy is  requested,  this  field  will  contain
-          other  addresses.   The contents of this field are
-          usually copied by the KDC into the caddr field  of
-          the resulting ticket.
-
-
-additional-tickets
-          Additional tickets may be optionally included in a
-          request  to  the  ticket-granting  server.  If the
-          ENC-TKT-IN-SKEY option has  been  specified,  then
-          the session key from the additional ticket will be
-          used in place of the server's key to  encrypt  the
-          new   ticket.   If  more  than  one  option  which
-          requires additional tickets  has  been  specified,
-          then  the additional tickets are used in the order
-          specified by the ordering of the options bits (see
-          kdc-options, above).
-
-
-     The application code will be either ten (10) or  twelve
-(12)  depending  on  whether  the  request is for an initial
-ticket (AS-REQ) or for an additional ticket (TGS-REQ).
-
-     The optional fields (addresses, authorization-data  and
-additional-tickets)  are  only included if necessary to per-
-form the operation specified in the kdc-options field.
-
-     It should be noted that in  KRB_TGS_REQ,  the  protocol
-version number appears twice and two different message types
-appear:  the KRB_TGS_REQ message contains  these  fields  as
-does  the  authentication header (KRB_AP_REQ) that is passed
-in the padata field.
-
-5.4.2.  KRB_KDC_REP definition
-
-     The KRB_KDC_REP message format is used  for  the  reply
-from  the KDC for either an initial (AS) request or a subse-
-quent  (TGS)  request.   There  is  no  message   type   for
-__________________________
-nonce,  one must make sure that the workstation time is
-monotonically increasing.  If the time  is  ever  reset
-backwards,  there  is  a small, but finite, probability
-that a nonce will be reused.
-
-
-
-Section 5.4.2.             - 61 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-KRB_KDC_REP.  Instead, the type will be either KRB_AS_REP or
-KRB_TGS_REP.  The key used to encrypt the ciphertext part of
-the reply depends on the message type.  For KRB_AS_REP,  the
-ciphertext  is encrypted in the client's secret key, and the
-client's key version number is included in the  key  version
-number for the encrypted data.  For KRB_TGS_REP, the cipher-
-text is encrypted in the sub-session key from the  Authenti-
-cator,  or  if  absent,  the  session  key  from the ticket-
-granting ticket used in the request.  In that case, no  ver-
-sion number will be present in the EncryptedData sequence.
-
-     The KRB_KDC_REP message contains the following fields:
-
-AS-REP ::=    [APPLICATION 11] KDC-REP
-TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-KDC-REP ::=   SEQUENCE {
-              pvno[0]                    INTEGER,
-              msg-type[1]                INTEGER,
-              padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-              crealm[3]                  Realm,
-              cname[4]                   PrincipalName,
-              ticket[5]                  Ticket,
-              enc-part[6]                EncryptedData
-}
-
-
-EncASRepPart ::=    [APPLICATION 25[27]] EncKDCRepPart
-EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-
-
-EncKDCRepPart ::=   SEQUENCE {
-                    key[0]               EncryptionKey,
-                    last-req[1]          LastReq,
-                    nonce[2]             INTEGER,
-                    key-expiration[3]    KerberosTime OPTIONAL,
-                    flags[4]             TicketFlags,
-                    authtime[5]          KerberosTime,
-                    starttime[6]         KerberosTime OPTIONAL,
-                    endtime[7]           KerberosTime,
-                    renew-till[8]        KerberosTime OPTIONAL,
-                    srealm[9]            Realm,
-                    sname[10]            PrincipalName,
-                    caddr[11]            HostAddresses OPTIONAL
-}
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is either KRB_AS_REP or KRB_TGS_REP.
-__________________________
-[27] An application code in the  encrypted  part  of  a
-message  provides  an additional check that the message
-was decrypted properly.
-
-
-Section 5.4.2.             - 62 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-padata    This field  is  described  in  detail  in  section
-          5.4.1.   One  possible  use  for  this field is to
-          encode an alternate "mix-in"  string  to  be  used
-          with   a   string-to-key  algorithm  (such  as  is
-          described in section 6.3.2).  This ability is use-
-          ful  to  ease transitions if a realm name needs to
-          change (e.g. when a company is acquired); in  such
-          a  case  all  existing password-derived entries in
-          the KDC database would be  flagged  as  needing  a
-          special  mix-in  string  until  the  next password
-          change.
-
-
-crealm, cname, srealm and sname
-          These fields are the same as those  described  for
-          the ticket in section 5.3.1.
-
-
-ticket    The newly-issued ticket, from section 5.3.1.
-
-
-enc-part  This field is a place holder  for  the  ciphertext
-          and  related  information that forms the encrypted
-          part  of  a  message.   The  description  of   the
-          encrypted part of the message follows each appear-
-          ance of this field.  The encrypted part is encoded
-          as described in section 6.1.
-
-
-key       This field is the same as described for the ticket
-          in section 5.3.1.
-
-
-last-req  This field is returned by the  KDC  and  specifies
-          the  time(s)  of  the last request by a principal.
-          Depending on what information is  available,  this
-          might  be  the  last  time  that  a  request for a
-          ticket-granting ticket was made, or the last  time
-          that  a  request based on a ticket-granting ticket
-          was successful.  It also might cover  all  servers
-          for  a realm, or just the particular server.  Some
-          implementations may display  this  information  to
-          the user to aid in discovering unauthorized use of
-          one's identity.  It is similar in  spirit  to  the
-          last   login  time  displayed  when  logging  into
-          timesharing systems.
-
-
-nonce     This field is described above in section 5.4.1.
-
-
-key-expiration
-          The key-expiration field is part of  the  response
-          from  the  KDC  and  specifies  the  time that the
-
-
-Section 5.4.2.             - 63 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          client's secret key is due to expire.  The expira-
-          tion  might  be the result of password aging or an
-          account expiration.  This field  will  usually  be
-          left  out  of  the TGS reply since the response to
-          the TGS request is encrypted in a session key  and
-          no  client  information need be retrieved from the
-          KDC database.  It is up to the application  client
-          (usually  the  login  program) to take appropriate
-          action (such as notifying the user) if the expira-
-          tion time is imminent.
-
-
-flags, authtime, starttime, endtime, renew-till and caddr
-          These fields are duplicates of those found in  the
-          encrypted portion of the attached ticket (see sec-
-          tion 5.3.1), provided so  the  client  may  verify
-          they  match  the intended request and to assist in
-          proper ticket caching.  If the message is of  type
-          KRB_TGS_REP,  the  caddr field will only be filled
-          in if the request was for  a  proxy  or  forwarded
-          ticket, or if the user is substituting a subset of
-          the addresses from the ticket granting ticket.  If
-          the  client-requested addresses are not present or
-          not used, then  the  addresses  contained  in  the
-          ticket  will  be the same as those included in the
-          ticket-granting ticket.
-
-
-5.5.  Client/Server (CS) message specifications
-
-     This section specifies the format of the messages  used
-for  the  authentication  of  the  client to the application
-server.
-
-5.5.1.  KRB_AP_REQ definition
-
-     The KRB_AP_REQ message contains the  Kerberos  protocol
-version  number,  the  message  type  KRB_AP_REQ, an options
-field to indicate any options in use,  and  the  ticket  and
-authenticator  themselves.   The KRB_AP_REQ message is often
-referred to as the "authentication header".
-
-AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ap-options[2]                 APOptions,
-                ticket[3]                     Ticket,
-                authenticator[4]              EncryptedData
-}
-
-APOptions ::=   BIT STRING {
-                reserved(0),
-                use-session-key(1),
-                mutual-required(2)
-
-
-Section 5.5.1.             - 64 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-}
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is KRB_AP_REQ.
-
-
-ap-optionsThis field  appears  in  the  application  request
-          (KRB_AP_REQ)  and  affects  the way the request is
-          processed.  It is a bit-field, where the  selected
-          options  are  indicated  by the bit being set (1),
-          and the unselected  options  and  reserved  fields
-          being  reset  (0).   The  encoding  of the bits is
-          specified in section 5.2.   The  meanings  of  the
-          options are:
-
-          Bit(s)   Name              Description
-
-          0        RESERVED
-                                     Reserved for future  expansion  of  this
-                                     field.
-
-          1        USE-SESSION-KEY
-                                     The  USE-SESSION-KEY  option   indicates
-                                     that the ticket the client is presenting
-                                     to a server is encrypted in the  session
-                                     key  from  the  server's ticket-granting
-                                     ticket.  When this option is not  speci-
-                                     fied,  the  ticket  is  encrypted in the
-                                     server's secret key.
-
-          2        MUTUAL-REQUIRED
-                                     The  MUTUAL-REQUIRED  option  tells  the
-                                     server  that  the client requires mutual
-                                     authentication, and that it must respond
-                                     with a KRB_AP_REP message.
-
-          3-31     RESERVED
-                                     Reserved for future use.
-
-
-
-ticket    This field is a ticket authenticating  the  client
-          to the server.
-
-
-authenticator
-          This contains the  authenticator,  which  includes
-          the  client's choice of a subkey.  Its encoding is
-          described in section 5.3.2.
-
-5.5.2.  KRB_AP_REP definition
-
-     The KRB_AP_REP message contains the  Kerberos  protocol
-version  number,  the  message  type, and an encrypted time-
-stamp.  The message is sent in in response to an application
-request  (KRB_AP_REQ) where the mutual authentication option
-
-
-Section 5.5.2.             - 65 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-has been selected in the ap-options field.
-
-AP-REP ::=         [APPLICATION 15] SEQUENCE {
-                   pvno[0]                           INTEGER,
-                   msg-type[1]                       INTEGER,
-                   enc-part[2]                       EncryptedData
-}
-
-EncAPRepPart ::=   [APPLICATION 27[29]] SEQUENCE {
-                   ctime[0]                          KerberosTime,
-                   cusec[1]                          INTEGER,
-                   subkey[2]                         EncryptionKey OPTIONAL,
-                   seq-number[3]                     INTEGER OPTIONAL
-}
-
-The encoded EncAPRepPart is encrypted in the shared  session
-key of the ticket.  The optional subkey field can be used in
-an application-arranged negotiation to choose a per associa-
-tion session key.
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is KRB_AP_REP.
-
-
-enc-part  This field is described above in section 5.4.2.
-
-
-ctime     This  field  contains  the  current  time  on  the
-          client's host.
-
-
-cusec     This field contains the microsecond  part  of  the
-          client's timestamp.
-
-
-subkey    This field contains an encryption key which is  to
-          be  used to protect this specific application ses-
-          sion.  See section 3.2.6 for specifics on how this
-          field  is  used  to  negotiate  a  key.  Unless an
-          application specifies otherwise, if this field  is
-          left out, the sub-session key from the authentica-
-          tor, or if also left out, the session key from the
-          ticket will be used.
-
-
-
-__________________________
-[29] An application code in the  encrypted  part  of  a
-message  provides  an additional check that the message
-was decrypted properly.
-
-
-
-Section 5.5.2.             - 66 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-5.5.3.  Error message reply
-
-     If an error occurs  while  processing  the  application
-request,  the  KRB_ERROR  message  will be sent in response.
-See section 5.9.1 for the format of the error message.   The
-cname and crealm fields may be left out if the server cannot
-determine their appropriate values  from  the  corresponding
-KRB_AP_REQ  message.  If the authenticator was decipherable,
-the ctime and cusec fields will contain the values from it.
-
-5.6.  KRB_SAFE message specification
-
-     This section specifies the format of a message that can
-be  used by either side (client or server) of an application
-to send a tamper-proof message to  its  peer.   It  presumes
-that  a session key has previously been exchanged (for exam-
-ple, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.6.1.  KRB_SAFE definition
-
-     The KRB_SAFE message contains user data  along  with  a
-collision-proof  checksum keyed with the last encryption key
-negotiated via subkeys, or the session key if no negotiation
-has occured.  The message fields are:
-
-KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-                    pvno[0]                       INTEGER,
-                    msg-type[1]                   INTEGER,
-                    safe-body[2]                  KRB-SAFE-BODY,
-                    cksum[3]                      Checksum
-}
-
-KRB-SAFE-BODY ::=   SEQUENCE {
-                    user-data[0]                  OCTET STRING,
-                    timestamp[1]                  KerberosTime OPTIONAL,
-                    usec[2]                       INTEGER OPTIONAL,
-                    seq-number[3]                 INTEGER OPTIONAL,
-                    s-address[4]                  HostAddress OPTIONAL,
-                    r-address[5]                  HostAddress OPTIONAL
-}
-
-
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is KRB_SAFE.
-
-
-safe-body This field is a placeholder for the  body  of  the
-          KRB-SAFE  message.  It is to be encoded separately
-          and then have the checksum computed over  it,  for
-          use in the cksum field.
-
-
-
-Section 5.6.1.             - 67 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-cksum     This field contains the checksum of  the  applica-
-          tion data.  Checksum details are described in sec-
-          tion 6.4.   The  checksum  is  computed  over  the
-          encoding of the KRB-SAFE-BODY sequence.
-
-
-user-data This field is part of the  KRB_SAFE  and  KRB_PRIV
-          messages and contain the application specific data
-          that is being passed from the sender to the  reci-
-          pient.
-
-
-timestamp This field is part of the  KRB_SAFE  and  KRB_PRIV
-          messages.   Its  contents  are the current time as
-          known by the sender of the message.   By  checking
-          the  timestamp,  the  recipient  of the message is
-          able to make sure that it was recently  generated,
-          and is not a replay.
-
-
-usec      This field is part of the  KRB_SAFE  and  KRB_PRIV
-          headers.   It contains the microsecond part of the
-          timestamp.
-
-
-seq-number
-          This field is described above in section 5.3.2.
-
-
-s-address This field specifies the address  in  use  by  the
-          sender of the message.
-
-
-r-address This field specifies the address  in  use  by  the
-          recipient  of  the message.  It may be omitted for
-          some uses (such as broadcast protocols),  but  the
-          recipient  may  arbitrarily  reject such messages.
-          This field along with s-address  can  be  used  to
-          help  detect  messages which have been incorrectly
-          or maliciously delivered to the wrong recipient.
-
-5.7.  KRB_PRIV message specification
-
-     This section specifies the format of a message that can
-be  used by either side (client or server) of an application
-to securely and privately send a message to  its  peer.   It
-presumes  that  a  session key has previously been exchanged
-(for example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1.  KRB_PRIV definition
-
-     The KRB_PRIV message contains user  data  encrypted  in
-the Session Key.  The message fields are:
-
-__________________________
-[31] An application code in the  encrypted  part  of  a
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-
-KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                     pvno[0]                           INTEGER,
-                     msg-type[1]                       INTEGER,
-                     enc-part[3]                       EncryptedData
-}
-
-EncKrbPrivPart ::=   [APPLICATION 28[31]] SEQUENCE {
-                     user-data[0]        OCTET STRING,
-                     timestamp[1]        KerberosTime OPTIONAL,
-                     usec[2]             INTEGER OPTIONAL,
-                     seq-number[3]       INTEGER OPTIONAL,
-                     s-address[4]        HostAddress OPTIONAL, -- sender's addr
-                     r-address[5]        HostAddress OPTIONAL -- recip's addr
-}
-
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is KRB_PRIV.
-
-
-enc-part  This field holds an encoding of the EncKrbPrivPart
-          sequence  encrypted  under  the  session  key[32].
-          This  encrypted  encoding is used for the enc-part
-          field of the KRB-PRIV message.  See section 6  for
-          the format of the ciphertext.
-
-
-user-data, timestamp, usec, s-address and r-address
-          These fields are described above in section 5.6.1.
-
-
-seq-number
-          This field is described above in section 5.3.2.
-
-5.8.  KRB_CRED message specification
-
-     This section specifies the format of a message that can
-be  used  to send Kerberos credentials from one principal to
-__________________________
-message  provides  an additional check that the message
-was decrypted properly.
-[32] If  supported  by the encryption method in use, an
-initialization vector may be passed to  the  encryption
-procedure,  in order to achieve proper cipher chaining.
-The initialization vector  might  come  from  the  last
-block of the ciphertext from the previous KRB_PRIV mes-
-sage, but it is the application's choice whether or not
-to use such an initialization vector.  If left out, the
-default initialization vector for the encryption  algo-
-rithm will be used.
-
-
-Section 5.8.               - 69 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-another.  It is presented here to encourage a common mechan-
-ism  to  be  used by applications when forwarding tickets or
-providing proxies to subordinate servers.  It presumes  that
-a  session  key  has already been exchanged perhaps by using
-the KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1.  KRB_CRED definition
-
-     The KRB_CRED message contains a sequence of tickets  to
-be sent and information needed to use the tickets, including
-the session key from each.  The information  needed  to  use
-the  tickets is encrypted under an encryption key previously
-exchanged or transferred  alongside  the  KRB_CRED  message.
-The message fields are:
-
-KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                 pvno[0]                INTEGER,
-                 msg-type[1]            INTEGER, -- KRB_CRED
-                 tickets[2]             SEQUENCE OF Ticket,
-                 enc-part[3]            EncryptedData
-}
-
-EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                 ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                 nonce[1]               INTEGER OPTIONAL,
-                 timestamp[2]           KerberosTime OPTIONAL,
-                 usec[3]                INTEGER OPTIONAL,
-                 s-address[4]           HostAddress OPTIONAL,
-                 r-address[5]           HostAddress OPTIONAL
-}
-
-KrbCredInfo      ::=                    SEQUENCE {
-                 key[0]                 EncryptionKey,
-                 prealm[1]              Realm OPTIONAL,
-                 pname[2]               PrincipalName OPTIONAL,
-                 flags[3]               TicketFlags OPTIONAL,
-                 authtime[4]            KerberosTime OPTIONAL,
-                 starttime[5]           KerberosTime OPTIONAL,
-                 endtime[6]             KerberosTime OPTIONAL
-                 renew-till[7]          KerberosTime OPTIONAL,
-                 srealm[8]              Realm OPTIONAL,
-                 sname[9]               PrincipalName OPTIONAL,
-                 caddr[10]              HostAddresses OPTIONAL
-}
-
-
-
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is KRB_CRED.
-
-
-
-
-Section 5.8.1.             - 70 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-tickets
-          These  are  the  tickets  obtained  from  the  KDC
-          specifically  for  use  by the intended recipient.
-          Successive tickets are paired with the correspond-
-          ing  KrbCredInfo sequence from the enc-part of the
-          KRB-CRED message.
-
-
-enc-part  This field holds an encoding of the EncKrbCredPart
-          sequence  encrypted  under  the session key shared
-          between the sender  and  the  intended  recipient.
-          This  encrypted  encoding is used for the enc-part
-          field of the KRB-CRED message.  See section 6  for
-          the format of the ciphertext.
-
-
-nonce     If  practical,  an  application  may  require  the
-          inclusion of a nonce generated by the recipient of
-          the message.  If the same value is included as the
-          nonce  in  the  message, it provides evidence that
-          the message is fresh and has not been replayed  by
-          an  attacker.   A  nonce must never be re-used; it
-          should be generated randomly by the  recipient  of
-          the message and provided to the sender of the mes-
-          sage in an application specific manner.
-
-
-timestamp and usec
-
-          These fields specify the time  that  the  KRB-CRED
-          message  was  generated.  The time is used to pro-
-          vide assurance that the message is fresh.
-
-
-s-address and r-address
-          These fields are described above in section 5.6.1.
-          They  are  used  optionally  to provide additional
-          assurance of the integrity of  the  KRB-CRED  mes-
-          sage.
-
-
-key       This field  exists  in  the  corresponding  ticket
-          passed by the KRB-CRED message and is used to pass
-          the session key from the sender  to  the  intended
-          recipient.   The  field's encoding is described in
-          section 6.2.
-
-     The following fields are optional.   If  present,  they
-can  be associated with the credentials in the remote ticket
-file.  If left out, then it is assumed that the recipient of
-the credentials already knows their value.
-
-
-prealm and pname
-
-
-Section 5.8.1.             - 71 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          The name and  realm  of  the  delegated  principal
-          identity.
-
-
-flags, authtime,  starttime,  endtime,  renew-till,  srealm,
-          sname, and caddr
-          These fields contain the values of the correspond-
-          ing  fields  from  the  ticket found in the ticket
-          field.  Descriptions of the fields  are  identical
-          to the descriptions in the KDC-REP message.
-
-5.9.  Error message specification
-
-     This section specifies the  format  for  the  KRB_ERROR
-message.  The fields included in the message are intended to
-return as much information as possible about an  error.   It
-is  not  expected  that  all the information required by the
-fields will be available for all types of  errors.   If  the
-appropriate information is not available when the message is
-composed, the corresponding field will be left  out  of  the
-message.
-
-     Note that since the KRB_ERROR message is not  protected
-by  any  encryption, it is quite possible for an intruder to
-synthesize or modify such a message.   In  particular,  this
-means that the client should not use any fields in this mes-
-sage for security-critical purposes, such as setting a  sys-
-tem  clock or generating a fresh authenticator.  The message
-can be useful, however, for advising a user  on  the  reason
-for some failure.
-
-5.9.1.  KRB_ERROR definition
-
-     The KRB_ERROR message consists of the following fields:
-
-KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ctime[2]                      KerberosTime OPTIONAL,
-                cusec[3]                      INTEGER OPTIONAL,
-                stime[4]                      KerberosTime,
-                susec[5]                      INTEGER,
-                error-code[6]                 INTEGER,
-                crealm[7]                     Realm OPTIONAL,
-                cname[8]                      PrincipalName OPTIONAL,
-                realm[9]                      Realm, -- Correct realm
-                sname[10]                     PrincipalName, -- Correct name
-                e-text[11]                    GeneralString OPTIONAL,
-                e-data[12]                    OCTET STRING OPTIONAL,
-                e-cksum[13]                   Checksum OPTIONAL
-}
-
-
-
-
-
-Section 5.9.1.             - 72 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-pvno and msg-type
-          These fields are described above in section 5.4.1.
-          msg-type is KRB_ERROR.
-
-
-ctime     This field is described above in section 5.4.1.
-
-
-
-cusec     This field is described above in section 5.5.2.
-
-
-stime     This  field  contains  the  current  time  on  the
-          server.  It is of type KerberosTime.
-
-
-susec     This field contains the microsecond  part  of  the
-          server's  timestamp.   Its  value ranges from 0 to
-          999999.  It appears  along  with  stime.  The  two
-          fields  are  used in conjunction to specify a rea-
-          sonably accurate timestamp.
-
-
-error-codeThis field contains the  error  code  returned  by
-          Kerberos  or  the server when a request fails.  To
-          interpret the value of this field see the list  of
-          error  codes  in  section  8.  Implementations are
-          encouraged to provide for national  language  sup-
-          port in the display of error messages.
-
-
-crealm, cname, srealm and sname
-          These fields are described above in section 5.3.1.
-
-
-e-text    This  field  contains  additional  text  to   help
-          explain  the error code associated with the failed
-          request (for example, it might include a principal
-          name which was unknown).
-
-
-e-data     This field contains  additional  data  about  the
-          error  for  use  by  the  application  to  help it
-          recover from or handle the error.  If  the  error-
-          code  is KDC_ERR_PREAUTH_REQUIRED, then the e-data
-          field will contain an encoding of  a  sequence  of
-          padata fields, each corresponding to an acceptable
-          pre-authentication method and optionally  contain-
-          ing data for the method:
-
-
-e-cksum   This field contains an optional checksum  for  the
-          KRB-ERROR  message.   The  checksum  is calculated
-          over the Kerberos ASN.1 encoding of the  KRB-ERROR
-
-
-Section 5.9.1.             - 73 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          message with the checksum absent.  The checksum is
-          then added to the KRB-ERROR structure and the mes-
-          sage is re-encoded.  The Checksum should be calcu-
-          lated using the session key from the ticket grant-
-          ing ticket or service ticket, where available.  If
-          the error is in response to a TGS or  AP  request,
-          the  checksum  should  be  calculated uing the the
-          session key from  the  client's  ticket.   If  the
-          error  is  in  response to an AS request, then the
-          checksum should be calulated  using  the  client's
-          secret  key ONLY if there has been suitable preau-
-          thentication to prove knowledge of the secret  key
-          by the client[33].  If a checksum can not be  com-
-          puted because the key to be used is not available,
-          no checksum will be included.
-
-               METHOD-DATA ::=   SEQUENCE of PA-DATA
-
-
-          If the error-code is KRB_AP_ERR_METHOD,  then  the
-          e-data  field will contain an encoding of the fol-
-          lowing sequence:
-
-       METHOD-DATA ::=   SEQUENCE {
-                         method-type[0]   INTEGER,
-                         method-data[1]   OCTET STRING OPTIONAL
-       }
-
-          method-type will indicate the  required  alternate
-          method;  method-data  will  contain  any  required
-          additional information.
-
-
-
-6.  Encryption and Checksum Specifications
-
-The  Kerberos  protocols  described  in  this  document  are
-designed  to  use  stream  encryption  ciphers, which can be
-simulated using commonly available block encryption ciphers,
-such  as  the  Data Encryption Standard, [12] in conjunction
-with block chaining and checksum methods  [13].   Encryption
-is used to prove the identities of the network entities par-
-ticipating  in  message  exchanges.   The  Key  Distribution
-Center   for   each  realm  is  trusted  by  all  principals
-registered in that realm to store a  secret  key  in  confi-
-dence.   Proof  of  knowledge  of this secret key is used to
-verify the authenticity of a principal.
-
-     The KDC uses the principal's  secret  key  (in  the  AS
-__________________________
-[33] This prevents an attacker  who  generates  an  in-
-correct  AS request from obtaining verifiable plaintext
-for use in an off-line password guessing attack.
-
-
-Section 6.                 - 74 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-exchange) or a shared session key (in the TGS  exchange)  to
-encrypt  responses to ticket requests; the ability to obtain
-the secret key or session key implies the knowledge  of  the
-appropriate  keys  and the identity of the KDC.  The ability
-of a principal to decrypt the KDC  response  and  present  a
-Ticket  and  a properly formed Authenticator (generated with
-the session key from the KDC response) to a service verifies
-the  identity  of the principal; likewise the ability of the
-service to extract the session key from the Ticket and prove
-its knowledge thereof in a response verifies the identity of
-the service.
-
-     The  Kerberos  protocols  generally  assume  that   the
-encryption  used  is  secure from cryptanalysis; however, in
-some cases, the order of fields in the encrypted portions of
-messages  are  arranged  to  minimize  the effects of poorly
-chosen keys.  It is still important to choose good keys.  If
-keys  are derived from user-typed passwords, those passwords
-need to be well chosen to make brute force attacks more dif-
-ficult.   Poorly  chosen  keys  still  make easy targets for
-intruders.
-
-     The  following  sections  specify  the  encryption  and
-checksum  mechanisms  currently  defined  for Kerberos.  The
-encodings, chaining, and padding requirements for  each  are
-described.  For encryption methods, it is often desirable to
-place random information (often referred to as a confounder)
-at  the  start  of the message.  The requirements for a con-
-founder are specified with each encryption mechanism.
-
-     Some encryption systems use a block-chaining method  to
-improve  the the security characteristics of the ciphertext.
-However, these  chaining  methods  often  don't  provide  an
-integrity  check upon decryption.  Such systems (such as DES
-in CBC mode) must be augmented with a checksum of the plain-
-text  which can be verified at decryption and used to detect
-any tampering or damage.  Such checksums should be  good  at
-detecting  burst  errors  in  the  input.   If any damage is
-detected, the decryption routine is expected  to  return  an
-error  indicating  the  failure of an integrity check.  Each
-encryption  type  is  expected  to  provide  and  verify  an
-appropriate  checksum.  The specification of each encryption
-method sets out its checksum requirements.
-
-     Finally, where a key is to be  derived  from  a  user's
-password,  an algorithm for converting the password to a key
-of the appropriate type is included.  It  is  desirable  for
-the  string  to key function to be one-way, and for the map-
-ping to be different in different realms.  This is important
-because users who are registered in more than one realm will
-often use the same password in each,  and  it  is  desirable
-that  an  attacker  compromising  the Kerberos server in one
-realm not obtain or derive the user's key in another.
-
-
-
-Section 6.                 - 75 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-     For an discussion of the integrity  characteristics  of
-the candidate encryption and checksum methods considered for
-Kerberos, the the reader is referred to [14].
-
-6.1.  Encryption Specifications
-
-     The following ASN.1 definition describes all  encrypted
-messages.   The  enc-part  field  which appears in the unen-
-crypted part of messages in section 5 is a sequence consist-
-ing  of  an encryption type, an optional key version number,
-and the ciphertext.
-
-
-EncryptedData ::=   SEQUENCE {
-                    etype[0]     INTEGER, -- EncryptionType
-                    kvno[1]      INTEGER OPTIONAL,
-                    cipher[2]    OCTET STRING -- ciphertext
-}
-
-
-etype     This field identifies which  encryption  algorithm
-          was used to encipher the cipher.  Detailed specif-
-          ications  for  selected  encryption  types  appear
-          later in this section.
-
-
-kvno      This field contains the version number of the  key
-          under which data is encrypted.  It is only present
-          in messages encrypted  under  long  lasting  keys,
-          such as principals' secret keys.
-
-
-cipher    This field contains the enciphered  text,  encoded
-          as an OCTET STRING.
-
-
-     The cipher field is generated by applying the specified
-encryption  algorithm  to  data  composed of the message and
-algorithm-specific inputs.   Encryption  mechanisms  defined
-for  use  with  Kerberos  must  take  sufficient measures to
-guarantee the integrity of the plaintext, and  we  recommend
-they  also take measures to protect against precomputed dic-
-tionary attacks.  If the encryption algorithm is not  itself
-capable  of  doing so, the protections can often be enhanced
-by adding a checksum and a confounder.
-
-     The suggested format  for  the  data  to  be  encrypted
-includes  a  confounder,  a checksum, the encoded plaintext,
-and any necessary padding.  The msg-seq field  contains  the
-part of the protocol message described in section 5 which is
-to be encrypted.  The confounder, checksum, and padding  are
-all untagged and untyped, and their length is exactly suffi-
-cient to hold the appropriate item.  The type and length  is
-implicit  and  specified  by  the particular encryption type
-
-
-Section 6.1.               - 76 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-being used (etype).  The format for the data to be encrypted
-is described in the following diagram:
-
-      +-----------+----------+-------------+-----+
-      |confounder |   check  |   msg-seq   | pad |
-      +-----------+----------+-------------+-----+
-
-The format cannot be described in ASN.1, but for  those  who
-prefer an ASN.1-like notation:
-
-CipherText ::=   ENCRYPTED       SEQUENCE {
-            confounder[0]   UNTAGGED[35] OCTET STRING(conf_length) OPTIONAL,
-            check[1]        UNTAGGED OCTET STRING(checksum_length) OPTIONAL,
-            msg-seq[2]      MsgSequence,
-            pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-}
-
-
-     One generates a random confounder  of  the  appropriate
-length,  placing  it in confounder; zeroes out check; calcu-
-lates the appropriate checksum over confounder,  check,  and
-msg-seq,  placing  the  result  in check; adds the necessary
-padding; then encrypts using the specified  encryption  type
-and the appropriate key.
-
-     Unless otherwise specified, a definition of an  encryp-
-tion  algorithm  that specifies a checksum, a length for the
-confounder field, or an octet boundary for padding uses this
-ciphertext format[36].  Those fields which are not specified
-will be omitted.
-
-     In the interest of allowing all implementations using a
-__________________________
-[35] In  the  above   specification,   UNTAGGED   OCTET
-STRING(length) is the notation for an octet string with
-its tag and length removed.  It is not  a  valid  ASN.1
-type.  The tag bits and length must be removed from the
-confounder since the purpose of the  confounder  is  so
-that  the  message starts with random data, but the tag
-and its length are fixed.  For other fields, the length
-and  tag  would  be redundant if they were included be-
-cause they are specified by the encryption type.
-[36] The  ordering  of  the fields in the CipherText is
-important.  Additionally, messages encoded in this for-
-mat must include a length as part of the msg-seq field.
-This allows the recipient to verify  that  the  message
-has  not been truncated.  Without a length, an attacker
-could use a chosen plaintext attack to generate a  mes-
-sage which could be truncated, while leaving the check-
-sum intact.  Note that if the msg-seq is an encoding of
-an  ASN.1  SEQUENCE or OCTET STRING, then the length is
-part of that encoding.
-
-
-
-Section 6.1.               - 77 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-particular encryption type to communicate  with  all  others
-using  that  type,  the  specification of an encryption type
-defines any checksum that is needed as part of  the  encryp-
-tion  process.   If an alternative checksum is to be used, a
-new encryption type must be defined.
-
-     Some  cryptosystems  require   additional   information
-beyond  the  key and the data to be encrypted.  For example,
-DES, when used in cipher-block-chaining  mode,  requires  an
-initialization  vector.   If  required,  the description for
-each encryption type must specify the source of  such  addi-
-tional information.
-
-6.2.  Encryption Keys
-
-     The sequence below shows the encoding of an  encryption
-key:
-
-       EncryptionKey ::=   SEQUENCE {
-                           keytype[0]    INTEGER,
-                           keyvalue[1]   OCTET STRING
-       }
-
-
-keytype   This field specifies the type  of  encryption  key
-          that  follows  in  the  keyvalue  field.   It will
-          almost always correspond to the  encryption  algo-
-          rithm  used  to generate the EncryptedData, though
-          more than one algorithm may use the same  type  of
-          key (the mapping is many to one).  This might hap-
-          pen, for example, if the encryption algorithm uses
-          an  alternate  checksum algorithm for an integrity
-          check, or a different chaining mechanism.
-
-
-keyvalue  This field contains the key itself, encoded as  an
-          octet string.
-
-     All negative values for the  encryption  key  type  are
-reserved   for  local  use.   All  non-negative  values  are
-reserved for officially assigned type fields and interpreta-
-tions.
-
-6.3.  Encryption Systems
-
-6.3.1.  The NULL Encryption System (null)
-
-     If no encryption is in use, the  encryption  system  is
-said  to be the NULL encryption system.  In the NULL encryp-
-tion system there is no  checksum,  confounder  or  padding.
-The  ciphertext  is  simply  the plaintext.  The NULL Key is
-used by the null encryption system and  is  zero  octets  in
-length, with keytype zero (0).
-
-
-
-Section 6.3.1.             - 78 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-6.3.2.  DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-     The des-cbc-crc encryption  mode  encrypts  information
-under  the  Data  Encryption Standard  [12] using the cipher
-block chaining mode [13].  A CRC-32 checksum  (described  in
-ISO  3309  [15])  is  applied  to the confounder and message
-sequence (msg-seq) and  placed  in  the  cksum  field.   DES
-blocks  are  8 bytes.  As a result, the data to be encrypted
-(the concatenation of  confounder,  checksum,  and  message)
-must be padded to an 8 byte boundary before encryption.  The
-details of the encryption of  this  data  are  identical  to
-those for the des-cbc-md5 encryption mode.
-
-     Note that, since the CRC-32 checksum is not  collision-
-proof,   an  attacker  could  use  a  probabilistic  chosen-
-plaintext attack to generate a valid message even if a  con-
-founder is used  [14].  The use of collision-proof checksums
-is recommended for environments where such attacks represent
-a significant threat.  The use of the CRC-32 as the checksum
-for ticket or authenticator is  no  longer  mandated  as  an
-interoperability requirement for Kerberos Version 5 Specifi-
-cation 1 (See section 9.1 for specific details).
-
-
-6.3.3.  DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-     The des-cbc-md4 encryption  mode  encrypts  information
-under  the  Data  Encryption Standard  [12] using the cipher
-block chaining mode [13].  An  MD4  checksum  (described  in
-[16])  is  applied  to  the  confounder and message sequence
-(msg-seq) and placed in the cksum field.  DES blocks  are  8
-bytes.   As a result, the data to be encrypted (the concate-
-nation of confounder, checksum, and message) must be  padded
-to an 8 byte boundary before encryption.  The details of the
-encryption of this data are identical to those for the  des-
-cbc-md5 encryption mode.
-
-
-6.3.4.  DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-     The des-cbc-md5 encryption  mode  encrypts  information
-under  the  Data  Encryption Standard  [12] using the cipher
-block chaining mode [13].  An MD5  checksum   (described  in
-[17].)  is  applied  to  the confounder and message sequence
-(msg-seq) and placed in the cksum field.  DES blocks  are  8
-bytes.   As a result, the data to be encrypted (the concate-
-nation of confounder, checksum, and message) must be  padded
-to an 8 byte boundary before encryption.
-
-     Plaintext and DES ciphtertext are  encoded  as  8-octet
-blocks  which are concatenated to make the 64-bit inputs for
-the DES algorithms.  The first octet  supplies  the  8  most
-significant  bits  (with  the  octet's MSbit used as the DES
-input block's MSbit, etc.), the  second  octet  the  next  8
-
-
-Section 6.3.4.             - 79 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-bits,  ..., and the eighth octet supplies the 8 least signi-
-ficant bits.
-
-     Encryption  under  DES  using  cipher  block   chaining
-requires  an  additional input in the form of an initializa-
-tion vector.  Unless otherwise  specified,  zero  should  be
-used  as  the  initialization  vector.  Kerberos' use of DES
-requires an 8-octet confounder.
-
-     The DES specifications identify some "weak" and  "semi-
-weak" keys; those keys shall not be used for encrypting mes-
-sages for use in Kerberos.  Additionally, because of the way
-that  keys are derived for the encryption of checksums, keys
-shall not be used that yield "weak" or "semi-weak" keys when
-eXclusive-ORed with the constant F0F0F0F0F0F0F0F0.
-
-     A DES key is 8 octets of data, with  keytype  one  (1).
-This  consists of 56 bits of key, and 8 parity bits (one per
-octet).  The key is encoded as a series of 8 octets  written
-in  MSB-first  order.   The  bits  within  the  key are also
-encoded in MSB order.  For example, if the encryption key is
-(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8)
-where B1,B2,...,B56 are the  key  bits  in  MSB  order,  and
-P1,P2,...,P8 are the parity bits, the first octet of the key
-would be B1,B2,...,B7,P1 (with B1 as the MSbit).   [See  the
-FIPS 81 introduction for reference.]
-
-     To generate a DES key from a  text  string  (password),
-the  text  string normally must have the realm and each com-
-ponent of the principal's  name  appended[37],  then  padded
-with ASCII nulls to an 8 byte boundary.  This string is then
-fan-folded and eXclusive-ORed with itself to form an 8  byte
-DES key.  The parity is corrected on the key, and it is used
-to generate a DES CBC checksum on the initial  string  (with
-the  realm and name appended).  Next, parity is corrected on
-the CBC checksum.  If the result matches a "weak" or  "semi-
-weak"  key  as  described  in  the  DES specification, it is
-eXclusive-ORed with the constant 00000000000000F0.  Finally,
-the result is returned as the key.  Pseudocode follows:
-
-     string_to_key(string,realm,name) {
-          odd = 1;
-          s = string + realm;
-          for(each component in name) {
-               s = s + component;
-          }
-          tempkey = NULL;
-          pad(s); /* with nulls to 8 byte boundary */
-          for(8byteblock in s) {
-__________________________
-[37] In some cases, it may be necessary to use  a  dif-
-ferent  "mix-in"  string for compatibility reasons; see
-the discussion of padata in section 5.4.2.
-
-
-Section 6.3.4.             - 80 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-               if(odd == 0)  {
-                   odd = 1;
-                   reverse(8byteblock)
-               }
-               else odd = 0;
-               tempkey = tempkey XOR 8byteblock;
-          }
-          fixparity(tempkey);
-          key = DES-CBC-check(s,tempkey);
-          fixparity(key);
-          if(is_weak_key_key(key))
-               key = key XOR 0xF0;
-          return(key);
-     }
-
-6.3.5.  Triple DES EDE in outer CBC mode with an SHA1 check-
-sum (des3-cbc-sha1)
-
-     The des3-cbc-sha1 encryption encodes information  using
-three  Data  Encryption  Standard transformations with three
-DES keys.  The first key  is  used  to  perform  a  DES  ECB
-encryption  on an eight-octet data block using the first DES
-key, followed by a DES ECB decryption of  the  result  using
-the  second  DES key, and a DES ECB encryption of the result
-using the third DES key.  Because DES blocks  are  8  bytes,
-the  data  to be encrypted (the concatenation of confounder,
-checksum, and message) must first be padded  to  an  8  byte
-boundary  before encryption.  To support the outer CBC mode,
-the input is padded an eight-octet boundary.   The  first  8
-octets  of  the  data  to  be  encrypted (the confounder) is
-exclusive-ored with an initialization  vector  of  zero  and
-then  ECB  encrypted  using  triple  DES as described above.
-Subsequent blocks of 8 octets are  exclusive-ored  with  the
-ciphertext  produced by the encryption on the previous block
-before ECB encryption.
-
-     An HMAC-SHA1 checksum  (described in  [18].) is applied
-to  the confounder and message sequence (msg-seq) and placed
-in the cksum field.
-
-     Plaintext  are encoded as 8-octet blocks which are con-
-catenated  to make the 64-bit inputs for the DES algorithms.
-The first octet supplies the 8 most significant  bits  (with
-the  octet's  MSbit  used  as  the  DES input block's MSbit,
-etc.), the second octet the next 8 bits, ..., and the eighth
-octet supplies the 8 least significant bits.
-
-     Encryption under Triple DES using cipher block chaining
-requires  an  additional input in the form of an initializa-
-tion vector.  Unless otherwise  specified,  zero  should  be
-used  as  the  initialization  vector.  Kerberos' use of DES
-requires an 8-octet confounder.
-
-     The DES specifications identify some "weak" and  "semi-
-
-
-Section 6.3.5.             - 81 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-weak" keys; those keys shall not be used for encrypting mes-
-sages for use in Kerberos.  Additionally, because of the way
-that  keys are derived for the encryption of checksums, keys
-shall not be used that yield "weak" or "semi-weak" keys when
-eXclusive-ORed with the constant F0F0F0F0F0F0F0F0.
-
-     A Triple DES key is 24 octets  of  data,  with  keytype
-seven  (7).  This consists of 168 bits of key, and 24 parity
-bits (one per octet).  The key is encoded as a series of  24
-octets  written  in MSB-first order, with the first 8 octets
-treated as the first DES key, the second  8  octets  as  the
-second  key,  and the third 8 octets the third DES key.  The
-bits within each key are also encoded  in  MSB  order.   For
-example,       if       the      encryption      key      is
-(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8)
-where  B1,B2,...,B56  are  the  key  bits  in MSB order, and
-P1,P2,...,P8 are the parity bits, the first octet of the key
-would  be  B1,B2,...,B7,P1 (with B1 as the MSbit).  [See the
-FIPS 81 introduction for reference.]
-
-     To generate a DES key from a  text  string  (password),
-the  text  string normally must have the realm and each com-
-ponent of the principal's name appended[38],
-
-     The input string (with any salt data appended to it) is
-n-folded  into  a  24  octet  (192 bit) string.  To n-fold a
-number X, replicate the input value to a length that is  the
-least common multiple of n and the length of X.  Before each
-repetition, the input X is rotated to the right  by  13  bit
-positions.   The  successive n-bit chunks are added together
-using  1's-complement  addition  (addition  with  end-around
-carry)  to  yield  a  n-bit result. (This transformation was
-proposed by Richard Basch)
-
-     Each successive set of 8 octets is taken as a DES  key,
-and  its parity is adjusted in the same manner as previously
-described.  If any of the three sets of  8  octets  match  a
-"weak" or "semi-weak" key as described in the DES specifica-
-tion,  that  chunk  is  eXclusive-ORed  with  the   constant
-00000000000000F0.   The  resulting DES keys are then used in
-sequence to perform a Triple-DES CBC encryption  of  the  n-
-folded  input  string (appended with any salt data), using a
-zero initial vector.  Parity, weak, and semi-weak  keys  are
-once  again  corrected  and the result is returned as the 24
-octet key.
-
-     Pseudocode follows:
-
-     string_to_key(string,realm,name) {
-__________________________
-[38] In some cases, it may be necessary to use  a  dif-
-ferent  "mix-in"  string for compatibility reasons; see
-the discussion of padata in section 5.4.2.
-
-
-Section 6.3.5.             - 82 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-          s = string + realm;
-          for(each component in name) {
-               s = s + component;
-          }
-          tkey[24] = fold(s);
-          fixparity(tkey);
-          if(isweak(tkey[0-7])) tkey[0-7] = tkey[0-7] XOR 0xF0;
-          if(isweak(tkey[8-15])) tkey[8-15] = tkey[8-15] XOR 0xF0;
-          if(is_weak(tkey[16-23])) tkey[16-23] = tkey[16-23] XOR 0xF0;
-          key[24] = 3DES-CBC(data=fold(s),key=tkey,iv=0);
-          fixparity(key);
-          if(is_weak(key[0-7])) key[0-7] = key[0-7] XOR 0xF0;
-          if(is_weak(key[8-15])) key[8-15] = key[8-15] XOR 0xF0;
-          if(is_weak(key[16-23])) key[16-23] = key[16-23] XOR 0xF0;
-          return(key);
-     }
-
-6.4.  Checksums
-
-     The following is the ASN.1 definition used for a check-
-sum:
-
-         Checksum ::=   SEQUENCE {
-                        cksumtype[0]   INTEGER,
-                        checksum[1]    OCTET STRING
-         }
-
-
-cksumtype This field indicates the algorithm  used  to  gen-
-          erate the accompanying checksum.
-
-checksum  This field contains the checksum  itself,  encoded
-          as an octet string.
-
-     Detailed  specification  of  selected  checksum   types
-appear  later  in  this  section.   Negative  values for the
-checksum type are reserved for local use.  All  non-negative
-values  are reserved for officially assigned type fields and
-interpretations.
-
-     Checksums used by Kerberos can  be  classified  by  two
-properties:   whether  they are collision-proof, and whether
-they are keyed.  It is infeasible  to  find  two  plaintexts
-which generate the same checksum value for a collision-proof
-checksum.  A key is required to perturb  or  initialize  the
-algorithm  in  a  keyed checksum.  To prevent message-stream
-modification by an active attacker, unkeyed checksums should
-only  be  used  when the checksum and message will be subse-
-quently encrypted (e.g. the checksums defined as part of the
-encryption algorithms covered earlier in this section).
-
-     Collision-proof checksums can be made  tamper-proof  if
-the  checksum  value is encrypted before inclusion in a mes-
-sage.  In such cases, the composition of  the  checksum  and
-
-
-Section 6.4.               - 83 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-the  encryption  algorithm  must  be  considered  a separate
-checksum algorithm (e.g. RSA-MD5 encrypted using  DES  is  a
-new checksum algorithm of type RSA-MD5-DES).  For most keyed
-checksums, as well as for the  encrypted  forms  of  unkeyed
-collision-proof  checksums,  Kerberos  prepends a confounder
-before the checksum is calculated.
-
-6.4.1.  The CRC-32 Checksum (crc32)
-
-     The CRC-32 checksum calculates a checksum  based  on  a
-cyclic  redundancy check as described in ISO 3309 [15].  The
-resulting checksum is four (4) octets in length.  The CRC-32
-is  neither  keyed  nor  collision-proof.   The  use of this
-checksum is not recommended.  An  attacker  using  a  proba-
-bilistic  chosen-plaintext attack as described in [14] might
-be able to generate an alternative  message  that  satisfies
-the  checksum.   The  use  of  collision-proof  checksums is
-recommended for environments where such attacks represent  a
-significant threat.
-
-6.4.2.  The RSA MD4 Checksum (rsa-md4)
-
-     The RSA-MD4 checksum calculates a  checksum  using  the
-RSA  MD4  algorithm  [16].   The algorithm takes as input an
-input message of arbitrary length and produces as  output  a
-128-bit  (16  octet)  checksum.   RSA-MD4  is believed to be
-collision-proof.
-
-6.4.3.  RSA MD4 Cryptographic Checksum Using  DES  (rsa-md4-
-des)
-
-     The RSA-MD4-DES checksum calculates a keyed  collision-
-proof  checksum  by  prepending an 8 octet confounder before
-the text, applying  the  RSA  MD4  checksum  algorithm,  and
-encrypting  the  confounder  and  the  checksum using DES in
-cipher-block-chaining (CBC) mode using a variant of the key,
-where  the  variant  is  computed by eXclusive-ORing the key
-with the constant F0F0F0F0F0F0F0F0[39].  The  initialization
-vector  should be zero.  The resulting checksum is 24 octets
-long (8 octets of which are redundant).   This  checksum  is
-tamper-proof and believed to be collision-proof.
-
-     The DES specifications identify some  "weak  keys"  and
-__________________________
-[39] A variant of the key is used to limit the use of a
-key  to a particular function, separating the functions
-of generating a checksum  from  other  encryption  per-
-formed   using   the   session   key.    The   constant
-F0F0F0F0F0F0F0F0 was chosen because  it  maintains  key
-parity.  The properties of DES precluded the use of the
-complement.  The same constant is used for similar pur-
-pose  in  the  Message  Integrity  Check in the Privacy
-Enhanced Mail standard.
-
-
-Section 6.4.3.             - 84 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-"semi-weak keys"; those keys shall not be used for  generat-
-ing RSA-MD4 checksums for use in Kerberos.
-
-     The format for the checksum is described in the follow-
-ing diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md4(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for  those  who
-prefer an ASN.1-like notation:
-
-rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-
-
-6.4.4.  The RSA MD5 Checksum (rsa-md5)
-
-     The RSA-MD5 checksum calculates a  checksum  using  the
-RSA  MD5  algorithm.  [17].  The algorithm takes as input an
-input message of arbitrary length and produces as  output  a
-128-bit  (16  octet)  checksum.   RSA-MD5  is believed to be
-collision-proof.
-
-6.4.5.  RSA MD5 Cryptographic Checksum Using  DES  (rsa-md5-
-des)
-
-     The RSA-MD5-DES checksum calculates a keyed  collision-
-proof  checksum  by  prepending an 8 octet confounder before
-the text, applying  the  RSA  MD5  checksum  algorithm,  and
-encrypting  the  confounder  and  the  checksum using DES in
-cipher-block-chaining (CBC) mode using a variant of the key,
-where  the  variant  is  computed by eXclusive-ORing the key
-with the constant F0F0F0F0F0F0F0F0.  The initialization vec-
-tor  should  be  zero.   The resulting checksum is 24 octets
-long (8 octets of which are redundant).   This  checksum  is
-tamper-proof and believed to be collision-proof.
-
-     The DES specifications identify some  "weak  keys"  and
-"semi-weak  keys"; those keys shall not be used for encrypt-
-ing RSA-MD5 checksums for use in Kerberos.
-
-     The format for the checksum is described in the follow-
-ing diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md5(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for  those  who
-
-
-Section 6.4.5.             - 85 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-prefer an ASN.1-like notation:
-
-rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-
-6.4.6.  DES cipher-block chained checksum (des-mac)
-
-     The DES-MAC checksum is computed  by  prepending  an  8
-octet confounder to the plaintext, performing a DES CBC-mode
-encryption on the result using the key and an initialization
-vector  of  zero,  taking  the last block of the ciphertext,
-prepending the same confounder and encrypting the pair using
-DES in cipher-block-chaining (CBC) mode using a a variant of
-the key, where the variant is  computed  by  eXclusive-ORing
-the key with the constant F0F0F0F0F0F0F0F0.  The initializa-
-tion vector should be zero.  The resulting checksum  is  128
-bits (16 octets) long, 64 bits of which are redundant.  This
-checksum is tamper-proof and collision-proof.
-
-     The format for the checksum is described in the follow-
-ing diagram:
-
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-|   des-cbc(confounder  + des-mac(conf+msg,iv=0,key),key=var(key),iv=0) |
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-The format cannot be described in ASN.1, but for  those  who
-prefer an ASN.1-like notation:
-
-des-mac-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                       confounder[0]   UNTAGGED OCTET STRING(8),
-                       check[1]        UNTAGGED OCTET STRING(8)
-}
-
-
-     The DES specifications identify some "weak" and  "semi-
-weak"  keys;  those  keys  shall  not be used for generating
-DES-MAC checksums for use in Kerberos, nor shall  a  key  be
-used whose variant is "weak" or "semi-weak".
-
-6.4.7.  RSA MD4 Cryptographic Checksum Using DES alternative
-(rsa-md4-des-k)
-
-     The   RSA-MD4-DES-K   checksum   calculates   a   keyed
-collision-proof  checksum  by  applying the RSA MD4 checksum
-algorithm and encrypting the results using  DES  in  cipher-
-block-chaining  (CBC)  mode  using a DES key as both key and
-initialization vector.  The resulting checksum is 16  octets
-long.   This  checksum  is  tamper-proof  and believed to be
-collision-proof.  Note that this checksum type  is  the  old
-method  for  encoding  the RSA-MD4-DES checksum and it is no
-
-
-Section 6.4.7.             - 86 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-longer recommended.
-
-6.4.8.  DES cipher-block chained checksum alternative  (des-
-mac-k)
-
-     The DES-MAC-K checksum is computed by performing a  DES
-CBC-mode  encryption  of  the  plaintext, and using the last
-block of the ciphertext as the checksum value.  It is  keyed
-with  an  encryption  key  and an initialization vector; any
-uses which do not specify an additional initialization  vec-
-tor  will use the key as both key and initialization vector.
-The resulting checksum is 64 bits  (8  octets)  long.   This
-checksum  is  tamper-proof  and  collision-proof.  Note that
-this checksum type is the old method for encoding  the  DES-
-MAC checksum and it is no longer recommended.
-
-     The DES specifications identify some  "weak  keys"  and
-"semi-weak  keys"; those keys shall not be used for generat-
-ing DES-MAC checksums for use in Kerberos.
-
-7.  Naming Constraints
-
-
-7.1.  Realm Names
-
-     Although realm names are encoded as GeneralStrings  and
-although a realm can technically select any name it chooses,
-interoperability across realm boundaries requires  agreement
-on  how realm names are to be assigned, and what information
-they imply.
-
-     To enforce these conventions, each realm  must  conform
-to  the  conventions  itself,  and  it must require that any
-realms with which inter-realm keys are shared  also  conform
-to the conventions and require the same from its neighbors.
-
-     Kerberos realm names are case sensitive.   Realm  names
-that  differ  only  in  the  case  of the characters are not
-equivalent.  There are presently four styles of realm names:
-domain,  X500,  other, and reserved.  Examples of each style
-follow:
-
-     domain:   ATHENA.MIT.EDU (example)
-       X500:   C=US/O=OSF (example)
-      other:   NAMETYPE:rest/of.name=without-restrictions (example)
-   reserved:   reserved, but will not conflict with above
-
-
-Domain names must look like domain names:  they  consist  of
-components separated by periods (.) and they contain neither
-colons (:) nor slashes (/).  Domain names must be  converted
-to upper case when used as realm names.
-
-     X.500 names contain an equal (=) and cannot  contain  a
-
-
-Section 7.1.               - 87 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-colon (:) before the equal.  The realm names for X.500 names
-will be string representations of the names with  components
-separated by slashes.  Leading and trailing slashes will not
-be included.
-
-     Names that fall into the other category must begin with
-a  prefix  that  contains no equal (=) or period (.) and the
-prefix must be followed by a colon (:) and the rest  of  the
-name.   All  prefixes  must  be  assigned before they may be
-used.  Presently none are assigned.
-
-     The reserved category includes  strings  which  do  not
-fall  into  the  first  three categories.  All names in this
-category are reserved.  It is unlikely that  names  will  be
-assigned  to  this  category  unless  there is a very strong
-argument for not using the "other" category.
-
-     These rules guarantee that there will be  no  conflicts
-between  the  various name styles.  The following additional
-constraints apply to the assignment of realm  names  in  the
-domain  and  X.500  categories:  the name of a realm for the
-domain or X.500 formats must either be used by the organiza-
-tion  owning  (to  whom  it was assigned) an Internet domain
-name or X.500 name, or in the case that no  such  names  are
-registered,  authority  to  use  a realm name may be derived
-from the authority of the  parent  realm.  For  example,  if
-there  is  no domain name for E40.MIT.EDU, then the adminis-
-trator of the MIT.EDU realm can authorize the creation of  a
-realm with that name.
-
-     This is acceptable because the  organization  to  which
-the  parent  is  assigned  is  presumably  the  organization
-authorized to assign names to its children in the X.500  and
-domain  name systems as well.  If the parent assigns a realm
-name without also registering it in the domain name or X.500
-hierarchy,  it  is  the parent's responsibility to make sure
-that there will not in the future exists a name identical to
-the  realm  name  of  the child unless it is assigned to the
-same entity as the realm name.
-
-
-7.2.  Principal Names
-
-     As was the case for realm names, conventions are needed
-to ensure that all agree on what information is implied by a
-principal name.  The name-type field that  is  part  of  the
-principal  name indicates the kind of information implied by
-the name.  The  name-type  should  be  treated  as  a  hint.
-Ignoring  the  name type, no two names can be the same (i.e.
-at least one of the components, or the realm, must  be  dif-
-ferent).   This  constraint may be eliminated in the future.
-The following name types are defined:
-
-                    name-type      value   meaning
-
-
-Section 7.2.               - 88 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-   NT-UNKNOWN     0   Name type not known
-   NT-PRINCIPAL   1   General principal name (e.g. username, or DCE principal)
-   NT-SRV-INST    2   Service and other unique instance (krbtgt)
-   NT-SRV-HST     3   Service with host name as instance (telnet, rcommands)
-   NT-SRV-XHST    4   Service with slash-separated host name components
-   NT-UID         5   Unique ID
-
-
-When a name implies no information other than its uniqueness
-at a particular time the name type PRINCIPAL should be used.
-The principal name type should be used  for  users,  and  it
-might  also  be  used for a unique server.  If the name is a
-unique machine generated ID that is guaranteed never  to  be
-reassigned  then  the  name type of UID should be used (note
-that it is generally a bad idea to  reassign  names  of  any
-type  since  stale  entries  might  remain in access control
-lists).
-
-     If the first component of a name identifies  a  service
-and  the  remaining  components  identify an instance of the
-service in a server specified manner, then the name type  of
-SRV-INST  should  be  used.  An example of this name type is
-the Kerberos ticket-granting service whose name has a  first
-component  of  krbtgt and a second component identifying the
-realm for which the ticket is valid.
-
-     If instance is a single component following the service
-name  and  the  instance  identifies  the  host on which the
-server is running, then the  name  type  SRV-HST  should  be
-used.   This  type  is  typically used for Internet services
-such as telnet and the Berkeley R commands.  If the separate
-components  of the host name appear as successive components
-following the name of the service, then the name  type  SRV-
-XHST  should  be  used.  This type might be used to identify
-servers on hosts with X.500 names where the slash (/)  might
-otherwise be ambiguous.
-
-     A name type of UNKNOWN should be used when the form  of
-the name is not known.  When comparing names, a name of type
-UNKNOWN will match principals authenticated  with  names  of
-any  type.   A  principal  authenticated with a name of type
-UNKNOWN, however, will only match other names of  type  UNK-
-NOWN.
-
-     Names of any type with an initial component of "krbtgt"
-are  reserved for the Kerberos ticket granting service.  See
-section 8.2.3 for the form of such names.
-
-7.2.1.  Name of server principals
-
-     The principal identifier for a server on  a  host  will
-generally be composed of two parts: (1) the realm of the KDC
-with which the server is registered, and (2) a two-component
-
-
-Section 7.2.1.             - 89 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-name  of  type  NT-SRV-HST  if  the host name is an Internet
-domain name or a multi-component name of type NT-SRV-XHST if
-the  name of the host is of a form such as X.500 that allows
-slash (/) separators.  The first component of  the  two-  or
-multi-component  name  will  identify  the  service  and the
-latter components will identify the host.  Where the name of
-the  host  is not case sensitive (for example, with Internet
-domain names) the name of the host must be lower  case.   If
-specified  by  the application protocol for services such as
-telnet and the Berkeley R commands  which  run  with  system
-privileges,  the  first  component  may be the string "host"
-instead of a service specific identifier.  When a  host  has
-an  official name and one or more aliases, the official name
-of the host must be used when constructing the name  of  the
-server principal.
-
-8.  Constants and other defined values
-
-
-8.1.  Host address types
-
-     All negative values  for  the  host  address  type  are
-reserved   for  local  use.   All  non-negative  values  are
-reserved for officially assigned type fields and interpreta-
-tions.
-
-     The values of the types for the following addresses are
-chosen  to match the defined address family constants in the
-Berkeley Standard Distributions of Unix.  They can be  found
-in  <sys/socket.h>  with symbolic names AF_xxx (where xxx is
-an abbreviation of the address family name).
-
-
-Internet addresses
-
-     Internet addresses  are  32-bit  (4-octet)  quantities,
-encoded in MSB order.  The type of internet addresses is two
-(2).
-
-CHAOSnet addresses
-
-     CHAOSnet addresses  are  16-bit  (2-octet)  quantities,
-encoded  in  MSB  order.   The type of CHAOSnet addresses is
-five (5).
-
-ISO addresses
-
-     ISO addresses are variable-length.   The  type  of  ISO
-addresses is seven (7).
-
-Xerox Network Services (XNS) addresses
-
-     XNS addresses are 48-bit (6-octet) quantities,  encoded
-in MSB order.  The type of XNS addresses is six (6).
-
-
-Section 8.1.               - 90 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-     AppleTalk DDP addresses consist of an 8-bit node number
-and a 16-bit network number.  The first octet of the address
-is the node number; the remaining two octets encode the net-
-work  number  in  MSB  order.   The  type  of  AppleTalk DDP
-addresses is sixteen (16).
-
-DECnet Phase IV addresses
-
-     DECnet Phase IV addresses are 16-bit addresses, encoded
-in  LSB  order.   The  type  of DECnet Phase IV addresses is
-twelve (12).
-
-8.2.  KDC messages
-
-8.2.1.  IP transport
-
-     When  contacting  a  Kerberos  server   (KDC)   for   a
-KRB_KDC_REQ request using UDP IP transport, the client shall
-send a UDP datagram  containing  only  an  encoding  of  the
-request  to  port  88 (decimal) at the KDC's IP address; the
-KDC will respond with a reply datagram  containing  only  an
-encoding  of  the  reply  message  (either  a KRB_ERROR or a
-KRB_KDC_REP) to the sending port at the sender's IP address.
-
-     Kerberos servers supporting IP  transport  must  accept
-UDP  requests on port 88 (decimal).  Servers may also accept
-TCP requests on port 88  (decimal).   When  the  KRB_KDC_REQ
-message  is sent to the KDC by TCP, a new connection will be
-established  for  each  authentication  exchange   and   the
-KRB_KDC_REP  or  KRB_ERROR  message  will be returned to the
-client on the  TCP  stream  that  was  established  for  the
-request.   The connection will be broken after the reply has
-been received (or upon time-out).  Care  must  be  taken  in
-managing  TCP/IP  connections with the KDC to prevent denial
-of service attacks based on the number of TCP/IP connections
-with the KDC that remain open.
-
-8.2.2.  OSI transport
-
-     During authentication  of  an  OSI  client  to  an  OSI
-server, the mutual authentication of an OSI server to an OSI
-client, the transfer of credentials from an OSI client to an
-OSI  server,  or  during  exchange  of  private or integrity
-checked messages, Kerberos protocol messages may be  treated
-as opaque objects and the type of the authentication mechan-
-ism will be:
-
-OBJECT IDENTIFIER ::= {iso (1), org(3), dod(6),internet(1), security(5),
-                       kerberosv5(2)} 
-
-Depending on the situation, the opaque  object  will  be  an
-authentication  header (KRB_AP_REQ), an authentication reply
-(KRB_AP_REP), a safe message (KRB_SAFE), a  private  message
-
-
-Section 8.2.2.             - 91 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-(KRB_PRIV), or a credentials message (KRB_CRED).  The opaque
-data contains an application code as specified in the  ASN.1
-description  for  each message.  The application code may be
-used by Kerberos to determine the message type.
-
-8.2.3.  Name of the TGS
-
-     The principal identifier of the ticket-granting service
-shall  be  composed of three parts: (1) the realm of the KDC
-issuing the TGS ticket (2) a two-part name of  type  NT-SRV-
-INST,  with  the first part "krbtgt" and the second part the
-name of the realm  which  will  accept  the  ticket-granting
-ticket.  For example, a ticket-granting ticket issued by the
-ATHENA.MIT.EDU realm to be used  to  get  tickets  from  the
-ATHENA.MIT.EDU   KDC   has   a   principal   identifier   of
-"ATHENA.MIT.EDU"   (realm),   ("krbtgt",   "ATHENA.MIT.EDU")
-(name).     A   ticket-granting   ticket   issued   by   the
-ATHENA.MIT.EDU realm to be used  to  get  tickets  from  the
-MIT.EDU realm has a principal identifier of "ATHENA.MIT.EDU"
-(realm), ("krbtgt", "MIT.EDU") (name).
-
-
-8.3.  Protocol constants and associated values
-
-The following tables list constants used in the protocol and defines their
-meanings.
-
-Encryption type  etype value  block size    minimum pad size  confounder size
-NULL              0            1                 0                 0
-des-cbc-crc       1            8                 4                 8
-des-cbc-md4       2            8                 0                 8
-des-cbc-md5       3            8                 0                 8
-<reserved>        4
-des3-cbc-md5      5            8                 0                 8
-<reserved>        6
-des3-cbc-sha1     7            8                 0                 8
-sign-dsa-generate 8                                   (pkinit)
-encrypt-rsa-priv  9                                   (pkinit)
-encrypt-rsa-pub  10                                   (pkinit)
-ENCTYPE_PK_CROSS 48                                   (reserved for pkcross)
-<reserved>       0x8003
-
-Checksum type              sumtype value       checksum size
-CRC32                      1                   4
-rsa-md4                    2                   16
-rsa-md4-des                3                   24
-des-mac                    4                   16
-des-mac-k                  5                   8
-rsa-md4-des-k              6                   16
-rsa-md5                    7                   16
-rsa-md5-des                8                   24
-rsa-md5-des3               9                   24
-hmac-sha1-des3             10                  20  (I had this as 10, is it 12)
-
-
-Section 8.3.               - 92 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-padata type                     padata-type value
-
-PA-TGS-REQ                      1
-PA-ENC-TIMESTAMP                2
-PA-PW-SALT                      3
-<reserved>                      4
-PA-ENC-UNIX-TIME                5
-PA-SANDIA-SECUREID              6
-PA-SESAME                       7
-PA-OSF-DCE                      8
-PA-CYBERSAFE-SECUREID           9
-PA-AFS3-SALT                    10
-PA-ETYPE-INFO                   11
-SAM-CHALLENGE                   12                  (sam/otp)
-SAM-RESPONSE                    13                  (sam/otp)
-PA-PK-AS-REQ                    14                  (pkinit)
-PA-PK-AS-REP                    15                  (pkinit)
-PA-PK-AS-SIGN                   16                  (pkinit)
-PA-PK-KEY-REQ                   17                  (pkinit)
-PA-PK-KEY-REP                   18                  (pkinit)
-
-authorization data type         ad-type value
-reserved values                 0-63
-OSF-DCE                         64
-SESAME                          65
-
-alternate authentication type   method-type value
-reserved values                 0-63
-ATT-CHALLENGE-RESPONSE          64
-
-transited encoding type         tr-type value
-DOMAIN-X500-COMPRESS            1
-reserved values                 all others
-
-
-
-Label               Value   Meaning or MIT code
-
-pvno                    5   current Kerberos protocol version number
-
-message types
-
-KRB_AS_REQ             10   Request for initial authentication
-KRB_AS_REP             11   Response to KRB_AS_REQ request
-KRB_TGS_REQ            12   Request for authentication based on TGT
-KRB_TGS_REP            13   Response to KRB_TGS_REQ request
-KRB_AP_REQ             14   application request to server
-KRB_AP_REP             15   Response to KRB_AP_REQ_MUTUAL
-KRB_SAFE               20   Safe (checksummed) application message
-KRB_PRIV               21   Private (encrypted) application message
-KRB_CRED               22   Private (encrypted) message to forward credentials
-KRB_ERROR              30   Error response
-
-
-Section 8.3.               - 93 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-name types
-
-KRB_NT_UNKNOWN       0   Name type not known
-KRB_NT_PRINCIPAL     1   Just the name of the principal as in DCE, or for users
-KRB_NT_SRV_INST      2   Service and other unique instance (krbtgt)
-KRB_NT_SRV_HST       3   Service with host name as instance (telnet, rcommands)
-KRB_NT_SRV_XHST      4   Service with host as remaining components
-KRB_NT_UID           5   Unique ID
-
-error codes
-
-KDC_ERR_NONE                    0   No error
-KDC_ERR_NAME_EXP                1   Client's entry in database has expired
-KDC_ERR_SERVICE_EXP             2   Server's entry in database has expired
-KDC_ERR_BAD_PVNO                3   Requested protocol version number not supported
-KDC_ERR_C_OLD_MAST_KVNO         4   Client's key encrypted in old master key
-KDC_ERR_S_OLD_MAST_KVNO         5   Server's key encrypted in old master key
-KDC_ERR_C_PRINCIPAL_UNKNOWN     6   Client not found in Kerberos database
-KDC_ERR_S_PRINCIPAL_UNKNOWN     7   Server not found in Kerberos database
-KDC_ERR_PRINCIPAL_NOT_UNIQUE    8   Multiple principal entries in database
-KDC_ERR_NULL_KEY                9   The client or server has a null key
-KDC_ERR_CANNOT_POSTDATE        10   Ticket not eligible for postdating
-KDC_ERR_NEVER_VALID            11   Requested start time is later than end time
-KDC_ERR_POLICY                 12   KDC policy rejects request
-KDC_ERR_BADOPTION              13   KDC cannot accommodate requested option
-KDC_ERR_ETYPE_NOSUPP           14   KDC has no support for encryption type
-KDC_ERR_SUMTYPE_NOSUPP         15   KDC has no support for checksum type
-KDC_ERR_PADATA_TYPE_NOSUPP     16   KDC has no support for padata type
-KDC_ERR_TRTYPE_NOSUPP          17   KDC has no support for transited type
-KDC_ERR_CLIENT_REVOKED         18   Clients credentials have been revoked
-KDC_ERR_SERVICE_REVOKED        19   Credentials for server have been revoked
-KDC_ERR_TGT_REVOKED            20   TGT has been revoked
-KDC_ERR_CLIENT_NOTYET          21   Client not yet valid - try again later
-KDC_ERR_SERVICE_NOTYET         22   Server not yet valid - try again later
-KDC_ERR_KEY_EXPIRED            23   Password has expired - change password to reset
-KDC_ERR_PREAUTH_FAILED         24   Pre-authentication information was invalid
-KDC_ERR_PREAUTH_REQUIRED       25   Additional pre-authenticationrequired-
-KDC_ERR_SERVER_NOMATCH         26   Requested server and ticket don't match
-KDC_ERR_MUST_USE_USER2USER     27   Server principal valid for user2user only
-KDC_ERR_PATH_NOT_ACCPETED      28   KDC Policy rejects transited path
-KRB_AP_ERR_BAD_INTEGRITY       31   Integrity check on decrypted field failed
-KRB_AP_ERR_TKT_EXPIRED         32   Ticket expired
-KRB_AP_ERR_TKT_NYV             33   Ticket not yet valid
-KRB_AP_ERR_REPEAT              34   Request is a replay
-KRB_AP_ERR_NOT_US              35   The ticket isn't for us
-KRB_AP_ERR_BADMATCH            36   Ticket and authenticator don't match
-KRB_AP_ERR_SKEW                37   Clock skew too great
-KRB_AP_ERR_BADADDR             38   Incorrect net address
-KRB_AP_ERR_BADVERSION          39   Protocol version mismatch
-KRB_AP_ERR_MSG_TYPE            40   Invalid msg type
-KRB_AP_ERR_MODIFIED            41   Message stream modified
-KRB_AP_ERR_BADORDER            42   Message out of order
-KRB_AP_ERR_BADKEYVER           44   Specified version of key is not available
-KRB_AP_ERR_NOKEY               45   Service key not available
-KRB_AP_ERR_MUT_FAIL            46   Mutual authentication failed
-KRB_AP_ERR_BADDIRECTION        47   Incorrect message direction
-KRB_AP_ERR_METHOD              48   Alternative authentication method required
-KRB_AP_ERR_BADSEQ              49   Incorrect sequence number in message
-
-
-
-Section 8.3.               - 94 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-KRB_AP_ERR_INAPP_CKSUM         50   Inappropriate type of checksum in message
-KRB_ERR_GENERIC                60   Generic error (description in e-text)
-KRB_ERR_FIELD_TOOLONG          61   Field is too long for this implementation
-KDC_ERROR_CLIENT_NOT_TRUSTED   62   (pkinit)
-KDC_ERROR_KDC_NOT_TRUSTED      63   (pkinit)
-KDC_ERROR_INVALID_SIG          64   (pkinit)
-KDC_ERR_KEY_TOO_WEAK           65   (pkinit)
-
-
-9.  Interoperability requirements
-
-     Version 5 of the Kerberos protocol supports a myriad of
-options.   Among  these are multiple encryption and checksum
-types, alternative encoding schemes for the transited field,
-optional  mechanisms for pre-authentication, the handling of
-tickets with no addresses, options  for  mutual  authentica-
-tion, user to user authentication, support for proxies, for-
-warding, postdating, and renewing  tickets,  the  format  of
-realm names, and the handling of authorization data.
-
-     In order to ensure the interoperability of  realms,  it
-is necessary to define a minimal configuration which must be
-supported by all implementations.  This  minimal  configura-
-tion  is subject to change as technology does.  For example,
-if at some later date it  is  discovered  that  one  of  the
-required encryption or checksum algorithms is not secure, it
-will be replaced.
-
-9.1.  Specification 1
-
-     This section defines the first specification  of  these
-options.   Implementations  which are configured in this way
-can be said to support Kerberos Version  5  Specification  1
-(5.1).
-
-Encryption and checksum methods
-
-The following encryption and  checksum  mechanisms  must  be
-supported.   Implementations may support other mechanisms as
-well, but the additional mechanisms may only  be  used  when
-communicating with principals known to also support them:
-This list is to be determined.
-Encryption: DES-CBC-MD5
-Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5
-
-
-__________________________
-- This error carries additional information in  the  e-
-data  field.  The contents of the e-data field for this
-message is described in section 5.9.1.
-
-
-
-Section 9.1.               - 95 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-Realm Names
-
-All implementations must understand hierarchical  realms  in
-both the Internet Domain and the X.500 style.  When a ticket
-granting ticket for an unknown realm is requested,  the  KDC
-must  be  able  to  determine  the names of the intermediate
-realms between the KDCs realm and the requested realm.
-
-Transited field encoding
-
-DOMAIN-X500-COMPRESS (described in section 3.3.3.2) must  be
-supported.  Alternative encodings may be supported, but they
-may be used only when that  encoding  is  supported  by  ALL
-intermediate realms.
-
-Pre-authentication methods
-
-The TGS-REQ method must be supported.  The TGS-REQ method is
-not  used  on  the  initial  request.   The PA-ENC-TIMESTAMP
-method must be  supported  by  clients  but  whether  it  is
-enabled  by  default  may  be determined on a realm by realm
-basis.  If not used in the initial  request  and  the  error
-KDC_ERR_PREAUTH_REQUIRED   is  returned  specifying  PA-ENC-
-TIMESTAMP as an acceptable method, the client  should  retry
-the   initial   request   using  the  PA-ENC-TIMESTAMP  pre-
-authentication method.  Servers need  not  support  the  PA-
-ENC-TIMESTAMP method, but if not supported the server should
-ignore the presence of  PA-ENC-TIMESTAMP  pre-authentication
-in a request.
-
-Mutual authentication
-
-Mutual authentication (via the KRB_AP_REP message)  must  be
-supported.
-
-
-Ticket addresses and flags
-
-All KDC's must pass on tickets that carry no addresses (i.e.
-if  a TGT contains no addresses, the KDC will return deriva-
-tive tickets), but each realm may set  its  own  policy  for
-issuing  such  tickets, and each application server will set
-its own policy with respect to accepting them.
-
-     Proxies and forwarded tickets must be supported.  Indi-
-vidual realms and application servers can set their own pol-
-icy on when such tickets will be accepted.
-
-     All implementations must recognize renewable and  post-
-dated  tickets,  but  need  not actually implement them.  If
-these options are not supported, the starttime  and  endtime
-in  the  ticket shall specify a ticket's entire useful life.
-When a postdated ticket is decoded by a server,  all  imple-
-mentations  shall  make  the  presence of the postdated flag
-
-
-Section 9.1.               - 96 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-visible to the calling server.
-
-User-to-user authentication
-
-Support for user to user authentication  (via  the  ENC-TKT-
-IN-SKEY KDC option) must be provided by implementations, but
-individual realms may decide as a matter of policy to reject
-such requests on a per-principal or realm-wide basis.
-
-Authorization data
-
-Implementations must pass all authorization  data  subfields
-from  ticket-granting  tickets  to  any  derivative  tickets
-unless directed to suppress a subfield as part of the defin-
-ition   of  that  registered  subfield  type  (it  is  never
-incorrect to pass on a subfield, and no registered  subfield
-types presently specify suppression at the KDC).
-
-     Implementations must make the contents of any  authori-
-zation  data subfields available to the server when a ticket
-is used.  Implementations are not required to allow  clients
-to specify the contents of the authorization data fields.
-
-9.2.  Recommended KDC values
-
-Following is a list of recommended values for a  KDC  imple-
-mentation, based on the list of suggested configuration con-
-stants (see section 4.4).
-
-minimum lifetime    5 minutes
-
-maximum renewable lifetime1 week
-
-maximum ticket lifetime1 day
-
-empty addresses     only when suitable  restrictions  appear
-                    in authorization data
-
-proxiable, etc.     Allowed.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Section 9.2.               - 97 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-10.  REFERENCES
-
-
-
-1.   B. Clifford Neuman and Theodore Y. Ts'o, "An  Authenti-
-     cation  Service for Computer Networks," IEEE Communica-
-     tions Magazine, Vol. 32(9), pp. 33-38 (September 1994).
-
-2.   S. P. Miller, B. C. Neuman, J. I. Schiller, and  J.  H.
-     Saltzer,  Section  E.2.1:  Kerberos  Authentication and
-     Authorization System, M.I.T. Project Athena, Cambridge,
-     Massachusetts (December 21, 1987).
-
-3.   J. G. Steiner, B. C. Neuman, and J. I. Schiller,  "Ker-
-     beros:  An Authentication Service for Open Network Sys-
-     tems," pp. 191-202 in  Usenix  Conference  Proceedings,
-     Dallas, Texas (February, 1988).
-
-4.   Roger M.  Needham  and  Michael  D.  Schroeder,  "Using
-     Encryption for Authentication in Large Networks of Com-
-     puters,"  Communications  of  the  ACM,  Vol.   21(12),
-     pp. 993-999 (December, 1978).
-
-5.   Dorothy E. Denning and  Giovanni  Maria  Sacco,  "Time-
-     stamps  in  Key Distribution Protocols," Communications
-     of the ACM, Vol. 24(8), pp. 533-536 (August 1981).
-
-6.   John T. Kohl, B. Clifford Neuman, and Theodore Y. Ts'o,
-     "The Evolution of the Kerberos Authentication Service,"
-     in an IEEE Computer Society Text soon to  be  published
-     (June 1992).
-
-7.   B.  Clifford  Neuman,  "Proxy-Based  Authorization  and
-     Accounting  for Distributed Systems," in Proceedings of
-     the 13th International Conference on  Distributed  Com-
-     puting Systems, Pittsburgh, PA (May, 1993).
-
-8.   Don Davis and Ralph Swick,  "Workstation  Services  and
-     Kerberos  Authentication  at Project Athena," Technical
-     Memorandum TM-424,  MIT Laboratory for Computer Science
-     (February 1990).
-
-9.   P. J. Levine, M. R. Gretzinger, J. M. Diaz, W. E.  Som-
-     merfeld,  and  K. Raeburn, Section E.1: Service Manage-
-     ment System, M.I.T.  Project  Athena,  Cambridge,  Mas-
-     sachusetts (1987).
-
-10.  CCITT, Recommendation X.509: The Directory  Authentica-
-     tion Framework, December 1988.
-
-11.  J. Pato, Using  Pre-Authentication  to  Avoid  Password
-     Guessing  Attacks, Open Software Foundation DCE Request
-     for Comments 26 (December 1992).
-
-
-
-Section 10.                - 98 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-12.  National Bureau of Standards, U.S. Department  of  Com-
-     merce,  "Data Encryption Standard," Federal Information
-     Processing Standards Publication  46,   Washington,  DC
-     (1977).
-
-13.  National Bureau of Standards, U.S. Department  of  Com-
-     merce,  "DES  Modes  of Operation," Federal Information
-     Processing Standards Publication 81,   Springfield,  VA
-     (December 1980).
-
-14.  Stuart G. Stubblebine and Virgil D. Gligor, "On Message
-     Integrity  in  Cryptographic Protocols," in Proceedings
-     of the IEEE  Symposium  on  Research  in  Security  and
-     Privacy, Oakland, California (May 1992).
-
-15.  International Organization  for  Standardization,  "ISO
-     Information  Processing  Systems - Data Communication -
-     High-Level Data Link Control Procedure -  Frame  Struc-
-     ture," IS 3309 (October 1984).  3rd Edition.
-
-16.  R. Rivest, "The  MD4  Message  Digest  Algorithm,"  RFC
-     1320,   MIT  Laboratory  for  Computer  Science  (April
-     1992).
-
-17.  R. Rivest, "The  MD5  Message  Digest  Algorithm,"  RFC
-     1321,   MIT  Laboratory  for  Computer  Science  (April
-     1992).
-
-18.  H. Krawczyk, M. Bellare, and R. Canetti, "HMAC:  Keyed-
-     Hashing  for  Message  Authentication,"  Working  Draft
-     draft-ietf-ipsec-hmac-md5-01.txt,   (August 1996).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Section 10.                - 99 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-A.  Pseudo-code for protocol processing
-
-     This appendix provides pseudo-code describing  how  the
-messages  are  to  be constructed and interpreted by clients
-and servers.
-
-A.1.  KRB_AS_REQ generation
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_AS_REQ */
-
-        if(pa_enc_timestamp_required) then
-                request.padata.padata-type = PA-ENC-TIMESTAMP;
-                get system_time;
-                padata-body.patimestamp,pausec = system_time;
-                encrypt padata-body into request.padata.padata-value
-                        using client.key; /* derived from password */
-        endif
-
-        body.kdc-options := users's preferences;
-        body.cname := user's name;
-        body.realm := user's realm;
-        body.sname := service's name; /* usually "krbtgt",  "localrealm" */
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-        omit body.enc-authorization-data;
-        request.req-body := body;
-
-        kerberos := lookup(name of local kerberos server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-A.2.  KRB_AS_REQ verification and KRB_AS_REP generation
-        decode message into req;
-
-        client := lookup(req.cname,req.realm);
-        server := lookup(req.sname,req.realm);
-
-
-Section A.2.              - 100 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-
-        get system_time;
-        kdc_time := system_time.seconds;
-
-        if (!client) then
-                /* no client in Database */
-                error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-        endif
-        if (!server) then
-                /* no server in Database */
-                error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-        endif
-
-        if(client.pa_enc_timestamp_required and
-           pa_enc_timestamp not present) then
-                error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-        endif
-
-        if(pa_enc_timestamp present) then
-                decrypt req.padata-value into decrypted_enc_timestamp
-                        using client.key;
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                if(decrypted_enc_timestamp is not within allowable skew) then
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                if(decrypted_enc_timestamp and usec is replay)
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                add decrypted_enc_timestamp and usec to replay cache;
-        endif
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := req.srealm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        if (req.kdc-options.FORWARDABLE is set) then
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.PROXIABLE is set) then
-                set new_tkt.flags.PROXIABLE;
-        endif
-
-
-Section A.2.              - 101 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if ((req.kdc-options.RENEW is set) or
-            (req.kdc-options.VALIDATE is set) or
-            (req.kdc-options.PROXY is set) or
-            (req.kdc-options.FORWARDED is set) or
-            (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.session := random_session_key();
-        new_tkt.cname := req.cname;
-        new_tkt.crealm := req.crealm;
-        new_tkt.transited := empty_transited_field();
-
-        new_tkt.authtime := kdc_time;
-
-        if (req.kdc-options.POSTDATED is set) then
-           if (against_postdate_policy(req.from)) then
-                error_out(KDC_ERR_POLICY);
-           endif
-           set new_tkt.flags.POSTDATED;
-           set new_tkt.flags.INVALID;
-           new_tkt.starttime := req.from;
-        else
-           omit new_tkt.starttime; /* treated as authtime when omitted */
-        endif
-        if (req.till = 0) then
-                till := infinity;
-        else
-                till := req.till;
-        endif
-
-        new_tkt.endtime := min(till,
-                              new_tkt.starttime+client.max_life,
-                              new_tkt.starttime+server.max_life,
-                              new_tkt.starttime+max_life_for_realm);
-
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (new_tkt.endtime < req.till)) then
-                /* we set the RENEWABLE option for later processing */
-                set req.kdc-options.RENEWABLE;
-                req.rtime := req.till;
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if (req.kdc-options.RENEWABLE is set) then
-                set new_tkt.flags.RENEWABLE;
-
-
-Section A.2.              - 102 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                new_tkt.renew-till := min(rtime,
-                                          new_tkt.starttime+client.max_rlife,
-                                          new_tkt.starttime+server.max_rlife,
-                                          new_tkt.starttime+max_rlife_for_realm);
-        else
-                omit new_tkt.renew-till; /* only present if RENEWABLE */
-        endif
-
-        if (req.addresses) then
-                new_tkt.caddr := req.addresses;
-        else
-                omit new_tkt.caddr;
-        endif
-
-        new_tkt.authorization_data := empty_authorization_data();
-
-        encode to-be-encrypted part of ticket into OCTET STRING;
-        new_tkt.enc-part := encrypt OCTET STRING
-                using etype_for_key(server.key), server.key, server.p_kvno;
-
-
-        /* Start processing the response */
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_AS_REP;
-        resp.cname := req.cname;
-        resp.crealm := req.realm;
-        resp.ticket := new_tkt;
-
-        resp.key := new_tkt.session;
-        resp.last-req := fetch_last_request_info(client);
-        resp.nonce := req.nonce;
-        resp.key-expiration := client.expiration;
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        resp.realm := new_tkt.realm;
-        resp.sname := new_tkt.sname;
-
-        resp.caddr := new_tkt.caddr;
-
-        encode body of reply into OCTET STRING;
-
-        resp.enc-part := encrypt OCTET STRING
-                         using use_etype, client.key, client.p_kvno;
-        send(resp);
-
-
-
-Section A.2.              - 103 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-A.3.  KRB_AS_REP verification
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) then
-                        set pa_enc_timestamp_required;
-                        goto KRB_AS_REQ;
-                endif
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key */
-        /* from the response immediately */
-
-        key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
-                                 resp.padata);
-        unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and key;
-        zero(key);
-
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        if near(resp.princ_exp) then
-                print(warning message);
-        endif
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.4.  KRB_AS_REP and KRB_TGS_REP common checks
-        if (decryption_error() or
-            (req.cname != resp.cname) or
-            (req.realm != resp.crealm) or
-            (req.sname != resp.sname) or
-            (req.realm != resp.realm) or
-            (req.nonce != resp.nonce) or
-            (req.addresses != resp.caddr)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        /* make sure no flags are set that shouldn't be, and that all that */
-        /* should be are set                                               */
-        if (!check_flags_for_compatability(req.kdc-options,resp.flags)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.from = 0) and
-            (resp.starttime is not within allowable skew)) then
-                destroy resp.key;
-                return KRB_AP_ERR_SKEW;
-
-
-Section A.4.              - 104 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        endif
-        if ((req.from != 0) and (req.from != resp.starttime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.till != 0) and (resp.endtime > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (resp.flags.RENEWABLE) and
-            (req.till != 0) and
-            (resp.renew-till > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-A.5.  KRB_TGS_REQ generation
-        /* Note that make_application_request might have to recursivly     */
-        /* call this routine to get the appropriate ticket-granting ticket */
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-        body.kdc-options := users's preferences;
-        /* If the TGT is not for the realm of the end-server  */
-        /* then the sname will be for a TGT for the end-realm */
-        /* and the realm of the requested ticket (body.realm) */
-        /* will be that of the TGS to which the TGT we are    */
-        /* sending applies                                    */
-        body.sname := service's name;
-        body.realm := service's realm;
-
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-
-
-Section A.5.              - 105 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        endif
-
-        body.enc-authorization-data := user-supplied data;
-        if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                body.additional-tickets_ticket := second TGT;
-        endif
-
-        request.req-body := body;
-        check := generate_checksum (req.body,checksumtype);
-
-        request.padata[0].padata-type := PA-TGS-REQ;
-        request.padata[0].padata-value := create a KRB_AP_REQ using
-                                      the TGT and checksum
-
-        /* add in any other padata as required/supplied */
-
-        kerberos := lookup(name of local kerberose server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-A.6.  KRB_TGS_REQ verification and KRB_TGS_REP generation
-        /* note that reading the application request requires first
-        determining the server for which a ticket was issued, and choosing the
-        correct key for decryption.  The name of the server appears in the
-        plaintext part of the ticket. */
-
-        if (no KRB_AP_REQ in req.padata) then
-                error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-        endif
-        verify KRB_AP_REQ in req.padata;
-
-        /* Note that the realm in which the Kerberos server is operating is
-        determined by the instance from the ticket-granting ticket.  The realm
-        in the ticket-granting ticket is the realm under which the ticket
-        granting ticket was issued.  It is possible for a single Kerberos
-        server to support more than one realm. */
-
-        auth_hdr := KRB_AP_REQ;
-        tgt := auth_hdr.ticket;
-
-        if (tgt.sname is not a TGT for local realm and is not req.sname) then
-                error_out(KRB_AP_ERR_NOT_US);
-
-        realm := realm_tgt_is_for(tgt);
-
-        decode remainder of request;
-
-        if (auth_hdr.authenticator.cksum is missing) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-
-Section A.6.              - 106 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        if (auth_hdr.authenticator.cksum type is not supported) then
-                error_out(KDC_ERR_SUMTYPE_NOSUPP);
-        endif
-        if (auth_hdr.authenticator.cksum is not both collision-proof and keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-        set computed_checksum := checksum(req);
-        if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        server := lookup(req.sname,realm);
-
-        if (!server) then
-                if (is_foreign_tgt_name(server)) then
-                        server := best_intermediate_tgs(server);
-                else
-                        /* no server in Database */
-                        error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-                endif
-        endif
-
-        session := generate_random_session_key();
-
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := realm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        new_tkt.caddr := tgt.caddr;
-        resp.caddr := NULL; /* We only include this if they change */
-        if (req.kdc-options.FORWARDABLE is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.FORWARDED is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDED;
-
-
-Section A.6.              - 107 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-        if (tgt.flags.FORWARDED is set) then
-                set new_tkt.flags.FORWARDED;
-        endif
-
-        if (req.kdc-options.PROXIABLE is set) then
-                if (tgt.flags.PROXIABLE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXIABLE;
-        endif
-        if (req.kdc-options.PROXY is set) then
-                if (tgt.flags.PROXIABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXY;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                if (tgt.flags.MAY-POSTDATE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if (req.kdc-options.POSTDATED is set) then
-                if (tgt.flags.MAY-POSTDATE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                if (against_postdate_policy(req.from)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                new_tkt.starttime := req.from;
-        endif
-
-
-        if (req.kdc-options.VALIDATE is set) then
-                if (tgt.flags.INVALID is reset) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                if (tgt.starttime > kdc_time) then
-                        error_out(KRB_AP_ERR_NYV);
-                endif
-                if (check_hot_list(tgt)) then
-                        error_out(KRB_AP_ERR_REPEAT);
-                endif
-                tkt := tgt;
-                reset new_tkt.flags.INVALID;
-        endif
-
-
-Section A.6.              - 108 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                             and those already processed) is set) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.authtime := tgt.authtime;
-
-        if (req.kdc-options.RENEW is set) then
-          /* Note that if the endtime has already passed, the ticket would  */
-          /* have been rejected in the initial authentication stage, so     */
-          /* there is no need to check again here                           */
-                if (tgt.flags.RENEWABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                if (tgt.renew-till >= kdc_time) then
-                        error_out(KRB_AP_ERR_TKT_EXPIRED);
-                endif
-                tkt := tgt;
-                new_tkt.starttime := kdc_time;
-                old_life := tgt.endttime - tgt.starttime;
-                new_tkt.endtime := min(tgt.renew-till,
-                                       new_tkt.starttime + old_life);
-        else
-                new_tkt.starttime := kdc_time;
-                if (req.till = 0) then
-                        till := infinity;
-                else
-                        till := req.till;
-                endif
-                new_tkt.endtime := min(till,
-                                       new_tkt.starttime+client.max_life,
-                                       new_tkt.starttime+server.max_life,
-                                       new_tkt.starttime+max_life_for_realm,
-                                       tgt.endtime);
-
-                if ((req.kdc-options.RENEWABLE-OK is set) and
-                    (new_tkt.endtime < req.till) and
-                    (tgt.flags.RENEWABLE is set) then
-                        /* we set the RENEWABLE option for later processing */
-                        set req.kdc-options.RENEWABLE;
-                        req.rtime := min(req.till, tgt.renew-till);
-                endif
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (tgt.flags.RENEWABLE is set)) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-
-
-Section A.6.              - 109 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                                          new_tkt.starttime+client.max_rlife,
-                                          new_tkt.starttime+server.max_rlife,
-                                          new_tkt.starttime+max_rlife_for_realm,
-                                          tgt.renew-till);
-        else
-                new_tkt.renew-till := OMIT; /* leave the renew-till field out */
-        endif
-        if (req.enc-authorization-data is present) then
-                decrypt req.enc-authorization-data into decrypted_authorization_data
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                endif
-        endif
-        new_tkt.authorization_data := req.auth_hdr.ticket.authorization_data +
-                                 decrypted_authorization_data;
-
-        new_tkt.key := session;
-        new_tkt.crealm := tgt.crealm;
-        new_tkt.cname := req.auth_hdr.ticket.cname;
-
-        if (realm_tgt_is_for(tgt) := tgt.realm) then
-                /* tgt issued by local realm */
-                new_tkt.transited := tgt.transited;
-        else
-                /* was issued for this realm by some other realm */
-                if (tgt.transited.tr-type not supported) then
-                        error_out(KDC_ERR_TRTYPE_NOSUPP);
-                endif
-                new_tkt.transited := compress_transited(tgt.transited + tgt.realm)
-        endif
-
-        encode encrypted part of new_tkt into OCTET STRING;
-        if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                if (server not specified) then
-                        server = req.second_ticket.client;
-                endif
-                if ((req.second_ticket is not a TGT) or
-                    (req.second_ticket.client != server)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-
-                new_tkt.enc-part := encrypt OCTET STRING using
-                        using etype_for_key(second-ticket.key), second-ticket.key;
-        else
-                new_tkt.enc-part := encrypt OCTET STRING
-                        using etype_for_key(server.key), server.key, server.p_kvno;
-        endif
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_TGS_REP;
-        resp.crealm := tgt.crealm;
-        resp.cname := tgt.cname;
-
-
-
-Section A.6.              - 110 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        resp.ticket := new_tkt;
-
-        resp.key := session;
-        resp.nonce := req.nonce;
-        resp.last-req := fetch_last_request_info(client);
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        omit resp.key-expiration;
-
-        resp.sname := new_tkt.sname;
-        resp.realm := new_tkt.realm;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-
-        encode body of reply into OCTET STRING;
-
-        if (req.padata.authenticator.subkey)
-                resp.enc-part := encrypt OCTET STRING using use_etype,
-                        req.padata.authenticator.subkey;
-        else resp.enc-part := encrypt OCTET STRING using use_etype, tgt.key;
-
-        send(resp);
-
-A.7.  KRB_TGS_REP verification
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key from
-        the response immediately */
-
-        if (req.padata.authenticator.subkey)
-                unencrypted part of resp := decode of decrypt of resp.enc-part
-                        using resp.enc-part.etype and subkey;
-        else unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and tgt's session key;
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        check authorization_data as necessary;
-        save_for_later(ticket,session,client,server,times,flags);
-
-
-
-Section A.7.              - 111 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-A.8.  Authenticator generation
-        body.authenticator-vno := authenticator vno; /* = 5 */
-        body.cname, body.crealm := client name;
-        if (supplying checksum) then
-                body.cksum := checksum;
-        endif
-        get system_time;
-        body.ctime, body.cusec := system_time;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-A.9.  KRB_AP_REQ generation
-        obtain ticket and session_key from cache;
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REQ */
-
-        if (desired(MUTUAL_AUTHENTICATION)) then
-                set packet.ap-options.MUTUAL-REQUIRED;
-        else
-                reset packet.ap-options.MUTUAL-REQUIRED;
-        endif
-        if (using session key for ticket) then
-                set packet.ap-options.USE-SESSION-KEY;
-        else
-                reset packet.ap-options.USE-SESSION-KEY;
-        endif
-        packet.ticket := ticket; /* ticket */
-        generate authenticator;
-        encode authenticator into OCTET STRING;
-        encrypt OCTET STRING into packet.authenticator using session_key;
-
-A.10.  KRB_AP_REQ verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REQ) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.ticket.tkt_vno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.ap_options.USE-SESSION-KEY is set) then
-                retrieve session key from ticket-granting ticket for
-                 packet.ticket.{sname,srealm,enc-part.etype};
-
-
-Section A.10.             - 112 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        else
-                retrieve service key for
-                 packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno};
-        endif
-        if (no_key_available) then
-                if (cannot_find_specified_skvno) then
-                        error_out(KRB_AP_ERR_BADKEYVER);
-                else
-                        error_out(KRB_AP_ERR_NOKEY);
-                endif
-        endif
-        decrypt packet.ticket.enc-part into decr_ticket using retrieved key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        decrypt packet.authenticator into decr_authenticator
-                using decr_ticket.key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (decr_authenticator.{cname,crealm} !=
-            decr_ticket.{cname,crealm}) then
-                error_out(KRB_AP_ERR_BADMATCH);
-        endif
-        if (decr_ticket.caddr is present) then
-                if (sender_address(packet) is not in decr_ticket.caddr) then
-                        error_out(KRB_AP_ERR_BADADDR);
-                endif
-        elseif (application requires addresses) then
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(decr_authenticator.ctime,
-                              decr_authenticator.cusec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(decr_authenticator.{ctime,cusec,cname,crealm})) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-        get system_time;
-        if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-            (decr_ticket.flags.INVALID is set)) then
-                /* it hasn't yet become valid */
-                error_out(KRB_AP_ERR_TKT_NYV);
-        endif
-        if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                error_out(KRB_AP_ERR_TKT_EXPIRED);
-        endif
-        /* caller must check decr_ticket.flags for any pertinent details */
-        return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-A.11.  KRB_AP_REP generation
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REP */
-
-
-Section A.11.             - 113 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        body.ctime := packet.ctime;
-        body.cusec := packet.cusec;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part;
-
-A.12.  KRB_AP_REP verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REP) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        cleartext := decrypt(packet.enc-part) using ticket's session key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (cleartext.ctime != authenticator.ctime) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.cusec != authenticator.cusec) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.subkey is present) then
-                save cleartext.subkey for future use;
-        endif
-        if (cleartext.seq-number is present) then
-                save cleartext.seq-number for future verifications;
-        endif
-        return(AUTHENTICATION_SUCCEEDED);
-
-A.13.  KRB_SAFE generation
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_SAFE */
-
-        body.user-data := buffer; /* DATA */
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-
-
-Section A.13.             - 114 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-        checksum.cksumtype := checksum type;
-        compute checksum over body;
-        checksum.checksum := checksum value; /* checksum.checksum */
-        packet.cksum := checksum;
-        packet.safe-body := body;
-
-A.14.  KRB_SAFE verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_SAFE) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.checksum.cksumtype is not both collision-proof and keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-        if (safe_priv_common_checks_ok(packet)) then
-                set computed_checksum := checksum(packet.body);
-                if (computed_checksum != packet.checksum) then
-                        error_out(KRB_AP_ERR_MODIFIED);
-                endif
-                return (packet, PACKET_IS_GENUINE);
-        else
-                return common_checks_error;
-        endif
-
-A.15.  KRB_SAFE and KRB_PRIV common checks
-        if (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (((packet.timestamp is present) and
-             (not in_clock_skew(packet.timestamp,packet.usec))) or
-            (packet.timestamp is not present and timestamp expected)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-
-
-Section A.15.             - 115 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-        if (((packet.seq-number is present) and
-             ((not in_sequence(packet.seq-number)))) or
-            (packet.seq-number is not present and sequence expected)) then
-                error_out(KRB_AP_ERR_BADORDER);
-        endif
-        if (packet.timestamp not present and packet.seq-number not present) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        save_identifier(packet.{timestamp,usec,s-address},
-                        sender_principal(packet));
-
-        return PACKET_IS_OK;
-
-A.16.  KRB_PRIV generation
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_PRIV */
-
-        packet.enc-part.etype := encryption type;
-
-        body.user-data := buffer;
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher;
-
-
-A.17.  KRB_PRIV verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_PRIV) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-
-
-Section A.17.             - 116 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-
-        if (safe_priv_common_checks_ok(cleartext)) then
-                return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
-        else
-                return common_checks_error;
-        endif
-
-A.18.  KRB_CRED generation
-        invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_CRED */
-
-        for (tickets[n] in tickets to be forwarded) do
-                packet.tickets[n] = tickets[n].ticket;
-        done
-
-        packet.enc-part.etype := encryption type;
-
-        for (ticket[n] in tickets to be forwarded) do
-                body.ticket-info[n].key = tickets[n].session;
-                body.ticket-info[n].prealm = tickets[n].crealm;
-                body.ticket-info[n].pname = tickets[n].cname;
-                body.ticket-info[n].flags = tickets[n].flags;
-                body.ticket-info[n].authtime = tickets[n].authtime;
-                body.ticket-info[n].starttime = tickets[n].starttime;
-                body.ticket-info[n].endtime = tickets[n].endtime;
-                body.ticket-info[n].renew-till = tickets[n].renew-till;
-                body.ticket-info[n].srealm = tickets[n].srealm;
-                body.ticket-info[n].sname = tickets[n].sname;
-                body.ticket-info[n].caddr = tickets[n].caddr;
-        done
-
-        get system_time;
-        body.timestamp, body.usec := system_time;
-
-        if (using nonce) then
-                body.nonce := nonce;
-        endif
-
-        if (using s-address) then
-                body.s-address := sender host addresses;
-        endif
-        if (limited recipients) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher
-
-
-Section A.18.             - 117 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-               using negotiated encryption key;
-
-
-A.19.  KRB_CRED verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_CRED) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if ((packet.r-address is present or required) and
-           (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        if (packet.nonce is required or present) and
-           (packet.nonce != expected-nonce) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        for (ticket[n] in tickets that were forwarded) do
-                save_for_later(ticket[n],key[n],principal[n],
-                               server[n],times[n],flags[n]);
-        return
-
-A.20.  KRB_ERROR generation
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_ERROR */
-
-        get system_time;
-        packet.stime, packet.susec := system_time;
-        packet.realm, packet.sname := server name;
-
-        if (client time available) then
-
-
-Section A.20.             - 118 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-                packet.ctime, packet.cusec := client_time;
-        endif
-        packet.error-code := error code;
-        if (client name available) then
-                packet.cname, packet.crealm := client name;
-        endif
-        if (error text available) then
-                packet.e-text := error text;
-        endif
-        if (error data available) then
-                packet.e-data := error data;
-        endif
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-                          - 119 -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-                          - cxx -    Expires 11 January 1998
-
-
-
-
-
-
-
-
-
-
-                     Table of Contents
-
-
-
-
-Overview ..............................................    2
-
-Background ............................................    2
-
-1. Introduction .......................................    3
-
-1.1. Cross-Realm Operation ............................    5
-
-1.2. Authorization ....................................    6
-
-1.3. Environmental assumptions ........................    7
-
-1.4. Glossary of terms ................................    8
-
-2. Ticket flag uses and requests ......................   10
-
-2.1. Initial and pre-authenticated tickets ............   10
-
-2.2. Invalid tickets ..................................   11
-
-2.3. Renewable tickets ................................   11
-
-2.4. Postdated tickets ................................   12
-
-2.5. Proxiable and proxy tickets ......................   12
-
-2.6. Forwardable tickets ..............................   13
-
-2.7. Other KDC options ................................   14
-
-3. Message Exchanges ..................................   14
-
-3.1. The Authentication Service Exchange ..............   14
-
-3.1.1. Generation of KRB_AS_REQ message ...............   16
-
-3.1.2. Receipt of KRB_AS_REQ message ..................   16
-
-3.1.3. Generation of KRB_AS_REP message ...............   16
-
-3.1.4. Generation of KRB_ERROR message ................   19
-
-3.1.5. Receipt of KRB_AS_REP message ..................   19
-
-3.1.6. Receipt of KRB_ERROR message ...................   19
-
-3.2. The Client/Server Authentication Exchange ........   19
-
-3.2.1. The KRB_AP_REQ message .........................   20
-
-
-                           - i -     Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-3.2.2. Generation of a KRB_AP_REQ message .............   20
-
-3.2.3. Receipt of KRB_AP_REQ message ..................   21
-
-3.2.4. Generation of a KRB_AP_REP message .............   23
-
-3.2.5. Receipt of KRB_AP_REP message ..................   23
-
-3.2.6. Using the encryption key .......................   24
-
-3.3. The Ticket-Granting Service (TGS) Exchange .......   25
-
-3.3.1. Generation of KRB_TGS_REQ message ..............   26
-
-3.3.2. Receipt of KRB_TGS_REQ message .................   27
-
-3.3.3. Generation of KRB_TGS_REP message ..............   28
-
-3.3.3.1. Checking for revoked tickets .................   30
-
-3.3.3.2. Encoding the transited field .................   30
-
-3.3.4. Receipt of KRB_TGS_REP message .................   32
-
-3.4. The KRB_SAFE Exchange ............................   32
-
-3.4.1. Generation of a KRB_SAFE message ...............   32
-
-3.4.2. Receipt of KRB_SAFE message ....................   33
-
-3.5. The KRB_PRIV Exchange ............................   34
-
-3.5.1. Generation of a KRB_PRIV message ...............   34
-
-3.5.2. Receipt of KRB_PRIV message ....................   34
-
-3.6. The KRB_CRED Exchange ............................   35
-
-3.6.1. Generation of a KRB_CRED message ...............   35
-
-3.6.2. Receipt of KRB_CRED message ....................   35
-
-4. The Kerberos Database ..............................   36
-
-4.1. Database contents ................................   36
-
-4.2. Additional fields ................................   37
-
-4.3. Frequently Changing Fields .......................   38
-
-4.4. Site Constants ...................................   39
-
-5. Message Specifications .............................   39
-
-
-
-                           - ii -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-5.1. ASN.1 Distinguished Encoding Representation ......   39
-
-5.2. ASN.1 Base Definitions ...........................   40
-
-5.3. Tickets and Authenticators .......................   43
-
-5.3.1. Tickets ........................................   43
-
-5.3.2. Authenticators .................................   52
-
-5.4. Specifications for the AS and TGS exchanges ......   54
-
-5.4.1. KRB_KDC_REQ definition .........................   54
-
-5.4.2. KRB_KDC_REP definition .........................   61
-
-5.5. Client/Server (CS) message specifications ........   64
-
-5.5.1. KRB_AP_REQ definition ..........................   64
-
-5.5.2. KRB_AP_REP definition ..........................   65
-
-5.5.3. Error message reply ............................   67
-
-5.6. KRB_SAFE message specification ...................   67
-
-5.6.1. KRB_SAFE definition ............................   67
-
-5.7. KRB_PRIV message specification ...................   68
-
-5.7.1. KRB_PRIV definition ............................   68
-
-5.8. KRB_CRED message specification ...................   69
-
-5.8.1. KRB_CRED definition ............................   70
-
-5.9. Error message specification ......................   72
-
-5.9.1. KRB_ERROR definition ...........................   72
-
-6. Encryption and Checksum Specifications .............   74
-
-6.1. Encryption Specifications ........................   76
-
-6.2. Encryption Keys ..................................   78
-
-6.3. Encryption Systems ...............................   78
-
-6.3.1. The NULL Encryption System (null) ..............   78
-
-6.3.2. DES in CBC mode with a CRC-32 checksum (des-
-cbc-crc) ..............................................   79
-
-6.3.3. DES in CBC mode with an MD4 checksum (des-
-
-
-                          - iii -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-cbc-md4) ..............................................   79
-
-6.3.4. DES in CBC mode with an MD5 checksum (des-
-cbc-md5) ..............................................   79
-
-6.3.5. Triple DES EDE in outer CBC mode with an SHA1
-checksum (des3-cbc-sha1) ..............................   81
-
-6.4. Checksums ........................................   83
-
-6.4.1. The CRC-32 Checksum (crc32) ....................   84
-
-6.4.2. The RSA MD4 Checksum (rsa-md4) .................   84
-
-6.4.3. RSA MD4 Cryptographic Checksum Using DES
-(rsa-md4-des) .........................................   84
-
-6.4.4. The RSA MD5 Checksum (rsa-md5) .................   85
-
-6.4.5. RSA MD5 Cryptographic Checksum Using DES
-(rsa-md5-des) .........................................   85
-
-6.4.6. DES cipher-block chained checksum (des-mac)
-
-6.4.7. RSA MD4 Cryptographic Checksum Using DES
-alternative (rsa-md4-des-k) ...........................   86
-
-6.4.8. DES cipher-block chained checksum alternative
-(des-mac-k) ...........................................   87
-
-7. Naming Constraints .................................   87
-
-7.1. Realm Names ......................................   87
-
-7.2. Principal Names ..................................   88
-
-7.2.1. Name of server principals ......................   89
-
-8. Constants and other defined values .................   90
-
-8.1. Host address types ...............................   90
-
-8.2. KDC messages .....................................   91
-
-8.2.1. IP transport ...................................   91
-
-8.2.2. OSI transport ..................................   91
-
-8.2.3. Name of the TGS ................................   92
-
-8.3. Protocol constants and associated values .........   92
-
-9. Interoperability requirements ......................   95
-
-
-
-                           - iv -    Expires 11 January 1998
-
-
-
-
-
-
-
-            Version 5 - Specification Revision 6
-
-
-9.1. Specification 1 ..................................   95
-
-9.2. Recommended KDC values ...........................   97
-
-10. REFERENCES ........................................   98
-
-A. Pseudo-code for protocol processing ................  100
-
-A.1. KRB_AS_REQ generation ............................  100
-
-A.2. KRB_AS_REQ verification and KRB_AS_REP genera-
-tion ..................................................  100
-
-A.3. KRB_AS_REP verification ..........................  104
-
-A.4. KRB_AS_REP and KRB_TGS_REP common checks .........  104
-
-A.5. KRB_TGS_REQ generation ...........................  105
-
-A.6. KRB_TGS_REQ verification and KRB_TGS_REP gen-
-eration ...............................................  106
-
-A.7. KRB_TGS_REP verification .........................  111
-
-A.8. Authenticator generation .........................  112
-
-A.9. KRB_AP_REQ generation ............................  112
-
-A.10. KRB_AP_REQ verification .........................  112
-
-A.11. KRB_AP_REP generation ...........................  113
-
-A.12. KRB_AP_REP verification .........................  114
-
-A.13. KRB_SAFE generation .............................  114
-
-A.14. KRB_SAFE verification ...........................  115
-
-A.15. KRB_SAFE and KRB_PRIV common checks .............  115
-
-A.16. KRB_PRIV generation .............................  116
-
-A.17. KRB_PRIV verification ...........................  116
-
-A.18. KRB_CRED generation .............................  117
-
-A.19. KRB_CRED verification ...........................  118
-
-A.20. KRB_ERROR generation ............................  118
-
-
-
-
-
-
-
-                           - v -     Expires 11 January 1998
-
-
-
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-01.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-01.txt
deleted file mode 100644
index 78db9d78f3cb..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-01.txt
+++ /dev/null
@@ -1,6214 +0,0 @@
-
-INTERNET-DRAFT                                          Clifford Neuman
-                                                              John Kohl
-                                                          Theodore Ts'o
-                                                       21 November 1997
-
-The Kerberos Network Authentication Service (V5)
-
-STATUS OF THIS MEMO
-
-This document is an Internet-Draft. Internet-Drafts are working documents of
-the Internet Engineering Task Force (IETF), its areas, and its working
-groups. Note that other groups may also distribute working documents as
-Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six months and
-may be updated, replaced, or obsoleted by other documents at any time. It is
-inappropriate to use Internet-Drafts as reference material or to cite them
-other than as 'work in progress.'
-
-To learn the current status of any Internet-Draft, please check the
-'1id-abstracts.txt' listing contained in the Internet-Drafts Shadow
-Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe),
-ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
-
-The distribution of this memo is unlimited. It is filed as
-draft-ietf-cat-kerberos-r-01.txt, and expires 21 May 1998. Please send
-comments to: krb-protocol@MIT.EDU
-
-ABSTRACT
-
-This document provides an overview and specification of Version 5 of the
-Kerberos protocol, and updates RFC1510 to clarify aspects of the protocol
-and its intended use that require more detailed or clearer explanation than
-was provided in RFC1510. This document is intended to provide a detailed
-description of the protocol, suitable for implementation, together with
-descriptions of the appropriate use of protocol messages and fields within
-those messages.
-
-This document is not intended to describe Kerberos to the end user, system
-administrator, or application developer. Higher level papers describing
-Version 5 of the Kerberos system [NT94] and documenting version 4 [SNS88],
-are available elsewhere.
-
-OVERVIEW
-
-This INTERNET-DRAFT describes the concepts and model upon which the Kerberos
-network authentication system is based. It also specifies Version 5 of the
-Kerberos protocol.
-
-The motivations, goals, assumptions, and rationale behind most design
-decisions are treated cursorily; they are more fully described in a paper
-available in IEEE communications [NT94] and earlier in the Kerberos portion
-of the Athena Technical Plan [MNSS87]. The protocols have been a proposed
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-standard and are being considered for advancement for draft standard through
-the IETF standard process. Comments are encouraged on the presentation, but
-only minor refinements to the protocol as implemented or extensions that fit
-within current protocol framework will be considered at this time.
-
-Requests for addition to an electronic mailing list for discussion of
-Kerberos, kerberos@MIT.EDU, may be addressed to kerberos-request@MIT.EDU.
-This mailing list is gatewayed onto the Usenet as the group
-comp.protocols.kerberos. Requests for further information, including
-documents and code availability, may be sent to info-kerberos@MIT.EDU.
-
-BACKGROUND
-
-The Kerberos model is based in part on Needham and Schroeder's trusted
-third-party authentication protocol [NS78] and on modifications suggested by
-Denning and Sacco [DS81]. The original design and implementation of Kerberos
-Versions 1 through 4 was the work of two former Project Athena staff
-members, Steve Miller of Digital Equipment Corporation and Clifford Neuman
-(now at the Information Sciences Institute of the University of Southern
-California), along with Jerome Saltzer, Technical Director of Project
-Athena, and Jeffrey Schiller, MIT Campus Network Manager. Many other members
-of Project Athena have also contributed to the work on Kerberos.
-
-Version 5 of the Kerberos protocol (described in this document) has evolved
-from Version 4 based on new requirements and desires for features not
-available in Version 4. The design of Version 5 of the Kerberos protocol was
-led by Clifford Neuman and John Kohl with much input from the community. The
-development of the MIT reference implementation was led at MIT by John Kohl
-and Theodore T'so, with help and contributed code from many others.
-Reference implementations of both version 4 and version 5 of Kerberos are
-publicly available and commercial implementations have been developed and
-are widely used.
-
-Details on the differences between Kerberos Versions 4 and 5 can be found in
-[KNT92].
-
-1. Introduction
-
-Kerberos provides a means of verifying the identities of principals, (e.g. a
-workstation user or a network server) on an open (unprotected) network. This
-is accomplished without relying on assertions by the host operating system,
-without basing trust on host addresses, without requiring physical security
-of all the hosts on the network, and under the assumption that packets
-traveling along the network can be read, modified, and inserted at will[1].
-Kerberos performs authentication under these conditions as a trusted
-third-party authentication service by using conventional (shared secret key
-[2] cryptography. Kerberos extensions have been proposed and implemented
-that provide for the use of public key cryptography during certain phases of
-the authentication protocol. These extensions provide for authentication of
-users registered with public key certification authorities, and allow the
-system to provide certain benefits of public key cryptography in situations
-where they are needed.
-
-The basic Kerberos authentication process proceeds as follows: A client
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-sends a request to the authentication server (AS) requesting 'credentials'
-for a given server. The AS responds with these credentials, encrypted in the
-client's key. The credentials consist of 1) a 'ticket' for the server and 2)
-a temporary encryption key (often called a "session key"). The client
-transmits the ticket (which contains the client's identity and a copy of the
-session key, all encrypted in the server's key) to the server. The session
-key (now shared by the client and server) is used to authenticate the
-client, and may optionally be used to authenticate the server. It may also
-be used to encrypt further communication between the two parties or to
-exchange a separate sub-session key to be used to encrypt further
-communication.
-
-Implementation of the basic protocol consists of one or more authentication
-servers running on physically secure hosts. The authentication servers
-maintain a database of principals (i.e., users and servers) and their secret
-keys. Code libraries provide encryption and implement the Kerberos protocol.
-In order to add authentication to its transactions, a typical network
-application adds one or two calls to the Kerberos library directly or
-through the Generic Security Services Application Programming Interface,
-GSSAPI, described in separate document. These calls result in the
-transmission of the necessary messages to achieve authentication.
-
-The Kerberos protocol consists of several sub-protocols (or exchanges).
-There are two basic methods by which a client can ask a Kerberos server for
-credentials. In the first approach, the client sends a cleartext request for
-a ticket for the desired server to the AS. The reply is sent encrypted in
-the client's secret key. Usually this request is for a ticket-granting
-ticket (TGT) which can later be used with the ticket-granting server (TGS).
-In the second method, the client sends a request to the TGS. The client uses
-the TGT to authenticate itself to the TGS in the same manner as if it were
-contacting any other application server that requires Kerberos
-authentication. The reply is encrypted in the session key from the TGT.
-Though the protocol specification describes the AS and the TGS as separate
-servers, they are implemented in practice as different protocol entry points
-within a single Kerberos server.
-
-Once obtained, credentials may be used to verify the identity of the
-principals in a transaction, to ensure the integrity of messages exchanged
-between them, or to preserve privacy of the messages. The application is
-free to choose whatever protection may be necessary.
-
-To verify the identities of the principals in a transaction, the client
-transmits the ticket to the application server. Since the ticket is sent "in
-the clear" (parts of it are encrypted, but this encryption doesn't thwart
-replay) and might be intercepted and reused by an attacker, additional
-information is sent to prove that the message originated with the principal
-to whom the ticket was issued. This information (called the authenticator)
-is encrypted in the session key, and includes a timestamp. The timestamp
-proves that the message was recently generated and is not a replay.
-Encrypting the authenticator in the session key proves that it was generated
-by a party possessing the session key. Since no one except the requesting
-principal and the server know the session key (it is never sent over the
-network in the clear) this guarantees the identity of the client.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-The integrity of the messages exchanged between principals can also be
-guaranteed using the session key (passed in the ticket and contained in the
-credentials). This approach provides detection of both replay attacks and
-message stream modification attacks. It is accomplished by generating and
-transmitting a collision-proof checksum (elsewhere called a hash or digest
-function) of the client's message, keyed with the session key. Privacy and
-integrity of the messages exchanged between principals can be secured by
-encrypting the data to be passed using the session key contained in the
-ticket or the subsession key found in the authenticator.
-
-The authentication exchanges mentioned above require read-only access to the
-Kerberos database. Sometimes, however, the entries in the database must be
-modified, such as when adding new principals or changing a principal's key.
-This is done using a protocol between a client and a third Kerberos server,
-the Kerberos Administration Server (KADM). There is also a protocol for
-maintaining multiple copies of the Kerberos database. Neither of these
-protocols are described in this document.
-
-1.1. Cross-Realm Operation
-
-The Kerberos protocol is designed to operate across organizational
-boundaries. A client in one organization can be authenticated to a server in
-another. Each organization wishing to run a Kerberos server establishes its
-own 'realm'. The name of the realm in which a client is registered is part
-of the client's name, and can be used by the end-service to decide whether
-to honor a request.
-
-By establishing 'inter-realm' keys, the administrators of two realms can
-allow a client authenticated in the local realm to prove its identity to
-servers in other realms[3]. The exchange of inter-realm keys (a separate key
-may be used for each direction) registers the ticket-granting service of
-each realm as a principal in the other realm. A client is then able to
-obtain a ticket-granting ticket for the remote realm's ticket-granting
-service from its local realm. When that ticket-granting ticket is used, the
-remote ticket-granting service uses the inter-realm key (which usually
-differs from its own normal TGS key) to decrypt the ticket-granting ticket,
-and is thus certain that it was issued by the client's own TGS. Tickets
-issued by the remote ticket-granting service will indicate to the
-end-service that the client was authenticated from another realm.
-
-A realm is said to communicate with another realm if the two realms share an
-inter-realm key, or if the local realm shares an inter-realm key with an
-intermediate realm that communicates with the remote realm. An
-authentication path is the sequence of intermediate realms that are
-transited in communicating from one realm to another.
-
-Realms are typically organized hierarchically. Each realm shares a key with
-its parent and a different key with each child. If an inter-realm key is not
-directly shared by two realms, the hierarchical organization allows an
-authentication path to be easily constructed. If a hierarchical organization
-is not used, it may be necessary to consult a database in order to construct
-an authentication path between realms.
-
-Although realms are typically hierarchical, intermediate realms may be
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-bypassed to achieve cross-realm authentication through alternate
-authentication paths (these might be established to make communication
-between two realms more efficient). It is important for the end-service to
-know which realms were transited when deciding how much faith to place in
-the authentication process. To facilitate this decision, a field in each
-ticket contains the names of the realms that were involved in authenticating
-the client.
-
-The application server is ultimately responsible for accepting or rejecting
-authentication and should check the transited field. The application server
-may choose to rely on the KDC for the application server's realm to check
-the transited field. The application server's KDC will set the
-TRANSITED-POLICY-CHECKED flag in this case. The KDC's for intermediate
-realms may also check the transited field as they issue
-ticket-granting-tickets for other realms, but they are encouraged not to do
-so. A client may request that the KDC's not check the transited field by
-setting the DISABLE-TRANSITED-CHECK flag. KDC's are encouraged but not
-required to honor this flag.
-
-1.2. Authorization
-
-As an authentication service, Kerberos provides a means of verifying the
-identity of principals on a network. Authentication is usually useful
-primarily as a first step in the process of authorization, determining
-whether a client may use a service, which objects the client is allowed to
-access, and the type of access allowed for each. Kerberos does not, by
-itself, provide authorization. Possession of a client ticket for a service
-provides only for authentication of the client to that service, and in the
-absence of a separate authorization procedure, it should not be considered
-by an application as authorizing the use of that service.
-
-Such separate authorization methods may be implemented as application
-specific access control functions and may be based on files such as the
-application server, or on separately issued authorization credentials such
-as those based on proxies [Neu93] , or on other authorization services.
-
-Applications should not be modified to accept the issuance of a service
-ticket by the Kerberos server (even by an modified Kerberos server) as
-granting authority to use the service, since such applications may become
-vulnerable to the bypass of this authorization check in an environment if
-they interoperate with other KDCs or where other options for application
-authentication (e.g. the PKTAPP proposal) are provided.
-
-1.3. Environmental assumptions
-
-Kerberos imposes a few assumptions on the environment in which it can
-properly function:
-
-   * 'Denial of service' attacks are not solved with Kerberos. There are
-     places in these protocols where an intruder can prevent an application
-     from participating in the proper authentication steps. Detection and
-     solution of such attacks (some of which can appear to be nnot-uncommon
-     'normal' failure modes for the system) is usually best left to the
-     human administrators and users.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-   * Principals must keep their secret keys secret. If an intruder somehow
-     steals a principal's key, it will be able to masquerade as that
-     principal or impersonate any server to the legitimate principal.
-   * 'Password guessing' attacks are not solved by Kerberos. If a user
-     chooses a poor password, it is possible for an attacker to successfully
-     mount an offline dictionary attack by repeatedly attempting to decrypt,
-     with successive entries from a dictionary, messages obtained which are
-     encrypted under a key derived from the user's password.
-   * Each host on the network must have a clock which is 'loosely
-     synchronized' to the time of the other hosts; this synchronization is
-     used to reduce the bookkeeping needs of application servers when they
-     do replay detection. The degree of "looseness" can be configured on a
-     per-server basis, but is typically on the order of 5 minutes. If the
-     clocks are synchronized over the network, the clock synchronization
-     protocol must itself be secured from network attackers.
-   * Principal identifiers are not recycled on a short-term basis. A typical
-     mode of access control will use access control lists (ACLs) to grant
-     permissions to particular principals. If a stale ACL entry remains for
-     a deleted principal and the principal identifier is reused, the new
-     principal will inherit rights specified in the stale ACL entry. By not
-     re-using principal identifiers, the danger of inadvertent access is
-     removed.
-
-1.4. Glossary of terms
-
-Below is a list of terms used throughout this document.
-
-Authentication
-     Verifying the claimed identity of a principal.
-Authentication header
-     A record containing a Ticket and an Authenticator to be presented to a
-     server as part of the authentication process.
-Authentication path
-     A sequence of intermediate realms transited in the authentication
-     process when communicating from one realm to another.
-Authenticator
-     A record containing information that can be shown to have been recently
-     generated using the session key known only by the client and server.
-Authorization
-     The process of determining whether a client may use a service, which
-     objects the client is allowed to access, and the type of access allowed
-     for each.
-Capability
-     A token that grants the bearer permission to access an object or
-     service. In Kerberos, this might be a ticket whose use is restricted by
-     the contents of the authorization data field, but which lists no
-     network addresses, together with the session key necessary to use the
-     ticket.
-Ciphertext
-     The output of an encryption function. Encryption transforms plaintext
-     into ciphertext.
-Client
-     A process that makes use of a network service on behalf of a user. Note
-     that in some cases a Server may itself be a client of some other server
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     (e.g. a print server may be a client of a file server).
-Credentials
-     A ticket plus the secret session key necessary to successfully use that
-     ticket in an authentication exchange.
-KDC
-     Key Distribution Center, a network service that supplies tickets and
-     temporary session keys; or an instance of that service or the host on
-     which it runs. The KDC services both initial ticket and ticket-granting
-     ticket requests. The initial ticket portion is sometimes referred to as
-     the Authentication Server (or service). The ticket-granting ticket
-     portion is sometimes referred to as the ticket-granting server (or
-     service).
-Kerberos
-     Aside from the 3-headed dog guarding Hades, the name given to Project
-     Athena's authentication service, the protocol used by that service, or
-     the code used to implement the authentication service.
-Plaintext
-     The input to an encryption function or the output of a decryption
-     function. Decryption transforms ciphertext into plaintext.
-Principal
-     A uniquely named client or server instance that participates in a
-     network communication.
-Principal identifier
-     The name used to uniquely identify each different principal.
-Seal
-     To encipher a record containing several fields in such a way that the
-     fields cannot be individually replaced without either knowledge of the
-     encryption key or leaving evidence of tampering.
-Secret key
-     An encryption key shared by a principal and the KDC, distributed
-     outside the bounds of the system, with a long lifetime. In the case of
-     a human user's principal, the secret key is derived from a password.
-Server
-     A particular Principal which provides a resource to network clients.
-     The server is sometimes refered to as the Application Server.
-Service
-     A resource provided to network clients; often provided by more than one
-     server (for example, remote file service).
-Session key
-     A temporary encryption key used between two principals, with a lifetime
-     limited to the duration of a single login "session".
-Sub-session key
-     A temporary encryption key used between two principals, selected and
-     exchanged by the principals using the session key, and with a lifetime
-     limited to the duration of a single association.
-Ticket
-     A record that helps a client authenticate itself to a server; it
-     contains the client's identity, a session key, a timestamp, and other
-     information, all sealed using the server's secret key. It only serves
-     to authenticate a client when presented along with a fresh
-     Authenticator.
-
-2. Ticket flag uses and requests
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-Each Kerberos ticket contains a set of flags which are used to indicate
-various attributes of that ticket. Most flags may be requested by a client
-when the ticket is obtained; some are automatically turned on and off by a
-Kerberos server as required. The following sections explain what the various
-flags mean, and gives examples of reasons to use such a flag.
-
-2.1. Initial and pre-authenticated tickets
-
-The INITIAL flag indicates that a ticket was issued using the AS protocol
-and not issued based on a ticket-granting ticket. Application servers that
-want to require the demonstrated knowledge of a client's secret key (e.g. a
-password-changing program) can insist that this flag be set in any tickets
-they accept, and thus be assured that the client's key was recently
-presented to the application client.
-
-The PRE-AUTHENT and HW-AUTHENT flags provide addition information about the
-initial authentication, regardless of whether the current ticket was issued
-directly (in which case INITIAL will also be set) or issued on the basis of
-a ticket-granting ticket (in which case the INITIAL flag is clear, but the
-PRE-AUTHENT and HW-AUTHENT flags are carried forward from the
-ticket-granting ticket).
-
-2.2. Invalid tickets
-
-The INVALID flag indicates that a ticket is invalid. Application servers
-must reject tickets which have this flag set. A postdated ticket will
-usually be issued in this form. Invalid tickets must be validated by the KDC
-before use, by presenting them to the KDC in a TGS request with the VALIDATE
-option specified. The KDC will only validate tickets after their starttime
-has passed. The validation is required so that postdated tickets which have
-been stolen before their starttime can be rendered permanently invalid
-(through a hot-list mechanism) (see section 3.3.3.1).
-
-2.3. Renewable tickets
-
-Applications may desire to hold tickets which can be valid for long periods
-of time. However, this can expose their credentials to potential theft for
-equally long periods, and those stolen credentials would be valid until the
-expiration time of the ticket(s). Simply using short-lived tickets and
-obtaining new ones periodically would require the client to have long-term
-access to its secret key, an even greater risk. Renewable tickets can be
-used to mitigate the consequences of theft. Renewable tickets have two
-"expiration times": the first is when the current instance of the ticket
-expires, and the second is the latest permissible value for an individual
-expiration time. An application client must periodically (i.e. before it
-expires) present a renewable ticket to the KDC, with the RENEW option set in
-the KDC request. The KDC will issue a new ticket with a new session key and
-a later expiration time. All other fields of the ticket are left unmodified
-by the renewal process. When the latest permissible expiration time arrives,
-the ticket expires permanently. At each renewal, the KDC may consult a
-hot-list to determine if the ticket had been reported stolen since its last
-renewal; it will refuse to renew such stolen tickets, and thus the usable
-lifetime of stolen tickets is reduced.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-The RENEWABLE flag in a ticket is normally only interpreted by the
-ticket-granting service (discussed below in section 3.3). It can usually be
-ignored by application servers. However, some particularly careful
-application servers may wish to disallow renewable tickets.
-
-If a renewable ticket is not renewed by its expiration time, the KDC will
-not renew the ticket. The RENEWABLE flag is reset by default, but a client
-may request it be set by setting the RENEWABLE option in the KRB_AS_REQ
-message. If it is set, then the renew-till field in the ticket contains the
-time after which the ticket may not be renewed.
-
-2.4. Postdated tickets
-
-Applications may occasionally need to obtain tickets for use much later,
-e.g. a batch submission system would need tickets to be valid at the time
-the batch job is serviced. However, it is dangerous to hold valid tickets in
-a batch queue, since they will be on-line longer and more prone to theft.
-Postdated tickets provide a way to obtain these tickets from the KDC at job
-submission time, but to leave them "dormant" until they are activated and
-validated by a further request of the KDC. If a ticket theft were reported
-in the interim, the KDC would refuse to validate the ticket, and the thief
-would be foiled.
-
-The MAY-POSTDATE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. This flag
-must be set in a ticket-granting ticket in order to issue a postdated ticket
-based on the presented ticket. It is reset by default; it may be requested
-by a client by setting the ALLOW-POSTDATE option in the KRB_AS_REQ message.
-This flag does not allow a client to obtain a postdated ticket-granting
-ticket; postdated ticket-granting tickets can only by obtained by requesting
-the postdating in the KRB_AS_REQ message. The life (endtime-starttime) of a
-postdated ticket will be the remaining life of the ticket-granting ticket at
-the time of the request, unless the RENEWABLE option is also set, in which
-case it can be the full life (endtime-starttime) of the ticket-granting
-ticket. The KDC may limit how far in the future a ticket may be postdated.
-
-The POSTDATED flag indicates that a ticket has been postdated. The
-application server can check the authtime field in the ticket to see when
-the original authentication occurred. Some services may choose to reject
-postdated tickets, or they may only accept them within a certain period
-after the original authentication. When the KDC issues a POSTDATED ticket,
-it will also be marked as INVALID, so that the application client must
-present the ticket to the KDC to be validated before use.
-
-2.5. Proxiable and proxy tickets
-
-At times it may be necessary for a principal to allow a service to perform
-an operation on its behalf. The service must be able to take on the identity
-of the client, but only for a particular purpose. A principal can allow a
-service to take on the principal's identity for a particular purpose by
-granting it a proxy.
-
-The process of granting a proxy using the proxy and proxiable flags is used
-to provide credentials for use with specific services. Though conceptually
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-also a proxy, user's wishing to delegate their identity for ANY purpose must
-use the ticket forwarding mechanism described in the next section to forward
-a ticket granting ticket.
-
-The PROXIABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. When set,
-this flag tells the ticket-granting server that it is OK to issue a new
-ticket (but not a ticket-granting ticket) with a different network address
-based on this ticket. This flag is set if requested by the client on initial
-authentication. By default, the client will request that it be set when
-requesting a ticket granting ticket, and reset when requesting any other
-ticket.
-
-This flag allows a client to pass a proxy to a server to perform a remote
-request on its behalf, e.g. a print service client can give the print server
-a proxy to access the client's files on a particular file server in order to
-satisfy a print request.
-
-In order to complicate the use of stolen credentials, Kerberos tickets are
-usually valid from only those network addresses specifically included in the
-ticket[4]. When granting a proxy, the client must specify the new network
-address from which the proxy is to be used, or indicate that the proxy is to
-be issued for use from any address.
-
-The PROXY flag is set in a ticket by the TGS when it issues a proxy ticket.
-Application servers may check this flag and at their option they may require
-additional authentication from the agent presenting the proxy in order to
-provide an audit trail.
-
-2.6. Forwardable tickets
-
-Authentication forwarding is an instance of a proxy where the service is
-granted complete use of the client's identity. An example where it might be
-used is when a user logs in to a remote system and wants authentication to
-work from that system as if the login were local.
-
-The FORWARDABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. The
-FORWARDABLE flag has an interpretation similar to that of the PROXIABLE
-flag, except ticket-granting tickets may also be issued with different
-network addresses. This flag is reset by default, but users may request that
-it be set by setting the FORWARDABLE option in the AS request when they
-request their initial ticket- granting ticket.
-
-This flag allows for authentication forwarding without requiring the user to
-enter a password again. If the flag is not set, then authentication
-forwarding is not permitted, but the same result can still be achieved if
-the user engages in the AS exchange specifying the requested network
-addresses and supplies a password.
-
-The FORWARDED flag is set by the TGS when a client presents a ticket with
-the FORWARDABLE flag set and requests a forwarded ticket by specifying the
-FORWARDED KDC option and supplying a set of addresses for the new ticket. It
-is also set in all tickets issued based on tickets with the FORWARDED flag
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-set. Application servers may choose to process FORWARDED tickets differently
-than non-FORWARDED tickets.
-
-2.7. Other KDC options
-
-There are two additional options which may be set in a client's request of
-the KDC. The RENEWABLE-OK option indicates that the client will accept a
-renewable ticket if a ticket with the requested life cannot otherwise be
-provided. If a ticket with the requested life cannot be provided, then the
-KDC may issue a renewable ticket with a renew-till equal to the the
-requested endtime. The value of the renew-till field may still be adjusted
-by site-determined limits or limits imposed by the individual principal or
-server.
-
-The ENC-TKT-IN-SKEY option is honored only by the ticket-granting service.
-It indicates that the ticket to be issued for the end server is to be
-encrypted in the session key from the a additional second ticket-granting
-ticket provided with the request. See section 3.3.3 for specific details.
-
-3. Message Exchanges
-
-The following sections describe the interactions between network clients and
-servers and the messages involved in those exchanges.
-
-3.1. The Authentication Service Exchange
-
-                          Summary
-      Message direction       Message type    Section
-      1. Client to Kerberos   KRB_AS_REQ      5.4.1
-      2. Kerberos to client   KRB_AS_REP or   5.4.2
-                              KRB_ERROR       5.9.1
-
-The Authentication Service (AS) Exchange between the client and the Kerberos
-Authentication Server is initiated by a client when it wishes to obtain
-authentication credentials for a given server but currently holds no
-credentials. In its basic form, the client's secret key is used for
-encryption and decryption. This exchange is typically used at the initiation
-of a login session to obtain credentials for a Ticket-Granting Server which
-will subsequently be used to obtain credentials for other servers (see
-section 3.3) without requiring further use of the client's secret key. This
-exchange is also used to request credentials for services which must not be
-mediated through the Ticket-Granting Service, but rather require a
-principal's secret key, such as the password-changing service[5]. This
-exchange does not by itself provide any assurance of the the identity of the
-user[6].
-
-The exchange consists of two messages: KRB_AS_REQ from the client to
-Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these
-messages are described in sections 5.4.1, 5.4.2, and 5.9.1.
-
-In the request, the client sends (in cleartext) its own identity and the
-identity of the server for which it is requesting credentials. The response,
-KRB_AS_REP, contains a ticket for the client to present to the server, and a
-session key that will be shared by the client and the server. The session
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-key and additional information are encrypted in the client's secret key. The
-KRB_AS_REP message contains information which can be used to detect replays,
-and to associate it with the message to which it replies. Various errors can
-occur; these are indicated by an error response (KRB_ERROR) instead of the
-KRB_AS_REP response. The error message is not encrypted. The KRB_ERROR
-message contains information which can be used to associate it with the
-message to which it replies. The lack of encryption in the KRB_ERROR message
-precludes the ability to detect replays, fabrications, or modifications of
-such messages.
-
-Without preautentication, the authentication server does not know whether
-the client is actually the principal named in the request. It simply sends a
-reply without knowing or caring whether they are the same. This is
-acceptable because nobody but the principal whose identity was given in the
-request will be able to use the reply. Its critical information is encrypted
-in that principal's key. The initial request supports an optional field that
-can be used to pass additional information that might be needed for the
-initial exchange. This field may be used for preauthentication as described
-in section [hl<>].
-
-3.1.1. Generation of KRB_AS_REQ message
-
-The client may specify a number of options in the initial request. Among
-these options are whether pre-authentication is to be performed; whether the
-requested ticket is to be renewable, proxiable, or forwardable; whether it
-should be postdated or allow postdating of derivative tickets; and whether a
-renewable ticket will be accepted in lieu of a non-renewable ticket if the
-requested ticket expiration date cannot be satisfied by a non-renewable
-ticket (due to configuration constraints; see section 4). See section A.1
-for pseudocode.
-
-The client prepares the KRB_AS_REQ message and sends it to the KDC.
-
-3.1.2. Receipt of KRB_AS_REQ message
-
-If all goes well, processing the KRB_AS_REQ message will result in the
-creation of a ticket for the client to present to the server. The format for
-the ticket is described in section 5.3.1. The contents of the ticket are
-determined as follows.
-
-3.1.3. Generation of KRB_AS_REP message
-
-The authentication server looks up the client and server principals named in
-the KRB_AS_REQ in its database, extracting their respective keys. If
-required, the server pre-authenticates the request, and if the
-pre-authentication check fails, an error message with the code
-KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate the
-requested encryption type, an error message with code KDC_ERR_ETYPE_NOSUPP
-is returned. Otherwise it generates a 'random' session key[7].
-
-If there are multiple encryption keys registered for a client in the
-Kerberos database (or if the key registered supports multiple encryption
-types; e.g. DES-CBC-CRC and DES-CBC-MD5), then the etype field from the AS
-request is used by the KDC to select the encryption method to be used for
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-encrypting the response to the client. If there is more than one supported,
-strong encryption type in the etype list, the first valid etype for which an
-encryption key is available is used. The encryption method used to respond
-to a TGS request is taken from the keytype of the session key found in the
-ticket granting ticket.
-
-When the etype field is present in a KDC request, whether an AS or TGS
-request, the KDC will attempt to assign the type of the random session key
-from the list of methods in the etype field. The KDC will select the
-appropriate type using the list of methods provided together with
-information from the Kerberos database indicating acceptable encryption
-methods for the application server. The KDC will not issue tickets with a
-weak session key encryption type.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified then the error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise
-the requested start time is checked against the policy of the local realm
-(the administrator might decide to prohibit certain types or ranges of
-postdated tickets), and if acceptable, the ticket's start time is set as
-requested and the INVALID flag is set in the new ticket. The postdated
-ticket must be validated before use by presenting it to the KDC after the
-start time has been reached.
-
-The expiration time of the ticket will be set to the minimum of the
-following:
-
-   * The expiration time (endtime) requested in the KRB_AS_REQ message.
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the client principal (the authentication server's database
-     includes a maximum ticket lifetime field in each principal's record;
-     see section 4).
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the server principal.
-   * The ticket's start time plus the maximum lifetime set by the policy of
-     the local realm.
-
-If the requested expiration time minus the start time (as determined above)
-is less than a site-determined minimum lifetime, an error message with code
-KDC_ERR_NEVER_VALID is returned. If the requested expiration time for the
-ticket exceeds what was determined as above, and if the 'RENEWABLE-OK'
-option was requested, then the 'RENEWABLE' flag is set in the new ticket,
-and the renew-till value is set as if the 'RENEWABLE' option were requested
-(the field and option names are described fully in section 5.4.1).
-
-If the RENEWABLE option has been requested or if the RENEWABLE-OK option has
-been set and a renewable ticket is to be issued, then the renew-till field
-is set to the minimum of:
-
-   * Its requested value.
-   * The start time of the ticket plus the minimum of the two maximum
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     renewable lifetimes associated with the principals' database entries.
-   * The start time of the ticket plus the maximum renewable lifetime set by
-     the policy of the local realm.
-
-The flags field of the new ticket will have the following options set if
-they have been requested and if the policy of the local realm allows:
-FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE. If the new
-ticket is post-dated (the start time is in the future), its INVALID flag
-will also be set.
-
-If all of the above succeed, the server formats a KRB_AS_REP message (see
-section 5.4.2), copying the addresses in the request into the caddr of the
-response, placing any required pre-authentication data into the padata of
-the response, and encrypts the ciphertext part in the client's key using the
-requested encryption method, and sends it to the client. See section A.2 for
-pseudocode.
-
-3.1.4. Generation of KRB_ERROR message
-
-Several errors can occur, and the Authentication Server responds by
-returning an error message, KRB_ERROR, to the client, with the error-code
-and e-text fields set to appropriate values. The error message contents and
-details are described in Section 5.9.1.
-
-3.1.5. Receipt of KRB_AS_REP message
-
-If the reply message type is KRB_AS_REP, then the client verifies that the
-cname and crealm fields in the cleartext portion of the reply match what it
-requested. If any padata fields are present, they may be used to derive the
-proper secret key to decrypt the message. The client decrypts the encrypted
-part of the response using its secret key, verifies that the nonce in the
-encrypted part matches the nonce it supplied in its request (to detect
-replays). It also verifies that the sname and srealm in the response match
-those in the request (or are otherwise expected values), and that the host
-address field is also correct. It then stores the ticket, session key, start
-and expiration times, and other information for later use. The
-key-expiration field from the encrypted part of the response may be checked
-to notify the user of impending key expiration (the client program could
-then suggest remedial action, such as a password change). See section A.3
-for pseudocode.
-
-Proper decryption of the KRB_AS_REP message is not sufficient to verify the
-identity of the user; the user and an attacker could cooperate to generate a
-KRB_AS_REP format message which decrypts properly but is not from the proper
-KDC. If the host wishes to verify the identity of the user, it must require
-the user to present application credentials which can be verified using a
-securely-stored secret key for the host. If those credentials can be
-verified, then the identity of the user can be assured.
-
-3.1.6. Receipt of KRB_ERROR message
-
-If the reply message type is KRB_ERROR, then the client interprets it as an
-error and performs whatever application-specific tasks are necessary to
-recover.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-3.2. The Client/Server Authentication Exchange
-
-                             Summary
-Message direction                         Message type    Section
-Client to Application server              KRB_AP_REQ      5.5.1
-[optional] Application server to client   KRB_AP_REP or   5.5.2
-                                          KRB_ERROR       5.9.1
-
-The client/server authentication (CS) exchange is used by network
-applications to authenticate the client to the server and vice versa. The
-client must have already acquired credentials for the server using the AS or
-TGS exchange.
-
-3.2.1. The KRB_AP_REQ message
-
-The KRB_AP_REQ contains authentication information which should be part of
-the first message in an authenticated transaction. It contains a ticket, an
-authenticator, and some additional bookkeeping information (see section
-5.5.1 for the exact format). The ticket by itself is insufficient to
-authenticate a client, since tickets are passed across the network in
-cleartext[DS90], so the authenticator is used to prevent invalid replay of
-tickets by proving to the server that the client knows the session key of
-the ticket and thus is entitled to use the ticket. The KRB_AP_REQ message is
-referred to elsewhere as the 'authentication header.'
-
-3.2.2. Generation of a KRB_AP_REQ message
-
-When a client wishes to initiate authentication to a server, it obtains
-(either through a credentials cache, the AS exchange, or the TGS exchange) a
-ticket and session key for the desired service. The client may re-use any
-tickets it holds until they expire. To use a ticket the client constructs a
-new Authenticator from the the system time, its name, and optionally an
-application specific checksum, an initial sequence number to be used in
-KRB_SAFE or KRB_PRIV messages, and/or a session subkey to be used in
-negotiations for a session key unique to this particular session.
-Authenticators may not be re-used and will be rejected if replayed to a
-server[LGDSR87]. If a sequence number is to be included, it should be
-randomly chosen so that even after many messages have been exchanged it is
-not likely to collide with other sequence numbers in use.
-
-The client may indicate a requirement of mutual authentication or the use of
-a session-key based ticket by setting the appropriate flag(s) in the
-ap-options field of the message.
-
-The Authenticator is encrypted in the session key and combined with the
-ticket to form the KRB_AP_REQ message which is then sent to the end server
-along with any additional application-specific information. See section A.9
-for pseudocode.
-
-3.2.3. Receipt of KRB_AP_REQ message
-
-Authentication is based on the server's current time of day (clocks must be
-loosely synchronized), the authenticator, and the ticket. Several errors are
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-possible. If an error occurs, the server is expected to reply to the client
-with a KRB_ERROR message. This message may be encapsulated in the
-application protocol if its 'raw' form is not acceptable to the protocol.
-The format of error messages is described in section 5.9.1.
-
-The algorithm for verifying authentication information is as follows. If the
-message type is not KRB_AP_REQ, the server returns the KRB_AP_ERR_MSG_TYPE
-error. If the key version indicated by the Ticket in the KRB_AP_REQ is not
-one the server can use (e.g., it indicates an old key, and the server no
-longer possesses a copy of the old key), the KRB_AP_ERR_BADKEYVER error is
-returned. If the USE-SESSION-KEY flag is set in the ap-options field, it
-indicates to the server that the ticket is encrypted in the session key from
-the server's ticket-granting ticket rather than its secret key[10]. Since it
-is possible for the server to be registered in multiple realms, with
-different keys in each, the srealm field in the unencrypted portion of the
-ticket in the KRB_AP_REQ is used to specify which secret key the server
-should use to decrypt that ticket. The KRB_AP_ERR_NOKEY error code is
-returned if the server doesn't have the proper key to decipher the ticket.
-
-The ticket is decrypted using the version of the server's key specified by
-the ticket. If the decryption routines detect a modification of the ticket
-(each encryption system must provide safeguards to detect modified
-ciphertext; see section 6), the KRB_AP_ERR_BAD_INTEGRITY error is returned
-(chances are good that different keys were used to encrypt and decrypt).
-
-The authenticator is decrypted using the session key extracted from the
-decrypted ticket. If decryption shows it to have been modified, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned. The name and realm of the client
-from the ticket are compared against the same fields in the authenticator.
-If they don't match, the KRB_AP_ERR_BADMATCH error is returned (they might
-not match, for example, if the wrong session key was used to encrypt the
-authenticator). The addresses in the ticket (if any) are then searched for
-an address matching the operating-system reported address of the client. If
-no match is found or the server insists on ticket addresses but none are
-present in the ticket, the KRB_AP_ERR_BADADDR error is returned.
-
-If the local (server) time and the client time in the authenticator differ
-by more than the allowable clock skew (e.g., 5 minutes), the KRB_AP_ERR_SKEW
-error is returned. If the server name, along with the client name, time and
-microsecond fields from the Authenticator match any recently-seen such
-tuples, the KRB_AP_ERR_REPEAT error is returned[11]. The server must
-remember any authenticator presented within the allowable clock skew, so
-that a replay attempt is guaranteed to fail. If a server loses track of any
-authenticator presented within the allowable clock skew, it must reject all
-requests until the clock skew interval has passed. This assures that any
-lost or re-played authenticators will fall outside the allowable clock skew
-and can no longer be successfully replayed (If this is not done, an attacker
-could conceivably record the ticket and authenticator sent over the network
-to a server, then disable the client's host, pose as the disabled host, and
-replay the ticket and authenticator to subvert the authentication.). If a
-sequence number is provided in the authenticator, the server saves it for
-later use in processing KRB_SAFE and/or KRB_PRIV messages. If a subkey is
-present, the server either saves it for later use or uses it to help
-generate its own choice for a subkey to be returned in a KRB_AP_REP message.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-The server computes the age of the ticket: local (server) time minus the
-start time inside the Ticket. If the start time is later than the current
-time by more than the allowable clock skew or if the INVALID flag is set in
-the ticket, the KRB_AP_ERR_TKT_NYV error is returned. Otherwise, if the
-current time is later than end time by more than the allowable clock skew,
-the KRB_AP_ERR_TKT_EXPIRED error is returned.
-
-If all these checks succeed without an error, the server is assured that the
-client possesses the credentials of the principal named in the ticket and
-thus, the client has been authenticated to the server. See section A.10 for
-pseudocode.
-
-Passing these checks provides only authentication of the named principal; it
-does not imply authorization to use the named service. Applications must
-make a separate authorization decisions based upon the authenticated name of
-the user, the requested operation, local acces control information such as
-that contained in a .k5login or .k5users file, and possibly a separate
-distributed authorization service.
-
-3.2.4. Generation of a KRB_AP_REP message
-
-Typically, a client's request will include both the authentication
-information and its initial request in the same message, and the server need
-not explicitly reply to the KRB_AP_REQ. However, if mutual authentication
-(not only authenticating the client to the server, but also the server to
-the client) is being performed, the KRB_AP_REQ message will have
-MUTUAL-REQUIRED set in its ap-options field, and a KRB_AP_REP message is
-required in response. As with the error message, this message may be
-encapsulated in the application protocol if its "raw" form is not acceptable
-to the application's protocol. The timestamp and microsecond field used in
-the reply must be the client's timestamp and microsecond field (as provided
-in the authenticator)[12]. If a sequence number is to be included, it should
-be randomly chosen as described above for the authenticator. A subkey may be
-included if the server desires to negotiate a different subkey. The
-KRB_AP_REP message is encrypted in the session key extracted from the
-ticket. See section A.11 for pseudocode.
-
-3.2.5. Receipt of KRB_AP_REP message
-
-If a KRB_AP_REP message is returned, the client uses the session key from
-the credentials obtained for the server[13] to decrypt the message, and
-verifies that the timestamp and microsecond fields match those in the
-Authenticator it sent to the server. If they match, then the client is
-assured that the server is genuine. The sequence number and subkey (if
-present) are retained for later use. See section A.12 for pseudocode.
-
-3.2.6. Using the encryption key
-
-After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and server
-share an encryption key which can be used by the application. The 'true
-session key' to be used for KRB_PRIV, KRB_SAFE, or other
-application-specific uses may be chosen by the application based on the
-subkeys in the KRB_AP_REP message and the authenticator[14]. In some cases,
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-the use of this session key will be implicit in the protocol; in others the
-method of use must be chosen from several alternatives. We leave the
-protocol negotiations of how to use the key (e.g. selecting an encryption or
-checksum type) to the application programmer; the Kerberos protocol does not
-constrain the implementation options, but an example of how this might be
-done follows.
-
-One way that an application may choose to negotiate a key to be used for
-subequent integrity and privacy protection is for the client to propose a
-key in the subkey field of the authenticator. The server can then choose a
-key using the proposed key from the client as input, returning the new
-subkey in the subkey field of the application reply. This key could then be
-used for subsequent communication. To make this example more concrete, if
-the encryption method in use required a 56 bit key, and for whatever reason,
-one of the parties was prevented from using a key with more than 40 unknown
-bits, this method would allow the the party which is prevented from using
-more than 40 bits to either propose (if the client) an initial key with a
-known quantity for 16 of those bits, or to mask 16 of the bits (if the
-server) with the known quantity. The application implementor is warned,
-however, that this is only an example, and that an analysis of the
-particular crytosystem to be used, and the reasons for limiting the key
-length, must be made before deciding whether it is acceptable to mask bits
-of the key.
-
-With both the one-way and mutual authentication exchanges, the peers should
-take care not to send sensitive information to each other without proper
-assurances. In particular, applications that require privacy or integrity
-should use the KRB_AP_REP response from the server to client to assure both
-client and server of their peer's identity. If an application protocol
-requires privacy of its messages, it can use the KRB_PRIV message (section
-3.5). The KRB_SAFE message (section 3.4) can be used to assure integrity.
-
-3.3. The Ticket-Granting Service (TGS) Exchange
-
-                          Summary
-      Message direction       Message type     Section
-      1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-      2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                              KRB_ERROR        5.9.1
-
-The TGS exchange between a client and the Kerberos Ticket-Granting Server is
-initiated by a client when it wishes to obtain authentication credentials
-for a given server (which might be registered in a remote realm), when it
-wishes to renew or validate an existing ticket, or when it wishes to obtain
-a proxy ticket. In the first case, the client must already have acquired a
-ticket for the Ticket-Granting Service using the AS exchange (the
-ticket-granting ticket is usually obtained when a client initially
-authenticates to the system, such as when a user logs in). The message
-format for the TGS exchange is almost identical to that for the AS exchange.
-The primary difference is that encryption and decryption in the TGS exchange
-does not take place under the client's key. Instead, the session key from
-the ticket-granting ticket or renewable ticket, or sub-session key from an
-Authenticator is used. As is the case for all application servers, expired
-tickets are not accepted by the TGS, so once a renewable or ticket-granting
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-ticket expires, the client must use a separate exchange to obtain valid
-tickets.
-
-The TGS exchange consists of two messages: A request (KRB_TGS_REQ) from the
-client to the Kerberos Ticket-Granting Server, and a reply (KRB_TGS_REP or
-KRB_ERROR). The KRB_TGS_REQ message includes information authenticating the
-client plus a request for credentials. The authentication information
-consists of the authentication header (KRB_AP_REQ) which includes the
-client's previously obtained ticket-granting, renewable, or invalid ticket.
-In the ticket-granting ticket and proxy cases, the request may include one
-or more of: a list of network addresses, a collection of typed authorization
-data to be sealed in the ticket for authorization use by the application
-server, or additional tickets (the use of which are described later). The
-TGS reply (KRB_TGS_REP) contains the requested credentials, encrypted in the
-session key from the ticket-granting ticket or renewable ticket, or if
-present, in the sub-session key from the Authenticator (part of the
-authentication header). The KRB_ERROR message contains an error code and
-text explaining what went wrong. The KRB_ERROR message is not encrypted. The
-KRB_TGS_REP message contains information which can be used to detect
-replays, and to associate it with the message to which it replies. The
-KRB_ERROR message also contains information which can be used to associate
-it with the message to which it replies, but the lack of encryption in the
-KRB_ERROR message precludes the ability to detect replays or fabrications of
-such messages.
-
-3.3.1. Generation of KRB_TGS_REQ message
-
-Before sending a request to the ticket-granting service, the client must
-determine in which realm the application server is registered[15]. If the
-client does not already possess a ticket-granting ticket for the appropriate
-realm, then one must be obtained. This is first attempted by requesting a
-ticket-granting ticket for the destination realm from a Kerberos server for
-which the client does posess a ticket-granting ticket (using the KRB_TGS_REQ
-message recursively). The Kerberos server may return a TGT for the desired
-realm in which case one can proceed. Alternatively, the Kerberos server may
-return a TGT for a realm which is 'closer' to the desired realm (further
-along the standard hierarchical path), in which case this step must be
-repeated with a Kerberos server in the realm specified in the returned TGT.
-If neither are returned, then the request must be retried with a Kerberos
-server for a realm higher in the hierarchy. This request will itself require
-a ticket-granting ticket for the higher realm which must be obtained by
-recursively applying these directions.
-
-Once the client obtains a ticket-granting ticket for the appropriate realm,
-it determines which Kerberos servers serve that realm, and contacts one. The
-list might be obtained through a configuration file or network service or it
-may be generated from the name of the realm; as long as the secret keys
-exchanged by realms are kept secret, only denial of service results from
-using a false Kerberos server.
-
-As in the AS exchange, the client may specify a number of options in the
-KRB_TGS_REQ message. The client prepares the KRB_TGS_REQ message, providing
-an authentication header as an element of the padata field, and including
-the same fields as used in the KRB_AS_REQ message along with several
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-optional fields: the enc-authorization-data field for application server use
-and additional tickets required by some options.
-
-In preparing the authentication header, the client can select a sub-session
-key under which the response from the Kerberos server will be encrypted[16].
-If the sub-session key is not specified, the session key from the
-ticket-granting ticket will be used. If the enc-authorization-data is
-present, it must be encrypted in the sub-session key, if present, from the
-authenticator portion of the authentication header, or if not present, using
-the session key from the ticket-granting ticket.
-
-Once prepared, the message is sent to a Kerberos server for the destination
-realm. See section A.5 for pseudocode.
-
-3.3.2. Receipt of KRB_TGS_REQ message
-
-The KRB_TGS_REQ message is processed in a manner similar to the KRB_AS_REQ
-message, but there are many additional checks to be performed. First, the
-Kerberos server must determine which server the accompanying ticket is for
-and it must select the appropriate key to decrypt it. For a normal
-KRB_TGS_REQ message, it will be for the ticket granting service, and the
-TGS's key will be used. If the TGT was issued by another realm, then the
-appropriate inter-realm key must be used. If the accompanying ticket is not
-a ticket granting ticket for the current realm, but is for an application
-server in the current realm, the RENEW, VALIDATE, or PROXY options are
-specified in the request, and the server for which a ticket is requested is
-the server named in the accompanying ticket, then the KDC will decrypt the
-ticket in the authentication header using the key of the server for which it
-was issued. If no ticket can be found in the padata field, the
-KDC_ERR_PADATA_TYPE_NOSUPP error is returned.
-
-Once the accompanying ticket has been decrypted, the user-supplied checksum
-in the Authenticator must be verified against the contents of the request,
-and the message rejected if the checksums do not match (with an error code
-of KRB_AP_ERR_MODIFIED) or if the checksum is not keyed or not
-collision-proof (with an error code of KRB_AP_ERR_INAPP_CKSUM). If the
-checksum type is not supported, the KDC_ERR_SUMTYPE_NOSUPP error is
-returned. If the authorization-data are present, they are decrypted using
-the sub-session key from the Authenticator.
-
-If any of the decryptions indicate failed integrity checks, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned.
-
-3.3.3. Generation of KRB_TGS_REP message
-
-The KRB_TGS_REP message shares its format with the KRB_AS_REP (KRB_KDC_REP),
-but with its type field set to KRB_TGS_REP. The detailed specification is in
-section 5.4.2.
-
-The response will include a ticket for the requested server. The Kerberos
-database is queried to retrieve the record for the requested server
-(including the key with which the ticket will be encrypted). If the request
-is for a ticket granting ticket for a remote realm, and if no key is shared
-with the requested realm, then the Kerberos server will select the realm
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-"closest" to the requested realm with which it does share a key, and use
-that realm instead. This is the only case where the response from the KDC
-will be for a different server than that requested by the client.
-
-By default, the address field, the client's name and realm, the list of
-transited realms, the time of initial authentication, the expiration time,
-and the authorization data of the newly-issued ticket will be copied from
-the ticket-granting ticket (TGT) or renewable ticket. If the transited field
-needs to be updated, but the transited type is not supported, the
-KDC_ERR_TRTYPE_NOSUPP error is returned.
-
-If the request specifies an endtime, then the endtime of the new ticket is
-set to the minimum of (a) that request, (b) the endtime from the TGT, and
-(c) the starttime of the TGT plus the minimum of the maximum life for the
-application server and the maximum life for the local realm (the maximum
-life for the requesting principal was already applied when the TGT was
-issued). If the new ticket is to be a renewal, then the endtime above is
-replaced by the minimum of (a) the value of the renew_till field of the
-ticket and (b) the starttime for the new ticket plus the life
-(endtime-starttime) of the old ticket.
-
-If the FORWARDED option has been requested, then the resulting ticket will
-contain the addresses specified by the client. This option will only be
-honored if the FORWARDABLE flag is set in the TGT. The PROXY option is
-similar; the resulting ticket will contain the addresses specified by the
-client. It will be honored only if the PROXIABLE flag in the TGT is set. The
-PROXY option will not be honored on requests for additional ticket-granting
-tickets.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified or the MAY-POSTDATE flag is not set in the TGT, then the
-error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise, if the ticket-granting
-ticket has the MAY-POSTDATE flag set, then the resulting ticket will be
-postdated and the requested starttime is checked against the policy of the
-local realm. If acceptable, the ticket's start time is set as requested, and
-the INVALID flag is set. The postdated ticket must be validated before use
-by presenting it to the KDC after the starttime has been reached. However,
-in no case may the starttime, endtime, or renew-till time of a newly-issued
-postdated ticket extend beyond the renew-till time of the ticket-granting
-ticket.
-
-If the ENC-TKT-IN-SKEY option has been specified and an additional ticket
-has been included in the request, the KDC will decrypt the additional ticket
-using the key for the server to which the additional ticket was issued and
-verify that it is a ticket-granting ticket. If the name of the requested
-server is missing from the request, the name of the client in the additional
-ticket will be used. Otherwise the name of the requested server will be
-compared to the name of the client in the additional ticket and if
-different, the request will be rejected. If the request succeeds, the
-session key from the additional ticket will be used to encrypt the new
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-ticket that is issued instead of using the key of the server for which the
-new ticket will be used[17].
-
-If the name of the server in the ticket that is presented to the KDC as part
-of the authentication header is not that of the ticket-granting server
-itself, the server is registered in the realm of the KDC, and the RENEW
-option is requested, then the KDC will verify that the RENEWABLE flag is set
-in the ticket, that the INVALID flag is not set in the ticket, and that the
-renew_till time is still in the future. If the VALIDATE option is rqeuested,
-the KDC will check that the starttime has passed and the INVALID flag is
-set. If the PROXY option is requested, then the KDC will check that the
-PROXIABLE flag is set in the ticket. If the tests succeed, and the ticket
-passes the hotlist check described in the next paragraph, the KDC will issue
-the appropriate new ticket.
-
-3.3.3.1. Checking for revoked tickets
-
-Whenever a request is made to the ticket-granting server, the presented
-ticket(s) is(are) checked against a hot-list of tickets which have been
-canceled. This hot-list might be implemented by storing a range of issue
-timestamps for 'suspect tickets'; if a presented ticket had an authtime in
-that range, it would be rejected. In this way, a stolen ticket-granting
-ticket or renewable ticket cannot be used to gain additional tickets
-(renewals or otherwise) once the theft has been reported. Any normal ticket
-obtained before it was reported stolen will still be valid (because they
-require no interaction with the KDC), but only until their normal expiration
-time.
-
-The ciphertext part of the response in the KRB_TGS_REP message is encrypted
-in the sub-session key from the Authenticator, if present, or the session
-key key from the ticket-granting ticket. It is not encrypted using the
-client's secret key. Furthermore, the client's key's expiration date and the
-key version number fields are left out since these values are stored along
-with the client's database record, and that record is not needed to satisfy
-a request based on a ticket-granting ticket. See section A.6 for pseudocode.
-
-3.3.3.2. Encoding the transited field
-
-If the identity of the server in the TGT that is presented to the KDC as
-part of the authentication header is that of the ticket-granting service,
-but the TGT was issued from another realm, the KDC will look up the
-inter-realm key shared with that realm and use that key to decrypt the
-ticket. If the ticket is valid, then the KDC will honor the request, subject
-to the constraints outlined above in the section describing the AS exchange.
-The realm part of the client's identity will be taken from the
-ticket-granting ticket. The name of the realm that issued the
-ticket-granting ticket will be added to the transited field of the ticket to
-be issued. This is accomplished by reading the transited field from the
-ticket-granting ticket (which is treated as an unordered set of realm
-names), adding the new realm to the set, then constructing and writing out
-its encoded (shorthand) form (this may involve a rearrangement of the
-existing encoding).
-
-Note that the ticket-granting service does not add the name of its own
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-realm. Instead, its responsibility is to add the name of the previous realm.
-This prevents a malicious Kerberos server from intentionally leaving out its
-own name (it could, however, omit other realms' names).
-
-The names of neither the local realm nor the principal's realm are to be
-included in the transited field. They appear elsewhere in the ticket and
-both are known to have taken part in authenticating the principal. Since the
-endpoints are not included, both local and single-hop inter-realm
-authentication result in a transited field that is empty.
-
-Because the name of each realm transited is added to this field, it might
-potentially be very long. To decrease the length of this field, its contents
-are encoded. The initially supported encoding is optimized for the normal
-case of inter-realm communication: a hierarchical arrangement of realms
-using either domain or X.500 style realm names. This encoding (called
-DOMAIN-X500-COMPRESS) is now described.
-
-Realm names in the transited field are separated by a ",". The ",", "\",
-trailing "."s, and leading spaces (" ") are special characters, and if they
-are part of a realm name, they must be quoted in the transited field by
-preced- ing them with a "\".
-
-A realm name ending with a "." is interpreted as being prepended to the
-previous realm. For example, we can encode traversal of EDU, MIT.EDU,
-ATHENA.MIT.EDU, WASHINGTON.EDU, and CS.WASHINGTON.EDU as:
-
-     "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were end-points, that they
-would not be included in this field, and we would have:
-
-     "EDU,MIT.,WASHINGTON.EDU"
-
-A realm name beginning with a "/" is interpreted as being appended to the
-previous realm[18]. If it is to stand by itself, then it should be preceded
-by a space (" "). For example, we can encode traversal of /COM/HP/APOLLO,
-/COM/HP, /COM, and /COM/DEC as:
-
-     "/COM,/HP,/APOLLO, /COM/DEC".
-
-Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints, they
-they would not be included in this field, and we would have:
-
-     "/COM,/HP"
-
-A null subfield preceding or following a "," indicates that all realms
-between the previous realm and the next realm have been traversed[19]. Thus,
-"," means that all realms along the path between the client and the server
-have been traversed. ",EDU, /COM," means that that all realms from the
-client's realm up to EDU (in a domain style hierarchy) have been traversed,
-and that everything from /COM down to the server's realm in an X.500 style
-has also been traversed. This could occur if the EDU realm in one hierarchy
-shares an inter-realm key directly with the /COM realm in another hierarchy.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-3.3.4. Receipt of KRB_TGS_REP message
-
-When the KRB_TGS_REP is received by the client, it is processed in the same
-manner as the KRB_AS_REP processing described above. The primary difference
-is that the ciphertext part of the response must be decrypted using the
-session key from the ticket-granting ticket rather than the client's secret
-key. See section A.7 for pseudocode.
-
-3.4. The KRB_SAFE Exchange
-
-The KRB_SAFE message may be used by clients requiring the ability to detect
-modifications of messages they exchange. It achieves this by including a
-keyed collision-proof checksum of the user data and some control
-information. The checksum is keyed with an encryption key (usually the last
-key negotiated via subkeys, or the session key if no negotiation has
-occured).
-
-3.4.1. Generation of a KRB_SAFE message
-
-When an application wishes to send a KRB_SAFE message, it collects its data
-and the appropriate control information and computes a checksum over them.
-The checksum algorithm should be a keyed one-way hash function (such as the
-RSA- MD5-DES checksum algorithm specified in section 6.4.5, or the DES MAC),
-generated using the sub-session key if present, or the session key.
-Different algorithms may be selected by changing the checksum type in the
-message. Unkeyed or non-collision-proof checksums are not suitable for this
-use.
-
-The control information for the KRB_SAFE message includes both a timestamp
-and a sequence number. The designer of an application using the KRB_SAFE
-message must choose at least one of the two mechanisms. This choice should
-be based on the needs of the application protocol.
-
-Sequence numbers are useful when all messages sent will be received by one's
-peer. Connection state is presently required to maintain the session key, so
-maintaining the next sequence number should not present an additional
-problem.
-
-If the application protocol is expected to tolerate lost messages without
-them being resent, the use of the timestamp is the appropriate replay
-detection mechanism. Using timestamps is also the appropriate mechanism for
-multi-cast protocols where all of one's peers share a common sub-session
-key, but some messages will be sent to a subset of one's peers.
-
-After computing the checksum, the client then transmits the information and
-checksum to the recipient in the message format specified in section 5.6.1.
-
-3.4.2. Receipt of KRB_SAFE message
-
-When an application receives a KRB_SAFE message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and type
-fields match the current version and KRB_SAFE, respectively. A mismatch
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The
-application verifies that the checksum used is a collision-proof keyed
-checksum, and if it is not, a KRB_AP_ERR_INAPP_CKSUM error is generated. The
-recipient verifies that the operating system's report of the sender's
-address matches the sender's address in the message, and (if a recipient
-address is specified or the recipient requires an address) that one of the
-recipient's addresses appears as the recipient's address in the message. A
-failed match for either case generates a KRB_AP_ERR_BADADDR error. Then the
-timestamp and usec and/or the sequence number fields are checked. If
-timestamp and usec are expected and not present, or they are present but not
-current, the KRB_AP_ERR_SKEW error is generated. If the server name, along
-with the client name, time and microsecond fields from the Authenticator
-match any recently-seen (sent or received[20] ) such tuples, the
-KRB_AP_ERR_REPEAT error is generated. If an incorrect sequence number is
-included, or a sequence number is expected but not present, the
-KRB_AP_ERR_BADORDER error is generated. If neither a time-stamp and usec or
-a sequence number is present, a KRB_AP_ERR_MODIFIED error is generated.
-Finally, the checksum is computed over the data and control information, and
-if it doesn't match the received checksum, a KRB_AP_ERR_MODIFIED error is
-generated.
-
-If all the checks succeed, the application is assured that the message was
-generated by its peer and was not modi- fied in transit.
-
-3.5. The KRB_PRIV Exchange
-
-The KRB_PRIV message may be used by clients requiring confidentiality and
-the ability to detect modifications of exchanged messages. It achieves this
-by encrypting the messages and adding control information.
-
-3.5.1. Generation of a KRB_PRIV message
-
-When an application wishes to send a KRB_PRIV message, it collects its data
-and the appropriate control information (specified in section 5.7.1) and
-encrypts them under an encryption key (usually the last key negotiated via
-subkeys, or the session key if no negotiation has occured). As part of the
-control information, the client must choose to use either a timestamp or a
-sequence number (or both); see the discussion in section 3.4.1 for
-guidelines on which to use. After the user data and control information are
-encrypted, the client transmits the ciphertext and some 'envelope'
-information to the recipient.
-
-3.5.2. Receipt of KRB_PRIV message
-
-When an application receives a KRB_PRIV message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and type
-fields match the current version and KRB_PRIV, respectively. A mismatch
-generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The
-application then decrypts the ciphertext and processes the resultant
-plaintext. If decryption shows the data to have been modified, a
-KRB_AP_ERR_BAD_INTEGRITY error is generated. The recipient verifies that the
-operating system's report of the sender's address matches the sender's
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-address in the message, and (if a recipient address is specified or the
-recipient requires an address) that one of the recipient's addresses appears
-as the recipient's address in the message. A failed match for either case
-generates a KRB_AP_ERR_BADADDR error. Then the timestamp and usec and/or the
-sequence number fields are checked. If timestamp and usec are expected and
-not present, or they are present but not current, the KRB_AP_ERR_SKEW error
-is generated. If the server name, along with the client name, time and
-microsecond fields from the Authenticator match any recently-seen such
-tuples, the KRB_AP_ERR_REPEAT error is generated. If an incorrect sequence
-number is included, or a sequence number is expected but not present, the
-KRB_AP_ERR_BADORDER error is generated. If neither a time-stamp and usec or
-a sequence number is present, a KRB_AP_ERR_MODIFIED error is generated.
-
-If all the checks succeed, the application can assume the message was
-generated by its peer, and was securely transmitted (without intruders able
-to see the unencrypted contents).
-
-3.6. The KRB_CRED Exchange
-
-The KRB_CRED message may be used by clients requiring the ability to send
-Kerberos credentials from one host to another. It achieves this by sending
-the tickets together with encrypted data containing the session keys and
-other information associated with the tickets.
-
-3.6.1. Generation of a KRB_CRED message
-
-When an application wishes to send a KRB_CRED message it first (using the
-KRB_TGS exchange) obtains credentials to be sent to the remote host. It then
-constructs a KRB_CRED message using the ticket or tickets so obtained,
-placing the session key needed to use each ticket in the key field of the
-corresponding KrbCredInfo sequence of the encrypted part of the the KRB_CRED
-message.
-
-Other information associated with each ticket and obtained during the
-KRB_TGS exchange is also placed in the corresponding KrbCredInfo sequence in
-the encrypted part of the KRB_CRED message. The current time and, if
-specifically required by the application the nonce, s-address, and r-address
-fields, are placed in the encrypted part of the KRB_CRED message which is
-then encrypted under an encryption key previosuly exchanged in the KRB_AP
-exchange (usually the last key negotiated via subkeys, or the session key if
-no negotiation has occured).
-
-3.6.2. Receipt of KRB_CRED message
-
-When an application receives a KRB_CRED message, it verifies it. If any
-error occurs, an error code is reported for use by the application. The
-message is verified by checking that the protocol version and type fields
-match the current version and KRB_CRED, respectively. A mismatch generates a
-KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The application then
-decrypts the ciphertext and processes the resultant plaintext. If decryption
-shows the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY error is
-generated.
-
-If present or required, the recipient verifies that the operating system's
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-report of the sender's address matches the sender's address in the message,
-and that one of the recipient's addresses appears as the recipient's address
-in the message. A failed match for either case generates a
-KRB_AP_ERR_BADADDR error. The timestamp and usec fields (and the nonce field
-if required) are checked next. If the timestamp and usec are not present, or
-they are present but not current, the KRB_AP_ERR_SKEW error is generated.
-
-If all the checks succeed, the application stores each of the new tickets in
-its ticket cache together with the session key and other information in the
-corresponding KrbCredInfo sequence from the encrypted part of the KRB_CRED
-message.
-
-4. The Kerberos Database
-
-The Kerberos server must have access to a database contain- ing the
-principal identifiers and secret keys of principals to be authenticated[21].
-
-4.1. Database contents
-
-A database entry should contain at least the following fields:
-
-Field                Value
-
-name                 Principal's identifier
-key                  Principal's secret key
-p_kvno               Principal's key version
-max_life             Maximum lifetime for Tickets
-max_renewable_life   Maximum total lifetime for renewable Tickets
-
-The name field is an encoding of the principal's identifier. The key field
-contains an encryption key. This key is the principal's secret key. (The key
-can be encrypted before storage under a Kerberos "master key" to protect it
-in case the database is compromised but the master key is not. In that case,
-an extra field must be added to indicate the master key version used, see
-below.) The p_kvno field is the key version number of the principal's secret
-key. The max_life field contains the maximum allowable lifetime (endtime -
-starttime) for any Ticket issued for this principal. The max_renewable_life
-field contains the maximum allowable total lifetime for any renewable Ticket
-issued for this principal. (See section 3.1 for a description of how these
-lifetimes are used in determining the lifetime of a given Ticket.)
-
-A server may provide KDC service to several realms, as long as the database
-representation provides a mechanism to distinguish between principal records
-with identifiers which differ only in the realm name.
-
-When an application server's key changes, if the change is routine (i.e. not
-the result of disclosure of the old key), the old key should be retained by
-the server until all tickets that had been issued using that key have
-expired. Because of this, it is possible for several keys to be active for a
-single principal. Ciphertext encrypted in a principal's key is always tagged
-with the version of the key that was used for encryption, to help the
-recipient find the proper key for decryption.
-
-When more than one key is active for a particular principal, the principal
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-will have more than one record in the Kerberos database. The keys and key
-version numbers will differ between the records (the rest of the fields may
-or may not be the same). Whenever Kerberos issues a ticket, or responds to a
-request for initial authentication, the most recent key (known by the
-Kerberos server) will be used for encryption. This is the key with the
-highest key version number.
-
-4.2. Additional fields
-
-Project Athena's KDC implementation uses additional fields in its database:
-
-Field        Value
-
-K_kvno       Kerberos' key version
-expiration   Expiration date for entry
-attributes   Bit field of attributes
-mod_date     Timestamp of last modification
-mod_name     Modifying principal's identifier
-
-The K_kvno field indicates the key version of the Kerberos master key under
-which the principal's secret key is encrypted.
-
-After an entry's expiration date has passed, the KDC will return an error to
-any client attempting to gain tickets as or for the principal. (A database
-may want to maintain two expiration dates: one for the principal, and one
-for the principal's current key. This allows password aging to work
-independently of the principal's expiration date. However, due to the
-limited space in the responses, the KDC must combine the key expiration and
-principal expiration date into a single value called 'key_exp', which is
-used as a hint to the user to take administrative action.)
-
-The attributes field is a bitfield used to govern the operations involving
-the principal. This field might be useful in conjunction with user
-registration procedures, for site-specific policy implementations (Project
-Athena currently uses it for their user registration process controlled by
-the system-wide database service, Moira [LGDSR87]), to identify whether a
-principal can play the role of a client or server or both, to note whether a
-server is appropriate trusted to recieve credentials delegated by a client,
-or to identify the 'string to key' conversion algorithm used for a
-principal's key[22]. Other bits are used to indicate that certain ticket
-options should not be allowed in tickets encrypted under a principal's key
-(one bit each): Disallow issuing postdated tickets, disallow issuing
-forwardable tickets, disallow issuing tickets based on TGT authentication,
-disallow issuing renewable tickets, disallow issuing proxiable tickets, and
-disallow issuing tickets for which the principal is the server.
-
-The mod_date field contains the time of last modification of the entry, and
-the mod_name field contains the name of the principal which last modified
-the entry.
-
-4.3. Frequently Changing Fields
-
-Some KDC implementations may wish to maintain the last time that a request
-was made by a particular principal. Information that might be maintained
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-includes the time of the last request, the time of the last request for a
-ticket-granting ticket, the time of the last use of a ticket-granting
-ticket, or other times. This information can then be returned to the user in
-the last-req field (see section 5.2).
-
-Other frequently changing information that can be maintained is the latest
-expiration time for any tickets that have been issued using each key. This
-field would be used to indicate how long old keys must remain valid to allow
-the continued use of outstanding tickets.
-
-4.4. Site Constants
-
-The KDC implementation should have the following configurable constants or
-options, to allow an administrator to make and enforce policy decisions:
-
-   * The minimum supported lifetime (used to determine whether the
-     KDC_ERR_NEVER_VALID error should be returned). This constant should
-     reflect reasonable expectations of round-trip time to the KDC,
-     encryption/decryption time, and processing time by the client and
-     target server, and it should allow for a minimum 'useful' lifetime.
-   * The maximum allowable total (renewable) lifetime of a ticket
-     (renew_till - starttime).
-   * The maximum allowable lifetime of a ticket (endtime - starttime).
-   * Whether to allow the issue of tickets with empty address fields
-     (including the ability to specify that such tickets may only be issued
-     if the request specifies some authorization_data).
-   * Whether proxiable, forwardable, renewable or post-datable tickets are
-     to be issued.
-
-5. Message Specifications
-
-The following sections describe the exact contents and encoding of protocol
-messages and objects. The ASN.1 base definitions are presented in the first
-subsection. The remaining subsections specify the protocol objects (tickets
-and authenticators) and messages. Specification of encryption and checksum
-techniques, and the fields related to them, appear in section 6.
-
-5.1. ASN.1 Distinguished Encoding Representation
-
-All uses of ASN.1 in Kerberos shall use the Distinguished Encoding
-Representation of the data elements as described in the X.509 specification,
-section 8.7 [X509-88].
-
-5.2. ASN.1 Base Definitions
-
-The following ASN.1 base definitions are used in the rest of this section.
-Note that since the underscore character (_) is not permitted in ASN.1
-names, the hyphen (-) is used in its place for the purposes of ASN.1 names.
-
-Realm ::=           GeneralString
-PrincipalName ::=   SEQUENCE {
-                    name-type[0]     INTEGER,
-                    name-string[1]   SEQUENCE OF GeneralString
-}
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-Kerberos realms are encoded as GeneralStrings. Realms shall not contain a
-character with the code 0 (the ASCII NUL). Most realms will usually consist
-of several components separated by periods (.), in the style of Internet
-Domain Names, or separated by slashes (/) in the style of X.500 names.
-Acceptable forms for realm names are specified in section 7. A PrincipalName
-is a typed sequence of components consisting of the following sub-fields:
-
-name-type
-     This field specifies the type of name that follows. Pre-defined values
-     for this field are specified in section 7.2. The name-type should be
-     treated as a hint. Ignoring the name type, no two names can be the same
-     (i.e. at least one of the components, or the realm, must be different).
-     This constraint may be eliminated in the future.
-name-string
-     This field encodes a sequence of components that form a name, each
-     component encoded as a GeneralString. Taken together, a PrincipalName
-     and a Realm form a principal identifier. Most PrincipalNames will have
-     only a few components (typically one or two).
-
-KerberosTime ::=   GeneralizedTime
-                   -- Specifying UTC time zone (Z)
-
-The timestamps used in Kerberos are encoded as GeneralizedTimes. An encoding
-shall specify the UTC time zone (Z) and shall not include any fractional
-portions of the seconds. It further shall not include any separators.
-Example: The only valid format for UTC time 6 minutes, 27 seconds after 9 pm
-on 6 November 1985 is 19851106210627Z.
-
-HostAddress ::=     SEQUENCE  {
-                    addr-type[0]             INTEGER,
-                    address[1]               OCTET STRING
-}
-
-HostAddresses ::=   SEQUENCE OF HostAddress
-
-The host adddress encodings consists of two fields:
-
-addr-type
-     This field specifies the type of address that follows. Pre-defined
-     values for this field are specified in section 8.1.
-address
-     This field encodes a single address of type addr-type.
-
-The two forms differ slightly. HostAddress contains exactly one address;
-HostAddresses contains a sequence of possibly many addresses.
-
-AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                        ad-type[0]               INTEGER,
-                        ad-data[1]               OCTET STRING
-}
-
-ad-data
-     This field contains authorization data to be interpreted according to
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     the value of the corresponding ad-type field.
-ad-type
-     This field specifies the format for the ad-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved for
-     registered use.
-
-Each sequence of type and data is refered to as an authorization element.
-Elements may be application specific, however, there is a common set of
-recursive elements that should be understood by all implementations. These
-elements contain other elements embedded within them, and the interpretation
-of the encapsulating element determines which of the embedded elements must
-be interpreted, and which may be ignored. Definitions for these common
-elements may be found in Appendix B.
-
-TicketExtensions ::= SEQUENCE OF SEQUENCE {
-           te-type[0]       INTEGER,
-           te-data[1]       OCTET STRING
-}
-
-
-
-te-data
-     This field contains opaque data that must be caried with the ticket to
-     support extensions to the Kerberos protocol including but not limited
-     to some forms of inter-realm key exchange and plaintext authorization
-     data. See appendix C for some common uses of this field.
-te-type
-     This field specifies the format for the te-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved for
-     registered use.
-
-APOptions ::=   BIT STRING {
-                  reserved(0),
-                  use-session-key(1),
-                  mutual-required(2)
-}
-
-TicketFlags ::= BIT STRING {
-                  reserved(0),
-                  forwardable(1),
-                  forwarded(2),
-                  proxiable(3),
-                  proxy(4),
-                  may-postdate(5),
-                  postdated(6),
-                  invalid(7),
-                  renewable(8),
-                  initial(9),
-                  pre-authent(10),
-                  hw-authent(11),
-                  transited-policy-checked(12),
-                  ok-as-delegate(13)
-}
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-KDCOptions ::=   BIT STRING {
-                  reserved(0),
-                  forwardable(1),
-                  forwarded(2),
-                  proxiable(3),
-                  proxy(4),
-                  allow-postdate(5),
-                  postdated(6),
-                  unused7(7),
-                  renewable(8),
-                  unused9(9),
-                  unused10(10),
-                  unused11(11),
-                  unused12(12),
-                  unused13(13),
-                  disable-transited-check(26),
-                  renewable-ok(27),
-                  enc-tkt-in-skey(28),
-                  renew(30),
-                  validate(31)
-}
-
-ASN.1 Bit strings have a length and a value. When used in Kerberos for the
-APOptions, TicketFlags, and KDCOptions, the length of the bit string on
-generated values should be the smallest multiple of 32 bits needed to
-include the highest order bit that is set (1), but in no case less than 32
-bits. Implementations should accept values of bit strings of any length and
-treat the value of flags cooresponding to bits beyond the end of the bit
-string as if the bit were reset (0). Comparisonof bit strings of different
-length should treat the smaller string as if it were padded with zeros
-beyond the high order bits to the length of the longer string[23].
-
-LastReq ::=   SEQUENCE OF SEQUENCE {
-               lr-type[0]               INTEGER,
-               lr-value[1]              KerberosTime
-}
-
-lr-type
-     This field indicates how the following lr-value field is to be
-     interpreted. Negative values indicate that the information pertains
-     only to the responding server. Non-negative values pertain to all
-     servers for the realm. If the lr-type field is zero (0), then no
-     information is conveyed by the lr-value subfield. If the absolute value
-     of the lr-type field is one (1), then the lr-value subfield is the time
-     of last initial request for a TGT. If it is two (2), then the lr-value
-     subfield is the time of last initial request. If it is three (3), then
-     the lr-value subfield is the time of issue for the newest
-     ticket-granting ticket used. If it is four (4), then the lr-value
-     subfield is the time of the last renewal. If it is five (5), then the
-     lr-value subfield is the time of last request (of any type).
-lr-value
-     This field contains the time of the last request. the time must be
-     interpreted according to the contents of the accompanying lr-type
-     subfield.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-See section 6 for the definitions of Checksum, ChecksumType, EncryptedData,
-EncryptionKey, EncryptionType, and KeyType.
-
-5.3. Tickets and Authenticators
-
-This section describes the format and encryption parameters for tickets and
-authenticators. When a ticket or authenticator is included in a protocol
-message it is treated as an opaque object.
-
-5.3.1. Tickets
-
-A ticket is a record that helps a client authenticate to a service. A Ticket
-contains the following information:
-
-Ticket ::=        [APPLICATION 1] SEQUENCE {
-                  tkt-vno[0]                   INTEGER,
-                  realm[1]                     Realm,
-                  sname[2]                     PrincipalName,
-                  enc-part[3]                  EncryptedData,
-                  extensions[4]                TicketExtensions OPTIONAL
-}
-
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-                  flags[0]                     TicketFlags,
-                  key[1]                       EncryptionKey,
-                  crealm[2]                    Realm,
-                  cname[3]                     PrincipalName,
-                  transited[4]                 TransitedEncoding,
-                  authtime[5]                  KerberosTime,
-                  starttime[6]                 KerberosTime OPTIONAL,
-                  endtime[7]                   KerberosTime,
-                  renew-till[8]                KerberosTime OPTIONAL,
-                  caddr[9]                     HostAddresses OPTIONAL,
-                  authorization-data[10]       AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=   SEQUENCE {
-                        tr-type[0]             INTEGER, -- must be registered
-                        contents[1]            OCTET STRING
-}
-
-The encoding of EncTicketPart is encrypted in the key shared by Kerberos and
-the end server (the server's secret key). See section 6 for the format of
-the ciphertext.
-
-tkt-vno
-     This field specifies the version number for the ticket format. This
-     document describes version number 5.
-realm
-     This field specifies the realm that issued a ticket. It also serves to
-     identify the realm part of the server's principal identifier. Since a
-     Kerberos server can only issue tickets for servers within its realm,
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     the two will always be identical.
-sname
-     This field specifies the name part of the server's identity.
-enc-part
-     This field holds the encrypted encoding of the EncTicketPart sequence.
-extensions
-     This optional field contains a sequence of extentions that may be used
-     to carry information that must be carried with the ticket to support
-     several extensions, including but not limited to plaintext
-     authorization data, tokens for exchanging inter-realm keys, and other
-     information that must be associated with a ticket for use by the
-     application server. See Appendix C for definitions of some common
-     extensions.
-
-     Note that some older versions of Kerberos did not support this field.
-     Because this is an optional field it will not break older clients, but
-     older clients might strip this field from the ticket before sending it
-     to the application server. This limits the usefulness of this ticket
-     field to environments where the ticket will not be parsed and
-     reconstructed by these older Kerberos clients.
-
-     If it is known that the client will strip this field from the ticket,
-     as an interim measure the KDC may append this field to the end of the
-     enc-part of the ticket and append a traler indicating the lenght of the
-     appended extensions field. (this paragraph is open for discussion,
-     including the form of the traler).
-flags
-     This field indicates which of various options were used or requested
-     when the ticket was issued. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). Bit 0 is the most
-     significant bit. The encoding of the bits is specified in section 5.2.
-     The flags are described in more detail above in section 2. The meanings
-     of the flags are:
-
-          Bit(s)      Name         Description
-
-          0           RESERVED
-                                   Reserved for future  expansion  of  this
-                                   field.
-
-          1           FORWARDABLE
-                                   The FORWARDABLE flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  When set,  this
-                                   flag  tells  the  ticket-granting server
-                                   that it is OK to  issue  a  new  ticket-
-                                   granting ticket with a different network
-                                   address based on the presented ticket.
-
-          2           FORWARDED
-                                   When set, this flag indicates  that  the
-                                   ticket  has either been forwarded or was
-                                   issued based on authentication involving
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                                   a forwarded ticket-granting ticket.
-
-          3           PROXIABLE
-                                   The  PROXIABLE  flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.   The  PROXIABLE
-                                   flag  has an interpretation identical to
-                                   that of  the  FORWARDABLE  flag,  except
-                                   that   the   PROXIABLE  flag  tells  the
-                                   ticket-granting server  that  only  non-
-                                   ticket-granting  tickets  may  be issued
-                                   with different network addresses.
-
-          4           PROXY
-                                   When set, this  flag  indicates  that  a
-                                   ticket is a proxy.
-
-          5           MAY-POSTDATE
-                                   The MAY-POSTDATE flag is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  This flag tells
-                                   the  ticket-granting server that a post-
-                                   dated ticket may be issued based on this
-                                   ticket-granting ticket.
-
-          6           POSTDATED
-                                   This flag indicates that this ticket has
-                                   been  postdated.   The  end-service  can
-                                   check the authtime field to see when the
-                                   original authentication occurred.
-
-          7           INVALID
-                                   This flag indicates  that  a  ticket  is
-                                   invalid, and it must be validated by the
-                                   KDC  before  use.   Application  servers
-                                   must reject tickets which have this flag
-                                   set.
-
-          8           RENEWABLE
-                                   The  RENEWABLE  flag  is  normally  only
-                                   interpreted  by the TGS, and can usually
-                                   be ignored by end servers (some particu-
-                                   larly careful servers may wish to disal-
-                                   low  renewable  tickets).   A  renewable
-                                   ticket  can be used to obtain a replace-
-                                   ment ticket  that  expires  at  a  later
-                                   date.
-
-          9           INITIAL
-                                   This flag indicates that this ticket was
-                                   issued  using  the  AS protocol, and not
-                                   issued  based   on   a   ticket-granting
-                                   ticket.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-          10          PRE-AUTHENT
-                                   This flag indicates that during  initial
-                                   authentication, the client was authenti-
-                                   cated by the KDC  before  a  ticket  was
-                                   issued.    The   strength  of  the  pre-
-                                   authentication method is not  indicated,
-                                   but is acceptable to the KDC.
-
-          11          HW-AUTHENT
-                                   This flag indicates  that  the  protocol
-                                   employed   for   initial  authentication
-                                   required the use of hardware expected to
-                                   be possessed solely by the named client.
-                                   The hardware  authentication  method  is
-                                   selected  by the KDC and the strength of
-                                   the method is not indicated.
-
-          12           TRANSITED   This flag indicates that the KDC for the
-                  POLICY-CHECKED   realm has checked the transited field
-                                   against a realm defined policy for
-                                   trusted certifiers.  If this flag is
-                                   reset (0), then the application server
-                                   must check the transited field itself,
-                                   and if unable to do so it must reject
-                                   the authentication.  If the flag is set
-                                   (1) then the application server may skip
-                                   its own validation of the transited
-                                   field, relying on the validation
-                                   performed by the KDC.  At its option the
-                                   application server may still apply its
-                                   own validation based on a separate
-                                   policy for acceptance.
-
-          13      OK-AS-DELEGATE   This flag indicates that the server (not
-                                   the client) specified in the ticket has
-                                   been determined by policy of the realm
-                                   to be a suitable recipient of
-                                   delegation.  A client can use the
-                                   presence of this flag to help it make a
-                                   decision whether to delegate credentials
-                                   (either grant a proxy or a forwarded
-                                   ticket granting ticket) to this server.
-                                   The client is free to ignore the value
-                                   of this flag.  When setting this flag,
-                                   an administrator should consider the
-                                   Security and placement of the server on
-                                   which the service will run, as well as
-                                   whether the service requires the use of
-                                   delegated credentials.
-
-          14          ANONYMOUS
-                                   This flag indicates that  the  principal
-                                   named in the ticket is a generic princi-
-                                   pal for the realm and does not  identify
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                                   the  individual  using  the ticket.  The
-                                   purpose  of  the  ticket  is   only   to
-                                   securely  distribute  a session key, and
-                                   not to identify  the  user.   Subsequent
-                                   requests  using the same ticket and ses-
-                                   sion may be  considered  as  originating
-                                   from  the  same  user, but requests with
-                                   the same username but a different ticket
-                                   are  likely  to originate from different
-                                   users.
-
-          15-31       RESERVED
-                                   Reserved for future use.
-
-key
-     This field exists in the ticket and the KDC response and is used to
-     pass the session key from Kerberos to the application server and the
-     client. The field's encoding is described in section 6.2.
-crealm
-     This field contains the name of the realm in which the client is
-     registered and in which initial authentication took place.
-cname
-     This field contains the name part of the client's principal identifier.
-transited
-     This field lists the names of the Kerberos realms that took part in
-     authenticating the user to whom this ticket was issued. It does not
-     specify the order in which the realms were transited. See section
-     3.3.3.2 for details on how this field encodes the traversed realms.
-authtime
-     This field indicates the time of initial authentication for the named
-     principal. It is the time of issue for the original ticket on which
-     this ticket is based. It is included in the ticket to provide
-     additional information to the end service, and to provide the necessary
-     information for implementation of a `hot list' service at the KDC. An
-     end service that is particularly paranoid could refuse to accept
-     tickets for which the initial authentication occurred "too far" in the
-     past. This field is also returned as part of the response from the KDC.
-     When returned as part of the response to initial authentication
-     (KRB_AS_REP), this is the current time on the Ker- beros server[24].
-starttime
-     This field in the ticket specifies the time after which the ticket is
-     valid. Together with endtime, this field specifies the life of the
-     ticket. If it is absent from the ticket, its value should be treated as
-     that of the authtime field.
-endtime
-     This field contains the time after which the ticket will not be honored
-     (its expiration time). Note that individual services may place their
-     own limits on the life of a ticket and may reject tickets which have
-     not yet expired. As such, this is really an upper bound on the
-     expiration time for the ticket.
-renew-till
-     This field is only present in tickets that have the RENEWABLE flag set
-     in the flags field. It indicates the maximum endtime that may be
-     included in a renewal. It can be thought of as the absolute expiration
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     time for the ticket, including all renewals.
-caddr
-     This field in a ticket contains zero (if omitted) or more (if present)
-     host addresses. These are the addresses from which the ticket can be
-     used. If there are no addresses, the ticket can be used from any
-     location. The decision by the KDC to issue or by the end server to
-     accept zero-address tickets is a policy decision and is left to the
-     Kerberos and end-service administrators; they may refuse to issue or
-     accept such tickets. The suggested and default policy, however, is that
-     such tickets will only be issued or accepted when additional
-     information that can be used to restrict the use of the ticket is
-     included in the authorization_data field. Such a ticket is a
-     capability.
-
-     Network addresses are included in the ticket to make it harder for an
-     attacker to use stolen credentials. Because the session key is not sent
-     over the network in cleartext, credentials can't be stolen simply by
-     listening to the network; an attacker has to gain access to the session
-     key (perhaps through operating system security breaches or a careless
-     user's unattended session) to make use of stolen tickets.
-
-     It is important to note that the network address from which a
-     connection is received cannot be reliably determined. Even if it could
-     be, an attacker who has compromised the client's worksta- tion could
-     use the credentials from there. Including the network addresses only
-     makes it more difficult, not impossible, for an attacker to walk off
-     with stolen credentials and then use them from a "safe" location.
-authorization-data
-     The authorization-data field is used to pass authorization data from
-     the principal on whose behalf a ticket was issued to the application
-     service. If no authorization data is included, this field will be left
-     out. Experience has shown that the name of this field is confusing, and
-     that a better name for this field would be restrictions. Unfortunately,
-     it is not possible to change the name of this field at this time.
-
-     This field contains restrictions on any authority obtained on the basis
-     of authentication using the ticket. It is possible for any principal in
-     posession of credentials to add entries to the authorization data field
-     since these entries further restrict what can be done with the ticket.
-     Such additions can be made by specifying the additional entries when a
-     new ticket is obtained during the TGS exchange, or they may be added
-     during chained delegation using the authorization data field of the
-     authenticator.
-
-     Because entries may be added to this field by the holder of
-     credentials, it is not allowable for the presence of an entry in the
-     authorization data field of a ticket to amplify the priveleges one
-     would obtain from using a ticket.
-
-     The data in this field may be specific to the end service; the field
-     will contain the names of service specific objects, and the rights to
-     those objects. The format for this field is described in section 5.2.
-     Although Kerberos is not concerned with the format of the contents of
-     the sub-fields, it does carry type information (ad-type).
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-     By using the authorization_data field, a principal is able to issue a
-     proxy that is valid for a specific purpose. For example, a client
-     wishing to print a file can obtain a file server proxy to be passed to
-     the print server. By specifying the name of the file in the
-     authorization_data field, the file server knows that the print server
-     can only use the client's rights when accessing the particular file to
-     be printed.
-
-     A separate service providing authorization or certifying group
-     membership may be built using the authorization-data field. In this
-     case, the entity granting authorization (not the authorized entity),
-     obtains a ticket in its own name (e.g. the ticket is issued in the name
-     of a privelege server), and this entity adds restrictions on its own
-     authority and delegates the restricted authority through a proxy to the
-     client. The client would then present this authorization credential to
-     the application server separately from the authentication exchange.
-
-     Similarly, if one specifies the authorization-data field of a proxy and
-     leaves the host addresses blank, the resulting ticket and session key
-     can be treated as a capability. See [Neu93] for some suggested uses of
-     this field.
-
-     The authorization-data field is optional and does not have to be
-     included in a ticket.
-
-5.3.2. Authenticators
-
-An authenticator is a record sent with a ticket to a server to certify the
-client's knowledge of the encryption key in the ticket, to help the server
-detect replays, and to help choose a "true session key" to use with the
-particular session. The encoding is encrypted in the ticket's session key
-shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::= [APPLICATION 2] SEQUENCE  {
-                  authenticator-vno[0]          INTEGER,
-                  crealm[1]                     Realm,
-                  cname[2]                      PrincipalName,
-                  cksum[3]                      Checksum OPTIONAL,
-                  cusec[4]                      INTEGER,
-                  ctime[5]                      KerberosTime,
-                  subkey[6]                     EncryptionKey OPTIONAL,
-                  seq-number[7]                 INTEGER OPTIONAL,
-                  authorization-data[8]         AuthorizationData OPTIONAL
-}
-
-
-authenticator-vno
-     This field specifies the version number for the format of the
-     authenticator. This document specifies version 5.
-crealm and cname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-cksum
-     This field contains a checksum of the the applica- tion data that
-     accompanies the KRB_AP_REQ.
-cusec
-     This field contains the microsecond part of the client's timestamp. Its
-     value (before encryption) ranges from 0 to 999999. It often appears
-     along with ctime. The two fields are used together to specify a
-     reasonably accurate timestamp.
-ctime
-     This field contains the current time on the client's host.
-subkey
-     This field contains the client's choice for an encryption key which is
-     to be used to protect this specific application session. Unless an
-     application specifies otherwise, if this field is left out the session
-     key from the ticket will be used.
-seq-number
-     This optional field includes the initial sequence number to be used by
-     the KRB_PRIV or KRB_SAFE messages when sequence numbers are used to
-     detect replays (It may also be used by application specific messages).
-     When included in the authenticator this field specifies the initial
-     sequence number for messages from the client to the server. When
-     included in the AP-REP message, the initial sequence number is that for
-     messages from the server to the client. When used in KRB_PRIV or
-     KRB_SAFE messages, it is incremented by one after each message is sent.
-
-     For sequence numbers to adequately support the detection of replays
-     they should be non-repeating, even across connection boundaries. The
-     initial sequence number should be random and uniformly distributed
-     across the full space of possible sequence numbers, so that it cannot
-     be guessed by an attacker and so that it and the successive sequence
-     numbers do not repeat other sequences.
-authorization-data
-     This field is the same as described for the ticket in section 5.3.1. It
-     is optional and will only appear when additional restrictions are to be
-     placed on the use of a ticket, beyond those carried in the ticket
-     itself.
-
-5.4. Specifications for the AS and TGS exchanges
-
-This section specifies the format of the messages used in the exchange
-between the client and the Kerberos server. The format of possible error
-messages appears in section 5.9.1.
-
-5.4.1. KRB_KDC_REQ definition
-
-The KRB_KDC_REQ message has no type of its own. Instead, its type is one of
-KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is for an initial
-ticket or an additional ticket. In either case, the message is sent from the
-client to the Authentication Server to request credentials for a service.
-
-The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-KDC-REQ ::=        SEQUENCE {
-                   pvno[1]            INTEGER,
-                   msg-type[2]        INTEGER,
-                   padata[3]          SEQUENCE OF PA-DATA OPTIONAL,
-                   req-body[4]        KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-                   padata-type[1]     INTEGER,
-                   padata-value[2]    OCTET STRING,
-                                      -- might be encoded AP-REQ
-}
-
-KDC-REQ-BODY ::=   SEQUENCE {
-                    kdc-options[0]         KDCOptions,
-                    cname[1]               PrincipalName OPTIONAL,
-                                           -- Used only in AS-REQ
-                    realm[2]               Realm, -- Server's realm
-                                           -- Also client's in AS-REQ
-                    sname[3]               PrincipalName OPTIONAL,
-                    from[4]                KerberosTime OPTIONAL,
-                    till[5]                KerberosTime OPTIONAL,
-                    rtime[6]               KerberosTime OPTIONAL,
-                    nonce[7]               INTEGER,
-                    etype[8]               SEQUENCE OF INTEGER,
-                                           -- EncryptionType,
-                                           -- in preference order
-                    addresses[9]           HostAddresses OPTIONAL,
-                enc-authorization-data[10] EncryptedData OPTIONAL,
-                                           -- Encrypted AuthorizationData
-                                           -- encoding
-                    additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-The fields in this message are:
-
-pvno
-     This field is included in each message, and specifies the protocol
-     version number. This document specifies protocol version 5.
-msg-type
-     This field indicates the type of a protocol message. It will almost
-     always be the same as the application identifier associated with a
-     message. It is included to make the identifier more readily accessible
-     to the application. For the KDC-REQ message, this type will be
-     KRB_AS_REQ or KRB_TGS_REQ.
-padata
-     The padata (pre-authentication data) field contains a sequence of
-     authentication information which may be needed before credentials can
-     be issued or decrypted. In the case of requests for additional tickets
-     (KRB_TGS_REQ), this field will include an element with padata-type of
-     PA-TGS-REQ and data of an authentication header (ticket-granting ticket
-     and authenticator). The checksum in the authenticator (which must be
-     collision-proof) is to be computed over the KDC-REQ-BODY encoding. In
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     most requests for initial authentication (KRB_AS_REQ) and most replies
-     (KDC-REP), the padata field will be left out.
-
-     This field may also contain information needed by certain extensions to
-     the Kerberos protocol. For example, it might be used to initially
-     verify the identity of a client before any response is returned. This
-     is accomplished with a padata field with padata-type equal to
-     PA-ENC-TIMESTAMP and padata-value defined as follows:
-
-     padata-type     ::= PA-ENC-TIMESTAMP
-     padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-     PA-ENC-TS-ENC   ::= SEQUENCE {
-                     patimestamp[0]     KerberosTime, -- client's time
-                     pausec[1]          INTEGER OPTIONAL
-     }
-
-     with patimestamp containing the client's time and pausec containing the
-     microseconds which may be omitted if a client will not generate more
-     than one request per second. The ciphertext (padata-value) consists of
-     the PA-ENC-TS-ENC sequence, encrypted using the client's secret key.
-
-     [use-specified-kvno item is here for discussion and may be removed] It
-     may also be used by the client to specify the version of a key that is
-     being used for accompanying preauthentication, and/or which should be
-     used to encrypt the reply from the KDC.
-
-     PA-USE-SPECIFIED-KVNO  ::=  Integer
-
-     The KDC should only accept and abide by the value of the
-     use-specified-kvno preauthentication data field when the specified key
-     is still valid and until use of a new key is confirmed. This situation
-     is likely to occur primarily during the period during which an updated
-     key is propagating to other KDC's in a realm.
-
-     The padata field can also contain information needed to help the KDC or
-     the client select the key needed for generating or decrypting the
-     response. This form of the padata is useful for supporting the use of
-     certain token cards with Kerberos. The details of such extensions are
-     specified in separate documents. See [Pat92] for additional uses of
-     this field.
-padata-type
-     The padata-type element of the padata field indicates the way that the
-     padata-value element is to be interpreted. Negative values of
-     padata-type are reserved for unregistered use; non-negative values are
-     used for a registered interpretation of the element type.
-req-body
-     This field is a placeholder delimiting the extent of the remaining
-     fields. If a checksum is to be calculated over the request, it is
-     calculated over an encoding of the KDC-REQ-BODY sequence which is
-     enclosed within the req-body field.
-kdc-options
-     This field appears in the KRB_AS_REQ and KRB_TGS_REQ requests to the
-     KDC and indicates the flags that the client wants set on the tickets as
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     well as other information that is to modify the behavior of the KDC.
-     Where appropriate, the name of an option may be the same as the flag
-     that is set by that option. Although in most case, the bit in the
-     options field will be the same as that in the flags field, this is not
-     guaranteed, so it is not acceptable to simply copy the options field to
-     the flags field. There are various checks that must be made before
-     honoring an option anyway.
-
-     The kdc_options field is a bit-field, where the selected options are
-     indicated by the bit being set (1), and the unselected options and
-     reserved fields being reset (0). The encoding of the bits is specified
-     in section 5.2. The options are described in more detail above in
-     section 2. The meanings of the options are:
-
-        Bit(s)    Name                Description
-         0        RESERVED
-                                      Reserved for future  expansion  of  this
-                                      field.
-
-         1        FORWARDABLE
-                                      The FORWARDABLE  option  indicates  that
-                                      the  ticket  to be issued is to have its
-                                      forwardable flag set.  It  may  only  be
-                                      set on the initial request, or in a sub-
-                                      sequent request if  the  ticket-granting
-                                      ticket on which it is based is also for-
-                                      wardable.
-
-         2        FORWARDED
-                                      The FORWARDED option is  only  specified
-                                      in  a  request  to  the  ticket-granting
-                                      server and will only be honored  if  the
-                                      ticket-granting  ticket  in  the request
-                                      has  its  FORWARDABLE  bit  set.    This
-                                      option  indicates that this is a request
-                                      for forwarding.  The address(es) of  the
-                                      host  from which the resulting ticket is
-                                      to  be  valid  are   included   in   the
-                                      addresses field of the request.
-
-         3        PROXIABLE
-                                      The PROXIABLE option indicates that  the
-                                      ticket to be issued is to have its prox-
-                                      iable flag set.  It may only be  set  on
-                                      the  initial request, or in a subsequent
-                                      request if the ticket-granting ticket on
-                                      which it is based is also proxiable.
-
-         4        PROXY
-                                      The PROXY option indicates that this  is
-                                      a request for a proxy.  This option will
-                                      only be honored if  the  ticket-granting
-                                      ticket  in the request has its PROXIABLE
-                                      bit set.  The address(es)  of  the  host
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                                      from which the resulting ticket is to be
-                                       valid  are  included  in  the  addresses
-                                      field of the request.
-
-         5        ALLOW-POSTDATE
-                                      The ALLOW-POSTDATE option indicates that
-                                      the  ticket  to be issued is to have its
-                                      MAY-POSTDATE flag set.  It may  only  be
-                                      set on the initial request, or in a sub-
-                                      sequent request if  the  ticket-granting
-                                      ticket on which it is based also has its
-                                      MAY-POSTDATE flag set.
-
-         6        POSTDATED
-                                      The POSTDATED option indicates that this
-                                      is  a  request  for  a postdated ticket.
-                                      This option will only be honored if  the
-                                      ticket-granting  ticket  on  which it is
-                                      based has  its  MAY-POSTDATE  flag  set.
-                                      The  resulting ticket will also have its
-                                      INVALID flag set, and that flag  may  be
-                                      reset by a subsequent request to the KDC
-                                      after the starttime in  the  ticket  has
-                                      been reached.
-
-         7        UNUSED
-                                      This option is presently unused.
-
-         8        RENEWABLE
-                                      The RENEWABLE option indicates that  the
-                                      ticket  to  be  issued  is  to  have its
-                                      RENEWABLE flag set.  It may only be  set
-                                      on  the  initial  request,  or  when the
-                                      ticket-granting  ticket  on  which   the
-                                      request  is based is also renewable.  If
-                                      this option is requested, then the rtime
-                                      field   in   the  request  contains  the
-                                      desired absolute expiration time for the
-                                      ticket.
-
-         9-13     UNUSED
-                                      These options are presently unused.
-
-         14       REQUEST-ANONYMOUS
-                                      The REQUEST-ANONYMOUS  option  indicates
-                                      that  the  ticket to be issued is not to
-                                      identify  the  user  to  which  it   was
-                                      issued.  Instead, the principal identif-
-                                      ier is to be generic,  as  specified  by
-                                      the  policy  of  the realm (e.g. usually
-                                      anonymous@realm).  The  purpose  of  the
-                                      ticket  is only to securely distribute a
-                                      session key, and  not  to  identify  the
-                                      user.   The ANONYMOUS flag on the ticket
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                                      to be returned should be  set.   If  the
-                                      local  realms  policy  does  not  permit
-                                      anonymous credentials, the request is to
-                                      be rejected.
-
-         15-25    RESERVED
-                                      Reserved for future use.
-
-         26       DISABLE-TRANSITED-CHECK
-                                      By default the KDC will check the
-                                      transited field of a ticket-granting-
-                                      ticket against the policy of the local
-                                      realm before it will issue derivative
-                                      tickets based on the ticket granting
-                                      ticket.  If this flag is set in the
-                                      request, checking of the transited field
-                                      is disabled.  Tickets issued without the
-                                      performance of this check will be noted
-                                      by the reset (0) value of the
-                                      TRANSITED-POLICY-CHECKED flag,
-                                      indicating to the application server
-                                      that the tranisted field must be checked
-                                      locally.  KDC's are encouraged but not
-                                      required to honor the
-                                      DISABLE-TRANSITED-CHECK option.
-
-         27       RENEWABLE-OK
-                                      The RENEWABLE-OK option indicates that a
-                                      renewable ticket will be acceptable if a
-                                      ticket with the  requested  life  cannot
-                                      otherwise be provided.  If a ticket with
-                                      the requested life cannot  be  provided,
-                                      then  a  renewable  ticket may be issued
-                                      with  a  renew-till  equal  to  the  the
-                                      requested  endtime.   The  value  of the
-                                      renew-till field may still be limited by
-                                      local  limits, or limits selected by the
-                                      individual principal or server.
-
-         28       ENC-TKT-IN-SKEY
-                                      This option is used only by the  ticket-
-                                      granting  service.   The ENC-TKT-IN-SKEY
-                                      option indicates that the ticket for the
-                                      end  server  is  to  be encrypted in the
-                                      session key from the additional  ticket-
-                                      granting ticket provided.
-
-         29       RESERVED
-                                      Reserved for future use.
-
-         30       RENEW
-                                      This option is used only by the  ticket-
-                                      granting   service.   The  RENEW  option
-                                      indicates that the  present  request  is
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                                      for  a  renewal.  The ticket provided is
-                                      encrypted in  the  secret  key  for  the
-                                      server  on  which  it  is  valid.   This
-                                      option  will  only  be  honored  if  the
-                                      ticket  to  be renewed has its RENEWABLE
-                                      flag set and if the time in  its  renew-
-                                      till  field  has not passed.  The ticket
-                                      to be renewed is passed  in  the  padata
-                                      field  as  part  of  the  authentication
-                                      header.
-
-         31       VALIDATE
-                                      This option is used only by the  ticket-
-                                      granting  service.   The VALIDATE option
-                                      indicates that the request is  to  vali-
-                                      date  a  postdated ticket.  It will only
-                                      be honored if the  ticket  presented  is
-                                      postdated,  presently  has  its  INVALID
-                                      flag set, and would be otherwise  usable
-                                      at  this time.  A ticket cannot be vali-
-                                      dated before its starttime.  The  ticket
-                                      presented for validation is encrypted in
-                                      the key of the server for  which  it  is
-                                      valid  and is passed in the padata field
-                                      as part of the authentication header.
-
-cname and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1. sname may only be absent when the ENC-TKT-IN-SKEY option is
-     specified. If absent, the name of the server is taken from the name of
-     the client in the ticket passed as additional-tickets.
-enc-authorization-data
-     The enc-authorization-data, if present (and it can only be present in
-     the TGS_REQ form), is an encoding of the desired authorization-data
-     encrypted under the sub-session key if present in the Authenticator, or
-     alternatively from the session key in the ticket-granting ticket, both
-     from the padata field in the KRB_AP_REQ.
-realm
-     This field specifies the realm part of the server's principal
-     identifier. In the AS exchange, this is also the realm part of the
-     client's principal identifier.
-from
-     This field is included in the KRB_AS_REQ and KRB_TGS_REQ ticket
-     requests when the requested ticket is to be postdated. It specifies the
-     desired start time for the requested ticket. If this field is omitted
-     then the KDC should use the current time instead.
-till
-     This field contains the expiration date requested by the client in a
-     ticket request. It is optional and if omitted the requested ticket is
-     to have the maximum endtime permitted according to KDC policy for the
-     parties to the authentication exchange as limited by expiration date of
-     the ticket granting ticket or other preauthentication credentials.
-rtime
-     This field is the requested renew-till time sent from a client to the
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     KDC in a ticket request. It is optional.
-nonce
-     This field is part of the KDC request and response. It it intended to
-     hold a random number generated by the client. If the same number is
-     included in the encrypted response from the KDC, it provides evidence
-     that the response is fresh and has not been replayed by an attacker.
-     Nonces must never be re-used. Ideally, it should be generated randomly,
-     but if the correct time is known, it may suffice[25].
-etype
-     This field specifies the desired encryption algorithm to be used in the
-     response.
-addresses
-     This field is included in the initial request for tickets, and
-     optionally included in requests for additional tickets from the
-     ticket-granting server. It specifies the addresses from which the
-     requested ticket is to be valid. Normally it includes the addresses for
-     the client's host. If a proxy is requested, this field will contain
-     other addresses. The contents of this field are usually copied by the
-     KDC into the caddr field of the resulting ticket.
-additional-tickets
-     Additional tickets may be optionally included in a request to the
-     ticket-granting server. If the ENC-TKT-IN-SKEY option has been
-     specified, then the session key from the additional ticket will be used
-     in place of the server's key to encrypt the new ticket. If more than
-     one option which requires additional tickets has been specified, then
-     the additional tickets are used in the order specified by the ordering
-     of the options bits (see kdc-options, above).
-
-The application code will be either ten (10) or twelve (12) depending on
-whether the request is for an initial ticket (AS-REQ) or for an additional
-ticket (TGS-REQ).
-
-The optional fields (addresses, authorization-data and additional-tickets)
-are only included if necessary to perform the operation specified in the
-kdc-options field.
-
-It should be noted that in KRB_TGS_REQ, the protocol version number appears
-twice and two different message types appear: the KRB_TGS_REQ message
-contains these fields as does the authentication header (KRB_AP_REQ) that is
-passed in the padata field.
-
-5.4.2. KRB_KDC_REP definition
-
-The KRB_KDC_REP message format is used for the reply from the KDC for either
-an initial (AS) request or a subsequent (TGS) request. There is no message
-type for KRB_KDC_REP. Instead, the type will be either KRB_AS_REP or
-KRB_TGS_REP. The key used to encrypt the ciphertext part of the reply
-depends on the message type. For KRB_AS_REP, the ciphertext is encrypted in
-the client's secret key, and the client's key version number is included in
-the key version number for the encrypted data. For KRB_TGS_REP, the
-ciphertext is encrypted in the sub-session key from the Authenticator, or if
-absent, the session key from the ticket-granting ticket used in the request.
-In that case, no version number will be present in the EncryptedData
-sequence.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-The KRB_KDC_REP message contains the following fields:
-
-AS-REP ::=    [APPLICATION 11] KDC-REP
-TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-KDC-REP ::=   SEQUENCE {
-              pvno[0]                    INTEGER,
-              msg-type[1]                INTEGER,
-              padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-              crealm[3]                  Realm,
-              cname[4]                   PrincipalName,
-              ticket[5]                  Ticket,
-              enc-part[6]                EncryptedData
-}
-
-EncASRepPart ::=    [APPLICATION 25[27]] EncKDCRepPart
-EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-EncKDCRepPart ::=   SEQUENCE {
-                    key[0]               EncryptionKey,
-                    last-req[1]          LastReq,
-                    nonce[2]             INTEGER,
-                    key-expiration[3]    KerberosTime OPTIONAL,
-                    flags[4]             TicketFlags,
-                    authtime[5]          KerberosTime,
-                    starttime[6]         KerberosTime OPTIONAL,
-                    endtime[7]           KerberosTime,
-                    renew-till[8]        KerberosTime OPTIONAL,
-                    srealm[9]            Realm,
-                    sname[10]            PrincipalName,
-                    caddr[11]            HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is either
-     KRB_AS_REP or KRB_TGS_REP.
-padata
-     This field is described in detail in section 5.4.1. One possible use
-     for this field is to encode an alternate "mix-in" string to be used
-     with a string-to-key algorithm (such as is described in section 6.3.2).
-     This ability is useful to ease transitions if a realm name needs to
-     change (e.g. when a company is acquired); in such a case all existing
-     password-derived entries in the KDC database would be flagged as
-     needing a special mix-in string until the next password change.
-crealm, cname, srealm and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-ticket
-     The newly-issued ticket, from section 5.3.1.
-enc-part
-     This field is a place holder for the ciphertext and related information
-     that forms the encrypted part of a message. The description of the
-     encrypted part of the message follows each appearance of this field.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     The encrypted part is encoded as described in section 6.1.
-key
-     This field is the same as described for the ticket in section 5.3.1.
-last-req
-     This field is returned by the KDC and specifies the time(s) of the last
-     request by a principal. Depending on what information is available,
-     this might be the last time that a request for a ticket-granting ticket
-     was made, or the last time that a request based on a ticket-granting
-     ticket was successful. It also might cover all servers for a realm, or
-     just the particular server. Some implementations may display this
-     information to the user to aid in discovering unauthorized use of one's
-     identity. It is similar in spirit to the last login time displayed when
-     logging into timesharing systems.
-nonce
-     This field is described above in section 5.4.1.
-key-expiration
-     The key-expiration field is part of the response from the KDC and
-     specifies the time that the client's secret key is due to expire. The
-     expiration might be the result of password aging or an account
-     expiration. This field will usually be left out of the TGS reply since
-     the response to the TGS request is encrypted in a session key and no
-     client information need be retrieved from the KDC database. It is up to
-     the application client (usually the login program) to take appropriate
-     action (such as notifying the user) if the expiration time is imminent.
-flags, authtime, starttime, endtime, renew-till and caddr
-     These fields are duplicates of those found in the encrypted portion of
-     the attached ticket (see section 5.3.1), provided so the client may
-     verify they match the intended request and to assist in proper ticket
-     caching. If the message is of type KRB_TGS_REP, the caddr field will
-     only be filled in if the request was for a proxy or forwarded ticket,
-     or if the user is substituting a subset of the addresses from the
-     ticket granting ticket. If the client-requested addresses are not
-     present or not used, then the addresses contained in the ticket will be
-     the same as those included in the ticket-granting ticket.
-
-5.5. Client/Server (CS) message specifications
-
-This section specifies the format of the messages used for the
-authentication of the client to the application server.
-
-5.5.1. KRB_AP_REQ definition
-
-The KRB_AP_REQ message contains the Kerberos protocol version number, the
-message type KRB_AP_REQ, an options field to indicate any options in use,
-and the ticket and authenticator themselves. The KRB_AP_REQ message is often
-referred to as the 'authentication header'.
-
-AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ap-options[2]                 APOptions,
-                ticket[3]                     Ticket,
-                authenticator[4]              EncryptedData
-}
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-APOptions ::=   BIT STRING {
-                reserved(0),
-                use-session-key(1),
-                mutual-required(2)
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REQ.
-ap-options
-     This field appears in the application request (KRB_AP_REQ) and affects
-     the way the request is processed. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). The encoding of the bits
-     is specified in section 5.2. The meanings of the options are:
-
-          Bit(s)   Name              Description
-          0        RESERVED
-                                     Reserved for future  expansion  of  this
-                                     field.
-
-          1        USE-SESSION-KEY
-                                     The  USE-SESSION-KEY  option   indicates
-                                     that the ticket the client is presenting
-                                     to a server is encrypted in the  session
-                                     key  from  the  server's ticket-granting
-                                     ticket.  When this option is not  speci-
-                                     fied,  the  ticket  is  encrypted in the
-                                     server's secret key.
-
-          2        MUTUAL-REQUIRED
-                                     The  MUTUAL-REQUIRED  option  tells  the
-                                     server  that  the client requires mutual
-                                     authentication, and that it must respond
-                                     with a KRB_AP_REP message.
-
-          3-31     RESERVED
-                                          Reserved for future use.
-ticket
-     This field is a ticket authenticating the client to the server.
-authenticator
-     This contains the authenticator, which includes the client's choice of
-     a subkey. Its encoding is described in section 5.3.2.
-
-5.5.2. KRB_AP_REP definition
-
-The KRB_AP_REP message contains the Kerberos protocol version number, the
-message type, and an encrypted time- stamp. The message is sent in in
-response to an application request (KRB_AP_REQ) where the mutual
-authentication option has been selected in the ap-options field.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-AP-REP ::=         [APPLICATION 15] SEQUENCE {
-                   pvno[0]                           INTEGER,
-                   msg-type[1]                       INTEGER,
-                   enc-part[2]                       EncryptedData
-}
-
-EncAPRepPart ::=   [APPLICATION 27[29]] SEQUENCE {
-                   ctime[0]                          KerberosTime,
-                   cusec[1]                          INTEGER,
-                   subkey[2]                         EncryptionKey OPTIONAL,
-                   seq-number[3]                     INTEGER OPTIONAL
-}
-
-The encoded EncAPRepPart is encrypted in the shared session key of the
-ticket. The optional subkey field can be used in an application-arranged
-negotiation to choose a per association session key.
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REP.
-enc-part
-     This field is described above in section 5.4.2.
-ctime
-     This field contains the current time on the client's host.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-subkey
-     This field contains an encryption key which is to be used to protect
-     this specific application session. See section 3.2.6 for specifics on
-     how this field is used to negotiate a key. Unless an application
-     specifies otherwise, if this field is left out, the sub-session key
-     from the authenticator, or if also left out, the session key from the
-     ticket will be used.
-
-5.5.3. Error message reply
-
-If an error occurs while processing the application request, the KRB_ERROR
-message will be sent in response. See section 5.9.1 for the format of the
-error message. The cname and crealm fields may be left out if the server
-cannot determine their appropriate values from the corresponding KRB_AP_REQ
-message. If the authenticator was decipherable, the ctime and cusec fields
-will contain the values from it.
-
-5.6. KRB_SAFE message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to send a tamper-proof message to
-its peer. It presumes that a session key has previously been exchanged (for
-example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.6.1. KRB_SAFE definition
-
-The KRB_SAFE message contains user data along with a collision-proof
-checksum keyed with the last encryption key negotiated via subkeys, or the
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-session key if no negotiation has occured. The message fields are:
-
-KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-                    pvno[0]                       INTEGER,
-                    msg-type[1]                   INTEGER,
-                    safe-body[2]                  KRB-SAFE-BODY,
-                    cksum[3]                      Checksum
-}
-
-KRB-SAFE-BODY ::=   SEQUENCE {
-                    user-data[0]                  OCTET STRING,
-                    timestamp[1]                  KerberosTime OPTIONAL,
-                    usec[2]                       INTEGER OPTIONAL,
-                    seq-number[3]                 INTEGER OPTIONAL,
-                    s-address[4]                  HostAddress OPTIONAL,
-                    r-address[5]                  HostAddress OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_SAFE.
-safe-body
-     This field is a placeholder for the body of the KRB-SAFE message. It is
-     to be encoded separately and then have the checksum computed over it,
-     for use in the cksum field.
-cksum
-     This field contains the checksum of the application data. Checksum
-     details are described in section 6.4. The checksum is computed over the
-     encoding of the KRB-SAFE-BODY sequence.
-user-data
-     This field is part of the KRB_SAFE and KRB_PRIV messages and contain
-     the application specific data that is being passed from the sender to
-     the recipient.
-timestamp
-     This field is part of the KRB_SAFE and KRB_PRIV messages. Its contents
-     are the current time as known by the sender of the message. By checking
-     the timestamp, the recipient of the message is able to make sure that
-     it was recently generated, and is not a replay.
-usec
-     This field is part of the KRB_SAFE and KRB_PRIV headers. It contains
-     the microsecond part of the timestamp.
-seq-number
-     This field is described above in section 5.3.2.
-s-address
-     This field specifies the address in use by the sender of the message.
-r-address
-     This field specifies the address in use by the recipient of the
-     message. It may be omitted for some uses (such as broadcast protocols),
-     but the recipient may arbitrarily reject such messages. This field
-     along with s-address can be used to help detect messages which have
-     been incorrectly or maliciously delivered to the wrong recipient.
-
-5.7. KRB_PRIV message specification
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to securely and privately send a
-message to its peer. It presumes that a session key has previously been
-exchanged (for example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1. KRB_PRIV definition
-
-The KRB_PRIV message contains user data encrypted in the Session Key. The
-message fields are:
-
-KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                     pvno[0]                           INTEGER,
-                     msg-type[1]                       INTEGER,
-                     enc-part[3]                       EncryptedData
-}
-
-EncKrbPrivPart ::=   [APPLICATION 28[31]] SEQUENCE {
-                     user-data[0]        OCTET STRING,
-                     timestamp[1]        KerberosTime OPTIONAL,
-                     usec[2]             INTEGER OPTIONAL,
-                     seq-number[3]       INTEGER OPTIONAL,
-                     s-address[4]        HostAddress OPTIONAL, -- sender's addr
-                     r-address[5]        HostAddress OPTIONAL -- recip's addr
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_PRIV.
-enc-part
-     This field holds an encoding of the EncKrbPrivPart sequence encrypted
-     under the session key[32]. This encrypted encoding is used for the
-     enc-part field of the KRB-PRIV message. See section 6 for the format of
-     the ciphertext.
-user-data, timestamp, usec, s-address and r-address
-     These fields are described above in section 5.6.1.
-seq-number
-     This field is described above in section 5.3.2.
-
-5.8. KRB_CRED message specification
-
-This section specifies the format of a message that can be used to send
-Kerberos credentials from one principal to another. It is presented here to
-encourage a common mechanism to be used by applications when forwarding
-tickets or providing proxies to subordinate servers. It presumes that a
-session key has already been exchanged perhaps by using the
-KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1. KRB_CRED definition
-
-The KRB_CRED message contains a sequence of tickets to be sent and
-information needed to use the tickets, including the session key from each.
-The information needed to use the tickets is encrypted under an encryption
-key previously exchanged or transferred alongside the KRB_CRED message. The
-message fields are:
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                 pvno[0]                INTEGER,
-                 msg-type[1]            INTEGER, -- KRB_CRED
-                 tickets[2]             SEQUENCE OF Ticket,
-                 enc-part[3]            EncryptedData
-}
-
-EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                 ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                 nonce[1]               INTEGER OPTIONAL,
-                 timestamp[2]           KerberosTime OPTIONAL,
-                 usec[3]                INTEGER OPTIONAL,
-                 s-address[4]           HostAddress OPTIONAL,
-                 r-address[5]           HostAddress OPTIONAL
-}
-
-KrbCredInfo      ::=                    SEQUENCE {
-                 key[0]                 EncryptionKey,
-                 prealm[1]              Realm OPTIONAL,
-                 pname[2]               PrincipalName OPTIONAL,
-                 flags[3]               TicketFlags OPTIONAL,
-                 authtime[4]            KerberosTime OPTIONAL,
-                 starttime[5]           KerberosTime OPTIONAL,
-                 endtime[6]             KerberosTime OPTIONAL
-                 renew-till[7]          KerberosTime OPTIONAL,
-                 srealm[8]              Realm OPTIONAL,
-                 sname[9]               PrincipalName OPTIONAL,
-                 caddr[10]              HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_CRED.
-tickets
-     These are the tickets obtained from the KDC specifically for use by the
-     intended recipient. Successive tickets are paired with the
-     corresponding KrbCredInfo sequence from the enc-part of the KRB-CRED
-     message.
-enc-part
-     This field holds an encoding of the EncKrbCredPart sequence encrypted
-     under the session key shared between the sender and the intended
-     recipient. This encrypted encoding is used for the enc-part field of
-     the KRB-CRED message. See section 6 for the format of the ciphertext.
-nonce
-     If practical, an application may require the inclusion of a nonce
-     generated by the recipient of the message. If the same value is
-     included as the nonce in the message, it provides evidence that the
-     message is fresh and has not been replayed by an attacker. A nonce must
-     never be re-used; it should be generated randomly by the recipient of
-     the message and provided to the sender of the message in an application
-     specific manner.
-timestamp and usec
-     These fields specify the time that the KRB-CRED message was generated.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     The time is used to provide assurance that the message is fresh.
-s-address and r-address
-     These fields are described above in section 5.6.1. They are used
-     optionally to provide additional assurance of the integrity of the
-     KRB-CRED message.
-key
-     This field exists in the corresponding ticket passed by the KRB-CRED
-     message and is used to pass the session key from the sender to the
-     intended recipient. The field's encoding is described in section 6.2.
-
-The following fields are optional. If present, they can be associated with
-the credentials in the remote ticket file. If left out, then it is assumed
-that the recipient of the credentials already knows their value.
-
-prealm and pname
-     The name and realm of the delegated principal identity.
-flags, authtime, starttime, endtime, renew-till, srealm, sname, and caddr
-     These fields contain the values of the correspond- ing fields from the
-     ticket found in the ticket field. Descriptions of the fields are
-     identical to the descriptions in the KDC-REP message.
-
-5.9. Error message specification
-
-This section specifies the format for the KRB_ERROR message. The fields
-included in the message are intended to return as much information as
-possible about an error. It is not expected that all the information
-required by the fields will be available for all types of errors. If the
-appropriate information is not available when the message is composed, the
-corresponding field will be left out of the message.
-
-Note that since the KRB_ERROR message is not protected by any encryption, it
-is quite possible for an intruder to synthesize or modify such a message. In
-particular, this means that the client should not use any fields in this
-message for security-critical purposes, such as setting a system clock or
-generating a fresh authenticator. The message can be useful, however, for
-advising a user on the reason for some failure.
-
-5.9.1. KRB_ERROR definition
-
-The KRB_ERROR message consists of the following fields:
-
-KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ctime[2]                      KerberosTime OPTIONAL,
-                cusec[3]                      INTEGER OPTIONAL,
-                stime[4]                      KerberosTime,
-                susec[5]                      INTEGER,
-                error-code[6]                 INTEGER,
-                crealm[7]                     Realm OPTIONAL,
-                cname[8]                      PrincipalName OPTIONAL,
-                realm[9]                      Realm, -- Correct realm
-                sname[10]                     PrincipalName, -- Correct name
-                e-text[11]                    GeneralString OPTIONAL,
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                e-data[12]                    OCTET STRING OPTIONAL,
-                e-cksum[13]                   Checksum OPTIONAL,
-                e-typed-data[14]              SEQUENCE of ETypedData OPTIONAL
-}
-
-ETypedData ::=  SEQUENCE {
-                e-data-type    [1] INTEGER,
-                e-data-value   [2] OCTET STRING,
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_ERROR.
-ctime
-     This field is described above in section 5.4.1.
-cusec
-     This field is described above in section 5.5.2.
-stime
-     This field contains the current time on the server. It is of type
-     KerberosTime.
-susec
-     This field contains the microsecond part of the server's timestamp. Its
-     value ranges from 0 to 999999. It appears along with stime. The two
-     fields are used in conjunction to specify a reasonably accurate
-     timestamp.
-error-code
-     This field contains the error code returned by Kerberos or the server
-     when a request fails. To interpret the value of this field see the list
-     of error codes in section 8. Implementations are encouraged to provide
-     for national language support in the display of error messages.
-crealm, cname, srealm and sname
-     These fields are described above in section 5.3.1.
-e-text
-     This field contains additional text to help explain the error code
-     associated with the failed request (for example, it might include a
-     principal name which was unknown).
-e-data
-     This field contains additional data about the error for use by the
-     application to help it recover from or handle the error. If the
-     errorcode is KDC_ERR_PREAUTH_REQUIRED, then the e-data field will
-     contain an encoding of a sequence of padata fields, each corresponding
-     to an acceptable pre-authentication method and optionally containing
-     data for the method:
-
-     METHOD-DATA ::=   SEQUENCE of PA-DATA
-
-     If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
-     contain an encoding of the following sequence:
-
-     METHOD-DATA ::=   SEQUENCE {
-                         method-type[0]   INTEGER,
-                         method-data[1]   OCTET STRING OPTIONAL
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-     }
-
-     method-type will indicate the required alternate method; method-data
-     will contain any required additional information.
-e-cksum
-     This field contains an optional checksum for the KRB-ERROR message. The
-     checksum is calculated over the Kerberos ASN.1 encoding of the
-     KRB-ERROR message with the checksum absent. The checksum is then added
-     to the KRB-ERROR structure and the message is re-encoded. The Checksum
-     should be calculated using the session key from the ticket granting
-     ticket or service ticket, where available. If the error is in response
-     to a TGS or AP request, the checksum should be calculated uing the the
-     session key from the client's ticket. If the error is in response to an
-     AS request, then the checksum should be calulated using the client's
-     secret key ONLY if there has been suitable preauthentication to prove
-     knowledge of the secret key by the client[33]. If a checksum can not be
-     computed because the key to be used is not available, no checksum will
-     be included.
-e-typed-data
-     [This field for discussion, may be deleted from final spec] This field
-     contains optional data that may be used to help the client recover from
-     the indicated error. [This could contain the METHOD-DATA specified
-     since I don't think anyone actually uses it yet. It could also contain
-     the PA-DATA sequence for the preauth required error if we had a clear
-     way to transition to the use of this field from the use of the untype
-     e-data field.] For example, this field may specify the key version of
-     the key used to verify preauthentication:
-
-     e-data-type  := 20 -- Key version number
-     e-data-value := Integer -- Key version number used to verify
-                                preauthentication 
-
-6. Encryption and Checksum Specifications
-
-The Kerberos protocols described in this document are designed to use stream
-encryption ciphers, which can be simulated using commonly available block
-encryption ciphers, such as the Data Encryption Standard, [DES77] in
-conjunction with block chaining and checksum methods [DESM80]. Encryption is
-used to prove the identities of the network entities participating in
-message exchanges. The Key Distribution Center for each realm is trusted by
-all principals registered in that realm to store a secret key in confidence.
-Proof of knowledge of this secret key is used to verify the authenticity of
-a principal.
-
-The KDC uses the principal's secret key (in the AS exchange) or a shared
-session key (in the TGS exchange) to encrypt responses to ticket requests;
-the ability to obtain the secret key or session key implies the knowledge of
-the appropriate keys and the identity of the KDC. The ability of a principal
-to decrypt the KDC response and present a Ticket and a properly formed
-Authenticator (generated with the session key from the KDC response) to a
-service verifies the identity of the principal; likewise the ability of the
-service to extract the session key from the Ticket and prove its knowledge
-thereof in a response verifies the identity of the service.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-The Kerberos protocols generally assume that the encryption used is secure
-from cryptanalysis; however, in some cases, the order of fields in the
-encrypted portions of messages are arranged to minimize the effects of
-poorly chosen keys. It is still important to choose good keys. If keys are
-derived from user-typed passwords, those passwords need to be well chosen to
-make brute force attacks more difficult. Poorly chosen keys still make easy
-targets for intruders.
-
-The following sections specify the encryption and checksum mechanisms
-currently defined for Kerberos. The encodings, chaining, and padding
-requirements for each are described. For encryption methods, it is often
-desirable to place random information (often referred to as a confounder) at
-the start of the message. The requirements for a confounder are specified
-with each encryption mechanism.
-
-Some encryption systems use a block-chaining method to improve the the
-security characteristics of the ciphertext. However, these chaining methods
-often don't provide an integrity check upon decryption. Such systems (such
-as DES in CBC mode) must be augmented with a checksum of the plain-text
-which can be verified at decryption and used to detect any tampering or
-damage. Such checksums should be good at detecting burst errors in the
-input. If any damage is detected, the decryption routine is expected to
-return an error indicating the failure of an integrity check. Each
-encryption type is expected to provide and verify an appropriate checksum.
-The specification of each encryption method sets out its checksum
-requirements.
-
-Finally, where a key is to be derived from a user's password, an algorithm
-for converting the password to a key of the appropriate type is included. It
-is desirable for the string to key function to be one-way, and for the
-mapping to be different in different realms. This is important because users
-who are registered in more than one realm will often use the same password
-in each, and it is desirable that an attacker compromising the Kerberos
-server in one realm not obtain or derive the user's key in another.
-
-For an discussion of the integrity characteristics of the candidate
-encryption and checksum methods considered for Kerberos, the the reader is
-referred to [SG92].
-
-6.1. Encryption Specifications
-
-The following ASN.1 definition describes all encrypted messages. The
-enc-part field which appears in the unencrypted part of messages in section
-5 is a sequence consisting of an encryption type, an optional key version
-number, and the ciphertext.
-
-EncryptedData ::=   SEQUENCE {
-                    etype[0]     INTEGER, -- EncryptionType
-                    kvno[1]      INTEGER OPTIONAL,
-                    cipher[2]    OCTET STRING -- ciphertext
-}
-
-
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-etype
-     This field identifies which encryption algorithm was used to encipher
-     the cipher. Detailed specifications for selected encryption types
-     appear later in this section.
-kvno
-     This field contains the version number of the key under which data is
-     encrypted. It is only present in messages encrypted under long lasting
-     keys, such as principals' secret keys.
-cipher
-     This field contains the enciphered text, encoded as an OCTET STRING.
-
-The cipher field is generated by applying the specified encryption algorithm
-to data composed of the message and algorithm-specific inputs. Encryption
-mechanisms defined for use with Kerberos must take sufficient measures to
-guarantee the integrity of the plaintext, and we recommend they also take
-measures to protect against precomputed dictionary attacks. If the
-encryption algorithm is not itself capable of doing so, the protections can
-often be enhanced by adding a checksum and a confounder.
-
-The suggested format for the data to be encrypted includes a confounder, a
-checksum, the encoded plaintext, and any necessary padding. The msg-seq
-field contains the part of the protocol message described in section 5 which
-is to be encrypted. The confounder, checksum, and padding are all untagged
-and untyped, and their length is exactly sufficient to hold the appropriate
-item. The type and length is implicit and specified by the particular
-encryption type being used (etype). The format for the data to be encrypted
-is described in the following diagram:
-
-      +-----------+----------+-------------+-----+
-      |confounder |   check  |   msg-seq   | pad |
-      +-----------+----------+-------------+-----+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-CipherText ::=   ENCRYPTED       SEQUENCE {
-            confounder[0]   UNTAGGED[35] OCTET STRING(conf_length) OPTIONAL,
-            check[1]        UNTAGGED OCTET STRING(checksum_length) OPTIONAL,
-            msg-seq[2]      MsgSequence,
-            pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-}
-
-One generates a random confounder of the appropriate length, placing it in
-confounder; zeroes out check; calculates the appropriate checksum over
-confounder, check, and msg-seq, placing the result in check; adds the
-necessary padding; then encrypts using the specified encryption type and the
-appropriate key.
-
-Unless otherwise specified, a definition of an encryption algorithm that
-specifies a checksum, a length for the confounder field, or an octet
-boundary for padding uses this ciphertext format[36]. Those fields which are
-not specified will be omitted.
-
-In the interest of allowing all implementations using a particular
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-encryption type to communicate with all others using that type, the
-specification of an encryption type defines any checksum that is needed as
-part of the encryption process. If an alternative checksum is to be used, a
-new encryption type must be defined.
-
-Some cryptosystems require additional information beyond the key and the
-data to be encrypted. For example, DES, when used in cipher-block-chaining
-mode, requires an initialization vector. If required, the description for
-each encryption type must specify the source of such additional information.
-6.2. Encryption Keys
-
-The sequence below shows the encoding of an encryption key:
-
-       EncryptionKey ::=   SEQUENCE {
-                           keytype[0]    INTEGER,
-                           keyvalue[1]   OCTET STRING
-       }
-
-keytype
-     This field specifies the type of encryption key that follows in the
-     keyvalue field. It will almost always correspond to the encryption
-     algorithm used to generate the EncryptedData, though more than one
-     algorithm may use the same type of key (the mapping is many to one).
-     This might happen, for example, if the encryption algorithm uses an
-     alternate checksum algorithm for an integrity check, or a different
-     chaining mechanism.
-keyvalue
-     This field contains the key itself, encoded as an octet string.
-
-All negative values for the encryption key type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields and
-interpreta- tions.
-
-6.3. Encryption Systems
-
-6.3.1. The NULL Encryption System (null)
-
-If no encryption is in use, the encryption system is said to be the NULL
-encryption system. In the NULL encryption system there is no checksum,
-confounder or padding. The ciphertext is simply the plaintext. The NULL Key
-is used by the null encryption system and is zero octets in length, with
-keytype zero (0).
-
-6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-The des-cbc-crc encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80]. A
-CRC-32 checksum (described in ISO 3309 [ISO3309]) is applied to the
-confounder and message sequence (msg-seq) and placed in the cksum field. DES
-blocks are 8 bytes. As a result, the data to be encrypted (the concatenation
-of confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption. The details of the encryption of this data are identical
-to those for the des-cbc-md5 encryption mode.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-Note that, since the CRC-32 checksum is not collision-proof, an attacker
-could use a probabilistic chosen-plaintext attack to generate a valid
-message even if a confounder is used [SG92]. The use of collision-proof
-checksums is recommended for environments where such attacks represent a
-significant threat. The use of the CRC-32 as the checksum for ticket or
-authenticator is no longer mandated as an interoperability requirement for
-Kerberos Version 5 Specification 1 (See section 9.1 for specific details).
-
-6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-The des-cbc-md4 encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-An MD4 checksum (described in [MD492]) is applied to the confounder and
-message sequence (msg-seq) and placed in the cksum field. DES blocks are 8
-bytes. As a result, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption. The details of the encryption of this data are identical
-to those for the des-cbc-md5 encryption mode.
-
-6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-The des-cbc-md5 encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-An MD5 checksum (described in [MD5-92].) is applied to the confounder and
-message sequence (msg-seq) and placed in the cksum field. DES blocks are 8
-bytes. As a result, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption.
-
-Plaintext and DES ciphtertext are encoded as blocks of 8 octets which are
-concatenated to make the 64-bit inputs for the DES algorithms. The first
-octet supplies the 8 most significant bits (with the octet's MSbit used as
-the DES input block's MSbit, etc.), the second octet the next 8 bits, ...,
-and the eighth octet supplies the 8 least significant bits.
-
-Encryption under DES using cipher block chaining requires an additional
-input in the form of an initialization vector. Unless otherwise specified,
-zero should be used as the initialization vector. Kerberos' use of DES
-requires an 8 octet confounder.
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those keys
-shall not be used for encrypting messages for use in Kerberos. Additionally,
-because of the way that keys are derived for the encryption of checksums,
-keys shall not be used that yield 'weak' or 'semi-weak' keys when
-eXclusive-ORed with the hexadecimal constant F0F0F0F0F0F0F0F0.
-
-A DES key is 8 octets of data, with keytype one (1). This consists of 56
-bits of key, and 8 parity bits (one per octet). The key is encoded as a
-series of 8 octets written in MSB-first order. The bits within the key are
-also encoded in MSB order. For example, if the encryption key is
-(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
-B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the parity
-bits, the first octet of the key would be B1,B2,...,B7,P1 (with B1 as the
-MSbit). [See the FIPS 81 introduction for reference.]
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-String to key transformation
-
-To generate a DES key from a text string (password), the text string
-normally must have the realm and each component of the principal's name
-appended[37], then padded with ASCII nulls to an 8 byte boundary. This
-string is then fan-folded and eXclusive-ORed with itself to form an 8 byte
-DES key. The parity is corrected on the key, and it is used to generate a
-DES CBC checksum on the initial string (with the realm and name appended).
-Next, parity is corrected on the CBC checksum. If the result matches a
-'weak' or 'semi-weak' key as described in the DES specification, it is
-eXclusive-ORed with the constant 00000000000000F0. Finally, the result is
-returned as the key. Pseudocode follows:
-
-     string_to_key(string,realm,name) {
-          odd = 1;
-          s = string + realm;
-          for(each component in name) {
-               s = s + component;
-          }
-          tempkey = NULL;
-          pad(s); /* with nulls to 8 byte boundary */
-          for(8byteblock in s) {
-               if(odd == 0)  {
-                   odd = 1;
-                   reverse(8byteblock)
-               }
-               else odd = 0;
-               tempkey = tempkey XOR 8byteblock;
-          }
-          fixparity(tempkey);
-          key = DES-CBC-check(s,tempkey);
-          fixparity(key);
-          if(is_weak_key_key(key))
-               key = key XOR 0xF0;
-          return(key);
-     }
-
-6.3.5. Triple DES EDE in outer CBC mode with an SHA1 check-sum
-(des3-cbc-sha1)
-
-The des3-cbc-sha1 encryption encodes information using three Data Encryption
-Standard transformations with three DES keys. The first key is used to
-perform a DES ECB encryption on an eight-octet data block using the first
-DES key, followed by a DES ECB decryption of the result using the second DES
-key, and a DES ECB encryption of the result using the third DES key. Because
-DES blocks are 8 bytes, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must first be padded to an 8 byte
-boundary before encryption. To support the outer CBC mode, the input is
-padded to an eight-octet boundary. The first 8 octets of the data to be
-encrypted (the confounder) is exclusive-ored with an initialization vector
-of zero and then ECB encrypted using triple DES as described above.
-Subsequent blocks of 8 octets are exclusive-ored with the ciphertext
-produced by the encryption on the previous block before ECB encryption.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-An HMAC-SHA1 checksum (described in [KBC96].) is applied to the confounder
-and message sequence (msg-seq) and placed in the cksum field.
-
-Plaintext are encoded as blocks of 8 octets which are concatenated to make
-the 64-bit inputs for the DES algorithms. The first octet supplies the 8
-most significant bits (with the octet's MSbit used as the DES input block's
-MSbit, etc.), the second octet the next 8 bits, ..., and the eighth octet
-supplies the 8 least significant bits.
-
-Encryption under Triple DES using cipher block chaining requires an
-additional input in the form of an initialization vector. Unless otherwise
-specified, zero should be used as the initialization vector. Kerberos' use
-of DES requires an 8 octet confounder.
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those keys
-shall not be used for encrypting messages for use in Kerberos. Additionally,
-because of the way that keys are derived for the encryption of checksums,
-keys shall not be used that yield 'weak' or 'semi-weak' keys when
-eXclusive-ORed with the hexadecimal constant F0F0F0F0F0F0F0F0.
-
-A Triple DES key is 24 octets of data, with keytype seven (7). This consists
-of 168 bits of key, and 24 parity bits (one per octet). The key is encoded
-as a series of 24 octets written in MSB-first order, with the first 8 octets
-treated as the first DES key, the second 8 octets as the second key, and the
-third 8 octets the third DES key. The bits within each key are also encoded
-in MSB order. For example, if the encryption key is
-(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
-B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the parity
-bits, the first octet of the key would be B1,B2,...,B7,P1 (with B1 as the
-MSbit). [See the FIPS 81 introduction for reference.]
-
-Key derivation for specified operations (Horowitz)
-
-[Discussion is needed for this section, especially since it does not simply
-derive key generation, but also specifies encryption using triple DES in a
-manner that is different than the basic template that was specified for
-single DES and similar systems]
-
-In the Kerberos protocol cryptographic keys are used in a number of places.
-In order to minimize the effect of compromising a key, it is desirable to
-use a different key in each of these places. Key derivation [Horowitz96] can
-be used to construct different keys for each operation from the keys
-transported on the network or derived from the password specified by the
-user.
-
-For each place where a key is used in Kerberos, a ``key usage'' is specified
-for that purpose. The key, key usage, and encryption/checksum type together
-describe the transformation from plaintext to ciphertext. For backwards
-compatibility, this key derivation is only specified here for encryption
-methods based on triple DES. Encryption methods specified for use by
-Kerberos in the future should specify the key derivation function to be
-used.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-Kerberos requires that the ciphertext component of EncryptedData be
-tamper-resistant as well as confidential. This implies encryption and
-integrity functions, which must each use their own separate keys. So, for
-each key usage, two keys must be generated, one for encryption (Ke), and one
-for integrity (Ki):
-
-      Ke = DK(protocol key, key usage | 0xAA)
-      Ki = DK(protocol key, key usage | 0x55)
-
-where the key usage is represented as a 32 bit integer in network byte
-order. The ciphertest must be generated from the plaintext as follows:
-
-      ciphertext = E(Ke, confounder | length | plaintext | padding) |
-                   H(Ki, confounder | length | plaintext | padding)
-
-The confounder and padding are specific to the encryption algorithm E.
-
-When generating a checksum only, there is no need for a confounder or
-padding. Again, a new key (Kc) must be used. Checksums must be generated
-from the plaintext as follows:
-
-      Kc = DK(protocol key, key usage | 0x99)
-      MAC = H(Kc, length | plaintext)
-
-
-Note that each enctype is described by an encryption algorithm E and a keyed
-hash algorithm H, and each checksum type is described by a keyed hash
-algorithm H. HMAC, with an appropriate hash, is recommended for use as H.
-
-The key usage value will be taken from the following list of places where
-keys are used in the Kerberos protocol, with key usage values and Kerberos
-specification section numbers:
-
-      1.  AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-          client key (section 5.4.1)
-      2.  AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-          application session key), encrypted with the service key
-          (section 5.4.2)
-      3.  AS-REP encrypted part (includes tgs session key or application
-          session key), encrypted with the client key (section 5.4.2)
-
-      4.  TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          session key (section 5.4.1)
-      5.  TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          authenticator subkey (section 5.4.1)
-      6.  TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-          with the tgs session key (sections 5.3.2, 5.4.1)
-      7.  TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-          authenticator subkey), encrypted with the tgs session key
-          (section 5.3.2)
-      8.  TGS-REP encrypted part (includes application session key),
-          encrypted with the tgs session key (section 5.4.2)
-      9.  TGS-REP encrypted part (includes application session key),
-          encrypted with the tgs authenticator subkey (section 5.4.2)
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-      10. AP-REQ Authenticator cksum, keyed with the application session
-          key (section 5.3.2)
-      11. AP-REQ Authenticator (includes application authenticator
-          subkey), encrypted with the application session key (section
-          5.3.2)
-      12. AP-REP encrypted part (includes application session subkey),
-          encrypted with the application session key (section 5.5.2)
-
-      13. KRB-PRIV encrypted part, encrypted with a key chosen by the
-          application (section 5.7.1)
-      14. KRB-CRED encrypted part, encrypted with a key chosen by the
-          application (section 5.6.1)
-      15. KRB-SAFE cksum, keyed with a key chosen by the application
-          (section 5.8.1)
-
-      16. Data which is defined in some specification outside of
-          Kerberos to be encrypted using Kerberos encryption type.
-      17. Data which is defined in some specification outside of
-          Kerberos to be checksummed using Kerberos checksum type.
-
-      18. KRB-ERROR checksum (e-cksum in section 5.9.1)
-      19. AD-KDCIssued checksum (ad-checksum in appendix B.1)
-      20. Checksum for Mandatory Ticket Extensions (appendix B.6)
-      21. Checksum in Authorization Data in Ticket Extensions (appendix B.7)
-
-String to key transformation
-
-To generate a DES key from a text string (password), the text string
-normally must have the realm and each component of the principal's name
-appended[38].
-
-The input string (with any salt data appended to it) is n-folded into a 24
-octet (192 bit) string. To n-fold a number X, replicate the input value to a
-length that is the least common multiple of n and the length of X. Before
-each repetition, the input X is rotated to the right by 13 bit positions.
-The successive n-bit chunks are added together using 1's-complement addition
-(addition with end-around carry) to yield a n-bit result. (This
-transformation was proposed by Richard Basch)
-
-Each successive set of 8 octets is taken as a DES key, and its parity is
-adjusted in the same manner as previously described. If any of the three
-sets of 8 octets match a 'weak' or 'semi-weak key as described in the DES
-specification, that chunk is eXclusive-ORed with the hexadecimal constant
-00000000000000F0. The resulting DES keys are then used in sequence to
-perform a Triple-DES CBC encryption of the n-folded input string (appended
-with any salt data), using a zero initial vector. Parity, weak, and
-semi-weak keys are once again corrected and the result is returned as the 24
-octet key.
-
-Pseudocode follows:
-
-     string_to_key(string,realm,name) {
-          s = string + realm;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-          for(each component in name) {
-               s = s + component;
-          }
-          tkey[24] = fold(s);
-          fixparity(tkey);
-          if(isweak(tkey[0-7])) tkey[0-7] = tkey[0-7] XOR 0xF0;
-          if(isweak(tkey[8-15])) tkey[8-15] = tkey[8-15] XOR 0xF0;
-          if(is_weak(tkey[16-23])) tkey[16-23] = tkey[16-23] XOR 0xF0;
-          key[24] = 3DES-CBC(data=fold(s),key=tkey,iv=0);
-          fixparity(key);
-          if(is_weak(key[0-7])) key[0-7] = key[0-7] XOR 0xF0;
-          if(is_weak(key[8-15])) key[8-15] = key[8-15] XOR 0xF0;
-          if(is_weak(key[16-23])) key[16-23] = key[16-23] XOR 0xF0;
-          return(key);
-     }
-
-6.4. Checksums
-
-The following is the ASN.1 definition used for a checksum:
-
-         Checksum ::=   SEQUENCE {
-                        cksumtype[0]   INTEGER,
-                        checksum[1]    OCTET STRING
-         }
-
-cksumtype
-     This field indicates the algorithm used to generate the accompanying
-     checksum.
-checksum
-     This field contains the checksum itself, encoded as an octet string.
-
-Detailed specification of selected checksum types appear later in this
-section. Negative values for the checksum type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields and
-interpretations.
-
-Checksums used by Kerberos can be classified by two properties: whether they
-are collision-proof, and whether they are keyed. It is infeasible to find
-two plaintexts which generate the same checksum value for a collision-proof
-checksum. A key is required to perturb or initialize the algorithm in a
-keyed checksum. To prevent message-stream modification by an active
-attacker, unkeyed checksums should only be used when the checksum and
-message will be subsequently encrypted (e.g. the checksums defined as part
-of the encryption algorithms covered earlier in this section).
-
-Collision-proof checksums can be made tamper-proof if the checksum value is
-encrypted before inclusion in a message. In such cases, the composition of
-the checksum and the encryption algorithm must be considered a separate
-checksum algorithm (e.g. RSA-MD5 encrypted using DES is a new checksum
-algorithm of type RSA-MD5-DES). For most keyed checksums, as well as for the
-encrypted forms of unkeyed collision-proof checksums, Kerberos prepends a
-confounder before the checksum is calculated.
-
-6.4.1. The CRC-32 Checksum (crc32)
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-The CRC-32 checksum calculates a checksum based on a cyclic redundancy check
-as described in ISO 3309 [ISO3309]. The resulting checksum is four (4)
-octets in length. The CRC-32 is neither keyed nor collision-proof. The use
-of this checksum is not recommended. An attacker using a probabilistic
-chosen-plaintext attack as described in [SG92] might be able to generate an
-alternative message that satisfies the checksum. The use of collision-proof
-checksums is recommended for environments where such attacks represent a
-significant threat.
-
-6.4.2. The RSA MD4 Checksum (rsa-md4)
-
-The RSA-MD4 checksum calculates a checksum using the RSA MD4 algorithm
-[MD4-92]. The algorithm takes as input an input message of arbitrary length
-and produces as output a 128-bit (16 octet) checksum. RSA-MD4 is believed to
-be collision-proof.
-
-6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4-des)
-
-The RSA-MD4-DES checksum calculates a keyed collision-proof checksum by
-prepending an 8 octet confounder before the text, applying the RSA MD4
-checksum algorithm, and encrypting the confounder and the checksum using DES
-in cipher-block-chaining (CBC) mode using a variant of the key, where the
-variant is computed by eXclusive-ORing the key with the constant
-F0F0F0F0F0F0F0F0[39]. The initialization vector should be zero. The
-resulting checksum is 24 octets long (8 octets of which are redundant). This
-checksum is tamper-proof and believed to be collision-proof.
-
-The DES specifications identify some weak keys' and 'semi-weak keys'; those
-keys shall not be used for generating RSA-MD4 checksums for use in Kerberos.
-
-The format for the checksum is described in the follow- ing diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md4(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-6.4.4. The RSA MD5 Checksum (rsa-md5)
-
-The RSA-MD5 checksum calculates a checksum using the RSA MD5 algorithm.
-[MD5-92]. The algorithm takes as input an input message of arbitrary length
-and produces as output a 128-bit (16 octet) checksum. RSA-MD5 is believed to
-be collision-proof.
-
-6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5-des)
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-The RSA-MD5-DES checksum calculates a keyed collision-proof checksum by
-prepending an 8 octet confounder before the text, applying the RSA MD5
-checksum algorithm, and encrypting the confounder and the checksum using DES
-in cipher-block-chaining (CBC) mode using a variant of the key, where the
-variant is computed by eXclusive-ORing the key with the hexadecimal constant
-F0F0F0F0F0F0F0F0. The initialization vector should be zero. The resulting
-checksum is 24 octets long (8 octets of which are redundant). This checksum
-is tamper-proof and believed to be collision-proof.
-
-The DES specifications identify some 'weak keys' and 'semi-weak keys'; those
-keys shall not be used for encrypting RSA-MD5 checksums for use in Kerberos.
-
-The format for the checksum is described in the following diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md5(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-6.4.6. DES cipher-block chained checksum (des-mac)
-
-The DES-MAC checksum is computed by prepending an 8 octet confounder to the
-plaintext, performing a DES CBC-mode encryption on the result using the key
-and an initialization vector of zero, taking the last block of the
-ciphertext, prepending the same confounder and encrypting the pair using DES
-in cipher-block-chaining (CBC) mode using a a variant of the key, where the
-variant is computed by eXclusive-ORing the key with the hexadecimal constant
-F0F0F0F0F0F0F0F0. The initialization vector should be zero. The resulting
-checksum is 128 bits (16 octets) long, 64 bits of which are redundant. This
-checksum is tamper-proof and collision-proof.
-
-The format for the checksum is described in the following diagram:
-
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-|   des-cbc(confounder  + des-mac(conf+msg,iv=0,key),key=var(key),iv=0) |
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-des-mac-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                       confounder[0]   UNTAGGED OCTET STRING(8),
-                       check[1]        UNTAGGED OCTET STRING(8)
-}
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those keys
-shall not be used for generating DES-MAC checksums for use in Kerberos, nor
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-shall a key be used whose variant is 'weak' or 'semi-weak'.
-
-6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative (rsa-md4-des-k)
-
-The RSA-MD4-DES-K checksum calculates a keyed collision-proof checksum by
-applying the RSA MD4 checksum algorithm and encrypting the results using DES
-in cipher-block-chaining (CBC) mode using a DES key as both key and
-initialization vector. The resulting checksum is 16 octets long. This
-checksum is tamper-proof and believed to be collision-proof. Note that this
-checksum type is the old method for encoding the RSA-MD4-DES checksum and it
-is no longer recommended.
-
-6.4.8. DES cipher-block chained checksum alternative (des-mac-k)
-
-The DES-MAC-K checksum is computed by performing a DES CBC-mode encryption
-of the plaintext, and using the last block of the ciphertext as the checksum
-value. It is keyed with an encryption key and an initialization vector; any
-uses which do not specify an additional initialization vector will use the
-key as both key and initialization vector. The resulting checksum is 64 bits
-(8 octets) long. This checksum is tamper-proof and collision-proof. Note
-that this checksum type is the old method for encoding the DES-MAC checksum
-and it is no longer recommended. The DES specifications identify some 'weak
-keys' and 'semi-weak keys'; those keys shall not be used for generating
-DES-MAC checksums for use in Kerberos.
-
-7. Naming Constraints
-
-7.1. Realm Names
-
-Although realm names are encoded as GeneralStrings and although a realm can
-technically select any name it chooses, interoperability across realm
-boundaries requires agreement on how realm names are to be assigned, and
-what information they imply.
-
-To enforce these conventions, each realm must conform to the conventions
-itself, and it must require that any realms with which inter-realm keys are
-shared also conform to the conventions and require the same from its
-neighbors.
-
-Kerberos realm names are case sensitive. Realm names that differ only in the
-case of the characters are not equivalent. There are presently four styles
-of realm names: domain, X500, other, and reserved. Examples of each style
-follow:
-
-     domain:   ATHENA.MIT.EDU (example)
-       X500:   C=US/O=OSF (example)
-      other:   NAMETYPE:rest/of.name=without-restrictions (example)
-   reserved:   reserved, but will not conflict with above
-
-Domain names must look like domain names: they consist of components
-separated by periods (.) and they contain neither colons (:) nor slashes
-(/). Domain names must be converted to upper case when used as realm names.
-
-X.500 names contain an equal (=) and cannot contain a colon (:) before the
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-equal. The realm names for X.500 names will be string representations of the
-names with components separated by slashes. Leading and trailing slashes
-will not be included.
-
-Names that fall into the other category must begin with a prefix that
-contains no equal (=) or period (.) and the prefix must be followed by a
-colon (:) and the rest of the name. All prefixes must be assigned before
-they may be used. Presently none are assigned.
-
-The reserved category includes strings which do not fall into the first
-three categories. All names in this category are reserved. It is unlikely
-that names will be assigned to this category unless there is a very strong
-argument for not using the 'other' category.
-
-These rules guarantee that there will be no conflicts between the various
-name styles. The following additional constraints apply to the assignment of
-realm names in the domain and X.500 categories: the name of a realm for the
-domain or X.500 formats must either be used by the organization owning (to
-whom it was assigned) an Internet domain name or X.500 name, or in the case
-that no such names are registered, authority to use a realm name may be
-derived from the authority of the parent realm. For example, if there is no
-domain name for E40.MIT.EDU, then the administrator of the MIT.EDU realm can
-authorize the creation of a realm with that name.
-
-This is acceptable because the organization to which the parent is assigned
-is presumably the organization authorized to assign names to its children in
-the X.500 and domain name systems as well. If the parent assigns a realm
-name without also registering it in the domain name or X.500 hierarchy, it
-is the parent's responsibility to make sure that there will not in the
-future exists a name identical to the realm name of the child unless it is
-assigned to the same entity as the realm name.
-
-7.2. Principal Names
-
-As was the case for realm names, conventions are needed to ensure that all
-agree on what information is implied by a principal name. The name-type
-field that is part of the principal name indicates the kind of information
-implied by the name. The name-type should be treated as a hint. Ignoring the
-name type, no two names can be the same (i.e. at least one of the
-components, or the realm, must be different). The following name types are
-defined:
-
-  name-type      value   meaning
-
-   NT-UNKNOWN        0   Name type not known
-   NT-PRINCIPAL      1   General principal name (e.g. username, or DCE principal)
-   NT-SRV-INST       2   Service and other unique instance (krbtgt)
-   NT-SRV-HST        3   Service with host name as instance (telnet, rcommands)
-   NT-SRV-XHST       4   Service with slash-separated host name components
-   NT-UID            5   Unique ID
-   NT-X500-PRINCIPAL 6   Encoded X.509 Distingished name [RFC 1779]
-
-When a name implies no information other than its uniqueness at a particular
-time the name type PRINCIPAL should be used. The principal name type should
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-be used for users, and it might also be used for a unique server. If the
-name is a unique machine generated ID that is guaranteed never to be
-reassigned then the name type of UID should be used (note that it is
-generally a bad idea to reassign names of any type since stale entries might
-remain in access control lists).
-
-If the first component of a name identifies a service and the remaining
-components identify an instance of the service in a server specified manner,
-then the name type of SRV-INST should be used. An example of this name type
-is the Kerberos ticket-granting service whose name has a first component of
-krbtgt and a second component identifying the realm for which the ticket is
-valid.
-
-If instance is a single component following the service name and the
-instance identifies the host on which the server is running, then the name
-type SRV-HST should be used. This type is typically used for Internet
-services such as telnet and the Berkeley R commands. If the separate
-components of the host name appear as successive components following the
-name of the service, then the name type SRV-XHST should be used. This type
-might be used to identify servers on hosts with X.500 names where the slash
-(/) might otherwise be ambiguous.
-
-A name type of NT-X500-PRINCIPAL should be used when a name from an X.509
-certificiate is translated into a Kerberos name. The encoding of the X.509
-name as a Kerberos principal shall conform to the encoding rules specified
-in RFC 1779.
-
-A name type of UNKNOWN should be used when the form of the name is not
-known. When comparing names, a name of type UNKNOWN will match principals
-authenticated with names of any type. A principal authenticated with a name
-of type UNKNOWN, however, will only match other names of type UNKNOWN.
-
-Names of any type with an initial component of 'krbtgt' are reserved for the
-Kerberos ticket granting service. See section 8.2.3 for the form of such
-names.
-
-7.2.1. Name of server principals
-
-The principal identifier for a server on a host will generally be composed
-of two parts: (1) the realm of the KDC with which the server is registered,
-and (2) a two-component name of type NT-SRV-HST if the host name is an
-Internet domain name or a multi-component name of type NT-SRV-XHST if the
-name of the host is of a form such as X.500 that allows slash (/)
-separators. The first component of the two- or multi-component name will
-identify the service and the latter components will identify the host. Where
-the name of the host is not case sensitive (for example, with Internet
-domain names) the name of the host must be lower case. If specified by the
-application protocol for services such as telnet and the Berkeley R commands
-which run with system privileges, the first component may be the string
-'host' instead of a service specific identifier. When a host has an official
-name and one or more aliases, the official name of the host must be used
-when constructing the name of the server principal.
-
-8. Constants and other defined values
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-8.1. Host address types
-
-All negative values for the host address type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields and
-interpretations.
-
-The values of the types for the following addresses are chosen to match the
-defined address family constants in the Berkeley Standard Distributions of
-Unix. They can be found in with symbolic names AF_xxx (where xxx is an
-abbreviation of the address family name).
-
-Internet (IPv4) Addresses
-
-Internet (IPv4) addresses are 32-bit (4-octet) quantities, encoded in MSB
-order. The type of IPv4 addresses is two (2).
-
-Internet (IPv6) Addresses
-
-IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB order. The
-type of IPv6 addresses is twenty-four (24). [RFC1883] [RFC1884]. The
-following addresses (see [RFC1884]) MUST not appear in any Kerberos packet:
-
-   * the Unspecified Address
-   * the Loopback Address
-   * Link-Local addresses
-
-IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
-
-CHAOSnet addresses
-
-CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB order.
-The type of CHAOSnet addresses is five (5).
-
-ISO addresses
-
-ISO addresses are variable-length. The type of ISO addresses is seven (7).
-
-Xerox Network Services (XNS) addresses
-
-XNS addresses are 48-bit (6-octet) quantities, encoded in MSB order. The
-type of XNS addresses is six (6).
-
-AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-AppleTalk DDP addresses consist of an 8-bit node number and a 16-bit network
-number. The first octet of the address is the node number; the remaining two
-octets encode the network number in MSB order. The type of AppleTalk DDP
-addresses is sixteen (16).
-
-DECnet Phase IV addresses
-
-DECnet Phase IV addresses are 16-bit addresses, encoded in LSB order. The
-type of DECnet Phase IV addresses is twelve (12).
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-8.2. KDC messages
-
-8.2.1. UDP/IP transport
-
-When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request using UDP
-IP transport, the client shall send a UDP datagram containing only an
-encoding of the request to port 88 (decimal) at the KDC's IP address; the
-KDC will respond with a reply datagram containing only an encoding of the
-reply message (either a KRB_ERROR or a KRB_KDC_REP) to the sending port at
-the sender's IP address. Kerberos servers supporting IP transport must
-accept UDP requests on port 88 (decimal). The response to a request made
-through UDP/IP transport must also use UDP/IP transport.
-
-8.2.2. TCP/IP transport
-
-Kerberos servers (KDC's) must accept TCP requests on port 88 (decimal). When
-the KRB_KDC_REQ message is sent to the KDC over a TCP stream, a new
-connection will be established for each authentication exchange (request and
-response). The KRB_KDC_REP or KRB_ERROR message will be returned to the
-client on the same TCP stream that was established for the request. The
-connection will be broken after the reply has been received (or upon
-time-out). Care must be taken in managing TCP/IP connections with the KDC to
-prevent denial of service attacks based on the number of TCP/IP connections
-with the KDC that remain open. If multiple exchanges with the KDC are needed
-for certain forms of preauthentication, multiple TCP connections will be
-required. The response to a request made through TCP/IP transport must also
-use TCP/IP transport.
-
-The first four octets of the TCP stream used to transmit the request request
-will encode in network byte order the length of the request (KRB_KDC_REQ),
-and the length will be followed by the request itself. The response will
-similarly be preceeded by a 4 octet encoding in network byte order of the
-length of the KRB_KDC_REP or the KRB_ERROR message and will be followed by
-the KRB_KDC_REP or the KRB_ERROR response.
-
-8.2.3. OSI transport
-
-During authentication of an OSI client to an OSI server, the mutual
-authentication of an OSI server to an OSI client, the transfer of
-credentials from an OSI client to an OSI server, or during exchange of
-private or integrity checked messages, Kerberos protocol messages may be
-treated as opaque objects and the type of the authentication mechanism will
-be:
-
-OBJECT IDENTIFIER ::= {iso (1), org(3), dod(6),internet(1), security(5),kerberosv5(2)}
-
-Depending on the situation, the opaque object will be an authentication
-header (KRB_AP_REQ), an authentication reply (KRB_AP_REP), a safe message
-(KRB_SAFE), a private message (KRB_PRIV), or a credentials message
-(KRB_CRED). The opaque data contains an application code as specified in the
-ASN.1 description for each message. The application code may be used by
-Kerberos to determine the message type.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-8.2.3. Name of the TGS
-
-The principal identifier of the ticket-granting service shall be composed of
-three parts: (1) the realm of the KDC issuing the TGS ticket (2) a two-part
-name of type NT-SRV-INST, with the first part "krbtgt" and the second part
-the name of the realm which will accept the ticket-granting ticket. For
-example, a ticket-granting ticket issued by the ATHENA.MIT.EDU realm to be
-used to get tickets from the ATHENA.MIT.EDU KDC has a principal identifier
-of "ATHENA.MIT.EDU" (realm), ("krbtgt", "ATHENA.MIT.EDU") (name). A
-ticket-granting ticket issued by the ATHENA.MIT.EDU realm to be used to get
-tickets from the MIT.EDU realm has a principal identifier of
-"ATHENA.MIT.EDU" (realm), ("krbtgt", "MIT.EDU") (name).
-
-8.3. Protocol constants and associated values
-
-The following tables list constants used in the protocol and defines their
-meanings.
-
-Encryption type  etype value  block size    minimum pad size  confounder size
-NULL              0            1                 0                 0
-des-cbc-crc       1            8                 4                 8
-des-cbc-md4       2            8                 0                 8
-des-cbc-md5       3            8                 0                 8
-        4
-des3-cbc-md5      5            8                 0                 8
-        6
-des3-cbc-sha1     7            8                 0                 8
-sign-dsa-generate 8                                   (pkinit)
-encrypt-rsa-priv  9                                   (pkinit)
-encrypt-rsa-pub  10                                   (pkinit)
-rsa-pub-md5      11                                   (pkinit)
-rsa-pub-sha1     12                                   (pkinit)
-ENCTYPE_PK_CROSS 48                                   (reserved for pkcross)
-       0x8003
-
-Checksum type              sumtype value       checksum size
-CRC32                      1                   4
-rsa-md4                    2                   16
-rsa-md4-des                3                   24
-des-mac                    4                   16
-des-mac-k                  5                   8
-rsa-md4-des-k              6                   16
-rsa-md5                    7                   16
-rsa-md5-des                8                   24
-rsa-md5-des3               9                   24
-hmac-sha1-des3             10                  20  (I had this as 10, is it 12)
-
-padata type                     padata-type value
-
-PA-TGS-REQ                      1
-PA-ENC-TIMESTAMP                2
-PA-PW-SALT                      3
-                      4
-PA-ENC-UNIX-TIME                5
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-PA-SANDIA-SECUREID              6
-PA-SESAME                       7
-PA-OSF-DCE                      8
-PA-CYBERSAFE-SECUREID           9
-PA-AFS3-SALT                    10
-PA-ETYPE-INFO                   11
-SAM-CHALLENGE                   12                  (sam/otp)
-SAM-RESPONSE                    13                  (sam/otp)
-PA-PK-AS-REQ                    14                  (pkinit)
-PA-PK-AS-REP                    15                  (pkinit)
-PA-PK-AS-SIGN                   16                  (pkinit)
-PA-PK-KEY-REQ                   17                  (pkinit)
-PA-PK-KEY-REP                   18                  (pkinit)
-PA-USE-SPECIFIED-KVNO           20
-
-authorization data type         ad-type value
-AD-KDC-ISSUED                      1
-AD-INTENDED-FOR-SERVER             2
-AD-INTENDED-FOR-APPLICATION-CLASS  3
-AD-IF-RELEVANT                     4
-AD-OR                              5
-AD-MANDATORY-TICKET-EXTENSIONS     6
-AD-IN-TICKET-EXTENSIONS            7
-reserved values                    8-63
-OSF-DCE                            64
-SESAME                             65
-
-Ticket Extension Types
-
-TE-TYPE-NULL                  0      Null ticket extension
-TE-TYPE-EXTERNAL-ADATA        1      Integrity protected authorization data
-                    2      TE-TYPE-PKCROSS-KDC  (I have reservations)
-TE-TYPE-PKCROSS-CLIENT        3      PKCROSS cross realm key ticket
-TE-TYPE-CYBERSAFE-EXT         4      Assigned to CyberSafe Corp
-                    5      TE-TYPE-DEST-HOST (I have reservations)
-
-alternate authentication type   method-type value
-reserved values                 0-63
-ATT-CHALLENGE-RESPONSE          64
-
-transited encoding type         tr-type value
-DOMAIN-X500-COMPRESS            1
-reserved values                 all others
-
-Label               Value   Meaning or MIT code
-
-pvno                    5   current Kerberos protocol version number
-
-message types
-
-KRB_AS_REQ             10   Request for initial authentication
-KRB_AS_REP             11   Response to KRB_AS_REQ request
-KRB_TGS_REQ            12   Request for authentication based on TGT
-KRB_TGS_REP            13   Response to KRB_TGS_REQ request
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-KRB_AP_REQ             14   application request to server
-KRB_AP_REP             15   Response to KRB_AP_REQ_MUTUAL
-KRB_SAFE               20   Safe (checksummed) application message
-KRB_PRIV               21   Private (encrypted) application message
-KRB_CRED               22   Private (encrypted) message to forward credentials
-KRB_ERROR              30   Error response
-
-name types
-
-KRB_NT_UNKNOWN        0  Name type not known
-KRB_NT_PRINCIPAL      1  Just the name of the principal as in DCE, or for users
-KRB_NT_SRV_INST       2  Service and other unique instance (krbtgt)
-KRB_NT_SRV_HST        3  Service with host name as instance (telnet, rcommands)
-KRB_NT_SRV_XHST       4  Service with host as remaining components
-KRB_NT_UID            5  Unique ID
-KRB_NT_X500_PRINCIPAL 6  Encoded X.509 Distingished name [RFC 1779]
-
-error codes
-
-KDC_ERR_NONE                    0   No error
-KDC_ERR_NAME_EXP                1   Client's entry in database has expired
-KDC_ERR_SERVICE_EXP             2   Server's entry in database has expired
-KDC_ERR_BAD_PVNO                3   Requested protocol version number not 
-                                    supported
-KDC_ERR_C_OLD_MAST_KVNO         4   Client's key encrypted in old master key
-KDC_ERR_S_OLD_MAST_KVNO         5   Server's key encrypted in old master key
-KDC_ERR_C_PRINCIPAL_UNKNOWN     6   Client not found in Kerberos database
-KDC_ERR_S_PRINCIPAL_UNKNOWN     7   Server not found in Kerberos database
-KDC_ERR_PRINCIPAL_NOT_UNIQUE    8   Multiple principal entries in database
-KDC_ERR_NULL_KEY                9   The client or server has a null key
-KDC_ERR_CANNOT_POSTDATE        10   Ticket not eligible for postdating
-KDC_ERR_NEVER_VALID            11   Requested start time is later than end time
-KDC_ERR_POLICY                 12   KDC policy rejects request
-KDC_ERR_BADOPTION              13   KDC cannot accommodate requested option
-KDC_ERR_ETYPE_NOSUPP           14   KDC has no support for encryption type
-KDC_ERR_SUMTYPE_NOSUPP         15   KDC has no support for checksum type
-KDC_ERR_PADATA_TYPE_NOSUPP     16   KDC has no support for padata type
-KDC_ERR_TRTYPE_NOSUPP          17   KDC has no support for transited type
-KDC_ERR_CLIENT_REVOKED         18   Clients credentials have been revoked
-KDC_ERR_SERVICE_REVOKED        19   Credentials for server have been revoked
-KDC_ERR_TGT_REVOKED            20   TGT has been revoked
-KDC_ERR_CLIENT_NOTYET          21   Client not yet valid - try again later
-KDC_ERR_SERVICE_NOTYET         22   Server not yet valid - try again later
-KDC_ERR_KEY_EXPIRED            23   Password has expired - change password
-                                    to reset
-KDC_ERR_PREAUTH_FAILED         24   Pre-authentication information was invalid
-KDC_ERR_PREAUTH_REQUIRED       25   Additional pre-authenticationrequired [40]
-KDC_ERR_SERVER_NOMATCH         26   Requested server and ticket don't match
-KDC_ERR_MUST_USE_USER2USER     27   Server principal valid for user2user only
-KDC_ERR_PATH_NOT_ACCPETED      28   KDC Policy rejects transited path
-KRB_AP_ERR_BAD_INTEGRITY       31   Integrity check on decrypted field failed
-KRB_AP_ERR_TKT_EXPIRED         32   Ticket expired
-KRB_AP_ERR_TKT_NYV             33   Ticket not yet valid
-KRB_AP_ERR_REPEAT              34   Request is a replay
-KRB_AP_ERR_NOT_US              35   The ticket isn't for us
-KRB_AP_ERR_BADMATCH            36   Ticket and authenticator don't match
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-KRB_AP_ERR_SKEW                37   Clock skew too great
-KRB_AP_ERR_BADADDR             38   Incorrect net address
-KRB_AP_ERR_BADVERSION          39   Protocol version mismatch
-KRB_AP_ERR_MSG_TYPE            40   Invalid msg type
-KRB_AP_ERR_MODIFIED            41   Message stream modified
-KRB_AP_ERR_BADORDER            42   Message out of order
-KRB_AP_ERR_BADKEYVER           44   Specified version of key is not available
-KRB_AP_ERR_NOKEY               45   Service key not available
-KRB_AP_ERR_MUT_FAIL            46   Mutual authentication failed
-KRB_AP_ERR_BADDIRECTION        47   Incorrect message direction
-KRB_AP_ERR_METHOD              48   Alternative authentication method required
-KRB_AP_ERR_BADSEQ              49   Incorrect sequence number in message
-KRB_AP_ERR_INAPP_CKSUM         50   Inappropriate type of checksum in message
-KRB_AP_PATH_NOT_ACCEPTED       51   Policy rejects transited path
-KRB_ERR_GENERIC                60   Generic error (description in e-text)
-KRB_ERR_FIELD_TOOLONG          61   Field is too long for this implementation
-KDC_ERROR_CLIENT_NOT_TRUSTED   62   (pkinit)
-KDC_ERROR_KDC_NOT_TRUSTED      63   (pkinit)
-KDC_ERROR_INVALID_SIG          64   (pkinit)
-KDC_ERR_KEY_TOO_WEAK           65   (pkinit)
-KDC_ERR_CERTIFICATE_MISMATCH   66   (pkinit)
-
-9. Interoperability requirements
-
-Version 5 of the Kerberos protocol supports a myriad of options. Among these
-are multiple encryption and checksum types, alternative encoding schemes for
-the transited field, optional mechanisms for pre-authentication, the
-handling of tickets with no addresses, options for mutual authentication,
-user to user authentication, support for proxies, forwarding, postdating,
-and renewing tickets, the format of realm names, and the handling of
-authorization data.
-
-In order to ensure the interoperability of realms, it is necessary to define
-a minimal configuration which must be supported by all implementations. This
-minimal configuration is subject to change as technology does. For example,
-if at some later date it is discovered that one of the required encryption
-or checksum algorithms is not secure, it will be replaced.
-
-9.1. Specification 2
-
-This section defines the second specification of these options.
-Implementations which are configured in this way can be said to support
-Kerberos Version 5 Specification 2 (5.1). Specification 1 (depricated) may
-be found in RFC1510.
-
-Transport
-
-TCP/IP and UDP/IP transport must be supported by KDCs claiming conformance
-to specification 2. Kerberos clients claiming conformance to specification 2
-must support UDP/IP transport for messages with the KDC and may support
-TCP/IP transport.
-
-Encryption and checksum methods
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-The following encryption and checksum mechanisms must be supported.
-Implementations may support other mechanisms as well, but the additional
-mechanisms may only be used when communicating with principals known to also
-support them: This list is to be determined.
-
-Encryption: DES-CBC-MD5
-Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5
-
-Realm Names
-
-All implementations must understand hierarchical realms in both the Internet
-Domain and the X.500 style. When a ticket granting ticket for an unknown
-realm is requested, the KDC must be able to determine the names of the
-intermediate realms between the KDCs realm and the requested realm.
-
-Transited field encoding
-
-DOMAIN-X500-COMPRESS (described in section 3.3.3.2) must be supported.
-Alternative encodings may be supported, but they may be used only when that
-encoding is supported by ALL intermediate realms.
-
-Pre-authentication methods
-
-The TGS-REQ method must be supported. The TGS-REQ method is not used on the
-initial request. The PA-ENC-TIMESTAMP method must be supported by clients
-but whether it is enabled by default may be determined on a realm by realm
-basis. If not used in the initial request and the error
-KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENC-TIMESTAMP as an
-acceptable method, the client should retry the initial request using the
-PA-ENC-TIMESTAMP preauthentication method. Servers need not support the
-PA-ENC-TIMESTAMP method, but if not supported the server should ignore the
-presence of PA-ENC-TIMESTAMP pre-authentication in a request.
-
-Mutual authentication
-
-Mutual authentication (via the KRB_AP_REP message) must be supported.
-
-Ticket addresses and flags
-
-All KDC's must pass on tickets that carry no addresses (i.e. if a TGT
-contains no addresses, the KDC will return derivative tickets), but each
-realm may set its own policy for issuing such tickets, and each application
-server will set its own policy with respect to accepting them.
-
-Proxies and forwarded tickets must be supported. Individual realms and
-application servers can set their own policy on when such tickets will be
-accepted.
-
-All implementations must recognize renewable and postdated tickets, but need
-not actually implement them. If these options are not supported, the
-starttime and endtime in the ticket shall specify a ticket's entire useful
-life. When a postdated ticket is decoded by a server, all implementations
-shall make the presence of the postdated flag visible to the calling server.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-User-to-user authentication
-
-Support for user to user authentication (via the ENC-TKT-IN-SKEY KDC option)
-must be provided by implementations, but individual realms may decide as a
-matter of policy to reject such requests on a per-principal or realm-wide
-basis.
-
-Authorization data
-
-Implementations must pass all authorization data subfields from
-ticket-granting tickets to any derivative tickets unless directed to
-suppress a subfield as part of the definition of that registered subfield
-type (it is never incorrect to pass on a subfield, and no registered
-subfield types presently specify suppression at the KDC).
-
-Implementations must make the contents of any authorization data subfields
-available to the server when a ticket is used. Implementations are not
-required to allow clients to specify the contents of the authorization data
-fields.
-
-9.2. Recommended KDC values
-
-Following is a list of recommended values for a KDC implementation, based on
-the list of suggested configuration constants (see section 4.4).
-
-minimum lifetime              5 minutes
-maximum renewable lifetime    1 week
-maximum ticket lifetime       1 day
-empty addresses               only when suitable  restrictions  appear
-                              in authorization data
-proxiable, etc.               Allowed.
-
-10. REFERENCES
-
-[NT94]    B. Clifford Neuman and Theodore Y. Ts'o, "An  Authenti-
-          cation  Service for Computer Networks," IEEE Communica-
-          tions Magazine, Vol. 32(9), pp. 33-38 (September 1994).
-
-[MNSS87]  S. P. Miller, B. C. Neuman, J. I. Schiller, and  J.  H.
-          Saltzer,  Section  E.2.1:  Kerberos  Authentication and
-          Authorization System, M.I.T. Project Athena, Cambridge,
-          Massachusetts (December 21, 1987).
-
-[SNS88]   J. G. Steiner, B. C. Neuman, and J. I. Schiller,  "Ker-
-          beros:  An Authentication Service for Open Network Sys-
-          tems," pp. 191-202 in  Usenix  Conference  Proceedings,
-          Dallas, Texas (February, 1988).
-
-[NS78]    Roger M.  Needham  and  Michael  D.  Schroeder,  "Using
-          Encryption for Authentication in Large Networks of Com-
-          puters,"  Communications  of  the  ACM,  Vol.   21(12),
-          pp. 993-999 (December, 1978).
-
-[DS81]    Dorothy E. Denning and  Giovanni  Maria  Sacco,  "Time-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-          stamps  in  Key Distribution Protocols," Communications
-          of the ACM, Vol. 24(8), pp. 533-536 (August 1981).
-
-[KNT92]   John T. Kohl, B. Clifford Neuman, and Theodore Y. Ts'o,
-          "The Evolution of the Kerberos Authentication Service,"
-          in an IEEE Computer Society Text soon to  be  published
-          (June 1992).
-
-[Neu93]   B.  Clifford  Neuman,  "Proxy-Based  Authorization  and
-          Accounting  for Distributed Systems," in Proceedings of
-          the 13th International Conference on  Distributed  Com-
-          puting Systems, Pittsburgh, PA (May, 1993).
-
-[DS90]    Don Davis and Ralph Swick,  "Workstation  Services  and
-          Kerberos  Authentication  at Project Athena," Technical
-          Memorandum TM-424,  MIT Laboratory for Computer Science
-          (February 1990).
-
-[LGDSR87] P. J. Levine, M. R. Gretzinger, J. M. Diaz, W. E.  Som-
-          merfeld,  and  K. Raeburn, Section E.1: Service Manage-
-          ment System, M.I.T.  Project  Athena,  Cambridge,  Mas-
-          sachusetts (1987).
-
-[X509-88] CCITT, Recommendation X.509: The Directory  Authentica-
-          tion Framework, December 1988.
-
-[Pat92].  J. Pato, Using  Pre-Authentication  to  Avoid  Password
-          Guessing  Attacks, Open Software Foundation DCE Request
-          for Comments 26 (December 1992).
-
-[DES77]   National Bureau of Standards, U.S. Department  of  Com-
-          merce,  "Data Encryption Standard," Federal Information
-          Processing Standards Publication  46,   Washington,  DC
-          (1977).
-
-[DESM80]  National Bureau of Standards, U.S. Department  of  Com-
-          merce,  "DES  Modes  of Operation," Federal Information
-          Processing Standards Publication 81,   Springfield,  VA
-          (December 1980).
-
-[SG92]    Stuart G. Stubblebine and Virgil D. Gligor, "On Message
-          Integrity  in  Cryptographic Protocols," in Proceedings
-          of the IEEE  Symposium  on  Research  in  Security  and
-          Privacy, Oakland, California (May 1992).
-
-[IS3309]  International Organization  for  Standardization,  "ISO
-          Information  Processing  Systems - Data Communication -
-          High-Level Data Link Control Procedure -  Frame  Struc-
-          ture," IS 3309 (October 1984).  3rd Edition.
-
-[MD4-92]  R. Rivest, "The  MD4  Message  Digest  Algorithm,"  RFC
-          1320,   MIT  Laboratory  for  Computer  Science  (April
-          1992).
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-[MD5-92]  R. Rivest, "The  MD5  Message  Digest  Algorithm,"  RFC
-          1321,   MIT  Laboratory  for  Computer  Science  (April
-          1992).
-
-[KBC96]   H. Krawczyk, M. Bellare, and R. Canetti, "HMAC:  Keyed-
-          Hashing  for  Message  Authentication,"  Working  Draft
-          draft-ietf-ipsec-hmac-md5-01.txt,   (August 1996).
-
-A. Pseudo-code for protocol processing
-
-This appendix provides pseudo-code describing how the messages are to be
-constructed and interpreted by clients and servers.
-
-A.1. KRB_AS_REQ generation
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_AS_REQ */
-
-        if(pa_enc_timestamp_required) then
-                request.padata.padata-type = PA-ENC-TIMESTAMP;
-                get system_time;
-                padata-body.patimestamp,pausec = system_time;
-                encrypt padata-body into request.padata.padata-value
-                        using client.key; /* derived from password */
-        endif
-
-        body.kdc-options := users's preferences;
-        body.cname := user's name;
-        body.realm := user's realm;
-        body.sname := service's name; /* usually "krbtgt",  "localrealm" */
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-        omit body.enc-authorization-data;
-        request.req-body := body;
-
-        kerberos := lookup(name of local kerberos server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                retry or use alternate server;
-        endif
-
-A.2. KRB_AS_REQ verification and KRB_AS_REP generation
-
-        decode message into req;
-
-        client := lookup(req.cname,req.realm);
-        server := lookup(req.sname,req.realm);
-
-        get system_time;
-        kdc_time := system_time.seconds;
-
-        if (!client) then
-                /* no client in Database */
-                error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-        endif
-        if (!server) then
-                /* no server in Database */
-                error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-        endif
-
-        if(client.pa_enc_timestamp_required and
-           pa_enc_timestamp not present) then
-                error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-        endif
-
-        if(pa_enc_timestamp present) then
-                decrypt req.padata-value into decrypted_enc_timestamp
-                        using client.key;
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                if(decrypted_enc_timestamp is not within allowable skew) then
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                if(decrypted_enc_timestamp and usec is replay)
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                add decrypted_enc_timestamp and usec to replay cache;
-        endif
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := req.srealm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        if (req.kdc-options.FORWARDABLE is set) then
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.PROXIABLE is set) then
-                set new_tkt.flags.PROXIABLE;
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if ((req.kdc-options.RENEW is set) or
-            (req.kdc-options.VALIDATE is set) or
-            (req.kdc-options.PROXY is set) or
-            (req.kdc-options.FORWARDED is set) or
-            (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.session := random_session_key();
-        new_tkt.cname := req.cname;
-        new_tkt.crealm := req.crealm;
-        new_tkt.transited := empty_transited_field();
-
-        new_tkt.authtime := kdc_time;
-
-        if (req.kdc-options.POSTDATED is set) then
-           if (against_postdate_policy(req.from)) then
-                error_out(KDC_ERR_POLICY);
-           endif
-           set new_tkt.flags.POSTDATED;
-           set new_tkt.flags.INVALID;
-           new_tkt.starttime := req.from;
-        else
-           omit new_tkt.starttime; /* treated as authtime when omitted */
-        endif
-        if (req.till = 0) then
-                till := infinity;
-        else
-                till := req.till;
-        endif
-
-        new_tkt.endtime := min(till,
-                              new_tkt.starttime+client.max_life,
-                              new_tkt.starttime+server.max_life,
-                              new_tkt.starttime+max_life_for_realm);
-
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (new_tkt.endtime < req.till)) then
-                /* we set the RENEWABLE option for later processing */
-                set req.kdc-options.RENEWABLE;
-                req.rtime := req.till;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if (req.kdc-options.RENEWABLE is set) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-                                          new_tkt.starttime+client.max_rlife,
-                                          new_tkt.starttime+server.max_rlife,
-                                          new_tkt.starttime+max_rlife_for_realm);
-        else
-                omit new_tkt.renew-till; /* only present if RENEWABLE */
-        endif
-
-        if (req.addresses) then
-                new_tkt.caddr := req.addresses;
-        else
-                omit new_tkt.caddr;
-        endif
-
-        new_tkt.authorization_data := empty_authorization_data();
-
-        encode to-be-encrypted part of ticket into OCTET STRING;
-        new_tkt.enc-part := encrypt OCTET STRING
-                using etype_for_key(server.key), server.key, server.p_kvno;
-
-        /* Start processing the response */
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_AS_REP;
-        resp.cname := req.cname;
-        resp.crealm := req.realm;
-        resp.ticket := new_tkt;
-
-        resp.key := new_tkt.session;
-        resp.last-req := fetch_last_request_info(client);
-        resp.nonce := req.nonce;
-        resp.key-expiration := client.expiration;
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        resp.realm := new_tkt.realm;
-        resp.sname := new_tkt.sname;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-        resp.caddr := new_tkt.caddr;
-
-        encode body of reply into OCTET STRING;
-
-        resp.enc-part := encrypt OCTET STRING
-                         using use_etype, client.key, client.p_kvno;
-        send(resp);
-
-A.3. KRB_AS_REP verification
-
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) then
-                        set pa_enc_timestamp_required;
-                        goto KRB_AS_REQ;
-                endif
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key */
-        /* from the response immediately */
-
-        key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
-                                 resp.padata);
-        unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and key;
-        zero(key);
-
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        if near(resp.princ_exp) then
-                print(warning message);
-        endif
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.4. KRB_AS_REP and KRB_TGS_REP common checks
-
-        if (decryption_error() or
-            (req.cname != resp.cname) or
-            (req.realm != resp.crealm) or
-            (req.sname != resp.sname) or
-            (req.realm != resp.realm) or
-            (req.nonce != resp.nonce) or
-            (req.addresses != resp.caddr)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        /* make sure no flags are set that shouldn't be, and that all that */
-        /* should be are set                                               */
-        if (!check_flags_for_compatability(req.kdc-options,resp.flags)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.from = 0) and
-            (resp.starttime is not within allowable skew)) then
-                destroy resp.key;
-                return KRB_AP_ERR_SKEW;
-        endif
-        if ((req.from != 0) and (req.from != resp.starttime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.till != 0) and (resp.endtime > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (resp.flags.RENEWABLE) and
-            (req.till != 0) and
-            (resp.renew-till > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-A.5. KRB_TGS_REQ generation
-
-        /* Note that make_application_request might have to recursivly     */
-        /* call this routine to get the appropriate ticket-granting ticket */
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-        body.kdc-options := users's preferences;
-        /* If the TGT is not for the realm of the end-server  */
-        /* then the sname will be for a TGT for the end-realm */
-        /* and the realm of the requested ticket (body.realm) */
-        /* will be that of the TGS to which the TGT we are    */
-        /* sending applies                                    */
-        body.sname := service's name;
-        body.realm := service's realm;
-
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-
-        body.enc-authorization-data := user-supplied data;
-        if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                body.additional-tickets_ticket := second TGT;
-        endif
-
-        request.req-body := body;
-        check := generate_checksum (req.body,checksumtype);
-
-        request.padata[0].padata-type := PA-TGS-REQ;
-        request.padata[0].padata-value := create a KRB_AP_REQ using
-                                      the TGT and checksum
-
-        /* add in any other padata as required/supplied */
-
-        kerberos := lookup(name of local kerberose server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
-
-        /* note that reading the application request requires first
-        determining the server for which a ticket was issued, and choosing the
-        correct key for decryption.  The name of the server appears in the
-        plaintext part of the ticket. */
-
-        if (no KRB_AP_REQ in req.padata) then
-                error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-        endif
-        verify KRB_AP_REQ in req.padata;
-
-        /* Note that the realm in which the Kerberos server is operating is
-        determined by the instance from the ticket-granting ticket.  The realm
-        in the ticket-granting ticket is the realm under which the ticket
-        granting ticket was issued.  It is possible for a single Kerberos
-        server to support more than one realm. */
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        auth_hdr := KRB_AP_REQ;
-        tgt := auth_hdr.ticket;
-
-        if (tgt.sname is not a TGT for local realm and is not req.sname) then
-                error_out(KRB_AP_ERR_NOT_US);
-
-        realm := realm_tgt_is_for(tgt);
-
-        decode remainder of request;
-
-        if (auth_hdr.authenticator.cksum is missing) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-        if (auth_hdr.authenticator.cksum type is not supported) then
-                error_out(KDC_ERR_SUMTYPE_NOSUPP);
-        endif
-        if (auth_hdr.authenticator.cksum is not both collision-proof and keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-        set computed_checksum := checksum(req);
-        if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        server := lookup(req.sname,realm);
-
-        if (!server) then
-                if (is_foreign_tgt_name(req.sname)) then
-                        server := best_intermediate_tgs(req.sname);
-                else
-                        /* no server in Database */
-                        error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-                endif
-        endif
-
-        session := generate_random_session_key();
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := realm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        new_tkt.caddr := tgt.caddr;
-        resp.caddr := NULL; /* We only include this if they change */
-        if (req.kdc-options.FORWARDABLE is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.FORWARDED is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDED;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-        if (tgt.flags.FORWARDED is set) then
-                set new_tkt.flags.FORWARDED;
-        endif
-
-        if (req.kdc-options.PROXIABLE is set) then
-                if (tgt.flags.PROXIABLE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXIABLE;
-        endif
-        if (req.kdc-options.PROXY is set) then
-                if (tgt.flags.PROXIABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXY;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                if (tgt.flags.MAY-POSTDATE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if (req.kdc-options.POSTDATED is set) then
-                if (tgt.flags.MAY-POSTDATE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                if (against_postdate_policy(req.from)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                new_tkt.starttime := req.from;
-        endif
-
-        if (req.kdc-options.VALIDATE is set) then
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                if (tgt.flags.INVALID is reset) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                if (tgt.starttime > kdc_time) then
-                        error_out(KRB_AP_ERR_NYV);
-                endif
-                if (check_hot_list(tgt)) then
-                        error_out(KRB_AP_ERR_REPEAT);
-                endif
-                tkt := tgt;
-                reset new_tkt.flags.INVALID;
-        endif
-
-        if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                             and those already processed) is set) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.authtime := tgt.authtime;
-
-        if (req.kdc-options.RENEW is set) then
-          /* Note that if the endtime has already passed, the ticket would  */
-          /* have been rejected in the initial authentication stage, so     */
-          /* there is no need to check again here                           */
-                if (tgt.flags.RENEWABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                if (tgt.renew-till < kdc_time) then
-                        error_out(KRB_AP_ERR_TKT_EXPIRED);
-                endif
-                tkt := tgt;
-                new_tkt.starttime := kdc_time;
-                old_life := tgt.endttime - tgt.starttime;
-                new_tkt.endtime := min(tgt.renew-till,
-                                       new_tkt.starttime + old_life);
-        else
-                new_tkt.starttime := kdc_time;
-                if (req.till = 0) then
-                        till := infinity;
-                else
-                        till := req.till;
-                endif
-                new_tkt.endtime := min(till,
-                                       new_tkt.starttime+client.max_life,
-                                       new_tkt.starttime+server.max_life,
-                                       new_tkt.starttime+max_life_for_realm,
-                                       tgt.endtime);
-
-                if ((req.kdc-options.RENEWABLE-OK is set) and
-                    (new_tkt.endtime < req.till) and
-                    (tgt.flags.RENEWABLE is set) then
-                        /* we set the RENEWABLE option for later processing */
-                        set req.kdc-options.RENEWABLE;
-                        req.rtime := min(req.till, tgt.renew-till);
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                endif
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (tgt.flags.RENEWABLE is set)) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-                                          new_tkt.starttime+client.max_rlife,
-                                          new_tkt.starttime+server.max_rlife,
-                                          new_tkt.starttime+max_rlife_for_realm,
-                                          tgt.renew-till);
-        else
-                new_tkt.renew-till := OMIT; /* leave the renew-till field out */
-        endif
-        if (req.enc-authorization-data is present) then
-                decrypt req.enc-authorization-data into decrypted_authorization_data
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                endif
-        endif
-        new_tkt.authorization_data := req.auth_hdr.ticket.authorization_data +
-                                 decrypted_authorization_data;
-
-        new_tkt.key := session;
-        new_tkt.crealm := tgt.crealm;
-        new_tkt.cname := req.auth_hdr.ticket.cname;
-
-        if (realm_tgt_is_for(tgt) := tgt.realm) then
-                /* tgt issued by local realm */
-                new_tkt.transited := tgt.transited;
-        else
-                /* was issued for this realm by some other realm */
-                if (tgt.transited.tr-type not supported) then
-                        error_out(KDC_ERR_TRTYPE_NOSUPP);
-                endif
-                new_tkt.transited := compress_transited(tgt.transited + tgt.realm)
-                /* Don't check tranited field if TGT for foreign realm,
-                 * or requested not to check */
-                if (is_not_foreign_tgt_name(new_tkt.server)
-                   && req.kdc-options.DISABLE-TRANSITED-CHECK not set) then
-                        /* Check it, so end-server does not have to
-                         * but don't fail, end-server may still accept it */
-                        if (check_transited_field(new_tkt.transited) == OK)
-                              set new_tkt.flags.TRANSITED-POLICY-CHECKED;
-                        endif
-                endif
-        endif
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-        encode encrypted part of new_tkt into OCTET STRING;
-        if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                if (server not specified) then
-                        server = req.second_ticket.client;
-                endif
-                if ((req.second_ticket is not a TGT) or
-                    (req.second_ticket.client != server)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-
-                new_tkt.enc-part := encrypt OCTET STRING using
-                        using etype_for_key(second-ticket.key), second-ticket.key;
-        else
-                new_tkt.enc-part := encrypt OCTET STRING
-                        using etype_for_key(server.key), server.key, server.p_kvno;
-        endif
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_TGS_REP;
-        resp.crealm := tgt.crealm;
-        resp.cname := tgt.cname;
-        resp.ticket := new_tkt;
-
-        resp.key := session;
-        resp.nonce := req.nonce;
-        resp.last-req := fetch_last_request_info(client);
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        omit resp.key-expiration;
-
-        resp.sname := new_tkt.sname;
-        resp.realm := new_tkt.realm;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        encode body of reply into OCTET STRING;
-
-        if (req.padata.authenticator.subkey)
-                resp.enc-part := encrypt OCTET STRING using use_etype,
-                        req.padata.authenticator.subkey;
-        else resp.enc-part := encrypt OCTET STRING using use_etype, tgt.key;
-
-        send(resp);
-
-A.7. KRB_TGS_REP verification
-
-        decode response into resp;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-        if (resp.msg-type = KRB_ERROR) then
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key from
-        the response immediately */
-
-        if (req.padata.authenticator.subkey)
-                unencrypted part of resp := decode of decrypt of resp.enc-part
-                        using resp.enc-part.etype and subkey;
-        else unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and tgt's session key;
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        check authorization_data as necessary;
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.8. Authenticator generation
-
-        body.authenticator-vno := authenticator vno; /* = 5 */
-        body.cname, body.crealm := client name;
-        if (supplying checksum) then
-                body.cksum := checksum;
-        endif
-        get system_time;
-        body.ctime, body.cusec := system_time;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-A.9. KRB_AP_REQ generation
-
-        obtain ticket and session_key from cache;
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REQ */
-
-        if (desired(MUTUAL_AUTHENTICATION)) then
-                set packet.ap-options.MUTUAL-REQUIRED;
-        else
-                reset packet.ap-options.MUTUAL-REQUIRED;
-        endif
-        if (using session key for ticket) then
-                set packet.ap-options.USE-SESSION-KEY;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        else
-                reset packet.ap-options.USE-SESSION-KEY;
-        endif
-        packet.ticket := ticket; /* ticket */
-        generate authenticator;
-        encode authenticator into OCTET STRING;
-        encrypt OCTET STRING into packet.authenticator using session_key;
-
-A.10. KRB_AP_REQ verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REQ) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.ticket.tkt_vno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.ap_options.USE-SESSION-KEY is set) then
-                retrieve session key from ticket-granting ticket for
-                 packet.ticket.{sname,srealm,enc-part.etype};
-        else
-                retrieve service key for
-                 packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno};
-        endif
-        if (no_key_available) then
-                if (cannot_find_specified_skvno) then
-                        error_out(KRB_AP_ERR_BADKEYVER);
-                else
-                        error_out(KRB_AP_ERR_NOKEY);
-                endif
-        endif
-        decrypt packet.ticket.enc-part into decr_ticket using retrieved key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        decrypt packet.authenticator into decr_authenticator
-                using decr_ticket.key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (decr_authenticator.{cname,crealm} !=
-            decr_ticket.{cname,crealm}) then
-                error_out(KRB_AP_ERR_BADMATCH);
-        endif
-        if (decr_ticket.caddr is present) then
-                if (sender_address(packet) is not in decr_ticket.caddr) then
-                        error_out(KRB_AP_ERR_BADADDR);
-                endif
-        elseif (application requires addresses) then
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(decr_authenticator.ctime,
-                              decr_authenticator.cusec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(decr_authenticator.{ctime,cusec,cname,crealm})) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-        get system_time;
-        if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-            (decr_ticket.flags.INVALID is set)) then
-                /* it hasn't yet become valid */
-                error_out(KRB_AP_ERR_TKT_NYV);
-        endif
-        if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                error_out(KRB_AP_ERR_TKT_EXPIRED);
-        endif
-        if (decr_ticket.transited) then
-            /* caller may ignore the TRANSITED-POLICY-CHECKED and do
-             * check anyway */
-            if (decr_ticket.flags.TRANSITED-POLICY-CHECKED not set) then
-                 if (check_transited_field(decr_ticket.transited) then
-                      error_out(KDC_AP_PATH_NOT_ACCPETED);
-                 endif
-            endif
-        endif
-        /* caller must check decr_ticket.flags for any pertinent details */
-        return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-A.11. KRB_AP_REP generation
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REP */
-
-        body.ctime := packet.ctime;
-        body.cusec := packet.cusec;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part;
-
-A.12. KRB_AP_REP verification
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REP) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        cleartext := decrypt(packet.enc-part) using ticket's session key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (cleartext.ctime != authenticator.ctime) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.cusec != authenticator.cusec) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.subkey is present) then
-                save cleartext.subkey for future use;
-        endif
-        if (cleartext.seq-number is present) then
-                save cleartext.seq-number for future verifications;
-        endif
-        return(AUTHENTICATION_SUCCEEDED);
-
-A.13. KRB_SAFE generation
-
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_SAFE */
-
-        body.user-data := buffer; /* DATA */
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-        checksum.cksumtype := checksum type;
-        compute checksum over body;
-        checksum.checksum := checksum value; /* checksum.checksum */
-        packet.cksum := checksum;
-        packet.safe-body := body;
-
-A.14. KRB_SAFE verification
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_SAFE) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.checksum.cksumtype is not both collision-proof and keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-        if (safe_priv_common_checks_ok(packet)) then
-                set computed_checksum := checksum(packet.body);
-                if (computed_checksum != packet.checksum) then
-                        error_out(KRB_AP_ERR_MODIFIED);
-                endif
-                return (packet, PACKET_IS_GENUINE);
-        else
-                return common_checks_error;
-        endif
-
-A.15. KRB_SAFE and KRB_PRIV common checks
-
-        if (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (((packet.timestamp is present) and
-             (not in_clock_skew(packet.timestamp,packet.usec))) or
-            (packet.timestamp is not present and timestamp expected)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-
-        if (((packet.seq-number is present) and
-             ((not in_sequence(packet.seq-number)))) or
-            (packet.seq-number is not present and sequence expected)) then
-                error_out(KRB_AP_ERR_BADORDER);
-        endif
-        if (packet.timestamp not present and packet.seq-number not present)
-        then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        save_identifier(packet.{timestamp,usec,s-address},
-                        sender_principal(packet));
-
-        return PACKET_IS_OK;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-A.16. KRB_PRIV generation
-
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_PRIV */
-
-        packet.enc-part.etype := encryption type;
-
-        body.user-data := buffer;
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher;
-
-A.17. KRB_PRIV verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_PRIV) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-
-        if (safe_priv_common_checks_ok(cleartext)) then
-                return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
-        else
-                return common_checks_error;
-        endif
-
-A.18. KRB_CRED generation
-
-        invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_CRED */
-
-        for (tickets[n] in tickets to be forwarded) do
-                packet.tickets[n] = tickets[n].ticket;
-        done
-
-        packet.enc-part.etype := encryption type;
-
-        for (ticket[n] in tickets to be forwarded) do
-                body.ticket-info[n].key = tickets[n].session;
-                body.ticket-info[n].prealm = tickets[n].crealm;
-                body.ticket-info[n].pname = tickets[n].cname;
-                body.ticket-info[n].flags = tickets[n].flags;
-                body.ticket-info[n].authtime = tickets[n].authtime;
-                body.ticket-info[n].starttime = tickets[n].starttime;
-                body.ticket-info[n].endtime = tickets[n].endtime;
-                body.ticket-info[n].renew-till = tickets[n].renew-till;
-                body.ticket-info[n].srealm = tickets[n].srealm;
-                body.ticket-info[n].sname = tickets[n].sname;
-                body.ticket-info[n].caddr = tickets[n].caddr;
-        done
-
-        get system_time;
-        body.timestamp, body.usec := system_time;
-
-        if (using nonce) then
-                body.nonce := nonce;
-        endif
-
-        if (using s-address) then
-                body.s-address := sender host addresses;
-        endif
-        if (limited recipients) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher
-               using negotiated encryption key;
-
-A.19. KRB_CRED verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_CRED) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if ((packet.r-address is present or required) and
-           (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        if (packet.nonce is required or present) and
-           (packet.nonce != expected-nonce) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        for (ticket[n] in tickets that were forwarded) do
-                save_for_later(ticket[n],key[n],principal[n],
-                               server[n],times[n],flags[n]);
-        return
-
-A.20. KRB_ERROR generation
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_ERROR */
-
-        get system_time;
-        packet.stime, packet.susec := system_time;
-        packet.realm, packet.sname := server name;
-
-        if (client time available) then
-                packet.ctime, packet.cusec := client_time;
-        endif
-        packet.error-code := error code;
-        if (client name available) then
-                packet.cname, packet.crealm := client name;
-        endif
-        if (error text available) then
-                packet.e-text := error text;
-        endif
-        if (error data available) then
-                packet.e-data := error data;
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-        endif
-
-B. Definition of common authorization data elements
-
-This appendix contains the definitions of common authorization data
-elements. These common authorization data elements are recursivly defined,
-meaning the ad-data for these types will itself contain a sequence of
-authorization data whose interpretation is affected by the encapsulating
-element. Depending on the meaning of the encapsulating element, the
-encapsulated elements may be ignored, might be interpreted as issued
-directly by the KDC, or they might be stored in a separate plaintext part of
-the ticket. The types of the encapsulating elements are specified as part of
-the Kerberos specification ebcause the behavior based on these values should
-be understood across implementations whereas other elements need only be
-understood by the applications which they affect.
-
-In the definitions that follow, the value of the ad-type for the element
-will be specified in the subsection number, and the value of the ad-data
-will be as shown in the ASN.1 structure that follows the subsection heading.
-
-B.1. KDC Issued
-
-AD-KDCIssued   SEQUENCE {
-               ad-checksum[0]    Checksum,
-                i-realm[1]       Realm OPTIONAL,
-                i-sname[2]       PrincipalName OPTIONAL,
-               elements[3]       AuthorizationData.
-}
-
-ad-checksum
-     A checksum over the elements field using a cryptographic checksum
-     method that is identical to the checksum used to protect the ticket
-     itself (i.e. using the same hash function and the same encryption
-     algorithm used to encrypt the ticket) and using a key derived from the
-     same key used to protect the ticket.
-i-realm, i-sname
-     The name of the issuing principal if different from the KDC itself.
-     This field would be used when the KDC can verify the authenticity of
-     elements signed by the issuing principal and it allows this KDC to
-     notify the application server of the validity of those elements.
-elements
-     A sequence of authorization data elements issued by the KDC.
-
-The KDC-issued ad-data field is intended to provide a means for Kerberos
-principal credentials to embed within themselves privilege attributes and
-other mechanisms for positive authorization, amplifying the priveleges of
-the principal beyond what can be done using a credentials without such an
-a-data element.
-
-This can not be provided without this element because the definition of the
-authorization-data field allows elements to be added at will by the bearer
-of a TGT at the time that they request service tickets and elements may also
-be added to a delegated ticket by inclusion in the authenticator.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-For KDC-issued elements this is prevented because the elements are signed by
-the KDC by including a checksum encrypted using the server's key (the same
-key used to encrypt the ticket - or a key derived from that key). Elements
-encapsulated with in the KDC-issued element will be ignored by the
-application server if this "signature" is not present. Further, elements
-encapsulated within this element from a ticket granting ticket may be
-interpreted by the KDC, and used as a basis according to policy for
-including new signed elements within derivative tickets, but they will not
-be copied to a derivative ticket directly. If they are copied directly to a
-derivative ticket by a KDC that is not aware of this element, the signature
-will not be correct for the application ticket elements, and the field will
-be ignored by the application server.
-
-This element and the elements it encapulates may be safely ignored by
-applications, application servers, and KDCs that do not implement this
-element.
-
-B.2. Intended for server
-
-AD-INTENDED-FOR-SERVER   SEQUENCE {
-         intended-server[0]     SEQUENCE OF PrincipalName
-         elements[1]            AuthorizationData
-}
-
-AD elements encapsulated within the intended-for-server element may be
-ignored if the application server is not in the list of principal names of
-intended servers. Further, a KDC issuing a ticket for an application server
-can remove this element if the application server is not in the list of
-intended servers.
-
-Application servers should check for their principal name in the
-intended-server field of this element. If their principal name is not found,
-this element should be ignored. If found, then the encapsulated elements
-should be evaluated in the same manner as if they were present in the top
-level authorization data field. Applications and application servers that do
-not implement this element should reject tickets that contain authorization
-data elements of this type.
-
-B.3. Intended for application class
-
-AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE { intended-application-class[0]
-SEQUENCE OF GeneralString elements[1] AuthorizationData } AD elements
-encapsulated within the intended-for-application-class element may be
-ignored if the application server is not in one of the named classes of
-application servers. Examples of application server classes include
-"FILESYSTEM", and other kinds of servers.
-
-This element and the elements it encapulates may be safely ignored by
-applications, application servers, and KDCs that do not implement this
-element.
-
-B.4. If relevant
-
-AD-IF-RELEVANT   AuthorizationData
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-AD elements encapsulated within the if-relevant element are intended for
-interpretation only by application servers that understand the particular
-ad-type of the embedded element. Application servers that do not understand
-the type of an element embedded within the if-relevant element may ignore
-the uninterpretable element. This element promotes interoperability across
-implementations which may have local extensions for authorization.
-
-B.5. And-Or
-
-AD-AND-OR           SEQUENCE {
-                        condition-count[0]    INTEGER,
-                        elements[1]           AuthorizationData
-}
-
-When restrictive AD elements encapsulated within the and-or element are
-encountered, only the number specified in condition-count of the
-encapsulated conditions must be met in order to satisfy this element. This
-element may be used to implement an "or" operation by setting the
-condition-count field to 1, and it may specify an "and" operation by setting
-the condition count to the number of embedded elements. Application servers
-that do not implement this element must reject tickets that contain
-authorization data elements of this type.
-
-B.6. Mandatory ticket extensions
-
-AD-Mandatory-Ticket-Extensions   Checksum
-
-An authorization data element of type mandatory-ticket-extensions specifies
-a collision-proof checksum using the same has angorithm used to protect the
-integrity of the ticket itself. This checksum will be calculated over the
-entire extensions field. If there are more than one extension, all will be
-covered by the checksum. This restriction indicates that the ticket should
-not be accepted if the checksum does not match that calculated over the
-ticket extensions. Application servers that do not implement this element
-must reject tickets that contain authorization data elements of this type.
-
-B.7. Authorization Data in ticket extensions
-
-AD-IN-Ticket-Extensions   Checksum
-
-An authorization data element of type in-ticket-extensions specifies a
-collision-proof checksum using the same has angorithm used to protect the
-integrity of the ticket itself. This checksum is calculated over a separate
-external AuthorizationData field carried in the ticket extensions.
-Application servers that do not implement this element must reject tickets
-that contain authorization data elements of this type. Application servers
-that do implement this element will search the ticket extensions for
-authorization data fields, calculate the specified checksum over each
-authorization data field and look for one matching the checksum in this
-in-ticket-extensions element. If not found, then the ticket must be
-rejected. If found, the corresponding authorization data elements will be
-interpreted in the same manner as if they were contained in the top level
-authorization data field.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-Note that if multiple external authorization data fields are present in a
-ticket, each will have a corresponding element of type in-ticket-extensions
-in the top level authorization data field, and the external entries will be
-linked to the corresponding element by their checksums.
-
-C. Definition of common ticket extensions
-
-This appendix contains the definitions of common ticket extensions. Support
-for these extensions is optional. However, certain extensions have
-associated authorization data elements that may require rejection of a
-ticket containing an extension by application servers that do not implement
-the particular extension. Other extensions have been defined beyond those
-described in this specification. Such extensions are described elswhere and
-for some of those extensions the reserved number may be found in the list of
-constants.
-
-It is known that older versions of Kerberos did not support this field, and
-that some clients will strip this field from a ticket when they parse and
-then reassemble a ticket as it is passed to the application servers. The
-presence of the extension will not break such clients, but any functionaly
-dependent on the extensions will not work when such tickets are handled by
-old clients. In such situations, some implementation may use alternate
-methods to transmit the information in the extensions field.
-
-C.1. Null ticket extension
-
-TE-NullExtension   OctetString -- The empty Octet String
-
-The te-data field in the null ticket extension is an octet string of lenght
-zero. This extension may be included in a ticket granting ticket so that the
-KDC can determine on presentation of the ticket granting ticket whether the
-client software will strip the extensions field.
-
-C.2. External Authorization Data
-
-TE-ExternalAuthorizationData   AuthorizationData
-
-The te-data field in the external authorization data ticket extension is
-field of type AuthorizationData containing one or more authorization data
-elements. If present, a corresponding authorization data element will be
-present in the primary authorization data for the ticket and that element
-will contain a checksum of the external authorization data ticket extension.
-----------------------------------------------------------------------------
-[TM] Project Athena, Athena, and Kerberos are trademarks of the
-Massachusetts Institute of Technology (MIT). No commercial use of these
-trademarks may be made without prior written permission of MIT.
-
-[1] Note, however, that many applications use Kerberos' functions only upon
-the initiation of a stream-based network connection. Unless an application
-subsequently provides integrity protection for the data stream, the identity
-verification applies only to the initiation of the connection, and does not
-guarantee that subsequent messages on the connection originate from the same
-principal.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-[2] Secret and private are often used interchangeably in the literature. In
-our usage, it takes two (or more) to share a secret, thus a shared DES key
-is a secret key. Something is only private when no one but its owner knows
-it. Thus, in public key cryptosystems, one has a public and a private key.
-
-[3] Of course, with appropriate permission the client could arrange
-registration of a separately-named prin- cipal in a remote realm, and engage
-in normal exchanges with that realm's services. However, for even small
-numbers of clients this becomes cumbersome, and more automatic methods as
-described here are necessary.
-
-[4] Though it is permissible to request or issue tick- ets with no network
-addresses specified.
-
-[5] The password-changing request must not be honored unless the requester
-can provide the old password (the user's current secret key). Otherwise, it
-would be possible for someone to walk up to an unattended ses- sion and
-change another user's password.
-
-[6] To authenticate a user logging on to a local system, the credentials
-obtained in the AS exchange may first be used in a TGS exchange to obtain
-credentials for a local server. Those credentials must then be verified by a
-local server through successful completion of the Client/Server exchange.
-
-[7] "Random" means that, among other things, it should be impossible to
-guess the next session key based on knowledge of past session keys. This can
-only be achieved in a pseudo-random number generator if it is based on
-cryptographic principles. It is more desirable to use a truly random number
-generator, such as one based on measurements of random physical phenomena.
-
-[8] Tickets contain both an encrypted and unencrypted portion, so cleartext
-here refers to the entire unit, which can be copied from one message and
-replayed in another without any cryptographic skill.
-
-[9] Note that this can make applications based on unreliable transports
-difficult to code correctly. If the transport might deliver duplicated
-messages, either a new authenticator must be generated for each retry, or
-the application server must match requests and replies and replay the first
-reply in response to a detected duplicate.
-
-[10] This is used for user-to-user authentication as described in [8].
-
-[11] Note that the rejection here is restricted to authenticators from the
-same principal to the same server. Other client principals communicating
-with the same server principal should not be have their authenticators
-rejected if the time and microsecond fields happen to match some other
-client's authenticator.
-
-[12] In the Kerberos version 4 protocol, the timestamp in the reply was the
-client's timestamp plus one. This is not necessary in version 5 because
-version 5 messages are formatted in such a way that it is not possible to
-create the reply by judicious message surgery (even in encrypted form)
-without knowledge of the appropriate encryption keys.
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-
-[13] Note that for encrypting the KRB_AP_REP message, the sub-session key is
-not used, even if present in the Authenticator.
-
-[14] Implementations of the protocol may wish to provide routines to choose
-subkeys based on session keys and random numbers and to generate a
-negotiated key to be returned in the KRB_AP_REP message.
-
-[15]This can be accomplished in several ways. It might be known beforehand
-(since the realm is part of the principal identifier), it might be stored in
-a nameserver, or it might be obtained from a configura- tion file. If the
-realm to be used is obtained from a nameserver, there is a danger of being
-spoofed if the nameservice providing the realm name is not authenti- cated.
-This might result in the use of a realm which has been compromised, and
-would result in an attacker's ability to compromise the authentication of
-the application server to the client.
-
-[16] If the client selects a sub-session key, care must be taken to ensure
-the randomness of the selected sub- session key. One approach would be to
-generate a random number and XOR it with the session key from the
-ticket-granting ticket.
-
-[17] This allows easy implementation of user-to-user authentication [8],
-which uses ticket-granting ticket session keys in lieu of secret server keys
-in situa- tions where such secret keys could be easily comprom- ised.
-
-[18] For the purpose of appending, the realm preceding the first listed
-realm is considered to be the null realm ("").
-
-[19] For the purpose of interpreting null subfields, the client's realm is
-considered to precede those in the transited field, and the server's realm
-is considered to follow them.
-
-[20] This means that a client and server running on the same host and
-communicating with one another using the KRB_SAFE messages should not share
-a common replay cache to detect KRB_SAFE replays.
-
-[21] The implementation of the Kerberos server need not combine the database
-and the server on the same machine; it is feasible to store the principal
-database in, say, a network name service, as long as the entries stored
-therein are protected from disclosure to and modification by unauthorized
-parties. However, we recommend against such strategies, as they can make
-system management and threat analysis quite complex.
-
-[22] See the discussion of the padata field in section 5.4.2 for details on
-why this can be useful.
-
-[23] Warning for implementations that unpack and repack data structures
-during the generation and verification of embedded checksums: Because any
-checksums applied to data structures must be checked against the original
-data the length of bit strings must be preserved within a data structure
-between the time that a checksum is generated through transmission to the
-time that the checksum is verified.
-
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-[24] It is NOT recommended that this time value be used to adjust the
-workstation's clock since the workstation cannot reliably determine that
-such a KRB_AS_REP actually came from the proper KDC in a timely manner.
-
-[25] Note, however, that if the time is used as the nonce, one must make
-sure that the workstation time is monotonically increasing. If the time is
-ever reset backwards, there is a small, but finite, probability that a nonce
-will be reused.
-
-[27] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[29] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[31] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[32] If supported by the encryption method in use, an initialization vector
-may be passed to the encryption procedure, in order to achieve proper cipher
-chaining. The initialization vector might come from the last block of the
-ciphertext from the previous KRB_PRIV message, but it is the application's
-choice whether or not to use such an initialization vector. If left out, the
-default initialization vector for the encryption algorithm will be used.
-
-[33] This prevents an attacker who generates an incorrect AS request from
-obtaining verifiable plaintext for use in an off-line password guessing
-attack.
-
-[35] In the above specification, UNTAGGED OCTET STRING(length) is the
-notation for an octet string with its tag and length removed. It is not a
-valid ASN.1 type. The tag bits and length must be removed from the
-confounder since the purpose of the confounder is so that the message starts
-with random data, but the tag and its length are fixed. For other fields,
-the length and tag would be redundant if they were included because they are
-specified by the encryption type. [36] The ordering of the fields in the
-CipherText is important. Additionally, messages encoded in this format must
-include a length as part of the msg-seq field. This allows the recipient to
-verify that the message has not been truncated. Without a length, an
-attacker could use a chosen plaintext attack to generate a message which
-could be truncated, while leaving the checksum intact. Note that if the
-msg-seq is an encoding of an ASN.1 SEQUENCE or OCTET STRING, then the length
-is part of that encoding.
-
-[37] In some cases, it may be necessary to use a different "mix-in" string
-for compatibility reasons; see the discussion of padata in section 5.4.2.
-
-[38] In some cases, it may be necessary to use a different "mix-in" string
-for compatibility reasons; see the discussion of padata in section 5.4.2.
-
-[39] A variant of the key is used to limit the use of a key to a particular
-function, separating the functions of generating a checksum from other
-encryption performed using the session key. The constant F0F0F0F0F0F0F0F0
-was chosen because it maintains key parity. The properties of DES precluded
-
-
-draft-ietf-cat-kerberos-r-01                        Expires 21 May 1998
-
-the use of the complement. The same constant is used for similar purpose in
-the Message Integrity Check in the Privacy Enhanced Mail standard.
-
-[40] This error carries additional information in the e- data field. The
-contents of the e-data field for this message is described in section 5.9.1.
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-03.txt
deleted file mode 100644
index 06d997d48cca..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-03.txt
+++ /dev/null
@@ -1,6766 +0,0 @@
-
-
-
-INTERNET-DRAFT                                          Clifford Neuman
-                                                              John Kohl
-                                                          Theodore Ts'o
-                                                    November 18th, 1998
-
-The Kerberos Network Authentication Service (V5)
-
-STATUS OF THIS MEMO
-
-This document is an Internet-Draft. Internet-Drafts are working documents
-of the Internet Engineering Task Force (IETF), its areas, and its working
-groups. Note that other groups may also distribute working documents as
-Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six months and
-may be updated, replaced, or obsoleted by other documents at any time. It
-is inappropriate to use Internet-Drafts as reference material or to cite
-them other than as 'work in progress.'
-
-To learn the current status of any Internet-Draft, please check the
-'1id-abstracts.txt' listing contained in the Internet-Drafts Shadow
-Directories on ftp.ietf.org (US East Coast), nic.nordu.net (Europe),
-ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
-
-The distribution of this memo is unlimited. It is filed as
-draft-ietf-cat-kerberos-revisions-03.txt, and expires May 18th, 1999. 
-Please send comments to: krb-protocol@MIT.EDU
-
-ABSTRACT
-
-This document provides an overview and specification of Version 5 of the
-Kerberos protocol, and updates RFC1510 to clarify aspects of the protocol
-and its intended use that require more detailed or clearer explanation than
-was provided in RFC1510. This document is intended to provide a detailed
-description of the protocol, suitable for implementation, together with
-descriptions of the appropriate use of protocol messages and fields within
-those messages.
-
-This document is not intended to describe Kerberos to the end user, system
-administrator, or application developer. Higher level papers describing
-Version 5 of the Kerberos system [NT94] and documenting version 4 [SNS88],
-are available elsewhere.
-
-OVERVIEW
-
-This INTERNET-DRAFT describes the concepts and model upon which the
-Kerberos network authentication system is based. It also specifies Version
-5 of the Kerberos protocol.
-
-The motivations, goals, assumptions, and rationale behind most design
-decisions are treated cursorily; they are more fully described in a paper
-available in IEEE communications [NT94] and earlier in the Kerberos portion
-of the Athena Technical Plan [MNSS87]. The protocols have been a proposed
-standard and are being considered for advancement for draft standard
-through the IETF standard process. Comments are encouraged on the
-presentation, but only minor refinements to the protocol as implemented or
-extensions that fit within current protocol framework will be considered at
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-this time.
-
-Requests for addition to an electronic mailing list for discussion of
-Kerberos, kerberos@MIT.EDU, may be addressed to kerberos-request@MIT.EDU.
-This mailing list is gatewayed onto the Usenet as the group
-comp.protocols.kerberos. Requests for further information, including
-documents and code availability, may be sent to info-kerberos@MIT.EDU.
-
-BACKGROUND
-
-The Kerberos model is based in part on Needham and Schroeder's trusted
-third-party authentication protocol [NS78] and on modifications suggested
-by Denning and Sacco [DS81]. The original design and implementation of
-Kerberos Versions 1 through 4 was the work of two former Project Athena
-staff members, Steve Miller of Digital Equipment Corporation and Clifford
-Neuman (now at the Information Sciences Institute of the University of
-Southern California), along with Jerome Saltzer, Technical Director of
-Project Athena, and Jeffrey Schiller, MIT Campus Network Manager. Many
-other members of Project Athena have also contributed to the work on
-Kerberos.
-
-Version 5 of the Kerberos protocol (described in this document) has evolved
-from Version 4 based on new requirements and desires for features not
-available in Version 4. The design of Version 5 of the Kerberos protocol
-was led by Clifford Neuman and John Kohl with much input from the
-community. The development of the MIT reference implementation was led at
-MIT by John Kohl and Theodore T'so, with help and contributed code from
-many others. Since RFC1510 was issued, extensions and revisions to the
-protocol have been proposed by many individuals. Some of these proposals
-are reflected in this document. Where such changes involved significant
-effort, the document cites the contribution of the proposer.
-
-Reference implementations of both version 4 and version 5 of Kerberos are
-publicly available and commercial implementations have been developed and
-are widely used. Details on the differences between Kerberos Versions 4 and
-5 can be found in [KNT92].
-
-1. Introduction
-
-Kerberos provides a means of verifying the identities of principals, (e.g.
-a workstation user or a network server) on an open (unprotected) network.
-This is accomplished without relying on assertions by the host operating
-system, without basing trust on host addresses, without requiring physical
-security of all the hosts on the network, and under the assumption that
-packets traveling along the network can be read, modified, and inserted at
-will[1]. Kerberos performs authentication under these conditions as a
-trusted third-party authentication service by using conventional (shared
-secret key [2] cryptography. Kerberos extensions have been proposed and
-implemented that provide for the use of public key cryptography during
-certain phases of the authentication protocol. These extensions provide for
-authentication of users registered with public key certification
-authorities, and allow the system to provide certain benefits of public key
-cryptography in situations where they are needed.
-
-The basic Kerberos authentication process proceeds as follows: A client
-sends a request to the authentication server (AS) requesting 'credentials'
-for a given server. The AS responds with these credentials, encrypted in
-the client's key. The credentials consist of 1) a 'ticket' for the server
-and 2) a temporary encryption key (often called a "session key"). The
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-client transmits the ticket (which contains the client's identity and a
-copy of the session key, all encrypted in the server's key) to the server.
-The session key (now shared by the client and server) is used to
-authenticate the client, and may optionally be used to authenticate the
-server. It may also be used to encrypt further communication between the
-two parties or to exchange a separate sub-session key to be used to encrypt
-further communication.
-
-Implementation of the basic protocol consists of one or more authentication
-servers running on physically secure hosts. The authentication servers
-maintain a database of principals (i.e., users and servers) and their
-secret keys. Code libraries provide encryption and implement the Kerberos
-protocol. In order to add authentication to its transactions, a typical
-network application adds one or two calls to the Kerberos library directly
-or through the Generic Security Services Application Programming Interface,
-GSSAPI, described in separate document. These calls result in the
-transmission of the necessary messages to achieve authentication.
-
-The Kerberos protocol consists of several sub-protocols (or exchanges).
-There are two basic methods by which a client can ask a Kerberos server for
-credentials. In the first approach, the client sends a cleartext request
-for a ticket for the desired server to the AS. The reply is sent encrypted
-in the client's secret key. Usually this request is for a ticket-granting
-ticket (TGT) which can later be used with the ticket-granting server (TGS).
-In the second method, the client sends a request to the TGS. The client
-uses the TGT to authenticate itself to the TGS in the same manner as if it
-were contacting any other application server that requires Kerberos
-authentication. The reply is encrypted in the session key from the TGT.
-Though the protocol specification describes the AS and the TGS as separate
-servers, they are implemented in practice as different protocol entry
-points within a single Kerberos server.
-
-Once obtained, credentials may be used to verify the identity of the
-principals in a transaction, to ensure the integrity of messages exchanged
-between them, or to preserve privacy of the messages. The application is
-free to choose whatever protection may be necessary.
-
-To verify the identities of the principals in a transaction, the client
-transmits the ticket to the application server. Since the ticket is sent
-"in the clear" (parts of it are encrypted, but this encryption doesn't
-thwart replay) and might be intercepted and reused by an attacker,
-additional information is sent to prove that the message originated with
-the principal to whom the ticket was issued. This information (called the
-authenticator) is encrypted in the session key, and includes a timestamp.
-The timestamp proves that the message was recently generated and is not a
-replay. Encrypting the authenticator in the session key proves that it was
-generated by a party possessing the session key. Since no one except the
-requesting principal and the server know the session key (it is never sent
-over the network in the clear) this guarantees the identity of the client.
-
-The integrity of the messages exchanged between principals can also be
-guaranteed using the session key (passed in the ticket and contained in the
-credentials). This approach provides detection of both replay attacks and
-message stream modification attacks. It is accomplished by generating and
-transmitting a collision-proof checksum (elsewhere called a hash or digest
-function) of the client's message, keyed with the session key. Privacy and
-integrity of the messages exchanged between principals can be secured by
-encrypting the data to be passed using the session key contained in the
-ticket or the subsession key found in the authenticator.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-The authentication exchanges mentioned above require read-only access to
-the Kerberos database. Sometimes, however, the entries in the database must
-be modified, such as when adding new principals or changing a principal's
-key. This is done using a protocol between a client and a third Kerberos
-server, the Kerberos Administration Server (KADM). There is also a protocol
-for maintaining multiple copies of the Kerberos database. Neither of these
-protocols are described in this document.
-
-1.1. Cross-Realm Operation
-
-The Kerberos protocol is designed to operate across organizational
-boundaries. A client in one organization can be authenticated to a server
-in another. Each organization wishing to run a Kerberos server establishes
-its own 'realm'. The name of the realm in which a client is registered is
-part of the client's name, and can be used by the end-service to decide
-whether to honor a request.
-
-By establishing 'inter-realm' keys, the administrators of two realms can
-allow a client authenticated in the local realm to prove its identity to
-servers in other realms[3]. The exchange of inter-realm keys (a separate
-key may be used for each direction) registers the ticket-granting service
-of each realm as a principal in the other realm. A client is then able to
-obtain a ticket-granting ticket for the remote realm's ticket-granting
-service from its local realm. When that ticket-granting ticket is used, the
-remote ticket-granting service uses the inter-realm key (which usually
-differs from its own normal TGS key) to decrypt the ticket-granting ticket,
-and is thus certain that it was issued by the client's own TGS. Tickets
-issued by the remote ticket-granting service will indicate to the
-end-service that the client was authenticated from another realm.
-
-A realm is said to communicate with another realm if the two realms share
-an inter-realm key, or if the local realm shares an inter-realm key with an
-intermediate realm that communicates with the remote realm. An
-authentication path is the sequence of intermediate realms that are
-transited in communicating from one realm to another.
-
-Realms are typically organized hierarchically. Each realm shares a key with
-its parent and a different key with each child. If an inter-realm key is
-not directly shared by two realms, the hierarchical organization allows an
-authentication path to be easily constructed. If a hierarchical
-organization is not used, it may be necessary to consult a database in
-order to construct an authentication path between realms.
-
-Although realms are typically hierarchical, intermediate realms may be
-bypassed to achieve cross-realm authentication through alternate
-authentication paths (these might be established to make communication
-between two realms more efficient). It is important for the end-service to
-know which realms were transited when deciding how much faith to place in
-the authentication process. To facilitate this decision, a field in each
-ticket contains the names of the realms that were involved in
-authenticating the client.
-
-The application server is ultimately responsible for accepting or rejecting
-authentication and should check the transited field. The application server
-may choose to rely on the KDC for the application server's realm to check
-the transited field. The application server's KDC will set the
-TRANSITED-POLICY-CHECKED flag in this case. The KDC's for intermediate
-realms may also check the transited field as they issue
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-ticket-granting-tickets for other realms, but they are encouraged not to do
-so. A client may request that the KDC's not check the transited field by
-setting the DISABLE-TRANSITED-CHECK flag. KDC's are encouraged but not
-required to honor this flag.
-
-1.2. Authorization
-
-As an authentication service, Kerberos provides a means of verifying the
-identity of principals on a network. Authentication is usually useful
-primarily as a first step in the process of authorization, determining
-whether a client may use a service, which objects the client is allowed to
-access, and the type of access allowed for each. Kerberos does not, by
-itself, provide authorization. Possession of a client ticket for a service
-provides only for authentication of the client to that service, and in the
-absence of a separate authorization procedure, it should not be considered
-by an application as authorizing the use of that service.
-
-Such separate authorization methods may be implemented as application
-specific access control functions and may be based on files such as the
-application server, or on separately issued authorization credentials such
-as those based on proxies [Neu93] , or on other authorization services.
-
-Applications should not be modified to accept the issuance of a service
-ticket by the Kerberos server (even by an modified Kerberos server) as
-granting authority to use the service, since such applications may become
-vulnerable to the bypass of this authorization check in an environment if
-they interoperate with other KDCs or where other options for application
-authentication (e.g. the PKTAPP proposal) are provided.
-
-1.3. Environmental assumptions
-
-Kerberos imposes a few assumptions on the environment in which it can
-properly function:
-
-   * 'Denial of service' attacks are not solved with Kerberos. There are
-     places in these protocols where an intruder can prevent an application
-     from participating in the proper authentication steps. Detection and
-     solution of such attacks (some of which can appear to be nnot-uncommon
-     'normal' failure modes for the system) is usually best left to the
-     human administrators and users.
-   * Principals must keep their secret keys secret. If an intruder somehow
-     steals a principal's key, it will be able to masquerade as that
-     principal or impersonate any server to the legitimate principal.
-   * 'Password guessing' attacks are not solved by Kerberos. If a user
-     chooses a poor password, it is possible for an attacker to
-     successfully mount an offline dictionary attack by repeatedly
-     attempting to decrypt, with successive entries from a dictionary,
-     messages obtained which are encrypted under a key derived from the
-     user's password.
-   * Each host on the network must have a clock which is 'loosely
-     synchronized' to the time of the other hosts; this synchronization is
-     used to reduce the bookkeeping needs of application servers when they
-     do replay detection. The degree of "looseness" can be configured on a
-     per-server basis, but is typically on the order of 5 minutes. If the
-     clocks are synchronized over the network, the clock synchronization
-     protocol must itself be secured from network attackers.
-   * Principal identifiers are not recycled on a short-term basis. A
-     typical mode of access control will use access control lists (ACLs) to
-     grant permissions to particular principals. If a stale ACL entry
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     remains for a deleted principal and the principal identifier is
-     reused, the new principal will inherit rights specified in the stale
-     ACL entry. By not re-using principal identifiers, the danger of
-     inadvertent access is removed.
-
-1.4. Glossary of terms
-
-Below is a list of terms used throughout this document.
-
-Authentication
-     Verifying the claimed identity of a principal.
-Authentication header
-     A record containing a Ticket and an Authenticator to be presented to a
-     server as part of the authentication process.
-Authentication path
-     A sequence of intermediate realms transited in the authentication
-     process when communicating from one realm to another.
-Authenticator
-     A record containing information that can be shown to have been
-     recently generated using the session key known only by the client and
-     server.
-Authorization
-     The process of determining whether a client may use a service, which
-     objects the client is allowed to access, and the type of access
-     allowed for each.
-Capability
-     A token that grants the bearer permission to access an object or
-     service. In Kerberos, this might be a ticket whose use is restricted
-     by the contents of the authorization data field, but which lists no
-     network addresses, together with the session key necessary to use the
-     ticket.
-Ciphertext
-     The output of an encryption function. Encryption transforms plaintext
-     into ciphertext.
-Client
-     A process that makes use of a network service on behalf of a user.
-     Note that in some cases a Server may itself be a client of some other
-     server (e.g. a print server may be a client of a file server).
-Credentials
-     A ticket plus the secret session key necessary to successfully use
-     that ticket in an authentication exchange.
-KDC
-     Key Distribution Center, a network service that supplies tickets and
-     temporary session keys; or an instance of that service or the host on
-     which it runs. The KDC services both initial ticket and
-     ticket-granting ticket requests. The initial ticket portion is
-     sometimes referred to as the Authentication Server (or service). The
-     ticket-granting ticket portion is sometimes referred to as the
-     ticket-granting server (or service).
-Kerberos
-     Aside from the 3-headed dog guarding Hades, the name given to Project
-     Athena's authentication service, the protocol used by that service, or
-     the code used to implement the authentication service.
-Plaintext
-     The input to an encryption function or the output of a decryption
-     function. Decryption transforms ciphertext into plaintext.
-Principal
-     A uniquely named client or server instance that participates in a
-     network communication.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-Principal identifier
-     The name used to uniquely identify each different principal.
-Seal
-     To encipher a record containing several fields in such a way that the
-     fields cannot be individually replaced without either knowledge of the
-     encryption key or leaving evidence of tampering.
-Secret key
-     An encryption key shared by a principal and the KDC, distributed
-     outside the bounds of the system, with a long lifetime. In the case of
-     a human user's principal, the secret key is derived from a password.
-Server
-     A particular Principal which provides a resource to network clients.
-     The server is sometimes refered to as the Application Server.
-Service
-     A resource provided to network clients; often provided by more than
-     one server (for example, remote file service).
-Session key
-     A temporary encryption key used between two principals, with a
-     lifetime limited to the duration of a single login "session".
-Sub-session key
-     A temporary encryption key used between two principals, selected and
-     exchanged by the principals using the session key, and with a lifetime
-     limited to the duration of a single association.
-Ticket
-     A record that helps a client authenticate itself to a server; it
-     contains the client's identity, a session key, a timestamp, and other
-     information, all sealed using the server's secret key. It only serves
-     to authenticate a client when presented along with a fresh
-     Authenticator.
-
-2. Ticket flag uses and requests
-
-Each Kerberos ticket contains a set of flags which are used to indicate
-various attributes of that ticket. Most flags may be requested by a client
-when the ticket is obtained; some are automatically turned on and off by a
-Kerberos server as required. The following sections explain what the
-various flags mean, and gives examples of reasons to use such a flag.
-
-2.1. Initial and pre-authenticated tickets
-
-The INITIAL flag indicates that a ticket was issued using the AS protocol
-and not issued based on a ticket-granting ticket. Application servers that
-want to require the demonstrated knowledge of a client's secret key (e.g. a
-password-changing program) can insist that this flag be set in any tickets
-they accept, and thus be assured that the client's key was recently
-presented to the application client.
-
-The PRE-AUTHENT and HW-AUTHENT flags provide addition information about the
-initial authentication, regardless of whether the current ticket was issued
-directly (in which case INITIAL will also be set) or issued on the basis of
-a ticket-granting ticket (in which case the INITIAL flag is clear, but the
-PRE-AUTHENT and HW-AUTHENT flags are carried forward from the
-ticket-granting ticket).
-
-2.2. Invalid tickets
-
-The INVALID flag indicates that a ticket is invalid. Application servers
-must reject tickets which have this flag set. A postdated ticket will
-usually be issued in this form. Invalid tickets must be validated by the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-KDC before use, by presenting them to the KDC in a TGS request with the
-VALIDATE option specified. The KDC will only validate tickets after their
-starttime has passed. The validation is required so that postdated tickets
-which have been stolen before their starttime can be rendered permanently
-invalid (through a hot-list mechanism) (see section 3.3.3.1).
-
-2.3. Renewable tickets
-
-Applications may desire to hold tickets which can be valid for long periods
-of time. However, this can expose their credentials to potential theft for
-equally long periods, and those stolen credentials would be valid until the
-expiration time of the ticket(s). Simply using short-lived tickets and
-obtaining new ones periodically would require the client to have long-term
-access to its secret key, an even greater risk. Renewable tickets can be
-used to mitigate the consequences of theft. Renewable tickets have two
-"expiration times": the first is when the current instance of the ticket
-expires, and the second is the latest permissible value for an individual
-expiration time. An application client must periodically (i.e. before it
-expires) present a renewable ticket to the KDC, with the RENEW option set
-in the KDC request. The KDC will issue a new ticket with a new session key
-and a later expiration time. All other fields of the ticket are left
-unmodified by the renewal process. When the latest permissible expiration
-time arrives, the ticket expires permanently. At each renewal, the KDC may
-consult a hot-list to determine if the ticket had been reported stolen
-since its last renewal; it will refuse to renew such stolen tickets, and
-thus the usable lifetime of stolen tickets is reduced.
-
-The RENEWABLE flag in a ticket is normally only interpreted by the
-ticket-granting service (discussed below in section 3.3). It can usually be
-ignored by application servers. However, some particularly careful
-application servers may wish to disallow renewable tickets.
-
-If a renewable ticket is not renewed by its expiration time, the KDC will
-not renew the ticket. The RENEWABLE flag is reset by default, but a client
-may request it be set by setting the RENEWABLE option in the KRB_AS_REQ
-message. If it is set, then the renew-till field in the ticket contains the
-time after which the ticket may not be renewed.
-
-2.4. Postdated tickets
-
-Applications may occasionally need to obtain tickets for use much later,
-e.g. a batch submission system would need tickets to be valid at the time
-the batch job is serviced. However, it is dangerous to hold valid tickets
-in a batch queue, since they will be on-line longer and more prone to
-theft. Postdated tickets provide a way to obtain these tickets from the KDC
-at job submission time, but to leave them "dormant" until they are
-activated and validated by a further request of the KDC. If a ticket theft
-were reported in the interim, the KDC would refuse to validate the ticket,
-and the thief would be foiled.
-
-The MAY-POSTDATE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. This
-flag must be set in a ticket-granting ticket in order to issue a postdated
-ticket based on the presented ticket. It is reset by default; it may be
-requested by a client by setting the ALLOW-POSTDATE option in the
-KRB_AS_REQ message. This flag does not allow a client to obtain a postdated
-ticket-granting ticket; postdated ticket-granting tickets can only by
-obtained by requesting the postdating in the KRB_AS_REQ message. The life
-(endtime-starttime) of a postdated ticket will be the remaining life of the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-ticket-granting ticket at the time of the request, unless the RENEWABLE
-option is also set, in which case it can be the full life
-(endtime-starttime) of the ticket-granting ticket. The KDC may limit how
-far in the future a ticket may be postdated.
-
-The POSTDATED flag indicates that a ticket has been postdated. The
-application server can check the authtime field in the ticket to see when
-the original authentication occurred. Some services may choose to reject
-postdated tickets, or they may only accept them within a certain period
-after the original authentication. When the KDC issues a POSTDATED ticket,
-it will also be marked as INVALID, so that the application client must
-present the ticket to the KDC to be validated before use.
-
-2.5. Proxiable and proxy tickets
-
-At times it may be necessary for a principal to allow a service to perform
-an operation on its behalf. The service must be able to take on the
-identity of the client, but only for a particular purpose. A principal can
-allow a service to take on the principal's identity for a particular
-purpose by granting it a proxy.
-
-The process of granting a proxy using the proxy and proxiable flags is used
-to provide credentials for use with specific services. Though conceptually
-also a proxy, user's wishing to delegate their identity for ANY purpose
-must use the ticket forwarding mechanism described in the next section to
-forward a ticket granting ticket.
-
-The PROXIABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. When
-set, this flag tells the ticket-granting server that it is OK to issue a
-new ticket (but not a ticket-granting ticket) with a different network
-address based on this ticket. This flag is set if requested by the client
-on initial authentication. By default, the client will request that it be
-set when requesting a ticket granting ticket, and reset when requesting any
-other ticket.
-
-This flag allows a client to pass a proxy to a server to perform a remote
-request on its behalf, e.g. a print service client can give the print
-server a proxy to access the client's files on a particular file server in
-order to satisfy a print request.
-
-In order to complicate the use of stolen credentials, Kerberos tickets are
-usually valid from only those network addresses specifically included in
-the ticket[4]. When granting a proxy, the client must specify the new
-network address from which the proxy is to be used, or indicate that the
-proxy is to be issued for use from any address.
-
-The PROXY flag is set in a ticket by the TGS when it issues a proxy ticket.
-Application servers may check this flag and at their option they may
-require additional authentication from the agent presenting the proxy in
-order to provide an audit trail.
-
-2.6. Forwardable tickets
-
-Authentication forwarding is an instance of a proxy where the service is
-granted complete use of the client's identity. An example where it might be
-used is when a user logs in to a remote system and wants authentication to
-work from that system as if the login were local.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-The FORWARDABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. The
-FORWARDABLE flag has an interpretation similar to that of the PROXIABLE
-flag, except ticket-granting tickets may also be issued with different
-network addresses. This flag is reset by default, but users may request
-that it be set by setting the FORWARDABLE option in the AS request when
-they request their initial ticket- granting ticket.
-
-This flag allows for authentication forwarding without requiring the user
-to enter a password again. If the flag is not set, then authentication
-forwarding is not permitted, but the same result can still be achieved if
-the user engages in the AS exchange specifying the requested network
-addresses and supplies a password.
-
-The FORWARDED flag is set by the TGS when a client presents a ticket with
-the FORWARDABLE flag set and requests a forwarded ticket by specifying the
-FORWARDED KDC option and supplying a set of addresses for the new ticket.
-It is also set in all tickets issued based on tickets with the FORWARDED
-flag set. Application servers may choose to process FORWARDED tickets
-differently than non-FORWARDED tickets.
-
-2.7. Other KDC options
-
-There are two additional options which may be set in a client's request of
-the KDC. The RENEWABLE-OK option indicates that the client will accept a
-renewable ticket if a ticket with the requested life cannot otherwise be
-provided. If a ticket with the requested life cannot be provided, then the
-KDC may issue a renewable ticket with a renew-till equal to the the
-requested endtime. The value of the renew-till field may still be adjusted
-by site-determined limits or limits imposed by the individual principal or
-server.
-
-The ENC-TKT-IN-SKEY option is honored only by the ticket-granting service.
-It indicates that the ticket to be issued for the end server is to be
-encrypted in the session key from the a additional second ticket-granting
-ticket provided with the request. See section 3.3.3 for specific details.
-
-3. Message Exchanges
-
-The following sections describe the interactions between network clients
-and servers and the messages involved in those exchanges.
-
-3.1. The Authentication Service Exchange
-
-                          Summary
-      Message direction       Message type    Section
-      1. Client to Kerberos   KRB_AS_REQ      5.4.1
-      2. Kerberos to client   KRB_AS_REP or   5.4.2
-                              KRB_ERROR       5.9.1
-
-The Authentication Service (AS) Exchange between the client and the
-Kerberos Authentication Server is initiated by a client when it wishes to
-obtain authentication credentials for a given server but currently holds no
-credentials. In its basic form, the client's secret key is used for
-encryption and decryption. This exchange is typically used at the
-initiation of a login session to obtain credentials for a Ticket-Granting
-Server which will subsequently be used to obtain credentials for other
-servers (see section 3.3) without requiring further use of the client's
-secret key. This exchange is also used to request credentials for services
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-which must not be mediated through the Ticket-Granting Service, but rather
-require a principal's secret key, such as the password-changing service[5].
-This exchange does not by itself provide any assurance of the the identity
-of the user[6].
-
-The exchange consists of two messages: KRB_AS_REQ from the client to
-Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these
-messages are described in sections 5.4.1, 5.4.2, and 5.9.1.
-
-In the request, the client sends (in cleartext) its own identity and the
-identity of the server for which it is requesting credentials. The
-response, KRB_AS_REP, contains a ticket for the client to present to the
-server, and a session key that will be shared by the client and the server.
-The session key and additional information are encrypted in the client's
-secret key. The KRB_AS_REP message contains information which can be used
-to detect replays, and to associate it with the message to which it
-replies. Various errors can occur; these are indicated by an error response
-(KRB_ERROR) instead of the KRB_AS_REP response. The error message is not
-encrypted. The KRB_ERROR message contains information which can be used to
-associate it with the message to which it replies. The lack of encryption
-in the KRB_ERROR message precludes the ability to detect replays,
-fabrications, or modifications of such messages.
-
-Without preautentication, the authentication server does not know whether
-the client is actually the principal named in the request. It simply sends
-a reply without knowing or caring whether they are the same. This is
-acceptable because nobody but the principal whose identity was given in the
-request will be able to use the reply. Its critical information is
-encrypted in that principal's key. The initial request supports an optional
-field that can be used to pass additional information that might be needed
-for the initial exchange. This field may be used for preauthentication as
-described in section [hl<>].
-
-3.1.1. Generation of KRB_AS_REQ message
-
-The client may specify a number of options in the initial request. Among
-these options are whether pre-authentication is to be performed; whether
-the requested ticket is to be renewable, proxiable, or forwardable; whether
-it should be postdated or allow postdating of derivative tickets; and
-whether a renewable ticket will be accepted in lieu of a non-renewable
-ticket if the requested ticket expiration date cannot be satisfied by a
-non-renewable ticket (due to configuration constraints; see section 4). See
-section A.1 for pseudocode.
-
-The client prepares the KRB_AS_REQ message and sends it to the KDC.
-
-3.1.2. Receipt of KRB_AS_REQ message
-
-If all goes well, processing the KRB_AS_REQ message will result in the
-creation of a ticket for the client to present to the server. The format
-for the ticket is described in section 5.3.1. The contents of the ticket
-are determined as follows.
-
-3.1.3. Generation of KRB_AS_REP message
-
-The authentication server looks up the client and server principals named
-in the KRB_AS_REQ in its database, extracting their respective keys. If
-required, the server pre-authenticates the request, and if the
-pre-authentication check fails, an error message with the code
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate the
-requested encryption type, an error message with code KDC_ERR_ETYPE_NOSUPP
-is returned. Otherwise it generates a 'random' session key[7].
-
-If there are multiple encryption keys registered for a client in the
-Kerberos database (or if the key registered supports multiple encryption
-types; e.g. DES-CBC-CRC and DES-CBC-MD5), then the etype field from the AS
-request is used by the KDC to select the encryption method to be used for
-encrypting the response to the client. If there is more than one supported,
-strong encryption type in the etype list, the first valid etype for which
-an encryption key is available is used. The encryption method used to
-respond to a TGS request is taken from the keytype of the session key found
-in the ticket granting ticket.
-
-When the etype field is present in a KDC request, whether an AS or TGS
-request, the KDC will attempt to assign the type of the random session key
-from the list of methods in the etype field. The KDC will select the
-appropriate type using the list of methods provided together with
-information from the Kerberos database indicating acceptable encryption
-methods for the application server. The KDC will not issue tickets with a
-weak session key encryption type.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified then the error KDC_ERR_CANNOT_POSTDATE is returned.
-Otherwise the requested start time is checked against the policy of the
-local realm (the administrator might decide to prohibit certain types or
-ranges of postdated tickets), and if acceptable, the ticket's start time is
-set as requested and the INVALID flag is set in the new ticket. The
-postdated ticket must be validated before use by presenting it to the KDC
-after the start time has been reached.
-
-The expiration time of the ticket will be set to the minimum of the
-following:
-
-   * The expiration time (endtime) requested in the KRB_AS_REQ message.
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the client principal (the authentication server's database
-     includes a maximum ticket lifetime field in each principal's record;
-     see section 4).
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the server principal.
-   * The ticket's start time plus the maximum lifetime set by the policy of
-     the local realm.
-
-If the requested expiration time minus the start time (as determined above)
-is less than a site-determined minimum lifetime, an error message with code
-KDC_ERR_NEVER_VALID is returned. If the requested expiration time for the
-ticket exceeds what was determined as above, and if the 'RENEWABLE-OK'
-option was requested, then the 'RENEWABLE' flag is set in the new ticket,
-and the renew-till value is set as if the 'RENEWABLE' option were requested
-(the field and option names are described fully in section 5.4.1).
-
-If the RENEWABLE option has been requested or if the RENEWABLE-OK option
-has been set and a renewable ticket is to be issued, then the renew-till
-field is set to the minimum of:
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-   * Its requested value.
-   * The start time of the ticket plus the minimum of the two maximum
-     renewable lifetimes associated with the principals' database entries.
-   * The start time of the ticket plus the maximum renewable lifetime set
-     by the policy of the local realm.
-
-The flags field of the new ticket will have the following options set if
-they have been requested and if the policy of the local realm allows:
-FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE. If the new
-ticket is post-dated (the start time is in the future), its INVALID flag
-will also be set.
-
-If all of the above succeed, the server formats a KRB_AS_REP message (see
-section 5.4.2), copying the addresses in the request into the caddr of the
-response, placing any required pre-authentication data into the padata of
-the response, and encrypts the ciphertext part in the client's key using
-the requested encryption method, and sends it to the client. See section
-A.2 for pseudocode.
-
-3.1.4. Generation of KRB_ERROR message
-
-Several errors can occur, and the Authentication Server responds by
-returning an error message, KRB_ERROR, to the client, with the error-code
-and e-text fields set to appropriate values. The error message contents and
-details are described in Section 5.9.1.
-
-3.1.5. Receipt of KRB_AS_REP message
-
-If the reply message type is KRB_AS_REP, then the client verifies that the
-cname and crealm fields in the cleartext portion of the reply match what it
-requested. If any padata fields are present, they may be used to derive the
-proper secret key to decrypt the message. The client decrypts the encrypted
-part of the response using its secret key, verifies that the nonce in the
-encrypted part matches the nonce it supplied in its request (to detect
-replays). It also verifies that the sname and srealm in the response match
-those in the request (or are otherwise expected values), and that the host
-address field is also correct. It then stores the ticket, session key,
-start and expiration times, and other information for later use. The
-key-expiration field from the encrypted part of the response may be checked
-to notify the user of impending key expiration (the client program could
-then suggest remedial action, such as a password change). See section A.3
-for pseudocode.
-
-Proper decryption of the KRB_AS_REP message is not sufficient to verify the
-identity of the user; the user and an attacker could cooperate to generate
-a KRB_AS_REP format message which decrypts properly but is not from the
-proper KDC. If the host wishes to verify the identity of the user, it must
-require the user to present application credentials which can be verified
-using a securely-stored secret key for the host. If those credentials can
-be verified, then the identity of the user can be assured.
-
-3.1.6. Receipt of KRB_ERROR message
-
-If the reply message type is KRB_ERROR, then the client interprets it as an
-error and performs whatever application-specific tasks are necessary to
-recover.
-
-3.2. The Client/Server Authentication Exchange
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-                             Summary
-Message direction                         Message type    Section
-Client to Application server              KRB_AP_REQ      5.5.1
-[optional] Application server to client   KRB_AP_REP or   5.5.2
-                                          KRB_ERROR       5.9.1
-
-The client/server authentication (CS) exchange is used by network
-applications to authenticate the client to the server and vice versa. The
-client must have already acquired credentials for the server using the AS
-or TGS exchange.
-
-3.2.1. The KRB_AP_REQ message
-
-The KRB_AP_REQ contains authentication information which should be part of
-the first message in an authenticated transaction. It contains a ticket, an
-authenticator, and some additional bookkeeping information (see section
-5.5.1 for the exact format). The ticket by itself is insufficient to
-authenticate a client, since tickets are passed across the network in
-cleartext[DS90], so the authenticator is used to prevent invalid replay of
-tickets by proving to the server that the client knows the session key of
-the ticket and thus is entitled to use the ticket. The KRB_AP_REQ message
-is referred to elsewhere as the 'authentication header.'
-
-3.2.2. Generation of a KRB_AP_REQ message
-
-When a client wishes to initiate authentication to a server, it obtains
-(either through a credentials cache, the AS exchange, or the TGS exchange)
-a ticket and session key for the desired service. The client may re-use any
-tickets it holds until they expire. To use a ticket the client constructs a
-new Authenticator from the the system time, its name, and optionally an
-application specific checksum, an initial sequence number to be used in
-KRB_SAFE or KRB_PRIV messages, and/or a session subkey to be used in
-negotiations for a session key unique to this particular session.
-Authenticators may not be re-used and will be rejected if replayed to a
-server[LGDSR87]. If a sequence number is to be included, it should be
-randomly chosen so that even after many messages have been exchanged it is
-not likely to collide with other sequence numbers in use.
-
-The client may indicate a requirement of mutual authentication or the use
-of a session-key based ticket by setting the appropriate flag(s) in the
-ap-options field of the message.
-
-The Authenticator is encrypted in the session key and combined with the
-ticket to form the KRB_AP_REQ message which is then sent to the end server
-along with any additional application-specific information. See section A.9
-for pseudocode.
-
-3.2.3. Receipt of KRB_AP_REQ message
-
-Authentication is based on the server's current time of day (clocks must be
-loosely synchronized), the authenticator, and the ticket. Several errors
-are possible. If an error occurs, the server is expected to reply to the
-client with a KRB_ERROR message. This message may be encapsulated in the
-application protocol if its 'raw' form is not acceptable to the protocol.
-The format of error messages is described in section 5.9.1.
-
-The algorithm for verifying authentication information is as follows. If
-the message type is not KRB_AP_REQ, the server returns the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-KRB_AP_ERR_MSG_TYPE error. If the key version indicated by the Ticket in
-the KRB_AP_REQ is not one the server can use (e.g., it indicates an old
-key, and the server no longer possesses a copy of the old key), the
-KRB_AP_ERR_BADKEYVER error is returned. If the USE-SESSION-KEY flag is set
-in the ap-options field, it indicates to the server that the ticket is
-encrypted in the session key from the server's ticket-granting ticket
-rather than its secret key[10]. Since it is possible for the server to be
-registered in multiple realms, with different keys in each, the srealm
-field in the unencrypted portion of the ticket in the KRB_AP_REQ is used to
-specify which secret key the server should use to decrypt that ticket. The
-KRB_AP_ERR_NOKEY error code is returned if the server doesn't have the
-proper key to decipher the ticket.
-
-The ticket is decrypted using the version of the server's key specified by
-the ticket. If the decryption routines detect a modification of the ticket
-(each encryption system must provide safeguards to detect modified
-ciphertext; see section 6), the KRB_AP_ERR_BAD_INTEGRITY error is returned
-(chances are good that different keys were used to encrypt and decrypt).
-
-The authenticator is decrypted using the session key extracted from the
-decrypted ticket. If decryption shows it to have been modified, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned. The name and realm of the
-client from the ticket are compared against the same fields in the
-authenticator. If they don't match, the KRB_AP_ERR_BADMATCH error is
-returned (they might not match, for example, if the wrong session key was
-used to encrypt the authenticator). The addresses in the ticket (if any)
-are then searched for an address matching the operating-system reported
-address of the client. If no match is found or the server insists on ticket
-addresses but none are present in the ticket, the KRB_AP_ERR_BADADDR error
-is returned.
-
-If the local (server) time and the client time in the authenticator differ
-by more than the allowable clock skew (e.g., 5 minutes), the
-KRB_AP_ERR_SKEW error is returned. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen such tuples, the KRB_AP_ERR_REPEAT error is returned[11]. The
-server must remember any authenticator presented within the allowable clock
-skew, so that a replay attempt is guaranteed to fail. If a server loses
-track of any authenticator presented within the allowable clock skew, it
-must reject all requests until the clock skew interval has passed. This
-assures that any lost or re-played authenticators will fall outside the
-allowable clock skew and can no longer be successfully replayed (If this is
-not done, an attacker could conceivably record the ticket and authenticator
-sent over the network to a server, then disable the client's host, pose as
-the disabled host, and replay the ticket and authenticator to subvert the
-authentication.). If a sequence number is provided in the authenticator,
-the server saves it for later use in processing KRB_SAFE and/or KRB_PRIV
-messages. If a subkey is present, the server either saves it for later use
-or uses it to help generate its own choice for a subkey to be returned in a
-KRB_AP_REP message.
-
-The server computes the age of the ticket: local (server) time minus the
-start time inside the Ticket. If the start time is later than the current
-time by more than the allowable clock skew or if the INVALID flag is set in
-the ticket, the KRB_AP_ERR_TKT_NYV error is returned. Otherwise, if the
-current time is later than end time by more than the allowable clock skew,
-the KRB_AP_ERR_TKT_EXPIRED error is returned.
-
-If all these checks succeed without an error, the server is assured that
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-the client possesses the credentials of the principal named in the ticket
-and thus, the client has been authenticated to the server. See section A.10
-for pseudocode.
-
-Passing these checks provides only authentication of the named principal;
-it does not imply authorization to use the named service. Applications must
-make a separate authorization decisions based upon the authenticated name
-of the user, the requested operation, local acces control information such
-as that contained in a .k5login or .k5users file, and possibly a separate
-distributed authorization service.
-
-3.2.4. Generation of a KRB_AP_REP message
-
-Typically, a client's request will include both the authentication
-information and its initial request in the same message, and the server
-need not explicitly reply to the KRB_AP_REQ. However, if mutual
-authentication (not only authenticating the client to the server, but also
-the server to the client) is being performed, the KRB_AP_REQ message will
-have MUTUAL-REQUIRED set in its ap-options field, and a KRB_AP_REP message
-is required in response. As with the error message, this message may be
-encapsulated in the application protocol if its "raw" form is not
-acceptable to the application's protocol. The timestamp and microsecond
-field used in the reply must be the client's timestamp and microsecond
-field (as provided in the authenticator)[12]. If a sequence number is to be
-included, it should be randomly chosen as described above for the
-authenticator. A subkey may be included if the server desires to negotiate
-a different subkey. The KRB_AP_REP message is encrypted in the session key
-extracted from the ticket. See section A.11 for pseudocode.
-
-3.2.5. Receipt of KRB_AP_REP message
-
-If a KRB_AP_REP message is returned, the client uses the session key from
-the credentials obtained for the server[13] to decrypt the message, and
-verifies that the timestamp and microsecond fields match those in the
-Authenticator it sent to the server. If they match, then the client is
-assured that the server is genuine. The sequence number and subkey (if
-present) are retained for later use. See section A.12 for pseudocode.
-
-3.2.6. Using the encryption key
-
-After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and
-server share an encryption key which can be used by the application. The
-'true session key' to be used for KRB_PRIV, KRB_SAFE, or other
-application-specific uses may be chosen by the application based on the
-subkeys in the KRB_AP_REP message and the authenticator[14]. In some cases,
-the use of this session key will be implicit in the protocol; in others the
-method of use must be chosen from several alternatives. We leave the
-protocol negotiations of how to use the key (e.g. selecting an encryption
-or checksum type) to the application programmer; the Kerberos protocol does
-not constrain the implementation options, but an example of how this might
-be done follows.
-
-One way that an application may choose to negotiate a key to be used for
-subequent integrity and privacy protection is for the client to propose a
-key in the subkey field of the authenticator. The server can then choose a
-key using the proposed key from the client as input, returning the new
-subkey in the subkey field of the application reply. This key could then be
-used for subsequent communication. To make this example more concrete, if
-the encryption method in use required a 56 bit key, and for whatever
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-reason, one of the parties was prevented from using a key with more than 40
-unknown bits, this method would allow the the party which is prevented from
-using more than 40 bits to either propose (if the client) an initial key
-with a known quantity for 16 of those bits, or to mask 16 of the bits (if
-the server) with the known quantity. The application implementor is warned,
-however, that this is only an example, and that an analysis of the
-particular crytosystem to be used, and the reasons for limiting the key
-length, must be made before deciding whether it is acceptable to mask bits
-of the key.
-
-With both the one-way and mutual authentication exchanges, the peers should
-take care not to send sensitive information to each other without proper
-assurances. In particular, applications that require privacy or integrity
-should use the KRB_AP_REP response from the server to client to assure both
-client and server of their peer's identity. If an application protocol
-requires privacy of its messages, it can use the KRB_PRIV message (section
-3.5). The KRB_SAFE message (section 3.4) can be used to assure integrity.
-
-3.3. The Ticket-Granting Service (TGS) Exchange
-
-                          Summary
-      Message direction       Message type     Section
-      1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-      2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                              KRB_ERROR        5.9.1
-
-The TGS exchange between a client and the Kerberos Ticket-Granting Server
-is initiated by a client when it wishes to obtain authentication
-credentials for a given server (which might be registered in a remote
-realm), when it wishes to renew or validate an existing ticket, or when it
-wishes to obtain a proxy ticket. In the first case, the client must already
-have acquired a ticket for the Ticket-Granting Service using the AS
-exchange (the ticket-granting ticket is usually obtained when a client
-initially authenticates to the system, such as when a user logs in). The
-message format for the TGS exchange is almost identical to that for the AS
-exchange. The primary difference is that encryption and decryption in the
-TGS exchange does not take place under the client's key. Instead, the
-session key from the ticket-granting ticket or renewable ticket, or
-sub-session key from an Authenticator is used. As is the case for all
-application servers, expired tickets are not accepted by the TGS, so once a
-renewable or ticket-granting ticket expires, the client must use a separate
-exchange to obtain valid tickets.
-
-The TGS exchange consists of two messages: A request (KRB_TGS_REQ) from the
-client to the Kerberos Ticket-Granting Server, and a reply (KRB_TGS_REP or
-KRB_ERROR). The KRB_TGS_REQ message includes information authenticating the
-client plus a request for credentials. The authentication information
-consists of the authentication header (KRB_AP_REQ) which includes the
-client's previously obtained ticket-granting, renewable, or invalid ticket.
-In the ticket-granting ticket and proxy cases, the request may include one
-or more of: a list of network addresses, a collection of typed
-authorization data to be sealed in the ticket for authorization use by the
-application server, or additional tickets (the use of which are described
-later). The TGS reply (KRB_TGS_REP) contains the requested credentials,
-encrypted in the session key from the ticket-granting ticket or renewable
-ticket, or if present, in the sub-session key from the Authenticator (part
-of the authentication header). The KRB_ERROR message contains an error code
-and text explaining what went wrong. The KRB_ERROR message is not
-encrypted. The KRB_TGS_REP message contains information which can be used
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-to detect replays, and to associate it with the message to which it
-replies. The KRB_ERROR message also contains information which can be used
-to associate it with the message to which it replies, but the lack of
-encryption in the KRB_ERROR message precludes the ability to detect replays
-or fabrications of such messages.
-
-3.3.1. Generation of KRB_TGS_REQ message
-
-Before sending a request to the ticket-granting service, the client must
-determine in which realm the application server is registered[15]. If the
-client does not already possess a ticket-granting ticket for the
-appropriate realm, then one must be obtained. This is first attempted by
-requesting a ticket-granting ticket for the destination realm from a
-Kerberos server for which the client does posess a ticket-granting ticket
-(using the KRB_TGS_REQ message recursively). The Kerberos server may return
-a TGT for the desired realm in which case one can proceed. Alternatively,
-the Kerberos server may return a TGT for a realm which is 'closer' to the
-desired realm (further along the standard hierarchical path), in which case
-this step must be repeated with a Kerberos server in the realm specified in
-the returned TGT. If neither are returned, then the request must be retried
-with a Kerberos server for a realm higher in the hierarchy. This request
-will itself require a ticket-granting ticket for the higher realm which
-must be obtained by recursively applying these directions.
-
-Once the client obtains a ticket-granting ticket for the appropriate realm,
-it determines which Kerberos servers serve that realm, and contacts one.
-The list might be obtained through a configuration file or network service
-or it may be generated from the name of the realm; as long as the secret
-keys exchanged by realms are kept secret, only denial of service results
-from using a false Kerberos server.
-
-As in the AS exchange, the client may specify a number of options in the
-KRB_TGS_REQ message. The client prepares the KRB_TGS_REQ message, providing
-an authentication header as an element of the padata field, and including
-the same fields as used in the KRB_AS_REQ message along with several
-optional fields: the enc-authorization-data field for application server
-use and additional tickets required by some options.
-
-In preparing the authentication header, the client can select a sub-session
-key under which the response from the Kerberos server will be
-encrypted[16]. If the sub-session key is not specified, the session key
-from the ticket-granting ticket will be used. If the enc-authorization-data
-is present, it must be encrypted in the sub-session key, if present, from
-the authenticator portion of the authentication header, or if not present,
-using the session key from the ticket-granting ticket.
-
-Once prepared, the message is sent to a Kerberos server for the destination
-realm. See section A.5 for pseudocode.
-
-3.3.2. Receipt of KRB_TGS_REQ message
-
-The KRB_TGS_REQ message is processed in a manner similar to the KRB_AS_REQ
-message, but there are many additional checks to be performed. First, the
-Kerberos server must determine which server the accompanying ticket is for
-and it must select the appropriate key to decrypt it. For a normal
-KRB_TGS_REQ message, it will be for the ticket granting service, and the
-TGS's key will be used. If the TGT was issued by another realm, then the
-appropriate inter-realm key must be used. If the accompanying ticket is not
-a ticket granting ticket for the current realm, but is for an application
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-server in the current realm, the RENEW, VALIDATE, or PROXY options are
-specified in the request, and the server for which a ticket is requested is
-the server named in the accompanying ticket, then the KDC will decrypt the
-ticket in the authentication header using the key of the server for which
-it was issued. If no ticket can be found in the padata field, the
-KDC_ERR_PADATA_TYPE_NOSUPP error is returned.
-
-Once the accompanying ticket has been decrypted, the user-supplied checksum
-in the Authenticator must be verified against the contents of the request,
-and the message rejected if the checksums do not match (with an error code
-of KRB_AP_ERR_MODIFIED) or if the checksum is not keyed or not
-collision-proof (with an error code of KRB_AP_ERR_INAPP_CKSUM). If the
-checksum type is not supported, the KDC_ERR_SUMTYPE_NOSUPP error is
-returned. If the authorization-data are present, they are decrypted using
-the sub-session key from the Authenticator.
-
-If any of the decryptions indicate failed integrity checks, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned.
-
-3.3.3. Generation of KRB_TGS_REP message
-
-The KRB_TGS_REP message shares its format with the KRB_AS_REP
-(KRB_KDC_REP), but with its type field set to KRB_TGS_REP. The detailed
-specification is in section 5.4.2.
-
-The response will include a ticket for the requested server. The Kerberos
-database is queried to retrieve the record for the requested server
-(including the key with which the ticket will be encrypted). If the request
-is for a ticket granting ticket for a remote realm, and if no key is shared
-with the requested realm, then the Kerberos server will select the realm
-"closest" to the requested realm with which it does share a key, and use
-that realm instead. This is the only case where the response from the KDC
-will be for a different server than that requested by the client.
-
-By default, the address field, the client's name and realm, the list of
-transited realms, the time of initial authentication, the expiration time,
-and the authorization data of the newly-issued ticket will be copied from
-the ticket-granting ticket (TGT) or renewable ticket. If the transited
-field needs to be updated, but the transited type is not supported, the
-KDC_ERR_TRTYPE_NOSUPP error is returned.
-
-If the request specifies an endtime, then the endtime of the new ticket is
-set to the minimum of (a) that request, (b) the endtime from the TGT, and
-(c) the starttime of the TGT plus the minimum of the maximum life for the
-application server and the maximum life for the local realm (the maximum
-life for the requesting principal was already applied when the TGT was
-issued). If the new ticket is to be a renewal, then the endtime above is
-replaced by the minimum of (a) the value of the renew_till field of the
-ticket and (b) the starttime for the new ticket plus the life
-(endtime-starttime) of the old ticket.
-
-If the FORWARDED option has been requested, then the resulting ticket will
-contain the addresses specified by the client. This option will only be
-honored if the FORWARDABLE flag is set in the TGT. The PROXY option is
-similar; the resulting ticket will contain the addresses specified by the
-client. It will be honored only if the PROXIABLE flag in the TGT is set.
-The PROXY option will not be honored on requests for additional
-ticket-granting tickets.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified or the MAY-POSTDATE flag is not set in the TGT, then the
-error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise, if the
-ticket-granting ticket has the MAY-POSTDATE flag set, then the resulting
-ticket will be postdated and the requested starttime is checked against the
-policy of the local realm. If acceptable, the ticket's start time is set as
-requested, and the INVALID flag is set. The postdated ticket must be
-validated before use by presenting it to the KDC after the starttime has
-been reached. However, in no case may the starttime, endtime, or renew-till
-time of a newly-issued postdated ticket extend beyond the renew-till time
-of the ticket-granting ticket.
-
-If the ENC-TKT-IN-SKEY option has been specified and an additional ticket
-has been included in the request, the KDC will decrypt the additional
-ticket using the key for the server to which the additional ticket was
-issued and verify that it is a ticket-granting ticket. If the name of the
-requested server is missing from the request, the name of the client in the
-additional ticket will be used. Otherwise the name of the requested server
-will be compared to the name of the client in the additional ticket and if
-different, the request will be rejected. If the request succeeds, the
-session key from the additional ticket will be used to encrypt the new
-ticket that is issued instead of using the key of the server for which the
-new ticket will be used[17].
-
-If the name of the server in the ticket that is presented to the KDC as
-part of the authentication header is not that of the ticket-granting server
-itself, the server is registered in the realm of the KDC, and the RENEW
-option is requested, then the KDC will verify that the RENEWABLE flag is
-set in the ticket, that the INVALID flag is not set in the ticket, and that
-the renew_till time is still in the future. If the VALIDATE option is
-rqeuested, the KDC will check that the starttime has passed and the INVALID
-flag is set. If the PROXY option is requested, then the KDC will check that
-the PROXIABLE flag is set in the ticket. If the tests succeed, and the
-ticket passes the hotlist check described in the next paragraph, the KDC
-will issue the appropriate new ticket.
-
-3.3.3.1. Checking for revoked tickets
-
-Whenever a request is made to the ticket-granting server, the presented
-ticket(s) is(are) checked against a hot-list of tickets which have been
-canceled. This hot-list might be implemented by storing a range of issue
-timestamps for 'suspect tickets'; if a presented ticket had an authtime in
-that range, it would be rejected. In this way, a stolen ticket-granting
-ticket or renewable ticket cannot be used to gain additional tickets
-(renewals or otherwise) once the theft has been reported. Any normal ticket
-obtained before it was reported stolen will still be valid (because they
-require no interaction with the KDC), but only until their normal
-expiration time.
-
-The ciphertext part of the response in the KRB_TGS_REP message is encrypted
-in the sub-session key from the Authenticator, if present, or the session
-key key from the ticket-granting ticket. It is not encrypted using the
-client's secret key. Furthermore, the client's key's expiration date and
-the key version number fields are left out since these values are stored
-along with the client's database record, and that record is not needed to
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-satisfy a request based on a ticket-granting ticket. See section A.6 for
-pseudocode.
-
-3.3.3.2. Encoding the transited field
-
-If the identity of the server in the TGT that is presented to the KDC as
-part of the authentication header is that of the ticket-granting service,
-but the TGT was issued from another realm, the KDC will look up the
-inter-realm key shared with that realm and use that key to decrypt the
-ticket. If the ticket is valid, then the KDC will honor the request,
-subject to the constraints outlined above in the section describing the AS
-exchange. The realm part of the client's identity will be taken from the
-ticket-granting ticket. The name of the realm that issued the
-ticket-granting ticket will be added to the transited field of the ticket
-to be issued. This is accomplished by reading the transited field from the
-ticket-granting ticket (which is treated as an unordered set of realm
-names), adding the new realm to the set, then constructing and writing out
-its encoded (shorthand) form (this may involve a rearrangement of the
-existing encoding).
-
-Note that the ticket-granting service does not add the name of its own
-realm. Instead, its responsibility is to add the name of the previous
-realm. This prevents a malicious Kerberos server from intentionally leaving
-out its own name (it could, however, omit other realms' names).
-
-The names of neither the local realm nor the principal's realm are to be
-included in the transited field. They appear elsewhere in the ticket and
-both are known to have taken part in authenticating the principal. Since
-the endpoints are not included, both local and single-hop inter-realm
-authentication result in a transited field that is empty.
-
-Because the name of each realm transited is added to this field, it might
-potentially be very long. To decrease the length of this field, its
-contents are encoded. The initially supported encoding is optimized for the
-normal case of inter-realm communication: a hierarchical arrangement of
-realms using either domain or X.500 style realm names. This encoding
-(called DOMAIN-X500-COMPRESS) is now described.
-
-Realm names in the transited field are separated by a ",". The ",", "\",
-trailing "."s, and leading spaces (" ") are special characters, and if they
-are part of a realm name, they must be quoted in the transited field by
-preced- ing them with a "\".
-
-A realm name ending with a "." is interpreted as being prepended to the
-previous realm. For example, we can encode traversal of EDU, MIT.EDU,
-ATHENA.MIT.EDU, WASHINGTON.EDU, and CS.WASHINGTON.EDU as:
-
-     "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were end-points, that
-they would not be included in this field, and we would have:
-
-     "EDU,MIT.,WASHINGTON.EDU"
-
-A realm name beginning with a "/" is interpreted as being appended to the
-previous realm[18]. If it is to stand by itself, then it should be preceded
-by a space (" "). For example, we can encode traversal of /COM/HP/APOLLO,
-/COM/HP, /COM, and /COM/DEC as:
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     "/COM,/HP,/APOLLO, /COM/DEC".
-
-Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints, they
-they would not be included in this field, and we would have:
-
-     "/COM,/HP"
-
-A null subfield preceding or following a "," indicates that all realms
-between the previous realm and the next realm have been traversed[19].
-Thus, "," means that all realms along the path between the client and the
-server have been traversed. ",EDU, /COM," means that that all realms from
-the client's realm up to EDU (in a domain style hierarchy) have been
-traversed, and that everything from /COM down to the server's realm in an
-X.500 style has also been traversed. This could occur if the EDU realm in
-one hierarchy shares an inter-realm key directly with the /COM realm in
-another hierarchy.
-
-3.3.4. Receipt of KRB_TGS_REP message
-
-When the KRB_TGS_REP is received by the client, it is processed in the same
-manner as the KRB_AS_REP processing described above. The primary difference
-is that the ciphertext part of the response must be decrypted using the
-session key from the ticket-granting ticket rather than the client's secret
-key. See section A.7 for pseudocode.
-
-3.4. The KRB_SAFE Exchange
-
-The KRB_SAFE message may be used by clients requiring the ability to detect
-modifications of messages they exchange. It achieves this by including a
-keyed collision-proof checksum of the user data and some control
-information. The checksum is keyed with an encryption key (usually the last
-key negotiated via subkeys, or the session key if no negotiation has
-occured).
-
-3.4.1. Generation of a KRB_SAFE message
-
-When an application wishes to send a KRB_SAFE message, it collects its data
-and the appropriate control information and computes a checksum over them.
-The checksum algorithm should be a keyed one-way hash function (such as the
-RSA- MD5-DES checksum algorithm specified in section 6.4.5, or the DES
-MAC), generated using the sub-session key if present, or the session key.
-Different algorithms may be selected by changing the checksum type in the
-message. Unkeyed or non-collision-proof checksums are not suitable for this
-use.
-
-The control information for the KRB_SAFE message includes both a timestamp
-and a sequence number. The designer of an application using the KRB_SAFE
-message must choose at least one of the two mechanisms. This choice should
-be based on the needs of the application protocol.
-
-Sequence numbers are useful when all messages sent will be received by
-one's peer. Connection state is presently required to maintain the session
-key, so maintaining the next sequence number should not present an
-additional problem.
-
-If the application protocol is expected to tolerate lost messages without
-them being resent, the use of the timestamp is the appropriate replay
-detection mechanism. Using timestamps is also the appropriate mechanism for
-multi-cast protocols where all of one's peers share a common sub-session
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-key, but some messages will be sent to a subset of one's peers.
-
-After computing the checksum, the client then transmits the information and
-checksum to the recipient in the message format specified in section 5.6.1.
-
-3.4.2. Receipt of KRB_SAFE message
-
-When an application receives a KRB_SAFE message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and
-type fields match the current version and KRB_SAFE, respectively. A
-mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error.
-The application verifies that the checksum used is a collision-proof keyed
-checksum, and if it is not, a KRB_AP_ERR_INAPP_CKSUM error is generated.
-The recipient verifies that the operating system's report of the sender's
-address matches the sender's address in the message, and (if a recipient
-address is specified or the recipient requires an address) that one of the
-recipient's addresses appears as the recipient's address in the message. A
-failed match for either case generates a KRB_AP_ERR_BADADDR error. Then the
-timestamp and usec and/or the sequence number fields are checked. If
-timestamp and usec are expected and not present, or they are present but
-not current, the KRB_AP_ERR_SKEW error is generated. If the server name,
-along with the client name, time and microsecond fields from the
-Authenticator match any recently-seen (sent or received[20] ) such tuples,
-the KRB_AP_ERR_REPEAT error is generated. If an incorrect sequence number
-is included, or a sequence number is expected but not present, the
-KRB_AP_ERR_BADORDER error is generated. If neither a time-stamp and usec or
-a sequence number is present, a KRB_AP_ERR_MODIFIED error is generated.
-Finally, the checksum is computed over the data and control information,
-and if it doesn't match the received checksum, a KRB_AP_ERR_MODIFIED error
-is generated.
-
-If all the checks succeed, the application is assured that the message was
-generated by its peer and was not modi- fied in transit.
-
-3.5. The KRB_PRIV Exchange
-
-The KRB_PRIV message may be used by clients requiring confidentiality and
-the ability to detect modifications of exchanged messages. It achieves this
-by encrypting the messages and adding control information.
-
-3.5.1. Generation of a KRB_PRIV message
-
-When an application wishes to send a KRB_PRIV message, it collects its data
-and the appropriate control information (specified in section 5.7.1) and
-encrypts them under an encryption key (usually the last key negotiated via
-subkeys, or the session key if no negotiation has occured). As part of the
-control information, the client must choose to use either a timestamp or a
-sequence number (or both); see the discussion in section 3.4.1 for
-guidelines on which to use. After the user data and control information are
-encrypted, the client transmits the ciphertext and some 'envelope'
-information to the recipient.
-
-3.5.2. Receipt of KRB_PRIV message
-
-When an application receives a KRB_PRIV message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-The message is first checked by verifying that the protocol version and
-type fields match the current version and KRB_PRIV, respectively. A
-mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error.
-The application then decrypts the ciphertext and processes the resultant
-plaintext. If decryption shows the data to have been modified, a
-KRB_AP_ERR_BAD_INTEGRITY error is generated. The recipient verifies that
-the operating system's report of the sender's address matches the sender's
-address in the message, and (if a recipient address is specified or the
-recipient requires an address) that one of the recipient's addresses
-appears as the recipient's address in the message. A failed match for
-either case generates a KRB_AP_ERR_BADADDR error. Then the timestamp and
-usec and/or the sequence number fields are checked. If timestamp and usec
-are expected and not present, or they are present but not current, the
-KRB_AP_ERR_SKEW error is generated. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen such tuples, the KRB_AP_ERR_REPEAT error is generated. If an
-incorrect sequence number is included, or a sequence number is expected but
-not present, the KRB_AP_ERR_BADORDER error is generated. If neither a
-time-stamp and usec or a sequence number is present, a KRB_AP_ERR_MODIFIED
-error is generated.
-
-If all the checks succeed, the application can assume the message was
-generated by its peer, and was securely transmitted (without intruders able
-to see the unencrypted contents).
-
-3.6. The KRB_CRED Exchange
-
-The KRB_CRED message may be used by clients requiring the ability to send
-Kerberos credentials from one host to another. It achieves this by sending
-the tickets together with encrypted data containing the session keys and
-other information associated with the tickets.
-
-3.6.1. Generation of a KRB_CRED message
-
-When an application wishes to send a KRB_CRED message it first (using the
-KRB_TGS exchange) obtains credentials to be sent to the remote host. It
-then constructs a KRB_CRED message using the ticket or tickets so obtained,
-placing the session key needed to use each ticket in the key field of the
-corresponding KrbCredInfo sequence of the encrypted part of the the
-KRB_CRED message.
-
-Other information associated with each ticket and obtained during the
-KRB_TGS exchange is also placed in the corresponding KrbCredInfo sequence
-in the encrypted part of the KRB_CRED message. The current time and, if
-specifically required by the application the nonce, s-address, and
-r-address fields, are placed in the encrypted part of the KRB_CRED message
-which is then encrypted under an encryption key previosuly exchanged in the
-KRB_AP exchange (usually the last key negotiated via subkeys, or the
-session key if no negotiation has occured).
-
-3.6.2. Receipt of KRB_CRED message
-
-When an application receives a KRB_CRED message, it verifies it. If any
-error occurs, an error code is reported for use by the application. The
-message is verified by checking that the protocol version and type fields
-match the current version and KRB_CRED, respectively. A mismatch generates
-a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The application then
-decrypts the ciphertext and processes the resultant plaintext. If
-decryption shows the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-error is generated.
-
-If present or required, the recipient verifies that the operating system's
-report of the sender's address matches the sender's address in the message,
-and that one of the recipient's addresses appears as the recipient's
-address in the message. A failed match for either case generates a
-KRB_AP_ERR_BADADDR error. The timestamp and usec fields (and the nonce
-field if required) are checked next. If the timestamp and usec are not
-present, or they are present but not current, the KRB_AP_ERR_SKEW error is
-generated.
-
-If all the checks succeed, the application stores each of the new tickets
-in its ticket cache together with the session key and other information in
-the corresponding KrbCredInfo sequence from the encrypted part of the
-KRB_CRED message.
-
-4. The Kerberos Database
-
-The Kerberos server must have access to a database contain- ing the
-principal identifiers and secret keys of principals to be
-authenticated[21].
-
-4.1. Database contents
-
-A database entry should contain at least the following fields:
-
-Field                Value
-
-name                 Principal's identifier
-key                  Principal's secret key
-p_kvno               Principal's key version
-max_life             Maximum lifetime for Tickets
-max_renewable_life   Maximum total lifetime for renewable Tickets
-
-The name field is an encoding of the principal's identifier. The key field
-contains an encryption key. This key is the principal's secret key. (The
-key can be encrypted before storage under a Kerberos "master key" to
-protect it in case the database is compromised but the master key is not.
-In that case, an extra field must be added to indicate the master key
-version used, see below.) The p_kvno field is the key version number of the
-principal's secret key. The max_life field contains the maximum allowable
-lifetime (endtime - starttime) for any Ticket issued for this principal.
-The max_renewable_life field contains the maximum allowable total lifetime
-for any renewable Ticket issued for this principal. (See section 3.1 for a
-description of how these lifetimes are used in determining the lifetime of
-a given Ticket.)
-
-A server may provide KDC service to several realms, as long as the database
-representation provides a mechanism to distinguish between principal
-records with identifiers which differ only in the realm name.
-
-When an application server's key changes, if the change is routine (i.e.
-not the result of disclosure of the old key), the old key should be
-retained by the server until all tickets that had been issued using that
-key have expired. Because of this, it is possible for several keys to be
-active for a single principal. Ciphertext encrypted in a principal's key is
-always tagged with the version of the key that was used for encryption, to
-help the recipient find the proper key for decryption.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-When more than one key is active for a particular principal, the principal
-will have more than one record in the Kerberos database. The keys and key
-version numbers will differ between the records (the rest of the fields may
-or may not be the same). Whenever Kerberos issues a ticket, or responds to
-a request for initial authentication, the most recent key (known by the
-Kerberos server) will be used for encryption. This is the key with the
-highest key version number.
-
-4.2. Additional fields
-
-Project Athena's KDC implementation uses additional fields in its database:
-
-Field        Value
-
-K_kvno       Kerberos' key version
-expiration   Expiration date for entry
-attributes   Bit field of attributes
-mod_date     Timestamp of last modification
-mod_name     Modifying principal's identifier
-
-The K_kvno field indicates the key version of the Kerberos master key under
-which the principal's secret key is encrypted.
-
-After an entry's expiration date has passed, the KDC will return an error
-to any client attempting to gain tickets as or for the principal. (A
-database may want to maintain two expiration dates: one for the principal,
-and one for the principal's current key. This allows password aging to work
-independently of the principal's expiration date. However, due to the
-limited space in the responses, the KDC must combine the key expiration and
-principal expiration date into a single value called 'key_exp', which is
-used as a hint to the user to take administrative action.)
-
-The attributes field is a bitfield used to govern the operations involving
-the principal. This field might be useful in conjunction with user
-registration procedures, for site-specific policy implementations (Project
-Athena currently uses it for their user registration process controlled by
-the system-wide database service, Moira [LGDSR87]), to identify whether a
-principal can play the role of a client or server or both, to note whether
-a server is appropriate trusted to recieve credentials delegated by a
-client, or to identify the 'string to key' conversion algorithm used for a
-principal's key[22]. Other bits are used to indicate that certain ticket
-options should not be allowed in tickets encrypted under a principal's key
-(one bit each): Disallow issuing postdated tickets, disallow issuing
-forwardable tickets, disallow issuing tickets based on TGT authentication,
-disallow issuing renewable tickets, disallow issuing proxiable tickets, and
-disallow issuing tickets for which the principal is the server.
-
-The mod_date field contains the time of last modification of the entry, and
-the mod_name field contains the name of the principal which last modified
-the entry.
-
-4.3. Frequently Changing Fields
-
-Some KDC implementations may wish to maintain the last time that a request
-was made by a particular principal. Information that might be maintained
-includes the time of the last request, the time of the last request for a
-ticket-granting ticket, the time of the last use of a ticket-granting
-ticket, or other times. This information can then be returned to the user
-in the last-req field (see section 5.2).
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-Other frequently changing information that can be maintained is the latest
-expiration time for any tickets that have been issued using each key. This
-field would be used to indicate how long old keys must remain valid to
-allow the continued use of outstanding tickets.
-
-4.4. Site Constants
-
-The KDC implementation should have the following configurable constants or
-options, to allow an administrator to make and enforce policy decisions:
-
-   * The minimum supported lifetime (used to determine whether the
-     KDC_ERR_NEVER_VALID error should be returned). This constant should
-     reflect reasonable expectations of round-trip time to the KDC,
-     encryption/decryption time, and processing time by the client and
-     target server, and it should allow for a minimum 'useful' lifetime.
-   * The maximum allowable total (renewable) lifetime of a ticket
-     (renew_till - starttime).
-   * The maximum allowable lifetime of a ticket (endtime - starttime).
-   * Whether to allow the issue of tickets with empty address fields
-     (including the ability to specify that such tickets may only be issued
-     if the request specifies some authorization_data).
-   * Whether proxiable, forwardable, renewable or post-datable tickets are
-     to be issued.
-
-5. Message Specifications
-
-The following sections describe the exact contents and encoding of protocol
-messages and objects. The ASN.1 base definitions are presented in the first
-subsection. The remaining subsections specify the protocol objects (tickets
-and authenticators) and messages. Specification of encryption and checksum
-techniques, and the fields related to them, appear in section 6.
-
-Optional field in ASN.1 sequences
-
-For optional integer value and date fields in ASN.1 sequences where a
-default value has been specified, certain default values will not be
-allowed in the encoding because these values will always be represented
-through defaulting by the absence of the optional field. For example, one
-will not send a microsecond zero value because one must make sure that
-there is only one way to encode this value.
-
-Additional fields in ASN.1 sequences
-
-Implementations receiving Kerberos messages with additional fields present
-in ASN.1 sequences should carry the those fields through unmodified when
-the message is forwarded. Implementation should drop such fields if the
-sequence is reencoded.
-
-5.1. ASN.1 Distinguished Encoding Representation
-
-All uses of ASN.1 in Kerberos shall use the Distinguished Encoding
-Representation of the data elements as described in the X.509
-specification, section 8.7 [X509-88].
-
-5.3. ASN.1 Base Definitions
-
-The following ASN.1 base definitions are used in the rest of this section.
-Note that since the underscore character (_) is not permitted in ASN.1
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-names, the hyphen (-) is used in its place for the purposes of ASN.1 names.
-
-Realm ::=           GeneralString
-PrincipalName ::=   SEQUENCE {
-                    name-type[0]     INTEGER,
-                    name-string[1]   SEQUENCE OF GeneralString
-}
-
-Kerberos realms are encoded as GeneralStrings. Realms shall not contain a
-character with the code 0 (the ASCII NUL). Most realms will usually consist
-of several components separated by periods (.), in the style of Internet
-Domain Names, or separated by slashes (/) in the style of X.500 names.
-Acceptable forms for realm names are specified in section 7. A
-PrincipalName is a typed sequence of components consisting of the following
-sub-fields:
-
-name-type
-     This field specifies the type of name that follows. Pre-defined values
-     for this field are specified in section 7.2. The name-type should be
-     treated as a hint. Ignoring the name type, no two names can be the
-     same (i.e. at least one of the components, or the realm, must be
-     different). This constraint may be eliminated in the future.
-name-string
-     This field encodes a sequence of components that form a name, each
-     component encoded as a GeneralString. Taken together, a PrincipalName
-     and a Realm form a principal identifier. Most PrincipalNames will have
-     only a few components (typically one or two).
-
-KerberosTime ::=   GeneralizedTime
-                   -- Specifying UTC time zone (Z)
-
-The timestamps used in Kerberos are encoded as GeneralizedTimes. An
-encoding shall specify the UTC time zone (Z) and shall not include any
-fractional portions of the seconds. It further shall not include any
-separators. Example: The only valid format for UTC time 6 minutes, 27
-seconds after 9 pm on 6 November 1985 is 19851106210627Z.
-
-HostAddress ::=     SEQUENCE  {
-                    addr-type[0]             INTEGER,
-                    address[1]               OCTET STRING
-}
-
-HostAddresses ::=   SEQUENCE OF HostAddress
-
-The host adddress encodings consists of two fields:
-
-addr-type
-     This field specifies the type of address that follows. Pre-defined
-     values for this field are specified in section 8.1.
-address
-     This field encodes a single address of type addr-type.
-
-The two forms differ slightly. HostAddress contains exactly one address;
-HostAddresses contains a sequence of possibly many addresses.
-
-AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                        ad-type[0]               INTEGER,
-                        ad-data[1]               OCTET STRING
-}
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-ad-data
-     This field contains authorization data to be interpreted according to
-     the value of the corresponding ad-type field.
-ad-type
-     This field specifies the format for the ad-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved
-     for registered use.
-
-Each sequence of type and data is refered to as an authorization element.
-Elements may be application specific, however, there is a common set of
-recursive elements that should be understood by all implementations. These
-elements contain other elements embedded within them, and the
-interpretation of the encapsulating element determines which of the
-embedded elements must be interpreted, and which may be ignored.
-Definitions for these common elements may be found in Appendix B.
-
-TicketExtensions ::= SEQUENCE OF SEQUENCE {
-           te-type[0]       INTEGER,
-           te-data[1]       OCTET STRING
-}
-
-
-
-te-data
-     This field contains opaque data that must be caried with the ticket to
-     support extensions to the Kerberos protocol including but not limited
-     to some forms of inter-realm key exchange and plaintext authorization
-     data. See appendix C for some common uses of this field.
-te-type
-     This field specifies the format for the te-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved
-     for registered use.
-
-APOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- use-session-key(1),
-                  -- mutual-required(2)
-
-TicketFlags ::= BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- may-postdate(5),
-                  -- postdated(6),
-                  -- invalid(7),
-                  -- renewable(8),
-                  -- initial(9),
-                  -- pre-authent(10),
-                  -- hw-authent(11),
-                  -- transited-policy-checked(12),
-                  -- ok-as-delegate(13)
-
-KDCOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- allow-postdate(5),
-                  -- postdated(6),
-                  -- unused7(7),
-                  -- renewable(8),
-                  -- unused9(9),
-                  -- unused10(10),
-                  -- unused11(11),
-                  -- unused12(12),
-                  -- unused13(13),
-                  -- disable-transited-check(26),
-                  -- renewable-ok(27),
-                  -- enc-tkt-in-skey(28),
-                  -- renew(30),
-                  -- validate(31)
-
-ASN.1 Bit strings have a length and a value. When used in Kerberos for the
-APOptions, TicketFlags, and KDCOptions, the length of the bit string on
-generated values should be the smallest number of bits needed to include
-the highest order bit that is set (1), but in no case less than 32 bits.
-The ASN.1 representation of the bit strings uses unnamed bits, with the
-meaning of the individual bits defined by the comments in the specification
-above. Implementations should accept values of bit strings of any length
-and treat the value of flags corresponding to bits beyond the end of the
-bit string as if the bit were reset (0). Comparison of bit strings of
-different length should treat the smaller string as if it were padded with
-zeros beyond the high order bits to the length of the longer string[23].
-
-LastReq ::=   SEQUENCE OF SEQUENCE {
-               lr-type[0]               INTEGER,
-               lr-value[1]              KerberosTime
-}
-
-lr-type
-     This field indicates how the following lr-value field is to be
-     interpreted. Negative values indicate that the information pertains
-     only to the responding server. Non-negative values pertain to all
-     servers for the realm. If the lr-type field is zero (0), then no
-     information is conveyed by the lr-value subfield. If the absolute
-     value of the lr-type field is one (1), then the lr-value subfield is
-     the time of last initial request for a TGT. If it is two (2), then the
-     lr-value subfield is the time of last initial request. If it is three
-     (3), then the lr-value subfield is the time of issue for the newest
-     ticket-granting ticket used. If it is four (4), then the lr-value
-     subfield is the time of the last renewal. If it is five (5), then the
-     lr-value subfield is the time of last request (of any type). If it is
-     (6), then the lr-value subfield is the time when the password will
-     expire.
-lr-value
-     This field contains the time of the last request. the time must be
-     interpreted according to the contents of the accompanying lr-type
-     subfield.
-
-See section 6 for the definitions of Checksum, ChecksumType, EncryptedData,
-EncryptionKey, EncryptionType, and KeyType.
-
-5.3. Tickets and Authenticators
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-This section describes the format and encryption parameters for tickets and
-authenticators. When a ticket or authenticator is included in a protocol
-message it is treated as an opaque object.
-
-5.3.1. Tickets
-
-A ticket is a record that helps a client authenticate to a service. A
-Ticket contains the following information:
-
-Ticket ::=        [APPLICATION 1] SEQUENCE {
-                  tkt-vno[0]                   INTEGER,
-                  realm[1]                     Realm,
-                  sname[2]                     PrincipalName,
-                  enc-part[3]                  EncryptedData,
-                  extensions[4]                TicketExtensions OPTIONAL
-}
-
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-                  flags[0]                     TicketFlags,
-                  key[1]                       EncryptionKey,
-                  crealm[2]                    Realm,
-                  cname[3]                     PrincipalName,
-                  transited[4]                 TransitedEncoding,
-                  authtime[5]                  KerberosTime,
-                  starttime[6]                 KerberosTime OPTIONAL,
-                  endtime[7]                   KerberosTime,
-                  renew-till[8]                KerberosTime OPTIONAL,
-                  caddr[9]                     HostAddresses OPTIONAL,
-                  authorization-data[10]       AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=   SEQUENCE {
-                        tr-type[0]             INTEGER, -- must be
-registered
-                        contents[1]            OCTET STRING
-}
-
-The encoding of EncTicketPart is encrypted in the key shared by Kerberos
-and the end server (the server's secret key). See section 6 for the format
-of the ciphertext.
-
-tkt-vno
-     This field specifies the version number for the ticket format. This
-     document describes version number 5.
-realm
-     This field specifies the realm that issued a ticket. It also serves to
-     identify the realm part of the server's principal identifier. Since a
-     Kerberos server can only issue tickets for servers within its realm,
-     the two will always be identical.
-sname
-     This field specifies the name part of the server's identity.
-enc-part
-     This field holds the encrypted encoding of the EncTicketPart sequence.
-extensions
-     This optional field contains a sequence of extentions that may be used
-     to carry information that must be carried with the ticket to support
-     several extensions, including but not limited to plaintext
-     authorization data, tokens for exchanging inter-realm keys, and other
-     information that must be associated with a ticket for use by the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     application server. See Appendix C for definitions of some common
-     extensions.
-
-     Note that some older versions of Kerberos did not support this field.
-     Because this is an optional field it will not break older clients, but
-     older clients might strip this field from the ticket before sending it
-     to the application server. This limits the usefulness of this ticket
-     field to environments where the ticket will not be parsed and
-     reconstructed by these older Kerberos clients.
-
-     If it is known that the client will strip this field from the ticket,
-     as an interim measure the KDC may append this field to the end of the
-     enc-part of the ticket and append a traler indicating the lenght of
-     the appended extensions field. (this paragraph is open for discussion,
-     including the form of the traler).
-flags
-     This field indicates which of various options were used or requested
-     when the ticket was issued. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). Bit 0 is the most
-     significant bit. The encoding of the bits is specified in section 5.2.
-     The flags are described in more detail above in section 2. The
-     meanings of the flags are:
-
-          Bit(s)      Name         Description
-
-          0           RESERVED
-                                   Reserved for future  expansion  of  this
-                                   field.
-
-          1           FORWARDABLE
-                                   The FORWARDABLE flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  When set,  this
-                                   flag  tells  the  ticket-granting server
-                                   that it is OK to  issue  a  new  ticket-
-                                   granting ticket with a different network
-                                   address based on the presented ticket.
-
-          2           FORWARDED
-                                   When set, this flag indicates  that  the
-                                   ticket  has either been forwarded or was
-                                   issued based on authentication involving
-                                   a forwarded ticket-granting ticket.
-
-          3           PROXIABLE
-                                   The  PROXIABLE  flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.   The  PROXIABLE
-                                   flag  has an interpretation identical to
-                                   that of  the  FORWARDABLE  flag,  except
-                                   that   the   PROXIABLE  flag  tells  the
-                                   ticket-granting server  that  only  non-
-                                   ticket-granting  tickets  may  be issued
-                                   with different network addresses.
-
-          4           PROXY
-                                   When set, this  flag  indicates  that  a
-                                   ticket is a proxy.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-          5           MAY-POSTDATE
-                                   The MAY-POSTDATE flag is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  This flag tells
-                                   the  ticket-granting server that a post-
-                                   dated ticket may be issued based on this
-                                   ticket-granting ticket.
-
-          6           POSTDATED
-                                   This flag indicates that this ticket has
-                                   been  postdated.   The  end-service  can
-                                   check the authtime field to see when the
-                                   original authentication occurred.
-
-          7           INVALID
-                                   This flag indicates  that  a  ticket  is
-                                   invalid, and it must be validated by the
-                                   KDC  before  use.   Application  servers
-                                   must reject tickets which have this flag
-                                   set.
-
-          8           RENEWABLE
-                                   The  RENEWABLE  flag  is  normally  only
-                                   interpreted  by the TGS, and can usually
-                                   be ignored by end servers (some particu-
-                                   larly careful servers may wish to disal-
-                                   low  renewable  tickets).   A  renewable
-                                   ticket  can be used to obtain a replace-
-                                   ment ticket  that  expires  at  a  later
-                                   date.
-
-          9           INITIAL
-                                   This flag indicates that this ticket was
-                                   issued  using  the  AS protocol, and not
-                                   issued  based   on   a   ticket-granting
-                                   ticket.
-
-          10          PRE-AUTHENT
-                                   This flag indicates that during  initial
-                                   authentication, the client was authenti-
-                                   cated by the KDC  before  a  ticket  was
-                                   issued.    The   strength  of  the  pre-
-                                   authentication method is not  indicated,
-                                   but is acceptable to the KDC.
-
-          11          HW-AUTHENT
-                                   This flag indicates  that  the  protocol
-                                   employed   for   initial  authentication
-                                   required the use of hardware expected to
-                                   be possessed solely by the named client.
-                                   The hardware  authentication  method  is
-                                   selected  by the KDC and the strength of
-                                   the method is not indicated.
-
-          12           TRANSITED   This flag indicates that the KDC for the
-                  POLICY-CHECKED   realm has checked the transited field
-                                   against a realm defined policy for
-                                   trusted certifiers.  If this flag is
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                                   reset (0), then the application server
-                                   must check the transited field itself,
-                                   and if unable to do so it must reject
-                                   the authentication.  If the flag is set
-                                   (1) then the application server may skip
-                                   its own validation of the transited
-                                   field, relying on the validation
-                                   performed by the KDC.  At its option the
-                                   application server may still apply its
-                                   own validation based on a separate
-                                   policy for acceptance.
-
-          13      OK-AS-DELEGATE   This flag indicates that the server (not
-                                   the client) specified in the ticket has
-                                   been determined by policy of the realm
-                                   to be a suitable recipient of
-                                   delegation.  A client can use the
-                                   presence of this flag to help it make a
-                                   decision whether to delegate credentials
-                                   (either grant a proxy or a forwarded
-                                   ticket granting ticket) to this server.
-                                   The client is free to ignore the value
-                                   of this flag.  When setting this flag,
-                                   an administrator should consider the
-                                   Security and placement of the server on
-                                   which the service will run, as well as
-                                   whether the service requires the use of
-                                   delegated credentials.
-
-          14          ANONYMOUS
-                                   This flag indicates that  the  principal
-                                   named in the ticket is a generic princi-
-                                   pal for the realm and does not  identify
-                                   the  individual  using  the ticket.  The
-                                   purpose  of  the  ticket  is   only   to
-                                   securely  distribute  a session key, and
-                                   not to identify  the  user.   Subsequent
-                                   requests  using the same ticket and ses-
-                                   sion may be  considered  as  originating
-                                   from  the  same  user, but requests with
-                                   the same username but a different ticket
-                                   are  likely  to originate from different
-                                   users.
-
-          15-31       RESERVED
-                                   Reserved for future use.
-
-key
-     This field exists in the ticket and the KDC response and is used to
-     pass the session key from Kerberos to the application server and the
-     client. The field's encoding is described in section 6.2.
-crealm
-     This field contains the name of the realm in which the client is
-     registered and in which initial authentication took place.
-cname
-     This field contains the name part of the client's principal
-     identifier.
-transited
-     This field lists the names of the Kerberos realms that took part in
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     authenticating the user to whom this ticket was issued. It does not
-     specify the order in which the realms were transited. See section
-     3.3.3.2 for details on how this field encodes the traversed realms.
-     When the names of CA's are to be embedded inthe transited field (as
-     specified for some extentions to the protocol), the X.500 names of the
-     CA's should be mapped into items in the transited field using the
-     mapping defined by RFC2253.
-authtime
-     This field indicates the time of initial authentication for the named
-     principal. It is the time of issue for the original ticket on which
-     this ticket is based. It is included in the ticket to provide
-     additional information to the end service, and to provide the
-     necessary information for implementation of a `hot list' service at
-     the KDC. An end service that is particularly paranoid could refuse to
-     accept tickets for which the initial authentication occurred "too far"
-     in the past. This field is also returned as part of the response from
-     the KDC. When returned as part of the response to initial
-     authentication (KRB_AS_REP), this is the current time on the Ker-
-     beros server[24].
-starttime
-     This field in the ticket specifies the time after which the ticket is
-     valid. Together with endtime, this field specifies the life of the
-     ticket. If it is absent from the ticket, its value should be treated
-     as that of the authtime field.
-endtime
-     This field contains the time after which the ticket will not be
-     honored (its expiration time). Note that individual services may place
-     their own limits on the life of a ticket and may reject tickets which
-     have not yet expired. As such, this is really an upper bound on the
-     expiration time for the ticket.
-renew-till
-     This field is only present in tickets that have the RENEWABLE flag set
-     in the flags field. It indicates the maximum endtime that may be
-     included in a renewal. It can be thought of as the absolute expiration
-     time for the ticket, including all renewals.
-caddr
-     This field in a ticket contains zero (if omitted) or more (if present)
-     host addresses. These are the addresses from which the ticket can be
-     used. If there are no addresses, the ticket can be used from any
-     location. The decision by the KDC to issue or by the end server to
-     accept zero-address tickets is a policy decision and is left to the
-     Kerberos and end-service administrators; they may refuse to issue or
-     accept such tickets. The suggested and default policy, however, is
-     that such tickets will only be issued or accepted when additional
-     information that can be used to restrict the use of the ticket is
-     included in the authorization_data field. Such a ticket is a
-     capability.
-
-     Network addresses are included in the ticket to make it harder for an
-     attacker to use stolen credentials. Because the session key is not
-     sent over the network in cleartext, credentials can't be stolen simply
-     by listening to the network; an attacker has to gain access to the
-     session key (perhaps through operating system security breaches or a
-     careless user's unattended session) to make use of stolen tickets.
-
-     It is important to note that the network address from which a
-     connection is received cannot be reliably determined. Even if it could
-     be, an attacker who has compromised the client's worksta- tion could
-     use the credentials from there. Including the network addresses only
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     makes it more difficult, not impossible, for an attacker to walk off
-     with stolen credentials and then use them from a "safe" location.
-authorization-data
-     The authorization-data field is used to pass authorization data from
-     the principal on whose behalf a ticket was issued to the application
-     service. If no authorization data is included, this field will be left
-     out. Experience has shown that the name of this field is confusing,
-     and that a better name for this field would be restrictions.
-     Unfortunately, it is not possible to change the name of this field at
-     this time.
-
-     This field contains restrictions on any authority obtained on the
-     basis of authentication using the ticket. It is possible for any
-     principal in posession of credentials to add entries to the
-     authorization data field since these entries further restrict what can
-     be done with the ticket. Such additions can be made by specifying the
-     additional entries when a new ticket is obtained during the TGS
-     exchange, or they may be added during chained delegation using the
-     authorization data field of the authenticator.
-
-     Because entries may be added to this field by the holder of
-     credentials, it is not allowable for the presence of an entry in the
-     authorization data field of a ticket to amplify the priveleges one
-     would obtain from using a ticket.
-
-     The data in this field may be specific to the end service; the field
-     will contain the names of service specific objects, and the rights to
-     those objects. The format for this field is described in section 5.2.
-     Although Kerberos is not concerned with the format of the contents of
-     the sub-fields, it does carry type information (ad-type).
-
-     By using the authorization_data field, a principal is able to issue a
-     proxy that is valid for a specific purpose. For example, a client
-     wishing to print a file can obtain a file server proxy to be passed to
-     the print server. By specifying the name of the file in the
-     authorization_data field, the file server knows that the print server
-     can only use the client's rights when accessing the particular file to
-     be printed.
-
-     A separate service providing authorization or certifying group
-     membership may be built using the authorization-data field. In this
-     case, the entity granting authorization (not the authorized entity),
-     obtains a ticket in its own name (e.g. the ticket is issued in the
-     name of a privelege server), and this entity adds restrictions on its
-     own authority and delegates the restricted authority through a proxy
-     to the client. The client would then present this authorization
-     credential to the application server separately from the
-     authentication exchange.
-
-     Similarly, if one specifies the authorization-data field of a proxy
-     and leaves the host addresses blank, the resulting ticket and session
-     key can be treated as a capability. See [Neu93] for some suggested
-     uses of this field.
-
-     The authorization-data field is optional and does not have to be
-     included in a ticket.
-
-5.3.2. Authenticators
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-An authenticator is a record sent with a ticket to a server to certify the
-client's knowledge of the encryption key in the ticket, to help the server
-detect replays, and to help choose a "true session key" to use with the
-particular session. The encoding is encrypted in the ticket's session key
-shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::= [APPLICATION 2] SEQUENCE  {
-                  authenticator-vno[0]          INTEGER,
-                  crealm[1]                     Realm,
-                  cname[2]                      PrincipalName,
-                  cksum[3]                      Checksum OPTIONAL,
-                  cusec[4]                      INTEGER,
-                  ctime[5]                      KerberosTime,
-                  subkey[6]                     EncryptionKey OPTIONAL,
-                  seq-number[7]                 INTEGER OPTIONAL,
-                  authorization-data[8]         AuthorizationData OPTIONAL
-}
-
-
-authenticator-vno
-     This field specifies the version number for the format of the
-     authenticator. This document specifies version 5.
-crealm and cname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-cksum
-     This field contains a checksum of the the applica- tion data that
-     accompanies the KRB_AP_REQ.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-     Its value (before encryption) ranges from 0 to 999999. It often
-     appears along with ctime. The two fields are used together to specify
-     a reasonably accurate timestamp.
-ctime
-     This field contains the current time on the client's host.
-subkey
-     This field contains the client's choice for an encryption key which is
-     to be used to protect this specific application session. Unless an
-     application specifies otherwise, if this field is left out the session
-     key from the ticket will be used.
-seq-number
-     This optional field includes the initial sequence number to be used by
-     the KRB_PRIV or KRB_SAFE messages when sequence numbers are used to
-     detect replays (It may also be used by application specific messages).
-     When included in the authenticator this field specifies the initial
-     sequence number for messages from the client to the server. When
-     included in the AP-REP message, the initial sequence number is that
-     for messages from the server to the client. When used in KRB_PRIV or
-     KRB_SAFE messages, it is incremented by one after each message is
-     sent. Sequence numbers fall in the range of 0 through 2^32 - 1 and
-     wrap to zero following the value 2^32 - 1.
-
-     For sequence numbers to adequately support the detection of replays
-     they should be non-repeating, even across connection boundaries. The
-     initial sequence number should be random and uniformly distributed
-     across the full space of possible sequence numbers, so that it cannot
-     be guessed by an attacker and so that it and the successive sequence
-     numbers do not repeat other sequences.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-authorization-data
-     This field is the same as described for the ticket in section 5.3.1.
-     It is optional and will only appear when additional restrictions are
-     to be placed on the use of a ticket, beyond those carried in the
-     ticket itself.
-
-5.4. Specifications for the AS and TGS exchanges
-
-This section specifies the format of the messages used in the exchange
-between the client and the Kerberos server. The format of possible error
-messages appears in section 5.9.1.
-
-5.4.1. KRB_KDC_REQ definition
-
-The KRB_KDC_REQ message has no type of its own. Instead, its type is one of
-KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is for an
-initial ticket or an additional ticket. In either case, the message is sent
-from the client to the Authentication Server to request credentials for a
-service.
-
-The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-KDC-REQ ::=        SEQUENCE {
-                   pvno[1]            INTEGER,
-                   msg-type[2]        INTEGER,
-                   padata[3]          SEQUENCE OF PA-DATA OPTIONAL,
-                   req-body[4]        KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-                   padata-type[1]     INTEGER,
-                   padata-value[2]    OCTET STRING,
-                                      -- might be encoded AP-REQ
-}
-
-KDC-REQ-BODY ::=   SEQUENCE {
-                    kdc-options[0]         KDCOptions,
-                    cname[1]               PrincipalName OPTIONAL,
-                                           -- Used only in AS-REQ
-                    realm[2]               Realm, -- Server's realm
-                                           -- Also client's in AS-REQ
-                    sname[3]               PrincipalName OPTIONAL,
-                    from[4]                KerberosTime OPTIONAL,
-                    till[5]                KerberosTime OPTIONAL,
-                    rtime[6]               KerberosTime OPTIONAL,
-                    nonce[7]               INTEGER,
-                    etype[8]               SEQUENCE OF INTEGER,
-                                           -- EncryptionType,
-                                           -- in preference order
-                    addresses[9]           HostAddresses OPTIONAL,
-                enc-authorization-data[10] EncryptedData OPTIONAL,
-                                           -- Encrypted AuthorizationData
-                                           -- encoding
-                    additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-The fields in this message are:
-
-pvno
-     This field is included in each message, and specifies the protocol
-     version number. This document specifies protocol version 5.
-msg-type
-     This field indicates the type of a protocol message. It will almost
-     always be the same as the application identifier associated with a
-     message. It is included to make the identifier more readily accessible
-     to the application. For the KDC-REQ message, this type will be
-     KRB_AS_REQ or KRB_TGS_REQ.
-padata
-     The padata (pre-authentication data) field contains a sequence of
-     authentication information which may be needed before credentials can
-     be issued or decrypted. In the case of requests for additional tickets
-     (KRB_TGS_REQ), this field will include an element with padata-type of
-     PA-TGS-REQ and data of an authentication header (ticket-granting
-     ticket and authenticator). The checksum in the authenticator (which
-     must be collision-proof) is to be computed over the KDC-REQ-BODY
-     encoding. In most requests for initial authentication (KRB_AS_REQ) and
-     most replies (KDC-REP), the padata field will be left out.
-
-     This field may also contain information needed by certain extensions
-     to the Kerberos protocol. For example, it might be used to initially
-     verify the identity of a client before any response is returned. This
-     is accomplished with a padata field with padata-type equal to
-     PA-ENC-TIMESTAMP and padata-value defined as follows:
-
-     padata-type     ::= PA-ENC-TIMESTAMP
-     padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-     PA-ENC-TS-ENC   ::= SEQUENCE {
-                     patimestamp[0]     KerberosTime, -- client's time
-                     pausec[1]          INTEGER OPTIONAL
-     }
-
-     with patimestamp containing the client's time and pausec containing
-     the microseconds which may be omitted if a client will not generate
-     more than one request per second. The ciphertext (padata-value)
-     consists of the PA-ENC-TS-ENC sequence, encrypted using the client's
-     secret key.
-
-     [use-specified-kvno item is here for discussion and may be removed] It
-     may also be used by the client to specify the version of a key that is
-     being used for accompanying preauthentication, and/or which should be
-     used to encrypt the reply from the KDC.
-
-     PA-USE-SPECIFIED-KVNO  ::=  Integer
-
-     The KDC should only accept and abide by the value of the
-     use-specified-kvno preauthentication data field when the specified key
-     is still valid and until use of a new key is confirmed. This situation
-     is likely to occur primarily during the period during which an updated
-     key is propagating to other KDC's in a realm.
-
-     The padata field can also contain information needed to help the KDC
-     or the client select the key needed for generating or decrypting the
-     response. This form of the padata is useful for supporting the use of
-     certain token cards with Kerberos. The details of such extensions are
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     specified in separate documents. See [Pat92] for additional uses of
-     this field.
-padata-type
-     The padata-type element of the padata field indicates the way that the
-     padata-value element is to be interpreted. Negative values of
-     padata-type are reserved for unregistered use; non-negative values are
-     used for a registered interpretation of the element type.
-req-body
-     This field is a placeholder delimiting the extent of the remaining
-     fields. If a checksum is to be calculated over the request, it is
-     calculated over an encoding of the KDC-REQ-BODY sequence which is
-     enclosed within the req-body field.
-kdc-options
-     This field appears in the KRB_AS_REQ and KRB_TGS_REQ requests to the
-     KDC and indicates the flags that the client wants set on the tickets
-     as well as other information that is to modify the behavior of the
-     KDC. Where appropriate, the name of an option may be the same as the
-     flag that is set by that option. Although in most case, the bit in the
-     options field will be the same as that in the flags field, this is not
-     guaranteed, so it is not acceptable to simply copy the options field
-     to the flags field. There are various checks that must be made before
-     honoring an option anyway.
-
-     The kdc_options field is a bit-field, where the selected options are
-     indicated by the bit being set (1), and the unselected options and
-     reserved fields being reset (0). The encoding of the bits is specified
-     in section 5.2. The options are described in more detail above in
-     section 2. The meanings of the options are:
-
-        Bit(s)    Name                Description
-         0        RESERVED
-                                      Reserved for future  expansion  of
-this
-                                      field.
-
-         1        FORWARDABLE
-                                      The FORWARDABLE  option  indicates
-that
-                                      the  ticket  to be issued is to have
-its
-                                      forwardable flag set.  It  may  only
-be
-                                      set on the initial request, or in a
-sub-
-                                      sequent request if  the
-ticket-granting
-                                      ticket on which it is based is also
-for-
-                                      wardable.
-
-         2        FORWARDED
-                                      The FORWARDED option is  only
-specified
-                                      in  a  request  to  the
-ticket-granting
-                                      server and will only be honored  if
-the
-                                      ticket-granting  ticket  in  the
-request
-                                      has  its  FORWARDABLE  bit  set.
-This
-                                      option  indicates that this is a
-request
-                                      for forwarding.  The address(es) of
-the
-                                      host  from which the resulting ticket
-is
-                                      to  be  valid  are   included   in
-the
-                                      addresses field of the request.
-
-         3        PROXIABLE
-                                      The PROXIABLE option indicates that
-the
-                                      ticket to be issued is to have its
-prox-
-                                      iable flag set.  It may only be  set
-on
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                                      the  initial request, or in a
-subsequent
-                                      request if the ticket-granting ticket
-on
-                                      which it is based is also proxiable.
-
-         4        PROXY
-                                      The PROXY option indicates that this
-is
-                                      a request for a proxy.  This option
-will
-                                      only be honored if  the
-ticket-granting
-                                      ticket  in the request has its
-PROXIABLE
-                                      bit set.  The address(es)  of  the
-host
-                                      from which the resulting ticket is to
-be
-                                       valid  are  included  in  the
-addresses
-                                      field of the request.
-
-         5        ALLOW-POSTDATE
-                                      The ALLOW-POSTDATE option indicates
-that
-                                      the  ticket  to be issued is to have
-its
-                                      MAY-POSTDATE flag set.  It may  only
-be
-                                      set on the initial request, or in a
-sub-
-                                      sequent request if  the
-ticket-granting
-                                      ticket on which it is based also has
-its
-                                      MAY-POSTDATE flag set.
-
-         6        POSTDATED
-                                      The POSTDATED option indicates that
-this
-                                      is  a  request  for  a postdated
-ticket.
-                                      This option will only be honored if
-the
-                                      ticket-granting  ticket  on  which
-                                      it is based has  its  MAY-POSTDATE
-                                      flag set.
-                                      The  resulting ticket will also have
-its
-                                      INVALID flag set, and that flag  may
-be
-                                      reset by a subsequent request to the
-KDC
-                                      after the starttime in  the  ticket
-has
-                                      been reached.
-
-         7        UNUSED
-                                      This option is presently unused.
-
-         8        RENEWABLE
-                                      The RENEWABLE option indicates that
-the
-                                      ticket  to  be  issued  is  to  have
-its
-                                      RENEWABLE flag set.  It may only be
-set
-                                      on  the  initial  request,  or  when
-the
-                                      ticket-granting  ticket  on  which
-the
-                                      request  is based is also renewable.
-If
-                                      this option is requested, then the
-rtime
-                                      field   in   the  request  contains
-the
-                                      desired absolute expiration time for
-the
-                                      ticket.
-
-         9-13     UNUSED
-                                      These options are presently unused.
-
-         14       REQUEST-ANONYMOUS
-                                      The REQUEST-ANONYMOUS  option
-indicates
-                                      that  the  ticket to be issued is not
-to
-                                      identify  the  user  to  which  it
-was
-                                      issued.  Instead, the principal
-identif-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                                      ier is to be generic,  as  specified
-by
-                                      the  policy  of  the realm (e.g.
-usually
-                                      anonymous@realm).  The  purpose  of
-the
-                                      ticket  is only to securely distribute
-a
-                                      session key, and  not  to  identify
-the
-                                      user.   The ANONYMOUS flag on the
-ticket
-                                      to be returned should be  set.   If
-the
-                                      local  realms  policy  does  not
-permit
-                                      anonymous credentials, the request is
-to
-                                      be rejected.
-
-         15-25    RESERVED
-                                      Reserved for future use.
-
-         26       DISABLE-TRANSITED-CHECK
-                                      By default the KDC will check the
-                                      transited field of a ticket-granting-
-                                      ticket against the policy of the local
-                                      realm before it will issue derivative
-                                      tickets based on the ticket granting
-                                      ticket.  If this flag is set in the
-                                      request, checking of the transited
-field
-                                      is disabled.  Tickets issued without
-the
-                                      performance of this check will be
-noted
-                                      by the reset (0) value of the
-                                      TRANSITED-POLICY-CHECKED flag,
-                                      indicating to the application server
-                                      that the tranisted field must be
-checked
-                                      locally.  KDC's are encouraged but not
-                                      required to honor the
-                                      DISABLE-TRANSITED-CHECK option.
-
-         27       RENEWABLE-OK
-                                      The RENEWABLE-OK option indicates that
-a
-                                      renewable ticket will be acceptable if
-a
-                                      ticket with the  requested  life
-cannot
-                                      otherwise be provided.  If a ticket
-with
-                                      the requested life cannot  be
-provided,
-                                      then  a  renewable  ticket may be
-issued
-                                      with  a  renew-till  equal  to  the
-the
-                                      requested  endtime.   The  value  of
-the
-                                      renew-till field may still be limited
-by
-                                      local  limits, or limits selected by
-the
-                                      individual principal or server.
-
-         28       ENC-TKT-IN-SKEY
-                                      This option is used only by the
-ticket-
-                                      granting  service.   The
-ENC-TKT-IN-SKEY
-                                      option indicates that the ticket for
-the
-                                      end  server  is  to  be encrypted in
-the
-                                      session key from the additional
-ticket-
-                                      granting ticket provided.
-
-         29       RESERVED
-                                      Reserved for future use.
-
-         30       RENEW
-                                      This option is used only by the
-ticket-
-                                      granting   service.   The  RENEW
-option
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                                      indicates that the  present  request
-is
-                                      for  a  renewal.  The ticket provided
-is
-                                      encrypted in  the  secret  key  for
-the
-                                      server  on  which  it  is  valid.
-This
-                                      option  will  only  be  honored  if
-the
-                                      ticket  to  be renewed has its
-RENEWABLE
-                                      flag set and if the time in  its
-renew-
-                                      till  field  has not passed.  The
-ticket
-                                      to be renewed is passed  in  the
-padata
-                                      field  as  part  of  the
-authentication
-                                      header.
-
-         31       VALIDATE
-                                      This option is used only by the
-ticket-
-                                      granting  service.   The VALIDATE
-option
-                                      indicates that the request is  to
-vali-
-                                      date  a  postdated ticket.  It will
-only
-                                      be honored if the  ticket  presented
-is
-                                      postdated,  presently  has  its
-INVALID
-                                      flag set, and would be otherwise
-usable
-                                      at  this time.  A ticket cannot be
-vali-
-                                      dated before its starttime.  The
-ticket
-                                      presented for validation is encrypted
-in
-                                      the key of the server for  which  it
-is
-                                      valid  and is passed in the padata
-field
-                                      as part of the authentication header.
-
-cname and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1. sname may only be absent when the ENC-TKT-IN-SKEY option is
-     specified. If absent, the name of the server is taken from the name of
-     the client in the ticket passed as additional-tickets.
-enc-authorization-data
-     The enc-authorization-data, if present (and it can only be present in
-     the TGS_REQ form), is an encoding of the desired authorization-data
-     encrypted under the sub-session key if present in the Authenticator,
-     or alternatively from the session key in the ticket-granting ticket,
-     both from the padata field in the KRB_AP_REQ.
-realm
-     This field specifies the realm part of the server's principal
-     identifier. In the AS exchange, this is also the realm part of the
-     client's principal identifier.
-from
-     This field is included in the KRB_AS_REQ and KRB_TGS_REQ ticket
-     requests when the requested ticket is to be postdated. It specifies
-     the desired start time for the requested ticket. If this field is
-     omitted then the KDC should use the current time instead.
-till
-     This field contains the expiration date requested by the client in a
-     ticket request. It is optional and if omitted the requested ticket is
-     to have the maximum endtime permitted according to KDC policy for the
-     parties to the authentication exchange as limited by expiration date
-     of the ticket granting ticket or other preauthentication credentials.
-rtime
-     This field is the requested renew-till time sent from a client to the
-     KDC in a ticket request. It is optional.
-nonce
-     This field is part of the KDC request and response. It it intended to
-     hold a random number generated by the client. If the same number is
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     included in the encrypted response from the KDC, it provides evidence
-     that the response is fresh and has not been replayed by an attacker.
-     Nonces must never be re-used. Ideally, it should be generated
-     randomly, but if the correct time is known, it may suffice[25].
-etype
-     This field specifies the desired encryption algorithm to be used in
-     the response.
-addresses
-     This field is included in the initial request for tickets, and
-     optionally included in requests for additional tickets from the
-     ticket-granting server. It specifies the addresses from which the
-     requested ticket is to be valid. Normally it includes the addresses
-     for the client's host. If a proxy is requested, this field will
-     contain other addresses. The contents of this field are usually copied
-     by the KDC into the caddr field of the resulting ticket.
-additional-tickets
-     Additional tickets may be optionally included in a request to the
-     ticket-granting server. If the ENC-TKT-IN-SKEY option has been
-     specified, then the session key from the additional ticket will be
-     used in place of the server's key to encrypt the new ticket. If more
-     than one option which requires additional tickets has been specified,
-     then the additional tickets are used in the order specified by the
-     ordering of the options bits (see kdc-options, above).
-
-The application code will be either ten (10) or twelve (12) depending on
-whether the request is for an initial ticket (AS-REQ) or for an additional
-ticket (TGS-REQ).
-
-The optional fields (addresses, authorization-data and additional-tickets)
-are only included if necessary to perform the operation specified in the
-kdc-options field.
-
-It should be noted that in KRB_TGS_REQ, the protocol version number appears
-twice and two different message types appear: the KRB_TGS_REQ message
-contains these fields as does the authentication header (KRB_AP_REQ) that
-is passed in the padata field.
-
-5.4.2. KRB_KDC_REP definition
-
-The KRB_KDC_REP message format is used for the reply from the KDC for
-either an initial (AS) request or a subsequent (TGS) request. There is no
-message type for KRB_KDC_REP. Instead, the type will be either KRB_AS_REP
-or KRB_TGS_REP. The key used to encrypt the ciphertext part of the reply
-depends on the message type. For KRB_AS_REP, the ciphertext is encrypted in
-the client's secret key, and the client's key version number is included in
-the key version number for the encrypted data. For KRB_TGS_REP, the
-ciphertext is encrypted in the sub-session key from the Authenticator, or
-if absent, the session key from the ticket-granting ticket used in the
-request. In that case, no version number will be present in the
-EncryptedData sequence.
-
-The KRB_KDC_REP message contains the following fields:
-
-AS-REP ::=    [APPLICATION 11] KDC-REP
-TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-KDC-REP ::=   SEQUENCE {
-              pvno[0]                    INTEGER,
-              msg-type[1]                INTEGER,
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-              padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-              crealm[3]                  Realm,
-              cname[4]                   PrincipalName,
-              ticket[5]                  Ticket,
-              enc-part[6]                EncryptedData
-}
-
-EncASRepPart ::=    [APPLICATION 25[27]] EncKDCRepPart
-EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-EncKDCRepPart ::=   SEQUENCE {
-                    key[0]               EncryptionKey,
-                    last-req[1]          LastReq,
-                    nonce[2]             INTEGER,
-                    key-expiration[3]    KerberosTime OPTIONAL,
-                    flags[4]             TicketFlags,
-                    authtime[5]          KerberosTime,
-                    starttime[6]         KerberosTime OPTIONAL,
-                    endtime[7]           KerberosTime,
-                    renew-till[8]        KerberosTime OPTIONAL,
-                    srealm[9]            Realm,
-                    sname[10]            PrincipalName,
-                    caddr[11]            HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is either
-     KRB_AS_REP or KRB_TGS_REP.
-padata
-     This field is described in detail in section 5.4.1. One possible use
-     for this field is to encode an alternate "mix-in" string to be used
-     with a string-to-key algorithm (such as is described in section
-     6.3.2). This ability is useful to ease transitions if a realm name
-     needs to change (e.g. when a company is acquired); in such a case all
-     existing password-derived entries in the KDC database would be flagged
-     as needing a special mix-in string until the next password change.
-crealm, cname, srealm and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-ticket
-     The newly-issued ticket, from section 5.3.1.
-enc-part
-     This field is a place holder for the ciphertext and related
-     information that forms the encrypted part of a message. The
-     description of the encrypted part of the message follows each
-     appearance of this field. The encrypted part is encoded as described
-     in section 6.1.
-key
-     This field is the same as described for the ticket in section 5.3.1.
-last-req
-     This field is returned by the KDC and specifies the time(s) of the
-     last request by a principal. Depending on what information is
-     available, this might be the last time that a request for a
-     ticket-granting ticket was made, or the last time that a request based
-     on a ticket-granting ticket was successful. It also might cover all
-     servers for a realm, or just the particular server. Some
-     implementations may display this information to the user to aid in
-     discovering unauthorized use of one's identity. It is similar in
-     spirit to the last login time displayed when logging into timesharing
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     systems.
-nonce
-     This field is described above in section 5.4.1.
-key-expiration
-     The key-expiration field is part of the response from the KDC and
-     specifies the time that the client's secret key is due to expire. The
-     expiration might be the result of password aging or an account
-     expiration. This field will usually be left out of the TGS reply since
-     the response to the TGS request is encrypted in a session key and no
-     client information need be retrieved from the KDC database. It is up
-     to the application client (usually the login program) to take
-     appropriate action (such as notifying the user) if the expiration time
-     is imminent.
-flags, authtime, starttime, endtime, renew-till and caddr
-     These fields are duplicates of those found in the encrypted portion of
-     the attached ticket (see section 5.3.1), provided so the client may
-     verify they match the intended request and to assist in proper ticket
-     caching. If the message is of type KRB_TGS_REP, the caddr field will
-     only be filled in if the request was for a proxy or forwarded ticket,
-     or if the user is substituting a subset of the addresses from the
-     ticket granting ticket. If the client-requested addresses are not
-     present or not used, then the addresses contained in the ticket will
-     be the same as those included in the ticket-granting ticket.
-
-5.5. Client/Server (CS) message specifications
-
-This section specifies the format of the messages used for the
-authentication of the client to the application server.
-
-5.5.1. KRB_AP_REQ definition
-
-The KRB_AP_REQ message contains the Kerberos protocol version number, the
-message type KRB_AP_REQ, an options field to indicate any options in use,
-and the ticket and authenticator themselves. The KRB_AP_REQ message is
-often referred to as the 'authentication header'.
-
-AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ap-options[2]                 APOptions,
-                ticket[3]                     Ticket,
-                authenticator[4]              EncryptedData
-}
-
-APOptions ::=   BIT STRING {
-                reserved(0),
-                use-session-key(1),
-                mutual-required(2)
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REQ.
-ap-options
-     This field appears in the application request (KRB_AP_REQ) and affects
-     the way the request is processed. It is a bit-field, where the
-     selected options are indicated by the bit being set (1), and the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     unselected options and reserved fields being reset (0). The encoding
-     of the bits is specified in section 5.2. The meanings of the options
-     are:
-
-          Bit(s)   Name              Description
-
-          0        RESERVED
-                                     Reserved for future  expansion  of
-this
-                                     field.
-
-          1        USE-SESSION-KEY
-                                     The  USE-SESSION-KEY  option
-indicates
-                                     that the ticket the client is
-presenting
-                                     to a server is encrypted in the
-session
-                                     key  from  the  server's
-ticket-granting
-                                     ticket.  When this option is not
-speci-
-                                     fied,  the  ticket  is  encrypted in
-the
-                                     server's secret key.
-
-          2        MUTUAL-REQUIRED
-                                     The  MUTUAL-REQUIRED  option  tells
-the
-                                     server  that  the client requires
-mutual
-                                     authentication, and that it must
-respond
-                                     with a KRB_AP_REP message.
-
-          3-31     RESERVED
-                                     Reserved for future use.
-
-ticket
-     This field is a ticket authenticating the client to the server.
-authenticator
-     This contains the authenticator, which includes the client's choice of
-     a subkey. Its encoding is described in section 5.3.2.
-
-5.5.2. KRB_AP_REP definition
-
-The KRB_AP_REP message contains the Kerberos protocol version number, the
-message type, and an encrypted time- stamp. The message is sent in in
-response to an application request (KRB_AP_REQ) where the mutual
-authentication option has been selected in the ap-options field.
-
-AP-REP ::=         [APPLICATION 15] SEQUENCE {
-                   pvno[0]                           INTEGER,
-                   msg-type[1]                       INTEGER,
-                   enc-part[2]                       EncryptedData
-}
-
-EncAPRepPart ::=   [APPLICATION 27[29]] SEQUENCE {
-                   ctime[0]                          KerberosTime,
-                   cusec[1]                          INTEGER,
-                   subkey[2]                         EncryptionKey OPTIONAL,
-                   seq-number[3]                     INTEGER OPTIONAL
-}
-
-The encoded EncAPRepPart is encrypted in the shared session key of the
-ticket. The optional subkey field can be used in an application-arranged
-negotiation to choose a per association session key.
-
-pvno and msg-type
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REP.
-enc-part
-     This field is described above in section 5.4.2.
-ctime
-     This field contains the current time on the client's host.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-subkey
-     This field contains an encryption key which is to be used to protect
-     this specific application session. See section 3.2.6 for specifics on
-     how this field is used to negotiate a key. Unless an application
-     specifies otherwise, if this field is left out, the sub-session key
-     from the authenticator, or if also left out, the session key from the
-     ticket will be used.
-
-5.5.3. Error message reply
-
-If an error occurs while processing the application request, the KRB_ERROR
-message will be sent in response. See section 5.9.1 for the format of the
-error message. The cname and crealm fields may be left out if the server
-cannot determine their appropriate values from the corresponding KRB_AP_REQ
-message. If the authenticator was decipherable, the ctime and cusec fields
-will contain the values from it.
-
-5.6. KRB_SAFE message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to send a tamper-proof message to
-its peer. It presumes that a session key has previously been exchanged (for
-example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.6.1. KRB_SAFE definition
-
-The KRB_SAFE message contains user data along with a collision-proof
-checksum keyed with the last encryption key negotiated via subkeys, or the
-session key if no negotiation has occured. The message fields are:
-
-KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-                    pvno[0]                       INTEGER,
-                    msg-type[1]                   INTEGER,
-                    safe-body[2]                  KRB-SAFE-BODY,
-                    cksum[3]                      Checksum
-}
-
-KRB-SAFE-BODY ::=   SEQUENCE {
-                    user-data[0]                  OCTET STRING,
-                    timestamp[1]                  KerberosTime OPTIONAL,
-                    usec[2]                       INTEGER OPTIONAL,
-                    seq-number[3]                 INTEGER OPTIONAL,
-                    s-address[4]                  HostAddress OPTIONAL,
-                    r-address[5]                  HostAddress OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_SAFE.
-safe-body
-     This field is a placeholder for the body of the KRB-SAFE message.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-cksum
-     This field contains the checksum of the application data. Checksum
-     details are described in section 6.4. The checksum is computed over
-     the encoding of the KRB-SAFE sequence. First, the cksum is zeroed and
-     the checksum is computed over the encoding of the KRB-SAFE sequence,
-     then the checksum is set to the result of that computation, and
-     finally the KRB-SAFE sequence is encoded again.
-user-data
-     This field is part of the KRB_SAFE and KRB_PRIV messages and contain
-     the application specific data that is being passed from the sender to
-     the recipient.
-timestamp
-     This field is part of the KRB_SAFE and KRB_PRIV messages. Its contents
-     are the current time as known by the sender of the message. By
-     checking the timestamp, the recipient of the message is able to make
-     sure that it was recently generated, and is not a replay.
-usec
-     This field is part of the KRB_SAFE and KRB_PRIV headers. It contains
-     the microsecond part of the timestamp.
-seq-number
-     This field is described above in section 5.3.2.
-s-address
-     This field specifies the address in use by the sender of the message.
-r-address
-     This field specifies the address in use by the recipient of the
-     message. It may be omitted for some uses (such as broadcast
-     protocols), but the recipient may arbitrarily reject such messages.
-     This field along with s-address can be used to help detect messages
-     which have been incorrectly or maliciously delivered to the wrong
-     recipient.
-
-5.7. KRB_PRIV message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to securely and privately send a
-message to its peer. It presumes that a session key has previously been
-exchanged (for example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1. KRB_PRIV definition
-
-The KRB_PRIV message contains user data encrypted in the Session Key. The
-message fields are:
-
-KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                     pvno[0]                           INTEGER,
-                     msg-type[1]                       INTEGER,
-                     enc-part[3]                       EncryptedData
-}
-
-EncKrbPrivPart ::=   [APPLICATION 28[31]] SEQUENCE {
-                     user-data[0]        OCTET STRING,
-                     timestamp[1]        KerberosTime OPTIONAL,
-                     usec[2]             INTEGER OPTIONAL,
-                     seq-number[3]       INTEGER OPTIONAL,
-                     s-address[4]        HostAddress OPTIONAL, -- sender's
-addr
-                     r-address[5]        HostAddress OPTIONAL -- recip's
-addr
-}
-
-pvno and msg-type
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_PRIV.
-enc-part
-     This field holds an encoding of the EncKrbPrivPart sequence encrypted
-     under the session key[32]. This encrypted encoding is used for the
-     enc-part field of the KRB-PRIV message. See section 6 for the format
-     of the ciphertext.
-user-data, timestamp, usec, s-address and r-address
-     These fields are described above in section 5.6.1.
-seq-number
-     This field is described above in section 5.3.2.
-
-5.8. KRB_CRED message specification
-
-This section specifies the format of a message that can be used to send
-Kerberos credentials from one principal to another. It is presented here to
-encourage a common mechanism to be used by applications when forwarding
-tickets or providing proxies to subordinate servers. It presumes that a
-session key has already been exchanged perhaps by using the
-KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1. KRB_CRED definition
-
-The KRB_CRED message contains a sequence of tickets to be sent and
-information needed to use the tickets, including the session key from each.
-The information needed to use the tickets is encrypted under an encryption
-key previously exchanged or transferred alongside the KRB_CRED message. The
-message fields are:
-
-KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                 pvno[0]                INTEGER,
-                 msg-type[1]            INTEGER, -- KRB_CRED
-                 tickets[2]             SEQUENCE OF Ticket,
-                 enc-part[3]            EncryptedData
-}
-
-EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                 ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                 nonce[1]               INTEGER OPTIONAL,
-                 timestamp[2]           KerberosTime OPTIONAL,
-                 usec[3]                INTEGER OPTIONAL,
-                 s-address[4]           HostAddress OPTIONAL,
-                 r-address[5]           HostAddress OPTIONAL
-}
-
-KrbCredInfo      ::=                    SEQUENCE {
-                 key[0]                 EncryptionKey,
-                 prealm[1]              Realm OPTIONAL,
-                 pname[2]               PrincipalName OPTIONAL,
-                 flags[3]               TicketFlags OPTIONAL,
-                 authtime[4]            KerberosTime OPTIONAL,
-                 starttime[5]           KerberosTime OPTIONAL,
-                 endtime[6]             KerberosTime OPTIONAL
-                 renew-till[7]          KerberosTime OPTIONAL,
-                 srealm[8]              Realm OPTIONAL,
-                 sname[9]               PrincipalName OPTIONAL,
-                 caddr[10]              HostAddresses OPTIONAL
-}
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_CRED.
-tickets
-     These are the tickets obtained from the KDC specifically for use by
-     the intended recipient. Successive tickets are paired with the
-     corresponding KrbCredInfo sequence from the enc-part of the KRB-CRED
-     message.
-enc-part
-     This field holds an encoding of the EncKrbCredPart sequence encrypted
-     under the session key shared between the sender and the intended
-     recipient. This encrypted encoding is used for the enc-part field of
-     the KRB-CRED message. See section 6 for the format of the ciphertext.
-nonce
-     If practical, an application may require the inclusion of a nonce
-     generated by the recipient of the message. If the same value is
-     included as the nonce in the message, it provides evidence that the
-     message is fresh and has not been replayed by an attacker. A nonce
-     must never be re-used; it should be generated randomly by the
-     recipient of the message and provided to the sender of the message in
-     an application specific manner.
-timestamp and usec
-     These fields specify the time that the KRB-CRED message was generated.
-     The time is used to provide assurance that the message is fresh.
-s-address and r-address
-     These fields are described above in section 5.6.1. They are used
-     optionally to provide additional assurance of the integrity of the
-     KRB-CRED message.
-key
-     This field exists in the corresponding ticket passed by the KRB-CRED
-     message and is used to pass the session key from the sender to the
-     intended recipient. The field's encoding is described in section 6.2.
-
-The following fields are optional. If present, they can be associated with
-the credentials in the remote ticket file. If left out, then it is assumed
-that the recipient of the credentials already knows their value.
-
-prealm and pname
-     The name and realm of the delegated principal identity.
-flags, authtime, starttime, endtime, renew-till, srealm, sname, and caddr
-     These fields contain the values of the correspond- ing fields from the
-     ticket found in the ticket field. Descriptions of the fields are
-     identical to the descriptions in the KDC-REP message.
-
-5.9. Error message specification
-
-This section specifies the format for the KRB_ERROR message. The fields
-included in the message are intended to return as much information as
-possible about an error. It is not expected that all the information
-required by the fields will be available for all types of errors. If the
-appropriate information is not available when the message is composed, the
-corresponding field will be left out of the message.
-
-Note that since the KRB_ERROR message is not protected by any encryption,
-it is quite possible for an intruder to synthesize or modify such a
-message. In particular, this means that the client should not use any
-fields in this message for security-critical purposes, such as setting a
-system clock or generating a fresh authenticator. The message can be
-useful, however, for advising a user on the reason for some failure.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-5.9.1. KRB_ERROR definition
-
-The KRB_ERROR message consists of the following fields:
-
-KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ctime[2]                      KerberosTime OPTIONAL,
-                cusec[3]                      INTEGER OPTIONAL,
-                stime[4]                      KerberosTime,
-                susec[5]                      INTEGER,
-                error-code[6]                 INTEGER,
-                crealm[7]                     Realm OPTIONAL,
-                cname[8]                      PrincipalName OPTIONAL,
-                realm[9]                      Realm, -- Correct realm
-                sname[10]                     PrincipalName, -- Correct name
-                e-text[11]                    GeneralString OPTIONAL,
-                e-data[12]                    OCTET STRING OPTIONAL,
-                e-cksum[13]                   Checksum OPTIONAL,
-                e-typed-data[14]              SEQUENCE of ETypedData
-OPTIONAL
-}
-
-ETypedData ::=  SEQUENCE {
-                e-data-type    [1] INTEGER,
-                e-data-value   [2] OCTET STRING,
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_ERROR.
-ctime
-     This field is described above in section 5.4.1.
-cusec
-     This field is described above in section 5.5.2.
-stime
-     This field contains the current time on the server. It is of type
-     KerberosTime.
-susec
-     This field contains the microsecond part of the server's timestamp.
-     Its value ranges from 0 to 999999. It appears along with stime. The
-     two fields are used in conjunction to specify a reasonably accurate
-     timestamp.
-error-code
-     This field contains the error code returned by Kerberos or the server
-     when a request fails. To interpret the value of this field see the
-     list of error codes in section 8. Implementations are encouraged to
-     provide for national language support in the display of error
-     messages.
-crealm, cname, srealm and sname
-     These fields are described above in section 5.3.1.
-e-text
-     This field contains additional text to help explain the error code
-     associated with the failed request (for example, it might include a
-     principal name which was unknown).
-e-data
-     This field contains additional data about the error for use by the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     application to help it recover from or handle the error. If the
-     errorcode is KDC_ERR_PREAUTH_REQUIRED, then the e-data field will
-     contain an encoding of a sequence of padata fields, each corresponding
-     to an acceptable pre-authentication method and optionally containing
-     data for the method:
-
-     METHOD-DATA ::=   SEQUENCE of PA-DATA
-
-     If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
-     contain an encoding of the following sequence:
-
-     METHOD-DATA ::=   SEQUENCE {
-                         method-type[0]   INTEGER,
-                         method-data[1]   OCTET STRING OPTIONAL
-     }
-
-     method-type will indicate the required alternate method; method-data
-     will contain any required additional information.
-e-cksum
-     This field contains an optional checksum for the KRB-ERROR message.
-     The checksum is calculated over the Kerberos ASN.1 encoding of the
-     KRB-ERROR message with the checksum absent. The checksum is then added
-     to the KRB-ERROR structure and the message is re-encoded. The Checksum
-     should be calculated using the session key from the ticket granting
-     ticket or service ticket, where available. If the error is in response
-     to a TGS or AP request, the checksum should be calculated uing the the
-     session key from the client's ticket. If the error is in response to
-     an AS request, then the checksum should be calulated using the
-     client's secret key ONLY if there has been suitable preauthentication
-     to prove knowledge of the secret key by the client[33]. If a checksum
-     can not be computed because the key to be used is not available, no
-     checksum will be included.
-e-typed-data
-     [This field for discussion, may be deleted from final spec] This field
-     contains optional data that may be used to help the client recover
-     from the indicated error. [This could contain the METHOD-DATA
-     specified since I don't think anyone actually uses it yet. It could
-     also contain the PA-DATA sequence for the preauth required error if we
-     had a clear way to transition to the use of this field from the use of
-     the untype e-data field.] For example, this field may specify the key
-     version of the key used to verify preauthentication:
-
-     e-data-type  := 20 -- Key version number
-     e-data-value := Integer -- Key version number used to verify
-preauthentication
-
-6. Encryption and Checksum Specifications
-
-The Kerberos protocols described in this document are designed to use
-stream encryption ciphers, which can be simulated using commonly available
-block encryption ciphers, such as the Data Encryption Standard, [DES77] in
-conjunction with block chaining and checksum methods [DESM80]. Encryption
-is used to prove the identities of the network entities participating in
-message exchanges. The Key Distribution Center for each realm is trusted by
-all principals registered in that realm to store a secret key in
-confidence. Proof of knowledge of this secret key is used to verify the
-authenticity of a principal.
-
-The KDC uses the principal's secret key (in the AS exchange) or a shared
-session key (in the TGS exchange) to encrypt responses to ticket requests;
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-the ability to obtain the secret key or session key implies the knowledge
-of the appropriate keys and the identity of the KDC. The ability of a
-principal to decrypt the KDC response and present a Ticket and a properly
-formed Authenticator (generated with the session key from the KDC response)
-to a service verifies the identity of the principal; likewise the ability
-of the service to extract the session key from the Ticket and prove its
-knowledge thereof in a response verifies the identity of the service.
-
-The Kerberos protocols generally assume that the encryption used is secure
-from cryptanalysis; however, in some cases, the order of fields in the
-encrypted portions of messages are arranged to minimize the effects of
-poorly chosen keys. It is still important to choose good keys. If keys are
-derived from user-typed passwords, those passwords need to be well chosen
-to make brute force attacks more difficult. Poorly chosen keys still make
-easy targets for intruders.
-
-The following sections specify the encryption and checksum mechanisms
-currently defined for Kerberos. The encodings, chaining, and padding
-requirements for each are described. For encryption methods, it is often
-desirable to place random information (often referred to as a confounder)
-at the start of the message. The requirements for a confounder are
-specified with each encryption mechanism.
-
-Some encryption systems use a block-chaining method to improve the the
-security characteristics of the ciphertext. However, these chaining methods
-often don't provide an integrity check upon decryption. Such systems (such
-as DES in CBC mode) must be augmented with a checksum of the plain-text
-which can be verified at decryption and used to detect any tampering or
-damage. Such checksums should be good at detecting burst errors in the
-input. If any damage is detected, the decryption routine is expected to
-return an error indicating the failure of an integrity check. Each
-encryption type is expected to provide and verify an appropriate checksum.
-The specification of each encryption method sets out its checksum
-requirements.
-
-Finally, where a key is to be derived from a user's password, an algorithm
-for converting the password to a key of the appropriate type is included.
-It is desirable for the string to key function to be one-way, and for the
-mapping to be different in different realms. This is important because
-users who are registered in more than one realm will often use the same
-password in each, and it is desirable that an attacker compromising the
-Kerberos server in one realm not obtain or derive the user's key in
-another.
-
-For an discussion of the integrity characteristics of the candidate
-encryption and checksum methods considered for Kerberos, the the reader is
-referred to [SG92].
-
-6.1. Encryption Specifications
-
-The following ASN.1 definition describes all encrypted messages. The
-enc-part field which appears in the unencrypted part of messages in section
-5 is a sequence consisting of an encryption type, an optional key version
-number, and the ciphertext.
-
-EncryptedData ::=   SEQUENCE {
-                    etype[0]     INTEGER, -- EncryptionType
-                    kvno[1]      INTEGER OPTIONAL,
-                    cipher[2]    OCTET STRING -- ciphertext
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-}
-
-
-
-etype
-     This field identifies which encryption algorithm was used to encipher
-     the cipher. Detailed specifications for selected encryption types
-     appear later in this section.
-kvno
-     This field contains the version number of the key under which data is
-     encrypted. It is only present in messages encrypted under long lasting
-     keys, such as principals' secret keys.
-cipher
-     This field contains the enciphered text, encoded as an OCTET STRING.
-
-The cipher field is generated by applying the specified encryption
-algorithm to data composed of the message and algorithm-specific inputs.
-Encryption mechanisms defined for use with Kerberos must take sufficient
-measures to guarantee the integrity of the plaintext, and we recommend they
-also take measures to protect against precomputed dictionary attacks. If
-the encryption algorithm is not itself capable of doing so, the protections
-can often be enhanced by adding a checksum and a confounder.
-
-The suggested format for the data to be encrypted includes a confounder, a
-checksum, the encoded plaintext, and any necessary padding. The msg-seq
-field contains the part of the protocol message described in section 5
-which is to be encrypted. The confounder, checksum, and padding are all
-untagged and untyped, and their length is exactly sufficient to hold the
-appropriate item. The type and length is implicit and specified by the
-particular encryption type being used (etype). The format for the data to
-be encrypted is described in the following diagram:
-
-      +-----------+----------+-------------+-----+
-      |confounder |   check  |   msg-seq   | pad |
-      +-----------+----------+-------------+-----+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-CipherText ::=   ENCRYPTED       SEQUENCE {
-            confounder[0]   UNTAGGED[35] OCTET STRING(conf_length) OPTIONAL,
-            check[1]        UNTAGGED OCTET STRING(checksum_length) OPTIONAL,
-            msg-seq[2]      MsgSequence,
-            pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-}
-
-One generates a random confounder of the appropriate length, placing it in
-confounder; zeroes out check; calculates the appropriate checksum over
-confounder, check, and msg-seq, placing the result in check; adds the
-necessary padding; then encrypts using the specified encryption type and
-the appropriate key.
-
-Unless otherwise specified, a definition of an encryption algorithm that
-specifies a checksum, a length for the confounder field, or an octet
-boundary for padding uses this ciphertext format[36]. Those fields which
-are not specified will be omitted.
-
-In the interest of allowing all implementations using a particular
-encryption type to communicate with all others using that type, the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-specification of an encryption type defines any checksum that is needed as
-part of the encryption process. If an alternative checksum is to be used, a
-new encryption type must be defined.
-
-Some cryptosystems require additional information beyond the key and the
-data to be encrypted. For example, DES, when used in cipher-block-chaining
-mode, requires an initialization vector. If required, the description for
-each encryption type must specify the source of such additional
-information. 6.2. Encryption Keys
-
-The sequence below shows the encoding of an encryption key:
-
-       EncryptionKey ::=   SEQUENCE {
-                           keytype[0]    INTEGER,
-                           keyvalue[1]   OCTET STRING
-       }
-
-keytype
-     This field specifies the type of encryption key that follows in the
-     keyvalue field. It will almost always correspond to the encryption
-     algorithm used to generate the EncryptedData, though more than one
-     algorithm may use the same type of key (the mapping is many to one).
-     This might happen, for example, if the encryption algorithm uses an
-     alternate checksum algorithm for an integrity check, or a different
-     chaining mechanism.
-keyvalue
-     This field contains the key itself, encoded as an octet string.
-
-All negative values for the encryption key type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields
-and interpreta- tions.
-
-6.3. Encryption Systems
-
-6.3.1. The NULL Encryption System (null)
-
-If no encryption is in use, the encryption system is said to be the NULL
-encryption system. In the NULL encryption system there is no checksum,
-confounder or padding. The ciphertext is simply the plaintext. The NULL Key
-is used by the null encryption system and is zero octets in length, with
-keytype zero (0).
-
-6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-The des-cbc-crc encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-A CRC-32 checksum (described in ISO 3309 [ISO3309]) is applied to the
-confounder and message sequence (msg-seq) and placed in the cksum field.
-DES blocks are 8 bytes. As a result, the data to be encrypted (the
-concatenation of confounder, checksum, and message) must be padded to an 8
-byte boundary before encryption. The details of the encryption of this data
-are identical to those for the des-cbc-md5 encryption mode.
-
-Note that, since the CRC-32 checksum is not collision-proof, an attacker
-could use a probabilistic chosen-plaintext attack to generate a valid
-message even if a confounder is used [SG92]. The use of collision-proof
-checksums is recommended for environments where such attacks represent a
-significant threat. The use of the CRC-32 as the checksum for ticket or
-authenticator is no longer mandated as an interoperability requirement for
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-Kerberos Version 5 Specification 1 (See section 9.1 for specific details).
-
-6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-The des-cbc-md4 encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-An MD4 checksum (described in [MD492]) is applied to the confounder and
-message sequence (msg-seq) and placed in the cksum field. DES blocks are 8
-bytes. As a result, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption. The details of the encryption of this data are identical
-to those for the des-cbc-md5 encryption mode.
-
-6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-The des-cbc-md5 encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-An MD5 checksum (described in [MD5-92].) is applied to the confounder and
-message sequence (msg-seq) and placed in the cksum field. DES blocks are 8
-bytes. As a result, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption.
-
-Plaintext and DES ciphtertext are encoded as blocks of 8 octets which are
-concatenated to make the 64-bit inputs for the DES algorithms. The first
-octet supplies the 8 most significant bits (with the octet's MSbit used as
-the DES input block's MSbit, etc.), the second octet the next 8 bits, ...,
-and the eighth octet supplies the 8 least significant bits.
-
-Encryption under DES using cipher block chaining requires an additional
-input in the form of an initialization vector. Unless otherwise specified,
-zero should be used as the initialization vector. Kerberos' use of DES
-requires an 8 octet confounder.
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those
-keys shall not be used for encrypting messages for use in Kerberos.
-Additionally, because of the way that keys are derived for the encryption
-of checksums, keys shall not be used that yield 'weak' or 'semi-weak' keys
-when eXclusive-ORed with the hexadecimal constant F0F0F0F0F0F0F0F0.
-
-A DES key is 8 octets of data, with keytype one (1). This consists of 56
-bits of key, and 8 parity bits (one per octet). The key is encoded as a
-series of 8 octets written in MSB-first order. The bits within the key are
-also encoded in MSB order. For example, if the encryption key is
-(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
-B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the
-parity bits, the first octet of the key would be B1,B2,...,B7,P1 (with B1
-as the MSbit). [See the FIPS 81 introduction for reference.]
-
-String to key transformation
-
-To generate a DES key from a text string (password), a "salt" is
-concatenated to the text string, and then padded with ASCII nulls to an 8
-byte boundary. This "salt" is normally the realm and each component of the
-principal's name appended. However, sometimes different salts are used ---
-for example, when a realm is renamed, or if a user changes her username, or
-for compatibility with Kerberos V4 (whose string-to-key algorithm uses a
-null string for the salt). This string is then fan-folded and
-eXclusive-ORed with itself to form an 8 byte DES key. Before
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-eXclusive-ORing a block, every byte is shifted one bit to the left to leave
-the lowest bit zero. The key is the "corrected" by correcting the parity on
-the key, and if the key matches a 'weak' or 'semi-weak' key as described in
-the DES specification, it is eXclusive-ORed with the constant
-00000000000000F0. This key is then used to generate a DES CBC checksum on
-the initial string (with the salt appended). The result of the CBC checksum
-is the "corrected" as described above to form the result which is return as
-the key. Pseudocode follows:
-
-     name_to_default_salt(realm, name) {
-          s = realm
-          for(each component in name) {
-               s = s + component;
-          }
-          return s;
-     }
-
-     key_correction(key) {
-          fixparity(key);
-          if (is_weak_key_key(key))
-               key = key XOR 0xF0;
-          return(key);
-     }
-
-     string_to_key(string,salt) {
-
-          odd = 1;
-          s = string + salt;
-          tempkey = NULL;
-          pad(s); /* with nulls to 8 byte boundary */
-          for(8byteblock in s) {
-               if(odd == 0)  {
-                   odd = 1;
-                   reverse(8byteblock)
-               }
-               else odd = 0;
-               left shift every byte in 8byteblock one bit;
-               tempkey = tempkey XOR 8byteblock;
-          }
-          tempkey = key_correction(tempkey);
-          key = key_correction(DES-CBC-check(s,tempkey));
-          return(key);
-     }
-
-6.3.5. Triple DES with HMAC-SHA1 Kerberos Encryption Type with Key
-Derivation [Horowitz]
-
-NOTE: This description currently refers to documents, the contents of which
-might be bettered included by value in this spec. The description below was
-provided by Marc Horowitz, and the form in which it will finally appear is
-yet to be determined. This description is included in this version of the
-draft because it does describe the implemenation ready for use with the MIT
-implementation. Note also that the encryption identifier has been left
-unspecified here because the value from Marc Horowitz's spec conflicted
-with some other impmenentations implemented based on perevious versions of
-the specification.
-
-This encryption type is based on the Triple DES cryptosystem, the HMAC-SHA1
-[Krawczyk96] message authentication algorithm, and key derivation for
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-Kerberos V5 [HorowitzB96].
-
-The des3-cbc-hmac-sha1 encryption type has been assigned the value ??. The
-hmac-sha1-des3 checksum type has been assigned the value 12.
-
-Encryption Type des3-cbc-hmac-sha1
-
-EncryptedData using this type must be generated as described in
-[Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC mode. The
-keyed hash algorithm is HMAC-SHA1. Unless otherwise specified, a zero IV
-must be used. If the length of the input data is not a multiple of the
-block size, zero octets must be used to pad the plaintext to the next
-eight-octet boundary. The counfounder must be eight random octets (one
-block).
-
-Checksum Type hmac-sha1-des3
-
-Checksums using this type must be generated as described in [Horowitz96].
-The keyed hash algorithm is HMAC-SHA1.
-
-Common Requirements
-
-The EncryptionKey value is 24 octets long. The 7 most significant bits of
-each octet contain key bits, and the least significant bit is the inverse
-of the xor of the key bits.
-
-For the purposes of key derivation, the block size is 64 bits, and the key
-size is 168 bits. The 168 bits output by key derivation are converted to an
-EncryptionKey value as follows. First, the 168 bits are divided into three
-groups of 56 bits, which are expanded individually into 64 bits as follows:
-
- 1  2  3  4  5  6  7  p
- 9 10 11 12 13 14 15  p
-17 18 19 20 21 22 23  p
-25 26 27 28 29 30 31  p
-33 34 35 36 37 38 39  p
-41 42 43 44 45 46 47  p
-49 50 51 52 53 54 55  p
-56 48 40 32 24 16  8  p
-
-The "p" bits are parity bits computed over the data bits. The output of the
-three expansions are concatenated to form the EncryptionKey value.
-
-When the HMAC-SHA1 of a string is computed, the key is used in the
-EncryptedKey form.
-
-Key Derivation
-
-In the Kerberos protocol, cryptographic keys are used in a number of
-places. In order to minimize the effect of compromising a key, it is
-desirable to use a different key for each of these places. Key derivation
-[Horowitz96] can be used to construct different keys for each operation
-from the keys transported on the network. For this to be possible, a small
-change to the specification is necessary.
-
-This section specifies a profile for the use of key derivation [Horowitz96]
-with Kerberos. For each place where a key is used, a ``key usage'' must is
-specified for that purpose. The key, key usage, and encryption/checksum
-type together describe the transformation from plaintext to ciphertext, or
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-plaintext to checksum.
-
-Key Usage Values
-
-This is a complete list of places keys are used in the kerberos protocol,
-with key usage values and RFC 1510 section numbers:
-
- 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-    client key (section 5.4.1)
- 2. AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-    application session key), encrypted with the service key
-    (section 5.4.2)
- 3. AS-REP encrypted part (includes tgs session key or application
-    session key), encrypted with the client key (section 5.4.2)
- 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-    session key (section 5.4.1)
- 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-    authenticator subkey (section 5.4.1)
- 6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-    with the tgs session key (sections 5.3.2, 5.4.1)
- 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-    authenticator subkey), encrypted with the tgs session key
-    (section 5.3.2)
- 8. TGS-REP encrypted part (includes application session key),
-    encrypted with the tgs session key (section 5.4.2)
- 9. TGS-REP encrypted part (includes application session key),
-    encrypted with the tgs authenticator subkey (section 5.4.2)
-10. AP-REQ Authenticator cksum, keyed with the application session
-    key (section 5.3.2)
-11. AP-REQ Authenticator (includes application authenticator
-    subkey), encrypted with the application session key (section
-    5.3.2)
-12. AP-REP encrypted part (includes application session subkey),
-    encrypted with the application session key (section 5.5.2)
-13. KRB-PRIV encrypted part, encrypted with a key chosen by the
-    application (section 5.7.1)
-14. KRB-CRED encrypted part, encrypted with a key chosen by the
-    application (section 5.6.1)
-15. KRB-SAVE cksum, keyed with a key chosen by the application
-    (section 5.8.1)
-18. KRB-ERROR checksum (e-cksum in section 5.9.1)
-19. AD-KDCIssued checksum (ad-checksum in appendix B.1)
-20. Checksum for Mandatory Ticket Extensions (appendix B.6)
-21. Checksum in Authorization Data in Ticket Extensions (appendix B.7)
-
-Key usage values between 1024 and 2047 (inclusive) are reserved for
-application use. Applications should use even values for encryption and odd
-values for checksums within this range.
-
-A few of these key usages need a little clarification. A service which
-receives an AP-REQ has no way to know if the enclosed Ticket was part of an
-AS-REP or TGS-REP. Therefore, key usage 2 must always be used for
-generating a Ticket, whether it is in response to an AS- REQ or TGS-REQ.
-
-There might exist other documents which define protocols in terms of the
-RFC1510 encryption types or checksum types. Such documents would not know
-about key usages. In order that these documents continue to be meaningful
-until they are updated, key usages 1024 and 1025 must be used to derive
-keys for encryption and checksums, respectively. New protocols defined in
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-terms of the Kerberos encryption and checksum types should use their own
-key usages. Key usages may be registered with IANA to avoid conflicts. Key
-usages must be unsigned 32 bit integers. Zero is not permitted.
-
-Defining Cryptosystems Using Key Derivation
-
-Kerberos requires that the ciphertext component of EncryptedData be
-tamper-resistant as well as confidential. This implies encryption and
-integrity functions, which must each use their own separate keys. So, for
-each key usage, two keys must be generated, one for encryption (Ke), and
-one for integrity (Ki):
-
-      Ke = DK(protocol key, key usage | 0xAA)
-      Ki = DK(protocol key, key usage | 0x55)
-
-where the protocol key is from the EncryptionKey from the wire protocol,
-and the key usage is represented as a 32 bit integer in network byte order.
-The ciphertest must be generated from the plaintext as follows:
-
-   ciphertext = E(Ke, confounder | plaintext | padding) |
-                H(Ki, confounder | plaintext | padding)
-
-The confounder and padding are specific to the encryption algorithm E.
-
-When generating a checksum only, there is no need for a confounder or
-padding. Again, a new key (Kc) must be used. Checksums must be generated
-from the plaintext as follows:
-
-      Kc = DK(protocol key, key usage | 0x99)
-
-      MAC = H(Kc, plaintext)
-
-Note that each enctype is described by an encryption algorithm E and a
-keyed hash algorithm H, and each checksum type is described by a keyed hash
-algorithm H. HMAC, with an appropriate hash, is recommended for use as H.
-
-Key Derivation from Passwords
-
-The well-known constant for password key derivation must be the byte string
-{0x6b 0x65 0x72 0x62 0x65 0x72 0x6f 0x73}. These values correspond to the
-ASCII encoding for the string "kerberos".
-
-6.4. Checksums
-
-The following is the ASN.1 definition used for a checksum:
-
-         Checksum ::=   SEQUENCE {
-                        cksumtype[0]   INTEGER,
-                        checksum[1]    OCTET STRING
-         }
-
-cksumtype
-     This field indicates the algorithm used to generate the accompanying
-     checksum.
-checksum
-     This field contains the checksum itself, encoded as an octet string.
-
-Detailed specification of selected checksum types appear later in this
-section. Negative values for the checksum type are reserved for local use.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-All non-negative values are reserved for officially assigned type fields
-and interpretations.
-
-Checksums used by Kerberos can be classified by two properties: whether
-they are collision-proof, and whether they are keyed. It is infeasible to
-find two plaintexts which generate the same checksum value for a
-collision-proof checksum. A key is required to perturb or initialize the
-algorithm in a keyed checksum. To prevent message-stream modification by an
-active attacker, unkeyed checksums should only be used when the checksum
-and message will be subsequently encrypted (e.g. the checksums defined as
-part of the encryption algorithms covered earlier in this section).
-
-Collision-proof checksums can be made tamper-proof if the checksum value is
-encrypted before inclusion in a message. In such cases, the composition of
-the checksum and the encryption algorithm must be considered a separate
-checksum algorithm (e.g. RSA-MD5 encrypted using DES is a new checksum
-algorithm of type RSA-MD5-DES). For most keyed checksums, as well as for
-the encrypted forms of unkeyed collision-proof checksums, Kerberos prepends
-a confounder before the checksum is calculated.
-
-6.4.1. The CRC-32 Checksum (crc32)
-
-The CRC-32 checksum calculates a checksum based on a cyclic redundancy
-check as described in ISO 3309 [ISO3309]. The resulting checksum is four
-(4) octets in length. The CRC-32 is neither keyed nor collision-proof. The
-use of this checksum is not recommended. An attacker using a probabilistic
-chosen-plaintext attack as described in [SG92] might be able to generate an
-alternative message that satisfies the checksum. The use of collision-proof
-checksums is recommended for environments where such attacks represent a
-significant threat.
-
-6.4.2. The RSA MD4 Checksum (rsa-md4)
-
-The RSA-MD4 checksum calculates a checksum using the RSA MD4 algorithm
-[MD4-92]. The algorithm takes as input an input message of arbitrary length
-and produces as output a 128-bit (16 octet) checksum. RSA-MD4 is believed
-to be collision-proof.
-
-6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4-des)
-
-The RSA-MD4-DES checksum calculates a keyed collision-proof checksum by
-prepending an 8 octet confounder before the text, applying the RSA MD4
-checksum algorithm, and encrypting the confounder and the checksum using
-DES in cipher-block-chaining (CBC) mode using a variant of the key, where
-the variant is computed by eXclusive-ORing the key with the constant
-F0F0F0F0F0F0F0F0[39]. The initialization vector should be zero. The
-resulting checksum is 24 octets long (8 octets of which are redundant).
-This checksum is tamper-proof and believed to be collision-proof.
-
-The DES specifications identify some weak keys' and 'semi-weak keys'; those
-keys shall not be used for generating RSA-MD4 checksums for use in
-Kerberos.
-
-The format for the checksum is described in the follow- ing diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md4(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-6.4.4. The RSA MD5 Checksum (rsa-md5)
-
-The RSA-MD5 checksum calculates a checksum using the RSA MD5 algorithm.
-[MD5-92]. The algorithm takes as input an input message of arbitrary length
-and produces as output a 128-bit (16 octet) checksum. RSA-MD5 is believed
-to be collision-proof.
-
-6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5-des)
-
-The RSA-MD5-DES checksum calculates a keyed collision-proof checksum by
-prepending an 8 octet confounder before the text, applying the RSA MD5
-checksum algorithm, and encrypting the confounder and the checksum using
-DES in cipher-block-chaining (CBC) mode using a variant of the key, where
-the variant is computed by eXclusive-ORing the key with the hexadecimal
-constant F0F0F0F0F0F0F0F0. The initialization vector should be zero. The
-resulting checksum is 24 octets long (8 octets of which are redundant).
-This checksum is tamper-proof and believed to be collision-proof.
-
-The DES specifications identify some 'weak keys' and 'semi-weak keys';
-those keys shall not be used for encrypting RSA-MD5 checksums for use in
-Kerberos.
-
-The format for the checksum is described in the following diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md5(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-6.4.6. DES cipher-block chained checksum (des-mac)
-
-The DES-MAC checksum is computed by prepending an 8 octet confounder to the
-plaintext, performing a DES CBC-mode encryption on the result using the key
-and an initialization vector of zero, taking the last block of the
-ciphertext, prepending the same confounder and encrypting the pair using
-DES in cipher-block-chaining (CBC) mode using a a variant of the key, where
-the variant is computed by eXclusive-ORing the key with the hexadecimal
-constant F0F0F0F0F0F0F0F0. The initialization vector should be zero. The
-resulting checksum is 128 bits (16 octets) long, 64 bits of which are
-redundant. This checksum is tamper-proof and collision-proof.
-
-The format for the checksum is described in the following diagram:
-
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-|   des-cbc(confounder  + des-mac(conf+msg,iv=0,key),key=var(key),iv=0) |
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-des-mac-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                       confounder[0]   UNTAGGED OCTET STRING(8),
-                       check[1]        UNTAGGED OCTET STRING(8)
-}
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those
-keys shall not be used for generating DES-MAC checksums for use in
-Kerberos, nor shall a key be used whose variant is 'weak' or 'semi-weak'.
-
-6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative (rsa-md4-des-k)
-
-The RSA-MD4-DES-K checksum calculates a keyed collision-proof checksum by
-applying the RSA MD4 checksum algorithm and encrypting the results using
-DES in cipher-block-chaining (CBC) mode using a DES key as both key and
-initialization vector. The resulting checksum is 16 octets long. This
-checksum is tamper-proof and believed to be collision-proof. Note that this
-checksum type is the old method for encoding the RSA-MD4-DES checksum and
-it is no longer recommended.
-
-6.4.8. DES cipher-block chained checksum alternative (des-mac-k)
-
-The DES-MAC-K checksum is computed by performing a DES CBC-mode encryption
-of the plaintext, and using the last block of the ciphertext as the
-checksum value. It is keyed with an encryption key and an initialization
-vector; any uses which do not specify an additional initialization vector
-will use the key as both key and initialization vector. The resulting
-checksum is 64 bits (8 octets) long. This checksum is tamper-proof and
-collision-proof. Note that this checksum type is the old method for
-encoding the DES-MAC checksum and it is no longer recommended. The DES
-specifications identify some 'weak keys' and 'semi-weak keys'; those keys
-shall not be used for generating DES-MAC checksums for use in Kerberos.
-
-7. Naming Constraints
-
-7.1. Realm Names
-
-Although realm names are encoded as GeneralStrings and although a realm can
-technically select any name it chooses, interoperability across realm
-boundaries requires agreement on how realm names are to be assigned, and
-what information they imply.
-
-To enforce these conventions, each realm must conform to the conventions
-itself, and it must require that any realms with which inter-realm keys are
-shared also conform to the conventions and require the same from its
-neighbors.
-
-Kerberos realm names are case sensitive. Realm names that differ only in
-the case of the characters are not equivalent. There are presently four
-styles of realm names: domain, X500, other, and reserved. Examples of each
-style follow:
-
-     domain:   ATHENA.MIT.EDU (example)
-       X500:   C=US/O=OSF (example)
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-      other:   NAMETYPE:rest/of.name=without-restrictions (example)
-   reserved:   reserved, but will not conflict with above
-
-Domain names must look like domain names: they consist of components
-separated by periods (.) and they contain neither colons (:) nor slashes
-(/). Domain names must be converted to upper case when used as realm names.
-
-X.500 names contain an equal (=) and cannot contain a colon (:) before the
-equal. The realm names for X.500 names will be string representations of
-the names with components separated by slashes. Leading and trailing
-slashes will not be included.
-
-Names that fall into the other category must begin with a prefix that
-contains no equal (=) or period (.) and the prefix must be followed by a
-colon (:) and the rest of the name. All prefixes must be assigned before
-they may be used. Presently none are assigned.
-
-The reserved category includes strings which do not fall into the first
-three categories. All names in this category are reserved. It is unlikely
-that names will be assigned to this category unless there is a very strong
-argument for not using the 'other' category.
-
-These rules guarantee that there will be no conflicts between the various
-name styles. The following additional constraints apply to the assignment
-of realm names in the domain and X.500 categories: the name of a realm for
-the domain or X.500 formats must either be used by the organization owning
-(to whom it was assigned) an Internet domain name or X.500 name, or in the
-case that no such names are registered, authority to use a realm name may
-be derived from the authority of the parent realm. For example, if there is
-no domain name for E40.MIT.EDU, then the administrator of the MIT.EDU realm
-can authorize the creation of a realm with that name.
-
-This is acceptable because the organization to which the parent is assigned
-is presumably the organization authorized to assign names to its children
-in the X.500 and domain name systems as well. If the parent assigns a realm
-name without also registering it in the domain name or X.500 hierarchy, it
-is the parent's responsibility to make sure that there will not in the
-future exists a name identical to the realm name of the child unless it is
-assigned to the same entity as the realm name.
-
-7.2. Principal Names
-
-As was the case for realm names, conventions are needed to ensure that all
-agree on what information is implied by a principal name. The name-type
-field that is part of the principal name indicates the kind of information
-implied by the name. The name-type should be treated as a hint. Ignoring
-the name type, no two names can be the same (i.e. at least one of the
-components, or the realm, must be different). The following name types are
-defined:
-
-  name-type      value   meaning
-
-   NT-UNKNOWN        0   Name type not known
-   NT-PRINCIPAL      1   General principal name (e.g. username, or DCE
-principal)
-   NT-SRV-INST       2   Service and other unique instance (krbtgt)
-   NT-SRV-HST        3   Service with host name as instance (telnet,
-rcommands)
-   NT-SRV-XHST       4   Service with slash-separated host name components
-   NT-UID            5   Unique ID
-   NT-X500-PRINCIPAL 6   Encoded X.509 Distingished name [RFC 1779]
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-When a name implies no information other than its uniqueness at a
-particular time the name type PRINCIPAL should be used. The principal name
-type should be used for users, and it might also be used for a unique
-server. If the name is a unique machine generated ID that is guaranteed
-never to be reassigned then the name type of UID should be used (note that
-it is generally a bad idea to reassign names of any type since stale
-entries might remain in access control lists).
-
-If the first component of a name identifies a service and the remaining
-components identify an instance of the service in a server specified
-manner, then the name type of SRV-INST should be used. An example of this
-name type is the Kerberos ticket-granting service whose name has a first
-component of krbtgt and a second component identifying the realm for which
-the ticket is valid.
-
-If instance is a single component following the service name and the
-instance identifies the host on which the server is running, then the name
-type SRV-HST should be used. This type is typically used for Internet
-services such as telnet and the Berkeley R commands. If the separate
-components of the host name appear as successive components following the
-name of the service, then the name type SRV-XHST should be used. This type
-might be used to identify servers on hosts with X.500 names where the slash
-(/) might otherwise be ambiguous.
-
-A name type of NT-X500-PRINCIPAL should be used when a name from an X.509
-certificiate is translated into a Kerberos name. The encoding of the X.509
-name as a Kerberos principal shall conform to the encoding rules specified
-in RFC 2253.
-
-A name type of UNKNOWN should be used when the form of the name is not
-known. When comparing names, a name of type UNKNOWN will match principals
-authenticated with names of any type. A principal authenticated with a name
-of type UNKNOWN, however, will only match other names of type UNKNOWN.
-
-Names of any type with an initial component of 'krbtgt' are reserved for
-the Kerberos ticket granting service. See section 8.2.3 for the form of
-such names.
-
-7.2.1. Name of server principals
-
-The principal identifier for a server on a host will generally be composed
-of two parts: (1) the realm of the KDC with which the server is registered,
-and (2) a two-component name of type NT-SRV-HST if the host name is an
-Internet domain name or a multi-component name of type NT-SRV-XHST if the
-name of the host is of a form such as X.500 that allows slash (/)
-separators. The first component of the two- or multi-component name will
-identify the service and the latter components will identify the host.
-Where the name of the host is not case sensitive (for example, with
-Internet domain names) the name of the host must be lower case. If
-specified by the application protocol for services such as telnet and the
-Berkeley R commands which run with system privileges, the first component
-may be the string 'host' instead of a service specific identifier. When a
-host has an official name and one or more aliases, the official name of the
-host must be used when constructing the name of the server principal.
-
-8. Constants and other defined values
-
-8.1. Host address types
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-All negative values for the host address type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields
-and interpretations.
-
-The values of the types for the following addresses are chosen to match the
-defined address family constants in the Berkeley Standard Distributions of
-Unix. They can be found in with symbolic names AF_xxx (where xxx is an
-abbreviation of the address family name).
-
-Internet (IPv4) Addresses
-
-Internet (IPv4) addresses are 32-bit (4-octet) quantities, encoded in MSB
-order. The type of IPv4 addresses is two (2).
-
-Internet (IPv6) Addresses [Westerlund]
-
-IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB order. The
-type of IPv6 addresses is twenty-four (24). [RFC1883] [RFC1884]. The
-following addresses (see [RFC1884]) MUST not appear in any Kerberos packet:
-
-   * the Unspecified Address
-   * the Loopback Address
-   * Link-Local addresses
-
-IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
-
-CHAOSnet addresses
-
-CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB order.
-The type of CHAOSnet addresses is five (5).
-
-ISO addresses
-
-ISO addresses are variable-length. The type of ISO addresses is seven (7).
-
-Xerox Network Services (XNS) addresses
-
-XNS addresses are 48-bit (6-octet) quantities, encoded in MSB order. The
-type of XNS addresses is six (6).
-
-AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-AppleTalk DDP addresses consist of an 8-bit node number and a 16-bit
-network number. The first octet of the address is the node number; the
-remaining two octets encode the network number in MSB order. The type of
-AppleTalk DDP addresses is sixteen (16).
-
-DECnet Phase IV addresses
-
-DECnet Phase IV addresses are 16-bit addresses, encoded in LSB order. The
-type of DECnet Phase IV addresses is twelve (12).
-
-Netbios addresses
-
-Netbios addresses are 16-octet addresses typically composed of 1 to 15
-characters, trailing blank (ascii char 20) filled, with a 16th octet of
-0x0. The type of Netbios addresses is 20 (0x14).
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-8.2. KDC messages
-
-8.2.1. UDP/IP transport
-
-When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request using UDP
-IP transport, the client shall send a UDP datagram containing only an
-encoding of the request to port 88 (decimal) at the KDC's IP address; the
-KDC will respond with a reply datagram containing only an encoding of the
-reply message (either a KRB_ERROR or a KRB_KDC_REP) to the sending port at
-the sender's IP address. Kerberos servers supporting IP transport must
-accept UDP requests on port 88 (decimal). The response to a request made
-through UDP/IP transport must also use UDP/IP transport.
-
-8.2.2. TCP/IP transport [Westerlund,Danielsson]
-
-Kerberos servers (KDC's) should accept TCP requests on port 88 (decimal)
-and clients should support the sending of TCP requests on port 88
-(decimal). When the KRB_KDC_REQ message is sent to the KDC over a TCP
-stream, a new connection will be established for each authentication
-exchange (request and response). The KRB_KDC_REP or KRB_ERROR message will
-be returned to the client on the same TCP stream that was established for
-the request. The response to a request made through TCP/IP transport must
-also use TCP/IP transport. Implementors should note that some extentions to
-the Kerberos protocol will not work if any implementation not supporting
-the TCP transport is involved (client or KDC). Implementors are strongly
-urged to support the TCP transport on both the client and server and are
-advised that the current notation of "should" support will likely change in
-the future to must support. The KDC may close the TCP stream after sending
-a response, but may leave the stream open if it expects a followup - in
-which case it may close the stream at any time if resource constratints or
-other factors make it desirable to do so. Care must be taken in managing
-TCP/IP connections with the KDC to prevent denial of service attacks based
-on the number of TCP/IP connections with the KDC that remain open. If
-multiple exchanges with the KDC are needed for certain forms of
-preauthentication, multiple TCP connections may be required. A client may
-close the stream after receiving response, and should close the stream if
-it does not expect to send followup messages. The client must be prepared
-to have the stream closed by the KDC at anytime, in which case it must
-simply connect again when it is ready to send subsequent messages.
-
-The first four octets of the TCP stream used to transmit the request
-request will encode in network byte order the length of the request
-(KRB_KDC_REQ), and the length will be followed by the request itself. The
-response will similarly be preceeded by a 4 octet encoding in network byte
-order of the length of the KRB_KDC_REP or the KRB_ERROR message and will be
-followed by the KRB_KDC_REP or the KRB_ERROR response. If the sign bit is
-set on integer represented by the first 4 octets, then the next 4 octets
-will be read, extending the length of the field by another 4 octets (less 1
-bit).
-
-8.2.3. OSI transport
-
-During authentication of an OSI client to an OSI server, the mutual
-authentication of an OSI server to an OSI client, the transfer of
-credentials from an OSI client to an OSI server, or during exchange of
-private or integrity checked messages, Kerberos protocol messages may be
-treated as opaque objects and the type of the authentication mechanism will
-be:
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-OBJECT IDENTIFIER ::= {iso (1), org(3), dod(6),internet(1),
-security(5),kerberosv5(2)}
-
-Depending on the situation, the opaque object will be an authentication
-header (KRB_AP_REQ), an authentication reply (KRB_AP_REP), a safe message
-(KRB_SAFE), a private message (KRB_PRIV), or a credentials message
-(KRB_CRED). The opaque data contains an application code as specified in
-the ASN.1 description for each message. The application code may be used by
-Kerberos to determine the message type.
-
-8.2.3. Name of the TGS
-
-The principal identifier of the ticket-granting service shall be composed
-of three parts: (1) the realm of the KDC issuing the TGS ticket (2) a
-two-part name of type NT-SRV-INST, with the first part "krbtgt" and the
-second part the name of the realm which will accept the ticket-granting
-ticket. For example, a ticket-granting ticket issued by the ATHENA.MIT.EDU
-realm to be used to get tickets from the ATHENA.MIT.EDU KDC has a principal
-identifier of "ATHENA.MIT.EDU" (realm), ("krbtgt", "ATHENA.MIT.EDU")
-(name). A ticket-granting ticket issued by the ATHENA.MIT.EDU realm to be
-used to get tickets from the MIT.EDU realm has a principal identifier of
-"ATHENA.MIT.EDU" (realm), ("krbtgt", "MIT.EDU") (name).
-
-8.3. Protocol constants and associated values
-
-The following tables list constants used in the protocol and defines their
-meanings. Ranges are specified in the "specification" section that limit
-the values of constants for which values are defined here. This allows
-implementations to make assumptions about the maximum values that will be
-received for these constants. Implementation receiving values outside the
-range specified in the "specification" section may reject the request, but
-they must recover cleanly.
-
-Encryption type  etype value  block size    minimum pad size  confounder
-size
-NULL              0            1                 0                 0
-des-cbc-crc       1            8                 4                 8
-des-cbc-md4       2            8                 0                 8
-des-cbc-md5       3            8                 0                 8
-        4
-des3-cbc-md5      5            8                 0                 8
-        6
-des3-cbc-sha1     7            8                 0                 8
-sign-dsa-generate 8                                   (pkinit)
-encrypt-rsa-priv  9                                   (pkinit)
-encrypt-rsa-pub  10                                   (pkinit)
-rsa-pub-md5      11                                   (pkinit)
-rsa-pub-sha1     12                                   (pkinit)
-des3kd-cbc-sha1  ??            8                 0                 8
-ENCTYPE_PK_CROSS 48                                   (reserved for pkcross)
-       0x8003
-
-Checksum type              sumtype value       checksum size
-CRC32                      1                   4
-rsa-md4                    2                   16
-rsa-md4-des                3                   24
-des-mac                    4                   16
-des-mac-k                  5                   8
-rsa-md4-des-k              6                   16
-rsa-md5                    7                   16
-rsa-md5-des                8                   24
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-rsa-md5-des3               9                   24
-hmac-sha1-des3             12                  20  (I had this as 10, is it
-12)
-
-padata type                     padata-type value
-
-PA-TGS-REQ                      1
-PA-ENC-TIMESTAMP                2
-PA-PW-SALT                      3
-                      4
-PA-ENC-UNIX-TIME                5
-PA-SANDIA-SECUREID              6
-PA-SESAME                       7
-PA-OSF-DCE                      8
-PA-CYBERSAFE-SECUREID           9
-PA-AFS3-SALT                    10
-PA-ETYPE-INFO                   11
-SAM-CHALLENGE                   12                  (sam/otp)
-SAM-RESPONSE                    13                  (sam/otp)
-PA-PK-AS-REQ                    14                  (pkinit)
-PA-PK-AS-REP                    15                  (pkinit)
-PA-PK-AS-SIGN                   16                  (pkinit)
-PA-PK-KEY-REQ                   17                  (pkinit)
-PA-PK-KEY-REP                   18                  (pkinit)
-PA-USE-SPECIFIED-KVNO           20
-
-authorization data type         ad-type value
-AD-KDC-ISSUED                      1
-AD-INTENDED-FOR-SERVER             2
-AD-INTENDED-FOR-APPLICATION-CLASS  3
-AD-IF-RELEVANT                     4
-AD-OR                              5
-AD-MANDATORY-TICKET-EXTENSIONS     6
-AD-IN-TICKET-EXTENSIONS            7
-reserved values                    8-63
-OSF-DCE                            64
-SESAME                             65
-
-Ticket Extension Types
-
-TE-TYPE-NULL                  0      Null ticket extension
-TE-TYPE-EXTERNAL-ADATA        1      Integrity protected authorization data
-                    2      TE-TYPE-PKCROSS-KDC  (I have reservations)
-TE-TYPE-PKCROSS-CLIENT        3      PKCROSS cross realm key ticket
-TE-TYPE-CYBERSAFE-EXT         4      Assigned to CyberSafe Corp
-                    5      TE-TYPE-DEST-HOST (I have reservations)
-
-alternate authentication type   method-type value
-reserved values                 0-63
-ATT-CHALLENGE-RESPONSE          64
-
-transited encoding type         tr-type value
-DOMAIN-X500-COMPRESS            1
-reserved values                 all others
-
-Label               Value   Meaning or MIT code
-
-pvno                    5   current Kerberos protocol version number
-
-message types
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-KRB_AS_REQ             10   Request for initial authentication
-KRB_AS_REP             11   Response to KRB_AS_REQ request
-KRB_TGS_REQ            12   Request for authentication based on TGT
-KRB_TGS_REP            13   Response to KRB_TGS_REQ request
-KRB_AP_REQ             14   application request to server
-KRB_AP_REP             15   Response to KRB_AP_REQ_MUTUAL
-KRB_SAFE               20   Safe (checksummed) application message
-KRB_PRIV               21   Private (encrypted) application message
-KRB_CRED               22   Private (encrypted) message to forward
-credentials
-KRB_ERROR              30   Error response
-
-name types
-
-KRB_NT_UNKNOWN        0  Name type not known
-KRB_NT_PRINCIPAL      1  Just the name of the principal as in DCE, or for
-users
-KRB_NT_SRV_INST       2  Service and other unique instance (krbtgt)
-KRB_NT_SRV_HST        3  Service with host name as instance (telnet,
-rcommands)
-KRB_NT_SRV_XHST       4  Service with host as remaining components
-KRB_NT_UID            5  Unique ID
-KRB_NT_X500_PRINCIPAL 6  Encoded X.509 Distingished name [RFC 2253]
-
-error codes
-
-KDC_ERR_NONE                    0   No error
-KDC_ERR_NAME_EXP                1   Client's entry in database has expired
-KDC_ERR_SERVICE_EXP             2   Server's entry in database has expired
-KDC_ERR_BAD_PVNO                3   Requested protocol version number not
-supported
-KDC_ERR_C_OLD_MAST_KVNO         4   Client's key encrypted in old master key
-KDC_ERR_S_OLD_MAST_KVNO         5   Server's key encrypted in old master key
-KDC_ERR_C_PRINCIPAL_UNKNOWN     6   Client not found in Kerberos database
-KDC_ERR_S_PRINCIPAL_UNKNOWN     7   Server not found in Kerberos database
-KDC_ERR_PRINCIPAL_NOT_UNIQUE    8   Multiple principal entries in database
-KDC_ERR_NULL_KEY                9   The client or server has a null key
-KDC_ERR_CANNOT_POSTDATE        10   Ticket not eligible for postdating
-KDC_ERR_NEVER_VALID            11   Requested start time is later than end
-time
-KDC_ERR_POLICY                 12   KDC policy rejects request
-KDC_ERR_BADOPTION              13   KDC cannot accommodate requested option
-KDC_ERR_ETYPE_NOSUPP           14   KDC has no support for encryption type
-KDC_ERR_SUMTYPE_NOSUPP         15   KDC has no support for checksum type
-KDC_ERR_PADATA_TYPE_NOSUPP     16   KDC has no support for padata type
-KDC_ERR_TRTYPE_NOSUPP          17   KDC has no support for transited type
-KDC_ERR_CLIENT_REVOKED         18   Clients credentials have been revoked
-KDC_ERR_SERVICE_REVOKED        19   Credentials for server have been revoked
-KDC_ERR_TGT_REVOKED            20   TGT has been revoked
-KDC_ERR_CLIENT_NOTYET          21   Client not yet valid - try again later
-KDC_ERR_SERVICE_NOTYET         22   Server not yet valid - try again later
-KDC_ERR_KEY_EXPIRED            23   Password has expired - change password
-to reset
-KDC_ERR_PREAUTH_FAILED         24   Pre-authentication information was
-invalid
-KDC_ERR_PREAUTH_REQUIRED       25   Additional pre-authenticationrequired
-[40]
-KDC_ERR_SERVER_NOMATCH         26   Requested server and ticket don't match
-KDC_ERR_MUST_USE_USER2USER     27   Server principal valid for user2user
-only
-KDC_ERR_PATH_NOT_ACCPETED      28   KDC Policy rejects transited path
-KRB_AP_ERR_BAD_INTEGRITY       31   Integrity check on decrypted field
-failed
-KRB_AP_ERR_TKT_EXPIRED         32   Ticket expired
-KRB_AP_ERR_TKT_NYV             33   Ticket not yet valid
-KRB_AP_ERR_REPEAT              34   Request is a replay
-KRB_AP_ERR_NOT_US              35   The ticket isn't for us
-KRB_AP_ERR_BADMATCH            36   Ticket and authenticator don't match
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-KRB_AP_ERR_SKEW                37   Clock skew too great
-KRB_AP_ERR_BADADDR             38   Incorrect net address
-KRB_AP_ERR_BADVERSION          39   Protocol version mismatch
-KRB_AP_ERR_MSG_TYPE            40   Invalid msg type
-KRB_AP_ERR_MODIFIED            41   Message stream modified
-KRB_AP_ERR_BADORDER            42   Message out of order
-KRB_AP_ERR_BADKEYVER           44   Specified version of key is not
-available
-KRB_AP_ERR_NOKEY               45   Service key not available
-KRB_AP_ERR_MUT_FAIL            46   Mutual authentication failed
-KRB_AP_ERR_BADDIRECTION        47   Incorrect message direction
-KRB_AP_ERR_METHOD              48   Alternative authentication method
-required
-KRB_AP_ERR_BADSEQ              49   Incorrect sequence number in message
-KRB_AP_ERR_INAPP_CKSUM         50   Inappropriate type of checksum in
-message
-KRB_AP_PATH_NOT_ACCEPTED       51   Policy rejects transited path
-KRB_ERR_RESPONSE_TOO_BIG       52   Response too big for UDP, retry with TCP
-KRB_ERR_GENERIC                60   Generic error (description in e-text)
-KRB_ERR_FIELD_TOOLONG          61   Field is too long for this
-implementation
-KDC_ERROR_CLIENT_NOT_TRUSTED   62   (pkinit)
-KDC_ERROR_KDC_NOT_TRUSTED      63   (pkinit)
-KDC_ERROR_INVALID_SIG          64   (pkinit)
-KDC_ERR_KEY_TOO_WEAK           65   (pkinit)
-KDC_ERR_CERTIFICATE_MISMATCH   66   (pkinit)
-
-9. Interoperability requirements
-
-Version 5 of the Kerberos protocol supports a myriad of options. Among
-these are multiple encryption and checksum types, alternative encoding
-schemes for the transited field, optional mechanisms for
-pre-authentication, the handling of tickets with no addresses, options for
-mutual authentication, user to user authentication, support for proxies,
-forwarding, postdating, and renewing tickets, the format of realm names,
-and the handling of authorization data.
-
-In order to ensure the interoperability of realms, it is necessary to
-define a minimal configuration which must be supported by all
-implementations. This minimal configuration is subject to change as
-technology does. For example, if at some later date it is discovered that
-one of the required encryption or checksum algorithms is not secure, it
-will be replaced.
-
-9.1. Specification 2
-
-This section defines the second specification of these options.
-Implementations which are configured in this way can be said to support
-Kerberos Version 5 Specification 2 (5.1). Specification 1 (depricated) may
-be found in RFC1510.
-
-Transport
-
-TCP/IP and UDP/IP transport must be supported by KDCs claiming conformance
-to specification 2. Kerberos clients claiming conformance to specification
-2 must support UDP/IP transport for messages with the KDC and should
-support TCP/IP transport.
-
-Encryption and checksum methods
-
-The following encryption and checksum mechanisms must be supported.
-Implementations may support other mechanisms as well, but the additional
-mechanisms may only be used when communicating with principals known to
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-also support them: This list is to be determined.
-
-Encryption: DES-CBC-MD5
-Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5
-
-Realm Names
-
-All implementations must understand hierarchical realms in both the
-Internet Domain and the X.500 style. When a ticket granting ticket for an
-unknown realm is requested, the KDC must be able to determine the names of
-the intermediate realms between the KDCs realm and the requested realm.
-
-Transited field encoding
-
-DOMAIN-X500-COMPRESS (described in section 3.3.3.2) must be supported.
-Alternative encodings may be supported, but they may be used only when that
-encoding is supported by ALL intermediate realms.
-
-Pre-authentication methods
-
-The TGS-REQ method must be supported. The TGS-REQ method is not used on the
-initial request. The PA-ENC-TIMESTAMP method must be supported by clients
-but whether it is enabled by default may be determined on a realm by realm
-basis. If not used in the initial request and the error
-KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENC-TIMESTAMP as an
-acceptable method, the client should retry the initial request using the
-PA-ENC-TIMESTAMP preauthentication method. Servers need not support the
-PA-ENC-TIMESTAMP method, but if not supported the server should ignore the
-presence of PA-ENC-TIMESTAMP pre-authentication in a request.
-
-Mutual authentication
-
-Mutual authentication (via the KRB_AP_REP message) must be supported.
-
-Ticket addresses and flags
-
-All KDC's must pass on tickets that carry no addresses (i.e. if a TGT
-contains no addresses, the KDC will return derivative tickets), but each
-realm may set its own policy for issuing such tickets, and each application
-server will set its own policy with respect to accepting them.
-
-Proxies and forwarded tickets must be supported. Individual realms and
-application servers can set their own policy on when such tickets will be
-accepted.
-
-All implementations must recognize renewable and postdated tickets, but
-need not actually implement them. If these options are not supported, the
-starttime and endtime in the ticket shall specify a ticket's entire useful
-life. When a postdated ticket is decoded by a server, all implementations
-shall make the presence of the postdated flag visible to the calling
-server.
-
-User-to-user authentication
-
-Support for user to user authentication (via the ENC-TKT-IN-SKEY KDC
-option) must be provided by implementations, but individual realms may
-decide as a matter of policy to reject such requests on a per-principal or
-realm-wide basis.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-Authorization data
-
-Implementations must pass all authorization data subfields from
-ticket-granting tickets to any derivative tickets unless directed to
-suppress a subfield as part of the definition of that registered subfield
-type (it is never incorrect to pass on a subfield, and no registered
-subfield types presently specify suppression at the KDC).
-
-Implementations must make the contents of any authorization data subfields
-available to the server when a ticket is used. Implementations are not
-required to allow clients to specify the contents of the authorization data
-fields.
-
-Constant ranges
-
-All protocol constants are constrained to 32 bit (signed) values unless
-further constrained by the protocol definition. This limit is provided to
-allow implementations to make assumptions about the maximum values that
-will be received for these constants. Implementation receiving values
-outside this range may reject the request, but they must recover cleanly.
-
-9.2. Recommended KDC values
-
-Following is a list of recommended values for a KDC implementation, based
-on the list of suggested configuration constants (see section 4.4).
-
-minimum lifetime              5 minutes
-maximum renewable lifetime    1 week
-maximum ticket lifetime       1 day
-empty addresses               only when suitable  restrictions  appear
-                              in authorization data
-proxiable, etc.               Allowed.
-
-10. REFERENCES
-
-[NT94]    B. Clifford Neuman and Theodore Y. Ts'o, "An  Authenti-
-          cation  Service for Computer Networks," IEEE Communica-
-          tions Magazine, Vol. 32(9), pp. 33-38 (September 1994).
-
-[MNSS87]  S. P. Miller, B. C. Neuman, J. I. Schiller, and  J.  H.
-          Saltzer,  Section  E.2.1:  Kerberos  Authentication and
-          Authorization System, M.I.T. Project Athena, Cambridge,
-          Massachusetts (December 21, 1987).
-
-[SNS88]   J. G. Steiner, B. C. Neuman, and J. I. Schiller,  "Ker-
-          beros:  An Authentication Service for Open Network Sys-
-          tems," pp. 191-202 in  Usenix  Conference  Proceedings,
-          Dallas, Texas (February, 1988).
-
-[NS78]    Roger M.  Needham  and  Michael  D.  Schroeder,  "Using
-          Encryption for Authentication in Large Networks of Com-
-          puters,"  Communications  of  the  ACM,  Vol.   21(12),
-          pp. 993-999 (December, 1978).
-
-[DS81]    Dorothy E. Denning and  Giovanni  Maria  Sacco,  "Time-
-          stamps  in  Key Distribution Protocols," Communications
-          of the ACM, Vol. 24(8), pp. 533-536 (August 1981).
-
-[KNT92]   John T. Kohl, B. Clifford Neuman, and Theodore Y. Ts'o,
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-          "The Evolution of the Kerberos Authentication Service,"
-          in an IEEE Computer Society Text soon to  be  published
-          (June 1992).
-
-[Neu93]   B.  Clifford  Neuman,  "Proxy-Based  Authorization  and
-          Accounting  for Distributed Systems," in Proceedings of
-          the 13th International Conference on  Distributed  Com-
-          puting Systems, Pittsburgh, PA (May, 1993).
-
-[DS90]    Don Davis and Ralph Swick,  "Workstation  Services  and
-          Kerberos  Authentication  at Project Athena," Technical
-          Memorandum TM-424,  MIT Laboratory for Computer Science
-          (February 1990).
-
-[LGDSR87] P. J. Levine, M. R. Gretzinger, J. M. Diaz, W. E.  Som-
-          merfeld,  and  K. Raeburn, Section E.1: Service Manage-
-          ment System, M.I.T.  Project  Athena,  Cambridge,  Mas-
-          sachusetts (1987).
-
-[X509-88] CCITT, Recommendation X.509: The Directory  Authentica-
-          tion Framework, December 1988.
-
-[Pat92].  J. Pato, Using  Pre-Authentication  to  Avoid  Password
-          Guessing  Attacks, Open Software Foundation DCE Request
-          for Comments 26 (December 1992).
-
-[DES77]   National Bureau of Standards, U.S. Department  of  Com-
-          merce,  "Data Encryption Standard," Federal Information
-          Processing Standards Publication  46,   Washington,  DC
-          (1977).
-
-[DESM80]  National Bureau of Standards, U.S. Department  of  Com-
-          merce,  "DES  Modes  of Operation," Federal Information
-          Processing Standards Publication 81,   Springfield,  VA
-          (December 1980).
-
-[SG92]    Stuart G. Stubblebine and Virgil D. Gligor, "On Message
-          Integrity  in  Cryptographic Protocols," in Proceedings
-          of the IEEE  Symposium  on  Research  in  Security  and
-          Privacy, Oakland, California (May 1992).
-
-[IS3309]  International Organization  for  Standardization,  "ISO
-          Information  Processing  Systems - Data Communication -
-          High-Level Data Link Control Procedure -  Frame  Struc-
-          ture," IS 3309 (October 1984).  3rd Edition.
-
-[MD4-92]  R. Rivest, "The  MD4  Message  Digest  Algorithm,"  RFC
-          1320,   MIT  Laboratory  for  Computer  Science  (April
-          1992).
-
-[MD5-92]  R. Rivest, "The  MD5  Message  Digest  Algorithm,"  RFC
-          1321,   MIT  Laboratory  for  Computer  Science  (April
-          1992).
-
-[KBC96]   H. Krawczyk, M. Bellare, and R. Canetti, "HMAC:  Keyed-
-          Hashing  for  Message  Authentication,"  Working  Draft
-          draft-ietf-ipsec-hmac-md5-01.txt,   (August 1996).
-
-[Horowitz96] Horowitz, M., "Key Derivation for Authentication,
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-          Integrity, and Privacy", draft-horowitz-key-derivation-02.txt,
-          August 1998.
-
-[HorowitzB96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
-          horowitz-kerb-key-derivation-01.txt, September 1998.
-
-[Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
-          Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
-          md5-01.txt, August, 1996.
-
-A. Pseudo-code for protocol processing
-
-This appendix provides pseudo-code describing how the messages are to be
-constructed and interpreted by clients and servers.
-
-A.1. KRB_AS_REQ generation
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_AS_REQ */
-
-        if(pa_enc_timestamp_required) then
-                request.padata.padata-type = PA-ENC-TIMESTAMP;
-                get system_time;
-                padata-body.patimestamp,pausec = system_time;
-                encrypt padata-body into request.padata.padata-value
-                        using client.key; /* derived from password */
-        endif
-
-        body.kdc-options := users's preferences;
-        body.cname := user's name;
-        body.realm := user's realm;
-        body.sname := service's name; /* usually "krbtgt",  "localrealm" */
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-        omit body.enc-authorization-data;
-        request.req-body := body;
-
-        kerberos := lookup(name of local kerberos server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-A.2. KRB_AS_REQ verification and KRB_AS_REP generation
-
-        decode message into req;
-
-        client := lookup(req.cname,req.realm);
-        server := lookup(req.sname,req.realm);
-
-        get system_time;
-        kdc_time := system_time.seconds;
-
-        if (!client) then
-                /* no client in Database */
-                error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-        endif
-        if (!server) then
-                /* no server in Database */
-                error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-        endif
-
-        if(client.pa_enc_timestamp_required and
-           pa_enc_timestamp not present) then
-                error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-        endif
-
-        if(pa_enc_timestamp present) then
-                decrypt req.padata-value into decrypted_enc_timestamp
-                        using client.key;
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                if(decrypted_enc_timestamp is not within allowable skew)
-then
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                if(decrypted_enc_timestamp and usec is replay)
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                add decrypted_enc_timestamp and usec to replay cache;
-        endif
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := req.srealm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        if (req.kdc-options.FORWARDABLE is set) then
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.PROXIABLE is set) then
-                set new_tkt.flags.PROXIABLE;
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if ((req.kdc-options.RENEW is set) or
-            (req.kdc-options.VALIDATE is set) or
-            (req.kdc-options.PROXY is set) or
-            (req.kdc-options.FORWARDED is set) or
-            (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.session := random_session_key();
-        new_tkt.cname := req.cname;
-        new_tkt.crealm := req.crealm;
-        new_tkt.transited := empty_transited_field();
-
-        new_tkt.authtime := kdc_time;
-
-        if (req.kdc-options.POSTDATED is set) then
-           if (against_postdate_policy(req.from)) then
-                error_out(KDC_ERR_POLICY);
-           endif
-           set new_tkt.flags.POSTDATED;
-           set new_tkt.flags.INVALID;
-           new_tkt.starttime := req.from;
-        else
-           omit new_tkt.starttime; /* treated as authtime when omitted */
-        endif
-        if (req.till = 0) then
-                till := infinity;
-        else
-                till := req.till;
-        endif
-
-        new_tkt.endtime := min(till,
-                              new_tkt.starttime+client.max_life,
-                              new_tkt.starttime+server.max_life,
-                              new_tkt.starttime+max_life_for_realm);
-
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (new_tkt.endtime < req.till)) then
-                /* we set the RENEWABLE option for later processing */
-                set req.kdc-options.RENEWABLE;
-                req.rtime := req.till;
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if (req.kdc-options.RENEWABLE is set) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-
-new_tkt.starttime+client.max_rlife,
-
-new_tkt.starttime+server.max_rlife,
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-new_tkt.starttime+max_rlife_for_realm);
-        else
-                omit new_tkt.renew-till; /* only present if RENEWABLE */
-        endif
-
-        if (req.addresses) then
-                new_tkt.caddr := req.addresses;
-        else
-                omit new_tkt.caddr;
-        endif
-
-        new_tkt.authorization_data := empty_authorization_data();
-
-        encode to-be-encrypted part of ticket into OCTET STRING;
-        new_tkt.enc-part := encrypt OCTET STRING
-                using etype_for_key(server.key), server.key, server.p_kvno;
-
-        /* Start processing the response */
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_AS_REP;
-        resp.cname := req.cname;
-        resp.crealm := req.realm;
-        resp.ticket := new_tkt;
-
-        resp.key := new_tkt.session;
-        resp.last-req := fetch_last_request_info(client);
-        resp.nonce := req.nonce;
-        resp.key-expiration := client.expiration;
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        resp.realm := new_tkt.realm;
-        resp.sname := new_tkt.sname;
-
-        resp.caddr := new_tkt.caddr;
-
-        encode body of reply into OCTET STRING;
-
-        resp.enc-part := encrypt OCTET STRING
-                         using use_etype, client.key, client.p_kvno;
-        send(resp);
-
-A.3. KRB_AS_REP verification
-
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) then
-                        set pa_enc_timestamp_required;
-                        goto KRB_AS_REQ;
-                endif
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key */
-        /* from the response immediately */
-
-        key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
-                                 resp.padata);
-        unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and key;
-        zero(key);
-
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        if near(resp.princ_exp) then
-                print(warning message);
-        endif
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.4. KRB_AS_REP and KRB_TGS_REP common checks
-
-        if (decryption_error() or
-            (req.cname != resp.cname) or
-            (req.realm != resp.crealm) or
-            (req.sname != resp.sname) or
-            (req.realm != resp.realm) or
-            (req.nonce != resp.nonce) or
-            (req.addresses != resp.caddr)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        /* make sure no flags are set that shouldn't be, and that all that
-*/
-        /* should be are set
-*/
-        if (!check_flags_for_compatability(req.kdc-options,resp.flags)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.from = 0) and
-            (resp.starttime is not within allowable skew)) then
-                destroy resp.key;
-                return KRB_AP_ERR_SKEW;
-        endif
-        if ((req.from != 0) and (req.from != resp.starttime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.till != 0) and (resp.endtime > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (resp.flags.RENEWABLE) and
-            (req.till != 0) and
-            (resp.renew-till > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-A.5. KRB_TGS_REQ generation
-
-        /* Note that make_application_request might have to recursivly
-*/
-        /* call this routine to get the appropriate ticket-granting ticket
-*/
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-        body.kdc-options := users's preferences;
-        /* If the TGT is not for the realm of the end-server  */
-        /* then the sname will be for a TGT for the end-realm */
-        /* and the realm of the requested ticket (body.realm) */
-        /* will be that of the TGS to which the TGT we are    */
-        /* sending applies                                    */
-        body.sname := service's name;
-        body.realm := service's realm;
-
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-
-        body.enc-authorization-data := user-supplied data;
-        if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                body.additional-tickets_ticket := second TGT;
-        endif
-
-        request.req-body := body;
-        check := generate_checksum (req.body,checksumtype);
-
-        request.padata[0].padata-type := PA-TGS-REQ;
-        request.padata[0].padata-value := create a KRB_AP_REQ using
-                                      the TGT and checksum
-
-        /* add in any other padata as required/supplied */
-        kerberos := lookup(name of local kerberose server (or servers));
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
-
-        /* note that reading the application request requires first
-        determining the server for which a ticket was issued, and choosing
-the
-        correct key for decryption.  The name of the server appears in the
-        plaintext part of the ticket. */
-
-        if (no KRB_AP_REQ in req.padata) then
-                error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-        endif
-        verify KRB_AP_REQ in req.padata;
-
-        /* Note that the realm in which the Kerberos server is operating is
-        determined by the instance from the ticket-granting ticket.  The
-realm
-        in the ticket-granting ticket is the realm under which the ticket
-        granting ticket was issued.  It is possible for a single Kerberos
-        server to support more than one realm. */
-
-        auth_hdr := KRB_AP_REQ;
-        tgt := auth_hdr.ticket;
-
-        if (tgt.sname is not a TGT for local realm and is not req.sname)
-then
-                error_out(KRB_AP_ERR_NOT_US);
-
-        realm := realm_tgt_is_for(tgt);
-
-        decode remainder of request;
-
-        if (auth_hdr.authenticator.cksum is missing) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-        if (auth_hdr.authenticator.cksum type is not supported) then
-                error_out(KDC_ERR_SUMTYPE_NOSUPP);
-        endif
-        if (auth_hdr.authenticator.cksum is not both collision-proof and
-keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-        set computed_checksum := checksum(req);
-        if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        server := lookup(req.sname,realm);
-
-        if (!server) then
-                if (is_foreign_tgt_name(req.sname)) then
-                        server := best_intermediate_tgs(req.sname);
-                else
-                        /* no server in Database */
-                        error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                endif
-        endif
-
-        session := generate_random_session_key();
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := realm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        new_tkt.caddr := tgt.caddr;
-        resp.caddr := NULL; /* We only include this if they change */
-        if (req.kdc-options.FORWARDABLE is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.FORWARDED is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDED;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-        if (tgt.flags.FORWARDED is set) then
-                set new_tkt.flags.FORWARDED;
-        endif
-
-        if (req.kdc-options.PROXIABLE is set) then
-                if (tgt.flags.PROXIABLE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXIABLE;
-        endif
-        if (req.kdc-options.PROXY is set) then
-                if (tgt.flags.PROXIABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXY;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                if (tgt.flags.MAY-POSTDATE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if (req.kdc-options.POSTDATED is set) then
-                if (tgt.flags.MAY-POSTDATE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                if (against_postdate_policy(req.from)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                new_tkt.starttime := req.from;
-        endif
-
-        if (req.kdc-options.VALIDATE is set) then
-                if (tgt.flags.INVALID is reset) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                if (tgt.starttime > kdc_time) then
-                        error_out(KRB_AP_ERR_NYV);
-                endif
-                if (check_hot_list(tgt)) then
-                        error_out(KRB_AP_ERR_REPEAT);
-                endif
-                tkt := tgt;
-                reset new_tkt.flags.INVALID;
-        endif
-
-        if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                             and those already processed) is set) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.authtime := tgt.authtime;
-
-        if (req.kdc-options.RENEW is set) then
-          /* Note that if the endtime has already passed, the ticket would
-*/
-          /* have been rejected in the initial authentication stage, so
-*/
-          /* there is no need to check again here
-*/
-                if (tgt.flags.RENEWABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                if (tgt.renew-till < kdc_time) then
-                        error_out(KRB_AP_ERR_TKT_EXPIRED);
-                endif
-                tkt := tgt;
-                new_tkt.starttime := kdc_time;
-                old_life := tgt.endttime - tgt.starttime;
-                new_tkt.endtime := min(tgt.renew-till,
-                                       new_tkt.starttime + old_life);
-        else
-                new_tkt.starttime := kdc_time;
-                if (req.till = 0) then
-                        till := infinity;
-                else
-                        till := req.till;
-                endif
-
-                new_tkt.endtime := min(till,
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                                       new_tkt.starttime+client.max_life,
-                                       new_tkt.starttime+server.max_life,
-                                       new_tkt.starttime+max_life_for_realm,
-                                       tgt.endtime);
-
-                if ((req.kdc-options.RENEWABLE-OK is set) and
-                    (new_tkt.endtime < req.till) and
-                    (tgt.flags.RENEWABLE is set) then
-                        /* we set the RENEWABLE option for later processing
-*/
-                        set req.kdc-options.RENEWABLE;
-                        req.rtime := min(req.till, tgt.renew-till);
-                endif
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (tgt.flags.RENEWABLE is set)) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-
-new_tkt.starttime+client.max_rlife,
-
-new_tkt.starttime+server.max_rlife,
-
-new_tkt.starttime+max_rlife_for_realm,
-                                          tgt.renew-till);
-        else
-                new_tkt.renew-till := OMIT; /* leave the renew-till field
-out */
-        endif
-        if (req.enc-authorization-data is present) then
-                decrypt req.enc-authorization-data into
-decrypted_authorization_data
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                endif
-        endif
-        new_tkt.authorization_data := req.auth_hdr.ticket.authorization_data
-+
-                                 decrypted_authorization_data;
-
-        new_tkt.key := session;
-        new_tkt.crealm := tgt.crealm;
-        new_tkt.cname := req.auth_hdr.ticket.cname;
-
-        if (realm_tgt_is_for(tgt) := tgt.realm) then
-                /* tgt issued by local realm */
-                new_tkt.transited := tgt.transited;
-        else
-                /* was issued for this realm by some other realm */
-                if (tgt.transited.tr-type not supported) then
-                        error_out(KDC_ERR_TRTYPE_NOSUPP);
-                endif
-                new_tkt.transited := compress_transited(tgt.transited +
-tgt.realm)
-                /* Don't check tranited field if TGT for foreign realm,
-                 * or requested not to check */
-                if (is_not_foreign_tgt_name(new_tkt.server)
-                   && req.kdc-options.DISABLE-TRANSITED-CHECK not set) then
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                        /* Check it, so end-server does not have to
-                         * but don't fail, end-server may still accept it */
-                        if (check_transited_field(new_tkt.transited) == OK)
-                              set new_tkt.flags.TRANSITED-POLICY-CHECKED;
-                        endif
-                endif
-        endif
-
-        encode encrypted part of new_tkt into OCTET STRING;
-        if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                if (server not specified) then
-                        server = req.second_ticket.client;
-                endif
-                if ((req.second_ticket is not a TGT) or
-                    (req.second_ticket.client != server)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-
-                new_tkt.enc-part := encrypt OCTET STRING using
-                        using etype_for_key(second-ticket.key),
-second-ticket.key;
-        else
-                new_tkt.enc-part := encrypt OCTET STRING
-                        using etype_for_key(server.key), server.key,
-server.p_kvno;
-        endif
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_TGS_REP;
-        resp.crealm := tgt.crealm;
-        resp.cname := tgt.cname;
-        resp.ticket := new_tkt;
-
-        resp.key := session;
-        resp.nonce := req.nonce;
-        resp.last-req := fetch_last_request_info(client);
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        omit resp.key-expiration;
-
-        resp.sname := new_tkt.sname;
-        resp.realm := new_tkt.realm;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        encode body of reply into OCTET STRING;
-
-        if (req.padata.authenticator.subkey)
-                resp.enc-part := encrypt OCTET STRING using use_etype,
-                        req.padata.authenticator.subkey;
-        else resp.enc-part := encrypt OCTET STRING using use_etype, tgt.key;
-
-        send(resp);
-
-A.7. KRB_TGS_REP verification
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key from
-        the response immediately */
-
-        if (req.padata.authenticator.subkey)
-                unencrypted part of resp := decode of decrypt of
-resp.enc-part
-                        using resp.enc-part.etype and subkey;
-        else unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and tgt's session
-key;
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        check authorization_data as necessary;
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.8. Authenticator generation
-
-        body.authenticator-vno := authenticator vno; /* = 5 */
-        body.cname, body.crealm := client name;
-        if (supplying checksum) then
-                body.cksum := checksum;
-        endif
-        get system_time;
-        body.ctime, body.cusec := system_time;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-A.9. KRB_AP_REQ generation
-
-        obtain ticket and session_key from cache;
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REQ */
-
-        if (desired(MUTUAL_AUTHENTICATION)) then
-                set packet.ap-options.MUTUAL-REQUIRED;
-        else
-                reset packet.ap-options.MUTUAL-REQUIRED;
-        endif
-        if (using session key for ticket) then
-                set packet.ap-options.USE-SESSION-KEY;
-        else
-                reset packet.ap-options.USE-SESSION-KEY;
-        endif
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-        packet.ticket := ticket; /* ticket */
-        generate authenticator;
-        encode authenticator into OCTET STRING;
-        encrypt OCTET STRING into packet.authenticator using session_key;
-
-A.10. KRB_AP_REQ verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REQ) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.ticket.tkt_vno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.ap_options.USE-SESSION-KEY is set) then
-                retrieve session key from ticket-granting ticket for
-                 packet.ticket.{sname,srealm,enc-part.etype};
-        else
-                retrieve service key for
-                 packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno};
-        endif
-        if (no_key_available) then
-                if (cannot_find_specified_skvno) then
-                        error_out(KRB_AP_ERR_BADKEYVER);
-                else
-                        error_out(KRB_AP_ERR_NOKEY);
-                endif
-        endif
-        decrypt packet.ticket.enc-part into decr_ticket using retrieved key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        decrypt packet.authenticator into decr_authenticator
-                using decr_ticket.key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (decr_authenticator.{cname,crealm} !=
-            decr_ticket.{cname,crealm}) then
-                error_out(KRB_AP_ERR_BADMATCH);
-        endif
-        if (decr_ticket.caddr is present) then
-                if (sender_address(packet) is not in decr_ticket.caddr) then
-                        error_out(KRB_AP_ERR_BADADDR);
-                endif
-        elseif (application requires addresses) then
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(decr_authenticator.ctime,
-                              decr_authenticator.cusec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(decr_authenticator.{ctime,cusec,cname,crealm})) then
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-        get system_time;
-        if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-            (decr_ticket.flags.INVALID is set)) then
-                /* it hasn't yet become valid */
-                error_out(KRB_AP_ERR_TKT_NYV);
-        endif
-        if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                error_out(KRB_AP_ERR_TKT_EXPIRED);
-        endif
-        if (decr_ticket.transited) then
-            /* caller may ignore the TRANSITED-POLICY-CHECKED and do
-             * check anyway */
-            if (decr_ticket.flags.TRANSITED-POLICY-CHECKED not set) then
-                 if (check_transited_field(decr_ticket.transited) then
-                      error_out(KDC_AP_PATH_NOT_ACCPETED);
-                 endif
-            endif
-        endif
-        /* caller must check decr_ticket.flags for any pertinent details */
-        return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-A.11. KRB_AP_REP generation
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REP */
-
-        body.ctime := packet.ctime;
-        body.cusec := packet.cusec;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part;
-
-A.12. KRB_AP_REP verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REP) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        cleartext := decrypt(packet.enc-part) using ticket's session key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-        if (cleartext.ctime != authenticator.ctime) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.cusec != authenticator.cusec) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.subkey is present) then
-                save cleartext.subkey for future use;
-        endif
-        if (cleartext.seq-number is present) then
-                save cleartext.seq-number for future verifications;
-        endif
-        return(AUTHENTICATION_SUCCEEDED);
-
-A.13. KRB_SAFE generation
-
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_SAFE */
-
-        body.user-data := buffer; /* DATA */
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-        checksum.cksumtype := checksum type;
-        compute checksum over body;
-        checksum.checksum := checksum value; /* checksum.checksum */
-        packet.cksum := checksum;
-        packet.safe-body := body;
-
-A.14. KRB_SAFE verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_SAFE) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.checksum.cksumtype is not both collision-proof and keyed)
-then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-        if (safe_priv_common_checks_ok(packet)) then
-                set computed_checksum := checksum(packet.body);
-                if (computed_checksum != packet.checksum) then
-                        error_out(KRB_AP_ERR_MODIFIED);
-                endif
-                return (packet, PACKET_IS_GENUINE);
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-        else
-                return common_checks_error;
-        endif
-
-A.15. KRB_SAFE and KRB_PRIV common checks
-
-        if (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (((packet.timestamp is present) and
-             (not in_clock_skew(packet.timestamp,packet.usec))) or
-            (packet.timestamp is not present and timestamp expected)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-
-        if (((packet.seq-number is present) and
-             ((not in_sequence(packet.seq-number)))) or
-            (packet.seq-number is not present and sequence expected)) then
-                error_out(KRB_AP_ERR_BADORDER);
-        endif
-        if (packet.timestamp not present and packet.seq-number not present)
-then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        save_identifier(packet.{timestamp,usec,s-address},
-                        sender_principal(packet));
-
-        return PACKET_IS_OK;
-
-A.16. KRB_PRIV generation
-
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_PRIV */
-
-        packet.enc-part.etype := encryption type;
-
-        body.user-data := buffer;
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher;
-
-A.17. KRB_PRIV verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_PRIV) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-
-        if (safe_priv_common_checks_ok(cleartext)) then
-                return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
-        else
-                return common_checks_error;
-        endif
-
-A.18. KRB_CRED generation
-
-        invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_CRED */
-
-        for (tickets[n] in tickets to be forwarded) do
-                packet.tickets[n] = tickets[n].ticket;
-        done
-
-        packet.enc-part.etype := encryption type;
-
-        for (ticket[n] in tickets to be forwarded) do
-                body.ticket-info[n].key = tickets[n].session;
-                body.ticket-info[n].prealm = tickets[n].crealm;
-                body.ticket-info[n].pname = tickets[n].cname;
-                body.ticket-info[n].flags = tickets[n].flags;
-                body.ticket-info[n].authtime = tickets[n].authtime;
-                body.ticket-info[n].starttime = tickets[n].starttime;
-                body.ticket-info[n].endtime = tickets[n].endtime;
-                body.ticket-info[n].renew-till = tickets[n].renew-till;
-                body.ticket-info[n].srealm = tickets[n].srealm;
-                body.ticket-info[n].sname = tickets[n].sname;
-                body.ticket-info[n].caddr = tickets[n].caddr;
-        done
-
-        get system_time;
-        body.timestamp, body.usec := system_time;
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-        if (using nonce) then
-                body.nonce := nonce;
-        endif
-
-        if (using s-address) then
-                body.s-address := sender host addresses;
-        endif
-        if (limited recipients) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher
-               using negotiated encryption key;
-
-A.19. KRB_CRED verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_CRED) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if ((packet.r-address is present or required) and
-           (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        if (packet.nonce is required or present) and
-           (packet.nonce != expected-nonce) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        for (ticket[n] in tickets that were forwarded) do
-                save_for_later(ticket[n],key[n],principal[n],
-                               server[n],times[n],flags[n]);
-        return
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-A.20. KRB_ERROR generation
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_ERROR */
-
-        get system_time;
-        packet.stime, packet.susec := system_time;
-        packet.realm, packet.sname := server name;
-
-        if (client time available) then
-                packet.ctime, packet.cusec := client_time;
-        endif
-        packet.error-code := error code;
-        if (client name available) then
-                packet.cname, packet.crealm := client name;
-        endif
-        if (error text available) then
-                packet.e-text := error text;
-        endif
-        if (error data available) then
-                packet.e-data := error data;
-        endif
-
-B. Definition of common authorization data elements
-
-This appendix contains the definitions of common authorization data
-elements. These common authorization data elements are recursivly defined,
-meaning the ad-data for these types will itself contain a sequence of
-authorization data whose interpretation is affected by the encapsulating
-element. Depending on the meaning of the encapsulating element, the
-encapsulated elements may be ignored, might be interpreted as issued
-directly by the KDC, or they might be stored in a separate plaintext part
-of the ticket. The types of the encapsulating elements are specified as
-part of the Kerberos specification because the behavior based on these
-values should be understood across implementations whereas other elements
-need only be understood by the applications which they affect.
-
-In the definitions that follow, the value of the ad-type for the element
-will be specified in the subsection number, and the value of the ad-data
-will be as shown in the ASN.1 structure that follows the subsection
-heading.
-
-B.1. KDC Issued
-
-AD-KDCIssued   SEQUENCE {
-               ad-checksum[0]    Checksum,
-                i-realm[1]       Realm OPTIONAL,
-                i-sname[2]       PrincipalName OPTIONAL,
-               elements[3]       AuthorizationData.
-}
-
-ad-checksum
-     A checksum over the elements field using a cryptographic checksum
-     method that is identical to the checksum used to protect the ticket
-     itself (i.e. using the same hash function and the same encryption
-     algorithm used to encrypt the ticket) and using a key derived from the
-     same key used to protect the ticket.
-i-realm, i-sname
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-     The name of the issuing principal if different from the KDC itself.
-     This field would be used when the KDC can verify the authenticity of
-     elements signed by the issuing principal and it allows this KDC to
-     notify the application server of the validity of those elements.
-elements
-     A sequence of authorization data elements issued by the KDC.
-
-The KDC-issued ad-data field is intended to provide a means for Kerberos
-principal credentials to embed within themselves privilege attributes and
-other mechanisms for positive authorization, amplifying the priveleges of
-the principal beyond what can be done using a credentials without such an
-a-data element.
-
-This can not be provided without this element because the definition of the
-authorization-data field allows elements to be added at will by the bearer
-of a TGT at the time that they request service tickets and elements may
-also be added to a delegated ticket by inclusion in the authenticator.
-
-For KDC-issued elements this is prevented because the elements are signed
-by the KDC by including a checksum encrypted using the server's key (the
-same key used to encrypt the ticket - or a key derived from that key).
-Elements encapsulated with in the KDC-issued element will be ignored by the
-application server if this "signature" is not present. Further, elements
-encapsulated within this element from a ticket granting ticket may be
-interpreted by the KDC, and used as a basis according to policy for
-including new signed elements within derivative tickets, but they will not
-be copied to a derivative ticket directly. If they are copied directly to a
-derivative ticket by a KDC that is not aware of this element, the signature
-will not be correct for the application ticket elements, and the field will
-be ignored by the application server.
-
-This element and the elements it encapulates may be safely ignored by
-applications, application servers, and KDCs that do not implement this
-element.
-
-B.2. Intended for server
-
-AD-INTENDED-FOR-SERVER   SEQUENCE {
-         intended-server[0]     SEQUENCE OF PrincipalName
-         elements[1]            AuthorizationData
-}
-
-AD elements encapsulated within the intended-for-server element may be
-ignored if the application server is not in the list of principal names of
-intended servers. Further, a KDC issuing a ticket for an application server
-can remove this element if the application server is not in the list of
-intended servers.
-
-Application servers should check for their principal name in the
-intended-server field of this element. If their principal name is not
-found, this element should be ignored. If found, then the encapsulated
-elements should be evaluated in the same manner as if they were present in
-the top level authorization data field. Applications and application
-servers that do not implement this element should reject tickets that
-contain authorization data elements of this type.
-
-B.3. Intended for application class
-
-AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE { intended-application-class[0]
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-SEQUENCE OF GeneralString elements[1] AuthorizationData } AD elements
-encapsulated within the intended-for-application-class element may be
-ignored if the application server is not in one of the named classes of
-application servers. Examples of application server classes include
-"FILESYSTEM", and other kinds of servers.
-
-This element and the elements it encapulates may be safely ignored by
-applications, application servers, and KDCs that do not implement this
-element.
-
-B.4. If relevant
-
-AD-IF-RELEVANT   AuthorizationData
-
-AD elements encapsulated within the if-relevant element are intended for
-interpretation only by application servers that understand the particular
-ad-type of the embedded element. Application servers that do not understand
-the type of an element embedded within the if-relevant element may ignore
-the uninterpretable element. This element promotes interoperability across
-implementations which may have local extensions for authorization.
-
-B.5. And-Or
-
-AD-AND-OR           SEQUENCE {
-                        condition-count[0]    INTEGER,
-                        elements[1]           AuthorizationData
-}
-
-When restrictive AD elements encapsulated within the and-or element are
-encountered, only the number specified in condition-count of the
-encapsulated conditions must be met in order to satisfy this element. This
-element may be used to implement an "or" operation by setting the
-condition-count field to 1, and it may specify an "and" operation by
-setting the condition count to the number of embedded elements. Application
-servers that do not implement this element must reject tickets that contain
-authorization data elements of this type.
-
-B.6. Mandatory ticket extensions
-
-AD-Mandatory-Ticket-Extensions   Checksum
-
-An authorization data element of type mandatory-ticket-extensions specifies
-a collision-proof checksum using the same hash algorithm used to protect
-the integrity of the ticket itself. This checksum will be calculated over
-an individual extension field. If there are more than one extension,
-multiple Mandatory-Ticket-Extensions authorization data elements may be
-present, each with a checksum for a different extension field. This
-restriction indicates that the ticket should not be accepted if a ticket
-extension is not present in the ticket for which the checksum does not
-match that checksum specified in the authorization data element.
-Application servers that do not implement this element must reject tickets
-that contain authorization data elements of this type.
-
-B.7. Authorization Data in ticket extensions
-
-AD-IN-Ticket-Extensions   Checksum
-
-An authorization data element of type in-ticket-extensions specifies a
-collision-proof checksum using the same hash algorithm used to protect the
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-integrity of the ticket itself. This checksum is calculated over a separate
-external AuthorizationData field carried in the ticket extensions.
-Application servers that do not implement this element must reject tickets
-that contain authorization data elements of this type. Application servers
-that do implement this element will search the ticket extensions for
-authorization data fields, calculate the specified checksum over each
-authorization data field and look for one matching the checksum in this
-in-ticket-extensions element. If not found, then the ticket must be
-rejected. If found, the corresponding authorization data elements will be
-interpreted in the same manner as if they were contained in the top level
-authorization data field.
-
-Note that if multiple external authorization data fields are present in a
-ticket, each will have a corresponding element of type in-ticket-extensions
-in the top level authorization data field, and the external entries will be
-linked to the corresponding element by their checksums.
-
-C. Definition of common ticket extensions
-
-This appendix contains the definitions of common ticket extensions. Support
-for these extensions is optional. However, certain extensions have
-associated authorization data elements that may require rejection of a
-ticket containing an extension by application servers that do not implement
-the particular extension. Other extensions have been defined beyond those
-described in this specification. Such extensions are described elswhere and
-for some of those extensions the reserved number may be found in the list
-of constants.
-
-It is known that older versions of Kerberos did not support this field, and
-that some clients will strip this field from a ticket when they parse and
-then reassemble a ticket as it is passed to the application servers. The
-presence of the extension will not break such clients, but any functionaly
-dependent on the extensions will not work when such tickets are handled by
-old clients. In such situations, some implementation may use alternate
-methods to transmit the information in the extensions field.
-
-C.1. Null ticket extension
-
-TE-NullExtension   OctetString -- The empty Octet String
-
-The te-data field in the null ticket extension is an octet string of lenght
-zero. This extension may be included in a ticket granting ticket so that
-the KDC can determine on presentation of the ticket granting ticket whether
-the client software will strip the extensions field.
-
-C.2. External Authorization Data
-
-TE-ExternalAuthorizationData   AuthorizationData
-
-The te-data field in the external authorization data ticket extension is
-field of type AuthorizationData containing one or more authorization data
-elements. If present, a corresponding authorization data element will be
-present in the primary authorization data for the ticket and that element
-will contain a checksum of the external authorization data ticket
-extension.
-  ------------------------------------------------------------------------
-[TM] Project Athena, Athena, and Kerberos are trademarks of the
-Massachusetts Institute of Technology (MIT). No commercial use of these
-trademarks may be made without prior written permission of MIT.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-[1] Note, however, that many applications use Kerberos' functions only upon
-the initiation of a stream-based network connection. Unless an application
-subsequently provides integrity protection for the data stream, the
-identity verification applies only to the initiation of the connection, and
-does not guarantee that subsequent messages on the connection originate
-from the same principal.
-
-[2] Secret and private are often used interchangeably in the literature. In
-our usage, it takes two (or more) to share a secret, thus a shared DES key
-is a secret key. Something is only private when no one but its owner knows
-it. Thus, in public key cryptosystems, one has a public and a private key.
-
-[3] Of course, with appropriate permission the client could arrange
-registration of a separately-named prin- cipal in a remote realm, and
-engage in normal exchanges with that realm's services. However, for even
-small numbers of clients this becomes cumbersome, and more automatic
-methods as described here are necessary.
-
-[4] Though it is permissible to request or issue tick- ets with no network
-addresses specified.
-
-[5] The password-changing request must not be honored unless the requester
-can provide the old password (the user's current secret key). Otherwise, it
-would be possible for someone to walk up to an unattended ses- sion and
-change another user's password.
-
-[6] To authenticate a user logging on to a local system, the credentials
-obtained in the AS exchange may first be used in a TGS exchange to obtain
-credentials for a local server. Those credentials must then be verified by
-a local server through successful completion of the Client/Server exchange.
-
-[7] "Random" means that, among other things, it should be impossible to
-guess the next session key based on knowledge of past session keys. This
-can only be achieved in a pseudo-random number generator if it is based on
-cryptographic principles. It is more desirable to use a truly random number
-generator, such as one based on measurements of random physical phenomena.
-
-[8] Tickets contain both an encrypted and unencrypted portion, so cleartext
-here refers to the entire unit, which can be copied from one message and
-replayed in another without any cryptographic skill.
-
-[9] Note that this can make applications based on unreliable transports
-difficult to code correctly. If the transport might deliver duplicated
-messages, either a new authenticator must be generated for each retry, or
-the application server must match requests and replies and replay the first
-reply in response to a detected duplicate.
-
-[10] This is used for user-to-user authentication as described in [8].
-
-[11] Note that the rejection here is restricted to authenticators from the
-same principal to the same server. Other client principals communicating
-with the same server principal should not be have their authenticators
-rejected if the time and microsecond fields happen to match some other
-client's authenticator.
-
-[12] In the Kerberos version 4 protocol, the timestamp in the reply was the
-client's timestamp plus one. This is not necessary in version 5 because
-version 5 messages are formatted in such a way that it is not possible to
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-create the reply by judicious message surgery (even in encrypted form)
-without knowledge of the appropriate encryption keys.
-
-[13] Note that for encrypting the KRB_AP_REP message, the sub-session key
-is not used, even if present in the Authenticator.
-
-[14] Implementations of the protocol may wish to provide routines to choose
-subkeys based on session keys and random numbers and to generate a
-negotiated key to be returned in the KRB_AP_REP message.
-
-[15]This can be accomplished in several ways. It might be known beforehand
-(since the realm is part of the principal identifier), it might be stored
-in a nameserver, or it might be obtained from a configura- tion file. If
-the realm to be used is obtained from a nameserver, there is a danger of
-being spoofed if the nameservice providing the realm name is not authenti-
-cated. This might result in the use of a realm which has been compromised,
-and would result in an attacker's ability to compromise the authentication
-of the application server to the client.
-
-[16] If the client selects a sub-session key, care must be taken to ensure
-the randomness of the selected sub- session key. One approach would be to
-generate a random number and XOR it with the session key from the
-ticket-granting ticket.
-
-[17] This allows easy implementation of user-to-user authentication [8],
-which uses ticket-granting ticket session keys in lieu of secret server
-keys in situa- tions where such secret keys could be easily comprom- ised.
-
-[18] For the purpose of appending, the realm preceding the first listed
-realm is considered to be the null realm ("").
-
-[19] For the purpose of interpreting null subfields, the client's realm is
-considered to precede those in the transited field, and the server's realm
-is considered to follow them.
-
-[20] This means that a client and server running on the same host and
-communicating with one another using the KRB_SAFE messages should not share
-a common replay cache to detect KRB_SAFE replays.
-
-[21] The implementation of the Kerberos server need not combine the
-database and the server on the same machine; it is feasible to store the
-principal database in, say, a network name service, as long as the entries
-stored therein are protected from disclosure to and modification by
-unauthorized parties. However, we recommend against such strategies, as
-they can make system management and threat analysis quite complex.
-
-[22] See the discussion of the padata field in section 5.4.2 for details on
-why this can be useful.
-
-[23] Warning for implementations that unpack and repack data structures
-during the generation and verification of embedded checksums: Because any
-checksums applied to data structures must be checked against the original
-data the length of bit strings must be preserved within a data structure
-between the time that a checksum is generated through transmission to the
-time that the checksum is verified.
-
-[24] It is NOT recommended that this time value be used to adjust the
-workstation's clock since the workstation cannot reliably determine that
-such a KRB_AS_REP actually came from the proper KDC in a timely manner.
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-r-03        November 18 1998
-
-
-
-[25] Note, however, that if the time is used as the nonce, one must make
-sure that the workstation time is monotonically increasing. If the time is
-ever reset backwards, there is a small, but finite, probability that a
-nonce will be reused.
-
-[27] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[29] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[31] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[32] If supported by the encryption method in use, an initialization vector
-may be passed to the encryption procedure, in order to achieve proper
-cipher chaining. The initialization vector might come from the last block
-of the ciphertext from the previous KRB_PRIV message, but it is the
-application's choice whether or not to use such an initialization vector.
-If left out, the default initialization vector for the encryption algorithm
-will be used.
-
-[33] This prevents an attacker who generates an incorrect AS request from
-obtaining verifiable plaintext for use in an off-line password guessing
-attack.
-
-[35] In the above specification, UNTAGGED OCTET STRING(length) is the
-notation for an octet string with its tag and length removed. It is not a
-valid ASN.1 type. The tag bits and length must be removed from the
-confounder since the purpose of the confounder is so that the message
-starts with random data, but the tag and its length are fixed. For other
-fields, the length and tag would be redundant if they were included because
-they are specified by the encryption type. [36] The ordering of the fields
-in the CipherText is important. Additionally, messages encoded in this
-format must include a length as part of the msg-seq field. This allows the
-recipient to verify that the message has not been truncated. Without a
-length, an attacker could use a chosen plaintext attack to generate a
-message which could be truncated, while leaving the checksum intact. Note
-that if the msg-seq is an encoding of an ASN.1 SEQUENCE or OCTET STRING,
-then the length is part of that encoding.
-
-[37] In some cases, it may be necessary to use a different "mix-in" string
-for compatibility reasons; see the discussion of padata in section 5.4.2.
-
-[38] In some cases, it may be necessary to use a different "mix-in" string
-for compatibility reasons; see the discussion of padata in section 5.4.2.
-
-[39] A variant of the key is used to limit the use of a key to a particular
-function, separating the functions of generating a checksum from other
-encryption performed using the session key. The constant F0F0F0F0F0F0F0F0
-was chosen because it maintains key parity. The properties of DES precluded
-the use of the complement. The same constant is used for similar purpose in
-the Message Integrity Check in the Privacy Enhanced Mail standard.
-
-[40] This error carries additional information in the e- data field. The
-contents of the e-data field for this message is described in section
-5.9.1.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 18 May 1999
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-04.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-04.txt
deleted file mode 100644
index 16af15dbce9f..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-04.txt
+++ /dev/null
@@ -1,6780 +0,0 @@
-INTERNET-DRAFT                                          Clifford Neuman
-                                                              John Kohl
-                                                          Theodore Ts'o
-                                                          June 25, 1999
-                                              Expires December 25, 1999
-draft-ietf-cat-kerberos-revisions-04.txt
-
-The Kerberos Network Authentication Service (V5)
-
-STATUS OF THIS MEMO
-
-This document is an Internet-Draft and is in full conformance with all
-provisions of Section 10 of RFC2026. Internet-Drafts are working documents
-of the Internet Engineering Task Force (IETF), its areas, and its working
-groups. Note that other groups may also distribute working documents as
-Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six months and
-may be updated, replaced, or obsoleted by other documents at any time. It is
-inappropriate to use Internet- Drafts as reference material or to cite them
-other than as "work in progress."
-
-The list of current Internet-Drafts can be accessed at
-http://www.ietf.org/ietf/1id-abstracts.txt
-
-The list of Internet-Draft Shadow Directories can be accessed at
-http://www.ietf.org/shadow.html. To learn the current status of any
-Internet-Draft, please check the '1id-abstracts.txt' listing contained in
-the Internet-Drafts Shadow Directories.
-
-The distribution of this memo is unlimited. It is filed as
-draft-ietf-cat-kerberos-revisions-04.txt, and expires December 25th, 1999.
-Please send comments to: krb-protocol@MIT.EDU
-
-ABSTRACT
-
-This document provides an overview and specification of Version 5 of the
-Kerberos protocol, and updates RFC1510 to clarify aspects of the protocol
-and its intended use that require more detailed or clearer explanation than
-was provided in RFC1510. This document is intended to provide a detailed
-description of the protocol, suitable for implementation, together with
-descriptions of the appropriate use of protocol messages and fields within
-those messages.
-
-This document is not intended to describe Kerberos to the end user, system
-administrator, or application developer. Higher level papers describing
-Version 5 of the Kerberos system [NT94] and documenting version 4 [SNS88],
-are available elsewhere.
-
-OVERVIEW
-
-This INTERNET-DRAFT describes the concepts and model upon which the Kerberos
-network authentication system is based. It also specifies Version 5 of the
-Kerberos protocol.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The motivations, goals, assumptions, and rationale behind most design
-decisions are treated cursorily; they are more fully described in a paper
-available in IEEE communications [NT94] and earlier in the Kerberos portion
-of the Athena Technical Plan [MNSS87]. The protocols have been a proposed
-standard and are being considered for advancement for draft standard through
-the IETF standard process. Comments are encouraged on the presentation, but
-only minor refinements to the protocol as implemented or extensions that fit
-within current protocol framework will be considered at this time.
-
-Requests for addition to an electronic mailing list for discussion of
-Kerberos, kerberos@MIT.EDU, may be addressed to kerberos-request@MIT.EDU.
-This mailing list is gatewayed onto the Usenet as the group
-comp.protocols.kerberos. Requests for further information, including
-documents and code availability, may be sent to info-kerberos@MIT.EDU.
-
-BACKGROUND
-
-The Kerberos model is based in part on Needham and Schroeder's trusted
-third-party authentication protocol [NS78] and on modifications suggested by
-Denning and Sacco [DS81]. The original design and implementation of Kerberos
-Versions 1 through 4 was the work of two former Project Athena staff
-members, Steve Miller of Digital Equipment Corporation and Clifford Neuman
-(now at the Information Sciences Institute of the University of Southern
-California), along with Jerome Saltzer, Technical Director of Project
-Athena, and Jeffrey Schiller, MIT Campus Network Manager. Many other members
-of Project Athena have also contributed to the work on Kerberos.
-
-Version 5 of the Kerberos protocol (described in this document) has evolved
-from Version 4 based on new requirements and desires for features not
-available in Version 4. The design of Version 5 of the Kerberos protocol was
-led by Clifford Neuman and John Kohl with much input from the community. The
-development of the MIT reference implementation was led at MIT by John Kohl
-and Theodore T'so, with help and contributed code from many others. Since
-RFC1510 was issued, extensions and revisions to the protocol have been
-proposed by many individuals. Some of these proposals are reflected in this
-document. Where such changes involved significant effort, the document cites
-the contribution of the proposer.
-
-Reference implementations of both version 4 and version 5 of Kerberos are
-publicly available and commercial implementations have been developed and
-are widely used. Details on the differences between Kerberos Versions 4 and
-5 can be found in [KNT92].
-
-1. Introduction
-
-Kerberos provides a means of verifying the identities of principals, (e.g. a
-workstation user or a network server) on an open (unprotected) network. This
-is accomplished without relying on assertions by the host operating system,
-without basing trust on host addresses, without requiring physical security
-of all the hosts on the network, and under the assumption that packets
-traveling along the network can be read, modified, and inserted at will[1].
-Kerberos performs authentication under these conditions as a trusted
-third-party authentication service by using conventional (shared secret key
-[2] cryptography. Kerberos extensions have been proposed and implemented
-that provide for the use of public key cryptography during certain phases of
-the authentication protocol. These extensions provide for authentication of
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-users registered with public key certification authorities, and allow the
-system to provide certain benefits of public key cryptography in situations
-where they are needed.
-
-The basic Kerberos authentication process proceeds as follows: A client
-sends a request to the authentication server (AS) requesting 'credentials'
-for a given server. The AS responds with these credentials, encrypted in the
-client's key. The credentials consist of 1) a 'ticket' for the server and 2)
-a temporary encryption key (often called a "session key"). The client
-transmits the ticket (which contains the client's identity and a copy of the
-session key, all encrypted in the server's key) to the server. The session
-key (now shared by the client and server) is used to authenticate the
-client, and may optionally be used to authenticate the server. It may also
-be used to encrypt further communication between the two parties or to
-exchange a separate sub-session key to be used to encrypt further
-communication.
-
-Implementation of the basic protocol consists of one or more authentication
-servers running on physically secure hosts. The authentication servers
-maintain a database of principals (i.e., users and servers) and their secret
-keys. Code libraries provide encryption and implement the Kerberos protocol.
-In order to add authentication to its transactions, a typical network
-application adds one or two calls to the Kerberos library directly or
-through the Generic Security Services Application Programming Interface,
-GSSAPI, described in separate document. These calls result in the
-transmission of the necessary messages to achieve authentication.
-
-The Kerberos protocol consists of several sub-protocols (or exchanges).
-There are two basic methods by which a client can ask a Kerberos server for
-credentials. In the first approach, the client sends a cleartext request for
-a ticket for the desired server to the AS. The reply is sent encrypted in
-the client's secret key. Usually this request is for a ticket-granting
-ticket (TGT) which can later be used with the ticket-granting server (TGS).
-In the second method, the client sends a request to the TGS. The client uses
-the TGT to authenticate itself to the TGS in the same manner as if it were
-contacting any other application server that requires Kerberos
-authentication. The reply is encrypted in the session key from the TGT.
-Though the protocol specification describes the AS and the TGS as separate
-servers, they are implemented in practice as different protocol entry points
-within a single Kerberos server.
-
-Once obtained, credentials may be used to verify the identity of the
-principals in a transaction, to ensure the integrity of messages exchanged
-between them, or to preserve privacy of the messages. The application is
-free to choose whatever protection may be necessary.
-
-To verify the identities of the principals in a transaction, the client
-transmits the ticket to the application server. Since the ticket is sent "in
-the clear" (parts of it are encrypted, but this encryption doesn't thwart
-replay) and might be intercepted and reused by an attacker, additional
-information is sent to prove that the message originated with the principal
-to whom the ticket was issued. This information (called the authenticator)
-is encrypted in the session key, and includes a timestamp. The timestamp
-proves that the message was recently generated and is not a replay.
-Encrypting the authenticator in the session key proves that it was generated
-by a party possessing the session key. Since no one except the requesting
-principal and the server know the session key (it is never sent over the
-network in the clear) this guarantees the identity of the client.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The integrity of the messages exchanged between principals can also be
-guaranteed using the session key (passed in the ticket and contained in the
-credentials). This approach provides detection of both replay attacks and
-message stream modification attacks. It is accomplished by generating and
-transmitting a collision-proof checksum (elsewhere called a hash or digest
-function) of the client's message, keyed with the session key. Privacy and
-integrity of the messages exchanged between principals can be secured by
-encrypting the data to be passed using the session key contained in the
-ticket or the subsession key found in the authenticator.
-
-The authentication exchanges mentioned above require read-only access to the
-Kerberos database. Sometimes, however, the entries in the database must be
-modified, such as when adding new principals or changing a principal's key.
-This is done using a protocol between a client and a third Kerberos server,
-the Kerberos Administration Server (KADM). There is also a protocol for
-maintaining multiple copies of the Kerberos database. Neither of these
-protocols are described in this document.
-
-1.1. Cross-Realm Operation
-
-The Kerberos protocol is designed to operate across organizational
-boundaries. A client in one organization can be authenticated to a server in
-another. Each organization wishing to run a Kerberos server establishes its
-own 'realm'. The name of the realm in which a client is registered is part
-of the client's name, and can be used by the end-service to decide whether
-to honor a request.
-
-By establishing 'inter-realm' keys, the administrators of two realms can
-allow a client authenticated in the local realm to prove its identity to
-servers in other realms[3]. The exchange of inter-realm keys (a separate key
-may be used for each direction) registers the ticket-granting service of
-each realm as a principal in the other realm. A client is then able to
-obtain a ticket-granting ticket for the remote realm's ticket-granting
-service from its local realm. When that ticket-granting ticket is used, the
-remote ticket-granting service uses the inter-realm key (which usually
-differs from its own normal TGS key) to decrypt the ticket-granting ticket,
-and is thus certain that it was issued by the client's own TGS. Tickets
-issued by the remote ticket-granting service will indicate to the
-end-service that the client was authenticated from another realm.
-
-A realm is said to communicate with another realm if the two realms share an
-inter-realm key, or if the local realm shares an inter-realm key with an
-intermediate realm that communicates with the remote realm. An
-authentication path is the sequence of intermediate realms that are
-transited in communicating from one realm to another.
-
-Realms are typically organized hierarchically. Each realm shares a key with
-its parent and a different key with each child. If an inter-realm key is not
-directly shared by two realms, the hierarchical organization allows an
-authentication path to be easily constructed. If a hierarchical organization
-is not used, it may be necessary to consult a database in order to construct
-an authentication path between realms.
-
-Although realms are typically hierarchical, intermediate realms may be
-bypassed to achieve cross-realm authentication through alternate
-authentication paths (these might be established to make communication
-between two realms more efficient). It is important for the end-service to
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-know which realms were transited when deciding how much faith to place in
-the authentication process. To facilitate this decision, a field in each
-ticket contains the names of the realms that were involved in authenticating
-the client.
-
-The application server is ultimately responsible for accepting or rejecting
-authentication and should check the transited field. The application server
-may choose to rely on the KDC for the application server's realm to check
-the transited field. The application server's KDC will set the
-TRANSITED-POLICY-CHECKED flag in this case. The KDC's for intermediate
-realms may also check the transited field as they issue
-ticket-granting-tickets for other realms, but they are encouraged not to do
-so. A client may request that the KDC's not check the transited field by
-setting the DISABLE-TRANSITED-CHECK flag. KDC's are encouraged but not
-required to honor this flag.
-
-1.2. Authorization
-
-As an authentication service, Kerberos provides a means of verifying the
-identity of principals on a network. Authentication is usually useful
-primarily as a first step in the process of authorization, determining
-whether a client may use a service, which objects the client is allowed to
-access, and the type of access allowed for each. Kerberos does not, by
-itself, provide authorization. Possession of a client ticket for a service
-provides only for authentication of the client to that service, and in the
-absence of a separate authorization procedure, it should not be considered
-by an application as authorizing the use of that service.
-
-Such separate authorization methods may be implemented as application
-specific access control functions and may be based on files such as the
-application server, or on separately issued authorization credentials such
-as those based on proxies [Neu93] , or on other authorization services.
-
-Applications should not be modified to accept the issuance of a service
-ticket by the Kerberos server (even by an modified Kerberos server) as
-granting authority to use the service, since such applications may become
-vulnerable to the bypass of this authorization check in an environment if
-they interoperate with other KDCs or where other options for application
-authentication (e.g. the PKTAPP proposal) are provided.
-
-1.3. Environmental assumptions
-
-Kerberos imposes a few assumptions on the environment in which it can
-properly function:
-
-   * 'Denial of service' attacks are not solved with Kerberos. There are
-     places in these protocols where an intruder can prevent an application
-     from participating in the proper authentication steps. Detection and
-     solution of such attacks (some of which can appear to be nnot-uncommon
-     'normal' failure modes for the system) is usually best left to the
-     human administrators and users.
-   * Principals must keep their secret keys secret. If an intruder somehow
-     steals a principal's key, it will be able to masquerade as that
-     principal or impersonate any server to the legitimate principal.
-   * 'Password guessing' attacks are not solved by Kerberos. If a user
-     chooses a poor password, it is possible for an attacker to successfully
-     mount an offline dictionary attack by repeatedly attempting to decrypt,
-     with successive entries from a dictionary, messages obtained which are
-     encrypted under a key derived from the user's password.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-   * Each host on the network must have a clock which is 'loosely
-     synchronized' to the time of the other hosts; this synchronization is
-     used to reduce the bookkeeping needs of application servers when they
-     do replay detection. The degree of "looseness" can be configured on a
-     per-server basis, but is typically on the order of 5 minutes. If the
-     clocks are synchronized over the network, the clock synchronization
-     protocol must itself be secured from network attackers.
-   * Principal identifiers are not recycled on a short-term basis. A typical
-     mode of access control will use access control lists (ACLs) to grant
-     permissions to particular principals. If a stale ACL entry remains for
-     a deleted principal and the principal identifier is reused, the new
-     principal will inherit rights specified in the stale ACL entry. By not
-     re-using principal identifiers, the danger of inadvertent access is
-     removed.
-
-1.4. Glossary of terms
-
-Below is a list of terms used throughout this document.
-
-Authentication
-     Verifying the claimed identity of a principal.
-Authentication header
-     A record containing a Ticket and an Authenticator to be presented to a
-     server as part of the authentication process.
-Authentication path
-     A sequence of intermediate realms transited in the authentication
-     process when communicating from one realm to another.
-Authenticator
-     A record containing information that can be shown to have been recently
-     generated using the session key known only by the client and server.
-Authorization
-     The process of determining whether a client may use a service, which
-     objects the client is allowed to access, and the type of access allowed
-     for each.
-Capability
-     A token that grants the bearer permission to access an object or
-     service. In Kerberos, this might be a ticket whose use is restricted by
-     the contents of the authorization data field, but which lists no
-     network addresses, together with the session key necessary to use the
-     ticket.
-Ciphertext
-     The output of an encryption function. Encryption transforms plaintext
-     into ciphertext.
-Client
-     A process that makes use of a network service on behalf of a user. Note
-     that in some cases a Server may itself be a client of some other server
-     (e.g. a print server may be a client of a file server).
-Credentials
-     A ticket plus the secret session key necessary to successfully use that
-     ticket in an authentication exchange.
-KDC
-     Key Distribution Center, a network service that supplies tickets and
-     temporary session keys; or an instance of that service or the host on
-     which it runs. The KDC services both initial ticket and ticket-granting
-     ticket requests. The initial ticket portion is sometimes referred to as
-     the Authentication Server (or service). The ticket-granting ticket
-     portion is sometimes referred to as the ticket-granting server (or
-     service).
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Kerberos
-     Aside from the 3-headed dog guarding Hades, the name given to Project
-     Athena's authentication service, the protocol used by that service, or
-     the code used to implement the authentication service.
-Plaintext
-     The input to an encryption function or the output of a decryption
-     function. Decryption transforms ciphertext into plaintext.
-Principal
-     A uniquely named client or server instance that participates in a
-     network communication.
-Principal identifier
-     The name used to uniquely identify each different principal.
-Seal
-     To encipher a record containing several fields in such a way that the
-     fields cannot be individually replaced without either knowledge of the
-     encryption key or leaving evidence of tampering.
-Secret key
-     An encryption key shared by a principal and the KDC, distributed
-     outside the bounds of the system, with a long lifetime. In the case of
-     a human user's principal, the secret key is derived from a password.
-Server
-     A particular Principal which provides a resource to network clients.
-     The server is sometimes refered to as the Application Server.
-Service
-     A resource provided to network clients; often provided by more than one
-     server (for example, remote file service).
-Session key
-     A temporary encryption key used between two principals, with a lifetime
-     limited to the duration of a single login "session".
-Sub-session key
-     A temporary encryption key used between two principals, selected and
-     exchanged by the principals using the session key, and with a lifetime
-     limited to the duration of a single association.
-Ticket
-     A record that helps a client authenticate itself to a server; it
-     contains the client's identity, a session key, a timestamp, and other
-     information, all sealed using the server's secret key. It only serves
-     to authenticate a client when presented along with a fresh
-     Authenticator.
-
-2. Ticket flag uses and requests
-
-Each Kerberos ticket contains a set of flags which are used to indicate
-various attributes of that ticket. Most flags may be requested by a client
-when the ticket is obtained; some are automatically turned on and off by a
-Kerberos server as required. The following sections explain what the various
-flags mean, and gives examples of reasons to use such a flag.
-
-2.1. Initial and pre-authenticated tickets
-
-The INITIAL flag indicates that a ticket was issued using the AS protocol
-and not issued based on a ticket-granting ticket. Application servers that
-want to require the demonstrated knowledge of a client's secret key (e.g. a
-password-changing program) can insist that this flag be set in any tickets
-they accept, and thus be assured that the client's key was recently
-presented to the application client.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The PRE-AUTHENT and HW-AUTHENT flags provide addition information about the
-initial authentication, regardless of whether the current ticket was issued
-directly (in which case INITIAL will also be set) or issued on the basis of
-a ticket-granting ticket (in which case the INITIAL flag is clear, but the
-PRE-AUTHENT and HW-AUTHENT flags are carried forward from the
-ticket-granting ticket).
-
-2.2. Invalid tickets
-
-The INVALID flag indicates that a ticket is invalid. Application servers
-must reject tickets which have this flag set. A postdated ticket will
-usually be issued in this form. Invalid tickets must be validated by the KDC
-before use, by presenting them to the KDC in a TGS request with the VALIDATE
-option specified. The KDC will only validate tickets after their starttime
-has passed. The validation is required so that postdated tickets which have
-been stolen before their starttime can be rendered permanently invalid
-(through a hot-list mechanism) (see section 3.3.3.1).
-
-2.3. Renewable tickets
-
-Applications may desire to hold tickets which can be valid for long periods
-of time. However, this can expose their credentials to potential theft for
-equally long periods, and those stolen credentials would be valid until the
-expiration time of the ticket(s). Simply using short-lived tickets and
-obtaining new ones periodically would require the client to have long-term
-access to its secret key, an even greater risk. Renewable tickets can be
-used to mitigate the consequences of theft. Renewable tickets have two
-"expiration times": the first is when the current instance of the ticket
-expires, and the second is the latest permissible value for an individual
-expiration time. An application client must periodically (i.e. before it
-expires) present a renewable ticket to the KDC, with the RENEW option set in
-the KDC request. The KDC will issue a new ticket with a new session key and
-a later expiration time. All other fields of the ticket are left unmodified
-by the renewal process. When the latest permissible expiration time arrives,
-the ticket expires permanently. At each renewal, the KDC may consult a
-hot-list to determine if the ticket had been reported stolen since its last
-renewal; it will refuse to renew such stolen tickets, and thus the usable
-lifetime of stolen tickets is reduced.
-
-The RENEWABLE flag in a ticket is normally only interpreted by the
-ticket-granting service (discussed below in section 3.3). It can usually be
-ignored by application servers. However, some particularly careful
-application servers may wish to disallow renewable tickets.
-
-If a renewable ticket is not renewed by its expiration time, the KDC will
-not renew the ticket. The RENEWABLE flag is reset by default, but a client
-may request it be set by setting the RENEWABLE option in the KRB_AS_REQ
-message. If it is set, then the renew-till field in the ticket contains the
-time after which the ticket may not be renewed.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-2.4. Postdated tickets
-
-Applications may occasionally need to obtain tickets for use much later,
-e.g. a batch submission system would need tickets to be valid at the time
-the batch job is serviced. However, it is dangerous to hold valid tickets in
-a batch queue, since they will be on-line longer and more prone to theft.
-Postdated tickets provide a way to obtain these tickets from the KDC at job
-submission time, but to leave them "dormant" until they are activated and
-validated by a further request of the KDC. If a ticket theft were reported
-in the interim, the KDC would refuse to validate the ticket, and the thief
-would be foiled.
-
-The MAY-POSTDATE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. This flag
-must be set in a ticket-granting ticket in order to issue a postdated ticket
-based on the presented ticket. It is reset by default; it may be requested
-by a client by setting the ALLOW-POSTDATE option in the KRB_AS_REQ message.
-This flag does not allow a client to obtain a postdated ticket-granting
-ticket; postdated ticket-granting tickets can only by obtained by requesting
-the postdating in the KRB_AS_REQ message. The life (endtime-starttime) of a
-postdated ticket will be the remaining life of the ticket-granting ticket at
-the time of the request, unless the RENEWABLE option is also set, in which
-case it can be the full life (endtime-starttime) of the ticket-granting
-ticket. The KDC may limit how far in the future a ticket may be postdated.
-
-The POSTDATED flag indicates that a ticket has been postdated. The
-application server can check the authtime field in the ticket to see when
-the original authentication occurred. Some services may choose to reject
-postdated tickets, or they may only accept them within a certain period
-after the original authentication. When the KDC issues a POSTDATED ticket,
-it will also be marked as INVALID, so that the application client must
-present the ticket to the KDC to be validated before use.
-
-2.5. Proxiable and proxy tickets
-
-At times it may be necessary for a principal to allow a service to perform
-an operation on its behalf. The service must be able to take on the identity
-of the client, but only for a particular purpose. A principal can allow a
-service to take on the principal's identity for a particular purpose by
-granting it a proxy.
-
-The process of granting a proxy using the proxy and proxiable flags is used
-to provide credentials for use with specific services. Though conceptually
-also a proxy, user's wishing to delegate their identity for ANY purpose must
-use the ticket forwarding mechanism described in the next section to forward
-a ticket granting ticket.
-
-The PROXIABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. When set,
-this flag tells the ticket-granting server that it is OK to issue a new
-ticket (but not a ticket-granting ticket) with a different network address
-based on this ticket. This flag is set if requested by the client on initial
-authentication. By default, the client will request that it be set when
-requesting a ticket granting ticket, and reset when requesting any other
-ticket.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-This flag allows a client to pass a proxy to a server to perform a remote
-request on its behalf, e.g. a print service client can give the print server
-a proxy to access the client's files on a particular file server in order to
-satisfy a print request.
-
-In order to complicate the use of stolen credentials, Kerberos tickets are
-usually valid from only those network addresses specifically included in the
-ticket[4]. When granting a proxy, the client must specify the new network
-address from which the proxy is to be used, or indicate that the proxy is to
-be issued for use from any address.
-
-The PROXY flag is set in a ticket by the TGS when it issues a proxy ticket.
-Application servers may check this flag and at their option they may require
-additional authentication from the agent presenting the proxy in order to
-provide an audit trail.
-
-2.6. Forwardable tickets
-
-Authentication forwarding is an instance of a proxy where the service is
-granted complete use of the client's identity. An example where it might be
-used is when a user logs in to a remote system and wants authentication to
-work from that system as if the login were local.
-
-The FORWARDABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. The
-FORWARDABLE flag has an interpretation similar to that of the PROXIABLE
-flag, except ticket-granting tickets may also be issued with different
-network addresses. This flag is reset by default, but users may request that
-it be set by setting the FORWARDABLE option in the AS request when they
-request their initial ticket- granting ticket.
-
-This flag allows for authentication forwarding without requiring the user to
-enter a password again. If the flag is not set, then authentication
-forwarding is not permitted, but the same result can still be achieved if
-the user engages in the AS exchange specifying the requested network
-addresses and supplies a password.
-
-The FORWARDED flag is set by the TGS when a client presents a ticket with
-the FORWARDABLE flag set and requests a forwarded ticket by specifying the
-FORWARDED KDC option and supplying a set of addresses for the new ticket. It
-is also set in all tickets issued based on tickets with the FORWARDED flag
-set. Application servers may choose to process FORWARDED tickets differently
-than non-FORWARDED tickets.
-
-2.7. Other KDC options
-
-There are two additional options which may be set in a client's request of
-the KDC. The RENEWABLE-OK option indicates that the client will accept a
-renewable ticket if a ticket with the requested life cannot otherwise be
-provided. If a ticket with the requested life cannot be provided, then the
-KDC may issue a renewable ticket with a renew-till equal to the the
-requested endtime. The value of the renew-till field may still be adjusted
-by site-determined limits or limits imposed by the individual principal or
-server.
-
-The ENC-TKT-IN-SKEY option is honored only by the ticket-granting service.
-It indicates that the ticket to be issued for the end server is to be
-encrypted in the session key from the a additional second ticket-granting
-ticket provided with the request. See section 3.3.3 for specific details.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3. Message Exchanges
-
-The following sections describe the interactions between network clients and
-servers and the messages involved in those exchanges.
-
-3.1. The Authentication Service Exchange
-
-                          Summary
-      Message direction       Message type    Section
-      1. Client to Kerberos   KRB_AS_REQ      5.4.1
-      2. Kerberos to client   KRB_AS_REP or   5.4.2
-                              KRB_ERROR       5.9.1
-
-The Authentication Service (AS) Exchange between the client and the Kerberos
-Authentication Server is initiated by a client when it wishes to obtain
-authentication credentials for a given server but currently holds no
-credentials. In its basic form, the client's secret key is used for
-encryption and decryption. This exchange is typically used at the initiation
-of a login session to obtain credentials for a Ticket-Granting Server which
-will subsequently be used to obtain credentials for other servers (see
-section 3.3) without requiring further use of the client's secret key. This
-exchange is also used to request credentials for services which must not be
-mediated through the Ticket-Granting Service, but rather require a
-principal's secret key, such as the password-changing service[5]. This
-exchange does not by itself provide any assurance of the the identity of the
-user[6].
-
-The exchange consists of two messages: KRB_AS_REQ from the client to
-Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these
-messages are described in sections 5.4.1, 5.4.2, and 5.9.1.
-
-In the request, the client sends (in cleartext) its own identity and the
-identity of the server for which it is requesting credentials. The response,
-KRB_AS_REP, contains a ticket for the client to present to the server, and a
-session key that will be shared by the client and the server. The session
-key and additional information are encrypted in the client's secret key. The
-KRB_AS_REP message contains information which can be used to detect replays,
-and to associate it with the message to which it replies. Various errors can
-occur; these are indicated by an error response (KRB_ERROR) instead of the
-KRB_AS_REP response. The error message is not encrypted. The KRB_ERROR
-message contains information which can be used to associate it with the
-message to which it replies. The lack of encryption in the KRB_ERROR message
-precludes the ability to detect replays, fabrications, or modifications of
-such messages.
-
-Without preautentication, the authentication server does not know whether
-the client is actually the principal named in the request. It simply sends a
-reply without knowing or caring whether they are the same. This is
-acceptable because nobody but the principal whose identity was given in the
-request will be able to use the reply. Its critical information is encrypted
-in that principal's key. The initial request supports an optional field that
-can be used to pass additional information that might be needed for the
-initial exchange. This field may be used for preauthentication as described
-in section [hl<>].
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3.1.1. Generation of KRB_AS_REQ message
-
-The client may specify a number of options in the initial request. Among
-these options are whether pre-authentication is to be performed; whether the
-requested ticket is to be renewable, proxiable, or forwardable; whether it
-should be postdated or allow postdating of derivative tickets; and whether a
-renewable ticket will be accepted in lieu of a non-renewable ticket if the
-requested ticket expiration date cannot be satisfied by a non-renewable
-ticket (due to configuration constraints; see section 4). See section A.1
-for pseudocode.
-
-The client prepares the KRB_AS_REQ message and sends it to the KDC.
-
-3.1.2. Receipt of KRB_AS_REQ message
-
-If all goes well, processing the KRB_AS_REQ message will result in the
-creation of a ticket for the client to present to the server. The format for
-the ticket is described in section 5.3.1. The contents of the ticket are
-determined as follows.
-
-3.1.3. Generation of KRB_AS_REP message
-
-The authentication server looks up the client and server principals named in
-the KRB_AS_REQ in its database, extracting their respective keys. If
-required, the server pre-authenticates the request, and if the
-pre-authentication check fails, an error message with the code
-KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate the
-requested encryption type, an error message with code KDC_ERR_ETYPE_NOSUPP
-is returned. Otherwise it generates a 'random' session key[7].
-
-If there are multiple encryption keys registered for a client in the
-Kerberos database (or if the key registered supports multiple encryption
-types; e.g. DES-CBC-CRC and DES-CBC-MD5), then the etype field from the AS
-request is used by the KDC to select the encryption method to be used for
-encrypting the response to the client. If there is more than one supported,
-strong encryption type in the etype list, the first valid etype for which an
-encryption key is available is used. The encryption method used to respond
-to a TGS request is taken from the keytype of the session key found in the
-ticket granting ticket. [***I will change the example keytypes to be 3DES
-based examples 7/14***]
-
-When the etype field is present in a KDC request, whether an AS or TGS
-request, the KDC will attempt to assign the type of the random session key
-from the list of methods in the etype field. The KDC will select the
-appropriate type using the list of methods provided together with
-information from the Kerberos database indicating acceptable encryption
-methods for the application server. The KDC will not issue tickets with a
-weak session key encryption type.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified then the error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise
-the requested start time is checked against the policy of the local realm
-(the administrator might decide to prohibit certain types or ranges of
-postdated tickets), and if acceptable, the ticket's start time is set as
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-requested and the INVALID flag is set in the new ticket. The postdated
-ticket must be validated before use by presenting it to the KDC after the
-start time has been reached.
-
-The expiration time of the ticket will be set to the minimum of the
-following:
-
-   * The expiration time (endtime) requested in the KRB_AS_REQ message.
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the client principal (the authentication server's database
-     includes a maximum ticket lifetime field in each principal's record;
-     see section 4).
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the server principal.
-   * The ticket's start time plus the maximum lifetime set by the policy of
-     the local realm.
-
-If the requested expiration time minus the start time (as determined above)
-is less than a site-determined minimum lifetime, an error message with code
-KDC_ERR_NEVER_VALID is returned. If the requested expiration time for the
-ticket exceeds what was determined as above, and if the 'RENEWABLE-OK'
-option was requested, then the 'RENEWABLE' flag is set in the new ticket,
-and the renew-till value is set as if the 'RENEWABLE' option were requested
-(the field and option names are described fully in section 5.4.1).
-
-If the RENEWABLE option has been requested or if the RENEWABLE-OK option has
-been set and a renewable ticket is to be issued, then the renew-till field
-is set to the minimum of:
-
-   * Its requested value.
-   * The start time of the ticket plus the minimum of the two maximum
-     renewable lifetimes associated with the principals' database entries.
-   * The start time of the ticket plus the maximum renewable lifetime set by
-     the policy of the local realm.
-
-The flags field of the new ticket will have the following options set if
-they have been requested and if the policy of the local realm allows:
-FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE. If the new
-ticket is post-dated (the start time is in the future), its INVALID flag
-will also be set.
-
-If all of the above succeed, the server formats a KRB_AS_REP message (see
-section 5.4.2), copying the addresses in the request into the caddr of the
-response, placing any required pre-authentication data into the padata of
-the response, and encrypts the ciphertext part in the client's key using the
-requested encryption method, and sends it to the client. See section A.2 for
-pseudocode.
-
-3.1.4. Generation of KRB_ERROR message
-
-Several errors can occur, and the Authentication Server responds by
-returning an error message, KRB_ERROR, to the client, with the error-code
-and e-text fields set to appropriate values. The error message contents and
-details are described in Section 5.9.1.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3.1.5. Receipt of KRB_AS_REP message
-
-If the reply message type is KRB_AS_REP, then the client verifies that the
-cname and crealm fields in the cleartext portion of the reply match what it
-requested. If any padata fields are present, they may be used to derive the
-proper secret key to decrypt the message. The client decrypts the encrypted
-part of the response using its secret key, verifies that the nonce in the
-encrypted part matches the nonce it supplied in its request (to detect
-replays). It also verifies that the sname and srealm in the response match
-those in the request (or are otherwise expected values), and that the host
-address field is also correct. It then stores the ticket, session key, start
-and expiration times, and other information for later use. The
-key-expiration field from the encrypted part of the response may be checked
-to notify the user of impending key expiration (the client program could
-then suggest remedial action, such as a password change). See section A.3
-for pseudocode.
-
-Proper decryption of the KRB_AS_REP message is not sufficient to verify the
-identity of the user; the user and an attacker could cooperate to generate a
-KRB_AS_REP format message which decrypts properly but is not from the proper
-KDC. If the host wishes to verify the identity of the user, it must require
-the user to present application credentials which can be verified using a
-securely-stored secret key for the host. If those credentials can be
-verified, then the identity of the user can be assured.
-
-3.1.6. Receipt of KRB_ERROR message
-
-If the reply message type is KRB_ERROR, then the client interprets it as an
-error and performs whatever application-specific tasks are necessary to
-recover.
-
-3.2. The Client/Server Authentication Exchange
-
-                             Summary
-Message direction                         Message type    Section
-Client to Application server              KRB_AP_REQ      5.5.1
-[optional] Application server to client   KRB_AP_REP or   5.5.2
-                                          KRB_ERROR       5.9.1
-
-The client/server authentication (CS) exchange is used by network
-applications to authenticate the client to the server and vice versa. The
-client must have already acquired credentials for the server using the AS or
-TGS exchange.
-
-3.2.1. The KRB_AP_REQ message
-
-The KRB_AP_REQ contains authentication information which should be part of
-the first message in an authenticated transaction. It contains a ticket, an
-authenticator, and some additional bookkeeping information (see section
-5.5.1 for the exact format). The ticket by itself is insufficient to
-authenticate a client, since tickets are passed across the network in
-cleartext[DS90], so the authenticator is used to prevent invalid replay of
-tickets by proving to the server that the client knows the session key of
-the ticket and thus is entitled to use the ticket. The KRB_AP_REQ message is
-referred to elsewhere as the 'authentication header.'
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3.2.2. Generation of a KRB_AP_REQ message
-
-When a client wishes to initiate authentication to a server, it obtains
-(either through a credentials cache, the AS exchange, or the TGS exchange) a
-ticket and session key for the desired service. The client may re-use any
-tickets it holds until they expire. To use a ticket the client constructs a
-new Authenticator from the the system time, its name, and optionally an
-application specific checksum, an initial sequence number to be used in
-KRB_SAFE or KRB_PRIV messages, and/or a session subkey to be used in
-negotiations for a session key unique to this particular session.
-Authenticators may not be re-used and will be rejected if replayed to a
-server[LGDSR87]. If a sequence number is to be included, it should be
-randomly chosen so that even after many messages have been exchanged it is
-not likely to collide with other sequence numbers in use.
-
-The client may indicate a requirement of mutual authentication or the use of
-a session-key based ticket by setting the appropriate flag(s) in the
-ap-options field of the message.
-
-The Authenticator is encrypted in the session key and combined with the
-ticket to form the KRB_AP_REQ message which is then sent to the end server
-along with any additional application-specific information. See section A.9
-for pseudocode.
-
-3.2.3. Receipt of KRB_AP_REQ message
-
-Authentication is based on the server's current time of day (clocks must be
-loosely synchronized), the authenticator, and the ticket. Several errors are
-possible. If an error occurs, the server is expected to reply to the client
-with a KRB_ERROR message. This message may be encapsulated in the
-application protocol if its 'raw' form is not acceptable to the protocol.
-The format of error messages is described in section 5.9.1.
-
-The algorithm for verifying authentication information is as follows. If the
-message type is not KRB_AP_REQ, the server returns the KRB_AP_ERR_MSG_TYPE
-error. If the key version indicated by the Ticket in the KRB_AP_REQ is not
-one the server can use (e.g., it indicates an old key, and the server no
-longer possesses a copy of the old key), the KRB_AP_ERR_BADKEYVER error is
-returned. If the USE-SESSION-KEY flag is set in the ap-options field, it
-indicates to the server that the ticket is encrypted in the session key from
-the server's ticket-granting ticket rather than its secret key[10]. Since it
-is possible for the server to be registered in multiple realms, with
-different keys in each, the srealm field in the unencrypted portion of the
-ticket in the KRB_AP_REQ is used to specify which secret key the server
-should use to decrypt that ticket. The KRB_AP_ERR_NOKEY error code is
-returned if the server doesn't have the proper key to decipher the ticket.
-
-The ticket is decrypted using the version of the server's key specified by
-the ticket. If the decryption routines detect a modification of the ticket
-(each encryption system must provide safeguards to detect modified
-ciphertext; see section 6), the KRB_AP_ERR_BAD_INTEGRITY error is returned
-(chances are good that different keys were used to encrypt and decrypt).
-
-The authenticator is decrypted using the session key extracted from the
-decrypted ticket. If decryption shows it to have been modified, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned. The name and realm of the client
-from the ticket are compared against the same fields in the authenticator.
-If they don't match, the KRB_AP_ERR_BADMATCH error is returned (they might
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-not match, for example, if the wrong session key was used to encrypt the
-authenticator). The addresses in the ticket (if any) are then searched for
-an address matching the operating-system reported address of the client. If
-no match is found or the server insists on ticket addresses but none are
-present in the ticket, the KRB_AP_ERR_BADADDR error is returned.
-
-If the local (server) time and the client time in the authenticator differ
-by more than the allowable clock skew (e.g., 5 minutes), the KRB_AP_ERR_SKEW
-error is returned. If the server name, along with the client name, time and
-microsecond fields from the Authenticator match any recently-seen such
-tuples, the KRB_AP_ERR_REPEAT error is returned[11]. The server must
-remember any authenticator presented within the allowable clock skew, so
-that a replay attempt is guaranteed to fail. If a server loses track of any
-authenticator presented within the allowable clock skew, it must reject all
-requests until the clock skew interval has passed. This assures that any
-lost or re-played authenticators will fall outside the allowable clock skew
-and can no longer be successfully replayed (If this is not done, an attacker
-could conceivably record the ticket and authenticator sent over the network
-to a server, then disable the client's host, pose as the disabled host, and
-replay the ticket and authenticator to subvert the authentication.). If a
-sequence number is provided in the authenticator, the server saves it for
-later use in processing KRB_SAFE and/or KRB_PRIV messages. If a subkey is
-present, the server either saves it for later use or uses it to help
-generate its own choice for a subkey to be returned in a KRB_AP_REP message.
-
-The server computes the age of the ticket: local (server) time minus the
-start time inside the Ticket. If the start time is later than the current
-time by more than the allowable clock skew or if the INVALID flag is set in
-the ticket, the KRB_AP_ERR_TKT_NYV error is returned. Otherwise, if the
-current time is later than end time by more than the allowable clock skew,
-the KRB_AP_ERR_TKT_EXPIRED error is returned.
-
-If all these checks succeed without an error, the server is assured that the
-client possesses the credentials of the principal named in the ticket and
-thus, the client has been authenticated to the server. See section A.10 for
-pseudocode.
-
-Passing these checks provides only authentication of the named principal; it
-does not imply authorization to use the named service. Applications must
-make a separate authorization decisions based upon the authenticated name of
-the user, the requested operation, local acces control information such as
-that contained in a .k5login or .k5users file, and possibly a separate
-distributed authorization service.
-
-3.2.4. Generation of a KRB_AP_REP message
-
-Typically, a client's request will include both the authentication
-information and its initial request in the same message, and the server need
-not explicitly reply to the KRB_AP_REQ. However, if mutual authentication
-(not only authenticating the client to the server, but also the server to
-the client) is being performed, the KRB_AP_REQ message will have
-MUTUAL-REQUIRED set in its ap-options field, and a KRB_AP_REP message is
-required in response. As with the error message, this message may be
-encapsulated in the application protocol if its "raw" form is not acceptable
-to the application's protocol. The timestamp and microsecond field used in
-the reply must be the client's timestamp and microsecond field (as provided
-in the authenticator)[12]. If a sequence number is to be included, it should
-be randomly chosen as described above for the authenticator. A subkey may be
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-included if the server desires to negotiate a different subkey. The
-KRB_AP_REP message is encrypted in the session key extracted from the
-ticket. See section A.11 for pseudocode.
-
-3.2.5. Receipt of KRB_AP_REP message
-
-If a KRB_AP_REP message is returned, the client uses the session key from
-the credentials obtained for the server[13] to decrypt the message, and
-verifies that the timestamp and microsecond fields match those in the
-Authenticator it sent to the server. If they match, then the client is
-assured that the server is genuine. The sequence number and subkey (if
-present) are retained for later use. See section A.12 for pseudocode.
-
-3.2.6. Using the encryption key
-
-After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and server
-share an encryption key which can be used by the application. The 'true
-session key' to be used for KRB_PRIV, KRB_SAFE, or other
-application-specific uses may be chosen by the application based on the
-subkeys in the KRB_AP_REP message and the authenticator[14]. In some cases,
-the use of this session key will be implicit in the protocol; in others the
-method of use must be chosen from several alternatives. We leave the
-protocol negotiations of how to use the key (e.g. selecting an encryption or
-checksum type) to the application programmer; the Kerberos protocol does not
-constrain the implementation options, but an example of how this might be
-done follows.
-
-One way that an application may choose to negotiate a key to be used for
-subequent integrity and privacy protection is for the client to propose a
-key in the subkey field of the authenticator. The server can then choose a
-key using the proposed key from the client as input, returning the new
-subkey in the subkey field of the application reply. This key could then be
-used for subsequent communication. To make this example more concrete, if
-the encryption method in use required a 56 bit key, and for whatever reason,
-one of the parties was prevented from using a key with more than 40 unknown
-bits, this method would allow the the party which is prevented from using
-more than 40 bits to either propose (if the client) an initial key with a
-known quantity for 16 of those bits, or to mask 16 of the bits (if the
-server) with the known quantity. The application implementor is warned,
-however, that this is only an example, and that an analysis of the
-particular crytosystem to be used, and the reasons for limiting the key
-length, must be made before deciding whether it is acceptable to mask bits
-of the key.
-
-With both the one-way and mutual authentication exchanges, the peers should
-take care not to send sensitive information to each other without proper
-assurances. In particular, applications that require privacy or integrity
-should use the KRB_AP_REP response from the server to client to assure both
-client and server of their peer's identity. If an application protocol
-requires privacy of its messages, it can use the KRB_PRIV message (section
-3.5). The KRB_SAFE message (section 3.4) can be used to assure integrity.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3.3. The Ticket-Granting Service (TGS) Exchange
-
-                          Summary
-      Message direction       Message type     Section
-      1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-      2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                              KRB_ERROR        5.9.1
-
-The TGS exchange between a client and the Kerberos Ticket-Granting Server is
-initiated by a client when it wishes to obtain authentication credentials
-for a given server (which might be registered in a remote realm), when it
-wishes to renew or validate an existing ticket, or when it wishes to obtain
-a proxy ticket. In the first case, the client must already have acquired a
-ticket for the Ticket-Granting Service using the AS exchange (the
-ticket-granting ticket is usually obtained when a client initially
-authenticates to the system, such as when a user logs in). The message
-format for the TGS exchange is almost identical to that for the AS exchange.
-The primary difference is that encryption and decryption in the TGS exchange
-does not take place under the client's key. Instead, the session key from
-the ticket-granting ticket or renewable ticket, or sub-session key from an
-Authenticator is used. As is the case for all application servers, expired
-tickets are not accepted by the TGS, so once a renewable or ticket-granting
-ticket expires, the client must use a separate exchange to obtain valid
-tickets.
-
-The TGS exchange consists of two messages: A request (KRB_TGS_REQ) from the
-client to the Kerberos Ticket-Granting Server, and a reply (KRB_TGS_REP or
-KRB_ERROR). The KRB_TGS_REQ message includes information authenticating the
-client plus a request for credentials. The authentication information
-consists of the authentication header (KRB_AP_REQ) which includes the
-client's previously obtained ticket-granting, renewable, or invalid ticket.
-In the ticket-granting ticket and proxy cases, the request may include one
-or more of: a list of network addresses, a collection of typed authorization
-data to be sealed in the ticket for authorization use by the application
-server, or additional tickets (the use of which are described later). The
-TGS reply (KRB_TGS_REP) contains the requested credentials, encrypted in the
-session key from the ticket-granting ticket or renewable ticket, or if
-present, in the sub-session key from the Authenticator (part of the
-authentication header). The KRB_ERROR message contains an error code and
-text explaining what went wrong. The KRB_ERROR message is not encrypted. The
-KRB_TGS_REP message contains information which can be used to detect
-replays, and to associate it with the message to which it replies. The
-KRB_ERROR message also contains information which can be used to associate
-it with the message to which it replies, but the lack of encryption in the
-KRB_ERROR message precludes the ability to detect replays or fabrications of
-such messages.
-
-3.3.1. Generation of KRB_TGS_REQ message
-
-Before sending a request to the ticket-granting service, the client must
-determine in which realm the application server is registered[15]. If the
-client does not already possess a ticket-granting ticket for the appropriate
-realm, then one must be obtained. This is first attempted by requesting a
-ticket-granting ticket for the destination realm from a Kerberos server for
-which the client does posess a ticket-granting ticket (using the KRB_TGS_REQ
-message recursively). The Kerberos server may return a TGT for the desired
-realm in which case one can proceed. Alternatively, the Kerberos server may
-return a TGT for a realm which is 'closer' to the desired realm (further
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-along the standard hierarchical path), in which case this step must be
-repeated with a Kerberos server in the realm specified in the returned TGT.
-If neither are returned, then the request must be retried with a Kerberos
-server for a realm higher in the hierarchy. This request will itself require
-a ticket-granting ticket for the higher realm which must be obtained by
-recursively applying these directions.
-
-Once the client obtains a ticket-granting ticket for the appropriate realm,
-it determines which Kerberos servers serve that realm, and contacts one. The
-list might be obtained through a configuration file or network service or it
-may be generated from the name of the realm; as long as the secret keys
-exchanged by realms are kept secret, only denial of service results from
-using a false Kerberos server.
-
-As in the AS exchange, the client may specify a number of options in the
-KRB_TGS_REQ message. The client prepares the KRB_TGS_REQ message, providing
-an authentication header as an element of the padata field, and including
-the same fields as used in the KRB_AS_REQ message along with several
-optional fields: the enc-authorization-data field for application server use
-and additional tickets required by some options.
-
-In preparing the authentication header, the client can select a sub-session
-key under which the response from the Kerberos server will be encrypted[16].
-If the sub-session key is not specified, the session key from the
-ticket-granting ticket will be used. If the enc-authorization-data is
-present, it must be encrypted in the sub-session key, if present, from the
-authenticator portion of the authentication header, or if not present, using
-the session key from the ticket-granting ticket.
-
-Once prepared, the message is sent to a Kerberos server for the destination
-realm. See section A.5 for pseudocode.
-
-3.3.2. Receipt of KRB_TGS_REQ message
-
-The KRB_TGS_REQ message is processed in a manner similar to the KRB_AS_REQ
-message, but there are many additional checks to be performed. First, the
-Kerberos server must determine which server the accompanying ticket is for
-and it must select the appropriate key to decrypt it. For a normal
-KRB_TGS_REQ message, it will be for the ticket granting service, and the
-TGS's key will be used. If the TGT was issued by another realm, then the
-appropriate inter-realm key must be used. If the accompanying ticket is not
-a ticket granting ticket for the current realm, but is for an application
-server in the current realm, the RENEW, VALIDATE, or PROXY options are
-specified in the request, and the server for which a ticket is requested is
-the server named in the accompanying ticket, then the KDC will decrypt the
-ticket in the authentication header using the key of the server for which it
-was issued. If no ticket can be found in the padata field, the
-KDC_ERR_PADATA_TYPE_NOSUPP error is returned.
-
-Once the accompanying ticket has been decrypted, the user-supplied checksum
-in the Authenticator must be verified against the contents of the request,
-and the message rejected if the checksums do not match (with an error code
-of KRB_AP_ERR_MODIFIED) or if the checksum is not keyed or not
-collision-proof (with an error code of KRB_AP_ERR_INAPP_CKSUM). If the
-checksum type is not supported, the KDC_ERR_SUMTYPE_NOSUPP error is
-returned. If the authorization-data are present, they are decrypted using
-the sub-session key from the Authenticator.
-
-If any of the decryptions indicate failed integrity checks, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3.3.3. Generation of KRB_TGS_REP message
-
-The KRB_TGS_REP message shares its format with the KRB_AS_REP (KRB_KDC_REP),
-but with its type field set to KRB_TGS_REP. The detailed specification is in
-section 5.4.2.
-
-The response will include a ticket for the requested server. The Kerberos
-database is queried to retrieve the record for the requested server
-(including the key with which the ticket will be encrypted). If the request
-is for a ticket granting ticket for a remote realm, and if no key is shared
-with the requested realm, then the Kerberos server will select the realm
-"closest" to the requested realm with which it does share a key, and use
-that realm instead. This is the only case where the response from the KDC
-will be for a different server than that requested by the client.
-
-By default, the address field, the client's name and realm, the list of
-transited realms, the time of initial authentication, the expiration time,
-and the authorization data of the newly-issued ticket will be copied from
-the ticket-granting ticket (TGT) or renewable ticket. If the transited field
-needs to be updated, but the transited type is not supported, the
-KDC_ERR_TRTYPE_NOSUPP error is returned.
-
-If the request specifies an endtime, then the endtime of the new ticket is
-set to the minimum of (a) that request, (b) the endtime from the TGT, and
-(c) the starttime of the TGT plus the minimum of the maximum life for the
-application server and the maximum life for the local realm (the maximum
-life for the requesting principal was already applied when the TGT was
-issued). If the new ticket is to be a renewal, then the endtime above is
-replaced by the minimum of (a) the value of the renew_till field of the
-ticket and (b) the starttime for the new ticket plus the life
-(endtime-starttime) of the old ticket.
-
-If the FORWARDED option has been requested, then the resulting ticket will
-contain the addresses specified by the client. This option will only be
-honored if the FORWARDABLE flag is set in the TGT. The PROXY option is
-similar; the resulting ticket will contain the addresses specified by the
-client. It will be honored only if the PROXIABLE flag in the TGT is set. The
-PROXY option will not be honored on requests for additional ticket-granting
-tickets.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified or the MAY-POSTDATE flag is not set in the TGT, then the
-error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise, if the ticket-granting
-ticket has the MAY-POSTDATE flag set, then the resulting ticket will be
-postdated and the requested starttime is checked against the policy of the
-local realm. If acceptable, the ticket's start time is set as requested, and
-the INVALID flag is set. The postdated ticket must be validated before use
-by presenting it to the KDC after the starttime has been reached. However,
-in no case may the starttime, endtime, or renew-till time of a newly-issued
-postdated ticket extend beyond the renew-till time of the ticket-granting
-ticket.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-If the ENC-TKT-IN-SKEY option has been specified and an additional ticket
-has been included in the request, the KDC will decrypt the additional ticket
-using the key for the server to which the additional ticket was issued and
-verify that it is a ticket-granting ticket. If the name of the requested
-server is missing from the request, the name of the client in the additional
-ticket will be used. Otherwise the name of the requested server will be
-compared to the name of the client in the additional ticket and if
-different, the request will be rejected. If the request succeeds, the
-session key from the additional ticket will be used to encrypt the new
-ticket that is issued instead of using the key of the server for which the
-new ticket will be used[17].
-
-If the name of the server in the ticket that is presented to the KDC as part
-of the authentication header is not that of the ticket-granting server
-itself, the server is registered in the realm of the KDC, and the RENEW
-option is requested, then the KDC will verify that the RENEWABLE flag is set
-in the ticket, that the INVALID flag is not set in the ticket, and that the
-renew_till time is still in the future. If the VALIDATE option is rqeuested,
-the KDC will check that the starttime has passed and the INVALID flag is
-set. If the PROXY option is requested, then the KDC will check that the
-PROXIABLE flag is set in the ticket. If the tests succeed, and the ticket
-passes the hotlist check described in the next paragraph, the KDC will issue
-the appropriate new ticket.
-
-3.3.3.1. Checking for revoked tickets
-
-Whenever a request is made to the ticket-granting server, the presented
-ticket(s) is(are) checked against a hot-list of tickets which have been
-canceled. This hot-list might be implemented by storing a range of issue
-timestamps for 'suspect tickets'; if a presented ticket had an authtime in
-that range, it would be rejected. In this way, a stolen ticket-granting
-ticket or renewable ticket cannot be used to gain additional tickets
-(renewals or otherwise) once the theft has been reported. Any normal ticket
-obtained before it was reported stolen will still be valid (because they
-require no interaction with the KDC), but only until their normal expiration
-time.
-
-The ciphertext part of the response in the KRB_TGS_REP message is encrypted
-in the sub-session key from the Authenticator, if present, or the session
-key key from the ticket-granting ticket. It is not encrypted using the
-client's secret key. Furthermore, the client's key's expiration date and the
-key version number fields are left out since these values are stored along
-with the client's database record, and that record is not needed to satisfy
-a request based on a ticket-granting ticket. See section A.6 for pseudocode.
-
-3.3.3.2. Encoding the transited field
-
-If the identity of the server in the TGT that is presented to the KDC as
-part of the authentication header is that of the ticket-granting service,
-but the TGT was issued from another realm, the KDC will look up the
-inter-realm key shared with that realm and use that key to decrypt the
-ticket. If the ticket is valid, then the KDC will honor the request, subject
-to the constraints outlined above in the section describing the AS exchange.
-The realm part of the client's identity will be taken from the
-ticket-granting ticket. The name of the realm that issued the
-ticket-granting ticket will be added to the transited field of the ticket to
-be issued. This is accomplished by reading the transited field from the
-ticket-granting ticket (which is treated as an unordered set of realm
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-names), adding the new realm to the set, then constructing and writing out
-its encoded (shorthand) form (this may involve a rearrangement of the
-existing encoding).
-
-Note that the ticket-granting service does not add the name of its own
-realm. Instead, its responsibility is to add the name of the previous realm.
-This prevents a malicious Kerberos server from intentionally leaving out its
-own name (it could, however, omit other realms' names).
-
-The names of neither the local realm nor the principal's realm are to be
-included in the transited field. They appear elsewhere in the ticket and
-both are known to have taken part in authenticating the principal. Since the
-endpoints are not included, both local and single-hop inter-realm
-authentication result in a transited field that is empty.
-
-Because the name of each realm transited is added to this field, it might
-potentially be very long. To decrease the length of this field, its contents
-are encoded. The initially supported encoding is optimized for the normal
-case of inter-realm communication: a hierarchical arrangement of realms
-using either domain or X.500 style realm names. This encoding (called
-DOMAIN-X500-COMPRESS) is now described.
-
-Realm names in the transited field are separated by a ",". The ",", "\",
-trailing "."s, and leading spaces (" ") are special characters, and if they
-are part of a realm name, they must be quoted in the transited field by
-preced- ing them with a "\".
-
-A realm name ending with a "." is interpreted as being prepended to the
-previous realm. For example, we can encode traversal of EDU, MIT.EDU,
-ATHENA.MIT.EDU, WASHINGTON.EDU, and CS.WASHINGTON.EDU as:
-
-     "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were end-points, that they
-would not be included in this field, and we would have:
-
-     "EDU,MIT.,WASHINGTON.EDU"
-
-A realm name beginning with a "/" is interpreted as being appended to the
-previous realm[18]. If it is to stand by itself, then it should be preceded
-by a space (" "). For example, we can encode traversal of /COM/HP/APOLLO,
-/COM/HP, /COM, and /COM/DEC as:
-
-     "/COM,/HP,/APOLLO, /COM/DEC".
-
-Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints, they
-they would not be included in this field, and we would have:
-
-     "/COM,/HP"
-
-A null subfield preceding or following a "," indicates that all realms
-between the previous realm and the next realm have been traversed[19]. Thus,
-"," means that all realms along the path between the client and the server
-have been traversed. ",EDU, /COM," means that that all realms from the
-client's realm up to EDU (in a domain style hierarchy) have been traversed,
-and that everything from /COM down to the server's realm in an X.500 style
-has also been traversed. This could occur if the EDU realm in one hierarchy
-shares an inter-realm key directly with the /COM realm in another hierarchy.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-3.3.4. Receipt of KRB_TGS_REP message
-
-When the KRB_TGS_REP is received by the client, it is processed in the same
-manner as the KRB_AS_REP processing described above. The primary difference
-is that the ciphertext part of the response must be decrypted using the
-session key from the ticket-granting ticket rather than the client's secret
-key. See section A.7 for pseudocode.
-
-3.4. The KRB_SAFE Exchange
-
-The KRB_SAFE message may be used by clients requiring the ability to detect
-modifications of messages they exchange. It achieves this by including a
-keyed collision-proof checksum of the user data and some control
-information. The checksum is keyed with an encryption key (usually the last
-key negotiated via subkeys, or the session key if no negotiation has
-occured).
-
-3.4.1. Generation of a KRB_SAFE message
-
-When an application wishes to send a KRB_SAFE message, it collects its data
-and the appropriate control information and computes a checksum over them.
-The checksum algorithm should be a keyed one-way hash function (such as the
-RSA- MD5-DES checksum algorithm specified in section 6.4.5, or the DES MAC),
-generated using the sub-session key if present, or the session key.
-Different algorithms may be selected by changing the checksum type in the
-message. Unkeyed or non-collision-proof checksums are not suitable for this
-use.
-
-The control information for the KRB_SAFE message includes both a timestamp
-and a sequence number. The designer of an application using the KRB_SAFE
-message must choose at least one of the two mechanisms. This choice should
-be based on the needs of the application protocol.
-
-Sequence numbers are useful when all messages sent will be received by one's
-peer. Connection state is presently required to maintain the session key, so
-maintaining the next sequence number should not present an additional
-problem.
-
-If the application protocol is expected to tolerate lost messages without
-them being resent, the use of the timestamp is the appropriate replay
-detection mechanism. Using timestamps is also the appropriate mechanism for
-multi-cast protocols where all of one's peers share a common sub-session
-key, but some messages will be sent to a subset of one's peers.
-
-After computing the checksum, the client then transmits the information and
-checksum to the recipient in the message format specified in section 5.6.1.
-
-3.4.2. Receipt of KRB_SAFE message
-
-When an application receives a KRB_SAFE message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and type
-fields match the current version and KRB_SAFE, respectively. A mismatch
-generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The
-application verifies that the checksum used is a collision-proof keyed
-checksum, and if it is not, a KRB_AP_ERR_INAPP_CKSUM error is generated. If
-the sender's address was included in the control information, the recipient
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-verifies that the operating system's report of the sender's address matches
-the sender's address in the message, and (if a recipient address is
-specified or the recipient requires an address) that one of the recipient's
-addresses appears as the recipient's address in the message. A failed match
-for either case generates a KRB_AP_ERR_BADADDR error. Then the timestamp and
-usec and/or the sequence number fields are checked. If timestamp and usec
-are expected and not present, or they are present but not current, the
-KRB_AP_ERR_SKEW error is generated. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen (sent or received[20] ) such tuples, the KRB_AP_ERR_REPEAT
-error is generated. If an incorrect sequence number is included, or a
-sequence number is expected but not present, the KRB_AP_ERR_BADORDER error
-is generated. If neither a time-stamp and usec or a sequence number is
-present, a KRB_AP_ERR_MODIFIED error is generated. Finally, the checksum is
-computed over the data and control information, and if it doesn't match the
-received checksum, a KRB_AP_ERR_MODIFIED error is generated.
-
-If all the checks succeed, the application is assured that the message was
-generated by its peer and was not modi- fied in transit.
-
-3.5. The KRB_PRIV Exchange
-
-The KRB_PRIV message may be used by clients requiring confidentiality and
-the ability to detect modifications of exchanged messages. It achieves this
-by encrypting the messages and adding control information.
-
-3.5.1. Generation of a KRB_PRIV message
-
-When an application wishes to send a KRB_PRIV message, it collects its data
-and the appropriate control information (specified in section 5.7.1) and
-encrypts them under an encryption key (usually the last key negotiated via
-subkeys, or the session key if no negotiation has occured). As part of the
-control information, the client must choose to use either a timestamp or a
-sequence number (or both); see the discussion in section 3.4.1 for
-guidelines on which to use. After the user data and control information are
-encrypted, the client transmits the ciphertext and some 'envelope'
-information to the recipient.
-
-3.5.2. Receipt of KRB_PRIV message
-
-When an application receives a KRB_PRIV message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and type
-fields match the current version and KRB_PRIV, respectively. A mismatch
-generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The
-application then decrypts the ciphertext and processes the resultant
-plaintext. If decryption shows the data to have been modified, a
-KRB_AP_ERR_BAD_INTEGRITY error is generated. If the sender's address was
-included in the control information, the recipient verifies that the
-operating system's report of the sender's address matches the sender's
-address in the message, and (if a recipient address is specified or the
-recipient requires an address) that one of the recipient's addresses appears
-as the recipient's address in the message. A failed match for either case
-generates a KRB_AP_ERR_BADADDR error. Then the timestamp and usec and/or the
-sequence number fields are checked. If timestamp and usec are expected and
-not present, or they are present but not current, the KRB_AP_ERR_SKEW error
-is generated. If the server name, along with the client name, time and
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-microsecond fields from the Authenticator match any recently-seen such
-tuples, the KRB_AP_ERR_REPEAT error is generated. If an incorrect sequence
-number is included, or a sequence number is expected but not present, the
-KRB_AP_ERR_BADORDER error is generated. If neither a time-stamp and usec or
-a sequence number is present, a KRB_AP_ERR_MODIFIED error is generated.
-
-If all the checks succeed, the application can assume the message was
-generated by its peer, and was securely transmitted (without intruders able
-to see the unencrypted contents).
-
-3.6. The KRB_CRED Exchange
-
-The KRB_CRED message may be used by clients requiring the ability to send
-Kerberos credentials from one host to another. It achieves this by sending
-the tickets together with encrypted data containing the session keys and
-other information associated with the tickets.
-
-3.6.1. Generation of a KRB_CRED message
-
-When an application wishes to send a KRB_CRED message it first (using the
-KRB_TGS exchange) obtains credentials to be sent to the remote host. It then
-constructs a KRB_CRED message using the ticket or tickets so obtained,
-placing the session key needed to use each ticket in the key field of the
-corresponding KrbCredInfo sequence of the encrypted part of the the KRB_CRED
-message.
-
-Other information associated with each ticket and obtained during the
-KRB_TGS exchange is also placed in the corresponding KrbCredInfo sequence in
-the encrypted part of the KRB_CRED message. The current time and, if
-specifically required by the application the nonce, s-address, and r-address
-fields, are placed in the encrypted part of the KRB_CRED message which is
-then encrypted under an encryption key previosuly exchanged in the KRB_AP
-exchange (usually the last key negotiated via subkeys, or the session key if
-no negotiation has occured).
-
-3.6.2. Receipt of KRB_CRED message
-
-When an application receives a KRB_CRED message, it verifies it. If any
-error occurs, an error code is reported for use by the application. The
-message is verified by checking that the protocol version and type fields
-match the current version and KRB_CRED, respectively. A mismatch generates a
-KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The application then
-decrypts the ciphertext and processes the resultant plaintext. If decryption
-shows the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY error is
-generated.
-
-If present or required, the recipient verifies that the operating system's
-report of the sender's address matches the sender's address in the message,
-and that one of the recipient's addresses appears as the recipient's address
-in the message. A failed match for either case generates a
-KRB_AP_ERR_BADADDR error. The timestamp and usec fields (and the nonce field
-if required) are checked next. If the timestamp and usec are not present, or
-they are present but not current, the KRB_AP_ERR_SKEW error is generated.
-
-If all the checks succeed, the application stores each of the new tickets in
-its ticket cache together with the session key and other information in the
-corresponding KrbCredInfo sequence from the encrypted part of the KRB_CRED
-message.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-4. The Kerberos Database
-
-The Kerberos server must have access to a database contain- ing the
-principal identifiers and secret keys of principals to be authenticated[21].
-
-4.1. Database contents
-
-A database entry should contain at least the following fields:
-
-Field                Value
-
-name                 Principal's identifier
-key                  Principal's secret key
-p_kvno               Principal's key version
-max_life             Maximum lifetime for Tickets
-max_renewable_life   Maximum total lifetime for renewable Tickets
-
-The name field is an encoding of the principal's identifier. The key field
-contains an encryption key. This key is the principal's secret key. (The key
-can be encrypted before storage under a Kerberos "master key" to protect it
-in case the database is compromised but the master key is not. In that case,
-an extra field must be added to indicate the master key version used, see
-below.) The p_kvno field is the key version number of the principal's secret
-key. The max_life field contains the maximum allowable lifetime (endtime -
-starttime) for any Ticket issued for this principal. The max_renewable_life
-field contains the maximum allowable total lifetime for any renewable Ticket
-issued for this principal. (See section 3.1 for a description of how these
-lifetimes are used in determining the lifetime of a given Ticket.)
-
-A server may provide KDC service to several realms, as long as the database
-representation provides a mechanism to distinguish between principal records
-with identifiers which differ only in the realm name.
-
-When an application server's key changes, if the change is routine (i.e. not
-the result of disclosure of the old key), the old key should be retained by
-the server until all tickets that had been issued using that key have
-expired. Because of this, it is possible for several keys to be active for a
-single principal. Ciphertext encrypted in a principal's key is always tagged
-with the version of the key that was used for encryption, to help the
-recipient find the proper key for decryption.
-
-When more than one key is active for a particular principal, the principal
-will have more than one record in the Kerberos database. The keys and key
-version numbers will differ between the records (the rest of the fields may
-or may not be the same). Whenever Kerberos issues a ticket, or responds to a
-request for initial authentication, the most recent key (known by the
-Kerberos server) will be used for encryption. This is the key with the
-highest key version number.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-4.2. Additional fields
-
-Project Athena's KDC implementation uses additional fields in its database:
-
-Field        Value
-
-K_kvno       Kerberos' key version
-expiration   Expiration date for entry
-attributes   Bit field of attributes
-mod_date     Timestamp of last modification
-mod_name     Modifying principal's identifier
-
-The K_kvno field indicates the key version of the Kerberos master key under
-which the principal's secret key is encrypted.
-
-After an entry's expiration date has passed, the KDC will return an error to
-any client attempting to gain tickets as or for the principal. (A database
-may want to maintain two expiration dates: one for the principal, and one
-for the principal's current key. This allows password aging to work
-independently of the principal's expiration date. However, due to the
-limited space in the responses, the KDC must combine the key expiration and
-principal expiration date into a single value called 'key_exp', which is
-used as a hint to the user to take administrative action.)
-
-The attributes field is a bitfield used to govern the operations involving
-the principal. This field might be useful in conjunction with user
-registration procedures, for site-specific policy implementations (Project
-Athena currently uses it for their user registration process controlled by
-the system-wide database service, Moira [LGDSR87]), to identify whether a
-principal can play the role of a client or server or both, to note whether a
-server is appropriate trusted to recieve credentials delegated by a client,
-or to identify the 'string to key' conversion algorithm used for a
-principal's key[22]. Other bits are used to indicate that certain ticket
-options should not be allowed in tickets encrypted under a principal's key
-(one bit each): Disallow issuing postdated tickets, disallow issuing
-forwardable tickets, disallow issuing tickets based on TGT authentication,
-disallow issuing renewable tickets, disallow issuing proxiable tickets, and
-disallow issuing tickets for which the principal is the server.
-
-The mod_date field contains the time of last modification of the entry, and
-the mod_name field contains the name of the principal which last modified
-the entry.
-
-4.3. Frequently Changing Fields
-
-Some KDC implementations may wish to maintain the last time that a request
-was made by a particular principal. Information that might be maintained
-includes the time of the last request, the time of the last request for a
-ticket-granting ticket, the time of the last use of a ticket-granting
-ticket, or other times. This information can then be returned to the user in
-the last-req field (see section 5.2).
-
-Other frequently changing information that can be maintained is the latest
-expiration time for any tickets that have been issued using each key. This
-field would be used to indicate how long old keys must remain valid to allow
-the continued use of outstanding tickets.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-4.4. Site Constants
-
-The KDC implementation should have the following configurable constants or
-options, to allow an administrator to make and enforce policy decisions:
-
-   * The minimum supported lifetime (used to determine whether the
-     KDC_ERR_NEVER_VALID error should be returned). This constant should
-     reflect reasonable expectations of round-trip time to the KDC,
-     encryption/decryption time, and processing time by the client and
-     target server, and it should allow for a minimum 'useful' lifetime.
-   * The maximum allowable total (renewable) lifetime of a ticket
-     (renew_till - starttime).
-   * The maximum allowable lifetime of a ticket (endtime - starttime).
-   * Whether to allow the issue of tickets with empty address fields
-     (including the ability to specify that such tickets may only be issued
-     if the request specifies some authorization_data).
-   * Whether proxiable, forwardable, renewable or post-datable tickets are
-     to be issued.
-
-5. Message Specifications
-
-The following sections describe the exact contents and encoding of protocol
-messages and objects. The ASN.1 base definitions are presented in the first
-subsection. The remaining subsections specify the protocol objects (tickets
-and authenticators) and messages. Specification of encryption and checksum
-techniques, and the fields related to them, appear in section 6.
-
-Optional field in ASN.1 sequences
-
-For optional integer value and date fields in ASN.1 sequences where a
-default value has been specified, certain default values will not be allowed
-in the encoding because these values will always be represented through
-defaulting by the absence of the optional field. For example, one will not
-send a microsecond zero value because one must make sure that there is only
-one way to encode this value.
-
-Additional fields in ASN.1 sequences
-
-Implementations receiving Kerberos messages with additional fields present
-in ASN.1 sequences should carry the those fields through, unmodified, when
-the message is forwarded. Implementations should not drop such fields if the
-sequence is reencoded.
-
-5.1. ASN.1 Distinguished Encoding Representation
-
-All uses of ASN.1 in Kerberos shall use the Distinguished Encoding
-Representation of the data elements as described in the X.509 specification,
-section 8.7 [X509-88].
-
-5.3. ASN.1 Base Definitions
-
-The following ASN.1 base definitions are used in the rest of this section.
-Note that since the underscore character (_) is not permitted in ASN.1
-names, the hyphen (-) is used in its place for the purposes of ASN.1 names.
-
-Realm ::=           GeneralString
-PrincipalName ::=   SEQUENCE {
-                    name-type[0]     INTEGER,
-                    name-string[1]   SEQUENCE OF GeneralString
-}
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Kerberos realms are encoded as GeneralStrings. Realms shall not contain a
-character with the code 0 (the ASCII NUL). Most realms will usually consist
-of several components separated by periods (.), in the style of Internet
-Domain Names, or separated by slashes (/) in the style of X.500 names.
-Acceptable forms for realm names are specified in section 7. A PrincipalName
-is a typed sequence of components consisting of the following sub-fields:
-
-name-type
-     This field specifies the type of name that follows. Pre-defined values
-     for this field are specified in section 7.2. The name-type should be
-     treated as a hint. Ignoring the name type, no two names can be the same
-     (i.e. at least one of the components, or the realm, must be different).
-     This constraint may be eliminated in the future.
-name-string
-     This field encodes a sequence of components that form a name, each
-     component encoded as a GeneralString. Taken together, a PrincipalName
-     and a Realm form a principal identifier. Most PrincipalNames will have
-     only a few components (typically one or two).
-
-KerberosTime ::=   GeneralizedTime
-                   -- Specifying UTC time zone (Z)
-
-The timestamps used in Kerberos are encoded as GeneralizedTimes. An encoding
-shall specify the UTC time zone (Z) and shall not include any fractional
-portions of the seconds. It further shall not include any separators.
-Example: The only valid format for UTC time 6 minutes, 27 seconds after 9 pm
-on 6 November 1985 is 19851106210627Z.
-
-HostAddress ::=     SEQUENCE  {
-                    addr-type[0]             INTEGER,
-                    address[1]               OCTET STRING
-}
-
-HostAddresses ::=   SEQUENCE OF HostAddress
-
-The host adddress encodings consists of two fields:
-
-addr-type
-     This field specifies the type of address that follows. Pre-defined
-     values for this field are specified in section 8.1.
-address
-     This field encodes a single address of type addr-type.
-
-The two forms differ slightly. HostAddress contains exactly one address;
-HostAddresses contains a sequence of possibly many addresses.
-
-AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                        ad-type[0]               INTEGER,
-                        ad-data[1]               OCTET STRING
-}
-
-ad-data
-     This field contains authorization data to be interpreted according to
-     the value of the corresponding ad-type field.
-ad-type
-     This field specifies the format for the ad-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved for
-     registered use.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Each sequence of type and data is refered to as an authorization element.
-Elements may be application specific, however, there is a common set of
-recursive elements that should be understood by all implementations. These
-elements contain other elements embedded within them, and the interpretation
-of the encapsulating element determines which of the embedded elements must
-be interpreted, and which may be ignored. Definitions for these common
-elements may be found in Appendix B.
-
-TicketExtensions ::= SEQUENCE OF SEQUENCE {
-           te-type[0]       INTEGER,
-           te-data[1]       OCTET STRING
-}
-
-te-data
-     This field contains opaque data that must be caried with the ticket to
-     support extensions to the Kerberos protocol including but not limited
-     to some forms of inter-realm key exchange and plaintext authorization
-     data. See appendix C for some common uses of this field.
-te-type
-     This field specifies the format for the te-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved for
-     registered use.
-
-APOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- use-session-key(1),
-                  -- mutual-required(2)
-
-TicketFlags ::= BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- may-postdate(5),
-                  -- postdated(6),
-                  -- invalid(7),
-                  -- renewable(8),
-                  -- initial(9),
-                  -- pre-authent(10),
-                  -- hw-authent(11),
-                  -- transited-policy-checked(12),
-                  -- ok-as-delegate(13)
-
-KDCOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- allow-postdate(5),
-                  -- postdated(6),
-                  -- unused7(7),
-                  -- renewable(8),
-                  -- unused9(9),
-                  -- unused10(10),
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                  -- unused11(11),
-                  -- unused12(12),
-                  -- unused13(13),
-                  -- disable-transited-check(26),
-                  -- renewable-ok(27),
-                  -- enc-tkt-in-skey(28),
-                  -- renew(30),
-                  -- validate(31)
-
-ASN.1 Bit strings have a length and a value. When used in Kerberos for the
-APOptions, TicketFlags, and KDCOptions, the length of the bit string on
-generated values should be the smallest number of bits needed to include the
-highest order bit that is set (1), but in no case less than 32 bits. The
-ASN.1 representation of the bit strings uses unnamed bits, with the meaning
-of the individual bits defined by the comments in the specification above.
-Implementations should accept values of bit strings of any length and treat
-the value of flags corresponding to bits beyond the end of the bit string as
-if the bit were reset (0). Comparison of bit strings of different length
-should treat the smaller string as if it were padded with zeros beyond the
-high order bits to the length of the longer string[23].
-
-LastReq ::=   SEQUENCE OF SEQUENCE {
-               lr-type[0]               INTEGER,
-               lr-value[1]              KerberosTime
-}
-
-lr-type
-     This field indicates how the following lr-value field is to be
-     interpreted. Negative values indicate that the information pertains
-     only to the responding server. Non-negative values pertain to all
-     servers for the realm. If the lr-type field is zero (0), then no
-     information is conveyed by the lr-value subfield. If the absolute value
-     of the lr-type field is one (1), then the lr-value subfield is the time
-     of last initial request for a TGT. If it is two (2), then the lr-value
-     subfield is the time of last initial request. If it is three (3), then
-     the lr-value subfield is the time of issue for the newest
-     ticket-granting ticket used. If it is four (4), then the lr-value
-     subfield is the time of the last renewal. If it is five (5), then the
-     lr-value subfield is the time of last request (of any type). If it is
-     (6), then the lr-value subfield is the time when the password will
-     expire.
-lr-value
-     This field contains the time of the last request. the time must be
-     interpreted according to the contents of the accompanying lr-type
-     subfield.
-
-See section 6 for the definitions of Checksum, ChecksumType, EncryptedData,
-EncryptionKey, EncryptionType, and KeyType.
-
-5.3. Tickets and Authenticators
-
-This section describes the format and encryption parameters for tickets and
-authenticators. When a ticket or authenticator is included in a protocol
-message it is treated as an opaque object.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-5.3.1. Tickets
-
-A ticket is a record that helps a client authenticate to a service. A Ticket
-contains the following information:
-
-Ticket ::=        [APPLICATION 1] SEQUENCE {
-                  tkt-vno[0]                   INTEGER,
-                  realm[1]                     Realm,
-                  sname[2]                     PrincipalName,
-                  enc-part[3]                  EncryptedData,
-                  extensions[4]                TicketExtensions OPTIONAL
-}
-
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-                  flags[0]                     TicketFlags,
-                  key[1]                       EncryptionKey,
-                  crealm[2]                    Realm,
-                  cname[3]                     PrincipalName,
-                  transited[4]                 TransitedEncoding,
-                  authtime[5]                  KerberosTime,
-                  starttime[6]                 KerberosTime OPTIONAL,
-                  endtime[7]                   KerberosTime,
-                  renew-till[8]                KerberosTime OPTIONAL,
-                  caddr[9]                     HostAddresses OPTIONAL,
-                  authorization-data[10]       AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=   SEQUENCE {
-                        tr-type[0]             INTEGER, -- must be
-registered
-                        contents[1]            OCTET STRING
-}
-
-The encoding of EncTicketPart is encrypted in the key shared by Kerberos and
-the end server (the server's secret key). See section 6 for the format of
-the ciphertext.
-
-tkt-vno
-     This field specifies the version number for the ticket format. This
-     document describes version number 5.
-realm
-     This field specifies the realm that issued a ticket. It also serves to
-     identify the realm part of the server's principal identifier. Since a
-     Kerberos server can only issue tickets for servers within its realm,
-     the two will always be identical.
-sname
-     This field specifies all components of the name part of the server's
-     identity, including those parts that identify a specific instance of a
-     service.
-enc-part
-     This field holds the encrypted encoding of the EncTicketPart sequence.
-extensions
-     [*** This change is still subject to discussion. Several alternatives
-     for this - including none at all - will be distributed to the cat and
-     krb-protocol mailing lists before the Oslo IETF, and an alternative
-     will be selected and the spec modified by 7/14/99 ***] This optional
-     field contains a sequence of extentions that may be used to carry
-     information that must be carried with the ticket to support several
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-     extensions, including but not limited to plaintext authorization data,
-     tokens for exchanging inter-realm keys, and other information that must
-     be associated with a ticket for use by the application server. See
-     Appendix C for definitions of some common extensions.
-
-     Note that some older versions of Kerberos did not support this field.
-     Because this is an optional field it will not break older clients, but
-     older clients might strip this field from the ticket before sending it
-     to the application server. This limits the usefulness of this ticket
-     field to environments where the ticket will not be parsed and
-     reconstructed by these older Kerberos clients.
-
-     If it is known that the client will strip this field from the ticket,
-     as an interim measure the KDC may append this field to the end of the
-     enc-part of the ticket and append a traler indicating the lenght of the
-     appended extensions field. (this paragraph is open for discussion,
-     including the form of the traler).
-flags
-     This field indicates which of various options were used or requested
-     when the ticket was issued. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). Bit 0 is the most
-     significant bit. The encoding of the bits is specified in section 5.2.
-     The flags are described in more detail above in section 2. The meanings
-     of the flags are:
-
-          Bit(s)      Name         Description
-
-          0           RESERVED
-                                   Reserved for future  expansion  of  this
-                                   field.
-
-          1           FORWARDABLE
-                                   The FORWARDABLE flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  When set,  this
-                                   flag  tells  the  ticket-granting server
-                                   that it is OK to  issue  a  new  ticket-
-                                   granting ticket with a different network
-                                   address based on the presented ticket.
-
-          2           FORWARDED
-                                   When set, this flag indicates  that  the
-                                   ticket  has either been forwarded or was
-                                   issued based on authentication involving
-                                   a forwarded ticket-granting ticket.
-
-          3           PROXIABLE
-                                   The  PROXIABLE  flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.   The  PROXIABLE
-                                   flag  has an interpretation identical to
-                                   that of  the  FORWARDABLE  flag,  except
-                                   that   the   PROXIABLE  flag  tells  the
-                                   ticket-granting server  that  only  non-
-                                   ticket-granting  tickets  may  be issued
-                                   with different network addresses.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-          4           PROXY
-                                   When set, this  flag  indicates  that  a
-                                   ticket is a proxy.
-
-          5           MAY-POSTDATE
-                                   The MAY-POSTDATE flag is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  This flag tells
-                                   the  ticket-granting server that a post-
-                                   dated ticket may be issued based on this
-                                   ticket-granting ticket.
-
-          6           POSTDATED
-                                   This flag indicates that this ticket has
-                                   been  postdated.   The  end-service  can
-                                   check the authtime field to see when the
-                                   original authentication occurred.
-
-          7           INVALID
-                                   This flag indicates  that  a  ticket  is
-                                   invalid, and it must be validated by the
-                                   KDC  before  use.   Application  servers
-                                   must reject tickets which have this flag
-                                   set.
-
-          8           RENEWABLE
-                                   The  RENEWABLE  flag  is  normally  only
-                                   interpreted  by the TGS, and can usually
-                                   be ignored by end servers (some particu-
-                                   larly careful servers may wish to disal-
-                                   low  renewable  tickets).   A  renewable
-                                   ticket  can be used to obtain a replace-
-                                   ment ticket  that  expires  at  a  later
-                                   date.
-
-          9           INITIAL
-                                   This flag indicates that this ticket was
-                                   issued  using  the  AS protocol, and not
-                                   issued  based   on   a   ticket-granting
-                                   ticket.
-
-          10          PRE-AUTHENT
-                                   This flag indicates that during  initial
-                                   authentication, the client was authenti-
-                                   cated by the KDC  before  a  ticket  was
-                                   issued.    The   strength  of  the  pre-
-                                   authentication method is not  indicated,
-                                   but is acceptable to the KDC.
-
-          11          HW-AUTHENT
-                                   This flag indicates  that  the  protocol
-                                   employed   for   initial  authentication
-                                   required the use of hardware expected to
-                                   be possessed solely by the named client.
-                                   The hardware  authentication  method  is
-                                   selected  by the KDC and the strength of
-                                   the method is not indicated.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-          12           TRANSITED   This flag indicates that the KDC for the
-                  POLICY-CHECKED   realm has checked the transited field
-                                   against a realm defined policy for
-                                   trusted certifiers.  If this flag is
-                                   reset (0), then the application server
-                                   must check the transited field itself,
-                                   and if unable to do so it must reject
-                                   the authentication.  If the flag is set
-                                   (1) then the application server may skip
-                                   its own validation of the transited
-                                   field, relying on the validation
-                                   performed by the KDC.  At its option the
-                                   application server may still apply its
-                                   own validation based on a separate
-                                   policy for acceptance.
-
-          13      OK-AS-DELEGATE   This flag indicates that the server (not
-                                   the client) specified in the ticket has
-                                   been determined by policy of the realm
-                                   to be a suitable recipient of
-                                   delegation.  A client can use the
-                                   presence of this flag to help it make a
-                                   decision whether to delegate credentials
-                                   (either grant a proxy or a forwarded
-                                   ticket granting ticket) to this server.
-                                   The client is free to ignore the value
-                                   of this flag.  When setting this flag,
-                                   an administrator should consider the
-                                   Security and placement of the server on
-                                   which the service will run, as well as
-                                   whether the service requires the use of
-                                   delegated credentials.
-
-          14          ANONYMOUS
-                                   This flag indicates that  the  principal
-                                   named in the ticket is a generic princi-
-                                   pal for the realm and does not  identify
-                                   the  individual  using  the ticket.  The
-                                   purpose  of  the  ticket  is   only   to
-                                   securely  distribute  a session key, and
-                                   not to identify  the  user.   Subsequent
-                                   requests  using the same ticket and ses-
-                                   sion may be  considered  as  originating
-                                   from  the  same  user, but requests with
-                                   the same username but a different ticket
-                                   are  likely  to originate from different
-                                   users.
-
-          15-31       RESERVED
-                                   Reserved for future use.
-
-key
-     This field exists in the ticket and the KDC response and is used to
-     pass the session key from Kerberos to the application server and the
-     client. The field's encoding is described in section 6.2.
-crealm
-     This field contains the name of the realm in which the client is
-     registered and in which initial authentication took place.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-cname
-     This field contains the name part of the client's principal identifier.
-transited
-     This field lists the names of the Kerberos realms that took part in
-     authenticating the user to whom this ticket was issued. It does not
-     specify the order in which the realms were transited. See section
-     3.3.3.2 for details on how this field encodes the traversed realms.
-     When the names of CA's are to be embedded inthe transited field (as
-     specified for some extentions to the protocol), the X.500 names of the
-     CA's should be mapped into items in the transited field using the
-     mapping defined by RFC2253.
-authtime
-     This field indicates the time of initial authentication for the named
-     principal. It is the time of issue for the original ticket on which
-     this ticket is based. It is included in the ticket to provide
-     additional information to the end service, and to provide the necessary
-     information for implementation of a `hot list' service at the KDC. An
-     end service that is particularly paranoid could refuse to accept
-     tickets for which the initial authentication occurred "too far" in the
-     past. This field is also returned as part of the response from the KDC.
-     When returned as part of the response to initial authentication
-     (KRB_AS_REP), this is the current time on the Ker- beros server[24].
-starttime
-     This field in the ticket specifies the time after which the ticket is
-     valid. Together with endtime, this field specifies the life of the
-     ticket. If it is absent from the ticket, its value should be treated as
-     that of the authtime field.
-endtime
-     This field contains the time after which the ticket will not be honored
-     (its expiration time). Note that individual services may place their
-     own limits on the life of a ticket and may reject tickets which have
-     not yet expired. As such, this is really an upper bound on the
-     expiration time for the ticket.
-renew-till
-     This field is only present in tickets that have the RENEWABLE flag set
-     in the flags field. It indicates the maximum endtime that may be
-     included in a renewal. It can be thought of as the absolute expiration
-     time for the ticket, including all renewals.
-caddr
-     This field in a ticket contains zero (if omitted) or more (if present)
-     host addresses. These are the addresses from which the ticket can be
-     used. If there are no addresses, the ticket can be used from any
-     location. The decision by the KDC to issue or by the end server to
-     accept zero-address tickets is a policy decision and is left to the
-     Kerberos and end-service administrators; they may refuse to issue or
-     accept such tickets. The suggested and default policy, however, is that
-     such tickets will only be issued or accepted when additional
-     information that can be used to restrict the use of the ticket is
-     included in the authorization_data field. Such a ticket is a
-     capability.
-
-     Network addresses are included in the ticket to make it harder for an
-     attacker to use stolen credentials. Because the session key is not sent
-     over the network in cleartext, credentials can't be stolen simply by
-     listening to the network; an attacker has to gain access to the session
-     key (perhaps through operating system security breaches or a careless
-     user's unattended session) to make use of stolen tickets.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-     It is important to note that the network address from which a
-     connection is received cannot be reliably determined. Even if it could
-     be, an attacker who has compromised the client's workstation could use
-     the credentials from there. Including the network addresses only makes
-     it more difficult, not impossible, for an attacker to walk off with
-     stolen credentials and then use them from a "safe" location.
-authorization-data
-     The authorization-data field is used to pass authorization data from
-     the principal on whose behalf a ticket was issued to the application
-     service. If no authorization data is included, this field will be left
-     out. Experience has shown that the name of this field is confusing, and
-     that a better name for this field would be restrictions. Unfortunately,
-     it is not possible to change the name of this field at this time.
-
-     This field contains restrictions on any authority obtained on the basis
-     of authentication using the ticket. It is possible for any principal in
-     posession of credentials to add entries to the authorization data field
-     since these entries further restrict what can be done with the ticket.
-     Such additions can be made by specifying the additional entries when a
-     new ticket is obtained during the TGS exchange, or they may be added
-     during chained delegation using the authorization data field of the
-     authenticator.
-
-     Because entries may be added to this field by the holder of
-     credentials, it is not allowable for the presence of an entry in the
-     authorization data field of a ticket to amplify the priveleges one
-     would obtain from using a ticket.
-
-     The data in this field may be specific to the end service; the field
-     will contain the names of service specific objects, and the rights to
-     those objects. The format for this field is described in section 5.2.
-     Although Kerberos is not concerned with the format of the contents of
-     the sub-fields, it does carry type information (ad-type).
-
-     By using the authorization_data field, a principal is able to issue a
-     proxy that is valid for a specific purpose. For example, a client
-     wishing to print a file can obtain a file server proxy to be passed to
-     the print server. By specifying the name of the file in the
-     authorization_data field, the file server knows that the print server
-     can only use the client's rights when accessing the particular file to
-     be printed.
-
-     A separate service providing authorization or certifying group
-     membership may be built using the authorization-data field. In this
-     case, the entity granting authorization (not the authorized entity),
-     obtains a ticket in its own name (e.g. the ticket is issued in the name
-     of a privelege server), and this entity adds restrictions on its own
-     authority and delegates the restricted authority through a proxy to the
-     client. The client would then present this authorization credential to
-     the application server separately from the authentication exchange.
-
-     Similarly, if one specifies the authorization-data field of a proxy and
-     leaves the host addresses blank, the resulting ticket and session key
-     can be treated as a capability. See [Neu93] for some suggested uses of
-     this field.
-
-     The authorization-data field is optional and does not have to be
-     included in a ticket.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-5.3.2. Authenticators
-
-An authenticator is a record sent with a ticket to a server to certify the
-client's knowledge of the encryption key in the ticket, to help the server
-detect replays, and to help choose a "true session key" to use with the
-particular session. The encoding is encrypted in the ticket's session key
-shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::= [APPLICATION 2] SEQUENCE  {
-                  authenticator-vno[0]          INTEGER,
-                  crealm[1]                     Realm,
-                  cname[2]                      PrincipalName,
-                  cksum[3]                      Checksum OPTIONAL,
-                  cusec[4]                      INTEGER,
-                  ctime[5]                      KerberosTime,
-                  subkey[6]                     EncryptionKey OPTIONAL,
-                  seq-number[7]                 INTEGER OPTIONAL,
-                  authorization-data[8]         AuthorizationData OPTIONAL
-}
-
-authenticator-vno
-     This field specifies the version number for the format of the
-     authenticator. This document specifies version 5.
-crealm and cname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-cksum
-     This field contains a checksum of the the applica- tion data that
-     accompanies the KRB_AP_REQ.
-cusec
-     This field contains the microsecond part of the client's timestamp. Its
-     value (before encryption) ranges from 0 to 999999. It often appears
-     along with ctime. The two fields are used together to specify a
-     reasonably accurate timestamp.
-ctime
-     This field contains the current time on the client's host.
-subkey
-     This field contains the client's choice for an encryption key which is
-     to be used to protect this specific application session. Unless an
-     application specifies otherwise, if this field is left out the session
-     key from the ticket will be used.
-seq-number
-     This optional field includes the initial sequence number to be used by
-     the KRB_PRIV or KRB_SAFE messages when sequence numbers are used to
-     detect replays (It may also be used by application specific messages).
-     When included in the authenticator this field specifies the initial
-     sequence number for messages from the client to the server. When
-     included in the AP-REP message, the initial sequence number is that for
-     messages from the server to the client. When used in KRB_PRIV or
-     KRB_SAFE messages, it is incremented by one after each message is sent.
-     Sequence numbers fall in the range of 0 through 2^32 - 1 and wrap to
-     zero following the value 2^32 - 1.
-
-     For sequence numbers to adequately support the detection of replays
-     they should be non-repeating, even across connection boundaries. The
-     initial sequence number should be random and uniformly distributed
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-     across the full space of possible sequence numbers, so that it cannot
-     be guessed by an attacker and so that it and the successive sequence
-     numbers do not repeat other sequences.
-authorization-data
-     This field is the same as described for the ticket in section 5.3.1. It
-     is optional and will only appear when additional restrictions are to be
-     placed on the use of a ticket, beyond those carried in the ticket
-     itself.
-
-5.4. Specifications for the AS and TGS exchanges
-
-This section specifies the format of the messages used in the exchange
-between the client and the Kerberos server. The format of possible error
-messages appears in section 5.9.1.
-
-5.4.1. KRB_KDC_REQ definition
-
-The KRB_KDC_REQ message has no type of its own. Instead, its type is one of
-KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is for an initial
-ticket or an additional ticket. In either case, the message is sent from the
-client to the Authentication Server to request credentials for a service.
-
-The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-KDC-REQ ::=        SEQUENCE {
-                   pvno[1]            INTEGER,
-                   msg-type[2]        INTEGER,
-                   padata[3]          SEQUENCE OF PA-DATA OPTIONAL,
-                   req-body[4]        KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-                   padata-type[1]     INTEGER,
-                   padata-value[2]    OCTET STRING,
-                                      -- might be encoded AP-REQ
-}
-
-KDC-REQ-BODY ::=   SEQUENCE {
-                    kdc-options[0]         KDCOptions,
-                    cname[1]               PrincipalName OPTIONAL,
-                                           -- Used only in AS-REQ
-                    realm[2]               Realm, -- Server's realm
-                                           -- Also client's in AS-REQ
-                    sname[3]               PrincipalName OPTIONAL,
-                    from[4]                KerberosTime OPTIONAL,
-                    till[5]                KerberosTime OPTIONAL,
-                    rtime[6]               KerberosTime OPTIONAL,
-                    nonce[7]               INTEGER,
-                    etype[8]               SEQUENCE OF INTEGER,
-                                           -- EncryptionType,
-                                           -- in preference order
-                    addresses[9]           HostAddresses OPTIONAL,
-                enc-authorization-data[10] EncryptedData OPTIONAL,
-                                           -- Encrypted AuthorizationData
-                                           -- encoding
-                    additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The fields in this message are:
-
-pvno
-     This field is included in each message, and specifies the protocol
-     version number. This document specifies protocol version 5.
-msg-type
-     This field indicates the type of a protocol message. It will almost
-     always be the same as the application identifier associated with a
-     message. It is included to make the identifier more readily accessible
-     to the application. For the KDC-REQ message, this type will be
-     KRB_AS_REQ or KRB_TGS_REQ.
-padata
-     The padata (pre-authentication data) field contains a sequence of
-     authentication information which may be needed before credentials can
-     be issued or decrypted. In the case of requests for additional tickets
-     (KRB_TGS_REQ), this field will include an element with padata-type of
-     PA-TGS-REQ and data of an authentication header (ticket-granting ticket
-     and authenticator). The checksum in the authenticator (which must be
-     collision-proof) is to be computed over the KDC-REQ-BODY encoding. In
-     most requests for initial authentication (KRB_AS_REQ) and most replies
-     (KDC-REP), the padata field will be left out.
-
-     This field may also contain information needed by certain extensions to
-     the Kerberos protocol. For example, it might be used to initially
-     verify the identity of a client before any response is returned. This
-     is accomplished with a padata field with padata-type equal to
-     PA-ENC-TIMESTAMP and padata-value defined as follows:
-
-     padata-type     ::= PA-ENC-TIMESTAMP
-     padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-     PA-ENC-TS-ENC   ::= SEQUENCE {
-                     patimestamp[0]     KerberosTime, -- client's time
-                     pausec[1]          INTEGER OPTIONAL
-     }
-
-     with patimestamp containing the client's time and pausec containing the
-     microseconds which may be omitted if a client will not generate more
-     than one request per second. The ciphertext (padata-value) consists of
-     the PA-ENC-TS-ENC sequence, encrypted using the client's secret key.
-
-     [use-specified-kvno item is here for discussion and may be removed] It
-     may also be used by the client to specify the version of a key that is
-     being used for accompanying preauthentication, and/or which should be
-     used to encrypt the reply from the KDC.
-
-     PA-USE-SPECIFIED-KVNO  ::=  Integer
-
-     The KDC should only accept and abide by the value of the
-     use-specified-kvno preauthentication data field when the specified key
-     is still valid and until use of a new key is confirmed. This situation
-     is likely to occur primarily during the period during which an updated
-     key is propagating to other KDC's in a realm.
-
-     The padata field can also contain information needed to help the KDC or
-     the client select the key needed for generating or decrypting the
-     response. This form of the padata is useful for supporting the use of
-     certain token cards with Kerberos. The details of such extensions are
-     specified in separate documents. See [Pat92] for additional uses of
-     this field.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-padata-type
-     The padata-type element of the padata field indicates the way that the
-     padata-value element is to be interpreted. Negative values of
-     padata-type are reserved for unregistered use; non-negative values are
-     used for a registered interpretation of the element type.
-req-body
-     This field is a placeholder delimiting the extent of the remaining
-     fields. If a checksum is to be calculated over the request, it is
-     calculated over an encoding of the KDC-REQ-BODY sequence which is
-     enclosed within the req-body field.
-kdc-options
-     This field appears in the KRB_AS_REQ and KRB_TGS_REQ requests to the
-     KDC and indicates the flags that the client wants set on the tickets as
-     well as other information that is to modify the behavior of the KDC.
-     Where appropriate, the name of an option may be the same as the flag
-     that is set by that option. Although in most case, the bit in the
-     options field will be the same as that in the flags field, this is not
-     guaranteed, so it is not acceptable to simply copy the options field to
-     the flags field. There are various checks that must be made before
-     honoring an option anyway.
-
-     The kdc_options field is a bit-field, where the selected options are
-     indicated by the bit being set (1), and the unselected options and
-     reserved fields being reset (0). The encoding of the bits is specified
-     in section 5.2. The options are described in more detail above in
-     section 2. The meanings of the options are:
-
-        Bit(s)    Name                Description
-         0        RESERVED
-                                      Reserved for future  expansion  of
-this
-                                      field.
-
-         1        FORWARDABLE
-                                      The FORWARDABLE  option  indicates
-that
-                                      the  ticket  to be issued is to have
-its
-                                      forwardable flag set.  It  may  only
-be
-                                      set on the initial request, or in a
-sub-
-                                      sequent request if  the
-ticket-granting
-                                      ticket on which it is based is also
-for-
-                                      wardable.
-
-         2        FORWARDED
-                                      The FORWARDED option is  only
-specified
-                                      in  a  request  to  the
-ticket-granting
-                                      server and will only be honored  if
-the
-                                      ticket-granting  ticket  in  the
-request
-                                      has  its  FORWARDABLE  bit  set.
-This
-                                      option  indicates that this is a
-request
-                                      for forwarding.  The address(es) of
-the
-                                      host  from which the resulting ticket
-is
-                                      to  be  valid  are   included   in
-the
-                                      addresses field of the request.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-         3        PROXIABLE
-                                      The PROXIABLE option indicates that
-the
-                                      ticket to be issued is to have its
-prox-
-                                      iable flag set.  It may only be  set
-on
-                                      the  initial request, or in a
-subsequent
-                                      request if the ticket-granting ticket
-on
-                                      which it is based is also proxiable.
-
-         4        PROXY
-                                      The PROXY option indicates that this
-is
-                                      a request for a proxy.  This option
-will
-                                      only be honored if  the
-ticket-granting
-                                      ticket  in the request has its
-PROXIABLE
-                                      bit set.  The address(es)  of  the
-host
-                                      from which the resulting ticket is to
-be
-                                       valid  are  included  in  the
-addresses
-                                      field of the request.
-
-         5        ALLOW-POSTDATE
-                                      The ALLOW-POSTDATE option indicates
-that
-                                      the  ticket  to be issued is to have
-its
-                                      MAY-POSTDATE flag set.  It may  only
-be
-                                      set on the initial request, or in a
-sub-
-                                      sequent request if  the
-ticket-granting
-                                      ticket on which it is based also has
-its
-                                      MAY-POSTDATE flag set.
-
-         6        POSTDATED
-                                      The POSTDATED option indicates that
-this
-                                      is  a  request  for  a postdated
-ticket.
-                                      This option will only be honored if
-the
-                                      ticket-granting  ticket  on  which it
-is
-                                      based has  its  MAY-POSTDATE  flag
-set.
-                                      The  resulting ticket will also have
-its
-                                      INVALID flag set, and that flag  may
-be
-                                      reset by a subsequent request to the
-KDC
-                                      after the starttime in  the  ticket
-has
-                                      been reached.
-
-         7        UNUSED
-                                      This option is presently unused.
-
-         8        RENEWABLE
-                                      The RENEWABLE option indicates that
-the
-                                      ticket  to  be  issued  is  to  have
-its
-                                      RENEWABLE flag set.  It may only be
-set
-                                      on  the  initial  request,  or  when
-the
-                                      ticket-granting  ticket  on  which
-the
-                                      request  is based is also renewable.
-If
-                                      this option is requested, then the
-rtime
-                                      field   in   the  request  contains
-the
-                                      desired absolute expiration time for
-the
-                                      ticket.
-
-         9-13     UNUSED
-                                      These options are presently unused.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-         14       REQUEST-ANONYMOUS
-                                      The REQUEST-ANONYMOUS  option
-indicates
-                                      that  the  ticket to be issued is not
-to
-                                      identify  the  user  to  which  it
-was
-                                      issued.  Instead, the principal
-identif-
-                                      ier is to be generic,  as  specified
-by
-                                      the  policy  of  the realm (e.g.
-usually
-                                      anonymous@realm).  The  purpose  of
-the
-                                      ticket  is only to securely distribute
-a
-                                      session key, and  not  to  identify
-the
-                                      user.   The ANONYMOUS flag on the
-ticket
-                                      to be returned should be  set.   If
-the
-                                      local  realms  policy  does  not
-permit
-                                      anonymous credentials, the request is
-to
-                                      be rejected.
-
-         15-25    RESERVED
-                                      Reserved for future use.
-
-         26       DISABLE-TRANSITED-CHECK
-                                      By default the KDC will check the
-                                      transited field of a ticket-granting-
-                                      ticket against the policy of the local
-                                      realm before it will issue derivative
-                                      tickets based on the ticket granting
-                                      ticket.  If this flag is set in the
-                                      request, checking of the transited
-field
-                                      is disabled.  Tickets issued without
-the
-                                      performance of this check will be
-noted
-                                      by the reset (0) value of the
-                                      TRANSITED-POLICY-CHECKED flag,
-                                      indicating to the application server
-                                      that the tranisted field must be
-checked
-                                      locally.  KDC's are encouraged but not
-                                      required to honor the
-                                      DISABLE-TRANSITED-CHECK option.
-
-         27       RENEWABLE-OK
-                                      The RENEWABLE-OK option indicates that
-a
-                                      renewable ticket will be acceptable if
-a
-                                      ticket with the  requested  life
-cannot
-                                      otherwise be provided.  If a ticket
-with
-                                      the requested life cannot  be
-provided,
-                                      then  a  renewable  ticket may be
-issued
-                                      with  a  renew-till  equal  to  the
-the
-                                      requested  endtime.   The  value  of
-the
-                                      renew-till field may still be limited
-by
-                                      local  limits, or limits selected by
-the
-                                      individual principal or server.
-
-         28       ENC-TKT-IN-SKEY
-                                      This option is used only by the
-ticket-
-                                      granting  service.   The
-ENC-TKT-IN-SKEY
-                                      option indicates that the ticket for
-the
-                                      end  server  is  to  be encrypted in
-the
-                                      session key from the additional
-ticket-
-                                      granting ticket provided.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-         29       RESERVED
-                                      Reserved for future use.
-
-         30       RENEW
-                                      This option is used only by the
-ticket-
-                                      granting   service.   The  RENEW
-option
-                                      indicates that the  present  request
-is
-                                      for  a  renewal.  The ticket provided
-is
-                                      encrypted in  the  secret  key  for
-the
-                                      server  on  which  it  is  valid.
-This
-                                      option  will  only  be  honored  if
-the
-                                      ticket  to  be renewed has its
-RENEWABLE
-                                      flag set and if the time in  its
-renew-
-                                      till  field  has not passed.  The
-ticket
-                                      to be renewed is passed  in  the
-padata
-                                      field  as  part  of  the
-authentication
-                                      header.
-
-         31       VALIDATE
-                                      This option is used only by the
-ticket-
-                                      granting  service.   The VALIDATE
-option
-                                      indicates that the request is  to
-vali-
-                                      date  a  postdated ticket.  It will
-only
-                                      be honored if the  ticket  presented
-is
-                                      postdated,  presently  has  its
-INVALID
-                                      flag set, and would be otherwise
-usable
-                                      at  this time.  A ticket cannot be
-vali-
-                                      dated before its starttime.  The
-ticket
-                                      presented for validation is encrypted
-in
-                                      the key of the server for  which  it
-is
-                                      valid  and is passed in the padata
-field
-                                      as part of the authentication header.
-
-cname and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1. sname may only be absent when the ENC-TKT-IN-SKEY option is
-     specified. If absent, the name of the server is taken from the name of
-     the client in the ticket passed as additional-tickets.
-enc-authorization-data
-     The enc-authorization-data, if present (and it can only be present in
-     the TGS_REQ form), is an encoding of the desired authorization-data
-     encrypted under the sub-session key if present in the Authenticator, or
-     alternatively from the session key in the ticket-granting ticket, both
-     from the padata field in the KRB_AP_REQ.
-realm
-     This field specifies the realm part of the server's principal
-     identifier. In the AS exchange, this is also the realm part of the
-     client's principal identifier.
-from
-     This field is included in the KRB_AS_REQ and KRB_TGS_REQ ticket
-     requests when the requested ticket is to be postdated. It specifies the
-     desired start time for the requested ticket. If this field is omitted
-     then the KDC should use the current time instead.
-till
-     This field contains the expiration date requested by the client in a
-     ticket request. It is optional and if omitted the requested ticket is
-     to have the maximum endtime permitted according to KDC policy for the
-     parties to the authentication exchange as limited by expiration date of
-     the ticket granting ticket or other preauthentication credentials.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-rtime
-     This field is the requested renew-till time sent from a client to the
-     KDC in a ticket request. It is optional.
-nonce
-     This field is part of the KDC request and response. It it intended to
-     hold a random number generated by the client. If the same number is
-     included in the encrypted response from the KDC, it provides evidence
-     that the response is fresh and has not been replayed by an attacker.
-     Nonces must never be re-used. Ideally, it should be generated randomly,
-     but if the correct time is known, it may suffice[25].
-etype
-     This field specifies the desired encryption algorithm to be used in the
-     response.
-addresses
-     This field is included in the initial request for tickets, and
-     optionally included in requests for additional tickets from the
-     ticket-granting server. It specifies the addresses from which the
-     requested ticket is to be valid. Normally it includes the addresses for
-     the client's host. If a proxy is requested, this field will contain
-     other addresses. The contents of this field are usually copied by the
-     KDC into the caddr field of the resulting ticket.
-additional-tickets
-     Additional tickets may be optionally included in a request to the
-     ticket-granting server. If the ENC-TKT-IN-SKEY option has been
-     specified, then the session key from the additional ticket will be used
-     in place of the server's key to encrypt the new ticket. If more than
-     one option which requires additional tickets has been specified, then
-     the additional tickets are used in the order specified by the ordering
-     of the options bits (see kdc-options, above).
-
-The application code will be either ten (10) or twelve (12) depending on
-whether the request is for an initial ticket (AS-REQ) or for an additional
-ticket (TGS-REQ).
-
-The optional fields (addresses, authorization-data and additional-tickets)
-are only included if necessary to perform the operation specified in the
-kdc-options field.
-
-It should be noted that in KRB_TGS_REQ, the protocol version number appears
-twice and two different message types appear: the KRB_TGS_REQ message
-contains these fields as does the authentication header (KRB_AP_REQ) that is
-passed in the padata field.
-
-5.4.2. KRB_KDC_REP definition
-
-The KRB_KDC_REP message format is used for the reply from the KDC for either
-an initial (AS) request or a subsequent (TGS) request. There is no message
-type for KRB_KDC_REP. Instead, the type will be either KRB_AS_REP or
-KRB_TGS_REP. The key used to encrypt the ciphertext part of the reply
-depends on the message type. For KRB_AS_REP, the ciphertext is encrypted in
-the client's secret key, and the client's key version number is included in
-the key version number for the encrypted data. For KRB_TGS_REP, the
-ciphertext is encrypted in the sub-session key from the Authenticator, or if
-absent, the session key from the ticket-granting ticket used in the request.
-In that case, no version number will be present in the EncryptedData
-sequence.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The KRB_KDC_REP message contains the following fields:
-
-AS-REP ::=    [APPLICATION 11] KDC-REP
-TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-KDC-REP ::=   SEQUENCE {
-              pvno[0]                    INTEGER,
-              msg-type[1]                INTEGER,
-              padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-              crealm[3]                  Realm,
-              cname[4]                   PrincipalName,
-              ticket[5]                  Ticket,
-              enc-part[6]                EncryptedData
-}
-
-EncASRepPart ::=    [APPLICATION 25[27]] EncKDCRepPart
-EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-EncKDCRepPart ::=   SEQUENCE {
-                    key[0]               EncryptionKey,
-                    last-req[1]          LastReq,
-                    nonce[2]             INTEGER,
-                    key-expiration[3]    KerberosTime OPTIONAL,
-                    flags[4]             TicketFlags,
-                    authtime[5]          KerberosTime,
-                    starttime[6]         KerberosTime OPTIONAL,
-                    endtime[7]           KerberosTime,
-                    renew-till[8]        KerberosTime OPTIONAL,
-                    srealm[9]            Realm,
-                    sname[10]            PrincipalName,
-                    caddr[11]            HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is either
-     KRB_AS_REP or KRB_TGS_REP.
-padata
-     This field is described in detail in section 5.4.1. One possible use
-     for this field is to encode an alternate "mix-in" string to be used
-     with a string-to-key algorithm (such as is described in section 6.3.2).
-     This ability is useful to ease transitions if a realm name needs to
-     change (e.g. when a company is acquired); in such a case all existing
-     password-derived entries in the KDC database would be flagged as
-     needing a special mix-in string until the next password change.
-crealm, cname, srealm and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-ticket
-     The newly-issued ticket, from section 5.3.1.
-enc-part
-     This field is a place holder for the ciphertext and related information
-     that forms the encrypted part of a message. The description of the
-     encrypted part of the message follows each appearance of this field.
-     The encrypted part is encoded as described in section 6.1.
-key
-     This field is the same as described for the ticket in section 5.3.1.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-last-req
-     This field is returned by the KDC and specifies the time(s) of the last
-     request by a principal. Depending on what information is available,
-     this might be the last time that a request for a ticket-granting ticket
-     was made, or the last time that a request based on a ticket-granting
-     ticket was successful. It also might cover all servers for a realm, or
-     just the particular server. Some implementations may display this
-     information to the user to aid in discovering unauthorized use of one's
-     identity. It is similar in spirit to the last login time displayed when
-     logging into timesharing systems.
-nonce
-     This field is described above in section 5.4.1.
-key-expiration
-     The key-expiration field is part of the response from the KDC and
-     specifies the time that the client's secret key is due to expire. The
-     expiration might be the result of password aging or an account
-     expiration. This field will usually be left out of the TGS reply since
-     the response to the TGS request is encrypted in a session key and no
-     client information need be retrieved from the KDC database. It is up to
-     the application client (usually the login program) to take appropriate
-     action (such as notifying the user) if the expiration time is imminent.
-flags, authtime, starttime, endtime, renew-till and caddr
-     These fields are duplicates of those found in the encrypted portion of
-     the attached ticket (see section 5.3.1), provided so the client may
-     verify they match the intended request and to assist in proper ticket
-     caching. If the message is of type KRB_TGS_REP, the caddr field will
-     only be filled in if the request was for a proxy or forwarded ticket,
-     or if the user is substituting a subset of the addresses from the
-     ticket granting ticket. If the client-requested addresses are not
-     present or not used, then the addresses contained in the ticket will be
-     the same as those included in the ticket-granting ticket.
-
-5.5. Client/Server (CS) message specifications
-
-This section specifies the format of the messages used for the
-authentication of the client to the application server.
-
-5.5.1. KRB_AP_REQ definition
-
-The KRB_AP_REQ message contains the Kerberos protocol version number, the
-message type KRB_AP_REQ, an options field to indicate any options in use,
-and the ticket and authenticator themselves. The KRB_AP_REQ message is often
-referred to as the 'authentication header'.
-
-AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ap-options[2]                 APOptions,
-                ticket[3]                     Ticket,
-                authenticator[4]              EncryptedData
-}
-
-APOptions ::=   BIT STRING {
-                reserved(0),
-                use-session-key(1),
-                mutual-required(2)
-}
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REQ.
-ap-options
-     This field appears in the application request (KRB_AP_REQ) and affects
-     the way the request is processed. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). The encoding of the bits
-     is specified in section 5.2. The meanings of the options are:
-
-         Bit(s)   Name              Description
-
-         0        RESERVED
-                                    Reserved for future  expansion  of  this
-                                    field.
-
-         1        USE-SESSION-KEY
-                                    The  USE-SESSION-KEY  option   indicates
-                                    that the ticket the client is presenting
-                                    to a server is encrypted in the  session
-                                    key  from  the  server's ticket-granting
-                                    ticket.  When this option is not  speci-
-                                    fied,  the  ticket  is  encrypted in the
-                                    server's secret key.
-
-         2        MUTUAL-REQUIRED
-                                    The  MUTUAL-REQUIRED  option  tells  the
-                                    server  that  the client requires mutual
-                                    authentication, and that it must respond
-                                    with a KRB_AP_REP message.
-
-         3-31     RESERVED
-                                    Reserved for future use.
-
-ticket
- This field is a ticket authenticating the client to the server.
-authenticator
- This contains the authenticator, which includes the client's choice of
- a subkey. Its encoding is described in section 5.3.2.
-
-5.5.2. KRB_AP_REP definition
-
-The KRB_AP_REP message contains the Kerberos protocol version number, the
-message type, and an encrypted time- stamp. The message is sent in in
-response to an application request (KRB_AP_REQ) where the mutual
-authentication option has been selected in the ap-options field.
-
-AP-REP ::=         [APPLICATION 15] SEQUENCE {
-                   pvno[0]                           INTEGER,
-                   msg-type[1]                       INTEGER,
-                   enc-part[2]                       EncryptedData
-}
-
-EncAPRepPart ::=   [APPLICATION 27[29]] SEQUENCE {
-                   ctime[0]                          KerberosTime,
-                   cusec[1]                          INTEGER,
-                   subkey[2]                         EncryptionKey OPTIONAL,
-                   seq-number[3]                     INTEGER OPTIONAL
-}
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The encoded EncAPRepPart is encrypted in the shared session key of the
-ticket. The optional subkey field can be used in an application-arranged
-negotiation to choose a per association session key.
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REP.
-enc-part
-     This field is described above in section 5.4.2.
-ctime
-     This field contains the current time on the client's host.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-subkey
-     This field contains an encryption key which is to be used to protect
-     this specific application session. See section 3.2.6 for specifics on
-     how this field is used to negotiate a key. Unless an application
-     specifies otherwise, if this field is left out, the sub-session key
-     from the authenticator, or if also left out, the session key from the
-     ticket will be used.
-
-5.5.3. Error message reply
-
-If an error occurs while processing the application request, the KRB_ERROR
-message will be sent in response. See section 5.9.1 for the format of the
-error message. The cname and crealm fields may be left out if the server
-cannot determine their appropriate values from the corresponding KRB_AP_REQ
-message. If the authenticator was decipherable, the ctime and cusec fields
-will contain the values from it.
-
-5.6. KRB_SAFE message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to send a tamper-proof message to
-its peer. It presumes that a session key has previously been exchanged (for
-example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.6.1. KRB_SAFE definition
-
-The KRB_SAFE message contains user data along with a collision-proof
-checksum keyed with the last encryption key negotiated via subkeys, or the
-session key if no negotiation has occured. The message fields are:
-
-KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-                    pvno[0]                       INTEGER,
-                    msg-type[1]                   INTEGER,
-                    safe-body[2]                  KRB-SAFE-BODY,
-                    cksum[3]                      Checksum
-}
-
-KRB-SAFE-BODY ::=   SEQUENCE {
-                    user-data[0]                  OCTET STRING,
-                    timestamp[1]                  KerberosTime OPTIONAL,
-                    usec[2]                       INTEGER OPTIONAL,
-                    seq-number[3]                 INTEGER OPTIONAL,
-                    s-address[4]                  HostAddress OPTIONAL,
-                    r-address[5]                  HostAddress OPTIONAL
-}
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_SAFE.
-safe-body
-     This field is a placeholder for the body of the KRB-SAFE message.
-cksum
-     This field contains the checksum of the application data. Checksum
-     details are described in section 6.4. The checksum is computed over the
-     encoding of the KRB-SAFE sequence. First, the cksum is zeroed and the
-     checksum is computed over the encoding of the KRB-SAFE sequence, then
-     the checksum is set to the result of that computation, and finally the
-     KRB-SAFE sequence is encoded again.
-user-data
-     This field is part of the KRB_SAFE and KRB_PRIV messages and contain
-     the application specific data that is being passed from the sender to
-     the recipient.
-timestamp
-     This field is part of the KRB_SAFE and KRB_PRIV messages. Its contents
-     are the current time as known by the sender of the message. By checking
-     the timestamp, the recipient of the message is able to make sure that
-     it was recently generated, and is not a replay.
-usec
-     This field is part of the KRB_SAFE and KRB_PRIV headers. It contains
-     the microsecond part of the timestamp.
-seq-number
-     This field is described above in section 5.3.2.
-s-address
-     This field specifies the address in use by the sender of the message.
-     It may be omitted if not required by the application protocol. The
-     application designer considering omission of this field is warned, that
-     the inclusion of this address prevents some kinds of replay attacks
-     (e.g., reflection attacks) and that it is only acceptable to omit this
-     address if there is sufficient information in the integrity protected
-     part of the application message for the recipient to unambiguously
-     determine if it was the intended recipient.
-r-address
-     This field specifies the address in use by the recipient of the
-     message. It may be omitted for some uses (such as broadcast protocols),
-     but the recipient may arbitrarily reject such messages. This field
-     along with s-address can be used to help detect messages which have
-     been incorrectly or maliciously delivered to the wrong recipient.
-
-5.7. KRB_PRIV message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to securely and privately send a
-message to its peer. It presumes that a session key has previously been
-exchanged (for example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1. KRB_PRIV definition
-
-The KRB_PRIV message contains user data encrypted in the Session Key. The
-message fields are:
-
-KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                     pvno[0]                           INTEGER,
-                     msg-type[1]                       INTEGER,
-                     enc-part[3]                       EncryptedData
-}
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-EncKrbPrivPart ::=   [APPLICATION 28[31]] SEQUENCE {
-                     user-data[0]        OCTET STRING,
-                     timestamp[1]        KerberosTime OPTIONAL,
-                     usec[2]             INTEGER OPTIONAL,
-                     seq-number[3]       INTEGER OPTIONAL,
-                     s-address[4]        HostAddress OPTIONAL, -- sender's
-addr
-                     r-address[5]        HostAddress OPTIONAL -- recip's
-addr
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_PRIV.
-enc-part
-     This field holds an encoding of the EncKrbPrivPart sequence encrypted
-     under the session key[32]. This encrypted encoding is used for the
-     enc-part field of the KRB-PRIV message. See section 6 for the format of
-     the ciphertext.
-user-data, timestamp, usec, s-address and r-address
-     These fields are described above in section 5.6.1.
-seq-number
-     This field is described above in section 5.3.2.
-
-5.8. KRB_CRED message specification
-
-This section specifies the format of a message that can be used to send
-Kerberos credentials from one principal to another. It is presented here to
-encourage a common mechanism to be used by applications when forwarding
-tickets or providing proxies to subordinate servers. It presumes that a
-session key has already been exchanged perhaps by using the
-KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1. KRB_CRED definition
-
-The KRB_CRED message contains a sequence of tickets to be sent and
-information needed to use the tickets, including the session key from each.
-The information needed to use the tickets is encrypted under an encryption
-key previously exchanged or transferred alongside the KRB_CRED message. The
-message fields are:
-
-KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                 pvno[0]                INTEGER,
-                 msg-type[1]            INTEGER, -- KRB_CRED
-                 tickets[2]             SEQUENCE OF Ticket,
-                 enc-part[3]            EncryptedData
-}
-
-EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                 ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                 nonce[1]               INTEGER OPTIONAL,
-                 timestamp[2]           KerberosTime OPTIONAL,
-                 usec[3]                INTEGER OPTIONAL,
-                 s-address[4]           HostAddress OPTIONAL,
-                 r-address[5]           HostAddress OPTIONAL
-}
-
-KrbCredInfo      ::=                    SEQUENCE {
-                 key[0]                 EncryptionKey,
-                 prealm[1]              Realm OPTIONAL,
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                 pname[2]               PrincipalName OPTIONAL,
-                 flags[3]               TicketFlags OPTIONAL,
-                 authtime[4]            KerberosTime OPTIONAL,
-                 starttime[5]           KerberosTime OPTIONAL,
-                 endtime[6]             KerberosTime OPTIONAL
-                 renew-till[7]          KerberosTime OPTIONAL,
-                 srealm[8]              Realm OPTIONAL,
-                 sname[9]               PrincipalName OPTIONAL,
-                 caddr[10]              HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_CRED.
-tickets
-     These are the tickets obtained from the KDC specifically for use by the
-     intended recipient. Successive tickets are paired with the
-     corresponding KrbCredInfo sequence from the enc-part of the KRB-CRED
-     message.
-enc-part
-     This field holds an encoding of the EncKrbCredPart sequence encrypted
-     under the session key shared between the sender and the intended
-     recipient. This encrypted encoding is used for the enc-part field of
-     the KRB-CRED message. See section 6 for the format of the ciphertext.
-nonce
-     If practical, an application may require the inclusion of a nonce
-     generated by the recipient of the message. If the same value is
-     included as the nonce in the message, it provides evidence that the
-     message is fresh and has not been replayed by an attacker. A nonce must
-     never be re-used; it should be generated randomly by the recipient of
-     the message and provided to the sender of the message in an application
-     specific manner.
-timestamp and usec
-     These fields specify the time that the KRB-CRED message was generated.
-     The time is used to provide assurance that the message is fresh.
-s-address and r-address
-     These fields are described above in section 5.6.1. They are used
-     optionally to provide additional assurance of the integrity of the
-     KRB-CRED message.
-key
-     This field exists in the corresponding ticket passed by the KRB-CRED
-     message and is used to pass the session key from the sender to the
-     intended recipient. The field's encoding is described in section 6.2.
-
-The following fields are optional. If present, they can be associated with
-the credentials in the remote ticket file. If left out, then it is assumed
-that the recipient of the credentials already knows their value.
-
-prealm and pname
-     The name and realm of the delegated principal identity.
-flags, authtime, starttime, endtime, renew-till, srealm, sname, and caddr
-     These fields contain the values of the correspond- ing fields from the
-     ticket found in the ticket field. Descriptions of the fields are
-     identical to the descriptions in the KDC-REP message.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-5.9. Error message specification
-
-This section specifies the format for the KRB_ERROR message. The fields
-included in the message are intended to return as much information as
-possible about an error. It is not expected that all the information
-required by the fields will be available for all types of errors. If the
-appropriate information is not available when the message is composed, the
-corresponding field will be left out of the message.
-
-Note that since the KRB_ERROR message is only optionally integrity
-protected, it is quite possible for an intruder to synthesize or modify such
-a message. In particular, this means that unless appropriate integrity
-protection mechanisms have been applied to the KRB_ERROR message, the client
-should not use any fields in this message for security-critical purposes,
-such as setting a system clock or generating a fresh authenticator. The
-message can be useful, however, for advising a user on the reason for some
-failure.
-
-5.9.1. KRB_ERROR definition
-
-The KRB_ERROR message consists of the following fields:
-
-KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ctime[2]                      KerberosTime OPTIONAL,
-                cusec[3]                      INTEGER OPTIONAL,
-                stime[4]                      KerberosTime,
-                susec[5]                      INTEGER,
-                error-code[6]                 INTEGER,
-                crealm[7]                     Realm OPTIONAL,
-                cname[8]                      PrincipalName OPTIONAL,
-                realm[9]                      Realm, -- Correct realm
-                sname[10]                     PrincipalName, -- Correct name
-                e-text[11]                    GeneralString OPTIONAL,
-                e-data[12]                    OCTET STRING OPTIONAL,
-                e-cksum[13]                   Checksum OPTIONAL,
-(*REMOVE7/14*)  e-typed-data[14]              SEQUENCE of ETypedData
-OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_ERROR.
-ctime
-     This field is described above in section 5.4.1.
-cusec
-     This field is described above in section 5.5.2.
-stime
-     This field contains the current time on the server. It is of type
-     KerberosTime.
-susec
-     This field contains the microsecond part of the server's timestamp. Its
-     value ranges from 0 to 999999. It appears along with stime. The two
-     fields are used in conjunction to specify a reasonably accurate
-     timestamp.
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-error-code
-     This field contains the error code returned by Kerberos or the server
-     when a request fails. To interpret the value of this field see the list
-     of error codes in section 8. Implementations are encouraged to provide
-     for national language support in the display of error messages.
-crealm, cname, srealm and sname
-     These fields are described above in section 5.3.1.
-e-text
-     This field contains additional text to help explain the error code
-     associated with the failed request (for example, it might include a
-     principal name which was unknown).
-e-data
-     This field contains additional data about the error for use by the
-     application to help it recover from or handle the error. If present,
-     this field will contain the encoding of a sequence of TypedData
-     (TYPED-DATA below), unless the errorcode is KDC_ERR_PREAUTH_REQUIRED,
-     in which case it will contain the encoding of a sequence of of padata
-     fields (METHOD-DATA below), each corresponding to an acceptable
-     pre-authentication method and optionally containing data for the
-     method:
-
-     TYPED-DATA   ::=   SEQUENCE of TypeData
-     METHOD-DATA  ::=   SEQUENCE of PA-DATA
-
-     TypedData ::=   SEQUENCE {
-                         data-type[0]   INTEGER,
-                         data-value[1]  OCTET STRING OPTIONAL
-     }
-
-     Note that e-data-types have been reserved for all PA data types defined
-     prior to July 1999. For the KDC_ERR_PREAUTH_REQUIRED message, when
-     using new PA data types defined in July 1999 or later, the METHOD-DATA
-     sequence must itself be encapsulated in an TypedData element of type
-     TD-PADATA. All new implementations interpreting the METHOD-DATA field
-     for the KDC_ERR_PREAUTH_REQUIRED message must accept a type of
-     TD-PADATA, extract the typed data field and interpret the use any
-     elements encapsulated in the TD-PADATA elements as if they were present
-     in the METHOD-DATA sequence.
-e-cksum
-     This field contains an optional checksum for the KRB-ERROR message. The
-     checksum is calculated over the Kerberos ASN.1 encoding of the
-     KRB-ERROR message with the checksum absent. The checksum is then added
-     to the KRB-ERROR structure and the message is re-encoded. The Checksum
-     should be calculated using the session key from the ticket granting
-     ticket or service ticket, where available. If the error is in response
-     to a TGS or AP request, the checksum should be calculated uing the the
-     session key from the client's ticket. If the error is in response to an
-     AS request, then the checksum should be calulated using the client's
-     secret key ONLY if there has been suitable preauthentication to prove
-     knowledge of the secret key by the client[33]. If a checksum can not be
-     computed because the key to be used is not available, no checksum will
-     be included.
-e-typed-data
-     [***Will be deleted 7/14***] This field contains optional data that may
-     be used to help the client recover from the indicated error. [This
-     could contain the METHOD-DATA specified since I don't think anyone
-     actually uses it yet. It could also contain the PA-DATA sequence for
-     the preauth required error if we had a clear way to transition to the
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-     use of this field from the use of the untyped e-data field.] For
-     example, this field may specify the key version of the key used to
-     verify preauthentication:
-
-     e-data-type  := 20 -- Key version number
-     e-data-value := Integer -- Key version number used to
-                      verify preauthentication
-
-6. Encryption and Checksum Specifications
-
-The Kerberos protocols described in this document are designed to use stream
-encryption ciphers, which can be simulated using commonly available block
-encryption ciphers, such as the Data Encryption Standard, [DES77] in
-conjunction with block chaining and checksum methods [DESM80]. Encryption is
-used to prove the identities of the network entities participating in
-message exchanges. The Key Distribution Center for each realm is trusted by
-all principals registered in that realm to store a secret key in confidence.
-Proof of knowledge of this secret key is used to verify the authenticity of
-a principal. [*** Discussion above will change to use 3DES as example
-7/14/99 ***]
-
-The KDC uses the principal's secret key (in the AS exchange) or a shared
-session key (in the TGS exchange) to encrypt responses to ticket requests;
-the ability to obtain the secret key or session key implies the knowledge of
-the appropriate keys and the identity of the KDC. The ability of a principal
-to decrypt the KDC response and present a Ticket and a properly formed
-Authenticator (generated with the session key from the KDC response) to a
-service verifies the identity of the principal; likewise the ability of the
-service to extract the session key from the Ticket and prove its knowledge
-thereof in a response verifies the identity of the service.
-
-The Kerberos protocols generally assume that the encryption used is secure
-from cryptanalysis; however, in some cases, the order of fields in the
-encrypted portions of messages are arranged to minimize the effects of
-poorly chosen keys. It is still important to choose good keys. If keys are
-derived from user-typed passwords, those passwords need to be well chosen to
-make brute force attacks more difficult. Poorly chosen keys still make easy
-targets for intruders.
-
-The following sections specify the encryption and checksum mechanisms
-currently defined for Kerberos. The encodings, chaining, and padding
-requirements for each are described. For encryption methods, it is often
-desirable to place random information (often referred to as a confounder) at
-the start of the message. The requirements for a confounder are specified
-with each encryption mechanism.
-
-Some encryption systems use a block-chaining method to improve the the
-security characteristics of the ciphertext. However, these chaining methods
-often don't provide an integrity check upon decryption. Such systems (such
-as DES in CBC mode) must be augmented with a checksum of the plain-text
-which can be verified at decryption and used to detect any tampering or
-damage. Such checksums should be good at detecting burst errors in the
-input. If any damage is detected, the decryption routine is expected to
-return an error indicating the failure of an integrity check. Each
-encryption type is expected to provide and verify an appropriate checksum.
-The specification of each encryption method sets out its checksum
-requirements.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Finally, where a key is to be derived from a user's password, an algorithm
-for converting the password to a key of the appropriate type is included. It
-is desirable for the string to key function to be one-way, and for the
-mapping to be different in different realms. This is important because users
-who are registered in more than one realm will often use the same password
-in each, and it is desirable that an attacker compromising the Kerberos
-server in one realm not obtain or derive the user's key in another.
-
-For an discussion of the integrity characteristics of the candidate
-encryption and checksum methods considered for Kerberos, the reader is
-referred to [SG92].
-
-6.1. Encryption Specifications
-
-The following ASN.1 definition describes all encrypted messages. The
-enc-part field which appears in the unencrypted part of messages in section
-5 is a sequence consisting of an encryption type, an optional key version
-number, and the ciphertext.
-
-EncryptedData ::=   SEQUENCE {
-                    etype[0]     INTEGER, -- EncryptionType
-                    kvno[1]      INTEGER OPTIONAL,
-                    cipher[2]    OCTET STRING -- ciphertext
-}
-
-etype
-     This field identifies which encryption algorithm was used to encipher
-     the cipher. Detailed specifications for selected encryption types
-     appear later in this section.
-kvno
-     This field contains the version number of the key under which data is
-     encrypted. It is only present in messages encrypted under long lasting
-     keys, such as principals' secret keys.
-cipher
-     This field contains the enciphered text, encoded as an OCTET STRING.
-
-The cipher field is generated by applying the specified encryption algorithm
-to data composed of the message and algorithm-specific inputs. Encryption
-mechanisms defined for use with Kerberos must take sufficient measures to
-guarantee the integrity of the plaintext, and we recommend they also take
-measures to protect against precomputed dictionary attacks. If the
-encryption algorithm is not itself capable of doing so, the protections can
-often be enhanced by adding a checksum and a confounder.
-
-The suggested format for the data to be encrypted includes a confounder, a
-checksum, the encoded plaintext, and any necessary padding. The msg-seq
-field contains the part of the protocol message described in section 5 which
-is to be encrypted. The confounder, checksum, and padding are all untagged
-and untyped, and their length is exactly sufficient to hold the appropriate
-item. The type and length is implicit and specified by the particular
-encryption type being used (etype). The format for the data to be encrypted
-is described in the following diagram:
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-      +-----------+----------+-------------+-----+
-      |confounder |   check  |   msg-seq   | pad |
-      +-----------+----------+-------------+-----+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-CipherText ::=   ENCRYPTED       SEQUENCE {
-            confounder[0]   UNTAGGED[35] OCTET STRING(conf_length) OPTIONAL,
-            check[1]        UNTAGGED OCTET STRING(checksum_length) OPTIONAL,
-            msg-seq[2]      MsgSequence,
-            pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-}
-
-One generates a random confounder of the appropriate length, placing it in
-confounder; zeroes out check; calculates the appropriate checksum over
-confounder, check, and msg-seq, placing the result in check; adds the
-necessary padding; then encrypts using the specified encryption type and the
-appropriate key.
-
-Unless otherwise specified, a definition of an encryption algorithm that
-specifies a checksum, a length for the confounder field, or an octet
-boundary for padding uses this ciphertext format[36]. Those fields which are
-not specified will be omitted.
-
-In the interest of allowing all implementations using a particular
-encryption type to communicate with all others using that type, the
-specification of an encryption type defines any checksum that is needed as
-part of the encryption process. If an alternative checksum is to be used, a
-new encryption type must be defined.
-
-Some cryptosystems require additional information beyond the key and the
-data to be encrypted. For example, DES, when used in cipher-block-chaining
-mode, requires an initialization vector. If required, the description for
-each encryption type must specify the source of such additional information.
-6.2. Encryption Keys
-
-The sequence below shows the encoding of an encryption key:
-
-       EncryptionKey ::=   SEQUENCE {
-                           keytype[0]    INTEGER,
-                           keyvalue[1]   OCTET STRING
-       }
-
-keytype
-     This field specifies the type of encryption that is to be performed
-     using the key that follows in the keyvalue field. It will always
-     correspond to the etype to be used to generate or decode the
-     EncryptedData. In cases when multiple algorithms use a common kind of
-     key (e.g., if the encryption algorithm uses an alternate checksum
-     algorithm for an integrity check, or a different chaining mechanism),
-     the keytype provides information needed to determine which algorithm is
-     to be used.
-keyvalue
-     This field contains the key itself, encoded as an octet string.
-
-All negative values for the encryption key type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields and
-interpreta- tions.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-6.3. Encryption Systems
-
-6.3.1. The NULL Encryption System (null)
-
-If no encryption is in use, the encryption system is said to be the NULL
-encryption system. In the NULL encryption system there is no checksum,
-confounder or padding. The ciphertext is simply the plaintext. The NULL Key
-is used by the null encryption system and is zero octets in length, with
-keytype zero (0).
-
-6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-The des-cbc-crc encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80]. A
-CRC-32 checksum (described in ISO 3309 [ISO3309]) is applied to the
-confounder and message sequence (msg-seq) and placed in the cksum field. DES
-blocks are 8 bytes. As a result, the data to be encrypted (the concatenation
-of confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption. The details of the encryption of this data are identical
-to those for the des-cbc-md5 encryption mode.
-
-Note that, since the CRC-32 checksum is not collision-proof, an attacker
-could use a probabilistic chosen-plaintext attack to generate a valid
-message even if a confounder is used [SG92]. The use of collision-proof
-checksums is recommended for environments where such attacks represent a
-significant threat. The use of the CRC-32 as the checksum for ticket or
-authenticator is no longer mandated as an interoperability requirement for
-Kerberos Version 5 Specification 1 (See section 9.1 for specific details).
-
-6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-The des-cbc-md4 encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-An MD4 checksum (described in [MD492]) is applied to the confounder and
-message sequence (msg-seq) and placed in the cksum field. DES blocks are 8
-bytes. As a result, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption. The details of the encryption of this data are identical
-to those for the des-cbc-md5 encryption mode.
-
-6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-The des-cbc-md5 encryption mode encrypts information under the Data
-Encryption Standard [DES77] using the cipher block chaining mode [DESM80].
-An MD5 checksum (described in [MD5-92].) is applied to the confounder and
-message sequence (msg-seq) and placed in the cksum field. DES blocks are 8
-bytes. As a result, the data to be encrypted (the concatenation of
-confounder, checksum, and message) must be padded to an 8 byte boundary
-before encryption.
-
-Plaintext and DES ciphtertext are encoded as blocks of 8 octets which are
-concatenated to make the 64-bit inputs for the DES algorithms. The first
-octet supplies the 8 most significant bits (with the octet's MSbit used as
-the DES input block's MSbit, etc.), the second octet the next 8 bits, ...,
-and the eighth octet supplies the 8 least significant bits.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Encryption under DES using cipher block chaining requires an additional
-input in the form of an initialization vector. Unless otherwise specified,
-zero should be used as the initialization vector. Kerberos' use of DES
-requires an 8 octet confounder.
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those keys
-shall not be used for encrypting messages for use in Kerberos. Additionally,
-because of the way that keys are derived for the encryption of checksums,
-keys shall not be used that yield 'weak' or 'semi-weak' keys when
-eXclusive-ORed with the hexadecimal constant F0F0F0F0F0F0F0F0.
-
-A DES key is 8 octets of data, with keytype one (1). This consists of 56
-bits of key, and 8 parity bits (one per octet). The key is encoded as a
-series of 8 octets written in MSB-first order. The bits within the key are
-also encoded in MSB order. For example, if the encryption key is
-(B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
-B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the parity
-bits, the first octet of the key would be B1,B2,...,B7,P1 (with B1 as the
-MSbit). [See the FIPS 81 introduction for reference.]
-
-String to key transformation
-
-To generate a DES key from a text string (password), a "salt" is
-concatenated to the text string, and then padded with ASCII nulls to an 8
-byte boundary. This "salt" is normally the realm and each component of the
-principal's name appended. However, sometimes different salts are used ---
-for example, when a realm is renamed, or if a user changes her username, or
-for compatibility with Kerberos V4 (whose string-to-key algorithm uses a
-null string for the salt). This string is then fan-folded and eXclusive-ORed
-with itself to form an 8 byte DES key. Before eXclusive-ORing a block, every
-byte is shifted one bit to the left to leave the lowest bit zero. The key is
-the "corrected" by correcting the parity on the key, and if the key matches
-a 'weak' or 'semi-weak' key as described in the DES specification, it is
-eXclusive-ORed with the constant 00000000000000F0. This key is then used to
-generate a DES CBC checksum on the initial string (with the salt appended).
-The result of the CBC checksum is the "corrected" as described above to form
-the result which is return as the key. Pseudocode follows:
-
-     name_to_default_salt(realm, name) {
-          s = realm
-          for(each component in name) {
-               s = s + component;
-          }
-          return s;
-     }
-
-     key_correction(key) {
-          fixparity(key);
-          if (is_weak_key_key(key))
-               key = key XOR 0xF0;
-          return(key);
-     }
-
-     string_to_key(string,salt) {
-
-          odd = 1;
-          s = string + salt;
-          tempkey = NULL;
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-          pad(s); /* with nulls to 8 byte boundary */
-          for(8byteblock in s) {
-               if(odd == 0)  {
-                   odd = 1;
-                   reverse(8byteblock)
-               }
-               else odd = 0;
-               left shift every byte in 8byteblock one bit;
-               tempkey = tempkey XOR 8byteblock;
-          }
-          tempkey = key_correction(tempkey);
-          key = key_correction(DES-CBC-check(s,tempkey));
-          return(key);
-     }
-
-6.3.5. Triple DES with HMAC-SHA1 Kerberos Encryption Type with Key
-Derivation [Horowitz]
-
-[*** Note that there are several 3DES varients in use in different Kerberos
-implemenations, updates to this section will be sent to the cat list and
-krb-protocol list prior to the Oslo IETF, including the key derivation and
-non-key derivation varients ***] NOTE: This description currently refers to
-documents, the contents of which might be bettered included by value in this
-spec. The description below was provided by Marc Horowitz, and the form in
-which it will finally appear is yet to be determined. This description is
-included in this version of the draft because it does describe the
-implemenation ready for use with the MIT implementation. Note also that the
-encryption identifier has been left unspecified here because the value from
-Marc Horowitz's spec conflicted with some other impmenentations implemented
-based on perevious versions of the specification.
-
-This encryption type is based on the Triple DES cryptosystem, the HMAC-SHA1
-[Krawczyk96] message authentication algorithm, and key derivation for
-Kerberos V5 [HorowitzB96].
-
-The des3-cbc-hmac-sha1 encryption type has been assigned the value ??. The
-hmac-sha1-des3 checksum type has been assigned the value 12.
-
-Encryption Type des3-cbc-hmac-sha1
-
-EncryptedData using this type must be generated as described in
-[Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC mode. The
-keyed hash algorithm is HMAC-SHA1. Unless otherwise specified, a zero IV
-must be used. If the length of the input data is not a multiple of the block
-size, zero octets must be used to pad the plaintext to the next eight-octet
-boundary. The counfounder must be eight random octets (one block).
-
-Checksum Type hmac-sha1-des3
-
-Checksums using this type must be generated as described in [Horowitz96].
-The keyed hash algorithm is HMAC-SHA1.
-
-Common Requirements
-
-The EncryptionKey value is 24 octets long. The 7 most significant bits of
-each octet contain key bits, and the least significant bit is the inverse of
-the xor of the key bits.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-For the purposes of key derivation, the block size is 64 bits, and the key
-size is 168 bits. The 168 bits output by key derivation are converted to an
-EncryptionKey value as follows. First, the 168 bits are divided into three
-groups of 56 bits, which are expanded individually into 64 bits as follows:
-
- 1  2  3  4  5  6  7  p
- 9 10 11 12 13 14 15  p
-17 18 19 20 21 22 23  p
-25 26 27 28 29 30 31  p
-33 34 35 36 37 38 39  p
-41 42 43 44 45 46 47  p
-49 50 51 52 53 54 55  p
-56 48 40 32 24 16  8  p
-
-The "p" bits are parity bits computed over the data bits. The output of the
-three expansions are concatenated to form the EncryptionKey value.
-
-When the HMAC-SHA1 of a string is computed, the key is used in the
-EncryptedKey form.
-
-Key Derivation
-
-In the Kerberos protocol, cryptographic keys are used in a number of places.
-In order to minimize the effect of compromising a key, it is desirable to
-use a different key for each of these places. Key derivation [Horowitz96]
-can be used to construct different keys for each operation from the keys
-transported on the network. For this to be possible, a small change to the
-specification is necessary.
-
-This section specifies a profile for the use of key derivation [Horowitz96]
-with Kerberos. For each place where a key is used, a ``key usage'' must is
-specified for that purpose. The key, key usage, and encryption/checksum type
-together describe the transformation from plaintext to ciphertext, or
-plaintext to checksum.
-
-Key Usage Values
-
-This is a complete list of places keys are used in the kerberos protocol,
-with key usage values and RFC 1510 section numbers:
-
- 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-    client key (section 5.4.1)
- 2. AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-    application session key), encrypted with the service key
-    (section 5.4.2)
- 3. AS-REP encrypted part (includes tgs session key or application
-    session key), encrypted with the client key (section 5.4.2)
- 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-    session key (section 5.4.1)
- 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-    authenticator subkey (section 5.4.1)
- 6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-    with the tgs session key (sections 5.3.2, 5.4.1)
- 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-    authenticator subkey), encrypted with the tgs session key
-    (section 5.3.2)
- 8. TGS-REP encrypted part (includes application session key),
-    encrypted with the tgs session key (section 5.4.2)
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
- 9. TGS-REP encrypted part (includes application session key),
-    encrypted with the tgs authenticator subkey (section 5.4.2)
-10. AP-REQ Authenticator cksum, keyed with the application session
-    key (section 5.3.2)
-11. AP-REQ Authenticator (includes application authenticator
-    subkey), encrypted with the application session key (section
-    5.3.2)
-12. AP-REP encrypted part (includes application session subkey),
-    encrypted with the application session key (section 5.5.2)
-13. KRB-PRIV encrypted part, encrypted with a key chosen by the
-    application (section 5.7.1)
-14. KRB-CRED encrypted part, encrypted with a key chosen by the
-    application (section 5.6.1)
-15. KRB-SAVE cksum, keyed with a key chosen by the application
-    (section 5.8.1)
-18. KRB-ERROR checksum (e-cksum in section 5.9.1)
-19. AD-KDCIssued checksum (ad-checksum in appendix B.1)
-20. Checksum for Mandatory Ticket Extensions (appendix B.6)
-21. Checksum in Authorization Data in Ticket Extensions (appendix B.7)
-
-Key usage values between 1024 and 2047 (inclusive) are reserved for
-application use. Applications should use even values for encryption and odd
-values for checksums within this range.
-
-A few of these key usages need a little clarification. A service which
-receives an AP-REQ has no way to know if the enclosed Ticket was part of an
-AS-REP or TGS-REP. Therefore, key usage 2 must always be used for generating
-a Ticket, whether it is in response to an AS- REQ or TGS-REQ.
-
-There might exist other documents which define protocols in terms of the
-RFC1510 encryption types or checksum types. Such documents would not know
-about key usages. In order that these documents continue to be meaningful
-until they are updated, key usages 1024 and 1025 must be used to derive keys
-for encryption and checksums, respectively. New protocols defined in terms
-of the Kerberos encryption and checksum types should use their own key
-usages. Key usages may be registered with IANA to avoid conflicts. Key
-usages must be unsigned 32 bit integers. Zero is not permitted.
-
-Defining Cryptosystems Using Key Derivation
-
-Kerberos requires that the ciphertext component of EncryptedData be
-tamper-resistant as well as confidential. This implies encryption and
-integrity functions, which must each use their own separate keys. So, for
-each key usage, two keys must be generated, one for encryption (Ke), and one
-for integrity (Ki):
-
-      Ke = DK(protocol key, key usage | 0xAA)
-      Ki = DK(protocol key, key usage | 0x55)
-
-where the protocol key is from the EncryptionKey from the wire protocol, and
-the key usage is represented as a 32 bit integer in network byte order. The
-ciphertest must be generated from the plaintext as follows:
-
-   ciphertext = E(Ke, confounder | plaintext | padding) |
-                H(Ki, confounder | plaintext | padding)
-
-The confounder and padding are specific to the encryption algorithm E.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-When generating a checksum only, there is no need for a confounder or
-padding. Again, a new key (Kc) must be used. Checksums must be generated
-from the plaintext as follows:
-
-      Kc = DK(protocol key, key usage | 0x99)
-
-      MAC = H(Kc, plaintext)
-
-Note that each enctype is described by an encryption algorithm E and a keyed
-hash algorithm H, and each checksum type is described by a keyed hash
-algorithm H. HMAC, with an appropriate hash, is recommended for use as H.
-
-Key Derivation from Passwords
-
-The well-known constant for password key derivation must be the byte string
-{0x6b 0x65 0x72 0x62 0x65 0x72 0x6f 0x73}. These values correspond to the
-ASCII encoding for the string "kerberos".
-
-6.4. Checksums
-
-The following is the ASN.1 definition used for a checksum:
-
-         Checksum ::=   SEQUENCE {
-                        cksumtype[0]   INTEGER,
-                        checksum[1]    OCTET STRING
-         }
-
-cksumtype
-     This field indicates the algorithm used to generate the accompanying
-     checksum.
-checksum
-     This field contains the checksum itself, encoded as an octet string.
-
-Detailed specification of selected checksum types appear later in this
-section. Negative values for the checksum type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields and
-interpretations.
-
-Checksums used by Kerberos can be classified by two properties: whether they
-are collision-proof, and whether they are keyed. It is infeasible to find
-two plaintexts which generate the same checksum value for a collision-proof
-checksum. A key is required to perturb or initialize the algorithm in a
-keyed checksum. To prevent message-stream modification by an active
-attacker, unkeyed checksums should only be used when the checksum and
-message will be subsequently encrypted (e.g. the checksums defined as part
-of the encryption algorithms covered earlier in this section).
-
-Collision-proof checksums can be made tamper-proof if the checksum value is
-encrypted before inclusion in a message. In such cases, the composition of
-the checksum and the encryption algorithm must be considered a separate
-checksum algorithm (e.g. RSA-MD5 encrypted using DES is a new checksum
-algorithm of type RSA-MD5-DES). For most keyed checksums, as well as for the
-encrypted forms of unkeyed collision-proof checksums, Kerberos prepends a
-confounder before the checksum is calculated.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-6.4.1. The CRC-32 Checksum (crc32)
-
-The CRC-32 checksum calculates a checksum based on a cyclic redundancy check
-as described in ISO 3309 [ISO3309]. The resulting checksum is four (4)
-octets in length. The CRC-32 is neither keyed nor collision-proof. The use
-of this checksum is not recommended. An attacker using a probabilistic
-chosen-plaintext attack as described in [SG92] might be able to generate an
-alternative message that satisfies the checksum. The use of collision-proof
-checksums is recommended for environments where such attacks represent a
-significant threat.
-
-6.4.2. The RSA MD4 Checksum (rsa-md4)
-
-The RSA-MD4 checksum calculates a checksum using the RSA MD4 algorithm
-[MD4-92]. The algorithm takes as input an input message of arbitrary length
-and produces as output a 128-bit (16 octet) checksum. RSA-MD4 is believed to
-be collision-proof.
-
-6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4-des)
-
-The RSA-MD4-DES checksum calculates a keyed collision-proof checksum by
-prepending an 8 octet confounder before the text, applying the RSA MD4
-checksum algorithm, and encrypting the confounder and the checksum using DES
-in cipher-block-chaining (CBC) mode using a variant of the key, where the
-variant is computed by eXclusive-ORing the key with the constant
-F0F0F0F0F0F0F0F0[39]. The initialization vector should be zero. The
-resulting checksum is 24 octets long (8 octets of which are redundant). This
-checksum is tamper-proof and believed to be collision-proof.
-
-The DES specifications identify some weak keys' and 'semi-weak keys'; those
-keys shall not be used for generating RSA-MD4 checksums for use in Kerberos.
-
-The format for the checksum is described in the follow- ing diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md4(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-6.4.4. The RSA MD5 Checksum (rsa-md5)
-
-The RSA-MD5 checksum calculates a checksum using the RSA MD5 algorithm.
-[MD5-92]. The algorithm takes as input an input message of arbitrary length
-and produces as output a 128-bit (16 octet) checksum. RSA-MD5 is believed to
-be collision-proof.
-
-6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5-des)
-
-The RSA-MD5-DES checksum calculates a keyed collision-proof checksum by
-prepending an 8 octet confounder before the text, applying the RSA MD5
-checksum algorithm, and encrypting the confounder and the checksum using DES
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-in cipher-block-chaining (CBC) mode using a variant of the key, where the
-variant is computed by eXclusive-ORing the key with the hexadecimal constant
-F0F0F0F0F0F0F0F0. The initialization vector should be zero. The resulting
-checksum is 24 octets long (8 octets of which are redundant). This checksum
-is tamper-proof and believed to be collision-proof.
-
-The DES specifications identify some 'weak keys' and 'semi-weak keys'; those
-keys shall not be used for encrypting RSA-MD5 checksums for use in Kerberos.
-
-The format for the checksum is described in the following diagram:
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-|  des-cbc(confounder   +   rsa-md5(confounder+msg),key=var(key),iv=0)  |
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(16)
-}
-
-6.4.6. DES cipher-block chained checksum (des-mac)
-
-The DES-MAC checksum is computed by prepending an 8 octet confounder to the
-plaintext, performing a DES CBC-mode encryption on the result using the key
-and an initialization vector of zero, taking the last block of the
-ciphertext, prepending the same confounder and encrypting the pair using DES
-in cipher-block-chaining (CBC) mode using a a variant of the key, where the
-variant is computed by eXclusive-ORing the key with the hexadecimal constant
-F0F0F0F0F0F0F0F0. The initialization vector should be zero. The resulting
-checksum is 128 bits (16 octets) long, 64 bits of which are redundant. This
-checksum is tamper-proof and collision-proof.
-
-The format for the checksum is described in the following diagram:
-
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-|   des-cbc(confounder  + des-mac(conf+msg,iv=0,key),key=var(key),iv=0) |
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-The format cannot be described in ASN.1, but for those who prefer an
-ASN.1-like notation:
-
-des-mac-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                       confounder[0]   UNTAGGED OCTET STRING(8),
-                       check[1]        UNTAGGED OCTET STRING(8)
-}
-
-The DES specifications identify some 'weak' and 'semi-weak' keys; those keys
-shall not be used for generating DES-MAC checksums for use in Kerberos, nor
-shall a key be used whose variant is 'weak' or 'semi-weak'.
-
-6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative (rsa-md4-des-k)
-
-The RSA-MD4-DES-K checksum calculates a keyed collision-proof checksum by
-applying the RSA MD4 checksum algorithm and encrypting the results using DES
-in cipher-block-chaining (CBC) mode using a DES key as both key and
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-initialization vector. The resulting checksum is 16 octets long. This
-checksum is tamper-proof and believed to be collision-proof. Note that this
-checksum type is the old method for encoding the RSA-MD4-DES checksum and it
-is no longer recommended.
-
-6.4.8. DES cipher-block chained checksum alternative (des-mac-k)
-
-The DES-MAC-K checksum is computed by performing a DES CBC-mode encryption
-of the plaintext, and using the last block of the ciphertext as the checksum
-value. It is keyed with an encryption key and an initialization vector; any
-uses which do not specify an additional initialization vector will use the
-key as both key and initialization vector. The resulting checksum is 64 bits
-(8 octets) long. This checksum is tamper-proof and collision-proof. Note
-that this checksum type is the old method for encoding the DES-MAC checksum
-and it is no longer recommended. The DES specifications identify some 'weak
-keys' and 'semi-weak keys'; those keys shall not be used for generating
-DES-MAC checksums for use in Kerberos.
-
-7. Naming Constraints
-
-7.1. Realm Names
-
-Although realm names are encoded as GeneralStrings and although a realm can
-technically select any name it chooses, interoperability across realm
-boundaries requires agreement on how realm names are to be assigned, and
-what information they imply.
-
-To enforce these conventions, each realm must conform to the conventions
-itself, and it must require that any realms with which inter-realm keys are
-shared also conform to the conventions and require the same from its
-neighbors.
-
-Kerberos realm names are case sensitive. Realm names that differ only in the
-case of the characters are not equivalent. There are presently four styles
-of realm names: domain, X500, other, and reserved. Examples of each style
-follow:
-
-     domain:   ATHENA.MIT.EDU (example)
-       X500:   C=US/O=OSF (example)
-      other:   NAMETYPE:rest/of.name=without-restrictions (example)
-   reserved:   reserved, but will not conflict with above
-
-Domain names must look like domain names: they consist of components
-separated by periods (.) and they contain neither colons (:) nor slashes
-(/). Domain names must be converted to upper case when used as realm names.
-
-X.500 names contain an equal (=) and cannot contain a colon (:) before the
-equal. The realm names for X.500 names will be string representations of the
-names with components separated by slashes. Leading and trailing slashes
-will not be included.
-
-Names that fall into the other category must begin with a prefix that
-contains no equal (=) or period (.) and the prefix must be followed by a
-colon (:) and the rest of the name. All prefixes must be assigned before
-they may be used. Presently none are assigned.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-The reserved category includes strings which do not fall into the first
-three categories. All names in this category are reserved. It is unlikely
-that names will be assigned to this category unless there is a very strong
-argument for not using the 'other' category.
-
-These rules guarantee that there will be no conflicts between the various
-name styles. The following additional constraints apply to the assignment of
-realm names in the domain and X.500 categories: the name of a realm for the
-domain or X.500 formats must either be used by the organization owning (to
-whom it was assigned) an Internet domain name or X.500 name, or in the case
-that no such names are registered, authority to use a realm name may be
-derived from the authority of the parent realm. For example, if there is no
-domain name for E40.MIT.EDU, then the administrator of the MIT.EDU realm can
-authorize the creation of a realm with that name.
-
-This is acceptable because the organization to which the parent is assigned
-is presumably the organization authorized to assign names to its children in
-the X.500 and domain name systems as well. If the parent assigns a realm
-name without also registering it in the domain name or X.500 hierarchy, it
-is the parent's responsibility to make sure that there will not in the
-future exists a name identical to the realm name of the child unless it is
-assigned to the same entity as the realm name.
-
-7.2. Principal Names
-
-As was the case for realm names, conventions are needed to ensure that all
-agree on what information is implied by a principal name. The name-type
-field that is part of the principal name indicates the kind of information
-implied by the name. The name-type should be treated as a hint. Ignoring the
-name type, no two names can be the same (i.e. at least one of the
-components, or the realm, must be different). The following name types are
-defined:
-
-  name-type      value   meaning
-
-   NT-UNKNOWN        0   Name type not known
-   NT-PRINCIPAL      1   General principal name (e.g. username, or DCE
-principal)
-   NT-SRV-INST       2   Service and other unique instance (krbtgt)
-   NT-SRV-HST        3   Service with host name as instance (telnet,
-rcommands)
-   NT-SRV-XHST       4   Service with slash-separated host name components
-   NT-UID            5   Unique ID
-   NT-X500-PRINCIPAL 6   Encoded X.509 Distingished name [RFC 1779]
-
-When a name implies no information other than its uniqueness at a particular
-time the name type PRINCIPAL should be used. The principal name type should
-be used for users, and it might also be used for a unique server. If the
-name is a unique machine generated ID that is guaranteed never to be
-reassigned then the name type of UID should be used (note that it is
-generally a bad idea to reassign names of any type since stale entries might
-remain in access control lists).
-
-If the first component of a name identifies a service and the remaining
-components identify an instance of the service in a server specified manner,
-then the name type of SRV-INST should be used. An example of this name type
-is the Kerberos ticket-granting service whose name has a first component of
-krbtgt and a second component identifying the realm for which the ticket is
-valid.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-If instance is a single component following the service name and the
-instance identifies the host on which the server is running, then the name
-type SRV-HST should be used. This type is typically used for Internet
-services such as telnet and the Berkeley R commands. If the separate
-components of the host name appear as successive components following the
-name of the service, then the name type SRV-XHST should be used. This type
-might be used to identify servers on hosts with X.500 names where the slash
-(/) might otherwise be ambiguous.
-
-A name type of NT-X500-PRINCIPAL should be used when a name from an X.509
-certificiate is translated into a Kerberos name. The encoding of the X.509
-name as a Kerberos principal shall conform to the encoding rules specified
-in RFC 2253.
-
-A name type of UNKNOWN should be used when the form of the name is not
-known. When comparing names, a name of type UNKNOWN will match principals
-authenticated with names of any type. A principal authenticated with a name
-of type UNKNOWN, however, will only match other names of type UNKNOWN.
-
-Names of any type with an initial component of 'krbtgt' are reserved for the
-Kerberos ticket granting service. See section 8.2.3 for the form of such
-names.
-
-7.2.1. Name of server principals
-
-The principal identifier for a server on a host will generally be composed
-of two parts: (1) the realm of the KDC with which the server is registered,
-and (2) a two-component name of type NT-SRV-HST if the host name is an
-Internet domain name or a multi-component name of type NT-SRV-XHST if the
-name of the host is of a form such as X.500 that allows slash (/)
-separators. The first component of the two- or multi-component name will
-identify the service and the latter components will identify the host. Where
-the name of the host is not case sensitive (for example, with Internet
-domain names) the name of the host must be lower case. If specified by the
-application protocol for services such as telnet and the Berkeley R commands
-which run with system privileges, the first component may be the string
-'host' instead of a service specific identifier. When a host has an official
-name and one or more aliases, the official name of the host must be used
-when constructing the name of the server principal.
-
-8. Constants and other defined values
-
-8.1. Host address types
-
-All negative values for the host address type are reserved for local use.
-All non-negative values are reserved for officially assigned type fields and
-interpretations.
-
-The values of the types for the following addresses are chosen to match the
-defined address family constants in the Berkeley Standard Distributions of
-Unix. They can be found in with symbolic names AF_xxx (where xxx is an
-abbreviation of the address family name).
-
-Internet (IPv4) Addresses
-
-Internet (IPv4) addresses are 32-bit (4-octet) quantities, encoded in MSB
-order. The type of IPv4 addresses is two (2).
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Internet (IPv6) Addresses [Westerlund]
-
-IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB order. The
-type of IPv6 addresses is twenty-four (24). [RFC1883] [RFC1884]. The
-following addresses (see [RFC1884]) MUST not appear in any Kerberos packet:
-
-   * the Unspecified Address
-   * the Loopback Address
-   * Link-Local addresses
-
-IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
-
-CHAOSnet addresses
-
-CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB order.
-The type of CHAOSnet addresses is five (5).
-
-ISO addresses
-
-ISO addresses are variable-length. The type of ISO addresses is seven (7).
-
-Xerox Network Services (XNS) addresses
-
-XNS addresses are 48-bit (6-octet) quantities, encoded in MSB order. The
-type of XNS addresses is six (6).
-
-AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-AppleTalk DDP addresses consist of an 8-bit node number and a 16-bit network
-number. The first octet of the address is the node number; the remaining two
-octets encode the network number in MSB order. The type of AppleTalk DDP
-addresses is sixteen (16).
-
-DECnet Phase IV addresses
-
-DECnet Phase IV addresses are 16-bit addresses, encoded in LSB order. The
-type of DECnet Phase IV addresses is twelve (12).
-
-Netbios addresses
-
-Netbios addresses are 16-octet addresses typically composed of 1 to 15
-characters, trailing blank (ascii char 20) filled, with a 16th octet of 0x0.
-The type of Netbios addresses is 20 (0x14).
-
-8.2. KDC messages
-
-8.2.1. UDP/IP transport
-
-When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request using UDP
-IP transport, the client shall send a UDP datagram containing only an
-encoding of the request to port 88 (decimal) at the KDC's IP address; the
-KDC will respond with a reply datagram containing only an encoding of the
-reply message (either a KRB_ERROR or a KRB_KDC_REP) to the sending port at
-the sender's IP address. Kerberos servers supporting IP transport must
-accept UDP requests on port 88 (decimal). The response to a request made
-through UDP/IP transport must also use UDP/IP transport.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-8.2.2. TCP/IP transport [Westerlund,Danielsson]
-
-Kerberos servers (KDC's) should accept TCP requests on port 88 (decimal) and
-clients should support the sending of TCP requests on port 88 (decimal).
-When the KRB_KDC_REQ message is sent to the KDC over a TCP stream, a new
-connection will be established for each authentication exchange (request and
-response). The KRB_KDC_REP or KRB_ERROR message will be returned to the
-client on the same TCP stream that was established for the request. The
-response to a request made through TCP/IP transport must also use TCP/IP
-transport. Implementors should note that some extentions to the Kerberos
-protocol will not work if any implementation not supporting the TCP
-transport is involved (client or KDC). Implementors are strongly urged to
-support the TCP transport on both the client and server and are advised that
-the current notation of "should" support will likely change in the future to
-must support. The KDC may close the TCP stream after sending a response, but
-may leave the stream open if it expects a followup - in which case it may
-close the stream at any time if resource constratints or other factors make
-it desirable to do so. Care must be taken in managing TCP/IP connections
-with the KDC to prevent denial of service attacks based on the number of
-TCP/IP connections with the KDC that remain open. If multiple exchanges with
-the KDC are needed for certain forms of preauthentication, multiple TCP
-connections may be required. A client may close the stream after receiving
-response, and should close the stream if it does not expect to send followup
-messages. The client must be prepared to have the stream closed by the KDC
-at anytime, in which case it must simply connect again when it is ready to
-send subsequent messages.
-
-The first four octets of the TCP stream used to transmit the request request
-will encode in network byte order the length of the request (KRB_KDC_REQ),
-and the length will be followed by the request itself. The response will
-similarly be preceeded by a 4 octet encoding in network byte order of the
-length of the KRB_KDC_REP or the KRB_ERROR message and will be followed by
-the KRB_KDC_REP or the KRB_ERROR response. If the sign bit is set on the
-integer represented by the first 4 octets, then the next 4 octets will be
-read, extending the length of the field by another 4 octets (less the sign
-bit which is reserved for future expansion).
-
-8.2.3. OSI transport
-
-During authentication of an OSI client to an OSI server, the mutual
-authentication of an OSI server to an OSI client, the transfer of
-credentials from an OSI client to an OSI server, or during exchange of
-private or integrity checked messages, Kerberos protocol messages may be
-treated as opaque objects and the type of the authentication mechanism will
-be:
-
-OBJECT IDENTIFIER ::= {iso (1), org(3), dod(6),internet(1),
-                      security(5),kerberosv5(2)}
-
-Depending on the situation, the opaque object will be an authentication
-header (KRB_AP_REQ), an authentication reply (KRB_AP_REP), a safe message
-(KRB_SAFE), a private message (KRB_PRIV), or a credentials message
-(KRB_CRED). The opaque data contains an application code as specified in the
-ASN.1 description for each message. The application code may be used by
-Kerberos to determine the message type.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-8.2.3. Name of the TGS
-
-The principal identifier of the ticket-granting service shall be composed of
-three parts: (1) the realm of the KDC issuing the TGS ticket (2) a two-part
-name of type NT-SRV-INST, with the first part "krbtgt" and the second part
-the name of the realm which will accept the ticket-granting ticket. For
-example, a ticket-granting ticket issued by the ATHENA.MIT.EDU realm to be
-used to get tickets from the ATHENA.MIT.EDU KDC has a principal identifier
-of "ATHENA.MIT.EDU" (realm), ("krbtgt", "ATHENA.MIT.EDU") (name). A
-ticket-granting ticket issued by the ATHENA.MIT.EDU realm to be used to get
-tickets from the MIT.EDU realm has a principal identifier of
-"ATHENA.MIT.EDU" (realm), ("krbtgt", "MIT.EDU") (name).
-
-8.3. Protocol constants and associated values
-
-The following tables list constants used in the protocol and defines their
-meanings. Ranges are specified in the "specification" section that limit the
-values of constants for which values are defined here. This allows
-implementations to make assumptions about the maximum values that will be
-received for these constants. Implementation receiving values outside the
-range specified in the "specification" section may reject the request, but
-they must recover cleanly.
-
-Encryption type       etype value block size  minimum pad size  confounder
-size
-NULL                           0     1           0                 0
-des-cbc-crc                    1     8           4                 8
-des-cbc-md4                    2     8           0                 8
-des-cbc-md5                    3     8           0                 8
-                     4
-des3-cbc-md5                   5     8           0                 8
-                     6
-des3-cbc-sha1                  7     8           0                 8
-sign-dsa-generate              8
-(old-pkinit-will-remove)
-dsaWithSHA1-CmsOID             9                                 (pkinit)
-md5WithRSAEncryption-CmsOID   10                                 (pkinit)
-sha1WithRSAEncryption-CmsOID  11                                 (pkinit)
-rc2CBC-EnvOID                 12                                 (pkinit)
-rsaEncryption-EnvOID          13                      (pkinit from PKCS#1
-v1.5)
-rsaES-OAEP-ENV-OID            14                      (pkinit from PKCS#1
-v2.0)
-des-ede3-cbc-Env-OID          15                                 (pkinit)
-des3kd-cbc-sha1               ??     8                 0                 8
-ENCTYPE_PK_CROSS              48                      (reserved for pkcross)
-       0x8003
-
-Checksum type              sumtype value       checksum size
-CRC32                      1                   4
-rsa-md4                    2                   16
-rsa-md4-des                3                   24
-des-mac                    4                   16
-des-mac-k                  5                   8
-rsa-md4-des-k              6                   16
-rsa-md5                    7                   16
-rsa-md5-des                8                   24
-rsa-md5-des3               9                   24
-hmac-sha1-des3             12                  20  (I had this as 10, is it
-12)
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-padata type                     padata-type value
-
-PA-TGS-REQ                      1
-PA-ENC-TIMESTAMP                2
-PA-PW-SALT                      3
-                      4
-PA-ENC-UNIX-TIME                5
-PA-SANDIA-SECUREID              6
-PA-SESAME                       7
-PA-OSF-DCE                      8
-PA-CYBERSAFE-SECUREID           9
-PA-AFS3-SALT                    10
-PA-ETYPE-INFO                   11
-SAM-CHALLENGE                   12                  (sam/otp)
-SAM-RESPONSE                    13                  (sam/otp)
-PA-PK-AS-REQ                    14                  (pkinit)
-PA-PK-AS-REP                    15                  (pkinit)
-PA-PK-AS-SIGN                   16                  (***remove on 7/14***)
-PA-PK-KEY-REQ                   17                  (***remove on 7/14***)
-PA-PK-KEY-REP                   18                  (***remove on 7/14***)
-PA-USE-SPECIFIED-KVNO           20
-SAM-REDIRECT                    21                  (sam/otp)
-PA-GET-FROM-TYPED-DATA          22
-
-data-type                     value    form of typed-data
-
-                      1-21
-TD-PADATA                       22
-TD-PKINIT-CMS-CERTIFICATES      101      CertificateSet from CMS
-TD-KRB-PRINCIPAL                102
-TD-KRB-REALM                    103
-TD-TRUSTED-CERTIFIERS           104
-TD-CERTIFICATE-INDEX            105
-
-authorization data type         ad-type value
-AD-IF-RELEVANT                     1
-AD-INTENDED-FOR-SERVER             2
-AD-INTENDED-FOR-APPLICATION-CLASS  3
-AD-KDC-ISSUED                      4
-AD-OR                              5
-AD-MANDATORY-TICKET-EXTENSIONS     6
-AD-IN-TICKET-EXTENSIONS            7
-reserved values                    8-63
-OSF-DCE                            64
-SESAME                             65
-
-Ticket Extension Types
-
-TE-TYPE-NULL                  0      Null ticket extension
-TE-TYPE-EXTERNAL-ADATA        1      Integrity protected authorization data
-                    2      TE-TYPE-PKCROSS-KDC  (I have reservations)
-TE-TYPE-PKCROSS-CLIENT        3      PKCROSS cross realm key ticket
-TE-TYPE-CYBERSAFE-EXT         4      Assigned to CyberSafe Corp
-                    5      TE-TYPE-DEST-HOST (I have reservations)
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-alternate authentication type   method-type value
-reserved values                 0-63
-ATT-CHALLENGE-RESPONSE          64
-
-transited encoding type         tr-type value
-DOMAIN-X500-COMPRESS            1
-reserved values                 all others
-
-Label               Value   Meaning or MIT code
-
-pvno                    5   current Kerberos protocol version number
-
-message types
-
-KRB_AS_REQ             10   Request for initial authentication
-KRB_AS_REP             11   Response to KRB_AS_REQ request
-KRB_TGS_REQ            12   Request for authentication based on TGT
-KRB_TGS_REP            13   Response to KRB_TGS_REQ request
-KRB_AP_REQ             14   application request to server
-KRB_AP_REP             15   Response to KRB_AP_REQ_MUTUAL
-KRB_SAFE               20   Safe (checksummed) application message
-KRB_PRIV               21   Private (encrypted) application message
-KRB_CRED               22   Private (encrypted) message to forward
-credentials
-KRB_ERROR              30   Error response
-
-name types
-
-KRB_NT_UNKNOWN        0  Name type not known
-KRB_NT_PRINCIPAL      1  Just the name of the principal as in DCE, or for
-users
-KRB_NT_SRV_INST       2  Service and other unique instance (krbtgt)
-KRB_NT_SRV_HST        3  Service with host name as instance (telnet,
-rcommands)
-KRB_NT_SRV_XHST       4  Service with host as remaining components
-KRB_NT_UID            5  Unique ID
-KRB_NT_X500_PRINCIPAL 6  Encoded X.509 Distingished name [RFC 2253]
-
-error codes
-
-KDC_ERR_NONE                    0   No error
-KDC_ERR_NAME_EXP                1   Client's entry in database has expired
-KDC_ERR_SERVICE_EXP             2   Server's entry in database has expired
-KDC_ERR_BAD_PVNO                3   Requested protocol version # not
-supported
-KDC_ERR_C_OLD_MAST_KVNO         4   Client's key encrypted in old master key
-KDC_ERR_S_OLD_MAST_KVNO         5   Server's key encrypted in old master key
-KDC_ERR_C_PRINCIPAL_UNKNOWN     6   Client not found in Kerberos database
-KDC_ERR_S_PRINCIPAL_UNKNOWN     7   Server not found in Kerberos database
-KDC_ERR_PRINCIPAL_NOT_UNIQUE    8   Multiple principal entries in database
-KDC_ERR_NULL_KEY                9   The client or server has a null key
-KDC_ERR_CANNOT_POSTDATE        10   Ticket not eligible for postdating
-KDC_ERR_NEVER_VALID            11   Requested start time is later than end
-time
-KDC_ERR_POLICY                 12   KDC policy rejects request
-KDC_ERR_BADOPTION              13   KDC cannot accommodate requested option
-KDC_ERR_ETYPE_NOSUPP           14   KDC has no support for encryption type
-KDC_ERR_SUMTYPE_NOSUPP         15   KDC has no support for checksum type
-KDC_ERR_PADATA_TYPE_NOSUPP     16   KDC has no support for padata type
-KDC_ERR_TRTYPE_NOSUPP          17   KDC has no support for transited type
-KDC_ERR_CLIENT_REVOKED         18   Clients credentials have been revoked
-KDC_ERR_SERVICE_REVOKED        19   Credentials for server have been revoked
-KDC_ERR_TGT_REVOKED            20   TGT has been revoked
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-KDC_ERR_CLIENT_NOTYET          21   Client not yet valid - try again later
-KDC_ERR_SERVICE_NOTYET         22   Server not yet valid - try again later
-KDC_ERR_KEY_EXPIRED            23   Password has expired - change password
-KDC_ERR_PREAUTH_FAILED         24   Pre-authentication information was
-invalid
-KDC_ERR_PREAUTH_REQUIRED       25   Additional pre-authenticationrequired
-[40]
-KDC_ERR_SERVER_NOMATCH         26   Requested server and ticket don't match
-KDC_ERR_MUST_USE_USER2USER     27   Server principal valid for user2user
-only
-KDC_ERR_PATH_NOT_ACCPETED      28   KDC Policy rejects transited path
-KDC_ERR_SVC_UNAVAILABLE        29   A service is not available
-KRB_AP_ERR_BAD_INTEGRITY       31   Integrity check on decrypted field
-failed
-KRB_AP_ERR_TKT_EXPIRED         32   Ticket expired
-KRB_AP_ERR_TKT_NYV             33   Ticket not yet valid
-KRB_AP_ERR_REPEAT              34   Request is a replay
-KRB_AP_ERR_NOT_US              35   The ticket isn't for us
-KRB_AP_ERR_BADMATCH            36   Ticket and authenticator don't match
-KRB_AP_ERR_SKEW                37   Clock skew too great
-KRB_AP_ERR_BADADDR             38   Incorrect net address
-KRB_AP_ERR_BADVERSION          39   Protocol version mismatch
-KRB_AP_ERR_MSG_TYPE            40   Invalid msg type
-KRB_AP_ERR_MODIFIED            41   Message stream modified
-KRB_AP_ERR_BADORDER            42   Message out of order
-KRB_AP_ERR_BADKEYVER           44   Specified version of key is not
-available
-KRB_AP_ERR_NOKEY               45   Service key not available
-KRB_AP_ERR_MUT_FAIL            46   Mutual authentication failed
-KRB_AP_ERR_BADDIRECTION        47   Incorrect message direction
-KRB_AP_ERR_METHOD              48   Alternative authentication method
-required
-KRB_AP_ERR_BADSEQ              49   Incorrect sequence number in message
-KRB_AP_ERR_INAPP_CKSUM         50   Inappropriate type of checksum in
-message
-KRB_AP_PATH_NOT_ACCEPTED       51   Policy rejects transited path
-KRB_ERR_RESPONSE_TOO_BIG       52   Response too big for UDP, retry with TCP
-KRB_ERR_GENERIC                60   Generic error (description in e-text)
-KRB_ERR_FIELD_TOOLONG          61   Field is too long for this
-implementation
-KDC_ERROR_CLIENT_NOT_TRUSTED            62 (pkinit)
-KDC_ERROR_KDC_NOT_TRUSTED               63 (pkinit)
-KDC_ERROR_INVALID_SIG                   64 (pkinit)
-KDC_ERR_KEY_TOO_WEAK                    65 (pkinit)
-KDC_ERR_CERTIFICATE_MISMATCH            66 (pkinit)
-KRB_AP_ERR_NO_TGT                       67 (user-to-user)
-KDC_ERR_WRONG_REALM                     68 (user-to-user)
-KRB_AP_ERR_USER_TO_USER_REQUIRED        69 (user-to-user)
-KDC_ERR_CANT_VERIFY_CERTIFICATE         70 (pkinit)
-KDC_ERR_INVALID_CERTIFICATE             71 (pkinit)
-KDC_ERR_REVOKED_CERTIFICATE             72 (pkinit)
-KDC_ERR_REVOCATION_STATUS_UNKNOWN       73 (pkinit)
-KDC_ERR_REVOCATION_STATUS_UNAVAILABLE   74 (pkinit)
-KDC_ERR_CLIENT_NAME_MISMATCH            75 (pkinit)
-KDC_ERR_KDC_NAME_MISMATCH               76 (pkinit)
-
-9. Interoperability requirements
-
-Version 5 of the Kerberos protocol supports a myriad of options. Among these
-are multiple encryption and checksum types, alternative encoding schemes for
-the transited field, optional mechanisms for pre-authentication, the
-handling of tickets with no addresses, options for mutual authentication,
-user to user authentication, support for proxies, forwarding, postdating,
-and renewing tickets, the format of realm names, and the handling of
-authorization data.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-In order to ensure the interoperability of realms, it is necessary to define
-a minimal configuration which must be supported by all implementations. This
-minimal configuration is subject to change as technology does. For example,
-if at some later date it is discovered that one of the required encryption
-or checksum algorithms is not secure, it will be replaced.
-
-9.1. Specification 2
-
-This section defines the second specification of these options.
-Implementations which are configured in this way can be said to support
-Kerberos Version 5 Specification 2 (5.1). Specification 1 (depricated) may
-be found in RFC1510.
-
-Transport
-
-TCP/IP and UDP/IP transport must be supported by KDCs claiming conformance
-to specification 2. Kerberos clients claiming conformance to specification 2
-must support UDP/IP transport for messages with the KDC and should support
-TCP/IP transport.
-
-Encryption and checksum methods
-
-The following encryption and checksum mechanisms must be supported.
-Implementations may support other mechanisms as well, but the additional
-mechanisms may only be used when communicating with principals known to also
-support them: This list is to be determined. [***This section will change,
-and alternatives will be sent to the cat and krb-protocol list prior to the
-Oslo IETF - change will be made 7/14/99 ***]
-
-Encryption: DES-CBC-MD5
-Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5
-
-Realm Names
-
-All implementations must understand hierarchical realms in both the Internet
-Domain and the X.500 style. When a ticket granting ticket for an unknown
-realm is requested, the KDC must be able to determine the names of the
-intermediate realms between the KDCs realm and the requested realm.
-
-Transited field encoding
-
-DOMAIN-X500-COMPRESS (described in section 3.3.3.2) must be supported.
-Alternative encodings may be supported, but they may be used only when that
-encoding is supported by ALL intermediate realms.
-
-Pre-authentication methods
-
-The TGS-REQ method must be supported. The TGS-REQ method is not used on the
-initial request. The PA-ENC-TIMESTAMP method must be supported by clients
-but whether it is enabled by default may be determined on a realm by realm
-basis. If not used in the initial request and the error
-KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENC-TIMESTAMP as an
-acceptable method, the client should retry the initial request using the
-PA-ENC-TIMESTAMP preauthentication method. Servers need not support the
-PA-ENC-TIMESTAMP method, but if not supported the server should ignore the
-presence of PA-ENC-TIMESTAMP pre-authentication in a request.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-Mutual authentication
-
-Mutual authentication (via the KRB_AP_REP message) must be supported.
-
-Ticket addresses and flags
-
-All KDC's must pass on tickets that carry no addresses (i.e. if a TGT
-contains no addresses, the KDC will return derivative tickets), but each
-realm may set its own policy for issuing such tickets, and each application
-server will set its own policy with respect to accepting them.
-
-Proxies and forwarded tickets must be supported. Individual realms and
-application servers can set their own policy on when such tickets will be
-accepted.
-
-All implementations must recognize renewable and postdated tickets, but need
-not actually implement them. If these options are not supported, the
-starttime and endtime in the ticket shall specify a ticket's entire useful
-life. When a postdated ticket is decoded by a server, all implementations
-shall make the presence of the postdated flag visible to the calling server.
-
-User-to-user authentication
-
-Support for user to user authentication (via the ENC-TKT-IN-SKEY KDC option)
-must be provided by implementations, but individual realms may decide as a
-matter of policy to reject such requests on a per-principal or realm-wide
-basis.
-
-Authorization data
-
-Implementations must pass all authorization data subfields from
-ticket-granting tickets to any derivative tickets unless directed to
-suppress a subfield as part of the definition of that registered subfield
-type (it is never incorrect to pass on a subfield, and no registered
-subfield types presently specify suppression at the KDC).
-
-Implementations must make the contents of any authorization data subfields
-available to the server when a ticket is used. Implementations are not
-required to allow clients to specify the contents of the authorization data
-fields.
-
-Constant ranges
-
-All protocol constants are constrained to 32 bit (signed) values unless
-further constrained by the protocol definition. This limit is provided to
-allow implementations to make assumptions about the maximum values that will
-be received for these constants. Implementation receiving values outside
-this range may reject the request, but they must recover cleanly.
-
-9.2. Recommended KDC values
-
-Following is a list of recommended values for a KDC implementation, based on
-the list of suggested configuration constants (see section 4.4).
-
-minimum lifetime              5 minutes
-maximum renewable lifetime    1 week
-maximum ticket lifetime       1 day
-empty addresses               only when suitable  restrictions  appear
-                              in authorization data
-proxiable, etc.               Allowed.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-10. REFERENCES
-
-[NT94]    B. Clifford Neuman and Theodore Y. Ts'o, "An  Authenti-
-          cation  Service for Computer Networks," IEEE Communica-
-          tions Magazine, Vol. 32(9), pp. 33-38 (September 1994).
-
-[MNSS87]  S. P. Miller, B. C. Neuman, J. I. Schiller, and  J.  H.
-          Saltzer,  Section  E.2.1:  Kerberos  Authentication and
-          Authorization System, M.I.T. Project Athena, Cambridge,
-          Massachusetts (December 21, 1987).
-
-[SNS88]   J. G. Steiner, B. C. Neuman, and J. I. Schiller,  "Ker-
-          beros:  An Authentication Service for Open Network Sys-
-          tems," pp. 191-202 in  Usenix  Conference  Proceedings,
-          Dallas, Texas (February, 1988).
-
-[NS78]    Roger M.  Needham  and  Michael  D.  Schroeder,  "Using
-          Encryption for Authentication in Large Networks of Com-
-          puters,"  Communications  of  the  ACM,  Vol.   21(12),
-          pp. 993-999 (December, 1978).
-
-[DS81]    Dorothy E. Denning and  Giovanni  Maria  Sacco,  "Time-
-          stamps  in  Key Distribution Protocols," Communications
-          of the ACM, Vol. 24(8), pp. 533-536 (August 1981).
-
-[KNT92]   John T. Kohl, B. Clifford Neuman, and Theodore Y. Ts'o,
-          "The Evolution of the Kerberos Authentication Service,"
-          in an IEEE Computer Society Text soon to  be  published
-          (June 1992).
-
-[Neu93]   B.  Clifford  Neuman,  "Proxy-Based  Authorization  and
-          Accounting  for Distributed Systems," in Proceedings of
-          the 13th International Conference on  Distributed  Com-
-          puting Systems, Pittsburgh, PA (May, 1993).
-
-[DS90]    Don Davis and Ralph Swick,  "Workstation  Services  and
-          Kerberos  Authentication  at Project Athena," Technical
-          Memorandum TM-424,  MIT Laboratory for Computer Science
-          (February 1990).
-
-[LGDSR87] P. J. Levine, M. R. Gretzinger, J. M. Diaz, W. E.  Som-
-          merfeld,  and  K. Raeburn, Section E.1: Service Manage-
-          ment System, M.I.T.  Project  Athena,  Cambridge,  Mas-
-          sachusetts (1987).
-
-[X509-88] CCITT, Recommendation X.509: The Directory  Authentica-
-          tion Framework, December 1988.
-
-[Pat92].  J. Pato, Using  Pre-Authentication  to  Avoid  Password
-          Guessing  Attacks, Open Software Foundation DCE Request
-          for Comments 26 (December 1992).
-
-[DES77]   National Bureau of Standards, U.S. Department  of  Com-
-          merce,  "Data Encryption Standard," Federal Information
-          Processing Standards Publication  46,   Washington,  DC
-          (1977).
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-[DESM80]  National Bureau of Standards, U.S. Department  of  Com-
-          merce,  "DES  Modes  of Operation," Federal Information
-          Processing Standards Publication 81,   Springfield,  VA
-          (December 1980).
-
-[SG92]    Stuart G. Stubblebine and Virgil D. Gligor, "On Message
-          Integrity  in  Cryptographic Protocols," in Proceedings
-          of the IEEE  Symposium  on  Research  in  Security  and
-          Privacy, Oakland, California (May 1992).
-
-[IS3309]  International Organization  for  Standardization,  "ISO
-          Information  Processing  Systems - Data Communication -
-          High-Level Data Link Control Procedure -  Frame  Struc-
-          ture," IS 3309 (October 1984).  3rd Edition.
-
-[MD4-92]  R. Rivest, "The  MD4  Message  Digest  Algorithm,"  RFC
-          1320,   MIT  Laboratory  for  Computer  Science  (April
-          1992).
-
-[MD5-92]  R. Rivest, "The  MD5  Message  Digest  Algorithm,"  RFC
-          1321,   MIT  Laboratory  for  Computer  Science  (April
-          1992).
-
-[KBC96]   H. Krawczyk, M. Bellare, and R. Canetti, "HMAC:  Keyed-
-          Hashing  for  Message  Authentication,"  Working  Draft
-          draft-ietf-ipsec-hmac-md5-01.txt,   (August 1996).
-
-[Horowitz96] Horowitz, M., "Key Derivation for Authentication,
-          Integrity, and Privacy", draft-horowitz-key-derivation-02.txt,
-          August 1998.
-
-[HorowitzB96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
-          horowitz-kerb-key-derivation-01.txt, September 1998.
-
-[Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
-          Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
-          md5-01.txt, August, 1996.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A. Pseudo-code for protocol processing
-
-This appendix provides pseudo-code describing how the messages are to be
-constructed and interpreted by clients and servers.
-
-A.1. KRB_AS_REQ generation
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_AS_REQ */
-
-        if(pa_enc_timestamp_required) then
-                request.padata.padata-type = PA-ENC-TIMESTAMP;
-                get system_time;
-                padata-body.patimestamp,pausec = system_time;
-                encrypt padata-body into request.padata.padata-value
-                        using client.key; /* derived from password */
-        endif
-
-        body.kdc-options := users's preferences;
-        body.cname := user's name;
-        body.realm := user's realm;
-        body.sname := service's name; /* usually "krbtgt",  "localrealm" */
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-        omit body.enc-authorization-data;
-        request.req-body := body;
-
-        kerberos := lookup(name of local kerberos server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.2. KRB_AS_REQ verification and KRB_AS_REP generation
-
-        decode message into req;
-
-        client := lookup(req.cname,req.realm);
-        server := lookup(req.sname,req.realm);
-
-        get system_time;
-        kdc_time := system_time.seconds;
-
-        if (!client) then
-                /* no client in Database */
-                error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-        endif
-        if (!server) then
-                /* no server in Database */
-                error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-        endif
-
-        if(client.pa_enc_timestamp_required and
-           pa_enc_timestamp not present) then
-                error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-        endif
-
-        if(pa_enc_timestamp present) then
-                decrypt req.padata-value into decrypted_enc_timestamp
-                        using client.key;
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                if(decrypted_enc_timestamp is not within allowable skew)
-then
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                if(decrypted_enc_timestamp and usec is replay)
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                add decrypted_enc_timestamp and usec to replay cache;
-        endif
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := req.srealm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        if (req.kdc-options.FORWARDABLE is set) then
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.PROXIABLE is set) then
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                set new_tkt.flags.PROXIABLE;
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if ((req.kdc-options.RENEW is set) or
-            (req.kdc-options.VALIDATE is set) or
-            (req.kdc-options.PROXY is set) or
-            (req.kdc-options.FORWARDED is set) or
-            (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.session := random_session_key();
-        new_tkt.cname := req.cname;
-        new_tkt.crealm := req.crealm;
-        new_tkt.transited := empty_transited_field();
-
-        new_tkt.authtime := kdc_time;
-
-        if (req.kdc-options.POSTDATED is set) then
-           if (against_postdate_policy(req.from)) then
-                error_out(KDC_ERR_POLICY);
-           endif
-           set new_tkt.flags.POSTDATED;
-           set new_tkt.flags.INVALID;
-           new_tkt.starttime := req.from;
-        else
-           omit new_tkt.starttime; /* treated as authtime when omitted */
-        endif
-        if (req.till = 0) then
-                till := infinity;
-        else
-                till := req.till;
-        endif
-
-        new_tkt.endtime := min(till,
-                              new_tkt.starttime+client.max_life,
-                              new_tkt.starttime+server.max_life,
-                              new_tkt.starttime+max_life_for_realm);
-
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (new_tkt.endtime < req.till)) then
-                /* we set the RENEWABLE option for later processing */
-                set req.kdc-options.RENEWABLE;
-                req.rtime := req.till;
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if (req.kdc-options.RENEWABLE is set) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                                     new_tkt.starttime+client.max_rlife,
-                                     new_tkt.starttime+server.max_rlife,
-                                     new_tkt.starttime+max_rlife_for_realm);
-        else
-                omit new_tkt.renew-till; /* only present if RENEWABLE */
-        endif
-
-        if (req.addresses) then
-                new_tkt.caddr := req.addresses;
-        else
-                omit new_tkt.caddr;
-        endif
-
-        new_tkt.authorization_data := empty_authorization_data();
-
-        encode to-be-encrypted part of ticket into OCTET STRING;
-        new_tkt.enc-part := encrypt OCTET STRING
-                using etype_for_key(server.key), server.key, server.p_kvno;
-
-        /* Start processing the response */
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_AS_REP;
-        resp.cname := req.cname;
-        resp.crealm := req.realm;
-        resp.ticket := new_tkt;
-
-        resp.key := new_tkt.session;
-        resp.last-req := fetch_last_request_info(client);
-        resp.nonce := req.nonce;
-        resp.key-expiration := client.expiration;
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        resp.realm := new_tkt.realm;
-        resp.sname := new_tkt.sname;
-
-        resp.caddr := new_tkt.caddr;
-
-        encode body of reply into OCTET STRING;
-
-        resp.enc-part := encrypt OCTET STRING
-                         using use_etype, client.key, client.p_kvno;
-        send(resp);
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.3. KRB_AS_REP verification
-
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) then
-                        set pa_enc_timestamp_required;
-                        goto KRB_AS_REQ;
-                endif
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key */
-        /* from the response immediately */
-
-        key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
-                                 resp.padata);
-        unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and key;
-        zero(key);
-
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        if near(resp.princ_exp) then
-                print(warning message);
-        endif
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.4. KRB_AS_REP and KRB_TGS_REP common checks
-
-        if (decryption_error() or
-            (req.cname != resp.cname) or
-            (req.realm != resp.crealm) or
-            (req.sname != resp.sname) or
-            (req.realm != resp.realm) or
-            (req.nonce != resp.nonce) or
-            (req.addresses != resp.caddr)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        /* make sure no flags are set that shouldn't be, and that all that
-*/
-        /* should be are set
-*/
-        if (!check_flags_for_compatability(req.kdc-options,resp.flags)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.from = 0) and
-            (resp.starttime is not within allowable skew)) then
-                destroy resp.key;
-                return KRB_AP_ERR_SKEW;
-        endif
-        if ((req.from != 0) and (req.from != resp.starttime)) then
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.till != 0) and (resp.endtime > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (resp.flags.RENEWABLE) and
-            (req.till != 0) and
-            (resp.renew-till > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-A.5. KRB_TGS_REQ generation
-
-        /* Note that make_application_request might have to recursivly
-*/
-        /* call this routine to get the appropriate ticket-granting ticket
-*/
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-        body.kdc-options := users's preferences;
-        /* If the TGT is not for the realm of the end-server  */
-        /* then the sname will be for a TGT for the end-realm */
-        /* and the realm of the requested ticket (body.realm) */
-        /* will be that of the TGS to which the TGT we are    */
-        /* sending applies                                    */
-        body.sname := service's name;
-        body.realm := service's realm;
-
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-
-        body.enc-authorization-data := user-supplied data;
-        if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                body.additional-tickets_ticket := second TGT;
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-        endif
-
-        request.req-body := body;
-        check := generate_checksum (req.body,checksumtype);
-
-        request.padata[0].padata-type := PA-TGS-REQ;
-        request.padata[0].padata-value := create a KRB_AP_REQ using
-                                      the TGT and checksum
-
-        /* add in any other padata as required/supplied */
-
-        kerberos := lookup(name of local kerberose server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
-
-        /* note that reading the application request requires first
-        determining the server for which a ticket was issued, and choosing
-the
-        correct key for decryption.  The name of the server appears in the
-        plaintext part of the ticket. */
-
-        if (no KRB_AP_REQ in req.padata) then
-                error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-        endif
-        verify KRB_AP_REQ in req.padata;
-
-        /* Note that the realm in which the Kerberos server is operating is
-        determined by the instance from the ticket-granting ticket.  The
-realm
-        in the ticket-granting ticket is the realm under which the ticket
-        granting ticket was issued.  It is possible for a single Kerberos
-        server to support more than one realm. */
-
-        auth_hdr := KRB_AP_REQ;
-        tgt := auth_hdr.ticket;
-
-        if (tgt.sname is not a TGT for local realm and is not req.sname)
-then
-                error_out(KRB_AP_ERR_NOT_US);
-
-        realm := realm_tgt_is_for(tgt);
-
-        decode remainder of request;
-
-        if (auth_hdr.authenticator.cksum is missing) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-        if (auth_hdr.authenticator.cksum type is not supported) then
-                error_out(KDC_ERR_SUMTYPE_NOSUPP);
-        endif
-        if (auth_hdr.authenticator.cksum is not both collision-proof and
-            keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-        set computed_checksum := checksum(req);
-        if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        server := lookup(req.sname,realm);
-
-        if (!server) then
-                if (is_foreign_tgt_name(req.sname)) then
-                        server := best_intermediate_tgs(req.sname);
-                else
-                        /* no server in Database */
-                        error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-                endif
-        endif
-
-        session := generate_random_session_key();
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := realm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        new_tkt.caddr := tgt.caddr;
-        resp.caddr := NULL; /* We only include this if they change */
-        if (req.kdc-options.FORWARDABLE is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.FORWARDED is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDED;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-        if (tgt.flags.FORWARDED is set) then
-                set new_tkt.flags.FORWARDED;
-        endif
-
-        if (req.kdc-options.PROXIABLE is set) then
-                if (tgt.flags.PROXIABLE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                set new_tkt.flags.PROXIABLE;
-        endif
-        if (req.kdc-options.PROXY is set) then
-                if (tgt.flags.PROXIABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXY;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                if (tgt.flags.MAY-POSTDATE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.MAY-POSTDATE;
-        endif
-        if (req.kdc-options.POSTDATED is set) then
-                if (tgt.flags.MAY-POSTDATE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                if (against_postdate_policy(req.from)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                new_tkt.starttime := req.from;
-        endif
-
-        if (req.kdc-options.VALIDATE is set) then
-                if (tgt.flags.INVALID is reset) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                if (tgt.starttime > kdc_time) then
-                        error_out(KRB_AP_ERR_NYV);
-                endif
-                if (check_hot_list(tgt)) then
-                        error_out(KRB_AP_ERR_REPEAT);
-                endif
-                tkt := tgt;
-                reset new_tkt.flags.INVALID;
-        endif
-
-        if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                             and those already processed) is set) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.authtime := tgt.authtime;
-
-        if (req.kdc-options.RENEW is set) then
-          /* Note that if the endtime has already passed, the ticket would
-*/
-          /* have been rejected in the initial authentication stage, so
-*/
-          /* there is no need to check again here
-*/
-                if (tgt.flags.RENEWABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                if (tgt.renew-till < kdc_time) then
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                        error_out(KRB_AP_ERR_TKT_EXPIRED);
-                endif
-                tkt := tgt;
-                new_tkt.starttime := kdc_time;
-                old_life := tgt.endttime - tgt.starttime;
-                new_tkt.endtime := min(tgt.renew-till,
-                                       new_tkt.starttime + old_life);
-        else
-                new_tkt.starttime := kdc_time;
-                if (req.till = 0) then
-                        till := infinity;
-                else
-                        till := req.till;
-                endif
-                new_tkt.endtime := min(till,
-                                       new_tkt.starttime+client.max_life,
-                                       new_tkt.starttime+server.max_life,
-                                       new_tkt.starttime+max_life_for_realm,
-                                       tgt.endtime);
-
-                if ((req.kdc-options.RENEWABLE-OK is set) and
-                    (new_tkt.endtime < req.till) and
-                    (tgt.flags.RENEWABLE is set) then
-                        /* we set the RENEWABLE option for later processing
-*/
-                        set req.kdc-options.RENEWABLE;
-                        req.rtime := min(req.till, tgt.renew-till);
-                endif
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (tgt.flags.RENEWABLE is set)) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-                                      new_tkt.starttime+client.max_rlife,
-                                      new_tkt.starttime+server.max_rlife,
-                                      new_tkt.starttime+max_rlife_for_realm,
-                                      tgt.renew-till);
-        else
-              new_tkt.renew-till := OMIT; /* leave the renew-till field out
-*/
-        endif
-        if (req.enc-authorization-data is present) then
-          decrypt req.enc-authorization-data into
-decrypted_authorization_data
-                  using auth_hdr.authenticator.subkey;
-          if (decrypt_error()) then
-                  error_out(KRB_AP_ERR_BAD_INTEGRITY);
-          endif
-        endif
-        new_tkt.authorization_data := req.auth_hdr.ticket.authorization_data
-+
-                                 decrypted_authorization_data;
-
-        new_tkt.key := session;
-        new_tkt.crealm := tgt.crealm;
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-        new_tkt.cname := req.auth_hdr.ticket.cname;
-
-        if (realm_tgt_is_for(tgt) := tgt.realm) then
-                /* tgt issued by local realm */
-                new_tkt.transited := tgt.transited;
-        else
-                /* was issued for this realm by some other realm */
-                if (tgt.transited.tr-type not supported) then
-                        error_out(KDC_ERR_TRTYPE_NOSUPP);
-                endif
-            new_tkt.transited := compress_transited(tgt.transited +
-tgt.realm)
-                /* Don't check tranited field if TGT for foreign realm,
-                 * or requested not to check */
-                if (is_not_foreign_tgt_name(new_tkt.server)
-                   && req.kdc-options.DISABLE-TRANSITED-CHECK not set) then
-                        /* Check it, so end-server does not have to
-                         * but don't fail, end-server may still accept it */
-                        if (check_transited_field(new_tkt.transited) == OK)
-                              set new_tkt.flags.TRANSITED-POLICY-CHECKED;
-                        endif
-                endif
-        endif
-
-        encode encrypted part of new_tkt into OCTET STRING;
-        if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                if (server not specified) then
-                        server = req.second_ticket.client;
-                endif
-                if ((req.second_ticket is not a TGT) or
-                    (req.second_ticket.client != server)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-
-                new_tkt.enc-part := encrypt OCTET STRING using
-                 using etype_for_key(second-ticket.key), second-ticket.key;
-        else
-                new_tkt.enc-part := encrypt OCTET STRING
-                 using etype_for_key(server.key), server.key, server.p_kvno;
-        endif
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_TGS_REP;
-        resp.crealm := tgt.crealm;
-        resp.cname := tgt.cname;
-        resp.ticket := new_tkt;
-
-        resp.key := session;
-        resp.nonce := req.nonce;
-        resp.last-req := fetch_last_request_info(client);
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        omit resp.key-expiration;
-
-        resp.sname := new_tkt.sname;
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-        resp.realm := new_tkt.realm;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        encode body of reply into OCTET STRING;
-
-        if (req.padata.authenticator.subkey)
-                resp.enc-part := encrypt OCTET STRING using use_etype,
-                        req.padata.authenticator.subkey;
-        else resp.enc-part := encrypt OCTET STRING using use_etype, tgt.key;
-
-        send(resp);
-
-A.7. KRB_TGS_REP verification
-
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key from
-        the response immediately */
-
-        if (req.padata.authenticator.subkey)
-                unencrypted part of resp := decode of decrypt of
-resp.enc-part
-                        using resp.enc-part.etype and subkey;
-        else unencrypted part of resp := decode of decrypt of resp.enc-part
-                            using resp.enc-part.etype and tgt's session key;
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        check authorization_data as necessary;
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.8. Authenticator generation
-
-        body.authenticator-vno := authenticator vno; /* = 5 */
-        body.cname, body.crealm := client name;
-        if (supplying checksum) then
-                body.cksum := checksum;
-        endif
-        get system_time;
-        body.ctime, body.cusec := system_time;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.9. KRB_AP_REQ generation
-
-        obtain ticket and session_key from cache;
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REQ */
-
-        if (desired(MUTUAL_AUTHENTICATION)) then
-                set packet.ap-options.MUTUAL-REQUIRED;
-        else
-                reset packet.ap-options.MUTUAL-REQUIRED;
-        endif
-        if (using session key for ticket) then
-                set packet.ap-options.USE-SESSION-KEY;
-        else
-                reset packet.ap-options.USE-SESSION-KEY;
-        endif
-        packet.ticket := ticket; /* ticket */
-        generate authenticator;
-        encode authenticator into OCTET STRING;
-        encrypt OCTET STRING into packet.authenticator using session_key;
-
-A.10. KRB_AP_REQ verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REQ) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.ticket.tkt_vno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.ap_options.USE-SESSION-KEY is set) then
-                retrieve session key from ticket-granting ticket for
-                 packet.ticket.{sname,srealm,enc-part.etype};
-        else
-                retrieve service key for
-                 packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno};
-        endif
-        if (no_key_available) then
-                if (cannot_find_specified_skvno) then
-                        error_out(KRB_AP_ERR_BADKEYVER);
-                else
-                        error_out(KRB_AP_ERR_NOKEY);
-                endif
-        endif
-        decrypt packet.ticket.enc-part into decr_ticket using retrieved key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        decrypt packet.authenticator into decr_authenticator
-                using decr_ticket.key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-        endif
-        if (decr_authenticator.{cname,crealm} !=
-            decr_ticket.{cname,crealm}) then
-                error_out(KRB_AP_ERR_BADMATCH);
-        endif
-        if (decr_ticket.caddr is present) then
-                if (sender_address(packet) is not in decr_ticket.caddr) then
-                        error_out(KRB_AP_ERR_BADADDR);
-                endif
-        elseif (application requires addresses) then
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(decr_authenticator.ctime,
-                              decr_authenticator.cusec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(decr_authenticator.{ctime,cusec,cname,crealm})) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-        get system_time;
-        if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-            (decr_ticket.flags.INVALID is set)) then
-                /* it hasn't yet become valid */
-                error_out(KRB_AP_ERR_TKT_NYV);
-        endif
-        if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                error_out(KRB_AP_ERR_TKT_EXPIRED);
-        endif
-        if (decr_ticket.transited) then
-            /* caller may ignore the TRANSITED-POLICY-CHECKED and do
-             * check anyway */
-            if (decr_ticket.flags.TRANSITED-POLICY-CHECKED not set) then
-                 if (check_transited_field(decr_ticket.transited) then
-                      error_out(KDC_AP_PATH_NOT_ACCPETED);
-                 endif
-            endif
-        endif
-        /* caller must check decr_ticket.flags for any pertinent details */
-        return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.11. KRB_AP_REP generation
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REP */
-
-        body.ctime := packet.ctime;
-        body.cusec := packet.cusec;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part;
-
-A.12. KRB_AP_REP verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REP) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        cleartext := decrypt(packet.enc-part) using ticket's session key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (cleartext.ctime != authenticator.ctime) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.cusec != authenticator.cusec) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.subkey is present) then
-                save cleartext.subkey for future use;
-        endif
-        if (cleartext.seq-number is present) then
-                save cleartext.seq-number for future verifications;
-        endif
-        return(AUTHENTICATION_SUCCEEDED);
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.13. KRB_SAFE generation
-
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_SAFE */
-
-        body.user-data := buffer; /* DATA */
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-        checksum.cksumtype := checksum type;
-        compute checksum over body;
-        checksum.checksum := checksum value; /* checksum.checksum */
-        packet.cksum := checksum;
-        packet.safe-body := body;
-
-A.14. KRB_SAFE verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_SAFE) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.checksum.cksumtype is not both collision-proof
-              and keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-        if (safe_priv_common_checks_ok(packet)) then
-                set computed_checksum := checksum(packet.body);
-                if (computed_checksum != packet.checksum) then
-                        error_out(KRB_AP_ERR_MODIFIED);
-                endif
-                return (packet, PACKET_IS_GENUINE);
-        else
-                return common_checks_error;
-        endif
-
-A.15. KRB_SAFE and KRB_PRIV common checks
-
-        if (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (((packet.timestamp is present) and
-             (not in_clock_skew(packet.timestamp,packet.usec))) or
-            (packet.timestamp is not present and timestamp expected)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-
-        if (((packet.seq-number is present) and
-             ((not in_sequence(packet.seq-number)))) or
-            (packet.seq-number is not present and sequence expected)) then
-                error_out(KRB_AP_ERR_BADORDER);
-        endif
-        if (packet.timestamp not present and packet.seq-number
-              not present) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        save_identifier(packet.{timestamp,usec,s-address},
-                        sender_principal(packet));
-
-        return PACKET_IS_OK;
-
-A.16. KRB_PRIV generation
-
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_PRIV */
-
-        packet.enc-part.etype := encryption type;
-
-        body.user-data := buffer;
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher;
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.17. KRB_PRIV verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_PRIV) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-
-        if (safe_priv_common_checks_ok(cleartext)) then
-                return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
-        else
-                return common_checks_error;
-        endif
-
-A.18. KRB_CRED generation
-
-        invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_CRED */
-
-        for (tickets[n] in tickets to be forwarded) do
-                packet.tickets[n] = tickets[n].ticket;
-        done
-
-        packet.enc-part.etype := encryption type;
-
-        for (ticket[n] in tickets to be forwarded) do
-                body.ticket-info[n].key = tickets[n].session;
-                body.ticket-info[n].prealm = tickets[n].crealm;
-                body.ticket-info[n].pname = tickets[n].cname;
-                body.ticket-info[n].flags = tickets[n].flags;
-                body.ticket-info[n].authtime = tickets[n].authtime;
-                body.ticket-info[n].starttime = tickets[n].starttime;
-                body.ticket-info[n].endtime = tickets[n].endtime;
-                body.ticket-info[n].renew-till = tickets[n].renew-till;
-                body.ticket-info[n].srealm = tickets[n].srealm;
-                body.ticket-info[n].sname = tickets[n].sname;
-                body.ticket-info[n].caddr = tickets[n].caddr;
-        done
-
-        get system_time;
-        body.timestamp, body.usec := system_time;
-
-        if (using nonce) then
-                body.nonce := nonce;
-        endif
-
-        if (using s-address) then
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-                body.s-address := sender host addresses;
-        endif
-        if (limited recipients) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher
-               using negotiated encryption key;
-
-A.19. KRB_CRED verification
-
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_CRED) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if ((packet.r-address is present or required) and
-           (packet.s-address != O/S_sender(packet)) then
-                /* O/S report of sender not who claims to have sent it */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                error_out(KRB_AP_ERR_REPEAT);
-        endif
-        if (packet.nonce is required or present) and
-           (packet.nonce != expected-nonce) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        for (ticket[n] in tickets that were forwarded) do
-                save_for_later(ticket[n],key[n],principal[n],
-                               server[n],times[n],flags[n]);
-        return
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-A.20. KRB_ERROR generation
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_ERROR */
-
-        get system_time;
-        packet.stime, packet.susec := system_time;
-        packet.realm, packet.sname := server name;
-
-        if (client time available) then
-                packet.ctime, packet.cusec := client_time;
-        endif
-        packet.error-code := error code;
-        if (client name available) then
-                packet.cname, packet.crealm := client name;
-        endif
-        if (error text available) then
-                packet.e-text := error text;
-        endif
-        if (error data available) then
-                packet.e-data := error data;
-        endif
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-B. Definition of common authorization data elements
-
-This appendix contains the definitions of common authorization data
-elements. These common authorization data elements are recursivly defined,
-meaning the ad-data for these types will itself contain a sequence of
-authorization data whose interpretation is affected by the encapsulating
-element. Depending on the meaning of the encapsulating element, the
-encapsulated elements may be ignored, might be interpreted as issued
-directly by the KDC, or they might be stored in a separate plaintext part of
-the ticket. The types of the encapsulating elements are specified as part of
-the Kerberos specification because the behavior based on these values should
-be understood across implementations whereas other elements need only be
-understood by the applications which they affect.
-
-In the definitions that follow, the value of the ad-type for the element
-will be specified in the subsection number, and the value of the ad-data
-will be as shown in the ASN.1 structure that follows the subsection heading.
-
-B.1. If relevant
-
-AD-IF-RELEVANT   AuthorizationData
-
-AD elements encapsulated within the if-relevant element are intended for
-interpretation only by application servers that understand the particular
-ad-type of the embedded element. Application servers that do not understand
-the type of an element embedded within the if-relevant element may ignore
-the uninterpretable element. This element promotes interoperability across
-implementations which may have local extensions for authorization.
-
-B.2. Intended for server
-
-AD-INTENDED-FOR-SERVER   SEQUENCE {
-         intended-server[0]     SEQUENCE OF PrincipalName
-         elements[1]            AuthorizationData
-}
-
-AD elements encapsulated within the intended-for-server element may be
-ignored if the application server is not in the list of principal names of
-intended servers. Further, a KDC issuing a ticket for an application server
-can remove this element if the application server is not in the list of
-intended servers.
-
-Application servers should check for their principal name in the
-intended-server field of this element. If their principal name is not found,
-this element should be ignored. If found, then the encapsulated elements
-should be evaluated in the same manner as if they were present in the top
-level authorization data field. Applications and application servers that do
-not implement this element should reject tickets that contain authorization
-data elements of this type.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-B.3. Intended for application class
-
-AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE { intended-application-class[0]
-SEQUENCE OF GeneralString elements[1] AuthorizationData } AD elements
-encapsulated within the intended-for-application-class element may be
-ignored if the application server is not in one of the named classes of
-application servers. Examples of application server classes include
-"FILESYSTEM", and other kinds of servers.
-
-This element and the elements it encapulates may be safely ignored by
-applications, application servers, and KDCs that do not implement this
-element.
-
-B.4. KDC Issued
-
-AD-KDCIssued   SEQUENCE {
-               ad-checksum[0]    Checksum,
-                i-realm[1]       Realm OPTIONAL,
-                i-sname[2]       PrincipalName OPTIONAL,
-               elements[3]       AuthorizationData.
-}
-
-ad-checksum
-     A checksum over the elements field using a cryptographic checksum
-     method that is identical to the checksum used to protect the ticket
-     itself (i.e. using the same hash function and the same encryption
-     algorithm used to encrypt the ticket) and using a key derived from the
-     same key used to protect the ticket.
-i-realm, i-sname
-     The name of the issuing principal if different from the KDC itself.
-     This field would be used when the KDC can verify the authenticity of
-     elements signed by the issuing principal and it allows this KDC to
-     notify the application server of the validity of those elements.
-elements
-     A sequence of authorization data elements issued by the KDC.
-
-The KDC-issued ad-data field is intended to provide a means for Kerberos
-principal credentials to embed within themselves privilege attributes and
-other mechanisms for positive authorization, amplifying the priveleges of
-the principal beyond what can be done using a credentials without such an
-a-data element.
-
-This can not be provided without this element because the definition of the
-authorization-data field allows elements to be added at will by the bearer
-of a TGT at the time that they request service tickets and elements may also
-be added to a delegated ticket by inclusion in the authenticator.
-
-For KDC-issued elements this is prevented because the elements are signed by
-the KDC by including a checksum encrypted using the server's key (the same
-key used to encrypt the ticket - or a key derived from that key). Elements
-encapsulated with in the KDC-issued element will be ignored by the
-application server if this "signature" is not present. Further, elements
-encapsulated within this element from a ticket granting ticket may be
-interpreted by the KDC, and used as a basis according to policy for
-including new signed elements within derivative tickets, but they will not
-be copied to a derivative ticket directly. If they are copied directly to a
-derivative ticket by a KDC that is not aware of this element, the signature
-will not be correct for the application ticket elements, and the field will
-be ignored by the application server.
-
-This element and the elements it encapulates may be safely ignored by
-applications, application servers, and KDCs that do not implement this
-element.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-B.5. And-Or
-
-AD-AND-OR           SEQUENCE {
-                        condition-count[0]    INTEGER,
-                        elements[1]           AuthorizationData
-}
-
-When restrictive AD elements encapsulated within the and-or element are
-encountered, only the number specified in condition-count of the
-encapsulated conditions must be met in order to satisfy this element. This
-element may be used to implement an "or" operation by setting the
-condition-count field to 1, and it may specify an "and" operation by setting
-the condition count to the number of embedded elements. Application servers
-that do not implement this element must reject tickets that contain
-authorization data elements of this type.
-
-B.6. Mandatory ticket extensions
-
-AD-Mandatory-Ticket-Extensions   Checksum
-
-An authorization data element of type mandatory-ticket-extensions specifies
-a collision-proof checksum using the same hash algorithm used to protect the
-integrity of the ticket itself. This checksum will be calculated over an
-individual extension field. If there are more than one extension, multiple
-Mandatory-Ticket-Extensions authorization data elements may be present, each
-with a checksum for a different extension field. This restriction indicates
-that the ticket should not be accepted if a ticket extension is not present
-in the ticket for which the checksum does not match that checksum specified
-in the authorization data element. Application servers that do not implement
-this element must reject tickets that contain authorization data elements of
-this type.
-
-B.7. Authorization Data in ticket extensions
-
-AD-IN-Ticket-Extensions   Checksum
-
-An authorization data element of type in-ticket-extensions specifies a
-collision-proof checksum using the same hash algorithm used to protect the
-integrity of the ticket itself. This checksum is calculated over a separate
-external AuthorizationData field carried in the ticket extensions.
-Application servers that do not implement this element must reject tickets
-that contain authorization data elements of this type. Application servers
-that do implement this element will search the ticket extensions for
-authorization data fields, calculate the specified checksum over each
-authorization data field and look for one matching the checksum in this
-in-ticket-extensions element. If not found, then the ticket must be
-rejected. If found, the corresponding authorization data elements will be
-interpreted in the same manner as if they were contained in the top level
-authorization data field.
-
-Note that if multiple external authorization data fields are present in a
-ticket, each will have a corresponding element of type in-ticket-extensions
-in the top level authorization data field, and the external entries will be
-linked to the corresponding element by their checksums.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-C. Definition of common ticket extensions
-
-This appendix contains the definitions of common ticket extensions. Support
-for these extensions is optional. However, certain extensions have
-associated authorization data elements that may require rejection of a
-ticket containing an extension by application servers that do not implement
-the particular extension. Other extensions have been defined beyond those
-described in this specification. Such extensions are described elswhere and
-for some of those extensions the reserved number may be found in the list of
-constants.
-
-It is known that older versions of Kerberos did not support this field, and
-that some clients will strip this field from a ticket when they parse and
-then reassemble a ticket as it is passed to the application servers. The
-presence of the extension will not break such clients, but any functionaly
-dependent on the extensions will not work when such tickets are handled by
-old clients. In such situations, some implementation may use alternate
-methods to transmit the information in the extensions field.
-
-C.1. Null ticket extension
-
-TE-NullExtension   OctetString -- The empty Octet String
-
-The te-data field in the null ticket extension is an octet string of lenght
-zero. This extension may be included in a ticket granting ticket so that the
-KDC can determine on presentation of the ticket granting ticket whether the
-client software will strip the extensions field.
-
-C.2. External Authorization Data
-
-TE-ExternalAuthorizationData   AuthorizationData
-
-The te-data field in the external authorization data ticket extension is
-field of type AuthorizationData containing one or more authorization data
-elements. If present, a corresponding authorization data element will be
-present in the primary authorization data for the ticket and that element
-will contain a checksum of the external authorization data ticket extension.
-  ------------------------------------------------------------------------
-[TM] Project Athena, Athena, and Kerberos are trademarks of the
-Massachusetts Institute of Technology (MIT). No commercial use of these
-trademarks may be made without prior written permission of MIT.
-
-[1] Note, however, that many applications use Kerberos' functions only upon
-the initiation of a stream-based network connection. Unless an application
-subsequently provides integrity protection for the data stream, the identity
-verification applies only to the initiation of the connection, and does not
-guarantee that subsequent messages on the connection originate from the same
-principal.
-
-[2] Secret and private are often used interchangeably in the literature. In
-our usage, it takes two (or more) to share a secret, thus a shared DES key
-is a secret key. Something is only private when no one but its owner knows
-it. Thus, in public key cryptosystems, one has a public and a private key.
-
-[3] Of course, with appropriate permission the client could arrange
-registration of a separately-named prin- cipal in a remote realm, and engage
-in normal exchanges with that realm's services. However, for even small
-numbers of clients this becomes cumbersome, and more automatic methods as
-described here are necessary.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-[4] Though it is permissible to request or issue tick- ets with no network
-addresses specified.
-
-[5] The password-changing request must not be honored unless the requester
-can provide the old password (the user's current secret key). Otherwise, it
-would be possible for someone to walk up to an unattended ses- sion and
-change another user's password.
-
-[6] To authenticate a user logging on to a local system, the credentials
-obtained in the AS exchange may first be used in a TGS exchange to obtain
-credentials for a local server. Those credentials must then be verified by a
-local server through successful completion of the Client/Server exchange.
-
-[7] "Random" means that, among other things, it should be impossible to
-guess the next session key based on knowledge of past session keys. This can
-only be achieved in a pseudo-random number generator if it is based on
-cryptographic principles. It is more desirable to use a truly random number
-generator, such as one based on measurements of random physical phenomena.
-
-[8] Tickets contain both an encrypted and unencrypted portion, so cleartext
-here refers to the entire unit, which can be copied from one message and
-replayed in another without any cryptographic skill.
-
-[9] Note that this can make applications based on unreliable transports
-difficult to code correctly. If the transport might deliver duplicated
-messages, either a new authenticator must be generated for each retry, or
-the application server must match requests and replies and replay the first
-reply in response to a detected duplicate.
-
-[10] This is used for user-to-user authentication as described in [8].
-
-[11] Note that the rejection here is restricted to authenticators from the
-same principal to the same server. Other client principals communicating
-with the same server principal should not be have their authenticators
-rejected if the time and microsecond fields happen to match some other
-client's authenticator.
-
-[12] In the Kerberos version 4 protocol, the timestamp in the reply was the
-client's timestamp plus one. This is not necessary in version 5 because
-version 5 messages are formatted in such a way that it is not possible to
-create the reply by judicious message surgery (even in encrypted form)
-without knowledge of the appropriate encryption keys.
-
-[13] Note that for encrypting the KRB_AP_REP message, the sub-session key is
-not used, even if present in the Authenticator.
-
-[14] Implementations of the protocol may wish to provide routines to choose
-subkeys based on session keys and random numbers and to generate a
-negotiated key to be returned in the KRB_AP_REP message.
-
-[15]This can be accomplished in several ways. It might be known beforehand
-(since the realm is part of the principal identifier), it might be stored in
-a nameserver, or it might be obtained from a configura- tion file. If the
-realm to be used is obtained from a nameserver, there is a danger of being
-spoofed if the nameservice providing the realm name is not authenti- cated.
-This might result in the use of a realm which has been compromised, and
-would result in an attacker's ability to compromise the authentication of
-the application server to the client.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-[16] If the client selects a sub-session key, care must be taken to ensure
-the randomness of the selected sub- session key. One approach would be to
-generate a random number and XOR it with the session key from the
-ticket-granting ticket.
-
-[17] This allows easy implementation of user-to-user authentication [8],
-which uses ticket-granting ticket session keys in lieu of secret server keys
-in situa- tions where such secret keys could be easily comprom- ised.
-
-[18] For the purpose of appending, the realm preceding the first listed
-realm is considered to be the null realm ("").
-
-[19] For the purpose of interpreting null subfields, the client's realm is
-considered to precede those in the transited field, and the server's realm
-is considered to follow them.
-
-[20] This means that a client and server running on the same host and
-communicating with one another using the KRB_SAFE messages should not share
-a common replay cache to detect KRB_SAFE replays.
-
-[21] The implementation of the Kerberos server need not combine the database
-and the server on the same machine; it is feasible to store the principal
-database in, say, a network name service, as long as the entries stored
-therein are protected from disclosure to and modification by unauthorized
-parties. However, we recommend against such strategies, as they can make
-system management and threat analysis quite complex.
-
-[22] See the discussion of the padata field in section 5.4.2 for details on
-why this can be useful.
-
-[23] Warning for implementations that unpack and repack data structures
-during the generation and verification of embedded checksums: Because any
-checksums applied to data structures must be checked against the original
-data the length of bit strings must be preserved within a data structure
-between the time that a checksum is generated through transmission to the
-time that the checksum is verified.
-
-[24] It is NOT recommended that this time value be used to adjust the
-workstation's clock since the workstation cannot reliably determine that
-such a KRB_AS_REP actually came from the proper KDC in a timely manner.
-
-[25] Note, however, that if the time is used as the nonce, one must make
-sure that the workstation time is monotonically increasing. If the time is
-ever reset backwards, there is a small, but finite, probability that a nonce
-will be reused.
-
-[27] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[29] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-[31] An application code in the encrypted part of a message provides an
-additional check that the message was decrypted properly.
-
-
-Neuman, Ts'o, Kohl                                 Expires: 25 December,
-1999
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-04          June 25,
-1999
-
-[32] If supported by the encryption method in use, an initialization vector
-may be passed to the encryption procedure, in order to achieve proper cipher
-chaining. The initialization vector might come from the last block of the
-ciphertext from the previous KRB_PRIV message, but it is the application's
-choice whether or not to use such an initialization vector. If left out, the
-default initialization vector for the encryption algorithm will be used.
-
-[33] This prevents an attacker who generates an incorrect AS request from
-obtaining verifiable plaintext for use in an off-line password guessing
-attack.
-
-[35] In the above specification, UNTAGGED OCTET STRING(length) is the
-notation for an octet string with its tag and length removed. It is not a
-valid ASN.1 type. The tag bits and length must be removed from the
-confounder since the purpose of the confounder is so that the message starts
-with random data, but the tag and its length are fixed. For other fields,
-the length and tag would be redundant if they were included because they are
-specified by the encryption type. [36] The ordering of the fields in the
-CipherText is important. Additionally, messages encoded in this format must
-include a length as part of the msg-seq field. This allows the recipient to
-verify that the message has not been truncated. Without a length, an
-attacker could use a chosen plaintext attack to generate a message which
-could be truncated, while leaving the checksum intact. Note that if the
-msg-seq is an encoding of an ASN.1 SEQUENCE or OCTET STRING, then the length
-is part of that encoding.
-
-[37] In some cases, it may be necessary to use a different "mix-in" string
-for compatibility reasons; see the discussion of padata in section 5.4.2.
-
-[38] In some cases, it may be necessary to use a different "mix-in" string
-for compatibility reasons; see the discussion of padata in section 5.4.2.
-
-[39] A variant of the key is used to limit the use of a key to a particular
-function, separating the functions of generating a checksum from other
-encryption performed using the session key. The constant F0F0F0F0F0F0F0F0
-was chosen because it maintains key parity. The properties of DES precluded
-the use of the complement. The same constant is used for similar purpose in
-the Message Integrity Check in the Privacy Enhanced Mail standard.
-
-[40] This error carries additional information in the e- data field. The
-contents of the e-data field for this message is described in section 5.9.1.
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-05.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-05.txt
deleted file mode 100644
index 15921248c117..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-05.txt
+++ /dev/null
@@ -1,6866 +0,0 @@
-INTERNET-DRAFT                                           Clifford Neuman
-                                                               John Kohl
-                                                           Theodore Ts'o
-                                                          March 10, 2000
-                                              Expires September 10, 2000
-
-The Kerberos Network Authentication Service (V5)
-draft-ietf-cat-kerberos-revisions-05.txt
-
-STATUS OF THIS MEMO
-
-This document is an Internet-Draft and is in full conformance with all
-provisions of Section 10 of RFC 2026. Internet-Drafts are working documents
-of the Internet Engineering Task Force (IETF), its areas, and its working
-groups. Note that other groups may also distribute working documents as
-Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six months and
-may be updated, replaced, or obsoleted by other documents at any time. It is
-inappropriate to use Internet-Drafts as reference material or to cite them
-other than as "work in progress."
-
-The list of current Internet-Drafts can be accessed at
-http://www.ietf.org/ietf/1id-abstracts.txt
-
-The list of Internet-Draft Shadow Directories can be accessed at
-http://www.ietf.org/shadow.html.
-
-To learn the current status of any Internet-Draft, please check the
-"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
-Directories on ftp.ietf.org (US East Coast), nic.nordu.net (Europe),
-ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
-
-The distribution of this memo is unlimited. It is filed as
-draft-ietf-cat-kerberos-revisions-05.txt, and expires September 10, 2000.
-Please send comments to: krb-protocol@MIT.EDU
-
-ABSTRACT
-
-This document provides an overview and specification of Version 5 of the
-Kerberos protocol, and updates RFC1510 to clarify aspects of the protocol
-and its intended use that require more detailed or clearer explanation than
-was provided in RFC1510. This document is intended to provide a detailed
-description of the protocol, suitable for implementation, together with
-descriptions of the appropriate use of protocol messages and fields within
-those messages.
-
-This document is not intended to describe Kerberos to the end user, system
-administrator, or application developer. Higher level papers describing
-Version 5 of the Kerberos system [NT94] and documenting version 4 [SNS88],
-are available elsewhere.
-
-OVERVIEW
-
-This INTERNET-DRAFT describes the concepts and model upon which the Kerberos
-network authentication system is based. It also specifies Version 5 of the
-Kerberos protocol.
-
-The motivations, goals, assumptions, and rationale behind most design
-decisions are treated cursorily; they are more fully described in a paper
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-available in IEEE communications [NT94] and earlier in the Kerberos portion
-of the Athena Technical Plan [MNSS87]. The protocols have been a proposed
-standard and are being considered for advancement for draft standard through
-the IETF standard process. Comments are encouraged on the presentation, but
-only minor refinements to the protocol as implemented or extensions that fit
-within current protocol framework will be considered at this time.
-
-Requests for addition to an electronic mailing list for discussion of
-Kerberos, kerberos@MIT.EDU, may be addressed to kerberos-request@MIT.EDU.
-This mailing list is gatewayed onto the Usenet as the group
-comp.protocols.kerberos. Requests for further information, including
-documents and code availability, may be sent to info-kerberos@MIT.EDU.
-
-BACKGROUND
-
-The Kerberos model is based in part on Needham and Schroeder's trusted
-third-party authentication protocol [NS78] and on modifications suggested by
-Denning and Sacco [DS81]. The original design and implementation of Kerberos
-Versions 1 through 4 was the work of two former Project Athena staff
-members, Steve Miller of Digital Equipment Corporation and Clifford Neuman
-(now at the Information Sciences Institute of the University of Southern
-California), along with Jerome Saltzer, Technical Director of Project
-Athena, and Jeffrey Schiller, MIT Campus Network Manager. Many other members
-of Project Athena have also contributed to the work on Kerberos.
-
-Version 5 of the Kerberos protocol (described in this document) has evolved
-from Version 4 based on new requirements and desires for features not
-available in Version 4. The design of Version 5 of the Kerberos protocol was
-led by Clifford Neuman and John Kohl with much input from the community. The
-development of the MIT reference implementation was led at MIT by John Kohl
-and Theodore T'so, with help and contributed code from many others. Since
-RFC1510 was issued, extensions and revisions to the protocol have been
-proposed by many individuals. Some of these proposals are reflected in this
-document. Where such changes involved significant effort, the document cites
-the contribution of the proposer.
-
-Reference implementations of both version 4 and version 5 of Kerberos are
-publicly available and commercial implementations have been developed and
-are widely used. Details on the differences between Kerberos Versions 4 and
-5 can be found in [KNT92].
-
-1. Introduction
-
-Kerberos provides a means of verifying the identities of principals, (e.g. a
-workstation user or a network server) on an open (unprotected) network. This
-is accomplished without relying on assertions by the host operating system,
-without basing trust on host addresses, without requiring physical security
-of all the hosts on the network, and under the assumption that packets
-traveling along the network can be read, modified, and inserted at will[1].
-Kerberos performs authentication under these conditions as a trusted
-third-party authentication service by using conventional (shared secret key
-[2] cryptography. Kerberos extensions have been proposed and implemented
-that provide for the use of public key cryptography during certain phases of
-the authentication protocol. These extensions provide for authentication of
-users registered with public key certification authorities, and allow the
-system to provide certain benefits of public key cryptography in situations
-where they are needed.
-
-The basic Kerberos authentication process proceeds as follows: A client
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-sends a request to the authentication server (AS) requesting 'credentials'
-for a given server. The AS responds with these credentials, encrypted in the
-client's key. The credentials consist of 1) a 'ticket' for the server and 2)
-a temporary encryption key (often called a "session key"). The client
-transmits the ticket (which contains the client's identity and a copy of the
-session key, all encrypted in the server's key) to the server. The session
-key (now shared by the client and server) is used to authenticate the
-client, and may optionally be used to authenticate the server. It may also
-be used to encrypt further communication between the two parties or to
-exchange a separate sub-session key to be used to encrypt further
-communication.
-
-Implementation of the basic protocol consists of one or more authentication
-servers running on physically secure hosts. The authentication servers
-maintain a database of principals (i.e., users and servers) and their secret
-keys. Code libraries provide encryption and implement the Kerberos protocol.
-In order to add authentication to its transactions, a typical network
-application adds one or two calls to the Kerberos library directly or
-through the Generic Security Services Application Programming Interface,
-GSSAPI, described in separate document. These calls result in the
-transmission of the necessary messages to achieve authentication.
-
-The Kerberos protocol consists of several sub-protocols (or exchanges).
-There are two basic methods by which a client can ask a Kerberos server for
-credentials. In the first approach, the client sends a cleartext request for
-a ticket for the desired server to the AS. The reply is sent encrypted in
-the client's secret key. Usually this request is for a ticket-granting
-ticket (TGT) which can later be used with the ticket-granting server (TGS).
-In the second method, the client sends a request to the TGS. The client uses
-the TGT to authenticate itself to the TGS in the same manner as if it were
-contacting any other application server that requires Kerberos
-authentication. The reply is encrypted in the session key from the TGT.
-Though the protocol specification describes the AS and the TGS as separate
-servers, they are implemented in practice as different protocol entry points
-within a single Kerberos server.
-
-Once obtained, credentials may be used to verify the identity of the
-principals in a transaction, to ensure the integrity of messages exchanged
-between them, or to preserve privacy of the messages. The application is
-free to choose whatever protection may be necessary.
-
-To verify the identities of the principals in a transaction, the client
-transmits the ticket to the application server. Since the ticket is sent "in
-the clear" (parts of it are encrypted, but this encryption doesn't thwart
-replay) and might be intercepted and reused by an attacker, additional
-information is sent to prove that the message originated with the principal
-to whom the ticket was issued. This information (called the authenticator)
-is encrypted in the session key, and includes a timestamp. The timestamp
-proves that the message was recently generated and is not a replay.
-Encrypting the authenticator in the session key proves that it was generated
-by a party possessing the session key. Since no one except the requesting
-principal and the server know the session key (it is never sent over the
-network in the clear) this guarantees the identity of the client.
-
-The integrity of the messages exchanged between principals can also be
-guaranteed using the session key (passed in the ticket and contained in the
-credentials). This approach provides detection of both replay attacks and
-message stream modification attacks. It is accomplished by generating and
-transmitting a collision-proof checksum (elsewhere called a hash or digest
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-function) of the client's message, keyed with the session key. Privacy and
-integrity of the messages exchanged between principals can be secured by
-encrypting the data to be passed using the session key contained in the
-ticket or the subsession key found in the authenticator.
-
-The authentication exchanges mentioned above require read-only access to the
-Kerberos database. Sometimes, however, the entries in the database must be
-modified, such as when adding new principals or changing a principal's key.
-This is done using a protocol between a client and a third Kerberos server,
-the Kerberos Administration Server (KADM). There is also a protocol for
-maintaining multiple copies of the Kerberos database. Neither of these
-protocols are described in this document.
-
-1.1. Cross-Realm Operation
-
-The Kerberos protocol is designed to operate across organizational
-boundaries. A client in one organization can be authenticated to a server in
-another. Each organization wishing to run a Kerberos server establishes its
-own 'realm'. The name of the realm in which a client is registered is part
-of the client's name, and can be used by the end-service to decide whether
-to honor a request.
-
-By establishing 'inter-realm' keys, the administrators of two realms can
-allow a client authenticated in the local realm to prove its identity to
-servers in other realms[3]. The exchange of inter-realm keys (a separate key
-may be used for each direction) registers the ticket-granting service of
-each realm as a principal in the other realm. A client is then able to
-obtain a ticket-granting ticket for the remote realm's ticket-granting
-service from its local realm. When that ticket-granting ticket is used, the
-remote ticket-granting service uses the inter-realm key (which usually
-differs from its own normal TGS key) to decrypt the ticket-granting ticket,
-and is thus certain that it was issued by the client's own TGS. Tickets
-issued by the remote ticket-granting service will indicate to the
-end-service that the client was authenticated from another realm.
-
-A realm is said to communicate with another realm if the two realms share an
-inter-realm key, or if the local realm shares an inter-realm key with an
-intermediate realm that communicates with the remote realm. An
-authentication path is the sequence of intermediate realms that are
-transited in communicating from one realm to another.
-
-Realms are typically organized hierarchically. Each realm shares a key with
-its parent and a different key with each child. If an inter-realm key is not
-directly shared by two realms, the hierarchical organization allows an
-authentication path to be easily constructed. If a hierarchical organization
-is not used, it may be necessary to consult a database in order to construct
-an authentication path between realms.
-
-Although realms are typically hierarchical, intermediate realms may be
-bypassed to achieve cross-realm authentication through alternate
-authentication paths (these might be established to make communication
-between two realms more efficient). It is important for the end-service to
-know which realms were transited when deciding how much faith to place in
-the authentication process. To facilitate this decision, a field in each
-ticket contains the names of the realms that were involved in authenticating
-the client.
-
-The application server is ultimately responsible for accepting or rejecting
-authentication and should check the transited field. The application server
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-may choose to rely on the KDC for the application server's realm to check
-the transited field. The application server's KDC will set the
-TRANSITED-POLICY-CHECKED flag in this case. The KDC's for intermediate
-realms may also check the transited field as they issue
-ticket-granting-tickets for other realms, but they are encouraged not to do
-so. A client may request that the KDC's not check the transited field by
-setting the DISABLE-TRANSITED-CHECK flag. KDC's are encouraged but not
-required to honor this flag.
-
-1.2. Authorization
-
-As an authentication service, Kerberos provides a means of verifying the
-identity of principals on a network. Authentication is usually useful
-primarily as a first step in the process of authorization, determining
-whether a client may use a service, which objects the client is allowed to
-access, and the type of access allowed for each. Kerberos does not, by
-itself, provide authorization. Possession of a client ticket for a service
-provides only for authentication of the client to that service, and in the
-absence of a separate authorization procedure, it should not be considered
-by an application as authorizing the use of that service.
-
-Such separate authorization methods may be implemented as application
-specific access control functions and may be based on files such as the
-application server, or on separately issued authorization credentials such
-as those based on proxies [Neu93], or on other authorization services.
-Separately authenticated authorization credentials may be embedded in a
-tickets authorization data when encapsulated by the kdc-issued authorization
-data element.
-
-Applications should not be modified to accept the mere issuance of a service
-ticket by the Kerberos server (even by a modified Kerberos server) as
-granting authority to use the service, since such applications may become
-vulnerable to the bypass of this authorization check in an environment if
-they interoperate with other KDCs or where other options for application
-authentication (e.g. the PKTAPP proposal) are provided.
-
-1.3. Environmental assumptions
-
-Kerberos imposes a few assumptions on the environment in which it can
-properly function:
-
-   * 'Denial of service' attacks are not solved with Kerberos. There are
-     places in these protocols where an intruder can prevent an application
-     from participating in the proper authentication steps. Detection and
-     solution of such attacks (some of which can appear to be nnot-uncommon
-     'normal' failure modes for the system) is usually best left to the
-     human administrators and users.
-   * Principals must keep their secret keys secret. If an intruder somehow
-     steals a principal's key, it will be able to masquerade as that
-     principal or impersonate any server to the legitimate principal.
-   * 'Password guessing' attacks are not solved by Kerberos. If a user
-     chooses a poor password, it is possible for an attacker to successfully
-     mount an offline dictionary attack by repeatedly attempting to decrypt,
-     with successive entries from a dictionary, messages obtained which are
-     encrypted under a key derived from the user's password.
-   * Each host on the network must have a clock which is 'loosely
-     synchronized' to the time of the other hosts; this synchronization is
-     used to reduce the bookkeeping needs of application servers when they
-     do replay detection. The degree of "looseness" can be configured on a
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     per-server basis, but is typically on the order of 5 minutes. If the
-     clocks are synchronized over the network, the clock synchronization
-     protocol must itself be secured from network attackers.
-   * Principal identifiers are not recycled on a short-term basis. A typical
-     mode of access control will use access control lists (ACLs) to grant
-     permissions to particular principals. If a stale ACL entry remains for
-     a deleted principal and the principal identifier is reused, the new
-     principal will inherit rights specified in the stale ACL entry. By not
-     re-using principal identifiers, the danger of inadvertent access is
-     removed.
-
-1.4. Glossary of terms
-
-Below is a list of terms used throughout this document.
-
-Authentication
-     Verifying the claimed identity of a principal.
-Authentication header
-     A record containing a Ticket and an Authenticator to be presented to a
-     server as part of the authentication process.
-Authentication path
-     A sequence of intermediate realms transited in the authentication
-     process when communicating from one realm to another.
-Authenticator
-     A record containing information that can be shown to have been recently
-     generated using the session key known only by the client and server.
-Authorization
-     The process of determining whether a client may use a service, which
-     objects the client is allowed to access, and the type of access allowed
-     for each.
-Capability
-     A token that grants the bearer permission to access an object or
-     service. In Kerberos, this might be a ticket whose use is restricted by
-     the contents of the authorization data field, but which lists no
-     network addresses, together with the session key necessary to use the
-     ticket.
-Ciphertext
-     The output of an encryption function. Encryption transforms plaintext
-     into ciphertext.
-Client
-     A process that makes use of a network service on behalf of a user. Note
-     that in some cases a Server may itself be a client of some other server
-     (e.g. a print server may be a client of a file server).
-Credentials
-     A ticket plus the secret session key necessary to successfully use that
-     ticket in an authentication exchange.
-KDC
-     Key Distribution Center, a network service that supplies tickets and
-     temporary session keys; or an instance of that service or the host on
-     which it runs. The KDC services both initial ticket and ticket-granting
-     ticket requests. The initial ticket portion is sometimes referred to as
-     the Authentication Server (or service). The ticket-granting ticket
-     portion is sometimes referred to as the ticket-granting server (or
-     service).
-Kerberos
-     Aside from the 3-headed dog guarding Hades, the name given to Project
-     Athena's authentication service, the protocol used by that service, or
-     the code used to implement the authentication service.
-Plaintext
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     The input to an encryption function or the output of a decryption
-     function. Decryption transforms ciphertext into plaintext.
-Principal
-     A uniquely named client or server instance that participates in a
-     network communication.
-Principal identifier
-     The name used to uniquely identify each different principal.
-Seal
-     To encipher a record containing several fields in such a way that the
-     fields cannot be individually replaced without either knowledge of the
-     encryption key or leaving evidence of tampering.
-Secret key
-     An encryption key shared by a principal and the KDC, distributed
-     outside the bounds of the system, with a long lifetime. In the case of
-     a human user's principal, the secret key is derived from a password.
-Server
-     A particular Principal which provides a resource to network clients.
-     The server is sometimes refered to as the Application Server.
-Service
-     A resource provided to network clients; often provided by more than one
-     server (for example, remote file service).
-Session key
-     A temporary encryption key used between two principals, with a lifetime
-     limited to the duration of a single login "session".
-Sub-session key
-     A temporary encryption key used between two principals, selected and
-     exchanged by the principals using the session key, and with a lifetime
-     limited to the duration of a single association.
-Ticket
-     A record that helps a client authenticate itself to a server; it
-     contains the client's identity, a session key, a timestamp, and other
-     information, all sealed using the server's secret key. It only serves
-     to authenticate a client when presented along with a fresh
-     Authenticator.
-
-2. Ticket flag uses and requests
-
-Each Kerberos ticket contains a set of flags which are used to indicate
-various attributes of that ticket. Most flags may be requested by a client
-when the ticket is obtained; some are automatically turned on and off by a
-Kerberos server as required. The following sections explain what the various
-flags mean, and gives examples of reasons to use such a flag.
-
-2.1. Initial and pre-authenticated tickets
-
-The INITIAL flag indicates that a ticket was issued using the AS protocol
-and not issued based on a ticket-granting ticket. Application servers that
-want to require the demonstrated knowledge of a client's secret key (e.g. a
-password-changing program) can insist that this flag be set in any tickets
-they accept, and thus be assured that the client's key was recently
-presented to the application client.
-
-The PRE-AUTHENT and HW-AUTHENT flags provide addition information about the
-initial authentication, regardless of whether the current ticket was issued
-directly (in which case INITIAL will also be set) or issued on the basis of
-a ticket-granting ticket (in which case the INITIAL flag is clear, but the
-PRE-AUTHENT and HW-AUTHENT flags are carried forward from the
-ticket-granting ticket).
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-2.2. Invalid tickets
-
-The INVALID flag indicates that a ticket is invalid. Application servers
-must reject tickets which have this flag set. A postdated ticket will
-usually be issued in this form. Invalid tickets must be validated by the KDC
-before use, by presenting them to the KDC in a TGS request with the VALIDATE
-option specified. The KDC will only validate tickets after their starttime
-has passed. The validation is required so that postdated tickets which have
-been stolen before their starttime can be rendered permanently invalid
-(through a hot-list mechanism) (see section 3.3.3.1).
-
-2.3. Renewable tickets
-
-Applications may desire to hold tickets which can be valid for long periods
-of time. However, this can expose their credentials to potential theft for
-equally long periods, and those stolen credentials would be valid until the
-expiration time of the ticket(s). Simply using short-lived tickets and
-obtaining new ones periodically would require the client to have long-term
-access to its secret key, an even greater risk. Renewable tickets can be
-used to mitigate the consequences of theft. Renewable tickets have two
-"expiration times": the first is when the current instance of the ticket
-expires, and the second is the latest permissible value for an individual
-expiration time. An application client must periodically (i.e. before it
-expires) present a renewable ticket to the KDC, with the RENEW option set in
-the KDC request. The KDC will issue a new ticket with a new session key and
-a later expiration time. All other fields of the ticket are left unmodified
-by the renewal process. When the latest permissible expiration time arrives,
-the ticket expires permanently. At each renewal, the KDC may consult a
-hot-list to determine if the ticket had been reported stolen since its last
-renewal; it will refuse to renew such stolen tickets, and thus the usable
-lifetime of stolen tickets is reduced.
-
-The RENEWABLE flag in a ticket is normally only interpreted by the
-ticket-granting service (discussed below in section 3.3). It can usually be
-ignored by application servers. However, some particularly careful
-application servers may wish to disallow renewable tickets.
-
-If a renewable ticket is not renewed by its expiration time, the KDC will
-not renew the ticket. The RENEWABLE flag is reset by default, but a client
-may request it be set by setting the RENEWABLE option in the KRB_AS_REQ
-message. If it is set, then the renew-till field in the ticket contains the
-time after which the ticket may not be renewed.
-
-2.4. Postdated tickets
-
-Applications may occasionally need to obtain tickets for use much later,
-e.g. a batch submission system would need tickets to be valid at the time
-the batch job is serviced. However, it is dangerous to hold valid tickets in
-a batch queue, since they will be on-line longer and more prone to theft.
-Postdated tickets provide a way to obtain these tickets from the KDC at job
-submission time, but to leave them "dormant" until they are activated and
-validated by a further request of the KDC. If a ticket theft were reported
-in the interim, the KDC would refuse to validate the ticket, and the thief
-would be foiled.
-
-The MAY-POSTDATE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. This flag
-must be set in a ticket-granting ticket in order to issue a postdated ticket
-based on the presented ticket. It is reset by default; it may be requested
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-by a client by setting the ALLOW-POSTDATE option in the KRB_AS_REQ message.
-This flag does not allow a client to obtain a postdated ticket-granting
-ticket; postdated ticket-granting tickets can only by obtained by requesting
-the postdating in the KRB_AS_REQ message. The life (endtime-starttime) of a
-postdated ticket will be the remaining life of the ticket-granting ticket at
-the time of the request, unless the RENEWABLE option is also set, in which
-case it can be the full life (endtime-starttime) of the ticket-granting
-ticket. The KDC may limit how far in the future a ticket may be postdated.
-
-The POSTDATED flag indicates that a ticket has been postdated. The
-application server can check the authtime field in the ticket to see when
-the original authentication occurred. Some services may choose to reject
-postdated tickets, or they may only accept them within a certain period
-after the original authentication. When the KDC issues a POSTDATED ticket,
-it will also be marked as INVALID, so that the application client must
-present the ticket to the KDC to be validated before use.
-
-2.5. Proxiable and proxy tickets
-
-At times it may be necessary for a principal to allow a service to perform
-an operation on its behalf. The service must be able to take on the identity
-of the client, but only for a particular purpose. A principal can allow a
-service to take on the principal's identity for a particular purpose by
-granting it a proxy.
-
-The process of granting a proxy using the proxy and proxiable flags is used
-to provide credentials for use with specific services. Though conceptually
-also a proxy, user's wishing to delegate their identity for ANY purpose must
-use the ticket forwarding mechanism described in the next section to forward
-a ticket granting ticket.
-
-The PROXIABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. When set,
-this flag tells the ticket-granting server that it is OK to issue a new
-ticket (but not a ticket-granting ticket) with a different network address
-based on this ticket. This flag is set if requested by the client on initial
-authentication. By default, the client will request that it be set when
-requesting a ticket granting ticket, and reset when requesting any other
-ticket.
-
-This flag allows a client to pass a proxy to a server to perform a remote
-request on its behalf, e.g. a print service client can give the print server
-a proxy to access the client's files on a particular file server in order to
-satisfy a print request.
-
-In order to complicate the use of stolen credentials, Kerberos tickets are
-usually valid from only those network addresses specifically included in the
-ticket[4]. When granting a proxy, the client must specify the new network
-address from which the proxy is to be used, or indicate that the proxy is to
-be issued for use from any address.
-
-The PROXY flag is set in a ticket by the TGS when it issues a proxy ticket.
-Application servers may check this flag and at their option they may require
-additional authentication from the agent presenting the proxy in order to
-provide an audit trail.
-
-2.6. Forwardable tickets
-
-Authentication forwarding is an instance of a proxy where the service is
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-granted complete use of the client's identity. An example where it might be
-used is when a user logs in to a remote system and wants authentication to
-work from that system as if the login were local.
-
-The FORWARDABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. The
-FORWARDABLE flag has an interpretation similar to that of the PROXIABLE
-flag, except ticket-granting tickets may also be issued with different
-network addresses. This flag is reset by default, but users may request that
-it be set by setting the FORWARDABLE option in the AS request when they
-request their initial ticket- granting ticket.
-
-This flag allows for authentication forwarding without requiring the user to
-enter a password again. If the flag is not set, then authentication
-forwarding is not permitted, but the same result can still be achieved if
-the user engages in the AS exchange specifying the requested network
-addresses and supplies a password.
-
-The FORWARDED flag is set by the TGS when a client presents a ticket with
-the FORWARDABLE flag set and requests a forwarded ticket by specifying the
-FORWARDED KDC option and supplying a set of addresses for the new ticket. It
-is also set in all tickets issued based on tickets with the FORWARDED flag
-set. Application servers may choose to process FORWARDED tickets differently
-than non-FORWARDED tickets.
-
-2.7. Other KDC options
-
-There are two additional options which may be set in a client's request of
-the KDC. The RENEWABLE-OK option indicates that the client will accept a
-renewable ticket if a ticket with the requested life cannot otherwise be
-provided. If a ticket with the requested life cannot be provided, then the
-KDC may issue a renewable ticket with a renew-till equal to the the
-requested endtime. The value of the renew-till field may still be adjusted
-by site-determined limits or limits imposed by the individual principal or
-server.
-
-The ENC-TKT-IN-SKEY option is honored only by the ticket-granting service.
-It indicates that the ticket to be issued for the end server is to be
-encrypted in the session key from the a additional second ticket-granting
-ticket provided with the request. See section 3.3.3 for specific details.
-
-3. Message Exchanges
-
-The following sections describe the interactions between network clients and
-servers and the messages involved in those exchanges.
-
-3.1. The Authentication Service Exchange
-
-                          Summary
-      Message direction       Message type    Section
-      1. Client to Kerberos   KRB_AS_REQ      5.4.1
-      2. Kerberos to client   KRB_AS_REP or   5.4.2
-                              KRB_ERROR       5.9.1
-
-The Authentication Service (AS) Exchange between the client and the Kerberos
-Authentication Server is initiated by a client when it wishes to obtain
-authentication credentials for a given server but currently holds no
-credentials. In its basic form, the client's secret key is used for
-encryption and decryption. This exchange is typically used at the initiation
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-of a login session to obtain credentials for a Ticket-Granting Server which
-will subsequently be used to obtain credentials for other servers (see
-section 3.3) without requiring further use of the client's secret key. This
-exchange is also used to request credentials for services which must not be
-mediated through the Ticket-Granting Service, but rather require a
-principal's secret key, such as the password-changing service[5]. This
-exchange does not by itself provide any assurance of the the identity of the
-user[6].
-
-The exchange consists of two messages: KRB_AS_REQ from the client to
-Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these
-messages are described in sections 5.4.1, 5.4.2, and 5.9.1.
-
-In the request, the client sends (in cleartext) its own identity and the
-identity of the server for which it is requesting credentials. The response,
-KRB_AS_REP, contains a ticket for the client to present to the server, and a
-session key that will be shared by the client and the server. The session
-key and additional information are encrypted in the client's secret key. The
-KRB_AS_REP message contains information which can be used to detect replays,
-and to associate it with the message to which it replies. Various errors can
-occur; these are indicated by an error response (KRB_ERROR) instead of the
-KRB_AS_REP response. The error message is not encrypted. The KRB_ERROR
-message contains information which can be used to associate it with the
-message to which it replies. The lack of encryption in the KRB_ERROR message
-precludes the ability to detect replays, fabrications, or modifications of
-such messages.
-
-Without preautentication, the authentication server does not know whether
-the client is actually the principal named in the request. It simply sends a
-reply without knowing or caring whether they are the same. This is
-acceptable because nobody but the principal whose identity was given in the
-request will be able to use the reply. Its critical information is encrypted
-in that principal's key. The initial request supports an optional field that
-can be used to pass additional information that might be needed for the
-initial exchange. This field may be used for preauthentication as described
-in section [hl<>].
-
-3.1.1. Generation of KRB_AS_REQ message
-
-The client may specify a number of options in the initial request. Among
-these options are whether pre-authentication is to be performed; whether the
-requested ticket is to be renewable, proxiable, or forwardable; whether it
-should be postdated or allow postdating of derivative tickets; and whether a
-renewable ticket will be accepted in lieu of a non-renewable ticket if the
-requested ticket expiration date cannot be satisfied by a non-renewable
-ticket (due to configuration constraints; see section 4). See section A.1
-for pseudocode.
-
-The client prepares the KRB_AS_REQ message and sends it to the KDC.
-
-3.1.2. Receipt of KRB_AS_REQ message
-
-If all goes well, processing the KRB_AS_REQ message will result in the
-creation of a ticket for the client to present to the server. The format for
-the ticket is described in section 5.3.1. The contents of the ticket are
-determined as follows.
-
-3.1.3. Generation of KRB_AS_REP message
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-The authentication server looks up the client and server principals named in
-the KRB_AS_REQ in its database, extracting their respective keys. If
-required, the server pre-authenticates the request, and if the
-pre-authentication check fails, an error message with the code
-KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate the
-requested encryption type, an error message with code KDC_ERR_ETYPE_NOSUPP
-is returned. Otherwise it generates a 'random' session key[7].
-
-If there are multiple encryption keys registered for a client in the
-Kerberos database (or if the key registered supports multiple encryption
-types; e.g. DES-CBC-CRC and DES-CBC-MD5), then the etype field from the AS
-request is used by the KDC to select the encryption method to be used for
-encrypting the response to the client. If there is more than one supported,
-strong encryption type in the etype list, the first valid etype for which an
-encryption key is available is used. The encryption method used to respond
-to a TGS request is taken from the keytype of the session key found in the
-ticket granting ticket. [***I will change the example keytypes to be 3DES
-based examples 7/14***]
-
-When the etype field is present in a KDC request, whether an AS or TGS
-request, the KDC will attempt to assign the type of the random session key
-from the list of methods in the etype field. The KDC will select the
-appropriate type using the list of methods provided together with
-information from the Kerberos database indicating acceptable encryption
-methods for the application server. The KDC will not issue tickets with a
-weak session key encryption type.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified then the error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise
-the requested start time is checked against the policy of the local realm
-(the administrator might decide to prohibit certain types or ranges of
-postdated tickets), and if acceptable, the ticket's start time is set as
-requested and the INVALID flag is set in the new ticket. The postdated
-ticket must be validated before use by presenting it to the KDC after the
-start time has been reached.
-
-The expiration time of the ticket will be set to the minimum of the
-following:
-
-   * The expiration time (endtime) requested in the KRB_AS_REQ message.
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the client principal (the authentication server's database
-     includes a maximum ticket lifetime field in each principal's record;
-     see section 4).
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the server principal.
-   * The ticket's start time plus the maximum lifetime set by the policy of
-     the local realm.
-
-If the requested expiration time minus the start time (as determined above)
-is less than a site-determined minimum lifetime, an error message with code
-KDC_ERR_NEVER_VALID is returned. If the requested expiration time for the
-ticket exceeds what was determined as above, and if the 'RENEWABLE-OK'
-option was requested, then the 'RENEWABLE' flag is set in the new ticket,
-and the renew-till value is set as if the 'RENEWABLE' option were requested
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-(the field and option names are described fully in section 5.4.1).
-
-If the RENEWABLE option has been requested or if the RENEWABLE-OK option has
-been set and a renewable ticket is to be issued, then the renew-till field
-is set to the minimum of:
-
-   * Its requested value.
-   * The start time of the ticket plus the minimum of the two maximum
-     renewable lifetimes associated with the principals' database entries.
-   * The start time of the ticket plus the maximum renewable lifetime set by
-     the policy of the local realm.
-
-The flags field of the new ticket will have the following options set if
-they have been requested and if the policy of the local realm allows:
-FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE. If the new
-ticket is post-dated (the start time is in the future), its INVALID flag
-will also be set.
-
-If all of the above succeed, the server formats a KRB_AS_REP message (see
-section 5.4.2), copying the addresses in the request into the caddr of the
-response, placing any required pre-authentication data into the padata of
-the response, and encrypts the ciphertext part in the client's key using the
-requested encryption method, and sends it to the client. See section A.2 for
-pseudocode.
-
-3.1.4. Generation of KRB_ERROR message
-
-Several errors can occur, and the Authentication Server responds by
-returning an error message, KRB_ERROR, to the client, with the error-code
-and e-text fields set to appropriate values. The error message contents and
-details are described in Section 5.9.1.
-
-3.1.5. Receipt of KRB_AS_REP message
-
-If the reply message type is KRB_AS_REP, then the client verifies that the
-cname and crealm fields in the cleartext portion of the reply match what it
-requested. If any padata fields are present, they may be used to derive the
-proper secret key to decrypt the message. The client decrypts the encrypted
-part of the response using its secret key, verifies that the nonce in the
-encrypted part matches the nonce it supplied in its request (to detect
-replays). It also verifies that the sname and srealm in the response match
-those in the request (or are otherwise expected values), and that the host
-address field is also correct. It then stores the ticket, session key, start
-and expiration times, and other information for later use. The
-key-expiration field from the encrypted part of the response may be checked
-to notify the user of impending key expiration (the client program could
-then suggest remedial action, such as a password change). See section A.3
-for pseudocode.
-
-Proper decryption of the KRB_AS_REP message is not sufficient to verify the
-identity of the user; the user and an attacker could cooperate to generate a
-KRB_AS_REP format message which decrypts properly but is not from the proper
-KDC. If the host wishes to verify the identity of the user, it must require
-the user to present application credentials which can be verified using a
-securely-stored secret key for the host. If those credentials can be
-verified, then the identity of the user can be assured.
-
-3.1.6. Receipt of KRB_ERROR message
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-If the reply message type is KRB_ERROR, then the client interprets it as an
-error and performs whatever application-specific tasks are necessary to
-recover.
-
-3.2. The Client/Server Authentication Exchange
-
-                             Summary
-Message direction                         Message type    Section
-Client to Application server              KRB_AP_REQ      5.5.1
-[optional] Application server to client   KRB_AP_REP or   5.5.2
-                                          KRB_ERROR       5.9.1
-
-The client/server authentication (CS) exchange is used by network
-applications to authenticate the client to the server and vice versa. The
-client must have already acquired credentials for the server using the AS or
-TGS exchange.
-
-3.2.1. The KRB_AP_REQ message
-
-The KRB_AP_REQ contains authentication information which should be part of
-the first message in an authenticated transaction. It contains a ticket, an
-authenticator, and some additional bookkeeping information (see section
-5.5.1 for the exact format). The ticket by itself is insufficient to
-authenticate a client, since tickets are passed across the network in
-cleartext[DS90], so the authenticator is used to prevent invalid replay of
-tickets by proving to the server that the client knows the session key of
-the ticket and thus is entitled to use the ticket. The KRB_AP_REQ message is
-referred to elsewhere as the 'authentication header.'
-
-3.2.2. Generation of a KRB_AP_REQ message
-
-When a client wishes to initiate authentication to a server, it obtains
-(either through a credentials cache, the AS exchange, or the TGS exchange) a
-ticket and session key for the desired service. The client may re-use any
-tickets it holds until they expire. To use a ticket the client constructs a
-new Authenticator from the the system time, its name, and optionally an
-application specific checksum, an initial sequence number to be used in
-KRB_SAFE or KRB_PRIV messages, and/or a session subkey to be used in
-negotiations for a session key unique to this particular session.
-Authenticators may not be re-used and will be rejected if replayed to a
-server[LGDSR87]. If a sequence number is to be included, it should be
-randomly chosen so that even after many messages have been exchanged it is
-not likely to collide with other sequence numbers in use.
-
-The client may indicate a requirement of mutual authentication or the use of
-a session-key based ticket by setting the appropriate flag(s) in the
-ap-options field of the message.
-
-The Authenticator is encrypted in the session key and combined with the
-ticket to form the KRB_AP_REQ message which is then sent to the end server
-along with any additional application-specific information. See section A.9
-for pseudocode.
-
-3.2.3. Receipt of KRB_AP_REQ message
-
-Authentication is based on the server's current time of day (clocks must be
-loosely synchronized), the authenticator, and the ticket. Several errors are
-possible. If an error occurs, the server is expected to reply to the client
-with a KRB_ERROR message. This message may be encapsulated in the
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-application protocol if its 'raw' form is not acceptable to the protocol.
-The format of error messages is described in section 5.9.1.
-
-The algorithm for verifying authentication information is as follows. If the
-message type is not KRB_AP_REQ, the server returns the KRB_AP_ERR_MSG_TYPE
-error. If the key version indicated by the Ticket in the KRB_AP_REQ is not
-one the server can use (e.g., it indicates an old key, and the server no
-longer possesses a copy of the old key), the KRB_AP_ERR_BADKEYVER error is
-returned. If the USE-SESSION-KEY flag is set in the ap-options field, it
-indicates to the server that the ticket is encrypted in the session key from
-the server's ticket-granting ticket rather than its secret key[10]. Since it
-is possible for the server to be registered in multiple realms, with
-different keys in each, the srealm field in the unencrypted portion of the
-ticket in the KRB_AP_REQ is used to specify which secret key the server
-should use to decrypt that ticket. The KRB_AP_ERR_NOKEY error code is
-returned if the server doesn't have the proper key to decipher the ticket.
-
-The ticket is decrypted using the version of the server's key specified by
-the ticket. If the decryption routines detect a modification of the ticket
-(each encryption system must provide safeguards to detect modified
-ciphertext; see section 6), the KRB_AP_ERR_BAD_INTEGRITY error is returned
-(chances are good that different keys were used to encrypt and decrypt).
-
-The authenticator is decrypted using the session key extracted from the
-decrypted ticket. If decryption shows it to have been modified, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned. The name and realm of the client
-from the ticket are compared against the same fields in the authenticator.
-If they don't match, the KRB_AP_ERR_BADMATCH error is returned (they might
-not match, for example, if the wrong session key was used to encrypt the
-authenticator). The addresses in the ticket (if any) are then searched for
-an address matching the operating-system reported address of the client. If
-no match is found or the server insists on ticket addresses but none are
-present in the ticket, the KRB_AP_ERR_BADADDR error is returned.
-
-If the local (server) time and the client time in the authenticator differ
-by more than the allowable clock skew (e.g., 5 minutes), the KRB_AP_ERR_SKEW
-error is returned. If the server name, along with the client name, time and
-microsecond fields from the Authenticator match any recently-seen such
-tuples, the KRB_AP_ERR_REPEAT error is returned[11]. The server must
-remember any authenticator presented within the allowable clock skew, so
-that a replay attempt is guaranteed to fail. If a server loses track of any
-authenticator presented within the allowable clock skew, it must reject all
-requests until the clock skew interval has passed. This assures that any
-lost or re-played authenticators will fall outside the allowable clock skew
-and can no longer be successfully replayed (If this is not done, an attacker
-could conceivably record the ticket and authenticator sent over the network
-to a server, then disable the client's host, pose as the disabled host, and
-replay the ticket and authenticator to subvert the authentication.). If a
-sequence number is provided in the authenticator, the server saves it for
-later use in processing KRB_SAFE and/or KRB_PRIV messages. If a subkey is
-present, the server either saves it for later use or uses it to help
-generate its own choice for a subkey to be returned in a KRB_AP_REP message.
-
-The server computes the age of the ticket: local (server) time minus the
-start time inside the Ticket. If the start time is later than the current
-time by more than the allowable clock skew or if the INVALID flag is set in
-the ticket, the KRB_AP_ERR_TKT_NYV error is returned. Otherwise, if the
-current time is later than end time by more than the allowable clock skew,
-the KRB_AP_ERR_TKT_EXPIRED error is returned.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-If all these checks succeed without an error, the server is assured that the
-client possesses the credentials of the principal named in the ticket and
-thus, the client has been authenticated to the server. See section A.10 for
-pseudocode.
-
-Passing these checks provides only authentication of the named principal; it
-does not imply authorization to use the named service. Applications must
-make a separate authorization decisions based upon the authenticated name of
-the user, the requested operation, local acces control information such as
-that contained in a .k5login or .k5users file, and possibly a separate
-distributed authorization service.
-
-3.2.4. Generation of a KRB_AP_REP message
-
-Typically, a client's request will include both the authentication
-information and its initial request in the same message, and the server need
-not explicitly reply to the KRB_AP_REQ. However, if mutual authentication
-(not only authenticating the client to the server, but also the server to
-the client) is being performed, the KRB_AP_REQ message will have
-MUTUAL-REQUIRED set in its ap-options field, and a KRB_AP_REP message is
-required in response. As with the error message, this message may be
-encapsulated in the application protocol if its "raw" form is not acceptable
-to the application's protocol. The timestamp and microsecond field used in
-the reply must be the client's timestamp and microsecond field (as provided
-in the authenticator)[12]. If a sequence number is to be included, it should
-be randomly chosen as described above for the authenticator. A subkey may be
-included if the server desires to negotiate a different subkey. The
-KRB_AP_REP message is encrypted in the session key extracted from the
-ticket. See section A.11 for pseudocode.
-
-3.2.5. Receipt of KRB_AP_REP message
-
-If a KRB_AP_REP message is returned, the client uses the session key from
-the credentials obtained for the server[13] to decrypt the message, and
-verifies that the timestamp and microsecond fields match those in the
-Authenticator it sent to the server. If they match, then the client is
-assured that the server is genuine. The sequence number and subkey (if
-present) are retained for later use. See section A.12 for pseudocode.
-
-3.2.6. Using the encryption key
-
-After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and server
-share an encryption key which can be used by the application. The 'true
-session key' to be used for KRB_PRIV, KRB_SAFE, or other
-application-specific uses may be chosen by the application based on the
-subkeys in the KRB_AP_REP message and the authenticator[14]. In some cases,
-the use of this session key will be implicit in the protocol; in others the
-method of use must be chosen from several alternatives. We leave the
-protocol negotiations of how to use the key (e.g. selecting an encryption or
-checksum type) to the application programmer; the Kerberos protocol does not
-constrain the implementation options, but an example of how this might be
-done follows.
-
-One way that an application may choose to negotiate a key to be used for
-subequent integrity and privacy protection is for the client to propose a
-key in the subkey field of the authenticator. The server can then choose a
-key using the proposed key from the client as input, returning the new
-subkey in the subkey field of the application reply. This key could then be
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-used for subsequent communication. To make this example more concrete, if
-the encryption method in use required a 56 bit key, and for whatever reason,
-one of the parties was prevented from using a key with more than 40 unknown
-bits, this method would allow the the party which is prevented from using
-more than 40 bits to either propose (if the client) an initial key with a
-known quantity for 16 of those bits, or to mask 16 of the bits (if the
-server) with the known quantity. The application implementor is warned,
-however, that this is only an example, and that an analysis of the
-particular crytosystem to be used, and the reasons for limiting the key
-length, must be made before deciding whether it is acceptable to mask bits
-of the key.
-
-With both the one-way and mutual authentication exchanges, the peers should
-take care not to send sensitive information to each other without proper
-assurances. In particular, applications that require privacy or integrity
-should use the KRB_AP_REP response from the server to client to assure both
-client and server of their peer's identity. If an application protocol
-requires privacy of its messages, it can use the KRB_PRIV message (section
-3.5). The KRB_SAFE message (section 3.4) can be used to assure integrity.
-
-3.3. The Ticket-Granting Service (TGS) Exchange
-
-                          Summary
-      Message direction       Message type     Section
-      1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-      2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                              KRB_ERROR        5.9.1
-
-The TGS exchange between a client and the Kerberos Ticket-Granting Server is
-initiated by a client when it wishes to obtain authentication credentials
-for a given server (which might be registered in a remote realm), when it
-wishes to renew or validate an existing ticket, or when it wishes to obtain
-a proxy ticket. In the first case, the client must already have acquired a
-ticket for the Ticket-Granting Service using the AS exchange (the
-ticket-granting ticket is usually obtained when a client initially
-authenticates to the system, such as when a user logs in). The message
-format for the TGS exchange is almost identical to that for the AS exchange.
-The primary difference is that encryption and decryption in the TGS exchange
-does not take place under the client's key. Instead, the session key from
-the ticket-granting ticket or renewable ticket, or sub-session key from an
-Authenticator is used. As is the case for all application servers, expired
-tickets are not accepted by the TGS, so once a renewable or ticket-granting
-ticket expires, the client must use a separate exchange to obtain valid
-tickets.
-
-The TGS exchange consists of two messages: A request (KRB_TGS_REQ) from the
-client to the Kerberos Ticket-Granting Server, and a reply (KRB_TGS_REP or
-KRB_ERROR). The KRB_TGS_REQ message includes information authenticating the
-client plus a request for credentials. The authentication information
-consists of the authentication header (KRB_AP_REQ) which includes the
-client's previously obtained ticket-granting, renewable, or invalid ticket.
-In the ticket-granting ticket and proxy cases, the request may include one
-or more of: a list of network addresses, a collection of typed authorization
-data to be sealed in the ticket for authorization use by the application
-server, or additional tickets (the use of which are described later). The
-TGS reply (KRB_TGS_REP) contains the requested credentials, encrypted in the
-session key from the ticket-granting ticket or renewable ticket, or if
-present, in the sub-session key from the Authenticator (part of the
-authentication header). The KRB_ERROR message contains an error code and
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-text explaining what went wrong. The KRB_ERROR message is not encrypted. The
-KRB_TGS_REP message contains information which can be used to detect
-replays, and to associate it with the message to which it replies. The
-KRB_ERROR message also contains information which can be used to associate
-it with the message to which it replies, but the lack of encryption in the
-KRB_ERROR message precludes the ability to detect replays or fabrications of
-such messages.
-
-3.3.1. Generation of KRB_TGS_REQ message
-
-Before sending a request to the ticket-granting service, the client must
-determine in which realm the application server is registered[15]. If the
-client does not already possess a ticket-granting ticket for the appropriate
-realm, then one must be obtained. This is first attempted by requesting a
-ticket-granting ticket for the destination realm from a Kerberos server for
-which the client does posess a ticket-granting ticket (using the KRB_TGS_REQ
-message recursively). The Kerberos server may return a TGT for the desired
-realm in which case one can proceed. Alternatively, the Kerberos server may
-return a TGT for a realm which is 'closer' to the desired realm (further
-along the standard hierarchical path), in which case this step must be
-repeated with a Kerberos server in the realm specified in the returned TGT.
-If neither are returned, then the request must be retried with a Kerberos
-server for a realm higher in the hierarchy. This request will itself require
-a ticket-granting ticket for the higher realm which must be obtained by
-recursively applying these directions.
-
-Once the client obtains a ticket-granting ticket for the appropriate realm,
-it determines which Kerberos servers serve that realm, and contacts one. The
-list might be obtained through a configuration file or network service or it
-may be generated from the name of the realm; as long as the secret keys
-exchanged by realms are kept secret, only denial of service results from
-using a false Kerberos server.
-
-As in the AS exchange, the client may specify a number of options in the
-KRB_TGS_REQ message. The client prepares the KRB_TGS_REQ message, providing
-an authentication header as an element of the padata field, and including
-the same fields as used in the KRB_AS_REQ message along with several
-optional fields: the enc-authorization-data field for application server use
-and additional tickets required by some options.
-
-In preparing the authentication header, the client can select a sub-session
-key under which the response from the Kerberos server will be encrypted[16].
-If the sub-session key is not specified, the session key from the
-ticket-granting ticket will be used. If the enc-authorization-data is
-present, it must be encrypted in the sub-session key, if present, from the
-authenticator portion of the authentication header, or if not present, using
-the session key from the ticket-granting ticket.
-
-Once prepared, the message is sent to a Kerberos server for the destination
-realm. See section A.5 for pseudocode.
-
-3.3.2. Receipt of KRB_TGS_REQ message
-
-The KRB_TGS_REQ message is processed in a manner similar to the KRB_AS_REQ
-message, but there are many additional checks to be performed. First, the
-Kerberos server must determine which server the accompanying ticket is for
-and it must select the appropriate key to decrypt it. For a normal
-KRB_TGS_REQ message, it will be for the ticket granting service, and the
-TGS's key will be used. If the TGT was issued by another realm, then the
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-appropriate inter-realm key must be used. If the accompanying ticket is not
-a ticket granting ticket for the current realm, but is for an application
-server in the current realm, the RENEW, VALIDATE, or PROXY options are
-specified in the request, and the server for which a ticket is requested is
-the server named in the accompanying ticket, then the KDC will decrypt the
-ticket in the authentication header using the key of the server for which it
-was issued. If no ticket can be found in the padata field, the
-KDC_ERR_PADATA_TYPE_NOSUPP error is returned.
-
-Once the accompanying ticket has been decrypted, the user-supplied checksum
-in the Authenticator must be verified against the contents of the request,
-and the message rejected if the checksums do not match (with an error code
-of KRB_AP_ERR_MODIFIED) or if the checksum is not keyed or not
-collision-proof (with an error code of KRB_AP_ERR_INAPP_CKSUM). If the
-checksum type is not supported, the KDC_ERR_SUMTYPE_NOSUPP error is
-returned. If the authorization-data are present, they are decrypted using
-the sub-session key from the Authenticator.
-
-If any of the decryptions indicate failed integrity checks, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned.
-
-3.3.3. Generation of KRB_TGS_REP message
-
-The KRB_TGS_REP message shares its format with the KRB_AS_REP (KRB_KDC_REP),
-but with its type field set to KRB_TGS_REP. The detailed specification is in
-section 5.4.2.
-
-The response will include a ticket for the requested server. The Kerberos
-database is queried to retrieve the record for the requested server
-(including the key with which the ticket will be encrypted). If the request
-is for a ticket granting ticket for a remote realm, and if no key is shared
-with the requested realm, then the Kerberos server will select the realm
-"closest" to the requested realm with which it does share a key, and use
-that realm instead. This is the only case where the response from the KDC
-will be for a different server than that requested by the client.
-
-By default, the address field, the client's name and realm, the list of
-transited realms, the time of initial authentication, the expiration time,
-and the authorization data of the newly-issued ticket will be copied from
-the ticket-granting ticket (TGT) or renewable ticket. If the transited field
-needs to be updated, but the transited type is not supported, the
-KDC_ERR_TRTYPE_NOSUPP error is returned.
-
-If the request specifies an endtime, then the endtime of the new ticket is
-set to the minimum of (a) that request, (b) the endtime from the TGT, and
-(c) the starttime of the TGT plus the minimum of the maximum life for the
-application server and the maximum life for the local realm (the maximum
-life for the requesting principal was already applied when the TGT was
-issued). If the new ticket is to be a renewal, then the endtime above is
-replaced by the minimum of (a) the value of the renew_till field of the
-ticket and (b) the starttime for the new ticket plus the life
-(endtime-starttime) of the old ticket.
-
-If the FORWARDED option has been requested, then the resulting ticket will
-contain the addresses specified by the client. This option will only be
-honored if the FORWARDABLE flag is set in the TGT. The PROXY option is
-similar; the resulting ticket will contain the addresses specified by the
-client. It will be honored only if the PROXIABLE flag in the TGT is set. The
-PROXY option will not be honored on requests for additional ticket-granting
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-tickets.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified or the MAY-POSTDATE flag is not set in the TGT, then the
-error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise, if the ticket-granting
-ticket has the MAY-POSTDATE flag set, then the resulting ticket will be
-postdated and the requested starttime is checked against the policy of the
-local realm. If acceptable, the ticket's start time is set as requested, and
-the INVALID flag is set. The postdated ticket must be validated before use
-by presenting it to the KDC after the starttime has been reached. However,
-in no case may the starttime, endtime, or renew-till time of a newly-issued
-postdated ticket extend beyond the renew-till time of the ticket-granting
-ticket.
-
-If the ENC-TKT-IN-SKEY option has been specified and an additional ticket
-has been included in the request, the KDC will decrypt the additional ticket
-using the key for the server to which the additional ticket was issued and
-verify that it is a ticket-granting ticket. If the name of the requested
-server is missing from the request, the name of the client in the additional
-ticket will be used. Otherwise the name of the requested server will be
-compared to the name of the client in the additional ticket and if
-different, the request will be rejected. If the request succeeds, the
-session key from the additional ticket will be used to encrypt the new
-ticket that is issued instead of using the key of the server for which the
-new ticket will be used[17].
-
-If the name of the server in the ticket that is presented to the KDC as part
-of the authentication header is not that of the ticket-granting server
-itself, the server is registered in the realm of the KDC, and the RENEW
-option is requested, then the KDC will verify that the RENEWABLE flag is set
-in the ticket, that the INVALID flag is not set in the ticket, and that the
-renew_till time is still in the future. If the VALIDATE option is rqeuested,
-the KDC will check that the starttime has passed and the INVALID flag is
-set. If the PROXY option is requested, then the KDC will check that the
-PROXIABLE flag is set in the ticket. If the tests succeed, and the ticket
-passes the hotlist check described in the next paragraph, the KDC will issue
-the appropriate new ticket.
-
-3.3.3.1. Checking for revoked tickets
-
-Whenever a request is made to the ticket-granting server, the presented
-ticket(s) is(are) checked against a hot-list of tickets which have been
-canceled. This hot-list might be implemented by storing a range of issue
-timestamps for 'suspect tickets'; if a presented ticket had an authtime in
-that range, it would be rejected. In this way, a stolen ticket-granting
-ticket or renewable ticket cannot be used to gain additional tickets
-(renewals or otherwise) once the theft has been reported. Any normal ticket
-obtained before it was reported stolen will still be valid (because they
-require no interaction with the KDC), but only until their normal expiration
-time.
-
-The ciphertext part of the response in the KRB_TGS_REP message is encrypted
-in the sub-session key from the Authenticator, if present, or the session
-key key from the ticket-granting ticket. It is not encrypted using the
-client's secret key. Furthermore, the client's key's expiration date and the
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-key version number fields are left out since these values are stored along
-with the client's database record, and that record is not needed to satisfy
-a request based on a ticket-granting ticket. See section A.6 for pseudocode.
-
-3.3.3.2. Encoding the transited field
-
-If the identity of the server in the TGT that is presented to the KDC as
-part of the authentication header is that of the ticket-granting service,
-but the TGT was issued from another realm, the KDC will look up the
-inter-realm key shared with that realm and use that key to decrypt the
-ticket. If the ticket is valid, then the KDC will honor the request, subject
-to the constraints outlined above in the section describing the AS exchange.
-The realm part of the client's identity will be taken from the
-ticket-granting ticket. The name of the realm that issued the
-ticket-granting ticket will be added to the transited field of the ticket to
-be issued. This is accomplished by reading the transited field from the
-ticket-granting ticket (which is treated as an unordered set of realm
-names), adding the new realm to the set, then constructing and writing out
-its encoded (shorthand) form (this may involve a rearrangement of the
-existing encoding).
-
-Note that the ticket-granting service does not add the name of its own
-realm. Instead, its responsibility is to add the name of the previous realm.
-This prevents a malicious Kerberos server from intentionally leaving out its
-own name (it could, however, omit other realms' names).
-
-The names of neither the local realm nor the principal's realm are to be
-included in the transited field. They appear elsewhere in the ticket and
-both are known to have taken part in authenticating the principal. Since the
-endpoints are not included, both local and single-hop inter-realm
-authentication result in a transited field that is empty.
-
-Because the name of each realm transited is added to this field, it might
-potentially be very long. To decrease the length of this field, its contents
-are encoded. The initially supported encoding is optimized for the normal
-case of inter-realm communication: a hierarchical arrangement of realms
-using either domain or X.500 style realm names. This encoding (called
-DOMAIN-X500-COMPRESS) is now described.
-
-Realm names in the transited field are separated by a ",". The ",", "\",
-trailing "."s, and leading spaces (" ") are special characters, and if they
-are part of a realm name, they must be quoted in the transited field by
-preced- ing them with a "\".
-
-A realm name ending with a "." is interpreted as being prepended to the
-previous realm. For example, we can encode traversal of EDU, MIT.EDU,
-ATHENA.MIT.EDU, WASHINGTON.EDU, and CS.WASHINGTON.EDU as:
-
-     "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were end-points, that they
-would not be included in this field, and we would have:
-
-     "EDU,MIT.,WASHINGTON.EDU"
-
-A realm name beginning with a "/" is interpreted as being appended to the
-previous realm[18]. If it is to stand by itself, then it should be preceded
-by a space (" "). For example, we can encode traversal of /COM/HP/APOLLO,
-/COM/HP, /COM, and /COM/DEC as:
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-     "/COM,/HP,/APOLLO, /COM/DEC".
-
-Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints, they
-they would not be included in this field, and we would have:
-
-     "/COM,/HP"
-
-A null subfield preceding or following a "," indicates that all realms
-between the previous realm and the next realm have been traversed[19]. Thus,
-"," means that all realms along the path between the client and the server
-have been traversed. ",EDU, /COM," means that that all realms from the
-client's realm up to EDU (in a domain style hierarchy) have been traversed,
-and that everything from /COM down to the server's realm in an X.500 style
-has also been traversed. This could occur if the EDU realm in one hierarchy
-shares an inter-realm key directly with the /COM realm in another hierarchy.
-
-3.3.4. Receipt of KRB_TGS_REP message
-
-When the KRB_TGS_REP is received by the client, it is processed in the same
-manner as the KRB_AS_REP processing described above. The primary difference
-is that the ciphertext part of the response must be decrypted using the
-session key from the ticket-granting ticket rather than the client's secret
-key. See section A.7 for pseudocode.
-
-3.4. The KRB_SAFE Exchange
-
-The KRB_SAFE message may be used by clients requiring the ability to detect
-modifications of messages they exchange. It achieves this by including a
-keyed collision-proof checksum of the user data and some control
-information. The checksum is keyed with an encryption key (usually the last
-key negotiated via subkeys, or the session key if no negotiation has
-occured).
-
-3.4.1. Generation of a KRB_SAFE message
-
-When an application wishes to send a KRB_SAFE message, it collects its data
-and the appropriate control information and computes a checksum over them.
-The checksum algorithm should be a keyed one-way hash function (such as the
-RSA- MD5-DES checksum algorithm specified in section 6.4.5, or the DES MAC),
-generated using the sub-session key if present, or the session key.
-Different algorithms may be selected by changing the checksum type in the
-message. Unkeyed or non-collision-proof checksums are not suitable for this
-use.
-
-The control information for the KRB_SAFE message includes both a timestamp
-and a sequence number. The designer of an application using the KRB_SAFE
-message must choose at least one of the two mechanisms. This choice should
-be based on the needs of the application protocol.
-
-Sequence numbers are useful when all messages sent will be received by one's
-peer. Connection state is presently required to maintain the session key, so
-maintaining the next sequence number should not present an additional
-problem.
-
-If the application protocol is expected to tolerate lost messages without
-them being resent, the use of the timestamp is the appropriate replay
-detection mechanism. Using timestamps is also the appropriate mechanism for
-multi-cast protocols where all of one's peers share a common sub-session
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-key, but some messages will be sent to a subset of one's peers.
-
-After computing the checksum, the client then transmits the information and
-checksum to the recipient in the message format specified in section 5.6.1.
-
-3.4.2. Receipt of KRB_SAFE message
-
-When an application receives a KRB_SAFE message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and type
-fields match the current version and KRB_SAFE, respectively. A mismatch
-generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The
-application verifies that the checksum used is a collision-proof keyed
-checksum, and if it is not, a KRB_AP_ERR_INAPP_CKSUM error is generated. If
-the sender's address was included in the control information, the recipient
-verifies that the operating system's report of the sender's address matches
-the sender's address in the message, and (if a recipient address is
-specified or the recipient requires an address) that one of the recipient's
-addresses appears as the recipient's address in the message. A failed match
-for either case generates a KRB_AP_ERR_BADADDR error. Then the timestamp and
-usec and/or the sequence number fields are checked. If timestamp and usec
-are expected and not present, or they are present but not current, the
-KRB_AP_ERR_SKEW error is generated. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen (sent or received[20] ) such tuples, the KRB_AP_ERR_REPEAT
-error is generated. If an incorrect sequence number is included, or a
-sequence number is expected but not present, the KRB_AP_ERR_BADORDER error
-is generated. If neither a time-stamp and usec or a sequence number is
-present, a KRB_AP_ERR_MODIFIED error is generated. Finally, the checksum is
-computed over the data and control information, and if it doesn't match the
-received checksum, a KRB_AP_ERR_MODIFIED error is generated.
-
-If all the checks succeed, the application is assured that the message was
-generated by its peer and was not modi- fied in transit.
-
-3.5. The KRB_PRIV Exchange
-
-The KRB_PRIV message may be used by clients requiring confidentiality and
-the ability to detect modifications of exchanged messages. It achieves this
-by encrypting the messages and adding control information.
-
-3.5.1. Generation of a KRB_PRIV message
-
-When an application wishes to send a KRB_PRIV message, it collects its data
-and the appropriate control information (specified in section 5.7.1) and
-encrypts them under an encryption key (usually the last key negotiated via
-subkeys, or the session key if no negotiation has occured). As part of the
-control information, the client must choose to use either a timestamp or a
-sequence number (or both); see the discussion in section 3.4.1 for
-guidelines on which to use. After the user data and control information are
-encrypted, the client transmits the ciphertext and some 'envelope'
-information to the recipient.
-
-3.5.2. Receipt of KRB_PRIV message
-
-When an application receives a KRB_PRIV message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-The message is first checked by verifying that the protocol version and type
-fields match the current version and KRB_PRIV, respectively. A mismatch
-generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The
-application then decrypts the ciphertext and processes the resultant
-plaintext. If decryption shows the data to have been modified, a
-KRB_AP_ERR_BAD_INTEGRITY error is generated. If the sender's address was
-included in the control information, the recipient verifies that the
-operating system's report of the sender's address matches the sender's
-address in the message, and (if a recipient address is specified or the
-recipient requires an address) that one of the recipient's addresses appears
-as the recipient's address in the message. A failed match for either case
-generates a KRB_AP_ERR_BADADDR error. Then the timestamp and usec and/or the
-sequence number fields are checked. If timestamp and usec are expected and
-not present, or they are present but not current, the KRB_AP_ERR_SKEW error
-is generated. If the server name, along with the client name, time and
-microsecond fields from the Authenticator match any recently-seen such
-tuples, the KRB_AP_ERR_REPEAT error is generated. If an incorrect sequence
-number is included, or a sequence number is expected but not present, the
-KRB_AP_ERR_BADORDER error is generated. If neither a time-stamp and usec or
-a sequence number is present, a KRB_AP_ERR_MODIFIED error is generated.
-
-If all the checks succeed, the application can assume the message was
-generated by its peer, and was securely transmitted (without intruders able
-to see the unencrypted contents).
-
-3.6. The KRB_CRED Exchange
-
-The KRB_CRED message may be used by clients requiring the ability to send
-Kerberos credentials from one host to another. It achieves this by sending
-the tickets together with encrypted data containing the session keys and
-other information associated with the tickets.
-
-3.6.1. Generation of a KRB_CRED message
-
-When an application wishes to send a KRB_CRED message it first (using the
-KRB_TGS exchange) obtains credentials to be sent to the remote host. It then
-constructs a KRB_CRED message using the ticket or tickets so obtained,
-placing the session key needed to use each ticket in the key field of the
-corresponding KrbCredInfo sequence of the encrypted part of the the KRB_CRED
-message.
-
-Other information associated with each ticket and obtained during the
-KRB_TGS exchange is also placed in the corresponding KrbCredInfo sequence in
-the encrypted part of the KRB_CRED message. The current time and, if
-specifically required by the application the nonce, s-address, and r-address
-fields, are placed in the encrypted part of the KRB_CRED message which is
-then encrypted under an encryption key previosuly exchanged in the KRB_AP
-exchange (usually the last key negotiated via subkeys, or the session key if
-no negotiation has occured).
-
-3.6.2. Receipt of KRB_CRED message
-
-When an application receives a KRB_CRED message, it verifies it. If any
-error occurs, an error code is reported for use by the application. The
-message is verified by checking that the protocol version and type fields
-match the current version and KRB_CRED, respectively. A mismatch generates a
-KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The application then
-decrypts the ciphertext and processes the resultant plaintext. If decryption
-shows the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY error is
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-generated.
-
-If present or required, the recipient verifies that the operating system's
-report of the sender's address matches the sender's address in the message,
-and that one of the recipient's addresses appears as the recipient's address
-in the message. A failed match for either case generates a
-KRB_AP_ERR_BADADDR error. The timestamp and usec fields (and the nonce field
-if required) are checked next. If the timestamp and usec are not present, or
-they are present but not current, the KRB_AP_ERR_SKEW error is generated.
-
-If all the checks succeed, the application stores each of the new tickets in
-its ticket cache together with the session key and other information in the
-corresponding KrbCredInfo sequence from the encrypted part of the KRB_CRED
-message.
-
-4. The Kerberos Database
-
-The Kerberos server must have access to a database containing the principal
-identifiers and secret keys of principals to be authenticated[21].
-
-4.1. Database contents
-
-A database entry should contain at least the following fields:
-
-Field                Value
-
-name                 Principal's identifier
-key                  Principal's secret key
-p_kvno               Principal's key version
-max_life             Maximum lifetime for Tickets
-max_renewable_life   Maximum total lifetime for renewable Tickets
-
-The name field is an encoding of the principal's identifier. The key field
-contains an encryption key. This key is the principal's secret key. (The key
-can be encrypted before storage under a Kerberos "master key" to protect it
-in case the database is compromised but the master key is not. In that case,
-an extra field must be added to indicate the master key version used, see
-below.) The p_kvno field is the key version number of the principal's secret
-key. The max_life field contains the maximum allowable lifetime (endtime -
-starttime) for any Ticket issued for this principal. The max_renewable_life
-field contains the maximum allowable total lifetime for any renewable Ticket
-issued for this principal. (See section 3.1 for a description of how these
-lifetimes are used in determining the lifetime of a given Ticket.)
-
-A server may provide KDC service to several realms, as long as the database
-representation provides a mechanism to distinguish between principal records
-with identifiers which differ only in the realm name.
-
-When an application server's key changes, if the change is routine (i.e. not
-the result of disclosure of the old key), the old key should be retained by
-the server until all tickets that had been issued using that key have
-expired. Because of this, it is possible for several keys to be active for a
-single principal. Ciphertext encrypted in a principal's key is always tagged
-with the version of the key that was used for encryption, to help the
-recipient find the proper key for decryption.
-
-When more than one key is active for a particular principal, the principal
-will have more than one record in the Kerberos database. The keys and key
-version numbers will differ between the records (the rest of the fields may
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-or may not be the same). Whenever Kerberos issues a ticket, or responds to a
-request for initial authentication, the most recent key (known by the
-Kerberos server) will be used for encryption. This is the key with the
-highest key version number.
-
-4.2. Additional fields
-
-Project Athena's KDC implementation uses additional fields in its database:
-
-Field        Value
-
-K_kvno       Kerberos' key version
-expiration   Expiration date for entry
-attributes   Bit field of attributes
-mod_date     Timestamp of last modification
-mod_name     Modifying principal's identifier
-
-The K_kvno field indicates the key version of the Kerberos master key under
-which the principal's secret key is encrypted.
-
-After an entry's expiration date has passed, the KDC will return an error to
-any client attempting to gain tickets as or for the principal. (A database
-may want to maintain two expiration dates: one for the principal, and one
-for the principal's current key. This allows password aging to work
-independently of the principal's expiration date. However, due to the
-limited space in the responses, the KDC must combine the key expiration and
-principal expiration date into a single value called 'key_exp', which is
-used as a hint to the user to take administrative action.)
-
-The attributes field is a bitfield used to govern the operations involving
-the principal. This field might be useful in conjunction with user
-registration procedures, for site-specific policy implementations (Project
-Athena currently uses it for their user registration process controlled by
-the system-wide database service, Moira [LGDSR87]), to identify whether a
-principal can play the role of a client or server or both, to note whether a
-server is appropriate trusted to recieve credentials delegated by a client,
-or to identify the 'string to key' conversion algorithm used for a
-principal's key[22]. Other bits are used to indicate that certain ticket
-options should not be allowed in tickets encrypted under a principal's key
-(one bit each): Disallow issuing postdated tickets, disallow issuing
-forwardable tickets, disallow issuing tickets based on TGT authentication,
-disallow issuing renewable tickets, disallow issuing proxiable tickets, and
-disallow issuing tickets for which the principal is the server.
-
-The mod_date field contains the time of last modification of the entry, and
-the mod_name field contains the name of the principal which last modified
-the entry.
-
-4.3. Frequently Changing Fields
-
-Some KDC implementations may wish to maintain the last time that a request
-was made by a particular principal. Information that might be maintained
-includes the time of the last request, the time of the last request for a
-ticket-granting ticket, the time of the last use of a ticket-granting
-ticket, or other times. This information can then be returned to the user in
-the last-req field (see section 5.2).
-
-Other frequently changing information that can be maintained is the latest
-expiration time for any tickets that have been issued using each key. This
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-field would be used to indicate how long old keys must remain valid to allow
-the continued use of outstanding tickets.
-
-4.4. Site Constants
-
-The KDC implementation should have the following configurable constants or
-options, to allow an administrator to make and enforce policy decisions:
-
-   * The minimum supported lifetime (used to determine whether the
-     KDC_ERR_NEVER_VALID error should be returned). This constant should
-     reflect reasonable expectations of round-trip time to the KDC,
-     encryption/decryption time, and processing time by the client and
-     target server, and it should allow for a minimum 'useful' lifetime.
-   * The maximum allowable total (renewable) lifetime of a ticket
-     (renew_till - starttime).
-   * The maximum allowable lifetime of a ticket (endtime - starttime).
-   * Whether to allow the issue of tickets with empty address fields
-     (including the ability to specify that such tickets may only be issued
-     if the request specifies some authorization_data).
-   * Whether proxiable, forwardable, renewable or post-datable tickets are
-     to be issued.
-
-5. Message Specifications
-
-The following sections describe the exact contents and encoding of protocol
-messages and objects. The ASN.1 base definitions are presented in the first
-subsection. The remaining subsections specify the protocol objects (tickets
-and authenticators) and messages. Specification of encryption and checksum
-techniques, and the fields related to them, appear in section 6.
-
-Optional field in ASN.1 sequences
-
-For optional integer value and date fields in ASN.1 sequences where a
-default value has been specified, certain default values will not be allowed
-in the encoding because these values will always be represented through
-defaulting by the absence of the optional field. For example, one will not
-send a microsecond zero value because one must make sure that there is only
-one way to encode this value.
-
-Additional fields in ASN.1 sequences
-
-Implementations receiving Kerberos messages with additional fields present
-in ASN.1 sequences should carry the those fields through, unmodified, when
-the message is forwarded. Implementations should not drop such fields if the
-sequence is reencoded.
-
-5.1. ASN.1 Distinguished Encoding Representation
-
-All uses of ASN.1 in Kerberos shall use the Distinguished Encoding
-Representation of the data elements as described in the X.509 specification,
-section 8.7 [X509-88].
-
-5.3. ASN.1 Base Definitions
-
-The following ASN.1 base definitions are used in the rest of this section.
-Note that since the underscore character (_) is not permitted in ASN.1
-names, the hyphen (-) is used in its place for the purposes of ASN.1 names.
-
-Realm ::=           GeneralString
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-PrincipalName ::=   SEQUENCE {
-                    name-type[0]     INTEGER,
-                    name-string[1]   SEQUENCE OF GeneralString
-}
-
-Kerberos realms are encoded as GeneralStrings. Realms shall not contain a
-character with the code 0 (the ASCII NUL). Most realms will usually consist
-of several components separated by periods (.), in the style of Internet
-Domain Names, or separated by slashes (/) in the style of X.500 names.
-Acceptable forms for realm names are specified in section 7. A PrincipalName
-is a typed sequence of components consisting of the following sub-fields:
-
-name-type
-     This field specifies the type of name that follows. Pre-defined values
-     for this field are specified in section 7.2. The name-type should be
-     treated as a hint. Ignoring the name type, no two names can be the same
-     (i.e. at least one of the components, or the realm, must be different).
-     This constraint may be eliminated in the future.
-name-string
-     This field encodes a sequence of components that form a name, each
-     component encoded as a GeneralString. Taken together, a PrincipalName
-     and a Realm form a principal identifier. Most PrincipalNames will have
-     only a few components (typically one or two).
-
-KerberosTime ::=   GeneralizedTime
-                   -- Specifying UTC time zone (Z)
-
-The timestamps used in Kerberos are encoded as GeneralizedTimes. An encoding
-shall specify the UTC time zone (Z) and shall not include any fractional
-portions of the seconds. It further shall not include any separators.
-Example: The only valid format for UTC time 6 minutes, 27 seconds after 9 pm
-on 6 November 1985 is 19851106210627Z.
-
-HostAddress ::=     SEQUENCE  {
-                    addr-type[0]             INTEGER,
-                    address[1]               OCTET STRING
-}
-
-HostAddresses ::=   SEQUENCE OF HostAddress
-
-The host adddress encodings consists of two fields:
-
-addr-type
-     This field specifies the type of address that follows. Pre-defined
-     values for this field are specified in section 8.1.
-address
-     This field encodes a single address of type addr-type.
-
-The two forms differ slightly. HostAddress contains exactly one address;
-HostAddresses contains a sequence of possibly many addresses.
-
-AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                        ad-type[0]               INTEGER,
-                        ad-data[1]               OCTET STRING
-}
-
-ad-data
-     This field contains authorization data to be interpreted according to
-     the value of the corresponding ad-type field.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-ad-type
-     This field specifies the format for the ad-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved for
-     registered use.
-
-Each sequence of type and data is refered to as an authorization element.
-Elements may be application specific, however, there is a common set of
-recursive elements that should be understood by all implementations. These
-elements contain other elements embedded within them, and the interpretation
-of the encapsulating element determines which of the embedded elements must
-be interpreted, and which may be ignored. Definitions for these common
-elements may be found in Appendix B.
-
-TicketExtensions ::= SEQUENCE OF SEQUENCE {
-           te-type[0]       INTEGER,
-           te-data[1]       OCTET STRING
-}
-
-
-
-te-data
-     This field contains opaque data that must be caried with the ticket to
-     support extensions to the Kerberos protocol including but not limited
-     to some forms of inter-realm key exchange and plaintext authorization
-     data. See appendix C for some common uses of this field.
-te-type
-     This field specifies the format for the te-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved for
-     registered use.
-
-APOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- use-session-key(1),
-                  -- mutual-required(2)
-
-TicketFlags ::= BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- may-postdate(5),
-                  -- postdated(6),
-                  -- invalid(7),
-                  -- renewable(8),
-                  -- initial(9),
-                  -- pre-authent(10),
-                  -- hw-authent(11),
-                  -- transited-policy-checked(12),
-                  -- ok-as-delegate(13)
-
-KDCOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- allow-postdate(5),
-                  -- postdated(6),
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                  -- unused7(7),
-                  -- renewable(8),
-                  -- unused9(9),
-                  -- unused10(10),
-                  -- unused11(11),
-                  -- unused12(12),
-                  -- unused13(13),
-                  -- disable-transited-check(26),
-                  -- renewable-ok(27),
-                  -- enc-tkt-in-skey(28),
-                  -- renew(30),
-                  -- validate(31)
-
-ASN.1 Bit strings have a length and a value. When used in Kerberos for the
-APOptions, TicketFlags, and KDCOptions, the length of the bit string on
-generated values should be the smallest number of bits needed to include the
-highest order bit that is set (1), but in no case less than 32 bits. The
-ASN.1 representation of the bit strings uses unnamed bits, with the meaning
-of the individual bits defined by the comments in the specification above.
-Implementations should accept values of bit strings of any length and treat
-the value of flags corresponding to bits beyond the end of the bit string as
-if the bit were reset (0). Comparison of bit strings of different length
-should treat the smaller string as if it were padded with zeros beyond the
-high order bits to the length of the longer string[23].
-
-LastReq ::=   SEQUENCE OF SEQUENCE {
-               lr-type[0]               INTEGER,
-               lr-value[1]              KerberosTime
-}
-
-lr-type
-     This field indicates how the following lr-value field is to be
-     interpreted. Negative values indicate that the information pertains
-     only to the responding server. Non-negative values pertain to all
-     servers for the realm. If the lr-type field is zero (0), then no
-     information is conveyed by the lr-value subfield. If the absolute value
-     of the lr-type field is one (1), then the lr-value subfield is the time
-     of last initial request for a TGT. If it is two (2), then the lr-value
-     subfield is the time of last initial request. If it is three (3), then
-     the lr-value subfield is the time of issue for the newest
-     ticket-granting ticket used. If it is four (4), then the lr-value
-     subfield is the time of the last renewal. If it is five (5), then the
-     lr-value subfield is the time of last request (of any type). If it is
-     (6), then the lr-value subfield is the time when the password will
-     expire.
-lr-value
-     This field contains the time of the last request. the time must be
-     interpreted according to the contents of the accompanying lr-type
-     subfield.
-
-See section 6 for the definitions of Checksum, ChecksumType, EncryptedData,
-EncryptionKey, EncryptionType, and KeyType.
-
-5.3. Tickets and Authenticators
-
-This section describes the format and encryption parameters for tickets and
-authenticators. When a ticket or authenticator is included in a protocol
-message it is treated as an opaque object.
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-5.3.1. Tickets
-
-A ticket is a record that helps a client authenticate to a service. A Ticket
-contains the following information:
-
-Ticket ::=        [APPLICATION 1] SEQUENCE {
-                  tkt-vno[0]                   INTEGER,
-                  realm[1]                     Realm,
-                  sname[2]                     PrincipalName,
-                  enc-part[3]                  EncryptedData,
-                  extensions[4]                TicketExtensions OPTIONAL
-}
-
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-                  flags[0]                     TicketFlags,
-                  key[1]                       EncryptionKey,
-                  crealm[2]                    Realm,
-                  cname[3]                     PrincipalName,
-                  transited[4]                 TransitedEncoding,
-                  authtime[5]                  KerberosTime,
-                  starttime[6]                 KerberosTime OPTIONAL,
-                  endtime[7]                   KerberosTime,
-                  renew-till[8]                KerberosTime OPTIONAL,
-                  caddr[9]                     HostAddresses OPTIONAL,
-                  authorization-data[10]       AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=   SEQUENCE {
-                        tr-type[0]             INTEGER, -- must be registered
-                        contents[1]            OCTET STRING
-}
-
-The encoding of EncTicketPart is encrypted in the key shared by Kerberos and
-the end server (the server's secret key). See section 6 for the format of
-the ciphertext.
-
-tkt-vno
-     This field specifies the version number for the ticket format. This
-     document describes version number 5.
-realm
-     This field specifies the realm that issued a ticket. It also serves to
-     identify the realm part of the server's principal identifier. Since a
-     Kerberos server can only issue tickets for servers within its realm,
-     the two will always be identical.
-sname
-     This field specifies all components of the name part of the server's
-     identity, including those parts that identify a specific instance of a
-     service.
-enc-part
-     This field holds the encrypted encoding of the EncTicketPart sequence.
-extensions
-     This optional field contains a sequence of extentions that may be used
-     to carry information that must be carried with the ticket to support
-     several extensions, including but not limited to plaintext
-     authorization data, tokens for exchanging inter-realm keys, and other
-     information that must be associated with a ticket for use by the
-     application server. See Appendix C for definitions of some common
-     extensions.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-     Note that some older versions of Kerberos did not support this field.
-     Because this is an optional field it will not break older clients, but
-     older clients might strip this field from the ticket before sending it
-     to the application server. This limits the usefulness of this ticket
-     field to environments where the ticket will not be parsed and
-     reconstructed by these older Kerberos clients.
-
-     If it is known that the client will strip this field from the ticket,
-     as an interim measure the KDC may append this field to the end of the
-     enc-part of the ticket and append a traler indicating the lenght of the
-     appended extensions field. (this paragraph is open for discussion,
-     including the form of the traler).
-flags
-     This field indicates which of various options were used or requested
-     when the ticket was issued. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). Bit 0 is the most
-     significant bit. The encoding of the bits is specified in section 5.2.
-     The flags are described in more detail above in section 2. The meanings
-     of the flags are:
-
-          Bit(s)      Name         Description
-
-          0           RESERVED
-                                   Reserved for future  expansion  of  this
-                                   field.
-
-          1           FORWARDABLE
-                                   The FORWARDABLE flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  When set,  this
-                                   flag  tells  the  ticket-granting server
-                                   that it is OK to  issue  a  new  ticket-
-                                   granting ticket with a different network
-                                   address based on the presented ticket.
-
-          2           FORWARDED
-                                   When set, this flag indicates  that  the
-                                   ticket  has either been forwarded or was
-                                   issued based on authentication involving
-                                   a forwarded ticket-granting ticket.
-
-          3           PROXIABLE
-                                   The  PROXIABLE  flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.   The  PROXIABLE
-                                   flag  has an interpretation identical to
-                                   that of  the  FORWARDABLE  flag,  except
-                                   that   the   PROXIABLE  flag  tells  the
-                                   ticket-granting server  that  only  non-
-                                   ticket-granting  tickets  may  be issued
-                                   with different network addresses.
-
-          4           PROXY
-                                   When set, this  flag  indicates  that  a
-                                   ticket is a proxy.
-
-          5           MAY-POSTDATE
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                   The MAY-POSTDATE flag is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  This flag tells
-                                   the  ticket-granting server that a post-
-                                   dated ticket may be issued based on this
-                                   ticket-granting ticket.
-
-          6           POSTDATED
-                                   This flag indicates that this ticket has
-                                   been  postdated.   The  end-service  can
-                                   check the authtime field to see when the
-                                   original authentication occurred.
-
-          7           INVALID
-                                   This flag indicates  that  a  ticket  is
-                                   invalid, and it must be validated by the
-                                   KDC  before  use.   Application  servers
-                                   must reject tickets which have this flag
-                                   set.
-
-          8           RENEWABLE
-                                   The  RENEWABLE  flag  is  normally  only
-                                   interpreted  by the TGS, and can usually
-                                   be ignored by end servers (some particu-
-                                   larly careful servers may wish to disal-
-                                   low  renewable  tickets).   A  renewable
-                                   ticket  can be used to obtain a replace-
-                                   ment ticket  that  expires  at  a  later
-                                   date.
-
-          9           INITIAL
-                                   This flag indicates that this ticket was
-                                   issued  using  the  AS protocol, and not
-                                   issued  based   on   a   ticket-granting
-                                   ticket.
-
-          10          PRE-AUTHENT
-                                   This flag indicates that during  initial
-                                   authentication, the client was authenti-
-                                   cated by the KDC  before  a  ticket  was
-                                   issued.    The   strength  of  the  pre-
-                                   authentication method is not  indicated,
-                                   but is acceptable to the KDC.
-
-          11          HW-AUTHENT
-                                   This flag indicates  that  the  protocol
-                                   employed   for   initial  authentication
-                                   required the use of hardware expected to
-                                   be possessed solely by the named client.
-                                   The hardware  authentication  method  is
-                                   selected  by the KDC and the strength of
-                                   the method is not indicated.
-
-          12           TRANSITED   This flag indicates that the KDC for the
-                  POLICY-CHECKED   realm has checked the transited field
-                                   against a realm defined policy for
-                                   trusted certifiers.  If this flag is
-                                   reset (0), then the application server
-                                   must check the transited field itself,
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                   and if unable to do so it must reject
-                                   the authentication.  If the flag is set
-                                   (1) then the application server may skip
-                                   its own validation of the transited
-                                   field, relying on the validation
-                                   performed by the KDC.  At its option the
-                                   application server may still apply its
-                                   own validation based on a separate
-                                   policy for acceptance.
-
-          13      OK-AS-DELEGATE   This flag indicates that the server (not
-                                   the client) specified in the ticket has
-                                   been determined by policy of the realm
-                                   to be a suitable recipient of
-                                   delegation.  A client can use the
-                                   presence of this flag to help it make a
-                                   decision whether to delegate credentials
-                                   (either grant a proxy or a forwarded
-                                   ticket granting ticket) to this server.
-                                   The client is free to ignore the value
-                                   of this flag.  When setting this flag,
-                                   an administrator should consider the
-                                   Security and placement of the server on
-                                   which the service will run, as well as
-                                   whether the service requires the use of
-                                   delegated credentials.
-
-          14          ANONYMOUS
-                                   This flag indicates that  the  principal
-                                   named in the ticket is a generic princi-
-                                   pal for the realm and does not  identify
-                                   the  individual  using  the ticket.  The
-                                   purpose  of  the  ticket  is   only   to
-                                   securely  distribute  a session key, and
-                                   not to identify  the  user.   Subsequent
-                                   requests  using the same ticket and ses-
-                                   sion may be  considered  as  originating
-                                   from  the  same  user, but requests with
-                                   the same username but a different ticket
-                                   are  likely  to originate from different
-                                   users.
-
-          15-31       RESERVED
-                                   Reserved for future use.
-
-key
-     This field exists in the ticket and the KDC response and is used to
-     pass the session key from Kerberos to the application server and the
-     client. The field's encoding is described in section 6.2.
-crealm
-     This field contains the name of the realm in which the client is
-     registered and in which initial authentication took place.
-cname
-     This field contains the name part of the client's principal identifier.
-transited
-     This field lists the names of the Kerberos realms that took part in
-     authenticating the user to whom this ticket was issued. It does not
-     specify the order in which the realms were transited. See section
-     3.3.3.2 for details on how this field encodes the traversed realms.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     When the names of CA's are to be embedded inthe transited field (as
-     specified for some extentions to the protocol), the X.500 names of the
-     CA's should be mapped into items in the transited field using the
-     mapping defined by RFC2253.
-authtime
-     This field indicates the time of initial authentication for the named
-     principal. It is the time of issue for the original ticket on which
-     this ticket is based. It is included in the ticket to provide
-     additional information to the end service, and to provide the necessary
-     information for implementation of a `hot list' service at the KDC. An
-     end service that is particularly paranoid could refuse to accept
-     tickets for which the initial authentication occurred "too far" in the
-     past. This field is also returned as part of the response from the KDC.
-     When returned as part of the response to initial authentication
-     (KRB_AS_REP), this is the current time on the Kerberos server[24].
-starttime
-     This field in the ticket specifies the time after which the ticket is
-     valid. Together with endtime, this field specifies the life of the
-     ticket. If it is absent from the ticket, its value should be treated as
-     that of the authtime field.
-endtime
-     This field contains the time after which the ticket will not be honored
-     (its expiration time). Note that individual services may place their
-     own limits on the life of a ticket and may reject tickets which have
-     not yet expired. As such, this is really an upper bound on the
-     expiration time for the ticket.
-renew-till
-     This field is only present in tickets that have the RENEWABLE flag set
-     in the flags field. It indicates the maximum endtime that may be
-     included in a renewal. It can be thought of as the absolute expiration
-     time for the ticket, including all renewals.
-caddr
-     This field in a ticket contains zero (if omitted) or more (if present)
-     host addresses. These are the addresses from which the ticket can be
-     used. If there are no addresses, the ticket can be used from any
-     location. The decision by the KDC to issue or by the end server to
-     accept zero-address tickets is a policy decision and is left to the
-     Kerberos and end-service administrators; they may refuse to issue or
-     accept such tickets. The suggested and default policy, however, is that
-     such tickets will only be issued or accepted when additional
-     information that can be used to restrict the use of the ticket is
-     included in the authorization_data field. Such a ticket is a
-     capability.
-
-     Network addresses are included in the ticket to make it harder for an
-     attacker to use stolen credentials. Because the session key is not sent
-     over the network in cleartext, credentials can't be stolen simply by
-     listening to the network; an attacker has to gain access to the session
-     key (perhaps through operating system security breaches or a careless
-     user's unattended session) to make use of stolen tickets.
-
-     It is important to note that the network address from which a
-     connection is received cannot be reliably determined. Even if it could
-     be, an attacker who has compromised the client's workstation could use
-     the credentials from there. Including the network addresses only makes
-     it more difficult, not impossible, for an attacker to walk off with
-     stolen credentials and then use them from a "safe" location.
-authorization-data
-     The authorization-data field is used to pass authorization data from
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     the principal on whose behalf a ticket was issued to the application
-     service. If no authorization data is included, this field will be left
-     out. Experience has shown that the name of this field is confusing, and
-     that a better name for this field would be restrictions. Unfortunately,
-     it is not possible to change the name of this field at this time.
-
-     This field contains restrictions on any authority obtained on the basis
-     of authentication using the ticket. It is possible for any principal in
-     posession of credentials to add entries to the authorization data field
-     since these entries further restrict what can be done with the ticket.
-     Such additions can be made by specifying the additional entries when a
-     new ticket is obtained during the TGS exchange, or they may be added
-     during chained delegation using the authorization data field of the
-     authenticator.
-
-     Because entries may be added to this field by the holder of
-     credentials, except when an entry is separately authenticated by
-     encapulation in the kdc-issued element, it is not allowable for the
-     presence of an entry in the authorization data field of a ticket to
-     amplify the priveleges one would obtain from using a ticket.
-
-     The data in this field may be specific to the end service; the field
-     will contain the names of service specific objects, and the rights to
-     those objects. The format for this field is described in section 5.2.
-     Although Kerberos is not concerned with the format of the contents of
-     the sub-fields, it does carry type information (ad-type).
-
-     By using the authorization_data field, a principal is able to issue a
-     proxy that is valid for a specific purpose. For example, a client
-     wishing to print a file can obtain a file server proxy to be passed to
-     the print server. By specifying the name of the file in the
-     authorization_data field, the file server knows that the print server
-     can only use the client's rights when accessing the particular file to
-     be printed.
-
-     A separate service providing authorization or certifying group
-     membership may be built using the authorization-data field. In this
-     case, the entity granting authorization (not the authorized entity),
-     may obtain a ticket in its own name (e.g. the ticket is issued in the
-     name of a privelege server), and this entity adds restrictions on its
-     own authority and delegates the restricted authority through a proxy to
-     the client. The client would then present this authorization credential
-     to the application server separately from the authentication exchange.
-     Alternatively, such authorization credentials may be embedded in the
-     ticket authenticating the authorized entity, when the authorization is
-     separately authenticated using the kdc-issued authorization data
-     element (see B.4).
-
-     Similarly, if one specifies the authorization-data field of a proxy and
-     leaves the host addresses blank, the resulting ticket and session key
-     can be treated as a capability. See [Neu93] for some suggested uses of
-     this field.
-
-     The authorization-data field is optional and does not have to be
-     included in a ticket.
-
-5.3.2. Authenticators
-
-An authenticator is a record sent with a ticket to a server to certify the
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-client's knowledge of the encryption key in the ticket, to help the server
-detect replays, and to help choose a "true session key" to use with the
-particular session. The encoding is encrypted in the ticket's session key
-shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::= [APPLICATION 2] SEQUENCE  {
-                  authenticator-vno[0]          INTEGER,
-                  crealm[1]                     Realm,
-                  cname[2]                      PrincipalName,
-                  cksum[3]                      Checksum OPTIONAL,
-                  cusec[4]                      INTEGER,
-                  ctime[5]                      KerberosTime,
-                  subkey[6]                     EncryptionKey OPTIONAL,
-                  seq-number[7]                 INTEGER OPTIONAL,
-                  authorization-data[8]         AuthorizationData OPTIONAL
-}
-
-
-authenticator-vno
-     This field specifies the version number for the format of the
-     authenticator. This document specifies version 5.
-crealm and cname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-cksum
-     This field contains a checksum of the the applica- tion data that
-     accompanies the KRB_AP_REQ.
-cusec
-     This field contains the microsecond part of the client's timestamp. Its
-     value (before encryption) ranges from 0 to 999999. It often appears
-     along with ctime. The two fields are used together to specify a
-     reasonably accurate timestamp.
-ctime
-     This field contains the current time on the client's host.
-subkey
-     This field contains the client's choice for an encryption key which is
-     to be used to protect this specific application session. Unless an
-     application specifies otherwise, if this field is left out the session
-     key from the ticket will be used.
-seq-number
-     This optional field includes the initial sequence number to be used by
-     the KRB_PRIV or KRB_SAFE messages when sequence numbers are used to
-     detect replays (It may also be used by application specific messages).
-     When included in the authenticator this field specifies the initial
-     sequence number for messages from the client to the server. When
-     included in the AP-REP message, the initial sequence number is that for
-     messages from the server to the client. When used in KRB_PRIV or
-     KRB_SAFE messages, it is incremented by one after each message is sent.
-     Sequence numbers fall in the range of 0 through 2^32 - 1 and wrap to
-     zero following the value 2^32 - 1.
-
-     For sequence numbers to adequately support the detection of replays
-     they should be non-repeating, even across connection boundaries. The
-     initial sequence number should be random and uniformly distributed
-     across the full space of possible sequence numbers, so that it cannot
-     be guessed by an attacker and so that it and the successive sequence
-     numbers do not repeat other sequences.
-authorization-data
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     This field is the same as described for the ticket in section 5.3.1. It
-     is optional and will only appear when additional restrictions are to be
-     placed on the use of a ticket, beyond those carried in the ticket
-     itself.
-
-5.4. Specifications for the AS and TGS exchanges
-
-This section specifies the format of the messages used in the exchange
-between the client and the Kerberos server. The format of possible error
-messages appears in section 5.9.1.
-
-5.4.1. KRB_KDC_REQ definition
-
-The KRB_KDC_REQ message has no type of its own. Instead, its type is one of
-KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is for an initial
-ticket or an additional ticket. In either case, the message is sent from the
-client to the Authentication Server to request credentials for a service.
-
-The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-KDC-REQ ::=        SEQUENCE {
-                   pvno[1]            INTEGER,
-                   msg-type[2]        INTEGER,
-                   padata[3]          SEQUENCE OF PA-DATA OPTIONAL,
-                   req-body[4]        KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-                   padata-type[1]     INTEGER,
-                   padata-value[2]    OCTET STRING,
-                                      -- might be encoded AP-REQ
-}
-
-KDC-REQ-BODY ::=   SEQUENCE {
-                    kdc-options[0]         KDCOptions,
-                    cname[1]               PrincipalName OPTIONAL,
-                                           -- Used only in AS-REQ
-                    realm[2]               Realm, -- Server's realm
-                                           -- Also client's in AS-REQ
-                    sname[3]               PrincipalName OPTIONAL,
-                    from[4]                KerberosTime OPTIONAL,
-                    till[5]                KerberosTime OPTIONAL,
-                    rtime[6]               KerberosTime OPTIONAL,
-                    nonce[7]               INTEGER,
-                    etype[8]               SEQUENCE OF INTEGER,
-                                           -- EncryptionType,
-                                           -- in preference order
-                    addresses[9]           HostAddresses OPTIONAL,
-                enc-authorization-data[10] EncryptedData OPTIONAL,
-                                           -- Encrypted AuthorizationData
-                                           -- encoding
-                    additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-The fields in this message are:
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-pvno
-     This field is included in each message, and specifies the protocol
-     version number. This document specifies protocol version 5.
-msg-type
-     This field indicates the type of a protocol message. It will almost
-     always be the same as the application identifier associated with a
-     message. It is included to make the identifier more readily accessible
-     to the application. For the KDC-REQ message, this type will be
-     KRB_AS_REQ or KRB_TGS_REQ.
-padata
-     The padata (pre-authentication data) field contains a sequence of
-     authentication information which may be needed before credentials can
-     be issued or decrypted. In the case of requests for additional tickets
-     (KRB_TGS_REQ), this field will include an element with padata-type of
-     PA-TGS-REQ and data of an authentication header (ticket-granting ticket
-     and authenticator). The checksum in the authenticator (which must be
-     collision-proof) is to be computed over the KDC-REQ-BODY encoding. In
-     most requests for initial authentication (KRB_AS_REQ) and most replies
-     (KDC-REP), the padata field will be left out.
-
-     This field may also contain information needed by certain extensions to
-     the Kerberos protocol. For example, it might be used to initially
-     verify the identity of a client before any response is returned. This
-     is accomplished with a padata field with padata-type equal to
-     PA-ENC-TIMESTAMP and padata-value defined as follows:
-
-     padata-type     ::= PA-ENC-TIMESTAMP
-     padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-     PA-ENC-TS-ENC   ::= SEQUENCE {
-                     patimestamp[0]     KerberosTime, -- client's time
-                     pausec[1]          INTEGER OPTIONAL
-     }
-
-     with patimestamp containing the client's time and pausec containing the
-     microseconds which may be omitted if a client will not generate more
-     than one request per second. The ciphertext (padata-value) consists of
-     the PA-ENC-TS-ENC sequence, encrypted using the client's secret key.
-
-     [use-specified-kvno item is here for discussion and may be removed] It
-     may also be used by the client to specify the version of a key that is
-     being used for accompanying preauthentication, and/or which should be
-     used to encrypt the reply from the KDC.
-
-     PA-USE-SPECIFIED-KVNO  ::=  Integer
-
-     The KDC should only accept and abide by the value of the
-     use-specified-kvno preauthentication data field when the specified key
-     is still valid and until use of a new key is confirmed. This situation
-     is likely to occur primarily during the period during which an updated
-     key is propagating to other KDC's in a realm.
-
-     The padata field can also contain information needed to help the KDC or
-     the client select the key needed for generating or decrypting the
-     response. This form of the padata is useful for supporting the use of
-     certain token cards with Kerberos. The details of such extensions are
-     specified in separate documents. See [Pat92] for additional uses of
-     this field.
-padata-type
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     The padata-type element of the padata field indicates the way that the
-     padata-value element is to be interpreted. Negative values of
-     padata-type are reserved for unregistered use; non-negative values are
-     used for a registered interpretation of the element type.
-req-body
-     This field is a placeholder delimiting the extent of the remaining
-     fields. If a checksum is to be calculated over the request, it is
-     calculated over an encoding of the KDC-REQ-BODY sequence which is
-     enclosed within the req-body field.
-kdc-options
-     This field appears in the KRB_AS_REQ and KRB_TGS_REQ requests to the
-     KDC and indicates the flags that the client wants set on the tickets as
-     well as other information that is to modify the behavior of the KDC.
-     Where appropriate, the name of an option may be the same as the flag
-     that is set by that option. Although in most case, the bit in the
-     options field will be the same as that in the flags field, this is not
-     guaranteed, so it is not acceptable to simply copy the options field to
-     the flags field. There are various checks that must be made before
-     honoring an option anyway.
-
-     The kdc_options field is a bit-field, where the selected options are
-     indicated by the bit being set (1), and the unselected options and
-     reserved fields being reset (0). The encoding of the bits is specified
-     in section 5.2. The options are described in more detail above in
-     section 2. The meanings of the options are:
-
-        Bit(s)    Name                Description
-         0        RESERVED
-                                      Reserved for future  expansion  of  this
-                                      field.
-
-         1        FORWARDABLE
-                                      The FORWARDABLE  option  indicates  that
-                                      the  ticket  to be issued is to have its
-                                      forwardable flag set.  It  may  only  be
-                                      set on the initial request, or in a sub-
-                                      sequent request if  the  ticket-granting
-                                      ticket on which it is based is also for-
-                                      wardable.
-
-         2        FORWARDED
-                                      The FORWARDED option is  only  specified
-                                      in  a  request  to  the  ticket-granting
-                                      server and will only be honored  if  the
-                                      ticket-granting  ticket  in  the request
-                                      has  its  FORWARDABLE  bit  set.    This
-                                      option  indicates that this is a request
-                                      for forwarding.  The address(es) of  the
-                                      host  from which the resulting ticket is
-                                      to  be  valid  are   included   in   the
-                                      addresses field of the request.
-
-         3        PROXIABLE
-                                      The PROXIABLE option indicates that  the
-                                      ticket to be issued is to have its prox-
-                                      iable flag set.  It may only be  set  on
-                                      the  initial request, or in a subsequent
-                                      request if the ticket-granting ticket on
-                                      which it is based is also proxiable.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-         4        PROXY
-                                      The PROXY option indicates that this  is
-                                      a request for a proxy.  This option will
-                                      only be honored if  the  ticket-granting
-                                      ticket  in the request has its PROXIABLE
-                                      bit set.  The address(es)  of  the  host
-                                      from which the resulting ticket is to be
-                                       valid  are  included  in  the  addresses
-                                      field of the request.
-
-         5        ALLOW-POSTDATE
-                                      The ALLOW-POSTDATE option indicates that
-                                      the  ticket  to be issued is to have its
-                                      MAY-POSTDATE flag set.  It may  only  be
-                                      set on the initial request, or in a sub-
-                                      sequent request if  the  ticket-granting
-                                      ticket on which it is based also has its
-                                      MAY-POSTDATE flag set.
-
-         6        POSTDATED
-                                      The POSTDATED option indicates that this
-                                      is  a  request  for  a postdated ticket.
-                                      This option will only be honored if  the
-                                      ticket-granting  ticket  on  which it is
-                                      based has  its  MAY-POSTDATE  flag  set.
-                                      The  resulting ticket will also have its
-                                      INVALID flag set, and that flag  may  be
-                                      reset by a subsequent request to the KDC
-                                      after the starttime in  the  ticket  has
-                                      been reached.
-
-         7        UNUSED
-                                      This option is presently unused.
-
-         8        RENEWABLE
-                                      The RENEWABLE option indicates that  the
-                                      ticket  to  be  issued  is  to  have its
-                                      RENEWABLE flag set.  It may only be  set
-                                      on  the  initial  request,  or  when the
-                                      ticket-granting  ticket  on  which   the
-                                      request  is based is also renewable.  If
-                                      this option is requested, then the rtime
-                                      field   in   the  request  contains  the
-                                      desired absolute expiration time for the
-                                      ticket.
-
-         9-13     UNUSED
-                                      These options are presently unused.
-
-         14       REQUEST-ANONYMOUS
-                                      The REQUEST-ANONYMOUS  option  indicates
-                                      that  the  ticket to be issued is not to
-                                      identify  the  user  to  which  it   was
-                                      issued.  Instead, the principal identif-
-                                      ier is to be generic,  as  specified  by
-                                      the  policy  of  the realm (e.g. usually
-                                      anonymous@realm).  The  purpose  of  the
-                                      ticket  is only to securely distribute a
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                      session key, and  not  to  identify  the
-                                      user.   The ANONYMOUS flag on the ticket
-                                      to be returned should be  set.   If  the
-                                      local  realms  policy  does  not  permit
-                                      anonymous credentials, the request is to
-                                      be rejected.
-
-         15-25    RESERVED
-                                      Reserved for future use.
-
-         26       DISABLE-TRANSITED-CHECK
-                                      By default the KDC will check the
-                                      transited field of a ticket-granting-
-                                      ticket against the policy of the local
-                                      realm before it will issue derivative
-                                      tickets based on the ticket granting
-                                      ticket.  If this flag is set in the
-                                      request, checking of the transited field
-                                      is disabled.  Tickets issued without the
-                                      performance of this check will be noted
-                                      by the reset (0) value of the
-                                      TRANSITED-POLICY-CHECKED flag,
-                                      indicating to the application server
-                                      that the tranisted field must be checked
-                                      locally.  KDC's are encouraged but not
-                                      required to honor the
-                                      DISABLE-TRANSITED-CHECK option.
-
-         27       RENEWABLE-OK
-                                      The RENEWABLE-OK option indicates that a
-                                      renewable ticket will be acceptable if a
-                                      ticket with the  requested  life  cannot
-                                      otherwise be provided.  If a ticket with
-                                      the requested life cannot  be  provided,
-                                      then  a  renewable  ticket may be issued
-                                      with  a  renew-till  equal  to  the  the
-                                      requested  endtime.   The  value  of the
-                                      renew-till field may still be limited by
-                                      local  limits, or limits selected by the
-                                      individual principal or server.
-
-         28       ENC-TKT-IN-SKEY
-                                      This option is used only by the  ticket-
-                                      granting  service.   The ENC-TKT-IN-SKEY
-                                      option indicates that the ticket for the
-                                      end  server  is  to  be encrypted in the
-                                      session key from the additional  ticket-
-                                      granting ticket provided.
-
-         29       RESERVED
-                                      Reserved for future use.
-
-         30       RENEW
-                                      This option is used only by the  ticket-
-                                      granting   service.   The  RENEW  option
-                                      indicates that the  present  request  is
-                                      for  a  renewal.  The ticket provided is
-                                      encrypted in  the  secret  key  for  the
-                                      server  on  which  it  is  valid.   This
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                      option  will  only  be  honored  if  the
-                                      ticket  to  be renewed has its RENEWABLE
-                                      flag set and if the time in  its  renew-
-                                      till  field  has not passed.  The ticket
-                                      to be renewed is passed  in  the  padata
-                                      field  as  part  of  the  authentication
-                                      header.
-
-         31       VALIDATE
-                                      This option is used only by the  ticket-
-                                      granting  service.   The VALIDATE option
-                                      indicates that the request is  to  vali-
-                                      date  a  postdated ticket.  It will only
-                                      be honored if the  ticket  presented  is
-                                      postdated,  presently  has  its  INVALID
-                                      flag set, and would be otherwise  usable
-                                      at  this time.  A ticket cannot be vali-
-                                      dated before its starttime.  The  ticket
-                                      presented for validation is encrypted in
-                                      the key of the server for  which  it  is
-                                      valid  and is passed in the padata field
-                                      as part of the authentication header.
-
-cname and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1. sname may only be absent when the ENC-TKT-IN-SKEY option is
-     specified. If absent, the name of the server is taken from the name of
-     the client in the ticket passed as additional-tickets.
-enc-authorization-data
-     The enc-authorization-data, if present (and it can only be present in
-     the TGS_REQ form), is an encoding of the desired authorization-data
-     encrypted under the sub-session key if present in the Authenticator, or
-     alternatively from the session key in the ticket-granting ticket, both
-     from the padata field in the KRB_AP_REQ.
-realm
-     This field specifies the realm part of the server's principal
-     identifier. In the AS exchange, this is also the realm part of the
-     client's principal identifier.
-from
-     This field is included in the KRB_AS_REQ and KRB_TGS_REQ ticket
-     requests when the requested ticket is to be postdated. It specifies the
-     desired start time for the requested ticket. If this field is omitted
-     then the KDC should use the current time instead.
-till
-     This field contains the expiration date requested by the client in a
-     ticket request. It is optional and if omitted the requested ticket is
-     to have the maximum endtime permitted according to KDC policy for the
-     parties to the authentication exchange as limited by expiration date of
-     the ticket granting ticket or other preauthentication credentials.
-rtime
-     This field is the requested renew-till time sent from a client to the
-     KDC in a ticket request. It is optional.
-nonce
-     This field is part of the KDC request and response. It it intended to
-     hold a random number generated by the client. If the same number is
-     included in the encrypted response from the KDC, it provides evidence
-     that the response is fresh and has not been replayed by an attacker.
-     Nonces must never be re-used. Ideally, it should be generated randomly,
-     but if the correct time is known, it may suffice[25].
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-etype
-     This field specifies the desired encryption algorithm to be used in the
-     response.
-addresses
-     This field is included in the initial request for tickets, and
-     optionally included in requests for additional tickets from the
-     ticket-granting server. It specifies the addresses from which the
-     requested ticket is to be valid. Normally it includes the addresses for
-     the client's host. If a proxy is requested, this field will contain
-     other addresses. The contents of this field are usually copied by the
-     KDC into the caddr field of the resulting ticket.
-additional-tickets
-     Additional tickets may be optionally included in a request to the
-     ticket-granting server. If the ENC-TKT-IN-SKEY option has been
-     specified, then the session key from the additional ticket will be used
-     in place of the server's key to encrypt the new ticket. If more than
-     one option which requires additional tickets has been specified, then
-     the additional tickets are used in the order specified by the ordering
-     of the options bits (see kdc-options, above).
-
-The application code will be either ten (10) or twelve (12) depending on
-whether the request is for an initial ticket (AS-REQ) or for an additional
-ticket (TGS-REQ).
-
-The optional fields (addresses, authorization-data and additional-tickets)
-are only included if necessary to perform the operation specified in the
-kdc-options field.
-
-It should be noted that in KRB_TGS_REQ, the protocol version number appears
-twice and two different message types appear: the KRB_TGS_REQ message
-contains these fields as does the authentication header (KRB_AP_REQ) that is
-passed in the padata field.
-
-5.4.2. KRB_KDC_REP definition
-
-The KRB_KDC_REP message format is used for the reply from the KDC for either
-an initial (AS) request or a subsequent (TGS) request. There is no message
-type for KRB_KDC_REP. Instead, the type will be either KRB_AS_REP or
-KRB_TGS_REP. The key used to encrypt the ciphertext part of the reply
-depends on the message type. For KRB_AS_REP, the ciphertext is encrypted in
-the client's secret key, and the client's key version number is included in
-the key version number for the encrypted data. For KRB_TGS_REP, the
-ciphertext is encrypted in the sub-session key from the Authenticator, or if
-absent, the session key from the ticket-granting ticket used in the request.
-In that case, no version number will be present in the EncryptedData
-sequence.
-
-The KRB_KDC_REP message contains the following fields:
-
-AS-REP ::=    [APPLICATION 11] KDC-REP
-TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-KDC-REP ::=   SEQUENCE {
-              pvno[0]                    INTEGER,
-              msg-type[1]                INTEGER,
-              padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-              crealm[3]                  Realm,
-              cname[4]                   PrincipalName,
-              ticket[5]                  Ticket,
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-              enc-part[6]                EncryptedData
-}
-
-EncASRepPart ::=    [APPLICATION 25[27]] EncKDCRepPart
-EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-EncKDCRepPart ::=   SEQUENCE {
-                    key[0]               EncryptionKey,
-                    last-req[1]          LastReq,
-                    nonce[2]             INTEGER,
-                    key-expiration[3]    KerberosTime OPTIONAL,
-                    flags[4]             TicketFlags,
-                    authtime[5]          KerberosTime,
-                    starttime[6]         KerberosTime OPTIONAL,
-                    endtime[7]           KerberosTime,
-                    renew-till[8]        KerberosTime OPTIONAL,
-                    srealm[9]            Realm,
-                    sname[10]            PrincipalName,
-                    caddr[11]            HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is either
-     KRB_AS_REP or KRB_TGS_REP.
-padata
-     This field is described in detail in section 5.4.1. One possible use
-     for this field is to encode an alternate "mix-in" string to be used
-     with a string-to-key algorithm (such as is described in section 6.3.2).
-     This ability is useful to ease transitions if a realm name needs to
-     change (e.g. when a company is acquired); in such a case all existing
-     password-derived entries in the KDC database would be flagged as
-     needing a special mix-in string until the next password change.
-crealm, cname, srealm and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-ticket
-     The newly-issued ticket, from section 5.3.1.
-enc-part
-     This field is a place holder for the ciphertext and related information
-     that forms the encrypted part of a message. The description of the
-     encrypted part of the message follows each appearance of this field.
-     The encrypted part is encoded as described in section 6.1.
-key
-     This field is the same as described for the ticket in section 5.3.1.
-last-req
-     This field is returned by the KDC and specifies the time(s) of the last
-     request by a principal. Depending on what information is available,
-     this might be the last time that a request for a ticket-granting ticket
-     was made, or the last time that a request based on a ticket-granting
-     ticket was successful. It also might cover all servers for a realm, or
-     just the particular server. Some implementations may display this
-     information to the user to aid in discovering unauthorized use of one's
-     identity. It is similar in spirit to the last login time displayed when
-     logging into timesharing systems.
-nonce
-     This field is described above in section 5.4.1.
-key-expiration
-     The key-expiration field is part of the response from the KDC and
-     specifies the time that the client's secret key is due to expire. The
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     expiration might be the result of password aging or an account
-     expiration. This field will usually be left out of the TGS reply since
-     the response to the TGS request is encrypted in a session key and no
-     client information need be retrieved from the KDC database. It is up to
-     the application client (usually the login program) to take appropriate
-     action (such as notifying the user) if the expiration time is imminent.
-flags, authtime, starttime, endtime, renew-till and caddr
-     These fields are duplicates of those found in the encrypted portion of
-     the attached ticket (see section 5.3.1), provided so the client may
-     verify they match the intended request and to assist in proper ticket
-     caching. If the message is of type KRB_TGS_REP, the caddr field will
-     only be filled in if the request was for a proxy or forwarded ticket,
-     or if the user is substituting a subset of the addresses from the
-     ticket granting ticket. If the client-requested addresses are not
-     present or not used, then the addresses contained in the ticket will be
-     the same as those included in the ticket-granting ticket.
-
-5.5. Client/Server (CS) message specifications
-
-This section specifies the format of the messages used for the
-authentication of the client to the application server.
-
-5.5.1. KRB_AP_REQ definition
-
-The KRB_AP_REQ message contains the Kerberos protocol version number, the
-message type KRB_AP_REQ, an options field to indicate any options in use,
-and the ticket and authenticator themselves. The KRB_AP_REQ message is often
-referred to as the 'authentication header'.
-
-AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ap-options[2]                 APOptions,
-                ticket[3]                     Ticket,
-                authenticator[4]              EncryptedData
-}
-
-APOptions ::=   BIT STRING {
-                reserved(0),
-                use-session-key(1),
-                mutual-required(2)
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REQ.
-ap-options
-     This field appears in the application request (KRB_AP_REQ) and affects
-     the way the request is processed. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). The encoding of the bits
-     is specified in section 5.2. The meanings of the options are:
-
-       Bit(s)   Name              Description
-
-       0        RESERVED
-                                  Reserved for future  expansion  of  this
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                  field.
-
-       1        USE-SESSION-KEY
-                                  The  USE-SESSION-KEY  option   indicates
-                                  that the ticket the client is presenting
-                                  to a server is encrypted in the  session
-                                  key  from  the  server's ticket-granting
-                                  ticket.  When this option is not  speci-
-                                  fied,  the  ticket  is  encrypted in the
-                                  server's secret key.
-
-       2        MUTUAL-REQUIRED
-                                  The  MUTUAL-REQUIRED  option  tells  the
-                                  server  that  the client requires mutual
-                                  authentication, and that it must respond
-                                  with a KRB_AP_REP message.
-
-       3-31     RESERVED
-                                  Reserved for future use.
-
-ticket
-     This field is a ticket authenticating the client to the server.
-authenticator
-     This contains the authenticator, which includes the client's choice of
-     a subkey. Its encoding is described in section 5.3.2.
-
-5.5.2. KRB_AP_REP definition
-
-The KRB_AP_REP message contains the Kerberos protocol version number, the
-message type, and an encrypted time- stamp. The message is sent in in
-response to an application request (KRB_AP_REQ) where the mutual
-authentication option has been selected in the ap-options field.
-
-AP-REP ::=         [APPLICATION 15] SEQUENCE {
-                   pvno[0]                           INTEGER,
-                   msg-type[1]                       INTEGER,
-                   enc-part[2]                       EncryptedData
-}
-
-EncAPRepPart ::=   [APPLICATION 27[29]] SEQUENCE {
-                   ctime[0]                          KerberosTime,
-                   cusec[1]                          INTEGER,
-                   subkey[2]                         EncryptionKey OPTIONAL,
-                   seq-number[3]                     INTEGER OPTIONAL
-}
-
-The encoded EncAPRepPart is encrypted in the shared session key of the
-ticket. The optional subkey field can be used in an application-arranged
-negotiation to choose a per association session key.
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REP.
-enc-part
-     This field is described above in section 5.4.2.
-ctime
-     This field contains the current time on the client's host.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-subkey
-     This field contains an encryption key which is to be used to protect
-     this specific application session. See section 3.2.6 for specifics on
-     how this field is used to negotiate a key. Unless an application
-     specifies otherwise, if this field is left out, the sub-session key
-     from the authenticator, or if also left out, the session key from the
-     ticket will be used.
-
-5.5.3. Error message reply
-
-If an error occurs while processing the application request, the KRB_ERROR
-message will be sent in response. See section 5.9.1 for the format of the
-error message. The cname and crealm fields may be left out if the server
-cannot determine their appropriate values from the corresponding KRB_AP_REQ
-message. If the authenticator was decipherable, the ctime and cusec fields
-will contain the values from it.
-
-5.6. KRB_SAFE message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to send a tamper-proof message to
-its peer. It presumes that a session key has previously been exchanged (for
-example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.6.1. KRB_SAFE definition
-
-The KRB_SAFE message contains user data along with a collision-proof
-checksum keyed with the last encryption key negotiated via subkeys, or the
-session key if no negotiation has occured. The message fields are:
-
-KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-                    pvno[0]                       INTEGER,
-                    msg-type[1]                   INTEGER,
-                    safe-body[2]                  KRB-SAFE-BODY,
-                    cksum[3]                      Checksum
-}
-
-KRB-SAFE-BODY ::=   SEQUENCE {
-                    user-data[0]                  OCTET STRING,
-                    timestamp[1]                  KerberosTime OPTIONAL,
-                    usec[2]                       INTEGER OPTIONAL,
-                    seq-number[3]                 INTEGER OPTIONAL,
-                    s-address[4]                  HostAddress OPTIONAL,
-                    r-address[5]                  HostAddress OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_SAFE.
-safe-body
-     This field is a placeholder for the body of the KRB-SAFE message.
-cksum
-     This field contains the checksum of the application data. Checksum
-     details are described in section 6.4. The checksum is computed over the
-     encoding of the KRB-SAFE sequence. First, the cksum is zeroed and the
-     checksum is computed over the encoding of the KRB-SAFE sequence, then
-     the checksum is set to the result of that computation, and finally the
-     KRB-SAFE sequence is encoded again.
-user-data
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     This field is part of the KRB_SAFE and KRB_PRIV messages and contain
-     the application specific data that is being passed from the sender to
-     the recipient.
-timestamp
-     This field is part of the KRB_SAFE and KRB_PRIV messages. Its contents
-     are the current time as known by the sender of the message. By checking
-     the timestamp, the recipient of the message is able to make sure that
-     it was recently generated, and is not a replay.
-usec
-     This field is part of the KRB_SAFE and KRB_PRIV headers. It contains
-     the microsecond part of the timestamp.
-seq-number
-     This field is described above in section 5.3.2.
-s-address
-     This field specifies the address in use by the sender of the message.
-     It may be omitted if not required by the application protocol. The
-     application designer considering omission of this field is warned, that
-     the inclusion of this address prevents some kinds of replay attacks
-     (e.g., reflection attacks) and that it is only acceptable to omit this
-     address if there is sufficient information in the integrity protected
-     part of the application message for the recipient to unambiguously
-     determine if it was the intended recipient.
-r-address
-     This field specifies the address in use by the recipient of the
-     message. It may be omitted for some uses (such as broadcast protocols),
-     but the recipient may arbitrarily reject such messages. This field
-     along with s-address can be used to help detect messages which have
-     been incorrectly or maliciously delivered to the wrong recipient.
-
-5.7. KRB_PRIV message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to securely and privately send a
-message to its peer. It presumes that a session key has previously been
-exchanged (for example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1. KRB_PRIV definition
-
-The KRB_PRIV message contains user data encrypted in the Session Key. The
-message fields are:
-
-KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                     pvno[0]                           INTEGER,
-                     msg-type[1]                       INTEGER,
-                     enc-part[3]                       EncryptedData
-}
-
-EncKrbPrivPart ::=   [APPLICATION 28[31]] SEQUENCE {
-                     user-data[0]        OCTET STRING,
-                     timestamp[1]        KerberosTime OPTIONAL,
-                     usec[2]             INTEGER OPTIONAL,
-                     seq-number[3]       INTEGER OPTIONAL,
-                     s-address[4]        HostAddress OPTIONAL, -- sender's addr
-                     r-address[5]        HostAddress OPTIONAL -- recip's addr
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_PRIV.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-enc-part
-     This field holds an encoding of the EncKrbPrivPart sequence encrypted
-     under the session key[32]. This encrypted encoding is used for the
-     enc-part field of the KRB-PRIV message. See section 6 for the format of
-     the ciphertext.
-user-data, timestamp, usec, s-address and r-address
-     These fields are described above in section 5.6.1.
-seq-number
-     This field is described above in section 5.3.2.
-
-5.8. KRB_CRED message specification
-
-This section specifies the format of a message that can be used to send
-Kerberos credentials from one principal to another. It is presented here to
-encourage a common mechanism to be used by applications when forwarding
-tickets or providing proxies to subordinate servers. It presumes that a
-session key has already been exchanged perhaps by using the
-KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1. KRB_CRED definition
-
-The KRB_CRED message contains a sequence of tickets to be sent and
-information needed to use the tickets, including the session key from each.
-The information needed to use the tickets is encrypted under an encryption
-key previously exchanged or transferred alongside the KRB_CRED message. The
-message fields are:
-
-KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                 pvno[0]                INTEGER,
-                 msg-type[1]            INTEGER, -- KRB_CRED
-                 tickets[2]             SEQUENCE OF Ticket,
-                 enc-part[3]            EncryptedData
-}
-
-EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                 ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                 nonce[1]               INTEGER OPTIONAL,
-                 timestamp[2]           KerberosTime OPTIONAL,
-                 usec[3]                INTEGER OPTIONAL,
-                 s-address[4]           HostAddress OPTIONAL,
-                 r-address[5]           HostAddress OPTIONAL
-}
-
-KrbCredInfo      ::=                    SEQUENCE {
-                 key[0]                 EncryptionKey,
-                 prealm[1]              Realm OPTIONAL,
-                 pname[2]               PrincipalName OPTIONAL,
-                 flags[3]               TicketFlags OPTIONAL,
-                 authtime[4]            KerberosTime OPTIONAL,
-                 starttime[5]           KerberosTime OPTIONAL,
-                 endtime[6]             KerberosTime OPTIONAL
-                 renew-till[7]          KerberosTime OPTIONAL,
-                 srealm[8]              Realm OPTIONAL,
-                 sname[9]               PrincipalName OPTIONAL,
-                 caddr[10]              HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     KRB_CRED.
-tickets
-     These are the tickets obtained from the KDC specifically for use by the
-     intended recipient. Successive tickets are paired with the
-     corresponding KrbCredInfo sequence from the enc-part of the KRB-CRED
-     message.
-enc-part
-     This field holds an encoding of the EncKrbCredPart sequence encrypted
-     under the session key shared between the sender and the intended
-     recipient. This encrypted encoding is used for the enc-part field of
-     the KRB-CRED message. See section 6 for the format of the ciphertext.
-nonce
-     If practical, an application may require the inclusion of a nonce
-     generated by the recipient of the message. If the same value is
-     included as the nonce in the message, it provides evidence that the
-     message is fresh and has not been replayed by an attacker. A nonce must
-     never be re-used; it should be generated randomly by the recipient of
-     the message and provided to the sender of the message in an application
-     specific manner.
-timestamp and usec
-     These fields specify the time that the KRB-CRED message was generated.
-     The time is used to provide assurance that the message is fresh.
-s-address and r-address
-     These fields are described above in section 5.6.1. They are used
-     optionally to provide additional assurance of the integrity of the
-     KRB-CRED message.
-key
-     This field exists in the corresponding ticket passed by the KRB-CRED
-     message and is used to pass the session key from the sender to the
-     intended recipient. The field's encoding is described in section 6.2.
-
-The following fields are optional. If present, they can be associated with
-the credentials in the remote ticket file. If left out, then it is assumed
-that the recipient of the credentials already knows their value.
-
-prealm and pname
-     The name and realm of the delegated principal identity.
-flags, authtime, starttime, endtime, renew-till, srealm, sname, and caddr
-     These fields contain the values of the correspond- ing fields from the
-     ticket found in the ticket field. Descriptions of the fields are
-     identical to the descriptions in the KDC-REP message.
-
-5.9. Error message specification
-
-This section specifies the format for the KRB_ERROR message. The fields
-included in the message are intended to return as much information as
-possible about an error. It is not expected that all the information
-required by the fields will be available for all types of errors. If the
-appropriate information is not available when the message is composed, the
-corresponding field will be left out of the message.
-
-Note that since the KRB_ERROR message is only optionally integrity
-protected, it is quite possible for an intruder to synthesize or modify such
-a message. In particular, this means that unless appropriate integrity
-protection mechanisms have been applied to the KRB_ERROR message, the client
-should not use any fields in this message for security-critical purposes,
-such as setting a system clock or generating a fresh authenticator. The
-message can be useful, however, for advising a user on the reason for some
-failure.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-5.9.1. KRB_ERROR definition
-
-The KRB_ERROR message consists of the following fields:
-
-KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ctime[2]                      KerberosTime OPTIONAL,
-                cusec[3]                      INTEGER OPTIONAL,
-                stime[4]                      KerberosTime,
-                susec[5]                      INTEGER,
-                error-code[6]                 INTEGER,
-                crealm[7]                     Realm OPTIONAL,
-                cname[8]                      PrincipalName OPTIONAL,
-                realm[9]                      Realm, -- Correct realm
-                sname[10]                     PrincipalName, -- Correct name
-                e-text[11]                    GeneralString OPTIONAL,
-                e-data[12]                    OCTET STRING OPTIONAL,
-                e-cksum[13]                   Checksum OPTIONAL,
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_ERROR.
-ctime
-     This field is described above in section 5.4.1.
-cusec
-     This field is described above in section 5.5.2.
-stime
-     This field contains the current time on the server. It is of type
-     KerberosTime.
-susec
-     This field contains the microsecond part of the server's timestamp. Its
-     value ranges from 0 to 999999. It appears along with stime. The two
-     fields are used in conjunction to specify a reasonably accurate
-     timestamp.
-error-code
-     This field contains the error code returned by Kerberos or the server
-     when a request fails. To interpret the value of this field see the list
-     of error codes in section 8. Implementations are encouraged to provide
-     for national language support in the display of error messages.
-crealm, cname, srealm and sname
-     These fields are described above in section 5.3.1.
-e-text
-     This field contains additional text to help explain the error code
-     associated with the failed request (for example, it might include a
-     principal name which was unknown).
-e-data
-     This field contains additional data about the error for use by the
-     application to help it recover from or handle the error. If present,
-     this field will contain the encoding of a sequence of TypedData
-     (TYPED-DATA below), unless the errorcode is KDC_ERR_PREAUTH_REQUIRED,
-     in which case it will contain the encoding of a sequence of of padata
-     fields (METHOD-DATA below), each corresponding to an acceptable
-     pre-authentication method and optionally containing data for the
-     method:
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-     TYPED-DATA   ::=   SEQUENCE of TypeData
-     METHOD-DATA  ::=   SEQUENCE of PA-DATA
-
-     TypedData ::=   SEQUENCE {
-                         data-type[0]   INTEGER,
-                         data-value[1]  OCTET STRING OPTIONAL
-     }
-
-     Note that e-data-types have been reserved for all PA data types defined
-     prior to July 1999. For the KDC_ERR_PREAUTH_REQUIRED message, when
-     using new PA data types defined in July 1999 or later, the METHOD-DATA
-     sequence must itself be encapsulated in an TypedData element of type
-     TD-PADATA. All new implementations interpreting the METHOD-DATA field
-     for the KDC_ERR_PREAUTH_REQUIRED message must accept a type of
-     TD-PADATA, extract the typed data field and interpret the use any
-     elements encapsulated in the TD-PADATA elements as if they were present
-     in the METHOD-DATA sequence.
-e-cksum
-     This field contains an optional checksum for the KRB-ERROR message. The
-     checksum is calculated over the Kerberos ASN.1 encoding of the
-     KRB-ERROR message with the checksum absent. The checksum is then added
-     to the KRB-ERROR structure and the message is re-encoded. The Checksum
-     should be calculated using the session key from the ticket granting
-     ticket or service ticket, where available. If the error is in response
-     to a TGS or AP request, the checksum should be calculated uing the the
-     session key from the client's ticket. If the error is in response to an
-     AS request, then the checksum should be calulated using the client's
-     secret key ONLY if there has been suitable preauthentication to prove
-     knowledge of the secret key by the client[33]. If a checksum can not be
-     computed because the key to be used is not available, no checksum will
-     be included.
-
-     6. Encryption and Checksum Specifications
-
-     The Kerberos protocols described in this document are designed to use
-     stream encryption ciphers, which can be simulated using commonly
-     available block encryption ciphers, such as the Data Encryption
-     Standard [DES77], and triple DES variants, in conjunction with block
-     chaining and checksum methods [DESM80]. Encryption is used to prove the
-     identities of the network entities participating in message exchanges.
-     The Key Distribution Center for each realm is trusted by all principals
-     registered in that realm to store a secret key in confidence. Proof of
-     knowledge of this secret key is used to verify the authenticity of a
-     principal.
-
-     The KDC uses the principal's secret key (in the AS exchange) or a
-     shared session key (in the TGS exchange) to encrypt responses to ticket
-     requests; the ability to obtain the secret key or session key implies
-     the knowledge of the appropriate keys and the identity of the KDC. The
-     ability of a principal to decrypt the KDC response and present a Ticket
-     and a properly formed Authenticator (generated with the session key
-     from the KDC response) to a service verifies the identity of the
-     principal; likewise the ability of the service to extract the session
-     key from the Ticket and prove its knowledge thereof in a response
-     verifies the identity of the service.
-
-     The Kerberos protocols generally assume that the encryption used is
-     secure from cryptanalysis; however, in some cases, the order of fields
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     in the encrypted portions of messages are arranged to minimize the
-     effects of poorly chosen keys. It is still important to choose good
-     keys. If keys are derived from user-typed passwords, those passwords
-     need to be well chosen to make brute force attacks more difficult.
-     Poorly chosen keys still make easy targets for intruders.
-
-     The following sections specify the encryption and checksum mechanisms
-     currently defined for Kerberos. The encodings, chaining, and padding
-     requirements for each are described. For encryption methods, it is
-     often desirable to place random information (often referred to as a
-     confounder) at the start of the message. The requirements for a
-     confounder are specified with each encryption mechanism.
-
-     Some encryption systems use a block-chaining method to improve the the
-     security characteristics of the ciphertext. However, these chaining
-     methods often don't provide an integrity check upon decryption. Such
-     systems (such as DES in CBC mode) must be augmented with a checksum of
-     the plain-text which can be verified at decryption and used to detect
-     any tampering or damage. Such checksums should be good at detecting
-     burst errors in the input. If any damage is detected, the decryption
-     routine is expected to return an error indicating the failure of an
-     integrity check. Each encryption type is expected to provide and verify
-     an appropriate checksum. The specification of each encryption method
-     sets out its checksum requirements.
-
-     Finally, where a key is to be derived from a user's password, an
-     algorithm for converting the password to a key of the appropriate type
-     is included. It is desirable for the string to key function to be
-     one-way, and for the mapping to be different in different realms. This
-     is important because users who are registered in more than one realm
-     will often use the same password in each, and it is desirable that an
-     attacker compromising the Kerberos server in one realm not obtain or
-     derive the user's key in another.
-
-     For an discussion of the integrity characteristics of the candidate
-     encryption and checksum methods considered for Kerberos, the reader is
-     referred to [SG92].
-
-     6.1. Encryption Specifications
-
-     The following ASN.1 definition describes all encrypted messages. The
-     enc-part field which appears in the unencrypted part of messages in
-     section 5 is a sequence consisting of an encryption type, an optional
-     key version number, and the ciphertext.
-
-     EncryptedData ::=   SEQUENCE {
-                         etype[0]     INTEGER, -- EncryptionType
-                         kvno[1]      INTEGER OPTIONAL,
-                         cipher[2]    OCTET STRING -- ciphertext
-     }
-
-
-
-     etype
-          This field identifies which encryption algorithm was used to
-          encipher the cipher. Detailed specifications for selected
-          encryption types appear later in this section.
-     kvno
-          This field contains the version number of the key under which data
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-          is encrypted. It is only present in messages encrypted under long
-          lasting keys, such as principals' secret keys.
-     cipher
-          This field contains the enciphered text, encoded as an OCTET
-          STRING.
-     The cipher field is generated by applying the specified encryption
-     algorithm to data composed of the message and algorithm-specific
-     inputs. Encryption mechanisms defined for use with Kerberos must take
-     sufficient measures to guarantee the integrity of the plaintext, and we
-     recommend they also take measures to protect against precomputed
-     dictionary attacks. If the encryption algorithm is not itself capable
-     of doing so, the protections can often be enhanced by adding a checksum
-     and a confounder.
-
-     The suggested format for the data to be encrypted includes a
-     confounder, a checksum, the encoded plaintext, and any necessary
-     padding. The msg-seq field contains the part of the protocol message
-     described in section 5 which is to be encrypted. The confounder,
-     checksum, and padding are all untagged and untyped, and their length is
-     exactly sufficient to hold the appropriate item. The type and length is
-     implicit and specified by the particular encryption type being used
-     (etype). The format for the data to be encrypted for some methods is
-     described in the following diagram, but other methods may deviate from
-     this layour - so long as the definition of the method defines the
-     layout actually in use.
-
-           +-----------+----------+-------------+-----+
-           |confounder |   check  |   msg-seq   | pad |
-           +-----------+----------+-------------+-----+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     CipherText ::=   ENCRYPTED       SEQUENCE {
-          confounder[0]   UNTAGGED[35] OCTET STRING(conf_length) OPTIONAL,
-          check[1]        UNTAGGED OCTET STRING(checksum_length) OPTIONAL,
-          msg-seq[2]      MsgSequence,
-          pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-     }
-
-     One generates a random confounder of the appropriate length, placing it
-     in confounder; zeroes out check; calculates the appropriate checksum
-     over confounder, check, and msg-seq, placing the result in check; adds
-     the necessary padding; then encrypts using the specified encryption
-     type and the appropriate key.
-
-     Unless otherwise specified, a definition of an encryption algorithm
-     that specifies a checksum, a length for the confounder field, or an
-     octet boundary for padding uses this ciphertext format[36]. Those
-     fields which are not specified will be omitted.
-
-     In the interest of allowing all implementations using a particular
-     encryption type to communicate with all others using that type, the
-     specification of an encryption type defines any checksum that is needed
-     as part of the encryption process. If an alternative checksum is to be
-     used, a new encryption type must be defined.
-
-     Some cryptosystems require additional information beyond the key and
-     the data to be encrypted. For example, DES, when used in
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     cipher-block-chaining mode, requires an initialization vector. If
-     required, the description for each encryption type must specify the
-     source of such additional information. 6.2. Encryption Keys
-
-     The sequence below shows the encoding of an encryption key:
-
-            EncryptionKey ::=   SEQUENCE {
-                                keytype[0]    INTEGER,
-                                keyvalue[1]   OCTET STRING
-            }
-
-     keytype
-          This field specifies the type of encryption that is to be
-          performed using the key that follows in the keyvalue field. It
-          will always correspond to the etype to be used to generate or
-          decode the EncryptedData. In cases when multiple algorithms use a
-          common kind of key (e.g., if the encryption algorithm uses an
-          alternate checksum algorithm for an integrity check, or a
-          different chaining mechanism), the keytype provides information
-          needed to determine which algorithm is to be used.
-     keyvalue
-          This field contains the key itself, encoded as an octet string.
-     All negative values for the encryption key type are reserved for local
-     use. All non-negative values are reserved for officially assigned type
-     fields and interpreta- tions.
-
-     6.3. Encryption Systems
-
-     6.3.1. The NULL Encryption System (null)
-
-     If no encryption is in use, the encryption system is said to be the
-     NULL encryption system. In the NULL encryption system there is no
-     checksum, confounder or padding. The ciphertext is simply the
-     plaintext. The NULL Key is used by the null encryption system and is
-     zero octets in length, with keytype zero (0).
-
-     6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-     The des-cbc-crc encryption mode encrypts information under the Data
-     Encryption Standard [DES77] using the cipher block chaining mode
-     [DESM80]. A CRC-32 checksum (described in ISO 3309 [ISO3309]) is
-     applied to the confounder and message sequence (msg-seq) and placed in
-     the cksum field. DES blocks are 8 bytes. As a result, the data to be
-     encrypted (the concatenation of confounder, checksum, and message) must
-     be padded to an 8 byte boundary before encryption. The details of the
-     encryption of this data are identical to those for the des-cbc-md5
-     encryption mode.
-
-     Note that, since the CRC-32 checksum is not collision-proof, an
-     attacker could use a probabilistic chosen-plaintext attack to generate
-     a valid message even if a confounder is used [SG92]. The use of
-     collision-proof checksums is recommended for environments where such
-     attacks represent a significant threat. The use of the CRC-32 as the
-     checksum for ticket or authenticator is no longer mandated as an
-     interoperability requirement for Kerberos Version 5 Specification 1
-     (See section 9.1 for specific details).
-
-     6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     The des-cbc-md4 encryption mode encrypts information under the Data
-     Encryption Standard [DES77] using the cipher block chaining mode
-     [DESM80]. An MD4 checksum (described in [MD492]) is applied to the
-     confounder and message sequence (msg-seq) and placed in the cksum
-     field. DES blocks are 8 bytes. As a result, the data to be encrypted
-     (the concatenation of confounder, checksum, and message) must be padded
-     to an 8 byte boundary before encryption. The details of the encryption
-     of this data are identical to those for the des-cbc-md5 encryption
-     mode.
-
-     6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-     The des-cbc-md5 encryption mode encrypts information under the Data
-     Encryption Standard [DES77] using the cipher block chaining mode
-     [DESM80]. An MD5 checksum (described in [MD5-92].) is applied to the
-     confounder and message sequence (msg-seq) and placed in the cksum
-     field. DES blocks are 8 bytes. As a result, the data to be encrypted
-     (the concatenation of confounder, checksum, and message) must be padded
-     to an 8 byte boundary before encryption.
-
-     Plaintext and DES ciphtertext are encoded as blocks of 8 octets which
-     are concatenated to make the 64-bit inputs for the DES algorithms. The
-     first octet supplies the 8 most significant bits (with the octet's
-     MSbit used as the DES input block's MSbit, etc.), the second octet the
-     next 8 bits, ..., and the eighth octet supplies the 8 least significant
-     bits.
-
-     Encryption under DES using cipher block chaining requires an additional
-     input in the form of an initialization vector. Unless otherwise
-     specified, zero should be used as the initialization vector. Kerberos'
-     use of DES requires an 8 octet confounder.
-
-     The DES specifications identify some 'weak' and 'semi-weak' keys; those
-     keys shall not be used for encrypting messages for use in Kerberos.
-     Additionally, because of the way that keys are derived for the
-     encryption of checksums, keys shall not be used that yield 'weak' or
-     'semi-weak' keys when eXclusive-ORed with the hexadecimal constant
-     F0F0F0F0F0F0F0F0.
-
-     A DES key is 8 octets of data, with keytype one (1). This consists of
-     56 bits of key, and 8 parity bits (one per octet). The key is encoded
-     as a series of 8 octets written in MSB-first order. The bits within the
-     key are also encoded in MSB order. For example, if the encryption key
-     is (B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
-     B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the
-     parity bits, the first octet of the key would be B1,B2,...,B7,P1 (with
-     B1 as the MSbit). [See the FIPS 81 introduction for reference.]
-
-     String to key transformation
-
-     To generate a DES key from a text string (password), a "salt" is
-     concatenated to the text string, and then padded with ASCII nulls to an
-     8 byte boundary. This "salt" is normally the realm and each component
-     of the principal's name appended. However, sometimes different salts
-     are used --- for example, when a realm is renamed, or if a user changes
-     her username, or for compatibility with Kerberos V4 (whose
-     string-to-key algorithm uses a null string for the salt). This string
-     is then fan-folded and eXclusive-ORed with itself to form an 8 byte DES
-     key. Before eXclusive-ORing a block, every byte is shifted one bit to
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     the left to leave the lowest bit zero. The key is the "corrected" by
-     correcting the parity on the key, and if the key matches a 'weak' or
-     'semi-weak' key as described in the DES specification, it is
-     eXclusive-ORed with the constant 00000000000000F0. This key is then
-     used to generate a DES CBC checksum on the initial string (with the
-     salt appended). The result of the CBC checksum is the "corrected" as
-     described above to form the result which is return as the key.
-     Pseudocode follows:
-
-          name_to_default_salt(realm, name) {
-               s = realm
-               for(each component in name) {
-                    s = s + component;
-               }
-               return s;
-          }
-
-          key_correction(key) {
-               fixparity(key);
-               if (is_weak_key_key(key))
-                    key = key XOR 0xF0;
-               return(key);
-          }
-
-          string_to_key(string,salt) {
-
-               odd = 1;
-               s = string + salt;
-               tempkey = NULL;
-               pad(s); /* with nulls to 8 byte boundary */
-               for(8byteblock in s) {
-                    if(odd == 0)  {
-                        odd = 1;
-                        reverse(8byteblock)
-                    }
-                    else odd = 0;
-                    left shift every byte in 8byteblock one bit;
-                    tempkey = tempkey XOR 8byteblock;
-               }
-               tempkey = key_correction(tempkey);
-               key = key_correction(DES-CBC-check(s,tempkey));
-               return(key);
-          }
-
-     6.3.5. Triple DES with HMAC-SHA1 Kerberos Encryption Type with and
-     without Key Derivation [Original draft by Marc Horowitz, revisions by
-     David Miller]
-
-     This encryption type is based on the Triple DES cryptosystem, the
-     HMAC-SHA1 [Krawczyk96] message authentication algorithm, and key
-     derivation for Kerberos V5 [HorowitzB96]. Key derivation may or may not
-     be used in conjunction with the use of Triple DES keys.
-
-     Algorithm Identifiers
-
-     The des3-cbc-hmac-sha1 encryption type has been assigned the value 7.
-     The des3-cbc-hmac-sha1-kd encryption type, specifying the key
-     derivation variant of the encryption type, has been assigned the value
-     16. The hmac-sha1-des3 checksum type has been assigned the value 13.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     The hmac-sha1-des3-kd checksum type, specifying the key derivation
-     variant of the checksum, has been assigned the value 12.
-
-     Triple DES Key Production
-
-     The EncryptionKey value is 24 octets long. The 7 most significant bits
-     of each octet contain key bits, and the least significant bit is the
-     inverse of the xor of the key bits.
-
-     For the purposes of key derivation, the block size is 64 bits, and the
-     key size is 168 bits. The 168 bits output by key derivation are
-     converted to an EncryptionKey value as follows. First, the 168 bits are
-     divided into three groups of 56 bits, which are expanded individually
-     into 64 bits as follows:
-
-      1  2  3  4  5  6  7  p
-      9 10 11 12 13 14 15  p
-     17 18 19 20 21 22 23  p
-     25 26 27 28 29 30 31  p
-     33 34 35 36 37 38 39  p
-     41 42 43 44 45 46 47  p
-     49 50 51 52 53 54 55  p
-     56 48 40 32 24 16  8  p
-
-     The "p" bits are parity bits computed over the data bits. The output of
-     the three expansions are concatenated to form the EncryptionKey value.
-
-     When the HMAC-SHA1 of a string is computed, the key is used in the
-     EncryptedKey form.
-
-     The string-to-key function is used to tranform UNICODE passwords into
-     DES3 keys. The DES3 string-to-key function relies on the "N-fold"
-     algorithm, which is detailed in [9]. The description of the N-fold
-     algorithm in that document is as follows:
-        o To n-fold a number X, replicate the input value to a length that
-          is the least common multiple of n and the length of X. Before each
-          repetition, the input is rotated to the right by 13 bit positions.
-          The successive n-bit chunks are added together using
-          1's-complement addition (that is, addition with end-around carry)
-          to yield an n-bit result"
-        o The n-fold algorithm, as with DES string-to-key, is applied to the
-          password string concatenated with a salt value. The salt value is
-          derived in the same was as for the DES string-to-key algorithm.
-          For 3-key triple DES then, the operation will involve a 168-fold
-          of the input password string. The remainder of the string-to-key
-          function for DES3 is shown here in pseudocode:
-
-     DES3string-to-key(passwordString, key)
-
-         salt = name_to_default_salt(realm, name)
-         s = passwordString + salt
-         tmpKey1 = 168-fold(s)
-         parityFix(tmpKey1);
-         if not weakKey(tmpKey1)
-             /*
-              * Encrypt temp key in itself with a
-              * zero initialization vector
-              *
-              * Function signature is DES3encrypt(plain, key, iv)
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-              * with cipher as the return value
-              */
-             tmpKey2 = DES3encrypt(tmpKey1, tmpKey1, zeroIvec)
-             /*
-              * Encrypt resultant temp key in itself with third component
-              * of first temp key as initialization vector
-              */
-             key = DES3encrypt(tmpKey2, tmpKey1, tmpKey1[2])
-             parityFix(key)
-             if not weakKey(key)
-                  return SUCCESS
-             else
-                  return FAILURE
-         else
-             return FAILURE
-
-     The weakKey function above is the same weakKey function used with DES
-     keys, but applied to each of the three single DES keys that comprise
-     the triple DES key.
-
-     The lengths of UNICODE encoded character strings include the trailing
-     terminator character (0).
-
-     Encryption Types des3-cbc-hmac-sha1 and des3-cbc-hmac-sha1-kd
-
-     EncryptedData using this type must be generated as described in
-     [Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC mode.
-     The checksum algorithm is HMAC-SHA1. If the key derivation variant of
-     the encryption type is used, encryption key values are modified
-     according to the method under the Key Derivation section below.
-
-     Unless otherwise specified, a zero IV must be used.
-
-     If the length of the input data is not a multiple of the block size,
-     zero octets must be used to pad the plaintext to the next eight-octet
-     boundary. The counfounder must be eight random octets (one block).
-
-     Checksum Types hmac-sha1-des3 and hmac-sha1-des3-kd
-
-     Checksums using this type must be generated as described in
-     [Horowitz96]. The keyed hash algorithm is HMAC-SHA1. If the key
-     derivation variant of the checksum type is used, checksum key values
-     are modified according to the method under the Key Derivation section
-     below.
-
-     Key Derivation
-
-     In the Kerberos protocol, cryptographic keys are used in a number of
-     places. In order to minimize the effect of compromising a key, it is
-     desirable to use a different key for each of these places. Key
-     derivation [Horowitz96] can be used to construct different keys for
-     each operation from the keys transported on the network. For this to be
-     possible, a small change to the specification is necessary.
-
-     This section specifies a profile for the use of key derivation
-     [Horowitz96] with Kerberos. For each place where a key is used, a ``key
-     usage'' must is specified for that purpose. The key, key usage, and
-     encryption/checksum type together describe the transformation from
-     plaintext to ciphertext, or plaintext to checksum.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-     Key Usage Values
-
-     This is a complete list of places keys are used in the kerberos
-     protocol, with key usage values and RFC 1510 section numbers:
-
-      1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-         client key (section 5.4.1)
-      2. AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-         application session key), encrypted with the service key
-         (section 5.4.2)
-      3. AS-REP encrypted part (includes tgs session key or application
-         session key), encrypted with the client key (section 5.4.2)
-      4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-         session key (section 5.4.1)
-      5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-         authenticator subkey (section 5.4.1)
-      6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-         with the tgs session key (sections 5.3.2, 5.4.1)
-      7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-         authenticator subkey), encrypted with the tgs session key
-         (section 5.3.2)
-      8. TGS-REP encrypted part (includes application session key),
-         encrypted with the tgs session key (section 5.4.2)
-      9. TGS-REP encrypted part (includes application session key),
-         encrypted with the tgs authenticator subkey (section 5.4.2)
-     10. AP-REQ Authenticator cksum, keyed with the application session
-         key (section 5.3.2)
-     11. AP-REQ Authenticator (includes application authenticator
-         subkey), encrypted with the application session key (section
-         5.3.2)
-     12. AP-REP encrypted part (includes application session subkey),
-         encrypted with the application session key (section 5.5.2)
-     13. KRB-PRIV encrypted part, encrypted with a key chosen by the
-         application (section 5.7.1)
-     14. KRB-CRED encrypted part, encrypted with a key chosen by the
-         application (section 5.6.1)
-     15. KRB-SAVE cksum, keyed with a key chosen by the application
-         (section 5.8.1)
-     18. KRB-ERROR checksum (e-cksum in section 5.9.1)
-     19. AD-KDCIssued checksum (ad-checksum in appendix B.1)
-     20. Checksum for Mandatory Ticket Extensions (appendix B.6)
-     21. Checksum in Authorization Data in Ticket Extensions (appendix B.7)
-
-     Key usage values between 1024 and 2047 (inclusive) are reserved for
-     application use. Applications should use even values for encryption and
-     odd values for checksums within this range.
-
-     A few of these key usages need a little clarification. A service which
-     receives an AP-REQ has no way to know if the enclosed Ticket was part
-     of an AS-REP or TGS-REP. Therefore, key usage 2 must always be used for
-     generating a Ticket, whether it is in response to an AS- REQ or
-     TGS-REQ.
-
-     There might exist other documents which define protocols in terms of
-     the RFC1510 encryption types or checksum types. Such documents would
-     not know about key usages. In order that these documents continue to be
-     meaningful until they are updated, key usages 1024 and 1025 must be
-     used to derive keys for encryption and checksums, respectively. New
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     protocols defined in terms of the Kerberos encryption and checksum
-     types should use their own key usages. Key usages may be registered
-     with IANA to avoid conflicts. Key usages must be unsigned 32 bit
-     integers. Zero is not permitted.
-
-     Defining Cryptosystems Using Key Derivation
-
-     Kerberos requires that the ciphertext component of EncryptedData be
-     tamper-resistant as well as confidential. This implies encryption and
-     integrity functions, which must each use their own separate keys. So,
-     for each key usage, two keys must be generated, one for encryption
-     (Ke), and one for integrity (Ki):
-
-           Ke = DK(protocol key, key usage | 0xAA)
-           Ki = DK(protocol key, key usage | 0x55)
-
-     where the protocol key is from the EncryptionKey from the wire
-     protocol, and the key usage is represented as a 32 bit integer in
-     network byte order. The ciphertest must be generated from the plaintext
-     as follows:
-
-        ciphertext = E(Ke, confounder | plaintext | padding) |
-                     H(Ki, confounder | plaintext | padding)
-
-     The confounder and padding are specific to the encryption algorithm E.
-
-     When generating a checksum only, there is no need for a confounder or
-     padding. Again, a new key (Kc) must be used. Checksums must be
-     generated from the plaintext as follows:
-
-           Kc = DK(protocol key, key usage | 0x99)
-           MAC = H(Kc, plaintext)
-
-     Note that each enctype is described by an encryption algorithm E and a
-     keyed hash algorithm H, and each checksum type is described by a keyed
-     hash algorithm H. HMAC, with an appropriate hash, is required for use
-     as H.
-
-     Key Derivation from Passwords
-
-     The well-known constant for password key derivation must be the byte
-     string {0x6b 0x65 0x72 0x62 0x65 0x72 0x6f 0x73}. These values
-     correspond to the ASCII encoding for the string "kerberos".
-
-     6.4. Checksums
-
-     The following is the ASN.1 definition used for a checksum:
-
-              Checksum ::=   SEQUENCE {
-                             cksumtype[0]   INTEGER,
-                             checksum[1]    OCTET STRING
-              }
-
-     cksumtype
-          This field indicates the algorithm used to generate the
-          accompanying checksum.
-     checksum
-          This field contains the checksum itself, encoded as an octet
-          string.
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     Detailed specification of selected checksum types appear later in this
-     section. Negative values for the checksum type are reserved for local
-     use. All non-negative values are reserved for officially assigned type
-     fields and interpretations.
-
-     Checksums used by Kerberos can be classified by two properties: whether
-     they are collision-proof, and whether they are keyed. It is infeasible
-     to find two plaintexts which generate the same checksum value for a
-     collision-proof checksum. A key is required to perturb or initialize
-     the algorithm in a keyed checksum. To prevent message-stream
-     modification by an active attacker, unkeyed checksums should only be
-     used when the checksum and message will be subsequently encrypted (e.g.
-     the checksums defined as part of the encryption algorithms covered
-     earlier in this section).
-
-     Collision-proof checksums can be made tamper-proof if the checksum
-     value is encrypted before inclusion in a message. In such cases, the
-     composition of the checksum and the encryption algorithm must be
-     considered a separate checksum algorithm (e.g. RSA-MD5 encrypted using
-     DES is a new checksum algorithm of type RSA-MD5-DES). For most keyed
-     checksums, as well as for the encrypted forms of unkeyed
-     collision-proof checksums, Kerberos prepends a confounder before the
-     checksum is calculated.
-
-     6.4.1. The CRC-32 Checksum (crc32)
-
-     The CRC-32 checksum calculates a checksum based on a cyclic redundancy
-     check as described in ISO 3309 [ISO3309]. The resulting checksum is
-     four (4) octets in length. The CRC-32 is neither keyed nor
-     collision-proof. The use of this checksum is not recommended. An
-     attacker using a probabilistic chosen-plaintext attack as described in
-     [SG92] might be able to generate an alternative message that satisfies
-     the checksum. The use of collision-proof checksums is recommended for
-     environments where such attacks represent a significant threat.
-
-     6.4.2. The RSA MD4 Checksum (rsa-md4)
-
-     The RSA-MD4 checksum calculates a checksum using the RSA MD4 algorithm
-     [MD4-92]. The algorithm takes as input an input message of arbitrary
-     length and produces as output a 128-bit (16 octet) checksum. RSA-MD4 is
-     believed to be collision-proof.
-
-     6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4-des)
-
-     The RSA-MD4-DES checksum calculates a keyed collision-proof checksum by
-     prepending an 8 octet confounder before the text, applying the RSA MD4
-     checksum algorithm, and encrypting the confounder and the checksum
-     using DES in cipher-block-chaining (CBC) mode using a variant of the
-     key, where the variant is computed by eXclusive-ORing the key with the
-     constant F0F0F0F0F0F0F0F0[39]. The initialization vector should be
-     zero. The resulting checksum is 24 octets long (8 octets of which are
-     redundant). This checksum is tamper-proof and believed to be
-     collision-proof.
-
-     The DES specifications identify some weak keys' and 'semi-weak keys';
-     those keys shall not be used for generating RSA-MD4 checksums for use
-     in Kerberos.
-
-     The format for the checksum is described in the follow- ing diagram:
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-     +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-     |  des-cbc(confounder   +   rsa-md4(confounder+msg),key=var(key),iv=0)  |
-     +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                                confounder[0]   UNTAGGED OCTET STRING(8),
-                                check[1]        UNTAGGED OCTET STRING(16)
-     }
-
-     6.4.4. The RSA MD5 Checksum (rsa-md5)
-
-     The RSA-MD5 checksum calculates a checksum using the RSA MD5 algorithm.
-     [MD5-92]. The algorithm takes as input an input message of arbitrary
-     length and produces as output a 128-bit (16 octet) checksum. RSA-MD5 is
-     believed to be collision-proof.
-
-     6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5-des)
-
-     The RSA-MD5-DES checksum calculates a keyed collision-proof checksum by
-     prepending an 8 octet confounder before the text, applying the RSA MD5
-     checksum algorithm, and encrypting the confounder and the checksum
-     using DES in cipher-block-chaining (CBC) mode using a variant of the
-     key, where the variant is computed by eXclusive-ORing the key with the
-     hexadecimal constant F0F0F0F0F0F0F0F0. The initialization vector should
-     be zero. The resulting checksum is 24 octets long (8 octets of which
-     are redundant). This checksum is tamper-proof and believed to be
-     collision-proof.
-
-     The DES specifications identify some 'weak keys' and 'semi-weak keys';
-     those keys shall not be used for encrypting RSA-MD5 checksums for use
-     in Kerberos.
-
-     The format for the checksum is described in the following diagram:
-
-     +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-     |  des-cbc(confounder   +   rsa-md5(confounder+msg),key=var(key),iv=0)  |
-     +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                                confounder[0]   UNTAGGED OCTET STRING(8),
-                                check[1]        UNTAGGED OCTET STRING(16)
-     }
-
-     6.4.6. DES cipher-block chained checksum (des-mac)
-
-     The DES-MAC checksum is computed by prepending an 8 octet confounder to
-     the plaintext, performing a DES CBC-mode encryption on the result using
-     the key and an initialization vector of zero, taking the last block of
-     the ciphertext, prepending the same confounder and encrypting the pair
-     using DES in cipher-block-chaining (CBC) mode using a a variant of the
-     key, where the variant is computed by eXclusive-ORing the key with the
-     hexadecimal constant F0F0F0F0F0F0F0F0. The initialization vector should
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     be zero. The resulting checksum is 128 bits (16 octets) long, 64 bits
-     of which are redundant. This checksum is tamper-proof and
-     collision-proof.
-
-     The format for the checksum is described in the following diagram:
-
-     +--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-     |   des-cbc(confounder  + des-mac(conf+msg,iv=0,key),key=var(key),iv=0) |
-     +--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     des-mac-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                            confounder[0]   UNTAGGED OCTET STRING(8),
-                            check[1]        UNTAGGED OCTET STRING(8)
-     }
-
-     The DES specifications identify some 'weak' and 'semi-weak' keys; those
-     keys shall not be used for generating DES-MAC checksums for use in
-     Kerberos, nor shall a key be used whose variant is 'weak' or
-     'semi-weak'.
-
-     6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative
-     (rsa-md4-des-k)
-
-     The RSA-MD4-DES-K checksum calculates a keyed collision-proof checksum
-     by applying the RSA MD4 checksum algorithm and encrypting the results
-     using DES in cipher-block-chaining (CBC) mode using a DES key as both
-     key and initialization vector. The resulting checksum is 16 octets
-     long. This checksum is tamper-proof and believed to be collision-proof.
-     Note that this checksum type is the old method for encoding the
-     RSA-MD4-DES checksum and it is no longer recommended.
-
-     6.4.8. DES cipher-block chained checksum alternative (des-mac-k)
-
-     The DES-MAC-K checksum is computed by performing a DES CBC-mode
-     encryption of the plaintext, and using the last block of the ciphertext
-     as the checksum value. It is keyed with an encryption key and an
-     initialization vector; any uses which do not specify an additional
-     initialization vector will use the key as both key and initialization
-     vector. The resulting checksum is 64 bits (8 octets) long. This
-     checksum is tamper-proof and collision-proof. Note that this checksum
-     type is the old method for encoding the DES-MAC checksum and it is no
-     longer recommended. The DES specifications identify some 'weak keys'
-     and 'semi-weak keys'; those keys shall not be used for generating
-     DES-MAC checksums for use in Kerberos.
-
-     7. Naming Constraints
-
-     7.1. Realm Names
-
-     Although realm names are encoded as GeneralStrings and although a realm
-     can technically select any name it chooses, interoperability across
-     realm boundaries requires agreement on how realm names are to be
-     assigned, and what information they imply.
-
-     To enforce these conventions, each realm must conform to the
-     conventions itself, and it must require that any realms with which
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     inter-realm keys are shared also conform to the conventions and require
-     the same from its neighbors.
-
-     Kerberos realm names are case sensitive. Realm names that differ only
-     in the case of the characters are not equivalent. There are presently
-     four styles of realm names: domain, X500, other, and reserved. Examples
-     of each style follow:
-
-          domain:   ATHENA.MIT.EDU (example)
-            X500:   C=US/O=OSF (example)
-           other:   NAMETYPE:rest/of.name=without-restrictions (example)
-        reserved:   reserved, but will not conflict with above
-
-     Domain names must look like domain names: they consist of components
-     separated by periods (.) and they contain neither colons (:) nor
-     slashes (/). Domain names must be converted to upper case when used as
-     realm names.
-
-     X.500 names contain an equal (=) and cannot contain a colon (:) before
-     the equal. The realm names for X.500 names will be string
-     representations of the names with components separated by slashes.
-     Leading and trailing slashes will not be included.
-
-     Names that fall into the other category must begin with a prefix that
-     contains no equal (=) or period (.) and the prefix must be followed by
-     a colon (:) and the rest of the name. All prefixes must be assigned
-     before they may be used. Presently none are assigned.
-
-     The reserved category includes strings which do not fall into the first
-     three categories. All names in this category are reserved. It is
-     unlikely that names will be assigned to this category unless there is a
-     very strong argument for not using the 'other' category.
-
-     These rules guarantee that there will be no conflicts between the
-     various name styles. The following additional constraints apply to the
-     assignment of realm names in the domain and X.500 categories: the name
-     of a realm for the domain or X.500 formats must either be used by the
-     organization owning (to whom it was assigned) an Internet domain name
-     or X.500 name, or in the case that no such names are registered,
-     authority to use a realm name may be derived from the authority of the
-     parent realm. For example, if there is no domain name for E40.MIT.EDU,
-     then the administrator of the MIT.EDU realm can authorize the creation
-     of a realm with that name.
-
-     This is acceptable because the organization to which the parent is
-     assigned is presumably the organization authorized to assign names to
-     its children in the X.500 and domain name systems as well. If the
-     parent assigns a realm name without also registering it in the domain
-     name or X.500 hierarchy, it is the parent's responsibility to make sure
-     that there will not in the future exists a name identical to the realm
-     name of the child unless it is assigned to the same entity as the realm
-     name.
-
-     7.2. Principal Names
-
-     As was the case for realm names, conventions are needed to ensure that
-     all agree on what information is implied by a principal name. The
-     name-type field that is part of the principal name indicates the kind
-     of information implied by the name. The name-type should be treated as
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     a hint. Ignoring the name type, no two names can be the same (i.e. at
-     least one of the components, or the realm, must be different). The
-     following name types are defined:
-
- name-type      value   meaning
-
-  NT-UNKNOWN        0  Name type not known
-  NT-PRINCIPAL      1  General principal name (e.g. username, or DCE principal)
-  NT-SRV-INST       2  Service and other unique instance (krbtgt)
-  NT-SRV-HST        3  Service with host name as instance (telnet, rcommands)
-  NT-SRV-XHST       4  Service with slash-separated host name components
-  NT-UID            5  Unique ID
-  NT-X500-PRINCIPAL 6  Encoded X.509 Distingished name [RFC 1779]
-
-     When a name implies no information other than its uniqueness at a
-     particular time the name type PRINCIPAL should be used. The principal
-     name type should be used for users, and it might also be used for a
-     unique server. If the name is a unique machine generated ID that is
-     guaranteed never to be reassigned then the name type of UID should be
-     used (note that it is generally a bad idea to reassign names of any
-     type since stale entries might remain in access control lists).
-
-     If the first component of a name identifies a service and the remaining
-     components identify an instance of the service in a server specified
-     manner, then the name type of SRV-INST should be used. An example of
-     this name type is the Kerberos ticket-granting service whose name has a
-     first component of krbtgt and a second component identifying the realm
-     for which the ticket is valid.
-
-     If instance is a single component following the service name and the
-     instance identifies the host on which the server is running, then the
-     name type SRV-HST should be used. This type is typically used for
-     Internet services such as telnet and the Berkeley R commands. If the
-     separate components of the host name appear as successive components
-     following the name of the service, then the name type SRV-XHST should
-     be used. This type might be used to identify servers on hosts with
-     X.500 names where the slash (/) might otherwise be ambiguous.
-
-     A name type of NT-X500-PRINCIPAL should be used when a name from an
-     X.509 certificiate is translated into a Kerberos name. The encoding of
-     the X.509 name as a Kerberos principal shall conform to the encoding
-     rules specified in RFC 2253.
-
-     A name type of UNKNOWN should be used when the form of the name is not
-     known. When comparing names, a name of type UNKNOWN will match
-     principals authenticated with names of any type. A principal
-     authenticated with a name of type UNKNOWN, however, will only match
-     other names of type UNKNOWN.
-
-     Names of any type with an initial component of 'krbtgt' are reserved
-     for the Kerberos ticket granting service. See section 8.2.3 for the
-     form of such names.
-
-     7.2.1. Name of server principals
-
-     The principal identifier for a server on a host will generally be
-     composed of two parts: (1) the realm of the KDC with which the server
-     is registered, and (2) a two-component name of type NT-SRV-HST if the
-     host name is an Internet domain name or a multi-component name of type
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     NT-SRV-XHST if the name of the host is of a form such as X.500 that
-     allows slash (/) separators. The first component of the two- or
-     multi-component name will identify the service and the latter
-     components will identify the host. Where the name of the host is not
-     case sensitive (for example, with Internet domain names) the name of
-     the host must be lower case. If specified by the application protocol
-     for services such as telnet and the Berkeley R commands which run with
-     system privileges, the first component may be the string 'host' instead
-     of a service specific identifier. When a host has an official name and
-     one or more aliases, the official name of the host must be used when
-     constructing the name of the server principal.
-
-     8. Constants and other defined values
-
-     8.1. Host address types
-
-     All negative values for the host address type are reserved for local
-     use. All non-negative values are reserved for officially assigned type
-     fields and interpretations.
-
-     The values of the types for the following addresses are chosen to match
-     the defined address family constants in the Berkeley Standard
-     Distributions of Unix. They can be found in with symbolic names AF_xxx
-     (where xxx is an abbreviation of the address family name).
-
-     Internet (IPv4) Addresses
-
-     Internet (IPv4) addresses are 32-bit (4-octet) quantities, encoded in
-     MSB order. The type of IPv4 addresses is two (2).
-
-     Internet (IPv6) Addresses [Westerlund]
-
-     IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB order.
-     The type of IPv6 addresses is twenty-four (24). [RFC1883] [RFC1884].
-     The following addresses (see [RFC1884]) MUST not appear in any Kerberos
-     packet:
-        o the Unspecified Address
-        o the Loopback Address
-        o Link-Local addresses
-     IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
-
-     CHAOSnet addresses
-
-     CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB
-     order. The type of CHAOSnet addresses is five (5).
-
-     ISO addresses
-
-     ISO addresses are variable-length. The type of ISO addresses is seven
-     (7).
-
-     Xerox Network Services (XNS) addresses
-
-     XNS addresses are 48-bit (6-octet) quantities, encoded in MSB order.
-     The type of XNS addresses is six (6).
-
-     AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-     AppleTalk DDP addresses consist of an 8-bit node number and a 16-bit
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     network number. The first octet of the address is the node number; the
-     remaining two octets encode the network number in MSB order. The type
-     of AppleTalk DDP addresses is sixteen (16).
-
-     DECnet Phase IV addresses
-
-     DECnet Phase IV addresses are 16-bit addresses, encoded in LSB order.
-     The type of DECnet Phase IV addresses is twelve (12).
-
-     Netbios addresses
-
-     Netbios addresses are 16-octet addresses typically composed of 1 to 15
-     characters, trailing blank (ascii char 20) filled, with a 16th octet of
-     0x0. The type of Netbios addresses is 20 (0x14).
-
-     8.2. KDC messages
-
-     8.2.1. UDP/IP transport
-
-     When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request using
-     UDP IP transport, the client shall send a UDP datagram containing only
-     an encoding of the request to port 88 (decimal) at the KDC's IP
-     address; the KDC will respond with a reply datagram containing only an
-     encoding of the reply message (either a KRB_ERROR or a KRB_KDC_REP) to
-     the sending port at the sender's IP address. Kerberos servers
-     supporting IP transport must accept UDP requests on port 88 (decimal).
-     The response to a request made through UDP/IP transport must also use
-     UDP/IP transport.
-
-     8.2.2. TCP/IP transport [Westerlund,Danielsson]
-
-     Kerberos servers (KDC's) should accept TCP requests on port 88
-     (decimal) and clients should support the sending of TCP requests on
-     port 88 (decimal). When the KRB_KDC_REQ message is sent to the KDC over
-     a TCP stream, a new connection will be established for each
-     authentication exchange (request and response). The KRB_KDC_REP or
-     KRB_ERROR message will be returned to the client on the same TCP stream
-     that was established for the request. The response to a request made
-     through TCP/IP transport must also use TCP/IP transport. Implementors
-     should note that some extentions to the Kerberos protocol will not work
-     if any implementation not supporting the TCP transport is involved
-     (client or KDC). Implementors are strongly urged to support the TCP
-     transport on both the client and server and are advised that the
-     current notation of "should" support will likely change in the future
-     to must support. The KDC may close the TCP stream after sending a
-     response, but may leave the stream open if it expects a followup - in
-     which case it may close the stream at any time if resource constratints
-     or other factors make it desirable to do so. Care must be taken in
-     managing TCP/IP connections with the KDC to prevent denial of service
-     attacks based on the number of TCP/IP connections with the KDC that
-     remain open. If multiple exchanges with the KDC are needed for certain
-     forms of preauthentication, multiple TCP connections may be required. A
-     client may close the stream after receiving response, and should close
-     the stream if it does not expect to send followup messages. The client
-     must be prepared to have the stream closed by the KDC at anytime, in
-     which case it must simply connect again when it is ready to send
-     subsequent messages.
-
-     The first four octets of the TCP stream used to transmit the request
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     request will encode in network byte order the length of the request
-     (KRB_KDC_REQ), and the length will be followed by the request itself.
-     The response will similarly be preceeded by a 4 octet encoding in
-     network byte order of the length of the KRB_KDC_REP or the KRB_ERROR
-     message and will be followed by the KRB_KDC_REP or the KRB_ERROR
-     response. If the sign bit is set on the integer represented by the
-     first 4 octets, then the next 4 octets will be read, extending the
-     length of the field by another 4 octets (less the sign bit which is
-     reserved for future expansion).
-
-     8.2.3. OSI transport
-
-     During authentication of an OSI client to an OSI server, the mutual
-     authentication of an OSI server to an OSI client, the transfer of
-     credentials from an OSI client to an OSI server, or during exchange of
-     private or integrity checked messages, Kerberos protocol messages may
-     be treated as opaque objects and the type of the authentication
-     mechanism will be:
-
-     OBJECT IDENTIFIER ::= {iso (1), org(3), dod(6),internet(1), security(5),kerberosv5(2)}
-
-     Depending on the situation, the opaque object will be an authentication
-     header (KRB_AP_REQ), an authentication reply (KRB_AP_REP), a safe
-     message (KRB_SAFE), a private message (KRB_PRIV), or a credentials
-     message (KRB_CRED). The opaque data contains an application code as
-     specified in the ASN.1 description for each message. The application
-     code may be used by Kerberos to determine the message type.
-
-     8.2.3. Name of the TGS
-
-     The principal identifier of the ticket-granting service shall be
-     composed of three parts: (1) the realm of the KDC issuing the TGS
-     ticket (2) a two-part name of type NT-SRV-INST, with the first part
-     "krbtgt" and the second part the name of the realm which will accept
-     the ticket-granting ticket. For example, a ticket-granting ticket
-     issued by the ATHENA.MIT.EDU realm to be used to get tickets from the
-     ATHENA.MIT.EDU KDC has a principal identifier of "ATHENA.MIT.EDU"
-     (realm), ("krbtgt", "ATHENA.MIT.EDU") (name). A ticket-granting ticket
-     issued by the ATHENA.MIT.EDU realm to be used to get tickets from the
-     MIT.EDU realm has a principal identifier of "ATHENA.MIT.EDU" (realm),
-     ("krbtgt", "MIT.EDU") (name).
-
-     8.3. Protocol constants and associated values
-
-     The following tables list constants used in the protocol and defines
-     their meanings. Ranges are specified in the "specification" section
-     that limit the values of constants for which values are defined here.
-     This allows implementations to make assumptions about the maximum
-     values that will be received for these constants. Implementation
-     receiving values outside the range specified in the "specification"
-     section may reject the request, but they must recover cleanly.
-
-  Encryption type       etype value block size  minimum pad size  confounder size
-  NULL                           0     1           0                 0
-  des-cbc-crc                    1     8           4                 8
-  des-cbc-md4                    2     8           0                 8
-  des-cbc-md5                    3     8           0                 8
-  <reserved>                     4
-  des3-cbc-md5                   5     8           0                 8
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-  <reserved>                     6
-  des3-cbc-sha1                  7     8           0                 8
-  dsaWithSHA1-CmsOID             9                                 (pkinit)
-  md5WithRSAEncryption-CmsOID   10                                 (pkinit)
-  sha1WithRSAEncryption-CmsOID  11                                 (pkinit)
-  rc2CBC-EnvOID                 12                                 (pkinit)
-  rsaEncryption-EnvOID          13                 (pkinit from PKCS#1 v1.5)
-  rsaES-OAEP-ENV-OID            14                 (pkinit from PKCS#1 v2.0)
-  des-ede3-cbc-Env-OID          15                                 (pkinit)
-  des3-cbc-sha1-kd              16                                 (Tom Yu)
-  rc4-hmac                      23                                 (swift)
-  rc4-hmac-exp                  24                                 (swift)
-
-  ENCTYPE_PK_CROSS              48                      (reserved for pkcross)
-  <reserved>                    0x8003
-
-  Checksum type              sumtype value       checksum size
-  CRC32                      1                   4
-  rsa-md4                    2                   16
-  rsa-md4-des                3                   24
-  des-mac                    4                   16
-  des-mac-k                  5                   8
-  rsa-md4-des-k              6                   16 (drop rsa ?)
-  rsa-md5                    7                   16 (drop rsa ?)
-  rsa-md5-des                8                   24 (drop rsa ?)
-  rsa-md5-des3               9                   24 (drop rsa ?)
-  hmac-sha1-des3-kd          12                  20
-  hmac-sha1-des3             13                  20
-
-  padata type                     padata-type value
-
-  PA-TGS-REQ                      1
-  PA-ENC-TIMESTAMP                2
-  PA-PW-SALT                      3
-  <reserved>                      4
-  PA-ENC-UNIX-TIME                5                  (depricated)
-  PA-SANDIA-SECUREID              6
-  PA-SESAME                       7
-  PA-OSF-DCE                      8
-  PA-CYBERSAFE-SECUREID           9
-  PA-AFS3-SALT                    10
-  PA-ETYPE-INFO                   11
-  PA-SAM-CHALLENGE                12                  (sam/otp)
-  PA-SAM-RESPONSE                 13                  (sam/otp)
-  PA-PK-AS-REQ                    14                  (pkinit)
-  PA-PK-AS-REP                    15                  (pkinit)
-  PA-USE-SPECIFIED-KVNO           20
-  PA-SAM-REDIRECT                 21                  (sam/otp)
-  PA-GET-FROM-TYPED-DATA          22
-  PA-SAM-ETYPE-INFO               23                  (sam/otp)
-
-data-type                     value    form of typed-data
-
-<reserved>                      1-21
-TD-PADATA                       22
-TD-PKINIT-CMS-CERTIFICATES      101      CertificateSet from CMS
-TD-KRB-PRINCIPAL                102
-TD-KRB-REALM                    103
-TD-TRUSTED-CERTIFIERS           104
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-TD-CERTIFICATE-INDEX            105
-
-authorization data type         ad-type value
-AD-IF-RELEVANT                     1
-AD-INTENDED-FOR-SERVER             2
-AD-INTENDED-FOR-APPLICATION-CLASS  3
-AD-KDC-ISSUED                      4
-AD-OR                              5
-AD-MANDATORY-TICKET-EXTENSIONS     6
-AD-IN-TICKET-EXTENSIONS            7
-reserved values                    8-63
-OSF-DCE                            64
-SESAME                             65
-AD-OSF-DCE-PKI-CERTID              66         (hemsath@us.ibm.com)
-
-Ticket Extension Types
-
-TE-TYPE-NULL                  0      Null ticket extension
-TE-TYPE-EXTERNAL-ADATA        1      Integrity protected authorization data
-<reserved>                    2      TE-TYPE-PKCROSS-KDC  (I have reservations)
-TE-TYPE-PKCROSS-CLIENT        3      PKCROSS cross realm key ticket
-TE-TYPE-CYBERSAFE-EXT         4      Assigned to CyberSafe Corp
-<reserved>                    5      TE-TYPE-DEST-HOST (I have reservations)
-
-alternate authentication type   method-type value
-reserved values                 0-63
-ATT-CHALLENGE-RESPONSE          64
-
-transited encoding type         tr-type value
-DOMAIN-X500-COMPRESS            1
-reserved values                 all others
-
-Label               Value   Meaning or MIT code
-
-pvno                    5   current Kerberos protocol version number
-
-message types
-
-KRB_AS_REQ             10   Request for initial authentication
-KRB_AS_REP             11   Response to KRB_AS_REQ request
-KRB_TGS_REQ            12   Request for authentication based on TGT
-KRB_TGS_REP            13   Response to KRB_TGS_REQ request
-KRB_AP_REQ             14   application request to server
-KRB_AP_REP             15   Response to KRB_AP_REQ_MUTUAL
-KRB_SAFE               20   Safe (checksummed) application message
-KRB_PRIV               21   Private (encrypted) application message
-KRB_CRED               22   Private (encrypted) message to forward credentials
-KRB_ERROR              30   Error response
-
-name types
-
-KRB_NT_UNKNOWN        0  Name type not known
-KRB_NT_PRINCIPAL      1  Just the name of the principal as in DCE, or for users
-KRB_NT_SRV_INST       2  Service and other unique instance (krbtgt)
-KRB_NT_SRV_HST        3  Service with host name as instance (telnet, rcommands)
-KRB_NT_SRV_XHST       4  Service with host as remaining components
-KRB_NT_UID            5  Unique ID
-KRB_NT_X500_PRINCIPAL 6  Encoded X.509 Distingished name [RFC 2253]
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-error codes
-
-KDC_ERR_NONE                    0   No error
-KDC_ERR_NAME_EXP                1   Client's entry in database has expired
-KDC_ERR_SERVICE_EXP             2   Server's entry in database has expired
-KDC_ERR_BAD_PVNO                3   Requested prot vers number not supported
-KDC_ERR_C_OLD_MAST_KVNO         4   Client's key encrypted in old master key
-KDC_ERR_S_OLD_MAST_KVNO         5   Server's key encrypted in old master key
-KDC_ERR_C_PRINCIPAL_UNKNOWN     6   Client not found in Kerberos database
-KDC_ERR_S_PRINCIPAL_UNKNOWN     7   Server not found in Kerberos database
-KDC_ERR_PRINCIPAL_NOT_UNIQUE    8   Multiple principal entries in database
-KDC_ERR_NULL_KEY                9   The client or server has a null key
-KDC_ERR_CANNOT_POSTDATE        10   Ticket not eligible for postdating
-KDC_ERR_NEVER_VALID            11   Requested start time is later than end time
-KDC_ERR_POLICY                 12   KDC policy rejects request
-KDC_ERR_BADOPTION              13   KDC cannot accommodate requested option
-KDC_ERR_ETYPE_NOSUPP           14   KDC has no support for encryption type
-KDC_ERR_SUMTYPE_NOSUPP         15   KDC has no support for checksum type
-KDC_ERR_PADATA_TYPE_NOSUPP     16   KDC has no support for padata type
-KDC_ERR_TRTYPE_NOSUPP          17   KDC has no support for transited type
-KDC_ERR_CLIENT_REVOKED         18   Clients credentials have been revoked
-KDC_ERR_SERVICE_REVOKED        19   Credentials for server have been revoked
-KDC_ERR_TGT_REVOKED            20   TGT has been revoked
-KDC_ERR_CLIENT_NOTYET          21   Client not yet valid - try again later
-KDC_ERR_SERVICE_NOTYET         22   Server not yet valid - try again later
-KDC_ERR_KEY_EXPIRED            23   Password has expired - change password
-KDC_ERR_PREAUTH_FAILED         24   Pre-authentication information was invalid
-KDC_ERR_PREAUTH_REQUIRED       25   Additional pre-authenticationrequired [40]
-KDC_ERR_SERVER_NOMATCH         26   Requested server and ticket don't match
-KDC_ERR_MUST_USE_USER2USER     27   Server principal valid for user2user only
-KDC_ERR_PATH_NOT_ACCPETED      28   KDC Policy rejects transited path
-KDC_ERR_SVC_UNAVAILABLE        29   A service is not available
-KRB_AP_ERR_BAD_INTEGRITY       31   Integrity check on decrypted field failed
-KRB_AP_ERR_TKT_EXPIRED         32   Ticket expired
-KRB_AP_ERR_TKT_NYV             33   Ticket not yet valid
-KRB_AP_ERR_REPEAT              34   Request is a replay
-KRB_AP_ERR_NOT_US              35   The ticket isn't for us
-KRB_AP_ERR_BADMATCH            36   Ticket and authenticator don't match
-KRB_AP_ERR_SKEW                37   Clock skew too great
-KRB_AP_ERR_BADADDR             38   Incorrect net address
-KRB_AP_ERR_BADVERSION          39   Protocol version mismatch
-KRB_AP_ERR_MSG_TYPE            40   Invalid msg type
-KRB_AP_ERR_MODIFIED            41   Message stream modified
-KRB_AP_ERR_BADORDER            42   Message out of order
-KRB_AP_ERR_BADKEYVER           44   Specified version of key is not available
-KRB_AP_ERR_NOKEY               45   Service key not available
-KRB_AP_ERR_MUT_FAIL            46   Mutual authentication failed
-KRB_AP_ERR_BADDIRECTION        47   Incorrect message direction
-KRB_AP_ERR_METHOD              48   Alternative authentication method required
-KRB_AP_ERR_BADSEQ              49   Incorrect sequence number in message
-KRB_AP_ERR_INAPP_CKSUM         50   Inappropriate type of checksum in message
-KRB_AP_PATH_NOT_ACCEPTED       51   Policy rejects transited path
-KRB_ERR_RESPONSE_TOO_BIG       52   Response too big for UDP, retry with TCP
-KRB_ERR_GENERIC                60   Generic error (description in e-text)
-KRB_ERR_FIELD_TOOLONG          61   Field is too long for this implementation
-KDC_ERROR_CLIENT_NOT_TRUSTED            62 (pkinit)
-KDC_ERROR_KDC_NOT_TRUSTED               63 (pkinit)
-KDC_ERROR_INVALID_SIG                   64 (pkinit)
-KDC_ERR_KEY_TOO_WEAK                    65 (pkinit)
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-KDC_ERR_CERTIFICATE_MISMATCH            66 (pkinit)
-KRB_AP_ERR_NO_TGT                       67 (user-to-user)
-KDC_ERR_WRONG_REALM                     68 (user-to-user)
-KRB_AP_ERR_USER_TO_USER_REQUIRED        69 (user-to-user)
-KDC_ERR_CANT_VERIFY_CERTIFICATE         70 (pkinit)
-KDC_ERR_INVALID_CERTIFICATE             71 (pkinit)
-KDC_ERR_REVOKED_CERTIFICATE             72 (pkinit)
-KDC_ERR_REVOCATION_STATUS_UNKNOWN       73 (pkinit)
-KDC_ERR_REVOCATION_STATUS_UNAVAILABLE   74 (pkinit)
-KDC_ERR_CLIENT_NAME_MISMATCH            75 (pkinit)
-KDC_ERR_KDC_NAME_MISMATCH               76 (pkinit)
-
-     9. Interoperability requirements
-
-     Version 5 of the Kerberos protocol supports a myriad of options. Among
-     these are multiple encryption and checksum types, alternative encoding
-     schemes for the transited field, optional mechanisms for
-     pre-authentication, the handling of tickets with no addresses, options
-     for mutual authentication, user to user authentication, support for
-     proxies, forwarding, postdating, and renewing tickets, the format of
-     realm names, and the handling of authorization data.
-
-     In order to ensure the interoperability of realms, it is necessary to
-     define a minimal configuration which must be supported by all
-     implementations. This minimal configuration is subject to change as
-     technology does. For example, if at some later date it is discovered
-     that one of the required encryption or checksum algorithms is not
-     secure, it will be replaced.
-
-     9.1. Specification 2
-
-     This section defines the second specification of these options.
-     Implementations which are configured in this way can be said to support
-     Kerberos Version 5 Specification 2 (5.1). Specification 1 (depricated)
-     may be found in RFC1510.
-
-     Transport
-
-     TCP/IP and UDP/IP transport must be supported by KDCs claiming
-     conformance to specification 2. Kerberos clients claiming conformance
-     to specification 2 must support UDP/IP transport for messages with the
-     KDC and should support TCP/IP transport.
-
-     Encryption and checksum methods
-
-     The following encryption and checksum mechanisms must be supported.
-     Implementations may support other mechanisms as well, but the
-     additional mechanisms may only be used when communicating with
-     principals known to also support them: This list is to be determined.
-
-     Encryption: DES-CBC-MD5, one triple des variant (tbd)
-     Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5 (tbd)
-
-     Realm Names
-
-     All implementations must understand hierarchical realms in both the
-     Internet Domain and the X.500 style. When a ticket granting ticket for
-     an unknown realm is requested, the KDC must be able to determine the
-     names of the intermediate realms between the KDCs realm and the
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     requested realm.
-
-     Transited field encoding
-
-     DOMAIN-X500-COMPRESS (described in section 3.3.3.2) must be supported.
-     Alternative encodings may be supported, but they may be used only when
-     that encoding is supported by ALL intermediate realms.
-
-     Pre-authentication methods
-
-     The TGS-REQ method must be supported. The TGS-REQ method is not used on
-     the initial request. The PA-ENC-TIMESTAMP method must be supported by
-     clients but whether it is enabled by default may be determined on a
-     realm by realm basis. If not used in the initial request and the error
-     KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENC-TIMESTAMP as an
-     acceptable method, the client should retry the initial request using
-     the PA-ENC-TIMESTAMP preauthentication method. Servers need not support
-     the PA-ENC-TIMESTAMP method, but if not supported the server should
-     ignore the presence of PA-ENC-TIMESTAMP pre-authentication in a
-     request.
-
-     Mutual authentication
-
-     Mutual authentication (via the KRB_AP_REP message) must be supported.
-
-     Ticket addresses and flags
-
-     All KDC's must pass on tickets that carry no addresses (i.e. if a TGT
-     contains no addresses, the KDC will return derivative tickets), but
-     each realm may set its own policy for issuing such tickets, and each
-     application server will set its own policy with respect to accepting
-     them.
-
-     Proxies and forwarded tickets must be supported. Individual realms and
-     application servers can set their own policy on when such tickets will
-     be accepted.
-
-     All implementations must recognize renewable and postdated tickets, but
-     need not actually implement them. If these options are not supported,
-     the starttime and endtime in the ticket shall specify a ticket's entire
-     useful life. When a postdated ticket is decoded by a server, all
-     implementations shall make the presence of the postdated flag visible
-     to the calling server.
-
-     User-to-user authentication
-
-     Support for user to user authentication (via the ENC-TKT-IN-SKEY KDC
-     option) must be provided by implementations, but individual realms may
-     decide as a matter of policy to reject such requests on a per-principal
-     or realm-wide basis.
-
-     Authorization data
-
-     Implementations must pass all authorization data subfields from
-     ticket-granting tickets to any derivative tickets unless directed to
-     suppress a subfield as part of the definition of that registered
-     subfield type (it is never incorrect to pass on a subfield, and no
-     registered subfield types presently specify suppression at the KDC).
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     Implementations must make the contents of any authorization data
-     subfields available to the server when a ticket is used.
-     Implementations are not required to allow clients to specify the
-     contents of the authorization data fields.
-
-     Constant ranges
-
-     All protocol constants are constrained to 32 bit (signed) values unless
-     further constrained by the protocol definition. This limit is provided
-     to allow implementations to make assumptions about the maximum values
-     that will be received for these constants. Implementation receiving
-     values outside this range may reject the request, but they must recover
-     cleanly.
-
-     9.2. Recommended KDC values
-
-     Following is a list of recommended values for a KDC implementation,
-     based on the list of suggested configuration constants (see section
-     4.4).
-
-     minimum lifetime              5 minutes
-     maximum renewable lifetime    1 week
-     maximum ticket lifetime       1 day
-     empty addresses               only when suitable  restrictions  appear
-                                   in authorization data
-     proxiable, etc.               Allowed.
-
-     10. REFERENCES
-
-     [NT94]    B. Clifford Neuman and Theodore Y. Ts'o, "An  Authenti-
-               cation  Service for Computer Networks," IEEE Communica-
-               tions Magazine, Vol. 32(9), pp. 33-38 (September 1994).
-
-     [MNSS87]  S. P. Miller, B. C. Neuman, J. I. Schiller, and  J.  H.
-               Saltzer,  Section  E.2.1:  Kerberos  Authentication and
-               Authorization System, M.I.T. Project Athena, Cambridge,
-               Massachusetts (December 21, 1987).
-
-     [SNS88]   J. G. Steiner, B. C. Neuman, and J. I. Schiller,  "Ker-
-               beros:  An Authentication Service for Open Network Sys-
-               tems," pp. 191-202 in  Usenix  Conference  Proceedings,
-               Dallas, Texas (February, 1988).
-
-     [NS78]    Roger M.  Needham  and  Michael  D.  Schroeder,  "Using
-               Encryption for Authentication in Large Networks of Com-
-               puters,"  Communications  of  the  ACM,  Vol.   21(12),
-               pp. 993-999 (December, 1978).
-
-     [DS81]    Dorothy E. Denning and  Giovanni  Maria  Sacco,  "Time-
-               stamps  in  Key Distribution Protocols," Communications
-               of the ACM, Vol. 24(8), pp. 533-536 (August 1981).
-
-     [KNT92]   John T. Kohl, B. Clifford Neuman, and Theodore Y. Ts'o,
-               "The Evolution of the Kerberos Authentication Service,"
-               in an IEEE Computer Society Text soon to  be  published
-               (June 1992).
-
-     [Neu93]   B.  Clifford  Neuman,  "Proxy-Based  Authorization  and
-               Accounting  for Distributed Systems," in Proceedings of
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-               the 13th International Conference on  Distributed  Com-
-               puting Systems, Pittsburgh, PA (May, 1993).
-
-     [DS90]    Don Davis and Ralph Swick,  "Workstation  Services  and
-               Kerberos  Authentication  at Project Athena," Technical
-               Memorandum TM-424,  MIT Laboratory for Computer Science
-               (February 1990).
-
-     [LGDSR87] P. J. Levine, M. R. Gretzinger, J. M. Diaz, W. E.  Som-
-               merfeld,  and  K. Raeburn, Section E.1: Service Manage-
-               ment System, M.I.T.  Project  Athena,  Cambridge,  Mas-
-               sachusetts (1987).
-
-     [X509-88] CCITT, Recommendation X.509: The Directory  Authentica-
-               tion Framework, December 1988.
-
-     [Pat92].  J. Pato, Using  Pre-Authentication  to  Avoid  Password
-               Guessing  Attacks, Open Software Foundation DCE Request
-               for Comments 26 (December 1992).
-
-     [DES77]   National Bureau of Standards, U.S. Department  of  Com-
-               merce,  "Data Encryption Standard," Federal Information
-               Processing Standards Publication  46,   Washington,  DC
-               (1977).
-
-     [DESM80]  National Bureau of Standards, U.S. Department  of  Com-
-               merce,  "DES  Modes  of Operation," Federal Information
-               Processing Standards Publication 81,   Springfield,  VA
-               (December 1980).
-
-     [SG92]    Stuart G. Stubblebine and Virgil D. Gligor, "On Message
-               Integrity  in  Cryptographic Protocols," in Proceedings
-               of the IEEE  Symposium  on  Research  in  Security  and
-               Privacy, Oakland, California (May 1992).
-
-     [IS3309]  International Organization  for  Standardization,  "ISO
-               Information  Processing  Systems - Data Communication -
-               High-Level Data Link Control Procedure -  Frame  Struc-
-               ture," IS 3309 (October 1984).  3rd Edition.
-
-     [MD4-92]  R. Rivest, "The  MD4  Message  Digest  Algorithm,"  RFC
-               1320,   MIT  Laboratory  for  Computer  Science  (April
-               1992).
-
-     [MD5-92]  R. Rivest, "The  MD5  Message  Digest  Algorithm,"  RFC
-               1321,   MIT  Laboratory  for  Computer  Science  (April
-               1992).
-
-     [KBC96]   H. Krawczyk, M. Bellare, and R. Canetti, "HMAC:  Keyed-
-               Hashing  for  Message  Authentication,"  Working  Draft
-               draft-ietf-ipsec-hmac-md5-01.txt,   (August 1996).
-
-     [Horowitz96] Horowitz, M., "Key Derivation for Authentication,
-               Integrity, and Privacy", draft-horowitz-key-derivation-02.txt,
-               August 1998.
-
-     [HorowitzB96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
-               horowitz-kerb-key-derivation-01.txt, September 1998.
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
-               Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
-               md5-01.txt, August, 1996.
-
-     A. Pseudo-code for protocol processing
-
-     This appendix provides pseudo-code describing how the messages are to
-     be constructed and interpreted by clients and servers.
-
-     A.1. KRB_AS_REQ generation
-
-             request.pvno := protocol version; /* pvno = 5 */
-             request.msg-type := message type; /* type = KRB_AS_REQ */
-
-             if(pa_enc_timestamp_required) then
-                     request.padata.padata-type = PA-ENC-TIMESTAMP;
-                     get system_time;
-                     padata-body.patimestamp,pausec = system_time;
-                     encrypt padata-body into request.padata.padata-value
-                             using client.key; /* derived from password */
-             endif
-
-             body.kdc-options := users's preferences;
-             body.cname := user's name;
-             body.realm := user's realm;
-             body.sname := service's name; /* usually "krbtgt", 
-                                              "localrealm" */
-
-             if (body.kdc-options.POSTDATED is set) then
-                     body.from := requested starting time;
-             else
-                     omit body.from;
-             endif
-             body.till := requested end time;
-             if (body.kdc-options.RENEWABLE is set) then
-                     body.rtime := requested final renewal time;
-             endif
-             body.nonce := random_nonce();
-             body.etype := requested etypes;
-             if (user supplied addresses) then
-                     body.addresses := user's addresses;
-             else
-                     omit body.addresses;
-             endif
-             omit body.enc-authorization-data;
-             request.req-body := body;
-
-             kerberos := lookup(name of local kerberos server (or servers));
-             send(packet,kerberos);
-
-             wait(for response);
-             if (timed_out) then
-                     retry or use alternate server;
-             endif
-
-     A.2. KRB_AS_REQ verification and KRB_AS_REP generation
-
-             decode message into req;
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             client := lookup(req.cname,req.realm);
-             server := lookup(req.sname,req.realm);
-
-             get system_time;
-             kdc_time := system_time.seconds;
-
-             if (!client) then
-                     /* no client in Database */
-                     error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-             endif
-             if (!server) then
-                     /* no server in Database */
-                     error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-             endif
-
-             if(client.pa_enc_timestamp_required and
-                pa_enc_timestamp not present) then
-                     error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-             endif
-
-             if(pa_enc_timestamp present) then
-                     decrypt req.padata-value into decrypted_enc_timestamp
-                             using client.key;
-                             using auth_hdr.authenticator.subkey;
-                     if (decrypt_error()) then
-                             error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                     if(decrypted_enc_timestamp is not within allowable skew) 
-                         then
-                             error_out(KDC_ERR_PREAUTH_FAILED);
-                     endif
-                     if(decrypted_enc_timestamp and usec is replay)
-                             error_out(KDC_ERR_PREAUTH_FAILED);
-                     endif
-                     add decrypted_enc_timestamp and usec to replay cache;
-             endif
-
-             use_etype := first supported etype in req.etypes;
-
-             if (no support for req.etypes) then
-                     error_out(KDC_ERR_ETYPE_NOSUPP);
-             endif
-
-             new_tkt.vno := ticket version; /* = 5 */
-             new_tkt.sname := req.sname;
-             new_tkt.srealm := req.srealm;
-             reset all flags in new_tkt.flags;
-
-             /* It should be noted that local policy may affect the  */
-             /* processing of any of these flags.  For example, some */
-             /* realms may refuse to issue renewable tickets         */
-
-             if (req.kdc-options.FORWARDABLE is set) then
-                     set new_tkt.flags.FORWARDABLE;
-             endif
-             if (req.kdc-options.PROXIABLE is set) then
-                     set new_tkt.flags.PROXIABLE;
-             endif
-
-             if (req.kdc-options.ALLOW-POSTDATE is set) then
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                     set new_tkt.flags.MAY-POSTDATE;
-             endif
-             if ((req.kdc-options.RENEW is set) or
-                 (req.kdc-options.VALIDATE is set) or
-                 (req.kdc-options.PROXY is set) or
-                 (req.kdc-options.FORWARDED is set) or
-                 (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                     error_out(KDC_ERR_BADOPTION);
-             endif
-
-             new_tkt.session := random_session_key();
-             new_tkt.cname := req.cname;
-             new_tkt.crealm := req.crealm;
-             new_tkt.transited := empty_transited_field();
-
-             new_tkt.authtime := kdc_time;
-
-             if (req.kdc-options.POSTDATED is set) then
-                if (against_postdate_policy(req.from)) then
-                     error_out(KDC_ERR_POLICY);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                new_tkt.starttime := req.from;
-             else
-                omit new_tkt.starttime; /* treated as authtime when omitted */
-             endif
-             if (req.till = 0) then
-                     till := infinity;
-             else
-                     till := req.till;
-             endif
-
-             new_tkt.endtime := min(till,
-                                   new_tkt.starttime+client.max_life,
-                                   new_tkt.starttime+server.max_life,
-                                   new_tkt.starttime+max_life_for_realm);
-
-             if ((req.kdc-options.RENEWABLE-OK is set) and
-                 (new_tkt.endtime < req.till)) then
-                     /* we set the RENEWABLE option for later processing */
-                     set req.kdc-options.RENEWABLE;
-                     req.rtime := req.till;
-             endif
-
-             if (req.rtime = 0) then
-                     rtime := infinity;
-             else
-                     rtime := req.rtime;
-             endif
-
-             if (req.kdc-options.RENEWABLE is set) then
-                     set new_tkt.flags.RENEWABLE;
-                     new_tkt.renew-till := min(rtime,
-                                     new_tkt.starttime+client.max_rlife,
-                                     new_tkt.starttime+server.max_rlife,
-                                     new_tkt.starttime+max_rlife_for_realm);
-             else
-                     omit new_tkt.renew-till; /* only present if RENEWABLE */
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             endif
-
-             if (req.addresses) then
-                     new_tkt.caddr := req.addresses;
-             else
-                     omit new_tkt.caddr;
-             endif
-
-             new_tkt.authorization_data := empty_authorization_data();
-
-             encode to-be-encrypted part of ticket into OCTET STRING;
-             new_tkt.enc-part := encrypt OCTET STRING
-                  using etype_for_key(server.key), server.key, server.p_kvno;
-
-             /* Start processing the response */
-
-             resp.pvno := 5;
-             resp.msg-type := KRB_AS_REP;
-             resp.cname := req.cname;
-             resp.crealm := req.realm;
-             resp.ticket := new_tkt;
-
-             resp.key := new_tkt.session;
-             resp.last-req := fetch_last_request_info(client);
-             resp.nonce := req.nonce;
-             resp.key-expiration := client.expiration;
-             resp.flags := new_tkt.flags;
-
-             resp.authtime := new_tkt.authtime;
-             resp.starttime := new_tkt.starttime;
-             resp.endtime := new_tkt.endtime;
-
-             if (new_tkt.flags.RENEWABLE) then
-                     resp.renew-till := new_tkt.renew-till;
-             endif
-
-             resp.realm := new_tkt.realm;
-             resp.sname := new_tkt.sname;
-
-             resp.caddr := new_tkt.caddr;
-
-             encode body of reply into OCTET STRING;
-
-             resp.enc-part := encrypt OCTET STRING
-                              using use_etype, client.key, client.p_kvno;
-             send(resp);
-
-     A.3. KRB_AS_REP verification
-
-             decode response into resp;
-
-             if (resp.msg-type = KRB_ERROR) then
-                  if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) then
-                             set pa_enc_timestamp_required;
-                             goto KRB_AS_REQ;
-                     endif
-                     process_error(resp);
-                     return;
-             endif
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-
-             /* On error, discard the response, and zero the session key */
-             /* from the response immediately */
-
-             key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
-                                      resp.padata);
-             unencrypted part of resp := decode of decrypt of resp.enc-part
-                                     using resp.enc-part.etype and key;
-             zero(key);
-
-             if (common_as_rep_tgs_rep_checks fail) then
-                     destroy resp.key;
-                     return error;
-             endif
-
-             if near(resp.princ_exp) then
-                     print(warning message);
-             endif
-             save_for_later(ticket,session,client,server,times,flags);
-
-     A.4. KRB_AS_REP and KRB_TGS_REP common checks
-
-             if (decryption_error() or
-                 (req.cname != resp.cname) or
-                 (req.realm != resp.crealm) or
-                 (req.sname != resp.sname) or
-                 (req.realm != resp.realm) or
-                 (req.nonce != resp.nonce) or
-                 (req.addresses != resp.caddr)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-      /* make sure no flags are set that shouldn't be, and that all that */
-      /* should be are set                                               */
-         if (!check_flags_for_compatability(req.kdc-options,resp.flags)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-             if ((req.from = 0) and
-                 (resp.starttime is not within allowable skew)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_SKEW;
-             endif
-             if ((req.from != 0) and (req.from != resp.starttime)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-             if ((req.till != 0) and (resp.endtime > req.till)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-             if ((req.kdc-options.RENEWABLE is set) and
-                 (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             if ((req.kdc-options.RENEWABLE-OK is set) and
-                 (resp.flags.RENEWABLE) and
-                 (req.till != 0) and
-                 (resp.renew-till > req.till)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-     A.5. KRB_TGS_REQ generation
-
-       /* Note that make_application_request might have to recursivly     */
-       /* call this routine to get the appropriate ticket-granting ticket */
-
-             request.pvno := protocol version; /* pvno = 5 */
-             request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-             body.kdc-options := users's preferences;
-             /* If the TGT is not for the realm of the end-server  */
-             /* then the sname will be for a TGT for the end-realm */
-             /* and the realm of the requested ticket (body.realm) */
-             /* will be that of the TGS to which the TGT we are    */
-             /* sending applies                                    */
-             body.sname := service's name;
-             body.realm := service's realm;
-
-             if (body.kdc-options.POSTDATED is set) then
-                     body.from := requested starting time;
-             else
-                     omit body.from;
-             endif
-             body.till := requested end time;
-             if (body.kdc-options.RENEWABLE is set) then
-                     body.rtime := requested final renewal time;
-             endif
-             body.nonce := random_nonce();
-             body.etype := requested etypes;
-             if (user supplied addresses) then
-                     body.addresses := user's addresses;
-             else
-                     omit body.addresses;
-             endif
-
-             body.enc-authorization-data := user-supplied data;
-             if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                     body.additional-tickets_ticket := second TGT;
-             endif
-
-             request.req-body := body;
-             check := generate_checksum (req.body,checksumtype);
-
-             request.padata[0].padata-type := PA-TGS-REQ;
-             request.padata[0].padata-value := create a KRB_AP_REQ using
-                                           the TGT and checksum
-
-             /* add in any other padata as required/supplied */
-
-             kerberos := lookup(name of local kerberose server (or servers));
-             send(packet,kerberos);
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             wait(for response);
-             if (timed_out) then
-                     retry or use alternate server;
-             endif
-
-     A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
-
-             /* note that reading the application request requires first
-             determining the server for which a ticket was issued, and
-             choosing the correct key for decryption.  The name of the
-             server appears in the plaintext part of the ticket. */
-
-             if (no KRB_AP_REQ in req.padata) then
-                     error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-             endif
-             verify KRB_AP_REQ in req.padata;
-
-             /* Note that the realm in which the Kerberos server is
-             operating is determined by the instance from the
-             ticket-granting ticket.  The realm in the ticket-granting
-             ticket is the realm under which the ticket granting
-             ticket was issued.  It is possible for a single Kerberos 
-             server to support more than one realm. */
-
-             auth_hdr := KRB_AP_REQ;
-             tgt := auth_hdr.ticket;
-
-             if (tgt.sname is not a TGT for local realm and is not req.sname) 
-                   then
-                     error_out(KRB_AP_ERR_NOT_US);
-
-             realm := realm_tgt_is_for(tgt);
-
-             decode remainder of request;
-
-             if (auth_hdr.authenticator.cksum is missing) then
-                     error_out(KRB_AP_ERR_INAPP_CKSUM);
-             endif
-
-             if (auth_hdr.authenticator.cksum type is not supported) then
-                     error_out(KDC_ERR_SUMTYPE_NOSUPP);
-             endif
-             if (auth_hdr.authenticator.cksum is not both collision-proof 
-                 and keyed) then
-                     error_out(KRB_AP_ERR_INAPP_CKSUM);
-             endif
-
-             set computed_checksum := checksum(req);
-             if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                     error_out(KRB_AP_ERR_MODIFIED);
-             endif
-
-             server := lookup(req.sname,realm);
-
-             if (!server) then
-                     if (is_foreign_tgt_name(req.sname)) then
-                             server := best_intermediate_tgs(req.sname);
-                     else
-                             /* no server in Database */
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                             error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-                     endif
-             endif
-
-             session := generate_random_session_key();
-
-             use_etype := first supported etype in req.etypes;
-
-             if (no support for req.etypes) then
-                     error_out(KDC_ERR_ETYPE_NOSUPP);
-             endif
-
-             new_tkt.vno := ticket version; /* = 5 */
-             new_tkt.sname := req.sname;
-             new_tkt.srealm := realm;
-             reset all flags in new_tkt.flags;
-
-             /* It should be noted that local policy may affect the  */
-             /* processing of any of these flags.  For example, some */
-             /* realms may refuse to issue renewable tickets         */
-
-             new_tkt.caddr := tgt.caddr;
-             resp.caddr := NULL; /* We only include this if they change */
-             if (req.kdc-options.FORWARDABLE is set) then
-                     if (tgt.flags.FORWARDABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.FORWARDABLE;
-             endif
-             if (req.kdc-options.FORWARDED is set) then
-                     if (tgt.flags.FORWARDABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.FORWARDED;
-                     new_tkt.caddr := req.addresses;
-                     resp.caddr := req.addresses;
-             endif
-             if (tgt.flags.FORWARDED is set) then
-                     set new_tkt.flags.FORWARDED;
-             endif
-
-             if (req.kdc-options.PROXIABLE is set) then
-                     if (tgt.flags.PROXIABLE is reset)
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.PROXIABLE;
-             endif
-             if (req.kdc-options.PROXY is set) then
-                     if (tgt.flags.PROXIABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.PROXY;
-                     new_tkt.caddr := req.addresses;
-                     resp.caddr := req.addresses;
-             endif
-
-             if (req.kdc-options.ALLOW-POSTDATE is set) then
-                     if (tgt.flags.MAY-POSTDATE is reset)
-                             error_out(KDC_ERR_BADOPTION);
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                     endif
-                     set new_tkt.flags.MAY-POSTDATE;
-             endif
-             if (req.kdc-options.POSTDATED is set) then
-                     if (tgt.flags.MAY-POSTDATE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.POSTDATED;
-                     set new_tkt.flags.INVALID;
-                     if (against_postdate_policy(req.from)) then
-                             error_out(KDC_ERR_POLICY);
-                     endif
-                     new_tkt.starttime := req.from;
-             endif
-
-             if (req.kdc-options.VALIDATE is set) then
-                     if (tgt.flags.INVALID is reset) then
-                             error_out(KDC_ERR_POLICY);
-                     endif
-                     if (tgt.starttime > kdc_time) then
-                             error_out(KRB_AP_ERR_NYV);
-                     endif
-                     if (check_hot_list(tgt)) then
-                             error_out(KRB_AP_ERR_REPEAT);
-                     endif
-                     tkt := tgt;
-                     reset new_tkt.flags.INVALID;
-             endif
-
-             if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                                  and those already processed) is set) then
-                     error_out(KDC_ERR_BADOPTION);
-             endif
-
-             new_tkt.authtime := tgt.authtime;
-
-             if (req.kdc-options.RENEW is set) then
-      /* Note that if the endtime has already passed, the ticket would  */
-      /* have been rejected in the initial authentication stage, so     */
-      /* there is no need to check again here                           */
-                     if (tgt.flags.RENEWABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     if (tgt.renew-till < kdc_time) then
-                             error_out(KRB_AP_ERR_TKT_EXPIRED);
-                     endif
-                     tkt := tgt;
-                     new_tkt.starttime := kdc_time;
-                     old_life := tgt.endttime - tgt.starttime;
-                     new_tkt.endtime := min(tgt.renew-till,
-                                            new_tkt.starttime + old_life);
-             else
-                     new_tkt.starttime := kdc_time;
-                     if (req.till = 0) then
-                             till := infinity;
-                     else
-                             till := req.till;
-                     endif
-                     new_tkt.endtime := min(till,
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                            new_tkt.starttime+client.max_life,
-                                            new_tkt.starttime+server.max_life,
-                                            new_tkt.starttime+max_life_for_realm,
-                                            tgt.endtime);
-
-                     if ((req.kdc-options.RENEWABLE-OK is set) and
-                         (new_tkt.endtime < req.till) and
-                         (tgt.flags.RENEWABLE is set) then
-                             /* we set the RENEWABLE option for later processing */
-                             set req.kdc-options.RENEWABLE;
-                             req.rtime := min(req.till, tgt.renew-till);
-                     endif
-             endif
-
-             if (req.rtime = 0) then
-                     rtime := infinity;
-             else
-                     rtime := req.rtime;
-             endif
-
-             if ((req.kdc-options.RENEWABLE is set) and
-                 (tgt.flags.RENEWABLE is set)) then
-                     set new_tkt.flags.RENEWABLE;
-                     new_tkt.renew-till := min(rtime,
-                                       new_tkt.starttime+client.max_rlife,
-                                       new_tkt.starttime+server.max_rlife,
-                                       new_tkt.starttime+max_rlife_for_realm,
-                                       tgt.renew-till);
-             else
-                     new_tkt.renew-till := OMIT; /* leave the
-                                                   renew-till field out */ 
-             endif
-             if (req.enc-authorization-data is present) then
-                     decrypt req.enc-authorization-data into
-                                  decrypted_authorization_data
-                             using auth_hdr.authenticator.subkey;
-                     if (decrypt_error()) then
-                             error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                     endif
-             endif
-             new_tkt.authorization_data :=
-                     req.auth_hdr.ticket.authorization_data + 
-                                      decrypted_authorization_data;
-
-             new_tkt.key := session;
-             new_tkt.crealm := tgt.crealm;
-             new_tkt.cname := req.auth_hdr.ticket.cname;
-
-             if (realm_tgt_is_for(tgt) := tgt.realm) then
-                     /* tgt issued by local realm */
-                     new_tkt.transited := tgt.transited;
-             else
-                     /* was issued for this realm by some other realm */
-                     if (tgt.transited.tr-type not supported) then
-                             error_out(KDC_ERR_TRTYPE_NOSUPP);
-                     endif
-                     new_tkt.transited :=
-                         compress_transited(tgt.transited + tgt.realm) 
-                     /* Don't check tranited field if TGT for foreign realm,
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                      * or requested not to check */
-                     if (is_not_foreign_tgt_name(new_tkt.server)
-                        && req.kdc-options.DISABLE-TRANSITED-CHECK not
-                             set) then 
-                          /* Check it, so end-server does not have to
-                           * but don't fail, end-server may still accept it */
-                          if (check_transited_field(new_tkt.transited) == OK)
-                                   set new_tkt.flags.TRANSITED-POLICY-CHECKED;
-                             endif
-                     endif
-             endif
-
-             encode encrypted part of new_tkt into OCTET STRING;
-             if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                     if (server not specified) then
-                             server = req.second_ticket.client;
-                     endif
-                     if ((req.second_ticket is not a TGT) or
-                         (req.second_ticket.client != server)) then
-                             error_out(KDC_ERR_POLICY);
-                     endif
-
-                     new_tkt.enc-part := encrypt OCTET STRING using
-                             using etype_for_key(second-ticket.key),
-                             second-ticket.key; 
-             else
-                     new_tkt.enc-part := encrypt OCTET STRING
-                             using etype_for_key(server.key),
-                             server.key, server.p_kvno; 
-             endif
-
-             resp.pvno := 5;
-             resp.msg-type := KRB_TGS_REP;
-             resp.crealm := tgt.crealm;
-             resp.cname := tgt.cname;
-             resp.ticket := new_tkt;
-
-             resp.key := session;
-             resp.nonce := req.nonce;
-             resp.last-req := fetch_last_request_info(client);
-             resp.flags := new_tkt.flags;
-
-             resp.authtime := new_tkt.authtime;
-             resp.starttime := new_tkt.starttime;
-             resp.endtime := new_tkt.endtime;
-
-             omit resp.key-expiration;
-
-             resp.sname := new_tkt.sname;
-             resp.realm := new_tkt.realm;
-
-             if (new_tkt.flags.RENEWABLE) then
-                     resp.renew-till := new_tkt.renew-till;
-             endif
-
-             encode body of reply into OCTET STRING;
-
-             if (req.padata.authenticator.subkey)
-                     resp.enc-part := encrypt OCTET STRING using use_etype,
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                             req.padata.authenticator.subkey;
-             else resp.enc-part := encrypt OCTET STRING using
-                                         use_etype, tgt.key; 
-
-             send(resp);
-
-     A.7. KRB_TGS_REP verification
-
-             decode response into resp;
-
-             if (resp.msg-type = KRB_ERROR) then
-                     process_error(resp);
-                     return;
-             endif
-
-             /* On error, discard the response, and zero the session key from
-             the response immediately */
-
-             if (req.padata.authenticator.subkey)
-                     unencrypted part of resp := decode of decrypt of
-                             resp.enc-part 
-                             using resp.enc-part.etype and subkey;
-             else unencrypted part of resp := decode of decrypt of
-                              resp.enc-part 
-                                     using resp.enc-part.etype and
-                                      tgt's session key; 
-             if (common_as_rep_tgs_rep_checks fail) then
-                     destroy resp.key;
-                     return error;
-             endif
-
-             check authorization_data as necessary;
-             save_for_later(ticket,session,client,server,times,flags);
-
-     A.8. Authenticator generation
-
-             body.authenticator-vno := authenticator vno; /* = 5 */
-             body.cname, body.crealm := client name;
-             if (supplying checksum) then
-                     body.cksum := checksum;
-             endif
-             get system_time;
-             body.ctime, body.cusec := system_time;
-             if (selecting sub-session key) then
-                     select sub-session key;
-                     body.subkey := sub-session key;
-             endif
-             if (using sequence numbers) then
-                     select initial sequence number;
-                     body.seq-number := initial sequence;
-             endif
-
-     A.9. KRB_AP_REQ generation
-
-             obtain ticket and session_key from cache;
-
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_AP_REQ */
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             if (desired(MUTUAL_AUTHENTICATION)) then
-                     set packet.ap-options.MUTUAL-REQUIRED;
-             else
-                     reset packet.ap-options.MUTUAL-REQUIRED;
-             endif
-             if (using session key for ticket) then
-                     set packet.ap-options.USE-SESSION-KEY;
-             else
-                     reset packet.ap-options.USE-SESSION-KEY;
-             endif
-             packet.ticket := ticket; /* ticket */
-             generate authenticator;
-             encode authenticator into OCTET STRING;
-             encrypt OCTET STRING into packet.authenticator using session_key;
-
-     A.10. KRB_AP_REQ verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_AP_REQ) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-             if (packet.ticket.tkt_vno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.ap_options.USE-SESSION-KEY is set) then
-                     retrieve session key from ticket-granting ticket for
-                      packet.ticket.{sname,srealm,enc-part.etype};
-             else
-                     retrieve service key for
-                   packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno}; 
-             endif
-             if (no_key_available) then
-                     if (cannot_find_specified_skvno) then
-                             error_out(KRB_AP_ERR_BADKEYVER);
-                     else
-                             error_out(KRB_AP_ERR_NOKEY);
-                     endif
-             endif
-             decrypt packet.ticket.enc-part into decr_ticket using
-                      retrieved key; 
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             decrypt packet.authenticator into decr_authenticator
-                     using decr_ticket.key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             if (decr_authenticator.{cname,crealm} !=
-                 decr_ticket.{cname,crealm}) then
-                     error_out(KRB_AP_ERR_BADMATCH);
-             endif
-             if (decr_ticket.caddr is present) then
-                     if (sender_address(packet) is not in
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                                    decr_ticket.caddr) then 
-                             error_out(KRB_AP_ERR_BADADDR);
-                     endif
-             elseif (application requires addresses) then
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if (not in_clock_skew(decr_authenticator.ctime,
-                                   decr_authenticator.cusec)) then
-                     error_out(KRB_AP_ERR_SKEW);
-             endif
-             if (repeated(decr_authenticator.{ctime,cusec,cname,crealm})) then
-                     error_out(KRB_AP_ERR_REPEAT);
-             endif
-             save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-             get system_time;
-             if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-                 (decr_ticket.flags.INVALID is set)) then
-                     /* it hasn't yet become valid */
-                     error_out(KRB_AP_ERR_TKT_NYV);
-             endif
-             if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                     error_out(KRB_AP_ERR_TKT_EXPIRED);
-             endif
-             if (decr_ticket.transited) then
-                 /* caller may ignore the TRANSITED-POLICY-CHECKED and do
-                  * check anyway */
-                 if (decr_ticket.flags.TRANSITED-POLICY-CHECKED not set) then
-                      if (check_transited_field(decr_ticket.transited) then
-                           error_out(KDC_AP_PATH_NOT_ACCPETED);
-                      endif
-                 endif
-             endif
-           /* caller must check decr_ticket.flags for any pertinent details */
-           return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-     A.11. KRB_AP_REP generation
-
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_AP_REP */
-
-             body.ctime := packet.ctime;
-             body.cusec := packet.cusec;
-             if (selecting sub-session key) then
-                     select sub-session key;
-                     body.subkey := sub-session key;
-             endif
-             if (using sequence numbers) then
-                     select initial sequence number;
-                     body.seq-number := initial sequence;
-             endif
-
-             encode body into OCTET STRING;
-
-             select encryption type;
-             encrypt OCTET STRING into packet.enc-part;
-
-     A.12. KRB_AP_REP verification
-
-             receive packet;
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_AP_REP) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-             cleartext := decrypt(packet.enc-part) using ticket's session key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             if (cleartext.ctime != authenticator.ctime) then
-                     error_out(KRB_AP_ERR_MUT_FAIL);
-             endif
-             if (cleartext.cusec != authenticator.cusec) then
-                     error_out(KRB_AP_ERR_MUT_FAIL);
-             endif
-             if (cleartext.subkey is present) then
-                     save cleartext.subkey for future use;
-             endif
-             if (cleartext.seq-number is present) then
-                     save cleartext.seq-number for future verifications;
-             endif
-             return(AUTHENTICATION_SUCCEEDED);
-
-     A.13. KRB_SAFE generation
-
-             collect user data in buffer;
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_SAFE */
-
-             body.user-data := buffer; /* DATA */
-             if (using timestamp) then
-                     get system_time;
-                     body.timestamp, body.usec := system_time;
-             endif
-             if (using sequence numbers) then
-                     body.seq-number := sequence number;
-             endif
-             body.s-address := sender host addresses;
-             if (only one recipient) then
-                     body.r-address := recipient host address;
-             endif
-             checksum.cksumtype := checksum type;
-             compute checksum over body;
-             checksum.checksum := checksum value; /* checksum.checksum */
-             packet.cksum := checksum;
-             packet.safe-body := body;
-
-     A.14. KRB_SAFE verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_SAFE) then
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-             if (packet.checksum.cksumtype is not both collision-proof
-                 and keyed) then 
-                     error_out(KRB_AP_ERR_INAPP_CKSUM);
-             endif
-             if (safe_priv_common_checks_ok(packet)) then
-                     set computed_checksum := checksum(packet.body);
-                     if (computed_checksum != packet.checksum) then
-                             error_out(KRB_AP_ERR_MODIFIED);
-                     endif
-                     return (packet, PACKET_IS_GENUINE);
-             else
-                     return common_checks_error;
-             endif
-
-     A.15. KRB_SAFE and KRB_PRIV common checks
-
-             if (packet.s-address != O/S_sender(packet)) then
-                     /* O/S report of sender not who claims to have sent it */
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if ((packet.r-address is present) and
-                 (packet.r-address != local_host_address)) then
-                     /* was not sent to proper place */
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if (((packet.timestamp is present) and
-                  (not in_clock_skew(packet.timestamp,packet.usec))) or
-                 (packet.timestamp is not present and timestamp expected)) then
-                     error_out(KRB_AP_ERR_SKEW);
-             endif
-             if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                     error_out(KRB_AP_ERR_REPEAT);
-             endif
-
-             if (((packet.seq-number is present) and
-                  ((not in_sequence(packet.seq-number)))) or
-                 (packet.seq-number is not present and sequence expected)) then
-                     error_out(KRB_AP_ERR_BADORDER);
-             endif
-             if (packet.timestamp not present and packet.seq-number
-                   not present) then 
-                     error_out(KRB_AP_ERR_MODIFIED);
-             endif
-
-             save_identifier(packet.{timestamp,usec,s-address},
-                             sender_principal(packet));
-
-             return PACKET_IS_OK;
-
-     A.16. KRB_PRIV generation
-
-             collect user data in buffer;
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_PRIV */
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             packet.enc-part.etype := encryption type;
-
-             body.user-data := buffer;
-             if (using timestamp) then
-                     get system_time;
-                     body.timestamp, body.usec := system_time;
-             endif
-             if (using sequence numbers) then
-                     body.seq-number := sequence number;
-             endif
-             body.s-address := sender host addresses;
-             if (only one recipient) then
-                     body.r-address := recipient host address;
-             endif
-
-             encode body into OCTET STRING;
-
-             select encryption type;
-             encrypt OCTET STRING into packet.enc-part.cipher;
-
-     A.17. KRB_PRIV verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_PRIV) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-
-             cleartext := decrypt(packet.enc-part) using negotiated key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-
-             if (safe_priv_common_checks_ok(cleartext)) then
-                     return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
-             else
-                     return common_checks_error;
-             endif
-
-     A.18. KRB_CRED generation
-
-             invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_CRED */
-
-             for (tickets[n] in tickets to be forwarded) do
-                     packet.tickets[n] = tickets[n].ticket;
-             done
-
-             packet.enc-part.etype := encryption type;
-
-             for (ticket[n] in tickets to be forwarded) do
-                     body.ticket-info[n].key = tickets[n].session;
-                     body.ticket-info[n].prealm = tickets[n].crealm;
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-                     body.ticket-info[n].pname = tickets[n].cname;
-                     body.ticket-info[n].flags = tickets[n].flags;
-                     body.ticket-info[n].authtime = tickets[n].authtime;
-                     body.ticket-info[n].starttime = tickets[n].starttime;
-                     body.ticket-info[n].endtime = tickets[n].endtime;
-                     body.ticket-info[n].renew-till = tickets[n].renew-till;
-                     body.ticket-info[n].srealm = tickets[n].srealm;
-                     body.ticket-info[n].sname = tickets[n].sname;
-                     body.ticket-info[n].caddr = tickets[n].caddr;
-             done
-
-             get system_time;
-             body.timestamp, body.usec := system_time;
-
-             if (using nonce) then
-                     body.nonce := nonce;
-             endif
-
-             if (using s-address) then
-                     body.s-address := sender host addresses;
-             endif
-             if (limited recipients) then
-                     body.r-address := recipient host address;
-             endif
-
-             encode body into OCTET STRING;
-
-             select encryption type;
-             encrypt OCTET STRING into packet.enc-part.cipher
-                    using negotiated encryption key;
-
-     A.19. KRB_CRED verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_CRED) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-
-             cleartext := decrypt(packet.enc-part) using negotiated key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             if ((packet.r-address is present or required) and
-                (packet.s-address != O/S_sender(packet)) then
-                     /* O/S report of sender not who claims to have sent it */
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if ((packet.r-address is present) and
-                 (packet.r-address != local_host_address)) then
-                     /* was not sent to proper place */
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                     error_out(KRB_AP_ERR_SKEW);
-             endif
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-             if (repeated(packet.timestamp,packet.usec,packet.s-address)) then
-                     error_out(KRB_AP_ERR_REPEAT);
-             endif
-             if (packet.nonce is required or present) and
-                (packet.nonce != expected-nonce) then
-                     error_out(KRB_AP_ERR_MODIFIED);
-             endif
-
-             for (ticket[n] in tickets that were forwarded) do
-                     save_for_later(ticket[n],key[n],principal[n],
-                                    server[n],times[n],flags[n]);
-             return
-
-     A.20. KRB_ERROR generation
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_ERROR */
-
-             get system_time;
-             packet.stime, packet.susec := system_time;
-             packet.realm, packet.sname := server name;
-
-             if (client time available) then
-                     packet.ctime, packet.cusec := client_time;
-             endif
-             packet.error-code := error code;
-             if (client name available) then
-                     packet.cname, packet.crealm := client name;
-             endif
-             if (error text available) then
-                     packet.e-text := error text;
-             endif
-             if (error data available) then
-                     packet.e-data := error data;
-             endif
-
-     B. Definition of common authorization data elements
-
-     This appendix contains the definitions of common authorization data
-     elements. These common authorization data elements are recursivly
-     defined, meaning the ad-data for these types will itself contain a
-     sequence of authorization data whose interpretation is affected by the
-     encapsulating element. Depending on the meaning of the encapsulating
-     element, the encapsulated elements may be ignored, might be interpreted
-     as issued directly by the KDC, or they might be stored in a separate
-     plaintext part of the ticket. The types of the encapsulating elements
-     are specified as part of the Kerberos specification because the
-     behavior based on these values should be understood across
-     implementations whereas other elements need only be understood by the
-     applications which they affect.
-
-     In the definitions that follow, the value of the ad-type for the
-     element will be specified in the subsection number, and the value of
-     the ad-data will be as shown in the ASN.1 structure that follows the
-     subsection heading.
-
-     B.1. If relevant
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     AD-IF-RELEVANT   AuthorizationData
-
-     AD elements encapsulated within the if-relevant element are intended
-     for interpretation only by application servers that understand the
-     particular ad-type of the embedded element. Application servers that do
-     not understand the type of an element embedded within the if-relevant
-     element may ignore the uninterpretable element. This element promotes
-     interoperability across implementations which may have local extensions
-     for authorization.
-
-     B.2. Intended for server
-
-     AD-INTENDED-FOR-SERVER   SEQUENCE {
-              intended-server[0]     SEQUENCE OF PrincipalName
-              elements[1]            AuthorizationData
-     }
-
-     AD elements encapsulated within the intended-for-server element may be
-     ignored if the application server is not in the list of principal names
-     of intended servers. Further, a KDC issuing a ticket for an application
-     server can remove this element if the application server is not in the
-     list of intended servers.
-
-     Application servers should check for their principal name in the
-     intended-server field of this element. If their principal name is not
-     found, this element should be ignored. If found, then the encapsulated
-     elements should be evaluated in the same manner as if they were present
-     in the top level authorization data field. Applications and application
-     servers that do not implement this element should reject tickets that
-     contain authorization data elements of this type.
-
-     B.3. Intended for application class
-
-     AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE {
-     intended-application-class[0] SEQUENCE OF GeneralString elements[1]
-     AuthorizationData } AD elements encapsulated within the
-     intended-for-application-class element may be ignored if the
-     application server is not in one of the named classes of application
-     servers. Examples of application server classes include "FILESYSTEM",
-     and other kinds of servers.
-
-     This element and the elements it encapulates may be safely ignored by
-     applications, application servers, and KDCs that do not implement this
-     element.
-
-     B.4. KDC Issued
-
-     AD-KDCIssued   SEQUENCE {
-                    ad-checksum[0]    Checksum,
-                     i-realm[1]       Realm OPTIONAL,
-                     i-sname[2]       PrincipalName OPTIONAL,
-                    elements[3]       AuthorizationData.
-     }
-
-     ad-checksum
-          A checksum over the elements field using a cryptographic checksum
-          method that is identical to the checksum used to protect the
-          ticket itself (i.e. using the same hash function and the same
-          encryption algorithm used to encrypt the ticket) and using a key
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-          derived from the same key used to protect the ticket.
-     i-realm, i-sname
-          The name of the issuing principal if different from the KDC
-          itself. This field would be used when the KDC can verify the
-          authenticity of elements signed by the issuing principal and it
-          allows this KDC to notify the application server of the validity
-          of those elements.
-     elements
-          A sequence of authorization data elements issued by the KDC.
-     The KDC-issued ad-data field is intended to provide a means for
-     Kerberos principal credentials to embed within themselves privilege
-     attributes and other mechanisms for positive authorization, amplifying
-     the priveleges of the principal beyond what can be done using a
-     credentials without such an a-data element.
-
-     This can not be provided without this element because the definition of
-     the authorization-data field allows elements to be added at will by the
-     bearer of a TGT at the time that they request service tickets and
-     elements may also be added to a delegated ticket by inclusion in the
-     authenticator.
-
-     For KDC-issued elements this is prevented because the elements are
-     signed by the KDC by including a checksum encrypted using the server's
-     key (the same key used to encrypt the ticket - or a key derived from
-     that key). Elements encapsulated with in the KDC-issued element will be
-     ignored by the application server if this "signature" is not present.
-     Further, elements encapsulated within this element from a ticket
-     granting ticket may be interpreted by the KDC, and used as a basis
-     according to policy for including new signed elements within derivative
-     tickets, but they will not be copied to a derivative ticket directly.
-     If they are copied directly to a derivative ticket by a KDC that is not
-     aware of this element, the signature will not be correct for the
-     application ticket elements, and the field will be ignored by the
-     application server.
-
-     This element and the elements it encapulates may be safely ignored by
-     applications, application servers, and KDCs that do not implement this
-     element.
-
-     B.5. And-Or
-
-     AD-AND-OR           SEQUENCE {
-                             condition-count[0]    INTEGER,
-                             elements[1]           AuthorizationData
-     }
-
-     When restrictive AD elements encapsulated within the and-or element are
-     encountered, only the number specified in condition-count of the
-     encapsulated conditions must be met in order to satisfy this element.
-     This element may be used to implement an "or" operation by setting the
-     condition-count field to 1, and it may specify an "and" operation by
-     setting the condition count to the number of embedded elements.
-     Application servers that do not implement this element must reject
-     tickets that contain authorization data elements of this type.
-
-     B.6. Mandatory ticket extensions
-
-     AD-Mandatory-Ticket-Extensions   Checksum
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     An authorization data element of type mandatory-ticket-extensions
-     specifies a collision-proof checksum using the same hash algorithm used
-     to protect the integrity of the ticket itself. This checksum will be
-     calculated over an individual extension field. If there are more than
-     one extension, multiple Mandatory-Ticket-Extensions authorization data
-     elements may be present, each with a checksum for a different extension
-     field. This restriction indicates that the ticket should not be
-     accepted if a ticket extension is not present in the ticket for which
-     the checksum does not match that checksum specified in the
-     authorization data element. Application servers that do not implement
-     this element must reject tickets that contain authorization data
-     elements of this type.
-
-     B.7. Authorization Data in ticket extensions
-
-     AD-IN-Ticket-Extensions   Checksum
-
-     An authorization data element of type in-ticket-extensions specifies a
-     collision-proof checksum using the same hash algorithm used to protect
-     the integrity of the ticket itself. This checksum is calculated over a
-     separate external AuthorizationData field carried in the ticket
-     extensions. Application servers that do not implement this element must
-     reject tickets that contain authorization data elements of this type.
-     Application servers that do implement this element will search the
-     ticket extensions for authorization data fields, calculate the
-     specified checksum over each authorization data field and look for one
-     matching the checksum in this in-ticket-extensions element. If not
-     found, then the ticket must be rejected. If found, the corresponding
-     authorization data elements will be interpreted in the same manner as
-     if they were contained in the top level authorization data field.
-
-     Note that if multiple external authorization data fields are present in
-     a ticket, each will have a corresponding element of type
-     in-ticket-extensions in the top level authorization data field, and the
-     external entries will be linked to the corresponding element by their
-     checksums.
-
-     C. Definition of common ticket extensions
-
-     This appendix contains the definitions of common ticket extensions.
-     Support for these extensions is optional. However, certain extensions
-     have associated authorization data elements that may require rejection
-     of a ticket containing an extension by application servers that do not
-     implement the particular extension. Other extensions have been defined
-     beyond those described in this specification. Such extensions are
-     described elswhere and for some of those extensions the reserved number
-     may be found in the list of constants.
-
-     It is known that older versions of Kerberos did not support this field,
-     and that some clients will strip this field from a ticket when they
-     parse and then reassemble a ticket as it is passed to the application
-     servers. The presence of the extension will not break such clients, but
-     any functionaly dependent on the extensions will not work when such
-     tickets are handled by old clients. In such situations, some
-     implementation may use alternate methods to transmit the information in
-     the extensions field.
-
-     C.1. Null ticket extension
-
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     TE-NullExtension   OctetString -- The empty Octet String
-
-     The te-data field in the null ticket extension is an octet string of
-     lenght zero. This extension may be included in a ticket granting ticket
-     so that the KDC can determine on presentation of the ticket granting
-     ticket whether the client software will strip the extensions field.
-
-     C.2. External Authorization Data
-
-     TE-ExternalAuthorizationData   AuthorizationData
-
-     The te-data field in the external authorization data ticket extension
-     is field of type AuthorizationData containing one or more authorization
-     data elements. If present, a corresponding authorization data element
-     will be present in the primary authorization data for the ticket and
-     that element will contain a checksum of the external authorization data
-     ticket extension.
-     -----------------------------------------------------------------------
-     [TM] Project Athena, Athena, and Kerberos are trademarks of the
-     Massachusetts Institute of Technology (MIT). No commercial use of these
-     trademarks may be made without prior written permission of MIT.
-
-     [1] Note, however, that many applications use Kerberos' functions only
-     upon the initiation of a stream-based network connection. Unless an
-     application subsequently provides integrity protection for the data
-     stream, the identity verification applies only to the initiation of the
-     connection, and does not guarantee that subsequent messages on the
-     connection originate from the same principal.
-
-     [2] Secret and private are often used interchangeably in the
-     literature. In our usage, it takes two (or more) to share a secret,
-     thus a shared DES key is a secret key. Something is only private when
-     no one but its owner knows it. Thus, in public key cryptosystems, one
-     has a public and a private key.
-
-     [3] Of course, with appropriate permission the client could arrange
-     registration of a separately-named prin- cipal in a remote realm, and
-     engage in normal exchanges with that realm's services. However, for
-     even small numbers of clients this becomes cumbersome, and more
-     automatic methods as described here are necessary.
-
-     [4] Though it is permissible to request or issue tick- ets with no
-     network addresses specified.
-
-     [5] The password-changing request must not be honored unless the
-     requester can provide the old password (the user's current secret key).
-     Otherwise, it would be possible for someone to walk up to an unattended
-     ses- sion and change another user's password.
-
-     [6] To authenticate a user logging on to a local system, the
-     credentials obtained in the AS exchange may first be used in a TGS
-     exchange to obtain credentials for a local server. Those credentials
-     must then be verified by a local server through successful completion
-     of the Client/Server exchange.
-
-     [7] "Random" means that, among other things, it should be impossible to
-     guess the next session key based on knowledge of past session keys.
-     This can only be achieved in a pseudo-random number generator if it is
-     based on cryptographic principles. It is more desirable to use a truly
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     random number generator, such as one based on measurements of random
-     physical phenomena.
-
-     [8] Tickets contain both an encrypted and unencrypted portion, so
-     cleartext here refers to the entire unit, which can be copied from one
-     message and replayed in another without any cryptographic skill.
-
-     [9] Note that this can make applications based on unreliable transports
-     difficult to code correctly. If the transport might deliver duplicated
-     messages, either a new authenticator must be generated for each retry,
-     or the application server must match requests and replies and replay
-     the first reply in response to a detected duplicate.
-
-     [10] This is used for user-to-user authentication as described in [8].
-
-     [11] Note that the rejection here is restricted to authenticators from
-     the same principal to the same server. Other client principals
-     communicating with the same server principal should not be have their
-     authenticators rejected if the time and microsecond fields happen to
-     match some other client's authenticator.
-
-     [12] In the Kerberos version 4 protocol, the timestamp in the reply was
-     the client's timestamp plus one. This is not necessary in version 5
-     because version 5 messages are formatted in such a way that it is not
-     possible to create the reply by judicious message surgery (even in
-     encrypted form) without knowledge of the appropriate encryption keys.
-
-     [13] Note that for encrypting the KRB_AP_REP message, the sub-session
-     key is not used, even if present in the Authenticator.
-
-     [14] Implementations of the protocol may wish to provide routines to
-     choose subkeys based on session keys and random numbers and to generate
-     a negotiated key to be returned in the KRB_AP_REP message.
-
-     [15]This can be accomplished in several ways. It might be known
-     beforehand (since the realm is part of the principal identifier), it
-     might be stored in a nameserver, or it might be obtained from a
-     configura- tion file. If the realm to be used is obtained from a
-     nameserver, there is a danger of being spoofed if the nameservice
-     providing the realm name is not authenti- cated. This might result in
-     the use of a realm which has been compromised, and would result in an
-     attacker's ability to compromise the authentication of the application
-     server to the client.
-
-     [16] If the client selects a sub-session key, care must be taken to
-     ensure the randomness of the selected sub- session key. One approach
-     would be to generate a random number and XOR it with the session key
-     from the ticket-granting ticket.
-
-     [17] This allows easy implementation of user-to-user authentication
-     [8], which uses ticket-granting ticket session keys in lieu of secret
-     server keys in situa- tions where such secret keys could be easily
-     comprom- ised.
-
-     [18] For the purpose of appending, the realm preceding the first listed
-     realm is considered to be the null realm ("").
-
-     [19] For the purpose of interpreting null subfields, the client's realm
-     is considered to precede those in the transited field, and the server's
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     realm is considered to follow them.
-
-     [20] This means that a client and server running on the same host and
-     communicating with one another using the KRB_SAFE messages should not
-     share a common replay cache to detect KRB_SAFE replays.
-
-     [21] The implementation of the Kerberos server need not combine the
-     database and the server on the same machine; it is feasible to store
-     the principal database in, say, a network name service, as long as the
-     entries stored therein are protected from disclosure to and
-     modification by unauthorized parties. However, we recommend against
-     such strategies, as they can make system management and threat analysis
-     quite complex.
-
-     [22] See the discussion of the padata field in section 5.4.2 for
-     details on why this can be useful.
-
-     [23] Warning for implementations that unpack and repack data structures
-     during the generation and verification of embedded checksums: Because
-     any checksums applied to data structures must be checked against the
-     original data the length of bit strings must be preserved within a data
-     structure between the time that a checksum is generated through
-     transmission to the time that the checksum is verified.
-
-     [24] It is NOT recommended that this time value be used to adjust the
-     workstation's clock since the workstation cannot reliably determine
-     that such a KRB_AS_REP actually came from the proper KDC in a timely
-     manner.
-
-     [25] Note, however, that if the time is used as the nonce, one must
-     make sure that the workstation time is monotonically increasing. If the
-     time is ever reset backwards, there is a small, but finite, probability
-     that a nonce will be reused.
-
-     [27] An application code in the encrypted part of a message provides an
-     additional check that the message was decrypted properly.
-
-     [29] An application code in the encrypted part of a message provides an
-     additional check that the message was decrypted properly.
-
-     [31] An application code in the encrypted part of a message provides an
-     additional check that the message was decrypted properly.
-
-     [32] If supported by the encryption method in use, an initialization
-     vector may be passed to the encryption procedure, in order to achieve
-     proper cipher chaining. The initialization vector might come from the
-     last block of the ciphertext from the previous KRB_PRIV message, but it
-     is the application's choice whether or not to use such an
-     initialization vector. If left out, the default initialization vector
-     for the encryption algorithm will be used.
-
-     [33] This prevents an attacker who generates an incorrect AS request
-     from obtaining verifiable plaintext for use in an off-line password
-     guessing attack.
-
-     [35] In the above specification, UNTAGGED OCTET STRING(length) is the
-     notation for an octet string with its tag and length removed. It is not
-     a valid ASN.1 type. The tag bits and length must be removed from the
-     confounder since the purpose of the confounder is so that the message
-
-Neuman, Ts'o, Kohl                                Expires: 10 September, 2000
-
-
-
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-05          June 25, 1999
-
-     starts with random data, but the tag and its length are fixed. For
-     other fields, the length and tag would be redundant if they were
-     included because they are specified by the encryption type. [36] The
-     ordering of the fields in the CipherText is important. Additionally,
-     messages encoded in this format must include a length as part of the
-     msg-seq field. This allows the recipient to verify that the message has
-     not been truncated. Without a length, an attacker could use a chosen
-     plaintext attack to generate a message which could be truncated, while
-     leaving the checksum intact. Note that if the msg-seq is an encoding of
-     an ASN.1 SEQUENCE or OCTET STRING, then the length is part of that
-     encoding.
-
-     [37] In some cases, it may be necessary to use a different "mix-in"
-     string for compatibility reasons; see the discussion of padata in
-     section 5.4.2.
-
-     [38] In some cases, it may be necessary to use a different "mix-in"
-     string for compatibility reasons; see the discussion of padata in
-     section 5.4.2.
-
-     [39] A variant of the key is used to limit the use of a key to a
-     particular function, separating the functions of generating a checksum
-     from other encryption performed using the session key. The constant
-     F0F0F0F0F0F0F0F0 was chosen because it maintains key parity. The
-     properties of DES precluded the use of the complement. The same
-     constant is used for similar purpose in the Message Integrity Check in
-     the Privacy Enhanced Mail standard.
-
-     [40] This error carries additional information in the e- data field.
-     The contents of the e-data field for this message is described in
-     section 5.9.1.
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-06.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-06.txt
deleted file mode 100644
index ae79e8a7c4fb..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-revisions-06.txt
+++ /dev/null
@@ -1,7301 +0,0 @@
-INTERNET-DRAFT                                              Clifford Neuman
-                                                                  John Kohl
-                                                              Theodore Ts'o
-                                                              July 14, 2000
-                                                   Expires January 14, 2001
-
-The Kerberos Network Authentication Service (V5)
-
-
-draft-ietf-cat-kerberos-revisions-06.txt
-
-STATUS OF THIS MEMO
-
-This document is an Internet-Draft and is in full conformance with all
-provisions of Section 10 of RFC 2026. Internet-Drafts are working documents
-of the Internet Engineering Task Force (IETF), its areas, and its working
-groups. Note that other groups may also distribute working documents as
-Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six months and
-may be updated, replaced, or obsoleted by other documents at any time. It
-is inappropriate to use Internet-Drafts as reference material or to cite
-them other than as "work in progress."
-
-The list of current Internet-Drafts can be accessed at
-http://www.ietf.org/ietf/1id-abstracts.txt
-
-The list of Internet-Draft Shadow Directories can be accessed at
-http://www.ietf.org/shadow.html.
-
-To learn the current status of any Internet-Draft, please check the
-"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
-Directories on ftp.ietf.org (US East Coast), nic.nordu.net (Europe),
-ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
-
-The distribution of this memo is unlimited. It is filed as
-draft-ietf-cat-kerberos-revisions-06.txt, and expires January 14, 2001.
-Please send comments to: krb-protocol@MIT.EDU
-
-     This document is getting closer to a last call, but there are several
-     issues to be discussed. Some, but not all of these issues, are
-     highlighted in comments in the draft. We hope to resolve these issues
-     on the mailing list for the Kerberos working group, leading up to and
-     during the Pittsburgh IETF on a section by section basis, since this
-     is a long document, and it has been difficult to consider it as a
-     whole. Once sections are agreed to, it is out intent to issue the more
-     formal WG and IETF last calls.
-
-ABSTRACT
-
-This document provides an overview and specification of Version 5 of the
-Kerberos protocol, and updates RFC1510 to clarify aspects of the protocol
-and its intended use that require more detailed or clearer explanation than
-was provided in RFC1510. This document is intended to provide a detailed
-description of the protocol, suitable for implementation, together with
-descriptions of the appropriate use of protocol messages and fields within
-those messages.
-
-This document is not intended to describe Kerberos to the end user, system
-administrator, or application developer. Higher level papers describing
-Version 5 of the Kerberos system [NT94] and documenting version 4 [SNS88],
-are available elsewhere.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-OVERVIEW
-
-This INTERNET-DRAFT describes the concepts and model upon which the
-Kerberos network authentication system is based. It also specifies Version
-5 of the Kerberos protocol.
-
-The motivations, goals, assumptions, and rationale behind most design
-decisions are treated cursorily; they are more fully described in a paper
-available in IEEE communications [NT94] and earlier in the Kerberos portion
-of the Athena Technical Plan [MNSS87]. The protocols have been a proposed
-standard and are being considered for advancement for draft standard
-through the IETF standard process. Comments are encouraged on the
-presentation, but only minor refinements to the protocol as implemented or
-extensions that fit within current protocol framework will be considered at
-this time.
-
-Requests for addition to an electronic mailing list for discussion of
-Kerberos, kerberos@MIT.EDU, may be addressed to kerberos-request@MIT.EDU.
-This mailing list is gatewayed onto the Usenet as the group
-comp.protocols.kerberos. Requests for further information, including
-documents and code availability, may be sent to info-kerberos@MIT.EDU.
-
-BACKGROUND
-
-The Kerberos model is based in part on Needham and Schroeder's trusted
-third-party authentication protocol [NS78] and on modifications suggested
-by Denning and Sacco [DS81]. The original design and implementation of
-Kerberos Versions 1 through 4 was the work of two former Project Athena
-staff members, Steve Miller of Digital Equipment Corporation and Clifford
-Neuman (now at the Information Sciences Institute of the University of
-Southern California), along with Jerome Saltzer, Technical Director of
-Project Athena, and Jeffrey Schiller, MIT Campus Network Manager. Many
-other members of Project Athena have also contributed to the work on
-Kerberos.
-
-Version 5 of the Kerberos protocol (described in this document) has evolved
-from Version 4 based on new requirements and desires for features not
-available in Version 4. The design of Version 5 of the Kerberos protocol
-was led by Clifford Neuman and John Kohl with much input from the
-community. The development of the MIT reference implementation was led at
-MIT by John Kohl and Theodore T'so, with help and contributed code from
-many others. Since RFC1510 was issued, extensions and revisions to the
-protocol have been proposed by many individuals. Some of these proposals
-are reflected in this document. Where such changes involved significant
-effort, the document cites the contribution of the proposer.
-
-Reference implementations of both version 4 and version 5 of Kerberos are
-publicly available and commercial implementations have been developed and
-are widely used. Details on the differences between Kerberos Versions 4 and
-5 can be found in [KNT92].
-
-1. Introduction
-
-Kerberos provides a means of verifying the identities of principals, (e.g.
-a workstation user or a network server) on an open (unprotected) network.
-This is accomplished without relying on assertions by the host operating
-system, without basing trust on host addresses, without requiring physical
-security of all the hosts on the network, and under the assumption that
-packets traveling along the network can be read, modified, and inserted at
-will[1]. Kerberos performs authentication under these conditions as a
-trusted third-party authentication service by using conventional (shared
-secret key [2] cryptography. Kerberos extensions have been proposed and
-implemented that provide for the use of public key cryptography during
-certain phases of the authentication protocol. These extensions provide for
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-authentication of users registered with public key certification
-authorities, and allow the system to provide certain benefits of public key
-cryptography in situations where they are needed.
-
-The basic Kerberos authentication process proceeds as follows: A client
-sends a request to the authentication server (AS) requesting 'credentials'
-for a given server. The AS responds with these credentials, encrypted in
-the client's key. The credentials consist of 1) a 'ticket' for the server
-and 2) a temporary encryption key (often called a "session key"). The
-client transmits the ticket (which contains the client's identity and a
-copy of the session key, all encrypted in the server's key) to the server.
-The session key (now shared by the client and server) is used to
-authenticate the client, and may optionally be used to authenticate the
-server. It may also be used to encrypt further communication between the
-two parties or to exchange a separate sub-session key to be used to encrypt
-further communication.
-
-Implementation of the basic protocol consists of one or more authentication
-servers running on physically secure hosts. The authentication servers
-maintain a database of principals (i.e., users and servers) and their
-secret keys. Code libraries provide encryption and implement the Kerberos
-protocol. In order to add authentication to its transactions, a typical
-network application adds one or two calls to the Kerberos library directly
-or through the Generic Security Services Application Programming Interface,
-GSSAPI, described in separate document. These calls result in the
-transmission of the necessary messages to achieve authentication.
-
-The Kerberos protocol consists of several sub-protocols (or exchanges).
-There are two basic methods by which a client can ask a Kerberos server for
-credentials. In the first approach, the client sends a cleartext request
-for a ticket for the desired server to the AS. The reply is sent encrypted
-in the client's secret key. Usually this request is for a ticket-granting
-ticket (TGT) which can later be used with the ticket-granting server (TGS).
-In the second method, the client sends a request to the TGS. The client
-uses the TGT to authenticate itself to the TGS in the same manner as if it
-were contacting any other application server that requires Kerberos
-authentication. The reply is encrypted in the session key from the TGT.
-Though the protocol specification describes the AS and the TGS as separate
-servers, they are implemented in practice as different protocol entry
-points within a single Kerberos server.
-
-Once obtained, credentials may be used to verify the identity of the
-principals in a transaction, to ensure the integrity of messages exchanged
-between them, or to preserve privacy of the messages. The application is
-free to choose whatever protection may be necessary.
-
-To verify the identities of the principals in a transaction, the client
-transmits the ticket to the application server. Since the ticket is sent
-"in the clear" (parts of it are encrypted, but this encryption doesn't
-thwart replay) and might be intercepted and reused by an attacker,
-additional information is sent to prove that the message originated with
-the principal to whom the ticket was issued. This information (called the
-authenticator) is encrypted in the session key, and includes a timestamp.
-The timestamp proves that the message was recently generated and is not a
-replay. Encrypting the authenticator in the session key proves that it was
-generated by a party possessing the session key. Since no one except the
-requesting principal and the server know the session key (it is never sent
-over the network in the clear) this guarantees the identity of the client.
-
-The integrity of the messages exchanged between principals can also be
-guaranteed using the session key (passed in the ticket and contained in the
-credentials). This approach provides detection of both replay attacks and
-message stream modification attacks. It is accomplished by generating and
-transmitting a collision-proof checksum (elsewhere called a hash or digest
-function) of the client's message, keyed with the session key. Privacy and
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-integrity of the messages exchanged between principals can be secured by
-encrypting the data to be passed using the session key contained in the
-ticket or the subsession key found in the authenticator.
-
-The authentication exchanges mentioned above require read-only access to
-the Kerberos database. Sometimes, however, the entries in the database must
-be modified, such as when adding new principals or changing a principal's
-key. This is done using a protocol between a client and a third Kerberos
-server, the Kerberos Administration Server (KADM). There is also a protocol
-for maintaining multiple copies of the Kerberos database. Neither of these
-protocols are described in this document.
-
-1.1. Cross-Realm Operation
-
-The Kerberos protocol is designed to operate across organizational
-boundaries. A client in one organization can be authenticated to a server
-in another. Each organization wishing to run a Kerberos server establishes
-its own 'realm'. The name of the realm in which a client is registered is
-part of the client's name, and can be used by the end-service to decide
-whether to honor a request.
-
-By establishing 'inter-realm' keys, the administrators of two realms can
-allow a client authenticated in the local realm to prove its identity to
-servers in other realms[3]. The exchange of inter-realm keys (a separate
-key may be used for each direction) registers the ticket-granting service
-of each realm as a principal in the other realm. A client is then able to
-obtain a ticket-granting ticket for the remote realm's ticket-granting
-service from its local realm. When that ticket-granting ticket is used, the
-remote ticket-granting service uses the inter-realm key (which usually
-differs from its own normal TGS key) to decrypt the ticket-granting ticket,
-and is thus certain that it was issued by the client's own TGS. Tickets
-issued by the remote ticket-granting service will indicate to the
-end-service that the client was authenticated from another realm.
-
-A realm is said to communicate with another realm if the two realms share
-an inter-realm key, or if the local realm shares an inter-realm key with an
-intermediate realm that communicates with the remote realm. An
-authentication path is the sequence of intermediate realms that are
-transited in communicating from one realm to another.
-
-Realms are typically organized hierarchically. Each realm shares a key with
-its parent and a different key with each child. If an inter-realm key is
-not directly shared by two realms, the hierarchical organization allows an
-authentication path to be easily constructed. If a hierarchical
-organization is not used, it may be necessary to consult a database in
-order to construct an authentication path between realms.
-
-Although realms are typically hierarchical, intermediate realms may be
-bypassed to achieve cross-realm authentication through alternate
-authentication paths (these might be established to make communication
-between two realms more efficient). It is important for the end-service to
-know which realms were transited when deciding how much faith to place in
-the authentication process. To facilitate this decision, a field in each
-ticket contains the names of the realms that were involved in
-authenticating the client.
-
-The application server is ultimately responsible for accepting or rejecting
-authentication and should check the transited field. The application server
-may choose to rely on the KDC for the application server's realm to check
-the transited field. The application server's KDC will set the
-TRANSITED-POLICY-CHECKED flag in this case. The KDC's for intermediate
-realms may also check the transited field as they issue
-ticket-granting-tickets for other realms, but they are encouraged not to do
-so. A client may request that the KDC's not check the transited field by
-setting the DISABLE-TRANSITED-CHECK flag. KDC's are encouraged but not
-required to honor this flag.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     [JBrezak] Should there be a section here on how clients determine what
-     realm a service is in? Something like:
-
-     The client may not immediately know what realm a particular service
-     principal is in. There are 2 basic mechanisms that can be used to
-     determine the realm of a service. The first requires that the client
-     fully specify the service principal including the realm in the
-     Kerberos protocol request. If the Kerberos server for the specified
-     realm does not have a principal that exactly matches the service in
-     the request, the Kerberos server will return an error indicating that
-     the service principal was not found. Alternatively the client can make
-     a request providing just the service principal name and requesting
-     name canonicalization from the Kerberos server. The Kerberos server
-     will attempt to locate a service principal in its database that best
-     matches the request principal or provide a referral to another
-     Kerberos realm that may be contain the requested service principal.
-
-1.2. Authorization
-
-As an authentication service, Kerberos provides a means of verifying the
-identity of principals on a network. Authentication is usually useful
-primarily as a first step in the process of authorization, determining
-whether a client may use a service, which objects the client is allowed to
-access, and the type of access allowed for each. Kerberos does not, by
-itself, provide authorization. Possession of a client ticket for a service
-provides only for authentication of the client to that service, and in the
-absence of a separate authorization procedure, it should not be considered
-by an application as authorizing the use of that service.
-
-Such separate authorization methods may be implemented as application
-specific access control functions and may be based on files such as the
-application server, or on separately issued authorization credentials such
-as those based on proxies [Neu93], or on other authorization services.
-Separately authenticated authorization credentials may be embedded in a
-tickets authorization data when encapsulated by the kdc-issued
-authorization data element.
-
-Applications should not be modified to accept the mere issuance of a
-service ticket by the Kerberos server (even by a modified Kerberos server)
-as granting authority to use the service, since such applications may
-become vulnerable to the bypass of this authorization check in an
-environment if they interoperate with other KDCs or where other options for
-application authentication (e.g. the PKTAPP proposal) are provided.
-
-1.3. Environmental assumptions
-
-Kerberos imposes a few assumptions on the environment in which it can
-properly function:
-
-   * 'Denial of service' attacks are not solved with Kerberos. There are
-     places in these protocols where an intruder can prevent an application
-     from participating in the proper authentication steps. Detection and
-     solution of such attacks (some of which can appear to be nnot-uncommon
-     'normal' failure modes for the system) is usually best left to the
-     human administrators and users.
-   * Principals must keep their secret keys secret. If an intruder somehow
-     steals a principal's key, it will be able to masquerade as that
-     principal or impersonate any server to the legitimate principal.
-   * 'Password guessing' attacks are not solved by Kerberos. If a user
-     chooses a poor password, it is possible for an attacker to
-     successfully mount an offline dictionary attack by repeatedly
-     attempting to decrypt, with successive entries from a dictionary,
-     messages obtained which are encrypted under a key derived from the
-     user's password.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-   * Each host on the network must have a clock which is 'loosely
-     synchronized' to the time of the other hosts; this synchronization is
-     used to reduce the bookkeeping needs of application servers when they
-     do replay detection. The degree of "looseness" can be configured on a
-     per-server basis, but is typically on the order of 5 minutes. If the
-     clocks are synchronized over the network, the clock synchronization
-     protocol must itself be secured from network attackers.
-   * Principal identifiers are not recycled on a short-term basis. A
-     typical mode of access control will use access control lists (ACLs) to
-     grant permissions to particular principals. If a stale ACL entry
-     remains for a deleted principal and the principal identifier is
-     reused, the new principal will inherit rights specified in the stale
-     ACL entry. By not re-using principal identifiers, the danger of
-     inadvertent access is removed.
-
-1.4. Glossary of terms
-
-Below is a list of terms used throughout this document.
-
-Authentication
-     Verifying the claimed identity of a principal.
-Authentication header
-     A record containing a Ticket and an Authenticator to be presented to a
-     server as part of the authentication process.
-Authentication path
-     A sequence of intermediate realms transited in the authentication
-     process when communicating from one realm to another.
-Authenticator
-     A record containing information that can be shown to have been
-     recently generated using the session key known only by the client and
-     server.
-Authorization
-     The process of determining whether a client may use a service, which
-     objects the client is allowed to access, and the type of access
-     allowed for each.
-Capability
-     A token that grants the bearer permission to access an object or
-     service. In Kerberos, this might be a ticket whose use is restricted
-     by the contents of the authorization data field, but which lists no
-     network addresses, together with the session key necessary to use the
-     ticket.
-Ciphertext
-     The output of an encryption function. Encryption transforms plaintext
-     into ciphertext.
-Client
-     A process that makes use of a network service on behalf of a user.
-     Note that in some cases a Server may itself be a client of some other
-     server (e.g. a print server may be a client of a file server).
-Credentials
-     A ticket plus the secret session key necessary to successfully use
-     that ticket in an authentication exchange.
-KDC
-     Key Distribution Center, a network service that supplies tickets and
-     temporary session keys; or an instance of that service or the host on
-     which it runs. The KDC services both initial ticket and
-     ticket-granting ticket requests. The initial ticket portion is
-     sometimes referred to as the Authentication Server (or service). The
-     ticket-granting ticket portion is sometimes referred to as the
-     ticket-granting server (or service).
-Kerberos
-     Aside from the 3-headed dog guarding Hades, the name given to Project
-     Athena's authentication service, the protocol used by that service, or
-     the code used to implement the authentication service.
-Plaintext
-     The input to an encryption function or the output of a decryption
-     function. Decryption transforms ciphertext into plaintext.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-Principal
-     A uniquely named client or server instance that participates in a
-     network communication.
-Principal identifier
-     The name used to uniquely identify each different principal.
-Seal
-     To encipher a record containing several fields in such a way that the
-     fields cannot be individually replaced without either knowledge of the
-     encryption key or leaving evidence of tampering.
-Secret key
-     An encryption key shared by a principal and the KDC, distributed
-     outside the bounds of the system, with a long lifetime. In the case of
-     a human user's principal, the secret key is derived from a password.
-Server
-     A particular Principal which provides a resource to network clients.
-     The server is sometimes refered to as the Application Server.
-Service
-     A resource provided to network clients; often provided by more than
-     one server (for example, remote file service).
-Session key
-     A temporary encryption key used between two principals, with a
-     lifetime limited to the duration of a single login "session".
-Sub-session key
-     A temporary encryption key used between two principals, selected and
-     exchanged by the principals using the session key, and with a lifetime
-     limited to the duration of a single association.
-Ticket
-     A record that helps a client authenticate itself to a server; it
-     contains the client's identity, a session key, a timestamp, and other
-     information, all sealed using the server's secret key. It only serves
-     to authenticate a client when presented along with a fresh
-     Authenticator.
-
-2. Ticket flag uses and requests
-
-Each Kerberos ticket contains a set of flags which are used to indicate
-various attributes of that ticket. Most flags may be requested by a client
-when the ticket is obtained; some are automatically turned on and off by a
-Kerberos server as required. The following sections explain what the
-various flags mean, and gives examples of reasons to use such a flag.
-
-2.1. Initial and pre-authenticated tickets
-
-The INITIAL flag indicates that a ticket was issued using the AS protocol
-and not issued based on a ticket-granting ticket. Application servers that
-want to require the demonstrated knowledge of a client's secret key (e.g. a
-password-changing program) can insist that this flag be set in any tickets
-they accept, and thus be assured that the client's key was recently
-presented to the application client.
-
-The PRE-AUTHENT and HW-AUTHENT flags provide addition information about the
-initial authentication, regardless of whether the current ticket was issued
-directly (in which case INITIAL will also be set) or issued on the basis of
-a ticket-granting ticket (in which case the INITIAL flag is clear, but the
-PRE-AUTHENT and HW-AUTHENT flags are carried forward from the
-ticket-granting ticket).
-
-2.2. Invalid tickets
-
-The INVALID flag indicates that a ticket is invalid. Application servers
-must reject tickets which have this flag set. A postdated ticket will
-usually be issued in this form. Invalid tickets must be validated by the
-KDC before use, by presenting them to the KDC in a TGS request with the
-VALIDATE option specified. The KDC will only validate tickets after their
-starttime has passed. The validation is required so that postdated tickets
-which have been stolen before their starttime can be rendered permanently
-invalid (through a hot-list mechanism) (see section 3.3.3.1).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-2.3. Renewable tickets
-
-Applications may desire to hold tickets which can be valid for long periods
-of time. However, this can expose their credentials to potential theft for
-equally long periods, and those stolen credentials would be valid until the
-expiration time of the ticket(s). Simply using short-lived tickets and
-obtaining new ones periodically would require the client to have long-term
-access to its secret key, an even greater risk. Renewable tickets can be
-used to mitigate the consequences of theft. Renewable tickets have two
-"expiration times": the first is when the current instance of the ticket
-expires, and the second is the latest permissible value for an individual
-expiration time. An application client must periodically (i.e. before it
-expires) present a renewable ticket to the KDC, with the RENEW option set
-in the KDC request. The KDC will issue a new ticket with a new session key
-and a later expiration time. All other fields of the ticket are left
-unmodified by the renewal process. When the latest permissible expiration
-time arrives, the ticket expires permanently. At each renewal, the KDC may
-consult a hot-list to determine if the ticket had been reported stolen
-since its last renewal; it will refuse to renew such stolen tickets, and
-thus the usable lifetime of stolen tickets is reduced.
-
-The RENEWABLE flag in a ticket is normally only interpreted by the
-ticket-granting service (discussed below in section 3.3). It can usually be
-ignored by application servers. However, some particularly careful
-application servers may wish to disallow renewable tickets.
-
-If a renewable ticket is not renewed by its expiration time, the KDC will
-not renew the ticket. The RENEWABLE flag is reset by default, but a client
-may request it be set by setting the RENEWABLE option in the KRB_AS_REQ
-message. If it is set, then the renew-till field in the ticket contains the
-time after which the ticket may not be renewed.
-
-2.4. Postdated tickets
-
-Applications may occasionally need to obtain tickets for use much later,
-e.g. a batch submission system would need tickets to be valid at the time
-the batch job is serviced. However, it is dangerous to hold valid tickets
-in a batch queue, since they will be on-line longer and more prone to
-theft. Postdated tickets provide a way to obtain these tickets from the KDC
-at job submission time, but to leave them "dormant" until they are
-activated and validated by a further request of the KDC. If a ticket theft
-were reported in the interim, the KDC would refuse to validate the ticket,
-and the thief would be foiled.
-
-The MAY-POSTDATE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. This
-flag must be set in a ticket-granting ticket in order to issue a postdated
-ticket based on the presented ticket. It is reset by default; it may be
-requested by a client by setting the ALLOW-POSTDATE option in the
-KRB_AS_REQ message. This flag does not allow a client to obtain a postdated
-ticket-granting ticket; postdated ticket-granting tickets can only by
-obtained by requesting the postdating in the KRB_AS_REQ message. The life
-(endtime-starttime) of a postdated ticket will be the remaining life of the
-ticket-granting ticket at the time of the request, unless the RENEWABLE
-option is also set, in which case it can be the full life
-(endtime-starttime) of the ticket-granting ticket. The KDC may limit how
-far in the future a ticket may be postdated.
-
-The POSTDATED flag indicates that a ticket has been postdated. The
-application server can check the authtime field in the ticket to see when
-the original authentication occurred. Some services may choose to reject
-postdated tickets, or they may only accept them within a certain period
-after the original authentication. When the KDC issues a POSTDATED ticket,
-it will also be marked as INVALID, so that the application client must
-present the ticket to the KDC to be validated before use.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-2.5. Proxiable and proxy tickets
-
-At times it may be necessary for a principal to allow a service to perform
-an operation on its behalf. The service must be able to take on the
-identity of the client, but only for a particular purpose. A principal can
-allow a service to take on the principal's identity for a particular
-purpose by granting it a proxy.
-
-The process of granting a proxy using the proxy and proxiable flags is used
-to provide credentials for use with specific services. Though conceptually
-also a proxy, user's wishing to delegate their identity for ANY purpose
-must use the ticket forwarding mechanism described in the next section to
-forward a ticket granting ticket.
-
-The PROXIABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. When
-set, this flag tells the ticket-granting server that it is OK to issue a
-new ticket (but not a ticket-granting ticket) with a different network
-address based on this ticket. This flag is set if requested by the client
-on initial authentication. By default, the client will request that it be
-set when requesting a ticket granting ticket, and reset when requesting any
-other ticket.
-
-This flag allows a client to pass a proxy to a server to perform a remote
-request on its behalf, e.g. a print service client can give the print
-server a proxy to access the client's files on a particular file server in
-order to satisfy a print request.
-
-In order to complicate the use of stolen credentials, Kerberos tickets are
-usually valid from only those network addresses specifically included in
-the ticket[4]. When granting a proxy, the client must specify the new
-network address from which the proxy is to be used, or indicate that the
-proxy is to be issued for use from any address.
-
-The PROXY flag is set in a ticket by the TGS when it issues a proxy ticket.
-Application servers may check this flag and at their option they may
-require additional authentication from the agent presenting the proxy in
-order to provide an audit trail.
-
-2.6. Forwardable tickets
-
-Authentication forwarding is an instance of a proxy where the service is
-granted complete use of the client's identity. An example where it might be
-used is when a user logs in to a remote system and wants authentication to
-work from that system as if the login were local.
-
-The FORWARDABLE flag in a ticket is normally only interpreted by the
-ticket-granting service. It can be ignored by application servers. The
-FORWARDABLE flag has an interpretation similar to that of the PROXIABLE
-flag, except ticket-granting tickets may also be issued with different
-network addresses. This flag is reset by default, but users may request
-that it be set by setting the FORWARDABLE option in the AS request when
-they request their initial ticket- granting ticket.
-
-This flag allows for authentication forwarding without requiring the user
-to enter a password again. If the flag is not set, then authentication
-forwarding is not permitted, but the same result can still be achieved if
-the user engages in the AS exchange specifying the requested network
-addresses and supplies a password.
-
-The FORWARDED flag is set by the TGS when a client presents a ticket with
-the FORWARDABLE flag set and requests a forwarded ticket by specifying the
-FORWARDED KDC option and supplying a set of addresses for the new ticket.
-It is also set in all tickets issued based on tickets with the FORWARDED
-flag set. Application servers may choose to process FORWARDED tickets
-differently than non-FORWARDED tickets.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-2.7 Name canonicalization [JBrezak]
-
-If a client does not have the full name information for a principal, it can
-request that the Kerberos server attempt to lookup the name in its database
-and return a canonical form of the requested principal or a referral to a
-realm that has the requested principal in its namespace. Name
-canonicalization allows a principal to have alternate names. Name
-canonicalization must not be used to locate principal names supplied from
-wildcards and is not a mechanism to be used to search a Kerberos database.
-
-The CANONICALIZE flag in a ticket request is used to indicate to the
-Kerberos server that the client will accept an alternative name to the
-principal in the request or a referral to another realm. Both the AS and
-TGS must be able to interpret requests with this flag.
-
-By using this flag, the client can avoid extensive configuration needed to
-map specific host names to a particular realm.
-
-2.8. Other KDC options
-
-There are two additional options which may be set in a client's request of
-the KDC. The RENEWABLE-OK option indicates that the client will accept a
-renewable ticket if a ticket with the requested life cannot otherwise be
-provided. If a ticket with the requested life cannot be provided, then the
-KDC may issue a renewable ticket with a renew-till equal to the the
-requested endtime. The value of the renew-till field may still be adjusted
-by site-determined limits or limits imposed by the individual principal or
-server.
-
-The ENC-TKT-IN-SKEY option is honored only by the ticket-granting service.
-It indicates that the ticket to be issued for the end server is to be
-encrypted in the session key from the a additional second ticket-granting
-ticket provided with the request. See section 3.3.3 for specific details.
-
-3. Message Exchanges
-
-The following sections describe the interactions between network clients
-and servers and the messages involved in those exchanges.
-
-3.1. The Authentication Service Exchange
-
-                          Summary
-      Message direction       Message type    Section
-      1. Client to Kerberos   KRB_AS_REQ      5.4.1
-      2. Kerberos to client   KRB_AS_REP or   5.4.2
-                              KRB_ERROR       5.9.1
-
-The Authentication Service (AS) Exchange between the client and the
-Kerberos Authentication Server is initiated by a client when it wishes to
-obtain authentication credentials for a given server but currently holds no
-credentials. In its basic form, the client's secret key is used for
-encryption and decryption. This exchange is typically used at the
-initiation of a login session to obtain credentials for a Ticket-Granting
-Server which will subsequently be used to obtain credentials for other
-servers (see section 3.3) without requiring further use of the client's
-secret key. This exchange is also used to request credentials for services
-which must not be mediated through the Ticket-Granting Service, but rather
-require a principal's secret key, such as the password-changing service[5].
-This exchange does not by itself provide any assurance of the the identity
-of the user[6].
-
-The exchange consists of two messages: KRB_AS_REQ from the client to
-Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these
-messages are described in sections 5.4.1, 5.4.2, and 5.9.1.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-In the request, the client sends (in cleartext) its own identity and the
-identity of the server for which it is requesting credentials. The
-response, KRB_AS_REP, contains a ticket for the client to present to the
-server, and a session key that will be shared by the client and the server.
-The session key and additional information are encrypted in the client's
-secret key. The KRB_AS_REP message contains information which can be used
-to detect replays, and to associate it with the message to which it
-replies. Various errors can occur; these are indicated by an error response
-(KRB_ERROR) instead of the KRB_AS_REP response. The error message is not
-encrypted. The KRB_ERROR message contains information which can be used to
-associate it with the message to which it replies. The lack of encryption
-in the KRB_ERROR message precludes the ability to detect replays,
-fabrications, or modifications of such messages.
-
-Without preautentication, the authentication server does not know whether
-the client is actually the principal named in the request. It simply sends
-a reply without knowing or caring whether they are the same. This is
-acceptable because nobody but the principal whose identity was given in the
-request will be able to use the reply. Its critical information is
-encrypted in that principal's key. The initial request supports an optional
-field that can be used to pass additional information that might be needed
-for the initial exchange. This field may be used for preauthentication as
-described in section [hl<>].
-
-3.1.1. Generation of KRB_AS_REQ message
-
-The client may specify a number of options in the initial request. Among
-these options are whether pre-authentication is to be performed; whether
-the requested ticket is to be renewable, proxiable, or forwardable; whether
-it should be postdated or allow postdating of derivative tickets; whether
-the client requests name-canonicalization; and whether a renewable ticket
-will be accepted in lieu of a non-renewable ticket if the requested ticket
-expiration date cannot be satisfied by a non-renewable ticket (due to
-configuration constraints; see section 4). See section A.1 for pseudocode.
-
-The client prepares the KRB_AS_REQ message and sends it to the KDC.
-
-3.1.2. Receipt of KRB_AS_REQ message
-
-If all goes well, processing the KRB_AS_REQ message will result in the
-creation of a ticket for the client to present to the server. The format
-for the ticket is described in section 5.3.1. The contents of the ticket
-are determined as follows.
-
-3.1.3. Generation of KRB_AS_REP message
-
-The authentication server looks up the client and server principals named
-in the KRB_AS_REQ in its database, extracting their respective keys.  If
-the requested client principal named in the request is not found in its
-database, then an error message with a KDC_ERR_C_PRINCIPAL_UNKNOWN is
-returned. If the request had the CANONICALIZE option set, then the AS can
-attempt to lookup the client principal name in an alternate database, if it
-is found an error message with a KDC_ERR_WRONG_REALM error code and the
-cname and crealm in the error message must contain the true client
-principal name and realm.
-
-If required, the server pre-authenticates the request, and if the
-pre-authentication check fails, an error message with the code
-KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate the
-requested encryption type, an error message with code KDC_ERR_ETYPE_NOSUPP
-is returned. Otherwise it generates a 'random' session key[7].
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-If there are multiple encryption keys registered for a client in the
-Kerberos database (or if the key registered supports multiple encryption
-types; e.g. DES3-CBC-SHA1 and DES3-CBC-SHA1-KD), then the etype field from
-the AS request is used by the KDC to select the encryption method to be
-used for encrypting the response to the client. If there is more than one
-supported, strong encryption type in the etype list, the first valid etype
-for which an encryption key is available is used. The encryption method
-used to respond to a TGS request is taken from the keytype of the session
-key found in the ticket granting ticket.
-
-     JBrezak - the behavior of PW-SALT, and ETYPE-INFO should be explained
-     here; also about using keys that have different string-to-key
-     functions like AFSsalt
-
-When the etype field is present in a KDC request, whether an AS or TGS
-request, the KDC will attempt to assign the type of the random session key
-from the list of methods in the etype field. The KDC will select the
-appropriate type using the list of methods provided together with
-information from the Kerberos database indicating acceptable encryption
-methods for the application server. The KDC will not issue tickets with a
-weak session key encryption type.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified then the error KDC_ERR_CANNOT_POSTDATE is returned.
-Otherwise the requested start time is checked against the policy of the
-local realm (the administrator might decide to prohibit certain types or
-ranges of postdated tickets), and if acceptable, the ticket's start time is
-set as requested and the INVALID flag is set in the new ticket. The
-postdated ticket must be validated before use by presenting it to the KDC
-after the start time has been reached.
-
-The expiration time of the ticket will be set to the minimum of the
-following:
-
-   * The expiration time (endtime) requested in the KRB_AS_REQ message.
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the client principal (the authentication server's database
-     includes a maximum ticket lifetime field in each principal's record;
-     see section 4).
-   * The ticket's start time plus the maximum allowable lifetime associated
-     with the server principal.
-   * The ticket's start time plus the maximum lifetime set by the policy of
-     the local realm.
-
-If the requested expiration time minus the start time (as determined above)
-is less than a site-determined minimum lifetime, an error message with code
-KDC_ERR_NEVER_VALID is returned. If the requested expiration time for the
-ticket exceeds what was determined as above, and if the 'RENEWABLE-OK'
-option was requested, then the 'RENEWABLE' flag is set in the new ticket,
-and the renew-till value is set as if the 'RENEWABLE' option were requested
-(the field and option names are described fully in section 5.4.1).
-
-If the RENEWABLE option has been requested or if the RENEWABLE-OK option
-has been set and a renewable ticket is to be issued, then the renew-till
-field is set to the minimum of:
-
-   * Its requested value.
-   * The start time of the ticket plus the minimum of the two maximum
-     renewable lifetimes associated with the principals' database entries.
-   * The start time of the ticket plus the maximum renewable lifetime set
-     by the policy of the local realm.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-The flags field of the new ticket will have the following options set if
-they have been requested and if the policy of the local realm allows:
-FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE. If the new
-ticket is post-dated (the start time is in the future), its INVALID flag
-will also be set.
-
-If all of the above succeed, the server formats a KRB_AS_REP message (see
-section 5.4.2), copying the addresses in the request into the caddr of the
-response, placing any required pre-authentication data into the padata of
-the response, and encrypts the ciphertext part in the client's key using
-the requested encryption method, and sends it to the client. See section
-A.2 for pseudocode.
-
-3.1.4. Generation of KRB_ERROR message
-
-Several errors can occur, and the Authentication Server responds by
-returning an error message, KRB_ERROR, to the client, with the error-code
-and e-text fields set to appropriate values. The error message contents and
-details are described in Section 5.9.1.
-
-3.1.5. Receipt of KRB_AS_REP message
-
-If the reply message type is KRB_AS_REP, then the client verifies that the
-cname and crealm fields in the cleartext portion of the reply match what it
-requested. If any padata fields are present, they may be used to derive the
-proper secret key to decrypt the message. The client decrypts the encrypted
-part of the response using its secret key, verifies that the nonce in the
-encrypted part matches the nonce it supplied in its request (to detect
-replays). It also verifies that the sname and srealm in the response match
-those in the request (or are otherwise expected values), and that the host
-address field is also correct. It then stores the ticket, session key,
-start and expiration times, and other information for later use. The
-key-expiration field from the encrypted part of the response may be checked
-to notify the user of impending key expiration (the client program could
-then suggest remedial action, such as a password change). See section A.3
-for pseudocode.
-
-Proper decryption of the KRB_AS_REP message is not sufficient to verify the
-identity of the user; the user and an attacker could cooperate to generate
-a KRB_AS_REP format message which decrypts properly but is not from the
-proper KDC. If the host wishes to verify the identity of the user, it must
-require the user to present application credentials which can be verified
-using a securely-stored secret key for the host. If those credentials can
-be verified, then the identity of the user can be assured.
-
-3.1.6. Receipt of KRB_ERROR message
-
-If the reply message type is KRB_ERROR, then the client interprets it as an
-error and performs whatever application-specific tasks are necessary to
-recover. If the client set the CANONICALIZE option and a
-KDC_ERR_WRONG_REALM error was returned, the AS request should be retried to
-the realm and client principal name specified in the error message crealm
-and cname field respectively.
-
-3.2. The Client/Server Authentication Exchange
-
-                             Summary
-Message direction                         Message type    Section
-Client to Application server              KRB_AP_REQ      5.5.1
-[optional] Application server to client   KRB_AP_REP or   5.5.2
-                                          KRB_ERROR       5.9.1
-
-The client/server authentication (CS) exchange is used by network
-applications to authenticate the client to the server and vice versa. The
-client must have already acquired credentials for the server using the AS
-or TGS exchange.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-3.2.1. The KRB_AP_REQ message
-
-The KRB_AP_REQ contains authentication information which should be part of
-the first message in an authenticated transaction. It contains a ticket, an
-authenticator, and some additional bookkeeping information (see section
-5.5.1 for the exact format). The ticket by itself is insufficient to
-authenticate a client, since tickets are passed across the network in
-cleartext[DS90], so the authenticator is used to prevent invalid replay of
-tickets by proving to the server that the client knows the session key of
-the ticket and thus is entitled to use the ticket. The KRB_AP_REQ message
-is referred to elsewhere as the 'authentication header.'
-
-3.2.2. Generation of a KRB_AP_REQ message
-
-When a client wishes to initiate authentication to a server, it obtains
-(either through a credentials cache, the AS exchange, or the TGS exchange)
-a ticket and session key for the desired service. The client may re-use any
-tickets it holds until they expire. To use a ticket the client constructs a
-new Authenticator from the the system time, its name, and optionally an
-application specific checksum, an initial sequence number to be used in
-KRB_SAFE or KRB_PRIV messages, and/or a session subkey to be used in
-negotiations for a session key unique to this particular session.
-Authenticators may not be re-used and will be rejected if replayed to a
-server[LGDSR87]. If a sequence number is to be included, it should be
-randomly chosen so that even after many messages have been exchanged it is
-not likely to collide with other sequence numbers in use.
-
-The client may indicate a requirement of mutual authentication or the use
-of a session-key based ticket by setting the appropriate flag(s) in the
-ap-options field of the message.
-
-The Authenticator is encrypted in the session key and combined with the
-ticket to form the KRB_AP_REQ message which is then sent to the end server
-along with any additional application-specific information. See section A.9
-for pseudocode.
-
-3.2.3. Receipt of KRB_AP_REQ message
-
-Authentication is based on the server's current time of day (clocks must be
-loosely synchronized), the authenticator, and the ticket. Several errors
-are possible. If an error occurs, the server is expected to reply to the
-client with a KRB_ERROR message. This message may be encapsulated in the
-application protocol if its 'raw' form is not acceptable to the protocol.
-The format of error messages is described in section 5.9.1.
-
-The algorithm for verifying authentication information is as follows. If
-the message type is not KRB_AP_REQ, the server returns the
-KRB_AP_ERR_MSG_TYPE error. If the key version indicated by the Ticket in
-the KRB_AP_REQ is not one the server can use (e.g., it indicates an old
-key, and the server no longer possesses a copy of the old key), the
-KRB_AP_ERR_BADKEYVER error is returned. If the USE-SESSION-KEY flag is set
-in the ap-options field, it indicates to the server that the ticket is
-encrypted in the session key from the server's ticket-granting ticket
-rather than its secret key[10]. Since it is possible for the server to be
-registered in multiple realms, with different keys in each, the srealm
-field in the unencrypted portion of the ticket in the KRB_AP_REQ is used to
-specify which secret key the server should use to decrypt that ticket. The
-KRB_AP_ERR_NOKEY error code is returned if the server doesn't have the
-proper key to decipher the ticket.
-
-The ticket is decrypted using the version of the server's key specified by
-the ticket. If the decryption routines detect a modification of the ticket
-(each encryption system must provide safeguards to detect modified
-ciphertext; see section 6), the KRB_AP_ERR_BAD_INTEGRITY error is returned
-(chances are good that different keys were used to encrypt and decrypt).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-The authenticator is decrypted using the session key extracted from the
-decrypted ticket. If decryption shows it to have been modified, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned. The name and realm of the
-client from the ticket are compared against the same fields in the
-authenticator. If they don't match, the KRB_AP_ERR_BADMATCH error is
-returned (they might not match, for example, if the wrong session key was
-used to encrypt the authenticator). The addresses in the ticket (if any)
-are then searched for an address matching the operating-system reported
-address of the client. If no match is found or the server insists on ticket
-addresses but none are present in the ticket, the KRB_AP_ERR_BADADDR error
-is returned.
-
-If the local (server) time and the client time in the authenticator differ
-by more than the allowable clock skew (e.g., 5 minutes), the
-KRB_AP_ERR_SKEW error is returned. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen such tuples, the KRB_AP_ERR_REPEAT error is returned[11]. The
-server must remember any authenticator presented within the allowable clock
-skew, so that a replay attempt is guaranteed to fail. If a server loses
-track of any authenticator presented within the allowable clock skew, it
-must reject all requests until the clock skew interval has passed. This
-assures that any lost or re-played authenticators will fall outside the
-allowable clock skew and can no longer be successfully replayed (If this is
-not done, an attacker could conceivably record the ticket and authenticator
-sent over the network to a server, then disable the client's host, pose as
-the disabled host, and replay the ticket and authenticator to subvert the
-authentication.). If a sequence number is provided in the authenticator,
-the server saves it for later use in processing KRB_SAFE and/or KRB_PRIV
-messages. If a subkey is present, the server either saves it for later use
-or uses it to help generate its own choice for a subkey to be returned in a
-KRB_AP_REP message.
-
-The server computes the age of the ticket: local (server) time minus the
-start time inside the Ticket. If the start time is later than the current
-time by more than the allowable clock skew or if the INVALID flag is set in
-the ticket, the KRB_AP_ERR_TKT_NYV error is returned. Otherwise, if the
-current time is later than end time by more than the allowable clock skew,
-the KRB_AP_ERR_TKT_EXPIRED error is returned.
-
-If all these checks succeed without an error, the server is assured that
-the client possesses the credentials of the principal named in the ticket
-and thus, the client has been authenticated to the server. See section A.10
-for pseudocode.
-
-Passing these checks provides only authentication of the named principal;
-it does not imply authorization to use the named service. Applications must
-make a separate authorization decisions based upon the authenticated name
-of the user, the requested operation, local acces control information such
-as that contained in a .k5login or .k5users file, and possibly a separate
-distributed authorization service.
-
-3.2.4. Generation of a KRB_AP_REP message
-
-Typically, a client's request will include both the authentication
-information and its initial request in the same message, and the server
-need not explicitly reply to the KRB_AP_REQ. However, if mutual
-authentication (not only authenticating the client to the server, but also
-the server to the client) is being performed, the KRB_AP_REQ message will
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-have MUTUAL-REQUIRED set in its ap-options field, and a KRB_AP_REP message
-is required in response. As with the error message, this message may be
-encapsulated in the application protocol if its "raw" form is not
-acceptable to the application's protocol. The timestamp and microsecond
-field used in the reply must be the client's timestamp and microsecond
-field (as provided in the authenticator)[12]. If a sequence number is to be
-included, it should be randomly chosen as described above for the
-authenticator. A subkey may be included if the server desires to negotiate
-a different subkey. The KRB_AP_REP message is encrypted in the session key
-extracted from the ticket. See section A.11 for pseudocode.
-
-3.2.5. Receipt of KRB_AP_REP message
-
-If a KRB_AP_REP message is returned, the client uses the session key from
-the credentials obtained for the server[13] to decrypt the message, and
-verifies that the timestamp and microsecond fields match those in the
-Authenticator it sent to the server. If they match, then the client is
-assured that the server is genuine. The sequence number and subkey (if
-present) are retained for later use. See section A.12 for pseudocode.
-
-3.2.6. Using the encryption key
-
-After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and
-server share an encryption key which can be used by the application. The
-'true session key' to be used for KRB_PRIV, KRB_SAFE, or other
-application-specific uses may be chosen by the application based on the
-subkeys in the KRB_AP_REP message and the authenticator[14]. In some cases,
-the use of this session key will be implicit in the protocol; in others the
-method of use must be chosen from several alternatives. We leave the
-protocol negotiations of how to use the key (e.g. selecting an encryption
-or checksum type) to the application programmer; the Kerberos protocol does
-not constrain the implementation options, but an example of how this might
-be done follows.
-
-One way that an application may choose to negotiate a key to be used for
-subequent integrity and privacy protection is for the client to propose a
-key in the subkey field of the authenticator. The server can then choose a
-key using the proposed key from the client as input, returning the new
-subkey in the subkey field of the application reply. This key could then be
-used for subsequent communication. To make this example more concrete, if
-the encryption method in use required a 56 bit key, and for whatever
-reason, one of the parties was prevented from using a key with more than 40
-unknown bits, this method would allow the the party which is prevented from
-using more than 40 bits to either propose (if the client) an initial key
-with a known quantity for 16 of those bits, or to mask 16 of the bits (if
-the server) with the known quantity. The application implementor is warned,
-however, that this is only an example, and that an analysis of the
-particular crytosystem to be used, and the reasons for limiting the key
-length, must be made before deciding whether it is acceptable to mask bits
-of the key.
-
-With both the one-way and mutual authentication exchanges, the peers should
-take care not to send sensitive information to each other without proper
-assurances. In particular, applications that require privacy or integrity
-should use the KRB_AP_REP response from the server to client to assure both
-client and server of their peer's identity. If an application protocol
-requires privacy of its messages, it can use the KRB_PRIV message (section
-3.5). The KRB_SAFE message (section 3.4) can be used to assure integrity.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-3.3. The Ticket-Granting Service (TGS) Exchange
-
-                          Summary
-      Message direction       Message type     Section
-      1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-      2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                              KRB_ERROR        5.9.1
-
-The TGS exchange between a client and the Kerberos Ticket-Granting Server
-is initiated by a client when it wishes to obtain authentication
-credentials for a given server (which might be registered in a remote
-realm), when it wishes to renew or validate an existing ticket, or when it
-wishes to obtain a proxy ticket. In the first case, the client must already
-have acquired a ticket for the Ticket-Granting Service using the AS
-exchange (the ticket-granting ticket is usually obtained when a client
-initially authenticates to the system, such as when a user logs in). The
-message format for the TGS exchange is almost identical to that for the AS
-exchange. The primary difference is that encryption and decryption in the
-TGS exchange does not take place under the client's key. Instead, the
-session key from the ticket-granting ticket or renewable ticket, or
-sub-session key from an Authenticator is used. As is the case for all
-application servers, expired tickets are not accepted by the TGS, so once a
-renewable or ticket-granting ticket expires, the client must use a separate
-exchange to obtain valid tickets.
-
-The TGS exchange consists of two messages: A request (KRB_TGS_REQ) from the
-client to the Kerberos Ticket-Granting Server, and a reply (KRB_TGS_REP or
-KRB_ERROR). The KRB_TGS_REQ message includes information authenticating the
-client plus a request for credentials. The authentication information
-consists of the authentication header (KRB_AP_REQ) which includes the
-client's previously obtained ticket-granting, renewable, or invalid ticket.
-In the ticket-granting ticket and proxy cases, the request may include one
-or more of: a list of network addresses, a collection of typed
-authorization data to be sealed in the ticket for authorization use by the
-application server, or additional tickets (the use of which are described
-later). The TGS reply (KRB_TGS_REP) contains the requested credentials,
-encrypted in the session key from the ticket-granting ticket or renewable
-ticket, or if present, in the sub-session key from the Authenticator (part
-of the authentication header). The KRB_ERROR message contains an error code
-and text explaining what went wrong. The KRB_ERROR message is not
-encrypted. The KRB_TGS_REP message contains information which can be used
-to detect replays, and to associate it with the message to which it
-replies. The KRB_ERROR message also contains information which can be used
-to associate it with the message to which it replies, but the lack of
-encryption in the KRB_ERROR message precludes the ability to detect replays
-or fabrications of such messages.
-
-3.3.1. Generation of KRB_TGS_REQ message
-
-Before sending a request to the ticket-granting service, the client must
-determine in which realm the application server is registered[15], if it is
-known. If the client does know the service principal name and realm and it
-does not already possess a ticket-granting ticket for the appropriate
-realm, then one must be obtained. This is first attempted by requesting a
-ticket-granting ticket for the destination realm from a Kerberos server for
-which the client does posess a ticket-granting ticket (using the
-KRB_TGS_REQ message recursively). The Kerberos server may return a TGT for
-the desired realm in which case one can proceed.
-
-If the client does not know the realm of the service or the true service
-principal name, then the CANONICALIZE option must be used in the request.
-This will cause the TGS to locate the service principal based on the target
-service name in the ticket and return the service principal name in the
-response. Alternatively, the Kerberos server may return a TGT for a realm
-which is 'closer' to the desired realm (further along the standard
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-hierarchical path) or the realm that may contain the requested service
-principal name in a request with the CANONCALIZE option set [JBrezak], in
-which case this step must be repeated with a Kerberos server in the realm
-specified in the returned TGT. If neither are returned, then the request
-must be retried with a Kerberos server for a realm higher in the hierarchy.
-This request will itself require a ticket-granting ticket for the higher
-realm which must be obtained by recursively applying these directions.
-
-Once the client obtains a ticket-granting ticket for the appropriate realm,
-it determines which Kerberos servers serve that realm, and contacts one.
-The list might be obtained through a configuration file or network service
-or it may be generated from the name of the realm; as long as the secret
-keys exchanged by realms are kept secret, only denial of service results
-from using a false Kerberos server.
-
-As in the AS exchange, the client may specify a number of options in the
-KRB_TGS_REQ message. The client prepares the KRB_TGS_REQ message, providing
-an authentication header as an element of the padata field, and including
-the same fields as used in the KRB_AS_REQ message along with several
-optional fields: the enc-authorization-data field for application server
-use and additional tickets required by some options.
-
-In preparing the authentication header, the client can select a sub-session
-key under which the response from the Kerberos server will be
-encrypted[16]. If the sub-session key is not specified, the session key
-from the ticket-granting ticket will be used. If the enc-authorization-data
-is present, it must be encrypted in the sub-session key, if present, from
-the authenticator portion of the authentication header, or if not present,
-using the session key from the ticket-granting ticket.
-
-Once prepared, the message is sent to a Kerberos server for the destination
-realm. See section A.5 for pseudocode.
-
-3.3.2. Receipt of KRB_TGS_REQ message
-
-The KRB_TGS_REQ message is processed in a manner similar to the KRB_AS_REQ
-message, but there are many additional checks to be performed. First, the
-Kerberos server must determine which server the accompanying ticket is for
-and it must select the appropriate key to decrypt it. For a normal
-KRB_TGS_REQ message, it will be for the ticket granting service, and the
-TGS's key will be used. If the TGT was issued by another realm, then the
-appropriate inter-realm key must be used. If the accompanying ticket is not
-a ticket granting ticket for the current realm, but is for an application
-server in the current realm, the RENEW, VALIDATE, or PROXY options are
-specified in the request, and the server for which a ticket is requested is
-the server named in the accompanying ticket, then the KDC will decrypt the
-ticket in the authentication header using the key of the server for which
-it was issued. If no ticket can be found in the padata field, the
-KDC_ERR_PADATA_TYPE_NOSUPP error is returned.
-
-Once the accompanying ticket has been decrypted, the user-supplied checksum
-in the Authenticator must be verified against the contents of the request,
-and the message rejected if the checksums do not match (with an error code
-of KRB_AP_ERR_MODIFIED) or if the checksum is not keyed or not
-collision-proof (with an error code of KRB_AP_ERR_INAPP_CKSUM). If the
-checksum type is not supported, the KDC_ERR_SUMTYPE_NOSUPP error is
-returned. If the authorization-data are present, they are decrypted using
-the sub-session key from the Authenticator.
-
-If any of the decryptions indicate failed integrity checks, the
-KRB_AP_ERR_BAD_INTEGRITY error is returned. If the CANONICALIZE option is
-set in the KRB_TGS_REQ, then the requested service name may not be the true
-principal name or the service may not be in the TGS realm.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-3.3.3. Generation of KRB_TGS_REP message
-
-The KRB_TGS_REP message shares its format with the KRB_AS_REP
-(KRB_KDC_REP), but with its type field set to KRB_TGS_REP. The detailed
-specification is in section 5.4.2.
-
-The response will include a ticket for the requested server. The Kerberos
-database is queried to retrieve the record for the requested server
-(including the key with which the ticket will be encrypted). If the request
-is for a ticket granting ticket for a remote realm, and if no key is shared
-with the requested realm, then the Kerberos server will select the realm
-"closest" to the requested realm with which it does share a key, and use
-that realm instead. If the CANONICALIZE option is set, the TGS may return a
-ticket containing the server name of the true service principal. If the
-requested server cannot be found in the TGS database, then a TGT for
-another trusted realm may be returned instead of a ticket for the service.
-This TGT is a referral mechanism to cause the client to retry the request
-to the realm of the TGT. These are the only cases where the response for
-the KDC will be for a different server than that requested by the client.
-
-By default, the address field, the client's name and realm, the list of
-transited realms, the time of initial authentication, the expiration time,
-and the authorization data of the newly-issued ticket will be copied from
-the ticket-granting ticket (TGT) or renewable ticket. If the transited
-field needs to be updated, but the transited type is not supported, the
-KDC_ERR_TRTYPE_NOSUPP error is returned.
-
-If the request specifies an endtime, then the endtime of the new ticket is
-set to the minimum of (a) that request, (b) the endtime from the TGT, and
-(c) the starttime of the TGT plus the minimum of the maximum life for the
-application server and the maximum life for the local realm (the maximum
-life for the requesting principal was already applied when the TGT was
-issued). If the new ticket is to be a renewal, then the endtime above is
-replaced by the minimum of (a) the value of the renew_till field of the
-ticket and (b) the starttime for the new ticket plus the life
-(endtime-starttime) of the old ticket.
-
-If the FORWARDED option has been requested, then the resulting ticket will
-contain the addresses specified by the client. This option will only be
-honored if the FORWARDABLE flag is set in the TGT. The PROXY option is
-similar; the resulting ticket will contain the addresses specified by the
-client. It will be honored only if the PROXIABLE flag in the TGT is set.
-The PROXY option will not be honored on requests for additional
-ticket-granting tickets.
-
-If the requested start time is absent, indicates a time in the past, or is
-within the window of acceptable clock skew for the KDC and the POSTDATE
-option has not been specified, then the start time of the ticket is set to
-the authentication server's current time. If it indicates a time in the
-future beyond the acceptable clock skew, but the POSTDATED option has not
-been specified or the MAY-POSTDATE flag is not set in the TGT, then the
-error KDC_ERR_CANNOT_POSTDATE is returned. Otherwise, if the
-ticket-granting ticket has the MAY-POSTDATE flag set, then the resulting
-ticket will be postdated and the requested starttime is checked against the
-policy of the local realm. If acceptable, the ticket's start time is set as
-requested, and the INVALID flag is set. The postdated ticket must be
-validated before use by presenting it to the KDC after the starttime has
-been reached. However, in no case may the starttime, endtime, or renew-till
-time of a newly-issued postdated ticket extend beyond the renew-till time
-of the ticket-granting ticket.
-
-If the ENC-TKT-IN-SKEY option has been specified and an additional ticket
-has been included in the request, the KDC will decrypt the additional
-ticket using the key for the server to which the additional ticket was
-issued and verify that it is a ticket-granting ticket. If the name of the
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-requested server is missing from the request, the name of the client in the
-additional ticket will be used. Otherwise the name of the requested server
-will be compared to the name of the client in the additional ticket and if
-different, the request will be rejected. If the request succeeds, the
-session key from the additional ticket will be used to encrypt the new
-ticket that is issued instead of using the key of the server for which the
-new ticket will be used[17].
-
-If the name of the server in the ticket that is presented to the KDC as
-part of the authentication header is not that of the ticket-granting server
-itself, the server is registered in the realm of the KDC, and the RENEW
-option is requested, then the KDC will verify that the RENEWABLE flag is
-set in the ticket, that the INVALID flag is not set in the ticket, and that
-the renew_till time is still in the future. If the VALIDATE option is
-rqeuested, the KDC will check that the starttime has passed and the INVALID
-flag is set. If the PROXY option is requested, then the KDC will check that
-the PROXIABLE flag is set in the ticket. If the tests succeed, and the
-ticket passes the hotlist check described in the next paragraph, the KDC
-will issue the appropriate new ticket.
-
-3.3.3.1. Checking for revoked tickets
-
-Whenever a request is made to the ticket-granting server, the presented
-ticket(s) is(are) checked against a hot-list of tickets which have been
-canceled. This hot-list might be implemented by storing a range of issue
-timestamps for 'suspect tickets'; if a presented ticket had an authtime in
-that range, it would be rejected. In this way, a stolen ticket-granting
-ticket or renewable ticket cannot be used to gain additional tickets
-(renewals or otherwise) once the theft has been reported. Any normal ticket
-obtained before it was reported stolen will still be valid (because they
-require no interaction with the KDC), but only until their normal
-expiration time.
-
-The ciphertext part of the response in the KRB_TGS_REP message is encrypted
-in the sub-session key from the Authenticator, if present, or the session
-key key from the ticket-granting ticket. It is not encrypted using the
-client's secret key. Furthermore, the client's key's expiration date and
-the key version number fields are left out since these values are stored
-along with the client's database record, and that record is not needed to
-satisfy a request based on a ticket-granting ticket. See section A.6 for
-pseudocode.
-
-3.3.3.2. Encoding the transited field
-
-If the identity of the server in the TGT that is presented to the KDC as
-part of the authentication header is that of the ticket-granting service,
-but the TGT was issued from another realm, the KDC will look up the
-inter-realm key shared with that realm and use that key to decrypt the
-ticket. If the ticket is valid, then the KDC will honor the request,
-subject to the constraints outlined above in the section describing the AS
-exchange. The realm part of the client's identity will be taken from the
-ticket-granting ticket. The name of the realm that issued the
-ticket-granting ticket will be added to the transited field of the ticket
-to be issued. This is accomplished by reading the transited field from the
-ticket-granting ticket (which is treated as an unordered set of realm
-names), adding the new realm to the set, then constructing and writing out
-its encoded (shorthand) form (this may involve a rearrangement of the
-existing encoding).
-
-Note that the ticket-granting service does not add the name of its own
-realm. Instead, its responsibility is to add the name of the previous
-realm. This prevents a malicious Kerberos server from intentionally leaving
-out its own name (it could, however, omit other realms' names).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-The names of neither the local realm nor the principal's realm are to be
-included in the transited field. They appear elsewhere in the ticket and
-both are known to have taken part in authenticating the principal. Since
-the endpoints are not included, both local and single-hop inter-realm
-authentication result in a transited field that is empty.
-
-Because the name of each realm transited is added to this field, it might
-potentially be very long. To decrease the length of this field, its
-contents are encoded. The initially supported encoding is optimized for the
-normal case of inter-realm communication: a hierarchical arrangement of
-realms using either domain or X.500 style realm names. This encoding
-(called DOMAIN-X500-COMPRESS) is now described.
-
-Realm names in the transited field are separated by a ",". The ",", "\",
-trailing "."s, and leading spaces (" ") are special characters, and if they
-are part of a realm name, they must be quoted in the transited field by
-preced- ing them with a "\".
-
-A realm name ending with a "." is interpreted as being prepended to the
-previous realm. For example, we can encode traversal of EDU, MIT.EDU,
-ATHENA.MIT.EDU, WASHINGTON.EDU, and CS.WASHINGTON.EDU as:
-
-     "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were end-points, that
-they would not be included in this field, and we would have:
-
-     "EDU,MIT.,WASHINGTON.EDU"
-
-A realm name beginning with a "/" is interpreted as being appended to the
-previous realm[18]. If it is to stand by itself, then it should be preceded
-by a space (" "). For example, we can encode traversal of /COM/HP/APOLLO,
-/COM/HP, /COM, and /COM/DEC as:
-
-     "/COM,/HP,/APOLLO, /COM/DEC".
-
-Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints, they
-they would not be included in this field, and we would have:
-
-     "/COM,/HP"
-
-A null subfield preceding or following a "," indicates that all realms
-between the previous realm and the next realm have been traversed[19].
-Thus, "," means that all realms along the path between the client and the
-server have been traversed. ",EDU, /COM," means that that all realms from
-the client's realm up to EDU (in a domain style hierarchy) have been
-traversed, and that everything from /COM down to the server's realm in an
-X.500 style has also been traversed. This could occur if the EDU realm in
-one hierarchy shares an inter-realm key directly with the /COM realm in
-another hierarchy.
-
-3.3.4. Receipt of KRB_TGS_REP message
-
-When the KRB_TGS_REP is received by the client, it is processed in the same
-manner as the KRB_AS_REP processing described above. The primary difference
-is that the ciphertext part of the response must be decrypted using the
-session key from the ticket-granting ticket rather than the client's secret
-key. The server name returned in the reply is the true principal name of
-the service. See section A.7 for pseudocode.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-3.4. The KRB_SAFE Exchange
-
-The KRB_SAFE message may be used by clients requiring the ability to detect
-modifications of messages they exchange. It achieves this by including a
-keyed collision-proof checksum of the user data and some control
-information. The checksum is keyed with an encryption key (usually the last
-key negotiated via subkeys, or the session key if no negotiation has
-occured).
-
-3.4.1. Generation of a KRB_SAFE message
-
-When an application wishes to send a KRB_SAFE message, it collects its data
-and the appropriate control information and computes a checksum over them.
-The checksum algorithm should be a keyed one-way hash function (such as the
-RSA- MD5-DES checksum algorithm specified in section 6.4.5, or the DES
-MAC), generated using the sub-session key if present, or the session key.
-Different algorithms may be selected by changing the checksum type in the
-message. Unkeyed or non-collision-proof checksums are not suitable for this
-use.
-
-The control information for the KRB_SAFE message includes both a timestamp
-and a sequence number. The designer of an application using the KRB_SAFE
-message must choose at least one of the two mechanisms. This choice should
-be based on the needs of the application protocol.
-
-Sequence numbers are useful when all messages sent will be received by
-one's peer. Connection state is presently required to maintain the session
-key, so maintaining the next sequence number should not present an
-additional problem.
-
-If the application protocol is expected to tolerate lost messages without
-them being resent, the use of the timestamp is the appropriate replay
-detection mechanism. Using timestamps is also the appropriate mechanism for
-multi-cast protocols where all of one's peers share a common sub-session
-key, but some messages will be sent to a subset of one's peers.
-
-After computing the checksum, the client then transmits the information and
-checksum to the recipient in the message format specified in section 5.6.1.
-
-3.4.2. Receipt of KRB_SAFE message
-
-When an application receives a KRB_SAFE message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and
-type fields match the current version and KRB_SAFE, respectively. A
-mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error.
-The application verifies that the checksum used is a collision-proof keyed
-checksum, and if it is not, a KRB_AP_ERR_INAPP_CKSUM error is generated. If
-the sender's address was included in the control information, the recipient
-verifies that the operating system's report of the sender's address matches
-the sender's address in the message, and (if a recipient address is
-specified or the recipient requires an address) that one of the recipient's
-addresses appears as the recipient's address in the message. A failed match
-for either case generates a KRB_AP_ERR_BADADDR error. Then the timestamp
-and usec and/or the sequence number fields are checked. If timestamp and
-usec are expected and not present, or they are present but not current, the
-KRB_AP_ERR_SKEW error is generated. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen (sent or received[20] ) such tuples, the KRB_AP_ERR_REPEAT
-error is generated. If an incorrect sequence number is included, or a
-sequence number is expected but not present, the KRB_AP_ERR_BADORDER error
-is generated. If neither a time-stamp and usec or a sequence number is
-present, a KRB_AP_ERR_MODIFIED error is generated. Finally, the checksum is
-computed over the data and control information, and if it doesn't match the
-received checksum, a KRB_AP_ERR_MODIFIED error is generated.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-If all the checks succeed, the application is assured that the message was
-generated by its peer and was not modi- fied in transit.
-
-3.5. The KRB_PRIV Exchange
-
-The KRB_PRIV message may be used by clients requiring confidentiality and
-the ability to detect modifications of exchanged messages. It achieves this
-by encrypting the messages and adding control information.
-
-3.5.1. Generation of a KRB_PRIV message
-
-When an application wishes to send a KRB_PRIV message, it collects its data
-and the appropriate control information (specified in section 5.7.1) and
-encrypts them under an encryption key (usually the last key negotiated via
-subkeys, or the session key if no negotiation has occured). As part of the
-control information, the client must choose to use either a timestamp or a
-sequence number (or both); see the discussion in section 3.4.1 for
-guidelines on which to use. After the user data and control information are
-encrypted, the client transmits the ciphertext and some 'envelope'
-information to the recipient.
-
-3.5.2. Receipt of KRB_PRIV message
-
-When an application receives a KRB_PRIV message, it verifies it as follows.
-If any error occurs, an error code is reported for use by the application.
-
-The message is first checked by verifying that the protocol version and
-type fields match the current version and KRB_PRIV, respectively. A
-mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error.
-The application then decrypts the ciphertext and processes the resultant
-plaintext. If decryption shows the data to have been modified, a
-KRB_AP_ERR_BAD_INTEGRITY error is generated. If the sender's address was
-included in the control information, the recipient verifies that the
-operating system's report of the sender's address matches the sender's
-address in the message, and (if a recipient address is specified or the
-recipient requires an address) that one of the recipient's addresses
-appears as the recipient's address in the message. A failed match for
-either case generates a KRB_AP_ERR_BADADDR error. Then the timestamp and
-usec and/or the sequence number fields are checked. If timestamp and usec
-are expected and not present, or they are present but not current, the
-KRB_AP_ERR_SKEW error is generated. If the server name, along with the
-client name, time and microsecond fields from the Authenticator match any
-recently-seen such tuples, the KRB_AP_ERR_REPEAT error is generated. If an
-incorrect sequence number is included, or a sequence number is expected but
-not present, the KRB_AP_ERR_BADORDER error is generated. If neither a
-time-stamp and usec or a sequence number is present, a KRB_AP_ERR_MODIFIED
-error is generated.
-
-If all the checks succeed, the application can assume the message was
-generated by its peer, and was securely transmitted (without intruders able
-to see the unencrypted contents).
-
-3.6. The KRB_CRED Exchange
-
-The KRB_CRED message may be used by clients requiring the ability to send
-Kerberos credentials from one host to another. It achieves this by sending
-the tickets together with encrypted data containing the session keys and
-other information associated with the tickets.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-3.6.1. Generation of a KRB_CRED message
-
-When an application wishes to send a KRB_CRED message it first (using the
-KRB_TGS exchange) obtains credentials to be sent to the remote host. It
-then constructs a KRB_CRED message using the ticket or tickets so obtained,
-placing the session key needed to use each ticket in the key field of the
-corresponding KrbCredInfo sequence of the encrypted part of the the
-KRB_CRED message.
-
-Other information associated with each ticket and obtained during the
-KRB_TGS exchange is also placed in the corresponding KrbCredInfo sequence
-in the encrypted part of the KRB_CRED message. The current time and, if
-specifically required by the application the nonce, s-address, and
-r-address fields, are placed in the encrypted part of the KRB_CRED message
-which is then encrypted under an encryption key previosuly exchanged in the
-KRB_AP exchange (usually the last key negotiated via subkeys, or the
-session key if no negotiation has occured).
-
-3.6.2. Receipt of KRB_CRED message
-
-When an application receives a KRB_CRED message, it verifies it. If any
-error occurs, an error code is reported for use by the application. The
-message is verified by checking that the protocol version and type fields
-match the current version and KRB_CRED, respectively. A mismatch generates
-a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE error. The application then
-decrypts the ciphertext and processes the resultant plaintext. If
-decryption shows the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY
-error is generated.
-
-If present or required, the recipient verifies that the operating system's
-report of the sender's address matches the sender's address in the message,
-and that one of the recipient's addresses appears as the recipient's
-address in the message. A failed match for either case generates a
-KRB_AP_ERR_BADADDR error. The timestamp and usec fields (and the nonce
-field if required) are checked next. If the timestamp and usec are not
-present, or they are present but not current, the KRB_AP_ERR_SKEW error is
-generated.
-
-If all the checks succeed, the application stores each of the new tickets
-in its ticket cache together with the session key and other information in
-the corresponding KrbCredInfo sequence from the encrypted part of the
-KRB_CRED message.
-
-4. The Kerberos Database
-
-The Kerberos server must have access to a database containing the principal
-identifiers and secret keys of principals to be authenticated[21].
-
-4.1. Database contents
-
-A database entry should contain at least the following fields:
-
-Field                Value
-
-name                 Principal's identifier
-key                  Principal's secret key
-p_kvno               Principal's key version
-max_life             Maximum lifetime for Tickets
-max_renewable_life   Maximum total lifetime for renewable Tickets
-
-The name field is an encoding of the principal's identifier. The key field
-contains an encryption key. This key is the principal's secret key. (The
-key can be encrypted before storage under a Kerberos "master key" to
-protect it in case the database is compromised but the master key is not.
-In that case, an extra field must be added to indicate the master key
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-version used, see below.) The p_kvno field is the key version number of the
-principal's secret key. The max_life field contains the maximum allowable
-lifetime (endtime - starttime) for any Ticket issued for this principal.
-The max_renewable_life field contains the maximum allowable total lifetime
-for any renewable Ticket issued for this principal. (See section 3.1 for a
-description of how these lifetimes are used in determining the lifetime of
-a given Ticket.)
-
-A server may provide KDC service to several realms, as long as the database
-representation provides a mechanism to distinguish between principal
-records with identifiers which differ only in the realm name.
-
-When an application server's key changes, if the change is routine (i.e.
-not the result of disclosure of the old key), the old key should be
-retained by the server until all tickets that had been issued using that
-key have expired. Because of this, it is possible for several keys to be
-active for a single principal. Ciphertext encrypted in a principal's key is
-always tagged with the version of the key that was used for encryption, to
-help the recipient find the proper key for decryption.
-
-When more than one key is active for a particular principal, the principal
-will have more than one record in the Kerberos database. The keys and key
-version numbers will differ between the records (the rest of the fields may
-or may not be the same). Whenever Kerberos issues a ticket, or responds to
-a request for initial authentication, the most recent key (known by the
-Kerberos server) will be used for encryption. This is the key with the
-highest key version number.
-
-4.2. Additional fields
-
-Project Athena's KDC implementation uses additional fields in its database:
-
-Field        Value
-
-K_kvno       Kerberos' key version
-expiration   Expiration date for entry
-attributes   Bit field of attributes
-mod_date     Timestamp of last modification
-mod_name     Modifying principal's identifier
-
-The K_kvno field indicates the key version of the Kerberos master key under
-which the principal's secret key is encrypted.
-
-After an entry's expiration date has passed, the KDC will return an error
-to any client attempting to gain tickets as or for the principal. (A
-database may want to maintain two expiration dates: one for the principal,
-and one for the principal's current key. This allows password aging to work
-independently of the principal's expiration date. However, due to the
-limited space in the responses, the KDC must combine the key expiration and
-principal expiration date into a single value called 'key_exp', which is
-used as a hint to the user to take administrative action.)
-
-The attributes field is a bitfield used to govern the operations involving
-the principal. This field might be useful in conjunction with user
-registration procedures, for site-specific policy implementations (Project
-Athena currently uses it for their user registration process controlled by
-the system-wide database service, Moira [LGDSR87]), to identify whether a
-principal can play the role of a client or server or both, to note whether
-a server is appropriate trusted to recieve credentials delegated by a
-client, or to identify the 'string to key' conversion algorithm used for a
-principal's key[22]. Other bits are used to indicate that certain ticket
-options should not be allowed in tickets encrypted under a principal's key
-(one bit each): Disallow issuing postdated tickets, disallow issuing
-forwardable tickets, disallow issuing tickets based on TGT authentication,
-disallow issuing renewable tickets, disallow issuing proxiable tickets, and
-disallow issuing tickets for which the principal is the server.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-The mod_date field contains the time of last modification of the entry, and
-the mod_name field contains the name of the principal which last modified
-the entry.
-
-4.3. Frequently Changing Fields
-
-Some KDC implementations may wish to maintain the last time that a request
-was made by a particular principal. Information that might be maintained
-includes the time of the last request, the time of the last request for a
-ticket-granting ticket, the time of the last use of a ticket-granting
-ticket, or other times. This information can then be returned to the user
-in the last-req field (see section 5.2).
-
-Other frequently changing information that can be maintained is the latest
-expiration time for any tickets that have been issued using each key. This
-field would be used to indicate how long old keys must remain valid to
-allow the continued use of outstanding tickets.
-
-4.4. Site Constants
-
-The KDC implementation should have the following configurable constants or
-options, to allow an administrator to make and enforce policy decisions:
-
-   * The minimum supported lifetime (used to determine whether the
-     KDC_ERR_NEVER_VALID error should be returned). This constant should
-     reflect reasonable expectations of round-trip time to the KDC,
-     encryption/decryption time, and processing time by the client and
-     target server, and it should allow for a minimum 'useful' lifetime.
-   * The maximum allowable total (renewable) lifetime of a ticket
-     (renew_till - starttime).
-   * The maximum allowable lifetime of a ticket (endtime - starttime).
-   * Whether to allow the issue of tickets with empty address fields
-     (including the ability to specify that such tickets may only be issued
-     if the request specifies some authorization_data).
-   * Whether proxiable, forwardable, renewable or post-datable tickets are
-     to be issued.
-
-5. Message Specifications
-
-The following sections describe the exact contents and encoding of protocol
-messages and objects. The ASN.1 base definitions are presented in the first
-subsection. The remaining subsections specify the protocol objects (tickets
-and authenticators) and messages. Specification of encryption and checksum
-techniques, and the fields related to them, appear in section 6.
-
-Optional field in ASN.1 sequences
-
-For optional integer value and date fields in ASN.1 sequences where a
-default value has been specified, certain default values will not be
-allowed in the encoding because these values will always be represented
-through defaulting by the absence of the optional field. For example, one
-will not send a microsecond zero value because one must make sure that
-there is only one way to encode this value.
-
-Additional fields in ASN.1 sequences
-
-Implementations receiving Kerberos messages with additional fields present
-in ASN.1 sequences should carry the those fields through, unmodified, when
-the message is forwarded. Implementations should not drop such fields if
-the sequence is reencoded.
-
-5.1. ASN.1 Distinguished Encoding Representation
-
-All uses of ASN.1 in Kerberos shall use the Distinguished Encoding
-Representation of the data elements as described in the X.509
-specification, section 8.7 [X509-88].
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.2. ASN.1 Base Definitions
-
-The following ASN.1 base definitions are used in the rest of this section.
-Note that since the underscore character (_) is not permitted in ASN.1
-names, the hyphen (-) is used in its place for the purposes of ASN.1 names.
-
-Realm ::=           GeneralString
-PrincipalName ::=   SEQUENCE {
-                    name-type[0]     INTEGER,
-                    name-string[1]   SEQUENCE OF GeneralString
-}
-
-Kerberos realms are encoded as GeneralStrings. Realms shall not contain a
-character with the code 0 (the ASCII NUL). Most realms will usually consist
-of several components separated by periods (.), in the style of Internet
-Domain Names, or separated by slashes (/) in the style of X.500 names.
-Acceptable forms for realm names are specified in section 7. A
-PrincipalName is a typed sequence of components consisting of the following
-sub-fields:
-
-name-type
-     This field specifies the type of name that follows. Pre-defined values
-     for this field are specified in section 7.2. The name-type should be
-     treated as a hint. Ignoring the name type, no two names can be the
-     same (i.e. at least one of the components, or the realm, must be
-     different). This constraint may be eliminated in the future.
-name-string
-     This field encodes a sequence of components that form a name, each
-     component encoded as a GeneralString. Taken together, a PrincipalName
-     and a Realm form a principal identifier. Most PrincipalNames will have
-     only a few components (typically one or two).
-
-KerberosTime ::=   GeneralizedTime
-                   -- Specifying UTC time zone (Z)
-
-The timestamps used in Kerberos are encoded as GeneralizedTimes. An
-encoding shall specify the UTC time zone (Z) and shall not include any
-fractional portions of the seconds. It further shall not include any
-separators. Example: The only valid format for UTC time 6 minutes, 27
-seconds after 9 pm on 6 November 1985 is 19851106210627Z.
-
-HostAddress ::=     SEQUENCE  {
-                    addr-type[0]             INTEGER,
-                    address[1]               OCTET STRING
-}
-
-HostAddresses ::=   SEQUENCE OF HostAddress
-
-The host adddress encodings consists of two fields:
-
-addr-type
-     This field specifies the type of address that follows. Pre-defined
-     values for this field are specified in section 8.1.
-address
-     This field encodes a single address of type addr-type.
-
-The two forms differ slightly. HostAddress contains exactly one address;
-HostAddresses contains a sequence of possibly many addresses.
-
-AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                        ad-type[0]               INTEGER,
-                        ad-data[1]               OCTET STRING
-}
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-ad-data
-     This field contains authorization data to be interpreted according to
-     the value of the corresponding ad-type field.
-ad-type
-     This field specifies the format for the ad-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved
-     for registered use.
-
-Each sequence of type and data is refered to as an authorization element.
-Elements may be application specific, however, there is a common set of
-recursive elements that should be understood by all implementations. These
-elements contain other elements embedded within them, and the
-interpretation of the encapsulating element determines which of the
-embedded elements must be interpreted, and which may be ignored.
-Definitions for these common elements may be found in Appendix B.
-
-TicketExtensions ::= SEQUENCE OF SEQUENCE {
-           te-type[0]       INTEGER,
-           te-data[1]       OCTET STRING
-}
-
-
-
-te-data
-     This field contains opaque data that must be caried with the ticket to
-     support extensions to the Kerberos protocol including but not limited
-     to some forms of inter-realm key exchange and plaintext authorization
-     data. See appendix C for some common uses of this field.
-te-type
-     This field specifies the format for the te-data subfield. All negative
-     values are reserved for local use. Non-negative values are reserved
-     for registered use.
-
-APOptions ::=   BIT STRING
-                  -- reserved(0),
-                  -- use-session-key(1),
-                  -- mutual-required(2)
-
-TicketFlags ::= BIT STRING
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- may-postdate(5),
-                  -- postdated(6),
-                  -- invalid(7),
-                  -- renewable(8),
-                  -- initial(9),
-                  -- pre-authent(10),
-                  -- hw-authent(11),
-                  -- transited-policy-checked(12),
-                  -- ok-as-delegate(13)
-
-KDCOptions ::=   BIT STRING io
-                  -- reserved(0),
-                  -- forwardable(1),
-                  -- forwarded(2),
-                  -- proxiable(3),
-                  -- proxy(4),
-                  -- allow-postdate(5),
-                  -- postdated(6),
-                  -- unused7(7),
-                  -- renewable(8),
-                  -- unused9(9),
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                  -- unused10(10),
-                  -- unused11(11),
-                  -- unused12(12),
-                  -- unused13(13),
-                  -- requestanonymous(14),
-                  -- canonicalize(15),
-                  -- disable-transited-check(26),
-                  -- renewable-ok(27),
-                  -- enc-tkt-in-skey(28),
-                  -- renew(30),
-                  -- validate(31)
-
-ASN.1 Bit strings have a length and a value. When used in Kerberos for the
-APOptions, TicketFlags, and KDCOptions, the length of the bit string on
-generated values should be the smallest number of bits needed to include
-the highest order bit that is set (1), but in no case less than 32 bits.
-The ASN.1 representation of the bit strings uses unnamed bits, with the
-meaning of the individual bits defined by the comments in the specification
-above. Implementations should accept values of bit strings of any length
-and treat the value of flags corresponding to bits beyond the end of the
-bit string as if the bit were reset (0). Comparison of bit strings of
-different length should treat the smaller string as if it were padded with
-zeros beyond the high order bits to the length of the longer string[23].
-
-LastReq ::=   SEQUENCE OF SEQUENCE {
-               lr-type[0]               INTEGER,
-               lr-value[1]              KerberosTime
-}
-
-lr-type
-     This field indicates how the following lr-value field is to be
-     interpreted. Negative values indicate that the information pertains
-     only to the responding server. Non-negative values pertain to all
-     servers for the realm. If the lr-type field is zero (0), then no
-     information is conveyed by the lr-value subfield. If the absolute
-     value of the lr-type field is one (1), then the lr-value subfield is
-     the time of last initial request for a TGT. If it is two (2), then the
-     lr-value subfield is the time of last initial request. If it is three
-     (3), then the lr-value subfield is the time of issue for the newest
-     ticket-granting ticket used. If it is four (4), then the lr-value
-     subfield is the time of the last renewal. If it is five (5), then the
-     lr-value subfield is the time of last request (of any type). If it is
-     (6), then the lr-value subfield is the time when the password will
-     expire.
-lr-value
-     This field contains the time of the last request. the time must be
-     interpreted according to the contents of the accompanying lr-type
-     subfield.
-
-See section 6 for the definitions of Checksum, ChecksumType, EncryptedData,
-EncryptionKey, EncryptionType, and KeyType.
-
-5.3. Tickets and Authenticators
-
-This section describes the format and encryption parameters for tickets and
-authenticators. When a ticket or authenticator is included in a protocol
-message it is treated as an opaque object.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.3.1. Tickets
-
-A ticket is a record that helps a client authenticate to a service. A
-Ticket contains the following information:
-
-Ticket ::=        [APPLICATION 1] SEQUENCE {
-                  tkt-vno[0]                   INTEGER,
-                  realm[1]                     Realm,
-                  sname[2]                     PrincipalName,
-                  enc-part[3]                  EncryptedData,
-                  extensions[4]                TicketExtensions OPTIONAL
-}
-
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-                  flags[0]                     TicketFlags,
-                  key[1]                       EncryptionKey,
-                  crealm[2]                    Realm,
-                  cname[3]                     PrincipalName,
-                  transited[4]                 TransitedEncoding,
-                  authtime[5]                  KerberosTime,
-                  starttime[6]                 KerberosTime OPTIONAL,
-                  endtime[7]                   KerberosTime,
-                  renew-till[8]                KerberosTime OPTIONAL,
-                  caddr[9]                     HostAddresses OPTIONAL,
-                  authorization-data[10]       AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=   SEQUENCE {
-                        tr-type[0]             INTEGER, -- must be
-registered
-                        contents[1]            OCTET STRING
-}
-
-The encoding of EncTicketPart is encrypted in the key shared by Kerberos
-and the end server (the server's secret key). See section 6 for the format
-of the ciphertext.
-
-tkt-vno
-     This field specifies the version number for the ticket format. This
-     document describes version number 5.
-realm
-     This field specifies the realm that issued a ticket. It also serves to
-     identify the realm part of the server's principal identifier. Since a
-     Kerberos server can only issue tickets for servers within its realm,
-     the two will always be identical.
-sname
-     This field specifies all components of the name part of the server's
-     identity, including those parts that identify a specific instance of a
-     service.
-enc-part
-     This field holds the encrypted encoding of the EncTicketPart sequence.
-extensions
-     This optional field contains a sequence of extentions that may be used
-     to carry information that must be carried with the ticket to support
-     several extensions, including but not limited to plaintext
-     authorization data, tokens for exchanging inter-realm keys, and other
-     information that must be associated with a ticket for use by the
-     application server. See Appendix C for definitions of some common
-     extensions.
-
-     Note that some older versions of Kerberos did not support this field.
-     Because this is an optional field it will not break older clients, but
-     older clients might strip this field from the ticket before sending it
-     to the application server. This limits the usefulness of this ticket
-     field to environments where the ticket will not be parsed and
-     reconstructed by these older Kerberos clients.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     If it is known that the client will strip this field from the ticket,
-     as an interim measure the KDC may append this field to the end of the
-     enc-part of the ticket and append a traler indicating the lenght of
-     the appended extensions field. (this paragraph is open for discussion,
-     including the form of the traler).
-flags
-     This field indicates which of various options were used or requested
-     when the ticket was issued. It is a bit-field, where the selected
-     options are indicated by the bit being set (1), and the unselected
-     options and reserved fields being reset (0). Bit 0 is the most
-     significant bit. The encoding of the bits is specified in section 5.2.
-     The flags are described in more detail above in section 2. The
-     meanings of the flags are:
-
-          Bit(s)      Name         Description
-
-          0           RESERVED
-                                   Reserved for future  expansion  of  this
-                                   field.
-
-          1           FORWARDABLE
-                                   The FORWARDABLE flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  When set,  this
-                                   flag  tells  the  ticket-granting server
-                                   that it is OK to  issue  a  new  ticket-
-                                   granting ticket with a different network
-                                   address based on the presented ticket.
-
-          2           FORWARDED
-                                   When set, this flag indicates  that  the
-                                   ticket  has either been forwarded or was
-                                   issued based on authentication involving
-                                   a forwarded ticket-granting ticket.
-
-          3           PROXIABLE
-                                   The  PROXIABLE  flag  is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.   The  PROXIABLE
-                                   flag  has an interpretation identical to
-                                   that of  the  FORWARDABLE  flag,  except
-                                   that   the   PROXIABLE  flag  tells  the
-                                   ticket-granting server  that  only  non-
-                                   ticket-granting  tickets  may  be issued
-                                   with different network addresses.
-
-          4           PROXY
-                                   When set, this  flag  indicates  that  a
-                                   ticket is a proxy.
-
-          5           MAY-POSTDATE
-                                   The MAY-POSTDATE flag is  normally  only
-                                   interpreted  by  the  TGS,  and  can  be
-                                   ignored by end servers.  This flag tells
-                                   the  ticket-granting server that a post-
-                                   dated ticket may be issued based on this
-                                   ticket-granting ticket.
-
-          6           POSTDATED
-                                   This flag indicates that this ticket has
-                                   been  postdated.   The  end-service  can
-                                   check the authtime field to see when the
-                                   original authentication occurred.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-          7           INVALID
-                                   This flag indicates  that  a  ticket  is
-                                   invalid, and it must be validated by the
-                                   KDC  before  use.   Application  servers
-                                   must reject tickets which have this flag
-                                   set.
-
-          8           RENEWABLE
-                                   The  RENEWABLE  flag  is  normally  only
-                                   interpreted  by the TGS, and can usually
-                                   be ignored by end servers (some particu-
-                                   larly careful servers may wish to disal-
-                                   low  renewable  tickets).   A  renewable
-                                   ticket  can be used to obtain a replace-
-                                   ment ticket  that  expires  at  a  later
-                                   date.
-
-          9           INITIAL
-                                   This flag indicates that this ticket was
-                                   issued  using  the  AS protocol, and not
-                                   issued  based   on   a   ticket-granting
-                                   ticket.
-
-          10          PRE-AUTHENT
-                                   This flag indicates that during  initial
-                                   authentication, the client was authenti-
-                                   cated by the KDC  before  a  ticket  was
-                                   issued.    The   strength  of  the  pre-
-                                   authentication method is not  indicated,
-                                   but is acceptable to the KDC.
-
-          11          HW-AUTHENT
-                                   This flag indicates  that  the  protocol
-                                   employed   for   initial  authentication
-                                   required the use of hardware expected to
-                                   be possessed solely by the named client.
-                                   The hardware  authentication  method  is
-                                   selected  by the KDC and the strength of
-                                   the method is not indicated.
-
-          12           TRANSITED   This flag indicates that the KDC for the
-                  POLICY-CHECKED   realm has checked the transited field
-                                   against a realm defined policy for
-                                   trusted certifiers.  If this flag is
-                                   reset (0), then the application server
-                                   must check the transited field itself,
-                                   and if unable to do so it must reject
-                                   the authentication.  If the flag is set
-                                   (1) then the application server may skip
-                                   its own validation of the transited
-                                   field, relying on the validation
-                                   performed by the KDC.  At its option the
-                                   application server may still apply its
-                                   own validation based on a separate
-                                   policy for acceptance.
-
-          13      OK-AS-DELEGATE   This flag indicates that the server (not
-                                   the client) specified in the ticket has
-                                   been determined by policy of the realm
-                                   to be a suitable recipient of
-                                   delegation.  A client can use the
-                                   presence of this flag to help it make a
-                                   decision whether to delegate credentials
-                                   (either grant a proxy or a forwarded
-                                   ticket granting ticket) to this server.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                                   The client is free to ignore the value
-                                   of this flag.  When setting this flag,
-                                   an administrator should consider the
-                                   Security and placement of the server on
-                                   which the service will run, as well as
-                                   whether the service requires the use of
-                                   delegated credentials.
-
-          14          ANONYMOUS
-                                   This flag indicates that  the  principal
-                                   named in the ticket is a generic princi-
-                                   pal for the realm and does not  identify
-                                   the  individual  using  the ticket.  The
-                                   purpose  of  the  ticket  is   only   to
-                                   securely  distribute  a session key, and
-                                   not to identify  the  user.   Subsequent
-                                   requests  using the same ticket and ses-
-                                   sion may be  considered  as  originating
-                                   from  the  same  user, but requests with
-                                   the same username but a different ticket
-                                   are  likely  to originate from different
-                                   users.
-
-          15-31       RESERVED
-                                   Reserved for future use.
-
-key
-     This field exists in the ticket and the KDC response and is used to
-     pass the session key from Kerberos to the application server and the
-     client. The field's encoding is described in section 6.2.
-crealm
-     This field contains the name of the realm in which the client is
-     registered and in which initial authentication took place.
-cname
-     This field contains the name part of the client's principal
-     identifier.
-transited
-     This field lists the names of the Kerberos realms that took part in
-     authenticating the user to whom this ticket was issued. It does not
-     specify the order in which the realms were transited. See section
-     3.3.3.2 for details on how this field encodes the traversed realms.
-     When the names of CA's are to be embedded inthe transited field (as
-     specified for some extentions to the protocol), the X.500 names of the
-     CA's should be mapped into items in the transited field using the
-     mapping defined by RFC2253.
-authtime
-     This field indicates the time of initial authentication for the named
-     principal. It is the time of issue for the original ticket on which
-     this ticket is based. It is included in the ticket to provide
-     additional information to the end service, and to provide the
-     necessary information for implementation of a `hot list' service at
-     the KDC. An end service that is particularly paranoid could refuse to
-     accept tickets for which the initial authentication occurred "too far"
-     in the past. This field is also returned as part of the response from
-     the KDC. When returned as part of the response to initial
-     authentication (KRB_AS_REP), this is the current time on the Kerberos
-     server[24].
-starttime
-     This field in the ticket specifies the time after which the ticket is
-     valid. Together with endtime, this field specifies the life of the
-     ticket. If it is absent from the ticket, its value should be treated
-     as that of the authtime field.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-endtime
-     This field contains the time after which the ticket will not be
-     honored (its expiration time). Note that individual services may place
-     their own limits on the life of a ticket and may reject tickets which
-     have not yet expired. As such, this is really an upper bound on the
-     expiration time for the ticket.
-renew-till
-     This field is only present in tickets that have the RENEWABLE flag set
-     in the flags field. It indicates the maximum endtime that may be
-     included in a renewal. It can be thought of as the absolute expiration
-     time for the ticket, including all renewals.
-caddr
-     This field in a ticket contains zero (if omitted) or more (if present)
-     host addresses. These are the addresses from which the ticket can be
-     used. If there are no addresses, the ticket can be used from any
-     location. The decision by the KDC to issue or by the end server to
-     accept zero-address tickets is a policy decision and is left to the
-     Kerberos and end-service administrators; they may refuse to issue or
-     accept such tickets. The suggested and default policy, however, is
-     that such tickets will only be issued or accepted when additional
-     information that can be used to restrict the use of the ticket is
-     included in the authorization_data field. Such a ticket is a
-     capability.
-
-     Network addresses are included in the ticket to make it harder for an
-     attacker to use stolen credentials. Because the session key is not
-     sent over the network in cleartext, credentials can't be stolen simply
-     by listening to the network; an attacker has to gain access to the
-     session key (perhaps through operating system security breaches or a
-     careless user's unattended session) to make use of stolen tickets.
-
-     It is important to note that the network address from which a
-     connection is received cannot be reliably determined. Even if it could
-     be, an attacker who has compromised the client's workstation could use
-     the credentials from there. Including the network addresses only makes
-     it more difficult, not impossible, for an attacker to walk off with
-     stolen credentials and then use them from a "safe" location.
-authorization-data
-     The authorization-data field is used to pass authorization data from
-     the principal on whose behalf a ticket was issued to the application
-     service. If no authorization data is included, this field will be left
-     out. Experience has shown that the name of this field is confusing,
-     and that a better name for this field would be restrictions.
-     Unfortunately, it is not possible to change the name of this field at
-     this time.
-
-     This field contains restrictions on any authority obtained on the
-     basis of authentication using the ticket. It is possible for any
-     principal in posession of credentials to add entries to the
-     authorization data field since these entries further restrict what can
-     be done with the ticket. Such additions can be made by specifying the
-     additional entries when a new ticket is obtained during the TGS
-     exchange, or they may be added during chained delegation using the
-     authorization data field of the authenticator.
-
-     Because entries may be added to this field by the holder of
-     credentials, except when an entry is separately authenticated by
-     encapulation in the kdc-issued element, it is not allowable for the
-     presence of an entry in the authorization data field of a ticket to
-     amplify the priveleges one would obtain from using a ticket.
-
-     The data in this field may be specific to the end service; the field
-     will contain the names of service specific objects, and the rights to
-     those objects. The format for this field is described in section 5.2.
-     Although Kerberos is not concerned with the format of the contents of
-     the sub-fields, it does carry type information (ad-type).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     By using the authorization_data field, a principal is able to issue a
-     proxy that is valid for a specific purpose. For example, a client
-     wishing to print a file can obtain a file server proxy to be passed to
-     the print server. By specifying the name of the file in the
-     authorization_data field, the file server knows that the print server
-     can only use the client's rights when accessing the particular file to
-     be printed.
-
-     A separate service providing authorization or certifying group
-     membership may be built using the authorization-data field. In this
-     case, the entity granting authorization (not the authorized entity),
-     may obtain a ticket in its own name (e.g. the ticket is issued in the
-     name of a privelege server), and this entity adds restrictions on its
-     own authority and delegates the restricted authority through a proxy
-     to the client. The client would then present this authorization
-     credential to the application server separately from the
-     authentication exchange. Alternatively, such authorization credentials
-     may be embedded in the ticket authenticating the authorized entity,
-     when the authorization is separately authenticated using the
-     kdc-issued authorization data element (see B.4).
-
-     Similarly, if one specifies the authorization-data field of a proxy
-     and leaves the host addresses blank, the resulting ticket and session
-     key can be treated as a capability. See [Neu93] for some suggested
-     uses of this field.
-
-     The authorization-data field is optional and does not have to be
-     included in a ticket.
-
-5.3.2. Authenticators
-
-An authenticator is a record sent with a ticket to a server to certify the
-client's knowledge of the encryption key in the ticket, to help the server
-detect replays, and to help choose a "true session key" to use with the
-particular session. The encoding is encrypted in the ticket's session key
-shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::= [APPLICATION 2] SEQUENCE  {
-                  authenticator-vno[0]          INTEGER,
-                  crealm[1]                     Realm,
-                  cname[2]                      PrincipalName,
-                  cksum[3]                      Checksum OPTIONAL,
-                  cusec[4]                      INTEGER,
-                  ctime[5]                      KerberosTime,
-                  subkey[6]                     EncryptionKey OPTIONAL,
-                  seq-number[7]                 INTEGER OPTIONAL,
-                  authorization-data[8]         AuthorizationData OPTIONAL
-}
-
-
-authenticator-vno
-     This field specifies the version number for the format of the
-     authenticator. This document specifies version 5.
-crealm and cname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-cksum
-     This field contains a checksum of the the applica- tion data that
-     accompanies the KRB_AP_REQ.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-     Its value (before encryption) ranges from 0 to 999999. It often
-     appears along with ctime. The two fields are used together to specify
-     a reasonably accurate timestamp.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-ctime
-     This field contains the current time on the client's host.
-subkey
-     This field contains the client's choice for an encryption key which is
-     to be used to protect this specific application session. Unless an
-     application specifies otherwise, if this field is left out the session
-     key from the ticket will be used.
-seq-number
-     This optional field includes the initial sequence number to be used by
-     the KRB_PRIV or KRB_SAFE messages when sequence numbers are used to
-     detect replays (It may also be used by application specific messages).
-     When included in the authenticator this field specifies the initial
-     sequence number for messages from the client to the server. When
-     included in the AP-REP message, the initial sequence number is that
-     for messages from the server to the client. When used in KRB_PRIV or
-     KRB_SAFE messages, it is incremented by one after each message is
-     sent. Sequence numbers fall in the range of 0 through 2^32 - 1 and
-     wrap to zero following the value 2^32 - 1.
-
-     For sequence numbers to adequately support the detection of replays
-     they should be non-repeating, even across connection boundaries. The
-     initial sequence number should be random and uniformly distributed
-     across the full space of possible sequence numbers, so that it cannot
-     be guessed by an attacker and so that it and the successive sequence
-     numbers do not repeat other sequences.
-authorization-data
-     This field is the same as described for the ticket in section 5.3.1.
-     It is optional and will only appear when additional restrictions are
-     to be placed on the use of a ticket, beyond those carried in the
-     ticket itself.
-
-5.4. Specifications for the AS and TGS exchanges
-
-This section specifies the format of the messages used in the exchange
-between the client and the Kerberos server. The format of possible error
-messages appears in section 5.9.1.
-
-5.4.1. KRB_KDC_REQ definition
-
-The KRB_KDC_REQ message has no type of its own. Instead, its type is one of
-KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is for an
-initial ticket or an additional ticket. In either case, the message is sent
-from the client to the Authentication Server to request credentials for a
-service.
-
-The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-KDC-REQ ::=        SEQUENCE {
-                   pvno[1]            INTEGER,
-                   msg-type[2]        INTEGER,
-                   padata[3]          SEQUENCE OF PA-DATA OPTIONAL,
-                   req-body[4]        KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-                   padata-type[1]     INTEGER,
-                   padata-value[2]    OCTET STRING,
-                                      -- might be encoded AP-REQ
-}
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-KDC-REQ-BODY ::=   SEQUENCE {
-                    kdc-options[0]         KDCOptions,
-                    cname[1]               PrincipalName OPTIONAL,
-                                           -- Used only in AS-REQ
-                    realm[2]               Realm, -- Server's realm
-                                           -- Also client's in AS-REQ
-                    sname[3]               PrincipalName OPTIONAL,
-                    from[4]                KerberosTime OPTIONAL,
-                    till[5]                KerberosTime OPTIONAL,
-                    rtime[6]               KerberosTime OPTIONAL,
-                    nonce[7]               INTEGER,
-                    etype[8]               SEQUENCE OF INTEGER,
-                                           -- EncryptionType,
-                                           -- in preference order
-                    addresses[9]           HostAddresses OPTIONAL,
-                enc-authorization-data[10] EncryptedData OPTIONAL,
-                                           -- Encrypted AuthorizationData
-                                           -- encoding
-                    additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-The fields in this message are:
-
-pvno
-     This field is included in each message, and specifies the protocol
-     version number. This document specifies protocol version 5.
-msg-type
-     This field indicates the type of a protocol message. It will almost
-     always be the same as the application identifier associated with a
-     message. It is included to make the identifier more readily accessible
-     to the application. For the KDC-REQ message, this type will be
-     KRB_AS_REQ or KRB_TGS_REQ.
-padata
-     The padata (pre-authentication data) field contains a sequence of
-     authentication information which may be needed before credentials can
-     be issued or decrypted. In the case of requests for additional tickets
-     (KRB_TGS_REQ), this field will include an element with padata-type of
-     PA-TGS-REQ and data of an authentication header (ticket-granting
-     ticket and authenticator). The checksum in the authenticator (which
-     must be collision-proof) is to be computed over the KDC-REQ-BODY
-     encoding. In most requests for initial authentication (KRB_AS_REQ) and
-     most replies (KDC-REP), the padata field will be left out.
-
-     This field may also contain information needed by certain extensions
-     to the Kerberos protocol. For example, it might be used to initially
-     verify the identity of a client before any response is returned. When
-     this field is used to authenticate or pre-authenticate a request, it
-     should contain a keyed checksum over the KDC-REQ-BODY to bind the
-     pre-authentication data to rest of the request. The KDC, as a matter
-     of policy, may decide whether to honor a KDC-REQ which includes any
-     pre-authentication data that does not contain the checksum field.
-     PA-ENC-TIMESTAMP defines a pre-authentication data type that is used
-     for authenticating a client by way of an encrypted timestamp. This is
-     accomplished with a padata field with padata-type equal to
-     PA-ENC-TIMESTAMP and padata-value defined as follows (query: the
-     checksum is new in this definition. If the optional field will break
-     things we can keep the old PA-ENC-TS-ENC, and define a new alternate
-     form that includes the checksum). :
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-          padata-type     ::= PA-ENC-TIMESTAMP
-          padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-          PA-ENC-TS-ENC   ::= SEQUENCE {
-                          patimestamp[0]     KerberosTime, -- client's time
-                          pausec[1]          INTEGER OPTIONAL,
-                          pachecksum[2]      checksum OPTIONAL
-                                             -- keyed checksum of
-KDC-REQ-BODY
-          }
-
-     with patimestamp containing the client's time and pausec containing
-     the microseconds which may be omitted if a client will not generate
-     more than one request per second. The ciphertext (padata-value)
-     consists of the PA-ENC-TS-ENC sequence, encrypted using the client's
-     secret key.
-
-     [use-specified-kvno item is here for discussion and may be removed] It
-     may also be used by the client to specify the version of a key that is
-     being used for accompanying preauthentication, and/or which should be
-     used to encrypt the reply from the KDC.
-
-     PA-USE-SPECIFIED-KVNO  ::=  Integer
-
-     The KDC should only accept and abide by the value of the
-     use-specified-kvno preauthentication data field when the specified key
-     is still valid and until use of a new key is confirmed. This situation
-     is likely to occur primarily during the period during which an updated
-     key is propagating to other KDC's in a realm.
-
-     The padata field can also contain information needed to help the KDC
-     or the client select the key needed for generating or decrypting the
-     response. This form of the padata is useful for supporting the use of
-     certain token cards with Kerberos. The details of such extensions are
-     specified in separate documents. See [Pat92] for additional uses of
-     this field.
-padata-type
-     The padata-type element of the padata field indicates the way that the
-     padata-value element is to be interpreted. Negative values of
-     padata-type are reserved for unregistered use; non-negative values are
-     used for a registered interpretation of the element type.
-req-body
-     This field is a placeholder delimiting the extent of the remaining
-     fields. If a checksum is to be calculated over the request, it is
-     calculated over an encoding of the KDC-REQ-BODY sequence which is
-     enclosed within the req-body field.
-kdc-options
-     This field appears in the KRB_AS_REQ and KRB_TGS_REQ requests to the
-     KDC and indicates the flags that the client wants set on the tickets
-     as well as other information that is to modify the behavior of the
-     KDC. Where appropriate, the name of an option may be the same as the
-     flag that is set by that option. Although in most case, the bit in the
-     options field will be the same as that in the flags field, this is not
-     guaranteed, so it is not acceptable to simply copy the options field
-     to the flags field. There are various checks that must be made before
-     honoring an option anyway.
-
-     The kdc_options field is a bit-field, where the selected options are
-     indicated by the bit being set (1), and the unselected options and
-     reserved fields being reset (0). The encoding of the bits is specified
-     in section 5.2. The options are described in more detail above in
-     section 2. The meanings of the options are:
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-        Bit(s)    Name                Description
-         0        RESERVED
-                                      Reserved for future  expansion  of
-this
-                                      field.
-
-         1        FORWARDABLE
-                                      The FORWARDABLE  option  indicates
-that
-                                      the  ticket  to be issued is to have
-its
-                                      forwardable flag set.  It  may  only
-be
-                                      set on the initial request, or in a
-sub-
-                                      sequent request if  the
-ticket-granting
-                                      ticket on which it is based is also
-for-
-                                      wardable.
-
-         2        FORWARDED
-                                      The FORWARDED option is  only
-specified
-                                      in  a  request  to  the
-ticket-granting
-                                      server and will only be honored  if
-the
-                                      ticket-granting  ticket  in  the
-request
-                                      has  its  FORWARDABLE  bit  set.
-This
-                                      option  indicates that this is a
-request
-                                      for forwarding.  The address(es) of
-the
-                                      host  from which the resulting ticket
-is
-                                      to  be  valid  are   included   in
-the
-                                      addresses field of the request.
-
-         3        PROXIABLE
-                                      The PROXIABLE option indicates that
-the
-                                      ticket to be issued is to have its
-prox-
-                                      iable flag set.  It may only be  set
-on
-                                      the  initial request, or in a
-subsequent
-                                      request if the ticket-granting ticket
-on
-                                      which it is based is also proxiable.
-
-         4        PROXY
-                                      The PROXY option indicates that this
-is
-                                      a request for a proxy.  This option
-will
-                                      only be honored if  the
-ticket-granting
-                                      ticket  in the request has its
-PROXIABLE
-                                      bit set.  The address(es)  of  the
-host
-                                      from which the resulting ticket is to
-be
-                                       valid  are  included  in  the
-addresses
-                                      field of the request.
-
-         5        ALLOW-POSTDATE
-                                      The ALLOW-POSTDATE option indicates
-that
-                                      the  ticket  to be issued is to have
-its
-                                      MAY-POSTDATE flag set.  It may  only
-be
-                                      set on the initial request, or in a
-sub-
-                                      sequent request if  the
-ticket-granting
-                                      ticket on which it is based also has
-its
-                                      MAY-POSTDATE flag set.
-
-         6        POSTDATED
-                                      The POSTDATED option indicates that
-this
-                                      is  a  request  for  a postdated
-ticket.
-                                      This option will only be honored if
-the
-                                      ticket-granting  ticket  on  which it
-is
-                                      based has  its  MAY-POSTDATE  flag
-set.
-                                      The  resulting ticket will also have
-its
-                                      INVALID flag set, and that flag  may
-be
-                                      reset by a subsequent request to the
-KDC
-                                      after the starttime in  the  ticket
-has
-                                      been reached.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-         7        UNUSED
-                                      This option is presently unused.
-
-         8        RENEWABLE
-                                      The RENEWABLE option indicates that
-the
-                                      ticket  to  be  issued  is  to  have
-its
-                                      RENEWABLE flag set.  It may only be
-set
-                                      on  the  initial  request,  or  when
-the
-                                      ticket-granting  ticket  on  which
-the
-                                      request  is based is also renewable.
-If
-                                      this option is requested, then the
-rtime
-                                      field   in   the  request  contains
-the
-                                      desired absolute expiration time for
-the
-                                      ticket.
-
-         9       RESERVED
-                                      Reserved for PK-Cross
-
-         10-13     UNUSED
-                                      These options are presently unused.
-
-         14       REQUEST-ANONYMOUS
-                                      The REQUEST-ANONYMOUS  option
-indicates
-                                      that  the  ticket to be issued is not
-to
-                                      identify  the  user  to  which  it
-was
-                                      issued.  Instead, the principal
-identif-
-                                      ier is to be generic,  as  specified
-by
-                                      the  policy  of  the realm (e.g.
-usually
-                                      anonymous@realm).  The  purpose  of
-the
-                                      ticket  is only to securely distribute
-a
-                                      session key, and  not  to  identify
-the
-                                      user.   The ANONYMOUS flag on the
-ticket
-                                      to be returned should be  set.   If
-the
-                                      local  realms  policy  does  not
-permit
-                                      anonymous credentials, the request is
-to
-                                      be rejected.
-
-         15      CANONICALIZE
-                                      The CANONICALIZE option indicates that
-                                      the client will accept the return of a
-                                      true server name instead of the name
-                                      specified in the request. In addition
-                                      the client will be able to process
-                                      any TGT referrals that will direct
-                                      the client to another realm to locate
-                                      the requested server. If a KDC does
-                                      not support name- canonicalization,
-                                      the option is ignored and the
-                                      appropriate
-                                      KDC_ERR_C_PRINCIPAL_UNKNOWN or
-                                      KDC_ERR_S_PRINCIPAL_UNKNOWN error is
-                                      returned. [JBrezak]
-
-         16-25    RESERVED
-                                      Reserved for future use.
-
-         26       DISABLE-TRANSITED-CHECK
-                                      By default the KDC will check the
-                                      transited field of a ticket-granting-
-                                      ticket against the policy of the local
-                                      realm before it will issue derivative
-                                      tickets based on the ticket granting
-                                      ticket.  If this flag is set in the
-                                      request, checking of the transited
-field
-                                      is disabled.  Tickets issued without
-the
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                                      performance of this check will be
-noted
-                                      by the reset (0) value of the
-                                      TRANSITED-POLICY-CHECKED flag,
-                                      indicating to the application server
-                                      that the tranisted field must be
-checked
-                                      locally.  KDC's are encouraged but not
-                                      required to honor the
-                                      DISABLE-TRANSITED-CHECK option.
-
-         27       RENEWABLE-OK
-                                      The RENEWABLE-OK option indicates that
-a
-                                      renewable ticket will be acceptable if
-a
-                                      ticket with the  requested  life
-cannot
-                                      otherwise be provided.  If a ticket
-with
-                                      the requested life cannot  be
-provided,
-                                      then  a  renewable  ticket may be
-issued
-                                      with  a  renew-till  equal  to  the
-the
-                                      requested  endtime.   The  value  of
-the
-                                      renew-till field may still be limited
-by
-                                      local  limits, or limits selected by
-the
-                                      individual principal or server.
-
-         28       ENC-TKT-IN-SKEY
-                                      This option is used only by the
-ticket-
-                                      granting  service.   The
-ENC-TKT-IN-SKEY
-                                      option indicates that the ticket for
-the
-                                      end  server  is  to  be encrypted in
-the
-                                      session key from the additional
-ticket-
-                                      granting ticket provided.
-
-         29       RESERVED
-                                      Reserved for future use.
-
-         30       RENEW
-                                      This option is used only by the
-ticket-
-                                      granting   service.   The  RENEW
-option
-                                      indicates that the  present  request
-is
-                                      for  a  renewal.  The ticket provided
-is
-                                      encrypted in  the  secret  key  for
-the
-                                      server  on  which  it  is  valid.
-This
-                                      option  will  only  be  honored  if
-the
-                                      ticket  to  be renewed has its
-RENEWABLE
-                                      flag set and if the time in  its
-renew-
-                                      till  field  has not passed.  The
-ticket
-                                      to be renewed is passed  in  the
-padata
-                                      field  as  part  of  the
-authentication
-                                      header.
-
-         31       VALIDATE
-                                      This option is used only by the
-ticket-
-                                      granting  service.   The VALIDATE
-option
-                                      indicates that the request is  to
-vali-
-                                      date  a  postdated ticket.  It will
-only
-                                      be honored if the  ticket  presented
-is
-                                      postdated,  presently  has  its
-INVALID
-                                      flag set, and would be otherwise
-usable
-                                      at  this time.  A ticket cannot be
-vali-
-                                      dated before its starttime.  The
-ticket
-                                      presented for validation is encrypted
-in
-                                      the key of the server for  which  it
-is
-                                      valid  and is passed in the padata
-field
-                                      as part of the authentication header.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-cname and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1. sname may only be absent when the ENC-TKT-IN-SKEY option is
-     specified. If absent, the name of the server is taken from the name of
-     the client in the ticket passed as additional-tickets.
-enc-authorization-data
-     The enc-authorization-data, if present (and it can only be present in
-     the TGS_REQ form), is an encoding of the desired authorization-data
-     encrypted under the sub-session key if present in the Authenticator,
-     or alternatively from the session key in the ticket-granting ticket,
-     both from the padata field in the KRB_AP_REQ.
-realm
-     This field specifies the realm part of the server's principal
-     identifier. In the AS exchange, this is also the realm part of the
-     client's principal identifier. If the CANONICALIZE option is set, the
-     realm is used as a hint to the KDC for its database lookup.
-from
-     This field is included in the KRB_AS_REQ and KRB_TGS_REQ ticket
-     requests when the requested ticket is to be postdated. It specifies
-     the desired start time for the requested ticket. If this field is
-     omitted then the KDC should use the current time instead.
-till
-     This field contains the expiration date requested by the client in a
-     ticket request. It is optional and if omitted the requested ticket is
-     to have the maximum endtime permitted according to KDC policy for the
-     parties to the authentication exchange as limited by expiration date
-     of the ticket granting ticket or other preauthentication credentials.
-rtime
-     This field is the requested renew-till time sent from a client to the
-     KDC in a ticket request. It is optional.
-nonce
-     This field is part of the KDC request and response. It it intended to
-     hold a random number generated by the client. If the same number is
-     included in the encrypted response from the KDC, it provides evidence
-     that the response is fresh and has not been replayed by an attacker.
-     Nonces must never be re-used. Ideally, it should be generated
-     randomly, but if the correct time is known, it may suffice[25].
-etype
-     This field specifies the desired encryption algorithm to be used in
-     the response.
-addresses
-     This field is included in the initial request for tickets, and
-     optionally included in requests for additional tickets from the
-     ticket-granting server. It specifies the addresses from which the
-     requested ticket is to be valid. Normally it includes the addresses
-     for the client's host. If a proxy is requested, this field will
-     contain other addresses. The contents of this field are usually copied
-     by the KDC into the caddr field of the resulting ticket.
-additional-tickets
-     Additional tickets may be optionally included in a request to the
-     ticket-granting server. If the ENC-TKT-IN-SKEY option has been
-     specified, then the session key from the additional ticket will be
-     used in place of the server's key to encrypt the new ticket. When he
-     ENC-TKT-IN-SKEY option is used for user-to-user authentication, this
-     addional ticket may be a TGT issued by the local realm or an
-     inter-realm TGT issued for the current KDC's realm by a remote KDC. If
-     more than one option which requires additional tickets has been
-     specified, then the additional tickets are used in the order specified
-     by the ordering of the options bits (see kdc-options, above).
-
-The application code will be either ten (10) or twelve (12) depending on
-whether the request is for an initial ticket (AS-REQ) or for an additional
-ticket (TGS-REQ).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-The optional fields (addresses, authorization-data and additional-tickets)
-are only included if necessary to perform the operation specified in the
-kdc-options field.
-
-It should be noted that in KRB_TGS_REQ, the protocol version number appears
-twice and two different message types appear: the KRB_TGS_REQ message
-contains these fields as does the authentication header (KRB_AP_REQ) that
-is passed in the padata field.
-
-5.4.2. KRB_KDC_REP definition
-
-The KRB_KDC_REP message format is used for the reply from the KDC for
-either an initial (AS) request or a subsequent (TGS) request. There is no
-message type for KRB_KDC_REP. Instead, the type will be either KRB_AS_REP
-or KRB_TGS_REP. The key used to encrypt the ciphertext part of the reply
-depends on the message type. For KRB_AS_REP, the ciphertext is encrypted in
-the client's secret key, and the client's key version number is included in
-the key version number for the encrypted data. For KRB_TGS_REP, the
-ciphertext is encrypted in the sub-session key from the Authenticator, or
-if absent, the session key from the ticket-granting ticket used in the
-request. In that case, no version number will be present in the
-EncryptedData sequence.
-
-The KRB_KDC_REP message contains the following fields:
-
-AS-REP ::=    [APPLICATION 11] KDC-REP
-TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-KDC-REP ::=   SEQUENCE {
-              pvno[0]                    INTEGER,
-              msg-type[1]                INTEGER,
-              padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-              crealm[3]                  Realm,
-              cname[4]                   PrincipalName,
-              ticket[5]                  Ticket,
-              enc-part[6]                EncryptedData
-}
-
-EncASRepPart ::=    [APPLICATION 25[27]] EncKDCRepPart
-EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-EncKDCRepPart ::=   SEQUENCE {
-                    key[0]               EncryptionKey,
-                    last-req[1]          LastReq,
-                    nonce[2]             INTEGER,
-                    key-expiration[3]    KerberosTime OPTIONAL,
-                    flags[4]             TicketFlags,
-                    authtime[5]          KerberosTime,
-                    starttime[6]         KerberosTime OPTIONAL,
-                    endtime[7]           KerberosTime,
-                    renew-till[8]        KerberosTime OPTIONAL,
-                    srealm[9]            Realm,
-                    sname[10]            PrincipalName,
-                    caddr[11]            HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is either
-     KRB_AS_REP or KRB_TGS_REP.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-padata
-     This field is described in detail in section 5.4.1. One possible use
-     for this field is to encode an alternate "mix-in" string to be used
-     with a string-to-key algorithm (such as is described in section
-     6.3.2). This ability is useful to ease transitions if a realm name
-     needs to change (e.g. when a company is acquired); in such a case all
-     existing password-derived entries in the KDC database would be flagged
-     as needing a special mix-in string until the next password change.
-crealm, cname, srealm and sname
-     These fields are the same as those described for the ticket in section
-     5.3.1.
-ticket
-     The newly-issued ticket, from section 5.3.1.
-enc-part
-     This field is a place holder for the ciphertext and related
-     information that forms the encrypted part of a message. The
-     description of the encrypted part of the message follows each
-     appearance of this field. The encrypted part is encoded as described
-     in section 6.1.
-key
-     This field is the same as described for the ticket in section 5.3.1.
-last-req
-     This field is returned by the KDC and specifies the time(s) of the
-     last request by a principal. Depending on what information is
-     available, this might be the last time that a request for a
-     ticket-granting ticket was made, or the last time that a request based
-     on a ticket-granting ticket was successful. It also might cover all
-     servers for a realm, or just the particular server. Some
-     implementations may display this information to the user to aid in
-     discovering unauthorized use of one's identity. It is similar in
-     spirit to the last login time displayed when logging into timesharing
-     systems.
-nonce
-     This field is described above in section 5.4.1.
-key-expiration
-     The key-expiration field is part of the response from the KDC and
-     specifies the time that the client's secret key is due to expire. The
-     expiration might be the result of password aging or an account
-     expiration. This field will usually be left out of the TGS reply since
-     the response to the TGS request is encrypted in a session key and no
-     client information need be retrieved from the KDC database. It is up
-     to the application client (usually the login program) to take
-     appropriate action (such as notifying the user) if the expiration time
-     is imminent.
-flags, authtime, starttime, endtime, renew-till and caddr
-     These fields are duplicates of those found in the encrypted portion of
-     the attached ticket (see section 5.3.1), provided so the client may
-     verify they match the intended request and to assist in proper ticket
-     caching. If the message is of type KRB_TGS_REP, the caddr field will
-     only be filled in if the request was for a proxy or forwarded ticket,
-     or if the user is substituting a subset of the addresses from the
-     ticket granting ticket. If the client-requested addresses are not
-     present or not used, then the addresses contained in the ticket will
-     be the same as those included in the ticket-granting ticket.
-
-5.5. Client/Server (CS) message specifications
-
-This section specifies the format of the messages used for the
-authentication of the client to the application server.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.5.1. KRB_AP_REQ definition
-
-The KRB_AP_REQ message contains the Kerberos protocol version number, the
-message type KRB_AP_REQ, an options field to indicate any options in use,
-and the ticket and authenticator themselves. The KRB_AP_REQ message is
-often referred to as the 'authentication header'.
-
-AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ap-options[2]                 APOptions,
-                ticket[3]                     Ticket,
-                authenticator[4]              EncryptedData
-}
-
-APOptions ::=   BIT STRING {
-                reserved(0),
-                use-session-key(1),
-                mutual-required(2)
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REQ.
-ap-options
-     This field appears in the application request (KRB_AP_REQ) and affects
-     the way the request is processed. It is a bit-field, where the
-     selected options are indicated by the bit being set (1), and the
-     unselected options and reserved fields being reset (0). The encoding
-     of the bits is specified in section 5.2. The meanings of the options
-     are:
-
-	  Bit(s)   Name              Description
-
-	  0        RESERVED
-				     Reserved for future  expansion  of  this
-				     field.
-
-	  1        USE-SESSION-KEY
-				     The  USE-SESSION-KEY  option   indicates
-				     that the ticket the client is presenting
-				     to a server is encrypted in the  session
-				     key  from  the  server's ticket-granting
-				     ticket.  When this option is not  speci-
-				     fied,  the  ticket  is  encrypted in the
-				     server's secret key.
-
-	  2        MUTUAL-REQUIRED
-				     The  MUTUAL-REQUIRED  option  tells  the
-				     server  that  the client requires mutual
-				     authentication, and that it must respond
-				     with a KRB_AP_REP message.
-
-	  3-31     RESERVED
-				     Reserved for future use.
-
-ticket
-     This field is a ticket authenticating the client to the server.
-authenticator
-     This contains the authenticator, which includes the client's choice of
-     a subkey. Its encoding is described in section 5.3.2.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.5.2. KRB_AP_REP definition
-
-The KRB_AP_REP message contains the Kerberos protocol version number, the
-message type, and an encrypted time- stamp. The message is sent in in
-response to an application request (KRB_AP_REQ) where the mutual
-authentication option has been selected in the ap-options field.
-
-AP-REP ::=         [APPLICATION 15] SEQUENCE {
-                   pvno[0]                           INTEGER,
-                   msg-type[1]                       INTEGER,
-                   enc-part[2]                       EncryptedData
-}
-
-EncAPRepPart ::=   [APPLICATION 27[29]] SEQUENCE {
-                   ctime[0]                          KerberosTime,
-                   cusec[1]                          INTEGER,
-                   subkey[2]                         EncryptionKey OPTIONAL,
-                   seq-number[3]                     INTEGER OPTIONAL
-}
-
-The encoded EncAPRepPart is encrypted in the shared session key of the
-ticket. The optional subkey field can be used in an application-arranged
-negotiation to choose a per association session key.
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_AP_REP.
-enc-part
-     This field is described above in section 5.4.2.
-ctime
-     This field contains the current time on the client's host.
-cusec
-     This field contains the microsecond part of the client's timestamp.
-subkey
-     This field contains an encryption key which is to be used to protect
-     this specific application session. See section 3.2.6 for specifics on
-     how this field is used to negotiate a key. Unless an application
-     specifies otherwise, if this field is left out, the sub-session key
-     from the authenticator, or if also left out, the session key from the
-     ticket will be used.
-
-5.5.3. Error message reply
-
-If an error occurs while processing the application request, the KRB_ERROR
-message will be sent in response. See section 5.9.1 for the format of the
-error message. The cname and crealm fields may be left out if the server
-cannot determine their appropriate values from the corresponding KRB_AP_REQ
-message. If the authenticator was decipherable, the ctime and cusec fields
-will contain the values from it.
-
-5.6. KRB_SAFE message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to send a tamper-proof message to
-its peer. It presumes that a session key has previously been exchanged (for
-example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.6.1. KRB_SAFE definition
-
-The KRB_SAFE message contains user data along with a collision-proof
-checksum keyed with the last encryption key negotiated via subkeys, or the
-session key if no negotiation has occured. The message fields are:
-
-KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-                    pvno[0]                       INTEGER,
-                    msg-type[1]                   INTEGER,
-                    safe-body[2]                  KRB-SAFE-BODY,
-                    cksum[3]                      Checksum
-}
-
-KRB-SAFE-BODY ::=   SEQUENCE {
-                    user-data[0]                  OCTET STRING,
-                    timestamp[1]                  KerberosTime OPTIONAL,
-                    usec[2]                       INTEGER OPTIONAL,
-                    seq-number[3]                 INTEGER OPTIONAL,
-                    s-address[4]                  HostAddress OPTIONAL,
-                    r-address[5]                  HostAddress OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_SAFE.
-safe-body
-     This field is a placeholder for the body of the KRB-SAFE message.
-cksum
-     This field contains the checksum of the application data. Checksum
-     details are described in section 6.4. The checksum is computed over
-     the encoding of the KRB-SAFE sequence. First, the cksum is zeroed and
-     the checksum is computed over the encoding of the KRB-SAFE sequence,
-     then the checksum is set to the result of that computation, and
-     finally the KRB-SAFE sequence is encoded again.
-user-data
-     This field is part of the KRB_SAFE and KRB_PRIV messages and contain
-     the application specific data that is being passed from the sender to
-     the recipient.
-timestamp
-     This field is part of the KRB_SAFE and KRB_PRIV messages. Its contents
-     are the current time as known by the sender of the message. By
-     checking the timestamp, the recipient of the message is able to make
-     sure that it was recently generated, and is not a replay.
-usec
-     This field is part of the KRB_SAFE and KRB_PRIV headers. It contains
-     the microsecond part of the timestamp.
-seq-number
-     This field is described above in section 5.3.2.
-s-address
-     This field specifies the address in use by the sender of the message.
-     It may be omitted if not required by the application protocol. The
-     application designer considering omission of this field is warned,
-     that the inclusion of this address prevents some kinds of replay
-     attacks (e.g., reflection attacks) and that it is only acceptable to
-     omit this address if there is sufficient information in the integrity
-     protected part of the application message for the recipient to
-     unambiguously determine if it was the intended recipient.
-r-address
-     This field specifies the address in use by the recipient of the
-     message. It may be omitted for some uses (such as broadcast
-     protocols), but the recipient may arbitrarily reject such messages.
-     This field along with s-address can be used to help detect messages
-     which have been incorrectly or maliciously delivered to the wrong
-     recipient.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.7. KRB_PRIV message specification
-
-This section specifies the format of a message that can be used by either
-side (client or server) of an application to securely and privately send a
-message to its peer. It presumes that a session key has previously been
-exchanged (for example, by using the KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1. KRB_PRIV definition
-
-The KRB_PRIV message contains user data encrypted in the Session Key. The
-message fields are:
-
-KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                     pvno[0]                           INTEGER,
-                     msg-type[1]                       INTEGER,
-                     enc-part[3]                       EncryptedData
-}
-
-EncKrbPrivPart ::=   [APPLICATION 28[31]] SEQUENCE {
-                     user-data[0]        OCTET STRING,
-                     timestamp[1]        KerberosTime OPTIONAL,
-                     usec[2]             INTEGER OPTIONAL,
-                     seq-number[3]       INTEGER OPTIONAL,
-                     s-address[4]        HostAddress OPTIONAL, -- sender's
-addr
-                     r-address[5]        HostAddress OPTIONAL -- recip's
-addr
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_PRIV.
-enc-part
-     This field holds an encoding of the EncKrbPrivPart sequence encrypted
-     under the session key[32]. This encrypted encoding is used for the
-     enc-part field of the KRB-PRIV message. See section 6 for the format
-     of the ciphertext.
-user-data, timestamp, usec, s-address and r-address
-     These fields are described above in section 5.6.1.
-seq-number
-     This field is described above in section 5.3.2.
-
-5.8. KRB_CRED message specification
-
-This section specifies the format of a message that can be used to send
-Kerberos credentials from one principal to another. It is presented here to
-encourage a common mechanism to be used by applications when forwarding
-tickets or providing proxies to subordinate servers. It presumes that a
-session key has already been exchanged perhaps by using the
-KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1. KRB_CRED definition
-
-The KRB_CRED message contains a sequence of tickets to be sent and
-information needed to use the tickets, including the session key from each.
-The information needed to use the tickets is encrypted under an encryption
-key previously exchanged or transferred alongside the KRB_CRED message. The
-message fields are:
-
-KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                 pvno[0]                INTEGER,
-                 msg-type[1]            INTEGER, -- KRB_CRED
-                 tickets[2]             SEQUENCE OF Ticket,
-                 enc-part[3]            EncryptedData
-}
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                 ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                 nonce[1]               INTEGER OPTIONAL,
-                 timestamp[2]           KerberosTime OPTIONAL,
-                 usec[3]                INTEGER OPTIONAL,
-                 s-address[4]           HostAddress OPTIONAL,
-                 r-address[5]           HostAddress OPTIONAL
-}
-
-KrbCredInfo      ::=                    SEQUENCE {
-                 key[0]                 EncryptionKey,
-                 prealm[1]              Realm OPTIONAL,
-                 pname[2]               PrincipalName OPTIONAL,
-                 flags[3]               TicketFlags OPTIONAL,
-                 authtime[4]            KerberosTime OPTIONAL,
-                 starttime[5]           KerberosTime OPTIONAL,
-                 endtime[6]             KerberosTime OPTIONAL
-                 renew-till[7]          KerberosTime OPTIONAL,
-                 srealm[8]              Realm OPTIONAL,
-                 sname[9]               PrincipalName OPTIONAL,
-                 caddr[10]              HostAddresses OPTIONAL
-}
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_CRED.
-tickets
-     These are the tickets obtained from the KDC specifically for use by
-     the intended recipient. Successive tickets are paired with the
-     corresponding KrbCredInfo sequence from the enc-part of the KRB-CRED
-     message.
-enc-part
-     This field holds an encoding of the EncKrbCredPart sequence encrypted
-     under the session key shared between the sender and the intended
-     recipient. This encrypted encoding is used for the enc-part field of
-     the KRB-CRED message. See section 6 for the format of the ciphertext.
-nonce
-     If practical, an application may require the inclusion of a nonce
-     generated by the recipient of the message. If the same value is
-     included as the nonce in the message, it provides evidence that the
-     message is fresh and has not been replayed by an attacker. A nonce
-     must never be re-used; it should be generated randomly by the
-     recipient of the message and provided to the sender of the message in
-     an application specific manner.
-timestamp and usec
-     These fields specify the time that the KRB-CRED message was generated.
-     The time is used to provide assurance that the message is fresh.
-s-address and r-address
-     These fields are described above in section 5.6.1. They are used
-     optionally to provide additional assurance of the integrity of the
-     KRB-CRED message.
-key
-     This field exists in the corresponding ticket passed by the KRB-CRED
-     message and is used to pass the session key from the sender to the
-     intended recipient. The field's encoding is described in section 6.2.
-
-The following fields are optional. If present, they can be associated with
-the credentials in the remote ticket file. If left out, then it is assumed
-that the recipient of the credentials already knows their value.
-
-prealm and pname
-     The name and realm of the delegated principal identity.
-flags, authtime, starttime, endtime, renew-till, srealm, sname, and caddr
-     These fields contain the values of the correspond- ing fields from the
-     ticket found in the ticket field. Descriptions of the fields are
-     identical to the descriptions in the KDC-REP message.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-5.9. Error message specification
-
-This section specifies the format for the KRB_ERROR message. The fields
-included in the message are intended to return as much information as
-possible about an error. It is not expected that all the information
-required by the fields will be available for all types of errors. If the
-appropriate information is not available when the message is composed, the
-corresponding field will be left out of the message.
-
-Note that since the KRB_ERROR message is only optionally integrity
-protected, it is quite possible for an intruder to synthesize or modify
-such a message. In particular, this means that unless appropriate integrity
-protection mechanisms have been applied to the KRB_ERROR message, the
-client should not use any fields in this message for security-critical
-purposes, such as setting a system clock or generating a fresh
-authenticator. The message can be useful, however, for advising a user on
-the reason for some failure.
-
-5.9.1. KRB_ERROR definition
-
-The KRB_ERROR message consists of the following fields:
-
-KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                pvno[0]                       INTEGER,
-                msg-type[1]                   INTEGER,
-                ctime[2]                      KerberosTime OPTIONAL,
-                cusec[3]                      INTEGER OPTIONAL,
-                stime[4]                      KerberosTime,
-                susec[5]                      INTEGER,
-                error-code[6]                 INTEGER,
-                crealm[7]                     Realm OPTIONAL,
-                cname[8]                      PrincipalName OPTIONAL,
-                realm[9]                      Realm, -- Correct realm
-                sname[10]                     PrincipalName, -- Correct name
-                e-text[11]                    GeneralString OPTIONAL,
-                e-data[12]                    OCTET STRING OPTIONAL,
-                e-cksum[13]                   Checksum OPTIONAL,
-}
-
-
-
-pvno and msg-type
-     These fields are described above in section 5.4.1. msg-type is
-     KRB_ERROR.
-ctime
-     This field is described above in section 5.4.1.
-cusec
-     This field is described above in section 5.5.2.
-stime
-     This field contains the current time on the server. It is of type
-     KerberosTime.
-susec
-     This field contains the microsecond part of the server's timestamp.
-     Its value ranges from 0 to 999999. It appears along with stime. The
-     two fields are used in conjunction to specify a reasonably accurate
-     timestamp.
-error-code
-     This field contains the error code returned by Kerberos or the server
-     when a request fails. To interpret the value of this field see the
-     list of error codes in section 8. Implementations are encouraged to
-     provide for national language support in the display of error
-     messages.
-crealm, cname, srealm and sname
-     These fields are described above in section 5.3.1.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-e-text
-     This field contains additional text to help explain the error code
-     associated with the failed request (for example, it might include a
-     principal name which was unknown).
-e-data
-     This field contains additional data about the error for use by the
-     application to help it recover from or handle the error. If present,
-     this field will contain the encoding of a sequence of TypedData
-     (TYPED-DATA below), unless the errorcode is KDC_ERR_PREAUTH_REQUIRED,
-     in which case it will contain the encoding of a sequence of of padata
-     fields (METHOD-DATA below), each corresponding to an acceptable
-     pre-authentication method and optionally containing data for the
-     method:
-
-     TYPED-DATA   ::=   SEQUENCE of TypeData
-     METHOD-DATA  ::=   SEQUENCE of PA-DATA
-
-     TypedData ::=   SEQUENCE {
-                         data-type[0]   INTEGER,
-                         data-value[1]  OCTET STRING OPTIONAL
-     }
-
-     Note that e-data-types have been reserved for all PA data types
-     defined prior to July 1999. For the KDC_ERR_PREAUTH_REQUIRED message,
-     when using new PA data types defined in July 1999 or later, the
-     METHOD-DATA sequence must itself be encapsulated in an TypedData
-     element of type TD-PADATA. All new implementations interpreting the
-     METHOD-DATA field for the KDC_ERR_PREAUTH_REQUIRED message must accept
-     a type of TD-PADATA, extract the typed data field and interpret the
-     use any elements encapsulated in the TD-PADATA elements as if they
-     were present in the METHOD-DATA sequence.
-e-cksum
-     This field contains an optional checksum for the KRB-ERROR message.
-     The checksum is calculated over the Kerberos ASN.1 encoding of the
-     KRB-ERROR message with the checksum absent. The checksum is then added
-     to the KRB-ERROR structure and the message is re-encoded. The Checksum
-     should be calculated using the session key from the ticket granting
-     ticket or service ticket, where available. If the error is in response
-     to a TGS or AP request, the checksum should be calculated uing the the
-     session key from the client's ticket. If the error is in response to
-     an AS request, then the checksum should be calulated using the
-     client's secret key ONLY if there has been suitable preauthentication
-     to prove knowledge of the secret key by the client[33]. If a checksum
-     can not be computed because the key to be used is not available, no
-     checksum will be included.
-
-     6. Encryption and Checksum Specifications
-
-     The Kerberos protocols described in this document are designed to use
-     stream encryption ciphers, which can be simulated using commonly
-     available block encryption ciphers, such as the Data Encryption
-     Standard [DES77], and triple DES variants, in conjunction with block
-     chaining and checksum methods [DESM80]. Encryption is used to prove
-     the identities of the network entities participating in message
-     exchanges. The Key Distribution Center for each realm is trusted by
-     all principals registered in that realm to store a secret key in
-     confidence. Proof of knowledge of this secret key is used to verify
-     the authenticity of a principal.
-
-     The KDC uses the principal's secret key (in the AS exchange) or a
-     shared session key (in the TGS exchange) to encrypt responses to
-     ticket requests; the ability to obtain the secret key or session key
-     implies the knowledge of the appropriate keys and the identity of the
-     KDC. The ability of a principal to decrypt the KDC response and
-     present a Ticket and a properly formed Authenticator (generated with
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     the session key from the KDC response) to a service verifies the
-     identity of the principal; likewise the ability of the service to
-     extract the session key from the Ticket and prove its knowledge
-     thereof in a response verifies the identity of the service.
-
-     The Kerberos protocols generally assume that the encryption used is
-     secure from cryptanalysis; however, in some cases, the order of fields
-     in the encrypted portions of messages are arranged to minimize the
-     effects of poorly chosen keys. It is still important to choose good
-     keys. If keys are derived from user-typed passwords, those passwords
-     need to be well chosen to make brute force attacks more difficult.
-     Poorly chosen keys still make easy targets for intruders.
-
-     The following sections specify the encryption and checksum mechanisms
-     currently defined for Kerberos. The encodings, chaining, and padding
-     requirements for each are described. For encryption methods, it is
-     often desirable to place random information (often referred to as a
-     confounder) at the start of the message. The requirements for a
-     confounder are specified with each encryption mechanism.
-
-     Some encryption systems use a block-chaining method to improve the the
-     security characteristics of the ciphertext. However, these chaining
-     methods often don't provide an integrity check upon decryption. Such
-     systems (such as DES in CBC mode) must be augmented with a checksum of
-     the plain-text which can be verified at decryption and used to detect
-     any tampering or damage. Such checksums should be good at detecting
-     burst errors in the input. If any damage is detected, the decryption
-     routine is expected to return an error indicating the failure of an
-     integrity check. Each encryption type is expected to provide and
-     verify an appropriate checksum. The specification of each encryption
-     method sets out its checksum requirements.
-
-     Finally, where a key is to be derived from a user's password, an
-     algorithm for converting the password to a key of the appropriate type
-     is included. It is desirable for the string to key function to be
-     one-way, and for the mapping to be different in different realms. This
-     is important because users who are registered in more than one realm
-     will often use the same password in each, and it is desirable that an
-     attacker compromising the Kerberos server in one realm not obtain or
-     derive the user's key in another.
-
-     For an discussion of the integrity characteristics of the candidate
-     encryption and checksum methods considered for Kerberos, the reader is
-     referred to [SG92].
-
-     6.1. Encryption Specifications
-
-     The following ASN.1 definition describes all encrypted messages. The
-     enc-part field which appears in the unencrypted part of messages in
-     section 5 is a sequence consisting of an encryption type, an optional
-     key version number, and the ciphertext.
-
-     EncryptedData ::=   SEQUENCE {
-                         etype[0]     INTEGER, -- EncryptionType
-                         kvno[1]      INTEGER OPTIONAL,
-                         cipher[2]    OCTET STRING -- ciphertext
-     }
-
-
-
-     etype
-          This field identifies which encryption algorithm was used to
-          encipher the cipher. Detailed specifications for selected
-          encryption types appear later in this section.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     kvno
-          This field contains the version number of the key under which
-          data is encrypted. It is only present in messages encrypted under
-          long lasting keys, such as principals' secret keys.
-     cipher
-          This field contains the enciphered text, encoded as an OCTET
-          STRING.
-     The cipher field is generated by applying the specified encryption
-     algorithm to data composed of the message and algorithm-specific
-     inputs. Encryption mechanisms defined for use with Kerberos must take
-     sufficient measures to guarantee the integrity of the plaintext, and
-     we recommend they also take measures to protect against precomputed
-     dictionary attacks. If the encryption algorithm is not itself capable
-     of doing so, the protections can often be enhanced by adding a
-     checksum and a confounder.
-
-     The suggested format for the data to be encrypted includes a
-     confounder, a checksum, the encoded plaintext, and any necessary
-     padding. The msg-seq field contains the part of the protocol message
-     described in section 5 which is to be encrypted. The confounder,
-     checksum, and padding are all untagged and untyped, and their length
-     is exactly sufficient to hold the appropriate item. The type and
-     length is implicit and specified by the particular encryption type
-     being used (etype). The format for the data to be encrypted for some
-     methods is described in the following diagram, but other methods may
-     deviate from this layour - so long as the definition of the method
-     defines the layout actually in use.
-
-           +-----------+----------+-------------+-----+
-           |confounder |   check  |   msg-seq   | pad |
-           +-----------+----------+-------------+-----+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     CipherText ::=   ENCRYPTED       SEQUENCE {
-             confounder[0]   UNTAGGED[35] OCTET STRING(conf_length)
-OPTIONAL,
-             check[1]        UNTAGGED OCTET STRING(checksum_length)
-OPTIONAL,
-             msg-seq[2]      MsgSequence,
-             pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-     }
-
-     One generates a random confounder of the appropriate length, placing
-     it in confounder; zeroes out check; calculates the appropriate
-     checksum over confounder, check, and msg-seq, placing the result in
-     check; adds the necessary padding; then encrypts using the specified
-     encryption type and the appropriate key.
-
-     Unless otherwise specified, a definition of an encryption algorithm
-     that specifies a checksum, a length for the confounder field, or an
-     octet boundary for padding uses this ciphertext format[36]. Those
-     fields which are not specified will be omitted.
-
-     In the interest of allowing all implementations using a particular
-     encryption type to communicate with all others using that type, the
-     specification of an encryption type defines any checksum that is
-     needed as part of the encryption process. If an alternative checksum
-     is to be used, a new encryption type must be defined.
-
-     Some cryptosystems require additional information beyond the key and
-     the data to be encrypted. For example, DES, when used in
-     cipher-block-chaining mode, requires an initialization vector. If
-     required, the description for each encryption type must specify the
-     source of such additional information. 6.2. Encryption Keys
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     The sequence below shows the encoding of an encryption key:
-
-            EncryptionKey ::=   SEQUENCE {
-                                keytype[0]    INTEGER,
-                                keyvalue[1]   OCTET STRING
-            }
-
-     keytype
-          This field specifies the type of encryption that is to be
-          performed using the key that follows in the keyvalue field. It
-          will always correspond to the etype to be used to generate or
-          decode the EncryptedData. In cases when multiple algorithms use a
-          common kind of key (e.g., if the encryption algorithm uses an
-          alternate checksum algorithm for an integrity check, or a
-          different chaining mechanism), the keytype provides information
-          needed to determine which algorithm is to be used.
-     keyvalue
-          This field contains the key itself, encoded as an octet string.
-     All negative values for the encryption key type are reserved for local
-     use. All non-negative values are reserved for officially assigned type
-     fields and interpreta- tions.
-
-     6.3. Encryption Systems
-
-     6.3.1. The NULL Encryption System (null)
-
-     If no encryption is in use, the encryption system is said to be the
-     NULL encryption system. In the NULL encryption system there is no
-     checksum, confounder or padding. The ciphertext is simply the
-     plaintext. The NULL Key is used by the null encryption system and is
-     zero octets in length, with keytype zero (0).
-
-     6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-     The des-cbc-crc encryption mode encrypts information under the Data
-     Encryption Standard [DES77] using the cipher block chaining mode
-     [DESM80]. A CRC-32 checksum (described in ISO 3309 [ISO3309]) is
-     applied to the confounder and message sequence (msg-seq) and placed in
-     the cksum field. DES blocks are 8 bytes. As a result, the data to be
-     encrypted (the concatenation of confounder, checksum, and message)
-     must be padded to an 8 byte boundary before encryption. The details of
-     the encryption of this data are identical to those for the des-cbc-md5
-     encryption mode.
-
-     Note that, since the CRC-32 checksum is not collision-proof, an
-     attacker could use a probabilistic chosen-plaintext attack to generate
-     a valid message even if a confounder is used [SG92]. The use of
-     collision-proof checksums is recommended for environments where such
-     attacks represent a significant threat. The use of the CRC-32 as the
-     checksum for ticket or authenticator is no longer mandated as an
-     interoperability requirement for Kerberos Version 5 Specification 1
-     (See section 9.1 for specific details).
-
-     6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-     The des-cbc-md4 encryption mode encrypts information under the Data
-     Encryption Standard [DES77] using the cipher block chaining mode
-     [DESM80]. An MD4 checksum (described in [MD492]) is applied to the
-     confounder and message sequence (msg-seq) and placed in the cksum
-     field. DES blocks are 8 bytes. As a result, the data to be encrypted
-     (the concatenation of confounder, checksum, and message) must be
-     padded to an 8 byte boundary before encryption. The details of the
-     encryption of this data are identical to those for the des-cbc-md5
-     encryption mode.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-     The des-cbc-md5 encryption mode encrypts information under the Data
-     Encryption Standard [DES77] using the cipher block chaining mode
-     [DESM80]. An MD5 checksum (described in [MD5-92].) is applied to the
-     confounder and message sequence (msg-seq) and placed in the cksum
-     field. DES blocks are 8 bytes. As a result, the data to be encrypted
-     (the concatenation of confounder, checksum, and message) must be
-     padded to an 8 byte boundary before encryption.
-
-     Plaintext and DES ciphtertext are encoded as blocks of 8 octets which
-     are concatenated to make the 64-bit inputs for the DES algorithms. The
-     first octet supplies the 8 most significant bits (with the octet's
-     MSbit used as the DES input block's MSbit, etc.), the second octet the
-     next 8 bits, ..., and the eighth octet supplies the 8 least
-     significant bits.
-
-     Encryption under DES using cipher block chaining requires an
-     additional input in the form of an initialization vector. Unless
-     otherwise specified, zero should be used as the initialization vector.
-     Kerberos' use of DES requires an 8 octet confounder.
-
-     The DES specifications identify some 'weak' and 'semi-weak' keys;
-     those keys shall not be used for encrypting messages for use in
-     Kerberos. Additionally, because of the way that keys are derived for
-     the encryption of checksums, keys shall not be used that yield 'weak'
-     or 'semi-weak' keys when eXclusive-ORed with the hexadecimal constant
-     F0F0F0F0F0F0F0F0.
-
-     A DES key is 8 octets of data, with keytype one (1). This consists of
-     56 bits of key, and 8 parity bits (one per octet). The key is encoded
-     as a series of 8 octets written in MSB-first order. The bits within
-     the key are also encoded in MSB order. For example, if the encryption
-     key is (B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8)
-     where B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8
-     are the parity bits, the first octet of the key would be
-     B1,B2,...,B7,P1 (with B1 as the MSbit). [See the FIPS 81 introduction
-     for reference.]
-
-     String to key transformation
-
-     To generate a DES key from a text string (password), a "salt" is
-     concatenated to the text string, and then padded with ASCII nulls to
-     an 8 byte boundary. This "salt" is normally the realm and each
-     component of the principal's name appended. However, sometimes
-     different salts are used --- for example, when a realm is renamed, or
-     if a user changes her username, or for compatibility with Kerberos V4
-     (whose string-to-key algorithm uses a null string for the salt). This
-     string is then fan-folded and eXclusive-ORed with itself to form an 8
-     byte DES key. Before eXclusive-ORing a block, every byte is shifted
-     one bit to the left to leave the lowest bit zero. The key is the
-     "corrected" by correcting the parity on the key, and if the key
-     matches a 'weak' or 'semi-weak' key as described in the DES
-     specification, it is eXclusive-ORed with the constant
-     00000000000000F0. This key is then used to generate a DES CBC checksum
-     on the initial string (with the salt appended). The result of the CBC
-     checksum is the "corrected" as described above to form the result
-     which is return as the key. Pseudocode follows:
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-          name_to_default_salt(realm, name) {
-               s = realm
-               for(each component in name) {
-                    s = s + component;
-               }
-               return s;
-          }
-
-          key_correction(key) {
-               fixparity(key);
-               if (is_weak_key_key(key))
-                    key = key XOR 0xF0;
-               return(key);
-          }
-
-          string_to_key(string,salt) {
-
-               odd = 1;
-               s = string + salt;
-               tempkey = NULL;
-               pad(s); /* with nulls to 8 byte boundary */
-               for(8byteblock in s) {
-                    if(odd == 0)  {
-                        odd = 1;
-                        reverse(8byteblock)
-                    }
-                    else odd = 0;
-                    left shift every byte in 8byteblock one bit;
-                    tempkey = tempkey XOR 8byteblock;
-               }
-               tempkey = key_correction(tempkey);
-               key = key_correction(DES-CBC-check(s,tempkey));
-               return(key);
-          }
-
-     6.3.5. Triple DES with HMAC-SHA1 Kerberos Encryption Type with and
-     without Key Derivation [Original draft by Marc Horowitz, revisions by
-     David Miller]
-
-          There are still a few pieces of this specification to be included
-          by falue, rather than by reference. This will be done before the
-          Pittsburgh IETF.
-     This encryption type is based on the Triple DES cryptosystem, the
-     HMAC-SHA1 [Krawczyk96] message authentication algorithm, and key
-     derivation for Kerberos V5 [HorowitzB96]. Key derivation may or may
-     not be used in conjunction with the use of Triple DES keys.
-
-     Algorithm Identifiers
-
-     The des3-cbc-hmac-sha1 encryption type has been assigned the value 7.
-     The des3-cbc-hmac-sha1-kd encryption type, specifying the key
-     derivation variant of the encryption type, has been assigned the value
-     16. The hmac-sha1-des3 checksum type has been assigned the value 13.
-     The hmac-sha1-des3-kd checksum type, specifying the key derivation
-     variant of the checksum, has been assigned the value 12.
-
-     Triple DES Key Production
-
-     The EncryptionKey value is 24 octets long. The 7 most significant bits
-     of each octet contain key bits, and the least significant bit is the
-     inverse of the xor of the key bits.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     For the purposes of key derivation, the block size is 64 bits, and the
-     key size is 168 bits. The 168 bits output by key derivation are
-     converted to an EncryptionKey value as follows. First, the 168 bits
-     are divided into three groups of 56 bits, which are expanded
-     individually into 64 bits as follows:
-
-      1  2  3  4  5  6  7  p
-      9 10 11 12 13 14 15  p
-     17 18 19 20 21 22 23  p
-     25 26 27 28 29 30 31  p
-     33 34 35 36 37 38 39  p
-     41 42 43 44 45 46 47  p
-     49 50 51 52 53 54 55  p
-     56 48 40 32 24 16  8  p
-
-     The "p" bits are parity bits computed over the data bits. The output
-     of the three expansions are concatenated to form the EncryptionKey
-     value.
-
-     When the HMAC-SHA1 of a string is computed, the key is used in the
-     EncryptedKey form.
-
-     The string-to-key function is used to tranform UNICODE passwords into
-     DES3 keys. The DES3 string-to-key function relies on the "N-fold"
-     algorithm, which is detailed in [9]. The description of the N-fold
-     algorithm in that document is as follows:
-        o To n-fold a number X, replicate the input value to a length that
-          is the least common multiple of n and the length of X. Before
-          each repetition, the input is rotated to the right by 13 bit
-          positions. The successive n-bit chunks are added together using
-          1's-complement addition (that is, addition with end-around carry)
-          to yield an n-bit result"
-        o The n-fold algorithm, as with DES string-to-key, is applied to
-          the password string concatenated with a salt value. The salt
-          value is derived in the same was as for the DES string-to-key
-          algorithm. For 3-key triple DES then, the operation will involve
-          a 168-fold of the input password string. The remainder of the
-          string-to-key function for DES3 is shown here in pseudocode:
-
-     DES3string-to-key(passwordString, key)
-
-         salt = name_to_default_salt(realm, name)
-         s = passwordString + salt
-         tmpKey1 = 168-fold(s)
-         parityFix(tmpKey1);
-         if not weakKey(tmpKey1)
-             /*
-              * Encrypt temp key in itself with a
-              * zero initialization vector
-              *
-              * Function signature is DES3encrypt(plain, key, iv)
-              * with cipher as the return value
-              */
-             tmpKey2 = DES3encrypt(tmpKey1, tmpKey1, zeroIvec)
-             /*
-              * Encrypt resultant temp key in itself with third component
-              * of first temp key as initialization vector
-              */
-             key = DES3encrypt(tmpKey2, tmpKey1, tmpKey1[2])
-             parityFix(key)
-             if not weakKey(key)
-                  return SUCCESS
-             else
-                  return FAILURE
-         else
-             return FAILURE
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     The weakKey function above is the same weakKey function used with DES
-     keys, but applied to each of the three single DES keys that comprise
-     the triple DES key.
-
-     The lengths of UNICODE encoded character strings include the trailing
-     terminator character (0).
-
-     Encryption Types des3-cbc-hmac-sha1 and des3-cbc-hmac-sha1-kd
-
-     EncryptedData using this type must be generated as described in
-     [Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC
-     mode. The checksum algorithm is HMAC-SHA1. If the key derivation
-     variant of the encryption type is used, encryption key values are
-     modified according to the method under the Key Derivation section
-     below.
-
-     Unless otherwise specified, a zero IV must be used.
-
-     If the length of the input data is not a multiple of the block size,
-     zero octets must be used to pad the plaintext to the next eight-octet
-     boundary. The counfounder must be eight random octets (one block).
-
-     Checksum Types hmac-sha1-des3 and hmac-sha1-des3-kd
-
-     Checksums using this type must be generated as described in
-     [Horowitz96]. The keyed hash algorithm is HMAC-SHA1. If the key
-     derivation variant of the checksum type is used, checksum key values
-     are modified according to the method under the Key Derivation section
-     below.
-
-     Key Derivation
-
-     In the Kerberos protocol, cryptographic keys are used in a number of
-     places. In order to minimize the effect of compromising a key, it is
-     desirable to use a different key for each of these places. Key
-     derivation [Horowitz96] can be used to construct different keys for
-     each operation from the keys transported on the network. For this to
-     be possible, a small change to the specification is necessary.
-
-     This section specifies a profile for the use of key derivation
-     [Horowitz96] with Kerberos. For each place where a key is used, a
-     ``key usage'' must is specified for that purpose. The key, key usage,
-     and encryption/checksum type together describe the transformation from
-     plaintext to ciphertext, or plaintext to checksum.
-
-     Key Usage Values
-
-     This is a complete list of places keys are used in the kerberos
-     protocol, with key usage values and RFC 1510 section numbers:
-
-      1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-         client key (section 5.4.1)
-      2. AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-         application session key), encrypted with the service key
-         (section 5.4.2)
-      3. AS-REP encrypted part (includes tgs session key or application
-         session key), encrypted with the client key (section 5.4.2)
-      4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-         session key (section 5.4.1)
-      5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-         authenticator subkey (section 5.4.1)
-      6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-         with the tgs session key (sections 5.3.2, 5.4.1)
-      7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-         authenticator subkey), encrypted with the tgs session key
-         (section 5.3.2)
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-      8. TGS-REP encrypted part (includes application session key),
-         encrypted with the tgs session key (section 5.4.2)
-      9. TGS-REP encrypted part (includes application session key),
-         encrypted with the tgs authenticator subkey (section 5.4.2)
-     10. AP-REQ Authenticator cksum, keyed with the application session
-         key (section 5.3.2)
-     11. AP-REQ Authenticator (includes application authenticator
-         subkey), encrypted with the application session key (section
-         5.3.2)
-     12. AP-REP encrypted part (includes application session subkey),
-         encrypted with the application session key (section 5.5.2)
-     13. KRB-PRIV encrypted part, encrypted with a key chosen by the
-         application (section 5.7.1)
-     14. KRB-CRED encrypted part, encrypted with a key chosen by the
-         application (section 5.6.1)
-     15. KRB-SAVE cksum, keyed with a key chosen by the application
-         (section 5.8.1)
-     18. KRB-ERROR checksum (e-cksum in section 5.9.1)
-     19. AD-KDCIssued checksum (ad-checksum in appendix B.1)
-     20. Checksum for Mandatory Ticket Extensions (appendix B.6)
-     21. Checksum in Authorization Data in Ticket Extensions (appendix B.7)
-
-     Key usage values between 1024 and 2047 (inclusive) are reserved for
-     application use. Applications should use even values for encryption
-     and odd values for checksums within this range.
-
-     A few of these key usages need a little clarification. A service which
-     receives an AP-REQ has no way to know if the enclosed Ticket was part
-     of an AS-REP or TGS-REP. Therefore, key usage 2 must always be used
-     for generating a Ticket, whether it is in response to an AS- REQ or
-     TGS-REQ.
-
-     There might exist other documents which define protocols in terms of
-     the RFC1510 encryption types or checksum types. Such documents would
-     not know about key usages. In order that these documents continue to
-     be meaningful until they are updated, key usages 1024 and 1025 must be
-     used to derive keys for encryption and checksums, respectively. New
-     protocols defined in terms of the Kerberos encryption and checksum
-     types should use their own key usages. Key usages may be registered
-     with IANA to avoid conflicts. Key usages must be unsigned 32 bit
-     integers. Zero is not permitted.
-
-     Defining Cryptosystems Using Key Derivation
-
-     Kerberos requires that the ciphertext component of EncryptedData be
-     tamper-resistant as well as confidential. This implies encryption and
-     integrity functions, which must each use their own separate keys. So,
-     for each key usage, two keys must be generated, one for encryption
-     (Ke), and one for integrity (Ki):
-
-           Ke = DK(protocol key, key usage | 0xAA)
-           Ki = DK(protocol key, key usage | 0x55)
-
-     where the protocol key is from the EncryptionKey from the wire
-     protocol, and the key usage is represented as a 32 bit integer in
-     network byte order. The ciphertest must be generated from the
-     plaintext as follows:
-
-        ciphertext = E(Ke, confounder | plaintext | padding) |
-                     H(Ki, confounder | plaintext | padding)
-
-     The confounder and padding are specific to the encryption algorithm E.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     When generating a checksum only, there is no need for a confounder or
-     padding. Again, a new key (Kc) must be used. Checksums must be
-     generated from the plaintext as follows:
-
-           Kc = DK(protocol key, key usage | 0x99)
-           MAC = H(Kc, plaintext)
-
-     Note that each enctype is described by an encryption algorithm E and a
-     keyed hash algorithm H, and each checksum type is described by a keyed
-     hash algorithm H. HMAC, with an appropriate hash, is required for use
-     as H.
-
-     Key Derivation from Passwords
-
-     The well-known constant for password key derivation must be the byte
-     string {0x6b 0x65 0x72 0x62 0x65 0x72 0x6f 0x73}. These values
-     correspond to the ASCII encoding for the string "kerberos".
-
-     6.4. Checksums
-
-     The following is the ASN.1 definition used for a checksum:
-
-              Checksum ::=   SEQUENCE {
-                             cksumtype[0]   INTEGER,
-                             checksum[1]    OCTET STRING
-              }
-
-     cksumtype
-          This field indicates the algorithm used to generate the
-          accompanying checksum.
-     checksum
-          This field contains the checksum itself, encoded as an octet
-          string.
-     Detailed specification of selected checksum types appear later in this
-     section. Negative values for the checksum type are reserved for local
-     use. All non-negative values are reserved for officially assigned type
-     fields and interpretations.
-
-     Checksums used by Kerberos can be classified by two properties:
-     whether they are collision-proof, and whether they are keyed. It is
-     infeasible to find two plaintexts which generate the same checksum
-     value for a collision-proof checksum. A key is required to perturb or
-     initialize the algorithm in a keyed checksum. To prevent
-     message-stream modification by an active attacker, unkeyed checksums
-     should only be used when the checksum and message will be subsequently
-     encrypted (e.g. the checksums defined as part of the encryption
-     algorithms covered earlier in this section).
-
-     Collision-proof checksums can be made tamper-proof if the checksum
-     value is encrypted before inclusion in a message. In such cases, the
-     composition of the checksum and the encryption algorithm must be
-     considered a separate checksum algorithm (e.g. RSA-MD5 encrypted using
-     DES is a new checksum algorithm of type RSA-MD5-DES). For most keyed
-     checksums, as well as for the encrypted forms of unkeyed
-     collision-proof checksums, Kerberos prepends a confounder before the
-     checksum is calculated.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     6.4.1. The CRC-32 Checksum (crc32)
-
-     The CRC-32 checksum calculates a checksum based on a cyclic redundancy
-     check as described in ISO 3309 [ISO3309]. The resulting checksum is
-     four (4) octets in length. The CRC-32 is neither keyed nor
-     collision-proof. The use of this checksum is not recommended. An
-     attacker using a probabilistic chosen-plaintext attack as described in
-     [SG92] might be able to generate an alternative message that satisfies
-     the checksum. The use of collision-proof checksums is recommended for
-     environments where such attacks represent a significant threat.
-
-     6.4.2. The RSA MD4 Checksum (rsa-md4)
-
-     The RSA-MD4 checksum calculates a checksum using the RSA MD4 algorithm
-     [MD4-92]. The algorithm takes as input an input message of arbitrary
-     length and produces as output a 128-bit (16 octet) checksum. RSA-MD4
-     is believed to be collision-proof.
-
-     6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4-des)
-
-     The RSA-MD4-DES checksum calculates a keyed collision-proof checksum
-     by prepending an 8 octet confounder before the text, applying the RSA
-     MD4 checksum algorithm, and encrypting the confounder and the checksum
-     using DES in cipher-block-chaining (CBC) mode using a variant of the
-     key, where the variant is computed by eXclusive-ORing the key with the
-     constant F0F0F0F0F0F0F0F0[39]. The initialization vector should be
-     zero. The resulting checksum is 24 octets long (8 octets of which are
-     redundant). This checksum is tamper-proof and believed to be
-     collision-proof.
-
-     The DES specifications identify some weak keys' and 'semi-weak keys';
-     those keys shall not be used for generating RSA-MD4 checksums for use
-     in Kerberos.
-
-     The format for the checksum is described in the follow- ing diagram:
-
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-     |  des-cbc(confounder   +   rsa-md4(confounder+msg),key=var(key),iv=0)
-|
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                                confounder[0]   UNTAGGED OCTET STRING(8),
-                                check[1]        UNTAGGED OCTET STRING(16)
-     }
-
-     6.4.4. The RSA MD5 Checksum (rsa-md5)
-
-     The RSA-MD5 checksum calculates a checksum using the RSA MD5
-     algorithm. [MD5-92]. The algorithm takes as input an input message of
-     arbitrary length and produces as output a 128-bit (16 octet) checksum.
-     RSA-MD5 is believed to be collision-proof.
-
-     6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5-des)
-
-     The RSA-MD5-DES checksum calculates a keyed collision-proof checksum
-     by prepending an 8 octet confounder before the text, applying the RSA
-     MD5 checksum algorithm, and encrypting the confounder and the checksum
-     using DES in cipher-block-chaining (CBC) mode using a variant of the
-     key, where the variant is computed by eXclusive-ORing the key with the
-     hexadecimal constant F0F0F0F0F0F0F0F0. The initialization vector
-     should be zero. The resulting checksum is 24 octets long (8 octets of
-     which are redundant). This checksum is tamper-proof and believed to be
-     collision-proof.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     The DES specifications identify some 'weak keys' and 'semi-weak keys';
-     those keys shall not be used for encrypting RSA-MD5 checksums for use
-     in Kerberos.
-
-     The format for the checksum is described in the following diagram:
-
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-     |  des-cbc(confounder   +   rsa-md5(confounder+msg),key=var(key),iv=0)
-|
-
-+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                                confounder[0]   UNTAGGED OCTET STRING(8),
-                                check[1]        UNTAGGED OCTET STRING(16)
-     }
-
-     6.4.6. DES cipher-block chained checksum (des-mac)
-
-     The DES-MAC checksum is computed by prepending an 8 octet confounder
-     to the plaintext, performing a DES CBC-mode encryption on the result
-     using the key and an initialization vector of zero, taking the last
-     block of the ciphertext, prepending the same confounder and encrypting
-     the pair using DES in cipher-block-chaining (CBC) mode using a a
-     variant of the key, where the variant is computed by eXclusive-ORing
-     the key with the hexadecimal constant F0F0F0F0F0F0F0F0. The
-     initialization vector should be zero. The resulting checksum is 128
-     bits (16 octets) long, 64 bits of which are redundant. This checksum
-     is tamper-proof and collision-proof.
-
-     The format for the checksum is described in the following diagram:
-
-
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-     |   des-cbc(confounder  + des-mac(conf+msg,iv=0,key),key=var(key),iv=0)
-|
-
-+--+--+--+--+--+--+--+--+-----+-----+-----+-----+-----+-----+-----+-----+
-
-     The format cannot be described in ASN.1, but for those who prefer an
-     ASN.1-like notation:
-
-     des-mac-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                            confounder[0]   UNTAGGED OCTET STRING(8),
-                            check[1]        UNTAGGED OCTET STRING(8)
-     }
-
-     The DES specifications identify some 'weak' and 'semi-weak' keys;
-     those keys shall not be used for generating DES-MAC checksums for use
-     in Kerberos, nor shall a key be used whose variant is 'weak' or
-     'semi-weak'.
-
-     6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative
-     (rsa-md4-des-k)
-
-     The RSA-MD4-DES-K checksum calculates a keyed collision-proof checksum
-     by applying the RSA MD4 checksum algorithm and encrypting the results
-     using DES in cipher-block-chaining (CBC) mode using a DES key as both
-     key and initialization vector. The resulting checksum is 16 octets
-     long. This checksum is tamper-proof and believed to be
-     collision-proof. Note that this checksum type is the old method for
-     encoding the RSA-MD4-DES checksum and it is no longer recommended.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     6.4.8. DES cipher-block chained checksum alternative (des-mac-k)
-
-     The DES-MAC-K checksum is computed by performing a DES CBC-mode
-     encryption of the plaintext, and using the last block of the
-     ciphertext as the checksum value. It is keyed with an encryption key
-     and an initialization vector; any uses which do not specify an
-     additional initialization vector will use the key as both key and
-     initialization vector. The resulting checksum is 64 bits (8 octets)
-     long. This checksum is tamper-proof and collision-proof. Note that
-     this checksum type is the old method for encoding the DES-MAC checksum
-     and it is no longer recommended. The DES specifications identify some
-     'weak keys' and 'semi-weak keys'; those keys shall not be used for
-     generating DES-MAC checksums for use in Kerberos.
-
-     7. Naming Constraints
-
-     7.1. Realm Names
-
-     Although realm names are encoded as GeneralStrings and although a
-     realm can technically select any name it chooses, interoperability
-     across realm boundaries requires agreement on how realm names are to
-     be assigned, and what information they imply.
-
-     To enforce these conventions, each realm must conform to the
-     conventions itself, and it must require that any realms with which
-     inter-realm keys are shared also conform to the conventions and
-     require the same from its neighbors.
-
-     Kerberos realm names are case sensitive. Realm names that differ only
-     in the case of the characters are not equivalent. There are presently
-     four styles of realm names: domain, X500, other, and reserved.
-     Examples of each style follow:
-
-          domain:   ATHENA.MIT.EDU (example)
-            X500:   C=US/O=OSF (example)
-           other:   NAMETYPE:rest/of.name=without-restrictions (example)
-        reserved:   reserved, but will not conflict with above
-
-     Domain names must look like domain names: they consist of components
-     separated by periods (.) and they contain neither colons (:) nor
-     slashes (/). Though domain names themselves are case insensitive, in
-     order for realms to match, the case must match as well. When
-     establishing a new realm name based on an internet domain name it is
-     recommended by convention that the characters be converted to upper
-     case.
-
-     X.500 names contain an equal (=) and cannot contain a colon (:) before
-     the equal. The realm names for X.500 names will be string
-     representations of the names with components separated by slashes.
-     Leading and trailing slashes will not be included.
-
-     Names that fall into the other category must begin with a prefix that
-     contains no equal (=) or period (.) and the prefix must be followed by
-     a colon (:) and the rest of the name. All prefixes must be assigned
-     before they may be used. Presently none are assigned.
-
-     The reserved category includes strings which do not fall into the
-     first three categories. All names in this category are reserved. It is
-     unlikely that names will be assigned to this category unless there is
-     a very strong argument for not using the 'other' category.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     These rules guarantee that there will be no conflicts between the
-     various name styles. The following additional constraints apply to the
-     assignment of realm names in the domain and X.500 categories: the name
-     of a realm for the domain or X.500 formats must either be used by the
-     organization owning (to whom it was assigned) an Internet domain name
-     or X.500 name, or in the case that no such names are registered,
-     authority to use a realm name may be derived from the authority of the
-     parent realm. For example, if there is no domain name for E40.MIT.EDU,
-     then the administrator of the MIT.EDU realm can authorize the creation
-     of a realm with that name.
-
-     This is acceptable because the organization to which the parent is
-     assigned is presumably the organization authorized to assign names to
-     its children in the X.500 and domain name systems as well. If the
-     parent assigns a realm name without also registering it in the domain
-     name or X.500 hierarchy, it is the parent's responsibility to make
-     sure that there will not in the future exists a name identical to the
-     realm name of the child unless it is assigned to the same entity as
-     the realm name.
-
-     7.2. Principal Names
-
-     As was the case for realm names, conventions are needed to ensure that
-     all agree on what information is implied by a principal name. The
-     name-type field that is part of the principal name indicates the kind
-     of information implied by the name. The name-type should be treated as
-     a hint. Ignoring the name type, no two names can be the same (i.e. at
-     least one of the components, or the realm, must be different). The
-     following name types are defined:
-
-     name-type      value   meaning
-
-    NT-UNKNOWN        0   Name type not known
-    NT-PRINCIPAL      1   General principal name (e.g. username, DCE
-principal)
-    NT-SRV-INST       2   Service and other unique instance (krbtgt)
-    NT-SRV-HST        3   Service with host name as instance (telnet, rcmds)
-    NT-SRV-XHST       4   Service with slash-separated host name components
-    NT-UID            5   Unique ID
-    NT-X500-PRINCIPAL 6   Encoded X.509 Distingished name [RFC 1779]
-    NT-SMTP-NAME      7   Name in form of SMTP email name (e.g.
-user@foo.com)
-
-     When a name implies no information other than its uniqueness at a
-     particular time the name type PRINCIPAL should be used. The principal
-     name type should be used for users, and it might also be used for a
-     unique server. If the name is a unique machine generated ID that is
-     guaranteed never to be reassigned then the name type of UID should be
-     used (note that it is generally a bad idea to reassign names of any
-     type since stale entries might remain in access control lists).
-
-     If the first component of a name identifies a service and the
-     remaining components identify an instance of the service in a server
-     specified manner, then the name type of SRV-INST should be used. An
-     example of this name type is the Kerberos ticket-granting service
-     whose name has a first component of krbtgt and a second component
-     identifying the realm for which the ticket is valid.
-
-     If instance is a single component following the service name and the
-     instance identifies the host on which the server is running, then the
-     name type SRV-HST should be used. This type is typically used for
-     Internet services such as telnet and the Berkeley R commands. If the
-     separate components of the host name appear as successive components
-     following the name of the service, then the name type SRV-XHST should
-     be used. This type might be used to identify servers on hosts with
-     X.500 names where the slash (/) might otherwise be ambiguous.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     A name type of NT-X500-PRINCIPAL should be used when a name from an
-     X.509 certificiate is translated into a Kerberos name. The encoding of
-     the X.509 name as a Kerberos principal shall conform to the encoding
-     rules specified in RFC 2253.
-
-     A name type of SMTP allows a name to be of a form that resembles a
-     SMTP email name. This name type can be used in conjunction with
-     name-canonicalization to allow a free-form of username to be specified
-     as a client name and allow the KDC to determine the Kerberos principal
-     name for the requested name. [JBrezak]
-
-     A name type of UNKNOWN should be used when the form of the name is not
-     known. When comparing names, a name of type UNKNOWN will match
-     principals authenticated with names of any type. A principal
-     authenticated with a name of type UNKNOWN, however, will only match
-     other names of type UNKNOWN.
-
-     Names of any type with an initial component of 'krbtgt' are reserved
-     for the Kerberos ticket granting service. See section 8.2.3 for the
-     form of such names.
-
-     7.2.1. Name of server principals
-
-     The principal identifier for a server on a host will generally be
-     composed of two parts: (1) the realm of the KDC with which the server
-     is registered, and (2) a two-component name of type NT-SRV-HST if the
-     host name is an Internet domain name or a multi-component name of type
-     NT-SRV-XHST if the name of the host is of a form such as X.500 that
-     allows slash (/) separators. The first component of the two- or
-     multi-component name will identify the service and the latter
-     components will identify the host. Where the name of the host is not
-     case sensitive (for example, with Internet domain names) the name of
-     the host must be lower case. If specified by the application protocol
-     for services such as telnet and the Berkeley R commands which run with
-     system privileges, the first component may be the string 'host'
-     instead of a service specific identifier. When a host has an official
-     name and one or more aliases, the official name of the host must be
-     used when constructing the name of the server principal.
-
-     8. Constants and other defined values
-
-     8.1. Host address types
-
-     All negative values for the host address type are reserved for local
-     use. All non-negative values are reserved for officially assigned type
-     fields and interpretations.
-
-     The values of the types for the following addresses are chosen to
-     match the defined address family constants in the Berkeley Standard
-     Distributions of Unix. They can be found in with symbolic names AF_xxx
-     (where xxx is an abbreviation of the address family name).
-
-     Internet (IPv4) Addresses
-
-     Internet (IPv4) addresses are 32-bit (4-octet) quantities, encoded in
-     MSB order. The type of IPv4 addresses is two (2).
-
-     Internet (IPv6) Addresses [Westerlund]
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB
-     order. The type of IPv6 addresses is twenty-four (24). [RFC1883]
-     [RFC1884]. The following addresses (see [RFC1884]) MUST not appear in
-     any Kerberos packet:
-        o the Unspecified Address
-        o the Loopback Address
-        o Link-Local addresses
-     IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
-
-     CHAOSnet addresses
-
-     CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB
-     order. The type of CHAOSnet addresses is five (5).
-
-     ISO addresses
-
-     ISO addresses are variable-length. The type of ISO addresses is seven
-     (7).
-
-     Xerox Network Services (XNS) addresses
-
-     XNS addresses are 48-bit (6-octet) quantities, encoded in MSB order.
-     The type of XNS addresses is six (6).
-
-     AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-     AppleTalk DDP addresses consist of an 8-bit node number and a 16-bit
-     network number. The first octet of the address is the node number; the
-     remaining two octets encode the network number in MSB order. The type
-     of AppleTalk DDP addresses is sixteen (16).
-
-     DECnet Phase IV addresses
-
-     DECnet Phase IV addresses are 16-bit addresses, encoded in LSB order.
-     The type of DECnet Phase IV addresses is twelve (12).
-
-     Netbios addresses
-
-     Netbios addresses are 16-octet addresses typically composed of 1 to 15
-     characters, trailing blank (ascii char 20) filled, with a 16th octet
-     of 0x0. The type of Netbios addresses is 20 (0x14).
-
-     8.2. KDC messages
-
-     8.2.1. UDP/IP transport
-
-     When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request
-     using UDP IP transport, the client shall send a UDP datagram
-     containing only an encoding of the request to port 88 (decimal) at the
-     KDC's IP address; the KDC will respond with a reply datagram
-     containing only an encoding of the reply message (either a KRB_ERROR
-     or a KRB_KDC_REP) to the sending port at the sender's IP address.
-     Kerberos servers supporting IP transport must accept UDP requests on
-     port 88 (decimal). The response to a request made through UDP/IP
-     transport must also use UDP/IP transport.
-
-     8.2.2. TCP/IP transport [Westerlund,Danielsson]
-
-     Kerberos servers (KDC's) should accept TCP requests on port 88
-     (decimal) and clients should support the sending of TCP requests on
-     port 88 (decimal). When the KRB_KDC_REQ message is sent to the KDC
-     over a TCP stream, a new connection will be established for each
-     authentication exchange (request and response). The KRB_KDC_REP or
-     KRB_ERROR message will be returned to the client on the same TCP
-     stream that was established for the request. The response to a request
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     made through TCP/IP transport must also use TCP/IP transport.
-     Implementors should note that some extentions to the Kerberos protocol
-     will not work if any implementation not supporting the TCP transport
-     is involved (client or KDC). Implementors are strongly urged to
-     support the TCP transport on both the client and server and are
-     advised that the current notation of "should" support will likely
-     change in the future to must support. The KDC may close the TCP stream
-     after sending a response, but may leave the stream open if it expects
-     a followup - in which case it may close the stream at any time if
-     resource constratints or other factors make it desirable to do so.
-     Care must be taken in managing TCP/IP connections with the KDC to
-     prevent denial of service attacks based on the number of TCP/IP
-     connections with the KDC that remain open. If multiple exchanges with
-     the KDC are needed for certain forms of preauthentication, multiple
-     TCP connections may be required. A client may close the stream after
-     receiving response, and should close the stream if it does not expect
-     to send followup messages. The client must be prepared to have the
-     stream closed by the KDC at anytime, in which case it must simply
-     connect again when it is ready to send subsequent messages.
-
-     The first four octets of the TCP stream used to transmit the request
-     request will encode in network byte order the length of the request
-     (KRB_KDC_REQ), and the length will be followed by the request itself.
-     The response will similarly be preceeded by a 4 octet encoding in
-     network byte order of the length of the KRB_KDC_REP or the KRB_ERROR
-     message and will be followed by the KRB_KDC_REP or the KRB_ERROR
-     response. If the sign bit is set on the integer represented by the
-     first 4 octets, then the next 4 octets will be read, extending the
-     length of the field by another 4 octets (less the sign bit which is
-     reserved for future expansion).
-
-     8.2.3. OSI transport
-
-     During authentication of an OSI client to an OSI server, the mutual
-     authentication of an OSI server to an OSI client, the transfer of
-     credentials from an OSI client to an OSI server, or during exchange of
-     private or integrity checked messages, Kerberos protocol messages may
-     be treated as opaque objects and the type of the authentication
-     mechanism will be:
-
-     OBJECT IDENTIFIER ::= {iso (1), org(3), dod(6),internet(1),
-security(5),kerberosv5(2)}
-
-     Depending on the situation, the opaque object will be an
-     authentication header (KRB_AP_REQ), an authentication reply
-     (KRB_AP_REP), a safe message (KRB_SAFE), a private message (KRB_PRIV),
-     or a credentials message (KRB_CRED). The opaque data contains an
-     application code as specified in the ASN.1 description for each
-     message. The application code may be used by Kerberos to determine the
-     message type.
-
-     8.2.3. Name of the TGS
-
-     The principal identifier of the ticket-granting service shall be
-     composed of three parts: (1) the realm of the KDC issuing the TGS
-     ticket (2) a two-part name of type NT-SRV-INST, with the first part
-     "krbtgt" and the second part the name of the realm which will accept
-     the ticket-granting ticket. For example, a ticket-granting ticket
-     issued by the ATHENA.MIT.EDU realm to be used to get tickets from the
-     ATHENA.MIT.EDU KDC has a principal identifier of "ATHENA.MIT.EDU"
-     (realm), ("krbtgt", "ATHENA.MIT.EDU") (name). A ticket-granting ticket
-     issued by the ATHENA.MIT.EDU realm to be used to get tickets from the
-     MIT.EDU realm has a principal identifier of "ATHENA.MIT.EDU" (realm),
-     ("krbtgt", "MIT.EDU") (name).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     8.3. Protocol constants and associated values
-
-     The following tables list constants used in the protocol and defines
-     their meanings. Ranges are specified in the "specification" section
-     that limit the values of constants for which values are defined here.
-     This allows implementations to make assumptions about the maximum
-     values that will be received for these constants. Implementation
-     receiving values outside the range specified in the "specification"
-     section may reject the request, but they must recover cleanly.
-
-     Encryption type       etype value block size  minimum pad  confounder
-size
-     NULL                           0     1           0            0
-     des-cbc-crc                    1     8           4            8
-     des-cbc-md4                    2     8           0            8
-     des-cbc-md5                    3     8           0            8
-     reserved                       4
-     des3-cbc-md5                   5     8           0                 8
-     reserved                       6
-     des3-cbc-sha1                  7     8           0                 8
-     dsaWithSHA1-CmsOID             9
-(pkinit)
-     md5WithRSAEncryption-CmsOID   10
-(pkinit)
-     sha1WithRSAEncryption-CmsOID  11
-(pkinit)
-     rc2CBC-EnvOID                 12
-(pkinit)
-     rsaEncryption-EnvOID          13                (pkinit from PKCS#1
-v1.5)
-     rsaES-OAEP-ENV-OID            14                (pkinit from PKCS#1
-v2.0)
-     des-ede3-cbc-Env-OID          15
-(pkinit)
-     des3-cbc-sha1-kd              16                                 (Tom
-Yu)
-     rc4-hmac                      23
-(swift)
-     rc4-hmac-exp                  24
-(swift)
-
-     reserved                      0x8003
-
-     Checksum type              sumtype value       checksum size
-     CRC32                      1                   4
-     rsa-md4                    2                   16
-     rsa-md4-des                3                   24
-     des-mac                    4                   16
-     des-mac-k                  5                   8
-     rsa-md4-des-k              6                   16 (drop rsa ?)
-     rsa-md5                    7                   16 (drop rsa ?)
-     rsa-md5-des                8                   24 (drop rsa ?)
-     rsa-md5-des3               9                   24 (drop rsa ?)
-     hmac-sha1-des3-kd          12                  20
-     hmac-sha1-des3             13                  20
-     sha1 (unkeyed)             14                  20
-
-     padata type                     padata-type value
-
-     PA-TGS-REQ                      1
-     PA-ENC-TIMESTAMP                2
-     PA-PW-SALT                      3
-     reserved                        4
-     PA-ENC-UNIX-TIME                5                  (depricated)
-     PA-SANDIA-SECUREID              6
-     PA-SESAME                       7
-     PA-OSF-DCE                      8
-     PA-CYBERSAFE-SECUREID           9
-     PA-AFS3-SALT                    10
-     PA-ETYPE-INFO                   11
-     PA-SAM-CHALLENGE                12                  (sam/otp)
-     PA-SAM-RESPONSE                 13                  (sam/otp)
-     PA-PK-AS-REQ                    14                  (pkinit)
-     PA-PK-AS-REP                    15                  (pkinit)
-     PA-USE-SPECIFIED-KVNO           20
-     PA-SAM-REDIRECT                 21                  (sam/otp)
-     PA-GET-FROM-TYPED-DATA          22
-     PA-SAM-ETYPE-INFO               23                  (sam/otp)
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     data-type                     value    form of typed-data
-
-     reserved                        1-21
-     TD-PADATA                       22
-     TD-PKINIT-CMS-CERTIFICATES      101      CertificateSet from CMS
-     TD-KRB-PRINCIPAL                102
-     TD-KRB-REALM                    103
-     TD-TRUSTED-CERTIFIERS           104
-     TD-CERTIFICATE-INDEX            105
-     TD-APP-DEFINED-ERROR            106
-
-     authorization data type         ad-type value
-     AD-IF-RELEVANT                     1
-     AD-INTENDED-FOR-SERVER             2
-     AD-INTENDED-FOR-APPLICATION-CLASS  3
-     AD-KDC-ISSUED                      4
-     AD-OR                              5
-     AD-MANDATORY-TICKET-EXTENSIONS     6
-     AD-IN-TICKET-EXTENSIONS            7
-     reserved values                    8-63
-     OSF-DCE                            64
-     SESAME                             65
-     AD-OSF-DCE-PKI-CERTID              66    (hemsath@us.ibm.com)
-     AD-WIN200-PAC                     128
-(jbrezak@exchange.microsoft.com)
-
-     Ticket Extension Types
-
-     TE-TYPE-NULL                  0     Null ticket extension
-     TE-TYPE-EXTERNAL-ADATA        1     Integrity protected authorization
-data
-     reserved                      2     TE-TYPE-PKCROSS-KDC
-     TE-TYPE-PKCROSS-CLIENT        3     PKCROSS cross realm key ticket
-     TE-TYPE-CYBERSAFE-EXT         4     Assigned to CyberSafe Corp
-     reserved                      5     TE-TYPE-DEST-HOST
-
-     alternate authentication type   method-type value
-     reserved values                 0-63
-     ATT-CHALLENGE-RESPONSE          64
-
-     transited encoding type         tr-type value
-     DOMAIN-X500-COMPRESS            1
-     reserved values                 all others
-
-     Label               Value   Meaning or MIT code
-
-     pvno                    5   current Kerberos protocol version number
-
-     message types
-
-     KRB_AS_REQ             10   Request for initial authentication
-     KRB_AS_REP             11   Response to KRB_AS_REQ request
-     KRB_TGS_REQ            12   Request for authentication based on TGT
-     KRB_TGS_REP            13   Response to KRB_TGS_REQ request
-     KRB_AP_REQ             14   application request to server
-     KRB_AP_REP             15   Response to KRB_AP_REQ_MUTUAL
-     KRB_SAFE               20   Safe (checksummed) application message
-     KRB_PRIV               21   Private (encrypted) application message
-     KRB_CRED               22   Private (encrypted) message to forward
-credentials
-     KRB_ERROR              30   Error response
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     name types
-
-     KRB_NT_UNKNOWN        0  Name type not known
-     KRB_NT_PRINCIPAL      1  Just the name of the principal as in DCE, or
-for users
-     KRB_NT_SRV_INST       2  Service and other unique instance (krbtgt)
-     KRB_NT_SRV_HST        3  Service with host name as instance (telnet,
-rcommands)
-     KRB_NT_SRV_XHST       4  Service with host as remaining components
-     KRB_NT_UID            5  Unique ID
-     KRB_NT_X500_PRINCIPAL 6  Encoded X.509 Distingished name [RFC 2253]
-
-     error codes
-
-     KDC_ERR_NONE                    0   No error
-     KDC_ERR_NAME_EXP                1   Client's entry in database has
-expired
-     KDC_ERR_SERVICE_EXP             2   Server's entry in database has
-expired
-     KDC_ERR_BAD_PVNO                3   Requested protocol version number
-not supported
-     KDC_ERR_C_OLD_MAST_KVNO         4   Client's key encrypted in old
-master key
-     KDC_ERR_S_OLD_MAST_KVNO         5   Server's key encrypted in old
-master key
-     KDC_ERR_C_PRINCIPAL_UNKNOWN     6   Client not found in Kerberos
-database
-     KDC_ERR_S_PRINCIPAL_UNKNOWN     7   Server not found in Kerberos
-database
-     KDC_ERR_PRINCIPAL_NOT_UNIQUE    8   Multiple principal entries in
-database
-     KDC_ERR_NULL_KEY                9   The client or server has a null key
-     KDC_ERR_CANNOT_POSTDATE        10   Ticket not eligible for postdating
-     KDC_ERR_NEVER_VALID            11   Requested start time is later than
-end time
-     KDC_ERR_POLICY                 12   KDC policy rejects request
-     KDC_ERR_BADOPTION              13   KDC cannot accommodate requested
-option
-     KDC_ERR_ETYPE_NOSUPP           14   KDC has no support for encryption
-type
-     KDC_ERR_SUMTYPE_NOSUPP         15   KDC has no support for checksum
-type
-     KDC_ERR_PADATA_TYPE_NOSUPP     16   KDC has no support for padata type
-     KDC_ERR_TRTYPE_NOSUPP          17   KDC has no support for transited
-type
-     KDC_ERR_CLIENT_REVOKED         18   Clients credentials have been
-revoked
-     KDC_ERR_SERVICE_REVOKED        19   Credentials for server have been
-revoked
-     KDC_ERR_TGT_REVOKED            20   TGT has been revoked
-     KDC_ERR_CLIENT_NOTYET          21   Client not yet valid - try again
-later
-     KDC_ERR_SERVICE_NOTYET         22   Server not yet valid - try again
-later
-     KDC_ERR_KEY_EXPIRED            23   Password has expired - change
-password to reset
-     KDC_ERR_PREAUTH_FAILED         24   Pre-authentication information was
-invalid
-     KDC_ERR_PREAUTH_REQUIRED       25   Additional
-pre-authenticationrequired [40]
-     KDC_ERR_SERVER_NOMATCH         26   Requested server and ticket don't
-match
-     KDC_ERR_MUST_USE_USER2USER     27   Server principal valid for
-user2user only
-     KDC_ERR_PATH_NOT_ACCPETED      28   KDC Policy rejects transited path
-     KDC_ERR_SVC_UNAVAILABLE        29   A service is not available
-     KRB_AP_ERR_BAD_INTEGRITY       31   Integrity check on decrypted field
-failed
-     KRB_AP_ERR_TKT_EXPIRED         32   Ticket expired
-     KRB_AP_ERR_TKT_NYV             33   Ticket not yet valid
-     KRB_AP_ERR_REPEAT              34   Request is a replay
-     KRB_AP_ERR_NOT_US              35   The ticket isn't for us
-     KRB_AP_ERR_BADMATCH            36   Ticket and authenticator don't
-match
-     KRB_AP_ERR_SKEW                37   Clock skew too great
-     KRB_AP_ERR_BADADDR             38   Incorrect net address
-     KRB_AP_ERR_BADVERSION          39   Protocol version mismatch
-     KRB_AP_ERR_MSG_TYPE            40   Invalid msg type
-     KRB_AP_ERR_MODIFIED            41   Message stream modified
-     KRB_AP_ERR_BADORDER            42   Message out of order
-     KRB_AP_ERR_BADKEYVER           44   Specified version of key is not
-available
-     KRB_AP_ERR_NOKEY               45   Service key not available
-     KRB_AP_ERR_MUT_FAIL            46   Mutual authentication failed
-     KRB_AP_ERR_BADDIRECTION        47   Incorrect message direction
-     KRB_AP_ERR_METHOD              48   Alternative authentication method
-required
-     KRB_AP_ERR_BADSEQ              49   Incorrect sequence number in
-message
-     KRB_AP_ERR_INAPP_CKSUM         50   Inappropriate type of checksum in
-message
-     KRB_AP_PATH_NOT_ACCEPTED       51   Policy rejects transited path
-     KRB_ERR_RESPONSE_TOO_BIG       52   Response too big for UDP, retry
-with TCP
-     KRB_ERR_GENERIC                60   Generic error (description in
-e-text)
-     KRB_ERR_FIELD_TOOLONG          61   Field is too long for this
-implementation
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     KDC_ERROR_CLIENT_NOT_TRUSTED            62 (pkinit)
-     KDC_ERROR_KDC_NOT_TRUSTED               63 (pkinit)
-     KDC_ERROR_INVALID_SIG                   64 (pkinit)
-     KDC_ERR_KEY_TOO_WEAK                    65 (pkinit)
-     KDC_ERR_CERTIFICATE_MISMATCH            66 (pkinit)
-     KRB_AP_ERR_NO_TGT                       67 (user-to-user)
-     KDC_ERR_WRONG_REALM                     68 (user-to-user)
-     KRB_AP_ERR_USER_TO_USER_REQUIRED        69 (user-to-user)
-     KDC_ERR_CANT_VERIFY_CERTIFICATE         70 (pkinit)
-     KDC_ERR_INVALID_CERTIFICATE             71 (pkinit)
-     KDC_ERR_REVOKED_CERTIFICATE             72 (pkinit)
-     KDC_ERR_REVOCATION_STATUS_UNKNOWN       73 (pkinit)
-     KDC_ERR_REVOCATION_STATUS_UNAVAILABLE   74 (pkinit)
-     KDC_ERR_CLIENT_NAME_MISMATCH            75 (pkinit)
-     KDC_ERR_KDC_NAME_MISMATCH               76 (pkinit)
-
-     9. Interoperability requirements
-
-     Version 5 of the Kerberos protocol supports a myriad of options. Among
-     these are multiple encryption and checksum types, alternative encoding
-     schemes for the transited field, optional mechanisms for
-     pre-authentication, the handling of tickets with no addresses, options
-     for mutual authentication, user to user authentication, support for
-     proxies, forwarding, postdating, and renewing tickets, the format of
-     realm names, and the handling of authorization data.
-
-     In order to ensure the interoperability of realms, it is necessary to
-     define a minimal configuration which must be supported by all
-     implementations. This minimal configuration is subject to change as
-     technology does. For example, if at some later date it is discovered
-     that one of the required encryption or checksum algorithms is not
-     secure, it will be replaced.
-
-     9.1. Specification 2
-
-     This section defines the second specification of these options.
-     Implementations which are configured in this way can be said to
-     support Kerberos Version 5 Specification 2 (5.1). Specification 1
-     (depricated) may be found in RFC1510.
-
-     Transport
-
-     TCP/IP and UDP/IP transport must be supported by KDCs claiming
-     conformance to specification 2. Kerberos clients claiming conformance
-     to specification 2 must support UDP/IP transport for messages with the
-     KDC and should support TCP/IP transport.
-
-     Encryption and checksum methods
-
-     The following encryption and checksum mechanisms must be supported.
-     Implementations may support other mechanisms as well, but the
-     additional mechanisms may only be used when communicating with
-     principals known to also support them: This list is to be determined.
-
-     Encryption: DES-CBC-MD5, one triple des variant (tbd)
-     Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5 (tbd)
-
-     Realm Names
-
-     All implementations must understand hierarchical realms in both the
-     Internet Domain and the X.500 style. When a ticket granting ticket for
-     an unknown realm is requested, the KDC must be able to determine the
-     names of the intermediate realms between the KDCs realm and the
-     requested realm.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     Transited field encoding
-
-     DOMAIN-X500-COMPRESS (described in section 3.3.3.2) must be supported.
-     Alternative encodings may be supported, but they may be used only when
-     that encoding is supported by ALL intermediate realms.
-
-     Pre-authentication methods
-
-     The TGS-REQ method must be supported. The TGS-REQ method is not used
-     on the initial request. The PA-ENC-TIMESTAMP method must be supported
-     by clients but whether it is enabled by default may be determined on a
-     realm by realm basis. If not used in the initial request and the error
-     KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENC-TIMESTAMP as an
-     acceptable method, the client should retry the initial request using
-     the PA-ENC-TIMESTAMP preauthentication method. Servers need not
-     support the PA-ENC-TIMESTAMP method, but if not supported the server
-     should ignore the presence of PA-ENC-TIMESTAMP pre-authentication in a
-     request.
-
-     Mutual authentication
-
-     Mutual authentication (via the KRB_AP_REP message) must be supported.
-
-     Ticket addresses and flags
-
-     All KDC's must pass on tickets that carry no addresses (i.e. if a TGT
-     contains no addresses, the KDC will return derivative tickets), but
-     each realm may set its own policy for issuing such tickets, and each
-     application server will set its own policy with respect to accepting
-     them.
-
-     Proxies and forwarded tickets must be supported. Individual realms and
-     application servers can set their own policy on when such tickets will
-     be accepted.
-
-     All implementations must recognize renewable and postdated tickets,
-     but need not actually implement them. If these options are not
-     supported, the starttime and endtime in the ticket shall specify a
-     ticket's entire useful life. When a postdated ticket is decoded by a
-     server, all implementations shall make the presence of the postdated
-     flag visible to the calling server.
-
-     User-to-user authentication
-
-     Support for user to user authentication (via the ENC-TKT-IN-SKEY KDC
-     option) must be provided by implementations, but individual realms may
-     decide as a matter of policy to reject such requests on a
-     per-principal or realm-wide basis.
-
-     Authorization data
-
-     Implementations must pass all authorization data subfields from
-     ticket-granting tickets to any derivative tickets unless directed to
-     suppress a subfield as part of the definition of that registered
-     subfield type (it is never incorrect to pass on a subfield, and no
-     registered subfield types presently specify suppression at the KDC).
-
-     Implementations must make the contents of any authorization data
-     subfields available to the server when a ticket is used.
-     Implementations are not required to allow clients to specify the
-     contents of the authorization data fields.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     Constant ranges
-
-     All protocol constants are constrained to 32 bit (signed) values
-     unless further constrained by the protocol definition. This limit is
-     provided to allow implementations to make assumptions about the
-     maximum values that will be received for these constants.
-     Implementation receiving values outside this range may reject the
-     request, but they must recover cleanly.
-
-     9.2. Recommended KDC values
-
-     Following is a list of recommended values for a KDC implementation,
-     based on the list of suggested configuration constants (see section
-     4.4).
-
-     minimum lifetime              5 minutes
-     maximum renewable lifetime    1 week
-     maximum ticket lifetime       1 day
-     empty addresses               only when suitable  restrictions  appear
-                                   in authorization data
-     proxiable, etc.               Allowed.
-
-     10. REFERENCES
-
-     [NT94]    B. Clifford Neuman and Theodore Y. Ts'o, "An  Authenti-
-               cation  Service for Computer Networks," IEEE Communica-
-               tions Magazine, Vol. 32(9), pp. 33-38 (September 1994).
-
-     [MNSS87]  S. P. Miller, B. C. Neuman, J. I. Schiller, and  J.  H.
-               Saltzer,  Section  E.2.1:  Kerberos  Authentication and
-               Authorization System, M.I.T. Project Athena, Cambridge,
-               Massachusetts (December 21, 1987).
-
-     [SNS88]   J. G. Steiner, B. C. Neuman, and J. I. Schiller,  "Ker-
-               beros:  An Authentication Service for Open Network Sys-
-               tems," pp. 191-202 in  Usenix  Conference  Proceedings,
-               Dallas, Texas (February, 1988).
-
-     [NS78]    Roger M.  Needham  and  Michael  D.  Schroeder,  "Using
-               Encryption for Authentication in Large Networks of Com-
-               puters,"  Communications  of  the  ACM,  Vol.   21(12),
-               pp. 993-999 (December, 1978).
-
-     [DS81]    Dorothy E. Denning and  Giovanni  Maria  Sacco,  "Time-
-               stamps  in  Key Distribution Protocols," Communications
-               of the ACM, Vol. 24(8), pp. 533-536 (August 1981).
-
-     [KNT92]   John T. Kohl, B. Clifford Neuman, and Theodore Y. Ts'o,
-               "The Evolution of the Kerberos Authentication Service,"
-               in an IEEE Computer Society Text soon to  be  published
-               (June 1992).
-
-     [Neu93]   B.  Clifford  Neuman,  "Proxy-Based  Authorization  and
-               Accounting  for Distributed Systems," in Proceedings of
-               the 13th International Conference on  Distributed  Com-
-               puting Systems, Pittsburgh, PA (May, 1993).
-
-     [DS90]    Don Davis and Ralph Swick,  "Workstation  Services  and
-               Kerberos  Authentication  at Project Athena," Technical
-               Memorandum TM-424,  MIT Laboratory for Computer Science
-               (February 1990).
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     [LGDSR87] P. J. Levine, M. R. Gretzinger, J. M. Diaz, W. E.  Som-
-               merfeld,  and  K. Raeburn, Section E.1: Service Manage-
-               ment System, M.I.T.  Project  Athena,  Cambridge,  Mas-
-               sachusetts (1987).
-
-     [X509-88] CCITT, Recommendation X.509: The Directory  Authentica-
-               tion Framework, December 1988.
-
-     [Pat92].  J. Pato, Using  Pre-Authentication  to  Avoid  Password
-               Guessing  Attacks, Open Software Foundation DCE Request
-               for Comments 26 (December 1992).
-
-     [DES77]   National Bureau of Standards, U.S. Department  of  Com-
-               merce,  "Data Encryption Standard," Federal Information
-               Processing Standards Publication  46,   Washington,  DC
-               (1977).
-
-     [DESM80]  National Bureau of Standards, U.S. Department  of  Com-
-               merce,  "DES  Modes  of Operation," Federal Information
-               Processing Standards Publication 81,   Springfield,  VA
-               (December 1980).
-
-     [SG92]    Stuart G. Stubblebine and Virgil D. Gligor, "On Message
-               Integrity  in  Cryptographic Protocols," in Proceedings
-               of the IEEE  Symposium  on  Research  in  Security  and
-               Privacy, Oakland, California (May 1992).
-
-     [IS3309]  International Organization  for  Standardization,  "ISO
-               Information  Processing  Systems - Data Communication -
-               High-Level Data Link Control Procedure -  Frame  Struc-
-               ture," IS 3309 (October 1984).  3rd Edition.
-
-     [MD4-92]  R. Rivest, "The  MD4  Message  Digest  Algorithm,"  RFC
-               1320,   MIT  Laboratory  for  Computer  Science  (April
-               1992).
-
-     [MD5-92]  R. Rivest, "The  MD5  Message  Digest  Algorithm,"  RFC
-               1321,   MIT  Laboratory  for  Computer  Science  (April
-               1992).
-
-     [KBC96]   H. Krawczyk, M. Bellare, and R. Canetti, "HMAC:  Keyed-
-               Hashing  for  Message  Authentication,"  Working  Draft
-               draft-ietf-ipsec-hmac-md5-01.txt,   (August 1996).
-
-     [Horowitz96] Horowitz, M., "Key Derivation for Authentication,
-               Integrity, and Privacy",
-draft-horowitz-key-derivation-02.txt,
-               August 1998.
-
-     [HorowitzB96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
-               horowitz-kerb-key-derivation-01.txt, September 1998.
-
-     [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
-               Keyed-Hashing for Message Authentication",
-draft-ietf-ipsec-hmac-
-               md5-01.txt, August, 1996.
-
-     A. Pseudo-code for protocol processing
-
-     This appendix provides pseudo-code describing how the messages are to
-     be constructed and interpreted by clients and servers.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     A.1. KRB_AS_REQ generation
-
-             request.pvno := protocol version; /* pvno = 5 */
-             request.msg-type := message type; /* type = KRB_AS_REQ */
-
-             if(pa_enc_timestamp_required) then
-                     request.padata.padata-type = PA-ENC-TIMESTAMP;
-                     get system_time;
-                     padata-body.patimestamp,pausec = system_time;
-                     encrypt padata-body into request.padata.padata-value
-                             using client.key; /* derived from password */
-             endif
-
-             body.kdc-options := users's preferences;
-             body.cname := user's name;
-             body.realm := user's realm;
-             body.sname := service's name; /* usually "krbtgt",
-"localrealm" */
-             if (body.kdc-options.POSTDATED is set) then
-                     body.from := requested starting time;
-             else
-                     omit body.from;
-             endif
-             body.till := requested end time;
-             if (body.kdc-options.RENEWABLE is set) then
-                     body.rtime := requested final renewal time;
-             endif
-             body.nonce := random_nonce();
-             body.etype := requested etypes;
-             if (user supplied addresses) then
-                     body.addresses := user's addresses;
-             else
-                     omit body.addresses;
-             endif
-             omit body.enc-authorization-data;
-             request.req-body := body;
-
-             kerberos := lookup(name of local kerberos server (or servers));
-             send(packet,kerberos);
-
-             wait(for response);
-             if (timed_out) then
-                     retry or use alternate server;
-             endif
-
-     A.2. KRB_AS_REQ verification and KRB_AS_REP generation
-
-             decode message into req;
-
-             client := lookup(req.cname,req.realm);
-             server := lookup(req.sname,req.realm);
-
-             get system_time;
-             kdc_time := system_time.seconds;
-
-             if (!client) then
-                     /* no client in Database */
-                     error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-             endif
-             if (!server) then
-                     /* no server in Database */
-                     error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-             endif
-
-             if(client.pa_enc_timestamp_required and
-                pa_enc_timestamp not present) then
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                     error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-             endif
-
-             if(pa_enc_timestamp present) then
-                     decrypt req.padata-value into decrypted_enc_timestamp
-                             using client.key;
-                             using auth_hdr.authenticator.subkey;
-                     if (decrypt_error()) then
-                             error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                     if(decrypted_enc_timestamp is not within allowable
-skew) then
-                             error_out(KDC_ERR_PREAUTH_FAILED);
-                     endif
-                     if(decrypted_enc_timestamp and usec is replay)
-                             error_out(KDC_ERR_PREAUTH_FAILED);
-                     endif
-                     add decrypted_enc_timestamp and usec to replay cache;
-             endif
-
-             use_etype := first supported etype in req.etypes;
-
-             if (no support for req.etypes) then
-                     error_out(KDC_ERR_ETYPE_NOSUPP);
-             endif
-
-             new_tkt.vno := ticket version; /* = 5 */
-             new_tkt.sname := req.sname;
-             new_tkt.srealm := req.srealm;
-             reset all flags in new_tkt.flags;
-
-             /* It should be noted that local policy may affect the  */
-             /* processing of any of these flags.  For example, some */
-             /* realms may refuse to issue renewable tickets         */
-
-             if (req.kdc-options.FORWARDABLE is set) then
-                     set new_tkt.flags.FORWARDABLE;
-             endif
-             if (req.kdc-options.PROXIABLE is set) then
-                     set new_tkt.flags.PROXIABLE;
-             endif
-
-             if (req.kdc-options.ALLOW-POSTDATE is set) then
-                     set new_tkt.flags.MAY-POSTDATE;
-             endif
-             if ((req.kdc-options.RENEW is set) or
-                 (req.kdc-options.VALIDATE is set) or
-                 (req.kdc-options.PROXY is set) or
-                 (req.kdc-options.FORWARDED is set) or
-                 (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                     error_out(KDC_ERR_BADOPTION);
-             endif
-
-             new_tkt.session := random_session_key();
-             new_tkt.cname := req.cname;
-             new_tkt.crealm := req.crealm;
-             new_tkt.transited := empty_transited_field();
-
-             new_tkt.authtime := kdc_time;
-
-             if (req.kdc-options.POSTDATED is set) then
-                if (against_postdate_policy(req.from)) then
-                     error_out(KDC_ERR_POLICY);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                new_tkt.starttime := req.from;
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-             else
-                omit new_tkt.starttime; /* treated as authtime when omitted
-*/
-             endif
-             if (req.till = 0) then
-                     till := infinity;
-             else
-                     till := req.till;
-             endif
-
-             new_tkt.endtime := min(till,
-                                   new_tkt.starttime+client.max_life,
-                                   new_tkt.starttime+server.max_life,
-                                   new_tkt.starttime+max_life_for_realm);
-
-             if ((req.kdc-options.RENEWABLE-OK is set) and
-                 (new_tkt.endtime < req.till)) then
-                     /* we set the RENEWABLE option for later processing */
-                     set req.kdc-options.RENEWABLE;
-                     req.rtime := req.till;
-             endif
-
-             if (req.rtime = 0) then
-                     rtime := infinity;
-             else
-                     rtime := req.rtime;
-             endif
-
-             if (req.kdc-options.RENEWABLE is set) then
-                     set new_tkt.flags.RENEWABLE;
-                     new_tkt.renew-till := min(rtime,
-
-new_tkt.starttime+client.max_rlife,
-
-new_tkt.starttime+server.max_rlife,
-
-new_tkt.starttime+max_rlife_for_realm);
-             else
-                     omit new_tkt.renew-till; /* only present if RENEWABLE
-*/
-             endif
-
-             if (req.addresses) then
-                     new_tkt.caddr := req.addresses;
-             else
-                     omit new_tkt.caddr;
-             endif
-
-             new_tkt.authorization_data := empty_authorization_data();
-
-             encode to-be-encrypted part of ticket into OCTET STRING;
-             new_tkt.enc-part := encrypt OCTET STRING
-                     using etype_for_key(server.key), server.key,
-server.p_kvno;
-
-             /* Start processing the response */
-
-             resp.pvno := 5;
-             resp.msg-type := KRB_AS_REP;
-             resp.cname := req.cname;
-             resp.crealm := req.realm;
-             resp.ticket := new_tkt;
-
-             resp.key := new_tkt.session;
-             resp.last-req := fetch_last_request_info(client);
-             resp.nonce := req.nonce;
-             resp.key-expiration := client.expiration;
-             resp.flags := new_tkt.flags;
-
-             resp.authtime := new_tkt.authtime;
-             resp.starttime := new_tkt.starttime;
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-             resp.endtime := new_tkt.endtime;
-
-             if (new_tkt.flags.RENEWABLE) then
-                     resp.renew-till := new_tkt.renew-till;
-             endif
-
-             resp.realm := new_tkt.realm;
-             resp.sname := new_tkt.sname;
-
-             resp.caddr := new_tkt.caddr;
-
-             encode body of reply into OCTET STRING;
-
-             resp.enc-part := encrypt OCTET STRING
-                              using use_etype, client.key, client.p_kvno;
-             send(resp);
-
-     A.3. KRB_AS_REP verification
-
-             decode response into resp;
-
-             if (resp.msg-type = KRB_ERROR) then
-                     if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP))
-then
-                             set pa_enc_timestamp_required;
-                             goto KRB_AS_REQ;
-                     endif
-                     process_error(resp);
-                     return;
-             endif
-
-             /* On error, discard the response, and zero the session key */
-             /* from the response immediately */
-
-             key = get_decryption_key(resp.enc-part.kvno,
-resp.enc-part.etype,
-                                      resp.padata);
-             unencrypted part of resp := decode of decrypt of resp.enc-part
-                                     using resp.enc-part.etype and key;
-             zero(key);
-
-             if (common_as_rep_tgs_rep_checks fail) then
-                     destroy resp.key;
-                     return error;
-             endif
-
-             if near(resp.princ_exp) then
-                     print(warning message);
-             endif
-             save_for_later(ticket,session,client,server,times,flags);
-
-     A.4. KRB_AS_REP and KRB_TGS_REP common checks
-
-             if (decryption_error() or
-                 (req.cname != resp.cname) or
-                 (req.realm != resp.crealm) or
-                 (req.sname != resp.sname) or
-                 (req.realm != resp.realm) or
-                 (req.nonce != resp.nonce) or
-                 (req.addresses != resp.caddr)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-             /* make sure no flags are set that shouldn't be, and that all
-that */
-             /* should be are set
-*/
-             if (!check_flags_for_compatability(req.kdc-options,resp.flags))
-then
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-             if ((req.from = 0) and
-                 (resp.starttime is not within allowable skew)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_SKEW;
-             endif
-             if ((req.from != 0) and (req.from != resp.starttime)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-             if ((req.till != 0) and (resp.endtime > req.till)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-             if ((req.kdc-options.RENEWABLE is set) and
-                 (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-             if ((req.kdc-options.RENEWABLE-OK is set) and
-                 (resp.flags.RENEWABLE) and
-                 (req.till != 0) and
-                 (resp.renew-till > req.till)) then
-                     destroy resp.key;
-                     return KRB_AP_ERR_MODIFIED;
-             endif
-
-     A.5. KRB_TGS_REQ generation
-
-             /* Note that make_application_request might have to recursivly
-*/
-             /* call this routine to get the appropriate ticket-granting
-ticket */
-
-             request.pvno := protocol version; /* pvno = 5 */
-             request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-             body.kdc-options := users's preferences;
-             /* If the TGT is not for the realm of the end-server  */
-             /* then the sname will be for a TGT for the end-realm */
-             /* and the realm of the requested ticket (body.realm) */
-             /* will be that of the TGS to which the TGT we are    */
-             /* sending applies                                    */
-             body.sname := service's name;
-             body.realm := service's realm;
-
-             if (body.kdc-options.POSTDATED is set) then
-                     body.from := requested starting time;
-             else
-                     omit body.from;
-             endif
-             body.till := requested end time;
-             if (body.kdc-options.RENEWABLE is set) then
-                     body.rtime := requested final renewal time;
-             endif
-             body.nonce := random_nonce();
-             body.etype := requested etypes;
-             if (user supplied addresses) then
-                     body.addresses := user's addresses;
-             else
-                     omit body.addresses;
-             endif
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-             body.enc-authorization-data := user-supplied data;
-             if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                     body.additional-tickets_ticket := second TGT;
-             endif
-
-             request.req-body := body;
-             check := generate_checksum (req.body,checksumtype);
-
-             request.padata[0].padata-type := PA-TGS-REQ;
-             request.padata[0].padata-value := create a KRB_AP_REQ using
-                                           the TGT and checksum
-
-             /* add in any other padata as required/supplied */
-
-             kerberos := lookup(name of local kerberose server (or
-servers));
-             send(packet,kerberos);
-
-             wait(for response);
-             if (timed_out) then
-                     retry or use alternate server;
-             endif
-
-     A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
-
-             /* note that reading the application request requires first
-             determining the server for which a ticket was issued, and
-choosing the
-             correct key for decryption.  The name of the server appears in
-the
-             plaintext part of the ticket. */
-
-             if (no KRB_AP_REQ in req.padata) then
-                     error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-             endif
-             verify KRB_AP_REQ in req.padata;
-
-             /* Note that the realm in which the Kerberos server is
-operating is
-             determined by the instance from the ticket-granting ticket.
-The realm
-             in the ticket-granting ticket is the realm under which the
-ticket
-             granting ticket was issued.  It is possible for a single
-Kerberos
-             server to support more than one realm. */
-
-             auth_hdr := KRB_AP_REQ;
-             tgt := auth_hdr.ticket;
-
-             if (tgt.sname is not a TGT for local realm and is not
-req.sname) then
-                     error_out(KRB_AP_ERR_NOT_US);
-
-             realm := realm_tgt_is_for(tgt);
-
-             decode remainder of request;
-
-             if (auth_hdr.authenticator.cksum is missing) then
-                     error_out(KRB_AP_ERR_INAPP_CKSUM);
-             endif
-
-             if (auth_hdr.authenticator.cksum type is not supported) then
-                     error_out(KDC_ERR_SUMTYPE_NOSUPP);
-             endif
-             if (auth_hdr.authenticator.cksum is not both collision-proof
-and keyed) then
-                     error_out(KRB_AP_ERR_INAPP_CKSUM);
-             endif
-
-             set computed_checksum := checksum(req);
-             if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                     error_out(KRB_AP_ERR_MODIFIED);
-             endif
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-
-             server := lookup(req.sname,realm);
-
-             if (!server) then
-                     if (is_foreign_tgt_name(req.sname)) then
-                             server := best_intermediate_tgs(req.sname);
-                     else
-                             /* no server in Database */
-                             error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-                     endif
-             endif
-
-             session := generate_random_session_key();
-
-             use_etype := first supported etype in req.etypes;
-
-             if (no support for req.etypes) then
-                     error_out(KDC_ERR_ETYPE_NOSUPP);
-             endif
-
-             new_tkt.vno := ticket version; /* = 5 */
-             new_tkt.sname := req.sname;
-             new_tkt.srealm := realm;
-             reset all flags in new_tkt.flags;
-
-             /* It should be noted that local policy may affect the  */
-             /* processing of any of these flags.  For example, some */
-             /* realms may refuse to issue renewable tickets         */
-
-             new_tkt.caddr := tgt.caddr;
-             resp.caddr := NULL; /* We only include this if they change */
-             if (req.kdc-options.FORWARDABLE is set) then
-                     if (tgt.flags.FORWARDABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.FORWARDABLE;
-             endif
-             if (req.kdc-options.FORWARDED is set) then
-                     if (tgt.flags.FORWARDABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.FORWARDED;
-                     new_tkt.caddr := req.addresses;
-                     resp.caddr := req.addresses;
-             endif
-             if (tgt.flags.FORWARDED is set) then
-                     set new_tkt.flags.FORWARDED;
-             endif
-
-             if (req.kdc-options.PROXIABLE is set) then
-                     if (tgt.flags.PROXIABLE is reset)
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.PROXIABLE;
-             endif
-             if (req.kdc-options.PROXY is set) then
-                     if (tgt.flags.PROXIABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.PROXY;
-                     new_tkt.caddr := req.addresses;
-                     resp.caddr := req.addresses;
-             endif
-
-             if (req.kdc-options.ALLOW-POSTDATE is set) then
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                     if (tgt.flags.MAY-POSTDATE is reset)
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.MAY-POSTDATE;
-             endif
-             if (req.kdc-options.POSTDATED is set) then
-                     if (tgt.flags.MAY-POSTDATE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     set new_tkt.flags.POSTDATED;
-                     set new_tkt.flags.INVALID;
-                     if (against_postdate_policy(req.from)) then
-                             error_out(KDC_ERR_POLICY);
-                     endif
-                     new_tkt.starttime := req.from;
-             endif
-
-             if (req.kdc-options.VALIDATE is set) then
-                     if (tgt.flags.INVALID is reset) then
-                             error_out(KDC_ERR_POLICY);
-                     endif
-                     if (tgt.starttime > kdc_time) then
-                             error_out(KRB_AP_ERR_NYV);
-                     endif
-                     if (check_hot_list(tgt)) then
-                             error_out(KRB_AP_ERR_REPEAT);
-                     endif
-                     tkt := tgt;
-                     reset new_tkt.flags.INVALID;
-             endif
-
-             if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                                  and those already processed) is set) then
-                     error_out(KDC_ERR_BADOPTION);
-             endif
-
-             new_tkt.authtime := tgt.authtime;
-
-             if (req.kdc-options.RENEW is set) then
-               /* Note that if the endtime has already passed, the ticket
-would  */
-               /* have been rejected in the initial authentication stage, so
-*/
-               /* there is no need to check again here
-*/
-                     if (tgt.flags.RENEWABLE is reset) then
-                             error_out(KDC_ERR_BADOPTION);
-                     endif
-                     if (tgt.renew-till < kdc_time) then
-                             error_out(KRB_AP_ERR_TKT_EXPIRED);
-                     endif
-                     tkt := tgt;
-                     new_tkt.starttime := kdc_time;
-                     old_life := tgt.endttime - tgt.starttime;
-                     new_tkt.endtime := min(tgt.renew-till,
-                                            new_tkt.starttime + old_life);
-             else
-                     new_tkt.starttime := kdc_time;
-                     if (req.till = 0) then
-                             till := infinity;
-                     else
-                             till := req.till;
-                     endif
-                     new_tkt.endtime := min(till,
-
-new_tkt.starttime+client.max_life,
-
-new_tkt.starttime+server.max_life,
-
-new_tkt.starttime+max_life_for_realm,
-                                            tgt.endtime);
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-
-                     if ((req.kdc-options.RENEWABLE-OK is set) and
-                         (new_tkt.endtime < req.till) and
-                         (tgt.flags.RENEWABLE is set) then
-                             /* we set the RENEWABLE option for later
-processing */
-                             set req.kdc-options.RENEWABLE;
-                             req.rtime := min(req.till, tgt.renew-till);
-                     endif
-             endif
-
-             if (req.rtime = 0) then
-                     rtime := infinity;
-             else
-                     rtime := req.rtime;
-             endif
-
-             if ((req.kdc-options.RENEWABLE is set) and
-                 (tgt.flags.RENEWABLE is set)) then
-                     set new_tkt.flags.RENEWABLE;
-                     new_tkt.renew-till := min(rtime,
-
-new_tkt.starttime+client.max_rlife,
-
-new_tkt.starttime+server.max_rlife,
-
-new_tkt.starttime+max_rlife_for_realm,
-                                               tgt.renew-till);
-             else
-                     new_tkt.renew-till := OMIT; /* leave the renew-till
-field out */
-             endif
-             if (req.enc-authorization-data is present) then
-                     decrypt req.enc-authorization-data into
-decrypted_authorization_data
-                             using auth_hdr.authenticator.subkey;
-                     if (decrypt_error()) then
-                             error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                     endif
-             endif
-             new_tkt.authorization_data :=
-req.auth_hdr.ticket.authorization_data +
-                                      decrypted_authorization_data;
-
-             new_tkt.key := session;
-             new_tkt.crealm := tgt.crealm;
-             new_tkt.cname := req.auth_hdr.ticket.cname;
-
-             if (realm_tgt_is_for(tgt) := tgt.realm) then
-                     /* tgt issued by local realm */
-                     new_tkt.transited := tgt.transited;
-             else
-                     /* was issued for this realm by some other realm */
-                     if (tgt.transited.tr-type not supported) then
-                             error_out(KDC_ERR_TRTYPE_NOSUPP);
-                     endif
-                     new_tkt.transited := compress_transited(tgt.transited +
-tgt.realm)
-                     /* Don't check tranited field if TGT for foreign realm,
-                      * or requested not to check */
-                     if (is_not_foreign_tgt_name(new_tkt.server)
-                        && req.kdc-options.DISABLE-TRANSITED-CHECK not set)
-then
-                             /* Check it, so end-server does not have to
-                              * but don't fail, end-server may still accept
-it */
-                             if (check_transited_field(new_tkt.transited) ==
-OK)
-                                   set
-new_tkt.flags.TRANSITED-POLICY-CHECKED;
-                             endif
-                     endif
-             endif
-
-             encode encrypted part of new_tkt into OCTET STRING;
-             if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                     if (server not specified) then
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                             server = req.second_ticket.client;
-                     endif
-                     if ((req.second_ticket is not a TGT) or
-                         (req.second_ticket.client != server)) then
-                             error_out(KDC_ERR_POLICY);
-                     endif
-
-                     new_tkt.enc-part := encrypt OCTET STRING using
-                             using etype_for_key(second-ticket.key),
-second-ticket.key;
-             else
-                     new_tkt.enc-part := encrypt OCTET STRING
-                             using etype_for_key(server.key), server.key,
-server.p_kvno;
-             endif
-
-             resp.pvno := 5;
-             resp.msg-type := KRB_TGS_REP;
-             resp.crealm := tgt.crealm;
-             resp.cname := tgt.cname;
-             resp.ticket := new_tkt;
-
-             resp.key := session;
-             resp.nonce := req.nonce;
-             resp.last-req := fetch_last_request_info(client);
-             resp.flags := new_tkt.flags;
-
-             resp.authtime := new_tkt.authtime;
-             resp.starttime := new_tkt.starttime;
-             resp.endtime := new_tkt.endtime;
-
-             omit resp.key-expiration;
-
-             resp.sname := new_tkt.sname;
-             resp.realm := new_tkt.realm;
-
-             if (new_tkt.flags.RENEWABLE) then
-                     resp.renew-till := new_tkt.renew-till;
-             endif
-
-             encode body of reply into OCTET STRING;
-
-             if (req.padata.authenticator.subkey)
-                     resp.enc-part := encrypt OCTET STRING using use_etype,
-                             req.padata.authenticator.subkey;
-             else resp.enc-part := encrypt OCTET STRING using use_etype,
-tgt.key;
-
-             send(resp);
-
-     A.7. KRB_TGS_REP verification
-
-             decode response into resp;
-
-             if (resp.msg-type = KRB_ERROR) then
-                     process_error(resp);
-                     return;
-             endif
-
-             /* On error, discard the response, and zero the session key
-from
-             the response immediately */
-
-             if (req.padata.authenticator.subkey)
-                     unencrypted part of resp := decode of decrypt of
-resp.enc-part
-                             using resp.enc-part.etype and subkey;
-             else unencrypted part of resp := decode of decrypt of
-resp.enc-part
-                                     using resp.enc-part.etype and tgt's
-session key;
-             if (common_as_rep_tgs_rep_checks fail) then
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                     destroy resp.key;
-                     return error;
-             endif
-
-             check authorization_data as necessary;
-             save_for_later(ticket,session,client,server,times,flags);
-
-     A.8. Authenticator generation
-
-             body.authenticator-vno := authenticator vno; /* = 5 */
-             body.cname, body.crealm := client name;
-             if (supplying checksum) then
-                     body.cksum := checksum;
-             endif
-             get system_time;
-             body.ctime, body.cusec := system_time;
-             if (selecting sub-session key) then
-                     select sub-session key;
-                     body.subkey := sub-session key;
-             endif
-             if (using sequence numbers) then
-                     select initial sequence number;
-                     body.seq-number := initial sequence;
-             endif
-
-     A.9. KRB_AP_REQ generation
-
-             obtain ticket and session_key from cache;
-
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_AP_REQ */
-
-             if (desired(MUTUAL_AUTHENTICATION)) then
-                     set packet.ap-options.MUTUAL-REQUIRED;
-             else
-                     reset packet.ap-options.MUTUAL-REQUIRED;
-             endif
-             if (using session key for ticket) then
-                     set packet.ap-options.USE-SESSION-KEY;
-             else
-                     reset packet.ap-options.USE-SESSION-KEY;
-             endif
-             packet.ticket := ticket; /* ticket */
-             generate authenticator;
-             encode authenticator into OCTET STRING;
-             encrypt OCTET STRING into packet.authenticator using
-session_key;
-
-     A.10. KRB_AP_REQ verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_AP_REQ) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-             if (packet.ticket.tkt_vno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.ap_options.USE-SESSION-KEY is set) then
-                     retrieve session key from ticket-granting ticket for
-                      packet.ticket.{sname,srealm,enc-part.etype};
-             else
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                     retrieve service key for
-
-packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno};
-             endif
-             if (no_key_available) then
-                     if (cannot_find_specified_skvno) then
-                             error_out(KRB_AP_ERR_BADKEYVER);
-                     else
-                             error_out(KRB_AP_ERR_NOKEY);
-                     endif
-             endif
-             decrypt packet.ticket.enc-part into decr_ticket using retrieved
-key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             decrypt packet.authenticator into decr_authenticator
-                     using decr_ticket.key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             if (decr_authenticator.{cname,crealm} !=
-                 decr_ticket.{cname,crealm}) then
-                     error_out(KRB_AP_ERR_BADMATCH);
-             endif
-             if (decr_ticket.caddr is present) then
-                     if (sender_address(packet) is not in decr_ticket.caddr)
-then
-                             error_out(KRB_AP_ERR_BADADDR);
-                     endif
-             elseif (application requires addresses) then
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if (not in_clock_skew(decr_authenticator.ctime,
-                                   decr_authenticator.cusec)) then
-                     error_out(KRB_AP_ERR_SKEW);
-             endif
-             if (repeated(decr_authenticator.{ctime,cusec,cname,crealm}))
-then
-                     error_out(KRB_AP_ERR_REPEAT);
-             endif
-             save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-             get system_time;
-             if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-                 (decr_ticket.flags.INVALID is set)) then
-                     /* it hasn't yet become valid */
-                     error_out(KRB_AP_ERR_TKT_NYV);
-             endif
-             if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                     error_out(KRB_AP_ERR_TKT_EXPIRED);
-             endif
-             if (decr_ticket.transited) then
-                 /* caller may ignore the TRANSITED-POLICY-CHECKED and do
-                  * check anyway */
-                 if (decr_ticket.flags.TRANSITED-POLICY-CHECKED not set)
-then
-                      if (check_transited_field(decr_ticket.transited) then
-                           error_out(KDC_AP_PATH_NOT_ACCPETED);
-                      endif
-                 endif
-             endif
-             /* caller must check decr_ticket.flags for any pertinent
-details */
-             return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-     A.11. KRB_AP_REP generation
-
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_AP_REP */
-
-             body.ctime := packet.ctime;
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-             body.cusec := packet.cusec;
-             if (selecting sub-session key) then
-                     select sub-session key;
-                     body.subkey := sub-session key;
-             endif
-             if (using sequence numbers) then
-                     select initial sequence number;
-                     body.seq-number := initial sequence;
-             endif
-
-             encode body into OCTET STRING;
-
-             select encryption type;
-             encrypt OCTET STRING into packet.enc-part;
-
-     A.12. KRB_AP_REP verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_AP_REP) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-             cleartext := decrypt(packet.enc-part) using ticket's session
-key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             if (cleartext.ctime != authenticator.ctime) then
-                     error_out(KRB_AP_ERR_MUT_FAIL);
-             endif
-             if (cleartext.cusec != authenticator.cusec) then
-                     error_out(KRB_AP_ERR_MUT_FAIL);
-             endif
-             if (cleartext.subkey is present) then
-                     save cleartext.subkey for future use;
-             endif
-             if (cleartext.seq-number is present) then
-                     save cleartext.seq-number for future verifications;
-             endif
-             return(AUTHENTICATION_SUCCEEDED);
-
-     A.13. KRB_SAFE generation
-
-             collect user data in buffer;
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_SAFE */
-
-             body.user-data := buffer; /* DATA */
-             if (using timestamp) then
-                     get system_time;
-                     body.timestamp, body.usec := system_time;
-             endif
-             if (using sequence numbers) then
-                     body.seq-number := sequence number;
-             endif
-             body.s-address := sender host addresses;
-             if (only one recipient) then
-                     body.r-address := recipient host address;
-             endif
-             checksum.cksumtype := checksum type;
-             compute checksum over body;
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-             checksum.checksum := checksum value; /* checksum.checksum */
-             packet.cksum := checksum;
-             packet.safe-body := body;
-
-     A.14. KRB_SAFE verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_SAFE) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-             if (packet.checksum.cksumtype is not both collision-proof and
-keyed) then
-                     error_out(KRB_AP_ERR_INAPP_CKSUM);
-             endif
-             if (safe_priv_common_checks_ok(packet)) then
-                     set computed_checksum := checksum(packet.body);
-                     if (computed_checksum != packet.checksum) then
-                             error_out(KRB_AP_ERR_MODIFIED);
-                     endif
-                     return (packet, PACKET_IS_GENUINE);
-             else
-                     return common_checks_error;
-             endif
-
-     A.15. KRB_SAFE and KRB_PRIV common checks
-
-             if (packet.s-address != O/S_sender(packet)) then
-                     /* O/S report of sender not who claims to have sent it
-*/
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if ((packet.r-address is present) and
-                 (packet.r-address != local_host_address)) then
-                     /* was not sent to proper place */
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if (((packet.timestamp is present) and
-                  (not in_clock_skew(packet.timestamp,packet.usec))) or
-                 (packet.timestamp is not present and timestamp expected))
-then
-                     error_out(KRB_AP_ERR_SKEW);
-             endif
-             if (repeated(packet.timestamp,packet.usec,packet.s-address))
-then
-                     error_out(KRB_AP_ERR_REPEAT);
-             endif
-
-             if (((packet.seq-number is present) and
-                  ((not in_sequence(packet.seq-number)))) or
-                 (packet.seq-number is not present and sequence expected))
-then
-                     error_out(KRB_AP_ERR_BADORDER);
-             endif
-             if (packet.timestamp not present and packet.seq-number not
-present) then
-                     error_out(KRB_AP_ERR_MODIFIED);
-             endif
-
-             save_identifier(packet.{timestamp,usec,s-address},
-                             sender_principal(packet));
-
-             return PACKET_IS_OK;
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     A.16. KRB_PRIV generation
-
-             collect user data in buffer;
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_PRIV */
-
-             packet.enc-part.etype := encryption type;
-
-             body.user-data := buffer;
-             if (using timestamp) then
-                     get system_time;
-                     body.timestamp, body.usec := system_time;
-             endif
-             if (using sequence numbers) then
-                     body.seq-number := sequence number;
-             endif
-             body.s-address := sender host addresses;
-             if (only one recipient) then
-                     body.r-address := recipient host address;
-             endif
-
-             encode body into OCTET STRING;
-
-             select encryption type;
-             encrypt OCTET STRING into packet.enc-part.cipher;
-
-     A.17. KRB_PRIV verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_PRIV) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-
-             cleartext := decrypt(packet.enc-part) using negotiated key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-
-             if (safe_priv_common_checks_ok(cleartext)) then
-                     return(cleartext.DATA,
-PACKET_IS_GENUINE_AND_UNMODIFIED);
-             else
-                     return common_checks_error;
-             endif
-
-     A.18. KRB_CRED generation
-
-             invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_CRED */
-
-             for (tickets[n] in tickets to be forwarded) do
-                     packet.tickets[n] = tickets[n].ticket;
-             done
-
-             packet.enc-part.etype := encryption type;
-
-             for (ticket[n] in tickets to be forwarded) do
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                     body.ticket-info[n].key = tickets[n].session;
-                     body.ticket-info[n].prealm = tickets[n].crealm;
-                     body.ticket-info[n].pname = tickets[n].cname;
-                     body.ticket-info[n].flags = tickets[n].flags;
-                     body.ticket-info[n].authtime = tickets[n].authtime;
-                     body.ticket-info[n].starttime = tickets[n].starttime;
-                     body.ticket-info[n].endtime = tickets[n].endtime;
-                     body.ticket-info[n].renew-till = tickets[n].renew-till;
-                     body.ticket-info[n].srealm = tickets[n].srealm;
-                     body.ticket-info[n].sname = tickets[n].sname;
-                     body.ticket-info[n].caddr = tickets[n].caddr;
-             done
-
-             get system_time;
-             body.timestamp, body.usec := system_time;
-
-             if (using nonce) then
-                     body.nonce := nonce;
-             endif
-
-             if (using s-address) then
-                     body.s-address := sender host addresses;
-             endif
-             if (limited recipients) then
-                     body.r-address := recipient host address;
-             endif
-
-             encode body into OCTET STRING;
-
-             select encryption type;
-             encrypt OCTET STRING into packet.enc-part.cipher
-                    using negotiated encryption key;
-
-     A.19. KRB_CRED verification
-
-             receive packet;
-             if (packet.pvno != 5) then
-                     either process using other protocol spec
-                     or error_out(KRB_AP_ERR_BADVERSION);
-             endif
-             if (packet.msg-type != KRB_CRED) then
-                     error_out(KRB_AP_ERR_MSG_TYPE);
-             endif
-
-             cleartext := decrypt(packet.enc-part) using negotiated key;
-             if (decryption_error()) then
-                     error_out(KRB_AP_ERR_BAD_INTEGRITY);
-             endif
-             if ((packet.r-address is present or required) and
-                (packet.s-address != O/S_sender(packet)) then
-                     /* O/S report of sender not who claims to have sent it
-*/
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if ((packet.r-address is present) and
-                 (packet.r-address != local_host_address)) then
-                     /* was not sent to proper place */
-                     error_out(KRB_AP_ERR_BADADDR);
-             endif
-             if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                     error_out(KRB_AP_ERR_SKEW);
-             endif
-             if (repeated(packet.timestamp,packet.usec,packet.s-address))
-then
-                     error_out(KRB_AP_ERR_REPEAT);
-             endif
-             if (packet.nonce is required or present) and
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-                (packet.nonce != expected-nonce) then
-                     error_out(KRB_AP_ERR_MODIFIED);
-             endif
-
-             for (ticket[n] in tickets that were forwarded) do
-                     save_for_later(ticket[n],key[n],principal[n],
-                                    server[n],times[n],flags[n]);
-             return
-
-     A.20. KRB_ERROR generation
-
-             /* assemble packet: */
-             packet.pvno := protocol version; /* 5 */
-             packet.msg-type := message type; /* KRB_ERROR */
-
-             get system_time;
-             packet.stime, packet.susec := system_time;
-             packet.realm, packet.sname := server name;
-
-             if (client time available) then
-                     packet.ctime, packet.cusec := client_time;
-             endif
-             packet.error-code := error code;
-             if (client name available) then
-                     packet.cname, packet.crealm := client name;
-             endif
-             if (error text available) then
-                     packet.e-text := error text;
-             endif
-             if (error data available) then
-                     packet.e-data := error data;
-             endif
-
-     B. Definition of common authorization data elements
-
-     This appendix contains the definitions of common authorization data
-     elements. These common authorization data elements are recursivly
-     defined, meaning the ad-data for these types will itself contain a
-     sequence of authorization data whose interpretation is affected by the
-     encapsulating element. Depending on the meaning of the encapsulating
-     element, the encapsulated elements may be ignored, might be
-     interpreted as issued directly by the KDC, or they might be stored in
-     a separate plaintext part of the ticket. The types of the
-     encapsulating elements are specified as part of the Kerberos
-     specification because the behavior based on these values should be
-     understood across implementations whereas other elements need only be
-     understood by the applications which they affect.
-
-     In the definitions that follow, the value of the ad-type for the
-     element will be specified in the subsection number, and the value of
-     the ad-data will be as shown in the ASN.1 structure that follows the
-     subsection heading.
-
-     B.1. If relevant
-
-     AD-IF-RELEVANT   AuthorizationData
-
-     AD elements encapsulated within the if-relevant element are intended
-     for interpretation only by application servers that understand the
-     particular ad-type of the embedded element. Application servers that
-     do not understand the type of an element embedded within the
-     if-relevant element may ignore the uninterpretable element. This
-     element promotes interoperability across implementations which may
-     have local extensions for authorization.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     B.2. Intended for server
-
-     AD-INTENDED-FOR-SERVER   SEQUENCE {
-              intended-server[0]     SEQUENCE OF PrincipalName
-              elements[1]            AuthorizationData
-     }
-
-     AD elements encapsulated within the intended-for-server element may be
-     ignored if the application server is not in the list of principal
-     names of intended servers. Further, a KDC issuing a ticket for an
-     application server can remove this element if the application server
-     is not in the list of intended servers.
-
-     Application servers should check for their principal name in the
-     intended-server field of this element. If their principal name is not
-     found, this element should be ignored. If found, then the encapsulated
-     elements should be evaluated in the same manner as if they were
-     present in the top level authorization data field. Applications and
-     application servers that do not implement this element should reject
-     tickets that contain authorization data elements of this type.
-
-     B.3. Intended for application class
-
-     AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE {
-     intended-application-class[0] SEQUENCE OF GeneralString elements[1]
-     AuthorizationData } AD elements encapsulated within the
-     intended-for-application-class element may be ignored if the
-     application server is not in one of the named classes of application
-     servers. Examples of application server classes include "FILESYSTEM",
-     and other kinds of servers.
-
-     This element and the elements it encapulates may be safely ignored by
-     applications, application servers, and KDCs that do not implement this
-     element.
-
-     B.4. KDC Issued
-
-     AD-KDCIssued   SEQUENCE {
-                    ad-checksum[0]    Checksum,
-                     i-realm[1]       Realm OPTIONAL,
-                     i-sname[2]       PrincipalName OPTIONAL,
-                    elements[3]       AuthorizationData.
-     }
-
-     ad-checksum
-          A checksum over the elements field using a cryptographic checksum
-          method that is identical to the checksum used to protect the
-          ticket itself (i.e. using the same hash function and the same
-          encryption algorithm used to encrypt the ticket) and using a key
-          derived from the same key used to protect the ticket.
-     i-realm, i-sname
-          The name of the issuing principal if different from the KDC
-          itself. This field would be used when the KDC can verify the
-          authenticity of elements signed by the issuing principal and it
-          allows this KDC to notify the application server of the validity
-          of those elements.
-     elements
-          A sequence of authorization data elements issued by the KDC.
-     The KDC-issued ad-data field is intended to provide a means for
-     Kerberos principal credentials to embed within themselves privilege
-     attributes and other mechanisms for positive authorization, amplifying
-     the priveleges of the principal beyond what can be done using a
-     credentials without such an a-data element.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     This can not be provided without this element because the definition
-     of the authorization-data field allows elements to be added at will by
-     the bearer of a TGT at the time that they request service tickets and
-     elements may also be added to a delegated ticket by inclusion in the
-     authenticator.
-
-     For KDC-issued elements this is prevented because the elements are
-     signed by the KDC by including a checksum encrypted using the server's
-     key (the same key used to encrypt the ticket - or a key derived from
-     that key). Elements encapsulated with in the KDC-issued element will
-     be ignored by the application server if this "signature" is not
-     present. Further, elements encapsulated within this element from a
-     ticket granting ticket may be interpreted by the KDC, and used as a
-     basis according to policy for including new signed elements within
-     derivative tickets, but they will not be copied to a derivative ticket
-     directly. If they are copied directly to a derivative ticket by a KDC
-     that is not aware of this element, the signature will not be correct
-     for the application ticket elements, and the field will be ignored by
-     the application server.
-
-     This element and the elements it encapulates may be safely ignored by
-     applications, application servers, and KDCs that do not implement this
-     element.
-
-     B.5. And-Or
-
-     AD-AND-OR           SEQUENCE {
-                             condition-count[0]    INTEGER,
-                             elements[1]           AuthorizationData
-     }
-
-     When restrictive AD elements encapsulated within the and-or element
-     are encountered, only the number specified in condition-count of the
-     encapsulated conditions must be met in order to satisfy this element.
-     This element may be used to implement an "or" operation by setting the
-     condition-count field to 1, and it may specify an "and" operation by
-     setting the condition count to the number of embedded elements.
-     Application servers that do not implement this element must reject
-     tickets that contain authorization data elements of this type.
-
-     B.6. Mandatory ticket extensions
-
-     AD-Mandatory-Ticket-Extensions           SEQUENCE {
-                             te-type[0]       INTEGER,
-                             te-checksum[0]    Checksum
-     }
-
-     An authorization data element of type mandatory-ticket-extensions
-     specifies the type and a collision-proof checksum using the same hash
-     algorithm used to protect the integrity of the ticket itself. This
-     checksum will be calculated over an individual extension field of the
-     type indicated. If there are more than one extension, multiple
-     Mandatory-Ticket-Extensions authorization data elements may be
-     present, each with a checksum for a different extension field. This
-     restriction indicates that the ticket should not be accepted if a
-     ticket extension is not present in the ticket for which the type and
-     checksum do not match that checksum specified in the authorization
-     data element. Note that although the type is redundant for the
-     purposes of the comparison, it makes the comparison easier when
-     multiple extensions are present. Application servers that do not
-     implement this element must reject tickets that contain authorization
-     data elements of this type.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     B.7. Authorization Data in ticket extensions
-
-     AD-IN-Ticket-Extensions   Checksum
-
-     An authorization data element of type in-ticket-extensions specifies a
-     collision-proof checksum using the same hash algorithm used to protect
-     the integrity of the ticket itself. This checksum is calculated over a
-     separate external AuthorizationData field carried in the ticket
-     extensions. Application servers that do not implement this element
-     must reject tickets that contain authorization data elements of this
-     type. Application servers that do implement this element will search
-     the ticket extensions for authorization data fields, calculate the
-     specified checksum over each authorization data field and look for one
-     matching the checksum in this in-ticket-extensions element. If not
-     found, then the ticket must be rejected. If found, the corresponding
-     authorization data elements will be interpreted in the same manner as
-     if they were contained in the top level authorization data field.
-
-     Note that if multiple external authorization data fields are present
-     in a ticket, each will have a corresponding element of type
-     in-ticket-extensions in the top level authorization data field, and
-     the external entries will be linked to the corresponding element by
-     their checksums.
-
-     C. Definition of common ticket extensions
-
-     This appendix contains the definitions of common ticket extensions.
-     Support for these extensions is optional. However, certain extensions
-     have associated authorization data elements that may require rejection
-     of a ticket containing an extension by application servers that do not
-     implement the particular extension. Other extensions have been defined
-     beyond those described in this specification. Such extensions are
-     described elswhere and for some of those extensions the reserved
-     number may be found in the list of constants.
-
-     It is known that older versions of Kerberos did not support this
-     field, and that some clients will strip this field from a ticket when
-     they parse and then reassemble a ticket as it is passed to the
-     application servers. The presence of the extension will not break such
-     clients, but any functionaly dependent on the extensions will not work
-     when such tickets are handled by old clients. In such situations, some
-     implementation may use alternate methods to transmit the information
-     in the extensions field.
-
-     C.1. Null ticket extension
-
-     TE-NullExtension   OctetString -- The empty Octet String
-
-     The te-data field in the null ticket extension is an octet string of
-     lenght zero. This extension may be included in a ticket granting
-     ticket so that the KDC can determine on presentation of the ticket
-     granting ticket whether the client software will strip the extensions
-     field.
-
-     C.2. External Authorization Data
-
-     TE-ExternalAuthorizationData   AuthorizationData
-
-     The te-data field in the external authorization data ticket extension
-     is field of type AuthorizationData containing one or more
-     authorization data elements. If present, a corresponding authorization
-     data element will be present in the primary authorization data for the
-     ticket and that element will contain a checksum of the external
-     authorization data ticket extension.
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     ----------------------------------------------------------------------
-     [TM] Project Athena, Athena, and Kerberos are trademarks of the
-     Massachusetts Institute of Technology (MIT). No commercial use of
-     these trademarks may be made without prior written permission of MIT.
-
-     [1] Note, however, that many applications use Kerberos' functions only
-     upon the initiation of a stream-based network connection. Unless an
-     application subsequently provides integrity protection for the data
-     stream, the identity verification applies only to the initiation of
-     the connection, and does not guarantee that subsequent messages on the
-     connection originate from the same principal.
-
-     [2] Secret and private are often used interchangeably in the
-     literature. In our usage, it takes two (or more) to share a secret,
-     thus a shared DES key is a secret key. Something is only private when
-     no one but its owner knows it. Thus, in public key cryptosystems, one
-     has a public and a private key.
-
-     [3] Of course, with appropriate permission the client could arrange
-     registration of a separately-named prin- cipal in a remote realm, and
-     engage in normal exchanges with that realm's services. However, for
-     even small numbers of clients this becomes cumbersome, and more
-     automatic methods as described here are necessary.
-
-     [4] Though it is permissible to request or issue tick- ets with no
-     network addresses specified.
-
-     [5] The password-changing request must not be honored unless the
-     requester can provide the old password (the user's current secret
-     key). Otherwise, it would be possible for someone to walk up to an
-     unattended ses- sion and change another user's password.
-
-     [6] To authenticate a user logging on to a local system, the
-     credentials obtained in the AS exchange may first be used in a TGS
-     exchange to obtain credentials for a local server. Those credentials
-     must then be verified by a local server through successful completion
-     of the Client/Server exchange.
-
-     [7] "Random" means that, among other things, it should be impossible
-     to guess the next session key based on knowledge of past session keys.
-     This can only be achieved in a pseudo-random number generator if it is
-     based on cryptographic principles. It is more desirable to use a truly
-     random number generator, such as one based on measurements of random
-     physical phenomena.
-
-     [8] Tickets contain both an encrypted and unencrypted portion, so
-     cleartext here refers to the entire unit, which can be copied from one
-     message and replayed in another without any cryptographic skill.
-
-     [9] Note that this can make applications based on unreliable
-     transports difficult to code correctly. If the transport might deliver
-     duplicated messages, either a new authenticator must be generated for
-     each retry, or the application server must match requests and replies
-     and replay the first reply in response to a detected duplicate.
-
-     [10] This is used for user-to-user authentication as described in [8].
-
-     [11] Note that the rejection here is restricted to authenticators from
-     the same principal to the same server. Other client principals
-     communicating with the same server principal should not be have their
-     authenticators rejected if the time and microsecond fields happen to
-     match some other client's authenticator.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     [12] In the Kerberos version 4 protocol, the timestamp in the reply
-     was the client's timestamp plus one. This is not necessary in version
-     5 because version 5 messages are formatted in such a way that it is
-     not possible to create the reply by judicious message surgery (even in
-     encrypted form) without knowledge of the appropriate encryption keys.
-
-     [13] Note that for encrypting the KRB_AP_REP message, the sub-session
-     key is not used, even if present in the Authenticator.
-
-     [14] Implementations of the protocol may wish to provide routines to
-     choose subkeys based on session keys and random numbers and to
-     generate a negotiated key to be returned in the KRB_AP_REP message.
-
-     [15]This can be accomplished in several ways. It might be known
-     beforehand (since the realm is part of the principal identifier), it
-     might be stored in a nameserver, or it might be obtained from a
-     configura- tion file. If the realm to be used is obtained from a
-     nameserver, there is a danger of being spoofed if the nameservice
-     providing the realm name is not authenti- cated. This might result in
-     the use of a realm which has been compromised, and would result in an
-     attacker's ability to compromise the authentication of the application
-     server to the client.
-
-     [16] If the client selects a sub-session key, care must be taken to
-     ensure the randomness of the selected sub- session key. One approach
-     would be to generate a random number and XOR it with the session key
-     from the ticket-granting ticket.
-
-     [17] This allows easy implementation of user-to-user authentication
-     [8], which uses ticket-granting ticket session keys in lieu of secret
-     server keys in situa- tions where such secret keys could be easily
-     comprom- ised.
-
-     [18] For the purpose of appending, the realm preceding the first
-     listed realm is considered to be the null realm ("").
-
-     [19] For the purpose of interpreting null subfields, the client's
-     realm is considered to precede those in the transited field, and the
-     server's realm is considered to follow them.
-
-     [20] This means that a client and server running on the same host and
-     communicating with one another using the KRB_SAFE messages should not
-     share a common replay cache to detect KRB_SAFE replays.
-
-     [21] The implementation of the Kerberos server need not combine the
-     database and the server on the same machine; it is feasible to store
-     the principal database in, say, a network name service, as long as the
-     entries stored therein are protected from disclosure to and
-     modification by unauthorized parties. However, we recommend against
-     such strategies, as they can make system management and threat
-     analysis quite complex.
-
-     [22] See the discussion of the padata field in section 5.4.2 for
-     details on why this can be useful.
-
-     [23] Warning for implementations that unpack and repack data
-     structures during the generation and verification of embedded
-     checksums: Because any checksums applied to data structures must be
-     checked against the original data the length of bit strings must be
-     preserved within a data structure between the time that a checksum is
-     generated through transmission to the time that the checksum is
-     verified.
-
-
-Neuman, Ts'o, Kohl                                   Expires: 14 January
-2001
-
-^L
-
-INTERNET-DRAFT    draft-ietf-cat-kerberos-revisions-06          July 14,
-2000
-
-     [24] It is NOT recommended that this time value be used to adjust the
-     workstation's clock since the workstation cannot reliably determine
-     that such a KRB_AS_REP actually came from the proper KDC in a timely
-     manner.
-
-     [25] Note, however, that if the time is used as the nonce, one must
-     make sure that the workstation time is monotonically increasing. If
-     the time is ever reset backwards, there is a small, but finite,
-     probability that a nonce will be reused.
-
-     [27] An application code in the encrypted part of a message provides
-     an additional check that the message was decrypted properly.
-
-     [29] An application code in the encrypted part of a message provides
-     an additional check that the message was decrypted properly.
-
-     [31] An application code in the encrypted part of a message provides
-     an additional check that the message was decrypted properly.
-
-     [32] If supported by the encryption method in use, an initialization
-     vector may be passed to the encryption procedure, in order to achieve
-     proper cipher chaining. The initialization vector might come from the
-     last block of the ciphertext from the previous KRB_PRIV message, but
-     it is the application's choice whether or not to use such an
-     initialization vector. If left out, the default initialization vector
-     for the encryption algorithm will be used.
-
-     [33] This prevents an attacker who generates an incorrect AS request
-     from obtaining verifiable plaintext for use in an off-line password
-     guessing attack.
-
-     [35] In the above specification, UNTAGGED OCTET STRING(length) is the
-     notation for an octet string with its tag and length removed. It is
-     not a valid ASN.1 type. The tag bits and length must be removed from
-     the confounder since the purpose of the confounder is so that the
-     message starts with random data, but the tag and its length are fixed.
-     For other fields, the length and tag would be redundant if they were
-     included because they are specified by the encryption type. [36] The
-     ordering of the fields in the CipherText is important. Additionally,
-     messages encoded in this format must include a length as part of the
-     msg-seq field. This allows the recipient to verify that the message
-     has not been truncated. Without a length, an attacker could use a
-     chosen plaintext attack to generate a message which could be
-     truncated, while leaving the checksum intact. Note that if the msg-seq
-     is an encoding of an ASN.1 SEQUENCE or OCTET STRING, then the length
-     is part of that encoding.
-
-     [37] In some cases, it may be necessary to use a different "mix-in"
-     string for compatibility reasons; see the discussion of padata in
-     section 5.4.2.
-
-     [38] In some cases, it may be necessary to use a different "mix-in"
-     string for compatibility reasons; see the discussion of padata in
-     section 5.4.2.
-
-     [39] A variant of the key is used to limit the use of a key to a
-     particular function, separating the functions of generating a checksum
-     from other encryption performed using the session key. The constant
-     F0F0F0F0F0F0F0F0 was chosen because it maintains key parity. The
-     properties of DES precluded the use of the complement. The same
-     constant is used for similar purpose in the Message Integrity Check in
-     the Privacy Enhanced Mail standard.
-
-     [40] This error carries additional information in the e- data field.
-     The contents of the e-data field for this message is described in
-     section 5.9.1.
-
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-set-passwd-02.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-set-passwd-02.txt
deleted file mode 100644
index 6f7dae0dea70..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-set-passwd-02.txt
+++ /dev/null
@@ -1,325 +0,0 @@
-
-INTERNET-DRAFT                                        Mike Swift 
-draft-ietf-cat-kerberos-set-passwd-02.txt             Microsoft
-March 2000                                            Jonathan Trostle
-                                                      Cisco Systems
-                                                      John Brezak
-                                                      Microsoft
-                                                      Bill Gossman
-                                                      Cybersafe
-
-              Kerberos Set/Change Password: Version 2
-
-
-0. Status Of This Memo
-
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1]. 
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as 
-   Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six
-   months and may be updated, replaced, or obsoleted by other
-   documents at any time.  It is inappropriate to use Internet-
-   Drafts as reference material or to cite them other than as
-   "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Comments and suggestions on this document are encouraged.  Comments 
-   on this document should be sent to the CAT working group discussion 
-   list:
-                       ietf-cat-wg@stanford.edu
-
-1. Abstract
-
-   The Kerberos (RFC 1510 [3]) change password protocol (Horowitz [4]), 
-   does not allow for an administrator to set a password for a new user. 
-   This functionality is useful in some environments, and this proposal 
-   extends [4] to allow password setting. The changes are: adding new 
-   fields to the request message to indicate the principal which is 
-   having its password set, not requiring the initial flag in the service 
-   ticket, using a new protocol version number, and adding three new 
-   result codes. We also extend the set/change protocol to allow a 
-   client to send a sequence of keys to the KDC instead of a cleartext 
-   password. If in the cleartext password case, the cleartext password 
-   fails to satisfy password policy, the server should use the result    
-   code KRB5_KPASSWD_POLICY_REJECT.
-
-2. Conventions used in this document 
-    
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-   
-3. The Protocol
-
-   The service must accept requests on UDP port 464 and TCP port 464 as 
-   well. The protocol consists of a single request message followed by 
-   a single reply message.  For UDP transport, each message must be fully 
-   contained in a single UDP packet.
-
-   For TCP transport, there is a 4 octet header in network byte order
-   precedes the message and specifies the length of the message. This
-   requirement is consistent with the TCP transport header in 1510bis.
-
-Request Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REQ length        |         AP-REQ data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                        KRB-PRIV message                       /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   All 16 bit fields are in network byte order. 
-
-   message length field: contains the number of bytes in the message 
-   including this field.
-
-   protocol version number: contains the hex constant 0x0002 (network
-   byte order).
-
-   AP-REQ length: length of AP-REQ data, in bytes. If the length is zero, 
-   then the last field contains a KRB-ERROR message instead of a KRB-PRIV 
-   message.
-
-   AP-REQ data: (see [3]) The AP-REQ message must be for the service 
-   principal kadmin/changepw@REALM, where REALM is the REALM of the user 
-   who wishes to change/set his password.  The ticket in the AP-REQ must 
-   must include a subkey in the Authenticator. To enable setting of 
-   passwords/keys, it is not required that the initial flag be set in the 
-   Kerberos service ticket. The initial flag is required for change requests,
-   but not for set password requests. We have the following definitions:
-
-                    old passwd   initial flag  target principal can be
-                    in request?  required?     distinct from 
-                                               authenticating principal?
-                                              
-   change password:  yes         yes           no
-
-   set password:     no          no            yes
-
-   set key:          no          policy        yes
-                                 determined
-
-   KRB-PRIV message (see [3]) This KRB-PRIV message must be generated 
-   using the subkey from the authenticator in the AP-REQ data. 
-
-   The user-data component of the message consists of the following ASN.1 
-   structure encoded as an OCTET STRING:
-
-   ChangePasswdData :: =  SEQUENCE {
-                       newpasswdorkeys[0]   NewPasswdOrKeys,
-                       targname[1]          PrincipalName OPTIONAL,
-                         -- only present in set password: the principal
-                         -- which will have its password set
-                       targrealm[2]         Realm OPTIONAL, 
-                         -- only present in set password: the realm for 
-                         -- the principal which will have its password set
-
-                       }
-
-   NewPasswdOrKeys :: = CHOICE {
-                       passwords[0]  PasswordSequence,       
-                       keyseq[1]     KeySequences
-   }
-                         
-   KeySequences :: = SEQUENCE OF KeySequence
-
-   KeySequence :: = SEQUENCE {
-                       key[0]        EncryptionKey,
-                       salt[1]       OCTET STRING OPTIONAL,
-                       salt-type[2]  INTEGER OPTIONAL
-   }
-
-   PasswordSequence :: = SEQUENCE {
-                       newpasswd[0]  OCTET STRING,
-                       oldpasswd[1]  OCTET STRING OPTIONAL
-                         -- oldpasswd always present for change password
-                         -- but not present for set password 
-   }
-
-   The server must verify the AP-REQ message, check whether the client 
-   principal in the ticket is authorized to set or change the password 
-   (either for that principal, or for the principal in the targname 
-   field if present), and decrypt the new password/keys. The server 
-   also checks whether the initial flag is required for this request, 
-   replying with status 0x0007 if it is not set and should be. An 
-   authorization failure is cause to respond with status 0x0005. For 
-   forward compatibility, the server should be prepared to ignore fields 
-   after targrealm in the structure that it does not understand. 
-
-   The newpasswdorkeys field contains either the new cleartext password 
-   (with the old cleartext password for a change password operation), 
-   or a sequence of encryption keys with their respective salts. 
-
-   In the cleartext password case, if the old password is sent in the
-   request, the request is defined to be a change password request. If
-   the old password is not present in the request, the request is a set
-   password request. The server should apply policy checks to the old 
-   and new password after verifying that the old password is valid. 
-   The server can check validity by obtaining a key from the old 
-   password with a keytype that is present in the KDC database for the 
-   user and comparing the keys for equality. The server then generates 
-   the appropriate keytypes from the password and stores them in the KDC 
-
-   database. If all goes well, status 0x0000 is returned to the client 
-   in the reply message (see below). For a change password operation,
-   the initial flag in the service ticket MUST be set. 
-
-   In the key sequence case, the sequence of keys is sent to the set
-   password service. For a principal that can act as a server, its 
-   preferred keytype should be sent as the first key in the sequence, 
-   but the KDC is not required to honor this preference. Application 
-   servers should use the key sequence option for changing/setting their 
-   keys. The set password service should check that all keys are in the
-   proper format, returning the KRB5_KPASSWD_MALFORMED error otherwise. 
-
-Reply Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REP length        |         AP-REP data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                          KRB-PRIV message                     /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-
-   All 16 bit fields are in network byte order. 
-
-   message length field: contains the number of bytes in the message 
-   including this field.
-
-   protocol version number: contains the hex constant 0x0002 (network
-   byte order). (The reply message has the same format as in [4]).
-
-   AP-REP length: length of AP-REP data, in bytes. If the length is zero, 
-   then the last field contains a KRB-ERROR message instead of a KRB-PRIV 
-   message.
-
-   AP-REP data: the AP-REP is the response to the AP-REQ in the request 
-   packet.
-   
-   KRB-PRIV from [4]: This KRB-PRIV message must be generated using the 
-   subkey in the authenticator in the AP-REQ data.
-
-   The server will respond with a KRB-PRIV message unless it cannot
-   validate the client AP-REQ or KRB-PRIV message, in which case it will
-   respond with a KRB-ERROR message. NOTE: Unlike change password version
-   1, the KRB-ERROR message will be sent back without any encapsulation. 
-
-   The user-data component of the KRB-PRIV message, or e-data component 
-   of the KRB-ERROR message, must consist of the following data.
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          result code          |        result string          /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |                             edata                             /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-      result code (16 bits) (result codes 0-4 are from [4]):
-         The result code must have one of the following values (network
-         byte order):
-         KRB5_KPASSWD_SUCCESS      0 request succeeds (This value is not 
-                                     allowed in a KRB-ERROR message)
-         KRB5_KPASSWD_MALFORMED    1 request fails due to being malformed
-         KRB5_KPASSWD_HARDERROR    2 request fails due to "hard" error in
-                                     processing the request (for example, 
-                                     there is a resource or other problem 
-                                     causing the request to fail)
-         KRB5_KPASSWD_AUTHERROR    3 request fails due to an error in 
-                                     authentication processing
-         KRB5_KPASSWD_SOFTERROR    4 request fails due to a soft error 
-                                     in processing the request 
-         KRB5_KPASSWD_ACCESSDENIED 5 requestor not authorized
-         KRB5_KPASSWD_BAD_VERSION  6 protocol version unsupported
-         KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 initial flag required
-         KRB5_KPASSWD_POLICY_REJECT 8 new cleartext password fails policy;
-         the result string should include a text message to be presented
-         to the user.
-         KRB5_KPASSWD_BAD_PRINCIPAL 9 target principal does not exist
-         (only in response to a set password request).
-         KRB5_KPASSWD_ETYPE_NOSUPP 10 the request contains a key sequence
-         containing at least one etype that is not supported by the KDC.
-         The response edata contains an ASN.1 encoded PKERB-ETYPE-INFO 
-         type that specifies the etypes that the KDC supports:
-         
-         KERB-ETYPE-INFO-ENTRY :: = SEQUENCE {
-                encryption-type[0]  INTEGER,
-                salt[1]             OCTET STRING OPTIONAL -- not sent
-         }
-
-         PKERB-ETYPE-INFO ::= SEQUENCE OF KERB-ETYPE-INFO-ENTRY
-
-         The client should retry the request using only etypes (keytypes)
-         that are contained within the PKERB-ETYPE-INFO structure in the
-         previous response. 
-         0xFFFF if the request fails for some other reason.
-         The client must interpret any non-zero result code as a failure.
-      result string - from [4]:
-         This field is a UTF-8 encoded string which should be displayed
-         to the user by the client. Specific reasons for a password 
-         set/change policy failure is one use for this string. 
-      edata: used to convey additional information as defined by the 
-         result code. 
-
-4. References
-
-   [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-       9, RFC 2026, October 1996. 
-    
-   [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-       Levels", BCP 14, RFC 2119, March 1997 
- 
-   [3] J. Kohl, C. Neuman. The Kerberos Network Authentication
-       Service (V5), Request for Comments 1510.
-
-   [4] M. Horowitz. Kerberos Change Password Protocol,
-       ftp://ds.internic.net/internet-drafts/
-       draft-ietf-cat-kerb-chg-password-02.txt
-
-5. Expiration Date
-
-   This draft expires in September 2000.
-
-6. Authors' Addresses
-
-   Jonathan Trostle
-   Cisco Systems
-   170 W. Tasman Dr.
-   San Jose, CA 95134
-   Email: jtrostle@cisco.com
-
-   Mike Swift 
-   1 Microsoft Way
-   Redmond, WA 98052
-   Email: mikesw@microsoft.com
-
-   John Brezak
-   1 Microsoft Way
-   Redmond, WA 98052
-   Email: jbrezak@microsoft.com
-
-   Bill Gossman
-   Cybersafe Corporation
-   1605 NW Sammamish Rd.
-   Issaquah, WA 98027-5378
-   Email: bill.gossman@cybersafe.com
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-set-passwd-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-set-passwd-03.txt
deleted file mode 100644
index 0319f8bf347c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-set-passwd-03.txt
+++ /dev/null
@@ -1,345 +0,0 @@
-
-INTERNET-DRAFT                                        Mike Swift 
-draft-ietf-cat-kerberos-set-passwd-03.txt             Microsoft
-April 2000                                            Jonathan Trostle
-                                                      Cisco Systems
-                                                      John Brezak
-                                                      Microsoft
-                                                      Bill Gossman
-                                                      Cybersafe
-
-              Kerberos Set/Change Password: Version 2
-
-
-0. Status Of This Memo
-
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1]. 
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as 
-   Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six
-   months and may be updated, replaced, or obsoleted by other
-   documents at any time.  It is inappropriate to use Internet-
-   Drafts as reference material or to cite them other than as
-   "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Comments and suggestions on this document are encouraged.  Comments 
-   on this document should be sent to the CAT working group discussion 
-   list:
-                       ietf-cat-wg@stanford.edu
-
-1. Abstract
-
-   The Kerberos (RFC 1510 [3]) change password protocol (Horowitz [4]), 
-   does not allow for an administrator to set a password for a new user. 
-   This functionality is useful in some environments, and this proposal 
-   extends [4] to allow password setting. The changes are: adding new 
-   fields to the request message to indicate the principal which is 
-   having its password set, not requiring the initial flag in the service 
-   ticket, using a new protocol version number, and adding three new 
-   result codes. We also extend the set/change protocol to allow a 
-   client to send a sequence of keys to the KDC instead of a cleartext 
-   password. If in the cleartext password case, the cleartext password 
-   fails to satisfy password policy, the server should use the result    
-   code KRB5_KPASSWD_POLICY_REJECT.
-
-2. Conventions used in this document 
-    
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-   
-3. The Protocol
-
-   The service must accept requests on UDP port 464 and TCP port 464 as 
-   well. The protocol consists of a single request message followed by 
-   a single reply message.  For UDP transport, each message must be fully 
-   contained in a single UDP packet.
-
-   For TCP transport, there is a 4 octet header in network byte order
-   precedes the message and specifies the length of the message. This
-   requirement is consistent with the TCP transport header in 1510bis.
-
-Request Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REQ length        |         AP-REQ data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                        KRB-PRIV message                       /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   All 16 bit fields are in network byte order. 
-
-   message length field: contains the number of bytes in the message 
-   including this field.
-
-   protocol version number: contains the hex constant 0x0002 (network
-   byte order).
-
-   AP-REQ length: length of AP-REQ data, in bytes. If the length is zero, 
-   then the last field contains a KRB-ERROR message instead of a KRB-PRIV 
-   message.
-
-   AP-REQ data: (see [3]) For a change password/key request, the AP-REQ 
-   message service ticket sname, srealm principal identifier is 
-   kadmin/changepw@REALM where REALM is the realm of the change password 
-   service. The same applies to a set password/key request except the 
-   principal identifier is kadmin/setpw@REALM. The ticket in the AP-REQ 
-   must include a subkey in the Authenticator. To enable setting of 
-   passwords/keys, it is not required that the initial flag be set in the 
-   Kerberos service ticket. The initial flag is required for change requests,
-   but not for set requests. We have the following definitions:
-
-                    old passwd   initial flag  target principal can be
-                    in request?  required?     distinct from 
-                                               authenticating principal?
-                                              
-   change password:  yes         yes           no
-
-   set password:     no          policy (*)    yes
-
-   set key:          no          policy (*)    yes
-                                 
-   change key:       no          yes           no
-
-   policy (*): implementations SHOULD allow administrators to set the
-   initial flag required for set requests policy to either yes or no.
-   Clients MUST be able to retry set requests that fail due to error 7
-   (initial flag required) with an initial ticket. Clients SHOULD NOT
-   cache service tickets targetted at kadmin/changepw.
-
-   KRB-PRIV message (see [3]) This KRB-PRIV message must be generated 
-   using the subkey from the authenticator in the AP-REQ data. 
-
-   The user-data component of the message consists of the following ASN.1 
-   structure encoded as an OCTET STRING:
-
-   ChangePasswdData :: =  SEQUENCE {
-                       newpasswdorkeys[0]   NewPasswdOrKeys,
-                       targname[1]          PrincipalName OPTIONAL,
-                         -- only present in set password/key: the principal
-                         -- which will have its password or keys set. Not
-                         -- present in a set request if the client principal
-                         -- from the ticket is the principal having its 
-                         -- passwords or keys set.
-                       targrealm[2]         Realm OPTIONAL, 
-                         -- only present in set password/key: the realm for 
-                         -- the principal which will have its password or
-                         -- keys set. Not present in a set request if the 
-                         -- client principal from the ticket is the principal 
-                         -- having its passwords or keys set.
-                       }
-
-   NewPasswdOrKeys :: = CHOICE {
-                       passwords[0]  PasswordSequence,  -- change/set passwd   
-                       keyseq[1]     KeySequences       -- change/set key
-   }
-                         
-   KeySequences :: = SEQUENCE OF KeySequence
-
-   KeySequence :: = SEQUENCE {
-                       key[0]        EncryptionKey,
-                       salt[1]       OCTET STRING OPTIONAL,
-                       salt-type[2]  INTEGER OPTIONAL
-   }
-
-   PasswordSequence :: = SEQUENCE {
-                       newpasswd[0]  OCTET STRING,
-                       oldpasswd[1]  OCTET STRING OPTIONAL
-                         -- oldpasswd always present for change password
-                         -- but not present for set password, set key, or
-                         -- change key
-   }
-
-   The server must verify the AP-REQ message, check whether the client 
-   principal in the ticket is authorized to set or change the password 
-   (either for that principal, or for the principal in the targname 
-   field if present), and decrypt the new password/keys. The server 
-   also checks whether the initial flag is required for this request, 
-   replying with status 0x0007 if it is not set and should be. An 
-   authorization failure is cause to respond with status 0x0005. For 
-   forward compatibility, the server should be prepared to ignore fields 
-   after targrealm in the structure that it does not understand. 
-
-   The newpasswdorkeys field contains either the new cleartext password 
-   (with the old cleartext password for a change password operation), 
-   or a sequence of encryption keys with their respective salts. 
-
-   In the cleartext password case, if the old password is sent in the
-   request, the request MUST be a change password request. If the old 
-   password is not present in the request, the request MUST be a set
-   password request. The server should apply policy checks to the old 
-   and new password after verifying that the old password is valid. 
-   The server can check validity by obtaining a key from the old 
-   password with a keytype that is present in the KDC database for the 
-   user and comparing the keys for equality. The server then generates 
-   the appropriate keytypes from the password and stores them in the KDC 
-   database. If all goes well, status 0x0000 is returned to the client 
-   in the reply message (see below). For a change password operation,
-   the initial flag in the service ticket MUST be set. 
-
-   In the key sequence case, the sequence of keys is sent to the change
-   or set password service (kadmin/changepw or kadmin/setpw respectively). 
-   For a principal that can act as a server, its preferred keytype should 
-   be sent as the first key in the sequence, but the KDC is not required 
-   to honor this preference. Application servers should use the key 
-   sequence option for changing/setting their keys. The change/set password 
-   services should check that all keys are in the proper format, returning 
-   the KRB5_KPASSWD_MALFORMED error otherwise. 
-
-Reply Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REP length        |         AP-REP data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                          KRB-PRIV message                     /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-
-   All 16 bit fields are in network byte order. 
-
-   message length field: contains the number of bytes in the message 
-   including this field.
-
-   protocol version number: contains the hex constant 0x0002 (network
-   byte order). (The reply message has the same format as in [4]).
-
-   AP-REP length: length of AP-REP data, in bytes. If the length is zero, 
-   then the last field contains a KRB-ERROR message instead of a KRB-PRIV 
-   message.
-
-   AP-REP data: the AP-REP is the response to the AP-REQ in the request 
-   packet.
-   
-   KRB-PRIV from [4]: This KRB-PRIV message must be generated using the 
-   subkey in the authenticator in the AP-REQ data.
-
-   The server will respond with a KRB-PRIV message unless it cannot
-   validate the client AP-REQ or KRB-PRIV message, in which case it will
-   respond with a KRB-ERROR message. NOTE: Unlike change password version
-   1, the KRB-ERROR message will be sent back without any encapsulation. 
-
-   The user-data component of the KRB-PRIV message, or e-data component 
-   of the KRB-ERROR message, must consist of the following data.
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          result code          |        result string          /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |                             edata                             /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-      result code (16 bits) (result codes 0-4 are from [4]):
-         The result code must have one of the following values (network
-         byte order):
-         KRB5_KPASSWD_SUCCESS      0 request succeeds (This value is not 
-                                     allowed in a KRB-ERROR message)
-         KRB5_KPASSWD_MALFORMED    1 request fails due to being malformed
-         KRB5_KPASSWD_HARDERROR    2 request fails due to "hard" error in
-                                     processing the request (for example, 
-                                     there is a resource or other problem 
-                                     causing the request to fail)
-         KRB5_KPASSWD_AUTHERROR    3 request fails due to an error in 
-                                     authentication processing
-         KRB5_KPASSWD_SOFTERROR    4 request fails due to a soft error 
-                                     in processing the request 
-         KRB5_KPASSWD_ACCESSDENIED 5 requestor not authorized
-         KRB5_KPASSWD_BAD_VERSION  6 protocol version unsupported
-         KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 initial flag required
-         KRB5_KPASSWD_POLICY_REJECT 8 new cleartext password fails policy;
-         the result string should include a text message to be presented
-         to the user.
-         KRB5_KPASSWD_BAD_PRINCIPAL 9 target principal does not exist
-         (only in response to a set password request).
-         KRB5_KPASSWD_ETYPE_NOSUPP 10 the request contains a key sequence
-         containing at least one etype that is not supported by the KDC.
-         The response edata contains an ASN.1 encoded PKERB-ETYPE-INFO 
-         type that specifies the etypes that the KDC supports:
-         
-         KERB-ETYPE-INFO-ENTRY :: = SEQUENCE {
-                encryption-type[0]  INTEGER,
-                salt[1]             OCTET STRING OPTIONAL -- not sent
-         }
-
-         PKERB-ETYPE-INFO ::= SEQUENCE OF KERB-ETYPE-INFO-ENTRY
-
-         The client should retry the request using only etypes (keytypes)
-         that are contained within the PKERB-ETYPE-INFO structure in the
-         previous response. 
-         0xFFFF if the request fails for some other reason.
-         The client must interpret any non-zero result code as a failure.
-      result string - from [4]:
-         This field is a UTF-8 encoded string which should be displayed
-         to the user by the client. Specific reasons for a password 
-
-         set/change policy failure is one use for this string. 
-      edata: used to convey additional information as defined by the 
-         result code. 
-
-4. Acknowledgements
-  
-   The authors thank Tony Andrea for his input to the document.
-
-5. References
-
-   [1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-       9, RFC 2026, October 1996. 
-    
-   [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-       Levels", BCP 14, RFC 2119, March 1997 
- 
-   [3] J. Kohl, C. Neuman. The Kerberos Network Authentication
-       Service (V5), Request for Comments 1510.
-
-   [4] M. Horowitz. Kerberos Change Password Protocol,
-       ftp://ds.internic.net/internet-drafts/
-       draft-ietf-cat-kerb-chg-password-02.txt
-
-6. Expiration Date
-
-   This draft expires in October 2000.
-
-7. Authors' Addresses
-
-   Jonathan Trostle
-   Cisco Systems
-   170 W. Tasman Dr.
-   San Jose, CA 95134
-   Email: jtrostle@cisco.com
-
-   Mike Swift 
-   1 Microsoft Way
-   Redmond, WA 98052
-   Email: mikesw@microsoft.com
-
-   John Brezak
-   1 Microsoft Way
-   Redmond, WA 98052
-   Email: jbrezak@microsoft.com
-
-   Bill Gossman
-   Cybersafe Corporation
-   1605 NW Sammamish Rd.
-   Issaquah, WA 98027-5378
-   Email: bill.gossman@cybersafe.com
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb-dns-locate-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb-dns-locate-00.txt
deleted file mode 100644
index e76a0e402ad1..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb-dns-locate-00.txt
+++ /dev/null
@@ -1,250 +0,0 @@
-INTERNET-DRAFT                                             Ken Hornstein
-<draft-ietf-cat-krb-dns-locate-00.txt>                               NRL
-June 21, 1999                                             Jeffrey Altman
-Expires: December 21, 1999                           Columbia University
-
-          Distributing Kerberos KDC and Realm Information with DNS
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as Internet-
-   Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet- Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Distribution of this memo is unlimited.  It is filed as <draft-ietf-
-   cat-krb-dns-locate-00.txt>, and expires on December 21, 1999.  Please
-   send comments to the authors.
-
-Abstract
-
-   Neither the Kerberos V5 protocol [RFC1510] nor the Kerberos V4 proto-
-   col [RFC????] describe any mechanism for clients to learn critical
-   configuration information necessary for proper operation of the pro-
-   tocol.  Such information includes the location of Kerberos key dis-
-   tribution centers or a mapping between DNS domains and Kerberos
-   realms.
-
-   Current Kerberos implementations generally store such configuration
-   information in a file on each client machine.  Experience has shown
-   this method of storing configuration information presents problems
-   with out-of-date information and scaling problems, especially when
-
-Hornstein, Altman                                               [Page 1]
-
-RFC DRAFT                                                  June 21, 1999
-
-   using cross-realm authentication.
-
-   This memo describes a method for using the Domain Name System
-   [RFC1035] for storing such configuration information.  Specifically,
-   methods for storing KDC location and hostname/domain name to realm
-   mapping information are discussed.
-
-Overview - KDC location information
-
-   KDC location information is to be stored using the DNS SRV RR [RFC
-   2052].  The format of this RR is as follows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for Kerberos is always "_kerberos".
-
-   The Proto can be either "_udp" or "_tcp".  If these records are to be
-   used, a "_udp" record MUST be included.  If the Kerberos implementa-
-   tion supports TCP transport, a "_tcp" record SHOULD be included.
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, Port, and Target have the standard
-   meaning as defined in RFC 2052.
-
-Example - KDC location information
-
-   These are DNS records for a Kerberos realm ASDF.COM.  It has two Ker-
-   beros servers, kdc1.asdf.com and kdc2.asdf.com.  Queries should be
-   directed to kdc1.asdf.com first as per the specified priority.
-   Weights are not used in these records.
-
-   _kerberos._udp.ASDF.COM.        IN      SRV     0 0 88 kdc1.asdf.com.
-   _kerberos._udp.ASDF.COM.        IN      SRV     1 0 88 kdc2.asdf.com.
-
-Overview - KAdmin location information
-
-   Kadmin location information is to be stored using the DNS SRV RR [RFC
-   2052].  The format of this RR is as follows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for Kadmin is always "_kadmin".
-
-   The Proto can be either "_udp" or "_tcp".  If these records are to be
-   used, a "_tcp" record MUST be included.  If the Kadmin implementation
-   supports UDP transport, a "_udp" record SHOULD be included.
-
-Hornstein, Altman                                               [Page 2]
-
-RFC DRAFT                                                  June 21, 1999
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, Port, and Target have the standard
-   meaning as defined in RFC 2052.
-
-Example - Kadmin location information
-
-   These are DNS records for a Kerberos realm ASDF.COM.  It has one Kad-
-   min server, kdc1.asdf.com.
-
-   _kadmin._tcp.ASDF.COM.  IN      SRV     0 0 88 kdc1.asdf.com.
-
-Overview - Hostname/domain name to Kerberos realm mapping
-
-   Information on the mapping of DNS hostnames and domain names to Ker-
-   beros realms is stored using DNS TXT records [RFC 1035].  These
-   records have the following format.
-
-   Service.Name TTL Class TXT Realm
-
-   The Service field is always "_kerberos", and prefixes all entries of
-   this type.
-
-   The Name is a DNS hostname or domain name.  This is explained in
-   greater detail below.
-
-   TTL, Class, and TXT have the standard DNS meaning as defined in RFC
-   1035.
-
-   The Realm is the data for the TXT RR, and consists simply of the Ker-
-   beros realm that corresponds to the Name specified.
-
-   When a Kerberos client wishes to utilize a host-specific service, it
-   will perform a DNS TXT query, using the hostname in the Name field of
-   the DNS query.  If the record is not found, the first label of the
-   name is stripped and the query is retried.
-
-   Compliant implementations MUST query the full hostname and the most
-   specific domain name (the hostname with the first label removed).
-   Compliant implementations SHOULD try stripping all subsequent labels
-   until a match is found or the Name field is empty.
-
-Example - Hostname/domain name to Kerberos realm mapping
-
-   For the previously mentioned ASDF.COM realm and domain, some sample
-   records might be as follows:
-
-   _kerberos.asdf.com.             IN      TXT     "ASDF.COM"
-
-Hornstein, Altman                                               [Page 3]
-
-RFC DRAFT                                                  June 21, 1999
-
-   _kerberos.mrkserver.asdf.com.   IN      TXT     "MARKETING.ASDF.COM"
-   _kerberos.salesserver.asdf.com. IN      TXT     "SALES.ASDF.COM"
-
-   Let us suppose that in this case, a Kerberos client wishes to use a
-   Kerberized service on the host foo.asdf.com.  It would first query:
-
-   _kerberos.foo.asdf.com. IN TXT
-
-   Finding no match, it would then query:
-
-   _kerberos.asdf.com. IN TXT
-
-   And find an answer of ASDF.COM.  This would be the realm that
-   foo.asdf.com resides in.
-
-   If another Kerberos client wishes to use a Kerberized service on the
-   host salesserver.asdf.com, it would query:
-
-   _kerberos.salesserver.asdf.com IN TXT
-
-   And find an answer of SALES.ASDF.COM.
-
-Security considerations
-
-   As DNS is deployed today, it is an unsecure service.  Thus the infor-
-   mation returned by it cannot be trusted.  However, the use of DNS to
-   store this configuration information does not introduce any new secu-
-   rity risks to the Kerberos protocol.
-
-   Current practice is to use hostnames to indicate KDC hosts (stored in
-   some implementation-dependent location, but generally a local config
-   file).  These hostnames are vulnerable to the standard set of DNS
-   attacks (denial of service, spoofed entries, etc).  The design of the
-   Kerberos protocol limits attacks of this sort to denial of service.
-   However, the use of SRV records does not change this attack in any
-   way.  They have the same vulnerabilities that already exist in the
-   common practice of using hostnames for KDC locations.
-
-   The same holds true for the TXT records used to indicate the domain
-   name to realm mapping.  Current practice is to configure these map-
-   pings locally.  But this again is vulnerable to spoofing via CNAME
-   records that point to hosts in other domains.  This has the same
-   effect as a spoofed TXT record.
-
-   While the described protocol does not introduce any new security
-   risks to the best of our knowledge, implementations SHOULD provide a
-   way of specifying this information locally without the use of DNS.
-   However, to make this feature worthwhile a lack of any configuration
-
-Hornstein, Altman                                               [Page 4]
-
-RFC DRAFT                                                  June 21, 1999
-
-   information on a client should be interpretted as permission to use
-   DNS.
-
-Expiration
-
-   This Internet-Draft expires on December 21, 1999.
-
-References
-
-   [RFC1510]
-        The Kerberos Network Authentication System; Kohl, Newman; Sep-
-        tember 1993.
-
-   [RFC1035]
-        Domain Names - Implementation and Specification; Mockapetris;
-        November 1987
-
-   [RFC2052]
-        A DNS RR for specifying the location of services (DNS SRV); Gul-
-        brandsen, Vixie; October 1996
-
-Authors' Addresses
-
-   Ken Hornstein
-   US Naval Research Laboratory
-   Bldg A-49, Room 2
-   4555 Overlook Avenue
-   Washington DC  20375 USA
-
-   Phone: +1 (202) 404-4765
-   EMail: kenh@cmf.nrl.navy.mil
-
-   Jeffrey Altman
-   The Kermit Project
-   Columbia University
-   612 West 115th Street #716
-   New York NY 10025-7799 USA
-
-   Phone: +1 (212) 854-1344
-   EMail: jaltman@columbia.edu
-
-Hornstein, Altman                                               [Page 5]
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb-dns-locate-02.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb-dns-locate-02.txt
deleted file mode 100644
index bd31750a15af..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb-dns-locate-02.txt
+++ /dev/null
@@ -1,339 +0,0 @@
-
-
-
-
-
-
-INTERNET-DRAFT                                             Ken Hornstein
-<draft-ietf-cat-krb-dns-locate-02.txt>                               NRL
-March 10, 2000                                            Jeffrey Altman
-Expires: September 10, 2000                          Columbia University
-
-
-
-          Distributing Kerberos KDC and Realm Information with DNS
-
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as Internet-
-   Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet- Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Distribution of this memo is unlimited.  It is filed as <draft-ietf-
-   cat-krb-dns-locate-02.txt>, and expires on September 10, 2000.  Please
-   send comments to the authors.
-
-Abstract
-
-   Neither the Kerberos V5 protocol [RFC1510] nor the Kerberos V4 proto-
-   col [RFC????] describe any mechanism for clients to learn critical
-   configuration information necessary for proper operation of the pro-
-   tocol.  Such information includes the location of Kerberos key dis-
-   tribution centers or a mapping between DNS domains and Kerberos
-   realms.
-
-   Current Kerberos implementations generally store such configuration
-   information in a file on each client machine.  Experience has shown
-   this method of storing configuration information presents problems
-   with out-of-date information and scaling problems, especially when
-
-
-
-Hornstein, Altman                                               [Page 1]
-
-RFC DRAFT                                                 March 10, 2000
-
-
-   using cross-realm authentication.
-
-   This memo describes a method for using the Domain Name System
-   [RFC1035] for storing such configuration information.  Specifically,
-   methods for storing KDC location and hostname/domain name to realm
-   mapping information are discussed.
-
-DNS vs. Kerberos - Case Sensitivity of Realm Names
-
-   In Kerberos, realm names are case sensitive.  While it is strongly
-   encouraged that all realm names be all upper case this recommendation
-   has not been adopted by all sites.  Some sites use all lower case
-   names and other use mixed case.  DNS on the other hand is case insen-
-   sitive for queries but is case preserving for responses to TXT
-   queries.  Since "MYREALM", "myrealm", and "MyRealm" are all different
-   it is necessary that the DNS entries be distinguishable.
-
-   Since the recommend realm names are all upper case, we will not
-   require any quoting to be applied to upper case names.  If the realm
-   name contains lower case characters each character is to be quoted by
-   a '=' character.  So "MyRealm" would be represented as "M=yR=e=a=l=m"
-   and "myrealm" as "=m=y=r=e=a=l=m".  If the realm name contains the
-   '=' character it will be represented as "==".
-
-
-Overview - KDC location information
-
-   KDC location information is to be stored using the DNS SRV RR [RFC
-   2052].  The format of this RR is as follows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for Kerberos is always "_kerberos".
-
-   The Proto can be either "_udp" or "_tcp".  If these records are to be
-   used, a "_udp" record MUST be included.  If the Kerberos implementa-
-   tion supports TCP transport, a "_tcp" record SHOULD be included.
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, Port, and Target have the standard
-   meaning as defined in RFC 2052.
-
-Example - KDC location information
-
-   These are DNS records for a Kerberos realm ASDF.COM.  It has two Ker-
-   beros servers, kdc1.asdf.com and kdc2.asdf.com.  Queries should be
-   directed to kdc1.asdf.com first as per the specified priority.
-
-
-
-Hornstein, Altman                                               [Page 2]
-
-RFC DRAFT                                                 March 10, 2000
-
-
-   Weights are not used in these records.
-
-   _kerberos._udp.ASDF.COM.        IN      SRV     0 0 88 kdc1.asdf.com.
-   _kerberos._udp.ASDF.COM.        IN      SRV     1 0 88 kdc2.asdf.com.
-
-Overview - Kerberos password changing server location information
-
-   Kerberos password changing server [KERB-CHG] location is to be stored
-   using the DNS SRV RR [RFC 2052].  The format of this RR is as fol-
-   lows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for the password server is always "_kpasswd".
-
-   The Proto MUST be "_udp".
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, Port, and Target have the standard
-   meaning as defined in RFC 2052.
-
-Overview - Kerberos admin server location information
-
-   Kerberos admin location information is to be stored using the DNS SRV
-   RR [RFC 2052].  The format of this RR is as follows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for the admin server is always "_kerberos-adm".
-
-   The Proto can be either "_udp" or "_tcp".  If these records are to be
-   used, a "_tcp" record MUST be included.  If the Kerberos admin imple-
-   mentation supports UDP transport, a "_udp" record SHOULD be included.
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, Port, and Target have the standard
-   meaning as defined in RFC 2052.
-
-   Note that there is no formal definition of a Kerberos admin protocol,
-   so the use of this record is optional and implementation-dependent.
-
-Example - Kerberos administrative server location information
-
-   These are DNS records for a Kerberos realm ASDF.COM.  It has one
-   administrative server, kdc1.asdf.com.
-
-
-
-
-Hornstein, Altman                                               [Page 3]
-
-RFC DRAFT                                                 March 10, 2000
-
-
-   _kerberos-adm._tcp.ASDF.COM.    IN      SRV     0 0 88 kdc1.asdf.com.
-
-Overview - Hostname/domain name to Kerberos realm mapping
-
-   Information on the mapping of DNS hostnames and domain names to Ker-
-   beros realms is stored using DNS TXT records [RFC 1035].  These
-   records have the following format.
-
-   Service.Name TTL Class TXT Realm
-
-   The Service field is always "_kerberos", and prefixes all entries of
-   this type.
-
-   The Name is a DNS hostname or domain name.  This is explained in
-   greater detail below.
-
-   TTL, Class, and TXT have the standard DNS meaning as defined in RFC
-   1035.
-
-   The Realm is the data for the TXT RR, and consists simply of the Ker-
-   beros realm that corresponds to the Name specified.
-
-   When a Kerberos client wishes to utilize a host-specific service, it
-   will perform a DNS TXT query, using the hostname in the Name field of
-   the DNS query.  If the record is not found, the first label of the
-   name is stripped and the query is retried.
-
-   Compliant implementations MUST query the full hostname and the most
-   specific domain name (the hostname with the first label removed).
-   Compliant implementations SHOULD try stripping all subsequent labels
-   until a match is found or the Name field is empty.
-
-Example - Hostname/domain name to Kerberos realm mapping
-
-   For the previously mentioned ASDF.COM realm and domain, some sample
-   records might be as follows:
-
-   _kerberos.asdf.com.             IN      TXT     "ASDF.COM"
-   _kerberos.mrkserver.asdf.com.   IN      TXT     "MARKETING.ASDF.COM"
-   _kerberos.salesserver.asdf.com. IN      TXT     "SALES.ASDF.COM"
-
-   Let us suppose that in this case, a Kerberos client wishes to use a
-   Kerberized service on the host foo.asdf.com.  It would first query:
-
-   _kerberos.foo.asdf.com. IN TXT
-
-   Finding no match, it would then query:
-
-
-
-
-Hornstein, Altman                                               [Page 4]
-
-RFC DRAFT                                                 March 10, 2000
-
-
-   _kerberos.asdf.com. IN TXT
-
-   And find an answer of ASDF.COM.  This would be the realm that
-   foo.asdf.com resides in.
-
-   If another Kerberos client wishes to use a Kerberized service on the
-   host salesserver.asdf.com, it would query:
-
-   _kerberos.salesserver.asdf.com IN TXT
-
-   And find an answer of SALES.ASDF.COM.
-
-Security considerations
-
-   As DNS is deployed today, it is an unsecure service.  Thus the infor-
-   mation returned by it cannot be trusted.
-
-   Current practice for REALM to KDC mapping is to use hostnames to
-   indicate KDC hosts (stored in some implementation-dependent location,
-   but generally a local config file).  These hostnames are vulnerable
-   to the standard set of DNS attacks (denial of service, spoofed
-   entries, etc).  The design of the Kerberos protocol limits attacks of
-   this sort to denial of service.  However, the use of SRV records does
-   not change this attack in any way.  They have the same vulnerabili-
-   ties that already exist in the common practice of using hostnames for
-   KDC locations.
-
-   Current practice for HOSTNAME to REALM mapping is to provide a local
-   configuration of mappings of hostname or domain name to realm which
-   are then mapped to KDCs.  But this again is vulnerable to spoofing
-   via CNAME records that point to hosts in other domains.  This has the
-   same effect as when a TXT record is spoofed.  In a realm with no
-   cross-realm trusts this is a DoS attack.  However, when cross-realm
-   trusts are used it is possible to redirect a client to use a comprom-
-   ised realm.
-
-   This is not an exploit of the Kerberos protocol but of the Kerberos
-   trust model.  The same can be done to any application that must
-   resolve the hostname in order to determine which domain a non-FQDN
-   belongs to.
-
-   Implementations SHOULD provide a way of specifying this information
-   locally without the use of DNS.  However, to make this feature
-   worthwhile a lack of any configuration information on a client should
-   be interpretted as permission to use DNS.
-
-
-
-
-
-
-Hornstein, Altman                                               [Page 5]
-
-RFC DRAFT                                                 March 10, 2000
-
-
-Expiration
-
-   This Internet-Draft expires on September 10, 2000.
-
-References
-
-
-   [RFC1510]
-        The Kerberos Network Authentication System; Kohl, Newman; Sep-
-        tember 1993.
-
-   [RFC1035]
-        Domain Names - Implementation and Specification; Mockapetris;
-        November 1987
-
-   [RFC2782]
-        A DNS RR for specifying the location of services (DNS SRV); Gul-
-        brandsen, Vixie; Feburary 2000
-
-   [KERB-CHG]
-        Kerberos Change Password Protocol; Horowitz;
-        ftp://ds.internic.net/internet-drafts/draft-ietf-cat-kerb-chg-
-        password-02.txt
-
-Authors' Addresses
-
-   Ken Hornstein
-   US Naval Research Laboratory
-   Bldg A-49, Room 2
-   4555 Overlook Avenue
-   Washington DC  20375 USA
-
-   Phone: +1 (202) 404-4765
-   EMail: kenh@cmf.nrl.navy.mil
-
-   Jeffrey Altman
-   The Kermit Project
-   Columbia University
-   612 West 115th Street #716
-   New York NY 10025-7799 USA
-
-   Phone: +1 (212) 854-1344
-   EMail: jaltman@columbia.edu
-
-
-
-
-
-
-
-
-Hornstein, Altman                                               [Page 6]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb5gss-mech2-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb5gss-mech2-03.txt
deleted file mode 100644
index 11e5dc9f9548..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-krb5gss-mech2-03.txt
+++ /dev/null
@@ -1,1333 +0,0 @@
-
-INTERNET-DRAFT                                                    Tom Yu
-Common Authentication Technology WG                                  MIT
-draft-ietf-cat-krb5gss-mech2-03.txt                        04 March 2000
-
-           The Kerberos Version 5 GSSAPI Mechanism, Version 2
-
-Status of This Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as Internet-
-   Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Comments on this document should be sent to
-   "ietf-cat-wg@lists.stanford.edu", the IETF Common Authentication
-   Technology WG discussion list.
-
-Abstract
-
-   This document defines protocols, procedures, and conventions to be
-   employed by peers implementing the Generic Security Service
-   Application Program Interface (as specified in RFC 2743) when using
-   Kerberos Version 5 technology (as specified in RFC 1510).  This
-   obsoletes RFC 1964.
-
-Acknowledgements
-
-   Much of the material in this specification is based on work done for
-   Cygnus Solutions by Marc Horowitz.
-
-Table of Contents
-
-   Status of This Memo ............................................    1
-   Abstract .......................................................    1
-   Acknowledgements ...............................................    1
-   Table of Contents ..............................................    1
-   1.  Introduction ...............................................    3
-   2.  Token Formats ..............................................    3
-      2.1.  Packet Notation .......................................    3
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 1]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-      2.2.  Mechanism OID .........................................    4
-      2.3.  Context Establishment .................................    4
-         2.3.1.  Option Format ....................................    4
-            2.3.1.1.  Delegated Credentials Option ................    5
-            2.3.1.2.  Null Option .................................    5
-         2.3.2.  Initial Token ....................................    6
-            2.3.2.1.  Data to be Checksummed in APREQ .............    8
-         2.3.3.  Response Token ...................................   10
-      2.4.  Per-message Tokens ....................................   12
-         2.4.1.  Sequence Number Usage ............................   12
-         2.4.2.  MIC Token ........................................   12
-            2.4.2.1.  Data to be Checksummed in MIC Token .........   13
-         2.4.3.  Wrap Token .......................................   14
-            2.4.3.1.  Wrap Token With Integrity Only ..............   14
-            2.4.3.2.  Wrap Token With Integrity and Encryption
-                      .............................................   15
-               2.4.3.2.1.  Data to be Encrypted in Wrap Token .....   16
-   3.  ASN.1 Encoding of Octet Strings ............................   17
-   4.  Name Types .................................................   18
-      4.1.  Mandatory Name Forms ..................................   18
-         4.1.1.  Kerberos Principal Name Form .....................   18
-         4.1.2.  Exported Name Object Form for Kerberos5
-                 Mechanism ........................................   19
-   5.  Credentials ................................................   20
-   6.  Parameter Definitions ......................................   20
-      6.1.  Minor Status Codes ....................................   20
-         6.1.1.  Non-Kerberos-specific codes ......................   21
-         6.1.2.  Kerberos-specific-codes ..........................   21
-   7.  Kerberos Protocol Dependencies .............................   22
-   8.  Security Considerations ....................................   22
-   9.  References .................................................   22
-   10.  Author's Address ..........................................   23
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 2]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-1.  Introduction
-
-   The original Kerberos 5 GSSAPI mechanism[RFC1964] has a number of
-   shortcomings.  This document attempts to remedy them by defining a
-   completely new Kerberos 5 GSSAPI mechanism.
-
-   The context establishment token format requires that the
-   authenticator of AP-REQ messages contain a cleartext data structure
-   in its checksum field, which is a needless and potentially confusing
-   overloading of that field.  This is implemented by a special checksum
-   algorithm whose purpose is to copy the input data directly into the
-   checksum field of the authenticator.
-
-   The number assignments for checksum algorithms and for encryption
-   types are inconsistent between the Kerberos protocol and the original
-   GSSAPI mechanism.  If new encryption or checksum algorithms are added
-   to the Kerberos protocol at some point, the GSSAPI mechanism will
-   need to be separately updated to use these new algorithms.
-
-   The original mechanism specifies a crude method of key derivation (by
-   using the XOR of the context key with a fixed constant), which is
-   incompatible with newer cryptosystems which specify key derivation
-   procedures themselves.  The original mechanism also assumes that both
-   checksums and cryptosystem blocksizes are eight bytes.
-
-   Defining all GSSAPI tokens for the new Kerberos 5 mechanism in terms
-   of the Kerberos protocol specification ensures that new encryption
-   types and checksum types may be automatically used as they are
-   defined for the Kerberos protocol.
-
-2.  Token Formats
-
-   All tokens, not just the initial token, are framed as the
-   InitialContextToken described in RFC 2743 section 3.1.  The
-   innerContextToken element of the token will not itself be encoded in
-   ASN.1, with the exception of caller-provided application data.
-
-   One rationale for avoiding the use of ASN.1 in the inner token is
-   that some implementors may wish to implement this mechanism in a
-   kernel or other similarly constrained application where handling of
-   full ASN.1 encoding may be cumbersome.  Also, due to the poor
-   availability of the relevant standards documents, ASN.1 encoders and
-   decoders are difficult to implement completely correctly, so keeping
-   ASN.1 usage to a minimum decreases the probability of bugs in the
-   implementation of the mechanism.  In particular, bit strings need to
-   be transferred at certain points in this mechanism.  There are many
-   conflicting common misunderstandings of how to encode and decode
-   ASN.1 bit strings, which have led difficulties in the implementaion
-   of the Kerberos protocol.
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 3]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-2.1.  Packet Notation
-
-   The order of transmission of this protocol is described at the octet
-   level.  Packet diagrams depict bits in the order of transmission,
-   assuming that individual octets are transmitted with the most
-   significant bit (MSB) first.  The diagrams read from left to right
-   and from top to bottom, as in printed English.  In each octet, bit
-   number 7 is the MSB and bit number 0 is the LSB.
-
-   Numbers prefixed by the characters "0x" are in hexadecimal notation,
-   as in the C programming language.  Even though packet diagrams are
-   drawn 16 bits wide, no padding should be used to align the ends of
-   variable-length fields to a 32-bit or 16-bit boundary.
-
-   All integer fields are in network byte order.  All other fields have
-   the size shown in the diagrams, with the exception of variable length
-   fields.
-
-2.2.  Mechanism OID
-
-   The Object Identifier (OID) of the new krb5 v2 mechanism is:
-
-   {iso(1) member-body(2) us(840) mit(113554) infosys(1) gssapi(2)
-   krb5v2(3)}
-
-
-2.3.  Context Establishment
-
-2.3.1.  Option Format
-
-   Context establishment tokens, i.e., the initial ones that the
-   GSS_Init_sec_context() and the GSS_Accept_sec_context() calls emit
-   while a security context is being set up, may contain options that
-   influence the subsequent behavior of the context.  This document
-   describes only a small set of options, but additional types may be
-   added by documents intended to supplement this one.  The generic
-   format is as follows:
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                          option type                          |
-     +-------------------------------+-------------------------------+
-  2  |                                                               |
-     +--                  option length (32 bits)                  --+
-  4  |                                                               |
-     +-------------------------------+-------------------------------+
-  6  |                               .                               |
-     /                 option data (variable length)                 /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 4]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   option type (16 bits)
-        The type identifier of the following option.
-
-   option length (32 bits)
-        The length in bytes of the following option.
-
-   option data (variable length)
-        The actual option data.
-
-   Any number of options may appear in an initator or acceptor token.
-   The final option in a token must be the null option, in order to mark
-   the end of the list.  Option type 0xffff is reserved.
-
-   The initiator and acceptor shall ignore any options that they do not
-   understand.
-
-2.3.1.1.  Delegated Credentials Option
-
-   Only the initiator may use this option.  The format of the delegated
-   credentials option is as follows:
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                     option type = 0x00001                     |
-     +-------------------------------+-------------------------------+
-  2  |                                                               |
-     +--                      KRB-CRED length                      --+
-  4  |                                                               |
-     +-------------------------------+-------------------------------+
-  6  |                               .                               |
-     /                        KRB-CRED message                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   option type (16 bits)
-        The option type for this option shall be 0x0001.
-
-   KRB-CRED length (32 bits)
-        The length in bytes of the following KRB-CRED message.
-
-   KRB-CRED message (variable length)
-        The option data for this option shall be the KRB-CRED message
-        that contains the credentials being delegated (forwarded) to the
-        context acceptor.  Only the initiator may use this option.
-
-2.3.1.2.  Null Option
-
-   The Null option terminates the option list, and must be used by both
-   the initiator and the acceptor.  Its format is as follows:
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 5]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                        option type = 0                        |
-     +-------------------------------+-------------------------------+
-  2  |                                                               |
-     +--                         length = 0                        --+
-  4  |                                                               |
-     +-------------------------------+-------------------------------+
-
-
-   option type (16 bits)
-        The option type of this option must be zero.
-
-   option length (32 bits)
-        The length of this option must be zero.
-
-2.3.2.  Initial Token
-
-   This is the initial token sent by the context initiator, generated by
-   GSS_Init_sec_context().
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                   initial token id = 0x0101                   |
-     +-------------------------------+-------------------------------+
-  2  |                                                               |
-     +--         reserved flag bits          +-----------------------+
-  4  |                                       | I | C | S | R | M | D |
-     +-------------------------------+-------------------------------+
-  6  |                      checksum type count                      |
-     +-------------------------------+-------------------------------+
-  8  |                               .                               |
-     /                       checksum type list                      /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  n  |                               .                               |
-     /                            options                            /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  m  |                                                               |
-     +--                       AP-REQ length                       --+
- m+2 |                                                               |
-     +-------------------------------+-------------------------------+
- m+4 |                               .                               |
-     /                          AP-REQ data                          /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   initial token ID (16 bits)
-        Contains the integer 0x0101, which identifies this as the
-        initial token in the context setup.
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 6]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   reserved flag bits (26 bits)
-        These bits are reserved for future expansion.  They must be set
-        to zero by the initiator and be ignored by the acceptor.
-
-   I flag (1 bit)
-        0x00000020 -- GSS_C_INTEG_FLAG
-
-   C flag (1 bit)
-        0x00000010 -- GSS_C_CONF_FLAG
-
-   S flag (1 bit)
-        0x00000008 -- GSS_C_SEQUENCE_FLAG
-
-   R flag (1 bit)
-        0x00000004 -- GSS_C_REPLAY_FLAG
-
-   M flag (1 bit)
-        0x00000002 -- GSS_C_MUTUAL_FLAG
-
-   D flag (1 bit)
-        0x00000001 -- GSS_C_DELEG_FLAG; This flag must be set if the
-        "delegated credentials" option is included.
-
-   checksum type count (16 bits)
-        The number of checksum types supported by the initiator.
-
-   checksum type list (variable length)
-        A list of Kerberos checksum types, as defined in RFC 1510
-        section 6.4. These checksum types must be collision-proof and
-        keyed with the context key; no checksum types that are
-        incompatible with the encryption key shall be used.  Each
-        checksum type number shall be 32 bits wide.  This list should
-        contain all the checksum types supported by the initiator.  If
-        mutual authentication is not used, then this list shall contain
-        only one checksum type.
-
-   options (variable length)
-        The context initiation options, described in section 2.3.1.
-
-   AP-REQ length (32 bits)
-        The length of the following KRB_AP_REQ message.
-
-   AP-REQ data (variable length)
-        The AP-REQ message as described in RFC 1510.  The checksum in
-        the authenticator will be computed over the items listed in the
-        next section.
-
-   The optional sequence number field shall be used in the AP-REQ.  The
-   initiator should generate a subkey in the authenticator, and the
-   acceptor should generate a subkey in the AP-REP.  The key used for
-   the per-message tokens will be the AP-REP subkey, or if that is not
-   present, the authenticator subkey, or if that is not present, the
-   session key.  When subkeys are generated, it is strongly recommended
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 7]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   that they be of the same type as the associated session key.
-
-   XXX The above is not secure.  There should be an algorithmic process
-   to arrive at a subsession key which both sides of the authentication
-   exchange can perform based on the ticket sessions key and data known
-   to both parties, and this should probably be part of the revised
-   Kerberos protocol rather than bound to the GSSAPI mechanism.
-
-2.3.2.1.  Data to be Checksummed in AP-REQ
-
-   The checksum in the AP-REQ message is calculated over the following
-   items.  Like in the actual tokens, no padding should be added to
-   force integer fields to align on 32 bit boundaries.  This particular
-   set of data should not be sent as a part of any token; it merely
-   specifies what is to be checksummed in the AP-REQ.  The items in this
-   encoding that precede the initial token ID correspond to the channel
-   bindings passed to GSS_Init_sec_context().
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 8]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                                                               |
-     +--                   initiator address type                  --+
-  2  |                                                               |
-     +-------------------------------+-------------------------------+
-  4  |                    initiator address length                   |
-     +-------------------------------+-------------------------------+
-  6  |                               .                               |
-     /                       initiator address                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  n  |                                                               |
-     +--                   acceptor address type                   --+
-     |                                                               |
-     +-------------------------------+-------------------------------+
- n+4 |                    acceptor address length                    |
-     +-------------------------------+-------------------------------+
- n+6 |                               .                               |
-     /                        acceptor address                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  m  |                               .                               |
-     /                        application data                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  k  |                   initial token id = 0x0101                   |
-     +-------------------------------+-------------------------------+
- k+2 |                                                               |
-     +--                           flags                           --+
- k+4 |                                                               |
-     +-------------------------------+-------------------------------+
- k+6 |                      checksum type count                      |
-     +-------------------------------+-------------------------------+
- k+8 |                               .                               |
-     /                       checksum type list                      /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  j  |                               .                               |
-     /                            options                            /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   initiator address type (32 bits)
-        The initiator address type, as defined in the Kerberos protocol
-        specification.  If no initiator address is provided, this must
-        be zero.
-
-   initiator address length (16 bits)
-        The length in bytes of the following initiator address.  If
-        there is no inititator address provided, this must be zero.
-
-
-Yu                  Document Expiration: 04 Sep 2000            [Page 9]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   initiator address (variable length)
-        The actual initiator address, in network byte order.
-
-   acceptor address type (32 bits)
-        The acceptor address type, as defined in the Kerberos protocol
-        specification.  If no acceptor address is provided, this must be
-        zero.
-
-   acceptor address length (16 bits)
-        The length in bytes of the following acceptor address.  This
-        must be zero is there is no acceptor address provided.
-
-   initiator address (variable length)
-        The actual acceptor address, in network byte order.
-
-   applicatation data (variable length)
-        The application data, if provided, encoded as a ASN.1 octet
-        string using DER.  If no application data are passed as input
-        channel bindings, this shall be a zero-length ASN.1 octet
-        string.
-
-   initial token ID (16 bits)
-        The initial token ID from the initial token.
-
-   flags (32 bits)
-        The context establishment flags from the initial token.
-
-   checksum type count (16 bits)
-        The number of checksum types supported by the initiator.
-
-   checksum type list (variable length)
-        The same list of checksum types contained in the initial token.
-
-   options (variable length)
-        The options list from the initial token.
-
-2.3.3.  Response Token
-
-   This is the reponse token sent by the context acceptor, if mutual
-   authentication is enabled.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 10]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                   response token id = 0x0202                  |
-     +-------------------------------+-------------------------------+
-  2  |                                                               |
-     +--                  reserved flag bits                 +-------+
-  4  |                                                       | D | E |
-     +-------------------------------+-------------------------------+
-  6  |                                                               |
-     +--                       checksum type                       --+
-  8  |                                                               |
-     +-------------------------------+-------------------------------+
- 10  |                               .                               |
-     /                            options                            /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  n  |                                                               |
-     +--                 AP-REP or KRB-ERROR length                --+
- n+2 |                                                               |
-     +-------------------------------+-------------------------------+
- n+4 |                               .                               |
-     /                    AP-REP or KRB-ERROR data                   /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  m  |                               .                               |
-     /                            MIC data                           /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   response token id (16 bits)
-        Contains the integer 0x0202, which identifies this as the
-        response token in the context setup.
-
-   reserved flag bits (30 bits)
-        These bits are reserved for future expansion.  They must be set
-        to zero by the acceptor and be ignored by the initiator.
-
-   D flag -- delegated creds accepted (1 bit)
-        0x00000002 -- If this flag is set, the acceptor processed the
-        delegated credentials, and GSS_C_DELEG_FLAG should be returned
-        to the caller.
-
-   E flag -- error (1 bit)
-        0x00000001 -- If this flag is set, a KRB-ERROR message shall be
-        present, rather than an AP-REP message.  If this flag is not
-        set, an AP-REP message shall be present.
-
-   checksum type count (16 bits)
-        The number of checksum types supported by both the initiator and
-        the acceptor.
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 11]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   checksum type (32 bits)
-        A Kerberos checksum type, as defined in RFC 1510 section 6.4.
-        This checksum type must be among the types listed by the
-        initiator, and will be used in for subsequent checksums
-        generated during this security context.
-
-   options (variable length)
-        The option list, as described earlier.  At this time, no options
-        are defined for the acceptor, but an implementation might make
-        use of these options to acknowledge an option from the initial
-        token.  After all the options are specified, a null option must
-        be used to terminate the list.
-
-   AP-REP or KRB-ERROR length (32 bits)
-        Depending on the value of the error flag, length in bytes of the
-        AP-REP or KRB-ERROR message.
-
-   AP-REP or KRB-ERROR data (variable length)
-        Depending on the value of the error flag, the AP-REP or
-        KRB-ERROR message as described in RFC 1510.  If this field
-        contains an AP-REP message, the sequence number field in the
-        AP-REP shall be filled.  If this is a KRB-ERROR message, no
-        further fields will be in this message.
-
-   MIC data (variable length)
-        A MIC token, as described in section 2.4.2, computed over the
-        concatentation of the response token ID, flags, checksum length
-        and type fields, and all option fields.  This field and the
-        preceding length field must not be present if the error flag is
-        set.
-
-2.4.  Per-message Tokens
-
-2.4.1.  Sequence Number Usage
-
-   Sequence numbers for per-message tokens are 31 bit unsigned integers,
-   which are incremented by 1 after each token.  An overflow condition
-   should result in a wraparound of the sequence number to zero.  The
-   initiator and acceptor each keep their own sequence numbers per
-   connection.
-
-   The intial sequence number for tokens sent from the initiator to the
-   acceptor shall be the least significant 31 bits of sequence number in
-   the AP-REQ message.  The initial sequence number for tokens sent from
-   the acceptor to the initiator shall be the least significant 31 bits
-   of the sequence number in the AP-REP message if mutual authentication
-   is used; if mutual authentication is not used, the initial sequence
-   number from acceptor to initiator shall be the least significant 31
-   bits of the sequence number in the AP-REQ message.
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 12]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-2.4.2.  MIC Token
-
-   Use of the GSS_GetMIC() call yields a token, separate from the user
-   data being protected, which can be used to verify the integrity of
-   that data when it is received.  The MIC token has the following
-   format:
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                     MIC token id = 0x0303                     |
-     +-------------------------------+-------------------------------+
-  2  | D |                                                           |
-     +---+                     sequence number                     --+
-  4  |                                                               |
-     +-------------------------------+-------------------------------+
-  6  |                        checksum length                        |
-     +-------------------------------+-------------------------------+
-  8  |                               .                               |
-     /                         checksum data                         /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   MIC token id (16 bits)
-        Contains the integer 0x0303, which identifies this as a MIC
-        token.
-
-   D -- direction bit (1 bit)
-        This bit shall be zero if the message is sent from the context
-        initiator.  If the message is sent from the context acceptor,
-        this bit shall be one.
-
-   sequence number (31 bits)
-        The sequence number.
-
-   checksum length (16 bits)
-        The number of bytes in the following checksum data field.
-
-   checksum data (variable length)
-        The checksum itself, as defined in RFC 1510 section 6.4.  The
-        checksum is calculated over the encoding described in the
-        following section.  The key usage GSS_TOK_MIC -- 22 [XXX need to
-        register this] shall be used in cryptosystems that support key
-        derivation.
-
-   The mechanism implementation shall only use the checksum type
-   returned by the acceptor in the case of mutual authentication.  If
-   mutual authentication is not requested, then only the checksum type
-   in the initiator token shall be used.
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 13]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-2.4.2.1.  Data to be Checksummed in MIC Token
-
-   The checksum in the MIC token shall be calculated over the following
-   elements.  This set of data is not actually included in the token as
-   is; the description only appears for the purpose of specifying the
-   method of calculating the checksum.
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                     MIC token id = 0x0303                     |
-     +-------------------------------+-------------------------------+
-  2  | D |                                                           |
-     +---+                     sequence number                     --+
-  4  |                                                               |
-     +-------------------------------+-------------------------------+
-  6  |                               .                               |
-     /                        application data                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   MIC token ID (16 bits)
-        The MIC token ID from the MIC message.
-
-   D -- direction bit (1 bit)
-        This bit shall be zero if the message is sent from the context
-        initiator.  If the message is sent from the context acceptor,
-        this bit shall be one.
-
-   sequence number (31 bits)
-        The sequence number.
-
-   application data (variable length)
-        The application-supplied data, encoded as an ASN.1 octet string
-        using DER.
-
-2.4.3.  Wrap Token
-
-   Use of the GSS_Wrap() call yields a token which encapsulates the
-   input user data (optionally encrypted) along with associated
-   integrity check quantities.
-
-2.4.3.1.  Wrap Token With Integrity Only
-
-
-
-
-
-
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 14]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  |                integrity wrap token id = 0x0404               |
-     +-------------------------------+-------------------------------+
-  2  | D |                                                           |
-     +---+                     sequence number                     --+
-  4  |                                                               |
-     +-------------------------------+-------------------------------+
-  6  |                               .                               |
-     /                        application data                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-  n  |                        checksum length                        |
-     +-------------------------------+-------------------------------+
- n+2 |                               .                               |
-     /                         checksum data                         /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   integrity wrap token id (16 bits)
-        Contains the integer 0x0404, which identifies this as a Wrap
-        token with integrity only.
-
-   D -- direction bit (1 bit)
-        This bit shall be zero if the message is sent from the context
-        initiator.  If the message is sent from the context acceptor,
-        this bit shall be one.
-
-   sequence number (31 bits)
-        The sequence number.
-
-   application data (variable length)
-        The application-supplied data, encoded as an ASN.1 octet string
-        using DER.
-
-   checksum length (16 bits)
-        The number of bytes in the following checksum data field.
-
-   checksum data (variable length)
-        The checksum itself, as defined in RFC 1510 section 6.4,
-        computed over the concatenation of the token ID, sequence
-        number, direction field, application data length, and
-        application data, as in the MIC token checksum in the previous
-        section.  The key usage GSS_TOK_WRAP_INTEG -- 23 [XXX need to
-        register this] shall be used in cryptosystems that support key
-        derivation.
-
-   The mechanism implementation should only use checksum types which it
-   knows to be valid for both peers, as described for MIC tokens.
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 15]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-2.4.3.2.  Wrap Token With Integrity and Encryption
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-     |                encrypted wrap token id = 0x0505               |
-     +-------------------------------+-------------------------------+
-  2  |                               .                               |
-     /                         encrypted data                        /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   encrypted wrap token id (16 bits)
-        Contains the integer 0x0505, which identifies this as a Wrap
-        token with integrity and encryption.
-
-   encrypted data (variable length)
-        The encrypted data itself, as defined in RFC 1510 section 6.3,
-        encoded as an ASN.1 octet string using DER.  Note that this is
-        not the ASN.1 type EncryptedData as defined in RFC 1510
-        section 6.1, but rather the ciphertext without encryption type
-        or kvno information.  The encryption is performed using the
-        key/enctype exchanged during context setup.  The confounder and
-        checksum are as specified in the Kerberos protocol
-        specification.  The key usage GSS_TOK_WRAP_PRIV -- 24 [XXX need
-        to register this] shall be used in cryptosystems that support
-        key derivation.  The actual data to be encrypted are specified
-        below.
-
-2.4.3.2.1.  Data to be Encrypted in Wrap Token
-
-  bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
-byte +-------------------------------+-------------------------------+
-  0  | D |                                                           |
-     +---+                     sequence number                     --+
-  2  |                                                               |
-     +-------------------------------+-------------------------------+
-  4  |                               .                               |
-     /                        application data                       /
-     |                               .                               |
-     +-------------------------------+-------------------------------+
-
-
-   D -- direction bit (1 bit)
-        This bit shall be zero if the message is sent from the context
-        initiator.  If the message is sent from the context acceptor,
-        this bit shall be one.
-
-   sequence number (31 bits)
-        The sequence number.
-
-   application data (variable length)
-        The application-supplied data, encoded as an ASN.1 octet string
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 16]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-        using DER.
-
-3.  ASN.1 Encoding of Octet Strings
-
-   In order to encode arbitirarly-sized application data, ASN.1 octet
-   string encoding is in this protocol.  The Distinguished Encoding
-   Rules (DER) shall always be used in such cases.  For reference
-   purposes, the DER encoding of an ASN.1 octet string, adapted from
-   ITU-T X.690, follows:
-
-   +--------+-------//-------+-------//-------+
-   |00000100| length octets  |contents octets |
-   +--------+-------//-------+-------//-------+
-    |
-    +-- identifier octet = 0x04 = [UNIVERSAL 4]
-
-
-   In this section only, the bits in each octet shall be numbered as in
-   the ASN.1 specification, from 8 to 1, with bit 8 being the MSB of the
-   octet, and with bit 1 being the LSB of the octet.
-
-   identifier octet (8 bits)
-        Contains the constant 0x04, the tag for primitive encoding of an
-        octet string with the default (UNIVERSAL 4) tag.
-
-   length octets (variable length)
-        Contains the length of the contents octets, in definite form
-        (since this encoding uses DER).
-
-   contents octets (variable length)
-        The contents of the octet string.
-
-   The length octets shall consist of either a short form (one byte
-   only), which is to be used only if the number of octets in the
-   contents octets is less than or equal to 127, or a long form, which
-   is to be used in all other cases.  The short form shall consist of a
-   single octet with bit 8 (the MSB) equal to zero, and the remaining
-   bits encoding the number of contents octets (which may be zero) as an
-   unsigned binary integer.
-
-   The long form shall consist of an initial octet and one or more
-   subsequent octets.  The first octet shall have bit 8 (the MSB) set to
-   one, and the remaining bits shall encode the number of subsequent
-   octets in the length encoding as an unsigned binary integer.  The
-   length must be encoded in the minimum number of octets.  An initial
-   octet of 0xFF is reserved by the ASN.1 specification.  Bits 8 to 1 of
-   the first subsequent octet, followed by bits 8 to 1 of each
-   subsequent octet in order, shall be the encoding of an unsigned
-   binary integer, with bit 8 of the first octet being the most
-   significant bit.  Thus, the length encoding within is in network byte
-   order.
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 17]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   An initial length octet of 0x80 shall not be used, as that is
-   reserved by the ASN.1 specification for indefinite lengths in
-   conjunction with constructed contents encodings, which are not to be
-   used with DER.
-
-4.  Name Types
-
-   This section discusses the name types which may be passed as input to
-   the Kerberos 5 GSSAPI mechanism's GSS_Import_name() call, and their
-   associated identifier values.  It defines interface elements in
-   support of portability, and assumes use of C language bindings per
-   RFC 2744.  In addition to specifying OID values for name type
-   identifiers, symbolic names are included and recommended to GSSAPI
-   implementors in the interests of convenience to callers.  It is
-   understood that not all implementations of the Kerberos 5 GSSAPI
-   mechanism need support all name types in this list, and that
-   additional name forms will likely be added to this list over time.
-   Further, the definitions of some or all name types may later migrate
-   to other, mechanism-independent, specifications.  The occurrence of a
-   name type in this specification is specifically not intended to
-   suggest that the type may be supported only by an implementation of
-   the Kerberos 5 mechanism.  In particular, the occurrence of the
-   string "_KRB5_" in the symbolic name strings constitutes a means to
-   unambiguously register the name strings, avoiding collision with
-   other documents; it is not meant to limit the name types' usage or
-   applicability.
-
-   For purposes of clarification to GSSAPI implementors, this section's
-   discussion of some name forms describes means through which those
-   forms can be supported with existing Kerberos technology.  These
-   discussions are not intended to preclude alternative implementation
-   strategies for support of the name forms within Kerberos mechanisms
-   or mechanisms based on other technologies.  To enhance application
-   portability, implementors of mechanisms are encouraged to support
-   name forms as defined in this section, even if their mechanisms are
-   independent of Kerberos 5.
-
-4.1.  Mandatory Name Forms
-
-   This section discusses name forms which are to be supported by all
-   conformant implementations of the Kerberos 5 GSSAPI mechanism.
-
-4.1.1.  Kerberos Principal Name Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) us(840) mit(113554) infosys(1) gssapi(2) krb5(2)
-   krb5_name(1)}.  The recommended symbolic name for this type is
-   "GSS_KRB5_NT_PRINCIPAL_NAME".
-
-   This name type corresponds to the single-string representation of a
-   Kerberos name.  (Within the MIT Kerberos 5 implementation, such names
-   are parseable with the krb5_parse_name() function.)  The elements
-   included within this name representation are as follows, proceeding
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 18]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   from the beginning of the string:
-
-        (1) One or more principal name components; if more than one
-        principal name component is included, the components are
-        separated by '/'.  Arbitrary octets may be included within
-        principal name components, with the following constraints and
-        special considerations:
-
-           (1a) Any occurrence of the characters '@' or '/' within a
-           name component must be immediately preceded by the '\'
-           quoting character, to prevent interpretation as a component
-           or realm separator.
-
-           (1b) The ASCII newline, tab, backspace, and null characters
-           may occur directly within the component or may be
-           represented, respectively, by '\n', '\t', '\b', or '\0'.
-
-           (1c) If the '\' quoting character occurs outside the contexts
-           described in (1a) and (1b) above, the following character is
-           interpreted literally.  As a special case, this allows the
-           doubled representation '\\' to represent a single occurrence
-           of the quoting character.
-
-           (1d) An occurrence of the '\' quoting character as the last
-           character of a component is illegal.
-
-        (2) Optionally, a '@' character, signifying that a realm name
-        immediately follows. If no realm name element is included, the
-        local realm name is assumed.  The '/' , ':', and null characters
-        may not occur within a realm name; the '@', newline, tab, and
-        backspace characters may be included using the quoting
-        conventions described in (1a), (1b), and (1c) above.
-
-4.1.2.  Exported Name Object Form for Kerberos 5 Mechanism
-
-   When generated by the Kerberos 5 mechanism, the Mechanism OID within
-   the exportable name shall be that of the original Kerberos 5
-   mechanism[RFC1964].  The Mechanism OID for the original Kerberos 5
-   mechanism is:
-
-   {iso(1) member-body(2) us(840) mit(113554) infosys(1) gssapi(2)
-   krb5(2)}
-
-   The name component within the exportable name shall be a contiguous
-   string with structure as defined for the Kerberos Principal Name
-   Form.
-
-   In order to achieve a distinguished encoding for comparison purposes,
-   the following additional constraints are imposed on the export
-   operation:
-
-        (1) all occurrences of the characters '@', '/', and '\' within
-        principal components or realm names shall be quoted with an
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 19]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-        immediately-preceding '\'.
-
-        (2) all occurrences of the null, backspace, tab, or newline
-        characters within principal components or realm names will be
-        represented, respectively, with '\0', '\b', '\t', or '\n'.
-
-        (3) the '\' quoting character shall not be emitted within an
-        exported name except to accomodate cases (1) and (2).
-
-5.  Credentials
-
-   The Kerberos 5 protocol uses different credentials (in the GSSAPI
-   sense) for initiating and accepting security contexts.  Normal
-   clients receive a ticket-granting ticket (TGT) and an associated
-   session key at "login" time; the pair of a TGT and its corresponding
-   session key forms a credential which is suitable for initiating
-   security contexts.  A ticket-granting ticket, its session key, and
-   any other (ticket, key) pairs obtained through use of the
-   ticket-granting-ticket, are typically stored in a Kerberos 5
-   credentials cache, sometimes known as a ticket file.
-
-   The encryption key used by the Kerberos server to seal tickets for a
-   particular application service forms the credentials suitable for
-   accepting security contexts.  These service keys are typically stored
-   in a Kerberos 5 key table (keytab), or srvtab file (the Kerberos 4
-   terminology).  In addition to their use as accepting credentials,
-   these service keys may also be used to obtain initiating credentials
-   for their service principal.
-
-   The Kerberos 5 mechanism's credential handle may contain references
-   to either or both types of credentials.  It is a local matter how the
-   Kerberos 5 mechanism implementation finds the appropriate Kerberos 5
-   credentials cache or key table.
-
-   However, when the Kerberos 5 mechanism attempts to obtain initiating
-   credentials for a service principal which are not available in a
-   credentials cache, and the key for that service principal is
-   available in a Kerberos 5 key table, the mechanism should use the
-   service key to obtain initiating credentials for that service.  This
-   should be accomplished by requesting a ticket-granting-ticket from
-   the Kerberos Key Distribution Center (KDC), and decrypting the KDC's
-   reply using the service key.
-
-6.  Parameter Definitions
-
-   This section defines parameter values used by the Kerberos V5 GSSAPI
-   mechanism.  It defines interface elements in support of portability,
-   and assumes use of C language bindings per RFC 2744.
-
-6.1.  Minor Status Codes
-
-   This section recommends common symbolic names for minor_status values
-   to be returned by the Kerberos 5 GSSAPI mechanism.  Use of these
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 20]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   definitions will enable independent implementors to enhance
-   application portability across different implementations of the
-   mechanism defined in this specification.  (In all cases,
-   implementations of GSS_Display_status() will enable callers to
-   convert minor_status indicators to text representations.)  Each
-   implementation should make available, through include files or other
-   means, a facility to translate these symbolic names into the concrete
-   values which a particular GSSAPI implementation uses to represent the
-   minor_status values specified in this section.
-
-   It is recognized that this list may grow over time, and that the need
-   for additional minor_status codes specific to particular
-   implementations may arise.  It is recommended, however, that
-   implementations should return a minor_status value as defined on a
-   mechanism-wide basis within this section when that code is accurately
-   representative of reportable status rather than using a separate,
-   implementation-defined code.
-
-6.1.1.  Non-Kerberos-specific codes
-
-   These symbols should likely be incorporated into the generic GSSAPI
-   C-bindings document, since they really are more general.
-
-GSS_KRB5_S_G_BAD_SERVICE_NAME
-        /* "No @ in SERVICE-NAME name string" */
-GSS_KRB5_S_G_BAD_STRING_UID
-        /* "STRING-UID-NAME contains nondigits" */
-GSS_KRB5_S_G_NOUSER
-        /* "UID does not resolve to username" */
-GSS_KRB5_S_G_VALIDATE_FAILED
-        /* "Validation error" */
-GSS_KRB5_S_G_BUFFER_ALLOC
-        /* "Couldn't allocate gss_buffer_t data" */
-GSS_KRB5_S_G_BAD_MSG_CTX
-        /* "Message context invalid" */
-GSS_KRB5_S_G_WRONG_SIZE
-        /* "Buffer is the wrong size" */
-GSS_KRB5_S_G_BAD_USAGE
-        /* "Credential usage type is unknown" */
-GSS_KRB5_S_G_UNKNOWN_QOP
-        /* "Unknown quality of protection specified" */
-
-
-6.1.2.  Kerberos-specific-codes
-
-
-
-
-
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 21]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-GSS_KRB5_S_KG_CCACHE_NOMATCH
-        /* "Principal in credential cache does not match desired name" */
-GSS_KRB5_S_KG_KEYTAB_NOMATCH
-        /* "No principal in keytab matches desired name" */
-GSS_KRB5_S_KG_TGT_MISSING
-        /* "Credential cache has no TGT" */
-GSS_KRB5_S_KG_NO_SUBKEY
-        /* "Authenticator has no subkey" */
-GSS_KRB5_S_KG_CONTEXT_ESTABLISHED
-        /* "Context is already fully established" */
-GSS_KRB5_S_KG_BAD_SIGN_TYPE
-        /* "Unknown signature type in token" */
-GSS_KRB5_S_KG_BAD_LENGTH
-        /* "Invalid field length in token" */
-GSS_KRB5_S_KG_CTX_INCOMPLETE
-        /* "Attempt to use incomplete security context" */
-
-
-7.  Kerberos Protocol Dependencies
-
-   This protocol makes several assumptions about the Kerberos protocol,
-   which may require changes to the successor of RFC 1510.
-
-   Sequence numbers, checksum types, and address types are assumed to be
-   no wider than 32 bits.  The Kerberos protocol specification might
-   need to be modified to accomodate this.  This obviously requires some
-   further discussion.
-
-   Key usages need to be registered within the Kerberos protocol for use
-   with GSSAPI per-message tokens.  The current specification of the
-   Kerberos protocol does not include descriptions of key derivations or
-   key usages, but planned revisions to the protocol will include them.
-
-   This protocol also makes the assumption that any cryptosystem used
-   with the session key will include integrity protection, i.e., it
-   assumes that no "raw" cryptosystems will be used.
-
-8.  Security Considerations
-
-   The GSSAPI is a security protocol; therefore, security considerations
-   are discussed throughout this document.  The original Kerberos 5
-   GSSAPI mechanism's constraints on possible cryptosystems and checksum
-   types do not permit it to be readily extended to accomodate more
-   secure cryptographic technologies with larger checksums or encryption
-   block sizes.  Sites are strongly encouraged to adopt the mechanism
-   specified in this document in the light of recent publicity about the
-   deficiencies of DES.
-
-9.  References
-
-   [X.680] ISO/IEC, "Information technology -- Abstract Syntax Notation
-   One (ASN.1): Specification of basic notation", ITU-T X.680 (1997) |
-   ISO/IEC 8824-1:1998
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 22]
-
-Internet-Draft             krb5-gss-mech2-03                  March 2000
-
-   [X.690] ISO/IEC, "Information technology -- ASN.1 encoding rules:
-   Specification of Basic Encoding Rules (BER), Canonical Encoding Rules
-   (CER) and Distinguished Encoding Rules (DER)", ITU-T X.690 (1997) |
-   ISO/IEC 8825-1:1998.
-
-   [RFC1510] Kohl, J., Neumann, C., "The Kerberos Network Authentication
-   Service (V5)", RFC 1510.
-
-   [RFC1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
-   RFC 1964.
-
-   [RFC2743] Linn, J., "Generic Security Service Application Program
-   Interface, Version 2, Update 1", RFC 2743.
-
-   [RFC2744] Wray, J., "Generic Security Service API Version 2:
-   C-bindings", RFC 2744.
-
-10.  Author's Address
-
-   Tom Yu
-   Massachusetts Institute of Technology
-   Room E40-345
-   77 Massachusetts Avenue
-   Cambridge, MA 02139
-   USA
-
-   email: tlyu@mit.edu
-   phone: +1 617 253 1753
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Yu                  Document Expiration: 04 Sep 2000           [Page 23]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-ftpext-mlst-08.txt b/crypto/heimdal/doc/standardisation/draft-ietf-ftpext-mlst-08.txt
deleted file mode 100644
index 885cf4967679..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-ftpext-mlst-08.txt
+++ /dev/null
@@ -1,3415 +0,0 @@
-FTPEXT Working Group                                              R. Elz
-Internet Draft                                   University of Melbourne
-Expiration Date: April 2000
-                                                              P. Hethmon
-                                                        Hethmon Brothers
-
-                                                            October 1999
-
-
-                           Extensions to FTP
-
-
-                     draft-ietf-ftpext-mlst-08.txt
-
-Status of this Memo
-
-   This document is an Internet-Draft and is NOT offered in accordance
-   with Section 10 of RFC2026, and the author does not provide the IETF
-   with any rights other than to publish as an Internet-Draft.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as Internet-
-   Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt.
-
-   To view the list Internet-Draft Shadow Directories, see
-   http://www.ietf.org/shadow.html.
-
-   This entire section has been prepended to this document automatically
-   during formatting without any direct involvement by the author(s) of
-   this draft.
-
-
-
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 1]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-Abstract
-
-   In order to overcome the problems caused by the undefined format of
-   the current FTP LIST command output, a new command is needed to
-   transfer standardized listing information from Server-FTP to User-
-   FTP.  Commands to enable this are defined in this document.
-
-   In order to allow consenting clients and servers to interact more
-   freely, a quite basic, and optional, virtual file store structure is
-   defined.
-
-   This proposal also extends the FTP protocol to allow character sets
-   other than US-ASCII[1] by allowing the transmission of 8-bit
-   characters and the recommended use of UTF-8[2] encoding.
-
-   Much implemented, but long undocumented, mechanisms to permit
-   restarts of interrupted data transfers in STREAM mode, are also
-   included here.
-
-   Lastly, the HOST command has been added to allow a style of "virtual
-   site" to be constructed.
-
-   Changed in this version of this document: Minor corrections as
-   discussed on the mailing list, including fixing many typographical
-   errors; Additional examples.  This paragraph will be deleted from the
-   final version of this document.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 2]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-
-
-Table of Contents
-
-          Abstract  ................................................   2
-    1     Introduction  ............................................   4
-    2     Document Conventions  ....................................   4
-    2.1   Basic Tokens  ............................................   5
-    2.2   Pathnames  ...............................................   5
-    2.3   Times  ...................................................   7
-    2.4   Server Replies  ..........................................   8
-    3     File Modification Time (MDTM)  ...........................   8
-    3.1   Syntax  ..................................................   9
-    3.2   Error responses  .........................................   9
-    3.3   FEAT response for MDTM  ..................................   9
-    3.4   MDTM Examples  ...........................................  10
-    4     File SIZE  ...............................................  11
-    4.1   Syntax  ..................................................  11
-    4.2   Error responses  .........................................  11
-    4.3   FEAT response for SIZE  ..................................  12
-    4.4   Size Examples  ...........................................  12
-    5     Restart of Interrupted Transfer (REST)  ..................  13
-    5.1   Restarting in STREAM Mode  ...............................  13
-    5.2   Error Recovery and Restart  ..............................  14
-    5.3   Syntax  ..................................................  14
-    5.4   FEAT response for REST  ..................................  16
-    5.5   REST Example  ............................................  16
-    6     Virtual FTP servers  .....................................  16
-    6.1   The HOST command  ........................................  18
-    6.2   Syntax of the HOST command  ..............................  18
-    6.3   HOST command semantics  ..................................  19
-    6.4   HOST command errors  .....................................  21
-    6.5   FEAT response for HOST command  ..........................  22
-    7     A Trivial Virtual File Store (TVFS)  .....................  23
-    7.1   TVFS File Names  .........................................  23
-    7.2   TVFS Path Names  .........................................  24
-    7.3   FEAT Response for TVFS  ..................................  25
-    7.4   OPTS for TVFS  ...........................................  26
-    7.5   TVFS Examples  ...........................................  26
-    8     Listings for Machine Processing (MLST and MLSD)  .........  28
-    8.1   Format of MLSx Requests  .................................  29
-    8.2   Format of MLSx Response  .................................  29
-    8.3   Filename encoding  .......................................  32
-    8.4   Format of Facts  .........................................  33
-    8.5   Standard Facts  ..........................................  33
-    8.6   System Dependent and Local Facts  ........................  41
-    8.7   MLSx Examples  ...........................................  42
-    8.8   FEAT response for MLSx  ..................................  50
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 3]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-    8.9   OPTS parameters for MLST  ................................  51
-    9     Impact On Other FTP Commands  ............................  55
-   10     Character sets and Internationalization  .................  56
-   11     IANA Considerations  .....................................  56
-   11.1   The OS specific fact registry  ...........................  56
-   11.2   The OS specific filetype registry  .......................  57
-   12     Security Considerations  .................................  57
-   13     References  ..............................................  58
-          Acknowledgments  .........................................  59
-          Copyright  ...............................................  60
-          Editors' Addresses  ......................................  60
-
-
-
-
-1. Introduction
-
-   This document amends the File Transfer Protocol (FTP) [3].  Five new
-   commands are added: "SIZE", "HOST", "MDTM", "MLST", and "MLSD".  The
-   existing command "REST" is modified.  Of those, the "SIZE" and "MDTM"
-   commands, and the modifications to "REST" have been in wide use for
-   many years.  The others are new.
-
-   These commands allow a client to restart an interrupted transfer in
-   transfer modes not previously supported in any documented way, to
-   support the notion of virtual hosts, and to obtain a directory
-   listing in a machine friendly, predictable, format.
-
-   An optional structure for the server's file store (NVFS) is also
-   defined, allowing servers that support such a structure to convey
-   that information to clients in a standard way, thus allowing clients
-   more certainty in constructing and interpreting path names.
-
-2. Document Conventions
-
-   This document makes use of the document conventions defined in BCP14
-   [4].  That provides the interpretation of capitalized imperative
-   words like MUST, SHOULD, etc.
-
-   This document also uses notation defined in STD 9 [3].  In
-   particular, the terms "reply", "user", "NVFS", "file", "pathname",
-   "FTP commands", "DTP", "user-FTP process", "user-PI", "user-DTP",
-   "server-FTP process", "server-PI", "server-DTP", "mode", "type",
-   "NVT", "control connection", "data connection", and "ASCII", are all
-   used here as defined there.
-
-   Syntax required is defined using the Augmented BNF defined in [5].
-   Some general ABNF definitions are required throughout the document,
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 4]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   those will be defined later in this section.  At first reading, it
-   may be wise to simply recall that these definitions exist here, and
-   skip to the next section.
-
-2.1. Basic Tokens
-
-   This document imports the core definitions given in Appendix A of
-   [5].  There definitions will be found for basic ABNF elements like
-   ALPHA, DIGIT, SP, etc.  To that, the following terms are added for
-   use in this document.
-
-        TCHAR          = VCHAR / SP / HTAB    ; visible plus white space
-        RCHAR          = ALPHA / DIGIT / "," / "." / ":" / "!" /
-                         "@" / "#" / "$" / "%" / "^" /
-                         "&" / "(" / ")" / "-" / "_" /
-                         "+" / "?" / "/" / "\" / "'" /
-                         DQUOTE   ; <"> -- double quote character (%x22)
-
-   The VCHAR (from [5]), TCHAR, and RCHAR types give basic character
-   types from varying sub-sets of the ASCII character set for use in
-   various commands and responses.
-
-        token          = 1*RCHAR
-
-   A "token" is a string whose precise meaning depends upon the context
-   in which it is used.  In some cases it will be a value from a set of
-   possible values maintained elsewhere.  In others it might be a string
-   invented by one party to an FTP conversation from whatever sources it
-   finds relevant.
-
-   Note that in ABNF, string literals are case insensitive.  That
-   convention is preserved in this document, and implies that FTP
-   commands added by this specification have names that can be
-   represented in any case.  That is, "MDTM" is the same as "mdtm",
-   "Mdtm" and "MdTm" etc.  However note that ALPHA, in particular, is
-   case sensitive.  That implies that a "token" is a case sensitive
-   value.  That implication is correct.
-
-2.2. Pathnames
-
-   Various FTP commands take pathnames as arguments, or return pathnames
-   in responses.  When the MLST command is supported, as indicated in
-   the response to the FEAT command [6], pathnames are to be transferred
-   in one of the following two formats.
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 5]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        pathname       = utf-8-name / raw
-        utf-8-name     = <a UTF-8 encoded Unicode string>
-        raw            = <any string not being a valid UTF-8 encoding>
-
-   Which format is used is at the option of the user-PI or server-PI
-   sending the pathname.  UTF-8 encodings [2] contain enough internal
-   structure that it is always, in practice, possible to determine
-   whether a UTF-8 or raw encoding has been used, in those cases where
-   it matters.  While it is useful for the user-PI to be able to
-   correctly display a pathname received from the server-PI to the user,
-   it is far more important for the user-PI to be able to retain and
-   retransmit the identical pathname when required.  Implementations are
-   advised against converting a UTF-8 pathname to a local encoding, and
-   then attempting to invert the encoding later.  Note that ASCII is a
-   subset of UTF-8.
-
-   Unless otherwise specified, the pathname is terminated by the CRLF
-   that terminates the FTP command, or by the CRLF that ends a reply.
-   Any trailing spaces preceding that CRLF form part of the name.
-   Exactly one space will precede the pathname and serve as a separator
-   from the preceding syntax element.  Any additional spaces form part
-   of the pathname.  See [7] for a fuller explanation of the character
-   encoding issues.  All implementations supporting MLST MUST support
-   [7].
-
-   Implementations should also beware that the control connection uses
-   Telnet NVT conventions [8], and that the Telnet IAC character, if
-   part of a pathname sent over the control connection, MUST be
-   correctly escaped as defined by the Telnet protocol.
-
-   Implementors should also be aware that although Telnet NVT
-   conventions are used over the control connections, Telnet option
-   negotiation MUST NOT be attempted.  See section 4.1.2.12 of [9].
-
-2.2.1. Pathname Syntax
-
-   Except where TVFS is supported (see section 7) this specification
-   imposes no syntax upon pathnames.  Nor does it restrict the character
-   set from which pathnames are created.  This does not imply that the
-   NVFS is required to make sense of all possible pathnames.  Server-PIs
-   may restrict the syntax of valid pathnames in their NVFS in any
-   manner appropriate to their implementation or underlying file system.
-   Similarly, a server-PI may parse the pathname, and assign meaning to
-   the components detected.
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 6]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-2.2.2. Wildcarding
-
-   For the commands defined in this specification, all pathnames are to
-   be treated literally.  That is, for a pathname given as a parameter
-   to a command, the file whose name is identical to the pathname given
-   is implied.  No characters from the pathname may be treated as
-   special or "magic", thus no pattern matching (other than for exact
-   equality) between the pathname given and the files present in the
-   NVFS of the Server-FTP is permitted.
-
-   Clients that desire some form of pattern matching functionality must
-   obtain a listing of the relevant directory, or directories, and
-   implement their own filename selection procedures.
-
-2.3. Times
-
-   The syntax of a time value is:
-
-        time-val       = 14DIGIT [ "." 1*DIGIT ]
-
-   The leading, mandatory, fourteen digits are to be interpreted as, in
-   order from the leftmost, four digits giving the year, with a range of
-   1000-9999, two digits giving the month of the year, with a range of
-   01-12, two digits giving the day of the month, with a range of 01-31,
-   two digits giving the hour of the day, with a range of 00-23, two
-   digits giving minutes past the hour, with a range of 00-59, and
-   finally, two digits giving seconds past the minute, with a range of
-   00-60 (with 60 being used only at a leap second).  Years in the tenth
-   century, and earlier, cannot be expressed.  This is not considered a
-   serious defect of the protocol.
-
-   The optional digits, which are preceded by a period, give decimal
-   fractions of a second.  These may be given to whatever precision is
-   appropriate to the circumstance, however implementations MUST NOT add
-   precision to time-vals where that precision does not exist in the
-   underlying value being transmitted.
-
-   Symbolically, a time-val may be viewed as
-
-        YYYYMMDDHHMMSS.sss
-
-   The "." and subsequent digits ("sss") are optional.  However the "."
-   MUST NOT appear unless at least one following digit also appears.
-
-   Time values are always represented in UTC (GMT), and in the Gregorian
-   calendar regardless of what calendar may have been in use at the date
-   and time indicated at the location of the server-PI.
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 7]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   The technical differences between GMT, TAI, UTC, UT1, UT2, etc, are
-   not considered here.  A server-FTP process should always use the same
-   time reference, so the times it returns will be consistent.  Clients
-   are not expected to be time synchronized with the server, so the
-   possible difference in times that might be reported by the different
-   time standards is not considered important.
-
-2.4. Server Replies
-
-   Section 4.2 of [3] defines the format and meaning of replies by the
-   server-PI to FTP commands from the user-PI.  Those reply conventions
-   are used here without change.
-
-        error-response = error-code SP *TCHAR CRLF
-        error-code     = ("4" / "5") 2DIGIT
-
-   Implementors should note that the ABNF syntax (which was not used in
-   [3]) used in this document, and other FTP related documents,
-   sometimes shows replies using the one line format.  Unless otherwise
-   explicitly stated, that is not intended to imply that multi-line
-   responses are not permitted.  Implementors should assume that, unless
-   stated to the contrary, any reply to any FTP command (including QUIT)
-   may be of the multi-line format described in [3].
-
-   Throughout this document, replies will be identified by the three
-   digit code that is their first element.  Thus the term "500 reply"
-   means a reply from the server-PI using the three digit code "500".
-
-3. File Modification Time (MDTM)
-
-   The FTP command, MODIFICATION TIME (MDTM), can be used to determine
-   when a file in the server NVFS was last modified.  This command has
-   existed in many FTP servers for many years, as an adjunct to the REST
-   command for STREAM mode, thus is widely available.  However, where
-   supported, the "modify" fact which can be provided in the result from
-   the new MLST command is recommended as a superior alternative.
-
-   When attempting to restart a RETRieve, if the User-FTP makes use of
-   the MDTM command, or "modify" fact, it can check and see if the
-   modification time of the source file is more recent than the
-   modification time of the partially transferred file.  If it is, then
-   most likely the source file has changed and it would be unsafe to
-   restart the previously incomplete file transfer.
-
-   When attempting to restart a STORe, the User FTP can use the MDTM
-   command to discover the modification time of the partially
-   transferred file.  If it is older than the modification time of the
-   file that is about to be STORed, then most likely the source file has
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 8]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   changed and it would be unsafe to restart the file transfer.
-
-   Note that using MLST (described below) where available, can provide
-   this information, and much more, thus giving an even better
-   indication that a file has changed, and that restarting a transfer
-   would not give valid results.
-
-   Note that this is applicable to any RESTart attempt, regardless of
-   the mode of the file transfer.
-
-3.1. Syntax
-
-   The syntax for the MDTM command is:
-
-        mdtm          = "MdTm" SP pathname CRLF
-
-   As with all FTP commands, the "MDTM" command label is interpreted in
-   a case insensitive manner.
-
-   The "pathname" specifies an object in the NVFS which may be the
-   object of a RETR command.  Attempts to query the modification time of
-   files that are unable to be retrieved generate undefined responses.
-
-   The server-PI will respond to the MDTM command with a 213 reply
-   giving the last modification time of the file whose pathname was
-   supplied, or a 550 reply if the file does not exist, the modification
-   time is unavailable, or some other error has occurred.
-
-        mdtm-response = "213" SP time-val CRLF /
-                        error-response
-
-3.2. Error responses
-
-   Where the command is correctly parsed, but the modification time is
-   not available, either because the pathname identifies no existing
-   entity, or because the information is not available for the entity
-   named, then a 550 reply should be sent.  Where the command cannot be
-   correctly parsed, a 500 or 501 reply should be sent, as specified in
-   [3].
-
-3.3. FEAT response for MDTM
-
-   When replying to the FEAT command [6], an FTP server process that
-   supports the MDTM command MUST include a line containing the single
-   word "MDTM".  This MAY be sent in upper or lower case, or a mixture
-   of both (it is case insensitive) but SHOULD be transmitted in upper
-   case only.  That is, the response SHOULD be
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                  [Page 9]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        C> Feat
-        S> 211- <any descriptive text>
-        S>  ...
-        S>  MDTM
-        S>  ...
-        S> 211 End
-
-   The ellipses indicate place holders where other features may be
-   included, and are not required.  The one space indentation of the
-   feature lines is mandatory [6].
-
-3.4. MDTM Examples
-
-   If we assume the existence of three files, A B and C, and a directory
-   D, and no other files at all, then the MTDM command may behave as
-   indicated.  The "C>" lines are commands from user-PI to server-PI,
-   the "S>" lines are server-PI replies.
-
-        C> MDTM A
-        S> 213 19980615100045.014
-        C> MDTM B
-        S> 213 19980615100045.014
-        C> MDTM C
-        S> 213 19980705132316
-        C> MDTM D
-        S> 550 D is not retrievable
-        C> MDTM E
-        S> 550 No file named "E"
-        C> mdtm file6
-        S> 213 19990929003355
-        C> MdTm 19990929043300 File6
-        S> 213 19991005213102
-        C> MdTm 19990929043300 file6
-        S> 550 19990929043300 file6: No such file or directory.
-
-   From that we can conclude that both A and B were last modified at the
-   same time (to the nearest millisecond), and that C was modified 21
-   days and several hours later.
-
-   The times are in GMT, so file A was modified on the 15th of June,
-   1998, at approximately 11am in London (summer time was then in
-   effect), or perhaps at 8pm in Melbourne, Australia, or at 6am in New
-   York.  All of those represent the same absolute time of course.  The
-   location where the file was modified, and consequently the local wall
-   clock time at that location, is not available.
-
-   There is no file named "E" in the current directory, but there are
-   files named both "file6" and "19990929043300 File6".  The
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 10]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   modification times of those files were obtained.  There is no file
-   named "19990929043300 file6".
-
-4. File SIZE
-
-   The FTP command, SIZE OF FILE (SIZE), is used to obtain the transfer
-   size of a file from the server-FTP process.  That is, the exact
-   number of octets (8 bit bytes) which would be transmitted over the
-   data connection should that file be transmitted.  This value will
-   change depending on the current STRUcture, MODE and TYPE of the data
-   connection, or a data connection which would be created were one
-   created now.  Thus, the result of the SIZE command is dependent on
-   the currently established STRU, MODE and TYPE parameters.
-
-   The SIZE command returns how many octets would be transferred if the
-   file were to be transferred using the current transfer structure,
-   mode and type.  This command is normally used in conjunction with the
-   RESTART (REST) command.  The server-PI might need to read the
-   partially transferred file, do any appropriate conversion, and count
-   the number of octets that would be generated when sending the file in
-   order to correctly respond to this command.  Estimates of the file
-   transfer size MUST NOT be returned, only precise information is
-   acceptable.
-
-4.1. Syntax
-
-   The syntax of the SIZE command is:
-
-        size          = "Size" SP pathname CRLF
-
-   The server-PI will respond to the SIZE command with a 213 reply
-   giving the transfer size of the file whose pathname was supplied, or
-   an error response if the file does not exist, the size is
-   unavailable, or some other error has occurred.  The value returned is
-   in a format suitable for use with the RESTART (REST) command for mode
-   STREAM, provided the transfer mode and type are not altered.
-
-        size-response = "213" SP 1*DIGIT CRLF /
-                        error-response
-
-4.2. Error responses
-
-   Where the command is correctly parsed, but the size is not available,
-   either because the pathname identifies no existing entity, or because
-   the entity named cannot be transferred in the current MODE and TYPE
-   (or at all), then a 550 reply should be sent.  Where the command
-   cannot be correctly parsed, a 500 or 501 reply should be sent, as
-   specified in [3].
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 11]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-4.3. FEAT response for SIZE
-
-   When replying to the FEAT command [6], an FTP server process that
-   supports the SIZE command MUST include a line containing the single
-   word "SIZE".  This word is case insensitive, and MAY be sent in any
-   mixture of upper or lower case, however it SHOULD be sent in upper
-   case.  That is, the response SHOULD be
-
-        C> FEAT
-        S> 211- <any descriptive text>
-        S>  ...
-        S>  SIZE
-        S>  ...
-        S> 211 END
-
-   The ellipses indicate place holders where other features may be
-   included, and are not required.  The one space indentation of the
-   feature lines is mandatory [6].
-
-4.4. Size Examples
-
-   Consider a text file "Example" stored on a Unix(TM) server where each
-   end of line is represented by a single octet.  Assume the file
-   contains 112 lines, and 1830 octets total.  Then the SIZE command
-   would produce:
-
-        C> TYPE I
-        S> 200 Type set to I.
-        C> size Example
-        S> 213 1830
-        C> TYPE A
-        S> 200 Type set to A.
-        C> Size Example
-        S> 213 1942
-
-   Notice that with TYPE=A the SIZE command reports an extra 112 octets.
-   Those are the extra octets that need to be inserted, one at the end
-   of each line, to provide correct end of line semantics for a transfer
-   using TYPE=A.  Other systems might need to make other changes to the
-   transfer format of files when converting between TYPEs and MODEs.
-   The SIZE command takes all of that into account.
-
-   Since calculating the size of a file with this degree of precision
-   may take considerable effort on the part of the server-PI, user-PIs
-   should not used this command unless this precision is essential (such
-   as when about to restart an interrupted transfer).  For other uses,
-   the "Size" fact of the MLST command (see section 8.5.7) ought be
-   requested.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 12]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-5. Restart of Interrupted Transfer (REST)
-
-   To avoid having to resend the entire file if the file is only
-   partially transferred, both sides need some way to be able to agree
-   on where in the data stream to restart the data transfer.
-
-   The FTP specification [3] includes three modes of data transfer,
-   Stream, Block and Compressed.  In Block and Compressed modes, the
-   data stream that is transferred over the data connection is
-   formatted, allowing the embedding of restart markers into the stream.
-   The sending DTP can include a restart marker with whatever
-   information it needs to be able to restart a file transfer at that
-   point.  The receiving DTP can keep a list of these restart markers,
-   and correlate them with how the file is being saved.  To restart the
-   file transfer, the receiver just sends back that last restart marker,
-   and both sides know how to resume the data transfer.  Note that there
-   are some flaws in the description of the restart mechanism in RFC 959
-   [3].  See section 4.1.3.4 of RFC 1123 [9] for the corrections.
-
-5.1. Restarting in STREAM Mode
-
-   In Stream mode, the data connection contains just a stream of
-   unformatted octets of data.  Explicit restart markers thus cannot be
-   inserted into the data stream, they would be indistinguishable from
-   data.  For this reason, the FTP specification [3] did not provide the
-   ability to do restarts in stream mode.  However, there is not really
-   a need to have explicit restart markers in this case, as restart
-   markers can be implied by the octet offset into the data stream.
-
-   Because the data stream defines the file in STREAM mode, a different
-   data stream would represent a different file.  Thus, an offset will
-   always represent the same position within a file.  On the other hand,
-   in other modes than STREAM, the same file can be transferred using
-   quite different octet sequences, and yet be reconstructed into the
-   one identical file.  Thus an offset into the data stream in transfer
-   modes other than STREAM would not give an unambiguous restart point.
-
-   If the data representation TYPE is IMAGE, and the STRUcture is File,
-   for many systems the file will be stored exactly in the same format
-   as it is sent across the data connection.  It is then usually very
-   easy for the receiver to determine how much data was previously
-   received, and notify the sender of the offset where the transfer
-   should be restarted.  In other representation types and structures
-   more effort will be required, but it remains always possible to
-   determine the offset with finite, but perhaps non-negligible, effort.
-   In the worst case an FTP process may need to open a data connection
-   to itself, set the appropriate transfer type and structure, and
-   actually transmit the file, counting the transmitted octets.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 13]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   If the user-FTP process is intending to restart a retrieve, it will
-   directly calculate the restart marker, and send that information in
-   the RESTart command.  However, if the user-FTP process is intending
-   to restart sending the file, it needs to be able to determine how
-   much data was previously sent, and correctly received and saved.  A
-   new FTP command is needed to get this information.  This is the
-   purpose of the SIZE command, as documented in section 4.
-
-5.2. Error Recovery and Restart
-
-   STREAM MODE transfers with FILE STRUcture may be restarted even
-   though no restart marker has been transferred in addition to the data
-   itself.  This is done by using the SIZE command, if needed, in
-   combination with the RESTART (REST) command, and one of the standard
-   file transfer commands.
-
-   When using TYPE ASCII or IMAGE, the SIZE command will return the
-   number of octets that would actually be transferred if the file were
-   to be sent between the two systems.  I.e. with type IMAGE, the SIZE
-   normally would be the number of octets in the file.  With type ASCII,
-   the SIZE would be the number of octets in the file including any
-   modifications required to satisfy the TYPE ASCII CR-LF end of line
-   convention.
-
-5.3. Syntax
-
-   The syntax for the REST command when the current transfer mode is
-   STREAM is:
-
-        rest          = "Rest" SP 1*DIGIT CRLF
-
-   The numeric value gives the number of octets of the immediately
-   following transfer to not actually send, effectively causing the
-   transmission to be restarted at a later point.  A value of zero
-   effectively disables restart, causing the entire file to be
-   transmitted.  The server-PI will respond to the REST command with a
-   350 reply, indicating that the REST parameter has been saved, and
-   that another command, which should be either RETR or STOR, should
-   then follow to complete the restart.
-
-        rest-response = "350" SP *TCHAR CRLF /
-                        error-response
-
-   Server-FTP processes may permit transfer commands other than RETR and
-   STOR, such as APPE and STOU, to complete a restart, however, this is
-   not recommended.  STOU (store unique) is undefined in this usage, as
-   storing the remainder of a file into a unique filename is rarely
-   going to be useful.  If APPE (append) is permitted, it MUST act
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 14]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   identically to STOR when a restart marker has been set.  That is, in
-   both cases, octets from the data connection are placed into the file
-   at the location indicated by the restart marker value.
-
-   The REST command is intended to complete a failed transfer.  Use with
-   RETR is comparatively well defined in all cases, as the client bears
-   the responsibility of merging the retrieved data with the partially
-   retrieved file.  If it chooses to use the data obtained other than to
-   complete an earlier transfer, or if it chooses to re-retrieve data
-   that had been retrieved before, that is its choice.  With STOR,
-   however, the server must insert the data into the file named.  The
-   results are undefined if a client uses REST to do other than restart
-   to complete a transfer of a file which had previously failed to
-   completely transfer.  In particular, if the restart marker set with a
-   REST command is not at the end of the data currently stored at the
-   server, as reported by the server, or if insufficient data are
-   provided in a STOR that follows a REST to extend the destination file
-   to at least its previous size, then the effects are undefined.
-
-   The REST command must be the last command issued before the data
-   transfer command which is to cause a restarted rather than complete
-   file transfer.  The effect of issuing a REST command at any other
-   time is undefined.  The server-PI may react to a badly positioned
-   REST command by issuing an error response to the following command,
-   not being a restartable data transfer command, or it may save the
-   restart value and apply it to the next data transfer command, or it
-   may silently ignore the inappropriate restart attempt.  Because of
-   this, a user-PI that has issued a REST command, but which has not
-   successfully transmitted the following data transfer command for any
-   reason, should send another REST command before the next data
-   transfer command.  If that transfer is not to be restarted, then
-   "REST 0" should be issued.
-
-   An error-response will follow a REST command only when the server
-   does not implement the command, or the restart marker value is
-   syntactically invalid for the current transfer mode.  That is, in
-   STREAM mode, if something other than one or more digits appears in
-   the parameter to the REST command.  Any other errors, including such
-   problems as restart marker out of range, should be reported when the
-   following transfer command is issued.  Such errors will cause that
-   transfer request to be rejected with an error indicating the invalid
-   restart attempt.
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 15]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-5.4. FEAT response for REST
-
-   Where a server-FTP process supports RESTart in STREAM mode, as
-   specified here, it MUST include in the response to the FEAT command
-   [6], a line containing exactly the string "REST STREAM".  This string
-   is not case sensitive, but SHOULD be transmitted in upper case.
-   Where REST is not supported at all, or supported only in block or
-   compressed modes, the REST line MUST NOT be included in the FEAT
-   response.  Where required, the response SHOULD be
-
-        C> feat
-        S> 211- <any descriptive text>
-        S>  ...
-        S>  REST STREAM
-        S>  ...
-        S> 211 end
-
-   The ellipses indicate place holders where other features may be
-   included, and are not required.  The one space indentation of the
-   feature lines is mandatory [6].
-
-5.5. REST Example
-
-   Assume that the transfer of a largish file has previously been
-   interrupted after 802816 octets had been received, that the previous
-   transfer was with TYPE=I, and that it has been verified that the file
-   on the server has not since changed.
-
-        C> TYPE I
-        S> 200 Type set to I.
-        C> PORT 127,0,0,1,15,107
-        S> 200 PORT command successful.
-        C> REST 802816
-        S> 350 Restarting at 802816. Send STORE or RETRIEVE
-        C> RETR cap60.pl198.tar
-        S> 150 Opening BINARY mode data connection
-        [...]
-        S> 226 Transfer complete.
-
-6. Virtual FTP servers
-
-   It has become common in the Internet for many domain names to be
-   allocated to a single IP address.  This has introduced the concept of
-   a "virtual host", where a host appears to exist as an independent
-   entity, but in reality shares all of its resources with one, or more,
-   other such hosts.
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 16]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   Such an arrangement presents some problems for FTP Servers, as all
-   the FTP Server can detect is an incoming FTP connection to a
-   particular IP address.  That is, all domain names which share the IP
-   address also share the FTP server, and more importantly, its NVFS.
-   This means that the various virtual hosts cannot offer different
-   virtual file systems to clients, nor can they offer different
-   authentication systems.
-
-   No scheme can overcome this without modifications of some kind to the
-   user-PI and the user-FTP process.  That process is the only entity
-   that knows which virtual host is required.  It has performed the
-   domain name to IP address translation, and thus has the original
-   domain name available.
-
-   One method which could be used to allow a style of virtual host would
-   be for the client to simply send a "CWD" command after connecting,
-   using the virtual host name as the argument to the CWD command.  This
-   would allow the server-FTP process to implement the file stores of
-   the virtual hosts as sub-directories in its NVFS.  This is simple,
-   and supported by essentially all server-FTP implementations without
-   requiring any code changes.
-
-   While that method is simple to describe, and to implement, it suffers
-   from several drawbacks.  First, the "CWD" command is available only
-   after the user-PI has authenticated itself to the server-FTP process.
-   Thus, all virtual hosts would be required to share a common
-   authentication scheme.  Second, either the server-FTP process needs
-   to be modified to understand the special nature of this first CWD
-   command, negating most of the advantage of this scheme, or all users
-   must see the same identical NVFS view upon connecting (they must
-   connect in the same initial directory) or the NVFS must implement the
-   full set of virtual host directories at each possible initial
-   directory for any possible user, or the virtual host will not be
-   truly transparent.  Third, and again unless the server is specially
-   modified, a user connecting this way to a virtual host would be able
-   to trivially move to any other virtual host supported at the same
-   server-FTP process, exposing the nature of the virtual host.
-
-   Other schemes overloading other existing FTP commands have also been
-   proposed.  None of those have sufficient merit to be worth
-   discussion.
-
-   The conclusion from the examination of the possibilities seems to be
-   that to obtain an adequate emulation of "real" FTP servers, server
-   modifications to support virtual hosts are required.  A new command
-   seems most likely to provide the support required.
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 17]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-6.1. The HOST command
-
-   A new command "HOST" is added to the FTP command set to allow
-   server-FTP process to determine to which of possibly many virtual
-   hosts the client wishes to connect.  This command is intended to be
-   issued before the user is authenticated, allowing the authentication
-   scheme, and set of legal users, to be dependent upon the virtual host
-   chosen.  Server-FTP processes may, if they desire, permit the HOST
-   command to be issued after the user has been authenticated, or may
-   treat that as an erroneous sequence of commands.  The behavior of the
-   server-FTP process which does allow late HOST commands is undefined.
-   One reasonable interpretation would be for the user-PI to be returned
-   to the state that existed after the TCP connection was first
-   established, before user authentication.
-
-   Servers should note that the response to the HOST command is a
-   sensible time to send their "welcome" message.  This allows the
-   message to be personalized for any virtual hosts that are supported,
-   and also allows the client to have determined supported languages, or
-   representations, for the message, and other messages, via the FEAT
-   response, and selected an appropriate one via the LANG command.  See
-   [7] for more information.
-
-6.2. Syntax of the HOST command
-
-   The HOST command is defined as follows.
-
-        host-command     = "Host" SP hostname CRLF
-        hostname         = 1*DNCHAR 1*( "." 1*DNCHAR ) [ "." ]
-        DNCHAR           = ALPHA / DIGIT / "-" / "_" / "$" /
-                           "!" / "%" / "[" / "]" / ":"
-        host-response    = host-ok / error-response
-        host-ok          = "220" [ SP *TCHAR ] CRLF
-
-   As with all FTP commands, the "host" command word is case
-   independent, and may be specified in any character case desired.
-
-   The "hostname" given as a parameter specifies the virtual host to
-   which access is desired.  It should normally be the same name that
-   was used to obtain the IP address to which the FTP control connection
-   was made, after any client conversions to convert an abbreviated or
-   local alias to a complete (fully qualified) domain name, but before
-   resolving a DNS alias (owner of a CNAME resource record) to its
-   canonical name.
-
-   If the client was given a network literal address, and consequently
-   was not required to derive it from a hostname, it should send the
-   HOST command with the network address, as specified to it, enclosed
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 18]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   in brackets (after eliminating any syntax, which might also be
-   brackets, but is not required to be, from which the server deduced
-   that a literal address had been specified.) That is, for example
-
-                         HOST [10.1.2.3]
-
-   should be sent if the client had been instructed to connect to
-   "10.1.2.3", or "[10.1.2.3]", or perhaps even IPv4:10.1.2.3.  The
-   method of indicating to a client that a literal address is to be used
-   is beyond the scope of this specification.
-
-   The parameter is otherwise to be treated as a "complete domain name",
-   as that term is defined in section 3.1 of RFC 1034 [10].  That
-   implies that the name is to be treated as a case independent string,
-   in that upper case ASCII characters are to be treated as equivalent
-   to the corresponding lower case ASCII characters, but otherwise
-   preserved as given.  It also implies some limits on the length of the
-   parameter and of the components that create its internal structure.
-   Those limits are not altered in any way here.
-
-   RFC 1034 imposes no other restrictions upon what kinds of names can
-   be stored in the DNS.  Nor does RFC 1035.  This specification,
-   however, allows only a restricted set of names for the purposes of
-   the HOST command.  Those restrictions can be inferred from the ABNF
-   grammar given for the "hostname".
-
-6.3. HOST command semantics
-
-   Upon receiving the HOST command, before authenticating the user-PI, a
-   server-FTP process should validate that the hostname given represents
-   a valid virtual host for that server, and if so, establish the
-   appropriate environment for that virtual host.  The meaning of that
-   is not specified here, and may range from doing nothing at all, or
-   performing a simple change of working directory, to much more
-   elaborate state changes, as required.
-
-   If the hostname specified is unknown at the server, or if the server
-   is otherwise unwilling to treat the particular connection as a
-   connection to the hostname specified, the server will respond with a
-   504 reply.
-
-   Note: servers may require that the name specified is in some sense
-   equivalent to the particular network address that was used to reach
-   the server.
-
-   If the hostname specified would normally be acceptable, but for any
-   reason is temporarily unavailable, the server SHOULD reply to the
-   HOST command with a 434 reply.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 19]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   The "220" reply code for the HOST command is the same as the code
-   used on the initial connection established "welcome" message.  This
-   is done deliberately so as to allow the implementation to implement
-   the front end FTP server as a wrapper which simply waits for the HOST
-   command, and then invokes an older, RFC959 compliant, server in the
-   appropriate environment for the particular hostname received.
-
-6.3.1. The REIN command
-
-   As specified in [3], the REIN command returns the state of the
-   connection to that it was immediately after the transport connection
-   was opened.  That is not changed here.  The effect of a HOST command
-   will be lost if a REIN command is performed, a new HOST command must
-   be issued.
-
-   Implementors of user-FTP should be aware that server-FTP
-   implementations which implement the HOST command as a wrapper around
-   older implementations will be unable to correctly implement the REIN
-   command.  In such an implementation, REIN will typically return the
-   server-FTP to the state that existed immediately after the HOST
-   command was issued, instead of to the state immediately after the
-   connection was opened.
-
-6.3.2. User-PI usage of HOST
-
-   A user-PI that conforms to this specification, MUST send the HOST
-   command after opening the transport connection, or after any REIN
-   command, before attempting to authenticate the user with the USER
-   command.
-
-   The following state diagram shows a typical sequence of flow of
-   control, where the "B" (begin) state is assumed to occur after the
-   transport connection has opened, or a REIN command has succeeded.
-   Other commands (such as FEAT [6]) which require no authentication may
-   have intervened.  This diagram is modeled upon (and largely borrowed
-   from) the similar diagram in section 6 of [3].
-
-   In this diagram, a three digit reply indicates that precise server
-   reply code, a single digit on a reply path indicates any server reply
-   beginning with that digit, other than any three digit replies that
-   might take another path.
-
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 20]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-
-              +---+   HOST    +---+ 1,3,5
-              | B |---------->| W |-----------------
-              +---+           +---+                 |
-                               | |                  |
-                     2,500,502 | | 4,501,503,504    |
-                 --------------   -------------     |
-                |                              |    |
-                V                   1          |    V
-              +---+   USER    +---+-------------->+---+
-              |   |---------->| W | 2       ----->| E |
-              +---+           +---+------  |  --->+---+
-                               | |       | | | |
-                             3 | | 4,5   | | | |
-                 --------------   -----  | | | |
-                |                      | | | | |
-                |                      | | | | |
-                |                 ---------  | |
-                |               1|     | |   | |
-                V                |     | |   | |
-              +---+   PASS    +---+ 2  |  ------->+---+
-              |   |---------->| W |-------------->| S |
-              +---+           +---+   ----------->+---+
-                               | |   | |     | |
-                             3 | |4,5| |     | |
-                 --------------   --------   | |
-                |                    | |  |  |  ----
-                |                    | |  |  |      |
-                |                 -----------       |
-                |             1,3|   | |  |         |
-                V                |  2| |  |         V
-              +---+   ACCT    +---+--  |   ------>+---+
-              |   |---------->| W | 4,5 --------->| F |
-              +---+           +---+-------------->+---+
-
-6.4. HOST command errors
-
-   The server-PI shall reply with a 500 or 502 reply if the HOST command
-   is unrecognized or unimplemented.  A 503 reply may be sent if the
-   HOST command is given after a previous HOST command, or after a user
-   has been authenticated.  Alternately, the server may accept the
-   command at such a time, with server defined behavior.  A 501 reply
-   should be sent if the hostname given is syntactically invalid, and a
-   504 reply if a syntactically valid hostname is not a valid virtual
-   host name for the server.
-
-   In all such cases the server-FTP process should act as if no HOST
-   command had been given.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 21]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   A user-PI receiving a 500 or 502 reply should assume that the
-   server-PI does not implement the HOST command style virtual server.
-   It may then proceed to login as if the HOST command had succeeded,
-   and perhaps, attempt a CWD command to the hostname after
-   authenticating the user.
-
-   A user-PI receiving some other error reply should assume that the
-   virtual HOST is unavailable, and terminate communications.
-
-   A server-PI that receives a USER command, beginning the
-   authentication sequence, without having received a HOST command
-   SHOULD NOT reject the USER command.  Clients conforming to earlier
-   FTP specifications do not send HOST commands.  In this case the
-   server may act as if some default virtual host had been explicitly
-   selected, or may enter an environment different from that of all
-   supported virtual hosts, perhaps one in which a union of all
-   available accounts exists, and which presents a NVFS which appears to
-   contain sub-directories containing the NVFS for all virtual hosts
-   supported.
-
-6.5. FEAT response for HOST command
-
-   A server-FTP process that supports the host command, and virtual FTP
-   servers, MUST include in the response to the FEAT command [6], a
-   feature line indicating that the HOST command is supported.  This
-   line should contain the single word "HOST".  This MAY be sent in
-   upper or lower case, or a mixture of both (it is case insensitive)
-   but SHOULD be transmitted in upper case only.  That is, the response
-   SHOULD be
-
-        C> Feat
-        S> 211- <any descriptive text>
-        S>  ...
-        S>  HOST
-        S>  ...
-        S> 211 End
-
-   The ellipses indicate place holders where other features may be
-   included, and are not required.  The one space indentation of the
-   feature lines is mandatory [6].
-
-
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 22]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-7. A Trivial Virtual File Store (TVFS)
-
-   Traditionally, FTP has placed almost no constraints upon the file
-   store (NVFS) provided by a server.  This specification does not alter
-   that.  However, it has become common for servers to attempt to
-   provide at least file system naming conventions modeled loosely upon
-   those of the UNIX(TM) file system.  That is, a tree structured file
-   system, built of directories, each of which can contain other
-   directories, or other kinds of files, or both.  Each file and
-   directory has a file name relative to the directory that contains it,
-   except for the directory at the root of the tree, which is contained
-   in no other directory, and hence has no name of its own.
-
-   That which has so far been described is perfectly consistent with the
-   standard FTP NVFS and access mechanisms.  The "CWD" command is used
-   to move from one directory to an embedded directory.  "CDUP" may be
-   provided to return to the parent directory, and the various file
-   manipulation commands ("RETR", "STOR", the rename commands, etc) are
-   used to manipulate files within the current directory.
-
-   However, it is often useful to be able to reference files other than
-   by changing directories, especially as FTP provides no guaranteed
-   mechanism to return to a previous directory.  The Trivial Virtual
-   File Store (TVFS), if implemented, provides that mechanism.
-
-7.1. TVFS File Names
-
-   Where a server implements the TVFS, no elementary filename shall
-   contain the character "/".  Where the underlying natural file store
-   permits files, or directories, to contain the "/" character in their
-   names, a server-PI implementing TVFS must encode that character in
-   some manner whenever file or directory names are being returned to
-   the user-PI, and reverse that encoding whenever such names are being
-   accepted from the user-PI.
-
-   The encoding method to be used is not specified here.  Where some
-   other character is illegal in file and directory names in the
-   underlying file store, a simple transliteration may be sufficient.
-   Where there is no suitable substitute character a more complex
-   encoding scheme, possibly using an escape character, is likely to be
-   required.
-
-   With the one exception of the unnamed root directory, a TVFS file
-   name may not be empty.  That is, all other file names contain at
-   least one character.
-
-   With the sole exception of the "/" character, any valid IS10646
-   character [11] may be used in a TVFS filename.  When transmitted,
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 23]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   file name characters are encoded using the UTF-8 encoding [2].
-
-7.2. TVFS Path Names
-
-   A TVFS "Path Name" combines the file or directory name of a target
-   file or directory, with the directory names of zero or more enclosing
-   directories, so as to allow the target file or directory to be
-   referenced other than when the server's "current working directory"
-   is the directory directly containing the target file or directory.
-
-   By definition, every TVFS file or directory name is also a TVFS path
-   name.  Such a path name is valid to reference the file from the
-   directory containing the name, that is, when that directory is the
-   server-FTP's current working directory.
-
-   Other TVFS path names are constructed by prefixing a path name by a
-   name of a directory from which the path is valid, and separating the
-   two with the "/" character.  Such a path name is valid to reference
-   the file or directory from the directory containing the newly added
-   directory name.
-
-   Where a path name has been extended to the point where the directory
-   added is the unnamed root directory, the path name will begin with
-   the "/" character.  Such a path is known as a fully qualified path
-   name.  Fully qualified paths may, obviously, not be further extended,
-   as, by definition, no directory contains the root directory.  Being
-   unnamed, it cannot be represented in any other directory.  A fully
-   qualified path name is valid to reference the named file or directory
-   from any location (that is, regardless of what the current working
-   directory may be) in the virtual file store.
-
-   Any path name which is not a fully qualified path name may be
-   referred to as a "relative path name" and will only correctly
-   reference the intended file when the current working directory of the
-   server-FTP is a directory from which the relative path name is valid.
-
-   As a special case, the path name "/" is defined to be a fully
-   qualified path name referring to the root directory.  That is, the
-   root directory does not have a directory (or file) name, but does
-   have a path name.  This special path name may be used only as is as a
-   reference to the root directory.  It may not be combined with other
-   path names using the rules above, as doing so would lead to a path
-   name containing two consecutive "/" characters, which is an undefined
-   sequence.
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 24]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-7.2.1. Notes
-
-     + It is not required, or expected, that there be only one fully
-       qualified path name that will reference any particular file or
-       directory.
-     + As a caveat, though the TVFS file store is basically tree
-       structured, there is no requirement that any file or directory
-       have only one parent directory.
-     + As defined, no TVFS path name will ever contain two consecutive
-       "/" characters.  Such a name is not illegal however, and may be
-       defined by the server for any purpose that suits it.  Clients
-       implementing this specification should not assume any semantics
-       at all for such names.
-     + Similarly, other than the special case path that refers to the
-       root directory, no TVFS path name constructed as defined here
-       will ever end with the "/" character.  Such names are also not
-       illegal, but are undefined.
-     + While any legal IS10646 character is permitted to occur in a TVFS
-       file or directory name, other than "/", server FTP
-       implementations are not required to support all possible IS10646
-       characters.  The subset supported is entirely at the discretion
-       of the server.  The case (where it exists) of the characters that
-       make up file, directory, and path names may be significant.
-       Unless determined otherwise by means unspecified here, clients
-       should assume that all such names are comprised of characters
-       whose case is significant.  Servers are free to treat case (or
-       any other attribute) of a name as irrelevant, and hence map two
-       names which appear to be distinct onto the same underlying file.
-     + There are no defined "magic" names, like ".", ".." or "C:".
-       Servers may implement such names, with any semantics they choose,
-       but are not required to do so.
-     + TVFS imposes no particular semantics or properties upon files,
-       guarantees no access control schemes, or any of the other common
-       properties of a file store.  Only the naming scheme is defined.
-
-7.3. FEAT Response for TVFS
-
-   In response to the FEAT command [6] a server that wishes to indicate
-   support for the TVFS as defined here will include a line that begins
-   with the four characters "TVFS" (in any case, or mixture of cases,
-   upper case is not required).  Servers SHOULD send upper case.
-
-   Such a response to the FEAT command MUST NOT be returned unless the
-   server implements TVFS as defined here.
-
-   Later specifications may add to the TVFS definition.  Such additions
-   should be notified by means of additional text appended to the TVFS
-   feature line.  Such specifications, if any, will define the extra
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 25]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   text.
-
-   Until such a specification is defined, servers should not include
-   anything after "TVFS" in the TVFS feature line.  Clients, however,
-   should be prepared to deal with arbitrary text following the four
-   defined characters, and simply ignore it if unrecognized.
-
-   A typical response to the FEAT command issued by a server
-   implementing only this specification would be:
-
-        C> feat
-        S> 211- <any descriptive text>
-        S>  ...
-        S>  TVFS
-        S>  ...
-        S> 211 end
-
-   The ellipses indicate place holders where other features may be
-   included, and are not required.  The one space indentation of the
-   feature lines is mandatory [6], and is not counted as one of the
-   first four characters for the purposes of this feature listing.
-
-   The TVFS feature adds no new commands to the FTP command repertoire.
-
-7.4. OPTS for TVFS
-
-   There are no options in this TVFS specification, and hence there is
-   no OPTS command defined.
-
-7.5. TVFS Examples
-
-   Assume a TVFS file store is comprised of a root directory, which
-   contains two directories (A and B) and two non-directory files (X and
-   Y).  The A directory contains two directories (C and D) and one other
-   file (Z).  The B directory contains just two non-directory files (P
-   and Q) and the C directory also two non-directory files (also named P
-   and Q, by chance).  The D directory is empty, that is, contains no
-   files or directories.
-
-
-
-
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 26]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   This structure may depicted graphically as...
-
-                      (unnamed root)
-                        /  |  \   \
-                       /   |   \   \
-                      A    X    B   Y
-                     /|\       / \
-                    / | \     /   \
-                   C  D  Z   P     Q
-                  / \
-                 /   \
-                P     Q
-
-   Given this structure, the following fully qualified path names exist.
-
-        /
-        /A
-        /B
-        /X
-        /Y
-        /A/C
-        /A/D
-        /A/Z
-        /A/C/P
-        /A/C/Q
-        /B/P
-        /B/Q
-
-   It is clear that none of the paths / /A /B or /A/D refer to the same
-   directory, as the contents of each is different.  Nor do any of / /A
-   /A/C or /A/D.  However /A/C and /B might be the same directory, there
-   is insufficient information given to tell.  Any of the other path
-   names (/X /Y /A/Z /A/C/P /A/C/Q /B/P and /B/Q) may refer to the same
-   underlying files, in almost any combination.
-
-   If the current working directory of the server-FTP is /A then the
-   following path names, in addition to all the fully qualified path
-   names, are valid
-
-        C
-        D
-        Z
-        C/P
-        C/Q
-
-   These all refer to the same files or directories as the corresponding
-   fully qualified path with "/A/" prepended.
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 27]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   That those path names all exist does not imply that the TVFS sever
-   will necessarily grant any kind of access rights to the named paths,
-   or that access to the same file via different path names will
-   necessarily be granted equal rights.
-
-   None of the following relative paths are valid when the current
-   directory is /A
-
-        A
-        B
-        X
-        Y
-        B/P
-        B/Q
-        P
-        Q
-
-   Any of those could be made valid by changing the server-FTP's current
-   working directory to the appropriate directory.  Note that the paths
-   "P" and "Q" might refer to different files depending upon which
-   directory is selected to cause those to become valid TVFS relative
-   paths.
-
-8. Listings for Machine Processing (MLST and MLSD)
-
-   The MLST and MLSD commands are intended to standardize the file and
-   directory information returned by the Server-FTP process.  These
-   commands differ from the LIST command in that the format of the
-   replies is strictly defined although extensible.
-
-   Two commands are defined, MLST which provides data about exactly the
-   object named on its command line, and no others.  MLSD on the other
-   hand will list the contents of a directory if a directory is named,
-   otherwise a 501 reply will be returned.  In either case, if no object
-   is named, the current directory is assumed.  That will cause MLST to
-   send a one line response, describing the current directory itself,
-   and MLSD to list the contents of the current directory.
-
-   In the following, the term MLSx will be used wherever either MLST or
-   MLSD may be inserted.
-
-   The MLST and MLSD commands also extend the FTP protocol as presented
-   in RFC 959 [3] and RFC 1123 [9] to allow that transmission of 8-bit
-   data over the control connection.  Note this is not specifying
-   character sets which are 8-bit, but specifying that FTP
-   implementations are to specifically allow the transmission and
-   reception of 8-bit bytes, with all bits significant, over the control
-   connection.  That is, all 256 possible octet values are permitted.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 28]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   The MLSx command allows both UTF-8/Unicode and "raw" forms as
-   arguments, and in responses both to the MLST and MLSD commands, and
-   all other FTP commands which take pathnames as arguments.
-
-8.1. Format of MLSx Requests
-
-   The MLST and MLSD commands each allow a single optional argument.
-   This argument may be either a directory name or, for MLST only, a
-   filename.  For these purposes, a "filename" is the name of any entity
-   in the server NVFS which is not a directory.  Where TVFS is
-   supported, any TVFS relative path name valid in the current working
-   directory, or any TVFS fully qualified path name, may be given.  If a
-   directory name is given then MLSD must return a listing of the
-   contents of the named directory, otherwise it issues a 501 reply, and
-   does not open a data connection.  In all cases for MLST, a single set
-   of fact lines (usually a single fact line) containing the information
-   about the named file or directory shall be returned over the control
-   connection, without opening a data connection.
-
-   If no argument is given then MLSD must return a listing of the
-   contents of the current working directory, and MLST must return a
-   listing giving information about the current working directory
-   itself.  For these purposes, the contents of a directory are whatever
-   filenames (not pathnames) the server-PI will allow to be referenced
-   when the current working directory is the directory named, and which
-   the server-PI desires to reveal to the user-PI.
-
-   No title, header, or summary, lines, or any other formatting, other
-   than as is specified below, is ever returned in the output of an MLST
-   or MLSD command.
-
-   If the Client-FTP sends an invalid argument, the Server-FTP MUST
-   reply with an error code of 501.
-
-   The syntax for the MLSx command is:
-
-        mlst             = "MLst" [ SP pathname ] CRLF
-        mlsd             = "MLsD" [ SP pathname ] CRLF
-
-8.2. Format of MLSx Response
-
-   The format of a response to an MLSx command is as follows:
-
-        mlst-response    = control-response / error-response
-        mlsd-response    = ( initial-response final-response ) /
-                           error-response
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 29]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        control-response = "250-" [ response-message ] CRLF
-                           1*( SP entry CRLF )
-                           "250" [ SP response-message ] CRLF
-
-        initial-response = "150" [ SP response-message ] CRLF
-        final-response   = "226" SP response-message CRLF
-
-        response-message = *TCHAR
-
-        data-response    = *( entry CRLF )
-
-        entry            = [ facts ] SP pathname
-        facts            = 1*( fact ";" )
-        fact             = factname "=" value
-        factname         = "Size" / "Modify" / "Create" /
-                           "Type" / "Unique" / "Perm" /
-                           "Lang" / "Media-Type" / "CharSet" /
-                           os-depend-fact / local-fact
-        os-depend-fact   = <IANA assigned OS name> "." token
-        local-fact       = "X." token
-        value            = *RCHAR
-
-   Upon receipt of a MLSx command, the server will verify the parameter,
-   and if invalid return an error-response.  For this purpose, the
-   parameter should be considered to be invalid if the client issuing
-   the command does not have permission to perform the request
-   operation.
-
-   If valid, then for an MLST command, the server-PI will send the first
-   (leading) line of the control response, the entry for the pathname
-   given, or the current directory if no pathname was provided, and the
-   terminating line.  Normally exactly one entry would be returned, more
-   entries are permitted only when required to represent a file that is
-   to have multiple "Type" facts returned.
-
-   Note that for MLST the fact set is preceded by a space.  That is
-   provided to guarantee that the fact set cannot be accidentally
-   interpreted as the terminating line of the control response, but is
-   required even when that would not be possible.  Exactly one space
-   exists between the set of facts and the pathname.  Where no facts are
-   present, there will be exactly two leading spaces before the
-   pathname.  No spaces are permitted in the facts, any other spaces in
-   the response are to be treated as being a part of the pathname.
-
-   If the command was an MLSD command, the server will open a data
-   connection as indicated in section 3.2 of RFC959 [3].  If that fails,
-   the server will return an error-response.  If all is OK, the server
-   will return the initial-response, send the appropriate data-response
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 30]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   over the new data connection, close that connection, and then send
-   the final-response over the control connection.  The grammar above
-   defines the format for the data-response, which defines the format of
-   the data returned over the data connection established.
-
-   The data connection opened for a MLSD response shall be a connection
-   as if the "TYPE L 8", "MODE S", and "STRU F" commands had been given,
-   whatever FTP transfer type, mode and structure had actually been set,
-   and without causing those settings to be altered for future commands.
-   That is, this transfer type shall be set for the duration of the data
-   connection established for this command only.  While the content of
-   the data sent can be viewed as a series of lines, implementations
-   should note that there is no maximum line length defined.
-   Implementations should be prepared to deal with arbitrarily long
-   lines.
-
-   The facts part of the specification would contain a series of "file
-   facts" about the file or directory named on the same line.  Typical
-   information to be presented would include file size, last
-   modification time, creation time, a unique identifier, and a
-   file/directory flag.
-
-   The complete format for a successful reply to the MLSD command would
-   be:
-
-        facts SP pathname CRLF
-        facts SP pathname CRLF
-        facts SP pathname CRLF
-        ...
-
-   Note that the format is intended for machine processing, not human
-   viewing, and as such the format is very rigid.  Implementations MUST
-   NOT vary the format by, for example, inserting extra spaces for
-   readability, replacing spaces by tabs, including header or title
-   lines, or inserting blank lines, or in any other way alter this
-   format.  Exactly one space is always required after the set of facts
-   (which may be empty).  More spaces may be present on a line if, and
-   only if, the file name presented contains significant spaces.  The
-   set of facts must not contain any spaces anywhere inside it.  Facts
-   should be provided in each output line only if they both provide
-   relevant information about the file named on the same line, and they
-   are in the set requested by the user-PI.  There is no requirement
-   that the same set of facts be provided for each file, or that the
-   facts presented occur in the same order for each file.
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 31]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-8.3. Filename encoding
-
-   An FTP implementation supporting the MLSx commands must be 8-bit
-   clean.  This is necessary in order to transmit UTF-8 encoded
-   filenames.  This specification recommends the use of UTF-8 encoded
-   filenames.  FTP implementations SHOULD use UTF-8 whenever possible to
-   encourage the maximum interoperability.
-
-   Filenames are not restricted to UTF-8, however treatment of arbitrary
-   character encodings is not specified by this standard.  Applications
-   are encouraged to treat non-UTF-8 encodings of filenames as octet
-   sequences.
-
-   Note that this encoding is unrelated to that of the contents of the
-   file, even if the file contains character data.
-
-   Further information about filename encoding for FTP may be found in
-   "Internationalization of the File Transfer Protocol" [7].
-
-8.3.1. Notes about the Filename
-
-   The filename returned in the MLST response should be the same name as
-   was specified in the MLST command, or, where TVFS is supported, a
-   fully qualified TVFS path naming the same file.  Where no argument
-   was given to the MLST command, the server-PI may either include an
-   empty filename in the response, or it may supply a name that refers
-   to the current directory, if such a name is available.  Where TVFS is
-   supported, a fully qualified path name of the current directory
-   SHOULD be returned.
-
-   Filenames returned in the output from an MLSD command SHOULD be
-   unqualified names within the directory named, or the current
-   directory if no argument was given.  That is, the directory named in
-   the MLSD command SHOULD NOT appear as a component of the filenames
-   returned.
-
-   If the server-FTP process is able, and the "type" fact is being
-   returned, it MAY return in the MLSD response, an entry whose type is
-   "cdir", which names the directory from which the contents of the
-   listing were obtained.  Where TVFS is supported, the name MAY be the
-   fully qualified path name of the directory, or MAY be any other path
-   name which is valid to refer to that directory from the current
-   working directory of the server-FTP.  Where more than one name
-   exists, multiple of these entries may be returned.  In a sense, the
-   "cdir" entry can be viewed as a heading for the MLSD output.
-   However, it is not required to be the first entry returned, and may
-   occur anywhere within the listing.
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 32]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   When TVFS is supported, a user-PI can refer to any file or directory
-   in the listing by combining a type "cdir" name, with the appropriate
-   name from the directory listing using the procedure defined in
-   section 7.2.
-
-   Alternatively, whether TVFS is supported or not, the user-PI can
-   issue a CWD command ([3]) giving a name of type "cdir" from the
-   listing returned, and from that point reference the files returned in
-   the MLSD response from which the cdir was obtained by using the
-   filename components of the listing.
-
-8.4. Format of Facts
-
-   The "facts" for a file in a reply to a MLSx command consist of
-   information about that file.  The facts are a series of keyword=value
-   pairs each followed by semi-colon (";") characters.  An individual
-   fact may not contain a semi-colon in its name or value.  The complete
-   series of facts may not contain the space character.  See the
-   definition or "RCHAR" in section 2.1 for a list of the characters
-   that can occur in a fact value.  Not all are applicable to all facts.
-
-   A sample of a typical series of facts would be: (spread over two
-   lines for presentation here only)
-
-        size=4161;lang=en-US;modify=19970214165800;create=19961001124534;
-        type=file;x.myfact=foo,bar;
-
-8.5. Standard Facts
-
-   This document defines a standard set of facts as follows:
-
-        size       -- Size in octets
-        modify     -- Last modification time
-        create     -- Creation time
-        type       -- Entry type
-        unique     -- Unique id of file/directory
-        perm       -- File permissions, whether read, write, execute is
-                      allowed for the login id.
-        lang       -- Language of the filename per IANA[12] registry.
-        media-type -- MIME media-type of file contents per IANA registry.
-        charset    -- Character set per IANA registry (if not UTF-8)
-
-   Fact names are case-insensitive.  Size, size, SIZE, and SiZe are the
-   same fact.
-
-   Further operating system specific keywords could be specified by
-   using the IANA operating system name as a prefix (examples only):
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 33]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        OS/2.ea   -- OS/2 extended attributes
-        MACOS.rf  -- MacIntosh resource forks
-        UNIX.mode -- Unix file modes (permissions)
-
-   Implementations may define keywords for experimental, or private use.
-   All such keywords MUST begin with the two character sequence "x.".
-   As type names are case independent, "x." and "X." are equivalent.
-   For example:
-
-        x.ver  -- Version information
-        x.desc -- File description
-        x.type -- File type
-
-8.5.1. The type Fact
-
-   The type fact needs a special description.  Part of the problem with
-   current practices is deciding when a file is a directory.  If it is a
-   directory, is it the current directory, a regular directory, or a
-   parent directory?  The MLST specification makes this unambiguous
-   using the type fact.  The type fact given specifies information about
-   the object listed on the same line of the MLST response.
-
-   Five values are possible for the type fact:
-
-        file         -- a file entry
-        cdir         -- the listed directory
-        pdir         -- a parent directory
-        dir          -- a directory or sub-directory
-        OS.name=type -- an OS or file system dependent file type
-
-   The syntax is defined to be:
-
-        type-fact       = type-label "=" type-val
-        type-label      = "Type"
-        type-val        = "File" / "cdir" / "pdir" / "dir" /
-                          os-type
-
-8.5.1.1. type=file
-
-   The presence of the type=file fact indicates the listed entry is a
-   file containing non-system data.  That is, it may be transferred from
-   one system to another of quite different characteristics, and perhaps
-   still be meaningful.
-
-8.5.1.2. type=cdir
-
-   The type=cdir fact indicates the listed entry contains a pathname of
-   the directory whose contents are listed.  An entry of this type will
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 34]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   only be returned as a part of the result of an MLSD command when the
-   type fact is included, and provides a name for the listed directory,
-   and facts about that directory.  In a sense, it can be viewed as
-   representing the title of the listing, in a machine friendly format.
-   It may appear at any point of the listing, it is not restricted to
-   appearing at the start, though frequently may do so, and may occur
-   multiple times.  It MUST NOT be included if the type fact is not
-   included, or there would be no way for the user-PI to distinguish the
-   name of the directory from an entry in the directory.
-
-   Where TVFS is supported by the server-FTP, this name may be used to
-   construct path names with which to refer to the files and directories
-   returned in the same MLSD output (see section 7.2).  These path names
-   are only expected to work when the server-PI's position in the NVFS
-   file tree is the same as its position when the MLSD command was
-   issued, unless a fully qualified path name results.
-
-   Where TVFS is not supported, the only defined semantics associated
-   with a "type=cdir" entry are that, provided the current working
-   directory of the server-PI has not been changed, a pathname of type
-   "cdir" may be used as an argument to a CWD command, which will cause
-   the current directory of the server-PI to change so that the
-   directory which was listed in its current working directory.
-
-8.5.1.3. type=dir
-
-   If present, the type=dir entry gives the name of a directory.  Such
-   an entry typically cannot be transferred from one system to another
-   using RETR, etc, but should (permissions permitting) be able to be
-   the object of an MLSD command.
-
-8.5.1.4. type=pdir
-
-   If present, which will occur only in the response to a MLSD command
-   when the type fact is included, the type=pdir entry represents a
-   pathname of the parent directory of the listed directory.  As well as
-   having the properties of a type=dir, a CWD command that uses the
-   pathname from this entry should change the user to a parent directory
-   of the listed directory.  If the listed directory is the current
-   directory, a CDUP command may also have the effect of changing to the
-   named directory.  User-FTP processes should note not all responses
-   will include this information, and that some systems may provide
-   multiple type=pdir responses.
-
-   Where TVFS is supported, a "type=pdir" name may be a relative path
-   name, or a fully qualified path name.  A relative path name will be
-   relative to the directory being listed, not to the current directory
-   of the server-PI at the time.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 35]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   For the purposes of this type value, a "parent directory" is any
-   directory in which there is an entry of type=dir which refers to the
-   directory in which the type=pdir entity was found.  Thus it is not
-   required that all entities with type=pdir refer to the same
-   directory.  The "unique" fact (if supported) can be used to determine
-   whether there is a relationship between the type=pdir entries or not.
-
-8.5.1.5. System defined types
-
-   Files types that are specific to a specific operating system, or file
-   system, can be encoded using the "OS." type names.  The format is:
-
-        os-type   = "OS." os-name "=" os-type
-        os-name   = <an IANA registered operating system name>
-        os-type   = token
-
-   The "os-name" indicates the specific system type which supports the
-   particular localtype.  OS specific types are registered by the IANA
-   using the procedures specified in section 11.  The "os-type" provides
-   the system dependent information as to the type of the file listed.
-   The os-name and os-type strings in an os-type are case independent.
-   "OS.unix=block" and "OS.Unix=BLOCK" represent the same type (or
-   would, if such a type were registered.)
-
-   Note: Where the underlying system supports a file type which is
-   essentially an indirect pointer to another file, the NVFS
-   representation of that type should normally be to represent the file
-   which the reference indicates.  That is, the underlying basic file
-   will appear more than once in the NVFS, each time with the "unique"
-   fact (see immediately following section) containing the same value,
-   indicating that the same file is represented by all such names.
-   User-PIs transferring the file need then transfer it only once, and
-   then insert their own form of indirect reference to construct
-   alternate names where desired, or perhaps even copy the local file if
-   that is the only way to provide two names with the same content.  A
-   file which would be a reference to another file, if only the other
-   file actually existed, may be represented in any OS dependent manner
-   appropriate, or not represented at all.
-
-8.5.1.6. Multiple types
-
-   Where a file is such that it may validly, and sensibly, treated by
-   the server-PI as being of more than one of the above types, then
-   multiple entries should be returned, each with its own "Type" fact of
-   the appropriate type, and each containing the same pathname.  This
-   may occur, for example, with a structured file, which may contain
-   sub-files, and where the server-PI permits the structured file to be
-   treated as a unit, or treated as a directory allowing the sub-files
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 36]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   within it to be referenced.
-
-8.5.2. The unique Fact
-
-   The unique fact is used to present a unique identifier for a file or
-   directory in the NVFS accessed via a server-FTP process.  The value
-   of this fact should be the same for any number of pathnames that
-   refer to the same underlying file.  The fact should have different
-   values for names which reference distinct files.  The mapping between
-   files, and unique fact tokens should be maintained, and remain
-   consistent, for at least the lifetime of the control connection from
-   user-PI to server-PI.
-
-        unique-fact  = "Unique" "=" token
-
-   This fact would be expected to be used by Server-FTPs whose host
-   system allows things such as symbolic links so that the same file may
-   be represented in more than one directory on the server.  The only
-   conclusion that should be drawn is that if two different names each
-   have the same value for the unique fact, they refer to the same
-   underlying object.  The value of the unique fact (the token) should
-   be considered an opaque string for comparison purposes, and is a case
-   dependent value.  The tokens "A" and "a" do not represent the same
-   underlying object.
-
-8.5.3. The modify Fact
-
-   The modify fact is used to determine the last time the content of the
-   file (or directory) indicated was modified.  Any change of substance
-   to the file should cause this value to alter.  That is, if a change
-   is made to a file such that the results of a RETR command would
-   differ, then the value of the modify fact should alter.  User-PIs
-   should not assume that a different modify fact value indicates that
-   the file contents are necessarily different than when last retrieved.
-   Some systems may alter the value of the modify fact for other
-   reasons, though this is discouraged wherever possible.  Also a file
-   may alter, and then be returned to its previous content, which would
-   often be indicated as two incremental alterations to the value of the
-   modify fact.
-
-   For directories, this value should alter whenever a change occurs to
-   the directory such that different filenames would (or might) be
-   included in MLSD output of that directory.
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 37]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        modify-fact  = "Modify" "=" time-val
-
-8.5.4. The create Fact
-
-   The create fact indicates when a file, or directory, was first
-   created.  Exactly what "creation" is for this purpose is not
-   specified here, and may vary from server to server.  About all that
-   can be said about the value returned is that it can never indicate a
-   later time than the modify fact.
-
-        create-fact  = "Create" "=" time-val
-
-   Implementation Note: Implementors of this fact on UNIX(TM) systems
-        should note that the unix "stat" "st_ctime" field does not give
-        creation time, and that unix file systems do not record creation
-        time at all.  Unix (and POSIX) implementations will normally not
-        include this fact.
-
-8.5.5. The perm Fact
-
-   The perm fact is used to indicate access rights the current FTP user
-   has over the object listed.  Its value is always an unordered
-   sequence of alphabetic characters.
-
-        perm-fact    = "Perm" "=" *pvals
-        pvals        = "a" / "c" / "d" / "e" / "f" /
-                       "l" / "m" / "p" / "r" / "w"
-
-   There are ten permission indicators currently defined.  Many are
-   meaningful only when used with a particular type of object.  The
-   indicators are case independent, "d" and "D" are the same indicator.
-
-   The "a" permission applies to objects of type=file, and indicates
-   that the APPE (append) command may be applied to the file named.
-
-   The "c" permission applies to objects of type=dir (and type=pdir,
-   type=cdir).  It indicates that files may be created in the directory
-   named.  That is, that a STOU command is likely to succeed, and that
-   STOR and APPE commands might succeed if the file named did not
-   previously exist, but is to be created in the directory object that
-   has the "c" permission.  It also indicates that the RNTO command is
-   likely to succeed for names in the directory.
-
-   The "d" permission applies to all types.  It indicates that the
-   object named may be deleted, that is, that the RMD command may be
-   applied to it if it is a directory, and otherwise that the DELE
-   command may be applied to it.
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 38]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   The "e" permission applies to the directory types.  When set on an
-   object of type=dir, type=cdir, or type=pdir it indicates that a CWD
-   command naming the object should succeed, and the user should be able
-   to enter the directory named.  For type=pdir it also indicates that
-   the CDUP command may succeed (if this particular pathname is the one
-   to which a CDUP would apply.)
-
-   The "f" permission for objects indicates that the object named may be
-   renamed - that is, may be the object of an RNFR command.
-
-   The "l" permission applies to the directory file types, and indicates
-   that the listing commands, LIST, NLST, and MLSD may be applied to the
-   directory in question.
-
-   The "m" permission applies to directory types, and indicates that the
-   MKD command may be used to create a new directory within the
-   directory under consideration.
-
-   The "p" permission applies to directory types, and indicates that
-   objects in the directory may be deleted, or (stretching naming a
-   little) that the directory may be purged.  Note: it does not indicate
-   that the RMD command may be used to remove the directory named
-   itself, the "d" permission indicator indicates that.
-
-   The "r" permission applies to type=file objects, and for some
-   systems, perhaps to other types of objects, and indicates that the
-   RETR command may be applied to that object.
-
-   The "w" permission applies to type=file objects, and for some
-   systems, perhaps to other types of objects, and indicates that the
-   STOR command may be applied to the object named.
-
-   Note: That a permission indicator is set can never imply that the
-        appropriate command is guaranteed to work - just that it might.
-        Other system specific limitations, such as limitations on
-        available space for storing files, may cause an operation to
-        fail, where the permission flags may have indicated that it was
-        likely to succeed.  The permissions are a guide only.
-
-   Implementation note: The permissions are described here as they apply
-        to FTP commands.  They may not map easily into particular
-        permissions available on the server's operating system.  Servers
-        are expected to synthesize these permission bits from the
-        permission information available from operating system.  For
-        example, to correctly determine whether the "D" permission bit
-        should be set on a directory for a server running on the
-        UNIX(TM) operating system, the server should check that the
-        directory named is empty, and that the user has write permission
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 39]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        on both the directory under consideration, and its parent
-        directory.
-
-        Some systems may have more specific permissions than those
-        listed here, such systems should map those to the flags defined
-        as best they are able.  Other systems may have only more broad
-        access controls.  They will generally have just a few possible
-        permutations of permission flags, however they should attempt to
-        correctly represent what is permitted.
-
-8.5.6. The lang Fact
-
-   The lang fact describes the natural language of the filename for use
-   in display purposes.  Values used here should be taken from the
-   language registry of the IANA.  See [13] for the syntax, and
-   procedures, related to language tags.
-
-        lang-fact  = "Lang" "=" token
-
-   Server-FTP implementations MUST NOT guess language values.  Language
-   values must be determined in an unambiguous way such as file system
-   tagging of language or by user configuration.  Note that the lang
-   fact provides no information at all about the content of a file, only
-   about the encoding of its name.
-
-8.5.7. The size Fact
-
-   The size fact applies to non-directory file types and should always
-   reflect the approximate size of the file.  This should be as accurate
-   as the server can make it, without going to extraordinary lengths,
-   such as reading the entire file.  The size is expressed in units of
-   octets of data in the file.
-
-   Given limitations in some systems, Client-FTP implementations must
-   understand this size may not be precise and may change between the
-   time of a MLST and RETR operation.
-
-   Clients that need highly accurate size information for some
-   particular reason should use the SIZE command as defined in section
-   4.  The most common need for this accuracy is likely to be in
-   conjunction with the REST command described in section 5.  The size
-   fact, on the other hand, should be used for purposes such as
-   indicating to a human user the approximate size of the file to be
-   transferred, and perhaps to give an idea of expected transfer
-   completion time.
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 40]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        size-fact  = "Size" "=" 1*DIGIT
-
-8.5.8. The media-type Fact
-
-   The media-type fact represents the IANA media type of the file named,
-   and applies only to non-directory types.  The list of values used
-   must follow the guidelines set by the IANA registry.
-
-        media-type  = "Media-Type" "=" <per IANA guidelines>
-
-   Server-FTP implementations MUST NOT guess media type values.  Media
-   type values must be determined in an unambiguous way such as file
-   system tagging of media-type or by user configuration.  This fact
-   gives information about the content of the file named.  Both the
-   primary media type, and any appropriate subtype should be given,
-   separated by a slash "/" as is traditional.
-
-8.5.9. The charset Fact
-
-   The charset fact provides the IANA character set name, or alias, for
-   the encoded pathnames in a MLSx response.  The default character set
-   is UTF-8 unless specified otherwise.  FTP implementations SHOULD use
-   UTF-8 if possible to encourage maximum interoperability.  The value
-   of this fact applies to the pathname only, and provides no
-   information about the contents of the file.
-
-        charset-type  = "Charset" "=" token
-
-8.5.10. Required facts
-
-   Servers are not required to support any particular set of the
-   available facts.  However, servers SHOULD, if conceivably possible,
-   support at least the type, perm, size, unique, and modify facts.
-
-8.6. System Dependent and Local Facts
-
-   By using an system dependent fact, or a local fact, a server-PI may
-   communicate to the user-PI information about the file named which is
-   peculiar to the underlying file system.
-
-8.6.1. System Dependent Facts
-
-   System dependent fact names are labeled by prefixing a label
-   identifying the specific information returned by the name of the
-   appropriate operating system from the IANA maintained list of
-   operating system names.
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 41]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   The value of an OS dependent fact may be whatever is appropriate to
-   convey the information available.  It must be encoded as a "token" as
-   defined in section 2.1 however.
-
-   In order to allow reliable interoperation between users of system
-   dependent facts, the IANA will maintain a registry of system
-   dependent fact names, their syntax, and the interpretation to be
-   given to their values.  Registrations of system dependent facts are
-   to be accomplished according to the procedures of section 11.
-
-8.6.2. Local Facts
-
-   Implementations may also make available other facts of their own
-   choosing.  As the method of interpretation of such information will
-   generally not be widely understood, server-PIs should be aware that
-   clients will typically ignore any local facts provided.  As there is
-   no registration of locally defined facts, it is entirely possible
-   that different servers will use the same local fact name to provide
-   vastly different information.  Hence user-PIs should be hesitant
-   about making any use of any information in a locally defined fact
-   without some other specific assurance that the particular fact is one
-   that they do comprehend.
-
-   Local fact names all begin with the sequence "X.".  The rest of the
-   name is a "token" (see section 2.1).  The value of a local fact can
-   be anything at all, provided it can be encoded as a "token".
-
-8.7. MLSx Examples
-
-   The following examples are all taken from dialogues between existing
-   FTP clients and servers.  Because of this, not all possible
-   variations of possible response formats are shown in the examples.
-   This should not be taken as limiting the options of other server
-   implementors.  Where the examples show OS dependent information, that
-   is to be treated as being purely for the purposes of demonstration of
-   some possible OS specific information that could be defined.  As at
-   the time of the writing of this document, no OS specific facts or
-   file types have been defined, the examples shown here should not be
-   treated as in any way to be preferred over other possible similar
-   definitions.  Consult the IANA registries to determine what types and
-   facts have been defined.
-
-   In the examples shown, only relevant commands and responses have been
-   included.  This is not to imply that other commands (including
-   authentication, directory modification, PORT or PASV commands, or
-   similar) would not be present in an actual connection, or were not,
-   in fact, actually used in the examples before editing.  Note also
-   that the formats shown are those that are transmitted between client
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 42]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   and server, not formats which would normally ever be reported to the
-   user of the client.
-
-   In the examples, lines that begin "C> " were sent over the control
-   connection from the client to the server, lines that begin "S> " were
-   sent over the control connection from the server to the client, and
-   lines that begin "D> " were sent from the server to the client over a
-   data connection created just to send those lines and closed
-   immediately after.  No examples here show data transferred over a
-   data connection from the client to the server.  In all cases, the
-   prefixes shown above, including the one space, have been added for
-   the purposes of this document, and are not a part of the data
-   exchanged between client and server.
-
-8.7.1. Simple MLST
-
- C> PWD
- S> 257 "/tmp" is current directory.
- C> MLst cap60.pl198.tar.gz
- S> 250- Listing cap60.pl198.tar.gz
- S>  Type=file;Size=1024990;Perm=r; /tmp/cap60.pl198.tar.gz
- S> 250 End
-
-   The client first asked to be told the current directory of the
-   server.  This was purely for the purposes of clarity of this example.
-   The client then requested facts about a specific file.  The server
-   returned the "250-" first control-response line, followed by a single
-   line of facts about the file, followed by the terminating "250 "
-   line.  The text on the control-response line and the terminating line
-   can be anything the server decides to send.  Notice that the fact
-   line is indented by a single space.  Notice also that there are no
-   spaces in the set of facts returned, until the single space before
-   the filename.  The filename returned on the fact line is a fully
-   qualified pathname of the file listed.  The facts returned show that
-   the line refers to a file, that file contains approximately 1024990
-   bytes, though more or less than that may be transferred if the file
-   is retrieved, and a different number may be required to store the
-   file at the client's file store, and the connected user has
-   permission to retrieve the file but not to do anything else
-   particularly interesting.
-
-8.7.2. MLST of a directory
-
- C> PWD
- S> 257 "/" is current directory.
- C> MLst tmp
- S> 250- Listing tmp
- S>  Type=dir;Modify=19981107085215;Perm=el; /tmp
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 43]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
- S> 250 End
-
-   Again the PWD is just for the purposes of demonstration for the
-   example.  The MLST fact line this time shows that the file listed is
-   a directory, that it was last modified at 08:52:15 on the 7th of
-   November, 1998 UTC, and that the user has permission to enter the
-   directory, and to list its contents, but not to modify it in any way.
-   Again, the fully qualified path name of the directory listed is
-   given.
-
-8.7.3. MLSD of a directory
-
- C> MLSD tmp
- S> 150 BINARY connection open for MLSD tmp
- D> Type=cdir;Modify=19981107085215;Perm=el; tmp
- D> Type=cdir;Modify=19981107085215;Perm=el; /tmp
- D> Type=pdir;Modify=19990112030508;Perm=el; ..
- D> Type=file;Size=25730;Modify=19940728095854;Perm=; capmux.tar.z
- D> Type=file;Size=1830;Modify=19940916055648;Perm=r; hatch.c
- D> Type=file;Size=25624;Modify=19951003165342;Perm=r; MacIP-02.txt
- D> Type=file;Size=2154;Modify=19950501105033;Perm=r; uar.netbsd.patch
- D> Type=file;Size=54757;Modify=19951105101754;Perm=r; iptnnladev.1.0.sit.hqx
- D> Type=file;Size=226546;Modify=19970515023901;Perm=r; melbcs.tif
- D> Type=file;Size=12927;Modify=19961025135602;Perm=r; tardis.1.6.sit.hqx
- D> Type=file;Size=17867;Modify=19961025135602;Perm=r; timelord.1.4.sit.hqx
- D> Type=file;Size=224907;Modify=19980615100045;Perm=r; uar.1.2.3.sit.hqx
- D> Type=file;Size=1024990;Modify=19980130010322;Perm=r; cap60.pl198.tar.gz
- S> 226 MLSD completed
-
-   In this example notice that there is no leading space on the fact
-   lines returned over the data connection.  Also notice that two lines
-   of "type=cdir" have been given.  These show two alternate names for
-   the directory listed, one a fully qualified pathname, and the other a
-   local name relative to the servers current directory when the MLSD
-   was performed.  Note that all other filenames in the output are
-   relative to the directory listed, though the server could, if it
-   chose, give a fully qualified path name for the "type=pdir" line.
-   This server has chosen not to.  The other files listed present a
-   fairly boring set of files that are present in the listed directory.
-   Note that there is no particular order in which they are listed.
-   They are not sorted by filename, by size, or by modify time.  Note
-   also that the "perm" fact has an empty value for the file
-   "capmux.tar.z" indicating that the connected user has no permissions
-   at all for that file.  This server has chosen to present the "cdir"
-   and "pdir" lines before the lines showing the content of the
-   directory, it is not required to do so.  The "size" fact does not
-   provide any meaningful information for a directory, so is not
-   included in the fact lines for the directory types shown.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 44]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-8.7.4. A more complex example
-
- C> MLst test
- S> 250- Listing test
- S>  Type=dir;Perm=el;Unique=keVO1+ZF4 test
- S> 250 End
- C> MLSD test
- S> 150 BINARY connection open for MLSD test
- D> Type=cdir;Perm=el;Unique=keVO1+ZF4; test
- D> Type=pdir;Perm=e;Unique=keVO1+d?3; ..
- D> Type=OS.unix=slink:/foobar;Perm=;Unique=keVO1+4G4; foobar
- D> Type=OS.unix=chr-13/29;Perm=;Unique=keVO1+5G4; device
- D> Type=OS.unix=blk-11/108;Perm=;Unique=keVO1+6G4; block
- D> Type=file;Perm=awr;Unique=keVO1+8G4; writable
- D> Type=dir;Perm=cpmel;Unique=keVO1+7G4; promiscuous
- D> Type=dir;Perm=;Unique=keVO1+1t2; no-exec
- D> Type=file;Perm=r;Unique=keVO1+EG4; two words
- D> Type=file;Perm=r;Unique=keVO1+IH4;  leading space
- D> Type=file;Perm=r;Unique=keVO1+1G4; file1
- D> Type=dir;Perm=cpmel;Unique=keVO1+7G4; incoming
- D> Type=file;Perm=r;Unique=keVO1+1G4; file2
- D> Type=file;Perm=r;Unique=keVO1+1G4; file3
- D> Type=file;Perm=r;Unique=keVO1+1G4; file4
- S> 226 MLSD completed
- C> MLSD test/incoming
- S> 150 BINARY connection open for MLSD test/incoming
- D> Type=cdir;Perm=cpmel;Unique=keVO1+7G4; test/incoming
- D> Type=pdir;Perm=el;Unique=keVO1+ZF4; ..
- D> Type=file;Perm=awdrf;Unique=keVO1+EH4; bar
- D> Type=file;Perm=awdrf;Unique=keVO1+LH4;
- D> Type=file;Perm=rf;Unique=keVO1+1G4; file5
- D> Type=file;Perm=rf;Unique=keVO1+1G4; file6
- D> Type=dir;Perm=cpmdelf;Unique=keVO1+!s2; empty
- S> 226 MLSD completed
-
-   For the purposes of this example the fact set requested has been
-   modified to delete the "size" and "modify" facts, and add the
-   "unique" fact.  First, facts about a filename have been obtained via
-   MLST.  Note that no fully qualified path name was given this time.
-   That was because the server was unable to determine that information.
-   Then having determined that the filename represents a directory, that
-   directory has been listed.  That listing also shows no fully
-   qualified path name, for the same reason, thus has but a single
-   "type=cdir" line.  This directory (which was created especially for
-   the purpose) contains several interesting files.  There are some with
-   OS dependent file types, several sub-directories, and several
-   ordinary files.
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 45]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   Not much can be said here about the OS dependent file types, as none
-   of the information shown there should be treated as any more than
-   possibilities.  It can be seen that the OS type of the server is
-   "unix" though, which is one of the OS types in the IANA registry of
-   Operating System names.
-
-   Of the three directories listed, "no-exec" has no permission granted
-   to this user to access at all.  From the "Unique" fact values, it can
-   be determined that "promiscuous" and "incoming" in fact represent the
-   same directory.  Its permissions show that the connected user has
-   permission to do essentially anything other than to delete the
-   directory.  That directory was later listed.  It happens that the
-   directory can not be deleted because it is not empty.
-
-   Of the normal files listed, two contain spaces in their names.  The
-   file called " leading space" actually contains two spaces in its
-   name, one before the "l" and one between the "g" and the "s".  The
-   two spaces that separate the facts from the visible part of the path
-   name make that clear.  The file "writable" has the "a" and "w"
-   permission bits set, and consequently the connected user should be
-   able to STOR or APPE to that file.
-
-   The other four file names, "file1", "file2", "file3", and "file4" all
-   represent the same underlying file, as can be seen from the values of
-   the "unique" facts of each.  It happens that "file1" and "file2" are
-   Unix "hard" links, and that "file3" and "file4" are "soft" or
-   "symbolic" links to the first two.  None of that information is
-   available via standard MLST facts, it is sufficient for the purposes
-   of FTP to note that all represent the same file, and that the same
-   data would be fetched no matter which of them was retrieved, and that
-   all would be simultaneously modified were data stored in any.
-
-   Finally, the sub-directory "incoming" is listed.  Since "promiscuous"
-   is the same directory there would be no point listing it as well.  In
-   that directory, the files "file5" and "file6" represent still more
-   names for the "file1" file we have seen before.  Notice the entry
-   between that for "bar" and "file5".  Though it is not possible to
-   easily represent it in this document, that shows a file with a name
-   comprising exactly three spaces ("   ").  A client will have no
-   difficulty determining that name from the output presented to it
-   however.  The directory "empty" is, as its name implies, empty,
-   though that is not shown here.  It can, however, be deleted, as can
-   file "bar" and the file whose name is three spaces.  All the files
-   that reside in this directory can be renamed.  This is a consequence
-   of the UNIX semantics of the directory that contains them being
-   modifiable.
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 46]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-8.7.5. More accurate time information
-
- C> MLst file1
- S> 250- Listing file1
- S>  Type=file;Modify=19990929003355.237; file1
- S> 250 End
-
-   In this example, the server-FTP is indicating that "file1" was last
-   modified 237 milliseconds after 00:33:55 UTC on the 29th of
-   September, 1999.
-
-8.7.6. A different server
-
- C> MLST
- S> 250-Begin
- S>  type=dir;unique=AQkAAAAAAAABCAAA; /
- S> 250 End.
- C> MLSD .
- S> 150 Opening ASCII mode data connection for MLS.
- D> type=cdir;unique=AQkAAAAAAAABCAAA; /
- D> type=dir;unique=AQkAAAAAAAABEAAA; bin
- D> type=dir;unique=AQkAAAAAAAABGAAA; etc
- D> type=dir;unique=AQkAAAAAAAAB8AwA; halflife
- D> type=dir;unique=AQkAAAAAAAABoAAA; incoming
- D> type=dir;unique=AQkAAAAAAAABIAAA; lib
- D> type=dir;unique=AQkAAAAAAAABWAEA; linux
- D> type=dir;unique=AQkAAAAAAAABKAEA; ncftpd
- D> type=dir;unique=AQkAAAAAAAABGAEA; outbox
- D> type=dir;unique=AQkAAAAAAAABuAAA; quake2
- D> type=dir;unique=AQkAAAAAAAABQAEA; winstuff
- S> 226 Listing completed.
- C> MLSD linux
- S> 150 Opening ASCII mode data connection for MLS.
- D> type=cdir;unique=AQkAAAAAAAABWAEA; /linux
- D> type=pdir;unique=AQkAAAAAAAABCAAA; /
- D> type=dir;unique=AQkAAAAAAAABeAEA; firewall
- D> type=file;size=12;unique=AQkAAAAAAAACWAEA; helo_world
- D> type=dir;unique=AQkAAAAAAAABYAEA; kernel
- D> type=dir;unique=AQkAAAAAAAABmAEA; scripts
- D> type=dir;unique=AQkAAAAAAAABkAEA; security
- S> 226 Listing completed.
- C> MLSD linux/kernel
- S> 150 Opening ASCII mode data connection for MLS.
- D> type=cdir;unique=AQkAAAAAAAABYAEA; /linux/kernel
- D> type=pdir;unique=AQkAAAAAAAABWAEA; /linux
- D> type=file;size=6704;unique=AQkAAAAAAAADYAEA; k.config
- D> type=file;size=7269221;unique=AQkAAAAAAAACYAEA; linux-2.0.36.tar.gz
- D> type=file;size=12514594;unique=AQkAAAAAAAAEYAEA; linux-2.1.130.tar.gz
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 47]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
- S> 226 Listing completed.
-
-   Note that this server returns its "unique" fact value in quite a
-   different format.  It also returns fully qualified path names for the
-   "pdir" entry.
-
-8.7.7. Some IANA files
-
- C> MLSD .
- S> 150 BINARY connection open for MLSD .
- D> Type=cdir;Modify=19990219183438; /iana/assignments
- D> Type=pdir;Modify=19990112030453; ..
- D> Type=dir;Modify=19990219073522; media-types
- D> Type=dir;Modify=19990112033515; character-set-info
- D> Type=dir;Modify=19990112033529; languages
- D> Type=file;Size=44242;Modify=19990217230400; character-sets
- D> Type=file;Size=1947;Modify=19990209215600; operating-system-names
- S> 226 MLSD completed
- C> MLSD media-types
- S> 150 BINARY connection open for MLSD media-types
- D> Type=cdir;Modify=19990219073522; media-types
- D> Type=cdir;Modify=19990219073522; /iana/assignments/media-types
- D> Type=pdir;Modify=19990219183438; ..
- D> Type=dir;Modify=19990112033045; text
- D> Type=dir;Modify=19990219183442; image
- D> Type=dir;Modify=19990112033216; multipart
- D> Type=dir;Modify=19990112033254; video
- D> Type=file;Size=30249;Modify=19990218032700; media-types
- S> 226 MLSD completed
- C> MLSD character-set-info
- S> 150 BINARY connection open for MLSD character-set-info
- D> Type=cdir;Modify=19990112033515; character-set-info
- D> Type=cdir;Modify=19990112033515; /iana/assignments/character-set-info
- D> Type=pdir;Modify=19990219183438; ..
- D> Type=file;Size=1234;Modify=19980903020400; windows-1251
- D> Type=file;Size=4557;Modify=19980922001400; tis-620
- D> Type=file;Size=801;Modify=19970324130000; ibm775
- D> Type=file;Size=552;Modify=19970320130000; ibm866
- D> Type=file;Size=922;Modify=19960505140000; windows-1258
- S> 226 MLSD completed
- C> MLSD languages
- S> 150 BINARY connection open for MLSD languages
- D> Type=cdir;Modify=19990112033529; languages
- D> Type=cdir;Modify=19990112033529; /iana/assignments/languages
- D> Type=pdir;Modify=19990219183438; ..
- D> Type=file;Size=2391;Modify=19980309130000; default
- D> Type=file;Size=943;Modify=19980309130000; tags
- D> Type=file;Size=870;Modify=19971026130000; navajo
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 48]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
- D> Type=file;Size=699;Modify=19950911140000; no-bok
- S> 226 MLSD completed
- C> PWD
- S> 257 "/iana/assignments" is current directory.
-
-   This example shows some of the IANA maintained files that are
-   relevant for this specification in MLSD format.  Note that these
-   listings have been edited by deleting many entries, the actual
-   listings are much longer.
-
-8.7.8. A stress test of case (in)dependence
-
-   The following example is intended to make clear some cases where case
-   dependent strings are permitted in the MLSx commands, and where case
-   independent strings are required.
-
- C> MlsD .
- S> 150 BINARY connection open for MLSD .
- D> Type=pdir;Modify=19990929011228;Perm=el;Unique=keVO1+ZF4; ..
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+Bd8; FILE2
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+aG8; file3
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+ag8; FILE3
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+bD8; file1
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+bD8; file2
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+Ag8; File3
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+bD8; File1
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+Bd8; File2
- D> Type=file;Size=4096;Modify=19990929011440;Perm=r;Unique=keVO1+bd8; FILE1
- S> 226 MLSD completed
-
-   Note first that the "MLSD" command, shown here as "MlsD" is case
-   independent.  Clients may issue this command in any case, or
-   combination of cases, they desire.  This is the case for all FTP
-   commands.
-
-   Next, notice the labels of the facts.  These are also case
-   independent strings, Server-FTP is permitted to return them in any
-   case they desire.  User-FTP must be prepared to deal with any case,
-   though it may do this by mapping the labels to a common case if
-   desired.
-
-   Then, notice that there are nine objects of "type" file returned.  In
-   a case independent NVFS these would represent three different file
-   names, "file1", "file2", and "file3".  With a case dependent NVFS all
-   nine represent different file names.  Either is possible, server-FTPs
-   may implement a case dependent or a case independent NVFS.  User-FTPs
-   must allow for case dependent selection of files to manipulate on the
-   server.
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 49]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   Lastly, notice that the value of the "unique" fact is case dependent.
-   In the example shown, "file1", "File1", and "file2" all have the same
-   "unique" fact value "keVO1+bD8", and thus all represent the same
-   underlying file.  On the other hand, "FILE1" has a different "unique"
-   fact value ("keVO1+bd8") and hence represents a different file.
-   Similarly, "FILE2" and "File2" are two names for the same underlying
-   file, whereas "file3", "File3" and "FILE3" all represent different
-   underlying files.
-
-   That the approximate sizes ("size" fact) and last modification times
-   ("modify" fact) are the same in all cases might be no more than a
-   coincidence.
-
-   It is not suggested that the operators of server-FTPs create NVFS
-   which stress the protocols to this extent, however both user and
-   server implementations must be prepared to deal with such extreme
-   examples.
-
-8.8. FEAT response for MLSx
-
-   When responding to the FEAT command, a server-FTP process that
-   supports MLST, and MLSD, plus internationalization of pathnames, MUST
-   indicate that this support exists.  It does this by including a MLST
-   feature line.  As well as indicating the basic support, the MLST
-   feature line indicates which MLST facts are available from the
-   server, and which of those will be returned if no subsequent "OPTS
-   MLST" command is sent.
-
-        mlst-feat     = SP "MLST" [SP factlist] CRLF
-        factlist      = 1*( factname ["*"] ";" )
-
-   The initial space shown in the mlst-feat response is that required by
-   the FEAT command, two spaces are not permitted.  If no factlist is
-   given, then the server-FTP process is indicating that it supports
-   MLST, but implements no facts.  Only pathnames can be returned.  This
-   would be a minimal MLST implementation, and useless for most
-   practical purposes.  Where the factlist is present, the factnames
-   included indicate the facts supported by the server.  Where the
-   optional asterisk appears after a factname, that fact will be
-   included in MLST format responses, until an "OPTS MLST" is given to
-   alter the list of facts returned.  After that, subsequent FEAT
-   commands will return the asterisk to show the facts selected by the
-   most recent "OPTS MLST".
-
-   Note that there is no distinct FEAT output for MLSD.  The presence of
-   the MLST feature indicates that both MLST and MLSD are supported.
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 50]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-8.8.1. Examples
-
- C> Feat
- S> 211- Features supported
- S>  REST STREAM
- S>  MDTM
- S>  SIZE
- S>  TVFS
- S>  UTF8
- S>  MLST Type*;Size*;Modify*;Perm*;Unique*;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
-
-   Aside from some features irrelevant here, this server indicates that
-   it supports MLST including several, but not all, standard facts, all
-   of which it will send by default.  It also supports two OS dependent
-   facts, and one locally defined fact.  The latter three must be
-   requested expressly by the client for this server to supply them.
-
- C> Feat
- S> 211-Extensions supported:
- S>  CLNT
- S>  MDTM
- S>  MLST type*;size*;modify*;UNIX.mode*;UNIX.owner;UNIX.group;unique;
- S>  PASV
- S>  REST STREAM
- S>  SIZE
- S>  TVFS
- S>  Compliance Level: 19981201 (IETF mlst-05)
- S> 211 End.
-
-   Again, in addition to some irrelevant features here, this server
-   indicates that it supports MLST, four of the standard facts, one of
-   which ("unique") is not enabled by default, and several OS dependent
-   facts, one of which is provided by the server by default.  This
-   server actually supported more OS dependent facts.  Others were
-   deleted for the purposes of this document to comply with document
-   formatting restrictions.
-
-8.9. OPTS parameters for MLST
-
-   For the MLSx commands, the Client-FTP may specify a list of facts it
-   wishes to be returned in all subsequent MLSx commands until another
-   OPTS MLST command is sent.  The format is specified by:
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 51]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-        mlst-opts     = "OPTS" SP "MLST"
-                        [ SP 1*( factname ";" ) ]
-
-   By sending the "OPTS MLST" command, the client requests the server to
-   include only the facts listed as arguments to the command in
-   subsequent output from MLSx commands.  Facts not included in the
-   "OPTS MLST" command MUST NOT be returned by the server.  Facts that
-   are included should be returned for each entry returned from the MLSx
-   command where they meaningfully apply.  Facts requested that are not
-   supported, or which are inappropriate to the file or directory being
-   listed should simply be omitted from the MLSx output.  This is not an
-   error.  Note that where no factname arguments are present, the client
-   is requesting that only the file names be returned.  In this case,
-   and in any other case where no facts are included in the result, the
-   space that separates the fact names and their values from the file
-   name is still required.  That is, the first character of the output
-   line will be a space, (or two characters will be spaces when the line
-   is returned over the control connection,) and the file name will
-   start immediately thereafter.
-
-   Clients should note that generating values for some facts can be
-   possible, but very expensive, for some servers.  It is generally
-   acceptable to retrieve any of the facts that the server offers as its
-   default set before any "OPTS MLST" command has been given, however
-   clients should use particular caution before requesting any facts not
-   in that set.  That is, while other facts may be available from the
-   server, clients should refrain from requesting such facts unless
-   there is a particular operational requirement for that particular
-   information, which ought be more significant than perhaps simply
-   improving the information displayed to an end user.
-
-   Note, there is no "OPTS MLSD" command, the fact names set with the
-   "OPTS MLST" command apply to both MLST and MLSD commands.
-
-   Servers are not required to accept "OPTS MLST" commands before
-   authentication of the user-PI, but may choose to permit them.
-
-8.9.1. OPTS MLST Response
-
-   The "response-message" from [6] to a successful OPTS MLST command has
-   the following syntax.
-
-        mlst-opt-resp = "MLST OPTS" [ SP 1*( factname ";" ) ]
-
-   This defines the "response-message" as used in the "opts-good"
-   message in RFC2389 [6].
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 52]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   The facts named in the response are those which the server will now
-   include in MLST (and MLSD) response, after the processing of the
-   "OPTS MLST" command.  Any facts from the request not supported by the
-   server will be omitted from this response message.  If no facts will
-   be included, the list of facts will be empty.  Note that the list of
-   facts returned will be the same as those marked by a trailing
-   asterisk ("*") in a subsequent FEAT command response.  There is no
-   requirement that the order of the facts returned be the same as that
-   in which they were requested, or that in which they will be listed in
-   a FEAT command response, or that in which facts are returned in MLST
-   responses.  The fixed string "MLST OPTS" in the response may be
-   returned in any case, or mixture of cases.
-
-8.9.2. Examples
-
- C> Feat
- S> 211- Features supported
- S>  MLST Type*;Size;Modify*;Perm;Unique;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
- C> OptS Mlst Type;UNIX.mode;Perm;
- S> 201 MLST OPTS Type;Perm;UNIX.mode;
- C> Feat
- S> 211- Features supported
- S>  MLST Type*;Size;Modify;Perm*;Unique;UNIX.mode*;UNIX.chgd;X.hidden;
- S> 211 End
- C> opts MLst lang;type;charset;create;
- S> 201 MLST OPTS Type;
- C> Feat
- S> 211- Features supported
- S>  MLST Type*;Size;Modify;Perm;Unique;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
- C> OPTS mlst size;frogs;
- S> 201 MLST OPTS Size;
- C> Feat
- S> 211- Features supported
- S>  MLST Type;Size*;Modify;Perm;Unique;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
- C> opts MLst unique type;
- S> 501 Invalid MLST options
- C> Feat
- S> 211- Features supported
- S>  MLST Type;Size*;Modify;Perm;Unique;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
-
-   For the purposes of this example, features other than MLST have been
-   deleted from the output to avoid clutter.  The example shows the
-   initial default feature output for MLST.  The facts requested are
-   then changed by the client.  The first change shows facts that are
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 53]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   available from the server being selected.  Subsequent FEAT output
-   shows the altered features as being returned.  The client then
-   attempts to select some standard features which the server does not
-   support.  This is not an error, however the server simply ignores the
-   requests for unsupported features, as the FEAT output that follows
-   shows.  Then, the client attempts to request a non-standard, and
-   unsupported, feature.  The server ignores that, and selects only the
-   supported features requested.  Lastly, the client sends a request
-   containing a syntax error (spaces cannot appear in the factlist.) The
-   server-FTP sends an error response and completely ignores the
-   request, leaving the fact set selected as it had been previously.
-
-   Note that in all cases, except the error response, the response lists
-   the facts that have been selected.
-
- C> Feat
- S> 211- Features supported
- S>  MLST Type*;Size*;Modify*;Perm*;Unique*;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
- C> Opts MLST
- S> 201 MLST OPTS
- C> Feat
- S> 211- Features supported
- S>  MLST Type;Size;Modify;Perm;Unique;UNIX.mode;UNIX.chgd;X.hidden;
- S> 211 End
- C> MLst tmp
- S> 250- Listing tmp
- S>   /tmp
- S> 250 End
- C> OPTS mlst unique;size;
- S> 201 MLST OPTS Size;Unique;
- C>  MLst tmp
- S> 250- Listing tmp
- S>  Unique=keVO1+YZ5; /tmp
- S> 250 End
- C> OPTS mlst unique;type;modify;
- S> 201 MLST OPTS Type;Modify;Unique;
- C> MLst tmp
- S> 250- Listing tmp
- S>  Type=dir;Modify=19990930152225;Unique=keVO1+YZ5; /tmp
- S> 250 End
- C> OPTS mlst fish;cakes;
- S> 201 MLST OPTS
- C> MLst tmp
- S> 250- Listing tmp
- S>   /tmp
- S> 250 End
- C> OptS Mlst Modify;Unique;
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 54]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
- S> 201 MLST OPTS Modify;Unique;
- C> MLst tmp
- S> 250- Listing tmp
- S>  Modify=19990930152225;Unique=keVO1+YZ5; /tmp
- S> 250 End
- C> opts MLst fish cakes;
- S> 501 Invalid MLST options
- C>  MLst tmp
- S> 250- Listing tmp
- S>  Modify=19990930152225;Unique=keVO1+YZ5; /tmp
- S> 250 End
-
-   This example shows the effect of changing the facts requested upon
-   subsequent MLST commands.  Notice that a syntax error leaves the set
-   of selected facts unchanged.  Also notice exactly two spaces
-   preceding the pathname when no facts were selected, either
-   deliberately, or because none of the facts requested were available.
-
-9. Impact On Other FTP Commands
-
-   Along with the introduction of MLST, traditional FTP commands must be
-   extended to allow for the use of more than US-ASCII or EBCDIC
-   character sets.  In general, the support of MLST requires support for
-   arbitrary character sets wherever filenames and directory names are
-   allowed.  This applies equally to both arguments given to the
-   following commands and to the replies from them, as appropriate.
-
-        CWD
-        RETR
-        STOR
-        STOU
-        APPE
-        RNFR
-        RNTO
-        DELE
-        RMD
-        MKD
-        PWD
-        STAT
-
-   The arguments to all of these commands should be processed the same
-   way that MLST commands and responses are processed with respect to
-   handling embedded spaces, CRs and NULs.  See section 2.2.
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 55]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-10. Character sets and Internationalization
-
-   FTP commands are protocol elements, and are always expressed in
-   ASCII.  FTP responses are composed of the numeric code, which is a
-   protocol element, and a message, which is often expected to convey
-   information to the user.  It is not expected that users normally
-   interact directly with the protocol elements, rather the user FTP-
-   process constructs the commands, and interprets the results, in the
-   manner best suited for the particular user.  Explanatory text in
-   responses generally has no particular meaning to the protocol.  The
-   numeric codes provide all necessary information.  Server-PIs are free
-   to provide the text in any language that can be adequately
-   represented in ASCII, or where an alternative language and
-   representation has been negotiated (see [7]) in that language and
-   representation.
-
-   Pathnames are expected to be encoded in UTF-8 allowing essentially
-   any character to be represented in a pathname.  Meaningful pathnames
-   are defined by the server NVFS.
-
-   No restrictions at all are placed upon the contents of files
-   transferred using the FTP protocols.  Unless the "media-type" fact is
-   provided in a MLSx response nor is any advice given here which would
-   allow determining the content type.  That information is assumed to
-   be obtained via other means.
-
-11. IANA Considerations
-
-   This specification makes use of some lists of values currently
-   maintained by the IANA, and creates two new lists for the IANA to
-   maintain.  It does not add any values to any existing registries.
-
-   The existing IANA registries used by this specification are modified
-   using mechanisms specified elsewhere.
-
-11.1. The OS specific fact registry
-
-   A registry of OS specific fact names shall be maintained by the IANA.
-   The OS names for the OS portion of the fact name must be taken from
-   the IANA's list of registered OS names.  To add a fact name to this
-   OS specific registry of OS specific facts, an applicant must send to
-   the IANA a request, in which is specified the OS name, the OS
-   specific fact name, a definition of the syntax of the fact value,
-   which must conform to the syntax of a token as given in this
-   document, and a specification of the semantics to be associated with
-   the particular fact and its values.  Upon receipt of such an
-   application, and if the combination of OS name and OS specific fact
-   name has not been previously defined, the IANA will add the
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 56]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   specification to the registry.
-
-   Any examples of OS specific facts found in this document are to be
-   treated as examples of possible OS specific facts, and do not form a
-   part of the IANA's registry merely because of being included in this
-   document.
-
-11.2. The OS specific filetype registry
-
-   A registry of OS specific file types shall be maintained by the IANA.
-   The OS names for the OS portion of the fact name must be taken from
-   the IANA's list of registered OS names.  To add a file type to this
-   OS specific registry of OS specific file types, an applicant must
-   send to the IANA a request, in which is specified the OS name, the OS
-   specific file type, a definition of the syntax of the fact value,
-   which must conform to the syntax of a token as given in this
-   document, and a specification of the semantics to be associated with
-   the particular fact and its values.  Upon receipt of such an
-   application, and if the combination of OS name and OS specific file
-   type has not been previously defined, the IANA will add the
-   specification to the registry.
-
-   Any examples of OS specific file types found in this document are to
-   be treated as potential OS specific file types only, and do not form
-   a part of the IANA's registry merely because of being included in
-   this document.
-
-12. Security Considerations
-
-   This memo does not directly concern security.  It is not believed
-   that any of the mechanisms documented here impact in any particular
-   way upon the security of FTP.
-
-   Implementing the SIZE command, and perhaps some of the facts of the
-   MDLx commands, may impose a considerable load on the server, which
-   could lead to denial of service attacks.  Servers have, however,
-   implemented this for many years, without significant reported
-   difficulties.
-
-   With the introduction of virtual hosts to FTP, and the possible
-   accompanying multiple authentication environments, server
-   implementors will need to take some care to ensure that integrity is
-   maintained.
-
-   The FEAT and OPTS commands may be issued before the FTP
-   authentication has occurred [6].  This allows unauthenticated clients
-   to determine which of the features defined here are supported, and to
-   negotiate the fact list for MLSx output.  No actual MLSx commands may
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 57]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   be issued however, and no problems with permitting the selection of
-   the format prior to authentication are foreseen.
-
-   A general discussion of issues related to the security of FTP can be
-   found in [14].
-
-13. References
-
-   [1]  Coded Character Set--7-bit American Standard Code for Information
-        Interchange, ANSI X3.4-1986.
-
-   [2]  Yergeau, F., "UTF-8, a transformation format of Unicode and ISO
-        10646", RFC 2044, October 1996.
-
-   [3]  Postel, J., Reynolds, J., "File Transfer Protocol (FTP)",
-        STD 9, RFC 959, October 1985
-
-   [4]  Bradner, S., "Key words for use in RFCs to Indicate
-        Requirement Levels", BCP 14, RFC 2119, March 1997
-
-   [5]  Crocker, D., Overell, P., "Augmented BNF for Syntax
-        Specifications: ABNF", RFC 2234, November 1997
-
-   [6]  Hethmon, P., Elz, R., "Feature negotiation mechanism for the
-        File Transfer Protocol", RFC 2389, August 1998
-
-   [7]  Curtin, W., "Internationalization of the File Transfer Protocol",
-        RFC 2640, July 1999
-
-   [8]  Postel, J., Reynolds, J., "Telnet protocol Specification"
-        STD 8, RFC 854, May 1983
-
-   [9]  Braden, R,. "Requirements for Internet Hosts -- Application
-        and Support", STD 3, RFC 1123, October 1989
-
-   [10] Mockapetris, P., "Domain Names - Concepts and Facilities"
-        STD 13, RFC 1034, November 1987
-
-   [11] ISO/IEC 10646-1:1993  "Universal multiple-octet coded character set
-        (UCS) -- Part 1: Architecture and basic multilingual plane",
-        International Standard -- Information Technology, 1993
-
-   [12] Internet Assigned Numbers Authority.  http://www.iana.org
-        Email: iana@iana.org.
-
-   [13] Alvestrand, H., "Tags for the Identification of Languages"
-        RFC 1766, March 1995
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 58]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-   [14] Allman, M., Ostermann, S., "FTP Security Considerations"
-        RFC 2577, May 1999
-
-Acknowledgments
-
-   This document is a product of the FTPEXT working group of the IETF.
-
-   The following people are among those who have contributed to this
-   document:
-
-        Alex Belits
-        D. J. Bernstein
-        Dave Cridland
-        Martin J. Duerst
-        Mike Gleason
-        Mark Harris
-        Alun Jones
-        James Matthews
-        Luke Mewburn
-        Jan Mikkelsen
-        Keith Moore
-        Buz Owen
-        Mark Symons
-        Stephen Tihor
-        and the entire FTPEXT working group of the IETF.
-
-   Apologies are offered to any inadvertently omitted.
-
-   Bernhard Rosenkraenzer suggested the HOST command, and initially
-   described it.
-
-   The description of the modifications to the REST command and the MDTM
-   and SIZE commands comes from a set of modifications suggested for
-   RFC959 by Rick Adams in 1989.  A draft containing just those
-   commands, edited by David Borman, has been merged with this document.
-
-   Mike Gleason provided access to the FTP server used in some of the
-   examples.
-
-   All of the examples in this document are taken from actual
-   client/server exchanges, though some have been edited for brevity, or
-   to meet document formatting requirements.
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 59]
-
-
-Internet Draft       draft-ietf-ftpext-mlst-08.txt          October 1999
-
-
-Copyright
-
-   This document is in the public domain.  Any and all copyright
-   protection that might apply in any jurisdiction is expressly
-   disclaimed.
-
-Editors' Addresses
-
-   Robert Elz
-   University of Melbourne
-   Department of Computer Science
-   Parkville, Vic   3052
-   Australia
-
-   Email: kre@munnari.OZ.AU
-
-
-   Paul Hethmon
-   Hethmon Brothers
-   2305 Chukar Road
-   Knoxville, TN 37923 USA
-
-   Phone: +1 423 690 8990
-   Email: phethmon@hethmon.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Elz & Hethmon             [Expires April 2000]                 [Page 60]
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-00.txt
deleted file mode 100644
index 5845995f2d9c..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-00.txt
+++ /dev/null
@@ -1,725 +0,0 @@
-
-
-Kerberos Working Group                                         M. Swift 
-Internet Draft                                         University of WA 
-Document: draft-ietf-krb-wg-kerberos-referrals-00.txt         J. Brezak 
-Category: Standards Track                                     Microsoft 
-                                                             J. Trostle 
-                                                          Cisco Systems 
-                                                             K. Raeburn 
-                                                                    MIT 
-                                                          February 2001 
-
- 
-           Generating KDC Referrals to locate Kerberos realms 
- 
- 
-Status of this Memo 
- 
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1].  
-    
-   Internet-Drafts are working documents of the Internet Engineering 
-   Task Force (IETF), its areas, and its working groups. Note that 
-   other groups may also distribute working documents as Internet-
-   Drafts. Internet-Drafts are draft documents valid for a maximum of 
-   six months and may be updated, replaced, or obsoleted by other 
-   documents at any time. It is inappropriate to use Internet- Drafts 
-   as reference material or to cite them other than as "work in 
-   progress."  
-    
-   The list of current Internet-Drafts can be accessed at 
-   http://www.ietf.org/ietf/1id-abstracts.txt  
-   The list of Internet-Draft Shadow Directories can be accessed at 
-   http://www.ietf.org/shadow.html. 
-    
-1. Abstract 
-    
-   The draft documents a new method for a Kerberos Key Distribution 
-   Center (KDC) to respond to client requests for kerberos tickets when 
-   the client does not have detailed configuration information on the 
-   realms of users or services. The KDC will handle requests for 
-   principals in other realms by returning either a referral error or a 
-   cross-realm TGT to another realm on the referral path. The clients 
-   will use this referral information to reach the realm of the target 
-   principal and then receive the ticket. 
-    
-2. Conventions used in this document 
-    
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-    
-3. Introduction 
-    
-
-
-  
-Swift                 Category - Standards Track                     1 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-   Current implementations of the Kerberos AS and TGS protocols, as 
-   defined in RFC 1510 [3], use principal names constructed from a 
-   known user or service name and realm. A service name is typically 
-   constructed from a name of the service and the DNS host name of the 
-   computer that is providing the service. Many existing deployments of 
-   Kerberos use a single Kerberos realm where all users and services 
-   would be using the same realm. However in an environment where there 
-   are multiple trusted Kerberos realms, the client needs to be able to 
-   determine what realm a particular user or service is in before 
-   making an AS or TGS request. Traditionally this requires client 
-   configuration to make this possible. 
-    
-   When having to deal with multiple trusted realms, users are forced 
-   to know what realm they are in before they can obtain a ticket 
-   granting ticket (TGT) with an AS request. However, in many cases the 
-   user would like to use a more familiar name that is not directly 
-   related to the realm of their Kerberos principal name. A good 
-   example of this is an RFC-822 style email name. This document 
-   describes a mechanism that would allow a user to specify a user 
-   principal name that is an alias for the user's Kerberos principal 
-   name. In practice this would be the name that the user specifies to 
-   obtain a TGT from a Kerberos KDC. The user principal name no longer 
-   has a direct relationship with the Kerberos principal or realm. Thus 
-   the administrator is able to move the user's principal to other 
-   realms without the user having to know that it happened. 
-    
-   Once a user has a TGT, they would like to be able to access services 
-   in any trusted Kerberos realm. To do this requires that the client 
-   be able to determine what realm the target service's host is in 
-   before making the TGS request. Current implementations of Kerberos 
-   typically have a table that maps DNS host names to corresponding 
-   Kerberos realms. In order for this to work on the client, each 
-   application canonicalizes the host name of the service by doing a 
-   DNS lookup followed by a reverse lookup using the returned IP 
-   address. The returned primary host name is then used in the 
-   construction of the principal name for the target service. In order 
-   for the correct realm to be added for the target host, the mapping 
-   table [domain_to_realm] is consulted for the realm corresponding to 
-   the DNS host name. The corresponding realm is then used to complete 
-   the target service principal name. 
-    
-   This traditional mechanism requires that each client have very 
-   detailed configuration information about the hosts that are 
-   providing services and their corresponding realms. Having client 
-   side configuration information can be very costly from an 
-   administration point of view - especially if there are many realms 
-   and computers in the environment. 
-    
-   Current implementations of Kerberos also have difficulty with 
-   services on hosts that can have multiple host names (multi-homed 
-   hosts). Traditionally, each host name would need to have a distinct 
-   principal and a corresponding key. An extreme example of this would 
-   be a Web server with multiple host names for each domain that it is 
-  
-Swift                 Category - Standards Track                     2 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-   supporting. Principal aliases allow multi-homed hosts to have a 
-   single Kerberos principal (with a single key) that can have 
-   identities for each distinct host name. This mechanism allows the 
-   Kerberos client to request a service ticket for the distinct 
-   hostname and allows the KDC to return a ticket for the single 
-   principal that the host is using. This canonical principal name 
-   allows the host to only have to manage a single key for all of the 
-   identities that it supports. In addition, the client only needs to 
-   know the realm of the canonical service name, not all of the 
-   identities. 
-    
-   This draft proposes a solution for these problems and simplifies 
-   administration by minimizing the configuration information needed on 
-   each computer using Kerberos. Specifically it describes a mechanism 
-   to allow the KDC to handle Canonicalization of names, provide for 
-   principal aliases for users and services and provide a mechanism for 
-   the KDC to determine the trusted realm authentication path by being 
-   able to generate referrals to other realms in order to locate 
-   principals. 
-    
-   To rectify these problems, this draft introduces three new kinds of   
-   KDC referrals: 
-        
-   1. AS ticket referrals, in which the client doesn't know which realm 
-      contains a user account.  
-   2. TGS ticket referrals, in which the client doesn't know which 
-      realm contains a server account.  
-   3. Cross realm shortcut referrals, in which the KDC chooses the next 
-      path on a referral chain 
-    
-4. Realm Organization Model 
-    
-   This draft assumes that the world of principals is arranged on 
-   multiple levels: the realm, the enterprise, and the world. A KDC may 
-   issue tickets for any principal in its realm or cross-realm tickets 
-   for realms with which it has a direct trust relationship. The KDC 
-   also has access to a trusted name service that can resolve any name 
-   from within its enterprise into a realm. This trusted name service 
-   removes the need to use an untrusted DNS lookup for name resolution. 
-    
-   For example, consider the following configuration, where lines 
-   indicate trust relationships: 
-    
-                  MS.COM  
-                /        \ 
-               /          \ 
-        OFFICE.MS.COM    NT.MS.COM 
-    
-   In this configuration, all users in the MS.COM enterprise could have 
-   a principal name such as alice@MS.COM, with the same realm portion. 
-   In addition, servers at MS.COM should be able to have DNS host names 
-   from any DNS domain independent of what Kerberos realm their 
-   principal resides in. 
-  
-Swift                 Category - Standards Track                     3 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-    
-5. Principal Names 
-    
-5.1 Service Principal Names 
-    
-   The standard Kerberos model in RFC 1510 [3] gives each Kerberos 
-   principal a single name. However, if a service is reachable by 
-   several addresses, it is useful for a principal to have multiple 
-   names. Consider a service running on a multi-homed machine. Rather 
-   than requiring a separate principal and password for each name it 
-   exports, a single account with multiple names could be used. 
-    
-   Multiple names are also useful for services in that clients need not 
-   perform DNS lookups to resolve a host name into a full DNS address. 
-   Instead, the service may have a name for each of its supported host 
-   names, including its IP address. Nonetheless, it is still convenient 
-   for the service to not have to be aware of all these names. Thus a 
-   new name may be added to DNS for a service by updating DNS and the 
-   KDC database without having to notify the service. In addition, it 
-   implies that these aliases are globally unique: they do not include 
-   a specifier dictating what realm contains the principal. Thus, an 
-   alias for a server is of the form "class/instance/name" and may be 
-   transmitted as any name type. 
-    
-5.2 Client Principal Names 
-    
-   Similarly, a client account may also have multiple principal names. 
-   More useful, though, is a globally unique name that allows 
-   unification of email and security principal names. For example, all 
-   users at MS may have a client principal name of the form 
-   "joe@MS.COM" even though the principals are contained in multiple 
-   realms. This global name is again an alias for the true client 
-   principal name, which is indicates what realm contains the 
-   principal. Thus, accounts "alice" in the realm ntdev.MS.COM and 
-   "bob" in office.MS.COM may logon as "alice@MS.COM" and "bob@MS.COM". 
-   This requires a new client principal name type, as the AS-REQ 
-   message only contains a single realm field, and the realm portion of 
-   this name doesn't correspond to any Kerberos realm. Thus, the entire 
-   name "alice@MS.COM" is transmitted in the client name field of the 
-   AS-REQ message, with a name type of KRB-NT-ENTERPRISE-PRINCIPAL. 
-    
-        KRB-NT-ENTERPRISE-PRINCIPAL     10 
-    
-5.3 Name Canonicalization 
-    
-   In order to support name aliases, the Kerberos client must 
-   explicitly request the name-canonicalization KDC option (bit 15) in 
-   the ticket flags for the TGS-REQ. This flag indicates to the KDC 
-   that the client is prepared to receive a reply with a different 
-   client or server principal name than the request. Thus, the 
-   KDCOptions types is redefined as: 
-    
-        KDCOptions ::=   BIT STRING { 
-  
-Swift                 Category - Standards Track                     4 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-                          reserved(0), 
-                          forwardable(1), 
-                          forwarded(2), 
-                          proxiable(3), 
-                          proxy(4), 
-                          allow-postdate(5), 
-                          postdated(6), 
-                          unused7(7), 
-                          renewable(8), 
-                          unused9(9), 
-                          unused10(10), 
-                          unused11(11), 
-                          name-canonicalize(15), 
-                          renewable-ok(27), 
-                          enc-tkt-in-skey(28), 
-                          renew(30), 
-                          validate(31) 
-         } 
-    
-6. Client Referrals 
-    
-   The simplest form of ticket referral is for a user requesting a 
-   ticket using an AS-REQ. In this case, the client machine will send 
-   the AS request to a convenient trusted realm, either the realm of 
-   the client machine or the realm of the client name. In the case of 
-   the name Alice@MS.COM, the client may optimistically choose to send 
-   the request to MS.COM. 
-    
-   The client will send the string "alice@MS.COM" in the client 
-   principal name field using the KRB-NT-ENTERPRISE-PRINCIPAL name type 
-   with the crealm set to MS.COM. The KDC will try to lookup the name 
-   in its local account database. If the account is present in the 
-   crealm of the request, it MUST return a KDC reply structure with the 
-   appropriate ticket. If the account is not present in the crealm 
-   specified in the request and the name-canonicalize flag in the 
-   KDCoptions is set, the KDC will try to lookup the entire name, 
-   Alice@MS.COM, using a name service. If this lookup is unsuccessful, 
-   it MUST return the error KDC_ERR_C_PRINCIPAL_UNKNOWN. If the lookup 
-   is successful, it MUST return an error KDC_ERR_WRONG_REALM (0x44) 
-   and in the error message the cname and crealm field MUST contain the 
-   client name and the true realm of the client. If the KDC contains 
-   the account locally, it MUST return a normal ticket. The client name 
-   and realm portions of the ticket and KDC reply message MUST be the 
-   client's true name in the realm, not the globally unique name. 
-    
-   If the client receives a KDC_ERR_WRONG_REALM error, it will issue a 
-   new AS request with the same client principal name used to generate 
-   the first referral to the realm specified by the crealm field of the 
-   kerberos error message from the first request. This request MUST 
-   produce a valid AS response with a ticket for the canonical user 
-   name. The ticket MUST also include the ticket extension containing 
-   the TE-REFERRAL-DATA with the referred-names set to the name from 
-
-  
-Swift                 Category - Standards Track                     5 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-   the AS request. Any other error or referral will terminate the 
-   request and result in a failed AS request. 
-    
-7. Server Referrals 
-    
-   The server referral mechanism is a bit more complex than the client 
-   referral mechanism. The primary problem is that the KDC must return 
-   a referral ticket rather than an error message, so it will include 
-   in the TGS response information about what realm contains the 
-   service. This is done by returning information about the server name 
-   in the pre-auth data field of the KDC reply. 
-    
-   If the KDC resolves the server principal name into a principal in 
-   its realm, it may return a normal ticket. If the name-canonicalize 
-   flag in the KDCoptions is not set, then the KDC MUST only look up 
-   the name as a normal principal name. Otherwise, it MUST search all 
-   aliases as well. The server principal name in both the ticket and 
-   the KDC reply MUST be the true server principal name instead of one 
-   of the aliases. This frees the application server from needing to 
-   know about all its aliases. 
-    
-   If the name-canonicalize flag in the KDCoptions is set and the KDC 
-   doesn't find the principal locally, the KDC can return a cross-realm 
-   ticket granting ticket to the next hop on the trust path towards a 
-   realm that may be able to resolve the principal name. 
-    
-   If the KDC can determine the service principal's realm, it can 
-   return the server realm as ticket extension data. The ticket 
-   extension MUST be encrypted using the session key from the ticket, 
-   and the same etype as is used to protect the TGS reply body. 
-    
-   The data itself is an ASN.1 encoded structure containing the 
-   server's realm, and if known, canonical principal name and alias 
-   names. The first name in the sequence is the canonical principal 
-   name. 
-    
-                TE-REFERRAL-INFO        20 
-                 
-                TE-REFERRAL-DATA ::= SEQUENCE { 
-                        referred-server-realm[0]  KERB-REALM 
-                        referred-names[1]         SEQUENCE OF 
-                        PrincipalNames OPTIONAL 
-                } 
-    
-    
-   The client can use this information to request a chain of cross-
-   realm ticket granting tickets until it reaches the realm of the 
-   server, and can then expect to receive a valid service ticket. 
-    
-   In order to facilitate cross-realm interoperability, a client SHOULD 
-   NOT send short names in TGS requests to the KDC. A short name is 
-   defined as a Kerberos name that includes a DNS name that is not 
-   fully qualified. The client MAY use forward DNS lookups to obtain 
-  
-Swift                 Category - Standards Track                     6 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-   the long name that corresponds to the user entered short name (the 
-   short name will be a prefix of the corresponding long name). 
-    
-   The client may use the referred-names field to tell if it already 
-   has a ticket to the server in its ticket cache. 
-    
-   The client can use this information to request a chain of cross-
-   realm ticket granting tickets until it reaches the realm of the 
-   server, and can then expect to receive a valid service ticket. 
-   However an implementation should limit the number of referrals that 
-   it processes to avoid infinite referral loops. A suggested limit is 
-   5 referrals before giving up. 
-    
-8. Cross Realm Routing 
-    
-   The current Kerberos protocol requires the client to explicitly 
-   request a cross-realm TGT for each pair of realms on a referral 
-   chain. As a result, the client machines need to be aware of the 
-   trust hierarchy and of any short-cut trusts (those that aren't 
-   parent-child trusts). This requires more configurations on the 
-   client. Instead, the client should be able to request a TGT to the 
-   target realm from each realm on the route. The KDC will determine 
-   the best path for the client and return a cross-realm TGT. The 
-   client has to be aware that a request for a cross-realm TGT may 
-   return a TGT for a realm different from the one requested. 
-    
-9. Security Considerations 
- 
-   The original Kerberos specification stated that the server principal 
-   name in the KDC reply was the same as the server name in the 
-   request. These protocol changes break that assumption, so the client 
-   may be vulnerable to a denial of service attack by an attacker that 
-   replays replies from previous requests. It can verify that the 
-   request was one of its own by checking the client-address field or 
-   authtime field, though, so the damage is limited and detectable. 
-    
-   For the AS exchange case, it is important that the logon mechanism 
-   not trust a name that has not been used to authenticate the user. 
-   For example, the name that the user enters as part of a logon 
-   exchange may not be the name that the user authenticates as, given 
-   that the KDC_ERR_WRONG_REALM error may have been returned. The 
-   relevant Kerberos naming information for logon (if any), is the 
-   client name and client realm in the service ticket targeted at the 
-   workstation that was obtained using the user's initial TGT. 
-    
-   How the client name and client realm is mapped into a local account 
-   for logon is a local matter, but the client logon mechanism MUST use 
-   additional information such as the client realm and/or authorization 
-   attributes from the service ticket presented to the workstation by 
-   the user, when mapping the logon credentials to a local account on 
-   the workstation. 
-    
-10. Discussion 
-  
-Swift                 Category - Standards Track                     7 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
- 
-   This section contains issues and suggestions that need to be 
-   incorporated into this draft. From Ken Raeburn [raeburn@mit.edu]: 
-    
-   1) No means to do name canonicalization if you're not 
-      authenticating. Is it okay to require credentials in order to do 
-      canonicalization? If so, how about this: Send a TGS_REQ for the 
-      service name you have.  If you get back a TGS_REP for a service, 
-      great; pull out the name and throw out the credentials.  If you 
-      get back a TGS_REP for a TGT service, ask again in the specified 
-      realm.  If you get back a KRB_ERROR because policy prohibits you 
-      from authenticating to that service, we can add to the 
-      specification that the {realm,sname} in the KRB_ERROR must be the 
-      canonical name, and the checksum must be used.  As long as the 
-      checksum is present, it's still a secure exchange with the KDC.  
-       
-      If we have to be able to do name canonicalization without any 
-      sort of credentials, either client-side (tickets) or server-side 
-      (tickets automatically acquired via service key), I think we just 
-      lose. But maybe GSSAPI should be changed if that's the case. 
-    
-   2) Can't refer to another realm and specify a different service name 
-      to give to that realm's KDC.  The local KDC can tell you a 
-      different service name or a different realm name, but not both. 
-      This comes up in the "gnuftp.raeburn.org CNAME ftp.gnu.org" type 
-      of case I've mentioned. 
-       
-      Except ... the KDC-REP structure includes padata and ticket 
-      extensions fields that are extensible.  We could add a required 
-      value to one of them -- perhaps only in the case where you return 
-      a TGT when not asked -- that contains signed information about 
-      the principal name to ask for in the other realm.  (It would have 
-      to be required, otherwise a man-in-the-middle could make it go 
-      away.) Signing would be done using the session key for the TGS. 
-    
-   3) Secure canonicalization of service name in AS_REQ. If the 
-      response is an AS_REP, we need a way to tell that the altered 
-      server name wasn't a result of a MITM attack on the AS_REQ 
-      message.  Again, the KDC-REP extensible fields could have a new 
-      required value added when name canonicalization happens, 
-      indicating what the original principal name (in the AS_REQ 
-      message) was, and signed using the same key as protects the 
-      AS_REP.  If it doesn't match what the client requested, the 
-      messages were altered in transit. 
-    
-   4) Client name needs referral to another realm, and server name 
-      needs canonicalization of some sort. The above fixes wouldn't 
-      work for this case, and I'm not even sure which KDC should be 
-      doing the canonicalization anyways. 
-    
-    
-   The other-principal-name datum would probably look something like: 
-    
-  
-Swift                 Category - Standards Track                     8 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-       PrincipalAndNonce ::= SEQUENCE { 
-                    name[0]     PrincipalName, 
-                    nonce[1]    INTEGER         -- copied from KDC_REQ 
-       } 
-       SignedPrincipal ::= SEQUENCE { 
-                    name-and-nonce[0]   PrincipalAndNonce, 
-                    cksum[1]    Checksum 
-       } 
-       {PA,TE}-ORIGINAL-SERVER-PRINCIPAL ::= SignedPrincipal 
-       {PA,TE}-REMOTE-SERVER-PRINCIPAL ::= SignedPrincipal 
-    
-   with the checksum computed over the encoding of the 'name-and-nonce' 
-   field, and appropriate PA- or TE- numbers assigned.  I don't have a 
-   strong opinion on whether it'd be a pa-data or ticket extension; 
-   conceptually it seems like an abuse of either, but, well, I think 
-   I'd rather abuse them than leave the facility both in and 
-   inadequate. 
-    
-   The nonce is needed because multiple exchanges may be made with the 
-   same key, and these extension fields aren't packed in with the other 
-   encrypted data in the same response, so a MITM could pick apart 
-   multiple messages and mix-and-match components.  (In a TGS_REQ 
-   exchange, a subsession key would help, but it's not required.) 
-    
-   The extension field would be required to prevent a MITM from 
-   discarding the field from a response; a flag bit in a protected part 
-   of the message (probably in 'flags' in EncKDCRepPart) could also let 
-   us know of a cases where the information can be omitted, namely, 
-   when no name change is done.  Perhaps the bit should be set to 
-   indicate that a name change *was* done, and clear if it wasn't, 
-   making the no-change case more directly compatible with RFC1510. 
- 
-11. References 
-    
- 
-   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-      9, RFC 2026, October 1996. 
-    
-   2  Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-      Levels", BCP 14, RFC 2119, March 1997 
-    
-   3  Kohl, J., Neuman, C., "The Kerberos Network Authentication 
-      Service (V5)", RFC 1510, September 1993 
-    
-    
-12. Author's Addresses 
-    
-   Michael Swift 
-   University of Washington 
-   Seattle, Washington 
-   Email: mikesw@cs.washington.edu 
-    
-   John Brezak 
-  
-Swift                 Category - Standards Track                     9 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-   Microsoft 
-   One Microsoft Way 
-   Redmond, Washington 
-   Email: jbrezak@Microsoft.com 
-    
-   Jonathan Trostle 
-   Cisco Systems 
-   170 W. Tasman Dr. 
-   San Jose, CA 95134 
-   Email: jtrostle@cisco.com 
-    
-   Kenneth Raeburn 
-   Massachusetts Institute of Technology 77 
-   Massachusetts Avenue 
-   Cambridge, Massachusetts 02139 
-   Email: raeburn@mit.edu
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                 Category - Standards Track                    10 
-
-
-
-
-
-
-
-
-                            KDC Referrals               February 2001 
- 
- 
-   Full Copyright Statement 
-
-   Copyright (C) The Internet Society (1999).  All Rights Reserved. 
-    
-   This document and translations of it may be copied and furnished to 
-   others, and derivative works that comment on or otherwise explain it 
-   or assist in its implementation may be prepared, copied, published 
-   and distributed, in whole or in part, without restriction of any 
-   kind, provided that the above copyright notice and this paragraph 
-   are included on all such copies and derivative works.  However, this   
-   document itself may not be modified in any way, such as by removing   
-   the copyright notice or references to the Internet Society or other   
-   Internet organizations, except as needed for the purpose of 
-   developing Internet standards in which case the procedures for 
-   copyrights defined in the Internet Standards process must be 
-   followed, or as required to translate it into languages other than 
-   English. 
-    
-   The limited permissions granted above are perpetual and will not be 
-   revoked by the Internet Society or its successors or assigns. 
-    
-   This document and the information contained herein is provided on an 
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 
-    
-    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                 Category - Standards Track                    11 
-
-
-
-
-
-
-
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-krb-dns-locate-02.txt b/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-krb-dns-locate-02.txt
deleted file mode 100644
index a6dec9d1e076..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-krb-wg-krb-dns-locate-02.txt
+++ /dev/null
@@ -1,339 +0,0 @@
-
-
-
-
-
-
-INTERNET-DRAFT                                             Ken Hornstein
-<draft-ietf-krb-wg-krb-dns-locate-02.txt>                            NRL
-February 28, 2001                                         Jeffrey Altman
-Expires: August 28, 2001                             Columbia University
-
-
-
-          Distributing Kerberos KDC and Realm Information with DNS
-
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as Internet-
-   Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet- Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Distribution of this memo is unlimited.  It is filed as <draft-ietf-
-   krb-wg-krb-dns-locate-02.txt>, and expires on August 28, 2001.
-   Please send comments to the authors.
-
-Abstract
-
-   Neither the Kerberos V5 protocol [RFC1510] nor the Kerberos V4 proto-
-   col [RFC????] describe any mechanism for clients to learn critical
-   configuration information necessary for proper operation of the pro-
-   tocol.  Such information includes the location of Kerberos key dis-
-   tribution centers or a mapping between DNS domains and Kerberos
-   realms.
-
-   Current Kerberos implementations generally store such configuration
-   information in a file on each client machine.  Experience has shown
-   this method of storing configuration information presents problems
-   with out-of-date information and scaling problems, especially when
-
-
-
-Hornstein, Altman                                               [Page 1]
-
-RFC DRAFT                                              February 28, 2001
-
-
-   using cross-realm authentication.
-
-   This memo describes a method for using the Domain Name System
-   [RFC1035] for storing such configuration information.  Specifically,
-   methods for storing KDC location and hostname/domain name to realm
-   mapping information are discussed.
-
-DNS vs. Kerberos - Case Sensitivity of Realm Names
-
-   In Kerberos, realm names are case sensitive.  While it is strongly
-   encouraged that all realm names be all upper case this recommendation
-   has not been adopted by all sites.  Some sites use all lower case
-   names and other use mixed case.  DNS on the other hand is case insen-
-   sitive for queries but is case preserving for responses to TXT
-   queries.  Since "MYREALM", "myrealm", and "MyRealm" are all different
-   it is necessary that only one of the possible combinations of upper
-   and lower case characters be used.  This restriction may be lifted in
-   the future as the DNS naming scheme is expanded to support non-ASCII
-   names.
-
-Overview - KDC location information
-
-   KDC location information is to be stored using the DNS SRV RR [RFC
-   2052].  The format of this RR is as follows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for Kerberos is always "_kerberos".
-
-   The Proto can be either "_udp" or "_tcp".  If these records are to be
-   used, a "_udp" record MUST be included.  If the Kerberos implementa-
-   tion supports TCP transport, a "_tcp" record SHOULD be included.
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, and Target have the standard mean-
-   ing as defined in RFC 2052.
-
-   As per RFC 2052 the Port number should be the value assigned to "ker-
-   beros" by the Internet Assigned Number Authority (88).
-
-Example - KDC location information
-
-   These are DNS records for a Kerberos realm ASDF.COM.  It has two Ker-
-   beros servers, kdc1.asdf.com and kdc2.asdf.com.  Queries should be
-   directed to kdc1.asdf.com first as per the specified priority.
-   Weights are not used in these records.
-
-
-
-
-Hornstein, Altman                                               [Page 2]
-
-RFC DRAFT                                              February 28, 2001
-
-
-   _kerberos._udp.ASDF.COM.        IN      SRV     0 0 88 kdc1.asdf.com.
-   _kerberos._udp.ASDF.COM.        IN      SRV     1 0 88 kdc2.asdf.com.
-
-Overview - Kerberos password changing server location information
-
-   Kerberos password changing server [KERB-CHG] location is to be stored
-   using the DNS SRV RR [RFC 2052].  The format of this RR is as fol-
-   lows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for the password server is always "_kpasswd".
-
-   The Proto MUST be "_udp".
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, and Target have the standard mean-
-   ing as defined in RFC 2052.
-
-   As per RFC 2052 the Port number should be the value assigned to
-   "kpasswd" by the Internet Assigned Number Authority (464).
-
-Overview - Kerberos admin server location information
-
-   Kerberos admin location information is to be stored using the DNS SRV
-   RR [RFC 2052].  The format of this RR is as follows:
-
-   Service.Proto.Realm TTL Class SRV Priority Weight Port Target
-
-   The Service name for the admin server is always "_kerberos-adm".
-
-   The Proto can be either "_udp" or "_tcp".  If these records are to be
-   used, a "_tcp" record MUST be included.  If the Kerberos admin imple-
-   mentation supports UDP transport, a "_udp" record SHOULD be included.
-
-   The Realm is the Kerberos realm that this record corresponds to.
-
-   TTL, Class, SRV, Priority, Weight, and Target have the standard mean-
-   ing as defined in RFC 2052.
-
-   As per RFC 2052 the Port number should be the value assigned to
-   "kerberos-adm" by the Internet Assigned Number Authority (749).
-
-   Note that there is no formal definition of a Kerberos admin protocol,
-   so the use of this record is optional and implementation-dependent.
-
-
-
-
-
-Hornstein, Altman                                               [Page 3]
-
-RFC DRAFT                                              February 28, 2001
-
-
-Example - Kerberos administrative server location information
-
-   These are DNS records for a Kerberos realm ASDF.COM.  It has one
-   administrative server, kdc1.asdf.com.
-
-   _kerberos-adm._tcp.ASDF.COM.    IN      SRV     0 0 749 kdc1.asdf.com.
-
-Overview - Hostname/domain name to Kerberos realm mapping
-
-   Information on the mapping of DNS hostnames and domain names to Ker-
-   beros realms is stored using DNS TXT records [RFC 1035].  These
-   records have the following format.
-
-   Service.Name TTL Class TXT Realm
-
-   The Service field is always "_kerberos", and prefixes all entries of
-   this type.
-
-   The Name is a DNS hostname or domain name.  This is explained in
-   greater detail below.
-
-   TTL, Class, and TXT have the standard DNS meaning as defined in RFC
-   1035.
-
-   The Realm is the data for the TXT RR, and consists simply of the Ker-
-   beros realm that corresponds to the Name specified.
-
-   When a Kerberos client wishes to utilize a host-specific service, it
-   will perform a DNS TXT query, using the hostname in the Name field of
-   the DNS query.  If the record is not found, the first label of the
-   name is stripped and the query is retried.
-
-   Compliant implementations MUST query the full hostname and the most
-   specific domain name (the hostname with the first label removed).
-   Compliant implementations SHOULD try stripping all subsequent labels
-   until a match is found or the Name field is empty.
-
-Example - Hostname/domain name to Kerberos realm mapping
-
-   For the previously mentioned ASDF.COM realm and domain, some sample
-   records might be as follows:
-
-   _kerberos.asdf.com.             IN      TXT     "ASDF.COM"
-   _kerberos.mrkserver.asdf.com.   IN      TXT     "MARKETING.ASDF.COM"
-   _kerberos.salesserver.asdf.com. IN      TXT     "SALES.ASDF.COM"
-
-   Let us suppose that in this case, a Kerberos client wishes to use a
-   Kerberized service on the host foo.asdf.com.  It would first query:
-
-
-
-Hornstein, Altman                                               [Page 4]
-
-RFC DRAFT                                              February 28, 2001
-
-
-   _kerberos.foo.asdf.com. IN TXT
-
-   Finding no match, it would then query:
-
-   _kerberos.asdf.com. IN TXT
-
-   And find an answer of ASDF.COM.  This would be the realm that
-   foo.asdf.com resides in.
-
-   If another Kerberos client wishes to use a Kerberized service on the
-   host salesserver.asdf.com, it would query:
-
-   _kerberos.salesserver.asdf.com IN TXT
-
-   And find an answer of SALES.ASDF.COM.
-
-Security considerations
-
-   As DNS is deployed today, it is an unsecure service.  Thus the infor-
-   mation returned by it cannot be trusted.
-
-   Current practice for REALM to KDC mapping is to use hostnames to
-   indicate KDC hosts (stored in some implementation-dependent location,
-   but generally a local config file).  These hostnames are vulnerable
-   to the standard set of DNS attacks (denial of service, spoofed
-   entries, etc).  The design of the Kerberos protocol limits attacks of
-   this sort to denial of service.  However, the use of SRV records does
-   not change this attack in any way.  They have the same vulnerabili-
-   ties that already exist in the common practice of using hostnames for
-   KDC locations.
-
-   Current practice for HOSTNAME to REALM mapping is to provide a local
-   configuration of mappings of hostname or domain name to realm which
-   are then mapped to KDCs.  But this again is vulnerable to spoofing
-   via CNAME records that point to hosts in other domains.  This has the
-   same effect as when a TXT record is spoofed.  In a realm with no
-   cross-realm trusts this is a DoS attack.  However, when cross-realm
-   trusts are used it is possible to redirect a client to use a comprom-
-   ised realm.
-
-   This is not an exploit of the Kerberos protocol but of the Kerberos
-   trust model.  The same can be done to any application that must
-   resolve the hostname in order to determine which domain a non-FQDN
-   belongs to.
-
-   Implementations SHOULD provide a way of specifying this information
-   locally without the use of DNS.  However, to make this feature
-   worthwhile a lack of any configuration information on a client should
-
-
-
-Hornstein, Altman                                               [Page 5]
-
-RFC DRAFT                                              February 28, 2001
-
-
-   be interpretted as permission to use DNS.
-
-Expiration
-
-   This Internet-Draft expires on August 28, 2001.
-
-References
-
-
-   [RFC1510]
-        The Kerberos Network Authentication System; Kohl, Newman; Sep-
-        tember 1993.
-
-   [RFC1035]
-        Domain Names - Implementation and Specification; Mockapetris;
-        November 1987
-
-   [RFC2782]
-        A DNS RR for specifying the location of services (DNS SRV); Gul-
-        brandsen, Vixie; Feburary 2000
-
-   [KERB-CHG]
-        Kerberos Change Password Protocol; Horowitz;
-        ftp://ds.internic.net/internet-drafts/draft-ietf-cat-kerb-chg-
-        password-02.txt
-
-Authors' Addresses
-
-   Ken Hornstein
-   US Naval Research Laboratory
-   Bldg A-49, Room 2
-   4555 Overlook Avenue
-   Washington DC  20375 USA
-
-   Phone: +1 (202) 404-4765
-   EMail: kenh@cmf.nrl.navy.mil
-
-   Jeffrey Altman
-   The Kermit Project
-   Columbia University
-   612 West 115th Street #716
-   New York NY 10025-7799 USA
-
-   Phone: +1 (212) 854-1344
-   EMail: jaltman@columbia.edu
-
-
-
-
-
-
-Hornstein, Altman                                               [Page 6]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-raeburn-cat-gssapi-krb5-3des-00.txt b/crypto/heimdal/doc/standardisation/draft-raeburn-cat-gssapi-krb5-3des-00.txt
deleted file mode 100644
index 24325fdbda74..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-raeburn-cat-gssapi-krb5-3des-00.txt
+++ /dev/null
@@ -1,281 +0,0 @@
-CAT Working Group                                           K. Raeburn
-Internet-draft                                                     MIT
-Category:                                                July 14, 2000
-Updates: RFC 1964
-Document: draft-raeburn-cat-gssapi-krb5-3des-00.txt
-
-        Triple-DES Support for the Kerberos 5 GSSAPI Mechanism
-
-Status of this Memo
- 
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026 [RFC2026]. Internet-Drafts
-   are working documents of the Internet Engineering Task Force
-   (IETF), its areas, and its working groups. Note that other groups
-   may also distribute working documents as
-   Internet-Drafts. Internet-Drafts are draft documents valid for a
-   maximum of six months and may be updated, replaced, or obsoleted by
-   other documents at any time. It is inappropriate to use
-   Internet-Drafts as reference material or to cite them other than as
-   "work in progress."
-     
-   The list of current Internet-Drafts can be accessed at 
-   http://www.ietf.org/ietf/1id-abstracts.txt  
-
-   The list of Internet-Draft Shadow Directories can be accessed at 
-   http://www.ietf.org/shadow.html. 
-    
-1. Abstract 
-
-   The MIT Kerberos 5 release version 1.2 includes support for
-   triple-DES with key derivation [KrbRev].  Recent work by the EFF
-   [EFF] has demonstrated the vulnerability of single-DES mechanisms
-   to brute-force attacks by sufficiently motivated and well-funded
-   parties.
-
-   The GSSAPI Kerberos 5 mechanism definition [GSSAPI-KRB5]
-   specifically enumerates encryption and checksum types,
-   independently of how such schemes may be used in Kerberos.  In the
-   long run, a new Kerberos-based mechanism, which does not require
-   separately enumerating for the GSSAPI mechanism each of the
-   encryption types defined by Kerberos, appears to be a better
-   approach.  Efforts to produce such a specification are under way.
-
-   In the interest of providing increased security in the interim,
-   however, MIT is proposing adding support for triple-DES to the
-   existing mechanism, as described here.
-
-2. Conventions Used in this Document
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
-   this document are to be interpreted as described in RFC 2119.
-
-3. New Algorithm Identifiers
-
-   One new sealing algorithm is defined, for use in WRAP tokens:
-
-   02 00 - DES3-KD
-
-   This algorithm uses triple-DES with key derivation, with a usage
-   value KG_USAGE_SEAL.  Padding is still to 8-byte multiples, and the
-   IV for encrypting application data is zero.
-
-   One new signing algorithm is defined, for use in MIC, Wrap, and
-   Delete tokens:
-
-   04 00 - HMAC SHA1 DES3-KD
-
-   This algorithm generates an HMAC using SHA-1 and a derived DES3 key
-   with usage KG_USAGE_SIGN, as (ought to be described) in [KrbRev].
-
-   [XXX: The current [KrbRev] description refers to expired I-Ds from
-   Marc Horowitz.  The text in [KrbRev] may be inadequate to produce
-   an interoperable implementation.]
-
-   The checksum size for this algorithm is 20 octets.  See section 5.3
-   below for the use of checksum lengths of other than eight bytes.
-
-4. Key Derivation
-
-   For purposes of key derivation, we add three new usage values to the
-   list defined in [KrbRev]; one for signing messages, one for
-   sealing messages, and one for encrypting sequence numbers:
-
-   #define KG_USAGE_SEAL 22
-   #define KG_USAGE_SIGN 23
-   #define KG_USAGE_SEQ  24
-
-5. Adjustments to Previous Definitions
-
-5.1. Quality of Protection
-
-   The GSSAPI specification [GSSAPI] says that a zero QOP value
-   indicates the "default".  The original specification for the
-   Kerberos 5 mechanism says that a zero QOP value (or a QOP value
-   with the appropriate bits clear) means DES encryption.
-
-   Rather than continue to force the use of plain DES when the
-   application doesn't use mechanism-specific QOP values, the better
-   choice appears to be to redefine the DES QOP value as some non-zero
-   value, and define a triple-DES value as well.  Then a zero value
-   continues to imply the default, which would be triple-DES
-   protection when given a triple-DES session key.
-
-   Our values are:
-
-   GSS_KRB5_INTEG_C_QOP_HMAC_SHA1        0x0004
-            /* SHA-1 checksum encrypted with key derivation */
-
-   GSS_KRB5_CONF_C_QOP_DES               0x0100
-            /* plain DES encryption */
-   GSS_KRB5_CONF_C_QOP_DES3_KD           0x0200
-            /* triple-DES with key derivation */
-
-   Rather than open the question of whether to specify means for
-   deriving a key of one type given a key of another type, and the
-   security implications of whether to generate a long key from a
-   shorter one, our implementation will simply return an error if the
-   QOP value specified does not correspond to the session key type.
-
-   [Implementation note: MIT's code does not implement QoP, and
-   returns an error for any non-zero QoP value.]
-
-5.2. MIC Sequence Number Encryption
-
-   The sequence numbers are encrypted in the context key (as defined
-   in [GSSAPI-KRB5] -- this will be either the Kerberos session key or
-   asubkey provided by the context initiator), using whatever
-   encryption system is designated by the type of that context key.
-   The IV is formed from the first N bytes of the SGN_CKSUM field,
-   where N is the number of bytes needed for the IV.  (With all
-   algorithms described here and in [GSSAPI-KRB5], the checksum is at
-   least as large as the IV.)
-
-5.3. Message Layout
-
-   Both MIC and Wrap tokens, as defined in [GSSAPI-KRB5], contain an
-   checksum field SGN_CKSUM.  In [GSSAPI-KRB5], this field was
-   specified as being 8 bytes long.  We now change this size to be
-   "defined by the checksum algorithm", and retroactively amend the
-   descriptions of all the checksum algorithms described in
-   [GSSAPI-KRB5] to explicitly specify 8-byte output.  Application
-   data continues to immediately follow the checksum field in the Wrap
-   token.
-
-   The revised message descriptions are thus:
-
-   MIC:
-
-   Byte no          Name           Description
-    0..1           TOK_ID          Identification field.
-    2..3           SGN_ALG         Integrity algorithm indicator.
-    4..7           Filler          Contains ff ff ff ff
-    8..15          SND_SEQ         Sequence number field.
-    16..s+15       SGN_CKSUM       Checksum of "to-be-signed data",
-                                   calculated according to algorithm
-                                   specified in SGN_ALG field.
-
-   Wrap:
-
-   Byte no          Name           Description
-    0..1           TOK_ID          Identification field.
-                                   Tokens emitted by GSS_Wrap() contain
-                                   the hex value 02 01 in this field.
-    2..3           SGN_ALG         Checksum algorithm indicator.
-    4..5           SEAL_ALG        Sealing algorithm indicator.
-    6..7           Filler          Contains ff ff
-    8..15          SND_SEQ         Encrypted sequence number field.
-    16..s+15       SGN_CKSUM       Checksum of plaintext padded data,
-                                   calculated according to algorithm
-                                   specified in SGN_ALG field.
-    s+16..last     Data            encrypted or plaintext padded data
-
-   Where "s" indicates the size of the checksum.
-
-   As indicated above in section 2, we define the HMAC SHA1 DES3-KD
-   checksum algorithm to produce a 20-byte output, so encrypted data
-   begins at byte 36.
-
-6. Backwards Compatibility Considerations
-
-   The context initiator SHOULD request of the KDC credentials using
-   session-key cryptosystem types supported by that implementation; if
-   the only types returned by the KDC are not supported by the
-   mechanism implementation, it MUST indicate a failure.  This may
-   seem obvious, but early implementations of both Kerberos and the
-   GSSAPI Kerberos mechanism supported only DES keys, so the
-   cryptosystem compatibility question was easy to overlook.
-
-   Under the current mechanism, no negotiation of algorithm types
-   occurs, so server-side (acceptor) implementations cannot request
-   that clients not use algorithm types not understood by the server.
-   However, administration of the server's Kerberos data has to be
-   done in communication with the KDC, and it is from the KDC that the
-   client will request credentials.  The KDC could therefore be tasked
-   with limiting session keys for a given service to types actually
-   supported by the Kerberos and GSSAPI software on the server.
-
-   This does have a drawback for cases where a service principal name
-   is used both for GSSAPI-based and non-GSSAPI-based communication,
-   if the GSSAPI implementation does not understand triple-DES but the
-   Kerberos implementation does.  It means that triple-DES session
-   keys cannot be issued for that service principal, which keeps the
-   protection of non-GSSAPI services weaker than necessary.  However,
-   in the most recent MIT releases thus far, while triple-DES support
-   has been present, it has required additional work to enable, so it
-   is not likely to be in use for many services.
-
-   It would also be possible to have clients attempt to get single-DES
-   session keys before trying to get triple-DES session keys, and have
-   the KDC refuse to issue the single-DES keys only for the most
-   critical of services, for which single-DES protection is considered
-   inadequate.  However, that would eliminate the possibility of
-   connecting with the more secure cryptosystem to any service that
-   can be accessed with the weaker cryptosystem.
-
-   We have chosen to go with the former approach, putting the burden
-   on the KDC administration and gaining the best protection possible
-   for GSSAPI services, possibly at the cost of protection of
-   non-GSSAPI Kerberos services running earlier versions of the
-   software.
-
-6. Security Considerations
-
-   Various tradeoffs arise regarding the mixing of new and old
-   software, or GSSAPI-based and non-GSSAPI Kerberos authentication.
-   They are discussed in section 5.
-
-7. References
-
-   [EFF] Electronic Frontier Foundation, "Cracking DES: Secrets of
-   Encryption Research, Wiretap Politics, and Chip Design", O'Reilly &
-   Associates, Inc., May, 1998.
-
-   [GSSAPI] Linn, J., "Generic Security Service Application Program
-   Interface Version 2, Update 1", RFC 2743, January, 2000.
-
-   [GSSAPI-KRB5] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
-   RFC 1964, June, 1996.
-
-   [KrbRev] Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network
-   Authentication Service (V5)",
-   draft-ietf-cat-kerberos-revisions-05.txt, March 10, 2000.
-
-   [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
-   3", RFC 2026, October, 1996.
-
-8. Author's Address
-
-   Kenneth Raeburn
-   Massachusetts Institute of Technology
-   77 Massachusetts Avenue
-   Cambridge, MA 02139
-
-9. Full Copyright Statement
-
-   Copyright (C) The Internet Society (2000).  All Rights Reserved. 
-    
-   This document and translations of it may be copied and furnished to 
-   others, and derivative works that comment on or otherwise explain it 
-   or assist in its implementation may be prepared, copied, published 
-   and distributed, in whole or in part, without restriction of any 
-   kind, provided that the above copyright notice and this paragraph 
-   are included on all such copies and derivative works.  However, this   
-   document itself may not be modified in any way, such as by removing   
-   the copyright notice or references to the Internet Society or other   
-   Internet organizations, except as needed for the purpose of 
-   developing Internet standards in which case the procedures for 
-   copyrights defined in the Internet Standards process must be 
-   followed, or as required to translate it into languages other than 
-   English. 
-    
-   The limited permissions granted above are perpetual and will not be 
-   revoked by the Internet Society or its successors or assigns. 
-    
-   This document and the information contained herein is provided on an 
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 
diff --git a/crypto/heimdal/doc/standardisation/draft-raeburn-krb-gssapi-krb5-3des-01.txt b/crypto/heimdal/doc/standardisation/draft-raeburn-krb-gssapi-krb5-3des-01.txt
deleted file mode 100644
index 64ca1ac498be..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-raeburn-krb-gssapi-krb5-3des-01.txt
+++ /dev/null
@@ -1,395 +0,0 @@
-
-
-
-
-
-
-Kerberos Working Group                                        K. Raeburn
-Category: Informational                                              MIT
-Document: draft-raeburn-krb-gssapi-krb5-3des-01.txt    November 24, 2000
-
-
-         Triple-DES Support for the Kerberos 5 GSSAPI Mechanism
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are
-   working documents of the Internet Engineering Task Force (IETF), its
-   areas, and its working groups. Note that other groups may also
-   distribute working documents as Internet-Drafts. Internet-Drafts are
-   draft documents valid for a maximum of six months and may be updated,
-   replaced, or obsoleted by other documents at any time. It is
-   inappropriate to use Internet-Drafts as reference material or to cite
-   them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-1. Abstract
-
-   The GSSAPI Kerberos 5 mechanism definition [GSSAPI-KRB5] specifically
-   enumerates encryption and checksum types, independently of how such
-   schemes may be used in Kerberos.  In the long run, a new Kerberos-
-   based mechanism, which does not require separately enumerating for
-   the GSSAPI mechanism each of the various encryption types defined by
-   Kerberos, is probably a better approach.  Various people have
-   expressed interest in designing one, but the work has not yet been
-   completed.
-
-   The MIT Kerberos 5 release version 1.2 includes support for triple-
-   DES with key derivation [KrbRev].  Recent work by the EFF [EFF] has
-   demonstrated the vulnerability of single-DES mechanisms to brute-
-   force attacks by sufficiently motivated and well-funded parties.  So,
-   in the interest of providing increased security in the near term, MIT
-   is adding support for triple-DES to the existing mechanism
-   implementation we ship, as an interim measure.
-
-
-
-
-
-
-
-
-Raeburn                                                         [Page 1]
-
-INTERNET DRAFT       Triple-DES for GSSAPI Kerberos        November 2000
-
-
-2. New Algorithm Identifiers
-
-   One new sealing algorithm is defined, for use in Wrap tokens.
-
-
-   +--------------------------------------------------------------------+
-   |          name                                octet values          |
-   +--------------------------------------------------------------------+
-   |         DES3-KD                                 02 00              |
-   +--------------------------------------------------------------------+
-
-   This algorithm uses triple-DES with key derivation, with a usage
-   value KG_USAGE_SEAL.  (Unlike the EncryptedData definition in
-   [KrbRev], no integrity protection is needed, so this is "raw" triple-
-   DES, with no checksum attached to the encrypted data.)  Padding is
-   still to 8-byte multiples, and the IV for encrypting application data
-   is zero.
-
-   One new signing algorithm is defined, for use in MIC, Wrap, and
-   Delete tokens.
-
-
-   +--------------------------------------------------------------------+
-   |             name                               octet values        |
-   +--------------------------------------------------------------------+
-   |       HMAC SHA1 DES3-KD                           04 00            |
-   +--------------------------------------------------------------------+
-
-   This algorithm generates an HMAC using SHA-1 and a derived DES3 key
-   with usage KG_USAGE_SIGN, as described in [KrbRev].
-
-   [N.B.: The current [KrbRev] description refers to expired I-Ds from
-   Marc Horowitz.  The text in [KrbRev] may be inadequate to produce an
-   interoperable implementation.]
-
-   The checksum size for this algorithm is 20 octets.  See section 4.3
-   below for the use of checksum lengths of other than eight bytes.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Raeburn                                                         [Page 2]
-
-INTERNET DRAFT       Triple-DES for GSSAPI Kerberos        November 2000
-
-
-3. Key Derivation
-
-   For purposes of key derivation, we add three new usage values to the
-   list defined in [KrbRev]; one for signing messages, one for sealing
-   messages, and one for encrypting sequence numbers:
-
-
-   +--------------------------------------------------------------------+
-   |             name                                    value          |
-   +--------------------------------------------------------------------+
-   |         KG_USAGE_SEAL                                22            |
-   |         KG_USAGE_SIGN                                23            |
-   |         KG_USAGE_SEQ                                 24            |
-   +--------------------------------------------------------------------+
-
-4. Adjustments to Previous Definitions
-
-4.1. Quality of Protection
-
-   The GSSAPI specification [GSSAPI] says that a zero QOP value
-   indicates the "default".  The original specification for the Kerberos
-   5 mechanism says that a zero QOP value (or a QOP value with the
-   appropriate bits clear) means DES encryption.
-
-   Rather than forcing the use of plain DES when the application doesn't
-   use mechanism-specific QOP values, we redefine the explicit DES QOP
-   value as a non-zero value, and define a triple-DES value as well.
-   Then a zero value continues to imply the default, which would be
-   triple-DES protection when given a triple-DES session key.
-
-   Our values are:
-
-   +--------------------------------------------------------------------+
-   |             name                  value      meaning               |
-   +--------------------------------------------------------------------+
-   | GSS_KRB5_INTEG_C_QOP_HMAC_SHA1    0x0004     SHA-1 HMAC, using     |
-   |                                              key derivation        |
-   |                                                                    |
-   |    GSS_KRB5_CONF_C_QOP_DES        0x0100     plain DES encryption  |
-   |                                                                    |
-   |  GSS_KRB5_CONF_C_QOP_DES3_KD      0x0200     triple-DES with key   |
-   |                                              derivation            |
-   +--------------------------------------------------------------------+
-
-   Rather than attempt to specify a generic mechanism for deriving a key
-   of one type given a key of another type, and evaluate the security
-   implications of using a short key to generate a longer key to satisfy
-   the requested quality of protection, our implementation will simply
-
-
-
-Raeburn                                                         [Page 3]
-
-INTERNET DRAFT       Triple-DES for GSSAPI Kerberos        November 2000
-
-
-   return an error if the nonzero QOP value specified does not
-   correspond to the session key type.
-
-4.2. MIC Sequence Number Encryption
-
-   The sequence numbers are encrypted in the context key (as defined in
-   [GSSAPI-KRB5] -- this will be either the Kerberos session key or
-   asubkey provided by the context initiator), using whatever encryption
-   system is designated by the type of that context key.  The IV is
-   formed from the first N bytes of the SGN_CKSUM field, where N is the
-   number of bytes needed for the IV.  (With all algorithms described
-   here and in [GSSAPI-KRB5], the checksum is at least as large as the
-   IV.)
-
-4.3. Message Layout
-
-   Both MIC and Wrap tokens, as defined in [GSSAPI-KRB5], contain an
-   checksum field SGN_CKSUM.  In [GSSAPI-KRB5], this field was specified
-   as being 8 bytes long.  We now change this size to be "defined by the
-   checksum algorithm", and retroactively amend the descriptions of all
-   the checksum algorithms described in [GSSAPI-KRB5] to explicitly
-   specify 8-byte output.  Application data continues to immediately
-   follow the checksum field in the Wrap token.
-
-   The revised message descriptions are thus:
-
-   MIC token:
-
-   Byte #             Name                Description
-   ----------------------------------------------------------------------
-    0..1              TOK_ID              Identification field.
-    2..3              SGN_ALG             Integrity algorithm indicator.
-    4..7              Filler              Contains ff ff ff ff
-    8..15             SND_SEQ             Sequence number field.
-   16..s+15           SGN_CKSUM           Checksum of "to-be-signed
-                                          data", calculated according to
-                                          algorithm specified in SGN_ALG
-                                          field.
-
-
-
-
-
-
-
-
-
-
-
-
-
-Raeburn                                                         [Page 4]
-
-INTERNET DRAFT       Triple-DES for GSSAPI Kerberos        November 2000
-
-
-   Wrap token:
-
-   Byte #           Name             Description
-   ----------------------------------------------------------------------
-    0..1            TOK_ID           Identification field.  Tokens
-                                     emitted by GSS_Wrap() contain the
-                                     hex value 02 01 in this field.
-    2..3            SGN_ALG          Checksum algorithm indicator.
-    4..5            SEAL_ALG         Sealing algorithm indicator.
-    6..7            Filler           Contains ff ff
-    8..15           SND_SEQ          Encrypted sequence number field.
-   16..s+15         SGN_CKSUM        Checksum of plaintext padded data,
-                                     calculated according to algorithm
-                                     specified in SGN_ALG field.
-   s+16..last       Data             encrypted or plaintext padded data
-
-
-   Where "s" indicates the size of the checksum.
-
-   As indicated above in section 2, we define the HMAC SHA1 DES3-KD
-   checksum algorithm to produce a 20-byte output, so encrypted data
-   begins at byte 36.
-
-5. Backwards Compatibility Considerations
-
-   The context initiator should request of the KDC credentials using
-   session-key cryptosystem types supported by that implementation; if
-   the only types returned by the KDC are not supported by the mechanism
-   implementation, it should indicate a failure.  This may seem obvious,
-   but early implementations of both Kerberos and the GSSAPI Kerberos
-   mechanism supported only DES keys, so the cryptosystem compatibility
-   question was easy to overlook.
-
-   Under the current mechanism, no negotiation of algorithm types
-   occurs, so server-side (acceptor) implementations cannot request that
-   clients not use algorithm types not understood by the server.
-   However, administration of the server's Kerberos data (e.g., the
-   service key) has to be done in communication with the KDC, and it is
-   from the KDC that the client will request credentials.  The KDC could
-   therefore be tasked with limiting session keys for a given service to
-   types actually supported by the Kerberos and GSSAPI software on the
-   server.
-
-   This does have a drawback for cases where a service principal name is
-   used both for GSSAPI-based and non-GSSAPI-based communication (most
-   notably the "host" service key), if the GSSAPI implementation does
-   not understand triple-DES but the Kerberos implementation does.  It
-   means that triple-DES session keys cannot be issued for that service
-
-
-
-Raeburn                                                         [Page 5]
-
-INTERNET DRAFT       Triple-DES for GSSAPI Kerberos        November 2000
-
-
-   principal, which keeps the protection of non-GSSAPI services weaker
-   than necessary.
-
-   It would also be possible to have clients attempt to get single-DES
-   session keys before trying to get triple-DES session keys, and have
-   the KDC refuse to issue the single-DES keys only for the most
-   critical of services, for which single-DES protection is considered
-   inadequate.  However, that would eliminate the possibility of
-   connecting with the more secure cryptosystem to any service that can
-   be accessed with the weaker cryptosystem.
-
-   For MIT's 1.2 release, we chose to go with the former approach,
-   putting the burden on the KDC administration and gaining the best
-   protection possible for GSSAPI services, possibly at the cost of
-   weaker protection of non-GSSAPI Kerberos services running earlier
-   versions of the software.
-
-6. Security Considerations
-
-   Various tradeoffs arise regarding the mixing of new and old software,
-   or GSSAPI-based and non-GSSAPI Kerberos authentication.  They are
-   discussed in section 5.
-
-7. References
-
-   [EFF] Electronic Frontier Foundation, "Cracking DES: Secrets of
-   Encryption Research, Wiretap Politics, and Chip Design", O'Reilly &
-   Associates, Inc., May, 1998.
-
-   [GSSAPI] Linn, J., "Generic Security Service Application Program
-   Interface Version 2, Update 1", RFC 2743, January, 2000.
-
-   [GSSAPI-KRB5] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
-   RFC 1964, June, 1996.
-
-   [KrbRev] Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network
-   Authentication Service (V5)", draft-ietf-cat-kerberos-
-   revisions-06.txt, July 4, 2000.
-
-8. Author's Address
-
-   Kenneth Raeburn Massachusetts Institute of Technology 77
-   Massachusetts Avenue Cambridge, MA 02139
-
-9. Full Copyright Statement
-
-   Copyright (C) The Internet Society (2000).  All Rights Reserved.
-
-
-
-
-Raeburn                                                         [Page 6]
-
-INTERNET DRAFT       Triple-DES for GSSAPI Kerberos        November 2000
-
-
-   This document and translations of it may be copied and furnished to
-   others, and derivative works that comment on or otherwise explain it
-   or assist in its implementation may be prepared, copied, published
-   and distributed, in whole or in part, without restriction of any
-   kind, provided that the above copyright notice and this paragraph are
-   included on all such copies and derivative works.  However, this
-   document itself may not be modified in any way, such as by removing
-   the copyright notice or references to the Internet Society or other
-   Internet organizations, except as needed for the purpose of
-   developing Internet standards in which case the procedures for
-   copyrights defined in the Internet Standards process must be
-   followed, or as required to translate it into languages other than
-   English.
-
-   The limited permissions granted above are perpetual and will not be
-   revoked by the Internet Society or its successors or assigns.
-
-   This document and the information contained herein is provided on an
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
-
-10. Document Change History
-
->From -00 to -01:
-
-   Converted master to GNU troff and tbl, rewriting tables in the
-   process.
-
-   Specify informational category only.  Modify some text to emphasize
-   that this document intends to describe MIT's extensions.
-
-   Point out that while EncryptedData for 3des-kd includes a checksum,
-   DES3-KD GSS encryption does not.
-
-   Shorten backwards-compatibility descriptions a little.
-
-   Submit to Kerberos working group rather than CAT.
-
-
-
-
-
-
-
-
-
-
-
-Raeburn                                                         [Page 7]
-
diff --git a/crypto/heimdal/doc/standardisation/draft-smedvinsky-dhc-kerbauth-01.txt b/crypto/heimdal/doc/standardisation/draft-smedvinsky-dhc-kerbauth-01.txt
deleted file mode 100644
index 321c5ba09986..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-smedvinsky-dhc-kerbauth-01.txt
+++ /dev/null
@@ -1,929 +0,0 @@
-
-
-DHC Working Group                                          S. Medvinsky
-Internet Draft                                                 Motorola
-Document: <draft-smedvinsky-dhc-kerbauth-01.txt>
-Category: Standards Track                                    P.Lalwaney
-Expires: January 2001                                             Nokia
-
-                                                              July 2000
-
-
-        Kerberos V Authentication Mode for Uninitialized Clients
-
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups. Note that
-   other groups may also distribute working documents as Internet-
-   Drafts. Internet-Drafts are draft documents valid for a maximum of
-   six months and may be updated, replaced, or obsoleted by other
-   documents at any time. It is inappropriate to use Internet- Drafts
-   as reference material or to cite them other than as "work in
-   progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   The distribution of this memo is unlimited.  It is filed as <draft-
-   smedvinsky-dhc-kerbauth-01.txt>, and expires January 2001. Please
-   send comments to the authors.
-
-
-
-1. Abstract
-
-   The Dynamic Host Configuration Protocol (DHCP) [1] includes an
-   option that allows authentication of all DHCP messages, as specified
-   in [2].  This document specifies a DHCP authentication mode based on
-   Kerberos V tickets. This provides mutual authentication between a
-   DHCP client and server, as well as authentication of all DHCP
-   messages.
-
-   This document specifies Kerberos message exchanges between an
-   uninitialized client and the KDC (Key Distribution Center) using an
-   IAKERB proxy [7] so that the Kerberos key management phase is
-   decoupled from, and precedes the address allocation and network
-   configuration phase that uses the DHCP authentication option.  In
-   order to make use of the IAKERB proxy, this document specifies a
-   transport mechanism that works with an uninitialized client (i.e. a
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-   client without an assigned IP address). In addition, the document
-   specifies the format of the Kerberos authenticator to be used with
-   the DHCP authentication option.
-
-2. Conventions used in this document
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
-   this document are to be interpreted as described in RFC-2119.
-
-3. Introduction
-
-   3.1 Terminology
-
-   o "DHCP client"
-
-   A DHCP client is an Internet host using DHCP to obtain configuration
-   parameters such as a network address.
-
-   o "DHCP server"
-
-   A DHCP server is an Internet host that returns configuration
-   parameters to DHCP clients.
-
-   O "Ticket"
-
-   A Kerberos term for a record that helps a client authenticate itself
-   to a server; it contains the client's identity, a session key, a
-   timestamp, and other information, all sealed using the server's
-   secret key. It only serves to authenticate a client when presented
-   along with a fresh Authenticator.
-
-   o "Key Distribution Center"
-
-   Key Distribution Center, a network service that supplies tickets and
-   temporary session keys; or an instance of that service or the host
-   on which it runs. The KDC services both initial ticket and Ticket-
-   Granting Ticket (TGT) requests. The initial ticket portion is
-   sometimes referred to as the Authentication Server (or service. The
-   Ticket-Granting Ticket portion is sometimes referred to as the
-   Ticket-Granting Server (or service).
-
-   o "Realm"
-
-   A Kerberos administrative domain that represents a group of
-   principals registered at a KDC.  A single KDC may be responsible for
-   one or more realms.  A fully qualified principal name includes a
-   realm name along with a principal name unique within that realm.
-
-3.2 Protocol Overview
-
-
-
-S. Medvinsky, P. Lalwaney                                          -2-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-   DHCP as defined in [1] defines the protocol exchanges for a client
-   to obtain its IP address and network configuration information from
-   a DHCP Server. Kerberos V5 as described in [6] defines the protocol
-   and message exchanges to mutually authenticate two parties. It is
-   our goal to provide authentication support for DHCP using Kerberos.
-   This implies that the Kerberos key management exchange has to take
-   place before a client gets its IP address from the DHCP Server.
-   Kerberos assumes that the client has a network address and can
-   contact the Key Distribution Center to obtain its credentials for
-   authenticated communication with an application server.
-
-   In this specification we utilize the key exchange using an IAKERB
-   proxy described in [7]. This does not require any changes to either
-   the IAKERB or the Kerberos V5 specification.  This document also
-   specifies a particular transport that allows an uninitialized client
-   to contact an IAKERB proxy.
-
-   The Kerberos ticket returned from the key management exchange
-   discussed in Section 5 of this document is passed to the DHCP Server
-   inside the DHCP authentication option with the new Kerberos
-   authenticator type. This is described in Section 6 of this draft.
-
-
-3.3 Related Work
-
-   A prior Internet Draft [3] outlined the use of Kerberos-based
-   authentication for DHCP. The proposal tightly coupled the Kerberos
-   client state machines and the DHCP client state machines. As a
-   result, the Kerberos key management messages were carried in DHCP
-   messages, along with the Kerberos authenticators. In addition, the
-   first DHCP message exchange (request, offer) is not authenticated.
-
-   We propose a protocol exchange where Kerberos key management is
-   decoupled from and precedes authenticated DHCP exchanges. This
-   implies that the Kerberos ticket returned in the initial key
-   management exchange could be used to authenticate servers assigning
-   addresses by non-DHCP address assignment mechanisms like RSIP [4]
-   and for service specific parameter provisioning mechanisms using SLP
-   [5].
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-S. Medvinsky, P. Lalwaney                                          -3-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-
-4. System Architecture
-
-
-     Client
-    --------                            --------
-   |        |   5.Authenticated DHCP   |        |
-   |  DHCP  |<------------------------>| DHCP   |
-   | client |                          | server |
-   |        |                          |        |
-   |        |                          |        |
-   |Kerberos|                          |        |
-   | Client |                          |        |
-    --------                            --------
-       ^
-       |
-       |
-       |
-       |                                -------
-        ------------------------------>|       |
-         Kerberos Key Mgmt             | Proxy |
-         messages:                     |       |
-          1. AS Request  / 2.AS Reply   -------
-          3. TGS Request / 4.TGS Reply     ^
-                                           | Kerberos
-                                           | Key Mgmt messages
-                                           v (1, 2, 3, 4)
-                                        --------
-                                       |        |
-                                       |  KDC   |
-                                       |        |
-                                        --------
-
-     Figure 1: System blocks and message interactions between them
-
-
-   In this architecture, the DHCP client obtains a Kerberos ticket from
-   the Key Distribution Center (KDC) using standard Kerberos messages,
-   as specified in [6].  The client, however, contacts the KDC via a
-   proxy server, according to the IAKERB mechanism, described in [7].
-   The are several reasons why a client has to go through this proxy in
-   order to contact the KDC:
-
-  a)The client may not know the host address of the KDC and may be
-     sending its first request message as a broadcast on a local
-     network.  The KDC may not be located on the local network, and
-     even if it were - it will be unable to communicate with a client
-     without an IP address.  This document describes a specific
-     mechanism that may be used by a client to communicate with the
-     Kerberos proxy.
-
-
-
-S. Medvinsky, P. Lalwaney                                          -4-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-  b)The client may not know its Kerberos realm name.  The proxy is
-     able to fill in the missing client realm name in an AS Request
-     message, as specified in IAKERB.  Note that in the case that
-     PKINIT pre-authenticator is used [8], the realm name in the AS
-     Request may be the KDC realm name and not the client�s realm name.
-
-  c) The client does not know the realm name of the DHCP server.
-
-     According to IAKERB, when the client sends a TGS Request with a
-     missing server realm name, the proxy will return to the client an
-     error message containing the missing realm name.
-
-     Note that in this case the proxy could return the client a wrong
-     realm name and the client could be fooled into obtaining a ticket
-     for the wrong DHCP server (on the same local network).  However,
-     the wrong DHCP server must still be a registered principal in a
-     KDC database.  In some circumstances this may be an acceptable
-     compromise.  Also, see the security considerations section.
-
-     IAKERB describes the proxy as part of an application server - the
-     DHCP server in this case.  However, in this document we are not
-     requiring the proxy to be integrated with the DHCP server.  The
-     same IAKERB mechanisms apply in the more general case, where the
-     proxy is an independent application.  This proxy, however, MUST be
-     reachable by a client via a local network broadcast.
-
-     After a client has obtained a Kerberos ticket for the DHCP server,
-     it will use it as part of an authentication option in the DHCP
-     messages.  The only extension to the DHCP protocol is the addition
-     of a new authenticator type based on Kerberos tickets.
-
-4.1 Cross-Realm Authentication
-
-   Figure 1 shows a client communicating with a single KDC via a proxy.
-   However, the DHCP client�s realm may be different from the DHCP
-   server�s realm.  In that case, the client may need to first contact
-   the KDC in its local realm to obtain a cross-realm TGT.  Then, the
-   client would use the cross-realm TGT to contact the KDC in the DHCP
-   server�s realm, as specified in [6].
-
-   In the following example a client doesn�t know its realm or the DHCP
-   server�s realm, which happens to be different from the client�s
-   realm.  Here are the steps in obtaining the ticket for the DHCP
-   server (based on [6] and [7]):
-
-        1) The client sends AS Request with NULL realm to the proxy.
-        2) The proxy fills in the realm and forwards the AS Request to
-           the KDC in the client�s realm.
-        3) The KDC issues a TGT and sends back an AS Reply to the
-           proxy.
-        4) The proxy forwards AS Reply to the client.
-
-
-S. Medvinsky, P. Lalwaney                                          -5-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-        5) The client sends TGS Request for a principal name "dhcpsrvr"
-           with NULL realm to the proxy.
-        6) The proxy returns KRB_AP_ERR_REALM_REQUIRED error with the
-           DHCP server�s realm to the client.
-        7) The client sends another TGS Request for a cross-realm TGT
-           to the proxy.
-        8) The proxy forwards the TGS Request to the KDC in the
-           client�s realm.
-        9) The KDC issues a cross-realm TGT and sends back a TGS Reply
-           to the proxy.
-       10) The proxy forwards TGS Reply to the client.
-       11) The client sends a TGS Request to the proxy for a principal
-       "dhcpsrvr" with the realm name filled in, using a cross-realm
-       TGT.
-       12) The proxy forwards TGS Request to the KDC in the DHCP      
-       server's realm.
-       13) The KDC issues a ticket for the DHCP server and sends TGS
-       Reply back to the proxy.
-       14) The proxy forwards TGS Reply to the client.
-
-   In a most general case, the client may need to contact any number of
-   KDCs in different realms before it can get a ticket for the DHCP
-   server.  In each case, the client would contact a KDC via the proxy
-   server, as specified in Section 5 of this document.
-
-4.2 Public Key Authentication
-
-   This specification also allows clients to perform public key
-   authentication to the KDC, based on the PKINIT specification [8].
-   In this case, the size of an AS Request and AS Reply messages is
-   likely to exceed the size of typical link MTU's.
-
-   Here is an example, where PKINIT is used by a DHCP client that is
-   not a registered principal in the KDC principal database:
-
-        1) The client sends AS Request with a PKINIT Request pre-
-           authenticator to the proxy.  This includes the client�s
-           signature and X.509 certificate.  The KDC realm field is
-           left as NULL.
-        2) The proxy fills in the realm and forwards the AS Request to
-           the KDC in the filled in realm.  This is the realm of the
-           DHCP server.  Here, the client�s realm is the name of a
-           Certification Authority - not the same as the KDC realm.
-        3) The KDC issues a TGT and sends back an AS Reply with a
-           PKINIT Reply pre-authenticator to the proxy.
-        4) The proxy forwards the AS Reply to the client.
-        5) The client sends TGS Request for a principal name "dhcpsrvr"
-           with the realm found in the TGT to the proxy.
-        6) The proxy forwards TGS Request to the KDC in the DHCP
-           server�s realm.
-        7) The KDC issues a ticket for the DHCP server and sends TGS
-           Reply back to the proxy.
-
-S. Medvinsky, P. Lalwaney                                          -6-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-        8) The proxy forwards TGS Reply to the client.
-
-
-   5. Key Management Exchange that Precedes Network Address Allocation
-
-   An uninitialized host (e.g. on power-on and reset) does not have a
-   network address. It does have a link layer address or hardware
-   address. At this time, the client may not have any information on
-   its realm or the realm of the address allocation server (DHCP
-   Server).
-
-   In the Kerberos key management exchange, a client gets its ticket
-   granting ticket (TGT) by contacting the Authentication Server in the
-   KDC using the AS_Request / Reply messages (shown as messages 1 and 2
-   in Figure 1). The client then contacts the Ticket Granting Server in
-   the KDC to get the DHCP server ticket (to be used for mutual
-   authentication with the DHCP server) using the TGS_REQ / TGS_REP
-   messages (shown as messages 3 and 4 in the above figure).  It is
-   also possible for the client to obtain a DHCP server ticket directly
-   with the AS Request / Reply exchange, without the use of the TGT.
-
-   In the use of Kerberos for DHCP authentication, the client (a) does
-   not have an IP/network address (b) does not know he KDC�s IP address
-   (c) the KDC may not be on the local network and (d) the client may
-   not know the DHCP Server�s IP address and realm.  We therefore
-   require a Kerberos proxy on the local network to accept broadcast
-   Kerberos request messages (AS_REQ and TGS_REQ) from uninitialized
-   clients and relay them to the appropriate KDC.
-
-   The uninitialized client formulates a broadcast AS_REQ or TGS_REQ as
-   follows:
-
-   The request payload contains the client hardware address in
-   addresses field with a negative value for the address type. Kerberos
-   v5 [6] allows for the usage of negative address types for "local"
-   use. Note that IAKERB [7] discourages the use of the addresses field
-   as network addresses may not be known or may change in situation
-   where proxies are used. In this draft we incorporate the negative
-   values permitted in the Kerberos transport in the address type field
-   of both the AS_REQ and TGS_REQ messages. The negative value SHOULD
-   be the negative number of the hardware address type "htype" value
-   (from assigned numbers RFC) used in RFC 2131. The address field of
-   the message contains the clients hardware address.
-
-   The request payload is UDP encapsulated and addressed to port 88 on
-   the server/proxy. The UDP source port is selected by the client. The
-   source and destination network addresses are the all-zero�s address
-   and the broadcast address, respectively. For IPv4, the source IP
-   address is set to 0.0.0.0 and the destination IP address is set to
-   255.255.255.255. The data link layer header source address
-   corresponds to the link layer/hardware address of the client. The
-
-
-S. Medvinsky, P. Lalwaney                                          -7-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-   destination link layer address is the broadcast address at the link
-   layer (e.g. for Ethernet the address is ffffffff).
-
-   In the case where AS_REQ message contains a PKINIT pre-authenticator
-   for public key-based client authentication (based on [8]), the
-   message will probably not fit into a single UDP packet given typical
-   link MTU's.
-
-   It is assumed that the proxy server on a network is configured with
-   a list of KDC�s, their realms and their IP addresses. The proxy
-   server will act as a client to the KDC and forward standard Kerberos
-   messages to/from the KDC using unicast UDP or TCP transport
-   mechanisms, according to [6].
-
-   Upon receiving a broadcast request from a client, the proxy MUST
-   record the client�s hardware address that appears as the source
-   address on the frame as well as in the addresses field of the
-   request message. Based on the realm of the KDC specified in the
-   request, the proxy determines the KDC to which this message is
-   relayed as a unicast message from the proxy to the KDC.  In the case
-   that the client left the KDC realm name as NULL, it is up to the
-   proxy to first determine the correct realm name and fill it in the
-   request (according to [7]).
-
-   On receiving a request, the KDC formulates a response (AS_REP or
-   TGS_REP). It includes the client�s addresses field in the encrypted
-   part of the ticket (according to [6]). This response is unicast to
-   the proxy.
-
-   Upon receiving the reply, the proxy MUST first determine the
-   previously saved hardware address of the client.  The proxy
-   broadcasts the reply on its local network. This is a network layer
-   broadcast. At the link level, it uses the hardware address obtained
-   from the addresses field of the request.
-
-   The client on receiving the response (link layer destination address
-   as its hardware address, network layer address is the broadcast
-   address) must verify that the hardware address in the ticket
-   corresponds to its link layer address.
-
-   Upon receiving a TGS_REP (or an AS_REP with the application server
-   ticket) from the proxy, the client will have enough information to
-   securely communicate with the application server (the DHCP Server in
-   this case), as specified in the following section.
-
-
-
-
-
-
-
-
-
-S. Medvinsky, P. Lalwaney                                          -8-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-    6. Authenticated Message Exchange Between the DHCP Client and the
-   DHCP Server
-
-   The ticket returned in the TGS response is used by the DHCP client
-   in the construction of the Kerberos authenticator.  The Kerberos
-   ticket serves two purposes: to establish a shared session key with
-   the DHCP server, and is also included as part of a Kerberos
-   authenticator in the DHCP request.
-
-   If the size of the authenticator is greater than 255 bytes, the DHCP
-   authentication option is repeated multiple times.  When the values
-   of all the authentication options are concatenated together, they
-   will make up the complete authenticator.
-
-   Once the session key is established, the Kerberos structure
-   containing the ticket (AP REQ) can be omitted from the authenticator
-   for subsequent messages sent by both the DHCP client and the DHCP
-   server.
-
-   The Kerberos authenticator for a DHCP request message is specified
-   below:
-
-   0                   1                   2                   3
-   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |     Code      |    Length     |    Protocol   |   Algorithm   |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                                                               |
-   +              Replay Detection (64 bits)                       +
-   |                                                               |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                                                               |
-   +              Authentication token (n octets)           ...    +
-   |                                                               |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   The format of this authenticator is in accordance with [2]. The code
-   for the authentication option is TBD, and the length field contains
-   the length of the remainder of the option, starting with the
-   protocol field.
-
-   The value of the protocol field for this authenticator MUST be set
-   to 2.
-
-   The algorithm field MUST take one of the following values:
-        1 - HMAC-MD5
-        2 - HMAC-SHA-1
-
-   Replay protection field is a monotonically increasing counter field.
-   When the Kerberos AP REQ structure is present in the authenticator
-   the counter may be set to any value.  The AP REQ contains its own
-   replay protection mechanism in the form of a timestamp.
-
-S. Medvinsky, P. Lalwaney                                          -9-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-
-   Once the session key has been established and the AP REQ is not
-   included in the authenticator, this field MUST be monotonically
-   increasing in the messages sent by the client.
-
-   Kerberos authenticator token consists of type-length-value
-   attributes:
-
-   0                   1                   2                   3
-   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |     Type      |  Reserved     |       Payload Length          |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                           attribute value...
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   The following attributes are included in the Kerberos authenticator
-   token:
-
-   Type         Attribute Name          Value
-   --------------------------------------------------------------------
-   0            Message Integrity Code  Depends on the value of the
-                                        algorithm field.  Its length is
-                                        16 bytes for HMAC-MD5 [9, 10]
-                                        and 20 bytes for HMAC-SHA-1
-                                        [11, 10].  The HMAC key must be
-                                        derived from Kerberos session
-                                        key found in the Kerberos
-                                        ticket according to the key
-                                        derivation rules in [6]:
-
-                                          HMAC Key = DK(sess key,
-                                                      key usage | 0x99)
-
-                                        Here, DK is defined in [12] and
-                                        the key usage value for DHCP is
-                                        TBD.
-
-                                        The HMAC is calculated over the
-                                        entire DHCP message. The
-                                        Message Integrity Code
-                                        attribute MUST be set to all 0s
-                                        for the computation of the
-                                        HMAC.  Because a DHCP relay
-                                        agent may alter the values of
-                                        the 'giaddr' and 'hops' fields
-                                        in the DHCP message, the
-                                        contents of those two fields
-                                        MUST also be set to zero for
-                                        the computation of the HMAC.
-                                        Rules specified in Section 3 of
-                                        [2] for the exclusion and
-
-S. Medvinsky, P. Lalwaney                                         -10-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-                                        processing of the relay agent
-                                        information are applicable here
-                                        too.
-
-                                        This field MUST always be
-                                        present in the Kerberos
-                                        authenticator.
-
-   1            AP_REQ                  ASN.1 encoding of a Kerberos
-                                        AP_REQ message, as specified
-                                        in [6]. This MUST be included
-                                        by the client when establishing
-                                        a new session key.  In all
-                                        other cases, this attribute
-                                        MUST be omitted.
-
-   AP_REQ contains the Kerberos ticket for the DHCP server and also
-   contains information needed by the DHCP server to authenticate the
-   client.  After verifying the AP_REQ and decrypting the Kerberos
-   ticket, the DHCP server is able to extract a session key which it
-   now shares with the DHCP client.
-
-   The Kerberos authenticator token contains its own replay protection
-   mechanism inside the AP_REQ structure.  The AP_REQ contains a
-   timestamp that must be within an agreed upon time window at the DHCP
-   server.  However, this does not require the DHCP clients to maintain
-   an accurate clock between reboots.  Kerberos allows clients to
-   synchronize their clock with the KDC with the help of Kerberos
-   KRB_AP_ERR_SKEW error message, as specified in [6].
-
-   The DHCP server MUST save both the session key and its associated
-   expiration time found in the Kerberos ticket.  Up until the
-   expiration time, the server must accept client requests with the
-   Kerberos authenticator that does not include the AP REQ, using the
-   saved session key in calculating HMAC values.
-
-   The Kerberos authenticator inside all DHCP server responses MUST NOT
-   contain the AP REQ and MUST use the saved Kerberos session key in
-   calculating HMAC values.
-
-   When the session key expires, it is the client's responsibility to
-   obtain a new ticket from the KDC and to include an AP REQ inside the
-   Kerberos authenticator for the next DHCP request message.
-
-
-
-
-
-
-
-
-
-
-S. Medvinsky, P. Lalwaney                                         -11-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-7. Detailed message flows for Kerberos and DHCP message Exchanges
-
-   The following flow depicts the Kerberos exchange in which a AS REQ
-   message is used to directly request the DHCP Server ticket. There
-   are no changes to transport mechanisms below when the additional
-   phase of using TGS requests/responses with TGT�s is used.
-
-   Client                         IAKERB Proxy                 KDC
-
-   KB-client-------- AS_REQ ------>
-
-   AS REQ Address type = - (htype)
-   AS REQ Address= hw address
-
-   src UDP port = senders port
-   destination UDP port = 88
-
-   src IP = 0.0.0.0
-   destination IP = 255.255.255.255
-
-   src link layer address =
-   client�s HW/link address [e.g Ethernet address]
-
-   destination link layer address =
-   link broadcast address [e.g. ffffffff for Ethernet]
-
-
-                                         --------------------------->
-                                            (unicast to UDP port 88)
-
-
-
-                                          <--------------------------
-                                             (unicast AS REP)
-                                         Encrypted portion of ticket
-                                         Includes clients HW address
-
-
-      <---------------AS_REP -----------
-
-
-     Ticket includes client�s hardware address
-
-     src UDP port = 88
-     destination UDP port = copied from src port in AS_REQ
-
-     src IP = Proxy�s IP address
-     destination IP = 255.255.255.255
-
-     src link layer address = Proxy�s HW/link address
-     destination link layer address =
-         Client�s link layer address from AS_REQ
-
-
-S. Medvinsky, P. Lalwaney                                         -12-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-
-
-
-    The client uses the ticket received from the KDC in the DHCP
-Authentication option as described in Section 6.
-
-
-     Client
-     DHCP-client                                   DHCP Server
-
-             ------DHCPDISCOVER ---->
-             (Auth Protocol = 2, includes Kerberos
-              authenticator with AP REQ )
-                                   -----------------------------------
-                                   |  HMAC  |     AP   REQ           |
-                                    ----------------------------------
-                                            | Ticket| Client Authent |
-                                            --------------------------
-
-                                         1. Server decrypts ticket
-                                         (inside AP REQ) with service
-                                         key
-                                         2. Server decrypts client
-                                         authenticator (inside AP REQ)
-                                         and checks content and
-                                         checksum to validate the
-                                         client.
-                                         3. Recompute HMAC with session
-                                         key and compare.
-
-
-          <-------DHCPOFFER----------
-          (Auth Protocol = 2, no AP REQ )
-
-
-
-         ---------DHCPREQUEST------->
-         (Auth Protocol = 2, no AP REQ)
-
-
-          <--------DHCPACK-------------
-           (Auth Protocol = 2, no AP REQ )
-
-
-
-
-8. Security Considerations
-
-   DHCP clients that do not know the DHCP server�s realm name will get
-   it from the proxy, as specified in IAKERB [7].  Since the proxy is
-   not authenticated, a DHCP client can be fooled into obtaining a
-   ticket for the wrong DHCP server in the wrong realm.
-
-S. Medvinsky, P. Lalwaney                                         -13-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-
-   This could happen when the client leaves out the server realm name
-   in a TGS Request message to the proxy.  It is also possible,
-   however, for a client to directly request a DHCP server ticket with
-   an AS Request message.  In those cases, the same situation occurs
-   when the client leaves out the realm name in an AS Request.
-
-   This wrong DHCP server is still registered as a valid principal in a
-   database of a KDC that can be trusted by the client.  In some
-   circumstances a client may assume that a DHCP server that is a
-   Kerberos principal registered with a trusted KDC will not attempt to
-   deliberately misconfigure a client.
-
-   This specification provides a tradeoff between:
-
-        1) The DHCP clients knowing DHCP server�s realm ahead of time,
-           which provides for full 2-way authentication at the cost of
-           an additional configuration parameter.
-        2) The DHCP clients not requiring any additional configuration
-           information, besides a password or a key (and a public key
-           certificate if PKINIT is used).  This is at the cost of not
-           being able to fully authenticate the identity of the DHCP
-           server.
-
-
-
-9. References
-
-
-   [1]Droms, R., Arbaugh, W., "Dynamic Host Configuration Protocol",
-      RFC 2131, Bucknell University, March 1997.
-
-   [2]Droms, R., Arbaugh, W., "Authentication for DHCP Messages",
-      draft-ietf-dhc-authentication-13.txt, June 2000.
-
-   [3]Hornstein, K., Lemon, T., "DHCP Authentication Via Kerberos V",
-      draft-hornstein-dhc-kerbauth-02.txt, February 2000.
-
-   [4]Borella, M., Grabelsky, D., Lo, J., Tuniguchi, K., "Realm
-      Specific IP: Protocol Specification ", draft-ietf-nat-rsip-
-      protocol-06.txt, March 2000.
-
-   [5]Guttman, E., Perkins, C., Veizades, J., Day, M., "Service
-      Location Protocol, Version 2", RFC 2608, June 1999.
-
-   [6]Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network
-      Authentication Service (V5)", draft-ietf-cat-kerberos-revisions-
-      05.txt, March 2000.
-
-
-
-
-
-S. Medvinsky, P. Lalwaney                                         -14-        
-
-Kerberos V Authentication Mode for Uninitialized Clients     July 2000
-
-
-
-   [7]Swift, M., Trostle, J., "Initial Authentication and Pass Through
-      Authentication Using Kerberos V5 and the GSS-API (IAKERB)",
-      draft-ietf-cat-iakerb-03.txt, September 1999.
-
-   [8]Tung, B., C. Neuman, M. Hur, A. Medvinsky, S. Medvinsky, J. Wray,
-      J. Trostle, "Public Key Cryptography for Initial Authentication
-      in Kerberos", draft-ietf-cat-pk-init-11.txt, March 2000.
-
-   [9]Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
-      1992.
-
-   [10]Krawczyk H., M. Bellare and R. Canetti, "HMAC: Keyed-Hashing for
-      Message Authentication," RFC 2104, February 1997.
-
-   [11]NIST, FIPS PUB 180-1, "Secure Hash Standard", April 1995.
-
-   [12]Horowitz, M., "Key Derivation for Authentication, Integrity, and
-      Privacy", draft-horowitz-key-derivation-02.txt, August 1998.
-
-   [13]Bradner, S. "The Internet Standards Process -- Revision 3", RFC
-   2026.
-
-
-
- 10. Author's Addresses
-
-   Sasha Medvinsky
-   Motorola
-   6450 Sequence Drive
-   San Diego, CA 92121
-   Email: smedvinsky@gi.com
-
-   Poornima Lalwaney
-   Nokia
-   12278 Scripps Summit Drive
-   San Diego, CA  92131
-   Email: poornima.lalwaney@nokia.com
-
-
-11. Expiration
-
-   This memo is filed as <draft-smedvinsky-dhc-kerbauth-01.txt>, and
-   expires January 1, 2001.
-
-
-
-12. Intellectual Property Notices
-
-
-
-
-
-
-S. Medvinsky, P. Lalwaney                                         -15-        
-
-Kerberos V Authentication Mode for Uninitialized Clients    March 2000
-
-
-      This section contains two notices as required by [13] for
-   standards track documents.  Per [13], section 10.4(A):
-
-     The IETF takes no position regarding the validity or scope of any
-   intellectual property or other rights that might be claimed to
-   pertain to the implementation or use of the technology described in
-   this document or the extent to which any license under such rights
-   might or might not be available; neither does it represent that it
-   has made any effort to identify any such rights. Information on the
-   IETF's procedures with respect to rights in standards-track and
-   standards-related documentation can be found in BCP-11. Copies of
-   claims of rights made available for publication and any assurances
-   of licenses to be made available, or the result of an attempt made
-   to obtain a general license or permission for the use of such
-   proprietary rights by implementers or users of this specification
-   can be obtained from the IETF Secretariat.
-
-      Per [13] section 10.4(D):
-
-      The IETF has been notified of intellectual property rights
-   claimed in regard to some or all of the specification contained in
-   this document.  For more information consult the online list of
-   claimed rights.
-
-   13. Full Copyright Statement
-
-   Copyright (C) The Internet Society (1999).  All Rights Reserved.
-
-   This document and translations of it may be copied and furnished to
-   others, and derivative works that comment on or otherwise explain it
-   or assist in its implementation may be prepared, copied, published
-   and distributed, in whole or in part, without restriction of any
-   kind, provided that the above copyright notice and this paragraph
-   are included on all such copies and derivative works.  However, this
-   document itself may not be modified in any way, such as by removing
-   the copyright notice or references to the Internet Society or other
-   Internet organizations, except as needed for the purpose of
-   developing Internet standards in which case the procedures for
-   copyrights defined in the Internet Standards process must be
-   followed, or as required to translate it into languages other than
-   English.  The limited permissions granted above are perpetual and
-   will not be revoked by the Internet Society or its successors or
-   assigns. This document and the information contained herein is
-   provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
-   INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-
-
-
-S. Medvinsky, P. Lalwaney                                         -16-
-
-\ No newline at end of file
diff --git a/crypto/heimdal/doc/standardisation/draft-swift-win2k-krb-referrals-01.txt b/crypto/heimdal/doc/standardisation/draft-swift-win2k-krb-referrals-01.txt
deleted file mode 100644
index 85d745684b2a..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-swift-win2k-krb-referrals-01.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-This Internet-Draft has expired and is no longer available.
-
-Unrevised documents placed in the Internet-Drafts directories have a
-maximum life of six months. After that time, they must be updated, or
-they will be deleted. This document was deleted on July 17, 2000.
diff --git a/crypto/heimdal/doc/standardisation/draft-swift-win2k-krb-user2user-01.txt b/crypto/heimdal/doc/standardisation/draft-swift-win2k-krb-user2user-01.txt
deleted file mode 100644
index 85d745684b2a..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-swift-win2k-krb-user2user-01.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-This Internet-Draft has expired and is no longer available.
-
-Unrevised documents placed in the Internet-Drafts directories have a
-maximum life of six months. After that time, they must be updated, or
-they will be deleted. This document was deleted on July 17, 2000.
diff --git a/crypto/heimdal/doc/standardisation/draft-thomas-snmpv3-kerbusm-00.txt b/crypto/heimdal/doc/standardisation/draft-thomas-snmpv3-kerbusm-00.txt
deleted file mode 100644
index 68c170b499ed..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-thomas-snmpv3-kerbusm-00.txt
+++ /dev/null
@@ -1,1140 +0,0 @@
-
-
-
-
-
-
-INTERNET-DRAFT   Kerberized USM Keying    M. Thomas
-                                          Cisco Systems
-                                          K. McCloghrie
-                                          Cisco Systems
-                                          July 13, 2000
-
-
-
-
-
-
-                         Kerberized USM Keying
-
-                   draft-thomas-snmpv3-kerbusm-00.txt
-
-
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-Abstract
-
-   The KerbUSM MIB provides a means of leveraging a trusted third party
-   authentication and authorization mechanism using Kerberos for SNMP V3
-   USM users and their associated VACM views. The MIB encodes the normal
-   Kerberos AP-REQ and AP-REP means of both authenticating and creating
-   a shared secret between the SNMP V3 Manager and Agent.
-
-The SNMP Management Framework
-
-   The SNMP Management Framework presently consists of five major
-   components:  An overall architecture, described in RFC 2571
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 1]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-   [RFC2571].  Mechanisms for describing and naming objects and events
-   for the purpose of management.  The first version of this Structure
-   of Management Information (SMI) is called SMIv1 and described in STD
-   16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215
-   [RFC1215].  The second version, called SMIv2, is described in STD 58,
-   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
-   [RFC2580].  Message protocols for transferring management
-   information.  The first version of the SNMP message protocol is
-   called SNMPv1 and described in STD 15, RFC 1157 [RFC1157].  A second
-   version of the SNMP message protocol, which is not an Internet
-   standards track protocol, is called SNMPv2c and described in RFC 1901
-   [RFC1901] and RFC 1906 [RFC1906].  The third version of the message
-   protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC
-   2572 [RFC2572] and RFC 2574 [RFC2574].  Protocol operations for
-   accessing management information.  The first set of protocol
-   operations and associated PDU formats is described in STD 15, RFC
-   1157 [RFC1157].  A second set of protocol operations and associated
-   PDU formats is described in RFC 1905 [RFC1905].  A set of fundamental
-   applications described in RFC 2573 [RFC2573] and the view-based
-   access control mechanism described in RFC 2575 [RFC2575].
-
-   A more detailed introduction to the current SNMP Management Framework
-   can be found in RFC 2570 [RFC2570].
-
-   Managed objects are accessed via a virtual information store, termed
-   the Management Information Base or MIB.  Objects in the MIB are
-   defined using the mechanisms defined in the SMI.
-
-   This memo specifies a MIB module that is compliant to the SMIv2.  A
-   MIB conforming to the SMIv1 can be produced through the appropriate
-   translations.  The resulting translated MIB must be semantically
-   equivalent, except where objects or events are omitted because no
-   translation is possible (use of Counter64).  Some machine readable
-   information in SMIv2 will be converted into textual descriptions in
-   SMIv1 during the translation process.  However, this loss of machine
-   readable information is not considered to change the semantics of the
-   MIB.
-
-
-Introduction
-
-   The User based Security Model of SNMP V3 (USM) [2] provides a means
-   of associating different users with different access privileges of
-   the various MIB's that an agent supports. In conjunction with the
-   View based Access Control Model of SNMP V3 (VACM) [3], SNMP V3
-   provides a means of providing resistance from various threats both
-   from outside attacks such as spoofing, and inside attacks such as an
-   user having, say, SET access to MIB variable for which they are not
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 2]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-   authorized.
-
-   SNMP V3, unfortunately, does not specify a means of doing key
-   distribution between the managers and the agents. For small numbers
-   of agents and managers, the O(n*m) manual keying is a cumbersome, but
-   possibly tractable problem. For a large number of agents with
-   distribution of managers, the key distribution quickly goes from
-   cumbersome to unmanageable. Also: there is always the lingering
-   concern of the security precautions taken for keys on either local
-   management stations, or even directories.
-
-   Kerberos [1] provides a means of centralizing key management into an
-   authentication and authorization server known as a Key Distribution
-   Center (KDC).  At a minimum, Kerberos changes the key distribution
-   problem from a O(n*m) problem to a O(n) problem since keys are shared
-   between the KDC and the Kerberos principals rather directly between
-   each host pair. Kerberos also provides a means to use public key
-   based authentication which can be used to further scale down the
-   number of pre-shared secrets required. Furthermore, a KDC is intended
-   and explicitly expected to be a standalone server which is managed
-   with a much higher level of security concern than a management
-   station or even a central directory which may host many services and
-   thus be exposed to many more possible vectors of attack.
-
-   The MIB defined in this memo describes a means of using the desirable
-   properties of Kerberos within the context of SNMP V3. Kerberos
-   defines a standardized means of communicating with the KDC as well as
-   a standard format of Kerberos tickets which Kerberos principals
-   exchange in order to authenticate to one another. The actual means of
-   exchanging tickets, however, is left as application specific. This
-   MIB defines the SNMP MIB designed to transport Kerberos tickets and
-   by doing so set up SNMP V3 USM keys for authentication and privacy.
-
-   It should be noted that using Kerberos does introduce reliance on a
-   key network element, the KDC. This flies in the face of one of SNMP's
-   dictums of working when the network is misbehaving. While this is a
-   valid concern, the risk of reliance on the KDC can be significantly
-   diminished with a few common sense actions. Since Kerberos tickets
-   can have long life times (days, weeks) a manager of key network
-   elements can and should maintain Kerberos tickets well ahead ticket
-   expiration so that likelihood of not being able to rekey a session
-   while the network is misbehaving is minimized. For non-critical, but
-   high fanout elements such as user CPE, etc, requiring a pre-fetched
-   ticket may not be practical, which puts the KDC into the critical
-   path. However, if all KDC's are unreachable, the non-critical network
-   elements are probably the least of the worries.
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 3]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-Operation
-
-   The normal Kerberos application ticket exchange is accomplished by  a
-   client  first  fetching  a  service ticket from a KDC for the service
-   principal and then sending an AP-REQ  to  a  server  to  authenticate
-   itself  to  the  server. The server then sends a AP-REP to finish the
-   exchange. This MIB maps Kerberos' concept of client and  server  into
-   the  SNMP  V3  concept  of  Manager and Agent by designating that the
-   Kerberos Client is the SNMP V3 Agent. Although  it  could  be  argued
-   that an Agent is really a server, in practice there may be many, many
-   agents and relatively few managers. Also: Kerberos clients  may  make
-   use  of  public  key authentication as defined in [4], and it is very
-   advantageous to take advantage of that capability for  Agents  rather
-   than Managers.
-
-   The MIB is intended to be stateless and map USM users to Kerberos
-   principals. This mapping is explicitly done by putting a Kerberos
-   principal name into the usmUserSecurityName in the usmUser MIB and
-   instatiating the krbUsmMibEntry for the usmUserEntry. MIB variables
-   are accessed with INFORM's or TRAP PDU's and SET's to perform a
-   normal Kerberos AP-REQ/AP-REP exchange transaction which causes the
-   keys for a USM user to be derived and installed. The basic structure
-   of the MIB is a table which augements usmUserEntry's with a Kerberos
-   principal name as well as the transaction varbinds. In the normal
-   case, multiple varbinds should be sent in a single PDU which prevents
-   various race conditions, as well as increasing efficiency.
-
-   It should be noted that this MIB is silent on the subject of how the
-   Agent and Manager find the KDC. In practice, this may be either
-   statically provisioned or use either DNS SRV records (RFC 2782) or
-   Service Location (RFC 2608). This MIB is does not provide for a means
-   of doing cipher suite negotiation either. It is expected that the
-   choices for ciphers in the USM MIB will reflect site specific choices
-   for ciphers. This matches well with the general philosophy of
-   centralized keying.
-
-Keying Transactions
-
-   The following shows an error free transaction:
-
-   Note: optional steps or parameters are shown like [ ]
-
-
-
-
-
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 4]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-
-    Agent                       Manager                            KDC
- +--                                                               --+
- | 1) <-------------------------------                               |
- |     SET (krbUsmPrinTable[usmUserName].krbUsmMibNonce = xxxx;      |
- |          [ krbUsmPrinTable[usmUserName].krbUsmMibTgt =            |
- |                                  TGT[usmUserSecurityName] ]);     |
- |                                                                   |
- | 2) ------------------------------->                               |
- |    Response                                                       |
- +--                     (optional)                                --+
-
-   3) --------------------------------------------------------------->
-        TGS-REQ (krbUsmPrinTable[usmUserName].krbUsmMibMgrPrinName
-                 [, krbUsmPrinTable[usmUserName].krbUsmMibTgt]);
-
-   4) <--------------------------------------------------------------
-        Tick[usmUserSecurityName] = TGS-REP ();
-
-   5)  ------------------------------>
-        INFORM (krbUsmPrinTable[usmUserName].krbUsmMibApReq =
-                   AP_REQ[Tick[usmUserSecurityName]];
-                   [ krbUsmPrinTable[usmUserName].krbUsmMibNonce = xxxx]);
-
-   6)  <------------------------------
-        SET (krbUsmPrinTable[usmUserName].krbUsmMibApRep = AP_REP[]);
-
-
-   7)  ------------------------------>
-       Response
-
-
-   The above flow translates to:
-
-
-   1)  This step is used when the Manager does not currently have a ses-
-       sion with the Agent but wishes to start one. The Manager MAY
-       place a ticket granting ticket into the krbUsmMibMgrTgt varbind
-       in the same PDU as the krbUsmMibNonce if it does not share a
-       secret with the KDC (as would be the case if the Manager used
-       PKinit to do initial authentication with the KDC).
-
-
-   2)  This step acknowledges the SET. There are no MIB specific errors
-       which can happen here.
-
-
-   3)  If the Agent is not already in possession of a service ticket for
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 5]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-       the Manager in its ticket cache, it MUST request a service ticket
-       from the Agent's KDC for the service principal given by
-       krbUsmMibMgrPrinName in the row that the krbUsmMibNonce was SET
-       in, optionally adding a krbUsmMibMgrTgt.  If the TGT is speci-
-       fied, the Manager's TGT must be placed in the additional-tickets
-       field with the ENC-TKT-IN-SKEY option set in the TGS-REQ to
-       obtain a service ticket (see section 3.3.3 of [1]).
-
-       Note:   a Kerberos TGS-REQ is but one way to obtain a service
-               ticket. An Agent may use any normal Kerberos means to
-               obtain the service ticket. This flow has also elided ini-
-               tial authentication (ie, AS-REQ) and any cross realm con-
-               siderations, though those may be necessary prerequisites
-               to obtaining the service ticket.
-
-   4)  If step 3 was performed, this step receives the ticket or an
-       error from the KDC.
-
-
-   5)  This step sends a krbUsmMibApReq to the Manager via an INFORM or
-       TRAP PDU.  If the message is the result of a request by the
-       Manager, krbUsmMibNonce received from the Manager MUST be sent in
-       the same PDU. If the Manager did not initiate the transaction,
-       the Agent MUST NOT send a krbUsmMibNonce varbind. The Agent also
-       MUST check krbUsmMibUnsolicitedNotify is not false, otherwise it
-       MUST abort the transaction.  All krbUsmMibApReq's MUST contain a
-       sequence nonce so that the resulting krbUsmMibApRep can provide a
-       proof of the freshness of the message to prevent replay attacks.
-
-       If the Agent encounters an error either generated by the KDC or
-       internally, the Agent MUST send an INFORM or TRAP PDU indicating
-       the error in the form of a KRB-ERROR placed in krbUsmMibApReq
-       with the same rules applied to krbUsmMibNonce and krbUsmMibUnsol-
-       icitedNotify above. If the Agent suspects that it is being
-       attacked by a purported Manager which is generating many failed
-       TGS-REQ's to the KDC, it SHOULD meter its TGS-REQ transactions
-       for that Manager to the KDC using an exponential backoff mechan-
-       ism truncated at 10 seconds.
-
-
-
-   6)  Upon recepit of an INFORM or TRAP PDU with a krbUsmMibApReq, a
-       Manager may accept the AP-REQ. If it is accompanied with a
-       krbUsmMibNonce it MUST correlate it with any outstanding transac-
-       tions using its stored nonce for the transaction. If it does not
-       correlate with a current nonce, the request MUST be rejected as
-       it may be a replay.
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 6]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-       If the Manager chooses to reject an unsolicited keying request,
-       it SHOULD send a WrongValue Error to the Agent with the krbUsmMi-
-       bApReq as the subject of the WrongValue. If an Agent receives a
-       WrongValue Error from a Manager it MUST cease retransmission of
-       the INFORM or TRAP PDU's so as to mitigate event avalanches by
-       Agents. There is a possible denial of service attack here, but it
-       must be weighed against the larger problem of network congestion,
-       flapping, etc. Therefore, if the Agent finds that it cannot can-
-       cel an unsolicited Notify (ie, it must be reliable), it MUST use
-       a truncated exponential backoff mechanism with the maximum trun-
-       cation interval set to 10 minutes.
-
-       Otherwise, the Manager MUST send a SET PDU to the Agent which
-       contains a krbUsmMibApRep.
-
-
-   7)  If the Agent detects an error (including detecting replays) in
-       the final AP-REP, it MUST send a WrongValue error with a pointer
-       to the krbUsmMibApRep varbind to indicate its inability to estab-
-       lish the security association. Otherwise, receipt of the positive
-       acknowledgement from the final SET indicates to the Manager that
-       the proper keys have been installed on the Agent in the USM MIB.
-
-Unsolicited Agent Keying Requests
-
-   An Agent may find that it needs to set up a security association for
-   a USM user in order to notify a Manager of some event. When the Agent
-   engine receives a request for a notify, it SHOULD check to see if
-   keying material has been established for the user and that the keying
-   material is valid. If the keying material is not valid and the USM
-   user has been tagged as being a Kerberos principal in a realm, the
-   Agent SHOULD first try to instantiate a security association by
-   obtaining a service ticket for the USM User and follow steps 3-7 of
-   the flow above. This insures that the USM User will have proper key-
-   ing material and providing a mechanism to allow for casual security
-   associations to be built up and torn down. This is especially useful
-   for Agents which may not normally need to be under constant Manager
-   supervision, such as the case with high fan out user residential CPE
-   and other SNMP managed "appliances". In all cases, the Agent MUST NOT
-   send an unsolicited Notify if krbUsmUnsolicitedNotify is set to
-   false.
-
-   How the Agent obtains the Manager's address, how it determines
-   whether a Manager, realm, and whether it can be keyed using this MIB
-   is outside of the scope of this memo.
-
-   Note:   Although the MIB allows for a Manager to set up a session
-           using User-User mode of Kerberos by sending a TGT along with
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 7]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-           the nonce, this, is limited to Manager initiated sessions
-           only since there is no easy way to store the Manager's ticket
-           in the MIB since it is publicly writable and as such would be
-           subject to denial of service attacks. Another method might be
-           to have the Agent send a krbUsmMibNonce to the Manager which
-           would tell it to instigate a session. Overall, it seems like
-           a marginal feature to allow a PKinit authenticated user be
-           the target of unsolicited informs and it would complicate the
-           transactions. For this reason, this scenario has been omitted
-           in favor of simplicity.
-
-Retransmissions
-
-   Since this MIB defines not only variables, but transactions, discus-
-   sion of the retransmission state machine is in order. There are two
-   similar but different state machines for the Manager Solicited and
-   Agent Unsolicited transactions.  There is one timer Timeout which
-   SHOULD take into consideration round trip considerations and MUST
-   implement a truncated exponential backoff mechanism. In addition, in
-   the case where an Agent makes an unsolicited Agent keying request,
-   the Agent SHOULD perform an initial random backoff if the keying
-   request to the Manager may result in a restart avalanche. A suitable
-   method is described in section 4.3.4 of [5].
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 8]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-
-Manager Solicited Retransmission State Machine
-
-                Timeout
-                 +---+
-                 |   |
-                 |   V
-              +-----------+ Set-Ack (2) +----------+
-              |           |------------>|          |
-              | Set-Nonce |             |  Ap-Req  |
-              |   (1)     |<------------|   (5)    |
-              +-----------+   Timeout   +----------+
-                   ^                         |
-                   |                         | Set-Ap-Rep
-                   |      +----------+       |  (6)
-                   +------|          |<------+
-                  Timeout | Estab-wt |
-                          |   (7)    |
-                          +----------+
-                               |
-                               |  Set-Ap-Rep-Ack (7)
-                               V
-                          +----------+
-                          |          |
-                          |  Estab   |
-                          |          |
-
-                          +----------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00             [Page 9]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-
-Agent Unsolicited Retransmission State Machine
-
-                             Timeout
-                              +---+
-                              |   |
-                              |   V
-                          +----------+
-                          |          |
-                   +----> |  Ap-Req  |-------+
-                   |      |   (5)    |       |
-                   |      +----------+       |
-                   |                         |
-                   |                         | Set-Ap-Rep
-                   |      +----------+       |  (6)
-                   +------|          |<------+
-                  Timeout | Estab-wt |
-                          |   (7)    |
-                          +----------+
-                               |
-                               |  Set-Ap-Rep-Ack (7)
-                               V
-                          +----------+
-                          |          |
-                          |  Estab   |
-                          |          |
-                          +----------+
-
-Session Duration and Failures
-
-   The KerbUsmMib uses the ticket lifetime to determine the life of the
-   USM session. The Agent MUST keep track of whether the ticket which
-   instigated the session is valid whenever it forms PDU's for that par-
-   ticular user. If a session expires, or if it wasn't valid to begin
-   with (from the Agent's perspective), the Agent MUST reject the PDU by
-   sending a XXX Error [mat: help me here Keith... what does USM say
-   about this?].
-
-   Kerberos also inherently implies adding state to the Agent and
-   Manager since they share not only a key, but a lifetime associated
-   with that key. This is in some sense soft state because failure of an
-   Agent will cause it to reject PDU's for Managers with whom it does
-   not share a secret. The Manager can use the Error PDU's as an indica-
-   tion that it needs to reauthenticate with the Agent, taking care not
-   to loop. The Manager is even easier: when it reboots, it can either
-   check its credential cache to reconstruct state or cause the Agent to
-   reauthenticate to the Manager with its service ticket by initiating a
-   authentication transaction with the manager.
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 10]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-Manager Collisions
-
-   Managers may freely set up keys for different USM users using this
-   MIB without problem since they access different rows in the krbUsm-
-   PrinTable. However, multiple Managers trying to set up keys for the
-   same USM user is possible but discouraged. The requirement for the
-   Manager is that they MUST share the same service key with the KDC so
-   that they can all decrypt the same service ticket. There are two race
-   conditions, however, which are not well handled:
-
-
-
-1)  At the end of a ticket lifetime, one manager may request the agent
-    to refresh its service ticket causing a new session key to be
-    installed for the USM user leaving the other managers with stale
-    keys. The workaround here is that the Agent will reject the stale
-    manager's PDU's which should inform them to do their own rekeying
-    operations.
-
-
-2)  If multiple managers try to access the same row at the same time,
-    the Agent SHOULD try to keep the transactions separate based on the
-    nonce values. The Managers or the Agents SHOULD NOT break the
-    krbUsmMibNonce and any other additional varbinds into separate PDU's
-    as this may result in a meta stable state. Given normal MTU sizes,
-    this should not be an issue in practice, and this should  at worst
-    devolve into the case above.
-
-   In all cases, the krbUsmMibNonce MUST be the last value to be
-   transmitted, though its position within a PDU is unimportant.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 11]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-
-   KrbUSM MIB
-
-   KRB-USM-MIB DEFINITIONS ::= BEGIN
-   IMPORTS
-       MODULE-IDENTITY,
-       OBJECT-TYPE, OBJECT-IDENTITY,
-       snmpModules, Counter32, Unsigned32 FROM SNMPv2-SMI
-       TruthValue, DisplayString          FROM SNMPv2-TC
-       usmUserEntry                       FROM SNMP-USER-BASED-SM-MIB
-
-
-
-   krbUsmMib MODULE-IDENTITY
-           LAST-UPDATED "00071300Z"
-           ORGANIZATION "IETF SNMP V3 Working Group"
-           CONTACT-INFO
-             "Michael Thomas
-              Cisco Systems
-              375 E Tasman Drive
-              San Jose, Ca 95134
-              Phone: +1 408-525-5386
-              Fax: +1 801-382-5284
-              email: mat@cisco.com"
-           DESCRIPTION
-              "This MIB contains the MIB variables to
-               exchange Kerberos credentials and a session
-               key to be used to authenticate and set up
-               USM keys"
-
-           ::= { snmpModules nnn }   -- not sure what needs to be here.
-   krbUsmMibObjects OBJECT INDENTIFIER ::= { krbUsmMib 1 }
-
-   krbUsmMibAuthInAttemps
-               SYNTAX      Counter32
-               MAX-ACCESS  read-only
-               STATUS      current
-               DESCRIPTION
-                   "Counter of the number of Kerberos
-                    authorization attempts as defined by
-                    receipt of a PDU from a Manager with a
-                     krbUsmMibNonce set in the principal table."
-               ::= { krbUsmMibObjects 1 }
-
-   krbUsmMibAuthOutAttemps
-               SYNTAX      Counter32
-               MAX-ACCESS  read-only
-               STATUS      current
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 12]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-               DESCRIPTION
-                   "Counter of the number of unsolicited Kerberos
-                    authorization attempts as defined by
-                    an Agent sending an INFORM or TRAP PDU with a
-                    krbUsmMibApRep but without krbUsmApMibNonce
-                    varbind."
-               ::= { krbUsmMibObjects 2 }
-   krbUsmMibAuthInFail
-               SYNTAX      Counter32
-               MAX-ACCESS  read-only
-               STATUS      current
-               DESCRIPTION
-                   "Counter of the number of Kerberos
-                    authorization failures as defined by
-                    a Manager setting the krbUsmMibNonce
-                    in the principal table which results
-                    in some sort of failure to install keys
-                    in the requested USM user entry."
-               ::= { krbUsmMibObjects 3 }
-
-   krbUsmMibAuthOutFail
-               SYNTAX      Counter32
-               MAX-ACCESS  read-only
-               STATUS      current
-               DESCRIPTION
-                   "Counter of the number of unsolicited Kerberos
-                    authorization failures as defined by
-                    an Agent sending an INFORM or TRAP PDU with a
-                    krbUsmMibApRep but without a krbUsmMibNonce
-                    varbind which does not result in keys being
-                    installed for that USM user entry."
-               ::= { krbUsmMibObjects 4 }
-
-   krbUsmMibPrinTable OBJECT-TYPE
-               SYNTAX      SEQUENCE OF krbUsmMibEntry
-               MAX-ACCESS  not-accessible
-               STATUS      current
-               DESCRIPTION
-                   "Table which maps Kerberos principals with USM
-                    users as well as the per user variables to key
-                    up sessions"
-               ::= { krbUsmMibObjects 5 }
-
-   krbUsmMibPrinEntry OBJECT-TYPE
-               SYNTAX     KrbUsmMibPrinEntry
-               MAX-ACCESS  not-accessible
-               STATUS      current
-               DESCRIPTION
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 13]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-                   "an entry into the krbMibPrinTable which is a
-                    parallel table to UsmUserEntry table"
-               AUGMENTS { usmUserEntry }
-               ::= { krbUsmMibPrinTable 1 }
-
-   KrbUsmMibPrinEntry SEQUENCE
-    {
-                   krbUsmMibApReq                  OCTET STRING,
-                   krbUsmMibApRep                  OCTET STRING,
-                   krbUsmMibNonce                  OCTET STRING,
-                   krbUsmMibMgrTGT                 OCTET STRING,
-                   krbUsmMibUnsolicitedNotify      TruthValue,
-    }
-
-
-   krbUsmMibApReq OBJECT-TYPE
-               SYNTAX      OCTET STRING
-               MAX-ACCESS  accessible-for-notify
-               STATUS      current
-               DESCRIPTION
-                   "This variable contains a DER encoded Kerberos
-                    AP-REQ or KRB-ERROR for the USM user which is
-                    to be keyed. This is sent from the Agent to
-                    the Manager in an INFORM or TRAP request.
-                    KRB-ERROR MUST only be sent to the Manager
-                    if it is in response to a keying request from
-                    the Manager.
-                   "
-               ::= { krbUsmMibPrinEntry 1 }
-
-   krbUsmMibApRep OBJECT-TYPE
-               SYNTAX      OCTET STRING
-               MAX-ACCESS  read-write
-               STATUS      current
-               DESCRIPTION
-                   "This variable contains the DER encoded response
-                    to an AP-REQ. This variable is SET by the
-                    Manager to acknowledge receipt of an AP-REQ. If
-                    krbUsmMibApRep contains a Kerberos AP-REP, the
-                    Agent must derive keys from the session key
-                    of the Kerberos ticket in the AP-REQ and place
-                    them in the USM database in a manner specified
-                    by [RFC2574]. If the Manager detects an error,
-                    it will instead place a KRB-ERROR in this
-                    variable to inform the Agent of the error.
-
-                    This variable is in effect a write-only variable.
-                    attempts to read this variable will result in a
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 14]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-                    null octet string being returned"
-               ::= { krbUsmMibPrinEntry 2 }
-
-   krbUsmMibNonce OBJECT-TYPE
-               SYNTAX      OCTET STRING
-               MAX-ACCESS  read-write
-               STATUS      current
-               DESCRIPTION
-                   "SET'ing a krbUsmMibnonce allows a Manager to
-                    determine whether an INFORM or TRAP from an
-                    Agent is an outstanding keying request, or
-                    unsolicited from the Agent. The Manager
-                    initiates keying for a particular USM user
-                    by writing a nonce into the row for which
-                    desires to establish a security association.
-                    The nonce is an ASCII string of the form
-                    ``host:port?nonce'' where:
-
-                    host:  is either an FQDN, or valid ipv4 or ipv6
-                           numerical notation of the Manager which
-                           desires to initiate keying
-                    port:  is the destination port at which that the
-                           Manager may be contacted
-                    nonce: is a number generated by the Manager to
-                           correlate the transaction
-
-                    The same nonce MUST be sent to the Manager in a
-                    subsequent INFORM or TRAP with a krbUsmApReq.
-                    The Agent MUST use the host address and port
-                    supplied in the nonce as the destination of a
-                    subsequent INFORM or TRAP. Unsolicited keying
-                    requests MUST NOT contain a nonce, and should
-                    instead use the destination stored Notifies of
-                    this type.
-
-                    Nonces MUST be highly collision resistant either
-                    using a time based method or a suitable random
-                    number generator. Managers MUST never create
-                    nonces which are 0.
-
-                    This variable is in effect a write-only variable.
-                    Attempts to read this variable will result in a
-                    nonce of value 0 being returned"
-
-
-               ::= { krbUsmMibPrinEntry 3 }
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 15]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-   krbUsmMibMgrTgt OBJECT-TYPE
-               SYNTAX      OCTET STRING
-               MAX-ACCESS  read-write
-               STATUS      current
-               DESCRIPTION
-                   "If the Manager does not possess a symmetric
-                    key with the KDC as would be the case with
-                    a Manager using PKinit for authentication,
-                    the Manager MUST SET its DER encoded ticket
-                    granting ticket into KrbUsmMgrTgt along
-                    with krbUsmMibNonce.
-
-                    The agent will then attach the Manager's TGT
-                    into the additional tickets field of the
-                    TGS-REQ message to the KDC to get a User-User
-                    service ticket.
-
-                    This variable is in effect a write-only variable.
-                    Attempts to read this variable will result in a
-                    null octet string being returned"
-               ::= { krbUsmMibPrinEntry 4 }
-
-
-   krbUsmMibUnsolicitedNotify OBJECT-TYPE
-               SYNTAX      TruthValue
-               MAX-ACCESS  read-write
-               STATUS      current
-               DESCRIPTION
-                   "If this variable is false, the Agent MUST NOT
-                    send unsolicited INFORM or TRAP PDU's to the
-                    Manager.
-
-                    Attempts to SET this variable by the no-auth
-                    no-priv user MUST be rejected."
-               ::= { krbUsmMibPrinEntry 5 }
-
-   --
-   -- Conformance section... nothing optional.
-
-   krbUsmMibCompliences MODULE-COMPLIANCE
-               STATUS       current
-               DESCRIPTION "The compliance statement for SNMP
-                            engines whichimplement the KRB-USM-MIB
-                   "
-               MODULE       -- this module
-                       MANDATORY-GROUPS { krbUsmMib }
-       ::= { krbUsmMibCompliances 1 }
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 16]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-   END
-
-
-Key Derivation
-
-   The session key provides the basis for the keying material for the
-   USM user specified in the AP-REQ.  The actual keys for use for the
-   authentication and privacy are produced using the cryptographic hash-
-   ing function used to protect the ticket itself.  The keying material
-   is derived using this function, F(key, salt), using successive
-   interations of F over the salt string "SNMPV3RULZ%d", where %d is a
-   monotonic counter starting at zero. The bits are taken directly from
-   the successive interations to produce two keys of appropriate size
-   (as specified in the USM user row) for the authentication transform
-   first, and the privacy transform second. If the authentication
-   transform is null, the first bits of the derived key are used for the
-   privacy transform.
-
-Security Considerations
-
-   Various elements of this MIB must be readable and writable as the
-   no-auth, no-priv user. Unless specifically necessary for the key
-   negotiation, elements of this MIB SHOULD be protected by VACM views
-   which limit access. In particular, there is no reason anything in
-   this MIB should be visible to a no-auth, no-priv user with the excep-
-   tion of KrbUsmMibApReq, KrbUsmMibApRep, KrbUsmMibNonce, and
-   KrbUsmMibMgrTgt, and then only with the restrictions placed on them
-   in the MIB. As such, probing attacks are still possible, but should
-   not be profitable: all of the writable variables with interesting
-   information in them are defined in such a way as to be write only.
-
-   There are some interesting denial of service attacks which are possi-
-   ble by attackers spoofing managers and putting load on the KDC to
-   generate unnecessary tickets. For large numbers or agents this could
-   be problematic. This can probably be mitigated by the KDC prioritiz-
-   ing TGS-REQ's though.
-
-
-References
-
-[1]         The CAT Working Group,  J.  Kohl,  C.Neuman,  "The  Kerberos
-            Network  Authentication  Service  (V5)", RFC 1510, September
-            1993
-
-[2]         The SNMPV3 Working Group, U.  Blumenthal,  B.  Wijnen,  "The
-            User-based Security Model of SNMP V3", RFC 2574, April 1999
-
-[3]         The SNMPV3 Working Group, B. Wijnen, R. Presuhn,
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 17]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-            K.McCloghrie, "The View-based Access Control Model of SNMP
-            V3", RFC 2575, April 1999
-
-[4]         The CAT Working Group, Tung, et al, "Public Key Cryptography
-            for Initial Authentication in Kerberos", draft-ietf-cat-pk-
-            init-11, November 1999
-
-[5]         Arango, et al, "Media Gateway Control Protocl (MGCP)", RFC
-            2705, October 1999
-
-
-[RFC2571]   Harrington, D., Presuhn, R., and B. Wijnen, An Architecture
-            for Describing SNMP Management Frameworks, RFC 2571, April
-            1999.
-
-[RFC1155]   Rose, M., and K. McCloghrie, Structure and Identification of
-            Management Information for TCP/IP-based Internets, STD 16,
-            RFC 1155, May 1990.
-
-[RFC1212]   Rose, M., and K. McCloghrie, Concise MIB Definitions, STD
-            16, RFC 1212, March 1991.
-
-[RFC1215]   M. Rose, A Convention for Defining Traps for use with the
-            SNMP, RFC 1215, March 1991.
-
-[RFC2578]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
-            Rose, M., and S. Waldbusser, Structure of Management Infor-
-            mation Version 2 (SMIv2), STD 58, RFC 2578, April 1999.
-
-[RFC2579]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
-            Rose, M., and S. Waldbusser, Textual Conventions for SMIv2,
-            STD 58, RFC 2579, April 1999.
-
-[RFC2580]   McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
-            Rose, M., and S. Waldbusser, Conformance Statements for
-            SMIv2, STD 58, RFC 2580, April 1999.
-
-[RFC1157]   Case, J., Fedor, M., Schoffstall, M., and J. Davin, Simple
-            Network Management Protocol, STD 15, RFC 1157, May 1990.
-
-[RFC1901]   Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
-            Introduction to Community-based SNMPv2, RFC 1901, January
-            1996.
-
-[RFC1906]   Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, Tran-
-            sport Mappings for Version 2 of the Simple Network Manage-
-            ment Protocol (SNMPv2), RFC 1906, January 1996.
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 18]
-
-
-
-
-
-INTERNET-DRAFT           Kerberized USM Keying              13 July 2000
-
-
-[RFC2572]   Case, J., Harrington D., Presuhn R., and B. Wijnen, Message
-            Processing and Dispatching for the Simple Network Management
-            Protocol (SNMP), RFC 2572, April 1999.
-
-[RFC2574]   Blumenthal, U., and B. Wijnen, User-based Security Model
-            (USM) for version 3 of the Simple Network Management Proto-
-            col (SNMPv3), RFC 2574, April 1999.
-
-[RFC1905]   Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, Pro-
-            tocol Operations for Version 2 of the Simple Network Manage-
-            ment Protocol (SNMPv2), RFC 1905, January 1996.
-
-[RFC2573]   Levi, D., Meyer, P., and B. Stewart, SNMPv3 Applications,
-            RFC 2573, April 1999.
-
-[RFC2575]   Wijnen, B., Presuhn, R., and K. McCloghrie, View-based
-            Access Control Model (VACM) for the Simple Network Manage-
-            ment Protocol (SNMP), RFC 2575, April 1999.
-
-[RFC2570]   Case, J., Mundy, R., Partain, D., and B. Stewart, Introduc-
-            tion to Version 3 of the Internet-standard Network Manage-
-            ment Framework, RFC 2570, April 1999.
-
-Author's Address
-
-          Michael Thomas
-          Cisco Systems
-          375 E Tasman Rd
-          San Jose, Ca, 95134, USA
-          Tel: +1 408-525-5386
-          email: mat@cisco.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Thomas               draft-thomas-snmpv3-kerbusm-00            [Page 19]
-
-
diff --git a/crypto/heimdal/doc/standardisation/draft-trostle-win2k-cat-kerberos-set-passwd-00.txt b/crypto/heimdal/doc/standardisation/draft-trostle-win2k-cat-kerberos-set-passwd-00.txt
deleted file mode 100644
index b89108a53be9..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-trostle-win2k-cat-kerberos-set-passwd-00.txt
+++ /dev/null
@@ -1,227 +0,0 @@
-
-CAT Working Group                                     Mike Swift 
-draft-trostle-win2k-cat-kerberos-set-passwd-00.txt    Microsoft               
-February 2000                                         Jonathan Trostle
-Category: Informational                               Cisco Systems
-                                                      John Brezak
-                                                      Microsoft
-
-         Extending Change Password for Setting Kerberos Passwords
-
-
-0. Status Of This Memo
-
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026. 
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF), its areas, and its working groups.  Note that
-   other groups may also distribute working documents as 
-   Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six
-   months and may be updated, replaced, or obsoleted by other
-   documents at any time.  It is inappropriate to use Internet-
-   Drafts as reference material or to cite them other than as
-   "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   Comments and suggestions on this document are encouraged.  Comments 
-   on this document should be sent to the CAT working group discussion 
-   list:
-                       ietf-cat-wg@stanford.edu
-
-1. Abstract
-
-   The Kerberos [1] change password protocol [2], does not allow for 
-   an administrator to set a password for a new user. This functionality
-   is useful in some environments, and this proposal extends [2] to
-   allow password setting. The changes are: adding new fields to the 
-   request message to indicate the principal which is having its 
-   password set, not requiring the initial flag in the service ticket, 
-   using a new protocol version number, and adding three new result 
-   codes. 
-   
-2. The Protocol
-
-   The service must accept requests on UDP port 464 and TCP port 464 as 
-   well. The protocol consists of a single request message followed by 
-   a single reply message.  For UDP transport, each message must be fully 
-   contained in a single UDP packet.
-
-   For TCP transport, there is a 4 octet header in network byte order
-   precedes the message and specifies the length of the message. This
-
-   requirement is consistent with the TCP transport header in 1510bis.
-
-Request Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REQ length        |         AP_REQ data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                        KRB-PRIV message                       /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-   All 16 bit fields are in big-endian order. 
-
-   message length field: contains the number of bytes in the message 
-   including this field.
-
-   protocol version number: contains the hex constant 0xff80 (big-endian 
-   integer).
-
-   AP-REQ length: length of AP-REQ data, in bytes. If the length is zero, 
-   then the last field contains a KRB-ERROR message instead of a KRB-PRIV 
-   message.
-
-   AP-REQ data: (see [1]) The AP-REQ message must be for the service 
-   principal kadmin/changepw@REALM, where REALM is the REALM of the user 
-   who wishes to change/set his password. The ticket in the AP-REQ must 
-   must include a subkey in the Authenticator. To enable setting of 
-   passwords, it is not required that the initial flag be set in the 
-   Kerberos service ticket.
-
-   KRB-PRIV message (see [1]) This KRB-PRIV message must be generated 
-   using the subkey from the authenticator in the AP-REQ data. 
-
-   The user-data component of the message consists of the following ASN.1 
-   structure encoded as an OCTET STRING:
-
-   ChangePasswdData ::=  SEQUENCE {
-                       newpasswd[0]   OCTET STRING,
-                       targname[2]    PrincipalName OPTIONAL,
-                       targrealm[3]   Realm OPTIONAL
-                       }  
-
-   The server must verify the AP-REQ message, check whether the client 
-   principal in the ticket is authorized to set/change the password 
-   (either for that principal, or for the principal in the targname 
-   field if present), and decrypt the new password. The server also 
-   checks whether the initial flag is required for this request, 
-   replying with status 0x0007 if it is not set and should be. An 
-   authorization failure is cause to respond with status 0x0005. For 
-   forward compatibility, the server should be prepared to ignore fields 
-   after targrealm in the structure that it does not understand. 
-
-   The newpasswd field contains the cleartext password, and the server 
-   should apply any local policy checks including password policy checks. 
-   The server then generates the appropriate keytypes from the password
-
-   and stores them in the KDC database. If all goes well, status 0x0000 
-   is returned to the client in the reply message (see below).
-
-Reply Message
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |         message length        |    protocol version number    |
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          AP_REP length        |         AP-REP data           /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      /                         KRB-PRIV message                      /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-
-   All 16 bit fields are in big-endian order. 
-
-   message length field: contains the number of bytes in the message 
-   including this field.
-
-   protocol version number: contains the hex constant 0x0001 (big-endian 
-   integer). (The reply message has the same format as in [2]).
-
-   AP-REP length: length of AP-REP data, in bytes. If the length is zero, 
-   then the last field contains a KRB-ERROR message instead of a KRB-PRIV 
-   message.
-
-   AP-REP data: the AP-REP is the response to the AP-REQ in the request 
-   packet.
-   
-   KRB-PRIV from [2]: This KRB-PRIV message must be generated using the 
-   subkey in the authenticator in the AP-REQ data.
-
-   The server will respond with a KRB-PRIV message unless it cannot
-   decode the client AP-REQ or KRB-PRIV message, in which case it will
-   respond with a KRB-ERROR message. NOTE: Unlike change password version
-   1, the KRB-ERROR message will be sent back without any encapsulation.
-
-   The user-data component of the KRB-PRIV message, or e-data component 
-   of the KRB-ERROR message, must consist of the following data.
-
-       0                   1                   2                   3
-       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      |          result code          |        result string          /
-      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-      result code (16 bits) (result codes 0-4 are from [2]):
-         The result code must have one of the following values (big-
-         endian integer):
-         KRB5_KPASSWD_SUCCESS      0 request succeeds (This value is not 
-                                     allowed in a KRB-ERROR message)
-         KRB5_KPASSWD_MALFORMED    1 request fails due to being malformed
-         KRB5_KPASSWD_HARDERROR    2 request fails due to "hard" error in
-                                     processing the request (for example, 
-                                     there is a resource or other problem 
-                                     causing the request to fail)
-
-         KRB5_KPASSWD_AUTHERROR    3 request fails due to an error in 
-                                     authentication processing
-         KRB5_KPASSWD_SOFTERROR    4 request fails due to a "soft" error 
-                                     in processing the request 
-         KRB5_KPASSWD_ACCESSDENIED 5 requestor not authorized
-         KRB5_KPASSWD_BAD_VERSION  6 protocol version unsupported
-         KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 initial flag required
-         0xFFFF if the request fails for some other reason.
-         Although only a few non-zero result codes are specified here,
-         the client should accept any non-zero result code as indicating
-         failure.
-      result string - from [2]:
-         This field should contain information which the server thinks
-         might be useful to the user, such as feedback about policy
-         failures.  The string must be encoded in UTF-8.  It may be
-         omitted if the server does not wish to include it.  If it is
-         present, the client should display the string to the user.
-         This field is analogous to the string which follows the numeric
-         code in SMTP, FTP, and similar protocols.
-
-3. References
- 
-   [1] J. Kohl, C. Neuman. The Kerberos Network Authentication
-   Service (V5). Request for Comments 1510.
-
-   [2] M. Horowitz. Kerberos Change Password Protocol.
-   ftp://ds.internic.net/internet-drafts/
-   draft-ietf-cat-kerb-chg-password-02.txt
-
-4. Expiration Date
-
-   This draft expires in August 2000.   
-
-5. Authors' Addresses
-
-   Jonathan Trostle
-   Cisco Systems
-   170 W. Tasman Dr.
-   San Jose, CA 95134
-   Email: jtrostle@cisco.com
-
-   Mike Swift 
-   1 Microsoft Way
-   Redmond, WA 98052
-   mikesw@microsoft.com
-
-   John Brezak
-   1 Microsoft Way
-   Redmond, WA 98052
-   jbrezak@microsoft.com
diff --git a/crypto/heimdal/doc/standardisation/draft-tso-telnet-krb5-04.txt b/crypto/heimdal/doc/standardisation/draft-tso-telnet-krb5-04.txt
deleted file mode 100644
index e9611e395bfd..000000000000
--- a/crypto/heimdal/doc/standardisation/draft-tso-telnet-krb5-04.txt
+++ /dev/null
@@ -1,327 +0,0 @@
-Network Working Group                                    T. Ts'o, Editor
-Internet-Draft                     Massachusetts Institute of Technology
-draft-tso-telnet-krb5-04.txt                                  April 2000
-
-               Telnet Authentication: Kerberos Version 5
-
-Status of this Memo
-
-   This document is an Internet-Draft and is in full conformance with
-   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
-   documents of the Internet Engineering Task Force (IETF), its areas,
-   and its working groups.  Note that other groups may also distribute
-   working documents as Internet-Drafts.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference mate-
-   rial or to cite them other than as "work in progress."
-
-   The list of current Internet-Drafts can be accessed at
-   http://www.ietf.org/ietf/1id-abstracts.txt
-
-   The list of Internet-Draft Shadow Directories can be accessed at
-   http://www.ietf.org/shadow.html.
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
-   document are to be interpreted as described in RFC 2119.
-
-0. Abstract
-
-   This document describes how Kerberos Version 5 [1] is used with the
-   telnet protocol.   It describes an telnet authentication sub-option
-   to be used with the telnet authentication option [2].   This mecha-
-   nism can also used to provide keying material to provide data confi-
-   dentiality services in conjuction with the telnet encryption option
-   [3].
-
-1. Command Names and Codes
-
-   Authentication Types
-
-      KERBEROS_V5    2
-
-   Sub-option Commands
-
-                           Expires Sept 2000                    [Page 1]
-
-Internet-Draft        Kerberos Version 5 for Telnet           April 2000
-
-      AUTH               0
-      REJECT             1
-      ACCEPT             2
-      RESPONSE           3
-      FORWARD            4
-      FORWARD_ACCEPT     5
-      FORWARD_REJECT     6
-
-2.  Command Meanings
-
-   IAC SB AUTHENTICATION IS <authentication-type-pair> AUTH <Kerberos V5
-   KRB_AP_REQ message> IAC SE
-
-      This is used to pass the Kerberos V5 [1] KRB_AP_REQ message to the
-      remote side of the connection.  The first octet of the <authenti-
-      cation-type-pair> value is KERBEROS_V5, to indicate that Version 5
-      of Kerberos is being used.  The Kerberos V5 authenticator in the
-      KRB_AP_REQ message     must contain a Kerberos V5 checksum of the
-      two-byte authentication type pair.  This checksum must be verified
-      by the server to assure that the authentication type pair was cor-
-      rectly negotiated.  The Kerberos V5 authenticator must also in-
-      clude the optional subkey field, which shall be filled in with a
-      randomly chosen key.  This key shall be used for encryption pur-
-      poses if encryption is negotiated, and shall be used as the nego-
-      tiated session key (i.e., used as keyid 0) for the purposes of the
-      telnet encryption option; if the subkey is not filled in, then the
-      ticket session key will be used instead.
-
-      If data confidentiality services is desired the ENCRYPT_US-
-      ING_TELOPT flag must be set in the authentication-type-pair as
-      specified in [2].
-
-   IAC SB AUTHENTICATION REPLY <authentication-type-pair> ACCEPT IAC SE
-
-      This command indicates that the authentication was successful.
-
-      If the AUTH_HOW_MUTUAL bit is set in the second octet of the au-
-      thentication-type-pair, the RESPONSE command must be sent before
-      the ACCEPT command is sent.
-
-   IAC SB AUTHENTICATION REPLY <authentication-type-pair> REJECT <op-
-   tional reason for rejection> IAC SE
-
-      This command indicates that the authentication was not successful,
-      and if there is any more data in the sub-option, it is an ASCII
-      text message of the reason for the rejection.
-
-   IAC SB AUTHENTICATION REPLY <authentication-type-pair> RESPONSE
-   <KRB_AP_REP message> IAC SE
-
-                           Expires Sept 2000                    [Page 2]
-
-Internet-Draft        Kerberos Version 5 for Telnet           April 2000
-
-      This command is used to perform mutual authentication.  It is only
-      used when the AUTH_HOW_MUTUAL bit is set in the second octet of
-      the authentication-type-pair.  After an AUTH command is verified,
-      a RESPONSE command is sent which contains a Kerberos V5 KRB_AP_REP
-      message to perform the mutual authentication.
-
-   IAC SB AUTHENTICATION <authentication-type-pair> FORWARD <KRB_CRED
-   message> IAC SE
-
-      This command is used to forward kerberos credentials for use by
-      the remote session.  The credentials are passed as a Kerberos V5
-      KRB_CRED message which includes, among other things, the forwarded
-      Kerberos ticket and a session key associated with the ticket. Part
-      of the KRB_CRED message is encrypted in the key previously ex-
-      changed for the telnet session by the AUTH suboption.
-
-   IAC SB AUTHENTICATION <authentication-type-pair> FORWARD_ACCEPT IAC
-   SE
-
-      This command indicates that the credential forwarding was success-
-      ful.
-
-   IAC SB AUTHENTICATION <authentication-type-pair> FORWARD_REJECT <op-
-   tional reason for rejection> IAC SE
-
-      This command indicates that the credential forwarding was not suc-
-      cessful, and if there is any more data in the sub-option, it is an
-      ASCII text message of the reason for the rejection.
-
-3.  Implementation Rules
-
-   If the second octet of the authentication-type-pair has the AUTH_WHO
-   bit set to AUTH_CLIENT_TO_SERVER, then the client sends the initial
-   AUTH command, and the server responds with either ACCEPT or REJECT.
-   In addition, if the AUTH_HOW bit is set to AUTH_HOW_MUTUAL, the serv-
-   er will send a RESPONSE before it sends the ACCEPT.
-
-   If the second octet of the authentication-type-pair has the AUTH_WHO
-   bit set to AUTH_SERVER_TO_CLIENT, then the server sends the initial
-   AUTH command, and the client responds with either ACCEPT or REJECT.
-   In addition, if the AUTH_HOW bit is set to AUTH_HOW_MUTUAL, the
-   client will send a RESPONSE before it sends the ACCEPT.
-
-   The Kerberos principal used by the server will generally be of the
-   form "host/<hostname>@realm".  That is, the first component of the
-   Kerberos principal is "host"; the second component is the fully qual-
-   ified lower-case hostname of the server; and the realm is the Ker-
-   beros realm to which the server belongs.
-
-                           Expires Sept 2000                    [Page 3]
-
-Internet-Draft        Kerberos Version 5 for Telnet           April 2000
-
-   Any Telnet IAC characters that occur in the KRB_AP_REQ or KRB_AP_REP
-   messages, the KRB_CRED structure, or the optional rejection text
-   string must be doubled as specified in [4].  Otherwise the following
-   byte might be mis-interpreted as a Telnet command.
-
-4.  Examples
-
-   User "joe" may wish to log in as user "pete" on machine "foo".  If
-   "pete" has set things up on "foo" to allow "joe" access to his ac-
-   count, then the client would send IAC SB AUTHENTICATION NAME "pete"
-   IAC SE IAC SB AUTHENTICATION IS KERBEROS_V5 AUTH <KRB_AP_REQ_MESSAGE>
-   IAC SE
-
-   The server would then authenticate the user as "joe" from the
-   KRB_AP_REQ_MESSAGE, and if the KRB_AP_REQ_MESSAGE was accepted by
-   Kerberos, and if "pete" has allowed "joe" to use his account, the
-   server would then continue the authentication sequence by sending a
-   RESPONSE (to do mutual authentication, if it was requested) followed
-   by the ACCEPT.
-
-   If forwarding has been requested, the client then sends IAC SB AU-
-   THENTICATION IS KERBEROS_V5 CLIENT|MUTUAL FORWARD <KRB_CRED structure
-   with credentials to be forwarded> IAC SE.  If the server succeeds in
-   reading the forwarded credentials, the server sends FORWARD_ACCEPT
-   else, a FORWARD_REJECT is sent back.
-
-       Client                           Server
-                                        IAC DO AUTHENTICATION
-       IAC WILL AUTHENTICATION
-
-       [ The server is now free to request authentication information.
-         ]
-
-                                        IAC SB AUTHENTICATION SEND
-                                        KERBEROS_V5 CLIENT|MUTUAL
-                                        KERBEROS_V5 CLIENT|ONE_WAY IAC
-                                        SE
-
-       [ The server has requested mutual Version 5 Kerberos
-         authentication.  If mutual authentication is not supported,
-         then the server is willing to do one-way authentication.
-
-         The client will now respond with the name of the user that it
-         wants to log in as, and the Kerberos ticket.  ]
-
-       IAC SB AUTHENTICATION NAME
-       "pete" IAC SE
-       IAC SB AUTHENTICATION IS
-       KERBEROS_V5 CLIENT|MUTUAL AUTH
-       <KRB_AP_REQ message> IAC SE
-
-                           Expires Sept 2000                    [Page 4]
-
-Internet-Draft        Kerberos Version 5 for Telnet           April 2000
-
-       [ Since mutual authentication is desired, the server sends across
-         a RESPONSE to prove that it really is the right server.  ]
-
-                                        IAC SB AUTHENTICATION REPLY
-                                        KERBEROS_V5 CLIENT|MUTUAL
-                                        RESPONSE <KRB_AP_REP message>
-                                        IAC SE
-
-       [ The server responds with an ACCEPT command to state that the
-         authentication was successful.  ]
-
-                                        IAC SB AUTHENTICATION REPLY KER-
-                                        BEROS_V5 CLIENT|MUTUAL ACCEPT
-                                        IAC SE
-
-       [ If so requested, the client now sends the FORWARD command to
-         forward credentials to the remote site.  ]
-
-       IAC SB AUTHENTICATION IS KER-
-       BEROS_V5 CLIENT|MUTUAL
-       FORWARD <KRB_CRED message> IAC
-       SE
-
-       [ The server responds with a FORWARD_ACCEPT command to state that
-         the credential forwarding was successful.  ]
-
-                           Expires Sept 2000                    [Page 5]
-
-Internet-Draft        Kerberos Version 5 for Telnet           April 2000
-
-                                        IAC SB AUTHENTICATION REPLY KER-
-                                        BEROS_V5 CLIENT|MUTUAL FOR-
-                                        WARD_ACCEPT IAC SE
-
-5. Security Considerations
-
-   The selection of the random session key in the Kerberos V5 authenti-
-   cator is critical, since this key will be used for encrypting the
-   telnet data stream if encryption is enabled.  It is strongly advised
-   that the random key selection be done using cryptographic techniques
-   that involve the Kerberos ticket's session key.  For example, using
-   the current time, encrypting it with the ticket session key, and then
-   correcting for key parity is a strong way to generate a subsession
-   key, since the ticket session key is assumed to be never disclosed to
-   an attacker.
-
-   Care should be taken before forwarding a user's Kerberos credentials
-   to the remote server.  If the remote server is not trustworthy, this
-   could result in the user's credentials being compromised.  Hence, the
-   user interface should not forward credentials by default; it would be
-   far safer to either require the user to explicitly request creden-
-   tials forwarding for each connection, or to have a trusted list of
-   hosts for which credentials forwarding is enabled, but to not enable
-   credentials forwarding by default for all machines.
-
-6. IANA Considerations
-
-   The authentication type KERBEROS_V5 and its associated suboption values
-   are registered with IANA.  Any suboption values used to extend 
-   the protocol as described in this document must be registered
-   with IANA before use.  IANA is instructed not to issue new suboption
-   values without submission of documentation of their use.
-
-7. Acknowledgments
-
-   This document was originally written by Dave Borman of Cray Research,
-   Inc.  Theodore Ts'o of MIT revised it to reflect the latest implemen-
-   tation experience.  Cliff Neuman and Prasad Upasani of USC's Informa-
-   tion Sciences Institute developed the credential forwarding support.
-
-   In addition, the contributions of the Telnet Working Group are also
-   gratefully acknowledged.
-
-8. References
-
-   [1] Kohl, J. and B. Neuman, "The Kerberos Network Authentication Sys-
-       tem (V5)", RFC 1510, USC/Information Sciences Institute, Septem-
-       ber 1993.
-
-   [2] Internet Engineering Task Force, "Telnet Authentication", draft-
-       tso-telnet-auth-enc-04.txt, T. Ts'o, Editor, VA Linux Systems,
-           April 2000.
-
-   [3] Internet Engineering Task Force, "Telnet Data Encryption Option",
-       draft-tso-telnet-encryption-04.txt, T. Ts'o, Editor, VA Linux
-       Systems,     April 2000.
-
-   [4] Postel, J.B. and J. Reynolds, "Telnet Option Specifications", RFC
-
-                           Expires Sept 2000                    [Page 6]
-
-Internet-Draft        Kerberos Version 5 for Telnet           April 2000
-
-       855, STD 8, USC/Information Sciences Institute, May 1983.
-
-Editor's Address
-
-   Theodore Ts'o
-   Massachusetts Institute of Technology
-   MIT Room E40-343
-   77 Massachusetts Avenue
-   Cambridge, MA 02139
-
-   Phone: (617) 253-8091
-   EMail: tytso@mit.edu
-
-                           Expires Sept 2000                    [Page 7]
-
-
-    Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
-                 The Kermit Project * Columbia University
-              612 West 115th St #716 * New York, NY * 10025
-  http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org
-
-
diff --git a/crypto/heimdal/doc/standardisation/rc4-hmac.txt b/crypto/heimdal/doc/standardisation/rc4-hmac.txt
deleted file mode 100644
index 202d44e8639c..000000000000
--- a/crypto/heimdal/doc/standardisation/rc4-hmac.txt
+++ /dev/null
@@ -1,587 +0,0 @@
-CAT working group                                              M. Swift 
-Internet Draft                                                J. Brezak 
-Document: draft-brezak-win2k-krb-rc4-hmac-03.txt              Microsoft 
-Category: Informational                                       June 2000 
- 
- 
-           The Windows 2000 RC4-HMAC Kerberos encryption type 
- 
- 
-Status of this Memo 
- 
-   This document is an Internet-Draft and is in full conformance with 
-   all provisions of Section 10 of RFC2026 [1]. Internet-Drafts are 
-   working documents of the Internet Engineering Task Force (IETF), its 
-   areas, and its working groups. Note that other groups may also 
-   distribute working documents as Internet-Drafts. Internet-Drafts are 
-   draft documents valid for a maximum of six months and may be 
-   updated, replaced, or obsoleted by other documents at any time. It 
-   is inappropriate to use Internet- Drafts as reference material or to 
-   cite them other than as "work in progress." 
-     
-   The list of current Internet-Drafts can be accessed at 
-   http://www.ietf.org/ietf/1id-abstracts.txt  
-   The list of Internet-Draft Shadow Directories can be accessed at 
-   http://www.ietf.org/shadow.html. 
-    
-1. Abstract 
-    
-   The Windows 2000 implementation of Kerberos introduces a new 
-   encryption type based on the RC4 encryption algorithm and using an 
-   MD5 HMAC for checksum. This is offered as an alternative to using 
-   the existing DES based encryption types. 
-    
-   The RC4-HMAC encryption types are used to ease upgrade of existing 
-   Windows NT environments, provide strong crypto (128-bit key 
-   lengths), and provide exportable (meet United States government 
-   export restriction requirements) encryption. 
-    
-   The Windows 2000 implementation of Kerberos contains new encryption 
-   and checksum types for two reasons: for export reasons early in the 
-   development process, 56 bit DES encryption could not be exported, 
-   and because upon upgrade from Windows NT 4.0 to Windows 2000, 
-   accounts will not have the appropriate DES keying material to do the 
-   standard DES encryption. Furthermore, 3DES is not available for 
-   export, and there was a desire to use a single flavor of encryption 
-   in the product for both US and international products. 
-    
-   As a result, there are two new encryption types and one new checksum 
-   type introduced in Windows 2000. 
-    
-    
-2. Conventions used in this document 
-    
-
-  
-Swift                  Category - Informational                      1 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
-   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
-   this document are to be interpreted as described in RFC-2119 [2]. 
-    
-3. Key Generation 
-    
-   On upgrade from existing Windows NT domains, the user accounts would 
-   not have a DES based key available to enable the use of DES base 
-   encryption types specified in RFC 1510. The key used for RC4-HMAC is 
-   the same as the existing Windows NT key (NT Password Hash) for 
-   compatibility reasons. Once the account password is changed, the DES 
-   based keys are created and maintained. Once the DES keys are 
-   available DES based encryption types can be used with Kerberos.  
-    
-   The RC4-HMAC String to key function is defined as follow: 
-    
-   String2Key(password) 
-    
-        K = MD4(UNICODE(password)) 
-         
-   The RC4-HMAC keys are generated by using the Windows UNICODE version 
-   of the password. Each Windows UNICODE character is encoded in 
-   little-endian format of 2 octets each. Then performing an MD4 [6] 
-   hash operation on just the UNICODE characters of the password (not 
-   including the terminating zero octets). 
-    
-   For an account with a password of "foo", this String2Key("foo") will 
-   return: 
-    
-        0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe, 
-        0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc 
-    
-4. Basic Operations 
-    
-   The MD5 HMAC function is defined in [3]. It is used in this 
-   encryption type for checksum operations. Refer to [3] for details on 
-   its operation. In this document this function is referred to as 
-   HMAC(Key, Data) returning the checksum using the specified key on 
-   the data. 
-    
-   The basic MD5 hash operation is used in this encryption type and 
-   defined in [7]. In this document this function is referred to as 
-   MD5(Data) returning the checksum of the data. 
-    
-   RC4 is a stream cipher licensed by RSA Data Security [RSADSI]. A       
-   compatible cipher is described in [8]. In this document the function 
-   is referred to as RC4(Key, Data) returning the encrypted data using 
-   the specified key on the data. 
-    
-   These encryption types use key derivation as defined in [9] (RFC-
-   1510BIS) in Section titled "Key Derivation". With each message, the 
-   message type (T) is used as a component of the keying material. This 
-   summarizes the different key derivation values used in the various 
-  
-Swift                  Category - Informational                      2 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   operations. Note that these differ from the key derivations used in 
-   other Kerberos encryption types. 
-    
-        T = 1 for TS-ENC-TS in the AS-Request 
-        T = 8 for the AS-Reply  
-        T = 7 for the Authenticator in the TGS-Request 
-        T = 8 for the TGS-Reply  
-        T = 2 for the Server Ticket in the AP-Request 
-        T = 11 for the Authenticator in the AP-Request 
-        T = 12 for the Server returned AP-Reply 
-        T = 15 in the generation of checksum for the MIC token 
-        T = 0 in the generation of sequence number for the MIC token  
-        T = 13 in the generation of checksum for the WRAP token 
-        T = 0 in the generation of sequence number for the WRAP token  
-        T = 0 in the generation of encrypted data for the WRAPPED token 
-    
-   All strings in this document are ASCII unless otherwise specified. 
-   The lengths of ASCII encoded character strings include the trailing 
-   terminator character (0). 
-    
-   The concat(a,b,c,...) function will return the logical concatenation 
-   (left to right) of the values of the arguments. 
-    
-   The nonce(n) function returns a pseudo-random number of "n" octets. 
-    
-5. Checksum Types 
-    
-   There is one checksum type used in this encryption type. The 
-   Kerberos constant for this type is: 
-        #define KERB_CHECKSUM_HMAC_MD5 (-138) 
-    
-   The function is defined as follows: 
-    
-   K - is the Key 
-   T - the message type, encoded as a little-endian four byte integer 
-    
-   CHKSUM(K, T, data) 
-    
-        Ksign = HMAC(K, "signaturekey")  //includes zero octet at end 
-        tmp = MD5(concat(T, data)) 
-        CHKSUM = HMAC(Ksign, tmp) 
-    
-    
-6. Encryption Types 
-    
-   There are two encryption types used in these encryption types. The 
-   Kerberos constants for these types are: 
-        #define KERB_ETYPE_RC4_HMAC             23 
-        #define KERB_ETYPE_RC4_HMAC_EXP         24 
-    
-   The basic encryption function is defined as follow: 
-    
-   T = the message type, encoded as a little-endian four byte integer. 
-  
-Swift                  Category - Informational                      3 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-    
-        BYTE L40[14] = "fortybits"; 
-        BYTE SK = "signaturekey"; 
-         
-        ENCRYPT (K, fRC4_EXP, T, data, data_len, edata, edata_len) 
-        { 
-            if (fRC4_EXP){ 
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 10 + 4, K1); 
-            }else{ 
-                HMAC (K, &T, 4, K1); 
-            } 
-            memcpy (K2, K1, 16); 
-            if (fRC4_EXP) memset (K1+7, 0xAB, 9); 
-            add_8_random_bytes(data, data_len, conf_plus_data); 
-            HMAC (K2, conf_plus_data, 8 + data_len, checksum); 
-            HMAC (K1, checksum, 16, K3); 
-            RC4(K3, conf_plus_data, 8 + data_len, edata + 16); 
-            memcpy (edata, checksum, 16); 
-            edata_len = 16 + 8 + data_len; 
-        }         
-         
-        DECRYPT (K, fRC4_EXP, T, edata, edata_len, data, data_len) 
-        { 
-            if (fRC4_EXP){ 
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K1); 
-            }else{ 
-                HMAC (K, &T, 4, K1); 
-            } 
-            memcpy (K2, K1, 16); 
-            if (fRC4_EXP) memset (K1+7, 0xAB, 9); 
-            HMAC (K1, edata, 16, K3); // checksum is at edata 
-            RC4(K3, edata + 16, edata_len - 16, edata + 16); 
-            data_len = edata_len - 16 - 8; 
-            memcpy (data, edata + 16 + 8, data_len); 
-             
-            // verify generated and received checksums 
-            HMAC (K2, edata + 16, edata_len - 16, checksum); 
-            if (memcmp(edata, checksum, 16) != 0)  
-                printf("CHECKSUM ERROR  !!!!!!\n"); 
-        } 
-    
-   The header field on the encrypted data in KDC messages is: 
-    
-        typedef struct _RC4_MDx_HEADER { 
-            UCHAR Checksum[16]; 
-            UCHAR Confounder[8]; 
-        } RC4_MDx_HEADER, *PRC4_MDx_HEADER; 
-         
-   The KDC message is encrypted using the ENCRYPT function not 
-   including the Checksum in the RC4_MDx_HEADER. 
-    
-  
-Swift                  Category - Informational                      4 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-7. Key Strength Negotiation 
-    
-   A Kerberos client and server can negotiate over key length if they 
-   are using mutual authentication. If the client is unable to perform 
-   full strength encryption, it may propose a key in the "subkey" field 
-   of the authenticator, using a weaker encryption type. The server 
-   must then either return the same key or suggest its own key in the 
-   subkey field of the AP reply message. The key used to encrypt data 
-   is derived from the key returned by the server. If the client is 
-   able to perform strong encryption but the server is not, it may 
-   propose a subkey in the AP reply without first being sent a subkey 
-   in the authenticator. 
- 
-8. GSSAPI Kerberos V5 Mechanism Type  
- 
-8.1 Mechanism Specific Changes 
-    
-   The GSSAPI per-message tokens also require new checksum and 
-   encryption types. The GSS-API per-message tokens must be changed to 
-   support these new encryption types (See [5] Section 1.2.2). The 
-   sealing algorithm identifier (SEAL_ALG) for an RC4 based encryption 
-   is: 
-        Byte 4..5 SEAL_ALG      0x10 0x00 - RC4 
-    
-   The signing algorithm identifier (SGN_ALG) for MD5 HMAC is: 
-        Byte 2..3 SGN ALG       0x11 0x00 - HMAC 
-    
-   The only support quality of protection is: 
-        #define GSS_KRB5_INTEG_C_QOP_DEFAULT    0x0 
-    
-   In addition, when using an RC4 based encryption type, the sequence 
-   number is sent in big-endian rather than little-endian order. 
-    
-   The Windows 2000 implementation also defines new GSSAPI flags in the 
-   initial token passed when initializing a security context. These 
-   flags are passed in the checksum field of the authenticator (See [5] 
-   Section 1.1.1). 
-    
-   GSS_C_DCE_STYLE - This flag was added for use with Microsoft�s 
-   implementation of DCE RPC, which initially expected three legs of 
-   authentication. Setting this flag causes an extra AP reply to be 
-   sent from the client back to the server after receiving the server�s 
-   AP reply. In addition, the context negotiation tokens do not have 
-   GSSAPI framing - they are raw AP message and do not include object 
-   identifiers. 
-        #define GSS_C_DCE_STYLE                 0x1000 
-    
-
-  
-Swift                  Category - Informational                      5 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-   GSS_C_IDENTIFY_FLAG - This flag allows the client to indicate to the 
-   server that it should only allow the server application to identify 
-   the client by name and ID, but not to impersonate the client. 
-        #define GSS_C_IDENTIFY_FLAG             0x2000 
-         
-   GSS_C_EXTENDED_ERROR_FLAG - Setting this flag indicates that the 
-   client wants to be informed of extended error information. In 
-   particular, Windows 2000 status codes may be returned in the data 
-   field of a Kerberos error message. This allows the client to 
-   understand a server failure more precisely. In addition, the server 
-   may return errors to the client that are normally handled at the 
-   application layer in the server, in order to let the client try to 
-   recover. After receiving an error message, the client may attempt to 
-   resubmit an AP request. 
-        #define GSS_C_EXTENDED_ERROR_FLAG       0x4000 
-    
-   These flags are only used if a client is aware of these conventions 
-   when using the SSPI on the Windows platform, they are not generally 
-   used by default. 
-    
-   When NetBIOS addresses are used in the GSSAPI, they are identified 
-   by the GSS_C_AF_NETBIOS value. This value is defined as: 
-        #define GSS_C_AF_NETBIOS                0x14 
-   NetBios addresses are 16-octet addresses typically composed of 1 to 
-                                                                 th
-   15 characters, trailing blank (ascii char 20) filled, with a 16  
-   octet of 0x0. 
-    
-8.2 GSSAPI Checksum Type 
-    
-   The GSSAPI checksum type and algorithm is defined in Section 5. Only 
-   the first 8 octets of the checksum are used. The resulting checksum 
-   is stored in the SGN_CKSUM field (See [5] Section 1.2) for 
-   GSS_GetMIC() and GSS_Wrap(conf_flag=FALSE). 
-    
-        MIC (K, fRC4_EXP, seq_num, MIC_hdr, msg, msg_len, 
-             MIC_seq, MIC_checksum) 
-        { 
-            HMAC (K, SK, 13, K4); 
-            T = 15; 
-            memcpy (T_plus_hdr_plus_msg + 00, &T, 4); 
-            memcpy (T_plus_hdr_plus_msg + 04, MIC_hdr, 8);  
-                                                // 0101 1100 FFFFFFFF 
-            memcpy (T_plus_hdr_plus_msg + 12, msg, msg_len); 
-            MD5 (T_hdr_msg, 4 + 8 + msg_len, MD5_of_T_hdr_msg); 
-            HMAC (K4, MD5_of_T_hdr_msg, CHKSUM); 
-            memcpy (MIC_checksum, CHKSUM, 8); // use only first 8 bytes 
-          
-            T = 0; 
-            if (fRC4_EXP){  
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K5); 
-            }else{ 
-                HMAC (K, &T, 4, K5); 
-  
-Swift                  Category - Informational                      6 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-            } 
-            if (fRC4_EXP) memset(K5+7, 0xAB, 9); 
-            HMAC(K5, MIT_checksum, 8, K6); 
-            copy_seq_num_in_big_endian(seq_num, seq_plus_direction); 
-        //0x12345678 
-            copy_direction_flag (direction_flag, seq_plus_direction + 
-        4); //0x12345678FFFFFFFF 
-            RC4(K6, seq_plus_direction, 8, MIC_seq); 
-        } 
-    
-8.3 GSSAPI Encryption Types 
-    
-   There are two encryption types for GSSAPI message tokens, one that 
-   is 128 bits in strength, and one that is 56 bits in strength as 
-   defined in Section 6. 
-    
-   All padding is rounded up to 1 byte. One byte is needed to say that 
-   there is 1 byte of padding. The DES based mechanism type uses 8 byte 
-   padding. See [5] Section 1.2.2.3. 
-    
-   The encryption mechanism used for GSS wrap based messages is as 
-   follow: 
-    
-    
-        WRAP (K, fRC4_EXP, seq_num, WRAP_hdr, msg, msg_len, 
-              WRAP_seq, WRAP_checksum, edata, edata_len) 
-        { 
-            HMAC (K, SK, 13, K7); 
-            T = 13; 
-            PAD = 1; 
-            memcpy (T_hdr_conf_msg_pad + 00, &T, 4); 
-            memcpy (T_hdr_conf_msg_pad + 04, WRAP_hdr, 8); // 0101 1100 
-        FFFFFFFF 
-            memcpy (T_hdr_conf_msg_pad + 12, msg, msg_len); 
-            memcpy (T_hdr_conf_msg_pad + 12 + msg_len, &PAD, 1); 
-            MD5 (T_hdr_conf_msg_pad, 
-                 4 + 8 + 8 + msg_len + 1, 
-                 MD5_of_T_hdr_conf_msg_pad); 
-            HMAC (K7, MD5_of_T_hdr_conf_msg_pad, CHKSUM); 
-            memcpy (WRAP_checksum, CHKSUM, 8); // use only first 8 
-        bytes 
-          
-            T = 0; 
-            if (fRC4_EXP){  
-                *((DWORD *)(L40+10)) = T; 
-                HMAC (K, L40, 14, K8); 
-            }else{ 
-                HMAC (K, &T, 4, K8); 
-            } 
-            if (fRC4_EXP) memset(K8+7, 0xAB, 9); 
-            HMAC(K8, WRAP_checksum, 8, K9); 
-            copy_seq_num_in_big_endian(seq_num, seq_plus_direction); 
-        //0x12345678 
-  
-Swift                  Category - Informational                      7 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
-            copy_direction_flag (direction_flag, seq_plus_direction + 
-        4); //0x12345678FFFFFFFF 
-            RC4(K9, seq_plus_direction, 8, WRAP_seq); 
-          
-            for (i = 0; i < 16; i++) K10 [i] ^= 0xF0; // XOR each byte 
-        of key with 0xF0 
-            T = 0; 
-            if (fRC4_EXP){ 
-                *(DWORD *)(L40+10) = T; 
-                HMAC(K10, L40, 14, K11); 
-                memset(K11+7, 0xAB, 9); 
-            }else{ 
-                HMAC(K10, &T, 4, K11);  
-            } 
-            HMAC(K11, seq_num, 4, K12); 
-            RC4(K12, T_hdr_conf_msg_pad + 4 + 8, 8 + msg_len + 1, 
-        edata); /* skip T & hdr */ 
-            edata_len = 8 + msg_len + 1; // conf + msg_len + pad 
-         } 
-          
-    
-   The character constant "fortybits" evolved from the time when a 40-
-   bit key length was all that was exportable from the United States. 
-   It is now used to recognize that the key length is of "exportable" 
-   length. In this description, the key size is actually 56-bits. 
-    
-9. Security Considerations 
- 
-   Care must be taken in implementing this encryption type because it 
-   uses a stream cipher. If a different IV isn�t used in each direction 
-   when using a session key, the encryption is weak. By using the 
-   sequence number as an IV, this is avoided. 
-    
-10. Acknowledgements 
-    
-   We would like to thank Salil Dangi for the valuable input in 
-   refining the descriptions of the functions and review input. 
-     
-11. References 
- 
-   1  Bradner, S., "The Internet Standards Process -- Revision 3", BCP 
-      9, RFC 2026, October 1996. 
-    
-   2  Bradner, S., "Key words for use in RFCs to Indicate Requirement 
-      Levels", BCP 14, RFC 2119, March 1997 
-    
-   3  Krawczyk, H., Bellare, M., Canetti, R.,"HMAC: Keyed-Hashing for 
-      Message Authentication", RFC 2104, February 1997 
-    
-   4  Kohl, J., Neuman, C., "The Kerberos Network Authentication 
-      Service (V5)", RFC 1510, September 1993 
- 
- 
-  
-Swift                  Category - Informational                      8 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type       June 2000 
- 
- 
- 
-   5  Linn, J., "The Kerberos Version 5 GSS-API Mechanism", RFC-1964, 
-      June 1996 
- 
-   6  R. Rivest, "The MD4 Message-Digest Algorithm", RFC-1320, April 
-      1992 
- 
-   7  R. Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, April 
-      1992 
- 
-   8  Thayer, R. and K. Kaukonen, "A Stream Cipher Encryption             
-      Algorithm", Work in Progress. 
- 
-   9  RC4 is a proprietary encryption algorithm available under license 
-      from RSA Data Security Inc.  For licensing information, contact: 
-       
-         RSA Data Security, Inc. 
-         100 Marine Parkway 
-         Redwood City, CA 94065-1031 
- 
-   10 Neuman, C., Kohl, J., Ts'o, T., "The Kerberos Network 
-      Authentication Service (V5)", draft-ietf-cat-kerberos-revisions-
-      04.txt, June 25, 1999 
- 
-    
-12. Author's Addresses 
-    
-   Mike Swift 
-   Dept. of Computer Science 
-   Sieg Hall 
-   University of Washington 
-   Seattle, WA 98105 
-   Email: mikesw@cs.washington.edu  
-    
-   John Brezak 
-   Microsoft 
-   One Microsoft Way 
-   Redmond, Washington 
-   Email: jbrezak@microsoft.com 
-    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                  Category - Informational                      9 
-
-                Windows 2000 RC4-HMAC Kerberos E-Type    October 1999 
- 
- 
-    
-13. Full Copyright Statement 
- 
-   "Copyright (C) The Internet Society (2000). All Rights Reserved. 
-    
-   This document and translations of it may be copied and          
-   furnished to others, and derivative works that comment on or          
-   otherwise explain it or assist in its implementation may be          
-   prepared, copied, published and distributed, in whole or in          
-   part, without restriction of any kind, provided that the above          
-   copyright notice and this paragraph are included on all such          
-   copies and derivative works.  However, this document itself may          
-   not be modified in any way, such as by removing the copyright          
-   notice or references to the Internet Society or other Internet          
-   organizations, except as needed for the purpose of developing          
-   Internet standards in which case the procedures for copyrights          
-   defined in the Internet Standards process must be followed, or          
-   as required to translate it into languages other than English. 
-    
-   The limited permissions granted above are perpetual and will          
-   not be revoked by the Internet Society or its successors or          
-   assigns. 
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-Swift                  Category - Informational                     10 
-
diff --git a/crypto/heimdal/doc/standardisation/rfc1508.txt b/crypto/heimdal/doc/standardisation/rfc1508.txt
deleted file mode 100644
index 132b855e05e6..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc1508.txt
+++ /dev/null
@@ -1,2747 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            J. Linn
-Request for Comments: 1508                         Geer Zolot Associates
-                                                          September 1993
-
-
-         Generic Security Service Application Program Interface
-
-Status of this Memo
-
-   This RFC specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" for the standardization state and status
-   of this protocol.  Distribution of this memo is unlimited.
-
-Abstract
-
-   This Generic Security Service Application Program Interface (GSS-API)
-   definition provides security services to callers in a generic
-   fashion, supportable with a range of underlying mechanisms and
-   technologies and hence allowing source-level portability of
-   applications to different environments. This specification defines
-   GSS-API services and primitives at a level independent of underlying
-   mechanism and programming language environment, and is to be
-   complemented by other, related specifications:
-
-        documents defining specific parameter bindings for particular
-        language environments
-
-        documents defining token formats, protocols, and procedures to
-        be implemented in order to realize GSS-API services atop
-        particular security mechanisms
-
-Table of Contents
-
-   1. GSS-API Characteristics and Concepts .......................    2
-   1.1. GSS-API Constructs .......................................    5
-   1.1.1.  Credentials ...........................................    5
-   1.1.2.  Tokens ................................................    6
-   1.1.3.  Security Contexts .....................................    7
-   1.1.4.  Mechanism Types .......................................    8
-   1.1.5.  Naming ................................................    9
-   1.1.6.  Channel Bindings ......................................   10
-   1.2.  GSS-API Features and Issues .............................   11
-   1.2.1.  Status Reporting ......................................   11
-   1.2.2.  Per-Message Security Service Availability .............   12
-   1.2.3.  Per-Message Replay Detection and Sequencing ...........   13
-   1.2.4.  Quality of Protection .................................   15
-
-
-
-Linn                                                            [Page 1]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   2. Interface Descriptions .....................................   15
-   2.1.  Credential management calls .............................   17
-   2.1.1.  GSS_Acquire_cred call .................................   17
-   2.1.2.  GSS_Release_cred call .................................   19
-   2.1.3.  GSS_Inquire_cred call .................................   20
-   2.2.  Context-level calls .....................................   21
-   2.2.1.  GSS_Init_sec_context call .............................   21
-   2.2.2.  GSS_Accept_sec_context call ...........................   26
-   2.2.3.  GSS_Delete_sec_context call ...........................   29
-   2.2.4.  GSS_Process_context_token call ........................   30
-   2.2.5.  GSS_Context_time call .................................   31
-   2.3.  Per-message calls .......................................   32
-   2.3.1.  GSS_Sign call .........................................   32
-   2.3.2.  GSS_Verify call .......................................   33
-   2.3.3.  GSS_Seal call .........................................   35
-   2.3.4.  GSS_Unseal call .......................................   36
-   2.4.  Support calls ...........................................   37
-   2.4.1.  GSS_Display_status call ...............................   37
-   2.4.2.  GSS_Indicate_mechs call ...............................   38
-   2.4.3.  GSS_Compare_name call .................................   38
-   2.4.4.  GSS_Display_name call .................................   39
-   2.4.5.  GSS_Import_name call ..................................   40
-   2.4.6.  GSS_Release_name call .................................   41
-   2.4.7.  GSS_Release_buffer call ...............................   41
-   2.4.8.  GSS_Release_oid_set call ..............................   42
-   3. Mechanism-Specific Example Scenarios .......................   42
-   3.1.  Kerberos V5, single-TGT .................................   43
-   3.2.  Kerberos V5, double-TGT .................................   43
-   3.3.  X.509 Authentication Framework ..........................   44
-   4. Related Activities .........................................   45
-   5. Acknowledgments ............................................   46
-   6. Security Considerations ....................................   46
-   7. Author's Address ...........................................   46
-   Appendix A ....................................................   47
-   Appendix B ....................................................   48
-   Appendix C ....................................................   49
-
-1. GSS-API Characteristics and Concepts
-
-   The operational paradigm in which GSS-API operates is as follows. A
-   typical GSS-API caller is itself a communications protocol, calling
-   on GSS-API in order to protect its communications with
-   authentication, integrity, and/or confidentiality security services.
-   A GSS-API caller accepts tokens provided to it by its local GSS-API
-   implementation and transfers the tokens to a peer on a remote system;
-   that peer passes the received tokens to its local GSS-API
-   implementation for processing. The security services available
-   through GSS-API in this fashion are implementable (and have been
-
-
-
-Linn                                                            [Page 2]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   implemented) over a range of underlying mechanisms based on secret-
-   key and public-key cryptographic technologies.
-
-   The GSS-API separates the operations of initializing a security
-   context between peers, achieving peer entity authentication (This
-   security service definition, and other definitions used in this
-   document, corresponds to that provided in International Standard ISO
-   7498-2-1988(E), Security Architecture.) (GSS_Init_sec_context() and
-   GSS_Accept_sec_context() calls), from the operations of providing
-   per-message data origin authentication and data integrity protection
-   (GSS_Sign() and GSS_Verify() calls) for messages subsequently
-   transferred in conjunction with that context. Per-message GSS_Seal()
-   and GSS_Unseal() calls provide the data origin authentication and
-   data integrity services which GSS_Sign() and GSS_Verify() offer, and
-   also support selection of confidentiality services as a caller
-   option.  Additional calls provide supportive functions to the GSS-
-   API's users.
-
-   The following paragraphs provide an example illustrating the
-   dataflows involved in use of the GSS-API by a client and server in a
-   mechanism-independent fashion, establishing a security context and
-   transferring a protected message. The example assumes that credential
-   acquisition has already been completed.  The example assumes that the
-   underlying authentication technology is capable of authenticating a
-   client to a server using elements carried within a single token, and
-   of authenticating the server to the client (mutual authentication)
-   with a single returned token; this assumption holds for presently-
-   documented CAT mechanisms but is not necessarily true for other
-   cryptographic technologies and associated protocols.
-
-   The client calls GSS_Init_sec_context()  to establish a security
-   context to the server identified by targ_name, and elects to set the
-   mutual_req_flag so that mutual authentication is performed in the
-   course of context establishment. GSS_Init_sec_context()  returns an
-   output_token to be passed to the server, and indicates
-   GSS_CONTINUE_NEEDED status pending completion of the mutual
-   authentication sequence. Had mutual_req_flag not been set, the
-   initial call to GSS_Init_sec_context()  would have returned
-   GSS_COMPLETE status. The client sends the output_token to the server.
-
-   The server passes the received token as the input_token parameter to
-   GSS_Accept_sec_context().  GSS_Accept_sec_context indicates
-   GSS_COMPLETE status, provides the client's authenticated identity in
-   the src_name result, and provides an output_token to be passed to the
-   client. The server sends the output_token to the client.
-
-   The client passes the received token as the input_token parameter to
-   a successor call to GSS_Init_sec_context(),  which processes data
-
-
-
-Linn                                                            [Page 3]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   included in the token in order to achieve mutual authentication from
-   the client's viewpoint. This call to GSS_Init_sec_context()  returns
-   GSS_COMPLETE status, indicating successful mutual authentication and
-   the completion of context establishment for this example.
-
-   The client generates a data message and passes it to GSS_Seal().
-   GSS_Seal() performs data origin authentication, data integrity, and
-   (optionally) confidentiality processing on the message and
-   encapsulates the result into output_message, indicating GSS_COMPLETE
-   status. The client sends the output_message to the server.
-
-   The server passes the received message to GSS_Unseal().  GSS_Unseal
-   inverts the encapsulation performed by GSS_Seal(),  deciphers the
-   message if the optional confidentiality feature was applied, and
-   validates the data origin authentication and data integrity checking
-   quantities. GSS_Unseal()  indicates successful validation by
-   returning GSS_COMPLETE status along with the resultant
-   output_message.
-
-   For purposes of this example, we assume that the server knows by
-   out-of-band means that this context will have no further use after
-   one protected message is transferred from client to server. Given
-   this premise, the server now calls GSS_Delete_sec_context() to flush
-   context-level information. GSS_Delete_sec_context() returns a
-   context_token for the server to pass to the client.
-
-   The client passes the returned context_token to
-   GSS_Process_context_token(),  which returns GSS_COMPLETE status after
-   deleting context-level information at the client system.
-
-   The GSS-API design assumes and addresses several basic goals,
-   including:
-
-      Mechanism independence: The GSS-API defines an interface to
-      cryptographically implemented strong authentication and other
-      security services at a generic level which is independent of
-      particular underlying mechanisms. For example, GSS-API-provided
-      services can be implemented by secret-key technologies (e.g.,
-      Kerberos) or public-key approaches (e.g., X.509).
-
-      Protocol environment independence: The GSS-API is independent of
-      the communications protocol suites with which it is employed,
-      permitting use in a broad range of protocol environments. In
-      appropriate environments, an intermediate implementation "veneer"
-      which is oriented to a particular communication protocol (e.g.,
-      Remote Procedure Call (RPC)) may be interposed between
-      applications which call that protocol and the GSS-API, thereby
-      invoking GSS-API facilities in conjunction with that protocol's
-
-
-
-Linn                                                            [Page 4]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-      communications invocations.
-
-      Protocol association independence: The GSS-API's security context
-      construct is independent of communications protocol association
-      constructs. This characteristic allows a single GSS-API
-      implementation to be utilized by a variety of invoking protocol
-      modules on behalf of those modules' calling applications. GSS-API
-      services can also be invoked directly by applications, wholly
-      independent of protocol associations.
-
-      Suitability to a range of implementation placements: GSS-API
-      clients are not constrained to reside within any Trusted Computing
-      Base (TCB) perimeter defined on a system where the GSS-API is
-      implemented; security services are specified in a manner suitable
-      to both intra-TCB and extra-TCB callers.
-
-1.1. GSS-API Constructs
-
-   This section describes the basic elements comprising the GSS-API.
-
-1.1.1.  Credentials
-
-   Credentials structures provide the prerequisites enabling peers to
-   establish security contexts with each other. A caller may designate
-   that its default credential be used for context establishment calls
-   without presenting an explicit handle to that credential.
-   Alternately, those GSS-API callers which need to make explicit
-   selection of particular credentials structures may make references to
-   those credentials through GSS-API-provided credential handles
-   ("cred_handles").
-
-   A single credential structure may be used for initiation of outbound
-   contexts and acceptance of inbound contexts. Callers needing to
-   operate in only one of these modes may designate this fact when
-   credentials are acquired for use, allowing underlying mechanisms to
-   optimize their processing and storage requirements. The credential
-   elements defined by a particular mechanism may contain multiple
-   cryptographic keys, e.g., to enable authentication and message
-   encryption to be performed with different algorithms.
-
-   A single credential structure may accommodate credential information
-   associated with multiple underlying mechanisms (mech_types); a
-   credential structure's contents will vary depending on the set of
-   mech_types supported by a particular GSS-API implementation.
-   Commonly, a single mech_type will be used for all security contexts
-   established by a particular initiator to a particular target; the
-   primary motivation for supporting credential sets representing
-   multiple mech_types is to allow initiators on systems which are
-
-
-
-Linn                                                            [Page 5]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   equipped to handle multiple types to initiate contexts to targets on
-   other systems which can accommodate only a subset of the set
-   supported at the initiator's system.
-
-   It is the responsibility of underlying system-specific mechanisms and
-   OS functions below the GSS-API to ensure that the ability to acquire
-   and use credentials associated with a given identity is constrained
-   to appropriate processes within a system. This responsibility should
-   be taken seriously by implementors, as the ability for an entity to
-   utilize a principal's credentials is equivalent to the entity's
-   ability to successfully assert that principal's identity.
-
-   Once a set of GSS-API credentials is established, the transferability
-   of that credentials set to other processes or analogous constructs
-   within a system is a local matter, not defined by the GSS-API. An
-   example local policy would be one in which any credentials received
-   as a result of login to a given user account, or of delegation of
-   rights to that account, are accessible by, or transferable to,
-   processes running under that account.
-
-   The credential establishment process (particularly when performed on
-   behalf of users rather than server processes) is likely to require
-   access to passwords or other quantities which should be protected
-   locally and exposed for the shortest time possible. As a result, it
-   will often be appropriate for preliminary credential establishment to
-   be performed through local means at user login time, with the
-   result(s) cached for subsequent reference. These preliminary
-   credentials would be set aside (in a system-specific fashion) for
-   subsequent use, either:
-
-      to be accessed by an invocation of the GSS-API GSS_Acquire_cred()
-      call, returning an explicit handle to reference that credential
-
-      as the default credentials installed on behalf of a process
-
-1.1.2. Tokens
-
-   Tokens are data elements transferred between GSS-API callers, and are
-   divided into two classes. Context-level tokens are exchanged in order
-   to establish and manage a security context between peers. Per-message
-   tokens are exchanged in conjunction with an established context to
-   provide protective security services for corresponding data messages.
-   The internal contents of both classes of tokens are specific to the
-   particular underlying mechanism used to support the GSS-API; Appendix
-   B of this document provides a uniform recommendation for designers of
-   GSS-API support mechanisms, encapsulating mechanism-specific
-   information along with a globally-interpretable mechanism identifier.
-
-
-
-
-Linn                                                            [Page 6]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   Tokens are opaque from the viewpoint of GSS-API callers. They are
-   generated within the GSS-API implementation at an end system,
-   provided to a GSS-API caller to be transferred to the peer GSS-API
-   caller at a remote end system, and processed by the GSS-API
-   implementation at that remote end system. Tokens may be output by
-   GSS-API primitives (and are to be transferred to GSS-API peers)
-   independent of the status indications which those primitives
-   indicate. Token transfer may take place in an in-band manner,
-   integrated into the same protocol stream used by the GSS-API callers
-   for other data transfers, or in an out-of-band manner across a
-   logically separate channel.
-
-   Development of GSS-API support primitives based on a particular
-   underlying cryptographic technique and protocol does not necessarily
-   imply that GSS-API callers invoking that GSS-API mechanism type will
-   be able to interoperate with peers invoking the same technique and
-   protocol outside the GSS-API paradigm.  For example, the format of
-   GSS-API tokens defined in conjunction with a particular mechanism,
-   and the techniques used to integrate those tokens into callers'
-   protocols, may not be the same as those used by non-GSS-API callers
-   of the same underlying technique.
-
-1.1.3.  Security Contexts
-
-   Security contexts are established between peers, using credentials
-   established locally in conjunction with each peer or received by
-   peers via delegation. Multiple contexts may exist simultaneously
-   between a pair of peers, using the same or different sets of
-   credentials. Coexistence of multiple contexts using different
-   credentials allows graceful rollover when credentials expire.
-   Distinction among multiple contexts based on the same credentials
-   serves applications by distinguishing different message streams in a
-   security sense.
-
-   The GSS-API is independent of underlying protocols and addressing
-   structure, and depends on its callers to transport GSS-API-provided
-   data elements. As a result of these factors, it is a caller
-   responsibility to parse communicated messages, separating GSS-API-
-   related data elements from caller-provided data.  The GSS-API is
-   independent of connection vs. connectionless orientation of the
-   underlying communications service.
-
-   No correlation between security context and communications protocol
-   association is dictated. (The optional channel binding facility,
-   discussed in Section 1.1.6 of this document, represents an
-   intentional exception to this rule, supporting additional protection
-   features within GSS-API supporting mechanisms.) This separation
-   allows the GSS-API to be used in a wide range of communications
-
-
-
-Linn                                                            [Page 7]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   environments, and also simplifies the calling sequences of the
-   individual calls. In many cases (depending on underlying security
-   protocol, associated mechanism, and availability of cached
-   information), the state information required for context setup can be
-   sent concurrently with initial signed user data, without interposing
-   additional message exchanges.
-
-1.1.4.  Mechanism Types
-
-   In order to successfully establish a security context with a target
-   peer, it is necessary to identify an appropriate underlying mechanism
-   type (mech_type) which both initiator and target peers support. The
-   definition of a mechanism embodies not only the use of a particular
-   cryptographic technology (or a hybrid or choice among alternative
-   cryptographic technologies), but also definition of the syntax and
-   semantics of data element exchanges which that mechanism will employ
-   in order to support security services.
-
-   It is recommended that callers initiating contexts specify the
-   "default" mech_type value, allowing system-specific functions within
-   or invoked by the GSS-API implementation to select the appropriate
-   mech_type, but callers may direct that a particular mech_type be
-   employed when necessary.
-
-   The means for identifying a shared mech_type to establish a security
-   context with a peer will vary in different environments and
-   circumstances; examples include (but are not limited to):
-
-      use of a fixed mech_type, defined by configuration, within an
-      environment
-
-      syntactic convention on a target-specific basis, through
-      examination of a target's name
-
-      lookup of a target's name in a naming service or other database in
-      order to identify mech_types supported by that target
-
-      explicit negotiation between GSS-API callers in advance of
-      security context setup
-
-   When transferred between GSS-API peers, mech_type specifiers (per
-   Appendix B, represented as Object Identifiers (OIDs)) serve to
-   qualify the interpretation of associated tokens. (The structure and
-   encoding of Object Identifiers is defined in ISO/IEC 8824,
-   "Specification of Abstract Syntax Notation One (ASN.1)" and in
-   ISO/IEC 8825, "Specification of Basic Encoding Rules for Abstract
-   Syntax Notation One (ASN.1)".) Use of hierarchically structured OIDs
-   serves to preclude ambiguous interpretation of mech_type specifiers.
-
-
-
-Linn                                                            [Page 8]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   The OID representing the DASS MechType, for example, is
-   1.3.12.2.1011.7.5.
-
-1.1.5.  Naming
-
-   The GSS-API avoids prescription of naming structures, treating the
-   names transferred across the interface in order to initiate and
-   accept security contexts as opaque octet string quantities.  This
-   approach supports the GSS-API's goal of implementability atop a range
-   of underlying security mechanisms, recognizing the fact that
-   different mechanisms process and authenticate names which are
-   presented in different forms. Generalized services offering
-   translation functions among arbitrary sets of naming environments are
-   outside the scope of the GSS-API; availability and use of local
-   conversion functions to translate among the naming formats supported
-   within a given end system is anticipated.
-
-   Two distinct classes of name representations are used in conjunction
-   with different GSS-API parameters:
-
-      a printable form (denoted by OCTET STRING), for acceptance from
-      and presentation to users; printable name forms are accompanied by
-      OID tags identifying the namespace to which they correspond
-
-      an internal form (denoted by INTERNAL NAME), opaque to callers and
-      defined by individual GSS-API implementations; GSS-API
-      implementations supporting multiple namespace types are
-      responsible for maintaining internal tags to disambiguate the
-      interpretation of particular names
-
-      Tagging of printable names allows GSS-API callers and underlying
-      GSS-API mechanisms to disambiguate name types and to determine
-      whether an associated name's type is one which they are capable of
-      processing, avoiding aliasing problems which could result from
-      misinterpreting a name of one type as a name of another type.
-
-   In addition to providing means for names to be tagged with types,
-   this specification defines primitives to support a level of naming
-   environment independence for certain calling applications. To provide
-   basic services oriented towards the requirements of callers which
-   need not themselves interpret the internal syntax and semantics of
-   names, GSS-API calls for name comparison (GSS_Compare_name()),
-   human-readable display (GSS_Display_name()),  input conversion
-   (GSS_Import_name()), and internal name deallocation
-   (GSS_Release_name())  functions are defined. (It is anticipated that
-   these proposed GSS-API calls will be implemented in many end systems
-   based on system-specific name manipulation primitives already extant
-   within those end systems; inclusion within the GSS-API is intended to
-
-
-
-Linn                                                            [Page 9]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   offer GSS-API callers a portable means to perform specific
-   operations, supportive of authorization and audit requirements, on
-   authenticated names.)
-
-   GSS_Import_name()  implementations can, where appropriate, support
-   more than one printable syntax corresponding to a given namespace
-   (e.g., alternative printable representations for X.500 Distinguished
-   Names), allowing flexibility for their callers to select among
-   alternative representations. GSS_Display_name() implementations
-   output a printable syntax selected as appropriate to their
-   operational environments; this selection is a local matter. Callers
-   desiring portability across alternative printable syntaxes should
-   refrain from implementing comparisons based on printable name forms
-   and should instead use the GSS_Compare_name()  call to determine
-   whether or not one internal-format name matches another.
-
-1.1.6.  Channel Bindings
-
-   The GSS-API accommodates the concept of caller-provided channel
-   binding ("chan_binding") information, used by GSS-API callers to bind
-   the establishment of a security context to relevant characteristics
-   (e.g., addresses, transformed representations of encryption keys) of
-   the underlying communications channel and of protection mechanisms
-   applied to that communications channel.  Verification by one peer of
-   chan_binding information provided by the other peer to a context
-   serves to protect against various active attacks. The caller
-   initiating a security context must determine the chan_binding values
-   before making the GSS_Init_sec_context()  call, and consistent values
-   must be provided by both peers to a context. Callers should not
-   assume that underlying mechanisms provide confidentiality protection
-   for channel binding information.
-
-   Use or non-use of the GSS-API channel binding facility is a caller
-   option, and GSS-API supporting mechanisms can support operation in an
-   environment where NULL channel bindings are presented. When non-NULL
-   channel bindings are used, certain mechanisms will offer enhanced
-   security value by interpreting the bindings' content (rather than
-   simply representing those bindings, or signatures computed on them,
-   within tokens) and will therefore depend on presentation of specific
-   data in a defined format. To this end, agreements among mechanism
-   implementors are defining conventional interpretations for the
-   contents of channel binding arguments, including address specifiers
-   (with content dependent on communications protocol environment) for
-   context initiators and acceptors. (These conventions are being
-   incorporated into related documents.) In order for GSS-API callers to
-   be portable across multiple mechanisms and achieve the full security
-   functionality available from each mechanism, it is strongly
-   recommended that GSS-API callers provide channel bindings consistent
-
-
-
-Linn                                                           [Page 10]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   with these conventions and those of the networking environment in
-   which they operate.
-
-1.2.  GSS-API Features and Issues
-
-   This section describes aspects of GSS-API operations, of the security
-   services which the GSS-API provides, and provides commentary on
-   design issues.
-
-1.2.1.  Status Reporting
-
-   Each GSS-API call provides two status return values. Major_status
-   values provide a mechanism-independent indication of call status
-   (e.g., GSS_COMPLETE, GSS_FAILURE, GSS_CONTINUE_NEEDED), sufficient to
-   drive normal control flow within the caller in a generic fashion.
-   Table 1 summarizes the defined major_status return codes in tabular
-   fashion.
-
-   Table 1: GSS-API Major Status Codes
-
-      FATAL ERROR CODES
-
-      GSS_BAD_BINDINGS             channel binding mismatch
-      GSS_BAD_MECH                 unsupported mechanism requested
-      GSS_BAD_NAME                 invalid name provided
-      GSS_BAD_NAMETYPE             name of unsupported type provided
-      GSS_BAD_STATUS               invalid input status selector
-      GSS_BAD_SIG                  token had invalid signature
-      GSS_CONTEXT_EXPIRED          specified security context expired
-      GSS_CREDENTIALS_EXPIRED      expired credentials detected
-      GSS_DEFECTIVE_CREDENTIAL     defective credential detected
-      GSS_DEFECTIVE_TOKEN          defective token detected
-      GSS_FAILURE                  failure, unspecified at GSS-API
-                                   level
-      GSS_NO_CONTEXT               no valid security context specified
-      GSS_NO_CRED                  no valid credentials provided
-
-      INFORMATORY STATUS CODES
-
-      GSS_COMPLETE                 normal completion
-      GSS_CONTINUE_NEEDED          continuation call to routine
-                                   required
-      GSS_DUPLICATE_TOKEN          duplicate per-message token
-                                   detected
-      GSS_OLD_TOKEN                timed-out per-message token
-                                   detected
-      GSS_UNSEQ_TOKEN              out-of-order per-message token
-                                   detected
-
-
-
-Linn                                                           [Page 11]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   Minor_status provides more detailed status information which may
-   include status codes specific to the underlying security mechanism.
-   Minor_status values are not specified in this document.
-
-   GSS_CONTINUE_NEEDED major_status returns, and optional message
-   outputs, are provided in GSS_Init_sec_context()  and
-   GSS_Accept_sec_context()  calls so that different mechanisms'
-   employment of different numbers of messages within their
-   authentication sequences need not be reflected in separate code paths
-   within calling applications. Instead, such cases are accomodated with
-   sequences of continuation calls to GSS_Init_sec_context()  and
-   GSS_Accept_sec_context().  The same mechanism is used to encapsulate
-   mutual authentication within the GSS-API's context initiation calls.
-
-   For mech_types which require interactions with third-party servers in
-   order to establish a security context, GSS-API context establishment
-   calls may block pending completion of such third-party interactions.
-   On the other hand, no GSS-API calls pend on serialized interactions
-   with GSS-API peer entities.  As a result, local GSS-API status
-   returns cannot reflect unpredictable or asynchronous exceptions
-   occurring at remote peers, and reflection of such status information
-   is a caller responsibility outside the GSS-API.
-
-1.2.2. Per-Message Security Service Availability
-
-   When a context is established, two flags are returned to indicate the
-   set of per-message protection security services which will be
-   available on the context:
-
-      the integ_avail flag indicates whether per-message integrity and
-      data origin authentication services are available
-
-      the conf_avail flag indicates whether per-message confidentiality
-      services are available, and will never be returned TRUE unless the
-      integ_avail flag is also returned TRUE
-
-      GSS-API callers desiring per-message security services should
-      check the values of these flags at context establishment time, and
-      must be aware that a returned FALSE value for integ_avail means
-      that invocation of GSS_Sign()  or GSS_Seal() primitives on the
-      associated context will apply no cryptographic protection to user
-      data messages.
-
-   The GSS-API per-message protection service primitives, as the
-   category name implies, are oriented to operation at the granularity
-   of protocol data units. They perform cryptographic operations on the
-   data units, transfer cryptographic control information in tokens,
-   and, in the case of GSS_Seal(), encapsulate the protected data unit.
-
-
-
-Linn                                                           [Page 12]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   As such, these primitives are not oriented to efficient data
-   protection for stream-paradigm protocols (e.g., Telnet) if
-   cryptography must be applied on an octet-by-octet basis.
-
-1.2.3. Per-Message Replay Detection and Sequencing
-
-   Certain underlying mech_types are expected to offer support for
-   replay detection and/or sequencing of messages transferred on the
-   contexts they support. These optionally-selectable protection
-   features are distinct from replay detection and sequencing features
-   applied to the context establishment operation itself; the presence
-   or absence of context-level replay or sequencing features is wholly a
-   function of the underlying mech_type's capabilities, and is not
-   selected or omitted as a caller option.
-
-   The caller initiating a context provides flags (replay_det_req_flag
-   and sequence_req_flag) to specify whether the use of per-message
-   replay detection and sequencing features is desired on the context
-   being established. The GSS-API implementation at the initiator system
-   can determine whether these features are supported (and whether they
-   are optionally selectable) as a function of mech_type, without need
-   for bilateral negotiation with the target. When enabled, these
-   features provide recipients with indicators as a result of GSS-API
-   processing of incoming messages, identifying whether those messages
-   were detected as duplicates or out-of-sequence. Detection of such
-   events does not prevent a suspect message from being provided to a
-   recipient; the appropriate course of action on a suspect message is a
-   matter of caller policy.
-
-   The semantics of the replay detection and sequencing services applied
-   to received messages, as visible across the interface which the GSS-
-   API provides to its clients, are as follows:
-
-   When replay_det_state is TRUE, the possible major_status returns for
-   well-formed and correctly signed messages are as follows:
-
-      1. GSS_COMPLETE indicates that the message was within the window
-      (of time or sequence space) allowing replay events to be detected,
-      and that the message was not a replay of a previously-processed
-      message within that window.
-
-      2. GSS_DUPLICATE_TOKEN indicates that the signature on the
-      received message was correct, but that the message was recognized
-      as a duplicate of a previously-processed message.
-
-      3. GSS_OLD_TOKEN indicates that the signature on the received
-      message was correct, but that the message is too old to be checked
-      for duplication.
-
-
-
-Linn                                                           [Page 13]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   When sequence_state is TRUE, the possible major_status returns for
-   well-formed and correctly signed messages are as follows:
-
-      1. GSS_COMPLETE indicates that the message was within the window
-      (of time or sequence space) allowing replay events to be detected,
-      and that the message was not a replay of a previously-processed
-      message within that window.
-
-      2. GSS_DUPLICATE_TOKEN indicates that the signature on the
-      received message was correct, but that the message was recognized
-      as a duplicate of a previously-processed message.
-
-      3. GSS_OLD_TOKEN indicates that the signature on the received
-      message was correct, but that the token is too old to be checked
-      for duplication.
-
-      4. GSS_UNSEQ_TOKEN indicates that the signature on the received
-      message was correct, but that it is earlier in a sequenced stream
-      than a message already processed on the context.  [Note:
-      Mechanisms can be architected to provide a stricter form of
-      sequencing service, delivering particular messages to recipients
-      only after all predecessor messages in an ordered stream have been
-      delivered.  This type of support is incompatible with the GSS-API
-      paradigm in which recipients receive all messages, whether in
-      order or not, and provide them (one at a time, without intra-GSS-
-      API message buffering) to GSS-API routines for validation.  GSS-
-      API facilities provide supportive functions, aiding clients to
-      achieve strict message stream integrity in an efficient manner in
-      conjunction with sequencing provisions in communications
-      protocols, but the GSS-API does not offer this level of message
-      stream integrity service by itself.]
-
-   As the message stream integrity features (especially sequencing) may
-   interfere with certain applications' intended communications
-   paradigms, and since support for such features is likely to be
-   resource intensive, it is highly recommended that mech_types
-   supporting these features allow them to be activated selectively on
-   initiator request when a context is established. A context initiator
-   and target are provided with corresponding indicators
-   (replay_det_state and sequence_state), signifying whether these
-   features are active on a given context.
-
-   An example mech_type supporting per-message replay detection could
-   (when replay_det_state is TRUE) implement the feature as follows: The
-   underlying mechanism would insert timestamps in data elements output
-   by GSS_Sign() and GSS_Seal(), and would maintain (within a time-
-   limited window) a cache (qualified by originator-recipient pair)
-   identifying received data elements processed by GSS_Verify() and
-
-
-
-Linn                                                           [Page 14]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   GSS_Unseal(). When this feature is active, exception status returns
-   (GSS_DUPLICATE_TOKEN, GSS_ OLD_TOKEN) will be provided when
-   GSS_Verify() or GSS_Unseal() is presented with a message which is
-   either a detected duplicate of a prior message or which is too old to
-   validate against a cache of recently received messages.
-
-1.2.4.  Quality of Protection
-
-   Some mech_types will provide their users with fine granularity
-   control over the means used to provide per-message protection,
-   allowing callers to trade off security processing overhead
-   dynamically against the protection requirements of particular
-   messages. A per-message quality-of-protection parameter (analogous to
-   quality-of-service, or QOS) selects among different QOP options
-   supported by that mechanism. On context establishment for a multi-QOP
-   mech_type, context-level data provides the prerequisite data for a
-   range of protection qualities.
-
-   It is expected that the majority of callers will not wish to exert
-   explicit mechanism-specific QOP control and will therefore request
-   selection of a default QOP. Definitions of, and choices among, non-
-   default QOP values are mechanism-specific, and no ordered sequences
-   of QOP values can be assumed equivalent across different mechanisms.
-   Meaningful use of non-default QOP values demands that callers be
-   familiar with the QOP definitions of an underlying mechanism or
-   mechanisms, and is therefore a non-portable construct.
-
-2.  Interface Descriptions
-
-   This section describes the GSS-API's service interface, dividing the
-   set of calls offered into four groups. Credential management calls
-   are related to the acquisition and release of credentials by
-   principals. Context-level calls are related to the management of
-   security contexts between principals. Per-message calls are related
-   to the protection of individual messages on established security
-   contexts. Support calls provide ancillary functions useful to GSS-API
-   callers. Table 2 groups and summarizes the calls in tabular fashion.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                                                           [Page 15]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-      Table 2:  GSS-API Calls
-
-      CREDENTIAL MANAGEMENT
-
-      GSS_Acquire_cred             acquire credentials for use
-      GSS_Release_cred             release credentials after use
-      GSS_Inquire_cred             display information about
-                                   credentials
-
-      CONTEXT-LEVEL CALLS
-
-      GSS_Init_sec_context         initiate outbound security context
-      GSS_Accept_sec_context       accept inbound security context
-      GSS_Delete_sec_context       flush context when no longer needed
-      GSS_Process_context_token    process received control token on
-                                   context
-      GSS_Context_time             indicate validity time remaining on
-                                   context
-
-      PER-MESSAGE CALLS
-
-      GSS_Sign                     apply signature, receive as token
-                                   separate from message
-      GSS_Verify                   validate signature token along with
-                                   message
-      GSS_Seal                     sign, optionally encrypt,
-                                   encapsulate
-      GSS_Unseal                   decapsulate, decrypt if needed,
-                                   validate signature
-
-      SUPPORT CALLS
-
-      GSS_Display_status           translate status codes to printable
-                                   form
-      GSS_Indicate_mechs           indicate mech_types supported on
-                                   local system
-      GSS_Compare_name             compare two names for equality
-      GSS_Display_name             translate name to printable form
-      GSS_Import_name              convert printable name to
-                                   normalized form
-      GSS_Release_name             free storage of normalized-form
-                                   name
-      GSS_Release_buffer           free storage of printable name
-      GSS_Release_oid_set          free storage of OID set object
-
-
-
-
-
-
-
-Linn                                                           [Page 16]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-2.1.  Credential management calls
-
-   These GSS-API calls provide functions related to the management of
-   credentials. Their characterization with regard to whether or not
-   they may block pending exchanges with other network entities (e.g.,
-   directories or authentication servers) depends in part on OS-specific
-   (extra-GSS-API) issues, so is not specified in this document.
-
-   The GSS_Acquire_cred()  call is defined within the GSS-API in support
-   of application portability, with a particular orientation towards
-   support of portable server applications. It is recognized that (for
-   certain systems and mechanisms) credentials for interactive users may
-   be managed differently from credentials for server processes; in such
-   environments, it is the GSS-API implementation's responsibility to
-   distinguish these cases and the procedures for making this
-   distinction are a local matter. The GSS_Release_cred()  call provides
-   a means for callers to indicate to the GSS-API that use of a
-   credentials structure is no longer required. The GSS_Inquire_cred()
-   call allows callers to determine information about a credentials
-   structure.
-
-2.1.1.  GSS_Acquire_cred call
-
-   Inputs:
-
-   o  desired_name INTERNAL NAME, -NULL requests locally-determined
-      default
-
-   o  lifetime_req INTEGER,-in seconds; 0 requests default
-
-   o  desired_mechs SET OF OBJECT IDENTIFIER,-empty set requests
-      system-selected default
-
-   o  cred_usage INTEGER-0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-      2=ACCEPT-ONLY
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_cred_handle OCTET STRING,
-
-   o  actual_mechs SET OF OBJECT IDENTIFIER,
-
-   o  lifetime_rec INTEGER -in seconds, or reserved value for
-      INDEFINITE
-
-
-
-Linn                                                           [Page 17]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that requested credentials were
-      successfully established, for the duration indicated in
-      lifetime_rec, suitable for the usage requested in cred_usage, for
-      the set of mech_types indicated in actual_mechs, and that those
-      credentials can be referenced for subsequent use with the handle
-      returned in output_cred_handle.
-
-   o  GSS_BAD_MECH indicates that a mech_type unsupported by the GSS-API
-      implementation type was requested, causing the credential
-      establishment operation to fail.
-
-   o  GSS_BAD_NAMETYPE indicates that the provided desired_name is
-      uninterpretable or of a type unsupported by the supporting GSS-API
-      implementation, so no credentials could be established for the
-      accompanying desired_name.
-
-   o  GSS_BAD_NAME indicates that the provided desired_name is
-      inconsistent in terms of internally-incorporated type specifier
-      information, so no credentials could be established for the
-      accompanying desired_name.
-
-   o  GSS_FAILURE indicates that credential establishment failed for
-      reasons unspecified at the GSS-API level, including lack of
-      authorization to establish and use credentials associated with the
-      identity named in the input desired_name argument.
-
-   GSS_Acquire_cred()  is used to acquire credentials so that a
-   principal can (as a function of the input cred_usage parameter)
-   initiate and/or accept security contexts under the identity
-   represented by the desired_name input argument. On successful
-   completion, the returned output_cred_handle result provides a handle
-   for subsequent references to the acquired credentials.  Typically,
-   single-user client processes using only default credentials for
-   context establishment purposes will have no need to invoke this call.
-
-   A caller may provide the value NULL for desired_name, signifying a
-   request for credentials corresponding to a default principal
-   identity.  The procedures used by GSS-API implementations to select
-   the appropriate principal identity in response to this form of
-   request are local matters. It is possible that multiple pre-
-   established credentials may exist for the same principal identity
-   (for example, as a result of multiple user login sessions) when
-   GSS_Acquire_cred() is called; the means used in such cases to select
-   a specific credential are local matters.  The input lifetime_req
-   argument to GSS_Acquire_cred() may provide useful information for
-   local GSS-API implementations to employ in making this disambiguation
-
-
-
-Linn                                                           [Page 18]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   in a manner which will best satisfy a caller's intent.
-
-   The lifetime_rec result indicates the length of time for which the
-   acquired credentials will be valid, as an offset from the present. A
-   mechanism may return a reserved value indicating INDEFINITE if no
-   constraints on credential lifetime are imposed.  A caller of
-   GSS_Acquire_cred()  can request a length of time for which acquired
-   credentials are to be valid (lifetime_req argument), beginning at the
-   present, or can request credentials with a default validity interval.
-   (Requests for postdated credentials are not supported within the
-   GSS-API.) Certain mechanisms and implementations may bind in
-   credential validity period specifiers at a point preliminary to
-   invocation of the GSS_Acquire_cred() call (e.g., in conjunction with
-   user login procedures). As a result, callers requesting non-default
-   values for lifetime_req must recognize that such requests cannot
-   always be honored and must be prepared to accommodate the use of
-   returned credentials with different lifetimes as indicated in
-   lifetime_rec.
-
-   The caller of GSS_Acquire_cred() can explicitly specify a set of
-   mech_types which are to be accommodated in the returned credentials
-   (desired_mechs argument), or can request credentials for a system-
-   defined default set of mech_types. Selection of the system-specified
-   default set is recommended in the interests of application
-   portability. The actual_mechs return value may be interrogated by the
-   caller to determine the set of mechanisms with which the returned
-   credentials may be used.
-
-2.1.2.  GSS_Release_cred call
-
-   Input:
-
-   o  cred_handle OCTET STRING-NULL specifies default credentials
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the credentials referenced by the
-      input cred_handle were released for purposes of subsequent access
-      by the caller. The effect on other processes which may be
-      authorized shared access to such credentials is a local matter.
-
-
-
-
-
-Linn                                                           [Page 19]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_NO_CRED indicates that no release operation was performed,
-      either because the input cred_handle was invalid or because the
-      caller lacks authorization to access the referenced credentials.
-
-   o  GSS_FAILURE indicates that the release operation failed for
-      reasons unspecified at the GSS-API level.
-
-   Provides a means for a caller to explicitly request that credentials
-   be released when their use is no longer required. Note that system-
-   specific credential management functions are also likely to exist,
-   for example to assure that credentials shared among processes are
-   properly deleted when all affected processes terminate, even if no
-   explicit release requests are issued by those processes.  Given the
-   fact that multiple callers are not precluded from gaining authorized
-   access to the same credentials, invocation of GSS_Release_cred()
-   cannot be assumed to delete a particular set of credentials on a
-   system-wide basis.
-
-2.1.3.  GSS_Inquire_cred call
-
-      Input:
-
-      o  cred_handle OCTET STRING -NULL specifies default credentials
-
-      Outputs:
-
-      o  major_status INTEGER,
-
-      o  minor_status INTEGER,
-
-      o  cred_name INTERNAL NAME,
-
-      o  lifetime_rec INTEGER -in seconds, or reserved value for
-         INDEFINITE
-
-      o  cred_usage INTEGER, -0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-         2=ACCEPT-ONLY
-
-      o  mech_set SET OF OBJECT IDENTIFIER
-
-      Return major_status codes:
-
-      o  GSS_COMPLETE indicates that the credentials referenced by the
-         input cred_handle argument were valid, and that the output
-         cred_name, lifetime_rec, and cred_usage values represent,
-         respectively, the credentials' associated principal name,
-         remaining lifetime, suitable usage modes, and supported
-         mechanism types.
-
-
-
-Linn                                                           [Page 20]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-      o  GSS_NO_CRED indicates that no information could be returned
-         about the referenced credentials, either because the input
-         cred_handle was invalid or because the caller lacks
-         authorization to access the referenced credentials.
-
-      o  GSS_FAILURE indicates that the release operation failed for
-         reasons unspecified at the GSS-API level.
-
-   The GSS_Inquire_cred()  call is defined primarily for the use of
-   those callers which make use of default credentials rather than
-   acquiring credentials explicitly with GSS_Acquire_cred().  It enables
-   callers to determine a credential structure's associated principal
-   name, remaining validity period, usability for security context
-   initiation and/or acceptance, and supported mechanisms.
-
-2.2.  Context-level calls
-
-   This group of calls is devoted to the establishment and management of
-   security contexts between peers. A context's initiator calls
-   GSS_Init_sec_context(),  resulting in generation of a token which the
-   caller passes to the target. At the target, that token is passed to
-   GSS_Accept_sec_context().  Depending on the underlying mech_type and
-   specified options, additional token exchanges may be performed in the
-   course of context establishment; such exchanges are accommodated by
-   GSS_CONTINUE_NEEDED status returns from GSS_Init_sec_context()  and
-   GSS_Accept_sec_context().  Either party to an established context may
-   invoke GSS_Delete_sec_context()  to flush context information when a
-   context is no longer required. GSS_Process_context_token()  is used
-   to process received tokens carrying context-level control
-   information. GSS_Context_time()  allows a caller to determine the
-   length of time for which an established context will remain valid.
-
-2.2.1.  GSS_Init_sec_context call
-
-   Inputs:
-
-   o  claimant_cred_handle OCTET STRING, -NULL specifies "use
-      default"
-
-   o  input_context_handle INTEGER, -0 specifies "none assigned
-      yet"
-
-   o  targ_name INTERNAL NAME,
-
-   o  mech_type OBJECT IDENTIFIER, -NULL parameter specifies "use
-      default"
-
-   o  deleg_req_flag BOOLEAN,
-
-
-
-Linn                                                           [Page 21]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  mutual_req_flag BOOLEAN,
-
-   o  replay_det_req_flag BOOLEAN,
-
-   o  sequence_req_flag BOOLEAN,
-
-   o  lifetime_req INTEGER,-0 specifies default lifetime
-
-   o  chan_bindings OCTET STRING,
-
-   o  input_token OCTET STRING-NULL or token received from target
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_context_handle INTEGER,
-
-   o  mech_type OBJECT IDENTIFIER, -actual mechanism always
-      indicated, never NULL
-
-   o  output_token OCTET STRING, -NULL or token to pass to context
-      target
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  lifetime_rec INTEGER - in seconds, or reserved value for
-      INDEFINITE
-
-   This call may block pending network interactions for those mech_types
-   in which an authentication server or other network entity must be
-   consulted on behalf of a context initiator in order to generate an
-   output_token suitable for presentation to a specified target.
-
-   Return major_status codes:
-
-
-
-
-Linn                                                           [Page 22]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_COMPLETE indicates that context-level information was
-      successfully initialized, and that the returned output_token will
-      provide sufficient information for the target to perform per-
-      message processing on the newly-established context.
-
-   o  GSS_CONTINUE_NEEDED indicates that control information in the
-      returned output_token must be sent to the target, and that a reply
-      must be received and passed as the input_token argument to a
-      continuation call to GSS_Init_sec_context(),  before per-message
-      processing can be performed in conjunction with this context.
-
-   o  GSS_DEFECTIVE_TOKEN indicates that consistency checks performed on
-      the input_token failed, preventing further processing from being
-      performed based on that token.
-
-   o  GSS_DEFECTIVE_CREDENTIAL indicates that consistency checks
-      performed on the credential structure referenced by
-      claimant_cred_handle failed, preventing further processing from
-      being performed using that credential structure.
-
-   o  GSS_BAD_SIG indicates that the received input_token contains an
-      incorrect signature, so context setup cannot be accomplished.
-
-   o  GSS_NO_CRED indicates that no context was established, either
-      because the input cred_handle was invalid, because the referenced
-      credentials are valid for context acceptor use only, or because
-      the caller lacks authorization to access the referenced
-      credentials.
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the credentials provided
-      through the input claimant_cred_handle argument are no longer
-      valid, so context establishment cannot be completed.
-
-   o  GSS_BAD_BINDINGS indicates that a mismatch between the caller-
-      provided chan_bindings and those extracted from the input_token
-      was detected, signifying a security-relevant event and preventing
-      context establishment. (This result will be returned by
-      GSS_Init_sec_context only for contexts where mutual_state is
-      TRUE.)
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided; this major status will be
-      returned only for successor calls following GSS_CONTINUE_NEEDED
-      status returns.
-
-   o  GSS_BAD_NAMETYPE indicates that the provided targ_name is of a
-      type uninterpretable or unsupported by the supporting GSS-API
-      implementation, so context establishment cannot be completed.
-
-
-
-Linn                                                           [Page 23]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_BAD_NAME indicates that the provided targ_name is inconsistent
-      in terms of internally-incorporated type specifier information, so
-      context establishment cannot be accomplished.
-
-   o  GSS_FAILURE indicates that context setup could not be accomplished
-      for reasons unspecified at the GSS-API level, and that no
-      interface-defined recovery action is available.
-
-   This routine is used by a context initiator, and ordinarily emits one
-   (or, for the case of a multi-step exchange, more than one)
-   output_token suitable for use by the target within the selected
-   mech_type's protocol. Using information in the credentials structure
-   referenced by claimant_cred_handle, GSS_Init_sec_context()
-   initializes the data structures required to establish a security
-   context with target targ_name. The claimant_cred_handle must
-   correspond to the same valid credentials structure on the initial
-   call to GSS_Init_sec_context()  and on any successor calls resulting
-   from GSS_CONTINUE_NEEDED status returns; different protocol sequences
-   modeled by the GSS_CONTINUE_NEEDED mechanism will require access to
-   credentials at different points in the context establishment
-   sequence.
-
-   The input_context_handle argument is 0, specifying "not yet
-   assigned", on the first GSS_Init_sec_context()  call relating to a
-   given context. That call returns an output_context_handle for future
-   references to this context. When continuation attempts to
-   GSS_Init_sec_context()  are needed to perform context establishment,
-   the previously-returned non-zero handle value is entered into the
-   input_context_handle argument and will be echoed in the returned
-   output_context_handle argument. On such continuation attempts (and
-   only on continuation attempts) the input_token value is used, to
-   provide the token returned from the context's target.
-
-   The chan_bindings argument is used by the caller to provide
-   information binding the security context to security-related
-   characteristics (e.g., addresses, cryptographic keys) of the
-   underlying communications channel. See Section 1.1.6 of this document
-   for more discussion of this argument's usage.
-
-   The input_token argument contains a message received from the target,
-   and is significant only on a call to GSS_Init_sec_context() which
-   follows a previous return indicating GSS_CONTINUE_NEEDED
-   major_status.
-
-   It is the caller's responsibility to establish a communications path
-   to the target, and to transmit any returned output_token (independent
-   of the accompanying returned major_status value) to the target over
-   that path. The output_token can, however, be transmitted along with
-
-
-
-Linn                                                           [Page 24]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   the first application-provided input message to be processed by
-   GSS_Sign() or GSS_Seal() in conjunction with a successfully-
-   established context.
-
-   The initiator may request various context-level functions through
-   input flags: the deleg_req_flag requests delegation of access rights,
-   the mutual_req_flag requests mutual authentication, the
-   replay_det_req_flag requests that replay detection features be
-   applied to messages transferred on the established context, and the
-   sequence_req_flag requests that sequencing be enforced. (See Section
-   1.2.3 for more information on replay detection and sequencing
-   features.)
-
-   Not all of the optionally-requestable features will be available in
-   all underlying mech_types; the corresponding return state values
-   (deleg_state, mutual_state, replay_det_state, sequence_state)
-   indicate, as a function of mech_type processing capabilities and
-   initiator-provided input flags, the set of features which will be
-   active on the context. These state indicators' values are undefined
-   unless the routine's major_status indicates COMPLETE. Failure to
-   provide the precise set of features requested by the caller does not
-   cause context establishment to fail; it is the caller's prerogative
-   to delete the context if the feature set provided is unsuitable for
-   the caller's use.  The returned mech_type value indicates the
-   specific mechanism employed on the context, and will never indicate
-   the value for "default".
-
-   The conf_avail return value indicates whether the context supports
-   per-message confidentiality services, and so informs the caller
-   whether or not a request for encryption through the conf_req_flag
-   input to GSS_Seal() can be honored. In similar fashion, the
-   integ_avail return value indicates whether per-message integrity
-   services are available (through either GSS_Sign() or GSS_Seal()) on
-   the established context.
-
-   The lifetime_req input specifies a desired upper bound for the
-   lifetime of the context to be established, with a value of 0 used to
-   request a default lifetime. The lifetime_rec return value indicates
-   the length of time for which the context will be valid, expressed as
-   an offset from the present; depending on mechanism capabilities,
-   credential lifetimes, and local policy, it may not correspond to the
-   value requested in lifetime_req.  If no constraints on context
-   lifetime are imposed, this may be indicated by returning a reserved
-   value representing INDEFINITE lifetime_req. The values of conf_avail,
-   integ_avail, and lifetime_rec are undefined unless the routine's
-   major_status indicates COMPLETE.
-
-   If the mutual_state is TRUE, this fact will be reflected within the
-
-
-
-Linn                                                           [Page 25]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   output_token. A call to GSS_Accept_sec_context() at the target in
-   conjunction with such a context will return a token, to be processed
-   by a continuation call to GSS_Init_sec_context(), in order to achieve
-   mutual authentication.
-
-2.2.2.  GSS_Accept_sec_context call
-
-   Inputs:
-
-   o  acceptor_cred_handle OCTET STRING,-NULL specifies "use
-      default"
-
-   o  input_context_handle INTEGER, -0 specifies "not yet assigned"
-
-   o  chan_bindings OCTET STRING,
-
-   o  input_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  src_name INTERNAL NAME,
-
-   o  mech_type OBJECT IDENTIFIER,
-
-   o  output_context_handle INTEGER,
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  lifetime_rec INTEGER, - in seconds, or reserved value for
-      INDEFINITE
-
-   o  delegated_cred_handle OCTET STRING,
-
-   o  output_token OCTET STRING -NULL or token to pass to context
-
-
-
-Linn                                                           [Page 26]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-      initiator
-
-   This call may block pending network interactions for those mech_types
-   in which a directory service or other network entity must be
-   consulted on behalf of a context acceptor in order to validate a
-   received input_token.
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that context-level data structures were
-      successfully initialized, and that per-message processing can now
-      be performed in conjunction with this context.
-
-   o  GSS_CONTINUE_NEEDED indicates that control information in the
-      returned output_token must be sent to the initiator, and that a
-      response must be received and passed as the input_token argument
-      to a continuation call to GSS_Accept_sec_context(), before per-
-      message processing can be performed in conjunction with this
-      context.
-
-   o  GSS_DEFECTIVE_TOKEN indicates that consistency checks performed on
-      the input_token failed, preventing further processing from being
-      performed based on that token.
-
-   o  GSS_DEFECTIVE_CREDENTIAL indicates that consistency checks
-      performed on the credential structure referenced by
-      acceptor_cred_handle failed, preventing further processing from
-      being performed using that credential structure.
-
-   o  GSS_BAD_SIG indicates that the received input_token contains an
-      incorrect signature, so context setup cannot be accomplished.
-
-   o  GSS_DUPLICATE_TOKEN indicates that the signature on the received
-      input_token was correct, but that the input_token was recognized
-      as a duplicate of an input_token already processed. No new context
-      is established.
-
-   o  GSS_OLD_TOKEN indicates that the signature on the received
-      input_token was correct, but that the input_token is too old to be
-      checked for duplication against previously-processed input_tokens.
-      No new context is established.
-
-   o  GSS_NO_CRED indicates that no context was established, either
-      because the input cred_handle was invalid, because the referenced
-      credentials are valid for context initiator use only, or because
-      the caller lacks authorization to access the referenced
-      credentials.
-
-
-
-
-Linn                                                           [Page 27]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the credentials provided
-      through the input acceptor_cred_handle argument are no longer
-      valid, so context establishment cannot be completed.
-
-   o  GSS_BAD_BINDINGS indicates that a mismatch between the caller-
-      provided chan_bindings and those extracted from the input_token
-      was detected, signifying a security-relevant event and preventing
-      context establishment.
-
-   o GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided; this major status will be
-      returned only for successor calls following GSS_CONTINUE_NEEDED
-      status returns.
-
-   o  GSS_FAILURE indicates that context setup could not be accomplished
-      for reasons unspecified at the GSS-API level, and that no
-      interface-defined recovery action is available.
-
-   The GSS_Accept_sec_context()  routine is used by a context target.
-   Using information in the credentials structure referenced by the
-   input acceptor_cred_handle, it verifies the incoming input_token and
-   (following the successful completion of a context establishment
-   sequence) returns the authenticated src_name and the mech_type used.
-   The acceptor_cred_handle must correspond to the same valid
-   credentials structure on the initial call to GSS_Accept_sec_context()
-   and on any successor calls resulting from GSS_CONTINUE_NEEDED status
-   returns; different protocol sequences modeled by the
-   GSS_CONTINUE_NEEDED mechanism will require access to credentials at
-   different points in the context establishment sequence.
-
-   The input_context_handle argument is 0, specifying "not yet
-   assigned", on the first GSS_Accept_sec_context()  call relating to a
-   given context. That call returns an output_context_handle for future
-   references to this context; when continuation attempts to
-   GSS_Accept_sec_context()  are needed to perform context
-   establishment, that handle value will be entered into the
-   input_context_handle argument.
-
-   The chan_bindings argument is used by the caller to provide
-   information binding the security context to security-related
-   characteristics (e.g., addresses, cryptographic keys) of the
-   underlying communications channel. See Section 1.1.6 of this document
-   for more discussion of this argument's usage.
-
-   The returned state results (deleg_state, mutual_state,
-   replay_det_state, and sequence_state) reflect the same context state
-   values as returned to GSS_Init_sec_context()'s  caller at the
-   initiator system.
-
-
-
-Linn                                                           [Page 28]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   The conf_avail return value indicates whether the context supports
-   per-message confidentiality services, and so informs the caller
-   whether or not a request for encryption through the conf_req_flag
-   input to GSS_Seal()  can be honored. In similar fashion, the
-   integ_avail return value indicates whether per-message integrity
-   services are available (through either GSS_Sign()  or GSS_Seal())  on
-   the established context.
-
-   The lifetime_rec return value indicates the length of time for which
-   the context will be valid, expressed as an offset from the present.
-   The values of deleg_state, mutual_state, replay_det_state,
-   sequence_state, conf_avail, integ_avail, and lifetime_rec are
-   undefined unless the accompanying major_status indicates COMPLETE.
-
-   The delegated_cred_handle result is significant only when deleg_state
-   is TRUE, and provides a means for the target to reference the
-   delegated credentials. The output_token result, when non-NULL,
-   provides a context-level token to be returned to the context
-   initiator to continue a multi-step context establishment sequence. As
-   noted with GSS_Init_sec_context(),  any returned token should be
-   transferred to the context's peer (in this case, the context
-   initiator), independent of the value of the accompanying returned
-   major_status.
-
-   Note: A target must be able to distinguish a context-level
-   input_token, which is passed to GSS_Accept_sec_context(),  from the
-   per-message data elements passed to GSS_Verify()  or GSS_Unseal().
-   These data elements may arrive in a single application message, and
-   GSS_Accept_sec_context()  must be performed before per-message
-   processing can be performed successfully.
-
-2.2.3. GSS_Delete_sec_context call
-
-   Input:
-
-   o  context_handle INTEGER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_context_token OCTET STRING
-
-   Return major_status codes:
-
-
-
-
-
-Linn                                                           [Page 29]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_COMPLETE indicates that the context was recognized, that
-      relevant context-specific information was flushed, and that the
-      returned output_context_token is ready for transfer to the
-      context's peer.
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provide, so no deletion was performed.
-
-   o  GSS_FAILURE indicates that the context is recognized, but that the
-      GSS_Delete_sec_context()  operation could not be performed for
-      reasons unspecified at the GSS-API level.
-
-   This call may block pending network interactions for mech_types in
-   which active notification must be made to a central server when a
-   security context is to be deleted.
-
-   This call can be made by either peer in a security context, to flush
-   context-specific information and to return an output_context_token
-   which can be passed to the context's peer informing it that the
-   peer's corresponding context information can also be flushed. (Once a
-   context is established, the peers involved are expected to retain
-   cached credential and context-related information until the
-   information's expiration time is reached or until a
-   GSS_Delete_sec_context() call is made.) Attempts to perform per-
-   message processing on a deleted context will result in error returns.
-
-2.2.4.  GSS_Process_context_token call
-
-   Inputs:
-
-   o  context_handle INTEGER,
-
-   o  input_context_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the input_context_token was
-      successfully processed in conjunction with the context referenced
-      by context_handle.
-
-   o  GSS_DEFECTIVE_TOKEN indicates that consistency checks performed on
-      the received context_token failed, preventing further processing
-
-
-
-Linn                                                           [Page 30]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-      from being performed with that token.
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided.
-
-   o  GSS_FAILURE indicates that the context is recognized, but that the
-      GSS_Process_context_token()  operation could not be performed for
-      reasons unspecified at the GSS-API level.
-
-   This call is used to process context_tokens received from a peer once
-   a context has been established, with corresponding impact on
-   context-level state information. One use for this facility is
-   processing of the context_tokens generated by
-   GSS_Delete_sec_context();  GSS_Process_context_token() will not block
-   pending network interactions for that purpose. Another use is to
-   process tokens indicating remote-peer context establishment failures
-   after the point where the local GSS-API implementation has already
-   indicated GSS_COMPLETE status.
-
-2.2.5.  GSS_Context_time call
-
-   Input:
-
-   o  context_handle INTEGER,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  lifetime_rec INTEGER - in seconds, or reserved value for
-      INDEFINITE
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the referenced context is valid, and
-      will remain valid for the amount of time indicated in
-      lifetime_rec.
-
-   o  GSS_CONTEXT_EXPIRED indicates that data items related to the
-      referenced context have expired.
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the context is recognized,
-      but that its associated credentials have expired.
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided.
-
-
-
-Linn                                                           [Page 31]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_FAILURE indicates that the requested operation failed for
-      reasons unspecified at the GSS-API level.
-
-   This call is used to determine the amount of time for which a
-   currently established context will remain valid.
-
-2.3.  Per-message calls
-
-   This group of calls is used to perform per-message protection
-   processing on an established security context. None of these calls
-   block pending network interactions. These calls may be invoked by a
-   context's initiator or by the context's target.  The four members of
-   this group should be considered as two pairs; the output from
-   GSS_Sign()  is properly input to GSS_Verify(),  and the output from
-   GSS_Seal() is properly input to GSS_Unseal().
-
-   GSS_Sign()  and GSS_Verify() support data origin authentication and
-   data integrity services. When GSS_Sign()  is invoked on an input
-   message, it yields a per-message token containing data items which
-   allow underlying mechanisms to provide the specified security
-   services. The original message, along with the generated per-message
-   token, is passed to the remote peer; these two data elements are
-   processed by GSS_Verify(),  which validates the message in
-   conjunction with the separate token.
-
-   GSS_Seal()  and GSS_Unseal() support caller-requested confidentiality
-   in addition to the data origin authentication and data integrity
-   services offered by GSS_Sign()  and GSS_Verify(). GSS_Seal()  outputs
-   a single data element, encapsulating optionally enciphered user data
-   as well as associated token data items.  The data element output from
-   GSS_Seal()  is passed to the remote peer and processed by
-   GSS_Unseal()  at that system. GSS_Unseal() combines decipherment (as
-   required) with validation of data items related to authentication and
-   integrity.
-
-2.3.1.  GSS_Sign call
-
-   Inputs:
-
-   o  context_handle INTEGER,
-
-   o  qop_req INTEGER,-0 specifies default QOP
-
-   o  message OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-
-
-Linn                                                           [Page 32]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  minor_status INTEGER,
-
-   o  per_msg_token OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that a signature, suitable for an
-      established security context, was successfully applied and that
-      the message and corresponding per_msg_token are ready for
-      transmission.
-
-   o  GSS_CONTEXT_EXPIRED indicates that context-related data items have
-      expired, so that the requested operation cannot be performed.
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the context is recognized,
-      but that its associated credentials have expired, so that the
-      requested operation cannot be performed.
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided.
-
-   o  GSS_FAILURE indicates that the context is recognized, but that the
-      requested operation could not be performed for reasons unspecified
-      at the GSS-API level.
-
-   Using the security context referenced by context_handle, apply a
-   signature to the input message (along with timestamps and/or other
-   data included in support of mech_type-specific mechanisms) and return
-   the result in per_msg_token. The qop_req parameter allows quality-
-   of-protection control. The caller passes the message and the
-   per_msg_token to the target.
-
-   The GSS_Sign()  function completes before the message and
-   per_msg_token is sent to the peer; successful application of
-   GSS_Sign()  does not guarantee that a corresponding GSS_Verify() has
-   been (or can necessarily be) performed successfully when the message
-   arrives at the destination.
-
-2.3.2.  GSS_Verify call
-
-   Inputs:
-
-   o  context_handle INTEGER,
-
-   o  message OCTET STRING,
-
-   o  per_msg_token OCTET STRING
-
-
-
-
-Linn                                                           [Page 33]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   Outputs:
-
-   o  qop_state INTEGER,
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the message was successfully verified.
-
-   o  GSS_DEFECTIVE_TOKEN indicates that consistency checks performed on
-      the received per_msg_token failed, preventing further processing
-      from being performed with that token.
-
-   o  GSS_BAD_SIG indicates that the received per_msg_token contains an
-      incorrect signature for the message.
-
-   o  GSS_DUPLICATE_TOKEN, GSS_OLD_TOKEN, and GSS_UNSEQ_TOKEN values
-      appear in conjunction with the optional per-message replay
-      detection features described in Section 1.2.3; their semantics are
-      described in that section.
-
-   o  GSS_CONTEXT_EXPIRED indicates that context-related data items have
-      expired, so that the requested operation cannot be performed.
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the context is recognized,
-      but that its associated credentials have expired, so that the
-      requested operation cannot be performed.
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided.
-
-   o  GSS_FAILURE indicates that the context is recognized, but that the
-      GSS_Verify()  operation could not be performed for reasons
-      unspecified at the GSS-API level.
-
-   Using the security context referenced by context_handle, verify that
-   the input per_msg_token contains an appropriate signature for the
-   input message, and apply any active replay detection or sequencing
-   features. Return an indication of the quality-of-protection applied
-   to the processed message in the qop_state result.
-
-
-
-
-
-
-
-
-Linn                                                           [Page 34]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-2.3.3. GSS_Seal call
-
-   Inputs:
-
-   o  context_handle INTEGER,
-
-   o  conf_req_flag BOOLEAN,
-
-   o  qop_req INTEGER,-0 specifies default QOP
-
-   o  input_message OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  conf_state BOOLEAN,
-
-   o  output_message OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the input_message was successfully
-      processed and that the output_message is ready for transmission.
-
-   o  GSS_CONTEXT_EXPIRED indicates that context-related data items have
-      expired, so that the requested operation cannot be performed.
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the context is recognized,
-      but that its associated credentials have expired, so that the
-      requested operation cannot be performed.
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided.
-
-   o  GSS_FAILURE indicates that the context is recognized, but that the
-      GSS_Seal()  operation could not be performed for reasons
-      unspecified at the GSS-API level.
-
-   Performs the data origin authentication and data integrity functions
-   of GSS_Sign().  If the input conf_req_flag is TRUE, requests that
-   confidentiality be applied to the input_message.  Confidentiality may
-   not be supported in all mech_types or by all implementations; the
-   returned conf_state flag indicates whether confidentiality was
-   provided for the input_message. The qop_req parameter allows
-   quality-of-protection control.
-
-
-
-Linn                                                           [Page 35]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   In all cases, the GSS_Seal()  call yields a single output_message
-   data element containing (optionally enciphered) user data as well as
-   control information.
-
-2.3.4. GSS_Unseal call
-
-   Inputs:
-
-   o  context_handle INTEGER,
-
-   o  input_message OCTET STRING
-
-   Outputs:
-
-   o  conf_state BOOLEAN,
-
-   o  qop_state INTEGER,
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_message OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the input_message was successfully
-      processed and that the resulting output_message is available.
-
-   o  GSS_DEFECTIVE_TOKEN indicates that consistency checks performed on
-      the per_msg_token extracted from the input_message failed,
-      preventing further processing from being performed.
-
-   o  GSS_BAD_SIG indicates that an incorrect signature was detected for
-      the message.
-
-   o  GSS_DUPLICATE_TOKEN, GSS_OLD_TOKEN, and GSS_UNSEQ_TOKEN values
-      appear in conjunction with the optional per-message replay
-      detection features described in Section 1.2.3; their semantics are
-      described in that section.
-
-   o  GSS_CONTEXT_EXPIRED indicates that context-related data items have
-      expired, so that the requested operation cannot be performed.
-
-   o  GSS_CREDENTIALS_EXPIRED indicates that the context is recognized,
-      but that its associated credentials have expired, so that the
-      requested operation cannot be performed.
-
-
-
-
-Linn                                                           [Page 36]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_NO_CONTEXT indicates that no valid context was recognized for
-      the input context_handle provided.
-
-   o  GSS_FAILURE indicates that the context is recognized, but that the
-      GSS_Unseal()  operation could not be performed for reasons
-      unspecified at the GSS-API level.
-
-   Processes a data element generated (and optionally enciphered) by
-   GSS_Seal(),  provided as input_message. The returned conf_state value
-   indicates whether confidentiality was applied to the input_message.
-   If conf_state is TRUE, GSS_Unseal()  deciphers the input_message.
-   Returns an indication of the quality-of-protection applied to the
-   processed message in the qop_state result. GSS_Seal()  performs the
-   data integrity and data origin authentication checking functions of
-   GSS_Verify()  on the plaintext data. Plaintext data is returned in
-   output_message.
-
-2.4.  Support calls
-
-   This group of calls provides support functions useful to GSS-API
-   callers, independent of the state of established contexts. Their
-   characterization with regard to blocking or non-blocking status in
-   terms of network interactions is unspecified.
-
-2.4.1.  GSS_Display_status call
-
-   Inputs:
-
-   o  status_value INTEGER,-GSS-API major_status or minor_status
-      return value
-
-   o  status_type INTEGER,-1 if major_status, 2 if minor_status
-
-   o  mech_type OBJECT IDENTIFIER-mech_type to be used for minor_
-      status translation
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  status_string_set SET OF OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that a valid printable status
-      representation (possibly representing more than one status event
-
-
-
-Linn                                                           [Page 37]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-      encoded within the status_value) is available in the returned
-      status_string_set.
-
-   o  GSS_BAD_MECH indicates that translation in accordance with an
-      unsupported mech_type was requested, so translation could not be
-      performed.
-
-   o  GSS_BAD_STATUS indicates that the input status_value was invalid,
-      or that the input status_type carried a value other than 1 or 2,
-      so translation could not be performed.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Provides a means for callers to translate GSS-API-returned major and
-   minor status codes into printable string representations.
-
-2.4.2.  GSS_Indicate_mechs call
-
-   Input:
-
-   o  (none)
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  mech_set SET OF OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that a set of available mechanisms has
-      been returned in mech_set.
-
-   o  GSS_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to determine the set of mechanism types available on
-   the local system. This call is intended for support of specialized
-   callers who need to request non-default mech_type sets from
-   GSS_Acquire_cred(),  and should not be needed by other callers.
-
-2.4.3.  GSS_Compare_name call
-
-   Inputs:
-
-
-
-
-Linn                                                           [Page 38]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  name1 INTERNAL NAME,
-
-   o  name2 INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_equal BOOLEAN
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that name1 and name2 were comparable, and
-      that the name_equal result indicates whether name1 and name2 were
-      equal or unequal.
-
-   o  GSS_BAD_NAMETYPE indicates that one or both of name1 and name2
-      contained internal type specifiers uninterpretable by the
-      supporting GSS-API implementation, or that the two names' types
-      are different and incomparable, so the equality comparison could
-      not be completed.
-
-   o  GSS_BAD_NAME indicates that one or both of the input names was
-      ill-formed in terms of its internal type specifier, so the
-      equality comparison could not be completed.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to compare two internal name representations for
-   equality.
-
-2.4.4.  GSS_Display_name call
-
-   Inputs:
-
-   o  name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_string OCTET STRING,
-
-
-
-
-Linn                                                           [Page 39]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  name_type OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that a valid printable name representation
-      is available in the returned name_string.
-
-   o  GSS_BAD_NAMETYPE indicates that the provided name was of a type
-      uninterpretable by the supporting GSS-API implementation, so no
-      printable representation could be generated.
-
-   o  GSS_BAD_NAME indicates that the contents of the provided name were
-      inconsistent with the internally-indicated name type, so no
-      printable representation could be generated.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to translate an internal name representation into a
-   printable form with associated namespace type descriptor. The syntax
-   of the printable form is a local matter.
-
-2.4.5.  GSS_Import_name call
-
-   Inputs:
-
-   o  input_name_string OCTET STRING,
-
-   o  input_name_type OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_name INTERNAL NAME
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that a valid name representation is output
-      in output_name and described by the type value in
-      output_name_type.
-
-   o  GSS_BAD_NAMETYPE indicates that the input_name_type is unsupported
-      by the GSS-API implementation, so the import operation could not
-      be completed.
-
-
-
-
-Linn                                                           [Page 40]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  GSS_BAD_NAME indicates that the provided input_name_string is
-      ill-formed in terms of the input_name_type, so the import
-      operation could not be completed.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to provide a printable name representation, designate
-   the type of namespace in conjunction with which it should be parsed,
-   and convert that printable representation to an internal form
-   suitable for input to other GSS-API routines.  The syntax of the
-   input_name is a local matter.
-
-2.4.6. GSS_Release_name call
-
-   Inputs:
-
-   o  name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the storage associated with the input
-      name was successfully released.
-
-   o  GSS_BAD_NAME indicates that the input name argument did not
-      contain a valid name.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an internal
-   name representation.
-
-2.4.7. GSS_Release_buffer call
-
-   Inputs:
-
-   o  buffer OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-
-
-Linn                                                           [Page 41]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the storage associated with the input
-      buffer was successfully released.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an OCTET STRING
-   buffer allocated by another GSS-API call.
-
-2.4.8. GSS_Release_oid_set call
-
-   Inputs:
-
-   o  buffer SET OF OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_COMPLETE indicates that the storage associated with the input
-      object identifier set was successfully released.
-
-   o  GSS_FAILURE indicates that the requested operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an object
-   identifier set object allocated by another GSS-API call.
-
-3.  Mechanism-Specific Example Scenarios
-
-   This section provides illustrative overviews of the use of various
-   candidate mechanism types to support the GSS-API. These discussions
-   are intended primarily for readers familiar with specific security
-   technologies, demonstrating how GSS-API functions can be used and
-   implemented by candidate underlying mechanisms. They should not be
-   regarded as constrictive to implementations or as defining the only
-   means through which GSS-API functions can be realized with a
-   particular underlying technology, and do not demonstrate all GSS-API
-   features with each technology.
-
-
-
-
-Linn                                                           [Page 42]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-3.1. Kerberos V5, single-TGT
-
-   OS-specific login functions yield a TGT to the local realm Kerberos
-   server; TGT is placed in a credentials structure for the client.
-   Client calls GSS_Acquire_cred()  to acquire a cred_handle in order to
-   reference the credentials for use in establishing security contexts.
-
-   Client calls GSS_Init_sec_context().  If the requested service is
-   located in a different realm, GSS_Init_sec_context()  gets the
-   necessary TGT/key pairs needed to traverse the path from local to
-   target realm; these data are placed in the owner's TGT cache. After
-   any needed remote realm resolution, GSS_Init_sec_context()  yields a
-   service ticket to the requested service with a corresponding session
-   key; these data are stored in conjunction with the context. GSS-API
-   code sends KRB_TGS_REQ request(s) and receives KRB_TGS_REP
-   response(s) (in the successful case) or KRB_ERROR.
-
-   Assuming success, GSS_Init_sec_context()  builds a Kerberos-formatted
-   KRB_AP_REQ message, and returns it in output_token.  The client sends
-   the output_token to the service.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(),  which verifies the authenticator, provides
-   the service with the client's authenticated name, and returns an
-   output_context_handle.
-
-   Both parties now hold the session key associated with the service
-   ticket, and can use this key in subsequent GSS_Sign(), GSS_Verify(),
-   GSS_Seal(), and GSS_Unseal() operations.
-
-3.2. Kerberos V5, double-TGT
-
-   TGT acquisition as above.
-
-   Note: To avoid unnecessary frequent invocations of error paths when
-   implementing the GSS-API atop Kerberos V5, it seems appropriate to
-   represent "single-TGT K-V5" and "double-TGT K-V5" with separate
-   mech_types, and this discussion makes that assumption.
-
-   Based on the (specified or defaulted) mech_type,
-   GSS_Init_sec_context()  determines that the double-TGT protocol
-   should be employed for the specified target. GSS_Init_sec_context()
-   returns GSS_CONTINUE_NEEDED major_status, and its returned
-   output_token contains a request to the service for the service's TGT.
-   (If a service TGT with suitably long remaining lifetime already
-   exists in a cache, it may be usable, obviating the need for this
-   step.) The client passes the output_token to the service.  Note: this
-   scenario illustrates a different use for the GSS_CONTINUE_NEEDED
-
-
-
-Linn                                                           [Page 43]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   status return facility than for support of mutual authentication;
-   note that both uses can coexist as successive operations within a
-   single context establishment operation.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(),  which recognizes it as a request for TGT.
-   (Note that current Kerberos V5 defines no intra-protocol mechanism to
-   represent such a request.) GSS_Accept_sec_context()  returns
-   GSS_CONTINUE_NEEDED major_status and provides the service's TGT in
-   its output_token. The service sends the output_token to the client.
-
-   The client passes the received token as the input_token argument to a
-   continuation of GSS_Init_sec_context(). GSS_Init_sec_context() caches
-   the received service TGT and uses it as part of a service ticket
-   request to the Kerberos authentication server, storing the returned
-   service ticket and session key in conjunction with the context.
-   GSS_Init_sec_context()  builds a Kerberos-formatted authenticator,
-   and returns it in output_token along with GSS_COMPLETE return
-   major_status. The client sends the output_token to the service.
-
-   Service passes the received token as the input_token argument to a
-   continuation call to GSS_Accept_sec_context().
-   GSS_Accept_sec_context()  verifies the authenticator, provides the
-   service with the client's authenticated name, and returns
-   major_status GSS_COMPLETE.
-
-   GSS_Sign(),  GSS_Verify(), GSS_Seal(), and GSS_Unseal()  as above.
-
-3.3.  X.509 Authentication Framework
-
-   This example illustrates use of the GSS-API in conjunction with
-   public-key mechanisms, consistent with the X.509 Directory
-   Authentication Framework.
-
-   The GSS_Acquire_cred()  call establishes a credentials structure,
-   making the client's private key accessible for use on behalf of the
-   client.
-
-   The client calls GSS_Init_sec_context(),  which interrogates the
-   Directory to acquire (and validate) a chain of public-key
-   certificates, thereby collecting the public key of the service.  The
-   certificate validation operation determines that suitable signatures
-   were applied by trusted authorities and that those certificates have
-   not expired. GSS_Init_sec_context()  generates a secret key for use
-   in per-message protection operations on the context, and enciphers
-   that secret key under the service's public key.
-
-   The enciphered secret key, along with an authenticator quantity
-
-
-
-Linn                                                           [Page 44]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   signed with the client's private key, is included in the output_token
-   from GSS_Init_sec_context().  The output_token also carries a
-   certification path, consisting of a certificate chain leading from
-   the service to the client; a variant approach would defer this path
-   resolution to be performed by the service instead of being asserted
-   by the client. The client application sends the output_token to the
-   service.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context().  GSS_Accept_sec_context() validates the
-   certification path, and as a result determines a certified binding
-   between the client's distinguished name and the client's public key.
-   Given that public key, GSS_Accept_sec_context() can process the
-   input_token's authenticator quantity and verify that the client's
-   private key was used to sign the input_token. At this point, the
-   client is authenticated to the service. The service uses its private
-   key to decipher the enciphered secret key provided to it for per-
-   message protection operations on the context.
-
-   The client calls GSS_Sign()  or GSS_Seal() on a data message, which
-   causes per-message authentication, integrity, and (optional)
-   confidentiality facilities to be applied to that message. The service
-   uses the context's shared secret key to perform corresponding
-   GSS_Verify()  and GSS_Unseal() calls.
-
-4.  Related Activities
-
-   In order to implement the GSS-API atop existing, emerging, and future
-   security mechanisms:
-
-      object identifiers must be assigned to candidate GSS-API
-      mechanisms and the name types which they support
-
-      concrete data element formats must be defined for candidate
-      mechanisms
-
-   Calling applications must implement formatting conventions which will
-   enable them to distinguish GSS-API tokens from other data carried in
-   their application protocols.
-
-   Concrete language bindings are required for the programming
-   environments in which the GSS-API is to be employed; such bindings
-   for the C language are available in an associated RFC.
-
-
-
-
-
-
-
-
-Linn                                                           [Page 45]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-5.  Acknowledgments
-
-   This proposal is the result of a collaborative effort.
-   Acknowledgments are due to the many members of the IETF Security Area
-   Advisory Group (SAAG) and the Common Authentication Technology (CAT)
-   Working Group for their contributions at meetings and by electronic
-   mail. Acknowledgments are also due to Kannan Alagappan, Doug Barlow,
-   Bill Brown, Cliff Kahn, Charlie Kaufman, Butler Lampson, Richard
-   Pitkin, Joe Tardo, and John Wray of Digital Equipment Corporation,
-   and John Carr, John Kohl, Jon Rochlis, Jeff Schiller, and Ted T'so of
-   MIT and Project Athena.  Joe Pato and Bill Sommerfeld of HP/Apollo,
-   Walt Tuvell of OSF, and Bill Griffith and Mike Merritt of AT&T,
-   provided inputs which helped to focus and clarify directions.
-   Precursor work by Richard Pitkin, presented to meetings of the
-   Trusted Systems Interoperability Group (TSIG), helped to demonstrate
-   the value of a generic, mechanism-independent security service API.
-
-6. Security Considerations
-
-   Security issues are discussed throughout this memo.
-
-7. Author's Address
-
-   John Linn
-   Geer Zolot Associates
-   One Main St.
-   Cambridge, MA  02142  USA
-
-   Phone: +1 617.374.3700
-   Email: Linn@gza.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                                                           [Page 46]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-APPENDIX  A
-
-PACS AND AUTHORIZATION SERVICES
-
-   Consideration has been given to modifying the GSS-API service
-   interface to recognize and manipulate Privilege Attribute
-   Certificates (PACs) as in ECMA 138, carrying authorization data as a
-   side effect of establishing a security context, but no such
-   modifications have been incorporated at this time. This appendix
-   provides rationale for this decision and discusses compatibility
-   alternatives between PACs and the GSS-API which do not require that
-   PACs be made visible to GSS-API callers.
-
-   Existing candidate mechanism types such as Kerberos and X.509 do not
-   incorporate PAC manipulation features, and exclusion of such
-   mechanisms from the set of candidates equipped to fully support the
-   GSS-API seems inappropriate. Inclusion (and GSS-API visibility) of a
-   feature supported by only a limited number of mechanisms could
-   encourage the development of ostensibly portable applications which
-   would in fact have only limited portability.
-
-   The status quo, in which PACs are not visible across the GSS-API
-   interface, does not preclude implementations in which PACs are
-   carried transparently, within the tokens defined and used for certain
-   mech_types, and stored within peers' credentials and context-level
-   data structures. While invisible to API callers, such PACs could be
-   used by operating system or other local functions as inputs in the
-   course of mediating access requests made by callers. This course of
-   action allows dynamic selection of PAC contents, if such selection is
-   administratively-directed rather than caller-directed.
-
-   In a distributed computing environment, authentication must span
-   different systems; the need for such authentication provides
-   motivation for GSS-API definition and usage. Heterogeneous systems in
-   a network can intercommunicate, with globally authenticated names
-   comprising the common bond between locally defined access control
-   policies. Access control policies to which authentication provides
-   inputs are often local, or specific to particular operating systems
-   or environments. If the GSS-API made particular authorization models
-   visible across its service interface, its scope of application would
-   become less general. The current GSS-API paradigm is consistent with
-   the precedent set by Kerberos, neither defining the interpretation of
-   authorization-related data nor enforcing access controls based on
-   such data.
-
-   The GSS-API is a general interface, whose callers may reside inside
-   or outside any defined TCB or NTCB boundaries. Given this
-   characteristic, it appears more realistic to provide facilities which
-
-
-
-Linn                                                           [Page 47]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-   provide "value-added" security services to its callers than to offer
-   facilities which enforce restrictions on those callers. Authorization
-   decisions must often be mediated below the GSS-API level in a local
-   manner against (or in spite of) applications, and cannot be
-   selectively invoked or omitted at those applications' discretion.
-   Given that the GSS-API's placement prevents it from providing a
-   comprehensive solution to the authorization issue, the value of a
-   partial contribution specific to particular authorization models is
-   debatable.
-
-APPENDIX  B
-
-MECHANISM-INDEPENDENT TOKEN FORMAT
-
-   This appendix specifies a mechanism-independent level of
-   encapsulating representation for the initial token of a GSS-API
-   context establishment sequence, incorporating an identifier of the
-   mechanism type to be used on that context. Use of this format (with
-   ASN.1-encoded data elements represented in BER, constrained in the
-   interests of parsing simplicity to the Distinguished Encoding Rule
-   (DER) BER subset defined in X.509, clause 8.7) is recommended to the
-   designers of GSS-API implementations based on various mechanisms, so
-   that tokens can be interpreted unambiguously at GSS-API peers. There
-   is no requirement that the mechanism-specific innerContextToken,
-   innerMsgToken, and sealedUserData data elements be encoded in ASN.1
-   BER.
-
-          -- optional top-level token definitions to
-          -- frame different mechanisms
-
-          GSS-API DEFINITIONS ::=
-
-          BEGIN
-
-          MechType ::= OBJECT IDENTIFIER
-          -- data structure definitions
-
-          -- callers must be able to distinguish among
-          -- InitialContextToken, SubsequentContextToken,
-          -- PerMsgToken, and SealedMessage data elements
-          -- based on the usage in which they occur
-
-          InitialContextToken ::=
-          -- option indication (delegation, etc.) indicated within
-          -- mechanism-specific token
-          [APPLICATION 0] IMPLICIT SEQUENCE {
-                  thisMech MechType,
-                  innerContextToken ANY DEFINED BY thisMech
-
-
-
-Linn                                                           [Page 48]
-
-RFC 1508               Generic Security Interface         September 1993
-
-
-                     -- contents mechanism-specific
-                  }
-
-          SubsequentContextToken ::= innerContextToken ANY
-          -- interpretation based on predecessor InitialContextToken
-
-          PerMsgToken ::=
-          -- as emitted by GSS_Sign and processed by GSS_Verify
-                  innerMsgToken ANY
-
-          SealedMessage ::=
-          -- as emitted by GSS_Seal and processed by GSS_Unseal
-          -- includes internal, mechanism-defined indicator
-          -- of whether or not encrypted
-                  sealedUserData ANY
-
-          END
-
-APPENDIX  C
-
-MECHANISM DESIGN CONSTRAINTS
-
-   The following constraints on GSS-API mechanism designs are adopted in
-   response to observed caller protocol requirements, and adherence
-   thereto is anticipated in subsequent descriptions of GSS-API
-   mechanisms to be documented in standards-track Internet
-   specifications.
-
-   Use of the approach defined in Appendix B of this specification,
-   applying a mechanism type tag to the InitialContextToken, is
-   required.
-
-   It is strongly recommended that mechanisms offering per-message
-   protection services also offer at least one of the replay detection
-   and sequencing services, as mechanisms offering neither of the latter
-   will fail to satisfy recognized requirements of certain candidate
-   caller protocols.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                                                           [Page 49]
-
-\ No newline at end of file
diff --git a/crypto/heimdal/doc/standardisation/rfc1509.txt b/crypto/heimdal/doc/standardisation/rfc1509.txt
deleted file mode 100644
index f36cd80e6dcd..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc1509.txt
+++ /dev/null
@@ -1,2691 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            J. Wray
-Request for Comments: 1509                 Digital Equipment Corporation
-                                                          September 1993
-
-
-               Generic Security Service API : C-bindings
-
-Status of this Memo
-
-   This RFC specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" for the standardization state and status
-   of this protocol.  Distribution of this memo is unlimited.
-
-Abstract
-
-   This document specifies C language bindings for the Generic Security
-   Service Application Program Interface (GSS-API), which is described
-   at a language-independent conceptual level in other documents.
-
-   The Generic Security Service Application Programming Interface (GSS-
-   API) provides security services to its callers, and is intended for
-   implementation atop alternative underlying cryptographic mechanisms.
-   Typically, GSS-API callers will be application protocols into which
-   security enhancements are integrated through invocation of services
-   provided by the GSS-API. The GSS-API allows a caller application to
-   authenticate a principal identity associated with a peer application,
-   to delegate rights to a peer, and to apply security services such as
-   confidentiality and integrity on a per-message basis.
-
-1. INTRODUCTION
-
-   The Generic Security Service Application Programming Interface [1]
-   provides security services to calling applications.  It allows a
-   communicating application to authenticate the user associated with
-   another application, to delegate rights to another application, and
-   to apply security services such as confidentiality and integrity on a
-   per-message basis.
-
-   There are four stages to using the GSSAPI:
-
-   (a) The application acquires a set of credentials with which it may
-       prove its identity to other processes.  The application's
-       credentials vouch for its global identity, which may or may not
-       be related to the local username under which it is running.
-
-
-
-
-
-Wray                                                            [Page 1]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   (b) A pair of communicating applications establish a joint security
-       context using their credentials.  The security context is a
-       pair of GSSAPI data structures that contain shared state
-       information, which is required in order that per-message
-       security services may be provided.  As part of the
-       establishment of a security context, the context initiator is
-       authenticated to the responder, and may require that the
-       responder is authenticated in turn.  The initiator may
-       optionally give the responder the right to initiate further
-       security contexts.  This transfer of rights is termed
-       delegation, and is achieved by creating a set of credentials,
-       similar to those used by the originating application, but which
-       may be used by the responder.  To establish and maintain the
-       shared information that makes up the security context, certain
-       GSSAPI calls will return a token data structure, which is a
-       cryptographically protected opaque data type.  The caller of
-       such a GSSAPI routine is responsible for transferring the token
-       to the peer application, which should then pass it to a
-       corresponding GSSAPI routine which will decode it and extract
-       the information.
-
-   (c) Per-message services are invoked to apply either:
-
-       (i) integrity and data origin authentication, or
-
-       (ii) confidentiality, integrity and data origin authentication
-            to application data, which are treated by GSSAPI as
-            arbitrary octet-strings.  The application transmitting a
-            message that it wishes to protect will call the appropriate
-            GSSAPI routine (sign or seal) to apply protection, specifying
-            the appropriate security context, and send the result to the
-            receiving application.  The receiver will pass the received
-            data to the corresponding decoding routine (verify or unseal)
-            to remove the protection and validate the data.
-
-   (d) At the completion of a communications session (which may extend
-       across several connections), the peer applications call GSSAPI
-       routines to delete the security context.  Multiple contexts may
-       also be used (either successively or simultaneously) within a
-       single communications association.
-
-2. GSSAPI Routines
-
-   This section lists the functions performed by each of the GSSAPI
-   routines and discusses their major parameters, describing how they
-   are to be passed to the routines.  The routines are listed in figure
-   4-1.
-
-
-
-
-Wray                                                            [Page 2]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                      Figure 4-1  GSSAPI Routines
-
-
-            Routine                               Function
-
-            gss_acquire_cred               Assume a global identity
-
-            gss_release_cred               Discard credentials
-
-            gss_init_sec_context           Initiate a security context
-                                           with a peer application
-
-            gss_accept_sec_context         Accept a security context
-                                           initiated by a peer
-                                           application
-
-            gss_process_context_token      Process a token on a security
-                                           context from a peer
-                                           application
-
-            gss_delete_sec_context         Discard a security context
-
-            gss_context_time               Determine for how long a
-                                           context will remain valid
-
-            gss_sign                       Sign a message; integrity
-                                           service
-
-            gss_verify                     Check signature on a message
-
-            gss_seal                       Sign (optionally encrypt) a
-                                           message; confidentiality
-                                           service
-
-            gss_unseal                     Verify (optionally decrypt)
-                                           message
-
-            gss_display_status             Convert an API status code
-                                           to text
-
-            gss_indicate_mechs             Determine underlying
-                                           authentication mechanism
-
-            gss_compare_name               Compare two internal-form
-                                           names
-
-            gss_display_name               Convert opaque name to text
-
-
-
-
-Wray                                                            [Page 3]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-            gss_import_name                Convert a textual name to
-                                           internal-form
-
-            gss_release_name               Discard an internal-form
-                                           name
-
-            gss_release_buffer             Discard a buffer
-
-            gss_release_oid_set            Discard a set of object
-                                           identifiers
-
-            gss_inquire_cred               Determine information about
-                                           a credential
-
-   Individual GSSAPI implementations may augment these routines by
-   providing additional mechanism-specific routines if required
-   functionality is not available from the generic forms.  Applications
-   are encouraged to use the generic routines wherever possible on
-   portability grounds.
-
-2.1. Data Types and Calling Conventions
-
-   The following conventions are used by the GSSAPI:
-
-2.1.1. Structured data types
-
-   Wherever these GSSAPI C-bindings describe structured data, only
-   fields that must be provided by all GSSAPI implementation are
-   documented.  Individual implementations may provide additional
-   fields, either for internal use within GSSAPI routines, or for use by
-   non-portable applications.
-
-2.1.2. Integer types
-
-   GSSAPI defines the following integer data type:
-
-                 OM_uint32      32-bit unsigned integer
-
-   Where guaranteed minimum bit-count is important, this portable data
-   type is used by the GSSAPI routine definitions. Individual GSSAPI
-   implementations will include appropriate typedef definitions to map
-   this type onto a built-in data type.
-
-2.1.3. String and similar data
-
-   Many of the GSSAPI routines take arguments and return values that
-   describe contiguous multiple-byte data.  All such data is passed
-   between the GSSAPI and the caller using the gss_buffer_t data type.
-
-
-
-Wray                                                            [Page 4]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   This data type is a pointer to a buffer descriptor, which consists of
-   a length field that contains the total number of bytes in the datum,
-   and a value field which contains a pointer to the actual datum:
-
-                 typedef struct gss_buffer_desc_struct {
-                    size_t  length;
-                    void    *value;
-                 } gss_buffer_desc, *gss_buffer_t;
-
-   Storage for data passed to the application by a GSSAPI routine using
-   the gss_buffer_t conventions is allocated by the GSSAPI routine.  The
-   application may free this storage by invoking the gss_release_buffer
-   routine.  Allocation of the gss_buffer_desc object is always the
-   responsibility of the application;  Unused gss_buffer_desc objects
-   may be initialized to the value GSS_C_EMPTY_BUFFER.
-
-2.1.3.1. Opaque data types
-
-   Certain multiple-word data items are considered opaque data types at
-   the GSSAPI, because their internal structure has no significance
-   either to the GSSAPI or to the caller.  Examples of such opaque data
-   types are the input_token parameter to gss_init_sec_context (which is
-   opaque to the caller), and the input_message parameter to gss_seal
-   (which is opaque to the GSSAPI).  Opaque data is passed between the
-   GSSAPI and the application using the gss_buffer_t datatype.
-
-2.1.3.2. Character strings
-
-   Certain multiple-word data items may be regarded as simple ISO
-   Latin-1 character strings.  An example of this is the
-   input_name_buffer parameter to gss_import_name.  Some GSSAPI routines
-   also return character strings.  Character strings are passed between
-   the application and the GSSAPI using the gss_buffer_t datatype,
-   defined earlier.
-
-2.1.4. Object Identifiers
-
-   Certain GSSAPI procedures take parameters of the type gss_OID, or
-   Object identifier.  This is a type containing ISO-defined tree-
-   structured values, and is used by the GSSAPI caller to select an
-   underlying security mechanism.  A value of type gss_OID has the
-   following structure:
-
-                 typedef struct gss_OID_desc_struct {
-                    OM_uint32 length;
-                    void      *elements;
-                 } gss_OID_desc, *gss_OID;
-
-
-
-
-Wray                                                            [Page 5]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   The elements field of this structure points to the first byte of an
-   octet string containing the ASN.1 BER encoding of the value of the
-   gss_OID.  The length field contains the number of bytes in this
-   value.  For example, the  gss_OID value corresponding to {iso(1)
-   identified- oganization(3) icd-ecma(12) member-company(2) dec(1011)
-   cryptoAlgorithms(7) SPX(5)} meaning SPX (Digital's X.509
-   authentication mechanism) has a length field of 7 and an elements
-   field pointing to seven octets containing the following octal values:
-   53,14,2,207,163,7,5. GSSAPI implementations should provide constant
-   gss_OID values to allow callers to request any supported mechanism,
-   although applications are encouraged on portability grounds to accept
-   the default mechanism.   gss_OID values should also be provided to
-   allow applications to specify particular name types (see section
-   2.1.10).  Applications should treat gss_OID_desc values returned by
-   GSSAPI routines as read-only.  In particular, the application should
-   not attempt to deallocate them.  The gss_OID_desc datatype is
-   equivalent to the X/Open OM_object_identifier datatype [2].
-
-2.1.5. Object Identifier Sets
-
-   Certain GSSAPI procedures take parameters of the type gss_OID_set.
-   This type represents one or more object identifiers (section 2.1.4).
-   A gss_OID_set object has the following structure:
-
-                 typedef struct gss_OID_set_desc_struct {
-                    int       count;
-                    gss_OID   elements;
-                 } gss_OID_set_desc, *gss_OID_set;
-
-   The count field contains the number of OIDs within the set.  The
-   elements field is a pointer to an array of gss_OID_desc objects, each
-   of which describes a single OID. gss_OID_set values are used to name
-   the available mechanisms supported by the GSSAPI, to request the use
-   of specific mechanisms, and to indicate which mechanisms a given
-   credential supports.  Storage associated with gss_OID_set values
-   returned to the application by the GSSAPI may be deallocated by the
-   gss_release_oid_set routine.
-
-2.1.6. Credentials
-
-   A credential handle is a caller-opaque atomic datum that identifies a
-   GSSAPI credential data structure.  It is represented by the caller-
-   opaque type gss_cred_id_t, which may be implemented as either an
-   arithmetic or a pointer type.  Credentials describe a principal, and
-   they give their holder the ability to act as that principal.  The
-   GSSAPI does not make the actual credentials available to
-   applications; instead the credential handle is used to identify a
-   particular credential, held internally by GSSAPI or underlying
-
-
-
-Wray                                                            [Page 6]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   mechanism.  Thus the credential handle contains no security-relavent
-   information, and requires no special protection by the application.
-   Depending on the implementation, a given credential handle may refer
-   to different credentials when presented to the GSSAPI by different
-   callers.  Individual GSSAPI implementations should define both the
-   scope of a credential handle and the scope of a credential itself
-   (which must be at least as wide as that of a handle).  Possibilities
-   for credential handle scope include the process that acquired the
-   handle, the acquiring process and its children, or all processes
-   sharing some local identification information (e.g., UID).  If no
-   handles exist by which a given credential may be reached, the GSSAPI
-   may delete the credential.
-
-   Certain routines allow credential handle parameters to be omitted to
-   indicate the use of a default credential.  The mechanism by which a
-   default credential is established and its scope should be defined by
-   the individual GSSAPI implementation.
-
-2.1.7. Contexts
-
-   The gss_ctx_id_t data type contains a caller-opaque atomic value that
-   identifies one end of a GSSAPI security context.  It may be
-   implemented as either an arithmetic or a pointer type. Depending on
-   the implementation, a given gss_ctx_id_t value may refer to different
-   GSSAPI security contexts when presented to the GSSAPI by different
-   callers.  The security context holds state information about each end
-   of a peer communication, including cryptographic state information.
-   Individual GSSAPI implementations should define the scope of a
-   context.  Since no way is provided by which a new gss_ctx_id_t value
-   may be obtained for an existing context, the scope of a context
-   should be the same as the scope of a gss_ctx_id_t.
-
-2.1.8. Authentication tokens
-
-   A token is a caller-opaque type that GSSAPI uses to maintain
-   synchronization between the context data structures at each end of a
-   GSSAPI security context.  The token is a cryptographically protected
-   bit-string, generated by the underlying mechanism at one end of a
-   GSSAPI security context for use by the peer mechanism at the other
-   end.  Encapsulation (if required) and transfer of the token are the
-   responsibility of the peer applications.  A token is passed between
-   the GSSAPI and the application using the gss_buffer_t conventions.
-
-2.1.9. Status values
-
-   One or more status codes are returned by each GSSAPI routine.  Two
-   distinct sorts of status codes are returned.  These are termed GSS
-   status codes and Mechanism status codes.
-
-
-
-Wray                                                            [Page 7]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-2.1.9.1. GSS status codes
-
-   GSSAPI routines return GSS status codes as their OM_uint32 function
-   value.  These codes indicate errors that are independent of the
-   underlying mechanism used to provide the security service.  The
-   errors that can be indicated via a GSS status code are either generic
-   API routine errors (errors that are defined in the GSSAPI
-   specification) or calling errors (errors that are specific to these
-   bindings).
-
-   A GSS status code can indicate a single fatal generic API error from
-   the routine and a single calling error.  In addition, supplementary
-   status information may be indicated via the setting of bits in the
-   supplementary info field of a GSS status code.
-
-   These errors are encoded into the 32-bit GSS status code as follows:
-
-      MSB                                                        LSB
-      |------------------------------------------------------------|
-      | Calling Error | Routine Error  |    Supplementary Info     |
-      |------------------------------------------------------------|
-   Bit 31           24 23            16 15                        0
-
-   Hence if a GSSAPI routine returns a GSS status code whose upper 16
-   bits contain a non-zero value, the call failed.  If the calling error
-   field is non-zero, the invoking application's call of the routine was
-   erroneous.  Calling errors are defined in table 5-1.  If the routine
-   error field is non-zero, the routine failed for one of the routine-
-   specific reasons listed below in table 5-2.  Whether or not the upper
-   16 bits indicate a failure or a success, the routine may indicate
-   additional information by setting bits in the supplementary info
-   field of the status code.  The meaning of individual bits is listed
-   below in table 5-3.
-
-                     Table 5-1  Calling Errors
-
-              Name                    Value in        Meaning
-                                        Field
-         GSS_S_CALL_INACCESSIBLE_READ     1           A required input
-                                                      parameter could
-                                                      not be read.
-         GSS_S_CALL_INACCESSIBLE_WRITE    2           A required output
-                                                      parameter could
-                                                      not be written.
-         GSS_S_CALL_BAD_STRUCTURE         3           A parameter was
-                                                      malformed
-
-
-
-
-
-Wray                                                            [Page 8]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                     Table 5-2  Routine Errors
-
-               Name             Value in       Meaning
-                                 Field
-
-         GSS_S_BAD_MECH             1      An unsupported mechanism was
-                                           requested
-         GSS_S_BAD_NAME             2      An invalid name was supplied
-         GSS_S_BAD_NAMETYPE         3      A supplied name was of an
-                                           unsupported type
-         GSS_S_BAD_BINDINGS         4      Incorrect channel bindings
-                                           were supplied
-         GSS_S_BAD_STATUS           5      An invalid status code was
-                                           supplied
-
-         GSS_S_BAD_SIG              6      A token had an invalid
-                                           signature
-         GSS_S_NO_CRED              7      No credentials were supplied
-         GSS_S_NO_CONTEXT           8      No context has been
-                                           established
-         GSS_S_DEFECTIVE_TOKEN      9      A token was invalid
-         GSS_S_DEFECTIVE_CREDENTIAL 10     A credential was invalid
-         GSS_S_CREDENTIALS_EXPIRED  11     The referenced credentials
-                                           have expired
-         GSS_S_CONTEXT_EXPIRED      12     The context has expired
-         GSS_S_FAILURE              13     Miscellaneous failure
-                                           (see text)
-
-                     Table 5-3  Supplementary Status Bits
-
-         Name                Bit Number         Meaning
-         GSS_S_CONTINUE_NEEDED   0 (LSB)  The routine must be called
-                                          again to complete its
-                                          function.
-                                          See routine documentation for
-                                          detailed description.
-         GSS_S_DUPLICATE_TOKEN   1        The token was a duplicate of
-                                          an earlier token
-         GSS_S_OLD_TOKEN         2        The token's validity period
-                                          has expired
-         GSS_S_UNSEQ_TOKEN       3        A later token has already been
-                                          processed
-
-   The routine documentation also uses the name GSS_S_COMPLETE, which is
-   a zero value, to indicate an absence of any API errors or
-   supplementary information bits.
-
-
-
-
-
-Wray                                                            [Page 9]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   All GSS_S_xxx symbols equate to complete OM_uint32 status codes,
-   rather than to bitfield values.  For example, the actual value of the
-   symbol GSS_S_BAD_NAMETYPE (value 3 in the routine error field) is 3
-   << 16.
-
-   The macros GSS_CALLING_ERROR(), GSS_ROUTINE_ERROR() and
-   GSS_SUPPLEMENTARY_INFO() are provided, each of which takes a GSS
-   status code and removes all but the relevant field.  For example, the
-   value obtained by applying GSS_ROUTINE_ERROR to a status code removes
-   the calling errors and supplementary info fields, leaving only the
-   routine errors field.  The values delivered by these macros may be
-   directly compared with a GSS_S_xxx symbol of the appropriate type.
-   The macro GSS_ERROR() is also provided, which when applied to a GSS
-   status code returns a non-zero value if the status code indicated a
-   calling or routine error, and a zero value otherwise.
-
-   A GSSAPI implementation may choose to signal calling errors in a
-   platform-specific manner instead of, or in addition to the routine
-   value; routine errors and supplementary info should be returned via
-   routine status values only.
-
-2.1.9.2. Mechanism-specific status codes
-
-   GSSAPI routines return a minor_status parameter, which is used to
-   indicate specialized errors from the underlying security mechanism.
-   This parameter may contain a single mechanism-specific error,
-   indicated by a OM_uint32 value.
-
-   The minor_status parameter will always be set by a GSSAPI routine,
-   even if it returns a calling error or one of the generic API errors
-   indicated above as fatal, although other output parameters may remain
-   unset in such cases.  However, output parameters that are expected to
-   return pointers to storage allocated by a routine must always set set
-   by the routine, even in the event of an error, although in such cases
-   the GSSAPI routine may elect to set the returned parameter value to
-   NULL to indicate that no storage was actually allocated.  Any length
-   field associated with such pointers (as in a gss_buffer_desc
-   structure) should also be set to zero in such cases.
-
-   The GSS status code GSS_S_FAILURE is used to indicate that the
-   underlying mechanism detected an error for which no specific GSS
-   status code is defined.  The mechanism status code will provide more
-   details about the error.
-
-2.1.10. Names
-
-   A name is used to identify a person or entity.  GSSAPI authenticates
-   the relationship between a name and the entity claiming the name.
-
-
-
-Wray                                                           [Page 10]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   Two distinct representations are defined for names:
-
-        (a) A printable form, for presentation to a user
-
-        (b) An internal form, for presentation at the API
-
-   The syntax of a printable name is defined by the GSSAPI
-   implementation, and may be dependent on local system configuration,
-   or on individual user preference.  The internal form provides a
-   canonical representation of the name that is independent of
-   configuration.
-
-   A given GSSAPI implementation may support names drawn from multiple
-   namespaces.  In such an implementation, the internal form of the name
-   must include fields that identify the namespace from which the name
-   is drawn.  The namespace from which a printable name is drawn is
-   specified by an accompanying object identifier.
-
-   Routines (gss_import_name and  gss_display_name) are provided to
-   convert names between their printable representations and the
-   gss_name_t type.  gss_import_name may support multiple syntaxes for
-   each supported namespace, allowing users the freedom to choose a
-   preferred name representation.  gss_display_name should use an
-   implementation-chosen preferred syntax for each supported name-type.
-
-   Comparison of internal-form names is accomplished via the
-   gss_compare_names routine.  This removes the need for the application
-   program to understand the syntaxes of the various printable names
-   that a given GSSAPI implementation may support.
-
-   Storage is allocated by routines that return gss_name_t values.  A
-   procedure, gss_release_name, is provided to free storage associated
-   with a name.
-
-2.1.11. Channel Bindings
-
-   GSSAPI supports the use of user-specified tags to identify a given
-   context to the peer application.  These tags are used to identify the
-   particular communications channel that carries the context.  Channel
-   bindings are communicated to the GSSAPI using the following
-   structure:
-
-
-
-
-
-
-
-
-
-
-Wray                                                           [Page 11]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                 typedef struct gss_channel_bindings_struct {
-                    OM_uint32       initiator_addrtype;
-                    gss_buffer_desc initiator_address;
-                    OM_uint32       acceptor_addrtype;
-                    gss_buffer_desc acceptor_address;
-                    gss_buffer_desc application_data;
-                 } *gss_channel_bindings_t;
-
-   The initiator_addrtype and acceptor_addrtype fields denote the type
-   of addresses contained in the initiator_address and acceptor_address
-   buffers.  The address type should be one of the following:
-
-          GSS_C_AF_UNSPEC      Unspecified address type
-          GSS_C_AF_LOCAL       Host-local address type
-          GSS_C_AF_INET        DARPA Internet address type
-          GSS_C_AF_IMPLINK     ARPAnet IMP address type (eg IP)
-          GSS_C_AF_PUP         pup protocols (eg BSP) address type
-          GSS_C_AF_CHAOS       MIT CHAOS protocol address type
-          GSS_C_AF_NS          XEROX NS address type
-          GSS_C_AF_NBS         nbs address type
-          GSS_C_AF_ECMA        ECMA address type
-          GSS_C_AF_DATAKIT     datakit protocols address type
-          GSS_C_AF_CCITT       CCITT protocols (eg X.25)
-          GSS_C_AF_SNA         IBM SNA address type
-          GSS_C_AF_DECnet      DECnet address type
-          GSS_C_AF_DLI         Direct data link interface address type
-          GSS_C_AF_LAT         LAT address type
-          GSS_C_AF_HYLINK      NSC Hyperchannel address type
-          GSS_C_AF_APPLETALK   AppleTalk address type
-          GSS_C_AF_BSC         BISYNC 2780/3780 address type
-          GSS_C_AF_DSS         Distributed system services address type
-          GSS_C_AF_OSI         OSI TP4 address type
-          GSS_C_AF_X25         X25
-          GSS_C_AF_NULLADDR    No address specified
-
-   Note that these name address families rather than specific addressing
-   formats.  For address families that contain several alternative
-   address forms, the initiator_address and acceptor_address fields must
-   contain sufficient information to determine which address form is
-   used.  When not otherwise specified, addresses should be specified in
-   network byte-order.
-
-   Conceptually, the GSSAPI concatenates the initiator_addrtype,
-   initiator_address, acceptor_addrtype, acceptor_address and
-   application_data to form an octet string.  The mechanism signs this
-   octet string, and binds the signature to the context establishment
-   token emitted by gss_init_sec_context.  The same bindings are
-   presented by the context acceptor to gss_accept_sec_context, and a
-
-
-
-Wray                                                           [Page 12]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   signature is calculated in the same way.  The calculated signature is
-   compared with that found in the token, and if the signatures differ,
-   gss_accept_sec_context will return a GSS_S_BAD_BINDINGS error, and
-   the context will not be established.  Some mechanisms may include the
-   actual channel binding data in the token (rather than just a
-   signature); applications should therefore not use confidential data
-   as channel-binding components.  Individual mechanisms may impose
-   additional constraints on addresses and address types that may appear
-   in channel bindings.  For example, a mechanism may verify that the
-   initiator_address field of the channel bindings presented to
-   gss_init_sec_context contains the correct network address of the host
-   system.
-
-2.1.12. Optional parameters
-
-   Various parameters are described as optional.  This means that they
-   follow a convention whereby a default value may be requested.  The
-   following conventions are used for omitted parameters.  These
-   conventions apply only to those parameters that are explicitly
-   documented as optional.
-
-2.1.12.1. gss_buffer_t types
-
-   Specify GSS_C_NO_BUFFER as a value.  For an input parameter this
-   signifies that default behavior is requested, while for an output
-   parameter it indicates that the information that would be returned
-   via the parameter is not required by the application.
-
-2.1.12.2. Integer types (input)
-
-   Individual parameter documentation lists values to be used to
-   indicate default actions.
-
-2.1.12.3. Integer types (output)
-
-   Specify NULL as the value for the pointer.
-
-2.1.12.4. Pointer types
-
-   Specify NULL as the value.
-
-2.1.12.5. Object IDs
-
-   Specify GSS_C_NULL_OID as the value.
-
-2.1.12.6. Object ID Sets
-
-   Specify GSS_C_NULL_OID_SET as the value.
-
-
-
-Wray                                                           [Page 13]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-2.1.12.7. Credentials
-
-   Specify GSS_C_NO_CREDENTIAL to use the default credential handle.
-
-2.1.12.8. Channel Bindings
-
-   Specify GSS_C_NO_CHANNEL_BINDINGS to indicate that channel bindings
-   are not to be used.
-
-3. GSSAPI routine descriptions
-
-2.1. gss_acquire_cred
-
-      OM_uint32  gss_acquire_cred (
-                     OM_uint32 *     minor_status,
-                     gss_name_t      desired_name,
-                     OM_uint32       time_req,
-                     gss_OID_set     desired_mechs,
-                     int             cred_usage,
-                     gss_cred_id_t * output_cred_handle,
-                     gss_OID_set *   actual_mechs,
-                      OM_int32 *      time_rec)
-   Purpose:
-
-   Allows an application to acquire a handle for a pre-existing
-   credential by name.  GSSAPI implementations must impose a local
-   access-control policy on callers of this routine to prevent
-   unauthorized callers from acquiring credentials to which they are not
-   entitled.  This routine is not intended to provide a "login to the
-   network" function, as such a function would result in the creation of
-   new credentials rather than merely acquiring a handle to existing
-   credentials.  Such functions, if required, should be defined in
-   implementation-specific extensions to the API.
-
-   If credential acquisition is time-consuming for a mechanism, the
-   mechanism may chooses to delay the actual acquisition until the
-   credential is required (e.g., by gss_init_sec_context or
-   gss_accept_sec_context).  Such mechanism-specific implementation
-   decisions should be invisible to the calling application; thus a call
-   of gss_inquire_cred immediately following the call of
-   gss_acquire_cred must return valid credential data, and may therefore
-   incur the overhead of a deferred credential acquisition.
-
-   Parameters:
-
-      desired_name      gss_name_t, read
-                        Name of principal whose credential
-                        should be acquired
-
-
-
-Wray                                                           [Page 14]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      time_req          integer, read
-                        number of seconds that credentials
-                        should remain valid
-
-      desired_mechs     Set of Object IDs, read
-                        set of underlying security mechanisms that
-                        may be used.  GSS_C_NULL_OID_SET may be used
-                        to obtain an implementation-specific default.
-
-      cred_usage        integer, read
-                        GSS_C_BOTH - Credentials may be used
-                                     either to initiate or accept
-                                     security contexts.
-                        GSS_C_INITIATE - Credentials will only be
-                                         used to initiate security
-                                         contexts.
-                        GSS_C_ACCEPT - Credentials will only be used to
-                                       accept security contexts.
-
-      output_cred_handle   gss_cred_id_t, modify
-                           The returned credential handle.
-
-      actual_mechs      Set of Object IDs, modify, optional
-                        The set of mechanisms for which the
-                        credential is valid.  Specify NULL
-                        if not required.
-
-      time_rec          Integer, modify, optional
-                        Actual number of seconds for which the
-                        returned credentials will remain valid.  If the
-                        implementation does not support expiration of
-                        credentials, the value GSS_C_INDEFINITE will
-                        be returned. Specify NULL if not required
-
-      minor_status      Integer, modify
-                        Mechanism specific status code.
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_BAD_MECH    Unavailable mechanism requested
-
-      GSS_S_BAD_NAMETYPE Type contained within desired_name parameter is
-                        not supported
-
-      GSS_S_BAD_NAME    Value supplied for desired_name parameter is
-
-
-
-Wray                                                           [Page 15]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                        ill-formed.
-
-      GSS_S_FAILURE     Unspecified failure.  The minor_status parameter
-                        contains more detailed information
-
-3.2. gss_release_cred
-
-      OM_uint32  gss_release_cred (
-                     OM_uint32 *     minor_status,
-                     gss_cred_id_t * cred_handle)
-
-   Purpose:
-
-   Informs GSSAPI that the specified credential handle is no longer
-   required by the process.  When all processes have released a
-   credential, it will be deleted.
-
-   Parameters:
-
-      cred_handle       gss_cred_id_t, modify, optional
-                        buffer containing opaque credential
-                        handle.  If  GSS_C_NO_CREDENTIAL  is supplied,
-                        the default credential will be released
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_NO_CRED     Credentials could not be accessed.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Wray                                                           [Page 16]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-3.3. gss_init_sec_context
-
-      OM_uint32  gss_init_sec_context (
-                     OM_uint32 *     minor_status,
-                     gss_cred_id_t   claimant_cred_handle,
-                     gss_ctx_id_t *  context_handle,
-                     gss_name_t      target_name,
-                     gss_OID         mech_type,
-                     int             req_flags,
-                     int             time_req,
-                     gss_channel_bindings_t
-                                     input_chan_bindings,
-                     gss_buffer_t    input_token
-                     gss_OID *       actual_mech_type,
-                     gss_buffer_t    output_token,
-                     int *           ret_flags,
-                     OM_uint32 *     time_rec )
-
-   Purpose:
-
-   Initiates the establishment of a security context between the
-   application and a remote peer.  Initially, the input_token parameter
-   should be specified as GSS_C_NO_BUFFER.  The routine may return a
-   output_token which should be transferred to the peer application,
-   where the peer application will present it to gss_accept_sec_context.
-   If no token need be sent, gss_init_sec_context will indicate this by
-   setting the length field of the output_token argument to zero.  To
-   complete the context establishment, one or more reply tokens may be
-   required from the peer application; if so, gss_init_sec_context will
-   return a status indicating GSS_S_CONTINUE_NEEDED in which case it
-   should be called again when the reply token is received from the peer
-   application, passing the token to gss_init_sec_context via the
-   input_token parameters.
-
-   The values returned via the ret_flags and time_rec parameters are not
-   defined unless the routine returns GSS_S_COMPLETE.
-
-   Parameters:
-
-      claimant_cred_handle  gss_cred_id_t, read, optional
-                            handle for credentials claimed.  Supply
-                            GSS_C_NO_CREDENTIAL to use default
-                            credentials.
-
-      context_handle    gss_ctx_id_t, read/modify
-                        context handle for new context.  Supply
-                        GSS_C_NO_CONTEXT for first call; use value
-                        returned by first call in continuation calls.
-
-
-
-Wray                                                           [Page 17]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      target_name       gss_name_t, read
-                        Name of target
-
-      mech_type         OID, read, optional
-                        Object ID of desired mechanism. Supply
-                        GSS_C_NULL_OID to obtain an implementation
-                        specific default
-
-      req_flags         bit-mask, read
-                        Contains four independent flags, each of
-                        which requests that the context support a
-                        specific service option.  Symbolic
-                        names are provided for each flag, and the
-                        symbolic names corresponding to the required
-                        flags should be logically-ORed
-                        together to form the bit-mask value.  The
-                        flags are:
-
-                        GSS_C_DELEG_FLAG
-                              True - Delegate credentials to remote peer
-                              False - Don't delegate
-                        GSS_C_MUTUAL_FLAG
-                              True - Request that remote peer
-                                     authenticate itself
-                              False - Authenticate self to remote peer
-                                      only
-                        GSS_C_REPLAY_FLAG
-                              True - Enable replay detection for signed
-                                     or sealed messages
-                              False - Don't attempt to detect
-                                      replayed messages
-                        GSS_C_SEQUENCE_FLAG
-                              True - Enable detection of out-of-sequence
-                                     signed or sealed messages
-                              False - Don't attempt to detect
-                                      out-of-sequence messages
-
-      time_req          integer, read
-                        Desired number of seconds for which context
-                        should remain valid.  Supply 0 to request a
-                        default validity period.
-
-      input_chan_bindings     channel bindings, read
-                              Application-specified bindings.  Allows
-                              application to securely bind channel
-                              identification information to the security
-                              context.
-
-
-
-
-Wray                                                           [Page 18]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      input_token       buffer, opaque, read, optional (see text)
-                        Token received from peer application.
-                        Supply GSS_C_NO_BUFFER on initial call.
-
-      actual_mech_type  OID, modify
-                        actual mechanism used.
-
-      output_token      buffer, opaque, modify
-                        token to be sent to peer application.  If
-                        the length field of the returned buffer is
-                        zero, no token need be sent to the peer
-                        application.
-
-      ret_flags         bit-mask, modify
-                        Contains six independent flags, each of which
-                        indicates that the context supports a specific
-                        service option.  Symbolic names are provided
-                        for each flag, and the symbolic names
-                        corresponding to the required flags should be
-                        logically-ANDed with the ret_flags value to test
-                        whether a given option is supported by the
-                        context.  The flags are:
-
-                        GSS_C_DELEG_FLAG
-                              True - Credentials were delegated to
-                                     the remote peer
-                              False - No credentials were delegated
-                        GSS_C_MUTUAL_FLAG
-                              True - Remote peer has been asked to
-                                     authenticated itself
-                              False - Remote peer has not been asked to
-                                      authenticate itself
-                        GSS_C_REPLAY_FLAG
-                              True - replay of signed or sealed messages
-                                     will be detected
-                              False - replayed messages will not be
-                                      detected
-                        GSS_C_SEQUENCE_FLAG
-                              True - out-of-sequence signed or sealed
-                                     messages will be detected
-                              False - out-of-sequence messages will not
-                                      be detected
-                        GSS_C_CONF_FLAG
-                              True - Confidentiality service may be
-                                     invoked by calling seal routine
-                              False - No confidentiality service (via
-                                      seal) available. seal will provide
-                                      message encapsulation, data-origin
-
-
-
-Wray                                                           [Page 19]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                                      authentication and integrity
-                                      services only.
-                        GSS_C_INTEG_FLAG
-                              True - Integrity service may be invoked by
-                                     calling either gss_sign or gss_seal
-                                     routines.
-                              False - Per-message integrity service
-                                      unavailable.
-
-      time_rec          integer, modify, optional
-                        number of seconds for which the context
-                        will remain valid. If the implementation does
-                        not support credential expiration, the value
-                        GSS_C_INDEFINITE will be returned.  Specify
-                        NULL if not required.
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-   Function value:
-
-   GSS status code:
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTINUE_NEEDED Indicates that a token from the peer
-                     application is required to complete thecontext, and
-                     that gss_init_sec_context must be called again with
-                     that token.
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on
-                     the input_token failed
-
-   GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
-                     performed on the credential failed.
-
-   GSS_S_NO_CRED     The supplied credentials were not valid for context
-                     initiation, or the credential handle did not
-                     reference any credentials.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired
-
-   GSS_S_BAD_BINDINGS The input_token contains different channel
-                     bindings to those specified via the
-                     input_chan_bindings parameter
-
-   GSS_S_BAD_SIG     The input_token contains an invalid signature, or a
-                     signature that could not be verified
-
-
-
-Wray                                                           [Page 20]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal error
-                     during context establishment
-
-   GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of
-                     a token already processed.  This is a fatal error
-                     during context establishment.
-
-   GSS_S_NO_CONTEXT  Indicates that the supplied context handle did not
-                     refer to a valid context
-
-   GSS_S_BAD_NAMETYPE The provided target_name parameter contained an
-                     invalid or unsupported type of name
-
-   GSS_S_BAD_NAME    The provided target_name parameter was ill-formed.
-
-   GSS_S_FAILURE     Failure.  See minor_status for more information
-
-3.4. gss_accept_sec_context
-
-      OM_uint32  gss_accept_sec_context (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t *  context_handle,
-                     gss_cred_id_t   verifier_cred_handle,
-                     gss_buffer_t    input_token_buffer
-                     gss_channel_bindings_t
-                                     input_chan_bindings,
-                     gss_name_t *    src_name,
-                     gss_OID *       mech_type,
-                     gss_buffer_t    output_token,
-                     int *           ret_flags,
-                     OM_uint32 *     time_rec,
-                     gss_cred_id_t * delegated_cred_handle)
-
-   Purpose:
-
-   Allows a remotely initiated security context between the application
-   and a remote peer to be established.  The routine may return a
-   output_token which should be transferred to the peer application,
-   where the peer application will present it to gss_init_sec_context.
-   If no token need be sent, gss_accept_sec_context will indicate this
-   by setting the length field of the output_token argument to zero.  To
-   complete the context establishment, one or more reply tokens may be
-   required from the peer application; if so, gss_accept_sec_context
-   will return a status flag of GSS_S_CONTINUE_NEEDED, in which case it
-   should be called again when the reply token is received from the peer
-   application, passing the token to gss_accept_sec_context via the
-   input_token parameters.
-
-
-
-
-Wray                                                           [Page 21]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   The values returned via the src_name, ret_flags, time_rec, and
-   delegated_cred_handle parameters are not defined unless the routine
-   returns GSS_S_COMPLETE.
-
-   Parameters:
-
-      context_handle    gss_ctx_id_t, read/modify
-                        context handle for new context.  Supply
-                        GSS_C_NO_CONTEXT for first call; use value
-                        returned in subsequent calls.
-
-      verifier_cred_handle    gss_cred_id_t, read, optional
-                              Credential handle claimed by context
-      acceptor.
-                              Specify GSS_C_NO_CREDENTIAL to use default
-                              credentials.  If GSS_C_NO_CREDENTIAL is
-                              specified, but the caller has no default
-                              credentials established, an
-                              implementation-defined default credential
-                              may be used.
-
-      input_token_buffer      buffer, opaque, read
-                              token obtained from remote application
-
-      input_chan_bindings     channel bindings, read
-                              Application-specified bindings.  Allows
-                              application to securely bind channel
-                              identification information to the security
-                              context.
-
-      src_name          gss_name_t, modify, optional
-                        Authenticated name of context initiator.
-                        After use, this name should be deallocated by
-                        passing it to gss_release_name.  If not required,
-                        specify NULL.
-
-      mech_type         Object ID, modify
-                        Security mechanism used.  The returned
-                        OID value will be a pointer into static
-                        storage, and should be treated as read-only
-                        by the caller.
-
-      output_token      buffer, opaque, modify
-                        Token to be passed to peer application. If the
-                        length field of the returned token buffer is 0,
-                        then no token need be passed to the peer
-                        application.
-
-
-
-
-Wray                                                           [Page 22]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      ret_flags         bit-mask, modify
-                        Contains six independent flags, each of
-                        which indicates that the context supports a
-                        specific service option.  Symbolic names are
-                        provided for each flag, and the symbolic names
-                        corresponding to the required flags
-                        should be logically-ANDed with the ret_flags
-                        value to test whether a given option is
-                        supported by the context.  The flags are:
-                        GSS_C_DELEG_FLAG
-                              True - Delegated credentials are available
-                                     via the delegated_cred_handle
-                                     parameter
-                              False - No credentials were delegated
-                        GSS_C_MUTUAL_FLAG
-                              True - Remote peer asked for mutual
-                                     authentication
-                              False - Remote peer did not ask for mutual
-                                      authentication
-                        GSS_C_REPLAY_FLAG
-                              True - replay of signed or sealed messages
-                                     will be detected
-                              False - replayed messages will not be
-                                      detected
-                        GSS_C_SEQUENCE_FLAG
-                              True - out-of-sequence signed or sealed
-                                     messages will be detected
-                              False - out-of-sequence messages will not
-                                      be detected
-                        GSS_C_CONF_FLAG
-                              True - Confidentiality service may be
-                                     invoked by calling seal routine
-                              False - No confidentiality service (via
-                                      seal) available. seal will
-                                      provide message encapsulation,
-                                      data-origin authentication and
-                                      integrity services only.
-                        GSS_C_INTEG_FLAG
-                              True - Integrity service may be invoked
-                                     by calling either gss_sign or
-                                     gss_seal routines.
-                              False - Per-message integrity service
-                                      unavailable.
-
-      time_rec          integer, modify, optional
-                        number of seconds for which the context
-                        will remain valid. Specify NULL if not required.
-
-
-
-
-Wray                                                           [Page 23]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      delegated_cred_handle
-                        gss_cred_id_t, modify
-                        credential handle for credentials received from
-                        context initiator.  Only valid if deleg_flag in
-                        ret_flags is true.
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_CONTINUE_NEEDED Indicates that a token from the peer
-                        application is required to complete the context,
-                        and that gss_accept_sec_context must be called
-                        again with that token.
-
-      GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks
-                        performed on the input_token failed.
-
-      GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
-                        performed on the credential failed.
-
-      GSS_S_NO_CRED The supplied credentials were not valid for
-                        context acceptance, or the credential handle
-                        did not reference any credentials.
-
-      GSS_S_CREDENTIALS_EXPIRED The referenced credentials have
-                        expired.
-
-      GSS_S_BAD_BINDINGS The input_token contains different channel
-                        bindings to those specified via the
-                        input_chan_bindings parameter.
-
-      GSS_S_NO_CONTEXT Indicates that the supplied context handle did
-                       not refer to a valid context.
-
-      GSS_S_BAD_SIG    The input_token contains an invalid signature.
-
-      GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal
-                        error during context establishment.
-
-      GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a
-                        duplicate of a token already processed.  This
-                        is a fatal error during context establishment.
-
-
-
-Wray                                                           [Page 24]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      GSS_S_FAILURE     Failure.  See minor_status for more information.
-
-3.5. gss_process_context_token
-
-      OM_uint32  gss_process_context_token (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t    context_handle,
-                     gss_buffer_t    token_buffer)
-
-   Purpose:
-
-   Provides a way to pass a token to the security service.  Usually,
-   tokens are associated either with context establishment (when they
-   would be passed to gss_init_sec_context or gss_accept_sec_context) or
-   with per-message security service (when they would be passed to
-   gss_verify or gss_unseal).  Occasionally, tokens may be received at
-   other times, and gss_process_context_token allows such tokens to be
-   passed to the underlying security service for processing.  At
-   present, such additional tokens may only be generated by
-   gss_delete_sec_context.  GSSAPI implementation may use this service
-   to implement deletion of the security context.
-
-   Parameters:
-
-      context_handle    gss_ctx_id_t, read
-                        context handle of context on which token is to
-                        be processed
-
-      token_buffer      buffer, opaque, read
-                        pointer to first byte of token to process
-
-      minor_status      integer, modify
-                        Implementation specific status code.
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks
-                        performed on the token failed
-
-      GSS_S_FAILURE     Failure.  See minor_status for more information
-
-      GSS_S_NO_CONTEXT The context_handle did not refer to a valid
-                       context
-
-
-
-
-Wray                                                           [Page 25]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-3.6. gss_delete_sec_context
-
-      OM_uint32  gss_delete_sec_context (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t *  context_handle,
-                     gss_buffer_t    output_token)
-
-   Purpose:
-
-   Delete a security context.  gss_delete_sec_context will delete the
-   local data structures associated with the specified security context,
-   and generate an output_token, which when passed to the peer
-   gss_process_context_token will instruct it to do likewise.  No
-   further security services may be obtained using the context specified
-   by context_handle.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      context_handle    gss_ctx_id_t, modify
-                        context handle identifying context to delete.
-
-      output_token      buffer, opaque, modify
-                        token to be sent to remote application to
-                        instruct it to also delete the context
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_FAILURE     Failure, see minor_status for more information
-
-      GSS_S_NO_CONTEXT  No valid context was supplied
-
-3.7. gss_context_time
-
-      OM_uint32  gss_context_time (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t    context_handle,
-                     OM_uint32 *     time_rec)
-   Purpose:
-
-   Determines the number of seconds for which the specified context will
-   remain valid.
-
-
-
-Wray                                                           [Page 26]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      Parameters:
-
-      minor_status      integer, modify
-                        Implementation specific status code.
-
-      context_handle    gss_ctx_id_t, read
-                        Identifies the context to be interrogated.
-
-      time_rec          integer, modify
-                        Number of seconds that the context will remain
-                        valid.  If the context has already expired,
-                        zero will be returned.
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_CONTEXT_EXPIRED The context has already expired
-
-      GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
-                        associated credentials have expired
-
-      GSS_S_NO_CONTEXT The context_handle parameter did not identify a
-                        valid context
-
-3.8. gss_sign
-
-      OM_uint32  gss_sign (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t    context_handle,
-                     int             qop_req,
-                     gss_buffer_t    message_buffer,
-                     gss_buffer_t    msg_token)
-   Purpose:
-
-   Generates a cryptographic signature for the supplied message, and
-   places the signature in a token for transfer to the peer application.
-   The qop_req parameter allows a choice between several cryptographic
-   algorithms, if supported by the chosen mechanism.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Implementation specific status code.
-
-      context_handle    gss_ctx_id_t, read
-                        identifies the context on which the message
-
-
-
-Wray                                                           [Page 27]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                        will be sent
-
-      qop_req           integer, read, optional
-                        Specifies requested quality of protection.
-                        Callers are encouraged, on portability grounds,
-                        to accept the default quality of protection
-                        offered by the chosen mechanism, which may be
-                        requested by specifying GSS_C_QOP_DEFAULT for
-                        this parameter.  If an unsupported protection
-                        strength is requested, gss_sign will return a
-                        major_status of GSS_S_FAILURE.
-
-      message_buffer    buffer, opaque, read
-                        message to be signed
-
-      msg_token         buffer, opaque, modify
-                        buffer to receive token
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_CONTEXT_EXPIRED The context has already expired
-
-      GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
-                        associated credentials have expired
-
-      GSS_S_NO_CONTEXT  The context_handle parameter did not identify a
-                        valid context
-
-      GSS_S_FAILURE     Failure. See minor_status for more information.
-
-3.9. gss_verify
-
-      OM_uint32  gss_verify (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t    context_handle,
-                     gss_buffer_t    message_buffer,
-                     gss_buffer_t    token_buffer,
-                     int *           qop_state)
-   Purpose:
-
-   Verifies that a cryptographic signature, contained in the token
-   parameter, fits the supplied message.  The qop_state parameter allows
-   a message recipient to determine the strength of protection that was
-   applied to the message.
-
-
-
-Wray                                                           [Page 28]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      context_handle    gss_ctx_id_t, read
-                        identifies the context on which the message
-                        arrived
-
-      message_buffer    buffer, opaque, read
-                        message to be verified
-
-      token_buffer      buffer, opaque, read
-                        token associated with message
-
-      qop_state         integer, modify
-                        quality of protection gained from signature
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
-
-      GSS_S_BAD_SIG     The signature was incorrect
-
-      GSS_S_DUPLICATE_TOKEN The token was valid, and contained a correct
-                        signature for the message, but it had already
-                        been processed
-
-      GSS_S_OLD_TOKEN   The token was valid, and contained a correct
-                        signature for the message, but it is too old
-
-      GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct
-                        signature for the message, but has been
-                        verified out of sequence; an earlier token has
-                        been signed or sealed by the remote
-                        application, but not yet been processed
-                        locally.
-
-      GSS_S_CONTEXT_EXPIRED The context has already expired
-
-      GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
-                        associated credentials have expired
-
-
-
-
-
-Wray                                                           [Page 29]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      GSS_S_NO_CONTEXT  The context_handle parameter did not identify a
-                        valid context
-
-      GSS_S_FAILURE     Failure.  See minor_status for more information.
-
-3.10. gss_seal
-
-      OM_uint32  gss_seal (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t    context_handle,
-                     int             conf_req_flag,
-                     int             qop_req
-                     gss_buffer_t    input_message_buffer,
-                     int *           conf_state,
-                     gss_buffer_t    output_message_buffer)
-
-   Purpose:
-
-   Cryptographically signs and optionally encrypts the specified
-   input_message.  The output_message contains both the signature and
-   the message.  The qop_req parameter allows a choice between several
-   cryptographic algorithms, if supported by the chosen mechanism.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      context_handle    gss_ctx_id_t, read
-                        identifies the context on which the message
-                        will be sent
-
-      conf_req_flag     boolean, read
-                        True - Both confidentiality and integrity
-                               services are requested
-                        False - Only integrity service is requested
-
-      qop_req           integer, read, optional
-                        Specifies required quality of protection.  A
-                        mechanism-specific default may be requested by
-                        setting qop_req to GSS_C_QOP_DEFAULT.  If an
-                        unsupported protection strength is requested,
-                        gss_seal will return a major_status of
-                        GSS_S_FAILURE.
-
-      input_message_buffer   buffer, opaque, read
-                             message to be sealed
-
-
-
-
-Wray                                                           [Page 30]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      conf_state        boolean, modify
-                        True - Confidentiality, data origin
-                               authentication and integrity services
-                               have been applied
-                        False - Integrity and data origin services only
-                                has been applied.
-
-      output_message_buffer  buffer, opaque, modify
-                             buffer to receive sealed message
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_CONTEXT_EXPIRED The context has already expired
-
-      GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
-                        associated credentials have expired
-
-      GSS_S_NO_CONTEXT  The context_handle parameter did not identify a
-                        valid context
-
-      GSS_S_FAILURE     Failure.  See minor_status for more information.
-
-3.11. gss_unseal
-
-      OM_uint32  gss_unseal (
-                     OM_uint32 *     minor_status,
-                     gss_ctx_id_t    context_handle,
-                     gss_buffer_t    input_message_buffer,
-                     gss_buffer_t    output_message_buffer,
-                     int *           conf_state,
-                     int *           qop_state)
-
-   Purpose:
-
-   Converts a previously sealed message back to a usable form, verifying
-   the embedded signature.  The conf_state parameter indicates whether
-   the message was encrypted; the qop_state parameter indicates the
-   strength of protection that was used to provide the confidentiality
-   and integrity services.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-
-
-Wray                                                           [Page 31]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      context_handle    gss_ctx_id_t, read
-                        identifies the context on which the message
-                        arrived
-
-      input_message_buffer   buffer, opaque, read
-                             sealed message
-
-      output_message_buffer  buffer, opaque, modify
-                             buffer to receive unsealed message
-
-      conf_state        boolean, modify
-                        True - Confidentiality and integrity protection
-                               were used
-                        False - Inteegrity service only was used
-
-      qop_state         integer, modify
-                        quality of protection gained from signature
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
-
-      GSS_S_BAD_SIG     The signature was incorrect
-
-      GSS_S_DUPLICATE_TOKEN The token was valid, and contained a
-                        correct signature for the message, but it had
-                        already been processed
-
-      GSS_S_OLD_TOKEN The token was valid, and contained a correct
-                        signature for the message, but it is too old
-
-      GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct
-                        signature for the message, but has been
-                        verified out of sequence; an earlier token has
-                        been signed or sealed by the remote
-                        application, but not yet been processed
-                        locally.
-
-      GSS_S_CONTEXT_EXPIRED The context has already expired
-
-      GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
-                        associated credentials have expired
-
-
-
-
-
-Wray                                                           [Page 32]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      GSS_S_NO_CONTEXT  The context_handle parameter did not identify a
-                        valid context
-
-      GSS_S_FAILURE     Failure.  See minor_status for more information.
-
-3.12. gss_display_status
-
-      OM_uint32  gss_display_status (
-                     OM_uint32 *     minor_status,
-                     int             status_value,
-                     int             status_type,
-                     gss_OID         mech_type,
-                     int *           message_context,
-                     gss_buffer_t    status_string)
-
-   Purpose:
-
-   Allows an application to obtain a textual representation of a GSSAPI
-   status code, for display to the user or for logging purposes.  Since
-   some status values may indicate multiple errors, applications may
-   need to call gss_display_status multiple times, each call generating
-   a single text string.  The message_context parameter is used to
-   indicate which error message should be extracted from a given
-   status_value; message_context should be initialized to 0, and
-   gss_display_status will return a non-zero value if there are further
-   messages to extract.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      status_value      integer, read
-                        Status value to be converted
-
-      status_type       integer, read
-                        GSS_C_GSS_CODE - status_value is a GSS status
-                                         code
-                        GSS_C_MECH_CODE - status_value is a mechanism
-                                          status code
-
-      mech_type         Object ID, read, optional
-                        Underlying mechanism (used to interpret a
-                        minor status value) Supply GSS_C_NULL_OID to
-                        obtain the system default.
-
-      message_context   integer, read/modify
-                        Should be initialized to zero by caller
-
-
-
-Wray                                                           [Page 33]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                        on first call.  If further messages are
-                        contained in the status_value parameter,
-                        message_context will be non-zero on return,
-                        and this value should be passed back to
-                        subsequent calls, along with the same
-                        status_value, status_type and mech_type
-                        parameters.
-
-      status_string     buffer, character string, modify
-                        textual interpretation of the status_value
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_BAD_MECH    Indicates that translation in accordance with
-                        an unsupported mechanism type was requested
-
-      GSS_S_BAD_STATUS The status value was not recognized, or the
-                        status type was neither GSS_C_GSS_CODE nor
-                        GSS_C_MECH_CODE.
-
-
-3.13. gss_indicate_mechs
-
-      OM_uint32  gss_indicate_mechs (
-                     OM_uint32 *     minor_status,
-                     gss_OID_set *   mech_set)
-
-   Purpose:
-
-         Allows an application to determine which underlying security
-         mechanisms are available.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      mech_set          set of Object IDs, modify
-                        set of implementation-supported mechanisms.
-                        The returned gss_OID_set value will be a
-                        pointer into static storage, and should be
-                        treated as read-only by the caller.
-
-
-
-
-
-Wray                                                           [Page 34]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-3.14. gss_compare_name
-
-      OM_uint32  gss_compare_name (
-                     OM_uint32 *     minor_status,
-                     gss_name_t      name1,
-                     gss_name_t      name2,
-                     int *           name_equal)
-
-   Purpose:
-
-   Allows an application to compare two internal-form names to determine
-   whether they refer to the same entity.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      name1             gss_name_t, read
-                        internal-form  name
-
-      name2             gss_name_t, read
-                        internal-form  name
-
-      name_equal        boolean, modify
-                        True - names refer to same entity
-                        False - names refer to different entities
-                                (strictly, the names are not known to
-                                refer to the same identity).
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_BAD_NAMETYPE The type contained within either name1 or
-                        name2 was unrecognized, or the names were of
-                        incomparable types.
-
-      GSS_S_BAD_NAME    One or both of name1 or name2 was ill-formed
-
-
-
-
-
-Wray                                                           [Page 35]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-3.15. gss_display_name
-
-      OM_uint32  gss_display_name (
-                     OM_uint32 *     minor_status,
-                     gss_name_t      input_name,
-                     gss_buffer_t    output_name_buffer,
-                     gss_OID *       output_name_type)
-
-   Purpose:
-
-   Allows an application to obtain a textual representation of an opaque
-   internal-form  name for display purposes.  The syntax of a printable
-   name is defined by the GSSAPI implementation.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code.
-
-      input_name        gss_name_t, read
-                        name to be displayed
-
-      output_name_buffer   buffer, character-string, modify
-                           buffer to receive textual name string
-
-      output_name_type  Object ID, modify
-                        The type of the returned name.  The returned
-                        gss_OID will be a pointer into static storage,
-                        and should be treated as read-only by the caller
-
-   Function value:
-
-      GSS status code:
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_BAD_NAMETYPE The type of input_name was not recognized
-
-      GSS_S_BAD_NAME    input_name was ill-formed
-
-3.16. gss_import_name
-
-      OM_uint32 gss_import_name (
-                    OM_uint32 *     minor_status,
-                    gss_buffer_t    input_name_buffer,
-                    gss_OID         input_name_type,
-                    gss_name_t *    output_name)
-
-
-
-
-Wray                                                           [Page 36]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   Purpose:
-
-   Convert a printable name to internal form.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code
-
-      input_name_buffer    buffer, character-string, read
-                           buffer containing printable name to convert
-
-      input_name_type   Object ID, read, optional
-                        Object Id specifying type of printable
-                        name.  Applications may specify either
-                        GSS_C_NULL_OID to use a local system-specific
-                        printable syntax, or an OID registered by the
-                        GSSAPI implementation to name a particular
-                        namespace.
-
-      output_name       gss_name_t, modify
-                        returned name in internal form
-
-   Function value:
-
-      GSS status code
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_BAD_NAMETYPE The input_name_type was unrecognized
-
-      GSS_S_BAD_NAME    The input_name parameter could not be
-                        interpreted as a name of the specified type
-
-3.17. gss_release_name
-
-      OM_uint32 gss_release_name (
-                    OM_uint32 *     minor_status,
-                    gss_name_t *    name)
-
-   Purpose:
-
-   Free GSSAPI-allocated storage associated with an internal form name.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code
-
-
-
-Wray                                                           [Page 37]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-      name              gss_name_t, modify
-                        The name to be deleted
-
-   Function value:
-
-      GSS status code
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_BAD_NAME    The name parameter did not contain a valid name
-
-3.18. gss_release_buffer
-
-      OM_uint32 gss_release_buffer (
-                    OM_uint32 *     minor_status,
-                    gss_buffer_t    buffer)
-
-   Purpose:
-
-   Free storage associated with a buffer format name.  The storage must
-   have been allocated by a GSSAPI routine.  In addition to freeing the
-   associated storage, the routine will zero the length field in the
-   buffer parameter.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code
-
-      buffer            buffer, modify
-                        The storage associated with the buffer will be
-                        deleted.  The gss_buffer_desc object will not
-                        be freed, but its length field will be zeroed.
-
-   Function value:
-
-      GSS status code
-
-      GSS_S_COMPLETE    Successful completion
-
-3.19. gss_release_oid_set
-
-      OM_uint32 gss_release_oid_set (
-                    OM_uint32 *     minor_status,
-                    gss_OID_set *   set)
-
-   Purpose:
-
-
-
-
-Wray                                                           [Page 38]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   Free storage associated with a gss_OID_set object.  The storage must
-   have been allocated by a GSSAPI routine.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code
-
-      set               Set of Object IDs, modify
-                        The storage associated with the gss_OID_set
-                        will be deleted.
-
-   Function value:
-
-      GSS status code
-
-      GSS_S_COMPLETE    Successful completion
-
-3.20. gss_inquire_cred
-
-      OM_uint32 gss_inquire_cred (
-                    OM_uint32  *    minor_status,
-                    gss_cred_id_t   cred_handle,
-                    gss_name_t *    name,
-                    OM_uint32 *     lifetime,
-                    int *           cred_usage,
-                    gss_OID_set *   mechanisms )
-
-   Purpose:
-
-   Obtains information about a credential.  The caller must already have
-   obtained a handle that refers to the credential.
-
-   Parameters:
-
-      minor_status      integer, modify
-                        Mechanism specific status code
-
-      cred_handle       gss_cred_id_t, read
-                        A handle that refers to the target credential.
-                        Specify GSS_C_NO_CREDENTIAL to inquire about
-                        the default credential.
-
-      name              gss_name_t, modify
-                        The name whose identity the credential asserts.
-                        Specify NULL if not required.
-
-      lifetime          Integer, modify
-
-
-
-Wray                                                           [Page 39]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-                        The number of seconds for which the credential
-                        will remain valid.  If the credential has
-                        expired, this parameter will be set to zero.
-                        If the implementation does not support
-                        credential expiration, the value
-                        GSS_C_INDEFINITE will be returned.  Specify
-                        NULL if not required.
-
-      cred_usage        Integer, modify
-                        How the credential may be used.  One of the
-                        following:
-                           GSS_C_INITIATE
-                           GSS_C_ACCEPT
-                           GSS_C_BOTH
-                        Specify NULL if not required.
-
-      mechanisms        gss_OID_set, modify
-                        Set of mechanisms supported by the credential.
-                        Specify NULL if not required.
-
-   Function value:
-
-      GSS status code
-
-      GSS_S_COMPLETE    Successful completion
-
-      GSS_S_NO_CRED     The referenced credentials could not be
-                        accessed.
-
-      GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials were
-                        invalid.
-
-      GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.
-                        If the lifetime parameter was not passed as
-                        NULL, it will be set to 0.
-
-
-  #ifndef GSSAPI_H_
-  #define GSSAPI_H_
-
-  /*
-   * First, define the platform-dependent types.
-   */
-  typedef <platform-specific> OM_uint32;
-  typedef <platform-specific> gss_ctx_id_t;
-  typedef <platform-specific> gss_cred_id_t;
-  typedef <platform-specific> gss_name_t;
-
-
-
-
-Wray                                                           [Page 40]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-  /*
-   * Note that a platform supporting the xom.h X/Open header file
-   * may make use of that header for the definitions of OM_uint32
-   * and the structure to which gss_OID_desc equates.
-   */
-
-  typedef struct gss_OID_desc_struct {
-        OM_uint32 length;
-        void      *elements;
-  } gss_OID_desc, *gss_OID;
-
-  typedef struct gss_OID_set_desc_struct  {
-        int     count;
-        gss_OID elements;
-  } gss_OID_set_desc, *gss_OID_set;
-
-  typedef struct gss_buffer_desc_struct {
-        size_t length;
-        void *value;
-  } gss_buffer_desc, *gss_buffer_t;
-
-  typedef struct gss_channel_bindings_struct {
-        OM_uint32 initiator_addrtype;
-        gss_buffer_desc initiator_address;
-        OM_uint32 acceptor_addrtype;
-        gss_buffer_desc acceptor_address;
-        gss_buffer_desc application_data;
-  } *gss_channel_bindings_t;
-
-
-  /*
-   * Six independent flags each of which indicates that a context
-   * supports a specific service option.
-   */
-  #define GSS_C_DELEG_FLAG 1
-  #define GSS_C_MUTUAL_FLAG 2
-  #define GSS_C_REPLAY_FLAG 4
-  #define GSS_C_SEQUENCE_FLAG 8
-  #define GSS_C_CONF_FLAG 16
-  #define GSS_C_INTEG_FLAG 32
-
-
-  /*
-   * Credential usage options
-   */
-  #define GSS_C_BOTH 0
-  #define GSS_C_INITIATE 1
-  #define GSS_C_ACCEPT 2
-
-
-
-Wray                                                           [Page 41]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-  /*
-   * Status code types for gss_display_status
-   */
-  #define GSS_C_GSS_CODE 1
-  #define GSS_C_MECH_CODE 2
-
-  /*
-   * The constant definitions for channel-bindings address families
-   */
-  #define GSS_C_AF_UNSPEC     0;
-  #define GSS_C_AF_LOCAL      1;
-  #define GSS_C_AF_INET       2;
-  #define GSS_C_AF_IMPLINK    3;
-  #define GSS_C_AF_PUP        4;
-  #define GSS_C_AF_CHAOS      5;
-  #define GSS_C_AF_NS         6;
-  #define GSS_C_AF_NBS        7;
-  #define GSS_C_AF_ECMA       8;
-  #define GSS_C_AF_DATAKIT    9;
-  #define GSS_C_AF_CCITT      10;
-  #define GSS_C_AF_SNA        11;
-  #define GSS_C_AF_DECnet     12;
-  #define GSS_C_AF_DLI        13;
-  #define GSS_C_AF_LAT        14;
-  #define GSS_C_AF_HYLINK     15;
-  #define GSS_C_AF_APPLETALK  16;
-  #define GSS_C_AF_BSC        17;
-  #define GSS_C_AF_DSS        18;
-  #define GSS_C_AF_OSI        19;
-  #define GSS_C_AF_X25        21;
-
-  #define GSS_C_AF_NULLADDR   255;
-
-  #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-  #define GSS_C_NULL_OID ((gss_OID) 0)
-  #define GSS_C_NULL_OID_SET ((gss_OID_set) 0)
-  #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-  #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-  #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-  #define GSS_C_EMPTY_BUFFER {0, NULL}
-
-  /*
-   * Define the default Quality of Protection for per-message
-   * services.  Note that an implementation that offers multiple
-   * levels of QOP may either reserve a value (for example zero,
-   * as assumed here) to mean "default protection", or alternatively
-   * may simply equate GSS_C_QOP_DEFAULT to a specific explicit QOP
-   * value.
-
-
-
-Wray                                                           [Page 42]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-   */
-  #define GSS_C_QOP_DEFAULT 0
-
-  /*
-   * Expiration time of 2^32-1 seconds means infinite lifetime for a
-   * credential or security context
-   */
-  #define GSS_C_INDEFINITE 0xfffffffful
-
-
-  /* Major status codes */
-
-  #define GSS_S_COMPLETE 0
-
-  /*
-   * Some "helper" definitions to make the status code macros obvious.
-   */
-  #define GSS_C_CALLING_ERROR_OFFSET 24
-  #define GSS_C_ROUTINE_ERROR_OFFSET 16
-  #define GSS_C_SUPPLEMENTARY_OFFSET 0
-  #define GSS_C_CALLING_ERROR_MASK 0377ul
-  #define GSS_C_ROUTINE_ERROR_MASK 0377ul
-  #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-  /*
-   * The macros that test status codes for error conditions
-   */
-  #define GSS_CALLING_ERROR(x) \
-    (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-  #define GSS_ROUTINE_ERROR(x) \
-    (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-  #define GSS_SUPPLEMENTARY_INFO(x) \
-    (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-  #define GSS_ERROR(x) \
-    ((GSS_CALLING_ERROR(x) != 0) || (GSS_ROUTINE_ERROR(x) != 0))
-
-
-  /*
-   * Now the actual status code definitions
-   */
-
-  /*
-   * Calling errors:
-   */
-  #define GSS_S_CALL_INACCESSIBLE_READ \
-                               (1ul << GSS_C_CALLING_ERROR_OFFSET)
-  #define GSS_S_CALL_INACCESSIBLE_WRITE \
-                               (2ul << GSS_C_CALLING_ERROR_OFFSET)
-
-
-
-Wray                                                           [Page 43]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-  #define GSS_S_CALL_BAD_STRUCTURE \
-                               (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-  /*
-   * Routine errors:
-   */
-  #define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-  #define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-  /*
-   * Supplementary info bits:
-   */
-  #define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-  #define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-  #define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-  #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-
-
-  /*
-   * Finally, function prototypes for the GSSAPI routines.
-   */
-
-  OM_uint32 gss_acquire_cred
-             (OM_uint32*,       /* minor_status */
-              gss_name_t,       /* desired_name */
-              OM_uint32,        /* time_req */
-              gss_OID_set,      /* desired_mechs */
-              int,              /* cred_usage */
-              gss_cred_id_t*,   /* output_cred_handle */
-              gss_OID_set*,     /* actual_mechs */
-              OM_uint32*        /* time_rec */
-             );
-
-  OM_uint32 gss_release_cred,
-             (OM_uint32*,       /* minor_status */
-              gss_cred_id_t*    /* cred_handle */
-             );
-
-
-
-Wray                                                           [Page 44]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-  OM_uint32 gss_init_sec_context
-             (OM_uint32*,       /* minor_status */
-              gss_cred_id_t,    /* claimant_cred_handle */
-              gss_ctx_id_t*,    /* context_handle */
-              gss_name_t,       /* target_name */
-              gss_OID,          /* mech_type */
-              int,              /* req_flags */
-              OM_uint32,        /* time_req */
-              gss_channel_bindings_t,
-                                /* input_chan_bindings */
-              gss_buffer_t,     /* input_token */
-              gss_OID*,         /* actual_mech_type */
-              gss_buffer_t,     /* output_token */
-              int*,             /* ret_flags */
-              OM_uint32*        /* time_rec */
-             );
-
-  OM_uint32 gss_accept_sec_context
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t*,    /* context_handle */
-              gss_cred_id_t,    /* verifier_cred_handle */
-              gss_buffer_t,     /* input_token_buffer */
-              gss_channel_bindings_t,
-                                /* input_chan_bindings */
-              gss_name_t*,      /* src_name */
-              gss_OID*,         /* mech_type */
-              gss_buffer_t,     /* output_token */
-              int*,             /* ret_flags */
-              OM_uint32*,       /* time_rec */
-              gss_cred_id_t*    /* delegated_cred_handle */
-             );
-
-  OM_uint32 gss_process_context_token
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t,     /* context_handle */
-              gss_buffer_t      /* token_buffer */
-             );
-
-  OM_uint32 gss_delete_sec_context
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t*,    /* context_handle */
-              gss_buffer_t      /* output_token */
-             );
-
-
-
-
-
-
-
-
-Wray                                                           [Page 45]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-  OM_uint32 gss_context_time
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t,     /* context_handle */
-              OM_uint32*        /* time_rec */
-             );
-
-  OM_uint32 gss_sign
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t,     /* context_handle */
-              int,              /* qop_req */
-              gss_buffer_t,     /* message_buffer */
-              gss_buffer_t      /* message_token */
-             );
-
-  OM_uitn32 gss_verify
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t,     /* context_handle */
-              gss_buffer_t,     /* message_buffer */
-              gss_buffer_t,     /* token_buffer */
-              int*              /* qop_state */
-             );
-
-  OM_uint32 gss_seal
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t,     /* context_handle */
-              int,              /* conf_req_flag */
-              int,              /* qop_req */
-              gss_buffer_t,     /* input_message_buffer */
-              int*,             /* conf_state */
-              gss_buffer_t      /* output_message_buffer */
-             );
-
-  OM_uint32 gss_unseal
-             (OM_uint32*,       /* minor_status */
-              gss_ctx_id_t,     /* context_handle */
-              gss_buffer_t,     /* input_message_buffer */
-              gss_buffer_t,     /* output_message_buffer */
-              int*,             /* conf_state */
-              int*              /* qop_state */
-             );
-
-
-
-
-
-
-
-
-
-
-
-Wray                                                           [Page 46]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-  OM_uint32 gss_display_status
-             (OM_uint32*,       /* minor_status */
-              OM_uint32,        /* status_value */
-              int,              /* status_type */
-              gss_OID,          /* mech_type */
-              int*,             /* message_context */
-              gss_buffer_t      /* status_string */
-             );
-
-  OM_uint32 gss_indicate_mechs
-             (OM_uint32*,       /* minor_status */
-              gss_OID_set*      /* mech_set */
-             );
-
-  OM_uint32 gss_compare_name
-             (OM_uint32*,       /* minor_status */
-              gss_name_t,       /* name1 */
-              gss_name_t,       /* name2 */
-              int*              /* name_equal */
-             );
-
-  OM_uint32 gss_display_name,
-             (OM_uint32*,      /* minor_status */
-              gss_name_t,      /* input_name */
-              gss_buffer_t,     /* output_name_buffer */
-              gss_OID*         /* output_name_type */
-             );
-
-  OM_uint32 gss_import_name
-             (OM_uint32*,       /* minor_status */
-              gss_buffer_t,     /* input_name_buffer */
-              gss_OID,          /* input_name_type */
-              gss_name_t*       /* output_name */
-             );
-
-  OM_uint32 gss_release_name
-             (OM_uint32*,       /* minor_status */
-              gss_name_t*       /* input_name */
-             );
-
-  OM_uint32 gss_release_buffer
-             (OM_uint32*,       /* minor_status */
-              gss_buffer_t      /* buffer */
-             );
-
-  OM_uint32 gss_release_oid_set
-             (OM_uint32*,       /* minor_status */
-              gss_OID_set*      /* set */
-
-
-
-Wray                                                           [Page 47]
-
-RFC 1509            GSSAPI - Overview and C bindings      September 1993
-
-
-             );
-
-  OM_uint32 gss_inquire_cred
-             (OM_uint32 *,      /* minor_status */
-              gss_cred_id_t,    /* cred_handle */
-              gss_name_t *,     /* name */
-              OM_uint32 *,      /* lifetime */
-              int *,            /* cred_usage */
-              gss_OID_set *     /* mechanisms */
-             );
-
-
-
-  #endif /* GSSAPI_H_ */
-
-References
-
-   [1] Linn, J., "Generic Security Service Application Program
-       Interface", RFC 1508, Geer Zolot Associate, September 1993.
-
-   [2] "OSI Object Management API Specification, Version 2.0 t", X.400
-       API Association & X/Open Company Limited, August 24, 1990.
-       Specification of datatypes and routines for manipulating
-       information objects.
-
-Security Considerations
-
-   Security issues are discussed throughout this memo.
-
-Author's Address
-
-   John Wray
-   Digital Equipment Corporation
-   550 King Street, LKG2-2/AA6
-   Littleton, MA  01460
-   USA
-
-   Phone: +1-508-486-5210
-   EMail: Wray@tuxedo.enet.dec.com
-
-
-
-
-
-
-
-
-
-
-
-
-Wray                                                           [Page 48]
-
-\ No newline at end of file
diff --git a/crypto/heimdal/doc/standardisation/rfc1510.txt b/crypto/heimdal/doc/standardisation/rfc1510.txt
deleted file mode 100644
index bc810cc506fa..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc1510.txt
+++ /dev/null
@@ -1,6275 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            J. Kohl
-Request for Comments: 1510                 Digital Equipment Corporation
-                                                               C. Neuman
-                                                                     ISI
-                                                          September 1993
-
-
-            The Kerberos Network Authentication Service (V5)
-
-Status of this Memo
-
-   This RFC specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" for the standardization state and status
-   of this protocol.  Distribution of this memo is unlimited.
-
-Abstract
-
-   This document gives an overview and specification of Version 5 of the
-   protocol for the Kerberos network authentication system. Version 4,
-   described elsewhere [1,2], is presently in production use at MIT's
-   Project Athena, and at other Internet sites.
-
-Overview
-
-   Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos,
-   Moira, and Zephyr are trademarks of the Massachusetts Institute of
-   Technology (MIT).  No commercial use of these trademarks may be made
-   without prior written permission of MIT.
-
-   This RFC describes the concepts and model upon which the Kerberos
-   network authentication system is based. It also specifies Version 5
-   of the Kerberos protocol.
-
-   The motivations, goals, assumptions, and rationale behind most design
-   decisions are treated cursorily; for Version 4 they are fully
-   described in the Kerberos portion of the Athena Technical Plan [1].
-   The protocols are under review, and are not being submitted for
-   consideration as an Internet standard at this time.  Comments are
-   encouraged.  Requests for addition to an electronic mailing list for
-   discussion of Kerberos, kerberos@MIT.EDU, may be addressed to
-   kerberos-request@MIT.EDU.  This mailing list is gatewayed onto the
-   Usenet as the group comp.protocols.kerberos.  Requests for further
-   information, including documents and code availability, may be sent
-   to info-kerberos@MIT.EDU.
-
-
-
-
-
-Kohl & Neuman                                                   [Page 1]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-Background
-
-   The Kerberos model is based in part on Needham and Schroeder's
-   trusted third-party authentication protocol [3] and on modifications
-   suggested by Denning and Sacco [4].  The original design and
-   implementation of Kerberos Versions 1 through 4 was the work of two
-   former Project Athena staff members, Steve Miller of Digital
-   Equipment Corporation and Clifford Neuman (now at the Information
-   Sciences Institute of the University of Southern California), along
-   with Jerome Saltzer, Technical Director of Project Athena, and
-   Jeffrey Schiller, MIT Campus Network Manager.  Many other members of
-   Project Athena have also contributed to the work on Kerberos.
-   Version 4 is publicly available, and has seen wide use across the
-   Internet.
-
-   Version 5 (described in this document) has evolved from Version 4
-   based on new requirements and desires for features not available in
-   Version 4.  Details on the differences between Kerberos Versions 4
-   and 5 can be found in [5].
-
-Table of Contents
-
-   1. Introduction .......................................    5
-   1.1. Cross-Realm Operation ............................    7
-   1.2. Environmental assumptions ........................    8
-   1.3. Glossary of terms ................................    9
-   2. Ticket flag uses and requests ......................   12
-   2.1. Initial and pre-authenticated tickets ............   12
-   2.2. Invalid tickets ..................................   12
-   2.3. Renewable tickets ................................   12
-   2.4. Postdated tickets ................................   13
-   2.5. Proxiable and proxy tickets ......................   14
-   2.6. Forwardable tickets ..............................   15
-   2.7. Other KDC options ................................   15
-   3. Message Exchanges ..................................   16
-   3.1. The Authentication Service Exchange ..............   16
-   3.1.1. Generation of KRB_AS_REQ message ...............   17
-   3.1.2. Receipt of KRB_AS_REQ message ..................   17
-   3.1.3. Generation of KRB_AS_REP message ...............   17
-   3.1.4. Generation of KRB_ERROR message ................   19
-   3.1.5. Receipt of KRB_AS_REP message ..................   19
-   3.1.6. Receipt of KRB_ERROR message ...................   20
-   3.2. The Client/Server Authentication Exchange ........   20
-   3.2.1. The KRB_AP_REQ message .........................   20
-   3.2.2. Generation of a KRB_AP_REQ message .............   20
-   3.2.3. Receipt of KRB_AP_REQ message ..................   21
-   3.2.4. Generation of a KRB_AP_REP message .............   23
-   3.2.5. Receipt of KRB_AP_REP message ..................   23
-
-
-
-Kohl & Neuman                                                   [Page 2]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   3.2.6. Using the encryption key .......................   24
-   3.3. The Ticket-Granting Service (TGS) Exchange .......   24
-   3.3.1. Generation of KRB_TGS_REQ message ..............   25
-   3.3.2. Receipt of KRB_TGS_REQ message .................   26
-   3.3.3. Generation of KRB_TGS_REP message ..............   27
-   3.3.3.1. Encoding the transited field .................   29
-   3.3.4. Receipt of KRB_TGS_REP message .................   31
-   3.4. The KRB_SAFE Exchange ............................   31
-   3.4.1. Generation of a KRB_SAFE message ...............   31
-   3.4.2. Receipt of KRB_SAFE message ....................   32
-   3.5. The KRB_PRIV Exchange ............................   33
-   3.5.1. Generation of a KRB_PRIV message ...............   33
-   3.5.2. Receipt of KRB_PRIV message ....................   33
-   3.6. The KRB_CRED Exchange ............................   34
-   3.6.1. Generation of a KRB_CRED message ...............   34
-   3.6.2. Receipt of KRB_CRED message ....................   34
-   4. The Kerberos Database ..............................   35
-   4.1. Database contents ................................   35
-   4.2. Additional fields ................................   36
-   4.3. Frequently Changing Fields .......................   37
-   4.4. Site Constants ...................................   37
-   5. Message Specifications .............................   38
-   5.1. ASN.1 Distinguished Encoding Representation ......   38
-   5.2. ASN.1 Base Definitions ...........................   38
-   5.3. Tickets and Authenticators .......................   42
-   5.3.1. Tickets ........................................   42
-   5.3.2. Authenticators .................................   47
-   5.4. Specifications for the AS and TGS exchanges ......   49
-   5.4.1. KRB_KDC_REQ definition .........................   49
-   5.4.2. KRB_KDC_REP definition .........................   56
-   5.5. Client/Server (CS) message specifications ........   58
-   5.5.1. KRB_AP_REQ definition ..........................   58
-   5.5.2. KRB_AP_REP definition ..........................   60
-   5.5.3. Error message reply ............................   61
-   5.6. KRB_SAFE message specification ...................   61
-   5.6.1. KRB_SAFE definition ............................   61
-   5.7. KRB_PRIV message specification ...................   62
-   5.7.1. KRB_PRIV definition ............................   62
-   5.8. KRB_CRED message specification ...................   63
-   5.8.1. KRB_CRED definition ............................   63
-   5.9. Error message specification ......................   65
-   5.9.1. KRB_ERROR definition ...........................   66
-   6. Encryption and Checksum Specifications .............   67
-   6.1. Encryption Specifications ........................   68
-   6.2. Encryption Keys ..................................   71
-   6.3. Encryption Systems ...............................   71
-   6.3.1. The NULL Encryption System (null) ..............   71
-   6.3.2. DES in CBC mode with a CRC-32 checksum (descbc-crc)71
-
-
-
-Kohl & Neuman                                                   [Page 3]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   6.3.3. DES in CBC mode with an MD4 checksum (descbc-md4)  72
-   6.3.4. DES in CBC mode with an MD5 checksum (descbc-md5)  72
-   6.4. Checksums ........................................   74
-   6.4.1. The CRC-32 Checksum (crc32) ....................   74
-   6.4.2. The RSA MD4 Checksum (rsa-md4) .................   75
-   6.4.3. RSA MD4 Cryptographic Checksum Using DES
-   (rsa-md4-des) .........................................   75
-   6.4.4. The RSA MD5 Checksum (rsa-md5) .................   76
-   6.4.5. RSA MD5 Cryptographic Checksum Using DES
-   (rsa-md5-des) .........................................   76
-   6.4.6. DES cipher-block chained checksum (des-mac)
-   6.4.7. RSA MD4 Cryptographic Checksum Using DES
-   alternative (rsa-md4-des-k) ...........................   77
-   6.4.8. DES cipher-block chained checksum alternative
-   (des-mac-k) ...........................................   77
-   7. Naming Constraints .................................   78
-   7.1. Realm Names ......................................   77
-   7.2. Principal Names ..................................   79
-   7.2.1. Name of server principals ......................   80
-   8. Constants and other defined values .................   80
-   8.1. Host address types ...............................   80
-   8.2. KDC messages .....................................   81
-   8.2.1. IP transport ...................................   81
-   8.2.2. OSI transport ..................................   82
-   8.2.3. Name of the TGS ................................   82
-   8.3. Protocol constants and associated values .........   82
-   9. Interoperability requirements ......................   86
-   9.1. Specification 1 ..................................   86
-   9.2. Recommended KDC values ...........................   88
-   10. Acknowledgments ...................................   88
-   11. References ........................................   89
-   12. Security Considerations ...........................   90
-   13. Authors' Addresses ................................   90
-   A. Pseudo-code for protocol processing ................   91
-   A.1. KRB_AS_REQ generation ............................   91
-   A.2. KRB_AS_REQ verification and KRB_AS_REP generation    92
-   A.3. KRB_AS_REP verification ..........................   95
-   A.4. KRB_AS_REP and KRB_TGS_REP common checks .........   96
-   A.5. KRB_TGS_REQ generation ...........................   97
-   A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation  98
-   A.7. KRB_TGS_REP verification .........................  104
-   A.8. Authenticator generation .........................  104
-   A.9. KRB_AP_REQ generation ............................  105
-   A.10. KRB_AP_REQ verification .........................  105
-   A.11. KRB_AP_REP generation ...........................  106
-   A.12. KRB_AP_REP verification .........................  107
-   A.13. KRB_SAFE generation .............................  107
-   A.14. KRB_SAFE verification ...........................  108
-
-
-
-Kohl & Neuman                                                   [Page 4]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   A.15. KRB_SAFE and KRB_PRIV common checks .............  108
-   A.16. KRB_PRIV generation .............................  109
-   A.17. KRB_PRIV verification ...........................  110
-   A.18. KRB_CRED generation .............................  110
-   A.19. KRB_CRED verification ...........................  111
-   A.20. KRB_ERROR generation ............................  112
-
-1.  Introduction
-
-   Kerberos provides a means of verifying the identities of principals,
-   (e.g., a workstation user or a network server) on an open
-   (unprotected) network.  This is accomplished without relying on
-   authentication by the host operating system, without basing trust on
-   host addresses, without requiring physical security of all the hosts
-   on the network, and under the assumption that packets traveling along
-   the network can be read, modified, and inserted at will. (Note,
-   however, that many applications use Kerberos' functions only upon the
-   initiation of a stream-based network connection, and assume the
-   absence of any "hijackers" who might subvert such a connection.  Such
-   use implicitly trusts the host addresses involved.)  Kerberos
-   performs authentication under these conditions as a trusted third-
-   party authentication service by using conventional cryptography,
-   i.e., shared secret key.  (shared secret key - Secret and private are
-   often used interchangeably in the literature.  In our usage, it takes
-   two (or more) to share a secret, thus a shared DES key is a secret
-   key.  Something is only private when no one but its owner knows it.
-   Thus, in public key cryptosystems, one has a public and a private
-   key.)
-
-   The authentication process proceeds as follows: A client sends a
-   request to the authentication server (AS) requesting "credentials"
-   for a given server.  The AS responds with these credentials,
-   encrypted in the client's key.  The credentials consist of 1) a
-   "ticket" for the server and 2) a temporary encryption key (often
-   called a "session key").  The client transmits the ticket (which
-   contains the client's identity and a copy of the session key, all
-   encrypted in the server's key) to the server.  The session key (now
-   shared by the client and server) is used to authenticate the client,
-   and may optionally be used to authenticate the server.  It may also
-   be used to encrypt further communication between the two parties or
-   to exchange a separate sub-session key to be used to encrypt further
-   communication.
-
-   The implementation consists of one or more authentication servers
-   running on physically secure hosts.  The authentication servers
-   maintain a database of principals (i.e., users and servers) and their
-   secret keys. Code libraries provide encryption and implement the
-   Kerberos protocol.  In order to add authentication to its
-
-
-
-Kohl & Neuman                                                   [Page 5]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   transactions, a typical network application adds one or two calls to
-   the Kerberos library, which results in the transmission of the
-   necessary messages to achieve authentication.
-
-   The Kerberos protocol consists of several sub-protocols (or
-   exchanges).  There are two methods by which a client can ask a
-   Kerberos server for credentials.  In the first approach, the client
-   sends a cleartext request for a ticket for the desired server to the
-   AS. The reply is sent encrypted in the client's secret key. Usually
-   this request is for a ticket-granting ticket (TGT) which can later be
-   used with the ticket-granting server (TGS).  In the second method,
-   the client sends a request to the TGS.  The client sends the TGT to
-   the TGS in the same manner as if it were contacting any other
-   application server which requires Kerberos credentials.  The reply is
-   encrypted in the session key from the TGT.
-
-   Once obtained, credentials may be used to verify the identity of the
-   principals in a transaction, to ensure the integrity of messages
-   exchanged between them, or to preserve privacy of the messages.  The
-   application is free to choose whatever protection may be necessary.
-
-   To verify the identities of the principals in a transaction, the
-   client transmits the ticket to the server.  Since the ticket is sent
-   "in the clear" (parts of it are encrypted, but this encryption
-   doesn't thwart replay) and might be intercepted and reused by an
-   attacker, additional information is sent to prove that the message
-   was originated by the principal to whom the ticket was issued.  This
-   information (called the authenticator) is encrypted in the session
-   key, and includes a timestamp.  The timestamp proves that the message
-   was recently generated and is not a replay.  Encrypting the
-   authenticator in the session key proves that it was generated by a
-   party possessing the session key.  Since no one except the requesting
-   principal and the server know the session key (it is never sent over
-   the network in the clear) this guarantees the identity of the client.
-
-   The integrity of the messages exchanged between principals can also
-   be guaranteed using the session key (passed in the ticket and
-   contained in the credentials).  This approach provides detection of
-   both replay attacks and message stream modification attacks.  It is
-   accomplished by generating and transmitting a collision-proof
-   checksum (elsewhere called a hash or digest function) of the client's
-   message, keyed with the session key.  Privacy and integrity of the
-   messages exchanged between principals can be secured by encrypting
-   the data to be passed using the session key passed in the ticket, and
-   contained in the credentials.
-
-   The authentication exchanges mentioned above require read-only access
-   to the Kerberos database.  Sometimes, however, the entries in the
-
-
-
-Kohl & Neuman                                                   [Page 6]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   database must be modified, such as when adding new principals or
-   changing a principal's key.  This is done using a protocol between a
-   client and a third Kerberos server, the Kerberos Administration
-   Server (KADM).  The administration protocol is not described in this
-   document. There is also a protocol for maintaining multiple copies of
-   the Kerberos database, but this can be considered an implementation
-   detail and may vary to support different database technologies.
-
-1.1.  Cross-Realm Operation
-
-   The Kerberos protocol is designed to operate across organizational
-   boundaries.  A client in one organization can be authenticated to a
-   server in another.  Each organization wishing to run a Kerberos
-   server establishes its own "realm".  The name of the realm in which a
-   client is registered is part of the client's name, and can be used by
-   the end-service to decide whether to honor a request.
-
-   By establishing "inter-realm" keys, the administrators of two realms
-   can allow a client authenticated in the local realm to use its
-   authentication remotely (Of course, with appropriate permission the
-   client could arrange registration of a separately-named principal in
-   a remote realm, and engage in normal exchanges with that realm's
-   services. However, for even small numbers of clients this becomes
-   cumbersome, and more automatic methods as described here are
-   necessary).  The exchange of inter-realm keys (a separate key may be
-   used for each direction) registers the ticket-granting service of
-   each realm as a principal in the other realm.  A client is then able
-   to obtain a ticket-granting ticket for the remote realm's ticket-
-   granting service from its local realm. When that ticket-granting
-   ticket is used, the remote ticket-granting service uses the inter-
-   realm key (which usually differs from its own normal TGS key) to
-   decrypt the ticket-granting ticket, and is thus certain that it was
-   issued by the client's own TGS. Tickets issued by the remote ticket-
-   granting service will indicate to the end-service that the client was
-   authenticated from another realm.
-
-   A realm is said to communicate with another realm if the two realms
-   share an inter-realm key, or if the local realm shares an inter-realm
-   key with an intermediate realm that communicates with the remote
-   realm.  An authentication path is the sequence of intermediate realms
-   that are transited in communicating from one realm to another.
-
-   Realms are typically organized hierarchically. Each realm shares a
-   key with its parent and a different key with each child.  If an
-   inter-realm key is not directly shared by two realms, the
-   hierarchical organization allows an authentication path to be easily
-   constructed.  If a hierarchical organization is not used, it may be
-   necessary to consult some database in order to construct an
-
-
-
-Kohl & Neuman                                                   [Page 7]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   authentication path between realms.
-
-   Although realms are typically hierarchical, intermediate realms may
-   be bypassed to achieve cross-realm authentication through alternate
-   authentication paths (these might be established to make
-   communication between two realms more efficient).  It is important
-   for the end-service to know which realms were transited when deciding
-   how much faith to place in the authentication process. To facilitate
-   this decision, a field in each ticket contains the names of the
-   realms that were involved in authenticating the client.
-
-1.2.  Environmental assumptions
-
-   Kerberos imposes a few assumptions on the environment in which it can
-   properly function:
-
-   +    "Denial of service" attacks are not solved with Kerberos.  There
-        are places in these protocols where an intruder intruder can
-        prevent an application from participating in the proper
-        authentication steps.  Detection and solution of such attacks
-        (some of which can appear to be not-uncommon "normal" failure
-        modes for the system) is usually best left to the human
-        administrators and users.
-
-   +    Principals must keep their secret keys secret.  If an intruder
-        somehow steals a principal's key, it will be able to masquerade
-        as that principal or impersonate any server to the legitimate
-        principal.
-
-   +    "Password guessing" attacks are not solved by Kerberos.  If a
-        user chooses a poor password, it is possible for an attacker to
-        successfully mount an offline dictionary attack by repeatedly
-        attempting to decrypt, with successive entries from a
-        dictionary, messages obtained which are encrypted under a key
-        derived from the user's password.
-
-   +    Each host on the network must have a clock which is "loosely
-        synchronized" to the time of the other hosts; this
-        synchronization is used to reduce the bookkeeping needs of
-        application servers when they do replay detection.  The degree
-        of "looseness" can be configured on a per-server basis.  If the
-        clocks are synchronized over the network, the clock
-        synchronization protocol must itself be secured from network
-        attackers.
-
-   +    Principal identifiers are not recycled on a short-term basis.  A
-        typical mode of access control will use access control lists
-        (ACLs) to grant permissions to particular principals.  If a
-
-
-
-Kohl & Neuman                                                   [Page 8]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        stale ACL entry remains for a deleted principal and the
-        principal identifier is reused, the new principal will inherit
-        rights specified in the stale ACL entry. By not re-using
-        principal identifiers, the danger of inadvertent access is
-        removed.
-
-1.3.  Glossary of terms
-
-   Below is a list of terms used throughout this document.
-
-
-   Authentication      Verifying the claimed identity of a
-                       principal.
-
-
-   Authentication header A record containing a Ticket and an
-                         Authenticator to be presented to a
-                         server as part of the authentication
-                         process.
-
-
-   Authentication path  A sequence of intermediate realms transited
-                        in the authentication process when
-                        communicating from one realm to another.
-
-   Authenticator       A record containing information that can
-                       be shown to have been recently generated
-                       using the session key known only by  the
-                       client and server.
-
-
-   Authorization       The process of determining whether a
-                       client may use a service, which objects
-                       the client is allowed to access, and the
-                       type of access allowed for each.
-
-
-   Capability          A token that grants the bearer permission
-                       to access an object or service.  In
-                       Kerberos, this might be a ticket whose
-                       use is restricted by the contents of the
-                       authorization data field, but which
-                       lists no network addresses, together
-                       with the session key necessary to use
-                       the ticket.
-
-
-
-
-
-
-Kohl & Neuman                                                   [Page 9]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   Ciphertext          The output of an encryption function.
-                       Encryption transforms plaintext into
-                       ciphertext.
-
-
-   Client              A process that makes use of a network
-                       service on behalf of a user.  Note that
-                       in some cases a Server may itself be a
-                       client of some other server (e.g., a
-                       print server may be a client of a file
-                       server).
-
-
-   Credentials         A ticket plus the secret session key
-                       necessary to successfully use that
-                       ticket in an authentication exchange.
-
-
-   KDC                 Key Distribution Center, a network service
-                       that supplies tickets and temporary
-                       session keys; or an instance of that
-                       service or the host on which it runs.
-                       The KDC services both initial ticket and
-                       ticket-granting ticket requests.  The
-                       initial ticket portion is sometimes
-                       referred to as the Authentication Server
-                       (or service).  The ticket-granting
-                       ticket portion is sometimes referred to
-                       as the ticket-granting server (or service).
-
-   Kerberos            Aside from the 3-headed dog guarding
-                       Hades, the name given to Project
-                       Athena's authentication service, the
-                       protocol used by that service, or the
-                       code used to implement the authentication
-                       service.
-
-
-   Plaintext           The input to an encryption function  or
-                       the output of a decryption function.
-                       Decryption transforms ciphertext into
-                       plaintext.
-
-
-   Principal           A uniquely named client or server
-                       instance that participates in a network
-                       communication.
-
-
-
-
-Kohl & Neuman                                                  [Page 10]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   Principal identifier The name used to uniquely identify each
-                        different principal.
-
-
-   Seal                To encipher a record containing several
-                       fields in such a way that the fields
-                       cannot be individually replaced without
-                       either knowledge of the encryption key
-                       or leaving evidence of tampering.
-
-
-   Secret key          An encryption key shared by a principal
-                       and the KDC, distributed outside the
-                       bounds of the system, with a long lifetime.
-                       In the case of a human user's
-                       principal, the secret key is derived
-                       from a password.
-
-
-   Server              A particular Principal which provides a
-                       resource to network clients.
-
-
-   Service             A resource provided to network clients;
-                       often provided by more than one server
-                       (for example, remote file service).
-
-
-   Session key         A temporary encryption key used between
-                       two principals, with a lifetime limited
-                       to the duration of a single login "session".
-
-
-   Sub-session key     A temporary encryption key used between
-                       two principals, selected and exchanged
-                       by the principals using the session key,
-                       and with a lifetime limited to the duration
-                       of a single association.
-
-
-   Ticket              A record that helps a client authenticate
-                       itself to a server; it contains the
-                       client's identity, a session key, a
-                       timestamp, and other information, all
-                       sealed using the server's secret key.
-                       It only serves to authenticate a client
-                       when presented along with a fresh
-                       Authenticator.
-
-
-
-Kohl & Neuman                                                  [Page 11]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-2.  Ticket flag uses and requests
-
-   Each Kerberos ticket contains a set of flags which are used to
-   indicate various attributes of that ticket.  Most flags may be
-   requested by a client when the ticket is obtained; some are
-   automatically turned on and off by a Kerberos server as required.
-   The following sections explain what the various flags mean, and gives
-   examples of reasons to use such a flag.
-
-2.1.  Initial and pre-authenticated tickets
-
-   The INITIAL flag indicates that a ticket was issued using the AS
-   protocol and not issued based on a ticket-granting ticket.
-   Application servers that want to require the knowledge of a client's
-   secret key (e.g., a passwordchanging program) can insist that this
-   flag be set in any tickets they accept, and thus be assured that the
-   client's key was recently presented to the application client.
-
-   The PRE-AUTHENT and HW-AUTHENT flags provide addition information
-   about the initial authentication, regardless of whether the current
-   ticket was issued directly (in which case INITIAL will also be set)
-   or issued on the basis of a ticket-granting ticket (in which case the
-   INITIAL flag is clear, but the PRE-AUTHENT and HW-AUTHENT flags are
-   carried forward from the ticket-granting ticket).
-
-2.2.  Invalid tickets
-
-   The INVALID flag indicates that a ticket is invalid.  Application
-   servers must reject tickets which have this flag set.  A postdated
-   ticket will usually be issued in this form. Invalid tickets must be
-   validated by the KDC before use, by presenting them to the KDC in a
-   TGS request with the VALIDATE option specified.  The KDC will only
-   validate tickets after their starttime has passed.  The validation is
-   required so that postdated tickets which have been stolen before
-   their starttime can be rendered permanently invalid (through a hot-
-   list mechanism).
-
-2.3.  Renewable tickets
-
-   Applications may desire to hold tickets which can be valid for long
-   periods of time.  However, this can expose their credentials to
-   potential theft for equally long periods, and those stolen
-   credentials would be valid until the expiration time of the
-   ticket(s).  Simply using shortlived tickets and obtaining new ones
-   periodically would require the client to have long-term access to its
-   secret key, an even greater risk.  Renewable tickets can be used to
-   mitigate the consequences of theft.  Renewable tickets have two
-   "expiration times": the first is when the current instance of the
-
-
-
-Kohl & Neuman                                                  [Page 12]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   ticket expires, and the second is the latest permissible value for an
-   individual expiration time.  An application client must periodically
-   (i.e., before it expires) present a renewable ticket to the KDC, with
-   the RENEW option set in the KDC request.  The KDC will issue a new
-   ticket with a new session key and a later expiration time.  All other
-   fields of the ticket are left unmodified by the renewal process.
-   When the latest permissible expiration time arrives, the ticket
-   expires permanently.  At each renewal, the KDC may consult a hot-list
-   to determine if the ticket had been reported stolen since its last
-   renewal; it will refuse to renew such stolen tickets, and thus the
-   usable lifetime of stolen tickets is reduced.
-
-   The RENEWABLE flag in a ticket is normally only interpreted by the
-   ticket-granting service (discussed below in section 3.3).  It can
-   usually be ignored by application servers.  However, some
-   particularly careful application servers may wish to disallow
-   renewable tickets.
-
-   If a renewable ticket is not renewed by its  expiration time, the KDC
-   will not renew the ticket.  The RENEWABLE flag is reset by default,
-   but a client may request it be  set  by setting  the RENEWABLE option
-   in the KRB_AS_REQ message.  If it is set, then the renew-till field
-   in the ticket  contains the time after which the ticket may not be
-   renewed.
-
-2.4.  Postdated tickets
-
-   Applications may occasionally need to obtain tickets for use much
-   later, e.g., a batch submission system would need tickets to be valid
-   at the time the batch job is serviced.  However, it is dangerous to
-   hold valid tickets in a batch queue, since they will be on-line
-   longer and more prone to theft.  Postdated tickets provide a way to
-   obtain these tickets from the KDC at job submission time, but to
-   leave them "dormant" until they are activated and validated by a
-   further request of the KDC.  If a ticket theft were reported in the
-   interim, the KDC would refuse to validate the ticket, and the thief
-   would be foiled.
-
-   The MAY-POSTDATE flag in a ticket is normally only interpreted by the
-   ticket-granting service.  It can be ignored by application servers.
-   This flag must be set in a ticket-granting ticket in order to issue a
-   postdated ticket based on the presented ticket. It is reset by
-   default; it may be requested by a client by setting the ALLOW-
-   POSTDATE option in the KRB_AS_REQ message.  This flag does not allow
-   a client to obtain a postdated ticket-granting ticket; postdated
-   ticket-granting tickets can only by obtained by requesting the
-   postdating in the KRB_AS_REQ message.  The life (endtime-starttime)
-   of a postdated ticket will be the remaining life of the ticket-
-
-
-
-Kohl & Neuman                                                  [Page 13]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   granting ticket at the time of the request, unless the RENEWABLE
-   option is also set, in which case it can be the full life (endtime-
-   starttime) of the ticket-granting ticket.  The KDC may limit how far
-   in the future a ticket may be postdated.
-
-   The POSTDATED flag indicates that a ticket has been postdated.  The
-   application server can check the authtime field in the ticket to see
-   when the original authentication occurred.  Some services may choose
-   to reject postdated tickets, or they may only accept them within a
-   certain period after the original authentication. When the KDC issues
-   a POSTDATED ticket, it will also be marked as INVALID, so that the
-   application client must present the ticket to the KDC to be validated
-   before use.
-
-2.5.  Proxiable and proxy tickets
-
-   At times it may be necessary for a principal to allow a service  to
-   perform an operation on its behalf.  The service must be able to take
-   on the identity of the client, but only for  a particular purpose.  A
-   principal can allow a service to take on the principal's identity for
-   a particular purpose by granting it a proxy.
-
-   The PROXIABLE flag in a ticket is normally only interpreted by the
-   ticket-granting service. It can be ignored by application servers.
-   When set, this flag tells the ticket-granting server that it is OK to
-   issue a new ticket (but not a ticket-granting ticket) with a
-   different network address based on this ticket.  This flag is set by
-   default.
-
-   This flag allows a client to pass a proxy to a server to perform a
-   remote request on its behalf, e.g., a print service client can give
-   the print server a proxy to access the client's files on a particular
-   file server in order to satisfy a print request.
-
-   In order to complicate the use of stolen credentials, Kerberos
-   tickets are usually valid from only those network addresses
-   specifically included in the ticket (It is permissible to request or
-   issue tickets with no network addresses specified, but we do not
-   recommend it).  For this reason, a client wishing to grant a proxy
-   must request a new ticket valid for the network address of the
-   service to be granted the proxy.
-
-   The PROXY flag is set in a ticket by the  TGS  when  it issues a
-   proxy ticket.  Application servers may check this flag and require
-   additional authentication  from  the  agent presenting the proxy in
-   order to provide an audit trail.
-
-
-
-
-
-Kohl & Neuman                                                  [Page 14]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-2.6.  Forwardable tickets
-
-   Authentication forwarding is an instance of the proxy case where the
-   service is granted complete use of the client's identity.  An example
-   where it might be used is when a user logs in to a remote system and
-   wants authentication to work from that system as if the login were
-   local.
-
-   The FORWARDABLE flag in a ticket is normally only interpreted by the
-   ticket-granting service.  It can be ignored by application servers.
-   The FORWARDABLE flag has an interpretation similar to that of the
-   PROXIABLE flag, except ticket-granting tickets may also be issued
-   with different network addresses.  This flag is reset by default, but
-   users may request that it be set by setting the FORWARDABLE option in
-   the AS request when they request their initial ticket-granting
-   ticket.
-
-   This flag allows for authentication forwarding without requiring the
-   user to enter a password again.  If the flag is not set, then
-   authentication forwarding is not permitted, but the same end result
-   can still be achieved if the user engages in the AS exchange with the
-   requested network addresses and supplies a password.
-
-   The FORWARDED flag is set by the TGS when a client presents a ticket
-   with the FORWARDABLE flag set and requests it be set by specifying
-   the FORWARDED KDC option and supplying a set of addresses for the new
-   ticket.  It is also set in all tickets issued based on tickets with
-   the FORWARDED flag set.  Application servers may wish to process
-   FORWARDED tickets differently than non-FORWARDED tickets.
-
-2.7.  Other KDC options
-
-   There are two additional options which may be set in a client's
-   request of the KDC.  The RENEWABLE-OK option indicates that the
-   client will accept a renewable ticket if a ticket with the requested
-   life cannot otherwise be provided.  If a ticket with the requested
-   life cannot be provided, then the KDC may issue a renewable ticket
-   with a renew-till equal to the the requested endtime.  The value of
-   the renew-till field may still be adjusted by site-determined limits
-   or limits imposed by the individual principal or server.
-
-   The ENC-TKT-IN-SKEY option is honored only by the ticket-granting
-   service.  It indicates that the to-be-issued ticket for the end
-   server is to be encrypted in the session key from the additional
-   ticket-granting ticket provided with the request.  See section 3.3.3
-   for specific details.
-
-
-
-
-
-Kohl & Neuman                                                  [Page 15]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-3.  Message Exchanges
-
-   The following sections describe the interactions between network
-   clients and servers and the messages involved in those exchanges.
-
-3.1.  The Authentication Service Exchange
-
-                             Summary
-
-         Message direction       Message type    Section
-         1. Client to Kerberos   KRB_AS_REQ      5.4.1
-         2. Kerberos to client   KRB_AS_REP or   5.4.2
-                                 KRB_ERROR       5.9.1
-
-   The Authentication Service (AS) Exchange between the client and the
-   Kerberos Authentication Server is usually initiated by a client when
-   it wishes to obtain authentication credentials for a given server but
-   currently holds no credentials.  The client's secret key is used for
-   encryption and decryption.  This exchange is typically used at the
-   initiation of a login session, to obtain credentials for a Ticket-
-   Granting Server, which will subsequently be used to obtain
-   credentials for other servers (see section 3.3) without requiring
-   further use of the client's secret key.  This exchange is also used
-   to request credentials for services which must not be mediated
-   through the Ticket-Granting Service, but rather require a principal's
-   secret key, such as the password-changing service.  (The password-
-   changing request must not be honored unless the requester can provide
-   the old password (the user's current secret key).  Otherwise, it
-   would be possible for someone to walk up to an unattended session and
-   change another user's password.)  This exchange does not by itself
-   provide any assurance of the the identity of the user.  (To
-   authenticate a user logging on to a local system, the credentials
-   obtained in the AS exchange may first be used in a TGS exchange to
-   obtain credentials for a local server.  Those credentials must then
-   be verified by the local server through successful completion of the
-   Client/Server exchange.)
-
-   The exchange consists of two messages: KRB_AS_REQ from the client to
-   Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these
-   messages are described in sections 5.4.1, 5.4.2, and 5.9.1.
-
-   In the request, the client sends (in cleartext) its own identity and
-   the identity of the server for which it is requesting credentials.
-   The response, KRB_AS_REP, contains a ticket for the client to present
-   to the server, and a session key that will be shared by the client
-   and the server.  The session key and additional information are
-   encrypted in the client's secret key.  The KRB_AS_REP message
-   contains information which can be used to detect replays, and to
-
-
-
-Kohl & Neuman                                                  [Page 16]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   associate it with the message to which it replies.  Various errors
-   can occur; these are indicated by an error response (KRB_ERROR)
-   instead of the KRB_AS_REP response.  The error message is not
-   encrypted.  The KRB_ERROR message also contains information which can
-   be used to associate it with the message to which it replies.  The
-   lack of encryption in the KRB_ERROR message precludes the ability to
-   detect replays or fabrications of such messages.
-
-   In the normal case the authentication server does not know whether
-   the client is actually the principal named in the request.  It simply
-   sends a reply without knowing or caring whether they are the same.
-   This is acceptable because nobody but the principal whose identity
-   was given in the request will be able to use the reply. Its critical
-   information is encrypted in that principal's key.  The initial
-   request supports an optional field that can be used to pass
-   additional information that might be needed for the initial exchange.
-   This field may be used for preauthentication if desired, but the
-   mechanism is not currently specified.
-
-3.1.1. Generation of KRB_AS_REQ message
-
-   The client may specify a number of options in the initial request.
-   Among these options are whether preauthentication is to be performed;
-   whether the requested ticket is to be renewable, proxiable, or
-   forwardable; whether it should be postdated or allow postdating of
-   derivative tickets; and whether a renewable ticket will be accepted
-   in lieu of a non-renewable ticket if the requested ticket expiration
-   date cannot be satisfied by a nonrenewable ticket (due to
-   configuration constraints; see section 4).  See section A.1 for
-   pseudocode.
-
-   The client prepares the KRB_AS_REQ message and sends it to the KDC.
-
-3.1.2. Receipt of KRB_AS_REQ message
-
-   If all goes well, processing the KRB_AS_REQ message will result in
-   the creation of a ticket for the client to present to the server.
-   The format for the ticket is described in section 5.3.1.  The
-   contents of the ticket are determined as follows.
-
-3.1.3. Generation of KRB_AS_REP message
-
-   The authentication server looks up the client and server principals
-   named in the KRB_AS_REQ in its database, extracting their respective
-   keys.  If required, the server pre-authenticates the request, and if
-   the pre-authentication check fails, an error message with the code
-   KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate
-   the requested encryption type, an error message with code
-
-
-
-Kohl & Neuman                                                  [Page 17]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   KDC_ERR_ETYPE_NOSUPP is returned. Otherwise it generates a "random"
-   session key ("Random" means that, among other things, it should be
-   impossible to guess the next session key based on knowledge of past
-   session keys.  This can only be achieved in a pseudo-random number
-   generator if it is based on cryptographic principles.  It would be
-   more desirable to use a truly random number generator, such as one
-   based on measurements of random physical phenomena.).
-
-   If the requested start time is absent or indicates a time in the
-   past, then the start time of the ticket is set to the authentication
-   server's current time. If it indicates a time in the future, but the
-   POSTDATED option has not been specified, then the error
-   KDC_ERR_CANNOT_POSTDATE is returned.  Otherwise the requested start
-   time is checked against the policy of the local realm (the
-   administrator might decide to prohibit certain types or ranges of
-   postdated tickets), and if acceptable, the ticket's start time is set
-   as requested and the INVALID flag is set in the new ticket. The
-   postdated ticket must be validated before use by presenting it to the
-   KDC after the start time has been reached.
-
-   The expiration time of the ticket will be set to the minimum of the
-   following:
-
-   +The expiration time (endtime) requested in the KRB_AS_REQ
-    message.
-
-   +The ticket's start time plus the maximum allowable lifetime
-    associated with the client principal (the authentication
-    server's database includes a maximum ticket lifetime field
-    in each principal's record; see section 4).
-
-   +The ticket's start time plus the maximum allowable lifetime
-    associated with the server principal.
-
-   +The ticket's start time plus the maximum lifetime set by
-    the policy of the local realm.
-
-   If the requested expiration time minus the start time (as determined
-   above) is less than a site-determined minimum lifetime, an error
-   message with code KDC_ERR_NEVER_VALID is returned.  If the requested
-   expiration time for the ticket exceeds what was determined as above,
-   and if the "RENEWABLE-OK" option was requested, then the "RENEWABLE"
-   flag is set in the new ticket, and the renew-till value is set as if
-   the "RENEWABLE" option were requested (the field and option names are
-   described fully in section 5.4.1).  If the RENEWABLE option has been
-   requested or if the RENEWABLE-OK option has been set and a renewable
-   ticket is to be issued, then the renew-till field is set to the
-   minimum of:
-
-
-
-Kohl & Neuman                                                  [Page 18]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   +Its requested value.
-
-   +The start time of the ticket plus the minimum of the two
-    maximum renewable lifetimes associated with the principals'
-    database entries.
-
-   +The start time of the ticket plus the maximum renewable
-    lifetime set by the policy of the local realm.
-
-   The flags field of the new ticket will have the following options set
-   if they have been requested and if the policy of the local realm
-   allows: FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE.
-   If the new ticket is postdated (the start time is in the future), its
-   INVALID flag will also be set.
-
-   If all of the above succeed, the server formats a KRB_AS_REP message
-   (see section 5.4.2), copying the addresses in the request into the
-   caddr of the response, placing any required pre-authentication data
-   into the padata of the response, and encrypts the ciphertext part in
-   the client's key using the requested encryption method, and sends it
-   to the client.  See section A.2 for pseudocode.
-
-3.1.4. Generation of KRB_ERROR message
-
-   Several errors can occur, and the Authentication Server responds by
-   returning an error message, KRB_ERROR, to the client, with the
-   error-code and e-text fields set to appropriate values.  The error
-   message contents and details are described in Section 5.9.1.
-
-3.1.5. Receipt of KRB_AS_REP message
-
-   If the reply message type is KRB_AS_REP, then the client verifies
-   that the cname and crealm fields in the cleartext portion of the
-   reply match what it requested.  If any padata fields are present,
-   they may be used to derive the proper secret key to decrypt the
-   message.  The client decrypts the encrypted part of the response
-   using its secret key, verifies that the nonce in the encrypted part
-   matches the nonce it supplied in its request (to detect replays).  It
-   also verifies that the sname and srealm in the response match those
-   in the request, and that the host address field is also correct.  It
-   then stores the ticket, session key, start and expiration times, and
-   other information for later use.  The key-expiration field from the
-   encrypted part of the response may be checked to notify the user of
-   impending key expiration (the client program could then suggest
-   remedial action, such as a password change).  See section A.3 for
-   pseudocode.
-
-   Proper decryption of the KRB_AS_REP message is not sufficient to
-
-
-
-Kohl & Neuman                                                  [Page 19]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   verify the identity of the user; the user and an attacker could
-   cooperate to generate a KRB_AS_REP format message which decrypts
-   properly but is not from the proper KDC.  If the host wishes to
-   verify the identity of the user, it must require the user to present
-   application credentials which can be verified using a securely-stored
-   secret key.  If those credentials can be verified, then the identity
-   of the user can be assured.
-
-3.1.6. Receipt of KRB_ERROR message
-
-   If the reply message type is KRB_ERROR, then the client interprets it
-   as an error and performs whatever application-specific tasks are
-   necessary to recover.
-
-3.2.  The Client/Server Authentication Exchange
-
-                        Summary
-
-   Message direction                         Message type    Section
-   Client to Application server              KRB_AP_REQ      5.5.1
-   [optional] Application server to client   KRB_AP_REP or   5.5.2
-                                             KRB_ERROR       5.9.1
-
-   The client/server authentication (CS) exchange is used by network
-   applications to authenticate the client to the server and vice versa.
-   The client must have already acquired credentials for the server
-   using the AS or TGS exchange.
-
-3.2.1. The KRB_AP_REQ message
-
-   The KRB_AP_REQ contains authentication information which should be
-   part of the first message in an authenticated transaction.  It
-   contains a ticket, an authenticator, and some additional bookkeeping
-   information (see section 5.5.1 for the exact format).  The ticket by
-   itself is insufficient to authenticate a client, since tickets are
-   passed across the network in cleartext(Tickets contain both an
-   encrypted and unencrypted portion, so cleartext here refers to the
-   entire unit, which can be copied from one message and replayed in
-   another without any cryptographic skill.), so the authenticator is
-   used to prevent invalid replay of tickets by proving to the server
-   that the client knows the session key of the ticket and thus is
-   entitled to use it.  The KRB_AP_REQ message is referred to elsewhere
-   as the "authentication header."
-
-3.2.2. Generation of a KRB_AP_REQ message
-
-   When a client wishes to initiate authentication to a server, it
-   obtains (either through a credentials cache, the AS exchange, or the
-
-
-
-Kohl & Neuman                                                  [Page 20]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   TGS exchange) a ticket and session key for the desired service.  The
-   client may re-use any tickets it holds until they expire.  The client
-   then constructs a new Authenticator from the the system time, its
-   name, and optionally an application specific checksum, an initial
-   sequence number to be used in KRB_SAFE or KRB_PRIV messages, and/or a
-   session subkey to be used in negotiations for a session key unique to
-   this particular session.  Authenticators may not be re-used and will
-   be rejected if replayed to a server (Note that this can make
-   applications based on unreliable transports difficult to code
-   correctly, if the transport might deliver duplicated messages.  In
-   such cases, a new authenticator must be generated for each retry.).
-   If a sequence number is to be included, it should be randomly chosen
-   so that even after many messages have been exchanged it is not likely
-   to collide with other sequence numbers in use.
-
-   The client may indicate a requirement of mutual authentication or the
-   use of a session-key based ticket by setting the appropriate flag(s)
-   in the ap-options field of the message.
-
-   The Authenticator is encrypted in the session key and combined with
-   the ticket to form the KRB_AP_REQ message which is then sent to the
-   end server along with any additional application-specific
-   information.  See section A.9 for pseudocode.
-
-3.2.3. Receipt of KRB_AP_REQ message
-
-   Authentication is based on the server's current time of day (clocks
-   must be loosely synchronized), the authenticator, and the ticket.
-   Several errors are possible.  If an error occurs, the server is
-   expected to reply to the client with a KRB_ERROR message.  This
-   message may be encapsulated in the application protocol if its "raw"
-   form is not acceptable to the protocol. The format of error messages
-   is described in section 5.9.1.
-
-   The algorithm for verifying authentication information is as follows.
-   If the message type is not KRB_AP_REQ, the server returns the
-   KRB_AP_ERR_MSG_TYPE error. If the key version indicated by the Ticket
-   in the KRB_AP_REQ is not one the server can use (e.g., it indicates
-   an old key, and the server no longer possesses a copy of the old
-   key), the KRB_AP_ERR_BADKEYVER error is returned.  If the USE-
-   SESSION-KEY flag is set in the ap-options field, it indicates to the
-   server that the ticket is encrypted in the session key from the
-   server's ticket-granting ticket rather than its secret key (This is
-   used for user-to-user authentication as described in [6]).  Since it
-   is possible for the server to be registered in multiple realms, with
-   different keys in each, the srealm field in the unencrypted portion
-   of the ticket in the KRB_AP_REQ is used to specify which secret key
-   the server should use to decrypt that ticket.  The KRB_AP_ERR_NOKEY
-
-
-
-Kohl & Neuman                                                  [Page 21]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   error code is returned if the server doesn't have the proper key to
-   decipher the ticket.
-
-   The ticket is decrypted using the version of the server's key
-   specified by the ticket.  If the decryption routines detect a
-   modification of the ticket (each encryption system must provide
-   safeguards to detect modified ciphertext; see section 6), the
-   KRB_AP_ERR_BAD_INTEGRITY error is returned (chances are good that
-   different keys were used to encrypt and decrypt).
-
-   The authenticator is decrypted using the session key extracted from
-   the decrypted ticket.  If decryption shows it to have been modified,
-   the KRB_AP_ERR_BAD_INTEGRITY error is returned.  The name and realm
-   of the client from the ticket are compared against the same fields in
-   the authenticator.  If they don't match, the KRB_AP_ERR_BADMATCH
-   error is returned (they might not match, for example, if the wrong
-   session key was used to encrypt the authenticator).  The addresses in
-   the ticket (if any) are then searched for an address matching the
-   operating-system reported address of the client.  If no match is
-   found or the server insists on ticket addresses but none are present
-   in the ticket, the KRB_AP_ERR_BADADDR error is returned.
-
-   If the local (server) time and the client time in the authenticator
-   differ by more than the allowable clock skew (e.g., 5 minutes), the
-   KRB_AP_ERR_SKEW error is returned.  If the server name, along with
-   the client name, time and microsecond fields from the Authenticator
-   match any recently-seen such tuples, the KRB_AP_ERR_REPEAT error is
-   returned (Note that the rejection here is restricted to
-   authenticators from the same principal to the same server.  Other
-   client principals communicating with the same server principal should
-   not be have their authenticators rejected if the time and microsecond
-   fields happen to match some other client's authenticator.).  The
-   server must remember any authenticator presented within the allowable
-   clock skew, so that a replay attempt is guaranteed to fail. If a
-   server loses track of any authenticator presented within the
-   allowable clock skew, it must reject all requests until the clock
-   skew interval has passed.  This assures that any lost or re-played
-   authenticators will fall outside the allowable clock skew and can no
-   longer be successfully replayed (If this is not done, an attacker
-   could conceivably record the ticket and authenticator sent over the
-   network to a server, then disable the client's host, pose as the
-   disabled host, and replay the ticket and authenticator to subvert the
-   authentication.).  If a sequence number is provided in the
-   authenticator, the server saves it for later use in processing
-   KRB_SAFE and/or KRB_PRIV messages.  If a subkey is present, the
-   server either saves it for later use or uses it to help generate its
-   own choice for a subkey to be returned in a KRB_AP_REP message.
-
-
-
-
-Kohl & Neuman                                                  [Page 22]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   The server computes the age of the ticket: local (server) time minus
-   the start time inside the Ticket.  If the start time is later than
-   the current time by more than the allowable clock skew or if the
-   INVALID flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is
-   returned.  Otherwise, if the current time is later than end time by
-   more than the allowable clock skew, the KRB_AP_ERR_TKT_EXPIRED error
-   is returned.
-
-   If all these checks succeed without an error, the server is assured
-   that the client possesses the credentials of the principal named in
-   the ticket and thus, the client has been authenticated to the server.
-   See section A.10 for pseudocode.
-
-3.2.4. Generation of a KRB_AP_REP message
-
-   Typically, a client's request will include both the authentication
-   information and its initial request in the same message, and the
-   server need not explicitly reply to the KRB_AP_REQ.  However, if
-   mutual authentication (not only authenticating the client to the
-   server, but also the server to the client) is being performed, the
-   KRB_AP_REQ message will have MUTUAL-REQUIRED set in its ap-options
-   field, and a KRB_AP_REP message is required in response.  As with the
-   error message, this message may be encapsulated in the application
-   protocol if its "raw" form is not acceptable to the application's
-   protocol.  The timestamp and microsecond field used in the reply must
-   be the client's timestamp and microsecond field (as provided in the
-   authenticator). [Note: In the Kerberos version 4 protocol, the
-   timestamp in the reply was the client's timestamp plus one.  This is
-   not necessary in version 5 because version 5 messages are formatted
-   in such a way that it is not possible to create the reply by
-   judicious message surgery (even in encrypted form) without knowledge
-   of the appropriate encryption keys.]  If a sequence number is to be
-   included, it should be randomly chosen as described above for the
-   authenticator.  A subkey may be included if the server desires to
-   negotiate a different subkey.  The KRB_AP_REP message is encrypted in
-   the session key extracted from the ticket.  See section A.11 for
-   pseudocode.
-
-3.2.5. Receipt of KRB_AP_REP message
-
-   If a KRB_AP_REP message is returned, the client uses the session key
-   from the credentials obtained for the server (Note that for
-   encrypting the KRB_AP_REP message, the sub-session key is not used,
-   even if present in the Authenticator.) to decrypt the message, and
-   verifies that the timestamp and microsecond fields match those in the
-   Authenticator it sent to the server.  If they match, then the client
-   is assured that the server is genuine. The sequence number and subkey
-   (if present) are retained for later use.  See section A.12 for
-
-
-
-Kohl & Neuman                                                  [Page 23]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   pseudocode.
-
-3.2.6. Using the encryption key
-
-   After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and
-   server share an encryption key which can be used by the application.
-   The "true session key" to be used for KRB_PRIV, KRB_SAFE, or other
-   application-specific uses may be chosen by the application based on
-   the subkeys in the KRB_AP_REP message and the authenticator
-   (Implementations of the protocol may wish to provide routines to
-   choose subkeys based on session keys and random numbers and to
-   orchestrate a negotiated key to be returned in the KRB_AP_REP
-   message.).  In some cases, the use of this session key will be
-   implicit in the protocol; in others the method of use must be chosen
-   from a several alternatives.  We leave the protocol negotiations of
-   how to use the key (e.g., selecting an encryption or checksum type)
-   to the application programmer; the Kerberos protocol does not
-   constrain the implementation options.
-
-   With both the one-way and mutual authentication exchanges, the peers
-   should take care not to send sensitive information to each other
-   without proper assurances.  In particular, applications that require
-   privacy or integrity should use the KRB_AP_REP or KRB_ERROR responses
-   from the server to client to assure both client and server of their
-   peer's identity.  If an application protocol requires privacy of its
-   messages, it can use the KRB_PRIV message (section 3.5). The KRB_SAFE
-   message (section 3.4) can be used to assure integrity.
-
-3.3.  The Ticket-Granting Service (TGS) Exchange
-
-                             Summary
-
-         Message direction       Message type     Section
-         1. Client to Kerberos   KRB_TGS_REQ      5.4.1
-         2. Kerberos to client   KRB_TGS_REP or   5.4.2
-                                 KRB_ERROR        5.9.1
-
-   The TGS exchange between a client and the Kerberos Ticket-Granting
-   Server is initiated by a client when it wishes to obtain
-   authentication credentials for a given server (which might be
-   registered in a remote realm), when it wishes to renew or validate an
-   existing ticket, or when it wishes to obtain a proxy ticket.  In the
-   first case, the client must already have acquired a ticket for the
-   Ticket-Granting Service using the AS exchange (the ticket-granting
-   ticket is usually obtained when a client initially authenticates to
-   the system, such as when a user logs in).  The message format for the
-   TGS exchange is almost identical to that for the AS exchange.  The
-   primary difference is that encryption and decryption in the TGS
-
-
-
-Kohl & Neuman                                                  [Page 24]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   exchange does not take place under the client's key.  Instead, the
-   session key from the ticket-granting ticket or renewable ticket, or
-   sub-session key from an Authenticator is used.  As is the case for
-   all application servers, expired tickets are not accepted by the TGS,
-   so once a renewable or ticket-granting ticket expires, the client
-   must use a separate exchange to obtain valid tickets.
-
-   The TGS exchange consists of two messages: A request (KRB_TGS_REQ)
-   from the client to the Kerberos Ticket-Granting Server, and a reply
-   (KRB_TGS_REP or KRB_ERROR).  The KRB_TGS_REQ message includes
-   information authenticating the client plus a request for credentials.
-   The authentication information consists of the authentication header
-   (KRB_AP_REQ) which includes the client's previously obtained ticket-
-   granting, renewable, or invalid ticket.  In the ticket-granting
-   ticket and proxy cases, the request may include one or more of: a
-   list of network addresses, a collection of typed authorization data
-   to be sealed in the ticket for authorization use by the application
-   server, or additional tickets (the use of which are described later).
-   The TGS reply (KRB_TGS_REP) contains the requested credentials,
-   encrypted in the session key from the ticket-granting ticket or
-   renewable ticket, or if present, in the subsession key from the
-   Authenticator (part of the authentication header). The KRB_ERROR
-   message contains an error code and text explaining what went wrong.
-   The KRB_ERROR message is not encrypted.  The KRB_TGS_REP message
-   contains information which can be used to detect replays, and to
-   associate it with the message to which it replies.  The KRB_ERROR
-   message also contains information which can be used to associate it
-   with the message to which it replies, but the lack of encryption in
-   the KRB_ERROR message precludes the ability to detect replays or
-   fabrications of such messages.
-
-3.3.1. Generation of KRB_TGS_REQ message
-
-   Before sending a request to the ticket-granting service, the client
-   must determine in which realm the application server is registered
-   [Note: This can be accomplished in several ways.  It might be known
-   beforehand (since the realm is part of the principal identifier), or
-   it might be stored in a nameserver.  Presently, however, this
-   information is obtained from a configuration file.  If the realm to
-   be used is obtained from a nameserver, there is a danger of being
-   spoofed if the nameservice providing the realm name is not
-   authenticated.  This might result in the use of a realm which has
-   been compromised, and would result in an attacker's ability to
-   compromise the authentication of the application server to the
-   client.].  If the client does not already possess a ticket-granting
-   ticket for the appropriate realm, then one must be obtained.  This is
-   first attempted by requesting a ticket-granting ticket for the
-   destination realm from the local Kerberos server (using the
-
-
-
-Kohl & Neuman                                                  [Page 25]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   KRB_TGS_REQ message recursively).  The Kerberos server may return a
-   TGT for the desired realm in which case one can proceed.
-   Alternatively, the Kerberos server may return a TGT for a realm which
-   is "closer" to the desired realm (further along the standard
-   hierarchical path), in which case this step must be repeated with a
-   Kerberos server in the realm specified in the returned TGT.  If
-   neither are returned, then the request must be retried with a
-   Kerberos server for a realm higher in the hierarchy.  This request
-   will itself require a ticket-granting ticket for the higher realm
-   which must be obtained by recursively applying these directions.
-
-   Once the client obtains a ticket-granting ticket for the appropriate
-   realm, it determines which Kerberos servers serve that realm, and
-   contacts one. The list might be obtained through a configuration file
-   or network service; as long as the secret keys exchanged by realms
-   are kept secret, only denial of service results from a false Kerberos
-   server.
-
-   As in the AS exchange, the client may specify a number of options in
-   the KRB_TGS_REQ message.  The client prepares the KRB_TGS_REQ
-   message, providing an authentication header as an element of the
-   padata field, and including the same fields as used in the KRB_AS_REQ
-   message along with several optional fields: the enc-authorization-
-   data field for application server use and additional tickets required
-   by some options.
-
-   In preparing the authentication header, the client can select a sub-
-   session key under which the response from the Kerberos server will be
-   encrypted (If the client selects a sub-session key, care must be
-   taken to ensure the randomness of the selected subsession key.  One
-   approach would be to generate a random number and XOR it with the
-   session key from the ticket-granting ticket.). If the sub-session key
-   is not specified, the session key from the ticket-granting ticket
-   will be used.  If the enc-authorization-data is present, it must be
-   encrypted in the sub-session key, if present, from the authenticator
-   portion of the authentication header, or if not present in the
-   session key from the ticket-granting ticket.
-
-   Once prepared, the message is sent to a Kerberos server for the
-   destination realm.  See section A.5 for pseudocode.
-
-3.3.2. Receipt of KRB_TGS_REQ message
-
-   The KRB_TGS_REQ message is processed in a manner similar to the
-   KRB_AS_REQ message, but there are many additional checks to be
-   performed.  First, the Kerberos server must determine which server
-   the accompanying ticket is for and it must select the appropriate key
-   to decrypt it. For a normal KRB_TGS_REQ message, it will be for the
-
-
-
-Kohl & Neuman                                                  [Page 26]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   ticket granting service, and the TGS's key will be used.  If the TGT
-   was issued by another realm, then the appropriate inter-realm key
-   must be used.  If the accompanying ticket is not a ticket granting
-   ticket for the current realm, but is for an application server in the
-   current realm, the RENEW, VALIDATE, or PROXY options are specified in
-   the request, and the server for which a ticket is requested is the
-   server named in the accompanying ticket, then the KDC will decrypt
-   the ticket in the authentication header using the key of the server
-   for which it was issued.  If no ticket can be found in the padata
-   field, the KDC_ERR_PADATA_TYPE_NOSUPP error is returned.
-
-   Once the accompanying ticket has been decrypted, the user-supplied
-   checksum in the Authenticator must be verified against the contents
-   of the request, and the message rejected if the checksums do not
-   match (with an error code of KRB_AP_ERR_MODIFIED) or if the checksum
-   is not keyed or not collision-proof (with an error code of
-   KRB_AP_ERR_INAPP_CKSUM).  If the checksum type is not supported, the
-   KDC_ERR_SUMTYPE_NOSUPP error is returned.  If the authorization-data
-   are present, they are decrypted using the sub-session key from the
-   Authenticator.
-
-   If any of the decryptions indicate failed integrity checks, the
-   KRB_AP_ERR_BAD_INTEGRITY error is returned.
-
-3.3.3. Generation of KRB_TGS_REP message
-
-   The KRB_TGS_REP message shares its format with the KRB_AS_REP
-   (KRB_KDC_REP), but with its type field set to KRB_TGS_REP.  The
-   detailed specification is in section 5.4.2.
-
-   The response will include a ticket for the requested server.  The
-   Kerberos database is queried to retrieve the record for the requested
-   server (including the key with which the ticket will be encrypted).
-   If the request is for a ticket granting ticket for a remote realm,
-   and if no key is shared with the requested realm, then the Kerberos
-   server will select the realm "closest" to the requested realm with
-   which it does share a key, and use that realm instead. This is the
-   only case where the response from the KDC will be for a different
-   server than that requested by the client.
-
-   By default, the address field, the client's name and realm, the list
-   of transited realms, the time of initial authentication, the
-   expiration time, and the authorization data of the newly-issued
-   ticket will be copied from the ticket-granting ticket (TGT) or
-   renewable ticket.  If the transited field needs to be updated, but
-   the transited type is not supported, the KDC_ERR_TRTYPE_NOSUPP error
-   is returned.
-
-
-
-
-Kohl & Neuman                                                  [Page 27]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   If the request specifies an endtime, then the endtime of the new
-   ticket is set to the minimum of (a) that request, (b) the endtime
-   from the TGT, and (c) the starttime of the TGT plus the minimum of
-   the maximum life for the application server and the maximum life for
-   the local realm (the maximum life for the requesting principal was
-   already applied when the TGT was issued).  If the new ticket is to be
-   a renewal, then the endtime above is replaced by the minimum of (a)
-   the value of the renew_till field of the ticket and (b) the starttime
-   for the new ticket plus the life (endtimestarttime) of the old
-   ticket.
-
-   If the FORWARDED option has been requested, then the resulting ticket
-   will contain the addresses specified by the client.  This option will
-   only be honored if the FORWARDABLE flag is set in the TGT.  The PROXY
-   option is similar; the resulting ticket will contain the addresses
-   specified by the client.  It will be honored only if the PROXIABLE
-   flag in the TGT is set.  The PROXY option will not be honored on
-   requests for additional ticket-granting tickets.
-
-   If the requested start time is absent or indicates a time in the
-   past, then the start time of the ticket is set to the authentication
-   server's current time.  If it indicates a time in the future, but the
-   POSTDATED option has not been specified or the MAY-POSTDATE flag is
-   not set in the TGT, then the error KDC_ERR_CANNOT_POSTDATE is
-   returned.  Otherwise, if the ticket-granting ticket has the
-   MAYPOSTDATE flag set, then the resulting ticket will be postdated and
-   the requested starttime is checked against the policy of the local
-   realm. If acceptable, the ticket's start time is set as requested,
-   and the INVALID flag is set.  The postdated ticket must be validated
-   before use by presenting it to the KDC after the starttime has been
-   reached. However, in no case may the starttime, endtime, or renew-
-   till time of a newly-issued postdated ticket extend beyond the
-   renew-till time of the ticket-granting ticket.
-
-   If the ENC-TKT-IN-SKEY option has been specified and an additional
-   ticket has been included in the request, the KDC will decrypt the
-   additional ticket using the key for the server to which the
-   additional ticket was issued and verify that it is a ticket-granting
-   ticket.  If the name of the requested server is missing from the
-   request, the name of the client in the additional ticket will be
-   used.  Otherwise the name of the requested server will be compared to
-   the name of the client in the additional ticket and if different, the
-   request will be rejected.  If the request succeeds, the session key
-   from the additional ticket will be used to encrypt the new ticket
-   that is issued instead of using the key of the server for which the
-   new ticket will be used (This allows easy implementation of user-to-
-   user authentication [6], which uses ticket-granting ticket session
-   keys in lieu of secret server keys in situations where such secret
-
-
-
-Kohl & Neuman                                                  [Page 28]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   keys could be easily compromised.).
-
-   If the name of the server in the ticket that is presented to the KDC
-   as part of the authentication header is not that of the ticket-
-   granting server itself, and the server is registered in the realm of
-   the KDC, If the RENEW option is requested, then the KDC will verify
-   that the RENEWABLE flag is set in the ticket and that the renew_till
-   time is still in the future.  If the VALIDATE option is rqeuested,
-   the KDC will check that the starttime has passed and the INVALID flag
-   is set.  If the PROXY option is requested, then the KDC will check
-   that the PROXIABLE flag is set in the ticket.  If the tests succeed,
-   the KDC will issue the appropriate new ticket.
-
-   Whenever a request is made to the ticket-granting server, the
-   presented ticket(s) is(are) checked against a hot-list of tickets
-   which have been canceled.  This hot-list might be implemented by
-   storing a range of issue dates for "suspect tickets"; if a presented
-   ticket had an authtime in that range, it would be rejected.  In this
-   way, a stolen ticket-granting ticket or renewable ticket cannot be
-   used to gain additional tickets (renewals or otherwise) once the
-   theft has been reported.  Any normal ticket obtained before it was
-   reported stolen will still be valid (because they require no
-   interaction with the KDC), but only until their normal expiration
-   time.
-
-   The ciphertext part of the response in the KRB_TGS_REP message is
-   encrypted in the sub-session key from the Authenticator, if present,
-   or the session key key from the ticket-granting ticket.  It is not
-   encrypted using the client's secret key.  Furthermore, the client's
-   key's expiration date and the key version number fields are left out
-   since these values are stored along with the client's database
-   record, and that record is not needed to satisfy a request based on a
-   ticket-granting ticket.  See section A.6 for pseudocode.
-
-3.3.3.1.  Encoding the transited field
-
-   If the identity of the server in the TGT that is presented to the KDC
-   as part of the authentication header is that of the ticket-granting
-   service, but the TGT was issued from another realm, the KDC will look
-   up the inter-realm key shared with that realm and use that key to
-   decrypt the ticket.  If the ticket is valid, then the KDC will honor
-   the request, subject to the constraints outlined above in the section
-   describing the AS exchange.  The realm part of the client's identity
-   will be taken from the ticket-granting ticket.  The name of the realm
-   that issued the ticket-granting ticket will be added to the transited
-   field of the ticket to be issued.  This is accomplished by reading
-   the transited field from the ticket-granting ticket (which is treated
-   as an unordered set of realm names), adding the new realm to the set,
-
-
-
-Kohl & Neuman                                                  [Page 29]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   then constructing and writing out its encoded (shorthand) form (this
-   may involve a rearrangement of the existing encoding).
-
-   Note that the ticket-granting service does not add the name of its
-   own realm.  Instead, its responsibility is to add the name of the
-   previous realm.  This prevents a malicious Kerberos server from
-   intentionally leaving out its own name (it could, however, omit other
-   realms' names).
-
-   The names of neither the local realm nor the principal's realm are to
-   be included in the transited field.  They appear elsewhere in the
-   ticket and both are known to have taken part in authenticating the
-   principal.  Since the endpoints are not included, both local and
-   single-hop inter-realm authentication result in a transited field
-   that is empty.
-
-   Because the name of each realm transited  is  added  to this field,
-   it might potentially be very long.  To decrease the length of this
-   field, its contents are encoded.  The initially supported encoding is
-   optimized for the normal case of inter-realm communication: a
-   hierarchical arrangement of realms using either domain or X.500 style
-   realm names. This encoding (called DOMAIN-X500-COMPRESS) is now
-   described.
-
-   Realm names in the transited field are separated by a ",".  The ",",
-   "\", trailing "."s, and leading spaces (" ") are special characters,
-   and if they are part of a realm name, they must be quoted in the
-   transited field by preceding them with a "\".
-
-   A realm name ending with a "." is interpreted as  being prepended to
-   the previous realm.  For example, we can encode traversal of EDU,
-   MIT.EDU,  ATHENA.MIT.EDU,  WASHINGTON.EDU, and CS.WASHINGTON.EDU as:
-
-              "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.".
-
-   Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were endpoints,
-   that they would not be included in this field, and we would have:
-
-              "EDU,MIT.,WASHINGTON.EDU"
-
-   A realm name beginning with a "/" is interpreted as being appended to
-   the previous realm (For the purpose of appending, the realm preceding
-   the first listed realm is considered to be the null realm ("")).  If
-   it is to stand by itself, then it should be preceded by a space ("
-   ").  For example, we can encode traversal of /COM/HP/APOLLO, /COM/HP,
-   /COM, and /COM/DEC as:
-
-              "/COM,/HP,/APOLLO, /COM/DEC".
-
-
-
-Kohl & Neuman                                                  [Page 30]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints,
-   they they would not be included in this field, and we would have:
-
-              "/COM,/HP"
-
-   A null subfield preceding or following a "," indicates that all
-   realms between the previous realm and the next realm have been
-   traversed (For the purpose of interpreting null subfields, the
-   client's realm is considered to precede those in the transited field,
-   and the server's realm is considered to follow them.). Thus, ","
-   means that all realms along the path between the client and the
-   server have been traversed.  ",EDU, /COM," means that that all realms
-   from the client's realm up to EDU (in a domain style hierarchy) have
-   been traversed, and that everything from /COM down to the server's
-   realm in an X.500 style has also been traversed.  This could occur if
-   the EDU realm in one hierarchy shares an inter-realm key directly
-   with the /COM realm in another hierarchy.
-
-3.3.4. Receipt of KRB_TGS_REP message
-
-   When the KRB_TGS_REP is received by the client, it is processed in
-   the same manner as the KRB_AS_REP processing described above.  The
-   primary difference is that the ciphertext part of the response must
-   be decrypted using the session key from the ticket-granting ticket
-   rather than the client's secret key.  See section A.7 for pseudocode.
-
-3.4.  The KRB_SAFE Exchange
-
-   The KRB_SAFE message may be used by clients requiring the ability to
-   detect modifications of messages they exchange.  It achieves this by
-   including a keyed collisionproof checksum of the user data and some
-   control information.  The checksum is keyed with an encryption key
-   (usually the last key negotiated via subkeys, or the session key if
-   no negotiation has occured).
-
-3.4.1. Generation of a KRB_SAFE message
-
-   When an application wishes to send a KRB_SAFE message, it collects
-   its data and the appropriate control information and computes a
-   checksum over them.  The checksum algorithm should be some sort of
-   keyed one-way hash function (such as the RSA-MD5-DES checksum
-   algorithm specified in section 6.4.5, or the DES MAC), generated
-   using the sub-session key if present, or the session key.  Different
-   algorithms may be selected by changing the checksum type in the
-   message.  Unkeyed or non-collision-proof checksums are not suitable
-   for this use.
-
-   The control information for the KRB_SAFE message includes both a
-
-
-
-Kohl & Neuman                                                  [Page 31]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   timestamp and a sequence number.  The designer of an application
-   using the KRB_SAFE message must choose at least one of the two
-   mechanisms.  This choice should be based on the needs of the
-   application protocol.
-
-   Sequence numbers are useful when all messages sent will be received
-   by one's peer.  Connection state is presently required to maintain
-   the session key, so maintaining the next sequence number should not
-   present an additional problem.
-
-   If the application protocol is expected to tolerate lost messages
-   without them being resent, the use of the timestamp is the
-   appropriate replay detection mechanism.  Using timestamps is also the
-   appropriate mechanism for multi-cast protocols where all of one's
-   peers share a common sub-session key, but some messages will be sent
-   to a subset of one's peers.
-
-   After computing the checksum, the client then transmits the
-   information and checksum to the recipient in the message format
-   specified in section 5.6.1.
-
-3.4.2. Receipt of KRB_SAFE message
-
-   When an application receives a KRB_SAFE message, it verifies it as
-   follows.  If any error occurs, an error code is reported for use by
-   the application.
-
-   The message is first checked by verifying that the protocol version
-   and type fields match the current version and KRB_SAFE, respectively.
-   A mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE
-   error.  The application verifies that the checksum used is a
-   collisionproof keyed checksum, and if it is not, a
-   KRB_AP_ERR_INAPP_CKSUM error is generated.  The recipient verifies
-   that the operating system's report of the sender's address matches
-   the sender's address in the message, and (if a recipient address is
-   specified or the recipient requires an address) that one of the
-   recipient's addresses appears as the recipient's address in the
-   message.  A failed match for either case generates a
-   KRB_AP_ERR_BADADDR error.  Then the timestamp and usec and/or the
-   sequence number fields are checked.  If timestamp and usec are
-   expected and not present, or they are present but not current, the
-   KRB_AP_ERR_SKEW error is generated.  If the server name, along with
-   the client name, time and microsecond fields from the Authenticator
-   match any recently-seen such tuples, the KRB_AP_ERR_REPEAT error is
-   generated.  If an incorrect sequence number is included, or a
-   sequence number is expected but not present, the KRB_AP_ERR_BADORDER
-   error is generated.  If neither a timestamp and usec or a sequence
-   number is present, a KRB_AP_ERR_MODIFIED error is generated.
-
-
-
-Kohl & Neuman                                                  [Page 32]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   Finally, the checksum is computed over the data and control
-   information, and if it doesn't match the received checksum, a
-   KRB_AP_ERR_MODIFIED error is generated.
-
-   If all the checks succeed, the application is assured that the
-   message was generated by its peer and was not modified in transit.
-
-3.5.  The KRB_PRIV Exchange
-
-   The KRB_PRIV message may be used by clients requiring confidentiality
-   and the ability to detect modifications of exchanged messages.  It
-   achieves this by encrypting the messages and adding control
-   information.
-
-3.5.1. Generation of a KRB_PRIV message
-
-   When an application wishes to send a KRB_PRIV message, it collects
-   its data and the appropriate control information (specified in
-   section 5.7.1) and encrypts them under an encryption key (usually the
-   last key negotiated via subkeys, or the session key if no negotiation
-   has occured).  As part of the control information, the client must
-   choose to use either a timestamp or a sequence number (or both); see
-   the discussion in section 3.4.1 for guidelines on which to use.
-   After the user data and control information are encrypted, the client
-   transmits the ciphertext and some "envelope" information to the
-   recipient.
-
-3.5.2. Receipt of KRB_PRIV message
-
-   When an application receives a KRB_PRIV message, it verifies it as
-   follows.  If any error occurs, an error code is reported for use by
-   the application.
-
-   The message is first checked by verifying that the protocol version
-   and type fields match the current version and KRB_PRIV, respectively.
-   A mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE
-   error.  The application then decrypts the ciphertext and processes
-   the resultant plaintext. If decryption shows the data to have been
-   modified, a KRB_AP_ERR_BAD_INTEGRITY error is generated.  The
-   recipient verifies that the operating system's report of the sender's
-   address matches the sender's address in the message, and (if a
-   recipient address is specified or the recipient requires an address)
-   that one of the recipient's addresses appears as the recipient's
-   address in the message.  A failed match for either case generates a
-   KRB_AP_ERR_BADADDR error.  Then the timestamp and usec and/or the
-   sequence number fields are checked. If timestamp and usec are
-   expected and not present, or they are present but not current, the
-   KRB_AP_ERR_SKEW error is generated.  If the server name, along with
-
-
-
-Kohl & Neuman                                                  [Page 33]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   the client name, time and microsecond fields from the Authenticator
-   match any recently-seen such tuples, the KRB_AP_ERR_REPEAT error is
-   generated.  If an incorrect sequence number is included, or a
-   sequence number is expected but not present, the KRB_AP_ERR_BADORDER
-   error is generated.  If neither a timestamp and usec or a sequence
-   number is present, a KRB_AP_ERR_MODIFIED error is generated.
-
-   If all the checks succeed, the application can assume the message was
-   generated by its peer, and was securely transmitted (without
-   intruders able to see the unencrypted contents).
-
-3.6.  The KRB_CRED Exchange
-
-   The KRB_CRED message may be used by clients requiring the ability to
-   send Kerberos credentials from one host to another.  It achieves this
-   by sending the tickets together with encrypted data containing the
-   session keys and other information associated with the tickets.
-
-3.6.1. Generation of a KRB_CRED message
-
-   When an application wishes to send a KRB_CRED message it first (using
-   the KRB_TGS exchange) obtains credentials to be sent to the remote
-   host.  It then constructs a KRB_CRED message using the ticket or
-   tickets so obtained, placing the session key needed to use each
-   ticket in the key field of the corresponding KrbCredInfo sequence of
-   the encrypted part of the the KRB_CRED message.
-
-   Other information associated with each ticket and obtained during the
-   KRB_TGS exchange is also placed in the corresponding KrbCredInfo
-   sequence in the encrypted part of the KRB_CRED message.  The current
-   time and, if specifically required by the application the nonce, s-
-   address, and raddress fields, are placed in the encrypted part of the
-   KRB_CRED message which is then encrypted under an encryption key
-   previosuly exchanged in the KRB_AP exchange (usually the last key
-   negotiated via subkeys, or the session key if no negotiation has
-   occured).
-
-3.6.2. Receipt of KRB_CRED message
-
-   When an application receives a KRB_CRED message, it verifies it.  If
-   any error occurs, an error code is reported for use by the
-   application.  The message is verified by checking that the protocol
-   version and type fields match the current version and KRB_CRED,
-   respectively.  A mismatch generates a KRB_AP_ERR_BADVERSION or
-   KRB_AP_ERR_MSG_TYPE error.  The application then decrypts the
-   ciphertext and processes the resultant plaintext. If decryption shows
-   the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY error is
-   generated.
-
-
-
-Kohl & Neuman                                                  [Page 34]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   If present or required, the recipient verifies that the operating
-   system's report of the sender's address matches the sender's address
-   in the message, and that one of the recipient's addresses appears as
-   the recipient's address in the message.  A failed match for either
-   case generates a KRB_AP_ERR_BADADDR error.  The timestamp and usec
-   fields (and the nonce field if required) are checked next.  If the
-   timestamp and usec are not present, or they are present but not
-   current, the KRB_AP_ERR_SKEW error is generated.
-
-   If all the checks succeed, the application stores each of the new
-   tickets in its ticket cache together with the session key and other
-   information in the corresponding KrbCredInfo sequence from the
-   encrypted part of the KRB_CRED message.
-
-4.  The Kerberos Database
-
-   The Kerberos server must have access to a database containing the
-   principal identifiers and secret keys of principals to be
-   authenticated (The implementation of the Kerberos server need not
-   combine the database and the server on the same machine; it is
-   feasible to store the principal database in, say, a network name
-   service, as long as the entries stored therein are protected from
-   disclosure to and modification by unauthorized parties.  However, we
-   recommend against such strategies, as they can make system management
-   and threat analysis quite complex.).
-
-4.1.  Database contents
-
-   A database entry should contain at least the following fields:
-
-   Field                Value
-
-   name                 Principal's identifier
-   key                  Principal's secret key
-   p_kvno               Principal's key version
-   max_life             Maximum lifetime for Tickets
-   max_renewable_life   Maximum total lifetime for renewable
-                        Tickets
-
-   The name field is an encoding of the principal's identifier.  The key
-   field contains an encryption key.  This key is the principal's secret
-   key.  (The key can be encrypted before storage under a Kerberos
-   "master key" to protect it in case the database is compromised but
-   the master key is not.  In that case, an extra field must be added to
-   indicate the master key version used, see below.) The p_kvno field is
-   the key version number of the principal's secret key.  The max_life
-   field contains the maximum allowable lifetime (endtime - starttime)
-   for any Ticket issued for this principal.  The max_renewable_life
-
-
-
-Kohl & Neuman                                                  [Page 35]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   field contains the maximum allowable total lifetime for any renewable
-   Ticket issued for this principal.  (See section 3.1 for a description
-   of how these lifetimes are used in determining the lifetime of a
-   given Ticket.)
-
-   A server may provide KDC service to several realms, as long as the
-   database representation provides a mechanism to distinguish between
-   principal records with identifiers which differ only in the realm
-   name.
-
-   When an application server's key changes, if the change is routine
-   (i.e.,  not the result of disclosure of the old key), the old key
-   should be retained by the server until all tickets that had been
-   issued using that key have expired.  Because of this, it is possible
-   for several keys to be active for a single principal.  Ciphertext
-   encrypted in a principal's key is always tagged with the version of
-   the key that was used for encryption, to help the recipient find the
-   proper key for decryption.
-
-   When more than one key is active for a particular principal, the
-   principal will have more than one record in the Kerberos database.
-   The keys and key version numbers will differ between the records (the
-   rest of the fields may or may not be the same). Whenever Kerberos
-   issues a ticket, or responds to a request for initial authentication,
-   the most recent key (known by the Kerberos server) will be used for
-   encryption.  This is the key with the highest key version number.
-
-4.2.  Additional fields
-
-   Project Athena's KDC implementation uses additional fields in its
-   database:
-
-   Field        Value
-
-   K_kvno       Kerberos' key version
-   expiration   Expiration date for entry
-   attributes   Bit field of attributes
-   mod_date     Timestamp of last modification
-   mod_name     Modifying principal's identifier
-
-   The K_kvno field indicates the key version of the Kerberos master key
-   under which the principal's secret key is encrypted.
-
-   After an entry's expiration date has passed, the KDC will return an
-   error to any client attempting to gain tickets as or for the
-   principal.  (A database may want to maintain two expiration dates:
-   one for the principal, and one for the principal's current key.  This
-   allows password aging to work independently of the principal's
-
-
-
-Kohl & Neuman                                                  [Page 36]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   expiration date.  However, due to the limited space in the responses,
-   the KDC must combine the key expiration and principal expiration date
-   into a single value called "key_exp", which is used as a hint to the
-   user to take administrative action.)
-
-   The attributes field is a bitfield used to govern the operations
-   involving the principal.  This field might be useful in conjunction
-   with user registration procedures, for site-specific policy
-   implementations (Project Athena currently uses it for their user
-   registration process controlled by the system-wide database service,
-   Moira [7]), or to identify the "string to key" conversion algorithm
-   used for a principal's key.  (See the discussion of the padata field
-   in section 5.4.2 for details on why this can be useful.)  Other bits
-   are used to indicate that certain ticket options should not be
-   allowed in tickets encrypted under a principal's key (one bit each):
-   Disallow issuing postdated tickets, disallow issuing forwardable
-   tickets, disallow issuing tickets based on TGT authentication,
-   disallow issuing renewable tickets, disallow issuing proxiable
-   tickets, and disallow issuing tickets for which the principal is the
-   server.
-
-   The mod_date field contains the time of last modification of the
-   entry, and the mod_name field contains the name of the principal
-   which last modified the entry.
-
-4.3.  Frequently Changing Fields
-
-   Some KDC implementations may wish to maintain the last time that a
-   request was made by a particular principal.  Information that might
-   be maintained includes the time of the last request, the time of the
-   last request for a ticket-granting ticket, the time of the last use
-   of a ticket-granting ticket, or other times.  This information can
-   then be returned to the user in the last-req field (see section 5.2).
-
-   Other frequently changing information that can be maintained is the
-   latest expiration time for any tickets that have been issued using
-   each key.  This field would be used to indicate how long old keys
-   must remain valid to allow the continued use of outstanding tickets.
-
-4.4.  Site Constants
-
-   The KDC implementation should have the following configurable
-   constants or options, to allow an administrator to make and enforce
-   policy decisions:
-
-   + The minimum supported lifetime (used to determine whether the
-      KDC_ERR_NEVER_VALID error should be returned). This constant
-      should reflect reasonable expectations of round-trip time to the
-
-
-
-Kohl & Neuman                                                  [Page 37]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-      KDC, encryption/decryption time, and processing time by the client
-      and target server, and it should allow for a minimum "useful"
-      lifetime.
-
-   + The maximum allowable total (renewable) lifetime of a ticket
-      (renew_till - starttime).
-
-   + The maximum allowable lifetime of a ticket (endtime - starttime).
-
-   + Whether to allow the issue of tickets with empty address fields
-      (including the ability to specify that such tickets may only be
-      issued if the request specifies some authorization_data).
-
-   + Whether proxiable, forwardable, renewable or post-datable tickets
-      are to be issued.
-
-5.  Message Specifications
-
-   The following sections describe the exact contents and encoding of
-   protocol messages and objects.  The ASN.1 base definitions are
-   presented in the first subsection.  The remaining subsections specify
-   the protocol objects (tickets and authenticators) and messages.
-   Specification of encryption and checksum techniques, and the fields
-   related to them, appear in section 6.
-
-5.1.  ASN.1 Distinguished Encoding Representation
-
-   All uses of ASN.1 in Kerberos shall use the Distinguished Encoding
-   Representation of the data elements as described in the X.509
-   specification, section 8.7 [8].
-
-5.2.  ASN.1 Base Definitions
-
-   The following ASN.1 base definitions are used in the rest of this
-   section. Note that since the underscore character (_) is not
-   permitted in ASN.1 names, the hyphen (-) is used in its place for the
-   purposes of ASN.1 names.
-
-   Realm ::=           GeneralString
-   PrincipalName ::=   SEQUENCE {
-                       name-type[0]     INTEGER,
-                       name-string[1]   SEQUENCE OF GeneralString
-   }
-
-   Kerberos realms are encoded as GeneralStrings. Realms shall not
-   contain a character with the code 0 (the ASCII NUL).  Most realms
-   will usually consist of several components separated by periods (.),
-   in the style of Internet Domain Names, or separated by slashes (/) in
-
-
-
-Kohl & Neuman                                                  [Page 38]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   the style of X.500 names.  Acceptable forms for realm names are
-   specified in section 7.  A PrincipalName is a typed sequence of
-   components consisting of the following sub-fields:
-
-   name-type This field specifies the type of name that follows.
-             Pre-defined values for this field are
-             specified in section 7.2.  The name-type should be
-             treated as a hint.  Ignoring the name type, no two
-             names can be the same (i.e., at least one of the
-             components, or the realm, must be different).
-             This constraint may be eliminated in the future.
-
-   name-string This field encodes a sequence of components that
-               form a name, each component encoded as a General
-               String.  Taken together, a PrincipalName and a Realm
-               form a principal identifier.  Most PrincipalNames
-               will have only a few components (typically one or two).
-
-           KerberosTime ::=   GeneralizedTime
-                              -- Specifying UTC time zone (Z)
-
-   The timestamps used in Kerberos are encoded as GeneralizedTimes.  An
-   encoding shall specify the UTC time zone (Z) and shall not include
-   any fractional portions of the seconds.  It further shall not include
-   any separators.  Example: The only valid format for UTC time 6
-   minutes, 27 seconds after 9 pm on 6 November 1985 is 19851106210627Z.
-
-    HostAddress ::=     SEQUENCE  {
-                        addr-type[0]             INTEGER,
-                        address[1]               OCTET STRING
-    }
-
-    HostAddresses ::=   SEQUENCE OF SEQUENCE {
-                        addr-type[0]             INTEGER,
-                        address[1]               OCTET STRING
-    }
-
-
-   The host adddress encodings consists of two fields:
-
-   addr-type  This field specifies the type of  address that
-              follows. Pre-defined values for this field are
-              specified in section 8.1.
-
-
-   address   This field encodes a single address of type addr-type.
-
-   The two forms differ slightly. HostAddress contains exactly one
-
-
-
-Kohl & Neuman                                                  [Page 39]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   address; HostAddresses contains a sequence of possibly many
-   addresses.
-
-   AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-                           ad-type[0]               INTEGER,
-                           ad-data[1]               OCTET STRING
-   }
-
-
-   ad-data   This field contains authorization data to be
-             interpreted according to the value of the
-             corresponding ad-type field.
-
-   ad-type   This field specifies the format for the ad-data
-             subfield.  All negative values are reserved for
-             local use.  Non-negative values are reserved for
-             registered use.
-
-                   APOptions ::=   BIT STRING {
-                                   reserved(0),
-                                   use-session-key(1),
-                                   mutual-required(2)
-                   }
-
-
-                   TicketFlags ::=   BIT STRING {
-                                     reserved(0),
-                                     forwardable(1),
-                                     forwarded(2),
-                                     proxiable(3),
-                                     proxy(4),
-                                     may-postdate(5),
-                                     postdated(6),
-                                     invalid(7),
-                                     renewable(8),
-                                     initial(9),
-                                     pre-authent(10),
-                                     hw-authent(11)
-                   }
-
-                  KDCOptions ::=   BIT STRING {
-                                   reserved(0),
-                                   forwardable(1),
-                                   forwarded(2),
-                                   proxiable(3),
-                                   proxy(4),
-                                   allow-postdate(5),
-                                   postdated(6),
-
-
-
-Kohl & Neuman                                                  [Page 40]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                                   unused7(7),
-                                   renewable(8),
-                                   unused9(9),
-                                   unused10(10),
-                                   unused11(11),
-                                   renewable-ok(27),
-                                   enc-tkt-in-skey(28),
-                                   renew(30),
-                                   validate(31)
-                  }
-
-
-            LastReq ::=   SEQUENCE OF SEQUENCE {
-                          lr-type[0]               INTEGER,
-                          lr-value[1]              KerberosTime
-            }
-
-   lr-type   This field indicates how the following lr-value
-             field is to be interpreted.  Negative values indicate
-             that the information pertains only to the
-             responding server.  Non-negative values pertain to
-             all servers for the realm.
-
-             If the lr-type field is zero (0), then no information
-             is conveyed by the lr-value subfield.  If the
-             absolute value of the lr-type field is one (1),
-             then the lr-value subfield is the time of last
-             initial request for a TGT.  If it is two (2), then
-             the lr-value subfield is the time of last initial
-             request.  If it is three (3), then the lr-value
-             subfield is the time of issue for the newest
-             ticket-granting ticket used. If it is four (4),
-             then the lr-value subfield is the time of the last
-             renewal.  If it is five (5), then the lr-value
-             subfield is the time of last request (of any
-             type).
-
-   lr-value  This field contains the time of the last request.
-             The time must be interpreted according to the contents
-             of the accompanying lr-type subfield.
-
-   See section 6 for the definitions of Checksum, ChecksumType,
-   EncryptedData, EncryptionKey, EncryptionType, and KeyType.
-
-
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 41]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-5.3.  Tickets and Authenticators
-
-   This section describes the format and encryption parameters for
-   tickets and authenticators.  When a ticket or authenticator is
-   included in a protocol message it is treated as an opaque object.
-
-5.3.1. Tickets
-
-   A ticket is a record that helps a client authenticate to a service.
-   A Ticket contains the following information:
-
-Ticket ::=                    [APPLICATION 1] SEQUENCE {
-                              tkt-vno[0]                   INTEGER,
-                              realm[1]                     Realm,
-                              sname[2]                     PrincipalName,
-                              enc-part[3]                  EncryptedData
-}
--- Encrypted part of ticket
-EncTicketPart ::=     [APPLICATION 3] SEQUENCE {
-                      flags[0]             TicketFlags,
-                      key[1]               EncryptionKey,
-                      crealm[2]            Realm,
-                      cname[3]             PrincipalName,
-                      transited[4]         TransitedEncoding,
-                      authtime[5]          KerberosTime,
-                      starttime[6]         KerberosTime OPTIONAL,
-                      endtime[7]           KerberosTime,
-                      renew-till[8]        KerberosTime OPTIONAL,
-                      caddr[9]             HostAddresses OPTIONAL,
-                      authorization-data[10]   AuthorizationData OPTIONAL
-}
--- encoded Transited field
-TransitedEncoding ::=         SEQUENCE {
-                              tr-type[0]  INTEGER, -- must be registered
-                              contents[1]          OCTET STRING
-}
-
-   The encoding of EncTicketPart is encrypted in the key shared by
-   Kerberos and the end server (the server's secret key).  See section 6
-   for the format of the ciphertext.
-
-   tkt-vno   This field specifies the version number for the ticket
-             format.  This document describes version number 5.
-
-   realm     This field specifies the realm that issued a ticket.  It
-             also serves to identify the realm part of the server's
-             principal identifier.  Since a Kerberos server can only
-             issue tickets for servers within its realm, the two will
-
-
-
-Kohl & Neuman                                                  [Page 42]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             always be identical.
-
-   sname     This field specifies the name part of the server's
-             identity.
-
-   enc-part  This field holds the encrypted encoding of the
-             EncTicketPart sequence.
-
-   flags     This field indicates which of various options were used or
-             requested when the ticket was issued.  It is a bit-field,
-             where the selected options are indicated by the bit being
-             set (1), and the unselected options and reserved fields
-             being reset (0).  Bit 0 is the most significant bit.  The
-             encoding of the bits is specified in section 5.2.  The
-             flags are described in more detail above in section 2.  The
-             meanings of the flags are:
-
-             Bit(s)    Name        Description
-
-             0         RESERVED    Reserved for future expansion of this
-                                   field.
-
-             1         FORWARDABLE The FORWARDABLE flag is normally only
-                                   interpreted by the TGS, and can be
-                                   ignored by end servers.  When set,
-                                   this flag tells the ticket-granting
-                                   server that it is OK to issue a new
-                                   ticket- granting ticket with a
-                                   different network address based on
-                                   the presented ticket.
-
-             2         FORWARDED   When set, this flag indicates that
-                                   the ticket has either been forwarded
-                                   or was issued based on authentication
-                                   involving a forwarded ticket-granting
-                                   ticket.
-
-             3         PROXIABLE   The PROXIABLE flag is normally only
-                                   interpreted by the TGS, and can be
-                                   ignored by end servers. The PROXIABLE
-                                   flag has an interpretation identical
-                                   to that of the FORWARDABLE flag,
-                                   except that the PROXIABLE flag tells
-                                   the ticket-granting server that only
-                                   non- ticket-granting tickets may be
-                                   issued with different network
-                                   addresses.
-
-
-
-
-Kohl & Neuman                                                  [Page 43]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             4         PROXY      When set, this flag indicates that a
-                                   ticket is a proxy.
-
-             5         MAY-POSTDATE The MAY-POSTDATE flag is normally
-                                   only interpreted by the TGS, and can
-                                   be ignored by end servers.  This flag
-                                   tells the ticket-granting server that
-                                   a post- dated ticket may be issued
-                                   based on this ticket-granting ticket.
-
-             6         POSTDATED   This flag indicates that this ticket
-                                   has been postdated.  The end-service
-                                   can check the authtime field to see
-                                   when the original authentication
-                                   occurred.
-
-             7         INVALID     This flag indicates that a ticket is
-                                   invalid, and it must be validated by
-                                   the KDC before use.  Application
-                                   servers must reject tickets which
-                                   have this flag set.
-
-             8         RENEWABLE   The RENEWABLE flag is normally only
-                                   interpreted by the TGS, and can
-                                   usually be ignored by end servers
-                                   (some particularly careful servers
-                                   may wish to disallow renewable
-                                   tickets).  A renewable ticket can be
-                                   used to obtain a replacement ticket
-                                   that expires at a later date.
-
-             9         INITIAL     This flag indicates that this ticket
-                                   was issued using the AS protocol, and
-                                   not issued based on a ticket-granting
-                                   ticket.
-
-             10        PRE-AUTHENT This flag indicates that during
-                                   initial authentication, the client
-                                   was authenticated by the KDC before a
-                                   ticket was issued.  The strength of
-                                   the preauthentication method is not
-                                   indicated, but is acceptable to the
-                                   KDC.
-
-             11        HW-AUTHENT  This flag indicates that the protocol
-                                   employed for initial authentication
-                                   required the use of hardware expected
-                                   to be possessed solely by the named
-
-
-
-Kohl & Neuman                                                  [Page 44]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                                   client.  The hardware authentication
-                                   method is selected by the KDC and the
-                                   strength of the method is not
-                                   indicated.
-
-             12-31     RESERVED    Reserved for future use.
-
-   key       This field exists in the ticket and the KDC response and is
-             used to pass the session key from Kerberos to the
-             application server and the client.  The field's encoding is
-             described in section 6.2.
-
-   crealm    This field contains the name of the realm in which the
-             client is registered and in which initial authentication
-             took place.
-
-   cname     This field contains the name part of the client's principal
-             identifier.
-
-   transited This field lists the names of the Kerberos realms that took
-             part in authenticating the user to whom this ticket was
-             issued.  It does not specify the order in which the realms
-             were transited.  See section 3.3.3.1 for details on how
-             this field encodes the traversed realms.
-
-   authtime  This field indicates the time of initial authentication for
-             the named principal.  It is the time of issue for the
-             original ticket on which this ticket is based.  It is
-             included in the ticket to provide additional information to
-             the end service, and  to provide  the necessary information
-             for implementation of a `hot list' service at the KDC.   An
-             end service that is particularly paranoid could refuse to
-             accept tickets for which the initial authentication
-             occurred "too far" in the past.
-
-             This field is also returned as part of the response from
-             the KDC.  When returned as part of the response to initial
-             authentication (KRB_AS_REP), this is the current time on
-             the Kerberos server (It is NOT recommended that this time
-             value be used to adjust the workstation's clock since the
-             workstation cannot reliably determine that such a
-             KRB_AS_REP actually came from the proper KDC in a timely
-             manner.).
-
-   starttime This field in the ticket specifies the time after which the
-             ticket is valid.  Together with endtime, this field
-             specifies the life of the ticket.   If it is absent from
-             the ticket, its value should be treated as that of the
-
-
-
-Kohl & Neuman                                                  [Page 45]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             authtime field.
-
-   endtime   This field contains the time after which the ticket will
-             not be honored (its expiration time).  Note that individual
-             services may place their own limits on the life of a ticket
-             and may reject tickets which have not yet expired.  As
-             such, this is really an upper bound on the expiration time
-             for the ticket.
-
-   renew-till This field is only present in tickets that have the
-             RENEWABLE flag set in the flags field.  It indicates the
-             maximum endtime that may be included in a renewal.  It can
-             be thought of as the absolute expiration time for the
-             ticket, including all renewals.
-
-   caddr     This field in a ticket contains zero (if omitted) or more
-             (if present) host addresses.  These are the addresses from
-             which the ticket can be used.  If there are no addresses,
-             the ticket can be used from any location.  The decision
-             by the KDC to issue or by the end server to accept zero-
-             address tickets is a policy decision and is left to the
-             Kerberos and end-service administrators; they may refuse to
-             issue or accept such tickets.  The suggested and default
-             policy, however, is that such tickets will only be issued
-             or accepted when additional information that can be used to
-             restrict the use of the ticket is included in the
-             authorization_data field.  Such a ticket is a capability.
-
-             Network addresses are included in the ticket to make it
-             harder for an attacker to use stolen credentials. Because
-             the session key is not sent over the network in cleartext,
-             credentials can't be stolen simply by listening to the
-             network; an attacker has to gain access to the session key
-             (perhaps through operating system security breaches or a
-             careless user's unattended session) to make use of stolen
-             tickets.
-
-             It is important to note that the network address from which
-             a connection is received cannot be reliably determined.
-             Even if it could be, an attacker who has compromised the
-             client's workstation could use the credentials from there.
-             Including the network addresses only makes it more
-             difficult, not impossible, for an attacker to walk off with
-             stolen credentials and then use them from a "safe"
-             location.
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 46]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   authorization-data The authorization-data field is used to pass
-             authorization data from the principal on whose behalf a
-             ticket was issued to the application service.  If no
-             authorization data is included, this field will be left
-             out.  The data in this field are specific to the end
-             service.  It is expected that the field will contain the
-             names of service specific objects, and the rights to those
-             objects.  The format for this field is described in section
-             5.2.  Although Kerberos is not concerned with the format of
-             the contents of the subfields, it does carry type
-             information (ad-type).
-
-             By using the authorization_data field, a principal is able
-             to issue a proxy that is valid for a specific purpose.  For
-             example, a client wishing to print a file can obtain a file
-             server proxy to be passed to the print server.  By
-             specifying the name of the file in the authorization_data
-             field, the file server knows that the print server can only
-             use the client's rights when accessing the particular file
-             to be printed.
-
-             It is interesting to note that if one specifies the
-             authorization-data field of a proxy and leaves the host
-             addresses blank, the resulting ticket and session key can
-             be treated as a capability.  See [9] for some suggested
-             uses of this field.
-
-             The authorization-data field is optional and does not have
-             to be included in a ticket.
-
-5.3.2. Authenticators
-
-   An authenticator is a record sent with a ticket to a server to
-   certify the client's knowledge of the encryption key in the ticket,
-   to help the server detect replays, and to help choose a "true session
-   key" to use with the particular session.  The encoding is encrypted
-   in the ticket's session key shared by the client and the server:
-
--- Unencrypted authenticator
-Authenticator ::=    [APPLICATION 2] SEQUENCE    {
-               authenticator-vno[0]          INTEGER,
-               crealm[1]                     Realm,
-               cname[2]                      PrincipalName,
-               cksum[3]                      Checksum OPTIONAL,
-               cusec[4]                      INTEGER,
-               ctime[5]                      KerberosTime,
-               subkey[6]                     EncryptionKey OPTIONAL,
-               seq-number[7]                 INTEGER OPTIONAL,
-
-
-
-Kohl & Neuman                                                  [Page 47]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-               authorization-data[8]         AuthorizationData OPTIONAL
-                     }
-
-   authenticator-vno This field specifies the version number for the
-             format of the authenticator. This document specifies
-             version 5.
-
-   crealm and cname These fields are the same as those described for the
-             ticket in section 5.3.1.
-
-   cksum     This field contains a checksum of the the application data
-             that accompanies the KRB_AP_REQ.
-
-   cusec     This field contains the microsecond part of the client's
-             timestamp.  Its value (before encryption) ranges from 0 to
-             999999.  It often appears along with ctime.  The two fields
-             are used together to specify a reasonably accurate
-             timestamp.
-
-   ctime     This field contains the current time on the client's host.
-
-   subkey    This field contains the client's choice for an encryption
-             key which is to be used to protect this specific
-             application session. Unless an application specifies
-             otherwise, if this field is left out the session key from
-             the ticket will be used.
-
-   seq-number This optional field includes the initial sequence number
-             to be used by the KRB_PRIV or KRB_SAFE messages when
-             sequence numbers are used to detect replays (It may also be
-             used by application specific messages).  When included in
-             the authenticator this field specifies the initial sequence
-             number for messages from the client to the server.  When
-             included in the AP-REP message, the initial sequence number
-             is that for messages from the server to the client.  When
-             used in KRB_PRIV or KRB_SAFE messages, it is incremented by
-             one after each message is sent.
-
-             For sequence numbers to adequately support the detection of
-             replays they should be non-repeating, even across
-             connection boundaries. The initial sequence number should
-             be random and uniformly distributed across the full space
-             of possible sequence numbers, so that it cannot be guessed
-             by an attacker and so that it and the successive sequence
-             numbers do not repeat other sequences.
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 48]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   authorization-data This field is the same as described for the ticket
-             in section 5.3.1.  It is optional and will only appear when
-             additional restrictions are to be placed on the use of a
-             ticket, beyond those carried in the ticket itself.
-
-5.4.  Specifications for the AS and TGS exchanges
-
-   This section specifies the format of the messages used in exchange
-   between the client and the Kerberos server.  The format of possible
-   error messages appears in section 5.9.1.
-
-5.4.1. KRB_KDC_REQ definition
-
-   The KRB_KDC_REQ message has no type of its own.  Instead, its type is
-   one of KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is
-   for an initial ticket or an additional ticket.  In either case, the
-   message is sent from the client to the Authentication Server to
-   request credentials for a service.
-
-The message fields are:
-
-AS-REQ ::=         [APPLICATION 10] KDC-REQ
-TGS-REQ ::=        [APPLICATION 12] KDC-REQ
-
-KDC-REQ ::=        SEQUENCE {
-           pvno[1]               INTEGER,
-           msg-type[2]           INTEGER,
-           padata[3]             SEQUENCE OF PA-DATA OPTIONAL,
-           req-body[4]           KDC-REQ-BODY
-}
-
-PA-DATA ::=        SEQUENCE {
-           padata-type[1]        INTEGER,
-           padata-value[2]       OCTET STRING,
-                         -- might be encoded AP-REQ
-}
-
-KDC-REQ-BODY ::=   SEQUENCE {
-            kdc-options[0]       KDCOptions,
-            cname[1]             PrincipalName OPTIONAL,
-                         -- Used only in AS-REQ
-            realm[2]             Realm, -- Server's realm
-                         -- Also client's in AS-REQ
-            sname[3]             PrincipalName OPTIONAL,
-            from[4]              KerberosTime OPTIONAL,
-            till[5]              KerberosTime,
-            rtime[6]             KerberosTime OPTIONAL,
-            nonce[7]             INTEGER,
-
-
-
-Kohl & Neuman                                                  [Page 49]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-            etype[8]             SEQUENCE OF INTEGER, -- EncryptionType,
-                         -- in preference order
-            addresses[9]         HostAddresses OPTIONAL,
-            enc-authorization-data[10]   EncryptedData OPTIONAL,
-                         -- Encrypted AuthorizationData encoding
-            additional-tickets[11]       SEQUENCE OF Ticket OPTIONAL
-}
-
-   The fields in this message are:
-
-   pvno      This field is included in each message, and specifies the
-             protocol version number.  This document specifies protocol
-             version 5.
-
-   msg-type  This field indicates the type of a protocol message.  It
-             will almost always be the same as the application
-             identifier associated with a message.  It is included to
-             make the identifier more readily accessible to the
-             application.  For the KDC-REQ message, this type will be
-             KRB_AS_REQ or KRB_TGS_REQ.
-
-   padata    The padata (pre-authentication data) field contains a of
-             authentication information which may be needed before
-             credentials can be issued or decrypted.  In the case of
-             requests for additional tickets (KRB_TGS_REQ), this field
-             will include an element with padata-type of PA-TGS-REQ and
-             data of an authentication header (ticket-granting ticket
-             and authenticator). The checksum in the authenticator
-             (which must be collisionproof) is to be computed over the
-             KDC-REQ-BODY encoding.  In most requests for initial
-             authentication (KRB_AS_REQ) and most replies (KDC-REP), the
-             padata field will be left out.
-
-             This field may also contain information needed by certain
-             extensions to the Kerberos protocol.  For example, it might
-             be used to initially verify the identity of a client before
-             any response is returned.  This is accomplished with a
-             padata field with padata-type equal to PA-ENC-TIMESTAMP and
-             padata-value defined as follows:
-
-   padata-type     ::= PA-ENC-TIMESTAMP
-   padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
-
-   PA-ENC-TS-ENC   ::= SEQUENCE {
-           patimestamp[0]               KerberosTime, -- client's time
-           pausec[1]                    INTEGER OPTIONAL
-   }
-
-
-
-
-Kohl & Neuman                                                  [Page 50]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             with patimestamp containing the client's time and pausec
-             containing the microseconds which may be omitted if a
-             client will not generate more than one request per second.
-             The ciphertext (padata-value) consists of the PA-ENC-TS-ENC
-             sequence, encrypted using the client's secret key.
-
-             The padata field can also contain information needed to
-             help the KDC or the client select the key needed for
-             generating or decrypting the response.  This form of the
-             padata is useful for supporting the use of certain
-             "smartcards" with Kerberos.  The details of such extensions
-             are beyond the scope of this specification.  See [10] for
-             additional uses of this field.
-
-   padata-type The padata-type element of the padata field indicates the
-             way that the padata-value element is to be interpreted.
-             Negative values of padata-type are reserved for
-             unregistered use; non-negative values are used for a
-             registered interpretation of the element type.
-
-   req-body  This field is a placeholder delimiting the extent of the
-             remaining fields.  If a checksum is to be calculated over
-             the request, it is calculated over an encoding of the KDC-
-             REQ-BODY sequence which is enclosed within the req-body
-             field.
-
-   kdc-options This field appears in the KRB_AS_REQ and KRB_TGS_REQ
-             requests to the KDC and indicates the flags that the client
-             wants set on the tickets as well as other information that
-             is to modify the behavior of the KDC. Where appropriate,
-             the name of an option may be the same as the flag that is
-             set by that option.  Although in most case, the bit in the
-             options field will be the same as that in the flags field,
-             this is not guaranteed, so it is not acceptable to simply
-             copy the options field to the flags field.  There are
-             various checks that must be made before honoring an option
-             anyway.
-
-             The kdc_options field is a bit-field, where the selected
-             options are indicated by the bit being set (1), and the
-             unselected options and reserved fields being reset (0).
-             The encoding of the bits is specified in section 5.2.  The
-             options are described in more detail above in section 2.
-             The meanings of the options are:
-
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 51]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             Bit(s)  Name         Description
-
-             0       RESERVED     Reserved for future expansion of this
-                                  field.
-
-             1       FORWARDABLE  The FORWARDABLE option indicates that
-                                  the ticket to be issued is to have its
-                                  forwardable flag set.  It may only be
-                                  set on the initial request, or in a
-                                  subsequent request if the ticket-
-                                  granting ticket on which it is based
-                                  is also forwardable.
-
-             2       FORWARDED    The FORWARDED option is only specified
-                                  in a request to the ticket-granting
-                                  server and will only be honored if the
-                                  ticket-granting ticket in the request
-                                  has its FORWARDABLE bit set.  This
-                                  option indicates that this is a
-                                  request for forwarding. The
-                                  address(es) of the host from which the
-                                  resulting ticket is to be valid are
-                                  included in the addresses field of the
-                                  request.
-
-
-             3       PROXIABLE    The PROXIABLE option indicates that
-                                  the ticket to be issued is to have its
-                                  proxiable flag set. It may only be set
-                                  on the initial request, or in a
-                                  subsequent request if the ticket-
-                                  granting ticket on which it is based
-                                  is also proxiable.
-
-             4       PROXY        The PROXY option indicates that this
-                                  is a request for a proxy.  This option
-                                  will only be honored if the ticket-
-                                  granting ticket in the request has its
-                                  PROXIABLE bit set.  The address(es) of
-                                  the host from which the resulting
-                                  ticket is to be valid are included in
-                                  the addresses field of the request.
-
-             5       ALLOW-POSTDATE The ALLOW-POSTDATE option indicates
-                                  that the ticket to be issued is to
-                                  have its MAY-POSTDATE flag set.  It
-                                  may only be set on the initial
-                                  request, or in a subsequent request if
-
-
-
-Kohl & Neuman                                                  [Page 52]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                                  the ticket-granting ticket on which it
-                                  is based also has its MAY-POSTDATE
-                                  flag set.
-
-             6       POSTDATED    The POSTDATED option indicates that
-                                  this is a request for a postdated
-                                  ticket.  This option will only be
-                                  honored if the ticket-granting ticket
-                                  on which it is based has its MAY-
-                                  POSTDATE flag set.  The resulting
-                                  ticket will also have its INVALID flag
-                                  set, and that flag may be reset by a
-                                  subsequent request to the KDC after
-                                  the starttime in the ticket has been
-                                  reached.
-
-             7       UNUSED       This option is presently unused.
-
-             8       RENEWABLE    The RENEWABLE option indicates that
-                                  the ticket to be issued is to have its
-                                  RENEWABLE flag set.  It may only be
-                                  set on the initial request, or when
-                                  the ticket-granting ticket on which
-                                  the request is based is also
-                                  renewable.  If this option is
-                                  requested, then the rtime field in the
-                                  request contains the desired absolute
-                                  expiration time for the ticket.
-
-             9-26    RESERVED     Reserved for future use.
-
-             27      RENEWABLE-OK The RENEWABLE-OK option indicates that
-                                  a renewable ticket will be acceptable
-                                  if a ticket with the requested life
-                                  cannot otherwise be provided.  If a
-                                  ticket with the requested life cannot
-                                  be provided, then a renewable ticket
-                                  may be issued with a renew-till equal
-                                  to the the requested endtime.  The
-                                  value of the renew-till field may
-                                  still be limited by local limits, or
-                                  limits selected by the individual
-                                  principal or server.
-
-             28      ENC-TKT-IN-SKEY This option is used only by the
-                                  ticket-granting service.  The ENC-
-                                  TKT-IN-SKEY option indicates that the
-                                  ticket for the end server is to be
-
-
-
-Kohl & Neuman                                                  [Page 53]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                                  encrypted in the session key from the
-                                  additional ticket-granting ticket
-                                  provided.
-
-             29      RESERVED     Reserved for future use.
-
-             30      RENEW        This option is used only by the
-                                  ticket-granting service.  The RENEW
-                                  option indicates that the present
-                                  request is for a renewal.  The ticket
-                                  provided is encrypted in the secret
-                                  key for the server on which it is
-                                  valid.  This option will only be
-                                  honored if the ticket to be renewed
-                                  has its RENEWABLE flag set and if the
-                                  time in its renew till field has not
-                                  passed.  The ticket to be renewed is
-                                  passed in the padata field as part of
-                                  the authentication header.
-
-             31      VALIDATE     This option is used only by the
-                                  ticket-granting service.  The VALIDATE
-                                  option indicates that the request is
-                                  to validate a postdated ticket.  It
-                                  will only be honored if the ticket
-                                  presented is postdated, presently has
-                                  its INVALID flag set, and would be
-                                  otherwise usable at this time.  A
-                                  ticket cannot be validated before its
-                                  starttime.  The ticket presented for
-                                  validation is encrypted in the key of
-                                  the server for which it is valid and
-                                  is passed in the padata field as part
-                                  of the authentication header.
-
-   cname and sname These fields are the same as those described for the
-             ticket in section 5.3.1.  sname may only be absent when the
-             ENC-TKT-IN-SKEY option is specified.  If absent, the name
-             of the server is taken from the name of the client in the
-             ticket passed as additional-tickets.
-
-   enc-authorization-data The enc-authorization-data, if present (and it
-             can only be present in the TGS_REQ form), is an encoding of
-             the desired authorization-data encrypted under the sub-
-             session key if present in the Authenticator, or
-             alternatively from the session key in the ticket-granting
-             ticket, both from the padata field in the KRB_AP_REQ.
-
-
-
-
-Kohl & Neuman                                                  [Page 54]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   realm     This field specifies the realm part of the server's
-             principal identifier. In the AS exchange, this is also the
-             realm part of the client's principal identifier.
-
-   from      This field is included in the KRB_AS_REQ and KRB_TGS_REQ
-             ticket requests when the requested ticket is to be
-             postdated.  It specifies the desired start time for the
-             requested ticket.
-
-   till      This field contains the expiration date requested by the
-             client in a ticket request.
-
-   rtime     This field is the requested renew-till time sent from a
-             client to the KDC in a ticket request.  It is optional.
-
-   nonce     This field is part of the KDC request and response.  It it
-             intended to hold a random number generated by the client.
-             If the same number is included in the encrypted response
-             from the KDC, it provides evidence that the response is
-             fresh and has not been replayed by an attacker.  Nonces
-             must never be re-used.  Ideally, it should be gen erated
-             randomly, but if the correct time is known, it may suffice
-             (Note, however, that if the time is used as the nonce, one
-             must make sure that the workstation time is monotonically
-             increasing.  If the time is ever reset backwards, there is
-             a small, but finite, probability that a nonce will be
-             reused.).
-
-   etype     This field specifies the desired encryption algorithm to be
-             used in the response.
-
-   addresses This field is included in the initial request for tickets,
-             and optionally included in requests for additional tickets
-             from the ticket-granting server.  It specifies the
-             addresses from which the requested ticket is to be valid.
-             Normally it includes the addresses for the client's host.
-             If a proxy is requested, this field will contain other
-             addresses.  The contents of this field are usually copied
-             by the KDC into the caddr field of the resulting ticket.
-
-   additional-tickets Additional tickets may be optionally included in a
-             request to the ticket-granting server.  If the ENC-TKT-IN-
-             SKEY option has been specified, then the session key from
-             the additional ticket will be used in place of the server's
-             key to encrypt the new ticket.  If more than one option
-             which requires additional tickets has been specified, then
-             the additional tickets are used in the order specified by
-             the ordering of the options bits (see kdc-options, above).
-
-
-
-Kohl & Neuman                                                  [Page 55]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   The application code will be either ten (10) or twelve (12) depending
-   on whether the request is for an initial ticket (AS-REQ) or for an
-   additional ticket (TGS-REQ).
-
-   The optional fields (addresses, authorization-data and additional-
-   tickets) are only included if necessary to perform the operation
-   specified in the kdc-options field.
-
-   It should be noted that in KRB_TGS_REQ, the protocol version number
-   appears twice and two different message types appear: the KRB_TGS_REQ
-   message contains these fields as does the authentication header
-   (KRB_AP_REQ) that is passed in the padata field.
-
-5.4.2. KRB_KDC_REP definition
-
-   The KRB_KDC_REP message format is used for the reply from the KDC for
-   either an initial (AS) request or a subsequent (TGS) request.  There
-   is no message type for KRB_KDC_REP.  Instead, the type will be either
-   KRB_AS_REP or KRB_TGS_REP.  The key used to encrypt the ciphertext
-   part of the reply depends on the message type.  For KRB_AS_REP, the
-   ciphertext is encrypted in the client's secret key, and the client's
-   key version number is included in the key version number for the
-   encrypted data.  For KRB_TGS_REP, the ciphertext is encrypted in the
-   sub-session key from the Authenticator, or if absent, the session key
-   from the ticket-granting ticket used in the request.  In that case,
-   no version number will be present in the EncryptedData sequence.
-
-   The KRB_KDC_REP message contains the following fields:
-
-   AS-REP ::=    [APPLICATION 11] KDC-REP
-   TGS-REP ::=   [APPLICATION 13] KDC-REP
-
-   KDC-REP ::=   SEQUENCE {
-                 pvno[0]                    INTEGER,
-                 msg-type[1]                INTEGER,
-                 padata[2]                  SEQUENCE OF PA-DATA OPTIONAL,
-                 crealm[3]                  Realm,
-                 cname[4]                   PrincipalName,
-                 ticket[5]                  Ticket,
-                 enc-part[6]                EncryptedData
-   }
-
-   EncASRepPart ::=    [APPLICATION 25[25]] EncKDCRepPart
-   EncTGSRepPart ::=   [APPLICATION 26] EncKDCRepPart
-
-   EncKDCRepPart ::=   SEQUENCE {
-               key[0]                       EncryptionKey,
-               last-req[1]                  LastReq,
-
-
-
-Kohl & Neuman                                                  [Page 56]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-               nonce[2]                     INTEGER,
-               key-expiration[3]            KerberosTime OPTIONAL,
-               flags[4]                     TicketFlags,
-               authtime[5]                  KerberosTime,
-               starttime[6]                 KerberosTime OPTIONAL,
-               endtime[7]                   KerberosTime,
-               renew-till[8]                KerberosTime OPTIONAL,
-               srealm[9]                    Realm,
-               sname[10]                    PrincipalName,
-               caddr[11]                    HostAddresses OPTIONAL
-   }
-
-   NOTE: In EncASRepPart, the application code in the encrypted
-         part of a message provides an additional check that
-         the message was decrypted properly.
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is either KRB_AS_REP or KRB_TGS_REP.
-
-   padata    This field is described in detail in section 5.4.1.  One
-             possible use for this field is to encode an alternate
-             "mix-in" string to be used with a string-to-key algorithm
-             (such as is described in section 6.3.2). This ability is
-             useful to ease transitions if a realm name needs to change
-             (e.g., when a company is acquired); in such a case all
-             existing password-derived entries in the KDC database would
-             be flagged as needing a special mix-in string until the
-             next password change.
-
-   crealm, cname, srealm and sname These fields are the same as those
-             described for the ticket in section 5.3.1.
-
-   ticket    The newly-issued ticket, from section 5.3.1.
-
-   enc-part  This field is a place holder for the ciphertext and related
-             information that forms the encrypted part of a message.
-             The description of the encrypted part of the message
-             follows each appearance of this field.  The encrypted part
-             is encoded as described in section 6.1.
-
-   key       This field is the same as described for the ticket in
-             section 5.3.1.
-
-   last-req  This field is returned by the KDC and specifies the time(s)
-             of the last request by a principal.  Depending on what
-             information is available, this might be the last time that
-             a request for a ticket-granting ticket was made, or the
-             last time that a request based on a ticket-granting ticket
-
-
-
-Kohl & Neuman                                                  [Page 57]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             was successful.  It also might cover all servers for a
-             realm, or just the particular server. Some implementations
-             may display this information to the user to aid in
-             discovering unauthorized use of one's identity.  It is
-             similar in spirit to the last login time displayed when
-             logging into timesharing systems.
-
-   nonce     This field is described above in section 5.4.1.
-
-   key-expiration The key-expiration field is part of the response from
-             the KDC and specifies the time that the client's secret key
-             is due to expire.  The expiration might be the result of
-             password aging or an account expiration.  This field will
-             usually be left out of the TGS reply since the response to
-             the TGS request is encrypted in a session key and no client
-             information need be retrieved from the KDC database.  It is
-             up to the application client (usually the login program) to
-             take appropriate action (such as notifying the user) if the
-             expira    tion time is imminent.
-
-   flags, authtime, starttime, endtime, renew-till and caddr These
-             fields are duplicates of those found in the encrypted
-             portion of the attached ticket (see section 5.3.1),
-             provided so the client may verify they match the intended
-             request and to assist in proper ticket caching.  If the
-             message is of type KRB_TGS_REP, the caddr field will only
-             be filled in if the request was for a proxy or forwarded
-             ticket, or if the user is substituting a subset of the
-             addresses from the ticket granting ticket.  If the client-
-             requested addresses are not present or not used, then the
-             addresses contained in the ticket will be the same as those
-             included in the ticket-granting ticket.
-
-5.5.  Client/Server (CS) message specifications
-
-   This section specifies the format of the messages used for the
-   authentication of the client to the application server.
-
-5.5.1. KRB_AP_REQ definition
-
-   The KRB_AP_REQ message contains the Kerberos protocol version number,
-   the message type KRB_AP_REQ, an options field to indicate any options
-   in use, and the ticket and authenticator themselves.  The KRB_AP_REQ
-   message is often referred to as the "authentication header".
-
-   AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-                   pvno[0]                       INTEGER,
-                   msg-type[1]                   INTEGER,
-
-
-
-Kohl & Neuman                                                  [Page 58]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                   ap-options[2]                 APOptions,
-                   ticket[3]                     Ticket,
-                   authenticator[4]              EncryptedData
-   }
-
-   APOptions ::=   BIT STRING {
-                   reserved(0),
-                   use-session-key(1),
-                   mutual-required(2)
-   }
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is KRB_AP_REQ.
-
-   ap-options This field appears in the application request (KRB_AP_REQ)
-             and affects the way the request is processed.  It is a
-             bit-field, where the selected options are indicated by the
-             bit being set (1), and the unselected options and reserved
-             fields being reset (0).  The encoding of the bits is
-             specified in section 5.2.  The meanings of the options are:
-
-             Bit(s)  Name           Description
-
-             0       RESERVED       Reserved for future expansion of
-                                  this field.
-
-             1       USE-SESSION-KEYThe USE-SESSION-KEY option indicates
-                                  that the ticket the client is
-                                  presenting to a server is encrypted in
-                                  the session key from the server's
-                                  ticket-granting ticket. When this
-                                  option is not specified, the ticket is
-                                  encrypted in the server's secret key.
-
-             2       MUTUAL-REQUIREDThe MUTUAL-REQUIRED option tells the
-                                  server that the client requires mutual
-                                  authentication, and that it must
-                                  respond with a KRB_AP_REP message.
-
-             3-31    RESERVED       Reserved for future use.
-
-   ticket    This field is a ticket authenticating the client to the
-             server.
-
-   authenticator This contains the authenticator, which includes the
-             client's choice of a subkey.  Its encoding is described in
-             section 5.3.2.
-
-
-
-
-Kohl & Neuman                                                  [Page 59]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-5.5.2.  KRB_AP_REP definition
-
-   The KRB_AP_REP message contains the Kerberos protocol version number,
-   the message type, and an encrypted timestamp. The message is sent in
-   in response to an application request (KRB_AP_REQ) where the mutual
-   authentication option has been selected in the ap-options field.
-
-   AP-REP ::=         [APPLICATION 15] SEQUENCE {
-              pvno[0]                   INTEGER,
-              msg-type[1]               INTEGER,
-              enc-part[2]               EncryptedData
-   }
-
-   EncAPRepPart ::=   [APPLICATION 27]     SEQUENCE {
-              ctime[0]                  KerberosTime,
-              cusec[1]                  INTEGER,
-              subkey[2]                 EncryptionKey OPTIONAL,
-              seq-number[3]             INTEGER OPTIONAL
-   }
-
-   NOTE: in EncAPRepPart, the application code in the encrypted part of
-   a message provides an additional check that the message was decrypted
-   properly.
-
-   The encoded EncAPRepPart is encrypted in the shared session key of
-   the ticket.  The optional subkey field can be used in an
-   application-arranged negotiation to choose a per association session
-   key.
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is KRB_AP_REP.
-
-   enc-part  This field is described above in section 5.4.2.
-
-   ctime     This field contains the current time on the client's host.
-
-   cusec     This field contains the microsecond part of the client's
-             timestamp.
-
-   subkey    This field contains an encryption key which is to be used
-             to protect this specific application session.  See section
-             3.2.6 for specifics on how this field is used to negotiate
-             a key.  Unless an application specifies otherwise, if this
-             field is left out, the sub-session key from the
-             authenticator, or if also left out, the session key from
-             the ticket will be used.
-
-
-
-
-
-Kohl & Neuman                                                  [Page 60]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-5.5.3. Error message reply
-
-   If an error occurs while processing the application request, the
-   KRB_ERROR message will be sent in response.  See section 5.9.1 for
-   the format of the error message.  The cname and crealm fields may be
-   left out if the server cannot determine their appropriate values from
-   the corresponding KRB_AP_REQ message.  If the authenticator was
-   decipherable, the ctime and cusec fields will contain the values from
-   it.
-
-5.6.  KRB_SAFE message specification
-
-   This section specifies the format of a message that can be used by
-   either side (client or server) of an application to send a tamper-
-   proof message to its peer. It presumes that a session key has
-   previously been exchanged (for example, by using the
-   KRB_AP_REQ/KRB_AP_REP messages).
-
-5.6.1. KRB_SAFE definition
-
-   The KRB_SAFE message contains user data along with a collision-proof
-   checksum keyed with the session key.  The message fields are:
-
-   KRB-SAFE ::=        [APPLICATION 20] SEQUENCE {
-               pvno[0]               INTEGER,
-               msg-type[1]           INTEGER,
-               safe-body[2]          KRB-SAFE-BODY,
-               cksum[3]              Checksum
-   }
-
-   KRB-SAFE-BODY ::=   SEQUENCE {
-               user-data[0]          OCTET STRING,
-               timestamp[1]          KerberosTime OPTIONAL,
-               usec[2]               INTEGER OPTIONAL,
-               seq-number[3]         INTEGER OPTIONAL,
-               s-address[4]          HostAddress,
-               r-address[5]          HostAddress OPTIONAL
-   }
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is KRB_SAFE.
-
-   safe-body This field is a placeholder for the body of the KRB-SAFE
-             message.  It is to be encoded separately and then have the
-             checksum computed over it, for use in the cksum field.
-
-   cksum     This field contains the checksum of the application data.
-             Checksum details are described in section 6.4.  The
-
-
-
-Kohl & Neuman                                                  [Page 61]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             checksum is computed over the encoding of the KRB-SAFE-BODY
-             sequence.
-
-   user-data This field is part of the KRB_SAFE and KRB_PRIV messages
-             and contain the application specific data that is being
-             passed from the sender to the recipient.
-
-   timestamp This field is part of the KRB_SAFE and KRB_PRIV messages.
-             Its contents are the current time as known by the sender of
-             the message. By checking the timestamp, the recipient of
-             the message is able to make sure that it was recently
-             generated, and is not a replay.
-
-   usec      This field is part of the KRB_SAFE and KRB_PRIV headers.
-             It contains the microsecond part of the timestamp.
-
-   seq-number This field is described above in section 5.3.2.
-
-   s-address This field specifies the address in use by the sender of
-             the message.
-
-   r-address This field specifies the address in use by the recipient of
-             the message.  It may be omitted for some uses (such as
-             broadcast protocols), but the recipient may arbitrarily
-             reject such messages.  This field along with s-address can
-             be used to help detect messages which have been incorrectly
-             or maliciously delivered to the wrong recipient.
-
-5.7.  KRB_PRIV message specification
-
-   This section specifies the format of a message that can be used by
-   either side (client or server) of an application to securely and
-   privately send a message to its peer.  It presumes that a session key
-   has previously been exchanged (for example, by using the
-   KRB_AP_REQ/KRB_AP_REP messages).
-
-5.7.1. KRB_PRIV definition
-
-   The KRB_PRIV message contains user data encrypted in the Session Key.
-   The message fields are:
-
-   KRB-PRIV ::=         [APPLICATION 21] SEQUENCE {
-                pvno[0]                   INTEGER,
-                msg-type[1]               INTEGER,
-                enc-part[3]               EncryptedData
-   }
-
-
-
-
-
-Kohl & Neuman                                                  [Page 62]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   EncKrbPrivPart ::=   [APPLICATION 28] SEQUENCE {
-                user-data[0]              OCTET STRING,
-                timestamp[1]              KerberosTime OPTIONAL,
-                usec[2]                   INTEGER OPTIONAL,
-                seq-number[3]             INTEGER OPTIONAL,
-                s-address[4]              HostAddress, -- sender's addr
-                r-address[5]              HostAddress OPTIONAL
-                                                      -- recip's addr
-   }
-
-   NOTE: In EncKrbPrivPart, the application code in the encrypted part
-   of a message provides an additional check that the message was
-   decrypted properly.
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is KRB_PRIV.
-
-   enc-part  This field holds an encoding of the EncKrbPrivPart sequence
-             encrypted under the session key (If supported by the
-             encryption method in use, an initialization vector may be
-             passed to the encryption procedure, in order to achieve
-             proper cipher chaining.  The initialization vector might
-             come from the last block of the ciphertext from the
-             previous KRB_PRIV message, but it is the application's
-             choice whether or not to use such an initialization vector.
-             If left out, the default initialization vector for the
-             encryption algorithm will be used.).  This encrypted
-             encoding is used for the enc-part field of the KRB-PRIV
-             message.  See section 6 for the format of the ciphertext.
-
-   user-data, timestamp, usec, s-address and r-address These fields are
-             described above in section 5.6.1.
-
-   seq-number This field is described above in section 5.3.2.
-
-5.8.  KRB_CRED message specification
-
-   This section specifies the format of a message that can be used to
-   send Kerberos credentials from one principal to another.  It is
-   presented here to encourage a common mechanism to be used by
-   applications when forwarding tickets or providing proxies to
-   subordinate servers.  It presumes that a session key has already been
-   exchanged perhaps by using the KRB_AP_REQ/KRB_AP_REP messages.
-
-5.8.1. KRB_CRED definition
-
-   The KRB_CRED message contains a sequence of tickets to be sent and
-   information needed to use the tickets, including the session key from
-
-
-
-Kohl & Neuman                                                  [Page 63]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   each.  The information needed to use the tickets is encryped under an
-   encryption key previously exchanged.  The message fields are:
-
-   KRB-CRED         ::= [APPLICATION 22]   SEQUENCE {
-                    pvno[0]                INTEGER,
-                    msg-type[1]            INTEGER, -- KRB_CRED
-                    tickets[2]             SEQUENCE OF Ticket,
-                    enc-part[3]            EncryptedData
-   }
-
-   EncKrbCredPart   ::= [APPLICATION 29]   SEQUENCE {
-                    ticket-info[0]         SEQUENCE OF KrbCredInfo,
-                    nonce[1]               INTEGER OPTIONAL,
-                    timestamp[2]           KerberosTime OPTIONAL,
-                    usec[3]                INTEGER OPTIONAL,
-                    s-address[4]           HostAddress OPTIONAL,
-                    r-address[5]           HostAddress OPTIONAL
-   }
-
-   KrbCredInfo      ::=                    SEQUENCE {
-                    key[0]                 EncryptionKey,
-                    prealm[1]              Realm OPTIONAL,
-                    pname[2]               PrincipalName OPTIONAL,
-                    flags[3]               TicketFlags OPTIONAL,
-                    authtime[4]            KerberosTime OPTIONAL,
-                    starttime[5]           KerberosTime OPTIONAL,
-                    endtime[6]             KerberosTime OPTIONAL
-                    renew-till[7]          KerberosTime OPTIONAL,
-                    srealm[8]              Realm OPTIONAL,
-                    sname[9]               PrincipalName OPTIONAL,
-                    caddr[10]              HostAddresses OPTIONAL
-   }
-
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is KRB_CRED.
-
-   tickets
-               These are the tickets obtained from the KDC specifically
-             for use by the intended recipient.  Successive tickets are
-             paired with the corresponding KrbCredInfo sequence from the
-             enc-part of the KRB-CRED message.
-
-   enc-part  This field holds an encoding of the EncKrbCredPart sequence
-             encrypted under the session key shared between the sender
-             and the intended recipient.  This encrypted encoding is
-             used for the enc-part field of the KRB-CRED message.  See
-             section 6 for the format of the ciphertext.
-
-
-
-Kohl & Neuman                                                  [Page 64]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   nonce     If practical, an application may require the inclusion of a
-             nonce generated by the recipient of the message. If the
-             same value is included as the nonce in the message, it
-             provides evidence that the message is fresh and has not
-             been replayed by an attacker.  A nonce must never be re-
-             used; it should be generated randomly by the recipient of
-             the message and provided to the sender of the mes  sage in
-             an application specific manner.
-
-   timestamp and usec These fields specify the time that the KRB-CRED
-             message was generated.  The time is used to provide
-             assurance that the message is fresh.
-
-   s-address and r-address These fields are described above in section
-             5.6.1.  They are used optionally to provide additional
-             assurance of the integrity of the KRB-CRED message.
-
-   key       This field exists in the corresponding ticket passed by the
-             KRB-CRED message and is used to pass the session key from
-             the sender to the intended recipient.  The field's encoding
-             is described in section 6.2.
-
-   The following fields are optional.   If present, they can be
-   associated with the credentials in the remote ticket file.  If left
-   out, then it is assumed that the recipient of the credentials already
-   knows their value.
-
-   prealm and pname The name and realm of the delegated principal
-             identity.
-
-   flags, authtime,  starttime,  endtime, renew-till,  srealm, sname,
-             and caddr These fields contain the values of the
-             corresponding fields from the ticket found in the ticket
-             field.  Descriptions of the fields are identical to the
-             descriptions in the KDC-REP message.
-
-5.9.  Error message specification
-
-   This section specifies the format for the KRB_ERROR message.  The
-   fields included in the message are intended to return as much
-   information as possible about an error.  It is not expected that all
-   the information required by the fields will be available for all
-   types of errors.  If the appropriate information is not available
-   when the message is composed, the corresponding field will be left
-   out of the message.
-
-   Note that since the KRB_ERROR message is not protected by any
-   encryption, it is quite possible for an intruder to synthesize or
-
-
-
-Kohl & Neuman                                                  [Page 65]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   modify such a message.  In particular, this means that the client
-   should not use any fields in this message for security-critical
-   purposes, such as setting a system clock or generating a fresh
-   authenticator.  The message can be useful, however, for advising a
-   user on the reason for some failure.
-
-5.9.1. KRB_ERROR definition
-
-   The KRB_ERROR message consists of the following fields:
-
-   KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-                   pvno[0]               INTEGER,
-                   msg-type[1]           INTEGER,
-                   ctime[2]              KerberosTime OPTIONAL,
-                   cusec[3]              INTEGER OPTIONAL,
-                   stime[4]              KerberosTime,
-                   susec[5]              INTEGER,
-                   error-code[6]         INTEGER,
-                   crealm[7]             Realm OPTIONAL,
-                   cname[8]              PrincipalName OPTIONAL,
-                   realm[9]              Realm, -- Correct realm
-                   sname[10]             PrincipalName, -- Correct name
-                   e-text[11]            GeneralString OPTIONAL,
-                   e-data[12]            OCTET STRING OPTIONAL
-   }
-
-   pvno and msg-type These fields are described above in section 5.4.1.
-             msg-type is KRB_ERROR.
-
-   ctime     This field is described above in section 5.4.1.
-
-   cusec     This field is described above in section 5.5.2.
-
-   stime     This field contains the current time on the server.  It is
-             of type KerberosTime.
-
-   susec     This field contains the microsecond part of the server's
-             timestamp.  Its value ranges from 0 to 999. It appears
-             along with stime. The two fields are used in conjunction to
-             specify a reasonably accurate timestamp.
-
-   error-code This field contains the error code returned by Kerberos or
-             the server when a request fails.  To interpret the value of
-             this field see the list of error codes in section 8.
-             Implementations are encouraged to provide for national
-             language support in the display of error messages.
-
-   crealm, cname, srealm and sname These fields are described above in
-
-
-
-Kohl & Neuman                                                  [Page 66]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-             section 5.3.1.
-
-   e-text    This field contains additional text to help explain the
-             error code associated with the failed request (for example,
-             it might include a principal name which was unknown).
-
-   e-data    This field contains additional data about the error for use
-             by the application to help it recover from or handle the
-             error.  If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then
-             the e-data field will contain an encoding of a sequence of
-             padata fields, each corresponding to an acceptable pre-
-             authentication method and optionally containing data for
-             the method:
-
-      METHOD-DATA ::=    SEQUENCE of PA-DATA
-
-   If the error-code is KRB_AP_ERR_METHOD, then the e-data field will
-   contain an encoding of the following sequence:
-
-      METHOD-DATA ::=    SEQUENCE {
-                         method-type[0]   INTEGER,
-                         method-data[1]   OCTET STRING OPTIONAL
-       }
-
-   method-type will indicate the required alternate method; method-data
-   will contain any required additional information.
-
-6.  Encryption and Checksum Specifications
-
-   The Kerberos protocols described in this document are designed to use
-   stream encryption ciphers, which can be simulated using commonly
-   available block encryption ciphers, such as the Data Encryption
-   Standard [11], in conjunction with block chaining and checksum
-   methods [12].  Encryption is used to prove the identities of the
-   network entities participating in message exchanges.  The Key
-   Distribution Center for each realm is trusted by all principals
-   registered in that realm to store a secret key in confidence.  Proof
-   of knowledge of this secret key is used to verify the authenticity of
-   a principal.
-
-   The KDC uses the principal's secret key (in the AS exchange) or a
-   shared session key (in the TGS exchange) to encrypt responses to
-   ticket requests; the ability to obtain the secret key or session key
-   implies the knowledge of the appropriate keys and the identity of the
-   KDC. The ability of a principal to decrypt the KDC response and
-   present a Ticket and a properly formed Authenticator (generated with
-   the session key from the KDC response) to a service verifies the
-   identity of the principal; likewise the ability of the service to
-
-
-
-Kohl & Neuman                                                  [Page 67]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   extract the session key from the Ticket and prove its knowledge
-   thereof in a response verifies the identity of the service.
-
-   The Kerberos protocols generally assume that the encryption used is
-   secure from cryptanalysis; however, in some cases, the order of
-   fields in the encrypted portions of messages are arranged to minimize
-   the effects of poorly chosen keys.  It is still important to choose
-   good keys.  If keys are derived from user-typed passwords, those
-   passwords need to be well chosen to make brute force attacks more
-   difficult.  Poorly chosen keys still make easy targets for intruders.
-
-   The following sections specify the encryption and checksum mechanisms
-   currently defined for Kerberos.  The encodings, chaining, and padding
-   requirements for each are described.  For encryption methods, it is
-   often desirable to place random information (often referred to as a
-   confounder) at the start of the message.  The requirements for a
-   confounder are specified with each encryption mechanism.
-
-   Some encryption systems use a block-chaining method to improve the
-   the security characteristics of the ciphertext.  However, these
-   chaining methods often don't provide an integrity check upon
-   decryption.  Such systems (such as DES in CBC mode) must be augmented
-   with a checksum of the plaintext which can be verified at decryption
-   and used to detect any tampering or damage.  Such checksums should be
-   good at detecting burst errors in the input.  If any damage is
-   detected, the decryption routine is expected to return an error
-   indicating the failure of an integrity check. Each encryption type is
-   expected to provide and verify an appropriate checksum. The
-   specification of each encryption method sets out its checksum
-   requirements.
-
-   Finally, where a key is to be derived from a user's password, an
-   algorithm for converting the password to a key of the appropriate
-   type is included.  It is desirable for the string to key function to
-   be one-way, and for the mapping to be different in different realms.
-   This is important because users who are registered in more than one
-   realm will often use the same password in each, and it is desirable
-   that an attacker compromising the Kerberos server in one realm not
-   obtain or derive the user's key in another.
-
-   For a discussion of the integrity characteristics of the candidate
-   encryption and checksum methods considered for Kerberos, the the
-   reader is referred to [13].
-
-6.1.  Encryption Specifications
-
-   The following ASN.1 definition describes all encrypted messages.  The
-   enc-part field which appears in the unencrypted part of messages in
-
-
-
-Kohl & Neuman                                                  [Page 68]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   section 5 is a sequence consisting of an encryption type, an optional
-   key version number, and the ciphertext.
-
-   EncryptedData ::=   SEQUENCE {
-                       etype[0]     INTEGER, -- EncryptionType
-                       kvno[1]      INTEGER OPTIONAL,
-                       cipher[2]    OCTET STRING -- ciphertext
-   }
-
-   etype     This field identifies which encryption algorithm was used
-             to encipher the cipher.  Detailed specifications for
-             selected encryption types appear later in this section.
-
-   kvno      This field contains the version number of the key under
-             which data is encrypted.  It is only present in messages
-             encrypted under long lasting keys, such as principals'
-             secret keys.
-
-   cipher    This field contains the enciphered text, encoded as an
-             OCTET STRING.
-
-   The cipher field is generated by applying the specified encryption
-   algorithm to data composed of the message and algorithm-specific
-   inputs.  Encryption mechanisms defined for use with Kerberos must
-   take sufficient measures to guarantee the integrity of the plaintext,
-   and we recommend they also take measures to protect against
-   precomputed dictionary attacks.  If the encryption algorithm is not
-   itself capable of doing so, the protections can often be enhanced by
-   adding a checksum and a confounder.
-
-   The suggested format for the data to be encrypted includes a
-   confounder, a checksum, the encoded plaintext, and any necessary
-   padding.  The msg-seq field contains the part of the protocol message
-   described in section 5 which is to be encrypted.  The confounder,
-   checksum, and padding are all untagged and untyped, and their length
-   is exactly sufficient to hold the appropriate item.  The type and
-   length is implicit and specified by the particular encryption type
-   being used (etype).  The format for the data to be encrypted is
-   described in the following diagram:
-
-         +-----------+----------+-------------+-----+
-         |confounder |   check  |   msg-seq   | pad |
-         +-----------+----------+-------------+-----+
-
-   The format cannot be described in ASN.1, but for those who prefer an
-   ASN.1-like notation:
-
-
-
-
-
-Kohl & Neuman                                                  [Page 69]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-CipherText ::=   ENCRYPTED       SEQUENCE {
-         confounder[0]   UNTAGGED OCTET STRING(conf_length)     OPTIONAL,
-         check[1]        UNTAGGED OCTET STRING(checksum_length) OPTIONAL,
-         msg-seq[2]      MsgSequence,
-         pad             UNTAGGED OCTET STRING(pad_length) OPTIONAL
-}
-
-   In the above specification, UNTAGGED OCTET STRING(length) is the
-   notation for an octet string with its tag and length removed.  It is
-   not a valid ASN.1 type.  The tag bits and length must be removed from
-   the confounder since the purpose of the confounder is so that the
-   message starts with random data, but the tag and its length are
-   fixed.  For other fields, the length and tag would be redundant if
-   they were included because they are specified by the encryption type.
-
-   One generates a random confounder of the appropriate length, placing
-   it in confounder; zeroes out check; calculates the appropriate
-   checksum over confounder, check, and msg-seq, placing the result in
-   check; adds the necessary padding; then encrypts using the specified
-   encryption type and the appropriate key.
-
-   Unless otherwise specified, a definition of an encryption algorithm
-   that specifies a checksum, a length for the confounder field, or an
-   octet boundary for padding uses this ciphertext format (The ordering
-   of the fields in the CipherText is important.  Additionally, messages
-   encoded in this format must include a length as part of the msg-seq
-   field.  This allows the recipient to verify that the message has not
-   been truncated.  Without a length, an attacker could use a chosen
-   plaintext attack to generate a message which could be truncated,
-   while leaving the checksum intact.  Note that if the msg-seq is an
-   encoding of an ASN.1 SEQUENCE or OCTET STRING, then the length is
-   part of that encoding.). Those fields which are not specified will be
-   omitted.
-
-   In the interest of allowing all implementations using a particular
-   encryption type to communicate with all others using that type, the
-   specification of an encryption type defines any checksum that is
-   needed as part of the encryption process.  If an alternative checksum
-   is to be used, a new encryption type must be defined.
-
-   Some cryptosystems require additional information beyond the key and
-   the data to be encrypted. For example, DES, when used in cipher-
-   block-chaining mode, requires an initialization vector.  If required,
-   the description for each encryption type must specify the source of
-   such additional information.
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 70]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-6.2.  Encryption Keys
-
-   The sequence below shows the encoding of an encryption key:
-
-          EncryptionKey ::=   SEQUENCE {
-                              keytype[0]    INTEGER,
-                              keyvalue[1]   OCTET STRING
-          }
-
-   keytype   This field specifies the type of encryption key that
-             follows in the keyvalue field.  It will almost always
-             correspond to the encryption algorithm used to generate the
-             EncryptedData, though more than one algorithm may use the
-             same type of key (the mapping is many to one).  This might
-             happen, for example, if the encryption algorithm uses an
-             alternate checksum algorithm for an integrity check, or a
-             different chaining mechanism.
-
-   keyvalue  This field contains the key itself, encoded as an octet
-             string.
-
-   All negative values for the  encryption key type are reserved for
-   local use.  All non-negative values are reserved for officially
-   assigned type fields and interpretations.
-
-6.3.  Encryption Systems
-
-6.3.1. The NULL Encryption System (null)
-
-   If no encryption is in use, the encryption system is said to be the
-   NULL encryption system.  In the NULL encryption system there is no
-   checksum, confounder or padding.  The ciphertext is simply the
-   plaintext.  The NULL Key is used by the null encryption system and is
-   zero octets in length, with keytype zero (0).
-
-6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc)
-
-   The des-cbc-crc encryption mode encrypts information under the Data
-   Encryption Standard [11] using the cipher block chaining mode [12].
-   A CRC-32 checksum (described in ISO 3309 [14]) is applied to the
-   confounder and message sequence (msg-seq) and placed in the cksum
-   field.  DES blocks are 8 bytes.  As a result, the data to be
-   encrypted (the concatenation of confounder, checksum, and message)
-   must be padded to an 8 byte boundary before encryption.  The details
-   of the encryption of this data are identical to those for the des-
-   cbc-md5 encryption mode.
-
-   Note that, since the CRC-32 checksum is not collisionproof, an
-
-
-
-Kohl & Neuman                                                  [Page 71]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   attacker could use a probabilistic chosenplaintext attack to generate
-   a valid message even if a confounder is used [13]. The use of
-   collision-proof checksums is recommended for environments where such
-   attacks represent a significant threat.  The use of the CRC-32 as the
-   checksum for ticket or authenticator is no longer mandated as an
-   interoperability requirement for Kerberos Version 5 Specification 1
-   (See section 9.1 for specific details).
-
-6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4)
-
-   The des-cbc-md4 encryption mode encrypts information under the Data
-   Encryption Standard [11] using the cipher block chaining mode [12].
-   An MD4 checksum (described in [15]) is applied to the confounder and
-   message sequence (msg-seq) and placed in the cksum field.  DES blocks
-   are 8 bytes.  As a result, the data to be encrypted (the
-   concatenation of confounder, checksum, and message) must be padded to
-   an 8 byte boundary before encryption.  The details of the encryption
-   of this data are identical to those for the descbc-md5 encryption
-   mode.
-
-6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5)
-
-   The des-cbc-md5 encryption mode encrypts information under the Data
-   Encryption Standard [11] using the cipher block chaining mode [12].
-   An MD5 checksum (described in [16]) is applied to the confounder and
-   message sequence (msg-seq) and placed in the cksum field.  DES blocks
-   are 8 bytes.  As a result, the data to be encrypted (the
-   concatenation of confounder, checksum, and message) must be padded to
-   an 8 byte boundary before encryption.
-
-   Plaintext and DES ciphtertext are encoded as 8-octet blocks which are
-   concatenated to make the 64-bit inputs for the DES algorithms.  The
-   first octet supplies the 8 most significant bits (with the octet's
-   MSbit used as the DES input block's MSbit, etc.), the second octet
-   the next 8 bits, ..., and the eighth octet supplies the 8 least
-   significant bits.
-
-   Encryption under DES using cipher block chaining requires an
-   additional input in the form of an initialization vector.  Unless
-   otherwise specified, zero should be used as the initialization
-   vector.  Kerberos' use of DES requires an 8-octet confounder.
-
-   The DES specifications identify some "weak" and "semiweak" keys;
-   those keys shall not be used for encrypting messages for use in
-   Kerberos.  Additionally, because of the way that keys are derived for
-   the encryption of checksums, keys shall not be used that yield "weak"
-   or "semi-weak" keys when eXclusive-ORed with the constant
-   F0F0F0F0F0F0F0F0.
-
-
-
-Kohl & Neuman                                                  [Page 72]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   A DES key is 8 octets of data, with keytype one (1).  This consists
-   of 56 bits of key, and 8 parity bits (one per octet).  The key is
-   encoded as a series of 8 octets written in MSB-first order. The bits
-   within the key are also encoded in MSB order.  For example, if the
-   encryption key is:
-   (B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where
-   B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the
-   parity bits, the first octet of the key would be B1,B2,...,B7,P1
-   (with B1 as the MSbit).  [See the FIPS 81 introduction for
-   reference.]
-
-   To generate a DES key from a text string (password), the text string
-   normally must have the realm and each component of the principal's
-   name appended(In some cases, it may be necessary to use a different
-   "mix-in" string for compatibility reasons; see the discussion of
-   padata in section 5.4.2.), then padded with ASCII nulls to an 8 byte
-   boundary.  This string is then fan-folded and eXclusive-ORed with
-   itself to form an 8 byte DES key.  The parity is corrected on the
-   key, and it is used to generate a DES CBC checksum on the initial
-   string (with the realm and name appended).  Next, parity is corrected
-   on the CBC checksum.  If the result matches a "weak" or "semiweak"
-   key as described in the DES specification, it is eXclusive-ORed with
-   the constant 00000000000000F0.  Finally, the result is returned as
-   the key.  Pseudocode follows:
-
-        string_to_key(string,realm,name) {
-             odd = 1;
-             s = string + realm;
-             for(each component in name) {
-                  s = s + component;
-             }
-             tempkey = NULL;
-             pad(s); /* with nulls to 8 byte boundary */
-             for(8byteblock in s) {
-                  if(odd == 0)  {
-                      odd = 1;
-                      reverse(8byteblock)
-                  }
-                  else odd = 0;
-                  tempkey = tempkey XOR 8byteblock;
-             }
-             fixparity(tempkey);
-             key = DES-CBC-check(s,tempkey);
-             fixparity(key);
-             if(is_weak_key_key(key))
-                  key = key XOR 0xF0;
-             return(key);
-        }
-
-
-
-Kohl & Neuman                                                  [Page 73]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-6.4.  Checksums
-
-   The following is the ASN.1 definition used for a checksum:
-
-            Checksum ::=   SEQUENCE {
-                           cksumtype[0]   INTEGER,
-                           checksum[1]    OCTET STRING
-            }
-
-   cksumtype This field indicates the algorithm used to generate the
-             accompanying checksum.
-
-   checksum  This field contains the checksum itself, encoded
-             as an octet string.
-
-   Detailed specification of selected checksum types appear later in
-   this section.  Negative values for the checksum type are reserved for
-   local use.  All non-negative values are reserved for officially
-   assigned type fields and interpretations.
-
-   Checksums used by Kerberos can be classified by two properties:
-   whether they are collision-proof, and whether they are keyed.  It is
-   infeasible to find two plaintexts which generate the same checksum
-   value for a collision-proof checksum.  A key is required to perturb
-   or initialize the algorithm in a keyed checksum.  To prevent
-   message-stream modification by an active attacker, unkeyed checksums
-   should only be used when the checksum and message will be
-   subsequently encrypted (e.g., the checksums defined as part of the
-   encryption algorithms covered earlier in this section).  Collision-
-   proof checksums can be made tamper-proof as well if the checksum
-   value is encrypted before inclusion in a message.  In such cases, the
-   composition of the checksum and the encryption algorithm must be
-   considered a separate checksum algorithm (e.g., RSA-MD5 encrypted
-   using DES is a new checksum algorithm of type RSA-MD5-DES).  For most
-   keyed checksums, as well as for the encrypted forms of collisionproof
-   checksums, Kerberos prepends a confounder before the checksum is
-   calculated.
-
-6.4.1. The CRC-32 Checksum (crc32)
-
-   The CRC-32 checksum calculates a checksum based on a cyclic
-   redundancy check as described in ISO 3309 [14].  The resulting
-   checksum is four (4) octets in length.  The CRC-32 is neither keyed
-   nor collision-proof.  The use of this checksum is not recommended.
-   An attacker using a probabilistic chosen-plaintext attack as
-   described in [13] might be able to generate an alternative message
-   that satisfies the checksum.  The use of collision-proof checksums is
-   recommended for environments where such attacks represent a
-
-
-
-Kohl & Neuman                                                  [Page 74]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   significant threat.
-
-6.4.2. The RSA MD4 Checksum (rsa-md4)
-
-   The RSA-MD4 checksum calculates a checksum using the RSA MD4
-   algorithm [15].  The algorithm takes as input an input message of
-   arbitrary length and produces as output a 128-bit (16 octet)
-   checksum.  RSA-MD4 is believed to be collision-proof.
-
-6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4des)
-
-   The RSA-MD4-DES checksum calculates a keyed collisionproof checksum
-   by prepending an 8 octet confounder before the text, applying the RSA
-   MD4 checksum algorithm, and encrypting the confounder and the
-   checksum using DES in cipher-block-chaining (CBC) mode using a
-   variant of the key, where the variant is computed by eXclusive-ORing
-   the key with the constant F0F0F0F0F0F0F0F0 (A variant of the key is
-   used to limit the use of a key to a particular function, separating
-   the functions of generating a checksum from other encryption
-   performed using the session key.  The constant F0F0F0F0F0F0F0F0 was
-   chosen because it maintains key parity.  The properties of DES
-   precluded the use of the complement.  The same constant is used for
-   similar purpose in the Message Integrity Check in the Privacy
-   Enhanced Mail standard.).  The initialization vector should be zero.
-   The resulting checksum is 24 octets long (8 octets of which are
-   redundant).  This checksum is tamper-proof and believed to be
-   collision-proof.
-
-   The DES specifications identify some "weak keys"; those keys shall
-   not be used for generating RSA-MD4 checksums for use in Kerberos.
-
-   The format for the checksum is described in the following diagram:
-
-      +--+--+--+--+--+--+--+--
-      |  des-cbc(confounder
-      +--+--+--+--+--+--+--+--
-
-                    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-                        rsa-md4(confounder+msg),key=var(key),iv=0)  |
-                    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-   The format cannot be described in ASN.1, but for those who prefer an
-   ASN.1-like notation:
-
-   rsa-md4-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                              confounder[0]   UNTAGGED OCTET STRING(8),
-                              check[1]        UNTAGGED OCTET STRING(16)
-   }
-
-
-
-Kohl & Neuman                                                  [Page 75]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-6.4.4. The RSA MD5 Checksum (rsa-md5)
-
-   The RSA-MD5 checksum calculates a checksum using the RSA MD5
-   algorithm [16].  The algorithm takes as input an input message of
-   arbitrary length and produces as output a 128-bit (16 octet)
-   checksum.  RSA-MD5 is believed to be collision-proof.
-
-6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des)
-
-   The RSA-MD5-DES checksum calculates a keyed collisionproof checksum
-   by prepending an 8 octet confounder before the text, applying the RSA
-   MD5 checksum algorithm, and encrypting the confounder and the
-   checksum using DES in cipher-block-chaining (CBC) mode using a
-   variant of the key, where the variant is computed by eXclusive-ORing
-   the key with the constant F0F0F0F0F0F0F0F0.  The initialization
-   vector should be zero.  The resulting checksum is 24 octets long (8
-   octets of which are redundant).  This checksum is tamper-proof and
-   believed to be collision-proof.
-
-   The DES specifications identify some "weak keys"; those keys shall
-   not be used for encrypting RSA-MD5 checksums for use in Kerberos.
-
-   The format for the checksum is described in the following diagram:
-
-      +--+--+--+--+--+--+--+--
-      |  des-cbc(confounder
-      +--+--+--+--+--+--+--+--
-
-                     +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-                         rsa-md5(confounder+msg),key=var(key),iv=0)  |
-                     +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-   The format cannot be described in ASN.1, but for those who prefer an
-   ASN.1-like notation:
-
-   rsa-md5-des-checksum ::=   ENCRYPTED       UNTAGGED SEQUENCE {
-                              confounder[0]   UNTAGGED OCTET STRING(8),
-                              check[1]        UNTAGGED OCTET STRING(16)
-   }
-
-6.4.6. DES cipher-block chained checksum (des-mac)
-
-   The DES-MAC checksum is computed by prepending an 8 octet confounder
-   to the plaintext, performing a DES CBC-mode encryption on the result
-   using the key and an initialization vector of zero, taking the last
-   block of the ciphertext, prepending the same confounder and
-   encrypting the pair using DES in cipher-block-chaining (CBC) mode
-   using a a variant of the key, where the variant is computed by
-
-
-
-Kohl & Neuman                                                  [Page 76]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   eXclusive-ORing the key with the constant F0F0F0F0F0F0F0F0.  The
-   initialization vector should be zero.  The resulting checksum is 128
-   bits (16 octets) long, 64 bits of which are redundant. This checksum
-   is tamper-proof and collision-proof.
-
-   The format for the checksum is described in the following diagram:
-
-      +--+--+--+--+--+--+--+--
-      |   des-cbc(confounder
-      +--+--+--+--+--+--+--+--
-
-                     +-----+-----+-----+-----+-----+-----+-----+-----+
-                       des-mac(conf+msg,iv=0,key),key=var(key),iv=0) |
-                     +-----+-----+-----+-----+-----+-----+-----+-----+
-
-   The format cannot be described in ASN.1, but for those who prefer an
-   ASN.1-like notation:
-
-   des-mac-checksum ::=    ENCRYPTED       UNTAGGED SEQUENCE {
-                           confounder[0]   UNTAGGED OCTET STRING(8),
-                           check[1]        UNTAGGED OCTET STRING(8)
-   }
-
-   The DES specifications identify some "weak" and "semiweak" keys;
-   those keys shall not be used for generating DES-MAC checksums for use
-   in Kerberos, nor shall a key be used whose veriant is "weak" or
-   "semi-weak".
-
-6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative
-       (rsa-md4-des-k)
-
-   The RSA-MD4-DES-K checksum calculates a keyed collision-proof
-   checksum by applying the RSA MD4 checksum algorithm and encrypting
-   the results using DES in cipherblock-chaining (CBC) mode using a DES
-   key as both key and initialization vector. The resulting checksum is
-   16 octets long. This checksum is tamper-proof and believed to be
-   collision-proof.  Note that this checksum type is the old method for
-   encoding the RSA-MD4-DES checksum and it is no longer recommended.
-
-6.4.8. DES cipher-block chained checksum alternative (desmac-k)
-
-   The DES-MAC-K checksum is computed by performing a DES CBC-mode
-   encryption of the plaintext, and using the last block of the
-   ciphertext as the checksum value. It is keyed with an encryption key
-   and an initialization vector; any uses which do not specify an
-   additional initialization vector will use the key as both key and
-   initialization vector.  The resulting checksum is 64 bits (8 octets)
-   long. This checksum is tamper-proof and collision-proof.  Note that
-
-
-
-Kohl & Neuman                                                  [Page 77]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   this checksum type is the old method for encoding the DESMAC checksum
-   and it is no longer recommended.
-
-   The DES specifications identify some "weak keys"; those keys shall
-   not be used for generating DES-MAC checksums for use in Kerberos.
-
-7.  Naming Constraints
-
-7.1.  Realm Names
-
-   Although realm names are encoded as GeneralStrings and although a
-   realm can technically select any name it chooses, interoperability
-   across realm boundaries requires agreement on how realm names are to
-   be assigned, and what information they imply.
-
-   To enforce these conventions, each realm must conform to the
-   conventions itself, and it must require that any realms with which
-   inter-realm keys are shared also conform to the conventions and
-   require the same from its neighbors.
-
-   There are presently four styles of realm names: domain, X500, other,
-   and reserved.  Examples of each style follow:
-
-        domain:   host.subdomain.domain (example)
-          X500:   C=US/O=OSF (example)
-         other:   NAMETYPE:rest/of.name=without-restrictions (example)
-      reserved:   reserved, but will not conflict with above
-
-   Domain names must look like domain names: they consist of components
-   separated by periods (.) and they contain neither colons (:) nor
-   slashes (/).
-
-   X.500 names contain an equal (=) and cannot contain a colon (:)
-   before the equal.  The realm names for X.500 names will be string
-   representations of the names with components separated by slashes.
-   Leading and trailing slashes will not be included.
-
-   Names that fall into the other category must begin with a prefix that
-   contains no equal (=) or period (.) and the prefix must be followed
-   by a colon (:) and the rest of the name. All prefixes must be
-   assigned before they may be used.  Presently none are assigned.
-
-   The reserved category includes strings which do not fall into the
-   first three categories.  All names in this category are reserved. It
-   is unlikely that names will be assigned to this category unless there
-   is a very strong argument for not using the "other" category.
-
-   These rules guarantee that there will be no conflicts between the
-
-
-
-Kohl & Neuman                                                  [Page 78]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   various name styles.  The following additional constraints apply to
-   the assignment of realm names in the domain and X.500 categories: the
-   name of a realm for the domain or X.500 formats must either be used
-   by the organization owning (to whom it was assigned) an Internet
-   domain name or X.500 name, or in the case that no such names are
-   registered, authority to use a realm name may be derived from the
-   authority of the parent realm.  For example, if there is no domain
-   name for E40.MIT.EDU, then the administrator of the MIT.EDU realm can
-   authorize the creation of a realm with that name.
-
-   This is acceptable because the organization to which the parent is
-   assigned is presumably the organization authorized to assign names to
-   its children in the X.500 and domain name systems as well.  If the
-   parent assigns a realm name without also registering it in the domain
-   name or X.500 hierarchy, it is the parent's responsibility to make
-   sure that there will not in the future exists a name identical to the
-   realm name of the child unless it is assigned to the same entity as
-   the realm name.
-
-7.2.  Principal Names
-
-   As was the case for realm names, conventions are needed to ensure
-   that all agree on what information is implied by a principal name.
-   The name-type field that is part of the principal name indicates the
-   kind of information implied by the name.  The name-type should be
-   treated as a hint.  Ignoring the name type, no two names can be the
-   same (i.e., at least one of the components, or the realm, must be
-   different).  This constraint may be eliminated in the future.  The
-   following name types are defined:
-
-      name-type      value   meaning
-      NT-UNKNOWN       0     Name type not known
-      NT-PRINCIPAL     1     Just the name of the principal as in
-                             DCE, or for users
-      NT-SRV-INST      2     Service and other unique instance (krbtgt)
-      NT-SRV-HST       3     Service with host name as instance
-                             (telnet, rcommands)
-      NT-SRV-XHST      4     Service with host as remaining components
-      NT-UID           5     Unique ID
-
-   When a name implies no information other than its uniqueness at a
-   particular time the name type PRINCIPAL should be used.  The
-   principal name type should be used for users, and it might also be
-   used for a unique server.  If the name is a unique machine generated
-   ID that is guaranteed never to be reassigned then the name type of
-   UID should be used (note that it is generally a bad idea to reassign
-   names of any type since stale entries might remain in access control
-   lists).
-
-
-
-Kohl & Neuman                                                  [Page 79]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   If the first component of a name identifies a service and the
-   remaining components identify an instance of the service in a server
-   specified manner, then the name type of SRV-INST should be used.  An
-   example of this name type is the Kerberos ticket-granting ticket
-   which has a first component of krbtgt and a second component
-   identifying the realm for which the ticket is valid.
-
-   If instance is a single component following the service name and the
-   instance identifies the host on which the server is running, then the
-   name type SRV-HST should be used. This type is typically used for
-   Internet services such as telnet and the Berkeley R commands.  If the
-   separate components of the host name appear as successive components
-   following the name of the service, then the name type SRVXHST should
-   be used.  This type might be used to identify servers on hosts with
-   X.500 names where the slash (/) might otherwise be ambiguous.
-
-   A name type of UNKNOWN should be used when the form of the name is
-   not known. When comparing names, a name of type UNKNOWN will match
-   principals authenticated with names of any type.  A principal
-   authenticated with a name of type UNKNOWN, however, will only match
-   other names of type UNKNOWN.
-
-   Names of any type with an initial component of "krbtgt" are reserved
-   for the Kerberos ticket granting service.  See section 8.2.3 for the
-   form of such names.
-
-7.2.1. Name of server principals
-
-   The principal identifier for a server on a host will generally be
-   composed of two parts: (1) the realm of the KDC with which the server
-   is registered, and (2) a two-component name of type NT-SRV-HST if the
-   host name is an Internet domain name or a multi-component name of
-   type NT-SRV-XHST if the name of the host is of a form such as X.500
-   that allows slash (/) separators.  The first component of the two- or
-   multi-component name will identify the service and the latter
-   components will identify the host.  Where the name of the host is not
-   case sensitive (for example, with Internet domain names) the name of
-   the host must be lower case.  For services such as telnet and the
-   Berkeley R commands which run with system privileges, the first
-   component will be the string "host" instead of a service specific
-   identifier.
-
-8.  Constants and other defined values
-
-8.1.  Host address types
-
-   All negative values for the host address type are reserved for local
-   use.  All non-negative values are reserved for officially assigned
-
-
-
-Kohl & Neuman                                                  [Page 80]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   type fields and interpretations.
-
-   The values of the types for the following addresses are chosen to
-   match the defined address family constants in the Berkeley Standard
-   Distributions of Unix.  They can be found in <sys/socket.h> with
-   symbolic names AF_xxx (where xxx is an abbreviation of the address
-   family name).
-
-
-   Internet addresses
-
-      Internet addresses are 32-bit (4-octet) quantities, encoded in MSB
-      order.  The type of internet addresses is two (2).
-
-   CHAOSnet addresses
-
-      CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB
-      order.  The type of CHAOSnet addresses is five (5).
-
-   ISO addresses
-
-      ISO addresses are variable-length.  The type of ISO addresses is
-      seven (7).
-
-   Xerox Network Services (XNS) addresses
-
-      XNS addresses are 48-bit (6-octet) quantities, encoded in MSB
-      order.  The type of XNS addresses is six (6).
-
-   AppleTalk Datagram Delivery Protocol (DDP) addresses
-
-      AppleTalk DDP addresses consist of an 8-bit node number and a 16-
-      bit network number.  The first octet of the address is the node
-      number; the remaining two octets encode the network number in MSB
-      order. The type of AppleTalk DDP addresses is sixteen (16).
-
-   DECnet Phase IV addresses
-
-      DECnet Phase IV addresses are 16-bit addresses, encoded in LSB
-      order.  The type of DECnet Phase IV addresses is twelve (12).
-
-8.2.  KDC messages
-
-8.2.1. IP transport
-
-   When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request
-   using IP transport, the client shall send a UDP datagram containing
-   only an encoding of the request to port 88 (decimal) at the KDC's IP
-
-
-
-Kohl & Neuman                                                  [Page 81]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   address; the KDC will respond with a reply datagram containing only
-   an encoding of the reply message (either a KRB_ERROR or a
-   KRB_KDC_REP) to the sending port at the sender's IP address.
-
-8.2.2. OSI transport
-
-   During authentication of an OSI client to and OSI server, the mutual
-   authentication of an OSI server to an OSI client, the transfer of
-   credentials from an OSI client to an OSI server, or during exchange
-   of private or integrity checked messages, Kerberos protocol messages
-   may be treated as opaque objects and the type of the authentication
-   mechanism will be:
-
-   OBJECT IDENTIFIER ::= {iso (1), org(3), dod(5),internet(1),
-                          security(5), kerberosv5(2)}
-
-   Depending on the situation, the opaque object will be an
-   authentication header (KRB_AP_REQ), an authentication reply
-   (KRB_AP_REP), a safe message (KRB_SAFE), a private message
-   (KRB_PRIV), or a credentials message (KRB_CRED).  The opaque data
-   contains an application code as specified in the ASN.1 description
-   for each message.  The application code may be used by Kerberos to
-   determine the message type.
-
-8.2.3. Name of the TGS
-
-   The principal identifier of the ticket-granting service shall be
-   composed of three parts: (1) the realm of the KDC issuing the TGS
-   ticket (2) a two-part name of type NT-SRVINST, with the first part
-   "krbtgt" and the second part the name of the realm which will accept
-   the ticket-granting ticket.  For example, a ticket-granting ticket
-   issued by the ATHENA.MIT.EDU realm to be used to get tickets from the
-   ATHENA.MIT.EDU KDC has a principal identifier of "ATHENA.MIT.EDU"
-   (realm), ("krbtgt", "ATHENA.MIT.EDU") (name).  A ticket-granting
-   ticket issued by the ATHENA.MIT.EDU realm to be used to get tickets
-   from the MIT.EDU realm has a principal identifier of "ATHENA.MIT.EDU"
-   (realm), ("krbtgt", "MIT.EDU") (name).
-
-8.3.  Protocol constants and associated values
-
-   The following tables list constants used in the protocol and defines
-   their meanings.
-
-
-
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 82]
-
-RFC 1510                        Kerberos                  September 1993
-
-
----------------+-----------+----------+----------------+---------------
-Encryption type|etype value|block size|minimum pad size|confounder size
----------------+-----------+----------+----------------+---------------
-NULL                0            1              0              0
-des-cbc-crc         1            8              4              8
-des-cbc-md4         2            8              0              8
-des-cbc-md5         3            8              0              8
-
--------------------------------+-------------------+-------------
-Checksum type                  |sumtype value      |checksum size
--------------------------------+-------------------+-------------
-CRC32                           1                   4
-rsa-md4                         2                   16
-rsa-md4-des                     3                   24
-des-mac                         4                   16
-des-mac-k                       5                   8
-rsa-md4-des-k                   6                   16
-rsa-md5                         7                   16
-rsa-md5-des                     8                   24
-
--------------------------------+-----------------
-padata type                    |padata-type value
--------------------------------+-----------------
-PA-TGS-REQ                      1
-PA-ENC-TIMESTAMP                2
-PA-PW-SALT                      3
-
--------------------------------+-------------
-authorization data type        |ad-type value
--------------------------------+-------------
-reserved values                 0-63
-OSF-DCE                         64
-SESAME                          65
-
--------------------------------+-----------------
-alternate authentication type  |method-type value
--------------------------------+-----------------
-reserved values                 0-63
-ATT-CHALLENGE-RESPONSE          64
-
--------------------------------+-------------
-transited encoding type        |tr-type value
--------------------------------+-------------
-DOMAIN-X500-COMPRESS            1
-reserved values                 all others
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 83]
-
-RFC 1510                        Kerberos                  September 1993
-
-
---------------+-------+-----------------------------------------
-Label         |Value  |Meaning or MIT code
---------------+-------+-----------------------------------------
-
-pvno             5     current Kerberos protocol version number
-
-message types
-
-KRB_AS_REQ      10     Request for initial authentication
-KRB_AS_REP      11     Response to KRB_AS_REQ request
-KRB_TGS_REQ     12     Request for authentication based on TGT
-KRB_TGS_REP     13     Response to KRB_TGS_REQ request
-KRB_AP_REQ      14     application request to server
-KRB_AP_REP      15     Response to KRB_AP_REQ_MUTUAL
-KRB_SAFE        20     Safe (checksummed) application message
-KRB_PRIV        21     Private (encrypted) application message
-KRB_CRED        22     Private (encrypted) message to forward
-                       credentials
-KRB_ERROR       30     Error response
-
-name types
-
-KRB_NT_UNKNOWN   0   Name type not known
-KRB_NT_PRINCIPAL 1   Just the name of the principal as in DCE, or
-                     for users
-KRB_NT_SRV_INST  2   Service and other unique instance (krbtgt)
-KRB_NT_SRV_HST   3   Service with host name as instance (telnet,
-                     rcommands)
-KRB_NT_SRV_XHST  4   Service with host as remaining components
-KRB_NT_UID       5   Unique ID
-
-error codes
-
-KDC_ERR_NONE                   0   No error
-KDC_ERR_NAME_EXP               1   Client's entry in database has
-                                   expired
-KDC_ERR_SERVICE_EXP            2   Server's entry in database has
-                                   expired
-KDC_ERR_BAD_PVNO               3   Requested protocol version number
-                                   not supported
-KDC_ERR_C_OLD_MAST_KVNO        4   Client's key encrypted in old
-                                   master key
-KDC_ERR_S_OLD_MAST_KVNO        5   Server's key encrypted in old
-                                   master key
-KDC_ERR_C_PRINCIPAL_UNKNOWN    6   Client not found in Kerberos database
-KDC_ERR_S_PRINCIPAL_UNKNOWN    7   Server not found in Kerberos database
-KDC_ERR_PRINCIPAL_NOT_UNIQUE   8   Multiple principal entries in
-                                   database
-
-
-
-Kohl & Neuman                                                  [Page 84]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-KDC_ERR_NULL_KEY               9   The client or server has a null key
-KDC_ERR_CANNOT_POSTDATE       10   Ticket not eligible for postdating
-KDC_ERR_NEVER_VALID           11   Requested start time is later than
-                                   end time
-KDC_ERR_POLICY                12   KDC policy rejects request
-KDC_ERR_BADOPTION             13   KDC cannot accommodate requested
-                                   option
-KDC_ERR_ETYPE_NOSUPP          14   KDC has no support for encryption
-                                   type
-KDC_ERR_SUMTYPE_NOSUPP        15   KDC has no support for checksum type
-KDC_ERR_PADATA_TYPE_NOSUPP    16   KDC has no support for padata type
-KDC_ERR_TRTYPE_NOSUPP         17   KDC has no support for transited type
-KDC_ERR_CLIENT_REVOKED        18   Clients credentials have been revoked
-KDC_ERR_SERVICE_REVOKED       19   Credentials for server have been
-                                   revoked
-KDC_ERR_TGT_REVOKED           20   TGT has been revoked
-KDC_ERR_CLIENT_NOTYET         21   Client not yet valid - try again
-                                   later
-KDC_ERR_SERVICE_NOTYET        22   Server not yet valid - try again
-                                   later
-KDC_ERR_KEY_EXPIRED           23   Password has expired - change
-                                   password to reset
-KDC_ERR_PREAUTH_FAILED        24   Pre-authentication information
-                                   was invalid
-KDC_ERR_PREAUTH_REQUIRED      25   Additional pre-authentication
-                                   required*
-KRB_AP_ERR_BAD_INTEGRITY      31   Integrity check on decrypted field
-                                   failed
-KRB_AP_ERR_TKT_EXPIRED        32   Ticket expired
-KRB_AP_ERR_TKT_NYV            33   Ticket not yet valid
-KRB_AP_ERR_REPEAT             34   Request is a replay
-KRB_AP_ERR_NOT_US             35   The ticket isn't for us
-KRB_AP_ERR_BADMATCH           36   Ticket and authenticator don't match
-KRB_AP_ERR_SKEW               37   Clock skew too great
-KRB_AP_ERR_BADADDR            38   Incorrect net address
-KRB_AP_ERR_BADVERSION         39   Protocol version mismatch
-KRB_AP_ERR_MSG_TYPE           40   Invalid msg type
-KRB_AP_ERR_MODIFIED           41   Message stream modified
-KRB_AP_ERR_BADORDER           42   Message out of order
-KRB_AP_ERR_BADKEYVER          44   Specified version of key is not
-                                   available
-KRB_AP_ERR_NOKEY              45   Service key not available
-KRB_AP_ERR_MUT_FAIL           46   Mutual authentication failed
-KRB_AP_ERR_BADDIRECTION       47   Incorrect message direction
-KRB_AP_ERR_METHOD             48   Alternative authentication method
-                                   required*
-KRB_AP_ERR_BADSEQ             49   Incorrect sequence number in message
-KRB_AP_ERR_INAPP_CKSUM        50   Inappropriate type of checksum in
-
-
-
-Kohl & Neuman                                                  [Page 85]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                                   message
-KRB_ERR_GENERIC               60   Generic error (description in e-text)
-KRB_ERR_FIELD_TOOLONG         61   Field is too long for this
-                                   implementation
-
-   *This error carries additional information in the e-data field.  The
-   contents of the e-data field for this message is described in section
-   5.9.1.
-
-9.  Interoperability requirements
-
-   Version 5 of the Kerberos protocol supports a myriad of options.
-   Among these are multiple encryption and checksum types, alternative
-   encoding schemes for the transited field, optional mechanisms for
-   pre-authentication, the handling of tickets with no addresses,
-   options for mutual authentication, user to user authentication,
-   support for proxies, forwarding, postdating, and renewing tickets,
-   the format of realm names, and the handling of authorization data.
-
-   In order to ensure the interoperability of realms, it is necessary to
-   define a minimal configuration which must be supported by all
-   implementations.  This minimal configuration is subject to change as
-   technology does. For example, if at some later date it is discovered
-   that one of the required encryption or checksum algorithms is not
-   secure, it will be replaced.
-
-9.1.  Specification 1
-
-   This section defines the first specification of these options.
-   Implementations which are configured in this way can be said to
-   support Kerberos Version 5 Specification 1 (5.1).
-
-   Encryption and checksum methods
-
-   The following encryption and checksum mechanisms must be supported.
-   Implementations may support other mechanisms as well, but the
-   additional mechanisms may only be used when communicating with
-   principals known to also support them: Encryption: DES-CBC-MD5
-   Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5
-
-   Realm Names
-
-   All implementations must understand hierarchical realms in both the
-   Internet Domain and the X.500 style.  When a ticket granting ticket
-   for an unknown realm is requested, the KDC must be able to determine
-   the names of the intermediate realms between the KDCs realm and the
-   requested realm.
-
-
-
-
-Kohl & Neuman                                                  [Page 86]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   Transited field encoding
-
-   DOMAIN-X500-COMPRESS (described in section 3.3.3.1) must be
-   supported.  Alternative encodings may be supported, but they may be
-   used only when that encoding is supported by ALL intermediate realms.
-
-   Pre-authentication methods
-
-   The TGS-REQ method must be supported.  The TGS-REQ method is not used
-   on the initial request. The PA-ENC-TIMESTAMP method must be supported
-   by clients but whether it is enabled by default may be determined on
-   a realm by realm basis. If not used in the initial request and the
-   error KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENCTIMESTAMP
-   as an acceptable method, the client should retry the initial request
-   using the PA-ENC-TIMESTAMP preauthentication method. Servers need not
-   support the PAENC-TIMESTAMP method, but if not supported the server
-   should ignore the presence of PA-ENC-TIMESTAMP pre-authentication in
-   a request.
-
-   Mutual authentication
-
-   Mutual authentication (via the KRB_AP_REP message) must be supported.
-
-   Ticket addresses and flags
-
-   All KDC's must pass on tickets that carry no addresses (i.e.,  if a
-   TGT contains no addresses, the KDC will return derivative tickets),
-   but each realm may set its own policy for issuing such tickets, and
-   each application server will set its own policy with respect to
-   accepting them. By default, servers should not accept them.
-
-   Proxies and forwarded tickets must be supported.  Individual realms
-   and application servers can set their own policy on when such tickets
-   will be accepted.
-
-   All implementations must recognize renewable and postdated tickets,
-   but need not actually implement them.  If these options are not
-   supported, the starttime and endtime in the ticket shall specify a
-   ticket's entire useful life.  When a postdated ticket is decoded by a
-   server, all implementations shall make the presence of the postdated
-   flag visible to the calling server.
-
-   User-to-user authentication
-
-   Support for user to user authentication (via the ENC-TKTIN-SKEY KDC
-   option) must be provided by implementations, but individual realms
-   may decide as a matter of policy to reject such requests on a per-
-   principal or realm-wide basis.
-
-
-
-Kohl & Neuman                                                  [Page 87]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   Authorization data
-
-   Implementations must pass all authorization data subfields from
-   ticket-granting tickets to any derivative tickets unless directed to
-   suppress a subfield as part of the definition of that registered
-   subfield type (it is never incorrect to pass on a subfield, and no
-   registered subfield types presently specify suppression at the KDC).
-
-   Implementations must make the contents of any authorization data
-   subfields available to the server when a ticket is used.
-   Implementations are not required to allow clients to specify the
-   contents of the authorization data fields.
-
-9.2.  Recommended KDC values
-
-   Following is a list of recommended values for a KDC implementation,
-   based on the list of suggested configuration constants (see section
-   4.4).
-
-   minimum lifetime                5 minutes
-
-   maximum renewable lifetime      1 week
-
-   maximum ticket lifetime         1 day
-
-   empty addresses                 only when suitable restrictions appear
-                                   in authorization data
-
-   proxiable, etc.                 Allowed.
-
-10.  Acknowledgments
-
-   Early versions of this document, describing version 4 of the
-   protocol, were written by Jennifer Steiner (formerly at Project
-   Athena); these drafts provided an excellent starting point for this
-   current version 5 specification.  Many people in the Internet
-   community have contributed ideas and suggested protocol changes for
-   version 5. Notable contributions came from Ted Anderson, Steve
-   Bellovin and Michael Merritt [17], Daniel Bernstein, Mike Burrows,
-   Donald Davis, Ravi Ganesan, Morrie Gasser, Virgil Gligor, Bill
-   Griffeth, Mark Lillibridge, Mark Lomas, Steve Lunt, Piers McMahon,
-   Joe Pato, William Sommerfeld, Stuart Stubblebine, Ralph Swick, Ted
-   T'so, and Stanley Zanarotti.  Many others commented and helped shape
-   this specification into its current form.
-
-
-
-
-
-
-
-Kohl & Neuman                                                  [Page 88]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-11.  References
-
-   [1]  Miller, S., Neuman, C., Schiller, J., and  J. Saltzer, "Section
-        E.2.1: Kerberos  Authentication and Authorization System",
-        M.I.T. Project Athena, Cambridge, Massachusetts, December 21,
-        1987.
-
-   [2]  Steiner, J., Neuman, C., and J. Schiller, "Kerberos: An
-        Authentication Service for Open Network Systems", pp. 191-202 in
-        Usenix Conference Proceedings, Dallas, Texas, February, 1988.
-
-   [3]  Needham, R., and M. Schroeder, "Using Encryption for
-        Authentication in Large Networks of Computers", Communications
-        of the ACM, Vol. 21 (12), pp. 993-999, December 1978.
-
-   [4]  Denning, D., and G. Sacco, "Time stamps in Key Distribution
-        Protocols", Communications of the ACM, Vol. 24 (8), pp. 533-536,
-        August 1981.
-
-   [5]  Kohl, J., Neuman, C., and T. Ts'o, "The Evolution of the
-        Kerberos Authentication Service", in an IEEE Computer Society
-        Text soon to be published, June 1992.
-
-   [6]  Davis, D., and R. Swick, "Workstation Services and Kerberos
-        Authentication at Project Athena", Technical Memorandum TM-424,
-        MIT Laboratory for Computer Science, February 1990.
-
-   [7]  Levine, P., Gretzinger, M, Diaz, J., Sommerfeld, W., and K.
-        Raeburn, "Section E.1: Service Management System, M.I.T.
-        Project Athena, Cambridge, Mas sachusetts (1987).
-
-   [8]  CCITT, Recommendation X.509: The Directory Authentication
-        Framework, December 1988.
-
-   [9]  Neuman, C., "Proxy-Based Authorization and Accounting for
-        Distributed Systems," in Proceedings of the 13th International
-        Conference on Distributed Computing Systems", Pittsburgh, PA,
-        May 1993.
-
-   [10] Pato, J., "Using Pre-Authentication to Avoid Password Guessing
-        Attacks", Open Software Foundation DCE Request for Comments 26,
-        December 1992.
-
-   [11] National Bureau of Standards, U.S. Department of Commerce, "Data
-        Encryption Standard", Federal Information Processing Standards
-        Publication 46, Washington, DC (1977).
-
-
-
-
-
-Kohl & Neuman                                                  [Page 89]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-   [12] National Bureau of Standards, U.S. Department of Commerce, "DES
-        Modes of Operation", Federal Information Processing Standards
-        Publication 81, Springfield, VA, December 1980.
-
-   [13] Stubblebine S., and V. Gligor, "On Message Integrity in
-        Cryptographic Protocols", in Proceedings of the IEEE Symposium
-        on Research in Security and Privacy, Oakland, California, May
-        1992.
-
-   [14] International Organization for Standardization, "ISO Information
-        Processing Systems - Data Communication High-Level Data Link
-        Control Procedure - Frame Structure", IS 3309, October 1984, 3rd
-        Edition.
-
-   [15] Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT
-        Laboratory for Computer Science, April 1992.
-
-   [16] Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321, MIT
-        Laboratory for Computer Science, April 1992.
-
-   [17] Bellovin S., and M. Merritt, "Limitations of the Kerberos
-        Authentication System", Computer Communications Review, Vol.
-        20(5), pp. 119-132, October 1990.
-
-12.  Security Considerations
-
-   Security issues are discussed throughout this memo.
-
-13.  Authors' Addresses
-
-   John Kohl
-   Digital Equipment Corporation
-   110 Spit Brook Road, M/S ZKO3-3/U14
-   Nashua, NH  03062
-
-   Phone: 603-881-2481
-   EMail: jtkohl@zk3.dec.com
-
-
-   B. Clifford Neuman
-   USC/Information Sciences Institute
-   4676 Admiralty Way #1001
-   Marina del Rey, CA 90292-6695
-
-   Phone: 310-822-1511
-   EMail: bcn@isi.edu
-
-
-
-
-
-Kohl & Neuman                                                  [Page 90]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-A.  Pseudo-code for protocol processing
-
-   This appendix provides pseudo-code describing how the messages are to
-   be constructed and interpreted by clients and servers.
-
-A.1.  KRB_AS_REQ generation
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_AS_REQ */
-
-        if(pa_enc_timestamp_required) then
-                request.padata.padata-type = PA-ENC-TIMESTAMP;
-                get system_time;
-                padata-body.patimestamp,pausec = system_time;
-                encrypt padata-body into request.padata.padata-value
-                        using client.key; /* derived from password */
-        endif
-
-        body.kdc-options := users's preferences;
-        body.cname := user's name;
-        body.realm := user's realm;
-        body.sname := service's name; /* usually "krbtgt",
-                                         "localrealm" */
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-        omit body.enc-authorization-data;
-        request.req-body := body;
-
-        kerberos := lookup(name of local kerberos server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-
-
-Kohl & Neuman                                                  [Page 91]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-A.2.  KRB_AS_REQ verification and KRB_AS_REP generation
-        decode message into req;
-
-        client := lookup(req.cname,req.realm);
-        server := lookup(req.sname,req.realm);
-        get system_time;
-        kdc_time := system_time.seconds;
-
-        if (!client) then
-                /* no client in Database */
-                error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN);
-        endif
-        if (!server) then
-                /* no server in Database */
-                error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-        endif
-
-        if(client.pa_enc_timestamp_required and
-           pa_enc_timestamp not present) then
-                error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-        endif
-
-        if(pa_enc_timestamp present) then
-                decrypt req.padata-value into decrypted_enc_timestamp
-                        using client.key;
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                if(decrypted_enc_timestamp is not within allowable
-                        skew) then error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                if(decrypted_enc_timestamp and usec is replay)
-                        error_out(KDC_ERR_PREAUTH_FAILED);
-                endif
-                add decrypted_enc_timestamp and usec to replay cache;
-        endif
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := req.srealm;
-        reset all flags in new_tkt.flags;
-
-
-
-
-Kohl & Neuman                                                  [Page 92]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        if (req.kdc-options.FORWARDABLE is set) then
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.PROXIABLE is set) then
-                set new_tkt.flags.PROXIABLE;
-        endif
-        if (req.kdc-options.ALLOW-POSTDATE is set) then
-                set new_tkt.flags.ALLOW-POSTDATE;
-        endif
-        if ((req.kdc-options.RENEW is set) or
-            (req.kdc-options.VALIDATE is set) or
-            (req.kdc-options.PROXY is set) or
-            (req.kdc-options.FORWARDED is set) or
-            (req.kdc-options.ENC-TKT-IN-SKEY is set)) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.session := random_session_key();
-        new_tkt.cname := req.cname;
-        new_tkt.crealm := req.crealm;
-        new_tkt.transited := empty_transited_field();
-
-        new_tkt.authtime := kdc_time;
-
-        if (req.kdc-options.POSTDATED is set) then
-           if (against_postdate_policy(req.from)) then
-                error_out(KDC_ERR_POLICY);
-           endif
-           set new_tkt.flags.INVALID;
-           new_tkt.starttime := req.from;
-        else
-           omit new_tkt.starttime; /* treated as authtime when
-                                      omitted */
-        endif
-        if (req.till = 0) then
-                till := infinity;
-        else
-                till := req.till;
-        endif
-
-        new_tkt.endtime := min(till,
-                              new_tkt.starttime+client.max_life,
-                              new_tkt.starttime+server.max_life,
-                              new_tkt.starttime+max_life_for_realm);
-
-
-
-Kohl & Neuman                                                  [Page 93]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (new_tkt.endtime < req.till)) then
-                /* we set the RENEWABLE option for later processing */
-                set req.kdc-options.RENEWABLE;
-                req.rtime := req.till;
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if (req.kdc-options.RENEWABLE is set) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-                new_tkt.starttime+client.max_rlife,
-                new_tkt.starttime+server.max_rlife,
-                new_tkt.starttime+max_rlife_for_realm);
-        else
-                omit new_tkt.renew-till; /* only present if RENEWABLE */
-        endif
-
-        if (req.addresses) then
-                new_tkt.caddr := req.addresses;
-        else
-                omit new_tkt.caddr;
-        endif
-
-        new_tkt.authorization_data := empty_authorization_data();
-
-        encode to-be-encrypted part of ticket into OCTET STRING;
-        new_tkt.enc-part := encrypt OCTET STRING
-            using etype_for_key(server.key), server.key, server.p_kvno;
-
-
-        /* Start processing the response */
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_AS_REP;
-        resp.cname := req.cname;
-        resp.crealm := req.realm;
-        resp.ticket := new_tkt;
-
-        resp.key := new_tkt.session;
-        resp.last-req := fetch_last_request_info(client);
-        resp.nonce := req.nonce;
-        resp.key-expiration := client.expiration;
-
-
-
-Kohl & Neuman                                                  [Page 94]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-        resp.realm := new_tkt.realm;
-        resp.sname := new_tkt.sname;
-
-        resp.caddr := new_tkt.caddr;
-
-        encode body of reply into OCTET STRING;
-
-        resp.enc-part := encrypt OCTET STRING
-                         using use_etype, client.key, client.p_kvno;
-        send(resp);
-
-A.3.  KRB_AS_REP verification
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP))
-                        then set pa_enc_timestamp_required;
-                        goto KRB_AS_REQ;
-                endif
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key */
-        /* from the response immediately */
-
-        key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
-                                 resp.padata);
-        unencrypted part of resp := decode of decrypt of resp.enc-part
-                                using resp.enc-part.etype and key;
-        zero(key);
-
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        if near(resp.princ_exp) then
-
-
-
-Kohl & Neuman                                                  [Page 95]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                print(warning message);
-        endif
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.4.  KRB_AS_REP and KRB_TGS_REP common checks
-        if (decryption_error() or
-            (req.cname != resp.cname) or
-            (req.realm != resp.crealm) or
-            (req.sname != resp.sname) or
-            (req.realm != resp.realm) or
-            (req.nonce != resp.nonce) or
-            (req.addresses != resp.caddr)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        /* make sure no flags are set that shouldn't be, and that  */
-        /* all that should be are set                              */
-        if (!check_flags_for_compatability(req.kdc-options,resp.flags))
-                then destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.from = 0) and
-            (resp.starttime is not within allowable skew)) then
-                destroy resp.key;
-                return KRB_AP_ERR_SKEW;
-        endif
-        if ((req.from != 0) and (req.from != resp.starttime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.till != 0) and (resp.endtime > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (req.rtime != 0) and (resp.renew-till > req.rtime)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-        endif
-        if ((req.kdc-options.RENEWABLE-OK is set) and
-            (resp.flags.RENEWABLE) and
-            (req.till != 0) and
-            (resp.renew-till > req.till)) then
-                destroy resp.key;
-                return KRB_AP_ERR_MODIFIED;
-
-
-
-Kohl & Neuman                                                  [Page 96]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        endif
-
-A.5.  KRB_TGS_REQ generation
-        /* Note that make_application_request might have to     */
-        /* recursivly call this routine to get the appropriate  */
-        /* ticket-granting ticket                               */
-
-        request.pvno := protocol version; /* pvno = 5 */
-        request.msg-type := message type; /* type = KRB_TGS_REQ */
-
-        body.kdc-options := users's preferences;
-        /* If the TGT is not for the realm of the end-server  */
-        /* then the sname will be for a TGT for the end-realm */
-        /* and the realm of the requested ticket (body.realm) */
-        /* will be that of the TGS to which the TGT we are    */
-        /* sending applies                                    */
-        body.sname := service's name;
-        body.realm := service's realm;
-
-        if (body.kdc-options.POSTDATED is set) then
-                body.from := requested starting time;
-        else
-                omit body.from;
-        endif
-        body.till := requested end time;
-        if (body.kdc-options.RENEWABLE is set) then
-                body.rtime := requested final renewal time;
-        endif
-        body.nonce := random_nonce();
-        body.etype := requested etypes;
-        if (user supplied addresses) then
-                body.addresses := user's addresses;
-        else
-                omit body.addresses;
-        endif
-
-        body.enc-authorization-data := user-supplied data;
-        if (body.kdc-options.ENC-TKT-IN-SKEY) then
-                body.additional-tickets_ticket := second TGT;
-        endif
-
-        request.req-body := body;
-        check := generate_checksum (req.body,checksumtype);
-
-        request.padata[0].padata-type := PA-TGS-REQ;
-        request.padata[0].padata-value := create a KRB_AP_REQ using
-                                      the TGT and checksum
-
-
-
-
-Kohl & Neuman                                                  [Page 97]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        /* add in any other padata as required/supplied */
-
-        kerberos := lookup(name of local kerberose server (or servers));
-        send(packet,kerberos);
-
-        wait(for response);
-        if (timed_out) then
-                retry or use alternate server;
-        endif
-
-A.6.  KRB_TGS_REQ verification and KRB_TGS_REP generation
-        /* note that reading the application request requires first
-        determining the server for which a ticket was issued, and
-        choosing the correct key for decryption.  The name of the
-        server appears in the plaintext part of the ticket. */
-
-        if (no KRB_AP_REQ in req.padata) then
-                error_out(KDC_ERR_PADATA_TYPE_NOSUPP);
-        endif
-        verify KRB_AP_REQ in req.padata;
-
-        /* Note that the realm in which the Kerberos server is
-        operating is determined by the instance from the
-        ticket-granting ticket.  The realm in the ticket-granting
-        ticket is the realm under which the ticket granting ticket was
-        issued.  It is possible for a single Kerberos server to
-        support more than one realm. */
-
-        auth_hdr := KRB_AP_REQ;
-        tgt := auth_hdr.ticket;
-
-        if (tgt.sname is not a TGT for local realm and is not
-                req.sname) then error_out(KRB_AP_ERR_NOT_US);
-
-        realm := realm_tgt_is_for(tgt);
-
-        decode remainder of request;
-
-        if (auth_hdr.authenticator.cksum is missing) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-        if (auth_hdr.authenticator.cksum type is not supported) then
-                error_out(KDC_ERR_SUMTYPE_NOSUPP);
-        endif
-        if (auth_hdr.authenticator.cksum is not both collision-proof
-            and keyed)  then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-
-
-
-Kohl & Neuman                                                  [Page 98]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        set computed_checksum := checksum(req);
-        if (computed_checksum != auth_hdr.authenticatory.cksum) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        server := lookup(req.sname,realm);
-
-        if (!server) then
-                if (is_foreign_tgt_name(server)) then
-                        server := best_intermediate_tgs(server);
-                else
-                        /* no server in Database */
-                        error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN);
-                endif
-        endif
-
-        session := generate_random_session_key();
-
-
-        use_etype := first supported etype in req.etypes;
-
-        if (no support for req.etypes) then
-                error_out(KDC_ERR_ETYPE_NOSUPP);
-        endif
-
-        new_tkt.vno := ticket version; /* = 5 */
-        new_tkt.sname := req.sname;
-        new_tkt.srealm := realm;
-        reset all flags in new_tkt.flags;
-
-        /* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
-
-        new_tkt.caddr := tgt.caddr;
-        resp.caddr := NULL; /* We only include this if they change */
-        if (req.kdc-options.FORWARDABLE is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDABLE;
-        endif
-        if (req.kdc-options.FORWARDED is set) then
-                if (tgt.flags.FORWARDABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.FORWARDED;
-                new_tkt.caddr := req.addresses;
-
-
-
-Kohl & Neuman                                                  [Page 99]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                resp.caddr := req.addresses;
-        endif
-        if (tgt.flags.FORWARDED is set) then
-                set new_tkt.flags.FORWARDED;
-        endif
-
-        if (req.kdc-options.PROXIABLE is set) then
-                if (tgt.flags.PROXIABLE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXIABLE;
-        endif
-        if (req.kdc-options.PROXY is set) then
-                if (tgt.flags.PROXIABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.PROXY;
-                new_tkt.caddr := req.addresses;
-                resp.caddr := req.addresses;
-        endif
-
-        if (req.kdc-options.POSTDATE is set) then
-                if (tgt.flags.POSTDATE is reset)
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.POSTDATE;
-        endif
-        if (req.kdc-options.POSTDATED is set) then
-                if (tgt.flags.POSTDATE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                set new_tkt.flags.POSTDATED;
-                set new_tkt.flags.INVALID;
-                if (against_postdate_policy(req.from)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                new_tkt.starttime := req.from;
-        endif
-
-
-        if (req.kdc-options.VALIDATE is set) then
-                if (tgt.flags.INVALID is reset) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-                if (tgt.starttime > kdc_time) then
-                        error_out(KRB_AP_ERR_NYV);
-                endif
-                if (check_hot_list(tgt)) then
-
-
-
-Kohl & Neuman                                                 [Page 100]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                        error_out(KRB_AP_ERR_REPEAT);
-                endif
-                tkt := tgt;
-                reset new_tkt.flags.INVALID;
-        endif
-
-        if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW,
-                             and those already processed) is set) then
-                error_out(KDC_ERR_BADOPTION);
-        endif
-
-        new_tkt.authtime := tgt.authtime;
-
-        if (req.kdc-options.RENEW is set) then
-          /* Note that if the endtime has already passed, the ticket */
-          /* would have been rejected in the initial authentication  */
-          /* stage, so there is no need to check again here          */
-                if (tgt.flags.RENEWABLE is reset) then
-                        error_out(KDC_ERR_BADOPTION);
-                endif
-                if (tgt.renew-till >= kdc_time) then
-                        error_out(KRB_AP_ERR_TKT_EXPIRED);
-                endif
-                tkt := tgt;
-                new_tkt.starttime := kdc_time;
-                old_life := tgt.endttime - tgt.starttime;
-                new_tkt.endtime := min(tgt.renew-till,
-                                       new_tkt.starttime + old_life);
-        else
-                new_tkt.starttime := kdc_time;
-                if (req.till = 0) then
-                        till := infinity;
-                else
-                        till := req.till;
-                endif
-                new_tkt.endtime := min(till,
-                                   new_tkt.starttime+client.max_life,
-                                   new_tkt.starttime+server.max_life,
-                                   new_tkt.starttime+max_life_for_realm,
-                                   tgt.endtime);
-
-                if ((req.kdc-options.RENEWABLE-OK is set) and
-                    (new_tkt.endtime < req.till) and
-                    (tgt.flags.RENEWABLE is set) then
-                        /* we set the RENEWABLE option for later  */
-                        /* processing                             */
-                        set req.kdc-options.RENEWABLE;
-                        req.rtime := min(req.till, tgt.renew-till);
-
-
-
-Kohl & Neuman                                                 [Page 101]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                endif
-        endif
-
-        if (req.rtime = 0) then
-                rtime := infinity;
-        else
-                rtime := req.rtime;
-        endif
-
-        if ((req.kdc-options.RENEWABLE is set) and
-            (tgt.flags.RENEWABLE is set)) then
-                set new_tkt.flags.RENEWABLE;
-                new_tkt.renew-till := min(rtime,
-                new_tkt.starttime+client.max_rlife,
-                new_tkt.starttime+server.max_rlife,
-                new_tkt.starttime+max_rlife_for_realm,
-                tgt.renew-till);
-        else
-                new_tkt.renew-till := OMIT;
-                              /* leave the renew-till field out */
-        endif
-        if (req.enc-authorization-data is present) then
-                decrypt req.enc-authorization-data
-                        into    decrypted_authorization_data
-                        using auth_hdr.authenticator.subkey;
-                if (decrypt_error()) then
-                        error_out(KRB_AP_ERR_BAD_INTEGRITY);
-                endif
-        endif
-        new_tkt.authorization_data :=
-        req.auth_hdr.ticket.authorization_data +
-                                 decrypted_authorization_data;
-
-        new_tkt.key := session;
-        new_tkt.crealm := tgt.crealm;
-        new_tkt.cname := req.auth_hdr.ticket.cname;
-
-        if (realm_tgt_is_for(tgt) := tgt.realm) then
-                /* tgt issued by local realm */
-                new_tkt.transited := tgt.transited;
-        else
-                /* was issued for this realm by some other realm */
-                if (tgt.transited.tr-type not supported) then
-                        error_out(KDC_ERR_TRTYPE_NOSUPP);
-                endif
-                new_tkt.transited
-                   := compress_transited(tgt.transited + tgt.realm)
-        endif
-
-
-
-Kohl & Neuman                                                 [Page 102]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        encode encrypted part of new_tkt into OCTET STRING;
-        if (req.kdc-options.ENC-TKT-IN-SKEY is set) then
-                if (server not specified) then
-                        server = req.second_ticket.client;
-                endif
-                if ((req.second_ticket is not a TGT) or
-                    (req.second_ticket.client != server)) then
-                        error_out(KDC_ERR_POLICY);
-                endif
-
-                new_tkt.enc-part := encrypt OCTET STRING using
-                        using etype_for_key(second-ticket.key),
-                                                      second-ticket.key;
-        else
-                new_tkt.enc-part := encrypt OCTET STRING
-                        using etype_for_key(server.key), server.key,
-                                                      server.p_kvno;
-        endif
-
-        resp.pvno := 5;
-        resp.msg-type := KRB_TGS_REP;
-        resp.crealm := tgt.crealm;
-        resp.cname := tgt.cname;
-        resp.ticket := new_tkt;
-
-        resp.key := session;
-        resp.nonce := req.nonce;
-        resp.last-req := fetch_last_request_info(client);
-        resp.flags := new_tkt.flags;
-
-        resp.authtime := new_tkt.authtime;
-        resp.starttime := new_tkt.starttime;
-        resp.endtime := new_tkt.endtime;
-
-        omit resp.key-expiration;
-
-        resp.sname := new_tkt.sname;
-        resp.realm := new_tkt.realm;
-
-        if (new_tkt.flags.RENEWABLE) then
-                resp.renew-till := new_tkt.renew-till;
-        endif
-
-
-        encode body of reply into OCTET STRING;
-
-        if (req.padata.authenticator.subkey)
-                resp.enc-part := encrypt OCTET STRING using use_etype,
-
-
-
-Kohl & Neuman                                                 [Page 103]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                        req.padata.authenticator.subkey;
-        else resp.enc-part := encrypt OCTET STRING
-                              using use_etype, tgt.key;
-
-        send(resp);
-
-A.7.  KRB_TGS_REP verification
-        decode response into resp;
-
-        if (resp.msg-type = KRB_ERROR) then
-                process_error(resp);
-                return;
-        endif
-
-        /* On error, discard the response, and zero the session key from
-        the response immediately */
-
-        if (req.padata.authenticator.subkey)
-                unencrypted part of resp :=
-                        decode of decrypt of resp.enc-part
-                        using resp.enc-part.etype and subkey;
-        else unencrypted part of resp :=
-                        decode of decrypt of resp.enc-part
-                        using resp.enc-part.etype and tgt's session key;
-        if (common_as_rep_tgs_rep_checks fail) then
-                destroy resp.key;
-                return error;
-        endif
-
-        check authorization_data as necessary;
-        save_for_later(ticket,session,client,server,times,flags);
-
-A.8.  Authenticator generation
-        body.authenticator-vno := authenticator vno; /* = 5 */
-        body.cname, body.crealm := client name;
-        if (supplying checksum) then
-                body.cksum := checksum;
-        endif
-        get system_time;
-        body.ctime, body.cusec := system_time;
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-
-
-Kohl & Neuman                                                 [Page 104]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-A.9.  KRB_AP_REQ generation
-        obtain ticket and session_key from cache;
-
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REQ */
-
-        if (desired(MUTUAL_AUTHENTICATION)) then
-                set packet.ap-options.MUTUAL-REQUIRED;
-        else
-                reset packet.ap-options.MUTUAL-REQUIRED;
-        endif
-        if (using session key for ticket) then
-                set packet.ap-options.USE-SESSION-KEY;
-        else
-                reset packet.ap-options.USE-SESSION-KEY;
-        endif
-        packet.ticket := ticket; /* ticket */
-        generate authenticator;
-        encode authenticator into OCTET STRING;
-        encrypt OCTET STRING into packet.authenticator
-                             using session_key;
-
-A.10.  KRB_AP_REQ verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REQ) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.ticket.tkt_vno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.ap_options.USE-SESSION-KEY is set) then
-                retrieve session key from ticket-granting ticket for
-                 packet.ticket.{sname,srealm,enc-part.etype};
-        else
-           retrieve service key for
-           packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno};
-        endif
-        if (no_key_available) then
-                if (cannot_find_specified_skvno) then
-                        error_out(KRB_AP_ERR_BADKEYVER);
-                else
-                        error_out(KRB_AP_ERR_NOKEY);
-                endif
-
-
-
-Kohl & Neuman                                                 [Page 105]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        endif
-        decrypt packet.ticket.enc-part into decr_ticket
-                                       using retrieved key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        decrypt packet.authenticator into decr_authenticator
-                using decr_ticket.key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (decr_authenticator.{cname,crealm} !=
-            decr_ticket.{cname,crealm}) then
-                error_out(KRB_AP_ERR_BADMATCH);
-        endif
-        if (decr_ticket.caddr is present) then
-                if (sender_address(packet) is not in decr_ticket.caddr)
-                        then error_out(KRB_AP_ERR_BADADDR);
-                endif
-        elseif (application requires addresses) then
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (not in_clock_skew(decr_authenticator.ctime,
-                              decr_authenticator.cusec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(decr_authenticator.{ctime,cusec,cname,crealm}))
-                then error_out(KRB_AP_ERR_REPEAT);
-        endif
-        save_identifier(decr_authenticator.{ctime,cusec,cname,crealm});
-        get system_time;
-        if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or
-            (decr_ticket.flags.INVALID is set)) then
-                /* it hasn't yet become valid */
-                error_out(KRB_AP_ERR_TKT_NYV);
-        endif
-        if (system_time-decr_ticket.endtime > CLOCK_SKEW) then
-                error_out(KRB_AP_ERR_TKT_EXPIRED);
-        endif
-        /* caller must check decr_ticket.flags for any pertinent */
-        /* details */
-        return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED);
-
-A.11.  KRB_AP_REP generation
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_AP_REP */
-        body.ctime := packet.ctime;
-        body.cusec := packet.cusec;
-
-
-
-Kohl & Neuman                                                 [Page 106]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        if (selecting sub-session key) then
-                select sub-session key;
-                body.subkey := sub-session key;
-        endif
-        if (using sequence numbers) then
-                select initial sequence number;
-                body.seq-number := initial sequence;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part;
-
-A.12.  KRB_AP_REP verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_AP_REP) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        cleartext := decrypt(packet.enc-part)
-                     using ticket's session key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if (cleartext.ctime != authenticator.ctime) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.cusec != authenticator.cusec) then
-                error_out(KRB_AP_ERR_MUT_FAIL);
-        endif
-        if (cleartext.subkey is present) then
-                save cleartext.subkey for future use;
-        endif
-        if (cleartext.seq-number is present) then
-                save cleartext.seq-number for future verifications;
-        endif
-        return(AUTHENTICATION_SUCCEEDED);
-
-A.13.  KRB_SAFE generation
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_SAFE */
-
-
-
-Kohl & Neuman                                                 [Page 107]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        body.user-data := buffer; /* DATA */
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-        checksum.cksumtype := checksum type;
-        compute checksum over body;
-        checksum.checksum := checksum value; /* checksum.checksum */
-        packet.cksum := checksum;
-        packet.safe-body := body;
-
-A.14.  KRB_SAFE verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_SAFE) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-        if (packet.checksum.cksumtype is not both collision-proof
-                                             and keyed) then
-                error_out(KRB_AP_ERR_INAPP_CKSUM);
-        endif
-        if (safe_priv_common_checks_ok(packet)) then
-                set computed_checksum := checksum(packet.body);
-                if (computed_checksum != packet.checksum) then
-                        error_out(KRB_AP_ERR_MODIFIED);
-                endif
-                return (packet, PACKET_IS_GENUINE);
-        else
-                return common_checks_error;
-        endif
-
-A.15.  KRB_SAFE and KRB_PRIV common checks
-        if (packet.s-address != O/S_sender(packet)) then
-            /* O/S report of sender not who claims to have sent it */
-            error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-
-
-
-Kohl & Neuman                                                 [Page 108]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if (((packet.timestamp is present) and
-             (not in_clock_skew(packet.timestamp,packet.usec))) or
-            (packet.timestamp is not present and timestamp expected))
-                then error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address))
-                then error_out(KRB_AP_ERR_REPEAT);
-        endif
-        if (((packet.seq-number is present) and
-             ((not in_sequence(packet.seq-number)))) or
-            (packet.seq-number is not present and sequence expected))
-                then error_out(KRB_AP_ERR_BADORDER);
-        endif
-        if (packet.timestamp not present and
-            packet.seq-number not present) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        save_identifier(packet.{timestamp,usec,s-address},
-                        sender_principal(packet));
-
-        return PACKET_IS_OK;
-
-A.16.  KRB_PRIV generation
-        collect user data in buffer;
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_PRIV */
-
-        packet.enc-part.etype := encryption type;
-
-        body.user-data := buffer;
-        if (using timestamp) then
-                get system_time;
-                body.timestamp, body.usec := system_time;
-        endif
-        if (using sequence numbers) then
-                body.seq-number := sequence number;
-        endif
-        body.s-address := sender host addresses;
-        if (only one recipient) then
-                body.r-address := recipient host address;
-        endif
-
-
-
-
-Kohl & Neuman                                                 [Page 109]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher;
-
-A.17.  KRB_PRIV verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_PRIV) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-
-        if (safe_priv_common_checks_ok(cleartext)) then
-            return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
-        else
-                return common_checks_error;
-        endif
-
-A.18.  KRB_CRED generation
-        invoke KRB_TGS; /* obtain tickets to be provided to peer */
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_CRED */
-
-        for (tickets[n] in tickets to be forwarded) do
-                packet.tickets[n] = tickets[n].ticket;
-        done
-
-        packet.enc-part.etype := encryption type;
-
-        for (ticket[n] in tickets to be forwarded) do
-                body.ticket-info[n].key = tickets[n].session;
-                body.ticket-info[n].prealm = tickets[n].crealm;
-                body.ticket-info[n].pname = tickets[n].cname;
-                body.ticket-info[n].flags = tickets[n].flags;
-                body.ticket-info[n].authtime = tickets[n].authtime;
-                body.ticket-info[n].starttime = tickets[n].starttime;
-                body.ticket-info[n].endtime = tickets[n].endtime;
-                body.ticket-info[n].renew-till = tickets[n].renew-till;
-
-
-
-Kohl & Neuman                                                 [Page 110]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-                body.ticket-info[n].srealm = tickets[n].srealm;
-                body.ticket-info[n].sname = tickets[n].sname;
-                body.ticket-info[n].caddr = tickets[n].caddr;
-        done
-
-        get system_time;
-        body.timestamp, body.usec := system_time;
-
-        if (using nonce) then
-                body.nonce := nonce;
-        endif
-
-        if (using s-address) then
-                body.s-address := sender host addresses;
-        endif
-        if (limited recipients) then
-                body.r-address := recipient host address;
-        endif
-
-        encode body into OCTET STRING;
-
-        select encryption type;
-        encrypt OCTET STRING into packet.enc-part.cipher
-        using negotiated encryption key;
-
-A.19.  KRB_CRED verification
-        receive packet;
-        if (packet.pvno != 5) then
-                either process using other protocol spec
-                or error_out(KRB_AP_ERR_BADVERSION);
-        endif
-        if (packet.msg-type != KRB_CRED) then
-                error_out(KRB_AP_ERR_MSG_TYPE);
-        endif
-
-        cleartext := decrypt(packet.enc-part) using negotiated key;
-        if (decryption_error()) then
-                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-        endif
-        if ((packet.r-address is present or required) and
-           (packet.s-address != O/S_sender(packet)) then
-            /* O/S report of sender not who claims to have sent it */
-            error_out(KRB_AP_ERR_BADADDR);
-        endif
-        if ((packet.r-address is present) and
-            (packet.r-address != local_host_address)) then
-                /* was not sent to proper place */
-                error_out(KRB_AP_ERR_BADADDR);
-
-
-
-Kohl & Neuman                                                 [Page 111]
-
-RFC 1510                        Kerberos                  September 1993
-
-
-        endif
-        if (not in_clock_skew(packet.timestamp,packet.usec)) then
-                error_out(KRB_AP_ERR_SKEW);
-        endif
-        if (repeated(packet.timestamp,packet.usec,packet.s-address))
-                then error_out(KRB_AP_ERR_REPEAT);
-        endif
-        if (packet.nonce is required or present) and
-           (packet.nonce != expected-nonce) then
-                error_out(KRB_AP_ERR_MODIFIED);
-        endif
-
-        for (ticket[n] in tickets that were forwarded) do
-                save_for_later(ticket[n],key[n],principal[n],
-                               server[n],times[n],flags[n]);
-        return
-
-A.20.  KRB_ERROR generation
-
-        /* assemble packet: */
-        packet.pvno := protocol version; /* 5 */
-        packet.msg-type := message type; /* KRB_ERROR */
-
-        get system_time;
-        packet.stime, packet.susec := system_time;
-        packet.realm, packet.sname := server name;
-
-        if (client time available) then
-                packet.ctime, packet.cusec := client_time;
-        endif
-        packet.error-code := error code;
-        if (client name available) then
-                packet.cname, packet.crealm := client name;
-        endif
-        if (error text available) then
-                packet.e-text := error text;
-        endif
-        if (error data available) then
-                packet.e-data := error data;
-        endif
-
-
-
-
-
-
-
-
-
-
-
-Kohl & Neuman                                                 [Page 112]
-
-\ No newline at end of file
diff --git a/crypto/heimdal/doc/standardisation/rfc1750.txt b/crypto/heimdal/doc/standardisation/rfc1750.txt
deleted file mode 100644
index 56d478c7eef4..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc1750.txt
+++ /dev/null
@@ -1,1683 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                   D. Eastlake, 3rd
-Request for Comments: 1750                                           DEC
-Category: Informational                                       S. Crocker
-                                                               Cybercash
-                                                             J. Schiller
-                                                                     MIT
-                                                           December 1994
-
-
-                Randomness Recommendations for Security
-
-Status of this Memo
-
-   This memo provides information for the Internet community.  This memo
-   does not specify an Internet standard of any kind.  Distribution of
-   this memo is unlimited.
-
-Abstract
-
-   Security systems today are built on increasingly strong cryptographic
-   algorithms that foil pattern analysis attempts. However, the security
-   of these systems is dependent on generating secret quantities for
-   passwords, cryptographic keys, and similar quantities.  The use of
-   pseudo-random processes to generate secret quantities can result in
-   pseudo-security.  The sophisticated attacker of these security
-   systems may find it easier to reproduce the environment that produced
-   the secret quantities, searching the resulting small set of
-   possibilities, than to locate the quantities in the whole of the
-   number space.
-
-   Choosing random quantities to foil a resourceful and motivated
-   adversary is surprisingly difficult.  This paper points out many
-   pitfalls in using traditional pseudo-random number generation
-   techniques for choosing such quantities.  It recommends the use of
-   truly random hardware techniques and shows that the existing hardware
-   on many systems can be used for this purpose.  It provides
-   suggestions to ameliorate the problem when a hardware solution is not
-   available.  And it gives examples of how large such quantities need
-   to be for some particular applications.
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 1]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-Acknowledgements
-
-   Comments on this document that have been incorporated were received
-   from (in alphabetic order) the following:
-
-        David M. Balenson (TIS)
-        Don Coppersmith (IBM)
-        Don T. Davis (consultant)
-        Carl Ellison (Stratus)
-        Marc Horowitz (MIT)
-        Christian Huitema (INRIA)
-        Charlie Kaufman (IRIS)
-        Steve Kent (BBN)
-        Hal Murray (DEC)
-        Neil Haller (Bellcore)
-        Richard Pitkin (DEC)
-        Tim Redmond (TIS)
-        Doug Tygar (CMU)
-
-Table of Contents
-
-   1. Introduction........................................... 3
-   2. Requirements........................................... 4
-   3. Traditional Pseudo-Random Sequences.................... 5
-   4. Unpredictability....................................... 7
-   4.1 Problems with Clocks and Serial Numbers............... 7
-   4.2 Timing and Content of External Events................  8
-   4.3 The Fallacy of Complex Manipulation..................  8
-   4.4 The Fallacy of Selection from a Large Database.......  9
-   5. Hardware for Randomness............................... 10
-   5.1 Volume Required...................................... 10
-   5.2 Sensitivity to Skew.................................. 10
-   5.2.1 Using Stream Parity to De-Skew..................... 11
-   5.2.2 Using Transition Mappings to De-Skew............... 12
-   5.2.3 Using FFT to De-Skew............................... 13
-   5.2.4 Using Compression to De-Skew....................... 13
-   5.3 Existing Hardware Can Be Used For Randomness......... 14
-   5.3.1 Using Existing Sound/Video Input................... 14
-   5.3.2 Using Existing Disk Drives......................... 14
-   6. Recommended Non-Hardware Strategy..................... 14
-   6.1 Mixing Functions..................................... 15
-   6.1.1 A Trivial Mixing Function.......................... 15
-   6.1.2 Stronger Mixing Functions.......................... 16
-   6.1.3 Diff-Hellman as a Mixing Function.................. 17
-   6.1.4 Using a Mixing Function to Stretch Random Bits..... 17
-   6.1.5 Other Factors in Choosing a Mixing Function........ 18
-   6.2 Non-Hardware Sources of Randomness................... 19
-   6.3 Cryptographically Strong Sequences................... 19
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 2]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   6.3.1 Traditional Strong Sequences....................... 20
-   6.3.2 The Blum Blum Shub Sequence Generator.............. 21
-   7. Key Generation Standards.............................. 22
-   7.1 US DoD Recommendations for Password Generation....... 23
-   7.2 X9.17 Key Generation................................. 23
-   8. Examples of Randomness Required....................... 24
-   8.1  Password Generation................................. 24
-   8.2 A Very High Security Cryptographic Key............... 25
-   8.2.1 Effort per Key Trial............................... 25
-   8.2.2 Meet in the Middle Attacks......................... 26
-   8.2.3 Other Considerations............................... 26
-   9. Conclusion............................................ 27
-   10. Security Considerations.............................. 27
-   References............................................... 28
-   Authors' Addresses....................................... 30
-
-1. Introduction
-
-   Software cryptography is coming into wider use.  Systems like
-   Kerberos, PEM, PGP, etc. are maturing and becoming a part of the
-   network landscape [PEM].  These systems provide substantial
-   protection against snooping and spoofing.  However, there is a
-   potential flaw.  At the heart of all cryptographic systems is the
-   generation of secret, unguessable (i.e., random) numbers.
-
-   For the present, the lack of generally available facilities for
-   generating such unpredictable numbers is an open wound in the design
-   of cryptographic software.  For the software developer who wants to
-   build a key or password generation procedure that runs on a wide
-   range of hardware, the only safe strategy so far has been to force
-   the local installation to supply a suitable routine to generate
-   random numbers.  To say the least, this is an awkward, error-prone
-   and unpalatable solution.
-
-   It is important to keep in mind that the requirement is for data that
-   an adversary has a very low probability of guessing or determining.
-   This will fail if pseudo-random data is used which only meets
-   traditional statistical tests for randomness or which is based on
-   limited range sources, such as clocks.  Frequently such random
-   quantities are determinable by an adversary searching through an
-   embarrassingly small space of possibilities.
-
-   This informational document suggests techniques for producing random
-   quantities that will be resistant to such attack.  It recommends that
-   future systems include hardware random number generation or provide
-   access to existing hardware that can be used for this purpose.  It
-   suggests methods for use if such hardware is not available.  And it
-   gives some estimates of the number of random bits required for sample
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 3]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   applications.
-
-2. Requirements
-
-   Probably the most commonly encountered randomness requirement today
-   is the user password. This is usually a simple character string.
-   Obviously, if a password can be guessed, it does not provide
-   security.  (For re-usable passwords, it is desirable that users be
-   able to remember the password.  This may make it advisable to use
-   pronounceable character strings or phrases composed on ordinary
-   words.  But this only affects the format of the password information,
-   not the requirement that the password be very hard to guess.)
-
-   Many other requirements come from the cryptographic arena.
-   Cryptographic techniques can be used to provide a variety of services
-   including confidentiality and authentication.  Such services are
-   based on quantities, traditionally called "keys", that are unknown to
-   and unguessable by an adversary.
-
-   In some cases, such as the use of symmetric encryption with the one
-   time pads [CRYPTO*] or the US Data Encryption Standard [DES], the
-   parties who wish to communicate confidentially and/or with
-   authentication must all know the same secret key.  In other cases,
-   using what are called asymmetric or "public key" cryptographic
-   techniques, keys come in pairs.  One key of the pair is private and
-   must be kept secret by one party, the other is public and can be
-   published to the world.  It is computationally infeasible to
-   determine the private key from the public key [ASYMMETRIC, CRYPTO*].
-
-   The frequency and volume of the requirement for random quantities
-   differs greatly for different cryptographic systems.  Using pure RSA
-   [CRYPTO*], random quantities are required when the key pair is
-   generated, but thereafter any number of messages can be signed
-   without any further need for randomness.  The public key Digital
-   Signature Algorithm that has been proposed by the US National
-   Institute of Standards and Technology (NIST) requires good random
-   numbers for each signature.  And encrypting with a one time pad, in
-   principle the strongest possible encryption technique, requires a
-   volume of randomness equal to all the messages to be processed.
-
-   In most of these cases, an adversary can try to determine the
-   "secret" key by trial and error.  (This is possible as long as the
-   key is enough smaller than the message that the correct key can be
-   uniquely identified.)  The probability of an adversary succeeding at
-   this must be made acceptably low, depending on the particular
-   application.  The size of the space the adversary must search is
-   related to the amount of key "information" present in the information
-   theoretic sense [SHANNON].  This depends on the number of different
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 4]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   secret values possible and the probability of each value as follows:
-
-                      -----
-                       \
-        Bits-of-info =  \  - p   * log  ( p  )
-                        /     i       2    i
-                       /
-                      -----
-
-   where i varies from 1 to the number of possible secret values and p
-   sub i is the probability of the value numbered i.  (Since p sub i is
-   less than one, the log will be negative so each term in the sum will
-   be non-negative.)
-
-   If there are 2^n different values of equal probability, then n bits
-   of information are present and an adversary would, on the average,
-   have to try half of the values, or 2^(n-1) , before guessing the
-   secret quantity.  If the probability of different values is unequal,
-   then there is less information present and fewer guesses will, on
-   average, be required by an adversary.  In particular, any values that
-   the adversary can know are impossible, or are of low probability, can
-   be initially ignored by an adversary, who will search through the
-   more probable values first.
-
-   For example, consider a cryptographic system that uses 56 bit keys.
-   If these 56 bit keys are derived by using a fixed pseudo-random
-   number generator that is seeded with an 8 bit seed, then an adversary
-   needs to search through only 256 keys (by running the pseudo-random
-   number generator with every possible seed), not the 2^56 keys that
-   may at first appear to be the case. Only 8 bits of "information" are
-   in these 56 bit keys.
-
-3. Traditional Pseudo-Random Sequences
-
-   Most traditional sources of random numbers use deterministic sources
-   of "pseudo-random" numbers.  These typically start with a "seed"
-   quantity and use numeric or logical operations to produce a sequence
-   of values.
-
-   [KNUTH] has a classic exposition on pseudo-random numbers.
-   Applications he mentions are simulation of natural phenomena,
-   sampling, numerical analysis, testing computer programs, decision
-   making, and games.  None of these have the same characteristics as
-   the sort of security uses we are talking about.  Only in the last two
-   could there be an adversary trying to find the random quantity.
-   However, in these cases, the adversary normally has only a single
-   chance to use a guessed value.  In guessing passwords or attempting
-   to break an encryption scheme, the adversary normally has many,
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 5]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   perhaps unlimited, chances at guessing the correct value and should
-   be assumed to be aided by a computer.
-
-   For testing the "randomness" of numbers, Knuth suggests a variety of
-   measures including statistical and spectral.  These tests check
-   things like autocorrelation between different parts of a "random"
-   sequence or distribution of its values.  They could be met by a
-   constant stored random sequence, such as the "random" sequence
-   printed in the CRC Standard Mathematical Tables [CRC].
-
-   A typical pseudo-random number generation technique, known as a
-   linear congruence pseudo-random number generator, is modular
-   arithmetic where the N+1th value is calculated from the Nth value by
-
-        V    = ( V  * a + b )(Mod c)
-         N+1      N
-
-   The above technique has a strong relationship to linear shift
-   register pseudo-random number generators, which are well understood
-   cryptographically [SHIFT*].  In such generators bits are introduced
-   at one end of a shift register as the Exclusive Or (binary sum
-   without carry) of bits from selected fixed taps into the register.
-
-   For example:
-
-      +----+     +----+     +----+                      +----+
-      | B  | <-- | B  | <-- | B  | <--  . . . . . . <-- | B  | <-+
-      |  0 |     |  1 |     |  2 |                      |  n |   |
-      +----+     +----+     +----+                      +----+   |
-        |                     |            |                     |
-        |                     |            V                  +-----+
-        |                     V            +----------------> |     |
-        V                     +-----------------------------> | XOR |
-        +---------------------------------------------------> |     |
-                                                              +-----+
-
-
-       V    = ( ( V  * 2 ) + B .xor. B ... )(Mod 2^n)
-        N+1         N         0       2
-
-   The goodness of traditional pseudo-random number generator algorithms
-   is measured by statistical tests on such sequences.  Carefully chosen
-   values of the initial V and a, b, and c or the placement of shift
-   register tap in the above simple processes can produce excellent
-   statistics.
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 6]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   These sequences may be adequate in simulations (Monte Carlo
-   experiments) as long as the sequence is orthogonal to the structure
-   of the space being explored.  Even there, subtle patterns may cause
-   problems.  However, such sequences are clearly bad for use in
-   security applications.  They are fully predictable if the initial
-   state is known.  Depending on the form of the pseudo-random number
-   generator, the sequence may be determinable from observation of a
-   short portion of the sequence [CRYPTO*, STERN].  For example, with
-   the generators above, one can determine V(n+1) given knowledge of
-   V(n).  In fact, it has been shown that with these techniques, even if
-   only one bit of the pseudo-random values is released, the seed can be
-   determined from short sequences.
-
-   Not only have linear congruent generators been broken, but techniques
-   are now known for breaking all polynomial congruent generators
-   [KRAWCZYK].
-
-4. Unpredictability
-
-   Randomness in the traditional sense described in section 3 is NOT the
-   same as the unpredictability required for security use.
-
-   For example, use of a widely available constant sequence, such as
-   that from the CRC tables, is very weak against an adversary. Once
-   they learn of or guess it, they can easily break all security, future
-   and past, based on the sequence [CRC].  Yet the statistical
-   properties of these tables are good.
-
-   The following sections describe the limitations of some randomness
-   generation techniques and sources.
-
-4.1 Problems with Clocks and Serial Numbers
-
-   Computer clocks, or similar operating system or hardware values,
-   provide significantly fewer real bits of unpredictability than might
-   appear from their specifications.
-
-   Tests have been done on clocks on numerous systems and it was found
-   that their behavior can vary widely and in unexpected ways.  One
-   version of an operating system running on one set of hardware may
-   actually provide, say, microsecond resolution in a clock while a
-   different configuration of the "same" system may always provide the
-   same lower bits and only count in the upper bits at much lower
-   resolution.  This means that successive reads on the clock may
-   produce identical values even if enough time has passed that the
-   value "should" change based on the nominal clock resolution. There
-   are also cases where frequently reading a clock can produce
-   artificial sequential values because of extra code that checks for
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 7]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   the clock being unchanged between two reads and increases it by one!
-   Designing portable application code to generate unpredictable numbers
-   based on such system clocks is particularly challenging because the
-   system designer does not always know the properties of the system
-   clocks that the code will execute on.
-
-   Use of a hardware serial number such as an Ethernet address may also
-   provide fewer bits of uniqueness than one would guess.  Such
-   quantities are usually heavily structured and subfields may have only
-   a limited range of possible values or values easily guessable based
-   on approximate date of manufacture or other data.  For example, it is
-   likely that most of the Ethernet cards installed on Digital Equipment
-   Corporation (DEC) hardware within DEC were manufactured by DEC
-   itself, which significantly limits the range of built in addresses.
-
-   Problems such as those described above related to clocks and serial
-   numbers make code to produce unpredictable quantities difficult if
-   the code is to be ported across a variety of computer platforms and
-   systems.
-
-4.2 Timing and Content of External Events
-
-   It is possible to measure the timing and content of mouse movement,
-   key strokes, and similar user events.  This is a reasonable source of
-   unguessable data with some qualifications.  On some machines, inputs
-   such as key strokes are buffered.  Even though the user's inter-
-   keystroke timing may have sufficient variation and unpredictability,
-   there might not be an easy way to access that variation.  Another
-   problem is that no standard method exists to sample timing details.
-   This makes it hard to build standard software intended for
-   distribution to a large range of machines based on this technique.
-
-   The amount of mouse movement or the keys actually hit are usually
-   easier to access than timings but may yield less unpredictability as
-   the user may provide highly repetitive input.
-
-   Other external events, such as network packet arrival times, can also
-   be used with care.  In particular, the possibility of manipulation of
-   such times by an adversary must be considered.
-
-4.3 The Fallacy of Complex Manipulation
-
-   One strategy which may give a misleading appearance of
-   unpredictability is to take a very complex algorithm (or an excellent
-   traditional pseudo-random number generator with good statistical
-   properties) and calculate a cryptographic key by starting with the
-   current value of a computer system clock as the seed.  An adversary
-   who knew roughly when the generator was started would have a
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 8]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   relatively small number of seed values to test as they would know
-   likely values of the system clock.  Large numbers of pseudo-random
-   bits could be generated but the search space an adversary would need
-   to check could be quite small.
-
-   Thus very strong and/or complex manipulation of data will not help if
-   the adversary can learn what the manipulation is and there is not
-   enough unpredictability in the starting seed value.  Even if they can
-   not learn what the manipulation is, they may be able to use the
-   limited number of results stemming from a limited number of seed
-   values to defeat security.
-
-   Another serious strategy error is to assume that a very complex
-   pseudo-random number generation algorithm will produce strong random
-   numbers when there has been no theory behind or analysis of the
-   algorithm.  There is a excellent example of this fallacy right near
-   the beginning of chapter 3 in [KNUTH] where the author describes a
-   complex algorithm.  It was intended that the machine language program
-   corresponding to the algorithm would be so complicated that a person
-   trying to read the code without comments wouldn't know what the
-   program was doing.  Unfortunately, actual use of this algorithm
-   showed that it almost immediately converged to a single repeated
-   value in one case and a small cycle of values in another case.
-
-   Not only does complex manipulation not help you if you have a limited
-   range of seeds but blindly chosen complex manipulation can destroy
-   the randomness in a good seed!
-
-4.4 The Fallacy of Selection from a Large Database
-
-   Another strategy that can give a misleading appearance of
-   unpredictability is selection of a quantity randomly from a database
-   and assume that its strength is related to the total number of bits
-   in the database.  For example, typical USENET servers as of this date
-   process over 35 megabytes of information per day.  Assume a random
-   quantity was selected by fetching 32 bytes of data from a random
-   starting point in this data.  This does not yield 32*8 = 256 bits
-   worth of unguessability.  Even after allowing that much of the data
-   is human language and probably has more like 2 or 3 bits of
-   information per byte, it doesn't yield 32*2.5 = 80 bits of
-   unguessability.  For an adversary with access to the same 35
-   megabytes the unguessability rests only on the starting point of the
-   selection.  That is, at best, about 25 bits of unguessability in this
-   case.
-
-   The same argument applies to selecting sequences from the data on a
-   CD ROM or Audio CD recording or any other large public database.  If
-   the adversary has access to the same database, this "selection from a
-
-
-
-Eastlake, Crocker & Schiller                                    [Page 9]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   large volume of data" step buys very little.  However, if a selection
-   can be made from data to which the adversary has no access, such as
-   system buffers on an active multi-user system, it may be of some
-   help.
-
-5. Hardware for Randomness
-
-   Is there any hope for strong portable randomness in the future?
-   There might be.  All that's needed is a physical source of
-   unpredictable numbers.
-
-   A thermal noise or radioactive decay source and a fast, free-running
-   oscillator would do the trick directly [GIFFORD].  This is a trivial
-   amount of hardware, and could easily be included as a standard part
-   of a computer system's architecture.  Furthermore, any system with a
-   spinning disk or the like has an adequate source of randomness
-   [DAVIS].  All that's needed is the common perception among computer
-   vendors that this small additional hardware and the software to
-   access it is necessary and useful.
-
-5.1 Volume Required
-
-   How much unpredictability is needed?  Is it possible to quantify the
-   requirement in, say, number of random bits per second?
-
-   The answer is not very much is needed.  For DES, the key is 56 bits
-   and, as we show in an example in Section 8, even the highest security
-   system is unlikely to require a keying material of over 200 bits.  If
-   a series of keys are needed, it can be generated from a strong random
-   seed using a cryptographically strong sequence as explained in
-   Section 6.3.  A few hundred random bits generated once a day would be
-   enough using such techniques.  Even if the random bits are generated
-   as slowly as one per second and it is not possible to overlap the
-   generation process, it should be tolerable in high security
-   applications to wait 200 seconds occasionally.
-
-   These numbers are trivial to achieve.  It could be done by a person
-   repeatedly tossing a coin.  Almost any hardware process is likely to
-   be much faster.
-
-5.2 Sensitivity to Skew
-
-   Is there any specific requirement on the shape of the distribution of
-   the random numbers?  The good news is the distribution need not be
-   uniform.  All that is needed is a conservative estimate of how non-
-   uniform it is to bound performance.  Two simple techniques to de-skew
-   the bit stream are given below and stronger techniques are mentioned
-   in Section 6.1.2 below.
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 10]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-5.2.1 Using Stream Parity to De-Skew
-
-   Consider taking a sufficiently long string of bits and map the string
-   to "zero" or "one".  The mapping will not yield a perfectly uniform
-   distribution, but it can be as close as desired.  One mapping that
-   serves the purpose is to take the parity of the string.  This has the
-   advantages that it is robust across all degrees of skew up to the
-   estimated maximum skew and is absolutely trivial to implement in
-   hardware.
-
-   The following analysis gives the number of bits that must be sampled:
-
-   Suppose the ratio of ones to zeros is 0.5 + e : 0.5 - e, where e is
-   between 0 and 0.5 and is a measure of the "eccentricity" of the
-   distribution.  Consider the distribution of the parity function of N
-   bit samples.  The probabilities that the parity will be one or zero
-   will be the sum of the odd or even terms in the binomial expansion of
-   (p + q)^N, where p = 0.5 + e, the probability of a one, and q = 0.5 -
-   e, the probability of a zero.
-
-   These sums can be computed easily as
-
-                         N            N
-        1/2 * ( ( p + q )  + ( p - q )  )
-   and
-                         N            N
-        1/2 * ( ( p + q )  - ( p - q )  ).
-
-   (Which one corresponds to the probability the parity will be 1
-   depends on whether N is odd or even.)
-
-   Since p + q = 1 and p - q = 2e, these expressions reduce to
-
-                       N
-        1/2 * [1 + (2e) ]
-   and
-                       N
-        1/2 * [1 - (2e) ].
-
-   Neither of these will ever be exactly 0.5 unless e is zero, but we
-   can bring them arbitrarily close to 0.5.  If we want the
-   probabilities to be within some delta d of 0.5, i.e. then
-
-                            N
-        ( 0.5 + ( 0.5 * (2e)  ) )  <  0.5 + d.
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 11]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   Solving for N yields N > log(2d)/log(2e).  (Note that 2e is less than
-   1, so its log is negative.  Division by a negative number reverses
-   the sense of an inequality.)
-
-   The following table gives the length of the string which must be
-   sampled for various degrees of skew in order to come within 0.001 of
-   a 50/50 distribution.
-
-                       +---------+--------+-------+
-                       | Prob(1) |    e   |    N  |
-                       +---------+--------+-------+
-                       |   0.5   |  0.00  |    1  |
-                       |   0.6   |  0.10  |    4  |
-                       |   0.7   |  0.20  |    7  |
-                       |   0.8   |  0.30  |   13  |
-                       |   0.9   |  0.40  |   28  |
-                       |   0.95  |  0.45  |   59  |
-                       |   0.99  |  0.49  |  308  |
-                       +---------+--------+-------+
-
-   The last entry shows that even if the distribution is skewed 99% in
-   favor of ones, the parity of a string of 308 samples will be within
-   0.001 of a 50/50 distribution.
-
-5.2.2 Using Transition Mappings to De-Skew
-
-   Another technique, originally due to von Neumann [VON NEUMANN], is to
-   examine a bit stream as a sequence of non-overlapping pairs. You
-   could then discard any 00 or 11 pairs found, interpret 01 as a 0 and
-   10 as a 1.  Assume the probability of a 1 is 0.5+e and the
-   probability of a 0 is 0.5-e where e is the eccentricity of the source
-   and described in the previous section.  Then the probability of each
-   pair is as follows:
-
-            +------+-----------------------------------------+
-            | pair |            probability                  |
-            +------+-----------------------------------------+
-            |  00  | (0.5 - e)^2          =  0.25 - e + e^2  |
-            |  01  | (0.5 - e)*(0.5 + e)  =  0.25     - e^2  |
-            |  10  | (0.5 + e)*(0.5 - e)  =  0.25     - e^2  |
-            |  11  | (0.5 + e)^2          =  0.25 + e + e^2  |
-            +------+-----------------------------------------+
-
-   This technique will completely eliminate any bias but at the expense
-   of taking an indeterminate number of input bits for any particular
-   desired number of output bits.  The probability of any particular
-   pair being discarded is 0.5 + 2e^2 so the expected number of input
-   bits to produce X output bits is X/(0.25 - e^2).
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 12]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   This technique assumes that the bits are from a stream where each bit
-   has the same probability of being a 0 or 1 as any other bit in the
-   stream and that bits are not correlated, i.e., that the bits are
-   identical independent distributions.  If alternate bits were from two
-   correlated sources, for example, the above analysis breaks down.
-
-   The above technique also provides another illustration of how a
-   simple statistical analysis can mislead if one is not always on the
-   lookout for patterns that could be exploited by an adversary.  If the
-   algorithm were mis-read slightly so that overlapping successive bits
-   pairs were used instead of non-overlapping pairs, the statistical
-   analysis given is the same; however, instead of provided an unbiased
-   uncorrelated series of random 1's and 0's, it instead produces a
-   totally predictable sequence of exactly alternating 1's and 0's.
-
-5.2.3 Using FFT to De-Skew
-
-   When real world data consists of strongly biased or correlated bits,
-   it may still contain useful amounts of randomness.  This randomness
-   can be extracted through use of the discrete Fourier transform or its
-   optimized variant, the FFT.
-
-   Using the Fourier transform of the data, strong correlations can be
-   discarded.  If adequate data is processed and remaining correlations
-   decay, spectral lines approaching statistical independence and
-   normally distributed randomness can be produced [BRILLINGER].
-
-5.2.4 Using Compression to De-Skew
-
-   Reversible compression techniques also provide a crude method of de-
-   skewing a skewed bit stream.  This follows directly from the
-   definition of reversible compression and the formula in Section 2
-   above for the amount of information in a sequence.  Since the
-   compression is reversible, the same amount of information must be
-   present in the shorter output than was present in the longer input.
-   By the Shannon information equation, this is only possible if, on
-   average, the probabilities of the different shorter sequences are
-   more uniformly distributed than were the probabilities of the longer
-   sequences.  Thus the shorter sequences are de-skewed relative to the
-   input.
-
-   However, many compression techniques add a somewhat predicatable
-   preface to their output stream and may insert such a sequence again
-   periodically in their output or otherwise introduce subtle patterns
-   of their own.  They should be considered only a rough technique
-   compared with those described above or in Section 6.1.2.  At a
-   minimum, the beginning of the compressed sequence should be skipped
-   and only later bits used for applications requiring random bits.
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 13]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-5.3 Existing Hardware Can Be Used For Randomness
-
-   As described below, many computers come with hardware that can, with
-   care, be used to generate truly random quantities.
-
-5.3.1 Using Existing Sound/Video Input
-
-   Increasingly computers are being built with inputs that digitize some
-   real world analog source, such as sound from a microphone or video
-   input from a camera.  Under appropriate circumstances, such input can
-   provide reasonably high quality random bits.  The "input" from a
-   sound digitizer with no source plugged in or a camera with the lens
-   cap on, if the system has enough gain to detect anything, is
-   essentially thermal noise.
-
-   For example, on a SPARCstation, one can read from the /dev/audio
-   device with nothing plugged into the microphone jack.  Such data is
-   essentially random noise although it should not be trusted without
-   some checking in case of hardware failure.  It will, in any case,
-   need to be de-skewed as described elsewhere.
-
-   Combining this with compression to de-skew one can, in UNIXese,
-   generate a huge amount of medium quality random data by doing
-
-        cat /dev/audio | compress - >random-bits-file
-
-5.3.2 Using Existing Disk Drives
-
-   Disk drives have small random fluctuations in their rotational speed
-   due to chaotic air turbulence [DAVIS].  By adding low level disk seek
-   time instrumentation to a system, a series of measurements can be
-   obtained that include this randomness. Such data is usually highly
-   correlated so that significant processing is needed, including FFT
-   (see section 5.2.3).  Nevertheless experimentation has shown that,
-   with such processing, disk drives easily produce 100 bits a minute or
-   more of excellent random data.
-
-   Partly offsetting this need for processing is the fact that disk
-   drive failure will normally be rapidly noticed.  Thus, problems with
-   this method of random number generation due to hardware failure are
-   very unlikely.
-
-6. Recommended Non-Hardware Strategy
-
-   What is the best overall strategy for meeting the requirement for
-   unguessable random numbers in the absence of a reliable hardware
-   source?  It is to obtain random input from a large number of
-   uncorrelated sources and to mix them with a strong mixing function.
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 14]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   Such a function will preserve the randomness present in any of the
-   sources even if other quantities being combined are fixed or easily
-   guessable.  This may be advisable even with a good hardware source as
-   hardware can also fail, though this should be weighed against any
-   increase in the chance of overall failure due to added software
-   complexity.
-
-6.1 Mixing Functions
-
-   A strong mixing function is one which combines two or more inputs and
-   produces an output where each output bit is a different complex non-
-   linear function of all the input bits.  On average, changing any
-   input bit will change about half the output bits.  But because the
-   relationship is complex and non-linear, no particular output bit is
-   guaranteed to change when any particular input bit is changed.
-
-   Consider the problem of converting a stream of bits that is skewed
-   towards 0 or 1 to a shorter stream which is more random, as discussed
-   in Section 5.2 above.  This is simply another case where a strong
-   mixing function is desired, mixing the input bits to produce a
-   smaller number of output bits.  The technique given in Section 5.2.1
-   of using the parity of a number of bits is simply the result of
-   successively Exclusive Or'ing them which is examined as a trivial
-   mixing function immediately below.  Use of stronger mixing functions
-   to extract more of the randomness in a stream of skewed bits is
-   examined in Section 6.1.2.
-
-6.1.1 A Trivial Mixing Function
-
-   A trivial example for single bit inputs is the Exclusive Or function,
-   which is equivalent to addition without carry, as show in the table
-   below.  This is a degenerate case in which the one output bit always
-   changes for a change in either input bit.  But, despite its
-   simplicity, it will still provide a useful illustration.
-
-                   +-----------+-----------+----------+
-                   |  input 1  |  input 2  |  output  |
-                   +-----------+-----------+----------+
-                   |     0     |     0     |     0    |
-                   |     0     |     1     |     1    |
-                   |     1     |     0     |     1    |
-                   |     1     |     1     |     0    |
-                   +-----------+-----------+----------+
-
-   If inputs 1 and 2 are uncorrelated and combined in this fashion then
-   the output will be an even better (less skewed) random bit than the
-   inputs.  If we assume an "eccentricity" e as defined in Section 5.2
-   above, then the output eccentricity relates to the input eccentricity
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 15]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   as follows:
-
-        e       = 2 * e        * e
-         output        input 1    input 2
-
-   Since e is never greater than 1/2, the eccentricity is always
-   improved except in the case where at least one input is a totally
-   skewed constant.  This is illustrated in the following table where
-   the top and left side values are the two input eccentricities and the
-   entries are the output eccentricity:
-
-     +--------+--------+--------+--------+--------+--------+--------+
-     |    e   |  0.00  |  0.10  |  0.20  |  0.30  |  0.40  |  0.50  |
-     +--------+--------+--------+--------+--------+--------+--------+
-     |  0.00  |  0.00  |  0.00  |  0.00  |  0.00  |  0.00  |  0.00  |
-     |  0.10  |  0.00  |  0.02  |  0.04  |  0.06  |  0.08  |  0.10  |
-     |  0.20  |  0.00  |  0.04  |  0.08  |  0.12  |  0.16  |  0.20  |
-     |  0.30  |  0.00  |  0.06  |  0.12  |  0.18  |  0.24  |  0.30  |
-     |  0.40  |  0.00  |  0.08  |  0.16  |  0.24  |  0.32  |  0.40  |
-     |  0.50  |  0.00  |  0.10  |  0.20  |  0.30  |  0.40  |  0.50  |
-     +--------+--------+--------+--------+--------+--------+--------+
-
-   However, keep in mind that the above calculations assume that the
-   inputs are not correlated.  If the inputs were, say, the parity of
-   the number of minutes from midnight on two clocks accurate to a few
-   seconds, then each might appear random if sampled at random intervals
-   much longer than a minute.  Yet if they were both sampled and
-   combined with xor, the result would be zero most of the time.
-
-6.1.2 Stronger Mixing Functions
-
-   The US Government Data Encryption Standard [DES] is an example of a
-   strong mixing function for multiple bit quantities.  It takes up to
-   120 bits of input (64 bits of "data" and 56 bits of "key") and
-   produces 64 bits of output each of which is dependent on a complex
-   non-linear function of all input bits.  Other strong encryption
-   functions with this characteristic can also be used by considering
-   them to mix all of their key and data input bits.
-
-   Another good family of mixing functions are the "message digest" or
-   hashing functions such as The US Government Secure Hash Standard
-   [SHS] and the MD2, MD4, MD5 [MD2, MD4, MD5] series.  These functions
-   all take an arbitrary amount of input and produce an output mixing
-   all the input bits. The MD* series produce 128 bits of output and SHS
-   produces 160 bits.
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 16]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   Although the message digest functions are designed for variable
-   amounts of input, DES and other encryption functions can also be used
-   to combine any number of inputs.  If 64 bits of output is adequate,
-   the inputs can be packed into a 64 bit data quantity and successive
-   56 bit keys, padding with zeros if needed, which are then used to
-   successively encrypt using DES in Electronic Codebook Mode [DES
-   MODES].  If more than 64 bits of output are needed, use more complex
-   mixing.  For example, if inputs are packed into three quantities, A,
-   B, and C, use DES to encrypt A with B as a key and then with C as a
-   key to produce the 1st part of the output, then encrypt B with C and
-   then A for more output and, if necessary, encrypt C with A and then B
-   for yet more output.  Still more output can be produced by reversing
-   the order of the keys given above to stretch things. The same can be
-   done with the hash functions by hashing various subsets of the input
-   data to produce multiple outputs.  But keep in mind that it is
-   impossible to get more bits of "randomness" out than are put in.
-
-   An example of using a strong mixing function would be to reconsider
-   the case of a string of 308 bits each of which is biased 99% towards
-   zero.  The parity technique given in Section 5.2.1 above reduced this
-   to one bit with only a 1/1000 deviance from being equally likely a
-   zero or one.  But, applying the equation for information given in
-   Section 2, this 308 bit sequence has 5 bits of information in it.
-   Thus hashing it with SHS or MD5 and taking the bottom 5 bits of the
-   result would yield 5 unbiased random bits as opposed to the single
-   bit given by calculating the parity of the string.
-
-6.1.3 Diffie-Hellman as a Mixing Function
-
-   Diffie-Hellman exponential key exchange is a technique that yields a
-   shared secret between two parties that can be made computationally
-   infeasible for a third party to determine even if they can observe
-   all the messages between the two communicating parties.  This shared
-   secret is a mixture of initial quantities generated by each of them
-   [D-H].  If these initial quantities are random, then the shared
-   secret contains the combined randomness of them both, assuming they
-   are uncorrelated.
-
-6.1.4 Using a Mixing Function to Stretch Random Bits
-
-   While it is not necessary for a mixing function to produce the same
-   or fewer bits than its inputs, mixing bits cannot "stretch" the
-   amount of random unpredictability present in the inputs.  Thus four
-   inputs of 32 bits each where there is 12 bits worth of
-   unpredicatability (such as 4,096 equally probable values) in each
-   input cannot produce more than 48 bits worth of unpredictable output.
-   The output can be expanded to hundreds or thousands of bits by, for
-   example, mixing with successive integers, but the clever adversary's
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 17]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   search space is still 2^48 possibilities.  Furthermore, mixing to
-   fewer bits than are input will tend to strengthen the randomness of
-   the output the way using Exclusive Or to produce one bit from two did
-   above.
-
-   The last table in Section 6.1.1 shows that mixing a random bit with a
-   constant bit with Exclusive Or will produce a random bit.  While this
-   is true, it does not provide a way to "stretch" one random bit into
-   more than one.  If, for example, a random bit is mixed with a 0 and
-   then with a 1, this produces a two bit sequence but it will always be
-   either 01 or 10.  Since there are only two possible values, there is
-   still only the one bit of original randomness.
-
-6.1.5 Other Factors in Choosing a Mixing Function
-
-   For local use, DES has the advantages that it has been widely tested
-   for flaws, is widely documented, and is widely implemented with
-   hardware and software implementations available all over the world
-   including source code available by anonymous FTP.  The SHS and MD*
-   family are younger algorithms which have been less tested but there
-   is no particular reason to believe they are flawed.  Both MD5 and SHS
-   were derived from the earlier MD4 algorithm.  They all have source
-   code available by anonymous FTP [SHS, MD2, MD4, MD5].
-
-   DES and SHS have been vouched for the the US National Security Agency
-   (NSA) on the basis of criteria that primarily remain secret.  While
-   this is the cause of much speculation and doubt, investigation of DES
-   over the years has indicated that NSA involvement in modifications to
-   its design, which originated with IBM, was primarily to strengthen
-   it.  No concealed or special weakness has been found in DES.  It is
-   almost certain that the NSA modification to MD4 to produce the SHS
-   similarly strengthened the algorithm, possibly against threats not
-   yet known in the public cryptographic community.
-
-   DES, SHS, MD4, and MD5 are royalty free for all purposes.  MD2 has
-   been freely licensed only for non-profit use in connection with
-   Privacy Enhanced Mail [PEM].  Between the MD* algorithms, some people
-   believe that, as with "Goldilocks and the Three Bears", MD2 is strong
-   but too slow, MD4 is fast but too weak, and MD5 is just right.
-
-   Another advantage of the MD* or similar hashing algorithms over
-   encryption algorithms is that they are not subject to the same
-   regulations imposed by the US Government prohibiting the unlicensed
-   export or import of encryption/decryption software and hardware.  The
-   same should be true of DES rigged to produce an irreversible hash
-   code but most DES packages are oriented to reversible encryption.
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 18]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-6.2 Non-Hardware Sources of Randomness
-
-   The best source of input for mixing would be a hardware randomness
-   such as disk drive timing affected by air turbulence, audio input
-   with thermal noise, or radioactive decay.  However, if that is not
-   available there are other possibilities.  These include system
-   clocks, system or input/output buffers, user/system/hardware/network
-   serial numbers and/or addresses and timing, and user input.
-   Unfortunately, any of these sources can produce limited or
-   predicatable values under some circumstances.
-
-   Some of the sources listed above would be quite strong on multi-user
-   systems where, in essence, each user of the system is a source of
-   randomness.  However, on a small single user system, such as a
-   typical IBM PC or Apple Macintosh, it might be possible for an
-   adversary to assemble a similar configuration.  This could give the
-   adversary inputs to the mixing process that were sufficiently
-   correlated to those used originally as to make exhaustive search
-   practical.
-
-   The use of multiple random inputs with a strong mixing function is
-   recommended and can overcome weakness in any particular input.  For
-   example, the timing and content of requested "random" user keystrokes
-   can yield hundreds of random bits but conservative assumptions need
-   to be made.  For example, assuming a few bits of randomness if the
-   inter-keystroke interval is unique in the sequence up to that point
-   and a similar assumption if the key hit is unique but assuming that
-   no bits of randomness are present in the initial key value or if the
-   timing or key value duplicate previous values.  The results of mixing
-   these timings and characters typed could be further combined with
-   clock values and other inputs.
-
-   This strategy may make practical portable code to produce good random
-   numbers for security even if some of the inputs are very weak on some
-   of the target systems.  However, it may still fail against a high
-   grade attack on small single user systems, especially if the
-   adversary has ever been able to observe the generation process in the
-   past.  A hardware based random source is still preferable.
-
-6.3 Cryptographically Strong Sequences
-
-   In cases where a series of random quantities must be generated, an
-   adversary may learn some values in the sequence.  In general, they
-   should not be able to predict other values from the ones that they
-   know.
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 19]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   The correct technique is to start with a strong random seed, take
-   cryptographically strong steps from that seed [CRYPTO2, CRYPTO3], and
-   do not reveal the complete state of the generator in the sequence
-   elements.  If each value in the sequence can be calculated in a fixed
-   way from the previous value, then when any value is compromised, all
-   future values can be determined.  This would be the case, for
-   example, if each value were a constant function of the previously
-   used values, even if the function were a very strong, non-invertible
-   message digest function.
-
-   It should be noted that if your technique for generating a sequence
-   of key values is fast enough, it can trivially be used as the basis
-   for a confidentiality system.  If two parties use the same sequence
-   generating technique and start with the same seed material, they will
-   generate identical sequences.  These could, for example, be xor'ed at
-   one end with data being send, encrypting it, and xor'ed with this
-   data as received, decrypting it due to the reversible properties of
-   the xor operation.
-
-6.3.1 Traditional Strong Sequences
-
-   A traditional way to achieve a strong sequence has been to have the
-   values be produced by hashing the quantities produced by
-   concatenating the seed with successive integers or the like and then
-   mask the values obtained so as to limit the amount of generator state
-   available to the adversary.
-
-   It may also be possible to use an "encryption" algorithm with a
-   random key and seed value to encrypt and feedback some or all of the
-   output encrypted value into the value to be encrypted for the next
-   iteration.  Appropriate feedback techniques will usually be
-   recommended with the encryption algorithm.  An example is shown below
-   where shifting and masking are used to combine the cypher output
-   feedback.  This type of feedback is recommended by the US Government
-   in connection with DES [DES MODES].
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 20]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-      +---------------+
-      |       V       |
-      |  |     n      |
-      +--+------------+
-            |      |           +---------+
-            |      +---------> |         |      +-----+
-         +--+                  | Encrypt | <--- | Key |
-         |           +-------- |         |      +-----+
-         |           |         +---------+
-         V           V
-      +------------+--+
-      |      V     |  |
-      |       n+1     |
-      +---------------+
-
-   Note that if a shift of one is used, this is the same as the shift
-   register technique described in Section 3 above but with the all
-   important difference that the feedback is determined by a complex
-   non-linear function of all bits rather than a simple linear or
-   polynomial combination of output from a few bit position taps.
-
-   It has been shown by Donald W. Davies that this sort of shifted
-   partial output feedback significantly weakens an algorithm compared
-   will feeding all of the output bits back as input.  In particular,
-   for DES, repeated encrypting a full 64 bit quantity will give an
-   expected repeat in about 2^63 iterations.  Feeding back anything less
-   than 64 (and more than 0) bits will give an expected repeat in
-   between 2**31 and 2**32 iterations!
-
-   To predict values of a sequence from others when the sequence was
-   generated by these techniques is equivalent to breaking the
-   cryptosystem or inverting the "non-invertible" hashing involved with
-   only partial information available.  The less information revealed
-   each iteration, the harder it will be for an adversary to predict the
-   sequence.  Thus it is best to use only one bit from each value.  It
-   has been shown that in some cases this makes it impossible to break a
-   system even when the cryptographic system is invertible and can be
-   broken if all of each generated value was revealed.
-
-6.3.2 The Blum Blum Shub Sequence Generator
-
-   Currently the generator which has the strongest public proof of
-   strength is called the Blum Blum Shub generator after its inventors
-   [BBS].  It is also very simple and is based on quadratic residues.
-   It's only disadvantage is that is is computationally intensive
-   compared with the traditional techniques give in 6.3.1 above.  This
-   is not a serious draw back if it is used for moderately infrequent
-   purposes, such as generating session keys.
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 21]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   Simply choose two large prime numbers, say p and q, which both have
-   the property that you get a remainder of 3 if you divide them by 4.
-   Let n = p * q.  Then you choose a random number x relatively prime to
-   n.  The initial seed for the generator and the method for calculating
-   subsequent values are then
-
-                   2
-        s    =  ( x  )(Mod n)
-         0
-
-                   2
-        s    = ( s   )(Mod n)
-         i+1      i
-
-   You must be careful to use only a few bits from the bottom of each s.
-   It is always safe to use only the lowest order bit.  If you use no
-   more than the
-
-                  log  ( log  ( s  ) )
-                     2      2    i
-
-   low order bits, then predicting any additional bits from a sequence
-   generated in this manner is provable as hard as factoring n.  As long
-   as the initial x is secret, you can even make n public if you want.
-
-   An intersting characteristic of this generator is that you can
-   directly calculate any of the s values.  In particular
-
-                     i
-               ( ( 2  )(Mod (( p - 1 ) * ( q - 1 )) ) )
-      s  = ( s                                          )(Mod n)
-       i      0
-
-   This means that in applications where many keys are generated in this
-   fashion, it is not necessary to save them all.  Each key can be
-   effectively indexed and recovered from that small index and the
-   initial s and n.
-
-7. Key Generation Standards
-
-   Several public standards are now in place for the generation of keys.
-   Two of these are described below.  Both use DES but any equally
-   strong or stronger mixing function could be substituted.
-
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 22]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-7.1 US DoD Recommendations for Password Generation
-
-   The United States Department of Defense has specific recommendations
-   for password generation [DoD].  They suggest using the US Data
-   Encryption Standard [DES] in Output Feedback Mode [DES MODES] as
-   follows:
-
-        use an initialization vector determined from
-             the system clock,
-             system ID,
-             user ID, and
-             date and time;
-        use a key determined from
-             system interrupt registers,
-             system status registers, and
-             system counters; and,
-        as plain text, use an external randomly generated 64 bit
-        quantity such as 8 characters typed in by a system
-        administrator.
-
-   The password can then be calculated from the 64 bit "cipher text"
-   generated in 64-bit Output Feedback Mode.  As many bits as are needed
-   can be taken from these 64 bits and expanded into a pronounceable
-   word, phrase, or other format if a human being needs to remember the
-   password.
-
-7.2 X9.17 Key Generation
-
-   The American National Standards Institute has specified a method for
-   generating a sequence of keys as follows:
-
-        s  is the initial 64 bit seed
-         0
-
-        g  is the sequence of generated 64 bit key quantities
-         n
-
-        k is a random key reserved for generating this key sequence
-
-        t is the time at which a key is generated to as fine a resolution
-            as is available (up to 64 bits).
-
-        DES ( K, Q ) is the DES encryption of quantity Q with key K
-
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 23]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-        g    = DES ( k, DES ( k, t ) .xor. s  )
-         n                                  n
-
-        s    = DES ( k, DES ( k, t ) .xor. g  )
-         n+1                                n
-
-   If g sub n is to be used as a DES key, then every eighth bit should
-   be adjusted for parity for that use but the entire 64 bit unmodified
-   g should be used in calculating the next s.
-
-8. Examples of Randomness Required
-
-   Below are two examples showing rough calculations of needed
-   randomness for security.  The first is for moderate security
-   passwords while the second assumes a need for a very high security
-   cryptographic key.
-
-8.1  Password Generation
-
-   Assume that user passwords change once a year and it is desired that
-   the probability that an adversary could guess the password for a
-   particular account be less than one in a thousand.  Further assume
-   that sending a password to the system is the only way to try a
-   password.  Then the crucial question is how often an adversary can
-   try possibilities.  Assume that delays have been introduced into a
-   system so that, at most, an adversary can make one password try every
-   six seconds.  That's 600 per hour or about 15,000 per day or about
-   5,000,000 tries in a year.  Assuming any sort of monitoring, it is
-   unlikely someone could actually try continuously for a year.  In
-   fact, even if log files are only checked monthly, 500,000 tries is
-   more plausible before the attack is noticed and steps taken to change
-   passwords and make it harder to try more passwords.
-
-   To have a one in a thousand chance of guessing the password in
-   500,000 tries implies a universe of at least 500,000,000 passwords or
-   about 2^29.  Thus 29 bits of randomness are needed. This can probably
-   be achieved using the US DoD recommended inputs for password
-   generation as it has 8 inputs which probably average over 5 bits of
-   randomness each (see section 7.1).  Using a list of 1000 words, the
-   password could be expressed as a three word phrase (1,000,000,000
-   possibilities) or, using case insensitive letters and digits, six
-   would suffice ((26+10)^6 = 2,176,782,336 possibilities).
-
-   For a higher security password, the number of bits required goes up.
-   To decrease the probability by 1,000 requires increasing the universe
-   of passwords by the same factor which adds about 10 bits.  Thus to
-   have only a one in a million chance of a password being guessed under
-   the above scenario would require 39 bits of randomness and a password
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 24]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   that was a four word phrase from a 1000 word list or eight
-   letters/digits.  To go to a one in 10^9 chance, 49 bits of randomness
-   are needed implying a five word phrase or ten letter/digit password.
-
-   In a real system, of course, there are also other factors.  For
-   example, the larger and harder to remember passwords are, the more
-   likely users are to write them down resulting in an additional risk
-   of compromise.
-
-8.2 A Very High Security Cryptographic Key
-
-   Assume that a very high security key is needed for symmetric
-   encryption / decryption between two parties.  Assume an adversary can
-   observe communications and knows the algorithm being used.  Within
-   the field of random possibilities, the adversary can try key values
-   in hopes of finding the one in use.  Assume further that brute force
-   trial of keys is the best the adversary can do.
-
-8.2.1 Effort per Key Trial
-
-   How much effort will it take to try each key?  For very high security
-   applications it is best to assume a low value of effort.  Even if it
-   would clearly take tens of thousands of computer cycles or more to
-   try a single key, there may be some pattern that enables huge blocks
-   of key values to be tested with much less effort per key.  Thus it is
-   probably best to assume no more than a couple hundred cycles per key.
-   (There is no clear lower bound on this as computers operate in
-   parallel on a number of bits and a poor encryption algorithm could
-   allow many keys or even groups of keys to be tested in parallel.
-   However, we need to assume some value and can hope that a reasonably
-   strong algorithm has been chosen for our hypothetical high security
-   task.)
-
-   If the adversary can command a highly parallel processor or a large
-   network of work stations, 2*10^10 cycles per second is probably a
-   minimum assumption for availability today.  Looking forward just a
-   couple years, there should be at least an order of magnitude
-   improvement.  Thus assuming 10^9 keys could be checked per second or
-   3.6*10^11 per hour or 6*10^13 per week or 2.4*10^14 per month is
-   reasonable.  This implies a need for a minimum of 51 bits of
-   randomness in keys to be sure they cannot be found in a month.  Even
-   then it is possible that, a few years from now, a highly determined
-   and resourceful adversary could break the key in 2 weeks (on average
-   they need try only half the keys).
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 25]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-8.2.2 Meet in the Middle Attacks
-
-   If chosen or known plain text and the resulting encrypted text are
-   available, a "meet in the middle" attack is possible if the structure
-   of the encryption algorithm allows it.  (In a known plain text
-   attack, the adversary knows all or part of the messages being
-   encrypted, possibly some standard header or trailer fields.  In a
-   chosen plain text attack, the adversary can force some chosen plain
-   text to be encrypted, possibly by "leaking" an exciting text that
-   would then be sent by the adversary over an encrypted channel.)
-
-   An oversimplified explanation of the meet in the middle attack is as
-   follows: the adversary can half-encrypt the known or chosen plain
-   text with all possible first half-keys, sort the output, then half-
-   decrypt the encoded text with all the second half-keys.  If a match
-   is found, the full key can be assembled from the halves and used to
-   decrypt other parts of the message or other messages.  At its best,
-   this type of attack can halve the exponent of the work required by
-   the adversary while adding a large but roughly constant factor of
-   effort.  To be assured of safety against this, a doubling of the
-   amount of randomness in the key to a minimum of 102 bits is required.
-
-   The meet in the middle attack assumes that the cryptographic
-   algorithm can be decomposed in this way but we can not rule that out
-   without a deep knowledge of the algorithm.  Even if a basic algorithm
-   is not subject to a meet in the middle attack, an attempt to produce
-   a stronger algorithm by applying the basic algorithm twice (or two
-   different algorithms sequentially) with different keys may gain less
-   added security than would be expected.  Such a composite algorithm
-   would be subject to a meet in the middle attack.
-
-   Enormous resources may be required to mount a meet in the middle
-   attack but they are probably within the range of the national
-   security services of a major nation.  Essentially all nations spy on
-   other nations government traffic and several nations are believed to
-   spy on commercial traffic for economic advantage.
-
-8.2.3 Other Considerations
-
-   Since we have not even considered the possibilities of special
-   purpose code breaking hardware or just how much of a safety margin we
-   want beyond our assumptions above, probably a good minimum for a very
-   high security cryptographic key is 128 bits of randomness which
-   implies a minimum key length of 128 bits.  If the two parties agree
-   on a key by Diffie-Hellman exchange [D-H], then in principle only
-   half of this randomness would have to be supplied by each party.
-   However, there is probably some correlation between their random
-   inputs so it is probably best to assume that each party needs to
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 26]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   provide at least 96 bits worth of randomness for very high security
-   if Diffie-Hellman is used.
-
-   This amount of randomness is beyond the limit of that in the inputs
-   recommended by the US DoD for password generation and could require
-   user typing timing, hardware random number generation, or other
-   sources.
-
-   It should be noted that key length calculations such at those above
-   are controversial and depend on various assumptions about the
-   cryptographic algorithms in use.  In some cases, a professional with
-   a deep knowledge of code breaking techniques and of the strength of
-   the algorithm in use could be satisfied with less than half of the
-   key size derived above.
-
-9. Conclusion
-
-   Generation of unguessable "random" secret quantities for security use
-   is an essential but difficult task.
-
-   We have shown that hardware techniques to produce such randomness
-   would be relatively simple.  In particular, the volume and quality
-   would not need to be high and existing computer hardware, such as
-   disk drives, can be used.  Computational techniques are available to
-   process low quality random quantities from multiple sources or a
-   larger quantity of such low quality input from one source and produce
-   a smaller quantity of higher quality, less predictable key material.
-   In the absence of hardware sources of randomness, a variety of user
-   and software sources can frequently be used instead with care;
-   however, most modern systems already have hardware, such as disk
-   drives or audio input, that could be used to produce high quality
-   randomness.
-
-   Once a sufficient quantity of high quality seed key material (a few
-   hundred bits) is available, strong computational techniques are
-   available to produce cryptographically strong sequences of
-   unpredicatable quantities from this seed material.
-
-10. Security Considerations
-
-   The entirety of this document concerns techniques and recommendations
-   for generating unguessable "random" quantities for use as passwords,
-   cryptographic keys, and similar security uses.
-
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 27]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-References
-
-   [ASYMMETRIC] - Secure Communications and Asymmetric Cryptosystems,
-   edited by Gustavus J. Simmons, AAAS Selected Symposium 69, Westview
-   Press, Inc.
-
-   [BBS] - A Simple Unpredictable Pseudo-Random Number Generator, SIAM
-   Journal on Computing, v. 15, n. 2, 1986, L. Blum, M. Blum, & M. Shub.
-
-   [BRILLINGER] - Time Series: Data Analysis and Theory, Holden-Day,
-   1981, David Brillinger.
-
-   [CRC] - C.R.C. Standard Mathematical Tables, Chemical Rubber
-   Publishing Company.
-
-   [CRYPTO1] - Cryptography: A Primer, A Wiley-Interscience Publication,
-   John Wiley & Sons, 1981, Alan G. Konheim.
-
-   [CRYPTO2] - Cryptography:  A New Dimension in Computer Data Security,
-   A Wiley-Interscience Publication, John Wiley & Sons, 1982, Carl H.
-   Meyer & Stephen M. Matyas.
-
-   [CRYPTO3] - Applied Cryptography: Protocols, Algorithms, and Source
-   Code in C, John Wiley & Sons, 1994, Bruce Schneier.
-
-   [DAVIS] - Cryptographic Randomness from Air Turbulence in Disk
-   Drives, Advances in Cryptology - Crypto '94, Springer-Verlag Lecture
-   Notes in Computer Science #839, 1984, Don Davis, Ross Ihaka, and
-   Philip Fenstermacher.
-
-   [DES] -  Data Encryption Standard, United States of America,
-   Department of Commerce, National Institute of Standards and
-   Technology, Federal Information Processing Standard (FIPS) 46-1.
-   - Data Encryption Algorithm, American National Standards Institute,
-   ANSI X3.92-1981.
-   (See also FIPS 112, Password Usage, which includes FORTRAN code for
-   performing DES.)
-
-   [DES MODES] - DES Modes of Operation, United States of America,
-   Department of Commerce, National Institute of Standards and
-   Technology, Federal Information Processing Standard (FIPS) 81.
-   - Data Encryption Algorithm - Modes of Operation, American National
-   Standards Institute, ANSI X3.106-1983.
-
-   [D-H] - New Directions in Cryptography, IEEE Transactions on
-   Information Technology, November, 1976, Whitfield Diffie and Martin
-   E. Hellman.
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 28]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   [DoD] - Password Management Guideline, United States of America,
-   Department of Defense, Computer Security Center, CSC-STD-002-85.
-   (See also FIPS 112, Password Usage, which incorporates CSC-STD-002-85
-   as one of its appendices.)
-
-   [GIFFORD] - Natural Random Number, MIT/LCS/TM-371, September 1988,
-   David K. Gifford
-
-   [KNUTH] - The Art of Computer Programming, Volume 2: Seminumerical
-   Algorithms, Chapter 3: Random Numbers. Addison Wesley Publishing
-   Company, Second Edition 1982, Donald E. Knuth.
-
-   [KRAWCZYK] - How to Predict Congruential Generators, Journal of
-   Algorithms, V. 13, N. 4, December 1992, H. Krawczyk
-
-   [MD2] - The MD2 Message-Digest Algorithm, RFC1319, April 1992, B.
-   Kaliski
-   [MD4] - The MD4 Message-Digest Algorithm, RFC1320, April 1992, R.
-   Rivest
-   [MD5] - The MD5 Message-Digest Algorithm, RFC1321, April 1992, R.
-   Rivest
-
-   [PEM] - RFCs 1421 through 1424:
-   - RFC 1424, Privacy Enhancement for Internet Electronic Mail: Part
-   IV: Key Certification and Related Services, 02/10/1993, B. Kaliski
-   - RFC 1423, Privacy Enhancement for Internet Electronic Mail: Part
-   III: Algorithms, Modes, and Identifiers, 02/10/1993, D. Balenson
-   - RFC 1422, Privacy Enhancement for Internet Electronic Mail: Part
-   II: Certificate-Based Key Management, 02/10/1993, S. Kent
-   - RFC 1421, Privacy Enhancement for Internet Electronic Mail: Part I:
-   Message Encryption and Authentication Procedures, 02/10/1993, J. Linn
-
-   [SHANNON] - The Mathematical Theory of Communication, University of
-   Illinois Press, 1963, Claude E. Shannon.  (originally from:  Bell
-   System Technical Journal, July and October 1948)
-
-   [SHIFT1] - Shift Register Sequences, Aegean Park Press, Revised
-   Edition 1982, Solomon W. Golomb.
-
-   [SHIFT2] - Cryptanalysis of Shift-Register Generated Stream Cypher
-   Systems, Aegean Park Press, 1984, Wayne G. Barker.
-
-   [SHS] - Secure Hash Standard, United States of American, National
-   Institute of Science and Technology, Federal Information Processing
-   Standard (FIPS) 180, April 1993.
-
-   [STERN] - Secret Linear Congruential Generators are not
-   Cryptograhically Secure, Proceedings of IEEE STOC, 1987, J. Stern.
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 29]
-
-RFC 1750        Randomness Recommendations for Security    December 1994
-
-
-   [VON NEUMANN] - Various techniques used in connection with random
-   digits, von Neumann's Collected Works, Vol. 5, Pergamon Press, 1963,
-   J. von Neumann.
-
-Authors' Addresses
-
-   Donald E. Eastlake 3rd
-   Digital Equipment Corporation
-   550 King Street, LKG2-1/BB3
-   Littleton, MA 01460
-
-   Phone:   +1 508 486 6577(w)  +1 508 287 4877(h)
-   EMail:   dee@lkg.dec.com
-
-
-   Stephen D. Crocker
-   CyberCash Inc.
-   2086 Hunters Crest Way
-   Vienna, VA 22181
-
-   Phone:   +1 703-620-1222(w)  +1 703-391-2651 (fax)
-   EMail:   crocker@cybercash.com
-
-
-   Jeffrey I. Schiller
-   Massachusetts Institute of Technology
-   77 Massachusetts Avenue
-   Cambridge, MA 02139
-
-   Phone:   +1 617 253 0161(w)
-   EMail:   jis@mit.edu
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake, Crocker & Schiller                                   [Page 30]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc1831.txt b/crypto/heimdal/doc/standardisation/rfc1831.txt
deleted file mode 100644
index 0556c9e83f3b..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc1831.txt
+++ /dev/null
@@ -1,1011 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                      R. Srinivasan
-Request for Comments: 1831                              Sun Microsystems
-Category: Standards Track                                    August 1995
-
-
-      RPC: Remote Procedure Call Protocol Specification Version 2
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-ABSTRACT
-
-   This document describes the ONC Remote Procedure Call (ONC RPC
-   Version 2) protocol as it is currently deployed and accepted.  "ONC"
-   stands for "Open Network Computing".
-
-TABLE OF CONTENTS
-
-      1. INTRODUCTION                                              2
-      2. TERMINOLOGY                                               2
-      3. THE RPC MODEL                                             2
-      4. TRANSPORTS AND SEMANTICS                                  4
-      5. BINDING AND RENDEZVOUS INDEPENDENCE                       5
-      6. AUTHENTICATION                                            5
-      7. RPC PROTOCOL REQUIREMENTS                                 5
-      7.1 RPC Programs and Procedures                              6
-      7.2 Authentication                                           7
-      7.3 Program Number Assignment                                8
-      7.4 Other Uses of the RPC Protocol                           8
-      7.4.1 Batching                                               8
-      7.4.2 Broadcast Remote Procedure Calls                       8
-      8. THE RPC MESSAGE PROTOCOL                                  9
-      9. AUTHENTICATION PROTOCOLS                                 12
-      9.1 Null Authentication                                     13
-      10. RECORD MARKING STANDARD                                 13
-      11. THE RPC LANGUAGE                                        13
-      11.1 An Example Service Described in the RPC Language       13
-      11.2 The RPC Language Specification                         14
-      11.3 Syntax Notes                                           15
-      APPENDIX A: SYSTEM AUTHENTICATION                           16
-      REFERENCES                                                  17
-      Security Considerations                                     18
-      Author's Address                                            18
-
-
-
-Srinivasan                  Standards Track                     [Page 1]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-1. INTRODUCTION
-
-   This document specifies version two of the message protocol used in
-   ONC Remote Procedure Call (RPC).  The message protocol is specified
-   with the eXternal Data Representation (XDR) language [9].  This
-   document assumes that the reader is familiar with XDR.  It does not
-   attempt to justify remote procedure calls systems or describe their
-   use.  The paper by Birrell and Nelson [1] is recommended as an
-   excellent background for the remote procedure call concept.
-
-2. TERMINOLOGY
-
-   This document discusses clients, calls, servers, replies, services,
-   programs, procedures, and versions.  Each remote procedure call has
-   two sides: an active client side that makes the call to a server,
-   which sends back a reply.  A network service is a collection of one
-   or more remote programs.  A remote program implements one or more
-   remote procedures; the procedures, their parameters, and results are
-   documented in the specific program's protocol specification.  A
-   server may support more than one version of a remote program in order
-   to be compatible with changing protocols.
-
-   For example, a network file service may be composed of two programs.
-   One program may deal with high-level applications such as file system
-   access control and locking.  The other may deal with low-level file
-   input and output and have procedures like "read" and "write".  A
-   client of the network file service would call the procedures
-   associated with the two programs of the service on behalf of the
-   client.
-
-   The terms client and server only apply to a particular transaction; a
-   particular hardware entity (host) or software entity (process or
-   program) could operate in both roles at different times.  For
-   example, a program that supplies remote execution service could also
-   be a client of a network file service.
-
-3. THE RPC MODEL
-
-   The ONC RPC protocol is based on the remote procedure call model,
-   which is similar to the local procedure call model.  In the local
-   case, the caller places arguments to a procedure in some well-
-   specified location (such as a register window).  It then transfers
-   control to the procedure, and eventually regains control.  At that
-   point, the results of the procedure are extracted from the well-
-   specified location, and the caller continues execution.
-
-
-
-
-
-
-Srinivasan                  Standards Track                     [Page 2]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-   The remote procedure call model is similar.  One thread of control
-   logically winds through two processes: the caller's process, and a
-   server's process.  The caller process first sends a call message to
-   the server process and waits (blocks) for a reply message.  The call
-   message includes the procedure's parameters, and the reply message
-   includes the procedure's results.  Once the reply message is
-   received, the results of the procedure are extracted, and caller's
-   execution is resumed.
-
-   On the server side, a process is dormant awaiting the arrival of a
-   call message.  When one arrives, the server process extracts the
-   procedure's parameters, computes the results, sends a reply message,
-   and then awaits the next call message.
-
-   In this model, only one of the two processes is active at any given
-   time.  However, this model is only given as an example.  The ONC RPC
-   protocol makes no restrictions on the concurrency model implemented,
-   and others are possible.  For example, an implementation may choose
-   to have RPC calls be asynchronous, so that the client may do useful
-   work while waiting for the reply from the server.  Another
-   possibility is to have the server create a separate task to process
-   an incoming call, so that the original server can be free to receive
-   other requests.
-
-   There are a few important ways in which remote procedure calls differ
-   from local procedure calls:
-
-      1. Error handling: failures of the remote server or network must
-      be handled when using remote procedure calls.
-
-      2. Global variables and side-effects: since the server does not
-      have access to the client's address space, hidden arguments cannot
-      be passed as global variables or returned as side effects.
-
-      3. Performance:  remote procedures usually operate one or more
-      orders of magnitude slower than local procedure calls.
-
-      4. Authentication: since remote procedure calls can be transported
-      over unsecured networks, authentication may be necessary.
-      Authentication prevents one entity from masquerading as some other
-      entity.
-
-   The conclusion is that even though there are tools to automatically
-   generate client and server libraries for a given service, protocols
-   must still be designed carefully.
-
-
-
-
-
-
-Srinivasan                  Standards Track                     [Page 3]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-4. TRANSPORTS AND SEMANTICS
-
-   The RPC protocol can be implemented on several different transport
-   protocols.  The RPC protocol does not care how a message is passed
-   from one process to another, but only with specification and
-   interpretation of messages.  However, the application may wish to
-   obtain information about (and perhaps control over) the transport
-   layer through an interface not specified in this document.  For
-   example, the transport protocol may impose a restriction on the
-   maximum size of RPC messages, or it may be stream-oriented like TCP
-   with no size limit.  The client and server must agree on their
-   transport protocol choices.
-
-   It is important to point out that RPC does not try to implement any
-   kind of reliability and that the application may need to be aware of
-   the type of transport protocol underneath RPC.  If it knows it is
-   running on top of a reliable transport such as TCP [6], then most of
-   the work is already done for it.  On the other hand, if it is running
-   on top of an unreliable transport such as UDP [7], it must implement
-   its own time-out, retransmission, and duplicate detection policies as
-   the RPC protocol does not provide these services.
-
-   Because of transport independence, the RPC protocol does not attach
-   specific semantics to the remote procedures or their execution
-   requirements.  Semantics can be inferred from (but should be
-   explicitly specified by) the underlying transport protocol.  For
-   example, consider RPC running on top of an unreliable transport such
-   as UDP.  If an application retransmits RPC call messages after time-
-   outs, and does not receive a reply, it cannot infer anything about
-   the number of times the procedure was executed.  If it does receive a
-   reply, then it can infer that the procedure was executed at least
-   once.
-
-   A server may wish to remember previously granted requests from a
-   client and not regrant them in order to insure some degree of
-   execute-at-most-once semantics.  A server can do this by taking
-   advantage of the transaction ID that is packaged with every RPC
-   message.  The main use of this transaction ID is by the client RPC
-   entity in matching replies to calls.  However, a client application
-   may choose to reuse its previous transaction ID when retransmitting a
-   call.  The server may choose to remember this ID after executing a
-   call and not execute calls with the same ID in order to achieve some
-   degree of execute-at-most-once semantics.  The server is not allowed
-   to examine this ID in any other way except as a test for equality.
-
-   On the other hand, if using a "reliable" transport such as TCP, the
-   application can infer from a reply message that the procedure was
-   executed exactly once, but if it receives no reply message, it cannot
-
-
-
-Srinivasan                  Standards Track                     [Page 4]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-   assume that the remote procedure was not executed.  Note that even if
-   a connection-oriented protocol like TCP is used, an application still
-   needs time-outs and reconnection to handle server crashes.
-
-   There are other possibilities for transports besides datagram- or
-   connection-oriented protocols.  For example, a request-reply protocol
-   such as VMTP [2] is perhaps a natural transport for RPC.  ONC RPC
-   uses both TCP and UDP transport protocols.  Section 10 (RECORD
-   MARKING STANDARD) describes the mechanism employed by ONC RPC to
-   utilize a connection-oriented, stream-oriented transport such as TCP.
-
-5. BINDING AND RENDEZVOUS INDEPENDENCE
-
-   The act of binding a particular client to a particular service and
-   transport parameters is NOT part of this RPC protocol specification.
-   This important and necessary function is left up to some higher-level
-   software.
-
-   Implementors could think of the RPC protocol as the jump-subroutine
-   instruction ("JSR") of a network; the loader (binder) makes JSR
-   useful, and the loader itself uses JSR to accomplish its task.
-   Likewise, the binding software makes RPC useful, possibly using RPC
-   to accomplish this task.
-
-6. AUTHENTICATION
-
-   The RPC protocol provides the fields necessary for a client to
-   identify itself to a service, and vice-versa, in each call and reply
-   message.  Security and access control mechanisms can be built on top
-   of this message authentication.  Several different authentication
-   protocols can be supported.  A field in the RPC header indicates
-   which protocol is being used. More information on specific
-   authentication protocols is in section 9: "Authentication Protocols".
-
-7. RPC PROTOCOL REQUIREMENTS
-
-   The RPC protocol must provide for the following:
-
-      (1) Unique specification of a procedure to be called.
-      (2) Provisions for matching response messages to request messages.
-      (3) Provisions for authenticating the caller to service and
-          vice-versa.
-
-
-
-
-
-
-
-
-
-Srinivasan                  Standards Track                     [Page 5]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-   Besides these requirements, features that detect the following are
-   worth supporting because of protocol roll-over errors, implementation
-   bugs, user error, and network administration:
-
-      (1) RPC protocol mismatches.
-      (2) Remote program protocol version mismatches.
-      (3) Protocol errors (such as misspecification of a procedure's
-          parameters).
-      (4) Reasons why remote authentication failed.
-      (5) Any other reasons why the desired procedure was not called.
-
-7.1 RPC Programs and Procedures
-
-   The RPC call message has three unsigned integer fields -- remote
-   program number, remote program version number, and remote procedure
-   number -- which uniquely identify the procedure to be called.
-   Program numbers are administered by a central authority
-   (rpc@sun.com).  Once implementors have a program number, they can
-   implement their remote program; the first implementation would most
-   likely have the version number 1.  Because most new protocols evolve,
-   a version field of the call message identifies which version of the
-   protocol the caller is using.  Version numbers enable support of both
-   old and new protocols through the same server process.
-
-   The procedure number identifies the procedure to be called.  These
-   numbers are documented in the specific program's protocol
-   specification.  For example, a file service's protocol specification
-   may state that its procedure number 5 is "read" and procedure number
-   12 is "write".
-
-   Just as remote program protocols may change over several versions,
-   the actual RPC message protocol could also change.  Therefore, the
-   call message also has in it the RPC version number, which is always
-   equal to two for the version of RPC described here.
-
-   The reply message to a request message has enough information to
-   distinguish the following error conditions:
-
-      (1) The remote implementation of RPC does not support protocol
-      version 2.  The lowest and highest supported RPC version numbers
-      are returned.
-
-      (2) The remote program is not available on the remote system.
-
-      (3) The remote program does not support the requested version
-      number.  The lowest and highest supported remote program version
-      numbers are returned.
-
-
-
-
-Srinivasan                  Standards Track                     [Page 6]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-      (4) The requested procedure number does not exist.  (This is
-      usually a client side protocol or programming error.)
-
-      (5) The parameters to the remote procedure appear to be garbage
-      from the server's point of view.  (Again, this is usually caused
-      by a disagreement about the protocol between client and service.)
-
-7.2 Authentication
-
-   Provisions for authentication of caller to service and vice-versa are
-   provided as a part of the RPC protocol.  The call message has two
-   authentication fields, the credential and verifier.  The reply
-   message has one authentication field, the response verifier.  The RPC
-   protocol specification defines all three fields to be the following
-   opaque type (in the eXternal Data Representation (XDR) language [9]):
-
-      enum auth_flavor {
-         AUTH_NONE       = 0,
-         AUTH_SYS        = 1,
-         AUTH_SHORT      = 2
-         /* and more to be defined */
-      };
-
-      struct opaque_auth {
-         auth_flavor flavor;
-         opaque body<400>;
-      };
-
-   In other words, any "opaque_auth" structure is an "auth_flavor"
-   enumeration followed by up to 400 bytes which are opaque to
-   (uninterpreted by) the RPC protocol implementation.
-
-   The interpretation and semantics of the data contained within the
-   authentication fields is specified by individual, independent
-   authentication protocol specifications.  (Section 9 defines the
-   various authentication protocols.)
-
-   If authentication parameters were rejected, the reply message
-   contains information stating why they were rejected.
-
-
-
-
-
-
-
-
-
-
-
-
-Srinivasan                  Standards Track                     [Page 7]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-7.3 Program Number Assignment
-
-   Program numbers are given out in groups of hexadecimal 20000000
-   (decimal 536870912) according to the following chart:
-
-              0 - 1fffffff   defined by rpc@sun.com
-       20000000 - 3fffffff   defined by user
-       40000000 - 5fffffff   transient
-       60000000 - 7fffffff   reserved
-       80000000 - 9fffffff   reserved
-       a0000000 - bfffffff   reserved
-       c0000000 - dfffffff   reserved
-       e0000000 - ffffffff   reserved
-
-   The first group is a range of numbers administered by rpc@sun.com and
-   should be identical for all sites.  The second range is for
-   applications peculiar to a particular site.  This range is intended
-   primarily for debugging new programs.  When a site develops an
-   application that might be of general interest, that application
-   should be given an assigned number in the first range.  Application
-   developers may apply for blocks of RPC program numbers in the first
-   range by sending electronic mail to "rpc@sun.com".  The third group
-   is for applications that generate program numbers dynamically.  The
-   final groups are reserved for future use, and should not be used.
-
-7.4 Other Uses of the RPC Protocol
-
-   The intended use of this protocol is for calling remote procedures.
-   Normally, each call message is matched with a reply message.
-   However, the protocol itself is a message-passing protocol with which
-   other (non-procedure call) protocols can be implemented.
-
-7.4.1 Batching
-
-   Batching is useful when a client wishes to send an arbitrarily large
-   sequence of call messages to a server.  Batching typically uses
-   reliable byte stream protocols (like TCP) for its transport.  In the
-   case of batching, the client never waits for a reply from the server,
-   and the server does not send replies to batch calls.  A sequence of
-   batch calls is usually terminated by a legitimate remote procedure
-   call operation in order to flush the pipeline and get positive
-   acknowledgement.
-
-7.4.2 Broadcast Remote Procedure Calls
-
-   In broadcast protocols, the client sends a broadcast call to the
-   network and waits for numerous replies.  This requires the use of
-   packet-based protocols (like UDP) as its transport protocol.  Servers
-
-
-
-Srinivasan                  Standards Track                     [Page 8]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-   that support broadcast protocols usually respond only when the call
-   is successfully processed and are silent in the face of errors, but
-   this varies with the application.
-
-   The principles of broadcast RPC also apply to multicasting - an RPC
-   request can be sent to a multicast address.
-
-8. THE RPC MESSAGE PROTOCOL
-
-   This section defines the RPC message protocol in the XDR data
-   description language [9].
-
-      enum msg_type {
-         CALL  = 0,
-         REPLY = 1
-      };
-
-   A reply to a call message can take on two forms: The message was
-   either accepted or rejected.
-
-      enum reply_stat {
-         MSG_ACCEPTED = 0,
-         MSG_DENIED   = 1
-      };
-
-   Given that a call message was accepted, the following is the status
-   of an attempt to call a remote procedure.
-
-      enum accept_stat {
-         SUCCESS       = 0, /* RPC executed successfully             */
-         PROG_UNAVAIL  = 1, /* remote hasn't exported program        */
-         PROG_MISMATCH = 2, /* remote can't support version #        */
-         PROC_UNAVAIL  = 3, /* program can't support procedure       */
-         GARBAGE_ARGS  = 4, /* procedure can't decode params         */
-         SYSTEM_ERR    = 5  /* errors like memory allocation failure */
-      };
-
-   Reasons why a call message was rejected:
-
-      enum reject_stat {
-         RPC_MISMATCH = 0, /* RPC version number != 2          */
-         AUTH_ERROR = 1    /* remote can't authenticate caller */
-      };
-
-   Why authentication failed:
-
-      enum auth_stat {
-         AUTH_OK           = 0,  /* success                          */
-
-
-
-Srinivasan                  Standards Track                     [Page 9]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-         /*
-          * failed at remote end
-          */
-         AUTH_BADCRED      = 1,  /* bad credential (seal broken)     */
-         AUTH_REJECTEDCRED = 2,  /* client must begin new session    */
-         AUTH_BADVERF      = 3,  /* bad verifier (seal broken)       */
-         AUTH_REJECTEDVERF = 4,  /* verifier expired or replayed     */
-         AUTH_TOOWEAK      = 5,  /* rejected for security reasons    */
-         /*
-          * failed locally
-          */
-         AUTH_INVALIDRESP  = 6,  /* bogus response verifier          */
-         AUTH_FAILED       = 7   /* reason unknown                   */
-      };
-
-   The RPC message:
-
-   All messages start with a transaction identifier, xid, followed by a
-   two-armed discriminated union.  The union's discriminant is a
-   msg_type which switches to one of the two types of the message.  The
-   xid of a REPLY message always matches that of the initiating CALL
-   message.  NB: The xid field is only used for clients matching reply
-   messages with call messages or for servers detecting retransmissions;
-   the service side cannot treat this id as any type of sequence number.
-
-      struct rpc_msg {
-         unsigned int xid;
-         union switch (msg_type mtype) {
-         case CALL:
-            call_body cbody;
-         case REPLY:
-            reply_body rbody;
-         } body;
-      };
-
-   Body of an RPC call:
-
-   In version 2 of the RPC protocol specification, rpcvers must be equal
-   to 2.  The fields prog, vers, and proc specify the remote program,
-   its version number, and the procedure within the remote program to be
-   called.  After these fields are two authentication parameters:  cred
-   (authentication credential) and verf (authentication verifier).  The
-   two authentication parameters are followed by the parameters to the
-   remote procedure, which are specified by the specific program
-   protocol.
-
-   The purpose of the authentication verifier is to validate the
-   authentication credential.  Note that these two items are
-
-
-
-Srinivasan                  Standards Track                    [Page 10]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-   historically separate, but are always used together as one logical
-   entity.
-
-      struct call_body {
-         unsigned int rpcvers;       /* must be equal to two (2) */
-         unsigned int prog;
-         unsigned int vers;
-         unsigned int proc;
-         opaque_auth  cred;
-         opaque_auth  verf;
-         /* procedure specific parameters start here */
-      };
-
-   Body of a reply to an RPC call:
-
-      union reply_body switch (reply_stat stat) {
-      case MSG_ACCEPTED:
-         accepted_reply areply;
-      case MSG_DENIED:
-         rejected_reply rreply;
-      } reply;
-
-   Reply to an RPC call that was accepted by the server:
-
-   There could be an error even though the call was accepted.  The first
-   field is an authentication verifier that the server generates in
-   order to validate itself to the client.  It is followed by a union
-   whose discriminant is an enum accept_stat.  The SUCCESS arm of the
-   union is protocol specific.  The PROG_UNAVAIL, PROC_UNAVAIL,
-   GARBAGE_ARGS, and SYSTEM_ERR arms of the union are void.  The
-   PROG_MISMATCH arm specifies the lowest and highest version numbers of
-   the remote program supported by the server.
-
-      struct accepted_reply {
-         opaque_auth verf;
-         union switch (accept_stat stat) {
-         case SUCCESS:
-            opaque results[0];
-            /*
-             * procedure-specific results start here
-             */
-          case PROG_MISMATCH:
-             struct {
-                unsigned int low;
-                unsigned int high;
-             } mismatch_info;
-          default:
-             /*
-
-
-
-Srinivasan                  Standards Track                    [Page 11]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-              * Void.  Cases include PROG_UNAVAIL, PROC_UNAVAIL,
-              * GARBAGE_ARGS, and SYSTEM_ERR.
-              */
-             void;
-          } reply_data;
-      };
-
-   Reply to an RPC call that was rejected by the server:
-
-   The call can be rejected for two reasons: either the server is not
-   running a compatible version of the RPC protocol (RPC_MISMATCH), or
-   the server rejects the identity of the caller (AUTH_ERROR). In case
-   of an RPC version mismatch, the server returns the lowest and highest
-   supported RPC version numbers.  In case of invalid authentication,
-   failure status is returned.
-
-      union rejected_reply switch (reject_stat stat) {
-      case RPC_MISMATCH:
-         struct {
-            unsigned int low;
-            unsigned int high;
-         } mismatch_info;
-      case AUTH_ERROR:
-         auth_stat stat;
-      };
-
-9. AUTHENTICATION PROTOCOLS
-
-   As previously stated, authentication parameters are opaque, but
-   open-ended to the rest of the RPC protocol.  This section defines two
-   standard "flavors" of authentication.  Implementors are free to
-   invent new authentication types, with the same rules of flavor number
-   assignment as there is for program number assignment.  The "flavor"
-   of a credential or verifier refers to the value of the "flavor" field
-   in the opaque_auth structure. Flavor numbers, like RPC program
-   numbers, are also administered centrally, and developers may assign
-   new flavor numbers by applying through electronic mail to
-   "rpc@sun.com".  Credentials and verifiers are represented as variable
-   length opaque data (the "body" field in the opaque_auth structure).
-
-   In this document, two flavors of authentication are described.  Of
-   these, Null authentication (described in the next subsection) is
-   mandatory - it must be available in all implementations.  System
-   authentication is described in Appendix A.  It is strongly
-   recommended that implementors include System authentication in their
-   implementations.  Many applications use this style of authentication,
-   and availability of this flavor in an implementation will enhance
-   interoperability.
-
-
-
-Srinivasan                  Standards Track                    [Page 12]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-9.1 Null Authentication
-
-   Often calls must be made where the client does not care about its
-   identity or the server does not care who the client is.  In this
-   case, the flavor of the RPC message's credential, verifier, and reply
-   verifier is "AUTH_NONE".  Opaque data associated with "AUTH_NONE" is
-   undefined.  It is recommended that the length of the opaque data be
-   zero.
-
-10. RECORD MARKING STANDARD
-
-   When RPC messages are passed on top of a byte stream transport
-   protocol (like TCP), it is necessary to delimit one message from
-   another in order to detect and possibly recover from protocol errors.
-   This is called record marking (RM).  One RPC message fits into one RM
-   record.
-
-   A record is composed of one or more record fragments.  A record
-   fragment is a four-byte header followed by 0 to (2**31) - 1 bytes of
-   fragment data.  The bytes encode an unsigned binary number; as with
-   XDR integers, the byte order is from highest to lowest.  The number
-   encodes two values -- a boolean which indicates whether the fragment
-   is the last fragment of the record (bit value 1 implies the fragment
-   is the last fragment) and a 31-bit unsigned binary value which is the
-   length in bytes of the fragment's data.  The boolean value is the
-   highest-order bit of the header; the length is the 31 low-order bits.
-   (Note that this record specification is NOT in XDR standard form!)
-
-11. THE RPC LANGUAGE
-
-   Just as there was a need to describe the XDR data-types in a formal
-   language, there is also need to describe the procedures that operate
-   on these XDR data-types in a formal language as well.  The RPC
-   Language is an extension to the XDR language, with the addition of
-   "program", "procedure", and "version" declarations.  The following
-   example is used to describe the essence of the language.
-
-11.1 An Example Service Described in the RPC Language
-
-   Here is an example of the specification of a simple ping program.
-
-   program PING_PROG {
-         /*
-          * Latest and greatest version
-          */
-         version PING_VERS_PINGBACK {
-            void
-            PINGPROC_NULL(void) = 0;
-
-
-
-Srinivasan                  Standards Track                    [Page 13]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-            /*
-             * Ping the client, return the round-trip time
-             * (in microseconds). Returns -1 if the operation
-             * timed out.
-             */
-            int
-            PINGPROC_PINGBACK(void) = 1;
-         } = 2;
-
-         /*
-          * Original version
-          */
-         version PING_VERS_ORIG {
-            void
-            PINGPROC_NULL(void) = 0;
-         } = 1;
-      } = 1;
-
-      const PING_VERS = 2;      /* latest version */
-
-   The first version described is PING_VERS_PINGBACK with two
-   procedures, PINGPROC_NULL and PINGPROC_PINGBACK.  PINGPROC_NULL takes
-   no arguments and returns no results, but it is useful for computing
-   round-trip times from the client to the server and back again.  By
-   convention, procedure 0 of any RPC protocol should have the same
-   semantics, and never require any kind of authentication.  The second
-   procedure is used for the client to have the server do a reverse ping
-   operation back to the client, and it returns the amount of time (in
-   microseconds) that the operation used.  The next version,
-   PING_VERS_ORIG, is the original version of the protocol and it does
-   not contain PINGPROC_PINGBACK procedure. It is useful for
-   compatibility with old client programs, and as this program matures
-   it may be dropped from the protocol entirely.
-
-11.2 The RPC Language Specification
-
-   The RPC language is identical to the XDR language defined in RFC
-   1014, except for the added definition of a "program-def" described
-   below.
-
-   program-def:
-      "program" identifier "{"
-         version-def
-         version-def *
-      "}" "=" constant ";"
-
-   version-def:
-      "version" identifier "{"
-
-
-
-Srinivasan                  Standards Track                    [Page 14]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-          procedure-def
-          procedure-def *
-      "}" "=" constant ";"
-
-   procedure-def:
-      type-specifier identifier "(" type-specifier
-        ("," type-specifier )* ")" "=" constant ";"
-
-11.3 Syntax Notes
-
-   (1) The following keywords are added and cannot be used as
-   identifiers: "program" and "version";
-
-   (2) A version name cannot occur more than once within the scope of a
-   program definition. Nor can a version number occur more than once
-   within the scope of a program definition.
-
-   (3) A procedure name cannot occur more than once within the scope of
-   a version definition. Nor can a procedure number occur more than once
-   within the scope of version definition.
-
-   (4) Program identifiers are in the same name space as constant and
-   type identifiers.
-
-   (5) Only unsigned constants can be assigned to programs, versions and
-   procedures.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Srinivasan                  Standards Track                    [Page 15]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-APPENDIX A: SYSTEM AUTHENTICATION
-
-   The client may wish to identify itself, for example, as it is
-   identified on a UNIX(tm) system.  The flavor of the client credential
-   is "AUTH_SYS".  The opaque data constituting the credential encodes
-   the following structure:
-
-      struct authsys_parms {
-         unsigned int stamp;
-         string machinename<255>;
-         unsigned int uid;
-         unsigned int gid;
-         unsigned int gids<16>;
-      };
-
-   The "stamp" is an arbitrary ID which the caller machine may generate.
-   The "machinename" is the name of the caller's machine (like
-   "krypton").  The "uid" is the caller's effective user ID.  The "gid"
-   is the caller's effective group ID.  The "gids" is a counted array of
-   groups which contain the caller as a member.  The verifier
-   accompanying the credential should have "AUTH_NONE" flavor value
-   (defined above).  Note this credential is only unique within a
-   particular domain of machine names, uids, and gids.
-
-   The flavor value of the verifier received in the reply message from
-   the server may be "AUTH_NONE" or "AUTH_SHORT".  In the case of
-   "AUTH_SHORT", the bytes of the reply verifier's string encode an
-   opaque structure.  This new opaque structure may now be passed to the
-   server instead of the original "AUTH_SYS" flavor credential.  The
-   server may keep a cache which maps shorthand opaque structures
-   (passed back by way of an "AUTH_SHORT" style reply verifier) to the
-   original credentials of the caller.  The caller can save network
-   bandwidth and server cpu cycles by using the shorthand credential.
-
-   The server may flush the shorthand opaque structure at any time.  If
-   this happens, the remote procedure call message will be rejected due
-   to an authentication error.  The reason for the failure will be
-   "AUTH_REJECTEDCRED".  At this point, the client may wish to try the
-   original "AUTH_SYS" style of credential.
-
-   It should be noted that use of this flavor of authentication does not
-   guarantee any security for the users or providers of a service, in
-   itself.  The authentication provided by this scheme can be considered
-   legitimate only when applications using this scheme and the network
-   can be secured externally, and privileged transport addresses are
-   used for the communicating end-points (an example of this is the use
-   of privileged TCP/UDP ports in Unix systems - note that not all
-   systems enforce privileged transport address mechanisms).
-
-
-
-Srinivasan                  Standards Track                    [Page 16]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-REFERENCES
-
-   [1]  Birrell, A. D.  & Nelson, B. J., "Implementing Remote Procedure
-        Calls", XEROX CSL-83-7, October 1983.
-
-   [2]  Cheriton, D., "VMTP: Versatile Message Transaction Protocol",
-        Preliminary Version 0.3, Stanford University, January 1987.
-
-   [3]  Diffie & Hellman, "New Directions in Cryptography", IEEE
-        Transactions on Information Theory IT-22, November 1976.
-
-   [4]  Mills, D., "Network Time Protocol", RFC 1305, UDEL,
-        March 1992.
-
-   [5]  National Bureau of Standards, "Data Encryption Standard",
-        Federal Information Processing Standards Publication 46, January
-        1977.
-
-   [6]  Postel, J., "Transmission Control Protocol - DARPA Internet
-        Program Protocol Specification", STD 7, RFC 793, USC/Information
-        Sciences Institute, September 1981.
-
-   [7]  Postel, J., "User Datagram Protocol", STD 6, RFC 768,
-        USC/Information Sciences Institute, August 1980.
-
-   [8]  Reynolds, J., and Postel, J., "Assigned Numbers", STD 2,
-        RFC 1700, USC/Information Sciences Institute, October 1994.
-
-   [9]  Srinivasan, R., "XDR: External Data Representation Standard",
-        RFC 1832, Sun Microsystems, Inc., August 1995.
-
-   [10] Miller, S., Neuman, C., Schiller, J., and  J. Saltzer, "Section
-        E.2.1: Kerberos  Authentication and Authorization System",
-        M.I.T. Project Athena, Cambridge, Massachusetts, December 21,
-        1987.
-
-   [11] Steiner, J., Neuman, C., and J. Schiller, "Kerberos: An
-        Authentication Service for Open Network Systems", pp. 191-202 in
-        Usenix Conference Proceedings, Dallas, Texas, February 1988.
-
-   [12] Kohl, J. and C. Neuman, "The Kerberos Network Authentication
-        Service (V5)", RFC 1510, Digital Equipment Corporation,
-        USC/Information Sciences Institute, September 1993.
-
-
-
-
-
-
-
-
-Srinivasan                  Standards Track                    [Page 17]
-
-RFC 1831        Remote Procedure Call Protocol Version 2     August 1995
-
-
-Security Considerations
-
-   Security issues are not discussed in this memo.
-
-Author's Address
-
-   Raj Srinivasan
-   Sun Microsystems, Inc.
-   ONC Technologies
-   2550 Garcia Avenue
-   M/S MTV-5-40
-   Mountain View, CA  94043
-   USA
-
-   Phone: 415-336-2478
-   Fax:   415-336-6015
-   EMail: raj@eng.sun.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Srinivasan                  Standards Track                    [Page 18]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc1964.txt b/crypto/heimdal/doc/standardisation/rfc1964.txt
deleted file mode 100644
index f2960b961dd6..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc1964.txt
+++ /dev/null
@@ -1,1123 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            J. Linn
-Request for Comments: 1964                       OpenVision Technologies
-Category: Standards Track                                      June 1996
-
-
-                The Kerberos Version 5 GSS-API Mechanism
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-ABSTRACT
-
-   This specification defines protocols, procedures, and conventions to
-   be employed by peers implementing the Generic Security Service
-   Application Program Interface (as specified in RFCs 1508 and 1509)
-   when using Kerberos Version 5 technology (as specified in RFC 1510).
-
-ACKNOWLEDGMENTS
-
-   Much of the material in this memo is based on working documents
-   drafted by John Wray of Digital Equipment Corporation and on
-   discussions, implementation activities, and interoperability testing
-   involving Marc Horowitz, Ted Ts'o, and John Wray.  Particular thanks
-   are due to each of these individuals for their contributions towards
-   development and availability of GSS-API support within the Kerberos
-   Version 5 code base.
-
-1. Token Formats
-
-   This section discusses protocol-visible characteristics of the GSS-
-   API mechanism to be implemented atop Kerberos V5 security technology
-   per RFC-1508 and RFC-1510; it defines elements of protocol for
-   interoperability and is independent of language bindings per RFC-
-   1509.
-
-   Tokens transferred between GSS-API peers (for security context
-   management and per-message protection purposes) are defined.  The
-   data elements exchanged between a GSS-API endpoint implementation and
-   the Kerberos KDC are not specific to GSS-API usage and are therefore
-   defined within RFC-1510 rather than within this specification.
-
-
-
-
-
-
-Linn                        Standards Track                     [Page 1]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   To support ongoing experimentation, testing, and evolution of the
-   specification, the Kerberos V5 GSS-API mechanism as defined in this
-   and any successor memos will be identified with the following Object
-   Identifier, as defined in RFC-1510, until the specification is
-   advanced to the level of Proposed Standard RFC:
-
-   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
-
-   Upon advancement to the level of Proposed Standard RFC, the Kerberos
-   V5 GSS-API mechanism will be identified by an Object Identifier
-   having the value:
-
-   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
-   gssapi(2) krb5(2)}
-
-1.1. Context Establishment Tokens
-
-   Per RFC-1508, Appendix B, the initial context establishment token
-   will be enclosed within framing as follows:
-
-   InitialContextToken ::=
-   [APPLICATION 0] IMPLICIT SEQUENCE {
-           thisMech        MechType
-                   -- MechType is OBJECT IDENTIFIER
-                   -- representing "Kerberos V5"
-           innerContextToken ANY DEFINED BY thisMech
-                   -- contents mechanism-specific;
-                   -- ASN.1 usage within innerContextToken
-                   -- is not required
-           }
-
-   The innerContextToken of the initial context token will consist of a
-   Kerberos V5 KRB_AP_REQ message, preceded by a two-byte token-id
-   (TOK_ID) field, which shall contain the value 01 00.
-
-   The above GSS-API framing shall be applied to all tokens emitted by
-   the Kerberos V5 GSS-API mechanism, including KRB_AP_REP, KRB_ERROR,
-   context-deletion, and per-message tokens, not just to the initial
-   token in a context establishment sequence.  While not required by
-   RFC-1508, this enables implementations to perform enhanced error-
-   checking. The innerContextToken field of context establishment tokens
-   for the Kerberos V5 GSS-API mechanism will contain a Kerberos message
-   (KRB_AP_REQ, KRB_AP_REP or KRB_ERROR), preceded by a 2-byte TOK_ID
-   field containing 01 00 for KRB_AP_REQ messages, 02 00 for KRB_AP_REP
-   messages and 03 00 for KRB_ERROR messages.
-
-
-
-
-
-
-Linn                        Standards Track                     [Page 2]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-1.1.1. Initial Token
-
-   Relevant KRB_AP_REQ syntax (from RFC-1510) is as follows:
-
-   AP-REQ ::= [APPLICATION 14] SEQUENCE {
-           pvno [0]        INTEGER,        -- indicates Version 5
-           msg-type [1]    INTEGER,        -- indicates KRB_AP_REQ
-           ap-options[2]   APOptions,
-           ticket[3]       Ticket,
-           authenticator[4]        EncryptedData
-   }
-
-   APOptions ::= BIT STRING {
-           reserved (0),
-           use-session-key (1),
-           mutual-required (2)
-   }
-
-   Ticket ::= [APPLICATION 1] SEQUENCE {
-           tkt-vno [0]     INTEGER,        -- indicates Version 5
-           realm [1]       Realm,
-           sname [2]       PrincipalName,
-           enc-part [3]    EncryptedData
-   }
-
-   -- Encrypted part of ticket
-   EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-           flags[0]        TicketFlags,
-           key[1]          EncryptionKey,
-           crealm[2]       Realm,
-           cname[3]        PrincipalName,
-           transited[4]    TransitedEncoding,
-           authtime[5]     KerberosTime,
-           starttime[6]    KerberosTime OPTIONAL,
-           endtime[7]      KerberosTime,
-           renew-till[8]   KerberosTime OPTIONAL,
-           caddr[9]        HostAddresses OPTIONAL,
-           authorization-data[10]  AuthorizationData OPTIONAL
-   }
-
-   -- Unencrypted authenticator
-   Authenticator ::= [APPLICATION 2] SEQUENCE  {
-           authenticator-vno[0]    INTEGER,
-           crealm[1]               Realm,
-           cname[2]                PrincipalName,
-           cksum[3]                Checksum OPTIONAL,
-           cusec[4]                INTEGER,
-           ctime[5]                KerberosTime,
-
-
-
-Linn                        Standards Track                     [Page 3]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-           subkey[6]               EncryptionKey OPTIONAL,
-           seq-number[7]           INTEGER OPTIONAL,
-           authorization-data[8]   AuthorizationData OPTIONAL
-   }
-
-   For purposes of this specification, the authenticator shall include
-   the optional sequence number, and the checksum field shall be used to
-   convey channel binding, service flags, and optional delegation
-   information.  The checksum will have a type of 0x8003 (a value being
-   registered within the Kerberos protocol specification), and a value
-   field of at least 24 bytes in length.  The length of the value field
-   is extended beyond 24 bytes if and only if an optional facility to
-   carry a Kerberos-defined KRB_CRED message for delegation purposes is
-   supported by an implementation and active on a context. When
-   delegation is active, a TGT with its FORWARDABLE flag set will be
-   transferred within the KRB_CRED message.
-
-   The checksum value field's format is as follows:
-
-   Byte    Name    Description
-   0..3    Lgth    Number of bytes in Bnd field;
-                   Currently contains hex 10 00 00 00
-                   (16, represented in little-endian form)
-   4..19   Bnd     MD5 hash of channel bindings, taken over all non-null
-                   components of bindings, in order of declaration.
-                   Integer fields within channel bindings are represented
-                   in little-endian order for the purposes of the MD5
-                   calculation.
-   20..23  Flags   Bit vector of context-establishment flags,
-                   with values consistent with RFC-1509, p. 41:
-                           GSS_C_DELEG_FLAG:       1
-                           GSS_C_MUTUAL_FLAG:      2
-                           GSS_C_REPLAY_FLAG:      4
-                           GSS_C_SEQUENCE_FLAG:    8
-                           GSS_C_CONF_FLAG:        16
-                           GSS_C_INTEG_FLAG:       32
-                   The resulting bit vector is encoded into bytes 20..23
-                   in little-endian form.
-   24..25  DlgOpt  The Delegation Option identifier (=1) [optional]
-   26..27  Dlgth   The length of the Deleg field. [optional]
-   28..n   Deleg   A KRB_CRED message (n = Dlgth + 29) [optional]
-
-   In computing the contents of the "Bnd" field, the following detailed
-   points apply:
-
-        (1) Each integer field shall be formatted into four bytes, using
-        little-endian byte ordering, for purposes of MD5 hash
-        computation.
-
-
-
-Linn                        Standards Track                     [Page 4]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-        (2) All input length fields within gss_buffer_desc elements of a
-        gss_channel_bindings_struct, even those which are zero-valued,
-        shall be included in the hash calculation; the value elements of
-        gss_buffer_desc elements shall be dereferenced, and the
-        resulting data shall be included within the hash computation,
-        only for the case of gss_buffer_desc elements having non-zero
-        length specifiers.
-
-        (3) If the caller passes the value GSS_C_NO_BINDINGS instead of
-        a valid channel bindings structure, the Bnd field shall be set
-        to 16 zero-valued bytes.
-
-   In the initial Kerberos V5 GSS-API mechanism token (KRB_AP_REQ token)
-   from initiator to target, the GSS_C_DELEG_FLAG, GSS_C_MUTUAL_FLAG,
-   GSS_C_REPLAY_FLAG, and GSS_C_SEQUENCE_FLAG values shall each be set
-   as the logical AND of the initiator's corresponding request flag to
-   GSS_Init_sec_context() and a Boolean indicator of whether that
-   optional service is available to GSS_Init_sec_context()'s caller.
-   GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, for which no corresponding
-   context-level input indicator flags to GSS_Init_sec_context() exist,
-   shall each be set to indicate whether their respective per-message
-   protection services are available for use on the context being
-   established.
-
-   When input source address channel binding values are provided by a
-   caller (i.e., unless the input argument is GSS_C_NO_BINDINGS or the
-   source address specifier value within the input structure is
-   GSS_C_NULL_ADDRTYPE), and the corresponding token received from the
-   context's peer bears address restrictions, it is recommended that an
-   implementation of the Kerberos V5 GSS-API mechanism should check that
-   the source address as provided by the caller matches that in the
-   received token, and should return the GSS_S_BAD_BINDINGS major_status
-   value if a mismatch is detected. Note: discussion is ongoing about
-   the strength of recommendation to be made in this area, and on the
-   circumstances under which such a recommendation should be applicable;
-   implementors are therefore advised that changes on this matter may be
-   included in subsequent versions of this specification.
-
-1.1.2. Response Tokens
-
-   A context establishment sequence based on the Kerberos V5 mechanism
-   will perform one-way authentication (without confirmation or any
-   return token from target to initiator in response to the initiator's
-   KRB_AP_REQ) if the mutual_req bit is not set in the application's
-   call to GSS_Init_sec_context().  Applications requiring confirmation
-   that their authentication was successful should request mutual
-   authentication, resulting in a "mutual-required" indication within
-   KRB_AP_REQ APoptions and the setting of the mutual_req bit in the
-
-
-
-Linn                        Standards Track                     [Page 5]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   flags field of the authenticator checksum.  In response to such a
-   request, the context target will reply to the initiator with a token
-   containing either a KRB_AP_REP or KRB_ERROR, completing the mutual
-   context establishment exchange.
-
-   Relevant KRB_AP_REP syntax is as follows:
-
-   AP-REP ::= [APPLICATION 15] SEQUENCE {
-           pvno [0]        INTEGER,        -- represents Kerberos V5
-           msg-type [1]    INTEGER,        -- represents KRB_AP_REP
-           enc-part [2]    EncryptedData
-   }
-
-   EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
-           ctime [0]       KerberosTime,
-           cusec [1]       INTEGER,
-           subkey [2]      EncryptionKey OPTIONAL,
-           seq-number [3]  INTEGER OPTIONAL
-   }
-
-   The optional seq-number element within the AP-REP's EncAPRepPart
-   shall be included.
-
-   The syntax of KRB_ERROR is as follows:
-
-   KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
-           pvno[0]         INTEGER,
-           msg-type[1]     INTEGER,
-           ctime[2]        KerberosTime OPTIONAL,
-           cusec[3]        INTEGER OPTIONAL,
-           stime[4]        KerberosTime,
-           susec[5]        INTEGER,
-           error-code[6]   INTEGER,
-           crealm[7]       Realm OPTIONAL,
-           cname[8]        PrincipalName OPTIONAL,
-           realm[9]        Realm, -- Correct realm
-           sname[10]       PrincipalName, -- Correct name
-           e-text[11]      GeneralString OPTIONAL,
-           e-data[12]      OCTET STRING OPTIONAL
-   }
-
-   Values to be transferred in the error-code field of a KRB-ERROR
-   message are defined in [RFC-1510], not in this specification.
-
-
-
-
-
-
-
-
-Linn                        Standards Track                     [Page 6]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-1.2. Per-Message and Context Deletion Tokens
-
-   Three classes of tokens are defined in this section: "MIC" tokens,
-   emitted by calls to GSS_GetMIC() (formerly GSS_Sign()) and consumed
-   by calls to GSS_VerifyMIC() (formerly GSS_Verify()), "Wrap" tokens,
-   emitted by calls to GSS_Wrap() (formerly GSS_Seal()) and consumed by
-   calls to GSS_Unwrap() (formerly GSS_Unseal()), and context deletion
-   tokens, emitted by calls to GSS_Delete_sec_context() and consumed by
-   calls to GSS_Process_context_token().  Note: References to GSS-API
-   per-message routines in the remainder of this specification will be
-   based on those routines' newer recommended names rather than those
-   names' predecessors.
-
-   Several variants of cryptographic keys are used in generation and
-   processing of per-message tokens:
-
-        (1) context key: uses Kerberos session key (or subkey, if
-        present in authenticator emitted by context initiator) directly
-
-        (2) confidentiality key: forms variant of context key by
-        exclusive-OR with the hexadecimal constant f0f0f0f0f0f0f0f0.
-
-        (3) MD2.5 seed key: forms variant of context key by reversing
-        the bytes of the context key (i.e. if the original key is the
-        8-byte sequence {aa, bb, cc, dd, ee, ff, gg, hh}, the seed key
-        will be {hh, gg, ff, ee, dd, cc, bb, aa}).
-
-1.2.1. Per-message Tokens - MIC
-
-Use of the GSS_GetMIC() call yields a token, separate from the user
-data being protected, which can be used to verify the integrity of
-that data as received.  The token has the following format:
-
-   Byte no          Name           Description
-    0..1           TOK_ID          Identification field.
-                                   Tokens emitted by GSS_GetMIC() contain
-                                   the hex value 01 01 in this field.
-    2..3           SGN_ALG         Integrity algorithm indicator.
-                                   00 00 - DES MAC MD5
-                                   01 00 - MD2.5
-                                   02 00 - DES MAC
-    4..7           Filler          Contains ff ff ff ff
-    8..15          SND_SEQ         Sequence number field.
-    16..23         SGN_CKSUM       Checksum of "to-be-signed data",
-                                   calculated according to algorithm
-                                   specified in SGN_ALG field.
-
-
-
-
-
-Linn                        Standards Track                     [Page 7]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   GSS-API tokens must be encapsulated within the higher-level protocol
-   by the application; no embedded length field is necessary.
-
-1.2.1.1. Checksum
-
-   Checksum calculation procedure (common to all algorithms): Checksums
-   are calculated over the data field, logically prepended by the first
-   8 bytes of the plaintext packet header.  The resulting value binds
-   the data to the packet type and signature algorithm identifier
-   fields.
-
-   DES MAC MD5 algorithm: The checksum is formed by computing an MD5
-   [RFC-1321] hash over the plaintext data, and then computing a DES-CBC
-   MAC on the 16-byte MD5 result.  A standard 64-bit DES-CBC MAC is
-   computed per [FIPS-PUB-113], employing the context key and a zero IV.
-   The 8-byte result is stored in the SGN_CKSUM field.
-
-   MD2.5 algorithm: The checksum is formed by first DES-CBC encrypting a
-   16-byte zero-block, using a zero IV and a key formed by reversing the
-   bytes of the context key (i.e. if the original key is the 8-byte
-   sequence {aa, bb, cc, dd, ee, ff, gg, hh}, the checksum key will be
-   {hh, gg, ff, ee, dd, cc, bb, aa}).   The resulting 16-byte value is
-   logically prepended to the to-be-signed data.  A standard MD5
-   checksum is calculated over the combined data, and the first 8 bytes
-   of the result are stored in the SGN_CKSUM field.  Note 1: we refer to
-   this algorithm informally as "MD2.5" to connote the fact that it uses
-   half of the 128 bits generated by MD5; use of only a subset of the
-   MD5 bits is intended to protect against the prospect that data could
-   be postfixed to an existing message with corresponding modifications
-   being made to the checksum.  Note 2: This algorithm is fairly novel
-   and has received more limited evaluation than that to which other
-   integrity algorithms have been subjected.  An initial, limited
-   evaluation indicates that it may be significantly weaker than DES MAC
-   MD5.
-
-   DES-MAC algorithm: A standard 64-bit DES-CBC MAC is computed on the
-   plaintext data per [FIPS-PUB-113], employing the context key and a
-   zero IV. Padding procedures to accomodate plaintext data lengths
-   which may not be integral multiples of 8 bytes are defined in [FIPS-
-   PUB-113].  The result is an 8-byte value, which is stored in the
-   SGN_CKSUM field.  Support for this algorithm may not be present in
-   all implementations.
-
-1.2.1.2. Sequence Number
-
-   Sequence number field: The 8 byte plaintext sequence number field is
-   formed from the sender's four-byte sequence number as follows.  If
-   the four bytes of the sender's sequence number are named s0, s1, s2
-
-
-
-Linn                        Standards Track                     [Page 8]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   and s3 (from least to most significant), the plaintext sequence
-   number field is the 8 byte sequence: (s0, s1, s2, s3, di, di, di,
-   di), where 'di' is the direction-indicator (Hex 0 - sender is the
-   context initiator, Hex FF - sender is the context acceptor).  The
-   field is then DES-CBC encrypted using the context key and an IV
-   formed from the first 8 bytes of the previously calculated SGN_CKSUM
-   field. After sending a GSS_GetMIC() or GSS_Wrap() token, the sender's
-   sequence number is incremented by one.
-
-   The receiver of the token will first verify the SGN_CKSUM field.  If
-   valid, the sequence number field may be decrypted and compared to the
-   expected sequence number.  The repetition of the (effectively 1-bit)
-   direction indicator within the sequence number field provides
-   redundancy so that the receiver may verify that the decryption
-   succeeded.
-
-   Since the checksum computation is used as an IV to the sequence
-   number decryption, attempts to splice a checksum and sequence number
-   from different messages will be detected.  The direction indicator
-   will detect packets that have been maliciously reflected.
-
-   The sequence number provides a basis for detection of replayed
-   tokens.  Replay detection can be performed using state information
-   retained on received sequence numbers, interpreted in conjunction
-   with the security context on which they arrive.
-
-   Provision of per-message replay and out-of-sequence detection
-   services is optional for implementations of the Kerberos V5 GSS-API
-   mechanism.  Further, it is recommended that implementations of the
-   Kerberos V5 GSS-API mechanism which offer these services should honor
-   a caller's request that the services be disabled on a context.
-   Specifically, if replay_det_req_flag is input FALSE, replay_det_state
-   should be returned FALSE and the GSS_DUPLICATE_TOKEN and
-   GSS_OLD_TOKEN stati should not be indicated as a result of duplicate
-   detection when tokens are processed; if sequence_req_flag is input
-   FALSE, sequence_state should be returned FALSE and
-   GSS_DUPLICATE_TOKEN, GSS_OLD_TOKEN, and GSS_UNSEQ_TOKEN stati should
-   not be indicated as a result of out-of-sequence detection when tokens
-   are processed.
-
-1.2.2. Per-message Tokens - Wrap
-
-   Use of the GSS_Wrap() call yields a token which encapsulates the
-   input user data (optionally encrypted) along with associated
-   integrity check quantities. The token emitted by GSS_Wrap() consists
-   of an integrity header whose format is identical to that emitted by
-   GSS_GetMIC() (except that the TOK_ID field contains the value 02 01),
-   followed by a body portion that contains either the plaintext data
-
-
-
-Linn                        Standards Track                     [Page 9]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   (if SEAL_ALG = ff ff) or encrypted data for any other supported value
-   of SEAL_ALG.  Currently, only SEAL_ALG = 00 00 is supported, and
-   means that DES-CBC encryption is being used to protect the data.
-
-   The GSS_Wrap() token has the following format:
-
-   Byte no          Name           Description
-    0..1           TOK_ID          Identification field.
-                                   Tokens emitted by GSS_Wrap() contain
-                                   the hex value 02 01 in this field.
-    2..3           SGN_ALG         Checksum algorithm indicator.
-                                   00 00 - DES MAC MD5
-                                   01 00 - MD2.5
-                                   02 00 - DES MAC
-    4..5           SEAL_ALG        ff ff - none
-                                   00 00 - DES
-    6..7           Filler          Contains ff ff
-    8..15          SND_SEQ         Encrypted sequence number field.
-    16..23         SGN_CKSUM       Checksum of plaintext padded data,
-                                   calculated according to algorithm
-                                   specified in SGN_ALG field.
-    24..last       Data            encrypted or plaintext padded data
-
-   GSS-API tokens must be encapsulated within the higher-level protocol
-   by the application; no embedded length field is necessary.
-
-1.2.2.1. Checksum
-
-   Checksum calculation procedure (common to all algorithms): Checksums
-   are calculated over the plaintext padded data field, logically
-   prepended by the first 8 bytes of the plaintext packet header.  The
-   resulting signature binds the data to the packet type, protocol
-   version, and signature algorithm identifier fields.
-
-   DES MAC MD5 algorithm: The checksum is formed by computing an MD5
-   hash over the plaintext padded data, and then computing a DES-CBC MAC
-   on the 16-byte MD5 result.  A standard 64-bit DES-CBC MAC is computed
-   per [FIPS-PUB-113], employing the context key and a zero IV. The 8-
-   byte result is stored in the SGN_CKSUM field.
-
-   MD2.5 algorithm: The checksum is formed by first DES-CBC encrypting a
-   16-byte zero-block, using a zero IV and a key formed by reversing the
-   bytes of the context key (i.e., if the original key is the 8-byte
-   sequence {aa, bb, cc, dd, ee, ff, gg, hh}, the checksum key will be
-   {hh, gg, ff, ee, dd, cc, bb, aa}). The resulting 16-byte value is
-   logically pre-pended to the "to-be-signed data".  A standard MD5
-   checksum is calculated over the combined data, and the first 8 bytes
-   of the result are stored in the SGN_CKSUM field.
-
-
-
-Linn                        Standards Track                    [Page 10]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   DES-MAC algorithm: A standard 64-bit DES-CBC MAC is computed on the
-   plaintext padded data per [FIPS-PUB-113], employing the context key
-   and a zero IV. The plaintext padded data is already assured to be an
-   integral multiple of 8 bytes; no additional padding is required or
-   applied in order to accomplish MAC calculation.  The result is an 8-
-   byte value, which is stored in the SGN_CKSUM field.  Support for this
-   lgorithm may not be present in all implementations.
-
-1.2.2.2. Sequence Number
-
-   Sequence number field: The 8 byte plaintext sequence number field is
-   formed from the sender's four-byte sequence number as follows.  If
-   the four bytes of the sender's sequence number are named s0, s1, s2
-   and s3 (from least to most significant), the plaintext sequence
-   number field is the 8 byte sequence: (s0, s1, s2, s3, di, di, di,
-   di), where 'di' is the direction-indicator (Hex 0 - sender is the
-   context initiator, Hex FF - sender is the context acceptor).
-
-   The field is then DES-CBC encrypted using the context key and an IV
-   formed from the first 8 bytes of the SEAL_CKSUM field.
-
-   After sending a GSS_GetMIC() or GSS_Wrap() token, the sender's
-   sequence numbers are incremented by one.
-
-1.2.2.3. Padding
-
-   Data padding: Before encryption and/or signature calculation,
-   plaintext data is padded to the next highest multiple of 8 bytes, by
-   appending between 1 and 8 bytes, the value of each such byte being
-   the total number of pad bytes.  For example, given data of length 20
-   bytes, four pad bytes will be appended, and each byte will contain
-   the hex value 04.  An 8-byte random confounder is prepended to the
-   data, and signatures are calculated over the resulting padded
-   plaintext.
-
-   After padding, the data is encrypted according to the algorithm
-   specified in the SEAL_ALG field.  For SEAL_ALG=DES (the only non-null
-   algorithm currently supported), the data is encrypted using DES-CBC,
-   with an IV of zero.  The key used is derived from the established
-   context key by XOR-ing the context key with the hexadecimal constant
-   f0f0f0f0f0f0f0f0.
-
-1.2.3. Context deletion token
-
-   The token emitted by GSS_Delete_sec_context() is based on the packet
-   format for tokens emitted by GSS_GetMIC().  The context-deletion
-   token has the following format:
-
-
-
-
-Linn                        Standards Track                    [Page 11]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   Byte no          Name           Description
-    0..1           TOK_ID          Identification field.
-                                   Tokens emitted by
-                                   GSS_Delete_sec_context() contain
-                                   the hex value 01 02 in this field.
-    2..3           SGN_ALG         Integrity algorithm indicator.
-                                   00 00 - DES MAC MD5
-                                   01 00 - MD2.5
-                                   02 00 - DES MAC
-    4..7           Filler          Contains ff ff ff ff
-    8..15          SND_SEQ         Sequence number field.
-    16..23         SGN_CKSUM       Checksum of "to-be-signed data",
-                                   calculated according to algorithm
-                                   specified in SGN_ALG field.
-
-   SGN_ALG and SND_SEQ will be calculated as for tokens emitted by
-   GSS_GetMIC().  The SGN_CKSUM will be calculated as for tokens emitted
-   by GSS_GetMIC(), except that the user-data component of the "to-be-
-   signed" data will be a zero-length string.
-
-2. Name Types and Object Identifiers
-
-   This section discusses the name types which may be passed as input to
-   the Kerberos V5 GSS-API mechanism's GSS_Import_name() call, and their
-   associated identifier values.  It defines interface elements in
-   support of portability, and assumes use of C language bindings per
-   RFC-1509.  In addition to specifying OID values for name type
-   identifiers, symbolic names are included and recommended to GSS-API
-   implementors in the interests of convenience to callers.  It is
-   understood that not all implementations of the Kerberos V5 GSS-API
-   mechanism need support all name types in this list, and that
-   additional name forms will likely be added to this list over time.
-   Further, the definitions of some or all name types may later migrate
-   to other, mechanism-independent, specifications. The occurrence of a
-   name type in this specification is specifically not intended to
-   suggest that the type may be supported only by an implementation of
-   the Kerberos V5 mechanism.   In particular, the occurrence of the
-   string "_KRB5_" in the symbolic name strings constitutes a means to
-   unambiguously register the name strings, avoiding collision with
-   other documents; it is not meant to limit the name types' usage or
-   applicability.
-
-   For purposes of clarification to GSS-API implementors, this section's
-   discussion of some name forms describes means through which those
-   forms can be supported with existing Kerberos technology.  These
-   discussions are not intended to preclude alternative implementation
-   strategies for support of the name forms within Kerberos mechanisms
-   or mechanisms based on other technologies.  To enhance application
-
-
-
-Linn                        Standards Track                    [Page 12]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   portability, implementors of mechanisms are encouraged to support
-   name forms as defined in this section, even if their mechanisms are
-   independent of Kerberos V5.
-
-2.1. Mandatory Name Forms
-
-   This section discusses name forms which are to be supported by all
-   conformant implementations of the Kerberos V5 GSS-API mechanism.
-
-2.1.1. Kerberos Principal Name Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
-   is "GSS_KRB5_NT_PRINCIPAL_NAME".
-
-   This name type corresponds to the single-string representation of a
-   Kerberos name.  (Within the MIT Kerberos V5 implementation, such
-   names are parseable with the krb5_parse_name() function.)  The
-   elements included within this name representation are as follows,
-   proceeding from the beginning of the string:
-
-        (1) One or more principal name components; if more than one
-        principal name component is included, the components are
-        separated by `/`.  Arbitrary octets may be included within
-        principal name components, with the following constraints and
-        special considerations:
-
-           (1a) Any occurrence of the characters `@` or `/` within a
-           name component must be immediately preceded by the `\`
-           quoting character, to prevent interpretation as a component
-           or realm separator.
-
-           (1b) The ASCII newline, tab, backspace, and null characters
-           may occur directly within the component or may be
-           represented, respectively, by `\n`, `\t`, `\b`, or `\0`.
-
-           (1c) If the `\` quoting character occurs outside the contexts
-           described in (1a) and (1b) above, the following character is
-           interpreted literally.  As a special case, this allows the
-           doubled representation `\\` to represent a single occurrence
-           of the quoting character.
-
-           (1d) An occurrence of the `\` quoting character as the last
-           character of a component is illegal.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 13]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-        (2) Optionally, a `@` character, signifying that a realm name
-        immediately follows. If no realm name element is included, the
-        local realm name is assumed.  The `/` , `:`, and null characters
-        may not occur within a realm name; the `@`, newline, tab, and
-        backspace characters may be included using the quoting
-        conventions described in (1a), (1b), and (1c) above.
-
-2.1.2. Host-Based Service Name Form
-
-   This name form has been incorporated at the mechanism-independent
-   GSS-API level as of GSS-API, Version 2.  This subsection retains the
-   Object Identifier and symbolic name assignments previously made at
-   the Kerberos V5 GSS-API mechanism level, and adopts the definition as
-   promoted to the mechanism-independent level.
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) service_name(4)}.  The previously recommended symbolic
-   name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME".  The
-   currently preferred symbolic name for this type is
-   "GSS_C_NT_HOSTBASED_SERVICE".
-
-   This name type is used to represent services associated with host
-   computers.  This name form is constructed using two elements,
-   "service" and "hostname", as follows:
-
-      service@hostname
-
-   When a reference to a name of this type is resolved, the "hostname"
-   is canonicalized by attempting a DNS lookup and using the fully-
-   qualified domain name which is returned, or by using the "hostname"
-   as provided if the DNS lookup fails.  The canonicalization operation
-   also maps the host's name into lower-case characters.
-
-   The "hostname" element may be omitted. If no "@" separator is
-   included, the entire name is interpreted as the service specifier,
-   with the "hostname" defaulted to the canonicalized name of the local
-   host.
-
-   Values for the "service" element will be registered with the IANA.
-
-2.1.3. Exported Name Object Form for Kerberos V5 Mechanism
-
-   Support for this name form is not required for GSS-V1
-   implementations, but will be required for use in conjunction with the
-   GSS_Export_name() call planned for GSS-API Version 2.  Use of this
-   name form will be signified by a "GSS-API Exported Name Object" OID
-   value which will be defined at the mechanism-independent level for
-
-
-
-Linn                        Standards Track                    [Page 14]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   GSS-API Version 2.
-
-   This name type represents a self-describing object, whose framing
-   structure will be defined at the mechanism-independent level for
-   GSS-API Version 2.  When generated by the Kerberos V5 mechanism, the
-   Mechanism OID within the exportable name shall be that of the
-   Kerberos V5 mechanism.  The name component within the exportable name
-   shall be a contiguous string with structure as defined for the
-   Kerberos Principal Name Form.
-
-   In order to achieve a distinguished encoding for comparison purposes,
-   the following additional constraints are imposed on the export
-   operation:
-
-        (1) all occurrences of the characters `@`,  `/`, and `\` within
-        principal components or realm names shall be quoted with an
-        immediately-preceding `\`.
-
-        (2) all occurrences of the null, backspace, tab, or newline
-        characters within principal components or realm names will be
-        represented, respectively, with `\0`, `\b`, `\t`, or `\n`.
-
-        (3) the `\` quoting character shall not be emitted within an
-        exported name except to accomodate cases (1) and (2).
-
-2.2. Optional Name Forms
-
-   This section discusses additional name forms which may optionally be
-   supported by implementations of the Kerberos V5 GSS-API mechanism.
-   It is recognized that some of the name forms cited here are derived
-   from UNIX(tm) operating system platforms; some listed forms may be
-   irrelevant to non-UNIX platforms, and definition of additional forms
-   corresponding to such platforms may also be appropriate.  It is also
-   recognized that OS-specific functions outside GSS-API are likely to
-   exist in order to perform translations among these forms, and that
-   GSS-API implementations supporting these forms may themselves be
-   layered atop such OS-specific functions.  Inclusion of this support
-   within GSS-API implementations is intended as a convenience to
-   applications.
-
-2.2.1. User Name Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) user_name(1)}.  The recommended symbolic name for this
-   type is "GSS_KRB5_NT_USER_NAME".
-
-   This name type is used to indicate a named user on a local system.
-
-
-
-Linn                        Standards Track                    [Page 15]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   Its interpretation is OS-specific.  This name form is constructed as:
-
-      username
-
-   Assuming that users' principal names are the same as their local
-   operating system names, an implementation of GSS_Import_name() based
-   on Kerberos V5 technology can process names of this form by
-   postfixing an "@" sign and the name of the local realm.
-
-2.2.2. Machine UID Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
-   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
-
-   This name type is used to indicate a numeric user identifier
-   corresponding to a user on a local system.  Its interpretation is
-   OS-specific.  The gss_buffer_desc representing a name of this type
-   should contain a locally-significant uid_t, represented in host byte
-   order.  The GSS_Import_name() operation resolves this uid into a
-   username, which is then treated as the User Name Form.
-
-2.2.3. String UID Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) string_uid_name(3)}.  The recommended symbolic name for
-   this type is "GSS_KRB5_NT_STRING_UID_NAME".
-
-   This name type is used to indicate a string of digits representing
-   the numeric user identifier of a user on a local system.  Its
-   interpretation is OS-specific. This name type is similar to the
-   Machine UID Form, except that the buffer contains a string
-   representing the uid_t.
-
-3. Credentials Management
-
-   The Kerberos V5 protocol uses different credentials (in the GSSAPI
-   sense) for initiating and accepting security contexts.  Normal
-   clients receive a ticket-granting ticket (TGT) and an associated
-   session key at "login" time; the pair of a TGT and its corresponding
-   session key forms a credential which is suitable for initiating
-   security contexts.  A ticket-granting ticket, its session key, and
-   any other (ticket, key) pairs obtained through use of the ticket-
-   granting-ticket, are typically stored in a Kerberos V5 credentials
-   cache, sometimes known as a ticket file.
-
-
-
-
-Linn                        Standards Track                    [Page 16]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   The encryption key used by the Kerberos server to seal tickets for a
-   particular application service forms the credentials suitable for
-   accepting security contexts.  These service keys are typically stored
-   in a Kerberos V5 key table, or srvtab file.  In addition to their use
-   as accepting credentials, these service keys may also be used to
-   obtain initiating credentials for their service principal.
-
-   The Kerberos V5 mechanism's credential handle may contain references
-   to either or both types of credentials.  It is a local matter how the
-   Kerberos V5 mechanism implementation finds the appropriate Kerberos
-   V5 credentials cache or key table.
-
-   However, when the Kerberos V5 mechanism attempts to obtain initiating
-   credentials for a service principal which are not available in a
-   credentials cache, and the key for that service principal is
-   available in a Kerberos V5 key table, the mechanism should use the
-   service key to obtain initiating credentials for that service.  This
-   should be accomplished by requesting a ticket-granting-ticket from
-   the Kerberos Key Distribution Center (KDC), and decrypting the KDC's
-   reply using the service key.
-
-4. Parameter Definitions
-
-   This section defines parameter values used by the Kerberos V5 GSS-API
-   mechanism.  It defines interface elements in support of portability,
-   and assumes use of C language bindings per RFC-1509.
-
-4.1. Minor Status Codes
-
-   This section recommends common symbolic names for minor_status values
-   to be returned by the Kerberos V5 GSS-API mechanism.  Use of these
-   definitions will enable independent implementors to enhance
-   application portability across different implementations of the
-   mechanism defined in this specification.  (In all cases,
-   implementations of GSS_Display_status() will enable callers to
-   convert minor_status indicators to text representations.) Each
-   implementation should make available, through include files or other
-   means, a facility to translate these symbolic names into the concrete
-   values which a particular GSS-API implementation uses to represent
-   the minor_status values specified in this section.
-
-   It is recognized that this list may grow over time, and that the need
-   for additional minor_status codes specific to particular
-   implementations may arise.  It is recommended, however, that
-   implementations should return a minor_status value as defined on a
-   mechanism-wide basis within this section when that code is accurately
-   representative of reportable status rather than using a separate,
-   implementation-defined code.
-
-
-
-Linn                        Standards Track                    [Page 17]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-4.1.1. Non-Kerberos-specific codes
-
-   GSS_KRB5_S_G_BAD_SERVICE_NAME
-           /* "No @ in SERVICE-NAME name string" */
-   GSS_KRB5_S_G_BAD_STRING_UID
-           /* "STRING-UID-NAME contains nondigits" */
-   GSS_KRB5_S_G_NOUSER
-           /* "UID does not resolve to username" */
-   GSS_KRB5_S_G_VALIDATE_FAILED
-           /* "Validation error" */
-   GSS_KRB5_S_G_BUFFER_ALLOC
-           /* "Couldn't allocate gss_buffer_t data" */
-   GSS_KRB5_S_G_BAD_MSG_CTX
-           /* "Message context invalid" */
-   GSS_KRB5_S_G_WRONG_SIZE
-           /* "Buffer is the wrong size" */
-   GSS_KRB5_S_G_BAD_USAGE
-           /* "Credential usage type is unknown" */
-   GSS_KRB5_S_G_UNKNOWN_QOP
-           /* "Unknown quality of protection specified" */
-
-4.1.2. Kerberos-specific-codes
-
-   GSS_KRB5_S_KG_CCACHE_NOMATCH
-           /* "Principal in credential cache does not match desired name" */
-   GSS_KRB5_S_KG_KEYTAB_NOMATCH
-           /* "No principal in keytab matches desired name" */
-   GSS_KRB5_S_KG_TGT_MISSING
-           /* "Credential cache has no TGT" */
-   GSS_KRB5_S_KG_NO_SUBKEY
-           /* "Authenticator has no subkey" */
-   GSS_KRB5_S_KG_CONTEXT_ESTABLISHED
-           /* "Context is already fully established" */
-   GSS_KRB5_S_KG_BAD_SIGN_TYPE
-           /* "Unknown signature type in token" */
-   GSS_KRB5_S_KG_BAD_LENGTH
-           /* "Invalid field length in token" */
-   GSS_KRB5_S_KG_CTX_INCOMPLETE
-           /* "Attempt to use incomplete security context" */
-
-4.2. Quality of Protection Values
-
-   This section defines Quality of Protection (QOP) values to be used
-   with the Kerberos V5 GSS-API mechanism as input to GSS_Wrap() and
-   GSS_GetMIC() routines in order to select among alternate integrity
-   and confidentiality algorithms. Additional QOP values may be added in
-   future versions of this specification.  Non-overlapping bit positions
-   are and will be employed in order that both integrity and
-
-
-
-Linn                        Standards Track                    [Page 18]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-   confidentiality QOP may be selected within a single parameter, via
-   inclusive-OR of the specified integrity and confidentiality values.
-
-4.2.1. Integrity Algorithms
-
-   The following Quality of Protection (QOP) values are currently
-   defined for the Kerberos V5 GSS-API mechanism, and are used to select
-   among alternate integrity checking algorithms.
-
-   GSS_KRB5_INTEG_C_QOP_MD5        (numeric value: 1)
-           /* Integrity using partial MD5 ("MD2.5") of plaintext */
-
-   GSS_KRB5_INTEG_C_QOP_DES_MD5    (numeric value: 2)
-           /* Integrity using DES MAC of MD5 of plaintext */
-
-   GSS_KRB5_INTEG_C_QOP_DES_MAC    (numeric value: 3)
-           /* Integrity using DES MAC of plaintext */
-
-4.2.2. Confidentiality Algorithms
-
-   Only one confidentiality QOP value is currently defined for the
-   Kerberos V5 GSS-API mechanism:
-
-   GSS_KRB5_CONF_C_QOP_DES         (numeric value: 0)
-           /* Confidentiality with DES */
-
-   Note: confidentiality QOP should be indicated only by GSS-API calls
-   capable of providing confidentiality services. If non-zero
-   confidentiality QOP values are defined in future to represent
-   different algorithms, therefore, the bit positions containing those
-   values should be cleared before being returned by implementations of
-   GSS_GetMIC() and GSS_VerifyMIC().
-
-4.3. Buffer Sizes
-
-   All implementations of this specification shall be capable of
-   accepting buffers of at least 16 Kbytes as input to GSS_GetMIC(),
-   GSS_VerifyMIC(), and GSS_Wrap(), and shall be capable of accepting
-   the output_token generated by GSS_Wrap() for a 16 Kbyte input buffer
-   as input to GSS_Unwrap(). Support for larger buffer sizes is optional
-   but recommended.
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 19]
-
-RFC 1964               Kerberos Version 5 GSS-API              June 1996
-
-
-5. Security Considerations
-
-   Security issues are discussed throughout this memo.
-
-6. References
-
-
-   [RFC-1321]: Rivest, R., "The MD5 Message-Digest Algorithm", RFC
-   1321, April 1992.
-
-   [RFC-1508]: Linn, J., "Generic Security Service Application Program
-   Interface", RFC 1508, September 1993.
-
-   [RFC-1509]: Wray, J., "Generic Security Service Application Program
-   Interface: C-bindings", RFC 1509, September 1993.
-
-   [RFC-1510]: Kohl, J., and C. Neuman, "The Kerberos Network
-   Authentication Service (V5)", RFC 1510, September 1993.
-
-   [FIPS-PUB-113]: National Bureau of Standards, Federal Information
-   Processing Standard 113, "Computer Data Authentication", May 1985.
-
-AUTHOR'S ADDRESS
-
-   John Linn
-   OpenVision Technologies
-   One Main St.
-   Cambridge, MA  02142  USA
-
-   Phone: +1 617.374.2245
-   EMail: John.Linn@ov.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 20]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc2078.txt b/crypto/heimdal/doc/standardisation/rfc2078.txt
deleted file mode 100644
index 1dd1e4aebd2d..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc2078.txt
+++ /dev/null
@@ -1,4763 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                           J. Linn
-Request for Comments: 2078                      OpenVision Technologies
-Category: Standards Track                                  January 1997
-Obsoletes: 1508
-
-
-   Generic Security Service Application Program Interface, Version 2
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-Abstract
-
-   The Generic Security Service Application Program Interface (GSS-API),
-   as defined in RFC-1508, provides security services to callers in a
-   generic fashion, supportable with a range of underlying mechanisms
-   and technologies and hence allowing source-level portability of
-   applications to different environments. This specification defines
-   GSS-API services and primitives at a level independent of underlying
-   mechanism and programming language environment, and is to be
-   complemented by other, related specifications:
-
-      documents defining specific parameter bindings for particular
-      language environments
-
-      documents defining token formats, protocols, and procedures to be
-      implemented in order to realize GSS-API services atop particular
-      security mechanisms
-
-   This memo revises RFC-1508, making specific, incremental changes in
-   response to implementation experience and liaison requests. It is
-   intended, therefore, that this memo or a successor version thereto
-   will become the basis for subsequent progression of the GSS-API
-   specification on the standards track.
-
-Table of Contents
-
-   1: GSS-API Characteristics and Concepts..........................  3
-   1.1: GSS-API Constructs..........................................  6
-   1.1.1:  Credentials..............................................  6
-   1.1.1.1: Credential Constructs and Concepts......................  6
-   1.1.1.2: Credential Management...................................  7
-   1.1.1.3: Default Credential Resolution...........................  8
-
-
-
-Linn                        Standards Track                     [Page 1]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   1.1.2: Tokens....................................................  9
-   1.1.3:  Security Contexts........................................ 10
-   1.1.4:  Mechanism Types.......................................... 11
-   1.1.5:  Naming................................................... 12
-   1.1.6:  Channel Bindings......................................... 14
-   1.2:  GSS-API Features and Issues................................ 15
-   1.2.1:  Status Reporting......................................... 15
-   1.2.2: Per-Message Security Service Availability................. 17
-   1.2.3: Per-Message Replay Detection and Sequencing............... 18
-   1.2.4:  Quality of Protection.................................... 20
-   1.2.5: Anonymity Support......................................... 21
-   1.2.6: Initialization............................................ 22
-   1.2.7: Per-Message Protection During Context Establishment....... 22
-   1.2.8: Implementation Robustness................................. 23
-   2:  Interface Descriptions....................................... 23
-   2.1:  Credential management calls................................ 25
-   2.1.1:  GSS_Acquire_cred call.................................... 26
-   2.1.2:  GSS_Release_cred call.................................... 28
-   2.1.3:  GSS_Inquire_cred call.................................... 29
-   2.1.4:  GSS_Add_cred call........................................ 31
-   2.1.5:  GSS_Inquire_cred_by_mech call............................ 33
-   2.2:  Context-level calls........................................ 34
-   2.2.1:  GSS_Init_sec_context call................................ 34
-   2.2.2:  GSS_Accept_sec_context call.............................. 40
-   2.2.3:  GSS_Delete_sec_context call.............................. 44
-   2.2.4:  GSS_Process_context_token call........................... 46
-   2.2.5:  GSS_Context_time call.................................... 47
-   2.2.6:  GSS_Inquire_context call................................. 47
-   2.2.7:  GSS_Wrap_size_limit call................................. 49
-   2.2.8:  GSS_Export_sec_context call.............................. 50
-   2.2.9:  GSS_Import_sec_context call.............................. 52
-   2.3:  Per-message calls.......................................... 53
-   2.3.1:  GSS_GetMIC call.......................................... 54
-   2.3.2:  GSS_VerifyMIC call....................................... 55
-   2.3.3:  GSS_Wrap call............................................ 56
-   2.3.4:  GSS_Unwrap call.......................................... 58
-   2.4:  Support calls.............................................. 59
-   2.4.1:  GSS_Display_status call.................................. 60
-   2.4.2:  GSS_Indicate_mechs call.................................. 60
-   2.4.3:  GSS_Compare_name call.................................... 61
-   2.4.4:  GSS_Display_name call.................................... 62
-   2.4.5:  GSS_Import_name call..................................... 63
-   2.4.6:  GSS_Release_name call.................................... 64
-   2.4.7:  GSS_Release_buffer call.................................. 65
-   2.4.8:  GSS_Release_OID_set call................................. 65
-   2.4.9:  GSS_Create_empty_OID_set call............................ 66
-   2.4.10: GSS_Add_OID_set_member call.............................. 67
-   2.4.11: GSS_Test_OID_set_member call............................. 67
-
-
-
-Linn                        Standards Track                     [Page 2]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   2.4.12: GSS_Release_OID call..................................... 68
-   2.4.13: GSS_OID_to_str call...................................... 68
-   2.4.14: GSS_Str_to_OID call...................................... 69
-   2.4.15: GSS_Inquire_names_for_mech call.......................... 69
-   2.4.16: GSS_Inquire_mechs_for_name call.......................... 70
-   2.4.17: GSS_Canonicalize_name call............................... 71
-   2.4.18: GSS_Export_name call..................................... 72
-   2.4.19: GSS_Duplicate_name call.................................. 73
-   3: Data Structure Definitions for GSS-V2 Usage................... 73
-   3.1: Mechanism-Independent Token Format.......................... 74
-   3.2: Mechanism-Independent Exported Name Object Format........... 77
-   4: Name Type Definitions......................................... 77
-   4.1: Host-Based Service Name Form................................ 77
-   4.2: User Name Form.............................................. 78
-   4.3: Machine UID Form............................................ 78
-   4.4: String UID Form............................................. 79
-   5:  Mechanism-Specific Example Scenarios......................... 79
-   5.1: Kerberos V5, single-TGT..................................... 79
-   5.2: Kerberos V5, double-TGT..................................... 80
-   5.3:  X.509 Authentication Framework............................. 81
-   6:  Security Considerations...................................... 82
-   7:  Related Activities........................................... 82
-   Appendix A: Mechanism Design Constraints......................... 83
-   Appendix B: Compatibility with GSS-V1............................ 83
-
-1: GSS-API Characteristics and Concepts
-
-   GSS-API operates in the following paradigm.  A typical GSS-API caller
-   is itself a communications protocol, calling on GSS-API in order to
-   protect its communications with authentication, integrity, and/or
-   confidentiality security services.  A GSS-API caller accepts tokens
-   provided to it by its local GSS-API implementation and transfers the
-   tokens to a peer on a remote system; that peer passes the received
-   tokens to its local GSS-API implementation for processing. The
-   security services available through GSS-API in this fashion are
-   implementable (and have been implemented) over a range of underlying
-   mechanisms based on secret-key and public-key cryptographic
-   technologies.
-
-   The GSS-API separates the operations of initializing a security
-   context between peers, achieving peer entity authentication (This
-   security service definition, and other definitions used in this
-   document, corresponds to that provided in International Standard ISO
-   7498-2-1988(E), Security Architecture.) (GSS_Init_sec_context()  and
-   GSS_Accept_sec_context() calls), from the operations of providing
-   per-message data origin authentication and data integrity protection
-   (GSS_GetMIC()  and GSS_VerifyMIC()  calls) for messages subsequently
-   transferred in conjunction with that context.  When establishing a
-
-
-
-Linn                        Standards Track                     [Page 3]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   security context, the GSS-API enables a context initiator to
-   optionally permit its credentials to be delegated, meaning that the
-   context acceptor may initiate further security contexts on behalf of
-   the initiating caller. Per-message GSS_Wrap()  and GSS_Unwrap() calls
-   provide the data origin authentication and data integrity services
-   which GSS_GetMIC()  and GSS_VerifyMIC() offer, and also support
-   selection of confidentiality services as a caller option.  Additional
-   calls provide supportive functions to the GSS-API's users.
-
-   The following paragraphs provide an example illustrating the
-   dataflows involved in use of the GSS-API by a client and server in a
-   mechanism-independent fashion, establishing a security context and
-   transferring a protected message. The example assumes that credential
-   acquisition has already been completed.  The example assumes that the
-   underlying authentication technology is capable of authenticating a
-   client to a server using elements carried within a single token, and
-   of authenticating the server to the client (mutual authentication)
-   with a single returned token; this assumption holds for presently-
-   documented CAT mechanisms but is not necessarily true for other
-   cryptographic technologies and associated protocols.
-
-   The client calls GSS_Init_sec_context()  to establish a security
-   context to the server identified by targ_name, and elects to set the
-   mutual_req_flag so that mutual authentication is performed in the
-   course of context establishment. GSS_Init_sec_context()  returns an
-   output_token to be passed to the server, and indicates
-   GSS_S_CONTINUE_NEEDED status pending completion of the mutual
-   authentication sequence. Had mutual_req_flag not been set, the
-   initial call to GSS_Init_sec_context()  would have returned
-   GSS_S_COMPLETE status. The client sends the output_token to the
-   server.
-
-   The server passes the received token as the input_token parameter to
-   GSS_Accept_sec_context().  GSS_Accept_sec_context indicates
-   GSS_S_COMPLETE status, provides the client's authenticated identity
-   in the src_name result, and provides an output_token to be passed to
-   the client. The server sends the output_token to the client.
-
-   The client passes the received token as the input_token parameter to
-   a successor call to GSS_Init_sec_context(),  which processes data
-   included in the token in order to achieve mutual authentication from
-   the client's viewpoint. This call to GSS_Init_sec_context()  returns
-   GSS_S_COMPLETE status, indicating successful mutual authentication
-   and the completion of context establishment for this example.
-
-   The client generates a data message and passes it to GSS_Wrap().
-   GSS_Wrap() performs data origin authentication, data integrity, and
-   (optionally) confidentiality processing on the message and
-
-
-
-Linn                        Standards Track                     [Page 4]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   encapsulates the result into output_message, indicating
-   GSS_S_COMPLETE status. The client sends the output_message to the
-   server.
-
-   The server passes the received message to GSS_Unwrap().  GSS_Unwrap()
-   inverts the encapsulation performed by GSS_Wrap(),  deciphers the
-   message if the optional confidentiality feature was applied, and
-   validates the data origin authentication and data integrity checking
-   quantities. GSS_Unwrap()  indicates successful validation by
-   returning GSS_S_COMPLETE status along with the resultant
-   output_message.
-
-   For purposes of this example, we assume that the server knows by
-   out-of-band means that this context will have no further use after
-   one protected message is transferred from client to server. Given
-   this premise, the server now calls GSS_Delete_sec_context() to flush
-   context-level information.  Optionally, the server-side application
-   may provide a token buffer to GSS_Delete_sec_context(), to receive a
-   context_token to be transferred to the client in order to request
-   that client-side context-level information be deleted.
-
-   If a context_token is transferred, the client passes the
-   context_token to GSS_Process_context_token(), which returns
-   GSS_S_COMPLETE status after deleting context-level information at the
-   client system.
-
-   The GSS-API design assumes and addresses several basic goals,
-   including:
-
-      Mechanism independence: The GSS-API defines an interface to
-      cryptographically implemented strong authentication and other
-      security services at a generic level which is independent of
-      particular underlying mechanisms. For example, GSS-API-provided
-      services can be implemented by secret-key technologies (e.g.,
-      Kerberos) or public-key approaches (e.g., X.509).
-
-      Protocol environment independence: The GSS-API is independent of
-      the communications protocol suites with which it is employed,
-      permitting use in a broad range of protocol environments. In
-      appropriate environments, an intermediate implementation "veneer"
-      which is oriented to a particular communication protocol (e.g.,
-      Remote Procedure Call (RPC)) may be interposed between
-      applications which call that protocol and the GSS-API, thereby
-      invoking GSS-API facilities in conjunction with that protocol's
-      communications invocations.
-
-      Protocol association independence: The GSS-API's security context
-      construct is independent of communications protocol association
-
-
-
-Linn                        Standards Track                     [Page 5]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      constructs. This characteristic allows a single GSS-API
-      implementation to be utilized by a variety of invoking protocol
-      modules on behalf of those modules' calling applications. GSS-API
-      services can also be invoked directly by applications, wholly
-      independent of protocol associations.
-
-      Suitability to a range of implementation placements: GSS-API
-      clients are not constrained to reside within any Trusted Computing
-      Base (TCB) perimeter defined on a system where the GSS-API is
-      implemented; security services are specified in a manner suitable
-      to both intra-TCB and extra-TCB callers.
-
-1.1: GSS-API Constructs
-
-   This section describes the basic elements comprising the GSS-API.
-
-1.1.1:  Credentials
-
-1.1.1.1: Credential Constructs and Concepts
-
-   Credentials provide the prerequisites which permit GSS-API peers to
-   establish security contexts with each other. A caller may designate
-   that the credential elements which are to be applied for context
-   initiation or acceptance be selected by default.  Alternately, those
-   GSS-API callers which need to make explicit selection of particular
-   credentials structures may make references to those credentials
-   through GSS-API-provided credential handles ("cred_handles").  In all
-   cases, callers' credential references are indirect, mediated by GSS-
-   API implementations and not requiring callers to access the selected
-   credential elements.
-
-   A single credential structure may be used to initiate outbound
-   contexts and to accept inbound contexts. Callers needing to operate
-   in only one of these modes may designate this fact when credentials
-   are acquired for use, allowing underlying mechanisms to optimize
-   their processing and storage requirements. The credential elements
-   defined by a particular mechanism may contain multiple cryptographic
-   keys, e.g., to enable authentication and message encryption to be
-   performed with different algorithms.
-
-   A GSS-API credential structure may contain multiple credential
-   elements, each containing mechanism-specific information for a
-   particular underlying mechanism (mech_type), but the set of elements
-   within a given credential structure represent a common entity.  A
-   credential structure's contents will vary depending on the set of
-   mech_types supported by a particular GSS-API implementation. Each
-   credential element identifies the data needed by its mechanism in
-   order to establish contexts on behalf of a particular principal, and
-
-
-
-Linn                        Standards Track                     [Page 6]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   may contain separate credential references for use in context
-   initiation and context acceptance.  Multiple credential elements
-   within a given credential having overlapping combinations of
-   mechanism, usage mode, and validity period are not permitted.
-
-   Commonly, a single mech_type will be used for all security contexts
-   established by a particular initiator to a particular target. A major
-   motivation for supporting credential sets representing multiple
-   mech_types is to allow initiators on systems which are equipped to
-   handle multiple types to initiate contexts to targets on other
-   systems which can accommodate only a subset of the set supported at
-   the initiator's system.
-
-1.1.1.2: Credential Management
-
-   It is the responsibility of underlying system-specific mechanisms and
-   OS functions below the GSS-API to ensure that the ability to acquire
-   and use credentials associated with a given identity is constrained
-   to appropriate processes within a system. This responsibility should
-   be taken seriously by implementors, as the ability for an entity to
-   utilize a principal's credentials is equivalent to the entity's
-   ability to successfully assert that principal's identity.
-
-   Once a set of GSS-API credentials is established, the transferability
-   of that credentials set to other processes or analogous constructs
-   within a system is a local matter, not defined by the GSS-API. An
-   example local policy would be one in which any credentials received
-   as a result of login to a given user account, or of delegation of
-   rights to that account, are accessible by, or transferable to,
-   processes running under that account.
-
-   The credential establishment process (particularly when performed on
-   behalf of users rather than server processes) is likely to require
-   access to passwords or other quantities which should be protected
-   locally and exposed for the shortest time possible. As a result, it
-   will often be appropriate for preliminary credential establishment to
-   be performed through local means at user login time, with the
-   result(s) cached for subsequent reference. These preliminary
-   credentials would be set aside (in a system-specific fashion) for
-   subsequent use, either:
-
-      to be accessed by an invocation of the GSS-API GSS_Acquire_cred()
-      call, returning an explicit handle to reference that credential
-
-      to comprise default credential elements to be installed, and to be
-      used when default credential behavior is requested on behalf of a
-      process
-
-
-
-
-Linn                        Standards Track                     [Page 7]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-1.1.1.3: Default Credential Resolution
-
-   The gss_init_sec_context and gss_accept_sec_context routines allow
-   the value GSS_C_NO_CREDENTIAL to be specified as their credential
-   handle parameter.  This special credential-handle indicates a desire
-   by the application to act as a default principal.  While individual
-   GSS-API implementations are free to determine such default behavior
-   as appropriate to the mechanism, the following default behavior by
-   these routines is recommended for portability:
-
-   GSS_Init_sec_context:
-
-      (i) If there is only a single principal capable of initiating
-      security contexts that the application is authorized to act on
-      behalf of, then that principal shall be used, otherwise
-
-      (ii) If the platform maintains a concept of a default network-
-      identity, and if the application is authorized to act on behalf of
-      that identity for the purpose of initiating security contexts,
-      then the principal corresponding to that identity shall be used,
-      otherwise
-
-      (iii) If the platform maintains a concept of a default local
-      identity, and provides a means to map local identities into
-      network-identities, and if the application is authorized to act on
-      behalf of the network-identity image of the default local identity
-      for the purpose of initiating security contexts, then the
-      principal corresponding to that identity shall be used, otherwise
-
-      (iv) A user-configurable default identity should be used.
-
-   GSS_Accept_sec_context:
-
-      (i) If there is only a single authorized principal identity
-      capable of accepting security contexts, then that principal shall
-      be used, otherwise
-
-      (ii) If the mechanism can determine the identity of the target
-      principal by examining the context-establishment token, and if the
-      accepting application is authorized to act as that principal for
-      the purpose of accepting security contexts, then that principal
-      identity shall be used, otherwise
-
-      (iii) If the mechanism supports context acceptance by any
-      principal, and mutual authentication was not requested, any
-      principal that the application is authorized to accept security
-      contexts under may be used, otherwise
-
-
-
-
-Linn                        Standards Track                     [Page 8]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      (iv) A user-configurable default identity shall be used.
-
-   The purpose of the above rules is to allow security contexts to be
-   established by both initiator and acceptor using the default behavior
-   wherever possible.  Applications requesting default behavior are
-   likely to be more portable across mechanisms and platforms than ones
-   that use GSS_Acquire_cred to request a specific identity.
-
-1.1.2: Tokens
-
-   Tokens are data elements transferred between GSS-API callers, and are
-   divided into two classes. Context-level tokens are exchanged in order
-   to establish and manage a security context between peers. Per-message
-   tokens relate to an established context and are exchanged to provide
-   protective security services (i.e., data origin authentication,
-   integrity, and optional confidentiality) for corresponding data
-   messages.
-
-   The first context-level token obtained from GSS_Init_sec_context() is
-   required to indicate at its very beginning a globally-interpretable
-   mechanism identifier, i.e., an Object Identifier (OID) of the
-   security mechanism. The remaining part of this token as well as the
-   whole content of all other tokens are specific to the particular
-   underlying mechanism used to support the GSS-API. Section 3 of this
-   document provides, for designers of GSS-API support mechanisms, the
-   description of the header of the first context-level token which is
-   then followed by mechanism-specific information.
-
-   Tokens' contents are opaque from the viewpoint of GSS-API callers.
-   They are generated within the GSS-API implementation at an end
-   system, provided to a GSS-API caller to be transferred to the peer
-   GSS-API caller at a remote end system, and processed by the GSS-API
-   implementation at that remote end system. Tokens may be output by
-   GSS-API calls (and should be transferred to GSS-API peers) whether or
-   not the calls' status indicators indicate successful completion.
-   Token transfer may take place in an in-band manner, integrated into
-   the same protocol stream used by the GSS-API callers for other data
-   transfers, or in an out-of-band manner across a logically separate
-   channel.
-
-   Different GSS-API tokens are used for different purposes (e.g.,
-   context initiation, context acceptance, protected message data on an
-   established context), and it is the responsibility of a GSS-API
-   caller receiving tokens to distinguish their types, associate them
-   with corresponding security contexts, and pass them to appropriate
-   GSS-API processing routines.  Depending on the caller protocol
-   environment, this distinction may be accomplished in several ways.
-
-
-
-
-Linn                        Standards Track                     [Page 9]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   The following examples illustrate means through which tokens' types
-   may be distinguished:
-
-      - implicit tagging based on state information (e.g., all tokens on
-      a new association are considered to be context establishment
-      tokens until context establishment is completed, at which point
-      all tokens are considered to be wrapped data objects for that
-      context),
-
-      - explicit tagging at the caller protocol level,
-
-      - a hybrid of these approaches.
-
-   Commonly, the encapsulated data within a token includes internal
-   mechanism-specific tagging information, enabling mechanism-level
-   processing modules to distinguish tokens used within the mechanism
-   for different purposes.  Such internal mechanism-level tagging is
-   recommended to mechanism designers, and enables mechanisms to
-   determine whether a caller has passed a particular token for
-   processing by an inappropriate GSS-API routine.
-
-   Development of GSS-API support primitives based on a particular
-   underlying cryptographic technique and protocol (i.e., conformant to
-   a specific GSS-API mechanism definition) does not necessarily imply
-   that GSS-API callers using that GSS-API mechanism will be able to
-   interoperate with peers invoking the same technique and protocol
-   outside the GSS-API paradigm, or with peers implementing a different
-   GSS-API mechanism based on the same underlying technology.  The
-   format of GSS-API tokens defined in conjunction with a particular
-   mechanism, and the techniques used to integrate those tokens into
-   callers' protocols, may not be interoperable with the tokens used by
-   non-GSS-API callers of the same underlying technique.
-
-1.1.3:  Security Contexts
-
-   Security contexts are established between peers, using credentials
-   established locally in conjunction with each peer or received by
-   peers via delegation. Multiple contexts may exist simultaneously
-   between a pair of peers, using the same or different sets of
-   credentials. Coexistence of multiple contexts using different
-   credentials allows graceful rollover when credentials expire.
-   Distinction among multiple contexts based on the same credentials
-   serves applications by distinguishing different message streams in a
-   security sense.
-
-   The GSS-API is independent of underlying protocols and addressing
-   structure, and depends on its callers to transport GSS-API-provided
-   data elements. As a result of these factors, it is a caller
-
-
-
-Linn                        Standards Track                    [Page 10]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   responsibility to parse communicated messages, separating GSS-API-
-   related data elements from caller-provided data.  The GSS-API is
-   independent of connection vs. connectionless orientation of the
-   underlying communications service.
-
-   No correlation between security context and communications protocol
-   association is dictated. (The optional channel binding facility,
-   discussed in Section 1.1.6 of this document, represents an
-   intentional exception to this rule, supporting additional protection
-   features within GSS-API supporting mechanisms.) This separation
-   allows the GSS-API to be used in a wide range of communications
-   environments, and also simplifies the calling sequences of the
-   individual calls. In many cases (depending on underlying security
-   protocol, associated mechanism, and availability of cached
-   information), the state information required for context setup can be
-   sent concurrently with initial signed user data, without interposing
-   additional message exchanges.
-
-1.1.4:  Mechanism Types
-
-   In order to successfully establish a security context with a target
-   peer, it is necessary to identify an appropriate underlying mechanism
-   type (mech_type) which both initiator and target peers support. The
-   definition of a mechanism embodies not only the use of a particular
-   cryptographic technology (or a hybrid or choice among alternative
-   cryptographic technologies), but also definition of the syntax and
-   semantics of data element exchanges which that mechanism will employ
-   in order to support security services.
-
-   It is recommended that callers initiating contexts specify the
-   "default" mech_type value, allowing system-specific functions within
-   or invoked by the GSS-API implementation to select the appropriate
-   mech_type, but callers may direct that a particular mech_type be
-   employed when necessary.
-
-   The means for identifying a shared mech_type to establish a security
-   context with a peer will vary in different environments and
-   circumstances; examples include (but are not limited to):
-
-      use of a fixed mech_type, defined by configuration, within an
-      environment
-
-      syntactic convention on a target-specific basis, through
-      examination of a target's name
-
-      lookup of a target's name in a naming service or other database in
-      order to identify mech_types supported by that target
-
-
-
-
-Linn                        Standards Track                    [Page 11]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      explicit negotiation between GSS-API callers in advance of
-      security context setup
-
-   When transferred between GSS-API peers, mech_type specifiers (per
-   Section 3, represented as Object Identifiers (OIDs)) serve to qualify
-   the interpretation of associated tokens. (The structure and encoding
-   of Object Identifiers is defined in ISO/IEC 8824, "Specification of
-   Abstract Syntax Notation One (ASN.1)" and in ISO/IEC 8825,
-   "Specification of Basic Encoding Rules for Abstract Syntax Notation
-   One (ASN.1)".) Use of hierarchically structured OIDs serves to
-   preclude ambiguous interpretation of mech_type specifiers. The OID
-   representing the DASS MechType, for example, is 1.3.12.2.1011.7.5,
-   and that of the Kerberos V5 mechanism, once advanced to the level of
-   Proposed Standard, will be 1.2.840.113554.1.2.2.
-
-1.1.5:  Naming
-
-   The GSS-API avoids prescribing naming structures, treating the names
-   which are transferred across the interface in order to initiate and
-   accept security contexts as opaque objects.  This approach supports
-   the GSS-API's goal of implementability atop a range of underlying
-   security mechanisms, recognizing the fact that different mechanisms
-   process and authenticate names which are presented in different
-   forms. Generalized services offering translation functions among
-   arbitrary sets of naming environments are outside the scope of the
-   GSS-API; availability and use of local conversion functions to
-   translate among the naming formats supported within a given end
-   system is anticipated.
-
-   Different classes of name representations are used in conjunction
-   with different GSS-API parameters:
-
-      - Internal form (denoted in this document by INTERNAL NAME),
-      opaque to callers and defined by individual GSS-API
-      implementations.  GSS-API implementations supporting multiple
-      namespace types must maintain internal tags to disambiguate the
-      interpretation of particular names.  A Mechanism Name (MN) is a
-      special case of INTERNAL NAME, guaranteed to contain elements
-      corresponding to one and only one mechanism; calls which are
-      guaranteed to emit MNs or which require MNs as input are so
-      identified within this specification.
-
-      - Contiguous string ("flat") form (denoted in this document by
-      OCTET STRING); accompanied by OID tags identifying the namespace
-      to which they correspond.  Depending on tag value, flat names may
-      or may not be printable strings for direct acceptance from and
-      presentation to users. Tagging of flat names allows GSS-API
-      callers and underlying GSS-API mechanisms to disambiguate name
-
-
-
-Linn                        Standards Track                    [Page 12]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      types and to determine whether an associated name's type is one
-      which they are capable of processing, avoiding aliasing problems
-      which could result from misinterpreting a name of one type as a
-      name of another type.
-
-      - The GSS-API Exported Name Object, a special case of flat name
-      designated by a reserved OID value, carries a canonicalized form
-      of a name suitable for binary comparisons.
-
-   In addition to providing means for names to be tagged with types,
-   this specification defines primitives to support a level of naming
-   environment independence for certain calling applications. To provide
-   basic services oriented towards the requirements of callers which
-   need not themselves interpret the internal syntax and semantics of
-   names, GSS-API calls for name comparison (GSS_Compare_name()),
-   human-readable display (GSS_Display_name()), input conversion
-   (GSS_Import_name()), internal name deallocation (GSS_Release_name()),
-   and internal name duplication (GSS_Duplicate_name()) functions are
-   defined. (It is anticipated that these proposed GSS-API calls will be
-   implemented in many end systems based on system-specific name
-   manipulation primitives already extant within those end systems;
-   inclusion within the GSS-API is intended to offer GSS-API callers a
-   portable means to perform specific operations, supportive of
-   authorization and audit requirements, on authenticated names.)
-
-   GSS_Import_name() implementations can, where appropriate, support
-   more than one printable syntax corresponding to a given namespace
-   (e.g., alternative printable representations for X.500 Distinguished
-   Names), allowing flexibility for their callers to select among
-   alternative representations. GSS_Display_name() implementations
-   output a printable syntax selected as appropriate to their
-   operational environments; this selection is a local matter. Callers
-   desiring portability across alternative printable syntaxes should
-   refrain from implementing comparisons based on printable name forms
-   and should instead use the GSS_Compare_name()  call to determine
-   whether or not one internal-format name matches another.
-
-   The GSS_Canonicalize_name() and GSS_Export_name() calls enable
-   callers to acquire and process Exported Name Objects, canonicalized
-   and translated in accordance with the procedures of a particular
-   GSS-API mechanism.  Exported Name Objects can, in turn, be input to
-   GSS_Import_name(), yielding equivalent MNs. These facilities are
-   designed specifically to enable efficient storage and comparison of
-   names (e.g., for use in access control lists).
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 13]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   The following diagram illustrates the intended dataflow among name-
-   related GSS-API processing routines.
-
-                        GSS-API library defaults
-                               |
-                               |
-                               V                         text, for
-   text -------------->  internal_name (IN) -----------> display only
-         import_name()          /          display_name()
-                               /
-                              /
-                             /
-    accept_sec_context()    /
-          |                /
-          |               /
-          |              /  canonicalize_name()
-          |             /
-          |            /
-          |           /
-          |          /
-          |         /
-          |        |
-          V        V     <---------------------
-    single mechanism        import_name()         exported name: flat
-    internal_name (MN)                            binary "blob" usable
-                         ---------------------->  for access control
-                            export_name()
-
-1.1.6:  Channel Bindings
-
-   The GSS-API accommodates the concept of caller-provided channel
-   binding ("chan_binding") information.  Channel bindings are used to
-   strengthen the quality with which peer entity authentication is
-   provided during context establishment, by limiting the scope within
-   which an intercepted context establishment token can be reused by an
-   attacker. Specifically, they enable GSS-API callers to bind the
-   establishment of a security context to relevant characteristics
-   (e.g., addresses, transformed representations of encryption keys) of
-   the underlying communications channel, of protection mechanisms
-   applied to that communications channel, and to application-specific
-   data.
-
-   The caller initiating a security context must determine the
-   appropriate channel binding values to provide as input to the
-   GSS_Init_sec_context() call, and consistent values must be provided
-   to GSS_Accept_sec_context() by the context's target, in order for
-   both peers' GSS-API mechanisms to validate that received tokens
-   possess correct channel-related characteristics. Use or non-use of
-
-
-
-Linn                        Standards Track                    [Page 14]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   the GSS-API channel binding facility is a caller option.  GSS-API
-   mechanisms can operate in an environment where NULL channel bindings
-   are presented; mechanism implementors are encouraged, but not
-   required, to make use of caller-provided channel binding data within
-   their mechanisms. Callers should not assume that underlying
-   mechanisms provide confidentiality protection for channel binding
-   information.
-
-   When non-NULL channel bindings are provided by callers, certain
-   mechanisms can offer enhanced security value by interpreting the
-   bindings' content (rather than simply representing those bindings, or
-   integrity check values computed on them, within tokens) and will
-   therefore depend on presentation of specific data in a defined
-   format. To this end, agreements among mechanism implementors are
-   defining conventional interpretations for the contents of channel
-   binding arguments, including address specifiers (with content
-   dependent on communications protocol environment) for context
-   initiators and acceptors. (These conventions are being incorporated
-   in GSS-API mechanism specifications and into the GSS-API C language
-   bindings specification.) In order for GSS-API callers to be portable
-   across multiple mechanisms and achieve the full security
-   functionality which each mechanism can provide, it is strongly
-   recommended that GSS-API callers provide channel bindings consistent
-   with these conventions and those of the networking environment in
-   which they operate.
-
-1.2:  GSS-API Features and Issues
-
-   This section describes aspects of GSS-API operations, of the security
-   services which the GSS-API provides, and provides commentary on
-   design issues.
-
-1.2.1:  Status Reporting
-
-   Each GSS-API call provides two status return values. Major_status
-   values provide a mechanism-independent indication of call status
-   (e.g., GSS_S_COMPLETE, GSS_S_FAILURE, GSS_S_CONTINUE_NEEDED),
-   sufficient to drive normal control flow within the caller in a
-   generic fashion. Table 1 summarizes the defined major_status return
-   codes in tabular fashion.
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 15]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-Table 1: GSS-API Major Status Codes
-
-   FATAL ERROR CODES
-
-   GSS_S_BAD_BINDINGS            channel binding mismatch
-   GSS_S_BAD_MECH                unsupported mechanism requested
-   GSS_S_BAD_NAME                invalid name provided
-   GSS_S_BAD_NAMETYPE            name of unsupported type provided
-   GSS_S_BAD_STATUS              invalid input status selector
-   GSS_S_BAD_SIG                 token had invalid integrity check
-   GSS_S_CONTEXT_EXPIRED         specified security context expired
-   GSS_S_CREDENTIALS_EXPIRED     expired credentials detected
-   GSS_S_DEFECTIVE_CREDENTIAL    defective credential detected
-   GSS_S_DEFECTIVE_TOKEN         defective token detected
-   GSS_S_FAILURE                 failure, unspecified at GSS-API
-                                   level
-   GSS_S_NO_CONTEXT              no valid security context specified
-   GSS_S_NO_CRED                 no valid credentials provided
-   GSS_S_BAD_QOP                 unsupported QOP value
-   GSS_S_UNAUTHORIZED            operation unauthorized
-   GSS_S_UNAVAILABLE             operation unavailable
-   GSS_S_DUPLICATE_ELEMENT       duplicate credential element requested
-   GSS_S_NAME_NOT_MN             name contains multi-mechanism elements
-
-   INFORMATORY STATUS CODES
-
-   GSS_S_COMPLETE                normal completion
-   GSS_S_CONTINUE_NEEDED         continuation call to routine
-                                  required
-   GSS_S_DUPLICATE_TOKEN         duplicate per-message token
-                                  detected
-   GSS_S_OLD_TOKEN               timed-out per-message token
-                                  detected
-   GSS_S_UNSEQ_TOKEN             reordered (early) per-message token
-                                  detected
-   GSS_S_GAP_TOKEN               skipped predecessor token(s)
-                                  detected
-
-   Minor_status provides more detailed status information which may
-   include status codes specific to the underlying security mechanism.
-   Minor_status values are not specified in this document.
-
-   GSS_S_CONTINUE_NEEDED major_status returns, and optional message
-   outputs, are provided in GSS_Init_sec_context() and
-   GSS_Accept_sec_context()  calls so that different mechanisms'
-   employment of different numbers of messages within their
-   authentication sequences need not be reflected in separate code paths
-   within calling applications. Instead, such cases are accommodated
-
-
-
-Linn                        Standards Track                    [Page 16]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   with sequences of continuation calls to GSS_Init_sec_context()  and
-   GSS_Accept_sec_context().  The same mechanism is used to encapsulate
-   mutual authentication within the GSS-API's context initiation calls.
-
-   For mech_types which require interactions with third-party servers in
-   order to establish a security context, GSS-API context establishment
-   calls may block pending completion of such third-party interactions.
-
-   On the other hand, no GSS-API calls pend on serialized interactions
-   with GSS-API peer entities.  As a result, local GSS-API status
-   returns cannot reflect unpredictable or asynchronous exceptions
-   occurring at remote peers, and reflection of such status information
-   is a caller responsibility outside the GSS-API.
-
-1.2.2: Per-Message Security Service Availability
-
-   When a context is established, two flags are returned to indicate the
-   set of per-message protection security services which will be
-   available on the context:
-
-      the integ_avail flag indicates whether per-message integrity and
-      data origin authentication services are available
-
-      the conf_avail flag indicates whether per-message confidentiality
-      services are available, and will never be returned TRUE unless the
-      integ_avail flag is also returned TRUE
-
-      GSS-API callers desiring per-message security services should
-      check the values of these flags at context establishment time, and
-      must be aware that a returned FALSE value for integ_avail means
-      that invocation of GSS_GetMIC()  or GSS_Wrap() primitives on the
-      associated context will apply no cryptographic protection to user
-      data messages.
-
-   The GSS-API per-message integrity and data origin authentication
-   services provide assurance to a receiving caller that protection was
-   applied to a message by the caller's peer on the security context,
-   corresponding to the entity named at context initiation.  The GSS-API
-   per-message confidentiality service provides assurance to a sending
-   caller that the message's content is protected from access by
-   entities other than the context's named peer.
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 17]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   The GSS-API per-message protection service primitives, as the
-   category name implies, are oriented to operation at the granularity
-   of protocol data units. They perform cryptographic operations on the
-   data units, transfer cryptographic control information in tokens,
-   and, in the case of GSS_Wrap(), encapsulate the protected data unit.
-   As such, these primitives are not oriented to efficient data
-   protection for stream-paradigm protocols (e.g., Telnet) if
-   cryptography must be applied on an octet-by-octet basis.
-
-1.2.3: Per-Message Replay Detection and Sequencing
-
-   Certain underlying mech_types offer support for replay detection
-   and/or sequencing of messages transferred on the contexts they
-   support. These optionally-selectable protection features are distinct
-   from replay detection and sequencing features applied to the context
-   establishment operation itself; the presence or absence of context-
-   level replay or sequencing features is wholly a function of the
-   underlying mech_type's capabilities, and is not selected or omitted
-   as a caller option.
-
-   The caller initiating a context provides flags (replay_det_req_flag
-   and sequence_req_flag) to specify whether the use of per-message
-   replay detection and sequencing features is desired on the context
-   being established. The GSS-API implementation at the initiator system
-   can determine whether these features are supported (and whether they
-   are optionally selectable) as a function of mech_type, without need
-   for bilateral negotiation with the target. When enabled, these
-   features provide recipients with indicators as a result of GSS-API
-   processing of incoming messages, identifying whether those messages
-   were detected as duplicates or out-of-sequence. Detection of such
-   events does not prevent a suspect message from being provided to a
-   recipient; the appropriate course of action on a suspect message is a
-   matter of caller policy.
-
-   The semantics of the replay detection and sequencing services applied
-   to received messages, as visible across the interface which the GSS-
-   API provides to its clients, are as follows:
-
-   When replay_det_state is TRUE, the possible major_status returns for
-   well-formed and correctly signed messages are as follows:
-
-      1. GSS_S_COMPLETE indicates that the message was within the window
-      (of time or sequence space) allowing replay events to be detected,
-      and that the message was not a replay of a previously-processed
-      message within that window.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 18]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      2. GSS_S_DUPLICATE_TOKEN indicates that the cryptographic
-      checkvalue on the received message was correct, but that the
-      message was recognized as a duplicate of a previously-processed
-      message.
-
-      3. GSS_S_OLD_TOKEN indicates that the cryptographic checkvalue on
-      the received message was correct, but that the message is too old
-      to be checked for duplication.
-
-   When sequence_state is TRUE, the possible major_status returns for
-   well-formed and correctly signed messages are as follows:
-
-      1. GSS_S_COMPLETE indicates that the message was within the window
-      (of time or sequence space) allowing replay events to be detected,
-      that the message was not a replay of a previously-processed
-      message within that window, and that no predecessor sequenced
-      messages are missing relative to the last received message (if
-      any) processed on the context with a correct cryptographic
-      checkvalue.
-
-      2. GSS_S_DUPLICATE_TOKEN indicates that the integrity check value
-      on the received message was correct, but that the message was
-      recognized as a duplicate of a previously-processed message.
-
-      3. GSS_S_OLD_TOKEN indicates that the integrity check value on the
-      received message was correct, but that the token is too old to be
-      checked for duplication.
-
-      4. GSS_S_UNSEQ_TOKEN indicates that the cryptographic checkvalue
-      on the received message was correct, but that it is earlier in a
-      sequenced stream than a message already processed on the context.
-      [Note: Mechanisms can be architected to provide a stricter form of
-      sequencing service, delivering particular messages to recipients
-      only after all predecessor messages in an ordered stream have been
-      delivered.  This type of support is incompatible with the GSS-API
-      paradigm in which recipients receive all messages, whether in
-      order or not, and provide them (one at a time, without intra-GSS-
-      API message buffering) to GSS-API routines for validation.  GSS-
-      API facilities provide supportive functions, aiding clients to
-      achieve strict message stream integrity in an efficient manner in
-      conjunction with sequencing provisions in communications
-      protocols, but the GSS-API does not offer this level of message
-      stream integrity service by itself.]
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 19]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      5. GSS_S_GAP_TOKEN indicates that the cryptographic checkvalue on
-      the received message was correct, but that one or more predecessor
-      sequenced messages have not been successfully processed relative
-      to the last received message (if any) processed on the context
-      with a correct cryptographic checkvalue.
-
-   As the message stream integrity features (especially sequencing) may
-   interfere with certain applications' intended communications
-   paradigms, and since support for such features is likely to be
-   resource intensive, it is highly recommended that mech_types
-   supporting these features allow them to be activated selectively on
-   initiator request when a context is established. A context initiator
-   and target are provided with corresponding indicators
-   (replay_det_state and sequence_state), signifying whether these
-   features are active on a given context.
-
-   An example mech_type supporting per-message replay detection could
-   (when replay_det_state is TRUE) implement the feature as follows: The
-   underlying mechanism would insert timestamps in data elements output
-   by GSS_GetMIC()  and GSS_Wrap(), and would maintain (within a time-
-   limited window) a cache (qualified by originator-recipient pair)
-   identifying received data elements processed by GSS_VerifyMIC()  and
-   GSS_Unwrap(). When this feature is active, exception status returns
-   (GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN) will be provided when
-   GSS_VerifyMIC()  or GSS_Unwrap() is presented with a message which is
-   either a detected duplicate of a prior message or which is too old to
-   validate against a cache of recently received messages.
-
-1.2.4:  Quality of Protection
-
-   Some mech_types provide their users with fine granularity control
-   over the means used to provide per-message protection, allowing
-   callers to trade off security processing overhead dynamically against
-   the protection requirements of particular messages. A per-message
-   quality-of-protection parameter (analogous to quality-of-service, or
-   QOS) selects among different QOP options supported by that mechanism.
-   On context establishment for a multi-QOP mech_type, context-level
-   data provides the prerequisite data for a range of protection
-   qualities.
-
-   It is expected that the majority of callers will not wish to exert
-   explicit mechanism-specific QOP control and will therefore request
-   selection of a default QOP. Definitions of, and choices among, non-
-   default QOP values are mechanism-specific, and no ordered sequences
-   of QOP values can be assumed equivalent across different mechanisms.
-   Meaningful use of non-default QOP values demands that callers be
-   familiar with the QOP definitions of an underlying mechanism or
-   mechanisms, and is therefore a non-portable construct.  The
-
-
-
-Linn                        Standards Track                    [Page 20]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   GSS_S_BAD_QOP major_status value is defined in order to indicate that
-   a provided QOP value is unsupported for a security context, most
-   likely because that value is unrecognized by the underlying
-   mechanism.
-
-1.2.5: Anonymity Support
-
-   In certain situations or environments, an application may wish to
-   authenticate a peer and/or protect communications using GSS-API per-
-   message services without revealing its own identity.  For example,
-   consider an application which provides read access to a research
-   database, and which permits queries by arbitrary requestors.  A
-   client of such a service might wish to authenticate the service, to
-   establish trust in the information received from it, but might not
-   wish to disclose its identity to the service for privacy reasons.
-
-   In ordinary GSS-API usage, a context initiator's identity is made
-   available to the context acceptor as part of the context
-   establishment process.  To provide for anonymity support, a facility
-   (input anon_req_flag to GSS_Init_sec_context()) is provided through
-   which context initiators may request that their identity not be
-   provided to the context acceptor.  Mechanisms are not required to
-   honor this request, but a caller will be informed (via returned
-   anon_state indicator from GSS_Init_sec_context()) whether or not the
-   request is honored. Note that authentication as the anonymous
-   principal does not necessarily imply that credentials are not
-   required in order to establish a context.
-
-   The following Object Identifier value is provided as a means to
-   identify anonymous names, and can be compared against in order to
-   determine, in a mechanism-independent fashion, whether a name refers
-   to an anonymous principal:
-
-   {1(iso), 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
-   3(gss-anonymous-name)}
-
-   The recommended symbolic name corresponding to this definition is
-   GSS_C_NT_ANONYMOUS.
-
-   Four possible combinations of anon_state and mutual_state are
-   possible, with the following results:
-
-      anon_state == FALSE, mutual_state == FALSE: initiator
-      authenticated to target.
-
-      anon_state == FALSE, mutual_state == TRUE: initiator authenticated
-      to target, target authenticated to initiator.
-
-
-
-
-Linn                        Standards Track                    [Page 21]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      anon_state == TRUE, mutual_state == FALSE: initiator authenticated
-      as anonymous principal to target.
-
-      anon_state == TRUE, mutual_state == TRUE: initiator authenticated
-      as anonymous principal to target, target authenticated to
-      initiator.
-
-1.2.6: Initialization
-
-   No initialization calls (i.e., calls which must be invoked prior to
-   invocation of other facilities in the interface) are defined in GSS-
-   API.  As an implication of this fact, GSS-API implementations must
-   themselves be self-initializing.
-
-1.2.7: Per-Message Protection During Context Establishment
-
-   A facility is defined in GSS-V2 to enable protection and buffering of
-   data messages for later transfer while a security context's
-   establishment is in GSS_S_CONTINUE_NEEDED status, to be used in cases
-   where the caller side already possesses the necessary session key to
-   enable this processing. Specifically, a new state Boolean, called
-   prot_ready_state, is added to the set of information returned by
-   GSS_Init_sec_context(), GSS_Accept_sec_context(), and
-   GSS_Inquire_context().
-
-   For context establishment calls, this state Boolean is valid and
-   interpretable when the associated major_status is either
-   GSS_S_CONTINUE_NEEDED, or GSS_S_COMPLETE.  Callers of GSS-API (both
-   initiators and acceptors) can assume that per-message protection (via
-   GSS_Wrap(), GSS_Unwrap(), GSS_GetMIC() and GSS_VerifyMIC()) is
-   available and ready for use if either: prot_ready_state == TRUE, or
-   major_status == GSS_S_COMPLETE, though mutual authentication (if
-   requested) cannot be guaranteed until GSS_S_COMPLETE is returned.
-
-   This achieves full, transparent backward compatibility for GSS-API V1
-   callers, who need not even know of the existence of prot_ready_state,
-   and who will get the expected behavior from GSS_S_COMPLETE, but who
-   will not be able to use per-message protection before GSS_S_COMPLETE
-   is returned.
-
-   It is not a requirement that GSS-V2 mechanisms ever return TRUE
-   prot_ready_state before completion of context establishment (indeed,
-   some mechanisms will not evolve usable message protection keys,
-   especially at the context acceptor, before context establishment is
-   complete).  It is expected but not required that GSS-V2 mechanisms
-   will return TRUE prot_ready_state upon completion of context
-   establishment if they support per-message protection at all (however
-   GSS-V2 applications should not assume that TRUE prot_ready_state will
-
-
-
-Linn                        Standards Track                    [Page 22]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   always be returned together with the GSS_S_COMPLETE major_status,
-   since GSS-V2 implementations may continue to support GSS-V1 mechanism
-   code, which will never return TRUE prot_ready_state).
-
-   When prot_ready_state is returned TRUE, mechanisms shall also set
-   those context service indicator flags (deleg_state, mutual_state,
-   replay_det_state, sequence_state, anon_state, trans_state,
-   conf_avail, integ_avail) which represent facilities confirmed, at
-   that time, to be available on the context being established.  In
-   situations where prot_ready_state is returned before GSS_S_COMPLETE,
-   it is possible that additional facilities may be confirmed and
-   subsequently indicated when GSS_S_COMPLETE is returned.
-
-1.2.8: Implementation Robustness
-
-   This section recommends aspects of GSS-API implementation behavior in
-   the interests of overall robustness.
-
-   If a token is presented for processing on a GSS-API security context
-   and that token is determined to be invalid for that context, the
-   context's state should not be disrupted for purposes of processing
-   subsequent valid tokens.
-
-   Certain local conditions at a GSS-API implementation (e.g.,
-   unavailability of memory) may preclude, temporarily or permanently,
-   the successful processing of tokens on a GSS-API security context,
-   typically generating GSS_S_FAILURE major_status returns along with
-   locally-significant minor_status.  For robust operation under such
-   conditions, the following recommendations are made:
-
-      Failing calls should free any memory they allocate, so that
-      callers may retry without causing further loss of resources.
-
-      Failure of an individual call on an established context should not
-      preclude subsequent calls from succeeding on the same context.
-
-      Whenever possible, it should be possible for
-      GSS_Delete_sec_context() calls to be successfully processed even
-      if other calls cannot succeed, thereby enabling context-related
-      resources to be released.
-
-2:  Interface Descriptions
-
-   This section describes the GSS-API's service interface, dividing the
-   set of calls offered into four groups. Credential management calls
-   are related to the acquisition and release of credentials by
-   principals. Context-level calls are related to the management of
-   security contexts between principals. Per-message calls are related
-
-
-
-Linn                        Standards Track                    [Page 23]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   to the protection of individual messages on established security
-   contexts. Support calls provide ancillary functions useful to GSS-API
-   callers. Table 2 groups and summarizes the calls in tabular fashion.
-
-Table 2:  GSS-API Calls
-
-   CREDENTIAL MANAGEMENT
-
-   GSS_Acquire_cred             acquire credentials for use
-   GSS_Release_cred             release credentials after use
-   GSS_Inquire_cred             display information about
-                                credentials
-   GSS_Add_cred                 construct credentials incrementally
-   GSS_Inquire_cred_by_mech     display per-mechanism credential
-                                information
-
-   CONTEXT-LEVEL CALLS
-
-   GSS_Init_sec_context         initiate outbound security context
-   GSS_Accept_sec_context       accept inbound security context
-   GSS_Delete_sec_context       flush context when no longer needed
-   GSS_Process_context_token    process received control token on
-                                context
-   GSS_Context_time             indicate validity time remaining on
-                                      context
-   GSS_Inquire_context          display information about context
-   GSS_Wrap_size_limit          determine GSS_Wrap token size limit
-   GSS_Export_sec_context       transfer context to other process
-   GSS_Import_sec_context       import transferred context
-
-   PER-MESSAGE CALLS
-
-   GSS_GetMIC                   apply integrity check, receive as
-                                token separate from message
-   GSS_VerifyMIC                validate integrity check token
-                                along with message
-   GSS_Wrap                     sign, optionally encrypt,
-                                encapsulate
-   GSS_Unwrap                   decapsulate, decrypt if needed,
-                                validate integrity check
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 24]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   SUPPORT CALLS
-
-   GSS_Display_status           translate status codes to printable
-                                form
-   GSS_Indicate_mechs           indicate mech_types supported on
-                                local system
-   GSS_Compare_name             compare two names for equality
-   GSS_Display_name             translate name to printable form
-   GSS_Import_name              convert printable name to
-                                normalized form
-   GSS_Release_name             free storage of normalized-form
-                                name
-   GSS_Release_buffer           free storage of printable name
-   GSS_Release_OID              free storage of OID object
-   GSS_Release_OID_set          free storage of OID set object
-   GSS_Create_empty_OID_set     create empty OID set
-   GSS_Add_OID_set_member       add member to OID set
-   GSS_Test_OID_set_member      test if OID is member of OID set
-   GSS_OID_to_str               display OID as string
-   GSS_Str_to_OID               construct OID from string
-   GSS_Inquire_names_for_mech   indicate name types supported by
-                                mechanism
-   GSS_Inquire_mechs_for_name   indicates mechanisms supporting name
-                                type
-   GSS_Canonicalize_name        translate name to per-mechanism form
-   GSS_Export_name              externalize per-mechanism name
-   GSS_Duplicate_name           duplicate name object
-
-2.1:  Credential management calls
-
-   These GSS-API calls provide functions related to the management of
-   credentials. Their characterization with regard to whether or not
-   they may block pending exchanges with other network entities (e.g.,
-   directories or authentication servers) depends in part on OS-specific
-   (extra-GSS-API) issues, so is not specified in this document.
-
-   The GSS_Acquire_cred() call is defined within the GSS-API in support
-   of application portability, with a particular orientation towards
-   support of portable server applications. It is recognized that (for
-   certain systems and mechanisms) credentials for interactive users may
-   be managed differently from credentials for server processes; in such
-   environments, it is the GSS-API implementation's responsibility to
-   distinguish these cases and the procedures for making this
-   distinction are a local matter. The GSS_Release_cred()  call provides
-   a means for callers to indicate to the GSS-API that use of a
-   credentials structure is no longer required. The GSS_Inquire_cred()
-   call allows callers to determine information about a credentials
-   structure.  The GSS_Add_cred() call enables callers to append
-
-
-
-Linn                        Standards Track                    [Page 25]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   elements to an existing credential structure, allowing iterative
-   construction of a multi-mechanism credential. The
-   GSS_Inquire_cred_by_mech() call enables callers to extract per-
-   mechanism information describing a credentials structure.
-
-2.1.1:  GSS_Acquire_cred call
-
-   Inputs:
-
-   o  desired_name INTERNAL NAME, -NULL requests locally-determined
-      default
-
-   o  lifetime_req INTEGER,-in seconds; 0 requests default
-
-   o  desired_mechs SET OF OBJECT IDENTIFIER,-empty set requests
-      system-selected default
-
-   o  cred_usage INTEGER -0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-      2=ACCEPT-ONLY
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_cred_handle CREDENTIAL HANDLE,
-
-   o  actual_mechs SET OF OBJECT IDENTIFIER,
-
-   o  lifetime_rec INTEGER -in seconds, or reserved value for
-      INDEFINITE
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that requested credentials were
-      successfully established, for the duration indicated in
-      lifetime_rec, suitable for the usage requested in cred_usage,
-      for the set of mech_types indicated in actual_mechs, and that
-      those credentials can be referenced for subsequent use with
-      the handle returned in output_cred_handle.
-
-   o  GSS_S_BAD_MECH indicates that a mech_type unsupported by the
-      GSS-API implementation type was requested, causing the
-      credential establishment operation to fail.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 26]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided desired_name is
-      uninterpretable or of a type unsupported by the applicable
-      underlying GSS-API mechanism(s), so no credentials could be
-      established for the accompanying desired_name.
-
-   o  GSS_S_BAD_NAME indicates that the provided desired_name is
-      inconsistent in terms of internally-incorporated type specifier
-      information, so no credentials could be established for the
-      accompanying desired_name.
-
-   o  GSS_S_FAILURE indicates that credential establishment failed
-      for reasons unspecified at the GSS-API level, including lack
-      of authorization to establish and use credentials associated
-      with the identity named in the input desired_name argument.
-
-   GSS_Acquire_cred()  is used to acquire credentials so that a
-   principal can (as a function of the input cred_usage parameter)
-   initiate and/or accept security contexts under the identity
-   represented by the desired_name input argument. On successful
-   completion, the returned output_cred_handle result provides a handle
-   for subsequent references to the acquired credentials.  Typically,
-   single-user client processes requesting that default credential
-   behavior be applied for context establishment purposes will have no
-   need to invoke this call.
-
-   A caller may provide the value NULL for desired_name, signifying a
-   request for credentials corresponding to a principal identity
-   selected by default for the caller. The procedures used by GSS-API
-   implementations to select the appropriate principal identity in
-   response to such a request are local matters. It is possible that
-   multiple pre-established credentials may exist for the same principal
-   identity (for example, as a result of multiple user login sessions)
-   when GSS_Acquire_cred() is called; the means used in such cases to
-   select a specific credential are local matters.  The input
-   lifetime_req argument to GSS_Acquire_cred() may provide useful
-   information for local GSS-API implementations to employ in making
-   this disambiguation in a manner which will best satisfy a caller's
-   intent.
-
-   The lifetime_rec result indicates the length of time for which the
-   acquired credentials will be valid, as an offset from the present. A
-   mechanism may return a reserved value indicating INDEFINITE if no
-   constraints on credential lifetime are imposed.  A caller of
-   GSS_Acquire_cred()  can request a length of time for which acquired
-   credentials are to be valid (lifetime_req argument), beginning at the
-   present, or can request credentials with a default validity interval.
-   (Requests for postdated credentials are not supported within the
-   GSS-API.) Certain mechanisms and implementations may bind in
-
-
-
-Linn                        Standards Track                    [Page 27]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   credential validity period specifiers at a point preliminary to
-   invocation of the GSS_Acquire_cred() call (e.g., in conjunction with
-   user login procedures). As a result, callers requesting non-default
-   values for lifetime_req must recognize that such requests cannot
-   always be honored and must be prepared to accommodate the use of
-   returned credentials with different lifetimes as indicated in
-   lifetime_rec.
-
-   The caller of GSS_Acquire_cred()  can explicitly specify a set of
-   mech_types which are to be accommodated in the returned credentials
-   (desired_mechs argument), or can request credentials for a system-
-   defined default set of mech_types. Selection of the system-specified
-   default set is recommended in the interests of application
-   portability. The actual_mechs return value may be interrogated by the
-   caller to determine the set of mechanisms with which the returned
-   credentials may be used.
-
-2.1.2:  GSS_Release_cred call
-
-   Input:
-
-   o  cred_handle CREDENTIAL HANDLE - NULL specifies that
-      the credential elements used when default credential behavior
-      is requested be released.
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-      input cred_handle were released for purposes of subsequent
-      access by the caller. The effect on other processes which may
-      be authorized shared access to such credentials is a local
-      matter.
-
-   o  GSS_S_NO_CRED indicates that no release operation was
-      performed, either because the input cred_handle was invalid or
-      because the caller lacks authorization to access the
-      referenced credentials.
-
-   o  GSS_S_FAILURE indicates that the release operation failed for
-      reasons unspecified at the GSS-API level.
-
-
-
-
-
-Linn                        Standards Track                    [Page 28]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Provides a means for a caller to explicitly request that credentials
-   be released when their use is no longer required. Note that system-
-   specific credential management functions are also likely to exist,
-   for example to assure that credentials shared among processes are
-   properly deleted when all affected processes terminate, even if no
-   explicit release requests are issued by those processes. Given the
-   fact that multiple callers are not precluded from gaining authorized
-   access to the same credentials, invocation of GSS_Release_cred()
-   cannot be assumed to delete a particular set of credentials on a
-   system-wide basis.
-
-2.1.3:  GSS_Inquire_cred call
-
-   Input:
-
-   o  cred_handle CREDENTIAL HANDLE -NULL specifies that the
-      credential elements used when default credential behavior is
-      requested are to be queried
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  cred_name INTERNAL NAME,
-
-   o  lifetime_rec INTEGER -in seconds, or reserved value for
-      INDEFINITE
-
-   o  cred_usage INTEGER, -0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-      2=ACCEPT-ONLY
-
-   o  mech_set SET OF OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-      input cred_handle argument were valid, and that the output
-      cred_name, lifetime_rec, and cred_usage values represent,
-      respectively, the credentials' associated principal name,
-      remaining lifetime, suitable usage modes, and supported
-      mechanism types.
-
-   o  GSS_S_NO_CRED indicates that no information could be returned
-      about the referenced credentials, either because the input
-      cred_handle was invalid or because the caller lacks
-      authorization to access the referenced credentials.
-
-
-
-Linn                        Standards Track                    [Page 29]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that the referenced
-      credentials are invalid.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the referenced
-      credentials have expired.
-
-   o  GSS_S_FAILURE indicates that the operation failed for
-      reasons unspecified at the GSS-API level.
-
-   The GSS_Inquire_cred() call is defined primarily for the use of those
-   callers which request use of default credential behavior rather than
-   acquiring credentials explicitly with GSS_Acquire_cred().  It enables
-   callers to determine a credential structure's associated principal
-   name, remaining validity period, usability for security context
-   initiation and/or acceptance, and supported mechanisms.
-
-   For a multi-mechanism credential, the returned "lifetime" specifier
-   indicates the shortest lifetime of any of the mechanisms' elements in
-   the credential (for either context initiation or acceptance
-   purposes).
-
-   GSS_Inquire_cred() should indicate INITIATE-AND-ACCEPT for
-   "cred_usage" if both of the following conditions hold:
-
-      (1) there exists in the credential an element which allows context
-      initiation using some mechanism
-
-      (2) there exists in the credential an element which allows context
-      acceptance using some mechanism (allowably, but not necessarily,
-      one of the same mechanism(s) qualifying for (1)).
-
-   If condition (1) holds but not condition (2), GSS_Inquire_cred()
-   should indicate INITIATE-ONLY for "cred_usage".  If condition (2)
-   holds but not condition (1), GSS_Inquire_cred() should indicate
-   ACCEPT-ONLY for "cred_usage".
-
-   Callers requiring finer disambiguation among available combinations
-   of lifetimes, usage modes, and mechanisms should call the
-   GSS_Inquire_cred_by_mech() routine, passing that routine one of the
-   mech OIDs returned by GSS_Inquire_cred().
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 30]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.1.4:  GSS_Add_cred call
-
-   Inputs:
-
-   o  input_cred_handle CREDENTIAL HANDLE - handle to credential
-      structure created with prior GSS_Acquire_cred() or
-      GSS_Add_cred() call, or NULL to append elements to the set
-      which are applied for the caller when default credential
-      behavior is specified.
-
-   o  desired_name INTERNAL NAME - NULL requests locally-determined
-      default
-
-   o  initiator_time_req INTEGER - in seconds; 0 requests default
-
-   o  acceptor_time_req INTEGER - in seconds; 0 requests default
-
-   o  desired_mech OBJECT IDENTIFIER
-
-   o  cred_usage INTEGER - 0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-       2=ACCEPT-ONLY
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_cred_handle CREDENTIAL HANDLE, - NULL to request that
-      credential elements be added "in place" to the credential
-      structure  identified by input_cred_handle, non-NULL pointer
-      to request that a new credential structure and handle be created.
-
-   o  actual_mechs SET OF OBJECT IDENTIFIER,
-
-   o  initiator_time_rec INTEGER - in seconds, or reserved value for
-      INDEFINITE
-
-   o  acceptor_time_rec INTEGER - in seconds, or reserved value for
-      INDEFINITE
-
-   o  cred_usage INTEGER, -0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-      2=ACCEPT-ONLY
-
-   o  mech_set SET OF OBJECT IDENTIFIER -- full set of mechanisms
-      supported by resulting credential.
-
-
-
-
-
-Linn                        Standards Track                    [Page 31]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by
-      the input_cred_handle argument were valid, and that the
-      resulting credential from GSS_Add_cred() is valid for the
-      durations indicated in initiator_time_rec and acceptor_time_rec,
-      suitable for the usage requested in cred_usage, and for the
-      mechanisms indicated in actual_mechs.
-
-   o  GSS_S_DUPLICATE_ELEMENT indicates that the input desired_mech
-      specified a mechanism for which the referenced credential
-      already contained a credential element with overlapping
-      cred_usage and validity time specifiers.
-
-   o  GSS_S_BAD_MECH indicates that the input desired_mech specified
-      a mechanism unsupported by the GSS-API implementation, causing
-      the GSS_Add_cred() operation to fail.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided desired_name
-      is uninterpretable or of a type unsupported by the applicable
-      underlying GSS-API mechanism(s), so the GSS_Add_cred() operation
-      could not be performed for that name.
-
-   o  GSS_S_BAD_NAME indicates that the provided desired_name is
-      inconsistent in terms of internally-incorporated type specifier
-      information, so the GSS_Add_cred() operation could not be
-      performed for that name.
-
-   o  GSS_S_NO_CRED indicates that the input_cred_handle referenced
-      invalid or inaccessible credentials.
-
-   o  GSS_S_FAILURE indicates that the operation failed for
-      reasons unspecified at the GSS-API level, including lack of
-      authorization to establish or use credentials representing
-      the requested identity.
-
-   GSS_Add_cred() enables callers to construct credentials iteratively
-   by adding credential elements in successive operations, corresponding
-   to different mechanisms.  This offers particular value in multi-
-   mechanism environments, as the major_status and minor_status values
-   returned on each iteration are individually visible and can therefore
-   be interpreted unambiguously on a per-mechanism basis.
-
-   The same input desired_name, or default reference, should be used on
-   all GSS_Acquire_cred() and GSS_Add_cred() calls corresponding to a
-   particular credential.
-
-
-
-
-
-Linn                        Standards Track                    [Page 32]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.1.5:  GSS_Inquire_cred_by_mech call
-
-   Inputs:
-
-   o  cred_handle CREDENTIAL HANDLE  -- NULL specifies that the
-      credential elements used when default credential behavior is
-      requested are to be queried
-
-   o  mech_type OBJECT IDENTIFIER  -- specific mechanism for
-      which credentials are being queried
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  cred_name INTERNAL NAME, -- guaranteed to be MN
-
-   o  lifetime_rec_initiate INTEGER -- in seconds, or reserved value for
-      INDEFINITE
-
-   o  lifetime_rec_accept INTEGER -- in seconds, or reserved value for
-      INDEFINITE
-
-   o  cred_usage INTEGER, -0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-      2=ACCEPT-ONLY
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-      input cred_handle argument were valid, that the mechanism
-      indicated by the input mech_type was represented with elements
-      within those credentials, and that the output cred_name,
-      lifetime_rec_initiate, lifetime_rec_accept, and cred_usage values
-      represent, respectively, the credentials' associated principal
-      name, remaining lifetimes, and suitable usage modes.
-
-   o  GSS_S_NO_CRED indicates that no information could be returned
-      about the referenced credentials, either because the input
-      cred_handle was invalid or because the caller lacks
-      authorization to access the referenced credentials.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that the referenced
-      credentials are invalid.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the referenced
-      credentials have expired.
-
-
-
-Linn                        Standards Track                    [Page 33]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_BAD_MECH indicates that the referenced credentials do not
-      contain elements for the requested mechanism.
-
-   o  GSS_S_FAILURE indicates that the operation failed for reasons
-      unspecified at the GSS-API level.
-
-   The GSS_Inquire_cred_by_mech() call enables callers in multi-
-   mechanism environments to acquire specific data about available
-   combinations of lifetimes, usage modes, and mechanisms within a
-   credential structure.  The lifetime_rec_initiate result indicates the
-   available lifetime for context initiation purposes; the
-   lifetime_rec_accept result indicates the available lifetime for
-   context acceptance purposes.
-
-2.2:  Context-level calls
-
-   This group of calls is devoted to the establishment and management of
-   security contexts between peers. A context's initiator calls
-   GSS_Init_sec_context(),  resulting in generation of a token which the
-   caller passes to the target. At the target, that token is passed to
-   GSS_Accept_sec_context().  Depending on the underlying mech_type and
-   specified options, additional token exchanges may be performed in the
-   course of context establishment; such exchanges are accommodated by
-   GSS_S_CONTINUE_NEEDED status returns from GSS_Init_sec_context()  and
-   GSS_Accept_sec_context().
-
-   Either party to an established context may invoke
-   GSS_Delete_sec_context() to flush context information when a context
-   is no longer required. GSS_Process_context_token()  is used to
-   process received tokens carrying context-level control information.
-   GSS_Context_time()  allows a caller to determine the length of time
-   for which an established context will remain valid.
-   GSS_Inquire_context() returns status information describing context
-   characteristics. GSS_Wrap_size_limit() allows a caller to determine
-   the size of a token which will be generated by a GSS_Wrap()
-   operation.  GSS_Export_sec_context() and GSS_Import_sec_context()
-   enable transfer of active contexts between processes on an end
-   system.
-
-2.2.1:  GSS_Init_sec_context call
-
-   Inputs:
-
-   o  claimant_cred_handle CREDENTIAL HANDLE, -NULL specifies "use
-      default"
-
-   o  input_context_handle CONTEXT HANDLE, -0 specifies "none assigned
-      yet"
-
-
-
-Linn                        Standards Track                    [Page 34]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  targ_name INTERNAL NAME,
-
-   o  mech_type OBJECT IDENTIFIER, -NULL parameter specifies "use
-      default"
-
-   o  deleg_req_flag BOOLEAN,
-
-   o  mutual_req_flag BOOLEAN,
-
-   o  replay_det_req_flag BOOLEAN,
-
-   o  sequence_req_flag BOOLEAN,
-
-   o  anon_req_flag BOOLEAN,
-
-   o  lifetime_req INTEGER,-0 specifies default lifetime
-
-   o  chan_bindings OCTET STRING,
-
-   o  input_token OCTET STRING-NULL or token received from target
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_context_handle CONTEXT HANDLE,
-
-   o  mech_type OBJECT IDENTIFIER, -actual mechanism always
-      indicated, never NULL
-
-   o  output_token OCTET STRING, -NULL or token to pass to context
-      target
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  anon_state BOOLEAN,
-
-   o  trans_state BOOLEAN,
-
-   o  prot_ready_state BOOLEAN, -- see Section 1.2.7
-
-
-
-Linn                        Standards Track                    [Page 35]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  lifetime_rec INTEGER - in seconds, or reserved value for
-      INDEFINITE
-
-   This call may block pending network interactions for those mech_types
-   in which an authentication server or other network entity must be
-   consulted on behalf of a context initiator in order to generate an
-   output_token suitable for presentation to a specified target.
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that context-level information was
-      successfully initialized, and that the returned output_token
-      will provide sufficient information for the target to perform
-      per-message processing on the newly-established context.
-
-   o  GSS_S_CONTINUE_NEEDED indicates that control information in the
-      returned output_token must be sent to the target, and that a
-      reply must be received and passed as the input_token argument
-      to a continuation call to GSS_Init_sec_context(),  before
-      per-message processing can be performed in conjunction with
-      this context.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks
-      performed on the input_token failed, preventing further
-      processing from being performed based on that token.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that consistency checks
-      performed on the credential structure referenced by
-      claimant_cred_handle failed, preventing further processing from
-      being performed using that credential structure.
-
-   o  GSS_S_BAD_SIG indicates that the received input_token
-      contains an incorrect integrity check, so context setup cannot
-      be accomplished.
-
-   o  GSS_S_NO_CRED indicates that no context was established,
-      either because the input cred_handle was invalid, because the
-      referenced credentials are valid for context acceptor use
-      only, or because the caller lacks authorization to access the
-      referenced credentials.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the credentials
-      provided through the input claimant_cred_handle argument are no
-      longer valid, so context establishment cannot be completed.
-
-
-
-Linn                        Standards Track                    [Page 36]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_BAD_BINDINGS indicates that a mismatch between the
-      caller-provided chan_bindings and those extracted from the
-      input_token was detected, signifying a security-relevant
-      event and preventing context establishment. (This result will
-      be returned by GSS_Init_sec_context only for contexts where
-      mutual_state is TRUE.)
-
-   o  GSS_S_OLD_TOKEN indicates that the input_token is too old to
-      be checked for integrity. This is a fatal error during context
-      establishment.
-
-   o  GSS_S_DUPLICATE_TOKEN indicates that the input token has a
-      correct integrity check, but is a duplicate of a token already
-      processed. This is a fatal error during context establishment.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided; this major status will
-      be returned only for successor calls following GSS_S_CONTINUE_
-      NEEDED status returns.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided targ_name is
-      of a type uninterpretable or unsupported by the applicable
-      underlying GSS-API mechanism(s), so context establishment
-      cannot be completed.
-
-   o  GSS_S_BAD_NAME indicates that the provided targ_name is
-      inconsistent in terms of internally-incorporated type specifier
-      information, so context establishment cannot be accomplished.
-
-   o  GSS_S_BAD_MECH indicates receipt of a context establishment token
-      or of a caller request specifying a mechanism unsupported by
-      the local system or with the caller's active credentials
-
-   o  GSS_S_FAILURE indicates that context setup could not be
-      accomplished for reasons unspecified at the GSS-API level, and
-      that no interface-defined recovery action is available.
-
-   This routine is used by a context initiator, and ordinarily emits one
-   (or, for the case of a multi-step exchange, more than one)
-   output_token suitable for use by the target within the selected
-   mech_type's protocol. Using information in the credentials structure
-   referenced by claimant_cred_handle, GSS_Init_sec_context()
-   initializes the data structures required to establish a security
-   context with target targ_name. The targ_name may be any valid
-   INTERNAL NAME; it need not be an MN. The claimant_cred_handle must
-   correspond to the same valid credentials structure on the initial
-   call to GSS_Init_sec_context()  and on any successor calls resulting
-   from GSS_S_CONTINUE_NEEDED status returns; different protocol
-
-
-
-Linn                        Standards Track                    [Page 37]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   sequences modeled by the GSS_S_CONTINUE_NEEDED facility will require
-   access to credentials at different points in the context
-   establishment sequence.
-
-   The input_context_handle argument is 0, specifying "not yet
-   assigned", on the first GSS_Init_sec_context()  call relating to a
-   given context. If successful (i.e., if accompanied by major_status
-   GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED), and only if successful, the
-   initial GSS_Init_sec_context() call returns a non-zero
-   output_context_handle for use in future references to this context.
-   Once a non-zero output_context_handle has been returned, GSS-API
-   callers should call GSS_Delete_sec_context() to release context-
-   related resources if errors occur in later phases of context
-   establishment, or when an established context is no longer required.
-
-   When continuation attempts to GSS_Init_sec_context() are needed to
-   perform context establishment, the previously-returned non-zero
-   handle value is entered into the input_context_handle argument and
-   will be echoed in the returned output_context_handle argument. On
-   such continuation attempts (and only on continuation attempts) the
-   input_token value is used, to provide the token returned from the
-   context's target.
-
-   The chan_bindings argument is used by the caller to provide
-   information binding the security context to security-related
-   characteristics (e.g., addresses, cryptographic keys) of the
-   underlying communications channel. See Section 1.1.6 of this document
-   for more discussion of this argument's usage.
-
-   The input_token argument contains a message received from the target,
-   and is significant only on a call to GSS_Init_sec_context()  which
-   follows a previous return indicating GSS_S_CONTINUE_NEEDED
-   major_status.
-
-   It is the caller's responsibility to establish a communications path
-   to the target, and to transmit any returned output_token (independent
-   of the accompanying returned major_status value) to the target over
-   that path. The output_token can, however, be transmitted along with
-   the first application-provided input message to be processed by
-   GSS_GetMIC() or GSS_Wrap() in conjunction with a successfully-
-   established context.
-
-   The initiator may request various context-level functions through
-   input flags: the deleg_req_flag requests delegation of access rights,
-   the mutual_req_flag requests mutual authentication, the
-   replay_det_req_flag requests that replay detection features be
-   applied to messages transferred on the established context, and the
-   sequence_req_flag requests that sequencing be enforced. (See Section
-
-
-
-Linn                        Standards Track                    [Page 38]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   1.2.3 for more information on replay detection and sequencing
-   features.)  The anon_req_flag requests that the initiator's identity
-   not be transferred within tokens to be sent to the acceptor.
-
-   Not all of the optionally-requestable features will be available in
-   all underlying mech_types. The corresponding return state values
-   deleg_state, mutual_state, replay_det_state, and sequence_state
-   indicate, as a function of mech_type processing capabilities and
-   initiator-provided input flags, the set of features which will be
-   active on the context.  The returned trans_state value indicates
-   whether the context is transferable to other processes through use of
-   GSS_Export_sec_context().  These state indicators' values are
-   undefined unless either the routine's major_status indicates
-   GSS_S_COMPLETE, or TRUE prot_ready_state is returned along with
-   GSS_S_CONTINUE_NEEDED major_status; for the latter case, it is
-   possible that additional features, not confirmed or indicated along
-   with TRUE prot_ready_state, will be confirmed and indicated when
-   GSS_S_COMPLETE is subsequently returned.
-
-   The returned anon_state and prot_ready_state values are significant
-   for both GSS_S_COMPLETE and GSS_S_CONTINUE_NEEDED major_status
-   returns from GSS_Init_sec_context().  When anon_state is returned
-   TRUE, this indicates that neither the current token nor its
-   predecessors delivers or has delivered the initiator's identity.
-   Callers wishing to perform context establishment only if anonymity
-   support is provided should transfer a returned token from
-   GSS_Init_sec_context() to the peer only if it is accompanied by a
-   TRUE anon_state indicator.  When prot_ready_state is returned TRUE in
-   conjunction with GSS_S_CONTINUE_NEEDED major_status, this indicates
-   that per-message protection operations may be applied on the context:
-   see Section 1.2.7 for further discussion of this facility.
-
-   Failure to provide the precise set of features requested by the
-   caller does not cause context establishment to fail; it is the
-   caller's prerogative to delete the context if the feature set
-   provided is unsuitable for the caller's use.
-
-   The returned mech_type value indicates the specific mechanism
-   employed on the context, is valid only along with major_status
-   GSS_S_COMPLETE, and will never indicate the value for "default".
-   Note that, for the case of certain mechanisms which themselves
-   perform negotiation, the returned mech_type result may indicate
-   selection of a mechanism identified by an OID different than that
-   passed in the input mech_type argument.
-
-   The conf_avail return value indicates whether the context supports
-   per-message confidentiality services, and so informs the caller
-   whether or not a request for encryption through the conf_req_flag
-
-
-
-Linn                        Standards Track                    [Page 39]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   input to GSS_Wrap()  can be honored. In similar fashion, the
-   integ_avail return value indicates whether per-message integrity
-   services are available (through either GSS_GetMIC() or GSS_Wrap()) on
-   the established context. These state indicators' values are undefined
-   unless either the routine's major_status indicates GSS_S_COMPLETE, or
-   TRUE prot_ready_state is returned along with GSS_S_CONTINUE_NEEDED
-   major_status.
-
-   The lifetime_req input specifies a desired upper bound for the
-   lifetime of the context to be established, with a value of 0 used to
-   request a default lifetime. The lifetime_rec return value indicates
-   the length of time for which the context will be valid, expressed as
-   an offset from the present; depending on mechanism capabilities,
-   credential lifetimes, and local policy, it may not correspond to the
-   value requested in lifetime_req.  If no constraints on context
-   lifetime are imposed, this may be indicated by returning a reserved
-   value representing INDEFINITE lifetime_req. The value of lifetime_rec
-   is undefined unless the routine's major_status indicates
-   GSS_S_COMPLETE.
-
-   If the mutual_state is TRUE, this fact will be reflected within the
-   output_token. A call to GSS_Accept_sec_context()  at the target in
-   conjunction with such a context will return a token, to be processed
-   by a continuation call to GSS_Init_sec_context(),  in order to
-   achieve mutual authentication.
-
-2.2.2:  GSS_Accept_sec_context call
-
-   Inputs:
-
-   o  acceptor_cred_handle CREDENTIAL HANDLE, -- NULL specifies
-      "use default"
-
-   o  input_context_handle CONTEXT HANDLE, -- 0 specifies
-      "not yet assigned"
-
-   o  chan_bindings OCTET STRING,
-
-   o  input_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  src_name INTERNAL NAME, -- guaranteed to be MN
-
-
-
-
-Linn                        Standards Track                    [Page 40]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  mech_type OBJECT IDENTIFIER,
-
-   o  output_context_handle CONTEXT HANDLE,
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  anon_state BOOLEAN,
-
-   o  trans_state BOOLEAN,
-
-   o  prot_ready_state BOOLEAN, -- see Section 1.2.7 for discussion
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  lifetime_rec INTEGER, - in seconds, or reserved value for
-      INDEFINITE
-
-   o  delegated_cred_handle CREDENTIAL HANDLE,
-
-   o  output_token OCTET STRING -NULL or token to pass to context
-      initiator
-
-   This call may block pending network interactions for those mech_types
-   in which a directory service or other network entity must be
-   consulted on behalf of a context acceptor in order to validate a
-   received input_token.
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that context-level data structures
-      were successfully initialized, and that per-message processing
-      can now be performed in conjunction with this context.
-
-   o  GSS_S_CONTINUE_NEEDED indicates that control information in the
-      returned output_token must be sent to the initiator, and that
-      a response must be received and passed as the input_token
-      argument to a continuation call to GSS_Accept_sec_context(),
-      before per-message processing can be performed in conjunction
-      with this context.
-
-
-
-
-Linn                        Standards Track                    [Page 41]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-      on the input_token failed, preventing further processing from
-      being performed based on that token.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that consistency checks
-      performed on the credential structure referenced by
-      acceptor_cred_handle failed, preventing further processing from
-      being performed using that credential structure.
-
-   o  GSS_S_BAD_SIG indicates that the received input_token contains
-      an incorrect integrity check, so context setup cannot be
-      accomplished.
-
-   o  GSS_S_DUPLICATE_TOKEN indicates that the integrity check on the
-      received input_token was correct, but that the input_token
-      was recognized as a duplicate of an input_token already
-      processed. No new context is established.
-
-   o  GSS_S_OLD_TOKEN indicates that the integrity check on the received
-      input_token was correct, but that the input_token is too old
-      to be checked for duplication against previously-processed
-      input_tokens. No new context is established.
-
-   o  GSS_S_NO_CRED indicates that no context was established, either
-      because the input cred_handle was invalid, because the
-      referenced credentials are valid for context initiator use
-      only, or because the caller lacks authorization to access the
-      referenced credentials.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the credentials provided
-      through the input acceptor_cred_handle argument are no
-      longer valid, so context establishment cannot be completed.
-
-   o  GSS_S_BAD_BINDINGS indicates that a mismatch between the
-      caller-provided chan_bindings and those extracted from the
-      input_token was detected, signifying a security-relevant
-      event and preventing context establishment.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided; this major status will
-      be returned only for successor calls following GSS_S_CONTINUE_
-      NEEDED status returns.
-
-   o  GSS_S_BAD_MECH indicates receipt of a context establishment token
-      specifying a mechanism unsupported by the local system or with
-      the caller's active credentials.
-
-
-
-
-
-Linn                        Standards Track                    [Page 42]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_FAILURE indicates that context setup could not be
-      accomplished for reasons unspecified at the GSS-API level, and
-      that no interface-defined recovery action is available.
-
-   The GSS_Accept_sec_context()  routine is used by a context target.
-   Using information in the credentials structure referenced by the
-   input acceptor_cred_handle, it verifies the incoming input_token and
-   (following the successful completion of a context establishment
-   sequence) returns the authenticated src_name and the mech_type used.
-   The returned src_name is guaranteed to be an MN, processed by the
-   mechanism under which the context was established. The
-   acceptor_cred_handle must correspond to the same valid credentials
-   structure on the initial call to GSS_Accept_sec_context() and on any
-   successor calls resulting from GSS_S_CONTINUE_NEEDED status returns;
-   different protocol sequences modeled by the GSS_S_CONTINUE_NEEDED
-   mechanism will require access to credentials at different points in
-   the context establishment sequence.
-
-   The input_context_handle argument is 0, specifying "not yet
-   assigned", on the first GSS_Accept_sec_context()  call relating to a
-   given context.  If successful (i.e., if accompanied by major_status
-   GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED), and only if successful, the
-   initial GSS_Accept_sec_context() call returns a non-zero
-   output_context_handle for use in future references to this context.
-   Once a non-zero output_context_handle has been returned, GSS-API
-   callers should call GSS_Delete_sec_context() to release context-
-   related resources if errors occur in later phases of context
-   establishment, or when an established context is no longer required.
-
-   The chan_bindings argument is used by the caller to provide
-   information binding the security context to security-related
-   characteristics (e.g., addresses, cryptographic keys) of the
-   underlying communications channel. See Section 1.1.6 of this document
-   for more discussion of this argument's usage.
-
-   The returned state results (deleg_state, mutual_state,
-   replay_det_state, sequence_state, anon_state, trans_state, and
-   prot_ready_state) reflect the same information as described for
-   GSS_Init_sec_context(), and their values are significant under the
-   same return state conditions.
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 43]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   The conf_avail return value indicates whether the context supports
-   per-message confidentiality services, and so informs the caller
-   whether or not a request for encryption through the conf_req_flag
-   input to GSS_Wrap()  can be honored. In similar fashion, the
-   integ_avail return value indicates whether per-message integrity
-   services are available (through either GSS_GetMIC()  or GSS_Wrap())
-   on the established context.  These values are significant under the
-   same return state conditions as described under
-   GSS_Init_sec_context().
-
-   The lifetime_rec return value is significant only in conjunction with
-   GSS_S_COMPLETE major_status, and indicates the length of time for
-   which the context will be valid, expressed as an offset from the
-   present.
-
-   The mech_type return value indicates the specific mechanism employed
-   on the context, is valid only along with major_status GSS_S_COMPLETE,
-   and will never indicate the value for "default".
-
-   The delegated_cred_handle result is significant only when deleg_state
-   is TRUE, and provides a means for the target to reference the
-   delegated credentials. The output_token result, when non-NULL,
-   provides a context-level token to be returned to the context
-   initiator to continue a multi-step context establishment sequence. As
-   noted with GSS_Init_sec_context(),  any returned token should be
-   transferred to the context's peer (in this case, the context
-   initiator), independent of the value of the accompanying returned
-   major_status.
-
-   Note: A target must be able to distinguish a context-level
-   input_token, which is passed to GSS_Accept_sec_context(),  from the
-   per-message data elements passed to GSS_VerifyMIC()  or GSS_Unwrap().
-   These data elements may arrive in a single application message, and
-   GSS_Accept_sec_context()  must be performed before per-message
-   processing can be performed successfully.
-
-2.2.3: GSS_Delete_sec_context call
-
-   Input:
-
-   o  context_handle CONTEXT HANDLE
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 44]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  output_context_token OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the context was recognized, and that
-      relevant context-specific information was flushed.  If the caller
-      provides a non-null buffer to receive an output_context_token, and
-      the mechanism returns a non-NULL token into that buffer, the
-      returned output_context_token is ready for transfer to the
-      context's peer.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided, so no deletion was
-      performed.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but
-      that the GSS_Delete_sec_context()  operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   This call may block pending network interactions for mech_types in
-   which active notification must be made to a central server when a
-   security context is to be deleted.
-
-   This call can be made by either peer in a security context, to flush
-   context-specific information.  If a non-null output_context_token
-   parameter is provided by the caller, an output_context_token may be
-   returned to the caller.  If an output_context_token is provided to
-   the caller, it can be passed to the context's peer to inform the
-   peer's GSS-API implementation that the peer's corresponding context
-   information can also be flushed. (Once a context is established, the
-   peers involved are expected to retain cached credential and context-
-   related information until the information's expiration time is
-   reached or until a GSS_Delete_sec_context() call is made.)
-
-   The facility for context_token usage to signal context deletion is
-   retained for compatibility with GSS-API Version 1.  For current
-   usage, it is recommended that both peers to a context invoke
-   GSS_Delete_sec_context() independently, passing a null
-   output_context_token buffer to indicate that no context_token is
-   required.  Implementations of GSS_Delete_sec_context() should delete
-   relevant locally-stored context information.
-
-   Attempts to perform per-message processing on a deleted context will
-   result in error returns.
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 45]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.2.4:  GSS_Process_context_token call
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  input_context_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the input_context_token was
-      successfully processed in conjunction with the context
-      referenced by context_handle.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks
-      performed on the received context_token failed, preventing
-      further processing from being performed with that token.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but
-      that the GSS_Process_context_token()  operation could not be
-      performed for reasons unspecified at the GSS-API level.
-
-   This call is used to process context_tokens received from a peer once
-   a context has been established, with corresponding impact on
-   context-level state information. One use for this facility is
-   processing of the context_tokens generated by
-   GSS_Delete_sec_context();  GSS_Process_context_token() will not block
-   pending network interactions for that purpose. Another use is to
-   process tokens indicating remote-peer context establishment failures
-   after the point where the local GSS-API implementation has already
-   indicated GSS_S_COMPLETE status.
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 46]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.2.5:  GSS_Context_time call
-
-   Input:
-
-   o  context_handle CONTEXT HANDLE,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  lifetime_rec INTEGER - in seconds, or reserved value for
-      INDEFINITE
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the referenced context is valid,
-      and will remain valid for the amount of time indicated in
-      lifetime_rec.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that data items related to the
-      referenced context have expired.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the context is
-      recognized, but that its associated credentials have expired.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-       reasons unspecified at the GSS-API level.
-
-   This call is used to determine the amount of time for which a
-   currently established context will remain valid.
-
-2.2.6:   GSS_Inquire_context call
-
-   Input:
-
-   o  context_handle CONTEXT HANDLE,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 47]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  src_name INTERNAL NAME,  -- name of context initiator,
-                               -- guaranteed to be MN
-
-   o  targ_name INTERNAL NAME,  -- name of context target,
-                                -- guaranteed to be MN
-
-
-   o  lifetime_rec INTEGER -- in seconds, or reserved value for
-      INDEFINITE,
-
-   o  mech_type OBJECT IDENTIFIER, -- the mechanism supporting this
-      security context
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  anon_state BOOLEAN,
-
-   o  trans_state BOOLEAN,
-
-   o  prot_ready_state BOOLEAN,
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  locally_initiated BOOLEAN, -- TRUE if initiator, FALSE if acceptor
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the referenced context is valid
-      and that src_name, targ_name, lifetime_rec, mech_type, deleg_state,
-      mutual_state, replay_det_state, sequence_state, anon_state,
-      trans_state, prot_ready_state, conf_avail, integ_avail, and
-      locally_initiated return values describe the corresponding
-      characteristics of the context.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that the provided input
-      context_handle is recognized, but that the referenced context
-      has expired.  Return values other than major_status and
-      minor_status are undefined.
-
-
-
-
-
-Linn                        Standards Track                    [Page 48]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided. Return values other than
-      major_status and minor_status are undefined.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-     reasons unspecified at the GSS-API level. Return values other than
-         major_status and minor_status are undefined.
-
-   This call is used to extract information describing characteristics
-   of a security context.
-
-2.2.7:   GSS_Wrap_size_limit call
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  qop INTEGER,
-
-   o  output_size INTEGER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  max_input_size INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates a successful token size determination:
-   an input message with a length in octets equal to the
-   returned max_input_size value will, when passed to GSS_Wrap()
-   for processing on the context identified by the context_handle
-   parameter and with the quality of protection specifier provided
-   in the qop parameter, yield an output token no larger than the
-   value of the provided output_size parameter.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that the provided input
-   context_handle is recognized, but that the referenced context
-   has expired.  Return values other than major_status and
-   minor_status are undefined.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided. Return values other than
-   major_status and minor_status are undefined.
-
-
-
-
-Linn                        Standards Track                    [Page 49]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_BAD_QOP indicates that the provided QOP value is not
-   recognized or supported for the context.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call is used to determine the largest input datum which may be
-   passed to GSS_Wrap() without yielding an output token larger than a
-   caller-specified value.
-
-2.2.8:   GSS_Export_sec_context call
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  interprocess_token OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the referenced context has been
-   successfully exported to a representation in the interprocess_token,
-   and is no longer available for use by the caller.
-
-   o  GSS_S_UNAVAILABLE indicates that the context export facility
-   is not available for use on the referenced context.  (This status
-   should occur only for contexts for which the trans_state value is
-   FALSE.) Return values other than major_status and minor_status are
-   undefined.
-
-   o GSS_S_CONTEXT_EXPIRED indicates that the provided input
-   context_handle is recognized, but that the referenced context has
-   expired.  Return values other than major_status and minor_status are
-   undefined.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided. Return values other than
-   major_status and minor_status are undefined.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 50]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call generates an interprocess token for transfer to another
-   process within an end system, in order to transfer control of a
-   security context to that process.  The recipient of the interprocess
-   token will call GSS_Import_sec_context() to accept the transfer.  The
-   GSS_Export_sec_context() operation is defined for use only with
-   security contexts which are fully and successfully established (i.e.,
-   those for which GSS_Init_sec_context() and GSS_Accept_sec_context()
-   have returned GSS_S_COMPLETE major_status).
-
-   To ensure portability, a caller of GSS_Export_sec_context() must not
-   assume that a context may continue to be used once it has been
-   exported; following export, the context referenced by the
-   context_handle cannot be assumed to remain valid.  Further, portable
-   callers must not assume that a given interprocess token can be
-   imported by GSS_Import_sec_context() more than once, thereby creating
-   multiple instantiations of a single context.  GSS-API implementations
-   may detect and reject attempted multiple imports, but are not
-   required to do so.
-
-   The internal representation contained within the interprocess token
-   is an implementation-defined local matter.  Interprocess tokens
-   cannot be assumed to be transferable across different GSS-API
-   implementations.
-
-   It is recommended that GSS-API implementations adopt policies suited
-   to their operational environments in order to define the set of
-   processes eligible to import a context, but specific constraints in
-   this area are local matters.  Candidate examples include transfers
-   between processes operating on behalf of the same user identity, or
-   processes comprising a common job.  However, it may be impossible to
-   enforce such policies in some implementations.
-
-   In support of the above goals, implementations may protect the
-   transferred context data by using cryptography to protect data within
-   the interprocess token, or by using interprocess tokens as a means to
-   reference local interprocess communication facilities (protected by
-   other means) rather than storing the context data directly within the
-   tokens.
-
-   Transfer of an open context may, for certain mechanisms and
-   implementations, reveal data about the credential which was used to
-   establish the context.  Callers should, therefore, be cautious about
-   the trustworthiness of processes to which they transfer contexts.
-   Although the GSS-API implementation may provide its own set of
-
-
-
-Linn                        Standards Track                    [Page 51]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   protections over the exported context, the caller is responsible for
-   protecting the interprocess token from disclosure, and for taking
-   care that the context is transferred to an appropriate destination
-   process.
-
-2.2.9:   GSS_Import_sec_context call
-
-   Inputs:
-
-   o  interprocess_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  context_handle CONTEXT HANDLE
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the context represented by the
-   input interprocess_token has been successfully transferred to
-   the caller, and is available for future use via the output
-   context_handle.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that the context represented by
-   the input interprocess_token has expired. Return values other
-   than major_status and minor_status are undefined.
-
-   o  GSS_S_NO_CONTEXT indicates that the context represented by the
-   input interprocess_token was invalid. Return values other than
-   major_status and minor_status are undefined.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that the input interprocess_token
-   was defective.  Return values other than major_status and
-   minor_status are undefined.
-
-   o  GSS_S_UNAVAILABLE indicates that the context import facility
-   is not available for use on the referenced context.  Return values
-   other than major_status and minor_status are undefined.
-
-   o  GSS_S_UNAUTHORIZED indicates that the context represented by
-   the input interprocess_token is unauthorized for transfer to the
-   caller. Return values other than major_status and minor_status
-   are undefined.
-
-
-
-
-
-Linn                        Standards Track                    [Page 52]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call processes an interprocess token generated by
-   GSS_Export_sec_context(), making the transferred context available
-   for use by the caller.  After a successful GSS_Import_sec_context()
-   operation, the imported context is available for use by the importing
-   process.
-
-   For further discussion of the security and authorization issues
-   regarding this call, please see the discussion in Section 2.2.8.
-
-2.3:  Per-message calls
-
-   This group of calls is used to perform per-message protection
-   processing on an established security context. None of these calls
-   block pending network interactions. These calls may be invoked by a
-   context's initiator or by the context's target.  The four members of
-   this group should be considered as two pairs; the output from
-   GSS_GetMIC()  is properly input to GSS_VerifyMIC(),  and the output
-   from GSS_Wrap() is properly input to GSS_Unwrap().
-
-   GSS_GetMIC() and GSS_VerifyMIC() support data origin authentication
-   and data integrity services. When GSS_GetMIC()  is invoked on an
-   input message, it yields a per-message token containing data items
-   which allow underlying mechanisms to provide the specified security
-   services. The original message, along with the generated per-message
-   token, is passed to the remote peer; these two data elements are
-   processed by GSS_VerifyMIC(),  which validates the message in
-   conjunction with the separate token.
-
-   GSS_Wrap() and GSS_Unwrap() support caller-requested confidentiality
-   in addition to the data origin authentication and data integrity
-   services offered by GSS_GetMIC()  and GSS_VerifyMIC(). GSS_Wrap()
-   outputs a single data element, encapsulating optionally enciphered
-   user data as well as associated token data items.  The data element
-   output from GSS_Wrap()  is passed to the remote peer and processed by
-   GSS_Unwrap()  at that system. GSS_Unwrap() combines decipherment (as
-   required) with validation of data items related to authentication and
-   integrity.
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 53]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.3.1:  GSS_GetMIC call
-
-   Note: This call is functionally equivalent to the GSS_Sign call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Sign are deprecated.
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  qop_req INTEGER,-0 specifies default QOP
-
-   o  message OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  per_msg_token OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that an integrity check, suitable for an
-      established security context, was successfully applied and
-      that the message and corresponding per_msg_token are ready
-      for transmission.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data
-      items have expired, so that the requested operation cannot be
-      performed.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the context is recognized,
-      but that its associated credentials have expired, so
-      that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided.
-
-   o  GSS_S_BAD_QOP indicates that the provided QOP value is not
-      recognized or supported for the context.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but
-      that the requested operation could not be performed for
-      reasons unspecified at the GSS-API level.
-
-
-
-Linn                        Standards Track                    [Page 54]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Using the security context referenced by context_handle, apply an
-   integrity check to the input message (along with timestamps and/or
-   other data included in support of mech_type-specific mechanisms) and
-   return the result in per_msg_token. The qop_req parameter,
-   interpretation of which is discussed in Section 1.2.4, allows
-   quality-of-protection control. The caller passes the message and the
-   per_msg_token to the target.
-
-   The GSS_GetMIC()  function completes before the message and
-   per_msg_token is sent to the peer; successful application of
-   GSS_GetMIC()  does not guarantee that a corresponding GSS_VerifyMIC()
-   has been (or can necessarily be) performed successfully when the
-   message arrives at the destination.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.3.2:  GSS_VerifyMIC call
-
-   Note: This call is functionally equivalent to the GSS_Verify call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Verify are deprecated.
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  message OCTET STRING,
-
-   o  per_msg_token OCTET STRING
-
-   Outputs:
-
-   o  qop_state INTEGER,
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the message was successfully
-      verified.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 55]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-      on the received per_msg_token failed, preventing
-      further processing from being performed with that token.
-
-   o  GSS_S_BAD_SIG indicates that the received per_msg_token contains
-      an incorrect integrity check for the message.
-
-   o  GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN, GSS_S_UNSEQ_TOKEN,
-      and GSS_S_GAP_TOKEN values appear in conjunction with the
-      optional per-message replay detection features described
-      in Section 1.2.3; their semantics are described in that section.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data
-      items have expired, so that the requested operation cannot be
-      performed.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the context is
-   recognized,
-      but that its associated credentials have expired, so
-      that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but
-      that the GSS_VerifyMIC() operation could not be performed for
-      reasons unspecified at the GSS-API level.
-
-   Using the security context referenced by context_handle, verify that
-   the input per_msg_token contains an appropriate integrity check for
-   the input message, and apply any active replay detection or
-   sequencing features. Return an indication of the quality-of-
-   protection applied to the processed message in the qop_state result.
-   Since the GSS_VerifyMIC() routine never provides a confidentiality
-   service, its implementations should not return non-zero values in the
-   confidentiality fields of the output qop_state.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.3.3: GSS_Wrap call
-
-   Note: This call is functionally equivalent to the GSS_Seal call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Seal are deprecated.
-
-
-
-
-Linn                        Standards Track                    [Page 56]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  conf_req_flag BOOLEAN,
-
-   o  qop_req INTEGER,-0 specifies default QOP
-
-   o  input_message OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  conf_state BOOLEAN,
-
-   o  output_message OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the input_message was successfully
-      processed and that the output_message is ready for
-      transmission.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data
-      items have expired, so that the requested operation cannot be
-      performed.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the context is
-   recognized,
-      but that its associated credentials have expired, so
-      that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided.
-
-   o  GSS_S_BAD_QOP indicates that the provided QOP value is not
-      recognized or supported for the context.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but
-      that the GSS_Wrap()  operation could not be performed for
-      reasons unspecified at the GSS-API level.
-
-   Performs the data origin authentication and data integrity functions
-   of GSS_GetMIC().  If the input conf_req_flag is TRUE, requests that
-   confidentiality be applied to the input_message.  Confidentiality may
-
-
-
-Linn                        Standards Track                    [Page 57]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   not be supported in all mech_types or by all implementations; the
-   returned conf_state flag indicates whether confidentiality was
-   provided for the input_message. The qop_req parameter, interpretation
-   of which is discussed in Section 1.2.4, allows quality-of-protection
-   control.
-
-   In all cases, the GSS_Wrap()  call yields a single output_message
-   data element containing (optionally enciphered) user data as well as
-   control information.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.3.4: GSS_Unwrap call
-
-   Note: This call is functionally equivalent to the GSS_Unseal call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Unseal are deprecated.
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  input_message OCTET STRING
-
-   Outputs:
-
-   o  conf_state BOOLEAN,
-
-   o  qop_state INTEGER,
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_message OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the input_message was
-      successfully processed and that the resulting output_message is
-      available.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-      on the per_msg_token extracted from the input_message
-      failed, preventing further processing from being performed.
-
-
-
-Linn                        Standards Track                    [Page 58]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_BAD_SIG indicates that an incorrect integrity check was
-   detected
-      for the message.
-
-   o  GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN, GSS_S_UNSEQ_TOKEN,
-      and GSS_S_GAP_TOKEN values appear in conjunction with the
-      optional per-message replay detection features described
-      in Section 1.2.3; their semantics are described in that section.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data
-      items have expired, so that the requested operation cannot be
-      performed.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the context is
-   recognized,
-      but that its associated credentials have expired, so
-      that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-      for the input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but
-      that the GSS_Unwrap()  operation could not be performed for
-      reasons unspecified at the GSS-API level.
-
-   Processes a data element generated (and optionally enciphered) by
-   GSS_Wrap(),  provided as input_message. The returned conf_state value
-   indicates whether confidentiality was applied to the input_message.
-   If conf_state is TRUE, GSS_Unwrap()  deciphers the input_message.
-   Returns an indication of the quality-of-protection applied to the
-   processed message in the qop_state result. GSS_Wrap()  performs the
-   data integrity and data origin authentication checking functions of
-   GSS_VerifyMIC()  on the plaintext data. Plaintext data is returned in
-   output_message.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.4:  Support calls
-
-   This group of calls provides support functions useful to GSS-API
-   callers, independent of the state of established contexts. Their
-   characterization with regard to blocking or non-blocking status in
-   terms of network interactions is unspecified.
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 59]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.4.1:  GSS_Display_status call
-
-   Inputs:
-
-   o  status_value INTEGER,-GSS-API major_status or minor_status
-      return value
-
-   o  status_type INTEGER,-1 if major_status, 2 if minor_status
-
-   o  mech_type OBJECT IDENTIFIER-mech_type to be used for minor_
-      status translation
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  status_string_set SET OF OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a valid printable status
-      representation (possibly representing more than one status event
-      encoded within the status_value) is available in the returned
-      status_string_set.
-
-   o  GSS_S_BAD_MECH indicates that translation in accordance with an
-      unsupported mech_type was requested, so translation could not
-      be performed.
-
-   o  GSS_S_BAD_STATUS indicates that the input status_value was
-      invalid, or that the input status_type carried a value other
-      than 1 or 2, so translation could not be performed.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Provides a means for callers to translate GSS-API-returned major and
-   minor status codes into printable string representations.
-
-2.4.2:  GSS_Indicate_mechs call
-
-   Input:
-
-   o  (none)
-
-
-
-
-
-Linn                        Standards Track                    [Page 60]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  mech_set SET OF OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a set of available mechanisms has
-      been returned in mech_set.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to determine the set of mechanism types available on
-   the local system. This call is intended for support of specialized
-   callers who need to request non-default mech_type sets from
-   GSS_Acquire_cred(),  and should not be needed by other callers.
-
-2.4.3:  GSS_Compare_name call
-
-   Inputs:
-
-   o  name1 INTERNAL NAME,
-
-   o  name2 INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_equal BOOLEAN
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that name1 and name2 were comparable,
-      and that the name_equal result indicates whether name1 and
-      name2 represent the same entity.
-
-   o  GSS_S_BAD_NAMETYPE indicates that one or both of name1 and
-      name2 contained internal type specifiers uninterpretable
-      by the applicable underlying GSS-API mechanism(s), or that
-      the two names' types are different and incomparable, so that
-      the comparison operation could not be completed.
-
-
-
-Linn                        Standards Track                    [Page 61]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_BAD_NAME indicates that one or both of the input names
-      was ill-formed in terms of its internal type specifier, so
-      the comparison operation could not be completed.
-
-   o  GSS_S_FAILURE indicates that the call's operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to compare two internal name representations to
-   determine whether they refer to the same entity.  If either name
-   presented to GSS_Compare_name() denotes an anonymous principal,
-   GSS_Compare_name() shall indicate FALSE.  It is not required that
-   either or both inputs name1 and name2 be MNs; for some
-   implementations and cases, GSS_S_BAD_NAMETYPE may be returned,
-   indicating name incomparability, for the case where neither input
-   name is an MN.
-
-2.4.4:  GSS_Display_name call
-
-   Inputs:
-
-   o  name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_string OCTET STRING,
-
-   o  name_type OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a valid printable name
-      representation is available in the returned name_string.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided name was of a
-      type uninterpretable by the applicable underlying GSS-API
-      mechanism(s), so no printable representation could be generated.
-
-   o  GSS_S_BAD_NAME indicates that the contents of the provided name
-      were inconsistent with the internally-indicated name type, so
-      no printable representation could be generated.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-
-
-
-Linn                        Standards Track                    [Page 62]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Allows callers to translate an internal name representation into a
-   printable form with associated namespace type descriptor. The syntax
-   of the printable form is a local matter.
-
-   If the input name represents an anonymous identity, a reserved value
-   (GSS_C_NT_ANONYMOUS) shall be returned for name_type.
-
-2.4.5:  GSS_Import_name call
-
-   Inputs:
-
-   o  input_name_string OCTET STRING,
-
-   o  input_name_type OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_name INTERNAL NAME
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a valid name representation is
-      output in output_name and described by the type value in
-      output_name_type.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input_name_type is unsupported
-      by the applicable underlying GSS-API mechanism(s), so the import
-      operation could not be completed.
-
-   o  GSS_S_BAD_NAME indicates that the provided input_name_string
-      is ill-formed in terms of the input_name_type, so the import
-      operation could not be completed.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to provide a name representation as a contiguous octet
-   string, designate the type of namespace in conjunction with which it
-   should be parsed, and convert that representation to an internal form
-   suitable for input to other GSS-API routines.  The syntax of the
-   input_name_string is defined in conjunction with its associated name
-   type; depending on the input_name_type, the associated
-   input_name_string may or may not be a printable string. Note: The
-   input_name_type argument serves to describe and qualify the
-
-
-
-Linn                        Standards Track                    [Page 63]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   interpretation of the associated input_name_string; it does not
-   specify the data type of the returned output_name.
-
-   If a mechanism claims support for a particular name type, its
-   GSS_Import_name() operation shall be able to accept all possible
-   values conformant to the external name syntax as defined for that
-   name type.  These imported values may correspond to:
-
-      (1) locally registered entities (for which credentials may be
-      acquired),
-
-      (2) non-local entities (for which local credentials cannot be
-      acquired, but which may be referenced as targets of initiated
-      security contexts or initiators of accepted security contexts), or
-      to
-
-      (3) neither of the above.
-
-   Determination of whether a particular name belongs to class (1), (2),
-   or (3) as described above is not guaranteed to be performed by the
-   GSS_Import_name() function.
-
-   The internal name generated by a GSS_Import_name() operation may be a
-   single-mechanism MN, and is likely to be an MN within a single-
-   mechanism implementation, but portable callers must not depend on
-   this property (and must not, therefore, assume that the output from
-   GSS_Import_name() can be passed directly to GSS_Export_name() without
-   first being processed through GSS_Canonicalize_name()).
-
-2.4.6: GSS_Release_name call
-
-   Inputs:
-
-   o  name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the storage associated with the
-      input name was successfully released.
-
-   o  GSS_S_BAD_NAME indicates that the input name argument did not
-      contain a valid name.
-
-
-
-Linn                        Standards Track                    [Page 64]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an internal
-   name representation.  This call's specific behavior depends on the
-   language and programming environment within which a GSS-API
-   implementation operates, and is therefore detailed within applicable
-   bindings specifications; in particular, this call may be superfluous
-   within bindings where memory management is automatic.
-
-2.4.7: GSS_Release_buffer call
-
-   Inputs:
-
-   o  buffer OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the storage associated with the
-      input buffer was successfully released.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an OCTET STRING
-   buffer allocated by another GSS-API call.  This call's specific
-   behavior depends on the language and programming environment within
-   which a GSS-API implementation operates, and is therefore detailed
-   within applicable bindings specifications; in particular, this call
-   may be superfluous within bindings where memory management is
-   automatic.
-
-2.4.8: GSS_Release_OID_set call
-
-   Inputs:
-
-   o  buffer SET OF OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 65]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the storage associated with the
-      input object identifier set was successfully released.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an object
-   identifier set object allocated by another GSS-API call.  This call's
-   specific behavior depends on the language and programming environment
-   within which a GSS-API implementation operates, and is therefore
-   detailed within applicable bindings specifications; in particular,
-   this call may be superfluous within bindings where memory management
-   is automatic.
-
-2.4.9: GSS_Create_empty_OID_set call
-
-   Inputs:
-
-   o  (none)
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  oid_set SET OF OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   Creates an object identifier set containing no object identifiers, to
-   which members may be subsequently added using the
-   GSS_Add_OID_set_member() routine.  These routines are intended to be
-   used to construct sets of mechanism object identifiers, for input to
-   GSS_Acquire_cred().
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 66]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-2.4.10: GSS_Add_OID_set_member call
-
-   Inputs:
-
-   o  member_oid OBJECT IDENTIFIER,
-
-   o  oid_set SET OF OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   Adds an Object Identifier to an Object Identifier set.  This routine
-   is intended for use in conjunction with GSS_Create_empty_OID_set()
-   when constructing a set of mechanism OIDs for input to
-   GSS_Acquire_cred().
-
-2.4.11: GSS_Test_OID_set_member call
-
-   Inputs:
-
-   o  member OBJECT IDENTIFIER,
-
-   o  set SET OF OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  present BOOLEAN
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-
-
-
-
-Linn                        Standards Track                    [Page 67]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Interrogates an Object Identifier set to determine whether a
-   specified Object Identifier is a member.  This routine is intended to
-   be used with OID sets returned by GSS_Indicate_mechs(),
-   GSS_Acquire_cred(), and GSS_Inquire_cred().
-
-2.4.12: GSS_Release_OID call
-
-   Inputs:
-
-   o  oid OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   Allows the caller to release the storage associated with an OBJECT
-   IDENTIFIER buffer allocated by another GSS-API call. This call's
-   specific behavior depends on the language and programming environment
-   within which a GSS-API implementation operates, and is therefore
-   detailed within applicable bindings specifications; in particular,
-   this call may be superfluous within bindings where memory management
-   is automatic.
-
-2.4.13: GSS_OID_to_str call
-
-   Inputs:
-
-   o  oid OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  oid_str OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-
-
-Linn                        Standards Track                    [Page 68]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   The function GSS_OID_to_str() returns a string representing the input
-   OID in numeric ASN.1 syntax format (curly-brace enclosed, space-
-   delimited, e.g., "{2 16 840 1 113687 1 2 1}"). The string is
-   releasable using GSS_Release_buffer(). If the input "oid" does not
-   represent a syntactically valid object identifier, GSS_S_FAILURE
-   status is returned and the returned oid_str result is NULL.
-
-2.4.14: GSS_Str_to_OID call
-
-   Inputs:
-
-   o  oid_str OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  oid OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   The function GSS_Str_to_OID() constructs and returns an OID from its
-   printable form; implementations should be able to accept the numeric
-   ASN.1 syntax form as described for GSS_OID_to_str(), and this form
-   should be used for portability, but implementations of this routine
-   may also accept other formats (e.g., "1.2.3.3"). The OID is suitable
-   for release using the function GSS_Release_OID(). If the input
-   oid_str cannot be translated into an OID, GSS_S_FAILURE status is
-   returned and the "oid" result is NULL.
-
-2.4.15:  GSS_Inquire_names_for_mech call
-
-   Input:
-
-   o  input_mech_type OBJECT IDENTIFIER, -- mechanism type
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 69]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   o  minor_status INTEGER,
-
-   o  name_type_set SET OF OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the output name_type_set contains
-      a list of name types which are supported by the locally available
-      mechanism identified by input_mech_type.
-
-   o  GSS_S_BAD_MECH indicates that the mechanism identified by
-      input_mech_type was unsupported within the local implementation,
-      causing the query to fail.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to determine the set of name types which are
-   supportable by a specific locally-available mechanism.
-
-2.4.16: GSS_Inquire_mechs_for_name call
-
-   Inputs:
-
-   o  input_name INTERNAL NAME,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  mech_types SET OF OBJECT IDENTIFIER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a set of object identifiers,
-      corresponding to the set of mechanisms suitable for processing
-      the input_name, is available in mech_types.
-
-   o  GSS_S_BAD_NAME indicates that the input_name could not be
-      processed.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the type of the input_name
-      is unsupported by the GSS-API implementation.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-
-
-Linn                        Standards Track                    [Page 70]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   This routine returns the mechanism set with which the input_name may
-   be processed.  After use, the mech_types object should be freed by
-   the caller via the GSS_Release_OID_set() call.  Note: it is
-   anticipated that implementations of GSS_Inquire_mechs_for_name() will
-   commonly operate based on type information describing the
-   capabilities of available mechanisms; it is not guaranteed that all
-   identified mechanisms will necessarily be able to canonicalize (via
-   GSS_Canonicalize_name()) a particular name.
-
-2.4.17: GSS_Canonicalize_name call
-
-   Inputs:
-
-   o  input_name INTERNAL NAME,
-
-   o  mech_type OBJECT IDENTIFIER  -- must be explicit mechanism,
-                                      not "default" specifier
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_name INTERNAL NAME
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a mechanism-specific reduction of
-      the input_name, as processed by the mechanism identified by
-      mech_type, is available in output_name.
-
-   o  GSS_S_BAD_MECH indicates that the identified mechanism is
-      unsupported.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input name does not
-      contain an element with suitable type for processing by the
-      identified mechanism.
-
-   o  GSS_S_BAD_NAME indicates that the input name contains an
-      element with suitable type for processing by the identified
-      mechanism, but that this element could not be processed
-      successfully.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-
-
-
-
-Linn                        Standards Track                    [Page 71]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   This routine reduces a GSS-API internal name, which may in general
-   contain elements corresponding to multiple mechanisms, to a
-   mechanism-specific Mechanism Name (MN) by applying the translations
-   corresponding to the mechanism identified by mech_type.
-
-2.4.18: GSS_Export_name call
-
-   Inputs:
-
-   o  input_name INTERNAL NAME, -- required to be MN
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_name OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a flat representation of the
-      input name is available in output_name.
-
-   o  GSS_S_NAME_NOT_MN indicates that the input name contained
-      elements corresponding to multiple mechanisms, so cannot
-      be exported into a single-mechanism flat form.
-
-   o  GSS_S_BAD_NAME indicates that the input name was an MN,
-      but could not be processed.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input name was an MN,
-      but that its type is unsupported by the GSS-API implementation.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   This routine creates a flat name representation, suitable for
-   bytewise comparison or for input to GSS_Import_name() in conjunction
-   with the reserved GSS-API Exported Name Object OID, from a internal-
-   form Mechanism Name (MN) as emitted, e.g., by GSS_Canonicalize_name()
-   or GSS_Accept_sec_context().
-
-   The emitted GSS-API Exported Name Object is self-describing; no
-   associated parameter-level OID need be emitted by this call.  This
-   flat representation consists of a mechanism-independent wrapper
-   layer, defined in Section 3.2 of this document, enclosing a
-   mechanism-defined name representation.
-
-
-
-Linn                        Standards Track                    [Page 72]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   In all cases, the flat name output by GSS_Export_name() to correspond
-   to a particular input MN must be invariant over time within a
-   particular installation.
-
-   The GSS_S_NAME_NOT_MN status code is provided to enable
-   implementations to reject input names which are not MNs.  It is not,
-   however, required for purposes of conformance to this specification
-   that all non-MN input names must necessarily be rejected.
-
-2.4.19: GSS_Duplicate_name call
-
-   Inputs:
-
-   o  src_name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  dest_name INTERNAL NAME
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that dest_name references an internal
-      name object containing the same name as passed to src_name.
-
-   o  GSS_S_BAD_NAME indicates that the input name was invalid.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input name's type
-      is unsupported by the GSS-API implementation.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not
-      be performed for reasons unspecified at the GSS-API level.
-
-   This routine takes input internal name src_name, and returns another
-   reference (dest_name) to that name which can be used even if src_name
-   is later freed.  (Note: This may be implemented by copying or through
-   use of reference counts.)
-
-3: Data Structure Definitions for GSS-V2 Usage
-
-   Subsections of this section define, for interoperability and
-   portability purposes, certain data structures for use with GSS-V2.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 73]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-3.1: Mechanism-Independent Token Format
-
-   This section specifies a mechanism-independent level of encapsulating
-   representation for the initial token of a GSS-API context
-   establishment sequence, incorporating an identifier of the mechanism
-   type to be used on that context and enabling tokens to be interpreted
-   unambiguously at GSS-API peers. Use of this format is required for
-   initial context establishment tokens of Internet standards-track
-   GSS-API mechanisms; use in non-initial tokens is optional.
-
-   The encoding format for the token tag is derived from ASN.1 and DER
-   (per illustrative ASN.1 syntax included later within this
-   subsection), but its concrete representation is defined directly in
-   terms of octets rather than at the ASN.1 level in order to facilitate
-   interoperable implementation without use of general ASN.1 processing
-   code.  The token tag consists of the following elements, in order:
-
-      1. 0x60 -- Tag for [APPLICATION 0] SEQUENCE; indicates that
-      constructed form, definite length encoding follows.
-
-      2. Token length octets, specifying length of subsequent data
-      (i.e., the summed lengths of elements 3-5 in this list, and of the
-      mechanism-defined token object following the tag).  This element
-      comprises a variable number of octets:
-
-      2a. If the indicated value is less than 128, it shall be
-      represented in a single octet with bit 8 (high order) set to "0"
-      and the remaining bits representing the value.
-
-      2b. If the indicated value is 128 or more, it shall be represented
-      in two or more octets, with bit 8 of the first octet set to "1"
-      and the remaining bits of the first octet specifying the number of
-      additional octets.  The subsequent octets carry the value, 8 bits
-      per octet, most significant digit first.  The minimum number of
-      octets shall be used to encode the length (i.e., no octets
-      representing leading zeros shall be included within the length
-      encoding).
-
-      3. 0x06 -- Tag for OBJECT IDENTIFIER
-
-      4. Object identifier length -- length (number of octets) of the
-      encoded object identifier contained in element 5, encoded per
-      rules as described in 2a. and 2b. above.
-
-      5. Object identifier octets -- variable number of octets, encoded
-      per ASN.1 BER rules:
-
-
-
-
-
-Linn                        Standards Track                    [Page 74]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-      5a. The first octet contains the sum of two values: (1) the top-
-      level object identifier component, multiplied by 40 (decimal), and
-      (2) the second-level object identifier component.  This special
-      case is the only point within an object identifier encoding where
-      a single octet represents contents of more than one component.
-
-      5b. Subsequent octets, if required, encode successively-lower
-      components in the represented object identifier.  A component's
-      encoding may span multiple octets, encoding 7 bits per octet (most
-      significant bits first) and with bit 8 set to "1" on all but the
-      final octet in the component's encoding.  The minimum number of
-      octets shall be used to encode each component (i.e., no octets
-      representing leading zeros shall be included within a component's
-      encoding).
-
-      (Note: In many implementations, elements 3-5 may be stored and
-      referenced as a contiguous string constant.)
-
-   The token tag is immediately followed by a mechanism-defined token
-   object.  Note that no independent size specifier intervenes following
-   the object identifier value to indicate the size of the mechanism-
-   defined token object.  While ASN.1 usage within mechanism-defined
-   tokens is permitted, there is no requirement that the mechanism-
-   specific innerContextToken, innerMsgToken, and sealedUserData data
-   elements must employ ASN.1 BER/DER encoding conventions.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 75]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   The following ASN.1 syntax is included for descriptive purposes only,
-   to illustrate structural relationships among token and tag objects.
-   For interoperability purposes, token and tag encoding shall be
-   performed using the concrete encoding procedures described earlier in
-   this subsection.
-
-       GSS-API DEFINITIONS ::=
-
-       BEGIN
-
-       MechType ::= OBJECT IDENTIFIER
-       -- data structure definitions
-
-       -- callers must be able to distinguish among
-       -- InitialContextToken, SubsequentContextToken,
-       -- PerMsgToken, and SealedMessage data elements
-       -- based on the usage in which they occur
-
-       InitialContextToken ::=
-       -- option indication (delegation, etc.) indicated within
-       -- mechanism-specific token
-       [APPLICATION 0] IMPLICIT SEQUENCE {
-               thisMech MechType,
-               innerContextToken ANY DEFINED BY thisMech
-                  -- contents mechanism-specific
-                  -- ASN.1 structure not required
-               }
-
-       SubsequentContextToken ::= innerContextToken ANY
-       -- interpretation based on predecessor InitialContextToken
-       -- ASN.1 structure not required
-
-       PerMsgToken ::=
-       -- as emitted by GSS_GetMIC and processed by GSS_VerifyMIC
-       -- ASN.1 structure not required
-               innerMsgToken ANY
-
-       SealedMessage ::=
-       -- as emitted by GSS_Wrap and processed by GSS_Unwrap
-       -- includes internal, mechanism-defined indicator
-       -- of whether or not encrypted
-       -- ASN.1 structure not required
-               sealedUserData ANY
-
-       END
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 76]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-3.2: Mechanism-Independent Exported Name Object Format
-
-   This section specifies a mechanism-independent level of encapsulating
-   representation for names exported via the GSS_Export_name() call,
-   including an object identifier representing the exporting mechanism.
-   The format of names encapsulated via this representation shall be
-   defined within individual mechanism drafts.  Name objects of this
-   type will be identified with the following Object Identifier:
-
-   {1(iso), 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
-   4(gss-api-exported-name)}
-
-   No name type OID is included in this mechanism-independent level of
-   format definition, since (depending on individual mechanism
-   specifications) the enclosed name may be implicitly typed or may be
-   explicitly typed using a means other than OID encoding.
-
-        Length    Name          Description
-
-        2               TOK_ID          Token Identifier
-                                        For exported name objects, this
-                                        must be hex 04 01.
-        2               MECH_OID_LEN    Length of the Mechanism OID
-        MECH_OID_LEN    MECH_OID        Mechanism OID, in DER
-        4               NAME_LEN        Length of name
-        NAME_LEN        NAME            Exported name; format defined in
-                                        applicable mechanism draft.
-
-4: Name Type Definitions
-
-   This section includes definitions for name types and associated
-   syntaxes which are defined in a mechanism-independent fashion at the
-   GSS-API level rather than being defined in individual mechanism
-   specifications.
-
-4.1: Host-Based Service Name Form
-
-   The following Object Identifier value is provided as a means to
-   identify this name form:
-
-   {1(iso), 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
-   2(gss-host-based-services)}
-
-   The recommended symbolic name for this type is
-   "GSS_C_NT_HOSTBASED_SERVICE".
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 77]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   This name type is used to represent services associated with host
-   computers.  This name form is constructed using two elements,
-   "service" and "hostname", as follows:
-
-                             service@hostname
-
-   When a reference to a name of this type is resolved, the "hostname"
-   is canonicalized by attempting a DNS lookup and using the fully-
-   qualified domain name which is returned, or by using the "hostname"
-   as provided if the DNS lookup fails.  The canonicalization operation
-   also maps the host's name into lower-case characters.
-
-   The "hostname" element may be omitted. If no "@" separator is
-   included, the entire name is interpreted as the service specifier,
-   with the "hostname" defaulted to the canonicalized name of the local
-   host.
-
-   Values for the "service" element are registered with the IANA.
-
-4.2: User Name Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) user_name(1)}. The recommended mechanism-independent
-   symbolic name for this type is "GSS_C_NT_USER_NAME". (Note: the same
-   name form and OID is defined within the Kerberos V5 GSS-API
-   mechanism, but the symbolic name recommended there begins with a
-   "GSS_KRB5_NT_" prefix.)
-
-   This name type is used to indicate a named user on a local system.
-   Its interpretation is OS-specific.  This name form is constructed as:
-
-                                 username
-
-4.3: Machine UID Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) machine_uid_name(2)}.  The recommended mechanism-
-   independent symbolic name for this type is
-   "GSS_C_NT_MACHINE_UID_NAME".  (Note: the same name form and OID is
-   defined within the Kerberos V5 GSS-API mechanism, but the symbolic
-   name recommended there begins with a "GSS_KRB5_NT_" prefix.)
-
-   This name type is used to indicate a numeric user identifier
-   corresponding to a user on a local system.  Its interpretation is
-   OS-specific.  The gss_buffer_desc representing a name of this type
-   should contain a locally-significant uid_t, represented in host byte
-
-
-
-Linn                        Standards Track                    [Page 78]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   order.  The GSS_Import_name() operation resolves this uid into a
-   username, which is then treated as the User Name Form.
-
-4.4: String UID Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) string_uid_name(3)}.  The recommended symbolic name for
-   this type is "GSS_C_NT_STRING_UID_NAME".  (Note: the same name form
-   and OID is defined within the Kerberos V5 GSS-API mechanism, but the
-   symbolic name recommended there begins with a "GSS_KRB5_NT_" prefix.)
-
-   This name type is used to indicate a string of digits representing
-   the numeric user identifier of a user on a local system.  Its
-   interpretation is OS-specific. This name type is similar to the
-   Machine UID Form, except that the buffer contains a string
-   representing the uid_t.
-
-5:  Mechanism-Specific Example Scenarios
-
-   This section provides illustrative overviews of the use of various
-   candidate mechanism types to support the GSS-API. These discussions
-   are intended primarily for readers familiar with specific security
-   technologies, demonstrating how GSS-API functions can be used and
-   implemented by candidate underlying mechanisms. They should not be
-   regarded as constrictive to implementations or as defining the only
-   means through which GSS-API functions can be realized with a
-   particular underlying technology, and do not demonstrate all GSS-API
-   features with each technology.
-
-5.1: Kerberos V5, single-TGT
-
-   OS-specific login functions yield a TGT to the local realm Kerberos
-   server; TGT is placed in a credentials structure for the client.
-   Client calls GSS_Acquire_cred()  to acquire a cred_handle in order to
-   reference the credentials for use in establishing security contexts.
-
-   Client calls GSS_Init_sec_context().  If the requested service is
-   located in a different realm, GSS_Init_sec_context()  gets the
-   necessary TGT/key pairs needed to traverse the path from local to
-   target realm; these data are placed in the owner's TGT cache. After
-   any needed remote realm resolution, GSS_Init_sec_context()  yields a
-   service ticket to the requested service with a corresponding session
-   key; these data are stored in conjunction with the context. GSS-API
-   code sends KRB_TGS_REQ request(s) and receives KRB_TGS_REP
-   response(s) (in the successful case) or KRB_ERROR.
-
-
-
-
-
-Linn                        Standards Track                    [Page 79]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   Assuming success, GSS_Init_sec_context()  builds a Kerberos-formatted
-   KRB_AP_REQ message, and returns it in output_token.  The client sends
-   the output_token to the service.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(),  which verifies the authenticator, provides
-   the service with the client's authenticated name, and returns an
-   output_context_handle.
-
-   Both parties now hold the session key associated with the service
-   ticket, and can use this key in subsequent GSS_GetMIC(),
-   GSS_VerifyMIC(),  GSS_Wrap(), and GSS_Unwrap() operations.
-
-5.2: Kerberos V5, double-TGT
-
-   TGT acquisition as above.
-
-   Note: To avoid unnecessary frequent invocations of error paths when
-   implementing the GSS-API atop Kerberos V5, it seems appropriate to
-   represent "single-TGT K-V5" and "double-TGT K-V5" with separate
-   mech_types, and this discussion makes that assumption.
-
-   Based on the (specified or defaulted) mech_type,
-   GSS_Init_sec_context()  determines that the double-TGT protocol
-   should be employed for the specified target. GSS_Init_sec_context()
-   returns GSS_S_CONTINUE_NEEDED major_status, and its returned
-   output_token contains a request to the service for the service's TGT.
-   (If a service TGT with suitably long remaining lifetime already
-   exists in a cache, it may be usable, obviating the need for this
-   step.) The client passes the output_token to the service.  Note: this
-   scenario illustrates a different use for the GSS_S_CONTINUE_NEEDED
-   status return facility than for support of mutual authentication;
-   note that both uses can coexist as successive operations within a
-   single context establishment operation.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(),  which recognizes it as a request for TGT.
-   (Note that current Kerberos V5 defines no intra-protocol mechanism to
-   represent such a request.) GSS_Accept_sec_context()  returns
-   GSS_S_CONTINUE_NEEDED major_status and provides the service's TGT in
-   its output_token. The service sends the output_token to the client.
-
-   The client passes the received token as the input_token argument to a
-   continuation of GSS_Init_sec_context(). GSS_Init_sec_context() caches
-   the received service TGT and uses it as part of a service ticket
-   request to the Kerberos authentication server, storing the returned
-   service ticket and session key in conjunction with the context.
-   GSS_Init_sec_context()  builds a Kerberos-formatted authenticator,
-
-
-
-Linn                        Standards Track                    [Page 80]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   and returns it in output_token along with GSS_S_COMPLETE return
-   major_status. The client sends the output_token to the service.
-
-   Service passes the received token as the input_token argument to a
-   continuation call to GSS_Accept_sec_context().
-   GSS_Accept_sec_context()  verifies the authenticator, provides the
-   service with the client's authenticated name, and returns
-   major_status GSS_S_COMPLETE.
-
-   GSS_GetMIC(),  GSS_VerifyMIC(), GSS_Wrap(), and GSS_Unwrap()  as
-   above.
-
-5.3:  X.509 Authentication Framework
-
-   This example illustrates use of the GSS-API in conjunction with
-   public-key mechanisms, consistent with the X.509 Directory
-   Authentication Framework.
-
-   The GSS_Acquire_cred()  call establishes a credentials structure,
-   making the client's private key accessible for use on behalf of the
-   client.
-
-   The client calls GSS_Init_sec_context(),  which interrogates the
-   Directory to acquire (and validate) a chain of public-key
-   certificates, thereby collecting the public key of the service.  The
-   certificate validation operation determines that suitable integrity
-   checks were applied by trusted authorities and that those
-   certificates have not expired. GSS_Init_sec_context()  generates a
-   secret key for use in per-message protection operations on the
-   context, and enciphers that secret key under the service's public
-   key.
-
-   The enciphered secret key, along with an authenticator quantity
-   signed with the client's private key, is included in the output_token
-   from GSS_Init_sec_context().  The output_token also carries a
-   certification path, consisting of a certificate chain leading from
-   the service to the client; a variant approach would defer this path
-   resolution to be performed by the service instead of being asserted
-   by the client. The client application sends the output_token to the
-   service.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context().  GSS_Accept_sec_context() validates the
-   certification path, and as a result determines a certified binding
-   between the client's distinguished name and the client's public key.
-   Given that public key, GSS_Accept_sec_context() can process the
-   input_token's authenticator quantity and verify that the client's
-   private key was used to sign the input_token. At this point, the
-
-
-
-Linn                        Standards Track                    [Page 81]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   client is authenticated to the service. The service uses its private
-   key to decipher the enciphered secret key provided to it for per-
-   message protection operations on the context.
-
-   The client calls GSS_GetMIC()  or GSS_Wrap() on a data message, which
-   causes per-message authentication, integrity, and (optional)
-   confidentiality facilities to be applied to that message. The service
-   uses the context's shared secret key to perform corresponding
-   GSS_VerifyMIC()  and GSS_Unwrap() calls.
-
-6:  Security Considerations
-
-   Security issues are discussed throughout this memo.
-
-7:  Related Activities
-
-   In order to implement the GSS-API atop existing, emerging, and future
-   security mechanisms:
-
-      object identifiers must be assigned to candidate GSS-API
-      mechanisms and the name types which they support
-
-      concrete data element formats and processing procedures must be
-      defined for candidate mechanisms
-
-   Calling applications must implement formatting conventions which will
-   enable them to distinguish GSS-API tokens from other data carried in
-   their application protocols.
-
-   Concrete language bindings are required for the programming
-   environments in which the GSS-API is to be employed, as RFC-1509
-   defines for the C programming language and GSS-V1.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 82]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-APPENDIX A
-
-MECHANISM DESIGN CONSTRAINTS
-
-   The following constraints on GSS-API mechanism designs are adopted in
-   response to observed caller protocol requirements, and adherence
-   thereto is anticipated in subsequent descriptions of GSS-API
-   mechanisms to be documented in standards-track Internet
-   specifications.
-
-   It is strongly recommended that mechanisms offering per-message
-   protection services also offer at least one of the replay detection
-   and sequencing services, as mechanisms offering neither of the latter
-   will fail to satisfy recognized requirements of certain candidate
-   caller protocols.
-
-APPENDIX B
-
-                         COMPATIBILITY WITH GSS-V1
-
-   It is the intent of this document to define an interface and
-   procedures which preserve compatibility between GSS-V1 (RFC-1508)
-   callers and GSS- V2 providers.  All calls defined in GSS-V1 are
-   preserved, and it has been a goal that GSS-V1 callers should be able
-   to operate atop GSS-V2 provider implementations.  Certain detailed
-   changes, summarized in this section, have been made in order to
-   resolve omissions identified in GSS-V1.
-
-   The following GSS-V1 constructs, while supported within GSS-V2, are
-   deprecated:
-
-      Names for per-message processing routines: GSS_Seal() deprecated
-      in favor of GSS_Wrap(); GSS_Sign() deprecated in favor of
-      GSS_GetMIC(); GSS_Unseal() deprecated in favor of GSS_Unwrap();
-      GSS_Verify() deprecated in favor of GSS_VerifyMIC().
-
-      GSS_Delete_sec_context() facility for context_token usage,
-      allowing mechanisms to signal context deletion, is retained for
-      compatibility with GSS-V1.  For current usage, it is recommended
-      that both peers to a context invoke GSS_Delete_sec_context()
-      independently, passing a null output_context_token buffer to
-      indicate that no context_token is required.  Implementations of
-      GSS_Delete_sec_context() should delete relevant locally-stored
-      context information.
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 83]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   This GSS-V2 specification adds the following calls which are not
-   present in GSS-V1:
-
-      Credential management calls: GSS_Add_cred(),
-      GSS_Inquire_cred_by_mech().
-
-      Context-level calls: GSS_Inquire_context(), GSS_Wrap_size_limit(),
-      GSS_Export_sec_context(), GSS_Import_sec_context().
-
-      Per-message calls: No new calls.  Existing calls have been renamed.
-
-      Support calls: GSS_Create_empty_OID_set(),
-      GSS_Add_OID_set_member(), GSS_Test_OID_set_member(),
-      GSS_Release_OID(), GSS_OID_to_str(), GSS_Str_to_OID(),
-      GSS_Inquire_names_for_mech(), GSS_Inquire_mechs_for_name(),
-      GSS_Canonicalize_name(), GSS_Export_name(), GSS_Duplicate_name().
-
-   This GSS-V2 specification introduces three new facilities applicable
-   to security contexts, indicated using the following context state
-   values which are not present in GSS-V1:
-
-      anon_state, set TRUE to indicate that a context's initiator is
-      anonymous from the viewpoint of the target; Section 1.2.5 of this
-      specification provides a summary description of the GSS-V2
-      anonymity support facility, support and use of which is optional.
-
-      prot_ready_state, set TRUE to indicate that a context may be used
-      for per-message protection before final completion of context
-      establishment; Section 1.2.7 of this specification provides a
-      summary description of the GSS-V2 facility enabling mechanisms to
-      selectively permit per-message protection during context
-      establishment, support and use of which is optional.
-
-      trans_state, set TRUE to indicate that a context is transferable to
-      another process using the GSS-V2 GSS_Export_sec_context() facility.
-
-   These state values are represented (at the C bindings level) in
-   positions within a bit vector which are unused in GSS-V1, and may be
-   safely ignored by GSS-V1 callers.
-
-   Relative to GSS-V1, GSS-V2 provides additional guidance to GSS-API
-   implementors in the following areas: implementation robustness,
-   credential management, behavior in multi-mechanism configurations,
-   naming support, and inclusion of optional sequencing services.  The
-   token tagging facility as defined in GSS-V2, Section 3.1, is now
-   described directly in terms of octets to facilitate interoperable
-   implementation without general ASN.1 processing code; the
-   corresponding ASN.1 syntax, included for descriptive purposes, is
-
-
-
-Linn                        Standards Track                    [Page 84]
-
-RFC 2078                        GSS-API                     January 1997
-
-
-   unchanged from that in GSS-V1. For use in conjunction with added
-   naming support facilities, a new Exported Name Object construct is
-   added.  Additional name types are introduced in Section 4.
-
-   This GSS-V2 specification adds the following major_status values
-   which are not defined in GSS-V1:
-
-     GSS_S_BAD_QOP                 unsupported QOP value
-     GSS_S_UNAUTHORIZED            operation unauthorized
-     GSS_S_UNAVAILABLE             operation unavailable
-     GSS_S_DUPLICATE_ELEMENT       duplicate credential element requested
-     GSS_S_NAME_NOT_MN             name contains multi-mechanism elements
-     GSS_S_GAP_TOKEN               skipped predecessor token(s)
-                                    detected
-
-   Of these added status codes, only two values are defined to be
-   returnable by calls existing in GSS-V1: GSS_S_BAD_QOP (returnable by
-   GSS_GetMIC() and GSS_Wrap()), and GSS_S_GAP_TOKEN (returnable by
-   GSS_VerifyMIC() and GSS_Unwrap()).
-
-   Additionally, GSS-V2 descriptions of certain calls present in GSS-V1
-   have been updated to allow return of additional major_status values
-   from the set as defined in GSS-V1: GSS_Inquire_cred() has
-   GSS_S_DEFECTIVE_CREDENTIAL and GSS_S_CREDENTIALS_EXPIRED defined as
-   returnable, GSS_Init_sec_context() has GSS_S_OLD_TOKEN,
-   GSS_S_DUPLICATE_TOKEN, and GSS_S_BAD_MECH defined as returnable, and
-   GSS_Accept_sec_context() has GSS_S_BAD_MECH defined as returnable.
-
-Author's Address
-
-   John Linn
-   OpenVision Technologies
-   One Main St.
-   Cambridge, MA  02142  USA
-
-   Phone: +1 617.374.2245
-   EMail: John.Linn@ov.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 85]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc2203.txt b/crypto/heimdal/doc/standardisation/rfc2203.txt
deleted file mode 100644
index 2f6a8a0d0f37..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc2203.txt
+++ /dev/null
@@ -1,1291 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                          M. Eisler
-Request for Comments: 2203                                       A. Chiu
-Category: Standards Track                                        L. Ling
-                                                          September 1997
-
-
-                   RPCSEC_GSS Protocol Specification
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-Abstract
-
-   This memo describes an ONC/RPC security flavor that allows RPC
-   protocols to access the Generic Security Services Application
-   Programming Interface (referred to henceforth as GSS-API).
-
-Table of Contents
-
-   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
-   2.  The ONC RPC Message Protocol . . . . . . . . . . . . . . . . . 2
-   3.  Flavor Number Assignment . . . . . . . . . . . . . . . . . . . 3
-   4.  New auth_stat Values . . . . . . . . . . . . . . . . . . . . . 3
-   5.  Elements of the RPCSEC_GSS Security Protocol . . . . . . . . . 3
-   5.1.  Version Selection  . . . . . . . . . . . . . . . . . . . . . 5
-   5.2.  Context Creation . . . . . . . . . . . . . . . . . . . . . . 5
-   5.2.1.  Mechanism and QOP Selection  . . . . . . . . . . . . . . . 5
-   5.2.2.  Context Creation Requests  . . . . . . . . . . . . . . . . 6
-   5.2.3.  Context Creation Responses . . . . . . . . . . . . . . . . 8
-   5.2.3.1.  Context Creation Response - Successful Acceptance  . . . 8
-   5.2.3.1.1.  Client Processing of Successful Context Creation
-               Responses  . . . . . . . . . . . . . . . . . . . . . . 9
-   5.2.3.2.  Context Creation Response - Unsuccessful Cases . . . . . 9
-   5.3.  RPC Data Exchange  . . . . . . . . . . . . . . . . . . . .  10
-   5.3.1.  RPC Request Header . . . . . . . . . . . . . . . . . . .  10
-   5.3.2.  RPC Request Data . . . . . . . . . . . . . . . . . . . .  11
-   5.3.2.1.  RPC Request Data - No Data Integrity . . . . . . . . .  11
-   5.3.2.2.  RPC Request Data - With Data Integrity . . . . . . . .  11
-   5.3.2.3.  RPC Request Data - With Data Privacy . . . . . . . . .  12
-   5.3.3.  Server Processing of RPC Data Requests . . . . . . . . .  12
-   5.3.3.1.  Context Management . . . . . . . . . . . . . . . . . .  12
-   5.3.3.2.  Server Reply - Request Accepted  . . . . . . . . . . .  14
-   5.3.3.3.  Server Reply - Request Denied  . . . . . . . . . . . .  15
-
-
-
-Eisler, et. al.             Standards Track                     [Page 1]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   5.3.3.4.  Mapping of GSS-API Errors to Server Responses  . . . .  16
-   5.3.3.4.1.  GSS_GetMIC() Failure . . . . . . . . . . . . . . . .  16
-   5.3.3.4.2.  GSS_VerifyMIC() Failure  . . . . . . . . . . . . . .  16
-   5.3.3.4.3.  GSS_Unwrap() Failure . . . . . . . . . . . . . . . .  16
-   5.3.3.4.4.  GSS_Wrap() Failure . . . . . . . . . . . . . . . . .  16
-   5.4.  Context Destruction  . . . . . . . . . . . . . . . . . . .  17
-   6.  Set of GSS-API Mechanisms  . . . . . . . . . . . . . . . . .  17
-   7.  Security Considerations  . . . . . . . . . . . . . . . . . .  18
-   7.1.  Privacy of Call Header . . . . . . . . . . . . . . . . . .  18
-   7.2.  Sequence Number Attacks  . . . . . . . . . . . . . . . . .  18
-   7.2.1.  Sequence Numbers Above the Window  . . . . . . . . . . .  18
-   7.2.2.  Sequence Numbers Within or Below the Window  . . . . . .  18
-   7.3.  Message Stealing Attacks . . . . . . . . . . . . . . . . .  19
-   Appendix A. GSS-API Major Status Codes . . . . . . . . . . . . .  20
-   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . .  22
-   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . .  23
-
-1.  Introduction
-
-   This document describes the protocol used by the RPCSEC_GSS security
-   flavor.  Security flavors have been called authentication flavors for
-   historical reasons. This memo recognizes that there are two other
-   security services besides authentication, integrity, and privacy, and
-   so defines a new RPCSEC_GSS security flavor.
-
-   The protocol is described using the XDR language [Srinivasan-xdr].
-   The reader is assumed to be familiar with ONC RPC and the security
-   flavor mechanism [Srinivasan-rpc].  The reader is also assumed to be
-   familiar with the GSS-API framework [Linn].  The RPCSEC_GSS security
-   flavor uses GSS-API interfaces to provide security services that are
-   independent of the underlying security mechanism.
-
-2.  The ONC RPC Message Protocol
-
-   This memo refers to the following XDR types of the ONC RPC protocol,
-   which are described in the document entitled Remote Procedure Call
-   Protocol Specification Version 2 [Srinivasan-rpc]:
-
-      msg_type
-      reply_stat
-      auth_flavor
-      accept_stat
-      reject_stat
-      auth_stat
-      opaque_auth
-      rpc_msg
-      call_body
-      reply_body
-
-
-
-Eisler, et. al.             Standards Track                     [Page 2]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-      accepted_reply
-      rejected_reply
-
-3.  Flavor Number Assignment
-
-   The RPCSEC_GSS security flavor has been assigned the value of 6:
-
-      enum auth_flavor {
-          ...
-          RPCSEC_GSS = 6      /* RPCSEC_GSS security flavor */
-      };
-
-4.  New auth_stat Values
-
-   RPCSEC_GSS requires the addition of two new values to the auth_stat
-   enumerated type definition:
-
-      enum auth_stat {
-              ...
-              /*
-               * RPCSEC_GSS errors
-               */
-              RPCSEC_GSS_CREDPROBLEM = 13,
-              RPCSEC_GSS_CTXPROBLEM = 14
-      };
-
-   The descriptions of these two new values are defined later in this
-   memo.
-
-5.  Elements of the RPCSEC_GSS Security Protocol
-
-   An RPC session based on the RPCSEC_GSS security flavor consists of
-   three phases: context creation, RPC data exchange, and context
-   destruction.  In the following discussion, protocol elements for
-   these three phases are described.
-
-   The following description of the RPCSEC_GSS protocol uses some of the
-   definitions within XDR language description of the RPC protocol.
-
-   Context creation and destruction use control messages that are not
-   dispatched to service procedures registered by an RPC server.  The
-   program and version numbers used in these control messages are the
-   same as the RPC service's program and version numbers.  The procedure
-   number used is NULLPROC (zero).  A field in the credential
-   information (the gss_proc field which is defined in the
-   rpc_gss_cred_t structure below) specifies whether a message is to be
-   interpreted as a control message or a regular RPC message.  If this
-   field is set to RPCSEC_GSS_DATA, no control action is implied; in
-
-
-
-Eisler, et. al.             Standards Track                     [Page 3]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   this case, it is a regular data message.  If this field is set to any
-   other value, a control action is implied.  This is described in the
-   following sections.
-
-   Just as with normal RPC data exchange messages, the transaction
-   identifier (the xid field in struct rpc_msg), should be set to unique
-   values on each call for context creation and context destruction.
-
-   The following definitions are used for describing the protocol.
-
-      /* RPCSEC_GSS control procedures */
-
-
-      enum rpc_gss_proc_t {
-              RPCSEC_GSS_DATA = 0,
-              RPCSEC_GSS_INIT = 1,
-              RPCSEC_GSS_CONTINUE_INIT = 2,
-              RPCSEC_GSS_DESTROY = 3
-      };
-
-      /* RPCSEC_GSS services */
-
-      enum rpc_gss_service_t {
-          /* Note: the enumerated value for 0 is reserved. */
-          rpc_gss_svc_none = 1,
-          rpc_gss_svc_integrity = 2,
-          rpc_gss_svc_privacy = 3
-      };
-
-      /* Credential */
-
-      /*
-       * Note: version 0 is reserved for possible future
-       * definition of a version negotiation protocol
-       *
-       */
-      #define RPCSEC_GSS_VERS_1 1
-
-      struct rpc_gss_cred_t {
-          union switch (unsigned int version) { /* version of
-                                                      RPCSEC_GSS */
-          case RPCSEC_GSS_VERS_1:
-              struct {
-                  rpc_gss_proc_t gss_proc;  /* control procedure */
-                  unsigned int seq_num;   /* sequence number */
-                  rpc_gss_service_t service; /* service used */
-                  opaque handle<>;       /* context handle */
-              } rpc_gss_cred_vers_1_t;
-
-
-
-Eisler, et. al.             Standards Track                     [Page 4]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-          }
-      };
-
-      /* Maximum sequence number value */
-
-      #define MAXSEQ 0x80000000
-
-5.1.  Version Selection
-
-   This document defines just one protocol version (RPCSEC_GSS_VERS_1).
-   The client should assume that the server supports RPCSEC_GSS_VERS_1
-   and issue a Context Creation message (as described in the section
-   RPCSEC_GSS_VERS_1, the RPC response will have a reply_stat of
-   MSG_DENIED, a rejection status of AUTH_ERROR, and an auth_stat of
-   AUTH_REJECTED_CRED.
-
-5.2.  Context Creation
-
-   Before RPC data is exchanged on a session using the RPCSEC_GSS
-   flavor, a context must be set up between the client and the server.
-   Context creation may involve zero or more RPC exchanges.  The number
-   of exchanges depends on the security mechanism.
-
-5.2.1.  Mechanism and QOP Selection
-
-   There is no facility in the RPCSEC_GSS protocol to negotiate GSS-API
-   mechanism identifiers or QOP values. At minimum, it is expected that
-   implementations of the RPCSEC_GSS protocol provide a means to:
-
-   *    specify mechanism identifiers, QOP values, and RPCSEC_GSS
-        service values on the client side, and to
-
-   *    enforce mechanism identifiers, QOP values, and RPCSEC_GSS
-        service values on a per-request basis on the server side.
-
-   It is necessary that above capabilities exist so that applications
-   have the means to conform the required set of required set of
-   <mechanism, QOP, service> tuples (See the section entitled Set of
-   GSS-API Mechanisms).  An application may negotiate <mechanism, QOP,
-   service> selection within its protocol or via an out of band
-   protocol. Hence it may be necessary for RPCSEC_GSS implementations to
-   provide programming interfaces for the specification and enforcement
-   of <mechanism, QOP, service>.
-
-   Additionally, implementations may depend on negotiation schemes
-   constructed as pseudo-mechanisms under the GSS-API.  Because such
-   schemes are below the GSS-API layer, the RPCSEC_GSS protocol, as
-   specified in this document, can make use of them.
-
-
-
-Eisler, et. al.             Standards Track                     [Page 5]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-5.2.2.  Context Creation Requests
-
-   The first RPC request from the client to the server initiates context
-   creation.  Within the RPC message protocol's call_body structure,
-   rpcvers is set to 2. prog and vers are always those for the service
-   being accessed.  The proc is always set to NULLPROC (zero).
-
-   Within the RPC message protocol's cred structure, flavor is set to
-   RPCSEC_GSS (6).  The opaque data of the cred structure (the body
-   field) constituting the credential encodes the rpc_gss_cred_t
-   structure defined previously.
-
-   The values of the fields contained in the rpc_gss_cred_t structure
-   are set as follows.  The version field is set to the version of the
-   RPCSEC_GSS protocol the client wants to use.  The remainder of this
-   memo documents version RPCSEC_GSS_VERS_1 of RPCSEC_GSS, and so the
-   version field would be set to RPCSEC_GSS_VERS_1.  The gss_proc field
-   must be set to RPCSEC_GSS_INIT for the first creation request.  In
-   subsequent creation requests, the gss_proc field must be set to
-   RPCSEC_GSS_CONTINUE_INIT.  In a creation request, the seq_num and
-   service fields are undefined and both must be ignored by the server.
-   In the first creation request, the handle field is NULL (opaque data
-   of zero length).  In subsequent creation requests, handle must be
-   equal to the value returned by the server.  The handle field serves
-   as the identifier for the context, and will not change for the
-   duration of the context, including responses to
-   RPCSEC_GSS_CONTINUE_INIT.
-
-   The verifier field in the RPC message header is also described by the
-   opaque_auth structure.  All creation requests have the NULL verifier
-   (AUTH_NONE flavor with zero length opaque data).
-
-   Following the verifier are the call data (procedure specific
-   parameters).  Note that the proc field of the call_body structure is
-   set to NULLPROC, and thus normally there would be zero octets
-   following the verifier.  However, since there is no RPC data exchange
-   during a context creation, it is safe to transfer information
-   following the verifier.  It is necessary to "overload" the call data
-   in this way, rather than pack the GSS-API token into the RPC header,
-   because RPC Version 2 restricts the amount of data that can be sent
-   in the header.  The opaque body of the credential and verifier fields
-   can be each at most 400 octets long, and GSS tokens can be longer
-   than 800 octets.
-
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                     [Page 6]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   The call data for a context creation request is described by the
-   following structure for all creation requests:
-
-      struct rpc_gss_init_arg {
-          opaque gss_token<>;
-      };
-
-   Here, gss_token is the token returned by the call to  GSS-API's
-   GSS_Init_sec_context() routine, opaquely encoded.  The value of this
-   field will likely be different in each creation request, if there is
-   more than one creation request.  If no token is returned by the call
-   to GSS_Init_sec_context(), the context must have been created
-   (assuming no errors), and there will not be any more creation
-   requests.
-
-   When GSS_Init_sec_context() is called, the parameters
-   replay_det_req_flag and sequence_req_flag must be turned off. The
-   reasons for this are:
-
-   *    ONC RPC can be used over unreliable transports and provides no
-        layer to reliably re-assemble messages. Thus it is possible for
-        gaps in message sequencing to occur, as well as out of order
-        messages.
-
-   *    RPC servers can be multi-threaded, and thus the order in which
-        GSS-API messages are signed or wrapped can be different from the
-        order in which the messages are verified or unwrapped, even if
-        the requests are sent on reliable transports.
-
-   *    To maximize convenience of implementation, the order in which an
-        ONC RPC entity will verify the header and verify/unwrap the body
-        of an RPC call or reply is left unspecified.
-
-   The RPCSEC_GSS protocol provides for protection from replay attack,
-   yet tolerates out-of-order delivery or processing of messages and
-   tolerates dropped requests.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                     [Page 7]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-5.2.3.  Context Creation Responses
-
-5.2.3.1.  Context Creation Response - Successful Acceptance
-
-   The response to a successful creation request has an MSG_ACCEPTED
-   response with a status of SUCCESS.  The results field encodes a
-   response with the following structure:
-
-      struct rpc_gss_init_res {
-              opaque handle<>;
-              unsigned int gss_major;
-              unsigned int gss_minor;
-              unsigned int seq_window;
-              opaque gss_token<>;
-      };
-
-   Here, handle is non-NULL opaque data that serves as the context
-   identifier. The client must use this value in all subsequent requests
-   whether control messages or otherwise).  The gss_major and gss_minor
-   fields contain the results of the call to GSS_Accept_sec_context()
-   executed by the server.  The values for the gss_major field are
-   defined in Appendix A of this document.  The values for the gss_minor
-   field are GSS-API mechanism specific and are defined in the
-   mechanism's specification.  If gss_major is not one of GSS_S_COMPLETE
-   or GSS_S_CONTINUE_NEEDED, the context setup has failed; in this case
-   handle and gss_token must be set to NULL by the server.  The value of
-   gss_minor is dependent on the value of gss_major and the security
-   mechanism used.  The gss_token field contains any token returned by
-   the GSS_Accept_sec_context() call executed by the server.  A token
-   may be returned for both successful values of gss_major.  If the
-   value is GSS_S_COMPLETE, it indicates that the server is not
-   expecting any more tokens, and the RPC Data Exchange phase must begin
-   on the subsequent request from the client. If the value is
-   GSS_S_CONTINUE_NEEDED, the server is expecting another token.  Hence
-   the client must send at least one more creation request (with
-   gss_proc set to RPCSEC_GSS_CONTINUE_INIT in the request's credential)
-   carrying the required token.
-
-   In a successful response, the seq_window field is set to the sequence
-   window length supported by the server for this context.  This window
-   specifies the maximum number of client requests that may be
-   outstanding for this context. The server will accept "seq_window"
-   requests at a time, and these may be out of order.  The client may
-   use this number to determine the number of threads that can
-   simultaneously send requests on this context.
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                     [Page 8]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   If gss_major is GSS_S_COMPLETE, the verifier's (the verf element in
-   the response) flavor field is set to RPCSEC_GSS, and the body field
-   set to the checksum of the seq_window (in network order). The QOP
-   used for this checksum is 0 (zero), which is the default QOP.  For
-   all other values of gss_major, a NULL verifier (AUTH_NONE flavor with
-   zero-length opaque data) is used.
-
-5.2.3.1.1.  Client Processing of Successful Context Creation Responses
-
-   If the value of gss_major in the response is GSS_S_CONTINUE_NEEDED,
-   then the client, per the GSS-API specification, must invoke
-   GSS_Init_sec_context() using the token returned in gss_token in the
-   context creation response. The client must then generate a context
-   creation request, with gss_proc set to RPCSEC_GSS_CONTINUE_INIT.
-
-   If the value of gss_major in the response is GSS_S_COMPLETE, and if
-   the client's previous invocation of GSS_Init_sec_context() returned a
-   gss_major value of GSS_S_CONTINUE_NEEDED, then the client, per the
-   GSS-API specification, must invoke GSS_Init_sec_context() using the
-   token returned in gss_token in the context creation response. If
-   GSS_Init_sec_context() returns GSS_S_COMPLETE, the context is
-   successfully set up, and the RPC data exchange phase must begin on
-   the subsequent request from the client.
-
-5.2.3.2.  Context Creation Response - Unsuccessful Cases
-
-   An MSG_ACCEPTED reply (to a creation request) with an acceptance
-   status of other than SUCCESS has a NULL verifier (flavor set to
-   AUTH_NONE, and zero length opaque data in the body field), and is
-   formulated as usual for different status values.
-
-   An MSG_DENIED reply (to a creation request) is also formulated as
-   usual.  Note that MSG_DENIED could be returned because the server's
-   RPC implementation does not recognize the RPCSEC_GSS security flavor.
-   RFC 1831 does not specify the appropriate reply status in this
-   instance, but common implementation practice appears to be to return
-   a rejection status of AUTH_ERROR with an auth_stat of
-   AUTH_REJECTEDCRED. Even though two new values (RPCSEC_GSS_CREDPROBLEM
-   and RPCSEC_GSS_CTXPROBLEM) have been defined for the auth_stat type,
-   neither of these two can be returned in responses to context creation
-   requests.  The auth_stat new values can be used for responses to
-   normal (data) requests.  This is described later.
-
-   MSG_DENIED might also be returned if the RPCSEC_GSS version number in
-   the credential is not supported on the server. In that case, the
-   server returns a rejection status of AUTH_ERROR, with an auth_stat of
-
-   AUTH_REJECTED_CRED.
-
-
-
-Eisler, et. al.             Standards Track                     [Page 9]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-5.3.  RPC Data Exchange
-
-   The data exchange phase is entered after a context has been
-   successfully set up. The format of the data exchanged depends on the
-   security service used for the request.  Although clients can change
-   the security service and QOP used on a per-request basis, this may
-   not be acceptable to all RPC services; some RPC services may "lock"
-   the data exchange phase into using the QOP and service used on the
-   first data exchange message.  For all three modes of service (no data
-   integrity, data integrity, data privacy), the RPC request header has
-   the same format.
-
-5.3.1.  RPC Request Header
-
-   The credential has the opaque_auth structure described earlier.  The
-   flavor field is set to RPCSEC_GSS.  The credential body is created by
-   XDR encoding the rpc_gss_cred_t structure listed earlier into an
-   octet stream, and then opaquely encoding this octet stream as the
-   body field.
-
-   Values of the fields contained in the rpc_gss_cred_t structure are
-   set as follows.  The version field is set to same version value that
-   was used to create the context, which within the scope of this memo
-   will always be RPCSEC_GSS_VERS_1.  The gss_proc field is set to
-   RPCSEC_GSS_DATA.  The service field is set to indicate the desired
-   service (one of rpc_gss_svc_none, rpc_gss_svc_integrity, or
-   rpc_gss_svc_privacy).  The handle field is set to the context handle
-   value received from the RPC server during context creation.  The
-   seq_num field can start at any value below MAXSEQ, and must be
-   incremented (by one or more) for successive requests.  Use of
-   sequence numbers is described in detail when server processing of the
-   request is discussed.
-
-   The verifier has the opaque_auth structure described earlier.  The
-   flavor field is set to RPCSEC_GSS.  The body field is set as follows.
-   The checksum of the RPC header (up to and including the credential)
-   is computed using the GSS_GetMIC() call with the desired QOP.  This
-   returns the checksum as an opaque octet stream and its length.  This
-   is encoded into the body field.  Note that the QOP is not explicitly
-   specified anywhere in the request.  It is implicit in the checksum or
-   encrypted data.  The same QOP value as is used for the header
-   checksum must also be used for the data (for checksumming or
-   encrypting), unless the service used for the request is
-   rpc_gss_svc_none.
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 10]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-5.3.2.  RPC Request Data
-
-5.3.2.1.  RPC Request Data - No Data Integrity
-
-   If the service specified is rpc_gss_svc_none, the data (procedure
-   arguments) are not integrity or privacy protected.  They are sent in
-   exactly the same way as they would be if the AUTH_NONE flavor were
-   used (following the verifier).  Note, however, that since the RPC
-   header is integrity protected, the sender will still be authenticated
-   in this case.
-
-5.3.2.2.  RPC Request Data - With Data Integrity
-
-   When data integrity is used, the request data is represented as
-   follows:
-
-      struct rpc_gss_integ_data {
-          opaque databody_integ<>;
-          opaque checksum<>;
-      };
-
-   The databody_integ field is created as follows.  A structure
-   consisting of a sequence number followed by the procedure arguments
-   is constructed. This is shown below as the type rpc_gss_data_t:
-
-      struct rpc_gss_data_t {
-          unsigned int seq_num;
-          proc_req_arg_t arg;
-      };
-
-   Here, seq_num must have the same value as in the credential.  The
-   type proc_req_arg_t is the procedure specific XDR type describing the
-   procedure arguments (and so is not specified here).  The octet stream
-   corresponding to the XDR encoded rpc_gss_data_t structure and its
-   length are placed in the databody_integ field. Note that because the
-   XDR type of databody_integ is opaque, the XDR encoding of
-   databody_integ will include an initial four octet length field,
-   followed by the XDR encoded octet stream of rpc_gss_data_t.
-
-   The checksum field represents the checksum of the XDR encoded octet
-   stream corresponding to the XDR encoded rpc_gss_data_t structure
-   (note, this is not the checksum of the databody_integ field).  This
-   is obtained using the GSS_GetMIC() call, with the same QOP as was
-   used to compute the header checksum (in the verifier). The
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 11]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   GSS_GetMIC() call returns the checksum as an opaque octet stream and
-   its length. The checksum field of struct rpc_gss_integ_data has an
-   XDR type of opaque. Thus the checksum length from GSS_GetMIC() is
-   encoded as a four octet  length field, followed by the checksum,
-   padded to a multiple of four octets.
-
-5.3.2.3.  RPC Request Data - With Data Privacy
-
-   When data privacy is used, the request data is represented as
-   follows:
-
-      struct rpc_gss_priv_data {
-          opaque databody_priv<>
-      };
-
-   The databody_priv field is created as follows.  The rpc_gss_data_t
-   structure described earlier is constructed again in the same way as
-   for the case of data integrity.  Next, the GSS_Wrap() call is invoked
-   to encrypt the octet stream corresponding to the rpc_gss_data_t
-   structure, using the same value for QOP (argument qop_req to
-   GSS_Wrap()) as was used for the header checksum (in the verifier) and
-   conf_req_flag (an argument to GSS_Wrap()) of TRUE.  The GSS_Wrap()
-   call returns an opaque octet stream (representing the encrypted
-   rpc_gss_data_t structure) and its length, and this is encoded as the
-   databody_priv field. Since databody_priv has an XDR type of opaque,
-   the length returned by GSS_Wrap() is encoded as the four octet
-   length, followed by the encrypted octet stream (padded to a multiple
-   of four octets).
-
-5.3.3.  Server Processing of RPC Data Requests
-
-5.3.3.1.  Context Management
-
-   When a request is received by the server, the following are verified
-   to be acceptable:
-
-   *    the version number in the credential
-
-   *    the service specified in the credential
-
-   *    the context handle specified in the credential
-
-   *    the header checksum in the verifier (via GSS_VerifyMIC())
-
-   *    the sequence number (seq_num) specified in the credential (more
-        on this follows)
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 12]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   The gss_proc field in the credential must be set to RPCSEC_GSS_DATA
-   for data requests (otherwise, the message will be interpreted as a
-   control message).
-
-   The server maintains a window of "seq_window" sequence numbers,
-   starting with the last sequence number seen and extending backwards.
-   If a sequence number higher than the last number seen is received
-   (AND if GSS_VerifyMIC() on the header checksum from the verifier
-   returns GSS_S_COMPLETE), the window is moved forward to the new
-   sequence number.  If the last sequence number seen is N, the server
-   is prepared to receive requests with sequence numbers in the range N
-   through (N - seq_window + 1), both inclusive.  If the sequence number
-   received falls below this range, it is silently discarded.  If the
-   sequence number is within this range, and the server has not seen it,
-   the request is accepted, and the server turns on a bit to "remember"
-   that this sequence number has been seen.  If the server determines
-   that it has already seen a sequence number within the window, the
-   request is silently discarded. The server should select a seq_window
-   value based on the number requests it expects to process
-   simultaneously. For example, in a threaded implementation seq_window
-   might be equal to the number of server threads. There are no known
-   security issues with selecting a large window. The primary issue is
-   how much space the server is willing to allocate to keep track of
-   requests received within the window.
-
-   The reason for discarding requests silently is that the server is
-   unable to determine if the duplicate or out of range request was due
-   to a sequencing problem in the client, network, or the operating
-   system, or due to some quirk in routing, or a replay attack by an
-   intruder.  Discarding the request allows the client to recover after
-   timing out, if indeed the duplication was unintentional or well
-   intended.  Note that a consequence of the silent discard is that
-   clients may increment the seq_num by more than one. The effect of
-   this is that the window will move forward more quickly. It is not
-   believed that there is any benefit to doing this.
-
-   Note that the sequence number algorithm requires that the client
-   increment the sequence number even if it is retrying a request with
-   the same RPC transaction identifier.  It is not infrequent for
-   clients to get into a situation where they send two or more attempts
-   and a slow server sends the reply for the first attempt. With
-   RPCSEC_GSS, each request and reply will have a unique sequence
-   number. If the client wishes to improve turn around time on the RPC
-   call, it can cache the RPCSEC_GSS sequence number of each request it
-   sends. Then when it receives a response with a matching RPC
-   transaction identifier, it can compute the checksum of each sequence
-   number in the cache to try to match the checksum in the reply's
-   verifier.
-
-
-
-Eisler, et. al.             Standards Track                    [Page 13]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   The data is decoded according to the service specified in the
-   credential.  In the case of integrity or privacy, the server ensures
-   that the QOP value is acceptable, and that it is the same as that
-   used for the header checksum in the verifier.  Also, in the case of
-   integrity or privacy, the server will reject the message (with a
-   reply status of MSG_ACCEPTED, and an acceptance status of
-   GARBAGE_ARGS) if the sequence number embedded in the request body is
-   different from the sequence number in the credential.
-
-5.3.3.2.  Server Reply - Request Accepted
-
-   An MSG_ACCEPTED reply to a request in the data exchange phase will
-   have the verifier's (the verf element in the response) flavor field
-   set to RPCSEC_GSS, and the body field set to the checksum (the output
-   of GSS_GetMIC()) of the sequence number (in network order) of the
-   corresponding request.  The QOP used is the same as the QOP used for
-   the corresponding request.
-
-   If the status of the reply is not SUCCESS, the rest of the message is
-   formatted as usual.
-
-   If the status of the message is SUCCESS, the format of the rest of
-   the message depends on the service specified in the corresponding
-   request message. Basically, what follows the verifier in this case
-   are the procedure results, formatted in different ways depending on
-   the requested service.
-
-   If no data integrity was requested, the procedure results are
-   formatted as for the AUTH_NONE security flavor.
-
-   If data integrity was requested, the results are encoded in exactly
-   the same way as the procedure arguments were in the corresponding
-   request.  See the section 'RPC Request Data - With Data Integrity.'
-   The only difference is that the structure representing the
-   procedure's result - proc_res_arg_t - must be substituted in place of
-   the request argument structure proc_req_arg_t.  The QOP used for the
-   checksum must be the same as that used for constructing the reply
-   verifier.
-
-   If data privacy was requested, the results are encoded in exactly the
-   same way as the procedure arguments were in the corresponding
-   request.  See the section 'RPC Request Data - With Data Privacy.' The
-   QOP used for  encryption must be the same as that used for
-   constructing the reply verifier.
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 14]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-5.3.3.3.  Server Reply - Request Denied
-
-   An MSG_DENIED reply (to a data request) is formulated as usual.  Two
-   new values (RPCSEC_GSS_CREDPROBLEM and RPCSEC_GSS_CTXPROBLEM) have
-   been defined for the auth_stat type.  When the reason for denial of
-   the request is a reject_stat of AUTH_ERROR, one of the two new
-   auth_stat values could be returned in addition to the existing
-   values.  These two new values have special significance from the
-   existing reasons for denial of a request.
-
-   The server maintains a list of contexts for the clients that are
-   currently in session with it.  Normally, a context is destroyed when
-   the client ends the session corresponding to it.  However, due to
-   resource constraints, the server may destroy a context prematurely
-   (on an LRU basis, or if the server machine is rebooted, for example).
-   In this case, when a client request comes in, there may not be a
-   context corresponding to its handle. The server rejects the request,
-   with the reason RPCSEC_GSS_CREDPROBLEM in this case.  Upon receiving
-   this error, the client must refresh the context - that is,
-   reestablish it after destroying the old one - and try the request
-   again.  This error is also returned if the context handle matches
-   that of a different context that was allocated after the client's
-   context was destroyed (this will be detected by a failure in
-   verifying the header checksum).
-
-   If the GSS_VerifyMIC() call on the header checksum (contained in the
-   verifier) fails to return GSS_S_COMPLETE, the server rejects the
-   request and returns an auth_stat of RPCSEC_GSS_CREDPROBLEM.
-
-   When the client's sequence number exceeds the maximum the server will
-   allow, the server will reject the request with the reason
-   RPCSEC_GSS_CTXPROBLEM.  Also, if security credentials become stale
-   while in use (due to ticket expiry in the case of the Kerberos V5
-   mechanism, for example), the failures which result cause the
-   RPCSEC_GSS_CTXPROBLEM reason to be returned.  In these cases also,
-   the client must refresh the context, and retry the request.
-
-   For other errors, retrying will not rectify the problem and the
-   client must not refresh the context until the problem causing the
-   client request to be denied is rectified.
-
-   If the version field in the credential does not match the version of
-   RPCSEC_GSS that was used when the context was created, the
-   AUTH_BADCRED value is returned.
-
-   If there is a problem with the credential, such a bad length, illegal
-   control procedure, or an illegal service, the appropriate auth_stat
-   status is AUTH_BADCRED.
-
-
-
-Eisler, et. al.             Standards Track                    [Page 15]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   Other errors can be returned as appropriate.
-
-5.3.3.4.  Mapping of GSS-API Errors to Server Responses
-
-   During the data exchange phase, the server may invoke GSS_GetMIC(),
-   GSS_VerifyMIC(), GSS_Unwrap(), and GSS_Wrap(). If any of these
-   routines fail to return GSS_S_COMPLETE, then various unsuccessful
-   responses can be returned. The are described as follows for each of
-   the aforementioned four interfaces.
-
-5.3.3.4.1.  GSS_GetMIC() Failure
-
-   When GSS_GetMIC() is called to generate the verifier in the response,
-   a failure results in an RPC response with a reply status of
-   MSG_DENIED, reject status of AUTH_ERROR and an auth status of
-   RPCSEC_GSS_CTXPROBLEM.
-
-   When GSS_GetMIC() is called to sign the call results (service is
-   rpc_gss_svc_integrity), a failure results in no RPC response being
-   sent. Since ONC RPC server applications will typically control when a
-   response is sent, the failure indication will be returned to the
-   server application and it can take appropriate action (such as
-   logging the error).
-
-5.3.3.4.2.  GSS_VerifyMIC() Failure
-
-   When GSS_VerifyMIC() is called to verify the verifier in request, a
-   failure results in an RPC response with a reply status of MSG_DENIED,
-   reject status of AUTH_ERROR and an auth status of
-   RPCSEC_GSS_CREDPROBLEM.
-
-   When GSS_VerifyMIC() is called to verify the call arguments (service
-   is rpc_gss_svc_integrity), a failure results in an RPC response with
-   a reply status of MSG_ACCEPTED, and an acceptance status of
-   GARBAGE_ARGS.
-
-5.3.3.4.3.  GSS_Unwrap() Failure
-
-   When GSS_Unwrap() is called to decrypt the call arguments (service is
-   rpc_gss_svc_privacy), a failure results in an RPC response with a
-   reply status of MSG_ACCEPTED, and an acceptance status of
-   GARBAGE_ARGS.
-
-5.3.3.4.4.  GSS_Wrap() Failure
-
-   When GSS_Wrap() is called to encrypt the call results (service is
-   rpc_gss_svc_privacy), a failure results in no RPC response being
-   sent. Since ONC RPC server applications will typically control when a
-
-
-
-Eisler, et. al.             Standards Track                    [Page 16]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   response is sent, the failure indication will be returned to the
-   application and it can take appropriate action (such as logging the
-   error).
-
-5.4.  Context Destruction
-
-   When the client is done using the session, it must send a control
-   message informing the server that it no longer requires the context.
-   This message is formulated just like a data request packet, with the
-   following differences:  the credential has gss_proc set to
-   RPCSEC_GSS_DESTROY, the procedure specified in the header is
-   NULLPROC, and there are no procedure arguments.  The sequence number
-   in the request must be valid, and the header checksum in the verifier
-   must be valid, for the server to accept the message.  The server
-   sends a response as it would to a data request.  The client and
-   server must then destroy the context for the session.
-
-   If the request to destroy the context fails for some reason, the
-   client need not take any special action.  The server must be prepared
-   to deal with situations where clients never inform the server that
-   they no longer are in session and so don't need the server to
-   maintain a context.  An LRU mechanism or an aging mechanism should be
-   employed by the server to clean up in such cases.
-
-6.  Set of GSS-API Mechanisms
-
-   RPCSEC_GSS is effectively a "pass-through" to the GSS-API layer, and
-   as such it is inappropriate for the RPCSEC_GSS specification to
-   enumerate a minimum set of required security mechanisms and/or
-   quality of protections.
-
-   If an application protocol specification references RPCSEC_GSS, the
-   protocol specification must list a mandatory set of { mechanism, QOP,
-   service } triples, such that an implementation cannot claim
-   conformance to the protocol specification unless it implements the
-   set of triples. Within each triple, mechanism is a GSS-API security
-   mechanism, QOP is a valid quality-of-protection within the mechanism,
-   and service is either rpc_gss_svc_integrity or rpc_gss_svc_privacy.
-
-   For example, a network filing protocol built on RPC that depends on
-   RPCSEC_GSS for security, might require that Kerberos V5 with the
-   default QOP using the rpc_gss_svc_integrity service be supported by
-   implementations conforming to the network filing protocol
-   specification.
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 17]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-7.  Security Considerations
-
-7.1.  Privacy of Call Header
-
-   The reader will note that for the privacy option, only the call
-   arguments and results are encrypted. Information about the
-   application in the form of RPC program number, program version
-   number, and program procedure number is transmitted in the clear.
-   Encrypting these fields in the RPC call header would have changed the
-   size and format of the call header. This would have required revising
-   the RPC protocol which was beyond the scope of this proposal. Storing
-   the encrypted numbers in the credential would have obviated a
-   protocol change, but would have introduced more overloading of fields
-   and would have made implementations of RPC more complex. Even if the
-   fields were encrypted somehow, in most cases an attacker can
-   determine the program number and version number by examining the
-   destination address of the request and querying the rpcbind service
-   on the destination host [Srinivasan-bind].  In any case, even by not
-   encrypting the three numbers, RPCSEC_GSS still improves the state of
-   security over what existing RPC services have had available
-   previously. Implementors of new RPC services that are concerned about
-   this risk may opt to design in a "sub-procedure" field that is
-   included in the service specific call arguments.
-
-7.2.  Sequence Number Attacks
-
-7.2.1.  Sequence Numbers Above the Window
-
-   An attacker cannot coax the server into raising the sequence number
-   beyond the range the legitimate client is aware of (and thus engineer
-   a denial of server attack) without constructing an RPC request that
-   will pass the header checksum. If the cost of verifying the header
-   checksum is sufficiently large (depending on the speed of the
-   processor doing the checksum and the cost of checksum algorithm), it
-   is possible to envision a denial of service attack (vandalism, in the
-   form of wasting processing resources) whereby the attacker sends
-   requests that are above the window. The simplest method might be for
-   the attacker to monitor the network traffic and then choose a
-   sequence number that is far above the current sequence number. Then
-   the attacker can send bogus requests using the above window sequence
-   number.
-
-7.2.2.  Sequence Numbers Within or Below the Window
-
-   If the attacker sends requests that are within or below the window,
-   then even if the header checksum is successfully verified, the server
-   will silently discard the requests because the server assumes it has
-   already processed the request. In this case, a server can optimize by
-
-
-
-Eisler, et. al.             Standards Track                    [Page 18]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   skipping the header checksum verification if the sequence number is
-   below the window, or if it is within the window, not attempt the
-   checksum verification if the sequence number has already been seen.
-
-7.3.  Message Stealing Attacks
-
-   This proposal does not address attacks where an attacker can block or
-   steal messages without being detected by the server. To implement
-   such protection would be tantamount to assuming a state in the RPC
-   service. RPCSEC_GSS does not worsen this situation.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 19]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-Appendix A. GSS-API Major Status Codes
-
-   The GSS-API definition [Linn] does not include numerical values for
-   the various GSS-API major status codes. It is expected that this will
-   be addressed in future RFC. Until then, this appendix defines the
-   values for each GSS-API major status code listed in the GSS-API
-   definition.  If in the future, the GSS-API definition defines values
-   for the codes that are different than what follows, then implementors
-   of RPCSEC_GSS will be obliged to map them into the values defined
-   below. If in the future, the GSS-API definition defines additional
-   status codes not defined below, then the RPCSEC_GSS definition will
-   subsume those additional values.
-
-   Here are the definitions of each GSS_S_* major status that the
-   implementor of RPCSEC_GSS can expect in the gss_major major field of
-   rpc_gss_init_res.  These definitions are not in RPC description
-   language form.  The numbers are in base 16 (hexadecimal):
-
-      GSS_S_COMPLETE                  0x00000000
-      GSS_S_CONTINUE_NEEDED           0x00000001
-      GSS_S_DUPLICATE_TOKEN           0x00000002
-      GSS_S_OLD_TOKEN                 0x00000004
-      GSS_S_UNSEQ_TOKEN               0x00000008
-      GSS_S_GAP_TOKEN                 0x00000010
-      GSS_S_BAD_MECH                  0x00010000
-      GSS_S_BAD_NAME                  0x00020000
-      GSS_S_BAD_NAMETYPE              0x00030000
-      GSS_S_BAD_BINDINGS              0x00040000
-      GSS_S_BAD_STATUS                0x00050000
-      GSS_S_BAD_MIC                   0x00060000
-      GSS_S_BAD_SIG                   0x00060000
-      GSS_S_NO_CRED                   0x00070000
-      GSS_S_NO_CONTEXT                0x00080000
-      GSS_S_DEFECTIVE_TOKEN           0x00090000
-      GSS_S_DEFECTIVE_CREDENTIAL      0x000a0000
-      GSS_S_CREDENTIALS_EXPIRED       0x000b0000
-      GSS_S_CONTEXT_EXPIRED           0x000c0000
-      GSS_S_FAILURE                   0x000d0000
-      GSS_S_BAD_QOP                   0x000e0000
-      GSS_S_UNAUTHORIZED              0x000f0000
-      GSS_S_UNAVAILABLE               0x00100000
-      GSS_S_DUPLICATE_ELEMENT         0x00110000
-      GSS_S_NAME_NOT_MN               0x00120000
-      GSS_S_CALL_INACCESSIBLE_READ    0x01000000
-      GSS_S_CALL_INACCESSIBLE_WRITE   0x02000000
-      GSS_S_CALL_BAD_STRUCTURE        0x03000000
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 20]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-   Note that the GSS-API major status is split into three fields as
-   follows:
-
-        Most Significant Bit                     Least Significant Bit
-        |------------------------------------------------------------|
-        | Calling Error | Routine Error  |    Supplementary Info     |
-        |------------------------------------------------------------|
-      Bit 31           24 23            16 15                        0
-
-   Up to one status in the Calling Error field can be logically ORed
-   with up to one status in the Routine Error field which in turn can be
-   logically ORed with zero or more statuses in the Supplementary Info
-   field. If the resulting major status has a non-zero Calling Error
-   and/or a non-zero Routine Error, then the applicable GSS-API
-   operation has failed.  For purposes of RPCSEC_GSS, this means that
-   the GSS_Accept_sec_context() call executed by the server has failed.
-
-   If the major status is equal GSS_S_COMPLETE, then this indicates the
-   absence of any Errors or Supplementary Info.
-
-   The meanings of most of the GSS_S_* status are defined in the GSS-API
-   definition, which the exceptions of:
-
-   GSS_S_BAD_MIC       This code has the same meaning as GSS_S_BAD_SIG.
-
-   GSS_S_CALL_INACCESSIBLE_READ
-                        A required input parameter could not be read.
-
-   GSS_S_CALL_INACCESSIBLE_WRITE
-                        A required input parameter could not be written.
-
-   GSS_S_CALL_BAD_STRUCTURE
-                       A parameter was malformed.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 21]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-Acknowledgements
-
-   Much of the protocol was based on the AUTH_GSSAPI security flavor
-   developed by Open Vision Technologies [Jaspan].  In particular, we
-   acknowledge Barry Jaspan, Marc Horowitz, John Linn, and Ellen
-   McDermott.
-
-   Raj Srinivasan designed RPCSEC_GSS [Eisler] with input from Mike
-   Eisler.  Raj, Roland Schemers, Lin Ling, and Alex Chiu contributed to
-   Sun Microsystems' implementation of RPCSEC_GSS.
-
-   Brent Callaghan, Marc Horowitz, Barry Jaspan, John Linn, Hilarie
-   Orman, Martin Rex, Ted Ts'o, and John Wroclawski analyzed the
-   specification and gave valuable feedback.
-
-   Steve Nahm and Kathy Slattery reviewed various drafts of this
-   specification.
-
-   Much of content of Appendix A was excerpted from John Wray's Work in
-   Progress on GSS-API Version 2 C-bindings.
-
-References
-
-   [Eisler]            Eisler, M., Schemers, R., and Srinivasan, R.
-                       (1996).  "Security Mechanism Independence in ONC
-                       RPC," Proceedings of the Sixth Annual USENIX
-                       Security Symposium, pp. 51-65.
-
-   [Jaspan]            Jaspan, B. (1995). "GSS-API Security for ONC
-                       RPC," `95 Proceedings of The Internet Society
-                       Symposium on Network and Distributed System
-                       Security, pp. 144- 151.
-
-   [Linn]              Linn, J., "Generic Security Service Application
-                       Program Interface, Version 2", RFC 2078, January
-                       1997.
-
-   [Srinivasan-bind]   Srinivasan, R., "Binding Protocols for
-                       ONC RPC Version 2", RFC 1833, August 1995.
-
-   [Srinivasan-rpc]    Srinivasan, R., "RPC: Remote Procedure Call
-                       Protocol Specification Version 2", RFC 1831,
-                       August 1995.
-
-   [Srinivasan-xdr]    Srinivasan, R., "XDR: External Data
-                       Representation Standard", RFC 1832, August 1995.
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 22]
-
-RFC 2203           RPCSEC_GSS Protocol Specification      September 1997
-
-
-Authors' Addresses
-
-   Michael Eisler
-   Sun Microsystems, Inc.
-   M/S UCOS03
-   2550 Garcia Avenue
-   Mountain View, CA 94043
-
-   Phone: +1 (719) 599-9026
-   EMail: mre@eng.sun.com
-
-
-   Alex Chiu
-   Sun Microsystems, Inc.
-   M/S UMPK17-203
-   2550 Garcia Avenue
-   Mountain View, CA 94043
-
-   Phone: +1 (415) 786-6465
-   EMail: hacker@eng.sun.com
-
-
-   Lin Ling
-   Sun Microsystems, Inc.
-   M/S UMPK17-201
-   2550 Garcia Avenue
-   Mountain View, CA 94043
-
-   Phone: +1 (415) 786-5084
-   EMail: lling@eng.sun.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eisler, et. al.             Standards Track                    [Page 23]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc2228.txt b/crypto/heimdal/doc/standardisation/rfc2228.txt
deleted file mode 100644
index 1fbfcbfa09fc..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc2228.txt
+++ /dev/null
@@ -1,1515 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                        M. Horowitz
-Request for Comments: 2228                              Cygnus Solutions
-Updates: 959                                                     S. Lunt
-Category: Standards Track                                       Bellcore
-                                                            October 1997
-
-                        FTP Security Extensions
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-Copyright Notice
-
-   Copyright (C) The Internet Society (1997).  All Rights Reserved.
-
-Abstract
-
-   This document defines extensions to the FTP specification STD 9, RFC
-   959, "FILE TRANSFER PROTOCOL (FTP)" (October 1985).  These extensions
-   provide strong authentication, integrity, and confidentiality on both
-   the control and data channels with the introduction of new optional
-   commands, replies, and file transfer encodings.
-
-   The following new optional commands are introduced in this
-   specification:
-
-      AUTH (Authentication/Security Mechanism),
-      ADAT (Authentication/Security Data),
-      PROT (Data Channel Protection Level),
-      PBSZ (Protection Buffer Size),
-      CCC (Clear Command Channel),
-      MIC (Integrity Protected Command),
-      CONF (Confidentiality Protected Command), and
-      ENC (Privacy Protected Command).
-
-   A new class of reply types (6yz) is also introduced for protected
-   replies.
-
-   None of the above commands are required to be implemented, but
-   interdependencies exist.  These dependencies are documented with the
-   commands.
-
-   Note that this specification is compatible with STD 9, RFC 959.
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 1]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-1.  Introduction
-
-   The File Transfer Protocol (FTP) currently defined in STD 9, RFC 959
-   and in place on the Internet uses usernames and passwords passed in
-   cleartext to authenticate clients to servers (via the USER and PASS
-   commands).  Except for services such as "anonymous" FTP archives,
-   this represents a security risk whereby passwords can be stolen
-   through monitoring of local and wide-area networks.  This either aids
-   potential attackers through password exposure and/or limits
-   accessibility of files by FTP servers who cannot or will not accept
-   the inherent security risks.
-
-   Aside from the problem of authenticating users in a secure manner,
-   there is also the problem of authenticating servers, protecting
-   sensitive data and/or verifying its integrity.  An attacker may be
-   able to access valuable or sensitive data merely by monitoring a
-   network, or through active means may be able to delete or modify the
-   data being transferred so as to corrupt its integrity.  An active
-   attacker may also initiate spurious file transfers to and from a site
-   of the attacker's choice, and may invoke other commands on the
-   server.  FTP does not currently have any provision for the encryption
-   or verification of the authenticity of commands, replies, or
-   transferred data.  Note that these security services have value even
-   to anonymous file access.
-
-   Current practice for sending files securely is generally either:
-
-      1.  via FTP of files pre-encrypted under keys which are manually
-          distributed,
-
-      2.  via electronic mail containing an encoding of a file encrypted
-          under keys which are manually distributed,
-
-      3.  via a PEM message, or
-
-      4.  via the rcp command enhanced to use Kerberos.
-
-   None of these means could be considered even a de facto standard, and
-   none are truly interactive.  A need exists to securely transfer files
-   using FTP in a secure manner which is supported within the FTP
-   protocol in a consistent manner and which takes advantage of existing
-   security infrastructure and technology.  Extensions are necessary to
-   the FTP specification if these security services are to be introduced
-   into the protocol in an interoperable way.
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 2]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   Although the FTP control connection follows the Telnet protocol, and
-   Telnet has defined an authentication and encryption option [TELNET-
-   SEC], [RFC-1123] explicitly forbids the use of Telnet option
-   negotiation over the control connection (other than Synch and IP).
-
-   Also, the Telnet authentication and encryption option does not
-   provide for integrity protection only (without confidentiality), and
-   does not address the protection of the data channel.
-
-2.  FTP Security Overview
-
-   At the highest level, the FTP security extensions seek to provide an
-   abstract mechanism for authenticating and/or authorizing connections,
-   and integrity and/or confidentiality protecting commands, replies,
-   and data transfers.
-
-   In the context of FTP security, authentication is the establishment
-   of a client's identity and/or a server's identity in a secure way,
-   usually using cryptographic techniques.  The basic FTP protocol does
-   not have a concept of authentication.
-
-   Authorization is the process of validating a user for login.  The
-   basic authorization process involves the USER, PASS, and ACCT
-   commands.  With the FTP security extensions, authentication
-   established using a security mechanism may also be used to make the
-   authorization decision.
-
-   Without the security extensions, authentication of the client, as
-   this term is usually understood, never happens.  FTP authorization is
-   accomplished with a password, passed on the network in the clear as
-   the argument to the PASS command.  The possessor of this password is
-   assumed to be authorized to transfer files as the user named in the
-   USER command, but the identity of the client is never securely
-   established.
-
-   An FTP security interaction begins with a client telling the server
-   what security mechanism it wants to use with the AUTH command.  The
-   server will either accept this mechanism, reject this mechanism, or,
-   in the case of a server which does not implement the security
-   extensions, reject the command completely.  The client may try
-   multiple security mechanisms until it requests one which the server
-   accepts.  This allows a rudimentary form of negotiation to take
-   place.  (If more complex negotiation is desired, this may be
-   implemented as a security mechanism.)  The server's reply will
-   indicate if the client must respond with additional data for the
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 3]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   security mechanism to interpret.  If none is needed, this will
-   usually mean that the mechanism is one where the password (specified
-   by the PASS command) is to be interpreted differently, such as with a
-   token or one-time password system.
-
-   If the server requires additional security information, then the
-   client and server will enter into a security data exchange.  The
-   client will send an ADAT command containing the first block of
-   security data.  The server's reply will indicate if the data exchange
-   is complete, if there was an error, or if more data is needed.  The
-   server's reply can optionally contain security data for the client to
-   interpret.  If more data is needed, the client will send another ADAT
-   command containing the next block of data, and await the server's
-   reply.  This exchange can continue as many times as necessary.  Once
-   this exchange completes, the client and server have established a
-   security association.  This security association may include
-   authentication (client, server, or mutual) and keying information for
-   integrity and/or confidentiality, depending on the mechanism in use.
-
-   The term "security data" here is carefully chosen.  The purpose of
-   the security data exchange is to establish a security association,
-   which might not actually include any authentication at all, between
-   the client and the server as described above.  For instance, a
-   Diffie-Hellman exchange establishes a secret key, but no
-   authentication takes place.  If an FTP server has an RSA key pair but
-   the client does not, then the client can authenticate the server, but
-   the server cannot authenticate the client.
-
-   Once a security association is established, authentication which is a
-   part of this association may be used instead of or in addition to the
-   standard username/password exchange for authorizing a user to connect
-   to the server.  A username specified by the USER command is always
-   required to specify the identity to be used on the server.
-
-   In order to prevent an attacker from inserting or deleting commands
-   on the control stream, if the security association supports
-   integrity, then the server and client must use integrity protection
-   on the control stream, unless it first transmits a CCC command to
-   turn off this requirement.  Integrity protection is performed with
-   the MIC and ENC commands, and the 63z reply codes.  The CCC command
-   and its reply must be transmitted with integrity protection.
-   Commands and replies may be transmitted without integrity (that is,
-   in the clear or with confidentiality only) only if no security
-   association is established, the negotiated security association does
-   not support integrity, or the CCC command has succeeded.
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 4]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   Once the client and server have negotiated with the PBSZ command an
-   acceptable buffer size for encapsulating protected data over the data
-   channel, the security mechanism may also be used to protect data
-   channel transfers.
-
-   Policy is not specified by this document.  In particular, client and
-   server implementations may choose to implement restrictions on what
-   operations can be performed depending on the security association
-   which exists.  For example, a server may require that a client
-   authorize via a security mechanism rather than using a password,
-   require that the client provide a one-time password from a token,
-   require at least integrity protection on the command channel, or
-   require that certain files only be transmitted encrypted.  An
-   anonymous ftp client might refuse to do file transfers without
-   integrity protection in order to insure the validity of files
-   downloaded.
-
-   No particular set of functionality is required, except as
-   dependencies described in the next section.  This means that none of
-   authentication, integrity, or confidentiality are required of an
-   implementation, although a mechanism which does none of these is not
-   of much use.  For example, it is acceptable for a mechanism to
-   implement only integrity protection, one-way authentication and/or
-   encryption, encryption without any authentication or integrity
-   protection, or any other subset of functionality if policy or
-   technical considerations make this desirable.  Of course, one peer
-   might require as a matter of policy stronger protection than the
-   other is able to provide, preventing perfect interoperability.
-
-3.  New FTP Commands
-
-   The following commands are optional, but dependent on each other.
-   They are extensions to the FTP Access Control Commands.
-
-   The reply codes documented here are generally described as
-   recommended, rather than required.  The intent is that reply codes
-   describing the full range of success and failure modes exist, but
-   that servers be allowed to limit information presented to the client.
-   For example, a server might implement a particular security
-   mechanism, but have a policy restriction against using it.  The
-   server should respond with a 534 reply code in this case, but may
-   respond with a 504 reply code if it does not wish to divulge that the
-   disallowed mechanism is supported.  If the server does choose to use
-   a different reply code than the recommended one, it should try to use
-   a reply code which only differs in the last digit.  In all cases, the
-   server must use a reply code which is documented as returnable from
-   the command received, and this reply code must begin with the same
-   digit as the recommended reply code for the situation.
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 5]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   AUTHENTICATION/SECURITY MECHANISM (AUTH)
-
-      The argument field is a Telnet string identifying a supported
-      mechanism.  This string is case-insensitive.  Values must be
-      registered with the IANA, except that values beginning with "X-"
-      are reserved for local use.
-
-      If the server does not recognize the AUTH command, it must respond
-      with reply code 500.  This is intended to encompass the large
-      deployed base of non-security-aware ftp servers, which will
-      respond with reply code 500 to any unrecognized command.  If the
-      server does recognize the AUTH command but does not implement the
-      security extensions, it should respond with reply code 502.
-
-      If the server does not understand the named security mechanism, it
-      should respond with reply code 504.
-
-      If the server is not willing to accept the named security
-      mechanism, it should respond with reply code 534.
-
-      If the server is not able to accept the named security mechanism,
-      such as if a required resource is unavailable, it should respond
-      with reply code 431.
-
-      If the server is willing to accept the named security mechanism,
-      but requires security data, it must respond with reply code 334.
-
-      If the server is willing to accept the named security mechanism,
-      and does not require any security data, it must respond with reply
-      code 234.
-
-      If the server is responding with a 334 reply code, it may include
-      security data as described in the next section.
-
-      Some servers will allow the AUTH command to be reissued in order
-      to establish new authentication.  The AUTH command, if accepted,
-      removes any state associated with prior FTP Security commands.
-      The server must also require that the user reauthorize (that is,
-      reissue some or all of the USER, PASS, and ACCT commands) in this
-      case (see section 4 for an explanation of "authorize" in this
-      context).
-
-
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 6]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   AUTHENTICATION/SECURITY DATA (ADAT)
-
-      The argument field is a Telnet string representing base 64 encoded
-      security data (see Section 9, "Base 64 Encoding").  If a reply
-      code indicating success is returned, the server may also use a
-      string of the form "ADAT=base64data" as the text part of the reply
-      if it wishes to convey security data back to the client.
-
-      The data in both cases is specific to the security mechanism
-      specified by the previous AUTH command.  The ADAT command, and the
-      associated replies, allow the client and server to conduct an
-      arbitrary security protocol.  The security data exchange must
-      include enough information for both peers to be aware of which
-      optional features are available.  For example, if the client does
-      not support data encryption, the server must be made aware of
-      this, so it will know not to send encrypted command channel
-      replies.  It is strongly recommended that the security mechanism
-      provide sequencing on the command channel, to insure that commands
-      are not deleted, reordered, or replayed.
-
-      The ADAT command must be preceded by a successful AUTH command,
-      and cannot be issued once a security data exchange completes
-      (successfully or unsuccessfully), unless it is preceded by an AUTH
-      command to reset the security state.
-
-      If the server has not yet received an AUTH command, or if a prior
-      security data exchange completed, but the security state has not
-      been reset with an AUTH command, it should respond with reply code
-      503.
-
-      If the server cannot base 64 decode the argument, it should
-      respond with reply code 501.
-
-      If the server rejects the security data (if a checksum fails, for
-      instance), it should respond with reply code 535.
-
-      If the server accepts the security data, and requires additional
-      data, it should respond with reply code 335.
-
-      If the server accepts the security data, but does not require any
-      additional data (i.e., the security data exchange has completed
-      successfully), it must respond with reply code 235.
-
-      If the server is responding with a 235 or 335 reply code, then it
-      may include security data in the text part of the reply as
-      specified above.
-
-
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 7]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-      If the ADAT command returns an error, the security data exchange
-      will fail, and the client must reset its internal security state.
-      If the client becomes unsynchronized with the server (for example,
-      the server sends a 234 reply code to an AUTH command, but the
-      client has more data to transmit), then the client must reset the
-      server's security state.
-
-   PROTECTION BUFFER SIZE (PBSZ)
-
-      The argument is a decimal integer representing the maximum size,
-      in bytes, of the encoded data blocks to be sent or received during
-      file transfer.  This number shall be no greater than can be
-      represented in a 32-bit unsigned integer.
-
-      This command allows the FTP client and server to negotiate a
-      maximum protected buffer size for the connection.  There is no
-      default size; the client must issue a PBSZ command before it can
-      issue the first PROT command.
-
-      The PBSZ command must be preceded by a successful security data
-      exchange.
-
-      If the server cannot parse the argument, or if it will not fit in
-      32 bits, it should respond with a 501 reply code.
-
-      If the server has not completed a security data exchange with the
-      client, it should respond with a 503 reply code.
-
-      Otherwise, the server must reply with a 200 reply code.  If the
-      size provided by the client is too large for the server, it must
-      use a string of the form "PBSZ=number" in the text part of the
-      reply to indicate a smaller buffer size.  The client and the
-      server must use the smaller of the two buffer sizes if both buffer
-      sizes are specified.
-
-   DATA CHANNEL PROTECTION LEVEL (PROT)
-
-      The argument is a single Telnet character code specifying the data
-      channel protection level.
-
-      This command indicates to the server what type of data channel
-      protection the client and server will be using.  The following
-      codes are assigned:
-
-         C - Clear
-         S - Safe
-         E - Confidential
-         P - Private
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 8]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-      The default protection level if no other level is specified is
-      Clear.  The Clear protection level indicates that the data channel
-      will carry the raw data of the file transfer, with no security
-      applied.  The Safe protection level indicates that the data will
-      be integrity protected.  The Confidential protection level
-      indicates that the data will be confidentiality protected.  The
-      Private protection level indicates that the data will be integrity
-      and confidentiality protected.
-
-      It is reasonable for a security mechanism not to provide all data
-      channel protection levels.  It is also reasonable for a mechanism
-      to provide more protection at a level than is required (for
-      instance, a mechanism might provide Confidential protection, but
-      include integrity-protection in that encoding, due to API or other
-      considerations).
-
-      The PROT command must be preceded by a successful protection
-      buffer size negotiation.
-
-      If the server does not understand the specified protection level,
-      it should respond with reply code 504.
-
-      If the current security mechanism does not support the specified
-      protection level, the server should respond with reply code 536.
-
-      If the server has not completed a protection buffer size
-      negotiation with the client, it should respond with a 503 reply
-      code.
-
-      The PROT command will be rejected and the server should reply 503
-      if no previous PBSZ command was issued.
-
-      If the server is not willing to accept the specified protection
-      level, it should respond with reply code 534.
-
-      If the server is not able to accept the specified protection
-      level, such as if a required resource is unavailable, it should
-      respond with reply code 431.
-
-      Otherwise, the server must reply with a 200 reply code to indicate
-      that the specified protection level is accepted.
-
-   CLEAR COMMAND CHANNEL (CCC)
-
-      This command does not take an argument.
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                     [Page 9]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-      It is desirable in some environments to use a security mechanism
-      to authenticate and/or authorize the client and server, but not to
-      perform any integrity checking on the subsequent commands.  This
-      might be used in an environment where IP security is in place,
-      insuring that the hosts are authenticated and that TCP streams
-      cannot be tampered, but where user authentication is desired.
-
-      If unprotected commands are allowed on any connection, then an
-      attacker could insert a command on the control stream, and the
-      server would have no way to know that it was invalid.  In order to
-      prevent such attacks, once a security data exchange completes
-      successfully, if the security mechanism supports integrity, then
-      integrity (via the MIC or ENC command, and 631 or 632 reply) must
-      be used, until the CCC command is issued to enable non-integrity
-      protected control channel messages.  The CCC command itself must
-      be integrity protected.
-
-      Once the CCC command completes successfully, if a command is not
-      protected, then the reply to that command must also not be
-      protected.  This is to support interoperability with clients which
-      do not support protection once the CCC command has been issued.
-
-      This command must be preceded by a successful security data
-      exchange.
-
-      If the command is not integrity-protected, the server must respond
-      with a 533 reply code.
-
-      If the server is not willing to turn off the integrity
-      requirement, it should respond with a 534 reply code.
-
-      Otherwise, the server must reply with a 200 reply code to indicate
-      that unprotected commands and replies may now be used on the
-      command channel.
-
-   INTEGRITY PROTECTED COMMAND (MIC) and
-   CONFIDENTIALITY PROTECTED COMMAND (CONF) and
-   PRIVACY PROTECTED COMMAND (ENC)
-
-      The argument field of MIC is a Telnet string consisting of a base
-      64 encoded "safe" message produced by a security mechanism
-      specific message integrity procedure.  The argument field of CONF
-      is a Telnet string consisting of a base 64 encoded "confidential"
-      message produced by a security mechanism specific confidentiality
-      procedure.  The argument field of ENC is a Telnet string
-      consisting of a base 64 encoded "private" message produced by a
-      security mechanism specific message integrity and confidentiality
-      procedure.
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 10]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-      The server will decode and/or verify the encoded message.
-
-      This command must be preceded by a successful security data
-      exchange.
-
-      A server may require that the first command after a successful
-      security data exchange be CCC, and not implement the protection
-      commands at all.  In this case, the server should respond with a
-      502 reply code.
-
-      If the server cannot base 64 decode the argument, it should
-      respond with a 501 reply code.
-
-      If the server has not completed a security data exchange with the
-      client, it should respond with a 503 reply code.
-
-      If the server has completed a security data exchange with the
-      client using a mechanism which supports integrity, and requires a
-      CCC command due to policy or implementation limitations, it should
-      respond with a 503 reply code.
-
-      If the server rejects the command because it is not supported by
-      the current security mechanism, the server should respond with
-      reply code 537.
-
-      If the server rejects the command (if a checksum fails, for
-      instance), it should respond with reply code 535.
-
-      If the server is not willing to accept the command (if privacy is
-      required by policy, for instance, or if a CONF command is received
-      before a CCC command), it should respond with reply code 533.
-
-      Otherwise, the command will be interpreted as an FTP command.  An
-      end-of-line code need not be included, but if one is included, it
-      must be a Telnet end-of-line code, not a local end-of-line code.
-
-      The server may require that, under some or all circumstances, all
-      commands be protected.  In this case, it should make a 533 reply
-      to commands other than MIC, CONF, and ENC.
-
-4.  Login Authorization
-
-   The security data exchange may, among other things, establish the
-   identity of the client in a secure way to the server.  This identity
-   may be used as one input to the login authorization process.
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 11]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   In response to the FTP login commands (AUTH, PASS, ACCT), the server
-   may choose to change the sequence of commands and replies specified
-   by RFC 959 as follows.  There are also some new replies available.
-
-   If the server is willing to allow the user named by the USER command
-   to log in based on the identity established by the security data
-   exchange, it should respond with reply code 232.
-
-   If the security mechanism requires a challenge/response password, it
-   should respond to the USER command with reply code 336.  The text
-   part of the reply should contain the challenge.  The client must
-   display the challenge to the user before prompting for the password
-   in this case.  This is particularly relevant to more sophisticated
-   clients or graphical user interfaces which provide dialog boxes or
-   other modal input.  These clients should be careful not to prompt for
-   the password before the username has been sent to the server, in case
-   the user needs the challenge in the 336 reply to construct a valid
-   password.
-
-5.  New FTP Replies
-
-   The new reply codes are divided into two classes.  The first class is
-   new replies made necessary by the new FTP Security commands.  The
-   second class is a new reply type to indicate protected replies.
-
-   5.1.  New individual reply codes
-
-      232 User logged in, authorized by security data exchange.
-      234 Security data exchange complete.
-      235 [ADAT=base64data]
-            ; This reply indicates that the security data exchange
-            ; completed successfully.  The square brackets are not
-            ; to be included in the reply, but indicate that
-            ; security data in the reply is optional.
-
-      334 [ADAT=base64data]
-            ; This reply indicates that the requested security mechanism
-            ; is ok, and includes security data to be used by the client
-            ; to construct the next command.  The square brackets are not
-            ; to be included in the reply, but indicate that
-            ; security data in the reply is optional.
-      335 [ADAT=base64data]
-            ; This reply indicates that the security data is
-            ; acceptable, and more is required to complete the
-            ; security data exchange.  The square brackets
-            ; are not to be included in the reply, but indicate
-            ; that security data in the reply is optional.
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 12]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-      336 Username okay, need password.  Challenge is "...."
-            ; The exact representation of the challenge should be chosen
-            ; by the mechanism to be sensible to the human user of the
-            ; system.
-
-      431 Need some unavailable resource to process security.
-
-      533 Command protection level denied for policy reasons.
-      534 Request denied for policy reasons.
-      535 Failed security check (hash, sequence, etc).
-      536 Requested PROT level not supported by mechanism.
-      537 Command protection level not supported by security mechanism.
-
-   5.2.  Protected replies.
-
-      One new reply type is introduced:
-
-         6yz   Protected reply
-
-            There are three reply codes of this type.  The first, reply
-            code 631 indicates an integrity protected reply.  The
-            second, reply code 632, indicates a confidentiality and
-            integrity protected reply.  the third, reply code 633,
-            indicates a confidentiality protected reply.
-
-            The text part of a 631 reply is a Telnet string consisting
-            of a base 64 encoded "safe" message produced by a security
-            mechanism specific message integrity procedure.  The text
-            part of a 632 reply is a Telnet string consisting of a base
-            64 encoded "private" message produced by a security
-            mechanism specific message confidentiality and integrity
-            procedure.  The text part of a 633 reply is a Telnet string
-            consisting of a base 64 encoded "confidential" message
-            produced by a security mechanism specific message
-            confidentiality procedure.
-
-            The client will decode and verify the encoded reply.  How
-            failures decoding or verifying replies are handled is
-            implementation-specific.  An end-of-line code need not be
-            included, but if one is included, it must be a Telnet end-
-            of-line code, not a local end-of-line code.
-
-            A protected reply may only be sent if a security data
-            exchange has succeeded.
-
-            The 63z reply may be a multiline reply.  In this case, the
-            plaintext reply must be broken up into a number of
-            fragments.  Each fragment must be protected, then base 64
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 13]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-            encoded in order into a separate line of the multiline
-            reply.  There need not be any correspondence between the
-            line breaks in the plaintext reply and the encoded reply.
-            Telnet end-of-line codes must appear in the plaintext of the
-            encoded reply, except for the final end-of-line code, which
-            is optional.
-
-            The multiline reply must be formatted more strictly than the
-            continuation specification in RFC 959.  In particular, each
-            line before the last must be formed by the reply code,
-            followed immediately by a hyphen, followed by a base 64
-            encoded fragment of the reply.
-
-            For example, if the plaintext reply is
-
-               123-First line
-               Second line
-                 234 A line beginning with numbers
-               123 The last line
-
-            then the resulting protected reply could be any of the
-            following (the first example has a line break only to fit
-            within the margins):
-
-  631 base64(protect("123-First line\r\nSecond line\r\n  234 A line
-  631-base64(protect("123-First line\r\n"))
-  631-base64(protect("Second line\r\n"))
-  631-base64(protect("  234 A line beginning with numbers\r\n"))
-  631 base64(protect("123 The last line"))
-
-  631-base64(protect("123-First line\r\nSecond line\r\n  234 A line b"))
-  631 base64(protect("eginning with numbers\r\n123 The last line\r\n"))
-
-6.  Data Channel Encapsulation
-
-   When data transfers are protected between the client and server (in
-   either direction), certain transformations and encapsulations must be
-   performed so that the recipient can properly decode the transmitted
-   file.
-
-   The sender must apply all protection services after transformations
-   associated with the representation type, file structure, and transfer
-   mode have been performed.  The data sent over the data channel is,
-   for the purposes of protection, to be treated as a byte stream.
-
-   When performing a data transfer in an authenticated manner, the
-   authentication checks are performed on individual blocks of the file,
-   rather than on the file as a whole. Consequently, it is possible for
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 14]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   insertion attacks to insert blocks into the data stream (i.e.,
-   replays) that authenticate correctly, but result in a corrupted file
-   being undetected by the receiver. To guard against such attacks, the
-   specific security mechanism employed should include mechanisms to
-   protect against such attacks.  Many GSS-API mechanisms usable with
-   the specification in Appendix I, and the Kerberos mechanism in
-   Appendix II do so.
-
-   The sender must take the input byte stream, and break it up into
-   blocks such that each block, when encoded using a security mechanism
-   specific procedure, will be no larger than the buffer size negotiated
-   by the client with the PBSZ command.  Each block must be encoded,
-   then transmitted with the length of the encoded block prepended as a
-   four byte unsigned integer, most significant byte first.
-
-   When the end of the file is reached, the sender must encode a block
-   of zero bytes, and send this final block to the recipient before
-   closing the data connection.
-
-   The recipient will read the four byte length, read a block of data
-   that many bytes long, then decode and verify this block with a
-   security mechanism specific procedure.  This must be repeated until a
-   block encoding a buffer of zero bytes is received.  This indicates
-   the end of the encoded byte stream.
-
-   Any transformations associated with the representation type, file
-   structure, and transfer mode are to be performed by the recipient on
-   the byte stream resulting from the above process.
-
-   When using block transfer mode, the sender's (cleartext) buffer size
-   is independent of the block size.
-
-   The server will reply 534 to a STOR, STOU, RETR, LIST, NLST, or APPE
-   command if the current protection level is not at the level dictated
-   by the server's security requirements for the particular file
-   transfer.
-
-   If any data protection services fail at any time during data transfer
-   at the server end (including an attempt to send a buffer size greater
-   than the negotiated maximum), the server will send a 535 reply to the
-   data transfer command (either STOR, STOU, RETR, LIST, NLST, or APPE).
-
-
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 15]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-7.  Potential policy considerations
-
-   While there are no restrictions on client and server policy, there
-   are a few recommendations which an implementation should implement.
-
-    - Once a security data exchange takes place, a server should require
-      all commands be protected (with integrity and/or confidentiality),
-      and it should protect all replies.  Replies should use the same
-      level of protection as the command which produced them.  This
-      includes replies which indicate failure of the MIC, CONF, and ENC
-      commands.  In particular, it is not meaningful to require that
-      AUTH and ADAT be protected; it is meaningful and useful to require
-      that PROT and PBSZ be protected.  In particular, the use of CCC is
-      not recommended, but is defined in the interest of
-      interoperability between implementations which might desire such
-      functionality.
-
-    - A client should encrypt the PASS command whenever possible.  It is
-      reasonable for the server to refuse to accept a non-encrypted PASS
-      command if the server knows encryption is available.
-
-    - Although no security commands are required to be implemented, it
-      is recommended that an implementation provide all commands which
-      can be implemented, given the mechanisms supported and the policy
-      considerations of the site (export controls, for instance).
-
-8.  Declarative specifications
-
-   These sections are modelled after sections 5.3 and 5.4 of RFC 959,
-   which describe the same information, except for the standard FTP
-   commands and replies.
-
-   8.1.  FTP Security commands and arguments
-
-      AUTH <SP> <mechanism-name> <CRLF>
-      ADAT <SP> <base64data> <CRLF>
-      PROT <SP> <prot-code> <CRLF>
-      PBSZ <SP> <decimal-integer> <CRLF>
-      MIC <SP> <base64data> <CRLF>
-      CONF <SP> <base64data> <CRLF>
-      ENC <SP> <base64data> <CRLF>
-
-      <mechanism-name> ::= <string>
-      <base64data> ::= <string>
-              ; must be formatted as described in section 9
-      <prot-code> ::= C | S | E | P
-      <decimal-integer> ::= any decimal integer from 1 to (2^32)-1
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 16]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   8.2.  Command-Reply sequences
-
-      Security Association Setup
-         AUTH
-            234
-            334
-            502, 504, 534, 431
-            500, 501, 421
-         ADAT
-            235
-            335
-            503, 501, 535
-            500, 501, 421
-      Data protection negotiation commands
-         PBSZ
-            200
-            503
-            500, 501, 421, 530
-         PROT
-            200
-            504, 536, 503, 534, 431
-            500, 501, 421, 530
-      Command channel protection commands
-         MIC
-            535, 533
-            500, 501, 421
-         CONF
-            535, 533
-            500, 501, 421
-         ENC
-            535, 533
-            500, 501, 421
-      Security-Enhanced login commands (only new replies listed)
-         USER
-            232
-            336
-      Data channel commands (only new replies listed)
-         STOR
-            534, 535
-         STOU
-            534, 535
-         RETR
-            534, 535
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 17]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-         LIST
-            534, 535
-         NLST
-            534, 535
-         APPE
-            534, 535
-
-      In addition to these reply codes, any security command can return
-      500, 501, 502, 533, or 421.  Any ftp command can return a reply
-      code encapsulated in a 631, 632, or 633 reply once a security data
-      exchange has completed successfully.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 18]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-9.  State Diagrams
-
-   This section includes a state diagram which demonstrates the flow of
-   authentication and authorization in a security enhanced FTP
-   implementation.  The rectangular blocks show states where the client
-   must issue a command, and the diamond blocks show states where the
-   server must issue a response.
-
-
-          ,------------------,  USER
-       __\| Unauthenticated  |_________\
-      |  /| (new connection) |         /|
-      |   `------------------'          |
-      |            |                    |
-      |            | AUTH               |
-      |            V                    |
-      |           / \                   |
-      | 4yz,5yz  /   \   234            |
-      |<--------<     >------------->.  |
-      |          \   /               |  |
-      |           \_/                |  |
-      |            |                 |  |
-      |            | 334             |  |
-      |            V                 |  |
-      |  ,--------------------,      |  |
-      |  | Need Security Data |<--.  |  |
-      |  `--------------------'   |  |  |
-      |            |              |  |  |
-      |            | ADAT         |  |  |
-      |            V              |  |  |
-      |           / \             |  |  |
-      | 4yz,5yz  /   \   335      |  |  |
-      `<--------<     >-----------'  |  |
-                 \   /               |  |
-                  \_/                |  |
-                   |                 |  |
-                   | 235             |  |
-                   V                 |  |
-           ,---------------.         |  |
-      ,--->| Authenticated |<--------'  |  After the client and server
-      |    `---------------'            |  have completed authenti-
-      |            |                    |  cation, command must be
-      |            | USER               |  integrity-protected if
-      |            |                    |  integrity is available.  The
-      |            |<-------------------'  CCC command may be issued to
-      |            V                       relax this restriction.
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 19]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-      |           / \
-      | 4yz,5yz  /   \   2yz
-      |<--------<     >------------->.
-      |          \   /               |
-      |           \_/                |
-      |            |                 |
-      |            | 3yz             |
-      |            V                 |
-      |    ,---------------.         |
-      |    | Need Password |         |
-      |    `---------------'         |
-      |            |                 |
-      |            | PASS            |
-      |            V                 |
-      |           / \                |
-      | 4yz,5yz  /   \   2yz         |
-      |<--------<     >------------->|
-      |          \   /               |
-      |           \_/                |
-      |            |                 |
-      |            | 3yz             |
-      |            V                 |
-      |    ,--------------.          |
-      |    | Need Account |          |
-      |    `--------------'          |
-      |            |                 |
-      |            | ACCT            |
-      |            V                 |
-      |           / \                |
-      | 4yz,5yz  /   \   2yz         |
-      `<--------<     >------------->|
-                 \   /               |
-                  \_/                |
-                   |                 |
-                   | 3yz             |
-                   V                 |
-             ,-------------.         |
-             | Authorized  |/________|
-             | (Logged in) |\
-             `-------------'
-
-
-
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 20]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-10.  Base 64 Encoding
-
-   Base 64 encoding is the same as the Printable Encoding described in
-   Section 4.3.2.4 of [RFC-1421], except that line breaks must not be
-   included. This encoding is defined as follows.
-
-   Proceeding from left to right, the bit string resulting from the
-   mechanism specific protection routine is encoded into characters
-   which are universally representable at all sites, though not
-   necessarily with the same bit patterns (e.g., although the character
-   "E" is represented in an ASCII-based system as hexadecimal 45 and as
-   hexadecimal C5 in an EBCDIC-based system, the local significance of
-   the two representations is equivalent).
-
-   A 64-character subset of International Alphabet IA5 is used, enabling
-   6 bits to be represented per printable character.  (The proposed
-   subset of characters is represented identically in IA5 and ASCII.)
-   The character "=" signifies a special processing function used for
-   padding within the printable encoding procedure.
-
-   The encoding process represents 24-bit groups of input bits as output
-   strings of 4 encoded characters.  Proceeding from left to right
-   across a 24-bit input group output from the security mechanism
-   specific message protection procedure, each 6-bit group is used as an
-   index into an array of 64 printable characters, namely "[A-Z][a-
-   z][0-9]+/".  The character referenced by the index is placed in the
-   output string.  These characters are selected so as to be universally
-   representable, and the set excludes characters with particular
-   significance to Telnet (e.g., "<CR>", "<LF>", IAC).
-
-   Special processing is performed if fewer than 24 bits are available
-   in an input group at the end of a message.  A full encoding quantum
-   is always completed at the end of a message.  When fewer than 24
-   input bits are available in an input group, zero bits are added (on
-   the right) to form an integral number of 6-bit groups.  Output
-   character positions which are not required to represent actual input
-   data are set to the character "=".  Since all canonically encoded
-   output is an integral number of octets, only the following cases can
-   arise: (1) the final quantum of encoding input is an integral
-   multiple of 24 bits; here, the final unit of encoded output will be
-   an integral multiple of 4 characters with no "=" padding, (2) the
-   final quantum of encoding input is exactly 8 bits; here, the final
-   unit of encoded output will be two characters followed by two "="
-   padding characters, or (3) the final quantum of encoding input is
-   exactly 16 bits; here, the final unit of encoded output will be three
-   characters followed by one "=" padding character.
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 21]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   Implementors must keep in mind that the base 64 encodings in ADAT,
-   MIC, CONF, and ENC commands, and in 63z replies may be arbitrarily
-   long.  Thus, the entire line must be read before it can be processed.
-   Several successive reads on the control channel may be necessary.  It
-   is not appropriate to for a server to reject a command containing a
-   base 64 encoding simply because it is too long (assuming that the
-   decoding is otherwise well formed in the context in which it was
-   sent).
-
-   Case must not be ignored when reading commands and replies containing
-   base 64 encodings.
-
-11.  Security Considerations
-
-   This entire document deals with security considerations related to
-   the File Transfer Protocol.
-
-   Third party file transfers cannot be secured using these extensions,
-   since a security context cannot be established between two servers
-   using these facilities (no control connection exists between servers
-   over which to pass ADAT tokens).  Further work in this area is
-   deferred.
-
-12.  Acknowledgements
-
-   I would like to thank the members of the CAT WG, as well as all
-   participants in discussions on the "cat-ietf@mit.edu" mailing list,
-   for their contributions to this document.  I would especially like to
-   thank Sam Sjogren, John Linn, Ted Ts'o, Jordan Brown, Michael Kogut,
-   Derrick Brashear, John Gardiner Myers, Denis Pinkas, and Karri Balk
-   for their contributions to this work.  Of course, without Steve Lunt,
-   the author of the first six revisions of this document, it would not
-   exist at all.
-
-13.  References
-
-   [TELNET-SEC] Borman, D., "Telnet Authentication and Encryption
-      Option", Work in Progress.
-
-   [RFC-1123] Braden, R., "Requirements for Internet Hosts --
-      Application and Support", STD 3, RFC 1123, October 1989.
-
-   [RFC-1421] Linn, J., "Privacy Enhancement for Internet Electronic
-      Mail: Part I: Message Encryption and Authentication Procedures",
-      RFC 1421, February 1993.
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 22]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-14.  Author's Address
-
-   Marc Horowitz
-   Cygnus Solutions
-   955 Massachusetts Avenue
-   Cambridge, MA 02139
-
-   Phone: +1 617 354 7688
-   EMail: marc@cygnus.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 23]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-Appendix I: Specification under the GSSAPI
-
-   In order to maximise the utility of new security mechanisms, it is
-   desirable that new mechanisms be implemented as GSSAPI mechanisms
-   rather than as FTP security mechanisms.  This will enable existing
-   ftp implementations to support the new mechanisms more easily, since
-   little or no code will need to be changed.  In addition, the
-   mechanism will be usable by other protocols, such as IMAP, which are
-   built on top of the GSSAPI, with no additional specification or
-   implementation work needed by the mechanism designers.
-
-   The security mechanism name (for the AUTH command) associated with
-   all mechanisms employing the GSSAPI is GSSAPI.  If the server
-   supports a security mechanism employing the GSSAPI, it must respond
-   with a 334 reply code indicating that an ADAT command is expected
-   next.
-
-   The client must begin the authentication exchange by calling
-   GSS_Init_Sec_Context, passing in 0 for input_context_handle
-   (initially), and a targ_name equal to output_name from
-   GSS_Import_Name called with input_name_type of Host-Based Service and
-   input_name_string of "ftp@hostname" where "hostname" is the fully
-   qualified host name of the server with all letters in lower case.
-   (Failing this, the client may try again using input_name_string of
-   "host@hostname".) The output_token must then be base 64 encoded and
-   sent to the server as the argument to an ADAT command.  If
-   GSS_Init_Sec_Context returns GSS_S_CONTINUE_NEEDED, then the client
-   must expect a token to be returned in the reply to the ADAT command.
-   This token must subsequently be passed to another call to
-   GSS_Init_Sec_Context.  In this case, if GSS_Init_Sec_Context returns
-   no output_token, then the reply code from the server for the previous
-   ADAT command must have been 235.  If GSS_Init_Sec_Context returns
-   GSS_S_COMPLETE, then no further tokens are expected from the server,
-   and the client must consider the server authenticated.
-
-   The server must base 64 decode the argument to the ADAT command and
-   pass the resultant token to GSS_Accept_Sec_Context as input_token,
-   setting acceptor_cred_handle to NULL (for "use default credentials"),
-   and 0 for input_context_handle (initially).  If an output_token is
-   returned, it must be base 64 encoded and returned to the client by
-   including "ADAT=base64string" in the text of the reply.  If
-   GSS_Accept_Sec_Context returns GSS_S_COMPLETE, the reply code must be
-   235, and the server must consider the client authenticated.  If
-   GSS_Accept_Sec_Context returns GSS_S_CONTINUE_NEEDED, the reply code
-   must be 335.  Otherwise, the reply code should be 535, and the text
-   of the reply should contain a descriptive error message.
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 24]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   The chan_bindings input to GSS_Init_Sec_Context and
-   GSS_Accept_Sec_Context should use the client internet address and
-   server internet address as the initiator and acceptor addresses,
-   respectively.  The address type for both should be GSS_C_AF_INET. No
-   application data should be specified.
-
-   Since GSSAPI supports anonymous peers to security contexts, it is
-   possible that the client's authentication of the server does not
-   actually establish an identity.
-
-   The procedure associated with MIC commands, 631 replies, and Safe
-   file transfers is:
-
-      GSS_Wrap for the sender, with conf_flag == FALSE
-
-      GSS_Unwrap for the receiver
-
-   The procedure associated with ENC commands, 632 replies, and Private
-   file transfers is:
-
-      GSS_Wrap for the sender, with conf_flag == TRUE
-      GSS_Unwrap for the receiver
-
-   CONF commands and 633 replies are not supported.
-
-   Both the client and server should inspect the value of conf_avail to
-   determine whether the peer supports confidentiality services.
-
-   When the security state is reset (when AUTH is received a second
-   time, or when REIN is received), this should be done by calling the
-   GSS_Delete_sec_context function.
-
-Appendix II:  Specification under Kerberos version 4
-
-   The security mechanism name (for the AUTH command) associated with
-   Kerberos Version 4 is KERBEROS_V4.  If the server supports
-   KERBEROS_V4, it must respond with a 334 reply code indicating that an
-   ADAT command is expected next.
-
-   The client must retrieve a ticket for the Kerberos principal
-   "ftp.hostname@realm" by calling krb_mk_req(3) with a principal name
-   of "ftp", an instance equal to the first part of the canonical host
-   name of the server with all letters in lower case (as returned by
-   krb_get_phost(3)), the server's realm name (as returned by
-   krb_realmofhost(3)), and an arbitrary checksum.  The ticket must then
-   be base 64 encoded and sent as the argument to an ADAT command.
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 25]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-   If the "ftp" principal name is not a registered principal in the
-   Kerberos database, then the client may fall back on the "rcmd"
-   principal name (same instance and realm).  However, servers must
-   accept only one or the other of these principal names, and must not
-   be willing to accept either.  Generally, if the server has a key for
-   the "ftp" principal in its srvtab, then that principal only must be
-   used, otherwise the "rcmd" principal only must be used.
-
-   The server must base 64 decode the argument to the ADAT command and
-   pass the result to krb_rd_req(3).  The server must add one to the
-   checksum from the authenticator, convert the result to network byte
-   order (most significant byte first), and sign it using
-   krb_mk_safe(3), and base 64 encode the result.  Upon success, the
-   server must reply to the client with a 235 code and include
-   "ADAT=base64string" in the text of the reply.  Upon failure, the
-   server should reply 535.
-
-   Upon receipt of the 235 reply from the server, the client must parse
-   the text of the reply for the base 64 encoded data, decode it,
-   convert it from network byte order, and pass the result to
-   krb_rd_safe(3).  The client must consider the server authenticated if
-   the resultant checksum is equal to one plus the value previously
-   sent.
-
-   The procedure associated with MIC commands, 631 replies, and Safe
-   file transfers is:
-
-      krb_mk_safe(3) for the sender
-      krb_rd_safe(3) for the receiver
-
-   The procedure associated with ENC commands, 632 replies, and Private
-   file transfers is:
-
-      krb_mk_priv(3) for the sender
-      krb_rd_priv(3) for the receiver
-
-   CONF commands and 633 replies are not supported.
-
-   Note that this specification for KERBEROS_V4 contains no provision
-   for negotiating alternate means for integrity and confidentiality
-   routines.  Note also that the ADAT exchange does not convey whether
-   the peer supports confidentiality services.
-
-   In order to stay within the allowed PBSZ, implementors must take note
-   that a cleartext buffer will grow by 31 bytes when processed by
-   krb_mk_safe(3) and will grow by 26 bytes when processed by
-   krb_mk_priv(3).
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 26]
-
-RFC 2228                FTP Security Extensions             October 1997
-
-
-Full Copyright Statement
-
-   Copyright (C) The Internet Society (1997).  All Rights Reserved.
-
-   This document and translations of it may be copied and furnished to
-   others, and derivative works that comment on or otherwise explain it
-   or assist in its implmentation may be prepared, copied, published
-   andand distributed, in whole or in part, without restriction of any
-   kind, provided that the above copyright notice and this paragraph are
-   included on all such copies and derivative works.  However, this
-   document itself may not be modified in any way, such as by removing
-   the copyright notice or references to the Internet Society or other
-   Internet organizations, except as needed for the purpose of
-   developing Internet standards in which case the procedures for
-   copyrights defined in the Internet Standards process must be
-   followed, or as required to translate it into languages other than
-   English.
-
-   The limited permissions granted above are perpetual and will not be
-   revoked by the Internet Society or its successors or assigns.
-
-   This document and the information contained herein is provided on an
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Horowitz & Lunt             Standards Track                    [Page 27]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc2743.txt b/crypto/heimdal/doc/standardisation/rfc2743.txt
deleted file mode 100644
index e5da571abb4a..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc2743.txt
+++ /dev/null
@@ -1,5659 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                            J. Linn
-Request for Comments: 2743                              RSA Laboratories
-Obsoletes: 2078                                             January 2000
-Category: Standards Track
-
-
-         Generic Security Service Application Program Interface
-                          Version 2, Update 1
-
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-Copyright Notice
-
-   Copyright (C) The Internet Society (2000).  All Rights Reserved.
-
-Abstract
-
-   The Generic Security Service Application Program Interface (GSS-API),
-   Version 2, as defined in [RFC-2078], provides security services to
-   callers in a generic fashion, supportable with a range of underlying
-   mechanisms and technologies and hence allowing source-level
-   portability of applications to different environments. This
-   specification defines GSS-API services and primitives at a level
-   independent of underlying mechanism and programming language
-   environment, and is to be complemented by other, related
-   specifications:
-
-      documents defining specific parameter bindings for particular
-      language environments
-
-      documents defining token formats, protocols, and procedures to be
-      implemented in order to realize GSS-API services atop particular
-      security mechanisms
-
-   This memo obsoletes [RFC-2078], making specific, incremental changes
-   in response to implementation experience and liaison requests. It is
-   intended, therefore, that this memo or a successor version thereto
-   will become the basis for subsequent progression of the GSS-API
-   specification on the standards track.
-
-
-
-
-
-Linn                        Standards Track                     [Page 1]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-TABLE OF CONTENTS
-
-   1: GSS-API Characteristics and Concepts . . . . . . . . . . . .  4
-   1.1: GSS-API Constructs . . . . . . . . . . . . . . . . . . . .  6
-   1.1.1:  Credentials . . . . . . . . . . . . . . . . . . . . . .  6
-   1.1.1.1: Credential Constructs and Concepts . . . . . . . . . .  6
-   1.1.1.2: Credential Management  . . . . . . . . . . . . . . . .  7
-   1.1.1.3: Default Credential Resolution  . . . . . . . . . . . .  8
-   1.1.2: Tokens . . . . . . . . . . . . . . . . . . . . . . . . .  9
-   1.1.3:  Security Contexts . . . . . . . . . . . . . . . . . . . 11
-   1.1.4:  Mechanism Types . . . . . . . . . . . . . . . . . . . . 12
-   1.1.5:  Naming  . . . . . . . . . . . . . . . . . . . . . . . . 13
-   1.1.6:  Channel Bindings  . . . . . . . . . . . . . . . . . . . 16
-   1.2:  GSS-API Features and Issues . . . . . . . . . . . . . . . 17
-   1.2.1:  Status Reporting  and Optional Service Support  . . . . 17
-   1.2.1.1: Status Reporting . . . . . . . . . . . . . . . . . . . 17
-   1.2.1.2: Optional Service Support . . . . . . . . . . . . . . . 19
-   1.2.2: Per-Message Security Service Availability  . . . . . . . 20
-   1.2.3: Per-Message Replay Detection and Sequencing  . . . . . . 21
-   1.2.4:  Quality of Protection . . . . . . . . . . . . . . . . . 24
-   1.2.5: Anonymity Support  . . . . . . . . . . . . . . . . . . . 25
-   1.2.6: Initialization . . . . . . . . . . . . . . . . . . . . . 25
-   1.2.7: Per-Message Protection During Context Establishment  . . 26
-   1.2.8: Implementation Robustness  . . . . . . . . . . . . . . . 27
-   1.2.9: Delegation . . . . . . . . . . . . . . . . . . . . . . . 28
-   1.2.10: Interprocess Context Transfer . . . . . . . . . . . . . 28
-   2:  Interface Descriptions  . . . . . . . . . . . . . . . . . . 29
-   2.1:  Credential management calls . . . . . . . . . . . . . . . 31
-   2.1.1:  GSS_Acquire_cred call . . . . . . . . . . . . . . . . . 31
-   2.1.2:  GSS_Release_cred call . . . . . . . . . . . . . . . . . 34
-   2.1.3:  GSS_Inquire_cred call . . . . . . . . . . . . . . . . . 35
-   2.1.4:  GSS_Add_cred call . . . . . . . . . . . . . . . . . . . 37
-   2.1.5:  GSS_Inquire_cred_by_mech call . . . . . . . . . . . . . 40
-   2.2:  Context-level calls . . . . . . . . . . . . . . . . . . . 41
-   2.2.1:  GSS_Init_sec_context call . . . . . . . . . . . . . . . 42
-   2.2.2:  GSS_Accept_sec_context call . . . . . . . . . . . . . . 49
-   2.2.3:  GSS_Delete_sec_context call . . . . . . . . . . . . . . 53
-   2.2.4:  GSS_Process_context_token call  . . . . . . . . . . . . 54
-   2.2.5:  GSS_Context_time call . . . . . . . . . . . . . . . . . 55
-   2.2.6:  GSS_Inquire_context call  . . . . . . . . . . . . . . . 56
-   2.2.7:  GSS_Wrap_size_limit call  . . . . . . . . . . . . . . . 57
-   2.2.8:  GSS_Export_sec_context call . . . . . . . . . . . . . . 59
-   2.2.9:  GSS_Import_sec_context call . . . . . . . . . . . . . . 61
-   2.3:  Per-message calls . . . . . . . . . . . . . . . . . . . . 62
-   2.3.1:  GSS_GetMIC call . . . . . . . . . . . . . . . . . . . . 63
-   2.3.2:  GSS_VerifyMIC call  . . . . . . . . . . . . . . . . . . 64
-   2.3.3:  GSS_Wrap call . . . . . . . . . . . . . . . . . . . . . 65
-   2.3.4:  GSS_Unwrap call . . . . . . . . . . . . . . . . . . . . 66
-
-
-
-Linn                        Standards Track                     [Page 2]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   2.4:  Support calls . . . . . . . . . . . . . . . . . . . . . . 68
-   2.4.1:  GSS_Display_status call . . . . . . . . . . . . . . . . 68
-   2.4.2:  GSS_Indicate_mechs call . . . . . . . . . . . . . . . . 69
-   2.4.3:  GSS_Compare_name call . . . . . . . . . . . . . . . . . 70
-   2.4.4:  GSS_Display_name call . . . . . . . . . . . . . . . . . 71
-   2.4.5:  GSS_Import_name call  . . . . . . . . . . . . . . . . . 72
-   2.4.6:  GSS_Release_name call . . . . . . . . . . . . . . . . . 73
-   2.4.7:  GSS_Release_buffer call . . . . . . . . . . . . . . . . 74
-   2.4.8:  GSS_Release_OID_set call  . . . . . . . . . . . . . . . 74
-   2.4.9:  GSS_Create_empty_OID_set call . . . . . . . . . . . . . 75
-   2.4.10: GSS_Add_OID_set_member call . . . . . . . . . . . . . . 76
-   2.4.11: GSS_Test_OID_set_member call  . . . . . . . . . . . . . 76
-   2.4.12: GSS_Inquire_names_for_mech call . . . . . . . . . . . . 77
-   2.4.13: GSS_Inquire_mechs_for_name call . . . . . . . . . . . . 77
-   2.4.14: GSS_Canonicalize_name call  . . . . . . . . . . . . . . 78
-   2.4.15: GSS_Export_name call  . . . . . . . . . . . . . . . . . 79
-   2.4.16: GSS_Duplicate_name call . . . . . . . . . . . . . . . . 80
-   3: Data Structure Definitions for GSS-V2 Usage  . . . . . . . . 81
-   3.1: Mechanism-Independent Token Format . . . . . . . . . . . . 81
-   3.2: Mechanism-Independent Exported Name Object Format  . . . . 84
-   4: Name Type Definitions  . . . . . . . . . . . . . . . . . . . 85
-   4.1: Host-Based Service Name Form . . . . . . . . . . . . . . . 85
-   4.2: User Name Form . . . . . . . . . . . . . . . . . . . . . . 86
-   4.3: Machine UID Form . . . . . . . . . . . . . . . . . . . . . 87
-   4.4: String UID Form  . . . . . . . . . . . . . . . . . . . . . 87
-   4.5: Anonymous Nametype . . . . . . . . . . . . . . . . . . . . 87
-   4.6: GSS_C_NO_OID . . . . . . . . . . . . . . . . . . . . . . . 88
-   4.7: Exported Name Object . . . . . . . . . . . . . . . . . . . 88
-   4.8: GSS_C_NO_NAME  . . . . . . . . . . . . . . . . . . . . . . 88
-   5:  Mechanism-Specific Example Scenarios  . . . . . . . . . . . 88
-   5.1: Kerberos V5, single-TGT  . . . . . . . . . . . . . . . . . 89
-   5.2: Kerberos V5, double-TGT  . . . . . . . . . . . . . . . . . 89
-   5.3:  X.509 Authentication Framework  . . . . . . . . . . . . . 90
-   6:  Security Considerations . . . . . . . . . . . . . . . . . . 91
-   7:  Related Activities  . . . . . . . . . . . . . . . . . . . . 92
-   8:  Referenced Documents  . . . . . . . . . . . . . . . . . . . 93
-   Appendix A: Mechanism Design Constraints  . . . . . . . . . . . 94
-   Appendix B: Compatibility with GSS-V1 . . . . . . . . . . . . . 94
-   Appendix C: Changes Relative to RFC-2078  . . . . . . . . . . . 96
-   Author's Address  . . . . . . . . . . . . . . . . . . . . . . .100
-   Full Copyright Statement  . . . . . . . . . . . . . . . . . . .101
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                     [Page 3]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-1: GSS-API Characteristics and Concepts
-
-   GSS-API operates in the following paradigm.  A typical GSS-API caller
-   is itself a communications protocol, calling on GSS-API in order to
-   protect its communications with authentication, integrity, and/or
-   confidentiality security services.  A GSS-API caller accepts tokens
-   provided to it by its local GSS-API implementation and transfers the
-   tokens to a peer on a remote system; that peer passes the received
-   tokens to its local GSS-API implementation for processing. The
-   security services available through GSS-API in this fashion are
-   implementable (and have been implemented) over a range of underlying
-   mechanisms based on secret-key and public-key cryptographic
-   technologies.
-
-   The GSS-API separates the operations of initializing a security
-   context between peers, achieving peer entity authentication
-   (GSS_Init_sec_context() and GSS_Accept_sec_context() calls), from the
-   operations of providing per-message data origin authentication and
-   data integrity protection (GSS_GetMIC() and GSS_VerifyMIC() calls)
-   for messages subsequently transferred in conjunction with that
-   context.  (The definition for the peer entity authentication service,
-   and other definitions used in this document, corresponds to that
-   provided in [ISO-7498-2].) When establishing a security context, the
-   GSS-API enables a context initiator to optionally permit its
-   credentials to be delegated, meaning that the context acceptor may
-   initiate further security contexts on behalf of the initiating
-   caller. Per-message GSS_Wrap() and GSS_Unwrap() calls provide the
-   data origin authentication and data integrity services which
-   GSS_GetMIC() and GSS_VerifyMIC() offer, and also support selection of
-   confidentiality services as a caller option. Additional calls provide
-   supportive functions to the GSS-API's users.
-
-   The following paragraphs provide an example illustrating the
-   dataflows involved in use of the GSS-API by a client and server in a
-   mechanism-independent fashion, establishing a security context and
-   transferring a protected message. The example assumes that credential
-   acquisition has already been completed.  The example also assumes
-   that the underlying authentication technology is capable of
-   authenticating a client to a server using elements carried within a
-   single token, and of authenticating the server to the client (mutual
-   authentication) with a single returned token; this assumption holds
-   for some presently-documented CAT mechanisms but is not necessarily
-   true for other cryptographic technologies and associated protocols.
-
-   The client calls GSS_Init_sec_context() to establish a security
-   context to the server identified by targ_name, and elects to set the
-   mutual_req_flag so that mutual authentication is performed in the
-   course of context establishment. GSS_Init_sec_context() returns an
-
-
-
-Linn                        Standards Track                     [Page 4]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   output_token to be passed to the server, and indicates
-   GSS_S_CONTINUE_NEEDED status pending completion of the mutual
-   authentication sequence. Had mutual_req_flag not been set, the
-   initial call to GSS_Init_sec_context() would have returned
-   GSS_S_COMPLETE status. The client sends the output_token to the
-   server.
-
-   The server passes the received token as the input_token parameter to
-   GSS_Accept_sec_context().  GSS_Accept_sec_context indicates
-   GSS_S_COMPLETE status, provides the client's authenticated identity
-   in the src_name result, and provides an output_token to be passed to
-   the client. The server sends the output_token to the client.
-
-   The client passes the received token as the input_token parameter to
-   a successor call to GSS_Init_sec_context(), which processes data
-   included in the token in order to achieve mutual authentication from
-   the client's viewpoint. This call to GSS_Init_sec_context() returns
-   GSS_S_COMPLETE status, indicating successful mutual authentication
-   and the completion of context establishment for this example.
-
-   The client generates a data message and passes it to GSS_Wrap().
-   GSS_Wrap() performs data origin authentication, data integrity, and
-   (optionally) confidentiality processing on the message and
-   encapsulates the result into output_message, indicating
-   GSS_S_COMPLETE status. The client sends the output_message to the
-   server.
-
-   The server passes the received message to GSS_Unwrap().  GSS_Unwrap()
-   inverts the encapsulation performed by GSS_Wrap(), deciphers the
-   message if the optional confidentiality feature was applied, and
-   validates the data origin authentication and data integrity checking
-   quantities. GSS_Unwrap() indicates successful validation by returning
-   GSS_S_COMPLETE status along with the resultant output_message.
-
-   For purposes of this example, we assume that the server knows by
-   out-of-band means that this context will have no further use after
-   one protected message is transferred from client to server. Given
-   this premise, the server now calls GSS_Delete_sec_context() to flush
-   context-level information.  Optionally, the server-side application
-   may provide a token buffer to GSS_Delete_sec_context(), to receive a
-   context_token to be transferred to the client in order to request
-   that client-side context-level information be deleted.
-
-   If a context_token is transferred, the client passes the
-   context_token to GSS_Process_context_token(), which returns
-   GSS_S_COMPLETE status after deleting context-level information at the
-   client system.
-
-
-
-
-Linn                        Standards Track                     [Page 5]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   The GSS-API design assumes and addresses several basic goals,
-   including:
-
-      Mechanism independence: The GSS-API defines an interface to
-      cryptographically implemented strong authentication and other
-      security services at a generic level which is independent of
-      particular underlying mechanisms. For example, GSS-API-provided
-      services have been implemented using secret-key technologies
-      (e.g., Kerberos, per [RFC-1964]) and with public-key approaches
-      (e.g., SPKM, per [RFC-2025]).
-
-      Protocol environment independence: The GSS-API is independent of
-      the communications protocol suites with which it is employed,
-      permitting use in a broad range of protocol environments. In
-      appropriate environments, an intermediate implementation "veneer"
-      which is oriented to a particular communication protocol may be
-      interposed between applications which call that protocol and the
-      GSS-API (e.g., as defined in [RFC-2203] for Open Network Computing
-      Remote Procedure Call (RPC)), thereby invoking GSS-API facilities
-      in conjunction with that protocol's communications invocations.
-
-      Protocol association independence: The GSS-API's security context
-      construct is independent of communications protocol association
-      constructs. This characteristic allows a single GSS-API
-      implementation to be utilized by a variety of invoking protocol
-      modules on behalf of those modules' calling applications. GSS-API
-      services can also be invoked directly by applications, wholly
-      independent of protocol associations.
-
-      Suitability to a range of implementation placements: GSS-API
-      clients are not constrained to reside within any Trusted Computing
-      Base (TCB) perimeter defined on a system where the GSS-API is
-      implemented; security services are specified in a manner suitable
-      to both intra-TCB and extra-TCB callers.
-
-1.1: GSS-API Constructs
-
-   This section describes the basic elements comprising the GSS-API.
-
-1.1.1:  Credentials
-
-1.1.1.1: Credential Constructs and Concepts
-
-   Credentials provide the prerequisites which permit GSS-API peers to
-   establish security contexts with each other. A caller may designate
-   that the credential elements which are to be applied for context
-   initiation or acceptance be selected by default.  Alternately, those
-   GSS-API callers which need to make explicit selection of particular
-
-
-
-Linn                        Standards Track                     [Page 6]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   credentials structures may make references to those credentials
-   through GSS-API-provided credential handles ("cred_handles").  In all
-   cases, callers' credential references are indirect, mediated by GSS-
-   API implementations and not requiring callers to access the selected
-   credential elements.
-
-   A single credential structure may be used to initiate outbound
-   contexts and to accept inbound contexts. Callers needing to operate
-   in only one of these modes may designate this fact when credentials
-   are acquired for use, allowing underlying mechanisms to optimize
-   their processing and storage requirements. The credential elements
-   defined by a particular mechanism may contain multiple cryptographic
-   keys, e.g., to enable authentication and message encryption to be
-   performed with different algorithms.
-
-   A GSS-API credential structure may contain multiple credential
-   elements, each containing mechanism-specific information for a
-   particular underlying mechanism (mech_type), but the set of elements
-   within a given credential structure represent a common entity.  A
-   credential structure's contents will vary depending on the set of
-   mech_types supported by a particular GSS-API implementation. Each
-   credential element identifies the data needed by its mechanism in
-   order to establish contexts on behalf of a particular principal, and
-   may contain separate credential references for use in context
-   initiation and context acceptance.  Multiple credential elements
-   within a given credential having overlapping combinations of
-   mechanism, usage mode, and validity period are not permitted.
-
-   Commonly, a single mech_type will be used for all security contexts
-   established by a particular initiator to a particular target. A major
-   motivation for supporting credential sets representing multiple
-   mech_types is to allow initiators on systems which are equipped to
-   handle multiple types to initiate contexts to targets on other
-   systems which can accommodate only a subset of the set supported at
-   the initiator's system.
-
-1.1.1.2: Credential Management
-
-   It is the responsibility of underlying system-specific mechanisms and
-   OS functions below the GSS-API to ensure that the ability to acquire
-   and use credentials associated with a given identity is constrained
-   to appropriate processes within a system. This responsibility should
-   be taken seriously by implementors, as the ability for an entity to
-   utilize a principal's credentials is equivalent to the entity's
-   ability to successfully assert that principal's identity.
-
-
-
-
-
-
-Linn                        Standards Track                     [Page 7]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Once a set of GSS-API credentials is established, the transferability
-   of that credentials set to other processes or analogous constructs
-   within a system is a local matter, not defined by the GSS-API. An
-   example local policy would be one in which any credentials received
-   as a result of login to a given user account, or of delegation of
-   rights to that account, are accessible by, or transferable to,
-   processes running under that account.
-
-   The credential establishment process (particularly when performed on
-   behalf of users rather than server processes) is likely to require
-   access to passwords or other quantities which should be protected
-   locally and exposed for the shortest time possible. As a result, it
-   will often be appropriate for preliminary credential establishment to
-   be performed through local means at user login time, with the
-   result(s) cached for subsequent reference. These preliminary
-   credentials would be set aside (in a system-specific fashion) for
-   subsequent use, either:
-
-      to be accessed by an invocation of the GSS-API GSS_Acquire_cred()
-      call, returning an explicit handle to reference that credential
-
-      to comprise default credential elements to be installed, and to be
-      used when default credential behavior is requested on behalf of a
-      process
-
-1.1.1.3: Default Credential Resolution
-
-   The GSS_Init_sec_context() and GSS_Accept_sec_context() routines
-   allow the value GSS_C_NO_CREDENTIAL to be specified as their
-   credential handle parameter.  This special credential handle
-   indicates a desire by the application to act as a default principal.
-   In support of application portability, support for the default
-   resolution behavior described below for initiator credentials
-   (GSS_Init_sec_context() usage) is mandated; support for the default
-   resolution behavior described below for acceptor credentials
-   (GSS_Accept_sec_context() usage) is recommended. If default
-   credential resolution fails, GSS_S_NO_CRED status is to be returned.
-
-      GSS_Init_sec_context:
-
-         (i) If there is only a single principal capable of initiating
-         security contexts that the application is authorized to act on
-         behalf of, then that principal shall be used, otherwise
-
-
-
-
-
-
-
-
-Linn                        Standards Track                     [Page 8]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-         (ii) If the platform maintains a concept of a default network-
-         identity, and if the application is authorized to act on behalf
-         of that identity for the purpose of initiating security
-         contexts, then the principal corresponding to that identity
-         shall be used, otherwise
-
-         (iii) If the platform maintains a concept of a default local
-         identity, and provides a means to map local identities into
-         network-identities, and if the application is authorized to act
-         on behalf of the network-identity image of the default local
-         identity for the purpose of initiating security contexts, then
-         the principal corresponding to that identity shall be used,
-         otherwise
-
-         (iv) A user-configurable default identity should be used.
-
-      GSS_Accept_sec_context:
-
-         (i) If there is only a single authorized principal identity
-         capable of accepting security contexts, then that principal
-         shall be used, otherwise
-
-         (ii) If the mechanism can determine the identity of the target
-         principal by examining the context-establishment token, and if
-         the accepting application is authorized to act as that
-         principal for the purpose of accepting security contexts, then
-         that principal identity shall be used, otherwise
-
-         (iii) If the mechanism supports context acceptance by any
-         principal, and mutual authentication was not requested, any
-         principal that the application is authorized to accept security
-         contexts under may be used, otherwise
-
-         (iv) A user-configurable default identity shall be used.
-
-   The purpose of the above rules is to allow security contexts to be
-   established by both initiator and acceptor using the default behavior
-   wherever possible.  Applications requesting default behavior are
-   likely to be more portable across mechanisms and platforms than those
-   that use GSS_Acquire_cred() to request a specific identity.
-
-1.1.2: Tokens
-
-   Tokens are data elements transferred between GSS-API callers, and are
-   divided into two classes. Context-level tokens are exchanged in order
-   to establish and manage a security context between peers. Per-message
-   tokens relate to an established context and are exchanged to provide
-
-
-
-
-Linn                        Standards Track                     [Page 9]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   protective security services (i.e., data origin authentication,
-   integrity, and optional confidentiality) for corresponding data
-   messages.
-
-   The first context-level token obtained from GSS_Init_sec_context() is
-   required to indicate at its very beginning a globally-interpretable
-   mechanism identifier, i.e., an Object Identifier (OID) of the
-   security mechanism. The remaining part of this token as well as the
-   whole content of all other tokens are specific to the particular
-   underlying mechanism used to support the GSS-API. Section 3.1 of this
-   document provides, for designers of GSS-API mechanisms, the
-   description of the header of the first context-level token which is
-   then followed by mechanism-specific information.
-
-   Tokens' contents are opaque from the viewpoint of GSS-API callers.
-   They are generated within the GSS-API implementation at an end
-   system, provided to a GSS-API caller to be transferred to the peer
-   GSS-API caller at a remote end system, and processed by the GSS-API
-   implementation at that remote end system.
-
-   Context-level tokens may be output by GSS-API calls (and should be
-   transferred to GSS-API peers) whether or not the calls' status
-   indicators indicate successful completion.  Per-message tokens, in
-   contrast, are to be returned only upon successful completion of per-
-   message calls. Zero-length tokens are never returned by GSS routines
-   for transfer to a peer. Token transfer may take place in an in-band
-   manner, integrated into the same protocol stream used by the GSS-API
-   callers for other data transfers, or in an out-of-band manner across
-   a logically separate channel.
-
-   Different GSS-API tokens are used for different purposes (e.g.,
-   context initiation, context acceptance, protected message data on an
-   established context), and it is the responsibility of a GSS-API
-   caller receiving tokens to distinguish their types, associate them
-   with corresponding security contexts, and pass them to appropriate
-   GSS-API processing routines.  Depending on the caller protocol
-   environment, this distinction may be accomplished in several ways.
-
-   The following examples illustrate means through which tokens' types
-   may be distinguished:
-
-      - implicit tagging based on state information (e.g., all tokens on
-      a new association are considered to be context establishment
-      tokens until context establishment is completed, at which point
-      all tokens are considered to be wrapped data objects for that
-      context),
-
-
-
-
-
-Linn                        Standards Track                    [Page 10]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      - explicit tagging at the caller protocol level,
-
-      - a hybrid of these approaches.
-
-   Commonly, the encapsulated data within a token includes internal
-   mechanism-specific tagging information, enabling mechanism-level
-   processing modules to distinguish tokens used within the mechanism
-   for different purposes.  Such internal mechanism-level tagging is
-   recommended to mechanism designers, and enables mechanisms to
-   determine whether a caller has passed a particular token for
-   processing by an inappropriate GSS-API routine.
-
-   Development of GSS-API mechanisms based on a particular underlying
-   cryptographic technique and protocol (i.e., conformant to a specific
-   GSS-API mechanism definition) does not necessarily imply that GSS-API
-   callers using that GSS-API mechanism will be able to interoperate
-   with peers invoking the same technique and protocol outside the GSS-
-   API paradigm, or with peers implementing a different GSS-API
-   mechanism based on the same underlying technology.  The format of
-   GSS-API tokens defined in conjunction with a particular mechanism,
-   and the techniques used to integrate those tokens into callers'
-   protocols, may not be interoperable with the tokens used by non-GSS-
-   API callers of the same underlying technique.
-
-1.1.3:  Security Contexts
-
-   Security contexts are established between peers, using credentials
-   established locally in conjunction with each peer or received by
-   peers via delegation. Multiple contexts may exist simultaneously
-   between a pair of peers, using the same or different sets of
-   credentials. Coexistence of multiple contexts using different
-   credentials allows graceful rollover when credentials expire.
-   Distinction among multiple contexts based on the same credentials
-   serves applications by distinguishing different message streams in a
-   security sense.
-
-   The GSS-API is independent of underlying protocols and addressing
-   structure, and depends on its callers to transport GSS-API-provided
-   data elements. As a result of these factors, it is a caller
-   responsibility to parse communicated messages, separating GSS-API-
-   related data elements from caller-provided data.  The GSS-API is
-   independent of connection vs. connectionless orientation of the
-   underlying communications service.
-
-   No correlation between security context and communications protocol
-   association is dictated. (The optional channel binding facility,
-   discussed in Section 1.1.6 of this document, represents an
-   intentional exception to this rule, supporting additional protection
-
-
-
-Linn                        Standards Track                    [Page 11]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   features within GSS-API supporting mechanisms.) This separation
-   allows the GSS-API to be used in a wide range of communications
-   environments, and also simplifies the calling sequences of the
-   individual calls. In many cases (depending on underlying security
-   protocol, associated mechanism, and availability of cached
-   information), the state information required for context setup can be
-   sent concurrently with initial signed user data, without interposing
-   additional message exchanges.  Messages may be protected and
-   transferred in both directions on an established GSS-API security
-   context concurrently; protection of messages in one direction does
-   not interfere with protection of messages in the reverse direction.
-
-   GSS-API implementations are expected to retain inquirable context
-   data on a context until the context is released by a caller, even
-   after the context has expired, although underlying cryptographic data
-   elements may be deleted after expiration in order to limit their
-   exposure.
-
-1.1.4:  Mechanism Types
-
-   In order to successfully establish a security context with a target
-   peer, it is necessary to identify an appropriate underlying mechanism
-   type (mech_type) which both initiator and target peers support. The
-   definition of a mechanism embodies not only the use of a particular
-   cryptographic technology (or a hybrid or choice among alternative
-   cryptographic technologies), but also definition of the syntax and
-   semantics of data element exchanges which that mechanism will employ
-   in order to support security services.
-
-   It is recommended that callers initiating contexts specify the
-   "default" mech_type value, allowing system-specific functions within
-   or invoked by the GSS-API implementation to select the appropriate
-   mech_type, but callers may direct that a particular mech_type be
-   employed when necessary.
-
-   For GSS-API purposes, the phrase "negotiating mechanism" refers to a
-   mechanism which itself performs negotiation in order to select a
-   concrete mechanism which is shared between peers and is then used for
-   context establishment.  Only those mechanisms which are defined in
-   their specifications as negotiating mechanisms are to yield selected
-   mechanisms with different identifier values than the value which is
-   input by a GSS-API caller, except for the case of a caller requesting
-   the "default" mech_type.
-
-   The means for identifying a shared mech_type to establish a security
-   context with a peer will vary in different environments and
-   circumstances; examples include (but are not limited to):
-
-
-
-
-Linn                        Standards Track                    [Page 12]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      use of a fixed mech_type, defined by configuration, within an
-      environment
-
-      syntactic convention on a target-specific basis, through
-      examination of a target's name lookup of a target's name in a
-      naming service or other database in order to identify mech_types
-      supported by that target
-
-      explicit negotiation between GSS-API callers in advance of
-      security context setup
-
-      use of a negotiating mechanism
-
-   When transferred between GSS-API peers, mech_type specifiers (per
-   Section 3 of this document, represented as Object Identifiers (OIDs))
-   serve to qualify the interpretation of associated tokens. (The
-   structure and encoding of Object Identifiers is defined in [ISOIEC-
-   8824] and [ISOIEC-8825].) Use of hierarchically structured OIDs
-   serves to preclude ambiguous interpretation of mech_type specifiers.
-   The OID representing the DASS ([RFC-1507]) MechType, for example, is
-   1.3.12.2.1011.7.5, and that of the Kerberos V5 mechanism ([RFC-
-   1964]), having been advanced to the level of Proposed Standard, is
-   1.2.840.113554.1.2.2.
-
-1.1.5:  Naming
-
-   The GSS-API avoids prescribing naming structures, treating the names
-   which are transferred across the interface in order to initiate and
-   accept security contexts as opaque objects.  This approach supports
-   the GSS-API's goal of implementability atop a range of underlying
-   security mechanisms, recognizing the fact that different mechanisms
-   process and authenticate names which are presented in different
-   forms. Generalized services offering translation functions among
-   arbitrary sets of naming environments are outside the scope of the
-   GSS-API; availability and use of local conversion functions to
-   translate among the naming formats supported within a given end
-   system is anticipated.
-
-   Different classes of name representations are used in conjunction
-   with different GSS-API parameters:
-
-      - Internal form (denoted in this document by INTERNAL NAME),
-      opaque to callers and defined by individual GSS-API
-      implementations.  GSS-API implementations supporting multiple
-      namespace types must maintain internal tags to disambiguate the
-      interpretation of particular names.  A Mechanism Name (MN) is a
-      special case of INTERNAL NAME, guaranteed to contain elements
-
-
-
-
-Linn                        Standards Track                    [Page 13]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      corresponding to one and only one mechanism; calls which are
-      guaranteed to emit MNs or which require MNs as input are so
-      identified within this specification.
-
-      - Contiguous string ("flat") form (denoted in this document by
-      OCTET STRING); accompanied by OID tags identifying the namespace
-      to which they correspond.  Depending on tag value, flat names may
-      or may not be printable strings for direct acceptance from and
-      presentation to users. Tagging of flat names allows GSS-API
-      callers and underlying GSS-API mechanisms to disambiguate name
-      types and to determine whether an associated name's type is one
-      which they are capable of processing, avoiding aliasing problems
-      which could result from misinterpreting a name of one type as a
-      name of another type.
-
-      - The GSS-API Exported Name Object, a special case of flat name
-      designated by a reserved OID value, carries a canonicalized form
-      of a name suitable for binary comparisons.
-
-   In addition to providing means for names to be tagged with types,
-   this specification defines primitives to support a level of naming
-   environment independence for certain calling applications. To provide
-   basic services oriented towards the requirements of callers which
-   need not themselves interpret the internal syntax and semantics of
-   names, GSS-API calls for name comparison (GSS_Compare_name()),
-   human-readable display (GSS_Display_name()), input conversion
-   (GSS_Import_name()), internal name deallocation (GSS_Release_name()),
-   and internal name duplication (GSS_Duplicate_name()) functions are
-   defined. (It is anticipated that these proposed GSS-API calls will be
-   implemented in many end systems based on system-specific name
-   manipulation primitives already extant within those end systems;
-   inclusion within the GSS-API is intended to offer GSS-API callers a
-   portable means to perform specific operations, supportive of
-   authorization and audit requirements, on authenticated names.)
-
-   GSS_Import_name() implementations can, where appropriate, support
-   more than one printable syntax corresponding to a given namespace
-   (e.g., alternative printable representations for X.500 Distinguished
-   Names), allowing flexibility for their callers to select among
-   alternative representations. GSS_Display_name() implementations
-   output a printable syntax selected as appropriate to their
-   operational environments; this selection is a local matter. Callers
-   desiring portability across alternative printable syntaxes should
-   refrain from implementing comparisons based on printable name forms
-   and should instead use the GSS_Compare_name()  call to determine
-   whether or not one internal-format name matches another.
-
-
-
-
-
-Linn                        Standards Track                    [Page 14]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   When used in large access control lists, the overhead of invoking
-   GSS_Import_name() and GSS_Compare_name() on each name from the ACL
-   may be prohibitive.  As an alternative way of supporting this case,
-   GSS-API defines a special form of the contiguous string name which
-   may be compared directly (e.g., with memcmp()).  Contiguous names
-   suitable for comparison are generated by the GSS_Export_name()
-   routine, which requires an MN as input.  Exported names may be re-
-   imported by the GSS_Import_name() routine, and the resulting internal
-   name will also be an MN.  The symbolic constant GSS_C_NT_EXPORT_NAME
-   identifies the "export name" type. Structurally, an exported name
-   object consists of a header containing an OID identifying the
-   mechanism that authenticated the name, and a trailer containing the
-   name itself, where the syntax of the trailer is defined by the
-   individual mechanism specification.  The precise format of an
-   exported name is defined in Section 3.2 of this specification.
-
-   Note that the results obtained by using GSS_Compare_name() will in
-   general be different from those obtained by invoking
-   GSS_Canonicalize_name() and GSS_Export_name(), and then comparing the
-   exported names.  The first series of operations determines whether
-   two (unauthenticated) names identify the same principal; the second
-   whether a particular mechanism would authenticate them as the same
-   principal.  These two operations will in general give the same
-   results only for MNs.
-
-   The following diagram illustrates the intended dataflow among name-
-   related GSS-API processing routines.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 15]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-                        GSS-API library defaults
-                               |
-                               |
-                               V                         text, for
-   text -------------->  internal_name (IN) -----------> display only
-         import_name()          /          display_name()
-                               /
-                              /
-                             /
-    accept_sec_context()    /
-          |                /
-          |               /
-          |              /  canonicalize_name()
-          |             /
-          |            /
-          |           /
-          |          /
-          |         /
-          |        |
-          V        V     <---------------------
-    single mechanism        import_name()         exported name: flat
-    internal_name (MN)                            binary "blob" usable
-                         ---------------------->  for access control
-                            export_name()
-
-1.1.6:  Channel Bindings
-
-   The GSS-API accommodates the concept of caller-provided channel
-   binding ("chan_binding") information.  Channel bindings are used to
-   strengthen the quality with which peer entity authentication is
-   provided during context establishment, by limiting the scope within
-   which an intercepted context establishment token can be reused by an
-   attacker. Specifically, they enable GSS-API callers to bind the
-   establishment of a security context to relevant characteristics
-   (e.g., addresses, transformed representations of encryption keys) of
-   the underlying communications channel, of protection mechanisms
-   applied to that communications channel, and to application-specific
-   data.
-
-   The caller initiating a security context must determine the
-   appropriate channel binding values to provide as input to the
-   GSS_Init_sec_context() call, and consistent values must be provided
-   to GSS_Accept_sec_context() by the context's target, in order for
-   both peers' GSS-API mechanisms to validate that received tokens
-   possess correct channel-related characteristics. Use or non-use of
-   the GSS-API channel binding facility is a caller option.  GSS-API
-   mechanisms can operate in an environment where NULL channel bindings
-   are presented; mechanism implementors are encouraged, but not
-
-
-
-Linn                        Standards Track                    [Page 16]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   required, to make use of caller-provided channel binding data within
-   their mechanisms. Callers should not assume that underlying
-   mechanisms provide confidentiality protection for channel binding
-   information.
-
-   When non-NULL channel bindings are provided by callers, certain
-   mechanisms can offer enhanced security value by interpreting the
-   bindings' content (rather than simply representing those bindings, or
-   integrity check values computed on them, within tokens) and will
-   therefore depend on presentation of specific data in a defined
-   format. To this end, agreements among mechanism implementors are
-   defining conventional interpretations for the contents of channel
-   binding arguments, including address specifiers (with content
-   dependent on communications protocol environment) for context
-   initiators and acceptors. (These conventions are being incorporated
-   in GSS-API mechanism specifications and into the GSS-API C language
-   bindings specification.) In order for GSS-API callers to be portable
-   across multiple mechanisms and achieve the full security
-   functionality which each mechanism can provide, it is strongly
-   recommended that GSS-API callers provide channel bindings consistent
-   with these conventions and those of the networking environment in
-   which they operate.
-
-1.2:  GSS-API Features and Issues
-
-   This section describes aspects of GSS-API operations, of the security
-   services which the GSS-API provides, and provides commentary on
-   design issues.
-
-1.2.1:  Status Reporting and Optional Service Support
-
-1.2.1.1: Status Reporting
-
-   Each GSS-API call provides two status return values. Major_status
-   values provide a mechanism-independent indication of call status
-   (e.g., GSS_S_COMPLETE, GSS_S_FAILURE, GSS_S_CONTINUE_NEEDED),
-   sufficient to drive normal control flow within the caller in a
-   generic fashion. Table 1 summarizes the defined major_status return
-   codes in tabular fashion.
-
-   Sequencing-related informatory major_status codes
-   (GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN, GSS_S_UNSEQ_TOKEN, and
-   GSS_S_GAP_TOKEN) can be indicated in conjunction with either
-   GSS_S_COMPLETE or GSS_S_FAILURE status for GSS-API per-message calls.
-   For context establishment calls, these sequencing-related codes will
-   be indicated only in conjunction with GSS_S_FAILURE status (never in
-
-
-
-
-
-Linn                        Standards Track                    [Page 17]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   conjunction with GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED), and,
-   therefore, always correspond to fatal failures if encountered during
-   the context establishment phase.
-
-   Table 1: GSS-API Major Status Codes
-
-   FATAL ERROR CODES
-
-   GSS_S_BAD_BINDINGS            channel binding mismatch
-   GSS_S_BAD_MECH                unsupported mechanism requested
-   GSS_S_BAD_NAME                invalid name provided
-   GSS_S_BAD_NAMETYPE            name of unsupported type provided
-   GSS_S_BAD_STATUS              invalid input status selector
-   GSS_S_BAD_SIG                 token had invalid integrity check
-   GSS_S_BAD_MIC                   preferred alias for GSS_S_BAD_SIG
-   GSS_S_CONTEXT_EXPIRED         specified security context expired
-   GSS_S_CREDENTIALS_EXPIRED     expired credentials detected
-   GSS_S_DEFECTIVE_CREDENTIAL    defective credential detected
-   GSS_S_DEFECTIVE_TOKEN         defective token detected
-   GSS_S_FAILURE                 failure, unspecified at GSS-API
-                                   level
-   GSS_S_NO_CONTEXT              no valid security context specified
-   GSS_S_NO_CRED                 no valid credentials provided
-   GSS_S_BAD_QOP                 unsupported QOP value
-   GSS_S_UNAUTHORIZED            operation unauthorized
-   GSS_S_UNAVAILABLE             operation unavailable
-   GSS_S_DUPLICATE_ELEMENT       duplicate credential element requested
-   GSS_S_NAME_NOT_MN             name contains multi-mechanism elements
-
-   INFORMATORY STATUS CODES
-
-   GSS_S_COMPLETE                normal completion
-   GSS_S_CONTINUE_NEEDED         continuation call to routine
-                                  required
-   GSS_S_DUPLICATE_TOKEN         duplicate per-message token
-                                  detected
-   GSS_S_OLD_TOKEN               timed-out per-message token
-                                  detected
-   GSS_S_UNSEQ_TOKEN             reordered (early) per-message token
-                                  detected
-   GSS_S_GAP_TOKEN               skipped predecessor token(s)
-                                  detected
-
-   Minor_status provides more detailed status information which may
-   include status codes specific to the underlying security mechanism.
-   Minor_status values are not specified in this document.
-
-
-
-
-
-Linn                        Standards Track                    [Page 18]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   GSS_S_CONTINUE_NEEDED major_status returns, and optional message
-   outputs, are provided in GSS_Init_sec_context() and
-   GSS_Accept_sec_context() calls so that different mechanisms'
-   employment of different numbers of messages within their
-   authentication sequences need not be reflected in separate code paths
-   within calling applications. Instead, such cases are accommodated
-   with sequences of continuation calls to GSS_Init_sec_context()  and
-   GSS_Accept_sec_context().  The same facility is used to encapsulate
-   mutual authentication within the GSS-API's context initiation calls.
-
-   For mech_types which require interactions with third-party servers in
-   order to establish a security context, GSS-API context establishment
-   calls may block pending completion of such third-party interactions.
-   On the other hand, no GSS-API calls pend on serialized interactions
-   with GSS-API peer entities.  As a result, local GSS-API status
-   returns cannot reflect unpredictable or asynchronous exceptions
-   occurring at remote peers, and reflection of such status information
-   is a caller responsibility outside the GSS-API.
-
-1.2.1.2: Optional Service Support
-
-   A context initiator may request various optional services at context
-   establishment time. Each of these services is requested by setting a
-   flag in the req_flags input parameter to GSS_Init_sec_context().
-
-   The optional services currently defined are:
-
-      - Delegation - The (usually temporary) transfer of rights from
-      initiator to acceptor, enabling the acceptor to authenticate
-      itself as an agent of the initiator.
-
-      - Mutual Authentication - In addition to the initiator
-      authenticating its identity to the context acceptor, the context
-      acceptor should also authenticate itself to the initiator.
-
-      - Replay detection - In addition to providing message integrity
-      services, GSS_GetMIC() and GSS_Wrap() should include message
-      numbering information to enable GSS_VerifyMIC() and GSS_Unwrap()
-      to detect if a message has been duplicated.
-
-      - Out-of-sequence detection - In addition to providing message
-      integrity services, GSS_GetMIC() and GSS_Wrap() should include
-      message sequencing information to enable GSS_VerifyMIC() and
-      GSS_Unwrap() to detect if a message has been received out of
-      sequence.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 19]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      - Anonymous authentication - The establishment of the security
-      context should not reveal the initiator's identity to the context
-      acceptor.
-
-      - Available per-message confidentiality - requests that per-
-      message confidentiality services be available on the context.
-
-      - Available per-message integrity - requests that per-message
-      integrity services be available on the context.
-
-   Any currently undefined bits within such flag arguments should be
-   ignored by GSS-API implementations when presented by an application,
-   and should be set to zero when returned to the application by the
-   GSS-API implementation.
-
-   Some mechanisms may not support all optional services, and some
-   mechanisms may only support some services in conjunction with others.
-   Both GSS_Init_sec_context() and GSS_Accept_sec_context() inform the
-   applications which services will be available from the context when
-   the establishment phase is complete, via the ret_flags output
-   parameter.  In general, if the security mechanism is capable of
-   providing a requested service, it should do so, even if additional
-   services must be enabled in order to provide the requested service.
-   If the mechanism is incapable of providing a requested service, it
-   should proceed without the service, leaving the application to abort
-   the context establishment process if it considers the requested
-   service to be mandatory.
-
-   Some mechanisms may specify that support for some services is
-   optional, and that implementors of the mechanism need not provide it.
-   This is most commonly true of the confidentiality service, often
-   because of legal restrictions on the use of data-encryption, but may
-   apply to any of the services.  Such mechanisms are required to send
-   at least one token from acceptor to initiator during context
-   establishment when the initiator indicates a desire to use such a
-   service, so that the initiating GSS-API can correctly indicate
-   whether the service is supported by the acceptor's GSS-API.
-
-1.2.2: Per-Message Security Service Availability
-
-   When a context is established, two flags are returned to indicate the
-   set of per-message protection security services which will be
-   available on the context:
-
-      the integ_avail flag indicates whether per-message integrity and
-      data origin authentication services are available
-
-
-
-
-
-Linn                        Standards Track                    [Page 20]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      the conf_avail flag indicates whether per-message confidentiality
-      services are available, and will never be returned TRUE unless the
-      integ_avail flag is also returned TRUE
-
-   GSS-API callers desiring per-message security services should check
-   the values of these flags at context establishment time, and must be
-   aware that a returned FALSE value for integ_avail means that
-   invocation of GSS_GetMIC() or GSS_Wrap() primitives on the associated
-   context will apply no cryptographic protection to user data messages.
-
-   The GSS-API per-message integrity and data origin authentication
-   services provide assurance to a receiving caller that protection was
-   applied to a message by the caller's peer on the security context,
-   corresponding to the entity named at context initiation.  The GSS-API
-   per-message confidentiality service provides assurance to a sending
-   caller that the message's content is protected from access by
-   entities other than the context's named peer.
-
-   The GSS-API per-message protection service primitives, as the
-   category name implies, are oriented to operation at the granularity
-   of protocol data units. They perform cryptographic operations on the
-   data units, transfer cryptographic control information in tokens,
-   and, in the case of GSS_Wrap(), encapsulate the protected data unit.
-   As such, these primitives are not oriented to efficient data
-   protection for stream-paradigm protocols (e.g., Telnet) if
-   cryptography must be applied on an octet-by-octet basis.
-
-1.2.3: Per-Message Replay Detection and Sequencing
-
-   Certain underlying mech_types offer support for replay detection
-   and/or sequencing of messages transferred on the contexts they
-   support. These optionally-selectable protection features are distinct
-   from replay detection and sequencing features applied to the context
-   establishment operation itself; the presence or absence of context-
-   level replay or sequencing features is wholly a function of the
-   underlying mech_type's capabilities, and is not selected or omitted
-   as a caller option.
-
-   The caller initiating a context provides flags (replay_det_req_flag
-   and sequence_req_flag) to specify whether the use of per-message
-   replay detection and sequencing features is desired on the context
-   being established. The GSS-API implementation at the initiator system
-   can determine whether these features are supported (and whether they
-   are optionally selectable) as a function of the selected mechanism,
-   without need for bilateral negotiation with the target. When enabled,
-   these features provide recipients with indicators as a result of
-   GSS-API processing of incoming messages, identifying whether those
-   messages were detected as duplicates or out-of-sequence. Detection of
-
-
-
-Linn                        Standards Track                    [Page 21]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   such events does not prevent a suspect message from being provided to
-   a recipient; the appropriate course of action on a suspect message is
-   a matter of caller policy.
-
-   The semantics of the replay detection and sequencing services applied
-   to received messages, as visible across the interface which the GSS-
-   API provides to its clients, are as follows:
-
-   When replay_det_state is TRUE, the possible major_status returns for
-   well-formed and correctly signed messages are as follows:
-
-      1. GSS_S_COMPLETE, without concurrent indication of
-      GSS_S_DUPLICATE_TOKEN or GSS_S_OLD_TOKEN, indicates that the
-      message was within the window (of time or sequence space) allowing
-      replay events to be detected, and that the message was not a
-      replay of a previously-processed message within that window.
-
-      2. GSS_S_DUPLICATE_TOKEN indicates that the cryptographic
-      checkvalue on the received message was correct, but that the
-      message was recognized as a duplicate of a previously-processed
-      message.  In addition to identifying duplicated tokens originated
-      by a context's peer, this status may also be used to identify
-      reflected copies of locally-generated tokens; it is recommended
-      that mechanism designers include within their protocols facilities
-      to detect and report such tokens.
-
-      3. GSS_S_OLD_TOKEN indicates that the cryptographic checkvalue on
-      the received message was correct, but that the message is too old
-      to be checked for duplication.
-
-   When sequence_state is TRUE, the possible major_status returns for
-   well-formed and correctly signed messages are as follows:
-
-      1. GSS_S_COMPLETE, without concurrent indication of
-      GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN, GSS_S_UNSEQ_TOKEN, or
-      GSS_S_GAP_TOKEN, indicates that the message was within the window
-      (of time or sequence space) allowing replay events to be detected,
-      that the message was not a replay of a previously-processed
-      message within that window, and that no predecessor sequenced
-      messages are missing relative to the last received message (if
-      any) processed on the context with a correct cryptographic
-      checkvalue.
-
-      2. GSS_S_DUPLICATE_TOKEN indicates that the integrity check value
-      on the received message was correct, but that the message was
-      recognized as a duplicate of a previously-processed message.  In
-      addition to identifying duplicated tokens originated by a
-      context's peer, this status may also be used to identify reflected
-
-
-
-Linn                        Standards Track                    [Page 22]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      copies of locally-generated tokens; it is recommended that
-      mechanism designers include within their protocols facilities to
-      detect and report such tokens.
-
-      3. GSS_S_OLD_TOKEN indicates that the integrity check value on the
-      received message was correct, but that the token is too old to be
-      checked for duplication.
-
-      4. GSS_S_UNSEQ_TOKEN indicates that the cryptographic checkvalue
-      on the received message was correct, but that it is earlier in a
-      sequenced stream than a message already processed on the context.
-      [Note: Mechanisms can be architected to provide a stricter form of
-      sequencing service, delivering particular messages to recipients
-      only after all predecessor messages in an ordered stream have been
-      delivered.  This type of support is incompatible with the GSS-API
-      paradigm in which recipients receive all messages, whether in
-      order or not, and provide them (one at a time, without intra-GSS-
-      API message buffering) to GSS-API routines for validation.  GSS-
-      API facilities provide supportive functions, aiding clients to
-      achieve strict message stream integrity in an efficient manner in
-      conjunction with sequencing provisions in communications
-      protocols, but the GSS-API does not offer this level of message
-      stream integrity service by itself.]
-
-      5. GSS_S_GAP_TOKEN indicates that the cryptographic checkvalue on
-      the received message was correct, but that one or more predecessor
-      sequenced messages have not been successfully processed relative
-      to the last received message (if any) processed on the context
-      with a correct cryptographic checkvalue.
-
-   As the message stream integrity features (especially sequencing) may
-   interfere with certain applications' intended communications
-   paradigms, and since support for such features is likely to be
-   resource intensive, it is highly recommended that mech_types
-   supporting these features allow them to be activated selectively on
-   initiator request when a context is established. A context initiator
-   and target are provided with corresponding indicators
-   (replay_det_state and sequence_state), signifying whether these
-   features are active on a given context.
-
-   An example mech_type supporting per-message replay detection could
-   (when replay_det_state is TRUE) implement the feature as follows: The
-   underlying mechanism would insert timestamps in data elements output
-   by GSS_GetMIC() and GSS_Wrap(), and would maintain (within a time-
-   limited window) a cache (qualified by originator-recipient pair)
-   identifying received data elements processed by GSS_VerifyMIC() and
-   GSS_Unwrap(). When this feature is active, exception status returns
-   (GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN) will be provided when
-
-
-
-Linn                        Standards Track                    [Page 23]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   GSS_VerifyMIC() or GSS_Unwrap() is presented with a message which is
-   either a detected duplicate of a prior message or which is too old to
-   validate against a cache of recently received messages.
-
-1.2.4:  Quality of Protection
-
-   Some mech_types provide their users with fine granularity control
-   over the means used to provide per-message protection, allowing
-   callers to trade off security processing overhead dynamically against
-   the protection requirements of particular messages. A per-message
-   quality-of-protection parameter (analogous to quality-of-service, or
-   QOS) selects among different QOP options supported by that mechanism.
-   On context establishment for a multi-QOP mech_type, context-level
-   data provides the prerequisite data for a range of protection
-   qualities.
-
-   It is expected that the majority of callers will not wish to exert
-   explicit mechanism-specific QOP control and will therefore request
-   selection of a default QOP. Definitions of, and choices among, non-
-   default QOP values are mechanism-specific, and no ordered sequences
-   of QOP values can be assumed equivalent across different mechanisms.
-   Meaningful use of non-default QOP values demands that callers be
-   familiar with the QOP definitions of an underlying mechanism or
-   mechanisms, and is therefore a non-portable construct.  The
-   GSS_S_BAD_QOP major_status value is defined in order to indicate that
-   a provided QOP value is unsupported for a security context, most
-   likely because that value is unrecognized by the underlying
-   mechanism.
-
-   In the interests of interoperability, mechanisms which allow optional
-   support of particular QOP values shall satisfy one of the following
-   conditions.  Either:
-
-      (i) All implementations of the mechanism are required to be
-      capable of processing messages protected using any QOP value,
-      regardless of whether they can apply protection corresponding to
-      that QOP, or
-
-      (ii) The set of mutually-supported receiver QOP values must be
-      determined during context establishment, and messages may be
-      protected by either peer using only QOP values from this
-      mutually-supported set.
-
-   NOTE: (i) is just a special-case of (ii), where implementations are
-   required to support all QOP values on receipt.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 24]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-1.2.5: Anonymity Support
-
-   In certain situations or environments, an application may wish to
-   authenticate a peer and/or protect communications using GSS-API per-
-   message services without revealing its own identity.  For example,
-   consider an application which provides read access to a research
-   database, and which permits queries by arbitrary requestors.  A
-   client of such a service might wish to authenticate the service, to
-   establish trust in the information received from it, but might not
-   wish to disclose its identity to the service for privacy reasons.
-
-   In ordinary GSS-API usage, a context initiator's identity is made
-   available to the context acceptor as part of the context
-   establishment process.  To provide for anonymity support, a facility
-   (input anon_req_flag to GSS_Init_sec_context()) is provided through
-   which context initiators may request that their identity not be
-   provided to the context acceptor.  Mechanisms are not required to
-   honor this request, but a caller will be informed (via returned
-   anon_state indicator from GSS_Init_sec_context()) whether or not the
-   request is honored. Note that authentication as the anonymous
-   principal does not necessarily imply that credentials are not
-   required in order to establish a context.
-
-   Section 4.5 of this document defines the Object Identifier value used
-   to identify an anonymous principal.
-
-   Four possible combinations of anon_state and mutual_state are
-   possible, with the following results:
-
-      anon_state == FALSE, mutual_state == FALSE: initiator
-      authenticated to target.
-
-      anon_state == FALSE, mutual_state == TRUE: initiator authenticated
-      to target, target authenticated to initiator.
-
-      anon_state == TRUE, mutual_state == FALSE: initiator authenticated
-      as anonymous principal to target.
-
-      anon_state == TRUE, mutual_state == TRUE: initiator authenticated
-      as anonymous principal to target, target authenticated to
-      initiator.
-
-1.2.6: Initialization
-
-   No initialization calls (i.e., calls which must be invoked prior to
-   invocation of other facilities in the interface) are defined in GSS-
-   API.  As an implication of this fact, GSS-API implementations must
-   themselves be self-initializing.
-
-
-
-Linn                        Standards Track                    [Page 25]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-1.2.7: Per-Message Protection During Context Establishment
-
-   A facility is defined in GSS-V2 to enable protection and buffering of
-   data messages for later transfer while a security context's
-   establishment is in GSS_S_CONTINUE_NEEDED status, to be used in cases
-   where the caller side already possesses the necessary session key to
-   enable this processing. Specifically, a new state Boolean, called
-   prot_ready_state, is added to the set of information returned by
-   GSS_Init_sec_context(), GSS_Accept_sec_context(), and
-   GSS_Inquire_context().
-
-   For context establishment calls, this state Boolean is valid and
-   interpretable when the associated major_status is either
-   GSS_S_CONTINUE_NEEDED, or GSS_S_COMPLETE.  Callers of GSS-API (both
-   initiators and acceptors) can assume that per-message protection (via
-   GSS_Wrap(), GSS_Unwrap(), GSS_GetMIC() and GSS_VerifyMIC()) is
-   available and ready for use if either: prot_ready_state == TRUE, or
-   major_status == GSS_S_COMPLETE, though mutual authentication (if
-   requested) cannot be guaranteed until GSS_S_COMPLETE is returned.
-   Callers making use of per-message protection services in advance of
-   GSS_S_COMPLETE status should be aware of the possibility that a
-   subsequent context establishment step may fail, and that certain
-   context data (e.g., mech_type) as returned for subsequent calls may
-   change.
-
-   This approach achieves full, transparent backward compatibility for
-   GSS-API V1 callers, who need not even know of the existence of
-   prot_ready_state, and who will get the expected behavior from
-   GSS_S_COMPLETE, but who will not be able to use per-message
-   protection before GSS_S_COMPLETE is returned.
-
-   It is not a requirement that GSS-V2 mechanisms ever return TRUE
-   prot_ready_state before completion of context establishment (indeed,
-   some mechanisms will not evolve usable message protection keys,
-   especially at the context acceptor, before context establishment is
-   complete).  It is expected but not required that GSS-V2 mechanisms
-   will return TRUE prot_ready_state upon completion of context
-   establishment if they support per-message protection at all (however
-   GSS-V2 applications should not assume that TRUE prot_ready_state will
-   always be returned together with the GSS_S_COMPLETE major_status,
-   since GSS-V2 implementations may continue to support GSS-V1 mechanism
-   code, which will never return TRUE prot_ready_state).
-
-   When prot_ready_state is returned TRUE, mechanisms shall also set
-   those context service indicator flags (deleg_state, mutual_state,
-   replay_det_state, sequence_state, anon_state, trans_state,
-   conf_avail, integ_avail) which represent facilities confirmed, at
-   that time, to be available on the context being established.  In
-
-
-
-Linn                        Standards Track                    [Page 26]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   situations where prot_ready_state is returned before GSS_S_COMPLETE,
-   it is possible that additional facilities may be confirmed and
-   subsequently indicated when GSS_S_COMPLETE is returned.
-
-1.2.8: Implementation Robustness
-
-   This section recommends aspects of GSS-API implementation behavior in
-   the interests of overall robustness.
-
-   Invocation of GSS-API calls is to incur no undocumented side effects
-   visible at the GSS-API level.
-
-   If a token is presented for processing on a GSS-API security context
-   and that token generates a fatal error in processing or is otherwise
-   determined to be invalid for that context, the context's state should
-   not be disrupted for purposes of processing subsequent valid tokens.
-
-   Certain local conditions at a GSS-API implementation (e.g.,
-   unavailability of memory) may preclude, temporarily or permanently,
-   the successful processing of tokens on a GSS-API security context,
-   typically generating GSS_S_FAILURE major_status returns along with
-   locally-significant minor_status.  For robust operation under such
-   conditions, the following recommendations are made:
-
-      Failing calls should free any memory they allocate, so that
-      callers may retry without causing further loss of resources.
-
-      Failure of an individual call on an established context should not
-      preclude subsequent calls from succeeding on the same context.
-
-      Whenever possible, it should be possible for
-      GSS_Delete_sec_context() calls to be successfully processed even
-      if other calls cannot succeed, thereby enabling context-related
-      resources to be released.
-
-   A failure of GSS_GetMIC() or GSS_Wrap() due to an attempt to use an
-   unsupported QOP will not interfere with context validity, nor shall
-   such a failure impact the ability of the application to subsequently
-   invoke GSS_GetMIC() or GSS_Wrap() using a supported QOP. Any state
-   information concerning sequencing of outgoing messages shall be
-   unchanged by an unsuccessful call of GSS_GetMIC() or GSS_Wrap().
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 27]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-1.2.9: Delegation
-
-   The GSS-API allows delegation to be controlled by the initiating
-   application via a Boolean parameter to GSS_Init_sec_context(), the
-   routine that establishes a security context.  Some mechanisms do not
-   support delegation, and for such mechanisms attempts by an
-   application to enable delegation are ignored.
-
-   The acceptor of a security context for which the initiator enabled
-   delegation will receive (via the delegated_cred_handle parameter of
-   GSS_Accept_sec_context()) a credential handle that contains the
-   delegated identity, and this credential handle may be used to
-   initiate subsequent GSS-API security contexts as an agent or delegate
-   of the initiator.  If the original initiator's identity is "A" and
-   the delegate's identity is "B", then, depending on the underlying
-   mechanism, the identity embodied by the delegated credential may be
-   either "A" or "B acting for A".
-
-   For many mechanisms that support delegation, a simple Boolean does
-   not provide enough control.  Examples of additional aspects of
-   delegation control that a mechanism might provide to an application
-   are duration of delegation, network addresses from which delegation
-   is valid, and constraints on the tasks that may be performed by a
-   delegate.  Such controls are presently outside the scope of the GSS-
-   API.  GSS-API implementations supporting mechanisms offering
-   additional controls should provide extension routines that allow
-   these controls to be exercised (perhaps by modifying the initiator's
-   GSS-API credential prior to its use in establishing a context).
-   However, the simple delegation control provided by GSS-API should
-   always be able to over-ride other mechanism-specific delegation
-   controls; if the application instructs GSS_Init_sec_context() that
-   delegation is not desired, then the implementation must not permit
-   delegation to occur.  This is an exception to the general rule that a
-   mechanism may enable services even if they are not requested;
-   delegation may only be provided at the explicit request of the
-   application.
-
-1.2.10: Interprocess Context Transfer
-
-   GSS-API V2 provides routines (GSS_Export_sec_context() and
-   GSS_Import_sec_context()) which allow a security context to be
-   transferred between processes on a single machine.  The most common
-   use for such a feature is a client-server design where the server is
-   implemented as a single process that accepts incoming security
-   contexts, which then launches child processes to deal with the data
-   on these contexts.  In such a design, the child processes must have
-   access to the security context data structure created within the
-
-
-
-
-Linn                        Standards Track                    [Page 28]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   parent by its call to GSS_Accept_sec_context() so that they can use
-   per-message protection services and delete the security context when
-   the communication session ends.
-
-   Since the security context data structure is expected to contain
-   sequencing information, it is impractical in general to share a
-   context between processes.  Thus GSS-API provides a call
-   (GSS_Export_sec_context()) that the process which currently owns the
-   context can call to declare that it has no intention to use the
-   context subsequently, and to create an inter-process token containing
-   information needed by the adopting process to successfully import the
-   context.  After successful completion of this call, the original
-   security context is made inaccessible to the calling process by GSS-
-   API, and any context handles referring to this context are no longer
-   valid.  The originating process transfers the inter-process token to
-   the adopting process, which passes it to GSS_Import_sec_context(),
-   and a fresh context handle is created such that it is functionally
-   identical to the original context.
-
-   The inter-process token may contain sensitive data from the original
-   security context (including cryptographic keys).  Applications using
-   inter-process tokens to transfer security contexts must take
-   appropriate steps to protect these tokens in transit.
-   Implementations are not required to support the inter-process
-   transfer of security contexts.  The ability to transfer a security
-   context is indicated when the context is created, by
-   GSS_Init_sec_context() or GSS_Accept_sec_context() indicating a TRUE
-   trans_state return value.
-
-2:  Interface Descriptions
-
-   This section describes the GSS-API's service interface, dividing the
-   set of calls offered into four groups. Credential management calls
-   are related to the acquisition and release of credentials by
-   principals. Context-level calls are related to the management of
-   security contexts between principals. Per-message calls are related
-   to the protection of individual messages on established security
-   contexts. Support calls provide ancillary functions useful to GSS-API
-   callers. Table 2 groups and summarizes the calls in tabular fashion.
-
-   Table 2:  GSS-API Calls
-
-   CREDENTIAL MANAGEMENT
-
-   GSS_Acquire_cred             acquire credentials for use
-   GSS_Release_cred             release credentials after use
-   GSS_Inquire_cred             display information about
-                                credentials
-
-
-
-Linn                        Standards Track                    [Page 29]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   GSS_Add_cred                 construct credentials incrementally
-   GSS_Inquire_cred_by_mech     display per-mechanism credential
-                                  information
-
-   CONTEXT-LEVEL CALLS
-
-   GSS_Init_sec_context         initiate outbound security context
-   GSS_Accept_sec_context       accept inbound security context
-   GSS_Delete_sec_context       flush context when no longer needed
-   GSS_Process_context_token    process received control token on
-                                  context
-   GSS_Context_time             indicate validity time remaining on
-                                     context
-   GSS_Inquire_context          display information about context
-   GSS_Wrap_size_limit          determine GSS_Wrap token size limit
-   GSS_Export_sec_context       transfer context to other process
-   GSS_Import_sec_context       import transferred context
-
-   PER-MESSAGE CALLS
-
-   GSS_GetMIC                   apply integrity check, receive as
-                                  token separate from message
-   GSS_VerifyMIC                validate integrity check token
-                                  along with message
-   GSS_Wrap                     sign, optionally encrypt,
-                                  encapsulate
-   GSS_Unwrap                   decapsulate, decrypt if needed,
-                                  validate integrity check
-
-   SUPPORT CALLS
-
-   GSS_Display_status           translate status codes to printable
-                                  form
-   GSS_Indicate_mechs           indicate mech_types supported on
-                                  local system
-   GSS_Compare_name             compare two names for equality
-   GSS_Display_name             translate name to printable form
-   GSS_Import_name              convert printable name to
-                                  normalized form
-   GSS_Release_name             free storage of normalized-form
-                                  name
-   GSS_Release_buffer           free storage of general GSS-allocated
-                                  object
-   GSS_Release_OID_set          free storage of OID set object
-   GSS_Create_empty_OID_set     create empty OID set
-   GSS_Add_OID_set_member       add member to OID set
-   GSS_Test_OID_set_member      test if OID is member of OID set
-   GSS_Inquire_names_for_mech   indicate name types supported by
-
-
-
-Linn                        Standards Track                    [Page 30]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-                                  mechanism
-   GSS_Inquire_mechs_for_name   indicates mechanisms supporting name
-                                  type
-   GSS_Canonicalize_name        translate name to per-mechanism form
-   GSS_Export_name              externalize per-mechanism name
-   GSS_Duplicate_name           duplicate name object
-
-2.1:  Credential management calls
-
-   These GSS-API calls provide functions related to the management of
-   credentials. Their characterization with regard to whether or not
-   they may block pending exchanges with other network entities (e.g.,
-   directories or authentication servers) depends in part on OS-specific
-   (extra-GSS-API) issues, so is not specified in this document.
-
-   The GSS_Acquire_cred() call is defined within the GSS-API in support
-   of application portability, with a particular orientation towards
-   support of portable server applications. It is recognized that (for
-   certain systems and mechanisms) credentials for interactive users may
-   be managed differently from credentials for server processes; in such
-   environments, it is the GSS-API implementation's responsibility to
-   distinguish these cases and the procedures for making this
-   distinction are a local matter. The GSS_Release_cred() call provides
-   a means for callers to indicate to the GSS-API that use of a
-   credentials structure is no longer required. The GSS_Inquire_cred()
-   call allows callers to determine information about a credentials
-   structure.  The GSS_Add_cred() call enables callers to append
-   elements to an existing credential structure, allowing iterative
-   construction of a multi-mechanism credential. The
-   GSS_Inquire_cred_by_mech() call enables callers to extract per-
-   mechanism information describing a credentials structure.
-
-2.1.1:  GSS_Acquire_cred call
-
-   Inputs:
-
-   o  desired_name INTERNAL NAME, -- NULL requests locally-determined
-   -- default
-
-   o  lifetime_req INTEGER, -- in seconds; 0 requests default
-
-   o  desired_mechs SET OF OBJECT IDENTIFIER, -- NULL requests
-   -- system-selected default
-
-   o  cred_usage INTEGER -- 0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-   -- 2=ACCEPT-ONLY
-
-
-
-
-
-Linn                        Standards Track                    [Page 31]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_cred_handle CREDENTIAL HANDLE, -- if returned non-NULL,
-   -- caller must release with GSS_Release_cred()
-
-   o  actual_mechs SET OF OBJECT IDENTIFIER, -- if returned non-NULL,
-   -- caller must release with GSS_Release_oid_set()
-
-   o  lifetime_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that requested credentials were
-   successfully established, for the duration indicated in lifetime_rec,
-   suitable for the usage requested in cred_usage, for the set of
-   mech_types indicated in actual_mechs, and that those credentials can
-   be referenced for subsequent use with the handle returned in
-   output_cred_handle.
-
-   o  GSS_S_BAD_MECH indicates that a mech_type unsupported by the GSS-
-   API implementation type was requested, causing the credential
-   establishment operation to fail.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided desired_name is
-   uninterpretable or of a type unsupported by the applicable underlying
-   GSS-API mechanism(s), so no credentials could be established for the
-   accompanying desired_name.
-
-   o  GSS_S_BAD_NAME indicates that the provided desired_name is
-   inconsistent in terms of internally-incorporated type specifier
-   information, so no credentials could be established for the
-   accompanying desired_name.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that underlying credential
-   elements corresponding to the requested desired_name have expired, so
-   requested credentials could not be established.
-
-   o GSS_S_NO_CRED indicates that no credential elements corresponding
-   to the requested desired_name and usage could be accessed, so
-   requested credentials could not be established.  In particular, this
-   status should be returned upon temporary user-fixable conditions
-
-
-
-
-
-Linn                        Standards Track                    [Page 32]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   preventing successful credential establishment and upon lack of
-   authorization to establish and use credentials associated with the
-   identity named in the input desired_name argument.
-
-   o  GSS_S_FAILURE indicates that credential establishment failed for
-   reasons unspecified at the GSS-API level.
-
-   GSS_Acquire_cred() is used to acquire credentials so that a principal
-   can (as a function of the input cred_usage parameter) initiate and/or
-   accept security contexts under the identity represented by the
-   desired_name input argument. On successful completion, the returned
-   output_cred_handle result provides a handle for subsequent references
-   to the acquired credentials.  Typically, single-user client processes
-   requesting that default credential behavior be applied for context
-   establishment purposes will have no need to invoke this call.
-
-   A caller may provide the value NULL (GSS_C_NO_NAME) for desired_name,
-   which will be interpreted as a request for a credential handle that
-   will invoke default behavior when passed to GSS_Init_sec_context(),
-   if cred_usage is GSS_C_INITIATE or GSS_C_BOTH, or
-   GSS_Accept_sec_context(), if cred_usage is GSS_C_ACCEPT or
-   GSS_C_BOTH.  It is possible that multiple pre-established credentials
-   may exist for the same principal identity (for example, as a result
-   of multiple user login sessions) when GSS_Acquire_cred() is called;
-   the means used in such cases to select a specific credential are
-   local matters.  The input lifetime_req argument to GSS_Acquire_cred()
-   may provide useful information for local GSS-API implementations to
-   employ in making this disambiguation in a manner which will best
-   satisfy a caller's intent.
-
-   This routine is expected to be used primarily by context acceptors,
-   since implementations are likely to provide mechanism-specific ways
-   of obtaining GSS-API initiator credentials from the system login
-   process.  Some implementations may therefore not support the
-   acquisition of GSS_C_INITIATE or GSS_C_BOTH credentials via
-   GSS_Acquire_cred() for any name other than GSS_C_NO_NAME, or a name
-   resulting from applying GSS_Inquire_context() to an active context,
-   or a name resulting from applying GSS_Inquire_cred() against a
-   credential handle corresponding to default behavior. It is important
-   to recognize that the explicit name which is yielded by resolving a
-   default reference may change over time, e.g., as a result of local
-   credential element management operations outside GSS-API; once
-   resolved, however, the value of such an explicit name will remain
-   constant.
-
-   The lifetime_rec result indicates the length of time for which the
-   acquired credentials will be valid, as an offset from the present. A
-   mechanism may return a reserved value indicating INDEFINITE if no
-
-
-
-Linn                        Standards Track                    [Page 33]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   constraints on credential lifetime are imposed.  A caller of
-   GSS_Acquire_cred() can request a length of time for which acquired
-   credentials are to be valid (lifetime_req argument), beginning at the
-   present, or can request credentials with a default validity interval.
-   (Requests for postdated credentials are not supported within the
-   GSS-API.) Certain mechanisms and implementations may bind in
-   credential validity period specifiers at a point preliminary to
-   invocation of the GSS_Acquire_cred() call (e.g., in conjunction with
-   user login procedures). As a result, callers requesting non-default
-   values for lifetime_req must recognize that such requests cannot
-   always be honored and must be prepared to accommodate the use of
-   returned credentials with different lifetimes as indicated in
-   lifetime_rec.
-
-   The caller of GSS_Acquire_cred() can explicitly specify a set of
-   mech_types which are to be accommodated in the returned credentials
-   (desired_mechs argument), or can request credentials for a system-
-   defined default set of mech_types. Selection of the system-specified
-   default set is recommended in the interests of application
-   portability. The actual_mechs return value may be interrogated by the
-   caller to determine the set of mechanisms with which the returned
-   credentials may be used.
-
-2.1.2:  GSS_Release_cred call
-
-   Input:
-
-   o  cred_handle CREDENTIAL HANDLE -- if GSS_C_NO_CREDENTIAL
-   -- is specified, the call will complete successfully, but
-   -- will have no effect; no credential elements will be
-   -- released.
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-   input cred_handle were released for purposes of subsequent access by
-   the caller. The effect on other processes which may be authorized
-   shared access to such credentials is a local matter.
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 34]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_NO_CRED indicates that no release operation was performed,
-   either because the input cred_handle was invalid or because the
-   caller lacks authorization to access the referenced credentials.
-
-   o  GSS_S_FAILURE indicates that the release operation failed for
-   reasons unspecified at the GSS-API level.
-
-   Provides a means for a caller to explicitly request that credentials
-   be released when their use is no longer required. Note that system-
-   specific credential management functions are also likely to exist,
-   for example to assure that credentials shared among processes are
-   properly deleted when all affected processes terminate, even if no
-   explicit release requests are issued by those processes. Given the
-   fact that multiple callers are not precluded from gaining authorized
-   access to the same credentials, invocation of GSS_Release_cred()
-   cannot be assumed to delete a particular set of credentials on a
-   system-wide basis.
-
-2.1.3:  GSS_Inquire_cred call
-
-   Input:
-
-   o  cred_handle CREDENTIAL HANDLE -- if GSS_C_NO_CREDENTIAL
-   -- is specified, default initiator credentials are queried
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  cred_name INTERNAL NAME,  -- caller must release with
-   -- GSS_Release_name()
-
-   o  lifetime_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   o  cred_usage INTEGER, -- 0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-   -- 2=ACCEPT-ONLY
-
-   o  mech_set SET OF OBJECT IDENTIFIER  -- caller must release
-   -- with GSS_Release_oid_set()
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 35]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-   input cred_handle argument were valid, and that the output cred_name,
-   lifetime_rec, and cred_usage values represent, respectively, the
-   credentials' associated principal name, remaining lifetime, suitable
-   usage modes, and supported mechanism types.
-
-   o  GSS_S_NO_CRED indicates that no information could be returned
-   about the referenced credentials, either because the input
-   cred_handle was invalid or because the caller lacks authorization to
-   access the referenced credentials.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that the referenced
-   credentials are invalid.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the referenced
-   credentials have expired.
-
-   o  GSS_S_FAILURE indicates that the operation failed for reasons
-   unspecified at the GSS-API level.
-
-   The GSS_Inquire_cred() call is defined primarily for the use of those
-   callers which request use of default credential behavior rather than
-   acquiring credentials explicitly with GSS_Acquire_cred().  It enables
-   callers to determine a credential structure's associated principal
-   name, remaining validity period, usability for security context
-   initiation and/or acceptance, and supported mechanisms.
-
-   For a multi-mechanism credential, the returned "lifetime" specifier
-   indicates the shortest lifetime of any of the mechanisms' elements in
-   the credential (for either context initiation or acceptance
-   purposes).
-
-   GSS_Inquire_cred() should indicate INITIATE-AND-ACCEPT for
-   "cred_usage" if both of the following conditions hold:
-
-      (1) there exists in the credential an element which allows context
-      initiation using some mechanism
-
-      (2) there exists in the credential an element which allows context
-      acceptance using some mechanism (allowably, but not necessarily,
-      one of the same mechanism(s) qualifying for (1)).
-
-   If condition (1) holds but not condition (2), GSS_Inquire_cred()
-   should indicate INITIATE-ONLY for "cred_usage".  If condition (2)
-   holds but not condition (1), GSS_Inquire_cred() should indicate
-   ACCEPT-ONLY for "cred_usage".
-
-
-
-Linn                        Standards Track                    [Page 36]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Callers requiring finer disambiguation among available combinations
-   of lifetimes, usage modes, and mechanisms should call the
-   GSS_Inquire_cred_by_mech() routine, passing that routine one of the
-   mech OIDs returned by GSS_Inquire_cred().
-
-2.1.4:  GSS_Add_cred call
-
-   Inputs:
-
-   o  input_cred_handle CREDENTIAL HANDLE -- handle to credential
-   -- structure created with prior GSS_Acquire_cred() or
-   -- GSS_Add_cred() call; see text for definition of behavior
-   -- when GSS_C_NO_CREDENTIAL provided.
-
-   o  desired_name INTERNAL NAME
-
-   o  initiator_time_req INTEGER -- in seconds; 0 requests default
-
-   o  acceptor_time_req INTEGER -- in seconds; 0 requests default
-
-   o  desired_mech OBJECT IDENTIFIER
-
-   o  cred_usage INTEGER -- 0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-   -- 2=ACCEPT-ONLY
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_cred_handle CREDENTIAL HANDLE, -- NULL to request that
-   -- credential elements be added "in place" to the credential
-   -- structure identified by input_cred_handle,
-   -- non-NULL pointer to request that
-   -- a new credential structure and handle be created.
-   -- if credential handle returned, caller must release with
-   -- GSS_Release_cred()
-
-   o  actual_mechs SET OF OBJECT IDENTIFIER, -- if returned, caller must
-   -- release with GSS_Release_oid_set()
-
-   o  initiator_time_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   o  acceptor_time_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-
-
-
-Linn                        Standards Track                    [Page 37]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  cred_usage INTEGER, -- 0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-   -- 2=ACCEPT-ONLY
-
-   o  mech_set SET OF OBJECT IDENTIFIER -- full set of mechanisms
-   -- supported by resulting credential.
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-   input_cred_handle argument were valid, and that the resulting
-   credential from GSS_Add_cred() is valid for the durations indicated
-   in initiator_time_rec and acceptor_time_rec, suitable for the usage
-   requested in cred_usage, and for the mechanisms indicated in
-   actual_mechs.
-
-   o  GSS_S_DUPLICATE_ELEMENT indicates that the input desired_mech
-   specified a mechanism for which the referenced credential already
-   contained a credential element with overlapping cred_usage and
-   validity time specifiers.
-
-   o  GSS_S_BAD_MECH indicates that the input desired_mech specified a
-   mechanism unsupported by the GSS-API implementation, causing the
-   GSS_Add_cred() operation to fail.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided desired_name is
-   uninterpretable or of a type unsupported by the applicable underlying
-   GSS-API mechanism(s), so the GSS_Add_cred() operation could not be
-   performed for that name.
-
-   o  GSS_S_BAD_NAME indicates that the provided desired_name is
-   inconsistent in terms of internally-incorporated type specifier
-   information, so the GSS_Add_cred() operation could not be performed
-   for that name.
-
-   o  GSS_S_NO_CRED indicates that the input_cred_handle referenced
-   invalid or inaccessible credentials. In particular, this status
-   should be returned upon temporary user-fixable conditions preventing
-   successful credential establishment or upon lack of authorization to
-   establish or use credentials representing the requested identity.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that referenced credential
-   elements have expired, so the GSS_Add_cred() operation could not be
-   performed.
-
-   o  GSS_S_FAILURE indicates that the operation failed for reasons
-   unspecified at the GSS-API level.
-
-
-
-
-
-Linn                        Standards Track                    [Page 38]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   GSS_Add_cred() enables callers to construct credentials iteratively
-   by adding credential elements in successive operations, corresponding
-   to different mechanisms.  This offers particular value in multi-
-   mechanism environments, as the major_status and minor_status values
-   returned on each iteration are individually visible and can therefore
-   be interpreted unambiguously on a per-mechanism basis. A credential
-   element is identified by the name of the principal to which it
-   refers.  GSS-API implementations must impose a local access control
-   policy on callers of this routine to prevent unauthorized callers
-   from acquiring credential elements to which they are not entitled.
-   This routine is not intended to provide a "login to the network"
-   function, as such a function would involve the creation of new
-   mechanism-specific authentication data, rather than merely acquiring
-   a GSS-API handle to existing data.  Such functions, if required,
-   should be defined in implementation-specific extension routines.
-
-   If credential acquisition is time-consuming for a mechanism, the
-   mechanism may choose to delay the actual acquisition until the
-   credential is required (e.g. by GSS_Init_sec_context() or
-   GSS_Accept_sec_context()).  Such mechanism-specific implementation
-   decisions should be invisible to the calling application; thus a call
-   of GSS_Inquire_cred() immediately following the call of
-   GSS_Acquire_cred() must return valid credential data, and may
-   therefore incur the overhead of a deferred credential acquisition.
-
-   If GSS_C_NO_CREDENTIAL is specified as input_cred_handle, a non-NULL
-   output_cred_handle must be supplied.  For the case of
-   GSS_C_NO_CREDENTIAL as input_cred_handle, GSS_Add_cred() will create
-   the credential referenced by its output_cred_handle based on default
-   behavior.  That is, the call will have the same effect as if the
-   caller had previously called GSS_Acquire_cred(), specifying the same
-   usage and passing GSS_C_NO_NAME as the desired_name parameter
-   (thereby obtaining an explicit credential handle corresponding to
-   default behavior), had passed that credential handle to
-   GSS_Add_cred(), and had finally called GSS_Release_cred() on the
-   credential handle received from GSS_Acquire_cred().
-
-   This routine is expected to be used primarily by context acceptors,
-   since implementations are likely to provide mechanism-specific ways
-   of obtaining GSS-API initiator credentials from the system login
-   process.  Some implementations may therefore not support the
-   acquisition of GSS_C_INITIATE or GSS_C_BOTH credentials via
-   GSS_Acquire_cred() for any name other than GSS_C_NO_NAME, or a name
-   resulting from applying GSS_Inquire_context() to an active context,
-   or a name resulting from applying GSS_Inquire_cred() against a
-   credential handle corresponding to default behavior. It is important
-   to recognize that the explicit name which is yielded by resolving a
-   default reference may change over time, e.g., as a result of local
-
-
-
-Linn                        Standards Track                    [Page 39]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   credential element management operations outside GSS-API; once
-   resolved, however, the value of such an explicit name will remain
-   constant.
-
-   A caller may provide the value NULL (GSS_C_NO_NAME) for desired_name,
-   which will be interpreted as a request for a credential handle that
-   will invoke default behavior when passed to GSS_Init_sec_context(),
-   if cred_usage is GSS_C_INITIATE or GSS_C_BOTH, or
-   GSS_Accept_sec_context(), if cred_usage is GSS_C_ACCEPT or
-   GSS_C_BOTH.
-
-   The same input desired_name, or default reference, should be used on
-   all GSS_Acquire_cred() and GSS_Add_cred() calls corresponding to a
-   particular credential.
-
-2.1.5:  GSS_Inquire_cred_by_mech call
-
-   Inputs:
-
-   o  cred_handle CREDENTIAL HANDLE -- if GSS_C_NO_CREDENTIAL
-   -- specified, default initiator credentials are queried
-
-   o  mech_type OBJECT IDENTIFIER  -- specific mechanism for
-   -- which credentials are being queried
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  cred_name INTERNAL NAME, -- guaranteed to be MN; caller must
-   -- release with GSS_Release_name()
-
-   o  lifetime_rec_initiate INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   o  lifetime_rec_accept INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   o  cred_usage INTEGER, -- 0=INITIATE-AND-ACCEPT, 1=INITIATE-ONLY,
-   -- 2=ACCEPT-ONLY
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the credentials referenced by the
-   input cred_handle argument were valid, that the mechanism indicated
-   by the input mech_type was represented with elements within those
-
-
-
-Linn                        Standards Track                    [Page 40]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   credentials, and that the output cred_name, lifetime_rec_initiate,
-   lifetime_rec_accept, and cred_usage values represent, respectively,
-   the credentials' associated principal name, remaining lifetimes, and
-   suitable usage modes.
-
-   o  GSS_S_NO_CRED indicates that no information could be returned
-   about the referenced credentials, either because the input
-   cred_handle was invalid or because the caller lacks authorization to
-   access the referenced credentials.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that the referenced
-   credentials are invalid.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the referenced
-   credentials have expired.
-
-   o  GSS_S_BAD_MECH indicates that the referenced credentials do not
-   contain elements for the requested mechanism.
-
-   o  GSS_S_FAILURE indicates that the operation failed for reasons
-   unspecified at the GSS-API level.
-
-   The GSS_Inquire_cred_by_mech() call enables callers in multi-
-   mechanism environments to acquire specific data about available
-   combinations of lifetimes, usage modes, and mechanisms within a
-   credential structure.  The lifetime_rec_initiate result indicates the
-   available lifetime for context initiation purposes; the
-   lifetime_rec_accept result indicates the available lifetime for
-   context acceptance purposes.
-
-2.2:  Context-level calls
-
-   This group of calls is devoted to the establishment and management of
-   security contexts between peers. A context's initiator calls
-   GSS_Init_sec_context(), resulting in generation of a token which the
-   caller passes to the target. At the target, that token is passed to
-   GSS_Accept_sec_context(). Depending on the underlying mech_type and
-   specified options, additional token exchanges may be performed in the
-   course of context establishment; such exchanges are accommodated by
-   GSS_S_CONTINUE_NEEDED status returns from GSS_Init_sec_context() and
-   GSS_Accept_sec_context().
-
-   Either party to an established context may invoke
-   GSS_Delete_sec_context() to flush context information when a context
-   is no longer required. GSS_Process_context_token() is used to process
-   received tokens carrying context-level control information.
-   GSS_Context_time() allows a caller to determine the length of time
-   for which an established context will remain valid.
-
-
-
-Linn                        Standards Track                    [Page 41]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   GSS_Inquire_context() returns status information describing context
-   characteristics. GSS_Wrap_size_limit() allows a caller to determine
-   the size of a token which will be generated by a GSS_Wrap()
-   operation.  GSS_Export_sec_context() and GSS_Import_sec_context()
-   enable transfer of active contexts between processes on an end
-   system.
-
-2.2.1:  GSS_Init_sec_context call
-
-   Inputs:
-
-   o  claimant_cred_handle CREDENTIAL HANDLE, -- NULL specifies "use
-   -- default"
-
-   o  input_context_handle CONTEXT HANDLE, -- 0
-   -- (GSS_C_NO_CONTEXT) specifies "none assigned yet"
-
-   o  targ_name INTERNAL NAME,
-
-   o  mech_type OBJECT IDENTIFIER, -- NULL parameter specifies "use
-   -- default"
-
-   o  deleg_req_flag BOOLEAN,
-
-   o  mutual_req_flag BOOLEAN,
-
-   o  replay_det_req_flag BOOLEAN,
-
-   o  sequence_req_flag BOOLEAN,
-
-   o  anon_req_flag BOOLEAN,
-
-   o  conf_req_flag BOOLEAN,
-
-   o  integ_req_flag BOOLEAN,
-
-   o  lifetime_req INTEGER, -- 0 specifies default lifetime
-
-   o  chan_bindings OCTET STRING,
-
-   o  input_token OCTET STRING -- NULL or token received from target
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 42]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  output_context_handle CONTEXT HANDLE,  -- once returned non-NULL,
-   -- caller must release with GSS_Delete_sec_context()
-
-   o  mech_type OBJECT IDENTIFIER, -- actual mechanism always
-   -- indicated, never NULL; caller should treat as read-only
-   -- and should not attempt to release
-
-   o  output_token OCTET STRING, -- NULL or token to pass to context
-   -- target; caller must release with GSS_Release_buffer()
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  anon_state BOOLEAN,
-
-   o  trans_state BOOLEAN,
-
-   o  prot_ready_state BOOLEAN, -- see Section 1.2.7
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  lifetime_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   This call may block pending network interactions for those mech_types
-   in which an authentication server or other network entity must be
-   consulted on behalf of a context initiator in order to generate an
-   output_token suitable for presentation to a specified target.
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that context-level information was
-   successfully initialized, and that the returned output_token will
-   provide sufficient information for the target to perform per-message
-   processing on the newly-established context.
-
-   o  GSS_S_CONTINUE_NEEDED indicates that control information in the
-   returned output_token must be sent to the target, and that a reply
-   must be received and passed as the input_token argument
-
-
-
-
-
-Linn                        Standards Track                    [Page 43]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   to a continuation call to GSS_Init_sec_context(), before per-message
-   processing can be performed in conjunction with this context (unless
-   the prot_ready_state value is concurrently returned TRUE).
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-   on the input_token failed, preventing further processing from being
-   performed based on that token.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that consistency checks
-   performed on the credential structure referenced by
-   claimant_cred_handle failed, preventing further processing from being
-   performed using that credential structure.
-
-   o  GSS_S_BAD_SIG (GSS_S_BAD_MIC) indicates that the received
-   input_token contains an incorrect integrity check, so context setup
-   cannot be accomplished.
-
-   o  GSS_S_NO_CRED indicates that no context was established, either
-   because the input cred_handle was invalid, because the referenced
-   credentials are valid for context acceptor use only, because the
-   caller lacks authorization to access the referenced credentials, or
-   because the resolution of default credentials failed.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the credentials provided
-   through the input claimant_cred_handle argument are no longer valid,
-   so context establishment cannot be completed.
-
-   o  GSS_S_BAD_BINDINGS indicates that a mismatch between the caller-
-   provided chan_bindings and those extracted from the input_token was
-   detected, signifying a security-relevant event and preventing context
-   establishment. (This result will be returned by
-   GSS_Init_sec_context() only for contexts where mutual_state is TRUE.)
-
-   o  GSS_S_OLD_TOKEN indicates that the input_token is too old to be
-   checked for integrity. This is a fatal error during context
-   establishment.
-
-   o  GSS_S_DUPLICATE_TOKEN indicates that the input token has a correct
-   integrity check, but is a duplicate of a token already processed.
-   This is a fatal error during context establishment.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided; this major status will be
-   returned only for successor calls following GSS_S_CONTINUE_ NEEDED
-   status returns.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 44]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_BAD_NAMETYPE indicates that the provided targ_name is of a
-   type uninterpretable or unsupported by the applicable underlying
-   GSS-API mechanism(s), so context establishment cannot be completed.
-
-   o  GSS_S_BAD_NAME indicates that the provided targ_name is
-   inconsistent in terms of internally-incorporated type specifier
-   information, so context establishment cannot be accomplished.
-
-   o  GSS_S_BAD_MECH indicates receipt of a context establishment token
-   or of a caller request specifying a mechanism unsupported by the
-   local system or with the caller's active credentials
-
-   o  GSS_S_FAILURE indicates that context setup could not be
-   accomplished for reasons unspecified at the GSS-API level, and that
-   no interface-defined recovery action is available.
-
-   This routine is used by a context initiator, and ordinarily emits an
-   output_token suitable for use by the target within the selected
-   mech_type's protocol.  For the case of a multi-step exchange, this
-   output_token will be one in a series, each generated by a successive
-   call. Using information in the credentials structure referenced by
-   claimant_cred_handle, GSS_Init_sec_context() initializes the data
-   structures required to establish a security context with target
-   targ_name.
-
-   The targ_name may be any valid INTERNAL NAME; it need not be an MN.
-   In addition to support for other name types, it is recommended (newly
-   as of GSS-V2, Update 1) that mechanisms be able to accept
-   GSS_C_NO_NAME as an input type for targ_name.  While recommended,
-   such support is not required, and it is recognized that not all
-   mechanisms can construct tokens without explicitly naming the context
-   target, even when mutual authentication of the target is not
-   obtained.  Callers wishing to make use of this facility and concerned
-   with portability should be aware that support for GSS_C_NO_NAME as
-   input targ_name type is unlikely to be provided within mechanism
-   definitions specified prior to GSS-V2, Update 1.
-
-   The claimant_cred_handle must correspond to the same valid
-   credentials structure on the initial call to GSS_Init_sec_context()
-   and on any successor calls resulting from GSS_S_CONTINUE_NEEDED
-   status returns; different protocol sequences modeled by the
-   GSS_S_CONTINUE_NEEDED facility will require access to credentials at
-   different points in the context establishment sequence.
-
-   The caller-provided input_context_handle argument is to be 0
-   (GSS_C_NO_CONTEXT), specifying "not yet assigned", on the first
-   GSS_Init_sec_context()  call relating to a given context. If
-   successful (i.e., if accompanied by major_status GSS_S_COMPLETE or
-
-
-
-Linn                        Standards Track                    [Page 45]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   GSS_S_CONTINUE_NEEDED), and only if successful, the initial
-   GSS_Init_sec_context() call returns a non-zero output_context_handle
-   for use in future references to this context.  Once a non-zero
-   output_context_handle has been returned, GSS-API callers should call
-   GSS_Delete_sec_context() to release context-related resources if
-   errors occur in later phases of context establishment, or when an
-   established context is no longer required. If GSS_Init_sec_context()
-   is passed the handle of a context which is already fully established,
-   GSS_S_FAILURE status is returned.
-
-   When continuation attempts to GSS_Init_sec_context() are needed to
-   perform context establishment, the previously-returned non-zero
-   handle value is entered into the input_context_handle argument and
-   will be echoed in the returned output_context_handle argument. On
-   such continuation attempts (and only on continuation attempts) the
-   input_token value is used, to provide the token returned from the
-   context's target.
-
-   The chan_bindings argument is used by the caller to provide
-   information binding the security context to security-related
-   characteristics (e.g., addresses, cryptographic keys) of the
-   underlying communications channel. See Section 1.1.6 of this document
-   for more discussion of this argument's usage.
-
-   The input_token argument contains a message received from the target,
-   and is significant only on a call to GSS_Init_sec_context() which
-   follows a previous return indicating GSS_S_CONTINUE_NEEDED
-   major_status.
-
-   It is the caller's responsibility to establish a communications path
-   to the target, and to transmit any returned output_token (independent
-   of the accompanying returned major_status value) to the target over
-   that path. The output_token can, however, be transmitted along with
-   the first application-provided input message to be processed by
-   GSS_GetMIC() or GSS_Wrap() in conjunction with a successfully-
-   established context. (Note: when the GSS-V2 prot_ready_state
-   indicator is returned TRUE, it can be possible to transfer a
-   protected message before context establishment is complete:  see also
-   Section 1.2.7)
-
-   The initiator may request various context-level functions through
-   input flags: the deleg_req_flag requests delegation of access rights,
-   the mutual_req_flag requests mutual authentication, the
-   replay_det_req_flag requests that replay detection features be
-   applied to messages transferred on the established context, and the
-   sequence_req_flag requests that sequencing be enforced. (See Section
-
-
-
-
-
-Linn                        Standards Track                    [Page 46]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   1.2.3 for more information on replay detection and sequencing
-   features.)  The anon_req_flag requests that the initiator's identity
-   not be transferred within tokens to be sent to the acceptor.
-
-   The conf_req_flag and integ_req_flag provide informatory inputs to
-   the GSS-API implementation as to whether, respectively, per-message
-   confidentiality and per-message integrity services will be required
-   on the context.  This information is important as an input to
-   negotiating mechanisms.  It is important to recognize, however, that
-   the inclusion of these flags (which are newly defined for GSS-V2)
-   introduces a backward incompatibility with callers implemented to
-   GSS-V1, where the flags were not defined.  Since no GSS-V1 callers
-   would set these flags, even if per-message services are desired,
-   GSS-V2 mechanism implementations which enable such services
-   selectively based on the flags' values may fail to provide them to
-   contexts established for GSS-V1 callers.  It may be appropriate under
-   certain circumstances, therefore, for such mechanism implementations
-   to infer these service request flags to be set if a caller is known
-   to be implemented to GSS-V1.
-
-   Not all of the optionally-requestable features will be available in
-   all underlying mech_types. The corresponding return state values
-   deleg_state, mutual_state, replay_det_state, and sequence_state
-   indicate, as a function of mech_type processing capabilities and
-   initiator-provided input flags, the set of features which will be
-   active on the context.  The returned trans_state value indicates
-   whether the context is transferable to other processes through use of
-   GSS_Export_sec_context().  These state indicators' values are
-   undefined unless either the routine's major_status indicates
-   GSS_S_COMPLETE, or TRUE prot_ready_state is returned along with
-   GSS_S_CONTINUE_NEEDED major_status; for the latter case, it is
-   possible that additional features, not confirmed or indicated along
-   with TRUE prot_ready_state, will be confirmed and indicated when
-   GSS_S_COMPLETE is subsequently returned.
-
-   The returned anon_state and prot_ready_state values are significant
-   for both GSS_S_COMPLETE and GSS_S_CONTINUE_NEEDED major_status
-   returns from GSS_Init_sec_context(). When anon_state is returned
-   TRUE, this indicates that neither the current token nor its
-   predecessors delivers or has delivered the initiator's identity.
-   Callers wishing to perform context establishment only if anonymity
-   support is provided should transfer a returned token from
-   GSS_Init_sec_context() to the peer only if it is accompanied by a
-   TRUE anon_state indicator.  When prot_ready_state is returned TRUE in
-   conjunction with GSS_S_CONTINUE_NEEDED major_status, this indicates
-   that per-message protection operations may be applied on the context:
-   see Section 1.2.7 for further discussion of this facility.
-
-
-
-
-Linn                        Standards Track                    [Page 47]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Failure to provide the precise set of features requested by the
-   caller does not cause context establishment to fail; it is the
-   caller's prerogative to delete the context if the feature set
-   provided is unsuitable for the caller's use.
-
-   The returned mech_type value indicates the specific mechanism
-   employed on the context; it will never indicate the value for
-   "default".  A valid mech_type result must be returned along with a
-   GSS_S_COMPLETE status return; GSS-API implementations may (but are
-   not required to) also return mech_type along with predecessor calls
-   indicating GSS_S_CONTINUE_NEEDED status or (if a mechanism is
-   determinable) in conjunction with fatal error cases.  For the case of
-   mechanisms which themselves perform negotiation, the returned
-   mech_type result may indicate selection of a mechanism identified by
-   an OID different than that passed in the input mech_type argument,
-   and the returned value may change between successive calls returning
-   GSS_S_CONTINUE_NEEDED and the final call returning GSS_S_COMPLETE.
-
-   The conf_avail return value indicates whether the context supports
-   per-message confidentiality services, and so informs the caller
-   whether or not a request for encryption through the conf_req_flag
-   input to GSS_Wrap() can be honored. In similar fashion, the
-   integ_avail return value indicates whether per-message integrity
-   services are available (through either GSS_GetMIC() or GSS_Wrap()) on
-   the established context. These state indicators' values are undefined
-   unless either the routine's major_status indicates GSS_S_COMPLETE, or
-   TRUE prot_ready_state is returned along with GSS_S_CONTINUE_NEEDED
-   major_status.
-
-   The lifetime_req input specifies a desired upper bound for the
-   lifetime of the context to be established, with a value of 0 used to
-   request a default lifetime. The lifetime_rec return value indicates
-   the length of time for which the context will be valid, expressed as
-   an offset from the present; depending on mechanism capabilities,
-   credential lifetimes, and local policy, it may not correspond to the
-   value requested in lifetime_req.  If no constraints on context
-   lifetime are imposed, this may be indicated by returning a reserved
-   value representing INDEFINITE lifetime_req. The value of lifetime_rec
-   is undefined unless the routine's major_status indicates
-   GSS_S_COMPLETE.
-
-   If the mutual_state is TRUE, this fact will be reflected within the
-   output_token. A call to GSS_Accept_sec_context() at the target in
-   conjunction with such a context will return a token, to be processed
-   by a continuation call to GSS_Init_sec_context(), in order to achieve
-   mutual authentication.
-
-
-
-
-
-Linn                        Standards Track                    [Page 48]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-2.2.2:  GSS_Accept_sec_context call
-
-   Inputs:
-
-   o  acceptor_cred_handle CREDENTIAL HANDLE, -- NULL specifies
-   -- "use default"
-
-   o  input_context_handle CONTEXT HANDLE, -- 0
-   -- (GSS_C_NO_CONTEXT) specifies "not yet assigned"
-
-   o  chan_bindings OCTET STRING,
-
-   o  input_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  src_name INTERNAL NAME, -- guaranteed to be MN
-   -- once returned, caller must release with GSS_Release_name()
-
-   o  mech_type OBJECT IDENTIFIER, -- caller should treat as
-   -- read-only; does not need to be released
-
-   o  output_context_handle CONTEXT HANDLE, -- once returned
-   -- non-NULL in context establishment sequence, caller
-   -- must release with GSS_Delete_sec_context()
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  anon_state BOOLEAN,
-
-   o  trans_state BOOLEAN,
-
-   o  prot_ready_state BOOLEAN, -- see Section 1.2.7 for discussion
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-
-
-
-Linn                        Standards Track                    [Page 49]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  lifetime_rec INTEGER, -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   o  delegated_cred_handle CREDENTIAL HANDLE, -- if returned non-NULL,
-   -- caller must release with GSS_Release_cred()
-
-   o  output_token OCTET STRING -- NULL or token to pass to context
-   -- initiator; if returned non-NULL, caller must release with
-   -- GSS_Release_buffer()
-
-   This call may block pending network interactions for those mech_types
-   in which a directory service or other network entity must be
-   consulted on behalf of a context acceptor in order to validate a
-   received input_token.
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that context-level data structures were
-   successfully initialized, and that per-message processing can now be
-   performed in conjunction with this context.
-
-   o  GSS_S_CONTINUE_NEEDED indicates that control information in the
-   returned output_token must be sent to the initiator, and that a
-   response must be received and passed as the input_token argument to a
-   continuation call to GSS_Accept_sec_context(), before per-message
-   processing can be performed in conjunction with this context.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-   on the input_token failed, preventing further processing from being
-   performed based on that token.
-
-   o  GSS_S_DEFECTIVE_CREDENTIAL indicates that consistency checks
-   performed on the credential structure referenced by
-   acceptor_cred_handle failed, preventing further processing from being
-   performed using that credential structure.
-
-   o  GSS_S_BAD_SIG (GSS_S_BAD_MIC) indicates that the received
-   input_token contains an incorrect integrity check, so context setup
-   cannot be accomplished.
-
-   o  GSS_S_DUPLICATE_TOKEN indicates that the integrity check on the
-   received input_token was correct, but that the input_token was
-   recognized as a duplicate of an input_token already processed. No new
-   context is established.
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 50]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_OLD_TOKEN indicates that the integrity check on the received
-   input_token was correct, but that the input_token is too old to be
-   checked for duplication against previously-processed input_tokens. No
-   new context is established.
-
-   o  GSS_S_NO_CRED indicates that no context was established, either
-   because the input cred_handle was invalid, because the referenced
-   credentials are valid for context initiator use only, because the
-   caller lacks authorization to access the referenced credentials, or
-   because the procedure for default credential resolution failed.
-
-   o  GSS_S_CREDENTIALS_EXPIRED indicates that the credentials provided
-   through the input acceptor_cred_handle argument are no longer valid,
-   so context establishment cannot be completed.
-
-   o  GSS_S_BAD_BINDINGS indicates that a mismatch between the caller-
-   provided chan_bindings and those extracted from the input_token was
-   detected, signifying a security-relevant event and preventing context
-   establishment.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided; this major status will be
-   returned only for successor calls following GSS_S_CONTINUE_ NEEDED
-   status returns.
-
-   o  GSS_S_BAD_MECH indicates receipt of a context establishment token
-   specifying a mechanism unsupported by the local system or with the
-   caller's active credentials.
-
-   o  GSS_S_FAILURE indicates that context setup could not be
-   accomplished for reasons unspecified at the GSS-API level, and that
-   no interface-defined recovery action is available.
-
-   The GSS_Accept_sec_context() routine is used by a context target.
-   Using information in the credentials structure referenced by the
-   input acceptor_cred_handle, it verifies the incoming input_token and
-   (following the successful completion of a context establishment
-   sequence) returns the authenticated src_name and the mech_type used.
-   The returned src_name is guaranteed to be an MN, processed by the
-   mechanism under which the context was established. The
-   acceptor_cred_handle must correspond to the same valid credentials
-   structure on the initial call to GSS_Accept_sec_context() and on any
-   successor calls resulting from GSS_S_CONTINUE_NEEDED status returns;
-   different protocol sequences modeled by the GSS_S_CONTINUE_NEEDED
-   mechanism will require access to credentials at different points in
-   the context establishment sequence.
-
-
-
-
-
-Linn                        Standards Track                    [Page 51]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   The caller-provided input_context_handle argument is to be 0
-   (GSS_C_NO_CONTEXT), specifying "not yet assigned", on the first
-   GSS_Accept_sec_context() call relating to a given context. If
-   successful (i.e., if accompanied by major_status GSS_S_COMPLETE or
-   GSS_S_CONTINUE_NEEDED), and only if successful, the initial
-   GSS_Accept_sec_context() call returns a non-zero
-   output_context_handle for use in future references to this context.
-   Once a non-zero output_context_handle has been returned, GSS-API
-   callers should call GSS_Delete_sec_context() to release context-
-   related resources if errors occur in later phases of context
-   establishment, or when an established context is no longer required.
-   If GSS_Accept_sec_context() is passed the handle of a context which
-   is already fully established, GSS_S_FAILURE status is returned.
-
-   The chan_bindings argument is used by the caller to provide
-   information binding the security context to security-related
-   characteristics (e.g., addresses, cryptographic keys) of the
-   underlying communications channel. See Section 1.1.6 of this document
-   for more discussion of this argument's usage.
-
-   The returned state results (deleg_state, mutual_state,
-   replay_det_state, sequence_state, anon_state, trans_state, and
-   prot_ready_state) reflect the same information as described for
-   GSS_Init_sec_context(), and their values are significant under the
-   same return state conditions.
-
-   The conf_avail return value indicates whether the context supports
-   per-message confidentiality services, and so informs the caller
-   whether or not a request for encryption through the conf_req_flag
-   input to GSS_Wrap() can be honored. In similar fashion, the
-   integ_avail return value indicates whether per-message integrity
-   services are available (through either GSS_GetMIC()  or GSS_Wrap())
-   on the established context.  These values are significant under the
-   same return state conditions as described under
-   GSS_Init_sec_context().
-
-   The lifetime_rec return value is significant only in conjunction with
-   GSS_S_COMPLETE major_status, and indicates the length of time for
-   which the context will be valid, expressed as an offset from the
-   present.
-
-   The returned mech_type value indicates the specific mechanism
-   employed on the context; it will never indicate the value for
-   "default".  A valid mech_type result must be returned whenever
-   GSS_S_COMPLETE status is indicated; GSS-API implementations may (but
-   are not required to) also return mech_type along with predecessor
-   calls indicating GSS_S_CONTINUE_NEEDED status or (if a mechanism is
-   determinable) in conjunction with fatal error cases.  For the case of
-
-
-
-Linn                        Standards Track                    [Page 52]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   mechanisms which themselves perform negotiation, the returned
-   mech_type result may indicate selection of a mechanism identified by
-   an OID different than that passed in the input mech_type argument,
-   and the returned value may change between successive calls returning
-   GSS_S_CONTINUE_NEEDED and the final call returning GSS_S_COMPLETE.
-
-   The delegated_cred_handle result is significant only when deleg_state
-   is TRUE, and provides a means for the target to reference the
-   delegated credentials. The output_token result, when non-NULL,
-   provides a context-level token to be returned to the context
-   initiator to continue a multi-step context establishment sequence. As
-   noted with GSS_Init_sec_context(), any returned token should be
-   transferred to the context's peer (in this case, the context
-   initiator), independent of the value of the accompanying returned
-   major_status.
-
-   Note: A target must be able to distinguish a context-level
-   input_token, which is passed to GSS_Accept_sec_context(), from the
-   per-message data elements passed to GSS_VerifyMIC()  or GSS_Unwrap().
-   These data elements may arrive in a single application message, and
-   GSS_Accept_sec_context() must be performed before per-message
-   processing can be performed successfully.
-
-2.2.3: GSS_Delete_sec_context call
-
-   Input:
-
-   o  context_handle CONTEXT HANDLE
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_context_token OCTET STRING
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the context was recognized, and that
-   relevant context-specific information was flushed.  If the caller
-   provides a non-null buffer to receive an output_context_token, and
-   the mechanism returns a non-NULL token into that buffer, the returned
-   output_context_token is ready for transfer to the context's peer.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided, so no deletion was performed.
-
-
-
-
-Linn                        Standards Track                    [Page 53]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but that
-   the GSS_Delete_sec_context() operation could not be performed for
-   reasons unspecified at the GSS-API level.
-
-   This call can be made by either peer in a security context, to flush
-   context-specific information. Once a non-zero output_context_handle
-   has been returned by context establishment calls, GSS-API callers
-   should call GSS_Delete_sec_context() to release context-related
-   resources if errors occur in later phases of context establishment,
-   or when an established context is no longer required.  This call may
-   block pending network interactions for mech_types in which active
-   notification must be made to a central server when a security context
-   is to be deleted.
-
-   If a non-null output_context_token parameter is provided by the
-   caller, an output_context_token may be returned to the caller.  If an
-   output_context_token is provided to the caller, it can be passed to
-   the context's peer to inform the peer's GSS-API implementation that
-   the peer's corresponding context information can also be flushed.
-   (Once a context is established, the peers involved are expected to
-   retain cached credential and context-related information until the
-   information's expiration time is reached or until a
-   GSS_Delete_sec_context() call is made.)
-
-   The facility for context_token usage to signal context deletion is
-   retained for compatibility with GSS-API Version 1.  For current
-   usage, it is recommended that both peers to a context invoke
-   GSS_Delete_sec_context() independently, passing a null
-   output_context_token buffer to indicate that no context_token is
-   required.  Implementations of GSS_Delete_sec_context() should delete
-   relevant locally-stored context information.
-
-   Attempts to perform per-message processing on a deleted context will
-   result in error returns.
-
-2.2.4:  GSS_Process_context_token call
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  input_context_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-Linn                        Standards Track                    [Page 54]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the input_context_token was
-   successfully processed in conjunction with the context referenced by
-   context_handle.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-   on the received context_token failed, preventing further processing
-   from being performed with that token.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but that
-   the GSS_Process_context_token() operation could not be performed for
-   reasons unspecified at the GSS-API level.
-
-   This call is used to process context_tokens received from a peer once
-   a context has been established, with corresponding impact on
-   context-level state information. One use for this facility is
-   processing of the context_tokens generated by
-   GSS_Delete_sec_context(); GSS_Process_context_token() will not block
-   pending network interactions for that purpose. Another use is to
-   process tokens indicating remote-peer context establishment failures
-   after the point where the local GSS-API implementation has already
-   indicated GSS_S_COMPLETE status.
-
-2.2.5:  GSS_Context_time call
-
-   Input:
-
-   o  context_handle CONTEXT HANDLE,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  lifetime_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the referenced context is valid, and
-   will remain valid for the amount of time indicated in lifetime_rec.
-
-
-
-
-
-Linn                        Standards Track                    [Page 55]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that data items related to the
-   referenced context have expired.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level.
-
-   This call is used to determine the amount of time for which a
-   currently established context will remain valid.
-
-2.2.6: GSS_Inquire_context call
-
-   Input:
-
-   o  context_handle CONTEXT HANDLE,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  src_name INTERNAL NAME,  -- name of context initiator,
-   -- guaranteed to be MN;
-   -- caller must release with GSS_Release_name() if returned
-
-   o  targ_name INTERNAL NAME,  -- name of context target,
-   -- guaranteed to be MN;
-   -- caller must release with GSS_Release_name() if returned
-
-   o  lifetime_rec INTEGER -- in seconds, or reserved value for
-   -- INDEFINITE or EXPIRED
-
-   o  mech_type OBJECT IDENTIFIER, -- the mechanism supporting this
-   -- security context; caller should treat as read-only and not
-   -- attempt to release
-
-   o  deleg_state BOOLEAN,
-
-   o  mutual_state BOOLEAN,
-
-   o  replay_det_state BOOLEAN,
-
-   o  sequence_state BOOLEAN,
-
-   o  anon_state BOOLEAN,
-
-
-
-Linn                        Standards Track                    [Page 56]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  trans_state BOOLEAN,
-
-   o  prot_ready_state BOOLEAN,
-
-   o  conf_avail BOOLEAN,
-
-   o  integ_avail BOOLEAN,
-
-   o  locally_initiated BOOLEAN, -- TRUE if initiator, FALSE if acceptor
-
-   o  open BOOLEAN, -- TRUE if context fully established, FALSE
-   -- if partly established (in CONTINUE_NEEDED state)
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the referenced context is valid and
-   that deleg_state, mutual_state, replay_det_state, sequence_state,
-   anon_state, trans_state, prot_ready_state, conf_avail, integ_avail,
-   locally_initiated, and open return values describe the corresponding
-   characteristics of the context.  If open is TRUE, lifetime_rec is
-   also returned: if open is TRUE and the context peer's name is known,
-   src_name and targ_name are valid in addition to the values listed
-   above.  The mech_type value must be returned for contexts where open
-   is TRUE and may be returned for contexts where open is FALSE.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided. Return values other than
-   major_status and minor_status are undefined.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call is used to extract information describing characteristics
-   of a security context.  Note that GSS-API implementations are
-   expected to retain inquirable context data on a context until the
-   context is released by a caller, even after the context has expired,
-   although underlying cryptographic data elements may be deleted after
-   expiration in order to limit their exposure.
-
-2.2.7:   GSS_Wrap_size_limit call
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  conf_req_flag BOOLEAN,
-
-
-
-
-Linn                        Standards Track                    [Page 57]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  qop INTEGER,
-
-   o  output_size INTEGER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  max_input_size INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates a successful token size determination:
-   an input message with a length in octets equal to the returned
-   max_input_size value will, when passed to GSS_Wrap() for processing
-   on the context identified by the context_handle parameter with the
-   confidentiality request state as provided in conf_req_flag and with
-   the quality of protection specifier provided in the qop parameter,
-   yield an output token no larger than the value of the provided
-   output_size parameter.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that the provided input
-   context_handle is recognized, but that the referenced context has
-   expired.  Return values other than major_status and minor_status are
-   undefined.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided. Return values other than
-   major_status and minor_status are undefined.
-
-   o  GSS_S_BAD_QOP indicates that the provided QOP value is not
-   recognized or supported for the context.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call is used to determine the largest input datum which may be
-   passed to GSS_Wrap() without yielding an output token larger than a
-   caller-specified value.
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 58]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-2.2.8:   GSS_Export_sec_context call
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  interprocess_token OCTET STRING  -- caller must release
-   -- with GSS_Release_buffer()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the referenced context has been
-   successfully exported to a representation in the interprocess_token,
-   and is no longer available for use by the caller.
-
-   o  GSS_S_UNAVAILABLE indicates that the context export facility is
-   not available for use on the referenced context.  (This status should
-   occur only for contexts for which the trans_state value is FALSE.)
-   Return values other than major_status and minor_status are undefined.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that the provided input
-   context_handle is recognized, but that the referenced context has
-   expired.  Return values other than major_status and minor_status are
-   undefined.
-
-   o  GSS_S_NO_CONTEXT indicates that no valid context was recognized
-   for the input context_handle provided. Return values other than
-   major_status and minor_status are undefined.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call generates an interprocess token for transfer to another
-   process within an end system, in order to transfer control of a
-   security context to that process.  The recipient of the interprocess
-   token will call GSS_Import_sec_context() to accept the transfer.  The
-   GSS_Export_sec_context() operation is defined for use only with
-   security contexts which are fully and successfully established (i.e.,
-   those for which GSS_Init_sec_context() and GSS_Accept_sec_context()
-   have returned GSS_S_COMPLETE major_status).
-
-
-
-
-Linn                        Standards Track                    [Page 59]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   A successful GSS_Export_sec_context() operation deactivates the
-   security context for the calling process; for this case, the GSS-API
-   implementation shall deallocate all process-wide resources associated
-   with the security context and shall set the context_handle to
-   GSS_C_NO_CONTEXT.  In the event of an error that makes it impossible
-   to complete export of the security context, the GSS-API
-   implementation must not return an interprocess token and should
-   strive to leave the security context referenced by the context_handle
-   untouched.  If this is impossible, it is permissible for the
-   implementation to delete the security context, provided that it also
-   sets the context_handle parameter to GSS_C_NO_CONTEXT.
-
-   Portable callers must not assume that a given interprocess token can
-   be imported by GSS_Import_sec_context() more than once, thereby
-   creating multiple instantiations of a single context.  GSS-API
-   implementations may detect and reject attempted multiple imports, but
-   are not required to do so.
-
-   The internal representation contained within the interprocess token
-   is an implementation-defined local matter.  Interprocess tokens
-   cannot be assumed to be transferable across different GSS-API
-   implementations.
-
-   It is recommended that GSS-API implementations adopt policies suited
-   to their operational environments in order to define the set of
-   processes eligible to import a context, but specific constraints in
-   this area are local matters.  Candidate examples include transfers
-   between processes operating on behalf of the same user identity, or
-   processes comprising a common job.  However, it may be impossible to
-   enforce such policies in some implementations.
-
-   In support of the above goals, implementations may protect the
-   transferred context data by using cryptography to protect data within
-   the interprocess token, or by using interprocess tokens as a means to
-   reference local interprocess communication facilities (protected by
-   other means) rather than storing the context data directly within the
-   tokens.
-
-   Transfer of an open context may, for certain mechanisms and
-   implementations, reveal data about the credential which was used to
-   establish the context.  Callers should, therefore, be cautious about
-   the trustworthiness of processes to which they transfer contexts.
-   Although the GSS-API implementation may provide its own set of
-   protections over the exported context, the caller is responsible for
-   protecting the interprocess token from disclosure, and for taking
-   care that the context is transferred to an appropriate destination
-   process.
-
-
-
-
-Linn                        Standards Track                    [Page 60]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-2.2.9:   GSS_Import_sec_context call
-
-   Inputs:
-
-   o  interprocess_token OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  context_handle CONTEXT HANDLE  -- if successfully returned,
-   -- caller must release with GSS_Delete_sec_context()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the context represented by the input
-   interprocess_token has been successfully transferred to the caller,
-   and is available for future use via the output context_handle.
-
-   o  GSS_S_NO_CONTEXT indicates that the context represented by the
-   input interprocess_token was invalid. Return values other than
-   major_status and minor_status are undefined.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that the input interprocess_token
-   was defective.  Return values other than major_status and
-   minor_status are undefined.
-
-   o  GSS_S_UNAVAILABLE indicates that the context import facility is
-   not available for use on the referenced context.  Return values other
-   than major_status and minor_status are undefined.
-
-   o  GSS_S_UNAUTHORIZED indicates that the context represented by the
-   input interprocess_token is unauthorized for transfer to the caller.
-   Return values other than major_status and minor_status are undefined.
-
-   o  GSS_S_FAILURE indicates that the requested operation failed for
-   reasons unspecified at the GSS-API level. Return values other than
-   major_status and minor_status are undefined.
-
-   This call processes an interprocess token generated by
-   GSS_Export_sec_context(), making the transferred context available
-   for use by the caller.  After a successful GSS_Import_sec_context()
-   operation, the imported context is available for use by the importing
-   process. In particular, the imported context is usable for all per-
-   message operations and may be deleted or exported by its importer.
-   The inability to receive delegated credentials through
-
-
-
-Linn                        Standards Track                    [Page 61]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   gss_import_sec_context() precludes establishment of new contexts
-   based on information delegated to the importer's end system within
-   the context which is being imported, unless those delegated
-   credentials are obtained through separate routines (e.g., XGSS-API
-   calls) outside the GSS-V2 definition.
-
-   For further discussion of the security and authorization issues
-   regarding this call, please see the discussion in Section 2.2.8.
-
-2.3:  Per-message calls
-
-   This group of calls is used to perform per-message protection
-   processing on an established security context. None of these calls
-   block pending network interactions. These calls may be invoked by a
-   context's initiator or by the context's target.  The four members of
-   this group should be considered as two pairs; the output from
-   GSS_GetMIC() is properly input to GSS_VerifyMIC(), and the output
-   from GSS_Wrap() is properly input to GSS_Unwrap().
-
-   GSS_GetMIC() and GSS_VerifyMIC() support data origin authentication
-   and data integrity services. When GSS_GetMIC() is invoked on an input
-   message, it yields a per-message token containing data items which
-   allow underlying mechanisms to provide the specified security
-   services. The original message, along with the generated per-message
-   token, is passed to the remote peer; these two data elements are
-   processed by GSS_VerifyMIC(), which validates the message in
-   conjunction with the separate token.
-
-   GSS_Wrap() and GSS_Unwrap() support caller-requested confidentiality
-   in addition to the data origin authentication and data integrity
-   services offered by GSS_GetMIC() and GSS_VerifyMIC(). GSS_Wrap()
-   outputs a single data element, encapsulating optionally enciphered
-   user data as well as associated token data items.  The data element
-   output from GSS_Wrap() is passed to the remote peer and processed by
-   GSS_Unwrap() at that system. GSS_Unwrap() combines decipherment (as
-   required) with validation of data items related to authentication and
-   integrity.
-
-   Although zero-length tokens are never returned by GSS calls for
-   transfer to a context's peer, a zero-length object may be passed by a
-   caller into GSS_Wrap(), in which case the corresponding peer calling
-   GSS_Unwrap() on the transferred token will receive a zero-length
-   object as output from GSS_Unwrap().  Similarly, GSS_GetMIC() can be
-   called on an empty object, yielding a MIC which GSS_VerifyMIC() will
-   successfully verify against the active security context in
-   conjunction with a zero-length object.
-
-
-
-
-
-Linn                        Standards Track                    [Page 62]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-2.3.1:  GSS_GetMIC call
-
-   Note: This call is functionally equivalent to the GSS_Sign call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Sign are deprecated.
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  qop_req INTEGER, -- 0 specifies default QOP
-
-   o  message OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  per_msg_token OCTET STRING  -- caller must release
-   -- with GSS_Release_buffer()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that an integrity check, suitable for an
-   established security context, was successfully applied and that the
-   message and corresponding per_msg_token are ready for transmission.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data items
-   have expired, so that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no context was recognized for the
-   input context_handle provided.
-
-   o  GSS_S_BAD_QOP indicates that the provided QOP value is not
-   recognized or supported for the context.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but that
-   the requested operation could not be performed for reasons
-   unspecified at the GSS-API level.
-
-   Using the security context referenced by context_handle, apply an
-   integrity check to the input message (along with timestamps and/or
-   other data included in support of mech_type-specific mechanisms) and
-   (if GSS_S_COMPLETE status is indicated) return the result in
-
-
-
-Linn                        Standards Track                    [Page 63]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   per_msg_token. The qop_req parameter, interpretation of which is
-   discussed in Section 1.2.4, allows quality-of-protection control. The
-   caller passes the message and the per_msg_token to the target.
-
-   The GSS_GetMIC() function completes before the message and
-   per_msg_token is sent to the peer; successful application of
-   GSS_GetMIC() does not guarantee that a corresponding GSS_VerifyMIC()
-   has been (or can necessarily be) performed successfully when the
-   message arrives at the destination.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.3.2:  GSS_VerifyMIC call
-
-   Note: This call is functionally equivalent to the GSS_Verify call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Verify are deprecated.
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  message OCTET STRING,
-
-   o  per_msg_token OCTET STRING
-
-   Outputs:
-
-   o  qop_state INTEGER,
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the message was successfully
-   verified.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-   on the received per_msg_token failed, preventing further processing
-   from being performed with that token.
-
-   o  GSS_S_BAD_SIG (GSS_S_BAD_MIC) indicates that the received
-   per_msg_token contains an incorrect integrity check for the message.
-
-
-
-Linn                        Standards Track                    [Page 64]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN, GSS_S_UNSEQ_TOKEN, and
-   GSS_S_GAP_TOKEN values appear in conjunction with the optional per-
-   message replay detection features described in Section 1.2.3; their
-   semantics are described in that section.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data items
-   have expired, so that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no context was recognized for the
-   input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but that
-   the GSS_VerifyMIC() operation could not be performed for reasons
-   unspecified at the GSS-API level.
-
-   Using the security context referenced by context_handle, verify that
-   the input per_msg_token contains an appropriate integrity check for
-   the input message, and apply any active replay detection or
-   sequencing features. Returns an indication of the quality-of-
-   protection applied to the processed message in the qop_state result.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.3.3: GSS_Wrap call
-
-   Note: This call is functionally equivalent to the GSS_Seal call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Seal are deprecated.
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  conf_req_flag BOOLEAN,
-
-   o  qop_req INTEGER, -- 0 specifies default QOP
-
-   o  input_message OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 65]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  conf_state BOOLEAN,
-
-   o  output_message OCTET STRING  -- caller must release with
-   -- GSS_Release_buffer()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the input_message was successfully
-   processed and that the output_message is ready for transmission.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data items
-   have expired, so that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no context was recognized for the
-   input context_handle provided.
-
-   o  GSS_S_BAD_QOP indicates that the provided QOP value is not
-   recognized or supported for the context.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but that
-   the GSS_Wrap() operation could not be performed for reasons
-   unspecified at the GSS-API level.
-
-   Performs the data origin authentication and data integrity functions
-   of GSS_GetMIC().  If the input conf_req_flag is TRUE, requests that
-   confidentiality be applied to the input_message.  Confidentiality may
-   not be supported in all mech_types or by all implementations; the
-   returned conf_state flag indicates whether confidentiality was
-   provided for the input_message. The qop_req parameter, interpretation
-   of which is discussed in Section 1.2.4, allows quality-of-protection
-   control.
-
-   When GSS_S_COMPLETE status is returned, the GSS_Wrap() call yields a
-   single output_message data element containing (optionally enciphered)
-   user data as well as control information.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.3.4: GSS_Unwrap call
-
-   Note: This call is functionally equivalent to the GSS_Unseal call as
-   defined in previous versions of this specification. In the interests
-   of backward compatibility, it is recommended that implementations
-   support this function under both names for the present; future
-   references to this function as GSS_Unseal are deprecated.
-
-
-
-
-
-Linn                        Standards Track                    [Page 66]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Inputs:
-
-   o  context_handle CONTEXT HANDLE,
-
-   o  input_message OCTET STRING
-
-   Outputs:
-
-   o  conf_state BOOLEAN,
-
-   o  qop_state INTEGER,
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_message OCTET STRING  -- caller must release with
-   -- GSS_Release_buffer()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the input_message was successfully
-   processed and that the resulting output_message is available.
-
-   o  GSS_S_DEFECTIVE_TOKEN indicates that consistency checks performed
-   on the per_msg_token extracted from the input_message failed,
-   preventing further processing from being performed.
-
-   o  GSS_S_BAD_SIG (GSS_S_BAD_MIC) indicates that an incorrect
-   integrity check was detected for the message.
-
-   o  GSS_S_DUPLICATE_TOKEN, GSS_S_OLD_TOKEN, GSS_S_UNSEQ_TOKEN, and
-   GSS_S_GAP_TOKEN values appear in conjunction with the optional per-
-   message replay detection features described in Section 1.2.3; their
-   semantics are described in that section.
-
-   o  GSS_S_CONTEXT_EXPIRED indicates that context-related data items
-   have expired, so that the requested operation cannot be performed.
-
-   o  GSS_S_NO_CONTEXT indicates that no context was recognized for the
-   input context_handle provided.
-
-   o  GSS_S_FAILURE indicates that the context is recognized, but that
-   the GSS_Unwrap() operation could not be performed for reasons
-   unspecified at the GSS-API level.
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 67]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Processes a data element generated (and optionally enciphered) by
-   GSS_Wrap(), provided as input_message. The returned conf_state value
-   indicates whether confidentiality was applied to the input_message.
-   If conf_state is TRUE, GSS_Unwrap() has deciphered the input_message.
-   Returns an indication of the quality-of-protection applied to the
-   processed message in the qop_state result. GSS_Unwrap() performs the
-   data integrity and data origin authentication checking functions of
-   GSS_VerifyMIC() on the plaintext data. Plaintext data is returned in
-   output_message.
-
-   Mechanisms which do not support per-message protection services
-   should return GSS_S_FAILURE if this routine is called.
-
-2.4:  Support calls
-
-   This group of calls provides support functions useful to GSS-API
-   callers, independent of the state of established contexts. Their
-   characterization with regard to blocking or non-blocking status in
-   terms of network interactions is unspecified.
-
-2.4.1:  GSS_Display_status call
-
-   Inputs:
-
-   o  status_value INTEGER, -- GSS-API major_status or minor_status
-   -- return value
-
-   o  status_type INTEGER, -- 1 if major_status, 2 if minor_status
-
-   o  mech_type OBJECT IDENTIFIER -- mech_type to be used for
-   -- minor_status translation
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  status_string_set SET OF OCTET STRING  -- required calls for
-   -- release by caller are specific to language bindings
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a valid printable status
-   representation (possibly representing more than one status event
-   encoded within the status_value) is available in the returned
-   status_string_set.
-
-
-
-
-Linn                        Standards Track                    [Page 68]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_BAD_MECH indicates that translation in accordance with an
-   unsupported mech_type was requested, so translation could not be
-   performed.
-
-   o  GSS_S_BAD_STATUS indicates that the input status_value was
-   invalid, or that the input status_type carried a value other than 1
-   or 2, so translation could not be performed.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Provides a means for callers to translate GSS-API-returned major and
-   minor status codes into printable string representations.  Note: some
-   language bindings may employ an iterative approach in order to emit
-   successive status components; this approach is acceptable but not
-   required for conformance with the current specification.
-
-   Although not contemplated in [RFC-2078], it has been observed that
-   some existing GSS-API implementations return GSS_S_CONTINUE_NEEDED
-   status when iterating through successive messages returned from
-   GSS_Display_status(). This behavior is deprecated;
-   GSS_S_CONTINUE_NEEDED should be returned only by
-   GSS_Init_sec_context() and GSS_Accept_sec_context().  For maximal
-   portability, however, it is recommended that defensive callers be
-   able to accept and ignore GSS_S_CONTINUE_NEEDED status if indicated
-   by GSS_Display_status() or any other call other than
-   GSS_Init_sec_context() or GSS_Accept_sec_context().
-
-2.4.2:  GSS_Indicate_mechs call
-
-   Input:
-
-   o  (none)
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  mech_set SET OF OBJECT IDENTIFIER  -- caller must release
-   -- with GSS_Release_oid_set()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a set of available mechanisms has
-   been returned in mech_set.
-
-
-
-
-Linn                        Standards Track                    [Page 69]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to determine the set of mechanism types available on
-   the local system. This call is intended for support of specialized
-   callers who need to request non-default mech_type sets from GSS-API
-   calls which accept input mechanism type specifiers.
-
-2.4.3:  GSS_Compare_name call
-
-   Inputs:
-
-   o  name1 INTERNAL NAME,
-
-   o  name2 INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_equal BOOLEAN
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that name1 and name2 were comparable, and
-   that the name_equal result indicates whether name1 and name2
-   represent the same entity.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the two input names' types are
-   different and incomparable, so that the comparison operation could
-   not be completed.
-
-   o  GSS_S_BAD_NAME indicates that one or both of the input names was
-   ill-formed in terms of its internal type specifier, so the comparison
-   operation could not be completed.
-
-   o  GSS_S_FAILURE indicates that the call's operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to compare two internal name representations to
-   determine whether they refer to the same entity.  If either name
-   presented to GSS_Compare_name() denotes an anonymous principal,
-   GSS_Compare_name() shall indicate FALSE.  It is not required that
-   either or both inputs name1 and name2 be MNs; for some
-
-
-
-
-
-Linn                        Standards Track                    [Page 70]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   implementations and cases, GSS_S_BAD_NAMETYPE may be returned,
-   indicating name incomparability, for the case where neither input
-   name is an MN.
-
-2.4.4:  GSS_Display_name call
-
-   Inputs:
-
-   o  name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_string OCTET STRING, -- caller must release
-   -- with GSS_Release_buffer()
-
-   o  name_type OBJECT IDENTIFIER  -- caller should treat
-   -- as read-only; does not need to be released
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a valid printable name
-   representation is available in the returned name_string.
-
-   o  GSS_S_BAD_NAME indicates that the contents of the provided name
-   were inconsistent with the internally-indicated name type, so no
-   printable representation could be generated.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to translate an internal name representation into a
-   printable form with associated namespace type descriptor. The syntax
-   of the printable form is a local matter.
-
-   If the input name represents an anonymous identity, a reserved value
-   (GSS_C_NT_ANONYMOUS) shall be returned for name_type.
-
-   The GSS_C_NO_OID name type is to be returned only when the
-   corresponding internal name was created through import with
-   GSS_C_NO_OID. It is acceptable for mechanisms to normalize names
-   imported with GSS_C_NO_OID into other supported types and, therefore,
-   to display them with types other than GSS_C_NO_OID.
-
-
-
-
-
-Linn                        Standards Track                    [Page 71]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-2.4.5:  GSS_Import_name call
-
-   Inputs:
-
-   o  input_name_string OCTET STRING,
-
-   o  input_name_type OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  output_name INTERNAL NAME  -- caller must release with
-   -- GSS_Release_name()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a valid name representation is
-   output in output_name and described by the type value in
-   output_name_type.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input_name_type is
-   unsupported by the applicable underlying GSS-API mechanism(s), so the
-   import operation could not be completed.
-
-   o  GSS_S_BAD_NAME indicates that the provided input_name_string is
-   ill-formed in terms of the input_name_type, so the import operation
-   could not be completed.
-
-   o  GSS_S_BAD_MECH indicates that the input presented for import was
-   an exported name object and that its enclosed mechanism type was not
-   recognized or was unsupported by the GSS-API implementation.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to provide a name representation as a contiguous octet
-   string, designate the type of namespace in conjunction with which it
-   should be parsed, and convert that representation to an internal form
-   suitable for input to other GSS-API routines.  The syntax of the
-   input_name_string is defined in conjunction with its associated name
-   type; depending on the input_name_type, the associated
-   input_name_string may or may not be a printable string.  If the
-   input_name_type's value is GSS_C_NO_OID, a mechanism-specific default
-   printable syntax (which shall be specified in the corresponding GSS-
-   V2 mechanism specification) is assumed for the input_name_string;
-
-
-
-Linn                        Standards Track                    [Page 72]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   other input_name_type values as registered by GSS-API implementations
-   can be used to indicate specific non-default name syntaxes. Note: The
-   input_name_type argument serves to describe and qualify the
-   interpretation of the associated input_name_string; it does not
-   specify the data type of the returned output_name.
-
-   If a mechanism claims support for a particular name type, its
-   GSS_Import_name() operation shall be able to accept all possible
-   values conformant to the external name syntax as defined for that
-   name type.  These imported values may correspond to:
-
-      (1) locally registered entities (for which credentials may be
-      acquired),
-
-      (2) non-local entities (for which local credentials cannot be
-      acquired, but which may be referenced as targets of initiated
-      security contexts or initiators of accepted security contexts), or
-      to
-
-      (3) neither of the above.
-
-   Determination of whether a particular name belongs to class (1), (2),
-   or (3) as described above is not guaranteed to be performed by the
-   GSS_Import_name() function.
-
-   The internal name generated by a GSS_Import_name() operation may be a
-   single-mechanism MN, and is likely to be an MN within a single-
-   mechanism implementation, but portable callers must not depend on
-   this property (and must not, therefore, assume that the output from
-   GSS_Import_name() can be passed directly to GSS_Export_name() without
-   first being processed through GSS_Canonicalize_name()).
-
-2.4.6: GSS_Release_name call
-
-   Inputs:
-
-   o  name INTERNAL NAME
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the storage associated with the
-   input name was successfully released.
-
-
-
-Linn                        Standards Track                    [Page 73]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  GSS_S_BAD_NAME indicates that the input name argument did not
-   contain a valid name.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an internal
-   name representation.  This call's specific behavior depends on the
-   language and programming environment within which a GSS-API
-   implementation operates, and is therefore detailed within applicable
-   bindings specifications; in particular, implementation and invocation
-   of this call may be superfluous (and may be omitted) within bindings
-   where memory management is automatic.
-
-2.4.7: GSS_Release_buffer call
-
-   Inputs:
-
-   o  buffer OCTET STRING
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the storage associated with the
-   input buffer was successfully released.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an OCTET STRING
-   buffer allocated by another GSS-API call.  This call's specific
-   behavior depends on the language and programming environment within
-   which a GSS-API implementation operates, and is therefore detailed
-   within applicable bindings specifications; in particular,
-   implementation and invocation of this call may be superfluous (and
-   may be omitted) within bindings where memory management is automatic.
-
-2.4.8: GSS_Release_OID_set call
-
-   Inputs:
-
-   o  buffer SET OF OBJECT IDENTIFIER
-
-
-
-
-Linn                        Standards Track                    [Page 74]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the storage associated with the
-   input object identifier set was successfully released.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to release the storage associated with an object
-   identifier set object allocated by another GSS-API call.  This call's
-   specific behavior depends on the language and programming environment
-   within which a GSS-API implementation operates, and is therefore
-   detailed within applicable bindings specifications; in particular,
-   implementation and invocation of this call may be superfluous (and
-   may be omitted) within bindings where memory management is automatic.
-
-2.4.9: GSS_Create_empty_OID_set call
-
-   Inputs:
-
-   o  (none)
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  oid_set SET OF OBJECT IDENTIFIER  -- caller must release
-   -- with GSS_Release_oid_set()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   Creates an object identifier set containing no object identifiers, to
-   which members may be subsequently added using the
-   GSS_Add_OID_set_member() routine.  These routines are intended to be
-   used to construct sets of mechanism object identifiers, for input to
-   GSS_Acquire_cred().
-
-
-
-Linn                        Standards Track                    [Page 75]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-2.4.10: GSS_Add_OID_set_member call
-
-   Inputs:
-
-   o  member_oid OBJECT IDENTIFIER,
-
-   o  oid_set SET OF OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-   Adds an Object Identifier to an Object Identifier set.  This routine
-   is intended for use in conjunction with GSS_Create_empty_OID_set()
-   when constructing a set of mechanism OIDs for input to
-   GSS_Acquire_cred().
-
-2.4.11: GSS_Test_OID_set_member call
-
-   Inputs:
-
-   o  member OBJECT IDENTIFIER,
-
-   o  set SET OF OBJECT IDENTIFIER
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  present BOOLEAN
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates successful completion
-
-   o  GSS_S_FAILURE indicates that the operation failed
-
-
-
-
-
-Linn                        Standards Track                    [Page 76]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Interrogates an Object Identifier set to determine whether a
-   specified Object Identifier is a member.  This routine is intended to
-   be used with OID sets returned by GSS_Indicate_mechs(),
-   GSS_Acquire_cred(), and GSS_Inquire_cred().
-
-2.4.12:  GSS_Inquire_names_for_mech call
-
-   Input:
-
-   o  input_mech_type OBJECT IDENTIFIER, -- mechanism type
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  name_type_set SET OF OBJECT IDENTIFIER -- caller must release
-   -- with GSS_Release_oid_set()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that the output name_type_set contains a
-   list of name types which are supported by the locally available
-   mechanism identified by input_mech_type.
-
-   o  GSS_S_BAD_MECH indicates that the mechanism identified by
-   input_mech_type was unsupported within the local implementation,
-   causing the query to fail.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   Allows callers to determine the set of name types which are
-   supportable by a specific locally-available mechanism.
-
-2.4.13: GSS_Inquire_mechs_for_name call
-
-   Inputs:
-
-   o  input_name INTERNAL NAME,
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-
-Linn                        Standards Track                    [Page 77]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  mech_types SET OF OBJECT IDENTIFIER  -- caller must release
-   -- with GSS_Release_oid_set()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a set of object identifiers,
-   corresponding to the set of mechanisms suitable for processing the
-   input_name, is available in mech_types.
-
-   o  GSS_S_BAD_NAME indicates that the input_name was ill-formed and
-   could not be processed.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input_name parameter
-   contained an invalid name type or a name type unsupported by the
-   GSS-API implementation.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   This routine returns the mechanism set with which the input_name may
-   be processed.
-
-   Each mechanism returned will recognize at least one element within
-   the name. It is permissible for this routine to be implemented within
-   a mechanism-independent GSS-API layer, using the type information
-   contained within the presented name, and based on registration
-   information provided by individual mechanism implementations.  This
-   means that the returned mech_types result may indicate that a
-   particular mechanism will understand a particular name when in fact
-   it would refuse to accept that name as input to
-   GSS_Canonicalize_name(), GSS_Init_sec_context(), GSS_Acquire_cred(),
-   or GSS_Add_cred(), due to some property of the particular name rather
-   than a property of the name type.  Thus, this routine should be used
-   only as a pre-filter for a call to a subsequent mechanism-specific
-   routine.
-
-2.4.14: GSS_Canonicalize_name call
-
-   Inputs:
-
-   o  input_name INTERNAL NAME,
-
-   o  mech_type OBJECT IDENTIFIER  -- must be explicit mechanism,
-   -- not "default" specifier or identifier of negotiating mechanism
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-
-
-Linn                        Standards Track                    [Page 78]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  minor_status INTEGER,
-
-   o  output_name INTERNAL NAME  -- caller must release with
-   -- GSS_Release_name()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a mechanism-specific reduction of
-   the input_name, as processed by the mechanism identified by
-   mech_type, is available in output_name.
-
-   o  GSS_S_BAD_MECH indicates that the identified mechanism is
-   unsupported for this operation; this may correspond either to a
-   mechanism wholly unsupported by the local GSS-API implementation or
-   to a negotiating mechanism with which the canonicalization operation
-   cannot be performed.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input name does not contain
-   an element with suitable type for processing by the identified
-   mechanism.
-
-   o  GSS_S_BAD_NAME indicates that the input name contains an element
-   with suitable type for processing by the identified mechanism, but
-   that this element could not be processed successfully.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   This routine reduces a GSS-API internal name input_name, which may in
-   general contain elements corresponding to multiple mechanisms, to a
-   mechanism-specific Mechanism Name (MN) output_name by applying the
-   translations corresponding to the mechanism identified by mech_type.
-   The contents of input_name are unaffected by the
-   GSS_Canonicalize_name() operation.  References to output_name will
-   remain valid until output_name is released, independent of whether or
-   not input_name is subsequently released.
-
-2.4.15: GSS_Export_name call
-
-   Inputs:
-
-   o  input_name INTERNAL NAME, -- required to be MN
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-
-
-Linn                        Standards Track                    [Page 79]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   o  output_name OCTET STRING  -- caller must release
-   -- with GSS_Release_buffer()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that a flat representation of the input
-   name is available in output_name.
-
-   o  GSS_S_NAME_NOT_MN indicates that the input name contained elements
-   corresponding to multiple mechanisms, so cannot be exported into a
-   single-mechanism flat form.
-
-   o  GSS_S_BAD_NAME indicates that the input name was an MN, but could
-   not be processed.
-
-   o  GSS_S_BAD_NAMETYPE indicates that the input name was an MN, but
-   that its type is unsupported by the GSS-API implementation.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   This routine creates a flat name representation, suitable for
-   bytewise comparison or for input to GSS_Import_name() in conjunction
-   with the reserved GSS-API Exported Name Object OID, from a internal-
-   form Mechanism Name (MN) as emitted, e.g., by GSS_Canonicalize_name()
-   or GSS_Accept_sec_context().
-
-   The emitted GSS-API Exported Name Object is self-describing; no
-   associated parameter-level OID need be emitted by this call.  This
-   flat representation consists of a mechanism-independent wrapper
-   layer, defined in Section 3.2 of this document, enclosing a
-   mechanism-defined name representation.
-
-   In all cases, the flat name output by GSS_Export_name() to correspond
-   to a particular input MN must be invariant over time within a
-   particular installation.
-
-   The GSS_S_NAME_NOT_MN status code is provided to enable
-   implementations to reject input names which are not MNs.  It is not,
-   however, required for purposes of conformance to this specification
-   that all non-MN input names must necessarily be rejected.
-
-2.4.16: GSS_Duplicate_name call
-
-   Inputs:
-
-   o  src_name INTERNAL NAME
-
-
-
-
-Linn                        Standards Track                    [Page 80]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Outputs:
-
-   o  major_status INTEGER,
-
-   o  minor_status INTEGER,
-
-   o  dest_name INTERNAL NAME  -- caller must release
-   -- with GSS_Release_name()
-
-   Return major_status codes:
-
-   o  GSS_S_COMPLETE indicates that dest_name references an internal
-   name object containing the same name as passed to src_name.
-
-   o  GSS_S_BAD_NAME indicates that the input name was invalid.
-
-   o  GSS_S_FAILURE indicates that the requested operation could not be
-   performed for reasons unspecified at the GSS-API level.
-
-   This routine takes input internal name src_name, and returns another
-   reference (dest_name) to that name which can be used even if src_name
-   is later freed.  (Note: This may be implemented by copying or through
-   use of reference counts.)
-
-3: Data Structure Definitions for GSS-V2 Usage
-
-   Subsections of this section define, for interoperability and
-   portability purposes, certain data structures for use with GSS-V2.
-
-3.1: Mechanism-Independent Token Format
-
-   This section specifies a mechanism-independent level of encapsulating
-   representation for the initial token of a GSS-API context
-   establishment sequence, incorporating an identifier of the mechanism
-   type to be used on that context and enabling tokens to be interpreted
-   unambiguously at GSS-API peers. Use of this format is required for
-   initial context establishment tokens of Internet standards-track
-   GSS-API mechanisms; use in non-initial tokens is optional.
-
-   The encoding format for the token tag is derived from ASN.1 and DER
-   (per illustrative ASN.1 syntax included later within this
-   subsection), but its concrete representation is defined directly in
-   terms of octets rather than at the ASN.1 level in order to facilitate
-   interoperable implementation without use of general ASN.1 processing
-   code.  The token tag consists of the following elements, in order:
-
-      1. 0x60 -- Tag for [APPLICATION 0] SEQUENCE; indicates that
-      -- constructed form, definite length encoding follows.
-
-
-
-Linn                        Standards Track                    [Page 81]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      2. Token length octets, specifying length of subsequent data
-      (i.e., the summed lengths of elements 3-5 in this list, and of the
-      mechanism-defined token object following the tag).  This element
-      comprises a variable number of octets:
-
-         2a. If the indicated value is less than 128, it shall be
-         represented in a single octet with bit 8 (high order) set to
-         "0" and the remaining bits representing the value.
-
-         2b. If the indicated value is 128 or more, it shall be
-         represented in two or more octets, with bit 8 of the first
-         octet set to "1" and the remaining bits of the first octet
-         specifying the number of additional octets.  The subsequent
-         octets carry the value, 8 bits per octet, most significant
-         digit first.  The minimum number of octets shall be used to
-         encode the length (i.e., no octets representing leading zeros
-         shall be included within the length encoding).
-
-      3. 0x06 -- Tag for OBJECT IDENTIFIER
-
-      4. Object identifier length -- length (number of octets) of
-      -- the encoded object identifier contained in element 5,
-      -- encoded per rules as described in 2a. and 2b. above.
-
-      5. Object identifier octets -- variable number of octets,
-      -- encoded per ASN.1 BER rules:
-
-         5a. The first octet contains the sum of two values: (1) the
-         top-level object identifier component, multiplied by 40
-         (decimal), and (2) the second-level object identifier
-         component.  This special case is the only point within an
-         object identifier encoding where a single octet represents
-         contents of more than one component.
-
-         5b. Subsequent octets, if required, encode successively-lower
-         components in the represented object identifier.  A component's
-         encoding may span multiple octets, encoding 7 bits per octet
-         (most significant bits first) and with bit 8 set to "1" on all
-         but the final octet in the component's encoding.  The minimum
-         number of octets shall be used to encode each component (i.e.,
-         no octets representing leading zeros shall be included within a
-         component's encoding).
-
-      (Note: In many implementations, elements 3-5 may be stored and
-      referenced as a contiguous string constant.)
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 82]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   The token tag is immediately followed by a mechanism-defined token
-   object.  Note that no independent size specifier intervenes following
-   the object identifier value to indicate the size of the mechanism-
-   defined token object.  While ASN.1 usage within mechanism-defined
-   tokens is permitted, there is no requirement that the mechanism-
-   specific innerContextToken, innerMsgToken, and sealedUserData data
-   elements must employ ASN.1 BER/DER encoding conventions.
-
-   The following ASN.1 syntax is included for descriptive purposes only,
-   to illustrate structural relationships among token and tag objects.
-   For interoperability purposes, token and tag encoding shall be
-   performed using the concrete encoding procedures described earlier in
-   this subsection.
-
-      GSS-API DEFINITIONS ::=
-
-      BEGIN
-
-      MechType ::= OBJECT IDENTIFIER
-      -- data structure definitions
-      -- callers must be able to distinguish among
-      -- InitialContextToken, SubsequentContextToken,
-      -- PerMsgToken, and SealedMessage data elements
-      -- based on the usage in which they occur
-
-      InitialContextToken ::=
-      -- option indication (delegation, etc.) indicated within
-      -- mechanism-specific token
-      [APPLICATION 0] IMPLICIT SEQUENCE {
-              thisMech MechType,
-              innerContextToken ANY DEFINED BY thisMech
-                 -- contents mechanism-specific
-                 -- ASN.1 structure not required
-              }
-
-      SubsequentContextToken ::= innerContextToken ANY
-      -- interpretation based on predecessor InitialContextToken
-      -- ASN.1 structure not required
-
-      PerMsgToken ::=
-      -- as emitted by GSS_GetMIC and processed by GSS_VerifyMIC
-      -- ASN.1 structure not required
-              innerMsgToken ANY
-
-      SealedMessage ::=
-      -- as emitted by GSS_Wrap and processed by GSS_Unwrap
-      -- includes internal, mechanism-defined indicator
-      -- of whether or not encrypted
-
-
-
-Linn                        Standards Track                    [Page 83]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      -- ASN.1 structure not required
-              sealedUserData ANY
-
-      END
-
-3.2: Mechanism-Independent Exported Name Object Format
-
-   This section specifies a mechanism-independent level of encapsulating
-   representation for names exported via the GSS_Export_name() call,
-   including an object identifier representing the exporting mechanism.
-   The format of names encapsulated via this representation shall be
-   defined within individual mechanism drafts.  The Object Identifier
-   value to indicate names of this type is defined in Section 4.7 of
-   this document.
-
-   No name type OID is included in this mechanism-independent level of
-   format definition, since (depending on individual mechanism
-   specifications) the enclosed name may be implicitly typed or may be
-   explicitly typed using a means other than OID encoding.
-
-   The bytes within MECH_OID_LEN and NAME_LEN elements are represented
-   most significant byte first (equivalently, in IP network byte order).
-
-        Length    Name          Description
-
-        2               TOK_ID          Token Identifier
-                                        For exported name objects, this
-                                        must be hex 04 01.
-        2               MECH_OID_LEN    Length of the Mechanism OID
-        MECH_OID_LEN    MECH_OID        Mechanism OID, in DER
-        4               NAME_LEN        Length of name
-        NAME_LEN        NAME            Exported name; format defined in
-                                        applicable mechanism draft.
-
-   A concrete example of the contents of an exported name object,
-   derived from the Kerberos Version 5 mechanism, is as follows:
-
-   04 01 00 0B 06 09 2A 86 48 86 F7 12 01 02 02 hx xx xx xl pp qq ... zz
-
-   04 01        mandatory token identifier
-
-   00 0B        2-byte length of the immediately following DER-encoded
-                ASN.1 value of type OID, most significant octet first
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 84]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   06 09 2A 86 48 86 F7 12 01 02 02    DER-encoded ASN.1 value
-                                       of type OID; Kerberos V5
-                                       mechanism OID indicates
-                                       Kerberos V5 exported name
-
-          in Detail:      06                  Identifier octet (6=OID)
-                          09                           Length octet(s)
-                          2A 86 48 86 F7 12 01 02 02   Content octet(s)
-
-   hx xx xx xl   4-byte length of the immediately following exported
-                 name blob, most significant octet first
-
-   pp qq ... zz  exported name blob of specified length,
-                 bits and bytes specified in the
-                 (Kerberos 5) GSS-API v2 mechanism spec
-
-4: Name Type Definitions
-
-   This section includes definitions for name types and associated
-   syntaxes which are defined in a mechanism-independent fashion at the
-   GSS-API level rather than being defined in individual mechanism
-   specifications.
-
-4.1: Host-Based Service Name Form
-
-   This name form shall be represented by the Object Identifier:
-
-   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
-   "gssapi(2) generic(1) service_name(4)}.
-
-   The recommended symbolic name for this type is
-   "GSS_C_NT_HOSTBASED_SERVICE".
-
-   For reasons of compatibility with existing implementations, it is
-   recommended that this OID be used rather than the alternate value as
-   included in [RFC-2078]:
-
-   {1(iso), 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
-   2(gss-host-based-services)}
-
-   While it is not recommended that this alternate value be emitted on
-   output by GSS implementations, it is recommended that it be accepted
-   on input as equivalent to the recommended value.
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 85]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   This name type is used to represent services associated with host
-   computers.  Support for this name form is recommended to mechanism
-   designers in the interests of portability, but is not mandated by
-   this specification. This name form is constructed using two elements,
-   "service" and "hostname", as follows:
-
-   service@hostname
-
-   When a reference to a name of this type is resolved, the "hostname"
-   may (as an example implementation strategy) be canonicalized by
-   attempting a DNS lookup and using the fully-qualified domain name
-   which is returned, or by using the "hostname" as provided if the DNS
-   lookup fails.  The canonicalization operation also maps the host's
-   name into lower-case characters.
-
-   The "hostname" element may be omitted. If no "@" separator is
-   included, the entire name is interpreted as the service specifier,
-   with the "hostname" defaulted to the canonicalized name of the local
-   host.
-
-   Documents specifying means for GSS integration into a particular
-   protocol should state either:
-
-      (a) that a specific IANA-registered name associated with that
-      protocol shall be used for the "service" element (this admits, if
-      needed, the possibility that a single name can be registered and
-      shared among a related set of protocols), or
-
-      (b) that the generic name "host" shall be used for the "service"
-      element, or
-
-      (c) that, for that protocol, fallback in specified order (a, then
-      b) or (b, then a) shall be applied.
-
-   IANA registration of specific names per (a) should be handled in
-   accordance with the "Specification Required" assignment policy,
-   defined by BCP 26, RFC 2434 as follows: "Values and their meaning
-   must be documented in an RFC or other available reference, in
-   sufficient detail so that interoperability between independent
-   implementations is possible."
-
-4.2: User Name Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) user_name(1)}. The recommended mechanism-independent
-   symbolic name for this type is "GSS_C_NT_USER_NAME". (Note: the same
-
-
-
-
-Linn                        Standards Track                    [Page 86]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   name form and OID is defined within the Kerberos V5 GSS-API
-   mechanism, but the symbolic name recommended there begins with a
-   "GSS_KRB5_NT_" prefix.)
-
-   This name type is used to indicate a named user on a local system.
-   Its syntax and interpretation may be OS-specific. This name form is
-   constructed as:
-
-   username
-
-4.3: Machine UID Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) machine_uid_name(2)}.  The recommended mechanism-
-   independent symbolic name for this type is
-   "GSS_C_NT_MACHINE_UID_NAME".  (Note: the same name form and OID is
-   defined within the Kerberos V5 GSS-API mechanism, but the symbolic
-   name recommended there begins with a "GSS_KRB5_NT_" prefix.)
-
-   This name type is used to indicate a numeric user identifier
-   corresponding to a user on a local system.  Its interpretation is
-   OS-specific.  The gss_buffer_desc representing a name of this type
-   should contain a locally-significant user ID, represented in host
-   byte order.  The GSS_Import_name() operation resolves this uid into a
-   username, which is then treated as the User Name Form.
-
-4.4: String UID Form
-
-   This name form shall be represented by the Object Identifier {iso(1)
-   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-   generic(1) string_uid_name(3)}.  The recommended symbolic name for
-   this type is "GSS_C_NT_STRING_UID_NAME".  (Note: the same name form
-   and OID is defined within the Kerberos V5 GSS-API mechanism, but the
-   symbolic name recommended there begins with a "GSS_KRB5_NT_" prefix.)
-
-   This name type is used to indicate a string of digits representing
-   the numeric user identifier of a user on a local system.  Its
-   interpretation is OS-specific. This name type is similar to the
-   Machine UID Form, except that the buffer contains a string
-   representing the user ID.
-
-4.5: Anonymous Nametype
-
-   The following Object Identifier value is provided as a means to
-   identify anonymous names, and can be compared against in order to
-   determine, in a mechanism-independent fashion, whether a name refers
-   to an anonymous principal:
-
-
-
-Linn                        Standards Track                    [Page 87]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   {1(iso), 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
-   3(gss-anonymous-name)}
-
-   The recommended symbolic name corresponding to this definition is
-   GSS_C_NT_ANONYMOUS.
-
-4.6: GSS_C_NO_OID
-
-   The recommended symbolic name GSS_C_NO_OID corresponds to a null
-   input value instead of an actual object identifier.  Where specified,
-   it indicates interpretation of an associated name based on a
-   mechanism-specific default printable syntax.
-
-4.7: Exported Name Object
-
-   Name objects of the Mechanism-Independent Exported Name Object type,
-   as defined in Section 3.2 of this document, will be identified with
-   the following Object Identifier:
-
-   {1(iso), 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
-   4(gss-api-exported-name)}
-
-   The recommended symbolic name corresponding to this definition is
-   GSS_C_NT_EXPORT_NAME.
-
-4.8: GSS_C_NO_NAME
-
-   The recommended symbolic name GSS_C_NO_NAME indicates that no name is
-   being passed within a particular value of a parameter used for the
-   purpose of transferring names. Note: GSS_C_NO_NAME is not an actual
-   name type, and is not represented by an OID; its acceptability in
-   lieu of an actual name is confined to specific calls
-   (GSS_Acquire_cred(), GSS_Add_cred(), and GSS_Init_sec_context()) with
-   usages as identified within this specification.
-
-5:  Mechanism-Specific Example Scenarios
-
-   This section provides illustrative overviews of the use of various
-   candidate mechanism types to support the GSS-API. These discussions
-   are intended primarily for readers familiar with specific security
-   technologies, demonstrating how GSS-API functions can be used and
-   implemented by candidate underlying mechanisms. They should not be
-   regarded as constrictive to implementations or as defining the only
-   means through which GSS-API functions can be realized with a
-   particular underlying technology, and do not demonstrate all GSS-API
-   features with each technology.
-
-
-
-
-
-Linn                        Standards Track                    [Page 88]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-5.1: Kerberos V5, single-TGT
-
-   OS-specific login functions yield a TGT to the local realm Kerberos
-   server; TGT is placed in a credentials structure for the client.
-   Client calls GSS_Acquire_cred()  to acquire a cred_handle in order to
-   reference the credentials for use in establishing security contexts.
-
-   Client calls GSS_Init_sec_context().  If the requested service is
-   located in a different realm, GSS_Init_sec_context()  gets the
-   necessary TGT/key pairs needed to traverse the path from local to
-   target realm; these data are placed in the owner's TGT cache. After
-   any needed remote realm resolution, GSS_Init_sec_context() yields a
-   service ticket to the requested service with a corresponding session
-   key; these data are stored in conjunction with the context. GSS-API
-   code sends KRB_TGS_REQ request(s) and receives KRB_TGS_REP
-   response(s) (in the successful case) or KRB_ERROR.
-
-   Assuming success, GSS_Init_sec_context()  builds a Kerberos-formatted
-   KRB_AP_REQ message, and returns it in output_token.  The client sends
-   the output_token to the service.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(),  which verifies the authenticator, provides
-   the service with the client's authenticated name, and returns an
-   output_context_handle.
-
-   Both parties now hold the session key associated with the service
-   ticket, and can use this key in subsequent GSS_GetMIC(),
-   GSS_VerifyMIC(),  GSS_Wrap(), and GSS_Unwrap() operations.
-
-5.2: Kerberos V5, double-TGT
-
-   TGT acquisition as above.
-
-   Note: To avoid unnecessary frequent invocations of error paths when
-   implementing the GSS-API atop Kerberos V5, it seems appropriate to
-   represent "single-TGT K-V5" and "double-TGT K-V5" with separate
-   mech_types, and this discussion makes that assumption.
-
-   Based on the (specified or defaulted) mech_type,
-   GSS_Init_sec_context()  determines that the double-TGT protocol
-   should be employed for the specified target. GSS_Init_sec_context()
-   returns GSS_S_CONTINUE_NEEDED major_status, and its returned
-   output_token contains a request to the service for the service's TGT.
-   (If a service TGT with suitably long remaining lifetime already
-   exists in a cache, it may be usable, obviating the need for this
-   step.) The client passes the output_token to the service.  Note: this
-   scenario illustrates a different use for the GSS_S_CONTINUE_NEEDED
-
-
-
-Linn                        Standards Track                    [Page 89]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   status return facility than for support of mutual authentication;
-   note that both uses can coexist as successive operations within a
-   single context establishment operation.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(),  which recognizes it as a request for TGT.
-   (Note that current Kerberos V5 defines no intra-protocol mechanism to
-   represent such a request.) GSS_Accept_sec_context() returns
-   GSS_S_CONTINUE_NEEDED major_status and provides the service's TGT in
-   its output_token. The service sends the output_token to the client.
-
-   The client passes the received token as the input_token argument to a
-   continuation of GSS_Init_sec_context(). GSS_Init_sec_context() caches
-   the received service TGT and uses it as part of a service ticket
-   request to the Kerberos authentication server, storing the returned
-   service ticket and session key in conjunction with the context.
-   GSS_Init_sec_context() builds a Kerberos-formatted authenticator, and
-   returns it in output_token along with GSS_S_COMPLETE return
-   major_status. The client sends the output_token to the service.
-
-   Service passes the received token as the input_token argument to a
-   continuation call to GSS_Accept_sec_context().
-   GSS_Accept_sec_context()  verifies the authenticator, provides the
-   service with the client's authenticated name, and returns
-   major_status GSS_S_COMPLETE.
-
-   GSS_GetMIC(),  GSS_VerifyMIC(), GSS_Wrap(), and GSS_Unwrap()  as
-   above.
-
-5.3:  X.509 Authentication Framework
-
-   This example illustrates use of the GSS-API in conjunction with
-   public-key mechanisms, consistent with the X.509 Directory
-   Authentication Framework.
-
-   The GSS_Acquire_cred() call establishes a credentials structure,
-   making the client's private key accessible for use on behalf of the
-   client.
-
-   The client calls GSS_Init_sec_context(), which interrogates the
-   Directory to acquire (and validate) a chain of public-key
-   certificates, thereby collecting the public key of the service.  The
-   certificate validation operation determines that suitable integrity
-   checks were applied by trusted authorities and that those
-   certificates have not expired. GSS_Init_sec_context() generates a
-   secret key for use in per-message protection operations on the
-   context, and enciphers that secret key under the service's public
-   key.
-
-
-
-Linn                        Standards Track                    [Page 90]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   The enciphered secret key, along with an authenticator quantity
-   signed with the client's private key, is included in the output_token
-   from GSS_Init_sec_context().  The output_token also carries a
-   certification path, consisting of a certificate chain leading from
-   the service to the client; a variant approach would defer this path
-   resolution to be performed by the service instead of being asserted
-   by the client. The client application sends the output_token to the
-   service.
-
-   The service passes the received token as the input_token argument to
-   GSS_Accept_sec_context(). GSS_Accept_sec_context() validates the
-   certification path, and as a result determines a certified binding
-   between the client's distinguished name and the client's public key.
-   Given that public key, GSS_Accept_sec_context() can process the
-   input_token's authenticator quantity and verify that the client's
-   private key was used to sign the input_token. At this point, the
-   client is authenticated to the service. The service uses its private
-   key to decipher the enciphered secret key provided to it for per-
-   message protection operations on the context.
-
-   The client calls GSS_GetMIC() or GSS_Wrap() on a data message, which
-   causes per-message authentication, integrity, and (optional)
-   confidentiality facilities to be applied to that message. The service
-   uses the context's shared secret key to perform corresponding
-   GSS_VerifyMIC()  and GSS_Unwrap() calls.
-
-6:  Security Considerations
-
-   This document specifies a service interface for security facilities
-   and services; as such, security considerations are considered
-   throughout the specification.  Nonetheless, it is appropriate to
-   summarize certain specific points relevant to GSS-API implementors
-   and calling applications.  Usage of the GSS-API interface does not in
-   itself provide security services or assurance; instead, these
-   attributes are dependent on the underlying mechanism(s) which support
-   a GSS-API implementation.  Callers must be attentive to the requests
-   made to GSS-API calls and to the status indicators returned by GSS-
-   API, as these specify the security service characteristics which
-   GSS-API will provide.  When the interprocess context transfer
-   facility is used, appropriate local controls should be applied to
-   constrain access to interprocess tokens and to the sensitive data
-   which they contain.
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 91]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-7:  Related Activities
-
-   In order to implement the GSS-API atop existing, emerging, and future
-   security mechanisms:
-
-      object identifiers must be assigned to candidate GSS-API
-      mechanisms and the name types which they support
-
-      concrete data element formats and processing procedures must be
-      defined for candidate mechanisms
-
-   Calling applications must implement formatting conventions which will
-   enable them to distinguish GSS-API tokens from other data carried in
-   their application protocols.
-
-   Concrete language bindings are required for the programming
-   environments in which the GSS-API is to be employed, as [RFC-1509]
-   defines for the C programming language and GSS-V1.  C Language
-   bindings for GSS-V2 are defined in [RFC-2744].
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 92]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-8:  Referenced Documents
-
-   [ISO-7498-2]  International Standard ISO 7498-2-1988(E), Security
-                 Architecture.
-
-   [ISOIEC-8824] ISO/IEC 8824, "Specification of Abstract Syntax
-                 Notation One (ASN.1)".
-
-   [ISOIEC-8825] ISO/IEC 8825, "Specification of Basic Encoding Rules
-                 for Abstract Syntax Notation One (ASN.1)".)
-
-   [RFC-1507]:   Kaufman, C., "DASS: Distributed Authentication Security
-                 Service", RFC 1507, September 1993.
-
-   [RFC-1508]:   Linn, J., "Generic Security Service Application Program
-                 Interface", RFC 1508, September 1993.
-
-   [RFC-1509]:   Wray, J., "Generic Security Service API: C-bindings",
-                 RFC 1509, September 1993.
-
-   [RFC-1964]:   Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
-                 RFC 1964, June 1996.
-
-   [RFC-2025]:   Adams, C., "The Simple Public-Key GSS-API Mechanism
-                 (SPKM)", RFC 2025, October 1996.
-
-   [RFC-2078]:   Linn, J., "Generic Security Service Application Program
-                 Interface, Version 2", RFC 2078, January 1997.
-
-   [RFC-2203]:   Eisler, M., Chiu, A. and L. Ling, "RPCSEC_GSS Protocol
-                 Specification", RFC 2203, September 1997.
-
-   [RFC-2744]:   Wray, J., "Generic Security Service API Version 2 :
-                 C-bindings", RFC 2744, January 2000.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 93]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-APPENDIX A
-
-MECHANISM DESIGN CONSTRAINTS
-
-   The following constraints on GSS-API mechanism designs are adopted in
-   response to observed caller protocol requirements, and adherence
-   thereto is anticipated in subsequent descriptions of GSS-API
-   mechanisms to be documented in standards-track Internet
-   specifications.
-
-   It is strongly recommended that mechanisms offering per-message
-   protection services also offer at least one of the replay detection
-   and sequencing services, as mechanisms offering neither of the latter
-   will fail to satisfy recognized requirements of certain candidate
-   caller protocols.
-
-APPENDIX B
-
-COMPATIBILITY WITH GSS-V1
-
-   It is the intent of this document to define an interface and
-   procedures which preserve compatibility between GSS-V1 [RFC-1508]
-   callers and GSS-V2 providers.  All calls defined in GSS-V1 are
-   preserved, and it has been a goal that GSS-V1 callers should be able
-   to operate atop GSS-V2 provider implementations.  Certain detailed
-   changes, summarized in this section, have been made in order to
-   resolve omissions identified in GSS-V1.
-
-   The following GSS-V1 constructs, while supported within GSS-V2, are
-   deprecated:
-
-      Names for per-message processing routines: GSS_Seal() deprecated
-      in favor of GSS_Wrap(); GSS_Sign() deprecated in favor of
-      GSS_GetMIC(); GSS_Unseal() deprecated in favor of GSS_Unwrap();
-      GSS_Verify() deprecated in favor of GSS_VerifyMIC().
-
-      GSS_Delete_sec_context() facility for context_token usage,
-      allowing mechanisms to signal context deletion, is retained for
-      compatibility with GSS-V1.  For current usage, it is recommended
-      that both peers to a context invoke GSS_Delete_sec_context()
-      independently, passing a null output_context_token buffer to
-      indicate that no context_token is required.  Implementations of
-      GSS_Delete_sec_context() should delete relevant locally-stored
-      context information.
-
-   This GSS-V2 specification adds the following calls which are not
-   present in GSS-V1:
-
-
-
-
-Linn                        Standards Track                    [Page 94]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      Credential management calls: GSS_Add_cred(),
-      GSS_Inquire_cred_by_mech().
-
-      Context-level calls: GSS_Inquire_context(), GSS_Wrap_size_limit(),
-      GSS_Export_sec_context(), GSS_Import_sec_context().
-
-      Per-message calls: No new calls.  Existing calls have been
-      renamed.
-
-      Support calls: GSS_Create_empty_OID_set(),
-      GSS_Add_OID_set_member(), GSS_Test_OID_set_member(),
-      GSS_Inquire_names_for_mech(), GSS_Inquire_mechs_for_name(),
-      GSS_Canonicalize_name(), GSS_Export_name(), GSS_Duplicate_name().
-
-   This GSS-V2 specification introduces three new facilities applicable
-   to security contexts, indicated using the following context state
-   values which are not present in GSS-V1:
-
-      anon_state, set TRUE to indicate that a context's initiator is
-      anonymous from the viewpoint of the target; Section 1.2.5 of this
-      specification provides a summary description of the GSS-V2
-      anonymity support facility, support and use of which is optional.
-
-      prot_ready_state, set TRUE to indicate that a context may be used
-      for per-message protection before final completion of context
-      establishment; Section 1.2.7 of this specification provides a
-      summary description of the GSS-V2 facility enabling mechanisms to
-      selectively permit per-message protection during context
-      establishment, support and use of which is optional.
-
-      trans_state, set TRUE to indicate that a context is transferable
-      to another process using the GSS-V2 GSS_Export_sec_context()
-      facility.
-
-   These state values are represented (at the C bindings level) in
-   positions within a bit vector which are unused in GSS-V1, and may be
-   safely ignored by GSS-V1 callers.
-
-   New conf_req_flag and integ_req_flag inputs are defined for
-   GSS_Init_sec_context(), primarily to provide information to
-   negotiating mechanisms.  This introduces a compatibility issue with
-   GSS-V1 callers, discussed in section 2.2.1 of this specification.
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                    [Page 95]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   Relative to GSS-V1, GSS-V2 provides additional guidance to GSS-API
-   implementors in the following areas: implementation robustness,
-   credential management, behavior in multi-mechanism configurations,
-   naming support, and inclusion of optional sequencing services.  The
-   token tagging facility as defined in GSS-V2, Section 3.1, is now
-   described directly in terms of octets to facilitate interoperable
-   implementation without general ASN.1 processing code; the
-   corresponding ASN.1 syntax, included for descriptive purposes, is
-   unchanged from that in GSS-V1. For use in conjunction with added
-   naming support facilities, a new Exported Name Object construct is
-   added.  Additional name types are introduced in Section 4.
-
-   This GSS-V2 specification adds the following major_status values
-   which are not defined in GSS-V1:
-
-        GSS_S_BAD_QOP                 unsupported QOP value
-        GSS_S_UNAUTHORIZED            operation unauthorized
-        GSS_S_UNAVAILABLE             operation unavailable
-        GSS_S_DUPLICATE_ELEMENT       duplicate credential element
-                                        requested
-        GSS_S_NAME_NOT_MN                   name contains multi-mechanism
-                                        elements
-        GSS_S_GAP_TOKEN               skipped predecessor token(s)
-                                        detected
-
-   Of these added status codes, only two values are defined to be
-   returnable by calls existing in GSS-V1: GSS_S_BAD_QOP (returnable by
-   GSS_GetMIC() and GSS_Wrap()), and GSS_S_GAP_TOKEN (returnable by
-   GSS_VerifyMIC() and GSS_Unwrap()).
-
-   Additionally, GSS-V2 descriptions of certain calls present in GSS-V1
-   have been updated to allow return of additional major_status values
-   from the set as defined in GSS-V1: GSS_Inquire_cred() has
-   GSS_S_DEFECTIVE_CREDENTIAL and GSS_S_CREDENTIALS_EXPIRED defined as
-   returnable, GSS_Init_sec_context() has GSS_S_OLD_TOKEN,
-   GSS_S_DUPLICATE_TOKEN, and GSS_S_BAD_MECH defined as returnable, and
-   GSS_Accept_sec_context() has GSS_S_BAD_MECH defined as returnable.
-
-APPENDIX C
-
-CHANGES RELATIVE TO RFC-2078
-
-   This document incorporates a number of changes relative to RFC-2078,
-   made primarily in response to implementation experience, for purposes
-   of alignment with the GSS-V2 C language bindings document, and to add
-   informative clarification.  This section summarizes technical changes
-   incorporated.
-
-
-
-
-Linn                        Standards Track                    [Page 96]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-   General:
-
-      Clarified usage of object release routines, and incorporated
-      statement that some may be omitted within certain operating
-      environments.
-
-      Removed GSS_Release_OID, GSS_OID_to_str(), and GSS_Str_to_OID()
-      routines.
-
-      Clarified circumstances under which zero-length tokens may validly
-      exist as inputs and outputs to/from GSS-API calls.
-
-      Added GSS_S_BAD_MIC status code as alias for GSS_S_BAD_SIG.
-
-      For GSS_Display_status(), deferred to language bindings the choice
-      of whether to return multiple status values in parallel or via
-      iteration, and added commentary deprecating return of
-      GSS_S_CONTINUE_NEEDED.
-
-      Adapted and incorporated clarifying material on optional service
-      support, delegation, and interprocess context transfer from C
-      bindings document.
-
-      Added and updated references to related documents, and to current
-      status of cited Kerberos mechanism OID.
-
-      Added general statement about GSS-API calls having no side effects
-      visible at the GSS-API level.
-
-   Context-related (including per-message protection issues):
-
-      Clarified GSS_Delete_sec_context() usage for partially-established
-      contexts.
-
-      Added clarification on GSS_Export_sec_context() and
-      GSS_Import_sec_context() behavior and context usage following an
-      export-import sequence.
-
-      Added informatory conf_req_flag, integ_req_flag inputs to
-      GSS_Init_sec_context().  (Note: this facility introduces a
-      backward incompatibility with GSS-V1 callers, discussed in Section
-      2.2.1; this implication was recognized and accepted in working
-      group discussion.)
-
-      Stated that GSS_S_FAILURE is to be returned if
-      GSS_Init_sec_context() or GSS_Accept_sec_context() is passed the
-      handle of a context which is already fully established.
-
-
-
-
-Linn                        Standards Track                    [Page 97]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      Re GSS_Inquire_sec_context(), stated that src_name and targ_name
-      are not returned until GSS_S_COMPLETE status is reached; removed
-      use of GSS_S_CONTEXT_EXPIRED status code (replacing with EXPIRED
-      lifetime return value); stated requirement to retain inquirable
-      data until context released by caller; added result value
-      indicating whether or not context is fully open.
-
-      Added discussion of interoperability conditions for mechanisms
-      permitting optional support of QOPs. Removed reference to
-      structured QOP elements in GSS_Verify_MIC().
-
-      Added discussion of use of GSS_S_DUPLICATE_TOKEN status to
-      indicate reflected per-message tokens.
-
-      Clarified use of informational sequencing codes from per-message
-      protection calls in conjunction with GSS_S_COMPLETE and
-      GSS_S_FAILURE major_status returns, adjusting status code
-      descriptions accordingly.
-
-      Added specific statements about impact of GSS_GetMIC() and
-      GSS_Wrap() failures on context state information, and generalized
-      existing statements about impact of processing failures on
-      received per-message tokens.
-
-      For GSS_Init_sec_context() and GSS_Accept_sec_context(), permitted
-      returned mech_type to be valid before GSS_S_COMPLETE, recognizing
-      that the value may change on successive continuation calls in the
-      negotiated mechanism case.
-
-      Deleted GSS_S_CONTEXT_EXPIRED status from
-      GSS_Import_sec_context().
-
-      Added conf_req_flag input to GSS_Wrap_size_limit().
-
-      Stated requirement for mechanisms' support of per-message
-      protection services to be usable concurrently in both directions
-      on a context.
-
-   Credential-related:
-
-      For GSS_Acquire_cred() and GSS_Add_cred(), aligned with C bindings
-      statement of likely non-support for INITIATE or BOTH credentials
-      if input name is neither empty nor a name resulting from applying
-      GSS_Inquire_cred() against the default credential.  Further,
-      stated that an explicit name returned by GSS_Inquire_context()
-      should also be accepted.  Added commentary about potentially
-      time-variant results of default resolution and attendant
-      implications.  Aligned with C bindings re behavior when
-
-
-
-Linn                        Standards Track                    [Page 98]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      GSS_C_NO_NAME provided for desired_name. In GSS_Acquire_cred(),
-      stated that NULL, rather than empty OID set, should be used for
-      desired_mechs in order to request default mechanism set.
-
-      Added GSS_S_CREDENTIALS_EXPIRED as returnable major_status for
-      GSS_Acquire_cred(), GSS_Add_cred(), also specifying GSS_S_NO_CRED
-      as appropriate return for temporary, user-fixable credential
-      unavailability.  GSS_Acquire_cred() and GSS_Add_cred() are also to
-      return GSS_S_NO_CRED if an authorization failure is encountered
-      upon credential acquisition.
-
-      Removed GSS_S_CREDENTIALS_EXPIRED status return from per-message
-      protection, GSS_Context_time(), and GSS_Inquire_context() calls.
-
-      For GSS_Add_cred(), aligned with C bindings' description of
-      behavior when addition of elements to the default credential is
-      requested.
-
-      Upgraded recommended default credential resolution algorithm to
-      status of requirement for initiator credentials.
-
-      For GSS_Release_cred(), GSS_Inquire_cred(), and
-      GSS_Inquire_cred_by_mech(), clarified behavior for input
-      GSS_C_NO_CREDENTIAL.
-
-   Name-related:
-
-      Aligned GSS_Inquire_mechs_for_name() description with C bindings.
-
-      Removed GSS_S_BAD_NAMETYPE status return from
-      GSS_Duplicate_name(), GSS_Display_name(); constrained its
-      applicability for GSS_Compare_name().
-
-      Aligned with C bindings statement re GSS_Import_name() behavior
-      with GSS_C_NO_OID input name type, and stated that GSS-V2
-      mechanism specifications are to define processing procedures
-      applicable to their mechanisms.  Also clarified GSS_C_NO_OID usage
-      with GSS_Display_name().
-
-      Downgraded reference to name canonicalization via DNS lookup to an
-      example.
-
-      For GSS_Canonicalize_name(), stated that neither negotiated
-      mechanisms nor the default mechanism are supported input
-      mech_types for this operation, and specified GSS_S_BAD_MECH status
-      to be returned in this case.  Clarified that the
-      GSS_Canonicalize_name() operation is non-destructive to its input
-      name.
-
-
-
-Linn                        Standards Track                    [Page 99]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-      Clarified semantics of GSS_C_NT_USER_NAME name type.
-
-      Added descriptions of additional name types.  Also added
-      discussion of GSS_C_NO_NAME and its constrained usage with
-      specific GSS calls.
-
-      Adapted and incorporated C bindings discussion about name
-      comparisons with exported name objects.
-
-      Added recommendation to mechanism designers for support of host-
-      based service name type, deferring any requirement statement to
-      individual mechanism specifications.  Added discussion of host-
-      based service's service name element and proposed approach for
-      IANA registration policy therefor.
-
-      Clarified byte ordering within exported name object.  Stated that
-      GSS_S_BAD_MECH is to be returned if, in the course of attempted
-      import of an exported name object, the name object's enclosed
-      mechanism type is unrecognized or unsupported.
-
-      Stated that mechanisms may optionally accept GSS_C_NO_NAME as an
-      input target name to GSS_Init_sec_context(), with comment that
-      such support is unlikely within mechanisms predating GSS-V2,
-      Update 1.
-
-AUTHOR'S ADDRESS
-
-   John Linn
-   RSA Laboratories
-   20 Crosby Drive
-   Bedford, MA  01730 USA
-
-   Phone: +1 781.687.7817
-   EMail: jlinn@rsasecurity.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                   [Page 100]
-
-RFC 2743                        GSS-API                     January 2000
-
-
-Full Copyright Statement
-
-   Copyright (C) The Internet Society (2000).  All Rights Reserved.
-
-   This document and translations of it may be copied and furnished to
-   others, and derivative works that comment on or otherwise explain it
-   or assist in its implementation may be prepared, copied, published
-   and distributed, in whole or in part, without restriction of any
-   kind, provided that the above copyright notice and this paragraph are
-   included on all such copies and derivative works.  However, this
-   document itself may not be modified in any way, such as by removing
-   the copyright notice or references to the Internet Society or other
-   Internet organizations, except as needed for the purpose of
-   developing Internet standards in which case the procedures for
-   copyrights defined in the Internet Standards process must be
-   followed, or as required to translate it into languages other than
-   English.
-
-   The limited permissions granted above are perpetual and will not be
-   revoked by the Internet Society or its successors or assigns.
-
-   This document and the information contained herein is provided on an
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Acknowledgement
-
-   Funding for the RFC Editor function is currently provided by the
-   Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Linn                        Standards Track                   [Page 101]
-
diff --git a/crypto/heimdal/doc/standardisation/rfc2744.txt b/crypto/heimdal/doc/standardisation/rfc2744.txt
deleted file mode 100644
index 7f0c61946f24..000000000000
--- a/crypto/heimdal/doc/standardisation/rfc2744.txt
+++ /dev/null
@@ -1,5659 +0,0 @@
-
-
-
-
-
-
-Network Working Group                                             J. Wray
-Request for Comments: 2744                                Iris Associates
-Obsoletes: 1509                                              January 2000
-Category: Standards Track
-
-
-          Generic Security Service API Version 2 : C-bindings
-
-Status of this Memo
-
-   This document specifies an Internet standards track protocol for the
-   Internet community, and requests discussion and suggestions for
-   improvements.  Please refer to the current edition of the "Internet
-   Official Protocol Standards" (STD 1) for the standardization state
-   and status of this protocol.  Distribution of this memo is unlimited.
-
-Copyright Notice
-
-   Copyright (C) The Internet Society (2000).  All Rights Reserved.
-
-Abstract
-
-   This document specifies C language bindings for Version 2, Update 1
-   of the Generic Security Service Application Program Interface (GSS-
-   API), which is described at a language-independent conceptual level
-   in RFC-2743 [GSSAPI].  It obsoletes RFC-1509, making specific
-   incremental changes in response to implementation experience and
-   liaison requests.  It is intended, therefore, that this memo or a
-   successor version thereof will become the basis for subsequent
-   progression of the GSS-API specification on the standards track.
-
-   The Generic Security Service Application Programming Interface
-   provides security services to its callers, and is intended for
-   implementation atop a variety of underlying cryptographic mechanisms.
-   Typically, GSS-API callers will be application protocols into which
-   security enhancements are integrated through invocation of services
-   provided by the GSS-API. The GSS-API allows a caller application to
-   authenticate a principal identity associated with a peer application,
-   to delegate rights to a peer, and to apply security services such as
-   confidentiality and integrity on a per-message basis.
-
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                     [Page 1]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-1.   Introduction
-
-   The Generic Security Service Application Programming Interface
-   [GSSAPI] provides security services to calling applications.  It
-   allows a communicating application to authenticate the user
-   associated with another application, to delegate rights to another
-   application, and to apply security services such as confidentiality
-   and integrity on a per-message basis.
-
-   There are four stages to using the GSS-API:
-
-   a) The application acquires a set of credentials with which it may
-      prove its identity to other processes. The application's
-      credentials vouch for its global identity, which may or may not be
-      related to any local username under which it may be running.
-
-   b) A pair of communicating applications establish a joint security
-      context using their credentials.  The security context is a pair
-      of GSS-API data structures that contain shared state information,
-      which is required in order that per-message security services may
-      be provided.  Examples of state that might be shared between
-      applications as part of a security context are cryptographic keys,
-      and message sequence numbers.  As part of the establishment of a
-      security context, the context initiator is authenticated to the
-      responder, and may require that the responder is authenticated in
-      turn.  The initiator may optionally give the responder the right
-      to initiate further security contexts, acting as an agent or
-      delegate of the initiator.  This transfer of rights is termed
-      delegation, and is achieved by creating a set of credentials,
-      similar to those used by the initiating application, but which may
-      be used by the responder.
-
-      To establish and maintain the shared information that makes up the
-      security context, certain GSS-API calls will return a token data
-      structure, which is an opaque data type that may contain
-      cryptographically protected data.  The caller of such a GSS-API
-      routine is responsible for transferring the token to the peer
-      application, encapsulated if necessary in an application-
-      application protocol.  On receipt of such a token, the peer
-      application should pass it to a corresponding GSS-API routine
-      which will decode the token and extract the information, updating
-      the security context state information accordingly.
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                     [Page 2]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   c) Per-message services are invoked to apply either:
-
-      integrity and data origin authentication, or confidentiality,
-      integrity and data origin authentication to application data,
-      which are treated by GSS-API as arbitrary octet-strings.  An
-      application transmitting a message that it wishes to protect will
-      call the appropriate GSS-API routine (gss_get_mic or gss_wrap) to
-      apply protection, specifying the appropriate security context, and
-      send the resulting token to the receiving application.  The
-      receiver will pass the received token (and, in the case of data
-      protected by gss_get_mic, the accompanying message-data) to the
-      corresponding decoding routine (gss_verify_mic or gss_unwrap) to
-      remove the protection and validate the data.
-
-   d) At the completion of a communications session (which may extend
-      across several transport connections), each application calls a
-      GSS-API routine to delete the security context.  Multiple contexts
-      may also be used (either successively or simultaneously) within a
-      single communications association, at the option of the
-      applications.
-
-2.   GSS-API Routines
-
-      This section lists the routines that make up the GSS-API, and
-      offers a brief description of the purpose of each routine.
-      Detailed descriptions of each routine are listed in alphabetical
-      order in section 5.
-
-   Table 2-1  GSS-API Credential-management Routines
-
-   Routine                Section              Function
-   -------                -------              --------
-   gss_acquire_cred           5.2  Assume a global identity; Obtain
-                                   a GSS-API credential handle for
-                                   pre-existing credentials.
-   gss_add_cred               5.3  Construct credentials
-                                   incrementally
-   gss_inquire_cred           5.21 Obtain information about a
-                                   credential
-   gss_inquire_cred_by_mech   5.22 Obtain per-mechanism information
-                                   about a credential.
-   gss_release_cred           5.27 Discard a credential handle.
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                     [Page 3]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Table 2-2  GSS-API Context-Level Routines
-
-   Routine                 Section              Function
-   -------                 -------              --------
-   gss_init_sec_context       5.19 Initiate a security context with
-                                   a peer application
-   gss_accept_sec_context     5.1  Accept a security context
-                                   initiated by a
-                                   peer application
-   gss_delete_sec_context     5.9  Discard a security context
-   gss_process_context_token  5.25 Process a token on a security
-                                   context from a peer application
-   gss_context_time           5.7  Determine for how long a context
-                                   will remain valid
-   gss_inquire_context        5.20 Obtain information about a
-                                   security context
-   gss_wrap_size_limit        5.34 Determine token-size limit for
-                                   gss_wrap on a context
-   gss_export_sec_context     5.14 Transfer a security context to
-                                   another process
-   gss_import_sec_context     5.17 Import a transferred context
-
-
-   Table 2-3  GSS-API Per-message Routines
-
-   Routine                 Section              Function
-   -------                 -------              --------
-   gss_get_mic                5.15 Calculate a cryptographic message
-                                   integrity code (MIC) for a
-                                   message; integrity service
-   gss_verify_mic             5.32 Check a MIC against a message;
-                                   verify integrity of a received
-                                   message
-   gss_wrap                   5.33 Attach a MIC to a message, and
-                                   optionally encrypt the message
-                                   content;
-                                   confidentiality service
-   gss_unwrap                 5.31 Verify a message with attached
-                                   MIC, and decrypt message content
-                                   if necessary.
-
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                     [Page 4]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Table 2-4  GSS-API Name manipulation Routines
-
-   Routine                 Section              Function
-   -------                 -------              --------
-   gss_import_name            5.16 Convert a contiguous string name
-                                   to internal-form
-   gss_display_name           5.10 Convert internal-form name to
-                                   text
-   gss_compare_name           5.6  Compare two internal-form names
-
-   gss_release_name           5.28 Discard an internal-form name
-   gss_inquire_names_for_mech 5.24 List the name-types supported by
-                                   the specified mechanism
-   gss_inquire_mechs_for_name 5.23 List mechanisms that support the
-                                   specified name-type
-   gss_canonicalize_name      5.5  Convert an internal name to an MN
-   gss_export_name            5.13 Convert an MN to export form
-   gss_duplicate_name         5.12 Create a copy of an internal name
-
-
-   Table 2-5  GSS-API Miscellaneous Routines
-
-   Routine                Section              Function
-   -------                -------              --------
-   gss_add_oid_set_member    5.4  Add an object identifier to
-                                  a set
-   gss_display_status        5.11 Convert a GSS-API status code
-                                  to text
-   gss_indicate_mechs        5.18 Determine available underlying
-                                  authentication mechanisms
-   gss_release_buffer        5.26 Discard a buffer
-   gss_release_oid_set       5.29 Discard a set of object
-                                  identifiers
-   gss_create_empty_oid_set  5.8  Create a set containing no
-                                  object identifiers
-   gss_test_oid_set_member   5.30 Determines whether an object
-                                       identifier is a member of a set.
-
-   Individual GSS-API implementations may augment these routines by
-   providing additional mechanism-specific routines if required
-   functionality is not available from the generic forms. Applications
-   are encouraged to use the generic routines wherever possible on
-   portability grounds.
-
-
-
-
-
-
-
-
-Wray                        Standards Track                     [Page 5]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-3.   Data Types and Calling Conventions
-
-   The following conventions are used by the GSS-API C-language
-   bindings:
-
-3.1. Integer types
-
-   GSS-API uses the following integer data type:
-
-   OM_uint32    32-bit unsigned integer
-
-   Where guaranteed minimum bit-count is important, this portable data
-   type is used by the GSS-API routine definitions.  Individual GSS-API
-   implementations will include appropriate typedef definitions to map
-   this type onto a built-in data type.  If the platform supports the
-   X/Open xom.h header file, the OM_uint32 definition contained therein
-   should be used; the GSS-API header file in Appendix A contains logic
-   that will detect the prior inclusion of xom.h, and will not attempt
-   to re-declare OM_uint32.  If the X/Open header file is not available
-   on the platform, the GSS-API implementation should use the smallest
-   natural unsigned integer type that provides at least 32 bits of
-   precision.
-
-3.2. String and similar data
-
-   Many of the GSS-API routines take arguments and return values that
-   describe contiguous octet-strings.  All such data is passed between
-   the GSS-API and the caller using the gss_buffer_t data type.  This
-   data type is a pointer to a buffer descriptor, which consists of a
-   length field that contains the total number of bytes in the datum,
-   and a value field which contains a pointer to the actual datum:
-
-   typedef struct gss_buffer_desc_struct {
-      size_t    length;
-      void      *value;
-   } gss_buffer_desc, *gss_buffer_t;
-
-   Storage for data returned to the application by a GSS-API routine
-   using the gss_buffer_t conventions is allocated by the GSS-API
-   routine.  The application may free this storage by invoking the
-   gss_release_buffer routine.  Allocation of the gss_buffer_desc object
-   is always the responsibility of the application;  unused
-   gss_buffer_desc objects may be initialized to the value
-   GSS_C_EMPTY_BUFFER.
-
-
-
-
-
-
-
-Wray                        Standards Track                     [Page 6]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-3.2.1. Opaque data types
-
-   Certain multiple-word data items are considered opaque data types at
-   the GSS-API, because their internal structure has no significance
-   either to the GSS-API or to the caller.  Examples of such opaque data
-   types are the input_token parameter to gss_init_sec_context (which is
-   opaque to the caller), and the input_message parameter to gss_wrap
-   (which is opaque to the GSS-API).  Opaque data is passed between the
-   GSS-API and the application using the gss_buffer_t datatype.
-
-3.2.2. Character strings
-
-   Certain multiple-word data items may be regarded as simple ISO
-   Latin-1 character strings.  Examples are the printable strings passed
-   to gss_import_name via the input_name_buffer parameter. Some GSS-API
-   routines also return character strings.  All such character strings
-   are passed between the application and the GSS-API implementation
-   using the gss_buffer_t datatype, which is a pointer to a
-   gss_buffer_desc object.
-
-   When a gss_buffer_desc object describes a printable string, the
-   length field of the gss_buffer_desc should only count printable
-   characters within the string.  In particular, a trailing NUL
-   character should NOT be included in the length count, nor should
-   either the GSS-API implementation or the application assume the
-   presence of an uncounted trailing NUL.
-
-3.3. Object Identifiers
-
-   Certain GSS-API procedures take parameters of the type gss_OID, or
-   Object identifier.  This is a type containing ISO-defined tree-
-   structured values, and is used by the GSS-API caller to select an
-   underlying security mechanism and to specify namespaces.  A value of
-   type gss_OID has the following structure:
-
-   typedef struct gss_OID_desc_struct {
-      OM_uint32   length;
-      void        *elements;
-   } gss_OID_desc, *gss_OID;
-
-   The elements field of this structure points to the first byte of an
-   octet string containing the ASN.1 BER encoding of the value portion
-   of the normal BER TLV encoding of the gss_OID.  The length field
-   contains the number of bytes in this value.  For example, the gss_OID
-   value corresponding to {iso(1) identified-organization(3) icd-
-   ecma(12) member-company(2) dec(1011) cryptoAlgorithms(7) DASS(5)},
-   meaning the DASS X.509 authentication mechanism, has a length field
-   of 7 and an elements field pointing to seven octets containing the
-
-
-
-Wray                        Standards Track                     [Page 7]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   following octal values: 53,14,2,207,163,7,5. GSS-API implementations
-   should provide constant gss_OID values to allow applications to
-   request any supported mechanism, although applications are encouraged
-   on portability grounds to accept the default mechanism.  gss_OID
-   values should also be provided to allow applications to specify
-   particular name types (see section 3.10).  Applications should treat
-   gss_OID_desc values returned by GSS-API routines as read-only.  In
-   particular, the application should not attempt to deallocate them
-   with free().  The gss_OID_desc datatype is equivalent to the X/Open
-   OM_object_identifier datatype[XOM].
-
-3.4. Object Identifier Sets
-
-   Certain GSS-API procedures take parameters of the type gss_OID_set.
-   This type represents one or more object identifiers (section 2.3).  A
-   gss_OID_set object has the following structure:
-
-   typedef struct gss_OID_set_desc_struct {
-      size_t    count;
-      gss_OID   elements;
-   } gss_OID_set_desc, *gss_OID_set;
-
-   The count field contains the number of OIDs within the set.  The
-   elements field is a pointer to an array of gss_OID_desc objects, each
-   of which describes a single OID.  gss_OID_set values are used to name
-   the available mechanisms supported by the GSS-API, to request the use
-   of specific mechanisms, and to indicate which mechanisms a given
-   credential supports.
-
-   All OID sets returned to the application by GSS-API are dynamic
-   objects (the gss_OID_set_desc, the "elements" array of the set, and
-   the "elements" array of each member OID are all dynamically
-   allocated), and this storage must be deallocated by the application
-   using the gss_release_oid_set() routine.
-
-3.5. Credentials
-
-   A credential handle is a caller-opaque atomic datum that identifies a
-   GSS-API credential data structure.  It is represented by the caller-
-   opaque type gss_cred_id_t, which should be implemented as a pointer
-   or arithmetic type.  If a pointer implementation is chosen, care must
-   be taken to ensure that two gss_cred_id_t values may be compared with
-   the == operator.
-
-   GSS-API credentials can contain mechanism-specific principal
-   authentication data for multiple mechanisms.  A GSS-API credential is
-   composed of a set of credential-elements, each of which is applicable
-   to a single mechanism.  A credential may contain at most one
-
-
-
-Wray                        Standards Track                     [Page 8]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   credential-element for each supported mechanism. A credential-element
-   identifies the data needed by a single mechanism to authenticate a
-   single principal, and conceptually contains two credential-references
-   that describe the actual mechanism-specific authentication data, one
-   to be used by GSS-API for initiating contexts,  and one to be used
-   for accepting contexts.  For mechanisms that do not distinguish
-   between acceptor and initiator credentials, both references would
-   point to the same underlying mechanism-specific authentication data.
-
-   Credentials describe a set of mechanism-specific principals, and give
-   their holder the ability to act as any of those principals. All
-   principal identities asserted by a single GSS-API credential should
-   belong to the same entity, although enforcement of this property is
-   an implementation-specific matter.  The GSS-API does not make the
-   actual credentials available to applications; instead a credential
-   handle is used to identify a particular credential, held internally
-   by GSS-API.  The combination of GSS-API credential handle and
-   mechanism identifies the principal whose identity will be asserted by
-   the credential when used with that mechanism.
-
-   The gss_init_sec_context and gss_accept_sec_context routines allow
-   the value GSS_C_NO_CREDENTIAL to be specified as their credential
-   handle parameter.  This special credential-handle indicates a desire
-   by the application to act as a default principal.  While individual
-   GSS-API implementations are free to determine such default behavior
-   as appropriate to the mechanism, the following default behavior by
-   these routines is recommended for portability:
-
-   gss_init_sec_context
-
-      1) If there is only a single principal capable of initiating
-         security contexts for the chosen mechanism that the application
-         is authorized to act on behalf of, then that principal shall be
-         used, otherwise
-
-      2) If the platform maintains a concept of a default network-
-         identity for the chosen mechanism, and if the application is
-         authorized to act on behalf of that identity for the purpose of
-         initiating security contexts, then the principal corresponding
-         to that identity shall be used, otherwise
-
-      3) If the platform maintains a concept of a default local
-         identity, and provides a means to map local identities into
-         network-identities for the chosen mechanism, and if the
-         application is authorized to act on behalf of the network-
-         identity image of the default local identity for the purpose of
-
-
-
-
-
-Wray                        Standards Track                     [Page 9]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-         initiating security contexts using the chosen mechanism, then
-         the principal corresponding to that identity shall be used,
-         otherwise
-
-      4) A user-configurable default identity should be used.
-
-   gss_accept_sec_context
-
-      1) If there is only a single authorized principal identity capable
-         of accepting security contexts for the chosen mechanism, then
-         that principal shall be used, otherwise
-
-      2) If the mechanism can determine the identity of the target
-         principal by examining the context-establishment token, and if
-         the accepting application is authorized to act as that
-         principal for the purpose of accepting security contexts using
-         the chosen mechanism, then that principal identity shall be
-         used, otherwise
-
-      3) If the mechanism supports context acceptance by any principal,
-         and if mutual authentication was not requested, any principal
-         that the application is authorized to accept security contexts
-         under using the chosen mechanism may be used, otherwise
-
-      4)A user-configurable default identity shall be used.
-
-   The purpose of the above rules is to allow security contexts to be
-   established by both initiator and acceptor using the default behavior
-   wherever possible.  Applications requesting default behavior are
-   likely to be more portable across mechanisms and platforms than ones
-   that use gss_acquire_cred to request a specific identity.
-
-3.6. Contexts
-
-   The gss_ctx_id_t data type contains a caller-opaque atomic value that
-   identifies one end of a GSS-API security context.  It should be
-   implemented as a pointer or arithmetic type.  If a pointer type is
-   chosen, care should be taken to ensure that two gss_ctx_id_t values
-   may be compared with the == operator.
-
-   The security context holds state information about each end of a peer
-   communication, including cryptographic state information.
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 10]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-3.7. Authentication tokens
-
-   A token is a caller-opaque type that GSS-API uses to maintain
-   synchronization between the context data structures at each end of a
-   GSS-API security context.  The token is a cryptographically protected
-   octet-string, generated by the underlying mechanism at one end of a
-   GSS-API security context for use by the peer mechanism at the other
-   end.  Encapsulation (if required) and transfer of the token are the
-   responsibility of the peer applications.  A token is passed between
-   the GSS-API and the application using the gss_buffer_t conventions.
-
-3.8. Interprocess tokens
-
-   Certain GSS-API routines are intended to transfer data between
-   processes in multi-process programs.  These routines use a caller-
-   opaque octet-string, generated by the GSS-API in one process for use
-   by the GSS-API in another process.  The calling application is
-   responsible for transferring such tokens between processes in an OS-
-   specific manner.  Note that, while GSS-API implementors are
-   encouraged to avoid placing sensitive information within interprocess
-   tokens, or to cryptographically protect them, many implementations
-   will be unable to avoid placing key material or other sensitive data
-   within them.  It is the application's responsibility to ensure that
-   interprocess tokens are protected in transit, and transferred only to
-   processes that are trustworthy. An interprocess token is passed
-   between the GSS-API and the application using the gss_buffer_t
-   conventions.
-
-3.9. Status values
-
-   Every GSS-API routine returns two distinct values to report status
-   information to the caller: GSS status codes and Mechanism status
-   codes.
-
-3.9.1. GSS status codes
-
-   GSS-API routines return GSS status codes as their OM_uint32 function
-   value.  These codes indicate errors that are independent of the
-   underlying mechanism(s) used to provide the security service.  The
-   errors that can be indicated via a GSS status code are either generic
-   API routine errors (errors that are defined in the GSS-API
-   specification) or calling errors (errors that are specific to these
-   language bindings).
-
-   A GSS status code can indicate a single fatal generic API error from
-   the routine and a single calling error.  In addition, supplementary
-   status information may be indicated via the setting of bits in the
-   supplementary info field of a GSS status code.
-
-
-
-Wray                        Standards Track                    [Page 11]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   These errors are encoded into the 32-bit GSS status code as follows:
-
-      MSB                                                        LSB
-      |------------------------------------------------------------|
-      |  Calling Error | Routine Error  |    Supplementary Info    |
-      |------------------------------------------------------------|
-   Bit 31            24 23            16 15                       0
-
-   Hence if a GSS-API routine returns a GSS status code whose upper 16
-   bits contain a non-zero value, the call failed.  If the calling error
-   field is non-zero, the invoking application's call of the routine was
-   erroneous.  Calling errors are defined in table 5-1.  If the routine
-   error field is non-zero, the routine failed for one of the routine-
-   specific reasons listed below in table 5-2.  Whether or not the upper
-   16 bits indicate a failure or a success, the routine may indicate
-   additional information by setting bits in the supplementary info
-   field of the status code. The meaning of individual bits is listed
-   below in table 5-3.
-
-   Table 3-1  Calling Errors
-
-   Name                   Value in field           Meaning
-   ----                   --------------           -------
-   GSS_S_CALL_INACCESSIBLE_READ  1       A required input parameter
-                                         could not be read
-   GSS_S_CALL_INACCESSIBLE_WRITE 2       A required output parameter
-                                          could not be written.
-   GSS_S_CALL_BAD_STRUCTURE      3       A parameter was malformed
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 12]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Table 3-2  Routine Errors
-
-   Name                   Value in field           Meaning
-   ----                   --------------           -------
-   GSS_S_BAD_MECH                1       An unsupported mechanism
-                                         was requested
-   GSS_S_BAD_NAME                2       An invalid name was
-                                         supplied
-   GSS_S_BAD_NAMETYPE            3       A supplied name was of an
-                                         unsupported type
-   GSS_S_BAD_BINDINGS            4       Incorrect channel bindings
-                                         were supplied
-   GSS_S_BAD_STATUS              5       An invalid status code was
-                                         supplied
-   GSS_S_BAD_MIC GSS_S_BAD_SIG   6       A token had an invalid MIC
-   GSS_S_NO_CRED                 7       No credentials were
-                                         supplied, or the
-                                         credentials were
-                                         unavailable or
-                                         inaccessible.
-   GSS_S_NO_CONTEXT              8       No context has been
-                                         established
-   GSS_S_DEFECTIVE_TOKEN         9       A token was invalid
-   GSS_S_DEFECTIVE_CREDENTIAL   10       A credential was invalid
-   GSS_S_CREDENTIALS_EXPIRED    11       The referenced credentials
-                                         have expired
-   GSS_S_CONTEXT_EXPIRED        12       The context has expired
-   GSS_S_FAILURE                13       Miscellaneous failure (see
-                                         text)
-   GSS_S_BAD_QOP                14       The quality-of-protection
-                                         requested could not be
-                                         provided
-   GSS_S_UNAUTHORIZED           15       The operation is forbidden
-                                         by local security policy
-   GSS_S_UNAVAILABLE            16       The operation or option is
-                                         unavailable
-   GSS_S_DUPLICATE_ELEMENT      17       The requested credential
-                                         element already exists
-   GSS_S_NAME_NOT_MN            18       The provided name was not a
-                                         mechanism name
-
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 13]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Table 3-3  Supplementary Status Bits
-
-   Name                   Bit Number           Meaning
-   ----                   ----------           -------
-   GSS_S_CONTINUE_NEEDED   0 (LSB)   Returned only by
-                                     gss_init_sec_context or
-                                     gss_accept_sec_context. The
-                                     routine must be called again
-                                     to complete its function.
-                                     See routine documentation for
-                                     detailed description
-   GSS_S_DUPLICATE_TOKEN   1         The token was a duplicate of
-                                     an earlier token
-   GSS_S_OLD_TOKEN         2         The token's validity period
-                                     has expired
-   GSS_S_UNSEQ_TOKEN       3         A later token has already been
-                                     processed
-   GSS_S_GAP_TOKEN         4         An expected per-message token
-                                     was not received
-
-   The routine documentation also uses the name GSS_S_COMPLETE, which is
-   a zero value, to indicate an absence of any API errors or
-   supplementary information bits.
-
-   All GSS_S_xxx symbols equate to complete OM_uint32 status codes,
-   rather than to bitfield values.  For example, the actual value of the
-   symbol GSS_S_BAD_NAMETYPE (value 3 in the routine error field) is
-   3<<16.  The macros GSS_CALLING_ERROR(), GSS_ROUTINE_ERROR() and
-   GSS_SUPPLEMENTARY_INFO() are provided, each of which takes a GSS
-   status code and removes all but the relevant field.  For example, the
-   value obtained by applying GSS_ROUTINE_ERROR to a status code removes
-   the calling errors and supplementary info fields, leaving only the
-   routine errors field.  The values delivered by these macros may be
-   directly compared with a GSS_S_xxx symbol of the appropriate type.
-   The macro GSS_ERROR() is also provided, which when applied to a GSS
-   status code returns a non-zero value if the status code indicated a
-   calling or routine error, and a zero value otherwise.  All macros
-   defined by GSS-API evaluate their argument(s) exactly once.
-
-   A GSS-API implementation may choose to signal calling errors in a
-   platform-specific manner instead of, or in addition to the routine
-   value;  routine errors and supplementary info should be returned via
-   major status values only.
-
-   The GSS major status code GSS_S_FAILURE is used to indicate that the
-   underlying mechanism detected an error for which no specific GSS
-   status code is defined.  The mechanism-specific status code will
-   provide more details about the error.
-
-
-
-Wray                        Standards Track                    [Page 14]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-3.9.2. Mechanism-specific status codes
-
-   GSS-API routines return a minor_status parameter, which is used to
-   indicate specialized errors from the underlying security mechanism.
-   This parameter may contain a single mechanism-specific error,
-   indicated by a OM_uint32 value.
-
-   The minor_status parameter will always be set by a GSS-API routine,
-   even if it returns a calling error or one of the generic API errors
-   indicated above as fatal, although most other output parameters may
-   remain unset in such cases.  However, output parameters that are
-   expected to return pointers to storage allocated by a routine must
-   always be set by the routine, even in the event of an error, although
-   in such cases the GSS-API routine may elect to set the returned
-   parameter value to NULL to indicate that no storage was actually
-   allocated.  Any length field associated with such pointers (as in a
-   gss_buffer_desc structure) should also be set to zero in such cases.
-
-3.10. Names
-
-   A name is used to identify a person or entity.  GSS-API authenticates
-   the relationship between a name and the entity claiming the name.
-
-   Since different authentication mechanisms may employ different
-   namespaces for identifying their principals, GSSAPI's naming support
-   is necessarily complex in multi-mechanism environments (or even in
-   some single-mechanism environments where the underlying mechanism
-   supports multiple namespaces).
-
-   Two distinct representations are defined for names:
-
-   An internal form.  This is the GSS-API "native" format for names,
-      represented by the implementation-specific gss_name_t type.  It is
-      opaque to GSS-API callers.  A single gss_name_t object may contain
-      multiple names from different namespaces, but all names should
-      refer to the same entity.  An example of such an internal name
-      would be the name returned from a call to the gss_inquire_cred
-      routine, when applied to a credential containing credential
-      elements for multiple authentication mechanisms employing
-      different namespaces.  This gss_name_t object will contain a
-      distinct name for the entity for each authentication mechanism.
-
-      For GSS-API implementations supporting multiple namespaces,
-      objects of type gss_name_t must contain sufficient information to
-      determine the namespace to which each primitive name belongs.
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 15]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Mechanism-specific contiguous octet-string forms.  A format
-      capable of containing a single name (from a single namespace).
-      Contiguous string names are always accompanied by an object
-      identifier specifying the namespace to which the name belongs, and
-      their format is dependent on the authentication mechanism that
-      employs the name.  Many, but not all, contiguous string names will
-      be printable, and may therefore be used by GSS-API applications
-      for communication with their users.
-
-   Routines (gss_import_name and gss_display_name) are provided to
-   convert names between contiguous string representations and the
-   internal gss_name_t type.  gss_import_name may support multiple
-   syntaxes for each supported namespace, allowing users the freedom to
-   choose a preferred name representation. gss_display_name should use
-   an implementation-chosen printable syntax for each supported name-
-   type.
-
-   If an application calls gss_display_name(), passing the internal name
-   resulting from a call to gss_import_name(), there is no guarantee the
-   the resulting contiguous string name will be the same as the original
-   imported string name.  Nor do name-space identifiers necessarily
-   survive unchanged after a journey through the internal name-form.  An
-   example of this might be a mechanism that authenticates X.500 names,
-   but provides an algorithmic mapping of Internet DNS names into X.500.
-   That mechanism's implementation of gss_import_name() might, when
-   presented with a DNS name, generate an internal name that contained
-   both the original DNS name and the equivalent X.500 name.
-   Alternatively, it might only store the X.500 name.  In the latter
-   case, gss_display_name() would most likely generate a printable X.500
-   name, rather than the original DNS name.
-
-   The process of authentication delivers to the context acceptor an
-   internal name.  Since this name has been authenticated by a single
-   mechanism, it contains only a single name (even if the internal name
-   presented by the context initiator to gss_init_sec_context had
-   multiple components).  Such names are termed internal mechanism
-   names, or "MN"s and the names emitted by gss_accept_sec_context() are
-   always of this type.  Since some applications may require MNs without
-   wanting to incur the overhead of an authentication operation, a
-   second function, gss_canonicalize_name(), is provided to convert a
-   general internal name into an MN.
-
-   Comparison of internal-form names may be accomplished via the
-   gss_compare_name() routine, which returns true if the two names being
-   compared refer to the same entity.  This removes the need for the
-   application program to understand the syntaxes of the various
-   printable names that a given GSS-API implementation may support.
-   Since GSS-API assumes that all primitive names contained within a
-
-
-
-Wray                        Standards Track                    [Page 16]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   given internal name refer to the same entity, gss_compare_name() can
-   return true if the two names have at least one primitive name in
-   common.  If the implementation embodies knowledge of equivalence
-   relationships between names taken from different namespaces, this
-   knowledge may also allow successful comparison of internal names
-   containing no overlapping primitive elements.
-
-   When used in large access control lists, the overhead of invoking
-   gss_import_name() and gss_compare_name() on each name from the ACL
-   may be prohibitive.  As an alternative way of supporting this case,
-   GSS-API defines a special form of the contiguous string name which
-   may be compared directly (e.g. with memcmp()).  Contiguous names
-   suitable for comparison are generated by the gss_export_name()
-   routine, which requires an MN as input.  Exported names may be re-
-   imported by the gss_import_name() routine, and the resulting internal
-   name will also be an MN.  The gss_OID constant GSS_C_NT_EXPORT_NAME
-   indentifies the "export name" type, and the value of this constant is
-   given in Appendix A.  Structurally, an exported name object consists
-   of a header containing an OID identifying the mechanism that
-   authenticated the name, and a trailer containing the name itself,
-   where the syntax of the trailer is defined by the individual
-   mechanism specification.   The precise format of an export name is
-   defined in the language-independent GSS-API specification [GSSAPI].
-
-   Note that the results obtained by using gss_compare_name() will in
-   general be different from those obtained by invoking
-   gss_canonicalize_name() and gss_export_name(), and then comparing the
-   exported names.  The first series of operation determines whether two
-   (unauthenticated) names identify the same principal; the second
-   whether a particular mechanism would authenticate them as the same
-   principal.  These two operations will in general give the same
-   results only for MNs.
-
-   The gss_name_t datatype should be implemented as a pointer type. To
-   allow the compiler to aid the application programmer by performing
-   type-checking, the use of (void *) is discouraged.  A pointer to an
-   implementation-defined type is the preferred choice.
-
-   Storage is allocated by routines that return gss_name_t values. A
-   procedure, gss_release_name, is provided to free storage associated
-   with an internal-form name.
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 17]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-3.11. Channel Bindings
-
-   GSS-API supports the use of user-specified tags to identify a given
-   context to the peer application.  These tags are intended to be used
-   to identify the particular communications channel that carries the
-   context.  Channel bindings are communicated to the GSS-API using the
-   following structure:
-
-   typedef struct gss_channel_bindings_struct {
-      OM_uint32       initiator_addrtype;
-      gss_buffer_desc initiator_address;
-      OM_uint32       acceptor_addrtype;
-      gss_buffer_desc acceptor_address;
-      gss_buffer_desc application_data;
-   } *gss_channel_bindings_t;
-
-   The initiator_addrtype and acceptor_addrtype fields denote the type
-   of addresses contained in the initiator_address and acceptor_address
-   buffers.  The address type should be one of the following:
-
-   GSS_C_AF_UNSPEC     Unspecified address type
-   GSS_C_AF_LOCAL      Host-local address type
-   GSS_C_AF_INET       Internet address type (e.g. IP)
-   GSS_C_AF_IMPLINK    ARPAnet IMP address type
-   GSS_C_AF_PUP        pup protocols (eg BSP) address type
-   GSS_C_AF_CHAOS      MIT CHAOS protocol address type
-   GSS_C_AF_NS         XEROX NS address type
-   GSS_C_AF_NBS        nbs address type
-   GSS_C_AF_ECMA       ECMA address type
-   GSS_C_AF_DATAKIT    datakit protocols address type
-   GSS_C_AF_CCITT      CCITT protocols
-   GSS_C_AF_SNA        IBM SNA address type
-   GSS_C_AF_DECnet     DECnet address type
-   GSS_C_AF_DLI        Direct data link interface address type
-   GSS_C_AF_LAT        LAT address type
-   GSS_C_AF_HYLINK     NSC Hyperchannel address type
-   GSS_C_AF_APPLETALK  AppleTalk address type
-   GSS_C_AF_BSC        BISYNC 2780/3780 address type
-   GSS_C_AF_DSS        Distributed system services address type
-   GSS_C_AF_OSI        OSI TP4 address type
-   GSS_C_AF_X25        X.25
-   GSS_C_AF_NULLADDR   No address specified
-
-   Note that these symbols name address families rather than specific
-   addressing formats.  For address families that contain several
-   alternative address forms, the initiator_address and acceptor_address
-   fields must contain sufficient information to determine which address
-
-
-
-
-Wray                        Standards Track                    [Page 18]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   form is used.  When not otherwise specified, addresses should be
-   specified in network byte-order (that is, native byte-ordering for
-   the address family).
-
-   Conceptually, the GSS-API concatenates the initiator_addrtype,
-   initiator_address, acceptor_addrtype, acceptor_address and
-   application_data to form an octet string.  The mechanism calculates a
-   MIC over this octet string, and binds the MIC to the context
-   establishment token emitted by gss_init_sec_context. The same
-   bindings are presented by the context acceptor to
-   gss_accept_sec_context, and a MIC is calculated in the same way. The
-   calculated MIC is compared with that found in the token, and if the
-   MICs differ, gss_accept_sec_context will return a GSS_S_BAD_BINDINGS
-   error, and the context will not be established.  Some mechanisms may
-   include the actual channel binding data in the token (rather than
-   just a MIC); applications should therefore not use confidential data
-   as channel-binding components.
-
-   Individual mechanisms may impose additional constraints on addresses
-   and address types that may appear in channel bindings.  For example,
-   a mechanism may verify that the initiator_address field of the
-   channel bindings presented to gss_init_sec_context contains the
-   correct network address of the host system.  Portable applications
-   should therefore ensure that they either provide correct information
-   for the address fields, or omit addressing information, specifying
-   GSS_C_AF_NULLADDR as the address-types.
-
-3.12. Optional parameters
-
-   Various parameters are described as optional.  This means that they
-   follow a convention whereby a default value may be requested.  The
-   following conventions are used for omitted parameters.  These
-   conventions apply only to those parameters that are explicitly
-   documented as optional.
-
-3.12.1. gss_buffer_t types
-
-   Specify GSS_C_NO_BUFFER as a value.  For an input parameter this
-   signifies that default behavior is requested, while for an output
-   parameter it indicates that the information that would be returned
-   via the parameter is not required by the application.
-
-3.12.2. Integer types (input)
-
-   Individual parameter documentation lists values to be used to
-   indicate default actions.
-
-
-
-
-
-Wray                        Standards Track                    [Page 19]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-3.12.3. Integer types (output)
-
-   Specify NULL as the value for the pointer.
-
-3.12.4. Pointer types
-
-   Specify NULL as the value.
-
-3.12.5. Object IDs
-
-   Specify GSS_C_NO_OID as the value.
-
-3.12.6. Object ID Sets
-
-   Specify GSS_C_NO_OID_SET as the value.
-
-3.12.7. Channel Bindings
-
-   Specify GSS_C_NO_CHANNEL_BINDINGS to indicate that channel bindings
-   are not to be used.
-
-4.   Additional Controls
-
-   This section discusses the optional services that a context initiator
-   may request of the GSS-API at context establishment. Each of these
-   services is requested by setting a flag in the req_flags input
-   parameter to gss_init_sec_context.
-
-   The optional services currently defined are:
-
-   Delegation - The (usually temporary) transfer of rights from
-       initiator to acceptor, enabling the acceptor to authenticate
-       itself as an agent of the initiator.
-
-   Mutual Authentication - In addition to the initiator authenticating
-       its identity to the context acceptor, the context acceptor should
-       also authenticate itself to the initiator.
-
-   Replay detection - In addition to providing message integrity
-       services, gss_get_mic and gss_wrap should include message
-       numbering information to enable gss_verify_mic and gss_unwrap to
-       detect if a message has been duplicated.
-
-   Out-of-sequence detection - In addition to providing message
-       integrity services, gss_get_mic and gss_wrap should include
-       message sequencing information to enable gss_verify_mic and
-       gss_unwrap to detect if a message has been received out of
-       sequence.
-
-
-
-Wray                        Standards Track                    [Page 20]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Anonymous authentication - The establishment of the security context
-       should not reveal the initiator's identity to the context
-       acceptor.
-
-   Any currently undefined bits within such flag arguments should be
-   ignored by GSS-API implementations when presented by an application,
-   and should be set to zero when returned to the application by the
-   GSS-API implementation.
-
-   Some mechanisms may not support all optional services, and some
-   mechanisms may only support some services in conjunction with others.
-   Both gss_init_sec_context and gss_accept_sec_context inform the
-   applications which services will be available from the context when
-   the establishment phase is complete, via the ret_flags output
-   parameter.  In general, if the security mechanism is capable of
-   providing a requested service, it should do so, even if additional
-   services must be enabled in order to provide the requested service.
-   If the mechanism is incapable of providing a requested service, it
-   should proceed without the service, leaving the application to abort
-   the context establishment process if it considers the requested
-   service to be mandatory.
-
-   Some mechanisms may specify that support for some services is
-   optional, and that implementors of the mechanism need not provide it.
-   This is most commonly true of the confidentiality service, often
-   because of legal restrictions on the use of data-encryption, but may
-   apply to any of the services.  Such mechanisms are required to send
-   at least one token from acceptor to initiator during context
-   establishment when the initiator indicates a desire to use such a
-   service, so that the initiating GSS-API can correctly indicate
-   whether the service is supported by the acceptor's GSS-API.
-
-4.1. Delegation
-
-   The GSS-API allows delegation to be controlled by the initiating
-   application via a boolean parameter to gss_init_sec_context(), the
-   routine that establishes a security context.  Some mechanisms do not
-   support delegation, and for such mechanisms attempts by an
-   application to enable delegation are ignored.
-
-   The acceptor of a security context for which the initiator enabled
-   delegation will receive (via the delegated_cred_handle parameter of
-   gss_accept_sec_context) a credential handle that contains the
-   delegated identity, and this credential handle may be used to
-   initiate subsequent GSS-API security contexts as an agent or delegate
-   of the initiator.  If the original initiator's identity is "A" and
-   the delegate's identity is "B", then, depending on the underlying
-   mechanism, the identity embodied by the delegated credential may be
-
-
-
-Wray                        Standards Track                    [Page 21]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   either "A" or "B acting for A".
-
-   For many mechanisms that support delegation, a simple boolean does
-   not provide enough control.  Examples of additional aspects of
-   delegation control that a mechanism might provide to an application
-   are duration of delegation, network addresses from which delegation
-   is valid, and constraints on the tasks that may be performed by a
-   delegate.  Such controls are presently outside the scope of the GSS-
-   API.  GSS-API implementations supporting mechanisms offering
-   additional controls should provide extension routines that allow
-   these controls to be exercised (perhaps by modifying the initiator's
-   GSS-API credential prior to its use in establishing a context).
-   However, the simple delegation control provided by GSS-API should
-   always be able to over-ride other mechanism-specific delegation
-   controls - If the application instructs gss_init_sec_context() that
-   delegation is not desired, then the implementation must not permit
-   delegation to occur. This is an exception to the general rule that a
-   mechanism may enable services even if they are not requested -
-   delegation may only be provided at the explicit request of the
-   application.
-
-4.2. Mutual authentication
-
-   Usually, a context acceptor will require that a context initiator
-   authenticate itself so that the acceptor may make an access-control
-   decision prior to performing a service for the initiator.  In some
-   cases, the initiator may also request that the acceptor authenticate
-   itself.  GSS-API allows the initiating application to request this
-   mutual authentication service by setting a flag when calling
-   gss_init_sec_context.
-
-   The initiating application is informed as to whether or not the
-   context acceptor has authenticated itself.  Note that some mechanisms
-   may not support mutual authentication, and other mechanisms may
-   always perform mutual authentication, whether or not the initiating
-   application requests it.  In particular, mutual authentication my be
-   required by some mechanisms in order to support replay or out-of-
-   sequence message detection, and for such mechanisms a request for
-   either of these services will automatically enable mutual
-   authentication.
-
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 22]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-4.3. Replay and out-of-sequence detection
-
-   The GSS-API may provide detection of mis-ordered message once a
-   security context has been established.  Protection may be applied to
-   messages by either application, by calling either gss_get_mic or
-   gss_wrap, and verified by the peer application by calling
-   gss_verify_mic or gss_unwrap.
-
-   gss_get_mic calculates a cryptographic MIC over an application
-   message, and returns that MIC in a token.  The application should
-   pass both the token and the message to the peer application, which
-   presents them to gss_verify_mic.
-
-   gss_wrap calculates a cryptographic MIC of an application message,
-   and places both the MIC and the message inside a single token.  The
-   Application should pass the token to the peer application, which
-   presents it to gss_unwrap to extract the message and verify the MIC.
-
-   Either pair of routines may be capable of detecting out-of-sequence
-   message delivery, or duplication of messages. Details of such mis-
-   ordered messages are indicated through supplementary status bits in
-   the major status code returned by gss_verify_mic or gss_unwrap.  The
-   relevant supplementary bits are:
-
-   GSS_S_DUPLICATE_TOKEN - The token is a duplicate of one that has
-                    already been received and processed.  Only
-                    contexts that claim to provide replay detection
-                    may set this bit.
-   GSS_S_OLD_TOKEN - The token is too old to determine whether or
-                    not it is a duplicate.  Contexts supporting
-                    out-of-sequence detection but not replay
-                    detection should always set this bit if
-                    GSS_S_UNSEQ_TOKEN is set; contexts that support
-                    replay detection should only set this bit if the
-                    token is so old that it cannot be checked for
-                    duplication.
-   GSS_S_UNSEQ_TOKEN - A later token has already been processed.
-   GSS_S_GAP_TOKEN - An earlier token has not yet been received.
-
-   A mechanism need not maintain a list of all tokens that have been
-   processed in order to support these status codes.  A typical
-   mechanism might retain information about only the most recent "N"
-   tokens processed, allowing it to distinguish duplicates and missing
-   tokens within the most recent "N" messages; the receipt of a token
-   older than the most recent "N" would result in a GSS_S_OLD_TOKEN
-   status.
-
-
-
-
-
-Wray                        Standards Track                    [Page 23]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-4.4. Anonymous Authentication
-
-   In certain situations, an application may wish to initiate the
-   authentication process to authenticate a peer, without revealing its
-   own identity.  As an example, consider an application providing
-   access to a database containing medical information, and offering
-   unrestricted access to the service.  A client of such a service might
-   wish to authenticate the service (in order to establish trust in any
-   information retrieved from it), but might not wish the service to be
-   able to obtain the client's identity (perhaps due to privacy concerns
-   about the specific inquiries, or perhaps simply to avoid being placed
-   on mailing-lists).
-
-   In normal use of the GSS-API, the initiator's identity is made
-   available to the acceptor as a result of the context establishment
-   process.  However, context initiators may request that their identity
-   not be revealed to the context acceptor. Many mechanisms do not
-   support anonymous authentication, and for such mechanisms the request
-   will not be honored.  An authentication token will be still be
-   generated, but the application is always informed if a requested
-   service is unavailable, and has the option to abort context
-   establishment if anonymity is valued above the other security
-   services that would require a context to be established.
-
-   In addition to informing the application that a context is
-   established anonymously (via the ret_flags outputs from
-   gss_init_sec_context and gss_accept_sec_context), the optional
-   src_name output from gss_accept_sec_context and gss_inquire_context
-   will, for such contexts, return a reserved internal-form name,
-   defined by the implementation.
-
-   When presented to gss_display_name, this reserved internal-form name
-   will result in a printable name that is syntactically distinguishable
-   from any valid principal name supported by the implementation,
-   associated with a name-type object identifier with the value
-   GSS_C_NT_ANONYMOUS, whose value us given in Appendix A.  The
-   printable form of an anonymous name should be chosen such that it
-   implies anonymity, since this name may appear in, for example, audit
-   logs.  For example, the string "<anonymous>" might be a good choice,
-   if no valid printable names supported by the implementation can begin
-   with "<" and end with ">".
-
-4.5. Confidentiality
-
-   If a context supports the confidentiality service, gss_wrap may be
-   used to encrypt application messages.  Messages are selectively
-   encrypted, under the control of the conf_req_flag input parameter to
-   gss_wrap.
-
-
-
-Wray                        Standards Track                    [Page 24]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-4.6. Inter-process context transfer
-
-   GSS-API V2 provides routines (gss_export_sec_context and
-   gss_import_sec_context) which allow a security context to be
-   transferred between processes on a single machine.  The most common
-   use for such a feature is a client-server design where the server is
-   implemented as a single process that accepts incoming security
-   contexts, which then launches child processes to deal with the data
-   on these contexts.  In such a design, the child processes must have
-   access to the security context data structure created within the
-   parent by its call to gss_accept_sec_context so that they can use
-   per-message protection services and delete the security context when
-   the communication session ends.
-
-   Since the security context data structure is expected to contain
-   sequencing information, it is impractical in general to share a
-   context between processes.  Thus GSS-API provides a call
-   (gss_export_sec_context) that the process which currently owns the
-   context can call to declare that it has no intention to use the
-   context subsequently, and to create an inter-process token containing
-   information needed by the adopting process to successfully import the
-   context.  After successful completion of gss_export_sec_context, the
-   original security context is made inaccessible to the calling process
-   by GSS-API, and any context handles referring to this context are no
-   longer valid.  The originating process transfers the inter-process
-   token to the adopting process, which passes it to
-   gss_import_sec_context, and a fresh gss_ctx_id_t is created such that
-   it is functionally identical to the original context.
-
-   The inter-process token may contain sensitive data from the original
-   security context (including cryptographic keys). Applications using
-   inter-process tokens to transfer security contexts must take
-   appropriate steps to protect these tokens in transit.
-
-   Implementations are not required to support the inter-process
-   transfer of security contexts.  The ability to transfer a security
-   context is indicated when the context is created, by
-   gss_init_sec_context or gss_accept_sec_context setting the
-   GSS_C_TRANS_FLAG bit in their ret_flags parameter.
-
-4.7. The use of incomplete contexts
-
-   Some mechanisms may allow the per-message services to be used before
-   the context establishment process is complete.  For example, a
-   mechanism may include sufficient information in its initial context-
-   level token for the context acceptor to immediately decode messages
-   protected with gss_wrap or gss_get_mic.  For such a mechanism, the
-   initiating application need not wait until subsequent context-level
-
-
-
-Wray                        Standards Track                    [Page 25]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   tokens have been sent and received before invoking the per-message
-   protection services.
-
-   The ability of a context to provide per-message services in advance
-   of complete context establishment is indicated by the setting of the
-   GSS_C_PROT_READY_FLAG bit in the ret_flags parameter from
-   gss_init_sec_context and gss_accept_sec_context. Applications wishing
-   to use per-message protection services on partially-established
-   contexts should check this flag before attempting to invoke gss_wrap
-   or gss_get_mic.
-
-5. GSS-API Routine Descriptions
-
-   In addition to the explicit major status codes documented here, the
-   code GSS_S_FAILURE may be returned by any routine, indicating an
-   implementation-specific or mechanism-specific error condition,
-   further details of which are reported via the minor_status parameter.
-
-5.1. gss_accept_sec_context
-
-   OM_uint32 gss_accept_sec_context (
-     OM_uint32           *minor_status,
-     gss_ctx_id_t        *context_handle,
-     const gss_cred_id_t acceptor_cred_handle,
-     const gss_buffer_t  input_token_buffer,
-     const gss_channel_bindings_t  input_chan_bindings,
-     const gss_name_t    *src_name,
-     gss_OID             *mech_type,
-     gss_buffer_t        output_token,
-     OM_uint32           *ret_flags,
-     OM_uint32           *time_rec,
-     gss_cred_id_t       *delegated_cred_handle)
-
-   Purpose:
-
-   Allows a remotely initiated security context between the application
-   and a remote peer to be established.  The routine may return a
-   output_token which should be transferred to the peer application,
-   where the peer application will present it to gss_init_sec_context.
-   If no token need be sent, gss_accept_sec_context will indicate this
-   by setting the length field of the output_token argument to zero.  To
-   complete the context establishment, one or more reply tokens may be
-   required from the peer application; if so, gss_accept_sec_context
-   will return a status flag of GSS_S_CONTINUE_NEEDED, in which case it
-   should be called again when the reply token is received from the peer
-   application, passing the token to gss_accept_sec_context via the
-   input_token parameters.
-
-
-
-
-Wray                        Standards Track                    [Page 26]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Portable applications should be constructed to use the token length
-   and return status to determine whether a token needs to be sent or
-   waited for.  Thus a typical portable caller should always invoke
-   gss_accept_sec_context within a loop:
-
-   gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-
-   do {
-     receive_token_from_peer(input_token);
-     maj_stat = gss_accept_sec_context(&min_stat,
-                                       &context_hdl,
-                                       cred_hdl,
-                                       input_token,
-                                       input_bindings,
-                                       &client_name,
-                                       &mech_type,
-                                       output_token,
-                                       &ret_flags,
-                                       &time_rec,
-                                       &deleg_cred);
-     if (GSS_ERROR(maj_stat)) {
-       report_error(maj_stat, min_stat);
-     };
-     if (output_token->length != 0) {
-       send_token_to_peer(output_token);
-
-       gss_release_buffer(&min_stat, output_token);
-     };
-     if (GSS_ERROR(maj_stat)) {
-       if (context_hdl != GSS_C_NO_CONTEXT)
-         gss_delete_sec_context(&min_stat,
-                                &context_hdl,
-                                GSS_C_NO_BUFFER);
-       break;
-     };
-   } while (maj_stat & GSS_S_CONTINUE_NEEDED);
-
-   Whenever the routine returns a major status that includes the value
-   GSS_S_CONTINUE_NEEDED, the context is not fully established and the
-   following restrictions apply to the output parameters:
-
-   The value returned via the time_rec parameter is undefined Unless the
-   accompanying ret_flags parameter contains the bit
-   GSS_C_PROT_READY_FLAG, indicating that per-message services may be
-   applied in advance of a successful completion status, the value
-   returned via the mech_type parameter may be undefined until the
-   routine returns a major status value of GSS_S_COMPLETE.
-
-
-
-
-Wray                        Standards Track                    [Page 27]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   The values of the GSS_C_DELEG_FLAG,
-   GSS_C_MUTUAL_FLAG,GSS_C_REPLAY_FLAG, GSS_C_SEQUENCE_FLAG,
-   GSS_C_CONF_FLAG,GSS_C_INTEG_FLAG and GSS_C_ANON_FLAG bits returned
-   via the ret_flags parameter should contain the values that the
-   implementation expects would be valid if context establishment were
-   to succeed.
-
-   The values of the GSS_C_PROT_READY_FLAG and GSS_C_TRANS_FLAG bits
-   within ret_flags should indicate the actual state at the time
-   gss_accept_sec_context returns, whether or not the context is fully
-   established.
-
-   Although this requires that GSS-API implementations set the
-   GSS_C_PROT_READY_FLAG in the final ret_flags returned to a caller
-   (i.e. when accompanied by a GSS_S_COMPLETE status code), applications
-   should not rely on this behavior as the flag was not defined in
-   Version 1 of the GSS-API. Instead, applications should be prepared to
-   use per-message services after a successful context establishment,
-   according to the GSS_C_INTEG_FLAG and GSS_C_CONF_FLAG values.
-
-   All other bits within the ret_flags argument should be set to zero.
-   While the routine returns GSS_S_CONTINUE_NEEDED, the values returned
-   via the ret_flags argument indicate the services that the
-   implementation expects to be available from the established context.
-
-   If the initial call of gss_accept_sec_context() fails, the
-   implementation should not create a context object, and should leave
-   the value of the context_handle parameter set to GSS_C_NO_CONTEXT to
-   indicate this.  In the event of a failure on a subsequent call, the
-   implementation is permitted to delete the "half-built" security
-   context (in which case it should set the context_handle parameter to
-   GSS_C_NO_CONTEXT), but the preferred behavior is to leave the
-   security context (and the context_handle parameter) untouched for the
-   application to delete (using gss_delete_sec_context).
-
-   During context establishment, the informational status bits
-   GSS_S_OLD_TOKEN and GSS_S_DUPLICATE_TOKEN indicate fatal errors, and
-   GSS-API mechanisms should always return them in association with a
-   routine error of GSS_S_FAILURE.  This requirement for pairing did not
-   exist in version 1 of the GSS-API specification, so applications that
-   wish to run over version 1 implementations must special-case these
-   codes.
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 28]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   context_handle    gss_ctx_id_t, read/modify context handle for new
-                        context.  Supply GSS_C_NO_CONTEXT for first
-                        call; use value returned in subsequent calls.
-                        Once gss_accept_sec_context() has returned a
-                        value via this parameter, resources have been
-                        assigned to the corresponding context, and must
-                        be freed by the application after use with a
-                        call to gss_delete_sec_context().
-
-
-   acceptor_cred_handle  gss_cred_id_t, read Credential handle claimed
-                         by context acceptor. Specify
-                         GSS_C_NO_CREDENTIAL to accept the context as a
-                         default principal.  If GSS_C_NO_CREDENTIAL is
-                         specified, but no default acceptor principal is
-                         defined, GSS_S_NO_CRED will be returned.
-
-   input_token_buffer   buffer, opaque, read token obtained from remote
-                        application.
-
-   input_chan_bindings  channel bindings, read, optional Application-
-                        specified bindings.  Allows application to
-                        securely bind channel identification information
-                        to the security context.  If channel bindings
-                        are not used, specify GSS_C_NO_CHANNEL_BINDINGS.
-
-   src_name             gss_name_t, modify, optional Authenticated name
-                        of context initiator.  After use, this name
-                        should be deallocated by passing it to
-                        gss_release_name().  If not required, specify
-                        NULL.
-
-   mech_type            Object ID, modify, optional Security mechanism
-                        used.  The returned OID value will be a pointer
-                        into static storage, and should be treated as
-                        read-only by the caller (in particular, it does
-                        not need to be freed).  If not required, specify
-                        NULL.
-
-   output_token         buffer, opaque, modify Token to be passed to
-                        peer application.  If the length field of the
-                        returned token buffer is 0, then no token need
-                        be passed to the peer application.  If a non-
-                        zero length field is returned, the associated
-                        storage must be freed after use by the
-                        application with a call to gss_release_buffer().
-
-
-
-Wray                        Standards Track                    [Page 29]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   ret_flags            bit-mask, modify, optional Contains various
-                        independent flags, each of which indicates that
-                        the context supports a specific service option.
-                        If not needed, specify NULL.  Symbolic names are
-                        provided for each flag, and the symbolic names
-                        corresponding to the required flags should be
-                        logically-ANDed with the ret_flags value to test
-                        whether a given option is supported by the
-                        context.  The flags are:
-                        GSS_C_DELEG_FLAG
-                        True - Delegated credentials are available
-                               via the delegated_cred_handle
-                               parameter
-                        False - No credentials were delegated
-                        GSS_C_MUTUAL_FLAG
-                        True - Remote peer asked for mutual
-                               authentication
-                        False - Remote peer did not ask for mutual
-                                authentication
-                        GSS_C_REPLAY_FLAG
-                        True - replay of protected messages
-                               will be detected
-                        False - replayed messages will not be
-                                detected
-                        GSS_C_SEQUENCE_FLAG
-                        True - out-of-sequence protected
-                               messages will be detected
-                        False - out-of-sequence messages will not
-                                be detected
-                        GSS_C_CONF_FLAG
-                        True - Confidentiality service may be
-                               invoked by calling the gss_wrap
-                               routine
-                        False - No confidentiality service (via
-                                gss_wrap) available. gss_wrap will
-                                provide message encapsulation,
-                                data-origin authentication and
-                                integrity services only.
-                        GSS_C_INTEG_FLAG
-                        True - Integrity service may be invoked by
-                               calling either gss_get_mic or
-                               gss_wrap routines.
-                        False - Per-message integrity service
-                                unavailable.
-                        GSS_C_ANON_FLAG
-                        True - The initiator does not wish to
-                               be authenticated; the src_name
-                               parameter (if requested) contains
-
-
-
-Wray                        Standards Track                    [Page 30]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                               an anonymous internal name.
-                        False - The initiator has been
-                                authenticated normally.
-                        GSS_C_PROT_READY_FLAG
-                        True - Protection services (as specified
-                               by the states of the GSS_C_CONF_FLAG
-                               and GSS_C_INTEG_FLAG) are available
-                               if the accompanying major status
-                               return value is either GSS_S_COMPLETE
-                               or GSS_S_CONTINUE_NEEDED.
-                        False - Protection services (as specified
-                                by the states of the GSS_C_CONF_FLAG
-                                and GSS_C_INTEG_FLAG) are available
-                                only if the accompanying major status
-                                return value is GSS_S_COMPLETE.
-                        GSS_C_TRANS_FLAG
-                        True - The resultant security context may
-                               be transferred to other processes via
-                               a call to gss_export_sec_context().
-                        False - The security context is not
-                                transferable.
-                        All other bits should be set to zero.
-
-   time_rec             Integer, modify, optional
-                        number of seconds for which the context will
-                        remain valid. Specify NULL if not required.
-
-   delegated_cred_handle
-                        gss_cred_id_t, modify, optional credential
-                        handle for credentials received from context
-                        initiator.  Only valid if deleg_flag in
-                        ret_flags is true, in which case an explicit
-                        credential handle (i.e. not GSS_C_NO_CREDENTIAL)
-                        will be returned; if deleg_flag is false,
-                        gss_accept_context() will set this parameter to
-                        GSS_C_NO_CREDENTIAL.  If a credential handle is
-                        returned, the associated resources must be
-                        released by the application after use with a
-                        call to gss_release_cred().  Specify NULL if not
-                        required.
-
-   minor_status         Integer, modify
-                        Mechanism specific status code.
-
-   GSS_S_CONTINUE_NEEDED Indicates that a token from the peer
-                         application is required to complete the
-                         context, and that gss_accept_sec_context must
-                         be called again with that token.
-
-
-
-Wray                        Standards Track                    [Page 31]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on
-                         the input_token failed.
-
-   GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
-                         performed on the credential failed.
-
-   GSS_S_NO_CRED     The supplied credentials were not valid for context
-                         acceptance, or the credential handle did not
-                         reference any credentials.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.
-
-   GSS_S_BAD_BINDINGS  The input_token contains different channel
-                         bindings to those specified via the
-                         input_chan_bindings parameter.
-
-   GSS_S_NO_CONTEXT  Indicates that the supplied context handle did not
-                         refer to a valid context.
-
-   GSS_S_BAD_SIG     The input_token contains an invalid MIC.
-
-   GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal error
-                         during context establishment.
-
-   GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of
-                         a token already processed.  This is a fatal
-                         error during context establishment.
-
-   GSS_S_BAD_MECH    The received token specified a mechanism that is
-                         not supported by the implementation or the
-                         provided credential.
-
-5.2. gss_acquire_cred
-
-   OM_uint32 gss_acquire_cred (
-     OM_uint32         *minor_status,
-     const gss_name_t  desired_name,
-     OM_uint32         time_req,
-     const gss_OID_set desired_mechs,
-     gss_cred_usage_t  cred_usage,
-     gss_cred_id_t     *output_cred_handle,
-     gss_OID_set       *actual_mechs,
-     OM_uint32         *time_rec)
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 32]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Purpose:
-
-   Allows an application to acquire a handle for a pre-existing
-   credential by name.  GSS-API implementations must impose a local
-   access-control policy on callers of this routine to prevent
-   unauthorized callers from acquiring credentials to which they are not
-   entitled.  This routine is not intended to provide a "login to the
-   network" function, as such a function would involve the creation of
-   new credentials rather than merely acquiring a handle to existing
-   credentials.  Such functions, if required, should be defined in
-   implementation-specific extensions to the API.
-
-   If desired_name is GSS_C_NO_NAME, the call is interpreted as a
-   request for a credential handle that will invoke default behavior
-   when passed to gss_init_sec_context() (if cred_usage is
-   GSS_C_INITIATE or GSS_C_BOTH) or gss_accept_sec_context() (if
-   cred_usage is GSS_C_ACCEPT or GSS_C_BOTH).
-
-   Mechanisms should honor the desired_mechs parameter, and return a
-   credential that is suitable to use only with the requested
-   mechanisms.  An exception to this is the case where one underlying
-   credential element can be shared by multiple mechanisms; in this case
-   it is permissible for an implementation to indicate all mechanisms
-   with which the credential element may be used.  If desired_mechs is
-   an empty set, behavior is undefined.
-
-   This routine is expected to be used primarily by context acceptors,
-   since implementations are likely to provide mechanism-specific ways
-   of obtaining GSS-API initiator credentials from the system login
-   process.  Some implementations may therefore not support the
-   acquisition of GSS_C_INITIATE or GSS_C_BOTH credentials via
-   gss_acquire_cred for any name other than GSS_C_NO_NAME, or a name
-   produced by applying either gss_inquire_cred to a valid credential,
-   or gss_inquire_context to an active context.
-
-   If credential acquisition is time-consuming for a mechanism, the
-   mechanism may choose to delay the actual acquisition until the
-   credential is required (e.g. by gss_init_sec_context or
-   gss_accept_sec_context).  Such mechanism-specific implementation
-   decisions should be invisible to the calling application; thus a call
-   of gss_inquire_cred immediately following the call of
-   gss_acquire_cred must return valid credential data, and may therefore
-   incur the overhead of a deferred credential acquisition.
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 33]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   desired_name      gss_name_t, read
-                     Name of principal whose credential
-                     should be acquired
-
-   time_req          Integer, read, optional
-                     number of seconds that credentials
-                     should remain valid. Specify GSS_C_INDEFINITE
-                     to request that the credentials have the maximum
-                     permitted lifetime.
-
-   desired_mechs     Set of Object IDs, read, optional
-                     set of underlying security mechanisms that
-                     may be used.  GSS_C_NO_OID_SET may be used
-                     to obtain an implementation-specific default.
-
-   cred_usage        gss_cred_usage_t, read
-                     GSS_C_BOTH - Credentials may be used
-                        either to initiate or accept
-                        security contexts.
-                     GSS_C_INITIATE - Credentials will only be
-                        used to initiate security contexts.
-                     GSS_C_ACCEPT - Credentials will only be used to
-                        accept security contexts.
-
-   output_cred_handle  gss_cred_id_t, modify
-                       The returned credential handle.  Resources
-                       associated with this credential handle must
-                       be released by the application after use
-                       with a call to gss_release_cred().
-
-   actual_mechs      Set of Object IDs, modify, optional
-                     The set of mechanisms for which the
-                     credential is valid.  Storage associated
-                     with the returned OID-set must be released by
-                     the application after use with a call to
-                     gss_release_oid_set().  Specify NULL if not
-                     required.
-
-   time_rec          Integer, modify, optional
-                     Actual number of seconds for which the
-                     returned credentials will remain valid.  If the
-                     implementation does not support expiration of
-                     credentials, the value GSS_C_INDEFINITE will
-                     be returned. Specify NULL if not required
-
-
-
-
-
-Wray                        Standards Track                    [Page 34]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   Function value:  GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_MECH    Unavailable mechanism requested
-
-   GSS_S_BAD_NAMETYPE Type contained within desired_name parameter
-                      is not supported
-
-   GSS_S_BAD_NAME    Value supplied for desired_name parameter is ill
-                     formed.
-
-   GSS_S_CREDENTIALS_EXPIRED The credentials could not be acquired
-                             Because they have expired.
-
-   GSS_S_NO_CRED     No credentials were found for the specified name.
-
-5.3. gss_add_cred
-
-   OM_uint32 gss_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-
-   Purpose:
-
-   Adds a credential-element to a credential.  The credential-element is
-   identified by the name of the principal to which it refers.  GSS-API
-   implementations must impose a local access-control policy on callers
-   of this routine to prevent unauthorized callers from acquiring
-   credential-elements to which they are not entitled. This routine is
-   not intended to provide a "login to the network" function, as such a
-   function would involve the creation of new mechanism-specific
-   authentication data, rather than merely acquiring a GSS-API handle to
-   existing data.  Such functions, if required, should be defined in
-   implementation-specific extensions to the API.
-
-
-
-
-Wray                        Standards Track                    [Page 35]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   If desired_name is GSS_C_NO_NAME, the call is interpreted as a
-   request to add a credential element that will invoke default behavior
-   when passed to gss_init_sec_context() (if cred_usage is
-   GSS_C_INITIATE or GSS_C_BOTH) or gss_accept_sec_context() (if
-   cred_usage is GSS_C_ACCEPT or GSS_C_BOTH).
-
-   This routine is expected to be used primarily by context acceptors,
-   since implementations are likely to provide mechanism-specific ways
-   of obtaining GSS-API initiator credentials from the system login
-   process.  Some implementations may therefore not support the
-   acquisition of GSS_C_INITIATE or GSS_C_BOTH credentials via
-   gss_acquire_cred for any name other than GSS_C_NO_NAME, or a name
-   produced by applying either gss_inquire_cred to a valid credential,
-   or gss_inquire_context to an active context.
-
-   If credential acquisition is time-consuming for a mechanism, the
-   mechanism may choose to delay the actual acquisition until the
-   credential is required (e.g. by gss_init_sec_context or
-   gss_accept_sec_context).  Such mechanism-specific implementation
-   decisions should be invisible to the calling application; thus a call
-   of gss_inquire_cred immediately following the call of gss_add_cred
-   must return valid credential data, and may therefore incur the
-   overhead of a deferred credential acquisition.
-
-   This routine can be used to either compose a new credential
-   containing all credential-elements of the original in addition to the
-   newly-acquire credential-element, or to add the new credential-
-   element to an existing credential. If NULL is specified for the
-   output_cred_handle parameter argument, the new credential-element
-   will be added to the credential identified by input_cred_handle; if a
-   valid pointer is specified for the output_cred_handle parameter, a
-   new credential handle will be created.
-
-   If GSS_C_NO_CREDENTIAL is specified as the input_cred_handle,
-   gss_add_cred will compose a credential (and set the
-   output_cred_handle parameter accordingly) based on default behavior.
-   That is, the call will have the same effect as if the application had
-   first made a call to gss_acquire_cred(), specifying the same usage
-   and passing GSS_C_NO_NAME as the desired_name parameter to obtain an
-   explicit credential handle embodying default behavior, passed this
-   credential handle to gss_add_cred(), and finally called
-   gss_release_cred() on the first credential handle.
-
-   If GSS_C_NO_CREDENTIAL is specified as the input_cred_handle
-   parameter, a non-NULL output_cred_handle must be supplied.
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 36]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   input_cred_handle gss_cred_id_t, read, optional
-                     The credential to which a credential-element
-                     will be added.  If GSS_C_NO_CREDENTIAL is
-                     specified, the routine will compose the new
-                     credential based on default behavior (see
-                     description above).  Note that, while the
-                     credential-handle is not modified by
-                     gss_add_cred(), the underlying credential
-                     will be modified if output_credential_handle
-                     is NULL.
-
-   desired_name      gss_name_t, read.
-                     Name of principal whose credential
-                     should be acquired.
-
-   desired_mech      Object ID, read
-                     Underlying security mechanism with which the
-                     credential may be used.
-
-   cred_usage        gss_cred_usage_t, read
-                     GSS_C_BOTH - Credential may be used
-                     either to initiate or accept
-                     security contexts.
-                     GSS_C_INITIATE - Credential will only be
-                                      used to initiate security
-                                      contexts.
-                     GSS_C_ACCEPT - Credential will only be used to
-                                    accept security contexts.
-
-   initiator_time_req Integer, read, optional
-                      number of seconds that the credential
-                      should remain valid for initiating security
-                      contexts.  This argument is ignored if the
-                      composed credentials are of type GSS_C_ACCEPT.
-                      Specify GSS_C_INDEFINITE to request that the
-                      credentials have the maximum permitted
-                      initiator lifetime.
-
-   acceptor_time_req Integer, read, optional
-                     number of seconds that the credential
-                     should remain valid for accepting security
-                     contexts.  This argument is ignored if the
-                     composed credentials are of type GSS_C_INITIATE.
-
-
-
-Wray                        Standards Track                    [Page 37]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                     Specify GSS_C_INDEFINITE to request that the
-                     credentials have the maximum permitted initiator
-                     lifetime.
-
-   output_cred_handle gss_cred_id_t, modify, optional
-                      The returned credential handle, containing
-                      the new credential-element and all the
-                      credential-elements from input_cred_handle.
-                      If a valid pointer to a gss_cred_id_t is
-                      supplied for this parameter, gss_add_cred
-                      creates a new credential handle containing all
-                      credential-elements from the input_cred_handle
-                      and the newly acquired credential-element; if
-                      NULL is specified for this parameter, the newly
-                      acquired credential-element will be added
-                      to the credential identified by input_cred_handle.
-
-                      The resources associated with any credential
-                      handle returned via this parameter must be
-                      released by the application after use with a
-                      call to gss_release_cred().
-
-   actual_mechs      Set of Object IDs, modify, optional
-                     The complete set of mechanisms for which
-                     the new credential is valid.  Storage for
-                     the returned OID-set must be freed by the
-                     application after use with a call to
-                     gss_release_oid_set(). Specify NULL if
-                     not required.
-
-   initiator_time_rec Integer, modify, optional
-                      Actual number of seconds for which the
-                      returned credentials will remain valid for
-                      initiating contexts using the specified
-                      mechanism.  If the implementation or mechanism
-                      does not support expiration of credentials, the
-                      value GSS_C_INDEFINITE will be returned. Specify
-                      NULL if not required
-
-   acceptor_time_rec Integer, modify, optional
-                     Actual number of seconds for which the
-                     returned credentials will remain valid for
-                     accepting security contexts using the specified
-                     mechanism.  If the implementation or mechanism
-                     does not support expiration of credentials, the
-                     value GSS_C_INDEFINITE will be returned. Specify
-                     NULL if not required
-
-
-
-
-Wray                        Standards Track                    [Page 38]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_MECH    Unavailable mechanism requested
-
-   GSS_S_BAD_NAMETYPE Type contained within desired_name parameter
-                     is not supported
-
-   GSS_S_BAD_NAME    Value supplied for desired_name parameter is
-                     ill-formed.
-
-   GSS_S_DUPLICATE_ELEMENT The credential already contains an element
-                     for the requested mechanism with overlapping
-                     usage and validity period.
-
-   GSS_S_CREDENTIALS_EXPIRED The required credentials could not be
-                     added because they have expired.
-
-   GSS_S_NO_CRED     No credentials were found for the specified name.
-
-5.4. gss_add_oid_set_member
-
-   OM_uint32 gss_add_oid_set_member (
-     OM_uint32       *minor_status,
-     const gss_OID   member_oid,
-     gss_OID_set     *oid_set)
-
-   Purpose:
-
-   Add an Object Identifier to an Object Identifier set.  This routine
-   is intended for use in conjunction with gss_create_empty_oid_set when
-   constructing a set of mechanism OIDs for input to gss_acquire_cred.
-   The oid_set parameter must refer to an OID-set that was created by
-   GSS-API (e.g. a set returned by gss_create_empty_oid_set()). GSS-API
-   creates a copy of the member_oid and inserts this copy into the set,
-   expanding the storage allocated to the OID-set's elements array if
-   necessary.  The routine may add the new member OID anywhere within
-   the elements array, and implementations should verify that the new
-   member_oid is not already contained within the elements array; if the
-   member_oid is already present, the oid_set should remain unchanged.
-
-   Parameters:
-
-      minor_status      Integer, modify
-                        Mechanism specific status code
-
-
-
-
-
-Wray                        Standards Track                    [Page 39]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-      member_oid        Object ID, read
-                        The object identifier to copied into
-                        the set.
-
-      oid_set           Set of Object ID, modify
-                        The set in which the object identifier
-                        should be inserted.
-
-   Function value:   GSS status code
-
-      GSS_S_COMPLETE    Successful completion
-
-5.5. gss_canonicalize_name
-
-   OM_uint32 gss_canonicalize_name (
-     OM_uint32        *minor_status,
-     const gss_name_t input_name,
-     const gss_OID    mech_type,
-     gss_name_t       *output_name)
-
-   Purpose:
-
-   Generate a canonical mechanism name (MN) from an arbitrary internal
-   name.  The mechanism name is the name that would be returned to a
-   context acceptor on successful authentication of a context where the
-   initiator used the input_name in a successful call to
-   gss_acquire_cred, specifying an OID set containing <mech_type> as its
-   only member, followed by a call to gss_init_sec_context, specifying
-   <mech_type> as the authentication mechanism.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   input_name        gss_name_t, read
-                     The name for which a canonical form is
-                     desired
-
-   mech_type         Object ID, read
-                     The authentication mechanism for which the
-                     canonical form of the name is desired.  The
-                     desired mechanism must be specified explicitly;
-                     no default is provided.
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 40]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   output_name       gss_name_t, modify
-                     The resultant canonical name.  Storage
-                     associated with this name must be freed by
-                     the application after use with a call to
-                     gss_release_name().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion.
-
-   GSS_S_BAD_MECH    The identified mechanism is not supported.
-
-   GSS_S_BAD_NAMETYPE The provided internal name contains no elements
-                     that could be processed by the specified
-                     mechanism.
-
-   GSS_S_BAD_NAME    The provided internal name was ill-formed.
-
-5.6. gss_compare_name
-
-   OM_uint32 gss_compare_name (
-     OM_uint32        *minor_status,
-     const gss_name_t name1,
-     const gss_name_t name2,
-     int              *name_equal)
-
-   Purpose:
-
-   Allows an application to compare two internal-form names to determine
-   whether they refer to the same entity.
-
-   If either name presented to gss_compare_name denotes an anonymous
-   principal, the routines should indicate that the two names do not
-   refer to the same identity.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   name1             gss_name_t, read
-                     internal-form name
-
-   name2             gss_name_t, read
-                     internal-form name
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 41]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   name_equal        boolean, modify
-                     non-zero - names refer to same entity
-                     zero - names refer to different entities
-                           (strictly, the names are not known
-                           to refer to the same identity).
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAMETYPE The two names were of incomparable types.
-
-   GSS_S_BAD_NAME    One or both of name1 or name2 was ill-formed.
-
-5.7. gss_context_time
-
-   OM_uint32 gss_context_time (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     OM_uint32          *time_rec)
-
-   Purpose:
-
-   Determines the number of seconds for which the specified context will
-   remain valid.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context to be interrogated.
-
-   time_rec          Integer, modify
-                     Number of seconds that the context will remain
-                     valid.  If the context has already expired,
-                     zero will be returned.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify
-                     a valid context
-
-
-
-
-Wray                        Standards Track                    [Page 42]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.8. gss_create_empty_oid_set
-
-   OM_uint32 gss_create_empty_oid_set (
-     OM_uint32    *minor_status,
-     gss_OID_set  *oid_set)
-
-   Purpose:
-
-   Create an object-identifier set containing no object identifiers, to
-   which members may be subsequently added using the
-   gss_add_oid_set_member() routine.  These routines are intended to be
-   used to construct sets of mechanism object identifiers, for input to
-   gss_acquire_cred.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   oid_set           Set of Object IDs, modify
-                     The empty object identifier set.
-                     The routine will allocate the
-                     gss_OID_set_desc object, which the
-                     application must free after use with
-                     a call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-5.9. gss_delete_sec_context
-
-   OM_uint32 gss_delete_sec_context (
-     OM_uint32    *minor_status,
-     gss_ctx_id_t *context_handle,
-     gss_buffer_t output_token)
-
-   Purpose:
-
-   Delete a security context.  gss_delete_sec_context will delete the
-   local data structures associated with the specified security context,
-   and may generate an output_token, which when passed to the peer
-   gss_process_context_token will instruct it to do likewise.  If no
-   token is required by the mechanism, the GSS-API should set the length
-   field of the output_token (if provided) to zero.  No further security
-   services may be obtained using the context specified by
-   context_handle.
-
-
-
-
-Wray                        Standards Track                    [Page 43]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   In addition to deleting established security contexts,
-   gss_delete_sec_context must also be able to delete "half-built"
-   security contexts resulting from an incomplete sequence of
-   gss_init_sec_context()/gss_accept_sec_context() calls.
-
-   The output_token parameter is retained for compatibility with version
-   1 of the GSS-API.  It is recommended that both peer applications
-   invoke gss_delete_sec_context passing the value GSS_C_NO_BUFFER for
-   the output_token parameter, indicating that no token is required, and
-   that gss_delete_sec_context should simply delete local context data
-   structures.  If the application does pass a valid buffer to
-   gss_delete_sec_context, mechanisms are encouraged to return a zero-
-   length token, indicating that no peer action is necessary, and that
-   no token should be transferred by the application.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, modify
-                     context handle identifying context to delete.
-                     After deleting the context, the GSS-API will set
-                     this context handle to GSS_C_NO_CONTEXT.
-
-   output_token      buffer, opaque, modify, optional
-                     token to be sent to remote application to
-                     instruct it to also delete the context.  It
-                     is recommended that applications specify
-                     GSS_C_NO_BUFFER for this parameter, requesting
-                     local deletion only.  If a buffer parameter is
-                     provided by the application, the mechanism may
-                     return a token in it;  mechanisms that implement
-                     only local deletion should set the length field of
-                     this token to zero to indicate to the application
-                     that no token is to be sent to the peer.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CONTEXT  No valid context was supplied
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 44]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.10.gss_display_name
-
-   OM_uint32 gss_display_name (
-     OM_uint32        *minor_status,
-     const gss_name_t input_name,
-     gss_buffer_t     output_name_buffer,
-     gss_OID          *output_name_type)
-
-   Purpose:
-
-   Allows an application to obtain a textual representation of an opaque
-   internal-form  name for display purposes.  The syntax of a printable
-   name is defined by the GSS-API implementation.
-
-   If input_name denotes an anonymous principal, the implementation
-   should return the gss_OID value GSS_C_NT_ANONYMOUS as the
-   output_name_type, and a textual name that is syntactically distinct
-   from all valid supported printable names in output_name_buffer.
-
-   If input_name was created by a call to gss_import_name, specifying
-   GSS_C_NO_OID as the name-type, implementations that employ lazy
-   conversion between name types may return GSS_C_NO_OID via the
-   output_name_type parameter.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   input_name        gss_name_t, read
-                     name to be displayed
-
-   output_name_buffer  buffer, character-string, modify
-                     buffer to receive textual name string.
-                     The application must free storage associated
-                     with this name after use with a call to
-                     gss_release_buffer().
-
-   output_name_type  Object ID, modify, optional
-                     The type of the returned name.  The returned
-                     gss_OID will be a pointer into static storage,
-                     and should be treated as read-only by the caller
-                     (in particular, the application should not attempt
-                     to free it). Specify NULL if not required.
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 45]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    input_name was ill-formed
-
-5.11.gss_display_status
-
-   OM_uint32 gss_display_status (
-     OM_uint32      *minor_status,
-     OM_uint32      status_value,
-     int            status_type,
-     const gss_OID  mech_type,
-     OM_uint32      *message_context,
-     gss_buffer_t   status_string)
-
-   Purpose:
-
-   Allows an application to obtain a textual representation of a GSS-API
-   status code, for display to the user or for logging purposes.  Since
-   some status values may indicate multiple conditions, applications may
-   need to call gss_display_status multiple times, each call generating
-   a single text string.  The message_context parameter is used by
-   gss_display_status to store state information about which error
-   messages have already been extracted from a given status_value;
-   message_context must be initialized to 0 by the application prior to
-   the first call, and gss_display_status will return a non-zero value
-   in this parameter if there are further messages to extract.
-
-   The message_context parameter contains all state information required
-   by gss_display_status in order to extract further messages from the
-   status_value;  even when a non-zero value is returned in this
-   parameter, the application is not required to call gss_display_status
-   again unless subsequent messages are desired.  The following code
-   extracts all messages from a given status code and prints them to
-   stderr:
-
-   OM_uint32 message_context;
-   OM_uint32 status_code;
-   OM_uint32 maj_status;
-   OM_uint32 min_status;
-   gss_buffer_desc status_string;
-
-          ...
-
-   message_context = 0;
-
-   do {
-
-
-
-Wray                        Standards Track                    [Page 46]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-     maj_status = gss_display_status (
-                     &min_status,
-                     status_code,
-                     GSS_C_GSS_CODE,
-                     GSS_C_NO_OID,
-                     &message_context,
-                     &status_string)
-
-     fprintf(stderr,
-             "%.*s\n",
-            (int)status_string.length,
-
-            (char *)status_string.value);
-
-     gss_release_buffer(&min_status, &status_string);
-
-   } while (message_context != 0);
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   status_value      Integer, read
-                     Status value to be converted
-
-   status_type       Integer, read
-                     GSS_C_GSS_CODE - status_value is a GSS status
-                     code
-
-   GSS_C_MECH_CODE - status_value is a mechanism
-                     status code
-
-   mech_type         Object ID, read, optional
-                     Underlying mechanism (used to interpret a
-                     minor status value) Supply GSS_C_NO_OID to
-                     obtain the system default.
-
-   message_context   Integer, read/modify
-                     Should be initialized to zero by the
-                     application prior to the first call.
-                     On return from gss_display_status(),
-                     a non-zero status_value parameter indicates
-                     that additional messages may be extracted
-                     from the status code via subsequent calls
-
-
-
-
-
-Wray                        Standards Track                    [Page 47]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                     to gss_display_status(), passing the same
-                     status_value, status_type, mech_type, and
-                     message_context parameters.
-
-   status_string     buffer, character string, modify
-                     textual interpretation of the status_value.
-                     Storage associated with this parameter must
-                     be freed by the application after use with
-                     a call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_MECH    Indicates that translation in accordance with
-                     an unsupported mechanism type was requested
-
-   GSS_S_BAD_STATUS  The status value was not recognized, or the
-                     status type was neither GSS_C_GSS_CODE nor
-                     GSS_C_MECH_CODE.
-
-5.12. gss_duplicate_name
-
-   OM_uint32 gss_duplicate_name (
-     OM_uint32        *minor_status,
-     const gss_name_t src_name,
-     gss_name_t       *dest_name)
-
-   Purpose:
-
-   Create an exact duplicate of the existing internal name src_name.
-   The new dest_name will be independent of src_name (i.e. src_name and
-   dest_name must both be released, and the release of one shall not
-   affect the validity of the other).
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   src_name          gss_name_t, read
-                     internal name to be duplicated.
-
-   dest_name         gss_name_t, modify
-                     The resultant copy of <src_name>.
-                     Storage associated with this name must
-                     be freed by the application after use
-                     with a call to gss_release_name().
-
-
-
-Wray                        Standards Track                    [Page 48]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    The src_name parameter was ill-formed.
-
-5.13. gss_export_name
-
-   OM_uint32 gss_export_name (
-     OM_uint32        *minor_status,
-     const gss_name_t input_name,
-     gss_buffer_t     exported_name)
-
-   Purpose:
-
-   To produce a canonical contiguous string representation of a
-   mechanism name (MN), suitable for direct comparison (e.g. with
-   memcmp) for use in authorization functions (e.g. matching entries in
-   an access-control list).  The <input_name> parameter must specify a
-   valid MN (i.e. an internal name generated by gss_accept_sec_context
-   or by gss_canonicalize_name).
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   input_name        gss_name_t, read
-                     The MN to be exported
-
-   exported_name     gss_buffer_t, octet-string, modify
-                     The canonical contiguous string form of
-                     <input_name>.  Storage associated with
-                     this string must freed by the application
-                     after use with gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NAME_NOT_MN The provided internal name was not a mechanism
-                     name.
-
-   GSS_S_BAD_NAME    The provided internal name was ill-formed.
-
-   GSS_S_BAD_NAMETYPE The internal name was of a type not supported
-                     by the GSS-API implementation.
-
-
-
-
-Wray                        Standards Track                    [Page 49]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.14. gss_export_sec_context
-
-   OM_uint32 gss_export_sec_context (
-     OM_uint32    *minor_status,
-     gss_ctx_id_t *context_handle,
-     gss_buffer_t interprocess_token)
-
-   Purpose:
-
-   Provided to support the sharing of work between multiple processes.
-   This routine will typically be used by the context-acceptor, in an
-   application where a single process receives incoming connection
-   requests and accepts security contexts over them, then passes the
-   established context to one or more other processes for message
-   exchange. gss_export_sec_context() deactivates the security context
-   for the calling process and creates an interprocess token which, when
-   passed to gss_import_sec_context in another process, will re-activate
-   the context in the second process. Only a single instantiation of a
-   given context may be active at any one time; a subsequent attempt by
-   a context exporter to access the exported security context will fail.
-
-   The implementation may constrain the set of processes by which the
-   interprocess token may be imported, either as a function of local
-   security policy, or as a result of implementation decisions.  For
-   example, some implementations may constrain contexts to be passed
-   only between processes that run under the same account, or which are
-   part of the same process group.
-
-   The interprocess token may contain security-sensitive information
-   (for example cryptographic keys).  While mechanisms are encouraged to
-   either avoid placing such sensitive information within interprocess
-   tokens, or to encrypt the token before returning it to the
-   application, in a typical object-library GSS-API implementation this
-   may not be possible. Thus the application must take care to protect
-   the interprocess token, and ensure that any process to which the
-   token is transferred is trustworthy.
-
-   If creation of the interprocess token is successful, the
-   implementation shall deallocate all process-wide resources associated
-   with the security context, and set the context_handle to
-   GSS_C_NO_CONTEXT.  In the event of an error that makes it impossible
-   to complete the export of the security context, the implementation
-   must not return an interprocess token, and should strive to leave the
-   security context referenced by the context_handle parameter
-   untouched.  If this is impossible, it is permissible for the
-   implementation to delete the security context, providing it also sets
-   the context_handle parameter to GSS_C_NO_CONTEXT.
-
-
-
-
-Wray                        Standards Track                    [Page 50]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   context_handle    gss_ctx_id_t, modify
-                     context handle identifying the context to
-                     transfer.
-
-   interprocess_token   buffer, opaque, modify
-                        token to be transferred to target process.
-                        Storage associated with this token must be
-                        freed by the application after use with a
-                        call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has expired
-
-   GSS_S_NO_CONTEXT  The context was invalid
-
-   GSS_S_UNAVAILABLE The operation is not supported.
-
-5.15. gss_get_mic
-
-   OM_uint32 gss_get_mic (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     gss_qop_t             qop_req,
-     const gss_buffer_t message_buffer,
-     gss_buffer_t       msg_token)
-
-   Purpose:
-
-   Generates a cryptographic MIC for the supplied message, and places
-   the MIC in a token for transfer to the peer application. The qop_req
-   parameter allows a choice between several cryptographic algorithms,
-   if supported by the chosen mechanism.
-
-   Since some application-level protocols may wish to use tokens emitted
-   by gss_wrap() to provide "secure framing", implementations must
-   support derivation of MICs from zero-length messages.
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 51]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     identifies the context on which the message
-                     will be sent
-
-   qop_req           gss_qop_t, read, optional
-                     Specifies requested quality of protection.
-                     Callers are encouraged, on portability grounds,
-                     to accept the default quality of protection
-                     offered by the chosen mechanism, which may be
-                     requested by specifying GSS_C_QOP_DEFAULT for
-                     this parameter.  If an unsupported protection
-                     strength is requested, gss_get_mic will return a
-                     major_status of GSS_S_BAD_QOP.
-
-   message_buffer    buffer, opaque, read
-                     message to be protected
-
-   msg_token         buffer, opaque, modify
-                     buffer to receive token.  The application must
-                     free storage associated with this buffer after
-                     use with a call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify
-                     a valid context
-
-   GSS_S_BAD_QOP     The specified QOP is not supported by the
-                     mechanism.
-
-5.16. gss_import_name
-
-   OM_uint32 gss_import_name (
-     OM_uint32          *minor_status,
-     const gss_buffer_t input_name_buffer,
-     const gss_OID      input_name_type,
-     gss_name_t         *output_name)
-
-
-
-
-
-Wray                        Standards Track                    [Page 52]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Purpose:
-
-   Convert a contiguous string name to internal form.  In general, the
-   internal name returned (via the <output_name> parameter) will not be
-   an MN; the exception to this is if the <input_name_type> indicates
-   that the contiguous string provided via the <input_name_buffer>
-   parameter is of type GSS_C_NT_EXPORT_NAME, in which case the returned
-   internal name will be an MN for the mechanism that exported the name.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   input_name_buffer  buffer, octet-string, read
-                     buffer containing contiguous string name to convert
-
-   input_name_type   Object ID, read, optional
-                     Object ID specifying type of printable
-                     name.  Applications may specify either
-                     GSS_C_NO_OID to use a mechanism-specific
-                     default printable syntax, or an OID recognized
-                     by the GSS-API implementation to name a
-                     specific namespace.
-
-   output_name       gss_name_t, modify
-                     returned name in internal form.  Storage
-                     associated with this name must be freed
-                     by the application after use with a call
-                     to gss_release_name().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAMETYPE The input_name_type was unrecognized
-
-   GSS_S_BAD_NAME    The input_name parameter could not be interpreted
-                     as a name of the specified type
-
-   GSS_S_BAD_MECH    The input name-type was GSS_C_NT_EXPORT_NAME,
-                     but the mechanism contained within the
-                     input-name is not supported
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 53]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.17. gss_import_sec_context
-
-   OM_uint32 gss_import_sec_context (
-     OM_uint32          *minor_status,
-     const gss_buffer_t interprocess_token,
-     gss_ctx_id_t       *context_handle)
-
-   Purpose:
-
-   Allows a process to import a security context established by another
-   process.  A given interprocess token may be imported only once.  See
-   gss_export_sec_context.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   interprocess_token  buffer, opaque, modify
-                       token received from exporting process
-
-   context_handle    gss_ctx_id_t, modify
-                     context handle of newly reactivated context.
-                     Resources associated with this context handle
-                     must be released by the application after use
-                     with a call to gss_delete_sec_context().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion.
-
-   GSS_S_NO_CONTEXT  The token did not contain a valid context
-   reference.
-
-   GSS_S_DEFECTIVE_TOKEN The token was invalid.
-
-   GSS_S_UNAVAILABLE The operation is unavailable.
-
-   GSS_S_UNAUTHORIZED Local policy prevents the import of this context
-                      by the current process.
-
-5.18. gss_indicate_mechs
-
-   OM_uint32 gss_indicate_mechs (
-     OM_uint32   *minor_status,
-     gss_OID_set *mech_set)
-
-
-
-
-
-Wray                        Standards Track                    [Page 54]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Purpose:
-
-   Allows an application to determine which underlying security
-   mechanisms are available.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   mech_set          set of Object IDs, modify
-                     set of implementation-supported mechanisms.
-                     The returned gss_OID_set value will be a
-                     dynamically-allocated OID set, that should
-                     be released by the caller after use with a
-                     call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-5.19. gss_init_sec_context
-
-   OM_uint32 gss_init_sec_context (
-     OM_uint32                    *minor_status,
-     const gss_cred_id_t          initiator_cred_handle,
-     gss_ctx_id_t                 *context_handle,\
-     const gss_name_t             target_name,
-     const gss_OID                mech_type,
-     OM_uint32                    req_flags,
-     OM_uint32                    time_req,
-     const gss_channel_bindings_t input_chan_bindings,
-     const gss_buffer_t           input_token
-     gss_OID                      *actual_mech_type,
-     gss_buffer_t                 output_token,
-     OM_uint32                    *ret_flags,
-     OM_uint32                    *time_rec )
-
-   Purpose:
-
-   Initiates the establishment of a security context between the
-   application and a remote peer.  Initially, the input_token parameter
-   should be specified either as GSS_C_NO_BUFFER, or as a pointer to a
-   gss_buffer_desc object whose length field contains the value zero.
-   The routine may return a output_token which should be transferred to
-   the peer application, where the peer application will present it to
-   gss_accept_sec_context.  If no token need be sent,
-   gss_init_sec_context will indicate this by setting the length field
-
-
-
-Wray                        Standards Track                    [Page 55]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   of the output_token argument to zero. To complete the context
-   establishment, one or more reply tokens may be required from the peer
-   application; if so, gss_init_sec_context will return a status
-   containing the supplementary information bit GSS_S_CONTINUE_NEEDED.
-   In this case, gss_init_sec_context should be called again when the
-   reply token is received from the peer application, passing the reply
-   token to gss_init_sec_context via the input_token parameters.
-
-   Portable applications should be constructed to use the token length
-   and return status to determine whether a token needs to be sent or
-   waited for.  Thus a typical portable caller should always invoke
-   gss_init_sec_context within a loop:
-
-   int context_established = 0;
-   gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
-          ...
-   input_token->length = 0;
-
-   while (!context_established) {
-     maj_stat = gss_init_sec_context(&min_stat,
-                                     cred_hdl,
-                                     &context_hdl,
-                                     target_name,
-                                     desired_mech,
-                                     desired_services,
-                                     desired_time,
-                                     input_bindings,
-                                     input_token,
-                                     &actual_mech,
-                                     output_token,
-                                     &actual_services,
-                                     &actual_time);
-     if (GSS_ERROR(maj_stat)) {
-       report_error(maj_stat, min_stat);
-     };
-
-     if (output_token->length != 0) {
-       send_token_to_peer(output_token);
-       gss_release_buffer(&min_stat, output_token)
-     };
-     if (GSS_ERROR(maj_stat)) {
-
-       if (context_hdl != GSS_C_NO_CONTEXT)
-         gss_delete_sec_context(&min_stat,
-                                &context_hdl,
-                                GSS_C_NO_BUFFER);
-       break;
-     };
-
-
-
-Wray                        Standards Track                    [Page 56]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-     if (maj_stat & GSS_S_CONTINUE_NEEDED) {
-       receive_token_from_peer(input_token);
-     } else {
-       context_established = 1;
-     };
-   };
-
-   Whenever the routine returns a major status that includes the value
-   GSS_S_CONTINUE_NEEDED, the context is not fully established and the
-   following restrictions apply to the output parameters:
-
-      The value returned via the time_rec parameter is undefined Unless
-      the accompanying ret_flags parameter contains the bit
-      GSS_C_PROT_READY_FLAG, indicating that per-message services may be
-      applied in advance of a successful completion status, the value
-      returned via the actual_mech_type parameter is undefined until the
-      routine returns a major status value of GSS_S_COMPLETE.
-
-      The values of the GSS_C_DELEG_FLAG, GSS_C_MUTUAL_FLAG,
-      GSS_C_REPLAY_FLAG, GSS_C_SEQUENCE_FLAG, GSS_C_CONF_FLAG,
-      GSS_C_INTEG_FLAG and GSS_C_ANON_FLAG bits returned via the
-      ret_flags parameter should contain the values that the
-      implementation expects would be valid if context establishment
-      were to succeed.  In particular, if the application has requested
-      a service such as delegation or anonymous authentication via the
-      req_flags argument, and such a service is unavailable from the
-      underlying mechanism, gss_init_sec_context should generate a token
-      that will not provide the service, and indicate via the ret_flags
-      argument that the service will not be supported.  The application
-      may choose to abort the context establishment by calling
-      gss_delete_sec_context (if it cannot continue in the absence of
-      the service), or it may choose to transmit the token and continue
-      context establishment (if the service was merely desired but not
-      mandatory).
-
-      The values of the GSS_C_PROT_READY_FLAG and GSS_C_TRANS_FLAG bits
-      within ret_flags should indicate the actual state at the time
-      gss_init_sec_context returns, whether or not the context is fully
-      established.
-
-      GSS-API implementations that support per-message protection are
-      encouraged to set the GSS_C_PROT_READY_FLAG in the final ret_flags
-      returned to a caller (i.e. when accompanied by a GSS_S_COMPLETE
-      status code).  However, applications should not rely on this
-      behavior as the flag was not defined in Version 1 of the GSS-API.
-      Instead, applications should determine what per-message services
-      are available after a successful context establishment according
-      to the GSS_C_INTEG_FLAG and GSS_C_CONF_FLAG values.
-
-
-
-Wray                        Standards Track                    [Page 57]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-      All other bits within the ret_flags argument should be set to
-      zero.
-
-   If the initial call of gss_init_sec_context() fails, the
-   implementation should not create a context object, and should leave
-   the value of the context_handle parameter set to GSS_C_NO_CONTEXT to
-   indicate this.  In the event of a failure on a subsequent call, the
-   implementation is permitted to delete the "half-built" security
-   context (in which case it should set the context_handle parameter to
-   GSS_C_NO_CONTEXT), but the preferred behavior is to leave the
-   security context untouched for the application to delete (using
-   gss_delete_sec_context).
-
-   During context establishment, the informational status bits
-   GSS_S_OLD_TOKEN and GSS_S_DUPLICATE_TOKEN indicate fatal errors, and
-   GSS-API mechanisms should always return them in association with a
-   routine error of GSS_S_FAILURE.  This requirement for pairing did not
-   exist in version 1 of the GSS-API specification, so applications that
-   wish to run over version 1 implementations must special-case these
-   codes.
-
-   Parameters:
-
-   minor_status      Integer,  modify
-                     Mechanism specific status code.
-
-   initiator_cred_handle  gss_cred_id_t, read, optional
-                          handle for credentials claimed.  Supply
-                          GSS_C_NO_CREDENTIAL to act as a default
-                          initiator principal.  If no default
-                          initiator is defined, the function will
-                          return GSS_S_NO_CRED.
-
-   context_handle    gss_ctx_id_t, read/modify
-                     context handle for new context.  Supply
-                     GSS_C_NO_CONTEXT for first call; use value
-                     returned by first call in continuation calls.
-                     Resources associated with this context-handle
-                     must be released by the application after use
-                     with a call to gss_delete_sec_context().
-
-   target_name       gss_name_t, read
-                     Name of target
-
-   mech_type         OID, read, optional
-                     Object ID of desired mechanism. Supply
-                     GSS_C_NO_OID to obtain an implementation
-                     specific default
-
-
-
-Wray                        Standards Track                    [Page 58]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   req_flags         bit-mask, read
-                     Contains various independent flags, each of
-                     which requests that the context support a
-                     specific service option.  Symbolic
-                     names are provided for each flag, and the
-                     symbolic names corresponding to the required
-                     flags should be logically-ORed
-                     together to form the bit-mask value.  The
-                     flags are:
-
-                     GSS_C_DELEG_FLAG
-                       True - Delegate credentials to remote peer
-                       False - Don't delegate
-
-                     GSS_C_MUTUAL_FLAG
-                       True - Request that remote peer
-                              authenticate itself
-                       False - Authenticate self to remote peer
-                               only
-
-                     GSS_C_REPLAY_FLAG
-                       True - Enable replay detection for
-                              messages protected with gss_wrap
-                              or gss_get_mic
-                       False - Don't attempt to detect
-                               replayed messages
-
-                     GSS_C_SEQUENCE_FLAG
-                       True - Enable detection of out-of-sequence
-                              protected messages
-                       False - Don't attempt to detect
-                               out-of-sequence messages
-
-                     GSS_C_CONF_FLAG
-                       True - Request that confidentiality service
-                              be made available (via gss_wrap)
-                       False - No per-message confidentiality service
-                               is required.
-
-                     GSS_C_INTEG_FLAG
-                       True - Request that integrity service be
-                              made available (via gss_wrap or
-                              gss_get_mic)
-                       False - No per-message integrity service
-                               is required.
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 59]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                     GSS_C_ANON_FLAG
-                       True - Do not reveal the initiator's
-                              identity to the acceptor.
-                       False - Authenticate normally.
-
-   time_req          Integer, read, optional
-                     Desired number of seconds for which context
-                     should remain valid.  Supply 0 to request a
-                     default validity period.
-
-   input_chan_bindings  channel bindings, read, optional
-                        Application-specified bindings.  Allows
-                        application to securely bind channel
-                        identification information to the security
-                        context.  Specify GSS_C_NO_CHANNEL_BINDINGS
-                        if channel bindings are not used.
-
-   input_token       buffer, opaque, read, optional (see text)
-                     Token received from peer application.
-                     Supply GSS_C_NO_BUFFER, or a pointer to
-                     a buffer containing the value GSS_C_EMPTY_BUFFER
-                     on initial call.
-
-   actual_mech_type  OID, modify, optional
-                     Actual mechanism used.  The OID returned via
-                     this parameter will be a pointer to static
-                     storage that should be treated as read-only;
-                     In particular the application should not attempt
-                     to free it.  Specify NULL if not required.
-
-   output_token      buffer, opaque, modify
-                     token to be sent to peer application.  If
-                     the length field of the returned buffer is
-                     zero, no token need be sent to the peer
-                     application.  Storage associated with this
-                     buffer must be freed by the application
-                     after use with a call to gss_release_buffer().
-
-   ret_flags         bit-mask, modify, optional
-                     Contains various independent flags, each of which
-                     indicates that the context supports a specific
-                     service option.  Specify NULL if not
-                     required.  Symbolic names are provided
-                     for each flag, and the symbolic names
-                     corresponding to the required flags should be
-                     logically-ANDed with the ret_flags value to test
-                     whether a given option is supported by the
-                     context.  The flags are:
-
-
-
-Wray                        Standards Track                    [Page 60]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                     GSS_C_DELEG_FLAG
-                       True - Credentials were delegated to
-                              the remote peer
-                       False - No credentials were delegated
-
-                     GSS_C_MUTUAL_FLAG
-                       True - The remote peer has authenticated
-                              itself.
-                       False - Remote peer has not authenticated
-                               itself.
-
-                     GSS_C_REPLAY_FLAG
-                       True - replay of protected messages
-                              will be detected
-                       False - replayed messages will not be
-                               detected
-
-                     GSS_C_SEQUENCE_FLAG
-                       True - out-of-sequence protected
-                              messages will be detected
-                       False - out-of-sequence messages will
-                               not be detected
-
-                     GSS_C_CONF_FLAG
-                       True - Confidentiality service may be
-                              invoked by calling gss_wrap routine
-                       False - No confidentiality service (via
-                               gss_wrap) available. gss_wrap will
-                               provide message encapsulation,
-                               data-origin authentication and
-                               integrity services only.
-
-                     GSS_C_INTEG_FLAG
-                       True - Integrity service may be invoked by
-                              calling either gss_get_mic or gss_wrap
-                              routines.
-                       False - Per-message integrity service
-                               unavailable.
-
-                     GSS_C_ANON_FLAG
-                       True - The initiator's identity has not been
-                              revealed, and will not be revealed if
-                              any emitted token is passed to the
-                              acceptor.
-                       False - The initiator's identity has been or
-                               will be authenticated normally.
-
-                     GSS_C_PROT_READY_FLAG
-
-
-
-Wray                        Standards Track                    [Page 61]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                       True - Protection services (as specified
-                              by the states of the GSS_C_CONF_FLAG
-                              and GSS_C_INTEG_FLAG) are available for
-                              use if the accompanying major status
-                              return value is either GSS_S_COMPLETE or
-                              GSS_S_CONTINUE_NEEDED.
-                       False - Protection services (as specified
-                               by the states of the GSS_C_CONF_FLAG
-                               and GSS_C_INTEG_FLAG) are available
-                               only if the accompanying major status
-                               return value is GSS_S_COMPLETE.
-
-                     GSS_C_TRANS_FLAG
-                       True - The resultant security context may
-                              be transferred to other processes via
-                              a call to gss_export_sec_context().
-                       False - The security context is not
-                               transferable.
-
-                     All other bits should be set to zero.
-
-   time_rec          Integer, modify, optional
-                     number of seconds for which the context
-                     will remain valid. If the implementation does
-                     not support context expiration, the value
-                     GSS_C_INDEFINITE will be returned.  Specify
-                     NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTINUE_NEEDED Indicates that a token from the peer
-                         application is required to complete the
-                         context, and that gss_init_sec_context
-                         must be called again with that token.
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed
-                         on the input_token failed
-
-   GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
-                              performed on the credential failed.
-
-   GSS_S_NO_CRED     The supplied credentials were not valid for
-                     context initiation, or the credential handle
-                     did not reference any credentials.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired
-
-
-
-Wray                        Standards Track                    [Page 62]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   GSS_S_BAD_BINDINGS The input_token contains different channel
-                      bindings to those specified via the
-                      input_chan_bindings parameter
-
-   GSS_S_BAD_SIG     The input_token contains an invalid MIC, or a MIC
-                     that could not be verified
-
-   GSS_S_OLD_TOKEN   The input_token was too old.  This is a fatal
-                     error during context establishment
-
-   GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate
-                         of a token already processed.  This is a
-                         fatal error during context establishment.
-
-   GSS_S_NO_CONTEXT  Indicates that the supplied context handle did
-                     not refer to a valid context
-
-   GSS_S_BAD_NAMETYPE The provided target_name parameter contained an
-                      invalid or unsupported type of name
-
-   GSS_S_BAD_NAME    The provided target_name parameter was ill-formed.
-
-   GSS_S_BAD_MECH    The specified mechanism is not supported by the
-                     provided credential, or is unrecognized by the
-                     implementation.
-
-5.20. gss_inquire_context
-
-   OM_uint32 gss_inquire_context (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     gss_name_t         *src_name,
-     gss_name_t         *targ_name,
-     OM_uint32          *lifetime_rec,
-     gss_OID            *mech_type,
-     OM_uint32          *ctx_flags,
-     int                *locally_initiated,
-     int                *open )
-
-   Purpose:
-
-   Obtains information about a security context.  The caller must
-   already have obtained a handle that refers to the context, although
-   the context need not be fully established.
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 63]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   context_handle    gss_ctx_id_t, read
-                     A handle that refers to the security context.
-
-   src_name          gss_name_t, modify, optional
-                     The name of the context initiator.
-                     If the context was established using anonymous
-                     authentication, and if the application invoking
-                     gss_inquire_context is the context acceptor,
-                     an anonymous name will be returned.  Storage
-                     associated with this name must be freed by the
-                     application after use with a call to
-                     gss_release_name().  Specify NULL if not
-                     required.
-
-   targ_name         gss_name_t, modify, optional
-                     The name of the context acceptor.
-                     Storage associated with this name must be
-                     freed by the application after use with a call
-                     to gss_release_name().  If the context acceptor
-                     did not authenticate itself, and if the initiator
-                     did not specify a target name in its call to
-                     gss_init_sec_context(), the value GSS_C_NO_NAME
-                     will be returned.  Specify NULL if not required.
-
-   lifetime_rec      Integer, modify, optional
-                     The number of seconds for which the context
-                     will remain valid.  If the context has
-                     expired, this parameter will be set to zero.
-                     If the implementation does not support
-                     context expiration, the value
-                     GSS_C_INDEFINITE will be returned.  Specify
-                     NULL if not required.
-
-   mech_type         gss_OID, modify, optional
-                     The security mechanism providing the
-                     context.  The returned OID will be a
-                     pointer to static storage that should
-                     be treated as read-only by the application;
-                     in particular the application should not
-                     attempt to free it.  Specify NULL if not
-                     required.
-
-
-
-
-
-Wray                        Standards Track                    [Page 64]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   ctx_flags         bit-mask, modify, optional
-                     Contains various independent flags, each of
-                     which indicates that the context supports
-                     (or is expected to support, if ctx_open is
-                     false) a specific service option.  If not
-                     needed, specify NULL.  Symbolic names are
-                     provided for each flag, and the symbolic names
-                     corresponding to the required flags
-                     should be logically-ANDed with the ret_flags
-                     value to test whether a given option is
-                     supported by the context.  The flags are:
-
-                     GSS_C_DELEG_FLAG
-                       True - Credentials were delegated from
-                              the initiator to the acceptor.
-                       False - No credentials were delegated
-
-                     GSS_C_MUTUAL_FLAG
-                       True - The acceptor was authenticated
-                              to the initiator
-                       False - The acceptor did not authenticate
-                               itself.
-
-                     GSS_C_REPLAY_FLAG
-                       True - replay of protected messages
-                              will be detected
-                       False - replayed messages will not be
-                               detected
-
-                     GSS_C_SEQUENCE_FLAG
-                       True - out-of-sequence protected
-                              messages will be detected
-                       False - out-of-sequence messages will not
-                               be detected
-
-                     GSS_C_CONF_FLAG
-                       True - Confidentiality service may be invoked
-                              by calling gss_wrap routine
-                       False - No confidentiality service (via
-                               gss_wrap) available. gss_wrap will
-                               provide message encapsulation,
-                               data-origin authentication and
-                               integrity services only.
-
-                     GSS_C_INTEG_FLAG
-                       True - Integrity service may be invoked by
-                              calling either gss_get_mic or gss_wrap
-                              routines.
-
-
-
-Wray                        Standards Track                    [Page 65]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                       False - Per-message integrity service
-                               unavailable.
-
-                     GSS_C_ANON_FLAG
-                       True - The initiator's identity will not
-                              be revealed to the acceptor.
-                              The src_name parameter (if
-                              requested) contains an anonymous
-                              internal name.
-                       False - The initiator has been
-                               authenticated normally.
-
-                     GSS_C_PROT_READY_FLAG
-                       True - Protection services (as specified
-                              by the states of the GSS_C_CONF_FLAG
-                              and GSS_C_INTEG_FLAG) are available
-                              for use.
-                       False - Protection services (as specified
-                               by the states of the GSS_C_CONF_FLAG
-                               and GSS_C_INTEG_FLAG) are available
-                               only if the context is fully
-                               established (i.e. if the open parameter
-                               is non-zero).
-
-                     GSS_C_TRANS_FLAG
-                       True - The resultant security context may
-                              be transferred to other processes via
-                              a call to gss_export_sec_context().
-                       False - The security context is not
-                               transferable.
-
-   locally_initiated Boolean, modify
-                     Non-zero if the invoking application is the
-                     context initiator.
-                     Specify NULL if not required.
-
-   open              Boolean, modify
-                     Non-zero if the context is fully established;
-                     Zero if a context-establishment token
-                     is expected from the peer application.
-                     Specify NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CONTEXT  The referenced context could not be accessed.
-
-
-
-
-Wray                        Standards Track                    [Page 66]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.21. gss_inquire_cred
-
-   OM_uint32 gss_inquire_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t cred_handle,
-     gss_name_t          *name,
-     OM_uint32           *lifetime,
-     gss_cred_usage_t    *cred_usage,
-     gss_OID_set         *mechanisms )
-
-   Purpose:
-
-   Obtains information about a credential.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   cred_handle       gss_cred_id_t, read
-                     A handle that refers to the target credential.
-                     Specify GSS_C_NO_CREDENTIAL to inquire about
-                     the default initiator principal.
-
-   name              gss_name_t, modify, optional
-                     The name whose identity the credential asserts.
-                     Storage associated with this name should be freed
-                     by the application after use with a call to
-                     gss_release_name().  Specify NULL if not required.
-
-   lifetime          Integer, modify, optional
-                     The number of seconds for which the credential
-                     will remain valid.  If the credential has
-                     expired, this parameter will be set to zero.
-                     If the implementation does not support
-                     credential expiration, the value
-                     GSS_C_INDEFINITE will be returned.  Specify
-                     NULL if not required.
-
-   cred_usage        gss_cred_usage_t, modify, optional
-                     How the credential may be used.  One of the
-                     following:
-                     GSS_C_INITIATE
-                     GSS_C_ACCEPT
-                     GSS_C_BOTH
-                     Specify NULL if not required.
-
-
-
-
-
-Wray                        Standards Track                    [Page 67]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   mechanisms        gss_OID_set, modify, optional
-                     Set of mechanisms supported by the credential.
-                     Storage associated with this OID set must be
-                     freed by the application after use with a call
-                     to gss_release_oid_set().  Specify NULL if not
-                     required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CRED     The referenced credentials could not be accessed.
-
-   GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials were invalid.
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.
-                     If the lifetime parameter was not passed as NULL,
-                     it will be set to 0.
-
-5.22. gss_inquire_cred_by_mech
-
-   OM_uint32 gss_inquire_cred_by_mech (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t cred_handle,
-     const gss_OID       mech_type,
-     gss_name_t          *name,
-     OM_uint32           *initiator_lifetime,
-     OM_uint32           *acceptor_lifetime,
-     gss_cred_usage_t    *cred_usage )
-
-   Purpose:
-
-   Obtains per-mechanism information about a credential.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   cred_handle       gss_cred_id_t, read
-                     A handle that refers to the target credential.
-                     Specify GSS_C_NO_CREDENTIAL to inquire about
-                     the default initiator principal.
-
-   mech_type         gss_OID, read
-                     The mechanism for which information should be
-                     returned.
-
-
-
-
-Wray                        Standards Track                    [Page 68]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   name              gss_name_t, modify, optional
-                     The name whose identity the credential asserts.
-                     Storage associated with this name must be
-                     freed by the application after use with a call
-                     to gss_release_name().  Specify NULL if not
-                     required.
-
-   initiator_lifetime  Integer, modify, optional
-                     The number of seconds for which the credential
-                     will remain capable of initiating security contexts
-                     under the specified mechanism.  If the credential
-                     can no longer be used to initiate contexts, or if
-                     the credential usage for this mechanism is
-                     GSS_C_ACCEPT, this parameter will be set to zero.
-                     If the implementation does not support expiration
-                     of initiator credentials, the value
-                     GSS_C_INDEFINITE will be returned.  Specify NULL
-                     if not required.
-
-   acceptor_lifetime Integer, modify, optional
-                     The number of seconds for which the credential
-                     will remain capable of accepting security contexts
-                     under the specified mechanism.  If the credential
-                     can no longer be used to accept contexts, or if
-                     the credential usage for this mechanism is
-                     GSS_C_INITIATE, this parameter will be set to zero.
-
-                     If the implementation does not support expiration
-                     of acceptor credentials, the value GSS_C_INDEFINITE
-                     will be returned.  Specify NULL if not required.
-
-   cred_usage        gss_cred_usage_t, modify, optional
-                     How the credential may be used with the specified
-                     mechanism.  One of the following:
-                       GSS_C_INITIATE
-                       GSS_C_ACCEPT
-                       GSS_C_BOTH
-                     Specify NULL if not required.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CRED     The referenced credentials could not be accessed.
-
-   GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials were invalid.
-
-
-
-
-
-Wray                        Standards Track                    [Page 69]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.
-                    If the lifetime parameter was not passed as NULL,
-                    it will be set to 0.
-
-5.23. gss_inquire_mechs_for_name
-
-   OM_uint32 gss_inquire_mechs_for_name (
-     OM_uint32        *minor_status,
-     const gss_name_t input_name,
-     gss_OID_set      *mech_types )
-
-   Purpose:
-
-   Returns the set of mechanisms supported by the GSS-API implementation
-   that may be able to process the specified name.
-
-   Each mechanism returned will recognize at least one element within
-   the name.  It is permissible for this routine to be implemented
-   within a mechanism-independent GSS-API layer, using the type
-   information contained within the presented name, and based on
-   registration information provided by individual mechanism
-   implementations.  This means that the returned mech_types set may
-   indicate that a particular mechanism will understand the name when in
-   fact it would refuse to accept the name as input to
-   gss_canonicalize_name, gss_init_sec_context, gss_acquire_cred or
-   gss_add_cred (due to some property of the specific name, as opposed
-   to the name type).  Thus this routine should be used only as a pre-
-   filter for a call to a subsequent mechanism-specific routine.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   input_name        gss_name_t, read
-                     The name to which the inquiry relates.
-
-   mech_types        gss_OID_set, modify
-                     Set of mechanisms that may support the
-                     specified name.  The returned OID set
-                     must be freed by the caller after use
-                     with a call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    The input_name parameter was ill-formed.
-
-
-
-Wray                        Standards Track                    [Page 70]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   GSS_S_BAD_NAMETYPE The input_name parameter contained an invalid or
-                      unsupported type of name
-
-5.24. gss_inquire_names_for_mech
-
-   OM_uint32 gss_inquire_names_for_mech (
-     OM_uint32     *minor_status,
-     const gss_OID mechanism,
-     gss_OID_set   *name_types)
-
-   Purpose:
-
-   Returns the set of nametypes supported by the specified mechanism.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   mechanism         gss_OID, read
-                     The mechanism to be interrogated.
-
-   name_types        gss_OID_set, modify
-                     Set of name-types supported by the specified
-                     mechanism.  The returned OID set must be
-                     freed by the application after use with a
-                     call to gss_release_oid_set().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-5.25. gss_process_context_token
-
-   OM_uint32 gss_process_context_token (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     const gss_buffer_t token_buffer)
-
-        Purpose:
-
-   Provides a way to pass an asynchronous token to the security service.
-   Most context-level tokens are emitted and processed synchronously by
-   gss_init_sec_context and gss_accept_sec_context, and the application
-   is informed as to whether further tokens are expected by the
-   GSS_C_CONTINUE_NEEDED major status bit.  Occasionally, a mechanism
-   may need to emit a context-level token at a point when the peer
-   entity is not expecting a token.  For example, the initiator's final
-
-
-
-Wray                        Standards Track                    [Page 71]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   call to gss_init_sec_context may emit a token and return a status of
-   GSS_S_COMPLETE, but the acceptor's call to gss_accept_sec_context may
-   fail.  The acceptor's mechanism may wish to send a token containing
-   an error indication to the initiator, but the initiator is not
-   expecting a token at this point, believing that the context is fully
-   established.  Gss_process_context_token provides a way to pass such a
-   token to the mechanism at any time.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Implementation specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     context handle of context on which token is to
-                     be processed
-
-   token_buffer      buffer, opaque, read
-                     token to process
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed
-                     on the token failed
-
-   GSS_S_NO_CONTEXT  The context_handle did not refer to a valid context
-
-5.26. gss_release_buffer
-
-   OM_uint32 gss_release_buffer (
-     OM_uint32    *minor_status,
-     gss_buffer_t buffer)
-
-   Purpose:
-
-   Free storage associated with a buffer.  The storage must have been
-   allocated by a GSS-API routine.  In addition to freeing the
-   associated storage, the routine will zero the length field in the
-   descriptor to which the buffer parameter refers, and implementations
-   are encouraged to additionally set the pointer field in the
-   descriptor to NULL.  Any buffer object returned by a GSS-API routine
-   may be passed to gss_release_buffer (even if there is no storage
-   associated with the buffer).
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 72]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   buffer            buffer, modify
-                     The storage associated with the buffer will be
-                     deleted.  The gss_buffer_desc object will not
-                     be freed, but its length field will be zeroed.
-
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-5.27. gss_release_cred
-
-   OM_uint32 gss_release_cred (
-     OM_uint32     *minor_status,
-     gss_cred_id_t *cred_handle)
-
-   Purpose:
-
-   Informs GSS-API that the specified credential handle is no longer
-   required by the application, and frees associated resources.
-   Implementations are encouraged to set the cred_handle to
-   GSS_C_NO_CREDENTIAL on successful completion of this call.
-
-   Parameters:
-
-   cred_handle       gss_cred_id_t, modify, optional
-                     Opaque handle identifying credential
-                     to be released.  If GSS_C_NO_CREDENTIAL
-                     is supplied, the routine will complete
-                     successfully, but will do nothing.
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CRED     Credentials could not be accessed.
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 73]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.28. gss_release_name
-
-   OM_uint32 gss_release_name (
-     OM_uint32  *minor_status,
-     gss_name_t *name)
-
-   Purpose:
-
-   Free GSSAPI-allocated storage associated with an internal-form name.
-   Implementations are encouraged to set the name to GSS_C_NO_NAME on
-   successful completion of this call.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   name              gss_name_t, modify
-                     The name to be deleted
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_BAD_NAME    The name parameter did not contain a valid name
-
-5.29. gss_release_oid_set
-
-   OM_uint32 gss_release_oid_set (
-     OM_uint32   *minor_status,
-     gss_OID_set *set)
-
-   Purpose:
-
-   Free storage associated with a GSSAPI-generated gss_OID_set object.
-   The set parameter must refer to an OID-set that was returned from a
-   GSS-API routine.  gss_release_oid_set() will free the storage
-   associated with each individual member OID, the OID set's elements
-   array, and the gss_OID_set_desc.
-
-   Implementations are encouraged to set the gss_OID_set parameter to
-   GSS_C_NO_OID_SET on successful completion of this routine.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-
-
-
-Wray                        Standards Track                    [Page 74]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   set               Set of Object IDs, modify
-                     The storage associated with the gss_OID_set
-                     will be deleted.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-5.30. gss_test_oid_set_member
-
-   OM_uint32 gss_test_oid_set_member (
-     OM_uint32         *minor_status,
-     const gss_OID     member,
-     const gss_OID_set set,
-     int               *present)
-
-   Purpose:
-
-   Interrogate an Object Identifier set to determine whether a specified
-   Object Identifier is a member.  This routine is intended to be used
-   with OID sets returned by gss_indicate_mechs(), gss_acquire_cred(),
-   and gss_inquire_cred(), but will also work with user-generated sets.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   member            Object ID, read
-                     The object identifier whose presence
-                     is to be tested.
-
-   set               Set of Object ID, read
-                     The Object Identifier set.
-
-   present           Boolean, modify
-                     non-zero if the specified OID is a member
-                     of the set, zero if not.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 75]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.31. gss_unwrap
-
-   OM_uint32 gss_unwrap (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     const gss_buffer_t input_message_buffer,
-     gss_buffer_t       output_message_buffer,
-     int                *conf_state,
-     gss_qop_t          *qop_state)
-
-   Purpose:
-
-   Converts a message previously protected by gss_wrap back to a usable
-   form, verifying the embedded MIC.  The conf_state parameter indicates
-   whether the message was encrypted; the qop_state parameter indicates
-   the strength of protection that was used to provide the
-   confidentiality and integrity services.
-
-   Since some application-level protocols may wish to use tokens emitted
-   by gss_wrap() to provide "secure framing", implementations must
-   support the wrapping and unwrapping of zero-length messages.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context on which the message
-                     arrived
-
-   input_message_buffer  buffer, opaque, read
-                     protected message
-
-   output_message_buffer  buffer, opaque, modify
-                     Buffer to receive unwrapped message.
-                     Storage associated with this buffer must
-                     be freed by the application after use use
-                     with a call to gss_release_buffer().
-
-   conf_state        boolean, modify, optional
-                     Non-zero - Confidentiality and integrity
-                                protection were used
-                     Zero - Integrity service only was used
-                     Specify NULL if not required
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 76]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   qop_state         gss_qop_t, modify, optional
-                     Quality of protection provided.
-                     Specify NULL if not required
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
-
-   GSS_S_BAD_SIG     The MIC was incorrect
-
-   GSS_S_DUPLICATE_TOKEN The token was valid, and contained a correct
-                         MIC for the message, but it had already been
-                         processed
-
-   GSS_S_OLD_TOKEN   The token was valid, and contained a correct MIC
-                     for the message, but it is too old to check for
-                     duplication.
-
-   GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct MIC
-                     for the message, but has been verified out of
-                     sequence; a later token has already been
-                     received.
-
-   GSS_S_GAP_TOKEN   The token was valid, and contained a correct MIC
-                     for the message, but has been verified out of
-                     sequence; an earlier expected token has not yet
-                     been received.
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify
-                     a valid context
-
-5.32. gss_verify_mic
-
-   OM_uint32 gss_verify_mic (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     const gss_buffer_t message_buffer,
-     const gss_buffer_t token_buffer,
-     gss_qop_t          *qop_state)
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 77]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Purpose:
-
-   Verifies that a cryptographic MIC, contained in the token parameter,
-   fits the supplied message.  The qop_state parameter allows a message
-   recipient to determine the strength of protection that was applied to
-   the message.
-
-   Since some application-level protocols may wish to use tokens emitted
-   by gss_wrap() to provide "secure framing", implementations must
-   support the calculation and verification of MICs over zero-length
-   messages.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context on which the message
-                     arrived
-
-   message_buffer    buffer, opaque, read
-                     Message to be verified
-
-   token_buffer      buffer, opaque, read
-                     Token associated with message
-
-   qop_state         gss_qop_t, modify, optional
-                     quality of protection gained from MIC
-                     Specify NULL if not required
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
-
-   GSS_S_BAD_SIG     The MIC was incorrect
-
-   GSS_S_DUPLICATE_TOKEN The token was valid, and contained a correct
-                     MIC for the message, but it had already been
-                     processed
-
-   GSS_S_OLD_TOKEN   The token was valid, and contained a correct MIC
-                     for the message, but it is too old to check for
-                     duplication.
-
-
-
-
-
-Wray                        Standards Track                    [Page 78]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct MIC
-                     for the message, but has been verified out of
-                     sequence; a later token has already been received.
-
-   GSS_S_GAP_TOKEN   The token was valid, and contained a correct MIC
-                     for the message, but has been verified out of
-                     sequence; an earlier expected token has not yet
-                     been received.
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a
-                     valid context
-
-5.33. gss_wrap
-
-   OM_uint32 gss_wrap (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     int               conf_req_flag,
-     gss_qop_t          qop_req
-     const gss_buffer_t input_message_buffer,
-     int                *conf_state,
-     gss_buffer_t       output_message_buffer )
-
-   Purpose:
-
-   Attaches a cryptographic MIC and optionally encrypts the specified
-   input_message.  The output_message contains both the MIC and the
-   message.  The qop_req parameter allows a choice between several
-   cryptographic algorithms, if supported by the chosen mechanism.
-
-   Since some application-level protocols may wish to use tokens emitted
-   by gss_wrap() to provide "secure framing", implementations must
-   support the wrapping of zero-length messages.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code.
-
-   context_handle    gss_ctx_id_t, read
-                     Identifies the context on which the message
-                     will be sent
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 79]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   conf_req_flag     boolean, read
-                     Non-zero - Both confidentiality and integrity
-                                services are requested
-                     Zero - Only integrity service is requested
-
-   qop_req           gss_qop_t, read, optional
-                     Specifies required quality of protection.  A
-                     mechanism-specific default may be requested by
-                     setting qop_req to GSS_C_QOP_DEFAULT.  If an
-                     unsupported protection strength is requested,
-                     gss_wrap will return a major_status of
-                     GSS_S_BAD_QOP.
-
-   input_message_buffer  buffer, opaque, read
-                     Message to be protected
-
-   conf_state        boolean, modify, optional
-                     Non-zero - Confidentiality, data origin
-                                authentication and integrity
-                                services have been applied
-                     Zero - Integrity and data origin services only
-                            has been applied.
-                     Specify NULL if not required
-
-   output_message_buffer  buffer, opaque, modify
-                     Buffer to receive protected message.
-                     Storage associated with this message must
-                     be freed by the application after use with
-                     a call to gss_release_buffer().
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_CONTEXT_EXPIRED The context has already expired
-
-   GSS_S_NO_CONTEXT  The context_handle parameter did not identify a
-                     valid context
-
-   GSS_S_BAD_QOP     The specified QOP is not supported by the
-                     mechanism.
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 80]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-5.34. gss_wrap_size_limit
-
-   OM_uint32 gss_wrap_size_limit (
-     OM_uint32          *minor_status,
-     const gss_ctx_id_t context_handle,
-     int                conf_req_flag,
-     gss_qop_t          qop_req,
-     OM_uint32          req_output_size,
-     OM_uint32          *max_input_size)
-
-   Purpose:
-
-   Allows an application to determine the maximum message size that, if
-   presented to gss_wrap with the same conf_req_flag and qop_req
-   parameters, will result in an output token containing no more than
-   req_output_size bytes.
-
-   This call is intended for use by applications that communicate over
-   protocols that impose a maximum message size.  It enables the
-   application to fragment messages prior to applying protection.
-
-   GSS-API implementations are recommended but not required to detect
-   invalid QOP values when gss_wrap_size_limit() is called. This routine
-   guarantees only a maximum message size, not the availability of
-   specific QOP values for message protection.
-
-   Successful completion of this call does not guarantee that gss_wrap
-   will be able to protect a message of length max_input_size bytes,
-   since this ability may depend on the availability of system resources
-   at the time that gss_wrap is called.  However, if the implementation
-   itself imposes an upper limit on the length of messages that may be
-   processed by gss_wrap, the implementation should not return a value
-   via max_input_bytes that is greater than this length.
-
-   Parameters:
-
-   minor_status      Integer, modify
-                     Mechanism specific status code
-
-   context_handle    gss_ctx_id_t, read
-                     A handle that refers to the security over
-                     which the messages will be sent.
-
-   conf_req_flag     Boolean, read
-                     Indicates whether gss_wrap will be asked
-                     to apply confidentiality protection in
-
-
-
-
-
-Wray                        Standards Track                    [Page 81]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-                     addition to integrity protection.  See
-                     the routine description for gss_wrap
-                     for more details.
-
-   qop_req           gss_qop_t, read
-                     Indicates the level of protection that
-                     gss_wrap will be asked to provide.  See
-                     the routine description for gss_wrap for
-                     more details.
-
-   req_output_size   Integer, read
-                     The desired maximum size for tokens emitted
-                     by gss_wrap.
-
-   max_input_size    Integer, modify
-                     The maximum input message size that may
-                     be presented to gss_wrap in order to
-                     guarantee that the emitted token shall
-                     be no larger than req_output_size bytes.
-
-   Function value:   GSS status code
-
-   GSS_S_COMPLETE    Successful completion
-
-   GSS_S_NO_CONTEXT  The referenced context could not be accessed.
-
-   GSS_S_CONTEXT_EXPIRED The context has expired.
-
-   GSS_S_BAD_QOP     The specified QOP is not supported by the
-                     mechanism.
-
-6.   Security Considerations
-
-   This document specifies a service interface for security facilities
-   and services; as such, security considerations appear throughout the
-   specification. Nonetheless, it is appropriate to summarize certain
-   specific points relevant to GSS-API implementors and calling
-   applications. Usage of the GSS-API interface does not in itself
-   provide security services or assurance; instead, these attributes are
-   dependent on the underlying mechanism(s) which support a GSS-API
-   implementation. Callers must be attentive to the requests made to
-   GSS-API calls and to the status indicators returned by GSS-API, as
-   these specify the security service characteristics which GSS-API will
-   provide. When the interprocess context transfer facility is used,
-   appropriate local controls should be applied to constrain access to
-   interprocess tokens and to the sensitive data which they contain.
-
-
-
-
-
-Wray                        Standards Track                    [Page 82]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   Appendix A. GSS-API C header file gssapi.h
-
-   C-language GSS-API implementations should include a copy of the
-   following header-file.
-
-   #ifndef GSSAPI_H_
-   #define GSSAPI_H_
-
-
-
-   /*
-    * First, include stddef.h to get size_t defined.
-    */
-   #include <stddef.h>
-
-   /*
-    * If the platform supports the xom.h header file, it should be
-    * included here.
-    */
-   #include <xom.h>
-
-
-   /*
-    * Now define the three implementation-dependent types.
-    */
-   typedef <platform-specific> gss_ctx_id_t;
-   typedef <platform-specific> gss_cred_id_t;
-   typedef <platform-specific> gss_name_t;
-
-   /*
-    * The following type must be defined as the smallest natural
-    * unsigned integer supported by the platform that has at least
-    * 32 bits of precision.
-    */
-   typedef <platform-specific> gss_uint32;
-
-
-   #ifdef OM_STRING
-   /*
-    * We have included the xom.h header file.  Verify that OM_uint32
-    * is defined correctly.
-    */
-
-   #if sizeof(gss_uint32) != sizeof(OM_uint32)
-   #error Incompatible definition of OM_uint32 from xom.h
-   #endif
-
-   typedef OM_object_identifier gss_OID_desc, *gss_OID;
-
-
-
-Wray                        Standards Track                    [Page 83]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   #else
-
-   /*
-    * We can't use X/Open definitions, so roll our own.
-    */
-
-   typedef gss_uint32 OM_uint32;
-
-   typedef struct gss_OID_desc_struct {
-     OM_uint32 length;
-     void      *elements;
-   } gss_OID_desc, *gss_OID;
-
-   #endif
-
-   typedef struct gss_OID_set_desc_struct  {
-     size_t     count;
-     gss_OID    elements;
-   } gss_OID_set_desc, *gss_OID_set;
-
-   typedef struct gss_buffer_desc_struct {
-     size_t length;
-     void *value;
-   } gss_buffer_desc, *gss_buffer_t;
-
-   typedef struct gss_channel_bindings_struct {
-     OM_uint32 initiator_addrtype;
-     gss_buffer_desc initiator_address;
-     OM_uint32 acceptor_addrtype;
-     gss_buffer_desc acceptor_address;
-     gss_buffer_desc application_data;
-   } *gss_channel_bindings_t;
-
-   /*
-    * For now, define a QOP-type as an OM_uint32
-    */
-   typedef OM_uint32 gss_qop_t;
-
-   typedef int gss_cred_usage_t;
-
-   /*
-    * Flag bits for context-level services.
-    */
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 84]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   #define GSS_C_DELEG_FLAG      1
-   #define GSS_C_MUTUAL_FLAG     2
-   #define GSS_C_REPLAY_FLAG     4
-   #define GSS_C_SEQUENCE_FLAG   8
-   #define GSS_C_CONF_FLAG       16
-   #define GSS_C_INTEG_FLAG      32
-   #define GSS_C_ANON_FLAG       64
-   #define GSS_C_PROT_READY_FLAG 128
-   #define GSS_C_TRANS_FLAG      256
-
-   /*
-    * Credential usage options
-    */
-   #define GSS_C_BOTH     0
-   #define GSS_C_INITIATE 1
-   #define GSS_C_ACCEPT   2
-
-   /*
-    * Status code types for gss_display_status
-    */
-   #define GSS_C_GSS_CODE  1
-   #define GSS_C_MECH_CODE 2
-
-   /*
-    * The constant definitions for channel-bindings address families
-    */
-   #define GSS_C_AF_UNSPEC     0
-   #define GSS_C_AF_LOCAL      1
-   #define GSS_C_AF_INET       2
-   #define GSS_C_AF_IMPLINK    3
-   #define GSS_C_AF_PUP        4
-   #define GSS_C_AF_CHAOS      5
-   #define GSS_C_AF_NS         6
-   #define GSS_C_AF_NBS        7
-   #define GSS_C_AF_ECMA       8
-   #define GSS_C_AF_DATAKIT    9
-   #define GSS_C_AF_CCITT      10
-   #define GSS_C_AF_SNA        11
-   #define GSS_C_AF_DECnet     12
-   #define GSS_C_AF_DLI        13
-   #define GSS_C_AF_LAT        14
-   #define GSS_C_AF_HYLINK     15
-   #define GSS_C_AF_APPLETALK  16
-   #define GSS_C_AF_BSC        17
-   #define GSS_C_AF_DSS        18
-   #define GSS_C_AF_OSI        19
-   #define GSS_C_AF_X25        21
-
-
-
-
-Wray                        Standards Track                    [Page 85]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   #define GSS_C_AF_NULLADDR   255
-
-   /*
-    * Various Null values
-    */
-   #define GSS_C_NO_NAME ((gss_name_t) 0)
-   #define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-   #define GSS_C_NO_OID ((gss_OID) 0)
-   #define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-   #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-   #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-   #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-   #define GSS_C_EMPTY_BUFFER {0, NULL}
-
-   /*
-    * Some alternate names for a couple of the above
-    * values.  These are defined for V1 compatibility.
-    */
-   #define GSS_C_NULL_OID GSS_C_NO_OID
-   #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-   /*
-    * Define the default Quality of Protection for per-message
-    * services.  Note that an implementation that offers multiple
-    * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
-    * (as done here) to mean "default protection", or to a specific
-    * explicit QOP value.  However, a value of 0 should always be
-    * interpreted by a GSS-API implementation as a request for the
-    * default protection level.
-    */
-   #define GSS_C_QOP_DEFAULT 0
-
-   /*
-    * Expiration time of 2^32-1 seconds means infinite lifetime for a
-    * credential or security context
-    */
-   #define GSS_C_INDEFINITE 0xfffffffful
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    * "\x01\x02\x01\x01"},
-    * corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
-    * GSS_C_NT_USER_NAME should be initialized to point
-    * to that gss_OID_desc.
-
-
-
-Wray                        Standards Track                    [Page 86]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-    */
-   extern gss_OID GSS_C_NT_USER_NAME;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    *              "\x01\x02\x01\x02"},
-    * corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
-    * The constant GSS_C_NT_MACHINE_UID_NAME should be
-    * initialized to point to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    *              "\x01\x02\x01\x03"},
-    * corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
-    * The constant GSS_C_NT_STRING_UID_NAME should be
-    * initialized to point to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
-    * corresponding to an object-identifier value of
-    * {iso(1) org(3) dod(6) internet(1) security(5)
-    * nametypes(6) gss-host-based-services(2)).  The constant
-    * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
-    * to that gss_OID_desc.  This is a deprecated OID value, and
-    * implementations wishing to support hostbased-service names
-    * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
-    * defined below, to identify such names;
-    * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
-    * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
-    * parameter, but should not be emitted by GSS-API
-    * implementations
-    */
-   extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
-
-
-
-
-Wray                        Standards Track                    [Page 87]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
-    *              "\x01\x02\x01\x04"}, corresponding to an
-    * object-identifier value of {iso(1) member-body(2)
-    * Unites States(840) mit(113554) infosys(1) gssapi(2)
-    * generic(1) service_name(4)}.  The constant
-    * GSS_C_NT_HOSTBASED_SERVICE should be initialized
-    * to point to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
-    * corresponding to an object identifier value of
-    * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
-    * 6(nametypes), 3(gss-anonymous-name)}.  The constant
-    * and GSS_C_NT_ANONYMOUS should be initialized to point
-    * to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_ANONYMOUS;
-
-
-   /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value
-    * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
-    * corresponding to an object-identifier value of
-    * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
-    * 6(nametypes), 4(gss-api-exported-name)}.  The constant
-    * GSS_C_NT_EXPORT_NAME should be initialized to point
-    * to that gss_OID_desc.
-    */
-   extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-
-   /* Major status codes */
-
-   #define GSS_S_COMPLETE 0
-
-   /*
-    * Some "helper" definitions to make the status code macros obvious.
-    */
-   #define GSS_C_CALLING_ERROR_OFFSET 24
-   #define GSS_C_ROUTINE_ERROR_OFFSET 16
-
-
-
-Wray                        Standards Track                    [Page 88]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   #define GSS_C_SUPPLEMENTARY_OFFSET 0
-   #define GSS_C_CALLING_ERROR_MASK 0377ul
-   #define GSS_C_ROUTINE_ERROR_MASK 0377ul
-   #define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-   /*
-    * The macros that test status codes for error conditions.
-    * Note that the GSS_ERROR() macro has changed slightly from
-    * the V1 GSS-API so that it now evaluates its argument
-    * only once.
-    */
-   #define GSS_CALLING_ERROR(x) \
-    (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-   #define GSS_ROUTINE_ERROR(x) \
-    (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-   #define GSS_SUPPLEMENTARY_INFO(x) \
-    (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-   #define GSS_ERROR(x) \
-    (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-          (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-   /*
-    * Now the actual status code definitions
-    */
-
-   /*
-    * Calling errors:
-
-    */
-   #define GSS_S_CALL_INACCESSIBLE_READ \
-   (1ul << GSS_C_CALLING_ERROR_OFFSET)
-   #define GSS_S_CALL_INACCESSIBLE_WRITE \
-   (2ul << GSS_C_CALLING_ERROR_OFFSET)
-   #define GSS_S_CALL_BAD_STRUCTURE \
-   (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-   /*
-    * Routine errors:
-    */
-   #define GSS_S_BAD_MECH             (1ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_NAME             (2ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_NAMETYPE         (3ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_BINDINGS         (4ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_STATUS           (5ul <<
-
-
-
-Wray                        Standards Track                    [Page 89]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_SIG              (6ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_MIC GSS_S_BAD_SIG
-   #define GSS_S_NO_CRED              (7ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_NO_CONTEXT           (8ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_DEFECTIVE_TOKEN      (9ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_DEFECTIVE_CREDENTIAL (10ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_CREDENTIALS_EXPIRED  (11ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_CONTEXT_EXPIRED      (12ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_FAILURE              (13ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_BAD_QOP              (14ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_UNAUTHORIZED         (15ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_UNAVAILABLE          (16ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_DUPLICATE_ELEMENT    (17ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-   #define GSS_S_NAME_NOT_MN          (18ul <<
-   GSS_C_ROUTINE_ERROR_OFFSET)
-
-   /*
-    * Supplementary info bits:
-    */
-   #define GSS_S_CONTINUE_NEEDED \
-            (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-   #define GSS_S_DUPLICATE_TOKEN \
-            (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-   #define GSS_S_OLD_TOKEN \
-            (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-   #define GSS_S_UNSEQ_TOKEN \
-            (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-   #define GSS_S_GAP_TOKEN \
-            (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-   /*
-    * Finally, function prototypes for the GSS-API routines.
-    */
-
-
-
-
-
-Wray                        Standards Track                    [Page 90]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   OM_uint32 gss_acquire_cred
-                 (OM_uint32 ,             /*  minor_status */
-                  const gss_name_t,       /* desired_name */
-                  OM_uint32,              /* time_req */
-                  const gss_OID_set,      /* desired_mechs */
-                  gss_cred_usage_t,       /* cred_usage */
-                  gss_cred_id_t ,         /* output_cred_handle */
-                  gss_OID_set ,           /* actual_mechs */
-                  OM_uint32 *             /* time_rec */
-                 );
-
-   OM_uint32 gss_release_cred
-                 (OM_uint32 ,             /* minor_status */
-                  gss_cred_id_t *         /* cred_handle */
-                 );
-
-   OM_uint32 gss_init_sec_context
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_cred_id_t,    /* initiator_cred_handle */
-                  gss_ctx_id_t ,          /* context_handle */
-                  const gss_name_t,       /* target_name */
-                  const gss_OID,          /* mech_type */
-                  OM_uint32,              /* req_flags */
-                  OM_uint32,              /* time_req */
-                  const gss_channel_bindings_t,
-                                          /* input_chan_bindings */
-                  const gss_buffer_t,     /* input_token */
-                  gss_OID ,               /* actual_mech_type */
-                  gss_buffer_t,           /* output_token */
-                  OM_uint32 ,             /* ret_flags */
-                  OM_uint32 *             /* time_rec */
-                 );
-
-   OM_uint32 gss_accept_sec_context
-                 (OM_uint32 ,             /* minor_status */
-                  gss_ctx_id_t ,          /* context_handle */
-                  const gss_cred_id_t,    /* acceptor_cred_handle */
-                  const gss_buffer_t,     /* input_token_buffer */
-                  const gss_channel_bindings_t,
-                                          /* input_chan_bindings */
-                  gss_name_t ,            /* src_name */
-                  gss_OID ,               /* mech_type */
-                  gss_buffer_t,           /* output_token */
-                  OM_uint32 ,             /* ret_flags */
-                  OM_uint32 ,             /* time_rec */
-                  gss_cred_id_t *         /* delegated_cred_handle */
-                 );
-
-
-
-
-Wray                        Standards Track                    [Page 91]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   OM_uint32 gss_process_context_token
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  const gss_buffer_t      /* token_buffer */
-                 );
-
-   OM_uint32 gss_delete_sec_context
-                 (OM_uint32 ,             /* minor_status */
-                  gss_ctx_id_t ,          /* context_handle */
-                  gss_buffer_t            /* output_token */
-                 );
-
-   OM_uint32 gss_context_time
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  OM_uint32 *             /* time_rec */
-                 );
-
-   OM_uint32 gss_get_mic
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  gss_qop_t,              /* qop_req */
-                  const gss_buffer_t,     /* message_buffer */
-                  gss_buffer_t            /* message_token */
-                 );
-
-   OM_uint32 gss_verify_mic
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  const gss_buffer_t,     /* message_buffer */
-                  const gss_buffer_t,     /* token_buffer */
-                  gss_qop_t *             /* qop_state */
-                 );
-
-   OM_uint32 gss_wrap
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  int,                    /* conf_req_flag */
-                  gss_qop_t,              /* qop_req */
-                  const gss_buffer_t,     /* input_message_buffer */
-                  int ,                   /* conf_state */
-                  gss_buffer_t            /* output_message_buffer */
-                 );
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 92]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   OM_uint32 gss_unwrap
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  const gss_buffer_t,     /* input_message_buffer */
-                  gss_buffer_t,           /* output_message_buffer */
-                  int ,                   /* conf_state */
-                  gss_qop_t *             /* qop_state */
-                 );
-
-
-
-   OM_uint32 gss_display_status
-                 (OM_uint32 ,             /* minor_status */
-                  OM_uint32,              /* status_value */
-                  int,                    /* status_type */
-                  const gss_OID,          /* mech_type */
-                  OM_uint32 ,             /* message_context */
-                  gss_buffer_t            /* status_string */
-                 );
-
-   OM_uint32 gss_indicate_mechs
-                 (OM_uint32 ,             /* minor_status */
-                  gss_OID_set *           /* mech_set */
-                 );
-
-   OM_uint32 gss_compare_name
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_name_t,       /* name1 */
-                  const gss_name_t,       /* name2 */
-                  int *                   /* name_equal */
-                 );
-
-   OM_uint32 gss_display_name
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_name_t,       /* input_name */
-                  gss_buffer_t,           /* output_name_buffer */
-                  gss_OID *               /* output_name_type */
-                 );
-
-   OM_uint32 gss_import_name
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_buffer_t,     /* input_name_buffer */
-                  const gss_OID,          /* input_name_type */
-                  gss_name_t *            /* output_name */
-                 );
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 93]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   OM_uint32 gss_export_name
-                 (OM_uint32,              /* minor_status */
-                  const gss_name_t,       /* input_name */
-                  gss_buffer_t            /* exported_name */
-                 );
-
-   OM_uint32 gss_release_name
-                 (OM_uint32 *,            /* minor_status */
-                  gss_name_t *            /* input_name */
-                 );
-
-   OM_uint32 gss_release_buffer
-                 (OM_uint32 ,             /* minor_status */
-                  gss_buffer_t            /* buffer */
-                 );
-
-   OM_uint32 gss_release_oid_set
-                 (OM_uint32 ,             /* minor_status */
-                  gss_OID_set *           /* set */
-                 );
-
-   OM_uint32 gss_inquire_cred
-                 (OM_uint32 ,             /* minor_status */
-                  const gss_cred_id_t,    /* cred_handle */
-                  gss_name_t ,            /* name */
-                  OM_uint32 ,             /* lifetime */
-                  gss_cred_usage_t ,      /* cred_usage */
-                  gss_OID_set *           /* mechanisms */
-                 );
-
-   OM_uint32 gss_inquire_context (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  gss_name_t ,            /* src_name */
-                  gss_name_t ,            /* targ_name */
-                  OM_uint32 ,             /* lifetime_rec */
-                  gss_OID ,               /* mech_type */
-                  OM_uint32 ,             /* ctx_flags */
-                  int ,                   /* locally_initiated */
-                  int *                   /* open */
-                 );
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 94]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   OM_uint32 gss_wrap_size_limit (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_ctx_id_t,     /* context_handle */
-                  int,                    /* conf_req_flag */
-                  gss_qop_t,              /* qop_req */
-                  OM_uint32,              /* req_output_size */
-                  OM_uint32 *             /* max_input_size */
-                 );
-
-   OM_uint32 gss_add_cred (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_cred_id_t,    /* input_cred_handle */
-                  const gss_name_t,       /* desired_name */
-                  const gss_OID,          /* desired_mech */
-                  gss_cred_usage_t,       /* cred_usage */
-                  OM_uint32,              /* initiator_time_req */
-                  OM_uint32,              /* acceptor_time_req */
-                  gss_cred_id_t ,         /* output_cred_handle */
-                  gss_OID_set ,           /* actual_mechs */
-                  OM_uint32 ,             /* initiator_time_rec */
-                  OM_uint32 *             /* acceptor_time_rec */
-                 );
-
-   OM_uint32 gss_inquire_cred_by_mech (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_cred_id_t,    /* cred_handle */
-                  const gss_OID,          /* mech_type */
-                  gss_name_t ,            /* name */
-                  OM_uint32 ,             /* initiator_lifetime */
-                  OM_uint32 ,             /* acceptor_lifetime */
-                  gss_cred_usage_t *      /* cred_usage */
-                 );
-
-   OM_uint32 gss_export_sec_context (
-                  OM_uint32 ,             /* minor_status */
-                  gss_ctx_id_t ,          /* context_handle */
-                  gss_buffer_t            /* interprocess_token */
-                 );
-
-   OM_uint32 gss_import_sec_context (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_buffer_t,     /* interprocess_token */
-                  gss_ctx_id_t *          /* context_handle */
-                 );
-
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 95]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   OM_uint32 gss_create_empty_oid_set (
-                  OM_uint32 ,             /* minor_status */
-                  gss_OID_set *           /* oid_set */
-                 );
-
-   OM_uint32 gss_add_oid_set_member (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_OID,          /* member_oid */
-                  gss_OID_set *           /* oid_set */
-                 );
-
-   OM_uint32 gss_test_oid_set_member (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_OID,          /* member */
-                  const gss_OID_set,      /* set */
-                  int *                   /* present */
-                 );
-
-   OM_uint32 gss_inquire_names_for_mech (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_OID,          /* mechanism */
-                  gss_OID_set *           /* name_types */
-                 );
-
-   OM_uint32 gss_inquire_mechs_for_name (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_name_t,       /* input_name */
-                  gss_OID_set *           /* mech_types */
-                 );
-
-   OM_uint32 gss_canonicalize_name (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_name_t,       /* input_name */
-                  const gss_OID,          /* mech_type */
-                  gss_name_t *            /* output_name */
-                 );
-
-   OM_uint32 gss_duplicate_name (
-                  OM_uint32 ,             /* minor_status */
-                  const gss_name_t,       /* src_name */
-                  gss_name_t *            /* dest_name */
-                 );
-
-   /*
-    * The following routines are obsolete variants of gss_get_mic,
-    * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
-    * provided by GSS-API V2 implementations for backwards
-    * compatibility with V1 applications.  Distinct entrypoints
-
-
-
-Wray                        Standards Track                    [Page 96]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-    * (as opposed to #defines) should be provided, both to allow
-    * GSS-API V1 applications to link against GSS-API V2
-      implementations,
-    * and to retain the slight parameter type differences between the
-    * obsolete versions of these routines and their current forms.
-    */
-
-   OM_uint32 gss_sign
-                 (OM_uint32 ,        /* minor_status */
-                  gss_ctx_id_t,      /* context_handle */
-                  int,               /* qop_req */
-                  gss_buffer_t,      /* message_buffer */
-                  gss_buffer_t       /* message_token */
-                 );
-
-
-   OM_uint32 gss_verify
-                 (OM_uint32 ,        /* minor_status */
-                  gss_ctx_id_t,      /* context_handle */
-                  gss_buffer_t,      /* message_buffer */
-                  gss_buffer_t,      /* token_buffer */
-                  int *              /* qop_state */
-                 );
-
-   OM_uint32 gss_seal
-                 (OM_uint32 ,        /* minor_status */
-                  gss_ctx_id_t,      /* context_handle */
-                  int,               /* conf_req_flag */
-                  int,               /* qop_req */
-                  gss_buffer_t,      /* input_message_buffer */
-                  int ,              /* conf_state */
-                  gss_buffer_t       /* output_message_buffer */
-                 );
-
-
-   OM_uint32 gss_unseal
-                 (OM_uint32 ,        /* minor_status */
-                  gss_ctx_id_t,      /* context_handle */
-                  gss_buffer_t,      /* input_message_buffer */
-                  gss_buffer_t,      /* output_message_buffer */
-                  int ,              /* conf_state */
-                  int *              /* qop_state */
-                 );
-
-   #endif /* GSSAPI_H_ */
-
-
-
-
-
-
-Wray                        Standards Track                    [Page 97]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-Appendix B. Additional constraints for application binary portability
-
-   The purpose of this C-bindings document is to encourage source-level
-   portability of applications across GSS-API implementations on
-   different platforms and atop different mechanisms.  Additional goals
-   that have not been explicitly addressed by this document are link-
-   time and run-time portability.
-
-   Link-time portability provides the ability to compile an application
-   against one implementation of GSS-API, and then link it against a
-   different implementation on the same platform.  It is a stricter
-   requirement than source-level portability.
-
-   Run-time portability differs from link-time portability only on those
-   platforms that implement dynamically loadable GSS-API
-   implementations, but do not offer load-time symbol resolution. On
-   such platforms, run-time portability is a stricter requirement than
-   link-time portability, and will typically include the precise
-   placement of the various GSS-API routines within library entrypoint
-   vectors.
-
-   Individual platforms will impose their own rules that must be
-   followed to achieve link-time (and run-time, if different)
-   portability.  In order to ensure either form of binary portability,
-   an ABI specification must be written for GSS-API implementations on
-   that platform.  However, it is recognized that there are some issues
-   that are likely to be common to all such ABI specifications. This
-   appendix is intended to be a repository for such common issues, and
-   contains some suggestions that individual ABI specifications may
-   choose to reference. Since machine architectures vary greatly, it may
-   not be possible or desirable to follow these suggestions on all
-   platforms.
-
-B.1. Pointers
-
-   While ANSI-C provides a single pointer type for each declared type,
-   plus a single (void *) type, some platforms (notably those using
-   segmented memory architectures) augment this with various modified
-   pointer types (e.g. far pointers, near pointers). These language
-   bindings assume ANSI-C, and thus do not address such non-standard
-   implementations.  GSS-API implementations for such platforms must
-   choose an appropriate memory model, and should use it consistently
-   throughout.  For example, if a memory model is chosen that requires
-   the use of far pointers when passing routine parameters, then far
-   pointers should also be used within the structures defined by GSS-
-   API.
-
-
-
-
-
-Wray                        Standards Track                    [Page 98]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-B.2. Internal structure alignment
-
-   GSS-API defines several data-structures containing differently-sized
-   fields.  An ABI specification should include a detailed description
-   of how the fields of such structures are aligned, and if there is any
-   internal padding in these data structures.  The use of compiler
-   defaults for the platform is recommended.
-
-B.3. Handle types
-
-   The C bindings specify that the gss_cred_id_t and gss_ctx_id_t types
-   should be implemented as either pointer or arithmetic types, and that
-   if pointer types are used, care should be taken to ensure that two
-   handles may be compared with the == operator. Note that ANSI-C does
-   not guarantee that two pointer values may be compared with the ==
-   operator unless either the two pointers point to members of a single
-   array, or at least one of the pointers contains a NULL value.
-
-   For binary portability, additional constraints are required. The
-   following is an attempt at defining platform-independent constraints.
-
-   The size of the handle type must be the same as sizeof(void *), using
-   the appropriate memory model.
-
-   The == operator for the chosen type must be a simple bit-wise
-   comparison.  That is, for two in-memory handle objects h1 and h2, the
-   boolean value of the expression
-
-      (h1 == h2)
-
-   should always be the same as the boolean value of the expression
-
-      (memcmp(&h1, &h2, sizeof(h1)) == 0)
-
-   The actual use of the type (void *) for handle types is discouraged,
-   not for binary portability reasons, but since it effectively disables
-   much of the compile-time type-checking that the compiler can
-   otherwise perform, and is therefore not "programmer-friendly".  If a
-   pointer implementation is desired, and if the platform's
-   implementation of pointers permits, the handles should be implemented
-   as pointers to distinct implementation-defined types.
-
-B.4. The gss_name_t type
-
-   The gss_name_t type, representing the internal name object, should be
-   implemented as a pointer type.  The use of the (void *) type is
-   discouraged as it does not allow the compiler to perform strong
-   type-checking.  However, the pointer type chosen should be of the
-
-
-
-Wray                        Standards Track                    [Page 99]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-   same size as the (void *) type.  Provided this rule is obeyed, ABI
-   specifications need not further constrain the implementation of
-   gss_name_t objects.
-
-B.5. The int and size_t types
-
-   Some platforms may support differently sized implementations of the
-   "int" and "size_t" types, perhaps chosen through compiler switches,
-   and perhaps dependent on memory model.  An ABI specification for such
-   a platform should include required implementations for these types.
-   It is recommended that the default implementation (for the chosen
-   memory model, if appropriate) is chosen.
-
-B.6. Procedure-calling conventions
-
-   Some platforms support a variety of different binary conventions for
-   calling procedures.  Such conventions cover things like the format of
-   the stack frame, the order in which the routine parameters are pushed
-   onto the stack, whether or not a parameter count is pushed onto the
-   stack, whether some argument(s) or return values are to be passed in
-   registers, and whether the called routine or the caller is
-   responsible for removing the stack frame on return.  For such
-   platforms, an ABI specification should specify which calling
-   convention is to be used for GSS-API implementations.
-
-References
-
-   [GSSAPI]    Linn, J., "Generic Security Service Application Program
-               Interface Version 2, Update 1", RFC 2743, January 2000.
-
-   [XOM]       OSI Object Management API Specification, Version 2.0 t",
-               X.400 API Association & X/Open Company Limited, August
-               24, 1990 Specification of datatypes and routines for
-               manipulating information objects.
-
-Author's Address
-
-   John Wray
-   Iris Associates
-   5 Technology Park Drive,
-   Westford, MA  01886
-   USA
-
-   Phone: +1-978-392-6689
-   EMail: John_Wray@Iris.com
-
-
-
-
-
-
-Wray                        Standards Track                   [Page 100]
-
-RFC 2744                 GSS-API V2: C-bindings             January 2000
-
-
-Full Copyright Statement
-
-   Copyright (C) The Internet Society (2000).  All Rights Reserved.
-
-   This document and translations of it may be copied and furnished to
-   others, and derivative works that comment on or otherwise explain it
-   or assist in its implementation may be prepared, copied, published
-   and distributed, in whole or in part, without restriction of any
-   kind, provided that the above copyright notice and this paragraph are
-   included on all such copies and derivative works.  However, this
-   document itself may not be modified in any way, such as by removing
-   the copyright notice or references to the Internet Society or other
-   Internet organizations, except as needed for the purpose of
-   developing Internet standards in which case the procedures for
-   copyrights defined in the Internet Standards process must be
-   followed, or as required to translate it into languages other than
-   English.
-
-   The limited permissions granted above are perpetual and will not be
-   revoked by the Internet Society or its successors or assigns.
-
-   This document and the information contained herein is provided on an
-   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Acknowledgement
-
-   Funding for the RFC Editor function is currently provided by the
-   Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Wray                        Standards Track                   [Page 101]
-
diff --git a/crypto/heimdal/doc/whatis.texi b/crypto/heimdal/doc/whatis.texi
deleted file mode 100644
index eff52d779ce0..000000000000
--- a/crypto/heimdal/doc/whatis.texi
+++ /dev/null
@@ -1,151 +0,0 @@
-@c $Id: whatis.texi,v 1.5 2001/01/28 22:11:23 assar Exp $
-
-@node What is Kerberos?, Building and Installing, Introduction, Top
-@chapter What is Kerberos?
-
-@quotation
-@flushleft
-        Now this Cerberus had three heads of dogs,
-        the tail of a dragon, and on his back the
-        heads of all sorts of snakes.
-        --- Pseudo-Apollodorus Library 2.5.12
-@end flushleft
-@end quotation
-
-Kerberos is a system for authenticating users and services on a network.
-It is built upon the assumption that the network is ``unsafe''.  For
-example, data sent over the network can be eavesdropped and altered, and
-addresses can also be faked.  Therefore they cannot be used for
-authentication purposes.
-@cindex authentication
-
-Kerberos is a trusted third-party service.  That means that there is a
-third party (the kerberos server) that is trusted by all the entities on
-the network (users and services, usually called @dfn{principals}).  All
-principals share a secret password (or key) with the kerberos server and
-this enables principals to verify that the messages from the kerberos
-server are authentic.  Thus trusting the kerberos server, users and
-services can authenticate each other.
-
-@section Basic mechanism
-
-@ifinfo
-@macro sub{arg}
-<\arg\>
-@end macro
-@end ifinfo
-
-@tex
-@def@xsub#1{$_{#1}$}
-@global@let@sub=@xsub
-@end tex
-
-@ifhtml
-@macro sub{arg}
-<\arg\>
-@end macro
-@end ifhtml
-
-@quotation
-@strong{Note:} This discussion is about Kerberos version 4, but version
-5 works similarly.
-@end quotation
-
-In Kerberos, principals use @dfn{tickets} to prove that they are who
-they claim to be. In the following example, @var{A} is the initiator of
-the authentication exchange, usually a user, and @var{B} is the service
-that @var{A} wishes to use.
-
-To obtain a ticket for a specific service, @var{A} sends a ticket
-request to the kerberos server. The request contains @var{A}'s and
-@var{B}'s names (along with some other fields). The kerberos server
-checks that both @var{A} and @var{B} are valid principals.
-
-Having verified the validity of the principals, it creates a packet
-containing @var{A}'s and @var{B}'s names, @var{A}'s network address
-(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime
-of the ticket (@var{life}), and a secret @dfn{session key}
-@cindex session key
-(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key
-(@var{K@sub{B}}).  The actual ticket (@var{T@sub{AB}}) looks like this:
-(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life},
-@var{K@sub{AB}}@}@var{K@sub{B}}).
-
-The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s
-name, the current time, the lifetime of the ticket, and the session key, all
-encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}},
-@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A}
-decrypts the reply and retains it for later use.
-
-@sp 1
-
-Before sending a message to @var{B}, @var{A} creates an authenticator
-consisting of @var{A}'s name, @var{A}'s address, the current time, and a
-``checksum'' chosen by @var{A}, all encrypted with the secret session
-key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}},
-@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket
-received from the kerberos server to @var{B}.  Upon reception, @var{B}
-decrypts the ticket using @var{B}'s secret key.  Since the ticket
-contains the session key that the authenticator was encrypted with,
-@var{B} can now also decrypt the authenticator. To verify that @var{A}
-really is @var{A}, @var{B} now has to compare the contents of the ticket
-with that of the authenticator. If everything matches, @var{B} now
-considers @var{A} as properly authenticated.
-
-@c (here we should have some more explanations)
-
-@section Different attacks
-
-@subheading Impersonating A
-
-An impostor, @var{C} could steal the authenticator and the ticket as it
-is transmitted across the network, and use them to impersonate
-@var{A}. The address in the ticket and the authenticator was added to
-make it more difficult to perform this attack.  To succeed @var{C} will
-have to either use the same machine as @var{A} or fake the source
-addresses of the packets. By including the time stamp in the
-authenticator, @var{C} does not have much time in which to mount the
-attack.
-
-@subheading Impersonating B
-
-@var{C} can hijack @var{B}'s network address, and when @var{A} sends
-her credentials, @var{C} just pretend to verify them. @var{C} can't
-be sure that she is talking to @var{A}.
-
-@section Defense strategies
-
-It would be possible to add a @dfn{replay cache}
-@cindex replay cache
-to the server side.  The idea is to save the authenticators sent during
-the last few minutes, so that @var{B} can detect when someone is trying
-to retransmit an already used message. This is somewhat impractical
-(mostly regarding efficiency), and is not part of Kerberos 4; MIT
-Kerberos 5 contains it.
-
-To authenticate @var{B}, @var{A} might request that @var{B} sends
-something back that proves that @var{B} has access to the session
-key. An example of this is the checksum that @var{A} sent as part of the
-authenticator. One typical procedure is to add one to the checksum,
-encrypt it with the session key and send it back to @var{A}.  This is
-called @dfn{mutual authentication}.
-
-The session key can also be used to add cryptographic checksums to the
-messages sent between @var{A} and @var{B} (known as @dfn{message
-integrity}).  Encryption can also be added (@dfn{message
-confidentiality}). This is probably the best approach in all cases.
-@cindex integrity
-@cindex confidentiality
-
-@section Further reading
-
-The original paper on Kerberos from 1988 is @cite{Kerberos: An
-Authentication Service for Open Network Systems}, by Jennifer Steiner,
-Clifford Neuman and Jeffrey I. Schiller.
-
-A less technical description can be found in @cite{Designing an
-Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also
-from 1988.
-
-These documents can be found on our web-page at
-@url{http://www.pdc.kth.se/kth-krb/}.
diff --git a/crypto/heimdal/doc/win2k.texi b/crypto/heimdal/doc/win2k.texi
deleted file mode 100644
index 2db4da1e627c..000000000000
--- a/crypto/heimdal/doc/win2k.texi
+++ /dev/null
@@ -1,288 +0,0 @@
-@c $Id: win2k.texi,v 1.15 2001/07/19 16:44:41 assar Exp $
-
-@node Windows 2000 compatability, Programming with Kerberos, Kerberos 4 issues, Top
-@comment  node-name,  next,  previous,  up
-@chapter Windows 2000 compatability
-
-Windows 2000 (formerly known as Windows NT 5) from Microsoft implements
-Kerberos 5.  Their implementation, however, has some quirks,
-peculiarities, and bugs.  This chapter is a short summary of the things
-that we have found out while trying to test Heimdal against Windows
-2000.  Another big problem with the Kerberos implementation in Windows
-2000 is that the available documentation is more focused on getting
-things to work rather than how they work and not that useful in figuring
-out how things really work.
-
-This information should apply to Heimdal @value{VERSION} and Windows
-2000 Professional.  It's of course subject all the time and mostly consists of
-our not so inspired guesses.  Hopefully it's still somewhat useful.
-
-@menu
-* Configuring Windows 2000 to use a Heimdal KDC::  
-* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC::  
-* Create account mappings::     
-* Encryption types::            
-* Authorization data::          
-* Quirks of Windows 2000 KDC::  
-* Useful links when reading about the Windows 2000::  
-@end menu
-
-@node Configuring Windows 2000 to use a Heimdal KDC, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability, Windows 2000 compatability
-@comment node-name, next, precious, up
-@section Configuring Windows 2000 to use a Heimdal KDC
-
-You need the command line program called @code{ksetup.exe} which is available
-in the file @code{SUPPORT/TOOLS/SUPPORT.CAB} on the Windows 2000 Professional
-CD-ROM. This program is used to configure the Kerberos settings on a
-Workstation.
-
-@code{Ksetup} store the domain information under the registry key:
-@code{HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains}.
-
-Use the kadmin program in Heimdal to create a host principal in the
-Kerberos realm.
-
-@example
-unix% kadmin
-kadmin> ank -pw password host/datan.my.domain
-@end example
-
-You must configure the Workstation as a member of a workgroup, as opposed
-to a member in an NT domain, and specify the KDC server of the realm
-as follows:
-@example
-C:> ksetup /setdomain MY.REALM
-C:> ksetup /addkdc MY.REALM kdc.my.domain
-@end example
-
-Set the machine password, i.e. create the local keytab:
-@example
-C:> ksetup /setmachpassword password
-@end example
-
-The workstation must now be rebooted.
-
-A mapping between local NT users and Kerberos principals must be specified,
-you have two choices:
-
-@example
-C:> ksetup /mapuser user@@MY.REALM nt_user
-@end example
-
-This will map a user to a specific principal, this allows you to have
-other usernames in the realm than in your NT user database. (Don't ask
-me why on earth you would want that...)
-
-You can also say:
-@example
-C:> ksetup /mapuser * *
-@end example
-The Windows machine will now map any user to the corresponding principal,
-for example @samp{nisse} to the principal @samp{nisse@@MY.REALM}.
-(This is most likely what you want.)
-
-@node Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Create account mappings, Configuring Windows 2000 to use a Heimdal KDC, Windows 2000 compatability
-@comment node-name, next, precious, up
-@section Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
-
-See also the Step-by-Step guide from Microsoft, referenced below.
-
-Install Windows 2000, and create a new controller (Active Directory
-Server) for the domain.
-
-By default the trust will be non-transitive. This means that only users
-directly from the trusted domain may authenticate. This can be changed
-to transitive by using the @code{netdom.exe} tool.
-
-You need to tell Windows 2000 on what hosts to find the KDCs for the
-non-Windows realm with @code{ksetup}, see @xref{Configuring Windows 2000
-to use a Heimdal KDC}.
-
-This need to be done on all computers that want enable cross-realm
-login with @code{Mapped Names}.
-
-Then you need to add the inter-realm keys on the Windows kdc. Start the
-Domain Tree Management tool. (Found in Programs, Administrative tools,
-Active Directory Domains and Trusts).
-
-Right click on Properties of your domain, select the Trust tab.  Press
-Add on the appropriate trust windows and enter domain name and
-password. When prompted if this is a non-Windows Kerberos realm, press
-OK.
-
-Do not forget to add trusts in both directions.
-
-You also need to add the inter-realm keys to the Heimdal KDC. There are
-some tweaks that you need to do to @file{krb5.conf} beforehand.
-
-@example
-[libdefaults]
-	default_etypes = des-cbc-crc
-	default_etypes_des = des-cbc-crc
-@end example
-
-since otherwise checksum types that are not understood by Windows 2000
-will be generated (@xref{Quirks of Windows 2000 KDC}.).
-
-Another issue is salting.  Since Windows 2000 does not seem to
-understand Kerberos 4 salted hashes you might need to turn off anything
-similar to the following if you have it, at least while adding the
-principals that are going to share keys with Windows 2000.
-
-@example
-	[kadmin]default_keys = v5 v4
-@end example
-
-You must also set:
-
-Once that is also done, you can add the required inter-realm keys:
-
-@example
-kadmin add krbtgt/NT.REALM.EXAMPLE.COM@@EXAMPLE.COM
-kadmin add krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM
-@end example
-
-Use the same passwords for both keys.
-
-Do not forget to reboot before trying the new realm-trust (after running
-@code{ksetup}). It looks like it might work, but packets are never sent to the
-non-Windows KDC.
-
-@node Create account mappings, Encryption types, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability
-@comment node-name, next, precious, up
-@section Create account mappings
-
-Start the @code{Active Directory Users and Computers} tool. Select the
-View menu, that is in the left corner just below the real menu (or press
-Alt-V), and select Advanced Features. Right click on the user that you
-are going to do a name mapping for and choose Name mapping.
-
-Click on the Kerberos Names tab and add a new principal from the
-non-Windows domain.
-
-@node Encryption types, Authorization data, Create account mappings, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Encryption types
-
-Windows 2000 supports both the standard DES encryptions (des-cbc-crc and
-des-cbc-md5) and its own proprietary encryption that is based on MD4 and
-rc4 that is documented in and is supposed to be described in
-@file{draft-brezak-win2k-krb-rc4-hmac-03.txt}.  New users will get both
-MD4 and DES keys.  Users that are converted from a NT4 database, will
-only have MD4 passwords and will need a password change to get a DES
-key.
-
-Heimdal implements both of these encryption types, but since DES is the
-standard and the hmac-code is somewhat newer, it is likely to work better.
-
-@node Authorization data, Quirks of Windows 2000 KDC, Encryption types, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Authorization data
-
-The Windows 2000 KDC also adds extra authorization data in tickets.
-It is at this point unclear what triggers it to do this.  The format of
-this data is only available under a ``secret'' license from Microsoft,
-which prohibits you implementing it.
-
-A simple way of getting hold of the data to be able to understand it
-better is described here.
-
-@enumerate
-@item Find the client example on using the SSPI in the SDK documentation.
-@item Change ``AuthSamp'' in the source code to lowercase.
-@item Build the program.
-@item Add the ``authsamp'' principal with a known password to the
-database.  Make sure it has a DES key.
-@item Run @kbd{ktutil add} to add the key for that principal to a
-keytab.
-@item Run @kbd{appl/test/nt_gss_server -p 2000 -s authsamp
---dump-auth=file} where file is an appropriate file.
-@item It should authenticate and dump for you the authorization data in
-the file.
-@item The tool @kbd{lib/asn1/asn1_print} is somewhat useful for
-analyzing the data.
-@end enumerate
-
-@node Quirks of Windows 2000 KDC, Useful links when reading about the Windows 2000, Authorization data, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Quirks of Windows 2000 KDC
-
-There are some issues with salts and Windows 2000.  Using an empty salt,
-which is the only one that Kerberos 4 supported and is therefore known
-as a Kerberos 4 compatible salt does not work, as far as we can tell
-from out experiments and users reports.  Therefore, you have to make
-sure you keep around keys with all the different types of salts that are
-required.
-
-Microsoft seems also to have forgotten to implement the checksum
-algorithms @samp{rsa-md4-des} and @samp{rsa-md5-des}. This can make Name
-mapping (@pxref{Create account mappings}) fail if a @code{des-cbc-md5} key
-is used. To make the KDC return only @code{des-cbc-crc} you must delete
-the @code{des-cbc-md5} key from the kdc using the @code{kadmin
-del_enctype} command.
-
-@example
-kadmin del_enctype lha des-cbc-md5
-@end example
-
-You should also add the following entries to the @file{krb5.conf} file:
-
-@example
-[libdefaults]
-	default_etypes = des-cbc-crc
-	default_etypes_des = des-cbc-crc
-@end example
-
-These configuration options will make sure that no checksums of the
-unsupported types are generated.
-
-@node Useful links when reading about the Windows 2000,  , Quirks of Windows 2000 KDC, Windows 2000 compatability
-@comment  node-name,  next,  previous,  up
-@section Useful links when reading about the Windows 2000
-
-See also our paper presented at the 2001 usenix Annual Technical
-Conference, available in the proceedings or at
-@url{http://www.usenix.org/publications/library/proceedings/usenix01/freenix01/westerlund.html}.
-
-There are lots of text about Kerberos on Microsoft's web site, here is a
-short list of the interesting documents that we have managed to find.
-
-@itemize @bullet
-
-@item Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability -
-@url{http://www.microsoft.com/windows2000/library/planning/security/kerbsteps.asp}
-Kerberos GSS-API (in Windows-ize SSPI), Windows as a client in a
-non-Windows KDC realm, adding unix clients to a Windows 2000 KDC, and
-adding cross-realm trust (@xref{Inter-Realm keys (trust) between Windows 2000
-and a Heimdal KDC}.).
-
-@item Windows 2000 Kerberos Authentication - 
-@url{http://www.microsoft.com/TechNet/win2000/win2ksrv/technote/kerberos.asp}
-White paper that describes how Kerberos is used in Windows 2000.
-
-@item Overview of kerberos -
-@url{http://support.microsoft.com/support/kb/articles/Q248/7/58.ASP}
-Links to useful other links.
-
-@item Klist for windows - 
-@url{http://msdn.microsoft.com/library/periodic/period00/security0500.htm}
-Describes where to get a klist for Windows 2000.
-
-@item Event logging for kerberos -
-@url{http://support.microsoft.com/support/kb/articles/Q262/1/77.ASP}.
-Basicly it say that you can add a registry key
-@code{HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\LogLevel}
-with value DWORD equal to 1, and then you'll get logging in the Event
-Logger.
-
-@item Access to the active directory through LDAP
-@url{http://msdn.microsoft.com/library/techart/kerberossamp.htm}
-
-@end itemize
-
-Other useful programs include these:
-
-@itemize @bullet
-@item pwdump2
-@url{http://www.webspan.net/~tas/pwdump2/}
-@end itemize
diff --git a/crypto/heimdal/etc/services.append b/crypto/heimdal/etc/services.append
deleted file mode 100644
index 9ee650d97445..000000000000
--- a/crypto/heimdal/etc/services.append
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# $Id: services.append,v 1.6 2001/08/08 15:48:37 assar Exp $
-#
-# Kerberos services
-#
-kerberos	88/udp		kerberos-sec	# Kerberos v5 UDP
-kerberos	88/tcp		kerberos-sec	# Kerberos v5 TCP
-kpasswd		464/udp				# password changing
-kpasswd		464/tcp				# password changing
-klogin		543/tcp				# Kerberos authenticated rlogin
-kshell		544/tcp		krcmd		# and remote shell
-ekshell		545/tcp		      # Kerberos encrypted remote shell -kfall
-ekshell2	2106/tcp	      # What U of Colorado @ Boulder uses?
-kerberos-adm	749/udp				# v5 kadmin
-kerberos-adm	749/tcp				# v5 kadmin
-kerberos-iv	750/udp		kdc		# Kerberos authentication--udp
-kerberos-iv	750/tcp		kdc		# Kerberos authentication--tcp
-kerberos_master 751/udp				# v4 kadmin
-kerberos_master 751/tcp				# v4 kadmin
-krb_prop	754/tcp		hprop		# Kerberos slave propagation
-kpop		1109/tcp			# Pop with Kerberos
-eklogin		2105/tcp			# Kerberos encrypted rlogin
-rkinit		2108/tcp			# Kerberos remote kinit
-kf		2110/tcp			# forward credentials
-kx		2111/tcp			# X over kerberos
-kip		2112/tcp			# IP over kerberos
-kauth		2120/tcp			# Remote kauth
-iprop		2121/tcp			# incremental propagation
-krb524		4444/udp			# MIT 5->4
diff --git a/crypto/heimdal/include/Makefile b/crypto/heimdal/include/Makefile
deleted file mode 100644
index 16745f4a6890..000000000000
--- a/crypto/heimdal/include/Makefile
+++ /dev/null
@@ -1,736 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# include/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -DHOST=\"$(CANONICAL_HOST)\"
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = kadm5
-
-noinst_PROGRAMS = bits
-CHECK_LOCAL = 
-
-include_HEADERS = krb5-types.h
-
-CLEANFILES = \
-	asn1.h		\
-	asn1_err.h	\
-	base64.h	\
-	com_err.h	\
-	com_right.h	\
-	der.h		\
-	des.h		\
-	editline.h	\
-	err.h		\
-	getarg.h	\
-	glob.h		\
-	gssapi.h	\
-	hdb.h		\
-	hdb_asn1.h	\
-	hdb_err.h	\
-	heim_err.h	\
-	kafs.h		\
-	krb5-protos.h	\
-	krb5-private.h	\
-	krb5-types.h	\
-	krb5.h		\
-	krb5_err.h	\
-	md4.h		\
-	md5.h		\
-	rc4.h		\
-	otp.h		\
-	parse_time.h	\
-	parse_units.h	\
-	resolve.h	\
-	roken-common.h	\
-	roken.h		\
-	sha.h		\
-	sl.h		\
-	xdbm.h
-
-subdir = include
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES =
-noinst_PROGRAMS = bits$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-bits_SOURCES = bits.c
-bits_OBJECTS = bits.$(OBJEXT)
-bits_LDADD = $(LDADD)
-bits_DEPENDENCIES =
-bits_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I.
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = bits.c
-HEADERS = $(include_HEADERS)
-
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in config.h.in
-DIST_SUBDIRS = $(SUBDIRS)
-SOURCES = bits.c
-
-all: config.h
-	$(MAKE) $(AM_MAKEFLAGS) all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  include/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-config.h: stamp-h1
-	@if test ! -f $@; then \
-	  rm -f stamp-h1; \
-	  $(MAKE) stamp-h1; \
-	else :; fi
-
-stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
-	@rm -f stamp-h1
-	cd $(top_builddir) && $(SHELL) ./config.status include/config.h
-
-$(srcdir)/config.h.in:  $(top_srcdir)/configure.in $(ACLOCAL_M4) 
-	cd $(top_srcdir) && $(AUTOHEADER)
-	touch $(srcdir)/config.h.in
-
-distclean-hdr:
-	-rm -f config.h stamp-h1
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES) 
-	@rm -f bits$(EXEEXT)
-	$(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile $(PROGRAMS) $(HEADERS) config.h all-local
-installdirs: installdirs-recursive
-installdirs-am:
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-compile distclean-generic distclean-hdr \
-	distclean-libtool distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool \
-	clean-noinstPROGRAMS clean-recursive distclean \
-	distclean-compile distclean-generic distclean-hdr \
-	distclean-libtool distclean-recursive distclean-tags distdir \
-	dvi dvi-am dvi-recursive info info-am info-recursive install \
-	install-am install-data install-data-am install-data-local \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-includeHEADERS install-info \
-	install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am \
-	uninstall-includeHEADERS uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-krb5-types.h: bits$(EXEEXT)
-	./bits$(EXEEXT) krb5-types.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/Makefile.am b/crypto/heimdal/include/Makefile.am
deleted file mode 100644
index c283cd2a4997..000000000000
--- a/crypto/heimdal/include/Makefile.am
+++ /dev/null
@@ -1,56 +0,0 @@
-# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = kadm5
-
-noinst_PROGRAMS = bits make_crypto
-CHECK_LOCAL =
-
-INCLUDES += -DHOST=\"$(CANONICAL_HOST)\"
-
-include_HEADERS = krb5-types.h
-noinst_HEADERS = crypto-headers.h
-
-krb5-types.h: bits$(EXEEXT)
-	./bits$(EXEEXT) krb5-types.h
-
-crypto-headers.h: make_crypto$(EXEEXT)
-	./make_crypto$(EXEEXT) crypto-headers.h
-
-CLEANFILES =		\
-	asn1.h		\
-	asn1_err.h	\
-	base64.h	\
-	com_err.h	\
-	com_right.h	\
-	crypto-headers.h\
-	der.h		\
-	des.h		\
-	editline.h	\
-	err.h		\
-	getarg.h	\
-	glob.h		\
-	gssapi.h	\
-	hdb.h		\
-	hdb_asn1.h	\
-	hdb_err.h	\
-	heim_err.h	\
-	kafs.h		\
-	krb5-protos.h	\
-	krb5-private.h	\
-	krb5-types.h	\
-	krb5.h		\
-	krb5_err.h	\
-	md4.h		\
-	md5.h		\
-	rc4.h		\
-	otp.h		\
-	parse_time.h	\
-	parse_units.h	\
-	resolve.h	\
-	roken-common.h	\
-	roken.h		\
-	sha.h		\
-	sl.h		\
-	xdbm.h
diff --git a/crypto/heimdal/include/Makefile.in b/crypto/heimdal/include/Makefile.in
deleted file mode 100644
index ec98e009ef39..000000000000
--- a/crypto/heimdal/include/Makefile.in
+++ /dev/null
@@ -1,747 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -DHOST=\"$(CANONICAL_HOST)\"
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = kadm5
-
-noinst_PROGRAMS = bits make_crypto
-CHECK_LOCAL = 
-
-include_HEADERS = krb5-types.h
-noinst_HEADERS = crypto-headers.h
-
-CLEANFILES = \
-	asn1.h		\
-	asn1_err.h	\
-	base64.h	\
-	com_err.h	\
-	com_right.h	\
-	crypto-headers.h\
-	der.h		\
-	des.h		\
-	editline.h	\
-	err.h		\
-	getarg.h	\
-	glob.h		\
-	gssapi.h	\
-	hdb.h		\
-	hdb_asn1.h	\
-	hdb_err.h	\
-	heim_err.h	\
-	kafs.h		\
-	krb5-protos.h	\
-	krb5-private.h	\
-	krb5-types.h	\
-	krb5.h		\
-	krb5_err.h	\
-	md4.h		\
-	md5.h		\
-	rc4.h		\
-	otp.h		\
-	parse_time.h	\
-	parse_units.h	\
-	resolve.h	\
-	roken-common.h	\
-	roken.h		\
-	sha.h		\
-	sl.h		\
-	xdbm.h
-
-subdir = include
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES =
-noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-bits_SOURCES = bits.c
-bits_OBJECTS = bits.$(OBJEXT)
-bits_LDADD = $(LDADD)
-bits_DEPENDENCIES =
-bits_LDFLAGS =
-make_crypto_SOURCES = make_crypto.c
-make_crypto_OBJECTS = make_crypto.$(OBJEXT)
-make_crypto_LDADD = $(LDADD)
-make_crypto_DEPENDENCIES =
-make_crypto_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I.
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = bits.c make_crypto.c
-HEADERS = $(include_HEADERS) $(noinst_HEADERS)
-
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) Makefile.am \
-	Makefile.in
-DIST_SUBDIRS = $(SUBDIRS)
-SOURCES = bits.c make_crypto.c
-
-all: config.h
-	$(MAKE) $(AM_MAKEFLAGS) all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  include/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-config.h: stamp-h1
-	@if test ! -f $@; then \
-	  rm -f stamp-h1; \
-	  $(MAKE) stamp-h1; \
-	else :; fi
-
-stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
-	@rm -f stamp-h1
-	cd $(top_builddir) && $(SHELL) ./config.status include/config.h
-
-$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(top_srcdir)/configure.in $(ACLOCAL_M4) 
-	cd $(top_srcdir) && $(AUTOHEADER)
-	touch $(srcdir)/config.h.in
-
-distclean-hdr:
-	-rm -f config.h
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES) 
-	@rm -f bits$(EXEEXT)
-	$(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
-make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES) 
-	@rm -f make_crypto$(EXEEXT)
-	$(LINK) $(make_crypto_LDFLAGS) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile $(PROGRAMS) $(HEADERS) config.h all-local
-installdirs: installdirs-recursive
-installdirs-am:
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-compile distclean-generic distclean-hdr \
-	distclean-libtool distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool \
-	clean-noinstPROGRAMS clean-recursive distclean \
-	distclean-compile distclean-generic distclean-hdr \
-	distclean-libtool distclean-recursive distclean-tags distdir \
-	dvi dvi-am dvi-recursive info info-am info-recursive install \
-	install-am install-data install-data-am install-data-recursive \
-	install-exec install-exec-am install-exec-recursive \
-	install-includeHEADERS install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	mostlyclean-recursive tags tags-recursive uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-krb5-types.h: bits$(EXEEXT)
-	./bits$(EXEEXT) krb5-types.h
-
-crypto-headers.h: make_crypto$(EXEEXT)
-	./make_crypto$(EXEEXT) crypto-headers.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/base64.h b/crypto/heimdal/include/base64.h
deleted file mode 100644
index 5ad1e3b18ea9..000000000000
--- a/crypto/heimdal/include/base64.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: base64.h,v 1.2 1999/12/02 16:58:45 joda Exp $ */
-
-#ifndef _BASE64_H_
-#define _BASE64_H_
-
-int base64_encode(const void *data, int size, char **str);
-int base64_decode(const char *str, void *data);
-
-#endif
diff --git a/crypto/heimdal/include/bits b/crypto/heimdal/include/bits
deleted file mode 100755
index 8ac06d01b41b..000000000000
--- a/crypto/heimdal/include/bits
+++ /dev/null
diff --git a/crypto/heimdal/include/bits.c b/crypto/heimdal/include/bits.c
deleted file mode 100644
index 3c517424fbe6..000000000000
--- a/crypto/heimdal/include/bits.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: bits.c,v 1.22 2002/08/28 16:08:44 joda Exp $");
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#define BITSIZE(TYPE)						\
-{								\
-    int b = 0; TYPE x = 1, zero = 0; const char *pre = "u";	\
-    char tmp[128], tmp2[128];					\
-    while(x){ x <<= 1; b++; if(x < zero) pre=""; }		\
-    if(b >= len){						\
-        int tabs;						\
-	sprintf(tmp, "%sint%d_t" , pre, len);			\
-	sprintf(tmp2, "typedef %s %s;", #TYPE, tmp);		\
-	tabs = 5 - strlen(tmp2) / 8;				\
-        fprintf(f, "%s", tmp2);					\
-	while(tabs-- > 0) fprintf(f, "\t");			\
-	fprintf(f, "/* %2d bits */\n", b);			\
-        return;                                                 \
-    }								\
-}
-
-#ifndef HAVE___ATTRIBUTE__
-#define __attribute__(x)
-#endif
-
-static void
-try_signed(FILE *f, int len)  __attribute__ ((unused));
-
-static void
-try_unsigned(FILE *f, int len) __attribute__ ((unused));
-
-static int
-print_bt(FILE *f, int flag) __attribute__ ((unused));
-
-static void
-try_signed(FILE *f, int len)
-{
-    BITSIZE(signed char);
-    BITSIZE(short);
-    BITSIZE(int);
-    BITSIZE(long);
-#ifdef HAVE_LONG_LONG
-    BITSIZE(long long);
-#endif
-    fprintf(f, "/* There is no %d bit type */\n", len);
-}
-
-static void
-try_unsigned(FILE *f, int len)
-{
-    BITSIZE(unsigned char);
-    BITSIZE(unsigned short);
-    BITSIZE(unsigned int);
-    BITSIZE(unsigned long);
-#ifdef HAVE_LONG_LONG
-    BITSIZE(unsigned long long);
-#endif
-    fprintf(f, "/* There is no %d bit type */\n", len);
-}
-
-static int
-print_bt(FILE *f, int flag)
-{
-    if(flag == 0){
-	fprintf(f, "/* For compatibility with various type definitions */\n");
-	fprintf(f, "#ifndef __BIT_TYPES_DEFINED__\n");
-	fprintf(f, "#define __BIT_TYPES_DEFINED__\n");
-	fprintf(f, "\n");
-    }
-    return 1;
-}
-
-int main(int argc, char **argv)
-{
-    FILE *f;
-    int flag;
-    char *fn, *hb;
-    
-    if(argc < 2){
-	fn = "bits.h";
-	hb = "__BITS_H__";
-	f = stdout;
-    } else {
-	char *p;
-	fn = argv[1];
-	hb = malloc(strlen(fn) + 5);
-	sprintf(hb, "__%s__", fn);
-	for(p = hb; *p; p++){
-	    if(!isalnum((unsigned char)*p))
-		*p = '_';
-	}
-	f = fopen(argv[1], "w");
-    }
-    fprintf(f, "/* %s -- this file was generated for %s by\n", fn, HOST);
-    fprintf(f, "   %*s    %s */\n\n", (int)strlen(fn), "", 
-	    "$Id: bits.c,v 1.22 2002/08/28 16:08:44 joda Exp $");
-    fprintf(f, "#ifndef %s\n", hb);
-    fprintf(f, "#define %s\n", hb);
-    fprintf(f, "\n");
-#ifdef HAVE_INTTYPES_H
-    fprintf(f, "#include <inttypes.h>\n");
-#endif
-#ifdef HAVE_SYS_TYPES_H
-    fprintf(f, "#include <sys/types.h>\n");
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-    fprintf(f, "#include <sys/bitypes.h>\n");
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-    fprintf(f, "#include <bind/bitypes.h>\n");
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-    fprintf(f, "#include <netinet/in6_machtypes.h>\n");
-#endif
-#ifdef HAVE_SOCKLEN_T
-    fprintf(f, "#include <sys/socket.h>\n");
-#endif
-    fprintf(f, "\n");
-
-    flag = 0;
-#ifndef HAVE_INT8_T
-    flag = print_bt(f, flag);
-    try_signed (f, 8);
-#endif /* HAVE_INT8_T */
-#ifndef HAVE_INT16_T
-    flag = print_bt(f, flag);
-    try_signed (f, 16);
-#endif /* HAVE_INT16_T */
-#ifndef HAVE_INT32_T
-    flag = print_bt(f, flag);
-    try_signed (f, 32);
-#endif /* HAVE_INT32_T */
-#if 0
-#ifndef HAVE_INT64_T
-    flag = print_bt(f, flag);
-    try_signed (f, 64);
-#endif /* HAVE_INT64_T */
-#endif
-
-#ifndef HAVE_UINT8_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 8);
-#endif /* HAVE_UINT8_T */
-#ifndef HAVE_UINT16_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 16);
-#endif /* HAVE_UINT16_T */
-#ifndef HAVE_UINT32_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 32);
-#endif /* HAVE_UINT32_T */
-#if 0
-#ifndef HAVE_UINT64_T
-    flag = print_bt(f, flag);
-    try_unsigned (f, 64);
-#endif /* HAVE_UINT64_T */
-#endif
-
-#define X(S) fprintf(f, "typedef uint" #S "_t u_int" #S "_t;\n")
-#ifndef HAVE_U_INT8_T
-    flag = print_bt(f, flag);
-    X(8);
-#endif /* HAVE_U_INT8_T */
-#ifndef HAVE_U_INT16_T
-    flag = print_bt(f, flag);
-    X(16);
-#endif /* HAVE_U_INT16_T */
-#ifndef HAVE_U_INT32_T
-    flag = print_bt(f, flag);
-    X(32);
-#endif /* HAVE_U_INT32_T */
-#if 0
-#ifndef HAVE_U_INT64_T
-    flag = print_bt(f, flag);
-    X(64);
-#endif /* HAVE_U_INT64_T */
-#endif
-
-    if(flag){
-	fprintf(f, "\n");
-	fprintf(f, "#endif /* __BIT_TYPES_DEFINED__ */\n\n");
-    }
-#ifdef KRB5
-    fprintf(f, "\n");
-#if defined(HAVE_SOCKLEN_T)
-    fprintf(f, "typedef socklen_t krb5_socklen_t;\n");
-#else
-    fprintf(f, "typedef int krb5_socklen_t;\n");
-#endif
-#if defined(HAVE_SSIZE_T)
-#ifdef HAVE_UNISTD_H
-    fprintf(f, "#include <unistd.h>\n");
-#endif
-    fprintf(f, "typedef ssize_t krb5_ssize_t;\n");
-#else
-    fprintf(f, "typedef int krb5_ssize_t;\n");
-#endif
-    fprintf(f, "\n");
-#endif /* KRB5 */
-    fprintf(f, "#endif /* %s */\n", hb);
-    return 0;
-}
diff --git a/crypto/heimdal/include/config.h b/crypto/heimdal/include/config.h
deleted file mode 100644
index 857270b01987..000000000000
--- a/crypto/heimdal/include/config.h
+++ /dev/null
@@ -1,1399 +0,0 @@
-/* include/config.h.  Generated by configure.  */
-/* include/config.h.in.  Generated from configure.in by autoheader.  */
-
-#ifndef RCSID
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-
-
-/* Define if you want authentication support in telnet. */
-#define AUTHENTICATION 1
-
-/* path to bin */
-#define BINDIR "/usr/heimdal/bin"
-
-/* Define if realloc(NULL) doesn't work. */
-/* #undef BROKEN_REALLOC */
-
-/* Define if you want support for DCE/DFS PAG's. */
-/* #undef DCE */
-
-/* Define if you want to use DES encryption in telnet. */
-#define DES_ENCRYPTION 1
-
-/* Define this to enable diagnostics in telnet. */
-#define DIAGNOSTICS 1
-
-/* Define if you want encryption support in telnet. */
-#define ENCRYPTION 1
-
-/* define if sys/param.h defines the endiness */
-#define ENDIANESS_IN_SYS_PARAM_H 1
-
-/* Define this if you want support for broken ENV_{VAR,VAL} telnets. */
-/* #undef ENV_HACK */
-
-/* define if prototype of gethostbyaddr is compatible with struct hostent
-   *gethostbyaddr(const void *, size_t, int) */
-/* #undef GETHOSTBYADDR_PROTO_COMPATIBLE */
-
-/* define if prototype of gethostbyname is compatible with struct hostent
-   *gethostbyname(const char *) */
-#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
-
-/* define if prototype of getservbyname is compatible with struct servent
-   *getservbyname(const char *, const char *) */
-#define GETSERVBYNAME_PROTO_COMPATIBLE 1
-
-/* define if prototype of getsockname is compatible with int getsockname(int,
-   struct sockaddr*, socklen_t*) */
-#define GETSOCKNAME_PROTO_COMPATIBLE 1
-
-/* Define if you have the `altzone' variable. */
-/* #undef HAVE_ALTZONE */
-
-/* define if your system declares altzone */
-/* #undef HAVE_ALTZONE_DECLARATION */
-
-/* Define to 1 if you have the <arpa/ftp.h> header file. */
-#define HAVE_ARPA_FTP_H 1
-
-/* Define to 1 if you have the <arpa/inet.h> header file. */
-#define HAVE_ARPA_INET_H 1
-
-/* Define to 1 if you have the <arpa/nameser.h> header file. */
-#define HAVE_ARPA_NAMESER_H 1
-
-/* Define to 1 if you have the <arpa/telnet.h> header file. */
-#define HAVE_ARPA_TELNET_H 1
-
-/* Define to 1 if you have the `asnprintf' function. */
-/* #undef HAVE_ASNPRINTF */
-
-/* Define to 1 if you have the `asprintf' function. */
-#define HAVE_ASPRINTF 1
-
-/* Define to 1 if you have the `atexit' function. */
-#define HAVE_ATEXIT 1
-
-/* Define to 1 if you have the <bind/bitypes.h> header file. */
-/* #undef HAVE_BIND_BITYPES_H */
-
-/* Define to 1 if you have the <bsdsetjmp.h> header file. */
-/* #undef HAVE_BSDSETJMP_H */
-
-/* Define to 1 if you have the `bswap16' function. */
-/* #undef HAVE_BSWAP16 */
-
-/* Define to 1 if you have the `bswap32' function. */
-/* #undef HAVE_BSWAP32 */
-
-/* Define to 1 if you have the <capability.h> header file. */
-/* #undef HAVE_CAPABILITY_H */
-
-/* Define to 1 if you have the `cap_set_proc' function. */
-/* #undef HAVE_CAP_SET_PROC */
-
-/* Define to 1 if you have the `cgetent' function. */
-#define HAVE_CGETENT 1
-
-/* Define if you have the function `chown'. */
-#define HAVE_CHOWN 1
-
-/* Define to 1 if you have the <config.h> header file. */
-/* #undef HAVE_CONFIG_H */
-
-/* Define if you have the function `copyhostent'. */
-/* #undef HAVE_COPYHOSTENT */
-
-/* Define to 1 if you have the `crypt' function. */
-#define HAVE_CRYPT 1
-
-/* Define to 1 if you have the <crypt.h> header file. */
-/* #undef HAVE_CRYPT_H */
-
-/* Define to 1 if you have the <curses.h> header file. */
-#define HAVE_CURSES_H 1
-
-/* Define if you have the function `daemon'. */
-#define HAVE_DAEMON 1
-
-/* define if you have a berkeley db1/2 library */
-#define HAVE_DB1 1
-
-/* define if you have a berkeley db3/4 library */
-/* #undef HAVE_DB3 */
-
-/* Define to 1 if you have the <db3/db.h> header file. */
-/* #undef HAVE_DB3_DB_H */
-
-/* Define to 1 if you have the <db4/db.h> header file. */
-/* #undef HAVE_DB4_DB_H */
-
-/* Define to 1 if you have the `dbm_firstkey' function. */
-#define HAVE_DBM_FIRSTKEY 1
-
-/* Define to 1 if you have the <dbm.h> header file. */
-/* #undef HAVE_DBM_H */
-
-/* Define to 1 if you have the `dbopen' function. */
-#define HAVE_DBOPEN 1
-
-/* Define to 1 if you have the <db_185.h> header file. */
-/* #undef HAVE_DB_185_H */
-
-/* Define to 1 if you have the `db_create' function. */
-/* #undef HAVE_DB_CREATE */
-
-/* Define to 1 if you have the <db.h> header file. */
-#define HAVE_DB_H 1
-
-/* define if you have ndbm compat in db */
-/* #undef HAVE_DB_NDBM */
-
-/* Define to 1 if you have the <dirent.h> header file. */
-#define HAVE_DIRENT_H 1
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#define HAVE_DLFCN_H 1
-
-/* Define to 1 if you have the `dlopen' function. */
-#define HAVE_DLOPEN 1
-
-/* Define to 1 if you have the `dn_expand' function. */
-#define HAVE_DN_EXPAND 1
-
-/* Define if you have the function `ecalloc'. */
-/* #undef HAVE_ECALLOC */
-
-/* Define to 1 if you have the `el_init' function. */
-#define HAVE_EL_INIT 1
-
-/* Define if you have the function `emalloc'. */
-/* #undef HAVE_EMALLOC */
-
-/* define if your system declares environ */
-/* #undef HAVE_ENVIRON_DECLARATION */
-
-/* Define if you have the function `erealloc'. */
-/* #undef HAVE_EREALLOC */
-
-/* Define if you have the function `err'. */
-#define HAVE_ERR 1
-
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H 1
-
-/* Define if you have the function `errx'. */
-#define HAVE_ERRX 1
-
-/* Define to 1 if you have the <err.h> header file. */
-#define HAVE_ERR_H 1
-
-/* Define if you have the function `estrdup'. */
-/* #undef HAVE_ESTRDUP */
-
-/* Define if you have the function `fchown'. */
-#define HAVE_FCHOWN 1
-
-/* Define to 1 if you have the `fcntl' function. */
-#define HAVE_FCNTL 1
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#define HAVE_FCNTL_H 1
-
-/* Define if you have the function `flock'. */
-#define HAVE_FLOCK 1
-
-/* Define if you have the function `fnmatch'. */
-#define HAVE_FNMATCH 1
-
-/* Define to 1 if you have the <fnmatch.h> header file. */
-#define HAVE_FNMATCH_H 1
-
-/* Define if el_init takes four arguments. */
-#define HAVE_FOUR_VALUED_EL_INIT 1
-
-/* define if krb_put_int takes four arguments. */
-/* #undef HAVE_FOUR_VALUED_KRB_PUT_INT */
-
-/* Define to 1 if you have the `freeaddrinfo' function. */
-#define HAVE_FREEADDRINFO 1
-
-/* Define if you have the function `freehostent'. */
-#define HAVE_FREEHOSTENT 1
-
-/* Define to 1 if you have the `gai_strerror' function. */
-#define HAVE_GAI_STRERROR 1
-
-/* Define to 1 if you have the <gdbm/ndbm.h> header file. */
-/* #undef HAVE_GDBM_NDBM_H */
-
-/* Define to 1 if you have the `getaddrinfo' function. */
-#define HAVE_GETADDRINFO 1
-
-/* Define to 1 if you have the `getconfattr' function. */
-/* #undef HAVE_GETCONFATTR */
-
-/* Define if you have the function `getcwd'. */
-#define HAVE_GETCWD 1
-
-/* Define if you have the function `getdtablesize'. */
-#define HAVE_GETDTABLESIZE 1
-
-/* Define if you have the function `getegid'. */
-#define HAVE_GETEGID 1
-
-/* Define if you have the function `geteuid'. */
-#define HAVE_GETEUID 1
-
-/* Define if you have the function `getgid'. */
-#define HAVE_GETGID 1
-
-/* Define to 1 if you have the `gethostbyname' function. */
-#define HAVE_GETHOSTBYNAME 1
-
-/* Define to 1 if you have the `gethostbyname2' function. */
-#define HAVE_GETHOSTBYNAME2 1
-
-/* Define if you have the function `gethostname'. */
-#define HAVE_GETHOSTNAME 1
-
-/* Define if you have the function `getifaddrs'. */
-#define HAVE_GETIFADDRS 1
-
-/* Define if you have the function `getipnodebyaddr'. */
-#define HAVE_GETIPNODEBYADDR 1
-
-/* Define if you have the function `getipnodebyname'. */
-#define HAVE_GETIPNODEBYNAME 1
-
-/* Define to 1 if you have the `getlogin' function. */
-#define HAVE_GETLOGIN 1
-
-/* Define if you have a working getmsg. */
-/* #undef HAVE_GETMSG */
-
-/* Define to 1 if you have the `getnameinfo' function. */
-#define HAVE_GETNAMEINFO 1
-
-/* Define if you have the function `getopt'. */
-#define HAVE_GETOPT 1
-
-/* Define to 1 if you have the `getprogname' function. */
-#define HAVE_GETPROGNAME 1
-
-/* Define to 1 if you have the `getpwnam_r' function. */
-/* #undef HAVE_GETPWNAM_R */
-
-/* Define to 1 if you have the `getrlimit' function. */
-#define HAVE_GETRLIMIT 1
-
-/* Define to 1 if you have the `getsockopt' function. */
-#define HAVE_GETSOCKOPT 1
-
-/* Define to 1 if you have the `getspnam' function. */
-/* #undef HAVE_GETSPNAM */
-
-/* Define if you have the function `gettimeofday'. */
-#define HAVE_GETTIMEOFDAY 1
-
-/* Define to 1 if you have the `getudbnam' function. */
-/* #undef HAVE_GETUDBNAM */
-
-/* Define if you have the function `getuid'. */
-#define HAVE_GETUID 1
-
-/* Define if you have the function `getusershell'. */
-#define HAVE_GETUSERSHELL 1
-
-/* define if you have a glob() that groks GLOB_BRACE, GLOB_NOCHECK,
-   GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT */
-#define HAVE_GLOB 1
-
-/* Define to 1 if you have the `grantpt' function. */
-/* #undef HAVE_GRANTPT */
-
-/* Define to 1 if you have the <grp.h> header file. */
-#define HAVE_GRP_H 1
-
-/* Define to 1 if you have the `hstrerror' function. */
-#define HAVE_HSTRERROR 1
-
-/* Define if you have the `h_errlist' variable. */
-#define HAVE_H_ERRLIST 1
-
-/* define if your system declares h_errlist */
-/* #undef HAVE_H_ERRLIST_DECLARATION */
-
-/* Define if you have the `h_errno' variable. */
-#define HAVE_H_ERRNO 1
-
-/* define if your system declares h_errno */
-#define HAVE_H_ERRNO_DECLARATION 1
-
-/* Define if you have the `h_nerr' variable. */
-#define HAVE_H_NERR 1
-
-/* define if your system declares h_nerr */
-/* #undef HAVE_H_NERR_DECLARATION */
-
-/* Define to 1 if you have the <ifaddrs.h> header file. */
-#define HAVE_IFADDRS_H 1
-
-/* Define if you have the in6addr_loopback variable */
-#define HAVE_IN6ADDR_LOOPBACK 1
-
-/* define */
-#define HAVE_INET_ATON 1
-
-/* define */
-#define HAVE_INET_NTOP 1
-
-/* define */
-#define HAVE_INET_PTON 1
-
-/* Define if you have the function `initgroups'. */
-#define HAVE_INITGROUPS 1
-
-/* Define to 1 if you have the `initstate' function. */
-#define HAVE_INITSTATE 1
-
-/* Define if you have the function `innetgr'. */
-#define HAVE_INNETGR 1
-
-/* Define to 1 if the system has the type `int16_t'. */
-#define HAVE_INT16_T 1
-
-/* Define to 1 if the system has the type `int32_t'. */
-#define HAVE_INT32_T 1
-
-/* Define to 1 if the system has the type `int64_t'. */
-#define HAVE_INT64_T 1
-
-/* Define to 1 if the system has the type `int8_t'. */
-#define HAVE_INT8_T 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* Define to 1 if you have the <io.h> header file. */
-/* #undef HAVE_IO_H */
-
-/* Define if you have IPv6. */
-#define HAVE_IPV6 1
-
-/* Define if you have the function `iruserok'. */
-#define HAVE_IRUSEROK 1
-
-/* Define to 1 if you have the `issetugid' function. */
-#define HAVE_ISSETUGID 1
-
-/* Define to 1 if you have the `krb_disable_debug' function. */
-/* #undef HAVE_KRB_DISABLE_DEBUG */
-
-/* Define to 1 if you have the `krb_enable_debug' function. */
-/* #undef HAVE_KRB_ENABLE_DEBUG */
-
-/* Define to 1 if you have the `krb_get_kdc_time_diff' function. */
-/* #undef HAVE_KRB_GET_KDC_TIME_DIFF */
-
-/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
-/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */
-
-/* Define to 1 if you have the `krb_kdctimeofday' function. */
-/* #undef HAVE_KRB_KDCTIMEOFDAY */
-
-/* Define to 1 if you have the <libutil.h> header file. */
-#define HAVE_LIBUTIL_H 1
-
-/* Define to 1 if you have the <limits.h> header file. */
-#define HAVE_LIMITS_H 1
-
-/* Define to 1 if you have the `loadquery' function. */
-/* #undef HAVE_LOADQUERY */
-
-/* Define if you have the function `localtime_r'. */
-#define HAVE_LOCALTIME_R 1
-
-/* Define to 1 if you have the `logout' function. */
-#define HAVE_LOGOUT 1
-
-/* Define to 1 if you have the `logwtmp' function. */
-#define HAVE_LOGWTMP 1
-
-/* Define to 1 if the system has the type `long long'. */
-#define HAVE_LONG_LONG 1
-
-/* Define if you have the function `lstat'. */
-#define HAVE_LSTAT 1
-
-/* Define to 1 if you have the <maillock.h> header file. */
-/* #undef HAVE_MAILLOCK_H */
-
-/* Define if you have the function `memmove'. */
-#define HAVE_MEMMOVE 1
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define if you have the function `mkstemp'. */
-#define HAVE_MKSTEMP 1
-
-/* Define to 1 if you have the `mktime' function. */
-#define HAVE_MKTIME 1
-
-/* define if you have a ndbm library */
-#define HAVE_NDBM 1
-
-/* Define to 1 if you have the <ndbm.h> header file. */
-#define HAVE_NDBM_H 1
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#define HAVE_NETDB_H 1
-
-/* Define to 1 if you have the <netinet6/in6.h> header file. */
-/* #undef HAVE_NETINET6_IN6_H */
-
-/* Define to 1 if you have the <netinet6/in6_var.h> header file. */
-#define HAVE_NETINET6_IN6_VAR_H 1
-
-/* Define to 1 if you have the <netinet/in6.h> header file. */
-/* #undef HAVE_NETINET_IN6_H */
-
-/* Define to 1 if you have the <netinet/in6_machtypes.h> header file. */
-/* #undef HAVE_NETINET_IN6_MACHTYPES_H */
-
-/* Define to 1 if you have the <netinet/in.h> header file. */
-#define HAVE_NETINET_IN_H 1
-
-/* Define to 1 if you have the <netinet/in_systm.h> header file. */
-#define HAVE_NETINET_IN_SYSTM_H 1
-
-/* Define to 1 if you have the <netinet/ip.h> header file. */
-#define HAVE_NETINET_IP_H 1
-
-/* Define to 1 if you have the <netinet/tcp.h> header file. */
-#define HAVE_NETINET_TCP_H 1
-
-/* Define if you want to use Netinfo instead of krb5.conf. */
-/* #undef HAVE_NETINFO */
-
-/* Define to 1 if you have the <netinfo/ni.h> header file. */
-/* #undef HAVE_NETINFO_NI_H */
-
-/* Define to 1 if you have the <net/if.h> header file. */
-#define HAVE_NET_IF_H 1
-
-/* Define if NDBM really is DB (creates files *.db) */
-#define HAVE_NEW_DB 1
-
-/* Define to 1 if you have the `on_exit' function. */
-/* #undef HAVE_ON_EXIT */
-
-/* Define to 1 if you have the `openpty' function. */
-#define HAVE_OPENPTY 1
-
-/* define to use openssl's libcrypto */
-#define HAVE_OPENSSL 1
-
-/* define if your system declares optarg */
-#define HAVE_OPTARG_DECLARATION 1
-
-/* define if your system declares opterr */
-#define HAVE_OPTERR_DECLARATION 1
-
-/* define if your system declares optind */
-#define HAVE_OPTIND_DECLARATION 1
-
-/* define if your system declares optopt */
-#define HAVE_OPTOPT_DECLARATION 1
-
-/* Define to enable basic OSF C2 support. */
-/* #undef HAVE_OSFC2 */
-
-/* Define to 1 if you have the <paths.h> header file. */
-#define HAVE_PATHS_H 1
-
-/* Define to 1 if you have the `pidfile' function. */
-/* #undef HAVE_PIDFILE */
-
-/* Define to 1 if you have the <pthread.h> header file. */
-#define HAVE_PTHREAD_H 1
-
-/* Define to 1 if you have the `ptsname' function. */
-/* #undef HAVE_PTSNAME */
-
-/* Define to 1 if you have the <pty.h> header file. */
-/* #undef HAVE_PTY_H */
-
-/* Define if you have the function `putenv'. */
-#define HAVE_PUTENV 1
-
-/* Define to 1 if you have the <pwd.h> header file. */
-#define HAVE_PWD_H 1
-
-/* Define to 1 if you have the `rand' function. */
-#define HAVE_RAND 1
-
-/* Define to 1 if you have the `random' function. */
-#define HAVE_RANDOM 1
-
-/* Define if you have the function `rcmd'. */
-#define HAVE_RCMD 1
-
-/* Define if you have a readline compatible library. */
-#define HAVE_READLINE 1
-
-/* Define if you have the function `readv'. */
-#define HAVE_READV 1
-
-/* Define if you have the function `recvmsg'. */
-#define HAVE_RECVMSG 1
-
-/* Define to 1 if you have the <resolv.h> header file. */
-#define HAVE_RESOLV_H 1
-
-/* Define to 1 if you have the `res_search' function. */
-#define HAVE_RES_SEARCH 1
-
-/* Define to 1 if you have the `revoke' function. */
-#define HAVE_REVOKE 1
-
-/* Define to 1 if you have the <rpcsvc/ypclnt.h> header file. */
-#define HAVE_RPCSVC_YPCLNT_H 1
-
-/* Define to 1 if you have the <sac.h> header file. */
-/* #undef HAVE_SAC_H */
-
-/* Define to 1 if the system has the type `sa_family_t'. */
-#define HAVE_SA_FAMILY_T 1
-
-/* Define to 1 if you have the <security/pam_modules.h> header file. */
-#define HAVE_SECURITY_PAM_MODULES_H 1
-
-/* Define to 1 if you have the `select' function. */
-#define HAVE_SELECT 1
-
-/* Define if you have the function `sendmsg'. */
-#define HAVE_SENDMSG 1
-
-/* Define if you have the function `setegid'. */
-#define HAVE_SETEGID 1
-
-/* Define if you have the function `setenv'. */
-#define HAVE_SETENV 1
-
-/* Define if you have the function `seteuid'. */
-#define HAVE_SETEUID 1
-
-/* Define to 1 if you have the `setitimer' function. */
-#define HAVE_SETITIMER 1
-
-/* Define to 1 if you have the `setlim' function. */
-/* #undef HAVE_SETLIM */
-
-/* Define to 1 if you have the `setlogin' function. */
-#define HAVE_SETLOGIN 1
-
-/* Define to 1 if you have the `setpcred' function. */
-/* #undef HAVE_SETPCRED */
-
-/* Define to 1 if you have the `setpgid' function. */
-#define HAVE_SETPGID 1
-
-/* Define to 1 if you have the `setproctitle' function. */
-#define HAVE_SETPROCTITLE 1
-
-/* Define to 1 if you have the `setprogname' function. */
-#define HAVE_SETPROGNAME 1
-
-/* Define to 1 if you have the `setregid' function. */
-#define HAVE_SETREGID 1
-
-/* Define to 1 if you have the `setresgid' function. */
-#define HAVE_SETRESGID 1
-
-/* Define to 1 if you have the `setresuid' function. */
-#define HAVE_SETRESUID 1
-
-/* Define to 1 if you have the `setreuid' function. */
-#define HAVE_SETREUID 1
-
-/* Define to 1 if you have the `setsid' function. */
-#define HAVE_SETSID 1
-
-/* Define to 1 if you have the `setsockopt' function. */
-#define HAVE_SETSOCKOPT 1
-
-/* Define to 1 if you have the `setstate' function. */
-#define HAVE_SETSTATE 1
-
-/* Define to 1 if you have the `setutent' function. */
-/* #undef HAVE_SETUTENT */
-
-/* Define to 1 if you have the `sgi_getcapabilitybyname' function. */
-/* #undef HAVE_SGI_GETCAPABILITYBYNAME */
-
-/* Define to 1 if you have the <sgtty.h> header file. */
-#define HAVE_SGTTY_H 1
-
-/* Define to 1 if you have the <shadow.h> header file. */
-/* #undef HAVE_SHADOW_H */
-
-/* Define to 1 if you have the <siad.h> header file. */
-/* #undef HAVE_SIAD_H */
-
-/* Define to 1 if you have the `sigaction' function. */
-#define HAVE_SIGACTION 1
-
-/* Define to 1 if you have the <signal.h> header file. */
-#define HAVE_SIGNAL_H 1
-
-/* define if you have a working snprintf */
-#define HAVE_SNPRINTF 1
-
-/* Define to 1 if you have the `socket' function. */
-#define HAVE_SOCKET 1
-
-/* Define to 1 if the system has the type `socklen_t'. */
-#define HAVE_SOCKLEN_T 1
-
-/* Define to 1 if the system has the type `ssize_t'. */
-#define HAVE_SSIZE_T 1
-
-/* Define to 1 if you have the <standards.h> header file. */
-/* #undef HAVE_STANDARDS_H */
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define if you have the function `strcasecmp'. */
-#define HAVE_STRCASECMP 1
-
-/* Define if you have the function `strdup'. */
-#define HAVE_STRDUP 1
-
-/* Define if you have the function `strerror'. */
-#define HAVE_STRERROR 1
-
-/* Define if you have the function `strftime'. */
-#define HAVE_STRFTIME 1
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define if you have the function `strlcat'. */
-#define HAVE_STRLCAT 1
-
-/* Define if you have the function `strlcpy'. */
-#define HAVE_STRLCPY 1
-
-/* Define if you have the function `strlwr'. */
-/* #undef HAVE_STRLWR */
-
-/* Define if you have the function `strncasecmp'. */
-#define HAVE_STRNCASECMP 1
-
-/* Define if you have the function `strndup'. */
-/* #undef HAVE_STRNDUP */
-
-/* Define if you have the function `strnlen'. */
-/* #undef HAVE_STRNLEN */
-
-/* Define to 1 if you have the <stropts.h> header file. */
-/* #undef HAVE_STROPTS_H */
-
-/* Define if you have the function `strptime'. */
-#define HAVE_STRPTIME 1
-
-/* Define if you have the function `strsep'. */
-#define HAVE_STRSEP 1
-
-/* Define if you have the function `strsep_copy'. */
-/* #undef HAVE_STRSEP_COPY */
-
-/* Define to 1 if you have the `strstr' function. */
-#define HAVE_STRSTR 1
-
-/* Define to 1 if you have the `strsvis' function. */
-/* #undef HAVE_STRSVIS */
-
-/* Define if you have the function `strtok_r'. */
-#define HAVE_STRTOK_R 1
-
-/* Define to 1 if the system has the type `struct addrinfo'. */
-#define HAVE_STRUCT_ADDRINFO 1
-
-/* Define to 1 if the system has the type `struct ifaddrs'. */
-#define HAVE_STRUCT_IFADDRS 1
-
-/* Define to 1 if the system has the type `struct iovec'. */
-#define HAVE_STRUCT_IOVEC 1
-
-/* Define to 1 if the system has the type `struct msghdr'. */
-#define HAVE_STRUCT_MSGHDR 1
-
-/* Define to 1 if the system has the type `struct sockaddr'. */
-#define HAVE_STRUCT_SOCKADDR 1
-
-/* Define if struct sockaddr has field sa_len. */
-#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
-
-/* Define to 1 if the system has the type `struct sockaddr_storage'. */
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-
-/* define if you have struct spwd */
-/* #undef HAVE_STRUCT_SPWD */
-
-/* Define if struct tm has field tm_gmtoff. */
-#define HAVE_STRUCT_TM_TM_GMTOFF 1
-
-/* Define if struct tm has field tm_zone. */
-#define HAVE_STRUCT_TM_TM_ZONE 1
-
-/* Define if struct utmpx has field ut_exit. */
-/* #undef HAVE_STRUCT_UTMPX_UT_EXIT */
-
-/* Define if struct utmpx has field ut_syslen. */
-/* #undef HAVE_STRUCT_UTMPX_UT_SYSLEN */
-
-/* Define if struct utmp has field ut_addr. */
-/* #undef HAVE_STRUCT_UTMP_UT_ADDR */
-
-/* Define if struct utmp has field ut_host. */
-/* #undef HAVE_STRUCT_UTMP_UT_HOST */
-
-/* Define if struct utmp has field ut_id. */
-/* #undef HAVE_STRUCT_UTMP_UT_ID */
-
-/* Define if struct utmp has field ut_pid. */
-/* #undef HAVE_STRUCT_UTMP_UT_PID */
-
-/* Define if struct utmp has field ut_type. */
-/* #undef HAVE_STRUCT_UTMP_UT_TYPE */
-
-/* Define if struct utmp has field ut_user. */
-/* #undef HAVE_STRUCT_UTMP_UT_USER */
-
-/* define if struct winsize is declared in sys/termios.h */
-#define HAVE_STRUCT_WINSIZE 1
-
-/* Define to 1 if you have the `strunvis' function. */
-#define HAVE_STRUNVIS 1
-
-/* Define if you have the function `strupr'. */
-/* #undef HAVE_STRUPR */
-
-/* Define to 1 if you have the `strvis' function. */
-#define HAVE_STRVIS 1
-
-/* Define to 1 if you have the `strvisx' function. */
-#define HAVE_STRVISX 1
-
-/* Define to 1 if you have the `svis' function. */
-/* #undef HAVE_SVIS */
-
-/* Define if you have the function `swab'. */
-#define HAVE_SWAB 1
-
-/* Define to 1 if you have the `sysconf' function. */
-#define HAVE_SYSCONF 1
-
-/* Define to 1 if you have the `sysctl' function. */
-#define HAVE_SYSCTL 1
-
-/* Define to 1 if you have the `syslog' function. */
-#define HAVE_SYSLOG 1
-
-/* Define to 1 if you have the <syslog.h> header file. */
-#define HAVE_SYSLOG_H 1
-
-/* Define to 1 if you have the <sys/bitypes.h> header file. */
-/* #undef HAVE_SYS_BITYPES_H */
-
-/* Define to 1 if you have the <sys/bswap.h> header file. */
-/* #undef HAVE_SYS_BSWAP_H */
-
-/* Define to 1 if you have the <sys/capability.h> header file. */
-#define HAVE_SYS_CAPABILITY_H 1
-
-/* Define to 1 if you have the <sys/category.h> header file. */
-/* #undef HAVE_SYS_CATEGORY_H */
-
-/* Define to 1 if you have the <sys/file.h> header file. */
-#define HAVE_SYS_FILE_H 1
-
-/* Define to 1 if you have the <sys/filio.h> header file. */
-#define HAVE_SYS_FILIO_H 1
-
-/* Define to 1 if you have the <sys/ioccom.h> header file. */
-#define HAVE_SYS_IOCCOM_H 1
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#define HAVE_SYS_IOCTL_H 1
-
-/* Define to 1 if you have the <sys/param.h> header file. */
-#define HAVE_SYS_PARAM_H 1
-
-/* Define to 1 if you have the <sys/proc.h> header file. */
-#define HAVE_SYS_PROC_H 1
-
-/* Define to 1 if you have the <sys/ptyio.h> header file. */
-/* #undef HAVE_SYS_PTYIO_H */
-
-/* Define to 1 if you have the <sys/ptyvar.h> header file. */
-/* #undef HAVE_SYS_PTYVAR_H */
-
-/* Define to 1 if you have the <sys/pty.h> header file. */
-/* #undef HAVE_SYS_PTY_H */
-
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#define HAVE_SYS_RESOURCE_H 1
-
-/* Define to 1 if you have the <sys/select.h> header file. */
-#define HAVE_SYS_SELECT_H 1
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#define HAVE_SYS_SOCKET_H 1
-
-/* Define to 1 if you have the <sys/sockio.h> header file. */
-#define HAVE_SYS_SOCKIO_H 1
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/stream.h> header file. */
-/* #undef HAVE_SYS_STREAM_H */
-
-/* Define to 1 if you have the <sys/stropts.h> header file. */
-/* #undef HAVE_SYS_STROPTS_H */
-
-/* Define to 1 if you have the <sys/strtty.h> header file. */
-/* #undef HAVE_SYS_STRTTY_H */
-
-/* Define to 1 if you have the <sys/str_tty.h> header file. */
-/* #undef HAVE_SYS_STR_TTY_H */
-
-/* Define to 1 if you have the <sys/syscall.h> header file. */
-#define HAVE_SYS_SYSCALL_H 1
-
-/* Define to 1 if you have the <sys/sysctl.h> header file. */
-#define HAVE_SYS_SYSCTL_H 1
-
-/* Define to 1 if you have the <sys/termio.h> header file. */
-/* #undef HAVE_SYS_TERMIO_H */
-
-/* Define to 1 if you have the <sys/timeb.h> header file. */
-#define HAVE_SYS_TIMEB_H 1
-
-/* Define to 1 if you have the <sys/times.h> header file. */
-#define HAVE_SYS_TIMES_H 1
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#define HAVE_SYS_TIME_H 1
-
-/* Define to 1 if you have the <sys/tty.h> header file. */
-#define HAVE_SYS_TTY_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <sys/uio.h> header file. */
-#define HAVE_SYS_UIO_H 1
-
-/* Define to 1 if you have the <sys/un.h> header file. */
-#define HAVE_SYS_UN_H 1
-
-/* Define to 1 if you have the <sys/utsname.h> header file. */
-#define HAVE_SYS_UTSNAME_H 1
-
-/* Define to 1 if you have the <sys/wait.h> header file. */
-#define HAVE_SYS_WAIT_H 1
-
-/* Define to 1 if you have the <termcap.h> header file. */
-#define HAVE_TERMCAP_H 1
-
-/* Define to 1 if you have the <termios.h> header file. */
-#define HAVE_TERMIOS_H 1
-
-/* Define to 1 if you have the <termio.h> header file. */
-/* #undef HAVE_TERMIO_H */
-
-/* Define to 1 if you have the <term.h> header file. */
-#define HAVE_TERM_H 1
-
-/* Define to 1 if you have the `tgetent' function. */
-#define HAVE_TGETENT 1
-
-/* Define to 1 if you have the `timegm' function. */
-#define HAVE_TIMEGM 1
-
-/* Define if you have the `timezone' variable. */
-#define HAVE_TIMEZONE 1
-
-/* define if your system declares timezone */
-#define HAVE_TIMEZONE_DECLARATION 1
-
-/* Define to 1 if you have the <time.h> header file. */
-#define HAVE_TIME_H 1
-
-/* Define to 1 if you have the <tmpdir.h> header file. */
-/* #undef HAVE_TMPDIR_H */
-
-/* Define to 1 if you have the `ttyname' function. */
-#define HAVE_TTYNAME 1
-
-/* Define to 1 if you have the `ttyslot' function. */
-#define HAVE_TTYSLOT 1
-
-/* Define to 1 if you have the <udb.h> header file. */
-/* #undef HAVE_UDB_H */
-
-/* Define to 1 if the system has the type `uint16_t'. */
-#define HAVE_UINT16_T 1
-
-/* Define to 1 if the system has the type `uint32_t'. */
-#define HAVE_UINT32_T 1
-
-/* Define to 1 if the system has the type `uint64_t'. */
-#define HAVE_UINT64_T 1
-
-/* Define to 1 if the system has the type `uint8_t'. */
-#define HAVE_UINT8_T 1
-
-/* Define to 1 if you have the `umask' function. */
-#define HAVE_UMASK 1
-
-/* Define to 1 if you have the `uname' function. */
-#define HAVE_UNAME 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to 1 if you have the `unlockpt' function. */
-/* #undef HAVE_UNLOCKPT */
-
-/* Define if you have the function `unsetenv'. */
-#define HAVE_UNSETENV 1
-
-/* Define to 1 if you have the `unvis' function. */
-#define HAVE_UNVIS 1
-
-/* Define to 1 if you have the <userconf.h> header file. */
-/* #undef HAVE_USERCONF_H */
-
-/* Define to 1 if you have the <usersec.h> header file. */
-/* #undef HAVE_USERSEC_H */
-
-/* Define to 1 if you have the <util.h> header file. */
-/* #undef HAVE_UTIL_H */
-
-/* Define to 1 if you have the <utmpx.h> header file. */
-/* #undef HAVE_UTMPX_H */
-
-/* Define to 1 if you have the <utmp.h> header file. */
-#define HAVE_UTMP_H 1
-
-/* Define to 1 if the system has the type `u_int16_t'. */
-#define HAVE_U_INT16_T 1
-
-/* Define to 1 if the system has the type `u_int32_t'. */
-#define HAVE_U_INT32_T 1
-
-/* Define to 1 if the system has the type `u_int64_t'. */
-#define HAVE_U_INT64_T 1
-
-/* Define to 1 if the system has the type `u_int8_t'. */
-#define HAVE_U_INT8_T 1
-
-/* Define to 1 if you have the `vasnprintf' function. */
-/* #undef HAVE_VASNPRINTF */
-
-/* Define to 1 if you have the `vasprintf' function. */
-#define HAVE_VASPRINTF 1
-
-/* Define if you have the function `verr'. */
-#define HAVE_VERR 1
-
-/* Define if you have the function `verrx'. */
-#define HAVE_VERRX 1
-
-/* Define to 1 if you have the `vhangup' function. */
-/* #undef HAVE_VHANGUP */
-
-/* Define to 1 if you have the `vis' function. */
-#define HAVE_VIS 1
-
-/* Define to 1 if you have the <vis.h> header file. */
-#define HAVE_VIS_H 1
-
-/* define if you have a working vsnprintf */
-#define HAVE_VSNPRINTF 1
-
-/* Define if you have the function `vsyslog'. */
-#define HAVE_VSYSLOG 1
-
-/* Define if you have the function `vwarn'. */
-#define HAVE_VWARN 1
-
-/* Define if you have the function `vwarnx'. */
-#define HAVE_VWARNX 1
-
-/* Define if you have the function `warn'. */
-#define HAVE_WARN 1
-
-/* Define if you have the function `warnx'. */
-#define HAVE_WARNX 1
-
-/* Define if you have the function `writev'. */
-#define HAVE_WRITEV 1
-
-/* define if struct winsize has ws_xpixel */
-#define HAVE_WS_XPIXEL 1
-
-/* define if struct winsize has ws_ypixel */
-#define HAVE_WS_YPIXEL 1
-
-/* Define to 1 if you have the `XauFileName' function. */
-#define HAVE_XAUFILENAME 1
-
-/* Define to 1 if you have the `XauReadAuth' function. */
-#define HAVE_XAUREADAUTH 1
-
-/* Define to 1 if you have the `XauWriteAuth' function. */
-#define HAVE_XAUWRITEAUTH 1
-
-/* Define to 1 if you have the `yp_get_default_domain' function. */
-#define HAVE_YP_GET_DEFAULT_DOMAIN 1
-
-/* Define to 1 if you have the `_getpty' function. */
-/* #undef HAVE__GETPTY */
-
-/* Define if you have the `_res' variable. */
-#define HAVE__RES 1
-
-/* define if your system declares _res */
-#define HAVE__RES_DECLARATION 1
-
-/* Define to 1 if you have the `_scrsize' function. */
-/* #undef HAVE__SCRSIZE */
-
-/* define if your compiler has __attribute__ */
-#define HAVE___ATTRIBUTE__ 1
-
-/* Define if you have the `__progname' variable. */
-#define HAVE___PROGNAME 1
-
-/* define if your system declares __progname */
-/* #undef HAVE___PROGNAME_DECLARATION */
-
-/* Define if you have the hesiod package. */
-/* #undef HESIOD */
-
-/* Define if you are running IRIX 4. */
-/* #undef IRIX4 */
-
-/* Define if you have the krb4 package. */
-/* #undef KRB4 */
-
-/* Enable Kerberos 5 support in applications. */
-#define KRB5 1
-
-/* Define if krb_mk_req takes const char * */
-/* #undef KRB_MK_REQ_CONST */
-
-/* This is the krb4 sendauth version. */
-/* #undef KRB_SENDAUTH_VERS */
-
-/* Define to zero if your krb.h doesn't */
-/* #undef KRB_VERIFY_NOT_SECURE */
-
-/* Define to one if your krb.h doesn't */
-/* #undef KRB_VERIFY_SECURE */
-
-/* Define to two if your krb.h doesn't */
-/* #undef KRB_VERIFY_SECURE_FAIL */
-
-/* path to lib */
-#define LIBDIR "/usr/heimdal/lib"
-
-/* path to libexec */
-#define LIBEXECDIR "/usr/heimdal/libexec"
-
-/* path to localstate */
-#define LOCALSTATEDIR "/var/heimdal"
-
-/* define if the system is missing a prototype for asnprintf() */
-#define NEED_ASNPRINTF_PROTO 1
-
-/* define if the system is missing a prototype for asprintf() */
-/* #undef NEED_ASPRINTF_PROTO */
-
-/* define if the system is missing a prototype for crypt() */
-/* #undef NEED_CRYPT_PROTO */
-
-/* define if the system is missing a prototype for gethostname() */
-/* #undef NEED_GETHOSTNAME_PROTO */
-
-/* define if the system is missing a prototype for getusershell() */
-/* #undef NEED_GETUSERSHELL_PROTO */
-
-/* define if the system is missing a prototype for glob() */
-/* #undef NEED_GLOB_PROTO */
-
-/* define if the system is missing a prototype for hstrerror() */
-/* #undef NEED_HSTRERROR_PROTO */
-
-/* define if the system is missing a prototype for inet_aton() */
-/* #undef NEED_INET_ATON_PROTO */
-
-/* define if the system is missing a prototype for mkstemp() */
-/* #undef NEED_MKSTEMP_PROTO */
-
-/* define if the system is missing a prototype for setenv() */
-/* #undef NEED_SETENV_PROTO */
-
-/* define if the system is missing a prototype for snprintf() */
-/* #undef NEED_SNPRINTF_PROTO */
-
-/* define if the system is missing a prototype for strndup() */
-#define NEED_STRNDUP_PROTO 1
-
-/* define if the system is missing a prototype for strsep() */
-/* #undef NEED_STRSEP_PROTO */
-
-/* define if the system is missing a prototype for strsvis() */
-#define NEED_STRSVIS_PROTO 1
-
-/* define if the system is missing a prototype for strtok_r() */
-/* #undef NEED_STRTOK_R_PROTO */
-
-/* define if the system is missing a prototype for strunvis() */
-/* #undef NEED_STRUNVIS_PROTO */
-
-/* define if the system is missing a prototype for strvisx() */
-/* #undef NEED_STRVISX_PROTO */
-
-/* define if the system is missing a prototype for strvis() */
-/* #undef NEED_STRVIS_PROTO */
-
-/* define if the system is missing a prototype for svis() */
-#define NEED_SVIS_PROTO 1
-
-/* define if the system is missing a prototype for unsetenv() */
-/* #undef NEED_UNSETENV_PROTO */
-
-/* define if the system is missing a prototype for unvis() */
-/* #undef NEED_UNVIS_PROTO */
-
-/* define if the system is missing a prototype for vasnprintf() */
-#define NEED_VASNPRINTF_PROTO 1
-
-/* define if the system is missing a prototype for vasprintf() */
-/* #undef NEED_VASPRINTF_PROTO */
-
-/* define if the system is missing a prototype for vis() */
-/* #undef NEED_VIS_PROTO */
-
-/* define if the system is missing a prototype for vsnprintf() */
-/* #undef NEED_VSNPRINTF_PROTO */
-
-/* Define this to enable old environment option in telnet. */
-#define OLD_ENVIRON 1
-
-/* Define if you have the openldap package. */
-/* #undef OPENLDAP */
-
-/* define if prototype of openlog is compatible with void openlog(const char
-   *, int, int) */
-#define OPENLOG_PROTO_COMPATIBLE 1
-
-/* Define if you want OTP support in applications. */
-#define OTP 1
-
-/* Name of package */
-#define PACKAGE "heimdal"
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT "heimdal-bugs@pdc.kth.se"
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME "Heimdal"
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "Heimdal 0.4f"
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME "heimdal"
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION "0.4f"
-
-/* Define if getlogin has POSIX flavour (and not BSD). */
-/* #undef POSIX_GETLOGIN */
-
-/* Define if getpwnam_r has POSIX flavour. */
-/* #undef POSIX_GETPWNAM_R */
-
-/* Define if you have the readline package. */
-/* #undef READLINE */
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#define RETSIGTYPE void
-
-/* path to sbin */
-#define SBINDIR "/usr/heimdal/sbin"
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Define if you have streams ptys. */
-/* #undef STREAMSPTY */
-
-/* path to sysconf */
-#define SYSCONFDIR "/etc"
-
-/* Define to what version of SunOS you are running. */
-/* #undef SunOS */
-
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#define TIME_WITH_SYS_TIME 1
-
-/* Define to 1 if your <sys/time.h> declares `struct tm'. */
-/* #undef TM_IN_SYS_TIME */
-
-/* Version number of package */
-#define VERSION "0.4f"
-
-/* Define if signal handlers return void. */
-#define VOID_RETSIGTYPE 1
-
-/* define if target is big endian */
-/* #undef WORDS_BIGENDIAN */
-
-/* Define to 1 if the X Window System is missing or not being used. */
-/* #undef X_DISPLAY_MISSING */
-
-/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
-   `char[]'. */
-#define YYTEXT_POINTER 1
-
-/* Define to enable extensions on glibc-based systems such as Linux. */
-#define _GNU_SOURCE 1
-
-/* Define to empty if `const' does not conform to ANSI C. */
-/* #undef const */
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef gid_t */
-
-/* Define as `__inline' if that's what the C compiler calls it, or to nothing
-   if it is not supported. */
-/* #undef inline */
-
-/* Define this to what the type mode_t should be. */
-/* #undef mode_t */
-
-/* Define to `long' if <sys/types.h> does not define. */
-/* #undef off_t */
-
-/* Define to `int' if <sys/types.h> does not define. */
-/* #undef pid_t */
-
-/* Define this to what the type sig_atomic_t should be. */
-/* #undef sig_atomic_t */
-
-/* Define to `unsigned' if <sys/types.h> does not define. */
-/* #undef size_t */
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef uid_t */
-
-
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-/* #undef USE_IM */
-
-/* Used with login -p */
-/* #undef LOGIN_ARGS */
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-
-
-#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
-#else
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
-#endif
-
-
-#ifndef HAVE_KRB_KDCTIMEOFDAY
-#define krb_kdctimeofday(X) gettimeofday((X), NULL)
-#endif
-
-#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
-#define krb_get_kdc_time_diff() (0)
-#endif
-
-
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-
-
-#if _AIX
-#define _ALL_SOURCE
-/* XXX this is gross, but kills about a gazillion warnings */
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif
-
-
-/* IRIX 4 braindamage */
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
-
diff --git a/crypto/heimdal/include/config.h.in b/crypto/heimdal/include/config.h.in
deleted file mode 100644
index 0dde9922b56c..000000000000
--- a/crypto/heimdal/include/config.h.in
+++ /dev/null
@@ -1,1425 +0,0 @@
-/* include/config.h.in.  Generated from configure.in by autoheader.  */
-
-#ifndef RCSID
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
-#endif
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-
-
-/* Define if you want authentication support in telnet. */
-#undef AUTHENTICATION
-
-/* path to bin */
-#undef BINDIR
-
-/* Define if realloc(NULL) doesn't work. */
-#undef BROKEN_REALLOC
-
-/* Define if you want support for DCE/DFS PAG's. */
-#undef DCE
-
-/* Define if you want to use DES encryption in telnet. */
-#undef DES_ENCRYPTION
-
-/* Define this to enable diagnostics in telnet. */
-#undef DIAGNOSTICS
-
-/* Define if you want encryption support in telnet. */
-#undef ENCRYPTION
-
-/* define if sys/param.h defines the endiness */
-#undef ENDIANESS_IN_SYS_PARAM_H
-
-/* Define this if you want support for broken ENV_{VAR,VAL} telnets. */
-#undef ENV_HACK
-
-/* define if prototype of gethostbyaddr is compatible with struct hostent
-   *gethostbyaddr(const void *, size_t, int) */
-#undef GETHOSTBYADDR_PROTO_COMPATIBLE
-
-/* define if prototype of gethostbyname is compatible with struct hostent
-   *gethostbyname(const char *) */
-#undef GETHOSTBYNAME_PROTO_COMPATIBLE
-
-/* define if prototype of getservbyname is compatible with struct servent
-   *getservbyname(const char *, const char *) */
-#undef GETSERVBYNAME_PROTO_COMPATIBLE
-
-/* define if prototype of getsockname is compatible with int getsockname(int,
-   struct sockaddr*, socklen_t*) */
-#undef GETSOCKNAME_PROTO_COMPATIBLE
-
-/* Define if you have the `altzone' variable. */
-#undef HAVE_ALTZONE
-
-/* define if your system declares altzone */
-#undef HAVE_ALTZONE_DECLARATION
-
-/* Define to 1 if you have the <arpa/ftp.h> header file. */
-#undef HAVE_ARPA_FTP_H
-
-/* Define to 1 if you have the <arpa/inet.h> header file. */
-#undef HAVE_ARPA_INET_H
-
-/* Define to 1 if you have the <arpa/nameser.h> header file. */
-#undef HAVE_ARPA_NAMESER_H
-
-/* Define to 1 if you have the <arpa/telnet.h> header file. */
-#undef HAVE_ARPA_TELNET_H
-
-/* Define to 1 if you have the `asnprintf' function. */
-#undef HAVE_ASNPRINTF
-
-/* Define to 1 if you have the `asprintf' function. */
-#undef HAVE_ASPRINTF
-
-/* Define to 1 if you have the `atexit' function. */
-#undef HAVE_ATEXIT
-
-/* Define to 1 if you have the <bind/bitypes.h> header file. */
-#undef HAVE_BIND_BITYPES_H
-
-/* Define to 1 if you have the <bsdsetjmp.h> header file. */
-#undef HAVE_BSDSETJMP_H
-
-/* Define to 1 if you have the `bswap16' function. */
-#undef HAVE_BSWAP16
-
-/* Define to 1 if you have the `bswap32' function. */
-#undef HAVE_BSWAP32
-
-/* Define to 1 if you have the <capability.h> header file. */
-#undef HAVE_CAPABILITY_H
-
-/* Define to 1 if you have the `cap_set_proc' function. */
-#undef HAVE_CAP_SET_PROC
-
-/* Define to 1 if you have the `cgetent' function. */
-#undef HAVE_CGETENT
-
-/* Define if you have the function `chown'. */
-#undef HAVE_CHOWN
-
-/* Define to 1 if you have the <config.h> header file. */
-#undef HAVE_CONFIG_H
-
-/* Define if you have the function `copyhostent'. */
-#undef HAVE_COPYHOSTENT
-
-/* Define to 1 if you have the `crypt' function. */
-#undef HAVE_CRYPT
-
-/* Define to 1 if you have the <crypt.h> header file. */
-#undef HAVE_CRYPT_H
-
-/* Define to 1 if you have the <curses.h> header file. */
-#undef HAVE_CURSES_H
-
-/* Define if you have the function `daemon'. */
-#undef HAVE_DAEMON
-
-/* define if you have a berkeley db1/2 library */
-#undef HAVE_DB1
-
-/* define if you have a berkeley db3/4 library */
-#undef HAVE_DB3
-
-/* Define to 1 if you have the <db3/db.h> header file. */
-#undef HAVE_DB3_DB_H
-
-/* Define to 1 if you have the <db4/db.h> header file. */
-#undef HAVE_DB4_DB_H
-
-/* Define to 1 if you have the `dbm_firstkey' function. */
-#undef HAVE_DBM_FIRSTKEY
-
-/* Define to 1 if you have the <dbm.h> header file. */
-#undef HAVE_DBM_H
-
-/* Define to 1 if you have the `dbopen' function. */
-#undef HAVE_DBOPEN
-
-/* Define to 1 if you have the <db_185.h> header file. */
-#undef HAVE_DB_185_H
-
-/* Define to 1 if you have the `db_create' function. */
-#undef HAVE_DB_CREATE
-
-/* Define to 1 if you have the <db.h> header file. */
-#undef HAVE_DB_H
-
-/* define if you have ndbm compat in db */
-#undef HAVE_DB_NDBM
-
-/* Define to 1 if you have the <dirent.h> header file. */
-#undef HAVE_DIRENT_H
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#undef HAVE_DLFCN_H
-
-/* Define to 1 if you have the `dlopen' function. */
-#undef HAVE_DLOPEN
-
-/* Define to 1 if you have the `dn_expand' function. */
-#undef HAVE_DN_EXPAND
-
-/* Define if you have the function `ecalloc'. */
-#undef HAVE_ECALLOC
-
-/* Define to 1 if you have the `el_init' function. */
-#undef HAVE_EL_INIT
-
-/* Define if you have the function `emalloc'. */
-#undef HAVE_EMALLOC
-
-/* define if your system declares environ */
-#undef HAVE_ENVIRON_DECLARATION
-
-/* Define if you have the function `erealloc'. */
-#undef HAVE_EREALLOC
-
-/* Define if you have the function `err'. */
-#undef HAVE_ERR
-
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
-
-/* Define if you have the function `errx'. */
-#undef HAVE_ERRX
-
-/* Define to 1 if you have the <err.h> header file. */
-#undef HAVE_ERR_H
-
-/* Define if you have the function `estrdup'. */
-#undef HAVE_ESTRDUP
-
-/* Define if you have the function `fchown'. */
-#undef HAVE_FCHOWN
-
-/* Define to 1 if you have the `fcntl' function. */
-#undef HAVE_FCNTL
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#undef HAVE_FCNTL_H
-
-/* Define if you have the function `flock'. */
-#undef HAVE_FLOCK
-
-/* Define if you have the function `fnmatch'. */
-#undef HAVE_FNMATCH
-
-/* Define to 1 if you have the <fnmatch.h> header file. */
-#undef HAVE_FNMATCH_H
-
-/* Define if el_init takes four arguments. */
-#undef HAVE_FOUR_VALUED_EL_INIT
-
-/* define if krb_put_int takes four arguments. */
-#undef HAVE_FOUR_VALUED_KRB_PUT_INT
-
-/* Define to 1 if you have the `freeaddrinfo' function. */
-#undef HAVE_FREEADDRINFO
-
-/* Define if you have the function `freehostent'. */
-#undef HAVE_FREEHOSTENT
-
-/* Define to 1 if you have the `gai_strerror' function. */
-#undef HAVE_GAI_STRERROR
-
-/* Define to 1 if you have the <gdbm/ndbm.h> header file. */
-#undef HAVE_GDBM_NDBM_H
-
-/* Define to 1 if you have the `getaddrinfo' function. */
-#undef HAVE_GETADDRINFO
-
-/* Define to 1 if you have the `getconfattr' function. */
-#undef HAVE_GETCONFATTR
-
-/* Define if you have the function `getcwd'. */
-#undef HAVE_GETCWD
-
-/* Define if you have the function `getdtablesize'. */
-#undef HAVE_GETDTABLESIZE
-
-/* Define if you have the function `getegid'. */
-#undef HAVE_GETEGID
-
-/* Define if you have the function `geteuid'. */
-#undef HAVE_GETEUID
-
-/* Define if you have the function `getgid'. */
-#undef HAVE_GETGID
-
-/* Define to 1 if you have the `gethostbyname' function. */
-#undef HAVE_GETHOSTBYNAME
-
-/* Define to 1 if you have the `gethostbyname2' function. */
-#undef HAVE_GETHOSTBYNAME2
-
-/* Define if you have the function `gethostname'. */
-#undef HAVE_GETHOSTNAME
-
-/* Define if you have the function `getifaddrs'. */
-#undef HAVE_GETIFADDRS
-
-/* Define if you have the function `getipnodebyaddr'. */
-#undef HAVE_GETIPNODEBYADDR
-
-/* Define if you have the function `getipnodebyname'. */
-#undef HAVE_GETIPNODEBYNAME
-
-/* Define to 1 if you have the `getlogin' function. */
-#undef HAVE_GETLOGIN
-
-/* Define if you have a working getmsg. */
-#undef HAVE_GETMSG
-
-/* Define to 1 if you have the `getnameinfo' function. */
-#undef HAVE_GETNAMEINFO
-
-/* Define if you have the function `getopt'. */
-#undef HAVE_GETOPT
-
-/* Define to 1 if you have the `getpagesize' function. */
-#undef HAVE_GETPAGESIZE
-
-/* Define to 1 if you have the `getprogname' function. */
-#undef HAVE_GETPROGNAME
-
-/* Define to 1 if you have the `getpwnam_r' function. */
-#undef HAVE_GETPWNAM_R
-
-/* Define to 1 if you have the `getrlimit' function. */
-#undef HAVE_GETRLIMIT
-
-/* Define to 1 if you have the `getsockopt' function. */
-#undef HAVE_GETSOCKOPT
-
-/* Define to 1 if you have the `getspnam' function. */
-#undef HAVE_GETSPNAM
-
-/* Define if you have the function `gettimeofday'. */
-#undef HAVE_GETTIMEOFDAY
-
-/* Define to 1 if you have the `getudbnam' function. */
-#undef HAVE_GETUDBNAM
-
-/* Define if you have the function `getuid'. */
-#undef HAVE_GETUID
-
-/* Define if you have the function `getusershell'. */
-#undef HAVE_GETUSERSHELL
-
-/* define if you have a glob() that groks GLOB_BRACE, GLOB_NOCHECK,
-   GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT */
-#undef HAVE_GLOB
-
-/* Define to 1 if you have the `grantpt' function. */
-#undef HAVE_GRANTPT
-
-/* Define to 1 if you have the <grp.h> header file. */
-#undef HAVE_GRP_H
-
-/* Define to 1 if you have the `hstrerror' function. */
-#undef HAVE_HSTRERROR
-
-/* Define if you have the `h_errlist' variable. */
-#undef HAVE_H_ERRLIST
-
-/* define if your system declares h_errlist */
-#undef HAVE_H_ERRLIST_DECLARATION
-
-/* Define if you have the `h_errno' variable. */
-#undef HAVE_H_ERRNO
-
-/* define if your system declares h_errno */
-#undef HAVE_H_ERRNO_DECLARATION
-
-/* Define if you have the `h_nerr' variable. */
-#undef HAVE_H_NERR
-
-/* define if your system declares h_nerr */
-#undef HAVE_H_NERR_DECLARATION
-
-/* Define to 1 if you have the <ifaddrs.h> header file. */
-#undef HAVE_IFADDRS_H
-
-/* Define if you have the in6addr_loopback variable */
-#undef HAVE_IN6ADDR_LOOPBACK
-
-/* define */
-#undef HAVE_INET_ATON
-
-/* define */
-#undef HAVE_INET_NTOP
-
-/* define */
-#undef HAVE_INET_PTON
-
-/* Define if you have the function `initgroups'. */
-#undef HAVE_INITGROUPS
-
-/* Define to 1 if you have the `initstate' function. */
-#undef HAVE_INITSTATE
-
-/* Define if you have the function `innetgr'. */
-#undef HAVE_INNETGR
-
-/* Define to 1 if the system has the type `int16_t'. */
-#undef HAVE_INT16_T
-
-/* Define to 1 if the system has the type `int32_t'. */
-#undef HAVE_INT32_T
-
-/* Define to 1 if the system has the type `int64_t'. */
-#undef HAVE_INT64_T
-
-/* Define to 1 if the system has the type `int8_t'. */
-#undef HAVE_INT8_T
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the <io.h> header file. */
-#undef HAVE_IO_H
-
-/* Define if you have IPv6. */
-#undef HAVE_IPV6
-
-/* Define if you have the function `iruserok'. */
-#undef HAVE_IRUSEROK
-
-/* Define to 1 if you have the `issetugid' function. */
-#undef HAVE_ISSETUGID
-
-/* Define to 1 if you have the `krb_disable_debug' function. */
-#undef HAVE_KRB_DISABLE_DEBUG
-
-/* Define to 1 if you have the `krb_enable_debug' function. */
-#undef HAVE_KRB_ENABLE_DEBUG
-
-/* Define to 1 if you have the `krb_get_kdc_time_diff' function. */
-#undef HAVE_KRB_GET_KDC_TIME_DIFF
-
-/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
-#undef HAVE_KRB_GET_OUR_IP_FOR_REALM
-
-/* Define to 1 if you have the `krb_kdctimeofday' function. */
-#undef HAVE_KRB_KDCTIMEOFDAY
-
-/* Define to 1 if you have the <libutil.h> header file. */
-#undef HAVE_LIBUTIL_H
-
-/* Define to 1 if you have the <limits.h> header file. */
-#undef HAVE_LIMITS_H
-
-/* Define to 1 if you have the `loadquery' function. */
-#undef HAVE_LOADQUERY
-
-/* Define if you have the function `localtime_r'. */
-#undef HAVE_LOCALTIME_R
-
-/* Define to 1 if you have the `logout' function. */
-#undef HAVE_LOGOUT
-
-/* Define to 1 if you have the `logwtmp' function. */
-#undef HAVE_LOGWTMP
-
-/* Define to 1 if the system has the type `long long'. */
-#undef HAVE_LONG_LONG
-
-/* Define if you have the function `lstat'. */
-#undef HAVE_LSTAT
-
-/* Define to 1 if you have the <maillock.h> header file. */
-#undef HAVE_MAILLOCK_H
-
-/* Define if you have the function `memmove'. */
-#undef HAVE_MEMMOVE
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define if you have the function `mkstemp'. */
-#undef HAVE_MKSTEMP
-
-/* Define to 1 if you have the `mktime' function. */
-#undef HAVE_MKTIME
-
-/* Define to 1 if you have a working `mmap' system call. */
-#undef HAVE_MMAP
-
-/* define if you have a ndbm library */
-#undef HAVE_NDBM
-
-/* Define to 1 if you have the <ndbm.h> header file. */
-#undef HAVE_NDBM_H
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H
-
-/* Define to 1 if you have the <netgroup.h> header file. */
-#undef HAVE_NETGROUP_H
-
-/* Define to 1 if you have the <netinet6/in6.h> header file. */
-#undef HAVE_NETINET6_IN6_H
-
-/* Define to 1 if you have the <netinet6/in6_var.h> header file. */
-#undef HAVE_NETINET6_IN6_VAR_H
-
-/* Define to 1 if you have the <netinet/in6.h> header file. */
-#undef HAVE_NETINET_IN6_H
-
-/* Define to 1 if you have the <netinet/in6_machtypes.h> header file. */
-#undef HAVE_NETINET_IN6_MACHTYPES_H
-
-/* Define to 1 if you have the <netinet/in.h> header file. */
-#undef HAVE_NETINET_IN_H
-
-/* Define to 1 if you have the <netinet/in_systm.h> header file. */
-#undef HAVE_NETINET_IN_SYSTM_H
-
-/* Define to 1 if you have the <netinet/ip.h> header file. */
-#undef HAVE_NETINET_IP_H
-
-/* Define to 1 if you have the <netinet/tcp.h> header file. */
-#undef HAVE_NETINET_TCP_H
-
-/* Define if you want to use Netinfo instead of krb5.conf. */
-#undef HAVE_NETINFO
-
-/* Define to 1 if you have the <netinfo/ni.h> header file. */
-#undef HAVE_NETINFO_NI_H
-
-/* Define to 1 if you have the <net/if.h> header file. */
-#undef HAVE_NET_IF_H
-
-/* Define if NDBM really is DB (creates files *.db) */
-#undef HAVE_NEW_DB
-
-/* define if you have hash functions like md4_finito() */
-#undef HAVE_OLD_HASH_NAMES
-
-/* Define to 1 if you have the `on_exit' function. */
-#undef HAVE_ON_EXIT
-
-/* Define to 1 if you have the `openpty' function. */
-#undef HAVE_OPENPTY
-
-/* define to use openssl's libcrypto */
-#undef HAVE_OPENSSL
-
-/* define if your system declares optarg */
-#undef HAVE_OPTARG_DECLARATION
-
-/* define if your system declares opterr */
-#undef HAVE_OPTERR_DECLARATION
-
-/* define if your system declares optind */
-#undef HAVE_OPTIND_DECLARATION
-
-/* define if your system declares optopt */
-#undef HAVE_OPTOPT_DECLARATION
-
-/* Define to enable basic OSF C2 support. */
-#undef HAVE_OSFC2
-
-/* Define to 1 if you have the <paths.h> header file. */
-#undef HAVE_PATHS_H
-
-/* Define to 1 if you have the `pidfile' function. */
-#undef HAVE_PIDFILE
-
-/* Define to 1 if you have the <pthread.h> header file. */
-#undef HAVE_PTHREAD_H
-
-/* Define to 1 if you have the `ptsname' function. */
-#undef HAVE_PTSNAME
-
-/* Define to 1 if you have the <pty.h> header file. */
-#undef HAVE_PTY_H
-
-/* Define if you have the function `putenv'. */
-#undef HAVE_PUTENV
-
-/* Define to 1 if you have the <pwd.h> header file. */
-#undef HAVE_PWD_H
-
-/* Define to 1 if you have the `rand' function. */
-#undef HAVE_RAND
-
-/* Define to 1 if you have the `random' function. */
-#undef HAVE_RANDOM
-
-/* Define if you have the function `rcmd'. */
-#undef HAVE_RCMD
-
-/* Define if you have a readline compatible library. */
-#undef HAVE_READLINE
-
-/* Define if you have the function `readv'. */
-#undef HAVE_READV
-
-/* Define if you have the function `recvmsg'. */
-#undef HAVE_RECVMSG
-
-/* Define to 1 if you have the <resolv.h> header file. */
-#undef HAVE_RESOLV_H
-
-/* Define to 1 if you have the `res_nsearch' function. */
-#undef HAVE_RES_NSEARCH
-
-/* Define to 1 if you have the `res_search' function. */
-#undef HAVE_RES_SEARCH
-
-/* Define to 1 if you have the `revoke' function. */
-#undef HAVE_REVOKE
-
-/* Define to 1 if you have the <rpcsvc/ypclnt.h> header file. */
-#undef HAVE_RPCSVC_YPCLNT_H
-
-/* Define to 1 if you have the <sac.h> header file. */
-#undef HAVE_SAC_H
-
-/* Define to 1 if the system has the type `sa_family_t'. */
-#undef HAVE_SA_FAMILY_T
-
-/* Define to 1 if you have the <security/pam_modules.h> header file. */
-#undef HAVE_SECURITY_PAM_MODULES_H
-
-/* Define to 1 if you have the `select' function. */
-#undef HAVE_SELECT
-
-/* Define if you have the function `sendmsg'. */
-#undef HAVE_SENDMSG
-
-/* Define if you have the function `setegid'. */
-#undef HAVE_SETEGID
-
-/* Define if you have the function `setenv'. */
-#undef HAVE_SETENV
-
-/* Define if you have the function `seteuid'. */
-#undef HAVE_SETEUID
-
-/* Define to 1 if you have the `setitimer' function. */
-#undef HAVE_SETITIMER
-
-/* Define to 1 if you have the `setlim' function. */
-#undef HAVE_SETLIM
-
-/* Define to 1 if you have the `setlogin' function. */
-#undef HAVE_SETLOGIN
-
-/* Define to 1 if you have the `setpcred' function. */
-#undef HAVE_SETPCRED
-
-/* Define to 1 if you have the `setpgid' function. */
-#undef HAVE_SETPGID
-
-/* Define to 1 if you have the `setproctitle' function. */
-#undef HAVE_SETPROCTITLE
-
-/* Define to 1 if you have the `setprogname' function. */
-#undef HAVE_SETPROGNAME
-
-/* Define to 1 if you have the `setregid' function. */
-#undef HAVE_SETREGID
-
-/* Define to 1 if you have the `setresgid' function. */
-#undef HAVE_SETRESGID
-
-/* Define to 1 if you have the `setresuid' function. */
-#undef HAVE_SETRESUID
-
-/* Define to 1 if you have the `setreuid' function. */
-#undef HAVE_SETREUID
-
-/* Define to 1 if you have the `setsid' function. */
-#undef HAVE_SETSID
-
-/* Define to 1 if you have the `setsockopt' function. */
-#undef HAVE_SETSOCKOPT
-
-/* Define to 1 if you have the `setstate' function. */
-#undef HAVE_SETSTATE
-
-/* Define to 1 if you have the `setutent' function. */
-#undef HAVE_SETUTENT
-
-/* Define to 1 if you have the `sgi_getcapabilitybyname' function. */
-#undef HAVE_SGI_GETCAPABILITYBYNAME
-
-/* Define to 1 if you have the <sgtty.h> header file. */
-#undef HAVE_SGTTY_H
-
-/* Define to 1 if you have the <shadow.h> header file. */
-#undef HAVE_SHADOW_H
-
-/* Define to 1 if you have the <siad.h> header file. */
-#undef HAVE_SIAD_H
-
-/* Define to 1 if you have the `sigaction' function. */
-#undef HAVE_SIGACTION
-
-/* Define to 1 if you have the <signal.h> header file. */
-#undef HAVE_SIGNAL_H
-
-/* define if you have a working snprintf */
-#undef HAVE_SNPRINTF
-
-/* Define to 1 if you have the `socket' function. */
-#undef HAVE_SOCKET
-
-/* Define to 1 if the system has the type `socklen_t'. */
-#undef HAVE_SOCKLEN_T
-
-/* Define to 1 if the system has the type `ssize_t'. */
-#undef HAVE_SSIZE_T
-
-/* Define to 1 if you have the <standards.h> header file. */
-#undef HAVE_STANDARDS_H
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define if you have the function `strcasecmp'. */
-#undef HAVE_STRCASECMP
-
-/* Define if you have the function `strdup'. */
-#undef HAVE_STRDUP
-
-/* Define if you have the function `strerror'. */
-#undef HAVE_STRERROR
-
-/* Define if you have the function `strftime'. */
-#undef HAVE_STRFTIME
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define if you have the function `strlcat'. */
-#undef HAVE_STRLCAT
-
-/* Define if you have the function `strlcpy'. */
-#undef HAVE_STRLCPY
-
-/* Define if you have the function `strlwr'. */
-#undef HAVE_STRLWR
-
-/* Define if you have the function `strncasecmp'. */
-#undef HAVE_STRNCASECMP
-
-/* Define if you have the function `strndup'. */
-#undef HAVE_STRNDUP
-
-/* Define if you have the function `strnlen'. */
-#undef HAVE_STRNLEN
-
-/* Define to 1 if you have the <stropts.h> header file. */
-#undef HAVE_STROPTS_H
-
-/* Define if you have the function `strptime'. */
-#undef HAVE_STRPTIME
-
-/* Define if you have the function `strsep'. */
-#undef HAVE_STRSEP
-
-/* Define if you have the function `strsep_copy'. */
-#undef HAVE_STRSEP_COPY
-
-/* Define to 1 if you have the `strstr' function. */
-#undef HAVE_STRSTR
-
-/* Define to 1 if you have the `strsvis' function. */
-#undef HAVE_STRSVIS
-
-/* Define if you have the function `strtok_r'. */
-#undef HAVE_STRTOK_R
-
-/* Define to 1 if the system has the type `struct addrinfo'. */
-#undef HAVE_STRUCT_ADDRINFO
-
-/* Define to 1 if the system has the type `struct ifaddrs'. */
-#undef HAVE_STRUCT_IFADDRS
-
-/* Define to 1 if the system has the type `struct iovec'. */
-#undef HAVE_STRUCT_IOVEC
-
-/* Define to 1 if the system has the type `struct msghdr'. */
-#undef HAVE_STRUCT_MSGHDR
-
-/* Define to 1 if the system has the type `struct sockaddr'. */
-#undef HAVE_STRUCT_SOCKADDR
-
-/* Define if struct sockaddr has field sa_len. */
-#undef HAVE_STRUCT_SOCKADDR_SA_LEN
-
-/* Define to 1 if the system has the type `struct sockaddr_storage'. */
-#undef HAVE_STRUCT_SOCKADDR_STORAGE
-
-/* define if you have struct spwd */
-#undef HAVE_STRUCT_SPWD
-
-/* Define if struct tm has field tm_gmtoff. */
-#undef HAVE_STRUCT_TM_TM_GMTOFF
-
-/* Define if struct tm has field tm_zone. */
-#undef HAVE_STRUCT_TM_TM_ZONE
-
-/* Define if struct utmpx has field ut_exit. */
-#undef HAVE_STRUCT_UTMPX_UT_EXIT
-
-/* Define if struct utmpx has field ut_syslen. */
-#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
-
-/* Define if struct utmp has field ut_addr. */
-#undef HAVE_STRUCT_UTMP_UT_ADDR
-
-/* Define if struct utmp has field ut_host. */
-#undef HAVE_STRUCT_UTMP_UT_HOST
-
-/* Define if struct utmp has field ut_id. */
-#undef HAVE_STRUCT_UTMP_UT_ID
-
-/* Define if struct utmp has field ut_pid. */
-#undef HAVE_STRUCT_UTMP_UT_PID
-
-/* Define if struct utmp has field ut_type. */
-#undef HAVE_STRUCT_UTMP_UT_TYPE
-
-/* Define if struct utmp has field ut_user. */
-#undef HAVE_STRUCT_UTMP_UT_USER
-
-/* define if struct winsize is declared in sys/termios.h */
-#undef HAVE_STRUCT_WINSIZE
-
-/* Define to 1 if you have the `strunvis' function. */
-#undef HAVE_STRUNVIS
-
-/* Define if you have the function `strupr'. */
-#undef HAVE_STRUPR
-
-/* Define to 1 if you have the `strvis' function. */
-#undef HAVE_STRVIS
-
-/* Define to 1 if you have the `strvisx' function. */
-#undef HAVE_STRVISX
-
-/* Define to 1 if you have the `svis' function. */
-#undef HAVE_SVIS
-
-/* Define if you have the function `swab'. */
-#undef HAVE_SWAB
-
-/* Define to 1 if you have the `sysconf' function. */
-#undef HAVE_SYSCONF
-
-/* Define to 1 if you have the `sysctl' function. */
-#undef HAVE_SYSCTL
-
-/* Define to 1 if you have the `syslog' function. */
-#undef HAVE_SYSLOG
-
-/* Define to 1 if you have the <syslog.h> header file. */
-#undef HAVE_SYSLOG_H
-
-/* Define to 1 if you have the <sys/bitypes.h> header file. */
-#undef HAVE_SYS_BITYPES_H
-
-/* Define to 1 if you have the <sys/bswap.h> header file. */
-#undef HAVE_SYS_BSWAP_H
-
-/* Define to 1 if you have the <sys/capability.h> header file. */
-#undef HAVE_SYS_CAPABILITY_H
-
-/* Define to 1 if you have the <sys/category.h> header file. */
-#undef HAVE_SYS_CATEGORY_H
-
-/* Define to 1 if you have the <sys/file.h> header file. */
-#undef HAVE_SYS_FILE_H
-
-/* Define to 1 if you have the <sys/filio.h> header file. */
-#undef HAVE_SYS_FILIO_H
-
-/* Define to 1 if you have the <sys/ioccom.h> header file. */
-#undef HAVE_SYS_IOCCOM_H
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#undef HAVE_SYS_IOCTL_H
-
-/* Define to 1 if you have the <sys/mman.h> header file. */
-#undef HAVE_SYS_MMAN_H
-
-/* Define to 1 if you have the <sys/param.h> header file. */
-#undef HAVE_SYS_PARAM_H
-
-/* Define to 1 if you have the <sys/proc.h> header file. */
-#undef HAVE_SYS_PROC_H
-
-/* Define to 1 if you have the <sys/ptyio.h> header file. */
-#undef HAVE_SYS_PTYIO_H
-
-/* Define to 1 if you have the <sys/ptyvar.h> header file. */
-#undef HAVE_SYS_PTYVAR_H
-
-/* Define to 1 if you have the <sys/pty.h> header file. */
-#undef HAVE_SYS_PTY_H
-
-/* Define to 1 if you have the <sys/resource.h> header file. */
-#undef HAVE_SYS_RESOURCE_H
-
-/* Define to 1 if you have the <sys/select.h> header file. */
-#undef HAVE_SYS_SELECT_H
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#undef HAVE_SYS_SOCKET_H
-
-/* Define to 1 if you have the <sys/sockio.h> header file. */
-#undef HAVE_SYS_SOCKIO_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/stream.h> header file. */
-#undef HAVE_SYS_STREAM_H
-
-/* Define to 1 if you have the <sys/stropts.h> header file. */
-#undef HAVE_SYS_STROPTS_H
-
-/* Define to 1 if you have the <sys/strtty.h> header file. */
-#undef HAVE_SYS_STRTTY_H
-
-/* Define to 1 if you have the <sys/str_tty.h> header file. */
-#undef HAVE_SYS_STR_TTY_H
-
-/* Define to 1 if you have the <sys/syscall.h> header file. */
-#undef HAVE_SYS_SYSCALL_H
-
-/* Define to 1 if you have the <sys/sysctl.h> header file. */
-#undef HAVE_SYS_SYSCTL_H
-
-/* Define to 1 if you have the <sys/termio.h> header file. */
-#undef HAVE_SYS_TERMIO_H
-
-/* Define to 1 if you have the <sys/timeb.h> header file. */
-#undef HAVE_SYS_TIMEB_H
-
-/* Define to 1 if you have the <sys/times.h> header file. */
-#undef HAVE_SYS_TIMES_H
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
-/* Define to 1 if you have the <sys/tty.h> header file. */
-#undef HAVE_SYS_TTY_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <sys/uio.h> header file. */
-#undef HAVE_SYS_UIO_H
-
-/* Define to 1 if you have the <sys/un.h> header file. */
-#undef HAVE_SYS_UN_H
-
-/* Define to 1 if you have the <sys/utsname.h> header file. */
-#undef HAVE_SYS_UTSNAME_H
-
-/* Define to 1 if you have the <sys/wait.h> header file. */
-#undef HAVE_SYS_WAIT_H
-
-/* Define to 1 if you have the <termcap.h> header file. */
-#undef HAVE_TERMCAP_H
-
-/* Define to 1 if you have the <termios.h> header file. */
-#undef HAVE_TERMIOS_H
-
-/* Define to 1 if you have the <termio.h> header file. */
-#undef HAVE_TERMIO_H
-
-/* Define to 1 if you have the <term.h> header file. */
-#undef HAVE_TERM_H
-
-/* Define to 1 if you have the `tgetent' function. */
-#undef HAVE_TGETENT
-
-/* Define to 1 if you have the `timegm' function. */
-#undef HAVE_TIMEGM
-
-/* Define if you have the `timezone' variable. */
-#undef HAVE_TIMEZONE
-
-/* define if your system declares timezone */
-#undef HAVE_TIMEZONE_DECLARATION
-
-/* Define to 1 if you have the <time.h> header file. */
-#undef HAVE_TIME_H
-
-/* Define to 1 if you have the <tmpdir.h> header file. */
-#undef HAVE_TMPDIR_H
-
-/* Define to 1 if you have the `ttyname' function. */
-#undef HAVE_TTYNAME
-
-/* Define to 1 if you have the `ttyslot' function. */
-#undef HAVE_TTYSLOT
-
-/* Define to 1 if you have the <udb.h> header file. */
-#undef HAVE_UDB_H
-
-/* Define to 1 if the system has the type `uint16_t'. */
-#undef HAVE_UINT16_T
-
-/* Define to 1 if the system has the type `uint32_t'. */
-#undef HAVE_UINT32_T
-
-/* Define to 1 if the system has the type `uint64_t'. */
-#undef HAVE_UINT64_T
-
-/* Define to 1 if the system has the type `uint8_t'. */
-#undef HAVE_UINT8_T
-
-/* Define to 1 if you have the `umask' function. */
-#undef HAVE_UMASK
-
-/* Define to 1 if you have the `uname' function. */
-#undef HAVE_UNAME
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to 1 if you have the `unlockpt' function. */
-#undef HAVE_UNLOCKPT
-
-/* Define if you have the function `unsetenv'. */
-#undef HAVE_UNSETENV
-
-/* Define to 1 if you have the `unvis' function. */
-#undef HAVE_UNVIS
-
-/* Define to 1 if you have the <userconf.h> header file. */
-#undef HAVE_USERCONF_H
-
-/* Define to 1 if you have the <usersec.h> header file. */
-#undef HAVE_USERSEC_H
-
-/* Define to 1 if you have the <util.h> header file. */
-#undef HAVE_UTIL_H
-
-/* Define to 1 if you have the <utmpx.h> header file. */
-#undef HAVE_UTMPX_H
-
-/* Define to 1 if you have the <utmp.h> header file. */
-#undef HAVE_UTMP_H
-
-/* Define to 1 if the system has the type `u_int16_t'. */
-#undef HAVE_U_INT16_T
-
-/* Define to 1 if the system has the type `u_int32_t'. */
-#undef HAVE_U_INT32_T
-
-/* Define to 1 if the system has the type `u_int64_t'. */
-#undef HAVE_U_INT64_T
-
-/* Define to 1 if the system has the type `u_int8_t'. */
-#undef HAVE_U_INT8_T
-
-/* Define to 1 if you have the `vasnprintf' function. */
-#undef HAVE_VASNPRINTF
-
-/* Define to 1 if you have the `vasprintf' function. */
-#undef HAVE_VASPRINTF
-
-/* Define if you have the function `verr'. */
-#undef HAVE_VERR
-
-/* Define if you have the function `verrx'. */
-#undef HAVE_VERRX
-
-/* Define to 1 if you have the `vhangup' function. */
-#undef HAVE_VHANGUP
-
-/* Define to 1 if you have the `vis' function. */
-#undef HAVE_VIS
-
-/* Define to 1 if you have the <vis.h> header file. */
-#undef HAVE_VIS_H
-
-/* define if you have a working vsnprintf */
-#undef HAVE_VSNPRINTF
-
-/* Define if you have the function `vsyslog'. */
-#undef HAVE_VSYSLOG
-
-/* Define if you have the function `vwarn'. */
-#undef HAVE_VWARN
-
-/* Define if you have the function `vwarnx'. */
-#undef HAVE_VWARNX
-
-/* Define if you have the function `warn'. */
-#undef HAVE_WARN
-
-/* Define if you have the function `warnx'. */
-#undef HAVE_WARNX
-
-/* Define if you have the function `writev'. */
-#undef HAVE_WRITEV
-
-/* define if struct winsize has ws_xpixel */
-#undef HAVE_WS_XPIXEL
-
-/* define if struct winsize has ws_ypixel */
-#undef HAVE_WS_YPIXEL
-
-/* Define to 1 if you have the `XauFileName' function. */
-#undef HAVE_XAUFILENAME
-
-/* Define to 1 if you have the `XauReadAuth' function. */
-#undef HAVE_XAUREADAUTH
-
-/* Define to 1 if you have the `XauWriteAuth' function. */
-#undef HAVE_XAUWRITEAUTH
-
-/* Define to 1 if you have the `yp_get_default_domain' function. */
-#undef HAVE_YP_GET_DEFAULT_DOMAIN
-
-/* Define to 1 if you have the `_getpty' function. */
-#undef HAVE__GETPTY
-
-/* Define if you have the `_res' variable. */
-#undef HAVE__RES
-
-/* define if your system declares _res */
-#undef HAVE__RES_DECLARATION
-
-/* Define to 1 if you have the `_scrsize' function. */
-#undef HAVE__SCRSIZE
-
-/* define if your compiler has __attribute__ */
-#undef HAVE___ATTRIBUTE__
-
-/* Define if you have the `__progname' variable. */
-#undef HAVE___PROGNAME
-
-/* define if your system declares __progname */
-#undef HAVE___PROGNAME_DECLARATION
-
-/* Define if you have the hesiod package. */
-#undef HESIOD
-
-/* Define if you are running IRIX 4. */
-#undef IRIX4
-
-/* Define if you have the krb4 package. */
-#undef KRB4
-
-/* Enable Kerberos 5 support in applications. */
-#undef KRB5
-
-/* Define if krb_mk_req takes const char * */
-#undef KRB_MK_REQ_CONST
-
-/* This is the krb4 sendauth version. */
-#undef KRB_SENDAUTH_VERS
-
-/* Define to zero if your krb.h doesn't */
-#undef KRB_VERIFY_NOT_SECURE
-
-/* Define to one if your krb.h doesn't */
-#undef KRB_VERIFY_SECURE
-
-/* Define to two if your krb.h doesn't */
-#undef KRB_VERIFY_SECURE_FAIL
-
-/* path to lib */
-#undef LIBDIR
-
-/* path to libexec */
-#undef LIBEXECDIR
-
-/* path to localstate */
-#undef LOCALSTATEDIR
-
-/* define if the system is missing a prototype for asnprintf() */
-#undef NEED_ASNPRINTF_PROTO
-
-/* define if the system is missing a prototype for asprintf() */
-#undef NEED_ASPRINTF_PROTO
-
-/* define if the system is missing a prototype for crypt() */
-#undef NEED_CRYPT_PROTO
-
-/* define if the system is missing a prototype for gethostname() */
-#undef NEED_GETHOSTNAME_PROTO
-
-/* define if the system is missing a prototype for getusershell() */
-#undef NEED_GETUSERSHELL_PROTO
-
-/* define if the system is missing a prototype for glob() */
-#undef NEED_GLOB_PROTO
-
-/* define if the system is missing a prototype for hstrerror() */
-#undef NEED_HSTRERROR_PROTO
-
-/* define if the system is missing a prototype for inet_aton() */
-#undef NEED_INET_ATON_PROTO
-
-/* define if the system is missing a prototype for mkstemp() */
-#undef NEED_MKSTEMP_PROTO
-
-/* define if the system is missing a prototype for setenv() */
-#undef NEED_SETENV_PROTO
-
-/* define if the system is missing a prototype for snprintf() */
-#undef NEED_SNPRINTF_PROTO
-
-/* define if the system is missing a prototype for strndup() */
-#undef NEED_STRNDUP_PROTO
-
-/* define if the system is missing a prototype for strsep() */
-#undef NEED_STRSEP_PROTO
-
-/* define if the system is missing a prototype for strsvis() */
-#undef NEED_STRSVIS_PROTO
-
-/* define if the system is missing a prototype for strtok_r() */
-#undef NEED_STRTOK_R_PROTO
-
-/* define if the system is missing a prototype for strunvis() */
-#undef NEED_STRUNVIS_PROTO
-
-/* define if the system is missing a prototype for strvisx() */
-#undef NEED_STRVISX_PROTO
-
-/* define if the system is missing a prototype for strvis() */
-#undef NEED_STRVIS_PROTO
-
-/* define if the system is missing a prototype for svis() */
-#undef NEED_SVIS_PROTO
-
-/* define if the system is missing a prototype for unsetenv() */
-#undef NEED_UNSETENV_PROTO
-
-/* define if the system is missing a prototype for unvis() */
-#undef NEED_UNVIS_PROTO
-
-/* define if the system is missing a prototype for vasnprintf() */
-#undef NEED_VASNPRINTF_PROTO
-
-/* define if the system is missing a prototype for vasprintf() */
-#undef NEED_VASPRINTF_PROTO
-
-/* define if the system is missing a prototype for vis() */
-#undef NEED_VIS_PROTO
-
-/* define if the system is missing a prototype for vsnprintf() */
-#undef NEED_VSNPRINTF_PROTO
-
-/* Define if you don't want to use mmap. */
-#undef NO_MMAP
-
-/* Define this to enable old environment option in telnet. */
-#undef OLD_ENVIRON
-
-/* Define if you have the openldap package. */
-#undef OPENLDAP
-
-/* define if prototype of openlog is compatible with void openlog(const char
-   *, int, int) */
-#undef OPENLOG_PROTO_COMPATIBLE
-
-/* Define if you want OTP support in applications. */
-#undef OTP
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define if getlogin has POSIX flavour (and not BSD). */
-#undef POSIX_GETLOGIN
-
-/* Define if getpwnam_r has POSIX flavour. */
-#undef POSIX_GETPWNAM_R
-
-/* Define if you have the readline package. */
-#undef READLINE
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
-/* path to sbin */
-#undef SBINDIR
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Define if you have streams ptys. */
-#undef STREAMSPTY
-
-/* path to sysconf */
-#undef SYSCONFDIR
-
-/* Define to what version of SunOS you are running. */
-#undef SunOS
-
-/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
-#undef TIME_WITH_SYS_TIME
-
-/* Define to 1 if your <sys/time.h> declares `struct tm'. */
-#undef TM_IN_SYS_TIME
-
-/* Version number of package */
-#undef VERSION
-
-/* Define if signal handlers return void. */
-#undef VOID_RETSIGTYPE
-
-/* define if target is big endian */
-#undef WORDS_BIGENDIAN
-
-/* Define to 1 if the X Window System is missing or not being used. */
-#undef X_DISPLAY_MISSING
-
-/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
-   `char[]'. */
-#undef YYTEXT_POINTER
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-#undef _FILE_OFFSET_BITS
-
-/* Define to enable extensions on glibc-based systems such as Linux. */
-#undef _GNU_SOURCE
-
-/* Define for large files, on AIX-style hosts. */
-#undef _LARGE_FILES
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef gid_t
-
-/* Define as `__inline' if that's what the C compiler calls it, or to nothing
-   if it is not supported. */
-#undef inline
-
-/* Define this to what the type mode_t should be. */
-#undef mode_t
-
-/* Define to `long' if <sys/types.h> does not define. */
-#undef off_t
-
-/* Define to `int' if <sys/types.h> does not define. */
-#undef pid_t
-
-/* Define this to what the type sig_atomic_t should be. */
-#undef sig_atomic_t
-
-/* Define to `unsigned' if <sys/types.h> does not define. */
-#undef size_t
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-#undef uid_t
-
-#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
-#else
-#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
-#endif
-
-
-
-#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
-#define AUTHENTICATION 1
-#endif
-
-/* Set this to the default system lead string for telnetd 
- * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
- * %v=os-version, %t=tty, %h=hostname, %d=date and time
- */
-#undef USE_IM
-
-/* Used with login -p */
-#undef LOGIN_ARGS
-
-/* set this to a sensible login */
-#ifndef LOGIN_PATH
-#define LOGIN_PATH BINDIR "/login"
-#endif
-
-
-#ifdef ROKEN_RENAME
-#include "roken_rename.h"
-#endif
-
-#ifndef HAVE_KRB_KDCTIMEOFDAY
-#define krb_kdctimeofday(X) gettimeofday((X), NULL)
-#endif
-
-#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
-#define krb_get_kdc_time_diff() (0)
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-
-#if ENDIANESS_IN_SYS_PARAM_H
-#  include <sys/types.h>
-#  include <sys/param.h>
-#  if BYTE_ORDER == BIG_ENDIAN
-#  define WORDS_BIGENDIAN 1
-#  endif
-#endif
-
-
-#if _AIX
-#define _ALL_SOURCE
-/* XXX this is gross, but kills about a gazillion warnings */
-struct ether_addr;
-struct sockaddr;
-struct sockaddr_dl;
-struct sockaddr_in;
-#endif
-
-
-/* IRIX 4 braindamage */
-#if IRIX == 4 && !defined(__STDC__)
-#define __STDC__ 0
-#endif
-
diff --git a/crypto/heimdal/include/fnmatch.h b/crypto/heimdal/include/fnmatch.h
deleted file mode 100644
index 95c91d600b64..000000000000
--- a/crypto/heimdal/include/fnmatch.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-
-int	 fnmatch (const char *, const char *, int);
-
-#endif /* !_FNMATCH_H_ */
diff --git a/crypto/heimdal/include/getarg.h b/crypto/heimdal/include/getarg.h
deleted file mode 100644
index c68b66a1d0b9..000000000000
--- a/crypto/heimdal/include/getarg.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: getarg.h,v 1.12 2002/04/18 08:50:08 joda Exp $ */
-
-#ifndef __GETARG_H__
-#define __GETARG_H__
-
-#include <stddef.h>
-
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer, 
-	   arg_string, 
-	   arg_flag, 
-	   arg_negative_flag, 
-	   arg_strings,
-	   arg_double,
-	   arg_collect,
-	   arg_counter
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-
-enum {
-    ARG_ERR_NO_MATCH  = 1,
-    ARG_ERR_BAD_ARG,
-    ARG_ERR_NO_ARG
-};
-
-typedef struct getarg_strings {
-    int num_strings;
-    char **strings;
-} getarg_strings;
-
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *goptind,
-				   int *goptarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-
-int getarg(struct getargs *args, size_t num_args, 
-	   int argc, char **argv, int *goptind);
-
-void arg_printusage (struct getargs *args,
-		     size_t num_args,
-		     const char *progname,
-		     const char *extra_string);
-
-void free_getarg_strings (getarg_strings *);
-
-#endif /* __GETARG_H__ */
diff --git a/crypto/heimdal/include/kadm5/Makefile b/crypto/heimdal/include/kadm5/Makefile
deleted file mode 100644
index 30517e4ccbe7..000000000000
--- a/crypto/heimdal/include/kadm5/Makefile
+++ /dev/null
@@ -1,485 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# include/kadm5/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-CLEANFILES = admin.h kadm5_err.h private.h
-subdir = include/kadm5
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  include/kadm5/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \
-	uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/kadm5/Makefile.am b/crypto/heimdal/include/kadm5/Makefile.am
deleted file mode 100644
index e0647b8474ac..000000000000
--- a/crypto/heimdal/include/kadm5/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:17 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES = admin.h kadm5_err.h private.h
diff --git a/crypto/heimdal/include/kadm5/Makefile.in b/crypto/heimdal/include/kadm5/Makefile.in
deleted file mode 100644
index db1956dbac9e..000000000000
--- a/crypto/heimdal/include/kadm5/Makefile.in
+++ /dev/null
@@ -1,487 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.6 1999/03/20 13:58:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-CLEANFILES = admin.h kadm5_err.h private.h
-subdir = include/kadm5
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  include/kadm5/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-generic mostlyclean-libtool uninstall uninstall-am \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/include/krb5-types.h b/crypto/heimdal/include/krb5-types.h
deleted file mode 100644
index 652ae3f7b5a8..000000000000
--- a/crypto/heimdal/include/krb5-types.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* krb5-types.h -- this file was generated for i386-unknown-freebsd5.0 by
-                   $Id: bits.c,v 1.22 2002/08/28 16:08:44 joda Exp $ */
-
-#ifndef __krb5_types_h__
-#define __krb5_types_h__
-
-#include <inttypes.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-
-
-typedef socklen_t krb5_socklen_t;
-#include <unistd.h>
-typedef ssize_t krb5_ssize_t;
-
-#endif /* __krb5_types_h__ */
diff --git a/crypto/heimdal/include/make_crypto.c b/crypto/heimdal/include/make_crypto.c
deleted file mode 100644
index 2215f3fe253d..000000000000
--- a/crypto/heimdal/include/make_crypto.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: make_crypto.c,v 1.4.2.1 2003/05/05 20:10:27 joda Exp $");
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-    FILE *f;
-    if(argc != 2) {
-	fprintf(stderr, "Usage: make_crypto file\n");
-	exit(1);
-    }
-    f = fopen(argv[1], "w");
-    if(f == NULL) {
-	perror(argv[1]);
-	exit(1);
-    }
-    for(p = argv[1]; *p; p++)
-	if(!isalnum((int)*p))
-	    *p = '_';
-    fprintf(f, "#ifndef __%s__\n", argv[1]);
-    fprintf(f, "#define __%s__\n", argv[1]);
-#ifdef HAVE_OPENSSL
-    fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f);
-    fputs("#include <openssl/des.h>\n", f);
-    fputs("#include <openssl/rc4.h>\n", f);
-    fputs("#include <openssl/md4.h>\n", f);
-    fputs("#include <openssl/md5.h>\n", f);
-    fputs("#include <openssl/sha.h>\n", f);
-#if ENABLE_AES
-    fputs("#include <openssl/aes.h>\n", f);
-#endif    
-#else
-    fputs("#include <des.h>\n", f);
-    fputs("#include <md4.h>\n", f);
-    fputs("#include <md5.h>\n", f);
-    fputs("#include <sha.h>\n", f);
-    fputs("#include <rc4.h>\n", f);
-#ifdef HAVE_OLD_HASH_NAMES
-    fputs("\n", f);
-    fputs("    typedef struct md4 MD4_CTX;\n", f);
-    fputs("#define MD4_Init md4_init\n", f);
-    fputs("#define MD4_Update md4_update\n", f);
-    fputs("#define MD4_Final(D, C) md4_finito((C), (D))\n", f);
-    fputs("\n", f);
-    fputs("    typedef struct md5 MD5_CTX;\n", f);
-    fputs("#define MD5_Init md5_init\n", f);
-    fputs("#define MD5_Update md5_update\n", f);
-    fputs("#define MD5_Final(D, C) md5_finito((C), (D))\n", f);
-    fputs("\n", f);
-    fputs("    typedef struct sha SHA_CTX;\n", f);
-    fputs("#define SHA1_Init sha_init\n", f);
-    fputs("#define SHA1_Update sha_update\n", f);
-    fputs("#define SHA1_Final(D, C) sha_finito((C), (D))\n", f);
-#endif
-#endif
-    fprintf(f, "#endif /* __%s__ */\n", argv[1]);
-    fclose(f);
-    exit(0);
-}
diff --git a/crypto/heimdal/include/parse_bytes.h b/crypto/heimdal/include/parse_bytes.h
deleted file mode 100644
index d7e759da5ea0..000000000000
--- a/crypto/heimdal/include/parse_bytes.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_bytes.h,v 1.3 2001/09/04 09:56:00 assar Exp $ */
-
-#ifndef __PARSE_BYTES_H__
-#define __PARSE_BYTES_H__
-
-int
-parse_bytes (const char *s, const char *def_unit);
-
-int
-unparse_bytes (int t, char *s, size_t len);
-
-int
-unparse_bytes_short (int t, char *s, size_t len);
-
-#endif /* __PARSE_BYTES_H__ */
diff --git a/crypto/heimdal/include/parse_time.h b/crypto/heimdal/include/parse_time.h
deleted file mode 100644
index 55de505dbba3..000000000000
--- a/crypto/heimdal/include/parse_time.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_time.h,v 1.4 1999/12/02 16:58:51 joda Exp $ */
-
-#ifndef __PARSE_TIME_H__
-#define __PARSE_TIME_H__
-
-int
-parse_time (const char *s, const char *def_unit);
-
-size_t
-unparse_time (int t, char *s, size_t len);
-
-size_t
-unparse_time_approx (int t, char *s, size_t len);
-
-void
-print_time_table (FILE *f);
-
-#endif /* __PARSE_TIME_H__ */
diff --git a/crypto/heimdal/include/parse_units.h b/crypto/heimdal/include/parse_units.h
deleted file mode 100644
index 29c57796c49a..000000000000
--- a/crypto/heimdal/include/parse_units.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_units.h,v 1.7 2001/09/04 09:56:00 assar Exp $ */
-
-#ifndef __PARSE_UNITS_H__
-#define __PARSE_UNITS_H__
-
-#include <stdio.h>
-#include <stddef.h>
-
-struct units {
-    const char *name;
-    unsigned mult;
-};
-
-typedef struct units units;
-
-int
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit);
-
-void
-print_units_table (const struct units *units, FILE *f);
-
-int
-parse_flags (const char *s, const struct units *units,
-	     int orig);
-
-int
-unparse_units (int num, const struct units *units, char *s, size_t len);
-
-int
-unparse_units_approx (int num, const struct units *units, char *s,
-		      size_t len);
-
-int
-unparse_flags (int num, const struct units *units, char *s, size_t len);
-
-void
-print_flags_table (const struct units *units, FILE *f);
-
-#endif /* __PARSE_UNITS_H__ */
diff --git a/crypto/heimdal/include/resolve.h b/crypto/heimdal/include/resolve.h
deleted file mode 100644
index cb25b7ab44e9..000000000000
--- a/crypto/heimdal/include/resolve.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: resolve.h,v 1.15 2002/08/26 13:30:16 assar Exp $ */
-
-#ifndef __RESOLVE_H__
-#define __RESOLVE_H__
-
-/* We use these, but they are not always present in <arpa/nameser.h> */
-
-#ifndef T_TXT
-#define T_TXT		16
-#endif
-#ifndef T_AFSDB
-#define T_AFSDB		18
-#endif
-#ifndef T_SIG
-#define T_SIG		24
-#endif
-#ifndef T_KEY
-#define T_KEY		25
-#endif
-#ifndef T_AAAA
-#define T_AAAA		28
-#endif
-#ifndef T_SRV
-#define T_SRV		33
-#endif
-#ifndef T_NAPTR
-#define T_NAPTR		35
-#endif
-#ifndef T_CERT
-#define T_CERT		37
-#endif
-
-#define dns_query		rk_dns_query
-#define mx_record		rk_mx_record
-#define srv_record		rk_srv_record
-#define key_record		rk_key_record
-#define sig_record		rk_sig_record
-#define cert_record		rk_cert_record
-#define resource_record		rk_resource_record
-#define dns_reply		rk_dns_reply
-
-#define dns_lookup		rk_dns_lookup
-#define dns_free_data		rk_dns_free_data
-#define dns_string_to_type	rk_dns_string_to_type
-#define dns_type_to_string	rk_dns_type_to_string
-#define dns_srv_order		rk_dns_srv_order
-
-struct dns_query{
-    char *domain;
-    unsigned type;
-    unsigned class;
-};
-
-struct mx_record{
-    unsigned  preference;
-    char domain[1];
-};
-
-struct srv_record{
-    unsigned priority;
-    unsigned weight;
-    unsigned port;
-    char target[1];
-};
-
-struct key_record {
-    unsigned flags;
-    unsigned protocol;
-    unsigned algorithm;
-    size_t   key_len;
-    u_char   key_data[1];
-};
-
-struct sig_record {
-    unsigned type;
-    unsigned algorithm;
-    unsigned labels;
-    unsigned orig_ttl;
-    unsigned sig_expiration;
-    unsigned sig_inception;
-    unsigned key_tag;
-    char     *signer;
-    unsigned sig_len;
-    char     sig_data[1];	/* also includes signer */
-};
-
-struct cert_record {
-    unsigned type;
-    unsigned tag;
-    unsigned algorithm;
-    size_t   cert_len;
-    u_char   cert_data[1];
-};
-
-struct resource_record{
-    char *domain;
-    unsigned type;
-    unsigned class;
-    unsigned ttl;
-    unsigned size;
-    union {
-	void *data;
-	struct mx_record *mx;
-	struct mx_record *afsdb; /* mx and afsdb are identical */
-	struct srv_record *srv;
-	struct in_addr *a;
-	char *txt;
-	struct key_record *key;
-	struct cert_record *cert;
-	struct sig_record *sig;
-    }u;
-    struct resource_record *next;
-};
-
-#ifndef T_A /* XXX if <arpa/nameser.h> isn't included */
-typedef int HEADER; /* will never be used */
-#endif
-
-struct dns_reply{
-    HEADER h;
-    struct dns_query q;
-    struct resource_record *head;
-};
-
-
-struct dns_reply* dns_lookup(const char *, const char *);
-void dns_free_data(struct dns_reply *);
-int dns_string_to_type(const char *name);
-const char *dns_type_to_string(int type);
-void dns_srv_order(struct dns_reply*);
-
-#endif /* __RESOLVE_H__ */
diff --git a/crypto/heimdal/include/roken-common.h b/crypto/heimdal/include/roken-common.h
deleted file mode 100644
index 2e604ac893e1..000000000000
--- a/crypto/heimdal/include/roken-common.h
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken-common.h,v 1.49 2002/08/20 11:55:04 joda Exp $ */
-
-#ifndef __ROKEN_COMMON_H__
-#define __ROKEN_COMMON_H__
-
-#ifdef __cplusplus
-#define ROKEN_CPP_START	extern "C" {
-#define ROKEN_CPP_END	}
-#else
-#define ROKEN_CPP_START
-#define ROKEN_CPP_END
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff
-#endif
-
-#ifndef INADDR_LOOPBACK
-#define INADDR_LOOPBACK 0x7f000001
-#endif
-
-#ifndef SOMAXCONN
-#define SOMAXCONN 5
-#endif
-
-#ifndef STDIN_FILENO
-#define STDIN_FILENO 0
-#endif
-
-#ifndef STDOUT_FILENO
-#define STDOUT_FILENO 1
-#endif
-
-#ifndef STDERR_FILENO
-#define STDERR_FILENO 2
-#endif
-
-#ifndef max
-#define max(a,b) (((a)>(b))?(a):(b))
-#endif
-
-#ifndef min
-#define min(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef LOG_DAEMON
-#define openlog(id,option,facility) openlog((id),(option))
-#define	LOG_DAEMON	0
-#endif
-#ifndef LOG_ODELAY
-#define LOG_ODELAY 0
-#endif
-#ifndef LOG_NDELAY
-#define LOG_NDELAY 0x08
-#endif
-#ifndef LOG_CONS
-#define LOG_CONS 0
-#endif
-#ifndef LOG_AUTH
-#define LOG_AUTH 0
-#endif
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-
-#ifndef F_OK
-#define F_OK 0
-#endif
-
-#ifndef O_ACCMODE
-#define O_ACCMODE	003
-#endif
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
-#endif
-
-#ifndef _PATH_HEQUIV
-#define _PATH_HEQUIV "/etc/hosts.equiv"
-#endif
-
-#ifndef _PATH_VARRUN
-#define _PATH_VARRUN "/var/run/"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN (1024+4)
-#endif
-
-#ifndef SIG_ERR
-#define SIG_ERR ((RETSIGTYPE (*)(int))-1)
-#endif
-
-/*
- * error code for getipnodeby{name,addr}
- */
-
-#ifndef HOST_NOT_FOUND
-#define HOST_NOT_FOUND 1
-#endif
-
-#ifndef TRY_AGAIN
-#define TRY_AGAIN 2
-#endif
-
-#ifndef NO_RECOVERY
-#define NO_RECOVERY 3
-#endif
-
-#ifndef NO_DATA
-#define NO_DATA 4
-#endif
-
-#ifndef NO_ADDRESS
-#define NO_ADDRESS NO_DATA
-#endif
-
-/*
- * error code for getaddrinfo
- */
-
-#ifndef EAI_NOERROR
-#define EAI_NOERROR	0	/* no error */
-#endif
-
-#ifndef EAI_ADDRFAMILY
-
-#define EAI_ADDRFAMILY	1	/* address family for nodename not supported */
-#define EAI_AGAIN	2	/* temporary failure in name resolution */
-#define EAI_BADFLAGS	3	/* invalid value for ai_flags */
-#define EAI_FAIL	4	/* non-recoverable failure in name resolution */
-#define EAI_FAMILY	5	/* ai_family not supported */
-#define EAI_MEMORY	6	/* memory allocation failure */
-#define EAI_NODATA	7	/* no address associated with nodename */
-#define EAI_NONAME	8	/* nodename nor servname provided, or not known */
-#define EAI_SERVICE	9	/* servname not supported for ai_socktype */
-#define EAI_SOCKTYPE   10	/* ai_socktype not supported */
-#define EAI_SYSTEM     11	/* system error returned in errno */
-
-#endif /* EAI_ADDRFAMILY */
-
-/* flags for getaddrinfo() */
-
-#ifndef AI_PASSIVE
-#define AI_PASSIVE	0x01
-#define AI_CANONNAME	0x02
-#endif /* AI_PASSIVE */
-
-#ifndef AI_NUMERICHOST
-#define AI_NUMERICHOST	0x04
-#endif
-
-/* flags for getnameinfo() */
-
-#ifndef NI_DGRAM
-#define NI_DGRAM	0x01
-#define NI_NAMEREQD	0x02
-#define NI_NOFQDN	0x04
-#define NI_NUMERICHOST	0x08
-#define NI_NUMERICSERV	0x10
-#endif
-
-/*
- * constants for getnameinfo
- */
-
-#ifndef NI_MAXHOST
-#define NI_MAXHOST  1025
-#define NI_MAXSERV    32
-#endif
-
-/*
- * constants for inet_ntop
- */
-
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN    16
-#endif
-
-#ifndef INET6_ADDRSTRLEN
-#define INET6_ADDRSTRLEN   46
-#endif
-
-/*
- * for shutdown(2)
- */
-
-#ifndef SHUT_RD
-#define SHUT_RD 0
-#endif
-
-#ifndef SHUT_WR
-#define SHUT_WR 1
-#endif
-
-#ifndef SHUT_RDWR
-#define SHUT_RDWR 2
-#endif
-
-#ifndef HAVE___ATTRIBUTE__
-#define __attribute__(x)
-#endif
-
-ROKEN_CPP_START
-
-#if IRIX != 4 /* fix for compiler bug */
-#ifdef RETSIGTYPE
-typedef RETSIGTYPE (*SigAction)(int);
-SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION simple_execve(const char*, char*const[], char*const[]);
-int ROKEN_LIB_FUNCTION simple_execvp(const char*, char *const[]);
-int ROKEN_LIB_FUNCTION simple_execlp(const char*, ...);
-int ROKEN_LIB_FUNCTION simple_execle(const char*, ...);
-int ROKEN_LIB_FUNCTION simple_execl(const char *file, ...);
-
-int ROKEN_LIB_FUNCTION wait_for_process(pid_t);
-int ROKEN_LIB_FUNCTION pipe_execv(FILE**, FILE**, FILE**, const char*, ...);
-
-void ROKEN_LIB_FUNCTION print_version(const char *);
-
-ssize_t ROKEN_LIB_FUNCTION eread (int fd, void *buf, size_t nbytes);
-ssize_t ROKEN_LIB_FUNCTION ewrite (int fd, const void *buf, size_t nbytes);
-
-struct hostent;
-
-const char *
-hostent_find_fqdn (const struct hostent *he);
-
-void
-esetenv(const char *var, const char *val, int rewrite);
-
-void
-socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port);
-
-size_t
-socket_addr_size (const struct sockaddr *sa);
-
-void
-socket_set_any (struct sockaddr *sa, int af);
-
-size_t
-socket_sockaddr_size (const struct sockaddr *sa);
-
-void *
-socket_get_address (struct sockaddr *sa);
-
-int
-socket_get_port (const struct sockaddr *sa);
-
-void
-socket_set_port (struct sockaddr *sa, int port);
-
-void
-socket_set_portrange (int sock, int restr, int af);
-
-void
-socket_set_debug (int sock);
-
-void
-socket_set_tos (int sock, int tos);
-
-void
-socket_set_reuseaddr (int sock, int val);
-
-char **
-vstrcollect(va_list *ap);
-
-char **
-strcollect(char *first, ...);
-
-void timevalfix(struct timeval *t1);
-void timevaladd(struct timeval *t1, const struct timeval *t2);
-void timevalsub(struct timeval *t1, const struct timeval *t2);
-
-char *pid_file_write (const char *progname);
-void pid_file_delete (char **);
-
-int
-read_environment(const char *file, char ***env);
-
-void warnerr(int doerrno, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 2, 0)));
-
-ROKEN_CPP_END
-
-#endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/heimdal/include/roken.h b/crypto/heimdal/include/roken.h
deleted file mode 100644
index 4be5be54f06b..000000000000
--- a/crypto/heimdal/include/roken.h
+++ /dev/null
@@ -1,244 +0,0 @@
-/* This is an OS dependent, generated file */
-
-
-#ifndef __ROKEN_H__
-#define __ROKEN_H__
-
-/* -*- C -*- */
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken.h.in,v 1.169 2002/08/26 21:43:38 assar Exp $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <signal.h>
-
-#include <sys/param.h>
-#include <inttypes.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/uio.h>
-#include <grp.h>
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#include <syslog.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <err.h>
-#include <termios.h>
-#include <sys/ioctl.h>
-#include <sys/time.h>
-#include <time.h>
-
-#include <paths.h>
-
-
-#define ROKEN_LIB_FUNCTION
-
-
-#include <roken-common.h>
-
-ROKEN_CPP_START
-
-
-
-
-
-
-
-
-
-
-int asnprintf (char **ret, size_t max_sz, const char *format, ...)
-     __attribute__ ((format (printf, 3, 4)));
-
-int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
-     __attribute__((format (printf, 3, 0)));
-
-
-char * strndup(const char *old, size_t sz);
-
-char * strlwr(char *);
-
-size_t strnlen(const char*, size_t);
-
-
-ssize_t strsep_copy(const char**, const char*, char*, size_t);
-
-
-
-
-char * strupr(char *);
-
-
-
-
-
-
-
-
-
-
-
-#include <pwd.h>
-struct passwd *k_getpwnam (const char *user);
-struct passwd *k_getpwuid (uid_t uid);
-
-const char *get_default_username (void);
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-void pidfile (const char*);
-
-unsigned int bswap32(unsigned int);
-
-unsigned short bswap16(unsigned short);
-
-
-time_t tm2time (struct tm tm, int local);
-
-int unix_verify_user(char *user, char *password);
-
-int roken_concat (char *s, size_t len, ...);
-
-size_t roken_mconcat (char **s, size_t max_len, ...);
-
-int roken_vconcat (char *s, size_t len, va_list args);
-
-size_t roken_vmconcat (char **s, size_t max_len, va_list args);
-
-ssize_t net_write (int fd, const void *buf, size_t nbytes);
-
-ssize_t net_read (int fd, void *buf, size_t nbytes);
-
-int issuid(void);
-
-
-int get_window_size(int fd, struct winsize *);
-
-
-
-extern const char *__progname;
-
-extern char **environ;
-
-
-
-
-struct hostent *
-copyhostent (const struct hostent *h);
-
-
-
-
-
-
-
-
-int
-getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
-		     char *host, size_t hostlen,
-		     char *serv, size_t servlen,
-		     int flags);
-
-int roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); 
-int roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
-
-
-
-void *emalloc (size_t);
-void *ecalloc(size_t num, size_t sz);
-void *erealloc (void *, size_t);
-char *estrdup (const char *);
-
-/*
- * kludges and such
- */
-
-int roken_gethostby_setup(const char*, const char*);
-struct hostent* roken_gethostbyname(const char*);
-struct hostent* roken_gethostbyaddr(const void*, size_t, int);
-
-#define roken_getservbyname(x,y) getservbyname(x,y)
-
-#define roken_openlog(a,b,c) openlog(a,b,c)
-
-#define roken_getsockname(a,b,c) getsockname(a,b,c)
-
-
-
-void mini_inetd_addrinfo (struct addrinfo*);
-void mini_inetd (int port);
-
-void set_progname(char *argv0);
-const char *get_progname(void);
-
-
-int
-strsvis(char *dst, const char *src, int flag, const char *extra);
-
-
-
-
-char *
-svis(char *dst, int c, int flag, int nextc, const char *extra);
-
-
-
-ROKEN_CPP_END
-#define ROKEN_VERSION 0.4f
-
-#endif /* __ROKEN_H__ */
diff --git a/crypto/heimdal/include/rtbl.h b/crypto/heimdal/include/rtbl.h
deleted file mode 100644
index 16496a7fd205..000000000000
--- a/crypto/heimdal/include/rtbl.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __rtbl_h__
-#define __rtbl_h__
-
-struct rtbl_data;
-typedef struct rtbl_data *rtbl_t;
-
-#define RTBL_ALIGN_LEFT		0
-#define RTBL_ALIGN_RIGHT	1
-
-rtbl_t rtbl_create (void);
-
-void rtbl_destroy (rtbl_t);
-
-int rtbl_set_prefix (rtbl_t, const char*);
-
-int rtbl_set_column_prefix (rtbl_t, const char*, const char*);
-
-int rtbl_add_column (rtbl_t, const char*, unsigned int);
-
-int rtbl_add_column_entry (rtbl_t, const char*, const char*);
-
-int rtbl_format (rtbl_t, FILE*);
-
-#endif /* __rtbl_h__ */
diff --git a/crypto/heimdal/include/stamp-h.in b/crypto/heimdal/include/stamp-h.in
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/crypto/heimdal/include/stamp-h.in
+++ /dev/null
diff --git a/crypto/heimdal/include/stamp-h1 b/crypto/heimdal/include/stamp-h1
deleted file mode 100644
index b330768e9bf6..000000000000
--- a/crypto/heimdal/include/stamp-h1
+++ /dev/null
@@ -1 +0,0 @@
-timestamp for include/config.h
diff --git a/crypto/heimdal/include/xdbm.h b/crypto/heimdal/include/xdbm.h
deleted file mode 100644
index 6e65217625fc..000000000000
--- a/crypto/heimdal/include/xdbm.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: xdbm.h,v 1.15 2002/05/17 16:02:22 joda Exp $ */
-
-/* Generic *dbm include file */
-
-#ifndef __XDBM_H__
-#define __XDBM_H__
-
-#if HAVE_DB_NDBM
-#define DB_DBM_HSEARCH 1
-#include <db.h>
-#elif HAVE_NDBM
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#endif
-#endif /* HAVE_NDBM */
-
-#endif /* __XDBM_H__ */
diff --git a/crypto/heimdal/install-sh b/crypto/heimdal/install-sh
deleted file mode 100755
index 398a88e14218..000000000000
--- a/crypto/heimdal/install-sh
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
-else
-	:
-fi
-
-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-		chmodcmd=""
-	else
-		instcmd=$mkdirprog
-	fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-	if [ -f $src -o -d $src ]
-	then
-		:
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		:
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		:
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='
-	'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
-
-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		:
-	fi
-
-	pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else : ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else : ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else : ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else : ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
-	if [ x"$transformarg" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		dstfile=`basename $dst $transformbasename | 
-			sed $transformarg`$transformbasename
-	fi
-
-# don't allow the sed command to completely eliminate the filename
-
-	if [ x"$dstfile" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		:
-	fi
-
-# Make a temp file name in the proper directory.
-
-	dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-	$doit $instcmd $src $dsttmp &&
-
-	trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else :;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else :;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else :;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else :;fi &&
-
-# Now rename the file to the real destination.
-
-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile 
-
-fi &&
-
-
-exit 0
diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog
deleted file mode 100644
index 093835e98be3..000000000000
--- a/crypto/heimdal/kadmin/ChangeLog
+++ /dev/null
@@ -1,628 +0,0 @@
-2003-04-14  Love H�rquist �strand  <lha@it.su.se>
-
-	* util.c: cast argument to tolower to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-2003-04-06  Love H�rquist �strand <lha@it.su.se>
-
-	* kadmind.8: s/kerberos/Kerberos/
-	
-2003-03-31  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmin.8: initialises -> initializes, from Perry E. Metzger"
-	<perry@piermont.com>
-
-	* kadmin.c: principal, not pricipal. From Thomas Klausner
-	<wiz@netbsd.org>
-
-2003-02-04  Love H�rquist �strand  <lha@it.su.se>
-
-	* kadmind.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-	* kadmin.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
-	
-2003-01-29  Love H�rquist �strand  <lha@it.su.se>
-
-	* server.c (kadmind_dispatch): kadm_chpass: require the password
-	to pass the password quality check in case the user changes the
-	user's own password kadm_chpass_with_key: disallow the user to
-	change it own password to a key, since that password might violate
-	the password quality check.
-
-2002-10-23  Assar Westerlund  <assar@kth.se>
-
-	* version4.c (decode_packet): check the length of the version
-	string and that rlen has a reasonable value
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c: check size of rlen
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* server.c: constify match_appl_version()
-
-	* version4.c: change some lingering krb_err_base
-
-2002-09-09  Jacques Vidrine  <nectar@kth.se>
-
-	* server.c (kadmind_dispatch): while decoding arguments for
-	kadm_chpass_with_key, sanity check the number of keys given.
-	Potential problem pointed out by
-	Sebastian Krahmer <krahmer@suse.de>.
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c (parse_generation): return if there is no generation
-	(spotted by Daniel Kouril)
-
-2002-06-07  Jacques Vidrine <n@nectar.com>
-
-	* ank.c: do not attempt to free uninitialized pointer when
-	kadm5_randkey_principal fails.
-
-2002-06-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* util.c: remove unused variable; reported by Hans Insulander
-
-2002-03-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmind.8: clarify some acl wording, and add an example file
-
-2002-02-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ext.c: no need to use the "modify" keytab anymore
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c: allocate several buffers for the list of
-	words, instead of one strdup per word (running under efence does
-	not work very well otherwise)
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c: allow specifying the number of users to
-	create
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: rename variable name to avoid error from current
-	automake
-
-2001-08-22  Assar Westerlund  <assar@sics.se>
-
-	* kadmin_locl.h: include libutil.h if it exists
-
-2001-08-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* util.c: do something to handle C-c in prompts
-
-	* load.c: remove unused etypes code, and add parsing of the
-	generation field
-
-	* ank.c: add a --use-defaults option to just use default values
-	without questions
-
-	* kadmin.c: add "del" alias for delete
-
-	* cpw.c: call this operation "passwd" in usage
-
-	* kadmin_locl.h: prototype for set_defaults
-
-	* util.c (edit_entry): move setting of default values to a
-	separate function, set_defaults
-
-2001-08-01  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin.c: print help message on bad options
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c (main): handle --version
-
-2001-07-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c: increase line buffer to 8k
-
-2001-06-12  Assar Westerlund  <assar@sics.se>
-
-	* ext.c (ext_keytab): use the default modify keytab per default
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
-
-2001-05-15  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c (main): some error cleaning required
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c: new krb5_config_parse_file
-	* kadmin.c: new krb5_config_parse_file
-	* kadm_conn.c: update to new krb5_sockaddr2address
-
-2001-05-07  Assar Westerlund  <assar@sics.se>
-
-	* kadmin_locl.h (foreach_principal): update prototype
-	* get.c (getit): new foreach_principal
-	* ext.c (ext_keytab): new foreach_principal
-	* del.c (del_entry): new foreach_principal
-	* cpw.c (cpw_entry): new foreach_principal
-	* util.c (foreach_principal): add `funcname' and try printing the
-	error string
-
-2001-05-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rename.c: fix argument number test
-	
-2001-04-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* del_enctype.c: fix argument count check after getarg change;
-	spotted by mark@MCS.VUW.AC.NZ
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c (main): use a `struct sockaddr_storage' to be able to
-	store all types of addresses
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c: add --keytab / _K, from Leif Johansson
-	<leifj@it.su.se>
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c (spawn_child): close the newly created socket in the
-	packet, it's not used.  from <shadow@dementia.org>
-	* version4.c (decode_packet): check success of
-	krb5_425_conv_principal.  from <shadow@dementia.org>
-
-2001-01-12  Assar Westerlund  <assar@sics.se>
-
-	* util.c (parse_attributes): make empty string mean no attributes,
-	specifying the empty string at the command line should give you no
-	attributes, but just pressing return at the prompt gives you
-	default attributes
-	(edit_entry): only pick up values from the default principal if they
-	aren't set in the principal being edited
-
-2001-01-04  Assar Westerlund  <assar@sics.se>
-
-	* load.c (doit): print an error and bail out if storing an entry
-	in the database fails.  The most likely reason for it failing is
-	out-of-space.
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c (main): handle krb5_init_context failure consistently
-	* kadmin.c (main): handle krb5_init_context failure consistently
-	* add-random-users.c (add_user): handle krb5_init_context failure
-	consistently
-
-	* kadm_conn.c (spawn_child): use a struct sockaddr_storage
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get.c: avoid asprintf'ing NULL strings
-
-2000-12-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c: fix option parsing
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c (wait_for_connection): check for fd's being too
-	large to select on
-
-2000-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get.c: don't try to print modifier name if it isn't set (from
-	Jacques A. Vidrine" <n@nectar.com>)
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* server.c (kadmind_loop): send in keytab to v4 handling function
-	* version4.c: allow the specification of what keytab to use
-
-	* get.c (print_entry_long): actually print the actual saltvalue
-	used if it's not the default
-
-2000-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmin.c: add option parsing, and add `privs' as an alias for
-	`privileges'
-
-	* init.c: complain if there's no realm name specified
-
-	* rename.c: add option parsing
-
-	* load.c: add option parsing
-
-	* get.c: make `get' and `list' aliases to each other, but with
-	different defaults
-
-	* del_enctype.c: add option parsing
-
-	* del.c: add option parsing
-
-	* ank.c: calling the command `add' make more sense from an english
-	pov
-
-	* Makefile.am: add kadmin manpage
-
-	* kadmin.8: short manpage
-
-	* kadmin.c: `quit' should be a alias for `exit', not `help'
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* server.c (handle_v5): do not try to perform stupid stunts when
-	printing errors
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* util.c (str2time_t): add alias for `now'.
-
-2000-08-18  Assar Westerlund  <assar@sics.se>
-
-	* server.c (handle_v5): accept any kadmin/admin@* principal as the
-	server
-	* kadmind.c: remove extra prototype of kadmind_loop
-	* kadmin_locl.h (kadmind_loop): add prototype
-	
-	* init.c (usage): print init-usage and not add-dito
-	
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmind.c: use roken_getsockname
-
-2000-08-07  Assar Westerlund  <assar@sics.se>
-
-	* kadmind.c, kadm_conn.c: use socklen_t instead of int where
-	appropriate.  From <thorpej@netbsd.org>
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: link with pidfile library
-
-	* kadmind.c: write a pid file, and setup password quality
-	functions
-
-	* kadmin_locl.h: util.h
-
-2000-07-27  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (decode_packet): be totally consistent with the
-	prototype of des_cbc_cksum
-	* kadmind.c: use sa_size instead of sa_len, some systems define
-	this to emulate anonymous unions
-	* kadm_conn.c: use sa_size instead of sa_len, some systems define
-	this to emulate anonymous unions
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c (commands): add quit
-	* load.c (doit): truncate the log since there's no way of knowing
-	what changes are going to be added
-
-2000-07-23  Assar Westerlund  <assar@sics.se>
-
-	* util.c (str2time_t): be more careful with strptime that might
-	zero out the `struct tm'
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadm_conn.c: make the parent process wait for children and
-	terminate after receiving a signal, also terminate on SIGINT
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* version4.c: map both princ_expire_time and pw_expiration to v4
-	principal expiration
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c (handle_v4): check for termination
-
-	* server.c (v5_loop): check for termination
-
-	* kadm_conn.c (wait_term): if we're doing something, set just set
-	a flag otherwise exit rightaway
-
-	* server.c: use krb5_read_priv_message; (v5_loop): check for EOF
-
-2000-07-21  Assar Westerlund  <assar@sics.se>
-
-	* kadm_conn.c: remove sys/select.h.  make signal handlers
-	type-correct and static
-
-	* kadmin_locl.h: add limits.h and sys/select.h
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* init.c (init): also create `kadmin/hprop'
-	* kadmind.c: ports is a string argument
-	* kadm_conn.c (start_server): fix printf format
-
-	* kadmin_locl.h: add <sys/select.h>
-	* kadm_conn.c: remove sys/select.h.  make signal handlers
-	type-correct and static
-
-	* kadmin_locl.h: add limits.h and sys/select.h
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadm_conn.c: put all processes in a new process group
-
-	* server.c (v5_loop): use krb5_{read,write}_priv_message
-
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* version4.c: change log strings to match the v5 counterparts
-
-	* mod.c: allow setting kvno
-
-	* kadmind.c: if stdin is not a socket create and listen to sockets
-
-	* kadm_conn.c: socket creation functions
-
-	* util.c (deltat2str): treat 0 and INT_MAX as never
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (INCLUDES): add ../lib/krb5
-	* kadmin_locl.h: add krb5_locl.h (since we just use some stuff
-	from there)
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* add-random-users.c: new testing program that adds a number of
-	randomly generated users
-
-2000-04-12  Assar Westerlund  <assar@sics.se>
-
-	* cpw.c (do_cpw_entry): call set_password if no argument is given,
-	it will prompt for the password.
-	* kadmin.c: make help only print the commands that are actually
-	available.
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* del_enctype.c (del_enctype): set ignore correctly
-
-2000-04-02  Assar Westerlund  <assar@sics.se>
-
-	* kadmin.c (main): make parse errors a fatal error
-	* init.c (init): create changepw/kerberos with disallow-tgt and
-	pwchange attributes
-
-2000-03-23  Assar Westerlund  <assar@sics.se>
-
-	* util.c (hex2n, parse_des_key): add
-	* server.c (kadmind_dispatch): add kadm_chpass_with_key
-	* cpw.c: add --key
-	* ank.c: add --key
-
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* load.c (doit): check return value from parse_hdbflags2int
-	correctly
-
-2000-01-25  Assar Westerlund  <assar@sics.se>
-
-	* load.c: checking all parsing for errors and all memory
-	allocations also
-
-2000-01-02  Assar Westerlund  <assar@sics.se>
-
-	* server.c: check initial flag in ticket and allow users to change
-	their own password if it's set
-	* ext.c (do_ext_keytab): set timestamp
-
-1999-12-14  Assar Westerlund  <assar@sics.se>
-
-	* del_enctype.c (usage): don't use arg_printusage
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* del_enctype.c (del_enctype): try not to leak memory
-
-	* version4.c (kadm_ser_mod): use kadm5_s_modify_principal (no
- 	_with_key)
-
-	* kadmin.c: add `del_enctype'
-
-	* del_enctype.c (del_enctype): new function for deleting enctypes
-	from a principal
-
-	* Makefile.am (kadmin_SOURCES): add del_enctype.c
-
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* server.c: cope with old clients
-
-	* kadmin_locl.h: remove version string
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (kadmin_LDADD): add LIB_dlopen
-
-1999-10-01  Assar Westerlund  <assar@sics.se>
-
-	* ank.c (add_one_principal): `password' can cactually be NULL in
- 	the overwrite code, check for it.
-
-1999-09-20  Assar Westerlund  <assar@sics.se>
-
-	* mod.c (mod_entry): print the correct principal name in error
- 	messages.  From Love <lha@e.kth.se>
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* init.c (init): also create `changepw/kerberos'
-
-	* version4.c: only create you loose packets when we fail decoding
- 	and not when an operation is not performed for some reason
-	(decode_packet): read the service key from the hdb
-	(dispatch, decode_packet): return proper error messages
-
-	* version4.c (kadm_ser_cpw): add password quality functions
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* server.c (handle_v5): give more informative message if
-	KRB5_KT_NOTFOUND
-
-1999-08-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kadmind.c: use HDB keytabs
-
-1999-08-25  Assar Westerlund  <assar@sics.se>
-
-	* cpw.c (set_password): use correct variable.  From Love
- 	<lha@e.kth.se>
-
-	* server.c (v5_loop): use correct error code
-
-	* ank.c (add_one_principal): initialize `default_ent'
-
-1999-08-21  Assar Westerlund  <assar@sics.se>
-
-	* random_password.c: new file, stolen from krb4
-
-	* kadmin_locl.h: add prototype for random_password
-
-	* cpw.c: add support for --random-password
-
-	* ank.c: add support for --random-password
-
-	* Makefile.am (kadmin_SOURCES): add random_password.c
-
-1999-08-19  Assar Westerlund  <assar@sics.se>
-
-	* util.c (edit_timet): break when we manage to parse the time not
- 	the inverse.
-
-	* mod.c: add parsing of lots of options.  From Love
- 	<lha@stacken.kth.se>
-
-	* ank.c: add setting of expiration and password expiration
-
-	* kadmin_locl.h: update util.c prototypes
-
-	* util.c: move-around.  clean-up, rename, make consistent (and
- 	some other weird stuff).  based on patches from Love
- 	<lha@stacken.kth.se>
-
-	* version4.c (kadm_ser_cpw): initialize password
-	(handle_v4): remove unused variable `ret'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (handle_v4): more error checking and more correct
- 	error messages
-
-	* server.c (v5_loop, kadmind_loop): more error checking and more
- 	correct error messages
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* util.c (str2timeval, edit_time): functions for parsing and
- 	editing times.  Based on patches from Love <lha@stacken.kth.se>.
-	(edit_entry): call new functions
-
-	* mod.c (mod_entry): allow modifying expiration times
-
-	* kadmin_locl.h (str2timeval): add prototype
-
-	* ank.c (add_one_principal): allow setting expiration times
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* server.c (v5_loop): handle data allocation with krb5_data_alloc
- 	and check return value
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (kadm_ser_cpw): read the key in the strange order
- 	it's sent
-
-	* util.c (edit_entry): look at default
-	(edit_time): always set mask even if value == 0
-
-	* kadmin_locl.h (edit_entry): update
-
-	* ank.c: make ank use the values of the default principal for
- 	prompting
-
-	* version4.c (values_to_ent): convert key data correctly
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* init.c (create_random_entry): more correct setting of mask
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* server.c (handle_v5): read sendauth version correctly.
-
-1999-05-14  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (error_code): try to handle really old krb4
- 	distributions
-
-1999-05-11  Assar Westerlund  <assar@sics.se>
-
-	* init.c (init): initialize realm_max_life and realm_max_rlife
-
-1999-05-07  Assar Westerlund  <assar@sics.se>
-
-	* ank.c (add_new_key): initialize more variables
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* version4.c (kadm_ser_cpw): always allow a user to change her
- 	password
-	(kadm_ser_*): make logging work
-	clean-up and restructure
-	
-	* kadmin_locl.h (set_entry): add prototype
-
-	* kadmin.c (usage): update usage string
-
-	* init.c (init): new arguments realm-max-ticket-life and
- 	realm-max-renewable-life
-
-	* util.c (edit_time, edit_attributes): don't do anything if it's
- 	already set
-	(set_entry): new function
-
-	* ank.c (add_new_key): new options for setting max-ticket-life,
- 	max-renewable-life, and attributes
-
-	* server.c (v5_loop): remove unused variable
-
-	* kadmin_locl.h: add prototypes
-
-	* version4.c: re-insert krb_err.h and other miss
-
-	* server.c (kadmind_loop): break-up and restructure
-
-	* version4.c: add ACL checks more error code checks restructure
-	
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* load.c: check for (un-)encrypted keys
-
-	* dump.c: use hdb_print_entry
-	
-	* version4.c: version 4 support
-
-	* Makefile.am: link with krb4
-
-	* kadmin_locl.h: include <sys/un.h>
-
-	* server.c: move from lib/kadm5, and add basic support for krb4
-	kadmin protocol
-
-	* kadmind.c: move recvauth to kadmind_loop()
diff --git a/crypto/heimdal/kadmin/Makefile b/crypto/heimdal/kadmin/Makefile
deleted file mode 100644
index 735c5f760694..000000000000
--- a/crypto/heimdal/kadmin/Makefile
+++ /dev/null
@@ -1,784 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# kadmin/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.34 2001/08/28 08:31:26 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-sbin_PROGRAMS = kadmin
-
-libexec_PROGRAMS = kadmind
-
-man_MANS = kadmin.8 kadmind.8
-
-noinst_PROGRAMS = add_random_users
-
-kadmin_SOURCES = \
-	ank.c					\
-	cpw.c					\
-	del.c					\
-	del_enctype.c				\
-	dump.c					\
-	ext.c					\
-	get.c					\
-	init.c					\
-	kadmin.c				\
-	load.c					\
-	mod.c					\
-	rename.c				\
-	util.c					\
-	random_password.c			\
-	kadmin_locl.h
-
-
-#KRB4LIB = $(LIB_krb4)
-#version4_c = version4.c
-
-kadmind_SOURCES = \
-	kadmind.c				\
-	server.c				\
-	kadmin_locl.h				\
-	$(version4_c)				\
-	kadm_conn.c
-
-
-EXTRA_kadmind_SOURCES = version4.c
-
-add_random_users_SOURCES = add-random-users.c
-
-LDADD_common = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-
-kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen)
-
-
-kadmin_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-
-add_random_users_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-subdir = kadmin
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = kadmind$(EXEEXT)
-noinst_PROGRAMS = add_random_users$(EXEEXT)
-sbin_PROGRAMS = kadmin$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
-
-am_add_random_users_OBJECTS = add-random-users.$(OBJEXT)
-add_random_users_OBJECTS = $(am_add_random_users_OBJECTS)
-add_random_users_DEPENDENCIES = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-add_random_users_LDFLAGS =
-am_kadmin_OBJECTS = ank.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \
-	del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) \
-	get.$(OBJEXT) init.$(OBJEXT) kadmin.$(OBJEXT) load.$(OBJEXT) \
-	mod.$(OBJEXT) rename.$(OBJEXT) util.$(OBJEXT) \
-	random_password.$(OBJEXT)
-kadmin_OBJECTS = $(am_kadmin_OBJECTS)
-kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kadmin_LDFLAGS =
-#am__objects_1 = version4.$(OBJEXT)
-am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) $(am__objects_1) \
-	kadm_conn.$(OBJEXT)
-kadmind_OBJECTS = $(am_kadmind_OBJECTS)
-#kadmind_DEPENDENCIES = \
-#	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-#	$(top_builddir)/lib/hdb/libhdb.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-kadmind_DEPENDENCIES = \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kadmind_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) \
-	$(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) $(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kadmin/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) 
-	@rm -f add_random_users$(EXEEXT)
-	$(LINK) $(add_random_users_LDFLAGS) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
-kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES) 
-	@rm -f kadmin$(EXEEXT)
-	$(LINK) $(kadmin_LDFLAGS) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
-kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES) 
-	@rm -f kadmind$(EXEEXT)
-	$(LINK) $(kadmind_LDFLAGS) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 \
-	install-sbinPROGRAMS install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man8 uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kadmin/Makefile.am b/crypto/heimdal/kadmin/Makefile.am
deleted file mode 100644
index 3e9e4066fb6a..000000000000
--- a/crypto/heimdal/kadmin/Makefile.am
+++ /dev/null
@@ -1,74 +0,0 @@
-# $Id: Makefile.am,v 1.34 2001/08/28 08:31:26 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-sbin_PROGRAMS = kadmin
-
-libexec_PROGRAMS = kadmind
-
-man_MANS = kadmin.8 kadmind.8
-
-noinst_PROGRAMS = add_random_users
-
-kadmin_SOURCES =				\
-	ank.c					\
-	cpw.c					\
-	del.c					\
-	del_enctype.c				\
-	dump.c					\
-	ext.c					\
-	get.c					\
-	init.c					\
-	kadmin.c				\
-	load.c					\
-	mod.c					\
-	rename.c				\
-	util.c					\
-	random_password.c			\
-	kadmin_locl.h
-
-if KRB4
-KRB4LIB = $(LIB_krb4)
-version4_c = version4.c
-endif
-
-kadmind_SOURCES =				\
-	kadmind.c				\
-	server.c				\
-	kadmin_locl.h				\
-	$(version4_c)				\
-	kadm_conn.c
-
-EXTRA_kadmind_SOURCES = version4.c
-
-add_random_users_SOURCES = add-random-users.c
-
-LDADD_common = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen)
-
-kadmin_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-add_random_users_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_dlopen)
diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in
deleted file mode 100644
index 473951974a38..000000000000
--- a/crypto/heimdal/kadmin/Makefile.in
+++ /dev/null
@@ -1,774 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.34 2001/08/28 08:31:26 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-sbin_PROGRAMS = kadmin
-
-libexec_PROGRAMS = kadmind
-
-man_MANS = kadmin.8 kadmind.8
-
-noinst_PROGRAMS = add_random_users
-
-kadmin_SOURCES = \
-	ank.c					\
-	cpw.c					\
-	del.c					\
-	del_enctype.c				\
-	dump.c					\
-	ext.c					\
-	get.c					\
-	init.c					\
-	kadmin.c				\
-	load.c					\
-	mod.c					\
-	rename.c				\
-	util.c					\
-	random_password.c			\
-	kadmin_locl.h
-
-
-@KRB4_TRUE@KRB4LIB = $(LIB_krb4)
-@KRB4_TRUE@version4_c = version4.c
-
-kadmind_SOURCES = \
-	kadmind.c				\
-	server.c				\
-	kadmin_locl.h				\
-	$(version4_c)				\
-	kadm_conn.c
-
-
-EXTRA_kadmind_SOURCES = version4.c
-
-add_random_users_SOURCES = add-random-users.c
-
-LDADD_common = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-
-kadmind_LDADD = $(KRB4LIB) $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen)
-
-
-kadmin_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(LIB_readline) \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-
-add_random_users_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(LDADD_common) \
-	$(LIB_dlopen)
-
-subdir = kadmin
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-libexec_PROGRAMS = kadmind$(EXEEXT)
-noinst_PROGRAMS = add_random_users$(EXEEXT)
-sbin_PROGRAMS = kadmin$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
-
-am_add_random_users_OBJECTS = add-random-users.$(OBJEXT)
-add_random_users_OBJECTS = $(am_add_random_users_OBJECTS)
-add_random_users_DEPENDENCIES = \
-	$(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-add_random_users_LDFLAGS =
-am_kadmin_OBJECTS = ank.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \
-	del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) \
-	get.$(OBJEXT) init.$(OBJEXT) kadmin.$(OBJEXT) load.$(OBJEXT) \
-	mod.$(OBJEXT) rename.$(OBJEXT) util.$(OBJEXT) \
-	random_password.$(OBJEXT)
-kadmin_OBJECTS = $(am_kadmin_OBJECTS)
-kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/sl/libsl.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kadmin_LDFLAGS =
-@KRB4_TRUE@am__objects_4 = version4.$(OBJEXT)
-am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) $(am__objects_4) \
-	kadm_conn.$(OBJEXT)
-kadmind_OBJECTS = $(am_kadmind_OBJECTS)
-@KRB4_TRUE@kadmind_DEPENDENCIES = \
-@KRB4_TRUE@	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-@KRB4_TRUE@	$(top_builddir)/lib/hdb/libhdb.la \
-@KRB4_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@kadmind_DEPENDENCIES = \
-@KRB4_FALSE@	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-@KRB4_FALSE@	$(top_builddir)/lib/hdb/libhdb.la \
-@KRB4_FALSE@	$(top_builddir)/lib/krb5/libkrb5.la \
-@KRB4_FALSE@	$(top_builddir)/lib/asn1/libasn1.la
-kadmind_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) \
-	$(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(add_random_users_SOURCES) $(kadmin_SOURCES) $(kadmind_SOURCES) $(EXTRA_kadmind_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kadmin/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
-add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) 
-	@rm -f add_random_users$(EXEEXT)
-	$(LINK) $(add_random_users_LDFLAGS) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
-kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES) 
-	@rm -f kadmin$(EXEEXT)
-	$(LINK) $(kadmin_LDFLAGS) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
-kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES) 
-	@rm -f kadmind$(EXEEXT)
-	$(LINK) $(kadmind_LDFLAGS) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libexecPROGRAMS clean-libtool \
-	clean-noinstPROGRAMS clean-sbinPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 \
-	install-sbinPROGRAMS install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man8 uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c
deleted file mode 100644
index ebd114945d60..000000000000
--- a/crypto/heimdal/kadmin/add-random-users.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: add-random-users.c,v 1.6 2001/09/20 09:17:33 assar Exp $");
-
-#define WORDS_FILENAME "/usr/share/dict/words"
-
-#define NUSERS 1000
-
-#define WORDBUF_SIZE 65535
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
-    unsigned n, alloc;
-    FILE *f;
-    char buf[256];
-    char **w = NULL;
-    char *wbuf = NULL, *wptr = NULL, *wend = NULL;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	err (1, "cannot open %s", filename);
-    alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	size_t len;
-
-	if (buf[strlen (buf) - 1] == '\n')
-	    buf[strlen (buf) - 1] = '\0';
-	if (n >= alloc) {
-	    alloc = max(alloc + 16, alloc * 2);
-	    w = erealloc (w, alloc * sizeof(char **));
-	}
-	len = strlen(buf);
-	if (wptr + len + 1 >= wend) {
-	    wptr = wbuf = emalloc (WORDBUF_SIZE);
-	    wend = wbuf + WORDBUF_SIZE;
-	}
-	memmove (wptr, buf, len + 1);
-	w[n++] = wptr;
-	wptr += len + 1;
-    }
-    *ret_w = w;
-    return n;
-}
-
-static void
-add_user (krb5_context context, void *kadm_handle,
-	  unsigned nwords, char **words)
-{
-    kadm5_principal_ent_rec princ;
-    char name[64];
-    int r1, r2;
-    krb5_error_code ret;
-    int mask;
-
-    r1 = rand();
-    r2 = rand();
-
-    snprintf (name, sizeof(name), "%s%d", words[r1 % nwords], r2 % 1000);
-
-    mask = KADM5_PRINCIPAL;
-
-    memset(&princ, 0, sizeof(princ));
-    ret = krb5_parse_name(context, name, &princ.principal);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_parse_name");
-
-    ret = kadm5_create_principal (kadm_handle, &princ, mask, name);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_create_principal");
-    kadm5_free_principal_ent(kadm_handle, &princ);
-    printf ("%s\n", name);
-}
-
-static void
-add_users (const char *filename, unsigned n)
-{
-    krb5_error_code ret;
-    int i;
-    void *kadm_handle;
-    krb5_context context;
-    unsigned nwords;
-    char **words;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    ret = kadm5_s_init_with_password_ctx(context, 
-					 KADM5_ADMIN_SERVICE,
-					 NULL,
-					 KADM5_ADMIN_SERVICE,
-					 NULL, 0, 0, 
-					 &kadm_handle);
-    if(ret)
-	krb5_err(context, 1, ret, "kadm5_init_with_password");
-
-    nwords = read_words (filename, &words);
-    
-    for (i = 0; i < n; ++i)
-	add_user (context, kadm_handle, nwords, words);
-    kadm5_destroy(kadm_handle);
-    krb5_free_context(context);
-}
-
-static int version_flag	= 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[filename [n]]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int n = NUSERS;
-    const char *filename = WORDS_FILENAME;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    if (help_flag)
-	usage (0);
-    if (version_flag) {
-	print_version(NULL);
-	return 0;
-    }
-    srand (0);
-    argc -= optind;
-    argv += optind;
-
-    if (argc > 0) {
-	if (argc > 1)
-	    n = atoi(argv[1]);
-	filename = argv[0];
-    }
-
-    add_users (filename, n);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/ank.c b/crypto/heimdal/kadmin/ank.c
deleted file mode 100644
index a166fb2377b3..000000000000
--- a/crypto/heimdal/kadmin/ank.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: ank.c,v 1.25 2002/12/03 14:11:24 joda Exp $");
-
-/*
- * fetch the default principal corresponding to `princ'
- */
-
-static krb5_error_code
-get_default (kadm5_server_context *context,
-	     krb5_principal princ,
-	     kadm5_principal_ent_t default_ent)
-{
-    krb5_error_code ret;
-    krb5_principal def_principal;
-    krb5_realm *realm = krb5_princ_realm(context->context, princ);
-
-    ret = krb5_make_principal (context->context, &def_principal,
-			       *realm, "default", NULL);
-    if (ret)
-	return ret;
-    ret = kadm5_get_principal (context, def_principal, default_ent,
-			       KADM5_PRINCIPAL_NORMAL_MASK);
-    krb5_free_principal (context->context, def_principal);
-    return ret;
-}
-
-/*
- * Add the principal `name' to the database.
- * Prompt for all data not given by the input parameters.
- */
-
-static krb5_error_code
-add_one_principal (const char *name,
-		   int rand_key,
-		   int rand_password,
-		   int use_defaults, 
-		   char *password,
-		   krb5_key_data *key_data,
-		   const char *max_ticket_life,
-		   const char *max_renewable_life,
-		   const char *attributes,
-		   const char *expiration,
-		   const char *pw_expiration)
-{
-    krb5_error_code ret;
-    kadm5_principal_ent_rec princ, defrec;
-    kadm5_principal_ent_rec *default_ent = NULL;
-    krb5_principal princ_ent = NULL;
-    int mask = 0;
-    int default_mask = 0;
-    char pwbuf[1024];
-
-    memset(&princ, 0, sizeof(princ));
-    ret = krb5_parse_name(context, name, &princ_ent);
-    if (ret) {
-	krb5_warn(context, ret, "krb5_parse_name");
-	return ret;
-    }
-    princ.principal = princ_ent;
-    mask |= KADM5_PRINCIPAL;
-
-    ret = set_entry(context, &princ, &mask,
-		    max_ticket_life, max_renewable_life, 
-		    expiration, pw_expiration, attributes);
-    if (ret)
-	goto out;
-
-    default_ent = &defrec;
-    ret = get_default (kadm_handle, princ_ent, default_ent);
-    if (ret) {
-	default_ent  = NULL;
-	default_mask = 0;
-    } else {
-	default_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
-	    KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION;
-    }
-
-    if(use_defaults) 
-	set_defaults(&princ, &mask, default_ent, default_mask);
-    else
-	if(edit_entry(&princ, &mask, default_ent, default_mask))
-	    goto out;
-    if(rand_key || key_data) {
-	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	mask |= KADM5_ATTRIBUTES;
-	strlcpy (pwbuf, "hemlig", sizeof(pwbuf));
-	password = pwbuf;
-    } else if (rand_password) {
-	random_password (pwbuf, sizeof(pwbuf));
-	password = pwbuf;
-    } else if(password == NULL) {
-	char *princ_name;
-	char *prompt;
-
-	krb5_unparse_name(context, princ_ent, &princ_name);
-	asprintf (&prompt, "%s's Password: ", princ_name);
-	free (princ_name);
-	ret = des_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
-	free (prompt);
-	if (ret)
-	    goto out;
-	password = pwbuf;
-    }
-    
-    ret = kadm5_create_principal(kadm_handle, &princ, mask, password);
-    if(ret) {
-	krb5_warn(context, ret, "kadm5_create_principal");
-	goto out;
-    }
-    if(rand_key) {
-	krb5_keyblock *new_keys;
-	int n_keys, i;
-	ret = kadm5_randkey_principal(kadm_handle, princ_ent, 
-				      &new_keys, &n_keys);
-	if(ret){
-	    krb5_warn(context, ret, "kadm5_randkey_principal");
-	    n_keys = 0;
-	}
-	for(i = 0; i < n_keys; i++)
-	    krb5_free_keyblock_contents(context, &new_keys[i]);
-	if (n_keys > 0)
-	    free(new_keys);
-	kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-			    KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
-	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-	princ.kvno = 1;
-	kadm5_modify_principal(kadm_handle, &princ, 
-			       KADM5_ATTRIBUTES | KADM5_KVNO);
-	kadm5_free_principal_ent(kadm_handle, &princ);
-    } else if (key_data) {
-	ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent,
-					       3, key_data);
-	if (ret) {
-	    krb5_warn(context, ret, "kadm5_chpass_principal_with_key");
-	}
-	kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-			    KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
-	princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-	kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
-	kadm5_free_principal_ent(kadm_handle, &princ);
-    } else if (rand_password) {
-	char *princ_name;
-
-	krb5_unparse_name(context, princ_ent, &princ_name);
-	printf ("added %s with password `%s'\n", princ_name, password);
-	free (princ_name);
-    }
-out:
-    if (princ_ent)
-	krb5_free_principal (context, princ_ent);
-    if(default_ent)
-	kadm5_free_principal_ent (context, default_ent);
-    if (password != NULL)
-	memset (password, 0, strlen(password));
-    return ret;
-}
-
-/*
- * parse the string `key_string' into `key', returning 0 iff succesful.
- */
-
-/*
- * the ank command
- */
-
-static struct getargs args[] = {
-    { "random-key",	'r',	arg_flag,	NULL, "set random key" },
-    { "random-password", 0,	arg_flag,	NULL, "set random password" },
-    { "password",	'p',	arg_string,	NULL, "princial's password" },
-    { "key",		0,	arg_string,	NULL, "DES-key in hex" },
-    { "max-ticket-life",  0,	arg_string,	NULL, "max ticket lifetime",
-      "lifetime"},
-    { "max-renewable-life",  0,	arg_string,	NULL,
-      "max renewable lifetime", "lifetime" },
-    { "attributes",	0,	arg_string,	NULL, "principal attributes",
-      "attributes"},
-    { "expiration-time",0,	arg_string,	NULL, "expiration time",
-      "time"},
-    { "pw-expiration-time", 0,  arg_string,	NULL,
-      "password expiration time", "time"},
-    { "use-defaults",	0,	arg_flag,	NULL, "use default values" }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage (args, num_args, "add", "principal...");
-}
-
-/*
- * Parse arguments and add all the principals.
- */
-
-int
-add_new_key(int argc, char **argv)
-{
-    char *password = NULL;
-    char *key = NULL;
-    int random_key = 0;
-    int random_password = 0;
-    int optind = 0;
-    krb5_error_code ret;
-    char *max_ticket_life	= NULL;
-    char *max_renewable_life	= NULL;
-    char *attributes		= NULL;
-    char *expiration		= NULL;
-    char *pw_expiration		= NULL;
-    int use_defaults = 0;
-    int i;
-    int num;
-    krb5_key_data key_data[3];
-    krb5_key_data *kdp = NULL;
-
-    args[0].value = &random_key;
-    args[1].value = &random_password;
-    args[2].value = &password;
-    args[3].value = &key;
-    args[4].value = &max_ticket_life;
-    args[5].value = &max_renewable_life;
-    args[6].value = &attributes;
-    args[7].value = &expiration;
-    args[8].value = &pw_expiration;
-    args[9].value = &use_defaults;
-    
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	usage ();
-	return 0;
-    }
-    if(optind == argc) {
-	usage ();
-	return 0;
-    }
-
-    num = 0;
-    if (random_key)
-	++num;
-    if (random_password)
-	++num;
-    if (password)
-	++num;
-    if (key)
-	++num;
-
-    if (num > 1) {
-	printf ("give only one of "
-		"--random-key, --random-password, --password, --key\n");
-	return 0;
-    }
-
-    if (key) {
-	const char *error;
-
-	if (parse_des_key (key, key_data, &error)) {
-	    printf ("failed parsing key `%s': %s\n", key, error);
-	    return 0;
-	}
-	kdp = key_data;
-    }
-
-    for (i = optind; i < argc; ++i) {
-	ret = add_one_principal (argv[i], random_key, random_password,
-				 use_defaults, 
-				 password,
-				 kdp,
-				 max_ticket_life,
-				 max_renewable_life,
-				 attributes,
-				 expiration,
-				 pw_expiration);
-	if (ret) {
-	    krb5_warn (context, ret, "adding %s", argv[i]);
-	    break;
-	}
-    }
-    if (kdp) {
-	int16_t dummy = 3;
-	kadm5_free_key_data (kadm_handle, &dummy, key_data);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c
deleted file mode 100644
index 50c1cb27ebd8..000000000000
--- a/crypto/heimdal/kadmin/cpw.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: cpw.c,v 1.13 2001/08/10 08:05:35 joda Exp $");
-
-struct cpw_entry_data {
-    int random_key;
-    int random_password;
-    char *password;
-    krb5_key_data *key_data;
-};
-
-static struct getargs args[] = {
-    { "random-key",	'r',	arg_flag,	NULL, "set random key" },
-    { "random-password", 0,	arg_flag,	NULL, "set random password" },
-    { "password",	'p',	arg_string,	NULL, "princial's password" },
-    { "key",		 0,	arg_string,	NULL, "DES key in hex" }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage(args, num_args, "passwd", "principal...");
-}
-
-static int
-set_random_key (krb5_principal principal)
-{
-    krb5_error_code ret;
-    int i;
-    krb5_keyblock *keys;
-    int num_keys;
-
-    ret = kadm5_randkey_principal(kadm_handle, principal, &keys, &num_keys);
-    if(ret)
-	return ret;
-    for(i = 0; i < num_keys; i++)
-	krb5_free_keyblock_contents(context, &keys[i]);
-    free(keys);
-    return 0;
-}
-
-static int
-set_random_password (krb5_principal principal)
-{
-    krb5_error_code ret;
-    char pw[128];
-
-    random_password (pw, sizeof(pw));
-    ret = kadm5_chpass_principal(kadm_handle, principal, pw);
-    if (ret == 0) {
-	char *princ_name;
-
-	krb5_unparse_name(context, principal, &princ_name);
-
-	printf ("%s's password set to `%s'\n", princ_name, pw);
-	free (princ_name);
-    }
-    memset (pw, 0, sizeof(pw));
-    return ret;
-}
-
-static int
-set_password (krb5_principal principal, char *password)
-{
-    krb5_error_code ret = 0;
-    char pwbuf[128];
-
-    if(password == NULL) {
-	char *princ_name;
-	char *prompt;
-
-	krb5_unparse_name(context, principal, &princ_name);
-	asprintf(&prompt, "%s's Password: ", princ_name);
-	free (princ_name);
-	ret = des_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
-	free (prompt);
-	if(ret){
-	    return 0; /* XXX error code? */
-	}
-	password = pwbuf;
-    }
-    if(ret == 0)
-	ret = kadm5_chpass_principal(kadm_handle, principal, password);
-    memset(pwbuf, 0, sizeof(pwbuf));
-    return ret;
-}
-
-static int
-set_key_data (krb5_principal principal, krb5_key_data *key_data)
-{
-    krb5_error_code ret;
-
-    ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
-					   3, key_data);
-    return ret;
-}
-
-static int
-do_cpw_entry(krb5_principal principal, void *data)
-{
-    struct cpw_entry_data *e = data;
-    
-    if (e->random_key)
-	return set_random_key (principal);
-    else if (e->random_password)
-	return set_random_password (principal);
-    else if (e->key_data)
-	return set_key_data (principal, e->key_data);
-    else
-	return set_password (principal, e->password);
-}
-
-int
-cpw_entry(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int i;
-    int optind = 0;
-    struct cpw_entry_data data;
-    int num;
-    char *key_string;
-    krb5_key_data key_data[3];
-
-    data.random_key      = 0;
-    data.random_password = 0;
-    data.password        = NULL;
-    data.key_data	 = NULL;
-
-    key_string = NULL;
-
-    args[0].value = &data.random_key;
-    args[1].value = &data.random_password;
-    args[2].value = &data.password;
-    args[3].value = &key_string;
-    if(getarg(args, num_args, argc, argv, &optind)){
-	usage();
-	return 0;
-    }
-
-    num = 0;
-    if (data.random_key)
-	++num;
-    if (data.random_password)
-	++num;
-    if (data.password)
-	++num;
-    if (key_string)
-	++num;
-
-    if (num > 1) {
-	printf ("give only one of "
-		"--random-key, --random-password, --password, --key\n");
-	return 0;
-    }
-	
-    if (key_string) {
-	const char *error;
-
-	if (parse_des_key (key_string, key_data, &error)) {
-	    printf ("failed parsing key `%s': %s\n", key_string, error);
-	    return 0;
-	}
-	data.key_data = key_data;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    for(i = 0; i < argc; i++)
-	ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
-
-    if (data.key_data) {
-	int16_t dummy;
-	kadm5_free_key_data (kadm_handle, &dummy, key_data);
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c
deleted file mode 100644
index 1697656de2db..000000000000
--- a/crypto/heimdal/kadmin/del.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: del.c,v 1.6 2001/05/07 05:30:50 assar Exp $");
-
-static int
-do_del_entry(krb5_principal principal, void *data)
-{
-    return kadm5_delete_principal(kadm_handle, principal);
-}
-
-static struct getargs args[] = {
-    { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage (args, num_args, "delete", "principal...");
-}
-
-
-int
-del_entry(int argc, char **argv)
-{
-    int optind = 0;
-    int help_flag = 0;
-
-    int i;
-    krb5_error_code ret;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	usage ();
-	return 0;
-    }
-    if(optind == argc || help_flag) {
-	usage ();
-	return 0;
-    }
-
-    for(i = 1; i < argc; i++)
-	ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c
deleted file mode 100644
index 985cc84f37a5..000000000000
--- a/crypto/heimdal/kadmin/del_enctype.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1999-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: del_enctype.c,v 1.7 2001/04/19 07:26:52 joda Exp $");
-
-/*
- * del_enctype principal enctypes...
- */
-
-static struct getargs args[] = {
-    { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage (args, num_args, "del_enctype", "principal enctypes...");
-}
-
-
-int
-del_enctype(int argc, char **argv)
-{
-    int optind = 0;
-    int help_flag = 0;
-
-    kadm5_principal_ent_rec princ;
-    krb5_principal princ_ent = NULL;
-    krb5_error_code ret;
-    const char *princ_name;
-    int i, j, k;
-    krb5_key_data *new_key_data;
-    int n_etypes;
-    krb5_enctype *etypes;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	usage ();
-	return 0;
-    }
-    if(argc - optind < 2 || help_flag) {
-	usage ();
-	return 0;
-    }
-
-    memset (&princ, 0, sizeof(princ));
-    princ_name = argv[1];
-    n_etypes   = argc - 2;
-    etypes     = malloc (n_etypes * sizeof(*etypes));
-    if (etypes == NULL) {
-	krb5_warnx (context, "out of memory");
-	return 0;
-    }
-    for (i = 0; i < n_etypes; ++i) {
-	ret = krb5_string_to_enctype (context, argv[i + 2], &etypes[i]);
-	if (ret) {
-	    krb5_warnx (context, "bad enctype `%s'", argv[i + 2]);
-	    goto out2;
-	}
-    }
-
-    ret = krb5_parse_name(context, princ_name, &princ_ent);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
-	goto out2;
-    }
-
-    ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
-			      KADM5_PRINCIPAL | KADM5_KEY_DATA);
-    if (ret) {
-	krb5_free_principal (context, princ_ent);
-	krb5_warnx (context, "no such principal: %s", princ_name);
-	goto out2;
-    }
-
-    new_key_data   = malloc(princ.n_key_data * sizeof(*new_key_data));
-    if (new_key_data == NULL) {
-	krb5_warnx (context, "out of memory");
-	goto out;
-    }
-
-    for (i = 0, j = 0; i < princ.n_key_data; ++i) {
-	krb5_key_data *key = &princ.key_data[i];
-	int docopy = 1;
-
-	for (k = 0; k < n_etypes; ++k)
-	    if (etypes[k] == key->key_data_type[0]) {
-		docopy = 0;
-		break;
-	    }
-	if (docopy) {
-	    new_key_data[j++] = *key;
-	} else {
-	    int16_t ignore = 1;
-
-	    kadm5_free_key_data (kadm_handle, &ignore, key);
-	}
-    }
-
-    free (princ.key_data);
-    princ.n_key_data = j;
-    princ.key_data   = new_key_data;
-
-    ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_modify_principal");
-out:
-    krb5_free_principal (context, princ_ent);
-    kadm5_free_principal_ent(kadm_handle, &princ);
-out2:
-    free (etypes);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/dump.c b/crypto/heimdal/kadmin/dump.c
deleted file mode 100644
index a57309c593c3..000000000000
--- a/crypto/heimdal/kadmin/dump.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: dump.c,v 1.26 1999/12/02 17:04:58 joda Exp $");
-
-int
-dump(int argc, char **argv)
-{
-    krb5_error_code ret;
-    FILE *f;
-    HDB *db = _kadm5_s_get_db(kadm_handle);
-    int decrypt = 0;
-    int optind = 0;
-
-    struct getargs args[] = {
-	{ "decrypt", 'd', arg_flag, NULL, "decrypt keys" }
-    };
-    args[0].value = &decrypt;
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) {
-	arg_printusage(args, sizeof(args) / sizeof(args[0]), "kadmin dump", 
-		       "[dump-file]");
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-    if(argc < 1)
-	f = stdout;
-    else
-	f = fopen(argv[0], "w");
-    
-    ret = db->open(context, db, O_RDONLY, 0600);
-    if(ret){
-	krb5_warn(context, ret, "hdb_open");
-	if(f != stdout)
-	    fclose(f);
-	return 0;
-    }
-
-    hdb_foreach(context, db, decrypt ? HDB_F_DECRYPT : 0, hdb_print_entry, f);
-
-    if(f != stdout)
-	fclose(f);
-    db->close(context, db);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c
deleted file mode 100644
index c945fea4c44c..000000000000
--- a/crypto/heimdal/kadmin/ext.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: ext.c,v 1.8 2002/02/11 14:29:52 joda Exp $");
-
-struct ext_keytab_data {
-    krb5_keytab keytab;
-};
-
-static struct getargs args[] = {
-    { "keytab",		'k',	arg_string,	NULL, "keytab to use" },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage(args, num_args, "ext", "principal...");
-}
-
-static int
-do_ext_keytab(krb5_principal principal, void *data)
-{
-    krb5_error_code ret;
-    int i;
-    kadm5_principal_ent_rec princ;
-    struct ext_keytab_data *e = data;
-
-    ret = kadm5_get_principal(kadm_handle, principal, &princ, 
-			      KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA);
-    if(ret)
-	return ret;
-    for(i = 0; i < princ.n_key_data; i++){
-	krb5_keytab_entry key;
-	krb5_key_data *k = &princ.key_data[i];
-	key.principal = princ.principal;
-	key.vno = k->key_data_kvno;
-	key.keyblock.keytype = k->key_data_type[0];
-	key.keyblock.keyvalue.length = k->key_data_length[0];
-	key.keyblock.keyvalue.data = k->key_data_contents[0];
-	key.timestamp = time(NULL);
-	ret = krb5_kt_add_entry(context, e->keytab, &key);
-	if(ret)
-	    krb5_warn(context, ret, "krb5_kt_add_entry");
-    }
-    kadm5_free_principal_ent(kadm_handle, &princ);
-    return 0;
-}
-
-int
-ext_keytab(int argc, char **argv)
-{
-    krb5_error_code ret;
-    int i;
-    int optind = 0;
-    char *keytab = NULL;
-    struct ext_keytab_data data;
-    
-    args[0].value = &keytab;
-    if(getarg(args, num_args, argc, argv, &optind)){
-	usage();
-	return 0;
-    }
-    if (keytab == NULL)
-	ret = krb5_kt_default(context, &data.keytab);
-    else
-	ret = krb5_kt_resolve(context, keytab, &data.keytab);
-
-    if(ret){
-	krb5_warn(context, ret, "krb5_kt_resolve");
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    for(i = 0; i < argc; i++) 
-	foreach_principal(argv[i], do_ext_keytab, "ext", &data);
-
-    krb5_kt_close(context, data.keytab);
-
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c
deleted file mode 100644
index 30eea9dfcfc6..000000000000
--- a/crypto/heimdal/kadmin/get.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <parse_units.h>
-
-RCSID("$Id: get.c,v 1.13 2001/05/07 05:31:43 assar Exp $");
-
-struct get_entry_data {
-    void (*header)(void);
-    void (*format)(kadm5_principal_ent_t);
-};
-
-static void
-print_entry_terse(kadm5_principal_ent_t princ)
-{
-    char *p;
-    krb5_unparse_name(context, princ->principal, &p);
-    printf("  %s\n", p);
-    free(p);
-}
-
-static void
-print_header_short(void)
-{
-    printf("%-20s ", "Principal");
-    
-    printf("%-10s ", "Expires");
-	    
-    printf("%-10s ", "PW-exp");
-	    
-    printf("%-10s ", "PW-change");
-	
-    printf("%-9s ", "Max life");
-
-    printf("%-9s ", "Max renew");
-    
-    printf("\n");
-}
-
-static void
-print_entry_short(kadm5_principal_ent_t princ)
-{
-    char buf[1024];
-    
-    krb5_unparse_name_fixed_short(context, princ->principal, buf, sizeof(buf));
-    printf("%-20s ", buf);
-    
-    time_t2str(princ->princ_expire_time, buf, sizeof(buf), 0);
-    printf("%-10s ", buf);
-	    
-    time_t2str(princ->pw_expiration, buf, sizeof(buf), 0);
-    printf("%-10s ", buf);
-	    
-    time_t2str(princ->last_pwd_change, buf, sizeof(buf), 0);
-    printf("%-10s ", buf);
-	
-    deltat2str(princ->max_life, buf, sizeof(buf));
-    printf("%-9s ", buf);
-
-    deltat2str(princ->max_renewable_life, buf, sizeof(buf));
-    printf("%-9s ", buf);
-
-#if 0
-    time_t2str(princ->mod_date, buf, sizeof(buf), 0);
-    printf("%-10s ", buf);
-
-    krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
-    printf("%-24s", buf);
-#endif
-    
-    printf("\n");
-}
-
-/*
- * return 0 iff `salt' actually is the same as the current salt in `k'
- */
-
-static int
-cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
-{
-    if (salt->salttype != k->key_data_type[1])
-	return 1;
-    if (salt->saltvalue.length != k->key_data_length[1])
-	return 1;
-    return memcmp (salt->saltvalue.data, k->key_data_contents[1],
-		   salt->saltvalue.length);
-}
-
-static void
-print_entry_long(kadm5_principal_ent_t princ)
-{
-    char buf[1024];
-    int i;
-    krb5_salt def_salt;
-    
-    krb5_unparse_name_fixed(context, princ->principal, buf, sizeof(buf));
-    printf("%24s: %s\n", "Principal", buf);
-    time_t2str(princ->princ_expire_time, buf, sizeof(buf), 1);
-    printf("%24s: %s\n", "Principal expires", buf);
-	    
-    time_t2str(princ->pw_expiration, buf, sizeof(buf), 1);
-    printf("%24s: %s\n", "Password expires", buf);
-	    
-    time_t2str(princ->last_pwd_change, buf, sizeof(buf), 1);
-    printf("%24s: %s\n", "Last password change", buf);
-	
-    deltat2str(princ->max_life, buf, sizeof(buf));
-    printf("%24s: %s\n", "Max ticket life", buf);
-
-    deltat2str(princ->max_renewable_life, buf, sizeof(buf));
-    printf("%24s: %s\n", "Max renewable life", buf);
-    printf("%24s: %d\n", "Kvno", princ->kvno);
-    printf("%24s: %d\n", "Mkvno", princ->mkvno);
-    printf("%24s: %s\n", "Policy", princ->policy ? princ->policy : "none");
-    time_t2str(princ->last_success, buf, sizeof(buf), 1);
-    printf("%24s: %s\n", "Last successful login", buf);
-    time_t2str(princ->last_failed, buf, sizeof(buf), 1);
-    printf("%24s: %s\n", "Last failed login", buf);
-    printf("%24s: %d\n", "Failed login count", princ->fail_auth_count);
-    time_t2str(princ->mod_date, buf, sizeof(buf), 1);
-    printf("%24s: %s\n", "Last modified", buf);
-    if(princ->mod_name != NULL) {
-	krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
-	printf("%24s: %s\n", "Modifier", buf);
-    }
-    attributes2str (princ->attributes, buf, sizeof(buf));
-    printf("%24s: %s\n", "Attributes", buf);
-
-    printf("%24s: ", "Keytypes(salttype[(salt-value)])");
-
-    krb5_get_pw_salt (context, princ->principal, &def_salt);
-
-    for (i = 0; i < princ->n_key_data; ++i) {
-	krb5_key_data *k = &princ->key_data[i];
-	krb5_error_code ret;
-	char *e_string, *s_string, *salt;
-
-	ret = krb5_enctype_to_string (context,
-				      k->key_data_type[0],
-				      &e_string);
-	if (ret)
-	    asprintf (&e_string, "unknown(%d)", k->key_data_type[0]);
-
-	ret = krb5_salttype_to_string (context,
-				       k->key_data_type[0],
-				       k->key_data_type[1],
-				       &s_string);
-	if (ret)
-	    asprintf (&s_string, "unknown(%d)", k->key_data_type[1]);
-
-	if (cmp_salt(&def_salt, k) == 0)
-	    salt = strdup("");
-	else if(k->key_data_length[1] == 0)
-	    salt = strdup("()");
-	else
-	    asprintf (&salt, "(%.*s)", k->key_data_length[1],
-		      (char *)k->key_data_contents[1]);
-
-
-	printf ("%s%s(%s%s)", (i != 0) ? ", " : "", e_string, s_string, salt);
-	free (e_string);
-	free (s_string);
-	free (salt);
-    }
-    krb5_free_salt (context, def_salt);
-    printf("\n\n");
-}
-
-static int
-do_get_entry(krb5_principal principal, void *data)
-{
-    kadm5_principal_ent_rec princ;
-    krb5_error_code ret;
-    struct get_entry_data *e = data;
-    
-    memset(&princ, 0, sizeof(princ));
-    ret = kadm5_get_principal(kadm_handle, principal, 
-			      &princ,
-			      KADM5_PRINCIPAL_NORMAL_MASK|KADM5_KEY_DATA);
-    if(ret)
-	return ret;
-    else {
-	if(e->header) {
-	    (*e->header)();
-	    e->header = NULL; /* XXX only once */
-	}
-	(e->format)(&princ);
-	kadm5_free_principal_ent(kadm_handle, &princ);
-    }
-    return 0;
-}
-
-static int
-getit(const char *name, int terse_flag, int argc, char **argv)
-{
-    int i;
-    krb5_error_code ret;
-    struct get_entry_data data;
-    struct getargs args[] = {
-	{ "long",	'l',	arg_flag,	NULL, "long format" },
-	{ "short",	's',	arg_flag,	NULL, "short format" },
-	{ "terse",	't',	arg_flag,	NULL, "terse format" },
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-    int long_flag = -1;
-    int short_flag = -1;
-    
-    args[0].value = &long_flag;
-    args[1].value = &short_flag;
-    args[2].value = &terse_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	goto usage;
-    if(optind == argc)
-	goto usage;
-
-    if(long_flag == -1 && (short_flag == 1 || terse_flag == 1))
-	long_flag = 0;
-    if(short_flag == -1 && (long_flag == 1 || terse_flag == 1))
-	short_flag = 0;
-    if(terse_flag == -1 && (long_flag == 1 || short_flag == 1))
-	terse_flag = 0;
-    if(long_flag == 0 && short_flag == 0 && terse_flag == 0)
-	short_flag = 1;
-
-    if(long_flag) {
-	data.format = print_entry_long;
-	data.header = NULL;
-    } else if(short_flag){
-	data.format = print_entry_short;
-	data.header = print_header_short;
-    } else if(terse_flag) {
-	data.format = print_entry_terse;
-	data.header = NULL;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    for(i = 0; i < argc; i++)
-	ret = foreach_principal(argv[i], do_get_entry, "get", &data);
-    return 0;
-usage:
-    arg_printusage (args, num_args, name, "principal...");
-    return 0;
-}
-
-int
-get_entry(int argc, char **argv)
-{
-    return getit("get", 0, argc, argv);
-}
-
-int
-list_princs(int argc, char **argv)
-{
-    return getit("list", 1, argc, argv);
-}
diff --git a/crypto/heimdal/kadmin/init.c b/crypto/heimdal/kadmin/init.c
deleted file mode 100644
index 587458b17f73..000000000000
--- a/crypto/heimdal/kadmin/init.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: init.c,v 1.29 2002/12/03 14:08:17 joda Exp $");
-
-static kadm5_ret_t
-create_random_entry(krb5_principal princ,
-		    unsigned max_life,
-		    unsigned max_rlife,
-		    u_int32_t attributes)
-{
-    kadm5_principal_ent_rec ent;
-    kadm5_ret_t ret;
-    int mask = 0;
-    krb5_keyblock *keys;
-    int n_keys, i;
-
-    memset(&ent, 0, sizeof(ent));
-    ent.principal = princ;
-    mask |= KADM5_PRINCIPAL;
-    if (max_life) {
-	ent.max_life = max_life;
-	mask |= KADM5_MAX_LIFE;
-    }
-    if (max_rlife) {
-	ent.max_renewable_life = max_rlife;
-	mask |= KADM5_MAX_RLIFE;
-    }
-    ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
-    mask |= KADM5_ATTRIBUTES;
-
-    ret = kadm5_create_principal(kadm_handle, &ent, mask, "hemlig");
-    if(ret)
-	return ret;
-    ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
-    if(ret)
-	return ret;
-    for(i = 0; i < n_keys; i++)
-	krb5_free_keyblock_contents(context, &keys[i]);
-    free(keys);
-    ret = kadm5_get_principal(kadm_handle, princ, &ent, 
-			      KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
-    if(ret)
-	return ret;
-    ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
-    ent.kvno = 1;
-    ret = kadm5_modify_principal(kadm_handle, &ent, 
-				 KADM5_ATTRIBUTES|KADM5_KVNO);
-    kadm5_free_principal_ent (kadm_handle, &ent);
-    if(ret)
-	return ret;
-    return 0;
-}
-
-static struct getargs args[] = {
-    { "realm-max-ticket-life",  0,	arg_string,	NULL,
-      "realm max ticket lifetime" },
-    { "realm-max-renewable-life",  0,	arg_string,	NULL,
-      "realm max renewable lifetime" },
-    { "help", 'h', arg_flag, NULL },
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage (args, num_args, "init", "realm...");
-}
-
-int
-init(int argc, char **argv)
-{
-    kadm5_ret_t ret;
-    int i;
-    char *realm_max_life  = NULL;
-    char *realm_max_rlife = NULL;
-    int help_flag = 0;
-    HDB *db;
-    int optind = 0;
-    krb5_deltat max_life, max_rlife;
-
-    args[0].value = &realm_max_life;
-    args[1].value = &realm_max_rlife;
-    args[2].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind) || help_flag) {
-	usage();
-	return 0;
-    }
-
-    if(argc - optind < 1) {
-	usage();
-	return 0;
-    }
-
-    if (realm_max_life) {
-	if (str2deltat (realm_max_life, &max_life) != 0) {
-	    krb5_warnx (context, "unable to parse `%s'", realm_max_life);
-	    return 0;
-	}
-    }
-    if (realm_max_rlife) {
-	if (str2deltat (realm_max_rlife, &max_rlife) != 0) {
-	    krb5_warnx (context, "unable to parse `%s'", realm_max_rlife);
-	    return 0;
-	}
-    }
-
-    db = _kadm5_s_get_db(kadm_handle);
-
-    ret = db->open(context, db, O_RDWR | O_CREAT, 0600);
-    if(ret){
-	krb5_warn(context, ret, "hdb_open");
-	return 0;
-    }
-    db->close(context, db);
-    for(i = optind; i < argc; i++){
-	krb5_principal princ;
-	const char *realm = argv[i];
-
-	/* Create `krbtgt/REALM' */
-	ret = krb5_make_principal(context, &princ, realm,
-				  KRB5_TGS_NAME, realm, NULL);
-	if(ret)
-	    return 0;
-	if (realm_max_life == NULL) {
-	    max_life = 0;
-	    if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
-		krb5_free_principal(context, princ);
-		return 0;
-	    }
-	}
-	if (realm_max_rlife == NULL) {
-	    max_rlife = 0;
-	    if(edit_deltat("Realm max renewable ticket life", &max_rlife,
-			   NULL, 0)) {
-		krb5_free_principal(context, princ);
-		return 0;
-	    }
-	}
-	create_random_entry(princ, max_life, max_rlife, 0);
-	krb5_free_principal(context, princ);
-
-	/* Create `kadmin/changepw' */
-	krb5_make_principal(context, &princ, realm, 
-			    "kadmin", "changepw", NULL);
-	create_random_entry(princ, 5*60, 5*60, 
-			    KRB5_KDB_DISALLOW_TGT_BASED|
-			    KRB5_KDB_PWCHANGE_SERVICE|
-			    KRB5_KDB_DISALLOW_POSTDATED|
-			    KRB5_KDB_DISALLOW_FORWARDABLE|
-			    KRB5_KDB_DISALLOW_RENEWABLE|
-			    KRB5_KDB_DISALLOW_PROXIABLE|
-			    KRB5_KDB_REQUIRES_PRE_AUTH);
-	krb5_free_principal(context, princ);
-
-	/* Create `kadmin/admin' */
-	krb5_make_principal(context, &princ, realm, 
-			    "kadmin", "admin", NULL);
-	create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
-	krb5_free_principal(context, princ);
-
-	/* Create `changepw/kerberos' (for v4 compat) */
-	krb5_make_principal(context, &princ, realm,
-			    "changepw", "kerberos", NULL);
-	create_random_entry(princ, 60*60, 60*60,
-			    KRB5_KDB_DISALLOW_TGT_BASED|
-			    KRB5_KDB_PWCHANGE_SERVICE);
-
-	krb5_free_principal(context, princ);
-
-	/* Create `kadmin/hprop' for database propagation */
-	krb5_make_principal(context, &princ, realm,
-			    "kadmin", "hprop", NULL);
-	create_random_entry(princ, 60*60, 60*60,
-			    KRB5_KDB_REQUIRES_PRE_AUTH|
-			    KRB5_KDB_DISALLOW_TGT_BASED);
-	krb5_free_principal(context, princ);
-
-	/* Create `default' */
-	{
-	    kadm5_principal_ent_rec ent;
-	    int mask = 0;
-
-	    memset (&ent, 0, sizeof(ent));
-	    mask |= KADM5_PRINCIPAL;
-	    krb5_make_principal(context, &ent.principal, realm,
-				"default", NULL);
-	    mask |= KADM5_MAX_LIFE;
-	    ent.max_life = 24 * 60 * 60;
-	    mask |= KADM5_MAX_RLIFE;
-	    ent.max_renewable_life = 7 * ent.max_life;
-	    ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
-	    mask |= KADM5_ATTRIBUTES;
-
-	    ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
-	    if (ret)
-		krb5_err (context, 1, ret, "kadm5_create_principal");
-
-	    krb5_free_principal(context, ent.principal);
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c
deleted file mode 100644
index ae44c430953d..000000000000
--- a/crypto/heimdal/kadmin/kadm_conn.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-RCSID("$Id: kadm_conn.c,v 1.14 2002/10/21 13:21:24 joda Exp $");
-
-struct kadm_port {
-    char *port;
-    unsigned short def_port;
-    struct kadm_port *next;
-} *kadm_ports;
-
-static void
-add_kadm_port(krb5_context context, const char *service, unsigned int port)
-{
-    struct kadm_port *p;
-    p = malloc(sizeof(*p));
-    if(p == NULL) {
-	krb5_warnx(context, "failed to allocate %lu bytes\n", 
-		   (unsigned long)sizeof(*p));
-	return;
-    }
-    
-    p->port = strdup(service);
-    p->def_port = port;
-
-    p->next = kadm_ports;
-    kadm_ports = p;
-}
-
-extern int do_kerberos4;
-
-static void
-add_standard_ports (krb5_context context)
-{
-    add_kadm_port(context, "kerberos-adm", 749);
-#ifdef KRB4
-    if(do_kerberos4)
-	add_kadm_port(context, "kerberos-master", 751);
-#endif
-}
-
-/*
- * parse the set of space-delimited ports in `str' and add them.
- * "+" => all the standard ones
- * otherwise it's port|service[/protocol]
- */
-
-void
-parse_ports(krb5_context context, const char *str)
-{
-    char p[128];
-
-    while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
-	if(strcmp(p, "+") == 0)
-	    add_standard_ports(context);
-	else
-	    add_kadm_port(context, p, 0);
-    }
-}
-
-static pid_t pgrp;
-sig_atomic_t term_flag, doing_useful_work;
-
-static RETSIGTYPE
-sigchld(int sig)
-{
-    int status;
-    waitpid(-1, &status, 0);
-    SIGRETURN(0);
-}
-
-static RETSIGTYPE
-terminate(int sig)
-{
-    if(getpid() == pgrp) {
-	/* parent */
-	term_flag = 1;
-	signal(sig, SIG_IGN);
-	killpg(pgrp, sig);
-    } else {
-	/* child */
-	if(doing_useful_work)
-	    term_flag = 1;
-	else
-	    exit(0);
-    }
-    SIGRETURN(0);
-}
-
-static int
-spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
-{
-    int e, i;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    socklen_t sa_size = sizeof(__ss);
-    int s;
-    pid_t pid;
-    krb5_address addr;
-    char buf[128];
-    size_t buf_len;
-
-    s = accept(socks[this_sock], sa, &sa_size);
-    if(s < 0) {
-	krb5_warn(context, errno, "accept");
-	return 1;
-    }
-    e = krb5_sockaddr2address(context, sa, &addr);
-    if(e)
-	krb5_warn(context, e, "krb5_sockaddr2address");
-    else {
-	e = krb5_print_address (&addr, buf, sizeof(buf), 
-				&buf_len);
-	if(e) 
-	    krb5_warn(context, e, "krb5_print_address");
-	else
-	    krb5_warnx(context, "connection from %s", buf);
-	krb5_free_address(context, &addr);
-    }
-    
-    pid = fork();
-    if(pid == 0) {
-	for(i = 0; i < num_socks; i++)
-	    close(socks[i]);
-	dup2(s, STDIN_FILENO);
-	dup2(s, STDOUT_FILENO);
-	if(s != STDIN_FILENO && s != STDOUT_FILENO)
-	    close(s);
-	return 0;
-    } else {
-	close(s);
-    }
-    return 1;
-}
-
-static int
-wait_for_connection(krb5_context context,
-		    int *socks, int num_socks)
-{
-    int i, e;
-    fd_set orig_read_set, read_set;
-    int max_fd = -1;
-    
-    FD_ZERO(&orig_read_set);
-    
-    for(i = 0; i < num_socks; i++) {
-	if (socks[i] >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(socks[i], &orig_read_set);
-	max_fd = max(max_fd, socks[i]);
-    }
-    
-    pgrp = getpid();
-
-    if(setpgid(0, pgrp) < 0)
-	err(1, "setpgid");
-
-    signal(SIGTERM, terminate);
-    signal(SIGINT, terminate);
-    signal(SIGCHLD, sigchld);
-
-    while (term_flag == 0) {
-	read_set = orig_read_set;
-	e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
-	if(e < 0) {
-	    if(errno != EINTR)
-		krb5_warn(context, errno, "select");
-	} else if(e == 0)
-	    krb5_warnx(context, "select returned 0");
-	else {
-	    for(i = 0; i < num_socks; i++) {
-		if(FD_ISSET(socks[i], &read_set))
-		    if(spawn_child(context, socks, num_socks, i) == 0)
-			return 0;
-	    }
-	}
-    }
-    signal(SIGCHLD, SIG_IGN);
-    while(1) {
-	int status;
-	pid_t pid;
-	pid = waitpid(-1, &status, 0);
-	if(pid == -1 && errno == ECHILD)
-	    break;
-    }
-    exit(0);
-}
-
-
-int
-start_server(krb5_context context)
-{
-    int e;
-    struct kadm_port *p;
-
-    int *socks = NULL, *tmp;
-    int num_socks = 0;
-    int i;
-
-    for(p = kadm_ports; p; p = p->next) {
-	struct addrinfo hints, *ai, *ap;
-	char portstr[32];
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags    = AI_PASSIVE;
-	hints.ai_socktype = SOCK_STREAM;
-
-	e = getaddrinfo(NULL, p->port, &hints, &ai);
-	if(e) {
-	    snprintf(portstr, sizeof(portstr), "%u", p->def_port);
-	    e = getaddrinfo(NULL, portstr, &hints, &ai);
-	}
-
-	if(e) {
-	    krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
-		      "%s", portstr);
-	    continue;
-	}
-	i = 0;
-	for(ap = ai; ap; ap = ap->ai_next) 
-	    i++;
-	tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
-	if(tmp == NULL) {
-	    krb5_warnx(context, "failed to reallocate %lu bytes", 
-		       (unsigned long)(num_socks + i) * sizeof(*socks));
-	    continue;
-	}
-	socks = tmp;
-	for(ap = ai; ap; ap = ap->ai_next) {
-	    int one = 1;
-	    int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
-	    if(s < 0) {
-		krb5_warn(context, errno, "socket");
-		continue;
-	    }
-#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
-	    if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
-			  sizeof(one)) < 0)
-		krb5_warn(context, errno, "setsockopt");
-#endif
-	    if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) {
-		krb5_warn(context, errno, "bind");
-		close(s);
-		continue;
-	    }
-	    if (listen (s, SOMAXCONN) < 0) {
-		krb5_warn(context, errno, "listen");
-		close(s);
-		continue;
-	    }
-	    socks[num_socks++] = s;
-	}
-	freeaddrinfo (ai);
-    }
-    if(num_socks == 0)
-	krb5_errx(context, 1, "no sockets to listen to - exiting");
-    return wait_for_connection(context, socks, num_socks);
-}
diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8
deleted file mode 100644
index cf7ebe857b0f..000000000000
--- a/crypto/heimdal/kadmin/kadmin.8
+++ /dev/null
@@ -1,286 +0,0 @@
-.\" Copyright (c) 2000 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kadmin.8,v 1.10 2003/03/31 10:42:32 lha Exp $
-.\"
-.Dd September 10, 2000
-.Dt KADMIN 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kadmin
-.Nd Kerberos administration utility
-.Sh SYNOPSIS
-.Nm
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string
-.Xc
-.Oc
-.Oo Fl K Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host
-.Xc
-.Oc
-.Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number
-.Xc
-.Oc
-.Op Fl l | Fl -local
-.Op Fl h | Fl -help
-.Op Fl v | Fl -version
-.Op Ar command
-.Sh DESCRIPTION
-The
-.Nm
-program is used to make modifications to the Kerberos database, either remotely via the
-.Xr kadmind 8
-daemon, or locally (with the
-.Fl l
-option).
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl p Ar string ,
-.Fl -principal= Ns Ar string
-.Xc
-principal to authenticate as
-.It Xo
-.Fl K Ar string ,
-.Fl -keytab= Ns Ar string
-.Xc
-keytab for authentication principal
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-location of master key file
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-realm to use
-.It Xo
-.Fl a Ar host ,
-.Fl -admin-server= Ns Ar host
-.Xc
-server to contact
-.It Xo
-.Fl s Ar port number ,
-.Fl -server-port= Ns Ar port number
-.Xc
-port to use
-.It Xo
-.Fl l ,
-.Fl -local
-.Xc
-local admin mode
-.El
-.Pp
-If no
-.Ar command
-is given on the command line,
-.Nm
-will prompt for commands to process. Commands include:
-.\" not using a list here, since groff apparently gets confused
-.\" with nested Xo/Xc
-.Bd -ragged -offset indent
-.Nm add
-.Op Fl r | Fl -random-key
-.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
-.Op Fl -key= Ns Ar string
-.Op Fl -max-ticket-life= Ns Ar lifetime
-.Op Fl -max-renewable-life= Ns Ar lifetime
-.Op Fl -attributes= Ns Ar attributes
-.Op Fl -expiration-time= Ns Ar time
-.Op Fl -pw-expiration-time= Ns Ar time
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-creates a new principal
-.Ed
-.Pp
-.Nm passwd
-.Op Fl r | Fl -random-key
-.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
-.Op Fl -key= Ns Ar string
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-changes the password of an existing principal
-.Ed
-.Pp
-.Nm delete
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-removes a principal
-.Ed
-.Pp
-.Nm del_enctype
-.Ar principal enctypes...
-.Pp
-.Bd -ragged -offset indent
-removes some enctypes from a principal. This can be useful the service
-belonging to the principal is known to not handle certain enctypes
-.Ed
-.Pp
-.Nm ext_keytab
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Ar principal...
-.Pp
-.Bd -ragged -offset indent
-creates a keytab with the keys of the specified principals
-.Ed
-.Pp
-.Nm get
-.Op Fl l | Fl -long
-.Op Fl s | Fl -short
-.Op Fl t | Fl -terse
-.Ar expression...
-.Pp
-.Bd -ragged -offset indent
-lists the principals that match the expressions (which are shell glob
-like), long format gives more information, and terse just prints the
-names
-.Ed
-.Pp
-.Nm rename
-.Ar from to
-.Pp
-.Bd -ragged -offset indent
-renames a principal
-.Ed
-.Pp
-.Nm modify
-.Oo Fl a Ar attributes \*(Ba Xo
-.Fl -attributes= Ns Ar attributes
-.Xc
-.Oc
-.Op Fl -max-ticket-life= Ns Ar lifetime
-.Op Fl -max-renewable-life= Ns Ar lifetime
-.Op Fl -expiration-time= Ns Ar time
-.Op Fl -pw-expiration-time= Ns Ar time
-.Op Fl -kvno= Ns Ar number
-.Ar principal
-.Pp
-.Bd -ragged -offset indent
-modifies certain attributes of a principal
-.Ed
-.Pp
-.Nm privileges
-.Pp
-.Bd -ragged -offset indent
-lists the operations you are allowed to perform
-.Ed
-.Pp
-.Ed
-.Pp
-When running in local mode, the following commands can also be used:
-.Bd -ragged -offset indent
-.Nm dump
-.Op Fl d | Fl -decrypt
-.Op Ar dump-file
-.Pp
-.Bd -ragged -offset indent
-writes the database in
-.Dq human readable
-form to the specified file, or standard out
-.Ed
-.Pp
-.Nm init
-.Op Fl -realm-max-ticket-life= Ns Ar string
-.Op Fl -realm-max-renewable-life= Ns Ar string
-.Ar realm
-.Pp
-.Bd -ragged -offset indent
-initializes the Kerberos database with entries for a new realm. It's
-possible to have more than one realm served by one server
-.Ed
-.Pp
-.Nm load
-.Ar file
-.Pp
-.Bd -ragged -offset indent
-reads a previously dumped database, and re-creates that database from scratch
-.Ed
-.Pp
-.Nm merge
-.Ar file
-.Pp
-.Bd -ragged -offset indent
-similar to
-.Nm list
-but just modifies the database with the entries in the dump file
-.Ed
-.Pp
-.Ed
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kadmind 8 ,
-.Xr kdc 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c
deleted file mode 100644
index 943858725560..000000000000
--- a/crypto/heimdal/kadmin/kadmin.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <sl.h>
-
-RCSID("$Id: kadmin.c,v 1.42 2003/03/31 10:20:19 lha Exp $");
-
-static char *config_file;
-static char *keyfile;
-static int local_flag;
-static int help_flag;
-static int version_flag;
-static char *realm;
-static char *admin_server;
-static int server_port = 0;
-static char *client_name;
-static char *keytab;
-
-static struct getargs args[] = {
-    {	"principal", 	'p',	arg_string,	&client_name,
-	"principal to authenticate as" },
-    {   "keytab",	'K',	arg_string,	&keytab,
-   	"keytab for authentication principal" },
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    {
-	"key-file",	'k',	arg_string, &keyfile, 
-	"location of master key file", "file"
-    },
-    {	
-	"realm",	'r',	arg_string,   &realm, 
-	"realm to use", "realm" 
-    },
-    {	
-	"admin-server",	'a',	arg_string,   &admin_server, 
-	"server to contact", "host" 
-    },
-    {	
-	"server-port",	's',	arg_integer,   &server_port, 
-	"port to use", "port number" 
-    },
-    {	"local", 'l', arg_flag, &local_flag, "local admin mode" },
-    {	"help",		'h',	arg_flag,   &help_flag },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static SL_cmd commands[] = {
-    /* commands that are only available with `-l' */
-    { 
-	"dump",		dump,		"dump [file]",
-	"Dumps the database in a human readable format to the\n"
-	"specified file, or the standard out." 
-    },
-    { 
-	"load",		load,		"load file",
-	"Loads a previously dumped file."
-    },
-    { 
-	"merge",	merge,		"merge file" ,
-	"Merges the contents of a dump file into the database."
-    },
-    { 
-	"init",		init,		"init realm...",
-	"Initializes the default principals for a realm.\n"
-	"Creates the database if necessary."
-    },
-    /* common commands */
-    { 
-	"add",	add_new_key, 	"add principal" ,
-	"Adds a principal to the database."
-    },
-    { "add_new_key"},
-    { "ank"},
-    { 
-	"passwd",	cpw_entry, 	"passwd expression..." ,
-	"Changes the password of one or more principals\n"
-	"matching the expressions."
-    },
-    { "change_password"},
-    { "cpw"},
-    { 
-	"delete",	del_entry, 	"delete expression...",
-	"Deletes all principals matching the expressions."
-    },
-    { "del_entry" },
-    { "del" },
-    {
-	"del_enctype",	del_enctype,	"del_enctype principal enctype...",
-	"Delete all the mentioned enctypes for principal."
-    },
-    { 
-	"ext_keytab",	ext_keytab, 	"ext_keytab expression...",
-	"Extracts the keys of all principals matching the expressions,\n"
-	"and stores them in a keytab." 
-    },
-    { 
-	"get",		get_entry, 	"get expression...",
-	"Shows information about principals matching the expressions."
-    },
-    { "get_entry" },
-    { 
-	"rename",	rename_entry, 	"rename source target",
-	"Renames `source' to `target'."
-    },
-    { 
-	"modify",	mod_entry, 	"modify principal",
-	"Modifies some attributes of the specified principal."
-    },
-    { 
-	"privileges",	get_privs,	"privileges",
-	"Shows which kinds of operations you are allowed to perform."
-    },
-    { "privs" },
-    { 
-	"list",		list_princs,	"list expression...", 
-	"Lists principals in a terse format. The same as `get -t'." 
-    },
-    { "help",		help, "help"},
-    { "?"},
-    { "exit",		exit_kadmin, "exit"},
-    { "quit" },
-    { NULL}
-};
-
-krb5_context context;
-void *kadm_handle;
-
-static SL_cmd *actual_cmds;
-
-int
-help(int argc, char **argv)
-{
-    sl_help(actual_cmds, argc, argv);
-    return 0;
-}
-
-int
-exit_kadmin (int argc, char **argv)
-{
-    return 1;
-}
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "[command]");
-    exit (ret);
-}
-
-int
-get_privs(int argc, char **argv)
-{
-    u_int32_t privs;
-    char str[128];
-    kadm5_ret_t ret;
-    
-    int help_flag = 0;
-    struct getargs args[] = {
-	{ "help",	'h',	arg_flag,	NULL }
-    };
-    int num_args = sizeof(args) / sizeof(args[0]);
-    int optind = 0;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage (args, num_args, "privileges", NULL);
-	return 0;
-    }
-    if(help_flag) {
-	arg_printusage (args, num_args, "privileges", NULL);
-	return 0;
-    }
-
-    ret = kadm5_get_privs(kadm_handle, &privs);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_get_privs");
-    else{
-	ret =_kadm5_privs_to_string(privs, str, sizeof(str));
-	printf("%s\n", str);
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_config_section *cf = NULL;
-    kadm5_config_params conf;
-    int optind = 0;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (config_file == NULL)
-	config_file = HDB_DB_DIR "/kdc.conf";
-
-    if(krb5_config_parse_file(context, config_file, &cf) == 0) {
-	const char *p = krb5_config_get_string (context, cf, 
-						"kdc", "key-file", NULL);
-	if (p)
-	    keyfile = strdup(p);
-    }
-    krb5_clear_error_string (context);
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	krb5_set_default_realm(context, realm); /* XXX should be fixed
-						   some other way */
-	conf.realm = realm;
-	conf.mask |= KADM5_CONFIG_REALM;
-    }
-
-    if (admin_server) {
-	conf.admin_server = admin_server;
-	conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    }
-
-    if (server_port) {
-	conf.kadmind_port = htons(server_port);
-	conf.mask |= KADM5_CONFIG_KADMIND_PORT;
-    }
-
-    if(local_flag){
-	ret = kadm5_s_init_with_password_ctx(context, 
-					     KADM5_ADMIN_SERVICE,
-					     NULL,
-					     KADM5_ADMIN_SERVICE,
-					     &conf, 0, 0, 
-					     &kadm_handle);
-	actual_cmds = commands;
-    } else if (keytab) {
-        ret = kadm5_c_init_with_skey_ctx(context,
-					 client_name,
-					 keytab,
-					 KADM5_ADMIN_SERVICE,
-                                         &conf, 0, 0,
-                                         &kadm_handle);
-        actual_cmds = commands + 4; /* XXX */
-    } else {
-	ret = kadm5_c_init_with_password_ctx(context, 
-					     client_name,
-					     NULL,
-					     KADM5_ADMIN_SERVICE,
-					     &conf, 0, 0, 
-					     &kadm_handle);
-	actual_cmds = commands + 4; /* XXX */
-    }
-    
-    if(ret)
-	krb5_err(context, 1, ret, "kadm5_init_with_password");
-
-    signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
-                                parser will handle SIGINT its own way;
-                                we should really take care of this in
-                                each function, f.i `get' might be
-                                interruptable, but not `create' */
-    if (argc != 0) {
-	ret = sl_command (actual_cmds, argc, argv);
-	if(ret == -1)
-	    krb5_warnx (context, "unrecognized command: %s", argv[0]);
-    } else
-	ret = sl_loop (actual_cmds, "kadmin> ") != 0;
-
-    kadm5_destroy(kadm_handle);
-    krb5_config_file_free (context, cf);
-    krb5_free_context(context);
-    return ret;
-}
diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8
deleted file mode 100644
index 215553393033..000000000000
--- a/crypto/heimdal/kadmin/kadmin.cat8
+++ /dev/null
@@ -1,121 +0,0 @@
-KADMIN(8)               NetBSD System Manager's Manual               KADMIN(8)
-
-NNAAMMEE
-     kkaaddmmiinn - Kerberos administration utility
-
-SSYYNNOOPPSSIISS
-     kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
-     _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
-     ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
-     ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
-     [_c_o_m_m_a_n_d]
-
-DDEESSCCRRIIPPTTIIOONN
-     The kkaaddmmiinn program is used to make modification to the Kerberos database,
-     either remotely via the kadmind(8) daemon, or locally (with the --ll op-
-     tion).
-
-     Supported options:
-
-     --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
-             principal to authenticate as
-
-     --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
-             keytab for authentication pricipal
-
-     --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
-             location of config file
-
-     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
-             location of master key file
-
-     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
-             realm to use
-
-     --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
-             server to contact
-
-     --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
-             port to use
-
-     --ll, ----llooccaall
-             local admin mode
-
-     If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
-     mands to process. Commands include:
-
-           aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
-           ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
-           [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
-           [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
-
-                 creates a new principal
-
-           ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
-           ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
-
-                 changes the password of an existing principal
-
-           ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
-
-                 removes a principal
-
-           ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
-
-                 removes some enctypes from a principal, this can be useful
-                 the service belonging to the principal is known to not handle
-                 certain enctypes
-
-           eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
-
-                 creates a keytab with the keys of the specified principals
-
-           ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.
-
-                 lists the principals that match the expressions (which are
-                 shell glob like), long format gives more information, and
-                 terse just prints the names
-
-           rreennaammee _f_r_o_m _t_o
-
-                 renames a principal
-
-           mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
-           [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
-           [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
-           [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l
-
-                 modifies certain attributes of a principal
-
-           pprriivviilleeggeess
-
-                 lists the operations you are allowd to perform
-
-     When running in local mode, the following commands can also be used.
-
-           dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
-
-                 writes the database in ``human readable'' form to the speci-
-                 fied file, or standard out
-
-           iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
-           [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m
-
-                 initialises the Kerberos database with entries for a new
-                 realm, it's possible to have more than one realm served by
-                 one server
-
-           llooaadd _f_i_l_e
-
-                 reads a previously dumped database, and re-creates that
-                 database from scratch
-
-           mmeerrggee _f_i_l_e
-
-                 similar to lliisstt but just modifies the database with the en-
-                 tries in the dump file
-
-SSEEEE AALLSSOO
-     kadmind(8), kdc(8)
-
- HEIMDAL                      September 10, 2000                             2
diff --git a/crypto/heimdal/kadmin/kadmin_locl.h b/crypto/heimdal/kadmin/kadmin_locl.h
deleted file mode 100644
index 59c1bd29a017..000000000000
--- a/crypto/heimdal/kadmin/kadmin_locl.h
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
- */
-
-#ifndef __ADMIN_LOCL_H__
-#define __ADMIN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <krb5.h>
-#include <krb5_locl.h>
-#include <hdb.h>
-#include <hdb_err.h>
-#include <kadm5/admin.h>
-#include <kadm5/private.h>
-#include <kadm5/kadm5_err.h>
-#include <parse_time.h>
-#include <getarg.h>
-
-
-extern krb5_context context;
-extern void * kadm_handle;
-
-#define DECL(X) int X(int, char **)
-
-DECL(add_new_key);
-DECL(cpw_entry);
-DECL(del_entry);
-DECL(del_enctype);
-DECL(exit_kadmin);
-DECL(ext_keytab);
-DECL(get_entry);
-DECL(get_privs);
-DECL(help);
-DECL(list_princs);
-DECL(mod_entry);
-DECL(rename_entry);
-DECL(init);
-DECL(dump);
-DECL(load);
-DECL(merge);
-
-#undef ALLOC
-#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
-
-/* util.c */
-
-void attributes2str(krb5_flags attributes, char *str, size_t len);
-int  str2attributes(const char *str, krb5_flags *flags);
-int  parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit);
-int  edit_attributes (const char *prompt, krb5_flags *attr, int *mask,
-		      int bit);
-
-void time_t2str(time_t t, char *str, size_t len, int include_time);
-int  str2time_t (const char *str, time_t *time);
-int  parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit);
-int  edit_timet (const char *prompt, krb5_timestamp *value, int *mask,
-		 int bit);
-
-void deltat2str(unsigned t, char *str, size_t len);
-int  str2deltat(const char *str, krb5_deltat *delta);
-int  parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit);
-int  edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit);
-
-int edit_entry(kadm5_principal_ent_t ent, int *mask,
-	       kadm5_principal_ent_t default_ent, int default_mask);
-void set_defaults(kadm5_principal_ent_t ent, int *mask,
-		  kadm5_principal_ent_t default_ent, int default_mask);
-int set_entry(krb5_context context,
-	      kadm5_principal_ent_t ent,
-	      int *mask,
-	      const char *max_ticket_life,
-	      const char *max_renewable_life,
-	      const char *expiration,
-	      const char *pw_expiration,
-	      const char *attributes);
-int
-foreach_principal(const char *exp, 
-		  int (*func)(krb5_principal, void*), 
-		  const char *funcname,
-		  void *data);
-
-int parse_des_key (const char *key_string,
-		   krb5_key_data *key_data, const char **err);
-
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
-/* version4.c */
-
-void
-handle_v4(krb5_context context, krb5_keytab keytab, int len, int fd);
-
-/* random_password.c */
-
-void
-random_password(char *pw, size_t len);
-
-/* kadm_conn.c */
-
-extern sig_atomic_t term_flag, doing_useful_work;
-
-void parse_ports(krb5_context, const char*);
-int start_server(krb5_context);
-
-/* server.c */
-
-krb5_error_code
-kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-
-#endif /* __ADMIN_LOCL_H__ */
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8
deleted file mode 100644
index 5663225913c7..000000000000
--- a/crypto/heimdal/kadmin/kadmind.8
+++ /dev/null
@@ -1,186 +0,0 @@
-.\" Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kadmind.8,v 1.14 2003/04/06 17:47:57 lha Exp $
-.\"
-.Dd March 5, 2002
-.Dt KADMIND 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kadmind
-.Nd "server for administrative access to Kerberos database"
-.Sh SYNOPSIS
-.Nm
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl -keytab= Ns Ar keytab
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Op Fl d | Fl -debug
-.Oo Fl p Ar port \*(Ba Xo
-.Fl -ports= Ns Ar port
-.Xc
-.Oc
-.Op Fl -no-kerberos4
-.Sh DESCRIPTION
-.Nm
-listens for requests for changes to the Kerberos database and performs
-these, subject to permissions.  When starting, if stdin is a socket it
-assumes that it has been started by
-.Xr inetd 8 ,
-otherwise it behaves as a daemon, forking processes for each new
-connection. The
-.Fl -debug
-option causes
-.Nm
-to accept exactly one connection, which is useful for debugging.
-.Pp
-If built with krb4 support, it implements both the Heimdal Kerberos 5
-administrative protocol and the Kerberos 4 protocol. Password changes
-via the Kerberos 4 protocol are also performed by
-.Nm kadmind ,
-but the
-.Xr kpasswdd 8
-daemon is responsible for the Kerberos 5 password changing protocol
-(used by
-.Xr kpasswd 1 )
-.
-.Pp
-This daemon should only be run on the master server, and not on any
-slaves.
-.Pp
-Principals are always allowed to change their own password and list
-their own principal.  Apart from that, doing any operation requires
-permission explicitly added in the ACL file
-.Pa /var/heimdal/kadmind.acl .
-The format of this file is:
-.Bd -ragged
-.Va principal
-.Va rights
-.Op Va principal-pattern
-.Ed
-.Pp
-Where rights is any (comma separated) combination of:
-.Bl -bullet -compact
-.It
-change-password or cpw
-.It
-list
-.It
-delete
-.It
-modify
-.It
-add
-.It
-get
-.It
-all
-.El
-.Pp
-And the optional
-.Ar principal-pattern
-restricts the rights to operations on principals that match the
-glob-style pattern.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-location of master key file
-.It Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-what keytab to use
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-realm to use
-.It Xo
-.Fl d ,
-.Fl -debug
-.Xc
-enable debugging
-.It Xo
-.Fl p Ar port ,
-.Fl -ports= Ns Ar port
-.Xc
-ports to listen to. By default, if run as a daemon, it listens to ports
-749, and 751 (if Kerberos 4 support is built and enabled), but you can
-add any number of ports with this option. The port string is a
-whitespace separated list of port specifications, with the special
-string
-.Dq +
-representing the default set of ports.
-.It Fl -no-kerberos4
-make 
-.Nm 
-ignore Kerberos 4 kadmin requests.
-.El
-.\".Sh ENVIRONMENT
-.Sh FILES
-.Pa /var/heimdal/kadmind.acl
-.Sh EXAMPLES
-This will cause
-.Nm
-to listen to port 4711 in addition to any
-compiled in defaults:
-.Pp
-.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &"
-.Pp
-This acl file will grant Joe all rights, and allow Mallory to view and
-add host principals.
-.Bd -literal -offset indent
-joe/admin@EXAMPLE.COM      all
-mallory/admin@EXAMPLE.COM  add,get  host/*@EXAMPLE.COM
-.Ed
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kpasswd 1 ,
-.Xr kadmin 8 ,
-.Xr kdc 8 ,
-.Xr kpasswdd 8
diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c
deleted file mode 100644
index 2998ee6baed6..000000000000
--- a/crypto/heimdal/kadmin/kadmind.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: kadmind.c,v 1.28 2002/10/21 13:21:24 joda Exp $");
-
-static char *check_library  = NULL;
-static char *check_function = NULL;
-static char *config_file;
-static char *keyfile;
-static char *keytab_str = "HDB:";
-static int help_flag;
-static int version_flag;
-static int debug_flag;
-static char *port_str;
-char *realm;
-#ifdef KRB4
-int do_kerberos4 = 1;
-#endif
-
-static struct getargs args[] = {
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    {
-	"key-file",	'k',	arg_string, &keyfile, 
-	"location of master key file", "file"
-    },
-    {
-	"keytab",	0,	arg_string, &keytab_str,
-	"what keytab to use", "keytab"
-    },
-    {	"realm",	'r',	arg_string,   &realm, 
-	"realm to use", "realm" 
-    },
-#ifdef HAVE_DLOPEN
-    { "check-library", 0, arg_string, &check_library, 
-      "library to load password check function from", "library" },
-    { "check-function", 0, arg_string, &check_function,
-      "password check function to load", "function" },
-#endif
-    {	"debug",	'd',	arg_flag,   &debug_flag, 
-	"enable debugging" 
-    },
-#ifdef KRB4
-    {	"kerberos4", 0, arg_negative_flag, &do_kerberos4,
-	"don't respond to kerberos 4 requests"
-    },
-#endif
-    {	"ports",	'p',	arg_string, &port_str, 
-	"ports to listen to", "port" },
-    {	"help",		'h',	arg_flag,   &help_flag },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-krb5_context context;
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_config_section *cf;
-    int optind = 0;
-    int e;
-    krb5_log_facility *logf;
-    krb5_keytab keytab;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_openlog(context, "kadmind", &logf);
-    ret = krb5_set_warn_dest(context, logf);
-
-    while((e = getarg(args, num_args, argc, argv, &optind)))
-	warnx("error at argument `%s'", argv[optind]);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    if (config_file == NULL)
-	config_file = HDB_DB_DIR "/kdc.conf";
-
-    if(krb5_config_parse_file(context, config_file, &cf) == 0) {
-	const char *p = krb5_config_get_string (context, cf, 
-						"kdc", "key-file", NULL);
-	if (p)
-	    keyfile = strdup(p);
-    }
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve");
-
-    kadm5_setup_passwd_quality_check (context, check_library, check_function);
-
-    {
-	int fd = 0;
-	struct sockaddr_storage __ss;
-	struct sockaddr *sa = (struct sockaddr *)&__ss;
-	socklen_t sa_size = sizeof(__ss);
-	krb5_auth_context ac = NULL;
-	int debug_port;
-
-	if(debug_flag) {
-	    if(port_str == NULL)
-		debug_port = krb5_getportbyname (context, "kerberos-adm", 
-						 "tcp", 749);
-	    else
-		debug_port = htons(atoi(port_str));
-	    mini_inetd(debug_port);
-	} else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && 
-		   errno == ENOTSOCK) {
-	    parse_ports(context, port_str ? port_str : "+");
-	    pidfile(NULL);
-	    start_server(context);
-	}
-	if(realm)
-	    krb5_set_default_realm(context, realm); /* XXX */
-	kadmind_loop(context, ac, keytab, fd);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8
deleted file mode 100644
index b7172bcaab82..000000000000
--- a/crypto/heimdal/kadmin/kadmind.cat8
+++ /dev/null
@@ -1,93 +0,0 @@
-KADMIND(8)              NetBSD System Manager's Manual              KADMIND(8)
-
-NNAAMMEE
-     kkaaddmmiinndd - server for administrative access to kerberos database
-
-SSYYNNOOPPSSIISS
-     kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
-     [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
-     ----ppoorrttss==_p_o_r_t] [----nnoo--kkeerrbbeerrooss44]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkaaddmmiinndd listens for requests for changes to the Kerberos database and
-     performs these, subject to permissions.  When starting, if stdin is a
-     socket it assumes that it has been started by inetd(8), otherwise it be-
-     haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
-     option causes kkaaddmmiinndd to accept exactly one connection, which is useful
-     for debugging.
-
-     If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
-     ministrative protocol and the Kerberos 4 protocol. Password changes via
-     the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the
-     kpasswdd(8) daemon is responsible for the Kerberos 5 password changing
-     protocol (used by kpasswd(1))
-
-     This daemon should only be run on ther master server, and not on any
-     slaves.
-
-     Principals are always allowed to change their own password and list their
-     own principal.  Apart from that, doing any operation requires permission
-     explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l.  The format of
-     this file is:
-
-     _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
-
-     Where rights is any (comma separated) combination of:
-     ++oo   change-password or cpw
-     ++oo   list
-     ++oo   delete
-     ++oo   modify
-     ++oo   add
-     ++oo   get
-     ++oo   all
-
-     And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
-     principals that match the glob-style pattern.
-
-     Supported options:
-
-     --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
-             location of config file
-
-     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
-             location of master key file
-
-     ----kkeeyyttaabb==_k_e_y_t_a_b
-             what keytab to use
-
-     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
-             realm to use
-
-     --dd, ----ddeebbuugg
-             enable debugging
-
-     --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
-             ports to listen to. By default, if run as a daemon, it listen to
-             ports 749, and 751 (if Kerberos 4 support is built and enabled),
-             but you can add any number of ports with this option. The port
-             string is a whitespace separated list of port specifications,
-             with the special string ``+'' representing the default set of
-             ports.
-
-     ----nnoo--kkeerrbbeerrooss44
-             make kkaaddmmiinndd ignore Kerberos 4 kadmin requests.
-
-FFIILLEESS
-     _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
-
-EEXXAAMMPPLLEESS
-     This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com-
-     piled in defaults:
-
-           kkaaddmmiinndd----ppoorrttss="+ 4711" &
-
-     This acl file will grant Joe all rights, and allow Mallory to view and
-     add host principals.
-
-           joe/admin@EXAMPLE.COM      all
-           mallory/admin@EXAMPLE.COM  add,get  host/*@EXAMPLE.COM
-
-SSEEEE AALLSSOO
-     kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
-
- HEIMDAL                         March 5, 2002                               2
diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c
deleted file mode 100644
index 3635023cbb19..000000000000
--- a/crypto/heimdal/kadmin/load.c
+++ /dev/null
@@ -1,540 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <kadm5/private.h>
-
-RCSID("$Id: load.c,v 1.44 2002/09/04 20:44:35 joda Exp $");
-
-struct entry {
-    char *principal;
-    char *key;
-    char *max_life;
-    char *max_renew;
-    char *created;
-    char *modified;
-    char *valid_start;
-    char *valid_end;
-    char *pw_end;
-    char *flags;
-    char *generation;
-};
-
-static char *
-skip_next(char *p)
-{
-    while(*p && !isspace((unsigned char)*p)) 
-	p++;
-    *p++ = 0;
-    while(*p && isspace((unsigned char)*p))
-	p++;
-    return p;
-}
-
-/*
- * Parse the time in `s', returning:
- * -1 if error parsing
- * 0  if none  present
- * 1  if parsed ok
- */
-
-static int
-parse_time_string(time_t *t, const char *s)
-{
-    int year, month, date, hour, minute, second;
-    struct tm tm;
-
-    if(strcmp(s, "-") == 0)
-	return 0;
-    if(sscanf(s, "%04d%02d%02d%02d%02d%02d", 
-	      &year, &month, &date, &hour, &minute, &second) != 6)
-	return -1;
-    tm.tm_year  = year - 1900;
-    tm.tm_mon   = month - 1;
-    tm.tm_mday  = date;
-    tm.tm_hour  = hour;
-    tm.tm_min   = minute;
-    tm.tm_sec   = second;
-    tm.tm_isdst = 0;
-    *t = timegm(&tm);
-    return 1;
-}
-
-/*
- * parse time, allocating space in *t if it's there
- */
-
-static int
-parse_time_string_alloc (time_t **t, const char *s)
-{
-    time_t tmp;
-    int ret;
-
-    *t = NULL;
-    ret = parse_time_string (&tmp, s);
-    if (ret == 1) {
-	*t = malloc (sizeof (**t));
-	if (*t == NULL)
-	    krb5_errx (context, 1, "malloc: out of memory");
-	**t = tmp;
-    }
-    return ret;
-}
-
-/*
- * see parse_time_string for calling convention
- */
-
-static int
-parse_integer(unsigned *u, const char *s)
-{
-    if(strcmp(s, "-") == 0)
-	return 0;
-    if (sscanf(s, "%u", u) != 1)
-	return -1;
-    return 1;
-}
-
-static int
-parse_integer_alloc (int **u, const char *s)
-{
-    unsigned tmp;
-    int ret;
-
-    *u = NULL;
-    ret = parse_integer (&tmp, s);
-    if (ret == 1) {
-	*u = malloc (sizeof (**u));
-	if (*u == NULL)
-	    krb5_errx (context, 1, "malloc: out of memory");
-	**u = tmp;
-    }
-    return ret;
-}
-
-/*
- * Parse dumped keys in `str' and store them in `ent'
- * return -1 if parsing failed
- */
-
-static int
-parse_keys(hdb_entry *ent, char *str)
-{
-    krb5_error_code ret;
-    int tmp;
-    char *p;
-    int i;
-    
-    p = strsep(&str, ":");
-    if (sscanf(p, "%d", &tmp) != 1)
-	return 1;
-    ent->kvno = tmp;
-    p = strsep(&str, ":");
-    while(p){
-	Key *key;
-	key = realloc(ent->keys.val, 
-		      (ent->keys.len + 1) * sizeof(*ent->keys.val));
-	if(key == NULL)
-	    krb5_errx (context, 1, "realloc: out of memory");
-	ent->keys.val = key;
-	key = ent->keys.val + ent->keys.len;
-	ent->keys.len++;
-	memset(key, 0, sizeof(*key));
-	if(sscanf(p, "%d", &tmp) == 1) {
-	    key->mkvno = malloc(sizeof(*key->mkvno));
-	    *key->mkvno = tmp;
-	} else
-	    key->mkvno = NULL;
-	p = strsep(&str, ":");
-	if (sscanf(p, "%d", &tmp) != 1)
-	    return 1;
-	key->key.keytype = tmp;
-	p = strsep(&str, ":");
-	ret = krb5_data_alloc(&key->key.keyvalue, (strlen(p) - 1) / 2 + 1);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_data_alloc");
-	for(i = 0; i < strlen(p); i += 2) {
-	    if(sscanf(p + i, "%02x", &tmp) != 1)
-		return 1;
-	    ((u_char*)key->key.keyvalue.data)[i / 2] = tmp;
-	}
-	p = strsep(&str, ":");
-	if(strcmp(p, "-") != 0){
-	    unsigned type;
-	    size_t p_len;
-
-	    if(sscanf(p, "%u/", &type) != 1)
-		return 1;
-	    p = strchr(p, '/');
-	    if(p == NULL)
-		return 1;
-	    p++;
-	    p_len = strlen(p);
-
-	    key->salt = malloc(sizeof(*key->salt));
-	    if (key->salt == NULL)
-		krb5_errx (context, 1, "malloc: out of memory");
-	    key->salt->type = type;
-		
-	    if (p_len) {
-		if(*p == '\"') {
-		    ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2);
-		    if (ret)
-			krb5_err (context, 1, ret, "krb5_data_copy");
-		} else {
-		    ret = krb5_data_alloc(&key->salt->salt,
-					  (p_len - 1) / 2 + 1);
-		    if (ret)
-			krb5_err (context, 1, ret, "krb5_data_alloc");
-		    for(i = 0; i < p_len; i += 2){
-			if (sscanf(p + i, "%02x", &tmp) != 1)
-			    return 1;
-			((u_char*)key->salt->salt.data)[i / 2] = tmp;
-		    }
-		}
-	    } else
-		krb5_data_zero (&key->salt->salt);
-	}
-	p = strsep(&str, ":");
-    }
-    return 0;
-}
-
-/*
- * see parse_time_string for calling convention
- */
-
-static int
-parse_event(Event *ev, char *s)
-{
-    krb5_error_code ret;
-    char *p;
-
-    if(strcmp(s, "-") == 0)
-	return 0;
-    memset(ev, 0, sizeof(*ev));
-    p = strsep(&s, ":");
-    if(parse_time_string(&ev->time, p) != 1)
-	return -1;
-    p = strsep(&s, ":");
-    ret = krb5_parse_name(context, p, &ev->principal);
-    if (ret)
-	return -1;
-    return 1;
-}
-
-static int
-parse_event_alloc (Event **ev, char *s)
-{
-    Event tmp;
-    int ret;
-
-    *ev = NULL;
-    ret = parse_event (&tmp, s);
-    if (ret == 1) {
-	*ev = malloc (sizeof (**ev));
-	if (*ev == NULL)
-	    krb5_errx (context, 1, "malloc: out of memory");
-	**ev = tmp;
-    }
-    return ret;
-}
-
-static int
-parse_hdbflags2int(HDBFlags *f, const char *s)
-{
-    int ret;
-    unsigned tmp;
-
-    ret = parse_integer (&tmp, s);
-    if (ret == 1)
-	*f = int2HDBFlags (tmp);
-    return ret;
-}
-
-static int
-parse_generation(char *str, GENERATION **gen)
-{
-    char *p;
-    int v;
-
-    if(strcmp(str, "-") == 0 || *str == '\0') {
-	*gen = NULL;
-	return 0;
-    }
-    *gen = calloc(1, sizeof(**gen));
-
-    p = strsep(&str, ":");
-    if(parse_time_string(&(*gen)->time, p) != 1)
-	return -1;
-    p = strsep(&str, ":");
-    if(sscanf(p, "%d", &v) != 1)
-	return -1;
-    (*gen)->usec = v;
-    p = strsep(&str, ":");
-    if(sscanf(p, "%d", &v) != 1)
-	return -1;
-    (*gen)->gen = v - 1; /* XXX gets bumped in _hdb_store */
-    return 0;
-}
-
-
-/*
- * Parse the dump file in `filename' and create the database (merging
- * iff merge)
- */
-
-static int
-doit(const char *filename, int merge)
-{
-    krb5_error_code ret;
-    FILE *f;
-    char s[8192]; /* XXX should fix this properly */
-    char *p;
-    int line;
-    int flags = O_RDWR;
-    struct entry e;
-    hdb_entry ent;
-    HDB *db = _kadm5_s_get_db(kadm_handle);
-
-    f = fopen(filename, "r");
-    if(f == NULL){
-	krb5_warn(context, errno, "fopen(%s)", filename);
-	return 1;
-    }
-    ret = kadm5_log_truncate (kadm_handle);
-    if (ret) {
-	fclose (f);
-	krb5_warn(context, ret, "kadm5_log_truncate");
-	return 1;
-    }
-
-    if(!merge)
-	flags |= O_CREAT | O_TRUNC;
-    ret = db->open(context, db, flags, 0600);
-    if(ret){
-	krb5_warn(context, ret, "hdb_open");
-	fclose(f);
-	return 1;
-    }
-    line = 0;
-    ret = 0;
-    while(fgets(s, sizeof(s), f) != NULL) {
-	ret = 0;
-	line++;
-	e.principal = s;
-	for(p = s; *p; p++){
-	    if(*p == '\\')
-		p++;
-	    else if(isspace((unsigned char)*p)) {
-		*p = 0;
-		break;
-	    }
-	}
-	p = skip_next(p);
-	
-	e.key = p;
-	p = skip_next(p);
-
-	e.created = p;
-	p = skip_next(p);
-
-	e.modified = p;
-	p = skip_next(p);
-
-	e.valid_start = p;
-	p = skip_next(p);
-
-	e.valid_end = p;
-	p = skip_next(p);
-
-	e.pw_end = p;
-	p = skip_next(p);
-
-	e.max_life = p;
-	p = skip_next(p);
-
-	e.max_renew = p;
-	p = skip_next(p);
-
-	e.flags = p;
-	p = skip_next(p);
-
-	e.generation = p;
-	p = skip_next(p);
-
-	memset(&ent, 0, sizeof(ent));
-	ret = krb5_parse_name(context, e.principal, &ent.principal);
-	if(ret) {
-	    fprintf(stderr, "%s:%d:%s (%s)\n", 
-		    filename, 
-		    line,
-		    krb5_get_err_text(context, ret),
-		    e.principal);
-	    continue;
-	}
-	
-	if (parse_keys(&ent, e.key)) {
-	    fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
-		     filename, line, e.key);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	
-	if (parse_event(&ent.created_by, e.created) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
-		     filename, line, e.created);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_event_alloc (&ent.modified_by, e.modified) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing event (%s)\n",
-		     filename, line, e.modified);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_time_string_alloc (&ent.valid_start, e.valid_start) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing time (%s)\n",
-		     filename, line, e.valid_start);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_time_string_alloc (&ent.valid_end,   e.valid_end) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing time (%s)\n",
-		     filename, line, e.valid_end);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-	if (parse_time_string_alloc (&ent.pw_end,      e.pw_end) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing time (%s)\n",
-		     filename, line, e.pw_end);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if (parse_integer_alloc (&ent.max_life,  e.max_life) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
-		     filename, line, e.max_life);
-	    hdb_free_entry (context, &ent);
-	    continue;
-
-	}
-	if (parse_integer_alloc (&ent.max_renew, e.max_renew) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
-		     filename, line, e.max_renew);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if (parse_hdbflags2int (&ent.flags, e.flags) != 1) {
-	    fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
-		     filename, line, e.flags);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	if(parse_generation(e.generation, &ent.generation) == -1) {
-	    fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
-		     filename, line, e.generation);
-	    hdb_free_entry (context, &ent);
-	    continue;
-	}
-
-	ret = db->store(context, db, HDB_F_REPLACE, &ent);
-	hdb_free_entry (context, &ent);
-	if (ret) {
-	    krb5_warn(context, ret, "db_store");
-	    break;
-	}
-    }
-    db->close(context, db);
-    fclose(f);
-    return ret != 0;
-}
-
-
-static struct getargs args[] = {
-    { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(const char *name)
-{
-    arg_printusage (args, num_args, name, "file");
-}
-
-
-
-int
-load(int argc, char **argv)
-{
-    int optind = 0;
-    int help_flag = 0;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	usage ("load");
-	return 0;
-    }
-    if(argc - optind != 1 || help_flag) {
-	usage ("load");
-	return 0;
-    }
-
-    doit(argv[optind], 0);
-    return 0;
-}
-
-int
-merge(int argc, char **argv)
-{
-    int optind = 0;
-    int help_flag = 0;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	usage ("merge");
-	return 0;
-    }
-    if(argc - optind != 1 || help_flag) {
-	usage ("merge");
-	return 0;
-    }
-
-    doit(argv[optind], 1);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c
deleted file mode 100644
index 0e9cd08c7f7e..000000000000
--- a/crypto/heimdal/kadmin/mod.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: mod.c,v 1.11 2002/12/03 14:12:30 joda Exp $");
-
-static int parse_args (krb5_context context, kadm5_principal_ent_t ent,
-		       int argc, char **argv, int *optind, char *name,
-		       int *mask);
-
-static int
-parse_args(krb5_context context, kadm5_principal_ent_t ent,
-	    int argc, char **argv, int *optind, char *name,
-	    int *mask)
-{
-    char *attr_str = NULL;
-    char *max_life_str = NULL;
-    char *max_rlife_str = NULL;
-    char *expiration_str = NULL;
-    char *pw_expiration_str = NULL;
-    int new_kvno = -1;
-    int ret, i;
-
-    struct getargs args[] = {
-	{"attributes",	'a',	arg_string, NULL, "Attributies",
-	 "attributes"},
-	{"max-ticket-life", 0,	arg_string, NULL, "max ticket lifetime",
-	 "lifetime"},
-	{"max-renewable-life",  0, arg_string,	NULL,
-	 "max renewable lifetime", "lifetime" },
-	{"expiration-time",	0,	arg_string, 
-	 NULL, "Expiration time", "time"},
-	{"pw-expiration-time",  0,	arg_string, 
-	 NULL, "Password expiration time", "time"},
-	{"kvno",  0,	arg_integer, 
-	 NULL, "Key version number", "number"},
-    };
-
-    i = 0;
-    args[i++].value = &attr_str;
-    args[i++].value = &max_life_str;
-    args[i++].value = &max_rlife_str;
-    args[i++].value = &expiration_str;
-    args[i++].value = &pw_expiration_str;
-    args[i++].value = &new_kvno;
-
-    *optind = 0; /* XXX */
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), 
-	      argc, argv, optind)){
-	arg_printusage(args, 
-		       sizeof(args) / sizeof(args[0]), 
-		       name ? name : "",
-		       "principal");
-	return -1;
-    }
-    
-    ret = set_entry(context, ent, mask, max_life_str, max_rlife_str, 
-		    expiration_str, pw_expiration_str, attr_str);
-    if (ret)
-	return ret;
-
-    if(new_kvno != -1) {
-	ent->kvno = new_kvno;
-	*mask |= KADM5_KVNO;
-    }
-    return 0;
-}
-
-int
-mod_entry(int argc, char **argv)
-{
-    kadm5_principal_ent_rec princ;
-    int mask = 0;
-    krb5_error_code ret;
-    krb5_principal princ_ent = NULL;
-    int optind;
-
-    memset (&princ, 0, sizeof(princ));
-
-    ret = parse_args (context, &princ, argc, argv,
-		      &optind, "mod", &mask);
-    if (ret)
-	return 0;
-
-    argc -= optind;
-    argv += optind;
-    
-    if (argc != 1) {
-	printf ("Usage: mod [options] principal\n");
-	return 0;
-    }
-
-    krb5_parse_name(context, argv[0], &princ_ent);
-
-    if (mask == 0) {
-	memset(&princ, 0, sizeof(princ));
-	ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, 
-				  KADM5_PRINCIPAL | KADM5_ATTRIBUTES | 
-				  KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
-				  KADM5_PRINC_EXPIRE_TIME |
-				  KADM5_PW_EXPIRATION);
-	krb5_free_principal (context, princ_ent);
-	if (ret) {
-	    printf ("no such principal: %s\n", argv[0]);
-	    return 0;
-	}
-	if(edit_entry(&princ, &mask, NULL, 0))
-	    goto out;
-    } else {
-	princ.principal = princ_ent;
-    }
-
-    ret = kadm5_modify_principal(kadm_handle, &princ, mask);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_modify_principal");
-  out:
-    kadm5_free_principal_ent(kadm_handle, &princ);
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c
deleted file mode 100644
index 92fb2fcddb97..000000000000
--- a/crypto/heimdal/kadmin/random_password.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: random_password.c,v 1.4 2001/02/15 04:20:53 assar Exp $");
-
-/* This file defines some a function that generates a random password,
-   that can be used when creating a large amount of principals (such
-   as for a batch of students). Since this is a political matter, you
-   should think about how secure generated passwords has to be.
-   
-   Both methods defined here will give you at least 55 bits of
-   entropy.
-   */
-
-/* If you want OTP-style passwords, define OTP_STYLE */
-
-#ifdef OTP_STYLE
-#include <otp.h>
-#else
-static void generate_password(char **pw, int num_classes, ...);
-#endif
-
-void
-random_password(char *pw, size_t len)
-{
-#ifdef OTP_STYLE
-    {
-	OtpKey newkey;
-
-	krb5_generate_random_block(&newkey, sizeof(newkey));
-	otp_print_stddict (newkey, pw, len);
-	strlwr(pw);
-    }
-#else
-    char *pass;
-    generate_password(&pass, 3, 
-		      "abcdefghijklmnopqrstuvwxyz", 7, 
-		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, 
-		      "@$%&*()-+=:,/<>1234567890", 1);
-    strlcpy(pw, pass, len);
-    memset(pass, 0, strlen(pass));
-    free(pass);
-#endif
-}
-
-/* some helper functions */
-
-#ifndef OTP_STYLE
-/* return a random value in range 0-127 */
-static int
-RND(unsigned char *key, int keylen, int *left)
-{
-    if(*left == 0){
-	krb5_generate_random_block(key, keylen);
-	*left = keylen;
-    }
-    (*left)--;
-    return ((unsigned char*)key)[*left];
-}
-
-/* This a helper function that generates a random password with a
-   number of characters from a set of character classes.
-
-   If there are n classes, and the size of each class is Pi, and the
-   number of characters from each class is Ni, the number of possible
-   passwords are (given that the character classes are disjoint):
-
-     n             n
-   -----        /  ----  \
-   |   |  Ni    |  \     |
-   |   | Pi     |   \  Ni| !
-   |   | ---- * |   /    |
-   |   | Ni!    |  /___  |
-    i=1          \  i=1  /
-   
-    Since it uses the RND function above, neither the size of each
-    class, nor the total length of the generated password should be
-    larger than 127 (without fixing RND).
-   
-   */
-static void
-generate_password(char **pw, int num_classes, ...)
-{
-    struct {
-	const char *str;
-	int len;
-	int freq;
-    } *classes;
-    va_list ap;
-    int len, i;
-    unsigned char rbuf[8]; /* random buffer */
-    int rleft = 0;
-
-    classes = malloc(num_classes * sizeof(*classes));
-    va_start(ap, num_classes);
-    len = 0;
-    for(i = 0; i < num_classes; i++){
-	classes[i].str = va_arg(ap, const char*);
-	classes[i].len = strlen(classes[i].str);
-	classes[i].freq = va_arg(ap, int);
-	len += classes[i].freq;
-    }
-    va_end(ap);
-    *pw = malloc(len + 1);
-    if(*pw == NULL)
-	return;
-    for(i = 0; i < len; i++) {
-	int j;
-	int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);
-	int t = 0;
-	for(j = 0; j < num_classes; j++) {
-	    if(x < t + classes[j].freq) {
-		(*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)
-					 % classes[j].len];
-		classes[j].freq--;
-		break;
-	    }
-	    t += classes[j].freq;
-	}
-    }
-    (*pw)[len] = '\0';
-    memset(rbuf, 0, sizeof(rbuf));
-    free(classes);
-}
-#endif
diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c
deleted file mode 100644
index ac5f4d699d64..000000000000
--- a/crypto/heimdal/kadmin/rename.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-
-RCSID("$Id: rename.c,v 1.4 2001/05/04 13:07:03 joda Exp $");
-
-static struct getargs args[] = {
-    { "help", 'h', arg_flag, NULL }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(void)
-{
-    arg_printusage (args, num_args, "rename", "from to");
-}
-
-int
-rename_entry(int argc, char **argv)
-{
-    int optind = 0;
-    int help_flag = 0;
-
-    krb5_error_code ret;
-    krb5_principal princ1, princ2;
-
-    args[0].value = &help_flag;
-
-    if(getarg(args, num_args, argc, argv, &optind)) {
-	usage ();
-	return 0;
-    }
-    if(argc - optind != 2 || help_flag) {
-	usage ();
-	return 0;
-    }
-
-    ret = krb5_parse_name(context, argv[1], &princ1);
-    if(ret){
-	krb5_warn(context, ret, "krb5_parse_name(%s)", argv[1]);
-	return 0;
-    }
-    ret = krb5_parse_name(context, argv[2], &princ2);
-    if(ret){
-	krb5_free_principal(context, princ2);
-	krb5_warn(context, ret, "krb5_parse_name(%s)", argv[2]);
-	return 0;
-    }
-    ret = kadm5_rename_principal(kadm_handle, princ1, princ2);
-    if(ret)
-	krb5_warn(context, ret, "rename");
-    krb5_free_principal(context, princ1);
-    krb5_free_principal(context, princ2);
-    return 0;
-}
-
diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
deleted file mode 100644
index adaf6cfa708d..000000000000
--- a/crypto/heimdal/kadmin/server.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-RCSID("$Id: server.c,v 1.38 2003/01/29 12:33:05 lha Exp $");
-
-static kadm5_ret_t
-kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
-		 krb5_data *in, krb5_data *out)
-{
-    kadm5_ret_t ret;
-    int32_t cmd, mask, tmp;
-    kadm5_server_context *context = kadm_handle;
-    char client[128], name[128], name2[128];
-    char *op = "";
-    krb5_principal princ, princ2;
-    kadm5_principal_ent_rec ent;
-    char *password, *exp;
-    krb5_keyblock *new_keys;
-    int n_keys;
-    char **princs;
-    int n_princs;
-    krb5_storage *sp;
-    
-    krb5_unparse_name_fixed(context->context, context->caller, 
-			    client, sizeof(client));
-    
-    sp = krb5_storage_from_data(in);
-
-    krb5_ret_int32(sp, &cmd);
-    switch(cmd){
-    case kadm_get:{
-	op = "GET";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &mask);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    kadm5_store_principal_ent(sp, &ent);
-	    kadm5_free_principal_ent(kadm_handle, &ent);
-	}
-	krb5_free_principal(context->context, princ);
-	break;
-    }
-    case kadm_delete:{
-	op = "DELETE";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_delete_principal(kadm_handle, princ);
-	krb5_free_principal(context->context, princ);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_create:{
-	op = "CREATE";
-	ret = kadm5_ret_principal_ent(sp, &ent);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &mask);
-	if(ret){
-	    kadm5_free_principal_ent(context->context, &ent);
-	    goto fail;
-	}
-	ret = krb5_ret_string(sp, &password);
-	if(ret){
-	    kadm5_free_principal_ent(context->context, &ent);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, ent.principal, 
-				name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD,
-					  ent.principal);
-	if(ret){
-	    kadm5_free_principal_ent(context->context, &ent);
-	    memset(password, 0, strlen(password));
-	    free(password);
-	    goto fail;
-	}
-	ret = kadm5_create_principal(kadm_handle, &ent, 
-				     mask, password);
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	memset(password, 0, strlen(password));
-	free(password);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_modify:{
-	op = "MODIFY";
-	ret = kadm5_ret_principal_ent(sp, &ent);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &mask);
-	if(ret){
-	    kadm5_free_principal_ent(context, &ent);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, ent.principal, 
-				name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY,
-					  ent.principal);
-	if(ret){
-	    kadm5_free_principal_ent(context, &ent);
-	    goto fail;
-	}
-	ret = kadm5_modify_principal(kadm_handle, &ent, mask);
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_rename:{
-	op = "RENAME";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_principal(sp, &princ2);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2));
-	krb5_warnx(context->context, "%s: %s %s -> %s", 
-		   client, op, name, name2);
-	ret = _kadm5_acl_check_permission(context, 
-					  KADM5_PRIV_ADD,
-					  princ2)
-	    || _kadm5_acl_check_permission(context, 
-					   KADM5_PRIV_DELETE,
-					   princ);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_rename_principal(kadm_handle, princ, princ2);
-	krb5_free_principal(context->context, princ);
-	krb5_free_principal(context->context, princ2);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_chpass:{
-	op = "CHPASS";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_string(sp, &password);
-	if(ret){
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-
-	/*
-	 * The change is allowed if at least one of:
-
-	 * a) it's for the principal him/herself and this was an
-	 *    initial ticket, but then, check with the password quality
-	 *    function.
-	 * b) the user is on the CPW ACL.
-	 */
-
-	if (initial
-	    && krb5_principal_compare (context->context, context->caller,
-				       princ))
-	{
-	    krb5_data pwd_data;
-	    const char *pwd_reason;
-
-	    pwd_data.data = password;
-	    pwd_data.length = strlen(password);
-
-	    pwd_reason = kadm5_check_password_quality (context->context,
-						       princ, &pwd_data);
-	    if (pwd_reason != NULL)
-		ret = KADM5_PASS_Q_DICT;
-	    else
-		ret = 0;
-	} else
-	    ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
-	if(ret) {
-	    krb5_free_principal(context->context, princ);
-	    memset(password, 0, strlen(password));
-	    free(password);
-	    goto fail;
-	}
-	ret = kadm5_chpass_principal(kadm_handle, princ, password);
-	krb5_free_principal(context->context, princ);
-	memset(password, 0, strlen(password));
-	free(password);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_chpass_with_key:{
-	int i;
-	krb5_key_data *key_data;
-	int n_key_data;
-
-	op = "CHPASS_WITH_KEY";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	ret = krb5_ret_int32(sp, &n_key_data);
-	if (ret) {
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	/* n_key_data will be squeezed into an int16_t below. */
-	if (n_key_data < 0 || n_key_data >= 1 << 16 ||
-	    n_key_data > UINT_MAX/sizeof(*key_data)) {
-	    ret = ERANGE;
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-
-	key_data = malloc (n_key_data * sizeof(*key_data));
-	if (key_data == NULL) {
-	    ret = ENOMEM;
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-
-	for (i = 0; i < n_key_data; ++i) {
-	    ret = kadm5_ret_key_data (sp, &key_data[i]);
-	    if (ret) {
-		int16_t dummy = i;
-
-		kadm5_free_key_data (context, &dummy, key_data);
-		free (key_data);
-		krb5_free_principal(context->context, princ);
-		goto fail;
-	    }
-	}
-
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-
-	/*
-	 * The change is only allowed if the user is on the CPW ACL,
-	 * this it to force password quality check on the user.
-	 */
-
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-	if(ret) {
-	    int16_t dummy = n_key_data;
-
-	    kadm5_free_key_data (context, &dummy, key_data);
-	    free (key_data);
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_chpass_principal_with_key(kadm_handle, princ,
-					      n_key_data, key_data);
-	{
-	    int16_t dummy = n_key_data;
-	    kadm5_free_key_data (context, &dummy, key_data);
-	}
-	free (key_data);
-	krb5_free_principal(context->context, princ);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	break;
-    }
-    case kadm_randkey:{
-	op = "RANDKEY";
-	ret = krb5_ret_principal(sp, &princ);
-	if(ret)
-	    goto fail;
-	krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
-	krb5_warnx(context->context, "%s: %s %s", client, op, name);
-	/*
-	 * The change is allowed if at least one of:
-	 * a) it's for the principal him/herself and this was an initial ticket
-	 * b) the user is on the CPW ACL.
-	 */
-
-	if (initial
-	    && krb5_principal_compare (context->context, context->caller,
-				       princ))
-	    ret = 0;
-	else
-	    ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
-
-	if(ret) {
-	    krb5_free_principal(context->context, princ);
-	    goto fail;
-	}
-	ret = kadm5_randkey_principal(kadm_handle, princ, 
-				      &new_keys, &n_keys);
-	krb5_free_principal(context->context, princ);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    int i;
-	    krb5_store_int32(sp, n_keys);
-	    for(i = 0; i < n_keys; i++){
-		krb5_store_keyblock(sp, new_keys[i]);
-		krb5_free_keyblock_contents(context->context, &new_keys[i]);
-	    }
-	}
-	break;
-    }
-    case kadm_get_privs:{
-	ret = kadm5_get_privs(kadm_handle, &mask);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0)
-	    krb5_store_int32(sp, mask);
-	break;
-    }
-    case kadm_get_princs:{
-	op = "LIST";
-	ret = krb5_ret_int32(sp, &tmp);
-	if(ret)
-	    goto fail;
-	if(tmp){
-	    ret = krb5_ret_string(sp, &exp);
-	    if(ret)
-		goto fail;
-	}else
-	    exp = NULL;
-	krb5_warnx(context->context, "%s: %s %s", client, op, exp ? exp : "*");
-	ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL);
-	if(ret){
-	    free(exp);
-	    goto fail;
-	}
-	ret = kadm5_get_principals(kadm_handle, exp, &princs, &n_princs);
-	free(exp);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, ret);
-	if(ret == 0){
-	    int i;
-	    krb5_store_int32(sp, n_princs);
-	    for(i = 0; i < n_princs; i++)
-		krb5_store_string(sp, princs[i]);
-	    kadm5_free_name_list(kadm_handle, princs, &n_princs);
-	}
-	break;
-    }
-    default:
-	krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd);
-	krb5_storage_free(sp);
-	sp = krb5_storage_emem();
-	krb5_store_int32(sp, KADM5_FAILURE);
-	break;
-    }
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-    return 0;
-fail:
-    krb5_warn(context->context, ret, "%s", op);
-    krb5_storage_seek(sp, 0, SEEK_SET);
-    krb5_store_int32(sp, ret);
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-    return 0;
-}
-
-static void
-v5_loop (krb5_context context,
-	 krb5_auth_context ac,
-	 krb5_boolean initial,
-	 void *kadm_handle,
-	 int fd)
-{
-    krb5_error_code ret;
-    krb5_data in, out;
-
-    for (;;) {
-	doing_useful_work = 0;
-	if(term_flag)
-	    exit(0);
-	ret = krb5_read_priv_message(context, ac, &fd, &in);
-	if(ret == HEIM_ERR_EOF)
-	    exit(0);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_read_priv_message");
-	doing_useful_work = 1;
-	kadmind_dispatch(kadm_handle, initial, &in, &out);
-	krb5_data_free(&in);
-	ret = krb5_write_priv_message(context, ac, &fd, &out);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_write_priv_message");
-    }
-}
-
-static krb5_boolean
-match_appl_version(const void *data, const char *appl_version)
-{
-    unsigned minor;
-    if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
-	return 0;
-    *(unsigned*)data = minor;
-    return 1;
-}
-
-static void
-handle_v5(krb5_context context,
-	  krb5_auth_context ac,
-	  krb5_keytab keytab,
-	  int len,
-	  int fd)
-{
-    krb5_error_code ret;
-    u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
-    krb5_ticket *ticket;
-    char *server_name;
-    char *client;
-    void *kadm_handle;
-    ssize_t n;
-    krb5_boolean initial;
-
-    unsigned kadm_version;
-    kadm5_config_params realm_params;
-
-    if (len != sizeof(KRB5_SENDAUTH_VERSION))
-	krb5_errx(context, 1, "bad sendauth len %d", len);
-    n = krb5_net_read(context, &fd, version, len);
-    if (n < 0)
-	krb5_err (context, 1, errno, "reading sendauth version");
-    if (n == 0)
-	krb5_errx (context, 1, "EOF reading sendauth version");
-    if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
-	krb5_errx(context, 1, "bad sendauth version %.8s", version);
-	
-    ret = krb5_recvauth_match_version(context, &ac, &fd, 
-				      match_appl_version, &kadm_version,
-				      NULL, KRB5_RECVAUTH_IGNORE_VERSION, 
-				      keytab, &ticket);
-    if(ret == KRB5_KT_NOTFOUND)
-	krb5_errx(context, 1, "krb5_recvauth: key not found");
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_recvauth");
-
-    ret = krb5_unparse_name (context, ticket->server, &server_name);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-
-    if (strncmp (server_name, KADM5_ADMIN_SERVICE,
-		 strlen(KADM5_ADMIN_SERVICE)) != 0)
-	krb5_errx (context, 1, "ticket for strange principal (%s)",
-		   server_name);
-
-    free (server_name);
-
-    memset(&realm_params, 0, sizeof(realm_params));
-
-    if(kadm_version == 1) {
-	krb5_data params;
-	ret = krb5_read_priv_message(context, ac, &fd, &params);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_read_priv_message");
-	_kadm5_unmarshal_params(context, &params, &realm_params);
-    }
-
-    initial = ticket->ticket.flags.initial;
-    ret = krb5_unparse_name(context, ticket->client, &client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-    krb5_free_ticket (context, ticket);
-    ret = kadm5_init_with_password_ctx(context, 
-				       client, 
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       &realm_params, 
-				       0, 0, 
-				       &kadm_handle);
-    if(ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-    v5_loop (context, ac, initial, kadm_handle, fd);
-}
-
-extern int do_kerberos4;
-
-krb5_error_code
-kadmind_loop(krb5_context context,
-	     krb5_auth_context ac,
-	     krb5_keytab keytab, 
-	     int fd)
-{
-    unsigned char tmp[4];
-    ssize_t n;
-    unsigned long len;
-
-    n = krb5_net_read(context, &fd, tmp, 4);
-    if(n == 0)
-	exit(0);
-    if(n < 0)
-	krb5_err(context, 1, errno, "read");
-    _krb5_get_int(tmp, &len, 4);
-    if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
-	len >>= 16;
-#ifdef KRB4
-	if(do_kerberos4)
-	    handle_v4(context, keytab, len, fd);
-	else
-	    krb5_errx(context, 1, "version 4 kadmin is disabled");
-#else
-	krb5_errx(context, 1, "packet appears to be version 4");
-#endif
-    } else {
-	handle_v5(context, ac, keytab, len, fd);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c
deleted file mode 100644
index b25bf2a60ca2..000000000000
--- a/crypto/heimdal/kadmin/util.c
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadmin_locl.h"
-#include <parse_units.h>
-
-RCSID("$Id: util.c,v 1.39 2003/04/14 11:55:27 lha Exp $");
-
-/*
- * util.c - functions for parsing, unparsing, and editing different
- * types of data used in kadmin.
- */
-
-static int
-get_response(const char *prompt, const char *def, char *buf, size_t len);
-
-/*
- * attributes 
- */
-
-struct units kdb_attrs[] = {
-    { "new-princ",		KRB5_KDB_NEW_PRINC },
-    { "support-desmd5",		KRB5_KDB_SUPPORT_DESMD5 },
-    { "pwchange-service",	KRB5_KDB_PWCHANGE_SERVICE },
-    { "disallow-svr",		KRB5_KDB_DISALLOW_SVR },
-    { "requires-pw-change",	KRB5_KDB_REQUIRES_PWCHANGE },
-    { "requires-hw-auth",	KRB5_KDB_REQUIRES_HW_AUTH },
-    { "requires-pre-auth",	KRB5_KDB_REQUIRES_PRE_AUTH },
-    { "disallow-all-tix",	KRB5_KDB_DISALLOW_ALL_TIX },
-    { "disallow-dup-skey",	KRB5_KDB_DISALLOW_DUP_SKEY },
-    { "disallow-proxiable",	KRB5_KDB_DISALLOW_PROXIABLE },
-    { "disallow-renewable",	KRB5_KDB_DISALLOW_RENEWABLE },
-    { "disallow-tgt-based",	KRB5_KDB_DISALLOW_TGT_BASED },
-    { "disallow-forwardable",	KRB5_KDB_DISALLOW_FORWARDABLE },
-    { "disallow-postdated",	KRB5_KDB_DISALLOW_POSTDATED },
-    { NULL }
-};
-
-/*
- * convert the attributes in `attributes' into a printable string
- * in `str, len'
- */
-
-void
-attributes2str(krb5_flags attributes, char *str, size_t len)
-{
-    unparse_flags (attributes, kdb_attrs, str, len);
-}
-
-/*
- * convert the string in `str' into attributes in `flags'
- * return 0 if parsed ok, else -1.
- */
-
-int
-str2attributes(const char *str, krb5_flags *flags)
-{
-    int res;
-
-    res = parse_flags (str, kdb_attrs, *flags);
-    if (res < 0)
-	return res;
-    else {
-	*flags = res;
-	return 0;
-    }
-}
-
-/*
- * try to parse the string `resp' into attributes in `attr', also
- * setting the `bit' in `mask' if attributes are given and valid.
- */
-
-int
-parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit)
-{
-    krb5_flags tmp = *attr;
-
-    if (str2attributes(resp, &tmp) == 0) {
-	*attr = tmp;
-	if (mask)
-	    *mask |= bit;
-	return 0;
-    } else if(*resp == '?') {
-	print_flags_table (kdb_attrs, stderr);
-    } else {
-	fprintf (stderr, "Unable to parse '%s'\n", resp);
-    }
-    return -1;
-}
-
-/*
- * allow the user to edit the attributes in `attr', prompting with `prompt'
- */
-
-int
-edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
-{
-    char buf[1024], resp[1024];
-
-    if (mask && (*mask & bit))
-	return 0;
-
-    attributes2str(*attr, buf, sizeof(buf));
-    for (;;) {
-	if(get_response("Attributes", buf, resp, sizeof(resp)) != 0)
-	    return 1;
-	if (resp[0] == '\0')
-	    break;
-	if (parse_attributes (resp, attr, mask, bit) == 0)
-	    break;
-    }
-    return 0;
-}
-
-/*
- * time_t
- * the special value 0 means ``never''
- */
-
-/*
- * Convert the time `t' to a string representation in `str' (of max
- * size `len').  If include_time also include time, otherwise just
- * date.  
- */
-
-void
-time_t2str(time_t t, char *str, size_t len, int include_time)
-{
-    if(t) {
-	if(include_time)
-	    strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t));
-	else
-	    strftime(str, len, "%Y-%m-%d", gmtime(&t));
-    } else
-	snprintf(str, len, "never");
-}
-
-/*
- * Convert the time representation in `str' to a time in `time'.
- * Return 0 if succesful, else -1.
- */
-
-int
-str2time_t (const char *str, time_t *t)
-{
-    const char *p;
-    struct tm tm, tm2;
-
-    memset (&tm, 0, sizeof (tm));
-
-    if(strcasecmp(str, "never") == 0) {
-	*t = 0;
-	return 0;
-    }
-
-    if(strcasecmp(str, "now") == 0) {
-	*t = time(NULL);
-	return 0;
-    }
-
-    p = strptime (str, "%Y-%m-%d", &tm);
-
-    if (p == NULL)
-	return -1;
-
-    /* Do it on the end of the day */
-    tm2.tm_hour = 23;
-    tm2.tm_min  = 59;
-    tm2.tm_sec  = 59;
-
-    if(strptime (p, "%H:%M:%S", &tm2) != NULL) {
-	tm.tm_hour = tm2.tm_hour;
-	tm.tm_min  = tm2.tm_min;
-	tm.tm_sec  = tm2.tm_sec;
-    }
-
-    *t = tm2time (tm, 0);
-    return 0;
-}
-
-/*
- * try to parse the time in `resp' storing it in `value'
- */
-
-int
-parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit)
-{
-    time_t tmp;
-
-    if (str2time_t(resp, &tmp) == 0) {
-	*value = tmp;
-	if(mask)
-	    *mask |= bit;
-	return 0;
-    } else if(*resp == '?') {
-	printf ("Print date on format YYYY-mm-dd [hh:mm:ss]\n");
-    } else {
-	fprintf (stderr, "Unable to parse time '%s'\n", resp);
-    }
-    return -1;
-}
-
-/*
- * allow the user to edit the time in `value'
- */
-
-int
-edit_timet (const char *prompt, krb5_timestamp *value, int *mask, int bit)
-{
-    char buf[1024], resp[1024];
-
-    if (mask && (*mask & bit))
-	return 0;
-
-    time_t2str (*value, buf, sizeof (buf), 0);
-
-    for (;;) {
-	if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
-	    return 1;
-	if (parse_timet (resp, value, mask, bit) == 0)
-	    break;
-    }
-    return 0;
-}
-
-/*
- * deltat
- * the special value 0 means ``unlimited''
- */
-
-/*
- * convert the delta_t value in `t' into a printable form in `str, len'
- */
-
-void
-deltat2str(unsigned t, char *str, size_t len)
-{
-    if(t == 0 || t == INT_MAX)
-	snprintf(str, len, "unlimited");
-    else
-	unparse_time(t, str, len);
-}
-
-/*
- * parse the delta value in `str', storing result in `*delta'
- * return 0 if ok, else -1
- */
-
-int
-str2deltat(const char *str, krb5_deltat *delta)
-{
-    int res;
-
-    if(strcasecmp(str, "unlimited") == 0) {
-	*delta = 0;
-	return 0;
-    }
-    res = parse_time(str, "day");
-    if (res < 0)
-	return res;
-    else {
-	*delta = res;
-	return 0;
-    }
-}
-
-/*
- * try to parse the string in `resp' into a deltad in `value'
- * `mask' will get the bit `bit' set if a value was given.
- */
-
-int
-parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit)
-{
-    krb5_deltat tmp;
-
-    if (str2deltat(resp, &tmp) == 0) {
-	*value = tmp;
-	if (mask)
-	    *mask |= bit;
-	return 0;
-    } else if(*resp == '?') {
-	print_time_table (stderr);
-    } else {
-	fprintf (stderr, "Unable to parse time '%s'\n", resp);
-    }
-    return -1;
-}
-
-/*
- * allow the user to edit the deltat in `value'
- */
-
-int
-edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit)
-{
-    char buf[1024], resp[1024];
-
-    if (mask && (*mask & bit))
-	return 0;
-
-    deltat2str(*value, buf, sizeof(buf));
-    for (;;) {
-	if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
-	    return 1;
-	if (parse_deltat (resp, value, mask, bit) == 0)
-	    break;
-    }
-    return 0;
-}
-
-/*
- * allow the user to edit `ent'
- */
-
-void
-set_defaults(kadm5_principal_ent_t ent, int *mask,
-	     kadm5_principal_ent_t default_ent, int default_mask)
-{
-    if (default_ent
-	&& (default_mask & KADM5_MAX_LIFE)
-	&& !(*mask & KADM5_MAX_LIFE))
-	ent->max_life = default_ent->max_life;
-
-    if (default_ent
-	&& (default_mask & KADM5_MAX_RLIFE)
-	&& !(*mask & KADM5_MAX_RLIFE))
-	ent->max_renewable_life = default_ent->max_renewable_life;
-
-    if (default_ent
-	&& (default_mask & KADM5_PRINC_EXPIRE_TIME)
-	&& !(*mask & KADM5_PRINC_EXPIRE_TIME))
-	ent->princ_expire_time = default_ent->princ_expire_time;
-
-    if (default_ent
-	&& (default_mask & KADM5_PW_EXPIRATION)
-	&& !(*mask & KADM5_PW_EXPIRATION))
-	ent->pw_expiration = default_ent->pw_expiration;
-
-    if (default_ent
-	&& (default_mask & KADM5_ATTRIBUTES)
-	&& !(*mask & KADM5_ATTRIBUTES))
-	ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
-}
-
-int
-edit_entry(kadm5_principal_ent_t ent, int *mask,
-	   kadm5_principal_ent_t default_ent, int default_mask)
-{
-
-    set_defaults(ent, mask, default_ent, default_mask);
-
-    if(edit_deltat ("Max ticket life", &ent->max_life, mask,
-		    KADM5_MAX_LIFE) != 0)
-	return 1;
-    
-    if(edit_deltat ("Max renewable life", &ent->max_renewable_life, mask,
-		    KADM5_MAX_RLIFE) != 0)
-	return 1;
-
-    if(edit_timet ("Principal expiration time", &ent->princ_expire_time, mask,
-		   KADM5_PRINC_EXPIRE_TIME) != 0)
-	return 1;
-
-    if(edit_timet ("Password expiration time", &ent->pw_expiration, mask,
-		   KADM5_PW_EXPIRATION) != 0)
-	return 1;
-
-    if(edit_attributes ("Attributes", &ent->attributes, mask,
-			KADM5_ATTRIBUTES) != 0)
-	return 1;
-
-    return 0;
-}
-
-/*
- * Parse the arguments, set the fields in `ent' and the `mask' for the
- * entries having been set.
- * Return 1 on failure and 0 on success.
- */
-
-int
-set_entry(krb5_context context,
-	  kadm5_principal_ent_t ent,
-	  int *mask,
-	  const char *max_ticket_life,
-	  const char *max_renewable_life,
-	  const char *expiration,
-	  const char *pw_expiration,
-	  const char *attributes)
-{
-    if (max_ticket_life != NULL) {
-	if (parse_deltat (max_ticket_life, &ent->max_life, 
-			  mask, KADM5_MAX_LIFE)) {
-	    krb5_warnx (context, "unable to parse `%s'", max_ticket_life);
-	    return 1;
-	}
-    }
-    if (max_renewable_life != NULL) {
-	if (parse_deltat (max_renewable_life, &ent->max_renewable_life, 
-			  mask, KADM5_MAX_RLIFE)) {
-	    krb5_warnx (context, "unable to parse `%s'", max_renewable_life);
-	    return 1;
-	}
-    }
-
-    if (expiration) {
-	if (parse_timet (expiration, &ent->princ_expire_time, 
-			mask, KADM5_PRINC_EXPIRE_TIME)) {
-	    krb5_warnx (context, "unable to parse `%s'", expiration);
-	    return 1;
-	}
-    }
-    if (pw_expiration) {
-	if (parse_timet (pw_expiration, &ent->pw_expiration, 
-			 mask, KADM5_PW_EXPIRATION)) {
-	    krb5_warnx (context, "unable to parse `%s'", pw_expiration);
-	    return 1;
-	}
-    }
-    if (attributes != NULL) {
-	if (parse_attributes (attributes, &ent->attributes, 
-			      mask, KADM5_ATTRIBUTES)) {
-	    krb5_warnx (context, "unable to parse `%s'", attributes);
-	    return 1;
-	}
-    }
-    return 0;
-}
-
-/*
- * Does `string' contain any globing characters?
- */
-
-static int
-is_expression(const char *string)
-{
-    const char *p;
-    int quote = 0;
-
-    for(p = string; *p; p++) {
-	if(quote) {
-	    quote = 0;
-	    continue;
-	}
-	if(*p == '\\')
-	    quote++;
-	else if(strchr("[]*?", *p) != NULL) 
-	    return 1;
-    }
-    return 0;
-}
-
-/* loop over all principals matching exp */
-int
-foreach_principal(const char *exp, 
-		  int (*func)(krb5_principal, void*), 
-		  const char *funcname,
-		  void *data)
-{
-    char **princs;
-    int num_princs;
-    int i;
-    krb5_error_code ret;
-    krb5_principal princ_ent;
-    int is_expr;
-
-    /* if this isn't an expression, there is no point in wading
-       through the whole database looking for matches */
-    is_expr = is_expression(exp);
-    if(is_expr)
-	ret = kadm5_get_principals(kadm_handle, exp, &princs, &num_princs);
-    if(!is_expr || ret == KADM5_AUTH_LIST) {
-	/* we might be able to perform the requested opreration even
-           if we're not allowed to list principals */
-	num_princs = 1;
-	princs = malloc(sizeof(*princs));
-	if(princs == NULL)
-	    return ENOMEM;
-	princs[0] = strdup(exp);
-	if(princs[0] == NULL){ 
-	    free(princs);
-	    return ENOMEM;
-	}
-    } else if(ret) {
-	krb5_warn(context, ret, "kadm5_get_principals");
-	return ret;
-    }
-    for(i = 0; i < num_princs; i++) {
-	ret = krb5_parse_name(context, princs[i], &princ_ent);
-	if(ret){
-	    krb5_warn(context, ret, "krb5_parse_name(%s)", princs[i]);
-	    continue;
-	}
-	ret = (*func)(princ_ent, data);
-	if(ret)
-	    krb5_warn(context, ret, "%s %s", funcname, princs[i]);
-	krb5_free_principal(context, princ_ent);
-    }
-    kadm5_free_name_list(kadm_handle, princs, &num_princs);
-    return 0;
-}
-
-/*
- * prompt with `prompt' and default value `def', and store the reply
- * in `buf, len'
- */
-
-#include <setjmp.h>
-
-static jmp_buf jmpbuf;
-
-static void
-interrupt(int sig)
-{
-    longjmp(jmpbuf, 1);
-}
-
-static int
-get_response(const char *prompt, const char *def, char *buf, size_t len)
-{
-    char *p;
-    void (*osig)(int);
-
-    osig = signal(SIGINT, interrupt);
-    if(setjmp(jmpbuf)) {
-	signal(SIGINT, osig);
-	printf("\n");
-	return 1;
-    }
-
-    printf("%s [%s]:", prompt, def);
-    if(fgets(buf, len, stdin) == NULL) {
-	int save_errno = errno;
-	if(ferror(stdin))
-	    krb5_err(context, 1, save_errno, "<stdin>");
-	signal(SIGINT, osig);
-	return 1;
-    }
-    p = strchr(buf, '\n');
-    if(p)
-	*p = '\0';
-    if(strcmp(buf, "") == 0)
-	strlcpy(buf, def, len);
-    signal(SIGINT, osig);
-    return 0;
-}
-
-/*
- * return [0, 16) or -1
- */
-
-static int
-hex2n (char c)
-{
-    static char hexdigits[] = "0123456789abcdef";
-    const char *p;
-
-    p = strchr (hexdigits, tolower((unsigned char)c));
-    if (p == NULL)
-	return -1;
-    else
-	return p - hexdigits;
-}
-
-/*
- * convert a key in a readable format into a keyblock.
- * return 0 iff succesful, otherwise `err' should point to an error message
- */
-
-int
-parse_des_key (const char *key_string, krb5_key_data *key_data,
-	       const char **err)
-{
-    const char *p = key_string;
-    unsigned char bits[8];
-    int i;
-
-    if (strlen (key_string) != 16) {
-	*err = "bad length, should be 16 for DES key";
-	return 1;
-    }
-    for (i = 0; i < 8; ++i) {
-	int d1, d2;
-
-	d1 = hex2n(p[2 * i]);
-	d2 = hex2n(p[2 * i + 1]);
-	if (d1 < 0 || d2 < 0) {
-	    *err = "non-hex character";
-	    return 1;
-	}
-	bits[i] = (d1 << 4) | d2;
-    }
-    for (i = 0; i < 3; ++i) {
-	key_data[i].key_data_ver  = 2;
-	key_data[i].key_data_kvno = 0;
-	/* key */
-	key_data[i].key_data_type[0]     = ETYPE_DES_CBC_CRC;
-	key_data[i].key_data_length[0]   = 8;
-	key_data[i].key_data_contents[0] = malloc(8);
-	memcpy (key_data[i].key_data_contents[0], bits, 8);
-	/* salt */
-	key_data[i].key_data_type[1]     = KRB5_PW_SALT;
-	key_data[i].key_data_length[1]   = 0;
-	key_data[i].key_data_contents[1] = NULL;
-    }
-    key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
-    key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
-    return 0;
-}
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
deleted file mode 100644
index 80bf9271f056..000000000000
--- a/crypto/heimdal/kadmin/version4.c
+++ /dev/null
@@ -1,1014 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-#define Principal krb4_Principal
-#define kadm_get krb4_kadm_get
-#undef ALLOC
-#include <krb.h>
-#include <kadm.h>
-#include <krb_err.h>
-#include <kadm_err.h>
-
-RCSID("$Id: version4.c,v 1.29 2002/10/29 10:33:23 joda Exp $");
-
-#define KADM_NO_OPCODE -1
-#define KADM_NO_ENCRYPT -2
-
-/*
- * make an error packet if we fail encrypting
- */
-
-static void
-make_you_lose_packet(int code, krb5_data *reply)
-{
-    krb5_data_alloc(reply, KADM_VERSIZE + 4);
-    memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE);
-    _krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4);
-}
-
-static int
-ret_fields(krb5_storage *sp, char *fields)
-{
-    return krb5_storage_read(sp, fields, FLDSZ);
-}
-
-static int
-store_fields(krb5_storage *sp, char *fields)
-{
-    return krb5_storage_write(sp, fields, FLDSZ);
-}
-
-static void
-ret_vals(krb5_storage *sp, Kadm_vals *vals)
-{
-    int field;
-    char *tmp_string;
-
-    memset(vals, 0, sizeof(*vals));
-    
-    ret_fields(sp, vals->fields);
-    
-    for(field = 31; field >= 0; field--) {
-	if(IS_FIELD(field, vals->fields)) {
-	    switch(field) {
-	    case KADM_NAME:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->name, tmp_string, sizeof(vals->name));
-		free(tmp_string);
-		break;
-	    case KADM_INST:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->instance, tmp_string, 
-				sizeof(vals->instance));
-		free(tmp_string);
-		break;
-	    case KADM_EXPDATE:
-		krb5_ret_int32(sp, &vals->exp_date);
-		break;
-	    case KADM_ATTR:
-		krb5_ret_int16(sp, &vals->attributes);
-		break;
-	    case KADM_MAXLIFE:
-		krb5_ret_int8(sp, &vals->max_life);
-		break;
-	    case KADM_DESKEY:
-		krb5_ret_int32(sp, &vals->key_high);
-		krb5_ret_int32(sp, &vals->key_low);
-		break;
-#ifdef EXTENDED_KADM
-	    case KADM_MODDATE:
-		krb5_ret_int32(sp, &vals->mod_date);
-		break;
-	    case KADM_MODNAME:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->mod_name, tmp_string, 
-				sizeof(vals->mod_name));
-		free(tmp_string);
-		break;
-	    case KADM_MODINST:
-		krb5_ret_stringz(sp, &tmp_string);
-		strlcpy(vals->mod_instance, tmp_string, 
-				sizeof(vals->mod_instance));
-		free(tmp_string);
-		break;
-	    case KADM_KVNO:
-		krb5_ret_int8(sp, &vals->key_version);
-		break;
-#endif
-	    default:
-		break;
-	    }
-	}
-    }
-}
-
-static void
-store_vals(krb5_storage *sp, Kadm_vals *vals)
-{
-    int field;
-    
-    store_fields(sp, vals->fields);
-
-    for(field = 31; field >= 0; field--) {
-	if(IS_FIELD(field, vals->fields)) {
-	    switch(field) {
-	    case KADM_NAME:
-		krb5_store_stringz(sp, vals->name);
-		break;
-	    case KADM_INST:
-		krb5_store_stringz(sp, vals->instance);
-		break;
-	    case KADM_EXPDATE:
-		krb5_store_int32(sp, vals->exp_date);
-		break;
-	    case KADM_ATTR:
-		krb5_store_int16(sp, vals->attributes);
-		break;
-	    case KADM_MAXLIFE:
-		krb5_store_int8(sp, vals->max_life);
-		break;
-	    case KADM_DESKEY:
-		krb5_store_int32(sp, vals->key_high);
-		krb5_store_int32(sp, vals->key_low);
-		break;
-#ifdef EXTENDED_KADM
-	    case KADM_MODDATE:
-		krb5_store_int32(sp, vals->mod_date);
-		break;
-	    case KADM_MODNAME:
-		krb5_store_stringz(sp, vals->mod_name);
-		break;
-	    case KADM_MODINST:
-		krb5_store_stringz(sp, vals->mod_instance);
-		break;
-	    case KADM_KVNO:
-		krb5_store_int8(sp, vals->key_version);
-		break;
-#endif
-	    default:
-		break;
-	    }
-	}
-    }
-}
-
-static int
-flags_4_to_5(char *flags)
-{
-    int i;
-    int32_t mask = 0;
-    for(i = 31; i >= 0; i--) {
-	if(IS_FIELD(i, flags))
-	    switch(i) {
-	    case KADM_NAME:
-	    case KADM_INST:
-		mask |= KADM5_PRINCIPAL;
-	    case KADM_EXPDATE:
-		mask |= KADM5_PRINC_EXPIRE_TIME;
-	    case KADM_MAXLIFE:
-		mask |= KADM5_MAX_LIFE;
-#ifdef EXTENDED_KADM
-	    case KADM_KVNO:
-		mask |= KADM5_KEY_DATA;
-	    case KADM_MODDATE:
-		mask |= KADM5_MOD_TIME;
-	    case KADM_MODNAME:
-	    case KADM_MODINST:
-		mask |= KADM5_MOD_NAME;
-#endif
-	    }
-    }
-    return mask;
-}
-
-static void
-ent_to_values(krb5_context context,
-	      kadm5_principal_ent_t ent,
-	      int32_t mask,
-	      Kadm_vals *vals)
-{
-    krb5_error_code ret;
-    char realm[REALM_SZ];
-    time_t exp = 0;
-
-    memset(vals, 0, sizeof(*vals));
-    if(mask & KADM5_PRINCIPAL) {
-	ret = krb5_524_conv_principal(context, ent->principal, 
-				      vals->name, vals->instance, realm);
-	SET_FIELD(KADM_NAME, vals->fields);
-	SET_FIELD(KADM_INST, vals->fields);
-    }
-    if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	if(ent->princ_expire_time != 0)
-	    exp = ent->princ_expire_time;
-    }
-    if(mask & KADM5_PW_EXPIRATION) {
-	if(ent->pw_expiration != 0 && (exp == 0 || exp > ent->pw_expiration))
-	    exp = ent->pw_expiration;
-    }
-    if(exp) {
-	vals->exp_date = exp;
-	SET_FIELD(KADM_EXPDATE, vals->fields);
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(ent->max_life == 0)
-	    vals->max_life = 255;
-	else
-	    vals->max_life = krb_time_to_life(0, ent->max_life);
-	SET_FIELD(KADM_MAXLIFE, vals->fields);
-    }
-    if(mask & KADM5_KEY_DATA) {
-	if(ent->n_key_data > 0) {
-#ifdef EXTENDED_KADM
-	vals->key_version = ent->key_data[0].key_data_kvno;
-	SET_FIELD(KADM_KVNO, vals->fields);
-#endif
-	}
-	/* XXX the key itself? */
-    }
-#ifdef EXTENDED_KADM
-    if(mask & KADM5_MOD_TIME) {
-	vals->mod_date = ent->mod_date;
-	SET_FIELD(KADM_MODDATE, vals->fields);
-    }
-    if(mask & KADM5_MOD_NAME) {
-	krb5_524_conv_principal(context, ent->mod_name, 
-				vals->mod_name, vals->mod_instance, realm);
-	SET_FIELD(KADM_MODNAME, vals->fields);
-	SET_FIELD(KADM_MODINST, vals->fields);
-    }
-#endif
-}
-
-/*
- * convert the kadm4 values in `vals' to `ent' (and `mask')
- */
-
-static krb5_error_code
-values_to_ent(krb5_context context,
-	      Kadm_vals *vals, 
-	      kadm5_principal_ent_t ent,
-	      int32_t *mask)
-{
-    krb5_error_code ret;
-    *mask = 0;
-    memset(ent, 0, sizeof(*ent));
-    
-    if(IS_FIELD(KADM_NAME, vals->fields)) {
-	char *inst = NULL;
-	if(IS_FIELD(KADM_INST, vals->fields))
-	    inst = vals->instance;
-	ret = krb5_425_conv_principal(context, 
-				      vals->name,
-				      inst,
-				      NULL,
-				      &ent->principal);
-	if(ret)
-	    return ret;
-	*mask |= KADM5_PRINCIPAL;
-    }
-    if(IS_FIELD(KADM_EXPDATE, vals->fields)) {
-	ent->princ_expire_time = vals->exp_date;
-	*mask |= KADM5_PRINC_EXPIRE_TIME;
-    }
-    if(IS_FIELD(KADM_MAXLIFE, vals->fields)) {
-	ent->max_life = krb_life_to_time(0, vals->max_life);
-	*mask |= KADM5_MAX_LIFE;
-    }
-    
-    if(IS_FIELD(KADM_DESKEY, vals->fields)) {
-	int i;
-	ent->key_data = calloc(3, sizeof(*ent->key_data));
-	if(ent->key_data == NULL)
-	    return ENOMEM;
-	for(i = 0; i < 3; i++) {
-	    u_int32_t key_low, key_high;
-
-	    ent->key_data[i].key_data_ver = 2;
-#ifdef EXTENDED_KADM
-	    if(IS_FIELD(KADM_KVNO, vals->fields))
-		ent->key_data[i].key_data_kvno = vals->key_version;
-#endif
-	    ent->key_data[i].key_data_type[0] = ETYPE_DES_CBC_MD5;
-	    ent->key_data[i].key_data_length[0] = 8;
-	    if((ent->key_data[i].key_data_contents[0] = malloc(8)) == NULL)
-		return ENOMEM;
-
-	    key_low  = ntohl(vals->key_low);
-	    key_high = ntohl(vals->key_high);
-	    memcpy(ent->key_data[i].key_data_contents[0],
-		   &key_low, 4);
-	    memcpy((char*)ent->key_data[i].key_data_contents[0] + 4,
-		   &key_high, 4);
-	    ent->key_data[i].key_data_type[1] = KRB5_PW_SALT;
-	    ent->key_data[i].key_data_length[1] = 0;
-	    ent->key_data[i].key_data_contents[1] = NULL;
-	}
-	ent->key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
-	ent->key_data[2].key_data_type[0] = ETYPE_DES_CBC_CRC;
-	ent->n_key_data = 3;
-	*mask |= KADM5_KEY_DATA;
-    }
-    
-#ifdef EXTENDED_KADM
-    if(IS_FIELD(KADM_MODDATE, vals->fields)) {
-	ent->mod_date = vals->mod_date;
-	*mask |= KADM5_MOD_TIME;
-    }
-    if(IS_FIELD(KADM_MODNAME, vals->fields)) {
-	char *inst = NULL;
-	if(IS_FIELD(KADM_MODINST, vals->fields))
-	    inst = vals->mod_instance;
-	ret = krb5_425_conv_principal(context, 
-				      vals->mod_name,
-				      inst,
-				      NULL,
-				      &ent->mod_name);
-	if(ret)
-	    return ret;
-	*mask |= KADM5_MOD_NAME;
-    }
-#endif
-    return 0;
-}
-
-/*
- * Try to translate a KADM5 error code into a v4 kadmin one.
- */
-
-static int
-error_code(int ret)
-{
-    switch (ret) {
-    case 0:
-	return 0;
-    case KADM5_FAILURE :
-    case KADM5_AUTH_GET :
-    case KADM5_AUTH_ADD :
-    case KADM5_AUTH_MODIFY :
-    case KADM5_AUTH_DELETE :
-    case KADM5_AUTH_INSUFFICIENT :
-	return KADM_UNAUTH;
-    case KADM5_BAD_DB :
-	return KADM_UK_RERROR;
-    case KADM5_DUP :
-	return KADM_INUSE;
-    case KADM5_RPC_ERROR :
-    case KADM5_NO_SRV :
-	return KADM_NO_SERV;
-    case KADM5_NOT_INIT :
-	return KADM_NO_CONN;
-    case KADM5_UNK_PRINC :
-	return KADM_NOENTRY;
-    case KADM5_PASS_Q_TOOSHORT :
-#ifdef KADM_PASS_Q_TOOSHORT
-	return KADM_PASS_Q_TOOSHORT;
-#else
-	return KADM_INSECURE_PW;
-#endif
-    case KADM5_PASS_Q_CLASS :
-#ifdef KADM_PASS_Q_CLASS
-	return KADM_PASS_Q_CLASS;
-#else
-	return KADM_INSECURE_PW;
-#endif
-    case KADM5_PASS_Q_DICT :
-#ifdef KADM_PASS_Q_DICT
-	return KADM_PASS_Q_DICT;
-#else
-	return KADM_INSECURE_PW;
-#endif
-    case KADM5_PASS_REUSE :
-    case KADM5_PASS_TOOSOON :
-    case KADM5_BAD_PASSWORD :
-	return KADM_INSECURE_PW;
-    case KADM5_PROTECT_PRINCIPAL :
-	return KADM_IMMUTABLE;
-    case KADM5_POLICY_REF :
-    case KADM5_INIT :
-    case KADM5_BAD_HIST_KEY :
-    case KADM5_UNK_POLICY :
-    case KADM5_BAD_MASK :
-    case KADM5_BAD_CLASS :
-    case KADM5_BAD_LENGTH :
-    case KADM5_BAD_POLICY :
-    case KADM5_BAD_PRINCIPAL :
-    case KADM5_BAD_AUX_ATTR :
-    case KADM5_BAD_HISTORY :
-    case KADM5_BAD_MIN_PASS_LIFE :
-    case KADM5_BAD_SERVER_HANDLE :
-    case KADM5_BAD_STRUCT_VERSION :
-    case KADM5_OLD_STRUCT_VERSION :
-    case KADM5_NEW_STRUCT_VERSION :
-    case KADM5_BAD_API_VERSION :
-    case KADM5_OLD_LIB_API_VERSION :
-    case KADM5_OLD_SERVER_API_VERSION :
-    case KADM5_NEW_LIB_API_VERSION :
-    case KADM5_NEW_SERVER_API_VERSION :
-    case KADM5_SECURE_PRINC_MISSING :
-    case KADM5_NO_RENAME_SALT :
-    case KADM5_BAD_CLIENT_PARAMS :
-    case KADM5_BAD_SERVER_PARAMS :
-    case KADM5_AUTH_LIST :
-    case KADM5_AUTH_CHANGEPW :
-    case KADM5_BAD_TL_TYPE :
-    case KADM5_MISSING_CONF_PARAMS :
-    case KADM5_BAD_SERVER_NAME :
-    default :
-	return KADM_UNAUTH;	/* XXX */
-    }
-}
-
-/*
- * server functions
- */
-
-static int
-kadm_ser_cpw(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    char key[8];
-    char *password = NULL;
-    krb5_error_code ret;
-    
-    krb5_warnx(context, "v4-compat %s: CHPASS %s",
-	       principal_string, principal_string); 
-
-    ret = krb5_storage_read(message, key + 4, 4);
-    ret = krb5_storage_read(message, key, 4);
-    ret = krb5_ret_stringz(message, &password);
-    
-    if(password) {
-	krb5_data pwd_data;
-	const char *tmp;
-
-	pwd_data.data   = password;
-	pwd_data.length = strlen(password);
-
-	tmp = kadm5_check_password_quality (context, principal, &pwd_data);
-
-	if (tmp != NULL) {
-	    krb5_store_stringz (reply, (char *)tmp);
-	    ret = KADM5_PASS_Q_DICT;
-	    goto fail;
-	}
-	ret = kadm5_chpass_principal(kadm_handle, principal, password);
-    } else {
-	krb5_key_data key_data[3];
-	int i;
-	for(i = 0; i < 3; i++) {
-	    key_data[i].key_data_ver = 2;
-	    key_data[i].key_data_kvno = 0;
-	    /* key */
-	    key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
-	    key_data[i].key_data_length[0] = 8;
-	    key_data[i].key_data_contents[0] = malloc(8);
-	    memcpy(key_data[i].key_data_contents[0], &key, 8);
-	    /* salt */
-	    key_data[i].key_data_type[1] = KRB5_PW_SALT;
-	    key_data[i].key_data_length[1] = 0;
-	    key_data[i].key_data_contents[1] = NULL;
-	}
-	key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
-	key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
-	ret = kadm5_s_chpass_principal_with_key(kadm_handle, 
-						principal, 3, key_data);
-    }
-
-    if(ret != 0) {
-	krb5_store_stringz(reply, (char*)krb5_get_err_text(context, ret));
-	goto fail;
-    }
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat CHPASS");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_add(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    int32_t mask;
-    kadm5_principal_ent_rec ent, out;
-    Kadm_vals values;
-    krb5_error_code ret;
-    char name[128];
-
-    ret_vals(message, &values);
-
-    ret = values_to_ent(context, &values, &ent, &mask);
-    if(ret)
-	goto fail;
-
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: ADD %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
-    if(ret) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	goto fail;
-    }
-
-    mask = KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_MAX_LIFE |
-	KADM5_KEY_DATA | KADM5_MOD_TIME | KADM5_MOD_NAME;
-    
-    kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
-    ent_to_values(context, &out, mask, &values);
-    kadm5_free_principal_ent(kadm_handle, &ent);
-    kadm5_free_principal_ent(kadm_handle, &out);
-    store_vals(reply, &values);
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat ADD");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_get(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    krb5_error_code ret;
-    Kadm_vals values;
-    kadm5_principal_ent_rec ent, out;
-    int32_t mask;
-    char flags[FLDSZ];
-    char name[128];
-
-    ret_vals(message, &values);
-    /* XXX BRAIN DAMAGE! these flags are not stored in the same order
-       as in the header */
-    krb5_ret_int8(message, &flags[3]);
-    krb5_ret_int8(message, &flags[2]);
-    krb5_ret_int8(message, &flags[1]);
-    krb5_ret_int8(message, &flags[0]);
-    ret = values_to_ent(context, &values, &ent, &mask);
-    if(ret)
-	goto fail;
-
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: GET %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    mask = flags_4_to_5(flags);
-
-    ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    if (ret)
-	goto fail;
-    
-    ent_to_values(context, &out, mask, &values);
-
-    kadm5_free_principal_ent(kadm_handle, &out);
-
-    store_vals(reply, &values);
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat GET");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_mod(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    Kadm_vals values1, values2;
-    kadm5_principal_ent_rec ent, out;
-    int32_t mask;
-    krb5_error_code ret;
-    char name[128];
-    
-    ret_vals(message, &values1);
-    /* why are the old values sent? is the mask the same in the old and
-       the new entry? */
-    ret_vals(message, &values2);
-    
-    ret = values_to_ent(context, &values2, &ent, &mask);
-    if(ret)
-	goto fail;
-
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: MOD %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    ret = kadm5_s_modify_principal(kadm_handle, &ent, mask);
-    if(ret) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	krb5_warn(context, ret, "kadm5_s_modify_principal");
-	goto fail;
-    }
-
-    ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
-    if(ret) {
-	kadm5_free_principal_ent(kadm_handle, &ent);
-	krb5_warn(context, ret, "kadm5_s_modify_principal");
-	goto fail;
-    }
-
-    ent_to_values(context, &out, mask, &values1);
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-    kadm5_free_principal_ent(kadm_handle, &out);
-    
-    store_vals(reply, &values1);
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat MOD");
-    return error_code(ret);
-}
-
-static int
-kadm_ser_del(krb5_context context,
-	     void *kadm_handle, 
-	     krb5_principal principal, 
-	     const char *principal_string,
-	     krb5_storage *message,
-	     krb5_storage *reply)
-{
-    Kadm_vals values;
-    kadm5_principal_ent_rec ent;
-    int32_t mask;
-    krb5_error_code ret;
-    char name[128];
-
-    ret_vals(message, &values);
-
-    ret = values_to_ent(context, &values, &ent, &mask);
-    if(ret)
-	goto fail;
-    
-    krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
-    krb5_warnx(context, "v4-compat %s: DEL %s",
-	       principal_string, name);
-
-    ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE,
-				       ent.principal);
-    if (ret)
-	goto fail;
-
-    ret = kadm5_delete_principal(kadm_handle, ent.principal);
-
-    kadm5_free_principal_ent(kadm_handle, &ent);
-
-    if (ret)
-	goto fail;
-
-    return 0;
-fail:
-    krb5_warn(context, ret, "v4-compat ADD");
-    return error_code(ret);
-}
-
-static int
-dispatch(krb5_context context,
-	 void *kadm_handle,
-	 krb5_principal principal,
-	 const char *principal_string,
-	 krb5_data msg, 
-	 krb5_data *reply)
-{
-    int retval;
-    int8_t command;
-    krb5_storage *sp_in, *sp_out;
-    
-    sp_in = krb5_storage_from_data(&msg);
-    krb5_ret_int8(sp_in, &command);
-    
-    sp_out = krb5_storage_emem();
-    krb5_storage_write(sp_out, KADM_VERSTR, KADM_VERSIZE);
-    krb5_store_int32(sp_out, 0);
-
-    switch(command) {
-    case CHANGE_PW:
-	retval = kadm_ser_cpw(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case ADD_ENT:
-	retval = kadm_ser_add(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case GET_ENT:
-	retval = kadm_ser_get(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case MOD_ENT:
-	retval = kadm_ser_mod(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    case DEL_ENT:
-	retval = kadm_ser_del(context, kadm_handle, principal,
-			      principal_string,
-			      sp_in, sp_out);
-	break;
-    default:
-	krb5_warnx(context, "v4-compat %s: unknown opcode: %d",
-		   principal_string, command);
-	retval = KADM_NO_OPCODE;
-	break;
-    }
-    krb5_storage_free(sp_in);
-    if(retval) {
-	krb5_storage_seek(sp_out, KADM_VERSIZE, SEEK_SET);
-	krb5_store_int32(sp_out, retval);
-    }
-    krb5_storage_to_data(sp_out, reply);
-    krb5_storage_free(sp_out);
-    return retval;
-}
-
-/*
- * Decode a v4 kadmin packet in `message' and create a reply in `reply'
- */
-
-static void
-decode_packet(krb5_context context,
-	      krb5_keytab keytab,
-	      struct sockaddr_in *admin_addr,
-	      struct sockaddr_in *client_addr,
-	      krb5_data message,
-	      krb5_data *reply)
-{
-    int ret;
-    KTEXT_ST authent;
-    AUTH_DAT ad;
-    MSG_DAT msg_dat;
-    off_t off = 0;
-    unsigned long rlen;
-    char sname[] = "changepw", sinst[] = "kerberos";
-    unsigned long checksum;
-    des_key_schedule schedule;
-    char *msg = message.data;
-    void *kadm_handle;
-    krb5_principal client;
-    char *client_str;
-    krb5_keytab_entry entry;
-    
-    if(message.length < KADM_VERSIZE + 4
-       || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
-	make_you_lose_packet (KADM_BAD_VER, reply);
-	return;
-    }
-
-    off = KADM_VERSIZE;
-    off += _krb5_get_int(msg + off, &rlen, 4);
-    memset(&authent, 0, sizeof(authent));
-    authent.length = message.length - rlen - KADM_VERSIZE - 4;
-
-    if(rlen > message.length - KADM_VERSIZE - 4
-       || authent.length > MAX_KTXT_LEN) {
-	krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
-	make_you_lose_packet (KADM_LENGTH_ERROR, reply);
-	return;
-    }
-
-    memcpy(authent.dat, (char*)msg + off, authent.length);
-    off += authent.length;
-    
-    {
-	krb5_principal principal;
-	krb5_keyblock *key;
-
-	ret = krb5_make_principal(context, &principal, NULL, 
-				  "changepw", "kerberos", NULL);
-	if (ret) {
-	    krb5_warn (context, ret, "krb5_make_principal");
-	    make_you_lose_packet (KADM_NOMEM, reply);
-	    return;
-	}
-	ret = krb5_kt_get_entry (context, keytab, principal, 0,
-				 ETYPE_DES_CBC_MD5, &entry);
-	krb5_kt_close (context, keytab);
-	if (ret) {
-	    krb5_free_principal(context, principal);
-	    make_you_lose_packet (KADM_NO_AUTH, reply);
-	    return;
-	}
-	ret = krb5_copy_keyblock (context, &entry.keyblock,& key);
-	krb5_kt_free_entry(context, &entry);
-	krb5_free_principal(context, principal);
-	if(ret) {
-	    if(ret == KRB5_KT_NOTFOUND)
-		make_you_lose_packet(KADM_NO_AUTH, reply);
-	    else
-		/* XXX */
-		make_you_lose_packet(KADM_NO_AUTH, reply);
-	    krb5_warn(context, ret, "krb5_kt_read_service_key");
-	    return;
-	}
-	
-	if(key->keyvalue.length != 8)
-	    krb5_abortx(context, "key has wrong length (%lu)", 
-			(unsigned long)key->keyvalue.length);
-	krb_set_key(key->keyvalue.data, 0);
-	krb5_free_keyblock(context, key);
-    }
-    
-    ret = krb_rd_req(&authent, sname, sinst, 
-		     client_addr->sin_addr.s_addr, &ad, NULL);
-
-    if(ret) {
-	make_you_lose_packet(ERROR_TABLE_BASE_krb + ret, reply);
-	krb5_warnx(context, "krb_rd_req: %d", ret);
-	return;
-    }
-
-    ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm,
-				  &client);
-    if (ret) {
-	krb5_warnx (context, "krb5_425_conv_principal: %d", ret);
-	make_you_lose_packet (KADM_NOMEM, reply);
-	return;
-    }
-
-    krb5_unparse_name(context, client, &client_str);
-
-    ret = kadm5_init_with_password_ctx(context, 
-				       client_str, 
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       NULL, 0, 0, 
-				       &kadm_handle);
-    if (ret) {
-	krb5_warn (context, ret, "kadm5_init_with_password_ctx");
-	make_you_lose_packet (KADM_NOMEM, reply);
-	goto out;
-    }
-    
-    checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session);
-    if(checksum != ad.checksum) {
-	krb5_warnx(context, "decode_packet: bad checksum");
-	make_you_lose_packet (KADM_BAD_CHK, reply);
-	goto out;
-    }
-    des_set_key(&ad.session, schedule);
-    ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, 
-		      client_addr, admin_addr, &msg_dat);
-    if (ret) {
-	make_you_lose_packet (ERROR_TABLE_BASE_krb + ret, reply);
-	krb5_warnx(context, "krb_rd_priv: %d", ret);
-	goto out;
-    }
-
-    {
-	krb5_data d, r;
-	int retval;
-
-	d.data   = msg_dat.app_data;
-	d.length = msg_dat.app_length;
-	
-	retval = dispatch(context, kadm_handle,
-			  client, client_str, d, &r);
-	krb5_data_alloc(reply, r.length + 26);
-	reply->length = krb_mk_priv(r.data, reply->data, r.length, 
-				    schedule, &ad.session, 
-				    admin_addr, client_addr);
-	if((ssize_t)reply->length < 0) {
-	    make_you_lose_packet(KADM_NO_ENCRYPT, reply);
-	    goto out;
-	}
-    }
-out:
-    krb5_free_principal(context, client);
-    free(client_str);
-}
-
-void
-handle_v4(krb5_context context,
-	  krb5_keytab keytab,
-	  int len,
-	  int fd)
-{
-    int first = 1;
-    struct sockaddr_in admin_addr, client_addr;
-    socklen_t addr_len;
-    krb5_data message, reply;
-    ssize_t n;
-
-    addr_len = sizeof(client_addr);
-    if (getsockname(fd, (struct sockaddr*)&admin_addr, &addr_len) < 0)
-	krb5_errx (context, 1, "getsockname");
-    addr_len = sizeof(client_addr);
-    if (getpeername(fd, (struct sockaddr*)&client_addr, &addr_len) < 0)
-	krb5_errx (context, 1, "getpeername");
-
-    while(1) {
-	doing_useful_work = 0;
-	if(term_flag)
-	    exit(0);
-	if(first) {
-	    /* first time around, we have already read len, and two
-               bytes of the version string */
-	    krb5_data_alloc(&message, len);
-	    memcpy(message.data, "KA", 2);
-	    n = krb5_net_read(context, &fd, (char*)message.data + 2,
-			      len - 2);
-	    if (n == 0)
-		exit (0);
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_read");
-	    first = 0;
-	} else {
-	    char buf[2];
-	    unsigned long tmp;
-	    ssize_t n;
-
-	    n = krb5_net_read(context, &fd, buf, sizeof(2));
-	    if (n == 0)
-		exit (0);
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_read");
-	    _krb5_get_int(buf, &tmp, 2);
-	    krb5_data_alloc(&message, tmp);
-	    n = krb5_net_read(context, &fd, message.data, message.length);
-	    if (n == 0)
-		krb5_errx (context, 1, "EOF in krb5_net_read");
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_read");
-	}
-	doing_useful_work = 1;
-	decode_packet(context, keytab, &admin_addr, &client_addr, 
-		      message, &reply);
-	krb5_data_free(&message);
-	{
-	    char buf[2];
-
-	    _krb5_put_int(buf, reply.length, sizeof(buf));
-	    n = krb5_net_write(context, &fd, buf, sizeof(buf));
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_write");
-	    n = krb5_net_write(context, &fd, reply.data, reply.length);
-	    if (n < 0)
-		krb5_err (context, 1, errno, "krb5_net_write");
-	    krb5_data_free(&reply);
-	}
-    }
-}
diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c
deleted file mode 100644
index 225594e6fcd1..000000000000
--- a/crypto/heimdal/kdc/524.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: 524.c,v 1.29 2003/03/17 05:35:47 assar Exp $");
-
-#ifndef KRB4
-#include <krb5-v4compat.h>
-#endif
-
-/*
- * fetch the server from `t', returning the name in malloced memory in
- * `spn' and the entry itself in `server'
- */
-
-static krb5_error_code
-fetch_server (const Ticket *t,
-	      char **spn,
-	      hdb_entry **server,
-	      const char *from)
-{
-    krb5_error_code ret;
-    krb5_principal sprinc;
-
-    ret = principalname2krb5_principal(&sprinc, t->sname, t->realm);
-    if (ret) {
-	kdc_log(0, "principalname2krb5_principal: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    ret = krb5_unparse_name(context, sprinc, spn);
-    if (ret) {
-	krb5_free_principal(context, sprinc);
-	kdc_log(0, "krb5_unparse_name: %s", krb5_get_err_text(context, ret));
-	return ret;
-    }
-    ret = db_fetch(sprinc, server);
-    krb5_free_principal(context, sprinc);
-    if (ret) {
-	kdc_log(0,
-	"Request to convert ticket from %s for unknown principal %s: %s",
-		from, *spn, krb5_get_err_text(context, ret));
-	if (ret == HDB_ERR_NOENTRY)
-	    ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-log_524 (const EncTicketPart *et,
-	 const char *from,
-	 const char *spn)
-{
-    krb5_principal client;
-    char *cpn;
-    krb5_error_code ret;
-
-    ret = principalname2krb5_principal(&client, et->cname, et->crealm);
-    if (ret) {
-	kdc_log(0, "principalname2krb5_principal: %s",
-		krb5_get_err_text (context, ret));
-	return ret;
-    }
-    ret = krb5_unparse_name(context, client, &cpn);
-    if (ret) {
-	krb5_free_principal(context, client);
-	kdc_log(0, "krb5_unparse_name: %s",
-		krb5_get_err_text (context, ret));
-	return ret;
-    }
-    kdc_log(1, "524-REQ %s from %s for %s", cpn, from, spn);
-    free(cpn);
-    krb5_free_principal(context, client);
-    return 0;
-}
-
-static krb5_error_code
-verify_flags (const EncTicketPart *et,
-	      const char *spn)
-{
-    if(et->endtime < kdc_time){
-	kdc_log(0, "Ticket expired (%s)", spn);
-	return KRB5KRB_AP_ERR_TKT_EXPIRED;
-    }
-    if(et->flags.invalid){
-	kdc_log(0, "Ticket not valid (%s)", spn);
-	return KRB5KRB_AP_ERR_TKT_NYV;
-    }
-    return 0;
-}
-
-/*
- * set the `et->caddr' to the most appropriate address to use, where
- * `addr' is the address the request was received from.
- */
-
-static krb5_error_code
-set_address (EncTicketPart *et,
-	     struct sockaddr *addr,
-	     const char *from)
-{
-    krb5_error_code ret;
-    krb5_address *v4_addr;
-
-    v4_addr = malloc (sizeof(*v4_addr));
-    if (v4_addr == NULL)
-	return ENOMEM;
-
-    ret = krb5_sockaddr2address(context, addr, v4_addr);
-    if(ret) {
-	free (v4_addr);
-	kdc_log(0, "Failed to convert address (%s)", from);
-	return ret;
-    }
-	    
-    if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) {
-	kdc_log(0, "Incorrect network address (%s)", from);
-	krb5_free_address(context, v4_addr);
-	free (v4_addr);
-	return KRB5KRB_AP_ERR_BADADDR;
-    }
-    if(v4_addr->addr_type == KRB5_ADDRESS_INET) {
-	/* we need to collapse the addresses in the ticket to a
-	   single address; best guess is to use the address the
-	   connection came from */
-	
-	if (et->caddr != NULL) {
-	    free_HostAddresses(et->caddr);
-	} else {
-	    et->caddr = malloc (sizeof (*et->caddr));
-	    if (et->caddr == NULL) {
-		krb5_free_address(context, v4_addr);
-		free(v4_addr);
-		return ENOMEM;
-	    }
-	}
-	et->caddr->val = v4_addr;
-	et->caddr->len = 1;
-    } else {
-	krb5_free_address(context, v4_addr);
-	free(v4_addr);
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-encrypt_v4_ticket(void *buf, 
-		  size_t len, 
-		  krb5_keyblock *skey, 
-		  EncryptedData *reply)
-{
-    krb5_crypto crypto;
-    krb5_error_code ret;
-    ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_TICKET,
-				     buf,
-				     len,
-				     0,
-				     reply);
-    krb5_crypto_destroy(context, crypto);
-    if(ret) {
-	kdc_log(0, "Failed to encrypt data: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-encode_524_response(const char *spn, const EncTicketPart et, const Ticket *t,
-		    hdb_entry *server, EncryptedData *ticket, int *kvno)
-{
-    krb5_error_code ret;
-    int use_2b;
-    size_t len;
-
-    use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL);
-    if(use_2b) {
-	ASN1_MALLOC_ENCODE(EncryptedData, 
-			   ticket->cipher.data, ticket->cipher.length, 
-			   &t->enc_part, &len, ret);
-	
-	if (ret) {
-	    kdc_log(0, "Failed to encode v4 (2b) ticket (%s)", spn);
-	    return ret;
-	}
-	
-	ticket->etype = 0;
-	ticket->kvno = NULL;
-	*kvno = 213; /* 2b's use this magic kvno */
-    } else {
-	unsigned char buf[MAX_KTXT_LEN + 4 * 4];
-	Key *skey;
-	
-	if (!enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) {
-	    kdc_log(0, "524 cross-realm %s -> %s disabled", et.crealm,
-		    t->realm);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf),
-			       &et, &t->sname, &len);
-	if(ret){
-	    kdc_log(0, "Failed to encode v4 ticket (%s)", spn);
-	    return ret;
-	}
-	ret = get_des_key(server, TRUE, FALSE, &skey);
-	if(ret){
-	    kdc_log(0, "no suitable DES key for server (%s)", spn);
-	    return ret;
-	}
-	ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len, 
-				&skey->key, ticket);
-	if(ret){
-	    kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn);
-	    return ret;
-	}
-	*kvno = server->kvno;
-    }
-
-    return 0;
-}
-
-/*
- * process a 5->4 request, based on `t', and received `from, addr',
- * returning the reply in `reply'
- */
-
-krb5_error_code
-do_524(const Ticket *t, krb5_data *reply,
-       const char *from, struct sockaddr *addr)
-{
-    krb5_error_code ret = 0;
-    krb5_crypto crypto;
-    hdb_entry *server = NULL;
-    Key *skey;
-    krb5_data et_data;
-    EncTicketPart et;
-    EncryptedData ticket;
-    krb5_storage *sp;
-    char *spn = NULL;
-    unsigned char buf[MAX_KTXT_LEN + 4 * 4];
-    size_t len;
-    int kvno;
-    
-    if(!enable_524) {
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(0, "Rejected ticket conversion request from %s", from);
-	goto out;
-    }
-
-    ret = fetch_server (t, &spn, &server, from);
-    if (ret) {
-	goto out;
-    }
-
-    ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey);
-    if(ret){
-	kdc_log(0, "No suitable key found for server (%s) from %s", spn, from);
-	goto out;
-    }
-    ret = krb5_crypto_init(context, &skey->key, 0, &crypto);
-    if (ret) {
-	kdc_log(0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      KRB5_KU_TICKET,
-				      &t->enc_part,
-				      &et_data);
-    krb5_crypto_destroy(context, crypto);
-    if(ret){
-	kdc_log(0, "Failed to decrypt ticket from %s for %s", from, spn);
-	goto out;
-    }
-    ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length, 
-				    &et, &len);
-    krb5_data_free(&et_data);
-    if(ret){
-	kdc_log(0, "Failed to decode ticket from %s for %s", from, spn);
-	goto out;
-    }
-
-    ret = log_524 (&et, from, spn);
-    if (ret) {
-	free_EncTicketPart(&et);
-	goto out;
-    }
-
-    ret = verify_flags (&et, spn);
-    if (ret) {
-	free_EncTicketPart(&et);
-	goto out;
-    }
-
-    ret = set_address (&et, addr, from);
-    if (ret) {
-	free_EncTicketPart(&et);
-	goto out;
-    }
-
-    ret = encode_524_response(spn, et, t, server, &ticket, &kvno);
-    free_EncTicketPart(&et);
-
-out:
-    /* make reply */
-    memset(buf, 0, sizeof(buf));
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    krb5_store_int32(sp, ret);
-    if(ret == 0){
-	krb5_store_int32(sp, kvno);
-	krb5_store_data(sp, ticket.cipher);
-	/* Aargh! This is coded as a KTEXT_ST. */
-	krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
-	krb5_store_int32(sp, 0); /* mbz */
-	free_EncryptedData(&ticket);
-    }
-    ret = krb5_storage_to_data(sp, reply);
-    reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
-    krb5_storage_free(sp);
-    
-    if(spn)
-	free(spn);
-    if(server)
-	free_ent (server);
-    return ret;
-}
diff --git a/crypto/heimdal/kdc/Makefile b/crypto/heimdal/kdc/Makefile
deleted file mode 100644
index 7bb233f7f9bc..000000000000
--- a/crypto/heimdal/kdc/Makefile
+++ /dev/null
@@ -1,803 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# kdc/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.43 2001/08/28 08:31:27 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = string2key
-
-sbin_PROGRAMS = kstash
-
-libexec_PROGRAMS = hprop hpropd kdc
-
-man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
-
-hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h 
-hpropd_SOURCES = hpropd.c hprop.h
-
-kstash_SOURCES = kstash.c headers.h
-
-string2key_SOURCES = string2key.c headers.h
-
-#krb4_sources = 524.c kerberos4.c kaserver.c rx.h
-krb4_sources = 
-
-kdc_SOURCES = \
-	config.c	\
-	connect.c	\
-	kdc_locl.h	\
-	kerberos5.c	\
-	log.c		\
-	main.c		\
-	misc.c		\
-	$(krb4_sources)
-
-
-hprop_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-
-hpropd_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-
-kdc_LDADD = $(LDADD) $(LIB_pidfile)
-subdir = kdc
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = string2key$(EXEEXT)
-libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT)
-sbin_PROGRAMS = kstash$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(sbin_PROGRAMS)
-
-am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT) v4_dump.$(OBJEXT)
-hprop_OBJECTS = $(am_hprop_OBJECTS)
-hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-hprop_LDFLAGS =
-am_hpropd_OBJECTS = hpropd.$(OBJEXT)
-hpropd_OBJECTS = $(am_hpropd_OBJECTS)
-hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-hpropd_LDFLAGS =
-#am__objects_1 = 524.$(OBJEXT) kerberos4.$(OBJEXT) \
-#	kaserver.$(OBJEXT)
-am__objects_1 =
-am_kdc_OBJECTS = config.$(OBJEXT) connect.$(OBJEXT) kerberos5.$(OBJEXT) \
-	log.$(OBJEXT) main.$(OBJEXT) misc.$(OBJEXT) $(am__objects_1)
-kdc_OBJECTS = $(am_kdc_OBJECTS)
-kdc_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kdc_LDFLAGS =
-am_kstash_OBJECTS = kstash.$(OBJEXT)
-kstash_OBJECTS = $(am_kstash_OBJECTS)
-kstash_LDADD = $(LDADD)
-kstash_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kstash_LDFLAGS =
-am_string2key_OBJECTS = string2key.$(OBJEXT)
-string2key_OBJECTS = $(am_string2key_OBJECTS)
-string2key_LDADD = $(LDADD)
-string2key_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-string2key_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) \
-	$(kstash_SOURCES) $(string2key_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) $(kstash_SOURCES) $(string2key_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kdc/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-hprop$(EXEEXT): $(hprop_OBJECTS) $(hprop_DEPENDENCIES) 
-	@rm -f hprop$(EXEEXT)
-	$(LINK) $(hprop_LDFLAGS) $(hprop_OBJECTS) $(hprop_LDADD) $(LIBS)
-hpropd$(EXEEXT): $(hpropd_OBJECTS) $(hpropd_DEPENDENCIES) 
-	@rm -f hpropd$(EXEEXT)
-	$(LINK) $(hpropd_LDFLAGS) $(hpropd_OBJECTS) $(hpropd_LDADD) $(LIBS)
-kdc$(EXEEXT): $(kdc_OBJECTS) $(kdc_DEPENDENCIES) 
-	@rm -f kdc$(EXEEXT)
-	$(LINK) $(kdc_LDFLAGS) $(kdc_OBJECTS) $(kdc_LDADD) $(LIBS)
-kstash$(EXEEXT): $(kstash_OBJECTS) $(kstash_DEPENDENCIES) 
-	@rm -f kstash$(EXEEXT)
-	$(LINK) $(kstash_LDFLAGS) $(kstash_OBJECTS) $(kstash_LDADD) $(LIBS)
-string2key$(EXEEXT): $(string2key_OBJECTS) $(string2key_DEPENDENCIES) 
-	@rm -f string2key$(EXEEXT)
-	$(LINK) $(string2key_LDFLAGS) $(string2key_OBJECTS) $(string2key_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
-	install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-local install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man8 \
-	install-sbinPROGRAMS install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kdc/Makefile.am b/crypto/heimdal/kdc/Makefile.am
deleted file mode 100644
index f41f46eb5138..000000000000
--- a/crypto/heimdal/kdc/Makefile.am
+++ /dev/null
@@ -1,71 +0,0 @@
-# $Id: Makefile.am,v 1.44 2003/01/14 05:47:06 lha Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-bin_PROGRAMS = string2key
-
-sbin_PROGRAMS = kstash
-
-libexec_PROGRAMS = hprop hpropd kdc
-
-man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
-
-hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h 
-hpropd_SOURCES = hpropd.c hprop.h
-
-kstash_SOURCES = kstash.c headers.h
-
-string2key_SOURCES = string2key.c headers.h
-
-if KRB4
-krb4_sources = kaserver.c rx.h
-else
-krb4_sources =
-endif
-
-kdc_SOURCES = \
-	config.c	\
-	connect.c	\
-	kdc_locl.h	\
-	kerberos5.c	\
-	log.c		\
-	main.c		\
-	misc.c		\
-	524.c		\
-	kerberos4.c	\
-	$(krb4_sources)
-
-
-hprop_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-hpropd_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-kdc_LDADD = $(LDADD) $(LIB_pidfile)
-
diff --git a/crypto/heimdal/kdc/Makefile.in b/crypto/heimdal/kdc/Makefile.in
deleted file mode 100644
index 298d3829699e..000000000000
--- a/crypto/heimdal/kdc/Makefile.in
+++ /dev/null
@@ -1,796 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.44 2003/01/14 05:47:06 lha Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = string2key
-
-sbin_PROGRAMS = kstash
-
-libexec_PROGRAMS = hprop hpropd kdc
-
-man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
-
-hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h 
-hpropd_SOURCES = hpropd.c hprop.h
-
-kstash_SOURCES = kstash.c headers.h
-
-string2key_SOURCES = string2key.c headers.h
-
-@KRB4_TRUE@krb4_sources = kaserver.c rx.h
-@KRB4_FALSE@krb4_sources = 
-
-kdc_SOURCES = \
-	config.c	\
-	connect.c	\
-	kdc_locl.h	\
-	kerberos5.c	\
-	log.c		\
-	main.c		\
-	misc.c		\
-	524.c		\
-	kerberos4.c	\
-	$(krb4_sources)
-
-
-hprop_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-
-hpropd_LDADD = \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_kdb) $(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB) 
-
-
-LDADD = $(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken) \
-	$(DBLIB)
-
-
-kdc_LDADD = $(LDADD) $(LIB_pidfile)
-subdir = kdc
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = string2key$(EXEEXT)
-libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT)
-sbin_PROGRAMS = kstash$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(sbin_PROGRAMS)
-
-am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT) v4_dump.$(OBJEXT)
-hprop_OBJECTS = $(am_hprop_OBJECTS)
-hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-hprop_LDFLAGS =
-am_hpropd_OBJECTS = hpropd.$(OBJEXT)
-hpropd_OBJECTS = $(am_hpropd_OBJECTS)
-hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-hpropd_LDFLAGS =
-@KRB4_TRUE@am__objects_1 = kaserver.$(OBJEXT)
-@KRB4_FALSE@am__objects_1 =
-am_kdc_OBJECTS = config.$(OBJEXT) connect.$(OBJEXT) kerberos5.$(OBJEXT) \
-	log.$(OBJEXT) main.$(OBJEXT) misc.$(OBJEXT) 524.$(OBJEXT) \
-	kerberos4.$(OBJEXT) $(am__objects_1)
-kdc_OBJECTS = $(am_kdc_OBJECTS)
-kdc_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kdc_LDFLAGS =
-am_kstash_OBJECTS = kstash.$(OBJEXT)
-kstash_OBJECTS = $(am_kstash_OBJECTS)
-kstash_LDADD = $(LDADD)
-kstash_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kstash_LDFLAGS =
-am_string2key_OBJECTS = string2key.$(OBJEXT)
-string2key_OBJECTS = $(am_string2key_OBJECTS)
-string2key_LDADD = $(LDADD)
-string2key_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-string2key_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) \
-	$(kstash_SOURCES) $(string2key_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) $(kstash_SOURCES) $(string2key_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kdc/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
-hprop$(EXEEXT): $(hprop_OBJECTS) $(hprop_DEPENDENCIES) 
-	@rm -f hprop$(EXEEXT)
-	$(LINK) $(hprop_LDFLAGS) $(hprop_OBJECTS) $(hprop_LDADD) $(LIBS)
-hpropd$(EXEEXT): $(hpropd_OBJECTS) $(hpropd_DEPENDENCIES) 
-	@rm -f hpropd$(EXEEXT)
-	$(LINK) $(hpropd_LDFLAGS) $(hpropd_OBJECTS) $(hpropd_LDADD) $(LIBS)
-kdc$(EXEEXT): $(kdc_OBJECTS) $(kdc_DEPENDENCIES) 
-	@rm -f kdc$(EXEEXT)
-	$(LINK) $(kdc_LDFLAGS) $(kdc_OBJECTS) $(kdc_LDADD) $(LIBS)
-kstash$(EXEEXT): $(kstash_OBJECTS) $(kstash_DEPENDENCIES) 
-	@rm -f kstash$(EXEEXT)
-	$(LINK) $(kstash_LDFLAGS) $(kstash_OBJECTS) $(kstash_LDADD) $(LIBS)
-string2key$(EXEEXT): $(string2key_OBJECTS) $(string2key_DEPENDENCIES) 
-	@rm -f string2key$(EXEEXT)
-	$(LINK) $(string2key_LDFLAGS) $(string2key_OBJECTS) $(string2key_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
-	install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-sbinPROGRAMS
-
-uninstall-man: uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man8 install-sbinPROGRAMS install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kdc/config.c b/crypto/heimdal/kdc/config.c
deleted file mode 100644
index dbe952f18f45..000000000000
--- a/crypto/heimdal/kdc/config.c
+++ /dev/null
@@ -1,419 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#include <getarg.h>
-#include <parse_bytes.h>
-
-RCSID("$Id: config.c,v 1.46 2003/03/18 00:22:23 lha Exp $");
-
-static const char *config_file;	/* location of kdc config file */
-
-int require_preauth = -1;	/* 1 == require preauth for all principals */
-
-size_t max_request;		/* maximal size of a request */
-
-static char *max_request_str;	/* `max_request' as a string */
-
-time_t kdc_warn_pwexpire;	/* time before expiration to print a warning */
-
-struct dbinfo *databases;
-HDB **db;
-int num_db;
-
-const char *port_str;
-
-#ifdef HAVE_DAEMON
-int detach_from_console = -1;
-#define DETACH_IS_DEFAULT FALSE
-#endif
-
-int enable_http = -1;
-krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
-
-krb5_boolean check_ticket_addresses;
-krb5_boolean allow_null_ticket_addresses;
-krb5_boolean allow_anonymous;
-
-static struct getarg_strings addresses_str;	/* addresses to listen on */
-krb5_addresses explicit_addresses;
-
-#ifdef KRB4
-char *v4_realm;
-int enable_v4 = -1;
-int enable_kaserver = -1;
-#endif
-
-int enable_524 = -1;
-int enable_v4_cross_realm = -1;
-
-static int help_flag;
-static int version_flag;
-
-static struct getargs args[] = {
-    { 
-	"config-file",	'c',	arg_string,	&config_file, 
-	"location of config file",	"file" 
-    },
-    { 
-	"require-preauth",	'p',	arg_negative_flag, &require_preauth, 
-	"don't require pa-data in as-reqs"
-    },
-    { 
-	"max-request",	0,	arg_string, &max_request, 
-	"max size for a kdc-request", "size"
-    },
-#if 0
-    {
-	"database",	'd', 	arg_string, &databases,
-	"location of database", "database"
-    },
-#endif
-    { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" },
-    {	"524",		0, 	arg_negative_flag, &enable_524,
-	"don't respond to 524 requests" 
-    },
-#ifdef KRB4
-    {
-	"kaserver", 'K', arg_flag,   &enable_kaserver,
-	"enable kaserver support"
-    },
-    {	"kerberos4",	0, 	arg_flag, &enable_v4,
-	"respond to kerberos 4 requests" 
-    },
-    { 
-	"v4-realm",	'r',	arg_string, &v4_realm, 
-	"realm to serve v4-requests for"
-    },
-#endif
-    {	"kerberos4-cross-realm",	0, 	arg_flag,
-	&enable_v4_cross_realm,
-	"respond to kerberos 4 requests from foreign realms" 
-    },
-    {	"ports",	'P', 	arg_string, &port_str,
-	"ports to listen to", "portspec"
-    },
-#ifdef HAVE_DAEMON
-#if DETACH_IS_DEFAULT
-    {
-	"detach",       'D',      arg_negative_flag, &detach_from_console, 
-	"don't detach from console"
-    },
-#else
-    {
-	"detach",       0 ,      arg_flag, &detach_from_console, 
-	"detach from console"
-    },
-#endif
-#endif
-    {	"addresses",	0,	arg_strings, &addresses_str,
-	"addresses to listen on", "list of addresses" },
-    {	"help",		'h',	arg_flag,   &help_flag },
-    {	"version",	'v',	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-static void
-get_dbinfo(void)
-{
-    const krb5_config_binding *top_binding = NULL;
-    const krb5_config_binding *db_binding;
-    const krb5_config_binding *default_binding = NULL;
-    struct dbinfo *di, **dt;
-    const char *default_dbname = HDB_DEFAULT_DB;
-    const char *default_mkey = HDB_DB_DIR "/m-key";
-    const char *p;
-
-    databases = NULL;
-    dt = &databases;
-    while((db_binding = (const krb5_config_binding *)
-	   krb5_config_get_next(context, NULL, &top_binding, 
-				krb5_config_list, 
-				"kdc", 
-				"database",
-				NULL))) {
-	p = krb5_config_get_string(context, db_binding, "realm", NULL);
-	if(p == NULL) {
-	    if(default_binding) {
-		krb5_warnx(context, "WARNING: more than one realm-less "
-			   "database specification");
-		krb5_warnx(context, "WARNING: using the first encountered");
-	    } else
-		default_binding = db_binding;
-	    continue;
-	}
-	di = calloc(1, sizeof(*di));
-	di->realm = strdup(p);
-	p = krb5_config_get_string(context, db_binding, "dbname", NULL);
-	if(p)
-	    di->dbname = strdup(p);
-	p = krb5_config_get_string(context, db_binding, "mkey_file", NULL);
-	if(p)
-	    di->mkey_file = strdup(p);
-	*dt = di;
-	dt = &di->next;
-    }
-    if(default_binding) {
-	di = calloc(1, sizeof(*di));
-	p = krb5_config_get_string(context, default_binding, "dbname", NULL);
-	if(p) {
-	    di->dbname = strdup(p);
-	    default_dbname = p;
-	}
-	p = krb5_config_get_string(context, default_binding, "mkey_file", NULL);
-	if(p) {
-	    di->mkey_file = strdup(p);
-	    default_mkey = p;
-	}
-	*dt = di;
-	dt = &di->next;
-    } else if(databases == NULL) {
-	/* if there are none specified, use some default */
-	di = calloc(1, sizeof(*di));
-	di->dbname = strdup(default_dbname);
-	di->mkey_file = strdup(default_mkey);
-	*dt = di;
-	dt = &di->next;
-    }
-    for(di = databases; di; di = di->next) {
-	if(di->dbname == NULL)
-	    di->dbname = strdup(default_dbname);
-	if(di->mkey_file == NULL) {
-	    p = strrchr(di->dbname, '.');
-	    if(p == NULL || strchr(p, '/') != NULL)
-		/* final pathname component does not contain a . */
-		asprintf(&di->mkey_file, "%s.mkey", di->dbname);
-	    else
-		/* the filename is something.else, replace .else with
-                   .mkey */
-		asprintf(&di->mkey_file, "%.*s.mkey", 
-			 (int)(p - di->dbname), di->dbname);
-	}
-    }
-}
-
-static void
-add_one_address (const char *str, int first)
-{
-    krb5_error_code ret;
-    krb5_addresses tmp;
-
-    ret = krb5_parse_address (context, str, &tmp);
-    if (ret)
-	krb5_err (context, 1, ret, "parse_address `%s'", str);
-    if (first)
-	krb5_copy_addresses(context, &tmp, &explicit_addresses);
-    else
-	krb5_append_addresses(context, &explicit_addresses, &tmp);
-    krb5_free_addresses (context, &tmp);
-}
-
-void
-configure(int argc, char **argv)
-{
-    int optind = 0;
-    int e;
-    const char *p;
-    
-    while((e = getarg(args, num_args, argc, argv, &optind)))
-	warnx("error at argument `%s'", argv[optind]);
-
-    if(help_flag)
-	usage (0);
-
-    if (version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0)
-	usage(1);
-    
-    {
-	krb5_error_code ret;
-	char **files;
-	char *tmp;
-	if(config_file == NULL)
-	    config_file = _PATH_KDC_CONF;
-	asprintf(&tmp, "%s:%s", config_file, krb5_config_file);
-	if(tmp == NULL)
-	    krb5_errx(context, 1, "out of memory");
-	    
-	krb5_config_file = tmp;
-
-	ret = krb5_get_default_config_files(&files);
-	if(ret) 
-	    krb5_err(context, 1, ret, "reading configuration files");
-	ret = krb5_set_config_files(context, files);
-	krb5_free_config_files(files);
-	if(ret) 
-	    krb5_err(context, 1, ret, "reading configuration files");
-    }
-
-    get_dbinfo();
-    
-    if(max_request_str){
-	max_request = parse_bytes(max_request_str, NULL);
-    }
-
-    if(max_request == 0){
-	p = krb5_config_get_string (context,
-				    NULL,
-				    "kdc",
-				    "max-request",
-				    NULL);
-	if(p)
-	    max_request = parse_bytes(p, NULL);
-    }
-    
-    if(require_preauth == -1)
-	require_preauth = krb5_config_get_bool(context, NULL, "kdc", 
-					       "require-preauth", NULL);
-
-    if(port_str == NULL){
-	p = krb5_config_get_string(context, NULL, "kdc", "ports", NULL);
-	if (p != NULL)
-	    port_str = strdup(p);
-    }
-
-    explicit_addresses.len = 0;
-
-    if (addresses_str.num_strings) {
-	int i;
-
-	for (i = 0; i < addresses_str.num_strings; ++i)
-	    add_one_address (addresses_str.strings[i], i == 0);
-	free_getarg_strings (&addresses_str);
-    } else {
-	char **foo = krb5_config_get_strings (context, NULL,
-					      "kdc", "addresses", NULL);
-
-	if (foo != NULL) {
-	    add_one_address (*foo++, TRUE);
-	    while (*foo)
-		add_one_address (*foo++, FALSE);
-	}
-    }
-
-#ifdef KRB4
-    if(enable_v4 == -1)
-	enable_v4 = krb5_config_get_bool_default(context, NULL, FALSE, "kdc", 
-					 "enable-kerberos4", NULL);
-#else
-#define enable_v4 0
-#endif
-    if(enable_v4_cross_realm == -1)
-	enable_v4_cross_realm =
-	    krb5_config_get_bool_default(context, NULL,
-					 FALSE, "kdc", 
-					 "enable-kerberos4-cross-realm",
-					 NULL);
-    if(enable_524 == -1)
-	enable_524 = krb5_config_get_bool_default(context, NULL, enable_v4, 
-						  "kdc", "enable-524", NULL);
-
-    if(enable_http == -1)
-	enable_http = krb5_config_get_bool(context, NULL, "kdc", 
-					   "enable-http", NULL);
-    check_ticket_addresses = 
-	krb5_config_get_bool_default(context, NULL, TRUE, "kdc", 
-				     "check-ticket-addresses", NULL);
-    allow_null_ticket_addresses = 
-	krb5_config_get_bool_default(context, NULL, TRUE, "kdc", 
-				     "allow-null-ticket-addresses", NULL);
-
-    allow_anonymous = 
-	krb5_config_get_bool(context, NULL, "kdc", 
-			     "allow-anonymous", NULL);
-#ifdef KRB4
-    if(v4_realm == NULL){
-	p = krb5_config_get_string (context, NULL, 
-				    "kdc",
-				    "v4-realm",
-				    NULL);
-	if(p != NULL) {
-	    v4_realm = strdup(p);
-	    if (v4_realm == NULL)
-		krb5_errx(context, 1, "out of memory");
-	}
-    }
-    if (enable_kaserver == -1)
-	enable_kaserver = krb5_config_get_bool_default(context, NULL, FALSE,
-						       "kdc",
-						       "enable-kaserver",
-						       NULL);
-#endif
-
-    encode_as_rep_as_tgs_rep = krb5_config_get_bool(context, NULL, "kdc", 
-						    "encode_as_rep_as_tgs_rep", 
-						    NULL);
-
-    kdc_warn_pwexpire = krb5_config_get_time (context, NULL,
-					      "kdc",
-					      "kdc_warn_pwexpire",
-					      NULL);
-
-#ifdef HAVE_DAEMON
-    if(detach_from_console == -1) 
-	detach_from_console = krb5_config_get_bool_default(context, NULL, 
-							   DETACH_IS_DEFAULT,
-							   "kdc",
-							   "detach", NULL);
-#endif
-    kdc_openlog();
-    if(max_request == 0)
-	max_request = 64 * 1024;
-    if(require_preauth == -1)
-	require_preauth = 1;
-    if (port_str == NULL)
-	port_str = "+";
-#ifdef KRB4
-    if(v4_realm == NULL){
-	v4_realm = malloc(40); /* REALM_SZ */
-	if (v4_realm == NULL)
-	    krb5_errx(context, 1, "out of memory");
-	krb_get_lrealm(v4_realm, 1);
-    }
-#endif
-}
diff --git a/crypto/heimdal/kdc/connect.c b/crypto/heimdal/kdc/connect.c
deleted file mode 100644
index 3ad1c1df6384..000000000000
--- a/crypto/heimdal/kdc/connect.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: connect.c,v 1.90 2003/02/18 15:39:10 lha Exp $");
-
-/*
- * a tuple describing on what to listen
- */
-
-struct port_desc{
-    int family;
-    int type;
-    int port;
-};
-
-/* the current ones */
-
-static struct port_desc *ports;
-static int num_ports;
-
-/*
- * add `family, port, protocol' to the list with duplicate suppresion.
- */
-
-static void
-add_port(int family, int port, const char *protocol)
-{
-    int type;
-    int i;
-
-    if(strcmp(protocol, "udp") == 0)
-	type = SOCK_DGRAM;
-    else if(strcmp(protocol, "tcp") == 0)
-	type = SOCK_STREAM;
-    else
-	return;
-    for(i = 0; i < num_ports; i++){
-	if(ports[i].type == type
-	   && ports[i].port == port
-	   && ports[i].family == family)
-	    return;
-    }
-    ports = realloc(ports, (num_ports + 1) * sizeof(*ports));
-    if (ports == NULL)
-	krb5_err (context, 1, errno, "realloc");
-    ports[num_ports].family = family;
-    ports[num_ports].type   = type;
-    ports[num_ports].port   = port;
-    num_ports++;
-}
-
-/*
- * add a triple but with service -> port lookup
- * (this prints warnings for stuff that does not exist)
- */
-
-static void
-add_port_service(int family, const char *service, int port,
-		 const char *protocol)
-{
-    port = krb5_getportbyname (context, service, protocol, port);
-    add_port (family, port, protocol);
-}
-
-/*
- * add the port with service -> port lookup or string -> number
- * (no warning is printed)
- */
-
-static void
-add_port_string (int family, const char *port_str, const char *protocol)
-{
-    struct servent *sp;
-    int port;
-
-    sp = roken_getservbyname (port_str, protocol);
-    if (sp != NULL) {
-	port = sp->s_port;
-    } else {
-	char *end;
-
-	port = htons(strtol(port_str, &end, 0));
-	if (end == port_str)
-	    return;
-    }
-    add_port (family, port, protocol);
-}
-
-/*
- * add the standard collection of ports for `family'
- */
-
-static void
-add_standard_ports (int family)
-{
-    add_port_service(family, "kerberos", 88, "udp");
-    add_port_service(family, "kerberos", 88, "tcp");
-    add_port_service(family, "kerberos-sec", 88, "udp");
-    add_port_service(family, "kerberos-sec", 88, "tcp");
-    if(enable_http)
-	add_port_service(family, "http", 80, "tcp");
-    if(enable_524) {
-	add_port_service(family, "krb524", 4444, "udp");
-	add_port_service(family, "krb524", 4444, "tcp");
-    }
-#ifdef KRB4
-    if(enable_v4) {
-	add_port_service(family, "kerberos-iv", 750, "udp");
-	add_port_service(family, "kerberos-iv", 750, "tcp");
-    }
-    if (enable_kaserver)
-	add_port_service(family, "afs3-kaserver", 7004, "udp");
-#endif
-}
-
-/*
- * parse the set of space-delimited ports in `str' and add them.
- * "+" => all the standard ones
- * otherwise it's port|service[/protocol]
- */
-
-static void
-parse_ports(const char *str)
-{
-    char *pos = NULL;
-    char *p;
-    char *str_copy = strdup (str);
-
-    p = strtok_r(str_copy, " \t", &pos);
-    while(p != NULL) {
-	if(strcmp(p, "+") == 0) {
-#ifdef HAVE_IPV6
-	    add_standard_ports(AF_INET6);
-#endif
-	    add_standard_ports(AF_INET);
-	} else {
-	    char *q = strchr(p, '/');
-	    if(q){
-		*q++ = 0;
-#ifdef HAVE_IPV6
-		add_port_string(AF_INET6, p, q);
-#endif
-		add_port_string(AF_INET, p, q);
-	    }else {
-#ifdef HAVE_IPV6
-		add_port_string(AF_INET6, p, "udp");
-		add_port_string(AF_INET6, p, "tcp");
-#endif
-		add_port_string(AF_INET, p, "udp");
-		add_port_string(AF_INET, p, "tcp");
-	    }
-	}
-	    
-	p = strtok_r(NULL, " \t", &pos);
-    }
-    free (str_copy);
-}
-
-/*
- * every socket we listen on
- */
-
-struct descr {
-    int s;
-    int type;
-    unsigned char *buf;
-    size_t size;
-    size_t len;
-    time_t timeout;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa;
-    socklen_t sock_len;
-    char addr_string[128];
-};
-
-static void
-init_descr(struct descr *d)
-{
-    memset(d, 0, sizeof(*d));
-    d->sa = (struct sockaddr *)&d->__ss;
-    d->s = -1;
-}
-
-/*
- * re-initialize all `n' ->sa in `d'.
- */
-
-static void
-reinit_descrs (struct descr *d, int n)
-{
-    int i;
-
-    for (i = 0; i < n; ++i)
-	d[i].sa = (struct sockaddr *)&d[i].__ss;
-}
-
-/*
- * Create the socket (family, type, port) in `d'
- */
-
-static void 
-init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
-{
-    krb5_error_code ret;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    int sa_size = sizeof(__ss);
-
-    init_descr (d);
-
-    ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
-    if (ret) {
-	krb5_warn(context, ret, "krb5_addr2sockaddr");
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-
-    if (sa->sa_family != family)
-	return;
-
-    d->s = socket(family, type, 0);
-    if(d->s < 0){
-	krb5_warn(context, errno, "socket(%d, %d, 0)", family, type);
-	d->s = -1;
-	return;
-    }
-#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
-    {
-	int one = 1;
-	setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-    }
-#endif
-    d->type = type;
-
-    if(bind(d->s, sa, sa_size) < 0){
-	char a_str[256];
-	size_t len;
-
-	krb5_print_address (a, a_str, sizeof(a_str), &len);
-	krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-    if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){
-	char a_str[256];
-	size_t len;
-
-	krb5_print_address (a, a_str, sizeof(a_str), &len);
-	krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
-	close(d->s);
-	d->s = -1;
-	return;
-    }
-}
-
-/*
- * Allocate descriptors for all the sockets that we should listen on
- * and return the number of them.
- */
-
-static int
-init_sockets(struct descr **desc)
-{
-    krb5_error_code ret;
-    int i, j;
-    struct descr *d;
-    int num = 0;
-    krb5_addresses addresses;
-
-    if (explicit_addresses.len) {
-	addresses = explicit_addresses;
-    } else {
-	ret = krb5_get_all_server_addrs (context, &addresses);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-    }
-    parse_ports(port_str);
-    d = malloc(addresses.len * num_ports * sizeof(*d));
-    if (d == NULL)
-	krb5_errx(context, 1, "malloc(%lu) failed",
-		  (unsigned long)num_ports * sizeof(*d));
-
-    for (i = 0; i < num_ports; i++){
-	for (j = 0; j < addresses.len; ++j) {
-	    init_socket(&d[num], &addresses.val[j],
-			ports[i].family, ports[i].type, ports[i].port);
-	    if(d[num].s != -1){
-		char a_str[80];
-		size_t len;
-
-		krb5_print_address (&addresses.val[j], a_str,
-				    sizeof(a_str), &len);
-
-		kdc_log(5, "listening on %s port %u/%s",
-			a_str,
-			ntohs(ports[i].port), 
-			(ports[i].type == SOCK_STREAM) ? "tcp" : "udp");
-		/* XXX */
-		num++;
-	    }
-	}
-    }
-    krb5_free_addresses (context, &addresses);
-    d = realloc(d, num * sizeof(*d));
-    if (d == NULL && num != 0)
-	krb5_errx(context, 1, "realloc(%lu) failed",
-		  (unsigned long)num * sizeof(*d));
-    reinit_descrs (d, num);
-    *desc = d;
-    return num;
-}
-
-/*
- * handle the request in `buf, len', from `addr' (or `from' as a string),
- * sending a reply in `reply'.
- */
-
-static int
-process_request(unsigned char *buf, 
-		size_t len, 
-		krb5_data *reply,
-		int *sendlength,
-		const char *from,
-		struct sockaddr *addr)
-{
-    KDC_REQ req;
-    Ticket ticket;
-    krb5_error_code ret;
-    size_t i;
-
-    gettimeofday(&now, NULL);
-    if(decode_AS_REQ(buf, len, &req, &i) == 0){
-	ret = as_rep(&req, reply, from, addr);
-	free_AS_REQ(&req);
-	return ret;
-    }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
-	ret = tgs_rep(&req, reply, from, addr);
-	free_TGS_REQ(&req);
-	return ret;
-    }else if(decode_Ticket(buf, len, &ticket, &i) == 0){
-	ret = do_524(&ticket, reply, from, addr);
-	free_Ticket(&ticket);
-	return ret;
-#ifdef KRB4
-    } else if(maybe_version4(buf, len)){
-	*sendlength = 0; /* elbitapmoc sdrawkcab XXX */
-	do_version4(buf, len, reply, from, (struct sockaddr_in*)addr);
-	return 0;
-    } else if (enable_kaserver) {
-	ret = do_kaserver (buf, len, reply, from, (struct sockaddr_in*)addr);
-	return ret;
-#endif
-    }
-			  
-    return -1;
-}
-
-static void
-addr_to_string(struct sockaddr *addr, size_t addr_len, char *str, size_t len)
-{
-    krb5_address a;
-    if(krb5_sockaddr2address(context, addr, &a) == 0) {
-	if(krb5_print_address(&a, str, len, &len) == 0) {
-	    krb5_free_address(context, &a);
-	    return;
-	}
-	krb5_free_address(context, &a);
-    }
-    snprintf(str, len, "<family=%d>", addr->sa_family);
-}
-
-/*
- * Handle the request in `buf, len' to socket `d'
- */
-
-static void
-do_request(void *buf, size_t len, int sendlength,
-	   struct descr *d)
-{
-    krb5_error_code ret;
-    krb5_data reply;
-    
-    reply.length = 0;
-    ret = process_request(buf, len, &reply, &sendlength,
-			  d->addr_string, d->sa);
-    if(reply.length){
-	kdc_log(5, "sending %lu bytes to %s", (unsigned long)reply.length,
-		d->addr_string);
-	if(sendlength){
-	    unsigned char len[4];
-	    len[0] = (reply.length >> 24) & 0xff;
-	    len[1] = (reply.length >> 16) & 0xff;
-	    len[2] = (reply.length >> 8) & 0xff;
-	    len[3] = reply.length & 0xff;
-	    if(sendto(d->s, len, sizeof(len), 0, d->sa, d->sock_len) < 0) {
-		kdc_log (0, "sendto(%s): %s", d->addr_string, strerror(errno));
-		krb5_data_free(&reply);
-		return;
-	    }
-	}
-	if(sendto(d->s, reply.data, reply.length, 0, d->sa, d->sock_len) < 0) {
-	    kdc_log (0, "sendto(%s): %s", d->addr_string, strerror(errno));
-	    krb5_data_free(&reply);
-	    return;
-	}
-	krb5_data_free(&reply);
-    }
-    if(ret)
-	kdc_log(0, "Failed processing %lu byte request from %s", 
-		(unsigned long)len, d->addr_string);
-}
-
-/*
- * Handle incoming data to the UDP socket in `d'
- */
-
-static void
-handle_udp(struct descr *d)
-{
-    unsigned char *buf;
-    int n;
-
-    buf = malloc(max_request);
-    if(buf == NULL){
-	kdc_log(0, "Failed to allocate %lu bytes", (unsigned long)max_request);
-	return;
-    }
-
-    d->sock_len = sizeof(d->__ss);
-    n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len);
-    if(n < 0)
-	krb5_warn(context, errno, "recvfrom");
-    else {
-	addr_to_string (d->sa, d->sock_len,
-			d->addr_string, sizeof(d->addr_string));
-	do_request(buf, n, 0, d);
-    }
-    free (buf);
-}
-
-static void
-clear_descr(struct descr *d)
-{
-    if(d->buf)
-	memset(d->buf, 0, d->size);
-    d->len = 0;
-    if(d->s != -1)
-	close(d->s);
-    d->s = -1;
-}
-
-
-/* remove HTTP %-quoting from buf */
-static int
-de_http(char *buf)
-{
-    char *p, *q;
-    for(p = q = buf; *p; p++, q++) {
-	if(*p == '%' && isxdigit(p[1]) && isxdigit(p[2])) {
-	    unsigned int x;
-	    if(sscanf(p + 1, "%2x", &x) != 1)
-		return -1;
-	    *q = x;
-	    p += 2;
-	} else
-	    *q = *p;
-    }
-    *q = '\0';
-    return 0;
-}
-
-#define TCP_TIMEOUT 4
-
-/*
- * accept a new TCP connection on `d[parent]' and store it in `d[child]'
- */
-
-static void
-add_new_tcp (struct descr *d, int parent, int child)
-{
-    int s;
-
-    if (child == -1)
-	return;
-
-    d[child].sock_len = sizeof(d[child].__ss);
-    s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
-    if(s < 0) {
-	krb5_warn(context, errno, "accept");
-	return;
-    }
-	    
-    if (s >= FD_SETSIZE) {
-	krb5_warnx(context, "socket FD too large");
-	close (s);
-	return;
-    }
-
-    d[child].s = s;
-    d[child].timeout = time(NULL) + TCP_TIMEOUT;
-    d[child].type = SOCK_STREAM;
-    addr_to_string (d[child].sa, d[child].sock_len,
-		    d[child].addr_string, sizeof(d[child].addr_string));
-}
-
-/*
- * Grow `d' to handle at least `n'.
- * Return != 0 if fails
- */
-
-static int
-grow_descr (struct descr *d, size_t n)
-{
-    if (d->size - d->len < n) {
-	unsigned char *tmp;
-
-	d->size += max(1024, d->len + n);
-	if (d->size >= max_request) {
-	    kdc_log(0, "Request exceeds max request size (%lu bytes).",
-		    (unsigned long)d->size);
-	    clear_descr(d);
-	    return -1;
-	}
-	tmp = realloc (d->buf, d->size);
-	if (tmp == NULL) {
-	    kdc_log(0, "Failed to re-allocate %lu bytes.",
-		    (unsigned long)d->size);
-	    clear_descr(d);
-	    return -1;
-	}
-	d->buf = tmp;
-    }
-    return 0;
-}
-
-/*
- * Try to handle the TCP data at `d->buf, d->len'.
- * Return -1 if failed, 0 if succesful, and 1 if data is complete.
- */
-
-static int
-handle_vanilla_tcp (struct descr *d)
-{
-    krb5_storage *sp;
-    int32_t len;
-
-    sp = krb5_storage_from_mem(d->buf, d->len);
-    if (sp == NULL) {
-	kdc_log (0, "krb5_storage_from_mem failed");
-	return -1;
-    }
-    krb5_ret_int32(sp, &len);
-    krb5_storage_free(sp);
-    if(d->len - 4 >= len) {
-	memmove(d->buf, d->buf + 4, d->len - 4);
-	return 1;
-    }
-    return 0;
-}
-
-/*
- * Try to handle the TCP/HTTP data at `d->buf, d->len'.
- * Return -1 if failed, 0 if succesful, and 1 if data is complete.
- */
-
-static int
-handle_http_tcp (struct descr *d)
-{
-    char *s, *p, *t;
-    void *data;
-    char *proto;
-    int len;
-
-    s = (char *)d->buf;
-
-    p = strstr(s, "\r\n");
-    if (p == NULL) {
-	kdc_log(0, "Malformed HTTP request from %s", d->addr_string);
-	return -1;
-    }
-    *p = 0;
-
-    p = NULL;
-    t = strtok_r(s, " \t", &p);
-    if (t == NULL) {
-	kdc_log(0, "Malformed HTTP request from %s", d->addr_string);
-	return -1;
-    }
-    t = strtok_r(NULL, " \t", &p);
-    if(t == NULL) {
-	kdc_log(0, "Malformed HTTP request from %s", d->addr_string);
-	return -1;
-    }
-    data = malloc(strlen(t));
-    if (data == NULL) {
-	kdc_log(0, "Failed to allocate %lu bytes",
-		(unsigned long)strlen(t));
-	return -1;
-    }
-    if(*t == '/')
-	t++;
-    if(de_http(t) != 0) {
-	kdc_log(0, "Malformed HTTP request from %s", d->addr_string);
-	kdc_log(5, "Request: %s", t);
-	free(data);
-	return -1;
-    }
-    proto = strtok_r(NULL, " \t", &p);
-    if (proto == NULL) {
-	kdc_log(0, "Malformed HTTP request from %s", d->addr_string);
-	free(data);
-	return -1;
-    }
-    len = base64_decode(t, data);
-    if(len <= 0){
-	const char *msg = 
-	    " 404 Not found\r\n"
-	    "Server: Heimdal/" VERSION "\r\n"
-	    "Cache-Control: no-cache\r\n"
-	    "Pragma: no-cache\r\n"
-	    "Content-type: text/html\r\n"
-	    "Content-transfer-encoding: 8bit\r\n\r\n"
-	    "<TITLE>404 Not found</TITLE>\r\n"
-	    "<H1>404 Not found</H1>\r\n"
-	    "That page doesn't exist, maybe you are looking for "
-	    "<A HREF=\"http://www.pdc.kth.se/heimdal/\">Heimdal</A>?\r\n";
-	write(d->s, proto, strlen(proto));
-	write(d->s, msg, strlen(msg));
-	kdc_log(0, "HTTP request from %s is non KDC request", d->addr_string);
-	kdc_log(5, "Request: %s", t);
-	free(data);
-	return -1;
-    }
-    {
-	const char *msg = 
-	    " 200 OK\r\n"
-	    "Server: Heimdal/" VERSION "\r\n"
-	    "Cache-Control: no-cache\r\n"
-	    "Pragma: no-cache\r\n"
-	    "Content-type: application/octet-stream\r\n"
-	    "Content-transfer-encoding: binary\r\n\r\n";
-	write(d->s, proto, strlen(proto));
-	write(d->s, msg, strlen(msg));
-    }
-    memcpy(d->buf, data, len);
-    d->len = len;
-    free(data);
-    return 1;
-}
-
-/*
- * Handle incoming data to the TCP socket in `d[index]'
- */
-
-static void
-handle_tcp(struct descr *d, int index, int min_free)
-{
-    unsigned char buf[1024];
-    int n;
-    int ret = 0;
-
-    if (d[index].timeout == 0) {
-	add_new_tcp (d, index, min_free);
-	return;
-    }
-
-    n = recvfrom(d[index].s, buf, sizeof(buf), 0, NULL, NULL);
-    if(n < 0){
-	krb5_warn(context, errno, "recvfrom");
-	return;
-    }
-    if (grow_descr (&d[index], n))
-	return;
-    memcpy(d[index].buf + d[index].len, buf, n);
-    d[index].len += n;
-    if(d[index].len > 4 && d[index].buf[0] == 0) {
-	ret = handle_vanilla_tcp (&d[index]);
-    } else if(enable_http &&
-	      d[index].len >= 4 &&
-	      strncmp((char *)d[index].buf, "GET ", 4) == 0 && 
-	      strncmp((char *)d[index].buf + d[index].len - 4,
-		      "\r\n\r\n", 4) == 0) {
-	ret = handle_http_tcp (&d[index]);
-	if (ret < 0)
-	    clear_descr (d + index);
-    } else if (d[index].len > 4) {
-	kdc_log (0, "TCP data of strange type from %s", d[index].addr_string);
-	return;
-    }
-    if (ret < 0)
-	return;
-    else if (ret == 1) {
-	do_request(d[index].buf, d[index].len, 1, &d[index]);
-	clear_descr(d + index);
-    }
-}
-
-void
-loop(void)
-{
-    struct descr *d;
-    int ndescr;
-
-    ndescr = init_sockets(&d);
-    if(ndescr <= 0)
-	krb5_errx(context, 1, "No sockets!");
-    while(exit_flag == 0){
-	struct timeval tmout;
-	fd_set fds;
-	int min_free = -1;
-	int max_fd = 0;
-	int i;
-
-	FD_ZERO(&fds);
-	for(i = 0; i < ndescr; i++) {
-	    if(d[i].s >= 0){
-		if(d[i].type == SOCK_STREAM && 
-		   d[i].timeout && d[i].timeout < time(NULL)) {
-		    kdc_log(1, "TCP-connection from %s expired after %lu bytes",
-			    d[i].addr_string, (unsigned long)d[i].len);
-		    clear_descr(&d[i]);
-		    continue;
-		}
-		if(max_fd < d[i].s)
-		    max_fd = d[i].s;
-		if (max_fd >= FD_SETSIZE)
-		    krb5_errx(context, 1, "fd too large");
-		FD_SET(d[i].s, &fds);
-	    } else if(min_free < 0 || i < min_free)
-		min_free = i;
-	}
-	if(min_free == -1){
-	    struct descr *tmp;
-	    tmp = realloc(d, (ndescr + 4) * sizeof(*d));
-	    if(tmp == NULL)
-		krb5_warnx(context, "No memory");
-	    else {
-		d = tmp;
-		reinit_descrs (d, ndescr);
-		memset(d + ndescr, 0, 4 * sizeof(*d));
-		for(i = ndescr; i < ndescr + 4; i++)
-		    init_descr (&d[i]);
-		min_free = ndescr;
-		ndescr += 4;
-	    }
-	}
-    
-	tmout.tv_sec = TCP_TIMEOUT;
-	tmout.tv_usec = 0;
-	switch(select(max_fd + 1, &fds, 0, 0, &tmout)){
-	case 0:
-	    break;
-	case -1:
-	    if (errno != EINTR)
-		krb5_warn(context, errno, "select");
-	    break;
-	default:
-	    for(i = 0; i < ndescr; i++)
-		if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) {
-		    if(d[i].type == SOCK_DGRAM)
-			handle_udp(&d[i]);
-		    else if(d[i].type == SOCK_STREAM)
-			handle_tcp(d, i, min_free);
-		}
-	}
-    }
-    free (d);
-}
diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h
deleted file mode 100644
index 91e4d50b7e92..000000000000
--- a/crypto/heimdal/kdc/headers.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $ 
- */
-
-#ifndef __HEADERS_H__
-#define __HEADERS_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdarg.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <base64.h>
-#include <parse_units.h>
-#include <krb5.h>
-#include <krb5_locl.h>
-#include <hdb.h>
-#include <hdb_err.h>
-#include <der.h> /* copy_octet_string */
-
-#ifdef KRB4
-#include <krb.h>
-#include <prot.h>
-#define Principal Principal4
-#include <krb_db.h>
-#endif
-
-#undef ALLOC
-#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
-#undef ALLOC_SEQ
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); \
-(X)->val = calloc((X)->len, sizeof(*(X)->val)); } while(0)
-
-#endif /* __HEADERS_H__ */
diff --git a/crypto/heimdal/kdc/hprop-common.c b/crypto/heimdal/kdc/hprop-common.c
deleted file mode 100644
index 660725f68883..000000000000
--- a/crypto/heimdal/kdc/hprop-common.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hprop.h"
-
-RCSID("$Id: hprop-common.c,v 1.7 1999/12/02 17:04:59 joda Exp $");
-
-krb5_error_code 
-send_priv(krb5_context context, krb5_auth_context ac,
-	  krb5_data *data, int fd)
-{
-    krb5_data packet;
-    krb5_error_code ret;
-
-    ret = krb5_mk_priv (context,
-			ac,
-			data,
-			&packet,
-			NULL);
-    if (ret)
-	return ret;
-    
-    ret = krb5_write_message (context, &fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code
-recv_priv(krb5_context context, krb5_auth_context ac, int fd, krb5_data *out)
-{
-    krb5_error_code ret;
-    krb5_data data;
-
-    ret = krb5_read_message (context, &fd, &data);
-    if (ret)
-	return ret;
-
-    ret = krb5_rd_priv(context, ac, &data, out, NULL);
-    krb5_data_free (&data);
-    return ret;
-}
-
-krb5_error_code
-send_clear(krb5_context context, int fd, krb5_data data)
-{
-    return krb5_write_message (context, &fd, &data);
-}
-
-krb5_error_code
-recv_clear(krb5_context context, int fd, krb5_data *out)
-{
-    return krb5_read_message (context, &fd, out);
-}
diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8
deleted file mode 100644
index f5e3879cf2c7..000000000000
--- a/crypto/heimdal/kdc/hprop.8
+++ /dev/null
@@ -1,201 +0,0 @@
-.\" Copyright (c) 2000 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: hprop.8,v 1.18 2003/02/16 21:10:19 lha Exp $
-.\"
-.Dd June 19, 2000
-.Dt HPROP 8
-.Os HEIMDAL
-.Sh NAME
-.Nm hprop
-.Nd propagate the KDC database
-.Sh SYNOPSIS
-.Nm
-.Oo Fl m Ar file \*(Ba Xo
-.Fl -master-key= Ns Pa file
-.Xc
-.Oc
-.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Pa file
-.Xc
-.Oc
-.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
-.Xc
-.Oc
-.Op Fl S | Fl -kaspecials
-.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Oo Fl R Ar string \*(Ba Xo
-.Fl -v5-realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl D | Fl -decrypt
-.Op Fl E | Fl -encrypt
-.Op Fl n | Fl -stdout
-.Op Fl v | Fl -verbose
-.Op Fl -version
-.Op Fl h | Fl -help
-.Op Ar host Ns Op : Ns Ar port
-.Ar ...
-.Sh DESCRIPTION
-.Nm
-takes a principal database in a specified format and converts it into
-a stream of Heimdal database records. This stream can either be
-written to standard out, or (more commonly) be propagated to a
-.Xr hpropd 8
-server running on a different machine.
-.Pp
-If propagating, it connects to all
-.Ar hosts
-specified on the command by opening a TCP connection to port 754
-(service hprop) and sends the database in encrypted form.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl m Ar file ,
-.Fl -master-key= Ns Pa file
-.Xc
-Where to find the master key to encrypt or decrypt keys with.
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Pa file
-.Xc
-The database to be propagated.
-.It Xo
-.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver
-.Xc
-Specifies the type of the source database. Alternatives include:
-.Pp
-.Bl -tag -width krb4-dump -compact -offset indent
-.It heimdal
-a Heimdal database
-.It mit-dump
-a MIT Kerberos 5 dump file
-.It krb4-db
-a Kerberos 4 database
-.It krb4-dump
-a Kerberos 4 dump file
-.It kaserver
-an AFS kaserver database
-.El
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
-The keytab to use for fetching the key to be used for authenticating
-to the propagation daemon(s). The key
-.Pa kadmin/hprop
-is used from this keytab.  The default is to fetch the key from the
-KDC database.
-.It Xo
-.Fl R Ar string ,
-.Fl -v5-realm= Ns Ar string
-.Xc
-Local realm override.
-.It Xo
-.Fl D ,
-.Fl -decrypt
-.Xc
-The encryption keys in the database can either be in clear, or
-encrypted with a master key. This option transmits the database with
-unencrypted keys.
-.It Xo
-.Fl E ,
-.Fl -encrypt
-.Xc
-This option transmits the database with encrypted keys.
-.It Xo
-.Fl n ,
-.Fl -stdout
-.Xc
-Dump the database on stdout, in a format that can be fed to hpropd.
-.El
-.Pp
-The following options are only valid if
-.Nm hprop
-is compiled with support for Kerberos 4 (kaserver).
-.Bl -tag -width Ds
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
-v4 realm to use.
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
-The AFS cell name, used if reading a kaserver database.
-.It Xo
-.Fl S ,
-.Fl -kaspecials
-.Xc
-Also dump the principals marked as special in the kaserver database.
-.It Xo
-.Fl 4 ,
-.Fl -v4-db
-.Xc
-Deprecated, identical to
-.Sq --source=krb4-db .
-.It Xo
-.Fl K ,
-.Fl -ka-db
-.Xc
-Deprecated, identical to
-.Sq --source=kaserver .
-.El
-.Sh EXAMPLES
-The following will propagate a database to another machine (which
-should run
-.Xr hpropd 8):
-.Bd -literal -offset indent
-$ hprop slave-1 slave-2
-.Ed
-.Pp
-Copy a Kerberos 4 database to a Kerberos 5 slave:
-.Bd -literal -offset indent
-$ hprop --source=krb4-db -E krb5-slave
-.Ed
-.Pp
-Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
-.Bd -literal -offset indent
-$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
-.Ed
-.Sh SEE ALSO
-.Xr hpropd 8
diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c
deleted file mode 100644
index 3bc066fe1971..000000000000
--- a/crypto/heimdal/kdc/hprop.c
+++ /dev/null
@@ -1,868 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hprop.h"
-
-RCSID("$Id: hprop.c,v 1.70 2002/09/04 18:19:41 joda Exp $");
-
-static int version_flag;
-static int help_flag;
-static const char *ktname = HPROP_KEYTAB;
-static const char *database;
-static char *mkeyfile;
-static int to_stdout;
-static int verbose_flag;
-static int encrypt_flag;
-static int decrypt_flag;
-static hdb_master_key mkey5;
-
-static char *source_type;
-
-static char *afs_cell;
-static char *v4_realm;
-
-static int kaspecials_flag;
-static int ka_use_null_salt;
-
-static char *local_realm=NULL;
-
-static int
-open_socket(krb5_context context, const char *hostname, const char *port)
-{
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-
-    error = getaddrinfo (hostname, port, &hints, &ai);
-    if (error) {
-	warnx ("%s: %s", hostname, gai_strerror(error));
-	return -1;
-    }
-    
-    for (a = ai; a != NULL; a = a->ai_next) {
-	int s;
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	freeaddrinfo (ai);
-	return s;
-    }
-    warnx ("failed to contact %s", hostname);
-    freeaddrinfo (ai);
-    return -1;
-}
-
-krb5_error_code
-v5_prop(krb5_context context, HDB *db, hdb_entry *entry, void *appdata)
-{
-    krb5_error_code ret;
-    struct prop_data *pd = appdata;
-    krb5_data data;
-
-    if(encrypt_flag) {
-	ret = hdb_seal_keys_mkey(context, entry, mkey5);
-	if (ret) {
-	    krb5_warn(context, ret, "hdb_seal_keys_mkey");
-	    return ret;
-	}
-    }
-    if(decrypt_flag) {
-	ret = hdb_unseal_keys_mkey(context, entry, mkey5);
-	if (ret) {
-	    krb5_warn(context, ret, "hdb_unseal_keys_mkey");
-	    return ret;
-	}
-    }	
-
-    ret = hdb_entry2value(context, entry, &data);
-    if(ret) {
-	krb5_warn(context, ret, "hdb_entry2value");
-	return ret;
-    }
-
-    if(to_stdout)
-	ret = krb5_write_message(context, &pd->sock, &data);
-    else
-	ret = krb5_write_priv_message(context, pd->auth_context, 
-				      &pd->sock, &data);
-    krb5_data_free(&data);
-    return ret;
-}
-
-#ifdef KRB4
-
-static char realm_buf[REALM_SZ];
-
-static int
-kdb_prop(void *arg, Principal *p)
-{
-    int ret;
-    struct v4_principal pr;
-
-    memset(&pr, 0, sizeof(pr));
-
-    if(p->attributes != 0) {
-	warnx("%s.%s has non-zero attributes - skipping", 
-	      p->name, p->instance);
-	    return 0;
-    }
-    strlcpy(pr.name, p->name, sizeof(pr.name));
-    strlcpy(pr.instance, p->instance, sizeof(pr.instance));
-
-    copy_to_key(&p->key_low, &p->key_high, pr.key);
-    pr.exp_date = p->exp_date;
-    pr.mod_date = p->mod_date;
-    strlcpy(pr.mod_name, p->mod_name, sizeof(pr.mod_name));
-    strlcpy(pr.mod_instance, p->mod_instance, sizeof(pr.mod_instance));
-    pr.max_life = p->max_life;
-    pr.mkvno = p->kdc_key_ver;
-    pr.kvno = p->key_version;
-    
-    ret = v4_prop(arg, &pr);
-    memset(&pr, 0, sizeof(pr));
-    return ret;
-}
-
-#endif /* KRB4 */
-
-#ifndef KRB4
-static time_t
-krb_life_to_time(time_t start, int life)
-{
-    static int lifetimes[] = {
-	  38400,   41055,   43894,   46929,   50174,   53643,   57352,   61318,
-	  65558,   70091,   74937,   80119,   85658,   91581,   97914,  104684,
-	 111922,  119661,  127935,  136781,  146239,  156350,  167161,  178720,
-	 191077,  204289,  218415,  233517,  249664,  266926,  285383,  305116,
-	 326213,  348769,  372885,  398668,  426234,  455705,  487215,  520904,
-	 556921,  595430,  636601,  680618,  727680,  777995,  831789,  889303,
-	 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
-	1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
-    };
-
-#if 0
-    int i;
-    double q = exp((log(2592000.0) - log(38400.0)) / 63);
-    double x = 38400;
-    for(i = 0; i < 64; i++) {
-	lifetimes[i] = (int)x;
-	x *= q;
-    }
-#endif
-
-    if(life == 0xff)
-	return NEVERDATE;
-    if(life < 0x80)
-	return start + life * 5 * 60;
-    if(life > 0xbf)
-	life = 0xbf;
-    return start + lifetimes[life - 0x80];
-}
-#endif /* !KRB4 */
-
-int
-v4_prop(void *arg, struct v4_principal *p)
-{
-    struct prop_data *pd = arg;
-    hdb_entry ent;
-    krb5_error_code ret;
-
-    memset(&ent, 0, sizeof(ent));
-
-    ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm,
-				  &ent.principal);
-    if(ret) {
-	krb5_warn(pd->context, ret,
-		  "krb5_425_conv_principal %s.%s@%s",
-		  p->name, p->instance, v4_realm);
-	return 0;
-    }
-
-    if(verbose_flag) {
-	char *s;
-	krb5_unparse_name_short(pd->context, ent.principal, &s);
-	krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s);
-	free(s);
-    }
-
-    ent.kvno = p->kvno;
-    ent.keys.len = 3;
-    ent.keys.val = malloc(ent.keys.len * sizeof(*ent.keys.val));
-    if(p->mkvno != -1) {
-	ent.keys.val[0].mkvno = malloc (sizeof(*ent.keys.val[0].mkvno));
-	*(ent.keys.val[0].mkvno) = p->mkvno;
-    } else
-	ent.keys.val[0].mkvno = NULL;
-    ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt));
-    ent.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
-    ent.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
-    krb5_data_alloc(&ent.keys.val[0].key.keyvalue, sizeof(des_cblock));
-    memcpy(ent.keys.val[0].key.keyvalue.data, p->key, 8);
-
-    copy_Key(&ent.keys.val[0], &ent.keys.val[1]);
-    ent.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
-    copy_Key(&ent.keys.val[0], &ent.keys.val[2]);
-    ent.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
-
-    {
-	int life = krb_life_to_time(0, p->max_life);
-	if(life == NEVERDATE){
-	    ent.max_life = NULL;
-	} else {
-	    /* clean up lifetime a bit */
-	    if(life > 86400)
-		life = (life + 86399) / 86400 * 86400;
-	    else if(life > 3600)
-		life = (life + 3599) / 3600 * 3600;
-	    ALLOC(ent.max_life);
-	    *ent.max_life = life;
-	}
-    }
-
-    ALLOC(ent.valid_end);
-    *ent.valid_end = p->exp_date;
-
-    ret = krb5_make_principal(pd->context, &ent.created_by.principal,
-			      v4_realm,
-			      "kadmin",
-			      "hprop",
-			      NULL);
-    if(ret){
-	krb5_warn(pd->context, ret, "krb5_make_principal");
-	ret = 0;
-	goto out;
-    }
-    ent.created_by.time = time(NULL);
-    ALLOC(ent.modified_by);
-    ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance, 
-				  v4_realm, &ent.modified_by->principal);
-    if(ret){
-	krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm);
-	ent.modified_by->principal = NULL;
-	ret = 0;
-	goto out;
-    }
-    ent.modified_by->time = p->mod_date;
-
-    ent.flags.forwardable = 1;
-    ent.flags.renewable = 1;
-    ent.flags.proxiable = 1;
-    ent.flags.postdate = 1;
-    ent.flags.client = 1;
-    ent.flags.server = 1;
-    
-    /* special case password changing service */
-    if(strcmp(p->name, "changepw") == 0 && 
-       strcmp(p->instance, "kerberos") == 0) {
-	ent.flags.forwardable = 0;
-	ent.flags.renewable = 0;
-	ent.flags.proxiable = 0;
-	ent.flags.postdate = 0;
-	ent.flags.initial = 1;
-	ent.flags.change_pw = 1;
-    }
-
-    ret = v5_prop(pd->context, NULL, &ent, pd);
-
-    if (strcmp (p->name, "krbtgt") == 0
-	&& strcmp (v4_realm, p->instance) != 0) {
-	krb5_free_principal (pd->context, ent.principal);
-	ret = krb5_425_conv_principal (pd->context, p->name,
-				       v4_realm, p->instance,
-				       &ent.principal);
-	if (ret == 0)
-	    ret = v5_prop (pd->context, NULL, &ent, pd);
-    }
-
-  out:
-    hdb_free_entry(pd->context, &ent);
-    return ret;
-}
-
-#include "kadb.h"
-
-/* read a `ka_entry' from `fd' at offset `pos' */
-static void
-read_block(krb5_context context, int fd, int32_t pos, void *buf, size_t len)
-{
-    krb5_error_code ret;
-#ifdef HAVE_PREAD
-    if((ret = pread(fd, buf, len, 64 + pos)) < 0)
-	krb5_err(context, 1, errno, "pread(%u)", 64 + pos);
-#else
-    if(lseek(fd, 64 + pos, SEEK_SET) == (off_t)-1)
-	krb5_err(context, 1, errno, "lseek(%u)", 64 + pos);
-    ret = read(fd, buf, len);
-    if(ret < 0)
-	krb5_err(context, 1, errno, "read(%lu)", (unsigned long)len);
-#endif
-    if(ret != len)
-	krb5_errx(context, 1, "read(%lu) = %u", (unsigned long)len, ret);
-}
-
-static int
-ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent)
-{
-    int32_t flags = ntohl(ent->flags);
-    krb5_error_code ret;
-    hdb_entry hdb;
-
-    if(!kaspecials_flag
-       && (flags & KAFNORMAL) == 0) /* remove special entries */
-	return 0;
-    memset(&hdb, 0, sizeof(hdb));
-    ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance, 
-				  v4_realm, &hdb.principal);
-    if(ret) {
-	krb5_warn(pd->context, ret,
-		  "krb5_425_conv_principal (%s.%s@%s)",
-		  ent->name, ent->instance, v4_realm);
-	return 0;
-    }
-    hdb.kvno = ntohl(ent->kvno);
-    hdb.keys.len = 3;
-    hdb.keys.val = malloc(hdb.keys.len * sizeof(*hdb.keys.val));
-    hdb.keys.val[0].mkvno = NULL;
-    hdb.keys.val[0].salt = calloc(1, sizeof(*hdb.keys.val[0].salt));
-    if (ka_use_null_salt) {
-	hdb.keys.val[0].salt->type = hdb_pw_salt;
-	hdb.keys.val[0].salt->salt.data = NULL;
-	hdb.keys.val[0].salt->salt.length = 0;
-    } else {
-	hdb.keys.val[0].salt->type = hdb_afs3_salt;
-	hdb.keys.val[0].salt->salt.data = strdup(afs_cell);
-	hdb.keys.val[0].salt->salt.length = strlen(afs_cell);
-    }
-    
-    hdb.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
-    krb5_data_copy(&hdb.keys.val[0].key.keyvalue, ent->key, sizeof(ent->key));
-    copy_Key(&hdb.keys.val[0], &hdb.keys.val[1]);
-    hdb.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
-    copy_Key(&hdb.keys.val[0], &hdb.keys.val[2]);
-    hdb.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
-
-    ALLOC(hdb.max_life);
-    *hdb.max_life = ntohl(ent->max_life);
-
-    if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != -1){
-	ALLOC(hdb.valid_end);
-	*hdb.valid_end = ntohl(ent->valid_end);
-    }
-    
-    if (ntohl(ent->pw_change) != NEVERDATE && 
-	ent->pw_expire != 255 &&
-	ent->pw_expire != 0) {
-	ALLOC(hdb.pw_end);
-	*hdb.pw_end = ntohl(ent->pw_change)
-	    + 24 * 60 * 60 * ent->pw_expire;
-    }
-
-    ret = krb5_make_principal(pd->context, &hdb.created_by.principal,
-			      v4_realm,
-			      "kadmin",
-			      "hprop",
-			      NULL);
-    hdb.created_by.time = time(NULL);
-
-    if(ent->mod_ptr){
-	struct ka_entry mod;
-	ALLOC(hdb.modified_by);
-	read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod));
-	
-	krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm, 
-				&hdb.modified_by->principal);
-	hdb.modified_by->time = ntohl(ent->mod_time);
-	memset(&mod, 0, sizeof(mod));
-    }
-
-    hdb.flags.forwardable = 1;
-    hdb.flags.renewable = 1;
-    hdb.flags.proxiable = 1;
-    hdb.flags.postdate = 1;
-    /* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */
-    if (strcmp(ent->name, "krbtgt") == 0 &&
-	(flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL))
-	flags &= ~(KAFNOTGS|KAFNOSEAL);
-
-    hdb.flags.client = (flags & KAFNOTGS) == 0;
-    hdb.flags.server = (flags & KAFNOSEAL) == 0;
-
-    ret = v5_prop(pd->context, NULL, &hdb, pd);
-    hdb_free_entry(pd->context, &hdb);
-    return ret;
-}
-
-static int
-ka_dump(struct prop_data *pd, const char *file)
-{
-    struct ka_header header;
-    int i;
-    int fd = open(file, O_RDONLY);
-
-    if(fd < 0)
-	krb5_err(pd->context, 1, errno, "open(%s)", file);
-    read_block(pd->context, fd, 0, &header, sizeof(header));
-    if(header.version1 != header.version2)
-	krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld",
-		  (long)ntohl(header.version1), (long)ntohl(header.version2));
-    if(ntohl(header.version1) != 5)
-	krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)", 
-		  (long)ntohl(header.version1));
-    for(i = 0; i < ntohl(header.hashsize); i++){
-	int32_t pos = ntohl(header.hash[i]);
-	while(pos){
-	    struct ka_entry ent;
-	    read_block(pd->context, fd, pos, &ent, sizeof(ent));
-	    ka_convert(pd, fd, &ent);
-	    pos = ntohl(ent.next);
-	}
-    }
-    return 0;
-}
-
-
-
-struct getargs args[] = {
-    { "master-key", 'm', arg_string, &mkeyfile, "v5 master key file", "file" },
-    { "database", 'd',	arg_string, &database, "database", "file" },
-    { "source",   0,	arg_string, &source_type, "type of database to read", 
-      "heimdal"
-      "|mit-dump"
-      "|krb4-dump"
-#ifdef KRB4
-      "|krb4-db"
-#endif
-      "|kaserver"
-    },
-      
-    { "v4-realm", 'r',  arg_string, &v4_realm, "v4 realm to use" },
-    { "cell",	  'c',  arg_string, &afs_cell, "name of AFS cell" },
-    { "kaspecials", 'S', arg_flag,   &kaspecials_flag, "dump KASPECIAL keys"},
-    { "keytab",   'k',	arg_string, &ktname, "keytab to use for authentication", "keytab" },
-    { "v5-realm", 'R',  arg_string, &local_realm, "v5 realm to use" },
-    { "decrypt",  'D',  arg_flag,   &decrypt_flag,   "decrypt keys" },
-    { "encrypt",  'E',  arg_flag,   &encrypt_flag,   "encrypt keys" },
-    { "stdout",	  'n',  arg_flag,   &to_stdout, "dump to stdout" },
-    { "verbose",  'v',	arg_flag, &verbose_flag },
-    { "version",   0,	arg_flag, &version_flag },
-    { "help",     'h',	arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "[host[:port]] ...");
-    exit (ret);
-}
-
-static void
-get_creds(krb5_context context, krb5_ccache *cache)
-{
-    krb5_keytab keytab;
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_get_init_creds_opt init_opts;
-    krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
-    krb5_creds creds;
-    
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, ktname, &keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve");
-    
-    ret = krb5_make_principal(context, &client, NULL, 
-			      "kadmin", HPROP_NAME, NULL);
-    if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
-
-    krb5_get_init_creds_opt_init(&init_opts);
-    krb5_get_init_creds_opt_set_preauth_list(&init_opts, &preauth, 1);
-
-    ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, &init_opts);
-    if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
-    
-    ret = krb5_kt_close(context, keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
-    
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, *cache, client);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    krb5_free_principal(context, client);
-
-    ret = krb5_cc_store_cred(context, *cache, &creds);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
-
-    krb5_free_creds_contents(context, &creds);
-}
-
-enum hprop_source {
-    HPROP_HEIMDAL = 1,
-    HPROP_KRB4_DB,
-    HPROP_KRB4_DUMP,
-    HPROP_KASERVER,
-    HPROP_MIT_DUMP
-};
-
-#define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DB || (X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER)
-
-struct {
-    int type;
-    const char *name;
-} types[] = {
-    { HPROP_HEIMDAL,	"heimdal" },
-    { HPROP_KRB4_DUMP,	"krb4-dump" },
-#ifdef KRB4
-    { HPROP_KRB4_DB,	"krb4-db" },
-#endif
-    { HPROP_KASERVER, 	"kaserver" },
-    { HPROP_MIT_DUMP,	"mit-dump" }
-};
-
-static int
-parse_source_type(const char *s)
-{
-    int i;
-    for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) {
-	if(strstr(types[i].name, s) == types[i].name)
-	    return types[i].type;
-    }
-    return 0;
-}
-
-static void
-iterate (krb5_context context,
-	 const char *database,
-	 HDB *db,
-	 int type,
-	 struct prop_data *pd)
-{
-    int ret;
-
-    switch(type) {
-    case HPROP_KRB4_DUMP:
-	ret = v4_prop_dump(pd, database);
-	break;
-#ifdef KRB4
-    case HPROP_KRB4_DB:
-	ret = kerb_db_iterate ((k_iter_proc_t)kdb_prop, pd);
-	if(ret)
-	    krb5_errx(context, 1, "kerb_db_iterate: %s", 
-		      krb_get_err_text(ret));
-	break;
-#endif /* KRB4 */
-    case HPROP_KASERVER:
-	ret = ka_dump(pd, database);
-	if(ret)
-	    krb5_err(context, 1, ret, "ka_dump");
-	break;
-    case HPROP_MIT_DUMP:
-	ret = mit_prop_dump(pd, database);
-	if (ret)
-	    krb5_errx(context, 1, "mit_prop_dump: %s",
-		      krb5_get_err_text(context, ret));
-	break;
-    case HPROP_HEIMDAL:
-	ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_foreach");
-	break;
-    }
-}
-
-static int
-dump_database (krb5_context context, int type,
-	       const char *database, HDB *db)
-{
-    krb5_error_code ret;
-    struct prop_data pd;
-    krb5_data data;
-
-    pd.context      = context;
-    pd.auth_context = NULL;
-    pd.sock         = STDOUT_FILENO;
-	
-    iterate (context, database, db, type, &pd);
-    krb5_data_zero (&data);
-    ret = krb5_write_message (context, &pd.sock, &data);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_write_message");
-
-    return 0;
-}
-
-static int
-propagate_database (krb5_context context, int type,
-		    const char *database, 
-		    HDB *db, krb5_ccache ccache,
-		    int optind, int argc, char **argv)
-{
-    krb5_principal server;
-    krb5_error_code ret;
-    int i;
-
-    for(i = optind; i < argc; i++){
-	krb5_auth_context auth_context;
-	int fd;
-	struct prop_data pd;
-	krb5_data data;
-
-	char *port, portstr[NI_MAXSERV];
-	
-	port = strchr(argv[i], ':');
-	if(port == NULL) {
-	    snprintf(portstr, sizeof(portstr), "%u", 
-		     ntohs(krb5_getportbyname (context, "hprop", "tcp", 
-					       HPROP_PORT)));
-	    port = portstr;
-	} else
-	    *port++ = '\0';
-
-	fd = open_socket(context, argv[i], port);
-	if(fd < 0) {
-	    krb5_warn (context, errno, "connect %s", argv[i]);
-	    continue;
-	}
-
-	ret = krb5_sname_to_principal(context, argv[i],
-				      HPROP_NAME, KRB5_NT_SRV_HST, &server);
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_sname_to_principal(%s)", argv[i]);
-	    close(fd);
-	    continue;
-	}
-
-        if (local_realm) {
-            krb5_realm my_realm;
-            krb5_get_default_realm(context,&my_realm);
-
-	    free (*krb5_princ_realm(context, server));
-            krb5_princ_set_realm(context,server,&my_realm);
-        }
-    
-	auth_context = NULL;
-	ret = krb5_sendauth(context,
-			    &auth_context,
-			    &fd,
-			    HPROP_VERSION,
-			    NULL,
-			    server,
-			    AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-			    NULL, /* in_data */
-			    NULL, /* in_creds */
-			    ccache,
-			    NULL,
-			    NULL,
-			    NULL);
-
-	krb5_free_principal(context, server);
-
-	if(ret) {
-	    krb5_warn(context, ret, "krb5_sendauth");
-	    close(fd);
-	    continue;
-	}
-	
-	pd.context      = context;
-	pd.auth_context = auth_context;
-	pd.sock         = fd;
-
-	iterate (context, database, db, type, &pd);
-
-	krb5_data_zero (&data);
-	ret = krb5_write_priv_message(context, auth_context, &fd, &data);
-	if(ret)
-	    krb5_warn(context, ret, "krb5_write_priv_message");
-
-	ret = krb5_read_priv_message(context, auth_context, &fd, &data);
-	if(ret)
-	    krb5_warn(context, ret, "krb5_read_priv_message");
-	else
-	    krb5_data_free (&data);
-	
-	krb5_auth_con_free(context, auth_context);
-	close(fd);
-    }
-    return 0;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache ccache = NULL;
-    HDB *db = NULL;
-    int optind = 0;
-
-    int type = 0;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-
-    if(help_flag)
-	usage(0);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if(ret)
-	exit(1);
-
-    if(local_realm)
-	krb5_set_default_realm(context, local_realm);
-
-    if(v4_realm == NULL) {
-	ret = krb5_get_default_realm(context, &v4_realm);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_get_default_realm");
-    }
-
-    if(afs_cell == NULL) {
-	afs_cell = strdup(v4_realm);
-	if(afs_cell == NULL)
-	    krb5_errx(context, 1, "out of memory");
-	strlwr(afs_cell);
-    }
-
-
-    if(encrypt_flag && decrypt_flag)
-	krb5_errx(context, 1, 
-		  "only one of `--encrypt' and `--decrypt' is meaningful");
-
-    if(source_type != NULL) {
-	if(type != 0)
-	    krb5_errx(context, 1, "more than one database type specified");
-	type = parse_source_type(source_type);
-	if(type == 0)
-	    krb5_errx(context, 1, "unknown source type `%s'", source_type);
-    } else if(type == 0)
-	type = HPROP_HEIMDAL;
-
-    if(!to_stdout)
-	get_creds(context, &ccache);
-    
-    if(decrypt_flag || encrypt_flag) {
-	ret = hdb_read_master_key(context, mkeyfile, &mkey5);
-	if(ret && ret != ENOENT)
-	    krb5_err(context, 1, ret, "hdb_read_master_key");
-	if(ret)
-	    krb5_errx(context, 1, "No master key file found");
-    }
-    
-#ifdef KRB4
-    if (IS_TYPE_V4(type)) {
-	int e;
-
-	if (v4_realm == NULL) {
-	    e = krb_get_lrealm(realm_buf, 1);
-	    if(e)
-		krb5_errx(context, 1, "krb_get_lrealm: %s",
-			  krb_get_err_text(e));
-	    v4_realm = realm_buf;
-	}
-    }
-#endif
-
-    switch(type) {
-#ifdef KRB4
-    case HPROP_KRB4_DB:
-	if (database == NULL)
-	    krb5_errx(context, 1, "no database specified");
-	break;
-#endif
-    case HPROP_KASERVER:
-	if (database == NULL)
-	    database = DEFAULT_DATABASE;
-	ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE, 
-							"hprop", 
-							"afs_uses_null_salt", 
-							NULL);
-
-	break;
-    case HPROP_KRB4_DUMP:
-	if (database == NULL)
-	    krb5_errx(context, 1, "no dump file specified");
-	
-	break;
-    case HPROP_MIT_DUMP:
-	if (database == NULL)
-	    krb5_errx(context, 1, "no dump file specified");
-	break;
-    case HPROP_HEIMDAL:
-	ret = hdb_create (context, &db, database);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_create: %s", database);
-	ret = db->open(context, db, O_RDONLY, 0);
-	if(ret)
-	    krb5_err(context, 1, ret, "db->open");
-	break;
-    default:
-	krb5_errx(context, 1, "unknown dump type `%d'", type);
-	break;
-    }
-
-    if (to_stdout)
-	dump_database (context, type, database, db);
-    else
-	propagate_database (context, type, database, 
-			    db, ccache, optind, argc, argv);
-
-    if(ccache != NULL)
-	krb5_cc_destroy(context, ccache);
-	
-    if(db != NULL)
-	(*db->destroy)(context, db);
-
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/hprop.cat8 b/crypto/heimdal/kdc/hprop.cat8
deleted file mode 100644
index 0ac37e242053..000000000000
--- a/crypto/heimdal/kdc/hprop.cat8
+++ /dev/null
@@ -1,98 +0,0 @@
-HPROP(8)                NetBSD System Manager's Manual                HPROP(8)
-
-NNAAMMEE
-     hhpprroopp - propagate the KDC database
-
-SSYYNNOOPPSSIISS
-     hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e]
-     [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r] [--rr _s_t_r_i_n_g |
-     ----vv44--rreeaallmm==_s_t_r_i_n_g] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--kk _k_e_y_t_a_b
-     | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g | ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE |
-     ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp]
-     [_h_o_s_t[:_p_o_r_t]] _._._.
-
-DDEESSCCRRIIPPTTIIOONN
-     hhpprroopp takes a principal database in a specified format and converts it
-     into a stream of Heimdal database records. This stream can either be
-     written to standard out, or (more commonly) be propagated to a hpropd(8)
-     server running on a different machine.
-
-     If propagating, it connects to all _h_o_s_t_s specified on the command by
-     opening a TCP connection to port 754 (service hprop) and sends the
-     database in encrypted form.
-
-     Supported options:
-
-     --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e
-             Where to find the master key to encrypt or decrypt keys with.
-
-     --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
-             The database to be propagated.
-
-     ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r
-             Specifies the type of the source database. Alternatives include:
-
-                   heimdal    a Heimdal database
-                   mit-dump   a MIT Kerberos 5 dump file
-                   krb4-db    a Kerberos 4 database
-                   krb4-dump  a Kerberos 4 dump file
-                   kaserver   an AFS kaserver database
-
-     --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
-             The keytab to use for fetching the key to be used for authenti-
-             cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used
-             from this keytab.  The default is to fetch the key from the KDC
-             database.
-
-     --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g
-             Local realm override.
-
-     --DD, ----ddeeccrryypptt
-             The encryption keys in the database can either be in clear, or
-             encrypted with a master key. This option transmits the database
-             with unencrypted keys.
-
-     --EE, ----eennccrryypptt
-             This option transmits the database with encrypted keys.
-
-     --nn, ----ssttddoouutt
-             Dump the database on stdout, in a format that can be fed to
-             hpropd.
-
-     The following options are only valid if hhpprroopp is compiled with support
-     for Kerberos 4 (kaserver).
-
-     --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g
-             v4 realm to use
-
-     --cc _c_e_l_l, ----cceellll==_c_e_l_l
-             The AFS cell name, used if reading a kaserver database.
-
-     --SS, ----kkaassppeecciiaallss
-             Also dump the principals marked as special in the kaserver
-             database.
-
-     --44, ----vv44--ddbb
-             Deprecated, identical to `--source=krb4-db'.
-
-     --KK, ----kkaa--ddbb
-             Deprecated, identical to `--source=kaserver'.
-
-EEXXAAMMPPLLEESS
-     The following will propagate a database to another machine (which should
-     run hpropd(8):)
-
-           $ hprop slave-1 slave-2
-
-     Copy a Kerberos 4 database to a Kerberos 5 slave:
-
-           $ hprop --source=krb4-db -E krb5-slave
-
-     Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
-
-           $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
-
-SSEEEE AALLSSOO
-     hpropd(8)
-
- HEIMDAL                         June 19, 2000                               2
diff --git a/crypto/heimdal/kdc/hprop.h b/crypto/heimdal/kdc/hprop.h
deleted file mode 100644
index 0bcab88b4fee..000000000000
--- a/crypto/heimdal/kdc/hprop.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hprop.h,v 1.13 2001/01/26 15:54:19 joda Exp $ */
-
-#ifndef __HPROP_H__
-#define __HPROP_H__
-
-#include "headers.h"
-
-struct prop_data{
-    krb5_context context;
-    krb5_auth_context auth_context;
-    int sock;
-};
-
-#define HPROP_VERSION "hprop-0.0"
-#define HPROP_NAME "hprop"
-#define HPROP_KEYTAB "HDB:"
-#define HPROP_PORT 754
-
-#ifndef NEVERDATE
-#define NEVERDATE ((1U << 31) - 1)
-#endif
-
-krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry*, void*);
-int mit_prop_dump(void*, const char*);
-
-struct v4_principal {
-    char name[64];
-    char instance[64];
-    des_cblock key;
-    int kvno;
-    int mkvno;
-    time_t exp_date;
-    time_t mod_date;
-    char mod_name[64];
-    char mod_instance[64];
-    int max_life;
-};
-
-int v4_prop(void*, struct v4_principal*);
-int v4_prop_dump(void *arg, const char*);
-
-#endif /* __HPROP_H__ */
diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8
deleted file mode 100644
index 7bb2debe163b..000000000000
--- a/crypto/heimdal/kdc/hpropd.8
+++ /dev/null
@@ -1,105 +0,0 @@
-.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: hpropd.8,v 1.11 2003/02/16 21:10:20 lha Exp $
-.\"
-.Dd August 27, 1997
-.Dt HPROPD 8
-.Os HEIMDAL
-.Sh NAME
-.Nm hpropd
-.Nd receive a propagated database
-.Sh SYNOPSIS
-.Nm
-.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file
-.Xc
-.Oc
-.Op Fl n | Fl -stdin
-.Op Fl -print
-.Op Fl i | Fl -no-inetd
-.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
-.Oc
-.Op Fl 4 | Fl -v4dump
-.Sh DESCRIPTION
-.Nm
-receives a database sent by
-.Nm hprop .
-and writes it as a local database.
-.Pp
-By default,
-.Nm
-expects to be started from
-.Nm inetd
-if stdin is a socket and expects to receive the dumped database over
-stdin otherwise.
-If the database is sent over the network, it is authenticated and
-encrypted.
-Only connections from
-.Nm kadmin Ns / Ns Nm hprop
-are accepted.
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
-database
-.It Xo
-.Fl n ,
-.Fl -stdin
-.Xc
-read from stdin
-.It Xo
-.Fl -print
-.Xc
-print dump to stdout
-.It Xo
-.Fl i ,
-.Fl -no-inetd
-.Xc
-not started from inetd
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
-keytab to use for authentication
-.It Xo
-.Fl 4 ,
-.Fl -v4dump
-.Xc
-create v4 type DB
-.El
-.Sh SEE ALSO
-.Xr hprop 8
diff --git a/crypto/heimdal/kdc/hpropd.c b/crypto/heimdal/kdc/hpropd.c
deleted file mode 100644
index d27ff25727cc..000000000000
--- a/crypto/heimdal/kdc/hpropd.c
+++ /dev/null
@@ -1,439 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hprop.h"
-
-RCSID("$Id: hpropd.c,v 1.36 2003/04/16 15:46:32 lha Exp $");
-
-#ifdef KRB4
-static des_cblock mkey4;
-static des_key_schedule msched4;
-
-static char *
-time2str(time_t t)
-{
-    static char buf[128];
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M", gmtime(&t));
-    return buf;
-}
-
-static int 
-dump_krb4(krb5_context context, hdb_entry *ent, int fd)
-{
-    char name[ANAME_SZ];  
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-    char buf[1024];
-    char *p;
-    int i;
-    int ret;
-    char *princ_name;
-    Event *modifier;
-    krb5_realm *realms;
-    int cmp;
-  
-    ret = krb5_524_conv_principal(context, ent->principal,
-				  name, instance, realm);
-    if (ret) {
-	krb5_unparse_name(context, ent->principal, &princ_name);
-	krb5_warn(context, ret, "%s", princ_name);
-	free(princ_name);
-	return -1;
-    }
-
-    ret = krb5_get_default_realms (context, &realms);
-    if (ret) {
-	krb5_warn(context, ret, "krb5_get_default_realms");
-	return -1;
-    }
-
-    cmp = strcmp (realms[0], ent->principal->realm);
-    krb5_free_host_realm (context, realms);
-    if (cmp != 0)
-        return -1;
-
-    snprintf (buf, sizeof(buf), "%s %s ", name,
-	      (strlen(instance) != 0) ? instance : "*");
-
-    if (ent->max_life) { 
-	asprintf(&p, "%d", krb_time_to_life(0, *ent->max_life));
-	strlcat(buf, p, sizeof(buf));
-	free(p);
-    } else 
-	strlcat(buf, "255", sizeof(buf)); 
-    strlcat(buf, " ", sizeof(buf));
-
-    i = 0;
-    while (i < ent->keys.len &&
-	   ent->keys.val[i].key.keytype != KEYTYPE_DES)
-	++i;
-
-    if (i == ent->keys.len) {
-	krb5_warnx(context, "No DES key for %s.%s", name, instance);
-	return -1;
-    }
-
-    if (ent->keys.val[i].mkvno)
-	asprintf(&p, "%d ", *ent->keys.val[i].mkvno);
-    else
-	asprintf(&p, "%d ", 1);
-    strlcat(buf, p, sizeof(buf));
-    free(p);
-
-    asprintf(&p, "%d ", ent->kvno);
-    strlcat(buf, p, sizeof(buf));
-    free(p);
-
-    asprintf(&p, "%d ", 0); /* Attributes are always 0*/  
-    strlcat(buf, p, sizeof(buf));
-    free(p);
-
-    { 
-	u_int32_t *key = ent->keys.val[i].key.keyvalue.data;
-	kdb_encrypt_key((des_cblock*)key, (des_cblock*)key,
-			&mkey4, msched4, DES_ENCRYPT);
-	asprintf(&p, "%x %x ", (int)htonl(*key), (int)htonl(*(key+1)));
-	strlcat(buf, p, sizeof(buf));
-	free(p);
-    }
- 
-    if (ent->valid_end == NULL)
-	strlcat(buf, time2str(60*60*24*365*50), sizeof(buf)); /*no expiration*/
-    else
-	strlcat(buf, time2str(*ent->valid_end), sizeof(buf));
-    strlcat(buf, " ", sizeof(buf));
-
-    if (ent->modified_by == NULL) 
-	modifier = &ent->created_by;
-    else  
-	modifier = ent->modified_by;
-    
-    ret = krb5_524_conv_principal(context, modifier->principal,
-				  name, instance, realm);
-    if (ret) { 
-	krb5_unparse_name(context, modifier->principal, &princ_name);
-	krb5_warn(context, ret, "%s", princ_name);
-	free(princ_name);
-	return -1;
-    } 
-    asprintf(&p, "%s %s %s\n", time2str(modifier->time), 
-	     (strlen(name) != 0) ? name : "*", 
-	     (strlen(instance) != 0) ? instance : "*");
-    strlcat(buf, p, sizeof(buf));
-    free(p);
-
-    ret = write(fd, buf, strlen(buf));
-    if (ret == -1)
-	krb5_warnx(context, "write");
-    return 0;
-}
-#endif /* KRB4 */
-
-static int inetd_flag = -1;
-static int help_flag;
-static int version_flag;
-static int print_dump;
-static const char *database = HDB_DEFAULT_DB;
-static int from_stdin;
-static char *local_realm;
-#ifdef KRB4
-static int v4dump;
-#endif
-static char *ktname = NULL;
-
-struct getargs args[] = {
-    { "database", 'd', arg_string, &database, "database", "file" },
-    { "stdin",    'n', arg_flag, &from_stdin, "read from stdin" },
-    { "print",	    0, arg_flag, &print_dump, "print dump to stdout" },
-    { "inetd",	   'i',	arg_negative_flag,	&inetd_flag,
-      "Not started from inetd" },
-    { "keytab",   'k',	arg_string, &ktname,	"keytab to use for authentication", "keytab" },
-    { "realm",   'r',	arg_string, &local_realm, "realm to use" },
-#ifdef KRB4
-    { "v4dump",       '4',  arg_flag, &v4dump, "create v4 type DB" },
-#endif
-    { "version",    0, arg_flag, &version_flag, NULL, NULL },
-    { "help",    'h',  arg_flag, &help_flag, NULL, NULL}
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int ret)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_auth_context ac = NULL;
-    krb5_principal c1, c2;
-    krb5_authenticator authent;
-    krb5_keytab keytab;
-    int fd;
-    HDB *db;
-    int optind = 0;
-    char *tmp_db;
-    krb5_log_facility *fac;
-    int nprincs;
-#ifdef KRB4
-    int e;
-    int fd_out = -1;
-#endif
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if(ret)
-	exit(1);
-
-    ret = krb5_openlog(context, "hpropd", &fac);
-    if(ret)
-	;
-    krb5_set_warn_dest(context, fac);
-  
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-
-#ifdef KRB4
-    if (v4dump && database == HDB_DEFAULT_DB)
-       database = "/var/kerberos/524_dump";
-#endif /* KRB4 */
-
-    if(local_realm != NULL)
-	krb5_set_default_realm(context, local_realm);
-    
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0)
-	usage(1);
-
-    if(from_stdin)
-	fd = STDIN_FILENO;
-    else {
-	struct sockaddr_storage ss;
-	struct sockaddr *sa = (struct sockaddr *)&ss;
-	socklen_t sin_len = sizeof(ss);
-	char addr_name[256];
-	krb5_ticket *ticket;
-	char *server;
-
-	fd = STDIN_FILENO;
-	if (inetd_flag == -1) {
-	    if (getpeername (fd, sa, &sin_len) < 0)
-		inetd_flag = 0;
-	    else
-		inetd_flag = 1;
-	}
-	if (!inetd_flag) {
-	    mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
-					    HPROP_PORT));
-	}
-	sin_len = sizeof(ss);
-	if(getpeername(fd, sa, &sin_len) < 0)
-	    krb5_err(context, 1, errno, "getpeername");
-
-	if (inet_ntop(sa->sa_family,
-		      socket_get_address (sa),
-		      addr_name,
-		      sizeof(addr_name)) == NULL)
-	    strlcpy (addr_name, "unknown address",
-			     sizeof(addr_name));
-
-	krb5_log(context, fac, 0, "Connection from %s", addr_name);
-    
-	ret = krb5_kt_register(context, &hdb_kt_ops);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_kt_register");
-
-	if (ktname != NULL) {
-	    ret = krb5_kt_resolve(context, ktname, &keytab);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);
-	} else {
-	    ret = krb5_kt_default (context, &keytab);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_kt_default");
-	}
-
-	ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL,
-			    0, keytab, &ticket);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_recvauth");
-	
-	ret = krb5_unparse_name(context, ticket->server, &server);
-	if (ret)
-	    krb5_err(context, 1, ret, "krb5_unparse_name");
-	if (strncmp(server, "hprop/", 5) != 0)
-	    krb5_errx(context, 1, "ticket not for hprop (%s)", server);
-
-	free(server);
-	krb5_free_ticket (context, ticket);
-
-	ret = krb5_auth_con_getauthenticator(context, ac, &authent);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
-	
-	ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_make_principal");
-	principalname2krb5_principal(&c2, authent->cname, authent->crealm);
-	if(!krb5_principal_compare(context, c1, c2)) {
-	    char *s;
-	    krb5_unparse_name(context, c2, &s);
-	    krb5_errx(context, 1, "Unauthorized connection from %s", s);
-	}
-	krb5_free_principal(context, c1);
-	krb5_free_principal(context, c2);
-
-	ret = krb5_kt_close(context, keytab);
-	if(ret)
-	    krb5_err(context, 1, ret, "krb5_kt_close");
-    }
-    
-    if(!print_dump) {
-	asprintf(&tmp_db, "%s~", database);
-#ifdef KRB4
-	if (v4dump) {
-	    fd_out = open(tmp_db, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-	    if (fd_out == -1)
-		krb5_errx(context, 1, "%s", strerror(errno));
-	}
-	else
-#endif /* KRB4 */
-	{
-	    ret = hdb_create(context, &db, tmp_db);
-	    if(ret)
-		krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
-	    ret = db->open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
-	    if(ret)
-		krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
-	}
-    }
-
-#ifdef KRB4
-    if (v4dump) {
-	e = kdb_get_master_key(0, &mkey4, msched4);
-	if(e)
-	    krb5_errx(context, 1, "kdb_get_master_key: %s",
-		      krb_get_err_text(e));
-    }
-#endif /* KRB4 */
-
-    nprincs = 0;
-    while(1){
-	krb5_data data;
-	hdb_entry entry;
-
-	if(from_stdin) {
-	    ret = krb5_read_message(context, &fd, &data);
-	    if(ret != 0 && ret != HEIM_ERR_EOF)
-		krb5_err(context, 1, ret, "krb5_read_message");
-	} else {
-	    ret = krb5_read_priv_message(context, ac, &fd, &data);
-	    if(ret)
-		krb5_err(context, 1, ret, "krb5_read_priv_message");
-	}
-
-	if(ret == HEIM_ERR_EOF || data.length == 0) {
-	    if(!from_stdin) {
-		data.data = NULL;
-		data.length = 0;
-		krb5_write_priv_message(context, ac, &fd, &data);
-	    }
-	    if(!print_dump) {
-#ifdef KRB4
-		if (v4dump) {
-		    ret = rename(tmp_db, database);
-		    if (ret)
-			krb5_errx(context, 1, "rename");
-		    ret = close(fd_out);
-		    if (ret)
-			krb5_errx(context, 1, "close");
-		} else
-#endif /* KRB4 */
-		{
-		    ret = db->rename(context, db, database);
-		    if(ret)
-			krb5_err(context, 1, ret, "db_rename");
-		    ret = db->close(context, db);
-		    if(ret)
-			krb5_err(context, 1, ret, "db_close");
-		}
-	    }
-	    break;
-	}
-	ret = hdb_value2entry(context, &data, &entry);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_value2entry");
-	if(print_dump)
-	    hdb_print_entry(context, db, &entry, stdout);
-	else {
-#ifdef KRB4
-	    if (v4dump) {
-		ret = dump_krb4(context, &entry, fd_out);
-		if(!ret) nprincs++;
-	    }
-	    else
-#endif /* KRB4 */
-	    {
-		ret = db->store(context, db, 0, &entry);
-		if(ret == HDB_ERR_EXISTS) {
-		    char *s;
-		    krb5_unparse_name(context, entry.principal, &s);
-		    krb5_warnx(context, "Entry exists: %s", s);
-		    free(s);
-		} else if(ret) 
-		    krb5_err(context, 1, ret, "db_store");
-		else
-		    nprincs++;
-	    }
-	}
-	hdb_free_entry(context, &entry);
-    }
-    if (!print_dump)
-	krb5_log(context, fac, 0, "Received %d principals", nprincs);
-    exit(0);
-}
diff --git a/crypto/heimdal/kdc/hpropd.cat8 b/crypto/heimdal/kdc/hpropd.cat8
deleted file mode 100644
index e72b4da337a3..000000000000
--- a/crypto/heimdal/kdc/hpropd.cat8
+++ /dev/null
@@ -1,42 +0,0 @@
-HPROPD(8)               NetBSD System Manager's Manual               HPROPD(8)
-
-NNAAMMEE
-     hhpprrooppdd - receive a propagated database
-
-SSYYNNOOPPSSIISS
-     hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii |
-     ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp]
-
-DDEESSCCRRIIPPTTIIOONN
-     hhpprrooppdd receives databases sent by hhpprroopp.  and writes it as a local
-     database.
-
-     By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket
-     and expects to receive the dumped database over stdin otherwise.  If the
-     database is sent over the network, it is authenticated and encrypted.
-     Only connections from kkaaddmmiinn/hhpprroopp are accepted.
-
-     Options supported:
-
-     --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
-             database
-
-     --nn, ----ssttddiinn
-             read from stdin
-
-     ----pprriinntt
-             print dump to stdout
-
-     --ii, ----nnoo--iinneettdd
-             Not started from inetd
-
-     --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
-             keytab to use for authentication
-
-     --44, ----vv44dduummpp
-             create v4 type DB
-
-SSEEEE AALLSSOO
-     hprop(8)
-
- HEIMDAL                        August 27, 1997                              1
diff --git a/crypto/heimdal/kdc/kadb.h b/crypto/heimdal/kdc/kadb.h
deleted file mode 100644
index 5c98ccc77a24..000000000000
--- a/crypto/heimdal/kdc/kadb.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadb.h,v 1.3 2000/03/03 12:36:26 assar Exp $ */
-
-#ifndef __kadb_h__
-#define __kadb_h__
-
-#define HASHSIZE 8191
-
-struct ka_header {
-    int32_t version1;			/* file format version, should
-					   match version2 */
-    int32_t size;
-    int32_t free_ptr;
-    int32_t eof_ptr;
-    int32_t kvno_ptr;
-    int32_t stats[8];
-    int32_t admin_accounts;
-    int32_t special_keys_version;
-    int32_t hashsize;			/* allocated size of hash */
-    int32_t hash[HASHSIZE];
-    int32_t version2;
-};
-
-struct ka_entry {
-    int32_t flags;			/* see below */
-    int32_t next;			/* next in hash list */
-    int32_t valid_end;			/* expiration date */
-    int32_t mod_time;			/* time last modified */
-    int32_t mod_ptr;			/* pointer to modifier */
-    int32_t pw_change;			/* last pw change */
-    int32_t max_life;			/* max ticket life */
-    int32_t kvno;
-    int32_t foo2[2];			/* huh? */
-    char name[64];
-    char instance[64];
-    char key[8];
-    u_char pw_expire;			/* # days before password expires  */
-    u_char spare;
-    u_char attempts;
-    u_char locktime;
-};
-
-#define KAFNORMAL	(1<<0)
-#define KAFADMIN        (1<<2)	/* an administrator */
-#define KAFNOTGS        (1<<3)	/* ! allow principal to get or use TGT */
-#define KAFNOSEAL       (1<<5)	/* ! allow principal as server in GetTicket */
-#define KAFNOCPW        (1<<6)	/* ! allow principal to change its own key */
-#define KAFSPECIAL      (1<<8)	/* set if special AuthServer principal */
-
-#define DEFAULT_DATABASE "/usr/afs/db/kaserver.DB0"
-
-#endif /* __kadb_h__ */
diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c
deleted file mode 100644
index 1a998eed0b9d..000000000000
--- a/crypto/heimdal/kdc/kaserver.c
+++ /dev/null
@@ -1,830 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: kaserver.c,v 1.21 2002/10/21 12:59:41 joda Exp $");
-
-
-#include <rx.h>
-
-#define KA_AUTHENTICATION_SERVICE 731
-#define KA_TICKET_GRANTING_SERVICE 732
-#define KA_MAINTENANCE_SERVICE 733
-
-#define AUTHENTICATE_OLD	 1
-#define CHANGEPASSWORD		 2
-#define GETTICKET_OLD		 3
-#define SETPASSWORD		 4
-#define SETFIELDS		 5
-#define CREATEUSER		 6
-#define DELETEUSER		 7
-#define GETENTRY		 8
-#define LISTENTRY		 9
-#define GETSTATS		10
-#define DEBUG			11
-#define GETPASSWORD		12
-#define GETRANDOMKEY		13
-#define AUTHENTICATE		21
-#define AUTHENTICATE_V2		22
-#define GETTICKET		23
-
-/* XXX - Where do we get these? */
-
-#define RXGEN_OPCODE (-455)
-
-#define KADATABASEINCONSISTENT                   (180480L)
-#define KAEXIST                                  (180481L)
-#define KAIO                                     (180482L)
-#define KACREATEFAIL                             (180483L)
-#define KANOENT                                  (180484L)
-#define KAEMPTY                                  (180485L)
-#define KABADNAME                                (180486L)
-#define KABADINDEX                               (180487L)
-#define KANOAUTH                                 (180488L)
-#define KAANSWERTOOLONG                          (180489L)
-#define KABADREQUEST                             (180490L)
-#define KAOLDINTERFACE                           (180491L)
-#define KABADARGUMENT                            (180492L)
-#define KABADCMD                                 (180493L)
-#define KANOKEYS                                 (180494L)
-#define KAREADPW                                 (180495L)
-#define KABADKEY                                 (180496L)
-#define KAUBIKINIT                               (180497L)
-#define KAUBIKCALL                               (180498L)
-#define KABADPROTOCOL                            (180499L)
-#define KANOCELLS                                (180500L)
-#define KANOCELL                                 (180501L)
-#define KATOOMANYUBIKS                           (180502L)
-#define KATOOMANYKEYS                            (180503L)
-#define KABADTICKET                              (180504L)
-#define KAUNKNOWNKEY                             (180505L)
-#define KAKEYCACHEINVALID                        (180506L)
-#define KABADSERVER                              (180507L)
-#define KABADUSER                                (180508L)
-#define KABADCPW                                 (180509L)
-#define KABADCREATE                              (180510L)
-#define KANOTICKET                               (180511L)
-#define KAASSOCUSER                              (180512L)
-#define KANOTSPECIAL                             (180513L)
-#define KACLOCKSKEW                              (180514L)
-#define KANORECURSE                              (180515L)
-#define KARXFAIL                                 (180516L)
-#define KANULLPASSWORD                           (180517L)
-#define KAINTERNALERROR                          (180518L)
-#define KAPWEXPIRED                              (180519L)
-#define KAREUSED                                 (180520L)
-#define KATOOSOON                                (180521L)
-#define KALOCKED                                 (180522L)
-
-static void
-decode_rx_header (krb5_storage *sp,
-		  struct rx_header *h)
-{
-    krb5_ret_int32(sp, &h->epoch);
-    krb5_ret_int32(sp, &h->connid);
-    krb5_ret_int32(sp, &h->callid);
-    krb5_ret_int32(sp, &h->seqno);
-    krb5_ret_int32(sp, &h->serialno);
-    krb5_ret_int8(sp,  &h->type);
-    krb5_ret_int8(sp,  &h->flags);
-    krb5_ret_int8(sp,  &h->status);
-    krb5_ret_int8(sp,  &h->secindex);
-    krb5_ret_int16(sp, &h->reserved);
-    krb5_ret_int16(sp, &h->serviceid);
-}
-
-static void
-encode_rx_header (struct rx_header *h,
-		  krb5_storage *sp)
-{
-    krb5_store_int32(sp, h->epoch);
-    krb5_store_int32(sp, h->connid);
-    krb5_store_int32(sp, h->callid);
-    krb5_store_int32(sp, h->seqno);
-    krb5_store_int32(sp, h->serialno);
-    krb5_store_int8(sp,  h->type);
-    krb5_store_int8(sp,  h->flags);
-    krb5_store_int8(sp,  h->status);
-    krb5_store_int8(sp,  h->secindex);
-    krb5_store_int16(sp, h->reserved);
-    krb5_store_int16(sp, h->serviceid);
-}
-
-static void
-init_reply_header (struct rx_header *hdr,
-		   struct rx_header *reply_hdr,
-		   u_char type,
-		   u_char flags)
-{
-    reply_hdr->epoch     = hdr->epoch;
-    reply_hdr->connid    = hdr->connid;
-    reply_hdr->callid    = hdr->callid;
-    reply_hdr->seqno     = 1;
-    reply_hdr->serialno  = 1;
-    reply_hdr->type      = type;
-    reply_hdr->flags     = flags;
-    reply_hdr->status    = 0;
-    reply_hdr->secindex  = 0;
-    reply_hdr->reserved  = 0;
-    reply_hdr->serviceid = hdr->serviceid;
-}
-
-static void
-make_error_reply (struct rx_header *hdr,
-		  u_int32_t ret,
-		  krb5_data *reply)
-
-{
-    krb5_storage *sp;
-    struct rx_header reply_hdr;
-
-    init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
-    sp = krb5_storage_emem();
-    encode_rx_header (&reply_hdr, sp);
-    krb5_store_int32(sp, ret);
-    krb5_storage_to_data (sp, reply);
-    krb5_storage_free (sp);
-}
-
-static krb5_error_code
-krb5_ret_xdr_data(krb5_storage *sp,
-		  krb5_data *data)
-{
-    int ret;
-    int size;
-    ret = krb5_ret_int32(sp, &size);
-    if(ret)
-	return ret;
-    if(size < 0)
-	return ERANGE;
-    data->length = size;
-    if (size) {
-	u_char foo[4];
-	size_t pad = (4 - size % 4) % 4;
-
-	data->data = malloc(size);
-	if (data->data == NULL)
-	    return ENOMEM;
-	ret = krb5_storage_read(sp, data->data, size);
-	if(ret != size)
-	    return (ret < 0)? errno : KRB5_CC_END;
-	if (pad) {
-	    ret = krb5_storage_read(sp, foo, pad);
-	    if (ret != pad)
-		return (ret < 0)? errno : KRB5_CC_END;
-	}
-    } else
-	data->data = NULL;
-    return 0;
-}
-
-static krb5_error_code
-krb5_store_xdr_data(krb5_storage *sp,
-		    krb5_data data)
-{
-    u_char zero[4] = {0, 0, 0, 0};
-    int ret;
-    size_t pad;
-
-    ret = krb5_store_int32(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return KRB5_CC_END;
-    }
-    pad = (4 - data.length % 4) % 4;
-    if (pad) {
-	ret = krb5_storage_write(sp, zero, pad);
-	if (ret != pad) {
-	    if (ret < 0)
-		return errno;
-	    return KRB5_CC_END;
-	}
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-create_reply_ticket (struct rx_header *hdr,
-		     Key *skey,
-		     char *name, char *instance, char *realm,
-		     struct sockaddr_in *addr,
-		     int life,
-		     int kvno,
-		     int32_t max_seq_len,
-		     const char *sname, const char *sinstance,
-		     u_int32_t challenge,
-		     const char *label,
-		     des_cblock *key,
-		     krb5_data *reply)
-{
-    KTEXT_ST ticket;
-    des_cblock session;
-    krb5_storage *sp;
-    krb5_data enc_data;
-    des_key_schedule schedule;
-    struct rx_header reply_hdr;
-    des_cblock zero;
-    size_t pad;
-    unsigned fyrtiosjuelva;
-
-    /* create the ticket */
-
-    des_new_random_key(&session);
-
-    krb_create_ticket (&ticket, 0, name, instance, realm,
-		       addr->sin_addr.s_addr,
-		       &session, life, kdc_time,
-		       sname, sinstance, skey->key.keyvalue.data);
-
-    /* create the encrypted part of the reply */
-    sp = krb5_storage_emem ();
-    krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva));
-    fyrtiosjuelva &= 0xffffffff;
-    krb5_store_int32 (sp, fyrtiosjuelva);
-    krb5_store_int32 (sp, challenge);
-    krb5_storage_write  (sp, session, 8);
-    memset (&session, 0, sizeof(session));
-    krb5_store_int32 (sp, kdc_time);
-    krb5_store_int32 (sp, kdc_time + krb_life_to_time (0, life));
-    krb5_store_int32 (sp, kvno);
-    krb5_store_int32 (sp, ticket.length);
-    krb5_store_stringz (sp, name);
-    krb5_store_stringz (sp, instance);
-#if 1 /* XXX - Why shouldn't the realm go here? */
-    krb5_store_stringz (sp, "");
-#else
-    krb5_store_stringz (sp, realm);
-#endif
-    krb5_store_stringz (sp, sname);
-    krb5_store_stringz (sp, sinstance);
-    krb5_storage_write (sp, ticket.dat, ticket.length);
-    krb5_storage_write (sp, label, strlen(label));
-
-    /* pad to DES block */
-    memset (zero, 0, sizeof(zero));
-    pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8;
-    krb5_storage_write (sp, zero, pad);
-
-    krb5_storage_to_data (sp, &enc_data);
-    krb5_storage_free (sp);
-
-    if (enc_data.length > max_seq_len) {
-	krb5_data_free (&enc_data);
-	make_error_reply (hdr, KAANSWERTOOLONG, reply);
-	return 0;
-    }
-
-    /* encrypt it */
-    des_set_key (key, schedule);
-    des_pcbc_encrypt (enc_data.data,
-		      enc_data.data,
-		      enc_data.length,
-		      schedule,
-		      key,
-		      DES_ENCRYPT);
-    memset (&schedule, 0, sizeof(schedule));
-
-    /* create the reply packet */
-    init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST);
-    sp = krb5_storage_emem ();
-    encode_rx_header (&reply_hdr, sp);
-    krb5_store_int32 (sp, max_seq_len);
-    krb5_store_xdr_data (sp, enc_data);
-    krb5_data_free (&enc_data);
-    krb5_storage_to_data (sp, reply);
-    krb5_storage_free (sp);
-    return 0;
-}
-
-static krb5_error_code
-unparse_auth_args (krb5_storage *sp,
-		   char **name,
-		   char **instance,
-		   time_t *start_time,
-		   time_t *end_time,
-		   krb5_data *request,
-		   int32_t *max_seq_len)
-{
-    krb5_data data;
-    int32_t tmp;
-
-    krb5_ret_xdr_data (sp, &data);
-    *name = malloc(data.length + 1);
-    if (*name == NULL)
-	return ENOMEM;
-    memcpy (*name, data.data, data.length);
-    (*name)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, &data);
-    *instance = malloc(data.length + 1);
-    if (*instance == NULL) {
-	free (*name);
-	return ENOMEM;
-    }
-    memcpy (*instance, data.data, data.length);
-    (*instance)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_int32 (sp, &tmp);
-    *start_time = tmp;
-    krb5_ret_int32 (sp, &tmp);
-    *end_time = tmp;
-    krb5_ret_xdr_data (sp, request);
-    krb5_ret_int32 (sp, max_seq_len);
-    /* ignore the rest */
-    return 0;
-}
-
-static void
-do_authenticate (struct rx_header *hdr,
-		 krb5_storage *sp,
-		 struct sockaddr_in *addr,
-		 krb5_data *reply)
-{
-    krb5_error_code ret;
-    char *name = NULL;
-    char *instance = NULL;
-    time_t start_time;
-    time_t end_time;
-    krb5_data request;
-    int32_t max_seq_len;
-    hdb_entry *client_entry = NULL;
-    hdb_entry *server_entry = NULL;
-    Key *ckey = NULL;
-    Key *skey = NULL;
-    des_cblock key;
-    des_key_schedule schedule;
-    krb5_storage *reply_sp;
-    time_t max_life;
-    u_int8_t life;
-    int32_t chal;
-    char client_name[256];
-    char server_name[256];
-	
-    krb5_data_zero (&request);
-
-    unparse_auth_args (sp, &name, &instance, &start_time, &end_time,
-		       &request, &max_seq_len);
-
-    snprintf (client_name, sizeof(client_name), "%s.%s@%s",
-	      name, instance, v4_realm);
-
-    ret = db_fetch4 (name, instance, v4_realm, &client_entry);
-    if (ret) {
-	kdc_log(0, "Client not found in database: %s: %s",
-		client_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    snprintf (server_name, sizeof(server_name), "%s.%s@%s",
-	      "krbtgt", v4_realm, v4_realm);
-
-    ret = db_fetch4 ("krbtgt", v4_realm, v4_realm, &server_entry);
-    if (ret) {
-	kdc_log(0, "Server not found in database: %s: %s",
-		server_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    ret = check_flags (client_entry, client_name,
-		       server_entry, server_name,
-		       TRUE);
-    if (ret) {
-	make_error_reply (hdr, KAPWEXPIRED, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = get_des_key(client_entry, FALSE, TRUE, &ckey);
-    if(ret){
-	kdc_log(0, "no suitable DES key for client");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = get_des_key(server_entry, TRUE, TRUE, &skey);
-    if(ret){
-	kdc_log(0, "no suitable DES key for server");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* try to decode the `request' */
-    memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
-    des_set_key (&key, schedule);
-    des_pcbc_encrypt (request.data,
-		      request.data,
-		      request.length,
-		      schedule,
-		      &key,
-		      DES_DECRYPT);
-    memset (&schedule, 0, sizeof(schedule));
-
-    /* check for the magic label */
-    if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) {
-	make_error_reply (hdr, KABADREQUEST, reply);
-	goto out;
-    }
-
-    reply_sp = krb5_storage_from_mem (request.data, 4);
-    krb5_ret_int32 (reply_sp, &chal);
-    krb5_storage_free (reply_sp);
-
-    if (abs(chal - kdc_time) > context->max_skew) {
-	make_error_reply (hdr, KACLOCKSKEW, reply);
-	goto out;
-    }
-
-    /* life */
-    max_life = end_time - kdc_time;
-    /* end_time - kdc_time can sometimes be non-positive due to slight
-       time skew between client and server. Let's make sure it is postive */
-    if(max_life < 1)
-	max_life = 1;
-    if (client_entry->max_life)
-	max_life = min(max_life, *client_entry->max_life);
-    if (server_entry->max_life)
-	max_life = min(max_life, *server_entry->max_life);
-
-    life = krb_time_to_life(kdc_time, kdc_time + max_life);
-
-    create_reply_ticket (hdr, skey,
-			 name, instance, v4_realm,
-			 addr, life, server_entry->kvno,
-			 max_seq_len,
-			 "krbtgt", v4_realm,
-			 chal + 1, "tgsT",
-			 &key, reply);
-    memset (&key, 0, sizeof(key));
-
-out:
-    if (request.length) {
-	memset (request.data, 0, request.length);
-	krb5_data_free (&request);
-    }
-    if (name)
-	free (name);
-    if (instance)
-	free (instance);
-    if (client_entry)
-	free_ent (client_entry);
-    if (server_entry)
-	free_ent (server_entry);
-}
-
-static krb5_error_code
-unparse_getticket_args (krb5_storage *sp,
-			int *kvno,
-			char **auth_domain,
-			krb5_data *ticket,
-			char **name,
-			char **instance,
-			krb5_data *times,
-			int32_t *max_seq_len)
-{
-    krb5_data data;
-    int32_t tmp;
-
-    krb5_ret_int32 (sp, &tmp);
-    *kvno = tmp;
-
-    krb5_ret_xdr_data (sp, &data);
-    *auth_domain = malloc(data.length + 1);
-    if (*auth_domain == NULL)
-	return ENOMEM;
-    memcpy (*auth_domain, data.data, data.length);
-    (*auth_domain)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, ticket);
-
-    krb5_ret_xdr_data (sp, &data);
-    *name = malloc(data.length + 1);
-    if (*name == NULL) {
-	free (*auth_domain);
-	return ENOMEM;
-    }
-    memcpy (*name, data.data, data.length);
-    (*name)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, &data);
-    *instance = malloc(data.length + 1);
-    if (*instance == NULL) {
-	free (*auth_domain);
-	free (*name);
-	return ENOMEM;
-    }
-    memcpy (*instance, data.data, data.length);
-    (*instance)[data.length] = '\0';
-    krb5_data_free (&data);
-
-    krb5_ret_xdr_data (sp, times);
-
-    krb5_ret_int32 (sp, max_seq_len);
-    /* ignore the rest */
-    return 0;
-}
-
-static void
-do_getticket (struct rx_header *hdr,
-	      krb5_storage *sp,
-	      struct sockaddr_in *addr,
-	      krb5_data *reply)
-{
-    krb5_error_code ret;
-    int kvno;
-    char *auth_domain = NULL;
-    krb5_data aticket;
-    char *name = NULL;
-    char *instance = NULL;
-    krb5_data times;
-    int32_t max_seq_len;
-    hdb_entry *server_entry = NULL;
-    hdb_entry *krbtgt_entry = NULL;
-    Key *kkey = NULL;
-    Key *skey = NULL;
-    des_cblock key;
-    des_key_schedule schedule;
-    des_cblock session;
-    time_t max_life;
-    int8_t life;
-    time_t start_time, end_time;
-    char pname[ANAME_SZ];
-    char pinst[INST_SZ];
-    char prealm[REALM_SZ];
-    char server_name[256];
-
-    krb5_data_zero (&aticket);
-    krb5_data_zero (&times);
-
-    unparse_getticket_args (sp, &kvno, &auth_domain, &aticket,
-			    &name, &instance, &times, &max_seq_len);
-
-    snprintf (server_name, sizeof(server_name),
-	      "%s.%s@%s", name, instance, v4_realm);
-
-    ret = db_fetch4 (name, instance, v4_realm, &server_entry);
-    if (ret) {
-	kdc_log(0, "Server not found in database: %s: %s",
-		server_name, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    ret = check_flags (NULL, NULL,
-		       server_entry, server_name,
-		       FALSE);
-    if (ret) {
-	make_error_reply (hdr, KAPWEXPIRED, reply);
-	goto out;
-    }
-
-    ret = db_fetch4 ("krbtgt", v4_realm, v4_realm, &krbtgt_entry);
-    if (ret) {
-	kdc_log(0, "Server not found in database: %s.%s@%s: %s",
-		"krbtgt", v4_realm, v4_realm, krb5_get_err_text(context, ret));
-	make_error_reply (hdr, KANOENT, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = get_des_key(krbtgt_entry, TRUE, TRUE, &kkey);
-    if(ret){
-	kdc_log(0, "no suitable DES key for krbtgt");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* find a DES key */
-    ret = get_des_key(server_entry, TRUE, TRUE, &skey);
-    if(ret){
-	kdc_log(0, "no suitable DES key for server");
-	make_error_reply (hdr, KANOKEYS, reply);
-	goto out;
-    }
-
-    /* decrypt the incoming ticket */
-    memcpy (&key, kkey->key.keyvalue.data, sizeof(key));
-
-    /* unpack the ticket */
-    {
-	KTEXT_ST ticket;
-	u_char flags;
-	int life;
-	u_int32_t time_sec;
-	char sname[ANAME_SZ];
-	char sinstance[SNAME_SZ];
-	u_int32_t paddress;
-
-	if (aticket.length > sizeof(ticket.dat)) {
-	    kdc_log(0, "ticket too long (%u > %u)",
-		    (unsigned)aticket.length,
-		    (unsigned)sizeof(ticket.dat));
-	    make_error_reply (hdr, KABADTICKET, reply);
-	    goto out;
-	}
-
-	ticket.length = aticket.length;
-	memcpy (ticket.dat, aticket.data, ticket.length);
-
-	des_set_key (&key, schedule);
-	decomp_ticket (&ticket, &flags, pname, pinst, prealm,
-		       &paddress, session, &life, &time_sec,
-		       sname, sinstance, 
-		       &key, schedule);
-
-	if (strcmp (sname, "krbtgt") != 0
-	    || strcmp (sinstance, v4_realm) != 0) {
-	    kdc_log(0, "no TGT: %s.%s for %s.%s@%s",
-		    sname, sinstance,
-		    pname, pinst, prealm);
-	    make_error_reply (hdr, KABADTICKET, reply);
-	    goto out;
-	}
-
-	if (kdc_time > krb_life_to_time(time_sec, life)) {
-	    kdc_log(0, "TGT expired: %s.%s@%s",
-		    pname, pinst, prealm);
-	    make_error_reply (hdr, KABADTICKET, reply);
-	    goto out;
-	}
-    }
-
-    /* decrypt the times */
-    des_set_key (&session, schedule);
-    des_ecb_encrypt (times.data,
-		     times.data,
-		     schedule,
-		     DES_DECRYPT);
-    memset (&schedule, 0, sizeof(schedule));
-
-    /* and extract them */
-    {
-	krb5_storage *sp;
-	int32_t tmp;
-
-	sp = krb5_storage_from_mem (times.data, times.length);
-	krb5_ret_int32 (sp, &tmp);
-	start_time = tmp;
-	krb5_ret_int32 (sp, &tmp);
-	end_time = tmp;
-	krb5_storage_free (sp);
-    }
-
-    /* life */
-    max_life = end_time - kdc_time;
-    /* end_time - kdc_time can sometimes be non-positive due to slight
-       time skew between client and server. Let's make sure it is postive */
-    if(max_life < 1)
-	max_life = 1;
-    if (krbtgt_entry->max_life)
-	max_life = min(max_life, *krbtgt_entry->max_life);
-    if (server_entry->max_life)
-	max_life = min(max_life, *server_entry->max_life);
-
-    life = krb_time_to_life(kdc_time, kdc_time + max_life);
-
-    create_reply_ticket (hdr, skey,
-			 pname, pinst, prealm,
-			 addr, life, server_entry->kvno,
-			 max_seq_len,
-			 name, instance,
-			 0, "gtkt",
-			 &session, reply);
-    memset (&session, 0, sizeof(session));
-    
-out:
-    if (aticket.length) {
-	memset (aticket.data, 0, aticket.length);
-	krb5_data_free (&aticket);
-    }
-    if (times.length) {
-	memset (times.data, 0, times.length);
-	krb5_data_free (&times);
-    }
-    if (auth_domain)
-	free (auth_domain);
-    if (name)
-	free (name);
-    if (instance)
-	free (instance);
-    if (krbtgt_entry)
-	free_ent (krbtgt_entry);
-    if (server_entry)
-	free_ent (server_entry);
-}
-
-krb5_error_code
-do_kaserver(unsigned char *buf,
-	    size_t len,
-	    krb5_data *reply,
-	    const char *from,
-	    struct sockaddr_in *addr)
-{
-    krb5_error_code ret = 0;
-    struct rx_header hdr;
-    u_int32_t op;
-    krb5_storage *sp;
-
-    if (len < RX_HEADER_SIZE)
-	return -1;
-    sp = krb5_storage_from_mem (buf, len);
-
-    decode_rx_header (sp, &hdr);
-    buf += RX_HEADER_SIZE;
-    len -= RX_HEADER_SIZE;
-
-    switch (hdr.type) {
-    case HT_DATA :
-	break;
-    case HT_ACK :
-    case HT_BUSY :
-    case HT_ABORT :
-    case HT_ACKALL :
-    case HT_CHAL :
-    case HT_RESP :
-    case HT_DEBUG :
-    default:
-	/* drop */
-	goto out;
-    }
-
-
-    if (hdr.serviceid != KA_AUTHENTICATION_SERVICE
-	&& hdr.serviceid != KA_TICKET_GRANTING_SERVICE) {
-	ret = -1;
-	goto out;
-    }
-
-    krb5_ret_int32(sp, &op);
-    switch (op) {
-    case AUTHENTICATE :
-	do_authenticate (&hdr, sp, addr, reply);
-	break;
-    case GETTICKET :
-	do_getticket (&hdr, sp, addr, reply);
-	break;
-    case AUTHENTICATE_OLD :
-    case CHANGEPASSWORD :
-    case GETTICKET_OLD :
-    case SETPASSWORD :
-    case SETFIELDS :
-    case CREATEUSER :
-    case DELETEUSER :
-    case GETENTRY :
-    case LISTENTRY :
-    case GETSTATS :
-    case DEBUG :
-    case GETPASSWORD :
-    case GETRANDOMKEY :
-    case AUTHENTICATE_V2 :
-    default :
-	make_error_reply (&hdr, RXGEN_OPCODE, reply);
-	break;
-    }
-
-out:
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8
deleted file mode 100644
index baae563d5236..000000000000
--- a/crypto/heimdal/kdc/kdc.8
+++ /dev/null
@@ -1,229 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: kdc.8,v 1.23 2003/04/06 17:48:40 lha Exp $
-.\"
-.Dd August 22, 2002
-.Dt KDC 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kdc
-.Nd Kerberos 5 server
-.Sh SYNOPSIS
-.Nm
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl p | Fl -no-require-preauth
-.Op Fl -max-request= Ns Ar size
-.Op Fl H | Fl -enable-http
-.Op Fl -no-524
-.Op Fl -kerberos4
-.Op Fl -kerberos4-cross-realm
-.Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string
-.Xc
-.Oc
-.Op Fl K | Fl -kaserver
-.Oo Fl P Ar portspec \*(Ba Xo
-.Fl -ports= Ns Ar portspec
-.Xc
-.Oc
-.Op Fl -detach
-.Op Fl -addresses= Ns Ar list of addresses
-.Sh DESCRIPTION
-.Nm
-serves requests for tickets.
-When it starts, it first checks the flags passed, any options that are
-not specified with a command line flag are taken from a config file,
-or from a default compiled-in value.
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
-Specifies the location of the config file, the default is
-.Pa /var/heimdal/kdc.conf .
-This is the only value that can't be specified in the config file.
-.It Xo
-.Fl p ,
-.Fl -no-require-preauth
-.Xc
-Turn off the requirement for pre-autentication in the initial AS-REQ
-for all principals.
-The use of pre-authentication makes it more difficult to do offline
-password attacks.
-You might want to turn it off if you have clients
-that don't support pre-authentication.
-Since the version 4 protocol doesn't support any pre-authentication,
-serving version 4 clients is just about the same as not requiring
-pre-athentication.
-The default is to require pre-authentication.
-Adding the require-preauth per principal is a more flexible way of
-handling this.
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
-Gives an upper limit on the size of the requests that the kdc is
-willing to handle.
-.It Xo
-.Fl H ,
-.Fl -enable-http
-.Xc
-Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
-.It Xo
-.Fl -no-524
-.Xc
-don't respond to 524 requests
-.It Xo
-.Fl -kerberos4
-.Xc
-respond to Kerberos 4 requests
-.It Xo
-.Fl -kerberos4-cross-realm
-.Xc
-respond to Kerberos 4 requests from foreign realms.
-This is a known security hole and should not be enabled unless you
-understand the consequences and are willing to live with them.
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
-What realm this server should act as when dealing with version 4
-requests.
-The database can contain any number of realms, but since the version 4
-protocol doesn't contain a realm for the server, it must be explicitly
-specified.
-The default is whatever is returned by
-.Fn krb_get_lrealm .
-This option is only availabe if the KDC has been compiled with version
-4 support.
-.It Xo
-.Fl K ,
-.Fl -kaserver
-.Xc
-Enable kaserver emulation (in case it's compiled in).
-.It Xo
-.Fl P Ar portspec ,
-.Fl -ports= Ns Ar portspec
-.Xc
-Specifies the set of ports the KDC should listen on.
-It is given as a
-white-space separated list of services or port numbers.
-.It Fl -addresses= Ns Ar list of addresses
-The list of addresses to listen for requests on.
-By default, the kdc will listen on all the locally configured
-addresses.
-If only a subset is desired, or the automatic detection fails, this
-option might be used.
-.El
-.Pp
-All activities are logged to one or more destinations, see
-.Xr krb5.conf 5 ,
-and
-.Xr krb5_openlog 3 .
-The entity used for logging is
-.Nm kdc .
-.Sh CONFIGURATION FILE
-The configuration file has the same syntax as 
-.Xr krb5.conf 5 ,
-but will be read before 
-.Pa /etc/krb5.conf ,
-so it may override settings found there.
-Options specific to the KDC only are found in the
-.Dq [kdc] 
-section.
-All the command-line options can preferably be added in the
-configuration file.
-The only difference is the pre-authentication flag, which has to be
-specified as:
-.Pp
-.Dl require-preauth = no
-.Pp
-(in fact you can specify the option as
-.Fl -require-preauth=no ) .
-.Pp
-And there are some configuration options which do not have
-command-line equivalents:
-.Bl -tag -width "xxx" -offset indent
-.It Li check-ticket-addresses = Va boolean
-Check the addresses in the ticket when processing TGS requests.
-The default is FALSE.
-.It Li allow-null-ticket-addresses = Va boolean
-Permit tickets with no addresses.
-This option is only relevant when check-ticket-addresses is TRUE.
-.It Li allow-anonymous = Va boolean
-Permit anonymous tickets with no addresses.
-.It encode_as_rep_as_tgs_rep = Va boolean
-Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code.
-The Heimdal clients allow both.
-.It kdc_warn_pwexpire = Va time
-How long before password/principal expiration the KDC should start
-sending out warning messages.
-.El
-.Pp
-The configuration file is only read when the 
-.Nm
-is started.
-If changes made to the configuration file are to take effect, the
-.Nm
-needs to be restarted.
-.Pp
-An example of a config file:
-.Bd -literal -offset indent
-[kdc]
-	require-preauth = no
-	v4-realm = FOO.SE
-	key-file = /key-file
-.Ed
-.Sh BUGS
-If the machine running the KDC has new addresses added to it, the KDC
-will have to be restarted to listen to them.
-The reason it doesn't just listen to wildcarded (like INADDR_ANY)
-addresses, is that the replies has to come from the same address they
-were sent to, and most OS:es doesn't pass this information to the
-application.
-If your normal mode of operation require that you add and remove
-addresses, the best option is probably to listen to a wildcarded TCP
-socket, and make sure your clients use TCP to connect.
-For instance, this will listen to IPv4 TCP port 88 only:
-.Bd -literal -offset indent
-kdc --addresses=0.0.0.0 --ports="88/tcp" 
-.Ed
-.Pp
-There should be a way to specify protocol, port, and address triplets,
-not just addresses and protocol, port tuples.
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8
deleted file mode 100644
index 4d83d59973da..000000000000
--- a/crypto/heimdal/kdc/kdc.cat8
+++ /dev/null
@@ -1,126 +0,0 @@
-KDC(8)                  NetBSD System Manager's Manual                  KDC(8)
-
-NNAAMMEE
-     kkddcc - Kerberos 5 server
-
-SSYYNNOOPPSSIISS
-     kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
-     [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
-     [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
-     ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkddcc serves requests for tickets. When it starts, it first checks the
-     flags passed, any options that are not specified with a command line flag
-     is taken from a config file, or from a default compiled-in value.
-
-     Options supported:
-
-     --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
-             Specifies the location of the config file, the default is
-             _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f.  This is the only value that can't be
-             specified in the config file.
-
-     --pp, ----nnoo--rreeqquuiirree--pprreeaauutthh
-             Turn off the requirement for pre-autentication in the initial AS-
-             REQ for all principals. The use of pre-authentication makes it
-             more difficult to do offline password attacks. You might want to
-             turn it off if you have clients that doesn't do pre-authentica-
-             tion. Since the version 4 protocol doesn't support any pre-au-
-             thentication, so serving version 4 clients is just about the same
-             as not requiring pre-athentication. The default is to require
-             pre-authentication. Adding the require-preauth per principal is a
-             more flexible way of handling this.
-
-     ----mmaaxx--rreeqquueesstt==_s_i_z_e
-             Gives an upper limit on the size of the requests that the kdc is
-             willing to handle.
-
-     --HH, ----eennaabbllee--hhttttpp
-             Makes the kdc listen on port 80 and handle requests encapsulated
-             in HTTP.
-
-     --KK, ----nnoo--kkaasseerrvveerr
-             Disables kaserver emulation (in case it's compiled in).
-
-     --rr _r_e_a_l_m, ----vv44--rreeaallmm==_r_e_a_l_m
-             What realm this server should act as when dealing with version 4
-             requests. The database can contain any number of realms, but
-             since the version 4 protocol doesn't contain a realm for the
-             server, it must be explicitly specified. The default is whatever
-             is returned by kkrrbb__ggeett__llrreeaallmm().  This option is only availabe if
-             the KDC has been compiled with version 4 support.
-
-     --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
-             Specifies the set of ports the KDC should listen on.  It is given
-             as a white-space separated list of services or port numbers.
-
-     ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
-             The list of addresses to listen for requests on.  By default, the
-             kdc will listen on all the locally configured addresses.  If only
-             a subset is desired, or the automatic detection fails, this op-
-             tion might be used.
-
-     All activities , are logged to one or more destinations, see
-     krb5.conf(5), and krb5_openlog(3).  The entity used for logging is kkddcc.
-
-CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
-     The configuration file has the same syntax as krb5.conf(5), but will be
-     read before _/_e_t_c_/_k_r_b_5_._c_o_n_f, so it may override settings found there. Op-
-     tions specific to the KDC only are found in the ``[kdc]'' section.  All
-     the command-line options can preferably be added in the configuration
-     file.  The only difference is the pre-authentication flag, that has to be
-     specified as:
-
-           require-preauth = no
-
-     (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
-
-     And there are some configuration options which do not have command-line
-     equivalents:
-
-           check-ticket-addresses = _b_o_o_l_e_a_n
-                Check the addresses in the ticket when processing TGS re-
-                quests.  The default is FALSE.
-
-           allow-null-ticket-addresses = _b_o_o_l_e_a_n
-                Permit tickets with no addresses.  This option is only rele-
-                vant when check-ticket-addresses is TRUE.
-
-           allow-anonymous = _b_o_o_l_e_a_n
-                Permit anonymous tickets with no addresses.
-
-           encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
-                Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
-                code.  The Heimdal clients allow both.
-
-           kdc_warn_pwexpire = _t_i_m_e
-                How long before password/principal expiration the KDC should
-                start sending out warning messages.
-
-     An example of a config file:
-
-           [kdc]
-                   require-preauth = no
-                   v4-realm = FOO.SE
-                   key-file = /key-file
-
-BBUUGGSS
-     If the machine running the KDC has new addresses added to it, the KDC
-     will have to be restarted to listen to them. The reason it doesn't just
-     listen to wildcarded (like INADDR_ANY) addresses, is that the replies has
-     to come from the same address they were sent to, and most OS:es doesn't
-     pass this information to the application. If your normal mode of opera-
-     tion require that you add and remove addresses, the best option is proba-
-     bly to listen to a wildcarded TCP socket, and make sure your clients use
-     TCP to connect. For instance, this will listen to IPv4 TCP port 88 only:
-
-           kdc --addresses=0.0.0.0 --ports="88/tcp"
-
-     There should be a way to specify protocol, port, and address triplets,
-     not just addresses and protocol, port tuples.
-
-SSEEEE AALLSSOO
-     kinit(1), krb5.conf(5)
-
- HEIMDAL                        August 22, 2002                              2
diff --git a/crypto/heimdal/kdc/kdc_locl.h b/crypto/heimdal/kdc/kdc_locl.h
deleted file mode 100644
index 9c19f54add27..000000000000
--- a/crypto/heimdal/kdc/kdc_locl.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* 
- * $Id: kdc_locl.h,v 1.58 2003/03/18 00:23:06 lha Exp $ 
- */
-
-#ifndef __KDC_LOCL_H__
-#define __KDC_LOCL_H__
-
-#include "headers.h"
-
-extern krb5_context context;
-
-extern int require_preauth;
-extern sig_atomic_t exit_flag;
-extern size_t max_request;
-extern time_t kdc_warn_pwexpire;
-extern struct dbinfo {
-    char *realm;
-    char *dbname;
-    char *mkey_file;
-    struct dbinfo *next;
-} *databases;
-extern HDB **db;
-extern int num_db;
-extern const char *port_str;
-extern krb5_addresses explicit_addresses;
-
-extern int enable_http;
-extern krb5_boolean encode_as_rep_as_tgs_rep;
-extern krb5_boolean check_ticket_addresses;
-extern krb5_boolean allow_null_ticket_addresses;
-extern krb5_boolean allow_anonymous;
-extern int enable_524;
-extern int enable_v4_cross_realm;
-
-#ifdef KRB4
-extern char *v4_realm;
-extern int enable_v4;
-extern krb5_boolean enable_kaserver;
-#endif
-
-#define _PATH_KDC_CONF		HDB_DB_DIR "/kdc.conf"
-#define DEFAULT_LOG_DEST	"0-1/FILE:" HDB_DB_DIR "/kdc.log"
-
-extern struct timeval now;
-#define kdc_time (now.tv_sec)
-
-krb5_error_code as_rep (KDC_REQ*, krb5_data*, const char*, struct sockaddr*);
-void configure (int, char**);
-krb5_error_code db_fetch (krb5_principal, hdb_entry**);
-void free_ent(hdb_entry *);
-void kdc_log (int, const char*, ...)
-    __attribute__ ((format (printf, 2,3)));
-
-char* kdc_log_msg (int, const char*, ...)
-    __attribute__ ((format (printf, 2,3)));
-char* kdc_log_msg_va (int, const char*, va_list)
-    __attribute__ ((format (printf, 2,0)));
-void kdc_openlog (void);
-void loop (void);
-void set_master_key (EncryptionKey);
-krb5_error_code tgs_rep (KDC_REQ*, krb5_data*, const char*, struct sockaddr *);
-Key* unseal_key (Key*);
-krb5_error_code check_flags(hdb_entry *client, const char *client_name,
-			    hdb_entry *server, const char *server_name,
-			    krb5_boolean is_as_req);
-
-krb5_error_code get_des_key(hdb_entry*, krb5_boolean, krb5_boolean, Key**);
-krb5_error_code encode_v4_ticket (void*, size_t, const EncTicketPart*, 
-				  const PrincipalName*, size_t*);
-krb5_error_code do_524 (const Ticket*, krb5_data*, const char*, struct sockaddr*);
-
-#ifdef KRB4
-krb5_error_code db_fetch4 (const char*, const char*, const char*, hdb_entry**);
-krb5_error_code do_version4 (unsigned char*, size_t, krb5_data*, const char*, 
-			     struct sockaddr_in*);
-int maybe_version4 (unsigned char*, int);
-#endif
-
-#ifdef KRB4
-krb5_error_code do_kaserver (unsigned char*, size_t, krb5_data*, const char*, 
-			     struct sockaddr_in*);
-#endif
-
-#ifdef HAVE_OPENSSL
-#define des_new_random_key des_random_key
-#endif
-
-#endif /* __KDC_LOCL_H__ */
diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c
deleted file mode 100644
index 8c6c3f03c733..000000000000
--- a/crypto/heimdal/kdc/kerberos4.c
+++ /dev/null
@@ -1,650 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: kerberos4.c,v 1.45 2003/03/17 05:37:55 assar Exp $");
-
-#ifdef KRB4
-
-#ifndef swap32
-static u_int32_t
-swap32(u_int32_t x)
-{
-    return ((x << 24) & 0xff000000) |
-	((x << 8) & 0xff0000) |
-	((x >> 8) & 0xff00) |
-	((x >> 24) & 0xff);
-}
-#endif /* swap32 */
-
-int
-maybe_version4(unsigned char *buf, int len)
-{
-    return len > 0 && *buf == 4;
-}
-
-static void
-make_err_reply(krb5_data *reply, int code, const char *msg)
-{
-    KTEXT_ST er;
-
-    /* name, instance and realm are not checked in most (all?)
-       implementations; msg is also never used, but we send it anyway
-       (for debugging purposes) */
-
-    if(msg == NULL)
-	msg = krb_get_err_text(code);
-    cr_err_reply(&er, "", "", "", kdc_time, code, (char*)msg);
-    krb5_data_copy(reply, er.dat, er.length);
-}
-
-static krb5_boolean
-valid_princ(krb5_context context, krb5_principal princ)
-{
-    krb5_error_code ret;
-    char *s;
-    hdb_entry *ent;
-
-    ret = krb5_unparse_name(context, princ, &s);
-    if (ret)
-	return FALSE;
-    ret = db_fetch(princ, &ent);
-    if (ret) {
-	kdc_log(7, "Lookup %s failed: %s", s,
-		krb5_get_err_text (context, ret));
-	free(s);
-	return FALSE;
-    }
-    kdc_log(7, "Lookup %s succeeded", s);
-    free(s);
-    free_ent(ent);
-    return TRUE;
-}
-
-krb5_error_code
-db_fetch4(const char *name, const char *instance, const char *realm,
-	  hdb_entry **ent)
-{
-    krb5_principal p;
-    krb5_error_code ret;
-    
-    ret = krb5_425_conv_principal_ext(context, name, instance, realm, 
-				      valid_princ, 0, &p);
-    if(ret)
-	return ret;
-    ret = db_fetch(p, ent);
-    krb5_free_principal(context, p);
-    return ret;
-}
-
-#define RCHECK(X, L) if(X){make_err_reply(reply, KFAILURE, "Packet too short"); goto L;}
-
-/*
- * Process the v4 request in `buf, len' (received from `addr'
- * (with string `from').
- * Return an error code and a reply in `reply'.
- */
-
-krb5_error_code
-do_version4(unsigned char *buf,
-	    size_t len,
-	    krb5_data *reply,
-	    const char *from,
-	    struct sockaddr_in *addr)
-{
-    krb5_storage *sp;
-    krb5_error_code ret;
-    hdb_entry *client = NULL, *server = NULL;
-    Key *ckey, *skey;
-    int8_t pvno;
-    int8_t msg_type;
-    int lsb;
-    char *name = NULL, *inst = NULL, *realm = NULL;
-    char *sname = NULL, *sinst = NULL;
-    int32_t req_time;
-    time_t max_life;
-    u_int8_t life;
-    char client_name[256];
-    char server_name[256];
-
-    if(!enable_v4) {
-	kdc_log(0, "Rejected version 4 request from %s", from);
-	make_err_reply(reply, KDC_GEN_ERR, "function not enabled");
-	return 0;
-    }
-
-    sp = krb5_storage_from_mem(buf, len);
-    RCHECK(krb5_ret_int8(sp, &pvno), out);
-    if(pvno != 4){
-	kdc_log(0, "Protocol version mismatch (krb4) (%d)", pvno);
-	make_err_reply(reply, KDC_PKT_VER, NULL);
-	goto out;
-    }
-    RCHECK(krb5_ret_int8(sp, &msg_type), out);
-    lsb = msg_type & 1;
-    msg_type &= ~1;
-    switch(msg_type){
-    case AUTH_MSG_KDC_REQUEST:
-	RCHECK(krb5_ret_stringz(sp, &name), out1);
-	RCHECK(krb5_ret_stringz(sp, &inst), out1);
-	RCHECK(krb5_ret_stringz(sp, &realm), out1);
-	RCHECK(krb5_ret_int32(sp, &req_time), out1);
-	if(lsb)
-	    req_time = swap32(req_time);
-	RCHECK(krb5_ret_int8(sp, &life), out1);
-	RCHECK(krb5_ret_stringz(sp, &sname), out1);
-	RCHECK(krb5_ret_stringz(sp, &sinst), out1);
-	snprintf (client_name, sizeof(client_name),
-		  "%s.%s@%s", name, inst, realm);
-	snprintf (server_name, sizeof(server_name),
-		  "%s.%s@%s", sname, sinst, v4_realm);
-	
-	kdc_log(0, "AS-REQ (krb4) %s from %s for %s",
-		client_name, from, server_name);
-
-	ret = db_fetch4(name, inst, realm, &client);
-	if(ret) {
-	    kdc_log(0, "Client not found in database: %s: %s",
-		    client_name, krb5_get_err_text(context, ret));
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
-	    goto out1;
-	}
-	ret = db_fetch4(sname, sinst, v4_realm, &server);
-	if(ret){
-	    kdc_log(0, "Server not found in database: %s: %s",
-		    server_name, krb5_get_err_text(context, ret));
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
-	    goto out1;
-	}
-
-	ret = check_flags (client, client_name,
-			   server, server_name,
-			   TRUE);
-	if (ret) {
-	    /* good error code? */
-	    make_err_reply(reply, KERB_ERR_NAME_EXP, NULL);
-	    goto out1;
-	}
-
-	/*
-	 * There's no way to do pre-authentication in v4 and thus no
-	 * good error code to return if preauthentication is required.
-	 */
-
-	if (require_preauth
-	    || client->flags.require_preauth
-	    || server->flags.require_preauth) {
-	    kdc_log(0,
-		    "Pre-authentication required for v4-request: "
-		    "%s for %s",
-		    client_name, server_name);
-	    make_err_reply(reply, KERB_ERR_NULL_KEY, NULL);
-	    goto out1;
-	}
-
-	ret = get_des_key(client, FALSE, FALSE, &ckey);
-	if(ret){
-	    kdc_log(0, "no suitable DES key for client");
-	    make_err_reply(reply, KDC_NULL_KEY, 
-			   "no suitable DES key for client");
-	    goto out1;
-	}
-
-#if 0
-	/* this is not necessary with the new code in libkrb */
-	/* find a properly salted key */
-	while(ckey->salt == NULL || ckey->salt->salt.length != 0)
-	    ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey);
-	if(ret){
-	    kdc_log(0, "No version-4 salted key in database -- %s.%s@%s", 
-		    name, inst, realm);
-	    make_err_reply(reply, KDC_NULL_KEY, 
-			   "No version-4 salted key in database");
-	    goto out1;
-	}
-#endif
-	
-	ret = get_des_key(server, TRUE, FALSE, &skey);
-	if(ret){
-	    kdc_log(0, "no suitable DES key for server");
-	    /* XXX */
-	    make_err_reply(reply, KDC_NULL_KEY, 
-			   "no suitable DES key for server");
-	    goto out1;
-	}
-
-	max_life = krb_life_to_time(0, life);
-	if(client->max_life)
-	    max_life = min(max_life, *client->max_life);
-	if(server->max_life)
-	    max_life = min(max_life, *server->max_life);
-
-	life = krb_time_to_life(kdc_time, kdc_time + max_life);
-    
-	{
-	    KTEXT_ST cipher, ticket;
-	    KTEXT r;
-	    des_cblock session;
-
-	    des_new_random_key(&session);
-
-	    krb_create_ticket(&ticket, 0, name, inst, v4_realm,
-			      addr->sin_addr.s_addr, session, life, kdc_time, 
-			      sname, sinst, skey->key.keyvalue.data);
-	
-	    create_ciph(&cipher, session, sname, sinst, v4_realm,
-			life, server->kvno % 256, &ticket, kdc_time, 
-			ckey->key.keyvalue.data);
-	    memset(&session, 0, sizeof(session));
-	    r = create_auth_reply(name, inst, realm, req_time, 0, 
-				  client->pw_end ? *client->pw_end : 0, 
-				  client->kvno % 256, &cipher);
-	    krb5_data_copy(reply, r->dat, r->length);
-	    memset(&cipher, 0, sizeof(cipher));
-	    memset(&ticket, 0, sizeof(ticket));
-	}
-    out1:
-	break;
-    case AUTH_MSG_APPL_REQUEST: {
-	int8_t kvno;
-	int8_t ticket_len;
-	int8_t req_len;
-	KTEXT_ST auth;
-	AUTH_DAT ad;
-	size_t pos;
-	krb5_principal tgt_princ = NULL;
-	hdb_entry *tgt = NULL;
-	Key *tkey;
-	
-	RCHECK(krb5_ret_int8(sp, &kvno), out2);
-	RCHECK(krb5_ret_stringz(sp, &realm), out2);
-	
-	ret = krb5_425_conv_principal(context, "krbtgt", realm, v4_realm,
-				      &tgt_princ);
-	if(ret){
-	    kdc_log(0, "Converting krbtgt principal (krb4): %s", 
-		    krb5_get_err_text(context, ret));
-	    make_err_reply(reply, KFAILURE, 
-			   "Failed to convert v4 principal (krbtgt)");
-	    goto out2;
-	}
-
-	ret = db_fetch(tgt_princ, &tgt);
-	if(ret){
-	    char *s;
-	    s = kdc_log_msg(0, "Ticket-granting ticket not "
-			    "found in database (krb4): krbtgt.%s@%s: %s", 
-			    realm, v4_realm,
-			    krb5_get_err_text(context, ret));
-	    make_err_reply(reply, KFAILURE, s);
-	    free(s);
-	    goto out2;
-	}
-	
-	if(tgt->kvno % 256 != kvno){
-	    kdc_log(0, "tgs-req (krb4) with old kvno %d (current %d) for "
-		    "krbtgt.%s@%s", kvno, tgt->kvno % 256, realm, v4_realm);
-	    make_err_reply(reply, KDC_AUTH_EXP,
-			   "old krbtgt kvno used");
-	    goto out2;
-	}
-
-	ret = get_des_key(tgt, TRUE, FALSE, &tkey);
-	if(ret){
-	    kdc_log(0, "no suitable DES key for krbtgt (krb4)");
-	    /* XXX */
-	    make_err_reply(reply, KDC_NULL_KEY, 
-			   "no suitable DES key for krbtgt");
-	    goto out2;
-	}
-
-	RCHECK(krb5_ret_int8(sp, &ticket_len), out2);
-	RCHECK(krb5_ret_int8(sp, &req_len), out2);
-	
-	pos = krb5_storage_seek(sp, ticket_len + req_len, SEEK_CUR);
-	
-	memset(&auth, 0, sizeof(auth));
-	memcpy(&auth.dat, buf, pos);
-	auth.length = pos;
-	krb_set_key(tkey->key.keyvalue.data, 0);
-
-	krb_ignore_ip_address = !check_ticket_addresses;
-
-	ret = krb_rd_req(&auth, "krbtgt", realm, 
-			 addr->sin_addr.s_addr, &ad, 0);
-	if(ret){
-	    kdc_log(0, "krb_rd_req: %s", krb_get_err_text(ret));
-	    make_err_reply(reply, ret, NULL);
-	    goto out2;
-	}
-	
-	RCHECK(krb5_ret_int32(sp, &req_time), out2);
-	if(lsb)
-	    req_time = swap32(req_time);
-	RCHECK(krb5_ret_int8(sp, &life), out2);
-	RCHECK(krb5_ret_stringz(sp, &sname), out2);
-	RCHECK(krb5_ret_stringz(sp, &sinst), out2);
-	snprintf (server_name, sizeof(server_name),
-		  "%s.%s@%s",
-		  sname, sinst, v4_realm);
-
-	kdc_log(0, "TGS-REQ (krb4) %s.%s@%s from %s for %s",
-		ad.pname, ad.pinst, ad.prealm, from, server_name);
-	
-	if(strcmp(ad.prealm, realm)){
-	    kdc_log(0, "Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, 
-			   "Can't hop realms");
-	    goto out2;
-	}
-
-	if (!enable_v4_cross_realm && strcmp(realm, v4_realm) != 0) {
-	    kdc_log(0, "krb4 Cross-realm %s -> %s disabled", realm, v4_realm);
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, 
-			   "Can't hop realms");
-	    goto out2;
-	}
-
-	if(strcmp(sname, "changepw") == 0){
-	    kdc_log(0, "Bad request for changepw ticket (krb4)");
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, 
-			   "Can't authorize password change based on TGT");
-	    goto out2;
-	}
-	
-#if 0
-	ret = db_fetch4(ad.pname, ad.pinst, ad.prealm, &client);
-	if(ret){
-	    char *s;
-	    s = kdc_log_msg(0, "Client not found in database: (krb4) "
-			    "%s.%s@%s: %s",
-			    ad.pname, ad.pinst, ad.prealm,
-			    krb5_get_err_text(context, ret));
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
-	    free(s);
-	    goto out2;
-	}
-#endif
-	
-	ret = db_fetch4(sname, sinst, v4_realm, &server);
-	if(ret){
-	    char *s;
-	    s = kdc_log_msg(0, "Server not found in database (krb4): %s: %s",
-			    server_name, krb5_get_err_text(context, ret));
-	    make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
-	    free(s);
-	    goto out2;
-	}
-
-	ret = check_flags (NULL, NULL,
-			   server, server_name,
-			   FALSE);
-	if (ret) {
-	    /* good error code? */
-	    make_err_reply(reply, KERB_ERR_NAME_EXP, NULL);
-	    goto out2;
-	}
-
-	ret = get_des_key(server, TRUE, FALSE, &skey);
-	if(ret){
-	    kdc_log(0, "no suitable DES key for server (krb4)");
-	    /* XXX */
-	    make_err_reply(reply, KDC_NULL_KEY, 
-			   "no suitable DES key for server");
-	    goto out2;
-	}
-
-	max_life = krb_life_to_time(ad.time_sec, ad.life);
-	max_life = min(max_life, krb_life_to_time(kdc_time, life));
-	life = min(life, krb_time_to_life(kdc_time, max_life));
-	max_life = krb_life_to_time(0, life);
-#if 0
-	if(client->max_life)
-	    max_life = min(max_life, *client->max_life);
-#endif
-	if(server->max_life)
-	    max_life = min(max_life, *server->max_life);
-	
-	{
-	    KTEXT_ST cipher, ticket;
-	    KTEXT r;
-	    des_cblock session;
-	    des_new_random_key(&session);
-
-	    krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm,
-			      addr->sin_addr.s_addr, &session, life, kdc_time,
-			      sname, sinst, skey->key.keyvalue.data);
-	    
-	    create_ciph(&cipher, session, sname, sinst, v4_realm,
-			life, server->kvno % 256, &ticket,
-			kdc_time, &ad.session);
-
-	    memset(&session, 0, sizeof(session));
-	    memset(ad.session, 0, sizeof(ad.session));
-
-	    r = create_auth_reply(ad.pname, ad.pinst, ad.prealm, 
-				  req_time, 0, 0, 0, &cipher);
-	    krb5_data_copy(reply, r->dat, r->length);
-	    memset(&cipher, 0, sizeof(cipher));
-	    memset(&ticket, 0, sizeof(ticket));
-	}
-    out2:
-	if(tgt_princ)
-	    krb5_free_principal(context, tgt_princ);
-	if(tgt)
-	    free_ent(tgt);
-	break;
-    }
-    
-    case AUTH_MSG_ERR_REPLY:
-	break;
-    default:
-	kdc_log(0, "Unknown message type (krb4): %d from %s", 
-		msg_type, from);
-	
-	make_err_reply(reply, KFAILURE, "Unknown message type");
-    }
-out:
-    if(name)
-	free(name);
-    if(inst)
-	free(inst);
-    if(realm)
-	free(realm);
-    if(sname)
-	free(sname);
-    if(sinst)
-	free(sinst);
-    if(client)
-	free_ent(client);
-    if(server)
-	free_ent(server);
-    krb5_storage_free(sp);
-    return 0;
-}
-
-#else /* KRB4 */
-
-#include <krb5-v4compat.h>
-
-#endif /* KRB4 */
-
-krb5_error_code
-encode_v4_ticket(void *buf, size_t len, const EncTicketPart *et,
-		 const PrincipalName *service, size_t *size)
-{
-    krb5_storage *sp;
-    krb5_error_code ret;
-    char name[40], inst[40], realm[40];
-    char sname[40], sinst[40];
-
-    {
-	krb5_principal princ;
-	principalname2krb5_principal(&princ,
-				     *service,
-				     et->crealm);
-	ret = krb5_524_conv_principal(context, 
-				      princ,
-				      sname,
-				      sinst,
-				      realm);
-	krb5_free_principal(context, princ);
-	if(ret)
-	    return ret;
-
-	principalname2krb5_principal(&princ,
-				     et->cname,
-				     et->crealm);
-				     
-	ret = krb5_524_conv_principal(context, 
-				      princ,
-				      name,
-				      inst,
-				      realm);
-	krb5_free_principal(context, princ);
-    }
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_emem();
-    
-    krb5_store_int8(sp, 0); /* flags */
-    krb5_store_stringz(sp, name);
-    krb5_store_stringz(sp, inst);
-    krb5_store_stringz(sp, realm);
-    {
-	unsigned char tmp[4] = { 0, 0, 0, 0 };
-	int i;
-	if(et->caddr){
-	    for(i = 0; i < et->caddr->len; i++)
-		if(et->caddr->val[i].addr_type == AF_INET &&
-		   et->caddr->val[i].address.length == 4){
-		    memcpy(tmp, et->caddr->val[i].address.data, 4);
-		    break;
-		}
-	}
-	krb5_storage_write(sp, tmp, sizeof(tmp));
-    }
-
-    if((et->key.keytype != ETYPE_DES_CBC_MD5 &&
-	et->key.keytype != ETYPE_DES_CBC_MD4 &&
-	et->key.keytype != ETYPE_DES_CBC_CRC) || 
-       et->key.keyvalue.length != 8)
-	return -1;
-    krb5_storage_write(sp, et->key.keyvalue.data, 8);
-    
-    {
-	time_t start = et->starttime ? *et->starttime : et->authtime;
-	krb5_store_int8(sp, krb_time_to_life(start, et->endtime));
-	krb5_store_int32(sp, start);
-    }
-
-    krb5_store_stringz(sp, sname);
-    krb5_store_stringz(sp, sinst);
-    
-    {
-	krb5_data data;
-	krb5_storage_to_data(sp, &data);
-	krb5_storage_free(sp);
-	*size = (data.length + 7) & ~7; /* pad to 8 bytes */
-	if(*size > len)
-	    return -1;
-	memset((unsigned char*)buf - *size + 1, 0, *size);
-	memcpy((unsigned char*)buf - *size + 1, data.data, data.length);
-	krb5_data_free(&data);
-    }
-    return 0;
-}
-
-krb5_error_code
-get_des_key(hdb_entry *principal, krb5_boolean is_server, 
-	    krb5_boolean prefer_afs_key, Key **ret_key)
-{
-    Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
-    int i;
-    krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, 
-			      ETYPE_DES_CBC_MD4, 
-			      ETYPE_DES_CBC_CRC };
-
-    for(i = 0;
-	i < sizeof(etypes)/sizeof(etypes[0])
-	    && (v5_key == NULL || v4_key == NULL || 
-		afs_key == NULL || server_key == NULL);
-	++i) {
-	Key *key = NULL;
-	while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) {
-	    if(key->salt == NULL) {
-		if(v5_key == NULL)
-		    v5_key = key;
-	    } else if(key->salt->type == hdb_pw_salt && 
-		      key->salt->salt.length == 0) {
-		if(v4_key == NULL)
-		    v4_key = key;
-	    } else if(key->salt->type == hdb_afs3_salt) {
-		if(afs_key == NULL)
-		    afs_key = key;
-	    } else if(server_key == NULL)
-		server_key = key;
-	}
-    }
-
-    if(prefer_afs_key) {
-	if(afs_key)
-	    *ret_key = afs_key;
-	else if(v4_key)
-	    *ret_key = v4_key;
-	else if(v5_key)
-	    *ret_key = v5_key;
-	else if(is_server && server_key)
-	    *ret_key = server_key;
-	else
-	    return KERB_ERR_NULL_KEY;
-    } else {
-	if(v4_key)
-	    *ret_key = v4_key;
-	else if(afs_key)
-	    *ret_key = afs_key;
-	else  if(v5_key)
-	    *ret_key = v5_key;
-	else if(is_server && server_key)
-	    *ret_key = server_key;
-	else
-	    return KERB_ERR_NULL_KEY;
-    }
-
-    if((*ret_key)->key.keyvalue.length == 0)
-	return KERB_ERR_NULL_KEY;
-    return 0;
-}
-
diff --git a/crypto/heimdal/kdc/kerberos4.h b/crypto/heimdal/kdc/kerberos4.h
deleted file mode 100644
index 5bf3c2bc5502..000000000000
--- a/crypto/heimdal/kdc/kerberos4.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kerberos4.h,v 1.2 1999/12/02 17:04:59 joda Exp $ */
-
-#ifndef __KERBEROS4_H__
-#define __KERBEROS4_H__
-
-hdb_entry* db_fetch4(const char *name,
-		     const char *instance,
-		     const char *realm);
-
-#endif /* __KERBEROS4_H__ */
diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c
deleted file mode 100644
index 232c3ad67787..000000000000
--- a/crypto/heimdal/kdc/kerberos5.c
+++ /dev/null
@@ -1,1847 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: kerberos5.c,v 1.145 2003/04/15 11:07:39 lha Exp $");
-
-#define MAX_TIME ((time_t)((1U << 31) - 1))
-
-static void
-fix_time(time_t **t)
-{
-    if(*t == NULL){
-	ALLOC(*t);
-	**t = MAX_TIME;
-    }
-    if(**t == 0) **t = MAX_TIME; /* fix for old clients */
-}
-
-static void
-set_salt_padata (METHOD_DATA **m, Salt *salt)
-{
-    if (salt) {
-	ALLOC(*m);
-	(*m)->len = 1;
-	ALLOC((*m)->val);
-	(*m)->val->padata_type = salt->type;
-	copy_octet_string(&salt->salt,
-			  &(*m)->val->padata_value);
-    }
-}
-
-static PA_DATA*
-find_padata(KDC_REQ *req, int *start, int type)
-{
-    while(*start < req->padata->len){
-	(*start)++;
-	if(req->padata->val[*start - 1].padata_type == type)
-	    return &req->padata->val[*start - 1];
-    }
-    return NULL;
-}
-
-/*
- * return the first appropriate key of `princ' in `ret_key'.  Look for
- * all the etypes in (`etypes', `len'), stopping as soon as we find
- * one, but preferring one that has default salt
- */
-
-static krb5_error_code
-find_etype(hdb_entry *princ, krb5_enctype *etypes, unsigned len, 
-	   Key **ret_key, krb5_enctype *ret_etype)
-{
-    int i;
-    krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
-
-    for(i = 0; ret != 0 && i < len ; i++) {
-	Key *key = NULL;
-
-	while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) {
-	    if (key->key.keyvalue.length == 0) {
-		ret = KRB5KDC_ERR_NULL_KEY;
-		continue;
-	    }
-	    *ret_key   = key;
-	    *ret_etype = etypes[i];
-	    ret = 0;
-	    if (key->salt == NULL)
-		return ret;
-	}
-    }
-    return ret;
-}
-
-static krb5_error_code
-find_keys(hdb_entry *client,
-	  hdb_entry *server, 
-	  Key **ckey,
-	  krb5_enctype *cetype,
-	  Key **skey,
-	  krb5_enctype *setype, 
-	  krb5_enctype *etypes,
-	  unsigned num_etypes)
-{
-    krb5_error_code ret;
-
-    if(client){
-	/* find client key */
-	ret = find_etype(client, etypes, num_etypes, ckey, cetype);
-	if (ret) {
-	    kdc_log(0, "Client has no support for etypes");
-	    return ret;
-	}
-    }
-
-    if(server){
-	/* find server key */
-	ret = find_etype(server, etypes, num_etypes, skey, setype);
-	if (ret) {
-	    kdc_log(0, "Server has no support for etypes");
-	    return ret;
-	}
-    }
-    return 0;
-}
-
-static krb5_error_code
-make_anonymous_principalname (PrincipalName *pn)
-{
-    pn->name_type = KRB5_NT_PRINCIPAL;
-    pn->name_string.len = 1;
-    pn->name_string.val = malloc(sizeof(*pn->name_string.val));
-    if (pn->name_string.val == NULL)
-	return ENOMEM;
-    pn->name_string.val[0] = strdup("anonymous");
-    if (pn->name_string.val[0] == NULL) {
-	free(pn->name_string.val);
-	pn->name_string.val = NULL;
-	return ENOMEM;
-    }
-    return 0;
-}
-
-static krb5_error_code
-encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, 
-	     krb5_enctype etype, 
-	     int skvno, EncryptionKey *skey,
-	     int ckvno, EncryptionKey *ckey,
-	     const char **e_text,
-	     krb5_data *reply)
-{
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-
-    ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
-    if(ret) {
-	kdc_log(0, "Failed to encode ticket: %s", 
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	return KRB5KRB_ERR_GENERIC;
-    }
-
-    ret = krb5_crypto_init(context, skey, etype, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_TICKET,
-				     buf,
-				     len,
-				     skvno,
-				     &rep->ticket.enc_part);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if(ret) {
-	kdc_log(0, "Failed to encrypt data: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    
-    if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep)
-	ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
-    else
-	ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
-    if(ret) {
-	kdc_log(0, "Failed to encode KDC-REP: %s", 
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	return KRB5KRB_ERR_GENERIC;
-    }
-    ret = krb5_crypto_init(context, ckey, 0, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(rep->msg_type == krb_as_rep) {
-	krb5_encrypt_EncryptedData(context,
-				   crypto,
-				   KRB5_KU_AS_REP_ENC_PART,
-				   buf,
-				   len,
-				   ckvno,
-				   &rep->enc_part);
-	free(buf);
-	ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
-    } else {
-	krb5_encrypt_EncryptedData(context,
-				   crypto,
-				   KRB5_KU_TGS_REP_ENC_PART_SESSION,
-				   buf,
-				   len,
-				   ckvno,
-				   &rep->enc_part);
-	free(buf);
-	ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
-    }
-    krb5_crypto_destroy(context, crypto);
-    if(ret) {
-	kdc_log(0, "Failed to encode KDC-REP: %s", 
-		krb5_get_err_text(context, ret));
-	return ret;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	return KRB5KRB_ERR_GENERIC;
-    }
-    reply->data = buf;
-    reply->length = buf_size;
-    return 0;
-}
-
-static int
-realloc_method_data(METHOD_DATA *md)
-{
-    PA_DATA *pa;
-    pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
-    if(pa == NULL)
-	return ENOMEM;
-    md->val = pa;
-    md->len++;
-    return 0;
-}
-
-static krb5_error_code
-make_etype_info_entry(ETYPE_INFO_ENTRY *ent, Key *key)
-{
-    ent->etype = key->key.keytype;
-    if(key->salt){
-	ALLOC(ent->salttype);
-#if 0
-	if(key->salt->type == hdb_pw_salt)
-	    *ent->salttype = 0; /* or 1? or NULL? */
-	else if(key->salt->type == hdb_afs3_salt)
-	    *ent->salttype = 2;
-	else {
-	    kdc_log(0, "unknown salt-type: %d", 
-		    key->salt->type);
-	    return KRB5KRB_ERR_GENERIC;
-	}
-	/* according to `the specs', we can't send a salt if
-	   we have AFS3 salted key, but that requires that you
-	   *know* what cell you are using (e.g by assuming
-	   that the cell is the same as the realm in lower
-	   case) */
-#else
-	*ent->salttype = key->salt->type;
-#endif
-	krb5_copy_data(context, &key->salt->salt,
-		       &ent->salt);
-    } else {
-	/* we return no salt type at all, as that should indicate
-	 * the default salt type and make everybody happy.  some
-	 * systems (like w2k) dislike being told the salt type
-	 * here. */
-
-	ent->salttype = NULL;
-	ent->salt = NULL;
-    }
-    return 0;
-}
-
-static krb5_error_code
-get_pa_etype_info(METHOD_DATA *md, hdb_entry *client, 
-		  ENCTYPE *etypes, unsigned int etypes_len)
-{
-    krb5_error_code ret = 0;
-    int i, j;
-    unsigned int n = 0;
-    ETYPE_INFO pa;
-    unsigned char *buf;
-    size_t len;
-    
-
-    pa.len = client->keys.len;
-    if(pa.len > UINT_MAX/sizeof(*pa.val))
-	return ERANGE;
-    pa.val = malloc(pa.len * sizeof(*pa.val));
-    if(pa.val == NULL)
-	return ENOMEM;
-
-    for(j = 0; j < etypes_len; j++) {
-	for(i = 0; i < client->keys.len; i++) {
-	    if(client->keys.val[i].key.keytype == etypes[j])
-		if((ret = make_etype_info_entry(&pa.val[n++], 
-						&client->keys.val[i])) != 0) {
-		    free_ETYPE_INFO(&pa);
-		    return ret;
-		}
-	}
-    }
-    for(i = 0; i < client->keys.len; i++) {
-	for(j = 0; j < etypes_len; j++) {
-	    if(client->keys.val[i].key.keytype == etypes[j])
-		goto skip;
-	}
-	if((ret = make_etype_info_entry(&pa.val[n++], 
-					&client->keys.val[i])) != 0) {
-	    free_ETYPE_INFO(&pa);
-	    return ret;
-	}
-      skip:;
-    }
-    
-    if(n != pa.len) {
-	char *name;
-	krb5_unparse_name(context, client->principal, &name);
-	kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d", 
-		name, n, pa.len);
-	free(name);
-	pa.len = n;
-    }
-
-    ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
-    free_ETYPE_INFO(&pa);
-    if(ret)
-	return ret;
-    ret = realloc_method_data(md);
-    if(ret) {
-	free(buf);
-	return ret;
-    }
-    md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
-    md->val[md->len - 1].padata_value.length = len;
-    md->val[md->len - 1].padata_value.data = buf;
-    return 0;
-}
-
-/*
- * verify the flags on `client' and `server', returning 0
- * if they are OK and generating an error messages and returning
- * and error code otherwise.
- */
-
-krb5_error_code
-check_flags(hdb_entry *client, const char *client_name,
-	    hdb_entry *server, const char *server_name,
-	    krb5_boolean is_as_req)
-{
-    if(client != NULL) {
-	/* check client */
-	if (client->flags.invalid) {
-	    kdc_log(0, "Client (%s) has invalid bit set", client_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-	
-	if(!client->flags.client){
-	    kdc_log(0, "Principal may not act as client -- %s", 
-		    client_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-	
-	if (client->valid_start && *client->valid_start > kdc_time) {
-	    kdc_log(0, "Client not yet valid -- %s", client_name);
-	    return KRB5KDC_ERR_CLIENT_NOTYET;
-	}
-	
-	if (client->valid_end && *client->valid_end < kdc_time) {
-	    kdc_log(0, "Client expired -- %s", client_name);
-	    return KRB5KDC_ERR_NAME_EXP;
-	}
-	
-	if (client->pw_end && *client->pw_end < kdc_time
-	    && !server->flags.change_pw) {
-	    kdc_log(0, "Client's key has expired -- %s", client_name);
-	    return KRB5KDC_ERR_KEY_EXPIRED;
-	}
-    }
-
-    /* check server */
-    
-    if (server != NULL) {
-	if (server->flags.invalid) {
-	    kdc_log(0, "Server has invalid flag set -- %s", server_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	if(!server->flags.server){
-	    kdc_log(0, "Principal may not act as server -- %s", 
-		    server_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	if(!is_as_req && server->flags.initial) {
-	    kdc_log(0, "AS-REQ is required for server -- %s", server_name);
-	    return KRB5KDC_ERR_POLICY;
-	}
-
-	if (server->valid_start && *server->valid_start > kdc_time) {
-	    kdc_log(0, "Server not yet valid -- %s", server_name);
-	    return KRB5KDC_ERR_SERVICE_NOTYET;
-	}
-
-	if (server->valid_end && *server->valid_end < kdc_time) {
-	    kdc_log(0, "Server expired -- %s", server_name);
-	    return KRB5KDC_ERR_SERVICE_EXP;
-	}
-
-	if (server->pw_end && *server->pw_end < kdc_time) {
-	    kdc_log(0, "Server's key has expired -- %s", server_name);
-	    return KRB5KDC_ERR_KEY_EXPIRED;
-	}
-    }
-    return 0;
-}
-
-/*
- * Return TRUE if `from' is part of `addresses' taking into consideration
- * the configuration variables that tells us how strict we should be about
- * these checks
- */
-
-static krb5_boolean
-check_addresses(HostAddresses *addresses, const struct sockaddr *from)
-{
-    krb5_error_code ret;
-    krb5_address addr;
-    krb5_boolean result;
-    
-    if(check_ticket_addresses == 0)
-	return TRUE;
-
-    if(addresses == NULL)
-	return allow_null_ticket_addresses;
-    
-    ret = krb5_sockaddr2address (context, from, &addr);
-    if(ret)
-	return FALSE;
-
-    result = krb5_address_search(context, &addr, addresses);
-    krb5_free_address (context, &addr);
-    return result;
-}
-
-krb5_error_code
-as_rep(KDC_REQ *req, 
-       krb5_data *reply,
-       const char *from,
-       struct sockaddr *from_addr)
-{
-    KDC_REQ_BODY *b = &req->req_body;
-    AS_REP rep;
-    KDCOptions f = b->kdc_options;
-    hdb_entry *client = NULL, *server = NULL;
-    krb5_enctype cetype, setype;
-    EncTicketPart et;
-    EncKDCRepPart ek;
-    krb5_principal client_princ, server_princ;
-    char *client_name, *server_name;
-    krb5_error_code ret = 0;
-    const char *e_text = NULL;
-    krb5_crypto crypto;
-    Key *ckey, *skey;
-
-    memset(&rep, 0, sizeof(rep));
-
-    if(b->sname == NULL){
-	server_name = "<unknown server>";
-	ret = KRB5KRB_ERR_GENERIC;
-	e_text = "No server in request";
-    } else{
-	principalname2krb5_principal (&server_princ, *(b->sname), b->realm);
-	krb5_unparse_name(context, server_princ, &server_name);
-    }
-    
-    if(b->cname == NULL){
-	client_name = "<unknown client>";
-	ret = KRB5KRB_ERR_GENERIC;
-	e_text = "No client in request";
-    } else {
-	principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
-	krb5_unparse_name(context, client_princ, &client_name);
-    }
-    kdc_log(0, "AS-REQ %s from %s for %s", 
-	    client_name, from, server_name);
-
-    if(ret)
-	goto out;
-
-    ret = db_fetch(client_princ, &client);
-    if(ret){
-	kdc_log(0, "UNKNOWN -- %s: %s", client_name,
-		krb5_get_err_text(context, ret));
-	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	goto out;
-    }
-
-    ret = db_fetch(server_princ, &server);
-    if(ret){
-	kdc_log(0, "UNKNOWN -- %s: %s", server_name,
-		krb5_get_err_text(context, ret));
-	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	goto out;
-    }
-
-    ret = check_flags(client, client_name, server, server_name, TRUE);
-    if(ret)
-	goto out;
-
-    memset(&et, 0, sizeof(et));
-    memset(&ek, 0, sizeof(ek));
-
-    if(req->padata){
-	int i = 0;
-	PA_DATA *pa;
-	int found_pa = 0;
-	kdc_log(5, "Looking for pa-data -- %s", client_name);
-	while((pa = find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){
-	    krb5_data ts_data;
-	    PA_ENC_TS_ENC p;
-	    time_t patime;
-	    size_t len;
-	    EncryptedData enc_data;
-	    Key *pa_key;
-	    
-	    found_pa = 1;
-	    
-	    ret = decode_EncryptedData(pa->padata_value.data,
-				       pa->padata_value.length,
-				       &enc_data,
-				       &len);
-	    if (ret) {
-		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		kdc_log(5, "Failed to decode PA-DATA -- %s", 
-			client_name);
-		goto out;
-	    }
-	    
-	    ret = hdb_enctype2key(context, client, enc_data.etype, &pa_key);
-	    if(ret){
-		char *estr;
-		e_text = "No key matches pa-data";
-		ret = KRB5KDC_ERR_PREAUTH_FAILED;
-		if(krb5_enctype_to_string(context, enc_data.etype, &estr))
-		    estr = NULL;
-		if(estr == NULL)
-		    kdc_log(5, "No client key matching pa-data (%d) -- %s", 
-			    enc_data.etype, client_name);
-		else
-		    kdc_log(5, "No client key matching pa-data (%s) -- %s", 
-			    estr, client_name);
-		free(estr);
-		    
-		free_EncryptedData(&enc_data);
-		continue;
-	    }
-
-	  try_next_key:
-	    ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
-	    if (ret) {
-		kdc_log(0, "krb5_crypto_init failed: %s",
-			krb5_get_err_text(context, ret));
-		free_EncryptedData(&enc_data);
-		continue;
-	    }
-
-	    ret = krb5_decrypt_EncryptedData (context,
-					      crypto,
-					      KRB5_KU_PA_ENC_TIMESTAMP,
-					      &enc_data,
-					      &ts_data);
-	    krb5_crypto_destroy(context, crypto);
-	    if(ret){
-		if(hdb_next_enctype2key(context, client, 
-					enc_data.etype, &pa_key) == 0)
-		    goto try_next_key;
-		free_EncryptedData(&enc_data);
-		e_text = "Failed to decrypt PA-DATA";
-		kdc_log (5, "Failed to decrypt PA-DATA -- %s",
-			 client_name);
-		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		continue;
-	    }
-	    free_EncryptedData(&enc_data);
-	    ret = decode_PA_ENC_TS_ENC(ts_data.data,
-				       ts_data.length,
-				       &p,
-				       &len);
-	    krb5_data_free(&ts_data);
-	    if(ret){
-		e_text = "Failed to decode PA-ENC-TS-ENC";
-		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		kdc_log (5, "Failed to decode PA-ENC-TS_ENC -- %s",
-			 client_name);
-		continue;
-	    }
-	    patime = p.patimestamp;
-	    free_PA_ENC_TS_ENC(&p);
-	    if (abs(kdc_time - p.patimestamp) > context->max_skew) {
-		ret = KRB5KDC_ERR_PREAUTH_FAILED;
-		e_text = "Too large time skew";
-		kdc_log(0, "Too large time skew -- %s", client_name);
-		goto out;
-	    }
-	    et.flags.pre_authent = 1;
-	    kdc_log(2, "Pre-authentication succeded -- %s", client_name);
-	    break;
-	}
-	if(found_pa == 0 && require_preauth)
-	    goto use_pa;
-	/* We come here if we found a pa-enc-timestamp, but if there
-           was some problem with it, other than too large skew */
-	if(found_pa && et.flags.pre_authent == 0){
-	    kdc_log(0, "%s -- %s", e_text, client_name);
-	    e_text = NULL;
-	    goto out;
-	}
-    }else if (require_preauth
-	      || client->flags.require_preauth
-	      || server->flags.require_preauth) {
-	METHOD_DATA method_data;
-	PA_DATA *pa;
-	unsigned char *buf;
-	size_t len;
-	krb5_data foo_data;
-
-      use_pa: 
-	method_data.len = 0;
-	method_data.val = NULL;
-
-	ret = realloc_method_data(&method_data);
-	pa = &method_data.val[method_data.len-1];
-	pa->padata_type		= KRB5_PADATA_ENC_TIMESTAMP;
-	pa->padata_value.length	= 0;
-	pa->padata_value.data	= NULL;
-
-	ret = get_pa_etype_info(&method_data, client, 
-				b->etype.val, b->etype.len); /* XXX check ret */
-	
-	ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
-	free_METHOD_DATA(&method_data);
-	foo_data.data   = buf;
-	foo_data.length = len;
-	
-	ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
-	krb5_mk_error(context,
-		      ret,
-		      "Need to use PA-ENC-TIMESTAMP",
-		      &foo_data,
-		      client_princ,
-		      server_princ,
-		      NULL,
-		      NULL,
-		      reply);
-	free(buf);
-	kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
-	ret = 0;
-	goto out2;
-    }
-    
-    ret = find_keys(client, server, &ckey, &cetype, &skey, &setype,
-		    b->etype.val, b->etype.len);
-    if(ret) {
-	kdc_log(0, "Server/client has no support for etypes");
-	goto out;
-    }
-	
-    {
-	char *cet;
-	char *set;
-
-	ret = krb5_enctype_to_string(context, cetype, &cet);
-	if(ret == 0) {
-	    ret = krb5_enctype_to_string(context, setype, &set);
-	    if (ret == 0) {
-		kdc_log(5, "Using %s/%s", cet, set);
-		free(set);
-	    }
-	    free(cet);
-	}
-	if (ret != 0)
-	    kdc_log(5, "Using e-types %d/%d", cetype, setype);
-    }
-    
-    {
-	char str[128];
-	unparse_flags(KDCOptions2int(f), KDCOptions_units, str, sizeof(str));
-	if(*str)
-	    kdc_log(2, "Requested flags: %s", str);
-    }
-    
-
-    if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
-       || (f.request_anonymous && !allow_anonymous)) {
-	ret = KRB5KDC_ERR_BADOPTION;
-	kdc_log(0, "Bad KDC options -- %s", client_name);
-	goto out;
-    }
-    
-    rep.pvno = 5;
-    rep.msg_type = krb_as_rep;
-    copy_Realm(&b->realm, &rep.crealm);
-    if (f.request_anonymous)
-	make_anonymous_principalname (&rep.cname);
-    else
-	copy_PrincipalName(b->cname, &rep.cname);
-    rep.ticket.tkt_vno = 5;
-    copy_Realm(&b->realm, &rep.ticket.realm);
-    copy_PrincipalName(b->sname, &rep.ticket.sname);
-
-    et.flags.initial = 1;
-    if(client->flags.forwardable && server->flags.forwardable)
-	et.flags.forwardable = f.forwardable;
-    else if (f.forwardable) {
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(0, "Ticket may not be forwardable -- %s", client_name);
-	goto out;
-    }
-    if(client->flags.proxiable && server->flags.proxiable)
-	et.flags.proxiable = f.proxiable;
-    else if (f.proxiable) {
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(0, "Ticket may not be proxiable -- %s", client_name);
-	goto out;
-    }
-    if(client->flags.postdate && server->flags.postdate)
-	et.flags.may_postdate = f.allow_postdate;
-    else if (f.allow_postdate){
-	ret = KRB5KDC_ERR_POLICY;
-	kdc_log(0, "Ticket may not be postdatable -- %s", client_name);
-	goto out;
-    }
-
-    /* check for valid set of addresses */
-    if(!check_addresses(b->addresses, from_addr)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	kdc_log(0, "Bad address list requested -- %s", client_name);
-	goto out;
-    }
-
-    krb5_generate_random_keyblock(context, setype, &et.key);
-    copy_PrincipalName(&rep.cname, &et.cname);
-    copy_Realm(&b->realm, &et.crealm);
-    
-    {
-	time_t start;
-	time_t t;
-	
-	start = et.authtime = kdc_time;
-    
-	if(f.postdated && req->req_body.from){
-	    ALLOC(et.starttime);
-	    start = *et.starttime = *req->req_body.from;
-	    et.flags.invalid = 1;
-	    et.flags.postdated = 1; /* XXX ??? */
-	}
-	fix_time(&b->till);
-	t = *b->till;
-
-	/* be careful not overflowing */
-
-	if(client->max_life)
-	    t = start + min(t - start, *client->max_life);
-	if(server->max_life)
-	    t = start + min(t - start, *server->max_life);
-#if 0
-	t = min(t, start + realm->max_life);
-#endif
-	et.endtime = t;
-	if(f.renewable_ok && et.endtime < *b->till){
-	    f.renewable = 1;
-	    if(b->rtime == NULL){
-		ALLOC(b->rtime);
-		*b->rtime = 0;
-	    }
-	    if(*b->rtime < *b->till)
-		*b->rtime = *b->till;
-	}
-	if(f.renewable && b->rtime){
-	    t = *b->rtime;
-	    if(t == 0)
-		t = MAX_TIME;
-	    if(client->max_renew)
-		t = start + min(t - start, *client->max_renew);
-	    if(server->max_renew)
-		t = start + min(t - start, *server->max_renew);
-#if 0
-	    t = min(t, start + realm->max_renew);
-#endif
-	    ALLOC(et.renew_till);
-	    *et.renew_till = t;
-	    et.flags.renewable = 1;
-	}
-    }
-
-    if (f.request_anonymous)
-	et.flags.anonymous = 1;
-    
-    if(b->addresses){
-	ALLOC(et.caddr);
-	copy_HostAddresses(b->addresses, et.caddr);
-    }
-    
-    {
-	krb5_data empty_string;
-      
-	krb5_data_zero(&empty_string); 
-	et.transited.tr_type = DOMAIN_X500_COMPRESS;
-	et.transited.contents = empty_string;
-    }
-     
-    copy_EncryptionKey(&et.key, &ek.key);
-
-    /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
-     * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
-     * incapable of correctly decoding SEQUENCE OF's of zero length.
-     *
-     * To fix this, always send at least one no-op last_req
-     *
-     * If there's a pw_end or valid_end we will use that,
-     * otherwise just a dummy lr.
-     */
-    ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val));
-    ek.last_req.len = 0;
-    if (client->pw_end
-	&& (kdc_warn_pwexpire == 0
-	    || kdc_time + kdc_warn_pwexpire <= *client->pw_end)) {
-	ek.last_req.val[ek.last_req.len].lr_type  = LR_PW_EXPTIME;
-	ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end;
-	++ek.last_req.len;
-    }
-    if (client->valid_end) {
-	ek.last_req.val[ek.last_req.len].lr_type  = LR_ACCT_EXPTIME;
-	ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end;
-	++ek.last_req.len;
-    }
-    if (ek.last_req.len == 0) {
-	ek.last_req.val[ek.last_req.len].lr_type  = LR_NONE;
-	ek.last_req.val[ek.last_req.len].lr_value = 0;
-	++ek.last_req.len;
-    }
-    ek.nonce = b->nonce;
-    if (client->valid_end || client->pw_end) {
-	ALLOC(ek.key_expiration);
-	if (client->valid_end) {
-	    if (client->pw_end)
-		*ek.key_expiration = min(*client->valid_end, *client->pw_end);
-	    else
-		*ek.key_expiration = *client->valid_end;
-	} else
-	    *ek.key_expiration = *client->pw_end;
-    } else
-	ek.key_expiration = NULL;
-    ek.flags = et.flags;
-    ek.authtime = et.authtime;
-    if (et.starttime) {
-	ALLOC(ek.starttime);
-	*ek.starttime = *et.starttime;
-    }
-    ek.endtime = et.endtime;
-    if (et.renew_till) {
-	ALLOC(ek.renew_till);
-	*ek.renew_till = *et.renew_till;
-    }
-    copy_Realm(&rep.ticket.realm, &ek.srealm);
-    copy_PrincipalName(&rep.ticket.sname, &ek.sname);
-    if(et.caddr){
-	ALLOC(ek.caddr);
-	copy_HostAddresses(et.caddr, ek.caddr);
-    }
-
-    set_salt_padata (&rep.padata, ckey->salt);
-    ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key,
-		       client->kvno, &ckey->key, &e_text, reply);
-    free_EncTicketPart(&et);
-    free_EncKDCRepPart(&ek);
-  out:
-    free_AS_REP(&rep);
-    if(ret){
-	krb5_mk_error(context,
-		      ret,
-		      e_text,
-		      NULL,
-		      client_princ,
-		      server_princ,
-		      NULL,
-		      NULL,
-		      reply);
-	ret = 0;
-    }
-  out2:
-    krb5_free_principal(context, client_princ);
-    free(client_name);
-    krb5_free_principal(context, server_princ);
-    free(server_name);
-    if(client)
-	free_ent(client);
-    if(server)
-	free_ent(server);
-    return ret;
-}
-
-
-static krb5_error_code
-check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
-{
-    KDCOptions f = b->kdc_options;
-	
-    if(f.validate){
-	if(!tgt->flags.invalid || tgt->starttime == NULL){
-	    kdc_log(0, "Bad request to validate ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	if(*tgt->starttime > kdc_time){
-	    kdc_log(0, "Early request to validate ticket");
-	    return KRB5KRB_AP_ERR_TKT_NYV;
-	}
-	/* XXX  tkt = tgt */
-	et->flags.invalid = 0;
-    }else if(tgt->flags.invalid){
-	kdc_log(0, "Ticket-granting ticket has INVALID flag set");
-	return KRB5KRB_AP_ERR_TKT_INVALID;
-    }
-
-    if(f.forwardable){
-	if(!tgt->flags.forwardable){
-	    kdc_log(0, "Bad request for forwardable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.forwardable = 1;
-    }
-    if(f.forwarded){
-	if(!tgt->flags.forwardable){
-	    kdc_log(0, "Request to forward non-forwardable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.forwarded = 1;
-	et->caddr = b->addresses;
-    }
-    if(tgt->flags.forwarded)
-	et->flags.forwarded = 1;
-	
-    if(f.proxiable){
-	if(!tgt->flags.proxiable){
-	    kdc_log(0, "Bad request for proxiable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.proxiable = 1;
-    }
-    if(f.proxy){
-	if(!tgt->flags.proxiable){
-	    kdc_log(0, "Request to proxy non-proxiable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.proxy = 1;
-	et->caddr = b->addresses;
-    }
-    if(tgt->flags.proxy)
-	et->flags.proxy = 1;
-
-    if(f.allow_postdate){
-	if(!tgt->flags.may_postdate){
-	    kdc_log(0, "Bad request for post-datable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.may_postdate = 1;
-    }
-    if(f.postdated){
-	if(!tgt->flags.may_postdate){
-	    kdc_log(0, "Bad request for postdated ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	if(b->from)
-	    *et->starttime = *b->from;
-	et->flags.postdated = 1;
-	et->flags.invalid = 1;
-    }else if(b->from && *b->from > kdc_time + context->max_skew){
-	kdc_log(0, "Ticket cannot be postdated");
-	return KRB5KDC_ERR_CANNOT_POSTDATE;
-    }
-
-    if(f.renewable){
-	if(!tgt->flags.renewable){
-	    kdc_log(0, "Bad request for renewable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	et->flags.renewable = 1;
-	ALLOC(et->renew_till);
-	fix_time(&b->rtime);
-	*et->renew_till = *b->rtime;
-    }
-    if(f.renew){
-	time_t old_life;
-	if(!tgt->flags.renewable || tgt->renew_till == NULL){
-	    kdc_log(0, "Request to renew non-renewable ticket");
-	    return KRB5KDC_ERR_BADOPTION;
-	}
-	old_life = tgt->endtime;
-	if(tgt->starttime)
-	    old_life -= *tgt->starttime;
-	else
-	    old_life -= tgt->authtime;
-	et->endtime = *et->starttime + old_life;
-	if (et->renew_till != NULL)
-	    et->endtime = min(*et->renew_till, et->endtime);
-    }	    
-    
-    /* checks for excess flags */
-    if(f.request_anonymous && !allow_anonymous){
-	kdc_log(0, "Request for anonymous ticket");
-	return KRB5KDC_ERR_BADOPTION;
-    }
-    return 0;
-}
-
-static krb5_error_code
-fix_transited_encoding(TransitedEncoding *tr, 
-		       const char *client_realm, 
-		       const char *server_realm, 
-		       const char *tgt_realm)
-{
-    krb5_error_code ret = 0;
-    if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)){
-	char **realms = NULL, **tmp;
-	int num_realms = 0;
-	int i;
-	if(tr->tr_type && tr->contents.length != 0) {
-	    if(tr->tr_type != DOMAIN_X500_COMPRESS){
-		kdc_log(0, "Unknown transited type: %u", 
-			tr->tr_type);
-		return KRB5KDC_ERR_TRTYPE_NOSUPP;
-	    }
-	    ret = krb5_domain_x500_decode(context, 
-					  tr->contents,
-					  &realms, 
-					  &num_realms,
-					  client_realm,
-					  server_realm);
-	    if(ret){
-		krb5_warn(context, ret, "Decoding transited encoding");
-		return ret;
-	    }
-	}
-	if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
-	    ret = ERANGE;
-	    goto free_realms;
-	}
-	tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
-	if(tmp == NULL){
-	    ret = ENOMEM;
-	    goto free_realms;
-	}
-	realms = tmp;
-	realms[num_realms] = strdup(tgt_realm);
-	if(realms[num_realms] == NULL){
-	    ret = ENOMEM;
-	    goto free_realms;
-	}
-	num_realms++;
-	free_TransitedEncoding(tr);
-	tr->tr_type = DOMAIN_X500_COMPRESS;
-	ret = krb5_domain_x500_encode(realms, num_realms, &tr->contents);
-	if(ret)
-	    krb5_warn(context, ret, "Encoding transited encoding");
-    free_realms:
-	for(i = 0; i < num_realms; i++)
-	    free(realms[i]);
-	free(realms);
-    }
-    return ret;
-}
-
-
-static krb5_error_code
-tgs_make_reply(KDC_REQ_BODY *b, 
-	       EncTicketPart *tgt, 
-	       EncTicketPart *adtkt, 
-	       AuthorizationData *auth_data,
-	       hdb_entry *server, 
-	       hdb_entry *client, 
-	       krb5_principal client_principal, 
-	       hdb_entry *krbtgt,
-	       krb5_enctype cetype,
-	       const char **e_text,
-	       krb5_data *reply)
-{
-    KDC_REP rep;
-    EncKDCRepPart ek;
-    EncTicketPart et;
-    KDCOptions f = b->kdc_options;
-    krb5_error_code ret;
-    krb5_enctype etype;
-    Key *skey;
-    EncryptionKey *ekey;
-    
-    if(adtkt) {
-	int i;
-	krb5_keytype kt;
-	ekey = &adtkt->key;
-	for(i = 0; i < b->etype.len; i++){
-	    ret = krb5_enctype_to_keytype(context, b->etype.val[i], &kt);
-	    if(ret)
-		continue;
-	    if(adtkt->key.keytype == kt)
-		break;
-	}
-	if(i == b->etype.len)
-	    return KRB5KDC_ERR_ETYPE_NOSUPP;
-	etype = b->etype.val[i];
-    }else{
-	ret = find_keys(NULL, server, NULL, NULL, &skey, &etype, 
-			b->etype.val, b->etype.len);
-	if(ret) {
-	    kdc_log(0, "Server has no support for etypes");
-	    return ret;
-	}
-	ekey = &skey->key;
-    }
-    
-    memset(&rep, 0, sizeof(rep));
-    memset(&et, 0, sizeof(et));
-    memset(&ek, 0, sizeof(ek));
-    
-    rep.pvno = 5;
-    rep.msg_type = krb_tgs_rep;
-
-    et.authtime = tgt->authtime;
-    fix_time(&b->till);
-    et.endtime = min(tgt->endtime, *b->till);
-    ALLOC(et.starttime);
-    *et.starttime = kdc_time;
-    
-    ret = check_tgs_flags(b, tgt, &et);
-    if(ret)
-	goto out;
-
-    copy_TransitedEncoding(&tgt->transited, &et.transited);
-    ret = fix_transited_encoding(&et.transited,
-				 *krb5_princ_realm(context, client_principal),
-				 *krb5_princ_realm(context, server->principal),
-				 *krb5_princ_realm(context, krbtgt->principal));
-    if(ret)
-	goto out;
-
-    copy_Realm(krb5_princ_realm(context, server->principal), 
-	       &rep.ticket.realm);
-    krb5_principal2principalname(&rep.ticket.sname, server->principal);
-    copy_Realm(&tgt->crealm, &rep.crealm);
-    if (f.request_anonymous)
-	make_anonymous_principalname (&tgt->cname);
-    else
-	copy_PrincipalName(&tgt->cname, &rep.cname);
-    rep.ticket.tkt_vno = 5;
-
-    ek.caddr = et.caddr;
-    if(et.caddr == NULL)
-	et.caddr = tgt->caddr;
-
-    {
-	time_t life;
-	life = et.endtime - *et.starttime;
-	if(client && client->max_life)
-	    life = min(life, *client->max_life);
-	if(server->max_life)
-	    life = min(life, *server->max_life);
-	et.endtime = *et.starttime + life;
-    }
-    if(f.renewable_ok && tgt->flags.renewable && 
-       et.renew_till == NULL && et.endtime < *b->till){
-	et.flags.renewable = 1;
-	ALLOC(et.renew_till);
-	*et.renew_till = *b->till;
-    }
-    if(et.renew_till){
-	time_t renew;
-	renew = *et.renew_till - et.authtime;
-	if(client && client->max_renew)
-	    renew = min(renew, *client->max_renew);
-	if(server->max_renew)
-	    renew = min(renew, *server->max_renew);
-	*et.renew_till = et.authtime + renew;
-    }
-	    
-    if(et.renew_till){
-	*et.renew_till = min(*et.renew_till, *tgt->renew_till);
-	*et.starttime = min(*et.starttime, *et.renew_till);
-	et.endtime = min(et.endtime, *et.renew_till);
-    }
-    
-    *et.starttime = min(*et.starttime, et.endtime);
-
-    if(*et.starttime == et.endtime){
-	ret = KRB5KDC_ERR_NEVER_VALID;
-	goto out;
-    }
-    if(et.renew_till && et.endtime == *et.renew_till){
-	free(et.renew_till);
-	et.renew_till = NULL;
-	et.flags.renewable = 0;
-    }
-    
-    et.flags.pre_authent = tgt->flags.pre_authent;
-    et.flags.hw_authent  = tgt->flags.hw_authent;
-    et.flags.anonymous   = tgt->flags.anonymous;
-	    
-    /* XXX Check enc-authorization-data */
-    et.authorization_data = auth_data;
-
-    krb5_generate_random_keyblock(context, etype, &et.key);
-    et.crealm = tgt->crealm;
-    et.cname = tgt->cname;
-	    
-    ek.key = et.key;
-    /* MIT must have at least one last_req */
-    ek.last_req.len = 1;
-    ek.last_req.val = calloc(1, sizeof(*ek.last_req.val));
-    ek.nonce = b->nonce;
-    ek.flags = et.flags;
-    ek.authtime = et.authtime;
-    ek.starttime = et.starttime;
-    ek.endtime = et.endtime;
-    ek.renew_till = et.renew_till;
-    ek.srealm = rep.ticket.realm;
-    ek.sname = rep.ticket.sname;
-	    
-    /* It is somewhat unclear where the etype in the following
-       encryption should come from. What we have is a session
-       key in the passed tgt, and a list of preferred etypes
-       *for the new ticket*. Should we pick the best possible
-       etype, given the keytype in the tgt, or should we look
-       at the etype list here as well?  What if the tgt
-       session key is DES3 and we want a ticket with a (say)
-       CAST session key. Should the DES3 etype be added to the
-       etype list, even if we don't want a session key with
-       DES3? */
-    ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
-		       0, &tgt->key, e_text, reply);
-out:
-    free_TGS_REP(&rep);
-    free_TransitedEncoding(&et.transited);
-    if(et.starttime)
-	free(et.starttime);
-    if(et.renew_till)
-	free(et.renew_till);
-    free_LastReq(&ek.last_req);
-    memset(et.key.keyvalue.data, 0, et.key.keyvalue.length);
-    free_EncryptionKey(&et.key);
-    return ret;
-}
-
-static krb5_error_code
-tgs_check_authenticator(krb5_auth_context ac,
-			KDC_REQ_BODY *b, 
-			const char **e_text,
-			krb5_keyblock *key)
-{
-    krb5_authenticator auth;
-    size_t len;
-    unsigned char *buf;
-    size_t buf_size;
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    
-    krb5_auth_con_getauthenticator(context, ac, &auth);
-    if(auth->cksum == NULL){
-	kdc_log(0, "No authenticator in request");
-	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
-	goto out;
-    }
-    /*
-     * according to RFC1510 it doesn't need to be keyed,
-     * but according to the latest draft it needs to.
-     */
-    if (
-#if 0
-!krb5_checksum_is_keyed(context, auth->cksum->cksumtype)
-	||
-#endif
- !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) {
-	kdc_log(0, "Bad checksum type in authenticator: %d", 
-		auth->cksum->cksumtype);
-	ret =  KRB5KRB_AP_ERR_INAPP_CKSUM;
-	goto out;
-    }
-		
-    /* XXX should not re-encode this */
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
-    if(ret){
-	kdc_log(0, "Failed to encode KDC-REQ-BODY: %s", 
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-    if(buf_size != len) {
-	free(buf);
-	kdc_log(0, "Internal error in ASN.1 encoder");
-	*e_text = "KDC internal error";
-	ret = KRB5KRB_ERR_GENERIC;
-	goto out;
-    }
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	kdc_log(0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
-	goto out;
-    }
-    ret = krb5_verify_checksum(context,
-			       crypto,
-			       KRB5_KU_TGS_REQ_AUTH_CKSUM,
-			       buf, 
-			       len,
-			       auth->cksum);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if(ret){
-	kdc_log(0, "Failed to verify checksum: %s", 
-		krb5_get_err_text(context, ret));
-    }
-out:
-    free_Authenticator(auth);
-    free(auth);
-    return ret;
-}
-
-/*
- * return the realm of a krbtgt-ticket or NULL
- */
-
-static Realm 
-get_krbtgt_realm(const PrincipalName *p)
-{
-    if(p->name_string.len == 2
-       && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0)
-	return p->name_string.val[1];
-    else
-	return NULL;
-}
-
-static Realm
-find_rpath(Realm r)
-{
-    const char *new_realm = krb5_config_get_string(context,
-						   NULL,
-						   "libdefaults", 
-						   "capath", 
-						   r, 
-						   NULL);
-    return (Realm)new_realm;
-}
-	    
-
-static krb5_boolean
-need_referral(krb5_principal server, krb5_realm **realms)
-{
-    if(server->name.name_type != KRB5_NT_SRV_INST ||
-       server->name.name_string.len != 2)
-	return FALSE;
- 
-    return krb5_get_host_realm_int(context, server->name.name_string.val[1],
-				   FALSE, realms) == 0;
-}
-
-static krb5_error_code
-tgs_rep2(KDC_REQ_BODY *b,
-	 PA_DATA *tgs_req,
-	 krb5_data *reply,
-	 const char *from,
-	 const struct sockaddr *from_addr,
-	 time_t **csec,
-	 int **cusec)
-{
-    krb5_ap_req ap_req;
-    krb5_error_code ret;
-    krb5_principal princ;
-    krb5_auth_context ac = NULL;
-    krb5_ticket *ticket = NULL;
-    krb5_flags ap_req_options;
-    krb5_flags verify_ap_req_flags;
-    const char *e_text = NULL;
-    krb5_crypto crypto;
-
-    hdb_entry *krbtgt = NULL;
-    EncTicketPart *tgt;
-    Key *tkey;
-    krb5_enctype cetype;
-    krb5_principal cp = NULL;
-    krb5_principal sp = NULL;
-    AuthorizationData *auth_data = NULL;
-
-    *csec  = NULL;
-    *cusec = NULL;
-
-    memset(&ap_req, 0, sizeof(ap_req));
-    ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req);
-    if(ret){
-	kdc_log(0, "Failed to decode AP-REQ: %s", 
-		krb5_get_err_text(context, ret));
-	goto out2;
-    }
-    
-    if(!get_krbtgt_realm(&ap_req.ticket.sname)){
-	/* XXX check for ticket.sname == req.sname */
-	kdc_log(0, "PA-DATA is not a ticket-granting ticket");
-	ret = KRB5KDC_ERR_POLICY; /* ? */
-	goto out2;
-    }
-    
-    principalname2krb5_principal(&princ,
-				 ap_req.ticket.sname,
-				 ap_req.ticket.realm);
-    
-    ret = db_fetch(princ, &krbtgt);
-
-    if(ret) {
-	char *p;
-	krb5_unparse_name(context, princ, &p);
-	krb5_free_principal(context, princ);
-	kdc_log(0, "Ticket-granting ticket not found in database: %s: %s",
-		p, krb5_get_err_text(context, ret));
-	free(p);
-	ret = KRB5KRB_AP_ERR_NOT_US;
-	goto out2;
-    }
-    
-    if(ap_req.ticket.enc_part.kvno && 
-       *ap_req.ticket.enc_part.kvno != krbtgt->kvno){
-	char *p;
-
-	krb5_unparse_name (context, princ, &p);
-	krb5_free_principal(context, princ);
-	kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)", 
-		*ap_req.ticket.enc_part.kvno,
-		krbtgt->kvno,
-		p);
-	free (p);
-	ret = KRB5KRB_AP_ERR_BADKEYVER;
-	goto out2;
-    }
-
-    ret = hdb_enctype2key(context, krbtgt, ap_req.ticket.enc_part.etype, &tkey);
-    if(ret){
-	char *str;
-	krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str);
-	kdc_log(0, "No server key found for %s", str);
-	free(str);
-	ret = KRB5KRB_AP_ERR_BADKEYVER;
-	goto out2;
-    }
-    
-    if (b->kdc_options.validate)
-	verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID;
-    else
-	verify_ap_req_flags = 0;
-
-    ret = krb5_verify_ap_req2(context,
-			      &ac,
-			      &ap_req,
-			      princ,
-			      &tkey->key,
-			      verify_ap_req_flags,
-			      &ap_req_options,
-			      &ticket,
-			      KRB5_KU_TGS_REQ_AUTH);
-			     
-    krb5_free_principal(context, princ);
-    if(ret) {
-	kdc_log(0, "Failed to verify AP-REQ: %s", 
-		krb5_get_err_text(context, ret));
-	goto out2;
-    }
-
-    {
-	krb5_authenticator auth;
-
-	ret = krb5_auth_con_getauthenticator(context, ac, &auth);
-	if (ret == 0) {
-	    *csec   = malloc(sizeof(**csec));
-	    if (*csec == NULL) {
-		krb5_free_authenticator(context, &auth);
-		kdc_log(0, "malloc failed");
-		goto out2;
-	    }
-	    **csec  = auth->ctime;
-	    *cusec  = malloc(sizeof(**cusec));
-	    if (*cusec == NULL) {
-		krb5_free_authenticator(context, &auth);
-		kdc_log(0, "malloc failed");
-		goto out2;
-	    }
-	    **csec  = auth->cusec;
-	    krb5_free_authenticator(context, &auth);
-	}
-    }
-
-    cetype = ap_req.authenticator.etype;
-
-    tgt = &ticket->ticket;
-
-    ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key);
-
-    if (b->enc_authorization_data) {
-	krb5_keyblock *subkey;
-	krb5_data ad;
-	ret = krb5_auth_con_getremotesubkey(context,
-					    ac,
-					    &subkey);
-	if(ret){
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(0, "Failed to get remote subkey: %s", 
-		    krb5_get_err_text(context, ret));
-	    goto out2;
-	}
-	if(subkey == NULL){
-	    ret = krb5_auth_con_getkey(context, ac, &subkey);
-	    if(ret) {
-		krb5_auth_con_free(context, ac);
-		kdc_log(0, "Failed to get session key: %s", 
-			krb5_get_err_text(context, ret));
-		goto out2;
-	    }
-	}
-	if(subkey == NULL){
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(0, "Failed to get key for enc-authorization-data");
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out2;
-	}
-	ret = krb5_crypto_init(context, subkey, 0, &crypto);
-	if (ret) {
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(0, "krb5_crypto_init failed: %s",
-		    krb5_get_err_text(context, ret));
-	    goto out2;
-	}
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY,
-					  b->enc_authorization_data,
-					  &ad);
-	krb5_crypto_destroy(context, crypto);
-	if(ret){
-	    krb5_auth_con_free(context, ac);
-	    kdc_log(0, "Failed to decrypt enc-authorization-data");
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out2;
-	}
-	krb5_free_keyblock(context, subkey);
-	ALLOC(auth_data);
-	ret = decode_AuthorizationData(ad.data, ad.length, auth_data, NULL);
-	if(ret){
-	    krb5_auth_con_free(context, ac);
-	    free(auth_data);
-	    auth_data = NULL;
-	    kdc_log(0, "Failed to decode authorization data");
-	    ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
-	    goto out2;
-	}
-    }
-
-    krb5_auth_con_free(context, ac);
-
-    if(ret){
-	kdc_log(0, "Failed to verify authenticator: %s", 
-		krb5_get_err_text(context, ret));
-	goto out2;
-    }
-    
-    {
-	PrincipalName *s;
-	Realm r;
-	char *spn = NULL, *cpn = NULL;
-	hdb_entry *server = NULL, *client = NULL;
-	int loop = 0;
-	EncTicketPart adtkt;
-	char opt_str[128];
-
-	s = b->sname;
-	r = b->realm;
-	if(b->kdc_options.enc_tkt_in_skey){
-	    Ticket *t;
-	    hdb_entry *uu;
-	    krb5_principal p;
-	    Key *tkey;
-	    
-	    if(b->additional_tickets == NULL || 
-	       b->additional_tickets->len == 0){
-		ret = KRB5KDC_ERR_BADOPTION; /* ? */
-		kdc_log(0, "No second ticket present in request");
-		goto out;
-	    }
-	    t = &b->additional_tickets->val[0];
-	    if(!get_krbtgt_realm(&t->sname)){
-		kdc_log(0, "Additional ticket is not a ticket-granting ticket");
-		ret = KRB5KDC_ERR_POLICY;
-		goto out2;
-	    }
-	    principalname2krb5_principal(&p, t->sname, t->realm);
-	    ret = db_fetch(p, &uu);
-	    krb5_free_principal(context, p);
-	    if(ret){
-		if (ret == HDB_ERR_NOENTRY)
-		    ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-		goto out;
-	    }
-	    ret = hdb_enctype2key(context, uu, t->enc_part.etype, &tkey);
-	    if(ret){
-		ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
-		goto out;
-	    }
-	    ret = krb5_decrypt_ticket(context, t, &tkey->key, &adtkt, 0);
-
-	    if(ret)
-		goto out;
-	    s = &adtkt.cname;
-	    r = adtkt.crealm;
-	}
-
-	principalname2krb5_principal(&sp, *s, r);
-	krb5_unparse_name(context, sp, &spn);	
-	principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
-	krb5_unparse_name(context, cp, &cpn);
-	unparse_flags (KDCOptions2int(b->kdc_options), KDCOptions_units,
-		       opt_str, sizeof(opt_str));
-	if(*opt_str)
-	    kdc_log(0, "TGS-REQ %s from %s for %s [%s]", 
-		    cpn, from, spn, opt_str);
-	else
-	    kdc_log(0, "TGS-REQ %s from %s for %s", cpn, from, spn);
-    server_lookup:
-	ret = db_fetch(sp, &server);
-
-	if(ret){
-	    Realm req_rlm, new_rlm;
-	    krb5_realm *realms;
-
-	    if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
-		if(loop++ < 2) {
-		    new_rlm = find_rpath(req_rlm);
-		    if(new_rlm) {
-			kdc_log(5, "krbtgt for realm %s not found, trying %s", 
-				req_rlm, new_rlm);
-			krb5_free_principal(context, sp);
-			free(spn);
-			krb5_make_principal(context, &sp, r, 
-					    KRB5_TGS_NAME, new_rlm, NULL);
-			krb5_unparse_name(context, sp, &spn);	
-			goto server_lookup;
-		    }
-		}
-	    } else if(need_referral(sp, &realms)) {
-		if (strcmp(realms[0], sp->realm) != 0) {
-		    kdc_log(5, "returning a referral to realm %s for "
-			    "server %s that was not found",
-			    realms[0], spn);
-		    krb5_free_principal(context, sp);
-		    free(spn);
-		    krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
-					realms[0], NULL);
-		    krb5_unparse_name(context, sp, &spn);
-		    krb5_free_host_realm(context, realms);
-		    goto server_lookup;
-		}
-		krb5_free_host_realm(context, realms);
-	    }
-	    kdc_log(0, "Server not found in database: %s: %s", spn,
-		    krb5_get_err_text(context, ret));
-	    if (ret == HDB_ERR_NOENTRY)
-		ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	    goto out;
-	}
-
-	ret = db_fetch(cp, &client);
-	if(ret)
-	    kdc_log(1, "Client not found in database: %s: %s",
-		    cpn, krb5_get_err_text(context, ret));
-#if 0
-	/* XXX check client only if same realm as krbtgt-instance */
-	if(ret){
-	    kdc_log(0, "Client not found in database: %s: %s",
-		    cpn, krb5_get_err_text(context, ret));
-	    if (ret == HDB_ERR_NOENTRY)
-		ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	    goto out;
-	}
-#endif
-
-	ret = check_flags(client, cpn, server, spn, FALSE);
-	if(ret)
-	    goto out;
-
-	if((b->kdc_options.validate || b->kdc_options.renew) && 
-	   !krb5_principal_compare(context, 
-				   krbtgt->principal,
-				   server->principal)){
-	    kdc_log(0, "Inconsistent request.");
-	    ret = KRB5KDC_ERR_SERVER_NOMATCH;
-	    goto out;
-	}
-
-	/* check for valid set of addresses */
-	if(!check_addresses(tgt->caddr, from_addr)) {
-	    ret = KRB5KRB_AP_ERR_BADADDR;
-	    kdc_log(0, "Request from wrong address");
-	    goto out;
-	}
-	
-	ret = tgs_make_reply(b, 
-			     tgt, 
-			     b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, 
-			     auth_data,
-			     server, 
-			     client, 
-			     cp, 
-			     krbtgt, 
-			     cetype, 
-			     &e_text,
-			     reply);
-	
-    out:
-	free(spn);
-	free(cpn);
-	    
-	if(server)
-	    free_ent(server);
-	if(client)
-	    free_ent(client);
-    }
-out2:
-    if(ret) {
-	krb5_mk_error(context,
-		      ret,
-		      e_text,
-		      NULL,
-		      cp,
-		      sp,
-		      NULL,
-		      NULL,
-		      reply);
-	free(*csec);
-	free(*cusec);
-	*csec  = NULL;
-	*cusec = NULL;
-    }
-    krb5_free_principal(context, cp);
-    krb5_free_principal(context, sp);
-    if (ticket) {
-	krb5_free_ticket(context, ticket);
-	free(ticket);
-    }
-    free_AP_REQ(&ap_req);
-    if(auth_data){
-	free_AuthorizationData(auth_data);
-	free(auth_data);
-    }
-
-    if(krbtgt)
-	free_ent(krbtgt);
-
-    return ret;
-}
-
-
-krb5_error_code
-tgs_rep(KDC_REQ *req, 
-	krb5_data *data,
-	const char *from,
-	struct sockaddr *from_addr)
-{
-    krb5_error_code ret;
-    int i = 0;
-    PA_DATA *tgs_req = NULL;
-    time_t *csec = NULL;
-    int *cusec = NULL;
-
-    if(req->padata == NULL){
-	ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
-	kdc_log(0, "TGS-REQ from %s without PA-DATA", from);
-	goto out;
-    }
-    
-    tgs_req = find_padata(req, &i, KRB5_PADATA_TGS_REQ);
-
-    if(tgs_req == NULL){
-	ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-	
-	kdc_log(0, "TGS-REQ from %s without PA-TGS-REQ", from);
-	goto out;
-    }
-    ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr,
-		   &csec, &cusec);
-out:
-    if(ret && data->data == NULL){
-	krb5_mk_error(context,
-		      ret,
-		      NULL,
-		      NULL,
-		      NULL,
-		      NULL,
-		      csec,
-		      cusec,
-		      data);
-    }
-    free(csec);
-    free(cusec);
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/kstash.8 b/crypto/heimdal/kdc/kstash.8
deleted file mode 100644
index 3bd46c63ac01..000000000000
--- a/crypto/heimdal/kdc/kstash.8
+++ /dev/null
@@ -1,60 +0,0 @@
-.\" $Id: kstash.8,v 1.7 2002/08/20 16:37:14 joda Exp $
-.\"
-.Dd September  1, 2000
-.Dt KSTASH 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kstash
-.Nd "store the KDC master password in a file"
-.Sh SYNOPSIS
-.Nm
-.Oo Fl e Ar string \*(Ba Xo
-.Fl -enctype= Ns Ar string
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Op Fl -convert-file
-.Op Fl -master-key-fd= Ns Ar fd
-.Op Fl h | Fl -help
-.Op Fl -version
-.Sh DESCRIPTION
-.Nm
-reads the Kerberos master key and stores it in a file that will be
-used by the KDC.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl e Ar string ,
-.Fl -enctype= Ns Ar string
-.Xc
-the encryption type to use, defaults to DES3-CBC-SHA1
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
-the name of the master key file
-.It Xo
-.Fl -convert-file
-.Xc
-don't ask for a new master key, just read an old master key file, and
-write it back in the new keyfile format
-.It Xo
-.Fl -master-key-fd= Ns Ar fd
-.Xc
-filedescriptor to read passphrase from, if not specified the
-passphrase will be read from the terminal
-.El
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kdc 8
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kdc/kstash.c b/crypto/heimdal/kdc/kstash.c
deleted file mode 100644
index dc0621a6f69f..000000000000
--- a/crypto/heimdal/kdc/kstash.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "headers.h"
-
-RCSID("$Id: kstash.c,v 1.15 2002/04/18 09:47:25 joda Exp $");
-
-krb5_context context;
-
-const char *keyfile = HDB_DB_DIR "/m-key";
-int convert_flag;
-int help_flag;
-int version_flag;
-
-int master_key_fd = -1;
-
-const char *enctype_str = "des3-cbc-sha1";
-
-struct getargs args[] = {
-    { "enctype", 'e', arg_string, &enctype_str, "encryption type" },
-    { "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
-    { "convert-file", 0, arg_flag, &convert_flag, 
-      "just convert keyfile to new format" },
-    { "master-key-fd", 0, arg_integer, &master_key_fd, 
-      "filedescriptor to read passphrase from", "fd" },
-    { "help", 'h', arg_flag, &help_flag },
-    { "version", 0, arg_flag, &version_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    char buf[1024];
-    krb5_error_code ret;
-    
-    krb5_enctype enctype;
-
-    hdb_master_key mkey;
-    
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_string_to_enctype(context, enctype_str, &enctype);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_string_to_enctype");
-
-    ret = hdb_read_master_key(context, keyfile, &mkey);
-    if(ret && ret != ENOENT)
-	krb5_err(context, 1, ret, "reading master key from %s", keyfile);
-
-    if (convert_flag) {
-	if (ret)
-	    krb5_err(context, 1, ret, "reading master key from %s", keyfile);
-    } else {
-	krb5_keyblock key;
-	krb5_salt salt;
-	salt.salttype = KRB5_PW_SALT;
-	/* XXX better value? */
-	salt.saltvalue.data = NULL;
-	salt.saltvalue.length = 0;
-	if(master_key_fd != -1) {
-	    ssize_t n;
-	    n = read(master_key_fd, buf, sizeof(buf));
-	    if(n <= 0)
-		krb5_err(context, 1, errno, "failed to read passphrase");
-	    buf[n] = '\0';
-	    buf[strcspn(buf, "\r\n")] = '\0';
-	} else {
-	    if(des_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
-		exit(1);
-	}
-	krb5_string_to_key_salt(context, enctype, buf, salt, &key);
-	ret = hdb_add_master_key(context, &key, &mkey);
-	
-	krb5_free_keyblock_contents(context, &key);
-
-    }
-    
-    {
-	char *new, *old;
-	asprintf(&old, "%s.old", keyfile);
-	asprintf(&new, "%s.new", keyfile);
-	if(unlink(new) < 0 && errno != ENOENT) {
-	    ret = errno;
-	    goto out;
-	}
-	krb5_warnx(context, "writing key to `%s'", keyfile);
-	ret = hdb_write_master_key(context, new, mkey);
-	if(ret)
-	    unlink(new);
-	else {
-	    unlink(old);
-	    if(link(keyfile, old) < 0 && errno != ENOENT) {
-		ret = errno;
-		unlink(new);
-	    } else if(rename(new, keyfile) < 0) {
-		ret = errno;
-	    }
-	}
-    out:
-	free(old);
-	free(new);
-	if(ret)
-	    krb5_warn(context, errno, "writing master key file");
-    }
-
-    hdb_free_master_key(context, mkey);
-
-    exit(ret != 0);
-}
diff --git a/crypto/heimdal/kdc/kstash.cat8 b/crypto/heimdal/kdc/kstash.cat8
deleted file mode 100644
index 266648edc607..000000000000
--- a/crypto/heimdal/kdc/kstash.cat8
+++ /dev/null
@@ -1,33 +0,0 @@
-KSTASH(8)               NetBSD System Manager's Manual               KSTASH(8)
-
-NNAAMMEE
-     kkssttaasshh - store the KDC master password in a file
-
-SSYYNNOOPPSSIISS
-     kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
-     [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkssttaasshh reads the Kerberos master key and stores it in a file that will be
-     used by the KDC.
-
-     Supported options:
-
-     --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g
-             the encryption type to use, defaults to DES3-CBC-SHA1
-
-     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
-             the name of the master key file
-
-     ----ccoonnvveerrtt--ffiillee
-             don't ask for a new master key, just read an old master key file,
-             and write it back in the new keyfile format
-
-     ----mmaasstteerr--kkeeyy--ffdd==_f_d
-             filedescriptor to read passphrase from, if not specified the
-             passphrase will be read from the terminal
-
-SSEEEE AALLSSOO
-     kdc(8)
-
- HEIMDAL                       September 1, 2000                             1
diff --git a/crypto/heimdal/kdc/log.c b/crypto/heimdal/kdc/log.c
deleted file mode 100644
index aa430aa7cee4..000000000000
--- a/crypto/heimdal/kdc/log.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-RCSID("$Id: log.c,v 1.14 2002/08/19 12:17:49 joda Exp $");
-
-static krb5_log_facility *logf;
-
-void
-kdc_openlog(void)
-{
-    char **s = NULL, **p;
-    krb5_initlog(context, "kdc", &logf);
-    s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL);
-    if(s == NULL)
-	s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL);
-    if(s){
-	for(p = s; *p; p++)
-	    krb5_addlog_dest(context, logf, *p);
-	krb5_config_free_strings(s);
-    }else
-	krb5_addlog_dest(context, logf, DEFAULT_LOG_DEST);
-    krb5_set_warn_dest(context, logf);
-}
-
-char*
-kdc_log_msg_va(int level, const char *fmt, va_list ap)
-{
-    char *msg;
-    krb5_vlog_msg(context, logf, &msg, level, fmt, ap);
-    return msg;
-}
-
-char*
-kdc_log_msg(int level, const char *fmt, ...)
-{
-    va_list ap;
-    char *s;
-    va_start(ap, fmt);
-    s = kdc_log_msg_va(level, fmt, ap);
-    va_end(ap);
-    return s;
-}
-
-void
-kdc_log(int level, const char *fmt, ...)
-{
-    va_list ap;
-    char *s;
-    va_start(ap, fmt);
-    s = kdc_log_msg_va(level, fmt, ap);
-    if(s) free(s);
-    va_end(ap);
-}
diff --git a/crypto/heimdal/kdc/main.c b/crypto/heimdal/kdc/main.c
deleted file mode 100644
index 32ae20f5c2d8..000000000000
--- a/crypto/heimdal/kdc/main.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-RCSID("$Id: main.c,v 1.27 2002/08/28 21:27:16 joda Exp $");
-
-sig_atomic_t exit_flag = 0;
-krb5_context context;
-
-#ifdef HAVE_DAEMON
-extern int detach_from_console;
-#endif
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = 1;
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    setprogname(argv[0]);
-    
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    configure(argc, argv);
-
-    if(databases == NULL) {
-	db = malloc(sizeof(*db));
-	num_db = 1;
-	ret = hdb_create(context, &db[0], NULL);
-	if(ret)
-	    krb5_err(context, 1, ret, "hdb_create %s", HDB_DEFAULT_DB);
-	ret = hdb_set_master_keyfile(context, db[0], NULL);
-	if (ret)
-	    krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    } else {
-	struct dbinfo *d;
-	int i;
-	/* count databases */
-	for(d = databases, i = 0; d; d = d->next, i++);
-	db = malloc(i * sizeof(*db));
-	for(d = databases, num_db = 0; d; d = d->next, num_db++) {
-	    ret = hdb_create(context, &db[num_db], d->dbname);
-	    if(ret)
-		krb5_err(context, 1, ret, "hdb_create %s", d->dbname);
-	    ret = hdb_set_master_keyfile(context, db[num_db], d->mkey_file);
-	    if (ret)
-		krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-	}
-    }
-
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT, &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-    }
-#else
-    signal(SIGINT, sigterm);
-    signal(SIGTERM, sigterm);
-#endif
-#ifdef HAVE_DAEMON
-    if (detach_from_console)
-	daemon(0, 0);
-#endif
-    pidfile(NULL);
-    loop();
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/misc.c b/crypto/heimdal/kdc/misc.c
deleted file mode 100644
index aebdc6895b0f..000000000000
--- a/crypto/heimdal/kdc/misc.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kdc_locl.h"
-
-RCSID("$Id: misc.c,v 1.22 2001/01/30 03:54:21 assar Exp $");
-
-struct timeval now;
-
-krb5_error_code
-db_fetch(krb5_principal principal, hdb_entry **h)
-{
-    hdb_entry *ent;
-    krb5_error_code ret = HDB_ERR_NOENTRY;
-    int i;
-
-    ent = malloc (sizeof (*ent));
-    if (ent == NULL)
-	return ENOMEM;
-    ent->principal = principal;
-
-    for(i = 0; i < num_db; i++) {
-	ret = db[i]->open(context, db[i], O_RDONLY, 0);
-	if (ret) {
-	    kdc_log(0, "Failed to open database: %s", 
-		    krb5_get_err_text(context, ret));
-	    continue;
-	}
-	ret = db[i]->fetch(context, db[i], HDB_F_DECRYPT, ent);
-	db[i]->close(context, db[i]);
-	if(ret == 0) {
-	    *h = ent;
-	    return 0;
-	}
-    }
-    free(ent);
-    return ret;
-}
-
-void
-free_ent(hdb_entry *ent)
-{
-    hdb_free_entry (context, ent);
-    free (ent);
-}
-
diff --git a/crypto/heimdal/kdc/mit_dump.c b/crypto/heimdal/kdc/mit_dump.c
deleted file mode 100644
index 336d26579175..000000000000
--- a/crypto/heimdal/kdc/mit_dump.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hprop.h"
-
-RCSID("$Id: mit_dump.c,v 1.3 2000/08/09 09:57:37 joda Exp $");
-
-/*
-can have any number of princ stanzas.
-format is as follows (only \n indicates newlines)
-princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38)
-%d\t (strlen of principal e.g. shadow/foo@ANDREW.CMU.EDU)
-%d\t (number of tl_data)
-%d\t (number of key data, e.g. how many keys for this user)
-%d\t (extra data length) 
-%s\t (principal name)
-%d\t (attributes)
-%d\t (max lifetime, seconds)
-%d\t (max renewable life, seconds)
-%d\t (expiration, seconds since epoch or 2145830400 for never)
-%d\t (password expiration, seconds, 0 for never) 
-%d\t (last successful auth, seconds since epoch)
-%d\t (last failed auth, per above)
-%d\t (failed auth count)
-foreach tl_data 0 to number of tl_data - 1 as above
-  %d\t%d\t (data type, data length)
-  foreach tl_data 0 to length-1
-    %02x (tl data contents[element n])
-  except if tl_data length is 0
-    %d (always -1)
-  \t
-foreach key 0 to number of keys - 1 as above
-  %d\t%d\t (key data version, kvno)
-  foreach version 0 to key data version - 1 (a key or a salt)
-    %d\t%d\t(data type for this key, data length for this key)
-    foreach key data length 0 to length-1
-      %02x (key data contents[element n])
-    except if key_data length is 0
-      %d (always -1)
-    \t    
-foreach extra data length 0 to length - 1
-  %02x (extra data part)
-unless no extra data
-  %d (always -1)
-;\n
-
-*/
-
-static int
-hex_to_octet_string(const char *ptr, krb5_data *data)
-{
-    int i;
-    unsigned int v;
-    for(i = 0; i < data->length; i++) {
-	if(sscanf(ptr + 2 * i, "%02x", &v) != 1)
-	    return -1;
-	((unsigned char*)data->data)[i] = v;
-    }
-    return 2 * i;
-}
-
-static char *
-nexttoken(char **p)
-{
-    char *q;
-    do {
-	q = strsep(p, " \t");
-    } while(q && *q == '\0');
-    return q;
-}
-
-static size_t
-getdata(char **p, unsigned char *buf, size_t len)
-{
-    size_t i;
-    int v;
-    char *q = nexttoken(p);
-    i = 0;
-    while(*q && i < len) {
-	if(sscanf(q, "%02x", &v) != 1)
-	    break;
-	buf[i++] = v;
-	q += 2;
-    }
-    return i;
-}
-
-static int
-getint(char **p)
-{
-    int val;
-    char *q = nexttoken(p);
-    sscanf(q, "%d", &val);
-    return val;
-}
-
-#include <kadm5/admin.h>
-
-static void
-attr_to_flags(unsigned attr, HDBFlags *flags)
-{
-    flags->postdate =		!(attr & KRB5_KDB_DISALLOW_POSTDATED);
-    flags->forwardable =	!(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
-    flags->initial =	       !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
-    flags->renewable =		!(attr & KRB5_KDB_DISALLOW_RENEWABLE);
-    flags->proxiable =		!(attr & KRB5_KDB_DISALLOW_PROXIABLE);
-    /* DUP_SKEY */
-    flags->invalid =	       !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
-    flags->require_preauth =   !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
-    /* HW_AUTH */
-    flags->server =		!(attr & KRB5_KDB_DISALLOW_SVR);
-    flags->change_pw = 	       !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
-    flags->client =	        1; /* XXX */
-}
-
-#define KRB5_KDB_SALTTYPE_NORMAL	0
-#define KRB5_KDB_SALTTYPE_V4		1
-#define KRB5_KDB_SALTTYPE_NOREALM	2
-#define KRB5_KDB_SALTTYPE_ONLYREALM	3
-#define KRB5_KDB_SALTTYPE_SPECIAL	4
-#define KRB5_KDB_SALTTYPE_AFS3		5
-
-static krb5_error_code
-fix_salt(krb5_context context, hdb_entry *ent, int key_num)
-{
-    krb5_error_code ret;
-    Salt *salt = ent->keys.val[key_num].salt;
-    /* fix salt type */
-    switch((int)salt->type) {
-    case KRB5_KDB_SALTTYPE_NORMAL:
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_V4:
-	krb5_data_free(&salt->salt);
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_NOREALM:
-    {
-	size_t len;
-	int i;
-	krb5_error_code ret;
-	char *p;
-	    
-	len = 0;
-	for (i = 0; i < ent->principal->name.name_string.len; ++i)
-	    len += strlen(ent->principal->name.name_string.val[i]);
-	ret = krb5_data_alloc (&salt->salt, len);
-	if (ret)
-	    return ret;
-	p = salt->salt.data;
-	for (i = 0; i < ent->principal->name.name_string.len; ++i) {
-	    memcpy (p,
-		    ent->principal->name.name_string.val[i],
-		    strlen(ent->principal->name.name_string.val[i]));
-	    p += strlen(ent->principal->name.name_string.val[i]);
-	}
-
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    }
-    case KRB5_KDB_SALTTYPE_ONLYREALM:
-	krb5_data_free(&salt->salt);
-	ret = krb5_data_copy(&salt->salt, 
-			     ent->principal->realm, 
-			     strlen(ent->principal->realm));
-	if(ret)
-	    return ret;
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_SPECIAL:
-	salt->type = KRB5_PADATA_PW_SALT;
-	break;
-    case KRB5_KDB_SALTTYPE_AFS3:
-	krb5_data_free(&salt->salt);
-	ret = krb5_data_copy(&salt->salt, 
-		       ent->principal->realm, 
-		       strlen(ent->principal->realm));
-	if(ret)
-	    return ret;
-	salt->type = KRB5_PADATA_AFS3_SALT;
-	break;
-    default:
-	abort();
-    }
-    return 0;
-}
-
-int
-mit_prop_dump(void *arg, const char *file)
-{
-    krb5_error_code ret;
-    char buf [1024];
-    FILE *f;
-    int lineno = 0;
-    struct hdb_entry ent;
-
-    struct prop_data *pd = arg;
-
-    f = fopen(file, "r");
-    if(f == NULL)
-	return errno;
-    
-    while(fgets(buf, sizeof(buf), f)) {
-	char *p = buf, *q;
-
-	int i;
-
-	int num_tl_data;
-	int num_key_data;
-	int extra_data_length;
-	int attributes;
-
-	int tmp;
-
-	lineno++;
-
-	memset(&ent, 0, sizeof(ent));
-
-	q = nexttoken(&p);
-	if(strcmp(q, "kdb5_util") == 0) {
-	    int major;
-	    q = nexttoken(&p); /* load_dump */
-	    if(strcmp(q, "load_dump"))
-		errx(1, "line %d: unknown version", lineno);
-	    q = nexttoken(&p); /* load_dump */
-	    if(strcmp(q, "version"))
-		errx(1, "line %d: unknown version", lineno);
-	    q = nexttoken(&p); /* x.0 */
-	    if(sscanf(q, "%d", &major) != 1)
-		errx(1, "line %d: unknown version", lineno);
-	    if(major != 4)
-		errx(1, "unknown dump file format, got %d, expected 4", major);
-	    continue;
-	} else if(strcmp(q, "princ") != 0) {
-	    warnx("line %d: not a principal", lineno);
-	    continue;
-	}
-	tmp = getint(&p);
-	if(tmp != 38) {
-	    warnx("line %d: bad base length %d != 38", lineno, tmp);
-	    continue;
-	}
-	q = nexttoken(&p); /* length of principal */
-	num_tl_data = getint(&p); /* number of tl-data */
-	num_key_data = getint(&p); /* number of key-data */
-	extra_data_length = getint(&p);  /* length of extra data */
-	q = nexttoken(&p); /* principal name */
-	krb5_parse_name(pd->context, q, &ent.principal);
-	attributes = getint(&p); /* attributes */
-	attr_to_flags(attributes, &ent.flags);
-	tmp = getint(&p); /* max life */
-	if(tmp != 0) {
-	    ALLOC(ent.max_life);
-	    *ent.max_life = tmp;
-	}
-	tmp = getint(&p); /* max renewable life */
-	if(tmp != 0) {
-	    ALLOC(ent.max_renew);
-	    *ent.max_renew = tmp;
-	}
-	tmp = getint(&p); /* expiration */
-	if(tmp != 0 && tmp != 2145830400) {
-	    ALLOC(ent.valid_end);
-	    *ent.valid_end = tmp;
-	}
-	tmp = getint(&p); /* pw expiration */
-	if(tmp != 0) {
-	    ALLOC(ent.pw_end);
-	    *ent.pw_end = tmp;
-	}
-	q = nexttoken(&p); /* last auth */
-	q = nexttoken(&p); /* last failed auth */
-	q = nexttoken(&p); /* fail auth count */
-	for(i = 0; i < num_tl_data; i++) {
-	    unsigned long val;
-	    int tl_type, tl_length;
-	    unsigned char *buf;
-	    krb5_principal princ;
-
-	    tl_type = getint(&p); /* data type */
-	    tl_length = getint(&p); /* data length */
-
-#define KRB5_TL_LAST_PWD_CHANGE	1
-#define KRB5_TL_MOD_PRINC	2
-	    switch(tl_type) {
-	    case KRB5_TL_MOD_PRINC:
-		buf = malloc(tl_length);
-		getdata(&p, buf, tl_length); /* data itself */
-		val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
-		ret = krb5_parse_name(pd->context, buf + 4, &princ);
-		free(buf);
-		ALLOC(ent.modified_by);
-		ent.modified_by->time = val;
-		ent.modified_by->principal = princ;
-		break;
-	    default:
-		nexttoken(&p);
-		break;
-	    }
-	}
-	ALLOC_SEQ(&ent.keys, num_key_data);
-	for(i = 0; i < num_key_data; i++) {
-	    int key_versions;
-	    key_versions = getint(&p); /* key data version */
-	    ent.kvno = getint(&p); /* XXX kvno */
-	    
-	    ALLOC(ent.keys.val[i].mkvno);
-	    *ent.keys.val[i].mkvno = 0;
-	    
-	    /* key version 0 -- actual key */
-	    ent.keys.val[i].key.keytype = getint(&p); /* key type */
-	    tmp = getint(&p); /* key length */
-	    /* the first two bytes of the key is the key length --
-	       skip it */
-	    krb5_data_alloc(&ent.keys.val[i].key.keyvalue, tmp - 2);
-	    q = nexttoken(&p); /* key itself */
-	    hex_to_octet_string(q + 4, &ent.keys.val[i].key.keyvalue);
-
-	    if(key_versions > 1) {
-		/* key version 1 -- optional salt */
-		ALLOC(ent.keys.val[i].salt);
-		ent.keys.val[i].salt->type = getint(&p); /* salt type */
-		tmp = getint(&p); /* salt length */
-		if(tmp > 0) {
-		    krb5_data_alloc(&ent.keys.val[i].salt->salt, tmp - 2);
-		    q = nexttoken(&p); /* salt itself */
-		    hex_to_octet_string(q + 4, &ent.keys.val[i].salt->salt);
-		} else {
-		    ent.keys.val[i].salt->salt.length = 0;
-		    ent.keys.val[i].salt->salt.data = NULL;
-		    tmp = getint(&p);	/* -1, if no data. */
-		}
-		fix_salt(pd->context, &ent, i);
-	    }
-	}
-	q = nexttoken(&p); /* extra data */
-	v5_prop(pd->context, NULL, &ent, arg);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/rx.h b/crypto/heimdal/kdc/rx.h
deleted file mode 100644
index ab8ec8052318..000000000000
--- a/crypto/heimdal/kdc/rx.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: rx.h,v 1.4 1999/12/02 17:05:00 joda Exp $ */
-
-#ifndef __RX_H__
-#define __RX_H__
-
-/* header of a RPC packet */
-
-enum rx_header_type {
-     HT_DATA = 1,
-     HT_ACK = 2,
-     HT_BUSY = 3,
-     HT_ABORT = 4,
-     HT_ACKALL = 5,
-     HT_CHAL = 6,
-     HT_RESP = 7,
-     HT_DEBUG = 8
-};
-
-/* For flags in header */
-
-enum rx_header_flag {
-     HF_CLIENT_INITIATED = 1,
-     HF_REQ_ACK = 2,
-     HF_LAST = 4,
-     HF_MORE = 8
-};
-
-struct rx_header {
-     u_int32_t epoch;
-     u_int32_t connid;		/* And channel ID */
-     u_int32_t callid;
-     u_int32_t seqno;
-     u_int32_t serialno;
-     u_char type;
-     u_char flags;
-     u_char status;
-     u_char secindex;
-     u_int16_t reserved;	/* ??? verifier? */
-     u_int16_t serviceid;
-/* This should be the other way around according to everything but */
-/* tcpdump */
-};
-
-#define RX_HEADER_SIZE 28
-
-#endif /* __RX_H__ */
diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8
deleted file mode 100644
index dc9d63b5f75c..000000000000
--- a/crypto/heimdal/kdc/string2key.8
+++ /dev/null
@@ -1,110 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: string2key.8,v 1.6 2003/02/16 21:10:21 lha Exp $
-.\"
-.Dd March  4, 2000
-.Dt STRING2KEY 8
-.Os HEIMDAL
-.Sh NAME
-.Nm string2key
-.Nd map a password into a key
-.Sh SYNOPSIS
-.Nm
-.Op Fl 5 | Fl -version5
-.Op Fl 4 | Fl -version4
-.Op Fl a | Fl -afs
-.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell
-.Xc
-.Oc
-.Oo Fl w Ar password \*(Ba Xo
-.Fl -password= Ns Ar password
-.Xc
-.Oc
-.Oo Fl p Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal
-.Xc
-.Oc
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytype= Ns Ar string
-.Xc
-.Oc
-.Ar password
-.Sh DESCRIPTION
-.Nm
-performs the string-to-key function.
-This is useful when you want to handle the raw key instead of the password.
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl 5 ,
-.Fl -version5
-.Xc
-Output Kerberos v5 string-to-key
-.It Xo
-.Fl 4 ,
-.Fl -version4
-.Xc
-Output Kerberos v4 string-to-key
-.It Xo
-.Fl a ,
-.Fl -afs
-.Xc
-Output AFS string-to-key
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
-AFS cell to use
-.It Xo
-.Fl w Ar password ,
-.Fl -password= Ns Ar password
-.Xc
-Password to use
-.It Xo
-.Fl p Ar principal ,
-.Fl -principal= Ns Ar principal
-.Xc
-Kerberos v5 principal to use
-.It Xo
-.Fl k Ar string ,
-.Fl -keytype= Ns Ar string
-.Xc
-Keytype
-.It Xo
-.Fl -version
-.Xc
-print version
-.It Xo
-.Fl -help
-.Xc
-.El
diff --git a/crypto/heimdal/kdc/string2key.c b/crypto/heimdal/kdc/string2key.c
deleted file mode 100644
index 8a38442be98e..000000000000
--- a/crypto/heimdal/kdc/string2key.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "headers.h"
-#include <getarg.h>
-
-RCSID("$Id: string2key.c,v 1.20 2003/03/25 12:28:52 joda Exp $");
-
-int version5;
-int version4;
-int afs;
-char *principal;
-char *cell;
-char *password;
-const char *keytype_str = "des3-cbc-sha1";
-int version;
-int help;
-
-struct getargs args[] = {
-    { "version5", '5', arg_flag,   &version5, "Output Kerberos v5 string-to-key" },
-    { "version4", '4', arg_flag,   &version4, "Output Kerberos v4 string-to-key" },
-    { "afs",      'a', arg_flag,   &afs, "Output AFS string-to-key" },
-    { "cell",     'c', arg_string, &cell, "AFS cell to use", "cell" },
-    { "password", 'w', arg_string, &password, "Password to use", "password" },
-    { "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" },
-    { "keytype",  'k', arg_string, &keytype_str, "Keytype" },
-    { "version",    0, arg_flag,   &version, "print version" },
-    { "help",       0, arg_flag,   &help, NULL }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int status)
-{
-    arg_printusage (args, num_args, NULL, "password");
-    exit(status);
-}
-
-static void
-tokey(krb5_context context, 
-      krb5_enctype enctype, 
-      const char *password, 
-      krb5_salt salt, 
-      const char *label)
-{
-    int i;
-    krb5_keyblock key;
-    char *e;
-    krb5_string_to_key_salt(context, enctype, password, salt, &key);
-    krb5_enctype_to_string(context, enctype, &e);
-    printf(label, e);
-    printf(": ");
-    for(i = 0; i < key.keyvalue.length; i++)
-	printf("%02x", ((unsigned char*)key.keyvalue.data)[i]);
-    printf("\n");
-    krb5_free_keyblock_contents(context, &key);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_principal princ;
-    krb5_salt salt;
-    int optind;
-    char buf[1024];
-    krb5_enctype etype;
-    krb5_error_code ret;
-
-    optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
-    if(help)
-	usage(0);
-    
-    if(version){
-	print_version (NULL);
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc > 1)
-	usage(1);
-
-    if(!version5 && !version4 && !afs)
-	version5 = 1;
-
-    ret = krb5_string_to_enctype(context, keytype_str, &etype);
-    if(ret) {
-	krb5_keytype keytype;
-	int *etypes;
-	unsigned num;
-	ret = krb5_string_to_keytype(context, keytype_str, &keytype);
-	if(ret)
-	    krb5_err(context, 1, ret, "%s", keytype_str);
-	ret = krb5_keytype_to_enctypes(context, keytype, &num, &etypes);
-	if(ret)
-	    krb5_err(context, 1, ret, "%s", keytype_str);
-	if(num == 0)
-	    krb5_errx(context, 1, "there are no encryption types for that keytype");
-	etype = etypes[0];
-	krb5_enctype_to_string(context, etype, &keytype_str);
-	if(num > 1 && version5)
-	    krb5_warnx(context, "ambiguous keytype, using %s", keytype_str);
-    }
-    
-    if((etype != ETYPE_DES_CBC_CRC &&
-	etype != ETYPE_DES_CBC_MD4 &&
-	etype != ETYPE_DES_CBC_MD5) &&
-       (afs || version4)) {
-	if(!version5) {
-	    etype = ETYPE_DES_CBC_CRC;
-	} else {
-	    krb5_errx(context, 1, 
-		      "DES is the only valid keytype for AFS and Kerberos 4");
-	}
-    }
-
-    if(version5 && principal == NULL){
-	printf("Kerberos v5 principal: ");
-	if(fgets(buf, sizeof(buf), stdin) == NULL)
-	    return 1;
-	if(buf[strlen(buf) - 1] == '\n')
-	    buf[strlen(buf) - 1] = '\0';
-	principal = estrdup(buf);
-    }
-    if(afs && cell == NULL){
-	printf("AFS cell: ");
-	if(fgets(buf, sizeof(buf), stdin) == NULL)
-	    return 1;
-	if(buf[strlen(buf) - 1] == '\n')
-	    buf[strlen(buf) - 1] = '\0';
-	cell = estrdup(buf);
-    }
-    if(argv[0])
-	password = argv[0];
-    if(password == NULL){
-	if(des_read_pw_string(buf, sizeof(buf), "Password: ", 0))
-	    return 1;
-	password = buf;
-    }
-	
-    if(version5){
-	krb5_parse_name(context, principal, &princ);
-	krb5_get_pw_salt(context, princ, &salt);
-	tokey(context, etype, password, salt, "Kerberos 5 (%s)");
-	krb5_free_salt(context, salt);
-    }
-    if(version4){
-	salt.salttype = KRB5_PW_SALT;
-	salt.saltvalue.length = 0;
-	salt.saltvalue.data = NULL;
-	tokey(context, ETYPE_DES_CBC_MD5, password, salt, "Kerberos 4");
-    }
-    if(afs){
-	salt.salttype = KRB5_AFS3_SALT;
-	salt.saltvalue.length = strlen(cell);
-	salt.saltvalue.data = cell;
-	tokey(context, ETYPE_DES_CBC_MD5, password, salt, "AFS");
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kdc/string2key.cat8 b/crypto/heimdal/kdc/string2key.cat8
deleted file mode 100644
index 60a819e4d474..000000000000
--- a/crypto/heimdal/kdc/string2key.cat8
+++ /dev/null
@@ -1,41 +0,0 @@
-STRING2KEY(8)           NetBSD System Manager's Manual           STRING2KEY(8)
-
-NNAAMMEE
-     ssttrriinngg22kkeeyy - map a password into a key
-
-SSYYNNOOPPSSIISS
-     ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l |
-     ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l |
-     ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d
-
-DDEESSCCRRIIPPTTIIOONN
-     ssttrriinngg22kkeeyy performs the string-to-key function.  This is useful when you
-     want to handle the raw key instead of the password.  Supported options:
-
-     --55, ----vveerrssiioonn55
-             Output Kerberos v5 string-to-key
-
-     --44, ----vveerrssiioonn44
-             Output Kerberos v4 string-to-key
-
-     --aa, ----aaffss
-             Output AFS string-to-key
-
-     --cc _c_e_l_l, ----cceellll==_c_e_l_l
-             AFS cell to use
-
-     --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d
-             Password to use
-
-     --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l
-             Kerberos v5 principal to use
-
-     --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g
-             Keytype
-
-     ----vveerrssiioonn
-             print version
-
-     ----hheellpp
-
- HEIMDAL                         March 4, 2000                               1
diff --git a/crypto/heimdal/kdc/v4_dump.c b/crypto/heimdal/kdc/v4_dump.c
deleted file mode 100644
index ddf8222bce18..000000000000
--- a/crypto/heimdal/kdc/v4_dump.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hprop.h"
-
-RCSID("$Id: v4_dump.c,v 1.4.8.1 2003/04/28 12:24:54 lha Exp $");
-
-static time_t
-time_parse(const char *cp)
-{
-    char wbuf[5];
-    struct tm tp;
-    int local;
-
-    memset(&tp, 0, sizeof(tp));	/* clear out the struct */
-    
-    /* new format is YYYYMMDDHHMM UTC,
-       old format is YYMMDDHHMM local time */
-    if (strlen(cp) > 10) {		/* new format */
-	strlcpy(wbuf, cp, sizeof(wbuf));
-	tp.tm_year = atoi(wbuf) - 1900;
-	cp += 4;
-	local = 0;
-    } else {
-	wbuf[0] = *cp++;
-	wbuf[1] = *cp++;
-	wbuf[2] = '\0';
-	tp.tm_year = atoi(wbuf);
-	if(tp.tm_year < 38)
-	    tp.tm_year += 100;
-	local = 1;
-    }
-
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    wbuf[2] = 0;
-    tp.tm_mon = atoi(wbuf) - 1;
-
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    tp.tm_mday = atoi(wbuf);
-    
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    tp.tm_hour = atoi(wbuf);
-    
-    wbuf[0] = *cp++;
-    wbuf[1] = *cp++;
-    tp.tm_min = atoi(wbuf);
-    
-    return(tm2time(tp, local));
-}
-
-/* convert a version 4 dump file */
-int
-v4_prop_dump(void *arg, const char *file)
-{
-    char buf [1024];
-    FILE *f;
-    int lineno = 0;
-
-    f = fopen(file, "r");
-    if(f == NULL)
-	return errno;
-    
-    while(fgets(buf, sizeof(buf), f)) {
-	int ret;
-	unsigned long key[2]; /* yes, long */
-	char exp_date[64], mod_date[64];
-	struct v4_principal pr;
-	int attributes;
-    
-	memset(&pr, 0, sizeof(pr));
-	errno = 0;
-	lineno++;
-	ret = sscanf(buf, "%63s %63s %d %d %d %d %lx %lx %63s %63s %63s %63s",
-		     pr.name, pr.instance,
-		     &pr.max_life, &pr.mkvno, &pr.kvno,
-		     &attributes,
-		     &key[0], &key[1],
-		     exp_date, mod_date,
-		     pr.mod_name, pr.mod_instance);
-	if(ret != 12){
-	    warnx("Line %d malformed (ignored)", lineno);
-	    continue;
-	}
-	if(attributes != 0) {
-	    warnx("Line %d (%s.%s) has non-zero attributes - skipping", 
-		  lineno, pr.name, pr.instance);
-	    continue;
-	}
-	pr.key[0] = (key[0] >> 24) & 0xff;
-	pr.key[1] = (key[0] >> 16) & 0xff;
-	pr.key[2] = (key[0] >> 8) & 0xff;
-	pr.key[3] = (key[0] >> 0) & 0xff;
-	pr.key[4] = (key[1] >> 24) & 0xff;
-	pr.key[5] = (key[1] >> 16) & 0xff;
-	pr.key[6] = (key[1] >> 8) & 0xff;
-	pr.key[7] = (key[1] >> 0) & 0xff;
-	pr.exp_date = time_parse(exp_date);
-	pr.mod_date = time_parse(mod_date);
-	if (pr.instance[0] == '*')
-	    pr.instance[0] = '\0';
-	if (pr.mod_name[0] == '*')
-	    pr.mod_name[0] = '\0';
-	if (pr.mod_instance[0] == '*')
-	    pr.mod_instance[0] = '\0';
-	v4_prop(arg, &pr);
-	memset(&pr, 0, sizeof(pr));
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/kpasswd/Makefile b/crypto/heimdal/kpasswd/Makefile
deleted file mode 100644
index 828ed5b10100..000000000000
--- a/crypto/heimdal/kpasswd/Makefile
+++ /dev/null
@@ -1,764 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# kpasswd/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.16 2001/08/28 08:31:29 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = kpasswd.1 kpasswdd.8
-
-bin_PROGRAMS = kpasswd
-
-kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
-
-libexec_PROGRAMS = kpasswdd
-
-noinst_PROGRAMS = kpasswd-generator
-
-kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
-
-kpasswdd_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(LDADD) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen) \
-	$(DBLIB)
-
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = kpasswd
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kpasswd$(EXEEXT)
-libexec_PROGRAMS = kpasswdd$(EXEEXT)
-noinst_PROGRAMS = kpasswd-generator$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-
-am_kpasswd_OBJECTS = kpasswd.$(OBJEXT)
-kpasswd_OBJECTS = $(am_kpasswd_OBJECTS)
-kpasswd_LDADD = $(LDADD)
-kpasswd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kpasswd_LDFLAGS =
-kpasswd_generator_SOURCES = kpasswd-generator.c
-kpasswd_generator_OBJECTS = kpasswd-generator.$(OBJEXT)
-kpasswd_generator_LDADD = $(LDADD)
-kpasswd_generator_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kpasswd_generator_LDFLAGS =
-am_kpasswdd_OBJECTS = kpasswdd.$(OBJEXT)
-kpasswdd_OBJECTS = $(am_kpasswdd_OBJECTS)
-kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kpasswdd_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c \
-	$(kpasswdd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kpasswd/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES) 
-	@rm -f kpasswd$(EXEEXT)
-	$(LINK) $(kpasswd_LDFLAGS) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS)
-kpasswd-generator$(EXEEXT): $(kpasswd_generator_OBJECTS) $(kpasswd_generator_DEPENDENCIES) 
-	@rm -f kpasswd-generator$(EXEEXT)
-	$(LINK) $(kpasswd_generator_LDFLAGS) $(kpasswd_generator_OBJECTS) $(kpasswd_generator_LDADD) $(LIBS)
-kpasswdd$(EXEEXT): $(kpasswdd_OBJECTS) $(kpasswdd_DEPENDENCIES) 
-	@rm -f kpasswdd$(EXEEXT)
-	$(LINK) $(kpasswdd_LDFLAGS) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-local install-exec \
-	install-exec-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
-	uninstall-man1 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kpasswd/Makefile.am b/crypto/heimdal/kpasswd/Makefile.am
deleted file mode 100644
index 5e287a9c3779..000000000000
--- a/crypto/heimdal/kpasswd/Makefile.am
+++ /dev/null
@@ -1,31 +0,0 @@
-# $Id: Makefile.am,v 1.16 2001/08/28 08:31:29 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_des)
-
-man_MANS = kpasswd.1 kpasswdd.8
-
-bin_PROGRAMS = kpasswd
-
-kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
-
-libexec_PROGRAMS = kpasswdd
-
-noinst_PROGRAMS = kpasswd-generator
-
-kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
-
-kpasswdd_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(LDADD) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen) \
-	$(DBLIB)
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in
deleted file mode 100644
index e52643d53fa1..000000000000
--- a/crypto/heimdal/kpasswd/Makefile.in
+++ /dev/null
@@ -1,750 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.16 2001/08/28 08:31:29 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = kpasswd.1 kpasswdd.8
-
-bin_PROGRAMS = kpasswd
-
-kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
-
-libexec_PROGRAMS = kpasswdd
-
-noinst_PROGRAMS = kpasswd-generator
-
-kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
-
-kpasswdd_LDADD = \
-	$(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(LDADD) \
-	$(LIB_pidfile) \
-	$(LIB_dlopen) \
-	$(DBLIB)
-
-
-LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = kpasswd
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kpasswd$(EXEEXT)
-libexec_PROGRAMS = kpasswdd$(EXEEXT)
-noinst_PROGRAMS = kpasswd-generator$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-
-am_kpasswd_OBJECTS = kpasswd.$(OBJEXT)
-kpasswd_OBJECTS = $(am_kpasswd_OBJECTS)
-kpasswd_LDADD = $(LDADD)
-kpasswd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kpasswd_LDFLAGS =
-kpasswd_generator_SOURCES = kpasswd-generator.c
-kpasswd_generator_OBJECTS = kpasswd-generator.$(OBJEXT)
-kpasswd_generator_LDADD = $(LDADD)
-kpasswd_generator_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kpasswd_generator_LDFLAGS =
-am_kpasswdd_OBJECTS = kpasswdd.$(OBJEXT)
-kpasswdd_OBJECTS = $(am_kpasswdd_OBJECTS)
-kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kpasswdd_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c \
-	$(kpasswdd_SOURCES)
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kpasswd/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES) 
-	@rm -f kpasswd$(EXEEXT)
-	$(LINK) $(kpasswd_LDFLAGS) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS)
-kpasswd-generator$(EXEEXT): $(kpasswd_generator_OBJECTS) $(kpasswd_generator_DEPENDENCIES) 
-	@rm -f kpasswd-generator$(EXEEXT)
-	$(LINK) $(kpasswd_generator_LDFLAGS) $(kpasswd_generator_OBJECTS) $(kpasswd_generator_LDADD) $(LIBS)
-kpasswdd$(EXEEXT): $(kpasswdd_OBJECTS) $(kpasswdd_DEPENDENCIES) 
-	@rm -f kpasswdd$(EXEEXT)
-	$(LINK) $(kpasswdd_LDFLAGS) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man8dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man
-
-uninstall-man: uninstall-man1 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-libtool clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-man1 install-man8 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-info-am \
-	uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
-	uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kpasswd/kpasswd-generator.c b/crypto/heimdal/kpasswd/kpasswd-generator.c
deleted file mode 100644
index 202dcfc877ca..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd-generator.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kpasswd_locl.h"
-
-RCSID("$Id: kpasswd-generator.c,v 1.5 2001/07/31 02:44:42 assar Exp $");
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
-    unsigned n, alloc;
-    FILE *f;
-    char buf[256];
-    char **w = NULL;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	err (1, "cannot open %s", filename);
-    alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if (buf[strlen (buf) - 1] == '\n')
-	    buf[strlen (buf) - 1] = '\0';
-	if (n >= alloc) {
-	    alloc += 16;
-	    w = erealloc (w, alloc * sizeof(char **));
-	}
-	w[n++] = estrdup (buf);
-    }
-    *ret_w = w;
-    return n;
-}
-
-static int
-nop_prompter (krb5_context context,
-	      void *data,
-	      const char *name,
-	      const char *banner,
-	      int num_prompts,
-	      krb5_prompt prompts[])
-{
-    return 0;
-}
-
-static void
-generate_requests (const char *filename, unsigned nreq)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    int i;
-    char **words;
-    unsigned nwords;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    nwords = read_words (filename, &words);
-
-    for (i = 0; i < nreq; ++i) {
-	char *name = words[rand() % nwords];
-	krb5_get_init_creds_opt opt;
-	krb5_creds cred;
-	krb5_principal principal;
-	int result_code;
-	krb5_data result_code_string, result_string;
-	char *old_pwd, *new_pwd;
-
-	krb5_get_init_creds_opt_init (&opt);
-	krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
-	krb5_get_init_creds_opt_set_forwardable (&opt, FALSE);
-	krb5_get_init_creds_opt_set_proxiable (&opt, FALSE);
-
-	ret = krb5_parse_name (context, name, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s", name);
-
-	asprintf (&old_pwd, "%s", name);
-	asprintf (&new_pwd, "%s2", name);
-
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    old_pwd,
-					    nop_prompter,
-					    NULL,
-					    0,
-					    "kadmin/changepw",
-					    &opt);
-	if( ret == KRB5KRB_AP_ERR_BAD_INTEGRITY
-	    || ret == KRB5KRB_AP_ERR_MODIFIED) {
-	    char *tmp;
-
-	    tmp = new_pwd;
-	    new_pwd = old_pwd;
-	    old_pwd = tmp;
-
-	    ret = krb5_get_init_creds_password (context,
-						&cred,
-						principal,
-						old_pwd,
-						nop_prompter,
-						NULL,
-						0,
-						"kadmin/changepw",
-						&opt);
-	}
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_init_creds_password");
-
-	krb5_free_principal (context, principal);
-
-	ret = krb5_change_password (context, &cred, new_pwd,
-				    &result_code,
-				    &result_code_string,
-				    &result_string);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_change_password");
-
-	free (old_pwd);
-	free (new_pwd);
-	krb5_free_creds_contents (context, &cred);
-    }
-}
-
-static int version_flag	= 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "file [number]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int nreq;
-    char *end;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    if (help_flag)
-	usage (0);
-    if (version_flag) {
-	print_version(NULL);
-	return 0;
-    }
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 2)
-	usage (1);
-    srand (0);
-    nreq = strtol (argv[1], &end, 0);
-    if (argv[1] == end || *end != '\0')
-	usage (1);
-    generate_requests (argv[0], nreq);
-    return 0;
-}
diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1
deleted file mode 100644
index 1c2e26c143bd..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd.1
+++ /dev/null
@@ -1,50 +0,0 @@
-.\" Copyright (c) 1997, 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kpasswd.1,v 1.5 2003/02/16 21:10:22 lha Exp $
-.\"
-.Dd August 27, 1997
-.Dt KPASSWD 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kpasswd
-.Nd Kerberos 5 password changing program
-.Sh SYNOPSIS
-.Nm
-.Op Ar principal
-.Sh DESCRIPTION
-.Nm
-is the client for changing passwords.
-.Sh DIAGNOSTICS
-If the password quality check fails or some other error occurs, an
-explanation is printed.
-.Sh SEE ALSO
-.Xr kpasswdd 8
diff --git a/crypto/heimdal/kpasswd/kpasswd.c b/crypto/heimdal/kpasswd/kpasswd.c
deleted file mode 100644
index 02f95579250d..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kpasswd_locl.h"
-RCSID("$Id: kpasswd.c,v 1.24 2001/09/27 01:29:40 assar Exp $");
-
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "version", 		0,   arg_flag, &version_flag },
-    { "help",			0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret, struct getargs *a, int num_args)
-{
-    arg_printusage (a, num_args, NULL, "[principal]");
-    exit (ret);
-}
-
-int
-main (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_principal principal;
-    int optind = 0;
-    krb5_get_init_creds_opt opt;
-    krb5_creds cred;
-    int result_code;
-    krb5_data result_code_string, result_string;
-    char pwbuf[BUFSIZ];
-
-    optind = krb5_program_setup(&context, argc, argv,
-				args, sizeof(args) / sizeof(args[0]), usage);
-
-    if (help_flag)
-	usage (0, args, sizeof(args) / sizeof(args[0]));
-
-    if(version_flag){
-	print_version (NULL);
-	exit(0);
-    }
-
-    krb5_get_init_creds_opt_init (&opt);
-    
-    krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
-    krb5_get_init_creds_opt_set_forwardable (&opt, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (&opt, FALSE);
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc > 1)
-	usage (1, args, sizeof(args) / sizeof(args[0]));
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-  
-    if(argv[0]) {
-	ret = krb5_parse_name (context, argv[0], &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name");
-    } else
-	principal = NULL;
-
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					NULL,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					"kadmin/changepw",
-					&opt);
-    switch (ret) {
-    case 0:
-	break;
-    case KRB5_LIBOS_PWDINTR :
-	return 1;
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY :
-    case KRB5KRB_AP_ERR_MODIFIED :
-	krb5_errx(context, 1, "Password incorrect");
-	break;
-    default:
-	krb5_err(context, 1, ret, "krb5_get_init_creds");
-    }
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    if(des_read_pw_string (pwbuf, sizeof(pwbuf), "New password: ", 1) != 0)
-	return 1;
-
-    ret = krb5_change_password (context, &cred, pwbuf,
-				&result_code,
-				&result_code_string,
-				&result_string);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_change_password");
-
-    printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context,
-						       result_code),
-	    result_string.length > 0 ? " : " : "",
-	    (int)result_string.length,
-	    (char *)result_string.data);
-
-    krb5_data_free (&result_code_string);
-    krb5_data_free (&result_string);
-    
-    krb5_free_creds_contents (context, &cred);
-    krb5_free_context (context);
-    return result_code;
-}
diff --git a/crypto/heimdal/kpasswd/kpasswd.cat1 b/crypto/heimdal/kpasswd/kpasswd.cat1
deleted file mode 100644
index e76e9cc85ed9..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd.cat1
+++ /dev/null
@@ -1,19 +0,0 @@
-KPASSWD(1)                  NetBSD Reference Manual                 KPASSWD(1)
-
-NNAAMMEE
-     kkppaasssswwdd - Kerberos 5 password changing program
-
-SSYYNNOOPPSSIISS
-     kkppaasssswwdd [_p_r_i_n_c_i_p_a_l]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkppaasssswwdd is the client for changing passwords.
-
-DDIIAAGGNNOOSSTTIICCSS
-     If the password quality check fails or some other error occurs, an expla-
-     nation is printed.
-
-SSEEEE AALLSSOO
-     kpasswdd(8)
-
- HEIMDAL                        August 27, 1997                              1
diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h
deleted file mode 100644
index c254f6f20f0e..000000000000
--- a/crypto/heimdal/kpasswd/kpasswd_locl.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kpasswd_locl.h,v 1.13 2002/09/10 20:03:48 joda Exp $ */
-
-#ifndef __KPASSWD_LOCL_H__
-#define __KPASSWD_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#include <err.h>
-#include <roken.h>
-#include <getarg.h>
-#include <krb5.h>
-#include "crypto-headers.h" /* for des_read_pw_string */
-
-#endif /* __KPASSWD_LOCL_H__ */
diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8
deleted file mode 100644
index 899b3a35c270..000000000000
--- a/crypto/heimdal/kpasswd/kpasswdd.8
+++ /dev/null
@@ -1,88 +0,0 @@
-.\" $Id: kpasswdd.8,v 1.8 2003/02/04 21:48:01 lha Exp $
-.\"
-.Dd April 19, 1999
-.Dt KPASSWDD 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kpasswdd
-.Nd Kerberos 5 password changing server
-.Sh SYNOPSIS
-.Nm
-.Op Fl -check-library= Ns Ar library
-.Op Fl -check-function= Ns Ar function
-.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -port= Ns Ar string
-.Xc
-.Oc
-.Op Fl -version
-.Op Fl -help
-.Sh DESCRIPTION
-.Nm
-serves request for password changes. It listens on UDP port 464
-(service kpasswd) and processes requests when they arrive. It changes
-the database directly and should thus only run on the master KDC.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl -check-library= Ns Ar library
-.Xc
-If your system has support for dynamic loading of shared libraries,
-you can use an external function to check password quality. This
-option specifies which library to load.
-.It Xo
-.Fl -check-function= Ns Ar function
-.Xc
-This is the function to call in the loaded library. The function
-should look like this:
-.Pp
-.Ft const char *
-.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
-.Pp
-.Fa context
-is an initialized context;
-.Fa principal
-is the one who tries to change passwords, and
-.Fa password
-is the new password. Note that the password (in
-.Fa password->data )
-is not zero terminated.
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
-Keytab to get authentication key from
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
-Default realm
-.It Xo
-.Fl p Ar string ,
-.Fl -port= Ns Ar string
-.Xc
-Port to listen on (default service kpasswd - 464).
-.El
-.Sh DIAGNOSTICS
-If an error occurs, the error message is returned to the user and/or
-logged to syslog.
-.Sh BUGS
-The default password quality checks are too basic.
-.Sh SEE ALSO
-.Xr kpasswd 1 ,
-.Xr kdc 8
-.\".Sh ENVIRONMENT
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh SEE ALSO
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c
deleted file mode 100644
index 6b3373296fd7..000000000000
--- a/crypto/heimdal/kpasswd/kpasswdd.c
+++ /dev/null
@@ -1,612 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kpasswd_locl.h"
-RCSID("$Id: kpasswdd.c,v 1.54 2002/12/02 14:31:52 joda Exp $");
-
-#include <kadm5/admin.h>
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#include <hdb.h>
-#include <kadm5/private.h>
-
-static krb5_context context;
-static krb5_log_facility *log_facility;
-
-static sig_atomic_t exit_flag = 0;
-
-static void
-send_reply (int s,
-	    struct sockaddr *sa,
-	    int sa_size,
-	    krb5_data *ap_rep,
-	    krb5_data *rest)
-{
-    struct msghdr msghdr;
-    struct iovec iov[3];
-    u_int16_t len, ap_rep_len;
-    u_char header[6];
-    u_char *p;
-
-    if (ap_rep)
-	ap_rep_len = ap_rep->length;
-    else
-	ap_rep_len = 0;
-
-    len = 6 + ap_rep_len + rest->length;
-    p = header;
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0;
-    *p++ = 1;
-    *p++ = (ap_rep_len >> 8) & 0xFF;
-    *p++ = (ap_rep_len >> 0) & 0xFF;
-
-    memset (&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = (void *)sa;
-    msghdr.msg_namelen    = sa_size;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base       = (char *)header;
-    iov[0].iov_len        = 6;
-    if (ap_rep_len) {
-	iov[1].iov_base   = ap_rep->data;
-	iov[1].iov_len    = ap_rep->length;
-    } else {
-	iov[1].iov_base   = NULL;
-	iov[1].iov_len    = 0;
-    }
-    iov[2].iov_base       = rest->data;
-    iov[2].iov_len        = rest->length;
-
-    if (sendmsg (s, &msghdr, 0) < 0)
-	krb5_warn (context, errno, "sendmsg");
-}
-
-static int
-make_result (krb5_data *data,
-	     u_int16_t result_code,
-	     const char *expl)
-{
-    krb5_data_zero (data);
-
-    data->length = asprintf ((char **)&data->data,
-			     "%c%c%s",
-			     (result_code >> 8) & 0xFF,
-			     result_code & 0xFF,
-			     expl);
-
-    if (data->data == NULL) {
-	krb5_warnx (context, "Out of memory generating error reply");
-	return 1;
-    }
-    return 0;
-}
-
-static void
-reply_error (krb5_principal server,
-	     int s,
-	     struct sockaddr *sa,
-	     int sa_size,
-	     krb5_error_code error_code,
-	     u_int16_t result_code,
-	     const char *expl)
-{
-    krb5_error_code ret;
-    krb5_data error_data;
-    krb5_data e_data;
-
-    if (make_result(&e_data, result_code, expl))
-	return;
-
-    ret = krb5_mk_error (context,
-			 error_code,
-			 NULL,
-			 &e_data,
-			 NULL,
-			 server,
-			 NULL,
-			 NULL,
-			 &error_data);
-    krb5_data_free (&e_data);
-    if (ret) {
-	krb5_warn (context, ret, "Could not even generate error reply");
-	return;
-    }
-    send_reply (s, sa, sa_size, NULL, &error_data);
-    krb5_data_free (&error_data);
-}
-
-static void
-reply_priv (krb5_auth_context auth_context,
-	    int s,
-	    struct sockaddr *sa,
-	    int sa_size,
-	    u_int16_t result_code,
-	    const char *expl)
-{
-    krb5_error_code ret;
-    krb5_data krb_priv_data;
-    krb5_data ap_rep_data;
-    krb5_data e_data;
-
-    ret = krb5_mk_rep (context,
-		       auth_context,
-		       &ap_rep_data);
-    if (ret) {
-	krb5_warn (context, ret, "Could not even generate error reply");
-	return;
-    }
-
-    if (make_result(&e_data, result_code, expl))
-	return;
-
-    ret = krb5_mk_priv (context,
-			auth_context,
-			&e_data,
-			&krb_priv_data,
-			NULL);
-    krb5_data_free (&e_data);
-    if (ret) {
-	krb5_warn (context, ret, "Could not even generate error reply");
-	return;
-    }
-    send_reply (s, sa, sa_size, &ap_rep_data, &krb_priv_data);
-    krb5_data_free (&ap_rep_data);
-    krb5_data_free (&krb_priv_data);
-}
-
-/*
- * Change the password for `principal', sending the reply back on `s'
- * (`sa', `sa_size') to `pwd_data'.
- */
-
-static void
-change (krb5_auth_context auth_context,
-	krb5_principal principal,
-	int s,
-	struct sockaddr *sa,
-	int sa_size,
-	krb5_data *pwd_data)
-{
-    krb5_error_code ret;
-    char *client;
-    const char *pwd_reason;
-    kadm5_config_params conf;
-    void *kadm5_handle;
-    char *tmp;
-
-    memset (&conf, 0, sizeof(conf));
-    
-    krb5_unparse_name (context, principal, &client);
-
-    ret = kadm5_init_with_password_ctx(context, 
-				       client,
-				       NULL,
-				       KADM5_ADMIN_SERVICE,
-				       &conf, 0, 0, 
-				       &kadm5_handle);
-    if (ret) {
-	free (client);
-	krb5_warn (context, ret, "kadm5_init_with_password_ctx");
-	reply_priv (auth_context, s, sa, sa_size, 2,
-		    "Internal error");
-	return;
-    }
-
-    krb5_warnx (context, "Changing password for %s", client);
-    free (client);
-
-    pwd_reason = kadm5_check_password_quality (context, principal, pwd_data);
-    if (pwd_reason != NULL ) {
-	krb5_warnx (context, "%s", pwd_reason);
-	reply_priv (auth_context, s, sa, sa_size, 4, pwd_reason);
-	kadm5_destroy (kadm5_handle);
-	return;
-    }
-
-    tmp = malloc (pwd_data->length + 1);
-    if (tmp == NULL) {
-	krb5_warnx (context, "malloc: out of memory");
-	reply_priv (auth_context, s, sa, sa_size, 2,
-		    "Internal error");
-	goto out;
-    }
-    memcpy (tmp, pwd_data->data, pwd_data->length);
-    tmp[pwd_data->length] = '\0';
-
-    ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, tmp);
-    memset (tmp, 0, pwd_data->length);
-    free (tmp);
-    if (ret) {
-	krb5_warn (context, ret, "kadm5_s_chpass_principal_cond");
-	reply_priv (auth_context, s, sa, sa_size, 2,
-		    "Internal error");
-	goto out;
-    }
-    reply_priv (auth_context, s, sa, sa_size, 0, "Password changed");
-out:
-    kadm5_destroy (kadm5_handle);
-}
-
-static int
-verify (krb5_auth_context *auth_context,
-	krb5_principal server,
-	krb5_keytab keytab,
-	krb5_ticket **ticket,
-	krb5_data *out_data,
-	int s,
-	struct sockaddr *sa,
-	int sa_size,
-	u_char *msg,
-	size_t len)
-{
-    krb5_error_code ret;
-    u_int16_t pkt_len, pkt_ver, ap_req_len;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-
-    pkt_len = (msg[0] << 8) | (msg[1]);
-    pkt_ver = (msg[2] << 8) | (msg[3]);
-    ap_req_len = (msg[4] << 8) | (msg[5]);
-    if (pkt_len != len) {
-	krb5_warnx (context, "Strange len: %ld != %ld", 
-		    (long)pkt_len, (long)len);
-	reply_error (server, s, sa, sa_size, 0, 1, "Bad request");
-	return 1;
-    }
-    if (pkt_ver != 0x0001) {
-	krb5_warnx (context, "Bad version (%d)", pkt_ver);
-	reply_error (server, s, sa, sa_size, 0, 1, "Wrong program version");
-	return 1;
-    }
-
-    ap_req_data.data   = msg + 6;
-    ap_req_data.length = ap_req_len;
-
-    ret = krb5_rd_req (context,
-		       auth_context,
-		       &ap_req_data,
-		       server,
-		       keytab,
-		       NULL,
-		       ticket);
-    if (ret) {
-	if(ret == KRB5_KT_NOTFOUND) {
-	    char *name;
-	    krb5_unparse_name(context, server, &name);
-	    krb5_warnx (context, "krb5_rd_req: %s (%s)", 
-			krb5_get_err_text(context, ret), name);
-	    free(name);
-	} else
-	    krb5_warn (context, ret, "krb5_rd_req");
-	reply_error (server, s, sa, sa_size, ret, 3, "Authentication failed");
-	return 1;
-    }
-
-    if (!(*ticket)->ticket.flags.initial) {
-	krb5_warnx (context, "initial flag not set");
-	reply_error (server, s, sa, sa_size, ret, 1,
-		     "Bad request");
-	goto out;
-    }
-    krb_priv_data.data   = msg + 6 + ap_req_len;
-    krb_priv_data.length = len - 6 - ap_req_len;
-
-    ret = krb5_rd_priv (context,
-			*auth_context,
-			&krb_priv_data,
-			out_data,
-			NULL);
-    
-    if (ret) {
-	krb5_warn (context, ret, "krb5_rd_priv");
-	reply_error (server, s, sa, sa_size, ret, 3, "Bad request");
-	goto out;
-    }
-    return 0;
-out:
-    krb5_free_ticket (context, *ticket);
-    return 1;
-}
-
-static void
-process (krb5_principal server,
-	 krb5_keytab keytab,
-	 int s,
-	 krb5_address *this_addr,
-	 struct sockaddr *sa,
-	 int sa_size,
-	 u_char *msg,
-	 int len)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_data out_data;
-    krb5_ticket *ticket;
-    krb5_address other_addr;
-
-    krb5_data_zero (&out_data);
-
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_auth_con_init");
-	return;
-    }
-
-    krb5_auth_con_setflags (context, auth_context,
-			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-    ret = krb5_sockaddr2address (context, sa, &other_addr);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_sockaddr2address");
-	goto out;
-    }
-
-    ret = krb5_auth_con_setaddrs (context,
-				  auth_context,
-				  this_addr,
-				  &other_addr);
-    krb5_free_address (context, &other_addr);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_auth_con_setaddr");
-	goto out;
-    }
-
-    if (verify (&auth_context, server, keytab, &ticket, &out_data,
-		s, sa, sa_size, msg, len) == 0) {
-	change (auth_context,
-		ticket->client,
-		s,
-		sa, sa_size,
-		&out_data);
-	memset (out_data.data, 0, out_data.length);
-	krb5_free_ticket (context, ticket);
-	free (ticket);
-    }
-
-out:
-    krb5_data_free (&out_data);
-    krb5_auth_con_free (context, auth_context);
-}
-
-static int
-doit (krb5_keytab keytab, int port)
-{
-    krb5_error_code ret;
-    krb5_principal server;
-    int *sockets;
-    int maxfd;
-    char *realm;
-    krb5_addresses addrs;
-    unsigned n, i;
-    fd_set real_fdset;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-
-    ret = krb5_get_default_realm (context, &realm);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_default_realm");
-
-    ret = krb5_build_principal (context,
-				&server,
-				strlen(realm),
-				realm,
-				"kadmin",
-				"changepw",
-				NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_build_principal");
-
-    free (realm);
-
-    ret = krb5_get_all_server_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-
-    n = addrs.len;
-
-    sockets = malloc (n * sizeof(*sockets));
-    if (sockets == NULL)
-	krb5_errx (context, 1, "out of memory");
-    maxfd = -1;
-    FD_ZERO(&real_fdset);
-    for (i = 0; i < n; ++i) {
-	int sa_size = sizeof(__ss);
-
-	krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port);
-	
-	sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
-	if (sockets[i] < 0)
-	    krb5_err (context, 1, errno, "socket");
-	if (bind (sockets[i], sa, sa_size) < 0) {
-	    char str[128];
-	    size_t len;
-	    int save_errno = errno;
-
-	    ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
-	    if (ret)
-		strlcpy(str, "unknown address", sizeof(str));
-	    krb5_warn (context, save_errno, "bind(%s)", str);
-	    continue;
-	}
-	maxfd = max (maxfd, sockets[i]);
-	if (maxfd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-	FD_SET(sockets[i], &real_fdset);
-    }
-    if (maxfd == -1)
-	krb5_errx (context, 1, "No sockets!");
-
-    while(exit_flag == 0) {
-	int ret;
-	fd_set fdset = real_fdset;
-
-	ret = select (maxfd + 1, &fdset, NULL, NULL, NULL);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-	for (i = 0; i < n; ++i)
-	    if (FD_ISSET(sockets[i], &fdset)) {
-		u_char buf[BUFSIZ];
-		socklen_t addrlen = sizeof(__ss);
-
-		ret = recvfrom (sockets[i], buf, sizeof(buf), 0,
-				sa, &addrlen);
-		if (ret < 0) {
-		    if(errno == EINTR)
-			break;
-		    else
-			krb5_err (context, 1, errno, "recvfrom");
-		}
-
-		process (server, keytab, sockets[i],
-			 &addrs.val[i],
-			 sa, addrlen,
-			 buf, ret);
-	    }
-    }
-    krb5_free_addresses (context, &addrs);
-    krb5_free_principal (context, server);
-    krb5_free_context (context);
-    return 0;
-}
-
-static RETSIGTYPE
-sigterm(int sig)
-{
-    exit_flag = 1;
-}
-
-const char *check_library  = NULL;
-const char *check_function = NULL;
-char *keytab_str = "HDB:";
-char *realm_str;
-int version_flag;
-int help_flag;
-char *port_str;
-
-struct getargs args[] = {
-#ifdef HAVE_DLOPEN
-    { "check-library", 0, arg_string, &check_library, 
-      "library to load password check function from", "library" },
-    { "check-function", 0, arg_string, &check_function,
-      "password check function to load", "function" },
-#endif
-    { "keytab", 'k', arg_string, &keytab_str, 
-      "keytab to get authentication key from", "kspec" },
-    { "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
-    { "port",  'p', arg_string, &port_str, "port" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main (int argc, char **argv)
-{
-    int optind;
-    krb5_keytab keytab;
-    krb5_error_code ret;
-    int port;
-    
-    optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(realm_str)
-	krb5_set_default_realm(context, realm_str);
-    
-    krb5_openlog (context, "kpasswdd", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    if (port_str != NULL) {
-	struct servent *s = roken_getservbyname (port_str, "udp");
-
-	if (s != NULL)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		krb5_errx (context, 1, "bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    } else
-	port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", keytab_str);
-    
-    kadm5_setup_passwd_quality_check (context, check_library, check_function);
-
-#ifdef HAVE_SIGACTION
-    {
-	struct sigaction sa;
-
-	sa.sa_flags = 0;
-	sa.sa_handler = sigterm;
-	sigemptyset(&sa.sa_mask);
-
-	sigaction(SIGINT,  &sa, NULL);
-	sigaction(SIGTERM, &sa, NULL);
-    }
-#else
-    signal(SIGINT,  sigterm);
-    signal(SIGTERM, sigterm);
-#endif
-
-    pidfile(NULL);
-
-    return doit (keytab, port);
-}
diff --git a/crypto/heimdal/kpasswd/kpasswdd.cat8 b/crypto/heimdal/kpasswd/kpasswdd.cat8
deleted file mode 100644
index 3330b8e3eba8..000000000000
--- a/crypto/heimdal/kpasswd/kpasswdd.cat8
+++ /dev/null
@@ -1,53 +0,0 @@
-KPASSWDD(8)             NetBSD System Manager's Manual             KPASSWDD(8)
-
-NNAAMMEE
-     kkppaasssswwdddd - Kerberos 5 password changing server
-
-SSYYNNOOPPSSIISS
-     kkppaasssswwdddd [----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y] [----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n] [--kk _k_s_p_e_c
-     | ----kkeeyyttaabb==_k_s_p_e_c] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--pp _s_t_r_i_n_g | ----ppoorrtt==_s_t_r_i_n_g]
-     [----vveerrssiioonn] [----hheellpp]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkppaasssswwdddd serves request for password changes. It listens on UDP port 464
-     (service kpasswd) and processes requests when they arrive. It changes the
-     database directly and should thus only run on the master KDC.
-
-     Supported options:
-
-     ----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y
-             If your system has support for dynamic loading of shared li-
-             braries, you can use an external function to check password qual-
-             ity. This option specifies which library to load.
-
-     ----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n
-             This is the function to call in the loaded library. The function
-             should look like this:
-
-             _c_o_n_s_t _c_h_a_r _* ppaasssswwdd__cchheecckk(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l
-             _p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_a_s_s_w_o_r_d)
-
-             _c_o_n_t_e_x_t is an initialized context; _p_r_i_n_c_i_p_a_l is the one who tries
-             to change passwords, and _p_a_s_s_w_o_r_d is the new password. Note that
-             the password (in _p_a_s_s_w_o_r_d_-_>_d_a_t_a) is not zero terminated.
-
-     --kk _k_s_p_e_c, ----kkeeyyttaabb==_k_s_p_e_c
-             keytab to get authentication key from
-
-     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
-             default realm
-
-     --pp _s_t_r_i_n_g, ----ppoorrtt==_s_t_r_i_n_g
-             port to listen on (default service kpasswd - 464).
-
-DDIIAAGGNNOOSSTTIICCSS
-     If an error occurs, the error message is returned to the user and/or
-     logged to syslog.
-
-BBUUGGSS
-     The default password quality checks are too basic.
-
-SSEEEE AALLSSOO
-     kpasswd(1), kdc(8)
-
- HEIMDAL                        April 19, 1999                               1
diff --git a/crypto/heimdal/krb5.conf b/crypto/heimdal/krb5.conf
deleted file mode 100644
index c9f4c44a5e4f..000000000000
--- a/crypto/heimdal/krb5.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-[libdefaults]
-        default_realm = MY.REALM
-	clockskew = 300
-	v4_instance_resolve = false
-	v4_name_convert = {
-		host = {
-			rcmd = host
-			ftp = ftp
-		}
-		plain = {
-			something = something-else
-		}
-	}
-	
-[realms]
-	MY.REALM = {
-		kdc = MY.COMPUTER
-	}
-	OTHER.REALM = {
-		v4_instance_convert = {
-			kerberos = kerberos
-			computer = computer.some.other.domain
-		}
-	}
-[domain_realm]
-	.my.domain = MY.REALM
diff --git a/crypto/heimdal/kuser/Makefile b/crypto/heimdal/kuser/Makefile
deleted file mode 100644
index 1a120d2c6af6..000000000000
--- a/crypto/heimdal/kuser/Makefile
+++ /dev/null
@@ -1,734 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# kuser/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.30 2001/09/02 17:12:23 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1
-
-bin_PROGRAMS = kinit klist kdestroy kgetcred
-
-noinst_PROGRAMS = kverify kdecode_ticket generate-requests
-
-kinit_LDADD = \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-
-kdestroy_LDADD = $(kinit_LDADD)
-
-klist_LDADD = $(kinit_LDADD)
-
-LDADD = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = kuser
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kinit$(EXEEXT) klist$(EXEEXT) kdestroy$(EXEEXT) \
-	kgetcred$(EXEEXT)
-noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) \
-	generate-requests$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-
-generate_requests_SOURCES = generate-requests.c
-generate_requests_OBJECTS = generate-requests.$(OBJEXT)
-generate_requests_LDADD = $(LDADD)
-generate_requests_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-generate_requests_LDFLAGS =
-kdecode_ticket_SOURCES = kdecode_ticket.c
-kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT)
-kdecode_ticket_LDADD = $(LDADD)
-kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kdecode_ticket_LDFLAGS =
-kdestroy_SOURCES = kdestroy.c
-kdestroy_OBJECTS = kdestroy.$(OBJEXT)
-#kdestroy_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-kdestroy_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kdestroy_LDFLAGS =
-kgetcred_SOURCES = kgetcred.c
-kgetcred_OBJECTS = kgetcred.$(OBJEXT)
-kgetcred_LDADD = $(LDADD)
-kgetcred_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kgetcred_LDFLAGS =
-kinit_SOURCES = kinit.c
-kinit_OBJECTS = kinit.$(OBJEXT)
-#kinit_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-kinit_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kinit_LDFLAGS =
-klist_SOURCES = klist.c
-klist_OBJECTS = klist.$(OBJEXT)
-#klist_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-#	$(top_builddir)/lib/krb5/libkrb5.la \
-#	$(top_builddir)/lib/asn1/libasn1.la
-klist_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-klist_LDFLAGS =
-kverify_SOURCES = kverify.c
-kverify_OBJECTS = kverify.$(OBJEXT)
-kverify_LDADD = $(LDADD)
-kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kverify_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = generate-requests.c kdecode_ticket.c kdestroy.c \
-	kgetcred.c kinit.c klist.c kverify.c
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = generate-requests.c kdecode_ticket.c kdestroy.c kgetcred.c kinit.c klist.c kverify.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kuser/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-generate-requests$(EXEEXT): $(generate_requests_OBJECTS) $(generate_requests_DEPENDENCIES) 
-	@rm -f generate-requests$(EXEEXT)
-	$(LINK) $(generate_requests_LDFLAGS) $(generate_requests_OBJECTS) $(generate_requests_LDADD) $(LIBS)
-kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES) 
-	@rm -f kdecode_ticket$(EXEEXT)
-	$(LINK) $(kdecode_ticket_LDFLAGS) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS)
-kdestroy$(EXEEXT): $(kdestroy_OBJECTS) $(kdestroy_DEPENDENCIES) 
-	@rm -f kdestroy$(EXEEXT)
-	$(LINK) $(kdestroy_LDFLAGS) $(kdestroy_OBJECTS) $(kdestroy_LDADD) $(LIBS)
-kgetcred$(EXEEXT): $(kgetcred_OBJECTS) $(kgetcred_DEPENDENCIES) 
-	@rm -f kgetcred$(EXEEXT)
-	$(LINK) $(kgetcred_LDFLAGS) $(kgetcred_OBJECTS) $(kgetcred_LDADD) $(LIBS)
-kinit$(EXEEXT): $(kinit_OBJECTS) $(kinit_DEPENDENCIES) 
-	@rm -f kinit$(EXEEXT)
-	$(LINK) $(kinit_LDFLAGS) $(kinit_OBJECTS) $(kinit_LDADD) $(LIBS)
-klist$(EXEEXT): $(klist_OBJECTS) $(klist_DEPENDENCIES) 
-	@rm -f klist$(EXEEXT)
-	$(LINK) $(klist_LDFLAGS) $(klist_OBJECTS) $(klist_LDADD) $(LIBS)
-kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES) 
-	@rm -f kverify$(EXEEXT)
-	$(LINK) $(kverify_LDFLAGS) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-local install-exec \
-	install-exec-am install-info install-info-am install-man \
-	install-man1 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-info-am uninstall-man \
-	uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-# make sure install-exec-hook doesn't have any commands in Makefile.am.common
-install-exec-hook:
-	(cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kuser/Makefile.am b/crypto/heimdal/kuser/Makefile.am
deleted file mode 100644
index e33b94867180..000000000000
--- a/crypto/heimdal/kuser/Makefile.am
+++ /dev/null
@@ -1,33 +0,0 @@
-# $Id: Makefile.am,v 1.31 2003/03/18 13:15:27 lha Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1
-
-bin_PROGRAMS = kinit klist kdestroy kgetcred
-
-noinst_PROGRAMS = kverify kdecode_ticket generate-requests
-
-kinit_LDADD = \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-kdestroy_LDADD	= $(kinit_LDADD)
-
-klist_LDADD	= $(kinit_LDADD)
-
-LDADD = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-# make sure install-exec-hook doesn't have any commands in Makefile.am.common
-install-exec-hook:
-	(cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
diff --git a/crypto/heimdal/kuser/Makefile.in b/crypto/heimdal/kuser/Makefile.in
deleted file mode 100644
index 0a2324c77d20..000000000000
--- a/crypto/heimdal/kuser/Makefile.in
+++ /dev/null
@@ -1,719 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.31 2003/03/18 13:15:27 lha Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1
-
-bin_PROGRAMS = kinit klist kdestroy kgetcred
-
-noinst_PROGRAMS = kverify kdecode_ticket generate-requests
-
-kinit_LDADD = \
-	$(LIB_kafs) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_krb4) \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-
-kdestroy_LDADD = $(kinit_LDADD)
-
-klist_LDADD = $(kinit_LDADD)
-
-LDADD = \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-subdir = kuser
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-bin_PROGRAMS = kinit$(EXEEXT) klist$(EXEEXT) kdestroy$(EXEEXT) \
-	kgetcred$(EXEEXT)
-noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) \
-	generate-requests$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-
-generate_requests_SOURCES = generate-requests.c
-generate_requests_OBJECTS = generate-requests.$(OBJEXT)
-generate_requests_LDADD = $(LDADD)
-generate_requests_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-generate_requests_LDFLAGS =
-kdecode_ticket_SOURCES = kdecode_ticket.c
-kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT)
-kdecode_ticket_LDADD = $(LDADD)
-kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kdecode_ticket_LDFLAGS =
-kdestroy_SOURCES = kdestroy.c
-kdestroy_OBJECTS = kdestroy.$(OBJEXT)
-kdestroy_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kdestroy_LDFLAGS =
-kgetcred_SOURCES = kgetcred.c
-kgetcred_OBJECTS = kgetcred.$(OBJEXT)
-kgetcred_LDADD = $(LDADD)
-kgetcred_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kgetcred_LDFLAGS =
-kinit_SOURCES = kinit.c
-kinit_OBJECTS = kinit.$(OBJEXT)
-kinit_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kinit_LDFLAGS =
-klist_SOURCES = klist.c
-klist_OBJECTS = klist.$(OBJEXT)
-klist_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-klist_LDFLAGS =
-kverify_SOURCES = kverify.c
-kverify_OBJECTS = kverify.$(OBJEXT)
-kverify_LDADD = $(LDADD)
-kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-kverify_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = generate-requests.c kdecode_ticket.c kdestroy.c \
-	kgetcred.c kinit.c klist.c kverify.c
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = generate-requests.c kdecode_ticket.c kdestroy.c kgetcred.c kinit.c klist.c kverify.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  kuser/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-generate-requests$(EXEEXT): $(generate_requests_OBJECTS) $(generate_requests_DEPENDENCIES) 
-	@rm -f generate-requests$(EXEEXT)
-	$(LINK) $(generate_requests_LDFLAGS) $(generate_requests_OBJECTS) $(generate_requests_LDADD) $(LIBS)
-kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES) 
-	@rm -f kdecode_ticket$(EXEEXT)
-	$(LINK) $(kdecode_ticket_LDFLAGS) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS)
-kdestroy$(EXEEXT): $(kdestroy_OBJECTS) $(kdestroy_DEPENDENCIES) 
-	@rm -f kdestroy$(EXEEXT)
-	$(LINK) $(kdestroy_LDFLAGS) $(kdestroy_OBJECTS) $(kdestroy_LDADD) $(LIBS)
-kgetcred$(EXEEXT): $(kgetcred_OBJECTS) $(kgetcred_DEPENDENCIES) 
-	@rm -f kgetcred$(EXEEXT)
-	$(LINK) $(kgetcred_LDFLAGS) $(kgetcred_OBJECTS) $(kgetcred_LDADD) $(LIBS)
-kinit$(EXEEXT): $(kinit_OBJECTS) $(kinit_DEPENDENCIES) 
-	@rm -f kinit$(EXEEXT)
-	$(LINK) $(kinit_LDFLAGS) $(kinit_OBJECTS) $(kinit_LDADD) $(LIBS)
-klist$(EXEEXT): $(klist_OBJECTS) $(klist_DEPENDENCIES) 
-	@rm -f klist$(EXEEXT)
-	$(LINK) $(klist_LDFLAGS) $(klist_OBJECTS) $(klist_LDADD) $(LIBS)
-kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES) 
-	@rm -f kverify$(EXEEXT)
-	$(LINK) $(kverify_LDFLAGS) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(PROGRAMS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-info install-info-am install-man install-man1 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-info-am uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-# make sure install-exec-hook doesn't have any commands in Makefile.am.common
-install-exec-hook:
-	(cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/kuser/generate-requests.c b/crypto/heimdal/kuser/generate-requests.c
deleted file mode 100644
index 993a8b04e188..000000000000
--- a/crypto/heimdal/kuser/generate-requests.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: generate-requests.c,v 1.4 2001/08/24 01:07:22 assar Exp $");
-
-static krb5_error_code
-null_key_proc (krb5_context context,
-	       krb5_enctype type,
-	       krb5_salt salt,
-	       krb5_const_pointer keyseed,
-	       krb5_keyblock **key)
-{
-    return ENOTTY;
-}
-
-static unsigned
-read_words (const char *filename, char ***ret_w)
-{
-    unsigned n, alloc;
-    FILE *f;
-    char buf[256];
-    char **w = NULL;
-
-    f = fopen (filename, "r");
-    if (f == NULL)
-	err (1, "cannot open %s", filename);
-    alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if (buf[strlen (buf) - 1] == '\n')
-	    buf[strlen (buf) - 1] = '\0';
-	if (n >= alloc) {
-	    alloc += 16;
-	    w = erealloc (w, alloc * sizeof(char **));
-	}
-	w[n++] = estrdup (buf);
-    }
-    *ret_w = w;
-    return n;
-}
-
-static void
-generate_requests (const char *filename, unsigned nreq)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_creds cred;
-    int i;
-    char **words;
-    unsigned nwords;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    nwords = read_words (filename, &words);
-
-    for (i = 0; i < nreq; ++i) {
-	char *name = words[rand() % nwords];
-	krb5_realm *client_realm;
-
-	memset(&cred, 0, sizeof(cred));
-
-	ret = krb5_parse_name (context, name, &cred.client);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s", name);
-	client_realm = krb5_princ_realm (context, cred.client);
-
-	ret = krb5_make_principal(context, &cred.server, *client_realm,
-				  KRB5_TGS_NAME, *client_realm, NULL);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_make_principal");
-
-	ret = krb5_get_in_cred (context, 0, NULL, NULL, NULL, NULL,
-				null_key_proc, NULL, NULL, NULL,
-				&cred, NULL);
-	krb5_free_creds_contents (context, &cred);
-    }
-}
-
-static int version_flag	= 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "file number");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int nreq;
-    char *end;
-
-    setprogname(argv[0]);
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 2)
-	usage (1);
-    srand (0);
-    nreq = strtol (argv[1], &end, 0);
-    if (argv[1] == end || *end != '\0')
-	usage (1);
-    generate_requests (argv[0], nreq);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kauth_options.c b/crypto/heimdal/kuser/kauth_options.c
deleted file mode 100644
index c432d32ac14a..000000000000
--- a/crypto/heimdal/kuser/kauth_options.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kauth_options.c,v 1.2 1999/12/02 17:05:00 joda Exp $");
-
-#ifdef KRB4
-int do_afslog		= 1;
-int get_v4_tgt		= 1;
-#endif
diff --git a/crypto/heimdal/kuser/kdecode_ticket.c b/crypto/heimdal/kuser/kdecode_ticket.c
deleted file mode 100644
index 74ca5af88ea0..000000000000
--- a/crypto/heimdal/kuser/kdecode_ticket.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: kdecode_ticket.c,v 1.5 2001/02/20 01:44:51 assar Exp $");
-
-static char *etype_str;
-static int version_flag;
-static int help_flag;
-
-static void
-print_and_decode_tkt (krb5_context context,
-		      krb5_data *ticket,
-		      krb5_principal server,
-		      krb5_enctype enctype)
-{
-    krb5_error_code ret;
-    krb5_crypto crypto;
-    krb5_data dec_data;
-    size_t len;
-    EncTicketPart decr_part;
-    krb5_keyblock key;
-    Ticket tkt;
-
-    ret = decode_Ticket (ticket->data, ticket->length, &tkt, &len);
-    if (ret)
-	krb5_err (context, 1, ret, "decode_Ticket");
-
-    ret = krb5_string_to_key (context, enctype, "foo", server, &key);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_string_to_key");
-
-    ret = krb5_crypto_init(context, &key, 0, &crypto);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_crypto_init");
-
-    ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET,
-				      &tkt.enc_part, &dec_data);
-    krb5_crypto_destroy (context, crypto);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_decrypt_EncryptedData");
-    ret = krb5_decode_EncTicketPart (context, dec_data.data, dec_data.length,
-				     &decr_part, &len);
-    krb5_data_free (&dec_data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_decode_EncTicketPart");
-}
-
-struct getargs args[] = {
-    { "enctype",	'e', arg_string, &etype_str,
-      "encryption type to use", "enctype"},
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "service");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache cache;
-    krb5_creds in, *out;
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-  
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 1)
-	usage (1);
-
-    ret = krb5_cc_default(context, &cache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_default");
-
-    memset(&in, 0, sizeof(in));
-
-    if (etype_str) {
-	krb5_enctype enctype;
-
-	ret = krb5_string_to_enctype(context, etype_str, &enctype);
-	if (ret)
-	    krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
-	in.session.keytype = enctype;
-    }
-
-    ret = krb5_cc_get_principal(context, cache, &in.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_get_principal");
-
-    ret = krb5_parse_name(context, argv[0], &in.server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
-
-    in.times.endtime = 0;
-    ret = krb5_get_credentials(context, 0, cache, &in, &out);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_credentials");
-
-    print_and_decode_tkt (context, &out->ticket, out->server,
-			  out->session.keytype);
-
-    krb5_free_creds_contents(context, out);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1
deleted file mode 100644
index 8910e9a0dc26..000000000000
--- a/crypto/heimdal/kuser/kdestroy.1
+++ /dev/null
@@ -1,64 +0,0 @@
-.\" Copyright (c) 1997, 1999, 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kdestroy.1,v 1.4 2003/02/16 21:10:23 lha Exp $
-.\"
-.Dd August 27, 1997
-.Dt KDESTROY 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kdestroy
-.Nd destroy the current ticket file
-.Sh SYNOPSIS
-.Nm
-.Op Fl c Ar cachefile
-.Op Fl -cache= Ns Ar cachefile
-.Op Fl -no-unlog
-.Op Fl -no-delete-v4
-.Op Fl -version
-.Op Fl -help
-.Sh DESCRIPTION
-.Nm
-remove the current set of tickets.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Fl c Ar cachefile
-.It Fl cache= Ns Ar cachefile
-The cache file to remove.
-.It Fl -no-unlog
-Do not remove AFS tokens.
-.It Fl -no-delete-v4
-Do not remove v4 tickets.
-.El
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr klist 1
diff --git a/crypto/heimdal/kuser/kdestroy.c b/crypto/heimdal/kuser/kdestroy.c
deleted file mode 100644
index 4d232455c0a4..000000000000
--- a/crypto/heimdal/kuser/kdestroy.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kdestroy.c,v 1.14.2.1 2003/05/08 18:59:17 lha Exp $");
-
-static const char *cache;
-static int help_flag;
-static int version_flag;
-static int unlog_flag = 1;
-static int dest_tkt_flag = 1;
-
-struct getargs args[] = {
-    { "cache",		'c', arg_string, &cache, "cache to destroy", "cache" },
-    { "unlog",		0,   arg_negative_flag, &unlog_flag,
-      "do not destroy tokens", NULL },
-    { "delete-v4",	0,   arg_negative_flag, &dest_tkt_flag,
-      "do not destroy v4 tickets", NULL },
-    { "version", 	0,   arg_flag, &version_flag, NULL, NULL },
-    { "help",		'h', arg_flag, &help_flag, NULL, NULL}
-};
-
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage (int status)
-{
-    arg_printusage (args, num_args, NULL, "");
-    exit (status);
-}
-
-int
-main (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache  ccache;
-    int optind = 0;
-    int exit_val = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-  
-    if (help_flag)
-	usage (0);
-  
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-  
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0)
-	usage (1);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-  
-    if(cache == NULL) {
-	cache = krb5_cc_default_name(context);
-	if (cache == NULL) {
-	    warnx ("krb5_cc_default_name: %s", krb5_get_err_text(context, ret));
-	    exit(1);
-	}
-    }
-
-    ret =  krb5_cc_resolve(context, 
-			   cache, 
-			   &ccache);
-
-    if (ret == 0) {
-	ret = krb5_cc_destroy (context, ccache);
-	if (ret) {
-	    warnx ("krb5_cc_destroy: %s", krb5_get_err_text(context, ret));
-	    exit_val = 1;
-	}
-    } else {
-	warnx ("krb5_cc_resolve(%s): %s", cache,
-	       krb5_get_err_text(context, ret));
-	exit_val = 1;
-    }
-
-    krb5_free_context (context);
-
-#if KRB4
-    if(dest_tkt_flag && dest_tkt ())
-	exit_val = 1;
-#endif
-    if (unlog_flag && k_hasafs ()) {
-	if (k_unlog ())
-	    exit_val = 1;
-    }
-
-    return exit_val;
-}
diff --git a/crypto/heimdal/kuser/kdestroy.cat1 b/crypto/heimdal/kuser/kdestroy.cat1
deleted file mode 100644
index 8f7247b68589..000000000000
--- a/crypto/heimdal/kuser/kdestroy.cat1
+++ /dev/null
@@ -1,29 +0,0 @@
-KDESTROY(1)                 NetBSD Reference Manual                KDESTROY(1)
-
-NNAAMMEE
-     kkddeessttrrooyy - destroy the current ticket file
-
-SSYYNNOOPPSSIISS
-     kkddeessttrrooyy [--cc _c_a_c_h_e_f_i_l_e] [----ccaacchhee==_c_a_c_h_e_f_i_l_e] [----nnoo--uunnlloogg] [----nnoo--ddeelleettee--vv44]
-     [----vveerrssiioonn] [----hheellpp]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkddeessttrrooyy remove the current set of tickets.
-
-     Supported options:
-
-     --cc _c_a_c_h_e_f_i_l_e
-
-     --ccaacchhee==_c_a_c_h_e_f_i_l_e
-             The cache file to remove.
-
-     ----nnoo--uunnlloogg
-             Do not remove AFS tokens.
-
-     ----nnoo--ddeelleettee--vv44
-             Do not remove v4 tickets.
-
-SSEEEE AALLSSOO
-     kinit(1), klist(1)
-
- HEIMDAL                        August 27, 1997                              1
diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1
deleted file mode 100644
index f69e4111676e..000000000000
--- a/crypto/heimdal/kuser/kgetcred.1
+++ /dev/null
@@ -1,72 +0,0 @@
-.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kgetcred.1,v 1.6 2003/02/16 21:10:24 lha Exp $
-.\"
-.Dd May 14, 1999
-.Dt KGETCRED 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kgetcred
-.Nd "get a ticket for a particular service"
-.Sh SYNOPSIS
-.Nm
-.Oo Fl e Ar enctype \*(Ba Xo
-.Fl -enctype= Ns Ar enctype
-.Xc
-.Oc
-.Op Fl -version
-.Op Fl -help
-.Ar service
-.Sh DESCRIPTION
-.Nm
-obtains a ticket for a service.
-Usually tickets for services are obtained automatically when needed
-but sometimes for some odd reason you want to obtain a particular
-ticket or of a special type.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl e Ar enctype ,
-.Fl -enctype= Ns Ar enctype
-.Xc
-encryption type to use
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
-.El
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr klist 1
diff --git a/crypto/heimdal/kuser/kgetcred.c b/crypto/heimdal/kuser/kgetcred.c
deleted file mode 100644
index 670745535d08..000000000000
--- a/crypto/heimdal/kuser/kgetcred.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: kgetcred.c,v 1.5 2001/02/20 01:44:51 assar Exp $");
-
-static char *etype_str;
-static int version_flag;
-static int help_flag;
-
-struct getargs args[] = {
-    { "enctype",	'e', arg_string, &etype_str,
-      "encryption type to use", "enctype"},
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "service");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache cache;
-    krb5_creds in, *out;
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-  
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 1)
-	usage (1);
-
-    ret = krb5_cc_default(context, &cache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_default");
-
-    memset(&in, 0, sizeof(in));
-
-    if (etype_str) {
-	krb5_enctype enctype;
-
-	ret = krb5_string_to_enctype(context, etype_str, &enctype);
-	if (ret)
-	    krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
-	in.session.keytype = enctype;
-    }
-
-    ret = krb5_cc_get_principal(context, cache, &in.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_get_principal");
-
-    ret = krb5_parse_name(context, argv[0], &in.server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
-
-    in.times.endtime = 0;
-    ret = krb5_get_credentials(context, 0, cache, &in, &out);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_credentials");
-
-    krb5_free_creds_contents(context, out);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kgetcred.cat1 b/crypto/heimdal/kuser/kgetcred.cat1
deleted file mode 100644
index f01ed61cc6d4..000000000000
--- a/crypto/heimdal/kuser/kgetcred.cat1
+++ /dev/null
@@ -1,26 +0,0 @@
-KGETCRED(1)                 NetBSD Reference Manual                KGETCRED(1)
-
-NNAAMMEE
-     kkggeettccrreedd - get a ticket for a particular service
-
-SSYYNNOOPPSSIISS
-     kkggeettccrreedd [--ee _e_n_c_t_y_p_e | ----eennccttyyppee==_e_n_c_t_y_p_e] [----vveerrssiioonn] [----hheellpp] _s_e_r_v_i_c_e
-
-DDEESSCCRRIIPPTTIIOONN
-     kkggeettccrreedd obtains a ticket for a service.  Usually tickets for services
-     are obtained automatically when needed but sometimes for some odd reason
-     you want to obtain a particular ticket or of a special type.
-
-     Supported options:
-
-     --ee _e_n_c_t_y_p_e, ----eennccttyyppee==_e_n_c_t_y_p_e
-             encryption type to use
-
-     ----vveerrssiioonn
-
-     ----hheellpp
-
-SSEEEE AALLSSOO
-     kinit(1), klist(1)
-
- HEIMDAL                         May 14, 1999                                1
diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1
deleted file mode 100644
index 97ed2af62db3..000000000000
--- a/crypto/heimdal/kuser/kinit.1
+++ /dev/null
@@ -1,273 +0,0 @@
-.\" Copyright (c) 1998 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: kinit.1,v 1.23 2003/04/06 17:49:05 lha Exp $
-.\"
-.Dd May 29, 1998
-.Dt KINIT 1
-.Os HEIMDAL
-.Sh NAME
-.Nm kinit
-.Nm kauth
-.Nd acquire initial tickets
-.Sh SYNOPSIS
-.Nm kinit
-.Op Fl 4 | Fl -524init
-.Op Fl 9 | Fl -524convert
-.Op Fl -afslog
-.Oo Fl c Ar cachename \*(Ba Xo
-.Fl -cache= Ns Ar cachename
-.Xc
-.Oc
-.Op Fl f | Fl -forwardable
-.Oo Fl t Ar keytabname \*(Ba Xo
-.Fl -keytab= Ns Ar keytabname
-.Xc
-.Oc
-.Oo Fl l Ar time \*(Ba Xo
-.Fl -lifetime= Ns Ar time
-.Xc
-.Oc
-.Op Fl p | Fl -proxiable
-.Op Fl R | Fl -renew
-.Op Fl -renewable
-.Oo Fl r Ar time \*(Ba Xo
-.Fl -renewable-life= Ns Ar time
-.Xc
-.Oc
-.Oo Fl S Ar principal \*(Ba Xo
-.Fl -server= Ns Ar principal
-.Xc
-.Oc
-.Oo Fl s Ar time \*(Ba Xo
-.Fl -start-time= Ns Ar time
-.Xc
-.Oc
-.Op Fl k | Fl -use-keytab
-.Op Fl v | Fl -validate
-.Oo Fl e Ar enctypes \*(Ba Xo
-.Fl -enctypes= Ns Ar enctypes
-.Xc
-.Oc
-.Oo Fl a Ar addresses \*(Ba Xo
-.Fl -extra-addresses= Ns Ar addresses
-.Xc
-.Oc
-.Op Fl -fcache-version= Ns Ar integer
-.Op Fl -no-addresses
-.Op Fl -anonymous
-.Op Fl -version
-.Op Fl -help
-.Op Ar principal Op Ar command
-.Sh DESCRIPTION
-.Nm
-is used to authenticate to the Kerberos server as
-.Ar principal ,
-or if none is given, a system generated default (typically your login
-name at the default realm), and acquire a ticket granting ticket that
-can later be used to obtain tickets for other services.
-.Pp
-If you have compiled
-.Nm kinit
-with Kerberos 4 support and you have a
-Kerberos 4 server,
-.Nm
-will detect this and get you Kerberos 4 tickets.
-.Pp
-Supported options:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cachename
-.Fl -cache= Ns Ar cachename
-.Xc
-The credentials cache to put the acquired ticket in, if other than
-default.
-.It Xo
-.Fl f ,
-.Fl -forwardable
-.Xc
-Get ticket that can be forwarded to another host.
-.It Xo
-.Fl t Ar keytabname ,
-.Fl -keytab= Ns Ar keytabname
-.Xc
-Don't ask for a password, but instead get the key from the specified
-keytab.
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
-Specifies the lifetime of the ticket. The argument can either be in
-seconds, or a more human readable string like
-.Sq 1h .
-.It Xo
-.Fl p ,
-.Fl -proxiable
-.Xc
-Request tickets with the proxiable flag set.
-.It Xo
-.Fl R ,
-.Fl -renew
-.Xc
-Try to renew ticket. The ticket must have the
-.Sq renewable
-flag set, and must not be expired.
-.It Fl -renewable
-The same as
-.Fl -renewable-life ,
-with an infinite time.
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
-The max renewable ticket life.
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
-Get a ticket for a service other than krbtgt/LOCAL.REALM.
-.It Xo
-.Fl s Ar time ,
-.Fl -start-time= Ns Ar time
-.Xc
-Obtain a ticket that starts to be valid
-.Ar time
-(which can really be a generic time specification, like
-.Sq 1h )
-seconds into the future.
-.It Xo
-.Fl k ,
-.Fl -use-keytab
-.Xc
-The same as
-.Fl -keytab ,
-but with the default keytab name (normally
-.Ar FILE:/etc/krb5.keytab ) .
-.It Xo
-.Fl v ,
-.Fl -validate
-.Xc
-Try to validate an invalid ticket.
-.It Xo
-.Fl e ,
-.Fl -enctypes= Ns Ar enctypes
-.Xc
-Request tickets with this particular enctype.
-.It Xo
-.Fl -fcache-version= Ns Ar version
-.Xc
-Create a credentials cache of version
-.Nm version .
-.It Xo
-.Fl a ,
-.Fl -extra-addresses= Ns Ar enctypes
-.Xc
-Adds a set of addresses that will, in addition to the systems local
-addresses, be put in the ticket. This can be useful if all addresses a
-client can use can't be automatically figured out. One such example is
-if the client is behind a firewall. Also settable via
-.Li libdefaults/extra_addresses
-in
-.Xr krb5.conf 5 .
-.It Xo
-.Fl -no-addresses
-.Xc
-Request a ticket with no addresses.
-.It Xo
-.Fl -anonymous
-.Xc
-Request an anonymous ticket (which means that the ticket will be
-issued to an anonymous principal, typically
-.Dq anonymous@REALM ) .
-.El
-.Pp
-The following options are only available if
-.Nm
-has been compiled with support for Kerberos 4.
-.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -524init
-.Xc
-Try to convert the obtained Kerberos 5 krbtgt to a version 4
-compatible ticket. It will store this ticket in the default Kerberos 4
-ticket file.
-.It Xo
-.Fl 9 ,
-.Fl -524convert
-.Xc
-only convert ticket to version 4
-.It Fl -afslog
-Gets AFS tickets, converts them to version 4 format, and stores them
-in the kernel. Only useful if you have AFS.
-.El
-.Pp
-The
-.Ar forwardable ,
-.Ar proxiable ,
-.Ar ticket_life ,
-and
-.Ar renewable_life
-options can be set to a default value from the
-.Dv appdefaults
-section in krb5.conf, see
-.Xr krb5_appdefault 3 .
-.Pp
-If  a
-.Ar command
-is given,
-.Nm kinit
-will setup new credentials caches, and AFS PAG, and then run the given
-command. When it finishes the credentials will be removed.
-.Sh ENVIRONMENT
-.Bl -tag -width Ds
-.It Ev KRB5CCNAME
-Specifies the default credentials cache.
-.It Ev KRB5_CONFIG
-The file name of
-.Pa krb5.conf
-, the default being
-.Pa /etc/krb5.conf .
-.It Ev KRBTKFILE
-Specifies the Kerberos 4 ticket file to store version 4 tickets in.
-.El
-.\".Sh FILES
-.\".Sh EXAMPLES
-.\".Sh DIAGNOSTICS
-.Sh SEE ALSO
-.Xr kdestroy 1 ,
-.Xr klist 1 ,
-.Xr krb5_appdefault 3 ,
-.Xr krb5.conf 5
-.\".Sh STANDARDS
-.\".Sh HISTORY
-.\".Sh AUTHORS
-.\".Sh BUGS
diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c
deleted file mode 100644
index 0d40bbfa7542..000000000000
--- a/crypto/heimdal/kuser/kinit.c
+++ /dev/null
@@ -1,705 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kinit.c,v 1.90.4.1 2003/05/08 18:58:37 lha Exp $");
-
-int forwardable_flag	= -1;
-int proxiable_flag	= -1;
-int renewable_flag	= -1;
-int renew_flag		= 0;
-int validate_flag	= 0;
-int version_flag	= 0;
-int help_flag		= 0;
-int addrs_flag		= 1;
-struct getarg_strings extra_addresses;
-int anonymous_flag	= 0;
-char *lifetime 		= NULL;
-char *renew_life	= NULL;
-char *server		= NULL;
-char *cred_cache	= NULL;
-char *start_str		= NULL;
-struct getarg_strings etype_str;
-int use_keytab		= 0;
-char *keytab_str	= NULL;
-int do_afslog		= -1;
-#ifdef KRB4
-int get_v4_tgt		= -1;
-int convert_524;
-#endif
-int fcache_version;
-
-static struct getargs args[] = {
-#ifdef KRB4
-    { "524init", 	'4', arg_flag, &get_v4_tgt,
-      "obtain version 4 TGT" },
-    
-    { "524convert", 	'9', arg_flag, &convert_524,
-      "only convert ticket to version 4" },
-#endif
-    { "afslog", 	0  , arg_flag, &do_afslog,
-      "obtain afs tokens"  },
-
-    { "cache", 		'c', arg_string, &cred_cache,
-      "credentials cache", "cachename" },
-
-    { "forwardable",	'f', arg_flag, &forwardable_flag,
-      "get forwardable tickets"},
-
-    { "keytab",         't', arg_string, &keytab_str,
-      "keytab to use", "keytabname" },
-
-    { "lifetime",	'l', arg_string, &lifetime,
-      "lifetime of tickets", "time"},
-
-    { "proxiable",	'p', arg_flag, &proxiable_flag,
-      "get proxiable tickets" },
-
-    { "renew",          'R', arg_flag, &renew_flag,
-      "renew TGT" },
-
-    { "renewable",	0,   arg_flag, &renewable_flag,
-      "get renewable tickets" },
-
-    { "renewable-life",	'r', arg_string, &renew_life,
-      "renewable lifetime of tickets", "time" },
-
-    { "server", 	'S', arg_string, &server,
-      "server to get ticket for", "principal" },
-
-    { "start-time",	's', arg_string, &start_str,
-      "when ticket gets valid", "time" },
-
-    { "use-keytab",     'k', arg_flag, &use_keytab,
-      "get key from keytab" },
-
-    { "validate",	'v', arg_flag, &validate_flag,
-      "validate TGT" },
-
-    { "enctypes",	'e', arg_strings, &etype_str,
-      "encryption types to use", "enctypes" },
-
-    { "fcache-version", 0,   arg_integer, &fcache_version,
-      "file cache version to create" },
-
-    { "addresses",	0,   arg_negative_flag,	&addrs_flag,
-      "request a ticket with no addresses" },
-
-    { "extra-addresses",'a', arg_strings,	&extra_addresses,
-      "include these extra addresses", "addresses" },
-
-    { "anonymous",	0,   arg_flag,	&anonymous_flag,
-      "request an anonymous ticket" },
-
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[principal [command]]");
-    exit (ret);
-}
-
-#ifdef KRB4
-/* for when the KDC tells us it's a v4 one, we try to talk that */
-
-static int
-key_to_key(const char *user,
-	   char *instance,
-	   const char *realm,
-	   const void *arg,
-	   des_cblock *key)
-{
-    memcpy(key, arg, sizeof(des_cblock));
-    return 0;
-}
-
-static int
-do_v4_fallback (krb5_context context,
-		const krb5_principal principal,
-		int lifetime,
-		int use_srvtab, const char *srvtab_str,
-		const char *passwd)
-{
-    int ret;
-    krb_principal princ;
-    des_cblock key;
-    krb5_error_code kret;
-
-    if (lifetime == 0)
-	lifetime = DEFAULT_TKT_LIFE;
-    else
-	lifetime = krb_time_to_life (0, lifetime);
-
-    kret = krb5_524_conv_principal (context, principal,
-				    princ.name,
-				    princ.instance,
-				    princ.realm);
-    if (kret) {
-	krb5_warn (context, kret, "krb5_524_conv_principal");
-	return 1;
-    }
-
-    if (use_srvtab || srvtab_str) {
-	if (srvtab_str == NULL)
-	    srvtab_str = KEYFILE;
-
-	ret = read_service_key (princ.name, princ.instance, princ.realm,
-				0, srvtab_str, (char *)&key);
-	if (ret) {
-	    warnx ("read_service_key %s: %s", srvtab_str,
-		   krb_get_err_text (ret));
-	    return 1;
-	}
-	ret = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
-			      KRB_TICKET_GRANTING_TICKET, princ.realm,
-			      lifetime, key_to_key, NULL, key);
-    } else {
-	ret = krb_get_pw_in_tkt(princ.name, princ.instance, princ.realm, 
-				KRB_TICKET_GRANTING_TICKET, princ.realm, 
-				lifetime, passwd);
-    }
-    memset (key, 0, sizeof(key));
-    if (ret) {
-	warnx ("%s", krb_get_err_text(ret));
-	return 1;
-    }
-    if (do_afslog && k_hasafs()) {
-	if ((ret = krb_afslog(NULL, NULL)) != 0 && ret != KDC_PR_UNKNOWN) {
-	    if(ret > 0)
-		warnx ("%s", krb_get_err_text(ret));
-	    else
-		warnx ("failed to store AFS token");
-	}
-    }
-    return 0;
-}
-
-
-/*
- * the special version of get_default_principal that takes v4 into account
- */
-
-static krb5_error_code
-kinit_get_default_principal (krb5_context context,
-			     krb5_principal *princ)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-    krb_principal v4_princ;
-    int kret;
-
-    ret = krb5_cc_default (context, &id);
-    if (ret == 0) {
-	ret = krb5_cc_get_principal (context, id, princ);
-	krb5_cc_close (context, id);
-	if (ret == 0)
-	    return 0;
-    }
-
-    kret = krb_get_tf_fullname (tkt_string(),
-				v4_princ.name,
-				v4_princ.instance,
-				v4_princ.realm);
-    if (kret == KSUCCESS) {
-	ret = krb5_425_conv_principal (context,
-				       v4_princ.name,
-				       v4_princ.instance,
-				       v4_princ.realm,
-				       princ);
-	if (ret == 0)
-	    return 0;
-    }
-    return krb5_get_default_principal (context, princ);
-}
-
-#else /* !KRB4 */
-
-static krb5_error_code
-kinit_get_default_principal (krb5_context context,
-			     krb5_principal *princ)
-{
-    return krb5_get_default_principal (context, princ);
-}
-
-#endif /* !KRB4 */
-
-static krb5_error_code
-get_server(krb5_context context,
-	   krb5_principal client,
-	   const char *server,
-	   krb5_principal *princ)
-{
-    krb5_realm *client_realm;
-    if(server)
-	return krb5_parse_name(context, server, princ);
-
-    client_realm = krb5_princ_realm (context, client);
-    return krb5_make_principal(context, princ, *client_realm,
-			       KRB5_TGS_NAME, *client_realm, NULL);
-}
-
-#ifdef KRB4
-static krb5_error_code
-do_524init(krb5_context context, krb5_ccache ccache, 
-	   krb5_creds *creds, const char *server)
-{
-    krb5_error_code ret;
-    CREDENTIALS c;
-    krb5_creds in_creds, *real_creds;
-
-    if(creds != NULL)
-	real_creds = creds;
-    else {
-	krb5_principal client;
-	krb5_cc_get_principal(context, ccache, &client);
-	memset(&in_creds, 0, sizeof(in_creds));
-	ret = get_server(context, client, server, &in_creds.server);
-	krb5_free_principal(context, client);
-	if(ret)
-	    return ret;
-	ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
-	krb5_free_principal(context, in_creds.server);
-	if(ret)
-	    return ret;
-    }
-    ret = krb524_convert_creds_kdc_ccache(context, ccache, real_creds, &c);
-    if(ret)
-	krb5_warn(context, ret, "converting creds");
-    else {
-	int tret = tf_setup(&c, c.pname, c.pinst);
-	if(tret)
-	    krb5_warnx(context, "saving v4 creds: %s", krb_get_err_text(tret));
-    }
-
-    if(creds == NULL)
-	krb5_free_creds(context, real_creds);
-    memset(&c, 0, sizeof(c));
-
-    return ret;
-}
-#endif
-
-static int
-renew_validate(krb5_context context, 
-	       int renew,
-	       int validate,
-	       krb5_ccache cache, 
-	       const char *server,
-	       krb5_deltat life)
-{
-    krb5_error_code ret;
-    krb5_creds in, *out;
-    krb5_kdc_flags flags;
-
-    memset(&in, 0, sizeof(in));
-
-    ret = krb5_cc_get_principal(context, cache, &in.client);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_cc_get_principal");
-	return ret;
-    }
-    ret = get_server(context, in.client, server, &in.server);
-    if(ret) {
-	krb5_warn(context, ret, "get_server");
-	goto out;
-    }
-    flags.i = 0;
-    flags.b.renewable         = flags.b.renew = renew;
-    flags.b.validate          = validate;
-    if (forwardable_flag != -1)
-	flags.b.forwardable       = forwardable_flag;
-    if (proxiable_flag != -1)
-	flags.b.proxiable         = proxiable_flag;
-    if (anonymous_flag != -1)
-	flags.b.request_anonymous = anonymous_flag;
-    if(life)
-	in.times.endtime = time(NULL) + life;
-
-    ret = krb5_get_kdc_cred(context,
-			    cache,
-			    flags,
-			    NULL,
-			    NULL,
-			    &in,
-			    &out);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_get_kdc_cred");
-	goto out;
-    }
-    ret = krb5_cc_initialize(context, cache, in.client);
-    if(ret) {
-	krb5_free_creds (context, out);
-	krb5_warn(context, ret, "krb5_cc_initialize");
-	goto out;
-    }
-    ret = krb5_cc_store_cred(context, cache, out);
-
-    if(ret == 0 && server == NULL) {
-#ifdef KRB4
-	/* only do this if it's a general renew-my-tgt request */
-	if(get_v4_tgt)
-	    do_524init(context, cache, out, NULL);
-#endif
-	if(do_afslog && k_hasafs())
-	    krb5_afslog(context, cache, NULL, NULL);
-    }
-
-    krb5_free_creds (context, out);
-    if(ret) {
-	krb5_warn(context, ret, "krb5_cc_store_cred");
-	goto out;
-    }
-out:
-    krb5_free_creds_contents(context, &in);
-    return ret;
-}
-
-static krb5_error_code
-get_new_tickets(krb5_context context, 
-		krb5_principal principal,
-		krb5_ccache ccache,
-		krb5_deltat ticket_life)
-{
-    krb5_error_code ret;
-    krb5_get_init_creds_opt opt;
-    krb5_addresses no_addrs;
-    krb5_creds cred;
-    char passwd[256];
-    krb5_deltat start_time = 0;
-    krb5_deltat renew = 0;
-
-    memset(&cred, 0, sizeof(cred));
-
-    krb5_get_init_creds_opt_init (&opt);
-    
-    krb5_get_init_creds_opt_set_default_flags(context, "kinit", 
-					      /* XXX */principal->realm, &opt);
-
-    if(forwardable_flag != -1)
-	krb5_get_init_creds_opt_set_forwardable (&opt, forwardable_flag);
-    if(proxiable_flag != -1)
-	krb5_get_init_creds_opt_set_proxiable (&opt, proxiable_flag);
-    if(anonymous_flag != -1)
-	krb5_get_init_creds_opt_set_anonymous (&opt, anonymous_flag);
-
-    if (!addrs_flag) {
-	no_addrs.len = 0;
-	no_addrs.val = NULL;
-
-	krb5_get_init_creds_opt_set_address_list (&opt, &no_addrs);
-    }
-
-    if(renew_life) {
-	renew = parse_time (renew_life, "s");
-	if (renew < 0)
-	    errx (1, "unparsable time: %s", renew_life);
-
-	krb5_get_init_creds_opt_set_renew_life (&opt, renew);
-    } else if (renewable_flag == 1)
-	krb5_get_init_creds_opt_set_renew_life (&opt, 1 << 30);
-
-
-    if(ticket_life != 0)
-	krb5_get_init_creds_opt_set_tkt_life (&opt, ticket_life);
-
-    if(start_str) {
-	int tmp = parse_time (start_str, "s");
-	if (tmp < 0)
-	    errx (1, "unparsable time: %s", start_str);
-
-	start_time = tmp;
-    }
-
-    if(etype_str.num_strings) {
-	krb5_enctype *enctype = NULL;
-	int i;
-	enctype = malloc(etype_str.num_strings * sizeof(*enctype));
-	if(enctype == NULL)
-	    errx(1, "out of memory");
-	for(i = 0; i < etype_str.num_strings; i++) {
-	    ret = krb5_string_to_enctype(context, 
-					 etype_str.strings[i], 
-					 &enctype[i]);
-	    if(ret)
-		errx(1, "unrecognized enctype: %s", etype_str.strings[i]);
-	}
-	krb5_get_init_creds_opt_set_etype_list(&opt, enctype, 
-					       etype_str.num_strings);
-    }
-
-    if(use_keytab || keytab_str) {
-	krb5_keytab kt;
-	if(keytab_str)
-	    ret = krb5_kt_resolve(context, keytab_str, &kt);
-	else
-	    ret = krb5_kt_default(context, &kt);
-	if (ret)
-	    krb5_err (context, 1, ret, "resolving keytab");
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  principal,
-					  kt,
-					  start_time,
-					  server,
-					  &opt);
-	krb5_kt_close(context, kt);
-    } else {
-	char *p, *prompt;
-
-	krb5_unparse_name (context, principal, &p);
-	asprintf (&prompt, "%s's Password: ", p);
-	free (p);
-
-	if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
-	    memset(passwd, 0, sizeof(passwd));
-	    exit(1);
-	}
-
-	free (prompt);
-
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    passwd,
-					    krb5_prompter_posix,
-					    NULL,
-					    start_time,
-					    server,
-					    &opt);
-    }
-#ifdef KRB4
-    if (ret == KRB5KRB_AP_ERR_V4_REPLY || ret == KRB5_KDC_UNREACH) {
-	int exit_val;
-
-	exit_val = do_v4_fallback (context, principal, ticket_life,
-				   use_keytab, keytab_str, passwd);
-	get_v4_tgt = 0;
-	do_afslog  = 0;
-	memset(passwd, 0, sizeof(passwd));
-	if (exit_val == 0 || ret == KRB5KRB_AP_ERR_V4_REPLY)
-	    return exit_val;
-    }
-#endif
-    memset(passwd, 0, sizeof(passwd));
-
-    switch(ret){
-    case 0:
-	break;
-    case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */
-	exit(1);
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-    case KRB5KRB_AP_ERR_MODIFIED:
-	krb5_errx(context, 1, "Password incorrect");
-	break;
-    default:
-	krb5_err(context, 1, ret, "krb5_get_init_creds");
-    }
-
-    if(ticket_life != 0) {
-	if(abs(cred.times.endtime - cred.times.starttime - ticket_life) > 30) {
-	    char life[32];
-	    unparse_time(cred.times.endtime - cred.times.starttime, 
-			 life, sizeof(life));
-	    krb5_warnx(context, "NOTICE: ticket lifetime is %s", life);
-	}
-    }
-    if(renew != 0) {
-	if(abs(cred.times.renew_till - cred.times.starttime - renew) > 30) {
-	    char life[32];
-	    unparse_time(cred.times.renew_till - cred.times.starttime, 
-			 life, sizeof(life));
-	    krb5_warnx(context, "NOTICE: ticket renewable lifetime is %s", 
-		       life);
-	}
-    }
-
-    ret = krb5_cc_initialize (context, ccache, cred.client);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_initialize");
-    
-    ret = krb5_cc_store_cred (context, ccache, &cred);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_store_cred");
-
-    krb5_free_creds_contents (context, &cred);
-
-    return 0;
-}
-
-int
-main (int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache  ccache;
-    krb5_principal principal;
-    int optind = 0;
-    krb5_deltat ticket_life = 0;
-
-    setprogname (argv[0]);
-    
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx(1, "krb5_init_context failed: %d", ret);
-  
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argv[0]) {
-	ret = krb5_parse_name (context, argv[0], &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name");
-    } else {
-	ret = kinit_get_default_principal (context, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_default_principal");
-    }
-
-    if(fcache_version)
-	krb5_set_fcache_version(context, fcache_version);
-
-    if(cred_cache) 
-	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-    else {
-	if(argc > 1) {
-	    char s[1024];
-	    ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache);
-	    if(ret)
-		krb5_err(context, 1, ret, "creating cred cache");
-	    snprintf(s, sizeof(s), "%s:%s",
-		     krb5_cc_get_type(context, ccache),
-		     krb5_cc_get_name(context, ccache));
-	    setenv("KRB5CCNAME", s, 1);
-#ifdef KRB4
-	    {
-		int fd;
-		snprintf(s, sizeof(s), "%s_XXXXXX", TKT_ROOT);
-		if((fd = mkstemp(s)) >= 0) {
-		    close(fd);
-		    setenv("KRBTKFILE", s, 1);
-		    if (k_hasafs ())
-			k_setpag();
-		}
-	    }
-#endif
-	} else
-	    ret = krb5_cc_default (context, &ccache);
-    }
-    if (ret)
-	krb5_err (context, 1, ret, "resolving credentials cache");
-
-    if (lifetime) {
-	int tmp = parse_time (lifetime, "s");
-	if (tmp < 0)
-	    errx (1, "unparsable time: %s", lifetime);
-
-	ticket_life = tmp;
-    }
-#ifdef KRB4
-    if(get_v4_tgt == -1)
-	krb5_appdefault_boolean(context, "kinit", 
-				krb5_principal_get_realm(context, principal), 
-				"krb4_get_tickets", TRUE, &get_v4_tgt);
-#endif
-    if(do_afslog == -1)
-	krb5_appdefault_boolean(context, "kinit", 
-				krb5_principal_get_realm(context, principal), 
-				"afslog", TRUE, &do_afslog);
-
-    if(!addrs_flag && extra_addresses.num_strings > 0)
-	krb5_errx(context, 1, "specifying both extra addresses and "
-		  "no addresses makes no sense");
-    {
-	int i;
-	krb5_addresses addresses;
-	memset(&addresses, 0, sizeof(addresses));
-	for(i = 0; i < extra_addresses.num_strings; i++) {
-	    ret = krb5_parse_address(context, extra_addresses.strings[i], 
-				     &addresses);
-	    if (ret == 0) {
-		krb5_add_extra_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	free_getarg_strings(&extra_addresses);
-    }
-
-    
-    if(renew_flag || validate_flag) {
-	ret = renew_validate(context, renew_flag, validate_flag, 
-			     ccache, server, ticket_life);
-	exit(ret != 0);
-    }
-
-#ifdef KRB4
-    if(!convert_524)
-#endif
-	get_new_tickets(context, principal, ccache, ticket_life);
-
-#ifdef KRB4
-    if(get_v4_tgt)
-	do_524init(context, ccache, NULL, server);
-#endif
-    if(do_afslog && k_hasafs())
-	krb5_afslog(context, ccache, NULL, NULL);
-    if(argc > 1) {
-	simple_execvp(argv[1], argv+1);
-	krb5_cc_destroy(context, ccache);
-#ifdef KRB4
-	dest_tkt();
-#endif
-	if(k_hasafs())
-	    k_unlog();
-    } else 
-	krb5_cc_close (context, ccache);
-    krb5_free_principal(context, principal);
-    krb5_free_context (context);
-    return 0;
-}
diff --git a/crypto/heimdal/kuser/kinit.cat1 b/crypto/heimdal/kuser/kinit.cat1
deleted file mode 100644
index c71feb236f60..000000000000
--- a/crypto/heimdal/kuser/kinit.cat1
+++ /dev/null
@@ -1,127 +0,0 @@
-KINIT(1)                    NetBSD Reference Manual                   KINIT(1)
-
-NNAAMMEE
-     kkiinniitt kkaauutthh - acquire initial tickets
-
-SSYYNNOOPPSSIISS
-     kkiinniitt [--44 | ----552244iinniitt] [--99 | ----552244ccoonnvveerrtt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e |
-           ----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff | ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e |
-           ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e | ----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee]
-           [--RR | ----rreenneeww] [----rreenneewwaabbllee] [--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS
-           _p_r_i_n_c_i_p_a_l | ----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] [--kk |
-           ----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e_s | ----eennccttyyppeess==_e_n_c_t_y_p_e_s]
-           [--aa _a_d_d_r_e_s_s_e_s | ----eexxttrraa--aaddddrreesssseess==_a_d_d_r_e_s_s_e_s]
-           [----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss]
-           [----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if
-     none is given, a system generated default (typically your login name at
-     the default realm), and acquire a ticket granting ticket that can later
-     be used to obtain tickets for other services.
-
-     If you have compiled kkiinniitt with Kerberos 4 support and you have a Ker-
-     beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets.
-
-     Supported options:
-
-     --cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e
-             The credentials cache to put the acquired ticket in, if other
-             than default.
-
-     --ff, ----ffoorrwwaarrddaabbllee
-             Get ticket that can be forwarded to another host.
-
-     --tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e
-             Don't ask for a password, but instead get the key from the speci-
-             fied keytab.
-
-     --ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e
-             Specifies the lifetime of the ticket. The argument can either be
-             in seconds, or a more human readable string like `1h'.
-
-     --pp, ----pprrooxxiiaabbllee
-             Request tickets with the proxiable flag set.
-
-     --RR, ----rreenneeww
-             Try to renew ticket. The ticket must have the `renewable' flag
-             set, and must not be expired.
-
-     ----rreenneewwaabbllee
-             The same as ----rreenneewwaabbllee--lliiffee, with an infinite time.
-
-     --rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e
-             The max renewable ticket life.
-
-     --SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l
-             Get a ticket for a service other than krbtgt/LOCAL.REALM.
-
-     --ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e
-             Obtain a ticket that starts to be valid _t_i_m_e (which can really be
-             a generic time specification, like `1h') seconds into the future.
-
-     --kk, ----uussee--kkeeyyttaabb
-             The same as ----kkeeyyttaabb, but with the default keytab name (normally
-             _F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b).
-
-     --vv, ----vvaalliiddaattee
-             Try to validate an invalid ticket.
-
-     --ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s
-             Request tickets with this particular enctype.
-
-     ----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n
-             Create a credentials cache of version vveerrssiioonn.
-
-     --aa, ----eexxttrraa--aaddddrreesssseess==_e_n_c_t_y_p_e_s
-             Adds a set of addresses that will, in addition to the systems lo-
-             cal addresses, be put in the ticket. This can be useful if all
-             addresses a client can use can't be automatically figured out.
-             One such example is if the client is behind a firewall. Also set-
-             table via libdefaults/extra_addresses in krb5.conf(5).
-
-     ----nnoo--aaddddrreesssseess
-             Request a ticket with no addresses.
-
-     ----aannoonnyymmoouuss
-             Request an anonymous ticket (which means that the ticket will be
-             issued to an anonymous principal, typically ``anonymous@REALM'').
-
-     The following options are only available if kkiinniitt has been compiled with
-     support for Kerberos 4.
-
-     --44, ----552244iinniitt
-             Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
-             patible ticket. It will store this ticket in the default Kerberos
-             4 ticket file.
-
-     --99, ----552244ccoonnvveerrtt
-             only convert ticket to version 4
-
-     ----aaffsslloogg
-             Gets AFS tickets, converts them to version 4 format, and stores
-             them in the kernel. Only useful if you have AFS.
-
-     The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can
-     be set to a default value from the appdefaults section in krb5.conf, see
-     krb5_appdefault(3).
-
-     If  a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS
-     PAG, and then run the given command. When it finishes the credentials
-     will be removed.
-
-EENNVVIIRROONNMMEENNTT
-     KRB5CCNAME
-             Specifies the default credentials cache.
-
-     KRB5_CONFIG
-             The file name of _k_r_b_5_._c_o_n_f , the default being _/_e_t_c_/_k_r_b_5_._c_o_n_f.
-
-     KRBTKFILE
-             Specifies the Kerberos 4 ticket file to store version 4 tickets
-             in.
-
-SSEEEE AALLSSOO
-     kdestroy(1), klist(1), krb5_appdefault(3), krb5.conf(5)
-
- HEIMDAL                         May 29, 1998                                2
diff --git a/crypto/heimdal/kuser/kinit_options.c b/crypto/heimdal/kuser/kinit_options.c
deleted file mode 100644
index 5a7dcd98753d..000000000000
--- a/crypto/heimdal/kuser/kinit_options.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-RCSID("$Id: kinit_options.c,v 1.2 1999/12/02 17:05:01 joda Exp $");
-
-#ifdef KRB4
-int do_afslog		= 0;
-int get_v4_tgt		= 0;
-#endif
diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1
deleted file mode 100644
index a14436599324..000000000000
--- a/crypto/heimdal/kuser/klist.1
+++ /dev/null
@@ -1,150 +0,0 @@
-.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: klist.1,v 1.12 2003/02/16 21:10:26 lha Exp $
-.\"
-.Dd July 8, 2000
-.Dt KLIST 1
-.Os HEIMDAL
-.Sh NAME
-.Nm klist
-.Nd list Kerberos credentials
-.Sh SYNOPSIS
-.Nm
-.Oo Fl c Ar cache \*(Ba Xo
-.Fl -cache= Ns Ar cache
-.Xc
-.Oc
-.Op Fl s | Fl t | Fl -test
-.Op Fl 4 | Fl -v4
-.Op Fl T | Fl -tokens
-.Op Fl 5 | Fl -v5
-.Op Fl v | Fl -verbose
-.Op Fl f
-.Op Fl -version
-.Op Fl -help
-.Sh DESCRIPTION
-.Nm
-reads and displays the current tickets in the crential cache (also
-known as the ticket file).
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
-credentials cache to list
-.It Xo
-.Fl s ,
-.Fl t ,
-.Fl -test
-.Xc
-Test for there being an active and valid TGT for the local realm of
-the user in the credential cache.
-.It Xo
-.Fl 4 ,
-.Fl -v4
-.Xc
-display v4 tickets
-.It Xo
-.Fl T ,
-.Fl -tokens
-.Xc
-display AFS tokens
-.It Xo
-.Fl 5 ,
-.Fl -v5
-.Xc
-display v5 cred cache (this is the default)
-.It Fl f
-Include ticket flags in short form, each charcted stands for a
-specific flag, as follows:
-.Bl -tag -width  XXX -compact -offset indent
-.It F
-forwardable
-.It f
-forwarded
-.It P
-proxiable
-.It p
-proxied
-.It D
-postdate-able
-.It d
-postdated
-.It R
-renewable
-.It I
-initial
-.It i
-invalid
-.It A
-pre-authenticated
-.It H
-hardware authenticated
-.El
-.Pp
-This information is also output with the
-.Fl -verbose
-option, but in a more verbose way.
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
-Verbose output. Include all possible information:
-.Bl -tag -width XXXX -offset indent
-.It Server
-the princial the ticket is for
-.It Ticket etype
-the encryption type use in the ticket, followed by the key version of
-the ticket, if it is available
-.It Session key
-the encryption type of the session key, if it's different from the
-encryption type of the ticket
-.It Auth time
-the time the authentication exchange took place
-.It Start time
-the time that this tickets is valid from (only printed if it's
-different from the auth time)
-.It End time
-when the ticket expires, if it has already expired this is also noted
-.It Renew till
-the maximum possible end time of any ticket derived from this one
-.It Ticket flags
-the flags set on the ticket
-.It Addresses
-the set of addresses from which this ticket is valid
-.El
-.El
-.Sh SEE ALSO
-.Xr kdestroy 1 ,
-.Xr kinit 1
diff --git a/crypto/heimdal/kuser/klist.c b/crypto/heimdal/kuser/klist.c
deleted file mode 100644
index 79a1fa4c4077..000000000000
--- a/crypto/heimdal/kuser/klist.c
+++ /dev/null
@@ -1,689 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-#include "rtbl.h"
-
-RCSID("$Id: klist.c,v 1.68.2.1 2003/05/08 18:59:56 lha Exp $");
-
-static char*
-printable_time(time_t t)
-{
-    static char s[128];
-    strcpy(s, ctime(&t)+ 4);
-    s[15] = 0;
-    return s;
-}
-
-static char*
-printable_time_long(time_t t)
-{
-    static char s[128];
-    strcpy(s, ctime(&t)+ 4);
-    s[20] = 0;
-    return s;
-}
-
-#define COL_ISSUED		"  Issued"
-#define COL_EXPIRES		"  Expires"
-#define COL_FLAGS		"Flags"
-#define COL_PRINCIPAL		"  Principal"
-#define COL_PRINCIPAL_KVNO	"  Principal (kvno)"
-
-static void
-print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
-{
-    char *str;
-    krb5_error_code ret;
-    krb5_timestamp sec;
-
-    krb5_timeofday (context, &sec);
-
-
-    if(cred->times.starttime)
-	rtbl_add_column_entry(ct, COL_ISSUED,
-			      printable_time(cred->times.starttime));
-    else
-	rtbl_add_column_entry(ct, COL_ISSUED,
-			      printable_time(cred->times.authtime));
-    
-    if(cred->times.endtime > sec)
-	rtbl_add_column_entry(ct, COL_EXPIRES,
-			      printable_time(cred->times.endtime));
-    else
-	rtbl_add_column_entry(ct, COL_EXPIRES, ">>>Expired<<<");
-    ret = krb5_unparse_name (context, cred->server, &str);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-    rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
-    if(do_flags) {
-	char s[16], *sp = s;
-	if(cred->flags.b.forwardable)
-	    *sp++ = 'F';
-	if(cred->flags.b.forwarded)
-	    *sp++ = 'f';
-	if(cred->flags.b.proxiable)
-	    *sp++ = 'P';
-	if(cred->flags.b.proxy)
-	    *sp++ = 'p';
-	if(cred->flags.b.may_postdate)
-	    *sp++ = 'D';
-	if(cred->flags.b.postdated)
-	    *sp++ = 'd';
-	if(cred->flags.b.renewable)
-	    *sp++ = 'R';
-	if(cred->flags.b.initial)
-	    *sp++ = 'I';
-	if(cred->flags.b.invalid)
-	    *sp++ = 'i';
-	if(cred->flags.b.pre_authent)
-	    *sp++ = 'A';
-	if(cred->flags.b.hw_authent)
-	    *sp++ = 'H';
-	*sp++ = '\0';
-	rtbl_add_column_entry(ct, COL_FLAGS, s);
-    }
-    free(str);
-}
-
-static void
-print_cred_verbose(krb5_context context, krb5_creds *cred)
-{
-    int j;
-    char *str;
-    krb5_error_code ret;
-    int first_flag;
-    krb5_timestamp sec;
-
-    krb5_timeofday (context, &sec);
-
-    ret = krb5_unparse_name(context, cred->server, &str);
-    if(ret)
-	exit(1);
-    printf("Server: %s\n", str);
-    free (str);
-    {
-	Ticket t;
-	size_t len;
-	char *s;
-
-	decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-	ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
-	printf("Ticket etype: ");
-	if (ret == 0) {
-	    printf("%s", s);
-	    free(s);
-	} else {
-	    printf("unknown(%d)", t.enc_part.etype);
-	}
-	if(t.enc_part.kvno)
-	    printf(", kvno %d", *t.enc_part.kvno);
-	printf("\n");
-	if(cred->session.keytype != t.enc_part.etype) {
-	    ret = krb5_keytype_to_string(context, cred->session.keytype, &str);
-	    if(ret == KRB5_PROG_KEYTYPE_NOSUPP)
-		ret = krb5_enctype_to_string(context, cred->session.keytype, 
-					     &str);
-	    if(ret)
-		krb5_warn(context, ret, "session keytype");
-	    else {
-		printf("Session key: %s\n", str);
-		free(str);
-	    }
-	}
-	free_Ticket(&t);
-    }
-    printf("Auth time:  %s\n", printable_time_long(cred->times.authtime));
-    if(cred->times.authtime != cred->times.starttime)
-	printf("Start time: %s\n", printable_time_long(cred->times.starttime));
-    printf("End time:   %s", printable_time_long(cred->times.endtime));
-    if(sec > cred->times.endtime)
-	printf(" (expired)");
-    printf("\n");
-    if(cred->flags.b.renewable)
-	printf("Renew till: %s\n", 
-	       printable_time_long(cred->times.renew_till));
-    printf("Ticket flags: ");
-#define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; }
-#define PRINT_FLAG(f) PRINT_FLAG2(f, f)
-    first_flag = 1;
-    PRINT_FLAG(forwardable);
-    PRINT_FLAG(forwarded);
-    PRINT_FLAG(proxiable);
-    PRINT_FLAG(proxy);
-    PRINT_FLAG2(may_postdate, may-postdate);
-    PRINT_FLAG(postdated);
-    PRINT_FLAG(invalid);
-    PRINT_FLAG(renewable);
-    PRINT_FLAG(initial);
-    PRINT_FLAG2(pre_authent, pre-authenticated);
-    PRINT_FLAG2(hw_authent, hw-authenticated);
-    PRINT_FLAG2(transited_policy_checked, transited-policy-checked);
-    PRINT_FLAG2(ok_as_delegate, ok-as-delegate);
-    PRINT_FLAG(anonymous);
-    printf("\n");
-    printf("Addresses: ");
-    for(j = 0; j < cred->addresses.len; j++){
-	char buf[128];
-	size_t len;
-	if(j) printf(", ");
-	ret = krb5_print_address(&cred->addresses.val[j], 
-				 buf, sizeof(buf), &len);
-
-	if(ret == 0)
-	    printf("%s", buf);
-    }
-    printf("\n\n");
-}
-
-/*
- * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
- */
-
-static void
-print_tickets (krb5_context context,
-	       krb5_ccache ccache,
-	       krb5_principal principal,
-	       int do_verbose,
-	       int do_flags)
-{
-    krb5_error_code ret;
-    char *str;
-    krb5_cc_cursor cursor;
-    krb5_creds creds;
-
-    rtbl_t ct = NULL;
-
-    ret = krb5_unparse_name (context, principal, &str);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_unparse_name");
-
-    printf ("%17s: %s:%s\n", 
-	    "Credentials cache",
-	    krb5_cc_get_type(context, ccache),
-	    krb5_cc_get_name(context, ccache));
-    printf ("%17s: %s\n", "Principal", str);
-    free (str);
-    
-    if(do_verbose)
-	printf ("%17s: %d\n", "Cache version",
-		krb5_cc_get_version(context, ccache));
-    
-    if (do_verbose && context->kdc_sec_offset) {
-	char buf[BUFSIZ];
-	int val;
-	int sig;
-
-	val = context->kdc_sec_offset;
-	sig = 1;
-	if (val < 0) {
-	    sig = -1;
-	    val = -val;
-	}
-	
-	unparse_time (val, buf, sizeof(buf));
-
-	printf ("%17s: %s%s\n", "KDC time offset",
-		sig == -1 ? "-" : "", buf);
-    }
-
-    printf("\n");
-
-    ret = krb5_cc_start_seq_get (context, ccache, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
-
-    if(!do_verbose) {
-	ct = rtbl_create();
-	rtbl_add_column(ct, COL_ISSUED, 0);
-	rtbl_add_column(ct, COL_EXPIRES, 0);
-	if(do_flags)
-	    rtbl_add_column(ct, COL_FLAGS, 0);
-	rtbl_add_column(ct, COL_PRINCIPAL, 0);
-	rtbl_set_prefix(ct, "  ");
-	rtbl_set_column_prefix(ct, COL_ISSUED, "");
-    }
-    while (krb5_cc_next_cred (context,
-			      ccache,
-			      &cursor,
-			      &creds) == 0) {
-	if(do_verbose){
-	    print_cred_verbose(context, &creds);
-	}else{
-	    print_cred(context, &creds, ct, do_flags);
-	}
-	krb5_free_creds_contents (context, &creds);
-    }
-    ret = krb5_cc_end_seq_get (context, ccache, &cursor);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_end_seq_get");
-    if(!do_verbose) {
-	rtbl_format(ct, stdout);
-	rtbl_destroy(ct);
-    }
-}
-
-/*
- * Check if there's a tgt for the realm of `principal' and ccache and
- * if so return 0, else 1
- */
-
-static int
-check_for_tgt (krb5_context context,
-	       krb5_ccache ccache,
-	       krb5_principal principal)
-{
-    krb5_error_code ret;
-    krb5_creds pattern;
-    krb5_creds creds;
-    krb5_realm *client_realm;
-    int expired;
-
-    client_realm = krb5_princ_realm (context, principal);
-
-    ret = krb5_make_principal (context, &pattern.server,
-			       *client_realm, KRB5_TGS_NAME, *client_realm,
-			       NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_make_principal");
-
-    ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
-    expired = time(NULL) > creds.times.endtime;
-    krb5_free_principal (context, pattern.server);
-    krb5_free_creds_contents (context, &creds);
-    if (ret) {
-	if (ret == KRB5_CC_END)
-	    return 1;
-	krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
-    }
-    return expired;
-}
-
-#ifdef KRB4
-/* prints the approximate kdc time differential as something human
-   readable */
-
-static void
-print_time_diff(int do_verbose)
-{
-    int d = abs(krb_get_kdc_time_diff());
-    char buf[80];
-
-    if ((do_verbose && d > 0) || d > 60) {
-	unparse_time_approx (d, buf, sizeof(buf));
-	printf ("Time diff:\t%s\n", buf);
-    }
-}
-
-/*
- * return a short representation of `dp' in string form.
- */
-
-static char *
-short_date(int32_t dp)
-{
-    char *cp;
-    time_t t = (time_t)dp;
-
-    if (t == (time_t)(-1L)) return "***  Never  *** ";
-    cp = ctime(&t) + 4;
-    cp[15] = '\0';
-    return (cp);
-}
-
-/*
- * Print a list of all the v4 tickets
- */
-
-static int
-display_v4_tickets (int do_verbose)
-{
-    char *file;
-    int ret;
-    krb_principal princ;
-    CREDENTIALS cred;
-    int found = 0;
-
-    rtbl_t ct;
-
-    file = getenv ("KRBTKFILE");
-    if (file == NULL)
-	file = TKT_FILE;
-
-    printf("%17s: %s\n", "V4-ticket file", file);
-
-    ret = krb_get_tf_realm (file, princ.realm);
-    if (ret) {
-	warnx ("%s", krb_get_err_text(ret));
-	return 1;
-    }
-
-    ret = tf_init (file, R_TKT_FIL);
-    if (ret) {
-	warnx ("tf_init: %s", krb_get_err_text(ret));
-	return 1;
-    }
-    ret = tf_get_pname (princ.name);
-    if (ret) {
-	tf_close ();
-	warnx ("tf_get_pname: %s", krb_get_err_text(ret));
-	return 1;
-    }
-    ret = tf_get_pinst (princ.instance);
-    if (ret) {
-	tf_close ();
-	warnx ("tf_get_pname: %s", krb_get_err_text(ret));
-	return 1;
-    }
-
-    printf ("%17s: %s\n", "Principal", krb_unparse_name(&princ));
-    print_time_diff(do_verbose);
-    printf("\n");
-
-    ct = rtbl_create();
-    rtbl_add_column(ct, COL_ISSUED, 0);
-    rtbl_add_column(ct, COL_EXPIRES, 0);
-    if (do_verbose)
-	rtbl_add_column(ct, COL_PRINCIPAL_KVNO, 0);
-    else
-	rtbl_add_column(ct, COL_PRINCIPAL, 0);
-    rtbl_set_prefix(ct, "  ");
-    rtbl_set_column_prefix(ct, COL_ISSUED, "");
-
-    while ((ret = tf_get_cred(&cred)) == KSUCCESS) {
-	struct timeval tv;
-	char buf1[20], buf2[20];
-	const char *pp;
-
-	found++;
-
-	strlcpy(buf1,
-		short_date(cred.issue_date),
-		sizeof(buf1));
-	cred.issue_date = krb_life_to_time(cred.issue_date, cred.lifetime);
-	krb_kdctimeofday(&tv);
-	if (do_verbose || tv.tv_sec < (unsigned long) cred.issue_date)
-	    strlcpy(buf2,
-		    short_date(cred.issue_date),
-		    sizeof(buf2));
-	else
-	    strlcpy(buf2,
-		    ">>> Expired <<<",
-		    sizeof(buf2));
-	rtbl_add_column_entry(ct, COL_ISSUED, buf1);
-	rtbl_add_column_entry(ct, COL_EXPIRES, buf2);
-	pp = krb_unparse_name_long(cred.service,
-				   cred.instance,
-				   cred.realm);
-	if (do_verbose) {
-	    char *tmp;
-
-	    asprintf(&tmp, "%s (%d)", pp, cred.kvno);
-	    rtbl_add_column_entry(ct, COL_PRINCIPAL_KVNO, tmp);
-	    free(tmp);
-	} else {
-	    rtbl_add_column_entry(ct, COL_PRINCIPAL, pp);
-	}
-    }
-    rtbl_format(ct, stdout);
-    rtbl_destroy(ct);
-    if (!found && ret == EOF)
-	printf("No tickets in file.\n");
-    tf_close();
-    
-    /*
-     * should do NAT stuff here
-     */
-    return 0;
-}
-#endif /* KRB4 */
-
-/*
- * Print a list of all AFS tokens
- */
-
-static void
-display_tokens(int do_verbose)
-{
-    u_int32_t i;
-    unsigned char t[4096];
-    struct ViceIoctl parms;
-
-    parms.in = (void *)&i;
-    parms.in_size = sizeof(i);
-    parms.out = (void *)t;
-    parms.out_size = sizeof(t);
-
-    for (i = 0;; i++) {
-        int32_t size_secret_tok, size_public_tok;
-        unsigned char *cell;
-	struct ClearToken ct;
-	unsigned char *r = t;
-	struct timeval tv;
-	char buf1[20], buf2[20];
-
-	if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
-	    if(errno == EDOM)
-		break;
-	    continue;
-	}
-	if(parms.out_size > sizeof(t))
-	    continue;
-	if(parms.out_size < sizeof(size_secret_tok))
-	    continue;
-	t[min(parms.out_size,sizeof(t)-1)] = 0;
-	memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
-	/* dont bother about the secret token */
-	r += size_secret_tok + sizeof(size_secret_tok);
-	if (parms.out_size < (r - t) + sizeof(size_public_tok))
-	    continue;
-	memcpy(&size_public_tok, r, sizeof(size_public_tok));
-	r += sizeof(size_public_tok);
-	if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
-	    continue;
-	memcpy(&ct, r, size_public_tok);
-	r += size_public_tok;
-	/* there is a int32_t with length of cellname, but we dont read it */
-	r += sizeof(int32_t);
-	cell = r;
-
-	gettimeofday (&tv, NULL);
-	strlcpy (buf1, printable_time(ct.BeginTimestamp),
-		 sizeof(buf1));
-	if (do_verbose || tv.tv_sec < ct.EndTimestamp)
-	    strlcpy (buf2, printable_time(ct.EndTimestamp),
-		     sizeof(buf2));
-	else
-	    strlcpy (buf2, ">>> Expired <<<", sizeof(buf2));
-
-	printf("%s  %s  ", buf1, buf2);
-
-	if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
-	    printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
-	else
-	    printf("Tokens for %s", cell);
-	if (do_verbose)
-	    printf(" (%d)", ct.AuthHandle);
-	putchar('\n');
-    }
-}
-
-/*
- * display the ccache in `cred_cache'
- */
-
-static int
-display_v5_ccache (const char *cred_cache, int do_test, int do_verbose, 
-		   int do_flags)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_ccache ccache;
-    krb5_principal principal;
-    int exit_status = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    if(cred_cache) {
-	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-	if (ret)
-	    krb5_err (context, 1, ret, "%s", cred_cache);
-    } else {
-	ret = krb5_cc_default (context, &ccache);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_cc_resolve");
-    }
-
-    ret = krb5_cc_get_principal (context, ccache, &principal);
-    if (ret) {
-	if(ret == ENOENT) {
-	    if (!do_test)
-		krb5_warnx(context, "No ticket file: %s",
-			   krb5_cc_get_name(context, ccache));
-	    return 1;
-	} else
-	    krb5_err (context, 1, ret, "krb5_cc_get_principal");
-    }
-    if (do_test)
-	exit_status = check_for_tgt (context, ccache, principal);
-    else
-	print_tickets (context, ccache, principal, do_verbose, do_flags);
-
-    ret = krb5_cc_close (context, ccache);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_cc_close");
-
-    krb5_free_principal (context, principal);
-    krb5_free_context (context);
-    return exit_status;
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-static int do_verbose	= 0;
-static int do_test	= 0;
-#ifdef KRB4
-static int do_v4	= 1;
-#endif
-static int do_tokens	= 0;
-static int do_v5	= 1;
-static char *cred_cache;
-static int do_flags = 0;
-
-static struct getargs args[] = {
-    { NULL, 'f', arg_flag, &do_flags },
-    { "cache",			'c', arg_string, &cred_cache,
-      "credentials cache to list", "cache" },
-    { "test",			't', arg_flag, &do_test,
-      "test for having tickets", NULL },
-    { NULL,			's', arg_flag, &do_test },
-#ifdef KRB4
-    { "v4",			'4',	arg_flag, &do_v4,
-      "display v4 tickets", NULL },
-#endif
-    { "tokens",			'T',   arg_flag, &do_tokens,
-      "display AFS tokens", NULL },
-    { "v5",			'5',	arg_flag, &do_v5,
-      "display v5 cred cache", NULL},
-    { "verbose",		'v', arg_flag, &do_verbose,
-      "verbose output", NULL },
-    { NULL,			'a', arg_flag, &do_verbose },
-    { NULL,			'n', arg_flag, &do_verbose },
-    { "version", 		0,   arg_flag, &version_flag, 
-      "print version", NULL },
-    { "help",			0,   arg_flag, &help_flag, 
-      NULL, NULL}
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main (int argc, char **argv)
-{
-    int optind = 0;
-    int exit_status = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 0)
-	usage (1);
-
-    if (do_v5)
-	exit_status = display_v5_ccache (cred_cache, do_test, 
-					 do_verbose, do_flags);
-
-    if (!do_test) {
-#ifdef KRB4
-	if (do_v4) {
-	    if (do_v5)
-		printf ("\n");
-	    display_v4_tickets (do_verbose);
-	}
-#endif
-	if (do_tokens && k_hasafs ()) {
-	    if (do_v5)
-		printf ("\n");
-#ifdef KRB4
-	    else if (do_v4)
-		printf ("\n");
-#endif
-	    display_tokens (do_verbose);
-	}
-    }
-
-    return exit_status;
-}
diff --git a/crypto/heimdal/kuser/klist.cat1 b/crypto/heimdal/kuser/klist.cat1
deleted file mode 100644
index 4a2b647005d7..000000000000
--- a/crypto/heimdal/kuser/klist.cat1
+++ /dev/null
@@ -1,87 +0,0 @@
-KLIST(1)                    NetBSD Reference Manual                   KLIST(1)
-
-NNAAMMEE
-     kklliisstt - list Kerberos credentials
-
-SSYYNNOOPPSSIISS
-     kklliisstt [--cc _c_a_c_h_e | ----ccaacchhee==_c_a_c_h_e] [--ss | --tt | ----tteesstt] [--44 | ----vv44] [--TT |
-     ----ttookkeennss] [--55 | ----vv55] [--vv | ----vveerrbboossee] [--ff] [----vveerrssiioonn] [----hheellpp]
-
-DDEESSCCRRIIPPTTIIOONN
-     kklliisstt reads and displays the current tickets in the crential cache (also
-     known as the ticket file).
-
-     Options supported:
-
-     --cc _c_a_c_h_e, ----ccaacchhee==_c_a_c_h_e
-             credentials cache to list
-
-     --ss, --tt, ----tteesstt
-             Test for there being an active and valid TGT for the local realm
-             of the user in the credential cache.
-
-     --44, ----vv44
-             display v4 tickets
-
-     --TT, ----ttookkeennss
-             display AFS tokens
-
-     --55, ----vv55
-             display v5 cred cache (this is the default)
-
-     --ff      Include ticket flags in short form, each charcted stands for a
-             specific flag, as follows:
-                   F    forwardable
-                   f    forwarded
-                   P    proxiable
-                   p    proxied
-                   D    postdate-able
-                   d    postdated
-                   R    renewable
-                   I    initial
-                   i    invalid
-                   A    pre-authenticated
-                   H    hardware authenticated
-
-             This information is also output with the ----vveerrbboossee option, but in
-             a more verbose way.
-
-     --vv, ----vveerrbboossee
-             Verbose output. Include all possible information:
-
-                   Server
-                         the princial the ticket is for
-
-                   Ticket etype
-                         the encryption type use in the ticket, followed by
-                         the key version of the ticket, if it is available
-
-                   Session key
-                         the encryption type of the session key, if it's dif-
-                         ferent from the encryption type of the ticket
-
-                   Auth time
-                         the time the authentication exchange took place
-
-                   Start time
-                         the time that this tickets is valid from (only print-
-                         ed if it's different from the auth time)
-
-                   End time
-                         when the ticket expires, if it has already expired
-                         this is also noted
-
-                   Renew till
-                         the maximum possible end time of any ticket derived
-                         from this one
-
-                   Ticket flags
-                         the flags set on the ticket
-
-                   Addresses
-                         the set of addresses from which this ticket is valid
-
-SSEEEE AALLSSOO
-     kdestroy(1), kinit(1)
-
- HEIMDAL                         July 8, 2000                                2
diff --git a/crypto/heimdal/kuser/kuser_locl.h b/crypto/heimdal/kuser/kuser_locl.h
deleted file mode 100644
index 06403cbe67e0..000000000000
--- a/crypto/heimdal/kuser/kuser_locl.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kuser_locl.h,v 1.13 2003/01/21 14:13:51 nectar Exp $ */
-
-#ifndef __KUSER_LOCL_H__
-#define __KUSER_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#include <roken.h>
-#include <getarg.h>
-#include <parse_time.h>
-#include <err.h>
-#include <krb5.h>
-
-#ifdef KRB4
-#include <krb.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_IOCCOM_H
-#include <sys/ioccom.h>
-#endif
-#include <kafs.h>
-#include "crypto-headers.h" /* for des_read_pw_string */
-
-#endif /* __KUSER_LOCL_H__ */
diff --git a/crypto/heimdal/kuser/kverify.c b/crypto/heimdal/kuser/kverify.c
deleted file mode 100644
index 3501f009cde6..000000000000
--- a/crypto/heimdal/kuser/kverify.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kuser_locl.h"
-
-RCSID("$Id: kverify.c,v 1.6 2001/08/24 01:08:13 assar Exp $");
-
-static int help_flag = 0;
-static int version_flag = 0;
-
-static struct getargs args[] = {
-    { "version", 	0,   arg_flag, &version_flag },
-    { "help",		0,   arg_flag, &help_flag }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[principal]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
-    krb5_get_init_creds_opt get_options;
-    krb5_verify_init_creds_opt verify_options;
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    krb5_get_init_creds_opt_init (&get_options);
-
-    krb5_get_init_creds_opt_set_preauth_list (&get_options,
-					      pre_auth_types,
-					      1);
-
-    krb5_verify_init_creds_opt_init (&verify_options);
-    
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					NULL,
-					NULL,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					NULL,
-					&get_options);
-    if (ret)
-	errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret));
-
-    ret = krb5_verify_init_creds (context,
-				  &cred,
-				  NULL,
-				  NULL,
-				  NULL,
-				  &verify_options);
-    if (ret)
-	errx (1, "krb5_verify_init_creds: %s",
-	      krb5_get_err_text(context, ret));
-    krb5_free_creds_contents (context, &cred);
-    krb5_free_context (context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/45/45_locl.h b/crypto/heimdal/lib/45/45_locl.h
deleted file mode 100644
index 8104179d5bba..000000000000
--- a/crypto/heimdal/lib/45/45_locl.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __45_LOCL_H__
-#define __45_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
-#include <krb5.h>
-#include <krb.h>
-#include <prot.h>
-
-#endif /* __45_LOCL_H__ */
diff --git a/crypto/heimdal/lib/45/Makefile b/crypto/heimdal/lib/45/Makefile
deleted file mode 100644
index 855d62e29b9f..000000000000
--- a/crypto/heimdal/lib/45/Makefile
+++ /dev/null
@@ -1,591 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/45/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LIBRARIES = 
-
-EXTRA_LIBRARIES = lib45.a
-
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
-subdir = lib/45
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(lib_LIBRARIES)
-
-lib45_a_AR = $(AR) cru
-lib45_a_LIBADD =
-am_lib45_a_OBJECTS = get_ad_tkt.$(OBJEXT) mk_req.$(OBJEXT)
-lib45_a_OBJECTS = $(am_lib45_a_OBJECTS)
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(lib45_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(lib45_a_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/45/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-AR = ar
-libLIBRARIES_INSTALL = $(INSTALL_DATA)
-install-libLIBRARIES: $(lib_LIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(libLIBRARIES_INSTALL) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(libLIBRARIES_INSTALL) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-	@$(POST_INSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(RANLIB) $(DESTDIR)$(libdir)/$$p"; \
-	    $(RANLIB) $(DESTDIR)$(libdir)/$$p; \
-	  else :; fi; \
-	done
-
-uninstall-libLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLIBRARIES:
-	-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
-lib45.a: $(lib45_a_OBJECTS) $(lib45_a_DEPENDENCIES) 
-	-rm -f lib45.a
-	$(lib45_a_AR) lib45.a $(lib45_a_OBJECTS) $(lib45_a_LIBADD)
-	$(RANLIB) lib45.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLIBRARIES clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am: install-libLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-info install-info-am \
-	install-libLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/45/Makefile.am b/crypto/heimdal/lib/45/Makefile.am
deleted file mode 100644
index 50d47fdb3929..000000000000
--- a/crypto/heimdal/lib/45/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:17 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-lib_LIBRARIES = @EXTRA_LIB45@
-
-EXTRA_LIBRARIES = lib45.a
-
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in
deleted file mode 100644
index 2fd13fa73e82..000000000000
--- a/crypto/heimdal/lib/45/Makefile.in
+++ /dev/null
@@ -1,593 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.5 1999/03/20 13:58:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LIBRARIES = @EXTRA_LIB45@
-
-EXTRA_LIBRARIES = lib45.a
-
-lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
-subdir = lib/45
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LIBRARIES = $(lib_LIBRARIES)
-
-lib45_a_AR = $(AR) cru
-lib45_a_LIBADD =
-am_lib45_a_OBJECTS = get_ad_tkt.$(OBJEXT) mk_req.$(OBJEXT)
-lib45_a_OBJECTS = $(am_lib45_a_OBJECTS)
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(lib45_a_SOURCES)
-DIST_COMMON = Makefile.am Makefile.in
-SOURCES = $(lib45_a_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/45/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-AR = ar
-libLIBRARIES_INSTALL = $(INSTALL_DATA)
-install-libLIBRARIES: $(lib_LIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(libLIBRARIES_INSTALL) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(libLIBRARIES_INSTALL) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-	@$(POST_INSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(RANLIB) $(DESTDIR)$(libdir)/$$p"; \
-	    $(RANLIB) $(DESTDIR)$(libdir)/$$p; \
-	  else :; fi; \
-	done
-
-uninstall-libLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LIBRARIES)'; for p in $$list; do \
-	  p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLIBRARIES:
-	-test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
-lib45.a: $(lib45_a_OBJECTS) $(lib45_a_DEPENDENCIES) 
-	-rm -f lib45.a
-	$(lib45_a_AR) lib45.a $(lib45_a_OBJECTS) $(lib45_a_LIBADD)
-	$(RANLIB) lib45.a
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LIBRARIES) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLIBRARIES clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/45/get_ad_tkt.c b/crypto/heimdal/lib/45/get_ad_tkt.c
deleted file mode 100644
index 3be18a1ead77..000000000000
--- a/crypto/heimdal/lib/45/get_ad_tkt.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "45_locl.h"
-
-RCSID("$Id: get_ad_tkt.c,v 1.4 2001/06/18 13:11:05 assar Exp $");
-
-/* get an additional version 4 ticket via the 524 protocol */
-
-#ifndef NEVERDATE
-#define NEVERDATE ((unsigned long)0x7fffffffL)
-#endif
-
-int
-get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
-{
-    krb5_error_code ret;
-    int code;
-    krb5_context context;
-    krb5_ccache id;
-    krb5_creds in_creds, *out_creds;
-    CREDENTIALS cred;
-    time_t now;
-    char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
-    
-    ret = krb5_init_context(&context);
-    if(ret)
-	return KFAILURE;
-    ret = krb5_cc_default(context, &id);
-    if(ret){
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    memset(&in_creds, 0, sizeof(in_creds));
-    now = time(NULL);
-    in_creds.times.endtime = krb_life_to_time(time(NULL), lifetime);
-    if(in_creds.times.endtime == NEVERDATE)
-	in_creds.times.endtime = 0;
-    ret = krb5_cc_get_principal(context, id, &in_creds.client);
-    if(ret){
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_524_conv_principal(context, in_creds.client, 
-				  pname, pinst, prealm);
-    if(ret){
-	krb5_free_principal(context, in_creds.client);
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_425_conv_principal(context, service, sinstance, realm, 
-				  &in_creds.server);
-    if(ret){
-	krb5_free_principal(context, in_creds.client);
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb5_get_credentials(context, 
-			       0, 
-			       id,
-			       &in_creds,
-			       &out_creds);
-    krb5_free_principal(context, in_creds.client);
-    krb5_free_principal(context, in_creds.server);
-    if(ret){
-	krb5_cc_close(context, id);
-	krb5_free_context(context);
-	return KFAILURE;
-    }
-    ret = krb524_convert_creds_kdc_ccache(context, id, out_creds, &cred);
-    krb5_cc_close(context, id);
-    krb5_free_context(context);
-    krb5_free_creds(context, out_creds);
-    if(ret)
-	return KFAILURE;
-    code = save_credentials(cred.service, cred.instance, cred.realm, 
-			    cred.session, cred.lifetime, cred.kvno, 
-			    &cred.ticket_st, now);
-    if(code == NO_TKT_FIL)
-	code = tf_setup(&cred, pname, pinst);
-    memset(&cred.session, 0, sizeof(cred.session));
-    return code;
-}
diff --git a/crypto/heimdal/lib/45/mk_req.c b/crypto/heimdal/lib/45/mk_req.c
deleted file mode 100644
index b06f5585628b..000000000000
--- a/crypto/heimdal/lib/45/mk_req.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* implementation of krb_mk_req that uses 524 protocol */
-
-#include "45_locl.h"
-
-RCSID("$Id: mk_req.c,v 1.7 2002/05/24 15:21:00 joda Exp $");
-
-static int lifetime = 255;
-
-static void
-build_request(KTEXT req,
-	      const char *name, const char *inst, const char *realm, 
-	      u_int32_t checksum)
-{
-    struct timeval tv;
-    krb5_storage *sp;
-    krb5_data data;
-    sp = krb5_storage_emem();
-    krb5_store_stringz(sp, name);
-    krb5_store_stringz(sp, inst);
-    krb5_store_stringz(sp, realm);
-    krb5_store_int32(sp, checksum);
-    gettimeofday(&tv, NULL);
-    krb5_store_int8(sp, tv.tv_usec  / 5000);
-    krb5_store_int32(sp, tv.tv_sec);
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    memcpy(req->dat, data.data, data.length);
-    req->length = (data.length + 7) & ~7;
-    krb5_data_free(&data);
-}
-
-#ifdef KRB_MK_REQ_CONST
-int
-krb_mk_req(KTEXT authent,
-	   const char *service, const char *instance, const char *realm, 
-	   int32_t checksum)
-#else
-int
-krb_mk_req(KTEXT authent,
-	   char *service, char *instance, char *realm, 
-	   int32_t checksum)
-
-#endif
-{
-    CREDENTIALS cr;
-    KTEXT_ST req;
-    krb5_storage *sp;
-    int code;
-    /* XXX get user realm */
-    const char *myrealm = realm;
-    krb5_data a;
-
-    code = krb_get_cred(service, instance, realm, &cr);
-    if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
-	code = get_ad_tkt((char *)service,
-			  (char *)instance, (char *)realm, lifetime);
-	if(code == KSUCCESS)
-	    code = krb_get_cred(service, instance, realm, &cr);
-    }
-
-    if(code)
-	return code;
-
-    sp = krb5_storage_emem();
-
-    krb5_store_int8(sp, KRB_PROT_VERSION);
-    krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
-    
-    krb5_store_int8(sp, cr.kvno);
-    krb5_store_stringz(sp, realm);
-    krb5_store_int8(sp, cr.ticket_st.length);
-
-    build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
-    encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
-
-    krb5_store_int8(sp, req.length);
-
-    krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
-    krb5_storage_write(sp, req.dat, req.length);
-    krb5_storage_to_data(sp, &a);
-    krb5_storage_free(sp);
-    memcpy(authent->dat, a.data, a.length);
-    authent->length = a.length;
-    krb5_data_free(&a);
-
-    memset(&cr, 0, sizeof(cr));
-    memset(&req, 0, sizeof(req));
-
-    return KSUCCESS;
-}
-
-/* 
- * krb_set_lifetime sets the default lifetime for additional tickets
- * obtained via krb_mk_req().
- * 
- * It returns the previous value of the default lifetime.
- */
-
-int
-krb_set_lifetime(int newval)
-{
-    int olife = lifetime;
-
-    lifetime = newval;
-    return(olife);
-}
diff --git a/crypto/heimdal/lib/Makefile b/crypto/heimdal/lib/Makefile
deleted file mode 100644
index 468d4f0d87d1..000000000000
--- a/crypto/heimdal/lib/Makefile
+++ /dev/null
@@ -1,612 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.22 2001/08/28 18:44:41 nectar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-#dir_45 = 45
-dir_otp = otp
-#dir_dce = kdfs
-
-SUBDIRS = roken vers editline  sl asn1  krb5 \
-	kafs hdb kadm5 gssapi auth $(dir_45) $(dir_otp) $(dir_dce)
-
-subdir = lib
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = Makefile.am Makefile.in
-DIST_SUBDIRS = roken vers editline  sl asn1  \
-	krb5 kafs hdb kadm5 gssapi auth 45 otp kdfs
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-local \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/Makefile.am b/crypto/heimdal/lib/Makefile.am
deleted file mode 100644
index 3c8dc71efb22..000000000000
--- a/crypto/heimdal/lib/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-# $Id: Makefile.am,v 1.22 2001/08/28 18:44:41 nectar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-if KRB4
-dir_45 = 45
-endif
-if OTP
-dir_otp = otp
-endif
-if DCE
-dir_dce = kdfs
-endif
-
-SUBDIRS = @DIR_roken@ vers editline @DIR_com_err@ sl asn1 @DIR_des@ krb5 \
-	kafs hdb kadm5 gssapi auth $(dir_45) $(dir_otp) $(dir_dce)
diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in
deleted file mode 100644
index a8111e8fabbe..000000000000
--- a/crypto/heimdal/lib/Makefile.in
+++ /dev/null
@@ -1,614 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.22 2001/08/28 18:44:41 nectar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@KRB4_TRUE@dir_45 = 45
-@OTP_TRUE@dir_otp = otp
-@DCE_TRUE@dir_dce = kdfs
-
-SUBDIRS = @DIR_roken@ vers editline @DIR_com_err@ sl asn1 @DIR_des@ krb5 \
-	kafs hdb kadm5 gssapi auth $(dir_45) $(dir_otp) $(dir_dce)
-
-subdir = lib
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = Makefile.am Makefile.in
-DIST_SUBDIRS = @DIR_roken@ vers editline @DIR_com_err@ sl asn1 @DIR_des@ \
-	krb5 kafs hdb kadm5 gssapi auth 45 otp kdfs
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-recursive \
-	install-exec install-exec-am install-exec-recursive \
-	install-info install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
-	uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/Makefile b/crypto/heimdal/lib/asn1/Makefile
deleted file mode 100644
index 6a57e6b64c34..000000000000
--- a/crypto/heimdal/lib/asn1/Makefile
+++ /dev/null
@@ -1,885 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/asn1/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.68 2002/03/10 23:41:33 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 6:0:0
-
-libasn1_la_LIBADD = -lcom_err
-
-BUILT_SOURCES = \
-	$(gen_files:.x=.c)	\
-	asn1_err.h		\
-	asn1_err.c
-
-
-gen_files = \
-	asn1_APOptions.x			\
-	asn1_AP_REP.x				\
-	asn1_AP_REQ.x				\
-	asn1_AS_REP.x				\
-	asn1_AS_REQ.x				\
-	asn1_Authenticator.x			\
-	asn1_AuthorizationData.x		\
-	asn1_CKSUMTYPE.x			\
-	asn1_Checksum.x				\
-	asn1_ENCTYPE.x				\
-	asn1_ETYPE_INFO.x			\
-	asn1_ETYPE_INFO_ENTRY.x			\
-	asn1_EncAPRepPart.x			\
-	asn1_EncASRepPart.x			\
-	asn1_EncKDCRepPart.x			\
-	asn1_EncKrbCredPart.x			\
-	asn1_EncKrbPrivPart.x			\
-	asn1_EncTGSRepPart.x			\
-	asn1_EncTicketPart.x			\
-	asn1_EncryptedData.x			\
-	asn1_EncryptionKey.x			\
-	asn1_HostAddress.x			\
-	asn1_HostAddresses.x			\
-	asn1_KDCOptions.x			\
-	asn1_KDC_REP.x				\
-	asn1_KDC_REQ.x				\
-	asn1_KDC_REQ_BODY.x			\
-	asn1_KRB_CRED.x				\
-	asn1_KRB_ERROR.x			\
-	asn1_KRB_PRIV.x				\
-	asn1_KRB_SAFE.x				\
-	asn1_KRB_SAFE_BODY.x			\
-	asn1_KerberosTime.x			\
-	asn1_KrbCredInfo.x			\
-	asn1_LastReq.x				\
-	asn1_LR_TYPE.x				\
-	asn1_MESSAGE_TYPE.x			\
-	asn1_METHOD_DATA.x			\
-	asn1_NAME_TYPE.x			\
-	asn1_PADATA_TYPE.x			\
-	asn1_PA_DATA.x				\
-	asn1_PA_ENC_TS_ENC.x			\
-	asn1_Principal.x			\
-	asn1_PrincipalName.x			\
-	asn1_Realm.x				\
-	asn1_TGS_REP.x				\
-	asn1_TGS_REQ.x				\
-	asn1_Ticket.x				\
-	asn1_TicketFlags.x			\
-	asn1_TransitedEncoding.x		\
-	asn1_UNSIGNED.x
-
-
-noinst_PROGRAMS = asn1_compile asn1_print
-check_PROGRAMS = check-der
-TESTS = check-der
-
-asn1_compile_SOURCES = \
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	hash.c					\
-	lex.l					\
-	main.c					\
-	parse.y					\
-	symbol.c
-
-
-libasn1_la_SOURCES = \
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	timegm.c				\
-	$(BUILT_SOURCES)
-
-
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-
-asn1_print_LDADD = $(check_der_LDADD)
-
-CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \
-	$(gen_files) asn1_files
-
-
-include_HEADERS = krb5_asn1.h asn1_err.h der.h
-
-EXTRA_DIST = asn1_err.et
-subdir = lib/asn1
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libasn1_la_DEPENDENCIES =
-am__objects_1 = asn1_APOptions.lo asn1_AP_REP.lo asn1_AP_REQ.lo \
-	asn1_AS_REP.lo asn1_AS_REQ.lo asn1_Authenticator.lo \
-	asn1_AuthorizationData.lo asn1_CKSUMTYPE.lo asn1_Checksum.lo \
-	asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO_ENTRY.lo \
-	asn1_EncAPRepPart.lo asn1_EncASRepPart.lo asn1_EncKDCRepPart.lo \
-	asn1_EncKrbCredPart.lo asn1_EncKrbPrivPart.lo \
-	asn1_EncTGSRepPart.lo asn1_EncTicketPart.lo \
-	asn1_EncryptedData.lo asn1_EncryptionKey.lo asn1_HostAddress.lo \
-	asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \
-	asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \
-	asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \
-	asn1_KRB_SAFE_BODY.lo asn1_KerberosTime.lo asn1_KrbCredInfo.lo \
-	asn1_LastReq.lo asn1_LR_TYPE.lo asn1_MESSAGE_TYPE.lo \
-	asn1_METHOD_DATA.lo asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo \
-	asn1_PA_DATA.lo asn1_PA_ENC_TS_ENC.lo asn1_Principal.lo \
-	asn1_PrincipalName.lo asn1_Realm.lo asn1_TGS_REP.lo \
-	asn1_TGS_REQ.lo asn1_Ticket.lo asn1_TicketFlags.lo \
-	asn1_TransitedEncoding.lo asn1_UNSIGNED.lo
-am__objects_2 = $(am__objects_1) asn1_err.lo
-am_libasn1_la_OBJECTS = der_get.lo der_put.lo der_free.lo der_length.lo \
-	der_copy.lo timegm.lo $(am__objects_2)
-libasn1_la_OBJECTS = $(am_libasn1_la_OBJECTS)
-check_PROGRAMS = check-der$(EXEEXT)
-noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-am_asn1_compile_OBJECTS = gen.$(OBJEXT) gen_copy.$(OBJEXT) \
-	gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \
-	gen_glue.$(OBJEXT) gen_length.$(OBJEXT) hash.$(OBJEXT) \
-	lex.$(OBJEXT) main.$(OBJEXT) parse.$(OBJEXT) symbol.$(OBJEXT)
-asn1_compile_OBJECTS = $(am_asn1_compile_OBJECTS)
-asn1_compile_DEPENDENCIES =
-asn1_compile_LDFLAGS =
-asn1_print_SOURCES = asn1_print.c
-asn1_print_OBJECTS = asn1_print.$(OBJEXT)
-asn1_print_DEPENDENCIES = libasn1.la
-asn1_print_LDFLAGS =
-check_der_SOURCES = check-der.c
-check_der_OBJECTS = check-der.$(OBJEXT)
-check_der_DEPENDENCIES = libasn1.la
-check_der_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) \
-	asn1_print.c check-der.c
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in lex.c parse.c \
-	parse.h
-SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) asn1_print.c check-der.c
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/asn1/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libasn1_la_LDFLAGS) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) parse.c; \
-	else :; fi
-asn1_compile$(EXEEXT): $(asn1_compile_OBJECTS) $(asn1_compile_DEPENDENCIES) 
-	@rm -f asn1_compile$(EXEEXT)
-	$(LINK) $(asn1_compile_LDFLAGS) $(asn1_compile_OBJECTS) $(asn1_compile_LDADD) $(LIBS)
-asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) 
-	@rm -f asn1_print$(EXEEXT)
-	$(LINK) $(asn1_print_LDFLAGS) $(asn1_print_OBJECTS) $(asn1_print_LDADD) $(LIBS)
-check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) 
-	@rm -f check-der$(EXEEXT)
-	$(LINK) $(check_der_LDFLAGS) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.l.c:
-	$(LEXCOMPILE) `test -f $< || echo '$(srcdir)/'`$<
-	sed '/^#/ s|$(LEX_OUTPUT_ROOT)\.c|$@|' $(LEX_OUTPUT_ROOT).c >$@
-	rm -f $(LEX_OUTPUT_ROOT).c
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list='$(TESTS)'; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xpass=`expr $$xpass + 1`; \
-	        failed=`expr $$failed + 1`; \
-	        echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-	        echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xfail=`expr $$xfail + 1`; \
-	        echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-	        failed=`expr $$failed + 1`; \
-	        echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "lex.cparse.hparse.c$(BUILT_SOURCES)" || rm -f lex.c parse.h parse.c $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	distclean distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(asn1_compile_OBJECTS): parse.h parse.c
-
-$(gen_files) krb5_asn1.h: asn1_files
-
-asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 krb5_asn1
-
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h
-
-$(asn1_print_OBJECTS): krb5_asn1.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am
deleted file mode 100644
index 36cd9f015d55..000000000000
--- a/crypto/heimdal/lib/asn1/Makefile.am
+++ /dev/null
@@ -1,128 +0,0 @@
-# $Id: Makefile.am,v 1.69.2.1 2003/05/12 15:20:44 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 6:1:0
-
-libasn1_la_LIBADD = @LIB_com_err@
-
-BUILT_SOURCES =			\
-	$(gen_files:.x=.c)	\
-	asn1_err.h		\
-	asn1_err.c
-
-gen_files =					\
-	asn1_APOptions.x			\
-	asn1_AP_REP.x				\
-	asn1_AP_REQ.x				\
-	asn1_AS_REP.x				\
-	asn1_AS_REQ.x				\
-	asn1_Authenticator.x			\
-	asn1_AuthorizationData.x		\
-	asn1_CKSUMTYPE.x			\
-	asn1_Checksum.x				\
-	asn1_ENCTYPE.x				\
-	asn1_ETYPE_INFO.x			\
-	asn1_ETYPE_INFO_ENTRY.x			\
-	asn1_EncAPRepPart.x			\
-	asn1_EncASRepPart.x			\
-	asn1_EncKDCRepPart.x			\
-	asn1_EncKrbCredPart.x			\
-	asn1_EncKrbPrivPart.x			\
-	asn1_EncTGSRepPart.x			\
-	asn1_EncTicketPart.x			\
-	asn1_EncryptedData.x			\
-	asn1_EncryptionKey.x			\
-	asn1_HostAddress.x			\
-	asn1_HostAddresses.x			\
-	asn1_KDCOptions.x			\
-	asn1_KDC_REP.x				\
-	asn1_KDC_REQ.x				\
-	asn1_KDC_REQ_BODY.x			\
-	asn1_KRB_CRED.x				\
-	asn1_KRB_ERROR.x			\
-	asn1_KRB_PRIV.x				\
-	asn1_KRB_SAFE.x				\
-	asn1_KRB_SAFE_BODY.x			\
-	asn1_KerberosTime.x			\
-	asn1_KrbCredInfo.x			\
-	asn1_LastReq.x				\
-	asn1_LR_TYPE.x				\
-	asn1_MESSAGE_TYPE.x			\
-	asn1_METHOD_DATA.x			\
-	asn1_NAME_TYPE.x			\
-	asn1_PADATA_TYPE.x			\
-	asn1_PA_DATA.x				\
-	asn1_PA_ENC_TS_ENC.x			\
-	asn1_Principal.x			\
-	asn1_PrincipalName.x			\
-	asn1_Realm.x				\
-	asn1_TGS_REP.x				\
-	asn1_TGS_REQ.x				\
-	asn1_Ticket.x				\
-	asn1_TicketFlags.x			\
-	asn1_TransitedEncoding.x		\
-	asn1_UNSIGNED.x
-
-
-noinst_PROGRAMS = asn1_compile asn1_print
-check_PROGRAMS = check-der check-gen
-TESTS = check-der check-gen
-
-check_der_SOURCES = check-der.c check-common.c
-check_gen_SOURCES = check-gen.c check-common.c
-
-
-asn1_compile_SOURCES = 				\
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	hash.c					\
-	lex.l					\
-	main.c					\
-	parse.y					\
-	symbol.c
-
-libasn1_la_SOURCES =				\
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	timegm.c				\
-	$(BUILT_SOURCES)
-
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-check_gen_LDADD = $(check_der_LDADD)
-asn1_print_LDADD = $(check_der_LDADD)
-
-CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \
-	$(gen_files) asn1_files
-
-include_HEADERS = krb5_asn1.h asn1_err.h der.h
-
-$(asn1_compile_OBJECTS): parse.h parse.c
-
-$(gen_files) krb5_asn1.h: asn1_files
-
-asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 krb5_asn1
-
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h
-
-$(asn1_print_OBJECTS): krb5_asn1.h
-
-EXTRA_DIST = asn1_err.et
diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in
deleted file mode 100644
index e97ee0415b72..000000000000
--- a/crypto/heimdal/lib/asn1/Makefile.in
+++ /dev/null
@@ -1,880 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.69.2.1 2003/05/12 15:20:44 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libasn1.la
-libasn1_la_LDFLAGS = -version-info 6:1:0
-
-libasn1_la_LIBADD = @LIB_com_err@
-
-BUILT_SOURCES = \
-	$(gen_files:.x=.c)	\
-	asn1_err.h		\
-	asn1_err.c
-
-
-gen_files = \
-	asn1_APOptions.x			\
-	asn1_AP_REP.x				\
-	asn1_AP_REQ.x				\
-	asn1_AS_REP.x				\
-	asn1_AS_REQ.x				\
-	asn1_Authenticator.x			\
-	asn1_AuthorizationData.x		\
-	asn1_CKSUMTYPE.x			\
-	asn1_Checksum.x				\
-	asn1_ENCTYPE.x				\
-	asn1_ETYPE_INFO.x			\
-	asn1_ETYPE_INFO_ENTRY.x			\
-	asn1_EncAPRepPart.x			\
-	asn1_EncASRepPart.x			\
-	asn1_EncKDCRepPart.x			\
-	asn1_EncKrbCredPart.x			\
-	asn1_EncKrbPrivPart.x			\
-	asn1_EncTGSRepPart.x			\
-	asn1_EncTicketPart.x			\
-	asn1_EncryptedData.x			\
-	asn1_EncryptionKey.x			\
-	asn1_HostAddress.x			\
-	asn1_HostAddresses.x			\
-	asn1_KDCOptions.x			\
-	asn1_KDC_REP.x				\
-	asn1_KDC_REQ.x				\
-	asn1_KDC_REQ_BODY.x			\
-	asn1_KRB_CRED.x				\
-	asn1_KRB_ERROR.x			\
-	asn1_KRB_PRIV.x				\
-	asn1_KRB_SAFE.x				\
-	asn1_KRB_SAFE_BODY.x			\
-	asn1_KerberosTime.x			\
-	asn1_KrbCredInfo.x			\
-	asn1_LastReq.x				\
-	asn1_LR_TYPE.x				\
-	asn1_MESSAGE_TYPE.x			\
-	asn1_METHOD_DATA.x			\
-	asn1_NAME_TYPE.x			\
-	asn1_PADATA_TYPE.x			\
-	asn1_PA_DATA.x				\
-	asn1_PA_ENC_TS_ENC.x			\
-	asn1_Principal.x			\
-	asn1_PrincipalName.x			\
-	asn1_Realm.x				\
-	asn1_TGS_REP.x				\
-	asn1_TGS_REQ.x				\
-	asn1_Ticket.x				\
-	asn1_TicketFlags.x			\
-	asn1_TransitedEncoding.x		\
-	asn1_UNSIGNED.x
-
-
-noinst_PROGRAMS = asn1_compile asn1_print
-check_PROGRAMS = check-der check-gen
-TESTS = check-der check-gen
-
-check_der_SOURCES = check-der.c check-common.c
-check_gen_SOURCES = check-gen.c check-common.c
-
-asn1_compile_SOURCES = \
-	gen.c					\
-	gen_copy.c				\
-	gen_decode.c				\
-	gen_encode.c				\
-	gen_free.c				\
-	gen_glue.c				\
-	gen_length.c				\
-	hash.c					\
-	lex.l					\
-	main.c					\
-	parse.y					\
-	symbol.c
-
-
-libasn1_la_SOURCES = \
-	der_get.c				\
-	der_put.c				\
-	der_free.c				\
-	der_length.c				\
-	der_copy.c				\
-	timegm.c				\
-	$(BUILT_SOURCES)
-
-
-asn1_compile_LDADD = \
-	$(LIB_roken) $(LEXLIB)
-
-
-check_der_LDADD = \
-	libasn1.la \
-	$(LIB_roken)
-
-
-check_gen_LDADD = $(check_der_LDADD)
-asn1_print_LDADD = $(check_der_LDADD)
-
-CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \
-	$(gen_files) asn1_files
-
-
-include_HEADERS = krb5_asn1.h asn1_err.h der.h
-
-EXTRA_DIST = asn1_err.et
-subdir = lib/asn1
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libasn1_la_DEPENDENCIES =
-am__objects_6 = asn1_APOptions.lo asn1_AP_REP.lo asn1_AP_REQ.lo \
-	asn1_AS_REP.lo asn1_AS_REQ.lo asn1_Authenticator.lo \
-	asn1_AuthorizationData.lo asn1_CKSUMTYPE.lo asn1_Checksum.lo \
-	asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO_ENTRY.lo \
-	asn1_EncAPRepPart.lo asn1_EncASRepPart.lo asn1_EncKDCRepPart.lo \
-	asn1_EncKrbCredPart.lo asn1_EncKrbPrivPart.lo \
-	asn1_EncTGSRepPart.lo asn1_EncTicketPart.lo \
-	asn1_EncryptedData.lo asn1_EncryptionKey.lo asn1_HostAddress.lo \
-	asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \
-	asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \
-	asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \
-	asn1_KRB_SAFE_BODY.lo asn1_KerberosTime.lo asn1_KrbCredInfo.lo \
-	asn1_LastReq.lo asn1_LR_TYPE.lo asn1_MESSAGE_TYPE.lo \
-	asn1_METHOD_DATA.lo asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo \
-	asn1_PA_DATA.lo asn1_PA_ENC_TS_ENC.lo asn1_Principal.lo \
-	asn1_PrincipalName.lo asn1_Realm.lo asn1_TGS_REP.lo \
-	asn1_TGS_REQ.lo asn1_Ticket.lo asn1_TicketFlags.lo \
-	asn1_TransitedEncoding.lo asn1_UNSIGNED.lo
-am__objects_5 = $(am__objects_6) asn1_err.lo
-am_libasn1_la_OBJECTS = der_get.lo der_put.lo der_free.lo der_length.lo \
-	der_copy.lo timegm.lo $(am__objects_5)
-libasn1_la_OBJECTS = $(am_libasn1_la_OBJECTS)
-check_PROGRAMS = check-der$(EXEEXT) check-gen$(EXEEXT)
-noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-am_asn1_compile_OBJECTS = gen.$(OBJEXT) gen_copy.$(OBJEXT) \
-	gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \
-	gen_glue.$(OBJEXT) gen_length.$(OBJEXT) hash.$(OBJEXT) \
-	lex.$(OBJEXT) main.$(OBJEXT) parse.$(OBJEXT) symbol.$(OBJEXT)
-asn1_compile_OBJECTS = $(am_asn1_compile_OBJECTS)
-asn1_compile_DEPENDENCIES =
-asn1_compile_LDFLAGS =
-asn1_print_SOURCES = asn1_print.c
-asn1_print_OBJECTS = asn1_print.$(OBJEXT)
-asn1_print_DEPENDENCIES = libasn1.la
-asn1_print_LDFLAGS =
-am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT)
-check_der_OBJECTS = $(am_check_der_OBJECTS)
-check_der_DEPENDENCIES = libasn1.la
-check_der_LDFLAGS =
-am_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT)
-check_gen_OBJECTS = $(am_check_gen_OBJECTS)
-check_gen_DEPENDENCIES = libasn1.la
-check_gen_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) \
-	asn1_print.c $(check_der_SOURCES) $(check_gen_SOURCES)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in lex.c parse.c \
-	parse.h
-SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) asn1_print.c $(check_der_SOURCES) $(check_gen_SOURCES)
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/asn1/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libasn1_la_LDFLAGS) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-parse.h: parse.c
-asn1_compile$(EXEEXT): $(asn1_compile_OBJECTS) $(asn1_compile_DEPENDENCIES) 
-	@rm -f asn1_compile$(EXEEXT)
-	$(LINK) $(asn1_compile_LDFLAGS) $(asn1_compile_OBJECTS) $(asn1_compile_LDADD) $(LIBS)
-asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) 
-	@rm -f asn1_print$(EXEEXT)
-	$(LINK) $(asn1_print_LDFLAGS) $(asn1_print_OBJECTS) $(asn1_print_LDADD) $(LIBS)
-check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) 
-	@rm -f check-der$(EXEEXT)
-	$(LINK) $(check_der_LDFLAGS) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS)
-check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES) 
-	@rm -f check-gen$(EXEEXT)
-	$(LINK) $(check_gen_LDFLAGS) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.l.c:
-	$(LEXCOMPILE) `test -f $< || echo '$(srcdir)/'`$<
-	sed '/^#/ s|$(LEX_OUTPUT_ROOT)\.c|$@|' $(LEX_OUTPUT_ROOT).c >$@
-	rm -f $(LEX_OUTPUT_ROOT).c
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list='$(TESTS)'; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xpass=`expr $$xpass + 1`; \
-	        failed=`expr $$failed + 1`; \
-	        echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-	        echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xfail=`expr $$xfail + 1`; \
-	        echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-	        failed=`expr $$failed + 1`; \
-	        echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "parse.h$(BUILT_SOURCES)" || rm -f parse.h $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	distclean distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(asn1_compile_OBJECTS): parse.h parse.c
-
-$(gen_files) krb5_asn1.h: asn1_files
-
-asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
-	./asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 krb5_asn1
-
-$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h
-
-$(asn1_print_OBJECTS): krb5_asn1.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/asn1/asn1-common.h b/crypto/heimdal/lib/asn1/asn1-common.h
deleted file mode 100644
index 251d401d5608..000000000000
--- a/crypto/heimdal/lib/asn1/asn1-common.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/* $Id: asn1-common.h,v 1.2 2001/09/25 13:39:25 assar Exp $ */
-
-#include <stddef.h>
-#include <time.h>
-
-#ifndef __asn1_common_definitions__
-#define __asn1_common_definitions__
-
-typedef struct octet_string {
-    size_t length;
-    void *data;
-} octet_string;
-
-typedef char *general_string;
-
-typedef struct oid {
-    size_t length;
-    unsigned *components;
-} oid;
-
-#endif
diff --git a/crypto/heimdal/lib/asn1/asn1_err.et b/crypto/heimdal/lib/asn1/asn1_err.et
deleted file mode 100644
index 8f1f272cccbd..000000000000
--- a/crypto/heimdal/lib/asn1/asn1_err.et
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Error messages for the asn.1 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: asn1_err.et,v 1.5 1998/02/16 16:17:17 joda Exp $"
-
-error_table asn1
-prefix ASN1
-error_code BAD_TIMEFORMAT,	"ASN.1 failed call to system time library"
-error_code MISSING_FIELD,	"ASN.1 structure is missing a required field"
-error_code MISPLACED_FIELD,	"ASN.1 unexpected field number"
-error_code TYPE_MISMATCH,	"ASN.1 type numbers are inconsistent"
-error_code OVERFLOW,		"ASN.1 value too large"
-error_code OVERRUN,		"ASN.1 encoding ended unexpectedly"
-error_code BAD_ID,		"ASN.1 identifier doesn't match expected value"
-error_code BAD_LENGTH,		"ASN.1 length doesn't match expected value"
-error_code BAD_FORMAT,		"ASN.1 badly-formatted encoding"
-error_code PARSE_ERROR,		"ASN.1 parse error"
-end
diff --git a/crypto/heimdal/lib/asn1/asn1_print.c b/crypto/heimdal/lib/asn1/asn1_print.c
deleted file mode 100644
index d3199e8edd81..000000000000
--- a/crypto/heimdal/lib/asn1/asn1_print.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-#include <com_err.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: asn1_print.c,v 1.11 2002/08/29 20:45:35 assar Exp $");
-
-const char *class_names[] = {
-    "UNIV",			/* 0 */
-    "APPL",			/* 1 */
-    "CONTEXT",			/* 2 */
-    "PRIVATE"			/* 3 */
-};
-
-const char *type_names[] = {
-    "PRIM",			/* 0 */
-    "CONS"			/* 1 */
-};
-
-const char *tag_names[] = {
-    NULL,			/* 0 */
-    NULL,			/* 1 */
-    "Integer",			/* 2 */
-    "BitString",		/* 3 */
-    "OctetString",		/* 4 */
-    "Null",			/* 5 */
-    "ObjectID",			/* 6 */
-    NULL,			/* 7 */
-    NULL,			/* 8 */
-    NULL,			/* 9 */
-    NULL,			/* 10 */
-    NULL,			/* 11 */
-    NULL,			/* 12 */
-    NULL,			/* 13 */
-    NULL,			/* 14 */
-    NULL,			/* 15 */
-    "Sequence",			/* 16 */
-    "Set",			/* 17 */
-    NULL,			/* 18 */
-    "PrintableString",		/* 19 */
-    NULL,			/* 20 */
-    NULL,			/* 21 */
-    "IA5String",		/* 22 */
-    "UTCTime",			/* 23 */
-    "GeneralizedTime",		/* 24 */
-    NULL,			/* 25 */
-    "VisibleString",		/* 26 */
-    "GeneralString"		/* 27 */
-};
-
-static int
-loop (unsigned char *buf, size_t len, int indent)
-{
-    while (len > 0) {
-	int ret;
-	Der_class class;
-	Der_type type;
-	int tag;
-	size_t sz;
-	size_t length;
-	int i;
-
-	ret = der_get_tag (buf, len, &class, &type, &tag, &sz);
-	if (ret)
-	    errx (1, "der_get_tag: %s", error_message (ret));
-	if (sz > len)
-	    errx (1, "unreasonable length (%u) > %u",
-		  (unsigned)sz, (unsigned)len);
-	buf += sz;
-	len -= sz;
-	for (i = 0; i < indent; ++i)
-	    printf (" ");
-	printf ("%s %s ", class_names[class], type_names[type]);
-	if (tag_names[tag])
-	    printf ("%s = ", tag_names[tag]);
-	else
-	    printf ("tag %d = ", tag);
-	ret = der_get_length (buf, len, &length, &sz);
-	if (ret)
-	    errx (1, "der_get_tag: %s", error_message (ret));
-	buf += sz;
-	len -= sz;
-
-	if (class == CONTEXT) {
-	    printf ("[%d]\n", tag);
-	    loop (buf, length, indent);
-	} else if (class == UNIV) {
-	    switch (tag) {
-	    case UT_Sequence :
-		printf ("{\n");
-		loop (buf, length, indent + 2);
-		for (i = 0; i < indent; ++i)
-		    printf (" ");
-		printf ("}\n");
-		break;
-	    case UT_Integer : {
-		int val;
-
-		ret = der_get_int (buf, length, &val, NULL);
-		if (ret)
-		    errx (1, "der_get_int: %s", error_message (ret));
-		printf ("integer %d\n", val);
-		break;
-	    }
-	    case UT_OctetString : {
-		octet_string str;
-		int i;
-		unsigned char *uc;
-
-		ret = der_get_octet_string (buf, length, &str, NULL);
-		if (ret)
-		    errx (1, "der_get_octet_string: %s", error_message (ret));
-		printf ("(length %lu), ", (unsigned long)length);
-		uc = (unsigned char *)str.data;
-		for (i = 0; i < 16; ++i)
-		    printf ("%02x", uc[i]);
-		printf ("\n");
-		free (str.data);
-		break;
-	    }
-	    case UT_GeneralizedTime :
-	    case UT_GeneralString : {
-		general_string str;
-
-		ret = der_get_general_string (buf, length, &str, NULL);
-		if (ret)
-		    errx (1, "der_get_general_string: %s",
-			  error_message (ret));
-		printf ("\"%s\"\n", str);
-		free (str);
-		break;
-	    }
-	    case UT_OID: {
-		oid o;
-		int i;
-
-		ret = der_get_oid(buf, length, &o, NULL);
-		if (ret)
-		    errx (1, "der_get_oid: %s", error_message (ret));
-		
-		for (i = 0; i < o.length ; i++)
-		    printf("%d%s", o.components[i],
-			   i < o.length - 1 ? "." : "");
-		printf("\n");
-		free_oid(&o);
-		break;
-	    }
-	    default :
-		printf ("%lu bytes\n", (unsigned long)length);
-		break;
-	    }
-	}
-	buf += length;
-	len -= length;
-    }
-    return 0;
-}
-
-static int
-doit (const char *filename)
-{
-    int fd = open (filename, O_RDONLY);
-    struct stat sb;
-    unsigned char *buf;
-    size_t len;
-    int ret;
-
-    if(fd < 0)
-	err (1, "opening %s for read", filename);
-    if (fstat (fd, &sb) < 0)
-	err (1, "stat %s", filename);
-    len = sb.st_size;
-    buf = malloc (len);
-    if (buf == NULL)
-	err (1, "malloc %u", (unsigned)len);
-    if (read (fd, buf, len) != len)
-	errx (1, "read failed");
-    close (fd);
-    ret = loop (buf, len, 0);
-    free (buf);
-    return ret;
-}
-
-
-static int version_flag;
-static int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "dump-file");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-
-    setprogname (argv[0]);
-    initialize_asn1_error_table ();
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    argv += optind;
-    argc -= optind;
-    if (argc != 1)
-	usage (1);
-    return doit (argv[0]);
-}
diff --git a/crypto/heimdal/lib/asn1/check-common.c b/crypto/heimdal/lib/asn1/check-common.c
deleted file mode 100644
index 20a41ad859a5..000000000000
--- a/crypto/heimdal/lib/asn1/check-common.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-common.c,v 1.1 2003/01/23 10:21:36 lha Exp $");
-
-static void
-print_bytes (unsigned const char *buf, size_t len)
-{
-    int i;
-
-    for (i = 0; i < len; ++i)
-	printf ("%02x ", buf[i]);
-}
-
-int
-generic_test (const struct test_case *tests,
-	      unsigned ntests,
-	      size_t data_size,
-	      int (*encode)(unsigned char *, size_t, void *, size_t *),
-	      int (*length)(void *),
-	      int (*decode)(unsigned char *, size_t, void *, size_t *),
-	      int (*cmp)(void *a, void *b))
-{
-    unsigned char buf[4711];
-    int i;
-    int failures = 0;
-    void *val = malloc (data_size);
-
-    if (data_size != 0 && val == NULL)
-	err (1, "malloc");
-
-    for (i = 0; i < ntests; ++i) {
-	int ret;
-	size_t sz, consumed_sz, length_sz;
-	unsigned char *beg;
-
-	ret = (*encode) (buf + sizeof(buf) - 1, sizeof(buf),
-			 tests[i].val, &sz);
-	beg = buf + sizeof(buf) - sz;
-	if (ret != 0) {
-	    printf ("encoding of %s failed\n", tests[i].name);
-	    ++failures;
-	}
-	if (sz != tests[i].byte_len) {
-	    printf ("encoding of %s has wrong len (%lu != %lu)\n",
-		    tests[i].name, 
-		    (unsigned long)sz, (unsigned long)tests[i].byte_len);
-	    ++failures;
-	}
-
-	length_sz = (*length) (tests[i].val);
-	if (sz != length_sz) {
-	    printf ("length for %s is bad (%lu != %lu)\n",
-		    tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
-	    ++failures;
-	}
-
-	if (memcmp (beg, tests[i].bytes, tests[i].byte_len) != 0) {
-	    printf ("encoding of %s has bad bytes:\n"
-		    "correct: ", tests[i].name);
-	    print_bytes (tests[i].bytes, tests[i].byte_len);
-	    printf ("\nactual:  ");
-	    print_bytes (beg, sz);
-	    printf ("\n");
-	    ++failures;
-	}
-	ret = (*decode) (beg, sz, val, &consumed_sz);
-	if (ret != 0) {
-	    printf ("decoding of %s failed\n", tests[i].name);
-	    ++failures;
-	}
-	if (sz != consumed_sz) {
-	    printf ("different length decoding %s (%ld != %ld)\n",
-		    tests[i].name, 
-		    (unsigned long)sz, (unsigned long)consumed_sz);
-	    ++failures;
-	}
-	if ((*cmp)(val, tests[i].val) != 0) {
-	    printf ("%s: comparison failed\n", tests[i].name);
-	    ++failures;
-	}
-    }
-    free (val);
-    return failures;
-}
diff --git a/crypto/heimdal/lib/asn1/check-common.h b/crypto/heimdal/lib/asn1/check-common.h
deleted file mode 100644
index 52d59cb4f7a8..000000000000
--- a/crypto/heimdal/lib/asn1/check-common.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-struct test_case {
-    void *val;
-    int byte_len;
-    const unsigned char *bytes;
-    char *name;
-};
-
-typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *);
-typedef int (*generic_length)(void *);
-typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *);
-
-int
-generic_test (const struct test_case *tests,
-	      unsigned ntests,
-	      size_t data_size,
-	      int (*encode)(unsigned char *, size_t, void *, size_t *),
-	      int (*length)(void *),
-	      int (*decode)(unsigned char *, size_t, void *, size_t *),
-	      int (*cmp)(void *a, void *b));
-
diff --git a/crypto/heimdal/lib/asn1/check-der.c b/crypto/heimdal/lib/asn1/check-der.c
deleted file mode 100644
index 7cb057749e49..000000000000
--- a/crypto/heimdal/lib/asn1/check-der.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-der.c,v 1.9 2003/01/23 10:19:49 lha Exp $");
-
-static int
-cmp_integer (void *a, void *b)
-{
-    int *ia = (int *)a;
-    int *ib = (int *)b;
-
-    return *ib - *ia;
-}
-
-static int
-test_integer (void)
-{
-    struct test_case tests[] = {
-	{NULL, 3, "\x02\x01\x00"},
-	{NULL, 3, "\x02\x01\x7f"},
-	{NULL, 4, "\x02\x02\x00\x80"},
-	{NULL, 4, "\x02\x02\x01\x00"},
-	{NULL, 3, "\x02\x01\x80"},
-	{NULL, 4, "\x02\x02\xff\x7f"},
-	{NULL, 3, "\x02\x01\xff"},
-	{NULL, 4, "\x02\x02\xff\x01"},
-	{NULL, 4, "\x02\x02\x00\xff"},
-	{NULL, 6, "\x02\x04\x80\x00\x00\x00"},
-	{NULL, 6, "\x02\x04\x7f\xff\xff\xff"}
-    };
-
-    int values[] = {0, 127, 128, 256, -128, -129, -1, -255, 255,
-		    0x80000000, 0x7fffffff};
-    int i;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "integer %d", values[i]);
-    }
-
-    return generic_test (tests, ntests, sizeof(int),
-			 (generic_encode)encode_integer,
-			 (generic_length) length_integer,
-			 (generic_decode)decode_integer,
-			 cmp_integer);
-}
-
-static int
-cmp_octet_string (void *a, void *b)
-{
-    octet_string *oa = (octet_string *)a;
-    octet_string *ob = (octet_string *)b;
-
-    if (oa->length != ob->length)
-	return ob->length - oa->length;
-
-    return (memcmp (oa->data, ob->data, oa->length));
-}
-
-static int
-test_octet_string (void)
-{
-    octet_string s1 = {8, "\x01\x23\x45\x67\x89\xab\xcd\xef"};
-
-    struct test_case tests[] = {
-	{NULL, 10, "\x04\x08\x01\x23\x45\x67\x89\xab\xcd\xef"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "a octet string");
-
-    return generic_test (tests, ntests, sizeof(octet_string),
-			 (generic_encode)encode_octet_string,
-			 (generic_length)length_octet_string,
-			 (generic_decode)decode_octet_string,
-			 cmp_octet_string);
-}
-
-static int
-cmp_general_string (void *a, void *b)
-{
-    unsigned char **sa = (unsigned char **)a;
-    unsigned char **sb = (unsigned char **)b;
-
-    return strcmp (*sa, *sb);
-}
-
-static int
-test_general_string (void)
-{
-    unsigned char *s1 = "Test User 1";
-
-    struct test_case tests[] = {
-	{NULL, 13, "\x1b\x0b\x54\x65\x73\x74\x20\x55\x73\x65\x72\x20\x31"}
-    };
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    tests[0].val = &s1;
-    asprintf (&tests[0].name, "the string \"%s\"", s1);
-
-    return generic_test (tests, ntests, sizeof(unsigned char *),
-			 (generic_encode)encode_general_string,
-			 (generic_length)length_general_string,
-			 (generic_decode)decode_general_string,
-			 cmp_general_string);
-}
-
-static int
-cmp_generalized_time (void *a, void *b)
-{
-    time_t *ta = (time_t *)a;
-    time_t *tb = (time_t *)b;
-
-    return *tb - *ta;
-}
-
-static int
-test_generalized_time (void)
-{
-    struct test_case tests[] = {
-	{NULL, 17, "\x18\x0f""19700101000000Z"},
-	{NULL, 17, "\x18\x0f""19851106210627Z"}
-    };
-    time_t values[] = {0, 500159187};
-    int i;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "time %d", (int)values[i]);
-    }
-
-    return generic_test (tests, ntests, sizeof(time_t),
-			 (generic_encode)encode_generalized_time,
-			 (generic_length)length_generalized_time,
-			 (generic_decode)decode_generalized_time,
-			 cmp_generalized_time);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_integer ();
-    ret += test_octet_string ();
-    ret += test_general_string ();
-    ret += test_generalized_time ();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/check-gen.c b/crypto/heimdal/lib/asn1/check-gen.c
deleted file mode 100644
index 0b0bec939b4d..000000000000
--- a/crypto/heimdal/lib/asn1/check-gen.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <err.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-#include <krb5_asn1.h>
-
-#include "check-common.h"
-
-RCSID("$Id: check-gen.c,v 1.2.2.1 2003/05/06 16:49:57 joda Exp $");
-
-static char *lha_princ[] = { "lha" };
-static char *lharoot_princ[] = { "lha", "root" };
-static char *datan_princ[] = { "host", "nutcracker.e.kth.se" };
-
-
-#define COMPARE_STRING(ac,bc,e) \
-	do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0)
-#define COMPARE_INTEGER(ac,bc,e) \
-	do { if ((ac)->e != (bc)->e) return 1; } while(0)
-#define COMPARE_MEM(ac,bc,e,len) \
-	do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0)
-
-static int
-cmp_principal (void *a, void *b)
-{
-    Principal *pa = a;
-    Principal *pb = b;
-    int i;
-
-    COMPARE_STRING(pa,pb,realm);
-    COMPARE_INTEGER(pa,pb,name.name_type);
-    COMPARE_INTEGER(pa,pb,name.name_string.len);
-
-    for (i = 0; i < pa->name.name_string.len; i++)
-	COMPARE_STRING(pa,pb,name.name_string.val[i]);
-
-    return 0;
-}
-
-static int
-test_principal (void)
-{
-
-    struct test_case tests[] = {
-	{ NULL, 29, 
-	  (unsigned char*)"\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b"
-	  "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45"
-	},
-	{ NULL, 35,
-	  (unsigned char*)"\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b"
-	  "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55"
-	  "\x2e\x53\x45"
-	},
-	{ NULL, 54, 
-	  (unsigned char*)"\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b"
-	  "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65"
-	  "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e"
-	  "\x4b\x54\x48\x2e\x53\x45"
-	}
-    };
-
-
-    Principal values[] = { 
-	{ { KRB5_NT_PRINCIPAL, { 1, lha_princ } },  "SU.SE" },
-	{ { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },  "SU.SE" },
-	{ { KRB5_NT_SRV_HST, { 2, datan_princ } },  "E.KTH.SE" }
-    };
-    int i;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "Principal %d", i);
-    }
-
-    return generic_test (tests, ntests, sizeof(Principal),
-			 (generic_encode)encode_Principal,
-			 (generic_length)length_Principal,
-			 (generic_decode)decode_Principal,
-			 cmp_principal);
-}
-
-static int
-cmp_authenticator (void *a, void *b)
-{
-    Authenticator *aa = a;
-    Authenticator *ab = b;
-    int i;
-
-    COMPARE_INTEGER(aa,ab,authenticator_vno);
-    COMPARE_STRING(aa,ab,crealm);
-
-    COMPARE_INTEGER(aa,ab,cname.name_type);
-    COMPARE_INTEGER(aa,ab,cname.name_string.len);
-
-    for (i = 0; i < aa->cname.name_string.len; i++)
-	COMPARE_STRING(aa,ab,cname.name_string.val[i]);
-
-    return 0;
-}
-
-static int
-test_authenticator (void)
-{
-    struct test_case tests[] = {
-	{ NULL, 63, 
-	  (unsigned char*)"\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08"
-	  "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0"
-	  "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61"
-	  "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30"
-	  "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a"
-	},
-	{ NULL, 67, 
-	  (unsigned char*)"\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05"
-	  "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01"
-	  "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72"
-	  "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f"
-	  "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33"
-	  "\x39\x5a"
-	}
-    };
-
-    Authenticator values[] = {
-	{ 5, "E.KTH.SE", { KRB5_NT_PRINCIPAL, { 1, lha_princ } },
-	  NULL, 10, 99, NULL, NULL, NULL },
-	{ 5, "SU.SE", { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },
-	  NULL, 292, 999, NULL, NULL, NULL }
-    };
-    int i;
-    int ntests = sizeof(tests) / sizeof(*tests);
-
-    for (i = 0; i < ntests; ++i) {
-	tests[i].val = &values[i];
-	asprintf (&tests[i].name, "Authenticator %d", i);
-    }
-
-    return generic_test (tests, ntests, sizeof(Authenticator),
-			 (generic_encode)encode_Authenticator,
-			 (generic_length)length_Authenticator,
-			 (generic_decode)decode_Authenticator,
-			 cmp_authenticator);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += test_principal ();
-    ret += test_authenticator();
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/der.h b/crypto/heimdal/lib/asn1/der.h
deleted file mode 100644
index 738c8d7e7a4d..000000000000
--- a/crypto/heimdal/lib/asn1/der.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: der.h,v 1.22 2001/09/27 16:20:35 assar Exp $ */
-
-#ifndef __DER_H__
-#define __DER_H__
-
-#include <time.h>
-
-typedef enum {UNIV = 0, APPL = 1, CONTEXT = 2 , PRIVATE = 3} Der_class;
-
-typedef enum {PRIM = 0, CONS = 1} Der_type;
-
-/* Universal tags */
-
-enum {
-     UT_Boolean		= 1,
-     UT_Integer		= 2,
-     UT_BitString	= 3,
-     UT_OctetString	= 4,
-     UT_Null		= 5,
-     UT_OID		= 6,
-     UT_Enumerated	= 10,
-     UT_Sequence	= 16,
-     UT_Set		= 17,
-     UT_PrintableString	= 19,
-     UT_IA5String	= 22,
-     UT_UTCTime		= 23,
-     UT_GeneralizedTime	= 24,
-     UT_VisibleString	= 26,
-     UT_GeneralString	= 27
-};
-
-#define ASN1_INDEFINITE 0xdce0deed
-
-#ifndef HAVE_TIMEGM
-time_t timegm (struct tm *);
-#endif
-
-int time2generalizedtime (time_t t, octet_string *s);
-
-int der_get_int (const unsigned char *p, size_t len, int *ret, size_t *size);
-int der_get_length (const unsigned char *p, size_t len,
-		    size_t *val, size_t *size);
-int der_get_general_string (const unsigned char *p, size_t len, 
-			    general_string *str, size_t *size);
-int der_get_octet_string (const unsigned char *p, size_t len, 
-			  octet_string *data, size_t *size);
-int der_get_oid (const unsigned char *p, size_t len,
-		 oid *data, size_t *size);
-int der_get_tag (const unsigned char *p, size_t len, 
-		 Der_class *class, Der_type *type,
-		 int *tag, size_t *size);
-
-int der_match_tag (const unsigned char *p, size_t len, 
-		   Der_class class, Der_type type,
-		   int tag, size_t *size);
-int der_match_tag_and_length (const unsigned char *p, size_t len,
-			      Der_class class, Der_type type, int tag,
-			      size_t *length_ret, size_t *size);
-
-int decode_integer (const unsigned char*, size_t, int*, size_t*);
-int decode_unsigned (const unsigned char*, size_t, unsigned*, size_t*);
-int decode_enumerated (const unsigned char*, size_t, unsigned*, size_t*);
-int decode_general_string (const unsigned char*, size_t,
-			   general_string*, size_t*);
-int decode_oid (const unsigned char *p, size_t len, 
-		oid *k, size_t *size);
-int decode_octet_string (const unsigned char*, size_t, octet_string*, size_t*);
-int decode_generalized_time (const unsigned char*, size_t, time_t*, size_t*);
-
-int der_put_int (unsigned char *p, size_t len, int val, size_t*);
-int der_put_length (unsigned char *p, size_t len, size_t val, size_t*);
-int der_put_general_string (unsigned char *p, size_t len,
-			    const general_string *str, size_t*);
-int der_put_octet_string (unsigned char *p, size_t len,
-			  const octet_string *data, size_t*);
-int der_put_oid (unsigned char *p, size_t len,
-		 const oid *data, size_t *size);
-int der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
-		 int tag, size_t*);
-int der_put_length_and_tag (unsigned char*, size_t, size_t, 
-			    Der_class, Der_type, int, size_t*);
-
-int encode_integer (unsigned char *p, size_t len,
-		    const int *data, size_t*);
-int encode_unsigned (unsigned char *p, size_t len,
-		     const unsigned *data, size_t*);
-int encode_enumerated (unsigned char *p, size_t len,
-		       const unsigned *data, size_t*);
-int encode_general_string (unsigned char *p, size_t len, 
-			   const general_string *data, size_t*);
-int encode_octet_string (unsigned char *p, size_t len,
-			 const octet_string *k, size_t*);
-int encode_oid (unsigned char *p, size_t len,
-		const oid *k, size_t*);
-int encode_generalized_time (unsigned char *p, size_t len,
-			     const time_t *t, size_t*);
-
-void free_integer (int *num);
-void free_general_string (general_string *str);
-void free_octet_string (octet_string *k);
-void free_oid (oid *k);
-void free_generalized_time (time_t *t);
-
-size_t length_len (size_t len);
-size_t length_integer (const int *data);
-size_t length_unsigned (const unsigned *data);
-size_t length_enumerated (const unsigned *data);
-size_t length_general_string (const general_string *data);
-size_t length_octet_string (const octet_string *k);
-size_t length_oid (const oid *k);
-size_t length_generalized_time (const time_t *t);
-
-int copy_general_string (const general_string *from, general_string *to);
-int copy_octet_string (const octet_string *from, octet_string *to);
-int copy_oid (const oid *from, oid *to);
-
-int fix_dce(size_t reallen, size_t *len);
-
-#endif /* __DER_H__ */
diff --git a/crypto/heimdal/lib/asn1/der_copy.c b/crypto/heimdal/lib/asn1/der_copy.c
deleted file mode 100644
index eefc91417034..000000000000
--- a/crypto/heimdal/lib/asn1/der_copy.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_copy.c,v 1.10 2003/04/17 07:13:08 lha Exp $");
-
-int
-copy_general_string (const general_string *from, general_string *to)
-{
-    *to = strdup(*from);
-    if(*to == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int
-copy_octet_string (const octet_string *from, octet_string *to)
-{
-    to->length = from->length;
-    to->data   = malloc(to->length);
-    if(to->length != 0 && to->data == NULL)
-	return ENOMEM;
-    memcpy(to->data, from->data, to->length);
-    return 0;
-}
-
-int
-copy_oid (const oid *from, oid *to)
-{
-    to->length     = from->length;
-    to->components = malloc(to->length * sizeof(*to->components));
-    if (to->length != 0 && to->components == NULL)
-	return ENOMEM;
-    memcpy(to->components, from->components, to->length);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_free.c b/crypto/heimdal/lib/asn1/der_free.c
deleted file mode 100644
index fd78b4810d1d..000000000000
--- a/crypto/heimdal/lib/asn1/der_free.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_free.c,v 1.8 2001/09/25 13:39:26 assar Exp $");
-
-void
-free_general_string (general_string *str)
-{
-    free(*str);
-}
-
-void
-free_octet_string (octet_string *k)
-{
-    free(k->data);
-}
-
-void
-free_oid (oid *k)
-{
-    free(k->components);
-}
diff --git a/crypto/heimdal/lib/asn1/der_get.c b/crypto/heimdal/lib/asn1/der_get.c
deleted file mode 100644
index 429fd66ed4e5..000000000000
--- a/crypto/heimdal/lib/asn1/der_get.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_get.c,v 1.33 2002/09/03 16:21:49 nectar Exp $");
-
-#include <version.h>
-
-/* 
- * All decoding functions take a pointer `p' to first position in
- * which to read, from the left, `len' which means the maximum number
- * of characters we are able to read, `ret' were the value will be
- * returned and `size' where the number of used bytes is stored.
- * Either 0 or an error code is returned.
- */
-
-static int
-der_get_unsigned (const unsigned char *p, size_t len,
-		  unsigned *ret, size_t *size)
-{
-    unsigned val = 0;
-    size_t oldlen = len;
-
-    while (len--)
-	val = val * 256 + *p++;
-    *ret = val;
-    if(size) *size = oldlen;
-    return 0;
-}
-
-int
-der_get_int (const unsigned char *p, size_t len,
-	     int *ret, size_t *size)
-{
-    int val = 0;
-    size_t oldlen = len;
-
-    if (len > 0) {
-	val = (signed char)*p++;
-	while (--len)
-	    val = val * 256 + *p++;
-    }
-    *ret = val;
-    if(size) *size = oldlen;
-    return 0;
-}
-
-int
-der_get_length (const unsigned char *p, size_t len,
-		size_t *val, size_t *size)
-{
-    size_t v;
-
-    if (len <= 0)
-	return ASN1_OVERRUN;
-    --len;
-    v = *p++;
-    if (v < 128) {
-	*val = v;
-	if(size) *size = 1;
-    } else {
-	int e;
-	size_t l;
-	unsigned tmp;
-
-	if(v == 0x80){
-	    *val = ASN1_INDEFINITE;
-	    if(size) *size = 1;
-	    return 0;
-	}
-	v &= 0x7F;
-	if (len < v)
-	    return ASN1_OVERRUN;
-	e = der_get_unsigned (p, v, &tmp, &l);
-	if(e) return e;
-	*val = tmp;
-	if(size) *size = l + 1;
-    }
-    return 0;
-}
-
-int
-der_get_general_string (const unsigned char *p, size_t len, 
-			general_string *str, size_t *size)
-{
-    char *s;
-
-    s = malloc (len + 1);
-    if (s == NULL)
-	return ENOMEM;
-    memcpy (s, p, len);
-    s[len] = '\0';
-    *str = s;
-    if(size) *size = len;
-    return 0;
-}
-
-int
-der_get_octet_string (const unsigned char *p, size_t len, 
-		      octet_string *data, size_t *size)
-{
-    data->length = len;
-    data->data = malloc(len);
-    if (data->data == NULL && data->length != 0)
-	return ENOMEM;
-    memcpy (data->data, p, len);
-    if(size) *size = len;
-    return 0;
-}
-
-int
-der_get_oid (const unsigned char *p, size_t len,
-	     oid *data, size_t *size)
-{
-    int n;
-    size_t oldlen = len;
-
-    if (len < 1)
-	return ASN1_OVERRUN;
-
-    data->components = malloc(len * sizeof(*data->components));
-    if (data->components == NULL && len != 0)
-	return ENOMEM;
-    data->components[0] = (*p) / 40;
-    data->components[1] = (*p) % 40;
-    --len;
-    ++p;
-    for (n = 2; len > 0; ++n) {
-	unsigned u = 0;
-
-	do {
-	    --len;
-	    u = u * 128 + (*p++ % 128);
-	} while (len > 0 && p[-1] & 0x80);
-	data->components[n] = u;
-    }
-    if (p[-1] & 0x80) {
-	free_oid (data);
-	return ASN1_OVERRUN;
-    }
-    data->length = n;
-    if (size)
-	*size = oldlen;
-    return 0;
-}
-
-int
-der_get_tag (const unsigned char *p, size_t len,
-	     Der_class *class, Der_type *type,
-	     int *tag, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERRUN;
-    *class = (Der_class)(((*p) >> 6) & 0x03);
-    *type = (Der_type)(((*p) >> 5) & 0x01);
-    *tag = (*p) & 0x1F;
-    if(size) *size = 1;
-    return 0;
-}
-
-int
-der_match_tag (const unsigned char *p, size_t len,
-	       Der_class class, Der_type type,
-	       int tag, size_t *size)
-{
-    size_t l;
-    Der_class thisclass;
-    Der_type thistype;
-    int thistag;
-    int e;
-
-    e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
-    if (e) return e;
-    if (class != thisclass || type != thistype)
-	return ASN1_BAD_ID;
-    if(tag > thistag)
-	return ASN1_MISPLACED_FIELD;
-    if(tag < thistag)
-	return ASN1_MISSING_FIELD;
-    if(size) *size = l;
-    return 0;
-}
-
-int
-der_match_tag_and_length (const unsigned char *p, size_t len,
-			  Der_class class, Der_type type, int tag,
-			  size_t *length_ret, size_t *size)
-{
-    size_t l, ret = 0;
-    int e;
-
-    e = der_match_tag (p, len, class, type, tag, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_length (p, len, length_ret, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-decode_integer (const unsigned char *p, size_t len,
-		int *num, size_t *size)
-{
-    size_t ret = 0;
-    size_t l, reallen;
-    int e;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_Integer, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_length (p, len, &reallen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if (reallen > len)
-	return ASN1_OVERRUN;
-    e = der_get_int (p, reallen, num, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-decode_unsigned (const unsigned char *p, size_t len,
-		 unsigned *num, size_t *size)
-{
-    size_t ret = 0;
-    size_t l, reallen;
-    int e;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_Integer, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_length (p, len, &reallen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if (reallen > len)
-	return ASN1_OVERRUN;
-    e = der_get_unsigned (p, reallen, num, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-decode_enumerated (const unsigned char *p, size_t len,
-		   unsigned *num, size_t *size)
-{
-    size_t ret = 0;
-    size_t l, reallen;
-    int e;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_Enumerated, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_length (p, len, &reallen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    e = der_get_int (p, reallen, num, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-decode_general_string (const unsigned char *p, size_t len, 
-		       general_string *str, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-    size_t slen;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_GeneralString, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-
-    e = der_get_length (p, len, &slen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if (len < slen)
-	return ASN1_OVERRUN;
-
-    e = der_get_general_string (p, slen, str, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-decode_octet_string (const unsigned char *p, size_t len, 
-		     octet_string *k, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-    size_t slen;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_OctetString, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-
-    e = der_get_length (p, len, &slen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if (len < slen)
-	return ASN1_OVERRUN;
-
-    e = der_get_octet_string (p, slen, k, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-int
-decode_oid (const unsigned char *p, size_t len, 
-	    oid *k, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-    size_t slen;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_OID, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-
-    e = der_get_length (p, len, &slen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if (len < slen)
-	return ASN1_OVERRUN;
-
-    e = der_get_oid (p, slen, k, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if(size) *size = ret;
-    return 0;
-}
-
-static void
-generalizedtime2time (const char *s, time_t *t)
-{
-    struct tm tm;
-
-    memset(&tm, 0, sizeof(tm));
-    sscanf (s, "%04d%02d%02d%02d%02d%02dZ",
-	    &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
-	    &tm.tm_min, &tm.tm_sec);
-    tm.tm_year -= 1900;
-    tm.tm_mon -= 1;
-    *t = timegm (&tm);
-}
-
-int
-decode_generalized_time (const unsigned char *p, size_t len,
-			 time_t *t, size_t *size)
-{
-    octet_string k;
-    char *times;
-    size_t ret = 0;
-    size_t l;
-    int e;
-    size_t slen;
-
-    e = der_match_tag (p, len, UNIV, PRIM, UT_GeneralizedTime, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-
-    e = der_get_length (p, len, &slen, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    if (len < slen)
-	return ASN1_OVERRUN;
-    e = der_get_octet_string (p, slen, &k, &l);
-    if (e) return e;
-    p += l;
-    len -= l;
-    ret += l;
-    times = realloc(k.data, k.length + 1);
-    if (times == NULL){
-	free(k.data);
-	return ENOMEM;
-    }
-    times[k.length] = 0;
-    generalizedtime2time (times, t);
-    free (times);
-    if(size) *size = ret;
-    return 0;
-}
-
-
-int
-fix_dce(size_t reallen, size_t *len)
-{
-    if(reallen == ASN1_INDEFINITE)
-	return 1;
-    if(*len < reallen)
-	return -1;
-    *len = reallen;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/der_length.c b/crypto/heimdal/lib/asn1/der_length.c
deleted file mode 100644
index 359018f97d89..000000000000
--- a/crypto/heimdal/lib/asn1/der_length.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_length.c,v 1.12 2001/09/25 13:39:26 assar Exp $");
-
-static size_t
-len_unsigned (unsigned val)
-{
-  size_t ret = 0;
-
-  do {
-    ++ret;
-    val /= 256;
-  } while (val);
-  return ret;
-}
-
-static size_t
-len_int (int val)
-{
-  size_t ret = 0;
-
-  if (val == 0)
-    return 1;
-  while (val > 255 || val < -255) {
-    ++ret;
-    val /= 256;
-  }
-  if (val != 0) {
-    ++ret;
-    if ((signed char)val != val)
-      ++ret;
-    val /= 256;
-  }
-  return ret;
-}
-
-static size_t
-len_oid (const oid *oid)
-{
-    size_t ret = 1;
-    int n;
-
-    for (n = 2; n < oid->length; ++n) {
-	unsigned u = oid->components[n];
-
-	++ret;
-	u /= 128;
-	while (u > 0) {
-	    ++ret;
-	    u /= 128;
-	}
-    }
-    return ret;
-}
-
-size_t
-length_len (size_t len)
-{
-  if (len < 128)
-    return 1;
-  else
-    return len_unsigned (len) + 1;
-}
-
-size_t
-length_integer (const int *data)
-{
-  size_t len = len_int (*data);
-
-  return 1 + length_len(len) + len;
-}
-
-size_t
-length_unsigned (const unsigned *data)
-{
-  size_t len = len_unsigned (*data);
-
-  return 1 + length_len(len) + len;
-}
-
-size_t
-length_enumerated (const unsigned *data)
-{
-  size_t len = len_int (*data);
-
-  return 1 + length_len(len) + len;
-}
-
-size_t
-length_general_string (const general_string *data)
-{
-  char *str = *data;
-  size_t len = strlen(str);
-  return 1 + length_len(len) + len;
-}
-
-size_t
-length_octet_string (const octet_string *k)
-{
-  return 1 + length_len(k->length) + k->length;
-}
-
-size_t
-length_oid (const oid *k)
-{
-  size_t len = len_oid (k);
-
-  return 1 + length_len(len) + len;
-}
-
-size_t
-length_generalized_time (const time_t *t)
-{
-  octet_string k;
-  size_t ret;
-
-  time2generalizedtime (*t, &k);
-  ret = 1 + length_len(k.length) + k.length;
-  free (k.data);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/der_locl.h b/crypto/heimdal/lib/asn1/der_locl.h
deleted file mode 100644
index 36a4281363b0..000000000000
--- a/crypto/heimdal/lib/asn1/der_locl.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: der_locl.h,v 1.4 2001/09/27 16:21:47 assar Exp $ */
-
-#ifndef __DER_LOCL_H__
-#define __DER_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <roken.h>
-
-#include <asn1-common.h>
-#include <asn1_err.h>
-#include <der.h>
-
-#endif /* __DER_LOCL_H__ */
diff --git a/crypto/heimdal/lib/asn1/der_put.c b/crypto/heimdal/lib/asn1/der_put.c
deleted file mode 100644
index 41733c57b3f8..000000000000
--- a/crypto/heimdal/lib/asn1/der_put.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: der_put.c,v 1.28 2003/04/17 07:12:24 lha Exp $");
-
-/*
- * All encoding functions take a pointer `p' to first position in
- * which to write, from the right, `len' which means the maximum
- * number of characters we are able to write.  The function returns
- * the number of characters written in `size' (if non-NULL).
- * The return value is 0 or an error.
- */
-
-static int
-der_put_unsigned (unsigned char *p, size_t len, unsigned val, size_t *size)
-{
-    unsigned char *base = p;
-
-    if (val) {
-	while (len > 0 && val) {
-	    *p-- = val % 256;
-	    val /= 256;
-	    --len;
-	}
-	if (val != 0)
-	    return ASN1_OVERFLOW;
-	else {
-	    *size = base - p;
-	    return 0;
-	}
-    } else if (len < 1)
-	return ASN1_OVERFLOW;
-    else {
-	*p    = 0;
-	*size = 1;
-	return 0;
-    }
-}
-
-int
-der_put_int (unsigned char *p, size_t len, int val, size_t *size)
-{
-    unsigned char *base = p;
-
-    if(val >= 0) {
-	do {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = val % 256;
-	    len--;
-	    val /= 256;
-	} while(val);
-	if(p[1] >= 128) {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0;
-	    len--;
-	}
-    } else {
-	val = ~val;
-	do {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = ~(val % 256);
-	    len--;
-	    val /= 256;
-	} while(val);
-	if(p[1] < 128) {
-	    if(len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 0xff;
-	    len--;
-	}
-    }
-    *size = base - p;
-    return 0;
-}
-
-
-int
-der_put_length (unsigned char *p, size_t len, size_t val, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERFLOW;
-    if (val < 128) {
-	*p = val;
-	*size = 1;
-	return 0;
-    } else {
-	size_t l;
-	int e;
-
-	e = der_put_unsigned (p, len - 1, val, &l);
-	if (e)
-	    return e;
-	p -= l;
-	*p = 0x80 | l;
-	*size = l + 1;
-	return 0;
-    }
-}
-
-int
-der_put_general_string (unsigned char *p, size_t len, 
-			const general_string *str, size_t *size)
-{
-    size_t slen = strlen(*str);
-
-    if (len < slen)
-	return ASN1_OVERFLOW;
-    p -= slen;
-    len -= slen;
-    memcpy (p+1, *str, slen);
-    *size = slen;
-    return 0;
-}
-
-int
-der_put_octet_string (unsigned char *p, size_t len, 
-		      const octet_string *data, size_t *size)
-{
-    if (len < data->length)
-	return ASN1_OVERFLOW;
-    p -= data->length;
-    len -= data->length;
-    memcpy (p+1, data->data, data->length);
-    *size = data->length;
-    return 0;
-}
-
-int
-der_put_oid (unsigned char *p, size_t len,
-	     const oid *data, size_t *size)
-{
-    unsigned char *base = p;
-    int n;
-
-    for (n = data->length - 1; n >= 2; --n) {
-	unsigned u = data->components[n];
-
-	if (len < 1)
-	    return ASN1_OVERFLOW;
-	*p-- = u % 128;
-	u /= 128;
-	--len;
-	while (u > 0) {
-	    if (len < 1)
-		return ASN1_OVERFLOW;
-	    *p-- = 128 + u % 128;
-	    u /= 128;
-	    --len;
-	}
-    }
-    if (len < 1)
-	return ASN1_OVERFLOW;
-    *p-- = 40 * data->components[0] + data->components[1];
-    *size = base - p;
-    return 0;
-}
-
-int
-der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
-	     int tag, size_t *size)
-{
-    if (len < 1)
-	return ASN1_OVERFLOW;
-    *p = (class << 6) | (type << 5) | tag; /* XXX */
-    *size = 1;
-    return 0;
-}
-
-int
-der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val,
-			Der_class class, Der_type type, int tag, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    e = der_put_length (p, len, len_val, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_tag (p, len, class, type, tag, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-encode_integer (unsigned char *p, size_t len, const int *data, size_t *size)
-{
-    int num = *data;
-    size_t ret = 0;
-    size_t l;
-    int e;
-    
-    e = der_put_int (p, len, num, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_Integer, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-encode_unsigned (unsigned char *p, size_t len, const unsigned *data,
-		 size_t *size)
-{
-    unsigned num = *data;
-    size_t ret = 0;
-    size_t l;
-    int e;
-    
-    e = der_put_unsigned (p, len, num, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_Integer, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-encode_enumerated (unsigned char *p, size_t len, const unsigned *data,
-		   size_t *size)
-{
-    unsigned num = *data;
-    size_t ret = 0;
-    size_t l;
-    int e;
-    
-    e = der_put_int (p, len, num, &l);
-    if(e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_Enumerated, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-encode_general_string (unsigned char *p, size_t len, 
-		       const general_string *data, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    e = der_put_general_string (p, len, data, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_GeneralString, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-encode_octet_string (unsigned char *p, size_t len, 
-		     const octet_string *k, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    e = der_put_octet_string (p, len, k, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_OctetString, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-encode_oid(unsigned char *p, size_t len,
-	   const oid *k, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    int e;
-
-    e = der_put_oid (p, len, k, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_OID, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
-
-int
-time2generalizedtime (time_t t, octet_string *s)
-{
-     struct tm *tm;
-     size_t len;
-
-     len = 15;
-
-     s->data = malloc(len + 1);
-     if (s->data == NULL)
-	 return ENOMEM;
-     s->length = len;
-     tm = gmtime (&t);
-     snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", 
-	       tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
-	       tm->tm_hour, tm->tm_min, tm->tm_sec);
-     return 0;
-}
-
-int
-encode_generalized_time (unsigned char *p, size_t len,
-			 const time_t *t, size_t *size)
-{
-    size_t ret = 0;
-    size_t l;
-    octet_string k;
-    int e;
-
-    e = time2generalizedtime (*t, &k);
-    if (e)
-	return e;
-    e = der_put_octet_string (p, len, &k, &l);
-    free (k.data);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    e = der_put_length_and_tag (p, len, k.length, UNIV, PRIM, 
-				UT_GeneralizedTime, &l);
-    if (e)
-	return e;
-    p -= l;
-    len -= l;
-    ret += l;
-    *size = ret;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c
deleted file mode 100644
index 8580360c6058..000000000000
--- a/crypto/heimdal/lib/asn1/gen.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen.c,v 1.50 2003/04/17 07:09:18 lha Exp $");
-
-FILE *headerfile, *codefile, *logfile;
-
-#define STEM "asn1"
-
-static const char *orig_filename;
-static char *header;
-static char *headerbase = STEM;
-
-/*
- * list of all IMPORTs
- */
-
-struct import {
-    const char *module;
-    struct import *next;
-};
-
-static struct import *imports = NULL;
-
-void
-add_import (const char *module)
-{
-    struct import *tmp = emalloc (sizeof(*tmp));
-
-    tmp->module = module;
-    tmp->next   = imports;
-    imports     = tmp;
-}
-
-const char *
-filename (void)
-{
-    return orig_filename;
-}
-
-void
-init_generate (const char *filename, const char *base)
-{
-    orig_filename = filename;
-    if(base)
-	asprintf(&headerbase, "%s", base);
-    asprintf(&header, "%s.h", headerbase);
-    headerfile = fopen (header, "w");
-    if (headerfile == NULL)
-	err (1, "open %s", header);
-    fprintf (headerfile,
-	     "/* Generated from %s */\n"
-	     "/* Do not edit */\n\n",
-	     filename);
-    fprintf (headerfile, 
-	     "#ifndef __%s_h__\n"
-	     "#define __%s_h__\n\n", headerbase, headerbase);
-    fprintf (headerfile, 
-	     "#include <stddef.h>\n"
-	     "#include <time.h>\n\n");
-#ifndef HAVE_TIMEGM
-    fprintf (headerfile, "time_t timegm (struct tm*);\n\n");
-#endif
-    fprintf (headerfile,
-	     "#ifndef __asn1_common_definitions__\n"
-	     "#define __asn1_common_definitions__\n\n");
-    fprintf (headerfile,
-	     "typedef struct octet_string {\n"
-	     "  size_t length;\n"
-	     "  void *data;\n"
-	     "} octet_string;\n\n");
-    fprintf (headerfile,
-	     "typedef char *general_string;\n\n"
-	     );
-    fprintf (headerfile,
-	     "typedef struct oid {\n"
-	     "  size_t length;\n"
-	     "  unsigned *components;\n"
-	     "} oid;\n\n");
-    fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \\\n"
-	  "  do {                                                         \\\n"
-	  "    (BL) = length_##T((S));                                    \\\n"
-	  "    (B) = malloc((BL));                                        \\\n"
-	  "    if((B) == NULL) {                                          \\\n"
-	  "      (R) = ENOMEM;                                            \\\n"
-	  "    } else {                                                   \\\n"
-	  "      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
-	  "                       (S), (L));                              \\\n"
-	  "      if((R) != 0) {                                           \\\n"
-	  "        free((B));                                             \\\n"
-	  "        (B) = NULL;                                            \\\n"
-	  "      }                                                        \\\n"
-	  "    }                                                          \\\n"
-	  "  } while (0)\n\n",
-	  headerfile);
-    fprintf (headerfile, "#endif\n\n");
-    logfile = fopen(STEM "_files", "w");
-    if (logfile == NULL)
-	err (1, "open " STEM "_files");
-}
-
-void
-close_generate (void)
-{
-    fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
-
-    fclose (headerfile);
-    fprintf (logfile, "\n");
-    fclose (logfile);
-}
-
-void
-generate_constant (const Symbol *s)
-{
-  fprintf (headerfile, "enum { %s = %d };\n\n",
-	   s->gen_name, s->constant);
-}
-
-static void
-space(int level)
-{
-    while(level-- > 0)
-	fprintf(headerfile, "  ");
-}
-
-static void
-define_asn1 (int level, Type *t)
-{
-    switch (t->type) {
-    case TType:
-	space(level);
-	fprintf (headerfile, "%s", t->symbol->name);
-	break;
-    case TInteger:
-	space(level);
-	fprintf (headerfile, "INTEGER");
-	break;
-    case TUInteger:
-	space(level);
-	fprintf (headerfile, "UNSIGNED INTEGER");
-	break;
-    case TOctetString:
-	space(level);
-	fprintf (headerfile, "OCTET STRING");
-	break;
-    case TOID :
-	space(level);
-	fprintf(headerfile, "OBJECT IDENTIFIER");
-	break;
-    case TBitString: {
-	Member *m;
-	int tag = -1;
-
-	space(level);
-	fprintf (headerfile, "BIT STRING {\n");
-	for (m = t->members; m && m->val != tag; m = m->next) {
-	    if (tag == -1)
-		tag = m->val;
-	    space(level + 1);
-	    fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, 
-		     m->next->val == tag?"":",");
-
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TEnumerated : {
-	Member *m;
-	int tag = -1;
-
-	space(level);
-	fprintf (headerfile, "ENUMERATED {\n");
-	for (m = t->members; m && m->val != tag; m = m->next) {
-	    if (tag == -1)
-		tag = m->val;
-	    space(level + 1);
-	    fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, 
-		     m->next->val == tag?"":",");
-
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TSequence: {
-	Member *m;
-	int tag;
-	int max_width = 0;
-
-	space(level);
-	fprintf (headerfile, "SEQUENCE {\n");
-	for (m = t->members, tag = -1; m && m->val != tag; m = m->next) {
-	    if (tag == -1)
-		tag = m->val;
-	    if(strlen(m->name) + (m->val > 9) > max_width)
-		max_width = strlen(m->name) + (m->val > 9);
-	}
-	max_width += 3 + 2;
-	if(max_width < 16) max_width = 16;
-	for (m = t->members, tag = -1 ; m && m->val != tag; m = m->next) {
-	    int width;
-	    if (tag == -1)
-		tag = m->val;
-	    space(level + 1);
-	    fprintf(headerfile, "%s[%d]", m->name, m->val);
-	    width = max_width - strlen(m->name) - 3 - (m->val > 9) - 2;
-	    fprintf(headerfile, "%*s", width, "");
-	    define_asn1(level + 1, m->type);
-	    if(m->optional)
-		fprintf(headerfile, " OPTIONAL");
-	    if(m->next->val != tag)
-		fprintf (headerfile, ",");
-	    fprintf (headerfile, "\n");
-	}
-	space(level);
-	fprintf (headerfile, "}");
-	break;
-    }
-    case TSequenceOf: {
-	space(level);
-	fprintf (headerfile, "SEQUENCE OF ");
-	define_asn1 (0, t->subtype);
-	break;
-    }
-    case TGeneralizedTime:
-	space(level);
-	fprintf (headerfile, "GeneralizedTime");
-	break;
-    case TGeneralString:
-	space(level);
-	fprintf (headerfile, "GeneralString");
-	break;
-    case TApplication:
-	fprintf (headerfile, "[APPLICATION %d] ", t->application);
-	define_asn1 (level, t->subtype);
-	break;
-    default:
-	abort ();
-    }
-}
-
-static void
-define_type (int level, char *name, Type *t, int typedefp)
-{
-    switch (t->type) {
-    case TType:
-	space(level);
-	fprintf (headerfile, "%s %s;\n", t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	space(level);
-        if(t->members == NULL) {
-            fprintf (headerfile, "int %s;\n", name);
-        } else {
-            Member *m;
-            int tag = -1;
-            fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
-	    for (m = t->members; m && m->val != tag; m = m->next) {
-                if(tag == -1)
-                    tag = m->val;
-                space (level + 1);
-                fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, 
-                        m->next->val == tag ? "" : ",");
-            }
-            fprintf (headerfile, "} %s;\n", name);
-        }
-	break;
-    case TUInteger:
-	space(level);
-	fprintf (headerfile, "unsigned int %s;\n", name);
-	break;
-    case TOctetString:
-	space(level);
-	fprintf (headerfile, "octet_string %s;\n", name);
-	break;
-    case TOID :
-	space(level);
-	fprintf (headerfile, "oid %s;\n", name);
-	break;
-    case TBitString: {
-	Member *m;
-	Type i;
-	int tag = -1;
-
-	i.type = TUInteger;
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	for (m = t->members; m && m->val != tag; m = m->next) {
-	    char *n;
-
-	    asprintf (&n, "%s:1", m->gen_name);
-	    define_type (level + 1, n, &i, FALSE);
-	    free (n);
-	    if (tag == -1)
-		tag = m->val;
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n\n", name);
-	break;
-    }
-    case TEnumerated: {
-	Member *m;
-	int tag = -1;
-
-	space(level);
-	fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
-	for (m = t->members; m && m->val != tag; m = m->next) {
-	    if (tag == -1)
-		tag = m->val;
-	    space(level + 1);
-	    fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val,
-                        m->next->val == tag ? "" : ",");
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n\n", name);
-	break;
-    }
-    case TSequence: {
-	Member *m;
-	int tag = -1;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	for (m = t->members; m && m->val != tag; m = m->next) {
-	    if (m->optional) {
-		char *n;
-
-		asprintf (&n, "*%s", m->gen_name);
-		define_type (level + 1, n, m->type, FALSE);
-		free (n);
-	    } else
-		define_type (level + 1, m->gen_name, m->type, FALSE);
-	    if (tag == -1)
-		tag = m->val;
-	}
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TSequenceOf: {
-	Type i;
-
-	i.type = TUInteger;
-	i.application = 0;
-
-	space(level);
-	fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
-	define_type (level + 1, "len", &i, FALSE);
-	define_type (level + 1, "*val", t->subtype, FALSE);
-	space(level);
-	fprintf (headerfile, "} %s;\n", name);
-	break;
-    }
-    case TGeneralizedTime:
-	space(level);
-	fprintf (headerfile, "time_t %s;\n", name);
-	break;
-    case TGeneralString:
-	space(level);
-	fprintf (headerfile, "general_string %s;\n", name);
-	break;
-    case TApplication:
-	define_type (level, name, t->subtype, FALSE);
-	break;
-    default:
-	abort ();
-    }
-}
-
-static void
-generate_type_header (const Symbol *s)
-{
-    fprintf (headerfile, "/*\n");
-    fprintf (headerfile, "%s ::= ", s->name);
-    define_asn1 (0, s->type);
-    fprintf (headerfile, "\n*/\n\n");
-
-    fprintf (headerfile, "typedef ");
-    define_type (0, s->gen_name, s->type, TRUE);
-
-    fprintf (headerfile, "\n");
-}
-
-
-void
-generate_type (const Symbol *s)
-{
-    struct import *i;
-    char *filename;
-
-    asprintf (&filename, "%s_%s.x", STEM, s->gen_name);
-    codefile = fopen (filename, "w");
-    if (codefile == NULL)
-	err (1, "fopen %s", filename);
-    fprintf(logfile, "%s ", filename);
-    free(filename);
-    fprintf (codefile, 
-	     "/* Generated from %s */\n"
-	     "/* Do not edit */\n\n"
-	     "#include <stdio.h>\n"
-	     "#include <stdlib.h>\n"
-	     "#include <time.h>\n"
-	     "#include <string.h>\n"
-	     "#include <errno.h>\n",
-	     orig_filename);
-
-    for (i = imports; i != NULL; i = i->next)
-	fprintf (codefile,
-		 "#include <%s_asn1.h>\n",
-		 i->module);
-    fprintf (codefile,
-	     "#include <%s.h>\n",
-	     headerbase);
-    fprintf (codefile,
-	     "#include <asn1_err.h>\n"
-	     "#include <der.h>\n"
-	     "#include <parse_units.h>\n\n");
-    generate_type_header (s);
-    generate_type_encode (s);
-    generate_type_decode (s);
-    generate_type_free (s);
-    generate_type_length (s);
-    generate_type_copy (s);
-    generate_glue (s);
-    fprintf(headerfile, "\n\n");
-    fclose(codefile);
-}
diff --git a/crypto/heimdal/lib/asn1/gen.h b/crypto/heimdal/lib/asn1/gen.h
deleted file mode 100644
index 369b6e392acd..000000000000
--- a/crypto/heimdal/lib/asn1/gen.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gen.h,v 1.4 1999/12/02 17:05:02 joda Exp $ */
-
-#include <stdio.h>
-#include "symbol.h"
-
diff --git a/crypto/heimdal/lib/asn1/gen_copy.c b/crypto/heimdal/lib/asn1/gen_copy.c
deleted file mode 100644
index 20f0d5b569e7..000000000000
--- a/crypto/heimdal/lib/asn1/gen_copy.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_copy.c,v 1.12 2001/09/25 13:39:26 assar Exp $");
-
-static void
-copy_primitive (const char *typename, const char *from, const char *to)
-{
-    fprintf (codefile, "if(copy_%s(%s, %s)) return ENOMEM;\n", 
-	     typename, from, to);
-}
-
-static void
-copy_type (const char *from, const char *to, const Type *t)
-{
-  switch (t->type) {
-  case TType:
-#if 0
-      copy_type (from, to, t->symbol->type);
-#endif
-      fprintf (codefile, "if(copy_%s(%s, %s)) return ENOMEM;\n", 
-	       t->symbol->gen_name, from, to);
-      break;
-  case TInteger:
-  case TUInteger:
-  case TEnumerated :
-      fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-      break;
-  case TOctetString:
-      copy_primitive ("octet_string", from, to);
-      break;
-  case TOID:
-      copy_primitive ("oid", from, to);
-      break;
-  case TBitString: {
-      fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-      break;
-  }
-  case TSequence: {
-      Member *m;
-      int tag = -1;
-
-      if (t->members == NULL)
-	  break;
-      
-      for (m = t->members; m && tag != m->val; m = m->next) {
-	  char *f;
-	  char *t;
-
-	  asprintf (&f, "%s(%s)->%s",
-		    m->optional ? "" : "&", from, m->gen_name);
-	  asprintf (&t, "%s(%s)->%s",
-		    m->optional ? "" : "&", to, m->gen_name);
-	  if(m->optional){
-	      fprintf(codefile, "if(%s) {\n", f);
-	      fprintf(codefile, "%s = malloc(sizeof(*%s));\n", t, t);
-	      fprintf(codefile, "if(%s == NULL) return ENOMEM;\n", t);
-	  }
-	  copy_type (f, t, m->type);
-	  if(m->optional){
-	      fprintf(codefile, "}else\n");
-	      fprintf(codefile, "%s = NULL;\n", t);
-	  }
-	  if (tag == -1)
-	      tag = m->val;
-	  free (f);
-	  free (t);
-      }
-      break;
-  }
-  case TSequenceOf: {
-      char *f;
-      char *T;
-
-      fprintf (codefile, "if(((%s)->val = "
-	       "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", 
-	       to, from, to, from);
-      fprintf (codefile, "return ENOMEM;\n");
-      fprintf(codefile,
-	      "for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n",
-	      to, to, from, to);
-      asprintf(&f, "&(%s)->val[(%s)->len]", from, to);
-      asprintf(&T, "&(%s)->val[(%s)->len]", to, to);
-      copy_type(f, T, t->subtype);
-      fprintf(codefile, "}\n");
-      free(f);
-      free(T);
-      break;
-  }
-  case TGeneralizedTime:
-      fprintf(codefile, "*(%s) = *(%s);\n", to, from);
-      break;
-  case TGeneralString:
-      copy_primitive ("general_string", from, to);
-      break;
-  case TApplication:
-      copy_type (from, to, t->subtype);
-      break;
-  default :
-      abort ();
-  }
-}
-
-void
-generate_type_copy (const Symbol *s)
-{
-  fprintf (headerfile,
-	   "int    copy_%s  (const %s *, %s *);\n",
-	   s->gen_name, s->gen_name, s->gen_name);
-
-  fprintf (codefile, "int\n"
-	   "copy_%s(const %s *from, %s *to)\n"
-	   "{\n",
-	   s->gen_name, s->gen_name, s->gen_name);
-
-  copy_type ("from", "to", s->type);
-  fprintf (codefile, "return 0;\n}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_decode.c b/crypto/heimdal/lib/asn1/gen_decode.c
deleted file mode 100644
index 7237e4e421ad..000000000000
--- a/crypto/heimdal/lib/asn1/gen_decode.c
+++ /dev/null
@@ -1,394 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_decode.c,v 1.18 2002/08/09 15:37:34 joda Exp $");
-
-static void
-decode_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile,
-	     "e = decode_%s(p, len, %s, &l);\n"
-	     "FORW;\n",
-	     typename,
-	     name);
-}
-
-static void
-decode_type (const char *name, const Type *t)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	decode_type (name, t->symbol->type);
-#endif
-	fprintf (codefile,
-		 "e = decode_%s(p, len, %s, &l);\n"
-		 "FORW;\n",
-		 t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if(t->members == NULL)
-	    decode_primitive ("integer", name);
-	else {
-	    char *s;
-	    asprintf(&s, "(int*)%s", name);
-	    if(s == NULL)
-		errx (1, "out of memory");
-	    decode_primitive ("integer", s);
-	    free(s);
-	}
-	break;
-    case TUInteger:
-	decode_primitive ("unsigned", name);
-	break;
-    case TEnumerated:
-	decode_primitive ("enumerated", name);
-	break;
-    case TOctetString:
-	decode_primitive ("octet_string", name);
-	break;
-    case TOID :
-	decode_primitive ("oid", name);
-	break;
-    case TBitString: {
-	Member *m;
-	int tag = -1;
-	int pos;
-
-	fprintf (codefile,
-		 "e = der_match_tag_and_length (p, len, UNIV, PRIM, UT_BitString,"
-		 "&reallen, &l);\n"
-		 "FORW;\n"
-		 "if(len < reallen)\n"
-		 "return ASN1_OVERRUN;\n"
-		 "p++;\n"
-		 "len--;\n"
-		 "reallen--;\n"
-		 "ret++;\n");
-	pos = 0;
-	for (m = t->members; m && tag != m->val; m = m->next) {
-	    while (m->val / 8 > pos / 8) {
-		fprintf (codefile,
-			 "p++; len--; reallen--; ret++;\n");
-		pos += 8;
-	    }
-	    fprintf (codefile,
-		     "%s->%s = (*p >> %d) & 1;\n",
-		     name, m->gen_name, 7 - m->val % 8);
-	    if (tag == -1)
-		tag = m->val;
-	}
-	fprintf (codefile,
-		 "p += reallen; len -= reallen; ret += reallen;\n");
-	break;
-    }
-    case TSequence: {
-	Member *m;
-	int tag = -1;
-
-	if (t->members == NULL)
-	    break;
-
-	fprintf (codefile,
-		 "e = der_match_tag_and_length (p, len, UNIV, CONS, UT_Sequence,"
-		 "&reallen, &l);\n"
-		 "FORW;\n"
-		 "{\n"
-		 "int dce_fix;\n"
-		 "if((dce_fix = fix_dce(reallen, &len)) < 0)\n"
-		 "return ASN1_BAD_FORMAT;\n");
-
-	for (m = t->members; m && tag != m->val; m = m->next) {
-	    char *s;
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
-	    if (0 && m->type->type == TType){
-		if(m->optional)
-		    fprintf (codefile,
-			     "%s = malloc(sizeof(*%s));\n"
-			     "if(%s == NULL) return ENOMEM;\n", s, s, s);
-		fprintf (codefile, 
-			 "e = decode_seq_%s(p, len, %d, %d, %s, &l);\n",
-			 m->type->symbol->gen_name,
-			 m->val, 
-			 m->optional,
-			 s);
-		if(m->optional)
-		    fprintf (codefile, 
-			     "if (e == ASN1_MISSING_FIELD) {\n"
-			     "free(%s);\n"
-			     "%s = NULL;\n"
-			     "e = l = 0;\n"
-			     "}\n",
-			     s, s);
-	  
-		fprintf (codefile, "FORW;\n");
-	  
-	    }else{
-		fprintf (codefile, "{\n"
-			 "size_t newlen, oldlen;\n\n"
-			 "e = der_match_tag (p, len, CONTEXT, CONS, %d, &l);\n",
-			 m->val);
-		fprintf (codefile,
-			 "if (e)\n");
-		if(m->optional)
-		    /* XXX should look at e */
-		    fprintf (codefile,
-			     "%s = NULL;\n", s);
-		else
-		    fprintf (codefile,
-			     "return e;\n");
-		fprintf (codefile, 
-			 "else {\n");
-		fprintf (codefile,
-			 "p += l;\n"
-			 "len -= l;\n"
-			 "ret += l;\n"
-			 "e = der_get_length (p, len, &newlen, &l);\n"
-			 "FORW;\n"
-			 "{\n"
-	       
-			 "int dce_fix;\n"
-			 "oldlen = len;\n"
-			 "if((dce_fix = fix_dce(newlen, &len)) < 0)"
-			 "return ASN1_BAD_FORMAT;\n");
-		if (m->optional)
-		    fprintf (codefile,
-			     "%s = malloc(sizeof(*%s));\n"
-			     "if(%s == NULL) return ENOMEM;\n", s, s, s);
-		decode_type (s, m->type);
-		fprintf (codefile,
-			 "if(dce_fix){\n"
-			 "e = der_match_tag_and_length (p, len, "
-			 "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n"
-			 "FORW;\n"
-			 "}else \n"
-			 "len = oldlen - newlen;\n"
-			 "}\n"
-			 "}\n");
-		fprintf (codefile,
-			 "}\n");
-	    }
-	    if (tag == -1)
-		tag = m->val;
-	    free (s);
-	}
-	fprintf(codefile,
-		"if(dce_fix){\n"
-		"e = der_match_tag_and_length (p, len, "
-		"(Der_class)0, (Der_type)0, 0, &reallen, &l);\n"
-		"FORW;\n"
-		"}\n"
-		"}\n");
-
-	break;
-    }
-    case TSequenceOf: {
-	char *n;
-
-	fprintf (codefile,
-		 "e = der_match_tag_and_length (p, len, UNIV, CONS, UT_Sequence,"
-		 "&reallen, &l);\n"
-		 "FORW;\n"
-		 "if(len < reallen)\n"
-		 "return ASN1_OVERRUN;\n"
-		 "len = reallen;\n");
-
-	fprintf (codefile,
-		 "{\n"
-		 "size_t origlen = len;\n"
-		 "int oldret = ret;\n"
-		 "ret = 0;\n"
-		 "(%s)->len = 0;\n"
-		 "(%s)->val = NULL;\n"
-		 "while(ret < origlen) {\n"
-		 "(%s)->len++;\n"
-		 "(%s)->val = realloc((%s)->val, sizeof(*((%s)->val)) * (%s)->len);\n",
-		 name, name, name, name, name, name, name);
-	asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name);
-	decode_type (n, t->subtype);
-	fprintf (codefile, 
-		 "len = origlen - ret;\n"
-		 "}\n"
-		 "ret += oldret;\n"
-		 "}\n");
-	free (n);
-	break;
-    }
-    case TGeneralizedTime:
-	decode_primitive ("generalized_time", name);
-	break;
-    case TGeneralString:
-	decode_primitive ("general_string", name);
-	break;
-    case TApplication:
-	fprintf (codefile,
-		 "e = der_match_tag_and_length (p, len, APPL, CONS, %d, "
-		 "&reallen, &l);\n"
-		 "FORW;\n"
-		 "{\n"
-		 "int dce_fix;\n"
-		 "if((dce_fix = fix_dce(reallen, &len)) < 0)\n"
-		 "return ASN1_BAD_FORMAT;\n", 
-		 t->application);
-	decode_type (name, t->subtype);
-	fprintf(codefile,
-		"if(dce_fix){\n"
-		"e = der_match_tag_and_length (p, len, "
-		"(Der_class)0, (Der_type)0, 0, &reallen, &l);\n"
-		"FORW;\n"
-		"}\n"
-		"}\n");
-
-	break;
-    default :
-	abort ();
-    }
-}
-
-void
-generate_type_decode (const Symbol *s)
-{
-  fprintf (headerfile,
-	   "int    "
-	   "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
-	   s->gen_name, s->gen_name);
-
-  fprintf (codefile, "#define FORW "
-	   "if(e) goto fail; "
-	   "p += l; "
-	   "len -= l; "
-	   "ret += l\n\n");
-
-
-  fprintf (codefile, "int\n"
-	   "decode_%s(const unsigned char *p,"
-	   " size_t len, %s *data, size_t *size)\n"
-	   "{\n",
-	   s->gen_name, s->gen_name);
-
-  switch (s->type->type) {
-  case TInteger:
-  case TUInteger:
-  case TOctetString:
-  case TOID:
-  case TGeneralizedTime:
-  case TGeneralString:
-  case TBitString:
-  case TSequence:
-  case TSequenceOf:
-  case TApplication:
-  case TType:
-    fprintf (codefile,
-	     "size_t ret = 0, reallen;\n"
-	     "size_t l;\n"
-	     "int e;\n\n");
-    fprintf (codefile, "memset(data, 0, sizeof(*data));\n");
-    fprintf (codefile, "reallen = 0;\n"); /* hack to avoid `unused variable' */
-
-    decode_type ("data", s->type);
-    fprintf (codefile, 
-	     "if(size) *size = ret;\n"
-	     "return 0;\n");
-    fprintf (codefile,
-	     "fail:\n"
-	     "free_%s(data);\n"
-	     "return e;\n",
-	     s->gen_name);
-    break;
-  default:
-    abort ();
-  }
-  fprintf (codefile, "}\n\n");
-}
-
-void
-generate_seq_type_decode (const Symbol *s)
-{
-    fprintf (headerfile,
-	     "int decode_seq_%s(const unsigned char *, size_t, int, int, "
-	     "%s *, size_t *);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile, "int\n"
-	     "decode_seq_%s(const unsigned char *p, size_t len, int tag, "
-	     "int optional, %s *data, size_t *size)\n"
-	     "{\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile,
-	     "size_t newlen, oldlen;\n"
-	     "size_t l, ret = 0;\n"
-	     "int e;\n"
-	     "int dce_fix;\n");
-    
-    fprintf (codefile,
-	     "e = der_match_tag(p, len, CONTEXT, CONS, tag, &l);\n"
-	     "if (e)\n"
-	     "return e;\n");
-    fprintf (codefile, 
-	     "p += l;\n"
-	     "len -= l;\n"
-	     "ret += l;\n"
-	     "e = der_get_length(p, len, &newlen, &l);\n"
-	     "if (e)\n"
-	     "return e;\n"
-	     "p += l;\n"
-	     "len -= l;\n"
-	     "ret += l;\n"
-	     "oldlen = len;\n"
-	     "if ((dce_fix = fix_dce(newlen, &len)) < 0)\n"
-	     "return ASN1_BAD_FORMAT;\n"
-	     "e = decode_%s(p, len, data, &l);\n"
-	     "if (e)\n"
-	     "return e;\n"
-	     "p += l;\n"
-	     "len -= l;\n"
-	     "ret += l;\n"
-	     "if (dce_fix) {\n"
-	     "size_t reallen;\n\n"
-	     "e = der_match_tag_and_length(p, len, "
-	     "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n"
-	     "if (e)\n"
-	     "return e;\n"
-	     "ret += l;\n"
-	     "}\n",
-	     s->gen_name);
-    fprintf (codefile, 
-	     "if(size) *size = ret;\n"
-	     "return 0;\n");
-
-    fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/gen_encode.c b/crypto/heimdal/lib/asn1/gen_encode.c
deleted file mode 100644
index ba50d5da4c0a..000000000000
--- a/crypto/heimdal/lib/asn1/gen_encode.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_encode.c,v 1.12 2001/09/25 13:39:26 assar Exp $");
-
-static void
-encode_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile,
-	     "e = encode_%s(p, len, %s, &l);\n"
-	     "BACK;\n",
-	     typename,
-	     name);
-}
-
-static void
-encode_type (const char *name, const Type *t)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	encode_type (name, t->symbol->type);
-#endif
-	fprintf (codefile,
-		 "e = encode_%s(p, len, %s, &l);\n"
-		 "BACK;\n",
-		 t->symbol->gen_name, name);
-	break;
-    case TInteger:
-	if(t->members == NULL)
-	    encode_primitive ("integer", name);
-	else {
-	    char *s;
-	    asprintf(&s, "(const int*)%s", name);
-	    if(s == NULL)
-		errx(1, "out of memory");
-	    encode_primitive ("integer", s);
-	    free(s);
-	}
-	break;
-    case TUInteger:
-	encode_primitive ("unsigned", name);
-	break;
-    case TOctetString:
-	encode_primitive ("octet_string", name);
-	break;
-    case TOID :
-	encode_primitive ("oid", name);
-	break;
-    case TBitString: {
-	Member *m;
-	int pos;
-	int rest;
-	int tag = -1;
-
-	if (t->members == NULL)
-	    break;
-
-	fprintf (codefile, "{\n"
-		 "unsigned char c = 0;\n");
-	pos = t->members->prev->val;
-	/* fix for buggy MIT (and OSF?) code */
-	if (pos > 31)
-	    abort ();
-	/*
-	 * It seems that if we do not always set pos to 31 here, the MIT
-	 * code will do the wrong thing.
-	 *
-	 * I hate ASN.1 (and DER), but I hate it even more when everybody
-	 * has to screw it up differently.
-	 */
-	pos = 31;
-	rest = 7 - (pos % 8);
-
-	for (m = t->members->prev; m && tag != m->val; m = m->prev) {
-	    while (m->val / 8 < pos / 8) {
-		fprintf (codefile,
-			 "*p-- = c; len--; ret++;\n"
-			 "c = 0;\n");
-		pos -= 8;
-	    }
-	    fprintf (codefile,
-		     "if(%s->%s) c |= 1<<%d;\n", name, m->gen_name,
-		     7 - m->val % 8);
-
-	    if (tag == -1)
-		tag = m->val;
-	}
-
-	fprintf (codefile, 
-		 "*p-- = c;\n"
-		 "*p-- = %d;\n"
-		 "len -= 2;\n"
-		 "ret += 2;\n"
-		 "}\n\n"
-		 "e = der_put_length_and_tag (p, len, ret, UNIV, PRIM,"
-		 "UT_BitString, &l);\n"
-		 "BACK;\n",
-		 rest);
-	break;
-    }
-    case TEnumerated : {
-	encode_primitive ("enumerated", name);
-	break;
-    }
-    case TSequence: {
-	Member *m;
-	int tag = -1;
-
-	if (t->members == NULL)
-	    break;
-
-	for (m = t->members->prev; m && tag != m->val; m = m->prev) {
-	    char *s;
-
-	    asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
-	    if (m->optional)
-		fprintf (codefile,
-			 "if(%s)\n",
-			 s);
-#if 1
-	    fprintf (codefile, "{\n"
-		     "int oldret = ret;\n"
-		     "ret = 0;\n");
-#endif
-	    encode_type (s, m->type);
-	    fprintf (codefile,
-		     "e = der_put_length_and_tag (p, len, ret, CONTEXT, CONS, "
-		     "%d, &l);\n"
-		     "BACK;\n",
-		     m->val);
-#if 1
-	    fprintf (codefile,
-		     "ret += oldret;\n"
-		     "}\n");
-#endif
-	    if (tag == -1)
-		tag = m->val;
-	    free (s);
-	}
-	fprintf (codefile,
-		 "e = der_put_length_and_tag (p, len, ret, UNIV, CONS, UT_Sequence, &l);\n"
-		 "BACK;\n");
-	break;
-    }
-    case TSequenceOf: {
-	char *n;
-
-	fprintf (codefile,
-		 "for(i = (%s)->len - 1; i >= 0; --i) {\n"
-#if 1
-		 "int oldret = ret;\n"
-		 "ret = 0;\n",
-#else
-		 ,
-#endif
-		 name);
-	asprintf (&n, "&(%s)->val[i]", name);
-	encode_type (n, t->subtype);
-	fprintf (codefile,
-#if 1
-		 "ret += oldret;\n"
-#endif
-		 "}\n"
-		 "e = der_put_length_and_tag (p, len, ret, UNIV, CONS, UT_Sequence, &l);\n"
-		 "BACK;\n");
-	free (n);
-	break;
-    }
-    case TGeneralizedTime:
-	encode_primitive ("generalized_time", name);
-	break;
-    case TGeneralString:
-	encode_primitive ("general_string", name);
-	break;
-    case TApplication:
-	encode_type (name, t->subtype);
-	fprintf (codefile,
-		 "e = der_put_length_and_tag (p, len, ret, APPL, CONS, %d, &l);\n"
-		 "BACK;\n",
-		 t->application);
-	break;
-    default:
-	abort ();
-    }
-}
-
-void
-generate_type_encode (const Symbol *s)
-{
-  fprintf (headerfile,
-	   "int    "
-	   "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
-	   s->gen_name, s->gen_name);
-
-  fprintf (codefile, "#define BACK if (e) return e; p -= l; len -= l; ret += l\n\n");
-
-
-  fprintf (codefile, "int\n"
-	   "encode_%s(unsigned char *p, size_t len,"
-	   " const %s *data, size_t *size)\n"
-	   "{\n",
-	   s->gen_name, s->gen_name);
-
-  switch (s->type->type) {
-  case TInteger:
-  case TUInteger:
-  case TOctetString:
-  case TGeneralizedTime:
-  case TGeneralString:
-  case TBitString:
-  case TEnumerated:
-  case TOID:
-  case TSequence:
-  case TSequenceOf:
-  case TApplication:
-  case TType:
-    fprintf (codefile,
-	     "size_t ret = 0;\n"
-	     "size_t l;\n"
-	     "int i, e;\n\n");
-    fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
-    
-      encode_type("data", s->type);
-
-    fprintf (codefile, "*size = ret;\n"
-	     "return 0;\n");
-    break;
-  default:
-    abort ();
-  }
-  fprintf (codefile, "}\n\n");
-}
diff --git a/crypto/heimdal/lib/asn1/gen_free.c b/crypto/heimdal/lib/asn1/gen_free.c
deleted file mode 100644
index 994cbc637e41..000000000000
--- a/crypto/heimdal/lib/asn1/gen_free.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_free.c,v 1.9 2001/09/25 13:39:26 assar Exp $");
-
-static void
-free_primitive (const char *typename, const char *name)
-{
-    fprintf (codefile, "free_%s(%s);\n", typename, name);
-}
-
-static void
-free_type (const char *name, const Type *t)
-{
-  switch (t->type) {
-  case TType:
-#if 0
-      free_type (name, t->symbol->type);
-#endif
-      fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name);
-      break;
-  case TInteger:
-  case TUInteger:
-  case TEnumerated :
-      break;
-  case TOctetString:
-      free_primitive ("octet_string", name);
-      break;
-  case TOID :
-      free_primitive ("oid", name);
-      break;
-  case TBitString: {
-      break;
-  }
-  case TSequence: {
-      Member *m;
-      int tag = -1;
-
-      if (t->members == NULL)
-	  break;
-      
-      for (m = t->members; m && tag != m->val; m = m->next) {
-	  char *s;
-
-	  asprintf (&s, "%s(%s)->%s",
-		    m->optional ? "" : "&", name, m->gen_name);
-	  if(m->optional)
-	      fprintf(codefile, "if(%s) {\n", s);
-	  free_type (s, m->type);
-	  if(m->optional)
-	      fprintf(codefile, 
-		      "free(%s);\n"
-		      "}\n",s);
-	  if (tag == -1)
-	      tag = m->val;
-	  free (s);
-      }
-      break;
-  }
-  case TSequenceOf: {
-      char *n;
-
-      fprintf (codefile, "while((%s)->len){\n", name);
-      asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name);
-      free_type(n, t->subtype);
-      fprintf(codefile, 
-	      "(%s)->len--;\n"
-	      "}\n",
-	      name);
-      fprintf(codefile,
-	      "free((%s)->val);\n", name);
-      free(n);
-      break;
-  }
-  case TGeneralizedTime:
-      break;
-  case TGeneralString:
-      free_primitive ("general_string", name);
-      break;
-  case TApplication:
-      free_type (name, t->subtype);
-      break;
-  default :
-      abort ();
-  }
-}
-
-void
-generate_type_free (const Symbol *s)
-{
-  fprintf (headerfile,
-	   "void   free_%s  (%s *);\n",
-	   s->gen_name, s->gen_name);
-
-  fprintf (codefile, "void\n"
-	   "free_%s(%s *data)\n"
-	   "{\n",
-	   s->gen_name, s->gen_name);
-
-  free_type ("data", s->type);
-  fprintf (codefile, "}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_glue.c b/crypto/heimdal/lib/asn1/gen_glue.c
deleted file mode 100644
index 2f6280ad6c28..000000000000
--- a/crypto/heimdal/lib/asn1/gen_glue.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_glue.c,v 1.7 1999/12/02 17:05:02 joda Exp $");
-
-static void
-generate_2int (const Symbol *s)
-{
-    Type *t = s->type;
-    Member *m;
-    int tag = -1;
-
-    fprintf (headerfile,
-	     "unsigned %s2int(%s);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile,
-	     "unsigned %s2int(%s f)\n"
-	     "{\n"
-	     "unsigned r = 0;\n",
-	     s->gen_name, s->gen_name);
-
-    for (m = t->members; m && m->val != tag; m = m->next) {
-	fprintf (codefile, "if(f.%s) r |= (1U << %d);\n",
-		 m->gen_name, m->val);
-	
-	if (tag == -1)
-	    tag = m->val;
-    }
-    fprintf (codefile, "return r;\n"
-	     "}\n\n");
-}
-
-static void
-generate_int2 (const Symbol *s)
-{
-    Type *t = s->type;
-    Member *m;
-    int tag = -1;
-
-    fprintf (headerfile,
-	     "%s int2%s(unsigned);\n",
-	     s->gen_name, s->gen_name);
-
-    fprintf (codefile,
-	     "%s int2%s(unsigned n)\n"
-	     "{\n"
-	     "\t%s flags;\n\n",
-	     s->gen_name, s->gen_name, s->gen_name);
-
-    for (m = t->members; m && m->val != tag; m = m->next) {
-	fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n",
-		 m->gen_name, m->val);
-	
-	if (tag == -1)
-	    tag = m->val;
-    }
-    fprintf (codefile, "\treturn flags;\n"
-	     "}\n\n");
-}
-
-/*
- * This depends on the bit string being declared in increasing order
- */
-
-static void
-generate_units (const Symbol *s)
-{
-    Type *t = s->type;
-    Member *m;
-    int tag = -1;
-
-    fprintf (headerfile,
-	     "extern struct units %s_units[];",
-	     s->gen_name);
-
-    fprintf (codefile,
-	     "struct units %s_units[] = {\n",
-	     s->gen_name);
-
-    if(t->members)
-	for (m = t->members->prev; m && m->val != tag; m = m->prev) {
-	    fprintf (codefile,
-		     "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val);
-	    
-	    if (tag == -1)
-		tag = m->val;
-	}
-
-    fprintf (codefile,
-	     "\t{NULL,\t0}\n"
-	     "};\n\n");
-}
-
-void
-generate_glue (const Symbol *s)
-{
-    switch(s->type->type) {
-    case TBitString :
-	generate_2int (s);
-	generate_int2 (s);
-	generate_units (s);
-	break;
-    default :
-	break;
-    }
-}
diff --git a/crypto/heimdal/lib/asn1/gen_length.c b/crypto/heimdal/lib/asn1/gen_length.c
deleted file mode 100644
index 7c379d6acb94..000000000000
--- a/crypto/heimdal/lib/asn1/gen_length.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: gen_length.c,v 1.11 2001/09/25 13:39:26 assar Exp $");
-
-static void
-length_primitive (const char *typename,
-		  const char *name,
-		  const char *variable)
-{
-    fprintf (codefile, "%s += length_%s(%s);\n", variable, typename, name);
-}
-
-static void
-length_type (const char *name, const Type *t, const char *variable)
-{
-    switch (t->type) {
-    case TType:
-#if 0
-	length_type (name, t->symbol->type);
-#endif
-	fprintf (codefile, "%s += length_%s(%s);\n",
-		 variable, t->symbol->gen_name, name);
-	break;
-    case TInteger:
-        if(t->members == NULL)
-            length_primitive ("integer", name, variable);
-        else {
-            char *s;
-            asprintf(&s, "(const int*)%s", name);
-            if(s == NULL)
-		errx (1, "out of memory");
-            length_primitive ("integer", s, variable);
-            free(s);
-        }
-	break;
-    case TUInteger:
-	length_primitive ("unsigned", name, variable);
-	break;
-    case TEnumerated :
-	length_primitive ("enumerated", name, variable);
-	break;
-    case TOctetString:
-	length_primitive ("octet_string", name, variable);
-	break;
-    case TOID :
-	length_primitive ("oid", name, variable);
-	break;
-    case TBitString: {
-	/*
-	 * XXX - Hope this is correct
-	 * look at TBitString case in `encode_type'
-	 */
-	fprintf (codefile, "%s += 7;\n", variable);
-	break;
-    }
-    case TSequence: {
-	Member *m;
-	int tag = -1;
-
-	if (t->members == NULL)
-	    break;
-      
-	for (m = t->members; m && tag != m->val; m = m->next) {
-	    char *s;
-
-	    asprintf (&s, "%s(%s)->%s",
-		      m->optional ? "" : "&", name, m->gen_name);
-	    if (m->optional)
-		fprintf (codefile, "if(%s)", s);
-	    fprintf (codefile, "{\n"
-		     "int oldret = %s;\n"
-		     "%s = 0;\n", variable, variable);
-	    length_type (s, m->type, "ret");
-	    fprintf (codefile, "%s += 1 + length_len(%s) + oldret;\n",
-		     variable, variable);
-	    fprintf (codefile, "}\n");
-	    if (tag == -1)
-		tag = m->val;
-	    free (s);
-	}
-	fprintf (codefile,
-		 "%s += 1 + length_len(%s);\n", variable, variable);
-	break;
-    }
-    case TSequenceOf: {
-	char *n;
-
-	fprintf (codefile,
-		 "{\n"
-		 "int oldret = %s;\n"
-		 "int i;\n"
-		 "%s = 0;\n",
-		 variable, variable);
-
-	fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name);
-	asprintf (&n, "&(%s)->val[i]", name);
-	length_type(n, t->subtype, variable);
-	fprintf (codefile, "}\n");
-
-	fprintf (codefile,
-		 "%s += 1 + length_len(%s) + oldret;\n"
-		 "}\n", variable, variable);
-	free(n);
-	break;
-    }
-    case TGeneralizedTime:
-	length_primitive ("generalized_time", name, variable);
-	break;
-    case TGeneralString:
-	length_primitive ("general_string", name, variable);
-	break;
-    case TApplication:
-	length_type (name, t->subtype, variable);
-	fprintf (codefile, "ret += 1 + length_len (ret);\n");
-	break;
-    default :
-	abort ();
-    }
-}
-
-void
-generate_type_length (const Symbol *s)
-{
-  fprintf (headerfile,
-	   "size_t length_%s(const %s *);\n",
-	   s->gen_name, s->gen_name);
-
-  fprintf (codefile,
-	   "size_t\n"
-	   "length_%s(const %s *data)\n"
-	   "{\n"
-	   "size_t ret = 0;\n",
-	   s->gen_name, s->gen_name);
-
-  length_type ("data", s->type, "ret");
-  fprintf (codefile, "return ret;\n}\n\n");
-}
-
diff --git a/crypto/heimdal/lib/asn1/gen_locl.h b/crypto/heimdal/lib/asn1/gen_locl.h
deleted file mode 100644
index 212c3217c1ba..000000000000
--- a/crypto/heimdal/lib/asn1/gen_locl.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gen_locl.h,v 1.9 2001/09/27 16:21:47 assar Exp $ */
-
-#ifndef __GEN_LOCL_H__
-#define __GEN_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <ctype.h>
-#include <time.h>
-#include <errno.h>
-#include <err.h>
-#include <roken.h>
-#include "hash.h"
-#include "symbol.h"
-
-void generate_type (const Symbol *);
-void generate_constant (const Symbol *);
-void generate_type_encode (const Symbol *s);
-void generate_type_decode (const Symbol *s);
-void generate_seq_type_decode (const Symbol *s);
-void generate_type_free (const Symbol *s);
-void generate_type_length (const Symbol *s);
-void generate_type_copy (const Symbol *s);
-void generate_type_maybe (const Symbol *s);
-void generate_glue (const Symbol *s);
-
-void init_generate (const char *filename, const char *basename);
-const char *filename (void);
-void close_generate(void);
-void add_import(const char *module);
-int yyparse(void);
-
-extern FILE *headerfile, *codefile, *logfile;
-
-#endif /* __GEN_LOCL_H__ */
diff --git a/crypto/heimdal/lib/asn1/hash.c b/crypto/heimdal/lib/asn1/hash.c
deleted file mode 100644
index a8d3eb39f972..000000000000
--- a/crypto/heimdal/lib/asn1/hash.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * Hash table functions
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: hash.c,v 1.8 1999/12/02 17:05:02 joda Exp $");
-
-static Hashentry *_search(Hashtab * htab,	/* The hash table */
-			  void *ptr);	/* And key */
-
-Hashtab *
-hashtabnew(int sz,
-	   int (*cmp) (void *, void *),
-	   unsigned (*hash) (void *))
-{
-    Hashtab *htab;
-    int i;
-
-    assert(sz > 0);
-
-    htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *));
-    for (i = 0; i < sz; ++i)
-	htab->tab[i] = NULL;
-
-    if (htab == NULL) {
-	return NULL;
-    } else {
-	htab->cmp = cmp;
-	htab->hash = hash;
-	htab->sz = sz;
-	return htab;
-    }
-}
-
-/* Intern search function */
-
-static Hashentry *
-_search(Hashtab * htab, void *ptr)
-{
-    Hashentry *hptr;
-
-    assert(htab && ptr);
-
-    for (hptr = htab->tab[(*htab->hash) (ptr) % htab->sz];
-	 hptr;
-	 hptr = hptr->next)
-	if ((*htab->cmp) (ptr, hptr->ptr) == 0)
-	    break;
-    return hptr;
-}
-
-/* Search for element in hash table */
-
-void *
-hashtabsearch(Hashtab * htab, void *ptr)
-{
-    Hashentry *tmp;
-
-    tmp = _search(htab, ptr);
-    return tmp ? tmp->ptr : tmp;
-}
-
-/* add element to hash table */
-/* if already there, set new value */
-/* !NULL if succesful */
-
-void *
-hashtabadd(Hashtab * htab, void *ptr)
-{
-    Hashentry *h = _search(htab, ptr);
-    Hashentry **tabptr;
-
-    assert(htab && ptr);
-
-    if (h)
-	free((void *) h->ptr);
-    else {
-	h = (Hashentry *) malloc(sizeof(Hashentry));
-	if (h == NULL) {
-	    return NULL;
-	}
-	tabptr = &htab->tab[(*htab->hash) (ptr) % htab->sz];
-	h->next = *tabptr;
-	*tabptr = h;
-	h->prev = tabptr;
-	if (h->next)
-	    h->next->prev = &h->next;
-    }
-    h->ptr = ptr;
-    return h;
-}
-
-/* delete element with key key. Iff freep, free Hashentry->ptr */
-
-int
-_hashtabdel(Hashtab * htab, void *ptr, int freep)
-{
-    Hashentry *h;
-
-    assert(htab && ptr);
-
-    h = _search(htab, ptr);
-    if (h) {
-	if (freep)
-	    free(h->ptr);
-	if ((*(h->prev) = h->next))
-	    h->next->prev = h->prev;
-	free(h);
-	return 0;
-    } else
-	return -1;
-}
-
-/* Do something for each element */
-
-void
-hashtabforeach(Hashtab * htab, int (*func) (void *ptr, void *arg),
-	       void *arg)
-{
-    Hashentry **h, *g;
-
-    assert(htab);
-
-    for (h = htab->tab; h < &htab->tab[htab->sz]; ++h)
-	for (g = *h; g; g = g->next)
-	    if ((*func) (g->ptr, arg))
-		return;
-}
-
-/* standard hash-functions for strings */
-
-unsigned
-hashadd(const char *s)
-{				/* Standard hash function */
-    unsigned i;
-
-    assert(s);
-
-    for (i = 0; *s; ++s)
-	i += *s;
-    return i;
-}
-
-unsigned
-hashcaseadd(const char *s)
-{				/* Standard hash function */
-    unsigned i;
-
-    assert(s);
-
-    for (i = 0; *s; ++s)
-	i += toupper(*s);
-    return i;
-}
-
-#define TWELVE (sizeof(unsigned))
-#define SEVENTYFIVE (6*sizeof(unsigned))
-#define HIGH_BITS (~((unsigned)(~0) >> TWELVE))
-
-unsigned
-hashjpw(const char *ss)
-{				/* another hash function */
-    unsigned h = 0;
-    unsigned g;
-    const unsigned char *s = (const unsigned char *)ss;
-
-    for (; *s; ++s) {
-	h = (h << TWELVE) + *s;
-	if ((g = h & HIGH_BITS))
-	    h = (h ^ (g >> SEVENTYFIVE)) & ~HIGH_BITS;
-    }
-    return h;
-}
diff --git a/crypto/heimdal/lib/asn1/hash.h b/crypto/heimdal/lib/asn1/hash.h
deleted file mode 100644
index b54e10234a74..000000000000
--- a/crypto/heimdal/lib/asn1/hash.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * hash.h. Header file for hash table functions
- */
-
-/* $Id: hash.h,v 1.3 1999/12/02 17:05:02 joda Exp $ */
-
-struct hashentry {		/* Entry in bucket */
-     struct hashentry **prev;
-     struct hashentry *next;
-     void *ptr;
-};
-
-typedef struct hashentry Hashentry;
-
-struct hashtab {		/* Hash table */
-     int (*cmp)(void *, void *); /* Compare function */
-     unsigned (*hash)(void *);	/* hash function */
-     int sz;			/* Size */
-     Hashentry *tab[1];		/* The table */
-};
-
-typedef struct hashtab Hashtab;
-
-/* prototypes */
-
-Hashtab *hashtabnew(int sz, 
-		    int (*cmp)(void *, void *),
-		    unsigned (*hash)(void *));	/* Make new hash table */
-
-void *hashtabsearch(Hashtab *htab, /* The hash table */
-		    void *ptr);	/*  The key */
-
-
-void *hashtabadd(Hashtab *htab,	/* The hash table */
-	       void *ptr);	/* The element */
-
-int _hashtabdel(Hashtab *htab,	/* The table */
-		void *ptr,	/* Key */
-		int freep);	/* Free data part? */
-
-void hashtabforeach(Hashtab *htab,
-		    int (*func)(void *ptr, void *arg),
-		    void *arg);
-
-unsigned hashadd(const char *s);		/* Standard hash function */
-unsigned hashcaseadd(const char *s);		/* Standard hash function */
-unsigned hashjpw(const char *s);		/* another hash function */
-
-/* macros */
-
- /* Don't free space */
-#define hashtabdel(htab,key)  _hashtabdel(htab,key,FALSE)
-
-#define hashtabfree(htab,key) _hashtabdel(htab,key,TRUE) /* Do! */
diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1
deleted file mode 100644
index 37c60a8dcb66..000000000000
--- a/crypto/heimdal/lib/asn1/k5.asn1
+++ /dev/null
@@ -1,451 +0,0 @@
--- $Id: k5.asn1,v 1.28 2003/01/15 03:13:47 lha Exp $
-
-KERBEROS5 DEFINITIONS ::=
-BEGIN
-
-NAME-TYPE ::= INTEGER {
-	KRB5_NT_UNKNOWN(0),	-- Name type not known
-	KRB5_NT_PRINCIPAL(1),	-- Just the name of the principal as in
-	KRB5_NT_SRV_INST(2),	-- Service and other unique instance (krbtgt)
-	KRB5_NT_SRV_HST(3),	-- Service with host name as instance
-	KRB5_NT_SRV_XHST(4),	-- Service with host as remaining components
-	KRB5_NT_UID(5),		-- Unique ID
-	KRB5_NT_X500_PRINCIPAL(6) -- PKINIT
-}
-
--- message types
-
-MESSAGE-TYPE ::= INTEGER {
-	krb-as-req(10), -- Request for initial authentication
-	krb-as-rep(11), -- Response to KRB_AS_REQ request
-	krb-tgs-req(12), -- Request for authentication based on TGT
-	krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
-	krb-ap-req(14), -- application request to server
-	krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
-	krb-safe(20), -- Safe (checksummed) application message
-	krb-priv(21), -- Private (encrypted) application message
-	krb-cred(22), -- Private (encrypted) message to forward credentials
-	krb-error(30) -- Error response
-}
-
-
--- pa-data types
-
-PADATA-TYPE ::= INTEGER {
-	KRB5-PADATA-NONE(0),
-	KRB5-PADATA-TGS-REQ(1),
-	KRB5-PADATA-AP-REQ(1),
-	KRB5-PADATA-ENC-TIMESTAMP(2),
-	KRB5-PADATA-PW-SALT(3),
-	KRB5-PADATA-ENC-UNIX-TIME(5),
-	KRB5-PADATA-SANDIA-SECUREID(6),
-	KRB5-PADATA-SESAME(7),
-	KRB5-PADATA-OSF-DCE(8),
-	KRB5-PADATA-CYBERSAFE-SECUREID(9),
-	KRB5-PADATA-AFS3-SALT(10),
-	KRB5-PADATA-ETYPE-INFO(11),
-	KRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
-	KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
-	KRB5-PADATA-PK-AS-REQ(14), -- (PKINIT)
-	KRB5-PADATA-PK-AS-REP(15), -- (PKINIT)
-	KRB5-PADATA-PK-AS-SIGN(16), -- (PKINIT)
-	KRB5-PADATA-PK-KEY-REQ(17), -- (PKINIT)
-	KRB5-PADATA-PK-KEY-REP(18), -- (PKINIT)
-	KRB5-PADATA-USE-SPECIFIED-KVNO(20),
-	KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
-	KRB5-PADATA-GET-FROM-TYPED-DATA(22),
-	KRB5-PADATA-SAM-ETYPE-INFO(23)
-}
-
--- checksumtypes
-
-CKSUMTYPE ::= INTEGER {
-	CKSUMTYPE_NONE(0),
-	CKSUMTYPE_CRC32(1),
-	CKSUMTYPE_RSA_MD4(2),
-	CKSUMTYPE_RSA_MD4_DES(3),
-	CKSUMTYPE_DES_MAC(4),
-	CKSUMTYPE_DES_MAC_K(5),
-	CKSUMTYPE_RSA_MD4_DES_K(6),
-	CKSUMTYPE_RSA_MD5(7),
-	CKSUMTYPE_RSA_MD5_DES(8),
-	CKSUMTYPE_RSA_MD5_DES3(9),
-	CKSUMTYPE_HMAC_SHA1_96_AES_128(10),
-	CKSUMTYPE_HMAC_SHA1_96_AES_256(11),
-	CKSUMTYPE_HMAC_SHA1_DES3(12),
-	CKSUMTYPE_SHA1(1000),		-- correct value? 10 (9 also)
-	CKSUMTYPE_GSSAPI(0x8003),
-	CKSUMTYPE_HMAC_MD5(-138),	-- unofficial microsoft number
-	CKSUMTYPE_HMAC_MD5_ENC(-1138)	-- even more unofficial
-}
-
---enctypes
-ENCTYPE ::= INTEGER {
-	ETYPE_NULL(0),
-	ETYPE_DES_CBC_CRC(1),
-	ETYPE_DES_CBC_MD4(2),
-	ETYPE_DES_CBC_MD5(3),
-	ETYPE_DES3_CBC_MD5(5),
-	ETYPE_OLD_DES3_CBC_SHA1(7),
-	ETYPE_SIGN_DSA_GENERATE(8),
-	ETYPE_ENCRYPT_RSA_PRIV(9),
-	ETYPE_ENCRYPT_RSA_PUB(10),
-	ETYPE_DES3_CBC_SHA1(16),	-- with key derivation
-	ETYPE_AES128_CTS_HMAC_SHA1_96(17),
-	ETYPE_AES256_CTS_HMAC_SHA1_96(18),
-	ETYPE_ARCFOUR_HMAC_MD5(23),
-	ETYPE_ARCFOUR_HMAC_MD5_56(24),
-	ETYPE_ENCTYPE_PK_CROSS(48),
--- these are for Heimdal internal use
-	ETYPE_DES_CBC_NONE(-0x1000),
-	ETYPE_DES3_CBC_NONE(-0x1001),
-	ETYPE_DES_CFB64_NONE(-0x1002),
-	ETYPE_DES_PCBC_NONE(-0x1003)
-}
-
--- this is sugar to make something ASN1 does not have: unsigned
-
-UNSIGNED ::= INTEGER (0..4294967295)
-
-Realm ::= GeneralString
-PrincipalName ::= SEQUENCE {
-	name-type[0]		NAME-TYPE,
-	name-string[1]		SEQUENCE OF GeneralString
-}
-
--- this is not part of RFC1510
-Principal ::= SEQUENCE {
-	name[0]			PrincipalName,
-	realm[1]		Realm
-}
-
-HostAddress ::= SEQUENCE  {
-	addr-type[0]		INTEGER,
-	address[1]		OCTET STRING
-}
-
--- This is from RFC1510.
---
--- HostAddresses ::= SEQUENCE OF SEQUENCE {
--- 	addr-type[0]		INTEGER,
---	address[1]		OCTET STRING
--- }
-
--- This seems much better.
-HostAddresses ::= SEQUENCE OF HostAddress
-
-
-KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
-
-AuthorizationData ::= SEQUENCE OF SEQUENCE {
-	ad-type[0]		INTEGER,
-	ad-data[1]		OCTET STRING
-}
-
-APOptions ::= BIT STRING {
-	reserved(0),
-	use-session-key(1),
-	mutual-required(2)
-}
-
-TicketFlags ::= BIT STRING {
-	reserved(0),
-	forwardable(1),
-	forwarded(2),
-	proxiable(3),
-	proxy(4),
-	may-postdate(5),
-	postdated(6),
-	invalid(7),
-	renewable(8),
-	initial(9),
-	pre-authent(10),
-	hw-authent(11),
-	transited-policy-checked(12),
-	ok-as-delegate(13),
-	anonymous(14)
-}
-
-KDCOptions ::= BIT STRING {
-	reserved(0),
-	forwardable(1),
-	forwarded(2),
-	proxiable(3),
-	proxy(4),
-	allow-postdate(5),
-	postdated(6),
-	unused7(7),
-	renewable(8),
-	unused9(9),
-	unused10(10),
-	unused11(11),
-	request-anonymous(14),
-	canonicalize(15),
-	disable-transited-check(26),
-	renewable-ok(27),
-	enc-tkt-in-skey(28),
-	renew(30),
-	validate(31)
-}
-
-LR-TYPE ::= INTEGER {
-	LR_NONE(0),		-- no information
-	LR_INITIAL_TGT(1),	-- last initial TGT request
-	LR_INITIAL(2),		-- last initial request
-	LR_ISSUE_USE_TGT(3),	-- time of newest TGT used
-	LR_RENEWAL(4),		-- time of last renewal
-	LR_REQUEST(5),		-- time of last request (of any type)
-	LR_PW_EXPTIME(6),	-- expiration time of password
-	LR_ACCT_EXPTIME(7)	-- expiration time of account
-}
-
-LastReq ::= SEQUENCE OF SEQUENCE {
-	lr-type[0]		LR-TYPE,
-	lr-value[1]		KerberosTime
-}
-
-
-EncryptedData ::= SEQUENCE {
-	etype[0] 		ENCTYPE, -- EncryptionType
-	kvno[1]			INTEGER OPTIONAL,
-	cipher[2]		OCTET STRING -- ciphertext
-}
-
-EncryptionKey ::= SEQUENCE {
-	keytype[0]		INTEGER,
-	keyvalue[1]		OCTET STRING
-}
-
--- encoded Transited field
-TransitedEncoding ::= SEQUENCE {
-	tr-type[0]		INTEGER, -- must be registered
-	contents[1]		OCTET STRING
-}
-
-Ticket ::= [APPLICATION 1] SEQUENCE {
-	tkt-vno[0]		INTEGER,
-	realm[1]		Realm,
-	sname[2]		PrincipalName,
-	enc-part[3]		EncryptedData
-}
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
-	flags[0]		TicketFlags,
-	key[1]			EncryptionKey,
-	crealm[2]		Realm,
-	cname[3]		PrincipalName,
-	transited[4]		TransitedEncoding,
-	authtime[5]		KerberosTime,
-	starttime[6]		KerberosTime OPTIONAL,
-	endtime[7]		KerberosTime,
-	renew-till[8]		KerberosTime OPTIONAL,
-	caddr[9]		HostAddresses OPTIONAL,
-	authorization-data[10]	AuthorizationData OPTIONAL
-}
-
-Checksum ::= SEQUENCE {
-	cksumtype[0]		CKSUMTYPE,
-	checksum[1]		OCTET STRING
-}
-
-Authenticator ::= [APPLICATION 2] SEQUENCE    {
-	authenticator-vno[0]	INTEGER,
-	crealm[1]		Realm,
-	cname[2]		PrincipalName,
-	cksum[3]		Checksum OPTIONAL,
-	cusec[4]		INTEGER,
-	ctime[5]		KerberosTime,
-	subkey[6]		EncryptionKey OPTIONAL,
-	seq-number[7]		UNSIGNED OPTIONAL,
-	authorization-data[8]	AuthorizationData OPTIONAL
-	}
-
-PA-DATA ::= SEQUENCE {
-	-- might be encoded AP-REQ
-	padata-type[1]		PADATA-TYPE,
-	padata-value[2]		OCTET STRING
-}
-
-ETYPE-INFO-ENTRY ::= SEQUENCE {
-	etype[0]		ENCTYPE,
-	salt[1]			OCTET STRING OPTIONAL,
-	salttype[2]		INTEGER OPTIONAL
-}
-
-ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
-
-METHOD-DATA ::= SEQUENCE OF PA-DATA
-
-KDC-REQ-BODY ::= SEQUENCE {
-	kdc-options[0]		KDCOptions,
-	cname[1]		PrincipalName OPTIONAL, -- Used only in AS-REQ
-	realm[2]		Realm,	-- Server's realm
-					-- Also client's in AS-REQ
-	sname[3]		PrincipalName OPTIONAL,
-	from[4]			KerberosTime OPTIONAL,
-	till[5]			KerberosTime OPTIONAL,
-	rtime[6]		KerberosTime OPTIONAL,
-	nonce[7]		INTEGER,
-	etype[8]		SEQUENCE OF ENCTYPE, -- EncryptionType,
-					-- in preference order
-	addresses[9]		HostAddresses OPTIONAL,
-	enc-authorization-data[10] EncryptedData OPTIONAL,
-					-- Encrypted AuthorizationData encoding
-	additional-tickets[11]	SEQUENCE OF Ticket OPTIONAL
-}
-
-KDC-REQ ::= SEQUENCE {
-	pvno[1]			INTEGER,
-	msg-type[2]		MESSAGE-TYPE,
-	padata[3]		METHOD-DATA OPTIONAL,
-	req-body[4]		KDC-REQ-BODY
-}
-
-AS-REQ ::= [APPLICATION 10] KDC-REQ
-TGS-REQ ::= [APPLICATION 12] KDC-REQ
-
--- padata-type ::= PA-ENC-TIMESTAMP
--- padata-value ::= EncryptedData - PA-ENC-TS-ENC
-
-PA-ENC-TS-ENC ::= SEQUENCE {
-	patimestamp[0]		KerberosTime, -- client's time
-	pausec[1]		INTEGER OPTIONAL
-}
-
-KDC-REP ::= SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE,
-	padata[2]		METHOD-DATA OPTIONAL,
-	crealm[3]		Realm,
-	cname[4]		PrincipalName,
-	ticket[5]		Ticket,
-	enc-part[6]		EncryptedData
-}
-
-AS-REP ::= [APPLICATION 11] KDC-REP
-TGS-REP ::= [APPLICATION 13] KDC-REP
-
-EncKDCRepPart ::= SEQUENCE {
-	key[0]			EncryptionKey,
-	last-req[1]		LastReq,
-	nonce[2]		INTEGER,
-	key-expiration[3]	KerberosTime OPTIONAL,
-	flags[4]		TicketFlags,
-	authtime[5]		KerberosTime,
-	starttime[6]		KerberosTime OPTIONAL,
-	endtime[7]		KerberosTime,
-	renew-till[8]		KerberosTime OPTIONAL,
-	srealm[9]		Realm,
-	sname[10]		PrincipalName,
-	caddr[11]		HostAddresses OPTIONAL
-}
-
-EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
-EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
-
-AP-REQ ::= [APPLICATION 14] SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE,
-	ap-options[2]		APOptions,
-	ticket[3]		Ticket,
-	authenticator[4]	EncryptedData
-}
-
-AP-REP ::= [APPLICATION 15] SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE,
-	enc-part[2]		EncryptedData
-}
-
-EncAPRepPart ::= [APPLICATION 27]     SEQUENCE {
-	ctime[0]		KerberosTime,
-	cusec[1]		INTEGER,
-	subkey[2]		EncryptionKey OPTIONAL,
-	seq-number[3]		UNSIGNED OPTIONAL
-}
-
-KRB-SAFE-BODY ::= SEQUENCE {
-	user-data[0]		OCTET STRING,
-	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			INTEGER OPTIONAL,
-	seq-number[3]		UNSIGNED OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL,
-	r-address[5]		HostAddress OPTIONAL
-}
-
-KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE,
-	safe-body[2]		KRB-SAFE-BODY,
-	cksum[3]		Checksum
-}
-
-KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE,
-	enc-part[3]		EncryptedData
-}
-EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
-	user-data[0]		OCTET STRING,
-	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			INTEGER OPTIONAL,
-	seq-number[3]		UNSIGNED OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL, -- sender's addr
-	r-address[5]		HostAddress OPTIONAL  -- recip's addr
-}
-
-KRB-CRED ::= [APPLICATION 22]   SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE, -- KRB_CRED
-	tickets[2]		SEQUENCE OF Ticket,
-	enc-part[3]		EncryptedData
-}
-
-KrbCredInfo ::= SEQUENCE {
-	key[0]			EncryptionKey,
-	prealm[1]		Realm OPTIONAL,
-	pname[2]		PrincipalName OPTIONAL,
-	flags[3]		TicketFlags OPTIONAL,
-	authtime[4]		KerberosTime OPTIONAL,
-	starttime[5]		KerberosTime OPTIONAL,
-	endtime[6] 		KerberosTime OPTIONAL,
-	renew-till[7]		KerberosTime OPTIONAL,
-	srealm[8]		Realm OPTIONAL,
-	sname[9]		PrincipalName OPTIONAL,
-	caddr[10]		HostAddresses OPTIONAL
-}
-
-EncKrbCredPart ::= [APPLICATION 29]   SEQUENCE {
-	ticket-info[0]		SEQUENCE OF KrbCredInfo,
-	nonce[1]		INTEGER OPTIONAL,
-	timestamp[2]		KerberosTime OPTIONAL,
-	usec[3]			INTEGER OPTIONAL,
-	s-address[4]		HostAddress OPTIONAL,
-	r-address[5]		HostAddress OPTIONAL
-}
-
-KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
-	pvno[0]			INTEGER,
-	msg-type[1]		MESSAGE-TYPE,
-	ctime[2]		KerberosTime OPTIONAL,
-	cusec[3]		INTEGER OPTIONAL,
-	stime[4]		KerberosTime,
-	susec[5]		INTEGER,
-	error-code[6]		INTEGER,
-	crealm[7]		Realm OPTIONAL,
-	cname[8]		PrincipalName OPTIONAL,
-	realm[9]		Realm, -- Correct realm
-	sname[10]		PrincipalName, -- Correct name
-	e-text[11]		GeneralString OPTIONAL,
-	e-data[12]		OCTET STRING OPTIONAL
-}
-
-pvno INTEGER ::= 5 -- current Kerberos protocol version number
-
--- transited encodings
-
-DOMAIN-X500-COMPRESS	INTEGER ::= 1
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
diff --git a/crypto/heimdal/lib/asn1/lex.h b/crypto/heimdal/lib/asn1/lex.h
deleted file mode 100644
index 9f5cadf92b84..000000000000
--- a/crypto/heimdal/lib/asn1/lex.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.h,v 1.5 2000/07/01 20:21:34 assar Exp $ */
-
-#include <roken.h>
-
-void error_message (const char *, ...)
-__attribute__ ((format (printf, 1, 2)));
-
-int yylex(void);
diff --git a/crypto/heimdal/lib/asn1/lex.l b/crypto/heimdal/lib/asn1/lex.l
deleted file mode 100644
index 3abc17ee67f6..000000000000
--- a/crypto/heimdal/lib/asn1/lex.l
+++ /dev/null
@@ -1,122 +0,0 @@
-%{
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.l,v 1.19 2001/09/25 23:28:03 assar Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#undef ECHO
-#include "symbol.h"
-#include "parse.h"
-#include "lex.h"
-#include "gen_locl.h"
-
-static unsigned lineno = 1;
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-INTEGER			{ return INTEGER; }
-IMPORTS			{ return IMPORTS; }
-FROM			{ return FROM; }
-SEQUENCE		{ return SEQUENCE; }
-OF			{ return OF; }
-OCTET			{ return OCTET; }
-STRING			{ return STRING; }
-GeneralizedTime		{ return GeneralizedTime; }
-GeneralString		{ return GeneralString; }
-BIT			{ return BIT; }
-APPLICATION		{ return APPLICATION; }
-OPTIONAL		{ return OPTIONAL; }
-BEGIN			{ return TBEGIN; }
-END			{ return END; }
-DEFINITIONS		{ return DEFINITIONS; }
-ENUMERATED		{ return ENUMERATED; }
-EXTERNAL		{ return EXTERNAL; }
-OBJECT			{ return OBJECT; }
-IDENTIFIER		{ return IDENTIFIER; }
-[,;{}()|]		{ return *yytext; }
-"["			{ return *yytext; }
-"]"			{ return *yytext; }
-::=			{ return EEQUAL; }
---[^\n]*\n		{ ++lineno; }
--?(0x)?[0-9]+		{ char *e, *y = yytext;
-			  yylval.constant = strtol((const char *)yytext,
-						   &e, 0);
-			  if(e == y) 
-			    error_message("malformed constant (%s)", yytext); 
-			  else
-			    return CONSTANT;
-			}
-[A-Za-z][-A-Za-z0-9_]*	{
-			  yylval.name =  strdup ((const char *)yytext);
-			  return IDENT;
-			}
-[ \t]			;
-\n			{ ++lineno; }
-\.\.			{ return DOTDOT; }
-.			{ error_message("Ignoring char(%c)\n", *yytext); }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename(), lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-}
diff --git a/crypto/heimdal/lib/asn1/libasn1.h b/crypto/heimdal/lib/asn1/libasn1.h
deleted file mode 100644
index 8a4994a20c76..000000000000
--- a/crypto/heimdal/lib/asn1/libasn1.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: libasn1.h,v 1.9 2001/04/18 13:10:24 joda Exp $ */
-
-#ifndef __LIBASN1_H__
-#define __LIBASN1_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "krb5_asn1.h"
-#include "der.h"
-#include "asn1_err.h"
-#include <parse_units.h>
-
-#endif /* __LIBASN1_H__ */
diff --git a/crypto/heimdal/lib/asn1/main.c b/crypto/heimdal/lib/asn1/main.c
deleted file mode 100644
index 8b1b4093cb14..000000000000
--- a/crypto/heimdal/lib/asn1/main.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-#include <getarg.h>
-
-RCSID("$Id: main.c,v 1.11 2001/02/20 01:44:52 assar Exp $");
-
-extern FILE *yyin;
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "[asn1-file [name]]");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int ret;
-    char *file;
-    char *name = NULL;
-    int optind = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    if (argc == optind) {
-	file = "stdin";
-	name = "stdin";
-	yyin = stdin;
-    } else {
-	file = argv[optind];
-	yyin = fopen (file, "r");
-	if (yyin == NULL)
-	    err (1, "open %s", file);
-	name = argv[optind + 1];
-    }
-
-    init_generate (file, name);
-    initsym ();
-    ret = yyparse ();
-    close_generate ();
-    return ret;
-}
diff --git a/crypto/heimdal/lib/asn1/parse.y b/crypto/heimdal/lib/asn1/parse.y
deleted file mode 100644
index fc780860364b..000000000000
--- a/crypto/heimdal/lib/asn1/parse.y
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse.y,v 1.19 2001/09/27 16:21:47 assar Exp $ */
-
-%{
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "symbol.h"
-#include "lex.h"
-#include "gen_locl.h"
-
-RCSID("$Id: parse.y,v 1.19 2001/09/27 16:21:47 assar Exp $");
-
-static Type *new_type (Typetype t);
-void yyerror (char *);
-
-static void append (Member *l, Member *r);
-
-%}
-
-%union {
-  int constant;
-  char *name;
-  Type *type;
-  Member *member;
-}
-
-%token INTEGER SEQUENCE OF OCTET STRING GeneralizedTime GeneralString
-%token BIT APPLICATION OPTIONAL EEQUAL TBEGIN END DEFINITIONS ENUMERATED
-%token EXTERNAL
-%token DOTDOT
-%token IMPORTS FROM
-%token OBJECT IDENTIFIER
-%token <name> IDENT 
-%token <constant> CONSTANT
-
-%type <constant> constant optional2
-%type <type> type
-%type <member> memberdecls memberdecl bitdecls bitdecl
-
-%start envelope
-
-%%
-
-envelope	: IDENT DEFINITIONS EEQUAL TBEGIN specification END {}
-		;
-
-specification	:
-		| specification declaration
-		;
-
-declaration	: imports_decl
-		| type_decl
-		| constant_decl
-		;
-
-referencenames	: IDENT ',' referencenames
-		{
-			Symbol *s = addsym($1);
-			s->stype = Stype;
-		}
-		| IDENT
-		{
-			Symbol *s = addsym($1);
-			s->stype = Stype;
-		}
-		;
-
-imports_decl	: IMPORTS referencenames FROM IDENT ';'
-		{ add_import($4); }
-		;
-
-type_decl	: IDENT EEQUAL type
-		{
-		  Symbol *s = addsym ($1);
-		  s->stype = Stype;
-		  s->type = $3;
-		  generate_type (s);
-		}
-		;
-
-constant_decl	: IDENT type EEQUAL constant
-		{
-		  Symbol *s = addsym ($1);
-		  s->stype = SConstant;
-		  s->constant = $4;
-		  generate_constant (s);
-		}
-		;
-
-type		: INTEGER     { $$ = new_type(TInteger); }
-		| INTEGER '(' constant DOTDOT constant ')' {
-		    if($3 != 0)
-			error_message("Only 0 supported as low range");
-		    if($5 != INT_MIN && $5 != UINT_MAX && $5 != INT_MAX)
-			error_message("Only %u supported as high range",
-				      UINT_MAX);
-		    $$ = new_type(TUInteger);
-		}
-                | INTEGER '{' bitdecls '}'
-                {
-			$$ = new_type(TInteger);
-			$$->members = $3;
-                }
-		| OBJECT IDENTIFIER { $$ = new_type(TOID); }
-		| ENUMERATED '{' bitdecls '}'
-		{
-			$$ = new_type(TEnumerated);
-			$$->members = $3;
-		}
-		| OCTET STRING { $$ = new_type(TOctetString); }
-		| GeneralString { $$ = new_type(TGeneralString); }
-		| GeneralizedTime { $$ = new_type(TGeneralizedTime); }
-		| SEQUENCE OF type
-		{
-		  $$ = new_type(TSequenceOf);
-		  $$->subtype = $3;
-		}
-		| SEQUENCE '{' memberdecls '}'
-		{
-		  $$ = new_type(TSequence);
-		  $$->members = $3;
-		}
-		| BIT STRING '{' bitdecls '}'
-		{
-		  $$ = new_type(TBitString);
-		  $$->members = $4;
-		}
-		| IDENT
-		{
-		  Symbol *s = addsym($1);
-		  $$ = new_type(TType);
-		  if(s->stype != Stype)
-		    error_message ("%s is not a type\n", $1);
-		  else
-		    $$->symbol = s;
-		}
-		| '[' APPLICATION constant ']' type
-		{
-		  $$ = new_type(TApplication);
-		  $$->subtype = $5;
-		  $$->application = $3;
-		}
-		;
-
-memberdecls	: { $$ = NULL; }
-		| memberdecl	{ $$ = $1; }
-		| memberdecls ',' memberdecl { $$ = $1; append($$, $3); }
-		;
-
-memberdecl	: IDENT '[' constant ']' type optional2
-		{
-		  $$ = malloc(sizeof(*$$));
-		  $$->name = $1;
-		  $$->gen_name = strdup($1);
-		  output_name ($$->gen_name);
-		  $$->val = $3;
-		  $$->optional = $6;
-		  $$->type = $5;
-		  $$->next = $$->prev = $$;
-		}
-		;
-
-optional2	: { $$ = 0; }
-		| OPTIONAL { $$ = 1; }
-		;
-
-bitdecls	: { $$ = NULL; }
-		| bitdecl { $$ = $1; }
-		| bitdecls ',' bitdecl { $$ = $1; append($$, $3); }
-		;
-
-bitdecl		: IDENT '(' constant ')'
-		{
-		  $$ = malloc(sizeof(*$$));
-		  $$->name = $1;
-		  $$->gen_name = strdup($1);
-		  output_name ($$->gen_name);
-		  $$->val = $3;
-		  $$->optional = 0;
-		  $$->type = NULL;
-		  $$->prev = $$->next = $$;
-		}
-		;
-
-constant	: CONSTANT	{ $$ = $1; }
-		| IDENT	{
-				  Symbol *s = addsym($1);
-				  if(s->stype != SConstant)
-				    error_message ("%s is not a constant\n",
-						   s->name);
-				  else
-				    $$ = s->constant;
-				}
-		;
-%%
-
-void
-yyerror (char *s)
-{
-     error_message ("%s\n", s);
-}
-
-static Type *
-new_type (Typetype tt)
-{
-  Type *t = malloc(sizeof(*t));
-  if (t == NULL) {
-      error_message ("out of memory in malloc(%lu)", 
-		     (unsigned long)sizeof(*t));
-      exit (1);
-  }
-  t->type = tt;
-  t->application = 0;
-  t->members = NULL;
-  t->subtype = NULL;
-  t->symbol  = NULL;
-  return t;
-}
-
-static void
-append (Member *l, Member *r)
-{
-  l->prev->next = r;
-  r->prev = l->prev;
-  l->prev = r;
-  r->next = l;
-}
diff --git a/crypto/heimdal/lib/asn1/pkinit.asn1 b/crypto/heimdal/lib/asn1/pkinit.asn1
deleted file mode 100644
index 92c5de75daac..000000000000
--- a/crypto/heimdal/lib/asn1/pkinit.asn1
+++ /dev/null
@@ -1,189 +0,0 @@
-PKINIT DEFINITIONS ::= BEGIN
-
-IMPORTS  EncryptionKey, PrincipalName, Realm, KerberosTime, TypedData 
-	FROM krb5;
-IMPORTS SignedData, EnvelopedData FROM CMS;
-IMPORTS CertificateSerialNumber, AttributeTypeAndValue, Name FROM X509;
-
-
--- 3.1
-
-CertPrincipalName ::= SEQUENCE {
-	name-type[0]		INTEGER,
-	name-string[1]		SEQUENCE OF UTF8String
-}
-
-
--- 3.2.2
-
-
-TrustedCertifiers ::= SEQUENCE OF PrincipalName
-				-- X.500 name encoded as a principal name
-				-- see Section 3.1
-CertificateIndex  ::= INTEGER
-				-- 0 = 1st certificate,
-				--     (in order of encoding)
-				-- 1 = 2nd certificate, etc
-
-PA-PK-AS-REP ::= CHOICE {
-				-- PA TYPE 15
-	dhSignedData[0]		SignedData,
-				-- Defined in CMS and used only with
-				-- Diffie-Hellman key exchange (if the
-				-- client public value was present in the
-				-- request).
-				-- This choice MUST be supported
-				-- by compliant implementations.
-	encKeyPack[1]		EnvelopedData
-				-- Defined in CMS
-				-- The temporary key is encrypted
-				-- using the client public key
-				-- key
-				-- SignedReplyKeyPack, encrypted
-				-- with the temporary key, is also
-				-- included.
-}
-
-
-
-KdcDHKeyInfo ::= SEQUENCE {
-				-- used only when utilizing Diffie-Hellman
-	nonce[0]		INTEGER,
-				-- binds responce to the request
-	subjectPublicKey[2]	BIT STRING
-				-- Equals public exponent (g^a mod p)
-				-- INTEGER encoded as payload of
-				-- BIT STRING
-}
-
-ReplyKeyPack ::= SEQUENCE {
-				-- not used for Diffie-Hellman
-	replyKey[0]		EncryptionKey,
-				-- used to encrypt main reply
-				-- ENCTYPE is at least as strong as
-				-- ENCTYPE of session key
-	nonce[1]		INTEGER
-				-- binds response to the request
-				-- must be same as the nonce
-				-- passed in the PKAuthenticator
-}
-
--- subjectAltName EXTENSION ::= {
--- 	SYNTAX GeneralNames
--- 	IDENTIFIED BY id-ce-subjectAltName
--- }
-
-OtherName ::= SEQUENCE {
-	type-id			OBJECT IDENTIFIER,
-	value[0]		OCTET STRING
---	value[0] EXPLICIT ANY DEFINED BY type-id
-}
-
-GeneralName ::= CHOICE {
-	otherName       [0] OtherName,
-	...
-}
-
-GeneralNames ::= SEQUENCE -- SIZE(1..MAX)
-	OF GeneralName
-
-KerberosName ::= SEQUENCE {
-	realm[0]		Realm,
-				-- as defined in RFC 1510
-	principalName[1]	CertPrincipalName
-				-- defined above
-}
-
-
--- krb5 OBJECT IDENTIFIER ::= {
--- 	iso (1) org (3) dod (6) internet (1) security (5) kerberosv5 (2)
--- }
-
--- krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
-
--- 3.2.1
-
-
-IssuerAndSerialNumber ::= SEQUENCE {
-	issuer			Name,
-	serialNumber		CertificateSerialNumber
-}
-
-TrustedCas ::= CHOICE {
-	principalName[0]	KerberosName,
-				-- as defined below
-	caName[1]		Name,
-				-- fully qualified X.500 name
-				-- as defined by X.509
-	issuerAndSerial[2]	IssuerAndSerialNumber
-				-- Since a CA may have a number of
-				-- certificates, only one of which
-				-- a client trusts
-}
-
-PA-PK-AS-REQ ::= SEQUENCE {
-	-- PA TYPE 14
-	signedAuthPack[0]	SignedData,
-				-- defined in CMS [11]
-				-- AuthPack (below) defines the data
-				-- that is signed
-	trustedCertifiers[1]	SEQUENCE OF TrustedCas OPTIONAL,
-				-- CAs that the client trusts
-	kdcCert[2]		IssuerAndSerialNumber OPTIONAL,
-				-- as defined in CMS [11]
-				-- specifies a particular KDC
-				-- certificate if the client
-				-- already has it;
-	encryptionCert[3]	IssuerAndSerialNumber OPTIONAL
-				-- For example, this may be the
-				-- client's Diffie-Hellman
-				-- certificate, or it may be the
-				-- client's RSA encryption
-				-- certificate.
-}
-
-PKAuthenticator ::= SEQUENCE {
-	kdcName[0]		PrincipalName,
-	kdcRealm[1]		Realm,
-	cusec[2]		INTEGER,
-				-- for replay prevention as in RFC1510
-	ctime[3]		KerberosTime,
-				-- for replay prevention as in RFC1510
-	nonce[4]		INTEGER
-}
-
--- This is the real definition of AlgorithmIdentifier
--- AlgorithmIdentifier ::= SEQUENCE {
--- 	algorithm		ALGORITHM.&id,
---	parameters		ALGORITHM.&Type
--- }   -- as specified by the X.509 recommendation[10]
-
--- But we'll use this one instead:
-
-AlgorithmIdentifier ::= SEQUENCE {
-	algorithm		OBJECT IDENTIFIER,
-	parameters		CHOICE {
-					a INTEGER
-				}
-}
-
-
-
-SubjectPublicKeyInfo ::= SEQUENCE {
-	algorithm		AlgorithmIdentifier,
-				-- dhKeyAgreement
-	subjectPublicKey	BIT STRING
-				-- for DH, equals
-				-- public exponent (INTEGER encoded
-				-- as payload of BIT STRING)
-} -- as specified by the X.509 recommendation[10]
-
-AuthPack ::= SEQUENCE {
-	pkAuthenticator[0]	PKAuthenticator,
-	clientPublicValue[1]	SubjectPublicKeyInfo OPTIONAL
-				-- if client is using Diffie-Hellman
-				-- (ephemeral-ephemeral only)
-}
-
-
-END
diff --git a/crypto/heimdal/lib/asn1/rfc2459.asn1 b/crypto/heimdal/lib/asn1/rfc2459.asn1
deleted file mode 100644
index c9adec6093c6..000000000000
--- a/crypto/heimdal/lib/asn1/rfc2459.asn1
+++ /dev/null
@@ -1,21 +0,0 @@
-RFC2459 DEFINITIONS ::= BEGIN
-
-AttributeType ::= OBJECT-IDENTIFIER
-
-AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
-
-AttributeTypeAndValue ::= SEQUENCE {
-	type AttributeType,
-	value AttributeValue
-}
-
-RelativeDistinguishedName ::= --SET
-SEQUENCE OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE { -- RFC2459
-	x RDNSequence
-}
-
-END
-\ No newline at end of file
diff --git a/crypto/heimdal/lib/asn1/symbol.c b/crypto/heimdal/lib/asn1/symbol.c
deleted file mode 100644
index 5f69c1092543..000000000000
--- a/crypto/heimdal/lib/asn1/symbol.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gen_locl.h"
-
-RCSID("$Id: symbol.c,v 1.9 2001/09/25 13:39:27 assar Exp $");
-
-static Hashtab *htab;
-
-static int
-cmp (void *a, void *b)
-{
-  Symbol *s1 = (Symbol *)a;
-  Symbol *s2 = (Symbol *)b;
-
-  return strcmp (s1->name, s2->name);
-}
-
-static unsigned
-hash (void *a)
-{
-  Symbol *s = (Symbol *)a;
-
-  return hashjpw (s->name);
-}
-
-void
-initsym (void)
-{
-  htab = hashtabnew (101, cmp, hash);
-}
-
-
-void
-output_name (char *s)
-{
-  char *p;
-
-  for (p = s; *p; ++p)
-    if (*p == '-')
-      *p = '_';
-}
-
-Symbol*
-addsym (char *name)
-{
-  Symbol key, *s;
-
-  key.name = name;
-  s = (Symbol *)hashtabsearch (htab, (void *)&key);
-  if (s == NULL) {
-    s = (Symbol *)malloc (sizeof (*s));
-    s->name = name;
-    s->gen_name = strdup(name);
-    output_name (s->gen_name);
-    s->stype = SUndefined;
-    hashtabadd (htab, s);
-  }
-  return s;
-}
diff --git a/crypto/heimdal/lib/asn1/symbol.h b/crypto/heimdal/lib/asn1/symbol.h
deleted file mode 100644
index 1bd9cd8ade71..000000000000
--- a/crypto/heimdal/lib/asn1/symbol.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: symbol.h,v 1.6 2001/09/25 13:39:27 assar Exp $ */
-
-#ifndef _SYMBOL_H
-#define _SYMBOL_H
-
-enum typetype { TInteger, TOctetString, TBitString, TSequence, TSequenceOf,
-		TGeneralizedTime, TGeneralString, TApplication, TType, 
-		TUInteger, TEnumerated, TOID };
-
-typedef enum typetype Typetype;
-
-struct type;
-
-struct member {
-  char *name;
-  char *gen_name;
-  int val;
-  int optional;
-  struct type *type;
-  struct member *next, *prev;
-};
-
-typedef struct member Member;
-
-struct symbol;
-
-struct type {
-  Typetype type;
-  int application;
-  Member *members;
-  struct type *subtype;
-  struct symbol *symbol;
-};
-
-typedef struct type Type;
-
-struct symbol {
-  char *name;
-  char *gen_name;
-  enum { SUndefined, SConstant, Stype } stype;
-  int constant;
-  Type *type;
-};
-
-typedef struct symbol Symbol;
-
-void initsym (void);
-Symbol *addsym (char *);
-void output_name (char *);
-#endif
diff --git a/crypto/heimdal/lib/asn1/timegm.c b/crypto/heimdal/lib/asn1/timegm.c
deleted file mode 100644
index bdc997fa4460..000000000000
--- a/crypto/heimdal/lib/asn1/timegm.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "der_locl.h"
-
-RCSID("$Id: timegm.c,v 1.7 1999/12/02 17:05:02 joda Exp $");
-
-#ifndef HAVE_TIMEGM
-
-static int
-is_leap(unsigned y)
-{
-    y += 1900;
-    return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
-}
-
-time_t
-timegm (struct tm *tm)
-{
-  static const unsigned ndays[2][12] ={
-    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
-    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
-  time_t res = 0;
-  unsigned i;
-
-  for (i = 70; i < tm->tm_year; ++i)
-    res += is_leap(i) ? 366 : 365;
-
-  for (i = 0; i < tm->tm_mon; ++i)
-    res += ndays[is_leap(tm->tm_year)][i];
-  res += tm->tm_mday - 1;
-  res *= 24;
-  res += tm->tm_hour;
-  res *= 60;
-  res += tm->tm_min;
-  res *= 60;
-  res += tm->tm_sec;
-  return res;
-}
-
-#endif /* HAVE_TIMEGM */
diff --git a/crypto/heimdal/lib/asn1/x509.asn1 b/crypto/heimdal/lib/asn1/x509.asn1
deleted file mode 100644
index 4a15844c8563..000000000000
--- a/crypto/heimdal/lib/asn1/x509.asn1
+++ /dev/null
@@ -1,23 +0,0 @@
-X509 DEFINITIONS ::= BEGIN
-
-CertificateSerialNumber ::= INTEGER -- X.509 '97
-
-AttributeType ::= OBJECT-IDENTIFIER
-
-AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
-
-AttributeTypeAndValue ::= SEQUENCE {
-	type AttributeType,
-	value AttributeValue
-}
-
-RelativeDistinguishedName ::= --SET
-SEQUENCE OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE { -- RFC2459
-	x RDNSequence
-}
-
-END
-\ No newline at end of file
diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog
deleted file mode 100644
index e2211785504c..000000000000
--- a/crypto/heimdal/lib/auth/ChangeLog
+++ /dev/null
@@ -1,163 +0,0 @@
-2003-05-08  Love H�rnquist �strand <lha@it.su.se>
-
-	* sia/Makefile.am: 1.15->1.16: inline COMPILE since (modern)
-	automake doesn't add it by itself for some reason
-	
-2003-03-27  Love H�rnquist �strand <lha@it.su.se>
-	
-	* sia/Makefile.am: libkafs is always built now, lets include it
-	
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pam/Makefile.am: set SUFFIXES with +=
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* pam/Makefile.am: actually build the pam module
-
-2001-09-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/Makefile.am: also don't compress krb5 library, at least
-	siacfg fails with compressed libraries
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c: move krb5_error_code inside a ifdef KRB5
-	* sia/sia_locl.h: move roken.h earlier to grab definition of
-	socklen_t
-
-2001-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/krb5_matrix.conf: athena -> heimdal
-
-2001-07-17  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use make-rpath to sort rpath arguments
-
-2001-07-15  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/Makefile.am: use LIB_des, so that we link with
-	libcrypto/libdes from krb4
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use $(CC) instead of ld for linking
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: use LDFLAGS, and conditional libdes
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: make sure of using -rpath and not -R when
-	calling ld
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* pam/pam.c (psyslog): do not log to console
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am (libsia_krb5.so): actually run ld in the case
-	shared library case
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c (siad_ses_init): handle krb5_init_context failure
-	consistently
-	* afskauthlib/verify.c (verify_krb5): handle krb5_init_context
-	failure consistently
-
-2000-11-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/Makefile.am: use libtool
-
-	* afskauthlib/Makefile.am: work with krb4 only
-
-2000-07-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/Makefile.am: don't compress library, since 5.0 seems to have
-	a problem with this
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c: fixes for pag setting
-
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* sia/Makefile.am: try to link with shared libraries if we don't
- 	find any static ones
-
-1999-12-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sia/sia.c: don't use string concatenation with TKT_ROOT
-
-1999-11-15  Assar Westerlund  <assar@sics.se>
-
-	* */lib/Makefile.in: set LIBNAME.  From Enrico Scholz
- 	<Enrico.Scholz@informatik.tu-chemnitz.de>
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c (verify_krb5): update to new
- 	krb524_convert_creds_kdc
-
-1999-09-28  Assar Westerlund  <assar@sics.se>
-
-	* sia/sia.c (doauth): use krb5_get_local_realms and
- 	krb5_verify_user_lrealm
-
-	* afskauthlib/verify.c (verify_krb5): remove krb5_kuserok.  use
- 	krb5_verify_user_lrealm
-
-1999-08-27  Johan Danielsson  <joda@pdc.kth.se>
-
-	* pam/Makefile.in: link with res_search/dn_expand libraries
-
-1999-08-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskauthlib/verify.c: make this compile w/o krb4
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* afskauthlib/verify.c: incorporate patches from Miroslav Ruda
- 	<ruda@ics.muni.cz>
-
-Thu Apr  8 14:35:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia.c: remove definition of KRB_VERIFY_USER (moved to
- 	config.h)
-
-	* sia/Makefile.am: make it build w/o krb4
-
-	* afskauthlib/verify.c: add krb5 support
-
-	* afskauthlib/Makefile.am: build afskauthlib.so
-
-Wed Apr  7 14:06:22 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia.c: make it compile w/o krb4
-
-	* sia/Makefile.am: make it compile w/o krb4
-
-Thu Apr  1 18:09:23 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h
-
-Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* sia/Makefile.in: add posix_getpw.c
-	  
-	* sia/Makefile.am: makefile for sia
-	  
-	* sia/posix_getpw.c: move from sia.c
-	  
-	* sia/sia_locl.h: merge with krb5 version
-	  
-	* sia/sia.c: merge with krb5 version
-	  
-	* sia/sia5.c: remove unused variables
diff --git a/crypto/heimdal/lib/auth/Makefile b/crypto/heimdal/lib/auth/Makefile
deleted file mode 100644
index ae87f3ea7abf..000000000000
--- a/crypto/heimdal/lib/auth/Makefile
+++ /dev/null
@@ -1,605 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/auth/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.2 1999/03/21 17:11:08 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = 
-DIST_SUBDIRS = afskauthlib pam sia
-subdir = lib/auth
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-local \
-	install-data-recursive install-exec install-exec-am \
-	install-exec-recursive install-info install-info-am \
-	install-info-recursive install-man install-recursive \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am installdirs-recursive maintainer-clean \
-	maintainer-clean-generic maintainer-clean-recursive mostlyclean \
-	mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
-	tags tags-recursive uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/Makefile.am b/crypto/heimdal/lib/auth/Makefile.am
deleted file mode 100644
index 0310dc36d6cc..000000000000
--- a/crypto/heimdal/lib/auth/Makefile.am
+++ /dev/null
@@ -1,6 +0,0 @@
-# $Id: Makefile.am,v 1.2 1999/03/21 17:11:08 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-SUBDIRS = @LIB_AUTH_SUBDIRS@
-DIST_SUBDIRS = afskauthlib pam sia
diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in
deleted file mode 100644
index 77a5524dc626..000000000000
--- a/crypto/heimdal/lib/auth/Makefile.in
+++ /dev/null
@@ -1,607 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.2 1999/03/21 17:11:08 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-SUBDIRS = @LIB_AUTH_SUBDIRS@
-DIST_SUBDIRS = afskauthlib pam sia
-subdir = lib/auth
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-
-RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
-	uninstall-info-recursive all-recursive install-data-recursive \
-	install-exec-recursive installdirs-recursive install-recursive \
-	uninstall-recursive check-recursive installcheck-recursive
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-mostlyclean-recursive clean-recursive distclean-recursive \
-maintainer-clean-recursive:
-	@set fnord $$MAKEFLAGS; amf=$$2; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	   || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d $(distdir)/$$subdir \
-	    || mkdir $(distdir)/$$subdir \
-	    || exit 1; \
-	    (cd $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$(top_distdir)" \
-	        distdir=../$(distdir)/$$subdir \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-recursive
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
-
-distclean-am: clean-am distclean-generic distclean-libtool \
-	distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-recursive
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-uninstall-info: uninstall-info-recursive
-
-.PHONY: $(RECURSIVE_TARGETS) GTAGS all all-am all-local check check-am \
-	check-local clean clean-generic clean-libtool clean-recursive \
-	distclean distclean-generic distclean-libtool \
-	distclean-recursive distclean-tags distdir dvi dvi-am \
-	dvi-recursive info info-am info-recursive install install-am \
-	install-data install-data-am install-data-recursive \
-	install-exec install-exec-am install-exec-recursive \
-	install-info install-info-am install-info-recursive install-man \
-	install-recursive install-strip installcheck installcheck-am \
-	installdirs installdirs-am installdirs-recursive \
-	maintainer-clean maintainer-clean-generic \
-	maintainer-clean-recursive mostlyclean mostlyclean-generic \
-	mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
-	uninstall uninstall-am uninstall-info-am \
-	uninstall-info-recursive uninstall-recursive
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile b/crypto/heimdal/lib/auth/afskauthlib/Makefile
deleted file mode 100644
index 4158ca545d39..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile
+++ /dev/null
@@ -1,542 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/auth/afskauthlib/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.6 2001/07/15 04:21:07 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DEFS = -DHAVE_CONFIG_H
-
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-
-SRCS = verify.c
-OBJS = verify.o
-
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-
-#KAFS = $(top_builddir)/lib/kafs/libkafs.la
-
-L = \
-	$(KAFS)	\
-	$(top_builddir)/lib/krb5/libkrb5.la	\
-	$(top_builddir)/lib/asn1/libasn1.la	\
-	$(LIB_krb4)				\
-	$(LIB_des)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-
-#L = \
-#	$(KAFS)	\
-#	$(LIB_krb4)				\
-#	$(LIB_des)				\
-#	$(top_builddir)/lib/roken/libroken.la	\
-#	-lc
-
-subdir = lib/auth/afskauthlib
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DATA = $(foo_DATA)
-
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/afskauthlib/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-fooDATA
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-fooDATA install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-afskauthlib.so: $(OBJS)
-	$(LINK) -shared $(OBJS) $(L)
-
-.c.o:
-	$(COMPILE) -c $<
-
-$(OBJS): $(top_builddir)/include/config.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am b/crypto/heimdal/lib/auth/afskauthlib/Makefile.am
deleted file mode 100644
index 8d9faae46353..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am
+++ /dev/null
@@ -1,49 +0,0 @@
-# $Id: Makefile.am,v 1.6 2001/07/15 04:21:07 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-DEFS = @DEFS@
-
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-
-SUFFIXES += .c .o
-
-SRCS = verify.c
-OBJS = verify.o
-
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-
-afskauthlib.so: $(OBJS)
-	$(LINK) -shared $(OBJS) $(L)
-
-.c.o:
-	$(COMPILE) -c $<
-
-if KRB4
-KAFS = $(top_builddir)/lib/kafs/libkafs.la
-endif
-
-if KRB5
-L = \
-	$(KAFS)	\
-	$(top_builddir)/lib/krb5/libkrb5.la	\
-	$(top_builddir)/lib/asn1/libasn1.la	\
-	$(LIB_krb4)				\
-	$(LIB_des)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-
-else
-
-L = \
-	$(KAFS)	\
-	$(LIB_krb4)				\
-	$(LIB_des)				\
-	$(top_builddir)/lib/roken/libroken.la	\
-	-lc
-endif
-
-$(OBJS): $(top_builddir)/include/config.h
diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
deleted file mode 100644
index b332159f0a10..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in
+++ /dev/null
@@ -1,543 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.6 2001/07/15 04:21:07 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DEFS = @DEFS@
-
-foodir = $(libdir)
-foo_DATA = afskauthlib.so
-
-SRCS = verify.c
-OBJS = verify.o
-
-CLEANFILES = $(foo_DATA) $(OBJS) so_locations
-
-@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/libkafs.la
-
-@KRB5_TRUE@L = \
-@KRB5_TRUE@	$(KAFS)	\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/libkrb5.la	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la	\
-@KRB5_TRUE@	$(LIB_krb4)				\
-@KRB5_TRUE@	$(LIB_des)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/libroken.la	\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@L = \
-@KRB5_FALSE@	$(KAFS)	\
-@KRB5_FALSE@	$(LIB_krb4)				\
-@KRB5_FALSE@	$(LIB_des)				\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/libroken.la	\
-@KRB5_FALSE@	-lc
-
-subdir = lib/auth/afskauthlib
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DATA = $(foo_DATA)
-
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/afskauthlib/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-fooDATA install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \
-	uninstall-am uninstall-fooDATA uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-afskauthlib.so: $(OBJS)
-	$(LINK) -shared $(OBJS) $(L)
-
-.c.o:
-	$(COMPILE) -c $<
-
-$(OBJS): $(top_builddir)/include/config.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/afskauthlib/verify.c b/crypto/heimdal/lib/auth/afskauthlib/verify.c
deleted file mode 100644
index af8fb36969f9..000000000000
--- a/crypto/heimdal/lib/auth/afskauthlib/verify.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/*
- * Copyright (c) 1995-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verify.c,v 1.25 2001/06/18 13:11:33 assar Exp $");
-#endif
-#include <unistd.h>
-#include <sys/types.h>
-#include <pwd.h>
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#include <kafs.h>
-#endif
-#include <roken.h>
-
-#ifdef KRB5
-static char krb5ccname[128];
-#endif
-#ifdef KRB4
-static char krbtkfile[128];
-#endif
-
-/* 
-   In some cases is afs_gettktstring called twice (once before
-   afs_verify and once after afs_verify).
-   In some cases (rlogin with access allowed via .rhosts) 
-   afs_verify is not called!
-   So we can't rely on correct value in krbtkfile in some
-   cases!
-*/
-
-static int correct_tkfilename=0;
-static int pag_set=0;
-
-#ifdef KRB4
-static void
-set_krbtkfile(uid_t uid)
-{
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
-    krb_set_tkt_string (krbtkfile);
-    correct_tkfilename = 1;
-}
-#endif
-
-/* XXX this has to be the default cache name, since the KRB5CCNAME
- * environment variable isn't exported by login/xdm
- */
-
-#ifdef KRB5
-static void
-set_krb5ccname(uid_t uid)
-{
-    snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid);
-#ifdef KRB4
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
-#endif
-    correct_tkfilename = 1;
-}
-#endif
-
-static void
-set_spec_krbtkfile(void)
-{
-    int fd;
-#ifdef KRB4
-    snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT);
-    fd = mkstemp(krbtkfile);
-    close(fd);
-    unlink(krbtkfile); 
-    krb_set_tkt_string (krbtkfile);
-#endif
-#ifdef KRB5
-    snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX");
-    fd=mkstemp(krb5ccname+5);
-    close(fd);
-    unlink(krb5ccname+5);
-#endif
-}
-
-#ifdef KRB5
-static int
-verify_krb5(struct passwd *pwd,
-	    char *password,
-	    int32_t *exp,
-	    int quiet)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_ccache ccache;
-    krb5_principal principal;
-    
-    ret = krb5_init_context(&context);
-    if (ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret);
-	goto out;
-    }
-
-    ret = krb5_parse_name (context, pwd->pw_name, &principal);
-    if (ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    set_krb5ccname(pwd->pw_uid);
-    ret = krb5_cc_resolve(context, krb5ccname, &ccache);
-    if(ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    ret = krb5_verify_user_lrealm(context,
-				  principal,
-				  ccache,
-				  password,
-				  TRUE,
-				  NULL);
-    if(ret) {
-	syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", 
-	       krb5_get_err_text(context, ret));
-	goto out;
-    }
-
-    if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) {
-	syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", 
-	       krb5_get_err_text(context, errno));
-	goto out;
-    }
-
-#ifdef KRB4
-    if (krb5_config_get_bool(context, NULL,
-			     "libdefaults",
-			     "krb4_get_tickets",
-			     NULL)) {
-	CREDENTIALS c;
-	krb5_creds mcred, cred;
-        krb5_realm realm;
-
-        krb5_get_default_realm(context, &realm);
-	krb5_make_principal(context, &mcred.server, realm,
-			    "krbtgt",
-			    realm,
-			    NULL);
-	free (realm);
-	ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
-	if(ret == 0) {
-	    ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c);
-	    if(ret)
-		krb5_warn(context, ret, "converting creds");
-	    else {
-		set_krbtkfile(pwd->pw_uid);
-		tf_setup(&c, c.pname, c.pinst); 
-	    }
-	    memset(&c, 0, sizeof(c));
-	    krb5_free_creds_contents(context, &cred);
-	} else
-	    syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", 
-		   krb5_get_err_text(context, ret));
-	    
-	krb5_free_principal(context, mcred.server);
-    }
-    if (!pag_set && k_hasafs()) {
-	k_setpag();
-	pag_set = 1;
-    }
-
-    if (pag_set)
-	krb5_afslog_uid_home(context, ccache, NULL, NULL, 
-			     pwd->pw_uid, pwd->pw_dir);
-#endif
-out:
-    if(ret && !quiet)
-	printf ("%s\n", krb5_get_err_text (context, ret));
-    return ret;
-}
-#endif
-
-#ifdef KRB4
-static int
-verify_krb4(struct passwd *pwd,
-	    char *password,
-	    int32_t *exp,
-	    int quiet)
-{
-    int ret = 1;
-    char lrealm[REALM_SZ];
-    
-    if (krb_get_lrealm (lrealm, 1) != KFAILURE) {
-	set_krbtkfile(pwd->pw_uid);
-	ret = krb_verify_user (pwd->pw_name, "", lrealm, password,
-			       KRB_VERIFY_SECURE, NULL);
-	if (ret == KSUCCESS) {
-	    if (!pag_set && k_hasafs()) {
-		k_setpag ();
-		pag_set = 1;
-            }
-            if (pag_set)
-		krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir);
-	} else if (!quiet)
-	    printf ("%s\n", krb_get_err_text (ret));
-    }
-    return ret;
-}
-#endif
-
-int
-afs_verify(char *name,
-	   char *password,
-	   int32_t *exp,
-	   int quiet)
-{
-    int ret = 1;
-    struct passwd *pwd = k_getpwnam (name);
-
-    if(pwd == NULL)
-	return 1;
-
-    if (!pag_set && k_hasafs()) {
-        k_setpag();
-        pag_set=1;
-    }
-
-    if (ret)
-	ret = unix_verify_user (name, password);
-#ifdef KRB5
-    if (ret)
-	ret = verify_krb5(pwd, password, exp, quiet);
-#endif
-#ifdef KRB4
-    if(ret)
-	ret = verify_krb4(pwd, password, exp, quiet);
-#endif
-    return ret;
-}
-
-char *
-afs_gettktstring (void)
-{
-    char *ptr;
-    struct passwd *pwd;
-
-    if (!correct_tkfilename) {
-	ptr = getenv("LOGNAME"); 
-	if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) {
-	    set_krb5ccname(pwd->pw_uid);
-#ifdef KRB4
-	    set_krbtkfile(pwd->pw_uid);
-	    if (!pag_set && k_hasafs()) {
-                k_setpag();
-                pag_set=1;
-	    }
-#endif
-	} else {
-	    set_spec_krbtkfile();
-	}
-    }
-#ifdef KRB5
-    esetenv("KRB5CCNAME",krb5ccname,1);
-#endif
-#ifdef KRB4
-    esetenv("KRBTKFILE",krbtkfile,1);
-    return krbtkfile;
-#else
-    return "";
-#endif
-}
diff --git a/crypto/heimdal/lib/auth/pam/Makefile b/crypto/heimdal/lib/auth/pam/Makefile
deleted file mode 100644
index 210653d88f0c..000000000000
--- a/crypto/heimdal/lib/auth/pam/Makefile
+++ /dev/null
@@ -1,555 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/auth/pam/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.4 2002/05/19 18:43:44 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DEFS = -DHAVE_CONFIG_H
-
-#KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-#KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-
-#L = \
-#	$(KAFS)						\
-#	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-#	$(LIB_des_a)		\
-#	$(top_builddir)/lib/roken/.libs/libroken.a	\
-#	-lc
-
-
-#L_shared = \
-#	$(KAFS_S)					\
-#	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-#	$(LIB_des_so)		\
-#	$(top_builddir)/lib/roken/.libs/libroken.so	\
-#	$(LIB_getpwnam_r)				\
-#	-lc
-
-
-#MOD = pam_krb4.so
-
-EXTRA_DIST = pam.conf.add
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = 
-
-OBJS = pam.o
-
-CLEANFILES = $(MOD) $(OBJS)
-subdir = lib/auth/pam
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DATA = $(foo_DATA)
-
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/pam/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-fooDATA
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-fooDATA install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-.c.o:
-	$(COMPILE) -c $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.am b/crypto/heimdal/lib/auth/pam/Makefile.am
deleted file mode 100644
index 963d2ce5ae98..000000000000
--- a/crypto/heimdal/lib/auth/pam/Makefile.am
+++ /dev/null
@@ -1,63 +0,0 @@
-# $Id: Makefile.am,v 1.4 2002/05/19 18:43:44 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-DEFS = @DEFS@
-
-## this is horribly ugly, but automake/libtool doesn't allow us to
-## unconditionally build shared libraries, and it does not allow us to
-## link with non-installed libraries
-
-if KRB4
-KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-	$(LIB_des_a)		\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-	$(LIB_des_so)		\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = pam_krb4.so
-
-endif
-
-EXTRA_DIST = pam.conf.add
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@
-
-OBJS = pam.o
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-CLEANFILES = $(MOD) $(OBJS)
-
-SUFFIXES += .c .o
-
-.c.o:
-	$(COMPILE) -c $<
diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in
deleted file mode 100644
index 035684677184..000000000000
--- a/crypto/heimdal/lib/auth/pam/Makefile.in
+++ /dev/null
@@ -1,556 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.4 2002/05/19 18:43:44 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DEFS = @DEFS@
-
-@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-
-@KRB4_TRUE@L = \
-@KRB4_TRUE@	$(KAFS)						\
-@KRB4_TRUE@	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-@KRB4_TRUE@	$(LIB_des_a)		\
-@KRB4_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB4_TRUE@	-lc
-
-
-@KRB4_TRUE@L_shared = \
-@KRB4_TRUE@	$(KAFS_S)					\
-@KRB4_TRUE@	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-@KRB4_TRUE@	$(LIB_des_so)		\
-@KRB4_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB4_TRUE@	$(LIB_getpwnam_r)				\
-@KRB4_TRUE@	-lc
-
-
-@KRB4_TRUE@MOD = pam_krb4.so
-
-EXTRA_DIST = pam.conf.add
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@
-
-OBJS = pam.o
-
-CLEANFILES = $(MOD) $(OBJS)
-subdir = lib/auth/pam
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DATA = $(foo_DATA)
-
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/pam/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-fooDATA install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \
-	uninstall-am uninstall-fooDATA uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-pam_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
-		$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
-		$(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-
-.c.o:
-	$(COMPILE) -c $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c
deleted file mode 100644
index 68446c3fc957..000000000000
--- a/crypto/heimdal/lib/auth/pam/pam.c
+++ /dev/null
@@ -1,443 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include<config.h>
-RCSID("$Id: pam.c,v 1.28 2002/09/09 15:57:24 joda Exp $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <syslog.h>
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
-#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
-#endif
-
-#include <netinet/in.h>
-#include <krb.h>
-#include <kafs.h>
-
-#if 0
-/* Debugging PAM modules is a royal pain, truss helps. */
-#define DEBUG(msg) (access(msg " at line", __LINE__))
-#endif
-
-static void
-psyslog(int level, const char *format, ...)
-{
-  va_list args;
-  va_start(args, format);
-  openlog("pam_krb4", LOG_PID, LOG_AUTH);
-  vsyslog(level, format, args);
-  va_end(args);
-  closelog();
-}
-
-enum {
-  KRB4_DEBUG,
-  KRB4_USE_FIRST_PASS,
-  KRB4_TRY_FIRST_PASS,
-  KRB4_IGNORE_ROOT,
-  KRB4_NO_VERIFY,
-  KRB4_REAFSLOG,
-  KRB4_CTRLS			/* Number of ctrl arguments defined. */
-};
-
-#define KRB4_DEFAULTS  0
-
-static int ctrl_flags = KRB4_DEFAULTS;
-#define ctrl_on(x)  (krb4_args[x].flag & ctrl_flags)
-#define ctrl_off(x) (!ctrl_on(x))
-
-typedef struct
-{
-  const char *token;
-  unsigned int flag;
-} krb4_ctrls_t;
-
-static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
-{
-  /* KRB4_DEBUG          */ { "debug",          0x01 },
-  /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
-  /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
-  /* KRB4_IGNORE_ROOT    */ { "ignore_root",    0x08 },
-  /* KRB4_NO_VERIFY      */ { "no_verify",      0x10 },
-  /* KRB4_REAFSLOG       */ { "reafslog",       0x20 },
-};
-
-static void
-parse_ctrl(int argc, const char **argv)
-{
-  int i, j;
-
-  ctrl_flags = KRB4_DEFAULTS;
-  for (i = 0; i < argc; i++)
-    {
-      for (j = 0; j < KRB4_CTRLS; j++)
-	if (strcmp(argv[i], krb4_args[j].token) == 0)
-	  break;
-    
-      if (j >= KRB4_CTRLS)
-	psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
-      else
-	ctrl_flags |= krb4_args[j].flag;
-    }
-}
-
-static void
-pdeb(const char *format, ...)
-{
-  va_list args;
-  if (ctrl_off(KRB4_DEBUG))
-    return;
-  va_start(args, format);
-  openlog("pam_krb4", LOG_PID, LOG_AUTH);
-  vsyslog(LOG_DEBUG, format, args);
-  va_end(args);
-  closelog();
-}
-
-#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
-
-static void
-set_tkt_string(uid_t uid)
-{
-  char buf[128];
-
-  snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
-  krb_set_tkt_string(buf);
-
-#if 0
-  /* pam_set_data+pam_get_data are not guaranteed to work, grr. */
-  pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
-  if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
-    {
-      pam_putenv(pamh, var);
-    }
-#endif
-
-  /* We don't want to inherit this variable.
-   * If we still do, it must have a sane value. */
-  if (getenv("KRBTKFILE") != 0)
-    {
-      char *var = malloc(sizeof(buf));
-      snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
-      putenv(var);
-      /* free(var); XXX */
-    }
-}
-
-static int
-verify_pass(pam_handle_t *pamh,
-	    const char *name,
-	    const char *inst,
-	    const char *pass)
-{
-  char realm[REALM_SZ];
-  int ret, krb_verify, old_euid, old_ruid;
-
-  krb_get_lrealm(realm, 1);
-  if (ctrl_on(KRB4_NO_VERIFY))
-    krb_verify = KRB_VERIFY_SECURE_FAIL;
-  else
-    krb_verify = KRB_VERIFY_SECURE;
-  old_ruid = getuid();
-  old_euid = geteuid();
-  setreuid(0, 0);
-  ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
-  pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
-       name, inst, realm, krb_verify,
-       krb_get_err_text(ret));
-  setreuid(old_ruid, old_euid);
-  if (getuid() != old_ruid || geteuid() != old_euid)
-    {
-      psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
-	      old_ruid, old_euid, __LINE__);
-      exit(1);
-    }
-    
-  switch(ret) {
-  case KSUCCESS:
-    return PAM_SUCCESS;
-  case KDC_PR_UNKNOWN:
-    return PAM_USER_UNKNOWN;
-  case SKDC_CANT:
-  case SKDC_RETRY:
-  case RD_AP_TIME:
-    return PAM_AUTHINFO_UNAVAIL;
-  default:
-    return PAM_AUTH_ERR;
-  }
-}
-
-static int
-krb4_auth(pam_handle_t *pamh,
-	  int flags,
-	  const char *name,
-	  const char *inst,
-	  struct pam_conv *conv)
-{
-  struct pam_response *resp;
-  char prompt[128];
-  struct pam_message msg, *pmsg = &msg;
-  int ret;
-
-  if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
-    {
-      char *pass = 0;
-      ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
-      if (ret != PAM_SUCCESS)
-        {
-          psyslog(LOG_ERR , "pam_get_item returned error to get-password");
-          return ret;
-        }
-      else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
-	return PAM_SUCCESS;
-      else if (ctrl_on(KRB4_USE_FIRST_PASS))
-	return PAM_AUTHTOK_RECOVERY_ERR;       /* Wrong password! */
-      else
-	/* We tried the first password but it didn't work, cont. */;
-    }
-
-  msg.msg_style = PAM_PROMPT_ECHO_OFF;
-  if (*inst == 0)
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
-  else
-    snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
-  msg.msg = prompt;
-
-  ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  ret = verify_pass(pamh, name, inst, resp->resp);
-  if (ret == PAM_SUCCESS)
-    {
-      memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
-      free(resp->resp);
-      free(resp);
-    }
-  else
-    {
-      pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
-      /* free(resp->resp); XXX */
-      /* free(resp); XXX */
-    }
-  
-  return ret;
-}
-
-int
-pam_sm_authenticate(pam_handle_t *pamh,
-		    int flags,
-		    int argc,
-		    const char **argv)
-{
-  char *user;
-  int ret;
-  struct pam_conv *conv;
-  struct passwd *pw;
-  uid_t uid = -1;
-  const char *name, *inst;
-  char realm[REALM_SZ];
-  realm[0] = 0;
-
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_authenticate");
-
-  ret = pam_get_user(pamh, &user, "login: ");
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
-    return PAM_AUTHINFO_UNAVAIL;
-
-  ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
-  if (ret != PAM_SUCCESS)
-    return ret;
-
-  pw = getpwnam(user);
-  if (pw != 0)
-    {
-      uid = pw->pw_uid;
-      set_tkt_string(uid);
-    }
-    
-  if (strcmp(user, "root") == 0 && getuid() != 0)
-    {
-      pw = getpwuid(getuid());
-      if (pw != 0)
-	{
-	  name = strdup(pw->pw_name);
-	  inst = "root";
-	}
-    }
-  else
-    {
-      name = user;
-      inst = "";
-    }
-
-  ret = krb4_auth(pamh, flags, name, inst, conv);
-
-  /*
-   * The realm was lost inside krb_verify_user() so we can't simply do
-   * a krb_kuserok() when inst != "".
-   */
-  if (ret == PAM_SUCCESS && inst[0] != 0)
-    {
-      uid_t old_euid = geteuid();
-      uid_t old_ruid = getuid();
-
-      setreuid(0, 0);		/* To read ticket file. */
-      if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
-	ret = PAM_SERVICE_ERR;
-      else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
-	{
-	  setreuid(0, uid);	/*  To read ~/.klogin. */
-	  if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
-	    ret = PAM_PERM_DENIED;
-	}
-
-      if (ret != PAM_SUCCESS)
-	{
-	  dest_tkt();		/* Passwd known, ok to kill ticket. */
-	  psyslog(LOG_NOTICE,
-		  "%s.%s@%s is not allowed to log in as %s",
-		  name, inst, realm, user);
-	}
-
-      setreuid(old_ruid, old_euid);
-      if (getuid() != old_ruid || geteuid() != old_euid)
-	{
-	  psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
-		  old_ruid, old_euid, __LINE__);
-	  exit(1);
-	}
-    }
-
-  if (ret == PAM_SUCCESS)
-    {
-      psyslog(LOG_INFO,
-	      "%s.%s@%s authenticated as user %s",
-	      name, inst, realm, user);
-      if (chown(tkt_string(), uid, -1) == -1)
-	{
-	  dest_tkt();
-	  psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
-	  exit(1);
-	}
-    }
-
-  /*
-   * Kludge alert!!! Sun dtlogin unlock screen fails to call
-   * pam_setcred(3) with PAM_REFRESH_CRED after a successful
-   * authentication attempt, sic.
-   *
-   * This hack is designed as a workaround to that problem.
-   */
-  if (ctrl_on(KRB4_REAFSLOG))
-    if (ret == PAM_SUCCESS)
-      pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
-  
-  return ret;
-}
-
-int 
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_setcred");
-
-  switch (flags & ~PAM_SILENT) {
-  case 0:
-  case PAM_ESTABLISH_CRED:
-    if (k_hasafs())
-      k_setpag();
-    /* Fall through, fill PAG with credentials below. */
-  case PAM_REINITIALIZE_CRED:
-  case PAM_REFRESH_CRED:
-    if (k_hasafs())
-      {
-	void *user = 0;
-
-	if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
-	  {
-	    struct passwd *pw = getpwnam((char *)user);
-	    if (pw != 0)
-	      krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
-				  pw->pw_uid, pw->pw_dir);
-	  }
-      }
-    break;
-  case PAM_DELETE_CRED:
-    dest_tkt();
-    if (k_hasafs())
-      k_unlog();
-    break;
-  default:
-    psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
-    break;
-  }
-  
-  return PAM_SUCCESS;
-}
-
-int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_open_session");
-
-  return PAM_SUCCESS;
-}
-
-
-int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
-{
-  parse_ctrl(argc, argv);
-  ENTRY("pam_sm_close_session");
-
-  /* This isn't really kosher, but it's handy. */
-  pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
-
-  return PAM_SUCCESS;
-}
diff --git a/crypto/heimdal/lib/auth/pam/pam.conf.add b/crypto/heimdal/lib/auth/pam/pam.conf.add
deleted file mode 100644
index 7db3e3d85a30..000000000000
--- a/crypto/heimdal/lib/auth/pam/pam.conf.add
+++ /dev/null
@@ -1,97 +0,0 @@
-To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
-
---- /etc/pam.conf.DIST	Mon Jul 20 15:37:46 1998
-+++ /etc/pam.conf	Tue Feb 15 19:39:12 2000
-@@ -4,15 +4,19 @@
- #
- # Authentication management
- #
-+login	auth sufficient	/usr/athena/lib/pam_krb4.so
- login	auth required 	/usr/lib/security/pam_unix.so.1 
- login	auth required 	/usr/lib/security/pam_dial_auth.so.1 
- #
- rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
- rlogin	auth required 	/usr/lib/security/pam_unix.so.1
- #
-+dtlogin	auth sufficient	/usr/athena/lib/pam_krb4.so
- dtlogin	auth required 	/usr/lib/security/pam_unix.so.1 
- #
- rsh	auth required	/usr/lib/security/pam_rhosts_auth.so.1
-+# Reafslog is for dtlogin lock display
-+other	auth sufficient	/usr/athena/lib/pam_krb4.so reafslog
- other	auth required	/usr/lib/security/pam_unix.so.1
- #
- # Account management
-@@ -24,6 +28,8 @@
- #
- # Session management
- #
-+dtlogin	session required	/usr/athena/lib/pam_krb4.so
-+login	session required	/usr/athena/lib/pam_krb4.so
- other	session required	/usr/lib/security/pam_unix.so.1 
- #
- # Password management
----------------------------------------------------------------------------
-To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches:
-
---- /etc/pam.d/login~	Tue Dec  7 12:01:35 1999
-+++ /etc/pam.d/login	Wed May 31 16:27:55 2000
-@@ -1,9 +1,12 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_securetty.so
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so nullok use_authtok md5 shadow
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional	/lib/security/pam_console.so
---- /etc/pam.d/xdm~	Wed May 31 16:33:54 2000
-+++ /etc/pam.d/xdm	Wed May 31 16:28:29 2000
-@@ -1,8 +1,11 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so shadow nullok use_authtok
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional     /lib/security/pam_console.so
---- /etc/pam.d/gdm~	Wed May 31 16:33:54 2000
-+++ /etc/pam.d/gdm	Wed May 31 16:34:28 2000
-@@ -1,8 +1,11 @@
- #%PAM-1.0
-+# Updated to work with kerberos
-+auth       sufficient   /usr/athena/lib/pam_krb4.so.1.0.1
- auth       required	/lib/security/pam_pwdb.so shadow nullok
- auth       required	/lib/security/pam_nologin.so
- account    required	/lib/security/pam_pwdb.so
- password   required	/lib/security/pam_cracklib.so
- password   required	/lib/security/pam_pwdb.so shadow nullok use_authtok
-+session    required     /usr/athena/lib/pam_krb4.so.1.0.1
- session    required	/lib/security/pam_pwdb.so
- session    optional     /lib/security/pam_console.so
-
---------------------------------------------------------------------------
-
-This stuff may work under some other system.
-
-# To get this to work, you will have to add entries to /etc/pam.conf
-#
-# To make login kerberos-aware, you might change pam.conf to look
-# like:
-
-# login authorization
-login   auth       sufficient   /lib/security/pam_krb4.so
-login   auth       required     /lib/security/pam_securetty.so
-login   auth       required     /lib/security/pam_unix_auth.so
-login   account    required     /lib/security/pam_unix_acct.so
-login   password   required     /lib/security/pam_unix_passwd.so
-login   session    required     /lib/security/pam_krb4.so
-login   session    required     /lib/security/pam_unix_session.so
diff --git a/crypto/heimdal/lib/auth/sia/Makefile b/crypto/heimdal/lib/auth/sia/Makefile
deleted file mode 100644
index 6bf959fa0ad1..000000000000
--- a/crypto/heimdal/lib/auth/sia/Makefile
+++ /dev/null
@@ -1,598 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/auth/sia/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.14 2001/09/18 13:04:15 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DEFS = -DHAVE_CONFIG_H
-
-#KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-#KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-	$(LIB_krb4)					\
-	$(LIB_des_a)					\
-	$(LIB_com_err_a)				\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-#L = \
-#	$(KAFS)						\
-#	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-#	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-#	$(LIB_des_a)		\
-#	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-#	$(top_builddir)/lib/roken/.libs/libroken.a	\
-#	$(LIB_getpwnam_r)				\
-#	-lc
-
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-	$(LIB_krb4)					\
-	$(LIB_des_so)					\
-	$(LIB_com_err_so)				\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-#L_shared = \
-#	$(KAFS_S)					\
-#	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-#	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-#	$(LIB_des_so)		\
-#	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-#	$(top_builddir)/lib/roken/.libs/libroken.so	\
-#	$(LIB_getpwnam_r)				\
-#	-lc
-
-
-MOD = libsia_krb5.so
-#MOD = libsia_krb4.so
-
-EXTRA_DIST = sia.c krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf security.patch
-
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS =  -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-
-OBJS = sia.o posix_getpw.o
-
-CLEANFILES = $(MOD) $(OBJS) so_locations
-subdir = lib/auth/sia
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DATA = $(foo_DATA)
-
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/sia/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-fooDATA
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-fooDATA install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \
-	uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-.c.o:
-	$(COMPILE) -c $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am
deleted file mode 100644
index 30bf011cd96d..000000000000
--- a/crypto/heimdal/lib/auth/sia/Makefile.am
+++ /dev/null
@@ -1,112 +0,0 @@
-# $Id: Makefile.am,v 1.15.2.1 2003/05/08 10:31:48 lha Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4)
-
-WFLAGS += $(WFLAGS_NOIMPLICITINT)
-
-DEFS = @DEFS@
-
-## this is horribly ugly, but automake/libtool doesn't allow us to
-## unconditionally build shared libraries, and it does not allow us to
-## link with non-installed libraries
-
-KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
-
-if KRB5
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-	$(LIB_krb4)					\
-	$(LIB_des_a)					\
-	$(LIB_com_err_a)				\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-	$(LIB_krb4)					\
-	$(LIB_des_so)					\
-	$(LIB_com_err_so)				\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = libsia_krb5.so
-
-else
-
-L = \
-	$(KAFS)						\
-	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-	$(LIB_des_a)		\
-	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-	$(top_builddir)/lib/roken/.libs/libroken.a	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-L_shared = \
-	$(KAFS_S)					\
-	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-	$(LIB_des_so)		\
-	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-	$(top_builddir)/lib/roken/.libs/libroken.so	\
-	$(LIB_getpwnam_r)				\
-	-lc
-
-MOD = libsia_krb4.so
-
-endif
-
-EXTRA_DIST = sia.c krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf security.patch
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-
-OBJS = sia.o posix_getpw.o
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-CLEANFILES = $(MOD) $(OBJS) so_locations
-
-SUFFIXES += .c .o
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in
deleted file mode 100644
index 0999ee500b6f..000000000000
--- a/crypto/heimdal/lib/auth/sia/Makefile.in
+++ /dev/null
@@ -1,603 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.15.2.1 2003/05/08 10:31:48 lha Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-
-WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-DEFS = @DEFS@
-
-KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
-KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
-
-@KRB5_TRUE@L = \
-@KRB5_TRUE@	$(KAFS)						\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/.libs/libkrb5.a	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/.libs/libasn1.a	\
-@KRB5_TRUE@	$(LIB_krb4)					\
-@KRB5_TRUE@	$(LIB_des_a)					\
-@KRB5_TRUE@	$(LIB_com_err_a)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB5_TRUE@	$(LIB_getpwnam_r)				\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@L = \
-@KRB5_FALSE@	$(KAFS)						\
-@KRB5_FALSE@	$(top_builddir)/lib/kadm/.libs/libkadm.a	\
-@KRB5_FALSE@	$(top_builddir)/lib/krb/.libs/libkrb.a		\
-@KRB5_FALSE@	$(LIB_des_a)		\
-@KRB5_FALSE@	$(top_builddir)/lib/com_err/.libs/libcom_err.a	\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/.libs/libroken.a	\
-@KRB5_FALSE@	$(LIB_getpwnam_r)				\
-@KRB5_FALSE@	-lc
-
-
-@KRB5_TRUE@L_shared = \
-@KRB5_TRUE@	$(KAFS_S)					\
-@KRB5_TRUE@	$(top_builddir)/lib/krb5/.libs/libkrb5.so	\
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/.libs/libasn1.so	\
-@KRB5_TRUE@	$(LIB_krb4)					\
-@KRB5_TRUE@	$(LIB_des_so)					\
-@KRB5_TRUE@	$(LIB_com_err_so)				\
-@KRB5_TRUE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB5_TRUE@	$(LIB_getpwnam_r)				\
-@KRB5_TRUE@	-lc
-
-@KRB5_FALSE@L_shared = \
-@KRB5_FALSE@	$(KAFS_S)					\
-@KRB5_FALSE@	$(top_builddir)/lib/kadm/.libs/libkadm.so	\
-@KRB5_FALSE@	$(top_builddir)/lib/krb/.libs/libkrb.so		\
-@KRB5_FALSE@	$(LIB_des_so)		\
-@KRB5_FALSE@	$(top_builddir)/lib/com_err/.libs/libcom_err.so	\
-@KRB5_FALSE@	$(top_builddir)/lib/roken/.libs/libroken.so	\
-@KRB5_FALSE@	$(LIB_getpwnam_r)				\
-@KRB5_FALSE@	-lc
-
-
-@KRB5_TRUE@MOD = libsia_krb5.so
-@KRB5_FALSE@MOD = libsia_krb4.so
-
-EXTRA_DIST = sia.c krb4_matrix.conf krb4+c2_matrix.conf \
-	krb5_matrix.conf krb5+c2_matrix.conf security.patch
-
-
-foodir = $(libdir)
-foo_DATA = $(MOD)
-
-LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* 
-
-OBJS = sia.o posix_getpw.o
-
-CLEANFILES = $(MOD) $(OBJS) so_locations
-subdir = lib/auth/sia
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-DATA = $(foo_DATA)
-
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/auth/sia/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(DATA) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-info-am
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-fooDATA install-info install-info-am \
-	install-man install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \
-	uninstall-am uninstall-fooDATA uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-libsia_krb5.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-libsia_krb4.so: $(OBJS)
-	@if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
-	elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
-		echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
-		$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
-	else \
-		echo "missing libraries"; exit 1; \
-	fi
-	ostrip -x $@
-
-# XXX inline COMPILE since automake wont add it
-
-.c.o:
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
-	-c `test -f '$<' || echo '$(srcdir)/'`$<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf
deleted file mode 100644
index 4b90e0264a37..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright (c) 1998 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-
-# $Id: krb4+c2_matrix.conf,v 1.4 1999/12/02 16:58:37 joda Exp $
-
-# sia matrix configuration file (Kerberos 4 + C2)
-
-siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4_matrix.conf
deleted file mode 100644
index 4f55a810ce71..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-# Copyright (c) 1998 Kungliga Tekniska H�gskolan
-# (Royal Institute of Technology, Stockholm, Sweden). 
-# All rights reserved. 
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met: 
-#
-# 1. Redistributions of source code must retain the above copyright 
-#    notice, this list of conditions and the following disclaimer. 
-#
-# 2. Redistributions in binary form must reproduce the above copyright 
-#    notice, this list of conditions and the following disclaimer in the 
-#    documentation and/or other materials provided with the distribution. 
-#
-# 3. Neither the name of the Institute nor the names of its contributors 
-#    may be used to endorse or promote products derived from this software 
-#    without specific prior written permission. 
-#
-# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-# SUCH DAMAGE. 
-
-# $Id: krb4_matrix.conf,v 1.6 1999/12/02 16:58:37 joda Exp $
-
-# sia matrix configuration file (Kerberos 4 + BSD)
-
-siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) 
-siad_chk_invoker=(BSD,libc.so)
-siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)
-siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_estab=(BSD,libc.so)
-siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chg_finger=(BSD,libc.so)
-siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chg_shell=(BSD,libc.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
-
diff --git a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf
deleted file mode 100644
index c2952e2db8f6..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: krb5+c2_matrix.conf,v 1.2 1998/11/26 20:58:18 assar Exp $
-
-# sia matrix configuration file (Kerberos 5 + C2)
-
-siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
-siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
-siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
diff --git a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5_matrix.conf
deleted file mode 100644
index e8804725dde5..000000000000
--- a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id: krb5_matrix.conf,v 1.2 2001/08/28 08:49:20 joda Exp $
-
-# sia matrix configuration file (Kerberos 5 + BSD)
-
-siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) 
-siad_chk_invoker=(BSD,libc.so)
-siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)
-siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_estab=(BSD,libc.so)
-siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_ses_reauthent=(BSD,libc.so)
-siad_chg_finger=(BSD,libc.so)
-siad_chg_password=(BSD,libc.so)
-siad_chg_shell=(BSD,libc.so)
-siad_getpwent=(BSD,libc.so)
-siad_getpwuid=(BSD,libc.so)
-siad_getpwnam=(BSD,libc.so)
-siad_setpwent=(BSD,libc.so)
-siad_endpwent=(BSD,libc.so)
-siad_getgrent=(BSD,libc.so)
-siad_getgrgid=(BSD,libc.so)
-siad_getgrnam=(BSD,libc.so)
-siad_setgrent=(BSD,libc.so)
-siad_endgrent=(BSD,libc.so)
-siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
-siad_chk_user=(BSD,libc.so)
diff --git a/crypto/heimdal/lib/auth/sia/make-rpath b/crypto/heimdal/lib/auth/sia/make-rpath
deleted file mode 100755
index 2223aa00b00e..000000000000
--- a/crypto/heimdal/lib/auth/sia/make-rpath
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-# $Id: make-rpath,v 1.1 2001/07/17 15:15:31 assar Exp $
-rlist=
-rest=
-while test $# -gt 0; do
-case $1 in
--R|-rpath)
-  if test "$rlist"; then
-    rlist="${rlist}:$2"
-  else
-    rlist="$2"
-  fi
-  shift 2
-  ;;
--R*) 
-  d=`echo $1 | sed 's,^-R,,'`
-  if test "$rlist"; then
-    rlist="${rlist}:${d}"
-  else
-    rlist="${d}"
-  fi
-  shift
-  ;;
-*)
-  rest="${rest} $1"
-  shift
-  ;;
-esac
-done
-rpath=
-if test "$rlist"; then
-  rpath="-rpath $rlist "
-fi
-echo "${rpath}${rest}"
diff --git a/crypto/heimdal/lib/auth/sia/posix_getpw.c b/crypto/heimdal/lib/auth/sia/posix_getpw.c
deleted file mode 100644
index c5961dcd2c5b..000000000000
--- a/crypto/heimdal/lib/auth/sia/posix_getpw.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "sia_locl.h"
-
-RCSID("$Id: posix_getpw.c,v 1.1 1999/03/21 17:07:02 joda Exp $");
-
-#ifndef POSIX_GETPWNAM_R
-/* 
- * These functions translate from the old Digital UNIX 3.x interface
- * to POSIX.1c.
- */
-
-int
-posix_getpwnam_r(const char *name, struct passwd *pwd, 
-		 char *buffer, int len, struct passwd **result)
-{
-    int ret = getpwnam_r(name, pwd, buffer, len);
-    if(ret == 0)
-	*result = pwd;
-    else{
-	*result = NULL;
-	ret = _Geterrno();
-	if(ret == 0){
-	    ret = ERANGE;
-	    _Seterrno(ret);
-	}
-    }
-    return ret;
-}
-
-int
-posix_getpwuid_r(uid_t uid, struct passwd *pwd, 
-		 char *buffer, int len, struct passwd **result)
-{
-    int ret = getpwuid_r(uid, pwd, buffer, len);
-    if(ret == 0)
-	*result = pwd;
-    else{
-	*result = NULL;
-	ret = _Geterrno();
-	if(ret == 0){
-	    ret = ERANGE;
-	    _Seterrno(ret);
-	}
-    }
-    return ret;
-}
-#endif /* POSIX_GETPWNAM_R */
diff --git a/crypto/heimdal/lib/auth/sia/security.patch b/crypto/heimdal/lib/auth/sia/security.patch
deleted file mode 100644
index c407876d6362..000000000000
--- a/crypto/heimdal/lib/auth/sia/security.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- /sbin/init.d/security~      Tue Aug 20 22:44:09 1996
-+++ /sbin/init.d/security       Fri Nov  1 14:52:56 1996
-@@ -49,7 +49,7 @@
-                    SECURITY=BASE
-                fi
-                ;;
--       BASE)
-+       BASE|KRB4)
-                ;;
-        *)
-                echo "security configuration set to default (BASE)."
diff --git a/crypto/heimdal/lib/auth/sia/sia.c b/crypto/heimdal/lib/auth/sia/sia.c
deleted file mode 100644
index d2de06321878..000000000000
--- a/crypto/heimdal/lib/auth/sia/sia.c
+++ /dev/null
@@ -1,678 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "sia_locl.h"
-
-RCSID("$Id: sia.c,v 1.36 2001/09/13 01:19:14 assar Exp $");
-
-int 
-siad_init(void)
-{
-    return SIADSUCCESS;
-}
-
-int 
-siad_chk_invoker(void)
-{
-    SIA_DEBUG(("DEBUG", "siad_chk_invoker"));
-    return SIADFAIL;
-}
-
-int 
-siad_ses_init(SIAENTITY *entity, int pkgind)
-{
-    struct state *s = malloc(sizeof(*s));
-
-    SIA_DEBUG(("DEBUG", "siad_ses_init"));
-    if(s == NULL)
-	return SIADFAIL;
-    memset(s, 0, sizeof(*s));
-#ifdef SIA_KRB5
-    {
-      krb5_error_code ret;
-      ret = krb5_init_context(&s->context);
-      if (ret)
-	return SIADFAIL;
-    }
-#endif
-    entity->mech[pkgind] = (int*)s;
-    return SIADSUCCESS;
-}
-
-static int
-setup_name(SIAENTITY *e, prompt_t *p)
-{
-    SIA_DEBUG(("DEBUG", "setup_name"));
-    e->name = malloc(SIANAMEMIN + 1);
-    if(e->name == NULL){
-	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1));
-	return SIADFAIL;
-    }
-    p->prompt = (unsigned char*)"login: ";
-    p->result = (unsigned char*)e->name;
-    p->min_result_length = 1;
-    p->max_result_length = SIANAMEMIN;
-    p->control_flags = 0;
-    return SIADSUCCESS;
-}
-
-static int
-setup_password(SIAENTITY *e, prompt_t *p)
-{
-    SIA_DEBUG(("DEBUG", "setup_password"));
-    e->password = malloc(SIAMXPASSWORD + 1);
-    if(e->password == NULL){
-	SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1));
-	return SIADFAIL;
-    }
-    p->prompt = (unsigned char*)"Password: ";
-    p->result = (unsigned char*)e->password;
-    p->min_result_length = 0;
-    p->max_result_length = SIAMXPASSWORD;
-    p->control_flags = SIARESINVIS;
-    return SIADSUCCESS;
-}
-
-
-static int
-doauth(SIAENTITY *entity, int pkgind, char *name)
-{
-    struct passwd pw, *pwd;
-    char pwbuf[1024];
-    struct state *s = (struct state*)entity->mech[pkgind];
-#ifdef SIA_KRB5
-    krb5_realm *realms, *r;
-    krb5_principal principal;
-    krb5_ccache ccache;
-    krb5_error_code ret;
-#endif
-#ifdef SIA_KRB4
-    char realm[REALM_SZ];
-    char *toname, *toinst;
-    int ret;
-    struct passwd fpw, *fpwd;
-    char fpwbuf[1024];
-    int secure;
-#endif
-	
-    if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0){
-	SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name));
-	return SIADFAIL;
-    }
-
-#ifdef SIA_KRB5
-    ret = krb5_get_default_realms(s->context, &realms);
-
-    for (r = realms; *r != NULL; ++r) {
-	krb5_make_principal (s->context, &principal, *r, entity->name, NULL);
-
-	if(krb5_kuserok(s->context, principal, entity->name))
-	    break;
-    }
-    krb5_free_host_realm (s->context, realms);
-    if (*r == NULL)
-	return SIADFAIL;
-
-    sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
-    ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
-    if(ret)
-	return SIADFAIL;
-#endif
-	
-#ifdef SIA_KRB4
-    snprintf(s->ticket, sizeof(s->ticket),
-	     "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
-    krb_get_lrealm(realm, 1);
-    toname = name;
-    toinst = "";
-    if(entity->authtype == SIA_A_SUAUTH){
-	uid_t ouid;
-#ifdef HAVE_SIAENTITY_OUID
-	ouid = entity->ouid;
-#else
-	ouid = getuid();
-#endif
-	if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0){
-	    SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
-	    return SIADFAIL;
-	}
-	snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d", 
-		 TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid());
-	if(strcmp(pwd->pw_name, "root") == 0){
-	    toname = fpwd->pw_name;
-	    toinst = pwd->pw_name;
-	}
-    }
-    if(entity->authtype == SIA_A_REAUTH) 
-	snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string());
-    
-    krb_set_tkt_string(s->ticket);
-	
-    setuid(0); /* XXX fix for fix in tf_util.c */
-    if(krb_kuserok(toname, toinst, realm, name)){
-	SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", 
-		   toname, toinst, realm, name));
-	return SIADFAIL;
-    }
-#endif
-#ifdef SIA_KRB5
-    ret = krb5_verify_user_lrealm(s->context, principal, ccache,
-				  entity->password, 1, NULL);
-    if(ret){
-	/* if this is most likely a local user (such as
-	   root), just silently return failure when the
-	   principal doesn't exist */
-	if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && 
-	   ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
-	    SIALOG("WARNING", "krb5_verify_user(%s): %s", 
-		   entity->name, error_message(ret));
-	return SIADFAIL;
-    }
-#endif
-#ifdef SIA_KRB4
-    if (getuid () == 0)
-	secure = KRB_VERIFY_SECURE;
-    else
-	secure = KRB_VERIFY_NOT_SECURE;
-	
-    ret = krb_verify_user(toname, toinst, realm,
-			  entity->password, secure, NULL);
-    if(ret){
-	SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret)));
-	if(ret != KDC_PR_UNKNOWN)
-	    /* since this is most likely a local user (such as
-	       root), just silently return failure when the
-	       principal doesn't exist */
-	    SIALOG("WARNING", "krb_verify_user(%s.%s): %s", 
-		   toname, toinst, krb_get_err_text(ret));
-	return SIADFAIL;
-    }
-#endif
-    if(sia_make_entity_pwd(pwd, entity) == SIAFAIL)
-	return SIADFAIL;
-    s->valid = 1;
-    return SIADSUCCESS;
-}
-
-
-static int 
-common_auth(sia_collect_func_t *collect, 
-	    SIAENTITY *entity, 
-	    int siastat,
-	    int pkgind)
-{
-    prompt_t prompts[2], *pr;
-    char *name;
-
-    SIA_DEBUG(("DEBUG", "common_auth"));
-    if((siastat == SIADSUCCESS) && (geteuid() == 0))
-	return SIADSUCCESS;
-    if(entity == NULL) {
-	SIA_DEBUG(("DEBUG", "entity == NULL"));
-	return SIADFAIL | SIADSTOP;
-    }
-    name = entity->name;
-    if(entity->acctname)
-	name = entity->acctname;
-    
-    if((collect != NULL) && entity->colinput) {
-	int num;
-	pr = prompts;
-	if(name == NULL){
-	    if(setup_name(entity, pr) != SIADSUCCESS)
-		return SIADFAIL;
-	    pr++;
-	}
-	if(entity->password == NULL){
-	    if(setup_password(entity, pr) != SIADSUCCESS)
-		return SIADFAIL;
-	    pr++;
-	}
-	num = pr - prompts;
-	if(num == 1){
-	    if((*collect)(240, SIAONELINER, (unsigned char*)"", num, 
-			  prompts) != SIACOLSUCCESS){
-		SIA_DEBUG(("DEBUG", "collect failed"));
-		return SIADFAIL | SIADSTOP;
-	    }
-	} else if(num > 0){
-	    if((*collect)(0, SIAFORM, (unsigned char*)"", num, 
-			  prompts) != SIACOLSUCCESS){
-		SIA_DEBUG(("DEBUG", "collect failed"));
-		return SIADFAIL | SIADSTOP;
-	    }
-	}
-    }
-    if(name == NULL)
-	name = entity->name;
-    if(name == NULL || name[0] == '\0'){
-	SIA_DEBUG(("DEBUG", "name is null"));
-	return SIADFAIL;
-    }
-
-    if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){
-	SIA_DEBUG(("DEBUG", "entity->password is null"));
-	return SIADFAIL;
-    }
-    
-    return doauth(entity, pkgind, name);
-}
-
-
-int 
-siad_ses_authent(sia_collect_func_t *collect, 
-		 SIAENTITY *entity, 
-		 int siastat,
-		 int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_authent"));
-    return common_auth(collect, entity, siastat, pkgind);
-}
-
-int 
-siad_ses_estab(sia_collect_func_t *collect, 
-	       SIAENTITY *entity, int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_estab"));
-    return SIADFAIL;
-}
-
-int 
-siad_ses_launch(sia_collect_func_t *collect,
-		SIAENTITY *entity,
-		int pkgind)
-{
-    static char env[MaxPathLen];
-    struct state *s = (struct state*)entity->mech[pkgind];
-    SIA_DEBUG(("DEBUG", "siad_ses_launch"));
-    if(s->valid){
-#ifdef SIA_KRB5
-	chown(s->ticket + sizeof("FILE:") - 1, 
-	      entity->pwd->pw_uid, 
-	      entity->pwd->pw_gid);
-	snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket);
-#endif
-#ifdef SIA_KRB4
-	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
-	snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket);
-#endif
-	putenv(env);
-    }
-#ifdef KRB4
-    if (k_hasafs()) {
-	char cell[64];
-	k_setpag();
-	if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
-	    krb_afslog(cell, 0);
-	krb_afslog_home(0, 0, entity->pwd->pw_dir);
-    }
-#endif
-    return SIADSUCCESS;
-}
-
-int 
-siad_ses_release(SIAENTITY *entity, int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_release"));
-    if(entity->mech[pkgind]){
-#ifdef SIA_KRB5
-	struct state *s = (struct state*)entity->mech[pkgind];
-	krb5_free_context(s->context);
-#endif
-	free(entity->mech[pkgind]);
-    }
-    return SIADSUCCESS;
-}
-
-int 
-siad_ses_suauthent(sia_collect_func_t *collect,
-		   SIAENTITY *entity,
-		   int siastat,
-		   int pkgind)
-{
-    SIA_DEBUG(("DEBUG", "siad_ses_suauth"));
-    if(geteuid() != 0)
-	return SIADFAIL;
-    if(entity->name == NULL)
-	return SIADFAIL;
-    if(entity->name[0] == '\0') {
-	free(entity->name);
-	entity->name = strdup("root");
-	if (entity->name == NULL)
-	    return SIADFAIL;
-    }
-    return common_auth(collect, entity, siastat, pkgind);
-}
-
-int
-siad_ses_reauthent (sia_collect_func_t *collect,
-		    SIAENTITY *entity,
-		    int siastat,
-		    int pkgind)
-{
-    int ret;
-    SIA_DEBUG(("DEBUG", "siad_ses_reauthent"));
-    if(entity == NULL || entity->name == NULL)
-	return SIADFAIL;
-    ret = common_auth(collect, entity, siastat, pkgind);
-    if((ret & SIADSUCCESS)){
-	/* launch isn't (always?) called when doing reauth, so we must
-           duplicate some code here... */
-	struct state *s = (struct state*)entity->mech[pkgind];
-	chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
-#ifdef KRB4
-	if(k_hasafs()) {
-	    char cell[64];
-	    if(k_afs_cell_of_file(entity->pwd->pw_dir, 
-				  cell, sizeof(cell)) == 0)
-		krb_afslog(cell, 0);
-	    krb_afslog_home(0, 0, entity->pwd->pw_dir);
-	}
-#endif
-    }
-    return ret;
-}
-
-int
-siad_chg_finger (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    SIA_DEBUG(("DEBUG", "siad_chg_finger"));
-    return SIADFAIL;
-}
-
-#ifdef SIA_KRB5
-int
-siad_chg_password (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    return SIADFAIL;
-}
-#endif
-
-#ifdef SIA_KRB4
-static void
-sia_message(sia_collect_func_t *collect, int rendition, 
-	    const char *title, const char *message)
-{
-    prompt_t prompt;
-    prompt.prompt = (unsigned char*)message;
-    (*collect)(0, rendition, (unsigned char*)title, 1, &prompt);
-}
-
-static int
-init_change(sia_collect_func_t *collect, krb_principal *princ)
-{
-    prompt_t prompt;
-    char old_pw[MAX_KPW_LEN+1];
-    char *msg;
-    char tktstring[128];
-    int ret;
-    
-    SIA_DEBUG(("DEBUG", "init_change"));
-    prompt.prompt = (unsigned char*)"Old password: ";
-    prompt.result = (unsigned char*)old_pw;
-    prompt.min_result_length = 0;
-    prompt.max_result_length = sizeof(old_pw) - 1;
-    prompt.control_flags = SIARESINVIS;
-    asprintf(&msg, "Changing password for %s", krb_unparse_name(princ));
-    if(msg == NULL){
-	SIA_DEBUG(("DEBUG", "out of memory"));
-	return SIADFAIL;
-    }
-    ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt);
-    free(msg);
-    SIA_DEBUG(("DEBUG", "ret = %d", ret));
-    if(ret != SIACOLSUCCESS)
-	return SIADFAIL;
-    snprintf(tktstring, sizeof(tktstring), 
-	     "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
-    krb_set_tkt_string(tktstring);
-    
-    ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, 
-			    PWSERV_NAME, KADM_SINST, 1, old_pw);
-    if (ret != KSUCCESS) {
-	SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret)));
-	if (ret == INTK_BADPW)
-	    sia_message(collect, SIAWARNING, "", "Incorrect old password.");
-	else
-	    sia_message(collect, SIAWARNING, "", "Kerberos error.");
-	memset(old_pw, 0, sizeof(old_pw));
-	return SIADFAIL;
-    }
-    if(chown(tktstring, getuid(), -1) < 0){
-	dest_tkt();
-	return SIADFAIL;
-    }
-    memset(old_pw, 0, sizeof(old_pw));
-    return SIADSUCCESS;
-}
-
-int
-siad_chg_password (sia_collect_func_t *collect,
-		   const char *username, 
-		   int argc, 
-		   char *argv[])
-{
-    prompt_t prompts[2];
-    krb_principal princ;
-    int ret;
-    char new_pw1[MAX_KPW_LEN+1];
-    char new_pw2[MAX_KPW_LEN+1];
-    static struct et_list *et_list;
-
-    setprogname(argv[0]);
-
-    SIA_DEBUG(("DEBUG", "siad_chg_password"));
-    if(collect == NULL)
-	return SIADFAIL;
-
-    if(username == NULL)
-	username = getlogin();
-
-    ret = krb_parse_name(username, &princ);
-    if(ret)
-	return SIADFAIL;
-    if(princ.realm[0] == '\0')
-	krb_get_lrealm(princ.realm, 1);
-
-    if(et_list == NULL) {
-	initialize_kadm_error_table_r(&et_list);
-	initialize_krb_error_table_r(&et_list);
-    }
-
-    ret = init_change(collect, &princ);
-    if(ret != SIADSUCCESS)
-	return ret;
-
-again:
-    prompts[0].prompt = (unsigned char*)"New password: ";
-    prompts[0].result = (unsigned char*)new_pw1;
-    prompts[0].min_result_length = MIN_KPW_LEN;
-    prompts[0].max_result_length = sizeof(new_pw1) - 1;
-    prompts[0].control_flags = SIARESINVIS;
-    prompts[1].prompt = (unsigned char*)"Verify new password: ";
-    prompts[1].result = (unsigned char*)new_pw2;
-    prompts[1].min_result_length = MIN_KPW_LEN;
-    prompts[1].max_result_length = sizeof(new_pw2) - 1;
-    prompts[1].control_flags = SIARESINVIS;
-    if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != 
-       SIACOLSUCCESS) {
-	dest_tkt();
-	return SIADFAIL;
-    }
-    if(strcmp(new_pw1, new_pw2) != 0){
-	sia_message(collect, SIAWARNING, "", "Password mismatch.");
-	goto again;
-    }
-    ret = kadm_check_pw(new_pw1);
-    if(ret) {
-	sia_message(collect, SIAWARNING, "", com_right(et_list, ret));
-	goto again;
-    }
-    
-    memset(new_pw2, 0, sizeof(new_pw2));
-    ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm);
-    if (ret != KADM_SUCCESS)
-	sia_message(collect, SIAWARNING, "Error initing kadmin connection", 
-		    com_right(et_list, ret));
-    else {
-	des_cblock newkey;
-	char *pw_msg; /* message from server */
-
-	des_string_to_key(new_pw1, &newkey);
-	ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg);
-	memset(newkey, 0, sizeof(newkey));
-      
-	if (ret == KADM_INSECURE_PW)
-	    sia_message(collect, SIAWARNING, "Insecure password", pw_msg);
-	else if (ret != KADM_SUCCESS)
-	    sia_message(collect, SIAWARNING, "Error changing password", 
-			com_right(et_list, ret));
-    }
-    memset(new_pw1, 0, sizeof(new_pw1));
-
-    if (ret != KADM_SUCCESS)
-	sia_message(collect, SIAWARNING, "", "Password NOT changed.");
-    else
-	sia_message(collect, SIAINFO, "", "Password changed.");
-    
-    dest_tkt();
-    if(ret)
-	return SIADFAIL;
-    return SIADSUCCESS;
-}
-#endif
-
-int
-siad_chg_shell (sia_collect_func_t *collect,
-		     const char *username, 
-		     int argc, 
-		     char *argv[])
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwent(struct passwd *result, 
-	      char *buf, 
-	      int bufsize, 
-	      struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwuid (uid_t uid, 
-	       struct passwd *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getpwnam (const char *name, 
-	       struct passwd *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_setpwent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_endpwent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrent(struct group *result, 
-	      char *buf, 
-	      int bufsize, 
-	      struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrgid (gid_t gid, 
-	       struct group *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_getgrnam (const char *name, 
-	       struct group *result, 
-	       char *buf, 
-	       int bufsize, 
-	       struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_setgrent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_endgrent (struct sia_context *context)
-{
-    return SIADFAIL;
-}
-
-int
-siad_chk_user (const char *logname, int checkflag)
-{
-    if(checkflag != CHGPASSWD)
-	return SIADFAIL;
-    return SIADSUCCESS;
-}
diff --git a/crypto/heimdal/lib/auth/sia/sia_locl.h b/crypto/heimdal/lib/auth/sia/sia_locl.h
deleted file mode 100644
index 7b411596f625..000000000000
--- a/crypto/heimdal/lib/auth/sia/sia_locl.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* $Id: sia_locl.h,v 1.3 2001/09/13 01:15:34 assar Exp $ */
-
-#ifndef __sia_locl_h__
-#define __sia_locl_h__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-#include <siad.h>
-#include <pwd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <roken.h>
-
-#ifdef KRB5
-#define SIA_KRB5
-#elif defined(KRB4)
-#define SIA_KRB4
-#endif
-
-#ifdef SIA_KRB5
-#include <krb5.h>
-#include <com_err.h>
-#endif
-#ifdef SIA_KRB4
-#include <krb.h>
-#include <krb_err.h>
-#include <kadm.h>
-#include <kadm_err.h>
-#endif
-#ifdef KRB4
-#include <kafs.h>
-#endif
-
-#ifndef POSIX_GETPWNAM_R
-
-#define getpwnam_r posix_getpwnam_r
-#define getpwuid_r posix_getpwuid_r
-
-#endif /* POSIX_GETPWNAM_R */
-
-#ifndef DEBUG
-#define SIA_DEBUG(X)
-#else
-#define SIA_DEBUG(X) SIALOG X
-#endif
-
-struct state{
-#ifdef SIA_KRB5
-    krb5_context context;
-    krb5_auth_context auth_context;
-#endif
-    char ticket[MaxPathLen];
-    int valid;
-};
-
-#endif /* __sia_locl_h__ */
diff --git a/crypto/heimdal/lib/com_err/ChangeLog b/crypto/heimdal/lib/com_err/ChangeLog
deleted file mode 100644
index 23d540389407..000000000000
--- a/crypto/heimdal/lib/com_err/ChangeLog
+++ /dev/null
@@ -1,166 +0,0 @@
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* compile_et.c: don't add comma after last enum member
-
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* compile_et.c: just declare er_list directly instead of including
-	com_right in generated header files
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libcom_err_la_LDFLAGS): set version to 2:1:1
-
-2002-03-10  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (error_message): do not call strerror with a negative error
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 2:0:1
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h (add_to_error_table): add prototype
-	* com_err.c (add_to_error_table): new function, from Derrick J
-	Brashear <shadow@dementia.org>
-
-2001-05-06  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h: add printf formats for gcc
-
-2001-02-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* error.c (initialize_error_table_r): put table at end of the list
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (default_proc): add printf attributes
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 1:1:0
-
-2000-07-31  Assar Westerlund  <assar@sics.se>
-
-	* com_right.h (initialize_error_table_r): fix prototype
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* com_err.c (_et_lit): explicitly initialize it to NULL to make
-	dyld on Darwin/MacOS X happy
-
-2000-01-16  Assar Westerlund  <assar@sics.se>
-
-	* com_err.h: remove __P definition (now in com_right.h).  this
-	file always includes com_right.h so that's where it should reside.
-	* com_right.h: moved __P here and added it to the function
-	prototypes
-	* com_err.h (error_table_name): add __P
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (statement): use asprintf
-
-1999-06-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: make it solaris make vpath-safe
-
-Thu Apr  1 11:13:53 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* compile_et.c: use getargs
-
-Sat Mar 20 00:16:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.c: static-ize
-
-Thu Mar 18 11:22:13 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Tue Mar 16 22:30:05 1999  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: use YYACCEPT instead of return
-
-Sat Mar 13 22:22:56 1999  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.c (generate_h): cast when calling is* to get rid of a
- 	warning
-
-Thu Mar 11 15:00:51 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* parse.y: prototype for error_message
-
-Sun Nov 22 10:39:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* compile_et.h: include ctype and roken
-
-	* compile_et.c: include err.h
-	(generate_h): remove unused variable
-
-	* Makefile.in (WFLAGS): set
-
-Fri Nov 20 06:58:59 1998  Assar Westerlund  <assar@sics.se>
-
-	* lex.l: undef ECHO to work around AIX lex bug
-
-Sun Sep 27 02:23:59 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* com_err.c (error_message): try to pass code to strerror, to see
- 	if it might be an errno code (this if broken, but some MIT code
- 	seems to expect this behaviour)
-
-Sat Sep 26 17:42:39 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* compile_et.c: <foo_err.h> -> "foo_err.h"
-
-Tue Jun 30 17:17:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add str{cpy,cat}_truncate
-
-Mon May 25 05:24:39 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:50:17 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sun Apr  5 09:22:11 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: define alloca to malloc in case we're using bison but
- 	don't have alloca
-
-Tue Mar 24 05:13:01 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: link with snprintf (From Derrick J Brashear
- 	<shadow@dementia.org>)
-
-Fri Feb 27 05:01:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: initialize ec->next
-
-Thu Feb 26 02:22:25 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: @LEXLIB@
-
-Sat Feb 21 15:18:54 1998  assar westerlund  <assar@sics.se>
-
-	* Makefile.in: set YACC and LEX
-
-Tue Feb 17 22:20:27 1998  Bjoern Groenvall  <bg@sics.se>
-
-	* com_right.h: Change typedefs so that one may mix MIT compile_et
- 	generated code with krb4 dito.
-
-Tue Feb 17 16:30:55 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* compile_et.c (generate): Always return a value.
-
-	* parse.y: Files don't have to end with `end'.
-
-Mon Feb 16 16:09:20 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* lex.l (getstring): Replace getc() with input().
-
-	* Makefile.am: Fixes for new compile_et.
diff --git a/crypto/heimdal/lib/com_err/Makefile b/crypto/heimdal/lib/com_err/Makefile
deleted file mode 100644
index 6d9d5cde0451..000000000000
--- a/crypto/heimdal/lib/com_err/Makefile
+++ /dev/null
@@ -1,703 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/com_err/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.27 2002/03/10 23:52:41 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:1:1
-
-bin_PROGRAMS = compile_et
-
-include_HEADERS = com_err.h com_right.h
-
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l
-
-libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-
-CLEANFILES = lex.c parse.c parse.h
-
-compile_et_LDADD = \
-	$(LIB_roken) \
-	$(LEXLIB)
-
-subdir = lib/com_err
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libcom_err_la_LIBADD =
-am_libcom_err_la_OBJECTS = error.lo com_err.lo
-libcom_err_la_OBJECTS = $(am_libcom_err_la_OBJECTS)
-bin_PROGRAMS = compile_et$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \
-	lex.$(OBJEXT)
-compile_et_OBJECTS = $(am_compile_et_OBJECTS)
-compile_et_DEPENDENCIES =
-compile_et_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(libcom_err_la_SOURCES) $(compile_et_SOURCES)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \
-	lex.c parse.c parse.h
-SOURCES = $(libcom_err_la_SOURCES) $(compile_et_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/com_err/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libcom_err_la_LDFLAGS) $(libcom_err_la_OBJECTS) $(libcom_err_la_LIBADD) $(LIBS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) parse.c; \
-	else :; fi
-compile_et$(EXEEXT): $(compile_et_OBJECTS) $(compile_et_DEPENDENCIES) 
-	@rm -f compile_et$(EXEEXT)
-	$(LINK) $(compile_et_LDFLAGS) $(compile_et_OBJECTS) $(compile_et_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.l.c:
-	$(LEXCOMPILE) `test -f $< || echo '$(srcdir)/'`$<
-	sed '/^#/ s|$(LEX_OUTPUT_ROOT)\.c|$@|' $(LEX_OUTPUT_ROOT).c >$@
-	rm -f $(LEX_OUTPUT_ROOT).c
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "parse.hparse.clex.c" || rm -f parse.h parse.c lex.c
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/com_err/Makefile.am b/crypto/heimdal/lib/com_err/Makefile.am
deleted file mode 100644
index ae48cb5f3bc6..000000000000
--- a/crypto/heimdal/lib/com_err/Makefile.am
+++ /dev/null
@@ -1,24 +0,0 @@
-# $Id: Makefile.am,v 1.27 2002/03/10 23:52:41 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:1:1
-
-bin_PROGRAMS = compile_et
-
-include_HEADERS = com_err.h com_right.h
-
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l
-
-libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-
-CLEANFILES = lex.c parse.c parse.h
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-
-compile_et_LDADD = \
-	$(LIB_roken) \
-	$(LEXLIB)
diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in
deleted file mode 100644
index 08fdafe63cb6..000000000000
--- a/crypto/heimdal/lib/com_err/Makefile.in
+++ /dev/null
@@ -1,693 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.27 2002/03/10 23:52:41 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-YFLAGS = -d
-
-lib_LTLIBRARIES = libcom_err.la
-libcom_err_la_LDFLAGS = -version-info 2:1:1
-
-bin_PROGRAMS = compile_et
-
-include_HEADERS = com_err.h com_right.h
-
-compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l
-
-libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
-
-CLEANFILES = lex.c parse.c parse.h
-
-compile_et_LDADD = \
-	$(LIB_roken) \
-	$(LEXLIB)
-
-subdir = lib/com_err
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libcom_err_la_LIBADD =
-am_libcom_err_la_OBJECTS = error.lo com_err.lo
-libcom_err_la_OBJECTS = $(am_libcom_err_la_OBJECTS)
-bin_PROGRAMS = compile_et$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \
-	lex.$(OBJEXT)
-compile_et_OBJECTS = $(am_compile_et_OBJECTS)
-compile_et_DEPENDENCIES =
-compile_et_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(libcom_err_la_SOURCES) $(compile_et_SOURCES)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \
-	lex.c parse.c parse.h
-SOURCES = $(libcom_err_la_SOURCES) $(compile_et_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/com_err/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libcom_err_la_LDFLAGS) $(libcom_err_la_OBJECTS) $(libcom_err_la_LIBADD) $(LIBS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-parse.h: parse.c
-compile_et$(EXEEXT): $(compile_et_OBJECTS) $(compile_et_DEPENDENCIES) 
-	@rm -f compile_et$(EXEEXT)
-	$(LINK) $(compile_et_LDFLAGS) $(compile_et_OBJECTS) $(compile_et_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.l.c:
-	$(LEXCOMPILE) `test -f $< || echo '$(srcdir)/'`$<
-	sed '/^#/ s|$(LEX_OUTPUT_ROOT)\.c|$@|' $(LEX_OUTPUT_ROOT).c >$@
-	rm -f $(LEX_OUTPUT_ROOT).c
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "parse.h" || rm -f parse.h
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/com_err/com_err.c b/crypto/heimdal/lib/com_err/com_err.c
deleted file mode 100644
index ea0ac7c967f7..000000000000
--- a/crypto/heimdal/lib/com_err/com_err.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: com_err.c,v 1.18 2002/03/10 23:07:01 assar Exp $");
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#include "com_err.h"
-
-struct et_list *_et_list = NULL;
-
-
-const char *
-error_message (long code)
-{
-    static char msg[128];
-    const char *p = com_right(_et_list, code);
-    if (p == NULL) {
-	if (code < 0)
-	    sprintf(msg, "Unknown error %ld", code);
-	else
-	    p = strerror(code);
-    }
-    if (p != NULL && *p != '\0') {
-	strncpy(msg, p, sizeof(msg) - 1);
-	msg[sizeof(msg) - 1] = 0;
-    } else 
-	sprintf(msg, "Unknown error %ld", code);
-    return msg;
-}
-
-int
-init_error_table(const char **msgs, long base, int count)
-{
-    initialize_error_table_r(&_et_list, msgs, count, base);
-    return 0;
-}
-
-static void
-default_proc (const char *whoami, long code, const char *fmt, va_list args)
-    __attribute__((__format__(__printf__, 3, 0)));
- 
-static void
-default_proc (const char *whoami, long code, const char *fmt, va_list args)
-{
-    if (whoami)
-      fprintf(stderr, "%s: ", whoami);
-    if (code)
-      fprintf(stderr, "%s ", error_message(code));
-    if (fmt)
-      vfprintf(stderr, fmt, args);
-    fprintf(stderr, "\r\n");	/* ??? */
-}
-
-static errf com_err_hook = default_proc;
-
-void 
-com_err_va (const char *whoami, 
-	    long code, 
-	    const char *fmt, 
-	    va_list args)
-{
-    (*com_err_hook) (whoami, code, fmt, args);
-}
-
-void
-com_err (const char *whoami,
-	 long code,
-	 const char *fmt, 
-	 ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    com_err_va (whoami, code, fmt, ap);
-    va_end(ap);
-}
-
-errf
-set_com_err_hook (errf new)
-{
-    errf old = com_err_hook;
-
-    if (new)
-	com_err_hook = new;
-    else
-	com_err_hook = default_proc;
-    
-    return old;
-}
-
-errf
-reset_com_err_hook (void) 
-{
-    return set_com_err_hook(NULL);
-}
-
-#define ERRCODE_RANGE   8       /* # of bits to shift table number */
-#define BITS_PER_CHAR   6       /* # bits to shift per character in name */
-
-static const char char_set[] =
-        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
-
-static char buf[6];
-
-const char *
-error_table_name(int num)
-{
-    int ch;
-    int i;
-    char *p;
-
-    /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
-    p = buf;
-    num >>= ERRCODE_RANGE;
-    /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
-    num &= 077777777;
-    /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
-    for (i = 4; i >= 0; i--) {
-        ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
-        if (ch != 0)
-            *p++ = char_set[ch-1];
-    }
-    *p = '\0';
-    return(buf);
-}
-
-void
-add_to_error_table(struct et_list *new_table)
-{
-    struct et_list *et;
-
-    for (et = _et_list; et; et = et->next) {
-	if (et->table->base == new_table->table->base)
-	    return;
-    }
-
-    new_table->next = _et_list;
-    _et_list = new_table;
-}
diff --git a/crypto/heimdal/lib/com_err/com_err.h b/crypto/heimdal/lib/com_err/com_err.h
deleted file mode 100644
index a76214bdc551..000000000000
--- a/crypto/heimdal/lib/com_err/com_err.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: com_err.h,v 1.9 2001/05/11 20:03:36 assar Exp $ */
-
-/* MIT compatible com_err library */
-
-#ifndef __COM_ERR_H__
-#define __COM_ERR_H__
-
-#include <com_right.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(X)
-#endif
-
-typedef void (*errf) __P((const char *, long, const char *, va_list));
-
-const char * error_message __P((long));
-int init_error_table __P((const char**, long, int));
-
-void com_err_va __P((const char *, long, const char *, va_list))
-    __attribute__((format(printf, 3, 0)));
-
-void com_err __P((const char *, long, const char *, ...))
-    __attribute__((format(printf, 3, 4)));
-
-errf set_com_err_hook __P((errf));
-errf reset_com_err_hook __P((void));
-
-const char *error_table_name  __P((int num));
-
-void add_to_error_table __P((struct et_list *new_table));
-
-#endif /* __COM_ERR_H__ */
diff --git a/crypto/heimdal/lib/com_err/com_right.h b/crypto/heimdal/lib/com_err/com_right.h
deleted file mode 100644
index c87bb0d1def8..000000000000
--- a/crypto/heimdal/lib/com_err/com_right.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: com_right.h,v 1.11 2000/07/31 01:11:08 assar Exp $ */
-
-#ifndef __COM_RIGHT_H__
-#define __COM_RIGHT_H__
-
-#ifdef __STDC__
-#include <stdarg.h>
-#endif
-
-#ifndef __P
-#ifdef __STDC__
-#define __P(X) X
-#else
-#define __P(X) ()
-#endif
-#endif
-
-struct error_table {
-    char const * const * msgs;
-    long base;
-    int n_msgs;
-};
-struct et_list {
-    struct et_list *next;
-    struct error_table *table;
-};
-extern struct et_list *_et_list;
-
-const char *com_right __P((struct et_list *list, long code));
-void initialize_error_table_r __P((struct et_list **, const char **, int, long));
-void free_error_table __P((struct et_list *));
-
-#endif /* __COM_RIGHT_H__ */
diff --git a/crypto/heimdal/lib/com_err/compile_et.c b/crypto/heimdal/lib/com_err/compile_et.c
deleted file mode 100644
index b19b21808e19..000000000000
--- a/crypto/heimdal/lib/com_err/compile_et.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- * Copyright (c) 1998-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ROKEN_RENAME
-#include "compile_et.h"
-#include <getarg.h>
-
-RCSID("$Id: compile_et.c,v 1.16 2002/08/20 12:44:51 joda Exp $");
-
-#include <roken.h>
-#include <err.h>
-#include "parse.h"
-
-int numerror;
-extern FILE *yyin;
-
-extern void yyparse(void);
-
-long base;
-int number;
-char *prefix;
-char *id_str;
-
-char name[128];
-char Basename[128];
-
-#ifdef YYDEBUG
-extern int yydebug = 1;
-#endif
-
-char *filename;
-char hfn[128];
-char cfn[128];
-
-struct error_code *codes = NULL;
-
-static int
-generate_c(void)
-{
-    int n;
-    struct error_code *ec;
-
-    FILE *c_file = fopen(cfn, "w");
-    if(c_file == NULL)
-	return 1;
-
-    fprintf(c_file, "/* Generated from %s */\n", filename);
-    if(id_str) 
-	fprintf(c_file, "/* %s */\n", id_str);
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#include <stddef.h>\n");
-    fprintf(c_file, "#include <com_err.h>\n");
-    fprintf(c_file, "#include \"%s\"\n", hfn);
-    fprintf(c_file, "\n");
-
-    fprintf(c_file, "static const char *%s_error_strings[] = {\n", name);
-
-    for(ec = codes, n = 0; ec; ec = ec->next, n++) {
-	while(n < ec->number) {
-	    fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
-		    n, name, n);
-	    n++;
-	    
-	}
-	fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string);
-    }
-
-    fprintf(c_file, "\tNULL\n");
-    fprintf(c_file, "};\n");
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#define num_errors %d\n", number);
-    fprintf(c_file, "\n");
-    fprintf(c_file, 
-	    "void initialize_%s_error_table_r(struct et_list **list)\n", 
-	    name);
-    fprintf(c_file, "{\n");
-    fprintf(c_file, 
-	    "    initialize_error_table_r(list, %s_error_strings, "
-	    "num_errors, ERROR_TABLE_BASE_%s);\n", name, name);
-    fprintf(c_file, "}\n");
-    fprintf(c_file, "\n");
-    fprintf(c_file, "void initialize_%s_error_table(void)\n", name);
-    fprintf(c_file, "{\n");
-    fprintf(c_file,
-	    "    init_error_table(%s_error_strings, ERROR_TABLE_BASE_%s, "
-	    "num_errors);\n", name, name);
-    fprintf(c_file, "}\n");
-
-    fclose(c_file);
-    return 0;
-}
-
-static int
-generate_h(void)
-{
-    struct error_code *ec;
-    char fn[128];
-    FILE *h_file = fopen(hfn, "w");
-    char *p;
-
-    if(h_file == NULL)
-	return 1;
-
-    snprintf(fn, sizeof(fn), "__%s__", hfn);
-    for(p = fn; *p; p++)
-	if(!isalnum((unsigned char)*p))
-	    *p = '_';
-    
-    fprintf(h_file, "/* Generated from %s */\n", filename);
-    if(id_str) 
-	fprintf(h_file, "/* %s */\n", id_str);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#ifndef %s\n", fn);
-    fprintf(h_file, "#define %s\n", fn);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "struct et_list;\n");
-    fprintf(h_file, "\n");
-    fprintf(h_file, 
-	    "void initialize_%s_error_table_r(struct et_list **);\n",
-	    name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "void initialize_%s_error_table(void);\n", name);
-    fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", 
-	    name, name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "typedef enum %s_error_number{\n", name);
-
-    for(ec = codes; ec; ec = ec->next) {
-	fprintf(h_file, "\t%s = %ld%s\n", ec->name, base + ec->number, 
-		(ec->next != NULL) ? "," : "");
-    }
-
-    fprintf(h_file, "} %s_error_number;\n", name);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base);
-    fprintf(h_file, "\n");
-    fprintf(h_file, "#endif /* %s */\n", fn);
-
-
-    fclose(h_file);
-    return 0;
-}
-
-static int
-generate(void)
-{
-    return generate_c() || generate_h();
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "error-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    char *p;
-    int optind = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    if(optind == argc) 
-	usage(1);
-    filename = argv[optind];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-	
-    
-    p = strrchr(filename, '/');
-    if(p)
-	p++;
-    else
-	p = filename;
-    strncpy(Basename, p, sizeof(Basename));
-    Basename[sizeof(Basename) - 1] = '\0';
-    
-    Basename[strcspn(Basename, ".")] = '\0';
-    
-    snprintf(hfn, sizeof(hfn), "%s.h", Basename);
-    snprintf(cfn, sizeof(cfn), "%s.c", Basename);
-    
-    yyparse();
-    if(numerror)
-	return 1;
-
-    return generate();
-}
diff --git a/crypto/heimdal/lib/com_err/compile_et.h b/crypto/heimdal/lib/com_err/compile_et.h
deleted file mode 100644
index 86dd1131a7a7..000000000000
--- a/crypto/heimdal/lib/com_err/compile_et.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: compile_et.h,v 1.6 2000/07/01 20:21:48 assar Exp $ */
-
-#ifndef __COMPILE_ET_H__
-#define __COMPILE_ET_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <ctype.h>
-#include <roken.h>
-
-extern long base;
-extern int number;
-extern char *prefix;
-extern char name[128];
-extern char *id_str;
-extern char *filename;
-extern int numerror;
-
-struct error_code {
-    unsigned number;
-    char *name;
-    char *string;
-    struct error_code *next, **tail;
-};
-
-extern struct error_code *codes;
-
-#define APPEND(L, V) 				\
-do {						\
-    if((L) == NULL) {				\
-	(L) = (V);				\
-	(L)->tail = &(V)->next;			\
-	(L)->next = NULL;			\
-    }else{					\
-	*(L)->tail = (V);			\
-	(L)->tail = &(V)->next;			\
-    }						\
-}while(0)
-
-#endif /* __COMPILE_ET_H__ */
diff --git a/crypto/heimdal/lib/com_err/error.c b/crypto/heimdal/lib/com_err/error.c
deleted file mode 100644
index b22f25b41a28..000000000000
--- a/crypto/heimdal/lib/com_err/error.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: error.c,v 1.15 2001/02/28 20:00:13 joda Exp $");
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <com_right.h>
-
-const char *
-com_right(struct et_list *list, long code)
-{
-    struct et_list *p;
-    for (p = list; p; p = p->next) {
-	if (code >= p->table->base && code < p->table->base + p->table->n_msgs)
-	    return p->table->msgs[code - p->table->base];
-    }
-    return NULL;
-}
-
-struct foobar {
-    struct et_list etl;
-    struct error_table et;
-};
-
-void
-initialize_error_table_r(struct et_list **list, 
-			 const char **messages, 
-			 int num_errors,
-			 long base)
-{
-    struct et_list *et, **end;
-    struct foobar *f;
-    for (end = list, et = *list; et; end = &et->next, et = et->next)
-        if (et->table->msgs == messages)
-            return;
-    f = malloc(sizeof(*f));
-    if (f == NULL)
-        return;
-    et = &f->etl;
-    et->table = &f->et;
-    et->table->msgs = messages;
-    et->table->n_msgs = num_errors;
-    et->table->base = base;
-    et->next = NULL;
-    *end = et;
-}
-			
-
-void
-free_error_table(struct et_list *et)
-{
-    while(et){
-	struct et_list *p = et;
-	et = et->next;
-	free(p);
-    }
-}
diff --git a/crypto/heimdal/lib/com_err/lex.h b/crypto/heimdal/lib/com_err/lex.h
deleted file mode 100644
index 9912bf4f0943..000000000000
--- a/crypto/heimdal/lib/com_err/lex.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: lex.h,v 1.1 2000/06/22 00:42:52 assar Exp $ */
-
-void error_message (const char *, ...)
-__attribute__ ((format (printf, 1, 2)));
-
-int yylex(void);
diff --git a/crypto/heimdal/lib/com_err/lex.l b/crypto/heimdal/lib/com_err/lex.l
deleted file mode 100644
index e98db6f86579..000000000000
--- a/crypto/heimdal/lib/com_err/lex.l
+++ /dev/null
@@ -1,126 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- * This is to handle the definition of this symbol in some AIX
- * headers, which will conflict with the definition that lex will
- * generate for it.  It's only a problem for AIX lex.
- */
-
-#undef ECHO
-
-#include "compile_et.h"
-#include "parse.h"
-#include "lex.h"
-
-RCSID("$Id: lex.l,v 1.6 2000/06/22 00:42:52 assar Exp $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-et			{ return ET; }
-error_table		{ return ET; }
-ec			{ return EC; }
-error_code		{ return EC; }
-prefix			{ return PREFIX; }
-index			{ return INDEX; }
-id			{ return ID; }
-end			{ return END; }
-[0-9]+			{ yylval.number = atoi(yytext); return NUMBER; }
-#[^\n]*			;
-[ \t]			;
-\n			{ lineno++; }
-\"			{ return getstring(); }
-[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
-.			{ return *yytext; }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int quote = 0;
-    while((c = input()) != EOF){
-	if(quote) {
-	    x[i++] = c;
-	    quote = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    quote++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d:", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
diff --git a/crypto/heimdal/lib/com_err/parse.y b/crypto/heimdal/lib/com_err/parse.y
deleted file mode 100644
index 82e99ffb809b..000000000000
--- a/crypto/heimdal/lib/com_err/parse.y
+++ /dev/null
@@ -1,167 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "compile_et.h"
-#include "lex.h"
-
-RCSID("$Id: parse.y,v 1.11 2000/06/22 00:42:52 assar Exp $");
-
-void yyerror (char *s);
-static long name2number(const char *str);
-
-extern char *yytext;
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-  char *string;
-  int number;
-}
-
-%token ET INDEX PREFIX EC ID END
-%token <string> STRING
-%token <number> NUMBER
-
-%%
-
-file		: /* */ 
-		| header statements
-		;
-
-header		: id et
-		| et
-		;
-
-id		: ID STRING
-		{
-		    id_str = $2;
-		}
-		;
-
-et		: ET STRING
-		{
-		    base = name2number($2);
-		    strncpy(name, $2, sizeof(name));
-		    name[sizeof(name) - 1] = '\0';
-		    free($2);
-		}
-		| ET STRING STRING
-		{
-		    base = name2number($2);
-		    strncpy(name, $3, sizeof(name));
-		    name[sizeof(name) - 1] = '\0';
-		    free($2);
-		    free($3);
-		}
-		;
-
-statements	: statement
-		| statements statement
-		;
-
-statement	: INDEX NUMBER 
-		{
-			number = $2;
-		}
-		| PREFIX STRING
-		{
-		    prefix = realloc(prefix, strlen($2) + 2);
-		    strcpy(prefix, $2);
-		    strcat(prefix, "_");
-		    free($2);
-		}
-		| PREFIX
-		{
-		    prefix = realloc(prefix, 1);
-		    *prefix = '\0';
-		}
-		| EC STRING ',' STRING
-		{
-		    struct error_code *ec = malloc(sizeof(*ec));
-
-		    ec->next = NULL;
-		    ec->number = number;
-		    if(prefix && *prefix != '\0') {
-			asprintf (&ec->name, "%s%s", prefix, $2);
-			free($2);
-		    } else
-			ec->name = $2;
-		    ec->string = $4;
-		    APPEND(codes, ec);
-		    number++;
-		}
-		| END
-		{
-			YYACCEPT;
-		}
-		;
-
-%%
-
-static long
-name2number(const char *str)
-{
-    const char *p;
-    long base = 0;
-    const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	"abcdefghijklmnopqrstuvwxyz0123456789_";
-    if(strlen(str) > 4) {
-	yyerror("table name too long");
-	return 0;
-    }
-    for(p = str; *p; p++){
-	char *q = strchr(x, *p);
-	if(q == NULL) {
-	    yyerror("invalid character in table name");
-	    return 0;
-	}
-	base = (base << 6) + (q - x) + 1;
-    }
-    base <<= 8;
-    if(base > 0x7fffffff)
-	base = -(0xffffffff - base + 1);
-    return base;
-}
-
-void
-yyerror (char *s)
-{
-     error_message ("%s\n", s);
-}
diff --git a/crypto/heimdal/lib/com_err/roken_rename.h b/crypto/heimdal/lib/com_err/roken_rename.h
deleted file mode 100644
index 173c9a7d5ae9..000000000000
--- a/crypto/heimdal/lib/com_err/roken_rename.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h,v 1.3 1999/12/02 16:58:38 joda Exp $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/des/rc4.h b/crypto/heimdal/lib/des/rc4.h
deleted file mode 100644
index 15441f60198d..000000000000
--- a/crypto/heimdal/lib/des/rc4.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/* crypto/rc4/rc4.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* $Id: rc4.h,v 1.2 1999/10/21 12:58:31 joda Exp $ */
-
-#ifndef HEADER_RC4_H
-#define HEADER_RC4_H
-
-typedef unsigned int RC4_INT;
-
-typedef struct rc4_key_st {
-    RC4_INT x,y;
-    RC4_INT data[256];
-} RC4_KEY;
-
- 
-void RC4_set_key(RC4_KEY *key, int len, unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
-	 unsigned char *outdata);
-
-#endif
diff --git a/crypto/heimdal/lib/des/rc4_enc.c b/crypto/heimdal/lib/des/rc4_enc.c
deleted file mode 100644
index 6b1686f569b9..000000000000
--- a/crypto/heimdal/lib/des/rc4_enc.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* crypto/rc4/rc4_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "rc4.h"
-
-RCSID("$Id: rc4_enc.c,v 1.2 1999/10/21 12:58:43 joda Exp $");
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
-	     unsigned char *outdata)
-	{
-        register RC4_INT *d;
-        register RC4_INT x,y,tx,ty;
-	int i;
-        
-        x=key->x;     
-        y=key->y;     
-        d=key->data; 
-
-#define LOOP(in,out) \
-		x=((x+1)&0xff); \
-		tx=d[x]; \
-		y=(tx+y)&0xff; \
-		d[x]=ty=d[y]; \
-		d[y]=tx; \
-		(out) = d[(tx+ty)&0xff]^ (in);
-
-#ifndef RC4_INDEX
-#define RC4_LOOP(a,b,i)	LOOP(*((a)++),*((b)++))
-#else
-#define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])
-#endif
-
-	i=(int)(len>>3L);
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0);
-			RC4_LOOP(indata,outdata,1);
-			RC4_LOOP(indata,outdata,2);
-			RC4_LOOP(indata,outdata,3);
-			RC4_LOOP(indata,outdata,4);
-			RC4_LOOP(indata,outdata,5);
-			RC4_LOOP(indata,outdata,6);
-			RC4_LOOP(indata,outdata,7);
-#ifdef RC4_INDEX
-			indata+=8;
-			outdata+=8;
-#endif
-			if (--i == 0) break;
-			}
-		}
-	i=(int)len&0x07;
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,1); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,2); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,3); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,4); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,5); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,6); if (--i == 0) break;
-			}
-		}               
-	key->x=x;     
-	key->y=y;
-	}
diff --git a/crypto/heimdal/lib/des/rc4_skey.c b/crypto/heimdal/lib/des/rc4_skey.c
deleted file mode 100644
index f5bce4683f37..000000000000
--- a/crypto/heimdal/lib/des/rc4_skey.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/rc4/rc4_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "rc4.h"
-
-RCSID("$Id: rc4_skey.c,v 1.2 1999/10/21 12:58:52 joda Exp $");
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void RC4_set_key(RC4_KEY *key, int len, register unsigned char *data)
-	{
-        register RC4_INT tmp;
-        register int id1,id2;
-        register RC4_INT *d;
-        unsigned int i;
-        
-        d= &(key->data[0]);
-	for (i=0; i<256; i++)
-		d[i]=i;
-        key->x = 0;     
-        key->y = 0;     
-        id1=id2=0;     
-
-#define SK_LOOP(n) { \
-		tmp=d[(n)]; \
-		id2 = (data[id1] + tmp + id2) & 0xff; \
-		if (++id1 == len) id1=0; \
-		d[(n)]=d[id2]; \
-		d[id2]=tmp; }
-
-	for (i=0; i < 256; i+=4)
-		{
-		SK_LOOP(i+0);
-		SK_LOOP(i+1);
-		SK_LOOP(i+2);
-		SK_LOOP(i+3);
-		}
-	}
-    
diff --git a/crypto/heimdal/lib/des/rc4test.c b/crypto/heimdal/lib/des/rc4test.c
deleted file mode 100644
index 5abf8cff3073..000000000000
--- a/crypto/heimdal/lib/des/rc4test.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* crypto/rc4/rc4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef NO_RC4
-int main(int argc, char *argv[])
-{
-    printf("No RC4 support\n");
-    return(0);
-}
-#else
-#include <openssl/rc4.h>
-
-unsigned char keys[7][30]={
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{4,0xef,0x01,0x23,0x45},
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{4,0xef,0x01,0x23,0x45},
-	};
-
-unsigned char data_len[7]={8,8,8,20,28,10};
-unsigned char data[7][30]={
-	{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	   0x00,0x00,0x00,0x00,0xff},
-	{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-	   0x12,0x34,0x56,0x78,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-	{0},
-	};
-
-unsigned char output[7][30]={
-	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
-	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
-	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
-	 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
-	 0x36,0xb6,0x78,0x58,0x00},
-	{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
-	 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
-	 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
-	 0x40,0x01,0x1e,0xcf,0x00},
-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
-	{0},
-	};
-
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	int j;
-	unsigned char *p;
-	RC4_KEY key;
-	unsigned char buf[512],obuf[512];
-
-	for (i=0; i<512; i++) buf[i]=0x01;
-
-	for (i=0; i<6; i++)
-		{
-		RC4_set_key(&key,keys[i][0],&(keys[i][1]));
-		memset(obuf,0x00,sizeof(obuf));
-		RC4(&key,data_len[i],&(data[i][0]),obuf);
-		if (memcmp(obuf,output[i],data_len[i]+1) != 0)
-			{
-			printf("error calculating RC4\n");
-			printf("output:");
-			for (j=0; j<data_len[i]+1; j++)
-				printf(" %02x",obuf[j]);
-			printf("\n");
-			printf("expect:");
-			p= &(output[i][0]);
-			for (j=0; j<data_len[i]+1; j++)
-				printf(" %02x",*(p++));
-			printf("\n");
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		}
-	printf("test end processing ");
-	for (i=0; i<data_len[3]; i++)
-		{
-		RC4_set_key(&key,keys[3][0],&(keys[3][1]));
-		memset(obuf,0x00,sizeof(obuf));
-		RC4(&key,i,&(data[3][0]),obuf);
-		if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
-			{
-			printf("error in RC4 length processing\n");
-			printf("output:");
-			for (j=0; j<i+1; j++)
-				printf(" %02x",obuf[j]);
-			printf("\n");
-			printf("expect:");
-			p= &(output[3][0]);
-			for (j=0; j<i; j++)
-				printf(" %02x",*(p++));
-			printf(" 00\n");
-			err++;
-			}
-		else
-			{
-			printf(".");
-			fflush(stdout);
-			}
-		}
-	printf("done\n");
-	printf("test multi-call ");
-	for (i=0; i<data_len[3]; i++)
-		{
-		RC4_set_key(&key,keys[3][0],&(keys[3][1]));
-		memset(obuf,0x00,sizeof(obuf));
-		RC4(&key,i,&(data[3][0]),obuf);
-		RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
-		if (memcmp(obuf,output[3],data_len[3]+1) != 0)
-			{
-			printf("error in RC4 multi-call processing\n");
-			printf("output:");
-			for (j=0; j<data_len[3]+1; j++)
-				printf(" %02x",obuf[j]);
-			printf("\n");
-			printf("expect:");
-			p= &(output[3][0]);
-			for (j=0; j<data_len[3]+1; j++)
-				printf(" %02x",*(p++));
-			err++;
-			}
-		else
-			{
-			printf(".");
-			fflush(stdout);
-			}
-		}
-	printf("done\n");
-	exit(err);
-	return(0);
-	}
-#endif
diff --git a/crypto/heimdal/lib/editline/ChangeLog b/crypto/heimdal/lib/editline/ChangeLog
deleted file mode 100644
index 3773f8c6b9f7..000000000000
--- a/crypto/heimdal/lib/editline/ChangeLog
+++ /dev/null
@@ -1,108 +0,0 @@
-2002-08-22  Assar Westerlund  <assar@kth.se>
-
-	* testit.c: make it use getarg so that it can handle --help and
-	--version (and thus make check can pass)
-
-2001-09-13  Assar Westerlund  <assar@sics.se>
-
-	* editline.c: rename STATUS -> el_STATUS to avoid conflict with
-	STATUS in arpa/nameser.h
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make libeditline and libel_compat into libtool
-	libraries but always make them static
-
-2000-03-01  Assar Westerlund  <assar@sics.se>
-
-	* edit_compat.c (readline): be more liberal in what we accept from
-	el_gets.  if count == 0 -> interpret it as EOF.  also copy the
-	string first and then cut of the newline, it's cleaner
-
-1999-12-23  Assar Westerlund  <assar@sics.se>
-
-	* editline.c (TTYinfo): add fallback if we fail to find "le" in
- 	termcap.
-
-1999-08-06  Assar Westerlund  <assar@sics.se>
-
-	* editline.c (TTYinfo): copy backspace string to avoid referencing
- 	into a local variable.
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: don't run testit in `make check'
-
-1999-04-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: don't run testit as a check
-
-Sat Apr 10 23:01:18 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* complete.c (rl_complete_filename): return if there were no
- 	matches
-
-Thu Apr  8 15:08:25 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.in: snprintf
-
-	* roken_rename.h: add snprintf, asprintf
-
-	* Makefile.am: build testit
-
-	* complete.c: nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros;
- 	(rl_complete): call rl_list_possib instead of doing the same
-
-	* editline.h: nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros
-
-	* editline.c: nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros
-
-	* sysunix.c: add some whitespace
-
-Thu Mar 18 11:22:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Tue Mar 16 17:10:34 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* editline.c: remove protos for read/write
-
-Sat Mar 13 22:23:22 1999  Assar Westerlund  <assar@sics.se>
-
-	* <roken.h>: add
-
-Sun Nov 22 10:40:28 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Tue Sep 29 02:09:15 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (LIB_DEPS): add LIB_tgetent
-
-Thu Jul  2 15:10:08 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* edit_compat.c: support for newer libedit
-
-Tue Jun 30 17:18:09 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (distclean): don't remove roken_rename.h
-
-Fri May 29 19:03:38 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (strdup.c): remove dependency
-
-Mon May 25 05:25:16 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:53:46 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sat Feb  7 07:24:30 1998  Assar Westerlund  <assar@sics.se>
-
-	* editline.h: add prototypes
-
-Tue Feb  3 10:24:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* editline.c: If read returns EINTR, try again.
diff --git a/crypto/heimdal/lib/editline/Makefile b/crypto/heimdal/lib/editline/Makefile
deleted file mode 100644
index 793c7e6b27e4..000000000000
--- a/crypto/heimdal/lib/editline/Makefile
+++ /dev/null
@@ -1,730 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/editline/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.13 2002/08/13 13:48:15 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(ROKEN_RENAME)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-ES = snprintf.c strdup.c
-
-man_MANS = editline.3
-
-lib_LTLIBRARIES = libeditline.la
-noinst_LTLIBRARIES = libel_compat.la
-#noinst_LTLIBRARIES = 
-
-noinst_PROGRAMS = testit
-
-CHECK_LOCAL = 
-
-testit_LDADD = \
-	libeditline.la \
-	$(LIB_tgetent) \
-	$(LIB_roken)
-
-
-include_HEADERS = editline.h
-
-libeditline_la_SOURCES = \
-	complete.c \
-	editline.c \
-	sysunix.c \
-	editline.h \
-	roken_rename.h \
-	unix.h \
-	$(EXTRA_SOURCE)
-
-
-libeditline_la_LDFLAGS = -static
-
-EXTRA_SOURCE = $(ES) 
-
-libel_compat_la_SOURCES = edit_compat.c
-
-libel_compat_la_LDFLAGS = -static
-
-EXTRA_DIST = $(man_MANS)
-subdir = lib/editline
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-
-libeditline_la_LIBADD =
-am__objects_1 = snprintf.lo strdup.lo
-am__objects_2 = $(am__objects_1)
-am_libeditline_la_OBJECTS = complete.lo editline.lo sysunix.lo \
-	$(am__objects_2)
-libeditline_la_OBJECTS = $(am_libeditline_la_OBJECTS)
-libel_compat_la_LIBADD =
-am_libel_compat_la_OBJECTS = edit_compat.lo
-libel_compat_la_OBJECTS = $(am_libel_compat_la_OBJECTS)
-noinst_PROGRAMS = testit$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-testit_SOURCES = testit.c
-testit_OBJECTS = testit.$(OBJEXT)
-testit_DEPENDENCIES = libeditline.la
-testit_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libeditline_la_SOURCES) $(libel_compat_la_SOURCES) \
-	testit.c
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = README $(include_HEADERS) ChangeLog Makefile.am \
-	Makefile.in
-SOURCES = $(libeditline_la_SOURCES) $(libel_compat_la_SOURCES) testit.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/editline/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libeditline.la: $(libeditline_la_OBJECTS) $(libeditline_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libeditline_la_LDFLAGS) $(libeditline_la_OBJECTS) $(libeditline_la_LIBADD) $(LIBS)
-libel_compat.la: $(libel_compat_la_OBJECTS) $(libel_compat_la_DEPENDENCIES) 
-	$(LINK)  $(libel_compat_la_LDFLAGS) $(libel_compat_la_OBJECTS) $(libel_compat_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-testit$(EXEEXT): $(testit_OBJECTS) $(testit_DEPENDENCIES) 
-	@rm -f testit$(EXEEXT)
-	$(LINK) $(testit_LDFLAGS) $(testit_OBJECTS) $(testit_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstLTLIBRARIES clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS install-man
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstLTLIBRARIES clean-noinstPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES install-man \
-	install-man3 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/editline/Makefile.am b/crypto/heimdal/lib/editline/Makefile.am
deleted file mode 100644
index 5500d2664f8d..000000000000
--- a/crypto/heimdal/lib/editline/Makefile.am
+++ /dev/null
@@ -1,53 +0,0 @@
-# $Id: Makefile.am,v 1.13 2002/08/13 13:48:15 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-if do_roken_rename
-ES = snprintf.c strdup.c
-endif
-
-INCLUDES += $(ROKEN_RENAME)
-
-man_MANS = editline.3
-
-lib_LTLIBRARIES = libeditline.la
-if el_compat
-noinst_LTLIBRARIES = libel_compat.la
-else
-noinst_LTLIBRARIES =
-endif
-
-noinst_PROGRAMS = testit
-
-CHECK_LOCAL =
-
-testit_LDADD = \
-	libeditline.la \
-	$(LIB_tgetent) \
-	$(LIB_roken)
-
-include_HEADERS = editline.h
-
-libeditline_la_SOURCES = \
-	complete.c \
-	editline.c \
-	sysunix.c \
-	editline.h \
-	roken_rename.h \
-	unix.h \
-	$(EXTRA_SOURCE)
-
-libeditline_la_LDFLAGS = -static
-
-EXTRA_SOURCE = $(ES) 
-
-libel_compat_la_SOURCES = edit_compat.c
-
-libel_compat_la_LDFLAGS = -static
-
-EXTRA_DIST = $(man_MANS)
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
diff --git a/crypto/heimdal/lib/editline/Makefile.in b/crypto/heimdal/lib/editline/Makefile.in
deleted file mode 100644
index 84b2d180513c..000000000000
--- a/crypto/heimdal/lib/editline/Makefile.in
+++ /dev/null
@@ -1,730 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.13 2002/08/13 13:48:15 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(ROKEN_RENAME)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@do_roken_rename_TRUE@ES = snprintf.c strdup.c
-
-man_MANS = editline.3
-
-lib_LTLIBRARIES = libeditline.la
-@el_compat_TRUE@noinst_LTLIBRARIES = libel_compat.la
-@el_compat_FALSE@noinst_LTLIBRARIES = 
-
-noinst_PROGRAMS = testit
-
-CHECK_LOCAL = 
-
-testit_LDADD = \
-	libeditline.la \
-	$(LIB_tgetent) \
-	$(LIB_roken)
-
-
-include_HEADERS = editline.h
-
-libeditline_la_SOURCES = \
-	complete.c \
-	editline.c \
-	sysunix.c \
-	editline.h \
-	roken_rename.h \
-	unix.h \
-	$(EXTRA_SOURCE)
-
-
-libeditline_la_LDFLAGS = -static
-
-EXTRA_SOURCE = $(ES) 
-
-libel_compat_la_SOURCES = edit_compat.c
-
-libel_compat_la_LDFLAGS = -static
-
-EXTRA_DIST = $(man_MANS)
-subdir = lib/editline
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-
-libeditline_la_LIBADD =
-@do_roken_rename_TRUE@am__objects_1 = snprintf.lo strdup.lo
-am__objects_2 = $(am__objects_1)
-am_libeditline_la_OBJECTS = complete.lo editline.lo sysunix.lo \
-	$(am__objects_2)
-libeditline_la_OBJECTS = $(am_libeditline_la_OBJECTS)
-libel_compat_la_LIBADD =
-am_libel_compat_la_OBJECTS = edit_compat.lo
-libel_compat_la_OBJECTS = $(am_libel_compat_la_OBJECTS)
-noinst_PROGRAMS = testit$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-testit_SOURCES = testit.c
-testit_OBJECTS = testit.$(OBJEXT)
-testit_DEPENDENCIES = libeditline.la
-testit_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libeditline_la_SOURCES) $(libel_compat_la_SOURCES) \
-	testit.c
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = README $(include_HEADERS) ChangeLog Makefile.am \
-	Makefile.in
-SOURCES = $(libeditline_la_SOURCES) $(libel_compat_la_SOURCES) testit.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/editline/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libeditline.la: $(libeditline_la_OBJECTS) $(libeditline_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libeditline_la_LDFLAGS) $(libeditline_la_OBJECTS) $(libeditline_la_LIBADD) $(LIBS)
-libel_compat.la: $(libel_compat_la_OBJECTS) $(libel_compat_la_DEPENDENCIES) 
-	$(LINK)  $(libel_compat_la_LDFLAGS) $(libel_compat_la_OBJECTS) $(libel_compat_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-testit$(EXEEXT): $(testit_OBJECTS) $(testit_DEPENDENCIES) 
-	@rm -f testit$(EXEEXT)
-	$(LINK) $(testit_LDFLAGS) $(testit_OBJECTS) $(testit_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstLTLIBRARIES clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS install-man
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstLTLIBRARIES clean-noinstPROGRAMS distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES install-man \
-	install-man3 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/editline/README b/crypto/heimdal/lib/editline/README
deleted file mode 100644
index 829db995b8bb..000000000000
--- a/crypto/heimdal/lib/editline/README
+++ /dev/null
@@ -1,45 +0,0 @@
-$Revision: 1.1 $
-
-This is a line-editing library.  It can be linked into almost any
-program to provide command-line editing and recall.
-
-It is call-compatible with the FSF readline library, but it is a
-fraction of the size (and offers fewer features).  It does not use
-standard I/O.  It is distributed under a "C News-like" copyright.
-
-Configuration is done in the Makefile.  Type "make testit" to get
-a small slow shell for testing.
-
-An earlier version was distributed with Byron's rc.  Principal
-changes over that version include:
-	Faster.
-	Is eight-bit clean (thanks to brendan@cs.widener.edu)
-	Written in K&R C, but ANSI compliant (gcc all warnings)
-	Propagates EOF properly; rc trip test now passes
-	Doesn't need or use or provide memmove.
-	More robust
-	Calling sequence changed to be compatible with readline.
-	Test program, new manpage, better configuration
-	More system-independant; includes Unix and OS-9 support.
-
-Enjoy,
-	Rich $alz
-	<rsalz@osf.org>
-
- Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved.
-
- This software is not subject to any license of the American Telephone
- and Telegraph Company or of the Regents of the University of California.
-
- Permission is granted to anyone to use this software for any purpose on
- any computer system, and to alter it and redistribute it freely, subject
- to the following restrictions:
- 1. The authors are not responsible for the consequences of use of this
-    software, no matter how awful, even if they arise from flaws in it.
- 2. The origin of this software must not be misrepresented, either by
-    explicit claim or by omission.  Since few users ever read sources,
-    credits must appear in the documentation.
- 3. Altered versions must be plainly marked as such, and must not be
-    misrepresented as being the original software.  Since few users
-    ever read sources, credits must appear in the documentation.
- 4. This notice may not be removed or altered.
diff --git a/crypto/heimdal/lib/editline/complete.c b/crypto/heimdal/lib/editline/complete.c
deleted file mode 100644
index d2a311d25e99..000000000000
--- a/crypto/heimdal/lib/editline/complete.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/*  Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
- *
- *  This software is not subject to any license of the American Telephone 
- *  and Telegraph Company or of the Regents of the University of California. 
- *
- *  Permission is granted to anyone to use this software for any purpose on
- *  any computer system, and to alter it and redistribute it freely, subject
- *  to the following restrictions:
- *  1. The authors are not responsible for the consequences of use of this
- *     software, no matter how awful, even if they arise from flaws in it.
- *  2. The origin of this software must not be misrepresented, either by
- *     explicit claim or by omission.  Since few users ever read sources,
- *     credits must appear in the documentation.
- *  3. Altered versions must be plainly marked as such, and must not be
- *     misrepresented as being the original software.  Since few users
- *     ever read sources, credits must appear in the documentation.
- *  4. This notice may not be removed or altered.
- */
-
-/*
-**  History and file completion functions for editline library.
-*/
-#include <config.h>
-#include "editline.h"
-
-RCSID("$Id: complete.c,v 1.5 1999/04/10 21:01:16 joda Exp $");
-
-/*
-**  strcmp-like sorting predicate for qsort.
-*/
-static int
-compare(const void *p1, const void *p2)
-{
-    const char	**v1;
-    const char	**v2;
-    
-    v1 = (const char **)p1;
-    v2 = (const char **)p2;
-    return strcmp(*v1, *v2);
-}
-
-/*
-**  Fill in *avp with an array of names that match file, up to its length.
-**  Ignore . and .. .
-*/
-static int
-FindMatches(char *dir, char *file, char ***avp)
-{
-    char	**av;
-    char	**new;
-    char	*p;
-    DIR		*dp;
-    DIRENTRY	*ep;
-    size_t	ac;
-    size_t	len;
-
-    if ((dp = opendir(dir)) == NULL)
-	return 0;
-
-    av = NULL;
-    ac = 0;
-    len = strlen(file);
-    while ((ep = readdir(dp)) != NULL) {
-	p = ep->d_name;
-	if (p[0] == '.' && (p[1] == '\0' || (p[1] == '.' && p[2] == '\0')))
-	    continue;
-	if (len && strncmp(p, file, len) != 0)
-	    continue;
-
-	if ((ac % MEM_INC) == 0) {
-	    if ((new = malloc(sizeof(char*) * (ac + MEM_INC))) == NULL)
-		break;
-	    if (ac) {
-		memcpy(new, av, ac * sizeof (char **));
-		free(av);
-	    }
-	    *avp = av = new;
-	}
-
-	if ((av[ac] = strdup(p)) == NULL) {
-	    if (ac == 0)
-		free(av);
-	    break;
-	}
-	ac++;
-    }
-
-    /* Clean up and return. */
-    (void)closedir(dp);
-    if (ac)
-	qsort(av, ac, sizeof (char **), compare);
-    return ac;
-}
-
-/*
-**  Split a pathname into allocated directory and trailing filename parts.
-*/
-static int SplitPath(char *path, char **dirpart, char **filepart)
-{
-    static char	DOT[] = ".";
-    char	*dpart;
-    char	*fpart;
-
-    if ((fpart = strrchr(path, '/')) == NULL) {
-	if ((dpart = strdup(DOT)) == NULL)
-	    return -1;
-	if ((fpart = strdup(path)) == NULL) {
-	    free(dpart);
-	    return -1;
-	}
-    }
-    else {
-	if ((dpart = strdup(path)) == NULL)
-	    return -1;
-	dpart[fpart - path] = '\0';
-	if ((fpart = strdup(++fpart)) == NULL) {
-	    free(dpart);
-	    return -1;
-	}
-    }
-    *dirpart = dpart;
-    *filepart = fpart;
-    return 0;
-}
-
-/*
-**  Attempt to complete the pathname, returning an allocated copy.
-**  Fill in *unique if we completed it, or set it to 0 if ambiguous.
-*/
-
-static char *
-rl_complete_filename(char *pathname, int *unique)
-{
-    char	**av;
-    char	*new;
-    char	*p;
-    size_t	ac;
-    size_t	end;
-    size_t	i;
-    size_t	j;
-    size_t	len;
-    char *s;
-    
-    ac = rl_list_possib(pathname, &av);
-    if(ac == 0)
-	return NULL;
-
-    s = strrchr(pathname, '/');
-    if(s == NULL)
-	len = strlen(pathname);
-    else
-	len = strlen(s + 1);
-
-    p = NULL;
-    if (ac == 1) {
-	/* Exactly one match -- finish it off. */
-	*unique = 1;
-	j = strlen(av[0]) - len + 2;
-	if ((p = malloc(j + 1)) != NULL) {
-	    memcpy(p, av[0] + len, j);
-	    asprintf(&new, "%s%s", pathname, p);
-	    if(new != NULL) {
-		rl_add_slash(new, p);
-		free(new);
-	    }
-	}
-    }
-    else {
-	*unique = 0;
-	if (len) {
-	    /* Find largest matching substring. */
-	    for (i = len, end = strlen(av[0]); i < end; i++)
-		for (j = 1; j < ac; j++)
-		    if (av[0][i] != av[j][i])
-			goto breakout;
-  breakout:
-	    if (i > len) {
-		j = i - len + 1;
-		if ((p = malloc(j)) != NULL) {
-		    memcpy(p, av[0] + len, j);
-		    p[j - 1] = '\0';
-		}
-	    }
-	}
-    }
-
-    /* Clean up and return. */
-    for (i = 0; i < ac; i++)
-	free(av[i]);
-    free(av);
-    return p;
-}
-
-static rl_complete_func_t complete_func = rl_complete_filename;
-
-char *
-rl_complete(char *pathname, int *unique)
-{
-    return (*complete_func)(pathname, unique);
-}
-
-rl_complete_func_t
-rl_set_complete_func(rl_complete_func_t func)
-{
-    rl_complete_func_t old = complete_func;
-    complete_func = func;
-    return old;
-}
-
-
-/*
-**  Return all possible completions.
-*/
-static int
-rl_list_possib_filename(char *pathname, char ***avp)
-{
-    char	*dir;
-    char	*file;
-    int		ac;
-
-    if (SplitPath(pathname, &dir, &file) < 0)
-	return 0;
-    ac = FindMatches(dir, file, avp);
-    free(dir);
-    free(file);
-    return ac;
-}
-
-static rl_list_possib_func_t list_possib_func = rl_list_possib_filename;
-
-int
-rl_list_possib(char *pathname, char ***avp)
-{
-    return (*list_possib_func)(pathname, avp);
-}
-
-rl_list_possib_func_t
-rl_set_list_possib_func(rl_list_possib_func_t func)
-{
-    rl_list_possib_func_t old = list_possib_func;
-    list_possib_func = func;
-    return old;
-}
diff --git a/crypto/heimdal/lib/editline/edit_compat.c b/crypto/heimdal/lib/editline/edit_compat.c
deleted file mode 100644
index e0f4962802d2..000000000000
--- a/crypto/heimdal/lib/editline/edit_compat.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <histedit.h>
-
-#include "edit_compat.h"
-
-RCSID("$Id: edit_compat.c,v 1.9 2001/08/29 00:24:33 assar Exp $");
-
-void
-rl_reset_terminal(char *p)
-{
-}
-
-void
-rl_initialize(void)
-{
-}
-
-static const char *pr;
-static const char* ret_prompt(EditLine *e)
-{
-    return pr;
-}
-
-static History *h;
-
-#ifdef H_SETSIZE
-#define EL_INIT_FOUR 1
-#else
-#ifdef H_SETMAXSIZE
-/* backwards compatibility */
-#define H_SETSIZE H_SETMAXSIZE
-#endif
-#endif
-
-char *
-readline(const char* prompt)
-{
-    static EditLine *e;
-#ifdef H_SETSIZE
-    HistEvent ev;
-#endif
-    int count;
-    const char *str;
-
-    if(e == NULL){
-#ifdef EL_INIT_FOUR
-	e = el_init("", stdin, stdout, stderr);
-#else
-	e = el_init("", stdin, stdout);
-#endif
-	el_set(e, EL_PROMPT, ret_prompt);
-	h = history_init();
-#ifdef H_SETSIZE
-	history(h, &ev, H_SETSIZE, 25);
-#else
-	history(h, H_EVENT, 25);
-#endif
-	el_set(e, EL_HIST, history, h);
-	el_set(e, EL_EDITOR, "emacs"); /* XXX? */
-    }
-    pr = prompt ? prompt : "";
-    str = el_gets(e, &count);
-    if (str && count > 0) {
-	char *ret = strdup (str);
-
-	if (ret == NULL)
-	    return NULL;
-
-	if (ret[strlen(ret) - 1] == '\n')
-	    ret[strlen(ret) - 1] = '\0';
-	return ret;
-    } 
-    return NULL;
-}
-
-void
-add_history(char *p)
-{
-#ifdef H_SETSIZE
-    HistEvent ev;
-    history(h, &ev, H_ENTER, p);
-#else
-    history(h, H_ENTER, p);
-#endif
-}
diff --git a/crypto/heimdal/lib/editline/edit_compat.h b/crypto/heimdal/lib/editline/edit_compat.h
deleted file mode 100644
index c0c40fe98358..000000000000
--- a/crypto/heimdal/lib/editline/edit_compat.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: edit_compat.h,v 1.1 2001/08/29 00:24:33 assar Exp $ */
-
-#ifndef _EDIT_COMPAT_H
-#define _EDIT_COMPAT_H
-
-void rl_reset_terminal(char *p);
-void rl_initialize(void);
-char *readline(const char *prompt);
-void add_history(char *p);
-
-#endif /* _EDIT_COMPAT_H */
diff --git a/crypto/heimdal/lib/editline/editline.3 b/crypto/heimdal/lib/editline/editline.3
deleted file mode 100644
index 6e30a09d918f..000000000000
--- a/crypto/heimdal/lib/editline/editline.3
+++ /dev/null
@@ -1,175 +0,0 @@
-.\" $Revision: 1.2 $
-.TH EDITLINE 3
-.SH NAME
-editline \- command-line editing library with history
-.SH SYNOPSIS
-.nf
-.B "char *"
-.B "readline(prompt)"
-.B "     char	*prompt;"
-
-.B "void"
-.B "add_history(line)"
-.B "    char	*line;"
-.fi
-.SH DESCRIPTION
-.I Editline
-is a library that provides an line-editing interface with text recall.
-It is intended to be compatible with the
-.I readline
-library provided by the Free Software Foundation, but much smaller.
-The bulk of this manual page describes the user interface.
-.PP
-The
-.I readline
-routine returns a line of text with the trailing newline removed.
-The data is returned in a buffer allocated with
-.IR malloc (3),
-so the space should be released with
-.IR free (3)
-when the calling program is done with it.
-Before accepting input from the user, the specified
-.I prompt
-is displayed on the terminal.
-.PP
-The
-.I add_history
-routine makes a copy of the specified
-.I line
-and adds it to the internal history list.
-.SS "User Interface"
-A program that uses this library provides a simple emacs-like editing
-interface to its users.
-A line may be edited before it is sent to the calling program by typing either
-control characters or escape sequences.
-A control character, shown as a caret followed by a letter, is typed by
-holding down the ``control'' key while the letter is typed.
-For example, ``^A'' is a control-A.
-An escape sequence is entered by typing the ``escape'' key followed by one or
-more characters.
-The escape key is abbreviated as ``ESC.''
-Note that unlike control keys, case matters in escape sequences; ``ESC\ F''
-is not the same as ``ESC\ f''.
-.PP
-An editing command may be typed anywhere on the line, not just at the
-beginning.
-In addition, a return may also be typed anywhere on the line, not just at
-the end.
-.PP
-Most editing commands may be given a repeat count,
-.IR n ,
-where
-.I n
-is a number.
-To enter a repeat count, type the escape key, the number, and then
-the command to execute.
-For example, ``ESC\ 4\ ^f'' moves forward four characters.
-If a command may be given a repeat count then the text ``[n]'' is given at the
-end of its description.
-.PP
-The following control characters are accepted:
-.RS
-.nf
-.ta \w'ESC DEL  'u
-^A	Move to the beginning of the line
-^B	Move left (backwards) [n]
-^D	Delete character [n]
-^E	Move to end of line
-^F	Move right (forwards) [n]
-^G	Ring the bell
-^H	Delete character before cursor (backspace key) [n]
-^I	Complete filename (tab key); see below
-^J	Done with line (return key)
-^K	Kill to end of line (or column [n])
-^L	Redisplay line
-^M	Done with line (alternate return key)
-^N	Get next line from history [n]
-^P	Get previous line from history [n]
-^R	Search backward (forward if [n]) through history for text;
-\&	must start line if text begins with an uparrow
-^T	Transpose characters
-^V	Insert next character, even if it is an edit command
-^W	Wipe to the mark
-^X^X	Exchange current location and mark
-^Y	Yank back last killed text
-^[	Start an escape sequence (escape key)
-^]c	Move forward to next character ``c''
-^?	Delete character before cursor (delete key) [n]
-.fi
-.RE
-.PP
-The following escape sequences are provided.
-.RS
-.nf
-.ta \w'ESC DEL  'u
-ESC\ ^H	Delete previous word (backspace key) [n]
-ESC\ DEL	Delete previous word (delete key) [n]
-ESC\ SP	Set the mark (space key); see ^X^X and ^Y above
-ESC\ \.	Get the last (or [n]'th) word from previous line
-ESC\ ?	Show possible completions; see below
-ESC\ <	Move to start of history
-ESC\ >	Move to end of history
-ESC\ b	Move backward a word [n]
-ESC\ d	Delete word under cursor [n]
-ESC\ f	Move forward a word [n]
-ESC\ l	Make word lowercase [n]
-ESC\ u	Make word uppercase [n]
-ESC\ y	Yank back last killed text
-ESC\ v	Show library version
-ESC\ w	Make area up to mark yankable
-ESC\ nn	Set repeat count to the number nn
-ESC\ C	Read from environment variable ``_C_'', where C is
-\&	an uppercase letter
-.fi
-.RE
-.PP
-The
-.I editline
-library has a small macro facility.
-If you type the escape key followed by an uppercase letter,
-.IR C ,
-then the contents of the environment variable
-.I _C_
-are read in as if you had typed them at the keyboard.
-For example, if the variable
-.I _L_
-contains the following:
-.RS
-^A^Kecho '^V^[[H^V^[[2J'^M
-.RE
-Then typing ``ESC L'' will move to the beginning of the line, kill the
-entire line, enter the echo command needed to clear the terminal (if your
-terminal is like a VT-100), and send the line back to the shell.
-.PP
-The
-.I editline
-library also does filename completion.
-Suppose the root directory has the following files in it:
-.RS
-.nf
-.ta \w'core   'u
-bin	vmunix
-core	vmunix.old
-.fi
-.RE
-If you type ``rm\ /v'' and then the tab key.
-.I Editline
-will then finish off as much of the name as possible by adding ``munix''.
-Because the name is not unique, it will then beep.
-If you type the escape key and a question mark, it will display the
-two choices.
-If you then type a period and a tab, the library will finish off the filename
-for you:
-.RS
-.nf
-.RI "rm /v[TAB]" munix .TAB old
-.fi
-.RE
-The tab key is shown by ``[TAB]'' and the automatically-entered text
-is shown in italics.
-.SH "BUGS AND LIMITATIONS"
-Cannot handle lines more than 80 columns.
-.SH AUTHORS
-Simmule R. Turner <uunet.uu.net!capitol!sysgo!simmy>
-and Rich $alz <rsalz@osf.org>.
-Original manual page by DaviD W. Sanderson <dws@ssec.wisc.edu>.
diff --git a/crypto/heimdal/lib/editline/editline.c b/crypto/heimdal/lib/editline/editline.c
deleted file mode 100644
index 24fa8464a9a1..000000000000
--- a/crypto/heimdal/lib/editline/editline.c
+++ /dev/null
@@ -1,1376 +0,0 @@
-/*  Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
- *
- *  This software is not subject to any license of the American Telephone 
- *  and Telegraph Company or of the Regents of the University of California. 
- *
- *  Permission is granted to anyone to use this software for any purpose on
- *  any computer system, and to alter it and redistribute it freely, subject
- *  to the following restrictions:
- *  1. The authors are not responsible for the consequences of use of this
- *     software, no matter how awful, even if they arise from flaws in it.
- *  2. The origin of this software must not be misrepresented, either by
- *     explicit claim or by omission.  Since few users ever read sources,
- *     credits must appear in the documentation.
- *  3. Altered versions must be plainly marked as such, and must not be
- *     misrepresented as being the original software.  Since few users
- *     ever read sources, credits must appear in the documentation.
- *  4. This notice may not be removed or altered.
- */
-
-/*
-**  Main editing routines for editline library.
-*/
-#include <config.h>
-#include "editline.h"
-#include <ctype.h>
-#include <errno.h>
-
-RCSID("$Id: editline.c,v 1.10 2001/09/13 01:19:54 assar Exp $");
-
-/*
-**  Manifest constants.
-*/
-#define SCREEN_WIDTH	80
-#define SCREEN_ROWS	24
-#define NO_ARG		(-1)
-#define DEL		127
-#define CTL(x)		((x) & 0x1F)
-#define ISCTL(x)	((x) && (x) < ' ')
-#define UNCTL(x)	((x) + 64)
-#define META(x)		((x) | 0x80)
-#define ISMETA(x)	((x) & 0x80)
-#define UNMETA(x)	((x) & 0x7F)
-#if	!defined(HIST_SIZE)
-#define HIST_SIZE	20
-#endif	/* !defined(HIST_SIZE) */
-
-/*
-**  Command status codes.
-*/
-typedef enum _el_STATUS {
-    CSdone, CSeof, CSmove, CSdispatch, CSstay
-} el_STATUS;
-
-/*
-**  The type of case-changing to perform.
-*/
-typedef enum _CASE {
-    TOupper, TOlower
-} CASE;
-
-/*
-**  Key to command mapping.
-*/
-typedef struct _KEYMAP {
-    unsigned char	Key;
-    el_STATUS	(*Function)();
-} KEYMAP;
-
-/*
-**  Command history structure.
-*/
-typedef struct _HISTORY {
-    int		Size;
-    int		Pos;
-    unsigned char	*Lines[HIST_SIZE];
-} HISTORY;
-
-/*
-**  Globals.
-*/
-int		rl_eof;
-int		rl_erase;
-int		rl_intr;
-int		rl_kill;
-
-static unsigned char		NIL[] = "";
-static const unsigned char	*Input = NIL;
-static unsigned char		*Line;
-static const char	*Prompt;
-static unsigned char		*Yanked;
-static char		*Screen;
-static char		NEWLINE[]= CRLF;
-static HISTORY		H;
-int		rl_quit;
-static int		Repeat;
-static int		End;
-static int		Mark;
-static int		OldPoint;
-static int		Point;
-static int		PushBack;
-static int		Pushed;
-static KEYMAP		Map[33];
-static KEYMAP		MetaMap[16];
-static size_t		Length;
-static size_t		ScreenCount;
-static size_t		ScreenSize;
-static char		*backspace;
-static int		TTYwidth;
-static int		TTYrows;
-
-/* Display print 8-bit chars as `M-x' or as the actual 8-bit char? */
-int		rl_meta_chars = 1;
-
-/*
-**  Declarations.
-*/
-static unsigned char	*editinput(void);
-char	*tgetstr(const char*, char**);
-int	tgetent(char*, const char*);
-int	tgetnum(const char*);
-
-/*
-**  TTY input/output functions.
-*/
-
-static void
-TTYflush()
-{
-    if (ScreenCount) {
-	write(1, Screen, ScreenCount);
-	ScreenCount = 0;
-    }
-}
-
-static void
-TTYput(unsigned char c)
-{
-    Screen[ScreenCount] = c;
-    if (++ScreenCount >= ScreenSize - 1) {
-	ScreenSize += SCREEN_INC;
-	Screen = realloc(Screen, ScreenSize);
-    }
-}
-
-static void
-TTYputs(const char *p)
-{
-    while (*p)
-	TTYput(*p++);
-}
-
-static void
-TTYshow(unsigned char c)
-{
-    if (c == DEL) {
-	TTYput('^');
-	TTYput('?');
-    }
-    else if (ISCTL(c)) {
-	TTYput('^');
-	TTYput(UNCTL(c));
-    }
-    else if (rl_meta_chars && ISMETA(c)) {
-	TTYput('M');
-	TTYput('-');
-	TTYput(UNMETA(c));
-    }
-    else
-	TTYput(c);
-}
-
-static void
-TTYstring(unsigned char *p)
-{
-    while (*p)
-	TTYshow(*p++);
-}
-
-static int
-TTYget()
-{
-    char c;
-    int e;
-
-    TTYflush();
-    if (Pushed) {
-	Pushed = 0;
-	return PushBack;
-    }
-    if (*Input)
-	return *Input++;
-    do {
-	e = read(0, &c, 1);
-    } while(e < 0 && errno == EINTR);
-    if(e == 1)
-	return c;
-    return EOF;
-}
-
-static void
-TTYback(void)
-{
-    if (backspace)
-	TTYputs(backspace);
-    else
-	TTYput('\b');
-}
-
-static void
-TTYbackn(int n)
-{
-    while (--n >= 0)
-	TTYback();
-}
-
-static void
-TTYinfo()
-{
-    static int		init;
-    char		*term;
-    char		buff[2048];
-    char		*bp;
-    char		*tmp;
-#if	defined(TIOCGWINSZ)
-    struct winsize	W;
-#endif	/* defined(TIOCGWINSZ) */
-
-    if (init) {
-#if	defined(TIOCGWINSZ)
-	/* Perhaps we got resized. */
-	if (ioctl(0, TIOCGWINSZ, &W) >= 0
-	 && W.ws_col > 0 && W.ws_row > 0) {
-	    TTYwidth = (int)W.ws_col;
-	    TTYrows = (int)W.ws_row;
-	}
-#endif	/* defined(TIOCGWINSZ) */
-	return;
-    }
-    init++;
-
-    TTYwidth = TTYrows = 0;
-    bp = &buff[0];
-    if ((term = getenv("TERM")) == NULL)
-	term = "dumb";
-    if (tgetent(buff, term) < 0) {
-       TTYwidth = SCREEN_WIDTH;
-       TTYrows = SCREEN_ROWS;
-       return;
-    }
-    tmp = tgetstr("le", &bp);
-    if (tmp != NULL)
-	backspace = strdup(tmp);
-    else
-	backspace = "\b";
-    TTYwidth = tgetnum("co");
-    TTYrows = tgetnum("li");
-
-#if	defined(TIOCGWINSZ)
-    if (ioctl(0, TIOCGWINSZ, &W) >= 0) {
-	TTYwidth = (int)W.ws_col;
-	TTYrows = (int)W.ws_row;
-    }
-#endif	/* defined(TIOCGWINSZ) */
-
-    if (TTYwidth <= 0 || TTYrows <= 0) {
-	TTYwidth = SCREEN_WIDTH;
-	TTYrows = SCREEN_ROWS;
-    }
-}
-
-
-/*
-**  Print an array of words in columns.
-*/
-static void
-columns(int ac, unsigned char **av)
-{
-    unsigned char	*p;
-    int		i;
-    int		j;
-    int		k;
-    int		len;
-    int		skip;
-    int		longest;
-    int		cols;
-
-    /* Find longest name, determine column count from that. */
-    for (longest = 0, i = 0; i < ac; i++)
-	if ((j = strlen((char *)av[i])) > longest)
-	    longest = j;
-    cols = TTYwidth / (longest + 3);
-
-    TTYputs(NEWLINE);
-    for (skip = ac / cols + 1, i = 0; i < skip; i++) {
-	for (j = i; j < ac; j += skip) {
-	    for (p = av[j], len = strlen((char *)p), k = len; --k >= 0; p++)
-		TTYput(*p);
-	    if (j + skip < ac)
-		while (++len < longest + 3)
-		    TTYput(' ');
-	}
-	TTYputs(NEWLINE);
-    }
-}
-
-static void
-reposition()
-{
-    int		i;
-    unsigned char	*p;
-
-    TTYput('\r');
-    TTYputs(Prompt);
-    for (i = Point, p = Line; --i >= 0; p++)
-	TTYshow(*p);
-}
-
-static void
-left(el_STATUS Change)
-{
-    TTYback();
-    if (Point) {
-	if (ISCTL(Line[Point - 1]))
-	    TTYback();
-        else if (rl_meta_chars && ISMETA(Line[Point - 1])) {
-	    TTYback();
-	    TTYback();
-	}
-    }
-    if (Change == CSmove)
-	Point--;
-}
-
-static void
-right(el_STATUS Change)
-{
-    TTYshow(Line[Point]);
-    if (Change == CSmove)
-	Point++;
-}
-
-static el_STATUS
-ring_bell()
-{
-    TTYput('\07');
-    TTYflush();
-    return CSstay;
-}
-
-static el_STATUS
-do_macro(unsigned char c)
-{
-    unsigned char		name[4];
-
-    name[0] = '_';
-    name[1] = c;
-    name[2] = '_';
-    name[3] = '\0';
-
-    if ((Input = (unsigned char *)getenv((char *)name)) == NULL) {
-	Input = NIL;
-	return ring_bell();
-    }
-    return CSstay;
-}
-
-static el_STATUS
-do_forward(el_STATUS move)
-{
-    int		i;
-    unsigned char	*p;
-
-    i = 0;
-    do {
-	p = &Line[Point];
-	for ( ; Point < End && (*p == ' ' || !isalnum(*p)); Point++, p++)
-	    if (move == CSmove)
-		right(CSstay);
-
-	for (; Point < End && isalnum(*p); Point++, p++)
-	    if (move == CSmove)
-		right(CSstay);
-
-	if (Point == End)
-	    break;
-    } while (++i < Repeat);
-
-    return CSstay;
-}
-
-static el_STATUS
-do_case(CASE type)
-{
-    int		i;
-    int		end;
-    int		count;
-    unsigned char	*p;
-
-    do_forward(CSstay);
-    if (OldPoint != Point) {
-	if ((count = Point - OldPoint) < 0)
-	    count = -count;
-	Point = OldPoint;
-	if ((end = Point + count) > End)
-	    end = End;
-	for (i = Point, p = &Line[i]; i < end; i++, p++) {
-	    if (type == TOupper) {
-		if (islower(*p))
-		    *p = toupper(*p);
-	    }
-	    else if (isupper(*p))
-		*p = tolower(*p);
-	    right(CSmove);
-	}
-    }
-    return CSstay;
-}
-
-static el_STATUS
-case_down_word()
-{
-    return do_case(TOlower);
-}
-
-static el_STATUS
-case_up_word()
-{
-    return do_case(TOupper);
-}
-
-static void
-ceol()
-{
-    int		extras;
-    int		i;
-    unsigned char	*p;
-
-    for (extras = 0, i = Point, p = &Line[i]; i <= End; i++, p++) {
-	TTYput(' ');
-	if (ISCTL(*p)) {
-	    TTYput(' ');
-	    extras++;
-	}
-	else if (rl_meta_chars && ISMETA(*p)) {
-	    TTYput(' ');
-	    TTYput(' ');
-	    extras += 2;
-	}
-    }
-
-    for (i += extras; i > Point; i--)
-	TTYback();
-}
-
-static void
-clear_line()
-{
-    Point = -strlen(Prompt);
-    TTYput('\r');
-    ceol();
-    Point = 0;
-    End = 0;
-    Line[0] = '\0';
-}
-
-static el_STATUS
-insert_string(unsigned char *p)
-{
-    size_t	len;
-    int		i;
-    unsigned char	*new;
-    unsigned char	*q;
-
-    len = strlen((char *)p);
-    if (End + len >= Length) {
-	if ((new = malloc(sizeof(unsigned char) * (Length + len + MEM_INC))) == NULL)
-	    return CSstay;
-	if (Length) {
-	    memcpy(new, Line, Length);
-	    free(Line);
-	}
-	Line = new;
-	Length += len + MEM_INC;
-    }
-
-    for (q = &Line[Point], i = End - Point; --i >= 0; )
-	q[len + i] = q[i];
-    memcpy(&Line[Point], p, len);
-    End += len;
-    Line[End] = '\0';
-    TTYstring(&Line[Point]);
-    Point += len;
-
-    return Point == End ? CSstay : CSmove;
-}
-
-
-static unsigned char *
-next_hist()
-{
-    return H.Pos >= H.Size - 1 ? NULL : H.Lines[++H.Pos];
-}
-
-static unsigned char *
-prev_hist()
-{
-    return H.Pos == 0 ? NULL : H.Lines[--H.Pos];
-}
-
-static el_STATUS
-do_insert_hist(unsigned char *p)
-{
-    if (p == NULL)
-	return ring_bell();
-    Point = 0;
-    reposition();
-    ceol();
-    End = 0;
-    return insert_string(p);
-}
-
-static el_STATUS
-do_hist(unsigned char *(*move)())
-{
-    unsigned char	*p;
-    int		i;
-
-    i = 0;
-    do {
-	if ((p = (*move)()) == NULL)
-	    return ring_bell();
-    } while (++i < Repeat);
-    return do_insert_hist(p);
-}
-
-static el_STATUS
-h_next()
-{
-    return do_hist(next_hist);
-}
-
-static el_STATUS
-h_prev()
-{
-    return do_hist(prev_hist);
-}
-
-static el_STATUS
-h_first()
-{
-    return do_insert_hist(H.Lines[H.Pos = 0]);
-}
-
-static el_STATUS
-h_last()
-{
-    return do_insert_hist(H.Lines[H.Pos = H.Size - 1]);
-}
-
-/*
-**  Return zero if pat appears as a substring in text.
-*/
-static int
-substrcmp(char *text, char *pat, int len)
-{
-    unsigned char	c;
-
-    if ((c = *pat) == '\0')
-        return *text == '\0';
-    for ( ; *text; text++)
-        if (*text == c && strncmp(text, pat, len) == 0)
-            return 0;
-    return 1;
-}
-
-static unsigned char *
-search_hist(unsigned char *search, unsigned char *(*move)())
-{
-    static unsigned char	*old_search;
-    int		len;
-    int		pos;
-    int		(*match)();
-    char	*pat;
-
-    /* Save or get remembered search pattern. */
-    if (search && *search) {
-	if (old_search)
-	    free(old_search);
-	old_search = (unsigned char *)strdup((char *)search);
-    }
-    else {
-	if (old_search == NULL || *old_search == '\0')
-            return NULL;
-	search = old_search;
-    }
-
-    /* Set up pattern-finder. */
-    if (*search == '^') {
-	match = strncmp;
-	pat = (char *)(search + 1);
-    }
-    else {
-	match = substrcmp;
-	pat = (char *)search;
-    }
-    len = strlen(pat);
-
-    for (pos = H.Pos; (*move)() != NULL; )
-	if ((*match)((char *)H.Lines[H.Pos], pat, len) == 0)
-            return H.Lines[H.Pos];
-    H.Pos = pos;
-    return NULL;
-}
-
-static el_STATUS
-h_search()
-{
-    static int	Searching;
-    const char	*old_prompt;
-    unsigned char	*(*move)();
-    unsigned char	*p;
-
-    if (Searching)
-	return ring_bell();
-    Searching = 1;
-
-    clear_line();
-    old_prompt = Prompt;
-    Prompt = "Search: ";
-    TTYputs(Prompt);
-    move = Repeat == NO_ARG ? prev_hist : next_hist;
-    p = search_hist(editinput(), move);
-    clear_line();
-    Prompt = old_prompt;
-    TTYputs(Prompt);
-
-    Searching = 0;
-    return do_insert_hist(p);
-}
-
-static el_STATUS
-fd_char()
-{
-    int		i;
-
-    i = 0;
-    do {
-	if (Point >= End)
-	    break;
-	right(CSmove);
-    } while (++i < Repeat);
-    return CSstay;
-}
-
-static void
-save_yank(int begin, int i)
-{
-    if (Yanked) {
-	free(Yanked);
-	Yanked = NULL;
-    }
-
-    if (i < 1)
-	return;
-
-    if ((Yanked = malloc(sizeof(unsigned char) * (i + 1))) != NULL) {
-	memcpy(Yanked, &Line[begin], i);
-	Yanked[i+1] = '\0';
-    }
-}
-
-static el_STATUS
-delete_string(int count)
-{
-    int		i;
-    unsigned char	*p;
-
-    if (count <= 0 || End == Point)
-	return ring_bell();
-
-    if (count == 1 && Point == End - 1) {
-	/* Optimize common case of delete at end of line. */
-	End--;
-	p = &Line[Point];
-	i = 1;
-	TTYput(' ');
-	if (ISCTL(*p)) {
-	    i = 2;
-	    TTYput(' ');
-	}
-	else if (rl_meta_chars && ISMETA(*p)) {
-	    i = 3;
-	    TTYput(' ');
-	    TTYput(' ');
-	}
-	TTYbackn(i);
-	*p = '\0';
-	return CSmove;
-    }
-    if (Point + count > End && (count = End - Point) <= 0)
-	return CSstay;
-
-    if (count > 1)
-	save_yank(Point, count);
-
-    for (p = &Line[Point], i = End - (Point + count) + 1; --i >= 0; p++)
-	p[0] = p[count];
-    ceol();
-    End -= count;
-    TTYstring(&Line[Point]);
-    return CSmove;
-}
-
-static el_STATUS
-bk_char()
-{
-    int		i;
-
-    i = 0;
-    do {
-	if (Point == 0)
-	    break;
-	left(CSmove);
-    } while (++i < Repeat);
-
-    return CSstay;
-}
-
-static el_STATUS
-bk_del_char()
-{
-    int		i;
-
-    i = 0;
-    do {
-	if (Point == 0)
-	    break;
-	left(CSmove);
-    } while (++i < Repeat);
-
-    return delete_string(i);
-}
-
-static el_STATUS
-redisplay()
-{
-    TTYputs(NEWLINE);
-    TTYputs(Prompt);
-    TTYstring(Line);
-    return CSmove;
-}
-
-static el_STATUS
-kill_line()
-{
-    int		i;
-
-    if (Repeat != NO_ARG) {
-	if (Repeat < Point) {
-	    i = Point;
-	    Point = Repeat;
-	    reposition();
-	    delete_string(i - Point);
-	}
-	else if (Repeat > Point) {
-	    right(CSmove);
-	    delete_string(Repeat - Point - 1);
-	}
-	return CSmove;
-    }
-
-    save_yank(Point, End - Point);
-    Line[Point] = '\0';
-    ceol();
-    End = Point;
-    return CSstay;
-}
-
-static el_STATUS
-insert_char(int c)
-{
-    el_STATUS	s;
-    unsigned char	buff[2];
-    unsigned char	*p;
-    unsigned char	*q;
-    int		i;
-
-    if (Repeat == NO_ARG || Repeat < 2) {
-	buff[0] = c;
-	buff[1] = '\0';
-	return insert_string(buff);
-    }
-
-    if ((p = malloc(Repeat + 1)) == NULL)
-	return CSstay;
-    for (i = Repeat, q = p; --i >= 0; )
-	*q++ = c;
-    *q = '\0';
-    Repeat = 0;
-    s = insert_string(p);
-    free(p);
-    return s;
-}
-
-static el_STATUS
-meta()
-{
-    unsigned int	c;
-    KEYMAP		*kp;
-
-    if ((c = TTYget()) == EOF)
-	return CSeof;
-    /* Also include VT-100 arrows. */
-    if (c == '[' || c == 'O')
-	switch (c = TTYget()) {
-	default:	return ring_bell();
-	case EOF:	return CSeof;
-	case 'A':	return h_prev();
-	case 'B':	return h_next();
-	case 'C':	return fd_char();
-	case 'D':	return bk_char();
-	}
-
-    if (isdigit(c)) {
-	for (Repeat = c - '0'; (c = TTYget()) != EOF && isdigit(c); )
-	    Repeat = Repeat * 10 + c - '0';
-	Pushed = 1;
-	PushBack = c;
-	return CSstay;
-    }
-
-    if (isupper(c))
-	return do_macro(c);
-    for (OldPoint = Point, kp = MetaMap; kp->Function; kp++)
-	if (kp->Key == c)
-	    return (*kp->Function)();
-
-    return ring_bell();
-}
-
-static el_STATUS
-emacs(unsigned int c)
-{
-    el_STATUS		s;
-    KEYMAP		*kp;
-
-    if (ISMETA(c)) {
-	Pushed = 1;
-	PushBack = UNMETA(c);
-	return meta();
-    }
-    for (kp = Map; kp->Function; kp++)
-	if (kp->Key == c)
-	    break;
-    s = kp->Function ? (*kp->Function)() : insert_char((int)c);
-    if (!Pushed)
-	/* No pushback means no repeat count; hacky, but true. */
-	Repeat = NO_ARG;
-    return s;
-}
-
-static el_STATUS
-TTYspecial(unsigned int c)
-{
-    if (ISMETA(c))
-	return CSdispatch;
-
-    if (c == rl_erase || c == DEL)
-	return bk_del_char();
-    if (c == rl_kill) {
-	if (Point != 0) {
-	    Point = 0;
-	    reposition();
-	}
-	Repeat = NO_ARG;
-	return kill_line();
-    }
-    if (c == rl_intr || c == rl_quit) {
-	Point = End = 0;
-	Line[0] = '\0';
-	return redisplay();
-    }
-    if (c == rl_eof && Point == 0 && End == 0)
-	return CSeof;
-
-    return CSdispatch;
-}
-
-static unsigned char *
-editinput()
-{
-    unsigned int	c;
-
-    Repeat = NO_ARG;
-    OldPoint = Point = Mark = End = 0;
-    Line[0] = '\0';
-
-    while ((c = TTYget()) != EOF)
-	switch (TTYspecial(c)) {
-	case CSdone:
-	    return Line;
-	case CSeof:
-	    return NULL;
-	case CSmove:
-	    reposition();
-	    break;
-	case CSdispatch:
-	    switch (emacs(c)) {
-	    case CSdone:
-		return Line;
-	    case CSeof:
-		return NULL;
-	    case CSmove:
-		reposition();
-		break;
-	    case CSdispatch:
-	    case CSstay:
-		break;
-	    }
-	    break;
-	case CSstay:
-	    break;
-	}
-    return NULL;
-}
-
-static void
-hist_add(unsigned char *p)
-{
-    int		i;
-
-    if ((p = (unsigned char *)strdup((char *)p)) == NULL)
-	return;
-    if (H.Size < HIST_SIZE)
-	H.Lines[H.Size++] = p;
-    else {
-	free(H.Lines[0]);
-	for (i = 0; i < HIST_SIZE - 1; i++)
-	    H.Lines[i] = H.Lines[i + 1];
-	H.Lines[i] = p;
-    }
-    H.Pos = H.Size - 1;
-}
-
-/*
-**  For compatibility with FSF readline.
-*/
-/* ARGSUSED0 */
-void
-rl_reset_terminal(char *p)
-{
-}
-
-void
-rl_initialize(void)
-{
-}
-
-char *
-readline(const char* prompt)
-{
-    unsigned char	*line;
-
-    if (Line == NULL) {
-	Length = MEM_INC;
-	if ((Line = malloc(Length)) == NULL)
-	    return NULL;
-    }
-
-    TTYinfo();
-    rl_ttyset(0);
-    hist_add(NIL);
-    ScreenSize = SCREEN_INC;
-    Screen = malloc(ScreenSize);
-    Prompt = prompt ? prompt : (char *)NIL;
-    TTYputs(Prompt);
-    if ((line = editinput()) != NULL) {
-	line = (unsigned char *)strdup((char *)line);
-	TTYputs(NEWLINE);
-	TTYflush();
-    }
-    rl_ttyset(1);
-    free(Screen);
-    free(H.Lines[--H.Size]);
-    return (char *)line;
-}
-
-void
-add_history(char *p)
-{
-    if (p == NULL || *p == '\0')
-	return;
-
-#if	defined(UNIQUE_HISTORY)
-    if (H.Pos && strcmp(p, H.Lines[H.Pos - 1]) == 0)
-        return;
-#endif	/* defined(UNIQUE_HISTORY) */
-    hist_add((unsigned char *)p);
-}
-
-
-static el_STATUS
-beg_line()
-{
-    if (Point) {
-	Point = 0;
-	return CSmove;
-    }
-    return CSstay;
-}
-
-static el_STATUS
-del_char()
-{
-    return delete_string(Repeat == NO_ARG ? 1 : Repeat);
-}
-
-static el_STATUS
-end_line()
-{
-    if (Point != End) {
-	Point = End;
-	return CSmove;
-    }
-    return CSstay;
-}
-
-/*
-**  Move back to the beginning of the current word and return an
-**  allocated copy of it.
-*/
-static unsigned char *
-find_word()
-{
-    static char	SEPS[] = "#;&|^$=`'{}()<>\n\t ";
-    unsigned char	*p;
-    unsigned char	*new;
-    size_t	len;
-
-    for (p = &Line[Point]; p > Line && strchr(SEPS, (char)p[-1]) == NULL; p--)
-	continue;
-    len = Point - (p - Line) + 1;
-    if ((new = malloc(len)) == NULL)
-	return NULL;
-    memcpy(new, p, len);
-    new[len - 1] = '\0';
-    return new;
-}
-
-static el_STATUS
-c_complete()
-{
-    unsigned char	*p;
-    unsigned char	*word;
-    int		unique;
-    el_STATUS	s;
-
-    word = find_word();
-    p = (unsigned char *)rl_complete((char *)word, &unique);
-    if (word)
-	free(word);
-    if (p && *p) {
-	s = insert_string(p);
-	if (!unique)
-	    ring_bell();
-	free(p);
-	return s;
-    }
-    return ring_bell();
-}
-
-static el_STATUS
-c_possible()
-{
-    unsigned char	**av;
-    unsigned char	*word;
-    int		ac;
-
-    word = find_word();
-    ac = rl_list_possib((char *)word, (char ***)&av);
-    if (word)
-	free(word);
-    if (ac) {
-	columns(ac, av);
-	while (--ac >= 0)
-	    free(av[ac]);
-	free(av);
-	return CSmove;
-    }
-    return ring_bell();
-}
-
-static el_STATUS
-accept_line()
-{
-    Line[End] = '\0';
-    return CSdone;
-}
-
-static el_STATUS
-transpose()
-{
-    unsigned char	c;
-
-    if (Point) {
-	if (Point == End)
-	    left(CSmove);
-	c = Line[Point - 1];
-	left(CSstay);
-	Line[Point - 1] = Line[Point];
-	TTYshow(Line[Point - 1]);
-	Line[Point++] = c;
-	TTYshow(c);
-    }
-    return CSstay;
-}
-
-static el_STATUS
-quote()
-{
-    unsigned int	c;
-
-    return (c = TTYget()) == EOF ? CSeof : insert_char((int)c);
-}
-
-static el_STATUS
-wipe()
-{
-    int		i;
-
-    if (Mark > End)
-	return ring_bell();
-
-    if (Point > Mark) {
-	i = Point;
-	Point = Mark;
-	Mark = i;
-	reposition();
-    }
-
-    return delete_string(Mark - Point);
-}
-
-static el_STATUS
-mk_set()
-{
-    Mark = Point;
-    return CSstay;
-}
-
-static el_STATUS
-exchange()
-{
-    unsigned int	c;
-
-    if ((c = TTYget()) != CTL('X'))
-	return c == EOF ? CSeof : ring_bell();
-
-    if ((c = Mark) <= End) {
-	Mark = Point;
-	Point = c;
-	return CSmove;
-    }
-    return CSstay;
-}
-
-static el_STATUS
-yank()
-{
-    if (Yanked && *Yanked)
-	return insert_string(Yanked);
-    return CSstay;
-}
-
-static el_STATUS
-copy_region()
-{
-    if (Mark > End)
-	return ring_bell();
-
-    if (Point > Mark)
-	save_yank(Mark, Point - Mark);
-    else
-	save_yank(Point, Mark - Point);
-
-    return CSstay;
-}
-
-static el_STATUS
-move_to_char()
-{
-    unsigned int	c;
-    int			i;
-    unsigned char		*p;
-
-    if ((c = TTYget()) == EOF)
-	return CSeof;
-    for (i = Point + 1, p = &Line[i]; i < End; i++, p++)
-	if (*p == c) {
-	    Point = i;
-	    return CSmove;
-	}
-    return CSstay;
-}
-
-static el_STATUS
-fd_word()
-{
-    return do_forward(CSmove);
-}
-
-static el_STATUS
-fd_kill_word()
-{
-    int		i;
-
-    do_forward(CSstay);
-    if (OldPoint != Point) {
-	i = Point - OldPoint;
-	Point = OldPoint;
-	return delete_string(i);
-    }
-    return CSstay;
-}
-
-static el_STATUS
-bk_word()
-{
-    int		i;
-    unsigned char	*p;
-
-    i = 0;
-    do {
-	for (p = &Line[Point]; p > Line && !isalnum(p[-1]); p--)
-	    left(CSmove);
-
-	for (; p > Line && p[-1] != ' ' && isalnum(p[-1]); p--)
-	    left(CSmove);
-
-	if (Point == 0)
-	    break;
-    } while (++i < Repeat);
-
-    return CSstay;
-}
-
-static el_STATUS
-bk_kill_word()
-{
-    bk_word();
-    if (OldPoint != Point)
-	return delete_string(OldPoint - Point);
-    return CSstay;
-}
-
-static int
-argify(unsigned char *line, unsigned char ***avp)
-{
-    unsigned char	*c;
-    unsigned char	**p;
-    unsigned char	**new;
-    int		ac;
-    int		i;
-
-    i = MEM_INC;
-    if ((*avp = p = malloc(sizeof(unsigned char*) * i))== NULL)
-	 return 0;
-
-    for (c = line; isspace(*c); c++)
-	continue;
-    if (*c == '\n' || *c == '\0')
-	return 0;
-
-    for (ac = 0, p[ac++] = c; *c && *c != '\n'; ) {
-	if (isspace(*c)) {
-	    *c++ = '\0';
-	    if (*c && *c != '\n') {
-		if (ac + 1 == i) {
-		    new = malloc(sizeof(unsigned char*) * (i + MEM_INC));
-		    if (new == NULL) {
-			p[ac] = NULL;
-			return ac;
-		    }
-		    memcpy(new, p, i * sizeof (char **));
-		    i += MEM_INC;
-		    free(p);
-		    *avp = p = new;
-		}
-		p[ac++] = c;
-	    }
-	}
-	else
-	    c++;
-    }
-    *c = '\0';
-    p[ac] = NULL;
-    return ac;
-}
-
-static el_STATUS
-last_argument()
-{
-    unsigned char	**av;
-    unsigned char	*p;
-    el_STATUS	s;
-    int		ac;
-
-    if (H.Size == 1 || (p = H.Lines[H.Size - 2]) == NULL)
-	return ring_bell();
-
-    if ((p = (unsigned char *)strdup((char *)p)) == NULL)
-	return CSstay;
-    ac = argify(p, &av);
-
-    if (Repeat != NO_ARG)
-	s = Repeat < ac ? insert_string(av[Repeat]) : ring_bell();
-    else
-	s = ac ? insert_string(av[ac - 1]) : CSstay;
-
-    if (ac)
-	free(av);
-    free(p);
-    return s;
-}
-
-static KEYMAP	Map[33] = {
-    {	CTL('@'),	ring_bell	},
-    {	CTL('A'),	beg_line	},
-    {	CTL('B'),	bk_char		},
-    {	CTL('D'),	del_char	},
-    {	CTL('E'),	end_line	},
-    {	CTL('F'),	fd_char		},
-    {	CTL('G'),	ring_bell	},
-    {	CTL('H'),	bk_del_char	},
-    {	CTL('I'),	c_complete	},
-    {	CTL('J'),	accept_line	},
-    {	CTL('K'),	kill_line	},
-    {	CTL('L'),	redisplay	},
-    {	CTL('M'),	accept_line	},
-    {	CTL('N'),	h_next		},
-    {	CTL('O'),	ring_bell	},
-    {	CTL('P'),	h_prev		},
-    {	CTL('Q'),	ring_bell	},
-    {	CTL('R'),	h_search	},
-    {	CTL('S'),	ring_bell	},
-    {	CTL('T'),	transpose	},
-    {	CTL('U'),	ring_bell	},
-    {	CTL('V'),	quote		},
-    {	CTL('W'),	wipe		},
-    {	CTL('X'),	exchange	},
-    {	CTL('Y'),	yank		},
-    {	CTL('Z'),	ring_bell	},
-    {	CTL('['),	meta		},
-    {	CTL(']'),	move_to_char	},
-    {	CTL('^'),	ring_bell	},
-    {	CTL('_'),	ring_bell	},
-    {	0,		NULL		}
-};
-
-static KEYMAP	MetaMap[16]= {
-    {	CTL('H'),	bk_kill_word	},
-    {	DEL,		bk_kill_word	},
-    {	' ',		mk_set	},
-    {	'.',		last_argument	},
-    {	'<',		h_first		},
-    {	'>',		h_last		},
-    {	'?',		c_possible	},
-    {	'b',		bk_word		},
-    {	'd',		fd_kill_word	},
-    {	'f',		fd_word		},
-    {	'l',		case_down_word	},
-    {	'u',		case_up_word	},
-    {	'y',		yank		},
-    {	'w',		copy_region	},
-    {	0,		NULL		}
-};
diff --git a/crypto/heimdal/lib/editline/editline.cat3 b/crypto/heimdal/lib/editline/editline.cat3
deleted file mode 100644
index 93f02f7887e4..000000000000
--- a/crypto/heimdal/lib/editline/editline.cat3
+++ /dev/null
@@ -1,141 +0,0 @@
-EDITLINE(3)                                           EDITLINE(3)
-
-
-
-NNAAMMEE
-       editline - command-line editing library with history
-
-SSYYNNOOPPSSIISS
-       cchhaarr **
-       rreeaaddlliinnee((pprroommpptt))
-            cchhaarr **pprroommpptt;;
-
-       vvooiidd
-       aadddd__hhiissttoorryy((lliinnee))
-           cchhaarr  **lliinnee;;
-
-DDEESSCCRRIIPPTTIIOONN
-       _E_d_i_t_l_i_n_e is a library that provides an line-editing inter-
-       face with text recall.  It is intended  to  be  compatible
-       with  the  _r_e_a_d_l_i_n_e  library provided by the Free Software
-       Foundation, but much smaller.  The  bulk  of  this  manual
-       page describes the user interface.
-
-       The  _r_e_a_d_l_i_n_e  routine  returns  a  line  of text with the
-       trailing newline removed.   The  data  is  returned  in  a
-       buffer  allocated  with  _m_a_l_l_o_c(3), so the space should be
-       released with _f_r_e_e(3) when the  calling  program  is  done
-       with it.  Before accepting input from the user, the speci-
-       fied _p_r_o_m_p_t is displayed on the terminal.
-
-       The _a_d_d___h_i_s_t_o_r_y routine makes a copy of the specified _l_i_n_e
-       and adds it to the internal history list.
-
-   UUsseerr IInntteerrffaaccee
-       A  program that uses this library provides a simple emacs-
-       like editing interface to its users.  A line may be edited
-       before  it is sent to the calling program by typing either
-       control characters or escape sequences.  A control charac-
-       ter,  shown  as  a caret followed by a letter, is typed by
-       holding down the  ``control''  key  while  the  letter  is
-       typed.   For  example,  ``^A''  is a control-A.  An escape
-       sequence is entered by typing the ``escape'' key  followed
-       by  one or more characters.  The escape key is abbreviated
-       as ``ESC.''  Note that unlike control keys,  case  matters
-       in   escape  sequences;  ``ESC F''  is  not  the  same  as
-       ``ESC f''.
-
-       An editing command may be typed anywhere on the line,  not
-       just  at the beginning.  In addition, a return may also be
-       typed anywhere on the line, not just at the end.
-
-       Most editing commands may be  given  a  repeat  count,  _n,
-       where  _n  is  a number.  To enter a repeat count, type the
-       escape key, the number, and then the command  to  execute.
-       For  example,  ``ESC 4 ^f'' moves forward four characters.
-       If a command may be given a repeat  count  then  the  text
-       ``[n]'' is given at the end of its description.
-
-       The following control characters are accepted:
-              ^A       Move to the beginning of the line
-              ^B       Move left (backwards) [n]
-              ^D       Delete character [n]
-              ^E       Move to end of line
-              ^F       Move right (forwards) [n]
-              ^G       Ring the bell
-              ^H       Delete character before cursor (backspace key) [n]
-              ^I       Complete filename (tab key); see below
-              ^J       Done with line (return key)
-              ^K       Kill to end of line (or column [n])
-              ^L       Redisplay line
-              ^M       Done with line (alternate return key)
-              ^N       Get next line from history [n]
-              ^P       Get previous line from history [n]
-              ^R       Search backward (forward if [n]) through history for text;
-                       must start line if text begins with an uparrow
-              ^T       Transpose characters
-              ^V       Insert next character, even if it is an edit command
-              ^W       Wipe to the mark
-              ^X^X     Exchange current location and mark
-              ^Y       Yank back last killed text
-              ^[       Start an escape sequence (escape key)
-              ^]c      Move forward to next character ``c''
-              ^?       Delete character before cursor (delete key) [n]
-
-       The following escape sequences are provided.
-              ESC ^H   Delete previous word (backspace key) [n]
-              ESC DEL  Delete previous word (delete key) [n]
-              ESC SP   Set the mark (space key); see ^X^X and ^Y above
-              ESC .    Get the last (or [n]'th) word from previous line
-              ESC ?    Show possible completions; see below
-              ESC <    Move to start of history
-              ESC >    Move to end of history
-              ESC b    Move backward a word [n]
-              ESC d    Delete word under cursor [n]
-              ESC f    Move forward a word [n]
-              ESC l    Make word lowercase [n]
-              ESC u    Make word uppercase [n]
-              ESC y    Yank back last killed text
-              ESC v    Show library version
-              ESC w    Make area up to mark yankable
-              ESC nn   Set repeat count to the number nn
-              ESC C    Read from environment variable ``_C_'', where C is
-                       an uppercase letter
-
-       The  _e_d_i_t_l_i_n_e  library has a small macro facility.  If you
-       type the escape key followed by an  uppercase  letter,  _C,
-       then the contents of the environment variable ___C__ are read
-       in as if you had typed them at the keyboard.  For example,
-       if the variable ___L__ contains the following:
-              ^A^Kecho '^V^[[H^V^[[2J'^M
-       Then  typing  ``ESC  L'' will move to the beginning of the
-       line, kill the entire line, enter the echo command  needed
-       to clear the terminal (if your terminal is like a VT-100),
-       and send the line back to the shell.
-
-       The _e_d_i_t_l_i_n_e library also does filename completion.   Sup-
-       pose the root directory has the following files in it:
-              bin    vmunix
-              core   vmunix.old
-       If you type ``rm /v'' and then the tab key.  _E_d_i_t_l_i_n_e will
-       then finish off as much of the name as possible by  adding
-       ``munix''.   Because  the name is not unique, it will then
-       beep.  If you type the escape key and a question mark,  it
-       will  display  the two choices.  If you then type a period
-       and a tab, the library will finish off  the  filename  for
-       you:
-              rm /v[TAB]_m_u_n_i_x.TAB_o_l_d
-       The  tab  key is shown by ``[TAB]'' and the automatically-
-       entered text is shown in italics.
-
-BBUUGGSS AANNDD LLIIMMIITTAATTIIOONNSS
-       Cannot handle lines more than 80 columns.
-
-AAUUTTHHOORRSS
-       Simmule R. Turner  <uunet.uu.net!capitol!sysgo!simmy>  and
-       Rich  $alz <rsalz@osf.org>.  Original manual page by DaviD
-       W. Sanderson <dws@ssec.wisc.edu>.
-
-
-
-                                                      EDITLINE(3)
diff --git a/crypto/heimdal/lib/editline/editline.h b/crypto/heimdal/lib/editline/editline.h
deleted file mode 100644
index a948ddc5c5dc..000000000000
--- a/crypto/heimdal/lib/editline/editline.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*  $Revision: 1.4 $
-**
-**  Internal header file for editline library.
-*/
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define CRLF		"\r\n"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-typedef struct dirent	DIRENTRY;
-#else
-#include <sys/dir.h>
-typedef struct direct	DIRENTRY;
-#endif
-
-#include <roken.h>
-
-#if	!defined(S_ISDIR)
-#define S_ISDIR(m)		(((m) & S_IFMT) == S_IFDIR)
-#endif	/* !defined(S_ISDIR) */
-
-typedef unsigned char	CHAR;
-
-#define MEM_INC		64
-#define SCREEN_INC	256
-
-/*
-**  Variables and routines internal to this package.
-*/
-extern int	rl_eof;
-extern int	rl_erase;
-extern int	rl_intr;
-extern int	rl_kill;
-extern int	rl_quit;
-
-typedef char* (*rl_complete_func_t)(char*, int*);
-
-typedef int (*rl_list_possib_func_t)(char*, char***);
-
-void	add_history (char*);
-char*	readline (const char* prompt);
-void	rl_add_slash (char*, char*);
-char*	rl_complete (char*, int*);
-void	rl_initialize (void);
-int	rl_list_possib (char*, char***);
-void	rl_reset_terminal (char*);
-void	rl_ttyset (int);
-rl_complete_func_t	rl_set_complete_func (rl_complete_func_t);
-rl_list_possib_func_t	rl_set_list_possib_func (rl_list_possib_func_t);
- 
diff --git a/crypto/heimdal/lib/editline/roken_rename.h b/crypto/heimdal/lib/editline/roken_rename.h
deleted file mode 100644
index 9ea278d22f2e..000000000000
--- a/crypto/heimdal/lib/editline/roken_rename.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h,v 1.4 1999/12/02 16:58:39 joda Exp $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_STRDUP
-#define strdup _editline_strdup
-#endif
-#ifndef HAVE_SNPRINTF
-#define snprintf _editline_snprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _editline_vsnprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _editline_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _editline_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _editline_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _editline_vasnprintf
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/editline/sysunix.c b/crypto/heimdal/lib/editline/sysunix.c
deleted file mode 100644
index bcd6def6ca03..000000000000
--- a/crypto/heimdal/lib/editline/sysunix.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*  Copyright 1992 Simmule Turner and Rich Salz.  All rights reserved. 
- *
- *  This software is not subject to any license of the American Telephone 
- *  and Telegraph Company or of the Regents of the University of California. 
- *
- *  Permission is granted to anyone to use this software for any purpose on
- *  any computer system, and to alter it and redistribute it freely, subject
- *  to the following restrictions:
- *  1. The authors are not responsible for the consequences of use of this
- *     software, no matter how awful, even if they arise from flaws in it.
- *  2. The origin of this software must not be misrepresented, either by
- *     explicit claim or by omission.  Since few users ever read sources,
- *     credits must appear in the documentation.
- *  3. Altered versions must be plainly marked as such, and must not be
- *     misrepresented as being the original software.  Since few users
- *     ever read sources, credits must appear in the documentation.
- *  4. This notice may not be removed or altered.
- */
-
-/*
-**  Unix system-dependant routines for editline library.
-*/
-#include <config.h>
-#include "editline.h"
-
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#else
-#include <sgtty.h>
-#endif
-
-RCSID("$Id: sysunix.c,v 1.4 1999/04/08 13:08:24 joda Exp $");
-
-#ifdef HAVE_TERMIOS_H
-
-void
-rl_ttyset(int Reset)
-{
-    static struct termios	old;
-    struct termios		new;
-    
-    if (Reset == 0) {
-	tcgetattr(0, &old);
-	rl_erase = old.c_cc[VERASE];
-	rl_kill = old.c_cc[VKILL];
-	rl_eof = old.c_cc[VEOF];
-	rl_intr = old.c_cc[VINTR];
-	rl_quit = old.c_cc[VQUIT];
-
-	new = old;
-	new.c_cc[VINTR] = -1;
-	new.c_cc[VQUIT] = -1;
-	new.c_lflag &= ~(ECHO | ICANON);
-	new.c_iflag &= ~(ISTRIP | INPCK);
-	new.c_cc[VMIN] = 1;
-	new.c_cc[VTIME] = 0;
-	tcsetattr(0, TCSANOW, &new);
-    }
-    else
-	tcsetattr(0, TCSANOW, &old);
-}
-
-#else /* !HAVE_TERMIOS_H */
-
-void
-rl_ttyset(int Reset)
-{
-       static struct sgttyb old;
-       struct sgttyb new;
-
-       if (Reset == 0) {
-               ioctl(0, TIOCGETP, &old);
-               rl_erase = old.sg_erase;
-               rl_kill = old.sg_kill;
-               new = old;
-               new.sg_flags &= ~(ECHO | ICANON);
-               new.sg_flags &= ~(ISTRIP | INPCK);
-               ioctl(0, TIOCSETP, &new);
-       } else {
-               ioctl(0, TIOCSETP, &old);
-       }
-}
-#endif /* HAVE_TERMIOS_H */
-
-void
-rl_add_slash(char *path, char *p)
-{
-    struct stat	Sb;
-    
-    if (stat(path, &Sb) >= 0)
-	strcat(p, S_ISDIR(Sb.st_mode) ? "/" : " ");
-}
diff --git a/crypto/heimdal/lib/editline/testit.c b/crypto/heimdal/lib/editline/testit.c
deleted file mode 100644
index c8ab847a7b07..000000000000
--- a/crypto/heimdal/lib/editline/testit.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*  $Revision: 1.3 $
-**
-**  A "micro-shell" to test editline library.
-**  If given any arguments, commands aren't executed.
-*/
-#if defined(HAVE_CONFIG_H)
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#include <getarg.h>
-
-#include "editline.h"
-
-static int n_flag	= 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"dry-run", 'n',	arg_flag,	&n_flag,
-     "do not run commands", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    char	*p;
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    while ((p = readline("testit> ")) != NULL) {
-	(void)printf("\t\t\t|%s|\n", p);
-	if (!n_flag) {
-	    if (strncmp(p, "cd ", 3) == 0) {
-		if (chdir(&p[3]) < 0)
-		    perror(&p[3]);
-	    } else if (system(p) != 0) {
-		perror(p);
-	    }
-	}
-	add_history(p);
-	free(p);
-    }
-    exit(0);
-    /* NOTREACHED */
-}
diff --git a/crypto/heimdal/lib/editline/unix.h b/crypto/heimdal/lib/editline/unix.h
deleted file mode 100644
index fe6beedcec2b..000000000000
--- a/crypto/heimdal/lib/editline/unix.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*  $Revision: 1.1 $
-**
-**  Editline system header file for Unix.
-*/
-
-#define CRLF		"\r\n"
-#define FORWARD		STATIC
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#if	defined(USE_DIRENT)
-#include <dirent.h>
-typedef struct dirent	DIRENTRY;
-#else
-#include <sys/dir.h>
-typedef struct direct	DIRENTRY;
-#endif	/* defined(USE_DIRENT) */
-
-#if	!defined(S_ISDIR)
-#define S_ISDIR(m)		(((m) & S_IFMT) == S_IFDIR)
-#endif	/* !defined(S_ISDIR) */
diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c
deleted file mode 100644
index 677a25ace7e1..000000000000
--- a/crypto/heimdal/lib/gssapi/8003.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: 8003.c,v 1.12 2002/10/31 14:38:49 joda Exp $");
-
-static krb5_error_code
-encode_om_uint32(OM_uint32 n, u_char *p)
-{
-  p[0] = (n >> 0)  & 0xFF;
-  p[1] = (n >> 8)  & 0xFF;
-  p[2] = (n >> 16) & 0xFF;
-  p[3] = (n >> 24) & 0xFF;
-  return 0;
-}
-
-static krb5_error_code
-decode_om_uint32(u_char *p, OM_uint32 *n)
-{
-    *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
-    return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
-			  u_char *p)
-{
-  u_char num[4];
-  MD5_CTX md5;
-
-  MD5_Init(&md5);
-  encode_om_uint32 (b->initiator_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  encode_om_uint32 (b->initiator_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->initiator_address.length)
-    MD5_Update (&md5,
-		b->initiator_address.value,
-		b->initiator_address.length);
-  encode_om_uint32 (b->acceptor_addrtype, num);
-  MD5_Update (&md5, num, sizeof(num));
-  encode_om_uint32 (b->acceptor_address.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->acceptor_address.length)
-    MD5_Update (&md5,
-		b->acceptor_address.value,
-		b->acceptor_address.length);
-  encode_om_uint32 (b->application_data.length, num);
-  MD5_Update (&md5, num, sizeof(num));
-  if (b->application_data.length)
-    MD5_Update (&md5,
-		b->application_data.value,
-		b->application_data.length);
-  MD5_Final (p, &md5);
-  return 0;
-}
-
-/*
- * create a checksum over the chanel bindings in
- * `input_chan_bindings', `flags' and `fwd_data' and return it in
- * `result'
- */
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-		      const krb5_data *fwd_data,
-		      Checksum *result)
-{
-    u_char *p;
-
-    /* 
-     * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value 
-     * field's format) */
-    result->cksumtype = 0x8003;
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
-	result->checksum.length = 24 + 4 + fwd_data->length;
-    else 
-	result->checksum.length = 24;
-    result->checksum.data   = malloc (result->checksum.length);
-    if (result->checksum.data == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-  
-    p = result->checksum.data;
-    encode_om_uint32 (16, p);
-    p += 4;
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
-	memset (p, 0, 16);
-    } else {
-	hash_input_chan_bindings (input_chan_bindings, p);
-    }
-    p += 16;
-    encode_om_uint32 (flags, p);
-    p += 4;
-
-    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-#if 0
-	u_char *tmp;
-
-	result->checksum.length = 28 + fwd_data->length;
-	tmp = realloc(result->checksum.data, result->checksum.length);
-	if (tmp == NULL)
-	    return ENOMEM;
-	result->checksum.data = tmp;
-
-	p = (u_char*)result->checksum.data + 24;  
-#endif
-	*p++ = (1 >> 0) & 0xFF;                   /* DlgOpt */ /* == 1 */
-	*p++ = (1 >> 8) & 0xFF;                   /* DlgOpt */ /* == 0 */
-	*p++ = (fwd_data->length >> 0) & 0xFF;    /* Dlgth  */
-	*p++ = (fwd_data->length >> 8) & 0xFF;    /* Dlgth  */
-	memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
-
-	p += fwd_data->length;
-    }
-     
-    return GSS_S_COMPLETE;
-}
-
-/*
- * verify the checksum in `cksum' over `input_chan_bindings'
- * returning  `flags' and `fwd_data'
- */
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum(
-		      OM_uint32 *minor_status,    
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-		      krb5_data *fwd_data)
-{
-    unsigned char hash[16];
-    unsigned char *p;
-    OM_uint32 length;
-    int DlgOpt;
-    static unsigned char zeros[16];
-
-    /* XXX should handle checksums > 24 bytes */
-    if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p = cksum->checksum.data;
-    decode_om_uint32(p, &length);
-    if(length != sizeof(hash)) {
-	*minor_status = 0;
-	return GSS_S_BAD_BINDINGS;
-    }
-    
-    p += 4;
-    
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
-	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	if(memcmp(hash, p, sizeof(hash)) != 0) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    }
-    
-    p += sizeof(hash);
-    
-    decode_om_uint32(p, flags);
-    p += 4;
-
-    if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
-	if(cksum->checksum.length < 28) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-    
-	DlgOpt = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if (DlgOpt != 1) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-
-	fwd_data->length = (p[0] << 0) | (p[1] << 8);
-	p += 2;
-	if(cksum->checksum.length < 28 + fwd_data->length) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_BINDINGS;
-	}
-	fwd_data->data = malloc(fwd_data->length);
-	if (fwd_data->data == NULL) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	memcpy(fwd_data->data, p, fwd_data->length);
-    }
-    
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog
deleted file mode 100644
index d08f72b5f4f5..000000000000
--- a/crypto/heimdal/lib/gssapi/ChangeLog
+++ /dev/null
@@ -1,619 +0,0 @@
-2003-05-07  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.h: 1.27->1.28:
-	if __cplusplus, wrap the extern variable (just to be safe) and
-	functions in extern "C" { }
-
-2003-04-30  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: more about the des3 mic mess
-	
-	* verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the
-	mic is the correct mic or the mic that old heimdal would have
-	generated
-	
-2003-04-29  Jacques Vidrine  <nectar@kth.se>
-
-	* verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification
-	fails, retry using the `old' MIC computation (with zero IV).
-	
-2003-04-28  Love H�rnquist �strand  <lha@it.su.se>
-
-	* compat.c (_gss_DES3_get_mic_compat): default to use compat
-	
-	* gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and
-	[gssapi]broken_des3_mic
-
-	* compat.c: 1.2->1.4:
-	(gss_krb5_compat_des3_mci): return a value
-	(gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat
-	(_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
-
-	* gssapi.h: 1.26->1.27:
-	(gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat
-	(GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
-	gss_krb5_compat_des3_mic exists
-	
-2003-04-23  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use
-	libgssapi.la not ./libgssapi.la (makes make -jN work)
-	
-2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: spelling
-	
-	* gss_acquire_cred.3: Change .Fd #include <header.h> to .In
-	header.h, from Thomas Klausner <wiz@netbsd.org>
-
-	
-2003-04-06  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: spelling
-	
-	* Makefile.am: remove stuff that sneaked in with last commit
-	
-	* acquire_cred.c (acquire_initiator_cred): if the requested name
-	isn't in the ccache, also check keytab.  Extact the krbtgt for the
-	default realm to check how long the credentials will last.
-	
-	* add_cred.c (gss_add_cred): don't create a new ccache, just open
-	the old one; better check if output handle is compatible with new
-	(copied) handle
-
-	* test_acquire_cred.c: test gss_add_cred too
-	
-2003-04-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* Makefile.am: build test_acquire_cred
-	
-	* test_acquire_cred.c: simple gss_acquire_cred test
-	
-2003-04-02  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: s/gssapi/GSS-API/
-	
-2003-03-19  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: document v1 interface (and that they are
-	obsolete)
-
-2003-03-18  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_acquire_cred.3: list supported mechanism and nametypes
-	
-2003-03-16  Love H�rnquist �strand  <lha@it.su.se>
-	
-	* gss_acquire_cred.3: text about gss_display_name
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
-	(libgssapi_la_SOURCES): add all new functions
-
-	* gssapi.3: now that we have a functions, uncomment the missing
-	ones
-
-	* gss_acquire_cred.3: now that we have a functions, uncomment the
-	missing ones
-
-	* process_context_token.c: implement gss_process_context_token
-	
-	* inquire_names_for_mech.c: implement gss_inquire_names_for_mech
-	
-	* inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
-	
-	* inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
-	
-	* add_cred.c: implement gss_add_cred
-	
-	* acquire_cred.c (gss_acquire_cred): more testing of input
-	argument, make sure output arguments are ok, since we don't know
-	the time_rec (for now), set it to time_req
-	
-	* export_sec_context.c: send lifetime, also set minor_status
-	
-	* get_mic.c: set minor_status
-	
-	* import_sec_context.c (gss_import_sec_context): add error
-	checking, pick up lifetime (if there is no lifetime, use
-	GSS_C_INDEFINITE)
-
-	* init_sec_context.c: take care to set export value to something
-	sane before we start so caller will have harmless values in them
-	if then function fails
-
-	* release_buffer.c (gss_release_buffer): set minor_status
-	
-	* wrap.c: make sure minor_status get set
-	
-	* verify_mic.c (gss_verify_mic_internal): rename verify_mic to
-	gss_verify_mic_internal and let it take the type as an argument,
-	(gss_verify_mic): call gss_verify_mic_internal
-	set minor_status
-	
-	* unwrap.c: set minor_status
-	
-	* test_oid_set_member.c (gss_test_oid_set_member): use
-	gss_oid_equal
-
-	* release_oid_set.c (gss_release_oid_set): set minor_status
-	
-	* release_name.c (gss_release_name): set minor_status
-	
-	* release_cred.c (gss_release_cred): set minor_status
-	
-	* add_oid_set_member.c (gss_add_oid_set_member): set minor_status
-	
-	* compare_name.c (gss_compare_name): set minor_status
-	
-	* compat.c (check_compat): make sure ret have a defined value
-	
-	* context_time.c (gss_context_time): set minor_status
-	
-	* copy_ccache.c (gss_krb5_copy_ccache): set minor_status
-	
-	* create_emtpy_oid_set.c (gss_create_empty_oid_set): set
-	minor_status
-
-	* delete_sec_context.c (gss_delete_sec_context): set minor_status
-	
-	* display_name.c (gss_display_name): set minor_status
-	
-	* display_status.c (gss_display_status): use gss_oid_equal, handle
-	supplementary errors
-
-	* duplicate_name.c (gss_duplicate_name): set minor_status
-	
-	* inquire_context.c (gss_inquire_context): set lifetime_rec now
-	when we know it, set minor_status
-
-	* inquire_cred.c (gss_inquire_cred): take care to set export value
-	to something sane before we start so caller will have harmless
-	values in them if the function fails
-	
-	* accept_sec_context.c (gss_accept_sec_context): take care to set
-	export value to something sane before we start so caller will have
-	harmless values in them if then function fails, set lifetime from
-	ticket expiration date
-
-	* indicate_mechs.c (gss_indicate_mechs): use
-	gss_create_empty_oid_set and gss_add_oid_set_member
-
-	* gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
-	since there is no ticket transfered in the exported context
-	
-	* export_name.c (gss_export_name): export name with
-	GSS_C_NT_EXPORT_NAME wrapping, not just the principal
-	
-	* import_name.c (import_export_name): new function, parses a
-	GSS_C_NT_EXPORT_NAME
-	(import_krb5_name): factor out common code of parsing krb5 name
-	(gss_oid_equal): rename from oid_equal
-
-	* gssapi_locl.h: add prototypes for gss_oid_equal and
-	gss_verify_mic_internal
-
-	* gssapi.h: comment out the argument names
-	
-2003-03-15  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gssapi.3: add LIST OF FUNCTIONS and copyright/license
-
-	* Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
-	
-	* Makefile.am: man_MANS += gss_aquire_cred.3
-	
-2003-03-14  Love H�rnquist �strand  <lha@it.su.se>
-
-	* gss_aquire_cred.3: the gssapi api manpage
-	
-2003-03-03  Love H�rnquist �strand  <lha@it.su.se>
-
-	* inquire_context.c: (gss_inquire_context): rename argument open
-	to open_context
-
-	* gssapi.h (gss_inquire_context): rename argument open to open_context
-
-2003-02-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* init_sec_context.c (do_delegation): remove unused variable
-	subkey
-
-	* gssapi.3: all 0.5.x version had broken token delegation
-	
-2003-02-21  Love H�rnquist �strand  <lha@it.su.se>
-
-	* (init_auth): only generate one subkey
-
-2003-01-27  Love H�rnquist �strand  <lha@it.su.se>
-
-	* verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
-	to rfc (and mit kerberos), provide backward compat hook
-	
-	* get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
-	mit kerberos), provide backward compat hook
-	
-	* init_sec_context.c (init_auth): check if we need compat for
-	older get_mic/verify_mic
-
-	* gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
-	
-	* gssapi.h (more_flags): add COMPAT_OLD_DES3
-	
-	* Makefile.am: add gssapi.3 and compat.c
-	
-	* gssapi.3: add gssapi COMPATIBILITY documentation
-	
-	* accept_sec_context.c (gss_accept_sec_context): check if we need
-	compat for older get_mic/verify_mic
-
-	* compat.c: check for compatiblity with other heimdal's 3des
-	get_mic/verify_mic
-
-2002-10-31  Johan Danielsson  <joda@pdc.kth.se>
-
-	* check return value from gssapi_krb5_init
-	
-	* 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
-
-2002-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
-
-	* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
-
-2002-09-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_sec_context.c: we need to generate a local subkey here
-
-2002-08-20  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
-	  credential resolution if gss_acquire_cred is called with
-	  GSS_C_NO_NAME.
-
-2002-06-20  Jacques Vidrine <n@nectar.com>
-
-	* import_name.c: Compare name types by value if pointers do
-	  not match.  Reported by: "Douglas E. Engert" <deengert@anl.gov>
-
-2002-05-20  Jacques Vidrine <n@nectar.com>
-
-	* verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
-	  the qop_state parameter.  from Doug Rabson <dfr@nlsystems.com>
-
-2002-05-09  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
-
-2002-05-08  Jacques Vidrine <n@nectar.com>
-
-	* acquire_cred.c: initialize gssapi; handle null desired_name
-
-2002-03-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: remove non-functional stuff accidentally committed
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
-	* 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
-	bindings
-
-2001-10-31  Jacques Vidrine <n@nectar.com>
-
-	* get_mic.c (mic_des3): MIC computation using DES3/SHA1
-	was bogusly appending the message buffer to the result,
-	overwriting a heap buffer in the process.
-
-2001-08-29  Assar Westerlund  <assar@sics.se>
-
-	* 8003.c (gssapi_krb5_verify_8003_checksum,
-	gssapi_krb5_create_8003_checksum): make more consistent by always
-	returning an gssapi error and setting minor status.  update
-	callers
-
-2001-08-28  Jacques Vidrine  <n@nectar.com>
-
-	* accept_sec_context.c: Create a cache for delegated credentials
-	  when needed.
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
-
-2001-08-23  Assar Westerlund  <assar@sics.se>
-
-	*  *.c: handle minor_status more consistently
-
-	* display_status.c (gss_display_status): handle krb5_get_err_text
-	failing
-
-2001-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* gssapi_locl.h: fix prototype for gssapi_krb5_init
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c (gsskrb5_register_acceptor_identity): init
-	context and check return value from kt_resolve
-
-	* init.c: return error code
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LIBADD): add required library
-	dependencies
-
-2001-07-06  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gsskrb5_register_acceptor_identity): set
-	the keytab to be used for gss_acquire_cred too'
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
-
-2001-06-18  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
-	and gss_krb5_get_remotekey
-	* verify_mic.c: update krb5_auth_con function names use
-	gss_krb5_get_remotekey
-	* unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
-	and gss_krb5_get_remotekey
-	* gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
-	add prototypes
-	* get_mic.c: update krb5_auth_con function names. use
-	gss_krb5_get_localkey
-	* accept_sec_context.c: update krb5_auth_con function names
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:1:2
-
-2001-05-14  Assar Westerlund  <assar@sics.se>
-
-	* address_to_krb5addr.c: adapt to new address functions
-
-2001-05-11  Assar Westerlund  <assar@sics.se>
-
-	* try to return the error string from libkrb5 where applicable
-
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): remember to free
-	the memory used by the ticket itself. from <tmartin@mirapoint.com>
-
-2001-05-04  Assar Westerlund  <assar@sics.se>
-
-	* gssapi_locl.h: add config.h for completeness
-	* gssapi.h: remove config.h, this is an installed header file
-	sys/types.h is not needed either
-	
-2001-03-12  Assar Westerlund  <assar@sics.se>
-
-	* acquire_cred.c (gss_acquire_cred): remove memory leaks.  from
-	Jason R Thorpe <thorpej@zembu.com>
-
-2001-02-18  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): either return
-	gss_name NULL-ed or set
-
-	* import_name.c: set minor_status in some cases where it was not
-	done
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c: use krb5_generate_random_block for the confounders
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
-	* acquire_cred.c, init_sec_context.c, release_cred.c: add support
-	for getting creds from a keytab, from fvdl@netbsd.org
-
-	* copy_ccache.c: add gss_krb5_copy_ccache
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* get_mic.c: cast parameters to des function to non-const pointers
- 	to handle the case where these functions actually take non-const
- 	des_cblock *
-
-2001-01-09  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
-	instead of krb5_rd_cred
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
-
-2000-12-08  Assar Westerlund  <assar@sics.se>
-
-	* wrap.c (wrap_des3): use the checksum as ivec when encrypting the
-	sequence number
-	* unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
-	the sequence number
-	* init_sec_context.c (init_auth): always zero fwd_data
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c: de-pointerise auth_context parameter to
-	krb5_mk_rep
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c (init_auth): update to new
-	krb5_build_authenticator
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
-
-2000-08-27  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c: actually pay attention to `time_req'
-	* init_sec_context.c: re-organize.  leak less memory.
-	* gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
-	update prototypes add assert.h
-	* gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
-	add
-	* verify_mic.c: re-organize and add 3DES code
-	* wrap.c: re-organize and add 3DES code
-	* unwrap.c: re-organize and add 3DES code
-	* get_mic.c: re-organize and add 3DES code
-	* encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
-	let the caller do that.  fix the callers.
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 2:1:1
-
-2000-07-29  Assar Westerlund  <assar@sics.se>
-
-	* decapsulate.c (gssapi_krb5_verify_header): sanity-check length
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 2:0:1
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
-	details from rfc2744
-
-2000-06-29  Assar Westerlund  <assar@sics.se>
-
-	* address_to_krb5addr.c (gss_address_to_krb5addr): actually use
-	`int' instead of `sa_family_t' for the address family.
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* add support for token delegation.  From Daniel Kouril
-	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
-
-2000-04-12  Assar Westerlund  <assar@sics.se>
-
-	* release_oid_set.c (gss_release_oid_set): clear set for
-	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* release_name.c (gss_release_name): reset input_name for
-	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* release_buffer.c (gss_release_buffer): set value to NULL to be
-	more robust.  From GOMBAS Gabor <gombasg@inf.elte.hu>
-	* add_oid_set_member.c (gss_add_oid_set_member): actually check if
-	the oid is a member first.  leave the oid_set unchanged if realloc
-	fails.
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-2000-02-12  Assar Westerlund  <assar@sics.se>
-
-	* gssapi_locl.h: add flags for import/export
-	* import_sec_context.c (import_sec_context: add flags for what
-	fields are included.  do not include the authenticator for now.
-	* export_sec_context.c (export_sec_context: add flags for what
-	fields are included.  do not include the authenticator for now.
-	* accept_sec_context.c (gss_accept_sec_context): set target in
-	context_handle
-
-2000-02-11  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): set context to
-	GSS_C_NO_CONTEXT
-
-	* Makefile.am: add {export,import}_sec_context.c
-	* export_sec_context.c: new file
-	* import_sec_context.c: new file
-	* accept_sec_context.c (gss_accept_sec_context): set trans flag
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:5:0
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* delete_sec_context.c (gss_delete_sec_context): handle a NULL
-	output_token
-
-	* wrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
-	some changes to libdes calls to make them more portable.
-	* unwrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* get_mic.c: update to pseudo-standard APIs for md4,md5,sha.  some
-	changes to libdes calls to make them more portable.
-	* 8003.c: update to pseudo-standard APIs for md4,md5,sha.
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:4:0
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* accept_sec_context.c (gss_accept_sec_context): always set
- 	`output_token'
-	* init_sec_context.c (init_auth): always initialize `output_token'
-	* delete_sec_context.c (gss_delete_sec_context): always set
- 	`output_token'
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 0:3:0
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:2:0
-
-1999-09-21  Assar Westerlund  <assar@sics.se>
-
-	* init_sec_context.c (gss_init_sec_context): initialize `ticket'
-
-	* gssapi.h (gss_ctx_id_t_desc): add ticket in here.  ick.
-
-	* delete_sec_context.c (gss_delete_sec_context): free ticket
-
-	* accept_sec_context.c (gss_accept_sec_context): stove away
- 	`krb5_ticket' in context so that ugly programs such as
- 	gss_nt_server can get at it.  uck.
-
-1999-09-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* accept_sec_context.c: set minor_status
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* display_status.c (calling_error, routine_error): right shift the
- 	code to make it possible to index into the arrays
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* gssapi.h (GSS_C_AF_INET6): add
-
-	* import_name.c (import_hostbased_name): set minor_status
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:1:0
-
-Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* display_status.c: set minor_status
-
-	* init_sec_context.c: set minor_status
-
-	* lib/gssapi/init.c: remove donep (check gssapi_krb5_context
- 	directly)
-
diff --git a/crypto/heimdal/lib/gssapi/Makefile b/crypto/heimdal/lib/gssapi/Makefile
deleted file mode 100644
index c8533372ddf6..000000000000
--- a/crypto/heimdal/lib/gssapi/Makefile
+++ /dev/null
@@ -1,659 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/gssapi/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LTLIBRARIES = libgssapi.la
-libgssapi_la_LDFLAGS = -version-info 3:5:2
-libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la
-
-include_HEADERS = gssapi.h
-
-libgssapi_la_SOURCES = \
-	8003.c			\
-	accept_sec_context.c	\
-	acquire_cred.c		\
-	add_oid_set_member.c	\
-	canonicalize_name.c	\
-	compare_name.c		\
-	context_time.c		\
-	copy_ccache.c		\
-	create_emtpy_oid_set.c	\
-	decapsulate.c		\
-	delete_sec_context.c	\
-	display_name.c		\
-	display_status.c	\
-	duplicate_name.c	\
-	encapsulate.c		\
-	export_sec_context.c	\
-	export_name.c		\
-	external.c		\
-	get_mic.c		\
-	gssapi.h		\
-	gssapi_locl.h		\
-	import_name.c		\
-	import_sec_context.c	\
-	indicate_mechs.c	\
-	init.c			\
-	init_sec_context.c	\
-	inquire_context.c	\
-	inquire_cred.c		\
-	release_buffer.c	\
-	release_cred.c		\
-	release_name.c		\
-	release_oid_set.c	\
-	test_oid_set_member.c	\
-	unwrap.c		\
-	v1.c			\
-	verify_mic.c		\
-        wrap.c                  \
-        address_to_krb5addr.c
-
-subdir = lib/gssapi
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \
-	../roken/libroken.la
-am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \
-	add_oid_set_member.lo canonicalize_name.lo compare_name.lo \
-	context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \
-	decapsulate.lo delete_sec_context.lo display_name.lo \
-	display_status.lo duplicate_name.lo encapsulate.lo \
-	export_sec_context.lo export_name.lo external.lo get_mic.lo \
-	import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \
-	init_sec_context.lo inquire_context.lo inquire_cred.lo \
-	release_buffer.lo release_cred.lo release_name.lo \
-	release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \
-	verify_mic.lo wrap.lo address_to_krb5addr.lo
-libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS)
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libgssapi_la_SOURCES)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libgssapi_la_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/gssapi/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES install-man \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am
deleted file mode 100644
index 6d232e508d1d..000000000000
--- a/crypto/heimdal/lib/gssapi/Makefile.am
+++ /dev/null
@@ -1,65 +0,0 @@
-# $Id: Makefile.am,v 1.44.2.5 2003/05/12 15:20:46 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4)
-
-lib_LTLIBRARIES = libgssapi.la
-libgssapi_la_LDFLAGS = -version-info 4:0:3
-libgssapi_la_LIBADD  = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la
-
-man_MANS = gssapi.3 gss_acquire_cred.3
-
-include_HEADERS = gssapi.h
-
-libgssapi_la_SOURCES =		\
-	8003.c			\
-	accept_sec_context.c	\
-	acquire_cred.c		\
-	add_cred.c		\
-	add_oid_set_member.c	\
-	canonicalize_name.c	\
-	compare_name.c		\
-	compat.c		\
-	context_time.c		\
-	copy_ccache.c		\
-	create_emtpy_oid_set.c	\
-	decapsulate.c		\
-	delete_sec_context.c	\
-	display_name.c		\
-	display_status.c	\
-	duplicate_name.c	\
-	encapsulate.c		\
-	export_sec_context.c	\
-	export_name.c		\
-	external.c		\
-	get_mic.c		\
-	gssapi.h		\
-	gssapi_locl.h		\
-	import_name.c		\
-	import_sec_context.c	\
-	indicate_mechs.c	\
-	init.c			\
-	init_sec_context.c	\
-	inquire_context.c	\
-	inquire_cred.c		\
-	inquire_cred_by_mech.c	\
-	inquire_mechs_for_name.c \
-	inquire_names_for_mech.c \
-	release_buffer.c	\
-	release_cred.c		\
-	release_name.c		\
-	release_oid_set.c	\
-	process_context_token.c \
-	test_oid_set_member.c	\
-	unwrap.c		\
-	v1.c			\
-	verify_mic.c		\
-        wrap.c                  \
-        address_to_krb5addr.c
-
-#noinst_PROGRAMS = test_acquire_cred
-
-#test_acquire_cred_SOURCES = test_acquire_cred.c
-
-#test_acquire_cred_LDADD = libgssapi.la
diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in
deleted file mode 100644
index 7ce1a6eaa9e3..000000000000
--- a/crypto/heimdal/lib/gssapi/Makefile.in
+++ /dev/null
@@ -1,715 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.44.2.5 2003/05/12 15:20:46 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LTLIBRARIES = libgssapi.la
-libgssapi_la_LDFLAGS = -version-info 4:0:3
-libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la
-
-man_MANS = gssapi.3 gss_acquire_cred.3
-
-include_HEADERS = gssapi.h
-
-libgssapi_la_SOURCES = \
-	8003.c			\
-	accept_sec_context.c	\
-	acquire_cred.c		\
-	add_cred.c		\
-	add_oid_set_member.c	\
-	canonicalize_name.c	\
-	compare_name.c		\
-	compat.c		\
-	context_time.c		\
-	copy_ccache.c		\
-	create_emtpy_oid_set.c	\
-	decapsulate.c		\
-	delete_sec_context.c	\
-	display_name.c		\
-	display_status.c	\
-	duplicate_name.c	\
-	encapsulate.c		\
-	export_sec_context.c	\
-	export_name.c		\
-	external.c		\
-	get_mic.c		\
-	gssapi.h		\
-	gssapi_locl.h		\
-	import_name.c		\
-	import_sec_context.c	\
-	indicate_mechs.c	\
-	init.c			\
-	init_sec_context.c	\
-	inquire_context.c	\
-	inquire_cred.c		\
-	inquire_cred_by_mech.c	\
-	inquire_mechs_for_name.c \
-	inquire_names_for_mech.c \
-	release_buffer.c	\
-	release_cred.c		\
-	release_name.c		\
-	release_oid_set.c	\
-	process_context_token.c \
-	test_oid_set_member.c	\
-	unwrap.c		\
-	v1.c			\
-	verify_mic.c		\
-        wrap.c                  \
-        address_to_krb5addr.c
-
-subdir = lib/gssapi
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \
-	../roken/libroken.la
-am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \
-	add_cred.lo add_oid_set_member.lo canonicalize_name.lo \
-	compare_name.lo compat.lo context_time.lo copy_ccache.lo \
-	create_emtpy_oid_set.lo decapsulate.lo delete_sec_context.lo \
-	display_name.lo display_status.lo duplicate_name.lo \
-	encapsulate.lo export_sec_context.lo export_name.lo external.lo \
-	get_mic.lo import_name.lo import_sec_context.lo \
-	indicate_mechs.lo init.lo init_sec_context.lo \
-	inquire_context.lo inquire_cred.lo inquire_cred_by_mech.lo \
-	inquire_mechs_for_name.lo inquire_names_for_mech.lo \
-	release_buffer.lo release_cred.lo release_name.lo \
-	release_oid_set.lo process_context_token.lo \
-	test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo wrap.lo \
-	address_to_krb5addr.lo
-libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS)
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libgssapi_la_SOURCES)
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libgssapi_la_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/gssapi/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man install-man3 \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-#noinst_PROGRAMS = test_acquire_cred
-
-#test_acquire_cred_SOURCES = test_acquire_cred.c
-
-#test_acquire_cred_LDADD = libgssapi.la
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c
deleted file mode 100644
index 62a05730680a..000000000000
--- a/crypto/heimdal/lib/gssapi/accept_sec_context.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: accept_sec_context.c,v 1.33 2003/03/16 17:41:12 lha Exp $");
-
-krb5_keytab gssapi_krb5_keytab;
-
-OM_uint32
-gsskrb5_register_acceptor_identity (const char *identity)
-{
-    krb5_error_code ret;
-    char *p;
-
-    ret = gssapi_krb5_init();
-    if(ret)
-	return GSS_S_FAILURE;
-    
-    if(gssapi_krb5_keytab != NULL) {
-	krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
-	gssapi_krb5_keytab = NULL;
-    }
-    asprintf(&p, "FILE:%s", identity);
-    if(p == NULL)
-	return GSS_S_FAILURE;
-    ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
-    free(p);
-    if(ret)
-	return GSS_S_FAILURE;
-    return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_accept_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            const gss_cred_id_t acceptor_cred_handle,
-            const gss_buffer_t input_token_buffer,
-            const gss_channel_bindings_t input_chan_bindings,
-            gss_name_t * src_name,
-            gss_OID * mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec,
-            gss_cred_id_t * delegated_cred_handle
-           )
-{
-    krb5_error_code kret;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data indata;
-    krb5_flags ap_options;
-    OM_uint32 flags;
-    krb5_ticket *ticket = NULL;
-    krb5_keytab keytab = NULL;
-    krb5_data fwd_data;
-    OM_uint32 minor;
-
-    GSSAPI_KRB5_INIT();
-
-    krb5_data_zero (&fwd_data);
-    output_token->length = 0;
-    output_token->value   = NULL;
-
-    if (src_name != NULL)
-	*src_name = NULL;
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (*context_handle == GSS_C_NO_CONTEXT) {
-	*context_handle = malloc(sizeof(**context_handle));
-	if (*context_handle == GSS_C_NO_CONTEXT) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-    }
-
-    (*context_handle)->auth_context =  NULL;
-    (*context_handle)->source = NULL;
-    (*context_handle)->target = NULL;
-    (*context_handle)->flags = 0;
-    (*context_handle)->more_flags = 0;
-    (*context_handle)->ticket = NULL;
-    (*context_handle)->lifetime = GSS_C_INDEFINITE;
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
-	&& input_chan_bindings->application_data.length ==
-	2 * sizeof((*context_handle)->auth_context->local_port)
-	) {
-     
-	/* Port numbers are expected to be in application_data.value,
-	 * initator's port first */
-     
-	krb5_address initiator_addr, acceptor_addr;
-     
-	memset(&initiator_addr, 0, sizeof(initiator_addr));
-	memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-
-	(*context_handle)->auth_context->remote_port = 
-	    *(int16_t *) input_chan_bindings->application_data.value; 
-     
-	(*context_handle)->auth_context->local_port =
-	    *((int16_t *) input_chan_bindings->application_data.value + 1);
-
-     
-	kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
-				       &input_chan_bindings->acceptor_address,
-				       (*context_handle)->auth_context->local_port,
-				       &acceptor_addr); 
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-                             
-	kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
-				       &input_chan_bindings->initiator_address, 
-				       (*context_handle)->auth_context->remote_port,
-				       &initiator_addr); 
-	if (kret) {
-	    krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-     
-	kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
-				      (*context_handle)->auth_context,
-				      &acceptor_addr,    /* local address */
-				      &initiator_addr);  /* remote address */
-     
-	krb5_free_address (gssapi_krb5_context, &initiator_addr);
-	krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-     
-#if 0
-	free(input_chan_bindings->application_data.value);
-	input_chan_bindings->application_data.value = NULL;
-	input_chan_bindings->application_data.length = 0;
-#endif
-     
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    ret = GSS_S_BAD_BINDINGS;
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-  
-
-
-    {
-	int32_t tmp;
-
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &tmp);
-	tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       tmp);
-    }
-
-    ret = gssapi_krb5_decapsulate (minor_status,
-				   input_token_buffer,
-				   &indata,
-				   "\x01\x00");
-    if (ret)
-	goto failure;
-
-    if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
-	if (gssapi_krb5_keytab != NULL) {
-	    keytab = gssapi_krb5_keytab;
-	}
-    } else if (acceptor_cred_handle->keytab != NULL) {
-	keytab = acceptor_cred_handle->keytab;
-    }
-
-    kret = krb5_rd_req (gssapi_krb5_context,
-			&(*context_handle)->auth_context,
-			&indata,
-			(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL 
-			: acceptor_cred_handle->principal,
-			keytab,
-			&ap_options,
-			&ticket);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				ticket->client,
-				&(*context_handle)->source);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				ticket->server,
-				&(*context_handle)->target);
-    if (kret) {
-	ret = GSS_S_FAILURE;
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-    if (ret)
-	goto failure;
-
-    if (src_name != NULL) {
-	kret = krb5_copy_principal (gssapi_krb5_context,
-				    ticket->client,
-				    src_name);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-    }
-
-    {
-	krb5_authenticator authenticator;
-      
-	kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
-					      (*context_handle)->auth_context,
-					      &authenticator);
-	if(kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-
-	ret = gssapi_krb5_verify_8003_checksum(minor_status,
-					       input_chan_bindings,
-					       authenticator->cksum,
-					       &flags,
-					       &fwd_data);
-	krb5_free_authenticator(gssapi_krb5_context, &authenticator);
-	if (ret)
-	    goto failure;
-    }
-
-    if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-      
-	krb5_ccache ccache;
-      
-	if (delegated_cred_handle == NULL)
-	    /* XXX Create a new delegated_cred_handle? */
-	    kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-	else if (*delegated_cred_handle == NULL) {
-	    if ((*delegated_cred_handle =
-		 calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
-		ret = GSS_S_FAILURE;
-		*minor_status = ENOMEM;
-		krb5_set_error_string(gssapi_krb5_context, "out of memory");
-		gssapi_krb5_set_error_string();
-		goto failure;
-	    }
-	    if ((ret = gss_duplicate_name(minor_status, ticket->client,
-					  &(*delegated_cred_handle)->principal)) != 0) {
-		flags &= ~GSS_C_DELEG_FLAG;
-		free(*delegated_cred_handle);
-		*delegated_cred_handle = NULL;
-		goto end_fwd;
-	    }
-	}
-	if (delegated_cred_handle != NULL &&
-	    (*delegated_cred_handle)->ccache == NULL) {
-            kret = krb5_cc_gen_new (gssapi_krb5_context,
-                                    &krb5_mcc_ops,
-                                    &(*delegated_cred_handle)->ccache);
-	    ccache = (*delegated_cred_handle)->ccache;
-	}
-	if (delegated_cred_handle != NULL &&
-	    (*delegated_cred_handle)->mechanisms == NULL) {
-	    ret = gss_create_empty_oid_set(minor_status, 
-					   &(*delegated_cred_handle)->mechanisms);
-            if (ret)
-		goto failure;
-	    ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-					 &(*delegated_cred_handle)->mechanisms);
-	    if (ret)
-		goto failure;
-	}
-
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-      
-	kret = krb5_cc_initialize(gssapi_krb5_context,
-				  ccache,
-				  *src_name);
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-      
-	kret = krb5_rd_cred2(gssapi_krb5_context,
-			     (*context_handle)->auth_context,
-			     ccache,
-			     &fwd_data);
-	if (kret) {
-	    flags &= ~GSS_C_DELEG_FLAG;
-	    goto end_fwd;
-	}
-
-      end_fwd:
-	free(fwd_data.data);
-    }
-         
-
-    flags |= GSS_C_TRANS_FLAG;
-
-    if (ret_flags)
-	*ret_flags = flags;
-    (*context_handle)->lifetime = ticket->ticket.endtime;
-    (*context_handle)->flags = flags;
-    (*context_handle)->more_flags |= OPEN;
-
-    if (mech_type)
-	*mech_type = GSS_KRB5_MECHANISM;
-
-    if (time_rec)
-	*time_rec = (*context_handle)->lifetime;
-
-    if(flags & GSS_C_MUTUAL_FLAG) {
-	krb5_data outbuf;
-
-	kret = krb5_mk_rep (gssapi_krb5_context,
-			    (*context_handle)->auth_context,
-			    &outbuf);
-	if (kret) {
-	    ret = GSS_S_FAILURE;
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	    goto failure;
-	}
-	ret = gssapi_krb5_encapsulate (minor_status,
-				       &outbuf,
-				       output_token,
-				       "\x02\x00");
-	krb5_data_free (&outbuf);
-	if (ret)
-	    goto failure;
-    } else {
-	output_token->length = 0;
-	output_token->value = NULL;
-    }
-
-    (*context_handle)->ticket = ticket;
-    ticket = NULL;
-
-#if 0
-    krb5_free_ticket (context, ticket);
-#endif
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-
-  failure:
-    if (fwd_data.length > 0)
-	free(fwd_data.data);
-    if (ticket != NULL)
-	krb5_free_ticket (gssapi_krb5_context, ticket);
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    free (*context_handle);
-    if (src_name != NULL) {
-	gss_release_name (&minor, src_name);
-	*src_name = NULL;
-    }
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c
deleted file mode 100644
index 503ac91b039a..000000000000
--- a/crypto/heimdal/lib/gssapi/acquire_cred.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: acquire_cred.c,v 1.13 2003/04/06 00:31:55 lha Exp $");
-
-static krb5_error_code
-get_keytab(krb5_keytab *keytab)
-{
-    char kt_name[256];
-    krb5_error_code kret;
-
-    if (gssapi_krb5_keytab != NULL) {
-	kret = krb5_kt_get_name(gssapi_krb5_context,
-				gssapi_krb5_keytab,
-				kt_name, sizeof(kt_name));
-	if (kret == 0)
-	    kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab);
-    } else
-	kret = krb5_kt_default(gssapi_krb5_context, keytab);
-    return (kret);
-}
-
-static OM_uint32 acquire_initiator_cred
-		  (OM_uint32 * minor_status,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gss_cred_id_t handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_creds cred;
-    krb5_principal def_princ;
-    krb5_get_init_creds_opt opt;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_error_code kret;
-
-    keytab = NULL;
-    ccache = NULL;
-    def_princ = NULL;
-    ret = GSS_S_FAILURE;
-    memset(&cred, 0, sizeof(cred));
-
-    kret = krb5_cc_default(gssapi_krb5_context, &ccache);
-    if (kret)
-	goto end;
-    kret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
-	&def_princ);
-    if (kret != 0) {
-	/* we'll try to use a keytab below */
-	krb5_cc_destroy(gssapi_krb5_context, ccache);
-	ccache = NULL;
-	kret = 0;
-    } else if (handle->principal == NULL)  {
-	kret = krb5_copy_principal(gssapi_krb5_context, def_princ,
-	    &handle->principal);
-	if (kret)
-	    goto end;
-    } else if (handle->principal != NULL &&
-	krb5_principal_compare(gssapi_krb5_context, handle->principal,
-	def_princ) == FALSE) {
-	/* Before failing, lets check the keytab */
-	krb5_free_principal(gssapi_krb5_context, def_princ);
-	def_princ = NULL;
-    }
-    if (def_princ == NULL) {
-	/* We have no existing credentials cache,
-	 * so attempt to get a TGT using a keytab.
-	 */
-	if (handle->principal == NULL) {
-	    kret = krb5_get_default_principal(gssapi_krb5_context,
-		&handle->principal);
-	    if (kret)
-		goto end;
-	}
-	kret = get_keytab(&keytab);
-	if (kret)
-	    goto end;
-	krb5_get_init_creds_opt_init(&opt);
-	kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
-	    handle->principal, keytab, 0, NULL, &opt);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
-		&ccache);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
-	if (kret)
-	    goto end;
-	kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
-	if (kret)
-	    goto end;
-	handle->lifetime = cred.times.endtime;
-    } else {
-	krb5_creds in_cred, *out_cred;
-	krb5_const_realm realm;
-
-	memset(&in_cred, 0, sizeof(in_cred));
-	in_cred.client = handle->principal;
-	
-	realm = krb5_principal_get_realm(gssapi_krb5_context, 
-					 handle->principal);
-	if (realm == NULL) {
-	    kret = KRB5_PRINC_NOMATCH; /* XXX */
-	    goto end;
-	}
-
-	kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, 
-				   realm, KRB5_TGS_NAME, realm, NULL);
-	if (kret)
-	    goto end;
-
-	kret = krb5_get_credentials(gssapi_krb5_context, 0, 
-				    ccache, &in_cred, &out_cred);
-	krb5_free_principal(gssapi_krb5_context, in_cred.server);
-	if (kret)
-	    goto end;
-
-	handle->lifetime = out_cred->times.endtime;
-	krb5_free_creds(gssapi_krb5_context, out_cred);
-    }
-
-    handle->ccache = ccache;
-    ret = GSS_S_COMPLETE;
-
-end:
-    if (cred.client != NULL)
-	krb5_free_creds_contents(gssapi_krb5_context, &cred);
-    if (def_princ != NULL)
-	krb5_free_principal(gssapi_krb5_context, def_princ);
-    if (keytab != NULL)
-	krb5_kt_close(gssapi_krb5_context, keytab);
-    if (ret != GSS_S_COMPLETE) {
-	if (ccache != NULL)
-	    krb5_cc_close(gssapi_krb5_context, ccache);
-	if (kret != 0) {
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	}
-    }
-    return (ret);
-}
-
-static OM_uint32 acquire_acceptor_cred
-		  (OM_uint32 * minor_status,
-		   const gss_name_t desired_name,
-		   OM_uint32 time_req,
-		   const gss_OID_set desired_mechs,
-		   gss_cred_usage_t cred_usage,
-		   gss_cred_id_t handle,
-		   gss_OID_set * actual_mechs,
-		   OM_uint32 * time_rec
-		  )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-
-    kret = 0;
-    ret = GSS_S_FAILURE;
-    kret = get_keytab(&handle->keytab);
-    if (kret)
-	goto end;
-    ret = GSS_S_COMPLETE;
- 
-end:
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->keytab != NULL)
-	    krb5_kt_close(gssapi_krb5_context, handle->keytab);
-	if (kret != 0) {
-	    *minor_status = kret;
-	    gssapi_krb5_set_error_string ();
-	}
-    }
-    return (ret);
-}
-
-OM_uint32 gss_acquire_cred
-           (OM_uint32 * minor_status,
-            const gss_name_t desired_name,
-            OM_uint32 time_req,
-            const gss_OID_set desired_mechs,
-            gss_cred_usage_t cred_usage,
-            gss_cred_id_t * output_cred_handle,
-            gss_OID_set * actual_mechs,
-            OM_uint32 * time_rec
-           )
-{
-    gss_cred_id_t handle;
-    OM_uint32 ret;
-
-    GSSAPI_KRB5_INIT ();
-
-    *output_cred_handle = NULL;
-    if (time_rec)
-	*time_rec = 0;
-    if (actual_mechs)
-	*actual_mechs = GSS_C_NO_OID_SET;
-
-    if (desired_mechs) {
-	OM_uint32 present = 0;
-
-	ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				      desired_mechs, &present); 
-	if (ret)
-	    return ret;
-	if (!present) {
-	    *minor_status = 0;
-	    return GSS_S_BAD_MECH;
-	}
-    }
-
-    handle = (gss_cred_id_t)malloc(sizeof(*handle));
-    if (handle == GSS_C_NO_CREDENTIAL) {
-	*minor_status = ENOMEM;
-        return (GSS_S_FAILURE);
-    }
-
-    memset(handle, 0, sizeof (*handle));
-
-    if (desired_name != GSS_C_NO_NAME) {
-	ret = gss_duplicate_name(minor_status, desired_name,
-	    &handle->principal);
-	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    }
-    if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
-	ret = acquire_initiator_cred(minor_status, desired_name, time_req,
-	    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-    	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
-	ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
-	    desired_mechs, cred_usage, handle, actual_mechs, time_rec);
-	if (ret != GSS_S_COMPLETE) {
-	    free(handle);
-	    return (ret);
-	}
-    } else {
-	free(handle);
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return GSS_S_FAILURE;
-    }
-    ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				 &handle->mechanisms);
-    if (ret == GSS_S_COMPLETE)
-    	ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
-			   actual_mechs);
-    if (ret != GSS_S_COMPLETE) {
-	if (handle->mechanisms != NULL)
-		gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-	return (ret);
-    } 
-    *minor_status = 0;
-    if (time_rec)
-	*time_rec = handle->lifetime;
-    handle->usage = cred_usage;
-    *output_cred_handle = handle;
-    return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c
deleted file mode 100644
index 1e23a5bd2c1a..000000000000
--- a/crypto/heimdal/lib/gssapi/add_cred.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_cred.c,v 1.2 2003/04/06 00:29:17 lha Exp $");
-
-OM_uint32 gss_add_cred (
-     OM_uint32           *minor_status,
-     const gss_cred_id_t input_cred_handle,
-     const gss_name_t    desired_name,
-     const gss_OID       desired_mech,
-     gss_cred_usage_t    cred_usage,
-     OM_uint32           initiator_time_req,
-     OM_uint32           acceptor_time_req,
-     gss_cred_id_t       *output_cred_handle,
-     gss_OID_set         *actual_mechs,
-     OM_uint32           *initiator_time_rec,
-     OM_uint32           *acceptor_time_rec)
-{
-    OM_uint32 ret, lifetime;
-    gss_cred_id_t cred, handle;
-
-    handle = NULL;
-    cred = input_cred_handle;
-
-    if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = 0;
-	return GSS_S_BAD_MECH;
-    }
-
-    if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) {
-	*minor_status = 0;
-	return GSS_S_NO_CRED;
-    }
-
-    /* check if requested output usage is compatible with output usage */ 
-    if (output_cred_handle != NULL &&
-	(cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) {
-	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
-	return(GSS_S_FAILURE);
-    }
-	
-    /* check that we have the same name */
-    if (desired_name != GSS_C_NO_NAME &&
-	krb5_principal_compare(gssapi_krb5_context, desired_name,
-			       cred->principal) != FALSE) {
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    /* make a copy */
-    if (output_cred_handle) {
-
-	handle = (gss_cred_id_t)malloc(sizeof(*handle));
-	if (handle == GSS_C_NO_CREDENTIAL) {
-	    *minor_status = ENOMEM;
-	    return (GSS_S_FAILURE);
-	}
-
-	memset(handle, 0, sizeof (*handle));
-
-	handle->usage = cred_usage;
-	handle->lifetime = cred->lifetime;
-	handle->principal = NULL;
-	handle->keytab = NULL;
-	handle->ccache = NULL;
-	handle->mechanisms = NULL;
-	
-	ret = GSS_S_FAILURE;
-
-	ret = gss_duplicate_name(minor_status, cred->principal,
-				 &handle->principal);
-	if (ret) {
-	    free(handle);
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-
-	if (cred->keytab) {
-	    krb5_error_code kret;
-	    char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
-	    int len;
-	    
-	    ret = GSS_S_FAILURE;
-
-	    kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab,
-				    name, KRB5_KT_PREFIX_MAX_LEN);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-	    len = strlen(name);
-	    name[len++] = ':';
-
-	    kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab,
-				    name + len, 
-				    sizeof(name) - len);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }
-
-	    kret = krb5_kt_resolve(gssapi_krb5_context, name,
-				   &handle->keytab);
-	    if (kret){
-		*minor_status = kret;
-		goto failure;
-	    }
-	}
-
-	if (cred->ccache) {
-	    krb5_error_code kret;
-	    const char *type, *name;
-	    char *type_name;
-
-	    ret = GSS_S_FAILURE;
-
-	    type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache);
-	    if (type == NULL){
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache);
-	    if (name == NULL) {
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    asprintf(&type_name, "%s:%s", type, name);
-	    if (type_name == NULL) {
-		*minor_status = ENOMEM;
-		goto failure;
-	    }
-
-	    kret = krb5_cc_resolve(gssapi_krb5_context, type_name,
-				   &handle->ccache);
-	    free(type_name);
-	    if (kret) {
-		*minor_status = kret;
-		goto failure;
-	    }	    
-	}
-
-	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
-	if (ret)
-	    goto failure;
-
-	ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
-				     &handle->mechanisms);
-	if (ret)
-	    goto failure;
-    }
-
-    ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime,
-			   NULL, actual_mechs);
-    if (ret)
-	goto failure;
-
-    if (initiator_time_rec)
-	*initiator_time_rec = lifetime;
-    if (acceptor_time_rec)
-	*acceptor_time_rec = lifetime;
-
-    if (output_cred_handle)
-	*output_cred_handle = handle;
-
-    *minor_status = 0;
-    return ret;
-
- failure:
-
-    if (handle) {
-	if (handle->principal)
-	    gss_release_name(NULL, &handle->principal);
-	if (handle->keytab)
-	    krb5_kt_close(gssapi_krb5_context, handle->keytab);
-	if (handle->ccache)
-	    krb5_cc_destroy(gssapi_krb5_context, handle->ccache);
-	if (handle->mechanisms)
-	    gss_release_oid_set(NULL, &handle->mechanisms);
-	free(handle);
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c
deleted file mode 100644
index ed654fc8c5b8..000000000000
--- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $");
-
-OM_uint32 gss_add_oid_set_member (
-            OM_uint32 * minor_status,
-            const gss_OID member_oid,
-            gss_OID_set * oid_set
-           )
-{
-  gss_OID tmp;
-  size_t n;
-  OM_uint32 res;
-  int present;
-
-  res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present);
-  if (res != GSS_S_COMPLETE)
-    return res;
-
-  if (present) {
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-  }
-
-  n = (*oid_set)->count + 1;
-  tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
-  if (tmp == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-  (*oid_set)->elements = tmp;
-  (*oid_set)->count = n;
-  (*oid_set)->elements[n-1] = *member_oid;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
deleted file mode 100644
index c8041aa93626..000000000000
--- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-#include <roken.h>
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
-                        gss_buffer_desc *gss_addr,
-                        int16_t port,
-                        krb5_address *address)
-{
-   int addr_type;
-   struct sockaddr sa;
-   int sa_size = sizeof(sa);
-   krb5_error_code problem;
-   
-   if (gss_addr == NULL)
-      return GSS_S_FAILURE; 
-   
-   switch (gss_addr_type) {
-#ifdef HAVE_IPV6
-      case GSS_C_AF_INET6: addr_type = AF_INET6;
-                           break;
-#endif /* HAVE_IPV6 */
-                           
-      case GSS_C_AF_INET:  addr_type = AF_INET;
-                           break;
-      default:
-                           return GSS_S_FAILURE;
-   }
-                      
-   problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
-				   addr_type,
-                                   gss_addr->value, 
-                                   &sa, 
-                                   &sa_size, 
-                                   port);
-   if (problem)
-      return GSS_S_FAILURE;
-
-   problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
-
-   return problem;  
-}
diff --git a/crypto/heimdal/lib/gssapi/canonicalize_name.c b/crypto/heimdal/lib/gssapi/canonicalize_name.c
deleted file mode 100644
index afa39f3a4f96..000000000000
--- a/crypto/heimdal/lib/gssapi/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $");
-
-OM_uint32 gss_canonicalize_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            const gss_OID mech_type,
-            gss_name_t * output_name
-           )
-{
-    return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c
deleted file mode 100644
index da494b0d10b4..000000000000
--- a/crypto/heimdal/lib/gssapi/compare_name.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compare_name.c,v 1.4 2003/03/16 17:50:07 lha Exp $");
-
-OM_uint32 gss_compare_name
-           (OM_uint32 * minor_status,
-            const gss_name_t name1,
-            const gss_name_t name2,
-            int * name_equal
-           )
-{
-    GSSAPI_KRB5_INIT();
-
-    *name_equal = krb5_principal_compare (gssapi_krb5_context,
-					  name1, name2);
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c
deleted file mode 100644
index 311b1cb71a1e..000000000000
--- a/crypto/heimdal/lib/gssapi/compat.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $");
-
-
-static krb5_error_code
-check_compat(OM_uint32 *minor_status, gss_name_t name, 
-	     const char *option, krb5_boolean *compat, 
-	     krb5_boolean match_val)
-{
-    krb5_error_code ret = 0;
-    char **p, **q;
-    krb5_principal match;
-
-
-    p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi",
-				option, NULL);
-    if(p == NULL)
-	return 0;
-
-    for(q = p; *q; q++) {
-
-	ret = krb5_parse_name(gssapi_krb5_context, *q, &match);
-	if (ret)
-	    break;
-
-	if (krb5_principal_match(gssapi_krb5_context, name, match)) {
-	    *compat = match_val;
-	    break;
-	}
-	
-	krb5_free_principal(gssapi_krb5_context, match);
-    }
-    krb5_config_free_strings(p);
-
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-
-    return 0;
-}
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx)
-{
-    krb5_boolean use_compat = TRUE;
-    OM_uint32 ret;
-
-    if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
-	ret = check_compat(minor_status, ctx->target, 
-			   "broken_des3_mic", &use_compat, TRUE);
-	if (ret)
-	    return ret;
-	ret = check_compat(minor_status, ctx->target, 
-			   "correct_des3_mic", &use_compat, FALSE);
-	if (ret)
-	    return ret;
-
-	if (use_compat)
-	    ctx->more_flags |= COMPAT_OLD_DES3;
-	ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-    }
-    return 0;
-}
-
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
-{
-    *minor_status = 0;
-
-    if (on) {
-	ctx->more_flags |= COMPAT_OLD_DES3;
-    } else {
-	ctx->more_flags &= ~COMPAT_OLD_DES3;
-    }
-    ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c
deleted file mode 100644
index e947df677d81..000000000000
--- a/crypto/heimdal/lib/gssapi/context_time.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: context_time.c,v 1.7 2003/03/16 17:48:33 lha Exp $");
-
-OM_uint32 gss_context_time
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            OM_uint32 * time_rec
-           )
-{
-    OM_uint32 lifetime;
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_timestamp timeret;
-
-    GSSAPI_KRB5_INIT ();
-
-    ret = gss_inquire_context(minor_status, context_handle,
-			      NULL, NULL, &lifetime, NULL, NULL, NULL, NULL);
-    if (ret) {
-        return ret;
-    }
-
-    kret = krb5_timeofday(gssapi_krb5_context, &timeret);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-        return GSS_S_FAILURE;
-    }
-
-    *time_rec = lifetime - timeret;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c
deleted file mode 100644
index 2ffe0656d8cb..000000000000
--- a/crypto/heimdal/lib/gssapi/copy_ccache.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: copy_ccache.c,v 1.3 2003/03/16 17:47:44 lha Exp $");
-
-OM_uint32
-gss_krb5_copy_ccache(OM_uint32 *minor_status,
-		     gss_cred_id_t cred,
-		     krb5_ccache out)
-{
-    krb5_error_code kret;
-
-    if (cred->ccache == NULL) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
deleted file mode 100644
index 1a25e0d7815e..000000000000
--- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $");
-
-OM_uint32 gss_create_empty_oid_set (
-            OM_uint32 * minor_status,
-            gss_OID_set * oid_set
-           )
-{
-  *oid_set = malloc(sizeof(**oid_set));
-  if (*oid_set == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-  (*oid_set)->count = 0;
-  (*oid_set)->elements = NULL;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c
deleted file mode 100644
index 29c1f5bbf8ae..000000000000
--- a/crypto/heimdal/lib/gssapi/decapsulate.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: decapsulate.c,v 1.7 2001/08/23 04:35:54 assar Exp $");
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
-			  size_t total_len,
-			  char *type)
-{
-    size_t len, len_len, mech_len, foo;
-    int e;
-    u_char *p = *str;
-
-    if (total_len < 1)
-	return GSS_S_DEFECTIVE_TOKEN;
-    if (*p++ != 0x60)
-	return GSS_S_DEFECTIVE_TOKEN;
-    e = der_get_length (p, total_len - 1, &len, &len_len);
-    if (e || 1 + len_len + len != total_len)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += len_len;
-    if (*p++ != 0x06)
-	return GSS_S_DEFECTIVE_TOKEN;
-    e = der_get_length (p, total_len - 1 - len_len - 1,
-			&mech_len, &foo);
-    if (e)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += foo;
-    if (mech_len != GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_MECH;
-    if (memcmp(p,
-	       GSS_KRB5_MECHANISM->elements,
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_MECH;
-    p += mech_len;
-    if (memcmp (p, type, 2) != 0)
-	return GSS_S_DEFECTIVE_TOKEN;
-    p += 2;
-    *str = p;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-gssapi_krb5_decapsulate(
-			OM_uint32 *minor_status,    
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			char *type
-)
-{
-    u_char *p;
-    OM_uint32 ret;
-
-    p = input_token_buffer->value;
-    ret = gssapi_krb5_verify_header(&p,
-				    input_token_buffer->length,
-				    type);
-    if (ret) {
-	*minor_status = 0;
-	return ret;
-    }
-
-    out_data->length = input_token_buffer->length -
-	(p - (u_char *)input_token_buffer->value);
-    out_data->data   = p;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c
deleted file mode 100644
index 2df1f39749c8..000000000000
--- a/crypto/heimdal/lib/gssapi/delete_sec_context.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $");
-
-OM_uint32 gss_delete_sec_context
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t * context_handle,
-            gss_buffer_t output_token
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    if (output_token) {
-	output_token->length = 0;
-	output_token->value  = NULL;
-    }
-
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    if ((*context_handle)->ticket) {
-	krb5_free_ticket (gssapi_krb5_context,
-			  (*context_handle)->ticket);
-	free((*context_handle)->ticket);
-    }
-
-    free (*context_handle);
-    *context_handle = GSS_C_NO_CONTEXT;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c
deleted file mode 100644
index 27a232fd3cf6..000000000000
--- a/crypto/heimdal/lib/gssapi/display_name.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $");
-
-OM_uint32 gss_display_name
-           (OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t output_name_buffer,
-            gss_OID * output_name_type
-           )
-{
-    krb5_error_code kret;
-    char *buf;
-    size_t len;
-
-    GSSAPI_KRB5_INIT ();
-    kret = krb5_unparse_name (gssapi_krb5_context,
-			      input_name,
-			      &buf);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    len = strlen (buf);
-    output_name_buffer->length = len;
-    output_name_buffer->value  = malloc(len + 1);
-    if (output_name_buffer->value == NULL) {
-	free (buf);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (output_name_buffer->value, buf, len);
-    ((char *)output_name_buffer->value)[len] = '\0';
-    free (buf);
-    if (output_name_type)
-	*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c
deleted file mode 100644
index d266fa46bf93..000000000000
--- a/crypto/heimdal/lib/gssapi/display_status.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $");
-
-static char *krb5_error_string;
-
-static char *
-calling_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	NULL,			/* 0 */
-	"A required input parameter could not be read.", /*  */
-	"A required output parameter could not be written.", /*  */
-	"A parameter was malformed"
-    };
-
-    v >>= GSS_C_CALLING_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown calling error";
-    else
-	return msgs[v];
-}
-
-static char *
-routine_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	NULL,			/* 0 */
-	"An unsupported mechanism was requested",
-	"An invalid name was supplied",
-	"A supplied name was of an unsupported type",
-	"Incorrect channel bindings were supplied",
-	"An invalid status code was supplied",
-	"A token had an invalid MIC",
-	"No credentials were supplied, "
-	"or the credentials were unavailable or inaccessible.",
-	"No context has been established",
-	"A token was invalid",
-	"A credential was invalid",
-	"The referenced credentials have expired",
-	"The context has expired",
-	"Miscellaneous failure (see text)",
-	"The quality-of-protection requested could not be provide",
-	"The operation is forbidden by local security policy",
-	"The operation or option is not available",
-	"The requested credential element already exists",
-	"The provided name was not a mechanism name.",
-    };
-
-    v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
-    if (v == 0)
-	return "";
-    else if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-static char *
-supplementary_error(OM_uint32 v)
-{
-    static char *msgs[] = {
-	"normal completion",
-	"continuation call to routine required",
-	"duplicate per-message token detected",
-	"timed-out per-message token detected",
-	"reordered (early) per-message token detected",
-	"skipped predecessor token(s) detected"
-    };
-
-    v >>= GSS_C_SUPPLEMENTARY_OFFSET;
-
-    if (v >= sizeof(msgs)/sizeof(*msgs))
-	return "unknown routine error";
-    else
-	return msgs[v];
-}
-
-void
-gssapi_krb5_set_error_string (void)
-{
-    krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
-}
-
-char *
-gssapi_krb5_get_error_string (void)
-{
-    char *ret = krb5_error_string;
-    krb5_error_string = NULL;
-    return ret;
-}
-
-OM_uint32 gss_display_status
-           (OM_uint32		*minor_status,
-	    OM_uint32		 status_value,
-	    int			 status_type,
-	    const gss_OID	 mech_type,
-	    OM_uint32		*message_context,
-	    gss_buffer_t	 status_string)
-{
-  char *buf;
-
-  GSSAPI_KRB5_INIT ();
-
-  status_string->length = 0;
-  status_string->value = NULL;
-
-  if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-      gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-      *minor_status = 0;
-      return GSS_C_GSS_CODE;
-  }
-
-  if (status_type == GSS_C_GSS_CODE) {
-      if (GSS_SUPPLEMENTARY_INFO(status_value))
-	  asprintf(&buf, "%s", 
-		   supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
-      else
-	  asprintf (&buf, "%s %s",
-		    calling_error(GSS_CALLING_ERROR(status_value)),
-		    routine_error(GSS_ROUTINE_ERROR(status_value)));
-  } else if (status_type == GSS_C_MECH_CODE) {
-      buf = gssapi_krb5_get_error_string ();
-      if (buf == NULL) {
-	  const char *tmp = krb5_get_err_text (gssapi_krb5_context,
-					       status_value);
-	  if (tmp == NULL)
-	      asprintf(&buf, "unknown mech error-code %u",
-		       (unsigned)status_value);
-	  else
-	      buf = strdup(tmp);
-      }
-  } else {
-      *minor_status = EINVAL;
-      return GSS_S_BAD_STATUS;
-  }
-
-  if (buf == NULL) {
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  *message_context = 0;
-  *minor_status = 0;
-
-  status_string->length = strlen(buf);
-  status_string->value  = buf;
-  
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c
deleted file mode 100644
index 2b54e90ec89d..000000000000
--- a/crypto/heimdal/lib/gssapi/duplicate_name.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $");
-
-OM_uint32 gss_duplicate_name (
-            OM_uint32 * minor_status,
-            const gss_name_t src_name,
-            gss_name_t * dest_name
-           )
-{
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT ();
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				src_name,
-				dest_name);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    } else {
-	*minor_status = 0;
-	return GSS_S_COMPLETE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c
deleted file mode 100644
index e7c67504e4e2..000000000000
--- a/crypto/heimdal/lib/gssapi/encapsulate.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: encapsulate.c,v 1.6 2001/08/23 04:35:54 assar Exp $");
-
-void
-gssapi_krb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len)
-{
-    size_t len_len;
-
-    *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
-
-    len_len = length_len(*len);
-
-    *total_len = 1 + len_len + *len;
-}
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
-			 size_t len,
-			 u_char *type)
-{
-    int e;
-    size_t len_len, foo;
-
-    *p++ = 0x60;
-    len_len = length_len(len);
-    e = der_put_length (p + len_len - 1, len_len, len, &foo);
-    if(e || foo != len_len)
-	abort ();
-    p += len_len;
-    *p++ = 0x06;
-    *p++ = GSS_KRB5_MECHANISM->length;
-    memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    p += GSS_KRB5_MECHANISM->length;
-    memcpy (p, type, 2);
-    p += 2;
-    return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-gssapi_krb5_encapsulate(
-			OM_uint32 *minor_status,    
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			u_char *type
-)
-{
-    size_t len, outer_len;
-    u_char *p;
-
-    gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
-    
-    output_token->length = outer_len;
-    output_token->value  = malloc (outer_len);
-    if (output_token->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }	
-
-    p = gssapi_krb5_make_header (output_token->value, len, type);
-    memcpy (p, in_data->data, in_data->length);
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c
deleted file mode 100644
index c5fcbd4fd0cf..000000000000
--- a/crypto/heimdal/lib/gssapi/export_name.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $");
-
-OM_uint32 gss_export_name
-           (OM_uint32  * minor_status,
-            const gss_name_t input_name,
-            gss_buffer_t exported_name
-           )
-{
-    krb5_error_code kret;
-    char *buf, *name;
-    size_t len;
-
-    GSSAPI_KRB5_INIT ();
-    kret = krb5_unparse_name (gssapi_krb5_context,
-			      input_name,
-			      &name);
-    if (kret) {
-	*minor_status = kret;
-	gssapi_krb5_set_error_string ();
-	return GSS_S_FAILURE;
-    }
-    len = strlen (name);
-
-    exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
-    exported_name->value  = malloc(exported_name->length);
-    if (exported_name->value == NULL) {
-	free (name);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    buf = exported_name->value;
-    memcpy(buf, "\x04\x01", 2);
-    buf += 2;
-    buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
-    buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
-    buf+= 2;
-    buf[0] = 0x06;
-    buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
-    buf+= 2;
-
-    memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
-    buf += GSS_KRB5_MECHANISM->length;
-
-    buf[0] = (len >> 24) & 0xff;
-    buf[1] = (len >> 16) & 0xff;
-    buf[2] = (len >> 8) & 0xff;
-    buf[3] = (len) & 0xff;
-    buf += 4;
-
-    memcpy (buf, name, len);
-
-    free (name);
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c
deleted file mode 100644
index c7e626524282..000000000000
--- a/crypto/heimdal/lib/gssapi/export_sec_context.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $");
-
-OM_uint32
-gss_export_sec_context (
-    OM_uint32 * minor_status,
-    gss_ctx_id_t * context_handle,
-    gss_buffer_t interprocess_token
-    )
-{
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    OM_uint32 ret = GSS_S_COMPLETE;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    int flags;
-    OM_uint32 minor;
-    krb5_error_code kret;
-
-    GSSAPI_KRB5_INIT ();
-    if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) {
-	*minor_status = 0;
-	return GSS_S_UNAVAILABLE;
-    }
-
-    sp = krb5_storage_emem ();
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    ac = (*context_handle)->auth_context;
-
-    /* flagging included fields */
-
-    flags = 0;
-    if (ac->local_address)
-	flags |= SC_LOCAL_ADDRESS;
-    if (ac->remote_address)
-	flags |= SC_REMOTE_ADDRESS;
-    if (ac->keyblock)
-	flags |= SC_KEYBLOCK;
-    if (ac->local_subkey)
-	flags |= SC_LOCAL_SUBKEY;
-    if (ac->remote_subkey)
-	flags |= SC_REMOTE_SUBKEY;
-
-    kret = krb5_store_int32 (sp, flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* marshall auth context */
-
-    kret = krb5_store_int32 (sp, ac->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->local_address) {
-	kret = krb5_store_address (sp, *ac->local_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_address) {
-	kret = krb5_store_address (sp, *ac->remote_address);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int16 (sp, ac->local_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int16 (sp, ac->remote_port);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    if (ac->keyblock) {
-	kret = krb5_store_keyblock (sp, *ac->keyblock);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->local_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->local_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    if (ac->remote_subkey) {
-	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    }
-    kret = krb5_store_int32 (sp, ac->local_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
-	if (kret) {
-	    *minor_status = kret;
-	    goto failure;
-	}
-
-    kret = krb5_store_int32 (sp, ac->keytype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, ac->cksumtype);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    /* names */
-
-    ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-    kret = krb5_store_data (sp, data);
-    gss_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
-    if (ret)
-	goto failure;
-    data.data   = buffer.value;
-    data.length = buffer.length;
-
-    ret = GSS_S_FAILURE;
-
-    kret = krb5_store_data (sp, data);
-    gss_release_buffer (&minor, &buffer);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_store_int32 (sp, (*context_handle)->flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-    kret = krb5_store_int32 (sp, (*context_handle)->lifetime);
-    if (kret) {
-	*minor_status = kret;
-	goto failure;
-    }
-
-    kret = krb5_storage_to_data (sp, &data);
-    krb5_storage_free (sp);
-    if (kret) {
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    interprocess_token->length = data.length;
-    interprocess_token->value  = data.data;
-    ret = gss_delete_sec_context (minor_status, context_handle,
-				  GSS_C_NO_BUFFER);
-    if (ret != GSS_S_COMPLETE)
-	gss_release_buffer (NULL, interprocess_token);
-    *minor_status = 0;
-    return ret;
- failure:
-    krb5_storage_free (sp);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/external.c b/crypto/heimdal/lib/gssapi/external.c
deleted file mode 100644
index dca35ea94318..000000000000
--- a/crypto/heimdal/lib/gssapi/external.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x01"};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x02"};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x03"};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, (void *)"\x2b\x06\01\x05\x06\x03"};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) user_name(1)}.  The recommended symbolic name for this
- *   type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- *   This name form shall be represented by the Object Identifier {iso(1)
- *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- *   generic(1) string_uid_name(3)}.  The recommended symbolic name for
- *   this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- *   To support ongoing experimentation, testing, and evolution of the
- *   specification, the Kerberos V5 GSS-API mechanism as defined in this
- *   and any successor memos will be identified with the following Object
- *   Identifier, as defined in RFC-1510, until the specification is
- *   advanced to the level of Proposed Standard RFC:
- *
- *   {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- *   Upon advancement to the level of Proposed Standard RFC, the Kerberos
- *   V5 GSS-API mechanism will be identified by an Object Identifier
- *   having the value:
- *
- *   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- *   gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, (void *)"\x2b\x05\x01\x05\x02"};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-krb5_context gssapi_krb5_context;
diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c
deleted file mode 100644
index e890b081b80e..000000000000
--- a/crypto/heimdal/lib/gssapi/get_mic.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: get_mic.c,v 1.21 2003/03/16 18:02:04 lha Exp $");
-
-static OM_uint32
-mic_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int32_t seq_number;
-  size_t len, total_len;
-
-  gssapi_krb5_encap_length (22, &len, &total_len);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01"); /* TOK_ID */
-
-  memcpy (p, "\x00\x00", 2);	/* SGN_ALG = DES MAC MD5 */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
-  p += 4;
-
-  /* Fill in later (SND-SEQ) */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value, message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  p -= 16;			/* SND_SEQ */
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-  
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-  
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-mic_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  Checksum cksum;
-  u_char seq[8];
-
-  int32_t seq_number;
-  size_t len, total_len;
-
-  krb5_crypto crypto;
-  krb5_error_code kret;
-  krb5_data encdata;
-  char *tmp;
-  char ivec[8];
-
-  gssapi_krb5_encap_length (36, &len, &total_len);
-
-  message_token->length = total_len;
-  message_token->value  = malloc (total_len);
-  if (message_token->value == NULL) {
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(message_token->value,
-			      len,
-			      "\x01\x01"); /* TOK-ID */
-
-  memcpy (p, "\x04\x00", 2);	/* SGN_ALG = HMAC SHA1 DES3-KD */
-  p += 2;
-
-  memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
-  p += 4;
-
-  /* this should be done in parts */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      free (message_token->value);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (kret) {
-      free (message_token->value);
-      free (tmp);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  kret = krb5_create_checksum (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SIGN,
-			       0,
-			       tmp,
-			       message_buffer->length + 8,
-			       &cksum);
-  free (tmp);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  kret = krb5_crypto_init(gssapi_krb5_context, key,
-			  ETYPE_DES3_CBC_NONE, &crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-
-  if (context_handle->more_flags & COMPAT_OLD_DES3)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  kret = krb5_encrypt_ivec (gssapi_krb5_context,
-			    crypto,
-			    KRB5_KU_USAGE_SEQ,
-			    seq, 8, &encdata, ivec);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (kret) {
-      free (message_token->value);
-      gssapi_krb5_set_error_string ();
-      *minor_status = kret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-  
-  free_Checksum (&cksum);
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_get_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_qop_t qop_req,
-            const gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = mic_des (minor_status, context_handle, qop_req,
-		     message_buffer, message_token, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = mic_des3 (minor_status, context_handle, qop_req,
-		      message_buffer, message_token, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3
deleted file mode 100644
index 1d8c0a0f9778..000000000000
--- a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3
+++ /dev/null
@@ -1,465 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: gss_acquire_cred.3,v 1.8.2.1 2003/04/28 13:41:42 lha Exp $
-.\" 
-.Dd April  2, 2003
-.Dt GSS_ACQUIRE_CRED 3
-.Os HEIMDAL
-.Sh NAME
-.Nm gss_accept_sec_context ,
-.Nm gss_acquire_cred ,
-.Nm gss_add_cred ,
-.Nm gss_add_oid_set_member ,
-.Nm gss_canonicalize_name ,
-.Nm gss_compare_name ,
-.Nm gss_context_time ,
-.Nm gss_create_empty_oid_set ,
-.Nm gss_delete_sec_context ,
-.Nm gss_display_name ,
-.Nm gss_display_status ,
-.Nm gss_duplicate_name ,
-.Nm gss_export_name ,
-.Nm gss_export_sec_context ,
-.Nm gss_get_mic ,
-.Nm gss_import_name ,
-.Nm gss_import_sec_context ,
-.Nm gss_indicate_mechs ,
-.Nm gss_init_sec_context ,
-.Nm gss_inquire_context ,
-.Nm gss_inquire_cred ,
-.Nm gss_inquire_cred_by_mech ,
-.Nm gss_inquire_mechs_for_name ,
-.Nm gss_inquire_names_for_mech ,
-.Nm gss_krb5_copy_ccache ,
-.Nm gss_krb5_compat_des3_mic ,
-.Nm gss_process_context_token ,
-.Nm gss_release_buffer ,
-.Nm gss_release_cred ,
-.Nm gss_release_name ,
-.Nm gss_release_oid_set ,
-.Nm gss_seal ,
-.Nm gss_sign ,
-.Nm gss_test_oid_set_member ,
-.Nm gss_unseal ,
-.Nm gss_unwrap ,
-.Nm gss_verify ,
-.Nm gss_verify_mic ,
-.Nm gss_wrap ,
-.Nm gss_wrap_size_limit
-.Nd Generic Security Service Application Program Interface library
-.Sh LIBRARY
-GSS-API library (libgssapi, -lgssapi)
-.Sh SYNOPSIS
-.In gssapi.h
-.Pp
-.Ft OM_uint32
-.Fo gss_accept_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_cred_id_t acceptor_cred_handle"
-.Fa "const gss_buffer_t input_token_buffer"
-.Fa "const gss_channel_bindings_t input_chan_bindings"
-.Fa "gss_name_t * src_name"
-.Fa "gss_OID * mech_type"
-.Fa "gss_buffer_t output_token"
-.Fa "OM_uint32 * ret_flags"
-.Fa "OM_uint32 * time_rec"
-.Fa "gss_cred_id_t * delegated_cred_handle"
-.Fc
-.Pp
-.Ft OM_uint32
-.Fo gss_acquire_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t desired_name"
-.Fa "OM_uint32 time_req"
-.Fa "const gss_OID_set desired_mechs"
-.Fa "gss_cred_usage_t cred_usage"
-.Fa "gss_cred_id_t * output_cred_handle"
-.Fa "gss_OID_set * actual_mechs"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.\" .Fn gss_add_cred
-.Ft OM_uint32
-.Fo gss_add_oid_set_member
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID member_oid"
-.Fa "gss_OID_set * oid_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_canonicalize_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "const gss_OID mech_type"
-.Fa "gss_name_t * output_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_compare_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t name1"
-.Fa "const gss_name_t name2"
-.Fa "int * name_equal"
-.Fc
-.Ft OM_uint32
-.Fo gss_context_time
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_create_empty_oid_set
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * oid_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_delete_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "gss_buffer_t output_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_display_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_buffer_t output_name_buffer"
-.Fa "gss_OID * output_name_type"
-.Fc
-.Ft OM_uint32
-.Fo gss_display_status
-.Fa "OM_uint32 *minor_status"
-.Fa "OM_uint32 status_value"
-.Fa "int status_type"
-.Fa "const gss_OID mech_type"
-.Fa "OM_uint32 *message_context"
-.Fa "gss_buffer_t status_string"
-.Fc
-.Ft OM_uint32
-.Fo gss_duplicate_name
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_name_t src_name"
-.Fa "gss_name_t * dest_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_export_name
-.Fa "OM_uint32  * minor_status"
-.Fa "const gss_name_t input_name"
-.Fa "gss_buffer_t exported_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_export_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "gss_buffer_t interprocess_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_get_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "gss_qop_t qop_req"
-.Fa "const gss_buffer_t message_buffer"
-.Fa "gss_buffer_t message_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_import_name
-.Fa "OM_uint32 * minor_status,
-.Fa "const gss_buffer_t input_name_buffer"
-.Fa "const gss_OID input_name_type"
-.Fa "gss_name_t * output_name"
-.Fc
-.Ft OM_uint32
-.Fo gss_import_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_buffer_t interprocess_token"
-.Fa "gss_ctx_id_t * context_handle"
-.Fc
-.Ft OM_uint32
-.Fo gss_indicate_mechs
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * mech_set"
-.Fc
-.Ft OM_uint32
-.Fo gss_init_sec_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t initiator_cred_handle"
-.Fa "gss_ctx_id_t * context_handle"
-.Fa "const gss_name_t target_name"
-.Fa "const gss_OID mech_type"
-.Fa "OM_uint32 req_flags"
-.Fa "OM_uint32 time_req"
-.Fa "const gss_channel_bindings_t input_chan_bindings"
-.Fa "const gss_buffer_t input_token"
-.Fa "gss_OID * actual_mech_type"
-.Fa "gss_buffer_t output_token"
-.Fa "OM_uint32 * ret_flags"
-.Fa "OM_uint32 * time_rec"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_context
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "gss_name_t * src_name"
-.Fa "gss_name_t * targ_name"
-.Fa "OM_uint32 * lifetime_rec"
-.Fa "gss_OID * mech_type"
-.Fa "OM_uint32 * ctx_flags"
-.Fa "int * locally_initiated"
-.Fa "int * open_context"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_cred_id_t cred_handle"
-.Fa "gss_name_t * name"
-.Fa "OM_uint32 * lifetime"
-.Fa "gss_cred_usage_t * cred_usage"
-.Fa "gss_OID_set * mechanisms"
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_cred_by_mech
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_mechs_for_name
-.Fc
-.Ft OM_uint32
-.Fo gss_inquire_names_for_mech
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_copy_ccache
-.Fa "OM_uint32 *minor"
-.Fa "gss_cred_id_t cred"
-.Fa "krb5_ccache out"
-.Fc
-.Ft OM_uint32
-.Fo gss_krb5_compat_des3_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int onoff"
-.Fc 
-.Ft OM_uint32
-.Fo gss_process_context_token
-.Fc
-.Ft OM_uint32
-.Fo gss_release_buffer
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_buffer_t buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_cred
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_cred_id_t * cred_handle"
-.Fc
-.Ft OM_uint32
-.Fo gss_release_name
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_name_t * input_name"
-.Fc
-.Ft
-.Fo gss_release_oid_set
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_OID_set * set"
-.Fc
-.Ft OM_uint32
-.Fo gss_seal
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "int qop_req"
-.Fa "gss_buffer_t input_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_buffer_t output_message_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_sign
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "int qop_req"
-.Fa "gss_buffer_t message_buffer"
-.Fa "gss_buffer_t message_token"
-.Fc
-.Ft OM_uint32
-.Fo gss_test_oid_set_member
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_OID member"
-.Fa "const gss_OID_set set"
-.Fa "int * present"
-.Fc
-.Ft OM_uint32
-.Fo gss_unseal
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "gss_buffer_t input_message_buffer"
-.Fa "gss_buffer_t output_message_buffer"
-.Fa "int * conf_state"
-.Fa "int * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_unwrap
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t input_message_buffer"
-.Fa "gss_buffer_t output_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_qop_t * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_verify
-.Fa "OM_uint32 * minor_status"
-.Fa "gss_ctx_id_t context_handle"
-.Fa "gss_buffer_t message_buffer"
-.Fa "gss_buffer_t token_buffer"
-.Fa "int * qop_state"
-.Fc
-.Ft OM_uint32
-.Fo gss_verify_mic
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "const gss_buffer_t message_buffer"
-.Fa "const gss_buffer_t token_buffer"
-.Fa "gss_qop_t * qop_state"
-.Fc
-.Ft
-.Fo gss_wrap
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "gss_qop_t qop_req"
-.Fa "const gss_buffer_t input_message_buffer"
-.Fa "int * conf_state"
-.Fa "gss_buffer_t output_message_buffer"
-.Fc
-.Ft OM_uint32
-.Fo gss_wrap_size_limit
-.Fa "OM_uint32 * minor_status"
-.Fa "const gss_ctx_id_t context_handle"
-.Fa "int conf_req_flag"
-.Fa "gss_qop_t qop_req"
-.Fa "OM_uint32 req_output_size"
-.Fa "OM_uint32 * max_input_size"
-.Fc
-.Sh DESCRIPTION
-Generic Security Service API (GSS-API) version 2, and its C binding,
-is described in
-.Li RFC2743
-and
-.Li RFC2744 .
-Version 1 (deprecated) of the C binding is described in
-.Li RFC1509 .
-.Pp
-Heimdals GSS-API implementation supports the following mechanisms
-.Bl -bullet
-.It
-.Li GSS_KRB5_MECHANISM
-.El
-.Pp
-GSS-API have generic name types that all mechanism are supposed to
-implement (if possible)
-.Bl -bullet
-.It
-.Li GSS_C_NT_USER_NAME
-.It
-.Li GSS_C_NT_MACHINE_UID_NAME
-.It
-.Li GSS_C_NT_STRING_UID_NAME
-.It
-.Li GSS_C_NT_HOSTBASED_SERVICE
-.It
-.Li GSS_C_NT_ANONYMOUS
-.It
-.Li GSS_C_NT_EXPORT_NAME
-.El
-.Pp
-GSS-API implementations that supports Kerberos 5 have some additional
-name types
-.Bl -bullet
-.It
-.Li GSS_KRB5_NT_PRINCIPAL_NAME
-.It
-.Li GSS_KRB5_NT_USER_NAME
-.It
-.Li GSS_KRB5_NT_MACHINE_UID_NAME
-.It
-.Li GSS_KRB5_NT_STRING_UID_NAME
-.El
-.Pp
-.Fn gss_display_name
-takes the gss name in
-.Fa input_name
-and put a printable form in
-.Fa output_name_buffer .
-.Fa output_name_buffer
-should be freed when done using
-.Fn gss_release_buffer .
-.Fa output_name_type
-can either be
-.Dv NULL
-or a pointer to a
-.Li gss_OID
-and will in the later case contain the OID type of the name.
-The name should only be used for printing.
-Access control should be done with the result of
-.Fn gss_export_name .
-.Pp
-.Fn gss_sign ,
-.Fn gss_verify ,
-.Fn gss_seal ,
-and
-.Fn gss_unseal
-are part of the GSS-API V1 interface and are obsolete. The functions
-should not be used for new applications.
-They are provided so that version 1 applications can link against the
-library.
-.Pp
-.Fn gss_krb5_copy_ccache
-is an extension to the GSS-API API.
-The function will extract the krb5 credential that are transfered from
-the initiator to the acceptor when using token delegation in the
-Kerberos mechanism.
-The acceptor receives the delegated token in the last argument to
-.Fn gss_accept_sec_context .
-.Pp
-.Nm gss_krb5_compat_des3_mic
-turns on or off the compatibly with older version of Heimdal using
-des3 get and verify mic, this is way to programmatically set the
-[gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see
-COMPATIBILITY section in
-.Xr gssapi 3 ) .
-If the CPP symbol
-.Dv GSS_C_KRB5_COMPAT_DES3_MIC
-is present,
-.Nm gss_krb5_compat_des3_mic
-exists.
-.Nm gss_krb5_compat_des3_mic
-will be removed in a later version of the GSS-API library.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_ccache 3 ,
-.Xr gssapi 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/gssapi/gssapi.3 b/crypto/heimdal/lib/gssapi/gssapi.3
deleted file mode 100644
index ff30042b8c3b..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi.3
+++ /dev/null
@@ -1,158 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: gssapi.3,v 1.5.2.2 2003/04/30 09:56:26 lha Exp $
-.\"
-.Dd January 23, 2003
-.Dt GSSAPI 3
-.Os
-.Sh NAME
-.Nm gssapi
-.Nd Generic Security Service Application Program Interface library
-.Sh LIBRARY
-GSS-API Library (libgssapi, -lgssapi)
-.Sh DESCRIPTION
-The Generic Security Service Application Program Interface (GSS-API)
-provides security services to callers in a generic fashion,
-supportable with a range of underlying mechanisms and technologies and
-hence allowing source-level portability of applications to different
-environments.
-.Sh LIST OF FUNCTIONS
-These functions constitute the gssapi library,
-.Em libgssapi .
-Declarations for these functions may be obtained from the include file
-.Pa gssapi.h .
-.sp 2
-.nf
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u
-\fIName/Page\fP	\fIDescription\fP
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-gss_accept_sec_context.3
-gss_acquire_cred.3
-gss_add_cred.3
-gss_add_oid_set_member.3
-gss_canonicalize_name.3
-gss_compare_name.3
-gss_context_time.3
-gss_create_empty_oid_set.3
-gss_delete_sec_context.3
-gss_display_name.3
-gss_display_status.3
-gss_duplicate_name.3
-gss_export_name.3
-gss_export_sec_context.3
-gss_get_mic.3
-gss_import_name.3
-gss_import_sec_context.3
-gss_indicate_mechs.3
-gss_init_sec_context.3
-gss_inquire_context.3
-gss_inquire_cred.3
-gss_inquire_cred_by_mech.3
-gss_inquire_mechs_for_name.3
-gss_inquire_names_for_mech.3
-gss_krb5_copy_ccache.3
-gss_process_context_token.3
-gss_release_buffer.3
-gss_release_cred.3
-gss_release_name.3
-gss_release_oid_set.3
-gss_seal.3
-gss_sign.3
-gss_test_oid_set_member.3
-gss_unseal.3
-gss_unwrap.3
-gss_verify.3
-gss_verify_mic.3
-gss_wrap.3
-gss_wrap_size_limit.3
-.ta
-.Fi
-.Sh COMPATIBILITY
-The
-.Nm Heimdal
-GSS-API implementation had a bug in releases before 0.6 that made it
-fail to inter-operate when using DES3 with other GSS-API
-implementations when using
-.Fn gss_get_mic
-/
-.Fn gss_verify_mic .
-Its possible to modify the behavior of the generator of the MIC with
-the
-.Pa krb5.conf
-configuration file so that old clients/servers will still
-work.
-.Pp
-New clients/servers will try both the old and new MIC in Heimdal 0.6.
-In 0.7 it will check only if configured and the compatibility code
-will be removed in 0.8.
-.Pp
-Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
-this will change in 0.7 to generate correct des3 mic.
-.Pp
-To turn on compatibility with older clients and servers, change the
-.Nm [gssapi]
-.Ar broken_des3_mic
-in
-.Pa krb5.conf
-that contains a list of globbing expressions that will be matched
-against the server name.
-To turn off generation of the old (incompatible) mic of the MIC use
-.Nm [gssapi]
-.Ar correct_des3_mic .
-.Pp
-If a match for a entry is in both
-.Nm [gssapi]
-.Ar correct_des3_mic
-and
-.Nm [gssapi]
-.Ar correct_des3_mic ,
-the later will override.
-.Pp
-This config option modifies behaviour for both clients and servers.
-.Pp
-Example:
-.Bd -literal -offset indent
-[gssapi]
-	broken_des3_mic = cvs/*@SU.SE
-	broken_des3_mic = host/*@E.KTH.SE
-	correct_des3_mic = host/*@SU.SE
-.Ed
-.Sh BUGS
-All of 0.5.x versions of
-.Nm heimdal
-had broken token delegations in the client side, the server side was
-correct.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h
deleted file mode 100644
index 12ac426b01bc..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi.h
+++ /dev/null
@@ -1,788 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi.h,v 1.26.2.2 2003/05/07 11:12:21 lha Exp $ */
-
-#ifndef GSSAPI_H_
-#define GSSAPI_H_
-
-/*
- * First, include stddef.h to get size_t defined.
- */
-#include <stddef.h>
-
-#include <krb5-types.h>
-
-/*
- * Now define the three implementation-dependent types.
- */
-
-typedef u_int32_t OM_uint32;
-
-typedef u_int32_t gss_uint32;
-
-/*
- * This is to avoid having to include <krb5.h>
- */
-
-struct krb5_auth_context_data;
-
-struct Principal;
-
-/* typedef void *gss_name_t; */
-
-typedef struct Principal *gss_name_t;
-
-typedef struct gss_ctx_id_t_desc_struct {
-  struct krb5_auth_context_data *auth_context;
-  gss_name_t source, target;
-  OM_uint32 flags;
-  enum { LOCAL = 1, OPEN = 2, 
-	 COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8 } more_flags;
-  struct krb5_ticket *ticket;
-  time_t lifetime;
-} gss_ctx_id_t_desc;
-
-typedef gss_ctx_id_t_desc *gss_ctx_id_t;
-
-typedef struct gss_OID_desc_struct {
-      OM_uint32 length;
-      void      *elements;
-} gss_OID_desc, *gss_OID;
-
-typedef struct gss_OID_set_desc_struct  {
-      size_t     count;
-      gss_OID    elements;
-} gss_OID_set_desc, *gss_OID_set;
-
-struct krb5_keytab_data;
-
-struct krb5_ccache_data;
-
-typedef int gss_cred_usage_t;
-
-typedef struct gss_cred_id_t_desc_struct {
-  gss_name_t principal;
-  struct krb5_keytab_data *keytab;
-  OM_uint32 lifetime;
-  gss_cred_usage_t usage;
-  gss_OID_set mechanisms;
-  struct krb5_ccache_data *ccache;
-} gss_cred_id_t_desc;
-
-typedef gss_cred_id_t_desc *gss_cred_id_t;
-
-typedef struct gss_buffer_desc_struct {
-      size_t length;
-      void *value;
-} gss_buffer_desc, *gss_buffer_t;
-
-typedef struct gss_channel_bindings_struct {
-      OM_uint32 initiator_addrtype;
-      gss_buffer_desc initiator_address;
-      OM_uint32 acceptor_addrtype;
-      gss_buffer_desc acceptor_address;
-      gss_buffer_desc application_data;
-} *gss_channel_bindings_t;
-
-/*
- * For now, define a QOP-type as an OM_uint32
- */
-typedef OM_uint32 gss_qop_t;
-
-/*
- * Flag bits for context-level services.
- */
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_SEQUENCE_FLAG 8
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-#define GSS_C_ANON_FLAG 64
-#define GSS_C_PROT_READY_FLAG 128
-#define GSS_C_TRANS_FLAG 256
-
-/*
- * Credential usage options
- */
-#define GSS_C_BOTH 0
-#define GSS_C_INITIATE 1
-#define GSS_C_ACCEPT 2
-
-/*
- * Status code types for gss_display_status
- */
-#define GSS_C_GSS_CODE 1
-#define GSS_C_MECH_CODE 2
-
-/*
- * The constant definitions for channel-bindings address families
- */
-#define GSS_C_AF_UNSPEC     0
-#define GSS_C_AF_LOCAL      1
-#define GSS_C_AF_INET       2
-#define GSS_C_AF_IMPLINK    3
-#define GSS_C_AF_PUP        4
-#define GSS_C_AF_CHAOS      5
-#define GSS_C_AF_NS         6
-#define GSS_C_AF_NBS        7
-#define GSS_C_AF_ECMA       8
-#define GSS_C_AF_DATAKIT    9
-#define GSS_C_AF_CCITT      10
-#define GSS_C_AF_SNA        11
-#define GSS_C_AF_DECnet     12
-#define GSS_C_AF_DLI        13
-#define GSS_C_AF_LAT        14
-#define GSS_C_AF_HYLINK     15
-#define GSS_C_AF_APPLETALK  16
-#define GSS_C_AF_BSC        17
-#define GSS_C_AF_DSS        18
-#define GSS_C_AF_OSI        19
-#define GSS_C_AF_X25        21
-#define GSS_C_AF_INET6	    24
-
-#define GSS_C_AF_NULLADDR   255
-
-/*
- * Various Null values
- */
-#define GSS_C_NO_NAME ((gss_name_t) 0)
-#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
-#define GSS_C_NO_OID ((gss_OID) 0)
-#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
-#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
-#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
-#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
-#define GSS_C_EMPTY_BUFFER {0, NULL}
-
-/*
- * Some alternate names for a couple of the above
- * values.  These are defined for V1 compatibility.
- */
-#define GSS_C_NULL_OID GSS_C_NO_OID
-#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
-
-/*
- * Define the default Quality of Protection for per-message
- * services.  Note that an implementation that offers multiple
- * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
- * (as done here) to mean "default protection", or to a specific
- * explicit QOP value.  However, a value of 0 should always be
- * interpreted by a GSSAPI implementation as a request for the
- * default protection level.
- */
-#define GSS_C_QOP_DEFAULT 0
-
-#define GSS_KRB5_CONF_C_QOP_DES		0x0100
-#define GSS_KRB5_CONF_C_QOP_DES3_KD	0x0200
-
-/*
- * Expiration time of 2^32-1 seconds means infinite lifetime for a
- * credential or security context
- */
-#define GSS_C_INDEFINITE 0xfffffffful
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_USER_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_STRING_UID_NAME;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)).  The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc.  This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- *              "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}.  The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_ANONYMOUS;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}.  The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-extern gss_OID GSS_C_NT_EXPORT_NAME;
-
-/*
- * This if for kerberos5 names.
- */
-
-extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
-extern gss_OID GSS_KRB5_NT_USER_NAME;
-extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
-extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
-
-extern gss_OID GSS_KRB5_MECHANISM;
-
-/* for compatibility with MIT api */
-
-#define gss_mech_krb5 GSS_KRB5_MECHANISM
-
-/* Major status codes */
-
-#define GSS_S_COMPLETE 0
-
-/*
- * Some "helper" definitions to make the status code macros obvious.
- */
-#define GSS_C_CALLING_ERROR_OFFSET 24
-#define GSS_C_ROUTINE_ERROR_OFFSET 16
-#define GSS_C_SUPPLEMENTARY_OFFSET 0
-#define GSS_C_CALLING_ERROR_MASK 0377ul
-#define GSS_C_ROUTINE_ERROR_MASK 0377ul
-#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
-
-/*
- * The macros that test status codes for error conditions.
- * Note that the GSS_ERROR() macro has changed slightly from
- * the V1 GSSAPI so that it now evaluates its argument
- * only once.
- */
-#define GSS_CALLING_ERROR(x) \
-  (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
-#define GSS_ROUTINE_ERROR(x) \
-  (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
-#define GSS_SUPPLEMENTARY_INFO(x) \
-  (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
-#define GSS_ERROR(x) \
-  (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-        (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
-
-/*
- * Now the actual status code definitions
- */
-
-/*
- * Calling errors:
- */
-#define GSS_S_CALL_INACCESSIBLE_READ \
-                             (1ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_INACCESSIBLE_WRITE \
-                             (2ul << GSS_C_CALLING_ERROR_OFFSET)
-#define GSS_S_CALL_BAD_STRUCTURE \
-                             (3ul << GSS_C_CALLING_ERROR_OFFSET)
-
-/*
- * Routine errors:
- */
-#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_MIC GSS_S_BAD_SIG
-#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
-#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
-
-/*
- * Supplementary info bits:
- */
-#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
-#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
-#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
-#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
-#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
-
-/*
- * From RFC1964:
- *
- * 4.1.1. Non-Kerberos-specific codes
- */
-
-#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1
-           /* "No @ in SERVICE-NAME name string" */
-#define GSS_KRB5_S_G_BAD_STRING_UID 2
-           /* "STRING-UID-NAME contains nondigits" */
-#define GSS_KRB5_S_G_NOUSER 3
-           /* "UID does not resolve to username" */
-#define GSS_KRB5_S_G_VALIDATE_FAILED 4
-           /* "Validation error" */
-#define GSS_KRB5_S_G_BUFFER_ALLOC 5
-           /* "Couldn't allocate gss_buffer_t data" */
-#define GSS_KRB5_S_G_BAD_MSG_CTX 6
-           /* "Message context invalid" */
-#define GSS_KRB5_S_G_WRONG_SIZE 7
-           /* "Buffer is the wrong size" */
-#define GSS_KRB5_S_G_BAD_USAGE 8
-           /* "Credential usage type is unknown" */
-#define GSS_KRB5_S_G_UNKNOWN_QOP 9
-           /* "Unknown quality of protection specified" */
-
-  /*
-   * 4.1.2. Kerberos-specific-codes
-   */
-
-#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10
-           /* "Principal in credential cache does not match desired name" */
-#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11
-           /* "No principal in keytab matches desired name" */
-#define GSS_KRB5_S_KG_TGT_MISSING 12
-           /* "Credential cache has no TGT" */
-#define GSS_KRB5_S_KG_NO_SUBKEY 13
-           /* "Authenticator has no subkey" */
-#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14
-           /* "Context is already fully established" */
-#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15
-           /* "Unknown signature type in token" */
-#define GSS_KRB5_S_KG_BAD_LENGTH 16
-           /* "Invalid field length in token" */
-#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17
-           /* "Attempt to use incomplete security context" */
-
-/*
- * Finally, function prototypes for the GSS-API routines.
- */
-
-OM_uint32 gss_acquire_cred
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*desired_name*/,
-            OM_uint32 /*time_req*/,
-            const gss_OID_set /*desired_mechs*/,
-            gss_cred_usage_t /*cred_usage*/,
-            gss_cred_id_t * /*output_cred_handle*/,
-            gss_OID_set * /*actual_mechs*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_release_cred
-           (OM_uint32 * /*minor_status*/,
-            gss_cred_id_t * /*cred_handle*/
-           );
-
-OM_uint32 gss_init_sec_context
-           (OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*initiator_cred_handle*/,
-            gss_ctx_id_t * /*context_handle*/,
-            const gss_name_t /*target_name*/,
-            const gss_OID /*mech_type*/,
-            OM_uint32 /*req_flags*/,
-            OM_uint32 /*time_req*/,
-            const gss_channel_bindings_t /*input_chan_bindings*/,
-            const gss_buffer_t /*input_token*/,
-            gss_OID * /*actual_mech_type*/,
-            gss_buffer_t /*output_token*/,
-            OM_uint32 * /*ret_flags*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_accept_sec_context
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            const gss_cred_id_t /*acceptor_cred_handle*/,
-            const gss_buffer_t /*input_token_buffer*/,
-            const gss_channel_bindings_t /*input_chan_bindings*/,
-            gss_name_t * /*src_name*/,
-            gss_OID * /*mech_type*/,
-            gss_buffer_t /*output_token*/,
-            OM_uint32 * /*ret_flags*/,
-            OM_uint32 * /*time_rec*/,
-            gss_cred_id_t * /*delegated_cred_handle*/
-           );
-
-OM_uint32 gss_process_context_token
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*token_buffer*/
-           );
-
-OM_uint32 gss_delete_sec_context
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            gss_buffer_t /*output_token*/
-           );
-
-OM_uint32 gss_context_time
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            OM_uint32 * /*time_rec*/
-           );
-
-OM_uint32 gss_get_mic
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            gss_qop_t /*qop_req*/,
-            const gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*message_token*/
-           );
-
-OM_uint32 gss_verify_mic
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*message_buffer*/,
-            const gss_buffer_t /*token_buffer*/,
-            gss_qop_t * /*qop_state*/
-           );
-
-OM_uint32 gss_wrap
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            gss_qop_t /*qop_req*/,
-            const gss_buffer_t /*input_message_buffer*/,
-            int * /*conf_state*/,
-            gss_buffer_t /*output_message_buffer*/
-           );
-
-OM_uint32 gss_unwrap
-           (OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            const gss_buffer_t /*input_message_buffer*/,
-            gss_buffer_t /*output_message_buffer*/,
-            int * /*conf_state*/,
-            gss_qop_t * /*qop_state*/
-           );
-
-OM_uint32 gss_display_status
-           (OM_uint32 * /*minor_status*/,
-            OM_uint32 /*status_value*/,
-            int /*status_type*/,
-            const gss_OID /*mech_type*/,
-            OM_uint32 * /*message_context*/,
-            gss_buffer_t /*status_string*/
-           );
-
-OM_uint32 gss_indicate_mechs
-           (OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*mech_set*/
-           );
-
-OM_uint32 gss_compare_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*name1*/,
-            const gss_name_t /*name2*/,
-            int * /*name_equal*/
-           );
-
-OM_uint32 gss_display_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_buffer_t /*output_name_buffer*/,
-            gss_OID * /*output_name_type*/
-           );
-
-OM_uint32 gss_import_name
-           (OM_uint32 * /*minor_status*/,
-            const gss_buffer_t /*input_name_buffer*/,
-            const gss_OID /*input_name_type*/,
-            gss_name_t * /*output_name*/
-           );
-
-OM_uint32 gss_export_name
-           (OM_uint32  * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_buffer_t /*exported_name*/
-           );
-
-OM_uint32 gss_release_name
-           (OM_uint32 * /*minor_status*/,
-            gss_name_t * /*input_name*/
-           );
-
-OM_uint32 gss_release_buffer
-           (OM_uint32 * /*minor_status*/,
-            gss_buffer_t /*buffer*/
-           );
-
-OM_uint32 gss_release_oid_set
-           (OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*set*/
-           );
-
-OM_uint32 gss_inquire_cred
-           (OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*cred_handle*/,
-            gss_name_t * /*name*/,
-            OM_uint32 * /*lifetime*/,
-            gss_cred_usage_t * /*cred_usage*/,
-            gss_OID_set * /*mechanisms*/
-           );
-
-OM_uint32 gss_inquire_context (
-            OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            gss_name_t * /*src_name*/,
-            gss_name_t * /*targ_name*/,
-            OM_uint32 * /*lifetime_rec*/,
-            gss_OID * /*mech_type*/,
-            OM_uint32 * /*ctx_flags*/,
-            int * /*locally_initiated*/,
-            int * /*open_context*/
-           );
-
-OM_uint32 gss_wrap_size_limit (
-            OM_uint32 * /*minor_status*/,
-            const gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            gss_qop_t /*qop_req*/,
-            OM_uint32 /*req_output_size*/,
-            OM_uint32 * /*max_input_size*/
-           );
-
-OM_uint32 gss_add_cred (
-            OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*input_cred_handle*/,
-            const gss_name_t /*desired_name*/,
-            const gss_OID /*desired_mech*/,
-            gss_cred_usage_t /*cred_usage*/,
-            OM_uint32 /*initiator_time_req*/,
-            OM_uint32 /*acceptor_time_req*/,
-            gss_cred_id_t * /*output_cred_handle*/,
-            gss_OID_set * /*actual_mechs*/,
-            OM_uint32 * /*initiator_time_rec*/,
-            OM_uint32 * /*acceptor_time_rec*/
-           );
-
-OM_uint32 gss_inquire_cred_by_mech (
-            OM_uint32 * /*minor_status*/,
-            const gss_cred_id_t /*cred_handle*/,
-            const gss_OID /*mech_type*/,
-            gss_name_t * /*name*/,
-            OM_uint32 * /*initiator_lifetime*/,
-            OM_uint32 * /*acceptor_lifetime*/,
-            gss_cred_usage_t * /*cred_usage*/
-           );
-
-OM_uint32 gss_export_sec_context (
-            OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t * /*context_handle*/,
-            gss_buffer_t /*interprocess_token*/
-           );
-
-OM_uint32 gss_import_sec_context (
-            OM_uint32 * /*minor_status*/,
-            const gss_buffer_t /*interprocess_token*/,
-            gss_ctx_id_t * /*context_handle*/
-           );
-
-OM_uint32 gss_create_empty_oid_set (
-            OM_uint32 * /*minor_status*/,
-            gss_OID_set * /*oid_set*/
-           );
-
-OM_uint32 gss_add_oid_set_member (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*member_oid*/,
-            gss_OID_set * /*oid_set*/
-           );
-
-OM_uint32 gss_test_oid_set_member (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*member*/,
-            const gss_OID_set /*set*/,
-            int * /*present*/
-           );
-
-OM_uint32 gss_inquire_names_for_mech (
-            OM_uint32 * /*minor_status*/,
-            const gss_OID /*mechanism*/,
-            gss_OID_set * /*name_types*/
-           );
-
-OM_uint32 gss_inquire_mechs_for_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            gss_OID_set * /*mech_types*/
-           );
-
-OM_uint32 gss_canonicalize_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*input_name*/,
-            const gss_OID /*mech_type*/,
-            gss_name_t * /*output_name*/
-           );
-
-OM_uint32 gss_duplicate_name (
-            OM_uint32 * /*minor_status*/,
-            const gss_name_t /*src_name*/,
-            gss_name_t * /*dest_name*/
-           );
-
-/*
- * The following routines are obsolete variants of gss_get_mic,
- * gss_verify_mic, gss_wrap and gss_unwrap.  They should be
- * provided by GSSAPI V2 implementations for backwards
- * compatibility with V1 applications.  Distinct entrypoints
- * (as opposed to #defines) should be provided, both to allow
- * GSSAPI V1 applications to link against GSSAPI V2 implementations,
- * and to retain the slight parameter type differences between the
- * obsolete versions of these routines and their current forms.
- */
-
-OM_uint32 gss_sign
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            int /*qop_req*/,
-            gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*message_token*/
-           );
-
-OM_uint32 gss_verify
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            gss_buffer_t /*message_buffer*/,
-            gss_buffer_t /*token_buffer*/,
-            int * /*qop_state*/
-           );
-
-OM_uint32 gss_seal
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            int /*conf_req_flag*/,
-            int /*qop_req*/,
-            gss_buffer_t /*input_message_buffer*/,
-            int * /*conf_state*/,
-            gss_buffer_t /*output_message_buffer*/
-           );
-
-OM_uint32 gss_unseal
-           (OM_uint32 * /*minor_status*/,
-            gss_ctx_id_t /*context_handle*/,
-            gss_buffer_t /*input_message_buffer*/,
-            gss_buffer_t /*output_message_buffer*/,
-            int * /*conf_state*/,
-            int * /*qop_state*/
-           );
-
-/*
- * kerberos mechanism specific functions
- */
-
-OM_uint32 gsskrb5_register_acceptor_identity
-        (const char */*identity*/);
-
-OM_uint32 gss_krb5_copy_ccache
-	(OM_uint32 */*minor*/,
-	 gss_cred_id_t /*cred*/,
-	 struct krb5_ccache_data */*out*/);
-
-#define GSS_C_KRB5_COMPAT_DES3_MIC 1
-
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* GSSAPI_H_ */
diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h
deleted file mode 100644
index a27b27ae0a3a..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi_locl.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: gssapi_locl.h,v 1.24 2003/03/16 17:30:15 lha Exp $ */
-
-#ifndef GSSAPI_LOCL_H
-#define GSSAPI_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <krb5_locl.h>
-#include <gssapi.h>
-#include <assert.h>
-
-extern krb5_context gssapi_krb5_context;
-
-extern krb5_keytab gssapi_krb5_keytab;
-
-krb5_error_code gssapi_krb5_init (void);
-
-#define GSSAPI_KRB5_INIT() do {					\
-    krb5_error_code kret;					\
-    if((kret = gssapi_krb5_init ()) != 0) {	\
-	*minor_status = kret;					\
-	return GSS_S_FAILURE;					\
-    }								\
-} while (0)
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
-		      OM_uint32 *minor_status,
-		      const gss_channel_bindings_t input_chan_bindings,
-		      OM_uint32 flags,
-                      const krb5_data *fwd_data,
-		      Checksum *result);
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum (
-		      OM_uint32 *minor_status,
-		      const gss_channel_bindings_t input_chan_bindings,
-		      const Checksum *cksum,
-		      OM_uint32 *flags,
-                      krb5_data *fwd_data);
-
-OM_uint32
-gssapi_krb5_encapsulate(
-			OM_uint32 *minor_status,
-			const krb5_data *in_data,
-			gss_buffer_t output_token,
-			u_char *type);
-
-OM_uint32
-gssapi_krb5_decapsulate(
-			OM_uint32 *minor_status,
-			gss_buffer_t input_token_buffer,
-			krb5_data *out_data,
-			char *type);
-
-void
-gssapi_krb5_encap_length (size_t data_len,
-			  size_t *len,
-			  size_t *total_len);
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
-			 size_t len,
-			 u_char *type);
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
-			  size_t total_len,
-			  char *type);
-
-OM_uint32
-gss_verify_mic_internal(OM_uint32 * minor_status,
-			const gss_ctx_id_t context_handle,
-			const gss_buffer_t message_buffer,
-			const gss_buffer_t token_buffer,
-			gss_qop_t * qop_state,
-			char * type);
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key);
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
-		      krb5_keyblock **key);
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
-                        gss_buffer_desc *gss_addr,
-                        int16_t port,
-                        krb5_address *address);
-
-/* sec_context flags */
-
-#define SC_LOCAL_ADDRESS  0x01
-#define SC_REMOTE_ADDRESS 0x02
-#define SC_KEYBLOCK	  0x04
-#define SC_LOCAL_SUBKEY	  0x08
-#define SC_REMOTE_SUBKEY  0x10
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b);
-
-void
-gssapi_krb5_set_error_string (void);
-
-char *
-gssapi_krb5_get_error_string (void);
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx);
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c
deleted file mode 100644
index 423e75714664..000000000000
--- a/crypto/heimdal/lib/gssapi/import_name.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
-
-static OM_uint32
-parse_krb5_name (OM_uint32 *minor_status,
-		 const char *name,
-		 gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-
-    kerr = krb5_parse_name (gssapi_krb5_context, name, output_name);
-
-    if (kerr == 0)
-	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_BAD_NAME;
-    } else {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_FAILURE;
-    }
-}
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
-		  const gss_buffer_t input_name_buffer,
-		  gss_name_t *output_name)
-{
-    OM_uint32 ret;
-    char *tmp;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    ret = parse_krb5_name(minor_status, tmp, output_name);
-    free(tmp);
-
-    return ret;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
-		       const gss_buffer_t input_name_buffer,
-		       gss_name_t *output_name)
-{
-    krb5_error_code kerr;
-    char *tmp;
-    char *p;
-    char *host;
-    char local_hostname[MAXHOSTNAMELEN];
-
-    *output_name = NULL;
-
-    tmp = malloc (input_name_buffer->length + 1);
-    if (tmp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy (tmp,
-	    input_name_buffer->value,
-	    input_name_buffer->length);
-    tmp[input_name_buffer->length] = '\0';
-
-    p = strchr (tmp, '@');
-    if (p != NULL) {
-	*p = '\0';
-	host = p + 1;
-    } else {
-	if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
-	    *minor_status = errno;
-	    free (tmp);
-	    return GSS_S_FAILURE;
-	}
-	host = local_hostname;
-    }
-
-    kerr = krb5_sname_to_principal (gssapi_krb5_context,
-				    host,
-				    tmp,
-				    KRB5_NT_SRV_HST,
-				    output_name);
-    free (tmp);
-    *minor_status = kerr;
-    if (kerr == 0)
-	return GSS_S_COMPLETE;
-    else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_BAD_NAME;
-    } else {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kerr;
-	return GSS_S_FAILURE;
-    }
-}
-
-static OM_uint32
-import_export_name (OM_uint32 *minor_status,
-		    const gss_buffer_t input_name_buffer,
-		    gss_name_t *output_name)
-{
-    unsigned char *p;
-    uint32_t length;
-    OM_uint32 ret;
-    char *name;
-
-    if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
-    p = input_name_buffer->value;
-
-    if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
-	p[3] != GSS_KRB5_MECHANISM->length + 2 ||
-	p[4] != 0x06 ||
-	p[5] != GSS_KRB5_MECHANISM->length ||
-	memcmp(&p[6], GSS_KRB5_MECHANISM->elements, 
-	       GSS_KRB5_MECHANISM->length) != 0)
-	return GSS_S_BAD_NAME;
-
-    p += 6 + GSS_KRB5_MECHANISM->length;
-
-    length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
-    p += 4;
-
-    if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
-	return GSS_S_BAD_NAME;
-
-    name = malloc(length + 1);
-    if (name == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-    memcpy(name, p, length);
-    name[length] = '\0';
-
-    ret = parse_krb5_name(minor_status, name, output_name);
-    free(name);
-
-    return ret;
-}
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b)
-{
-	if (a == b)
-		return 1;
-	else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)
-		return 0;
-	else
-		return memcmp(a->elements, b->elements, a->length) == 0;
-}
-
-OM_uint32 gss_import_name
-           (OM_uint32 * minor_status,
-            const gss_buffer_t input_name_buffer,
-            const gss_OID input_name_type,
-            gss_name_t * output_name
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    *minor_status = 0;
-    *output_name = GSS_C_NO_NAME;
-    
-    if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
-	return import_hostbased_name (minor_status,
-				      input_name_buffer,
-				      output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
-	     || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
-	     || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
- 	/* default printable syntax */
-	return import_krb5_name (minor_status,
-				 input_name_buffer,
-				 output_name);
-    else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
-	return import_export_name(minor_status,
-				  input_name_buffer, 
-				  output_name);
-    } else {
-	*minor_status = 0;
-	return GSS_S_BAD_NAMETYPE;
-    }
-}
diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c
deleted file mode 100644
index 2daa5736ca8d..000000000000
--- a/crypto/heimdal/lib/gssapi/import_sec_context.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $");
-
-OM_uint32
-gss_import_sec_context (
-    OM_uint32 * minor_status,
-    const gss_buffer_t interprocess_token,
-    gss_ctx_id_t * context_handle
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_storage *sp;
-    krb5_auth_context ac;
-    krb5_address local, remote;
-    krb5_address *localp, *remotep;
-    krb5_data data;
-    gss_buffer_desc buffer;
-    krb5_keyblock keyblock;
-    int32_t tmp;
-    int32_t flags;
-    OM_uint32 minor;
-
-    GSSAPI_KRB5_INIT ();
-
-    localp = remotep = NULL;
-
-    sp = krb5_storage_from_mem (interprocess_token->value,
-				interprocess_token->length);
-    if (sp == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    *context_handle = malloc(sizeof(**context_handle));
-    if (*context_handle == NULL) {
-	*minor_status = ENOMEM;
-	krb5_storage_free (sp);
-	return GSS_S_FAILURE;
-    }
-    memset (*context_handle, 0, sizeof(**context_handle));
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    /* flags */
-
-    *minor_status = 0;
-
-    if (krb5_ret_int32 (sp, &flags) != 0)
-	goto failure;
-
-    /* retrieve the auth context */
-
-    ac = (*context_handle)->auth_context;
-    krb5_ret_int32 (sp, &ac->flags);
-    if (flags & SC_LOCAL_ADDRESS) {
-	if (krb5_ret_address (sp, localp = &local) != 0)
-	    goto failure;
-    }
-
-    if (flags & SC_REMOTE_ADDRESS) {
-	if (krb5_ret_address (sp, remotep = &remote) != 0)
-	    goto failure;
-    }
-
-    krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
-    if (localp)
-	krb5_free_address (gssapi_krb5_context, localp);
-    if (remotep)
-	krb5_free_address (gssapi_krb5_context, remotep);
-    localp = remotep = NULL;
-
-    if (krb5_ret_int16 (sp, &ac->local_port) != 0)
-	goto failure;
-
-    if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
-	goto failure;
-    if (flags & SC_KEYBLOCK) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (flags & SC_LOCAL_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (flags & SC_REMOTE_SUBKEY) {
-	if (krb5_ret_keyblock (sp, &keyblock) != 0)
-	    goto failure;
-	krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
-	krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
-    }
-    if (krb5_ret_int32 (sp, &ac->local_seqnumber))
-	goto failure;
-    if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
-	goto failure;
-
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->keytype = tmp;
-    if (krb5_ret_int32 (sp, &tmp) != 0)
-	goto failure;
-    ac->cksumtype = tmp;
-
-    /* names */
-
-    if (krb5_ret_data (sp, &data))
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-			   &(*context_handle)->source);
-    if (ret) {
-	ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-			       &(*context_handle)->source);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }
-    krb5_data_free (&data);
-
-    if (krb5_ret_data (sp, &data) != 0)
-	goto failure;
-    buffer.value  = data.data;
-    buffer.length = data.length;
-
-    ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
-			   &(*context_handle)->target);
-    if (ret) {
-	ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
-			       &(*context_handle)->target);
-	if (ret) {
-	    krb5_data_free (&data);
-	    goto failure;
-	}
-    }    
-    krb5_data_free (&data);
-
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    (*context_handle)->flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp))
-	goto failure;
-    (*context_handle)->more_flags = tmp;
-    if (krb5_ret_int32 (sp, &tmp) == 0)
-	(*context_handle)->lifetime = tmp;
-    else
-	(*context_handle)->lifetime = GSS_C_INDEFINITE;
-
-    return GSS_S_COMPLETE;
-
-failure:
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if ((*context_handle)->source != NULL)
-	gss_release_name(&minor, &(*context_handle)->source);
-    if ((*context_handle)->target != NULL)
-	gss_release_name(&minor, &(*context_handle)->target);
-    if (localp)
-	krb5_free_address (gssapi_krb5_context, localp);
-    if (remotep)
-	krb5_free_address (gssapi_krb5_context, remotep);
-    free (*context_handle);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c
deleted file mode 100644
index 89191bb93514..000000000000
--- a/crypto/heimdal/lib/gssapi/indicate_mechs.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $");
-
-OM_uint32 gss_indicate_mechs
-           (OM_uint32 * minor_status,
-            gss_OID_set * mech_set
-           )
-{
-  OM_uint32 ret;
-
-  ret = gss_create_empty_oid_set(minor_status, mech_set);
-  if (ret)
-      return ret;
-
-  ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
-  if (ret)
-      return ret;
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c
deleted file mode 100644
index ddc0d7090a92..000000000000
--- a/crypto/heimdal/lib/gssapi/init.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");
-
-krb5_error_code
-gssapi_krb5_init (void)
-{
-    if(gssapi_krb5_context == NULL)
-	return krb5_init_context (&gssapi_krb5_context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
deleted file mode 100644
index 64730388e797..000000000000
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init_sec_context.c,v 1.36 2003/03/16 18:00:00 lha Exp $");
-
-/*
- * copy the addresses from `input_chan_bindings' (if any) to
- * the auth context `ac'
- */
-
-static OM_uint32
-set_addresses (krb5_auth_context ac,
-	       const gss_channel_bindings_t input_chan_bindings)	       
-{
-    /* Port numbers are expected to be in application_data.value, 
-     * initator's port first */ 
-
-    krb5_address initiator_addr, acceptor_addr;
-    krb5_error_code kret;
-       
-    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
-	|| input_chan_bindings->application_data.length !=
-	2 * sizeof(ac->local_port))
-	return 0;
-
-    memset(&initiator_addr, 0, sizeof(initiator_addr));
-    memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-       
-    ac->local_port =
-	*(int16_t *) input_chan_bindings->application_data.value;
-       
-    ac->remote_port =
-	*((int16_t *) input_chan_bindings->application_data.value + 1);
-       
-    kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
-				   &input_chan_bindings->acceptor_address,
-				   ac->remote_port,
-				   &acceptor_addr);
-    if (kret)
-	return kret;
-           
-    kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
-				   &input_chan_bindings->initiator_address,
-				   ac->local_port,
-				   &initiator_addr);
-    if (kret) {
-	krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-	return kret;
-    }
-       
-    kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
-				  ac,
-				  &initiator_addr,  /* local address */
-				  &acceptor_addr);  /* remote address */
-       
-    krb5_free_address (gssapi_krb5_context, &initiator_addr);
-    krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-       
-#if 0
-    free(input_chan_bindings->application_data.value);
-    input_chan_bindings->application_data.value = NULL;
-    input_chan_bindings->application_data.length = 0;
-#endif
-
-    return kret;
-}
-
-/*
- * handle delegated creds in init-sec-context
- */
-
-static void
-do_delegation (krb5_auth_context ac,
-	       krb5_ccache ccache,
-	       krb5_creds *cred,
-	       const gss_name_t target_name,
-	       krb5_data *fwd_data,
-	       int *flags)
-{
-    krb5_creds creds;
-    krb5_kdc_flags fwd_flags;
-    krb5_error_code kret;
-       
-    memset (&creds, 0, sizeof(creds));
-    krb5_data_zero (fwd_data);
-       
-    kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
-    if (kret) 
-	goto out;
-       
-    kret = krb5_build_principal(gssapi_krb5_context,
-				&creds.server,
-				strlen(creds.client->realm),
-				creds.client->realm,
-				KRB5_TGS_NAME,
-				creds.client->realm,
-				NULL);
-    if (kret)
-	goto out; 
-       
-    creds.times.endtime = 0;
-       
-    fwd_flags.i = 0;
-    fwd_flags.b.forwarded = 1;
-    fwd_flags.b.forwardable = 1;
-       
-    if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
-	target_name->name.name_string.len < 2) 
-	goto out;
-       
-    kret = krb5_get_forwarded_creds(gssapi_krb5_context,
-				    ac,
-				    ccache,
-				    fwd_flags.i,
-				    target_name->name.name_string.val[1],
-				    &creds,
-				    fwd_data);
-       
- out:
-    if (kret)
-	*flags &= ~GSS_C_DELEG_FLAG;
-    else
-	*flags |= GSS_C_DELEG_FLAG;
-       
-    if (creds.client)
-	krb5_free_principal(gssapi_krb5_context, creds.client);
-    if (creds.server)
-	krb5_free_principal(gssapi_krb5_context, creds.server);
-}
-
-/*
- * first stage of init-sec-context
- */
-
-static OM_uint32
-init_auth
-(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    krb5_error_code kret;
-    krb5_flags ap_options;
-    krb5_creds this_cred, *cred;
-    krb5_data outbuf;
-    krb5_ccache ccache;
-    u_int32_t flags;
-    Authenticator *auth;
-    krb5_data authenticator;
-    Checksum cksum;
-    krb5_enctype enctype;
-    krb5_data fwd_data;
-
-    krb5_data_zero(&outbuf);
-    krb5_data_zero(&fwd_data);
-
-    *minor_status = 0;
-
-    *context_handle = malloc(sizeof(**context_handle));
-    if (*context_handle == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    (*context_handle)->auth_context = NULL;
-    (*context_handle)->source       = NULL;
-    (*context_handle)->target       = NULL;
-    (*context_handle)->flags        = 0;
-    (*context_handle)->more_flags   = 0;
-    (*context_handle)->ticket       = NULL;
-    (*context_handle)->lifetime     = GSS_C_INDEFINITE;
-
-    kret = krb5_auth_con_init (gssapi_krb5_context,
-			       &(*context_handle)->auth_context);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = set_addresses ((*context_handle)->auth_context,
-			  input_chan_bindings);
-    if (kret) {
-	*minor_status = kret;
-	ret = GSS_S_BAD_BINDINGS;
-	goto failure;
-    }
-       
-    {
-	int32_t tmp;
-
-	krb5_auth_con_getflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       &tmp);
-	tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
-	krb5_auth_con_setflags(gssapi_krb5_context,
-			       (*context_handle)->auth_context,
-			       tmp);
-    }
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
-	kret = krb5_cc_default (gssapi_krb5_context, &ccache);
-	if (kret) {
-	    gssapi_krb5_set_error_string ();
-	    *minor_status = kret;
-	    ret = GSS_S_FAILURE;
-	    goto failure;
-	}
-    } else
-	ccache = initiator_cred_handle->ccache;
-
-    kret = krb5_cc_get_principal (gssapi_krb5_context,
-				  ccache,
-				  &(*context_handle)->source);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_copy_principal (gssapi_krb5_context,
-				target_name,
-				&(*context_handle)->target);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
-    if (ret)
-	goto failure;
-
-
-    memset(&this_cred, 0, sizeof(this_cred));
-    this_cred.client          = (*context_handle)->source;
-    this_cred.server          = (*context_handle)->target;
-    if (time_req && time_req != GSS_C_INDEFINITE) {
-	krb5_timestamp ts;
-
-	krb5_timeofday (gssapi_krb5_context, &ts);
-	this_cred.times.endtime = ts + time_req;
-    } else
-	this_cred.times.endtime   = 0;
-    this_cred.session.keytype = 0;
-  
-    kret = krb5_get_credentials (gssapi_krb5_context,
-				 KRB5_TC_MATCH_KEYTYPE,
-				 ccache,
-				 &this_cred,
-				 &cred);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    (*context_handle)->lifetime = cred->times.endtime;
-
-    krb5_auth_con_setkey(gssapi_krb5_context, 
-			 (*context_handle)->auth_context, 
-			 &cred->session);
-  
-    kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, 
-					     (*context_handle)->auth_context,
-					     &cred->session);
-    if(kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    flags = 0;
-    ap_options = 0;
-    if (req_flags & GSS_C_DELEG_FLAG)
-	do_delegation ((*context_handle)->auth_context,
-		       ccache, cred, target_name, &fwd_data, &flags);
-       
-    if (req_flags & GSS_C_MUTUAL_FLAG) {
-	flags |= GSS_C_MUTUAL_FLAG;
-	ap_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-    
-    if (req_flags & GSS_C_REPLAY_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_SEQUENCE_FLAG)
-	;                               /* XXX */
-    if (req_flags & GSS_C_ANON_FLAG)
-	;                               /* XXX */
-    flags |= GSS_C_CONF_FLAG;
-    flags |= GSS_C_INTEG_FLAG;
-    flags |= GSS_C_SEQUENCE_FLAG;
-    flags |= GSS_C_TRANS_FLAG;
-    
-    if (ret_flags)
-	*ret_flags = flags;
-    (*context_handle)->flags = flags;
-    (*context_handle)->more_flags |= LOCAL;
-    
-    ret = gssapi_krb5_create_8003_checksum (minor_status,
-					    input_chan_bindings,
-					    flags,
-					    &fwd_data,
-					    &cksum);
-    krb5_data_free (&fwd_data);
-    if (ret)
-	goto failure;
-
-#if 1
-    enctype = (*context_handle)->auth_context->keyblock->keytype;
-#else
-    if ((*context_handle)->auth_context->enctype)
-	enctype = (*context_handle)->auth_context->enctype;
-    else {
-	kret = krb5_keytype_to_enctype(gssapi_krb5_context,
-				       (*context_handle)->auth_context->keyblock->keytype,
-				       &enctype);
-	if (kret)
-	    return kret;
-    }
-#endif
-
-    kret = krb5_build_authenticator (gssapi_krb5_context,
-				     (*context_handle)->auth_context,
-				     enctype,
-				     cred,
-				     &cksum,
-				     &auth,
-				     &authenticator,
-				     KRB5_KU_AP_REQ_AUTH);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    kret = krb5_build_ap_req (gssapi_krb5_context,
-			      enctype,
-			      cred,
-			      ap_options,
-			      authenticator,
-			      &outbuf);
-
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	ret = GSS_S_FAILURE;
-	goto failure;
-    }
-
-    ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
-				   "\x01\x00");
-    if (ret)
-	goto failure;
-
-    krb5_data_free (&outbuf);
-
-    if (flags & GSS_C_MUTUAL_FLAG) {
-	return GSS_S_CONTINUE_NEEDED;
-    } else {
-	if (time_rec)
-	    *time_rec = (*context_handle)->lifetime;
-
-	(*context_handle)->more_flags |= OPEN;
-	return GSS_S_COMPLETE;
-    }
-
- failure:
-    krb5_auth_con_free (gssapi_krb5_context,
-			(*context_handle)->auth_context);
-    if((*context_handle)->source)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->source);
-    if((*context_handle)->target)
-	krb5_free_principal (gssapi_krb5_context,
-			     (*context_handle)->target);
-    free (*context_handle);
-    krb5_data_free (&outbuf);
-    *context_handle = GSS_C_NO_CONTEXT;
-    return ret;
-}
-
-static OM_uint32
-repl_mutual
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    OM_uint32 ret;
-    krb5_error_code kret;
-    krb5_data indata;
-    krb5_ap_rep_enc_part *repl;
-
-    output_token->length = 0;
-    output_token->value = NULL;
-
-    if (actual_mech_type)
-	*actual_mech_type = GSS_KRB5_MECHANISM;
-
-    ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
-				   "\x02\x00");
-    if (ret)
-				/* XXX - Handle AP_ERROR */
-	return ret;
-
-    kret = krb5_rd_rep (gssapi_krb5_context,
-			(*context_handle)->auth_context,
-			&indata,
-			&repl);
-    if (kret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = kret;
-	return GSS_S_FAILURE;
-    }
-    krb5_free_ap_rep_enc_part (gssapi_krb5_context,
-			       repl);
-
-    (*context_handle)->more_flags |= OPEN;
-    
-    if (time_rec)
-	*time_rec = (*context_handle)->lifetime;
-    if (ret_flags)
-	*ret_flags = (*context_handle)->flags;
-
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 gss_init_sec_context
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t initiator_cred_handle,
-            gss_ctx_id_t * context_handle,
-            const gss_name_t target_name,
-            const gss_OID mech_type,
-            OM_uint32 req_flags,
-            OM_uint32 time_req,
-            const gss_channel_bindings_t input_chan_bindings,
-            const gss_buffer_t input_token,
-            gss_OID * actual_mech_type,
-            gss_buffer_t output_token,
-            OM_uint32 * ret_flags,
-            OM_uint32 * time_rec
-           )
-{
-    GSSAPI_KRB5_INIT ();
-
-    output_token->length = 0;
-    output_token->value  = NULL;
-
-    if (ret_flags)
-	*ret_flags = 0;
-    if (time_rec)
-	*time_rec = 0;
-
-    if (target_name == GSS_C_NO_NAME) {
-	if (actual_mech_type)
-	    *actual_mech_type = GSS_C_NO_OID;
-	*minor_status = 0;
-	return GSS_S_BAD_NAME;
-    }
-
-    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
-	return init_auth (minor_status,
-			  initiator_cred_handle,
-			  context_handle,
-			  target_name,
-			  mech_type,
-			  req_flags,
-			  time_req,
-			  input_chan_bindings,
-			  input_token,
-			  actual_mech_type,
-			  output_token,
-			  ret_flags,
-			  time_rec);
-    else
-	return repl_mutual(minor_status,
-			   initiator_cred_handle,
-			   context_handle,
-			   target_name,
-			   mech_type,
-			   req_flags,
-			   time_req,
-			   input_chan_bindings,
-			   input_token,
-			   actual_mech_type,
-			   output_token,
-			   ret_flags,
-			   time_rec);
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c
deleted file mode 100644
index 95cd2c576e6b..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_context.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $");
-
-OM_uint32 gss_inquire_context (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            gss_name_t * src_name,
-            gss_name_t * targ_name,
-            OM_uint32 * lifetime_rec,
-            gss_OID * mech_type,
-            OM_uint32 * ctx_flags,
-            int * locally_initiated,
-            int * open_context
-           )
-{
-  OM_uint32 ret;
-
-  if (src_name) {
-    ret = gss_duplicate_name (minor_status,
-			      context_handle->source,
-			      src_name);
-    if (ret)
-      return ret;
-  }
-
-  if (targ_name) {
-    ret = gss_duplicate_name (minor_status,
-			      context_handle->target,
-			      targ_name);
-    if (ret)
-      return ret;
-  }
-
-  if (lifetime_rec)
-    *lifetime_rec = context_handle->lifetime;
-
-  if (mech_type)
-    *mech_type = GSS_KRB5_MECHANISM;
-
-  if (ctx_flags)
-    *ctx_flags = context_handle->flags;
-
-  if (locally_initiated)
-    *locally_initiated = context_handle->more_flags & LOCAL;
-
-  if (open_context)
-    *open_context = context_handle->more_flags & OPEN;
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c
deleted file mode 100644
index 4938d564e587..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $");
-
-OM_uint32 gss_inquire_cred
-           (OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            gss_name_t * name,
-            OM_uint32 * lifetime,
-            gss_cred_usage_t * cred_usage,
-            gss_OID_set * mechanisms
-           )
-{
-    OM_uint32 ret;
-
-    *minor_status = 0;
-
-    if (name)
-	*name = NULL;
-    if (mechanisms)
-	*mechanisms = GSS_C_NO_OID_SET;
-
-    if (cred_handle == GSS_C_NO_CREDENTIAL) {
-        return GSS_S_FAILURE;
-    }
-
-    if (name != NULL) {
-	if (cred_handle->principal != NULL) {
-            ret = gss_duplicate_name(minor_status, cred_handle->principal,
-		name);
-            if (ret)
-        	return ret;
-	} else if (cred_handle->usage == GSS_C_ACCEPT) {
-	    *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL,
-		NULL, KRB5_NT_SRV_HST, name);
-	    if (*minor_status)
-		return GSS_S_FAILURE;
-	} else {
-	    *minor_status = krb5_get_default_principal(gssapi_krb5_context,
-		name);
-	    if (*minor_status)
-		return GSS_S_FAILURE;
-	}
-    }
-    if (lifetime != NULL) {
-        *lifetime = cred_handle->lifetime;
-    }
-    if (cred_usage != NULL) {
-        *cred_usage = cred_handle->usage;
-    }
-    if (mechanisms != NULL) {
-        ret = gss_create_empty_oid_set(minor_status, mechanisms);
-        if (ret) {
-            return ret;
-        }
-        ret = gss_add_oid_set_member(minor_status,
-				     &cred_handle->mechanisms->elements[0],
-				     mechanisms);
-        if (ret) {
-            return ret;
-        }
-    }
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
deleted file mode 100644
index b09d1e1d5f6c..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $");
-
-OM_uint32 gss_inquire_cred_by_mech (
-            OM_uint32 * minor_status,
-            const gss_cred_id_t cred_handle,
-            const gss_OID mech_type,
-            gss_name_t * name,
-            OM_uint32 * initiator_lifetime,
-            OM_uint32 * acceptor_lifetime,
-            gss_cred_usage_t * cred_usage
-    )
-{
-    OM_uint32 ret;
-    OM_uint32 lifetime;
-
-    if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
-	gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
-	*minor_status = EINVAL;
-	return GSS_S_BAD_MECH;
-    }    
-
-    ret = gss_inquire_cred (minor_status,
-			    cred_handle,
-			    name,
-			    &lifetime,
-			    cred_usage,
-			    NULL);
-    
-    if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) {
-	gss_cred_usage_t usage;
-
-	usage = cred_handle->usage;
-
-	if (initiator_lifetime) {
-	    if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
-		*initiator_lifetime = lifetime;
-	}
-	if (acceptor_lifetime) {
-	    if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
-		*acceptor_lifetime = lifetime;
-	}
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
deleted file mode 100644
index 67ebb04db4de..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $");
-
-OM_uint32 gss_inquire_mechs_for_name (
-            OM_uint32 * minor_status,
-            const gss_name_t input_name,
-            gss_OID_set * mech_types
-           )
-{
-    OM_uint32 ret;
-
-    ret = gss_create_empty_oid_set(minor_status, mech_types);
-    if (ret)
-	return ret;
-
-    ret = gss_add_oid_set_member(minor_status,
-				 GSS_KRB5_MECHANISM,
-				 mech_types);
-    if (ret)
-	gss_release_oid_set(NULL, mech_types);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
deleted file mode 100644
index 0e93de685444..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $");
-
-
-static gss_OID *name_list[] = {
-    &GSS_C_NT_HOSTBASED_SERVICE,
-    &GSS_C_NT_USER_NAME,
-    &GSS_KRB5_NT_PRINCIPAL_NAME,
-    &GSS_C_NT_EXPORT_NAME,
-    NULL
-};
-
-OM_uint32 gss_inquire_names_for_mech (
-            OM_uint32 * minor_status,
-            const gss_OID mechanism,
-            gss_OID_set * name_types
-           )
-{
-    OM_uint32 ret;
-    int i;
-
-    *minor_status = 0;
-
-    if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
-	gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
-	*name_types = GSS_C_NO_OID_SET;
-	return GSS_S_BAD_MECH;
-    }
-
-    ret = gss_create_empty_oid_set(minor_status, name_types);
-    if (ret != GSS_S_COMPLETE)
-	return ret;
-    
-    for (i = 0; name_list[i] != NULL; i++) {
-	ret = gss_add_oid_set_member(minor_status, 
-				     *(name_list[i]),
-				     name_types);
-	if (ret != GSS_S_COMPLETE)
-	    break;
-    }
-
-    if (ret != GSS_S_COMPLETE)
-	gss_release_oid_set(NULL, name_types);
-	
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c
deleted file mode 100644
index 0cec33cc3e6f..000000000000
--- a/crypto/heimdal/lib/gssapi/process_context_token.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $");
-
-OM_uint32 gss_process_context_token (
-	OM_uint32          *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-    )
-{
-    OM_uint32 ret = GSS_S_FAILURE;
-    gss_buffer_desc empty_buffer;
-    gss_qop_t qop_state;
-
-    empty_buffer.length = 0;
-    empty_buffer.value = NULL;
-
-    qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = gss_verify_mic_internal(minor_status, context_handle,
-				  token_buffer, &empty_buffer,
-				  GSS_C_QOP_DEFAULT, "\x01\x02");
-
-    if (ret == GSS_S_COMPLETE)
-	ret = gss_delete_sec_context(minor_status,
-				     (gss_ctx_id_t *)&context_handle,
-				     GSS_C_NO_BUFFER);
-    if (ret == GSS_S_COMPLETE)
-	*minor_status = 0;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c
deleted file mode 100644
index 258b76f62768..000000000000
--- a/crypto/heimdal/lib/gssapi/release_buffer.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $");
-
-OM_uint32 gss_release_buffer
-           (OM_uint32 * minor_status,
-            gss_buffer_t buffer
-           )
-{
-  *minor_status = 0;
-  free (buffer->value);
-  buffer->value  = NULL;
-  buffer->length = 0;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c
deleted file mode 100644
index 172b2ebb430e..000000000000
--- a/crypto/heimdal/lib/gssapi/release_cred.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_cred.c,v 1.8 2003/03/16 17:52:19 lha Exp $");
-
-OM_uint32 gss_release_cred
-           (OM_uint32 * minor_status,
-            gss_cred_id_t * cred_handle
-           )
-{
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
-        return GSS_S_COMPLETE;
-    }
-
-    GSSAPI_KRB5_INIT ();
-
-    if ((*cred_handle)->principal != NULL)
-        krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
-    if ((*cred_handle)->keytab != NULL)
-	krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
-    if ((*cred_handle)->ccache != NULL)
-	krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
-    gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
-    free(*cred_handle);
-    *cred_handle = GSS_C_NO_CREDENTIAL;
-    return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c
deleted file mode 100644
index 6894ffae49c2..000000000000
--- a/crypto/heimdal/lib/gssapi/release_name.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $");
-
-OM_uint32 gss_release_name
-           (OM_uint32 * minor_status,
-            gss_name_t * input_name
-           )
-{
-    GSSAPI_KRB5_INIT ();
-    if (minor_status)
-      *minor_status = 0;
-    krb5_free_principal(gssapi_krb5_context,
-			*input_name);
-    *input_name = GSS_C_NO_NAME;
-    return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c
deleted file mode 100644
index 04eb01565f79..000000000000
--- a/crypto/heimdal/lib/gssapi/release_oid_set.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $");
-
-OM_uint32 gss_release_oid_set
-           (OM_uint32 * minor_status,
-            gss_OID_set * set
-           )
-{
-  if (minor_status)
-      *minor_status = 0;
-  free ((*set)->elements);
-  free (*set);
-  *set = GSS_C_NO_OID_SET;
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_acquire_cred.c b/crypto/heimdal/lib/gssapi/test_acquire_cred.c
deleted file mode 100644
index 29ed830d28f1..000000000000
--- a/crypto/heimdal/lib/gssapi/test_acquire_cred.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "gssapi_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_acquire_cred.c,v 1.2 2003/04/06 00:20:37 lha Exp $");
-
-static void
-print_time(OM_uint32 time_rec)
-{
-    if (time_rec == GSS_C_INDEFINITE) {
-	printf("cred never expire\n");
-    } else {
-	time_t t = time_rec;
-	printf("expiration time: %s", ctime(&t));
-    }
-}
-
-int
-main(int argc, char **argv)
-{
-    OM_uint32 major_status, minor_status;
-    gss_cred_id_t cred_handle, copy_cred;
-    OM_uint32 time_rec;
-
-    major_status = gss_acquire_cred(&minor_status, 
-				    GSS_C_NO_NAME,
-				    0,
-				    NULL,
-				    GSS_C_INITIATE,
-				    &cred_handle,
-				    NULL,
-				    &time_rec);
-    if (GSS_ERROR(major_status))
-	errx(1, "acquire_cred failed");
-	
-
-    print_time(time_rec);
-
-    major_status = gss_add_cred (&minor_status,
-				 cred_handle,
-				 GSS_C_NO_NAME,
-				 GSS_KRB5_MECHANISM,
-				 GSS_C_INITIATE,
-				 0,
-				 0,
-				 &copy_cred,
-				 NULL,
-				 &time_rec,
-				 NULL);
-			    
-    if (GSS_ERROR(major_status))
-	errx(1, "add_cred failed");
-
-    print_time(time_rec);
-
-    major_status = gss_release_cred(&minor_status,
-				    &cred_handle);
-    if (GSS_ERROR(major_status))
-	errx(1, "release_cred failed");
-
-    major_status = gss_release_cred(&minor_status,
-				    &copy_cred);
-    if (GSS_ERROR(major_status))
-	errx(1, "release_cred failed");
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c
deleted file mode 100644
index e747c5acc108..000000000000
--- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $");
-
-OM_uint32 gss_test_oid_set_member (
-            OM_uint32 * minor_status,
-            const gss_OID member,
-            const gss_OID_set set,
-            int * present
-           )
-{
-  size_t i;
-
-  *minor_status = 0;
-  *present = 0;
-  for (i = 0; i < set->count; ++i)
-      if (gss_oid_equal(member, &set->elements[i]) != 0) {
-	  *present = 1;
-	  break;
-      }
-  return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c
deleted file mode 100644
index f2009be68ae6..000000000000
--- a/crypto/heimdal/lib/gssapi/unwrap.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: unwrap.c,v 1.22 2003/03/16 17:54:43 lha Exp $");
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key)
-{
-    krb5_keyblock *skey;
-
-    krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				  context_handle->auth_context, 
-				  &skey);
-    if(skey == NULL)
-	krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
-				     context_handle->auth_context, 
-				     &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
-    if(skey == NULL)
-	return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
-    *key = skey;
-    return 0;
-}
-
-static OM_uint32
-unwrap_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *pad;
-  size_t len;
-  MD5_CTX md5;
-  u_char hash[16], seq_data[8];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-
-  p = input_message_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01");
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x00\x00", 2) != 0)
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x00\x00", 2) == 0) {
-      cstate = 1;
-  } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
-      cstate = 0;
-  } else
-      return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-      *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 16;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      des_set_key (&deskey, schedule);
-      memset (&zero, 0, sizeof(zero));
-      des_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       input_message_buffer->length - len,
-		       schedule,
-		       &zero,
-		       DES_DECRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (schedule, 0, sizeof(schedule));
-  }
-  /* check pad */
-
-  pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
-  padlength = *pad;
-
-  for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-    ;
-  if (i != 0)
-    return GSS_S_BAD_MIC;
-
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, input_message_buffer->length - len);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq_data[0] = (seq_number >> 0)  & 0xFF;
-  seq_data[1] = (seq_number >> 8)  & 0xFF;
-  seq_data[2] = (seq_number >> 16) & 0xFF;
-  seq_data[3] = (seq_number >> 24) & 0xFF;
-  memset (seq_data + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 16;
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-
-  if (memcmp (p, seq_data, 8) != 0) {
-    return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 24,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-unwrap_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p, *pad;
-  size_t len;
-  u_char seq[8];
-  krb5_data seq_data;
-  u_char cksum[20];
-  int i;
-  int32_t seq_number;
-  size_t padlength;
-  OM_uint32 ret;
-  int cstate;
-  krb5_crypto crypto;
-  Checksum csum;
-  int cmp;
-
-  p = input_message_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   input_message_buffer->length,
-				   "\x02\x01");
-  if (ret)
-      return ret;
-
-  if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
-    return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\x02\x00", 2) == 0) {
-    cstate = 1;
-  } else if (memcmp (p, "\xff\xff", 2) == 0) {
-    cstate = 0;
-  } else
-    return GSS_S_BAD_MIC;
-  p += 2;
-  if(conf_state != NULL)
-    *conf_state = cstate;
-  if (memcmp (p, "\xff\xff", 2) != 0)
-    return GSS_S_DEFECTIVE_TOKEN;
-  p += 2;
-  p += 28;
-
-  len = p - (u_char *)input_message_buffer->value;
-
-  if(cstate) {
-      /* decrypt data */
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(gssapi_krb5_context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, input_message_buffer->length - len, &tmp);
-      krb5_crypto_destroy(gssapi_krb5_context, crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == input_message_buffer->length - len);
-
-      memcpy (p, tmp.data, tmp.length);
-      krb5_data_free(&tmp);
-  }
-  /* check pad */
-
-  pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
-  padlength = *pad;
-
-  for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
-    ;
-  if (i != 0)
-    return GSS_S_BAD_MIC;
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 28;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  {
-      des_cblock ivec;
-
-      memcpy(&ivec, p + 8, 8);
-      ret = krb5_decrypt_ivec (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       p, 8, &seq_data,
-			       &ivec);
-  }
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      return GSS_S_BAD_MIC;
-  }
-
-  cmp = memcmp (seq, seq_data.data, seq_data.length);
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  /* verify checksum */
-
-  memcpy (cksum, p + 8, 20);
-
-  memcpy (p + 20, p - 8, 8);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = cksum;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      p + 20,
-			      input_message_buffer->length - len + 8,
-			      &csum);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* copy out data */
-
-  output_message_buffer->length = input_message_buffer->length
-    - len - padlength - 8;
-  output_message_buffer->value  = malloc(output_message_buffer->length);
-  if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
-      return GSS_S_FAILURE;
-  memcpy (output_message_buffer->value,
-	  p + 36,
-	  output_message_buffer->length);
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_unwrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            gss_qop_t * qop_state
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  if (qop_state != NULL)
-      *qop_state = GSS_C_QOP_DEFAULT;
-  ret = gss_krb5_get_remotekey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  *minor_status = 0;
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = unwrap_des (minor_status, context_handle,
-			input_message_buffer, output_message_buffer,
-			conf_state, qop_state, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = unwrap_des3 (minor_status, context_handle,
-			 input_message_buffer, output_message_buffer,
-			 conf_state, qop_state, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/v1.c b/crypto/heimdal/lib/gssapi/v1.c
deleted file mode 100644
index 34091ea71572..000000000000
--- a/crypto/heimdal/lib/gssapi/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 gss_sign
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int qop_req,
-            gss_buffer_t message_buffer,
-            gss_buffer_t message_token
-           )
-{
-  return gss_get_mic(minor_status,
-	context_handle,
-	(gss_qop_t)qop_req,
-	message_buffer,
-	message_token);
-}
-
-OM_uint32 gss_verify
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t message_buffer,
-            gss_buffer_t token_buffer,
-            int * qop_state
-           )
-{
-  return gss_verify_mic(minor_status,
-	context_handle,
-	message_buffer,
-	token_buffer,
-	(gss_qop_t *)qop_state);
-}
-
-OM_uint32 gss_seal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            int qop_req,
-            gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  return gss_wrap(minor_status,
-	context_handle,
-	conf_req_flag,
-	(gss_qop_t)qop_req,
-	input_message_buffer,
-	conf_state,
-	output_message_buffer);
-}
-
-OM_uint32 gss_unseal
-           (OM_uint32 * minor_status,
-            gss_ctx_id_t context_handle,
-            gss_buffer_t input_message_buffer,
-            gss_buffer_t output_message_buffer,
-            int * conf_state,
-            int * qop_state
-           )
-{
-  return gss_unwrap(minor_status,
-	context_handle,
-	input_message_buffer,
-	output_message_buffer,
-	conf_state,
-	(gss_qop_t *)qop_state);
-}
diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c
deleted file mode 100644
index 1775860c626a..000000000000
--- a/crypto/heimdal/lib/gssapi/verify_mic.c
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: verify_mic.c,v 1.18.2.2 2003/05/05 18:59:42 lha Exp $");
-
-static OM_uint32
-verify_mic_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16], seq_data[8];
-  des_key_schedule schedule;
-  des_cblock zero;
-  des_cblock deskey;
-  int32_t seq_number;
-  OM_uint32 ret;
-
-  p = token_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   token_buffer->length,
-				   type);
-  if (ret) {
-      *minor_status = 0;
-      return ret;
-  }
-
-  if (memcmp(p, "\x00\x00", 2) != 0)
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-  p += 16;
-
-  /* verify checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, message_buffer->value,
-	     message_buffer->length);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0) {
-    memset (deskey, 0, sizeof(deskey));
-    memset (schedule, 0, sizeof(schedule));
-    *minor_status = 0;
-    return GSS_S_BAD_MIC;
-  }
-
-  /* verify sequence number */
-  
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq_data[0] = (seq_number >> 0)  & 0xFF;
-  seq_data[1] = (seq_number >> 8)  & 0xFF;
-  seq_data[2] = (seq_number >> 16) & 0xFF;
-  seq_data[3] = (seq_number >> 24) & 0xFF;
-  memset (seq_data + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-
-  p -= 16;
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)hash, DES_DECRYPT);
-
-  memset (deskey, 0, sizeof(deskey));
-  memset (schedule, 0, sizeof(schedule));
-
-  if (memcmp (p, seq_data, 8) != 0) {
-    *minor_status = 0;
-    return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-verify_mic_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    krb5_keyblock *key,
-	    char *type
-	    )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  OM_uint32 ret;
-  krb5_crypto crypto;
-  krb5_data seq_data;
-  int cmp, docompat;
-  Checksum csum;
-  char *tmp;
-  char ivec[8];
-  
-  p = token_buffer->value;
-  ret = gssapi_krb5_verify_header (&p,
-				   token_buffer->length,
-				   type);
-  if (ret) {
-      *minor_status = 0;
-      return ret;
-  }
-
-  if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
-      return GSS_S_BAD_SIG;
-  p += 2;
-  if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
-    return GSS_S_BAD_MIC;
-  p += 4;
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key,
-			 ETYPE_DES3_CBC_NONE, &crypto);
-  if (ret){
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* verify sequence number */
-  docompat = 0;
-retry:
-  if (docompat)
-      memset(ivec, 0, 8);
-  else
-      memcpy(ivec, p + 8, 8);
-
-  ret = krb5_decrypt_ivec (gssapi_krb5_context,
-			   crypto,
-			   KRB5_KU_USAGE_SEQ,
-			   p, 8, &seq_data, ivec);
-  if (ret) {
-      if (docompat++) {
-	  gssapi_krb5_set_error_string ();
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      } else
-	  goto retry;
-  }
-
-  if (seq_data.length != 8) {
-      krb5_data_free (&seq_data);
-      if (docompat++) {
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				&seq_number);
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0xFF : 0,
-	  4);
-  cmp = memcmp (seq, seq_data.data, seq_data.length);
-  krb5_data_free (&seq_data);
-  if (cmp != 0) {
-      if (docompat++) {
-	  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-	  return GSS_S_BAD_MIC;
-      } else
-	  goto retry;
-  }
-
-  /* verify checksum */
-
-  tmp = malloc (message_buffer->length + 8);
-  if (tmp == NULL) {
-      krb5_crypto_destroy (gssapi_krb5_context, crypto);
-      *minor_status = ENOMEM;
-      return GSS_S_FAILURE;
-  }
-
-  memcpy (tmp, p - 8, 8);
-  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
-  csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
-  csum.checksum.length = 20;
-  csum.checksum.data   = p + 8;
-
-  ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      tmp, message_buffer->length + 8,
-			      &csum);
-  free (tmp);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      krb5_crypto_destroy (gssapi_krb5_context, crypto);
-      *minor_status = ret;
-      return GSS_S_BAD_MIC;
-  }
-
-  krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
-				context_handle->auth_context,
-				++seq_number);
-
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_verify_mic_internal
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state,
-	    char * type
-	    )
-{
-    krb5_keyblock *key;
-    OM_uint32 ret;
-    krb5_keytype keytype;
-
-    ret = gss_krb5_get_remotekey(context_handle, &key);
-    if (ret) {
-	gssapi_krb5_set_error_string ();
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-    switch (keytype) {
-    case KEYTYPE_DES :
-	ret = verify_mic_des (minor_status, context_handle,
-			      message_buffer, token_buffer, qop_state, key,
-			      type);
-	break;
-    case KEYTYPE_DES3 :
-	ret = verify_mic_des3 (minor_status, context_handle,
-			       message_buffer, token_buffer, qop_state, key,
-			       type);
-	break;
-    default :
-	*minor_status = KRB5_PROG_ETYPE_NOSUPP;
-	ret = GSS_S_FAILURE;
-	break;
-    }
-    krb5_free_keyblock (gssapi_krb5_context, key);
-    
-    return ret;
-}
-
-OM_uint32
-gss_verify_mic
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            const gss_buffer_t message_buffer,
-            const gss_buffer_t token_buffer,
-            gss_qop_t * qop_state
-	    )
-{
-    OM_uint32 ret;
-
-    if (qop_state != NULL)
-	*qop_state = GSS_C_QOP_DEFAULT;
-
-    ret = gss_verify_mic_internal(minor_status, context_handle, 
-				  message_buffer, token_buffer,
-				  qop_state, "\x01\x01");
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c
deleted file mode 100644
index 203cc891633c..000000000000
--- a/crypto/heimdal/lib/gssapi/wrap.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: wrap.c,v 1.21 2003/03/16 17:57:48 lha Exp $");
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
-		       krb5_keyblock **key)
-{
-    krb5_keyblock *skey;
-
-    krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
-				 context_handle->auth_context, 
-				 &skey);
-    if(skey == NULL)
-	krb5_auth_con_getremotesubkey(gssapi_krb5_context,
-				      context_handle->auth_context, 
-				      &skey);
-    if(skey == NULL)
-	krb5_auth_con_getkey(gssapi_krb5_context,
-			     context_handle->auth_context, 
-			     &skey);
-    if(skey == NULL)
-	return GSS_S_FAILURE;
-    *key = skey;
-    return 0;
-}
-
-static OM_uint32
-sub_wrap_size (
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size,
-	    int blocksize,
-	    int extrasize
-           )
-{
-  size_t len, total_len, padlength;
-  padlength = blocksize - (req_output_size % blocksize);
-  len = req_output_size + 8 + padlength + extrasize;
-  gssapi_krb5_encap_length(len, &len, &total_len);
-  *max_input_size = (OM_uint32)total_len;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_wrap_size_limit (
-            OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            OM_uint32 req_output_size,
-            OM_uint32 * max_input_size
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
-      break;
-  case KEYTYPE_DES3 :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  *minor_status = 0;
-  return ret;
-}
-
-static OM_uint32
-wrap_des
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  MD5_CTX md5;
-  u_char hash[16];
-  des_key_schedule schedule;
-  des_cblock deskey;
-  des_cblock zero;
-  int i;
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 22;
-  gssapi_krb5_encap_length (len, &len, &total_len);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01"); /* TOK_ID */
-
-  /* SGN_ALG */
-  memcpy (p, "\x00\x00", 2);
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x00\x00", 2);
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* fill in later */
-  memset (p, 0, 16);
-  p += 16;
-
-  /* confounder + data + pad */
-  krb5_generate_random_block(p, 8);
-  memcpy (p + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
-  /* checksum */
-  MD5_Init (&md5);
-  MD5_Update (&md5, p - 24, 8);
-  MD5_Update (&md5, p, datalen);
-  MD5_Final (hash, &md5);
-
-  memset (&zero, 0, sizeof(zero));
-  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-  des_set_key (&deskey, schedule);
-  des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
-		 schedule, &zero);
-  memcpy (p - 8, hash, 8);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  p -= 16;
-  p[0] = (seq_number >> 0)  & 0xFF;
-  p[1] = (seq_number >> 8)  & 0xFF;
-  p[2] = (seq_number >> 16) & 0xFF;
-  p[3] = (seq_number >> 24) & 0xFF;
-  memset (p + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-  des_set_key (&deskey, schedule);
-  des_cbc_encrypt ((void *)p, (void *)p, 8,
-		   schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-
-  /* encrypt the data */
-  p += 16;
-
-  if(conf_req_flag) {
-      memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
-      for (i = 0; i < sizeof(deskey); ++i)
-	  deskey[i] ^= 0xf0;
-      des_set_key (&deskey, schedule);
-      memset (&zero, 0, sizeof(zero));
-      des_cbc_encrypt ((void *)p,
-		       (void *)p,
-		       datalen,
-		       schedule,
-		       &zero,
-		       DES_ENCRYPT);
-      
-      memset (deskey, 0, sizeof(deskey));
-      memset (schedule, 0, sizeof(schedule));
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-wrap_des3
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer,
-	    krb5_keyblock *key
-           )
-{
-  u_char *p;
-  u_char seq[8];
-  int32_t seq_number;
-  size_t len, total_len, padlength, datalen;
-  u_int32_t ret;
-  krb5_crypto crypto;
-  Checksum cksum;
-  krb5_data encdata;
-
-  padlength = 8 - (input_message_buffer->length % 8);
-  datalen = input_message_buffer->length + padlength + 8;
-  len = datalen + 34;
-  gssapi_krb5_encap_length (len, &len, &total_len);
-
-  output_message_buffer->length = total_len;
-  output_message_buffer->value  = malloc (total_len);
-  if (output_message_buffer->value == NULL) {
-    *minor_status = ENOMEM;
-    return GSS_S_FAILURE;
-  }
-
-  p = gssapi_krb5_make_header(output_message_buffer->value,
-			      len,
-			      "\x02\x01"); /* TOK_ID */
-
-  /* SGN_ALG */
-  memcpy (p, "\x04\x00", 2);	/* HMAC SHA1 DES3-KD */
-  p += 2;
-  /* SEAL_ALG */
-  if(conf_req_flag)
-      memcpy (p, "\x02\x00", 2); /* DES3-KD */
-  else
-      memcpy (p, "\xff\xff", 2);
-  p += 2;
-  /* Filler */
-  memcpy (p, "\xff\xff", 2);
-  p += 2;
-
-  /* calculate checksum (the above + confounder + data + pad) */
-
-  memcpy (p + 20, p - 8, 8);
-  krb5_generate_random_block(p + 28, 8);
-  memcpy (p + 28 + 8, input_message_buffer->value,
-	  input_message_buffer->length);
-  memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  ret = krb5_create_checksum (gssapi_krb5_context,
-			      crypto,
-			      KRB5_KU_USAGE_SIGN,
-			      0,
-			      p + 20,
-			      datalen + 8,
-			      &cksum);
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  /* zero out SND_SEQ + SGN_CKSUM in case */
-  memset (p, 0, 28);
-
-  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-  free_Checksum (&cksum);
-
-  /* sequence number */
-  krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       &seq_number);
-
-  seq[0] = (seq_number >> 0)  & 0xFF;
-  seq[1] = (seq_number >> 8)  & 0xFF;
-  seq[2] = (seq_number >> 16) & 0xFF;
-  seq[3] = (seq_number >> 24) & 0xFF;
-  memset (seq + 4,
-	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
-	  4);
-
-
-  ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
-			 &crypto);
-  if (ret) {
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-
-  {
-      des_cblock ivec;
-
-      memcpy (&ivec, p + 8, 8);
-      ret = krb5_encrypt_ivec (gssapi_krb5_context,
-			       crypto,
-			       KRB5_KU_USAGE_SEQ,
-			       seq, 8, &encdata,
-			       &ivec);
-  }
-  krb5_crypto_destroy (gssapi_krb5_context, crypto);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      free (output_message_buffer->value);
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  
-  assert (encdata.length == 8);
-
-  memcpy (p, encdata.data, encdata.length);
-  krb5_data_free (&encdata);
-
-  krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
-			       context_handle->auth_context,
-			       ++seq_number);
-
-  /* encrypt the data */
-  p += 28;
-
-  if(conf_req_flag) {
-      krb5_data tmp;
-
-      ret = krb5_crypto_init(gssapi_krb5_context, key,
-			     ETYPE_DES3_CBC_NONE, &crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  free (output_message_buffer->value);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
-			 p, datalen, &tmp);
-      krb5_crypto_destroy(gssapi_krb5_context, crypto);
-      if (ret) {
-	  gssapi_krb5_set_error_string ();
-	  free (output_message_buffer->value);
-	  *minor_status = ret;
-	  return GSS_S_FAILURE;
-      }
-      assert (tmp.length == datalen);
-
-      memcpy (p, tmp.data, datalen);
-      krb5_data_free(&tmp);
-  }
-  if(conf_state != NULL)
-      *conf_state = conf_req_flag;
-  *minor_status = 0;
-  return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_wrap
-           (OM_uint32 * minor_status,
-            const gss_ctx_id_t context_handle,
-            int conf_req_flag,
-            gss_qop_t qop_req,
-            const gss_buffer_t input_message_buffer,
-            int * conf_state,
-            gss_buffer_t output_message_buffer
-           )
-{
-  krb5_keyblock *key;
-  OM_uint32 ret;
-  krb5_keytype keytype;
-
-  ret = gss_krb5_get_localkey(context_handle, &key);
-  if (ret) {
-      gssapi_krb5_set_error_string ();
-      *minor_status = ret;
-      return GSS_S_FAILURE;
-  }
-  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
-  switch (keytype) {
-  case KEYTYPE_DES :
-      ret = wrap_des (minor_status, context_handle, conf_req_flag,
-		      qop_req, input_message_buffer, conf_state,
-		      output_message_buffer, key);
-      break;
-  case KEYTYPE_DES3 :
-      ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
-		       qop_req, input_message_buffer, conf_state,
-		       output_message_buffer, key);
-      break;
-  default :
-      *minor_status = KRB5_PROG_ETYPE_NOSUPP;
-      ret = GSS_S_FAILURE;
-      break;
-  }
-  krb5_free_keyblock (gssapi_krb5_context, key);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/hdb/Makefile b/crypto/heimdal/lib/hdb/Makefile
deleted file mode 100644
index b1c2f969fc97..000000000000
--- a/crypto/heimdal/lib/hdb/Makefile
+++ /dev/null
@@ -1,686 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/hdb/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.53 2002/08/19 16:17:16 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_des) $(INCLUDE_openldap)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-BUILT_SOURCES = asn1_Key.c asn1_Event.c asn1_HDBFlags.c asn1_hdb_entry.c \
-	asn1_Salt.c hdb_err.c hdb_err.h asn1_GENERATION.c
-
-
-foo = asn1_Key.x asn1_GENERATION.x asn1_Event.x asn1_HDBFlags.x asn1_hdb_entry.x asn1_Salt.x
-
-CLEANFILES = $(BUILT_SOURCES) $(foo) hdb_asn1.h asn1_files
-
-noinst_PROGRAMS = convert_db
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken)
-
-
-lib_LTLIBRARIES = libhdb.la
-libhdb_la_LDFLAGS = -version-info 7:5:0
-
-libhdb_la_SOURCES = \
-	common.c				\
-	db.c					\
-	db3.c					\
-	hdb-ldap.c				\
-	hdb.c					\
-	keytab.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c					\
-	$(BUILT_SOURCES)
-
-
-include_HEADERS = hdb.h hdb_err.h hdb_asn1.h hdb-protos.h hdb-private.h
-
-libhdb_la_LIBADD = ../krb5/libkrb5.la ../asn1/libasn1.la ../roken/libroken.la $(LIB_openldap) $(DBLIB) $(LIB_NDBM)
-subdir = lib/hdb
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libhdb_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \
-	../roken/libroken.la
-am__objects_1 = asn1_Key.lo asn1_Event.lo asn1_HDBFlags.lo \
-	asn1_hdb_entry.lo asn1_Salt.lo hdb_err.lo asn1_GENERATION.lo
-am_libhdb_la_OBJECTS = common.lo db.lo db3.lo hdb-ldap.lo hdb.lo \
-	keytab.lo mkey.lo ndbm.lo print.lo $(am__objects_1)
-libhdb_la_OBJECTS = $(am_libhdb_la_OBJECTS)
-noinst_PROGRAMS = convert_db$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-convert_db_SOURCES = convert_db.c
-convert_db_OBJECTS = convert_db.$(OBJEXT)
-convert_db_LDADD = $(LDADD)
-convert_db_DEPENDENCIES = libhdb.la ../krb5/libkrb5.la \
-	../asn1/libasn1.la
-convert_db_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libhdb_la_SOURCES) convert_db.c
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
-SOURCES = $(libhdb_la_SOURCES) convert_db.c
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/hdb/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libhdb_la_LDFLAGS) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-convert_db$(EXEEXT): $(convert_db_OBJECTS) $(convert_db_DEPENDENCIES) 
-	@rm -f convert_db$(EXEEXT)
-	$(LINK) $(convert_db_LDFLAGS) $(convert_db_OBJECTS) $(convert_db_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(foo) hdb_asn1.h: asn1_files
-
-asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-$(convert_db_OBJECTS): hdb_asn1.h hdb_err.h
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am
deleted file mode 100644
index 3bee373bcfd0..000000000000
--- a/crypto/heimdal/lib/hdb/Makefile.am
+++ /dev/null
@@ -1,62 +0,0 @@
-# $Id: Makefile.am,v 1.53.4.1 2003/05/12 15:20:46 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_des)
-
-BUILT_SOURCES = asn1_Key.c asn1_Event.c asn1_HDBFlags.c asn1_hdb_entry.c \
-	asn1_Salt.c hdb_err.c hdb_err.h asn1_GENERATION.c
-
-foo = asn1_Key.x asn1_GENERATION.x asn1_Event.x asn1_HDBFlags.x asn1_hdb_entry.x asn1_Salt.x
-
-CLEANFILES = $(BUILT_SOURCES) $(foo) hdb_asn1.h asn1_files
-
-noinst_PROGRAMS = convert_db
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken)
-
-lib_LTLIBRARIES = libhdb.la
-libhdb_la_LDFLAGS = -version-info 7:6:0
-
-libhdb_la_SOURCES =				\
-	common.c				\
-	db.c					\
-	db3.c					\
-	hdb-ldap.c				\
-	hdb.c					\
-	keytab.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c					\
-	$(BUILT_SOURCES)
-
-INCLUDES += $(INCLUDE_openldap)
-
-include_HEADERS = hdb.h hdb_err.h hdb_asn1.h hdb-protos.h hdb-private.h
-
-libhdb_la_LIBADD = ../krb5/libkrb5.la ../asn1/libasn1.la ../roken/libroken.la $(LIB_openldap) $(DBLIB) $(LIB_NDBM)
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(foo) hdb_asn1.h: asn1_files
-
-asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-$(convert_db_OBJECTS): hdb_asn1.h hdb_err.h
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in
deleted file mode 100644
index bcd1d0bad783..000000000000
--- a/crypto/heimdal/lib/hdb/Makefile.in
+++ /dev/null
@@ -1,678 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.53.4.1 2003/05/12 15:20:46 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_des) $(INCLUDE_openldap)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-BUILT_SOURCES = asn1_Key.c asn1_Event.c asn1_HDBFlags.c asn1_hdb_entry.c \
-	asn1_Salt.c hdb_err.c hdb_err.h asn1_GENERATION.c
-
-
-foo = asn1_Key.x asn1_GENERATION.x asn1_Event.x asn1_HDBFlags.x asn1_hdb_entry.x asn1_Salt.x
-
-CLEANFILES = $(BUILT_SOURCES) $(foo) hdb_asn1.h asn1_files
-
-noinst_PROGRAMS = convert_db
-LDADD = libhdb.la \
-	$(LIB_openldap) \
-	../krb5/libkrb5.la \
-	../asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken)
-
-
-lib_LTLIBRARIES = libhdb.la
-libhdb_la_LDFLAGS = -version-info 7:6:0
-
-libhdb_la_SOURCES = \
-	common.c				\
-	db.c					\
-	db3.c					\
-	hdb-ldap.c				\
-	hdb.c					\
-	keytab.c				\
-	mkey.c					\
-	ndbm.c					\
-	print.c					\
-	$(BUILT_SOURCES)
-
-
-include_HEADERS = hdb.h hdb_err.h hdb_asn1.h hdb-protos.h hdb-private.h
-
-libhdb_la_LIBADD = ../krb5/libkrb5.la ../asn1/libasn1.la ../roken/libroken.la $(LIB_openldap) $(DBLIB) $(LIB_NDBM)
-subdir = lib/hdb
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libhdb_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \
-	../roken/libroken.la
-am__objects_5 = asn1_Key.lo asn1_Event.lo asn1_HDBFlags.lo \
-	asn1_hdb_entry.lo asn1_Salt.lo hdb_err.lo asn1_GENERATION.lo
-am_libhdb_la_OBJECTS = common.lo db.lo db3.lo hdb-ldap.lo hdb.lo \
-	keytab.lo mkey.lo ndbm.lo print.lo $(am__objects_5)
-libhdb_la_OBJECTS = $(am_libhdb_la_OBJECTS)
-noinst_PROGRAMS = convert_db$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-convert_db_SOURCES = convert_db.c
-convert_db_OBJECTS = convert_db.$(OBJEXT)
-convert_db_LDADD = $(LDADD)
-convert_db_DEPENDENCIES = libhdb.la ../krb5/libkrb5.la \
-	../asn1/libasn1.la
-convert_db_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libhdb_la_SOURCES) convert_db.c
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
-SOURCES = $(libhdb_la_SOURCES) convert_db.c
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/hdb/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libhdb_la_LDFLAGS) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-convert_db$(EXEEXT): $(convert_db_OBJECTS) $(convert_db_DEPENDENCIES) 
-	@rm -f convert_db$(EXEEXT)
-	$(LINK) $(convert_db_LDFLAGS) $(convert_db_OBJECTS) $(convert_db_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
-
-$(srcdir)/hdb-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(libhdb_la_SOURCES) || rm -f hdb-protos.h
-
-$(srcdir)/hdb-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(libhdb_la_SOURCES) || rm -f hdb-private.h
-
-$(foo) hdb_asn1.h: asn1_files
-
-asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
-	../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
-
-$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
-
-$(convert_db_OBJECTS): hdb_asn1.h hdb_err.h
-
-# to help stupid solaris make
-
-hdb_err.h: hdb_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c
deleted file mode 100644
index 6f0e73071c8d..000000000000
--- a/crypto/heimdal/lib/hdb/common.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: common.c,v 1.12 2003/01/14 06:54:32 lha Exp $");
-
-int
-hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key)
-{
-    Principal new;
-    size_t len;
-    int ret;
-
-    ret = copy_Principal(p, &new);
-    if(ret) 
-	return ret;
-    new.name.name_type = 0;
-
-    ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
-    free_Principal(&new);
-    return ret;
-}
-
-int
-hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
-{
-    return decode_Principal(key->data, key->length, p, NULL);
-}
-
-int
-hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value)
-{
-    size_t len;
-    int ret;
-    
-    ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
-    return ret;
-}
-
-int
-hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
-{
-    return decode_hdb_entry(value->data, value->length, ent, NULL);
-}
-
-krb5_error_code
-_hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    krb5_data key, value;
-    int code;
-
-    hdb_principal2key(context, entry->principal, &key);
-    code = db->_get(context, db, key, &value);
-    krb5_data_free(&key);
-    if(code)
-	return code;
-    code = hdb_value2entry(context, &value, entry);
-    krb5_data_free(&value);
-    if (code)
-	return code;
-    if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, entry);
-	if (code)
-	    hdb_free_entry(context, entry);
-    }
-    return code;
-}
-
-krb5_error_code
-_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    krb5_data key, value;
-    int code;
-
-    if(entry->generation == NULL) {
-	struct timeval t;
-	entry->generation = malloc(sizeof(*entry->generation));
-	if(entry->generation == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	gettimeofday(&t, NULL);
-	entry->generation->time = t.tv_sec;
-	entry->generation->usec = t.tv_usec;
-	entry->generation->gen = 0;
-    } else
-	entry->generation->gen++;
-    hdb_principal2key(context, entry->principal, &key);
-    code = hdb_seal_keys(context, db, entry);
-    if (code) {
-	krb5_data_free(&key);
-	return code;
-    }
-    hdb_entry2value(context, entry, &value);
-    code = db->_put(context, db, flags & HDB_F_REPLACE, key, value);
-    krb5_data_free(&value);
-    krb5_data_free(&key);
-    return code;
-}
-
-krb5_error_code
-_hdb_remove(krb5_context context, HDB *db, hdb_entry *entry)
-{
-    krb5_data key;
-    int code;
-
-    hdb_principal2key(context, entry->principal, &key);
-    code = db->_del(context, db, key);
-    krb5_data_free(&key);
-    return code;
-}
-
diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c
deleted file mode 100644
index 0b300a55fcce..000000000000
--- a/crypto/heimdal/lib/hdb/convert_db.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* Converts a database from version 0.0* to 0.1. This is done by
- * making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and
- * DES-CBC-MD5).
- *
- * Use with care. 
- */
-
-#include "hdb_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
-
-static krb5_error_code
-update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    int i;
-    int n = 0;
-    Key *k;
-    int save_len;
-    Key *save_val;
-    HDB *new = data;
-    krb5_error_code ret;
-
-    for(i = 0; i < entry->keys.len; i++) 
-	if(entry->keys.val[i].key.keytype == KEYTYPE_DES)
-	    n += 2;
-	else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3)
-	    n += 1;
-    k = malloc(sizeof(*k) * (entry->keys.len + n));
-    n = 0;
-    for(i = 0; i < entry->keys.len; i++) {
-	copy_Key(&entry->keys.val[i], &k[n]);
-	if(entry->keys.val[i].key.keytype == KEYTYPE_DES) {
-	    copy_Key(&entry->keys.val[i], &k[n+1]);
-	    k[n+1].key.keytype = ETYPE_DES_CBC_MD4;
-	    copy_Key(&entry->keys.val[i], &k[n+2]);
-	    k[n+2].key.keytype = ETYPE_DES_CBC_MD5;
-	    n += 2;
-	}
-	else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) {
-	    copy_Key(&entry->keys.val[i], &k[n+1]);
-	    k[n+1].key.keytype = ETYPE_DES3_CBC_MD5;
-	    n += 1;
-	}
-	n++;
-    }
-    save_len = entry->keys.len;
-    save_val = entry->keys.val;
-    entry->keys.len = n;
-    entry->keys.val = k;
-    ret = new->store(context, new, HDB_F_REPLACE, entry);
-    entry->keys.len = save_len;
-    entry->keys.val = save_val;
-    for(i = 0; i < n; i++) 
-	free_Key(&k[i]);
-    free(k);
-    return 0;
-}
-
-static krb5_error_code
-update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    HDB *new = data;
-    if(!db->master_key_set) {
-	int i;
-	for(i = 0; i < entry->keys.len; i++) {
-	    free(entry->keys.val[i].mkvno);
-	    entry->keys.val[i].mkvno = NULL;
-	}
-    }
-    new->store(context, new, HDB_F_REPLACE, entry);
-    return 0;
-}
-
-char *old_database = HDB_DEFAULT_DB;
-char *new_database = HDB_DEFAULT_DB ".new";
-char *mkeyfile;
-int update_version;
-int help_flag;
-int version_flag;
-
-struct getargs args[] = {
-    { "old-database",	0,	arg_string, &old_database,
-      "name of database to convert", "file" },
-    { "new-database",	0,	arg_string, &new_database,
-      "name of converted database", "file" },
-    { "master-key",	0,	arg_string, &mkeyfile, 
-      "v5 master key file", "file" },
-    { "update-version", 0, 	arg_flag, &update_version,
-      "update the database to the current version" },
-    { "help",		'h',	arg_flag,   &help_flag },
-    { "version",	0,	arg_flag,   &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    HDB *db, *new;
-    int optind = 0;
-    int master_key_set = 0;
-    
-    setprogname(argv[0]);
-
-    if(getarg(args, num_args, argc, argv, &optind))
-	krb5_std_usage(1, args, num_args);
-
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    ret = krb5_init_context(&context);
-    if(ret != 0)
-	errx(1, "krb5_init_context failed: %d", ret);
-    
-    ret = hdb_create(context, &db, old_database);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_create");
-
-    ret = hdb_set_master_keyfile(context, db, mkeyfile);
-    if (ret)
-	krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    master_key_set = 1;
-    ret = hdb_create(context, &new, new_database);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_create");
-    if (master_key_set) {
-	ret = hdb_set_master_keyfile(context, new, mkeyfile);
-	if (ret)
-	    krb5_err(context, 1, ret, "hdb_set_master_keyfile");
-    }
-    ret = db->open(context, db, O_RDONLY, 0);
-    if(ret == HDB_ERR_BADVERSION) {
-	krb5_data tag;
-	krb5_data version;
-	int foo;
-	unsigned ver;
-	tag.data = HDB_DB_FORMAT_ENTRY;
-	tag.length = strlen(tag.data);
-	ret = (*db->_get)(context, db, tag, &version);
-	if(ret)
-	    krb5_errx(context, 1, "database is wrong version, "
-		      "but couldn't find version key (%s)", 
-		      HDB_DB_FORMAT_ENTRY);
-	foo = sscanf(version.data, "%u", &ver);
-	krb5_data_free (&version);
-	if(foo != 1)
-	    krb5_errx(context, 1, "database version is not a number");
-	if(ver == 1 && HDB_DB_FORMAT == 2) {
-	    krb5_warnx(context, "will upgrade database from version %d to %d", 
-		       ver, HDB_DB_FORMAT);
-	    krb5_warnx(context, "rerun to do other conversions");
-	    update_version = 1;
-	} else
-	    krb5_errx(context, 1, 
-		      "don't know how to upgrade from version %d to %d", 
-		      ver, HDB_DB_FORMAT);
-    } else if(ret)
-	krb5_err(context, 1, ret, "%s", old_database);
-    ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", new_database);
-    if(update_version)
-	ret = hdb_foreach(context, db, 0, update_version2, new);
-    else
-	ret = hdb_foreach(context, db, 0, update_keytypes, new);
-    if(ret != 0)
-	krb5_err(context, 1, ret, "hdb_foreach");
-    db->close(context, db);
-    new->close(context, new);
-    krb5_warnx(context, "wrote converted database to `%s'", new_database);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/db.c b/crypto/heimdal/lib/hdb/db.c
deleted file mode 100644
index 4dfbc66b8d75..000000000000
--- a/crypto/heimdal/lib/hdb/db.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: db.c,v 1.30 2001/08/09 08:41:48 assar Exp $");
-
-#if HAVE_DB1
-
-#if defined(HAVE_DB_185_H)
-#include <db_185.h>
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#endif
-
-static krb5_error_code
-DB_close(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->db;
-    d->close(d);
-    return 0;
-}
-
-static krb5_error_code
-DB_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->name);
-    free(db);
-    return ret;
-}
-
-static krb5_error_code
-DB_lock(krb5_context context, HDB *db, int operation)
-{
-    DB *d = (DB*)db->db;
-    int fd = (*d->fd)(d);
-    if(fd < 0)
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_lock(fd, operation);
-}
-
-static krb5_error_code
-DB_unlock(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->db;
-    int fd = (*d->fd)(d);
-    if(fd < 0)
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_unlock(fd);
-}
-
-
-static krb5_error_code
-DB_seq(krb5_context context, HDB *db,
-       unsigned flags, hdb_entry *entry, int flag)
-{
-    DB *d = (DB*)db->db;
-    DBT key, value;
-    krb5_data key_data, data;
-    int code;
-
-    code = db->lock(context, db, HDB_RLOCK);
-    if(code == -1)
-	return HDB_ERR_DB_INUSE;
-    code = d->seq(d, &key, &value, flag);
-    db->unlock(context, db); /* XXX check value */
-    if(code == -1)
-	return errno;
-    if(code == 1)
-	return HDB_ERR_NOENTRY;
-
-    key_data.data = key.data;
-    key_data.length = key.size;
-    data.data = value.data;
-    data.length = value.size;
-    if (hdb_value2entry(context, &data, entry))
-	return DB_seq(context, db, flags, entry, R_NEXT);
-    if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, entry);
-	if (code)
-	    hdb_free_entry (context, entry);
-    }
-    if (code == 0 && entry->principal == NULL) {
-	entry->principal = malloc(sizeof(*entry->principal));
-	if (entry->principal == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    code = ENOMEM;
-	    hdb_free_entry (context, entry);
-	} else {
-	    hdb_key2principal(context, &key_data, entry->principal);
-	}
-    }
-    return code;
-}
-
-
-static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    return DB_seq(context, db, flags, entry, R_FIRST);
-}
-
-
-static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    return DB_seq(context, db, flags, entry, R_NEXT);
-}
-
-static krb5_error_code
-DB_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    int ret;
-    char *old, *new;
-
-    asprintf(&old, "%s.db", db->name);
-    asprintf(&new, "%s.db", new_name);
-    ret = rename(old, new);
-    free(old);
-    free(new);
-    if(ret)
-	return errno;
-    
-    free(db->name);
-    db->name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    DB *d = (DB*)db->db;
-    DBT k, v;
-    int code;
-
-    k.data = key.data;
-    k.size = key.length;
-    code = db->lock(context, db, HDB_RLOCK);
-    if(code)
-	return code;
-    code = d->get(d, &k, &v, 0);
-    db->unlock(context, db);
-    if(code < 0)
-	return errno;
-    if(code == 1)
-	return HDB_ERR_NOENTRY;
-    
-    krb5_data_copy(reply, v.data, v.size);
-    return 0;
-}
-
-static krb5_error_code
-DB__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    DB *d = (DB*)db->db;
-    DBT k, v;
-    int code;
-
-    k.data = key.data;
-    k.size = key.length;
-    v.data = value.data;
-    v.size = value.length;
-    code = db->lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = d->put(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
-    db->unlock(context, db);
-    if(code < 0)
-	return errno;
-    if(code == 1)
-	return HDB_ERR_EXISTS;
-    return 0;
-}
-
-static krb5_error_code
-DB__del(krb5_context context, HDB *db, krb5_data key)
-{
-    DB *d = (DB*)db->db;
-    DBT k;
-    krb5_error_code code;
-    k.data = key.data;
-    k.size = key.length;
-    code = db->lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = d->del(d, &k, 0);
-    db->unlock(context, db);
-    if(code == 1)
-	return HDB_ERR_NOENTRY;
-    if(code < 0)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    char *fn;
-    krb5_error_code ret;
-
-    asprintf(&fn, "%s.db", db->name);
-    if (fn == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db->db = dbopen(fn, flags, mode, DB_BTREE, NULL);
-    free(fn);
-    /* try to open without .db extension */
-    if(db->db == NULL && errno == ENOENT)
-	db->db = dbopen(db->name, flags, mode, DB_BTREE, NULL);
-    if(db->db == NULL) {
-	ret = errno;
-	krb5_set_error_string(context, "dbopen (%s): %s",
-			      db->name, strerror(ret));
-	return ret;
-    }
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY) {
-	krb5_clear_error_string(context);
-	return 0;
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_db_create(krb5_context context, HDB **db, 
-	      const char *filename)
-{
-    *db = malloc(sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->db = NULL;
-    (*db)->name = strdup(filename);
-    if ((*db)->name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->master_key_set = 0;
-    (*db)->openp = 0;
-    (*db)->open  = DB_open;
-    (*db)->close = DB_close;
-    (*db)->fetch = _hdb_fetch;
-    (*db)->store = _hdb_store;
-    (*db)->remove = _hdb_remove;
-    (*db)->firstkey = DB_firstkey;
-    (*db)->nextkey= DB_nextkey;
-    (*db)->lock = DB_lock;
-    (*db)->unlock = DB_unlock;
-    (*db)->rename = DB_rename;
-    (*db)->_get = DB__get;
-    (*db)->_put = DB__put;
-    (*db)->_del = DB__del;
-    (*db)->destroy = DB_destroy;
-    return 0;
-}
-
-#endif /* HAVE_DB1 */
diff --git a/crypto/heimdal/lib/hdb/db3.c b/crypto/heimdal/lib/hdb/db3.c
deleted file mode 100644
index 92525fc28993..000000000000
--- a/crypto/heimdal/lib/hdb/db3.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: db3.c,v 1.8 2001/08/09 08:41:48 assar Exp $");
-
-#if HAVE_DB3
-
-#include <db.h>
-
-static krb5_error_code
-DB_close(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->db;
-    DBC *dbcp = (DBC*)db->dbc;
-
-    dbcp->c_close(dbcp);
-    db->dbc = 0;
-    d->close(d, 0);
-    return 0;
-}
-
-static krb5_error_code
-DB_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->name);
-    free(db);
-    return ret;
-}
-
-static krb5_error_code
-DB_lock(krb5_context context, HDB *db, int operation)
-{
-    DB *d = (DB*)db->db;
-    int fd;
-    if ((*d->fd)(d, &fd))
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_lock(fd, operation);
-}
-
-static krb5_error_code
-DB_unlock(krb5_context context, HDB *db)
-{
-    DB *d = (DB*)db->db;
-    int fd;
-    if ((*d->fd)(d, &fd))
-	return HDB_ERR_CANT_LOCK_DB;
-    return hdb_unlock(fd);
-}
-
-
-static krb5_error_code
-DB_seq(krb5_context context, HDB *db,
-       unsigned flags, hdb_entry *entry, int flag)
-{
-    DB *d = (DB*)db->db;
-    DBT key, value;
-    DBC *dbcp = db->dbc;
-    krb5_data key_data, data;
-    int code;
-
-    memset(&key, 0, sizeof(DBT));
-    memset(&value, 0, sizeof(DBT));
-    if (db->lock(context, db, HDB_RLOCK))
-	return HDB_ERR_DB_INUSE;
-    code = dbcp->c_get(dbcp, &key, &value, flag);
-    db->unlock(context, db); /* XXX check value */
-    if (code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if (code)
-	return code;
-
-    key_data.data = key.data;
-    key_data.length = key.size;
-    data.data = value.data;
-    data.length = value.size;
-    if (hdb_value2entry(context, &data, entry))
-	return DB_seq(context, db, flags, entry, DB_NEXT);
-    if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
-	code = hdb_unseal_keys (context, db, entry);
-	if (code)
-	    hdb_free_entry (context, entry);
-    }
-    if (entry->principal == NULL) {
-	entry->principal = malloc(sizeof(*entry->principal));
-	if (entry->principal == NULL) {
-	    hdb_free_entry (context, entry);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	} else {
-	    hdb_key2principal(context, &key_data, entry->principal);
-	}
-    }
-    return 0;
-}
-
-
-static krb5_error_code
-DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    return DB_seq(context, db, flags, entry, DB_FIRST);
-}
-
-
-static krb5_error_code
-DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    return DB_seq(context, db, flags, entry, DB_NEXT);
-}
-
-static krb5_error_code
-DB_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    int ret;
-    char *old, *new;
-
-    asprintf(&old, "%s.db", db->name);
-    asprintf(&new, "%s.db", new_name);
-    ret = rename(old, new);
-    free(old);
-    free(new);
-    if(ret)
-	return errno;
-    
-    free(db->name);
-    db->name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    DB *d = (DB*)db->db;
-    DBT k, v;
-    int code;
-
-    memset(&k, 0, sizeof(DBT));
-    memset(&v, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    if ((code = db->lock(context, db, HDB_RLOCK)))
-	return code;
-    code = d->get(d, NULL, &k, &v, 0);
-    db->unlock(context, db);
-    if(code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if(code)
-	return code;
-
-    krb5_data_copy(reply, v.data, v.size);
-    return 0;
-}
-
-static krb5_error_code
-DB__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    DB *d = (DB*)db->db;
-    DBT k, v;
-    int code;
-
-    memset(&k, 0, sizeof(DBT));
-    memset(&v, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    v.data = value.data;
-    v.size = value.length;
-    v.flags = 0;
-    if ((code = db->lock(context, db, HDB_WLOCK)))
-	return code;
-    code = d->put(d, NULL, &k, &v, replace ? 0 : DB_NOOVERWRITE);
-    db->unlock(context, db);
-    if(code == DB_KEYEXIST)
-	return HDB_ERR_EXISTS;
-    if(code)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-DB__del(krb5_context context, HDB *db, krb5_data key)
-{
-    DB *d = (DB*)db->db;
-    DBT k;
-    krb5_error_code code;
-    memset(&k, 0, sizeof(DBT));
-    k.data = key.data;
-    k.size = key.length;
-    k.flags = 0;
-    code = db->lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = d->del(d, NULL, &k, 0);
-    db->unlock(context, db);
-    if(code == DB_NOTFOUND)
-	return HDB_ERR_NOENTRY;
-    if(code)
-	return code;
-    return 0;
-}
-
-static krb5_error_code
-DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    char *fn;
-    krb5_error_code ret;
-    DB *d;
-    int myflags = 0;
-
-    if (flags & O_CREAT)
-      myflags |= DB_CREATE;
-
-    if (flags & O_EXCL)
-      myflags |= DB_EXCL;
-
-    if (flags & O_RDONLY)
-      myflags |= DB_RDONLY;
-
-    if (flags & O_TRUNC)
-      myflags |= DB_TRUNCATE;
-
-    asprintf(&fn, "%s.db", db->name);
-    if (fn == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db_create(&d, NULL, 0);
-    db->db = d;
-    if ((ret = d->open(db->db, fn, NULL, DB_BTREE, myflags, mode))) {
-      if(ret == ENOENT)
-	/* try to open without .db extension */
-	if (d->open(db->db, db->name, NULL, DB_BTREE, myflags, mode)) {
-	  free(fn);
-	  krb5_set_error_string(context, "opening %s: %s",
-				db->name, strerror(ret));
-	  return ret;
-	}
-    }
-    free(fn);
-
-    ret = d->cursor(d, NULL, (DBC **)&db->dbc, 0);
-    if (ret) {
-	krb5_set_error_string(context, "d->cursor: %s", strerror(ret));
-        return ret;
-    }
-
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY)
-	return 0;
-    return ret;
-}
-
-krb5_error_code
-hdb_db_create(krb5_context context, HDB **db, 
-	      const char *filename)
-{
-    *db = malloc(sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->db = NULL;
-    (*db)->name = strdup(filename);
-    if ((*db)->name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->master_key_set = 0;
-    (*db)->openp = 0;
-    (*db)->open  = DB_open;
-    (*db)->close = DB_close;
-    (*db)->fetch = _hdb_fetch;
-    (*db)->store = _hdb_store;
-    (*db)->remove = _hdb_remove;
-    (*db)->firstkey = DB_firstkey;
-    (*db)->nextkey= DB_nextkey;
-    (*db)->lock = DB_lock;
-    (*db)->unlock = DB_unlock;
-    (*db)->rename = DB_rename;
-    (*db)->_get = DB__get;
-    (*db)->_put = DB__put;
-    (*db)->_del = DB__del;
-    (*db)->destroy = DB_destroy;
-    return 0;
-}
-#endif /* HAVE_DB3 */
diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c
deleted file mode 100644
index 8e90798b3614..000000000000
--- a/crypto/heimdal/lib/hdb/hdb-ldap.c
+++ /dev/null
@@ -1,1303 +0,0 @@
-/*
- * Copyright (c) 1999-2001, PADL Software Pty Ltd.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of PADL Software  nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: hdb-ldap.c,v 1.10 2002/09/04 18:42:22 joda Exp $");
-
-#ifdef OPENLDAP
-
-#include <lber.h>
-#include <ldap.h>
-#include <ctype.h>
-#include <sys/un.h>
-
-static krb5_error_code LDAP__connect(krb5_context context, HDB * db);
-
-static krb5_error_code
-LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
-		   hdb_entry * ent);
-
-static char *krb5kdcentry_attrs[] =
-    { "krb5PrincipalName", "cn", "krb5PrincipalRealm",
-    "krb5KeyVersionNumber", "krb5Key",
-    "krb5ValidStart", "krb5ValidEnd", "krb5PasswordEnd",
-    "krb5MaxLife", "krb5MaxRenew", "krb5KDCFlags", "krb5EncryptionType",
-    "modifiersName", "modifyTimestamp", "creatorsName", "createTimestamp",
-    NULL
-};
-
-static char *krb5principal_attrs[] =
-    { "krb5PrincipalName", "cn", "krb5PrincipalRealm",
-    "modifiersName", "modifyTimestamp", "creatorsName", "createTimestamp",
-    NULL
-};
-
-/* based on samba: source/passdb/ldap.c */
-static krb5_error_code
-LDAP_addmod_len(LDAPMod *** modlist, int modop, const char *attribute,
-		unsigned char *value, size_t len)
-{
-    LDAPMod **mods = *modlist;
-    int i, j;
-
-    if (mods == NULL) {
-	mods = (LDAPMod **) calloc(1, sizeof(LDAPMod *));
-	if (mods == NULL) {
-	    return ENOMEM;
-	}
-	mods[0] = NULL;
-    }
-
-    for (i = 0; mods[i] != NULL; ++i) {
-	if ((mods[i]->mod_op & (~LDAP_MOD_BVALUES)) == modop
-	    && (!strcasecmp(mods[i]->mod_type, attribute))) {
-	    break;
-	}
-    }
-
-    if (mods[i] == NULL) {
-	mods = (LDAPMod **) realloc(mods, (i + 2) * sizeof(LDAPMod *));
-	if (mods == NULL) {
-	    return ENOMEM;
-	}
-	mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
-	if (mods[i] == NULL) {
-	    return ENOMEM;
-	}
-	mods[i]->mod_op = modop | LDAP_MOD_BVALUES;
-	mods[i]->mod_bvalues = NULL;
-	mods[i]->mod_type = strdup(attribute);
-	if (mods[i]->mod_type == NULL) {
-	    return ENOMEM;
-	}
-	mods[i + 1] = NULL;
-    }
-
-    if (value != NULL) {
-	j = 0;
-	if (mods[i]->mod_bvalues != NULL) {
-	    for (; mods[i]->mod_bvalues[j] != NULL; j++);
-	}
-	mods[i]->mod_bvalues =
-	    (struct berval **) realloc(mods[i]->mod_bvalues,
-				       (j + 2) * sizeof(struct berval *));
-	if (mods[i]->mod_bvalues == NULL) {
-	    return ENOMEM;
-	}
-	/* Caller allocates memory on our behalf, unlike LDAP_addmod. */
-	mods[i]->mod_bvalues[j] =
-	    (struct berval *) malloc(sizeof(struct berval));
-	if (mods[i]->mod_bvalues[j] == NULL) {
-	    return ENOMEM;
-	}
-	mods[i]->mod_bvalues[j]->bv_val = value;
-	mods[i]->mod_bvalues[j]->bv_len = len;
-	mods[i]->mod_bvalues[j + 1] = NULL;
-    }
-    *modlist = mods;
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
-	    const char *value)
-{
-    LDAPMod **mods = *modlist;
-    int i, j;
-
-    if (mods == NULL) {
-	mods = (LDAPMod **) calloc(1, sizeof(LDAPMod *));
-	if (mods == NULL) {
-	    return ENOMEM;
-	}
-	mods[0] = NULL;
-    }
-
-    for (i = 0; mods[i] != NULL; ++i) {
-	if (mods[i]->mod_op == modop
-	    && (!strcasecmp(mods[i]->mod_type, attribute))) {
-	    break;
-	}
-    }
-
-    if (mods[i] == NULL) {
-	mods = (LDAPMod **) realloc(mods, (i + 2) * sizeof(LDAPMod *));
-	if (mods == NULL) {
-	    return ENOMEM;
-	}
-	mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
-	if (mods[i] == NULL) {
-	    return ENOMEM;
-	}
-	mods[i]->mod_op = modop;
-	mods[i]->mod_values = NULL;
-	mods[i]->mod_type = strdup(attribute);
-	if (mods[i]->mod_type == NULL) {
-	    return ENOMEM;
-	}
-	mods[i + 1] = NULL;
-    }
-
-    if (value != NULL) {
-	j = 0;
-	if (mods[i]->mod_values != NULL) {
-	    for (; mods[i]->mod_values[j] != NULL; j++);
-	}
-	mods[i]->mod_values = (char **) realloc(mods[i]->mod_values,
-						(j + 2) * sizeof(char *));
-	if (mods[i]->mod_values == NULL) {
-	    return ENOMEM;
-	}
-	mods[i]->mod_values[j] = strdup(value);
-	if (mods[i]->mod_values[j] == NULL) {
-	    return ENOMEM;
-	}
-	mods[i]->mod_values[j + 1] = NULL;
-    }
-    *modlist = mods;
-    return 0;
-}
-
-static krb5_error_code
-LDAP_addmod_generalized_time(LDAPMod *** mods, int modop,
-			     const char *attribute, KerberosTime * time)
-{
-    char buf[22];
-    struct tm *tm;
-
-    /* XXX not threadsafe */
-    tm = gmtime(time);
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm);
-
-    return LDAP_addmod(mods, modop, attribute, buf);
-}
-
-static krb5_error_code
-LDAP_get_string_value(HDB * db, LDAPMessage * entry,
-		      const char *attribute, char **ptr)
-{
-    char **vals;
-    int ret;
-
-    vals = ldap_get_values((LDAP *) db->db, entry, (char *) attribute);
-    if (vals == NULL) {
-	return HDB_ERR_NOENTRY;
-    }
-    *ptr = strdup(vals[0]);
-    if (*ptr == NULL) {
-	ret = ENOMEM;
-    } else {
-	ret = 0;
-    }
-
-    ldap_value_free(vals);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_get_integer_value(HDB * db, LDAPMessage * entry,
-		       const char *attribute, int *ptr)
-{
-    char **vals;
-
-    vals = ldap_get_values((LDAP *) db->db, entry, (char *) attribute);
-    if (vals == NULL) {
-	return HDB_ERR_NOENTRY;
-    }
-    *ptr = atoi(vals[0]);
-    ldap_value_free(vals);
-    return 0;
-}
-
-static krb5_error_code
-LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry,
-				const char *attribute, KerberosTime * kt)
-{
-    char *tmp, *gentime;
-    struct tm tm;
-    int ret;
-
-    *kt = 0;
-
-    ret = LDAP_get_string_value(db, entry, attribute, &gentime);
-    if (ret != 0) {
-	return ret;
-    }
-
-    tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
-    if (tmp == NULL) {
-	free(gentime);
-	return HDB_ERR_NOENTRY;
-    }
-
-    free(gentime);
-
-    *kt = timegm(&tm);
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
-		LDAPMessage * msg, LDAPMod *** pmods)
-{
-    krb5_error_code ret;
-    krb5_boolean is_new_entry;
-    int rc, i;
-    char *tmp = NULL;
-    LDAPMod **mods = NULL;
-    hdb_entry orig;
-    unsigned long oflags, nflags;
-
-    if (msg != NULL) {
-	ret = LDAP_message2entry(context, db, msg, &orig);
-	if (ret != 0) {
-	    goto out;
-	}
-	is_new_entry = FALSE;
-    } else {
-	/* to make it perfectly obvious we're depending on
-	 * orig being intiialized to zero */
-	memset(&orig, 0, sizeof(orig));
-	is_new_entry = TRUE;
-    }
-
-    if (is_new_entry) {
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top");
-	if (ret != 0) {
-	    goto out;
-	}
-	/* person is the structural object class */
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "person");
-	if (ret != 0) {
-	    goto out;
-	}
-	ret =
-	    LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass",
-			"krb5Principal");
-	if (ret != 0) {
-	    goto out;
-	}
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass",
-			  "krb5KDCEntry");
-	if (ret != 0) {
-	    goto out;
-	}
-    }
-
-    if (is_new_entry ||
-	krb5_principal_compare(context, ent->principal, orig.principal) ==
-	FALSE) {
-	ret = krb5_unparse_name(context, ent->principal, &tmp);
-	if (ret != 0) {
-	    goto out;
-	}
-	ret =
-	    LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5PrincipalName", tmp);
-	if (ret != 0) {
-	    free(tmp);
-	    goto out;
-	}
-	free(tmp);
-    }
-
-    if (ent->kvno != orig.kvno) {
-	rc = asprintf(&tmp, "%d", ent->kvno);
-	if (rc < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret =
-	    LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5KeyVersionNumber",
-			tmp);
-	free(tmp);
-	if (ret != 0) {
-	    goto out;
-	}
-    }
-
-    if (ent->valid_start) {
-	if (orig.valid_end == NULL
-	    || (*(ent->valid_start) != *(orig.valid_start))) {
-	    ret =
-		LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-					     "krb5ValidStart",
-					     ent->valid_start);
-	    if (ret != 0) {
-		goto out;
-	    }
-	}
-    }
-
-    if (ent->valid_end) {
-	if (orig.valid_end == NULL
-	    || (*(ent->valid_end) != *(orig.valid_end))) {
-	    ret =
-		LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-					     "krb5ValidEnd",
-					     ent->valid_end);
-	    if (ret != 0) {
-		goto out;
-	    }
-	}
-    }
-
-    if (ent->pw_end) {
-	if (orig.pw_end == NULL || (*(ent->pw_end) != *(orig.pw_end))) {
-	    ret =
-		LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
-					     "krb5PasswordEnd",
-					     ent->pw_end);
-	    if (ret != 0) {
-		goto out;
-	    }
-	}
-    }
-
-    if (ent->max_life) {
-	if (orig.max_life == NULL
-	    || (*(ent->max_life) != *(orig.max_life))) {
-	    rc = asprintf(&tmp, "%d", *(ent->max_life));
-	    if (rc < 0) {
-		krb5_set_error_string(context, "asprintf: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5MaxLife", tmp);
-	    free(tmp);
-	    if (ret != 0) {
-		goto out;
-	    }
-	}
-    }
-
-    if (ent->max_renew) {
-	if (orig.max_renew == NULL
-	    || (*(ent->max_renew) != *(orig.max_renew))) {
-	    rc = asprintf(&tmp, "%d", *(ent->max_renew));
-	    if (rc < 0) {
-		krb5_set_error_string(context, "asprintf: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    ret =
-		LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5MaxRenew", tmp);
-	    free(tmp);
-	    if (ret != 0) {
-		goto out;
-	    }
-	}
-    }
-
-    memset(&oflags, 0, sizeof(oflags));
-    memcpy(&oflags, &orig.flags, sizeof(HDBFlags));
-    memset(&nflags, 0, sizeof(nflags));
-    memcpy(&nflags, &ent->flags, sizeof(HDBFlags));
-
-    if (memcmp(&oflags, &nflags, sizeof(HDBFlags))) {
-	rc = asprintf(&tmp, "%lu", nflags);
-	if (rc < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5KDCFlags", tmp);
-	free(tmp);
-	if (ret != 0) {
-	    goto out;
-	}
-    }
-
-    if (is_new_entry == FALSE && orig.keys.len > 0) {
-	/* for the moment, clobber and replace keys. */
-	ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
-	if (ret != 0) {
-	    goto out;
-	}
-    }
-
-    for (i = 0; i < ent->keys.len; i++) {
-	unsigned char *buf;
-	size_t len;
-
-	ASN1_MALLOC_ENCODE(Key, buf, len, &ent->keys.val[i], &len, ret);
-	if (ret != 0)
-	    goto out;
-
-	/* addmod_len _owns_ the key, doesn't need to copy it */
-	ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
-	if (ret != 0) {
-	    goto out;
-	}
-    }
-
-    if (ent->etypes) {
-	/* clobber and replace encryption types. */
-	if (is_new_entry == FALSE) {
-	    ret =
-		LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
-			    NULL);
-	}
-	for (i = 0; i < ent->etypes->len; i++) {
-	    rc = asprintf(&tmp, "%d", ent->etypes->val[i]);
-	    if (rc < 0) {
-		krb5_set_error_string(context, "asprintf: out of memory");
-		ret = ENOMEM;
-		goto out;
-	    }
-	    free(tmp);
-	    ret =
-		LDAP_addmod(&mods, LDAP_MOD_ADD, "krb5EncryptionType",
-			    tmp);
-	    if (ret != 0) {
-		goto out;
-	    }
-	}
-    }
-
-    /* for clarity */
-    ret = 0;
-
-  out:
-
-    if (ret == 0) {
-	*pmods = mods;
-    } else if (mods != NULL) {
-	ldap_mods_free(mods, 1);
-	*pmods = NULL;
-    }
-
-    if (msg != NULL) {
-	hdb_free_entry(context, &orig);
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
-		  krb5_principal * principal)
-{
-    krb5_error_code ret;
-    int rc, limit = 1;
-    char **values;
-    LDAPMessage *res = NULL, *e;
-
-    rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
-	ret = HDB_ERR_BADVERSION;
-	goto out;
-     }
-
-    rc = ldap_search_s((LDAP *) db->db, dn, LDAP_SCOPE_BASE,
-		       "(objectclass=krb5Principal)", krb5principal_attrs,
-		       0, &res);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_search_s: %s", ldap_err2string(rc));
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    e = ldap_first_entry((LDAP *) db->db, res);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    values = ldap_get_values((LDAP *) db->db, e, "krb5PrincipalName");
-    if (values == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = krb5_parse_name(context, values[0], principal);
-    ldap_value_free(values);
-
-  out:
-    if (res != NULL) {
-	ldap_msgfree(res);
-    }
-    return ret;
-}
-
-static krb5_error_code
-LDAP__lookup_princ(krb5_context context, HDB * db, const char *princname,
-		   LDAPMessage ** msg)
-{
-    krb5_error_code ret;
-    int rc, limit = 1;
-    char *filter = NULL;
-
-    (void) LDAP__connect(context, db);
-
-    rc =
-	asprintf(&filter,
-		 "(&(objectclass=krb5KDCEntry)(krb5PrincipalName=%s))",
-		 princname);
-    if (rc < 0) {
-	krb5_set_error_string(context, "asprintf: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
-	ret = HDB_ERR_BADVERSION;
-	goto out;
-    }
-
-    rc = ldap_search_s((LDAP *) db->db, db->name, LDAP_SCOPE_ONELEVEL, filter, 
-		       krb5kdcentry_attrs, 0, msg);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_search_s: %s", ldap_err2string(rc));
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = 0;
-
-  out:
-    if (filter != NULL) {
-	free(filter);
-    }
-    return ret;
-}
-
-static krb5_error_code
-LDAP_principal2message(krb5_context context, HDB * db,
-		       krb5_principal princ, LDAPMessage ** msg)
-{
-    char *princname = NULL;
-    krb5_error_code ret;
-
-    ret = krb5_unparse_name(context, princ, &princname);
-    if (ret != 0) {
-	return ret;
-    }
-
-    ret = LDAP__lookup_princ(context, db, princname, msg);
-    free(princname);
-
-    return ret;
-}
-
-/*
- * Construct an hdb_entry from a directory entry.
- */
-static krb5_error_code
-LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
-		   hdb_entry * ent)
-{
-    char *unparsed_name = NULL, *dn = NULL;
-    int ret;
-    unsigned long tmp;
-    struct berval **keys;
-    char **values;
-
-    memset(ent, 0, sizeof(*ent));
-    memset(&ent->flags, 0, sizeof(HDBFlags));
-
-    ret =
-	LDAP_get_string_value(db, msg, "krb5PrincipalName",
-			      &unparsed_name);
-    if (ret != 0) {
-	return ret;
-    }
-
-    ret = krb5_parse_name(context, unparsed_name, &ent->principal);
-    if (ret != 0) {
-	goto out;
-    }
-
-    ret =
-	LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
-			       &ent->kvno);
-    if (ret != 0) {
-	ent->kvno = 0;
-    }
-
-    keys = ldap_get_values_len((LDAP *) db->db, msg, "krb5Key");
-    if (keys != NULL) {
-	int i;
-	size_t l;
-
-	ent->keys.len = ldap_count_values_len(keys);
-	ent->keys.val = (Key *) calloc(ent->keys.len, sizeof(Key));
-	if (ent->keys.val == NULL) {
-	    krb5_set_error_string(context, "calloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for (i = 0; i < ent->keys.len; i++) {
-	    decode_Key((unsigned char *) keys[i]->bv_val,
-		       (size_t) keys[i]->bv_len, &ent->keys.val[i], &l);
-	}
-	ber_bvecfree(keys);
-    } else {
-#if 1
-	/*
-	 * This violates the ASN1 but it allows a principal to
-	 * be related to a general directory entry without creating
-	 * the keys. Hopefully it's OK.
-	 */
-	ent->keys.len = 0;
-	ent->keys.val = NULL;
-#else
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-#endif
-    }
-
-    ret =
-	LDAP_get_generalized_time_value(db, msg, "createTimestamp",
-					&ent->created_by.time);
-    if (ret != 0) {
-	ent->created_by.time = time(NULL);
-    }
-
-    ent->created_by.principal = NULL;
-
-    ret = LDAP_get_string_value(db, msg, "creatorsName", &dn);
-    if (ret == 0) {
-	if (LDAP_dn2principal(context, db, dn, &ent->created_by.principal)
-	    != 0) {
-	    ent->created_by.principal = NULL;
-	}
-	free(dn);
-    }
-
-    ent->modified_by = (Event *) malloc(sizeof(Event));
-    if (ent->modified_by == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret =
-	LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
-					&ent->modified_by->time);
-    if (ret == 0) {
-	ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
-	if (LDAP_dn2principal
-	    (context, db, dn, &ent->modified_by->principal) != 0) {
-	    ent->modified_by->principal = NULL;
-	}
-	free(dn);
-    } else {
-	free(ent->modified_by);
-	ent->modified_by = NULL;
-    }
-
-    if ((ent->valid_start = (KerberosTime *) malloc(sizeof(KerberosTime)))
-	== NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret =
-	LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
-					ent->valid_start);
-    if (ret != 0) {
-	/* OPTIONAL */
-	free(ent->valid_start);
-	ent->valid_start = NULL;
-    }
-
-    if ((ent->valid_end = (KerberosTime *) malloc(sizeof(KerberosTime))) ==
-	NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret =
-	LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
-					ent->valid_end);
-    if (ret != 0) {
-	/* OPTIONAL */
-	free(ent->valid_end);
-	ent->valid_end = NULL;
-    }
-
-    if ((ent->pw_end = (KerberosTime *) malloc(sizeof(KerberosTime))) ==
-	NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret =
-	LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
-					ent->pw_end);
-    if (ret != 0) {
-	/* OPTIONAL */
-	free(ent->pw_end);
-	ent->pw_end = NULL;
-    }
-
-    ent->max_life = (int *) malloc(sizeof(int));
-    if (ent->max_life == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", ent->max_life);
-    if (ret != 0) {
-	free(ent->max_life);
-	ent->max_life = NULL;
-    }
-
-    ent->max_renew = (int *) malloc(sizeof(int));
-    if (ent->max_renew == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", ent->max_renew);
-    if (ret != 0) {
-	free(ent->max_renew);
-	ent->max_renew = NULL;
-    }
-
-    values = ldap_get_values((LDAP *) db->db, msg, "krb5KDCFlags");
-    if (values != NULL) {
-	tmp = strtoul(values[0], (char **) NULL, 10);
-	if (tmp == ULONG_MAX && errno == ERANGE) {
-	    krb5_set_error_string(context, "strtoul: could not convert flag");
-	    ret = ERANGE;
-	    goto out;
-	}
-    } else {
-	tmp = 0;
-    }
-    memcpy(&ent->flags, &tmp, sizeof(HDBFlags));
-
-    values = ldap_get_values((LDAP *) db->db, msg, "krb5EncryptionType");
-    if (values != NULL) {
-	int i;
-
-	ent->etypes = malloc(sizeof(*(ent->etypes)));
-	if (ent->etypes == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-	ent->etypes->len = ldap_count_values(values);
-	ent->etypes->val = calloc(ent->etypes->len, sizeof(int));
-	for (i = 0; i < ent->etypes->len; i++) {
-	    ent->etypes->val[i] = atoi(values[i]);
-	}
-	ldap_value_free(values);
-    }
-
-    ret = 0;
-
-  out:
-    if (unparsed_name != NULL) {
-	free(unparsed_name);
-    }
-
-    if (ret != 0) {
-	/* I don't think this frees ent itself. */
-	hdb_free_entry(context, ent);
-    }
-
-    return ret;
-}
-
-static krb5_error_code LDAP_close(krb5_context context, HDB * db)
-{
-    ldap_unbind_ext((LDAP *) db->db, NULL, NULL);
-    db->db = NULL;
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_lock(krb5_context context, HDB * db, int operation)
-{
-    return 0;
-}
-
-static krb5_error_code LDAP_unlock(krb5_context context, HDB * db)
-{
-    return 0;
-}
-
-static krb5_error_code
-LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
-{
-    int msgid, rc, parserc;
-    krb5_error_code ret;
-    LDAPMessage *e;
-
-    msgid = db->openp;		/* BOGUS OVERLOADING */
-    if (msgid < 0) {
-	return HDB_ERR_NOENTRY;
-    }
-
-    do {
-	rc = ldap_result((LDAP *) db->db, msgid, LDAP_MSG_ONE, NULL, &e);
-	switch (rc) {
-	case LDAP_RES_SEARCH_ENTRY:
-	    /* We have an entry. Parse it. */
-	    ret = LDAP_message2entry(context, db, e, entry);
-	    ldap_msgfree(e);
-	    break;
-	case LDAP_RES_SEARCH_RESULT:
-	    /* We're probably at the end of the results. If not, abandon. */
-	    parserc =
-		ldap_parse_result((LDAP *) db->db, e, NULL, NULL, NULL,
-				  NULL, NULL, 1);
-	    if (parserc != LDAP_SUCCESS
-		&& parserc != LDAP_MORE_RESULTS_TO_RETURN) {
-	        krb5_set_error_string(context, "ldap_parse_result: %s", ldap_err2string(parserc));
-		ldap_abandon((LDAP *) db->db, msgid);
-	    }
-	    ret = HDB_ERR_NOENTRY;
-	    db->openp = -1;
-	    break;
-	case 0:
-	case -1:
-	default:
-	    /* Some unspecified error (timeout?). Abandon. */
-	    ldap_msgfree(e);
-	    ldap_abandon((LDAP *) db->db, msgid);
-	    ret = HDB_ERR_NOENTRY;
-	    db->openp = -1;
-	    break;
-	}
-    } while (rc == LDAP_RES_SEARCH_REFERENCE);
-
-    if (ret == 0) {
-	if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
-	    ret = hdb_unseal_keys(context, db, entry);
-	    if (ret)
-		hdb_free_entry(context,entry);
-	}
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_firstkey(krb5_context context, HDB * db, unsigned flags,
-	      hdb_entry * entry)
-{
-    int msgid, limit = LDAP_NO_LIMIT, rc;
-
-    (void) LDAP__connect(context, db);
-
-    rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
-	return HDB_ERR_BADVERSION;
-    }
-
-    msgid = ldap_search((LDAP *) db->db, db->name,
-			LDAP_SCOPE_ONELEVEL, "(objectclass=krb5KDCEntry)",
-			krb5kdcentry_attrs, 0);
-    if (msgid < 0) {
-	return HDB_ERR_NOENTRY;
-    }
-
-    db->openp = msgid;
-
-    return LDAP_seq(context, db, flags, entry);
-}
-
-static krb5_error_code
-LDAP_nextkey(krb5_context context, HDB * db, unsigned flags,
-	     hdb_entry * entry)
-{
-    return LDAP_seq(context, db, flags, entry);
-}
-
-static krb5_error_code
-LDAP_rename(krb5_context context, HDB * db, const char *new_name)
-{
-    return HDB_ERR_DB_INUSE;
-}
-
-static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
-{
-    int rc, version = LDAP_VERSION3;
-
-    if (db->db != NULL) {
-	/* connection has been opened. ping server. */
-	struct sockaddr_un addr;
-	socklen_t len;
-	int sd;
-
-	if (ldap_get_option((LDAP *) db->db, LDAP_OPT_DESC, &sd) == 0 &&
-	    getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
-	    /* the other end has died. reopen. */
-	    LDAP_close(context, db);
-	}
-    }
-
-    if (db->db != NULL) {
-	/* server is UP */
-	return 0;
-    }
-
-    rc = ldap_initialize((LDAP **) & db->db, "ldapi:///");
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_initialize: %s", ldap_err2string(rc));
-	return HDB_ERR_NOENTRY;
-    }
-
-    rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_PROTOCOL_VERSION, (const void *)&version);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
-	ldap_unbind_ext((LDAP *) db->db, NULL, NULL);
-	db->db = NULL;
-	return HDB_ERR_BADVERSION;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode)
-{
-    /* Not the right place for this. */
-#ifdef HAVE_SIGACTION
-    struct sigaction sa;
-
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    sigemptyset(&sa.sa_mask);
-
-    sigaction(SIGPIPE, &sa, NULL);
-#else
-    signal(SIGPIPE, SIG_IGN);
-#endif /* HAVE_SIGACTION */
-
-    return LDAP__connect(context, db);
-}
-
-static krb5_error_code
-LDAP_fetch(krb5_context context, HDB * db, unsigned flags,
-	   hdb_entry * entry)
-{
-    LDAPMessage *msg, *e;
-    krb5_error_code ret;
-
-    ret = LDAP_principal2message(context, db, entry->principal, &msg);
-    if (ret != 0) {
-	return ret;
-    }
-
-    e = ldap_first_entry((LDAP *) db->db, msg);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    ret = LDAP_message2entry(context, db, e, entry);
-    if (ret == 0) {
-	if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
-	    ret = hdb_unseal_keys(context, db, entry);
-	    if (ret)
-		hdb_free_entry(context,entry);
-	}
-    }
-
-  out:
-    ldap_msgfree(msg);
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_store(krb5_context context, HDB * db, unsigned flags,
-	   hdb_entry * entry)
-{
-    LDAPMod **mods = NULL;
-    krb5_error_code ret;
-    const char *errfn;
-    int rc;
-    LDAPMessage *msg = NULL, *e = NULL;
-    char *dn = NULL, *name = NULL;
-
-    ret = krb5_unparse_name(context, entry->principal, &name);
-    if (ret != 0) {
-	goto out;
-    }
-
-    ret = LDAP__lookup_princ(context, db, name, &msg);
-    if (ret == 0) {
-	e = ldap_first_entry((LDAP *) db->db, msg);
-    }
-
-    ret = hdb_seal_keys(context, db, entry);
-    if (ret != 0) {
-	goto out;
-    }
-
-    /* turn new entry into LDAPMod array */
-    ret = LDAP_entry2mods(context, db, entry, e, &mods);
-    if (ret != 0) {
-	goto out;
-    }
-
-    if (e == NULL) {
-	/* Doesn't exist yet. */
-	char *p;
-
-	e = NULL;
-
-	/* normalize the naming attribute */
-	for (p = name; *p != '\0'; p++) {
-	    *p = (char) tolower((int) *p);
-	}
-
-	/*
-	 * We could do getpwnam() on the local component of
-	 * the principal to find cn/sn but that's probably
-	 * bad thing to do from inside a KDC. Better leave
-	 * it to management tools.
-	 */
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "cn", name);
-	if (ret < 0) {
-	    goto out;
-	}
-
-	ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "sn", name);
-	if (ret < 0) {
-	    goto out;
-	}
-
-	if (db->name != NULL) {
-	    ret = asprintf(&dn, "cn=%s,%s", name, db->name);
-	} else {
-	    /* A bit bogus, but we don't have a search base */
-	    ret = asprintf(&dn, "cn=%s", name, db->name);
-	}
-	if (ret < 0) {
-	    krb5_set_error_string(context, "asprintf: out of memory");
-	    ret = ENOMEM;
-	    goto out;
-	}
-    } else if (flags & HDB_F_REPLACE) {
-	/* Entry exists, and we're allowed to replace it. */
-	dn = ldap_get_dn((LDAP *) db->db, e);
-    } else {
-	/* Entry exists, but we're not allowed to replace it. Bail. */
-	ret = HDB_ERR_EXISTS;
-	goto out;
-    }
-
-    /* write entry into directory */
-    if (e == NULL) {
-	/* didn't exist before */
-	rc = ldap_add_s((LDAP *) db->db, dn, mods);
-	errfn = "ldap_add_s";
-    } else {
-	/* already existed, send deltas only */
-	rc = ldap_modify_s((LDAP *) db->db, dn, mods);
-	errfn = "ldap_modify_s";
-    }
-
-    if (rc == LDAP_SUCCESS) {
-	ret = 0;
-    } else {
-	krb5_set_error_string(context, "%s: %s", errfn, ldap_err2string(rc));
-	ret = HDB_ERR_CANT_LOCK_DB;
-    }
-
-  out:
-    /* free stuff */
-    if (dn != NULL) {
-	free(dn);
-    }
-
-    if (msg != NULL) {
-	ldap_msgfree(msg);
-    }
-
-    if (mods != NULL) {
-	ldap_mods_free(mods, 1);
-    }
-
-    if (name != NULL) {
-	free(name);
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
-{
-    krb5_error_code ret;
-    LDAPMessage *msg, *e;
-    char *dn = NULL;
-    int rc, limit = LDAP_NO_LIMIT;
-
-    ret = LDAP_principal2message(context, db, entry->principal, &msg);
-    if (ret != 0) {
-	goto out;
-    }
-
-    e = ldap_first_entry((LDAP *) db->db, msg);
-    if (e == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    dn = ldap_get_dn((LDAP *) db->db, e);
-    if (dn == NULL) {
-	ret = HDB_ERR_NOENTRY;
-	goto out;
-    }
-
-    rc = ldap_set_option((LDAP *) db->db, LDAP_OPT_SIZELIMIT, (const void *)&limit);
-    if (rc != LDAP_SUCCESS) {
-	krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
-	ret = HDB_ERR_BADVERSION;
-	goto out;
-    }
-
-    rc = ldap_delete_s((LDAP *) db->db, dn);
-    if (rc == LDAP_SUCCESS) {
-	ret = 0;
-    } else {
-	krb5_set_error_string(context, "ldap_delete_s: %s", ldap_err2string(rc));
-	ret = HDB_ERR_CANT_LOCK_DB;
-    }
-
-  out:
-    if (dn != NULL) {
-	free(dn);
-    }
-
-    if (msg != NULL) {
-	ldap_msgfree(msg);
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-LDAP__get(krb5_context context, HDB * db, krb5_data key, krb5_data * reply)
-{
-    fprintf(stderr, "LDAP__get not implemented\n");
-    abort();
-    return 0;
-}
-
-static krb5_error_code
-LDAP__put(krb5_context context, HDB * db, int replace,
-	  krb5_data key, krb5_data value)
-{
-    fprintf(stderr, "LDAP__put not implemented\n");
-    abort();
-    return 0;
-}
-
-static krb5_error_code
-LDAP__del(krb5_context context, HDB * db, krb5_data key)
-{
-    fprintf(stderr, "LDAP__del not implemented\n");
-    abort();
-    return 0;
-}
-
-static krb5_error_code LDAP_destroy(krb5_context context, HDB * db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key(context, db);
-    if (db->name != NULL) {
-	free(db->name);
-    }
-    free(db);
-
-    return ret;
-}
-
-krb5_error_code
-hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
-{
-    *db = malloc(sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->db = NULL;
-
-    if (arg == NULL || arg[0] == '\0') {
-	/*
-	 * if no argument specified in the configuration file
-	 * then use NULL, which tells OpenLDAP to look in
-	 * the ldap.conf file. This doesn't work for
-	 * writing entries because we don't know where to
-	 * put new principals.
-	 */
-	(*db)->name = NULL;
-    } else {
-	(*db)->name = strdup(arg); 
-	if ((*db)->name == NULL) {
-	    krb5_set_error_string(context, "strdup: out of memory");
-	    free(*db);
-	    *db = NULL;
-	    return ENOMEM;
-	}
-    }
-
-    (*db)->master_key_set = 0;
-    (*db)->openp = 0;
-    (*db)->open = LDAP_open;
-    (*db)->close = LDAP_close;
-    (*db)->fetch = LDAP_fetch;
-    (*db)->store = LDAP_store;
-    (*db)->remove = LDAP_remove;
-    (*db)->firstkey = LDAP_firstkey;
-    (*db)->nextkey = LDAP_nextkey;
-    (*db)->lock = LDAP_lock;
-    (*db)->unlock = LDAP_unlock;
-    (*db)->rename = LDAP_rename;
-    /* can we ditch these? */
-    (*db)->_get = LDAP__get;
-    (*db)->_put = LDAP__put;
-    (*db)->_del = LDAP__del;
-    (*db)->destroy = LDAP_destroy;
-
-    return 0;
-}
-
-#endif				/* OPENLDAP */
diff --git a/crypto/heimdal/lib/hdb/hdb-private.h b/crypto/heimdal/lib/hdb/hdb-private.h
deleted file mode 100644
index a47de7021064..000000000000
--- a/crypto/heimdal/lib/hdb/hdb-private.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/* This is a generated file */
-#ifndef __hdb_private_h__
-#define __hdb_private_h__
-
-#include <stdarg.h>
-
-krb5_error_code
-_hdb_fetch (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_entry */*entry*/);
-
-krb5_error_code
-_hdb_remove (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*entry*/);
-
-krb5_error_code
-_hdb_store (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_entry */*entry*/);
-
-#endif /* __hdb_private_h__ */
diff --git a/crypto/heimdal/lib/hdb/hdb-protos.h b/crypto/heimdal/lib/hdb/hdb-protos.h
deleted file mode 100644
index ce85fcb05642..000000000000
--- a/crypto/heimdal/lib/hdb/hdb-protos.h
+++ /dev/null
@@ -1,188 +0,0 @@
-/* This is a generated file */
-#ifndef __hdb_protos_h__
-#define __hdb_protos_h__
-
-#include <stdarg.h>
-
-krb5_error_code
-hdb_add_master_key (
-	krb5_context /*context*/,
-	krb5_keyblock */*key*/,
-	hdb_master_key */*inout*/);
-
-krb5_error_code
-hdb_check_db_format (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-krb5_error_code
-hdb_clear_master_key (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-krb5_error_code
-hdb_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_db_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_enctype2key (
-	krb5_context /*context*/,
-	hdb_entry */*e*/,
-	krb5_enctype /*enctype*/,
-	Key **/*key*/);
-
-krb5_error_code
-hdb_entry2string (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	char **/*str*/);
-
-int
-hdb_entry2value (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	krb5_data */*value*/);
-
-krb5_error_code
-hdb_foreach (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	unsigned /*flags*/,
-	hdb_foreach_func_t /*func*/,
-	void */*data*/);
-
-void
-hdb_free_entry (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/);
-
-void
-hdb_free_key (Key */*key*/);
-
-void
-hdb_free_master_key (
-	krb5_context /*context*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_init_db (
-	krb5_context /*context*/,
-	HDB */*db*/);
-
-int
-hdb_key2principal (
-	krb5_context /*context*/,
-	krb5_data */*key*/,
-	krb5_principal /*p*/);
-
-krb5_error_code
-hdb_ldap_create (
-	krb5_context /*context*/,
-	HDB ** /*db*/,
-	const char */*arg*/);
-
-krb5_error_code
-hdb_lock (
-	int /*fd*/,
-	int /*operation*/);
-
-krb5_error_code
-hdb_ndbm_create (
-	krb5_context /*context*/,
-	HDB **/*db*/,
-	const char */*filename*/);
-
-krb5_error_code
-hdb_next_enctype2key (
-	krb5_context /*context*/,
-	const hdb_entry */*e*/,
-	krb5_enctype /*enctype*/,
-	Key **/*key*/);
-
-int
-hdb_principal2key (
-	krb5_context /*context*/,
-	krb5_principal /*p*/,
-	krb5_data */*key*/);
-
-krb5_error_code
-hdb_print_entry (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*entry*/,
-	void */*data*/);
-
-krb5_error_code
-hdb_process_master_key (
-	krb5_context /*context*/,
-	int /*kvno*/,
-	krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	hdb_master_key */*mkey*/);
-
-krb5_error_code
-hdb_read_master_key (
-	krb5_context /*context*/,
-	const char */*filename*/,
-	hdb_master_key */*mkey*/);
-
-krb5_error_code
-hdb_seal_keys (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_seal_keys_mkey (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	hdb_master_key /*mkey*/);
-
-krb5_error_code
-hdb_set_master_key (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-hdb_set_master_keyfile (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	const char */*keyfile*/);
-
-krb5_error_code
-hdb_unlock (int /*fd*/);
-
-krb5_error_code
-hdb_unseal_keys (
-	krb5_context /*context*/,
-	HDB */*db*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_unseal_keys_mkey (
-	krb5_context /*context*/,
-	hdb_entry */*ent*/,
-	hdb_master_key /*mkey*/);
-
-int
-hdb_value2entry (
-	krb5_context /*context*/,
-	krb5_data */*value*/,
-	hdb_entry */*ent*/);
-
-krb5_error_code
-hdb_write_master_key (
-	krb5_context /*context*/,
-	const char */*filename*/,
-	hdb_master_key /*mkey*/);
-
-#endif /* __hdb_protos_h__ */
diff --git a/crypto/heimdal/lib/hdb/hdb.asn1 b/crypto/heimdal/lib/hdb/hdb.asn1
deleted file mode 100644
index 084d5a1bb2c5..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.asn1
+++ /dev/null
@@ -1,70 +0,0 @@
--- $Id: hdb.asn1,v 1.9 2001/06/21 14:54:53 joda Exp $
-HDB DEFINITIONS ::=
-BEGIN
-
-IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5;
-
-HDB_DB_FORMAT INTEGER ::= 2	-- format of database, 
-				-- update when making changes
-
--- these must have the same value as the pa-* counterparts
-hdb-pw-salt	INTEGER	::= 3
-hdb-afs3-salt	INTEGER	::= 10
-
-Salt ::= SEQUENCE {
-	type[0]		INTEGER,
-	salt[1]		OCTET STRING
-}
-
-Key ::= SEQUENCE {
-	mkvno[0]	INTEGER OPTIONAL,	-- master key version number
-	key[1]		EncryptionKey,
-	salt[2]		Salt OPTIONAL
-}
-
-Event ::= SEQUENCE {
-	time[0]		KerberosTime,
-	principal[1]	Principal OPTIONAL
-}
-
-HDBFlags ::= BIT STRING {
-	initial(0),		-- require as-req
-	forwardable(1),		-- may issue forwardable
-	proxiable(2),		-- may issue proxiable
-	renewable(3),		-- may issue renewable
-	postdate(4),		-- may issue postdatable
-	server(5),		-- may be server
-	client(6),		-- may be client
-	invalid(7),		-- entry is invalid
-	require-preauth(8),	-- must use preauth
-	change-pw(9),		-- change password service
-	require-hwauth(10),	-- must use hwauth
-	ok-as-delegate(11),	-- as in TicketFlags
-	user-to-user(12),	-- may use user-to-user auth
-	immutable(13)		-- may not be deleted
-}
-
-GENERATION ::= SEQUENCE {
-	time[0]		KerberosTime,	-- timestamp
-	usec[1]		INTEGER,	-- microseconds
-	gen[2]		INTEGER		-- generation number
-}
-
-hdb_entry ::= SEQUENCE {
-	principal[0]	Principal  OPTIONAL, -- this is optional only 
-					     -- for compatibility with libkrb5
-	kvno[1]		INTEGER,
-	keys[2]		SEQUENCE OF Key,
-	created-by[3]	Event,
-	modified-by[4]	Event OPTIONAL,
-	valid-start[5]	KerberosTime OPTIONAL,
-	valid-end[6]	KerberosTime OPTIONAL,
-	pw-end[7]	KerberosTime OPTIONAL,
-	max-life[8]	INTEGER OPTIONAL,
-	max-renew[9]	INTEGER OPTIONAL,
-	flags[10]	HDBFlags,
-	etypes[11]	SEQUENCE OF INTEGER OPTIONAL,
-	generation[12]	GENERATION OPTIONAL
-}
-
-END
diff --git a/crypto/heimdal/lib/hdb/hdb.c b/crypto/heimdal/lib/hdb/hdb.c
deleted file mode 100644
index 95fde19db70b..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: hdb.c,v 1.44 2001/08/09 08:41:48 assar Exp $");
-
-struct hdb_method {
-    const char *prefix;
-    krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
-};
-
-static struct hdb_method methods[] = {
-#if HAVE_DB1 || HAVE_DB3
-    {"db:",	hdb_db_create},
-#endif
-#if HAVE_NDBM
-    {"ndbm:",	hdb_ndbm_create},
-#endif
-#ifdef OPENLDAP
-    {"ldap:",	hdb_ldap_create},
-#endif
-#if HAVE_DB1 || HAVE_DB3
-    {"",	hdb_db_create},
-#elif defined(HAVE_NDBM)
-    {"",	hdb_ndbm_create},
-#elif defined(OPENLDAP)
-    {"",	hdb_ldap_create},
-#endif
-    {NULL,	NULL}
-};
-
-krb5_error_code
-hdb_next_enctype2key(krb5_context context,
-		     const hdb_entry *e,
-		     krb5_enctype enctype,
-		     Key **key)
-{
-    Key *k;
-    
-    for (k = *key ? (*key) + 1 : e->keys.val;
-	 k < e->keys.val + e->keys.len; 
-	 k++)
-	if(k->key.keytype == enctype){
-	    *key = k;
-	    return 0;
-	}
-    return KRB5_PROG_ETYPE_NOSUPP; /* XXX */
-}
-
-krb5_error_code
-hdb_enctype2key(krb5_context context, 
-		hdb_entry *e, 
-		krb5_enctype enctype, 
-		Key **key)
-{
-    *key = NULL;
-    return hdb_next_enctype2key(context, e, enctype, key);
-}
-
-void
-hdb_free_key(Key *key)
-{
-    memset(key->key.keyvalue.data, 
-	   0,
-	   key->key.keyvalue.length);
-    free_Key(key);
-    free(key);
-}
-
-
-krb5_error_code
-hdb_lock(int fd, int operation)
-{
-    int i, code = 0;
-
-    for(i = 0; i < 3; i++){
-	code = flock(fd, (operation == HDB_RLOCK ? LOCK_SH : LOCK_EX) | LOCK_NB);
-	if(code == 0 || errno != EWOULDBLOCK)
-	    break;
-	sleep(1);
-    }
-    if(code == 0)
-	return 0;
-    if(errno == EWOULDBLOCK)
-	return HDB_ERR_DB_INUSE;
-    return HDB_ERR_CANT_LOCK_DB;
-}
-
-krb5_error_code
-hdb_unlock(int fd)
-{
-    int code;
-    code = flock(fd, LOCK_UN);
-    if(code)
-	return 4711 /* XXX */;
-    return 0;
-}
-
-void
-hdb_free_entry(krb5_context context, hdb_entry *ent)
-{
-    int i;
-
-    for(i = 0; i < ent->keys.len; ++i) {
-	Key *k = &ent->keys.val[i];
-
-	memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
-    }
-    free_hdb_entry(ent);
-}
-
-krb5_error_code
-hdb_foreach(krb5_context context,
-	    HDB *db,
-	    unsigned flags,
-	    hdb_foreach_func_t func,
-	    void *data)
-{
-    krb5_error_code ret;
-    hdb_entry entry;
-    ret = db->firstkey(context, db, flags, &entry);
-    while(ret == 0){
-	ret = (*func)(context, db, &entry, data);
-	hdb_free_entry(context, &entry);
-	if(ret == 0)
-	    ret = db->nextkey(context, db, flags, &entry);
-    }
-    if(ret == HDB_ERR_NOENTRY)
-	ret = 0;
-    return ret;
-}
-
-krb5_error_code
-hdb_check_db_format(krb5_context context, HDB *db)
-{
-    krb5_data tag;
-    krb5_data version;
-    krb5_error_code ret;
-    unsigned ver;
-    int foo;
-
-    tag.data = HDB_DB_FORMAT_ENTRY;
-    tag.length = strlen(tag.data);
-    ret = (*db->_get)(context, db, tag, &version);
-    if(ret)
-	return ret;
-    foo = sscanf(version.data, "%u", &ver);
-    krb5_data_free (&version);
-    if (foo != 1)
-	return HDB_ERR_BADVERSION;
-    if(ver != HDB_DB_FORMAT)
-	return HDB_ERR_BADVERSION;
-    return 0;
-}
-
-krb5_error_code
-hdb_init_db(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-    krb5_data tag;
-    krb5_data version;
-    char ver[32];
-    
-    ret = hdb_check_db_format(context, db);
-    if(ret != HDB_ERR_NOENTRY)
-	return ret;
-    
-    tag.data = HDB_DB_FORMAT_ENTRY;
-    tag.length = strlen(tag.data);
-    snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
-    version.data = ver;
-    version.length = strlen(version.data) + 1; /* zero terminated */
-    ret = (*db->_put)(context, db, 0, tag, version);
-    return ret;
-}
-
-/*
- * find the relevant method for `filename', returning a pointer to the
- * rest in `rest'.
- * return NULL if there's no such method.
- */
-
-static const struct hdb_method *
-find_method (const char *filename, const char **rest)
-{
-    const struct hdb_method *h;
-
-    for (h = methods; h->prefix != NULL; ++h)
-	if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) {
-	    *rest = filename + strlen(h->prefix);
-	    return h;
-	}
-    return NULL;
-}
-
-krb5_error_code
-hdb_create(krb5_context context, HDB **db, const char *filename)
-{
-    const struct hdb_method *h;
-    const char *residual;
-
-    if(filename == NULL)
-	filename = HDB_DEFAULT_DB;
-    krb5_add_et_list(context, initialize_hdb_error_table_r);
-    h = find_method (filename, &residual);
-    if (h == NULL)
-	krb5_errx(context, 1, "No database support! (hdb_create)");
-    return (*h->create)(context, db, residual);
-}
diff --git a/crypto/heimdal/lib/hdb/hdb.h b/crypto/heimdal/lib/hdb/hdb.h
deleted file mode 100644
index 21d739b98b86..000000000000
--- a/crypto/heimdal/lib/hdb/hdb.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hdb.h,v 1.31 2000/07/08 16:03:37 joda Exp $ */
-
-#ifndef __HDB_H__
-#define __HDB_H__
-
-#include <hdb_err.h>
-
-#include <hdb_asn1.h>
-
-enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
-
-/* flags for various functions */
-#define HDB_F_DECRYPT	1 /* decrypt keys */
-#define HDB_F_REPLACE	2 /* replace entry */
-
-/* key usage for master key */
-#define HDB_KU_MKEY	0x484442
-
-typedef struct hdb_master_key_data *hdb_master_key;
-
-typedef struct HDB{
-    void *db;
-    void *dbc;
-    char *name;
-    int master_key_set;
-    hdb_master_key master_key;
-    int openp;
-
-    krb5_error_code (*open)(krb5_context, struct HDB*, int, mode_t);
-    krb5_error_code (*close)(krb5_context, struct HDB*);
-    krb5_error_code (*fetch)(krb5_context, struct HDB*, unsigned, hdb_entry*);
-    krb5_error_code (*store)(krb5_context, struct HDB*, unsigned, hdb_entry*);
-    krb5_error_code (*remove)(krb5_context, struct HDB*, hdb_entry*);
-    krb5_error_code (*firstkey)(krb5_context, struct HDB*, 
-				unsigned, hdb_entry*);
-    krb5_error_code (*nextkey)(krb5_context, struct HDB*, 
-			       unsigned, hdb_entry*);
-    krb5_error_code (*lock)(krb5_context, struct HDB*, int operation);
-    krb5_error_code (*unlock)(krb5_context, struct HDB*);
-    krb5_error_code (*rename)(krb5_context, struct HDB*, const char*);
-    krb5_error_code (*_get)(krb5_context, struct HDB*, krb5_data, krb5_data*);
-    krb5_error_code (*_put)(krb5_context, struct HDB*, int, 
-			    krb5_data, krb5_data);
-    krb5_error_code (*_del)(krb5_context, struct HDB*, krb5_data);
-    krb5_error_code (*destroy)(krb5_context, struct HDB*);
-}HDB;
-
-#define HDB_DB_DIR "/var/heimdal"
-#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
-#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
-
-typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
-					      hdb_entry*, void*);
-extern krb5_kt_ops hdb_kt_ops;
-
-#include <hdb-protos.h>
-
-#endif /* __HDB_H__ */
diff --git a/crypto/heimdal/lib/hdb/hdb_err.et b/crypto/heimdal/lib/hdb/hdb_err.et
deleted file mode 100644
index 9929a56311e5..000000000000
--- a/crypto/heimdal/lib/hdb/hdb_err.et
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# Error messages for the hdb library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: hdb_err.et,v 1.5 2001/01/28 23:05:52 assar Exp $"
-
-error_table hdb
-
-prefix HDB_ERR
-
-index 1
-#error_code INUSE,		"Entry already exists in database"
-error_code UK_SERROR,		"Database store error"
-error_code UK_RERROR,		"Database read error"
-error_code NOENTRY,		"No such entry in the database"
-error_code DB_INUSE,		"Database is locked or in use--try again later"
-error_code DB_CHANGED,		"Database was modified during read"
-error_code RECURSIVELOCK,	"Attempt to lock database twice"
-error_code NOTLOCKED,		"Attempt to unlock database when not locked"
-error_code BADLOCKMODE,		"Invalid kdb lock mode"
-error_code CANT_LOCK_DB,	"Insufficient access to lock database"
-error_code EXISTS,		"Entry already exists in database"
-error_code BADVERSION,		"Wrong database version"
-error_code NO_MKEY,		"No correct master key"
-
-end
diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h
deleted file mode 100644
index 95c706040085..000000000000
--- a/crypto/heimdal/lib/hdb/hdb_locl.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: hdb_locl.h,v 1.18 2002/09/10 20:03:48 joda Exp $ */
-
-#ifndef __HDB_LOCL_H__
-#define __HDB_LOCL_H__
-
-#include <config.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#include <roken.h>
-
-#include "crypto-headers.h"
-#include <krb5.h>
-#include <hdb.h>
-#include <hdb-private.h>
-
-#endif /* __HDB_LOCL_H__ */
diff --git a/crypto/heimdal/lib/hdb/keytab.c b/crypto/heimdal/lib/hdb/keytab.c
deleted file mode 100644
index 6ede2b9c1f00..000000000000
--- a/crypto/heimdal/lib/hdb/keytab.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-/* keytab backend for HDB databases */
-
-RCSID("$Id: keytab.c,v 1.5 2002/08/26 13:28:11 assar Exp $");
-
-struct hdb_data {
-    char *dbname;
-    char *mkey;
-};
-
-/*
- * the format for HDB keytabs is:
- * HDB:[database:mkey]
- */
-
-static krb5_error_code
-hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct hdb_data *d;
-    const char *db, *mkey;
-
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    db = name;
-    mkey = strchr(name, ':');
-    if(mkey == NULL || mkey[1] == '\0') {
-	if(*name == '\0')
-	    d->dbname = NULL;
-	else {
-	    d->dbname = strdup(name);
-	    if(d->dbname == NULL) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	}
-	d->mkey = NULL;
-    } else {
-	if((mkey - db) == 0) {
-	    d->dbname = NULL;
-	} else {
-	    d->dbname = malloc(mkey - db);
-	    if(d->dbname == NULL) {
-		free(d);
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memmove(d->dbname, db, mkey - db);
-	    d->dbname[mkey - db] = '\0';
-	}
-	d->mkey = strdup(mkey + 1);
-	if(d->mkey == NULL) {
-	    free(d->dbname);
-	    free(d);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-hdb_close(krb5_context context, krb5_keytab id)
-{
-    struct hdb_data *d = id->data;
-
-    free(d->dbname);
-    free(d->mkey);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-hdb_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    struct hdb_data *d = id->data;
-
-    snprintf(name, namesize, "%s%s%s", 
-	     d->dbname ? d->dbname : "",
-	     (d->dbname || d->mkey) ? ":" : "",
-	     d->mkey ? d->mkey : "");
-    return 0;
-}
-
-static void
-set_config (krb5_context context,
-	    krb5_config_binding *binding,
-	    const char **dbname,
-	    const char **mkey)
-{
-    *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
-    *mkey   = krb5_config_get_string(context, binding, "mkey_file", NULL);
-}
-
-/*
- * try to figure out the database (`dbname') and master-key (`mkey')
- * that should be used for `principal'.
- */
-
-static void
-find_db (krb5_context context,
-	 const char **dbname,
-	 const char **mkey,
-	 krb5_const_principal principal)
-{
-    const krb5_config_binding *top_bind = NULL;
-    krb5_config_binding *default_binding = NULL;
-    krb5_config_binding *db;
-    krb5_realm *prealm = krb5_princ_realm(context, (krb5_principal)principal);
-
-    *dbname = *mkey = NULL;
-
-    while ((db = (krb5_config_binding *)
-	    krb5_config_get_next(context,
-				 NULL,
-				 &top_bind,
-				 krb5_config_list,
-				 "kdc",
-				 "database",
-				 NULL)) != NULL) {
-	const char *p;
-	
-	p = krb5_config_get_string (context, db, "realm", NULL);
-	if (p == NULL) {
-	    if(default_binding) {
-		krb5_warnx(context, "WARNING: more than one realm-less "
-			   "database specification");
-		krb5_warnx(context, "WARNING: using the first encountered");
-	    } else
-		default_binding = db;
-	} else if (strcmp (*prealm, p) == 0) {
-	    set_config (context, db, dbname, mkey);
-	    break;
-	}
-    }
-    if (*dbname == NULL && default_binding != NULL)
-	set_config (context, default_binding, dbname, mkey);
-    if (*dbname == NULL)
-	*dbname = HDB_DEFAULT_DB;
-}
-
-/*
- * find the keytab entry in `id' for `principal, kvno, enctype' and return
- * it in `entry'.  return 0 or an error code
- */
-
-static krb5_error_code
-hdb_get_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_const_principal principal,
-	      krb5_kvno kvno,
-	      krb5_enctype enctype,
-	      krb5_keytab_entry *entry)
-{
-    hdb_entry ent;
-    krb5_error_code ret;
-    struct hdb_data *d = id->data;
-    int i;
-    HDB *db;
-    const char *dbname = d->dbname;
-    const char *mkey   = d->mkey;
-
-    if (dbname == NULL)
-	find_db (context, &dbname, &mkey, principal);
-
-    ret = hdb_create (context, &db, dbname);
-    if (ret)
-	return ret;
-    ret = hdb_set_master_keyfile (context, db, mkey);
-    if (ret) {
-	(*db->destroy)(context, db);
-	return ret;
-    }
-	
-    ret = (*db->open)(context, db, O_RDONLY, 0);
-    if (ret) {
-	(*db->destroy)(context, db);
-	return ret;
-    }
-    ent.principal = (krb5_principal)principal;
-    ret = (*db->fetch)(context, db, HDB_F_DECRYPT, &ent);
-    (*db->close)(context, db);
-    (*db->destroy)(context, db);
-
-    if(ret == HDB_ERR_NOENTRY)
-	return KRB5_KT_NOTFOUND;
-    else if(ret)
-	return ret;
-    if(kvno && ent.kvno != kvno) {
-	hdb_free_entry(context, &ent);
- 	return KRB5_KT_NOTFOUND;
-    }
-    if(enctype == 0)
-	if(ent.keys.len > 0)
-	    enctype = ent.keys.val[0].key.keytype;
-    ret = KRB5_KT_NOTFOUND;
-    for(i = 0; i < ent.keys.len; i++) {
-	if(ent.keys.val[i].key.keytype == enctype) {
-	    krb5_copy_principal(context, principal, &entry->principal);
-	    entry->vno = ent.kvno;
-	    krb5_copy_keyblock_contents(context, 
-					&ent.keys.val[i].key, 
-					&entry->keyblock);
-	    ret = 0;
-	    break;
-	}
-    }
-    hdb_free_entry(context, &ent);
-    return ret;
-}
-
-krb5_kt_ops hdb_kt_ops = {
-    "HDB",
-    hdb_resolve,
-    hdb_get_name,
-    hdb_close,
-    hdb_get_entry,
-    NULL,		/* start_seq_get */
-    NULL,		/* next_entry */
-    NULL,		/* end_seq_get */
-    NULL,		/* add */
-    NULL		/* remove */
-};
diff --git a/crypto/heimdal/lib/hdb/libasn1.h b/crypto/heimdal/lib/hdb/libasn1.h
deleted file mode 100644
index ef02d7c7e7ae..000000000000
--- a/crypto/heimdal/lib/hdb/libasn1.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: libasn1.h,v 1.5 2001/04/18 16:21:33 joda Exp $ */
-
-#ifndef __LIBASN1_H__
-#define __LIBASN1_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <errno.h>
-#include <krb5_asn1.h>
-#include <der.h>
-#include "hdb_asn1.h"
-#include <asn1_err.h>
-#include <parse_units.h>
-
-#endif /* __LIBASN1_H__ */
diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c
deleted file mode 100644
index 92bcd86f3ad8..000000000000
--- a/crypto/heimdal/lib/hdb/mkey.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-RCSID("$Id: mkey.c,v 1.15 2003/03/28 02:01:33 lha Exp $");
-
-struct hdb_master_key_data {
-    krb5_keytab_entry keytab;
-    krb5_crypto crypto;
-    struct hdb_master_key_data *next;
-};
-
-void
-hdb_free_master_key(krb5_context context, hdb_master_key mkey)
-{
-    struct hdb_master_key_data *ptr;
-    while(mkey) {
-	krb5_kt_free_entry(context, &mkey->keytab);
-	if (mkey->crypto)
-	    krb5_crypto_destroy(context, mkey->crypto);
-	ptr = mkey;
-	mkey = mkey->next;
-	free(ptr);
-    }
-}
-
-krb5_error_code
-hdb_process_master_key(krb5_context context,
-		       int kvno, krb5_keyblock *key, krb5_enctype etype,
-		       hdb_master_key *mkey)
-{
-    krb5_error_code ret;
-
-    *mkey = calloc(1, sizeof(**mkey));
-    if(*mkey == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*mkey)->keytab.vno = kvno;
-    ret = krb5_parse_name(context, "K/M", &(*mkey)->keytab.principal);
-    if(ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents(context, key, &(*mkey)->keytab.keyblock);
-    if(ret)
-	goto fail;
-    if(etype != 0)
-	(*mkey)->keytab.keyblock.keytype = etype;
-    (*mkey)->keytab.timestamp = time(NULL);
-    ret = krb5_crypto_init(context, key, etype, &(*mkey)->crypto);
-    if(ret)
-	goto fail;
-    return 0;
- fail:
-    hdb_free_master_key(context, *mkey);
-    *mkey = NULL;
-    return ret;
-}
-
-krb5_error_code
-hdb_add_master_key(krb5_context context, krb5_keyblock *key,
-		   hdb_master_key *inout)
-{
-    int vno = 0;
-    hdb_master_key p;
-    krb5_error_code ret;
-
-    for(p = *inout; p; p = p->next)
-	vno = max(vno, p->keytab.vno);
-    vno++;
-    ret = hdb_process_master_key(context, vno, key, 0, &p);
-    if(ret)
-	return ret;
-    p->next = *inout;
-    *inout = p;
-    return 0;
-}
-
-static krb5_error_code
-read_master_keytab(krb5_context context, const char *filename, 
-		   hdb_master_key *mkey)
-{
-    krb5_error_code ret;
-    krb5_keytab id;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    hdb_master_key p;
-    
-    ret = krb5_kt_resolve(context, filename, &id);
-    if(ret)
-	return ret;
-
-    ret = krb5_kt_start_seq_get(context, id, &cursor);
-    if(ret)
-	goto out;
-    *mkey = NULL;
-    while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) {
-	p = calloc(1, sizeof(*p));
-	p->keytab = entry;
-	ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto);
-	p->next = *mkey;
-	*mkey = p;
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-  out:
-    krb5_kt_close(context, id);
-    return ret;
-}
-
-/* read a MIT master keyfile */
-static krb5_error_code
-read_master_mit(krb5_context context, const char *filename, 
-		hdb_master_key *mkey)
-{
-    int fd;
-    krb5_error_code ret;
-    krb5_storage *sp;
-    u_int16_t enctype;
-    krb5_keyblock key;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", filename,
-			      strerror(save_errno));
-	return save_errno;
-    }
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	return errno;
-    }
-    krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER);
-#if 0
-    /* could possibly use ret_keyblock here, but do it with more
-       checks for now */
-    ret = krb5_ret_keyblock(sp, &key);
-#else
-    ret = krb5_ret_int16(sp, &enctype);
-    if((htons(enctype) & 0xff00) == 0x3000) {
-	krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", 
-			      filename, htons(enctype), 0x3000);
-	ret = HEIM_ERR_BAD_MKEY;
-	goto out;
-    }
-    key.keytype = enctype;
-    ret = krb5_ret_data(sp, &key.keyvalue);
-    if(ret)
-	goto out;
-#endif
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-  out:
-    krb5_storage_free(sp);
-    close(fd);
-    return ret;
-}
-
-/* read an old master key file */
-static krb5_error_code
-read_master_encryptionkey(krb5_context context, const char *filename, 
-			  hdb_master_key *mkey)
-{
-    int fd;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    unsigned char buf[256];
-    ssize_t len;
-    size_t ret_len;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    len = read(fd, buf, sizeof(buf));
-    close(fd);
-    if(len < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "error reading %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-
-    ret = decode_EncryptionKey(buf, len, &key, &ret_len);
-    memset(buf, 0, sizeof(buf));
-    if(ret)
-	return ret;
-
-    /* Originally, the keytype was just that, and later it got changed
-       to des-cbc-md5, but we always used des in cfb64 mode. This
-       should cover all cases, but will break if someone has hacked
-       this code to really use des-cbc-md5 -- but then that's not my
-       problem. */
-    if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5)
-	key.keytype = ETYPE_DES_CFB64_NONE;
-    
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-    return ret;
-}
-
-/* read a krb4 /.k style file */
-static krb5_error_code
-read_master_krb4(krb5_context context, const char *filename, 
-		 hdb_master_key *mkey)
-{
-    int fd;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    unsigned char buf[256];
-    ssize_t len;
-	       
-    fd = open(filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    len = read(fd, buf, sizeof(buf));
-    close(fd);
-    if(len < 0) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "error reading %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    if(len != 8) {
-	krb5_set_error_string(context, "bad contents of %s", filename);
-	return HEIM_ERR_EOF; /* XXX file might be too large */
-    }
-
-    memset(&key, 0, sizeof(key));
-    key.keytype = ETYPE_DES_PCBC_NONE;
-    ret = krb5_data_copy(&key.keyvalue, buf, len);
-    memset(buf, 0, sizeof(buf));
-    if(ret) 
-	return ret;
-
-    ret = hdb_process_master_key(context, 0, &key, 0, mkey);
-    krb5_free_keyblock_contents(context, &key);
-    return ret;
-}
-
-krb5_error_code
-hdb_read_master_key(krb5_context context, const char *filename, 
-		    hdb_master_key *mkey)
-{
-    FILE *f;
-    unsigned char buf[16];
-    krb5_error_code ret;
-
-    off_t len;
-
-    *mkey = NULL;
-
-    if(filename == NULL)
-	filename = HDB_DB_DIR "/m-key";
-
-    f = fopen(filename, "r");
-    if(f == NULL) {
-	int save_errno = errno;
-	krb5_set_error_string(context, "failed to open %s: %s", 
-			      filename, strerror(save_errno));
-	return save_errno;
-    }
-    
-    if(fread(buf, 1, 2, f) != 2) {
-	krb5_set_error_string(context, "end of file reading %s", filename);
-	fclose(f);
-	return HEIM_ERR_EOF;
-    }
-    
-    fseek(f, 0, SEEK_END);
-    len = ftell(f);
-
-    if(fclose(f) != 0)
-	return errno;
-    
-    if(len < 0)
-	return errno;
-    
-    if(len == 8) {
-	ret = read_master_krb4(context, filename, mkey);
-    } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) {
-	ret = read_master_encryptionkey(context, filename, mkey);
-    } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) {
-	ret = read_master_keytab(context, filename, mkey);
-    } else {
-	ret = read_master_mit(context, filename, mkey);
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_write_master_key(krb5_context context, const char *filename, 
-		     hdb_master_key mkey)
-{
-    krb5_error_code ret;
-    hdb_master_key p;
-    krb5_keytab kt;
-
-    if(filename == NULL)
-	filename = HDB_DB_DIR "/m-key";
-
-    ret = krb5_kt_resolve(context, filename, &kt);
-    if(ret)
-	return ret;
-
-    for(p = mkey; p; p = p->next) {
-	ret = krb5_kt_add_entry(context, kt, &p->keytab);
-    }
-
-    krb5_kt_close(context, kt);
-
-    return ret;
-}
-
-static hdb_master_key
-find_master_key(Key *key, hdb_master_key mkey)
-{
-    hdb_master_key ret = NULL;
-    while(mkey) {
-	if(ret == NULL && mkey->keytab.vno == 0)
-	    ret = mkey;
-	if(key->mkvno == NULL) {
-	    if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
-		ret = mkey;
-	} else if(mkey->keytab.vno == *key->mkvno)
-	    return mkey;
-	mkey = mkey->next;
-    }
-    return ret;
-}
-
-krb5_error_code
-hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_data res;
-    size_t keysize;
-    Key *k;
-
-    for(i = 0; i < ent->keys.len; i++){
-	hdb_master_key key;
-
-	k = &ent->keys.val[i];
-	if(k->mkvno == NULL)
-	    continue;
-
-	key = find_master_key(&ent->keys.val[i], mkey);
-
-	if (key == NULL)
-	    return HDB_ERR_NO_MKEY;
-
-	ret = krb5_decrypt(context, key->crypto, HDB_KU_MKEY,
-			   k->key.keyvalue.data,
-			   k->key.keyvalue.length,
-			   &res);
-	if (ret)
-	    return ret;
-
-	/* fixup keylength if the key got padded when encrypting it */
-	ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
-	if (ret) {
-	    krb5_data_free(&res);
-	    return ret;
-	}
-	if (keysize > res.length) {
-	    krb5_data_free(&res);
-	    return KRB5_BAD_KEYSIZE;
-	}
-
-	memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
-	free(k->key.keyvalue.data);
-	k->key.keyvalue = res;
-	k->key.keyvalue.length = keysize;
-	free(k->mkvno);
-	k->mkvno = NULL;
-    }
-    return 0;
-}
-
-krb5_error_code
-hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent)
-{
-    if (db->master_key_set == 0)
-	return 0;
-    return hdb_unseal_keys_mkey(context, ent, db->master_key);
-}
-
-krb5_error_code
-hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_data res;
-    for(i = 0; i < ent->keys.len; i++){
-	Key *k = &ent->keys.val[i];
-	hdb_master_key key;
-
-	if(k->mkvno != NULL)
-	    continue;
-
-	key = find_master_key(k, mkey);
-
-	if (key == NULL)
-	    return HDB_ERR_NO_MKEY;
-
-	ret = krb5_encrypt(context, key->crypto, HDB_KU_MKEY,
-			   k->key.keyvalue.data,
-			   k->key.keyvalue.length,
-			   &res);
-	if (ret)
-	    return ret;
-
-	memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
-	free(k->key.keyvalue.data);
-	k->key.keyvalue = res;
-
-	k->mkvno = malloc(sizeof(*k->mkvno));
-	if (k->mkvno == NULL)
-	    return ENOMEM;
-	*k->mkvno = key->keytab.vno;
-    }
-    return 0;
-}
-
-krb5_error_code
-hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent)
-{
-    if (db->master_key_set == 0)
-	return 0;
-    
-    return hdb_seal_keys_mkey(context, ent, db->master_key);
-}
-
-krb5_error_code
-hdb_set_master_key (krb5_context context,
-		    HDB *db,
-		    krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    hdb_master_key mkey;
-
-    ret = hdb_process_master_key(context, 0, key, 0, &mkey);
-    if (ret)
-	return ret;
-    db->master_key = mkey;
-#if 0 /* XXX - why? */
-    des_set_random_generator_seed(key.keyvalue.data);
-#endif
-    db->master_key_set = 1;
-    return 0;
-}
-
-krb5_error_code
-hdb_set_master_keyfile (krb5_context context,
-			HDB *db,
-			const char *keyfile)
-{
-    hdb_master_key key;
-    krb5_error_code ret;
-
-    ret = hdb_read_master_key(context, keyfile, &key);
-    if (ret) {
-	if (ret != ENOENT)
-	    return ret;
-	krb5_clear_error_string(context);
-	return 0;
-    }
-    db->master_key = key;
-    db->master_key_set = 1;
-    return ret;
-}
-
-krb5_error_code
-hdb_clear_master_key (krb5_context context,
-		      HDB *db)
-{
-    if (db->master_key_set) {
-	hdb_free_master_key(context, db->master_key);
-	db->master_key_set = 0;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/ndbm.c b/crypto/heimdal/lib/hdb/ndbm.c
deleted file mode 100644
index c162145294d1..000000000000
--- a/crypto/heimdal/lib/hdb/ndbm.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "hdb_locl.h"
-
-RCSID("$Id: ndbm.c,v 1.33 2001/09/03 05:03:01 assar Exp $");
-
-#if HAVE_NDBM
-
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#elif defined(HAVE_DBM_H)
-#include <dbm.h>
-#endif
-
-struct ndbm_db {
-    DBM *db;
-    int lock_fd;
-};
-
-static krb5_error_code
-NDBM_destroy(krb5_context context, HDB *db)
-{
-    krb5_error_code ret;
-
-    ret = hdb_clear_master_key (context, db);
-    free(db->name);
-    free(db);
-    return 0;
-}
-
-static krb5_error_code
-NDBM_lock(krb5_context context, HDB *db, int operation)
-{
-    struct ndbm_db *d = db->db;
-    return hdb_lock(d->lock_fd, operation);
-}
-
-static krb5_error_code
-NDBM_unlock(krb5_context context, HDB *db)
-{
-    struct ndbm_db *d = db->db;
-    return hdb_unlock(d->lock_fd);
-}
-
-static krb5_error_code
-NDBM_seq(krb5_context context, HDB *db, 
-	 unsigned flags, hdb_entry *entry, int first)
-
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->db;
-    datum key, value;
-    krb5_data key_data, data;
-    krb5_error_code ret = 0;
-
-    if(first)
-	key = dbm_firstkey(d->db);
-    else
-	key = dbm_nextkey(d->db);
-    if(key.dptr == NULL)
-	return HDB_ERR_NOENTRY;
-    key_data.data = key.dptr;
-    key_data.length = key.dsize;
-    ret = db->lock(context, db, HDB_RLOCK);
-    if(ret) return ret;
-    value = dbm_fetch(d->db, key);
-    db->unlock(context, db);
-    data.data = value.dptr;
-    data.length = value.dsize;
-    if(hdb_value2entry(context, &data, entry))
-	return NDBM_seq(context, db, flags, entry, 0);
-    if (db->master_key_set && (flags & HDB_F_DECRYPT)) {
-	ret = hdb_unseal_keys (context, db, entry);
-	if (ret)
-	    hdb_free_entry (context, entry);
-    }
-    if (entry->principal == NULL) {
-	entry->principal = malloc (sizeof(*entry->principal));
-	if (entry->principal == NULL) {
-	    ret = ENOMEM;
-	    hdb_free_entry (context, entry);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	} else {
-	    hdb_key2principal (context, &key_data, entry->principal);
-	}
-    }
-    return ret;
-}
-
-
-static krb5_error_code
-NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    return NDBM_seq(context, db, flags, entry, 1);
-}
-
-
-static krb5_error_code
-NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
-{
-    return NDBM_seq(context, db, flags, entry, 0);
-}
-
-static krb5_error_code
-NDBM_rename(krb5_context context, HDB *db, const char *new_name)
-{
-    /* XXX this function will break */
-    struct ndbm_db *d = db->db;
-
-    int ret;
-    char *old_dir, *old_pag, *new_dir, *new_pag;
-    char *new_lock;
-    int lock_fd;
-
-    /* lock old and new databases */
-    ret = db->lock(context, db, HDB_WLOCK);
-    if(ret)
-	return ret;
-    asprintf(&new_lock, "%s.lock", new_name);
-    if(new_lock == NULL) {
-	db->unlock(context, db);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600);
-    if(lock_fd < 0) {
-	ret = errno;
-	db->unlock(context, db);
-	krb5_set_error_string(context, "open(%s): %s", new_lock,
-			      strerror(ret));
-	free(new_lock);
-	return ret;
-    }
-    free(new_lock);
-    ret = hdb_lock(lock_fd, HDB_WLOCK);
-    if(ret) {
-	db->unlock(context, db);
-	close(lock_fd);
-	return ret;
-    }
-
-    asprintf(&old_dir, "%s.dir", db->name);
-    asprintf(&old_pag, "%s.pag", db->name);
-    asprintf(&new_dir, "%s.dir", new_name);
-    asprintf(&new_pag, "%s.pag", new_name);
-
-    ret = rename(old_dir, new_dir) || rename(old_pag, new_pag);
-    free(old_dir);
-    free(old_pag);
-    free(new_dir);
-    free(new_pag);
-    hdb_unlock(lock_fd);
-    db->unlock(context, db);
-
-    if(ret) {
-	ret = errno;
-	close(lock_fd);
-	krb5_set_error_string(context, "rename: %s", strerror(ret));
-	return ret;
-    }
-
-    close(d->lock_fd);
-    d->lock_fd = lock_fd;
-    
-    free(db->name);
-    db->name = strdup(new_name);
-    return 0;
-}
-
-static krb5_error_code
-NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->db;
-    datum k, v;
-    int code;
-
-    k.dptr  = key.data;
-    k.dsize = key.length;
-    code = db->lock(context, db, HDB_RLOCK);
-    if(code)
-	return code;
-    v = dbm_fetch(d->db, k);
-    db->unlock(context, db);
-    if(v.dptr == NULL)
-	return HDB_ERR_NOENTRY;
-
-    krb5_data_copy(reply, v.dptr, v.dsize);
-    return 0;
-}
-
-static krb5_error_code
-NDBM__put(krb5_context context, HDB *db, int replace, 
-	krb5_data key, krb5_data value)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->db;
-    datum k, v;
-    int code;
-
-    k.dptr  = key.data;
-    k.dsize = key.length;
-    v.dptr  = value.data;
-    v.dsize = value.length;
-
-    code = db->lock(context, db, HDB_WLOCK);
-    if(code)
-	return code;
-    code = dbm_store(d->db, k, v, replace ? DBM_REPLACE : DBM_INSERT);
-    db->unlock(context, db);
-    if(code == 1)
-	return HDB_ERR_EXISTS;
-    if (code < 0)
-	return code;
-    return 0;
-}
-
-static krb5_error_code
-NDBM__del(krb5_context context, HDB *db, krb5_data key)
-{
-    struct ndbm_db *d = (struct ndbm_db *)db->db;
-    datum k;
-    int code;
-    krb5_error_code ret;
-
-    k.dptr = key.data;
-    k.dsize = key.length;
-    ret = db->lock(context, db, HDB_WLOCK);
-    if(ret) return ret;
-    code = dbm_delete(d->db, k);
-    db->unlock(context, db);
-    if(code < 0)
-	return errno;
-    return 0;
-}
-
-static krb5_error_code
-NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
-{
-    krb5_error_code ret;
-    struct ndbm_db *d = malloc(sizeof(*d));
-    char *lock_file;
-
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    asprintf(&lock_file, "%s.lock", (char*)db->name);
-    if(lock_file == NULL) {
-	free(d);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->db = dbm_open((char*)db->name, flags, mode);
-    if(d->db == NULL){
-	ret = errno;
-	free(d);
-	free(lock_file);
-	krb5_set_error_string(context, "dbm_open(%s): %s", db->name,
-			      strerror(ret));
-	return ret;
-    }
-    d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600);
-    if(d->lock_fd < 0){
-	ret = errno;
-	dbm_close(d->db);
-	free(d);
-	krb5_set_error_string(context, "open(%s): %s", lock_file,
-			      strerror(ret));
-	free(lock_file);
-	return ret;
-    }
-    free(lock_file);
-    db->db = d;
-    if((flags & O_ACCMODE) == O_RDONLY)
-	ret = hdb_check_db_format(context, db);
-    else
-	ret = hdb_init_db(context, db);
-    if(ret == HDB_ERR_NOENTRY)
-	return 0;
-    return ret;
-}
-
-static krb5_error_code
-NDBM_close(krb5_context context, HDB *db)
-{
-    struct ndbm_db *d = db->db;
-    dbm_close(d->db);
-    close(d->lock_fd);
-    free(d);
-    return 0;
-}
-
-krb5_error_code
-hdb_ndbm_create(krb5_context context, HDB **db, 
-		const char *filename)
-{
-    *db = malloc(sizeof(**db));
-    if (*db == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    (*db)->db = NULL;
-    (*db)->name = strdup(filename);
-    if ((*db)->name == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(*db);
-	*db = NULL;
-	return ENOMEM;
-    }
-    (*db)->master_key_set = 0;
-    (*db)->openp = 0;
-    (*db)->open = NDBM_open;
-    (*db)->close = NDBM_close;
-    (*db)->fetch = _hdb_fetch;
-    (*db)->store = _hdb_store;
-    (*db)->remove = _hdb_remove;
-    (*db)->firstkey = NDBM_firstkey;
-    (*db)->nextkey= NDBM_nextkey;
-    (*db)->lock = NDBM_lock;
-    (*db)->unlock = NDBM_unlock;
-    (*db)->rename = NDBM_rename;
-    (*db)->_get = NDBM__get;
-    (*db)->_put = NDBM__put;
-    (*db)->_del = NDBM__del;
-    (*db)->destroy = NDBM_destroy;
-    return 0;
-}
-
-#endif /* HAVE_NDBM */
diff --git a/crypto/heimdal/lib/hdb/print.c b/crypto/heimdal/lib/hdb/print.c
deleted file mode 100644
index 5ad172f7489d..000000000000
--- a/crypto/heimdal/lib/hdb/print.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Copyright (c) 1999-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "hdb_locl.h"
-#include <ctype.h>
-
-RCSID("$Id: print.c,v 1.8 2002/05/24 15:18:02 joda Exp $");
-
-/* 
-   This is the present contents of a dump line. This might change at
-   any time. Fields are separated by white space.
-
-  principal
-  keyblock
-  	kvno
-	keys...
-		mkvno
-		enctype
-		keyvalue
-		salt (- means use normal salt)
-  creation date and principal
-  modification date and principal
-  principal valid from date (not used)
-  principal valid end date (not used)
-  principal key expires (not used)
-  max ticket life
-  max renewable life
-  flags
-  generation number
-  */
-
-static krb5_error_code
-append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
-{
-    krb5_error_code ret;
-    char *s;
-    va_list ap;
-    va_start(ap, fmt);
-    vasprintf(&s, fmt, ap);
-    va_end(ap);
-    if(s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_write(sp, s, strlen(s));
-    free(s);
-    return ret;
-}
-
-static krb5_error_code
-append_hex(krb5_context context, krb5_storage *sp, krb5_data *data)
-{
-    int i, printable = 1;
-    char *p;
-
-    p = data->data;
-    for(i = 0; i < data->length; i++)
-	if(!isalnum((unsigned char)p[i]) && p[i] != '.'){
-	    printable = 0;
-	    break;
-	}
-    if(printable)
-	return append_string(context, sp, "\"%.*s\"",
-			     data->length, data->data);
-    for(i = 0; i < data->length; i++) 
-	append_string(context, sp, "%02x", ((unsigned char*)data->data)[i]);
-    return 0;
-}
-
-static char *
-time2str(time_t t)
-{
-    static char buf[128];
-    strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", gmtime(&t));
-    return buf;
-}
-
-static krb5_error_code
-append_event(krb5_context context, krb5_storage *sp, Event *ev)
-{
-    char *pr = NULL;
-    krb5_error_code ret;
-    if(ev == NULL)
-	return append_string(context, sp, "- ");
-    if (ev->principal != NULL) {
-       ret = krb5_unparse_name(context, ev->principal, &pr);
-       if(ret)
-           return ret;
-    }
-    ret = append_string(context, sp, "%s:%s ",
-			time2str(ev->time), pr ? pr : "UNKNOWN");
-    free(pr);
-    return ret;
-}
-
-static krb5_error_code
-entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
-{
-    char *p;
-    int i;
-    krb5_error_code ret;
-
-    /* --- principal */
-    ret = krb5_unparse_name(context, ent->principal, &p);
-    if(ret)
-	return ret;
-    append_string(context, sp, "%s ", p);
-    free(p);
-    /* --- kvno */
-    append_string(context, sp, "%d", ent->kvno);
-    /* --- keys */
-    for(i = 0; i < ent->keys.len; i++){
-	/* --- mkvno, keytype */
-	if(ent->keys.val[i].mkvno)
-	    append_string(context, sp, ":%d:%d:", 
-			  *ent->keys.val[i].mkvno, 
-			  ent->keys.val[i].key.keytype);
-	else
-	    append_string(context, sp, "::%d:", 
-			  ent->keys.val[i].key.keytype);
-	/* --- keydata */
-	append_hex(context, sp, &ent->keys.val[i].key.keyvalue);
-	append_string(context, sp, ":");
-	/* --- salt */
-	if(ent->keys.val[i].salt){
-	    append_string(context, sp, "%u/", ent->keys.val[i].salt->type);
-	    append_hex(context, sp, &ent->keys.val[i].salt->salt);
-	}else
-	    append_string(context, sp, "-");
-    }
-    append_string(context, sp, " ");
-    /* --- created by */
-    append_event(context, sp, &ent->created_by);
-    /* --- modified by */
-    append_event(context, sp, ent->modified_by);
-
-    /* --- valid start */
-    if(ent->valid_start)
-	append_string(context, sp, "%s ", time2str(*ent->valid_start));
-    else
-	append_string(context, sp, "- ");
-
-    /* --- valid end */
-    if(ent->valid_end)
-	append_string(context, sp, "%s ", time2str(*ent->valid_end));
-    else
-	append_string(context, sp, "- ");
-    
-    /* --- password ends */
-    if(ent->pw_end)
-	append_string(context, sp, "%s ", time2str(*ent->pw_end));
-    else
-	append_string(context, sp, "- ");
-
-    /* --- max life */
-    if(ent->max_life)
-	append_string(context, sp, "%d ", *ent->max_life);
-    else
-	append_string(context, sp, "- ");
-
-    /* --- max renewable life */
-    if(ent->max_renew)
-	append_string(context, sp, "%d ", *ent->max_renew);
-    else
-	append_string(context, sp, "- ");
-    
-    /* --- flags */
-    append_string(context, sp, "%d ", HDBFlags2int(ent->flags));
-
-    /* --- generation number */
-    if(ent->generation) {
-	append_string(context, sp, "%s:%d:%d", time2str(ent->generation->time),
-		      ent->generation->usec,
-		      ent->generation->gen);
-    } else
-	append_string(context, sp, "-");
-    
-    return 0;
-}
-
-krb5_error_code
-hdb_entry2string (krb5_context context, hdb_entry *ent, char **str)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_storage *sp;
-
-    sp = krb5_storage_emem();
-    if(sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = entry2string_int(context, sp, ent);
-    if(ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-
-    krb5_storage_write(sp, "\0", 1);
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    *str = data.data;
-    return 0;
-}
-
-/* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */
-
-krb5_error_code
-hdb_print_entry(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
-    krb5_error_code ret;
-    krb5_storage *sp;
-
-    FILE *f = data;
-
-    fflush(f);
-    sp = krb5_storage_from_fd(fileno(f));
-    if(sp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = entry2string_int(context, sp, entry);
-    if(ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-
-    krb5_storage_write(sp, "\n", 1);
-    krb5_storage_free(sp);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog
deleted file mode 100644
index 1879c19960e2..000000000000
--- a/crypto/heimdal/lib/kadm5/ChangeLog
+++ /dev/null
@@ -1,646 +0,0 @@
-2003-04-16  Love H�rnquist �strand <lha@it.su.se>
-
-	* send_recv.c: check return values from krb5_data_alloc
-	* log.c: check return values from krb5_data_alloc
-	
-2003-04-16  Love H�rnquist �strand <lha@it.su.se>
-
-	* dump_log.c (print_entry): check return values from
-	krb5_data_alloc
-
-2003-04-01  Love H�rnquist �strand <lha@it.su.se>
-
-	* init_c.c (kadm_connect): if a context realm was passed in, use
-	that to form the kadmin/admin principal
-	
-2003-03-19  Love H�rnquist �strand <lha@it.su.se>
-
-	* ipropd_master.c (main): make sure we don't consider dead slave
-	for select processing
-	(write_stats): use slave_stats_file variable, 
-	check return value of strftime
-	(args): allow specifying slave stats file
-	(slave_dead): close the fd when the slave dies
-
-2002-10-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c (from Derrick Brashear): Propagating a large
-	database without this means the slave kdcs can get erroneous
-	HDB_NOENTRY and return the resulting errors. This creates a new db
-	handle, populates it, and moves it into place.
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* ipropd_slave.c (receive_everything): type-correctness calling
-	_krb5_get_int
-
-	* context_s.c (find_db_spec): const-correctness in parameters to
-	krb5_config_get_next
-
-2002-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* private.h: rename header file flag macro
-
-	* Makefile.am: generate kadm5-{protos,private}.h
-
-2002-08-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: check return value of krb5_sockaddr2address
-
-2002-07-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c: handle slaves that come and go; add status
-	reporting (both from Love)
-
-	* iprop.h: KADM5_SLAVE_STATS
-
-2002-03-25  Jacques Vidrine  <n@nectar.com>
-
-	* init_c.c (get_cred_cache): bug fix: the default credentials
-	cache was not being used if a client name was specified.
-
-2002-03-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c (get_cred_cache): when getting the default_client from
-	the cred cache, make sure the instance part is "admin"; this
-	should require fewer uses of -p
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
-	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2
-
-2002-02-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c: we have to create our own param struct before
-	marshaling
-
-2001-09-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: link with LIB_pidfile
-
-	* iprop.h: include util.h for pidfile
-
-2001-08-31  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c (main): syslog with the correct name
-
-2001-08-30  Jacques Vidrine <n@nectar.com>
-
-	* ipropd_slave.c, ipropd_master.c (main): call pidfile
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (fetch_acl): do not return bogus flags and re-organize
-	function
-
-	* Makefile.am: rename variable name to avoid error from current
-	automake
-
-2001-08-13  Johan Danielsson  <joda@pdc.kth.se>
-
-	* set_keys.c: add easier afs configuration, defaulting to the
-	local realm in lower case; also try to remove duplicate salts
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add required library dependencies
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2
-
-2001-06-29  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c: call krb5_get_init_creds_opt_set_default_flags
-
-2001-02-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* replay_log.c: add --{start-end}-version flags to replay just
-	part of the log
-
-2001-02-15  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_master.c (main): fix select-loop to decrement ret
-	correctly.  from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump versions
-
-2000-12-31  Assar Westerlund  <assar@sics.se>
-
-	* init_s.c (*): handle krb5_init_context failure consistently
-	* init_c.c (init_context): handle krb5_init_context failure
-	consistently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0
-
-2000-11-16  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (make_keys): clean-up salting loop and try not to
-	leak memory
-
-	* ipropd_master.c (main): check for fd's being too large to select
-	on
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match
-
-2000-08-07  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_master.c (main): ignore SIGPIPE
-
-2000-08-06  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c (receive_everything): make `fd' an int instead of
-	a pointer.  From Derrick J Brashear <shadow@dementia.org>
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* admin.h: change void** to void*
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump versions to 7:0:0 and 6:0:2
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
-	and make a new that takes a context
-	(kadm5_log_nop): add logging of missing lengths
-	(kadm5_log_truncate): new function
-
-	* dump_log.c (print_entry): update and correct
-	* randkey_s.c: call _kadm5_bump_pw_expire
-	* truncate_log.c: new program for truncating the log
-	* Makefile.am (sbin_PROGRAMS): add truncate_log
-	(C_SOURCES): add bump_pw_expire.c
-	* bump_pw_expire.c: new function for extending password expiration
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys
-
-	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
-	functions
-
-	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
-	* Makefile.am (C_SOURCES): add keys.c
-	* init_c.c: remove unused variable and handle some parameters
-	being NULL
-
-2000-07-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: use krb5_read_priv_message
-
-	* ipropd_master.c: use krb5_{read,write}_priv_message
-
-	* init_c.c: use krb5_write_priv_message
-
-2000-07-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_slave.c: no need to call gethostname, since
-	sname_to_principal will
-
-	* send_recv.c: assert that we have a connected socket
-
-	* get_princs_c.c: call _kadm5_connect
-
-	* rename_c.c: call _kadm5_connect
-
-	* randkey_c.c: call _kadm5_connect
-
-	* privs_c.c: call _kadm5_connect
-
-	* modify_c.c: call _kadm5_connect
-
-	* get_c.c: call _kadm5_connect
-
-	* delete_c.c: call _kadm5_connect
-
-	* create_c.c: call _kadm5_connect
-
-	* chpass_c.c: call _kadm5_connect
-
-	* private.h: add more fields to client context; remove prototypes
-
-	* admin.h: remove prototypes
-
-	* kadm5-protos.h: move public prototypes here
-
-	* kadm5-private.h: move private prototypes here
-
-	* init_c.c: break out connection code to separate function, and
-	defer calling it until we actually do something
-
-2000-07-07  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
-	backwards compatability
-
-2000-06-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
-	adaptable to different salts
-	
-2000-06-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* get_s.c: pa_* -> KRB5_PADATA_*
-
-2000-06-16  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c: change default keytab to default keytab (as in
-	typically FILE:/etc/krb5.keytab)
-
-2000-06-08  Assar Westerlund  <assar@sics.se>
-
-	* ipropd_slave.c: bug fixes, for actually writing the full dump to
-	the database.  based on a patch from Love <lha@stacken.kth.se>
-
-2000-06-07  Assar Westerlund  <assar@sics.se>
-
-	* acl.c: add support for patterns of principals
-	* log.c (kadm5_log_replay_create): handle more NULL pointers
-	(should they really happen?)
-	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
-	max_renew == NULL
-
-	* ipropd_master.c: use syslog.  be less verbose
-	* ipropd_slave.c: use syslog
-
-2000-06-05  Assar Westerlund  <assar@sics.se>
-
-	* private.h (kadm_ops): add kadm_nop more prototypes
-	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
-	kadm5_log_replay_nop): add
-	* ipropd_slave.c: and some more improvements
-	* ipropd_master.c: lots of improvements
-	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
-	(iprop_cmd): add new commands
-
-	* dump_log.c: add nop
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1
-
-2000-05-12  Assar Westerlund  <assar@sics.se>
-
-	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
-	fallback.  handle not having any creator.
-	* destroy_s.c (kadm5_s_destroy): free all allocated memory
-	* context_s.c (set_field): free variable if it's already set
-	(find_db_spec): malloc space for all strings
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (LDADD): add LIB_openldap
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
-	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1
-
-2000-03-24  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys2): rewrite
-	(_kadm5_set_keys3): add
-
-	* private.h (struct kadm_func): add chpass_principal_with_key
-	* init_c.c (set_funcs): add chpass_principal_with_key
-
-2000-03-23  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (set_funcs): add chpass_principal_with_key
-	* common_glue.c (kadm5_chpass_principal_with_key): add
-	* chpass_s.c: comment-ize and change calling convention for
-	_kadm5_set_keys*
-	* chpass_c.c (kadm5_c_chpass_principal_with_key): add
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0
-
-2000-01-28  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_new_cache): make sure to request non-forwardable,
-	non-proxiable
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5srv.la): bump version to 5:1:0
-
-	* context_s.c (_kadm5_s_init_context): handle params == NULL
-
-1999-12-26  Assar Westerlund  <assar@sics.se>
-
-	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
- 	== NULL
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
-
-	* init_c.c (_kadm5_c_init_context): handle getting back port
- 	number from admin host
-	(kadm5_c_init_with_context): remove `proto/' part before doing
-	getaddrinfo()
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 5:0:0 and 4:0:0
-
-	* init_c.c (kadm5_c_init_with_context): don't use unitialized
- 	stuff
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* replay_log.c: adapt to changed kadm5_log_foreach
-
-	* log.c (kadm5_log_foreach): change to take a
- 	`kadm5_server_context'
-
-	* init_c.c: use krb5_warn{,x}
-
-	* dump_log.c: adapt to changed kadm5_log_foreach
-
-	* init_c.c: re-write to use getaddrinfo
-	* Makefile.am (install-build-headers): add dependency
-	
-1999-12-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* log.c (kadm5_log_foreach): pass context
-
-	* dump_log.c: print more interesting things
-
-1999-12-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ipropd_master.c (process_msg): check for short reads
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* modify_s.c (kadm5_s_modify_principal): support key_data
-	(kadm5_s_modify_principal_with_key): remove
-
-	* admin.h (kadm5_s_modify_principal_with_key): remove
-
-1999-11-20  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (find_db_spec): ugly cast work-around.
-
-1999-11-14  Assar Westerlund  <assar@sics.se>
-
-	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
- 	that we aren't dependent on the layout of krb5_context_data
-	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
- 	we aren't dependent on the layout of krb5_context_data
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* password_quality.c (kadm5_setup_passwd_quality_check): use
-	correct types for function pointers
-	
-1999-11-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* randkey_s.c: always bail out if the fetch fails
-
-	* admin.h (kadm5_config_params): remove fields we're not using
-
-	* ipropd_slave.c: allow passing a realm
-
-	* ipropd_master.c: allow passing a realm
-
-	* dump_log.c: allow passing a realm
-
-	* acl.c: correctly get acl file
-
-	* private.h (kadm5_server_context): add config_params struct and
-	remove acl_file; bump protocol version number
-
-	* marshall.c: marshalling of config parameters
-
-	* init_c.c (kadm5_c_init_with_context): try to cope with old
-	servers
-
-	* init_s.c (kadm5_s_init_with_context): actually use some passed
-	values
-
-	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
-	stash_file from the config parameters, try to figure out these if
-	they're not provided
-
-1999-11-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (install-build-headers): use `cp' instead of
- 	INSTALL_DATA
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
- 	directly in libkrb5's context - bad functions)
-
-	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
- 	the copied keys
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
- 	quality functions).
- 	set version of kdam5clnt to 2:1:1 (no interface changes)
-
-	* Makefile.am (LDADD): add $(LIB_dlopen)
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* randkey_s.c (kadm5_s_randkey_principal): use
- 	_kadm5_set_keys_randomly
-
-	* set_keys.c (free_keys): free more memory
-	(_kadm5_set_keys): a little bit more generic
-	(_kadm5_set_keys_randomly): new function for setting random keys.
-
-1999-10-14  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
- 	ones and always add 3 DES keys and one 3DES key
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
-  	check return value from strdup
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
- 	strlcpy
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* dump_log.c: remove unused `optind'
-
-	* replay_log.c: remove unused `optind'
-
-1999-09-13  Assar Westerlund  <assar@sics.se>
-
-	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv
-
-	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
- 	so that we avoid copying it and don't need to dimension in
- 	advance.  change all callers.
-
-1999-09-10  Assar Westerlund  <assar@sics.se>
-
-	* password_quality.c: new file
-
-	* admin.h
- 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
- 	add prototypes
-
-	* Makefile.am (S_SOURCES): add password_quality.c
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: update versions to 2:0:1
-
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
- 	and pw_expiration == 0 mean never
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* log.c (kadm5_log_flush): extra cast
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* marshall.c (store_principal_ent): encoding princ_expire_time and
- 	pw_expiration in correct order
-
-1999-06-28  Assar Westerlund  <assar@sics.se>
-
-	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
- 	otherwise hdb will think that the new random keys are already
- 	encrypted which will cause lots of confusion later.
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
- 	correctly.  From Michal Vocu <michal@karlin.mff.cuni.cz>
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_cred_cache): use get_default_username
-
-1999-05-23  Assar Westerlund  <assar@sics.se>
-
-	* create_s.c (create_principal): if there's no default entry the
-	mask should be zero.
-
-1999-05-21  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_cred_cache): use $USERNAME
-
-1999-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* init_c.c (get_cred_cache): figure out principal
-
-1999-05-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* send_recv.c: cleanup _kadm5_client_{send,recv}
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* set_keys.c (_kadm5_set_keys2): don't check the recently created
- 	memory for NULL pointers
-
-	* private.h (_kadm5_setup_entry): change prototype
-
-	* modify_s.c: call new _kadm5_setup_entry
-
-	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
- 	masks, one for what bits to set and one for each of principal and
- 	def containing the bits that are set there.
-
-	* create_s.c: call new _kadm5_setup_entry
-
-	* create_s.c (get_default): check return value
-	(create_principal): send wider mask to _kadm5_setup_entry
-
-1999-05-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
-	packets, check for errors
-
-	* get_c.c: check for failure from _kadm5_client_{send,recv}
-
-1999-05-04  Assar Westerlund  <assar@sics.se>
-
-	* init_c.c (get_new_cache): don't abort when interrupted from
- 	password prompt
-	
-	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
- 	auth context
-
-1999-05-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* chpass_s.c: fix arguments to _kadm5_set_keys2
-
-	* private.h: proto
-
-	* set_keys.c: clear mkvno
-
-	* rename_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* randkey_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* modify_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* log.c: add flags to fetch and store; seal keys before logging
-
-	* get_s.c: add flags to fetch and store; seal keys before logging
-
-	* get_princs_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* delete_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* create_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* chpass_s.c: add flags to fetch and store; seal keys before
-	logging
-
-	* Makefile.am: remove server.c
-
-	* admin.h: add prototypes
-
-	* ent_setup.c (_kadm5_setup_entry): set key_data
-
-	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data
-
-	* modify_s.c: add kadm5_s_modify_principal_with_key
-
-	* create_s.c: add kadm5_s_create_principal_with_key
-
-	* chpass_s.c: add kadm5_s_chpass_principal_with_key
-
-	* kadm5_locl.h: move stuff to private.h
-
-	* private.h: move stuff from kadm5_locl.h
-	
diff --git a/crypto/heimdal/lib/kadm5/Makefile b/crypto/heimdal/lib/kadm5/Makefile
deleted file mode 100644
index e0503c952937..000000000000
--- a/crypto/heimdal/lib/kadm5/Makefile
+++ /dev/null
@@ -1,880 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/kadm5/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.51 2002/08/16 20:57:09 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 7:5:0
-libkadm5clnt_la_LDFLAGS = -version-info 6:3:2
-sbin_PROGRAMS = dump_log replay_log truncate_log
-
-libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la
-libkadm5clnt_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la
-
-libexec_PROGRAMS = ipropd-master ipropd-slave
-
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-
-kadm5include_HEADERS = kadm5_err.h admin.h private.h \
-	kadm5-protos.h kadm5-private.h
-
-
-SOURCES_client = \
-	admin.h					\
-	chpass_c.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_err.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c
-
-
-SOURCES_server = \
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_err.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	password_quality.c
-
-
-libkadm5srv_la_SOURCES = $(SOURCES_server) server_glue.c
-libkadm5clnt_la_SOURCES = $(SOURCES_client) client_glue.c
-
-dump_log_SOURCES = dump_log.c kadm5_locl.h
-
-replay_log_SOURCES = replay_log.c kadm5_locl.h
-
-ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h
-
-ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h
-
-truncate_log_SOURCES = truncate_log.c
-
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-
-CLEANFILES = kadm5_err.c kadm5_err.h
-
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-subdir = lib/kadm5
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libkadm5clnt_la_DEPENDENCIES = ../krb5/libkrb5.la ../hdb/libhdb.la \
-	../roken/libroken.la
-am__objects_1 = chpass_c.lo common_glue.lo create_c.lo delete_c.lo \
-	destroy_c.lo flush_c.lo free.lo get_c.lo get_princs_c.lo \
-	init_c.lo kadm5_err.lo marshall.lo modify_c.lo privs_c.lo \
-	randkey_c.lo rename_c.lo send_recv.lo
-am_libkadm5clnt_la_OBJECTS = $(am__objects_1) client_glue.lo
-libkadm5clnt_la_OBJECTS = $(am_libkadm5clnt_la_OBJECTS)
-libkadm5srv_la_DEPENDENCIES = ../krb5/libkrb5.la ../hdb/libhdb.la \
-	../roken/libroken.la
-am__objects_2 = acl.lo bump_pw_expire.lo chpass_s.lo common_glue.lo \
-	context_s.lo create_s.lo delete_s.lo destroy_s.lo ent_setup.lo \
-	error.lo flush_s.lo free.lo get_princs_s.lo get_s.lo init_s.lo \
-	kadm5_err.lo keys.lo log.lo marshall.lo modify_s.lo privs_s.lo \
-	randkey_s.lo rename_s.lo set_keys.lo set_modifier.lo \
-	password_quality.lo
-am_libkadm5srv_la_OBJECTS = $(am__objects_2) server_glue.lo
-libkadm5srv_la_OBJECTS = $(am_libkadm5srv_la_OBJECTS)
-libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT)
-sbin_PROGRAMS = dump_log$(EXEEXT) replay_log$(EXEEXT) \
-	truncate_log$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(sbin_PROGRAMS)
-
-am_dump_log_OBJECTS = dump_log.$(OBJEXT)
-dump_log_OBJECTS = $(am_dump_log_OBJECTS)
-dump_log_LDADD = $(LDADD)
-dump_log_DEPENDENCIES = libkadm5srv.la $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-dump_log_LDFLAGS =
-am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT)
-ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS)
-ipropd_master_LDADD = $(LDADD)
-ipropd_master_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-ipropd_master_LDFLAGS =
-am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT)
-ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS)
-ipropd_slave_LDADD = $(LDADD)
-ipropd_slave_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-ipropd_slave_LDFLAGS =
-am_replay_log_OBJECTS = replay_log.$(OBJEXT)
-replay_log_OBJECTS = $(am_replay_log_OBJECTS)
-replay_log_LDADD = $(LDADD)
-replay_log_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-replay_log_LDFLAGS =
-am_truncate_log_OBJECTS = truncate_log.$(OBJEXT)
-truncate_log_OBJECTS = $(am_truncate_log_OBJECTS)
-truncate_log_LDADD = $(LDADD)
-truncate_log_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-truncate_log_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-	$(dump_log_SOURCES) $(ipropd_master_SOURCES) \
-	$(ipropd_slave_SOURCES) $(replay_log_SOURCES) \
-	$(truncate_log_SOURCES)
-HEADERS = $(kadm5include_HEADERS)
-
-DIST_COMMON = $(kadm5include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) $(dump_log_SOURCES) $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) $(replay_log_SOURCES) $(truncate_log_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/kadm5/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkadm5clnt_la_LDFLAGS) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS)
-libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkadm5srv_la_LDFLAGS) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-dump_log$(EXEEXT): $(dump_log_OBJECTS) $(dump_log_DEPENDENCIES) 
-	@rm -f dump_log$(EXEEXT)
-	$(LINK) $(dump_log_LDFLAGS) $(dump_log_OBJECTS) $(dump_log_LDADD) $(LIBS)
-ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES) 
-	@rm -f ipropd-master$(EXEEXT)
-	$(LINK) $(ipropd_master_LDFLAGS) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS)
-ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES) 
-	@rm -f ipropd-slave$(EXEEXT)
-	$(LINK) $(ipropd_slave_LDFLAGS) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS)
-replay_log$(EXEEXT): $(replay_log_OBJECTS) $(replay_log_DEPENDENCIES) 
-	@rm -f replay_log$(EXEEXT)
-	$(LINK) $(replay_log_LDFLAGS) $(replay_log_OBJECTS) $(replay_log_LDADD) $(LIBS)
-truncate_log$(EXEEXT): $(truncate_log_OBJECTS) $(truncate_log_DEPENDENCIES) 
-	@rm -f truncate_log$(EXEEXT)
-	$(LINK) $(truncate_log_LDFLAGS) $(truncate_log_OBJECTS) $(truncate_log_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-kadm5includeHEADERS: $(kadm5include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(kadm5includedir)
-	@list='$(kadm5include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(kadm5includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(kadm5includedir)/$$f"; \
-	  $(kadm5includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(kadm5includedir)/$$f; \
-	done
-
-uninstall-kadm5includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(kadm5include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(kadm5includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(kadm5includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(kadm5includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-kadm5includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \
-	install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-kadm5includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
-	uninstall-sbinPROGRAMS
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-info install-info-am install-kadm5includeHEADERS \
-	install-libLTLIBRARIES install-libexecPROGRAMS install-man \
-	install-sbinPROGRAMS install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am uninstall-kadm5includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-install-build-headers:: $(kadm5include_HEADERS)
-	@foo='$(kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am
deleted file mode 100644
index 9b0c49d920b4..000000000000
--- a/crypto/heimdal/lib/kadm5/Makefile.am
+++ /dev/null
@@ -1,135 +0,0 @@
-# $Id: Makefile.am,v 1.51.6.1 2003/05/12 15:20:46 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 7:6:0
-libkadm5clnt_la_LDFLAGS = -version-info 6:4:2
-sbin_PROGRAMS = dump_log replay_log truncate_log
-
-libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la
-libkadm5clnt_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la
-
-libexec_PROGRAMS = ipropd-master ipropd-slave
-
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-
-kadm5include_HEADERS = kadm5_err.h admin.h private.h \
-	kadm5-protos.h kadm5-private.h
-
-install-build-headers:: $(kadm5include_HEADERS)
-	@foo='$(kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-SOURCES_client =				\
-	admin.h					\
-	chpass_c.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_err.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c
-
-SOURCES_server =					\
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_err.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	password_quality.c
-
-libkadm5srv_la_SOURCES = $(SOURCES_server) server_glue.c
-libkadm5clnt_la_SOURCES = $(SOURCES_client) client_glue.c
-
-dump_log_SOURCES = dump_log.c kadm5_locl.h
-
-replay_log_SOURCES = replay_log.c kadm5_locl.h
-
-ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h
-
-ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h
-
-truncate_log_SOURCES = truncate_log.c
-
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-CLEANFILES = kadm5_err.c kadm5_err.h
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in
deleted file mode 100644
index 22b3a55f7023..000000000000
--- a/crypto/heimdal/lib/kadm5/Makefile.in
+++ /dev/null
@@ -1,872 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.51.6.1 2003/05/12 15:20:46 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
-libkadm5srv_la_LDFLAGS = -version-info 7:6:0
-libkadm5clnt_la_LDFLAGS = -version-info 6:4:2
-sbin_PROGRAMS = dump_log replay_log truncate_log
-
-libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la
-libkadm5clnt_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la
-
-libexec_PROGRAMS = ipropd-master ipropd-slave
-
-kadm5includedir = $(includedir)/kadm5
-buildkadm5include = $(buildinclude)/kadm5
-
-kadm5include_HEADERS = kadm5_err.h admin.h private.h \
-	kadm5-protos.h kadm5-private.h
-
-
-SOURCES_client = \
-	admin.h					\
-	chpass_c.c				\
-	common_glue.c				\
-	create_c.c				\
-	delete_c.c				\
-	destroy_c.c				\
-	flush_c.c				\
-	free.c					\
-	get_c.c					\
-	get_princs_c.c				\
-	init_c.c				\
-	kadm5_err.c				\
-	kadm5_locl.h				\
-	marshall.c				\
-	modify_c.c				\
-	private.h				\
-	privs_c.c				\
-	randkey_c.c				\
-	rename_c.c				\
-	send_recv.c
-
-
-SOURCES_server = \
-	acl.c					\
-	admin.h					\
-	bump_pw_expire.c			\
-	chpass_s.c				\
-	common_glue.c				\
-	context_s.c				\
-	create_s.c				\
-	delete_s.c				\
-	destroy_s.c				\
-	ent_setup.c				\
-	error.c					\
-	flush_s.c				\
-	free.c					\
-	get_princs_s.c				\
-	get_s.c					\
-	init_s.c				\
-	kadm5_err.c				\
-	kadm5_locl.h				\
-	keys.c					\
-	log.c					\
-	marshall.c				\
-	modify_s.c				\
-	private.h				\
-	privs_s.c				\
-	randkey_s.c				\
-	rename_s.c				\
-	set_keys.c				\
-	set_modifier.c				\
-	password_quality.c
-
-
-libkadm5srv_la_SOURCES = $(SOURCES_server) server_glue.c
-libkadm5clnt_la_SOURCES = $(SOURCES_client) client_glue.c
-
-dump_log_SOURCES = dump_log.c kadm5_locl.h
-
-replay_log_SOURCES = replay_log.c kadm5_locl.h
-
-ipropd_master_SOURCES = ipropd_master.c iprop.h kadm5_locl.h
-
-ipropd_slave_SOURCES = ipropd_slave.c iprop.h kadm5_locl.h
-
-truncate_log_SOURCES = truncate_log.c
-
-LDADD = \
-	libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(LIB_openldap) \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_des) \
-	$(LIB_roken) \
-	$(DBLIB) \
-	$(LIB_dlopen) \
-	$(LIB_pidfile)
-
-
-CLEANFILES = kadm5_err.c kadm5_err.h
-
-proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
-subdir = lib/kadm5
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libkadm5clnt_la_DEPENDENCIES = ../krb5/libkrb5.la ../hdb/libhdb.la \
-	../roken/libroken.la
-am__objects_9 = chpass_c.lo common_glue.lo create_c.lo delete_c.lo \
-	destroy_c.lo flush_c.lo free.lo get_c.lo get_princs_c.lo \
-	init_c.lo kadm5_err.lo marshall.lo modify_c.lo privs_c.lo \
-	randkey_c.lo rename_c.lo send_recv.lo
-am_libkadm5clnt_la_OBJECTS = $(am__objects_9) client_glue.lo
-libkadm5clnt_la_OBJECTS = $(am_libkadm5clnt_la_OBJECTS)
-libkadm5srv_la_DEPENDENCIES = ../krb5/libkrb5.la ../hdb/libhdb.la \
-	../roken/libroken.la
-am__objects_10 = acl.lo bump_pw_expire.lo chpass_s.lo common_glue.lo \
-	context_s.lo create_s.lo delete_s.lo destroy_s.lo ent_setup.lo \
-	error.lo flush_s.lo free.lo get_princs_s.lo get_s.lo init_s.lo \
-	kadm5_err.lo keys.lo log.lo marshall.lo modify_s.lo privs_s.lo \
-	randkey_s.lo rename_s.lo set_keys.lo set_modifier.lo \
-	password_quality.lo
-am_libkadm5srv_la_OBJECTS = $(am__objects_10) server_glue.lo
-libkadm5srv_la_OBJECTS = $(am_libkadm5srv_la_OBJECTS)
-libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT)
-sbin_PROGRAMS = dump_log$(EXEEXT) replay_log$(EXEEXT) \
-	truncate_log$(EXEEXT)
-PROGRAMS = $(libexec_PROGRAMS) $(sbin_PROGRAMS)
-
-am_dump_log_OBJECTS = dump_log.$(OBJEXT)
-dump_log_OBJECTS = $(am_dump_log_OBJECTS)
-dump_log_LDADD = $(LDADD)
-dump_log_DEPENDENCIES = libkadm5srv.la $(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-dump_log_LDFLAGS =
-am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT)
-ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS)
-ipropd_master_LDADD = $(LDADD)
-ipropd_master_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-ipropd_master_LDFLAGS =
-am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT)
-ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS)
-ipropd_slave_LDADD = $(LDADD)
-ipropd_slave_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-ipropd_slave_LDFLAGS =
-am_replay_log_OBJECTS = replay_log.$(OBJEXT)
-replay_log_OBJECTS = $(am_replay_log_OBJECTS)
-replay_log_LDADD = $(LDADD)
-replay_log_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-replay_log_LDFLAGS =
-am_truncate_log_OBJECTS = truncate_log.$(OBJEXT)
-truncate_log_OBJECTS = $(am_truncate_log_OBJECTS)
-truncate_log_LDADD = $(LDADD)
-truncate_log_DEPENDENCIES = libkadm5srv.la \
-	$(top_builddir)/lib/hdb/libhdb.la \
-	$(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-truncate_log_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-	$(dump_log_SOURCES) $(ipropd_master_SOURCES) \
-	$(ipropd_slave_SOURCES) $(replay_log_SOURCES) \
-	$(truncate_log_SOURCES)
-HEADERS = $(kadm5include_HEADERS)
-
-DIST_COMMON = $(kadm5include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) $(dump_log_SOURCES) $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) $(replay_log_SOURCES) $(truncate_log_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/kadm5/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkadm5clnt_la_LDFLAGS) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS)
-libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkadm5srv_la_LDFLAGS) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS)
-libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libexecdir)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
-	  rm -f $(DESTDIR)$(libexecdir)/$$f; \
-	done
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(sbindir)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \
-	  rm -f $(DESTDIR)$(sbindir)/$$f; \
-	done
-
-clean-sbinPROGRAMS:
-	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
-dump_log$(EXEEXT): $(dump_log_OBJECTS) $(dump_log_DEPENDENCIES) 
-	@rm -f dump_log$(EXEEXT)
-	$(LINK) $(dump_log_LDFLAGS) $(dump_log_OBJECTS) $(dump_log_LDADD) $(LIBS)
-ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES) 
-	@rm -f ipropd-master$(EXEEXT)
-	$(LINK) $(ipropd_master_LDFLAGS) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS)
-ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES) 
-	@rm -f ipropd-slave$(EXEEXT)
-	$(LINK) $(ipropd_slave_LDFLAGS) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS)
-replay_log$(EXEEXT): $(replay_log_OBJECTS) $(replay_log_DEPENDENCIES) 
-	@rm -f replay_log$(EXEEXT)
-	$(LINK) $(replay_log_LDFLAGS) $(replay_log_OBJECTS) $(replay_log_LDADD) $(LIBS)
-truncate_log$(EXEEXT): $(truncate_log_OBJECTS) $(truncate_log_DEPENDENCIES) 
-	@rm -f truncate_log$(EXEEXT)
-	$(LINK) $(truncate_log_LDFLAGS) $(truncate_log_OBJECTS) $(truncate_log_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-kadm5includeHEADERS: $(kadm5include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(kadm5includedir)
-	@list='$(kadm5include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(kadm5includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(kadm5includedir)/$$f"; \
-	  $(kadm5includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(kadm5includedir)/$$f; \
-	done
-
-uninstall-kadm5includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(kadm5include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(kadm5includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(kadm5includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(libexecdir) $(DESTDIR)$(sbindir) $(DESTDIR)$(kadm5includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-kadm5includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \
-	install-sbinPROGRAMS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-kadm5includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
-	uninstall-sbinPROGRAMS
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libexecPROGRAMS \
-	clean-libtool clean-sbinPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-kadm5includeHEADERS \
-	install-libLTLIBRARIES install-libexecPROGRAMS install-man \
-	install-sbinPROGRAMS install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-info-am uninstall-kadm5includeHEADERS \
-	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
-	uninstall-sbinPROGRAMS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-install-build-headers:: $(kadm5include_HEADERS)
-	@foo='$(kadm5include_HEADERS)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo "cp $$file $(buildkadm5include)/$$f";\
-			cp $$file $(buildkadm5include)/$$f; \
-		fi ; \
-	done
-
-$(libkadm5srv_la_OBJECTS): kadm5_err.h
-
-client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
-
-# to help stupid solaris make
-
-kadm5_err.h: kadm5_err.et
-
-$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
-$(srcdir)/kadm5-protos.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-o kadm5-protos.h \
-		$(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-protos.h
-
-$(srcdir)/kadm5-private.h:
-	cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
-		-p kadm5-private.h \
-		$(libkadm5clnt_la_SOURCES) $(libkadm5srv_la_SOURCES) \
-		|| rm -f kadm5-private.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c
deleted file mode 100644
index 6240588f686a..000000000000
--- a/crypto/heimdal/lib/kadm5/acl.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: acl.c,v 1.13 2001/08/24 04:01:42 assar Exp $");
-
-static struct units acl_units[] = {
-    { "all",		KADM5_PRIV_ALL },
-    { "change-password",KADM5_PRIV_CPW },
-    { "cpw",		KADM5_PRIV_CPW },
-    { "list",		KADM5_PRIV_LIST },
-    { "delete",		KADM5_PRIV_DELETE },
-    { "modify",		KADM5_PRIV_MODIFY },
-    { "add",		KADM5_PRIV_ADD },
-    { "get", 		KADM5_PRIV_GET },
-    { NULL }
-};
-
-kadm5_ret_t
-_kadm5_string_to_privs(const char *s, u_int32_t* privs)
-{
-    int flags;
-    flags = parse_flags(s, acl_units, 0);
-    if(flags < 0)
-	return KADM5_FAILURE;
-    *privs = flags;
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_privs_to_string(u_int32_t privs, char *string, size_t len)
-{
-    if(privs == 0)
-	strlcpy(string, "none", len);
-    else
-	unparse_flags(privs, acl_units + 1, string, len);
-    return 0;
-}
-
-/*
- * retrieve the right for the current caller on `princ' (NULL means all)
- * and store them in `ret_flags'
- * return 0 or an error.
- */
-
-static kadm5_ret_t
-fetch_acl (kadm5_server_context *context,
-	   krb5_const_principal princ,
-	   unsigned *ret_flags)
-{
-    FILE *f;
-    krb5_error_code ret = 0;
-    char buf[256];
-
-    *ret_flags = 0;
-
-    /* no acl file -> no rights */
-    f = fopen(context->config.acl_file, "r");
-    if (f == NULL)
-	return 0;
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	char *foo = NULL, *p;
-	krb5_principal this_princ;
-	unsigned flags = 0;
-
-	p = strtok_r(buf, " \t\n", &foo);
-	if(p == NULL)
-	    continue;
-	if (*p == '#')		/* comment */
-	    continue;
-	ret = krb5_parse_name(context->context, p, &this_princ);
-	if(ret)
-	    break;
-	if(!krb5_principal_compare(context->context, 
-				   context->caller, this_princ)) {
-	    krb5_free_principal(context->context, this_princ);
-	    continue;
-	}
-	krb5_free_principal(context->context, this_princ);
-	p = strtok_r(NULL, " \t\n", &foo);
-	if(p == NULL)
-	    continue;
-	ret = _kadm5_string_to_privs(p, &flags);
-	if (ret)
-	    break;
-	p = strtok_r(NULL, "\n", &foo);
-	if (p == NULL) {
-	    *ret_flags = flags;
-	    break;
-	}
-	if (princ != NULL) {
-	    krb5_principal pattern_princ;
-	    krb5_boolean match;
-
-	    ret = krb5_parse_name (context->context, p, &pattern_princ);
-	    if (ret)
-		break;
-	    match = krb5_principal_match (context->context,
-					  princ, pattern_princ);
-	    krb5_free_principal (context->context, pattern_princ);
-	    if (match) {
-		*ret_flags = flags;
-		break;
-	    }
-	}
-    }
-    fclose(f);
-    return ret;
-}
-
-/*
- * set global acl flags in `context' for the current caller.
- * return 0 on success or an error
- */
-
-kadm5_ret_t
-_kadm5_acl_init(kadm5_server_context *context)
-{
-    krb5_principal princ;
-    krb5_error_code ret;
-    
-    ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ);
-    if (ret)
-	return ret;
-    ret = krb5_principal_compare(context->context, context->caller, princ);
-    krb5_free_principal(context->context, princ);
-    if(ret != 0) {
-	context->acl_flags = KADM5_PRIV_ALL;
-	return 0;
-    }
-
-    return fetch_acl (context, NULL, &context->acl_flags);
-}
-
-/*
- * check if `flags' allows `op'
- * return 0 if OK or an error
- */
-
-static kadm5_ret_t
-check_flags (unsigned op,
-	     unsigned flags)
-{
-    unsigned res = ~flags & op;
-
-    if(res & KADM5_PRIV_GET)
-	return KADM5_AUTH_GET;
-    if(res & KADM5_PRIV_ADD)
-	return KADM5_AUTH_ADD;
-    if(res & KADM5_PRIV_MODIFY)
-	return KADM5_AUTH_MODIFY;
-    if(res & KADM5_PRIV_DELETE)
-	return KADM5_AUTH_DELETE;
-    if(res & KADM5_PRIV_CPW)
-	return KADM5_AUTH_CHANGEPW;
-    if(res & KADM5_PRIV_LIST)
-	return KADM5_AUTH_LIST;
-    if(res)
-	return KADM5_AUTH_INSUFFICIENT;
-    return 0;
-}
-
-/*
- * return 0 if the current caller in `context' is allowed to perform
- * `op' on `princ' and otherwise an error
- * princ == NULL if it's not relevant.
- */
-
-kadm5_ret_t
-_kadm5_acl_check_permission(kadm5_server_context *context,
-			    unsigned op,
-			    krb5_const_principal princ)
-{
-    kadm5_ret_t ret;
-    unsigned princ_flags;
-
-    ret = check_flags (op, context->acl_flags);
-    if (ret == 0)
-	return ret;
-    ret = fetch_acl (context, princ, &princ_flags);
-    if (ret)
-	return ret;
-    return check_flags (op, princ_flags);
-}
diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h
deleted file mode 100644
index d9bd85f9638e..000000000000
--- a/crypto/heimdal/lib/kadm5/admin.h
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: admin.h,v 1.18 2000/08/04 11:26:21 joda Exp $ */
-
-#ifndef __KADM5_ADMIN_H__
-#define __KADM5_ADMIN_H__
-
-#define KADM5_API_VERSION_1 1
-#define KADM5_API_VERSION_2 2
-
-#ifndef USE_KADM5_API_VERSION
-#define USE_KADM5_API_VERSION KADM5_API_VERSION_2
-#endif
-
-#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
-#error No support for API versions other than 2
-#endif
-
-#define KADM5_STRUCT_VERSION 0
-
-#include <krb5.h>
-
-#define KRB5_KDB_DISALLOW_POSTDATED	0x00000001
-#define KRB5_KDB_DISALLOW_FORWARDABLE	0x00000002
-#define KRB5_KDB_DISALLOW_TGT_BASED	0x00000004
-#define KRB5_KDB_DISALLOW_RENEWABLE	0x00000008
-#define KRB5_KDB_DISALLOW_PROXIABLE	0x00000010
-#define KRB5_KDB_DISALLOW_DUP_SKEY	0x00000020
-#define KRB5_KDB_DISALLOW_ALL_TIX	0x00000040
-#define KRB5_KDB_REQUIRES_PRE_AUTH	0x00000080
-#define KRB5_KDB_REQUIRES_HW_AUTH	0x00000100
-#define KRB5_KDB_REQUIRES_PWCHANGE	0x00000200
-#define KRB5_KDB_DISALLOW_SVR		0x00001000
-#define KRB5_KDB_PWCHANGE_SERVICE	0x00002000
-#define KRB5_KDB_SUPPORT_DESMD5		0x00004000
-#define KRB5_KDB_NEW_PRINC		0x00008000
-
-#define KADM5_PRINCIPAL		0x000001
-#define KADM5_PRINC_EXPIRE_TIME	0x000002
-#define KADM5_PW_EXPIRATION	0x000004
-#define KADM5_LAST_PWD_CHANGE	0x000008
-#define KADM5_ATTRIBUTES	0x000010
-#define KADM5_MAX_LIFE		0x000020
-#define KADM5_MOD_TIME		0x000040
-#define KADM5_MOD_NAME		0x000080
-#define KADM5_KVNO		0x000100
-#define KADM5_MKVNO		0x000200
-#define KADM5_AUX_ATTRIBUTES	0x000400
-#define KADM5_POLICY		0x000800
-#define KADM5_POLICY_CLR	0x001000
-#define KADM5_MAX_RLIFE		0x002000
-#define KADM5_LAST_SUCCESS	0x004000
-#define KADM5_LAST_FAILED	0x008000
-#define KADM5_FAIL_AUTH_COUNT	0x010000
-#define KADM5_KEY_DATA		0x020000
-#define KADM5_TL_DATA		0x040000
-
-#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
-
-#define KADM5_PW_MAX_LIFE 	0x004000
-#define KADM5_PW_MIN_LIFE	0x008000
-#define KADM5_PW_MIN_LENGTH 	0x010000
-#define KADM5_PW_MIN_CLASSES	0x020000
-#define KADM5_PW_HISTORY_NUM	0x040000
-#define KADM5_REF_COUNT		0x080000
-
-#define KADM5_POLICY_NORMAL_MASK (~0)
-
-#define KADM5_ADMIN_SERVICE	"kadmin/admin"
-#define KADM5_HIST_PRINCIPAL	"kadmin/history"
-#define KADM5_CHANGEPW_SERVICE	"kadmin/changepw"
-
-typedef struct _krb5_key_data {
-    int16_t key_data_ver;	/* Version */
-    int16_t key_data_kvno;	/* Key Version */
-    int16_t key_data_type[2];	/* Array of types */
-    int16_t key_data_length[2];	/* Array of lengths */
-    void*   key_data_contents[2];/* Array of pointers */
-} krb5_key_data;
-
-typedef struct _krb5_tl_data {
-    struct _krb5_tl_data* tl_data_next;
-    int16_t tl_data_type;         
-    int16_t tl_data_length;       
-    void*   tl_data_contents;     
-} krb5_tl_data;
-
-typedef struct _kadm5_principal_ent_t {
-    krb5_principal principal;
-
-    krb5_timestamp princ_expire_time;
-    krb5_timestamp last_pwd_change;
-    krb5_timestamp pw_expiration;
-    krb5_deltat max_life;
-    krb5_principal mod_name;
-    krb5_timestamp mod_date;
-    krb5_flags attributes;
-    krb5_kvno kvno;
-    krb5_kvno mkvno;
-
-    char * policy;
-    u_int32_t aux_attributes;
-
-    krb5_deltat max_renewable_life;
-    krb5_timestamp last_success;
-    krb5_timestamp last_failed;
-    krb5_kvno fail_auth_count;
-    int16_t n_key_data;
-    int16_t n_tl_data;
-    krb5_tl_data *tl_data;
-    krb5_key_data *key_data;
-} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-
-typedef struct _kadm5_policy_ent_t {
-    char *policy;
-
-    u_int32_t pw_min_life;
-    u_int32_t pw_max_life;
-    u_int32_t pw_min_length;
-    u_int32_t pw_min_classes;
-    u_int32_t pw_history_num;
-    u_int32_t policy_refcnt;
-} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
-
-#define KADM5_CONFIG_REALM			(1 << 0)
-#define KADM5_CONFIG_PROFILE			(1 << 1)
-#define KADM5_CONFIG_KADMIND_PORT		(1 << 2)
-#define KADM5_CONFIG_ADMIN_SERVER		(1 << 3)
-#define KADM5_CONFIG_DBNAME			(1 << 4)
-#define KADM5_CONFIG_ADBNAME			(1 << 5)
-#define KADM5_CONFIG_ADB_LOCKFILE		(1 << 6)
-#define KADM5_CONFIG_ACL_FILE			(1 << 7)
-#define KADM5_CONFIG_DICT_FILE			(1 << 8)
-#define KADM5_CONFIG_ADMIN_KEYTAB		(1 << 9)
-#define KADM5_CONFIG_MKEY_FROM_KEYBOARD		(1 << 10)
-#define KADM5_CONFIG_STASH_FILE			(1 << 11)
-#define KADM5_CONFIG_MKEY_NAME			(1 << 12)
-#define KADM5_CONFIG_ENCTYPE			(1 << 13)
-#define KADM5_CONFIG_MAX_LIFE			(1 << 14)
-#define KADM5_CONFIG_MAX_RLIFE			(1 << 15)
-#define KADM5_CONFIG_EXPIRATION			(1 << 16)
-#define KADM5_CONFIG_FLAGS			(1 << 17)
-#define KADM5_CONFIG_ENCTYPES			(1 << 18)
-
-#define KADM5_PRIV_GET		(1 << 0)
-#define KADM5_PRIV_ADD 		(1 << 1)
-#define KADM5_PRIV_MODIFY	(1 << 2)
-#define KADM5_PRIV_DELETE	(1 << 3)
-#define KADM5_PRIV_LIST		(1 << 4)
-#define KADM5_PRIV_CPW		(1 << 5)
-#define KADM5_PRIV_ALL		(KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW)
-
-typedef struct {
-    int XXX;
-}krb5_key_salt_tuple;
-
-typedef struct _kadm5_config_params {
-    u_int32_t mask;
-
-    /* Client and server fields */
-    char *realm;
-    int kadmind_port;
-
-    /* client fields */
-    char *admin_server;
-
-    /* server fields */
-    char *dbname;
-    char *acl_file;
-
-    /* server library (database) fields */
-    char *stash_file;
-} kadm5_config_params;
-
-typedef krb5_error_code kadm5_ret_t;
-
-#include "kadm5-protos.h"
-
-#if 0
-/* unimplemented functions */
-kadm5_ret_t 
-kadm5_decrypt_key(void *server_handle,
-		  kadm5_principal_ent_t entry, int32_t
-		  ktype, int32_t stype, int32_t
-		  kvno, krb5_keyblock *keyblock,
-		  krb5_keysalt *keysalt, int *kvnop);
-
-kadm5_ret_t
-kadm5_create_policy(void *server_handle,
-		    kadm5_policy_ent_t policy, u_int32_t mask); 
-
-kadm5_ret_t
-kadm5_delete_policy(void *server_handle, char *policy);
-
-
-kadm5_ret_t
-kadm5_modify_policy(void *server_handle,
-		    kadm5_policy_ent_t policy, 
-		    u_int32_t mask);
-
-kadm5_ret_t
-kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); 
-
-kadm5_ret_t
-kadm5_get_policies(void *server_handle, char *exp,
-		   char ***pols, int *count);
-
-void 
-kadm5_free_policy_ent(kadm5_policy_ent_t policy);
-
-#endif
-
-#endif /* __KADM5_ADMIN_H__ */
diff --git a/crypto/heimdal/lib/kadm5/bump_pw_expire.c b/crypto/heimdal/lib/kadm5/bump_pw_expire.c
deleted file mode 100644
index a185c20daff2..000000000000
--- a/crypto/heimdal/lib/kadm5/bump_pw_expire.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: bump_pw_expire.c,v 1.1 2000/07/24 03:47:54 assar Exp $");
-
-/*
- * extend password_expiration if it's defined
- */
-
-kadm5_ret_t
-_kadm5_bump_pw_expire(kadm5_server_context *context,
-		      hdb_entry *ent)
-{
-    if (ent->pw_end != NULL) {
-	time_t life;
-
-	life = krb5_config_get_time_default(context->context,
-					    NULL,
-					    365 * 24 * 60 * 60,
-					    "kadmin",
-					    "password_lifetime",
-					    NULL);
-
-	*(ent->pw_end) = time(NULL) + life;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c
deleted file mode 100644
index b06b8cd2a771..000000000000
--- a/crypto/heimdal/lib/kadm5/chpass_c.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: chpass_c.c,v 1.5 2000/07/11 15:59:14 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_chpass_principal(void *server_handle, 
-			 krb5_principal princ,
-			 char *password)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_chpass);
-    krb5_store_principal(sp, princ);
-    krb5_store_string(sp, password);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
-kadm5_ret_t
-kadm5_c_chpass_principal_with_key(void *server_handle, 
-				  krb5_principal princ,
-				  int n_key_data,
-				  krb5_key_data *key_data)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-    int i;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_chpass_with_key);
-    krb5_store_principal(sp, princ);
-    krb5_store_int32(sp, n_key_data);
-    for (i = 0; i < n_key_data; ++i)
-	kadm5_store_key_data (sp, &key_data[i]);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c
deleted file mode 100644
index 21334694573f..000000000000
--- a/crypto/heimdal/lib/kadm5/chpass_s.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: chpass_s.c,v 1.13 2001/01/30 01:24:28 assar Exp $");
-
-static kadm5_ret_t
-change(void *server_handle, 
-       krb5_principal princ,
-       char *password,
-       int cond)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry ent;
-    kadm5_ret_t ret;
-    Key *keys;
-    size_t num_keys;
-    int cmp = 1;
-
-    ent.principal = princ;
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->fetch(context->context, context->db, 
-			     0, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-
-    num_keys = ent.keys.len;
-    keys     = ent.keys.val;
-
-    ent.keys.len = 0;
-    ent.keys.val = NULL;
-
-    ret = _kadm5_set_keys(context, &ent, password);
-    if(ret) {
-	_kadm5_free_keys (server_handle, num_keys, keys);
-	goto out2;
-    }
-    if (cond)
-	cmp = _kadm5_cmp_keys (ent.keys.val, ent.keys.len,
-			       keys, num_keys);
-    _kadm5_free_keys (server_handle, num_keys, keys);
-
-    if (cmp == 0)
-	goto out2;
-
-    ret = _kadm5_set_modifier(context, &ent);
-    if(ret)
-	goto out2;
-
-    ret = _kadm5_bump_pw_expire(context, &ent);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION);
-    
-    ret = context->db->store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
-
-
-
-/*
- * change the password of `princ' to `password' if it's not already that.
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal_cond(void *server_handle, 
-			      krb5_principal princ,
-			      char *password)
-{
-    return change (server_handle, princ, password, 1);
-}
-
-/*
- * change the password of `princ' to `password'
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal(void *server_handle, 
-			 krb5_principal princ,
-			 char *password)
-{
-    return change (server_handle, princ, password, 0);
-}
-
-/*
- * change keys for `princ' to `keys'
- */
-
-kadm5_ret_t
-kadm5_s_chpass_principal_with_key(void *server_handle, 
-				  krb5_principal princ,
-				  int n_key_data,
-				  krb5_key_data *key_data)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry ent;
-    kadm5_ret_t ret;
-    ent.principal = princ;
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->fetch(context->context, context->db, 0, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out;
-    ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
-    if(ret)
-	goto out2;
-    ret = _kadm5_set_modifier(context, &ent);
-    if(ret)
-	goto out2;
-    ret = _kadm5_bump_pw_expire(context, &ent);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION);
-    
-    ret = context->db->store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/client_glue.c b/crypto/heimdal/lib/kadm5/client_glue.c
deleted file mode 100644
index 395577ddb303..000000000000
--- a/crypto/heimdal/lib/kadm5/client_glue.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: client_glue.c,v 1.5 1999/12/02 17:05:05 joda Exp $");
-
-kadm5_ret_t
-kadm5_init_with_password(const char *client_name,
-			 const char *password,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_c_init_with_password(client_name,
-				      password,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_password_ctx(krb5_context context,
-			     const char *client_name,
-			     const char *password,
-			     const char *service_name,
-			     kadm5_config_params *realm_params,
-			     unsigned long struct_version,
-			     unsigned long api_version,
-			     void **server_handle)
-{
-    return kadm5_c_init_with_password_ctx(context,
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey(const char *client_name,
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return kadm5_c_init_with_skey(client_name,
-				  keytab,
-				  service_name,
-				  realm_params,
-				  struct_version,
-				  api_version,
-				  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx(krb5_context context,
-			 const char *client_name,
-			 const char *keytab,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_c_init_with_skey_ctx(context,
-				      client_name,
-				      keytab,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds(const char *client_name,
-		      krb5_ccache ccache,
-		      const char *service_name,
-		      kadm5_config_params *realm_params,
-		      unsigned long struct_version,
-		      unsigned long api_version,
-		      void **server_handle)
-{
-    return kadm5_c_init_with_creds(client_name,
-				   ccache,
-				   service_name,
-				   realm_params,
-				   struct_version,
-				   api_version,
-				   server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx(krb5_context context,
-			  const char *client_name,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    return kadm5_c_init_with_creds_ctx(context,
-				       client_name,
-				       ccache,
-				       service_name,
-				       realm_params,
-				       struct_version,
-				       api_version,
-				       server_handle);
-}
diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c
deleted file mode 100644
index b508282690dc..000000000000
--- a/crypto/heimdal/lib/kadm5/common_glue.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: common_glue.c,v 1.5 2000/03/23 22:58:26 assar Exp $");
-
-#define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P;
-
-kadm5_ret_t
-kadm5_chpass_principal(void *server_handle,
-		       krb5_principal princ,
-		       char *password)
-{
-    return __CALL(chpass_principal, (server_handle, princ, password));
-}
-
-kadm5_ret_t
-kadm5_chpass_principal_with_key(void *server_handle,
-				krb5_principal princ,
-				int n_key_data,
-				krb5_key_data *key_data)
-{
-    return __CALL(chpass_principal_with_key,
-		  (server_handle, princ, n_key_data, key_data));
-}
-
-kadm5_ret_t
-kadm5_create_principal(void *server_handle,
-		       kadm5_principal_ent_t princ,
-		       u_int32_t mask,
-		       char *password)
-{
-    return __CALL(create_principal, (server_handle, princ, mask, password));
-}
-
-kadm5_ret_t
-kadm5_delete_principal(void *server_handle,
-		       krb5_principal princ)
-{
-    return __CALL(delete_principal, (server_handle, princ));
-}
-
-kadm5_ret_t
-kadm5_destroy (void *server_handle)
-{
-    return __CALL(destroy, (server_handle));
-}
-
-kadm5_ret_t
-kadm5_flush (void *server_handle)
-{
-    return __CALL(flush, (server_handle));
-}
-
-kadm5_ret_t
-kadm5_get_principal(void *server_handle,
-		    krb5_principal princ,
-		    kadm5_principal_ent_t out,
-		    u_int32_t mask)
-{
-    return __CALL(get_principal, (server_handle, princ, out, mask));
-}
-
-kadm5_ret_t
-kadm5_modify_principal(void *server_handle,
-		       kadm5_principal_ent_t princ,
-		       u_int32_t mask)
-{
-    return __CALL(modify_principal, (server_handle, princ, mask));
-}
-
-kadm5_ret_t
-kadm5_randkey_principal(void *server_handle,
-			krb5_principal princ,
-			krb5_keyblock **new_keys,
-			int *n_keys)
-{
-    return __CALL(randkey_principal, (server_handle, princ, new_keys, n_keys));
-}
-
-kadm5_ret_t
-kadm5_rename_principal(void *server_handle,
-		       krb5_principal source,
-		       krb5_principal target)
-{
-    return __CALL(rename_principal, (server_handle, source, target));
-}
-
-kadm5_ret_t
-kadm5_get_principals(void *server_handle,
-		     const char *exp,
-		     char ***princs,
-		     int *count)
-{
-    return __CALL(get_principals, (server_handle, exp, princs, count));
-}
-
-kadm5_ret_t
-kadm5_get_privs(void *server_handle,
-		u_int32_t *privs)
-{
-    return __CALL(get_privs, (server_handle, privs));
-}
diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c
deleted file mode 100644
index a5a78e6bab30..000000000000
--- a/crypto/heimdal/lib/kadm5/context_s.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: context_s.c,v 1.17 2002/08/26 13:28:36 assar Exp $");
-
-static void
-set_funcs(kadm5_server_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5_s_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-struct database_spec {
-    char *dbpath;
-    char *logfile;
-    char *mkeyfile;
-    char *aclfile;
-};
-
-static void
-set_field(krb5_context context, krb5_config_binding *binding, 
-	  const char *dbname, const char *name, const char *ext, 
-	  char **variable)
-{
-    const char *p;
-
-    if (*variable != NULL)
-	free (*variable);
-
-    p = krb5_config_get_string(context, binding, name, NULL);
-    if(p)
-	*variable = strdup(p);
-    else {
-	p = strrchr(dbname, '.');
-	if(p == NULL)
-	    asprintf(variable, "%s.%s", dbname, ext);
-	else
-	    asprintf(variable, "%.*s.%s", (int)(p - dbname), dbname, ext);
-    }
-}
-
-static void
-set_socket_name(const char *dbname, struct sockaddr_un *un)
-{
-    const char *p;
-    memset(un, 0, sizeof(*un));
-    un->sun_family = AF_UNIX;
-    p = strrchr(dbname, '.');
-    if(p == NULL)
-	snprintf(un->sun_path, sizeof(un->sun_path), "%s.signal", 
-		 dbname);
-    else
-	snprintf(un->sun_path, sizeof(un->sun_path), "%.*s.signal", 
-		 (int)(p - dbname), dbname);
-}
-
-static void
-set_config(kadm5_server_context *ctx,
-	   krb5_config_binding *binding)
-{
-    const char *p;
-    if(ctx->config.dbname == NULL) {
-	p = krb5_config_get_string(ctx->context, binding, "dbname", NULL);
-	if(p)
-	    ctx->config.dbname = strdup(p);
-	else
-	    ctx->config.dbname = strdup(HDB_DEFAULT_DB);
-    }
-    if(ctx->log_context.log_file == NULL)
-	set_field(ctx->context, binding, ctx->config.dbname, 
-		  "log_file", "log", &ctx->log_context.log_file);
-    set_socket_name(ctx->config.dbname, &ctx->log_context.socket_name);
-    if(ctx->config.acl_file == NULL)
-	set_field(ctx->context, binding, ctx->config.dbname, 
-		  "acl_file", "acl", &ctx->config.acl_file);
-    if(ctx->config.stash_file == NULL)
-	set_field(ctx->context, binding, ctx->config.dbname, 
-		  "mkey_file", "mkey", &ctx->config.stash_file);
-}
-
-static kadm5_ret_t
-find_db_spec(kadm5_server_context *ctx)
-{
-    const krb5_config_binding *top_binding = NULL;
-    krb5_config_binding *db_binding;
-    krb5_config_binding *default_binding = NULL;
-    krb5_context context = ctx->context;
-
-    while((db_binding = (krb5_config_binding *)
-	   krb5_config_get_next(context,
-				NULL,
-				&top_binding, 
-				krb5_config_list, 
-				"kdc", 
-				"database",
-				NULL))) {
-	const char *p;
-	p = krb5_config_get_string(context, db_binding, "realm", NULL);
-	if(p == NULL) {
-	    if(default_binding) {
-		krb5_warnx(context, "WARNING: more than one realm-less "
-			   "database specification");
-		krb5_warnx(context, "WARNING: using the first encountered");
-	    } else
-		default_binding = db_binding;
-	    continue;
-	}
-	if(strcmp(ctx->config.realm, p) != 0)
-	    continue;
-	
-	set_config(ctx, db_binding);
-	return 0;
-    }
-    if(default_binding)
-	set_config(ctx, default_binding);
-    else {
-	ctx->config.dbname        = strdup(HDB_DEFAULT_DB);
-	ctx->config.acl_file      = strdup(HDB_DB_DIR "/kadmind.acl");
-	ctx->config.stash_file    = strdup(HDB_DB_DIR "/m-key");
-	ctx->log_context.log_file = strdup(HDB_DB_DIR "/log");
-	memset(&ctx->log_context.socket_name, 0, 
-	       sizeof(ctx->log_context.socket_name));
-	ctx->log_context.socket_name.sun_family = AF_UNIX;
-	strlcpy(ctx->log_context.socket_name.sun_path, 
-		KADM5_LOG_SIGNAL, 
-		sizeof(ctx->log_context.socket_name.sun_path));
-    }
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_s_init_context(kadm5_server_context **ctx, 
-		      kadm5_config_params *params,
-		      krb5_context context)
-{
-    *ctx = malloc(sizeof(**ctx));
-    if(*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    set_funcs(*ctx);
-    (*ctx)->context = context;
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-#define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M)
-    if(is_set(REALM))
-	(*ctx)->config.realm = strdup(params->realm);
-    else
-	krb5_get_default_realm(context, &(*ctx)->config.realm);
-    if(is_set(DBNAME))
-	(*ctx)->config.dbname = strdup(params->dbname);
-    if(is_set(ACL_FILE))
-	(*ctx)->config.acl_file = strdup(params->acl_file);
-    if(is_set(STASH_FILE))
-	(*ctx)->config.stash_file = strdup(params->stash_file);
-    
-    find_db_spec(*ctx);
-    
-    /* PROFILE can't be specified for now */
-    /* KADMIND_PORT is supposed to be used on the server also, 
-       but this doesn't make sense */
-    /* ADMIN_SERVER is client only */
-    /* ADNAME is not used at all (as far as I can tell) */
-    /* ADB_LOCKFILE ditto */
-    /* DICT_FILE */
-    /* ADMIN_KEYTAB */
-    /* MKEY_FROM_KEYBOARD is not supported */
-    /* MKEY_NAME neither */
-    /* ENCTYPE */
-    /* MAX_LIFE */
-    /* MAX_RLIFE */
-    /* EXPIRATION */
-    /* FLAGS */
-    /* ENCTYPES */
-
-    return 0;
-}
-
-HDB *
-_kadm5_s_get_db(void *server_handle)
-{
-    kadm5_server_context *context = server_handle;
-    return context->db;
-}
diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c
deleted file mode 100644
index 8d81cb3c559f..000000000000
--- a/crypto/heimdal/lib/kadm5/create_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: create_c.c,v 1.4 2000/07/11 15:59:21 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_create_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 u_int32_t mask,
-			 char *password)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_create);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    krb5_store_string(sp, password);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c
deleted file mode 100644
index 287211b33216..000000000000
--- a/crypto/heimdal/lib/kadm5/create_s.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: create_s.c,v 1.19 2001/01/30 01:24:28 assar Exp $");
-
-static kadm5_ret_t
-get_default(kadm5_server_context *context, krb5_principal princ, 
-	    kadm5_principal_ent_t def)
-{
-    kadm5_ret_t ret;
-    krb5_principal def_principal;
-    krb5_realm *realm = krb5_princ_realm(context->context, princ);
-
-    ret = krb5_make_principal(context->context, &def_principal, 
-			      *realm, "default", NULL);
-    if (ret)
-	return ret;
-    ret = kadm5_s_get_principal(context, def_principal, def, 
-				KADM5_PRINCIPAL_NORMAL_MASK);
-    krb5_free_principal (context->context, def_principal);
-    return ret;
-}
-
-static kadm5_ret_t
-create_principal(kadm5_server_context *context,
-		 kadm5_principal_ent_t princ,
-		 u_int32_t mask,
-		 hdb_entry *ent,
-		 u_int32_t required_mask,
-		 u_int32_t forbidden_mask)
-{
-    kadm5_ret_t ret;
-    kadm5_principal_ent_rec defrec, *defent;
-    u_int32_t def_mask;
-    
-    if((mask & required_mask) != required_mask)
-	return KADM5_BAD_MASK;
-    if((mask & forbidden_mask))
-	return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
-	/* XXX no real policies for now */
-	return KADM5_UNK_POLICY;
-    memset(ent, 0, sizeof(*ent));
-    ret  = krb5_copy_principal(context->context, princ->principal, 
-			       &ent->principal);
-    if(ret)
-	return ret;
-    
-    defent = &defrec;
-    ret = get_default(context, princ->principal, defent);
-    if(ret) {
-	defent   = NULL;
-	def_mask = 0;
-    } else {
-	def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE;
-    }
-
-    ret = _kadm5_setup_entry(context,
-			     ent, mask | def_mask,
-			     princ, mask,
-			     defent, def_mask);
-    if(defent)
-	kadm5_free_principal_ent(context, defent);
-    
-    ent->created_by.time = time(NULL);
-    ret = krb5_copy_principal(context->context, context->caller, 
-			      &ent->created_by.principal);
-
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_s_create_principal_with_key(void *server_handle,
-				  kadm5_principal_ent_t princ,
-				  u_int32_t mask)
-{
-    kadm5_ret_t ret;
-    hdb_entry ent;
-    kadm5_server_context *context = server_handle;
-
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL | KADM5_KEY_DATA,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			   | KADM5_MOD_NAME | KADM5_MKVNO 
-			   | KADM5_AUX_ATTRIBUTES 
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS 
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
-    if(ret)
-	goto out;
-
-    ret = _kadm5_set_keys2(context, &ent, princ->n_key_data, princ->key_data);
-    if(ret)
-	goto out;
-    
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out;
-    
-    kadm5_log_create (context, &ent);
-
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	goto out;
-    ret = context->db->store(context->context, context->db, 0, &ent);
-    context->db->close(context->context, context->db);
-out:
-    hdb_free_entry(context->context, &ent);
-    return _kadm5_error_code(ret);
-}
-				  
-
-kadm5_ret_t
-kadm5_s_create_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 u_int32_t mask,
-			 char *password)
-{
-    kadm5_ret_t ret;
-    hdb_entry ent;
-    kadm5_server_context *context = server_handle;
-
-    ret = create_principal(context, princ, mask, &ent,
-			   KADM5_PRINCIPAL,
-			   KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			   | KADM5_MOD_NAME | KADM5_MKVNO 
-			   | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
-			   | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS 
-			   | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
-    if(ret)
-	goto out;
-
-    /* XXX this should be fixed */
-    ent.keys.len = 4;
-    ent.keys.val = calloc(ent.keys.len, sizeof(*ent.keys.val));
-    ent.keys.val[0].key.keytype = ETYPE_DES_CBC_CRC;
-    /* flag as version 4 compatible salt; ignored by _kadm5_set_keys
-       if we don't want to be compatible */
-    ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt));
-    ent.keys.val[0].salt->type = hdb_pw_salt;
-    ent.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
-    ent.keys.val[1].salt = calloc(1, sizeof(*ent.keys.val[1].salt));
-    ent.keys.val[1].salt->type = hdb_pw_salt;
-    ent.keys.val[2].key.keytype = ETYPE_DES_CBC_MD5;
-    ent.keys.val[2].salt = calloc(1, sizeof(*ent.keys.val[2].salt));
-    ent.keys.val[2].salt->type = hdb_pw_salt;
-    ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1;
-    ret = _kadm5_set_keys(context, &ent, password);
-    if (ret)
-	goto out;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out;
-    
-    kadm5_log_create (context, &ent);
-
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	goto out;
-    ret = context->db->store(context->context, context->db, 0, &ent);
-    context->db->close(context->context, context->db);
-out:
-    hdb_free_entry(context->context, &ent);
-    return _kadm5_error_code(ret);
-}
-
diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c
deleted file mode 100644
index 7575c5e438f8..000000000000
--- a/crypto/heimdal/lib/kadm5/delete_c.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: delete_c.c,v 1.4 2000/07/11 15:59:29 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_delete_principal(void *server_handle, krb5_principal princ)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_delete);
-    krb5_store_principal(sp, princ);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if(sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c
deleted file mode 100644
index 2f2bf881d29f..000000000000
--- a/crypto/heimdal/lib/kadm5/delete_s.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: delete_s.c,v 1.9 2001/01/30 01:24:28 assar Exp $");
-
-kadm5_ret_t
-kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry ent;
-
-    ent.principal = princ;
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret) {
-	krb5_warn(context->context, ret, "opening database");
-	return ret;
-    }
-    ret = context->db->fetch(context->context, context->db, 
-			     HDB_F_DECRYPT, &ent);
-    if(ret == HDB_ERR_NOENTRY)
-	goto out2;
-    if(ent.flags.immutable) {
-	ret = KADM5_PROTECT_PRINCIPAL;
-	goto out;
-    }
-    
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out;
-
-    kadm5_log_delete (context, princ);
-    
-    ret = context->db->remove(context->context, context->db, &ent);
-out:
-    hdb_free_entry(context->context, &ent);
-out2:
-    context->db->close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/destroy_c.c b/crypto/heimdal/lib/kadm5/destroy_c.c
deleted file mode 100644
index b42c84ce796a..000000000000
--- a/crypto/heimdal/lib/kadm5/destroy_c.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: destroy_c.c,v 1.3 1999/12/02 17:05:05 joda Exp $");
-
-kadm5_ret_t 
-kadm5_c_destroy(void *server_handle)
-{
-    kadm5_client_context *context = server_handle;
-
-    free(context->realm);
-    free(context->admin_server);
-    close(context->sock);
-    if (context->ac != NULL)
-	krb5_auth_con_free(context->context, context->ac);
-    if(context->my_context)
-	krb5_free_context(context->context);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c
deleted file mode 100644
index a8ad3285d446..000000000000
--- a/crypto/heimdal/lib/kadm5/destroy_s.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: destroy_s.c,v 1.6 2000/05/12 15:23:13 assar Exp $");
-
-/*
- * dealloc a `kadm5_config_params'
- */
-
-static void
-destroy_config (kadm5_config_params *c)
-{
-    free (c->realm);
-    free (c->dbname);
-    free (c->acl_file);
-    free (c->stash_file);
-}
-
-/*
- * dealloc a kadm5_log_context
- */
-
-static void
-destroy_kadm5_log_context (kadm5_log_context *c)
-{
-    free (c->log_file);
-    close (c->socket_fd);
-}
-
-/*
- * destroy a kadm5 handle
- */
-
-kadm5_ret_t 
-kadm5_s_destroy(void *server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_server_context *context = server_handle;
-    krb5_context kcontext = context->context;
-
-    ret = context->db->destroy(kcontext, context->db);
-    destroy_kadm5_log_context (&context->log_context);
-    destroy_config (&context->config);
-    krb5_free_principal (kcontext, context->caller);
-    if(context->my_context)
-	krb5_free_context(kcontext);
-    free (context);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c
deleted file mode 100644
index f8309fb5acfe..000000000000
--- a/crypto/heimdal/lib/kadm5/dump_log.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include "parse_time.h"
-
-RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $");
-
-static char *op_names[] = {
-    "get",
-    "delete",
-    "create",
-    "rename",
-    "chpass",
-    "modify",
-    "randkey",
-    "get_privs",
-    "get_princs",
-    "chpass_with_key",
-    "nop"
-};
-
-static void
-print_entry(kadm5_server_context *server_context,
-	    u_int32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    u_int32_t len,
-	    krb5_storage *sp)
-{
-    char t[256];
-    int32_t mask;
-    hdb_entry ent;
-    krb5_principal source;
-    char *name1, *name2;
-    krb5_data data;
-    krb5_context context = server_context->context;
-
-    off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
-    
-    krb5_error_code ret;
-
-    strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
-
-    if(op < kadm_get || op > kadm_nop) {
-	printf("unknown op: %d\n", op);
-	krb5_storage_seek(sp, end, SEEK_SET);
-	return;
-    }
-
-    printf ("%s: ver = %u, timestamp = %s, len = %u\n",
-	    op_names[op], ver, t, len);
-    switch(op) {
-    case kadm_delete:
-	krb5_ret_principal(sp, &source);
-	krb5_unparse_name(context, source, &name1);
-	printf("    %s\n", name1);
-	free(name1);
-	krb5_free_principal(context, source);
-	break;
-    case kadm_rename:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len);
-	krb5_ret_principal(sp, &source);
-	krb5_storage_read(sp, data.data, data.length);
-	hdb_value2entry(context, &data, &ent);
-	krb5_unparse_name(context, source, &name1);
-	krb5_unparse_name(context, ent.principal, &name2);
-	printf("    %s -> %s\n", name1, name2);
-	free(name1);
-	free(name2);
-	krb5_free_principal(context, source);
-	hdb_free_entry(context, &ent);
-	break;
-    case kadm_create:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(context, &data, &ent);
-	if(ret)
-	    abort();
-	mask = ~0;
-	goto foo;
-    case kadm_modify:
-	ret = krb5_data_alloc(&data, len);
-	if (ret)
-	    krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len);
-	krb5_ret_int32(sp, &mask);
-	krb5_storage_read(sp, data.data, data.length);
-	ret = hdb_value2entry(context, &data, &ent);
-	if(ret)
-	    abort();
-    foo:
-	if(ent.principal /* mask & KADM5_PRINCIPAL */) {
-	    krb5_unparse_name(context, ent.principal, &name1);
-	    printf("    principal = %s\n", name1);
-	    free(name1);
-	}
-	if(mask & KADM5_PRINC_EXPIRE_TIME) {
-	    if(ent.valid_end == NULL) {
-		strcpy(t, "never");
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.valid_end));
-	    }
-	    printf("    expires = %s\n", t);
-	}
-	if(mask & KADM5_PW_EXPIRATION) {
-	    if(ent.pw_end == NULL) {
-		strcpy(t, "never");
-	    } else {
-		strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", 
-			 localtime(ent.pw_end));
-	    }
-	    printf("    password exp = %s\n", t);
-	}
-	if(mask & KADM5_LAST_PWD_CHANGE) {
-	}
-	if(mask & KADM5_ATTRIBUTES) {
-	    unparse_flags(HDBFlags2int(ent.flags), 
-			  HDBFlags_units, t, sizeof(t));
-	    printf("    attributes = %s\n", t);
-	}
-	if(mask & KADM5_MAX_LIFE) {
-	    if(ent.max_life == NULL)
-		strcpy(t, "for ever");
-	    else
-		unparse_time(*ent.max_life, t, sizeof(t));
-	    printf("    max life = %s\n", t);
-	}
-	if(mask & KADM5_MAX_RLIFE) {
-	    if(ent.max_renew == NULL)
-		strcpy(t, "for ever");
-	    else
-		unparse_time(*ent.max_renew, t, sizeof(t));
-	    printf("    max rlife = %s\n", t);
-	}
-	if(mask & KADM5_MOD_TIME) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_MOD_NAME) {
-	    printf("    mod name\n");
-	}
-	if(mask & KADM5_KVNO) {
-	    printf("    kvno = %d\n", ent.kvno);
-	}
-	if(mask & KADM5_MKVNO) {
-	    printf("    mkvno\n");
-	}
-	if(mask & KADM5_AUX_ATTRIBUTES) {
-	    printf("    aux attributes\n");
-	}
-	if(mask & KADM5_POLICY) {
-	    printf("    policy\n");
-	}
-	if(mask & KADM5_POLICY_CLR) {
-	    printf("    mod time\n");
-	}
-	if(mask & KADM5_LAST_SUCCESS) {
-	    printf("    last success\n");
-	}
-	if(mask & KADM5_LAST_FAILED) {
-	    printf("    last failed\n");
-	}
-	if(mask & KADM5_FAIL_AUTH_COUNT) {
-	    printf("    fail auth count\n");
-	}
-	if(mask & KADM5_KEY_DATA) {
-	    printf("    key data\n");
-	}
-	if(mask & KADM5_TL_DATA) {
-	    printf("    tl data\n");
-	}
-	hdb_free_entry(context, &ent);
-	break;
-    case kadm_nop :
-	break;
-    default:
-	abort();
-    }
-    krb5_storage_seek(sp, end, SEEK_SET);
-}
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, print_entry);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c
deleted file mode 100644
index 29fab740bacf..000000000000
--- a/crypto/heimdal/lib/kadm5/ent_setup.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: ent_setup.c,v 1.12 2000/03/23 23:02:35 assar Exp $");
-
-#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0)
-#define set_null(X)     do { if((X) != NULL) free((X)); (X) = NULL; } while (0)
-
-static void
-attr_to_flags(unsigned attr, HDBFlags *flags)
-{
-    flags->postdate =		!(attr & KRB5_KDB_DISALLOW_POSTDATED);
-    flags->forwardable =	!(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
-    flags->initial =	       !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
-    flags->renewable =		!(attr & KRB5_KDB_DISALLOW_RENEWABLE);
-    flags->proxiable =		!(attr & KRB5_KDB_DISALLOW_PROXIABLE);
-    /* DUP_SKEY */
-    flags->invalid =	       !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
-    flags->require_preauth =   !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
-    /* HW_AUTH */
-    flags->server =		!(attr & KRB5_KDB_DISALLOW_SVR);
-    flags->change_pw = 	       !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
-    flags->client =	        1; /* XXX */
-}
-
-/*
- * Create the hdb entry `ent' based on data from `princ' with
- * `princ_mask' specifying what fields to be gotten from there and
- * `mask' specifying what fields we want filled in.
- */
-
-kadm5_ret_t
-_kadm5_setup_entry(kadm5_server_context *context,
-		   hdb_entry *ent,
-		   u_int32_t mask,
-		   kadm5_principal_ent_t princ, 
-		   u_int32_t princ_mask,
-		   kadm5_principal_ent_t def,
-		   u_int32_t def_mask)
-{
-    if(mask & KADM5_PRINC_EXPIRE_TIME
-       && princ_mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (princ->princ_expire_time)
-	    set_value(ent->valid_end, princ->princ_expire_time);
-	else
-	    set_null(ent->valid_end);
-    }
-    if(mask & KADM5_PW_EXPIRATION
-       && princ_mask & KADM5_PW_EXPIRATION) {
-	if (princ->pw_expiration)
-	    set_value(ent->pw_end, princ->pw_expiration);
-	else
-	    set_null(ent->pw_end);
-    }
-    if(mask & KADM5_ATTRIBUTES) {
-	if (princ_mask & KADM5_ATTRIBUTES) {
-	    attr_to_flags(princ->attributes, &ent->flags);
-	} else if(def_mask & KADM5_ATTRIBUTES) {
-	    attr_to_flags(def->attributes, &ent->flags);
-	    ent->flags.invalid = 0;
-	} else {
-	    ent->flags.client      = 1;
-	    ent->flags.server      = 1;
-	    ent->flags.forwardable = 1;
-	    ent->flags.proxiable   = 1;
-	    ent->flags.renewable   = 1;
-	    ent->flags.postdate    = 1;
-	}
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(princ_mask & KADM5_MAX_LIFE) {
-	    if(princ->max_life)
-	      set_value(ent->max_life, princ->max_life);
-	    else
-	      set_null(ent->max_life);
-	} else if(def_mask & KADM5_MAX_LIFE) {
-	    if(def->max_life)
-	      set_value(ent->max_life, def->max_life);
-	    else
-	      set_null(ent->max_life);
-	}
-    }
-    if(mask & KADM5_KVNO
-       && princ_mask & KADM5_KVNO)
-	ent->kvno = princ->kvno;
-    if(mask & KADM5_MAX_RLIFE) {
-	if(princ_mask & KADM5_MAX_RLIFE) {
-	  if(princ->max_renewable_life)
-	    set_value(ent->max_renew, princ->max_renewable_life);
-	  else
-	    set_null(ent->max_renew);
-	} else if(def_mask & KADM5_MAX_RLIFE) {
-	  if(def->max_renewable_life)
-	    set_value(ent->max_renew, def->max_renewable_life);
-	  else
-	    set_null(ent->max_renew);
-	}
-    }
-    if(mask & KADM5_KEY_DATA
-       && princ_mask & KADM5_KEY_DATA) {
-	_kadm5_set_keys2(context, ent, princ->n_key_data, princ->key_data);
-    }
-    if(mask & KADM5_TL_DATA) {
-	/* XXX */
-    }
-    if(mask & KADM5_FAIL_AUTH_COUNT) {
-	/* XXX */
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/error.c b/crypto/heimdal/lib/kadm5/error.c
deleted file mode 100644
index 11b1ded7d875..000000000000
--- a/crypto/heimdal/lib/kadm5/error.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: error.c,v 1.3 1999/12/02 17:05:06 joda Exp $");
-
-kadm5_ret_t
-_kadm5_error_code(kadm5_ret_t code)
-{
-    switch(code){
-    case HDB_ERR_EXISTS:
-	return KADM5_DUP;
-    case HDB_ERR_NOENTRY:
-	return KADM5_UNK_PRINC;
-    }
-    return code;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush.c b/crypto/heimdal/lib/kadm5/flush.c
deleted file mode 100644
index 4808259de7f8..000000000000
--- a/crypto/heimdal/lib/kadm5/flush.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush.c,v 1.2 1999/12/02 17:05:06 joda Exp $");
-
-kadm5_ret_t 
-kadm5_s_flush(void *server_handle)
-{
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_c_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush_c.c b/crypto/heimdal/lib/kadm5/flush_c.c
deleted file mode 100644
index 01cdcf723aa1..000000000000
--- a/crypto/heimdal/lib/kadm5/flush_c.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush_c.c,v 1.1 1999/03/23 18:23:36 joda Exp $");
-
-kadm5_ret_t 
-kadm5_c_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/flush_s.c b/crypto/heimdal/lib/kadm5/flush_s.c
deleted file mode 100644
index dffbe2f2ca9b..000000000000
--- a/crypto/heimdal/lib/kadm5/flush_s.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: flush_s.c,v 1.1 1999/03/23 18:23:37 joda Exp $");
-
-kadm5_ret_t 
-kadm5_s_flush(void *server_handle)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/free.c b/crypto/heimdal/lib/kadm5/free.c
deleted file mode 100644
index fcc1e70f0d8e..000000000000
--- a/crypto/heimdal/lib/kadm5/free.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: free.c,v 1.4 1999/12/02 17:05:06 joda Exp $");
-
-void 
-kadm5_free_key_data(void *server_handle,
-		    int16_t *n_key_data, 
-		    krb5_key_data *key_data)
-{
-    int i;
-    for(i = 0; i < *n_key_data; i++){
-	if(key_data[i].key_data_contents[0]){
-	    memset(key_data[i].key_data_contents[0], 
-		   0,
-		   key_data[i].key_data_length[0]);
-	    free(key_data[i].key_data_contents[0]);
-	}
-	if(key_data[i].key_data_contents[1])
-	    free(key_data[i].key_data_contents[1]);
-    }
-    *n_key_data = 0;
-}
-
-
-void 
-kadm5_free_principal_ent(void *server_handle,
-			 kadm5_principal_ent_t princ)
-{
-    kadm5_server_context *context = server_handle;
-    if(princ->principal)
-	krb5_free_principal(context->context, princ->principal);
-    if(princ->mod_name)
-	krb5_free_principal(context->context, princ->mod_name);
-    kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data);
-    while(princ->n_tl_data && princ->tl_data) {
-	krb5_tl_data *tp;
-	tp = princ->tl_data;
-	princ->tl_data = tp->tl_data_next;
-	princ->n_tl_data--;
-	memset(tp->tl_data_contents, 0, tp->tl_data_length);
-	free(tp->tl_data_contents);
-	free(tp);
-    }
-    if (princ->key_data != NULL)
-	free (princ->key_data);
-}
-
-void 
-kadm5_free_name_list(void *server_handle,
-		     char **names, 
-		     int *count)
-{
-    int i;
-    for(i = 0; i < *count; i++)
-	free(names[i]);
-    free(names);
-    *count = 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c
deleted file mode 100644
index 279a77aa6bd7..000000000000
--- a/crypto/heimdal/lib/kadm5/get_c.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_c.c,v 1.6 2000/07/11 15:59:36 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_get_principal(void *server_handle, 
-		      krb5_principal princ, 
-		      kadm5_principal_ent_t out, 
-		      u_int32_t mask)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_get);
-    krb5_store_principal(sp, princ);
-    krb5_store_int32(sp, mask);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0)
-	kadm5_ret_principal_ent(sp, out);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c
deleted file mode 100644
index 3536cdfc5ff6..000000000000
--- a/crypto/heimdal/lib/kadm5/get_princs_c.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_princs_c.c,v 1.4 2000/07/11 16:00:19 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_get_principals(void *server_handle, 
-		       const char *exp,
-		       char ***princs, 
-		       int *count)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_get_princs);
-    krb5_store_int32(sp, exp != NULL);
-    if(exp)
-	krb5_store_string(sp, exp);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0) {
-	int i;
-	krb5_ret_int32(sp, &tmp);
-	*princs = calloc(tmp + 1, sizeof(**princs));
-	if (*princs == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < tmp; i++)
-	    krb5_ret_string(sp, &(*princs)[i]);
-	*count = tmp;
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/get_princs_s.c b/crypto/heimdal/lib/kadm5/get_princs_s.c
deleted file mode 100644
index 2702bae46131..000000000000
--- a/crypto/heimdal/lib/kadm5/get_princs_s.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_princs_s.c,v 1.5 1999/12/02 17:05:06 joda Exp $");
-
-struct foreach_data {
-    const char *exp;
-    char *exp2;
-    char **princs;
-    int count;
-};
-
-static krb5_error_code
-add_princ(struct foreach_data *d, char *princ)
-{
-    char **tmp;
-    tmp = realloc(d->princs, (d->count + 1) * sizeof(*tmp));
-    if(tmp == NULL)
-	return ENOMEM;
-    d->princs = tmp;
-    d->princs[d->count++] = princ;
-    return 0;
-}
-
-static krb5_error_code
-foreach(krb5_context context, HDB *db, hdb_entry *ent, void *data)
-{
-    struct foreach_data *d = data;
-    char *princ;
-    krb5_error_code ret;
-    ret = krb5_unparse_name(context, ent->principal, &princ);
-    if(ret)
-	return ret;
-    if(d->exp){
-	if(fnmatch(d->exp, princ, 0) == 0 || fnmatch(d->exp2, princ, 0) == 0)
-	    ret = add_princ(d, princ);
-	else
-	    free(princ);
-    }else{
-	ret = add_princ(d, princ);
-    }
-    if(ret)
-	free(princ);
-    return ret;
-}
-
-kadm5_ret_t
-kadm5_s_get_principals(void *server_handle, 
-		       const char *exp,
-		       char ***princs, 
-		       int *count)
-{
-    struct foreach_data d;
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret) {
-	krb5_warn(context->context, ret, "opening database");
-	return ret;
-    }
-    d.exp = exp;
-    {
-	krb5_realm r;
-	krb5_get_default_realm(context->context, &r);
-	asprintf(&d.exp2, "%s@%s", exp, r);
-	free(r);
-    }
-    d.princs = NULL;
-    d.count = 0;
-    ret = hdb_foreach(context->context, context->db, 0, foreach, &d);
-    context->db->close(context->context, context->db);
-    if(ret == 0)
-	ret = add_princ(&d, NULL);
-    if(ret == 0){
-	*princs = d.princs;
-	*count = d.count - 1;
-    }else
-	kadm5_free_name_list(context, d.princs, &d.count);
-    free(d.exp2);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c
deleted file mode 100644
index 08519009c8c4..000000000000
--- a/crypto/heimdal/lib/kadm5/get_s.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: get_s.c,v 1.13 2000/06/19 16:11:31 joda Exp $");
-
-kadm5_ret_t
-kadm5_s_get_principal(void *server_handle, 
-		      krb5_principal princ, 
-		      kadm5_principal_ent_t out, 
-		      u_int32_t mask)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry ent;
-    
-    ent.principal = princ;
-    ret = context->db->open(context->context, context->db, O_RDONLY, 0);
-    if(ret)
-	return ret;
-    ret = context->db->fetch(context->context, context->db, 
-			     HDB_F_DECRYPT, &ent);
-    context->db->close(context->context, context->db);
-    if(ret)
-	return _kadm5_error_code(ret);
-
-    memset(out, 0, sizeof(*out));
-    if(mask & KADM5_PRINCIPAL)
-	ret  = krb5_copy_principal(context->context, ent.principal, 
-				   &out->principal);
-    if(ret)
-	goto out;
-    if(mask & KADM5_PRINC_EXPIRE_TIME && ent.valid_end)
-	out->princ_expire_time = *ent.valid_end;
-    if(mask & KADM5_PW_EXPIRATION && ent.pw_end)
-	out->pw_expiration = *ent.pw_end;
-    if(mask & KADM5_LAST_PWD_CHANGE)
-	/* XXX implement */;
-    if(mask & KADM5_ATTRIBUTES){
-	out->attributes |= ent.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
-	out->attributes |= ent.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
-	out->attributes |= ent.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
-	out->attributes |= ent.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
-	out->attributes |= ent.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
-	out->attributes |= ent.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
-	out->attributes |= ent.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
-	out->attributes |= ent.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
-	out->attributes |= ent.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
-    }
-    if(mask & KADM5_MAX_LIFE) {
-	if(ent.max_life)
-	    out->max_life = *ent.max_life;
-	else
-	    out->max_life = INT_MAX;
-    }
-    if(mask & KADM5_MOD_TIME) {
-	if(ent.modified_by)
-	    out->mod_date = ent.modified_by->time;
-	else
-	    out->mod_date = ent.created_by.time;
-    }
-    if(mask & KADM5_MOD_NAME) {
-	if(ent.modified_by) {
-	    if (ent.modified_by->principal != NULL)
-		ret = krb5_copy_principal(context->context, 
-					  ent.modified_by->principal,
-					  &out->mod_name);
-	} else if(ent.created_by.principal != NULL)
-	    ret = krb5_copy_principal(context->context, 
-				      ent.created_by.principal,
-				      &out->mod_name);
-	else
-	    out->mod_name = NULL;
-    }
-    if(ret)
-	goto out;
-
-    if(mask & KADM5_KVNO)
-	out->kvno = ent.kvno;
-    if(mask & KADM5_MKVNO) {
-	int n;
-	out->mkvno = 0; /* XXX */
-	for(n = 0; n < ent.keys.len; n++)
-	    if(ent.keys.val[n].mkvno) {
-		out->mkvno = *ent.keys.val[n].mkvno; /* XXX this isn't right */
-		break;
-	    }
-    }
-    if(mask & KADM5_AUX_ATTRIBUTES)
-	/* XXX implement */;
-    if(mask & KADM5_POLICY)
-	out->policy = NULL;
-    if(mask & KADM5_MAX_RLIFE) {
-	if(ent.max_renew)
-	    out->max_renewable_life = *ent.max_renew;
-	else
-	    out->max_renewable_life = INT_MAX;
-    }
-    if(mask & KADM5_LAST_SUCCESS)
-	/* XXX implement */;
-    if(mask & KADM5_LAST_FAILED)
-	/* XXX implement */;
-    if(mask & KADM5_FAIL_AUTH_COUNT)
-	/* XXX implement */;
-    if(mask & KADM5_KEY_DATA){
-	int i;
-	Key *key;
-	krb5_key_data *kd;
-	krb5_salt salt;
-	krb5_data *sp;
-	krb5_get_pw_salt(context->context, ent.principal, &salt);
-	out->key_data = malloc(ent.keys.len * sizeof(*out->key_data));
-	for(i = 0; i < ent.keys.len; i++){
-	    key = &ent.keys.val[i];
-	    kd = &out->key_data[i];
-	    kd->key_data_ver = 2;
-	    kd->key_data_kvno = ent.kvno;
-	    kd->key_data_type[0] = key->key.keytype;
-	    if(key->salt)
-		kd->key_data_type[1] = key->salt->type;
-	    else
-		kd->key_data_type[1] = KRB5_PADATA_PW_SALT;
-	    /* setup key */
-	    kd->key_data_length[0] = key->key.keyvalue.length;
-	    kd->key_data_contents[0] = malloc(kd->key_data_length[0]);
-	    if(kd->key_data_contents[0] == NULL){
-		ret = ENOMEM;
-		break;
-	    }
-	    memcpy(kd->key_data_contents[0], key->key.keyvalue.data, 
-		   kd->key_data_length[0]);
-	    /* setup salt */
-	    if(key->salt)
-		sp = &key->salt->salt;
-	    else
-		sp = &salt.saltvalue;
-	    kd->key_data_length[1] = sp->length;
-	    kd->key_data_contents[1] = malloc(kd->key_data_length[1]);
-	    if(kd->key_data_length[1] != 0
-	       && kd->key_data_contents[1] == NULL) {
-		memset(kd->key_data_contents[0], 0, kd->key_data_length[0]);
-		ret = ENOMEM;
-		break;
-	    }
-	    memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]);
-	    out->n_key_data = i + 1;
-	}
-	krb5_free_salt(context->context, salt);
-    }
-    if(ret){
-	kadm5_free_principal_ent(context, out);
-	goto out;
-    }
-    if(mask & KADM5_TL_DATA)
-	/* XXX implement */;
-out:
-    hdb_free_entry(context->context, &ent);
-
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c
deleted file mode 100644
index 0ed1df199271..000000000000
--- a/crypto/heimdal/lib/kadm5/init_c.c
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-RCSID("$Id: init_c.c,v 1.45 2003/04/01 15:06:41 lha Exp $");
-
-static void
-set_funcs(kadm5_client_context *c)
-{
-#define SET(C, F) (C)->funcs.F = kadm5 ## _c_ ## F
-    SET(c, chpass_principal);
-    SET(c, chpass_principal_with_key);
-    SET(c, create_principal);
-    SET(c, delete_principal);
-    SET(c, destroy);
-    SET(c, flush);
-    SET(c, get_principal);
-    SET(c, get_principals);
-    SET(c, get_privs);
-    SET(c, modify_principal);
-    SET(c, randkey_principal);
-    SET(c, rename_principal);
-}
-
-kadm5_ret_t
-_kadm5_c_init_context(kadm5_client_context **ctx, 
-		      kadm5_config_params *params,
-		      krb5_context context)
-{
-    krb5_error_code ret;
-    char *colon;
-
-    *ctx = malloc(sizeof(**ctx));
-    if(*ctx == NULL)
-	return ENOMEM;
-    memset(*ctx, 0, sizeof(**ctx));
-    krb5_add_et_list (context, initialize_kadm5_error_table_r);
-    set_funcs(*ctx);
-    (*ctx)->context = context;
-    if(params->mask & KADM5_CONFIG_REALM)
-	(*ctx)->realm = strdup(params->realm);
-    else
-	krb5_get_default_realm((*ctx)->context, &(*ctx)->realm);
-    if(params->mask & KADM5_CONFIG_ADMIN_SERVER)
-	(*ctx)->admin_server = strdup(params->admin_server);
-    else {
-	char **hostlist;
-
-	ret = krb5_get_krb_admin_hst (context, &(*ctx)->realm, &hostlist);
-	if (ret)
-	    return ret;
-	(*ctx)->admin_server = strdup(*hostlist);
-	krb5_free_krbhst (context, hostlist);
-    }
-
-    if ((*ctx)->admin_server == NULL)
-	return ENOMEM;
-    colon = strchr ((*ctx)->admin_server, ':');
-    if (colon != NULL)
-	*colon++ = '\0';
-
-    (*ctx)->kadmind_port = 0;
-
-    if(params->mask & KADM5_CONFIG_KADMIND_PORT)
-	(*ctx)->kadmind_port = params->kadmind_port;
-    else if (colon != NULL) {
-	char *end;
-
-	(*ctx)->kadmind_port = htons(strtol (colon, &end, 0));
-    }
-    if ((*ctx)->kadmind_port == 0)
-	(*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", 
-						   "tcp", 749);
-    return 0;
-}
-
-static krb5_error_code
-get_kadm_ticket(krb5_context context,
-		krb5_ccache id,
-		krb5_principal client,
-		const char *server_name)
-{
-    krb5_error_code ret;
-    krb5_creds in, *out;
-    
-    memset(&in, 0, sizeof(in));
-    in.client = client;
-    ret = krb5_parse_name(context, server_name, &in.server);
-    if(ret) 
-	return ret;
-    ret = krb5_get_credentials(context, 0, id, &in, &out);
-    if(ret == 0)
-	krb5_free_creds(context, out);
-    krb5_free_principal(context, in.server);
-    return ret;
-}
-
-static krb5_error_code
-get_new_cache(krb5_context context,
-	      krb5_principal client,
-	      const char *password,
-	      krb5_prompter_fct prompter,
-	      const char *keytab,
-	      const char *server_name,
-	      krb5_ccache *ret_cache)
-{
-    krb5_error_code ret;
-    krb5_creds cred;
-    krb5_get_init_creds_opt opt;
-    krb5_ccache id;
-    
-    krb5_get_init_creds_opt_init (&opt);
-
-    krb5_get_init_creds_opt_set_default_flags(context, "kadmin", 
-					      krb5_principal_get_realm(context, 
-								       client), 
-					      &opt);
-
-
-    krb5_get_init_creds_opt_set_forwardable (&opt, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (&opt, FALSE);
-
-    if(password == NULL && prompter == NULL) {
-	krb5_keytab kt;
-	if(keytab == NULL)
-	    ret = krb5_kt_default(context, &kt);
-	else
-	    ret = krb5_kt_resolve(context, keytab, &kt);
-	if(ret) 
-	    return ret;
-	ret = krb5_get_init_creds_keytab (context,
-					  &cred,
-					  client,
-					  kt,
-					  0,
-					  server_name,
-					  &opt);
-	krb5_kt_close(context, kt);
-    } else {
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    client,
-					    password,
-					    prompter,
-					    NULL,
-					    0,
-					    server_name,
-					    &opt);
-    }
-    switch(ret){
-    case 0:
-	break;
-    case KRB5_LIBOS_PWDINTR:	/* don't print anything if it was just C-c:ed */
-    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-    case KRB5KRB_AP_ERR_MODIFIED:
-	return KADM5_BAD_PASSWORD;
-    default:
-	return ret;
-    }
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
-    if(ret)
-	return ret;
-    ret = krb5_cc_initialize (context, id, cred.client);
-    if (ret)
-	return ret;
-    ret = krb5_cc_store_cred (context, id, &cred);
-    if (ret)
-	return ret;
-    krb5_free_creds_contents (context, &cred);
-    *ret_cache = id;
-    return 0;
-}
-
-static krb5_error_code
-get_cred_cache(krb5_context context,
-	       const char *client_name,
-	       const char *server_name,
-	       const char *password,
-	       krb5_prompter_fct prompter,
-	       const char *keytab,
-	       krb5_ccache ccache,
-	       krb5_ccache *ret_cache)
-{
-    krb5_error_code ret;
-    krb5_ccache id = NULL;
-    krb5_principal default_client = NULL, client = NULL;
-    
-    /* treat empty password as NULL */
-    if(password && *password == '\0')
-	password = NULL;
-    if(server_name == NULL)
-	server_name = KADM5_ADMIN_SERVICE;
-    
-    if(client_name != NULL) {
-	ret = krb5_parse_name(context, client_name, &client);
-	if(ret) 
-	    return ret;
-    }
-
-    if(password != NULL || prompter != NULL) {
-	/* get principal from default cache, ok if this doesn't work */
-	ret = krb5_cc_default(context, &id);
-	if(ret == 0) {
-	    ret = krb5_cc_get_principal(context, id, &default_client);
-	    if(ret) {
-		krb5_cc_close(context, id);
-		id = NULL;
-	    } else {
-		const char *name, *inst;
-		krb5_principal tmp;
-		name = krb5_principal_get_comp_string(context, 
-						      default_client, 0);
-		inst = krb5_principal_get_comp_string(context, 
-						      default_client, 1);
-		if(inst == NULL || strcmp(inst, "admin") != 0) {
-		    ret = krb5_make_principal(context, &tmp, NULL, 
-					      name, "admin", NULL);
-		    if(ret != 0) {
-			krb5_free_principal(context, default_client);
-			krb5_cc_close(context, id);
-			return ret;
-		    }
-		    krb5_free_principal(context, default_client);
-		    default_client = tmp;
-		    krb5_cc_close(context, id);
-		    id = NULL;
-		}
-	    }
-	}
-
-	if (client != NULL) {
-	    /* A client was specified by the caller. */
-	    if (default_client != NULL) {
-		krb5_free_principal(context, default_client);
-		default_client = NULL;
-	    }
-	}
-	else if (default_client != NULL)
-	    /* No client was specified by the caller, but we have a
-	     * client from the default credentials cache.
-	     */
-	    client = default_client;
-	else {
-	    /* No client was specified by the caller and we cannot determine
-	     * the client from a credentials cache.
-	     */
-	    const char *user;
-
-	    user = get_default_username ();
-
-	    if(user == NULL)
-		return KADM5_FAILURE;
-	    ret = krb5_make_principal(context, &client, 
-				      NULL, user, "admin", NULL);
-	    if(ret)
-		return ret;
-	    if (id != NULL) {
-		krb5_cc_close(context, id);
-		id = NULL;
-	    }
-	}
-    } else if(ccache != NULL)
-	id = ccache;
-    
-    if(id && (default_client == NULL || 
-	      krb5_principal_compare(context, client, default_client))) {
-	ret = get_kadm_ticket(context, id, client, server_name);
-	if(ret == 0) {
-	    *ret_cache = id;
-	    krb5_free_principal(context, default_client);
-	    if (default_client != client)
-		krb5_free_principal(context, client);
-	    return 0;
-	}
-	if(ccache != NULL)
-	    /* couldn't get ticket from cache */
-	    return -1;
-    }
-    /* get creds via AS request */
-    if(id)
-	krb5_cc_close(context, id);
-    if (client != default_client)
-	krb5_free_principal(context, default_client);
-
-    ret = get_new_cache(context, client, password, prompter, keytab, 
-			server_name, ret_cache);
-    krb5_free_principal(context, client);
-    return ret;
-}
-
-static kadm5_ret_t
-kadm_connect(kadm5_client_context *ctx)
-{
-    kadm5_ret_t ret;
-    krb5_principal server;
-    krb5_ccache cc;
-    int s;
-    struct addrinfo *ai, *a;
-    struct addrinfo hints;
-    int error;
-    char portstr[NI_MAXSERV];
-    char *hostname, *slash;
-    char *service_name;
-    krb5_context context = ctx->context;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    
-    snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port));
-
-    hostname = ctx->admin_server;
-    slash = strchr (hostname, '/');
-    if (slash != NULL)
-	hostname = slash + 1;
-
-    error = getaddrinfo (hostname, portstr, &hints, &ai);
-    if (error) 
-	return KADM5_BAD_SERVER_NAME;
-    
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    krb5_warn (context, errno, "connect(%s)", hostname);
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	krb5_warnx (context, "failed to contact %s", hostname);
-	return KADM5_FAILURE;
-    }
-    ret = get_cred_cache(context, ctx->client_name, ctx->service_name, 
-			 NULL, ctx->prompter, ctx->keytab, 
-			 ctx->ccache, &cc);
-    
-    if(ret) {
-	freeaddrinfo (ai);
-	close(s);
-	return ret;
-    }
-
-    if (ctx->realm)
-	asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm);
-    else
-	asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE);
-
-    if (service_name == NULL) {
-	freeaddrinfo (ai);
-	close(s);
-	return ENOMEM;
-    }
-
-    ret = krb5_parse_name(context, service_name, &server);
-    free(service_name);
-    if(ret) {
-	freeaddrinfo (ai);
-	if(ctx->ccache == NULL)
-	    krb5_cc_close(context, cc);
-	close(s);
-	return ret;
-    }
-    ctx->ac = NULL;
-
-    ret = krb5_sendauth(context, &ctx->ac, &s, 
-			KADMIN_APPL_VERSION, NULL, 
-			server, AP_OPTS_MUTUAL_REQUIRED, 
-			NULL, NULL, cc, NULL, NULL, NULL);
-    if(ret == 0) {
-	krb5_data params;
-	kadm5_config_params p;
-	memset(&p, 0, sizeof(p));
-	if(ctx->realm) {
-	    p.mask |= KADM5_CONFIG_REALM;
-	    p.realm = ctx->realm;
-	}
-	ret = _kadm5_marshal_params(context, &p, &params);
-	
-	ret = krb5_write_priv_message(context, ctx->ac, &s, &params);
-	krb5_data_free(&params);
-	if(ret) {
-	    freeaddrinfo (ai);
-	    close(s);
-	    if(ctx->ccache == NULL)
-		krb5_cc_close(context, cc);
-	    return ret;
-	}
-    } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) {
-	close(s);
-
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0) {
-	    freeaddrinfo (ai);
-	    return errno;
-	}
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    freeaddrinfo (ai);
-	    return errno;
-	}
-	ret = krb5_sendauth(context, &ctx->ac, &s, 
-			    KADMIN_OLD_APPL_VERSION, NULL, 
-			    server, AP_OPTS_MUTUAL_REQUIRED, 
-			    NULL, NULL, cc, NULL, NULL, NULL);
-    }
-    freeaddrinfo (ai);
-    if(ret) {
-	close(s);
-	return ret;
-    }
-    
-    krb5_free_principal(context, server);
-    if(ctx->ccache == NULL)
-	krb5_cc_close(context, cc);
-    if(ret) {
-	close(s);
-	return ret;
-    }
-    ctx->sock = s;
-    
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_connect(void *handle)
-{
-    kadm5_client_context *ctx = handle;
-    if(ctx->sock == -1)
-	return kadm_connect(ctx);
-    return 0;
-}
-
-static kadm5_ret_t 
-kadm5_c_init_with_context(krb5_context context,
-			  const char *client_name, 
-			  const char *password,
-			  krb5_prompter_fct prompter,
-			  const char *keytab,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_client_context *ctx;
-    krb5_ccache cc;
-
-    ret = _kadm5_c_init_context(&ctx, realm_params, context);
-    if(ret)
-	return ret;
-
-    if(password != NULL && *password != '\0') {
-	ret = get_cred_cache(context, client_name, service_name, 
-			     password, prompter, keytab, ccache, &cc);
-	if(ret)
-	    return ret; /* XXX */
-	ccache = cc;
-    }
-    
-
-    if (client_name != NULL)
-	ctx->client_name = strdup(client_name);
-    else
-	ctx->client_name = NULL;
-    if (service_name != NULL)
-	ctx->service_name = strdup(service_name);
-    else
-	ctx->service_name = NULL;
-    ctx->prompter = prompter;
-    ctx->keytab = keytab;
-    ctx->ccache = ccache;
-    /* maybe we should copy the params here */
-    ctx->sock = -1;
-    
-    *server_handle = ctx;
-    return 0;
-}
-
-static kadm5_ret_t 
-init_context(const char *client_name, 
-	     const char *password,
-	     krb5_prompter_fct prompter,
-	     const char *keytab,
-	     krb5_ccache ccache,
-	     const char *service_name,
-	     kadm5_config_params *realm_params,
-	     unsigned long struct_version,
-	     unsigned long api_version,
-	     void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-    
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_c_init_with_context(context,
-				    client_name,
-				    password,
-				    prompter,
-				    keytab,
-				    ccache,
-				    service_name,
-				    realm_params,
-				    struct_version,
-				    api_version,
-				    server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_password_ctx(krb5_context context,
-			       const char *client_name, 
-			       const char *password,
-			       const char *service_name,
-			       kadm5_config_params *realm_params,
-			       unsigned long struct_version,
-			       unsigned long api_version,
-			       void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     password,
-				     krb5_prompter_posix,
-				     NULL,
-				     NULL,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_password(const char *client_name, 
-			   const char *password,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return init_context(client_name, 
-			password, 
-			krb5_prompter_posix,
-			NULL,
-			NULL,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_skey_ctx(krb5_context context,
-			   const char *client_name, 
-			   const char *keytab,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     NULL,
-				     NULL,
-				     keytab,
-				     NULL,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-
-kadm5_ret_t 
-kadm5_c_init_with_skey(const char *client_name, 
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return init_context(client_name, 
-			NULL,
-			NULL,
-			keytab,
-			NULL,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_creds_ctx(krb5_context context,
-			    const char *client_name,
-			    krb5_ccache ccache,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    return kadm5_c_init_with_context(context,
-				     client_name,
-				     NULL,
-				     NULL,
-				     NULL,
-				     ccache,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_c_init_with_creds(const char *client_name,
-			krb5_ccache ccache,
-			const char *service_name,
-			kadm5_config_params *realm_params,
-			unsigned long struct_version,
-			unsigned long api_version,
-			void **server_handle)
-{
-    return init_context(client_name, 
-			NULL,
-			NULL,
-			NULL,
-			ccache,
-			service_name, 
-			realm_params, 
-			struct_version, 
-			api_version, 
-			server_handle);
-}
-
-#if 0
-kadm5_ret_t 
-kadm5_init(char *client_name, char *pass,
-	   char *service_name,
-	   kadm5_config_params *realm_params,
-	   unsigned long struct_version,
-	   unsigned long api_version,
-	   void **server_handle)
-{
-}
-#endif
-
diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c
deleted file mode 100644
index bf5d036d8f7a..000000000000
--- a/crypto/heimdal/lib/kadm5/init_s.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: init_s.c,v 1.10 2000/12/31 08:01:16 assar Exp $");
-
-
-static kadm5_ret_t 
-kadm5_s_init_with_context(krb5_context context,
-			  const char *client_name, 
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-    ret = _kadm5_s_init_context(&ctx, realm_params, context);
-    if(ret)
-	return ret;
-
-    assert(ctx->config.dbname != NULL);
-    assert(ctx->config.stash_file != NULL);
-    assert(ctx->config.acl_file != NULL);
-    assert(ctx->log_context.log_file != NULL);
-    assert(ctx->log_context.socket_name.sun_path[0] != '\0');
-
-    ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname);
-    if(ret)
-	return ret;
-    ret = hdb_set_master_keyfile (ctx->context, 
-				  ctx->db, ctx->config.stash_file);
-    if(ret)
-	return ret;
-
-    ctx->log_context.log_fd   = -1;
-
-    ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0);
-
-    ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
-    if(ret)
-	return ret;
-
-    ret = _kadm5_acl_init(ctx);
-    if(ret)
-	return ret;
-    
-    *server_handle = ctx;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_password_ctx(krb5_context context,
-			       const char *client_name, 
-			       const char *password,
-			       const char *service_name,
-			       kadm5_config_params *realm_params,
-			       unsigned long struct_version,
-			       unsigned long api_version,
-			       void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_password(const char *client_name, 
-			   const char *password,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_password_ctx(context, 
-					 client_name, 
-					 password, 
-					 service_name, 
-					 realm_params, 
-					 struct_version, 
-					 api_version, 
-					 server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_skey_ctx(krb5_context context,
-			   const char *client_name, 
-			   const char *keytab,
-			   const char *service_name,
-			   kadm5_config_params *realm_params,
-			   unsigned long struct_version,
-			   unsigned long api_version,
-			   void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_skey(const char *client_name,
-		       const char *keytab,
-		       const char *service_name,
-		       kadm5_config_params *realm_params,
-		       unsigned long struct_version,
-		       unsigned long api_version,
-		       void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_skey_ctx(context, 
-				     client_name, 
-				     keytab, 
-				     service_name, 
-				     realm_params, 
-				     struct_version, 
-				     api_version, 
-				     server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_creds_ctx(krb5_context context,
-			    const char *client_name,
-			    krb5_ccache ccache,
-			    const char *service_name,
-			    kadm5_config_params *realm_params,
-			    unsigned long struct_version,
-			    unsigned long api_version,
-			    void **server_handle)
-{
-    return kadm5_s_init_with_context(context,
-				     client_name,
-				     service_name,
-				     realm_params,
-				     struct_version,
-				     api_version,
-				     server_handle);
-}
-
-kadm5_ret_t 
-kadm5_s_init_with_creds(const char *client_name,
-			krb5_ccache ccache,
-			const char *service_name,
-			kadm5_config_params *realm_params,
-			unsigned long struct_version,
-			unsigned long api_version,
-			void **server_handle)
-{
-    krb5_context context;
-    kadm5_ret_t ret;
-    kadm5_server_context *ctx;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	return ret;
-    ret = kadm5_s_init_with_creds_ctx(context, 
-				      client_name, 
-				      ccache, 
-				      service_name, 
-				      realm_params, 
-				      struct_version, 
-				      api_version, 
-				      server_handle);
-    if(ret){
-	krb5_free_context(context);
-	return ret;
-    }
-    ctx = *server_handle;
-    ctx->my_context = 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h
deleted file mode 100644
index e02a9d604a38..000000000000
--- a/crypto/heimdal/lib/kadm5/iprop.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1998-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: iprop.h,v 1.7 2002/07/04 14:39:19 joda Exp $ */
-
-#ifndef __IPROP_H__
-#define __IPROP_H__
-
-#include "kadm5_locl.h"
-#include <krb5-private.h> /* _krb5_{get,put}_int */
-#include <getarg.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-#define IPROP_VERSION "iprop-0.0"
-
-#define KADM5_SLAVE_ACL HDB_DB_DIR "/slaves"
-
-#define KADM5_SLAVE_STATS HDB_DB_DIR "/slaves-stats"
-
-#define IPROP_NAME "iprop"
-
-#define IPROP_SERVICE "iprop"
-
-#define IPROP_PORT 2121
-
-enum iprop_cmd { I_HAVE = 1,
-		 FOR_YOU = 2,
-		 TELL_YOU_EVERYTHING = 3,
-		 ONE_PRINC = 4,
-		 NOW_YOU_HAVE = 5
-};
-
-#endif /* __IPROP_H__ */
diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c
deleted file mode 100644
index 537d40319561..000000000000
--- a/crypto/heimdal/lib/kadm5/ipropd_master.c
+++ /dev/null
@@ -1,638 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-#include <rtbl.h>
-
-RCSID("$Id: ipropd_master.c,v 1.29 2003/03/19 11:56:38 lha Exp $");
-
-static krb5_log_facility *log_facility;
-
-const char *slave_stats_file = KADM5_SLAVE_STATS;
-
-static int
-make_signal_socket (krb5_context context)
-{
-    struct sockaddr_un addr;
-    int fd;
-
-    fd = socket (AF_UNIX, SOCK_DGRAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_UNIX");
-    memset (&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    strlcpy (addr.sun_path, KADM5_LOG_SIGNAL, sizeof(addr.sun_path));
-    unlink (addr.sun_path);
-    if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "bind %s", addr.sun_path);
-    return fd;
-}
-
-static int
-make_listen_socket (krb5_context context)
-{
-    int fd;
-    int one = 1;
-    struct sockaddr_in addr;
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_INET");
-    setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    addr.sin_port   = krb5_getportbyname (context,
-					  IPROP_SERVICE, "tcp", IPROP_PORT);
-    if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "bind");
-    if (listen(fd, SOMAXCONN) < 0)
-	krb5_err (context, 1, errno, "listen");
-    return fd;
-}
-
-struct slave {
-    int fd;
-    struct sockaddr_in addr;
-    char *name;
-    krb5_auth_context ac;
-    u_int32_t version;
-    time_t seen;
-    unsigned long flags;
-#define SLAVE_F_DEAD	0x1
-    struct slave *next;
-};
-
-typedef struct slave slave;
-
-static int
-check_acl (krb5_context context, const char *name)
-{
-    FILE *fp;
-    char buf[256];
-    int ret = 1;
-
-    fp = fopen (KADM5_SLAVE_ACL, "r");
-    if (fp == NULL)
-	return 1;
-    while (fgets(buf, sizeof(buf), fp) != NULL) {
-	if (buf[strlen(buf) - 1 ] == '\n')
-	    buf[strlen(buf) - 1 ] = '\0';
-	if (strcmp (buf, name) == 0) {
-	    ret = 0;
-	    break;
-	}
-    }
-    fclose (fp);
-    return ret;
-}
-
-static void
-slave_seen(slave *s)
-{
-    s->seen = time(NULL);
-}
-
-static void
-slave_dead(slave *s)
-{
-    if (s->fd >= 0) {
-	close (s->fd);
-	s->fd = -1;
-    }
-    s->flags |= SLAVE_F_DEAD;
-    slave_seen(s);
-}
-
-static void
-remove_slave (krb5_context context, slave *s, slave **root)
-{
-    slave **p;
-
-    if (s->fd >= 0)
-	close (s->fd);
-    if (s->name)
-	free (s->name);
-    if (s->ac)
-	krb5_auth_con_free (context, s->ac);
-
-    for (p = root; *p; p = &(*p)->next)
-	if (*p == s) {
-	    *p = s->next;
-	    break;
-	}
-    free (s);
-}
-
-static void
-add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
-{
-    krb5_principal server;
-    krb5_error_code ret;
-    slave *s;
-    socklen_t addr_len;
-    krb5_ticket *ticket = NULL;
-    char hostname[128];
-
-    s = malloc(sizeof(*s));
-    if (s == NULL) {
-	krb5_warnx (context, "add_slave: no memory");
-	return;
-    }
-    s->name = NULL;
-    s->ac = NULL;
-
-    addr_len = sizeof(s->addr);
-    s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
-    if (s->fd < 0) {
-	krb5_warn (context, errno, "accept");
-	goto error;
-    }
-    gethostname(hostname, sizeof(hostname));
-    ret = krb5_sname_to_principal (context, hostname, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_sname_to_principal");
-	goto error;
-    }
-
-    ret = krb5_recvauth (context, &s->ac, &s->fd,
-			 IPROP_VERSION, server, 0, keytab, &ticket);
-    krb5_free_principal (context, server);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_recvauth");
-	goto error;
-    }
-    ret = krb5_unparse_name (context, ticket->client, &s->name);
-    if (ret) {
-	krb5_warn (context, ret, "krb5_unparse_name");
-	goto error;
-    }
-    if (check_acl (context, s->name)) {
-	krb5_warnx (context, "%s not in acl", s->name);
-	goto error;
-    }
-    krb5_free_ticket (context, ticket);
-    ticket = NULL;
-
-    {
-	slave *l = *root;
-
-	while (l) {
-	    if (strcmp(l->name, s->name) == 0)
-		break;
-	    l = l->next;
-	}
-	if (l) {
-	    if (l->flags & SLAVE_F_DEAD) {
-		remove_slave(context, l, root);
-	    } else {
-		krb5_warnx (context, "second connection from %s", s->name);
-		goto error;
-	    }
-	}
-    }
-
-    krb5_warnx (context, "connection from %s", s->name);
-
-    s->version = 0;
-    s->flags = 0;
-    slave_seen(s);
-    s->next = *root;
-    *root = s;
-    return;
-error:
-    remove_slave(context, s, root);
-}
-
-struct prop_context {
-    krb5_auth_context auth_context;
-    int fd;
-};
-
-static int
-prop_one (krb5_context context, HDB *db, hdb_entry *entry, void *v)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    struct slave *slave = (struct slave *)v;
-
-    ret = hdb_entry2value (context, entry, &data);
-    if (ret)
-	return ret;
-    ret = krb5_data_realloc (&data, data.length + 4);
-    if (ret) {
-	krb5_data_free (&data);
-	return ret;
-    }
-    memmove ((char *)data.data + 4, data.data, data.length - 4);
-    _krb5_put_int (data.data, ONE_PRINC, 4);
-
-    ret = krb5_write_priv_message (context, slave->ac, &slave->fd, &data);
-    krb5_data_free (&data);
-    return ret;
-}
-
-static int
-send_complete (krb5_context context, slave *s,
-	       const char *database, u_int32_t current_version)
-{
-    krb5_error_code ret;
-    HDB *db;
-    krb5_data data;
-    char buf[8];
-
-    ret = hdb_create (context, &db, database);
-    if (ret)
-	krb5_err (context, 1, ret, "hdb_create: %s", database);
-    ret = db->open (context, db, O_RDONLY, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    _krb5_put_int(buf, TELL_YOU_EVERYTHING, 4);
-
-    data.data   = buf;
-    data.length = 4;
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-
-    if (ret) {
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	slave_dead(s);
-	return ret;
-    }
-
-    ret = hdb_foreach (context, db, 0, prop_one, s);
-    if (ret) {
-	krb5_warn (context, ret, "hdb_foreach");
-	slave_dead(s);
-	return ret;
-    }
-
-    _krb5_put_int (buf, NOW_YOU_HAVE, 4);
-    _krb5_put_int (buf + 4, current_version, 4);
-    data.length = 8;
-
-    s->version = current_version;
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-    if (ret) {
-	slave_dead(s);
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	return ret;
-    }
-
-    slave_seen(s);
-
-    return 0;
-}
-
-static int
-send_diffs (krb5_context context, slave *s, int log_fd,
-	    const char *database, u_int32_t current_version)
-{
-    krb5_storage *sp;
-    u_int32_t ver;
-    time_t timestamp;
-    enum kadm_ops op;
-    u_int32_t len;
-    off_t right, left;
-    krb5_data data;
-    int ret = 0;
-
-    if (s->version == current_version)
-	return 0;
-
-    if (s->flags & SLAVE_F_DEAD)
-	return 0;
-
-    sp = kadm5_log_goto_end (log_fd);
-    right = krb5_storage_seek(sp, 0, SEEK_CUR);
-    for (;;) {
-	if (kadm5_log_previous (sp, &ver, &timestamp, &op, &len))
-	    abort ();
-	left = krb5_storage_seek(sp, -16, SEEK_CUR);
-	if (ver == s->version)
-	    return 0;
-	if (ver == s->version + 1)
-	    break;
-	if (left == 0)
-	    return send_complete (context, s, database, current_version);
-    }
-    krb5_data_alloc (&data, right - left + 4);
-    krb5_storage_read (sp, (char *)data.data + 4, data.length - 4);
-    krb5_storage_free(sp);
-
-    _krb5_put_int(data.data, FOR_YOU, 4);
-
-    ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
-    krb5_data_free(&data);
-
-    if (ret) {
-	krb5_warn (context, ret, "krb5_write_priv_message");
-	slave_dead(s);
-	return 1;
-    }
-    slave_seen(s);
-
-    return 0;
-}
-
-static int
-process_msg (krb5_context context, slave *s, int log_fd,
-	     const char *database, u_int32_t current_version)
-{
-    int ret = 0;
-    krb5_data out;
-    krb5_storage *sp;
-    int32_t tmp;
-
-    ret = krb5_read_priv_message(context, s->ac, &s->fd, &out);
-    if(ret) {
-	krb5_warn (context, ret, "error reading message from %s", s->name);
-	return 1;
-    }
-
-    sp = krb5_storage_from_mem (out.data, out.length);
-    krb5_ret_int32 (sp, &tmp);
-    switch (tmp) {
-    case I_HAVE :
-	krb5_ret_int32 (sp, &tmp);
-	s->version = tmp;
-	ret = send_diffs (context, s, log_fd, database, current_version);
-	break;
-    case FOR_YOU :
-    default :
-	krb5_warnx (context, "Ignoring command %d", tmp);
-	break;
-    }
-
-    krb5_data_free (&out);
-
-    slave_seen(s);
-
-    return ret;
-}
-
-#define SLAVE_NAME	"Name"
-#define SLAVE_ADDRESS	"Address"
-#define SLAVE_VERSION	"Version"
-#define SLAVE_STATUS	"Status"
-#define SLAVE_SEEN	"Last Seen"
-
-static void
-write_stats(krb5_context context, slave *slaves, u_int32_t current_version)
-{
-    char str[100];
-    rtbl_t tbl;
-    time_t t = time(NULL);
-    FILE *fp;
-
-    fp = fopen(slave_stats_file, "w");
-    if (fp == NULL)
-	return;
-
-    strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S",
-	     localtime(&t));
-    fprintf(fp, "Status for slaves, last updated: %s\n\n", str);
-
-    fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version);
-
-    tbl = rtbl_create();
-    if (tbl == NULL) {
-	fclose(fp);
-	return;
-    }
-
-    rtbl_add_column(tbl, SLAVE_NAME, 0);
-    rtbl_add_column(tbl, SLAVE_ADDRESS, 0);
-    rtbl_add_column(tbl, SLAVE_VERSION, RTBL_ALIGN_RIGHT);
-    rtbl_add_column(tbl, SLAVE_STATUS, 0);
-    rtbl_add_column(tbl, SLAVE_SEEN, 0);
-
-    rtbl_set_prefix(tbl, "  ");
-    rtbl_set_column_prefix(tbl, SLAVE_NAME, "");
-
-    while (slaves) {
-	krb5_address addr;
-	krb5_error_code ret;
-	rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name);
-	ret = krb5_sockaddr2address (context, 
-				     (struct sockaddr*)&slaves->addr, &addr);
-	if(ret == 0) {
-	    krb5_print_address(&addr, str, sizeof(str), NULL);
-	    krb5_free_address(context, &addr);
-	    rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str);
-	} else
-	    rtbl_add_column_entry(tbl, SLAVE_ADDRESS, "<unknown>");
-	
-	snprintf(str, sizeof(str), "%u", (unsigned)slaves->version);
-	rtbl_add_column_entry(tbl, SLAVE_VERSION, str);
-
-	if (slaves->flags & SLAVE_F_DEAD)
-	    rtbl_add_column_entry(tbl, SLAVE_STATUS, "Down");
-	else
-	    rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up");
-
-	if (strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S %Z", 
-		     localtime(&slaves->seen)) == 0)
-	    strlcpy(str, "Unknown time", sizeof(str));
-	rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
-
-	slaves = slaves->next;
-    }
-
-    rtbl_format(tbl, fp);
-    rtbl_destroy(tbl);
-
-    fclose(fp);
-}
-
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-static char *keytab_str = "HDB:";
-static char *database;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "keytab", 'k', arg_string, &keytab_str,
-      "keytab to get authentication from", "kspec" },
-    { "database", 'd', arg_string, &database, "database", "file"},
-    { "slave-stats-file", 0, arg_string, &slave_stats_file, "file"},
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-    int signal_fd, listen_fd;
-    int log_fd;
-    slave *slaves = NULL;
-    u_int32_t current_version, old_version = 0;
-    krb5_keytab keytab;
-    int optind;
-    
-    optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    pidfile (NULL);
-    krb5_openlog (context, "ipropd-master", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str);
-    
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_skey_ctx (context,
-				    KADM5_ADMIN_SERVICE,
-				    NULL,
-				    KADM5_ADMIN_SERVICE,
-				    &conf, 0, 0, 
-				    &kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    log_fd = open (server_context->log_context.log_file, O_RDONLY, 0);
-    if (log_fd < 0)
-	krb5_err (context, 1, errno, "open %s",
-		  server_context->log_context.log_file);
-
-    signal_fd = make_signal_socket (context);
-    listen_fd = make_listen_socket (context);
-
-    signal (SIGPIPE, SIG_IGN);
-
-    for (;;) {
-	slave *p;
-	fd_set readset;
-	int max_fd = 0;
-	struct timeval to = {30, 0};
-	u_int32_t vers;
-
-	if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE)
-	    krb5_errx (context, 1, "fd too large");
-
-	FD_ZERO(&readset);
-	FD_SET(signal_fd, &readset);
-	max_fd = max(max_fd, signal_fd);
-	FD_SET(listen_fd, &readset);
-	max_fd = max(max_fd, listen_fd);
-
-	for (p = slaves; p != NULL; p = p->next) {
-	    if (p->flags & SLAVE_F_DEAD)
-		continue;
-	    FD_SET(p->fd, &readset);
-	    max_fd = max(max_fd, p->fd);
-	}
-
-	ret = select (max_fd + 1,
-		      &readset, NULL, NULL, &to);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		krb5_err (context, 1, errno, "select");
-	}
-
-	if (ret == 0) {
-	    old_version = current_version;
-	    kadm5_log_get_version_fd (log_fd, &current_version);
-
-	    if (current_version > old_version)
-		for (p = slaves; p != NULL; p = p->next) {
-		    if (p->flags & SLAVE_F_DEAD)
-			continue;
-		    send_diffs (context, p, log_fd, database, current_version);
-		}
-	}
-
-	if (ret && FD_ISSET(signal_fd, &readset)) {
-	    struct sockaddr_un peer_addr;
-	    socklen_t peer_len = sizeof(peer_addr);
-
-	    if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0,
-			(struct sockaddr *)&peer_addr, &peer_len) < 0) {
-		krb5_warn (context, errno, "recvfrom");
-		continue;
-	    }
-	    --ret;
-	    old_version = current_version;
-	    kadm5_log_get_version_fd (log_fd, &current_version);
-	    for (p = slaves; p != NULL; p = p->next)
-		send_diffs (context, p, log_fd, database, current_version);
-	}
-
-	for(p = slaves; ret && p != NULL; p = p->next) {
-	    if (p->flags & SLAVE_F_DEAD)
-		continue;
-	    if (FD_ISSET(p->fd, &readset)) {
-		--ret;
-		if(process_msg (context, p, log_fd, database, current_version))
-		    slave_dead(p);
-	    }
-	}
-
-	if (ret && FD_ISSET(listen_fd, &readset)) {
-	    add_slave (context, keytab, &slaves, listen_fd);
-	    --ret;
-	}
-	write_stats(context, slaves, current_version);
-    }
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c
deleted file mode 100644
index f8846c00e4d0..000000000000
--- a/crypto/heimdal/lib/kadm5/ipropd_slave.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: ipropd_slave.c,v 1.27 2002/10/21 15:51:44 joda Exp $");
-
-static krb5_log_facility *log_facility;
-
-static int
-connect_to_master (krb5_context context, const char *master)
-{
-    int fd;
-    struct sockaddr_in addr;
-    struct hostent *he;
-
-    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
-	krb5_err (context, 1, errno, "socket AF_INET");
-    memset (&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
-    addr.sin_port   = krb5_getportbyname (context,
-					  IPROP_SERVICE, "tcp", IPROP_PORT);
-    he = roken_gethostbyname (master);
-    if (he == NULL)
-	krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
-    memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr));
-    if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
-	krb5_err (context, 1, errno, "connect");
-    return fd;
-}
-
-static void
-get_creds(krb5_context context, const char *keytab_str,
-	  krb5_ccache *cache, const char *host)
-{
-    krb5_keytab keytab;
-    krb5_principal client;
-    krb5_error_code ret;
-    krb5_get_init_creds_opt init_opts;
-    krb5_creds creds;
-    char *server;
-    char keytab_buf[256];
-    
-    if (keytab_str == NULL) {
-	ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_kt_default_name");
-	keytab_str = keytab_buf;
-    }
-
-    ret = krb5_kt_resolve(context, keytab_str, &keytab);
-    if(ret)
-	krb5_err(context, 1, ret, "%s", keytab_str);
-    
-    ret = krb5_sname_to_principal (context, NULL, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &client);
-    if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
-
-    krb5_get_init_creds_opt_init(&init_opts);
-
-    asprintf (&server, "%s/%s", IPROP_NAME, host);
-    if (server == NULL)
-	krb5_errx (context, 1, "malloc: no memory");
-
-    ret = krb5_get_init_creds_keytab(context, &creds, client, keytab,
-				     0, server, &init_opts);
-    free (server);
-    if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
-    
-    ret = krb5_kt_close(context, keytab);
-    if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
-    
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
-
-    ret = krb5_cc_initialize(context, *cache, client);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
-
-    ret = krb5_cc_store_cred(context, *cache, &creds);
-    if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
-}
-
-static void
-ihave (krb5_context context, krb5_auth_context auth_context,
-       int fd, u_int32_t version)
-{
-    int ret;
-    u_char buf[8];
-    krb5_storage *sp;
-    krb5_data data, priv_data;
-
-    sp = krb5_storage_from_mem (buf, 8);
-    krb5_store_int32 (sp, I_HAVE);
-    krb5_store_int32 (sp, version);
-    krb5_storage_free (sp);
-    data.length = 8;
-    data.data   = buf;
-    
-    ret = krb5_mk_priv (context, auth_context, &data, &priv_data, NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb_mk_priv");
-
-    ret = krb5_write_message (context, &fd, &priv_data);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_write_message");
-
-    krb5_data_free (&priv_data);
-}
-
-static void
-receive_loop (krb5_context context,
-	      krb5_storage *sp,
-	      kadm5_server_context *server_context)
-{
-    int ret;
-    off_t left, right;
-    void *buf;
-    int32_t vers;
-
-    do {
-	int32_t len, timestamp, tmp;
-	enum kadm_ops op;
-
-	if(krb5_ret_int32 (sp, &vers) != 0)
-	    return;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &tmp);
-	op = tmp;
-	krb5_ret_int32 (sp, &len);
-	if (vers <= server_context->log_context.version)
-	    krb5_storage_seek(sp, len, SEEK_CUR);
-    } while(vers <= server_context->log_context.version);
-
-    left  = krb5_storage_seek (sp, -16, SEEK_CUR);
-    right = krb5_storage_seek (sp, 0, SEEK_END);
-    buf = malloc (right - left);
-    if (buf == NULL && (right - left) != 0) {
-	krb5_warnx (context, "malloc: no memory");
-	return;
-    }
-    krb5_storage_seek (sp, left, SEEK_SET);
-    krb5_storage_read (sp, buf, right - left);
-    write (server_context->log_context.log_fd, buf, right-left);
-    fsync (server_context->log_context.log_fd);
-    free (buf);
-
-    krb5_storage_seek (sp, left, SEEK_SET);
-
-    for(;;) {
-	int32_t len, timestamp, tmp;
-	enum kadm_ops op;
-
-	if(krb5_ret_int32 (sp, &vers) != 0)
-	    break;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &tmp);
-	op = tmp;
-	krb5_ret_int32 (sp, &len);
-
-	ret = kadm5_log_replay (server_context,
-				op, vers, len, sp);
-	if (ret)
-	    krb5_warn (context, ret, "kadm5_log_replay");
-	else
-	    server_context->log_context.version = vers;
-	krb5_storage_seek (sp, 8, SEEK_CUR);
-    }
-}
-
-static void
-receive (krb5_context context,
-	 krb5_storage *sp,
-	 kadm5_server_context *server_context)
-{
-    int ret;
-
-    ret = server_context->db->open(context,
-				   server_context->db,
-				   O_RDWR | O_CREAT, 0600);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    receive_loop (context, sp, server_context);
-
-    ret = server_context->db->close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-}
-
-static void
-receive_everything (krb5_context context, int fd,
-		    kadm5_server_context *server_context,
-		    krb5_auth_context auth_context)
-{
-    int ret;
-    krb5_data data;
-    int32_t vno;
-    int32_t opcode;
-    unsigned long tmp;
-
-    char *dbname;
-    HDB *mydb;
-  
-    asprintf(&dbname, "%s-NEW", server_context->db->name);
-    ret = hdb_create(context, &mydb, dbname);
-    if(ret)
-	krb5_err(context,1, ret, "hdb_create");
-    free(dbname);
- 
-    ret = hdb_set_master_keyfile (context,
-				  mydb, server_context->config.stash_file);
-    if(ret)
-	krb5_err(context,1, ret, "hdb_set_master_keyfile");
- 
-    /* I really want to use O_EXCL here, but given that I can't easily clean
-       up on error, I won't */
-    ret = mydb->open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
-
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    do {
-	krb5_storage *sp;
-
-	ret = krb5_read_priv_message(context, auth_context, &fd, &data);
-
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_priv_message");
-
-	sp = krb5_storage_from_data (&data);
-	krb5_ret_int32 (sp, &opcode);
-	if (opcode == ONE_PRINC) {
-	    krb5_data fake_data;
-	    hdb_entry entry;
-
-	    fake_data.data   = (char *)data.data + 4;
-	    fake_data.length = data.length - 4;
-
-	    ret = hdb_value2entry (context, &fake_data, &entry);
-	    if (ret)
-		krb5_err (context, 1, ret, "hdb_value2entry");
-	    ret = mydb->store(server_context->context,
-			      mydb,
-			      0, &entry);
-	    if (ret)
-		krb5_err (context, 1, ret, "hdb_store");
-
-	    hdb_free_entry (context, &entry);
-	    krb5_data_free (&data);
-	}
-    } while (opcode == ONE_PRINC);
-
-    if (opcode != NOW_YOU_HAVE)
-	krb5_errx (context, 1, "receive_everything: strange %d", opcode);
-
-    _krb5_get_int ((char *)data.data + 4, &tmp, 4);
-    vno = tmp;
-
-    ret = kadm5_log_reinit (server_context);
-    if (ret)
-	krb5_err(context, 1, ret, "kadm5_log_reinit");
-
-    ret = kadm5_log_set_version (server_context, vno - 1);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_set_version");
-
-    ret = kadm5_log_nop (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_nop");
-
-    krb5_data_free (&data);
-
-    ret = mydb->close (context, mydb);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-    ret = mydb->rename (context, mydb, server_context->db->name);
-    if (ret)
-	krb5_err (context, 1, ret, "db->rename");
-    ret = mydb->destroy (context, mydb);
-    if (ret)
-	krb5_err (context, 1, ret, "db->destroy");
-}
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-static char *keytab_str;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "keytab", 'k', arg_string, &keytab_str,
-      "keytab to get authentication from", "kspec" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage (int code, struct getargs *args, int num_args)
-{
-    arg_printusage (args, num_args, NULL, "master");
-    exit (code);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    krb5_auth_context auth_context;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-    int master_fd;
-    krb5_ccache ccache;
-    krb5_principal server;
-
-    int optind;
-    const char *master;
-    
-    optind = krb5_program_setup(&context, argc, argv, args, num_args, usage);
-    
-    if(help_flag)
-	usage (0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 1)
-	usage (1, args, num_args);
-
-    master = argv[0];
-
-    pidfile (NULL);
-    krb5_openlog (context, "ipropd-slave", &log_facility);
-    krb5_set_warn_dest(context, log_facility);
-
-    ret = krb5_kt_register(context, &hdb_kt_ops);
-    if(ret)
-	krb5_err(context, 1, ret, "krb5_kt_register");
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    get_creds(context, keytab_str, &ccache, master);
-
-    master_fd = connect_to_master (context, master);
-
-    ret = krb5_sname_to_principal (context, master, IPROP_NAME,
-				   KRB5_NT_SRV_HST, &server);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_sname_to_principal");
-
-    auth_context = NULL;
-    ret = krb5_sendauth (context, &auth_context, &master_fd,
-			 IPROP_VERSION, NULL, server,
-			 AP_OPTS_MUTUAL_REQUIRED, NULL, NULL,
-			 ccache, NULL, NULL, NULL);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_sendauth");
-
-    ihave (context, auth_context, master_fd,
-	   server_context->log_context.version);
-
-    for (;;) {
-	int ret;
-	krb5_data out;
-	krb5_storage *sp;
-	int32_t tmp;
-
-	ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
-
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_read_priv_message");
-
-	sp = krb5_storage_from_mem (out.data, out.length);
-	krb5_ret_int32 (sp, &tmp);
-	switch (tmp) {
-	case FOR_YOU :
-	    receive (context, sp, server_context);
-	    ihave (context, auth_context, master_fd,
-		   server_context->log_context.version);
-	    break;
-	case TELL_YOU_EVERYTHING :
-	    receive_everything (context, master_fd, server_context,
-				auth_context);
-	    break;
-	case NOW_YOU_HAVE :
-	case I_HAVE :
-	case ONE_PRINC :
-	default :
-	    krb5_warnx (context, "Ignoring command %d", tmp);
-	    break;
-	}
-	krb5_storage_free (sp);
-	krb5_data_free (&out);
-    }
-    
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/kadm5-private.h b/crypto/heimdal/lib/kadm5/kadm5-private.h
deleted file mode 100644
index 63e579f99c97..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5-private.h
+++ /dev/null
@@ -1,522 +0,0 @@
-/* This is a generated file */
-#ifndef __kadm5_private_h__
-#define __kadm5_private_h__
-
-#include <stdarg.h>
-
-kadm5_ret_t
-_kadm5_acl_check_permission (
-	kadm5_server_context */*context*/,
-	unsigned /*op*/,
-	krb5_const_principal /*princ*/);
-
-kadm5_ret_t
-_kadm5_acl_init (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-_kadm5_bump_pw_expire (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-_kadm5_c_init_context (
-	kadm5_client_context **/*ctx*/,
-	kadm5_config_params */*params*/,
-	krb5_context /*context*/);
-
-kadm5_ret_t
-_kadm5_client_recv (
-	kadm5_client_context */*context*/,
-	krb5_data */*reply*/);
-
-kadm5_ret_t
-_kadm5_client_send (
-	kadm5_client_context */*context*/,
-	krb5_storage */*sp*/);
-
-int
-_kadm5_cmp_keys (
-	Key */*keys1*/,
-	int /*len1*/,
-	Key */*keys2*/,
-	int /*len2*/);
-
-kadm5_ret_t
-_kadm5_connect (void */*handle*/);
-
-kadm5_ret_t
-_kadm5_error_code (kadm5_ret_t /*code*/);
-
-void
-_kadm5_free_keys (
-	kadm5_server_context */*context*/,
-	int /*len*/,
-	Key */*keys*/);
-
-void
-_kadm5_init_keys (
-	Key */*keys*/,
-	int /*len*/);
-
-kadm5_ret_t
-_kadm5_marshal_params (
-	krb5_context /*context*/,
-	kadm5_config_params */*params*/,
-	krb5_data */*out*/);
-
-kadm5_ret_t
-_kadm5_privs_to_string (
-	u_int32_t /*privs*/,
-	char */*string*/,
-	size_t /*len*/);
-
-HDB *
-_kadm5_s_get_db (void */*server_handle*/);
-
-kadm5_ret_t
-_kadm5_s_init_context (
-	kadm5_server_context **/*ctx*/,
-	kadm5_config_params */*params*/,
-	krb5_context /*context*/);
-
-kadm5_ret_t
-_kadm5_set_keys (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	const char */*password*/);
-
-kadm5_ret_t
-_kadm5_set_keys2 (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	int16_t /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-_kadm5_set_keys3 (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	int /*n_keys*/,
-	krb5_keyblock */*keyblocks*/);
-
-kadm5_ret_t
-_kadm5_set_keys_randomly (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-_kadm5_set_modifier (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-_kadm5_setup_entry (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	u_int32_t /*mask*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*princ_mask*/,
-	kadm5_principal_ent_t /*def*/,
-	u_int32_t /*def_mask*/);
-
-kadm5_ret_t
-_kadm5_string_to_privs (
-	const char */*s*/,
-	u_int32_t* /*privs*/);
-
-kadm5_ret_t
-_kadm5_unmarshal_params (
-	krb5_context /*context*/,
-	krb5_data */*in*/,
-	kadm5_config_params */*params*/);
-
-kadm5_ret_t
-kadm5_c_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_c_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_c_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_c_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_c_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_flush (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_c_get_principals (
-	void */*server_handle*/,
-	const char */*exp*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_c_get_privs (
-	void */*server_handle*/,
-	u_int32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_c_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_c_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_c_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_c_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-kadm5_ret_t
-kadm5_log_create (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-kadm5_log_delete (
-	kadm5_server_context */*context*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_log_end (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_foreach (
-	kadm5_server_context */*context*/,
-	void (*/*func*/)(kadm5_server_context *server_context, u_int32_t ver, time_t timestamp, enum kadm_ops op, u_int32_t len, krb5_storage *sp));
-
-kadm5_ret_t
-kadm5_log_get_version (
-	kadm5_server_context */*context*/,
-	u_int32_t */*ver*/);
-
-kadm5_ret_t
-kadm5_log_get_version_fd (
-	int /*fd*/,
-	u_int32_t */*ver*/);
-
-krb5_storage *
-kadm5_log_goto_end (int /*fd*/);
-
-kadm5_ret_t
-kadm5_log_init (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_modify (
-	kadm5_server_context */*context*/,
-	hdb_entry */*ent*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_log_nop (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_previous (
-	krb5_storage */*sp*/,
-	u_int32_t */*ver*/,
-	time_t */*timestamp*/,
-	enum kadm_ops */*op*/,
-	u_int32_t */*len*/);
-
-kadm5_ret_t
-kadm5_log_reinit (kadm5_server_context */*context*/);
-
-kadm5_ret_t
-kadm5_log_rename (
-	kadm5_server_context */*context*/,
-	krb5_principal /*source*/,
-	hdb_entry */*ent*/);
-
-kadm5_ret_t
-kadm5_log_replay (
-	kadm5_server_context */*context*/,
-	enum kadm_ops /*op*/,
-	u_int32_t /*ver*/,
-	u_int32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_replay_create (
-	kadm5_server_context */*context*/,
-	u_int32_t /*ver*/,
-	u_int32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_replay_delete (
-	kadm5_server_context */*context*/,
-	u_int32_t /*ver*/,
-	u_int32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_replay_modify (
-	kadm5_server_context */*context*/,
-	u_int32_t /*ver*/,
-	u_int32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_replay_nop (
-	kadm5_server_context */*context*/,
-	u_int32_t /*ver*/,
-	u_int32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_replay_rename (
-	kadm5_server_context */*context*/,
-	u_int32_t /*ver*/,
-	u_int32_t /*len*/,
-	krb5_storage */*sp*/);
-
-kadm5_ret_t
-kadm5_log_set_version (
-	kadm5_server_context */*context*/,
-	u_int32_t /*vno*/);
-
-kadm5_ret_t
-kadm5_log_truncate (kadm5_server_context */*server_context*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal_cond (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_s_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_s_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_s_create_principal_with_key (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_s_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_flush (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_get_principals (
-	void */*server_handle*/,
-	const char */*exp*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_s_get_privs (
-	void */*server_handle*/,
-	u_int32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_s_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_s_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_s_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_s_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-#endif /* __kadm5_private_h__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5-protos.h b/crypto/heimdal/lib/kadm5/kadm5-protos.h
deleted file mode 100644
index c0a0cce7a0ca..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5-protos.h
+++ /dev/null
@@ -1,210 +0,0 @@
-/* This is a generated file */
-#ifndef __kadm5_protos_h__
-#define __kadm5_protos_h__
-
-#include <stdarg.h>
-
-const char *
-kadm5_check_password_quality (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_data */*pwd_data*/);
-
-kadm5_ret_t
-kadm5_chpass_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_chpass_principal_with_key (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	int /*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-kadm5_ret_t
-kadm5_create_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/,
-	char */*password*/);
-
-kadm5_ret_t
-kadm5_delete_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/);
-
-kadm5_ret_t
-kadm5_destroy (void */*server_handle*/);
-
-kadm5_ret_t
-kadm5_flush (void */*server_handle*/);
-
-void
-kadm5_free_key_data (
-	void */*server_handle*/,
-	int16_t */*n_key_data*/,
-	krb5_key_data */*key_data*/);
-
-void
-kadm5_free_name_list (
-	void */*server_handle*/,
-	char **/*names*/,
-	int */*count*/);
-
-void
-kadm5_free_principal_ent (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_get_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	kadm5_principal_ent_t /*out*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_get_principals (
-	void */*server_handle*/,
-	const char */*exp*/,
-	char ***/*princs*/,
-	int */*count*/);
-
-kadm5_ret_t
-kadm5_get_privs (
-	void */*server_handle*/,
-	u_int32_t */*privs*/);
-
-kadm5_ret_t
-kadm5_init_with_creds (
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	krb5_ccache /*ccache*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_password (
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_password_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*password*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_skey (
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx (
-	krb5_context /*context*/,
-	const char */*client_name*/,
-	const char */*keytab*/,
-	const char */*service_name*/,
-	kadm5_config_params */*realm_params*/,
-	unsigned long /*struct_version*/,
-	unsigned long /*api_version*/,
-	void **/*server_handle*/);
-
-kadm5_ret_t
-kadm5_modify_principal (
-	void */*server_handle*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_randkey_principal (
-	void */*server_handle*/,
-	krb5_principal /*princ*/,
-	krb5_keyblock **/*new_keys*/,
-	int */*n_keys*/);
-
-kadm5_ret_t
-kadm5_rename_principal (
-	void */*server_handle*/,
-	krb5_principal /*source*/,
-	krb5_principal /*target*/);
-
-kadm5_ret_t
-kadm5_ret_key_data (
-	krb5_storage */*sp*/,
-	krb5_key_data */*key*/);
-
-kadm5_ret_t
-kadm5_ret_principal_ent (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_ret_principal_ent_mask (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t */*mask*/);
-
-kadm5_ret_t
-kadm5_ret_tl_data (
-	krb5_storage */*sp*/,
-	krb5_tl_data */*tl*/);
-
-void
-kadm5_setup_passwd_quality_check (
-	krb5_context /*context*/,
-	const char */*check_library*/,
-	const char */*check_function*/);
-
-kadm5_ret_t
-kadm5_store_key_data (
-	krb5_storage */*sp*/,
-	krb5_key_data */*key*/);
-
-kadm5_ret_t
-kadm5_store_principal_ent (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/);
-
-kadm5_ret_t
-kadm5_store_principal_ent_mask (
-	krb5_storage */*sp*/,
-	kadm5_principal_ent_t /*princ*/,
-	u_int32_t /*mask*/);
-
-kadm5_ret_t
-kadm5_store_tl_data (
-	krb5_storage */*sp*/,
-	krb5_tl_data */*tl*/);
-
-#endif /* __kadm5_protos_h__ */
diff --git a/crypto/heimdal/lib/kadm5/kadm5_err.et b/crypto/heimdal/lib/kadm5/kadm5_err.et
deleted file mode 100644
index 674fbe73ba20..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5_err.et
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Error messages for the kadm5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: kadm5_err.et,v 1.5 2001/12/06 17:02:55 assar Exp $"
-
-error_table ovk kadm5
-
-prefix KADM5
-error_code FAILURE,		"Operation failed for unspecified reason"
-error_code AUTH_GET,		"Operation requires `get' privilege"
-error_code AUTH_ADD,		"Operation requires `add' privilege"
-error_code AUTH_MODIFY,		"Operation requires `modify' privilege"
-error_code AUTH_DELETE,		"Operation requires `delete' privilege"
-error_code AUTH_INSUFFICIENT,	"Insufficient authorization for operation"
-error_code BAD_DB,		"Database inconsistency detected"
-error_code DUP,			"Principal or policy already exists"
-error_code RPC_ERROR,		"Communication failure with server"
-error_code NO_SRV,		"No administration server found for realm"
-error_code BAD_HIST_KEY,	"Password history principal key version mismatch"
-error_code NOT_INIT,		"Connection to server not initialized"
-error_code UNK_PRINC,		"Principal does not exist"
-error_code UNK_POLICY,		"Policy does not exist"
-error_code BAD_MASK,		"Invalid field mask for operation"
-error_code BAD_CLASS,		"Invalid number of character classes"
-error_code BAD_LENGTH,		"Invalid password length"
-error_code BAD_POLICY,		"Invalid policy name"
-error_code BAD_PRINCIPAL,	"Invalid principal name."
-error_code BAD_AUX_ATTR,	"Invalid auxillary attributes"
-error_code BAD_HISTORY,		"Invalid password history count"
-error_code BAD_MIN_PASS_LIFE,	"Password minimum life is greater than password maximum life"
-error_code PASS_Q_TOOSHORT,	"Password is too short"
-error_code PASS_Q_CLASS,	"Password does not contain enough character classes"
-error_code PASS_Q_DICT,		"Password is in the password dictionary"
-error_code PASS_REUSE,		"Can't resuse password"
-error_code PASS_TOOSOON,	"Current password's minimum life has not expired"
-error_code POLICY_REF,		"Policy is in use"
-error_code INIT,		"Connection to server already initialized"
-error_code BAD_PASSWORD,	"Incorrect password"
-error_code PROTECT_PRINCIPAL,	"Can't change protected principal"
-error_code BAD_SERVER_HANDLE,	"Programmer error!  Bad Admin server handle"
-error_code BAD_STRUCT_VERSION,	"Programmer error!  Bad API structure version"
-error_code OLD_STRUCT_VERSION,	"API structure version specified by application is no longer supported"
-error_code NEW_STRUCT_VERSION,	"API structure version specified by application is unknown to libraries"
-error_code BAD_API_VERSION,	"Programmer error!  Bad API version"
-error_code OLD_LIB_API_VERSION,	"API version specified by application is no longer supported by libraries"
-error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server"
-error_code NEW_LIB_API_VERSION,	"API version specified by application is unknown to libraries"
-error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server"
-error_code SECURE_PRINC_MISSING,"Database error! Required principal missing"
-error_code NO_RENAME_SALT,	"The salt type of the specified principal does not support renaming"
-error_code BAD_CLIENT_PARAMS,	"Invalid configuration parameter for remote KADM5 client"
-error_code BAD_SERVER_PARAMS,	"Invalid configuration parameter for local KADM5 client."
-error_code AUTH_LIST,		"Operation requires `list' privilege"
-error_code AUTH_CHANGEPW,	"Operation requires `change-password' privilege"
-error_code BAD_TL_TYPE,		"Programmer error!  Invalid tagged data list element type"
-error_code MISSING_CONF_PARAMS,	"Required parameters in kdc.conf missing"
-error_code BAD_SERVER_NAME,	"Bad krb5 admin server hostname"
diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h
deleted file mode 100644
index 6f634ed8c02b..000000000000
--- a/crypto/heimdal/lib/kadm5/kadm5_locl.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: kadm5_locl.h,v 1.23 2000/07/08 11:57:40 assar Exp $ */
-
-#ifndef __KADM5_LOCL_H__
-#define __KADM5_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <limits.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <fnmatch.h>
-#include "admin.h"
-#include "kadm5_err.h"
-#include <hdb.h>
-#include <der.h>
-#include <roken.h>
-#include <parse_units.h>
-#include "private.h"
-
-#endif /* __KADM5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kadm5/keys.c b/crypto/heimdal/lib/kadm5/keys.c
deleted file mode 100644
index 3ae21abb4761..000000000000
--- a/crypto/heimdal/lib/kadm5/keys.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: keys.c,v 1.1 2000/07/22 05:53:02 assar Exp $");
-
-/*
- * free all the memory used by (len, keys)
- */
-
-void
-_kadm5_free_keys (kadm5_server_context *context,
-		  int len, Key *keys)
-{
-    int i;
-
-    for (i = 0; i < len; ++i) {
-	free (keys[i].mkvno);
-	keys[i].mkvno = NULL;
-	if (keys[i].salt != NULL) {
-	    free_Salt(keys[i].salt);
-	    free(keys[i].salt);
-	    keys[i].salt = NULL;
-	}
-	krb5_free_keyblock_contents(context->context, &keys[i].key);
-    }
-    free (keys);
-}
-
-/*
- * null-ify `len', `keys'
- */
-
-void
-_kadm5_init_keys (Key *keys, int len)
-{
-    int i;
-
-    for (i = 0; i < len; ++i) {
-	keys[i].mkvno               = NULL;
-	keys[i].salt                = NULL;
-	keys[i].key.keyvalue.length = 0;
-	keys[i].key.keyvalue.data   = NULL;
-    }
-}
-
-/*
- * return 0 iff `keys1, len1' and `keys2, len2' are identical
- */
-
-int
-_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2)
-{
-    int i;
-
-    if (len1 != len2)
-	return 1;
-
-    for (i = 0; i < len1; ++i) {
-	if ((keys1[i].salt != NULL && keys2[i].salt == NULL)
-	    || (keys1[i].salt == NULL && keys2[i].salt != NULL))
-	    return 1;
-	if (keys1[i].salt != NULL) {
-	    if (keys1[i].salt->type != keys2[i].salt->type)
-		return 1;
-	    if (keys1[i].salt->salt.length != keys2[i].salt->salt.length)
-		return 1;
-	    if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data,
-			keys1[i].salt->salt.length) != 0)
-		return 1;
-	}
-	if (keys1[i].key.keytype != keys2[i].key.keytype)
-	    return 1;
-	if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length)
-	    return 1;
-	if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data,
-		    keys1[i].key.keyvalue.length) != 0)
-	    return 1;
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c
deleted file mode 100644
index 8ea3ca9c8ab9..000000000000
--- a/crypto/heimdal/lib/kadm5/log.c
+++ /dev/null
@@ -1,813 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: log.c,v 1.20 2003/04/16 17:56:55 lha Exp $");
-
-/*
- * A log record consists of:
- *
- * version number		4 bytes
- * time in seconds		4 bytes
- * operation (enum kadm_ops)	4 bytes
- * length of record		4 bytes
- * data...			n bytes
- * length of record		4 bytes
- * version number		4 bytes
- *
- */
-
-kadm5_ret_t
-kadm5_log_get_version_fd (int fd,
-			  u_int32_t *ver)
-{
-    int ret;
-    krb5_storage *sp;
-    int32_t old_version;
-
-    ret = lseek (fd, 0, SEEK_END);
-    if(ret < 0)
-	return errno;
-    if(ret == 0) {
-	*ver = 0;
-	return 0;
-    }
-    sp = krb5_storage_from_fd (fd);
-    krb5_storage_seek(sp, -4, SEEK_CUR);
-    krb5_ret_int32 (sp, &old_version);
-    *ver = old_version;
-    krb5_storage_free(sp);
-    lseek (fd, 0, SEEK_END);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_get_version (kadm5_server_context *context, u_int32_t *ver)
-{
-    return kadm5_log_get_version_fd (context->log_context.log_fd, ver);
-}
-
-kadm5_ret_t
-kadm5_log_set_version (kadm5_server_context *context, u_int32_t vno)
-{
-    kadm5_log_context *log_context = &context->log_context;
-
-    log_context->version = vno;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_init (kadm5_server_context *context)
-{
-    int fd;
-    kadm5_ret_t ret;
-    kadm5_log_context *log_context = &context->log_context;
-
-    if (log_context->log_fd != -1)
-	return 0;
-    fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600);
-    if (fd < 0)
-	return errno;
-    if (flock (fd, LOCK_EX) < 0) {
-	close (fd);
-	return errno;
-    }
-
-    ret = kadm5_log_get_version_fd (fd, &log_context->version);
-    if (ret)
-	return ret;
-
-    log_context->log_fd  = fd;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_log_reinit (kadm5_server_context *context)
-{
-    int fd;
-    kadm5_log_context *log_context = &context->log_context;
-
-    if (log_context->log_fd != -1) {
-	close (log_context->log_fd);
-	log_context->log_fd = -1;
-    }
-    fd = open (log_context->log_file, O_RDWR | O_CREAT | O_TRUNC, 0600);
-    if (fd < 0)
-	return errno;
-    if (flock (fd, LOCK_EX) < 0) {
-	close (fd);
-	return errno;
-    }
-
-    log_context->version = 0;
-    log_context->log_fd  = fd;
-    return 0;
-}
-
-
-kadm5_ret_t
-kadm5_log_end (kadm5_server_context *context)
-{
-    kadm5_log_context *log_context = &context->log_context;
-    int fd = log_context->log_fd;
-
-    flock (fd, LOCK_UN);
-    close(fd);
-    log_context->log_fd = -1;
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_log_preamble (kadm5_server_context *context,
-		    krb5_storage *sp,
-		    enum kadm_ops op)
-{
-    kadm5_log_context *log_context = &context->log_context;
-    kadm5_ret_t kadm_ret;
-
-    kadm_ret = kadm5_log_init (context);
-    if (kadm_ret)
-	return kadm_ret;
-
-    krb5_store_int32 (sp, ++log_context->version);
-    krb5_store_int32 (sp, time(NULL));
-    krb5_store_int32 (sp, op);
-    return 0;
-}
-
-static kadm5_ret_t
-kadm5_log_postamble (kadm5_log_context *context,
-		     krb5_storage *sp)
-{
-    krb5_store_int32 (sp, context->version);
-    return 0;
-}
-
-/*
- * flush the log record in `sp'.
- */
-
-static kadm5_ret_t
-kadm5_log_flush (kadm5_log_context *log_context,
-		 krb5_storage *sp)
-{
-    krb5_data data;
-    size_t len;
-    int ret;
-
-    krb5_storage_to_data(sp, &data);
-    len = data.length;
-    ret = write (log_context->log_fd, data.data, len);
-    if (ret != len) {
-	krb5_data_free(&data);
-	return errno;
-    }
-    if (fsync (log_context->log_fd) < 0) {
-	krb5_data_free(&data);
-	return errno;
-    }
-    /*
-     * Try to send a signal to any running `ipropd-master'
-     */
-    sendto (log_context->socket_fd,
-	    (void *)&log_context->version,
-	    sizeof(log_context->version),
-	    0,
-	    (struct sockaddr *)&log_context->socket_name,
-	    sizeof(log_context->socket_name));
-
-    krb5_data_free(&data);
-    return 0;
-}
-
-/*
- * Add a `create' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_create (kadm5_server_context *context,
-		  hdb_entry *ent)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    krb5_data value;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-    ret = kadm5_log_preamble (context, sp, kadm_create);
-    if (ret) {
-	krb5_data_free (&value);
-	krb5_storage_free(sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, value.length);
-    krb5_storage_write(sp, value.data, value.length);
-    krb5_store_int32 (sp, value.length);
-    krb5_data_free (&value);
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read the data of a create log record from `sp' and change the
- * database.
- */
-
-kadm5_ret_t
-kadm5_log_replay_create (kadm5_server_context *context,
-			 u_int32_t ver,
-			 u_int32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    hdb_entry ent;
-
-    ret = krb5_data_alloc (&data, len);
-    if (ret)
-	return ret;
-    krb5_storage_read (sp, data.data, len);
-    ret = hdb_value2entry (context->context, &data, &ent);
-    krb5_data_free(&data);
-    if (ret)
-	return ret;
-    ret = context->db->store(context->context, context->db, 0, &ent);
-    hdb_free_entry (context->context, &ent);
-    return ret;
-}
-
-/*
- * Add a `delete' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_delete (kadm5_server_context *context,
-		  krb5_principal princ)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    off_t off;
-    off_t len;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = kadm5_log_preamble (context, sp, kadm_delete);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, 0);
-    off = krb5_storage_seek (sp, 0, SEEK_CUR);
-    krb5_store_principal (sp, princ);
-    len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
-    krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
-    krb5_store_int32 (sp, len);
-    krb5_storage_seek(sp, len, SEEK_CUR);
-    krb5_store_int32 (sp, len);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read a `delete' log operation from `sp' and apply it.
- */
-
-kadm5_ret_t
-kadm5_log_replay_delete (kadm5_server_context *context,
-			 u_int32_t ver,
-			 u_int32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    hdb_entry ent;
-
-    krb5_ret_principal (sp, &ent.principal);
-
-    ret = context->db->remove(context->context, context->db, &ent);
-    krb5_free_principal (context->context, ent.principal);
-    return ret;
-}
-
-/*
- * Add a `rename' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_rename (kadm5_server_context *context,
-		  krb5_principal source,
-		  hdb_entry *ent)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    off_t off;
-    off_t len;
-    krb5_data value;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-    ret = kadm5_log_preamble (context, sp, kadm_rename);
-    if (ret) {
-	krb5_storage_free(sp);
-	krb5_data_free (&value);
-	return ret;
-    }
-    krb5_store_int32 (sp, 0);
-    off = krb5_storage_seek (sp, 0, SEEK_CUR);
-    krb5_store_principal (sp, source);
-    krb5_storage_write(sp, value.data, value.length);
-    krb5_data_free (&value);
-    len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
-
-    krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
-    krb5_store_int32 (sp, len);
-    krb5_storage_seek(sp, len, SEEK_CUR);
-    krb5_store_int32 (sp, len);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read a `rename' log operation from `sp' and apply it.
- */
-
-kadm5_ret_t
-kadm5_log_replay_rename (kadm5_server_context *context,
-			 u_int32_t ver,
-			 u_int32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    krb5_principal source;
-    hdb_entry source_ent, target_ent;
-    krb5_data value;
-    off_t off;
-    size_t princ_len, data_len;
-
-    off = krb5_storage_seek(sp, 0, SEEK_CUR);
-    krb5_ret_principal (sp, &source);
-    princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
-    data_len = len - princ_len;
-    ret = krb5_data_alloc (&value, data_len);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    krb5_storage_read (sp, value.data, data_len);
-    ret = hdb_value2entry (context->context, &value, &target_ent);
-    krb5_data_free(&value);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    ret = context->db->store (context->context, context->db, 0, &target_ent);
-    hdb_free_entry (context->context, &target_ent);
-    if (ret) {
-	krb5_free_principal (context->context, source);
-	return ret;
-    }
-    source_ent.principal = source;
-    ret = context->db->remove (context->context, context->db, &source_ent);
-    krb5_free_principal (context->context, source);
-    return ret;
-}
-
-
-/*
- * Add a `modify' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_modify (kadm5_server_context *context,
-		  hdb_entry *ent,
-		  u_int32_t mask)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    krb5_data value;
-    u_int32_t len;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = hdb_entry2value (context->context, ent, &value);
-    if (ret) {
-	krb5_storage_free(sp);
-	return ret;
-    }
-    ret = kadm5_log_preamble (context, sp, kadm_modify);
-    if (ret) {
-	krb5_data_free (&value);
-	krb5_storage_free(sp);
-	return ret;
-    }
-    len = value.length + 4;
-    krb5_store_int32 (sp, len);
-    krb5_store_int32 (sp, mask);
-    krb5_storage_write (sp, value.data, value.length);
-    krb5_data_free (&value);
-    krb5_store_int32 (sp, len);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read a `modify' log operation from `sp' and apply it.
- */
-
-kadm5_ret_t
-kadm5_log_replay_modify (kadm5_server_context *context,
-			 u_int32_t ver,
-			 u_int32_t len,
-			 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    int32_t mask;
-    krb5_data value;
-    hdb_entry ent, log_ent;
-
-    krb5_ret_int32 (sp, &mask);
-    len -= 4;
-    ret = krb5_data_alloc (&value, len);
-    if (ret)
-	return ret;
-    krb5_storage_read (sp, value.data, len);
-    ret = hdb_value2entry (context->context, &value, &log_ent);
-    krb5_data_free(&value);
-    if (ret)
-	return ret;
-    ent.principal = log_ent.principal;
-    log_ent.principal = NULL;
-    ret = context->db->fetch(context->context, context->db, 
-			     HDB_F_DECRYPT, &ent);
-    if (ret)
-	return ret;
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (log_ent.valid_end == NULL) {
-	    ent.valid_end = NULL;
-	} else {
-	    if (ent.valid_end == NULL)
-		ent.valid_end = malloc(sizeof(*ent.valid_end));
-	    *ent.valid_end = *log_ent.valid_end;
-	}
-    }
-    if (mask & KADM5_PW_EXPIRATION) {
-	if (log_ent.pw_end == NULL) {
-	    ent.pw_end = NULL;
-	} else {
-	    if (ent.pw_end == NULL)
-		ent.pw_end = malloc(sizeof(*ent.pw_end));
-	    *ent.pw_end = *log_ent.pw_end;
-	}
-    }
-    if (mask & KADM5_LAST_PWD_CHANGE) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_ATTRIBUTES) {
-	ent.flags = log_ent.flags;
-    }
-    if (mask & KADM5_MAX_LIFE) {
-	if (log_ent.max_life == NULL) {
-	    ent.max_life = NULL;
-	} else {
-	    if (ent.max_life == NULL)
-		ent.max_life = malloc (sizeof(*ent.max_life));
-	    *ent.max_life = *log_ent.max_life;
-	}
-    }
-    if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
-	if (ent.modified_by == NULL) {
-	    ent.modified_by = malloc(sizeof(*ent.modified_by));
-	} else
-	    free_Event(ent.modified_by);
-	copy_Event(log_ent.modified_by, ent.modified_by);
-    }
-    if (mask & KADM5_KVNO) {
-	ent.kvno = log_ent.kvno;
-    }
-    if (mask & KADM5_MKVNO) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_POLICY) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_POLICY_CLR) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_MAX_RLIFE) {
-	if (log_ent.max_renew == NULL) {
-	    ent.max_renew = NULL;
-	} else {
-	    if (ent.max_renew == NULL)
-		ent.max_renew = malloc (sizeof(*ent.max_renew));
-	    *ent.max_renew = *log_ent.max_renew;
-	}
-    }
-    if (mask & KADM5_LAST_SUCCESS) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_LAST_FAILED) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_FAIL_AUTH_COUNT) {
-	abort ();		/* XXX */
-    }
-    if (mask & KADM5_KEY_DATA) {
-	size_t len;
-	int i;
-
-	for (i = 0; i < ent.keys.len; ++i)
-	    free_Key(&ent.keys.val[i]);
-	free (ent.keys.val);
-
-	len = log_ent.keys.len;
-
-	ent.keys.len = len;
-	ent.keys.val = malloc(len * sizeof(*ent.keys.val));
-	for (i = 0; i < ent.keys.len; ++i)
-	    copy_Key(&log_ent.keys.val[i],
-		     &ent.keys.val[i]);
-    }
-    ret = context->db->store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-    hdb_free_entry (context->context, &ent);
-    hdb_free_entry (context->context, &log_ent);
-    return ret;
-}
-
-/*
- * Add a `nop' operation to the log.
- */
-
-kadm5_ret_t
-kadm5_log_nop (kadm5_server_context *context)
-{
-    krb5_storage *sp;
-    kadm5_ret_t ret;
-    kadm5_log_context *log_context = &context->log_context;
-
-    sp = krb5_storage_emem();
-    ret = kadm5_log_preamble (context, sp, kadm_nop);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    krb5_store_int32 (sp, 0);
-    krb5_store_int32 (sp, 0);
-    ret = kadm5_log_postamble (log_context, sp);
-    if (ret) {
-	krb5_storage_free (sp);
-	return ret;
-    }
-    ret = kadm5_log_flush (log_context, sp);
-    krb5_storage_free (sp);
-    if (ret)
-	return ret;
-    ret = kadm5_log_end (context);
-    return ret;
-}
-
-/*
- * Read a `nop' log operation from `sp' and apply it.
- */
-
-kadm5_ret_t
-kadm5_log_replay_nop (kadm5_server_context *context,
-		      u_int32_t ver,
-		      u_int32_t len,
-		      krb5_storage *sp)
-{
-    return 0;
-}
-
-/*
- * Call `func' for each log record in the log in `context'
- */
-
-kadm5_ret_t
-kadm5_log_foreach (kadm5_server_context *context,
-		   void (*func)(kadm5_server_context *server_context,
-				u_int32_t ver,
-				time_t timestamp,
-				enum kadm_ops op,
-				u_int32_t len,
-				krb5_storage *sp))
-{
-    int fd = context->log_context.log_fd;
-    krb5_storage *sp;
-
-    lseek (fd, 0, SEEK_SET);
-    sp = krb5_storage_from_fd (fd);
-    for (;;) {
-	int32_t ver, timestamp, op, len;
-
-	if(krb5_ret_int32 (sp, &ver) != 0)
-	    break;
-	krb5_ret_int32 (sp, &timestamp);
-	krb5_ret_int32 (sp, &op);
-	krb5_ret_int32 (sp, &len);
-	(*func)(context, ver, timestamp, op, len, sp);
-	krb5_storage_seek(sp, 8, SEEK_CUR);
-    }
-    return 0;
-}
-
-/*
- * Go to end of log.
- */
-
-krb5_storage *
-kadm5_log_goto_end (int fd)
-{
-    krb5_storage *sp;
-
-    sp = krb5_storage_from_fd (fd);
-    krb5_storage_seek(sp, 0, SEEK_END);
-    return sp;
-}
-
-/*
- * Return previous log entry.
- */
-
-kadm5_ret_t
-kadm5_log_previous (krb5_storage *sp,
-		    u_int32_t *ver,
-		    time_t *timestamp,
-		    enum kadm_ops *op,
-		    u_int32_t *len)
-{
-    off_t off;
-    int32_t tmp;
-
-    krb5_storage_seek(sp, -8, SEEK_CUR);
-    krb5_ret_int32 (sp, &tmp);
-    *len = tmp;
-    krb5_ret_int32 (sp, &tmp);
-    *ver = tmp;
-    off = 24 + *len;
-    krb5_storage_seek(sp, -off, SEEK_CUR);
-    krb5_ret_int32 (sp, &tmp);
-    assert(tmp == *ver);
-    krb5_ret_int32 (sp, &tmp);
-    *timestamp = tmp;
-    krb5_ret_int32 (sp, &tmp);
-    *op = tmp;
-    krb5_ret_int32 (sp, &tmp);
-    assert(tmp == *len);
-    return 0;
-}
-
-/*
- * Replay a record from the log
- */
-
-kadm5_ret_t
-kadm5_log_replay (kadm5_server_context *context,
-		  enum kadm_ops op,
-		  u_int32_t ver,
-		  u_int32_t len,
-		  krb5_storage *sp)
-{
-    switch (op) {
-    case kadm_create :
-	return kadm5_log_replay_create (context, ver, len, sp);
-    case kadm_delete :
-	return kadm5_log_replay_delete (context, ver, len, sp);
-    case kadm_rename :
-	return kadm5_log_replay_rename (context, ver, len, sp);
-    case kadm_modify :
-	return kadm5_log_replay_modify (context, ver, len, sp);
-    case kadm_nop :
-	return kadm5_log_replay_nop (context, ver, len, sp);
-    default :
-	return KADM5_FAILURE;
-    }
-}
-
-/*
- * truncate the log - i.e. create an empty file with just (nop vno + 2)
- */
-
-kadm5_ret_t
-kadm5_log_truncate (kadm5_server_context *server_context)
-{
-    kadm5_ret_t ret;
-    u_int32_t vno;
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_get_version (server_context, &vno);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_reinit (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_set_version (server_context, vno + 1);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_nop (server_context);
-    if (ret)
-	return ret;
-
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	return ret;
-    return 0;
-
-}
diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c
deleted file mode 100644
index 98288376c4f4..000000000000
--- a/crypto/heimdal/lib/kadm5/marshall.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: marshall.c,v 1.6 1999/12/02 17:05:06 joda Exp $");
-
-kadm5_ret_t
-kadm5_store_key_data(krb5_storage *sp,
-		     krb5_key_data *key)
-{
-    krb5_data c;
-    krb5_store_int32(sp, key->key_data_ver);
-    krb5_store_int32(sp, key->key_data_kvno);
-    krb5_store_int32(sp, key->key_data_type[0]);
-    c.length = key->key_data_length[0];
-    c.data = key->key_data_contents[0];
-    krb5_store_data(sp, c);
-    krb5_store_int32(sp, key->key_data_type[1]);
-    c.length = key->key_data_length[1];
-    c.data = key->key_data_contents[1];
-    krb5_store_data(sp, c);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_key_data(krb5_storage *sp,
-		   krb5_key_data *key)
-{
-    krb5_data c;
-    int32_t tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_ver = tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_kvno = tmp;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_type[0] = tmp;
-    krb5_ret_data(sp, &c);
-    key->key_data_length[0] = c.length;
-    key->key_data_contents[0] = c.data;
-    krb5_ret_int32(sp, &tmp);
-    key->key_data_type[1] = tmp;
-    krb5_ret_data(sp, &c);
-    key->key_data_length[1] = c.length;
-    key->key_data_contents[1] = c.data;
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_store_tl_data(krb5_storage *sp,
-		    krb5_tl_data *tl)
-{
-    krb5_data c;
-    krb5_store_int32(sp, tl->tl_data_type);
-    c.length = tl->tl_data_length;
-    c.data = tl->tl_data_contents;
-    krb5_store_data(sp, c);
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_tl_data(krb5_storage *sp,
-		  krb5_tl_data *tl)
-{
-    krb5_data c;
-    int32_t tmp;
-    krb5_ret_int32(sp, &tmp);
-    tl->tl_data_type = tmp;
-    krb5_ret_data(sp, &c);
-    tl->tl_data_length = c.length;
-    tl->tl_data_contents = c.data;
-    return 0;
-}
-
-static kadm5_ret_t
-store_principal_ent(krb5_storage *sp,
-		    kadm5_principal_ent_t princ,
-		    u_int32_t mask)
-{
-    int i;
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_store_principal(sp, princ->principal);
-    if (mask & KADM5_PRINC_EXPIRE_TIME)
-	krb5_store_int32(sp, princ->princ_expire_time);
-    if (mask & KADM5_PW_EXPIRATION)
-	krb5_store_int32(sp, princ->pw_expiration);
-    if (mask & KADM5_LAST_PWD_CHANGE)
-	krb5_store_int32(sp, princ->last_pwd_change);
-    if (mask & KADM5_MAX_LIFE)
-	krb5_store_int32(sp, princ->max_life);
-    if (mask & KADM5_MOD_NAME) {
-	krb5_store_int32(sp, princ->mod_name != NULL);
-	if(princ->mod_name)
-	    krb5_store_principal(sp, princ->mod_name);
-    }
-    if (mask & KADM5_MOD_TIME)
-	krb5_store_int32(sp, princ->mod_date);
-    if (mask & KADM5_ATTRIBUTES)
-	krb5_store_int32(sp, princ->attributes);
-    if (mask & KADM5_KVNO)
-	krb5_store_int32(sp, princ->kvno);
-    if (mask & KADM5_MKVNO)
-	krb5_store_int32(sp, princ->mkvno);
-    if (mask & KADM5_POLICY) {
-	krb5_store_int32(sp, princ->policy != NULL);
-	if(princ->policy)
-	    krb5_store_string(sp, princ->policy);
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES)
-	krb5_store_int32(sp, princ->aux_attributes);
-    if (mask & KADM5_MAX_RLIFE)
-	krb5_store_int32(sp, princ->max_renewable_life);
-    if (mask & KADM5_LAST_SUCCESS)
-	krb5_store_int32(sp, princ->last_success);
-    if (mask & KADM5_LAST_FAILED)
-	krb5_store_int32(sp, princ->last_failed);
-    if (mask & KADM5_FAIL_AUTH_COUNT)
-	krb5_store_int32(sp, princ->fail_auth_count);
-    if (mask & KADM5_KEY_DATA) {
-	krb5_store_int32(sp, princ->n_key_data);
-	for(i = 0; i < princ->n_key_data; i++)
-	    kadm5_store_key_data(sp, &princ->key_data[i]);
-    }
-    if (mask & KADM5_TL_DATA) {
-	krb5_tl_data *tp;
-
-	krb5_store_int32(sp, princ->n_tl_data);
-	for(tp = princ->tl_data; tp; tp = tp->tl_data_next)
-	    kadm5_store_tl_data(sp, tp);
-    }
-    return 0;
-}
-
-
-kadm5_ret_t
-kadm5_store_principal_ent(krb5_storage *sp,
-			  kadm5_principal_ent_t princ)
-{
-    return store_principal_ent (sp, princ, ~0);
-}
-
-kadm5_ret_t
-kadm5_store_principal_ent_mask(krb5_storage *sp,
-			       kadm5_principal_ent_t princ,
-			       u_int32_t mask)
-{
-    krb5_store_int32(sp, mask);
-    return store_principal_ent (sp, princ, mask);
-}
-
-static kadm5_ret_t
-ret_principal_ent(krb5_storage *sp,
-		  kadm5_principal_ent_t princ,
-		  u_int32_t mask)
-{
-    int i;
-    int32_t tmp;
-
-    if (mask & KADM5_PRINCIPAL)
-	krb5_ret_principal(sp, &princ->principal);
-    
-    if (mask & KADM5_PRINC_EXPIRE_TIME) {
-	krb5_ret_int32(sp, &tmp);
-	princ->princ_expire_time = tmp;
-    }
-    if (mask & KADM5_PW_EXPIRATION) {
-	krb5_ret_int32(sp, &tmp);
-	princ->pw_expiration = tmp;
-    }
-    if (mask & KADM5_LAST_PWD_CHANGE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_pwd_change = tmp;
-    }
-    if (mask & KADM5_MAX_LIFE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->max_life = tmp;
-    }
-    if (mask & KADM5_MOD_NAME) {
-	krb5_ret_int32(sp, &tmp);
-	if(tmp)
-	    krb5_ret_principal(sp, &princ->mod_name);
-	else
-	    princ->mod_name = NULL;
-    }
-    if (mask & KADM5_MOD_TIME) {
-	krb5_ret_int32(sp, &tmp);
-	princ->mod_date = tmp;
-    }
-    if (mask & KADM5_ATTRIBUTES) {
-	krb5_ret_int32(sp, &tmp);
-	princ->attributes = tmp;
-    }
-    if (mask & KADM5_KVNO) {
-	krb5_ret_int32(sp, &tmp);
-	princ->kvno = tmp;
-    }
-    if (mask & KADM5_MKVNO) {
-	krb5_ret_int32(sp, &tmp);
-	princ->mkvno = tmp;
-    }
-    if (mask & KADM5_POLICY) {
-	krb5_ret_int32(sp, &tmp);
-	if(tmp)
-	    krb5_ret_string(sp, &princ->policy);
-	else
-	    princ->policy = NULL;
-    }
-    if (mask & KADM5_AUX_ATTRIBUTES) {
-	krb5_ret_int32(sp, &tmp);
-	princ->aux_attributes = tmp;
-    }
-    if (mask & KADM5_MAX_RLIFE) {
-	krb5_ret_int32(sp, &tmp);
-	princ->max_renewable_life = tmp;
-    }
-    if (mask & KADM5_LAST_SUCCESS) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_success = tmp;
-    }
-    if (mask & KADM5_LAST_FAILED) {
-	krb5_ret_int32(sp, &tmp);
-	princ->last_failed = tmp;
-    }
-    if (mask & KADM5_FAIL_AUTH_COUNT) {
-	krb5_ret_int32(sp, &tmp);
-	princ->fail_auth_count = tmp;
-    }
-    if (mask & KADM5_KEY_DATA) {
-	krb5_ret_int32(sp, &tmp);
-	princ->n_key_data = tmp;
-	princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data));
-	for(i = 0; i < princ->n_key_data; i++)
-	    kadm5_ret_key_data(sp, &princ->key_data[i]);
-    }
-    if (mask & KADM5_TL_DATA) {
-	krb5_ret_int32(sp, &tmp);
-	princ->n_tl_data = tmp;
-	princ->tl_data = NULL;
-	for(i = 0; i < princ->n_tl_data; i++){
-	    krb5_tl_data *tp = malloc(sizeof(*tp));
-	    kadm5_ret_tl_data(sp, tp);
-	    tp->tl_data_next = princ->tl_data;
-	    princ->tl_data = tp;
-	}
-    }
-    return 0;
-}
-
-kadm5_ret_t
-kadm5_ret_principal_ent(krb5_storage *sp,
-			kadm5_principal_ent_t princ)
-{
-    return ret_principal_ent (sp, princ, ~0);
-}
-
-kadm5_ret_t
-kadm5_ret_principal_ent_mask(krb5_storage *sp,
-			     kadm5_principal_ent_t princ,
-			     u_int32_t *mask)
-{
-    int32_t tmp;
-
-    krb5_ret_int32 (sp, &tmp);
-    *mask = tmp;
-    return ret_principal_ent (sp, princ, *mask);
-}
-
-kadm5_ret_t
-_kadm5_marshal_params(krb5_context context, 
-		      kadm5_config_params *params, 
-		      krb5_data *out)
-{
-    krb5_storage *sp = krb5_storage_emem();
-    
-    krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM));
-	
-    if(params->mask & KADM5_CONFIG_REALM)
-	krb5_store_string(sp, params->realm);
-    krb5_storage_to_data(sp, out);
-    krb5_storage_free(sp);
-
-    return 0;
-}
-
-kadm5_ret_t
-_kadm5_unmarshal_params(krb5_context context,
-			krb5_data *in,
-			kadm5_config_params *params)
-{
-    krb5_storage *sp = krb5_storage_from_data(in);
-    
-    krb5_ret_int32(sp, &params->mask);
-	
-    if(params->mask & KADM5_CONFIG_REALM)
-	krb5_ret_string(sp, &params->realm);
-    krb5_storage_free(sp);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c
deleted file mode 100644
index 8d8ca56bb268..000000000000
--- a/crypto/heimdal/lib/kadm5/modify_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: modify_c.c,v 1.4 2000/07/11 15:59:46 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_modify_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 u_int32_t mask)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_modify);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c
deleted file mode 100644
index 8c595a957bef..000000000000
--- a/crypto/heimdal/lib/kadm5/modify_s.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: modify_s.c,v 1.12 2001/01/30 01:24:28 assar Exp $");
-
-static kadm5_ret_t
-modify_principal(void *server_handle,
-		 kadm5_principal_ent_t princ, 
-		 u_int32_t mask,
-		 u_int32_t forbidden_mask)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry ent;
-    kadm5_ret_t ret;
-    if((mask & forbidden_mask))
-	return KADM5_BAD_MASK;
-    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
-	return KADM5_UNK_POLICY;
-    
-    ent.principal = princ->principal;
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->fetch(context->context, context->db, 0, &ent);
-    if(ret)
-	goto out;
-    ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
-    if(ret)
-	goto out2;
-    ret = _kadm5_set_modifier(context, &ent);
-    if(ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent,
-		      mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
-		      
-    ret = context->db->store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
-
-
-kadm5_ret_t
-kadm5_s_modify_principal(void *server_handle,
-			 kadm5_principal_ent_t princ, 
-			 u_int32_t mask)
-{
-    return modify_principal(server_handle, princ, mask, 
-			    KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME 
-			    | KADM5_MOD_NAME | KADM5_MKVNO 
-			    | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS
-			    | KADM5_LAST_FAILED);
-}
diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c
deleted file mode 100644
index bc1463fed9f7..000000000000
--- a/crypto/heimdal/lib/kadm5/password_quality.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (c) 1997-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: password_quality.c,v 1.4 2000/07/05 13:14:45 joda Exp $");
-
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-static const char *
-simple_passwd_quality (krb5_context context,
-		       krb5_principal principal,
-		       krb5_data *pwd)
-{
-    if (pwd->length < 6)
-	return "Password too short";
-    else
-	return NULL;
-}
-
-typedef const char* (*passwd_quality_check_func)(krb5_context, 
-						 krb5_principal, 
-						 krb5_data*);
-
-static passwd_quality_check_func passwd_quality_check = simple_passwd_quality;
-
-#ifdef HAVE_DLOPEN
-
-#define PASSWD_VERSION 0
-
-#endif
-
-/*
- * setup the password quality hook
- */
-
-void
-kadm5_setup_passwd_quality_check(krb5_context context,
-				 const char *check_library,
-				 const char *check_function)
-{
-#ifdef HAVE_DLOPEN
-    void *handle;
-    void *sym;
-    int *version;
-    int flags;
-    const char *tmp;
-
-#ifdef RTLD_NOW
-    flags = RTLD_NOW;
-#else
-    flags = 0;
-#endif
-
-    if(check_library == NULL) {
-	tmp = krb5_config_get_string(context, NULL, 
-				     "password_quality", 
-				     "check_library", 
-				     NULL);
-	if(tmp != NULL)
-	    check_library = tmp;
-    }
-    if(check_function == NULL) {
-	tmp = krb5_config_get_string(context, NULL, 
-				     "password_quality", 
-				     "check_function", 
-				     NULL);
-	if(tmp != NULL)
-	    check_function = tmp;
-    }
-    if(check_library != NULL && check_function == NULL)
-	check_function = "passwd_check";
-
-    if(check_library == NULL)
-	return;
-    handle = dlopen(check_library, flags);
-    if(handle == NULL) {
-	krb5_warnx(context, "failed to open `%s'", check_library);
-	return;
-    }
-    version = dlsym(handle, "version");
-    if(version == NULL) {
-	krb5_warnx(context,
-		   "didn't find `version' symbol in `%s'", check_library);
-	dlclose(handle);
-	return;
-    }
-    if(*version != PASSWD_VERSION) {
-	krb5_warnx(context,
-		   "version of loaded library is %d (expected %d)",
-		   *version, PASSWD_VERSION);
-	dlclose(handle);
-	return;
-    }
-    sym = dlsym(handle, check_function);
-    if(sym == NULL) {
-	krb5_warnx(context, 
-		   "didn't find `%s' symbol in `%s'", 
-		   check_function, check_library);
-	dlclose(handle);
-	return;
-    }
-    passwd_quality_check = (passwd_quality_check_func) sym;
-#endif /* HAVE_DLOPEN */
-}
-
-const char *
-kadm5_check_password_quality (krb5_context context,
-			      krb5_principal principal,
-			      krb5_data *pwd_data)
-{
-    return (*passwd_quality_check) (context, principal, pwd_data);
-}
diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h
deleted file mode 100644
index b09545fd6778..000000000000
--- a/crypto/heimdal/lib/kadm5/private.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 1997-2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: private.h,v 1.15 2002/08/16 20:57:44 joda Exp $ */
-
-#ifndef __kadm5_privatex_h__
-#define __kadm5_privatex_h__
-
-struct kadm_func {
-    kadm5_ret_t (*chpass_principal) (void *, krb5_principal, char*);
-    kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, 
-				     u_int32_t, char*);
-    kadm5_ret_t (*delete_principal) (void*, krb5_principal);
-    kadm5_ret_t (*destroy) (void*);
-    kadm5_ret_t (*flush) (void*);
-    kadm5_ret_t (*get_principal) (void*, krb5_principal, 
-				  kadm5_principal_ent_t, u_int32_t);
-    kadm5_ret_t (*get_principals) (void*, const char*, char***, int*);
-    kadm5_ret_t (*get_privs) (void*, u_int32_t*);
-    kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, u_int32_t);
-    kadm5_ret_t (*randkey_principal) (void*, krb5_principal, 
-				      krb5_keyblock**, int*);
-    kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
-    kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal,
-					      int, krb5_key_data *);
-};
-
-/* XXX should be integrated */
-typedef struct kadm5_common_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    void *data;
-}kadm5_common_context;
-
-typedef struct kadm5_log_peer {
-    int fd;
-    char *name;
-    krb5_auth_context ac;
-    struct kadm5_log_peer *next;
-} kadm5_log_peer;
-
-typedef struct kadm5_log_context {
-    char *log_file;
-    int log_fd;
-    u_int32_t version;
-    struct sockaddr_un socket_name;
-    int socket_fd;
-} kadm5_log_context;
-
-typedef struct kadm5_server_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    kadm5_config_params config;
-    HDB *db;
-    krb5_principal caller;
-    unsigned acl_flags;
-    kadm5_log_context log_context;
-} kadm5_server_context;
-
-typedef struct kadm5_client_context {
-    krb5_context context;
-    krb5_boolean my_context;
-    struct kadm_func funcs;
-    /* */
-    krb5_auth_context ac;
-    char *realm;
-    char *admin_server;
-    int kadmind_port;
-    int sock;
-    char *client_name;
-    char *service_name;
-    krb5_prompter_fct prompter;
-    const char *keytab;
-    krb5_ccache ccache;
-    kadm5_config_params *realm_params;
-}kadm5_client_context;
-
-enum kadm_ops {
-    kadm_get,
-    kadm_delete,
-    kadm_create,
-    kadm_rename,
-    kadm_chpass,
-    kadm_modify,
-    kadm_randkey,
-    kadm_get_privs,
-    kadm_get_princs,
-    kadm_chpass_with_key,
-    kadm_nop
-};
-
-#define KADMIN_APPL_VERSION "KADM0.1"
-#define KADMIN_OLD_APPL_VERSION "KADM0.0"
-
-#define KADM5_LOG_SIGNAL HDB_DB_DIR "/signal"
-
-#include "kadm5-private.h"
-
-#endif /* __kadm5_privatex_h__ */
diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c
deleted file mode 100644
index 83d293cfbf4e..000000000000
--- a/crypto/heimdal/lib/kadm5/privs_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: privs_c.c,v 1.4 2000/07/11 15:59:54 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_get_privs(void *server_handle, u_int32_t *privs)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_get_privs);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if(ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if (ret)
-	return ret;
-    sp = krb5_storage_from_data(&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0){
-	krb5_ret_int32(sp, &tmp);
-	*privs = tmp;
-    }
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/privs_s.c b/crypto/heimdal/lib/kadm5/privs_s.c
deleted file mode 100644
index 85cd5d597d00..000000000000
--- a/crypto/heimdal/lib/kadm5/privs_s.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: privs_s.c,v 1.2 1999/12/02 17:05:07 joda Exp $");
-
-kadm5_ret_t
-kadm5_s_get_privs(void *server_handle, u_int32_t *privs)
-{
-    kadm5_server_context *context = server_handle;
-    *privs = context->acl_flags;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c
deleted file mode 100644
index eedf697906dd..000000000000
--- a/crypto/heimdal/lib/kadm5/randkey_c.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: randkey_c.c,v 1.4 2000/07/11 16:00:02 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_randkey_principal(void *server_handle, 
-			  krb5_principal princ,
-			  krb5_keyblock **new_keys, 
-			  int *n_keys)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_randkey);
-    krb5_store_principal(sp, princ);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data(&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0){
-	krb5_keyblock *k;
-	int i;
-
-	krb5_ret_int32(sp, &tmp);
-	k = malloc(tmp * sizeof(*k));
-	if (k == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	for(i = 0; i < tmp; i++)
-	    krb5_ret_keyblock(sp, &k[i]);
-	*n_keys = tmp;
-	*new_keys = k;
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c
deleted file mode 100644
index 9780b111310f..000000000000
--- a/crypto/heimdal/lib/kadm5/randkey_s.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: randkey_s.c,v 1.13 2001/01/30 01:24:28 assar Exp $");
-
-/*
- * Set the keys of `princ' to random values, returning the random keys
- * in `new_keys', `n_keys'.
- */
-
-kadm5_ret_t
-kadm5_s_randkey_principal(void *server_handle, 
-			  krb5_principal princ,
-			  krb5_keyblock **new_keys, 
-			  int *n_keys)
-{
-    kadm5_server_context *context = server_handle;
-    hdb_entry ent;
-    kadm5_ret_t ret;
-
-    ent.principal = princ;
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->fetch(context->context, context->db, 0, &ent);
-    if(ret)
-	goto out;
-
-    ret = _kadm5_set_keys_randomly (context,
-				    &ent,
-				    new_keys,
-				    n_keys);
-    if (ret)
-	goto out2;
-
-    ret = _kadm5_set_modifier(context, &ent);
-    if(ret)
-	goto out3;
-    ret = _kadm5_bump_pw_expire(context, &ent);
-    if (ret)
-	goto out2;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret)
-	goto out2;
-
-    kadm5_log_modify (context,
-		      &ent,
-		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
-		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION);
-
-    ret = context->db->store(context->context, context->db, 
-			     HDB_F_REPLACE, &ent);
-out3:
-    if (ret) {
-	int i;
-
-	for (i = 0; i < *n_keys; ++i)
-	    krb5_free_keyblock_contents (context->context, &(*new_keys)[i]);
-	free (*new_keys);
-	*new_keys = NULL;
-	*n_keys = 0;
-    }
-out2:
-    hdb_free_entry(context->context, &ent);
-out:
-    context->db->close(context->context, context->db);
-    return _kadm5_error_code(ret);
-}
diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c
deleted file mode 100644
index 95ccf2503669..000000000000
--- a/crypto/heimdal/lib/kadm5/rename_c.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: rename_c.c,v 1.4 2000/07/11 16:00:08 joda Exp $");
-
-kadm5_ret_t
-kadm5_c_rename_principal(void *server_handle, 
-			 krb5_principal source,
-			 krb5_principal target)
-{
-    kadm5_client_context *context = server_handle;
-    kadm5_ret_t ret;
-    krb5_storage *sp;
-    unsigned char buf[1024];
-    int32_t tmp;
-    krb5_data reply;
-
-    ret = _kadm5_connect(server_handle);
-    if(ret)
-	return ret;
-
-    sp = krb5_storage_from_mem(buf, sizeof(buf));
-    if (sp == NULL)
-	return ENOMEM;
-    krb5_store_int32(sp, kadm_rename);
-    krb5_store_principal(sp, source);
-    krb5_store_principal(sp, target);
-    ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
-    if (ret)
-	return ret;
-    ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
-    if (sp == NULL) {
-	krb5_data_free (&reply);
-	return ENOMEM;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c
deleted file mode 100644
index a478e0acd92d..000000000000
--- a/crypto/heimdal/lib/kadm5/rename_s.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: rename_s.c,v 1.11 2001/01/30 01:24:29 assar Exp $");
-
-kadm5_ret_t
-kadm5_s_rename_principal(void *server_handle, 
-			 krb5_principal source,
-			 krb5_principal target)
-{
-    kadm5_server_context *context = server_handle;
-    kadm5_ret_t ret;
-    hdb_entry ent, ent2;
-    ent.principal = source;
-    if(krb5_principal_compare(context->context, source, target))
-	return KADM5_DUP; /* XXX is this right? */
-    if(!krb5_realm_compare(context->context, source, target))
-	return KADM5_FAILURE; /* XXX better code */
-    ret = context->db->open(context->context, context->db, O_RDWR, 0);
-    if(ret)
-	return ret;
-    ret = context->db->fetch(context->context, context->db, 0, &ent);
-    if(ret){
-	context->db->close(context->context, context->db);
-	goto out;
-    }
-    ret = _kadm5_set_modifier(context, &ent);
-    if(ret)
-	goto out2;
-    {
-	/* fix salt */
-	int i;
-	Salt salt;
-	krb5_salt salt2;
-	krb5_get_pw_salt(context->context, source, &salt2);
-	salt.type = hdb_pw_salt;
-	salt.salt = salt2.saltvalue;
-	for(i = 0; i < ent.keys.len; i++){
-	    if(ent.keys.val[i].salt == NULL){
-		ent.keys.val[i].salt = malloc(sizeof(*ent.keys.val[i].salt));
-		ret = copy_Salt(&salt, ent.keys.val[i].salt);
-		if(ret)
-		    break;
-	    }
-	}
-	krb5_free_salt(context->context, salt2);
-    }
-    if(ret)
-	goto out2;
-    ent2.principal = ent.principal;
-    ent.principal = target;
-
-    ret = hdb_seal_keys(context->context, context->db, &ent);
-    if (ret) {
-	ent.principal = ent2.principal;
-	goto out2;
-    }
-
-    kadm5_log_rename (context,
-		      source,
-		      &ent);
-
-    ret = context->db->store(context->context, context->db, 0, &ent);
-    if(ret){
-	ent.principal = ent2.principal;
-	goto out2;
-    }
-    ret = context->db->remove(context->context, context->db, &ent2);
-    ent.principal = ent2.principal;
-out2:
-    context->db->close(context->context, context->db);
-    hdb_free_entry(context->context, &ent);
-out:
-    return _kadm5_error_code(ret);
-}
-
diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c
deleted file mode 100644
index 1b2d71635f49..000000000000
--- a/crypto/heimdal/lib/kadm5/replay_log.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $");
-
-int start_version = -1;
-int end_version = -1;
-
-static void
-apply_entry(kadm5_server_context *server_context,
-	    u_int32_t ver,
-	    time_t timestamp,
-	    enum kadm_ops op,
-	    u_int32_t len,
-	    krb5_storage *sp)
-{
-    krb5_error_code ret;
-
-    if((start_version != -1 && ver < start_version) ||
-       (end_version != -1 && ver > end_version)) {
-	/* XXX skip this entry */
-	krb5_storage_seek(sp, len, SEEK_CUR);
-	return;
-    }
-    printf ("ver %u... ", ver);
-    fflush (stdout);
-
-    ret = kadm5_log_replay (server_context,
-			    op, ver, len, sp);
-    if (ret)
-	krb5_warn (server_context->context, ret, "kadm5_log_replay");
-
-    
-    printf ("done\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "start-version", 0, arg_integer, &start_version, "start replay with this version" },
-    { "end-version", 0, arg_integer, &end_version, "end replay with this version" },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_config_params conf;
-    kadm5_server_context *server_context;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = server_context->db->open(context,
-				   server_context->db,
-				   O_RDWR | O_CREAT, 0);
-    if (ret)
-	krb5_err (context, 1, ret, "db->open");
-
-    ret = kadm5_log_init (server_context);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_log_init");
-
-    ret = kadm5_log_foreach (server_context, apply_entry);
-    if(ret)
-	krb5_warn(context, ret, "kadm5_log_foreach");
-    ret = kadm5_log_end (server_context);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_log_end");
-    ret = server_context->db->close (context, server_context->db);
-    if (ret)
-	krb5_err (context, 1, ret, "db->close");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/sample_passwd_check.c b/crypto/heimdal/lib/kadm5/sample_passwd_check.c
deleted file mode 100644
index 4ff5122c164b..000000000000
--- a/crypto/heimdal/lib/kadm5/sample_passwd_check.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* $Id: sample_passwd_check.c,v 1.1 1999/09/10 10:11:03 assar Exp $ */
-
-#include <string.h>
-#include <stdlib.h>
-#include <krb5.h>
-
-/* specify the api-version this library conforms to */
-
-int version = 0;
-
-/* just check the length of the password, this is what the default
-   check does, but this lets you specify the minimum length in
-   krb5.conf */
-const char*
-check_length(krb5_context context,
-             krb5_principal prinipal,
-             krb5_data *password)
-{
-    int min_length = krb5_config_get_int_default(context, NULL, 6,
-						 "password_quality",
-						 "min_length",
-						 NULL);
-    if(password->length < min_length)
-	return "Password too short";
-    return NULL;
-}
-
-#ifdef DICTPATH
-
-/* use cracklib to check password quality; this requires a patch for
-   cracklib that can be found at
-   ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
-
-const char*
-check_cracklib(krb5_context context,
-	       krb5_principal principal,
-	       krb5_data *password)
-{
-    char *s = malloc(password->length + 1);
-    char *msg;
-    char *strings[2];
-    if(s == NULL)
-	return NULL; /* XXX */
-    strings[0] = principal->name.name_string.val[0]; /* XXX */
-    strings[1] = NULL;
-    memcpy(s, password->data, password->length);
-    s[password->length] = '\0';
-    msg = FascistCheck(s, DICTPATH, strings);
-    memset(s, 0, password->length);
-    free(s);
-    return msg;
-}
-#endif
diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c
deleted file mode 100644
index fe44b76b8cc1..000000000000
--- a/crypto/heimdal/lib/kadm5/send_recv.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: send_recv.c,v 1.10 2003/04/16 17:58:59 lha Exp $");
-
-kadm5_ret_t 
-_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp)
-{
-    krb5_data msg, out;
-    krb5_error_code ret;
-    size_t len;
-    krb5_storage *sock;
-
-    assert(context->sock != -1);
-
-    len = krb5_storage_seek(sp, 0, SEEK_CUR);
-    ret = krb5_data_alloc(&msg, len);
-    if (ret)
-	return ret;
-    krb5_storage_seek(sp, 0, SEEK_SET);
-    krb5_storage_read(sp, msg.data, msg.length);
-    
-    ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL);
-    krb5_data_free(&msg);
-    if(ret)
-	return ret;
-    
-    sock = krb5_storage_from_fd(context->sock);
-    if(sock == NULL) {
-	krb5_data_free(&out);
-	return ENOMEM;
-    }
-    
-    ret = krb5_store_data(sock, out);
-    krb5_storage_free(sock);
-    krb5_data_free(&out);
-    return ret;
-}
-
-kadm5_ret_t
-_kadm5_client_recv(kadm5_client_context *context, krb5_data *reply)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    krb5_storage *sock;
-
-    sock = krb5_storage_from_fd(context->sock);
-    if(sock == NULL)
-	return ENOMEM;
-    ret = krb5_ret_data(sock, &data);
-    krb5_storage_free(sock);
-    if(ret == KRB5_CC_END)
-	return KADM5_RPC_ERROR;
-    else if(ret)
-	return ret;
-
-    ret = krb5_rd_priv(context->context, context->ac, &data, reply, NULL);
-    krb5_data_free(&data);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/server_glue.c b/crypto/heimdal/lib/kadm5/server_glue.c
deleted file mode 100644
index 21b60776add0..000000000000
--- a/crypto/heimdal/lib/kadm5/server_glue.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: server_glue.c,v 1.6 1999/12/02 17:05:07 joda Exp $");
-
-kadm5_ret_t
-kadm5_init_with_password(const char *client_name,
-			 const char *password,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_s_init_with_password(client_name,
-				      password,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_password_ctx(krb5_context context,
-			     const char *client_name,
-			     const char *password,
-			     const char *service_name,
-			     kadm5_config_params *realm_params,
-			     unsigned long struct_version,
-			     unsigned long api_version,
-			     void **server_handle)
-{
-    return kadm5_s_init_with_password_ctx(context,
-					  client_name,
-					  password,
-					  service_name,
-					  realm_params,
-					  struct_version,
-					  api_version,
-					  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey(const char *client_name,
-		     const char *keytab,
-		     const char *service_name,
-		     kadm5_config_params *realm_params,
-		     unsigned long struct_version,
-		     unsigned long api_version,
-		     void **server_handle)
-{
-    return kadm5_s_init_with_skey(client_name,
-				  keytab,
-				  service_name,
-				  realm_params,
-				  struct_version,
-				  api_version,
-				  server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_skey_ctx(krb5_context context,
-			 const char *client_name,
-			 const char *keytab,
-			 const char *service_name,
-			 kadm5_config_params *realm_params,
-			 unsigned long struct_version,
-			 unsigned long api_version,
-			 void **server_handle)
-{
-    return kadm5_s_init_with_skey_ctx(context,
-				      client_name,
-				      keytab,
-				      service_name,
-				      realm_params,
-				      struct_version,
-				      api_version,
-				      server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds(const char *client_name,
-		      krb5_ccache ccache,
-		      const char *service_name,
-		      kadm5_config_params *realm_params,
-		      unsigned long struct_version,
-		      unsigned long api_version,
-		      void **server_handle)
-{
-    return kadm5_s_init_with_creds(client_name,
-				   ccache,
-				   service_name,
-				   realm_params,
-				   struct_version,
-				   api_version,
-				   server_handle);
-}
-
-kadm5_ret_t
-kadm5_init_with_creds_ctx(krb5_context context,
-			  const char *client_name,
-			  krb5_ccache ccache,
-			  const char *service_name,
-			  kadm5_config_params *realm_params,
-			  unsigned long struct_version,
-			  unsigned long api_version,
-			  void **server_handle)
-{
-    return kadm5_s_init_with_creds_ctx(context,
-				       client_name,
-				       ccache,
-				       service_name,
-				       realm_params,
-				       struct_version,
-				       api_version,
-				       server_handle);
-}
diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c
deleted file mode 100644
index d69c509b2228..000000000000
--- a/crypto/heimdal/lib/kadm5/set_keys.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: set_keys.c,v 1.25 2001/08/13 15:12:16 joda Exp $");
-
-/*
- * the known and used DES enctypes
- */
-
-static krb5_enctype des_types[] = { ETYPE_DES_CBC_CRC,
- 				    ETYPE_DES_CBC_MD4,
- 				    ETYPE_DES_CBC_MD5 };
-static unsigned n_des_types = sizeof(des_types) / sizeof(des_types[0]);
-
-static krb5_error_code
-make_keys(krb5_context context, krb5_principal principal, const char *password,
-	  Key **keys_ret, size_t *num_keys_ret)
-{
-    krb5_enctype all_etypes[] = { ETYPE_DES3_CBC_SHA1,
-				  ETYPE_DES_CBC_MD5,
-				  ETYPE_DES_CBC_MD4,
-				  ETYPE_DES_CBC_CRC };
-
-
-    krb5_enctype e;
-
-    krb5_error_code ret = 0;
-    char **ktypes, **kp;
-
-    Key *keys = NULL, *tmp;
-    int num_keys = 0;
-    Key key;
-
-    int i;
-    char *v4_ktypes[] = {"des3:pw-salt", "v4", NULL};
-
-    ktypes = krb5_config_get_strings(context, NULL, "kadmin", 
-				     "default_keys", NULL);
-
-    /* for each entry in `default_keys' try to parse it as a sequence
-       of etype:salttype:salt, syntax of this if something like:
-       [(des|des3|etype):](pw|afs3)[:string], if etype is omitted it
-       means all etypes, and if string is omitted is means the default
-       string (for that principal). Additional special values:
-       v5 == pw-salt, and
-       v4 == des:pw-salt:
-       afs or afs3 == des:afs3-salt
-    */
-
-    if (ktypes == NULL
-	&& krb5_config_get_bool (context, NULL, "kadmin",
-				 "use_v4_salt", NULL))
-	ktypes = v4_ktypes;
-
-    for(kp = ktypes; kp && *kp; kp++) {
-	krb5_enctype *etypes;
-	int num_etypes;
-	krb5_salt salt;
-	krb5_boolean salt_set;
-
-	const char *p;
-	char buf[3][256];
-	int num_buf = 0;
-
-	p = *kp;
-	if(strcmp(p, "v5") == 0)
-	    p = "pw-salt";
-	else if(strcmp(p, "v4") == 0)
-	    p = "des:pw-salt:";
-	else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0)
-	    p = "des:afs3-salt";
-	
-	/* split p in a list of :-separated strings */
-	for(num_buf = 0; num_buf < 3; num_buf++)
-	    if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1)
-		break;
-
-	etypes = NULL;
-	num_etypes = 0;
-	memset(&salt, 0, sizeof(salt));
-	salt_set = FALSE;
-
-	for(i = 0; i < num_buf; i++) {
-	    if(etypes == NULL) {
-		/* this might be a etype specifier */
-		/* XXX there should be a string_to_etypes handling
-                   special cases like `des' and `all' */
-		if(strcmp(buf[i], "des") == 0) {
-		    etypes = all_etypes + 1;
-		    num_etypes = 3;
-		    continue;
-		} else if(strcmp(buf[i], "des3") == 0) {
-		    e = ETYPE_DES3_CBC_SHA1;
-		    etypes = &e;
-		    num_etypes = 1;
-		    continue;
-		} else {
-		    ret = krb5_string_to_enctype(context, buf[i], &e);
-		    if(ret == 0) {
-			etypes = &e;
-			num_etypes = 1;
-			continue;
-		    }
-		}
-	    }
-	    if(salt.salttype == 0) {
-		/* interpret string as a salt specifier, if no etype
-                   is set, this sets default values */
-		/* XXX should perhaps use string_to_salttype, but that
-                   interface sucks */
-		if(strcmp(buf[i], "pw-salt") == 0) {
-		    if(etypes == NULL) {
-			etypes = all_etypes;
-			num_etypes = 4;
-		    }
-		    salt.salttype = KRB5_PW_SALT;
-		} else if(strcmp(buf[i], "afs3-salt") == 0) {
-		    if(etypes == NULL) {
-			etypes = all_etypes + 1;
-			num_etypes = 3;
-		    }
-		    salt.salttype = KRB5_AFS3_SALT;
-		}
-	    } else {
-		/* if there is a final string, use it as the string to
-                   salt with, this is mostly useful with null salt for
-                   v4 compat, and a cell name for afs compat */
-		salt.saltvalue.data = buf[i];
-		salt.saltvalue.length = strlen(buf[i]);
-		salt_set = TRUE;
-	    }
-	}
-
-	if(etypes == NULL || salt.salttype == 0) {	    
-	    krb5_warnx(context, "bad value for default_keys `%s'", *kp);
-	    continue;
-	}
-
-	if(!salt_set) {
-	    /* make up default salt */
-	    if(salt.salttype == KRB5_PW_SALT)
-		ret = krb5_get_pw_salt(context, principal, &salt);
-	    else if(salt.salttype == KRB5_AFS3_SALT) {
-		krb5_realm *realm = krb5_princ_realm(context, principal);
-		salt.saltvalue.data = strdup(*realm);
-		if(salt.saltvalue.data == NULL) {
-		    krb5_set_error_string(context, "out of memory while "
-					  "parsinig salt specifiers");
-		    ret = ENOMEM;
-		    goto out;
-		}
-		strlwr(salt.saltvalue.data);
-		salt.saltvalue.length = strlen(*realm);
-		salt_set = 1;
-	    }
-	}
-	memset(&key, 0, sizeof(key));
-	for(i = 0; i < num_etypes; i++) {
-	    Key *k;
-	    for(k = keys; k < keys + num_keys; k++) {
-		if(k->key.keytype == etypes[i] &&
-		   ((k->salt != NULL && 
-		     k->salt->type == salt.salttype &&
-		     k->salt->salt.length == salt.saltvalue.length &&
-		     memcmp(k->salt->salt.data, salt.saltvalue.data, 
-			    salt.saltvalue.length) == 0) ||
-		    (k->salt == NULL && 
-		     salt.salttype == KRB5_PW_SALT && 
-		     !salt_set)))
-		    goto next_etype;
-	    }
-		       
-	    ret = krb5_string_to_key_salt (context,
-					   etypes[i],
-					   password,
-					   salt,
-					   &key.key);
-
-	    if(ret)
-		goto out;
-
-	    if (salt.salttype != KRB5_PW_SALT || salt_set) {
-		key.salt = malloc (sizeof(*key.salt));
-		if (key.salt == NULL) {
-		    free_Key(&key);
-		    ret = ENOMEM;
-		    goto out;
-		}
-		key.salt->type = salt.salttype;
-		krb5_data_zero (&key.salt->salt);
-
-		/* is the salt has not been set explicitly, it will be
-		   the default salt, so there's no need to explicitly
-		   copy it */
-		if (salt_set) {
-		    ret = krb5_data_copy(&key.salt->salt, 
-					 salt.saltvalue.data, 
-					 salt.saltvalue.length);
-		    if (ret) {
-			free_Key(&key);
-			goto out;
-		    }
-		}
-	    }
-	    tmp = realloc(keys, (num_keys + 1) * sizeof(*keys));
-	    if(tmp == NULL) {
-		free_Key(&key);
-		ret = ENOMEM;
-		goto out;
-	    }
-	    keys = tmp;
-	    keys[num_keys++] = key;
-	  next_etype:;
-	}
-    }
-
-    if(num_keys == 0) {
-	/* if we didn't manage to find a single valid key, create a
-           default set */
-	/* XXX only do this is there is no `default_keys'? */
-	krb5_salt v5_salt;
-	tmp = realloc(keys, (num_keys + 4) * sizeof(*keys));
-	if(tmp == NULL) {
-	    ret = ENOMEM;
-	    goto out;
-	}
-	keys = tmp;
-	ret = krb5_get_pw_salt(context, principal, &v5_salt);
-	if(ret)
-	    goto out;
-	for(i = 0; i < 4; i++) {
-	    memset(&key, 0, sizeof(key));
-	    ret = krb5_string_to_key_salt(context, all_etypes[i], password, 
-					  v5_salt, &key.key);
-	    if(ret) {
-		krb5_free_salt(context, v5_salt);
-		goto out;
-	    }
-	    keys[num_keys++] = key;
-	}
-	krb5_free_salt(context, v5_salt);
-    }
-
-  out:
-    if(ret == 0) {
-	*keys_ret = keys;
-	*num_keys_ret = num_keys;
-    } else {
-	for(i = 0; i < num_keys; i++) {
-	    free_Key(&keys[i]);
-	}
-	free(keys);
-    }
-    return ret;
-}
-
-/*
- * Set the keys of `ent' to the string-to-key of `password'
- */
-
-kadm5_ret_t
-_kadm5_set_keys(kadm5_server_context *context,
-		hdb_entry *ent, 
-		const char *password)
-{
-    kadm5_ret_t ret;
-    Key *keys;
-    size_t num_keys;
-
-    ret = make_keys(context->context, ent->principal, password, 
-		    &keys, &num_keys);
-
-    if(ret)
-	return ret;
-    
-    _kadm5_free_keys (context, ent->keys.len, ent->keys.val);
-    ent->keys.val = keys;
-    ent->keys.len = num_keys;
-    ent->kvno++;
-    return 0;
-}
-
-/*
- * Set the keys of `ent' to (`n_key_data', `key_data')
- */
-
-kadm5_ret_t
-_kadm5_set_keys2(kadm5_server_context *context,
-		 hdb_entry *ent, 
-		 int16_t n_key_data, 
-		 krb5_key_data *key_data)
-{
-    krb5_error_code ret;
-    int i;
-    unsigned len;
-    Key *keys;
-
-    len  = n_key_data;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    _kadm5_init_keys (keys, len);
-
-    for(i = 0; i < n_key_data; i++) {
-	keys[i].mkvno = NULL;
-	keys[i].key.keytype = key_data[i].key_data_type[0];
-	ret = krb5_data_copy(&keys[i].key.keyvalue,
-			     key_data[i].key_data_contents[0],
-			     key_data[i].key_data_length[0]);
-	if(ret)
-	    goto out;
-	if(key_data[i].key_data_ver == 2) {
-	    Salt *salt;
-
-	    salt = malloc(sizeof(*salt));
-	    if(salt == NULL) {
-		ret = ENOMEM;
-		goto out;
-	    }
-	    keys[i].salt = salt;
-	    salt->type = key_data[i].key_data_type[1];
-	    krb5_data_copy(&salt->salt, 
-			   key_data[i].key_data_contents[1],
-			   key_data[i].key_data_length[1]);
-	} else
-	    keys[i].salt = NULL;
-    }
-    _kadm5_free_keys (context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = keys;
-    ent->kvno++;
-    return 0;
- out:
-    _kadm5_free_keys (context, len, keys);
-    return ret;
-}
-
-/*
- * Set the keys of `ent' to `n_keys, keys'
- */
-
-kadm5_ret_t
-_kadm5_set_keys3(kadm5_server_context *context,
-		 hdb_entry *ent,
-		 int n_keys,
-		 krb5_keyblock *keyblocks)
-{
-    krb5_error_code ret;
-    int i;
-    unsigned len;
-    Key *keys;
-
-    len  = n_keys;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    _kadm5_init_keys (keys, len);
-
-    for(i = 0; i < n_keys; i++) {
-	keys[i].mkvno = NULL;
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &keyblocks[i],
-					   &keys[i].key);
-	if(ret)
-	    goto out;
-	keys[i].salt = NULL;
-    }
-    _kadm5_free_keys (context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = keys;
-    ent->kvno++;
-    return 0;
- out:
-    _kadm5_free_keys (context, len, keys);
-    return ret;
-}
-
-/*
- * Set the keys of `ent' to random keys and return them in `n_keys'
- * and `new_keys'.
- */
-
-kadm5_ret_t
-_kadm5_set_keys_randomly (kadm5_server_context *context,
-			  hdb_entry *ent,
-			  krb5_keyblock **new_keys,
-			  int *n_keys)
-{
-    kadm5_ret_t ret = 0;
-    int i;
-    unsigned len;
-    krb5_keyblock *keys;
-    Key *hkeys;
-
-    len  = n_des_types + 1;
-    keys = malloc (len * sizeof(*keys));
-    if (keys == NULL)
-	return ENOMEM;
-
-    for (i = 0; i < len; ++i) {
-	keys[i].keyvalue.length = 0;
-	keys[i].keyvalue.data   = NULL;
-    }
-
-    hkeys = malloc (len * sizeof(*hkeys));
-    if (hkeys == NULL) {
-	free (keys);
-	return ENOMEM;
-    }
-
-    _kadm5_init_keys (hkeys, len);
-
-    ret = krb5_generate_random_keyblock (context->context,
-					 des_types[0],
-					 &keys[0]);
-    if (ret)
-	goto out;
-
-    ret = krb5_copy_keyblock_contents (context->context,
-				       &keys[0],
-				       &hkeys[0].key);
-    if (ret)
-	goto out;
-
-    for (i = 1; i < n_des_types; ++i) {
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &keys[0],
-					   &keys[i]);
-	if (ret)
-	    goto out;
-	keys[i].keytype = des_types[i];
-	ret = krb5_copy_keyblock_contents (context->context,
-					   &keys[0],
-					   &hkeys[i].key);
-	if (ret)
-	    goto out;
-	hkeys[i].key.keytype = des_types[i];
-    }
-
-    ret = krb5_generate_random_keyblock (context->context,
-					 ETYPE_DES3_CBC_SHA1,
-					 &keys[n_des_types]);
-    if (ret)
-	goto out;
-
-    ret = krb5_copy_keyblock_contents (context->context,
-				       &keys[n_des_types],
-				       &hkeys[n_des_types].key);
-    if (ret)
-	goto out;
-
-    _kadm5_free_keys (context, ent->keys.len, ent->keys.val);
-    ent->keys.len = len;
-    ent->keys.val = hkeys;
-    ent->kvno++;
-    *new_keys     = keys;
-    *n_keys       = len;
-    return ret;
-out:
-    for (i = 0; i < len; ++i)
-	krb5_free_keyblock_contents (context->context, &keys[i]);
-    free (keys);
-    _kadm5_free_keys (context, len, hkeys);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kadm5/set_modifier.c b/crypto/heimdal/lib/kadm5/set_modifier.c
deleted file mode 100644
index 2b097459b5d2..000000000000
--- a/crypto/heimdal/lib/kadm5/set_modifier.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kadm5_locl.h"
-
-RCSID("$Id: set_modifier.c,v 1.2 1999/12/02 17:05:07 joda Exp $");
-
-kadm5_ret_t
-_kadm5_set_modifier(kadm5_server_context *context,
-		    hdb_entry *ent)
-{
-    kadm5_ret_t ret;
-    if(ent->modified_by == NULL){
-	ent->modified_by = malloc(sizeof(*ent->modified_by));
-	if(ent->modified_by == NULL)
-	    return ENOMEM;
-    } else
-	free_Event(ent->modified_by);
-    ent->modified_by->time = time(NULL);
-    ret = krb5_copy_principal(context->context, context->caller, 
-			      &ent->modified_by->principal);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/kadm5/truncate_log.c b/crypto/heimdal/lib/kadm5/truncate_log.c
deleted file mode 100644
index 215fdd7d3cb3..000000000000
--- a/crypto/heimdal/lib/kadm5/truncate_log.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "iprop.h"
-
-RCSID("$Id: truncate_log.c,v 1.1 2000/07/24 04:27:06 assar Exp $");
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    { "realm", 'r', arg_string, &realm },
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    void *kadm_handle;
-    kadm5_server_context *server_context;
-    kadm5_config_params conf;
-
-    krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-    
-    if(help_flag)
-	krb5_std_usage(0, args, num_args);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-
-    memset(&conf, 0, sizeof(conf));
-    if(realm) {
-	conf.mask |= KADM5_CONFIG_REALM;
-	conf.realm = realm;
-    }
-
-    ret = kadm5_init_with_password_ctx (context,
-					KADM5_ADMIN_SERVICE,
-					NULL,
-					KADM5_ADMIN_SERVICE,
-					&conf, 0, 0, 
-					&kadm_handle);
-    if (ret)
-	krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
-    server_context = (kadm5_server_context *)kadm_handle;
-
-    ret = kadm5_log_truncate (server_context);
-	krb5_err (context, 1, ret, "kadm5_log_truncate");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog
deleted file mode 100644
index 4c125e1e0f72..000000000000
--- a/crypto/heimdal/lib/kafs/ChangeLog
+++ /dev/null
@@ -1,408 +0,0 @@
-2003-04-23  Love H�rquist �strand  <lha@it.su.se>
-
-	* common.c, kafs.h: drop the int argument (the error code) from
-	the logging function
-
-2003-04-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* afskrb5.c (v5_convert): better match what other functions do
-	with values from krb5.conf, like case insensitivity
-
-2003-04-16  Love H�rquist �strand  <lha@it.su.se>
-
-	* kafs.3: Change .Fd #include <header.h> to .In header.h
-	from Thomas Klausner <wiz@netbsd.org>
-
-2003-04-14  Love H�rquist �strand  <lha@it.su.se>
-
-	* Makefile.am: (libkafs_la_LDFLAGS): update version
-	
-	* Makefile.am (ROKEN_SRCS): drop strupr.c
-	
-	* kafs.3: document kafs_set_verbose
-	
-	* common.c (kafs_set_verbose): add function that (re)sets the
-	logging function
-	(_kafs_try_get_cred): add function that does (krb_data->get_cred) to
-	make logging easier (that is now done in this function)
-	(*): use _kafs_try_get_cred
-
-	* afskrb5.c (get_cred): handle that inst can be the empty string too
-	(v5_convert): use _kafs_foldup
-	(krb5_afslog_uid_home): set name
-	(krb5_afslog_uid_home): ditto
-
-	* afskrb.c (krb_afslog_uid_home): set name
-	(krb_afslog_uid_home): ditto
-
-	* kafs_locl.h (kafs_data): add name
-	(_kafs_foldup): internally export
-
-2003-04-11  Love H�rquist �strand  <lha@it.su.se>
-
-	* kafs.3: tell that cell-name is uppercased
-	
-	* Makefile.am: add INCLUDE_krb4 when using krb4, add INCLUDE_des
-	when using krb5, add strupr.c
-	
-	* afskrb5.c: Check the cell part of the name, not the realm part
-	when checking if 2b should be used. The reson is afs@REALM might
-	have updated their servers but not afs/cell@REALM. Add constant
-	KAFS_RXKAD_2B_KVNO.
-
-2003-04-06  Love H�rquist �strand  <lha@it.su.se>
-
-	* kafs.3: s/kerberos/Kerberos/
-	
-2003-03-19  Love H�rquist �strand  <lha@it.su.se>
-
-	* kafs.3: spelling, from <jmc@prioris.mini.pw.edu.pl>
-	
-	* kafs.3: document the kafs_settoken functions write about the
-	krb5_appdefault option for kerberos 5 afs tokens fix prototypes
-	
-2003-03-18  Love H�rquist �strand  <lha@it.su.se>
-
-	* afskrb5.c (kafs_settoken5): change signature to include a
-	krb5_context, use v5_convert
-	(v5_convert): new function, converts a krb5_ccreds to a kafs_token in
-	three diffrent ways, not at all, local 524/2b, and using 524
-	(v5_to_kt): add code to do local 524/2b
-	(get_cred): use v5_convert
-
-
-	* kafs.h (kafs_settoken5): change signature to include a
-	krb5_context
-
-	* Makefile.am: always build the libkafs library now that the
-	kerberos 5 can stand on their own
-	
-	* kafs.3: expose the krb5 functions
-	
-	* common.c (kafs_settoken_rxkad): move all content kerberos
-	version from kafs_settoken to kafs_settoken_rxkad
-	(_kafs_fixup_viceid): move the fixup the timestamp to make client
-	happy code here.
-	(_kafs_v4_to_kt): move all the kerberos 4 dependant parts from
-	kafs_settoken here.
-	(*): adapt to kafs_token
-
-	* afskrb5.c (kafs_settoken5): new function, inserts a krb5_creds
-	into kernel
-	(v5_to_kt): new function, stores a krb5_creds in struct kafs_token
-	(get_cred): add a appdefault boolean ("libkafs", realm, "afs-use-524")
-	that can used to toggle if there should v5 token should be used
-	directly or converted via 524 first.
-
-	* afskrb.c: move kafs_settoken here, use struct kafs_token
-	
-	* kafs_locl.h: include krb5-v4compat.h if needed, define an
-	internal structure struct kafs_token that carries around for rxkad
-	data that is independant of kerberos version
-	
-2003-02-18  Love H�rquist �strand  <lha@it.su.se>
-
-	* dlfcn.h: s/intialize/initialize, from
-	<jmc@prioris.mini.pw.edu.pl>
-
-2003-02-08  Assar Westerlund  <assar@kth.se>
-
-	* afssysdefs.h: fix FreeBSD section
-
-2003-02-06  Love H�rquist �strand  <lha@it.su.se>
-
-	* afssysdefs.h: use syscall 208 on openbsd (all version) use
-	syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier
-	
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* kafs.3: move around sections (from NetBSD)
-
-2002-05-31  Assar Westerlund  <assar@pdc.kth.se>
-
-	* common.c: remove the trial of afs@REALM for cell != realm, it
-	tries to use the wrong key for foreign cells
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: version number
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* common.c (find_cells): make file parameter const
-
-2001-11-01  Assar Westerlund  <assar@sics.se>
-
-	* add strsep, and bump version to 3:3:3
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 3:2:3
-
-2001-10-24  Assar Westerlund  <assar@sics.se>
-
-	* afskrb.c (afslog_uid_int): handle krb_get_tf_fullname that
-	cannot take NULLs
-	(such as the MIT one)
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (ROKEN_SRCS): add strlcpy.c
-
-2001-10-09  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (ROKEN_SRCS): add strtok_r.c
-	* roken_rename.h (dns_srv_order): rename correctly
-	(strtok_r): add renaming
-
-2001-09-10  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h, common.c: look for configuration files in /etc/arla (the
-	location in debian's arla package)
-
-2001-08-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: handle both krb5 and krb4 cases
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 3:0:3
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* common.c: look in /etc/openafs for debian openafs
-	* kafs.h: add paths for openafs debian (/etc/openafs)
-
-	* Makefile.am: add required library dependencies
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set versoin to 2:4:2
-
-2001-06-19  Assar Westerlund  <assar@sics.se>
-
-	* common.c (_kafs_realm_of_cell): changed to first try exact match
-	in CellServDB, then exact match in DNS, and finally in-exact match
-	in CellServDB
-
-2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: only build resolve.c if doing renaming
-
-2001-02-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am, roken_rename.h: add rename of dns functions
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): set version to 2:3:2
-
-2000-11-17  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: solaris 8 apperently uses 65
-
-2000-09-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkafs_la_LDFLAGS): bump version to 2:2:2
-
-2000-09-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* dlfcn.c: correct arguments to some snprintf:s
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 2:1:2
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 2:0:2
-
-2000-03-20  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: make versions later than 5.7 of solaris also use
-	73
-
-2000-03-16  Assar Westerlund  <assar@sics.se>
-
-	* afskrb.c (afslog_uid_int): use krb_get_tf_fullname instead of
-	krb_get_default_principal
-
-2000-03-15  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c (map_syscall_name_to_number): ignore # at
-	beginning-of-line
-
-2000-03-13  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: add 230 for MacOS X per information from
-	<warner.c@apple.com>
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:2:1
-
-1999-11-22  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (afslog_uid_int): handle d->realm == NULL
-	
-1999-11-17  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (afslog_uid_int): don't look at the local realm at
- 	all.  just use the realm from the ticket file.
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:1:1
-
-	* afskrb5.c (get_cred): always request a DES key
-
-Mon Oct 18 17:40:21 1999  Bjoern Groenvall  <bg@mummel.sics.se>
-
-	* common.c (find_cells): Trim trailing whitespace from
- 	cellname. Lines starting with # are regarded as comments.
-
-Fri Oct  8 18:17:22 1999  Bjoern Groenvall  <bg@mummel.sics.se>
-
-	* afskrb.c, common.c : Change code to make a clear distinction
- 	between hinted realm and ticket realm.
-
-	* kafs_locl.h: Added argument realm_hint.
-
-	* common.c (_kafs_get_cred): Change code to acquire the ``best''
- 	possible ticket. Use cross-cell authentication only as method of
- 	last resort.
-
-	* afskrb.c (afslog_uid_int): Add realm_hint argument and extract
- 	realm from ticket file.
-
-	* afskrb5.c (afslog_uid_int): Added argument realm_hint.
-
-1999-10-03  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (get_cred): update to new krb524_convert_creds_kdc
-
-1999-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: ignore the comlicated aix construct if !krb4
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-1999-07-22  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
-
-1999-07-07  Assar Westerlund  <assar@sics.se>
-
-	* afskrb5.c (krb5_realm_of_cell): new function
-
-	* afskrb.c (krb_realm_of_cell): new function
-	(afslog_uid_int): call krb_get_lrealm correctly
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* common.c (realm_of_cell): rename to _kafs_realm_of_cell and
- 	un-staticize
-
-Fri Mar 19 14:52:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 11:24:02 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Feb 27 19:46:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
- 	1.4)
-
-Thu Feb 11 22:57:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: set AIX_SRC also if !AIX
-
-Tue Dec  1 14:45:15 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: fix AIX linkage
-
-Sun Nov 22 10:40:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Sat Nov 21 16:55:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* afskrb5.c: add homedir support
-
-Sun Sep  6 20:16:27 1998  Assar Westerlund  <assar@sics.se>
-
-	* add new functionality for specifying the homedir to krb_afslog
- 	et al
-
-Thu Jul 16 01:27:19 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c: reorganize order of definitions.
-	(try_one, try_two): conditionalize
-
-Thu Jul  9 18:31:52 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c (realm_of_cell): make the dns fallback work
-
-Wed Jul  8 01:39:44 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c (map_syscall_name_to_number): new function for finding
- 	the number of a syscall given the name on solaris
-	(k_hasafs): try using map_syscall_name_to_number
-
-Tue Jun 30 17:19:00 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssys.c: rewrite and add support for environment variable
- 	AFS_SYSCALL
-
-	* Makefile.in (distclean): don't remove roken_rename.h
-
-Fri May 29 19:03:20 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (roken_rename.h): remove dependency
-
-Mon May 25 05:25:54 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sun Apr 19 09:58:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sat Apr  4 15:08:48 1998  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h: add arla paths
-
-	* common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
-	(_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
-
-Thu Feb 19 14:50:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* common.c: Don't store expired tokens (this broke when using
- 	pag-less rsh-sessions, and `non-standard' ticket files).
-
-Thu Feb 12 11:20:15 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.in: Install/uninstall one library at a time.
-
-Thu Feb 12 05:38:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (install): one library at a time.
-
-Mon Feb  9 23:40:32 1998  Assar Westerlund  <assar@sics.se>
-
-	* common.c (find_cells): ignore empty lines
-
-Tue Jan  6 04:25:58 1998  Assar Westerlund  <assar@sics.se>
-
-	* afssysdefs.h (AFS_SYSCALL): add FreeBSD
-
-Fri Jan  2 17:08:24 1998  Assar Westerlund  <assar@sics.se>
-
-	* kafs.h: new VICEIOCTL's.  From <rb@stacken.kth.se>
-
-	* afssysdefs.h: Add OpenBSD
diff --git a/crypto/heimdal/lib/kafs/Makefile b/crypto/heimdal/lib/kafs/Makefile
deleted file mode 100644
index d9b704278b9a..000000000000
--- a/crypto/heimdal/lib/kafs/Makefile
+++ /dev/null
@@ -1,760 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/kafs/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.37 2002/08/19 15:08:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-#AFSLIBS = libkafs.la
-AFSLIBS = 
-#DEPLIB_krb4 = $(LIB_krb4) $(LIB_des)
-DEPLIB_krb4 = 
-
-#AFSL_EXP = 
-##AFSL_EXP = $(srcdir)/afsl.exp
-
-##AFS_EXTRA_LD = -e _nostart
-###AFS_EXTRA_LD = -bnoentry
-
-###AIX_SRC = afslib.c
-###AIX_SRC = dlfcn.c
-##AIX_SRC = 
-#AIX_SRC = 
-###AFS_EXTRA_LIBS = 
-##AFS_EXTRA_LIBS = afslib.so
-###AFS_EXTRA_DEFS = -DSTATIC_AFS
-##AFS_EXTRA_DEFS = 
-
-libkafs_la_LIBADD = ../krb5/libkrb5.la ../roken/libroken.la $(DEPLIB_krb4)
-#libkafs_la_LIBADD = ../roken/libroken.la $(DEPLIB_krb4)
-
-lib_LTLIBRARIES = $(AFSLIBS)
-libkafs_la_LDFLAGS = -version-info 3:4:3
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-
-# EXTRA_DATA = afslib.so
-CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-
-include_HEADERS = kafs.h
-
-afskrb5_c = afskrb5.c
-
-ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-
-libkafs_la_SOURCES = \
-	afssys.c				\
-	afskrb.c				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	$(ROKEN_SRCS)
-
-
-
-#afslib_so_SOURCES = afslib.c
-EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h
-
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp
-
-man_MANS = kafs.3
-subdir = lib/kafs
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libkafs_la_DEPENDENCIES = ../krb5/libkrb5.la \
-	../roken/libroken.la
-#libkafs_la_DEPENDENCIES = ../roken/libroken.la
-#libkafs_la_DEPENDENCIES = ../krb5/libkrb5.la \
-#	../roken/libroken.la
-##libkafs_la_DEPENDENCIES = ../roken/libroken.la
-am__objects_1 = afskrb5.lo
-###am__objects_2 = afslib.lo
-###am__objects_2 = \
-###	dlfcn.lo
-##am__objects_2 =
-#am__objects_2 =
-am__objects_3 = resolve.lo strtok_r.lo strlcpy.lo \
-	strsep.lo
-am_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_1) common.lo \
-	$(am__objects_2) $(am__objects_3)
-libkafs_la_OBJECTS = $(am_libkafs_la_OBJECTS)
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libkafs_la_SOURCES) $(EXTRA_libkafs_la_SOURCES)
-MANS = $(man_MANS)
-DATA = $(foo_DATA)
-
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libkafs_la_SOURCES) $(EXTRA_libkafs_la_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/kafs/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkafs.la: $(libkafs_la_OBJECTS) $(libkafs_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkafs_la_LDFLAGS) $(libkafs_la_OBJECTS) $(libkafs_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(foodir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-fooDATA \
-	install-includeHEADERS install-man
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-data-local \
-	install-exec install-exec-am install-fooDATA \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-man3 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-fooDATA uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-$(OBJECTS): ../../include/config.h
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am
deleted file mode 100644
index a08c47761ab6..000000000000
--- a/crypto/heimdal/lib/kafs/Makefile.am
+++ /dev/null
@@ -1,114 +0,0 @@
-# $Id: Makefile.am,v 1.43.2.1 2003/05/12 15:20:46 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME)
-
-if KRB4
-DEPLIB_krb4 = $(LIB_krb4) $(LIB_des)
-krb4_am_workaround = $(INCLUDE_krb4)
-else
-DEPLIB_krb4  =
-krb4_am_workaround = 
-endif # KRB4
-INCLUDES += $(krb4_am_workaround)
-
-if KRB5
-DEPLIB_krb5 = ../krb5/libkrb5.la 
-krb5_am_workaround = $(INCLUDE_des) -I$(top_srcdir)/lib/krb5
-else
-DEPLIB_krb5  =
-krb5_am_workaround = 
-endif # KRB5
-INCLUDES += $(krb5_am_workaround)
-
-
-if AIX
-AFSL_EXP = $(srcdir)/afsl.exp
-
-if AIX4
-AFS_EXTRA_LD = -bnoentry
-else
-AFS_EXTRA_LD = -e _nostart
-endif
-
-if AIX_DYNAMIC_AFS
-if HAVE_DLOPEN
-AIX_SRC = 
-else
-AIX_SRC = dlfcn.c
-endif
-AFS_EXTRA_LIBS = afslib.so
-AFS_EXTRA_DEFS =
-else
-AIX_SRC = afslib.c
-AFS_EXTRA_LIBS = 
-AFS_EXTRA_DEFS = -DSTATIC_AFS
-endif
-
-else
-AFSL_EXP =
-AIX_SRC =
-endif # AIX
-
-libkafs_la_LIBADD = $(DEPLIB_krb5) ../roken/libroken.la $(DEPLIB_krb4)
-
-lib_LTLIBRARIES = libkafs.la
-libkafs_la_LDFLAGS = -version-info 4:0:4
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-# EXTRA_DATA = afslib.so
-
-CLEANFILES= $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-
-include_HEADERS = kafs.h
-
-if KRB5
-afskrb5_c = afskrb5.c
-endif
-
-if KRB4
-afskrb_c = afskrb.c
-endif
-
-
-if do_roken_rename
-ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-endif
-
-libkafs_la_SOURCES =				\
-	afssys.c				\
-	$(afskrb_c)				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	$(ROKEN_SRCS)
-
-#afslib_so_SOURCES = afslib.c
-
-EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
-
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp
-
-man_MANS = kafs.3
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-$(OBJECTS): ../../include/config.h
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in
deleted file mode 100644
index 22b0121d7bc9..000000000000
--- a/crypto/heimdal/lib/kafs/Makefile.in
+++ /dev/null
@@ -1,757 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.43.2.1 2003/05/12 15:20:46 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) $(krb5_am_workaround)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_des)
-@KRB4_FALSE@DEPLIB_krb4 = 
-@KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4)
-@KRB4_FALSE@krb4_am_workaround = 
-
-@KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la 
-@KRB5_FALSE@DEPLIB_krb5 = 
-@KRB5_TRUE@krb5_am_workaround = $(INCLUDE_des) -I$(top_srcdir)/lib/krb5
-@KRB5_FALSE@krb5_am_workaround = 
-
-@AIX_TRUE@AFSL_EXP = $(srcdir)/afsl.exp
-@AIX_FALSE@AFSL_EXP = 
-
-@AIX4_FALSE@@AIX_TRUE@AFS_EXTRA_LD = -e _nostart
-@AIX4_TRUE@@AIX_TRUE@AFS_EXTRA_LD = -bnoentry
-
-@AIX_FALSE@AIX_SRC = 
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AIX_SRC = afslib.c
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@AIX_SRC = 
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@AIX_SRC = dlfcn.c
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_LIBS = 
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_LIBS = afslib.so
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_DEFS = 
-
-libkafs_la_LIBADD = $(DEPLIB_krb5) ../roken/libroken.la $(DEPLIB_krb4)
-
-lib_LTLIBRARIES = libkafs.la
-libkafs_la_LDFLAGS = -version-info 4:0:4
-foodir = $(libdir)
-foo_DATA = $(AFS_EXTRA_LIBS)
-
-# EXTRA_DATA = afslib.so
-CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
-
-include_HEADERS = kafs.h
-
-@KRB5_TRUE@afskrb5_c = afskrb5.c
-
-@KRB4_TRUE@afskrb_c = afskrb.c
-
-@do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
-
-libkafs_la_SOURCES = \
-	afssys.c				\
-	$(afskrb_c)				\
-	$(afskrb5_c)				\
-	common.c				\
-	$(AIX_SRC)				\
-	kafs_locl.h				\
-	afssysdefs.h				\
-	$(ROKEN_SRCS)
-
-
-
-#afslib_so_SOURCES = afslib.c
-EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
-
-EXTRA_DIST = README.dlfcn afsl.exp afslib.exp
-
-man_MANS = kafs.3
-subdir = lib/kafs
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-@KRB4_FALSE@@KRB5_TRUE@libkafs_la_DEPENDENCIES = ../krb5/libkrb5.la \
-@KRB4_FALSE@@KRB5_TRUE@	../roken/libroken.la
-@KRB4_FALSE@@KRB5_FALSE@libkafs_la_DEPENDENCIES = ../roken/libroken.la
-@KRB4_TRUE@@KRB5_TRUE@libkafs_la_DEPENDENCIES = ../krb5/libkrb5.la \
-@KRB4_TRUE@@KRB5_TRUE@	../roken/libroken.la
-@KRB4_TRUE@@KRB5_FALSE@libkafs_la_DEPENDENCIES = ../roken/libroken.la
-@KRB4_TRUE@am__objects_11 = afskrb.lo
-@KRB5_TRUE@am__objects_12 = afskrb5.lo
-@AIX_FALSE@am__objects_13 =
-@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_13 = afslib.lo
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@am__objects_13 =
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@am__objects_13 = \
-@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@	dlfcn.lo
-@do_roken_rename_TRUE@am__objects_14 = resolve.lo strtok_r.lo strlcpy.lo \
-@do_roken_rename_TRUE@	strsep.lo
-am_libkafs_la_OBJECTS = afssys.lo $(am__objects_11) $(am__objects_12) \
-	common.lo $(am__objects_13) $(am__objects_14)
-libkafs_la_OBJECTS = $(am_libkafs_la_OBJECTS)
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libkafs_la_SOURCES) $(EXTRA_libkafs_la_SOURCES)
-MANS = $(man_MANS)
-DATA = $(foo_DATA)
-
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libkafs_la_SOURCES) $(EXTRA_libkafs_la_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/kafs/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libkafs.la: $(libkafs_la_OBJECTS) $(libkafs_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkafs_la_LDFLAGS) $(libkafs_la_OBJECTS) $(libkafs_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-fooDATA_INSTALL = $(INSTALL_DATA)
-install-fooDATA: $(foo_DATA)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(foodir)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f"; \
-	  $(fooDATA_INSTALL) $$d$$p $(DESTDIR)$(foodir)/$$f; \
-	done
-
-uninstall-fooDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(foo_DATA)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(foodir)/$$f"; \
-	  rm -f $(DESTDIR)$(foodir)/$$f; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(foodir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-fooDATA install-includeHEADERS install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-fooDATA uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-fooDATA install-includeHEADERS \
-	install-info install-info-am install-libLTLIBRARIES install-man \
-	install-man3 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-fooDATA uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-# AIX: this almost works with gcc, but somehow it fails to use the
-# correct ld, use ld instead
-afslib.so: afslib.o
-	ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
-
-$(OBJECTS): ../../include/config.h
-
-resolve.c:
-	$(LN_S) $(srcdir)/../roken/resolve.c .
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-
-strlcpy.c:
-	$(LN_S) $(srcdir)/../roken/strlcpy.c .
-
-strsep.c:
-	$(LN_S) $(srcdir)/../roken/strsep.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kafs/README.dlfcn b/crypto/heimdal/lib/kafs/README.dlfcn
deleted file mode 100644
index cee1b751939e..000000000000
--- a/crypto/heimdal/lib/kafs/README.dlfcn
+++ /dev/null
@@ -1,246 +0,0 @@
-Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
-Not derived from licensed software.
-
-Permission is granted to freely use, copy, modify, and redistribute
-this software, provided that the author is not construed to be liable
-for any results of using the software, alterations are clearly marked
-as such, and this notice is not modified.
-
-libdl.a
--------
-
-This is an emulation library to emulate the SunOS/System V.4 functions
-to access the runtime linker. The functions are emulated by using the
-AIX load() function and by reading the .loader section of the loaded
-module to find the exports. The to be loaded module should be linked as
-follows (if using AIX 3):
-
-	cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
-
-For AIX 4:
-
-	cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
-
-If you want to reference symbols from the main part of the program in a
-loaded module, you will have to link against the export file of the
-main part:
-
-	cc -o main -bE:main.exp $(MAIN_OBJS)
-	cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
-
-Note that you explicitely have to specify what functions are supposed
-to be accessible from your loaded modules, this is different from
-SunOS/System V.4 where any global is automatically exported. If you
-want to export all globals, the following script might be of help:
-
-#!/bin/sh
-/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
-
-The module export file contains the symbols to be exported. Because
-this library uses the loader section, the final module.so file can be
-stripped. C++ users should build their shared objects using the script
-makeC++SharedLib (part of the IBM C++ compiler), this will make sure
-that constructors and destructors for static and global objects will be
-called upon loading and unloading the module. GNU C++ users should use
-the -shared option to g++ to link the shared object:
-
-	g++ -o module.so -shared $(OBJS)
-
-If the shared object does have permissions for anybody, the shared
-object will be loaded into the shared library segment and it will stay
-there even if the main application terminates. If you rebuild your
-shared object after a bugfix and you want to make sure that you really
-get the newest version you will have to use the "slibclean" command
-before starting the application again to garbage collect the shared
-library segment. If the performance utilities (bosperf) are installed
-you can use the following command to see what shared objects are
-loaded:
-
-/usr/lpp/bosperf/genkld | sort | uniq
-
-For easier debugging you can avoid loading the shared object into the
-shared library segment alltogether by removing permissions for others
-from the module.so file:
-
-chmod o-rwx module.so
-
-This will ensure you get a fresh copy of the shared object for every
-dlopen() call which is loaded into the application's data segment.
-
-Usage
------
-
-void *dlopen(const char *path, int mode);
-
-This routine loads the module pointed to by path and reads its export
-table. If the path does not contain a '/' character, dlopen will search
-for the module using the LIBPATH environment variable. It returns an
-opaque handle to the module or NULL on error. The mode parameter can be
-either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
-function binding. The AIX implementation currently does treat RTLD_NOW
-the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
-mode parameter to allow loaded modules to bind to global variables or
-functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
-not specified, only globals from the main part of the executable or
-shared libraries are used to look for undefined symbols in loaded
-modules.
-
-
-void *dlsym(void *handle, const char *symbol);
-
-This routine searches for the symbol in the module referred to by
-handle and returns its address. If the symbol could not be found, the
-function returns NULL. The return value must be casted to a proper
-function pointer before it can be used. SunOS/System V.4 allows handle
-to be a NULL pointer to refer to the module the call is made from, this
-is not implemented.
-
-int dlclose(void *handle);
-
-This routine unloads the module referred to by the handle and disposes
-of any local storage. this function returns -1 on failure. Any function
-pointers obtained through dlsym() should be considered invalid after
-closing a module.
-
-As AIX caches shared objects in the shared library segment, function
-pointers obtained through dlsym() might still work even though the
-module has been unloaded. This can introduce subtle bugs that will
-segment fault later if AIX garbage collects or immediatly on
-SunOS/System V.4 as the text segment is unmapped.
-
-char *dlerror(void);
-
-This routine can be used to retrieve a text message describing the most
-recent error that occured on on of the above routines. This function
-returns NULL if there is no error information.
-
-Initialization and termination handlers
----------------------------------------
-
-The emulation provides for an initialization and a termination
-handler.  The dlfcn.h file contains a structure declaration named
-dl_info with following members:
-
-	void (*init)(void);
-	void (*fini)(void);
-
-The init function is called upon first referencing the library. The
-fini function is called at dlclose() time or when the process exits.
-The module should declare a variable named dl_info that contains this
-structure which must be exported.  These functions correspond to the
-documented _init() and _fini() functions of SunOS 4.x, but these are
-appearently not implemented in SunOS.  When using SunOS 5.0, these
-correspond to #pragma init and #pragma fini respectively. At the same
-time any static or global C++ object's constructors or destructors will
-be called.
-
-BUGS
-----
-
-Please note that there is currently a problem with implicitely loaded
-shared C++ libaries: if you refer to a shared C++ library from a loaded
-module that is not yet used by the main program, the dlopen() emulator
-does not notice this and does not call the static constructors for the
-implicitely loaded library. This can be easily demonstrated by
-referencing the C++ standard streams from a loaded module if the main
-program is a plain C program.
-
-Jens-Uwe Mager
-
-HELIOS Software GmbH
-Lavesstr. 80
-30159 Hannover
-Germany
-
-Phone:		+49 511 36482-0
-FAX:		+49 511 36482-69
-AppleLink:	helios.de/jum
-Internet:	jum@helios.de
-
-Revison History
----------------
-
-SCCS/s.dlfcn.h:
-
-D 1.4 95/04/25 09:36:52 jum 4 3	00018/00004/00028
-MRs:
-COMMENTS:
-added RTLD_GLOBAL, include and C++ guards
-
-D 1.3 92/12/27 20:58:32 jum 3 2	00001/00001/00031
-MRs:
-COMMENTS:
-we always have prototypes on RS/6000
-
-D 1.2 92/08/16 17:45:11 jum 2 1	00009/00000/00023
-MRs:
-COMMENTS:
-added dl_info structure to implement initialize and terminate functions
-
-D 1.1 92/08/02 18:08:45 jum 1 0	00023/00000/00000
-MRs:
-COMMENTS:
-Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
-
-SCCS/s.dlfcn.c:
-
-D 1.11 96/04/10 20:12:51 jum 13 12	00037/00000/00533
-MRs:
-COMMENTS:
-Integrated the changes from John W. Eaton <jwe@bevo.che.wisc.edu> to initialize
-g++ generated shared objects.
-
-D 1.10 96/02/15 17:42:44 jum 12 10	00012/00007/00521
-MRs:
-COMMENTS:
-the C++ constructor and destructor chains are now called properly for either
-xlC 2 or xlC 3 (CSet++).
-
-D 1.9 95/09/22 11:09:38 markus 10 9	00001/00008/00527
-MRs:
-COMMENTS:
-Fix version number
-
-D 1.8 95/09/22 10:14:34 markus 9 8	00008/00001/00527
-MRs:
-COMMENTS:
-Added version number for dl lib
-
-D 1.7 95/08/14 19:08:38 jum 8 6	00026/00004/00502
-MRs:
-COMMENTS:
-Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of
-shared objects generated under AIX 4. Fixed bug that symbols with exactly
-8 characters would use garbage characters from the following symbol value.
-
-D 1.6 95/04/25 09:38:03 jum 6 5	00046/00006/00460
-MRs:
-COMMENTS:
-added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
-
-D 1.5 93/02/14 20:14:17 jum 5 4	00002/00000/00464
-MRs:
-COMMENTS:
-added path to dlopen error message to make clear where there error occured.
-
-D 1.4 93/01/03 19:13:56 jum 4 3	00061/00005/00403
-MRs:
-COMMENTS:
-to allow calling symbols in the main module call load with L_NOAUTODEFER and 
-do a loadbind later with the main module.
-
-D 1.3 92/12/27 20:59:55 jum 3 2	00066/00008/00342
-MRs:
-COMMENTS:
-added search by L_GETINFO if module got loaded by LIBPATH
-
-D 1.2 92/08/16 17:45:43 jum 2 1	00074/00006/00276
-MRs:
-COMMENTS:
-implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
-
-D 1.1 92/08/02 18:08:45 jum 1 0	00282/00000/00000
-MRs:
-COMMENTS:
-Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
-
diff --git a/crypto/heimdal/lib/kafs/afskrb.c b/crypto/heimdal/lib/kafs/afskrb.c
deleted file mode 100644
index 523a7b9a9145..000000000000
--- a/crypto/heimdal/lib/kafs/afskrb.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afskrb.c,v 1.17 2003/04/14 08:32:11 lha Exp $");
-
-#ifdef KRB4
-
-struct krb_kafs_data {
-    const char *realm;
-};
-
-static int
-get_cred(kafs_data *data, const char *name, const char *inst, 
-	 const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    CREDENTIALS c;
-    KTEXT_ST tkt;
-    int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
-    
-    if (ret) {
-	ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
-	if (ret == KSUCCESS)
-	    ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
-    }
-    if (ret == 0)
-	ret = _kafs_v4_to_kt(&c, uid, kt);
-    return ret;
-}
-
-static int
-afslog_uid_int(kafs_data *data,
-	       const char *cell,
-	       const char *realm_hint,
-	       uid_t uid,
-	       const char *homedir)
-{
-    int ret;
-    struct kafs_token kt;
-    char name[ANAME_SZ];
-    char inst[INST_SZ];
-    char realm[REALM_SZ];
-    
-    kt.ticket = NULL;
-
-    if (cell == 0 || cell[0] == 0)
-	return _kafs_afslog_all_local_cells (data, uid, homedir);
-
-    /* Extract realm from ticket file. */
-    ret = krb_get_tf_fullname(tkt_string(), name, inst, realm);
-    if (ret != KSUCCESS)
-	return ret;
-
-    kt.ticket = NULL;
-    ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt);
-    
-    if (ret == 0) {
-	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-	free(kt.ticket);
-    }
-    return ret;
-}
-
-static char *
-get_realm(kafs_data *data, const char *host)
-{
-    char *r = krb_realmofhost(host);
-    if(r != NULL)
-	return strdup(r);
-    else
-	return NULL;
-}
-
-int
-krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
-		    const char *homedir)
-{
-    kafs_data kd;
-
-    kd.name = "krb4";
-    kd.afslog_uid = afslog_uid_int;
-    kd.get_cred = get_cred;
-    kd.get_realm = get_realm;
-    kd.data = 0;
-    return afslog_uid_int(&kd, cell, realm_hint, uid, homedir);
-}
-
-int
-krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
-{
-    return krb_afslog_uid_home(cell, realm_hint, uid, NULL);
-}
-
-int
-krb_afslog(const char *cell, const char *realm_hint)
-{
-    return krb_afslog_uid(cell, realm_hint, getuid());
-}
-
-int
-krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
-{
-    return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir);
-}
-
-/*
- *
- */
-
-int
-krb_realm_of_cell(const char *cell, char **realm)
-{
-    kafs_data kd;
-
-    kd.name = "krb4";
-    kd.get_realm = get_realm;
-    return _kafs_realm_of_cell(&kd, cell, realm);
-}
-
-int
-kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
-{
-    struct kafs_token kt;
-    int ret;
-
-    kt.ticket = NULL;
-
-    ret = _kafs_v4_to_kt(c, uid, &kt);
-    if (ret)
-	return ret;
-
-    if (kt.ct.EndTimestamp < time(NULL)) {
-	free(kt.ticket);
-	return 0;
-    }
-
-    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-    free(kt.ticket);
-    return ret;
-}
-
-#endif /* KRB4 */
diff --git a/crypto/heimdal/lib/kafs/afskrb5.c b/crypto/heimdal/lib/kafs/afskrb5.c
deleted file mode 100644
index d415db6ea0cf..000000000000
--- a/crypto/heimdal/lib/kafs/afskrb5.c
+++ /dev/null
@@ -1,326 +0,0 @@
-/*
- * Copyright (c) 1995-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afskrb5.c,v 1.18.2.1 2003/04/22 14:25:43 joda Exp $");
-
-struct krb5_kafs_data {
-    krb5_context context;
-    krb5_ccache id;
-    krb5_const_realm realm;
-};
-
-enum { 
-    KAFS_RXKAD_2B_KVNO = 213,
-    KAFS_RXKAD_K5_KVNO = 256
-};
-
-static int
-v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524)
-{
-    int kvno, ret;
-
-    kt->ticket = NULL;
-
-    /* check if des key */
-    if (cred->session.keyvalue.length != 8)
-	return EINVAL;
-
-    if (local524) {
-	Ticket t;
-	unsigned char *buf;
-	size_t buf_len;
-	size_t len;
-
-	kvno = KAFS_RXKAD_2B_KVNO;
-
-	ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-	if (ret)
-	    return ret;
-	if (t.tkt_vno != 5)
-	    return -1;
-
-	ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_len, &t.enc_part,
-			   &len, ret);
-	free_Ticket(&t);
-	if (ret)
-	    return ret;
-	if(buf_len != len) {
-	    free(buf);
-	    return KRB5KRB_ERR_GENERIC;
-	}
-
-	kt->ticket = buf;
-	kt->ticket_len = buf_len;
-
-    } else {
-	kvno = KAFS_RXKAD_K5_KVNO;
-	kt->ticket = malloc(cred->ticket.length);
-	if (kt->ticket == NULL)
-	    return ENOMEM;
-	kt->ticket_len = cred->ticket.length;
-	memcpy(kt->ticket, cred->ticket.data, kt->ticket_len);
-
-	ret = 0;
-    }
-
-
-    /*
-     * Build a struct ClearToken
-     */
-
-    kt->ct.AuthHandle = kvno;
-    memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8);
-    kt->ct.ViceId = uid;
-    kt->ct.BeginTimestamp = cred->times.starttime;
-    kt->ct.EndTimestamp = cred->times.endtime;
-
-    _kafs_fixup_viceid(&kt->ct, uid);
-
-    return 0;
-}
-
-static krb5_error_code
-v5_convert(krb5_context context, krb5_ccache id,
-	   krb5_creds *cred, uid_t uid, 
-	   const char *cell,
-	   struct kafs_token *kt)
-{
-    krb5_error_code ret;
-    char *c, *val;
-
-    c = strdup(cell);
-    if (c == NULL)
-	return ENOMEM;
-    _kafs_foldup(c, c);
-    krb5_appdefault_string (context, "libkafs",
-			    c,
-			    "afs-use-524", "yes", &val);
-    free(c);
-
-    if (strcasecmp(val, "local") == 0 || 
-	strcasecmp(val, "2b") == 0)
-	ret = v5_to_kt(cred, uid, kt, 1);
-    else if(strcasecmp(val, "yes") == 0 ||
-	    strcasecmp(val, "true") == 0 ||
-	    atoi(val)) {
-	struct credentials c;
-	
-	if (id == NULL)
-	    ret = krb524_convert_creds_kdc(context, cred, &c);
-	else
-	    ret = krb524_convert_creds_kdc_ccache(context, id, cred, &c);
-	if (ret)
-	    goto out;
-
-	ret = _kafs_v4_to_kt(&c, uid, kt);
-    } else 
-	ret = v5_to_kt(cred, uid, kt, 0);
-
- out:
-    free(val);
-    return ret;
-}
-
-
-/*
- *
- */
-
-static int
-get_cred(kafs_data *data, const char *name, const char *inst, 
-	 const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    krb5_error_code ret;
-    krb5_creds in_creds, *out_creds;
-    struct krb5_kafs_data *d = data->data;
-
-    memset(&in_creds, 0, sizeof(in_creds));
-    ret = krb5_425_conv_principal(d->context, name, inst, realm, 
-				  &in_creds.server);
-    if(ret)
-	return ret;
-    ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
-    if(ret){
-	krb5_free_principal(d->context, in_creds.server);
-	return ret;
-    }
-    in_creds.session.keytype = KEYTYPE_DES;
-    ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
-    krb5_free_principal(d->context, in_creds.server);
-    krb5_free_principal(d->context, in_creds.client);
-    if(ret)
-	return ret;
-
-    ret = v5_convert(d->context, d->id, out_creds, uid, 
-		     (inst != NULL && inst[0] != '\0') ? inst : realm, kt);
-    krb5_free_creds(d->context, out_creds);
-
-    return ret;
-}
-
-static krb5_error_code
-afslog_uid_int(kafs_data *data, const char *cell, const char *rh, uid_t uid,
-	       const char *homedir)
-{
-    krb5_error_code ret;
-    struct kafs_token kt;
-    krb5_principal princ;
-    krb5_realm *trealm; /* ticket realm */
-    struct krb5_kafs_data *d = data->data;
-    
-    if (cell == 0 || cell[0] == 0)
-	return _kafs_afslog_all_local_cells (data, uid, homedir);
-
-    ret = krb5_cc_get_principal (d->context, d->id, &princ);
-    if (ret)
-	return ret;
-
-    trealm = krb5_princ_realm (d->context, princ);
-
-    if (d->realm != NULL && strcmp (d->realm, *trealm) == 0) {
-	trealm = NULL;
-	krb5_free_principal (d->context, princ);
-    }
-
-    kt.ticket = NULL;
-    ret = _kafs_get_cred(data, cell, d->realm, *trealm, uid, &kt);
-    if(trealm)
-	krb5_free_principal (d->context, princ);
-    
-    if(ret == 0) {
-	ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-	free(kt.ticket);
-    }
-    return ret;
-}
-
-static char *
-get_realm(kafs_data *data, const char *host)
-{
-    struct krb5_kafs_data *d = data->data;
-    krb5_realm *realms;
-    char *r;
-    if(krb5_get_host_realm(d->context, host, &realms))
-	return NULL;
-    r = strdup(realms[0]);
-    krb5_free_host_realm(d->context, realms);
-    return r;
-}
-
-krb5_error_code
-krb5_afslog_uid_home(krb5_context context,
-		     krb5_ccache id,
-		     const char *cell,
-		     krb5_const_realm realm,
-		     uid_t uid,
-		     const char *homedir)
-{
-    kafs_data kd;
-    struct krb5_kafs_data d;
-    kd.name = "krb5";
-    kd.afslog_uid = afslog_uid_int;
-    kd.get_cred = get_cred;
-    kd.get_realm = get_realm;
-    kd.data = &d;
-    d.context = context;
-    d.id = id;
-    d.realm = realm;
-    return afslog_uid_int(&kd, cell, 0, uid, homedir);
-}
-
-krb5_error_code
-krb5_afslog_uid(krb5_context context,
-		krb5_ccache id,
-		const char *cell,
-		krb5_const_realm realm,
-		uid_t uid)
-{
-    return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
-}
-
-krb5_error_code
-krb5_afslog(krb5_context context,
-	    krb5_ccache id, 
-	    const char *cell,
-	    krb5_const_realm realm)
-{
-    return krb5_afslog_uid (context, id, cell, realm, getuid());
-}
-
-krb5_error_code
-krb5_afslog_home(krb5_context context,
-		 krb5_ccache id, 
-		 const char *cell,
-		 krb5_const_realm realm,
-		 const char *homedir)
-{
-    return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
-}
-
-/*
- *
- */
-
-krb5_error_code
-krb5_realm_of_cell(const char *cell, char **realm)
-{
-    kafs_data kd;
-
-    kd.name = "krb5";
-    kd.get_realm = get_realm;
-    return _kafs_realm_of_cell(&kd, cell, realm);
-}
-
-/*
- *
- */
-
-int
-kafs_settoken5(krb5_context context, const char *cell, uid_t uid,
-	       krb5_creds *cred)
-{
-    struct kafs_token kt;
-    int ret;
-
-    ret = v5_convert(context, NULL, cred, uid, cell, &kt);
-    if (ret)
-	return ret;
-
-    ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
-
-    free(kt.ticket);
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/afsl.exp b/crypto/heimdal/lib/kafs/afsl.exp
deleted file mode 100644
index 4d2b00e28337..000000000000
--- a/crypto/heimdal/lib/kafs/afsl.exp
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/unix
-
-* This mumbo jumbo creates entry points to syscalls in _AIX
-
-lpioctl	syscall
-lsetpag	syscall
diff --git a/crypto/heimdal/lib/kafs/afslib.c b/crypto/heimdal/lib/kafs/afslib.c
deleted file mode 100644
index ae3b5a5692d7..000000000000
--- a/crypto/heimdal/lib/kafs/afslib.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* 
- * This file is only used with AIX 
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afslib.c,v 1.6 1999/12/02 16:58:40 joda Exp $");
-
-int
-aix_pioctl(char *a_path,
-	   int o_opcode,
-	   struct ViceIoctl *a_paramsP,
-	   int a_followSymlinks)
-{
-    return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-}
-
-int
-aix_setpag(void)
-{
-    return lsetpag();
-}
diff --git a/crypto/heimdal/lib/kafs/afslib.exp b/crypto/heimdal/lib/kafs/afslib.exp
deleted file mode 100644
index f288717706ea..000000000000
--- a/crypto/heimdal/lib/kafs/afslib.exp
+++ /dev/null
@@ -1,3 +0,0 @@
-#!
-aix_pioctl
-aix_setpag
diff --git a/crypto/heimdal/lib/kafs/afssys.c b/crypto/heimdal/lib/kafs/afssys.c
deleted file mode 100644
index 84989a0ebf6b..000000000000
--- a/crypto/heimdal/lib/kafs/afssys.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: afssys.c,v 1.69 2003/03/18 04:18:45 lha Exp $");
-
-int _kafs_debug; /* this should be done in a better way */
-
-#define NO_ENTRY_POINT		0
-#define SINGLE_ENTRY_POINT	1
-#define MULTIPLE_ENTRY_POINT	2
-#define SINGLE_ENTRY_POINT2	3
-#define SINGLE_ENTRY_POINT3	4
-#define AIX_ENTRY_POINTS	5
-#define UNKNOWN_ENTRY_POINT	6
-static int afs_entry_point = UNKNOWN_ENTRY_POINT;
-static int afs_syscalls[2];
-
-/* Magic to get AIX syscalls to work */
-#ifdef _AIX
-
-static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
-static int (*Setpag)(void);
-
-#include "dlfcn.h"
-
-/*
- *
- */
-
-static int
-try_aix(void)
-{
-#ifdef STATIC_AFS_SYSCALLS
-    Pioctl = aix_pioctl;
-    Setpag = aix_setpag;
-#else
-    void *ptr;
-    char path[MaxPathLen], *p;
-    /*
-     * If we are root or running setuid don't trust AFSLIBPATH!
-     */
-    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
-	strlcpy(path, p, sizeof(path));
-    else
-	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
-	
-    ptr = dlopen(path, RTLD_NOW);
-    if(ptr == NULL) {
-	if(_kafs_debug) {
-	    if(errno == ENOEXEC && (p = dlerror()) != NULL)
-		fprintf(stderr, "dlopen(%s): %s\n", path, p);
-	    else if (errno != ENOENT)
-		fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
-	}
-	return 1;
-    }
-    Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
-    Pioctl = (int (*)(char*, int, 
-		      struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
-#endif
-    afs_entry_point = AIX_ENTRY_POINTS;
-    return 0;
-}
-#endif /* _AIX */
-
-/* 
- * This probably only works under Solaris and could get confused if
- * there's a /etc/name_to_sysnum file.  
- */
-
-#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
-
-static int
-map_syscall_name_to_number (const char *str, int *res)
-{
-    FILE *f;
-    char buf[256];
-    size_t str_len = strlen (str);
-
-    f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
-    if (f == NULL)
-	return -1;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	if (buf[0] == '#')
-	    continue;
-
-	if (strncmp (str, buf, str_len) == 0) {
-	    char *begptr = buf + str_len;
-	    char *endptr;
-	    long val = strtol (begptr, &endptr, 0);
-
-	    if (val != 0 && endptr != begptr) {
-		fclose (f);
-		*res = val;
-		return 0;
-	    }
-	}
-    }
-    fclose (f);
-    return -1;
-}
-
-int
-k_pioctl(char *a_path,
-	 int o_opcode,
-	 struct ViceIoctl *a_paramsP,
-	 int a_followSymlinks)
-{
-#ifndef NO_AFS
-    switch(afs_entry_point){
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    case SINGLE_ENTRY_POINT:
-    case SINGLE_ENTRY_POINT2:
-    case SINGLE_ENTRY_POINT3:
-	return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
-		       a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-#if defined(AFS_PIOCTL)
-    case MULTIPLE_ENTRY_POINT:
-	return syscall(afs_syscalls[0],
-		       a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-#ifdef _AIX
-    case AIX_ENTRY_POINTS:
-	return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
-#endif
-    }
-    
-    errno = ENOSYS;
-#ifdef SIGSYS
-    kill(getpid(), SIGSYS);	/* You lose! */
-#endif
-#endif /* NO_AFS */
-    return -1;
-}
-
-int
-k_afs_cell_of_file(const char *path, char *cell, int len)
-{
-    struct ViceIoctl parms;
-    parms.in = NULL;
-    parms.in_size = 0;
-    parms.out = cell;
-    parms.out_size = len;
-    return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1);
-}
-
-int
-k_unlog(void)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-    return k_pioctl(0, VIOCUNLOG, &parms, 0);
-}
-
-int
-k_setpag(void)
-{
-#ifndef NO_AFS
-    switch(afs_entry_point){
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    case SINGLE_ENTRY_POINT:
-    case SINGLE_ENTRY_POINT2:
-    case SINGLE_ENTRY_POINT3:
-	return syscall(afs_syscalls[0], AFSCALL_SETPAG);
-#endif
-#if defined(AFS_PIOCTL)
-    case MULTIPLE_ENTRY_POINT:
-	return syscall(afs_syscalls[1]);
-#endif
-#ifdef _AIX
-    case AIX_ENTRY_POINTS:
-	return Setpag();
-#endif
-    }
-    
-    errno = ENOSYS;
-#ifdef SIGSYS
-    kill(getpid(), SIGSYS);	/* You lose! */
-#endif
-#endif /* NO_AFS */
-    return -1;
-}
-
-static jmp_buf catch_SIGSYS;
-
-#ifdef SIGSYS
-
-static RETSIGTYPE
-SIGSYS_handler(int sig)
-{
-    errno = 0;
-    signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */
-    longjmp(catch_SIGSYS, 1);
-}
-
-#endif
-
-/*
- * Try to see if `syscall' is a pioctl.  Return 0 iff succesful.
- */
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-static int
-try_one (int syscall_num)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-
-    if (setjmp(catch_SIGSYS) == 0) {
-	syscall(syscall_num, AFSCALL_PIOCTL,
-		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	if (errno == EINVAL) {
-	    afs_entry_point = SINGLE_ENTRY_POINT;
-	    afs_syscalls[0] = syscall_num;
-	    return 0;
-	}
-    }
-    return 1;
-}
-#endif
-
-/*
- * Try to see if `syscall_pioctl' is a pioctl syscall.  Return 0 iff
- * succesful.
- *
- */
-
-#ifdef AFS_PIOCTL
-static int
-try_two (int syscall_pioctl, int syscall_setpag)
-{
-    struct ViceIoctl parms;
-    memset(&parms, 0, sizeof(parms));
-
-    if (setjmp(catch_SIGSYS) == 0) {
-	syscall(syscall_pioctl,
-		0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	if (errno == EINVAL) {
-	    afs_entry_point = MULTIPLE_ENTRY_POINT;
-	    afs_syscalls[0] = syscall_pioctl;
-	    afs_syscalls[1] = syscall_setpag;
-	    return 0;
-	}
-    }
-    return 1;
-}
-#endif
-
-int
-k_hasafs(void)
-{
-#if !defined(NO_AFS) && defined(SIGSYS)
-    RETSIGTYPE (*saved_func)(int);
-#endif
-    int saved_errno;
-    char *env = getenv ("AFS_SYSCALL");
-  
-    /*
-     * Already checked presence of AFS syscalls?
-     */
-    if (afs_entry_point != UNKNOWN_ENTRY_POINT)
-	return afs_entry_point != NO_ENTRY_POINT;
-
-    /*
-     * Probe kernel for AFS specific syscalls,
-     * they (currently) come in two flavors.
-     * If the syscall is absent we recive a SIGSYS.
-     */
-    afs_entry_point = NO_ENTRY_POINT;
-  
-    saved_errno = errno;
-#ifndef NO_AFS
-#ifdef SIGSYS
-    saved_func = signal(SIGSYS, SIGSYS_handler);
-#endif
-
-#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
-    {
-	int tmp;
-
-	if (env != NULL) {
-	    if (sscanf (env, "%d", &tmp) == 1) {
-		if (try_one (tmp) == 0)
-		    goto done;
-	    } else {
-		char *end = NULL;
-		char *p;
-		char *s = strdup (env);
-
-		if (s != NULL) {
-		    for (p = strtok_r (s, ",", &end);
-			 p != NULL;
-			 p = strtok_r (NULL, ",", &end)) {
-			if (map_syscall_name_to_number (p, &tmp) == 0)
-			    if (try_one (tmp) == 0) {
-				free (s);
-				goto done;
-			    }
-		    }
-		    free (s);
-		}
-	    }
-	}
-    }
-#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
-
-#ifdef AFS_SYSCALL
-    if (try_one (AFS_SYSCALL) == 0)
-	goto done;
-#endif /* AFS_SYSCALL */
-
-#ifdef AFS_PIOCTL
-    {
-	int tmp[2];
-
-	if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
-	    if (try_two (tmp[0], tmp[1]) == 2)
-		goto done;
-    }
-#endif /* AFS_PIOCTL */
-
-#ifdef AFS_PIOCTL
-    if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
-	goto done;
-#endif /* AFS_PIOCTL */
-
-#ifdef AFS_SYSCALL2
-    if (try_one (AFS_SYSCALL2) == 0)
-	goto done;
-#endif /* AFS_SYSCALL2 */
-
-#ifdef AFS_SYSCALL3
-    if (try_one (AFS_SYSCALL3) == 0)
-	goto done;
-#endif /* AFS_SYSCALL3 */
-
-#ifdef _AIX
-#if 0
-    if (env != NULL) {
-	char *pos = NULL;
-	char *pioctl_name;
-	char *setpag_name;
-
-	pioctl_name = strtok_r (env, ", \t", &pos);
-	if (pioctl_name != NULL) {
-	    setpag_name = strtok_r (NULL, ", \t", &pos);
-	    if (setpag_name != NULL)
-		if (try_aix (pioctl_name, setpag_name) == 0)
-		    goto done;
-	}
-    }
-#endif
-
-    if(try_aix() == 0)
-	goto done;
-#endif
-
-done:
-#ifdef SIGSYS
-    signal(SIGSYS, saved_func);
-#endif
-#endif /* NO_AFS */
-    errno = saved_errno;
-    return afs_entry_point != NO_ENTRY_POINT;
-}
diff --git a/crypto/heimdal/lib/kafs/afssysdefs.h b/crypto/heimdal/lib/kafs/afssysdefs.h
deleted file mode 100644
index bfda36a07ee6..000000000000
--- a/crypto/heimdal/lib/kafs/afssysdefs.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1995 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: afssysdefs.h,v 1.26 2003/02/08 22:55:55 assar Exp $ */
-
-/*
- * This section is for machines using single entry point AFS syscalls!
- * and/or
- * This section is for machines using multiple entry point AFS syscalls!
- *
- * SunOS 4 is an example of single entry point and sgi of multiple
- * entry point syscalls.
- */
-
-#if SunOS == 40
-#define AFS_SYSCALL	31
-#endif
-
-#if SunOS >= 50 && SunOS < 57
-#define AFS_SYSCALL	105
-#endif
-
-#if SunOS == 57
-#define AFS_SYSCALL	73
-#endif
-
-#if SunOS >= 58
-#define AFS_SYSCALL	65
-#endif
-
-#if defined(__hpux)
-#define AFS_SYSCALL	50
-#define AFS_SYSCALL2	49
-#define AFS_SYSCALL3	48
-#endif
-
-#if defined(_AIX)
-/* _AIX is too weird */
-#endif
-
-#if defined(__sgi)
-#define AFS_PIOCTL      (64+1000)
-#define AFS_SETPAG      (65+1000)
-#endif
-
-#if defined(__osf__)
-#define AFS_SYSCALL	232
-#define AFS_SYSCALL2	258
-#endif
-
-#if defined(__ultrix)
-#define AFS_SYSCALL	31
-#endif
-
-#if defined(__FreeBSD__)
-#if __FreeBSD_version >= 500000
-#define AFS_SYSCALL 339
-#else
-#define AFS_SYSCALL 210
-#endif
-#endif /* __FreeBSD__ */
-
-#ifdef __OpenBSD__
-#define AFS_SYSCALL 208
-#endif
-
-#if defined(__NetBSD__)
-#define AFS_SYSCALL 210
-#endif
-
-#ifdef __APPLE__		/* MacOS X */
-#define AFS_SYSCALL 230
-#endif
-
-#ifdef SYS_afs_syscall
-#define AFS_SYSCALL3	SYS_afs_syscall
-#endif
diff --git a/crypto/heimdal/lib/kafs/common.c b/crypto/heimdal/lib/kafs/common.c
deleted file mode 100644
index 291dcac3c1c4..000000000000
--- a/crypto/heimdal/lib/kafs/common.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "kafs_locl.h"
-
-RCSID("$Id: common.c,v 1.26.2.1 2003/04/23 18:03:20 lha Exp $");
-
-#define AUTH_SUPERUSER "afs"
-
-/*
- * Here only ASCII characters are relevant.
- */
-
-#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
-
-#define ToAsciiUpper(c) ((c) - 'a' + 'A')
-
-static void (*kafs_verbose)(void *, const char *);
-static void *kafs_verbose_ctx;
-
-void
-_kafs_foldup(char *a, const char *b)
-{
-  for (; *b; a++, b++)
-    if (IsAsciiLower(*b))
-      *a = ToAsciiUpper(*b);
-    else
-      *a = *b;
-  *a = '\0';
-}
-
-void
-kafs_set_verbose(void (*f)(void *, const char *), void *ctx)
-{
-    if (f) {
-	kafs_verbose = f;
-	kafs_verbose_ctx = ctx;
-    }
-}
-
-int
-kafs_settoken_rxkad(const char *cell, struct ClearToken *ct,
-		    void *ticket, size_t ticket_len)
-{
-    struct ViceIoctl parms;
-    char buf[2048], *t;
-    int32_t sizeof_x;
-    
-    t = buf;
-    /*
-     * length of secret token followed by secret token
-     */
-    sizeof_x = ticket_len;
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    memcpy(t, ticket, sizeof_x);
-    t += sizeof_x;
-    /*
-     * length of clear token followed by clear token
-     */
-    sizeof_x = sizeof(*ct);
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    memcpy(t, ct, sizeof_x);
-    t += sizeof_x;
-
-    /*
-     * do *not* mark as primary cell
-     */
-    sizeof_x = 0;
-    memcpy(t, &sizeof_x, sizeof(sizeof_x));
-    t += sizeof(sizeof_x);
-    /*
-     * follow with cell name
-     */
-    sizeof_x = strlen(cell) + 1;
-    memcpy(t, cell, sizeof_x);
-    t += sizeof_x;
-
-    /*
-     * Build argument block
-     */
-    parms.in = buf;
-    parms.in_size = t - buf;
-    parms.out = 0;
-    parms.out_size = 0;
-
-    return k_pioctl(0, VIOCSETTOK, &parms, 0);
-}
-
-void
-_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid)
-{
-#define ODD(x) ((x) & 1)
-    /* According to Transarc conventions ViceId is valid iff
-     * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
-     * the transformations:
-     *
-     * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
-     * preserves the original values.
-     */
-    if (uid != 0)		/* valid ViceId */
-    {
-	if (!ODD(ct->EndTimestamp - ct->BeginTimestamp))
-	    ct->EndTimestamp--;
-    }
-    else			/* not valid ViceId */
-    {
-	if (ODD(ct->EndTimestamp - ct->BeginTimestamp))
-	    ct->EndTimestamp--;
-    }
-}
-
-
-int
-_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt)
-{
-    kt->ticket = NULL;
-
-    if (c->ticket_st.length > MAX_KTXT_LEN)
-	return EINVAL;
-
-    kt->ticket = malloc(c->ticket_st.length);
-    if (kt->ticket == NULL)
-	return ENOMEM;
-    kt->ticket_len = c->ticket_st.length;
-    memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len);
-    
-    /*
-     * Build a struct ClearToken
-     */
-    kt->ct.AuthHandle = c->kvno;
-    memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session));
-    kt->ct.ViceId = uid;
-    kt->ct.BeginTimestamp = c->issue_date;
-    kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
-
-    _kafs_fixup_viceid(&kt->ct, uid);
-
-    return 0;
-}
-
-/* Try to get a db-server for an AFS cell from a AFSDB record */
-
-static int
-dns_find_cell(const char *cell, char *dbserver, size_t len)
-{
-    struct dns_reply *r;
-    int ok = -1;
-    r = dns_lookup(cell, "afsdb");
-    if(r){
-	struct resource_record *rr = r->head;
-	while(rr){
-	    if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
-		strlcpy(dbserver,
-				rr->u.afsdb->domain,
-				len);
-		ok = 0;
-		break;
-	    }
-	    rr = rr->next;
-	}
-	dns_free_data(r);
-    }
-    return ok;
-}
-
-
-/*
- * Try to find the cells we should try to klog to in "file".
- */
-static void
-find_cells(const char *file, char ***cells, int *index)
-{
-    FILE *f;
-    char cell[64];
-    int i;
-    int ind = *index;
-
-    f = fopen(file, "r");
-    if (f == NULL)
-	return;
-    while (fgets(cell, sizeof(cell), f)) {
-	char *t;
-	t = cell + strlen(cell);
-	for (; t >= cell; t--)
-	  if (*t == '\n' || *t == '\t' || *t == ' ')
-	    *t = 0;
-	if (cell[0] == '\0' || cell[0] == '#')
-	    continue;
-	for(i = 0; i < ind; i++)
-	    if(strcmp((*cells)[i], cell) == 0)
-		break;
-	if(i == ind){
-	    char **tmp;
-
-	    tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
-	    if (tmp == NULL)
-		break;
-	    *cells = tmp;
-	    (*cells)[ind] = strdup(cell);
-	    if ((*cells)[ind] == NULL)
-		break;
-	    ++ind;
-	}
-    }
-    fclose(f);
-    *index = ind;
-}
-
-/*
- * Get tokens for all cells[]
- */
-static int
-afslog_cells(kafs_data *data, char **cells, int max, uid_t uid,
-	     const char *homedir)
-{
-    int ret = 0;
-    int i;
-    for (i = 0; i < max; i++) {
-        int er = (*data->afslog_uid)(data, cells[i], 0, uid, homedir);
-	if (er)
-	    ret = er;
-    }
-    return ret;
-}
-
-int
-_kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir)
-{
-    int ret;
-    char **cells = NULL;
-    int index = 0;
-
-    if (homedir == NULL)
-	homedir = getenv("HOME");
-    if (homedir != NULL) {
-	char home[MaxPathLen];
-	snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
-	find_cells(home, &cells, &index);
-    }
-    find_cells(_PATH_THESECELLS, &cells, &index);
-    find_cells(_PATH_THISCELL, &cells, &index);
-    find_cells(_PATH_ARLA_THESECELLS, &cells, &index);
-    find_cells(_PATH_ARLA_THISCELL, &cells, &index);
-    find_cells(_PATH_OPENAFS_DEBIAN_THESECELLS, &cells, &index);
-    find_cells(_PATH_OPENAFS_DEBIAN_THISCELL, &cells, &index);
-    find_cells(_PATH_ARLA_DEBIAN_THESECELLS, &cells, &index);
-    find_cells(_PATH_ARLA_DEBIAN_THISCELL, &cells, &index);
-    
-    ret = afslog_cells(data, cells, index, uid, homedir);
-    while(index > 0)
-	free(cells[--index]);
-    free(cells);
-    return ret;
-}
-
-
-static int
-file_find_cell(kafs_data *data, const char *cell, char **realm, int exact)
-{
-    FILE *F;
-    char buf[1024];
-    char *p;
-    int ret = -1;
-
-    if ((F = fopen(_PATH_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_OPENAFS_DEBIAN_CELLSERVDB, "r"))
-	|| (F = fopen(_PATH_ARLA_DEBIAN_CELLSERVDB, "r"))) {
-	while (fgets(buf, sizeof(buf), F)) {
-	    int cmp;
-
-	    if (buf[0] != '>')
-		continue; /* Not a cell name line, try next line */
-	    p = buf;
-	    strsep(&p, " \t\n#");
-
-	    if (exact)
-		cmp = strcmp(buf + 1, cell);
-	    else
-		cmp = strncmp(buf + 1, cell, strlen(cell));
-
-	    if (cmp == 0) {
-		/*
-		 * We found the cell name we're looking for.
-		 * Read next line on the form ip-address '#' hostname
-		 */
-		if (fgets(buf, sizeof(buf), F) == NULL)
-		    break;	/* Read failed, give up */
-		p = strchr(buf, '#');
-		if (p == NULL)
-		    break;	/* No '#', give up */
-		p++;
-		if (buf[strlen(buf) - 1] == '\n')
-		    buf[strlen(buf) - 1] = '\0';
-		*realm = (*data->get_realm)(data, p);
-		if (*realm && **realm != '\0')
-		    ret = 0;
-		break;		/* Won't try any more */
-	    }
-	}
-	fclose(F);
-    }
-    return ret;
-}
-
-/* Find the realm associated with cell. Do this by opening
-   /usr/vice/etc/CellServDB and getting the realm-of-host for the
-   first VL-server for the cell.
-
-   This does not work when the VL-server is living in one realm, but
-   the cell it is serving is living in another realm.
-
-   Return 0 on success, -1 otherwise.
-   */
-
-int
-_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm)
-{
-    char buf[1024];
-    int ret;
-
-    ret = file_find_cell(data, cell, realm, 1);
-    if (ret == 0)
-	return ret;
-    if (dns_find_cell(cell, buf, sizeof(buf)) == 0) {
-	*realm = (*data->get_realm)(data, buf);
-	if(*realm != NULL)
-	    return 0;
-    }
-    return file_find_cell(data, cell, realm, 0);
-}
-
-static int
-_kafs_try_get_cred(kafs_data *data, const char *user, const char *cell,
-		   const char *realm, uid_t uid, struct kafs_token *kt)
-{
-    int ret;
-
-    ret = (*data->get_cred)(data, user, cell, realm, uid, kt);
-    if (kafs_verbose) {
-	char *str;
-	asprintf(&str, "%s tried afs%s%s@%s -> %d",
-		 data->name, cell[0] == '\0' ? "" : "/", 
-		 cell, realm, ret);
-	(*kafs_verbose)(kafs_verbose_ctx, str);
-	free(str);
-    }
-
-    return ret;
-}
-
-
-int
-_kafs_get_cred(kafs_data *data,
-	       const char *cell, 
-	       const char *realm_hint,
-	       const char *realm,
-	       uid_t uid,
-	       struct kafs_token *kt)
-{
-    int ret = -1;
-    char *vl_realm;
-    char CELL[64];
-
-    /* We're about to find the the realm that holds the key for afs in
-     * the specified cell. The problem is that null-instance
-     * afs-principals are common and that hitting the wrong realm might
-     * yield the wrong afs key. The following assumptions were made.
-     *
-     * Any realm passed to us is preferred.
-     *
-     * If there is a realm with the same name as the cell, it is most
-     * likely the correct realm to talk to.
-     *
-     * In most (maybe even all) cases the database servers of the cell
-     * will live in the realm we are looking for.
-     *
-     * Try the local realm, but if the previous cases fail, this is
-     * really a long shot.
-     *
-     */
-  
-    /* comments on the ordering of these tests */
-
-    /* If the user passes a realm, she probably knows something we don't
-     * know and we should try afs@realm_hint.
-     */
-  
-    if (realm_hint) {
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 cell, realm_hint, uid, kt);
-	if (ret == 0) return 0;
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 "", realm_hint, uid, kt);
-	if (ret == 0) return 0;
-    }
-
-    _kafs_foldup(CELL, cell);
-
-    /*
-     * If cell == realm we don't need no cross-cell authentication.
-     * Try afs@REALM.
-     */
-    if (strcmp(CELL, realm) == 0) {
-        ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 "", realm, uid, kt);
-	if (ret == 0) return 0;
-	/* Try afs.cell@REALM below. */
-    }
-
-    /*
-     * If the AFS servers have a file /usr/afs/etc/krb.conf containing
-     * REALM we still don't have to resort to cross-cell authentication.
-     * Try afs.cell@REALM.
-     */
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, 
-			     cell, realm, uid, kt);
-    if (ret == 0) return 0;
-
-    /*
-     * We failed to get ``first class tickets'' for afs,
-     * fall back to cross-cell authentication.
-     * Try afs@CELL.
-     * Try afs.cell@CELL.
-     */
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-			     "", CELL, uid, kt);
-    if (ret == 0) return 0;
-    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, 
-			     cell, CELL, uid, kt);
-    if (ret == 0) return 0;
-
-    /*
-     * Perhaps the cell doesn't correspond to any realm?
-     * Use realm of first volume location DB server.
-     * Try afs.cell@VL_REALM.
-     * Try afs@VL_REALM???
-     */
-    if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0
-	&& strcmp(vl_realm, realm) != 0
-	&& strcmp(vl_realm, CELL) != 0) {
-	ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				 cell, vl_realm, uid, kt);
-	if (ret)
-	    ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
-				     "", vl_realm, uid, kt);
-	free(vl_realm);
-	if (ret == 0) return 0;
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/dlfcn.c b/crypto/heimdal/lib/kafs/dlfcn.c
deleted file mode 100644
index 728cf5cdd768..000000000000
--- a/crypto/heimdal/lib/kafs/dlfcn.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
- * @(#)dlfcn.c	1.11 revision of 96/04/10  20:12:51
- * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
- * 30159 Hannover, Germany
- */
-
-/*
- * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton
- * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave.
- */
-
-/*
- * This makes my life easier with Octave.  --jwe
- */
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/ldr.h>
-#include <a.out.h>
-#include <ldfcn.h>
-#include "dlfcn.h"
-
-/*
- * We simulate dlopen() et al. through a call to load. Because AIX has
- * no call to find an exported symbol we read the loader section of the
- * loaded module and build a list of exported symbols and their virtual
- * address.
- */
-
-typedef struct {
-	char		*name;		/* the symbols's name */
-	void		*addr;		/* its relocated virtual address */
-} Export, *ExportPtr;
-
-/*
- * xlC uses the following structure to list its constructors and
- * destructors. This is gleaned from the output of munch.
- */
-typedef struct {
-	void (*init)(void);		/* call static constructors */
-	void (*term)(void);		/* call static destructors */
-} Cdtor, *CdtorPtr;
-
-typedef void (*GccCDtorPtr)(void);
-
-/*
- * The void * handle returned from dlopen is actually a ModulePtr.
- */
-typedef struct Module {
-	struct Module	*next;
-	char		*name;		/* module name for refcounting */
-	int		refCnt;		/* the number of references */
-	void		*entry;		/* entry point from load */
-	struct dl_info	*info;		/* optional init/terminate functions */
-	CdtorPtr	cdtors;		/* optional C++ constructors */
-	GccCDtorPtr	gcc_ctor;	/* g++ constructors  --jwe */
-	GccCDtorPtr	gcc_dtor;	/* g++ destructors  --jwe */
-	int		nExports;	/* the number of exports found */
-	ExportPtr	exports;	/* the array of exports */
-} Module, *ModulePtr;
-
-/*
- * We keep a list of all loaded modules to be able to call the fini
- * handlers and destructors at atexit() time.
- */
-static ModulePtr modList;
-
-/*
- * The last error from one of the dl* routines is kept in static
- * variables here. Each error is returned only once to the caller.
- */
-static char errbuf[BUFSIZ];
-static int errvalid;
-
-/*
- * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for
- * strdup().  --jwe
- */
-#ifndef HAVE_STRDUP
-extern char *strdup(const char *);
-#endif
-static void caterr(char *);
-static int readExports(ModulePtr);
-static void terminate(void);
-static void *findMain(void);
-
-void *dlopen(const char *path, int mode)
-{
-	ModulePtr mp;
-	static void *mainModule;
-
-	/*
-	 * Upon the first call register a terminate handler that will
-	 * close all libraries. Also get a reference to the main module
-	 * for use with loadbind.
-	 */
-	if (!mainModule) {
-		if ((mainModule = findMain()) == NULL)
-			return NULL;
-		atexit(terminate);
-	}
-	/*
-	 * Scan the list of modules if we have the module already loaded.
-	 */
-	for (mp = modList; mp; mp = mp->next)
-		if (strcmp(mp->name, path) == 0) {
-			mp->refCnt++;
-			return mp;
-		}
-	if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno));
-		return NULL;
-	}
-	if ((mp->name = strdup(path)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno));
-		free(mp);
-		return NULL;
-	}
-	/*
-	 * load should be declared load(const char *...). Thus we
-	 * cast the path to a normal char *. Ugly.
-	 */
-	if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) {
-		free(mp->name);
-		free(mp);
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "dlopen: %s: ", path);
-		/*
-		 * If AIX says the file is not executable, the error
-		 * can be further described by querying the loader about
-		 * the last error.
-		 */
-		if (errno == ENOEXEC) {
-			char *tmp[BUFSIZ/sizeof(char *)];
-			if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
-				strlcpy(errbuf,
-						strerror(errno),
-						sizeof(errbuf));
-			else {
-				char **p;
-				for (p = tmp; *p; p++)
-					caterr(*p);
-			}
-		} else
-			strlcat(errbuf,
-					strerror(errno),
-					sizeof(errbuf));
-		return NULL;
-	}
-	mp->refCnt = 1;
-	mp->next = modList;
-	modList = mp;
-	if (loadbind(0, mainModule, mp->entry) == -1) {
-		dlclose(mp);
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "loadbind: %s", strerror(errno));
-		return NULL;
-	}
-	/*
-	 * If the user wants global binding, loadbind against all other
-	 * loaded modules.
-	 */
-	if (mode & RTLD_GLOBAL) {
-		ModulePtr mp1;
-		for (mp1 = mp->next; mp1; mp1 = mp1->next)
-			if (loadbind(0, mp1->entry, mp->entry) == -1) {
-				dlclose(mp);
-				errvalid++;
-				snprintf (errbuf, sizeof(errbuf),
-					  "loadbind: %s",
-					  strerror(errno));
-				return NULL;
-			}
-	}
-	if (readExports(mp) == -1) {
-		dlclose(mp);
-		return NULL;
-	}
-	/*
-	 * If there is a dl_info structure, call the init function.
-	 */
-	if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) {
-		if (mp->info->init)
-			(*mp->info->init)();
-	} else
-		errvalid = 0;
-	/*
-	 * If the shared object was compiled using xlC we will need
-	 * to call static constructors (and later on dlclose destructors).
-	 */
-	if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) {
-		CdtorPtr cp = mp->cdtors;
-		while (cp->init || cp->term) {
-			if (cp->init && cp->init != (void (*)(void))0xffffffff)
-				(*cp->init)();
-			cp++;
-		}
-	/*
-	 * If the shared object was compiled using g++, we will need
-	 * to call global constructors using the _GLOBAL__DI function,
-	 * and later, global destructors using the _GLOBAL_DD
-	 * funciton.  --jwe
-	 */
-	} else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) {
-		(*mp->gcc_ctor)();
-		mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); 
-	} else
-		errvalid = 0;
-	return mp;
-}
-
-/*
- * Attempt to decipher an AIX loader error message and append it
- * to our static error message buffer.
- */
-static void caterr(char *s)
-{
-	char *p = s;
-
-	while (*p >= '0' && *p <= '9')
-		p++;
-	switch(atoi(s)) {
-	case L_ERROR_TOOMANY:
-		strlcat(errbuf, "to many errors", sizeof(errbuf));
-		break;
-	case L_ERROR_NOLIB:
-		strlcat(errbuf, "can't load library", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_UNDEF:
-		strlcat(errbuf, "can't find symbol", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_RLDBAD:
-		strlcat(errbuf, "bad RLD", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_FORMAT:
-		strlcat(errbuf, "bad exec format in", sizeof(errbuf));
-		strlcat(errbuf, p, sizeof(errbuf));
-		break;
-	case L_ERROR_ERRNO:
-		strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf));
-		break;
-	default:
-		strlcat(errbuf, s, sizeof(errbuf));
-		break;
-	}
-}
-
-void *dlsym(void *handle, const char *symbol)
-{
-	ModulePtr mp = (ModulePtr)handle;
-	ExportPtr ep;
-	int i;
-
-	/*
-	 * Could speed up the search, but I assume that one assigns
-	 * the result to function pointers anyways.
-	 */
-	for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
-		if (strcmp(ep->name, symbol) == 0)
-			return ep->addr;
-	errvalid++;
-	snprintf (errbuf, sizeof(errbuf),
-		  "dlsym: undefined symbol %s", symbol);		  
-	return NULL;
-}
-
-char *dlerror(void)
-{
-	if (errvalid) {
-		errvalid = 0;
-		return errbuf;
-	}
-	return NULL;
-}
-
-int dlclose(void *handle)
-{
-	ModulePtr mp = (ModulePtr)handle;
-	int result;
-	ModulePtr mp1;
-
-	if (--mp->refCnt > 0)
-		return 0;
-	if (mp->info && mp->info->fini)
-		(*mp->info->fini)();
-	if (mp->cdtors) {
-		CdtorPtr cp = mp->cdtors;
-		while (cp->init || cp->term) {
-			if (cp->term && cp->init != (void (*)(void))0xffffffff)
-				(*cp->term)();
-			cp++;
-		}
-	/*
-	 * If the function to handle global destructors for g++
-	 * exists, call it.  --jwe
-	 */
-	} else if (mp->gcc_dtor) {
-	        (*mp->gcc_dtor)();
-	}
-	result = unload(mp->entry);
-	if (result == -1) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "%s", strerror(errno));
-	}
-	if (mp->exports) {
-		ExportPtr ep;
-		int i;
-		for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
-			if (ep->name)
-				free(ep->name);
-		free(mp->exports);
-	}
-	if (mp == modList)
-		modList = mp->next;
-	else {
-		for (mp1 = modList; mp1; mp1 = mp1->next)
-			if (mp1->next == mp) {
-				mp1->next = mp->next;
-				break;
-			}
-	}
-	free(mp->name);
-	free(mp);
-	return result;
-}
-
-static void terminate(void)
-{
-	while (modList)
-		dlclose(modList);
-}
-
-/*
- * Build the export table from the XCOFF .loader section.
- */
-static int readExports(ModulePtr mp)
-{
-	LDFILE *ldp = NULL;
-	SCNHDR sh, shdata;
-	LDHDR *lhp;
-	char *ldbuf;
-	LDSYM *ls;
-	int i;
-	ExportPtr ep;
-
-	if ((ldp = ldopen(mp->name, ldp)) == NULL) {
-		struct ld_info *lp;
-		char *buf;
-		int size = 4*1024;
-		if (errno != ENOENT) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			return -1;
-		}
-		/*
-		 * The module might be loaded due to the LIBPATH
-		 * environment variable. Search for the loaded
-		 * module using L_GETINFO.
-		 */
-		if ((buf = malloc(size)) == NULL) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			return -1;
-		}
-		while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
-			free(buf);
-			size += 4*1024;
-			if ((buf = malloc(size)) == NULL) {
-				errvalid++;
-				snprintf(errbuf, sizeof(errbuf),
-					 "readExports: %s",
-					 strerror(errno));
-				return -1;
-			}
-		}
-		if (i == -1) {
-			errvalid++;
-			snprintf(errbuf, sizeof(errbuf),
-				 "readExports: %s",
-				 strerror(errno));
-			free(buf);
-			return -1;
-		}
-		/*
-		 * Traverse the list of loaded modules. The entry point
-		 * returned by load() does actually point to the data
-		 * segment origin.
-		 */
-		lp = (struct ld_info *)buf;
-		while (lp) {
-			if (lp->ldinfo_dataorg == mp->entry) {
-				ldp = ldopen(lp->ldinfo_filename, ldp);
-				break;
-			}
-			if (lp->ldinfo_next == 0)
-				lp = NULL;
-			else
-				lp = (struct ld_info *)((char *)lp + lp->ldinfo_next);
-		}
-		free(buf);
-		if (!ldp) {
-			errvalid++;
-			snprintf (errbuf, sizeof(errbuf),
-				  "readExports: %s", strerror(errno));
-			return -1;
-		}
-	}
-	if (TYPE(ldp) != U802TOCMAGIC) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * Get the padding for the data section. This is needed for
-	 * AIX 4.1 compilers. This is used when building the final
-	 * function pointer to the exported symbol.
-	 */
-	if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read data section header");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read loader section header");
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * We read the complete loader section in one chunk, this makes
-	 * finding long symbol names residing in the string table easier.
-	 */
-	if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "readExports: %s", strerror(errno));
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot seek to loader section");
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
-		errvalid++;
-		snprintf(errbuf, sizeof(errbuf),
-			 "readExports: cannot read loader section");
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	lhp = (LDHDR *)ldbuf;
-	ls = (LDSYM *)(ldbuf+LDHDRSZ);
-	/*
-	 * Count the number of exports to include in our export table.
-	 */
-	for (i = lhp->l_nsyms; i; i--, ls++) {
-		if (!LDR_EXPORT(*ls))
-			continue;
-		mp->nExports++;
-	}
-	if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "readExports: %s", strerror(errno));
-		free(ldbuf);
-		while(ldclose(ldp) == FAILURE)
-			;
-		return -1;
-	}
-	/*
-	 * Fill in the export table. All entries are relative to
-	 * the entry point we got from load.
-	 */
-	ep = mp->exports;
-	ls = (LDSYM *)(ldbuf+LDHDRSZ);
-	for (i = lhp->l_nsyms; i; i--, ls++) {
-		char *symname;
-		char tmpsym[SYMNMLEN+1];
-		if (!LDR_EXPORT(*ls))
-			continue;
-		if (ls->l_zeroes == 0)
-			symname = ls->l_offset+lhp->l_stoff+ldbuf;
-		else {
-			/*
-			 * The l_name member is not zero terminated, we
-			 * must copy the first SYMNMLEN chars and make
-			 * sure we have a zero byte at the end.
-			 */
-		        strlcpy (tmpsym, ls->l_name,
-					 SYMNMLEN + 1);
-			symname = tmpsym;
-		}
-		ep->name = strdup(symname);
-		ep->addr = (void *)((unsigned long)mp->entry +
-					ls->l_value - shdata.s_vaddr);
-		ep++;
-	}
-	free(ldbuf);
-	while(ldclose(ldp) == FAILURE)
-		;
-	return 0;
-}
-
-/*
- * Find the main modules entry point. This is used as export pointer
- * for loadbind() to be able to resolve references to the main part.
- */
-static void * findMain(void)
-{
-	struct ld_info *lp;
-	char *buf;
-	int size = 4*1024;
-	int i;
-	void *ret;
-
-	if ((buf = malloc(size)) == NULL) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "findMail: %s", strerror(errno));
-		return NULL;
-	}
-	while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
-		free(buf);
-		size += 4*1024;
-		if ((buf = malloc(size)) == NULL) {
-			errvalid++;
-			snprintf (errbuf, sizeof(errbuf),
-				  "findMail: %s", strerror(errno));
-			return NULL;
-		}
-	}
-	if (i == -1) {
-		errvalid++;
-		snprintf (errbuf, sizeof(errbuf),
-			  "findMail: %s", strerror(errno));
-		free(buf);
-		return NULL;
-	}
-	/*
-	 * The first entry is the main module. The entry point
-	 * returned by load() does actually point to the data
-	 * segment origin.
-	 */
-	lp = (struct ld_info *)buf;
-	ret = lp->ldinfo_dataorg;
-	free(buf);
-	return ret;
-}
diff --git a/crypto/heimdal/lib/kafs/dlfcn.h b/crypto/heimdal/lib/kafs/dlfcn.h
deleted file mode 100644
index b8dfd985a535..000000000000
--- a/crypto/heimdal/lib/kafs/dlfcn.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * @(#)dlfcn.h	1.4 revision of 95/04/25  09:36:52
- * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
- * 30159 Hannover, Germany
- */
-
-#ifndef __dlfcn_h__
-#define __dlfcn_h__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Mode flags for the dlopen routine.
- */
-#define RTLD_LAZY	1	/* lazy function call binding */
-#define RTLD_NOW	2	/* immediate function call binding */
-#define RTLD_GLOBAL	0x100	/* allow symbols to be global */
-
-/*
- * To be able to initialize, a library may provide a dl_info structure
- * that contains functions to be called to initialize and terminate.
- */
-struct dl_info {
-	void (*init)(void);
-	void (*fini)(void);
-};
-
-#if __STDC__ || defined(_IBMR2)
-void *dlopen(const char *path, int mode);
-void *dlsym(void *handle, const char *symbol);
-char *dlerror(void);
-int dlclose(void *handle);
-#else
-void *dlopen();
-void *dlsym();
-char *dlerror();
-int dlclose();
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __dlfcn_h__ */
diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3
deleted file mode 100644
index c6cff4da7d2e..000000000000
--- a/crypto/heimdal/lib/kafs/kafs.3
+++ /dev/null
@@ -1,275 +0,0 @@
-.\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\"	$Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $
-.\"
-.Dd Mar 17, 2003
-.Os HEIMDAL
-.Dt KAFS 3
-.Sh NAME
-.Nm k_hasafs ,
-.Nm k_pioctl ,
-.Nm k_unlog ,
-.Nm k_setpag ,
-.Nm k_afs_cell_of_file ,
-.Nm kafs_set_verbose ,
-.Nm kafs_settoken_rxkad ,
-.Nm kafs_settoken ,
-.Nm krb_afslog ,
-.Nm krb_afslog_uid
-.Nm kafs_settoken5 ,
-.Nm krb5_afslog ,
-.Nm krb5_afslog_uid
-.Nd AFS library
-.Sh LIBRARY
-AFS cache manager access library (libkafs, -lkafs)
-.Sh SYNOPSIS
-.In kafs.h
-.Ft int
-.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
-.Ft int
-.Fn k_hasafs "void"
-.Ft int
-.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
-.Ft int
-.Fn k_setpag "void"
-.Ft int
-.Fn k_unlog "void"
-.Ft void
-.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
-.Ft int
-.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
-.Ft int
-.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
-.Fn krb_afslog "char *cell" "char *realm"
-.Ft int
-.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
-.Ft krb5_error_code
-.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
-.Ft int
-.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
-.Ft krb5_error_code
-.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
-.Sh DESCRIPTION
-.Fn k_hasafs
-initializes some library internal structures, and tests for the
-presence of AFS in the kernel, none of the other functions should be
-called before
-.Fn k_hasafs
-is called, or if it fails.
-.Pp
-.Fn kafs_set_verbose
-set a log function that will be called each time the kafs library does
-something important so that the application using libkafs can output
-verbose logging.
-Calling the function
-.Fa kafs_set_verbose
-with the function argument set to
-.Dv NULL
-will stop libkafs from calling the logging function (if set).
-.Pp
-.Fn kafs_settoken_rxkad
-set
-.Li rxkad
-with the
-.Fa token
-and
-.Fa ticket
-(that have the length
-.Fa ticket_len )
-for a given
-.Fa cell .
-.Pp
-.Fn kafs_settoken
-and
-.Fn kafs_settoken5
-work the same way as
-.Fn kafs_settoken_rxkad
-but internally converts the Kerberos 4 or 5 credential to a afs
-cleartoken and ticket.
-.Pp
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid
-obtains new tokens (and possibly tickets) for the specified
-.Fa cell
-and
-.Fa realm .
-If
-.Fa cell
-is
-.Dv NULL ,
-the local cell is used. If
-.Fa realm
-is
-.Dv NULL ,
-the function tries to guess what realm to use. Unless you  have some good knowledge of what cell or realm to use, you should pass
-.Dv NULL .
-.Fn krb_afslog
-will use the real user-id for the
-.Dv ViceId
-field in the token,
-.Fn krb_afslog_uid
-will use
-.Fa uid .
-.Pp
-.Fn krb5_afslog ,
-and
-.Fn krb5_afslog_uid
-are the Kerberos 5 equivalents of
-.Fn krb_afslog ,
-and
-.Fn krb_afslog_uid .
-.Pp
-.Fn krb5_afslog ,
-.Fn kafs_settoken5
-can be configured to behave diffrently via a 
-.Nm krb5_appdefault
-option
-.Li afs-use-524
-in
-.Pa krb5.conf .
-Possible values for
-.Li afs-use-524
-are:
-.Bl -tag -width local
-.It yes
-use the 524 server in the realm to convert the ticket
-.It no
-use the Kerberos 5 ticket directly, can be used with if the afs cell
-support 2b token.
-.It local, 2b
-convert the Kerberos 5 credential to a 2b token locally (the same work
-as a 2b 524 server should have done).
-.El
-.Pp
-Example:
-.Pp
-.Bd -literal
-[appdefaults]
-	SU.SE = { afs-use-524 = local }
-	PDC.KTH.SE = { afs-use-524 = yes }
-	afs-use-524 = yes
-.Ed
-.Pp
-libkafs will use the
-.Li libkafs
-as application name when running the
-.Nm krb5_appdefault
-function call.
-.Pp
-The (uppercased) cellname is used as the realm to the
-.Nm krb5_appdefault function.
-.Pp
-.\" The extra arguments are the ubiquitous context, and the cache id where
-.\" to store any obtained tickets. Since AFS servers normally can't handle
-.\" Kerberos 5 tickets directly, these functions will first obtain version
-.\" 5 tickets for the requested cells, and then convert them to version 4
-.\" tickets, that can be stashed in the kernel. To convert tickets the
-.\" .Fn krb524_convert_creds_kdc
-.\" function will be used.
-.\" .Pp
-.Fn k_afs_cell_of_file
-will in
-.Fa cell
-return the cell of a specified file, no more than
-.Fa len
-characters is put in
-.Fa cell .
-.Pp
-.Fn k_pioctl
-does a
-.Fn pioctl
-syscall with the specified arguments. This function is equivalent to
-.Fn lpioctl .
-.Pp
-.Fn k_setpag
-initializes a new PAG.
-.Pp
-.Fn k_unlog
-removes destroys all tokens in the current PAG.
-.Sh RETURN VALUES
-.Fn k_hasafs
-returns 1 if AFS is present in the kernel, 0 otherwise.
-.Fn krb_afslog
-and
-.Fn krb_afslog_uid
-returns 0 on success, or a Kerberos error number on failure.
-.Fn k_afs_cell_of_file ,
-.Fn k_pioctl ,
-.Fn k_setpag ,
-and
-.Fn k_unlog
-all return the value of the underlaying system call, 0 on success.
-.Sh ENVIRONMENT
-The following environment variable affect the mode of operation of
-.Nm kafs :
-.Bl -tag -width AFS_SYSCALL
-.It Ev AFS_SYSCALL
-Normally,
-.Nm kafs
-will try to figure out the correct system call(s) that are used by AFS
-by itself.  If it does not manage to do that, or does it incorrectly,
-you can set this variable to the system call number or list of system
-call numbers that should be used.
-.El
-.Sh EXAMPLES
-The following code from
-.Nm login
-will obtain a new PAG and tokens for the local cell and the cell of
-the users home directory.
-.Bd -literal
-if (k_hasafs()) {
-	char cell[64];
-	k_setpag();
-	if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
-		krb_afslog(cell, NULL);
-	krb_afslog(NULL, NULL);
-}
-.Ed
-.Sh ERRORS
-If any of these functions (apart from
-.Fn k_hasafs )
-is called without AFS being present in the kernel, the process will
-usually (depending on the operating system) receive a SIGSYS signal.
-.Sh SEE ALSO
-.Rs
-.%A Transarc Corporation
-.%J AFS-3 Programmer's Reference
-.%T File Server/Cache Manager Interface
-.%D 1991
-.Re
-.Pp
-.Xr krb5_appdefaults 3 ,
-.Xr krb5.conf 5
-.Sh BUGS
-.Ev AFS_SYSCALL
-has no effect under AIX.
diff --git a/crypto/heimdal/lib/kafs/kafs.cat3 b/crypto/heimdal/lib/kafs/kafs.cat3
deleted file mode 100644
index ecab780e25b5..000000000000
--- a/crypto/heimdal/lib/kafs/kafs.cat3
+++ /dev/null
@@ -1,97 +0,0 @@
-KAFS(3)                   NetBSD Programmer's Manual                   KAFS(3)
-
-NNAAMMEE
-     kk__hhaassaaffss, kk__ppiiooccttll, kk__uunnlloogg, kk__sseettppaagg, kk__aaffss__cceellll__ooff__ffiillee, kkrrbb__aaffsslloogg,
-     kkrrbb__aaffsslloogg__uuiidd - AFS library
-
-LLIIBBRRAARRYY
-     AFS cache manager access library (libkafs, -lkafs)
-
-SSYYNNOOPPSSIISS
-     ##iinncclluuddee <<kkaaffss..hh>>
-
-     _i_n_t
-     kk__aaffss__cceellll__ooff__ffiillee(_c_o_n_s_t _c_h_a_r _*_p_a_t_h, _c_h_a_r _*_c_e_l_l, _i_n_t _l_e_n);
-
-     _i_n_t
-     kk__hhaassaaffss();
-
-     _i_n_t
-     kk__ppiiooccttll(_c_h_a_r _*_a___p_a_t_h, _i_n_t _o___o_p_c_o_d_e, _s_t_r_u_c_t _V_i_c_e_I_o_c_t_l _*_a___p_a_r_a_m_s_P,
-             _i_n_t _a___f_o_l_l_o_w_S_y_m_l_i_n_k_s);
-
-     _i_n_t
-     kk__sseettppaagg();
-
-     _i_n_t
-     kk__uunnlloogg();
-
-     _i_n_t
-     kkrrbb__aaffsslloogg(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m);
-
-     _i_n_t
-     kkrrbb__aaffsslloogg__uuiidd(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m, _u_i_d___t _u_i_d);
-
-DDEESSCCRRIIPPTTIIOONN
-     kk__hhaassaaffss() initializes some library internal structures, and tests for
-     the presence of AFS in the kernel, none of the other functions should be
-     called before kk__hhaassaaffss() is called, or if it fails.
-
-     kkrrbb__aaffsslloogg(), and kkrrbb__aaffsslloogg__uuiidd() obtains new tokens (and possibly tick-
-     ets) for the specified _c_e_l_l and _r_e_a_l_m.  If _c_e_l_l is NULL, the local cell
-     is used. If _r_e_a_l_m is NULL, the function tries to guess what realm to use.
-     Unless you  have some good knowledge of what cell or realm to use, you
-     should pass NULL.  kkrrbb__aaffsslloogg() will use the real user-id for the ViceId
-     field in the token, kkrrbb__aaffsslloogg__uuiidd() will use _u_i_d.
-
-     kk__aaffss__cceellll__ooff__ffiillee() will in _c_e_l_l return the cell of a specified file, no
-     more than _l_e_n characters is put in _c_e_l_l.
-
-     kk__ppiiooccttll() does a ppiiooccttll() syscall with the specified arguments. This
-     function is equivalent to llppiiooccttll().
-
-     kk__sseettppaagg() initializes a new PAG.
-
-     kk__uunnlloogg() removes destroys all tokens in the current PAG.
-
-RREETTUURRNN VVAALLUUEESS
-     kk__hhaassaaffss() returns 1 if AFS is present in the kernel, 0 otherwise.
-     kkrrbb__aaffsslloogg() and kkrrbb__aaffsslloogg__uuiidd() returns 0 on success, or a kerberos er-
-     ror number on failure.  kk__aaffss__cceellll__ooff__ffiillee(), kk__ppiiooccttll(), kk__sseettppaagg(), and
-     kk__uunnlloogg() all return the value of the underlaying system call, 0 on suc-
-     cess.
-
-EENNVVIIRROONNMMEENNTT
-     The following environment variable affect the mode of operation of kkaaffss:
-
-     AFS_SYSCALL  Normally, kkaaffss will try to figure out the correct system
-                  call(s) that are used by AFS by itself.  If it does not man-
-                  age to do that, or does it incorrectly, you can set this
-                  variable to the system call number or list of system call
-                  numbers that should be used.
-
-EEXXAAMMPPLLEESS
-     The following code from llooggiinn will obtain a new PAG and tokens for the
-     local cell and the cell of the users home directory.
-
-     if (k_hasafs()) {
-             char cell[64];
-             k_setpag();
-             if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
-                     krb_afslog(cell, NULL);
-             krb_afslog(NULL, NULL);
-     }
-
-EERRRROORRSS
-     If any of these functions (apart from kk__hhaassaaffss()) is called without AFS
-     beeing present in the kernel, the process will usually (depending on the
-     operating system) receive a SIGSYS signal.
-
-SSEEEE AALLSSOO
-     Transarc Corporation, "File Server/Cache Manager Interface", _A_F_S_-_3
-     _P_r_o_g_r_a_m_m_e_r_'_s _R_e_f_e_r_e_n_c_e, 1991.
-
-BBUUGGSS
-     AFS_SYSCALL has no effect under AIX.
-
- KTH-KRB                          May 7, 1997                                2
diff --git a/crypto/heimdal/lib/kafs/kafs.h b/crypto/heimdal/lib/kafs/kafs.h
deleted file mode 100644
index f95b7769a48f..000000000000
--- a/crypto/heimdal/lib/kafs/kafs.h
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kafs.h,v 1.39.2.1 2003/04/23 18:03:21 lha Exp $ */
-
-#ifndef __KAFS_H
-#define __KAFS_H
-
-/* XXX must include krb5.h or krb.h */
-
-/* sys/ioctl.h must be included manually before kafs.h */
-
-/*
- */
-#define AFSCALL_PIOCTL 20
-#define AFSCALL_SETPAG 21
-
-#ifndef _VICEIOCTL
-#define _VICEIOCTL(id)  ((unsigned int ) _IOW('V', id, struct ViceIoctl))
-#endif /* _VICEIOCTL */
-
-#define VIOCSETAL		_VICEIOCTL(1)
-#define VIOCGETAL		_VICEIOCTL(2)
-#define VIOCSETTOK		_VICEIOCTL(3)
-#define VIOCGETVOLSTAT		_VICEIOCTL(4)
-#define VIOCSETVOLSTAT		_VICEIOCTL(5)
-#define VIOCFLUSH		_VICEIOCTL(6)
-#define VIOCGETTOK		_VICEIOCTL(8)
-#define VIOCUNLOG		_VICEIOCTL(9)
-#define VIOCCKSERV		_VICEIOCTL(10)
-#define VIOCCKBACK		_VICEIOCTL(11)
-#define VIOCCKCONN		_VICEIOCTL(12)
-#define VIOCWHEREIS		_VICEIOCTL(14)
-#define VIOCACCESS		_VICEIOCTL(20)
-#define VIOCUNPAG		_VICEIOCTL(21)
-#define VIOCGETFID		_VICEIOCTL(22)
-#define VIOCSETCACHESIZE	_VICEIOCTL(24)
-#define VIOCFLUSHCB		_VICEIOCTL(25)
-#define VIOCNEWCELL		_VICEIOCTL(26)
-#define VIOCGETCELL		_VICEIOCTL(27)
-#define VIOC_AFS_DELETE_MT_PT	_VICEIOCTL(28)
-#define VIOC_AFS_STAT_MT_PT	_VICEIOCTL(29)
-#define VIOC_FILE_CELL_NAME	_VICEIOCTL(30)
-#define VIOC_GET_WS_CELL	_VICEIOCTL(31)
-#define VIOC_AFS_MARINER_HOST	_VICEIOCTL(32)
-#define VIOC_GET_PRIMARY_CELL	_VICEIOCTL(33)
-#define VIOC_VENUSLOG		_VICEIOCTL(34)
-#define VIOC_GETCELLSTATUS	_VICEIOCTL(35)
-#define VIOC_SETCELLSTATUS	_VICEIOCTL(36)
-#define VIOC_FLUSHVOLUME	_VICEIOCTL(37)
-#define VIOC_AFS_SYSNAME	_VICEIOCTL(38)
-#define VIOC_EXPORTAFS		_VICEIOCTL(39)
-#define VIOCGETCACHEPARAMS	_VICEIOCTL(40)
-#define VIOC_GCPAGS		_VICEIOCTL(48) 
-
-struct ViceIoctl {
-  caddr_t in, out;
-  short in_size;
-  short out_size;
-};
-
-struct ClearToken {
-  int32_t AuthHandle;
-  char HandShakeKey[8];
-  int32_t ViceId;
-  int32_t BeginTimestamp;
-  int32_t EndTimestamp;
-};
-
-#ifdef __STDC__
-#ifndef __P
-#define __P(x) x
-#endif
-#else
-#ifndef __P
-#define __P(x) ()
-#endif
-#endif
-
-/* Use k_hasafs() to probe if the machine supports AFS syscalls.
-   The other functions will generate a SIGSYS if AFS is not supported */
-
-int k_hasafs __P((void));
-
-int krb_afslog __P((const char *cell, const char *realm));
-int krb_afslog_uid __P((const char *cell, const char *realm, uid_t uid));
-int krb_afslog_home __P((const char *cell, const char *realm,
-			 const char *homedir));
-int krb_afslog_uid_home __P((const char *cell, const char *realm, uid_t uid,
-			     const char *homedir));
-
-int krb_realm_of_cell __P((const char *cell, char **realm));
-
-/* compat */
-#define k_afsklog krb_afslog
-#define k_afsklog_uid krb_afslog_uid
-
-int k_pioctl __P((char *a_path,
-		  int o_opcode,
-		  struct ViceIoctl *a_paramsP,
-		  int a_followSymlinks));
-int k_unlog __P((void));
-int k_setpag __P((void));
-int k_afs_cell_of_file __P((const char *path, char *cell, int len));
-
-
-
-/* XXX */
-#ifdef KFAILURE
-#define KRB_H_INCLUDED
-#endif
-
-#ifdef KRB5_RECVAUTH_IGNORE_VERSION
-#define KRB5_H_INCLUDED
-#endif
-
-void kafs_set_verbose __P((void (*kafs_verbose)(void *, const char *), void *));
-int kafs_settoken_rxkad __P((const char *, struct ClearToken *,
-			     void *ticket, size_t ticket_len));
-#ifdef KRB_H_INCLUDED
-int kafs_settoken __P((const char*, uid_t, CREDENTIALS*));
-#endif
-#ifdef KRB5_H_INCLUDED
-int kafs_settoken5 __P((krb5_context, const char*, uid_t, krb5_creds*));
-#endif
-
-
-#ifdef KRB5_H_INCLUDED
-krb5_error_code krb5_afslog_uid __P((krb5_context context,
-				     krb5_ccache id,
-				     const char *cell,
-				     krb5_const_realm realm,
-				     uid_t uid));
-krb5_error_code krb5_afslog __P((krb5_context context,
-				 krb5_ccache id, 
-				 const char *cell,
-				 krb5_const_realm realm));
-krb5_error_code krb5_afslog_uid_home __P((krb5_context context,
-					  krb5_ccache id,
-					  const char *cell,
-					  krb5_const_realm realm,
-					  uid_t uid,
-					  const char *homedir));
-
-krb5_error_code krb5_afslog_home __P((krb5_context context,
-				      krb5_ccache id,
-				      const char *cell,
-				      krb5_const_realm realm,
-				      const char *homedir));
-
-krb5_error_code krb5_realm_of_cell __P((const char *cell, char **realm));
-
-#endif
-
-
-#define _PATH_VICE		"/usr/vice/etc/"
-#define _PATH_THISCELL 		_PATH_VICE "ThisCell"
-#define _PATH_CELLSERVDB 	_PATH_VICE "CellServDB"
-#define _PATH_THESECELLS	_PATH_VICE "TheseCells"
-
-#define _PATH_ARLA_VICE		"/usr/arla/etc/"
-#define _PATH_ARLA_THISCELL	_PATH_ARLA_VICE "ThisCell"
-#define _PATH_ARLA_CELLSERVDB 	_PATH_ARLA_VICE "CellServDB"
-#define _PATH_ARLA_THESECELLS	_PATH_ARLA_VICE "TheseCells"
-
-#define _PATH_OPENAFS_DEBIAN_VICE		"/etc/openafs/"
-#define _PATH_OPENAFS_DEBIAN_THISCELL		_PATH_OPENAFS_DEBIAN_VICE "ThisCell"
-#define _PATH_OPENAFS_DEBIAN_CELLSERVDB 	_PATH_OPENAFS_DEBIAN_VICE "CellServDB"
-#define _PATH_OPENAFS_DEBIAN_THESECELLS		_PATH_OPENAFS_DEBIAN_VICE "TheseCells"
-
-#define _PATH_ARLA_DEBIAN_VICE			"/etc/arla/"
-#define _PATH_ARLA_DEBIAN_THISCELL		_PATH_ARLA_DEBIAN_VICE "ThisCell"
-#define _PATH_ARLA_DEBIAN_CELLSERVDB		_PATH_ARLA_DEBIAN_VICE "CellServDB"
-#define _PATH_ARLA_DEBIAN_THESECELLS		_PATH_ARLA_DEBIAN_VICE "TheseCells"
-
-extern int _kafs_debug;
-
-#endif /* __KAFS_H */
diff --git a/crypto/heimdal/lib/kafs/kafs_locl.h b/crypto/heimdal/lib/kafs/kafs_locl.h
deleted file mode 100644
index e82b81bf98b0..000000000000
--- a/crypto/heimdal/lib/kafs/kafs_locl.h
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: kafs_locl.h,v 1.17 2003/04/14 08:28:37 lha Exp $ */
-
-#ifndef __KAFS_LOCL_H__
-#define __KAFS_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-
-#ifdef HAVE_SYS_SYSCALL_H
-#include <sys/syscall.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include <roken.h>
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
-#ifdef KRB4
-#include <krb.h>
-#else
-#ifdef KRB5
-#include "crypto-headers.h"
-#include <krb5-v4compat.h>
-typedef struct credentials CREDENTIALS;
-#endif /* KRB5 */
-#endif /* KRB4 */
-#include <kafs.h>
-
-#include <resolve.h>
-
-#include "afssysdefs.h"
-
-struct kafs_data;
-struct kafs_token;
-typedef int (*afslog_uid_func_t)(struct kafs_data *,
-				 const char *,
-				 const char *,
-				 uid_t,
-				 const char *);
-
-typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, 
-			       const char*, uid_t, struct kafs_token *);
-
-typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
-
-typedef struct kafs_data {
-    const char *name;
-    afslog_uid_func_t afslog_uid;
-    get_cred_func_t get_cred;
-    get_realm_func_t get_realm;
-    void *data;
-} kafs_data;
-
-struct kafs_token {
-    struct ClearToken ct;
-    void *ticket;
-    size_t ticket_len;
-};
-
-void _kafs_foldup(char *, const char *);
-
-int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*);
-
-int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, 
-		   uid_t, struct kafs_token *);
-
-int
-_kafs_realm_of_cell(kafs_data *, const char *, char **);
-
-int
-_kafs_v4_to_kt(CREDENTIALS *, uid_t, struct kafs_token *);
-
-void
-_kafs_fixup_viceid(struct ClearToken *, uid_t);
-
-#ifdef _AIX
-int aix_pioctl(char*, int, struct ViceIoctl*, int);
-int aix_setpag(void);
-#endif
-
-#endif /* __KAFS_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kafs/roken_rename.h b/crypto/heimdal/lib/kafs/roken_rename.h
deleted file mode 100644
index fbb653dc93ce..000000000000
--- a/crypto/heimdal/lib/kafs/roken_rename.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h,v 1.6 2002/08/19 15:08:24 joda Exp $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-/*
- * Libroken routines that are added libkafs
- */
-
-#define _resolve_debug _kafs_resolve_debug
-
-#define rk_dns_free_data _kafs_dns_free_data
-#define rk_dns_lookup _kafs_dns_lookup
-#define rk_dns_string_to_type _kafs_dns_string_to_type
-#define rk_dns_type_to_string _kafs_dns_type_to_string
-#define rk_dns_srv_order _kafs_dns_srv_order
-
-#ifndef HAVE_STRTOK_R
-#define strtok_r _kafs_strtok_r
-#endif
-#ifndef HAVE_STRLCPY
-#define strlcpy _kafs_strlcpy
-#endif
-#ifndef HAVE_STRSEP
-#define strsep _kafs_strsep
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/kdfs/ChangeLog b/crypto/heimdal/lib/kdfs/ChangeLog
deleted file mode 100644
index c4bc2a367c3a..000000000000
--- a/crypto/heimdal/lib/kdfs/ChangeLog
+++ /dev/null
@@ -1,28 +0,0 @@
-2002-08-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* k5dfspag.c: don't use ## in string concatenation
-
-2002-03-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkdfs_la_LDFLAGS): set versoin to 0:2:0
-
-2002-01-23  Assar Westerlund  <assar@sics.se>
-
-	* k5dfspag.c: use SIG_DFL and not SIG_IGN for SIGCHLD.
-	from "Todd C. Miller" <Todd.Miller@courtesan.com>
-
-2001-02-07  Assar Westerlund  <assar@sics.se>
-
-	* k5dfspag.c: add config.h
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libkdfs_la_LDFLAGS): set version to 0:1:0
-
-2000-07-02  Assar Westerlund  <assar@sics.se>
-
-	* k5dfspag.c: use krb5.h instead of krb5_locl.h
-
-	* initial import from Ake Sandgren <ake@cs.umu.se>
-
-
diff --git a/crypto/heimdal/lib/kdfs/Makefile.am b/crypto/heimdal/lib/kdfs/Makefile.am
deleted file mode 100644
index 7e0e6d563737..000000000000
--- a/crypto/heimdal/lib/kdfs/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-# $Id: Makefile.am,v 1.3 2002/03/10 23:53:22 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES = libkdfs.la
-
-libkdfs_la_SOURCES = \
-	k5dfspag.c
-
-libkdfs_la_LDFLAGS = -version-info 0:2:0
diff --git a/crypto/heimdal/lib/kdfs/Makefile.in b/crypto/heimdal/lib/kdfs/Makefile.in
deleted file mode 100644
index 2115ecce71c2..000000000000
--- a/crypto/heimdal/lib/kdfs/Makefile.in
+++ /dev/null
@@ -1,583 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.3 2002/03/10 23:53:22 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-lib_LTLIBRARIES = libkdfs.la
-
-libkdfs_la_SOURCES = \
-	k5dfspag.c
-
-
-libkdfs_la_LDFLAGS = -version-info 0:2:0
-subdir = lib/kdfs
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libkdfs_la_LIBADD =
-am_libkdfs_la_OBJECTS = k5dfspag.lo
-libkdfs_la_OBJECTS = $(am_libkdfs_la_OBJECTS)
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libkdfs_la_SOURCES)
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(libkdfs_la_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/kdfs/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libkdfs.la: $(libkdfs_la_OBJECTS) $(libkdfs_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkdfs_la_LDFLAGS) $(libkdfs_la_OBJECTS) $(libkdfs_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libLTLIBRARIES clean-libtool distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am info info-am install \
-	install-am install-data install-data-am install-exec \
-	install-exec-am install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/kdfs/k5dfspag.c b/crypto/heimdal/lib/kdfs/k5dfspag.c
deleted file mode 100644
index 84161b84b627..000000000000
--- a/crypto/heimdal/lib/kdfs/k5dfspag.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/* 
- * lib/krb5/os/k5dfspag.c
- *
- * New Kerberos module to issue the DFS PAG syscalls. 
- * It also contains the routine to fork and exec the
- * k5dcecon routine to do most of the work. 
- * 
- * This file is designed to be as independent of DCE 
- * and DFS as possible. The only dependencies are on 
- * the syscall numbers.  If DFS not running or not installed,
- * the sig handlers will catch and the signal and 
- * will  continue. 
- *
- * krb5_dfs_newpag and krb5_dfs_getpag should not be real
- * Kerberos routines, since they should be setpag and getpag
- * in the DCE library, but without the DCE baggage. 
- * Thus they don't have context, and don't return a krb5 error. 
- *
- * 
- * 
- * krb5_dfs_pag()
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: k5dfspag.c,v 1.6 2002/08/12 15:11:58 joda Exp $");
-
-#include <krb5.h>
-
-#ifdef DCE
-
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <fcntl.h>
-#include <sys/param.h>
-
-/* Only run this DFS PAG code on systems with POSIX
- * All that we are interested in dor:, AIX 4.x,
- * Solaris 2.5.x, HPUX 10.x  Even SunOS 4.1.4, AIX 3.2.5
- * and SGI 5.3 are OK.  This simplifies
- * the build/configure which I don't want to change now.
- * All of them also have waitpid as well. 
- */
-
-#define POSIX_SETJMP
-#define POSIX_SIGNALS
-#define HAVE_WAITPID
-
-#include <signal.h>
-#include <setjmp.h>
-#ifndef POSIX_SETJMP
-#undef sigjmp_buf
-#undef sigsetjmp
-#undef siglongjmp
-#define sigjmp_buf  jmp_buf
-#define sigsetjmp(j,s)  setjmp(j)
-#define siglongjmp  longjmp
-#endif
-
-#ifdef POSIX_SIGNALS
-typedef struct sigaction handler;
-#define handler_init(H,F)       (sigemptyset(&(H).sa_mask), \
-                     (H).sa_flags=0, \
-                     (H).sa_handler=(F))
-#define handler_swap(S,NEW,OLD)     sigaction(S, &NEW, &OLD)
-#define handler_set(S,OLD)      sigaction(S, &OLD, NULL)
-#else
-typedef sigtype (*handler)();
-#define handler_init(H,F)       ((H) = (F))
-#define handler_swap(S,NEW,OLD)     ((OLD) = signal ((S), (NEW)))
-#define handler_set(S,OLD)      (signal ((S), (OLD)))
-#endif
-
-#define krb5_sigtype void
-#define WAIT_USES_INT
-typedef krb5_sigtype sigtype;
-
-
-/* 
- * Need some syscall numbers based on different systems. 
- * These are based on: 
- * HPUX 10.10 /opt/dce/include/dcedfs/syscall.h 
- * Solaris 2.5 /opt/dcelocal/share/include/dcedfs/syscall.h
- * AIX 4.2  - needs some funny games with load and kafs_syscall
- * to get the kernel extentions. There should be a better way! 
- * 
- * DEE 5/27/97
- *
- */
-
-
-#define AFSCALL_SETPAG 2
-#define AFSCALL_GETPAG 11
-
-#if defined(sun)
-#define AFS_SYSCALL  72
-
-#elif defined(hpux)
-/* assume HPUX 10 +  or is it 50 */
-#define AFS_SYSCALL 326
-
-#elif defined(_AIX)
-#ifndef DPAGAIX
-#define DPAGAIX LIBEXECDIR "/dpagaix"
-#endif
-int *load();
-static int (*dpagaix)(int, int, int, int, int, int) = 0;
-
-#elif defined(sgi) || defined(_sgi)
-#define AFS_SYSCALL      206+1000
-
-#else
-#define AFS_SYSCALL (Unknown_DFS_AFS_SYSCALL)
-#endif
-
-
-#ifdef  WAIT_USES_INT
-                int wait_status;
-#else   /* WAIT_USES_INT */
-                union wait wait_status;
-#endif  /* WAIT_USES_INT */
-
-#ifndef K5DCECON
-#define K5DCECON LIBEXECDIR "/k5dcecon"
-#endif
-
-/* 
- * mysig()
- *
- * signal handler if DFS not running
- *
- */
-
-static sigjmp_buf setpag_buf;
-
-static sigtype mysig()
-{
-  siglongjmp(setpag_buf, 1);
-}
-
-/*
- * krb5_dfs_pag_syscall()
- *
- * wrapper for the syscall with signal handlers
- *
- */
-
-static int  krb5_dfs_pag_syscall(opt1,opt2) 
-  int opt1;
-  int opt2;
-{
-  handler sa1, osa1;
-  handler sa2, osa2;
-  int pag = -2;
-
-  handler_init (sa1, mysig);
-  handler_init (sa2, mysig);
-  handler_swap (SIGSYS, sa1, osa1);
-  handler_swap (SIGSEGV, sa2, osa2);
-  
-  if (sigsetjmp(setpag_buf, 1) == 0) {
-
-#if defined(_AIX)
-    if (!dpagaix)
-      dpagaix = load(DPAGAIX, 0, 0);
-    if (dpagaix) 
-      pag = (*dpagaix)(opt1, opt2, 0, 0, 0, 0);
-#else
-    pag = syscall(AFS_SYSCALL, opt1, opt2, 0, 0, 0, 0); 
-#endif
-
-    handler_set (SIGSYS, osa1);
-    handler_set (SIGSEGV, osa2);
-    return(pag);
-  }
-
-  /* syscall failed! return 0 */
-  handler_set (SIGSYS, osa1);
-  handler_set (SIGSEGV, osa2);
-  return(-2);
-}
-
-/*
- * krb5_dfs_newpag()
- *
- * issue a DCE/DFS setpag system call to set the newpag
- * for this process. This takes advantage of a currently
- * undocumented feature of the Transarc port of DFS. 
- * Even in DCE 1.2.2 for which the source is available,
- * (but no vendors have released), this feature is not
- * there, but it should be, or could be added. 
- * If new_pag is zero, then the syscall will get a new pag
- * and return its value. 
- */ 
-
-int krb5_dfs_newpag(new_pag) 
-  int new_pag;
-{
-  return(krb5_dfs_pag_syscall(AFSCALL_SETPAG, new_pag));
-}
-
-/* 
- * krb5_dfs_getpag()
- *
- * get the current PAG. Used mostly as a test. 
- */
-
-int krb5_dfs_getpag()
-{
-  return(krb5_dfs_pag_syscall(AFSCALL_GETPAG, 0));
-}
-
-/*
- * krb5_dfs_pag()
- *
- * Given a principal and local username,
- * fork and exec the k5dcecon module to create 
- * refresh or join a new DCE/DFS
- * Process Authentication Group (PAG)
- * 
- * This routine should be called after krb5_kuserok has 
- * determined that this combination of local user and 
- * principal are acceptable for the local host. 
- * 
- * It should also be called after a forwarded ticket has 
- * been received, and the KRB5CCNAME environment variable
- * has been set to point at it. k5dcecon will convert this
- * to a new DCE context and a new pag and replace KRB5CCNAME
- * in the environment. 
- *
- * If there is no forwarded ticket, k5dcecon will attempt
- * to join an existing PAG for the same principal and local
- * user. 
- *
- * And it should be called before access to the home directory
- * as this may be in DFS, not accessable by root, and require
- * the PAG to have been setup. 
- * 
- * The krb5_afs_pag can be called after this routine to 
- * use the the cache obtained by k5dcecon to get an AFS token. 
- * DEE - 7/97
- */ 
- 
-int krb5_dfs_pag(context, flag, principal, luser)
-	krb5_context context;
-    int flag; /* 1 if a forwarded TGT is to be used */
-	krb5_principal principal;
-	const char *luser;
-
-{
-  
-  struct stat stx;
-  int fd[2];
-  int i,j;
-  int pid;
-  int new_pag;
-  int pag;
-  char newccname[MAXPATHLEN] = ""; 
-  char *princ;
-  int err; 
-  struct sigaction newsig, oldsig;
-
-#ifdef  WAIT_USES_INT
-  int wait_status;
-#else   /* WAIT_USES_INT */
-  union wait wait_status;
-#endif  /* WAIT_USES_INT */
-
-  if (krb5_unparse_name(context, principal, &princ))
-   return(0);
-
-   /* test if DFS is running or installed */
-   if (krb5_dfs_getpag() == -2)
-     return(0); /* DFS not running, dont try */
-  
-  if (pipe(fd) == -1) 
-     return(0);
-
-  /* Make sure that telnetd.c's SIGCHLD action don't happen right now... */
-  memset((char *)&newsig, 0, sizeof(newsig));
-  newsig.sa_handler = SIG_DFL;
-  sigaction(SIGCHLD, &newsig, &oldsig);
-
-  pid = fork();
-  if (pid <0) 
-   return(0);
-
-  if (pid == 0) {  /* child process */
-
-    close(1);       /* close stdout */
-    dup(fd[1]);     /* point stdout at pipe here */
-    close(fd[0]);   /* don't use end of pipe here */
-    close(fd[1]);   /* pipe now as stdout */
-
-    execl(K5DCECON, "k5dcecon",
-         (flag) ? "-f" : "-s" ,
-		 "-l", luser,
-		 "-p", princ, (char *)0);
-
-    exit(127);      /* incase execl fails */
-  } 
-
-  /* parent, wait for child to finish */
-
-  close(fd[1]);  /* dont need this end of pipe */
-
-/* #if defined(sgi) || defined(_sgi) */
-  /* wait_status.w_status = 0; */
-  /* waitpid((pid_t) pid, &wait_status.w_status, 0); */
-/* #else */
-
-
-  wait_status = 0;
-#ifdef  HAVE_WAITPID
-  err = waitpid((pid_t) pid, &wait_status, 0);
-#else   /* HAVE_WAITPID */
-  err = wait4(pid, &wait_status, 0, (struct rusage *) NULL);
-#endif  /* HAVE_WAITPID */
-/* #endif */
-
-  sigaction(SIGCHLD, &oldsig, 0);
-  if (WIFEXITED(wait_status)){
-    if (WEXITSTATUS(wait_status) == 0) {
-      i = 1;
-      j = 0;
-      while (i != 0) {
-        i = read(fd[0], &newccname[j], sizeof(newccname)-1-j);
-        if ( i > 0)
-          j += i;
-        if (j >=  sizeof(newccname)-1)
-          i = 0;
-      }
-      close(fd[0]);
-      if (j > 0) {
-        newccname[j] = '\0'; 
-        esetenv("KRB5CCNAME",newccname,1);
-        sscanf(&newccname[j-8],"%8x",&new_pag);
-        if (new_pag && strncmp("FILE:/opt/dcelocal/var/security/creds/dcecred_", newccname, 46) == 0) {
-          if((pag = krb5_dfs_newpag(new_pag)) != -2) {
-            return(pag);
-          }
-        }
-      }
-    }
-  }
-  return(0); /* something not right */
-}
-
-#else /* DCE */
-
-/* 
- * krb5_dfs_pag - dummy version for the lib for systems 
- * which don't have DFS, or the needed setpag kernel code.  
- */
-
-krb5_boolean
-krb5_dfs_pag(context, principal, luser)
-	krb5_context context;
-	krb5_principal principal;
-	const char *luser;
-{
-	return(0);
-}
-
-#endif /* DCE */
diff --git a/crypto/heimdal/lib/krb5/Makefile b/crypto/heimdal/lib/krb5/Makefile
deleted file mode 100644
index 3bdc8a72c013..000000000000
--- a/crypto/heimdal/lib/krb5/Makefile
+++ /dev/null
@@ -1,1141 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/krb5/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = verify_krb5_conf
-
-noinst_PROGRAMS = dump_config test_get_addrs krbhst-test
-
-TESTS = \
-	n-fold-test				\
-	string-to-key-test			\
-	derived-key-test			\
-	store-test				\
-	parse-name-test
-
-
-check_PROGRAMS = $(TESTS)
-
-LDADD = libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-
-libkrb5_la_LIBADD = \
-	../com_err/error.lo ../com_err/com_err.lo \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-
-lib_LTLIBRARIES = libkrb5.la
-
-ERR_FILES = krb5_err.c heim_err.c k524_err.c
-
-libkrb5_la_SOURCES = \
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	data.c					\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_memory.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	padata.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c				\
-	$(ERR_FILES)
-
-
-libkrb5_la_LDFLAGS = -version-info 18:3:1
-
-
-#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
-man_MANS = \
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb5_425_conv_principal.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_build_principal.3			\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_crypto_init.3			\
-	krb5_encrypt.3				\
-	krb5_free_addresses.3			\
-	krb5_free_principal.3			\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_krbhst.3			\
-	krb5_init_context.3			\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal_get_realm.3		\
-	krb5_sname_to_principal.3		\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-
-include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h
-
-CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h k524_err.c k524_err.h
-subdir = lib/krb5
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \
-	$(top_builddir)/lib/asn1/libasn1.la
-am__objects_1 = krb5_err.lo heim_err.lo k524_err.lo
-am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \
-	aname_to_localname.lo appdefault.lo asn1_glue.lo \
-	auth_context.lo build_ap_req.lo build_auth.lo cache.lo \
-	changepw.lo codec.lo config_file.lo config_file_netinfo.lo \
-	convert_creds.lo constants.lo context.lo copy_host_realm.lo \
-	crc.lo creds.lo crypto.lo data.lo eai_to_heim_errno.lo \
-	error_string.lo expand_hostname.lo fcache.lo free.lo \
-	free_host_realm.lo generate_seq_number.lo generate_subkey.lo \
-	get_addrs.lo get_cred.lo get_default_principal.lo \
-	get_default_realm.lo get_for_creds.lo get_host_realm.lo \
-	get_in_tkt.lo get_in_tkt_pw.lo get_in_tkt_with_keytab.lo \
-	get_in_tkt_with_skey.lo get_port.lo init_creds.lo \
-	init_creds_pw.lo keyblock.lo keytab.lo keytab_any.lo \
-	keytab_file.lo keytab_memory.lo keytab_keyfile.lo \
-	keytab_krb4.lo krbhst.lo kuserok.lo log.lo mcache.lo misc.lo \
-	mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo mk_req_ext.lo \
-	mk_safe.lo net_read.lo net_write.lo n-fold.lo padata.lo \
-	principal.lo prog_setup.lo prompter_posix.lo rd_cred.lo \
-	rd_error.lo rd_priv.lo rd_rep.lo rd_req.lo rd_safe.lo \
-	read_message.lo recvauth.lo replay.lo send_to_kdc.lo \
-	sendauth.lo set_default_realm.lo sock_principal.lo store.lo \
-	store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo \
-	transited.lo verify_init.lo verify_user.lo version.lo warn.lo \
-	write_message.lo $(am__objects_1)
-libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS)
-bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
-check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \
-	derived-key-test$(EXEEXT) store-test$(EXEEXT) \
-	parse-name-test$(EXEEXT)
-noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \
-	krbhst-test$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-
-derived_key_test_SOURCES = derived-key-test.c
-derived_key_test_OBJECTS = derived-key-test.$(OBJEXT)
-derived_key_test_LDADD = $(LDADD)
-derived_key_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-derived_key_test_LDFLAGS =
-dump_config_SOURCES = dump_config.c
-dump_config_OBJECTS = dump_config.$(OBJEXT)
-dump_config_LDADD = $(LDADD)
-dump_config_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-dump_config_LDFLAGS =
-krbhst_test_SOURCES = krbhst-test.c
-krbhst_test_OBJECTS = krbhst-test.$(OBJEXT)
-krbhst_test_LDADD = $(LDADD)
-krbhst_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-krbhst_test_LDFLAGS =
-n_fold_test_SOURCES = n-fold-test.c
-n_fold_test_OBJECTS = n-fold-test.$(OBJEXT)
-n_fold_test_LDADD = $(LDADD)
-n_fold_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-n_fold_test_LDFLAGS =
-parse_name_test_SOURCES = parse-name-test.c
-parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
-parse_name_test_LDADD = $(LDADD)
-parse_name_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-parse_name_test_LDFLAGS =
-store_test_SOURCES = store-test.c
-store_test_OBJECTS = store-test.$(OBJEXT)
-store_test_LDADD = $(LDADD)
-store_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la
-store_test_LDFLAGS =
-string_to_key_test_SOURCES = string-to-key-test.c
-string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT)
-string_to_key_test_LDADD = $(LDADD)
-string_to_key_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-string_to_key_test_LDFLAGS =
-test_get_addrs_SOURCES = test_get_addrs.c
-test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT)
-test_get_addrs_LDADD = $(LDADD)
-test_get_addrs_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-test_get_addrs_LDFLAGS =
-verify_krb5_conf_SOURCES = verify_krb5_conf.c
-verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
-verify_krb5_conf_LDADD = $(LDADD)
-verify_krb5_conf_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-verify_krb5_conf_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \
-	krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \
-	string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
-SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/krb5/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkrb5_la_LDFLAGS) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) 
-	@rm -f derived-key-test$(EXEEXT)
-	$(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS)
-dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES) 
-	@rm -f dump_config$(EXEEXT)
-	$(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS)
-krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) 
-	@rm -f krbhst-test$(EXEEXT)
-	$(LINK) $(krbhst_test_LDFLAGS) $(krbhst_test_OBJECTS) $(krbhst_test_LDADD) $(LIBS)
-n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) 
-	@rm -f n-fold-test$(EXEEXT)
-	$(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
-parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) 
-	@rm -f parse-name-test$(EXEEXT)
-	$(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
-store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) 
-	@rm -f store-test$(EXEEXT)
-	$(LINK) $(store_test_LDFLAGS) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS)
-string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) 
-	@rm -f string-to-key-test$(EXEEXT)
-	$(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
-test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) 
-	@rm -f test_get_addrs$(EXEEXT)
-	$(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS)
-verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) 
-	@rm -f verify_krb5_conf$(EXEEXT)
-	$(LINK) $(verify_krb5_conf_LDFLAGS) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-
-man5dir = $(mandir)/man5
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man5dir)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    5*) ;; \
-	    *) ext='5' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man5dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    8*) ;; \
-	    *) ext='8' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list='$(TESTS)'; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xpass=`expr $$xpass + 1`; \
-	        failed=`expr $$failed + 1`; \
-	        echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-	        echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xfail=`expr $$xfail + 1`; \
-	        echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-	        failed=`expr $$failed + 1`; \
-	        echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man3dir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man8dir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS install-man
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3 install-man5 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-data-local install-exec \
-	install-exec-am install-includeHEADERS install-info \
-	install-info-am install-libLTLIBRARIES install-man install-man3 \
-	install-man5 install-man8 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3 uninstall-man5 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h: $(ERR_FILES)
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h: $(ERR_FILES)
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
deleted file mode 100644
index 6f5a8fc545df..000000000000
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ /dev/null
@@ -1,195 +0,0 @@
-# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err
-
-bin_PROGRAMS = verify_krb5_conf
-
-noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname
-
-TESTS =						\
-	aes-test				\
-	n-fold-test				\
-	string-to-key-test			\
-	derived-key-test			\
-	store-test				\
-	parse-name-test				\
-	test_cc					\
-	name-45-test
-
-check_PROGRAMS = $(TESTS)
-
-LDADD = libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-libkrb5_la_LIBADD = \
-	../com_err/error.lo ../com_err/com_err.lo \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-lib_LTLIBRARIES = libkrb5.la
-
-ERR_FILES = krb5_err.c heim_err.c k524_err.c
-
-libkrb5_la_SOURCES =				\
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	data.c					\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_memory.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	padata.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c				\
-	$(ERR_FILES)
-
-libkrb5_la_LDFLAGS = -version-info 19:0:2
-
-$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
-
-man_MANS =					\
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb5_425_conv_principal.3		\
-	krb5_address.3				\
-	krb5_aname_to_localname.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_build_principal.3			\
-	krb5_ccache.3				\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_crypto_init.3			\
-	krb5_data.3				\
-	krb5_encrypt.3				\
-	krb5_free_addresses.3			\
-	krb5_free_principal.3			\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_krbhst.3			\
-	krb5_init_context.3			\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_kuserok.3				\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal_get_realm.3		\
-	krb5_set_default_realm.3		\
-	krb5_sname_to_principal.3		\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h
-
-CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h k524_err.c k524_err.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
deleted file mode 100644
index 5395352e62d1..000000000000
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ /dev/null
@@ -1,1160 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-bin_PROGRAMS = verify_krb5_conf
-
-noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname
-
-TESTS = \
-	aes-test				\
-	n-fold-test				\
-	string-to-key-test			\
-	derived-key-test			\
-	store-test				\
-	parse-name-test				\
-	test_cc					\
-	name-45-test
-
-
-check_PROGRAMS = $(TESTS)
-
-LDADD = libkrb5.la \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-
-libkrb5_la_LIBADD = \
-	../com_err/error.lo ../com_err/com_err.lo \
-	$(LIB_des) \
-	$(top_builddir)/lib/asn1/libasn1.la \
-	$(LIB_roken)
-
-
-lib_LTLIBRARIES = libkrb5.la
-
-ERR_FILES = krb5_err.c heim_err.c k524_err.c
-
-libkrb5_la_SOURCES = \
-	acl.c					\
-	add_et_list.c				\
-	addr_families.c				\
-	aname_to_localname.c			\
-	appdefault.c				\
-	asn1_glue.c				\
-	auth_context.c				\
-	build_ap_req.c				\
-	build_auth.c				\
-	cache.c					\
-	changepw.c				\
-	codec.c					\
-	config_file.c				\
-	config_file_netinfo.c			\
-	convert_creds.c				\
-	constants.c				\
-	context.c				\
-	copy_host_realm.c			\
-	crc.c					\
-	creds.c					\
-	crypto.c				\
-	data.c					\
-	eai_to_heim_errno.c			\
-	error_string.c				\
-	expand_hostname.c			\
-	fcache.c				\
-	free.c					\
-	free_host_realm.c			\
-	generate_seq_number.c			\
-	generate_subkey.c			\
-	get_addrs.c				\
-	get_cred.c				\
-	get_default_principal.c			\
-	get_default_realm.c			\
-	get_for_creds.c				\
-	get_host_realm.c			\
-	get_in_tkt.c				\
-	get_in_tkt_pw.c				\
-	get_in_tkt_with_keytab.c		\
-	get_in_tkt_with_skey.c			\
-	get_port.c				\
-	init_creds.c				\
-	init_creds_pw.c				\
-	keyblock.c				\
-	keytab.c				\
-	keytab_any.c				\
-	keytab_file.c				\
-	keytab_memory.c				\
-	keytab_keyfile.c			\
-	keytab_krb4.c				\
-	krbhst.c				\
-	kuserok.c				\
-	log.c					\
-	mcache.c				\
-	misc.c					\
-	mk_error.c				\
-	mk_priv.c				\
-	mk_rep.c				\
-	mk_req.c				\
-	mk_req_ext.c				\
-	mk_safe.c				\
-	net_read.c				\
-	net_write.c				\
-	n-fold.c				\
-	padata.c				\
-	principal.c				\
-	prog_setup.c				\
-	prompter_posix.c			\
-	rd_cred.c				\
-	rd_error.c				\
-	rd_priv.c				\
-	rd_rep.c				\
-	rd_req.c				\
-	rd_safe.c				\
-	read_message.c				\
-	recvauth.c				\
-	replay.c				\
-	send_to_kdc.c				\
-	sendauth.c				\
-	set_default_realm.c			\
-	sock_principal.c			\
-	store.c					\
-	store-int.h				\
-	store_emem.c				\
-	store_fd.c				\
-	store_mem.c				\
-	ticket.c				\
-	time.c					\
-	transited.c				\
-	verify_init.c				\
-	verify_user.c				\
-	version.c				\
-	warn.c					\
-	write_message.c				\
-	$(ERR_FILES)
-
-
-libkrb5_la_LDFLAGS = -version-info 19:0:2
-
-
-#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
-man_MANS = \
-	kerberos.8				\
-	krb5.3					\
-	krb5.conf.5				\
-	krb5_425_conv_principal.3		\
-	krb5_address.3				\
-	krb5_aname_to_localname.3		\
-	krb5_appdefault.3			\
-	krb5_auth_context.3			\
-	krb5_build_principal.3			\
-	krb5_ccache.3				\
-	krb5_config.3				\
-	krb5_context.3				\
-	krb5_create_checksum.3			\
-	krb5_crypto_init.3			\
-	krb5_data.3				\
-	krb5_encrypt.3				\
-	krb5_free_addresses.3			\
-	krb5_free_principal.3			\
-	krb5_get_all_client_addrs.3		\
-	krb5_get_krbhst.3			\
-	krb5_init_context.3			\
-	krb5_keytab.3				\
-	krb5_krbhst_init.3			\
-	krb5_kuserok.3				\
-	krb5_openlog.3				\
-	krb5_parse_name.3			\
-	krb5_principal_get_realm.3		\
-	krb5_set_default_realm.3		\
-	krb5_sname_to_principal.3		\
-	krb5_timeofday.3			\
-	krb5_unparse_name.3			\
-	krb5_verify_user.3			\
-	krb5_warn.3				\
-	verify_krb5_conf.8
-
-
-include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h
-
-CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h k524_err.c k524_err.h
-subdir = lib/krb5
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \
-	$(top_builddir)/lib/asn1/libasn1.la
-am__objects_15 = krb5_err.lo heim_err.lo k524_err.lo
-am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \
-	aname_to_localname.lo appdefault.lo asn1_glue.lo \
-	auth_context.lo build_ap_req.lo build_auth.lo cache.lo \
-	changepw.lo codec.lo config_file.lo config_file_netinfo.lo \
-	convert_creds.lo constants.lo context.lo copy_host_realm.lo \
-	crc.lo creds.lo crypto.lo data.lo eai_to_heim_errno.lo \
-	error_string.lo expand_hostname.lo fcache.lo free.lo \
-	free_host_realm.lo generate_seq_number.lo generate_subkey.lo \
-	get_addrs.lo get_cred.lo get_default_principal.lo \
-	get_default_realm.lo get_for_creds.lo get_host_realm.lo \
-	get_in_tkt.lo get_in_tkt_pw.lo get_in_tkt_with_keytab.lo \
-	get_in_tkt_with_skey.lo get_port.lo init_creds.lo \
-	init_creds_pw.lo keyblock.lo keytab.lo keytab_any.lo \
-	keytab_file.lo keytab_memory.lo keytab_keyfile.lo \
-	keytab_krb4.lo krbhst.lo kuserok.lo log.lo mcache.lo misc.lo \
-	mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo mk_req_ext.lo \
-	mk_safe.lo net_read.lo net_write.lo n-fold.lo padata.lo \
-	principal.lo prog_setup.lo prompter_posix.lo rd_cred.lo \
-	rd_error.lo rd_priv.lo rd_rep.lo rd_req.lo rd_safe.lo \
-	read_message.lo recvauth.lo replay.lo send_to_kdc.lo \
-	sendauth.lo set_default_realm.lo sock_principal.lo store.lo \
-	store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo \
-	transited.lo verify_init.lo verify_user.lo version.lo warn.lo \
-	write_message.lo $(am__objects_15)
-libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS)
-bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
-check_PROGRAMS = aes-test$(EXEEXT) n-fold-test$(EXEEXT) \
-	string-to-key-test$(EXEEXT) derived-key-test$(EXEEXT) \
-	store-test$(EXEEXT) parse-name-test$(EXEEXT) test_cc$(EXEEXT) \
-	name-45-test$(EXEEXT)
-noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \
-	krbhst-test$(EXEEXT) test_alname$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-
-aes_test_SOURCES = aes-test.c
-aes_test_OBJECTS = aes-test.$(OBJEXT)
-aes_test_LDADD = $(LDADD)
-aes_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la
-aes_test_LDFLAGS =
-derived_key_test_SOURCES = derived-key-test.c
-derived_key_test_OBJECTS = derived-key-test.$(OBJEXT)
-derived_key_test_LDADD = $(LDADD)
-derived_key_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-derived_key_test_LDFLAGS =
-dump_config_SOURCES = dump_config.c
-dump_config_OBJECTS = dump_config.$(OBJEXT)
-dump_config_LDADD = $(LDADD)
-dump_config_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-dump_config_LDFLAGS =
-krbhst_test_SOURCES = krbhst-test.c
-krbhst_test_OBJECTS = krbhst-test.$(OBJEXT)
-krbhst_test_LDADD = $(LDADD)
-krbhst_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-krbhst_test_LDFLAGS =
-n_fold_test_SOURCES = n-fold-test.c
-n_fold_test_OBJECTS = n-fold-test.$(OBJEXT)
-n_fold_test_LDADD = $(LDADD)
-n_fold_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-n_fold_test_LDFLAGS =
-name_45_test_SOURCES = name-45-test.c
-name_45_test_OBJECTS = name-45-test.$(OBJEXT)
-name_45_test_LDADD = $(LDADD)
-name_45_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-name_45_test_LDFLAGS =
-parse_name_test_SOURCES = parse-name-test.c
-parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
-parse_name_test_LDADD = $(LDADD)
-parse_name_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-parse_name_test_LDFLAGS =
-store_test_SOURCES = store-test.c
-store_test_OBJECTS = store-test.$(OBJEXT)
-store_test_LDADD = $(LDADD)
-store_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la
-store_test_LDFLAGS =
-string_to_key_test_SOURCES = string-to-key-test.c
-string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT)
-string_to_key_test_LDADD = $(LDADD)
-string_to_key_test_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-string_to_key_test_LDFLAGS =
-test_alname_SOURCES = test_alname.c
-test_alname_OBJECTS = test_alname.$(OBJEXT)
-test_alname_LDADD = $(LDADD)
-test_alname_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-test_alname_LDFLAGS =
-test_cc_SOURCES = test_cc.c
-test_cc_OBJECTS = test_cc.$(OBJEXT)
-test_cc_LDADD = $(LDADD)
-test_cc_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la
-test_cc_LDFLAGS =
-test_get_addrs_SOURCES = test_get_addrs.c
-test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT)
-test_get_addrs_LDADD = $(LDADD)
-test_get_addrs_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-test_get_addrs_LDFLAGS =
-verify_krb5_conf_SOURCES = verify_krb5_conf.c
-verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
-verify_krb5_conf_LDADD = $(LDADD)
-verify_krb5_conf_DEPENDENCIES = libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-verify_krb5_conf_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c \
-	dump_config.c krbhst-test.c n-fold-test.c name-45-test.c \
-	parse-name-test.c store-test.c string-to-key-test.c \
-	test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
-SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/krb5/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libkrb5_la_LDFLAGS) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-
-clean-checkPROGRAMS:
-	-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) 
-	@rm -f aes-test$(EXEEXT)
-	$(LINK) $(aes_test_LDFLAGS) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS)
-derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) 
-	@rm -f derived-key-test$(EXEEXT)
-	$(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS)
-dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES) 
-	@rm -f dump_config$(EXEEXT)
-	$(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS)
-krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) 
-	@rm -f krbhst-test$(EXEEXT)
-	$(LINK) $(krbhst_test_LDFLAGS) $(krbhst_test_OBJECTS) $(krbhst_test_LDADD) $(LIBS)
-n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) 
-	@rm -f n-fold-test$(EXEEXT)
-	$(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
-name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) 
-	@rm -f name-45-test$(EXEEXT)
-	$(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
-parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) 
-	@rm -f parse-name-test$(EXEEXT)
-	$(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
-store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) 
-	@rm -f store-test$(EXEEXT)
-	$(LINK) $(store_test_LDFLAGS) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS)
-string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) 
-	@rm -f string-to-key-test$(EXEEXT)
-	$(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
-test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) 
-	@rm -f test_alname$(EXEEXT)
-	$(LINK) $(test_alname_LDFLAGS) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS)
-test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) 
-	@rm -f test_cc$(EXEEXT)
-	$(LINK) $(test_cc_LDFLAGS) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS)
-test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) 
-	@rm -f test_get_addrs$(EXEEXT)
-	$(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS)
-verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) 
-	@rm -f verify_krb5_conf$(EXEEXT)
-	$(LINK) $(verify_krb5_conf_LDFLAGS) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-
-man5dir = $(mandir)/man5
-install-man5: $(man5_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man5dir)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
-	done
-uninstall-man5:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.5*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man5dir)/$$inst; \
-	done
-
-man8dir = $(mandir)/man8
-install-man8: $(man8_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man8dir)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
-	done
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.8*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man8dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list='$(TESTS)'; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xpass=`expr $$xpass + 1`; \
-	        failed=`expr $$failed + 1`; \
-	        echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-	        echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xfail=`expr $$xfail + 1`; \
-	        echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-	        failed=`expr $$failed + 1`; \
-	        echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man3dir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man8dir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3 install-man5 install-man8
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man
-
-uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
-
-.PHONY: GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
-	clean-generic clean-libLTLIBRARIES clean-libtool \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-binPROGRAMS \
-	install-data install-data-am install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-man3 install-man5 \
-	install-man8 install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool tags uninstall uninstall-am \
-	uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-man3 uninstall-man5 uninstall-man8
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
-
-$(srcdir)/krb5-protos.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
-
-$(srcdir)/krb5-private.h:
-	cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
-
-$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h
-
-# to help stupid solaris make
-
-krb5_err.h: krb5_err.et
-
-heim_err.h: heim_err.et
-
-k524_err.h: k524_err.et
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c
deleted file mode 100644
index c3568699c2a0..000000000000
--- a/crypto/heimdal/lib/krb5/acl.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb5_locl.h"
-#include <fnmatch.h>
-
-RCSID("$Id: acl.c,v 1.3 2002/04/18 16:16:24 joda Exp $");
-
-struct acl_field {
-    enum { acl_string, acl_fnmatch, acl_retval } type;
-    union {
-	const char *cstr;
-	char **retv;
-    } u;
-    struct acl_field *next, **last;
-};
-
-static void
-acl_free_list(struct acl_field *acl)
-{
-    struct acl_field *next;
-    while(acl != NULL) {
-	next = acl->next;
-	free(acl);
-	acl = next;
-    }
-}
-
-static krb5_error_code
-acl_parse_format(krb5_context context,
-		 struct acl_field **acl_ret,
-		 const char *format,
-		 va_list ap)
-{
-    const char *p;
-    struct acl_field *acl = NULL, *tmp;
-
-    for(p = format; *p != '\0'; p++) {
-	tmp = malloc(sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    acl_free_list(acl);
-	    return ENOMEM;
-	}
-	if(*p == 's') {
-	    tmp->type = acl_string;
-	    tmp->u.cstr = va_arg(ap, const char*);
-	} else if(*p == 'f') {
-	    tmp->type = acl_fnmatch;
-	    tmp->u.cstr = va_arg(ap, const char*);
-	} else if(*p == 'r') {
-	    tmp->type = acl_retval;
-	    tmp->u.retv = va_arg(ap, char **);
-	}
-	tmp->next = NULL;
-	if(acl == NULL)
-	    acl = tmp;
-	else
-	    *acl->last = tmp;
-	acl->last = &tmp->next;
-    }
-    *acl_ret = acl;
-    return 0;
-}
-
-static krb5_boolean
-acl_match_field(krb5_context context,
-		const char *string,
-		struct acl_field *field)
-{
-    if(field->type == acl_string) {
-	return !strcmp(string, field->u.cstr);
-    } else if(field->type == acl_fnmatch) {
-	return !fnmatch(string, field->u.cstr, 0);
-    } else if(field->type == acl_retval) {
-	*field->u.retv = strdup(string);
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static krb5_boolean
-acl_match_acl(krb5_context context,
-	      struct acl_field *acl,
-	      const char *string)
-{
-    char buf[256];
-    for(;strsep_copy(&string, " \t", buf, sizeof(buf)) != -1; 
-	acl = acl->next) {
-	if(buf[0] == '\0')
-	    continue; /* skip ws */
-	if(!acl_match_field(context, buf, acl)) {
-	    return FALSE;
-	}
-    }
-    return TRUE;
-}
-
-
-krb5_error_code
-krb5_acl_match_string(krb5_context context,
-		      const char *string,
-		      const char *format,
-		      ...)
-{
-    krb5_error_code ret;
-    krb5_boolean found;
-    struct acl_field *acl;
-
-    va_list ap;
-    va_start(ap, format);
-    ret = acl_parse_format(context, &acl, format, ap);
-    va_end(ap);
-    if(ret)
-	return ret;
-
-    found = acl_match_acl(context, acl, string);
-    acl_free_list(acl);
-    if (found) {
-	return 0;
-    } else {
-	krb5_set_error_string(context, "ACL did not match");
-	return EACCES;
-    }
-}
-	       
-krb5_error_code
-krb5_acl_match_file(krb5_context context,
-		    const char *file,
-		    const char *format,
-		    ...)
-{
-    krb5_error_code ret;
-    struct acl_field *acl;
-    char buf[256];
-    va_list ap;
-    FILE *f;
-    krb5_boolean found;
-
-    f = fopen(file, "r");
-    if(f == NULL) {
-	int save_errno = errno;
-
-	krb5_set_error_string(context, "open(%s): %s", file,
-			      strerror(save_errno));
-	return save_errno;
-    }
-
-    va_start(ap, format);
-    ret = acl_parse_format(context, &acl, format, ap);
-    va_end(ap);
-    if(ret) {
-	fclose(f);
-	return ret;
-    }
-
-    found = FALSE;
-    while(fgets(buf, sizeof(buf), f)) {
-	if(buf[0] == '#')
-	    continue;
-	if(acl_match_acl(context, acl, buf)) {
-	    found = TRUE;
-	    break;
-	}
-    }
-
-    fclose(f);
-    acl_free_list(acl);
-    if (found) {
-	return 0;
-    } else {
-	krb5_set_error_string(context, "ACL did not match");
-	return EACCES;
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/add_et_list.c b/crypto/heimdal/lib/krb5/add_et_list.c
deleted file mode 100644
index cfc42f493ca9..000000000000
--- a/crypto/heimdal/lib/krb5/add_et_list.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: add_et_list.c,v 1.2 1999/12/02 17:05:07 joda Exp $");
-
-/*
- * Add a specified list of error messages to the et list in context.
- * Call func (probably a comerr-generated function) with a pointer to
- * the current et_list.
- */
-
-krb5_error_code
-krb5_add_et_list (krb5_context context,
-		  void (*func)(struct et_list **))
-{
-    (*func)(&context->et_list);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c
deleted file mode 100644
index be32458eaa3b..000000000000
--- a/crypto/heimdal/lib/krb5/addr_families.c
+++ /dev/null
@@ -1,984 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: addr_families.c,v 1.38 2003/03/25 12:37:02 joda Exp $");
-
-struct addr_operations {
-    int af;
-    krb5_address_type atype;
-    size_t max_sockaddr_size;
-    krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
-    krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
-    void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
-			  krb5_socklen_t *sa_size, int port);
-    void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
-    krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
-    krb5_boolean (*uninteresting)(const struct sockaddr *);
-    void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
-    int (*print_addr)(const krb5_address *, char *, size_t);
-    int (*parse_addr)(krb5_context, const char*, krb5_address *);
-    int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
-    int (*free_addr)(krb5_context, krb5_address*);
-    int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
-};
-
-/*
- * AF_INET - aka IPv4 implementation
- */
-
-static krb5_error_code
-ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
-{
-    const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
-    unsigned char buf[4];
-
-    a->addr_type = KRB5_ADDRESS_INET;
-    memcpy (buf, &sin->sin_addr, 4);
-    return krb5_data_copy(&a->address, buf, 4);
-}
-
-static krb5_error_code
-ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
-{
-    const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
-
-    *port = sin->sin_port;
-    return 0;
-}
-
-static void
-ipv4_addr2sockaddr (const krb5_address *a,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    memcpy (&tmp.sin_addr, a->address.data, 4);
-    tmp.sin_port = port;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static void
-ipv4_h_addr2sockaddr(const char *addr,
-		     struct sockaddr *sa,
-		     krb5_socklen_t *sa_size,
-		     int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    tmp.sin_port   = port;
-    tmp.sin_addr   = *((const struct in_addr *)addr);
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static krb5_error_code
-ipv4_h_addr2addr (const char *addr,
-		  krb5_address *a)
-{
-    unsigned char buf[4];
-
-    a->addr_type = KRB5_ADDRESS_INET;
-    memcpy(buf, addr, 4);
-    return krb5_data_copy(&a->address, buf, 4);
-}
-
-/*
- * Are there any addresses that should be considered `uninteresting'?
- */
-
-static krb5_boolean
-ipv4_uninteresting (const struct sockaddr *sa)
-{
-    const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
-
-    if (sin->sin_addr.s_addr == INADDR_ANY)
-	return TRUE;
-
-    return FALSE;
-}
-
-static void
-ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
-{
-    struct sockaddr_in tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin_family = AF_INET;
-    tmp.sin_port   = port;
-    tmp.sin_addr.s_addr = INADDR_ANY;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static int
-ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    struct in_addr ia;
-
-    memcpy (&ia, addr->address.data, 4);
-
-    return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
-}
-
-static int
-ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
-{
-    const char *p;
-    struct in_addr a;
-
-    p = strchr(address, ':');
-    if(p) {
-	p++;
-	if(strncasecmp(address, "ip:", p - address) != 0 &&
-	   strncasecmp(address, "ip4:", p - address) != 0 &&
-	   strncasecmp(address, "ipv4:", p - address) != 0 &&
-	   strncasecmp(address, "inet:", p - address) != 0)
-	    return -1;
-    } else
-	p = address;
-#ifdef HAVE_INET_ATON
-    if(inet_aton(p, &a) == 0)
-	return -1;
-#elif defined(HAVE_INET_ADDR)
-    a.s_addr = inet_addr(p);
-    if(a.s_addr == INADDR_NONE)
-	return -1;
-#else
-    return -1;
-#endif
-    addr->addr_type = KRB5_ADDRESS_INET;
-    if(krb5_data_alloc(&addr->address, 4) != 0)
-	return -1;
-    _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
-    return 0;
-}
-
-/*
- * AF_INET6 - aka IPv6 implementation
- */
-
-#ifdef HAVE_IPV6
-
-static krb5_error_code
-ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-    if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
-	unsigned char buf[4];
-
-	a->addr_type      = KRB5_ADDRESS_INET;
-#ifndef IN6_ADDR_V6_TO_V4
-#ifdef IN6_EXTRACT_V4ADDR
-#define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
-#else
-#define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
-#endif
-#endif
-	memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
-	return krb5_data_copy(&a->address, buf, 4);
-    } else {
-	a->addr_type = KRB5_ADDRESS_INET6;
-	return krb5_data_copy(&a->address,
-			      &sin6->sin6_addr,
-			      sizeof(sin6->sin6_addr));
-    }
-}
-
-static krb5_error_code
-ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-    *port = sin6->sin6_port;
-    return 0;
-}
-
-static void
-ipv6_addr2sockaddr (const krb5_address *a,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
-    tmp.sin6_port = port;
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static void
-ipv6_h_addr2sockaddr(const char *addr,
-		     struct sockaddr *sa,
-		     krb5_socklen_t *sa_size,
-		     int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    tmp.sin6_port   = port;
-    tmp.sin6_addr   = *((const struct in6_addr *)addr);
-    memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
-    *sa_size = sizeof(tmp);
-}
-
-static krb5_error_code
-ipv6_h_addr2addr (const char *addr,
-		  krb5_address *a)
-{
-    a->addr_type = KRB5_ADDRESS_INET6;
-    return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
-}
-
-/*
- * 
- */
-
-static krb5_boolean
-ipv6_uninteresting (const struct sockaddr *sa)
-{
-    const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-    const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
-    
-    return
-	IN6_IS_ADDR_LINKLOCAL(in6)
-	|| IN6_IS_ADDR_V4COMPAT(in6);
-}
-
-static void
-ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
-{
-    struct sockaddr_in6 tmp;
-
-    memset (&tmp, 0, sizeof(tmp));
-    tmp.sin6_family = AF_INET6;
-    tmp.sin6_port   = port;
-    tmp.sin6_addr   = in6addr_any;
-    *sa_size = sizeof(tmp);
-}
-
-static int
-ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    char buf[128], buf2[3];
-#ifdef HAVE_INET_NTOP
-    if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
-#endif
-	{
-	    /* XXX this is pretty ugly, but better than abort() */
-	    int i;
-	    unsigned char *p = addr->address.data;
-	    buf[0] = '\0';
-	    for(i = 0; i < addr->address.length; i++) {
-		snprintf(buf2, sizeof(buf2), "%02x", p[i]);
-		if(i > 0 && (i & 1) == 0)
-		    strlcat(buf, ":", sizeof(buf));
-		strlcat(buf, buf2, sizeof(buf));
-	    }
-	}
-    return snprintf(str, len, "IPv6:%s", buf);
-}
-
-static int
-ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
-{
-    int ret;
-    struct in6_addr in6;
-    const char *p;
-
-    p = strchr(address, ':');
-    if(p) {
-	p++;
-	if(strncasecmp(address, "ip6:", p - address) == 0 ||
-	   strncasecmp(address, "ipv6:", p - address) == 0 ||
-	   strncasecmp(address, "inet6:", p - address) == 0)
-	    address = p;
-    }
-
-    ret = inet_pton(AF_INET6, address, &in6.s6_addr);
-    if(ret == 1) {
-	addr->addr_type = KRB5_ADDRESS_INET6;
-	ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
-	if (ret)
-	    return -1;
-	memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
-	return 0;
-    }
-    return -1;
-}
-
-#endif /* IPv6 */
-
-/*
- * table
- */
-
-#define KRB5_ADDRESS_ARANGE	(-100)
-
-struct arange {
-    krb5_address low;
-    krb5_address high;
-};
-
-static int
-arange_parse_addr (krb5_context context, 
-		   const char *address, krb5_address *addr)
-{
-    char buf[1024];
-    krb5_addresses low, high;
-    struct arange *a;
-    krb5_error_code ret;
-    
-    if(strncasecmp(address, "RANGE:", 6) != 0)
-	return -1;
-    
-    address += 6;
-
-    /* should handle netmasks */
-    strsep_copy(&address, "-", buf, sizeof(buf));
-    ret = krb5_parse_address(context, buf, &low);
-    if(ret)
-	return ret;
-    if(low.len != 1) {
-	krb5_free_addresses(context, &low);
-	return -1;
-    }
-
-    strsep_copy(&address, "-", buf, sizeof(buf));
-    ret = krb5_parse_address(context, buf, &high);
-    if(ret) {
-	krb5_free_addresses(context, &low);
-	return ret;
-    }
-
-    if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) {
-	krb5_free_addresses(context, &low);
-	krb5_free_addresses(context, &high);
-	return -1;
-    }
-
-    krb5_data_alloc(&addr->address, sizeof(*a));
-    addr->addr_type = KRB5_ADDRESS_ARANGE;
-    a = addr->address.data;
-
-    if(krb5_address_order(context, &low.val[0], &high.val[0]) < 0) {
-	a->low = low.val[0];
-	a->high = high.val[0];
-    } else {
-	a->low = high.val[0];
-	a->high = low.val[0];
-    }
-    return 0;
-}
-
-static int
-arange_free (krb5_context context, krb5_address *addr)
-{
-    struct arange *a;
-    a = addr->address.data;
-    krb5_free_address(context, &a->low);
-    krb5_free_address(context, &a->high);
-    return 0;
-}
-
-
-static int
-arange_copy (krb5_context context, const krb5_address *inaddr, 
-	     krb5_address *outaddr)
-{
-    krb5_error_code ret;
-    struct arange *i, *o;
-
-    outaddr->addr_type = KRB5_ADDRESS_ARANGE;
-    ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
-    if(ret)
-	return ret;
-    i = inaddr->address.data;
-    o = outaddr->address.data;
-    ret = krb5_copy_address(context, &i->low, &o->low);
-    if(ret) {
-	krb5_data_free(&outaddr->address);
-	return ret;
-    }
-    ret = krb5_copy_address(context, &i->high, &o->high);
-    if(ret) {
-	krb5_free_address(context, &o->low);
-	krb5_data_free(&outaddr->address);
-	return ret;
-    }
-    return 0;
-}
-
-static int
-arange_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    struct arange *a;
-    krb5_error_code ret;
-    size_t l, ret_len = 0;
-
-    a = addr->address.data;
-
-    l = strlcpy(str, "RANGE:", len);
-    ret_len += l;
-
-    ret = krb5_print_address (&a->low, str + ret_len, len - ret_len, &l);
-    ret_len += l;
-
-    l = strlcat(str, "-", len);
-    ret_len += l;
-
-    ret = krb5_print_address (&a->high, str + ret_len, len - ret_len, &l);
-    ret_len += l;
-
-    return ret_len;
-}
-
-static int
-arange_order_addr(krb5_context context, 
-		  const krb5_address *addr1, 
-		  const krb5_address *addr2)
-{
-    int tmp1, tmp2, sign;
-    struct arange *a;
-    const krb5_address *a2;
-
-    if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
-	a = addr1->address.data;
-	a2 = addr2;
-	sign = 1;
-    } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
-	a = addr2->address.data;
-	a2 = addr1;
-	sign = -1;
-    } else
-	abort();
-	
-    if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
-	struct arange *b = a2->address.data;
-	tmp1 = krb5_address_order(context, &a->low, &b->low);
-	if(tmp1 != 0)
-	    return sign * tmp1;
-	return sign * krb5_address_order(context, &a->high, &b->high);
-    } else if(a2->addr_type == a->low.addr_type) {
-	tmp1 = krb5_address_order(context, &a->low, a2);
-	if(tmp1 > 0)
-	    return sign;
-	tmp2 = krb5_address_order(context, &a->high, a2);
-	if(tmp2 < 0)
-	    return -sign;
-	return 0;
-    } else {
-	return sign * (addr1->addr_type - addr2->addr_type);
-    }
-}
-
-static int
-addrport_print_addr (const krb5_address *addr, char *str, size_t len)
-{
-    krb5_address addr1, addr2;
-    uint16_t port = 0;
-    size_t ret_len = 0, l;
-    krb5_storage *sp = krb5_storage_from_data((krb5_data*)&addr->address);
-    /* for totally obscure reasons, these are not in network byteorder */
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-
-    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
-    krb5_ret_address(sp, &addr1);
-
-    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
-    krb5_ret_address(sp, &addr2);
-    krb5_storage_free(sp);
-    if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
-	unsigned long value;
-	_krb5_get_int(addr2.address.data, &value, 2);
-	port = value;
-    }
-    l = strlcpy(str, "ADDRPORT:", len);
-    ret_len += l;
-    krb5_print_address(&addr1, str + ret_len, len - ret_len, &l);
-    ret_len += l;
-    l = snprintf(str + ret_len, len - ret_len, ",PORT=%u", port);
-    ret_len += l;
-    return ret_len;
-}
-
-static struct addr_operations at[] = {
-    {AF_INET,	KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
-     ipv4_sockaddr2addr, 
-     ipv4_sockaddr2port,
-     ipv4_addr2sockaddr,
-     ipv4_h_addr2sockaddr,
-     ipv4_h_addr2addr,
-     ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr},
-#ifdef HAVE_IPV6
-    {AF_INET6,	KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
-     ipv6_sockaddr2addr, 
-     ipv6_sockaddr2port,
-     ipv6_addr2sockaddr,
-     ipv6_h_addr2sockaddr,
-     ipv6_h_addr2addr,
-     ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} ,
-#endif
-    {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
-     NULL, NULL, NULL, NULL, NULL, 
-     NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL },
-    /* fake address type */
-    {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
-     NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-     arange_print_addr, arange_parse_addr, 
-     arange_order_addr, arange_free, arange_copy }
-};
-
-static int num_addrs = sizeof(at) / sizeof(at[0]);
-
-static size_t max_sockaddr_size = 0;
-
-/*
- * generic functions
- */
-
-static struct addr_operations *
-find_af(int af)
-{
-    struct addr_operations *a;
-
-    for (a = at; a < at + num_addrs; ++a)
-	if (af == a->af)
-	    return a;
-    return NULL;
-}
-
-static struct addr_operations *
-find_atype(int atype)
-{
-    struct addr_operations *a;
-
-    for (a = at; a < at + num_addrs; ++a)
-	if (atype == a->atype)
-	    return a;
-    return NULL;
-}
-
-krb5_error_code
-krb5_sockaddr2address (krb5_context context,
-		       const struct sockaddr *sa, krb5_address *addr)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported",
-			       sa->sa_family);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->sockaddr2addr)(sa, addr);
-}
-
-krb5_error_code
-krb5_sockaddr2port (krb5_context context,
-		    const struct sockaddr *sa, int16_t *port)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported",
-			       sa->sa_family);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->sockaddr2port)(sa, port);
-}
-
-krb5_error_code
-krb5_addr2sockaddr (krb5_context context,
-		    const krb5_address *addr,
-		    struct sockaddr *sa,
-		    krb5_socklen_t *sa_size,
-		    int port)
-{
-    struct addr_operations *a = find_atype(addr->addr_type);
-
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address type %d not supported",
-			       addr->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if (a->addr2sockaddr == NULL) {
-	krb5_set_error_string (context, "Can't convert address type %d to sockaddr",
-			       addr->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    (*a->addr2sockaddr)(addr, sa, sa_size, port);
-    return 0;
-}
-
-size_t
-krb5_max_sockaddr_size (void)
-{
-    if (max_sockaddr_size == 0) {
-	struct addr_operations *a;
-
-	for(a = at; a < at + num_addrs; ++a)
-	    max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
-    }
-    return max_sockaddr_size;
-}
-
-krb5_boolean
-krb5_sockaddr_uninteresting(const struct sockaddr *sa)
-{
-    struct addr_operations *a = find_af(sa->sa_family);
-    if (a == NULL || a->uninteresting == NULL)
-	return TRUE;
-    return (*a->uninteresting)(sa);
-}
-
-krb5_error_code
-krb5_h_addr2sockaddr (krb5_context context,
-		      int af,
-		      const char *addr, struct sockaddr *sa,
-		      krb5_socklen_t *sa_size,
-		      int port)
-{
-    struct addr_operations *a = find_af(af);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
-    return 0;
-}
-
-krb5_error_code
-krb5_h_addr2addr (krb5_context context,
-		  int af,
-		  const char *haddr, krb5_address *addr)
-{
-    struct addr_operations *a = find_af(af);
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    return (*a->h_addr2addr)(haddr, addr);
-}
-
-krb5_error_code
-krb5_anyaddr (krb5_context context,
-	      int af,
-	      struct sockaddr *sa,
-	      krb5_socklen_t *sa_size,
-	      int port)
-{
-    struct addr_operations *a = find_af (af);
-
-    if (a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", af);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-
-    (*a->anyaddr)(sa, sa_size, port);
-    return 0;
-}
-
-krb5_error_code
-krb5_print_address (const krb5_address *addr, 
-		    char *str, size_t len, size_t *ret_len)
-{
-    size_t ret;
-    struct addr_operations *a = find_atype(addr->addr_type);
-
-    if (a == NULL || a->print_addr == NULL) {
-	char *s;
-	int l;
-	int i;
-
-	s = str;
-	l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
-	if (l < 0)
-	    return EINVAL;
-	s += l;
-	len -= l;
-	for(i = 0; i < addr->address.length; i++) {
-	    l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
-	    if (l < 0)
-		return EINVAL;
-	    len -= l;
-	    s += l;
-	}
-	if(ret_len != NULL)
-	    *ret_len = s - str;
-	return 0;
-    }
-    ret = (*a->print_addr)(addr, str, len);
-    if(ret_len != NULL)
-	*ret_len = ret;
-    return 0;
-}
-
-krb5_error_code
-krb5_parse_address(krb5_context context,
-		   const char *string,
-		   krb5_addresses *addresses)
-{
-    int i, n;
-    struct addrinfo *ai, *a;
-    int error;
-    int save_errno;
-
-    for(i = 0; i < num_addrs; i++) {
-	if(at[i].parse_addr) {
-	    krb5_address addr;
-	    if((*at[i].parse_addr)(context, string, &addr) == 0) {
-		ALLOC_SEQ(addresses, 1);
-		addresses->val[0] = addr;
-		return 0;
-	    }
-	}
-    }
-
-    error = getaddrinfo (string, NULL, NULL, &ai);
-    if (error) {
-	save_errno = errno;
-	krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
-	return krb5_eai_to_heim_errno(error, save_errno);
-    }
-    
-    n = 0;
-    for (a = ai; a != NULL; a = a->ai_next)
-	++n;
-
-    ALLOC_SEQ(addresses, n);
-
-    for (a = ai, i = 0; a != NULL; a = a->ai_next) {
-	if(krb5_sockaddr2address (context, ai->ai_addr, 
-				  &addresses->val[i]) == 0)
-	    i++;
-    }
-    freeaddrinfo (ai);
-    return 0;
-}
-
-int
-krb5_address_order(krb5_context context,
-		   const krb5_address *addr1,
-		   const krb5_address *addr2)
-{
-    /* this sucks; what if both addresses have order functions, which
-       should we call? this works for now, though */
-    struct addr_operations *a;
-    a = find_atype(addr1->addr_type); 
-    if(a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", 
-			       addr1->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if(a->order_addr != NULL) 
-	return (*a->order_addr)(context, addr1, addr2); 
-    a = find_atype(addr2->addr_type); 
-    if(a == NULL) {
-	krb5_set_error_string (context, "Address family %d not supported", 
-			       addr2->addr_type);
-	return KRB5_PROG_ATYPE_NOSUPP;
-    }
-    if(a->order_addr != NULL) 
-	return (*a->order_addr)(context, addr1, addr2);
-
-    if(addr1->addr_type != addr2->addr_type)
-	return addr1->addr_type - addr2->addr_type;
-    if(addr1->address.length != addr2->address.length)
-	return addr1->address.length - addr2->address.length;
-    return memcmp (addr1->address.data,
-		   addr2->address.data,
-		   addr1->address.length);
-}
-
-krb5_boolean
-krb5_address_compare(krb5_context context,
-		     const krb5_address *addr1,
-		     const krb5_address *addr2)
-{
-    return krb5_address_order (context, addr1, addr2) == 0;
-}
-
-krb5_boolean
-krb5_address_search(krb5_context context,
-		    const krb5_address *addr,
-		    const krb5_addresses *addrlist)
-{
-    int i;
-
-    for (i = 0; i < addrlist->len; ++i)
-	if (krb5_address_compare (context, addr, &addrlist->val[i]))
-	    return TRUE;
-    return FALSE;
-}
-
-krb5_error_code
-krb5_free_address(krb5_context context,
-		  krb5_address *address)
-{
-    struct addr_operations *a = find_af (address->addr_type);
-    if(a != NULL && a->free_addr != NULL)
-	return (*a->free_addr)(context, address);
-    krb5_data_free (&address->address);
-    return 0;
-}
-
-krb5_error_code
-krb5_free_addresses(krb5_context context,
-		    krb5_addresses *addresses)
-{
-    int i;
-    for(i = 0; i < addresses->len; i++)
-	krb5_free_address(context, &addresses->val[i]);
-    free(addresses->val);
-    return 0;
-}
-
-krb5_error_code
-krb5_copy_address(krb5_context context,
-		  const krb5_address *inaddr,
-		  krb5_address *outaddr)
-{
-    struct addr_operations *a = find_af (inaddr->addr_type);
-    if(a != NULL && a->copy_addr != NULL)
-	return (*a->copy_addr)(context, inaddr, outaddr);
-    return copy_HostAddress(inaddr, outaddr);
-}
-
-krb5_error_code
-krb5_copy_addresses(krb5_context context,
-		    const krb5_addresses *inaddr,
-		    krb5_addresses *outaddr)
-{
-    int i;
-    ALLOC_SEQ(outaddr, inaddr->len);
-    if(inaddr->len > 0 && outaddr->val == NULL)
-	return ENOMEM;
-    for(i = 0; i < inaddr->len; i++)
-	krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
-    return 0;
-}
-
-krb5_error_code
-krb5_append_addresses(krb5_context context,
-		      krb5_addresses *dest,
-		      const krb5_addresses *source)
-{
-    krb5_address *tmp;
-    krb5_error_code ret;
-    int i;
-    if(source->len > 0) {
-	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "realloc: out of memory");
-	    return ENOMEM;
-	}
-	dest->val = tmp;
-	for(i = 0; i < source->len; i++) {
-	    /* skip duplicates */
-	    if(krb5_address_search(context, &source->val[i], dest))
-		continue;
-	    ret = krb5_copy_address(context, 
-				    &source->val[i], 
-				    &dest->val[dest->len]);
-	    if(ret)
-		return ret;
-	    dest->len++;
-	}
-    }
-    return 0;
-}
-
-/*
- * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
- */
-
-krb5_error_code
-krb5_make_addrport (krb5_context context,
-		    krb5_address **res, const krb5_address *addr, int16_t port)
-{
-    krb5_error_code ret;
-    size_t len = addr->address.length + 2 + 4 * 4;
-    u_char *p;
-
-    *res = malloc (sizeof(**res));
-    if (*res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
-    ret = krb5_data_alloc (&(*res)->address, len);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free (*res);
-	return ret;
-    }
-    p = (*res)->address.data;
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (addr->addr_type     ) & 0xFF;
-    *p++ = (addr->addr_type >> 8) & 0xFF;
-
-    *p++ = (addr->address.length      ) & 0xFF;
-    *p++ = (addr->address.length >>  8) & 0xFF;
-    *p++ = (addr->address.length >> 16) & 0xFF;
-    *p++ = (addr->address.length >> 24) & 0xFF;
-
-    memcpy (p, addr->address.data, addr->address.length);
-    p += addr->address.length;
-
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (KRB5_ADDRESS_IPPORT     ) & 0xFF;
-    *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
-
-    *p++ = (2      ) & 0xFF;
-    *p++ = (2 >>  8) & 0xFF;
-    *p++ = (2 >> 16) & 0xFF;
-    *p++ = (2 >> 24) & 0xFF;
-
-    memcpy (p, &port, 2);
-    p += 2;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/address.c b/crypto/heimdal/lib/krb5/address.c
deleted file mode 100644
index 5dc756ae4122..000000000000
--- a/crypto/heimdal/lib/krb5/address.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: address.c,v 1.15 2001/05/14 06:14:44 assar Exp $");
-
-#if 0
-/* This is the supposedly MIT-api version */
-
-krb5_boolean
-krb5_address_search(krb5_context context,
-		    const krb5_address *addr,
-		    krb5_address *const *addrlist)
-{
-  krb5_address *a;
-
-  while((a = *addrlist++))
-    if (krb5_address_compare (context, addr, a))
-      return TRUE;
-  return FALSE;
-}
-#endif
-
-krb5_boolean
-krb5_address_search(krb5_context context,
-		    const krb5_address *addr,
-		    const krb5_addresses *addrlist)
-{
-    int i;
-
-    for (i = 0; i < addrlist->len; ++i)
-	if (krb5_address_compare (context, addr, &addrlist->val[i]))
-	    return TRUE;
-    return FALSE;
-}
-
-int
-krb5_address_order(krb5_context context,
-		   const krb5_address *addr1,
-		   const krb5_address *addr2)
-{
-    return (addr1->addr_type - addr2->addr_type)
-	|| memcmp (addr1->address.data,
-		   addr2->address.data,
-		   addr1->address.length);
-}
-
-krb5_boolean
-krb5_address_compare(krb5_context context,
-		     const krb5_address *addr1,
-		     const krb5_address *addr2)
-{
-    return krb5_address_order (context, addr1, addr2) == 0;
-}
-
-krb5_error_code
-krb5_copy_address(krb5_context context,
-		  const krb5_address *inaddr,
-		  krb5_address *outaddr)
-{
-    copy_HostAddress(inaddr, outaddr);
-    return 0;
-}
-
-krb5_error_code
-krb5_copy_addresses(krb5_context context,
-		    const krb5_addresses *inaddr,
-		    krb5_addresses *outaddr)
-{
-    copy_HostAddresses(inaddr, outaddr);
-    return 0;
-}
-
-krb5_error_code
-krb5_free_address(krb5_context context,
-		  krb5_address *address)
-{
-    krb5_data_free (&address->address);
-    return 0;
-}
-
-krb5_error_code
-krb5_free_addresses(krb5_context context,
-		    krb5_addresses *addresses)
-{
-    free_HostAddresses(addresses);
-    return 0;
-}
-
-krb5_error_code
-krb5_append_addresses(krb5_context context,
-		      krb5_addresses *dest,
-		      const krb5_addresses *source)
-{
-    krb5_address *tmp;
-    krb5_error_code ret;
-    int i;
-    if(source->len > 0) {
-	tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
-	if(tmp == NULL) {
-	    krb5_set_error_string(context, "realloc: out of memory");
-	    return ENOMEM;
-	}
-	dest->val = tmp;
-	for(i = 0; i < source->len; i++) {
-	    /* skip duplicates */
-	    if(krb5_address_search(context, &source->val[i], dest))
-		continue;
-	    ret = krb5_copy_address(context, 
-				    &source->val[i], 
-				    &dest->val[dest->len]);
-	    if(ret)
-		return ret;
-	    dest->len++;
-	}
-    }
-    return 0;
-}
-
-/*
- * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
- */
-
-krb5_error_code
-krb5_make_addrport (krb5_context context,
-		    krb5_address **res, const krb5_address *addr, int16_t port)
-{
-    krb5_error_code ret;
-    size_t len = addr->address.length + 2 + 4 * 4;
-    u_char *p;
-
-    *res = malloc (sizeof(**res));
-    if (*res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
-    ret = krb5_data_alloc (&(*res)->address, len);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free (*res);
-	return ret;
-    }
-    p = (*res)->address.data;
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (addr->addr_type     ) & 0xFF;
-    *p++ = (addr->addr_type >> 8) & 0xFF;
-
-    *p++ = (addr->address.length      ) & 0xFF;
-    *p++ = (addr->address.length >>  8) & 0xFF;
-    *p++ = (addr->address.length >> 16) & 0xFF;
-    *p++ = (addr->address.length >> 24) & 0xFF;
-
-    memcpy (p, addr->address.data, addr->address.length);
-    p += addr->address.length;
-
-    *p++ = 0;
-    *p++ = 0;
-    *p++ = (KRB5_ADDRESS_IPPORT     ) & 0xFF;
-    *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
-
-    *p++ = (2      ) & 0xFF;
-    *p++ = (2 >>  8) & 0xFF;
-    *p++ = (2 >> 16) & 0xFF;
-    *p++ = (2 >> 24) & 0xFF;
-
-    memcpy (p, &port, 2);
-    p += 2;
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c
deleted file mode 100644
index cfee8e25a738..000000000000
--- a/crypto/heimdal/lib/krb5/aes-test.c
+++ /dev/null
@@ -1,472 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-#ifdef HAVE_OPENSSL
-#include <openssl/evp.h>
-#endif
-
-RCSID("$Id: aes-test.c,v 1.3 2003/03/25 11:30:41 lha Exp $");
-
-static int verbose = 0;
-
-static void
-hex_dump_data(krb5_data *data)
-{
-    unsigned char *p = data->data;
-    int i, j;
-
-    for (i = j = 0; i < data->length; i++, j++) {
-	printf("%02x ", p[i]);
-	if (j > 15) {
-	    printf("\n");
-	    j = 0;
-	}
-    }
-    if (j != 0)
-	printf("\n");
-}
-
-struct {
-    char *password;
-    char *salt;
-    int saltlen;
-    int iterations;
-    krb5_enctype enctype;
-    int keylen;
-    char *pbkdf2;
-    char *key;
-} keys[] = {
-#ifdef ENABLE_AES
-    { 
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1, 
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
-	"\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
-	"\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
-	"\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
-	"\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	2,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
-	"\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	2, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
-	"\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
-	"\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
-	"\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1200, 
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
-	"\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
-    },
-    {
-	"password", "ATHENA.MIT.EDUraeburn", -1,
-	1200, 
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
-	"\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
-	"\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
-	"\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
-    },
-    {
-	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
-	5,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
-	"\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
-    },
-    {
-	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
-	5,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
-	"\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
-	"\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
-	"\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase equals block size", -1,
-	1200,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
-	"\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase equals block size", -1,
-	1200,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
-	"\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
-	"\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
-	"\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase exceeds block size", -1,
-	1200,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
-	"\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
-    },
-    {
-	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	"pass phrase exceeds block size", -1,
-	1200,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
-	"\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
-	"\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
-	"\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
-
-    },
-    {
-	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
-	50,
-	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
-	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
-	"\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
-    },
-    {
-	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
-	50,
-	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
-	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
-	"\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
-	"\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
-	"\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
-    },
-#endif
-    {
-	"foo", "", -1, 
-	0,
-	ETYPE_ARCFOUR_HMAC_MD5, 16,
-	NULL,
-	"\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
-    },
-    {
-	"test", "", -1, 
-	0,
-	ETYPE_ARCFOUR_HMAC_MD5, 16,
-	NULL,
-	"\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
-    }
-};
-
-static int
-string_to_key_test(krb5_context context)
-{
-    krb5_data password, opaque;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_salt salt;
-    int i, val = 0;
-    char iter[4];
-    char keyout[32];
-
-    for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
-
-	password.data = keys[i].password;
-	password.length = strlen(password.data);
-
-	salt.salttype = KRB5_PW_SALT;
-	salt.saltvalue.data = keys[i].salt;
-	if (keys[i].saltlen == -1)
-	    salt.saltvalue.length = strlen(salt.saltvalue.data);
-	else
-	    salt.saltvalue.length = keys[i].saltlen;
-    
-	opaque.data = iter;
-	opaque.length = sizeof(iter);
-	_krb5_put_int(iter, keys[i].iterations, 4);
-	
-	if (verbose)
-	    printf("%d: password: %s salt: %s\n",
-		   i, keys[i].password, keys[i].salt);
-
-	if (keys[i].keylen > sizeof(keyout))
-	    abort();
-
-#ifdef ENABLE_AES
-	if (keys[i].pbkdf2) {
-
-#ifdef HAVE_OPENSSL
-	    PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
-				   salt.saltvalue.data, salt.saltvalue.length,
-				   keys[i].iterations, 
-				   keys[i].keylen, keyout);
-	    
-	    if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
-		krb5_warnx(context, "%d: openssl key pbkdf2", i);
-		val = 1;
-		continue;
-	    }
-#endif
-	    
-	    ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, 
-				    keys[i].iterations - 1,
-				    keys[i].enctype,
-				    &key);
-	    if (ret) {
-		krb5_warn(context, ret, "%d: krb5_PKCS5_PBKDF2", i);
-		val = 1;
-		continue;
-	    }
-	    
-	    if (key.keyvalue.length != keys[i].keylen) {
-		krb5_warnx(context, "%d: size key pbkdf2", i);
-		val = 1;
-		continue;
-	    }
-
-	    if (memcmp(key.keyvalue.data, keys[i].pbkdf2, keys[i].keylen) != 0) {
-		krb5_warnx(context, "%d: key pbkdf2 pl %d", 
-			   i, password.length);
-		val = 1;
-		continue;
-	    }
-
-	    if (verbose) {
-		printf("PBKDF2:\n");
-		hex_dump_data(&key.keyvalue);
-	    }
-	    
-	    krb5_free_keyblock_contents(context, &key);
-	}
-#endif
-
-	ret = krb5_string_to_key_data_salt_opaque (context, keys[i].enctype,
-						   password, salt, opaque, 
-						   &key);
-	if (ret) {
-	    krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", i);
-	    val = 1;
-	    continue;
-	}
-
-	if (key.keyvalue.length != keys[i].keylen) {
-	    krb5_warnx(context, "%d: key wrong length (%d/%d)",
-		       i, key.keyvalue.length, keys[i].keylen);
-	    val = 1;
-	    continue;
-	}
-
-	if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
-	    krb5_warnx(context, "%d: key wrong", i);
-	    val = 1;
-	    continue;
-	}
-	
-	if (verbose) {
-	    printf("key:\n");
-	    hex_dump_data(&key.keyvalue);
-	}
-	krb5_free_keyblock_contents(context, &key);
-    }
-    return val;
-}
-
-#ifdef ENABLE_AES
-
-struct {
-    size_t len;
-    char *input;
-    char *output;
-} encs[] = {
-    {
-	17,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20",
-	"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
-	"\x97"
-    },
-    {
-	31,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
-	"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5"
-    },
-    {
-	32,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-    },
-    {
-	47,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5"
-    },
-    {
-	64,
-	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
-	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
-	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
-    }
-};
-	
-char *enc_key =
-	"\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69";
-
-static int
-samep(int testn, char *type, const char *p1, const char *p2, size_t len)
-{
-    size_t i;
-    int val = 1;
-
-    for (i = 0; i < len; i++) {
-	if (p1[i] != p2[i]) {
-	    if (verbose)
-		printf("M");
-	    val = 0;
-	} else {
-	    if (verbose)
-		printf(".");
-	}
-    }
-    if (verbose)
-	printf("\n");
-    return val;
-}
-
-static int
-encryption_test(krb5_context context)
-{
-    char iv[AES_BLOCK_SIZE];
-    int i, val = 0;
-    AES_KEY ekey, dkey;
-    char *p;
-
-    AES_set_encrypt_key(enc_key, 128, &ekey);
-    AES_set_decrypt_key(enc_key, 128, &dkey);
-
-    for (i = 0; i < sizeof(encs)/sizeof(encs[0]); i++) {
-	if (verbose)
-	    printf("test: %d\n", i);
-	memset(iv, 0, sizeof(iv));
-
-	p = malloc(encs[i].len + 1);
-	if (p == NULL)
-	    krb5_errx(context, 1, "malloc");
-
-	p[encs[i].len] = '\0';
-
-	memcpy(p, encs[i].input, encs[i].len);
-
-	_krb5_aes_cts_encrypt(p, p, encs[i].len, 
-			      &ekey, iv, AES_ENCRYPT);
-
-	if (p[encs[i].len] != '\0') {
-	    krb5_warnx(context, "%d: encrypt modified off end", i);
-	    val = 1;
-	}
-
-	if (!samep(i, "cipher", p, encs[i].output, encs[i].len))
-	    val = 1;
-
-	memset(iv, 0, sizeof(iv));
-
-	_krb5_aes_cts_encrypt(p, p, encs[i].len, 
-			      &dkey, iv, AES_DECRYPT);
-
-	if (p[encs[i].len] != '\0') {
-	    krb5_warnx(context, "%d: decrypt modified off end", i);
-	    val = 1;
-	}
-
-	if (!samep(i, "clear", p, encs[i].input, encs[i].len))
-	    val = 1;
-
-	free(p);
-    }
-    return val;
-}
-
-#endif /* ENABLE_AES */
-
-int
-main(int argc, char **argv)
-{
-    krb5_error_code ret;
-    krb5_context context;
-    int val = 0;
-    
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    val |= string_to_key_test(context);
-
-#ifdef ENABLE_AES
-    val |= encryption_test(context);
-#endif
-
-    if (verbose && val == 0)
-	printf("all ok\n");
-    if (val)
-	printf("tests failed\n");
-
-    krb5_free_context(context);
-
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c
deleted file mode 100644
index d5b5f87a6c6c..000000000000
--- a/crypto/heimdal/lib/krb5/aname_to_localname.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: aname_to_localname.c,v 1.6 2003/04/16 16:01:06 lha Exp $");
-
-krb5_error_code
-krb5_aname_to_localname (krb5_context context,
-			 krb5_const_principal aname,
-			 size_t lnsize,
-			 char *lname)
-{
-    krb5_error_code ret;
-    krb5_realm *lrealms, *r;
-    int valid;
-    size_t len;
-    const char *res;
-
-    ret = krb5_get_default_realms (context, &lrealms);
-    if (ret)
-	return ret;
-
-    valid = 0;
-    for (r = lrealms; *r != NULL; ++r) {
-	if (strcmp (*r, aname->realm) == 0) {
-	    valid = 1;
-	    break;
-	}
-    }
-    krb5_free_host_realm (context, lrealms);
-    if (valid == 0)
-	return KRB5_NO_LOCALNAME;
-
-    if (aname->name.name_string.len == 1)
-	res = aname->name.name_string.val[0];
-    else if (aname->name.name_string.len == 2
-	     && strcmp (aname->name.name_string.val[1], "root") == 0) {
-	krb5_principal rootprinc;
-	krb5_boolean userok;
-
-	res = "root";
-
-	ret = krb5_copy_principal(context, aname, &rootprinc);
-	if (ret)
-	    return ret;
-	
-	userok = krb5_kuserok(context, rootprinc, res);
-	krb5_free_principal(context, rootprinc);
-	if (!userok)
-	    return KRB5_NO_LOCALNAME;
-
-    } else
-	return KRB5_NO_LOCALNAME;
-
-    len = strlen (res);
-    if (len >= lnsize)
-	return ERANGE;
-    strlcpy (lname, res, lnsize);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c
deleted file mode 100644
index 831b6036bfed..000000000000
--- a/crypto/heimdal/lib/krb5/appdefault.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: appdefault.c,v 1.7 2001/09/16 04:48:55 assar Exp $");
-
-void
-krb5_appdefault_boolean(krb5_context context, const char *appname, 
-			krb5_const_realm realm, const char *option,
-			krb5_boolean def_val, krb5_boolean *ret_val)
-{
-    
-    if(appname == NULL)
-	appname = getprogname();
-
-    def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					   "libdefaults", option, NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					       "realms", realm, option, NULL);
-	
-    def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					   "appdefaults", 
-					   option, 
-					   NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_bool_default(context, NULL, def_val,
-					       "appdefaults", 
-					       realm, 
-					       option, 
-					       NULL);
-    if(appname != NULL) {
-	def_val = krb5_config_get_bool_default(context, NULL, def_val, 
-					       "appdefaults", 
-					       appname, 
-					       option, 
-					       NULL);
-	if(realm != NULL)
-	    def_val = krb5_config_get_bool_default(context, NULL, def_val,
-						   "appdefaults", 
-						   appname, 
-						   realm, 
-						   option, 
-						   NULL);
-    }
-    *ret_val = def_val;
-}
-
-void
-krb5_appdefault_string(krb5_context context, const char *appname, 
-		       krb5_const_realm realm, const char *option,
-		       const char *def_val, char **ret_val)
-{
-    if(appname == NULL)
-	appname = getprogname();
-
-    def_val = krb5_config_get_string_default(context, NULL, def_val, 
-					     "libdefaults", option, NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_string_default(context, NULL, def_val, 
-						 "realms", realm, option, NULL);
-
-    def_val = krb5_config_get_string_default(context, NULL, def_val, 
-					     "appdefaults", 
-					     option, 
-					     NULL);
-    if(realm != NULL)
-	def_val = krb5_config_get_string_default(context, NULL, def_val,
-						 "appdefaults", 
-						 realm, 
-						 option, 
-						 NULL);
-    if(appname != NULL) {
-	def_val = krb5_config_get_string_default(context, NULL, def_val, 
-						 "appdefaults", 
-						 appname, 
-						 option, 
-						 NULL);
-	if(realm != NULL)
-	    def_val = krb5_config_get_string_default(context, NULL, def_val,
-						     "appdefaults", 
-						     appname, 
-						     realm, 
-						     option, 
-						     NULL);
-    }
-    if(def_val != NULL)
-	*ret_val = strdup(def_val);
-    else
-	*ret_val = NULL;
-}
-
-void
-krb5_appdefault_time(krb5_context context, const char *appname,
-		     krb5_const_realm realm, const char *option,
-		     time_t def_val, time_t *ret_val)
-{
-    time_t t;
-    char tstr[32];
-    char *val;
-    snprintf(tstr, sizeof(tstr), "%ld", (long)def_val);
-    krb5_appdefault_string(context, appname, realm, option, tstr, &val);
-    t = parse_time (val, NULL);
-    free(val);
-    *ret_val = t;
-}
diff --git a/crypto/heimdal/lib/krb5/asn1_glue.c b/crypto/heimdal/lib/krb5/asn1_glue.c
deleted file mode 100644
index ac83ff78bdce..000000000000
--- a/crypto/heimdal/lib/krb5/asn1_glue.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/*
- *
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: asn1_glue.c,v 1.7 1999/12/02 17:05:07 joda Exp $");
-
-krb5_error_code
-krb5_principal2principalname (PrincipalName *p,
-			      const krb5_principal from)
-{
-    return copy_PrincipalName(&from->name, p);
-}
-
-krb5_error_code
-principalname2krb5_principal (krb5_principal *principal,
-			      const PrincipalName from,
-			      const Realm realm)
-{
-    krb5_principal p = malloc(sizeof(*p));
-    copy_PrincipalName(&from, &p->name);
-    p->realm = strdup(realm);
-    *principal = p;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c
deleted file mode 100644
index 2e7a8f49cbb9..000000000000
--- a/crypto/heimdal/lib/krb5/auth_context.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $");
-
-krb5_error_code
-krb5_auth_con_init(krb5_context context,
-		   krb5_auth_context *auth_context)
-{
-    krb5_auth_context p;
-
-    ALLOC(p, 1);
-    if(!p) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset(p, 0, sizeof(*p));
-    ALLOC(p->authenticator, 1);
-    if (!p->authenticator) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(p);
-	return ENOMEM;
-    }
-    memset (p->authenticator, 0, sizeof(*p->authenticator));
-    p->flags = KRB5_AUTH_CONTEXT_DO_TIME;
-
-    p->local_address  = NULL;
-    p->remote_address = NULL;
-    p->local_port     = 0;
-    p->remote_port    = 0;
-    p->keytype        = KEYTYPE_NULL;
-    p->cksumtype      = CKSUMTYPE_NONE;
-    *auth_context     = p;
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_free(krb5_context context,
-		   krb5_auth_context auth_context)
-{
-    if (auth_context != NULL) {
-	krb5_free_authenticator(context, &auth_context->authenticator);
-	if(auth_context->local_address){
-	    free_HostAddress(auth_context->local_address);
-	    free(auth_context->local_address);
-	}
-	if(auth_context->remote_address){
-	    free_HostAddress(auth_context->remote_address);
-	    free(auth_context->remote_address);
-	}
-	krb5_free_keyblock(context, auth_context->keyblock);
-	krb5_free_keyblock(context, auth_context->remote_subkey);
-	krb5_free_keyblock(context, auth_context->local_subkey);
-	free (auth_context);
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_setflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t flags)
-{
-    auth_context->flags = flags;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_auth_con_getflags(krb5_context context,
-		       krb5_auth_context auth_context,
-		       int32_t *flags)
-{
-    *flags = auth_context->flags;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_auth_con_setaddrs(krb5_context context,
-		       krb5_auth_context auth_context,
-		       krb5_address *local_addr,
-		       krb5_address *remote_addr)
-{
-    if (local_addr) {
-	if (auth_context->local_address)
-	    krb5_free_address (context, auth_context->local_address);
-	else
-	    auth_context->local_address = malloc(sizeof(krb5_address));
-	krb5_copy_address(context, local_addr, auth_context->local_address);
-    }
-    if (remote_addr) {
-	if (auth_context->remote_address)
-	    krb5_free_address (context, auth_context->remote_address);
-	else
-	    auth_context->remote_address = malloc(sizeof(krb5_address));
-	krb5_copy_address(context, remote_addr, auth_context->remote_address);
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_genaddrs(krb5_context context, 
-		       krb5_auth_context auth_context, 
-		       int fd, int flags)
-{
-    krb5_error_code ret;
-    krb5_address local_k_address, remote_k_address;
-    krb5_address *lptr = NULL, *rptr = NULL;
-    struct sockaddr_storage ss_local, ss_remote;
-    struct sockaddr *local  = (struct sockaddr *)&ss_local;
-    struct sockaddr *remote = (struct sockaddr *)&ss_remote;
-    socklen_t len;
-
-    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
-	if (auth_context->local_address == NULL) {
-	    len = sizeof(ss_local);
-	    if(getsockname(fd, local, &len) < 0) {
-		ret = errno;
-		krb5_set_error_string (context, "getsockname: %s",
-				       strerror(ret));
-		goto out;
-	    }
-	    ret = krb5_sockaddr2address (context, local, &local_k_address);
-	    if(ret) goto out;
-	    if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
-		krb5_sockaddr2port (context, local, &auth_context->local_port);
-	    } else
-		auth_context->local_port = 0;
-	    lptr = &local_k_address;
-	}
-    }
-    if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
-	len = sizeof(ss_remote);
-	if(getpeername(fd, remote, &len) < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "getpeername: %s", strerror(ret));
-	    goto out;
-	}
-	ret = krb5_sockaddr2address (context, remote, &remote_k_address);
-	if(ret) goto out;
-	if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
-	    krb5_sockaddr2port (context, remote, &auth_context->remote_port);
-	} else
-	    auth_context->remote_port = 0;
-	rptr = &remote_k_address;
-    }
-    ret = krb5_auth_con_setaddrs (context,
-				  auth_context,
-				  lptr,
-				  rptr);
-  out:
-    if (lptr)
-	krb5_free_address (context, lptr);
-    if (rptr)
-	krb5_free_address (context, rptr);
-    return ret;
-
-}
-
-krb5_error_code
-krb5_auth_con_setaddrs_from_fd (krb5_context context,
-				krb5_auth_context auth_context,
-				void *p_fd)
-{
-    int fd = *(int*)p_fd;
-    int flags = 0;
-    if(auth_context->local_address == NULL)
-	flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
-    if(auth_context->remote_address == NULL)
-	flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
-    return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
-}
-
-krb5_error_code
-krb5_auth_con_getaddrs(krb5_context context,
-		       krb5_auth_context auth_context,
-		       krb5_address **local_addr,
-		       krb5_address **remote_addr)
-{
-    if(*local_addr)
-	krb5_free_address (context, *local_addr);
-    *local_addr = malloc (sizeof(**local_addr));
-    if (*local_addr == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_copy_address(context,
-		      auth_context->local_address,
-		      *local_addr);
-
-    if(*remote_addr)
-	krb5_free_address (context, *remote_addr);
-    *remote_addr = malloc (sizeof(**remote_addr));
-    if (*remote_addr == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	krb5_free_address (context, *local_addr);
-	*local_addr = NULL;
-	return ENOMEM;
-    }
-    krb5_copy_address(context,
-		      auth_context->remote_address,
-		      *remote_addr);
-    return 0;
-}
-
-static krb5_error_code
-copy_key(krb5_context context,
-	 krb5_keyblock *in,
-	 krb5_keyblock **out)
-{
-    if(in)
-	return krb5_copy_keyblock(context, in, out);
-    *out = NULL; /* is this right? */
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_getkey(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->keyblock, keyblock);
-}
-
-krb5_error_code
-krb5_auth_con_getlocalsubkey(krb5_context context,
-			     krb5_auth_context auth_context,
-			     krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->local_subkey, keyblock);
-}
-
-krb5_error_code
-krb5_auth_con_getremotesubkey(krb5_context context,
-			      krb5_auth_context auth_context,
-			      krb5_keyblock **keyblock)
-{
-    return copy_key(context, auth_context->remote_subkey, keyblock);
-}
-
-krb5_error_code
-krb5_auth_con_setkey(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_keyblock *keyblock)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    return copy_key(context, keyblock, &auth_context->keyblock);
-}
-
-krb5_error_code
-krb5_auth_con_setlocalsubkey(krb5_context context,
-			     krb5_auth_context auth_context,
-			     krb5_keyblock *keyblock)
-{
-    if(auth_context->local_subkey)
-	krb5_free_keyblock(context, auth_context->local_subkey);
-    return copy_key(context, keyblock, &auth_context->local_subkey);
-}
-
-krb5_error_code
-krb5_auth_con_generatelocalsubkey(krb5_context context,
-				  krb5_auth_context auth_context,
-				  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-
-    ret = krb5_generate_subkey (context, key, &subkey);
-    if(ret)
-	return ret;
-    if(auth_context->local_subkey)
-	krb5_free_keyblock(context, auth_context->local_subkey);
-    auth_context->local_subkey = subkey;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_auth_con_setremotesubkey(krb5_context context,
-			      krb5_auth_context auth_context,
-			      krb5_keyblock *keyblock)
-{
-    if(auth_context->remote_subkey)
-	krb5_free_keyblock(context, auth_context->remote_subkey);
-    return copy_key(context, keyblock, &auth_context->remote_subkey);
-}
-
-krb5_error_code
-krb5_auth_con_setcksumtype(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_cksumtype cksumtype)
-{
-    auth_context->cksumtype = cksumtype;
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_getcksumtype(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_cksumtype *cksumtype)
-{
-    *cksumtype = auth_context->cksumtype;
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_setkeytype (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_keytype keytype)
-{
-    auth_context->keytype = keytype;
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_getkeytype (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_keytype *keytype)
-{
-    *keytype = auth_context->keytype;
-    return 0;
-}
-
-#if 0
-krb5_error_code
-krb5_auth_con_setenctype(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_enctype etype)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    ALLOC(auth_context->keyblock, 1);
-    if(auth_context->keyblock == NULL)
-	return ENOMEM;
-    auth_context->keyblock->keytype = etype;
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_getenctype(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_enctype *etype)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_getenctype called");
-}
-#endif
-
-krb5_error_code
-krb5_auth_con_getlocalseqnumber(krb5_context context,
-			    krb5_auth_context auth_context,
-			    int32_t *seqnumber)
-{
-  *seqnumber = auth_context->local_seqnumber;
-  return 0;
-}
-
-krb5_error_code
-krb5_auth_con_setlocalseqnumber (krb5_context context,
-			     krb5_auth_context auth_context,
-			     int32_t seqnumber)
-{
-  auth_context->local_seqnumber = seqnumber;
-  return 0;
-}
-
-krb5_error_code
-krb5_auth_getremoteseqnumber(krb5_context context,
-			     krb5_auth_context auth_context,
-			     int32_t *seqnumber)
-{
-  *seqnumber = auth_context->remote_seqnumber;
-  return 0;
-}
-
-krb5_error_code
-krb5_auth_con_setremoteseqnumber (krb5_context context,
-			      krb5_auth_context auth_context,
-			      int32_t seqnumber)
-{
-  auth_context->remote_seqnumber = seqnumber;
-  return 0;
-}
-
-
-krb5_error_code
-krb5_auth_con_getauthenticator(krb5_context context,
-			   krb5_auth_context auth_context,
-			   krb5_authenticator *authenticator)
-{
-    *authenticator = malloc(sizeof(**authenticator));
-    if (*authenticator == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    copy_Authenticator(auth_context->authenticator,
-		       *authenticator);
-    return 0;
-}
-
-
-void
-krb5_free_authenticator(krb5_context context,
-			krb5_authenticator *authenticator)
-{
-    free_Authenticator (*authenticator);
-    free (*authenticator);
-    *authenticator = NULL;
-}
-
-
-krb5_error_code
-krb5_auth_con_setuserkey(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_keyblock *keyblock)
-{
-    if(auth_context->keyblock)
-	krb5_free_keyblock(context, auth_context->keyblock);
-    return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
-}
-
-krb5_error_code
-krb5_auth_con_getrcache(krb5_context context,
-			krb5_auth_context auth_context,
-			krb5_rcache *rcache)
-{
-    *rcache = auth_context->rcache;
-    return 0;
-}
-
-krb5_error_code
-krb5_auth_con_setrcache(krb5_context context,
-			krb5_auth_context auth_context,
-			krb5_rcache rcache)
-{
-    auth_context->rcache = rcache;
-    return 0;
-}
-
-#if 0 /* not implemented */
-
-krb5_error_code
-krb5_auth_con_initivector(krb5_context context,
-			  krb5_auth_context auth_context)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_con_initivector called");
-}
-
-
-krb5_error_code
-krb5_auth_con_setivector(krb5_context context,
-			 krb5_auth_context auth_context,
-			 krb5_pointer ivector)
-{
-    krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
-}
-
-#endif /* not implemented */
diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c
deleted file mode 100644
index cab5e6fd2df6..000000000000
--- a/crypto/heimdal/lib/krb5/build_ap_req.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
-
-krb5_error_code
-krb5_build_ap_req (krb5_context context,
-		   krb5_enctype enctype,
-		   krb5_creds *cred,
-		   krb5_flags ap_options,
-		   krb5_data authenticator,
-		   krb5_data *retdata)
-{
-  krb5_error_code ret = 0;
-  AP_REQ ap;
-  Ticket t;
-  size_t len;
-  
-  ap.pvno = 5;
-  ap.msg_type = krb_ap_req;
-  memset(&ap.ap_options, 0, sizeof(ap.ap_options));
-  ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
-  ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
-  
-  ap.ticket.tkt_vno = 5;
-  copy_Realm(&cred->server->realm, &ap.ticket.realm);
-  copy_PrincipalName(&cred->server->name, &ap.ticket.sname);
-
-  decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
-  copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
-  free_Ticket(&t);
-
-  ap.authenticator.etype = enctype;
-  ap.authenticator.kvno  = NULL;
-  ap.authenticator.cipher = authenticator;
-
-  ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
-		     &ap, &len, ret);
-
-  free_AP_REQ(&ap);
-  return ret;
-
-}
diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c
deleted file mode 100644
index 9a2ca3e28ebf..000000000000
--- a/crypto/heimdal/lib/krb5/build_auth.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $");
-
-krb5_error_code
-krb5_build_authenticator (krb5_context context,
-			  krb5_auth_context auth_context,
-			  krb5_enctype enctype,
-			  krb5_creds *cred,
-			  Checksum *cksum,
-			  Authenticator **auth_result,
-			  krb5_data *result,
-			  krb5_key_usage usage)
-{
-  Authenticator *auth;
-  u_char *buf = NULL;
-  size_t buf_size;
-  size_t len;
-  krb5_error_code ret;
-  krb5_crypto crypto;
-
-  auth = malloc(sizeof(*auth));
-  if (auth == NULL) {
-      krb5_set_error_string(context, "malloc: out of memory");
-      return ENOMEM;
-  }
-
-  memset (auth, 0, sizeof(*auth));
-  auth->authenticator_vno = 5;
-  copy_Realm(&cred->client->realm, &auth->crealm);
-  copy_PrincipalName(&cred->client->name, &auth->cname);
-
-  {
-      int32_t sec, usec;
-
-      krb5_us_timeofday (context, &sec, &usec);
-      auth->ctime = sec;
-      auth->cusec = usec;
-  }
-  ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey);
-  if(ret)
-      goto fail;
-
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-    krb5_generate_seq_number (context,
-			      &cred->session, 
-			      &auth_context->local_seqnumber);
-    ALLOC(auth->seq_number, 1);
-    *auth->seq_number = auth_context->local_seqnumber;
-  } else
-    auth->seq_number = NULL;
-  auth->authorization_data = NULL;
-  auth->cksum = cksum;
-
-  /* XXX - Copy more to auth_context? */
-
-  if (auth_context) {
-    auth_context->authenticator->ctime = auth->ctime;
-    auth_context->authenticator->cusec = auth->cusec;
-  }
-
-  ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
-
-  if (ret)
-      goto fail;
-
-  ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
-  if (ret)
-      goto fail;
-  ret = krb5_encrypt (context,
-		      crypto,
-		      usage /* KRB5_KU_AP_REQ_AUTH */,
-		      buf + buf_size - len, 
-		      len,
-		      result);
-  krb5_crypto_destroy(context, crypto);
-
-  if (ret)
-      goto fail;
-
-  free (buf);
-
-  if (auth_result)
-    *auth_result = auth;
-  else {
-    /* Don't free the `cksum', it's allocated by the caller */
-    auth->cksum = NULL;
-    free_Authenticator (auth);
-    free (auth);
-  }
-  return ret;
-fail:
-  free_Authenticator (auth);
-  free (auth);
-  free (buf);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c
deleted file mode 100644
index 26cda9a62604..000000000000
--- a/crypto/heimdal/lib/krb5/cache.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: cache.c,v 1.52 2003/03/16 18:23:59 lha Exp $");
-
-/*
- * Add a new ccache type with operations `ops', overwriting any
- * existing one if `override'.
- * Return an error code or 0.
- */
-
-krb5_error_code
-krb5_cc_register(krb5_context context, 
-		 const krb5_cc_ops *ops, 
-		 krb5_boolean override)
-{
-    int i;
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
-	    if(!override) {
-		krb5_set_error_string(context,
-				      "ccache type %s already exists",
-				      ops->prefix);
-		return KRB5_CC_TYPE_EXISTS;
-	    }
-	    break;
-	}
-    }
-    if(i == context->num_cc_ops) {
-	krb5_cc_ops *o = realloc(context->cc_ops,
-				 (context->num_cc_ops + 1) *
-				 sizeof(*context->cc_ops));
-	if(o == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return KRB5_CC_NOMEM;
-	}
-	context->num_cc_ops++;
-	context->cc_ops = o;
-	memset(context->cc_ops + i, 0, 
-	       (context->num_cc_ops - i) * sizeof(*context->cc_ops));
-    }
-    memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
-    return 0;
-}
-
-/*
- * Allocate memory for a new ccache in `id' with operations `ops'
- * and name `residual'.
- * Return 0 or an error code.
- */
-
-static krb5_error_code
-allocate_ccache (krb5_context context,
-		 const krb5_cc_ops *ops,
-		 const char *residual,
-		 krb5_ccache *id)
-{
-    krb5_error_code ret;
-    krb5_ccache p;
-
-    p = malloc(sizeof(*p));
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    p->ops = ops;
-    *id = p;
-    ret = p->ops->resolve(context, id, residual);
-    if(ret)
-	free(p);
-    return ret;
-}
-
-/*
- * Find and allocate a ccache in `id' from the specification in `residual'.
- * If the ccache name doesn't contain any colon, interpret it as a file name.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_resolve(krb5_context context,
-		const char *name,
-		krb5_ccache *id)
-{
-    int i;
-
-    for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
-	size_t prefix_len = strlen(context->cc_ops[i].prefix);
-
-	if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
-	   && name[prefix_len] == ':') {
-	    return allocate_ccache (context, &context->cc_ops[i],
-				    name + prefix_len + 1,
-				    id);
-	}
-    }
-    if (strchr (name, ':') == NULL)
-	return allocate_ccache (context, &krb5_fcc_ops, name, id);
-    else {
-	krb5_set_error_string(context, "unknown ccache type %s", name);
-	return KRB5_CC_UNKNOWN_TYPE;
-    }
-}
-
-/*
- * Generate a new ccache of type `ops' in `id'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_gen_new(krb5_context context,
-		const krb5_cc_ops *ops,
-		krb5_ccache *id)
-{
-    krb5_ccache p;
-
-    p = malloc (sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    p->ops = ops;
-    *id = p;
-    return p->ops->gen_new(context, id);
-}
-
-/*
- * Return the name of the ccache `id'
- */
-
-const char*
-krb5_cc_get_name(krb5_context context,
-		 krb5_ccache id)
-{
-    return id->ops->get_name(context, id);
-}
-
-/*
- * Return the type of the ccache `id'.
- */
-
-const char*
-krb5_cc_get_type(krb5_context context,
-		 krb5_ccache id)
-{
-    return id->ops->prefix;
-}
-
-/*
- * Return krb5_cc_ops of a the ccache `id'.
- */
-
-const krb5_cc_ops *
-krb5_cc_get_ops(krb5_context context, krb5_ccache id)
-{
-    return id->ops;
-}
-
-/*
- * Set the default cc name for `context' to `name'.
- */
-
-krb5_error_code
-krb5_cc_set_default_name(krb5_context context, const char *name)
-{
-    krb5_error_code ret = 0;
-    char *p;
-
-    if (name == NULL) {
-	char *e;
-	e = getenv("KRB5CCNAME");
-	if (e)
-	    p = strdup(e);
-	else
-	    asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid());
-    } else
-	p = strdup(name);
-
-    if (p == NULL)
-	return ENOMEM;
-
-    if (context->default_cc_name)
-	free(context->default_cc_name);
-
-    context->default_cc_name = p;
-
-    return ret;
-}
-
-/*
- * Return a pointer to a context static string containing the default ccache name.
- */
-
-const char*
-krb5_cc_default_name(krb5_context context)
-{
-    if (context->default_cc_name == NULL)
-	krb5_cc_set_default_name(context, NULL);
-
-    return context->default_cc_name;
-}
-
-/*
- * Open the default ccache in `id'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_default(krb5_context context,
-		krb5_ccache *id)
-{
-    const char *p = krb5_cc_default_name(context);
-
-    if (p == NULL)
-	return ENOMEM;
-    return krb5_cc_resolve(context, p, id);
-}
-
-/*
- * Create a new ccache in `id' for `primary_principal'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_initialize(krb5_context context,
-		   krb5_ccache id,
-		   krb5_principal primary_principal)
-{
-    return id->ops->init(context, id, primary_principal);
-}
-
-
-/*
- * Remove the ccache `id'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_destroy(krb5_context context,
-		krb5_ccache id)
-{
-    krb5_error_code ret;
-
-    ret = id->ops->destroy(context, id);
-    krb5_cc_close (context, id);
-    return ret;
-}
-
-/*
- * Stop using the ccache `id' and free the related resources.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_close(krb5_context context,
-	      krb5_ccache id)
-{
-    krb5_error_code ret;
-    ret = id->ops->close(context, id);
-    free(id);
-    return ret;
-}
-
-/*
- * Store `creds' in the ccache `id'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_store_cred(krb5_context context,
-		   krb5_ccache id,
-		   krb5_creds *creds)
-{
-    return id->ops->store(context, id, creds);
-}
-
-/*
- * Retrieve the credential identified by `mcreds' (and `whichfields')
- * from `id' in `creds'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_retrieve_cred(krb5_context context,
-		      krb5_ccache id,
-		      krb5_flags whichfields,
-		      const krb5_creds *mcreds,
-		      krb5_creds *creds)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-    krb5_cc_start_seq_get(context, id, &cursor);
-    while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
-	if(krb5_compare_creds(context, whichfields, mcreds, creds)){
-	    ret = 0;
-	    break;
-	}
-	krb5_free_creds_contents (context, creds);
-    }
-    krb5_cc_end_seq_get(context, id, &cursor);
-    return ret;
-}
-
-/*
- * Return the principal of `id' in `principal'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_get_principal(krb5_context context,
-		      krb5_ccache id,
-		      krb5_principal *principal)
-{
-    return id->ops->get_princ(context, id, principal);
-}
-
-/*
- * Start iterating over `id', `cursor' is initialized to the
- * beginning.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_start_seq_get (krb5_context context,
-		       const krb5_ccache id,
-		       krb5_cc_cursor *cursor)
-{
-    return id->ops->get_first(context, id, cursor);
-}
-
-/*
- * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
- * and advance `cursor'.
- * Return 0 or an error code.
- */
-
-krb5_error_code
-krb5_cc_next_cred (krb5_context context,
-		   const krb5_ccache id,
-		   krb5_cc_cursor *cursor,
-		   krb5_creds *creds)
-{
-    return id->ops->get_next(context, id, cursor, creds);
-}
-
-/*
- * Destroy the cursor `cursor'.
- */
-
-krb5_error_code
-krb5_cc_end_seq_get (krb5_context context,
-		     const krb5_ccache id,
-		     krb5_cc_cursor *cursor)
-{
-    return id->ops->end_get(context, id, cursor);
-}
-
-/*
- * Remove the credential identified by `cred', `which' from `id'.
- */
-
-krb5_error_code
-krb5_cc_remove_cred(krb5_context context,
-		    krb5_ccache id,
-		    krb5_flags which,
-		    krb5_creds *cred)
-{
-    if(id->ops->remove_cred == NULL) {
-	krb5_set_error_string(context,
-			      "ccache %s does not support remove_cred",
-			      id->ops->prefix);
-	return EACCES; /* XXX */
-    }
-    return (*id->ops->remove_cred)(context, id, which, cred);
-}
-
-/*
- * Set the flags of `id' to `flags'.
- */
-
-krb5_error_code
-krb5_cc_set_flags(krb5_context context,
-		  krb5_ccache id,
-		  krb5_flags flags)
-{
-    return id->ops->set_flags(context, id, flags);
-}
-		    
-/*
- * Copy the contents of `from' to `to'.
- */
-
-krb5_error_code
-krb5_cc_copy_cache(krb5_context context,
-		   const krb5_ccache from,
-		   krb5_ccache to)
-{
-    krb5_error_code ret;
-    krb5_cc_cursor cursor;
-    krb5_creds cred;
-    krb5_principal princ;
-
-    ret = krb5_cc_get_principal(context, from, &princ);
-    if(ret)
-	return ret;
-    ret = krb5_cc_initialize(context, to, princ);
-    if(ret){
-	krb5_free_principal(context, princ);
-	return ret;
-    }
-    ret = krb5_cc_start_seq_get(context, from, &cursor);
-    if(ret){
-	krb5_free_principal(context, princ);
-	return ret;
-    }
-    while(ret == 0 && krb5_cc_next_cred(context, from, &cursor, &cred) == 0){
-	ret = krb5_cc_store_cred(context, to, &cred);
-	krb5_free_creds_contents (context, &cred);
-    }
-    krb5_cc_end_seq_get(context, from, &cursor);
-    krb5_free_principal(context, princ);
-    return ret;
-}
-
-/*
- * Return the version of `id'.
- */
-
-krb5_error_code
-krb5_cc_get_version(krb5_context context,
-		    const krb5_ccache id)
-{
-    if(id->ops->get_version)
-	return id->ops->get_version(context, id);
-    else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
deleted file mode 100644
index a17bf2b37e67..000000000000
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: changepw.c,v 1.38 2002/09/29 11:48:34 joda Exp $");
-
-static krb5_error_code
-send_request (krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_creds *creds,
-	      int sock,
-	      char *passwd,
-	      const char *host)
-{
-    krb5_error_code ret;
-    krb5_data ap_req_data;
-    krb5_data krb_priv_data;
-    krb5_data passwd_data;
-    size_t len;
-    u_char header[6];
-    u_char *p;
-    struct iovec iov[3];
-    struct msghdr msghdr;
-
-    krb5_data_zero (&ap_req_data);
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
-				NULL, /* in_data */
-				creds,
-				&ap_req_data);
-    if (ret)
-	return ret;
-
-    passwd_data.data   = passwd;
-    passwd_data.length = strlen(passwd);
-
-    krb5_data_zero (&krb_priv_data);
-
-    ret = krb5_mk_priv (context,
-			*auth_context,
-			&passwd_data,
-			&krb_priv_data,
-			NULL);
-    if (ret)
-	goto out2;
-
-    len = 6 + ap_req_data.length + krb_priv_data.length;
-    p = header;
-    *p++ = (len >> 8) & 0xFF;
-    *p++ = (len >> 0) & 0xFF;
-    *p++ = 0;
-    *p++ = 1;
-    *p++ = (ap_req_data.length >> 8) & 0xFF;
-    *p++ = (ap_req_data.length >> 0) & 0xFF;
-
-    memset(&msghdr, 0, sizeof(msghdr));
-    msghdr.msg_name       = NULL;
-    msghdr.msg_namelen    = 0;
-    msghdr.msg_iov        = iov;
-    msghdr.msg_iovlen     = sizeof(iov)/sizeof(*iov);
-#if 0
-    msghdr.msg_control    = NULL;
-    msghdr.msg_controllen = 0;
-#endif
-
-    iov[0].iov_base    = (void*)header;
-    iov[0].iov_len     = 6;
-    iov[1].iov_base    = ap_req_data.data;
-    iov[1].iov_len     = ap_req_data.length;
-    iov[2].iov_base    = krb_priv_data.data;
-    iov[2].iov_len     = krb_priv_data.length;
-
-    if (sendmsg (sock, &msghdr, 0) < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
-    }
-
-    krb5_data_free (&krb_priv_data);
-out2:
-    krb5_data_free (&ap_req_data);
-    return ret;
-}
-
-static void
-str2data (krb5_data *d,
-	  const char *fmt,
-	  ...) __attribute__ ((format (printf, 2, 3)));
-
-static void
-str2data (krb5_data *d,
-	  const char *fmt,
-	  ...)
-{
-    va_list args;
-
-    va_start(args, fmt);
-    d->length = vasprintf ((char **)&d->data, fmt, args);
-    va_end(args);
-}
-
-static krb5_error_code
-process_reply (krb5_context context,
-	       krb5_auth_context auth_context,
-	       int sock,
-	       int *result_code,
-	       krb5_data *result_code_string,
-	       krb5_data *result_string,
-	       const char *host)
-{
-    krb5_error_code ret;
-    u_char reply[BUFSIZ];
-    size_t len;
-    u_int16_t pkt_len, pkt_ver;
-    krb5_data ap_rep_data, priv_data;
-    int save_errno;
-
-    ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
-    if (ret < 0) {
-	save_errno = errno;
-	krb5_set_error_string(context, "recvfrom %s: %s",
-			      host, strerror(save_errno));
-	return save_errno;
-    }
-
-    len = ret;
-    pkt_len = (reply[0] << 8) | (reply[1]);
-    pkt_ver = (reply[2] << 8) | (reply[3]);
-
-    if (pkt_len != len) {
-	str2data (result_string, "client: wrong len in reply");
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-    if (pkt_ver != 0x0001) {
-	str2data (result_string,
-		  "client: wrong version number (%d)", pkt_ver);
-	*result_code = KRB5_KPASSWD_MALFORMED;
-	return 0;
-    }
-
-    ap_rep_data.data = reply + 6;
-    ap_rep_data.length  = (reply[4] << 8) | (reply[5]);
-    priv_data.data   = (u_char*)ap_rep_data.data + ap_rep_data.length;
-    priv_data.length = len - ap_rep_data.length - 6;
-    if ((u_char *)priv_data.data + priv_data.length > reply + len)
-	return KRB5_KPASSWD_MALFORMED;
-  
-    if (ap_rep_data.length) {
-	krb5_ap_rep_enc_part *ap_rep;
-	u_char *p;
-
-	ret = krb5_rd_rep (context,
-			   auth_context,
-			   &ap_rep_data,
-			   &ap_rep);
-	if (ret)
-	    return ret;
-
-	krb5_free_ap_rep_enc_part (context, ap_rep);
-
-	ret = krb5_rd_priv (context,
-			    auth_context,
-			    &priv_data,
-			    result_code_string,
-			    NULL);
-	if (ret) {
-	    krb5_data_free (result_code_string);
-	    return ret;
-	}
-
-	if (result_code_string->length < 2) {
-	    *result_code = KRB5_KPASSWD_MALFORMED;
-	    str2data (result_string,
-		      "client: bad length in result");
-	    return 0;
-	}
-	p = result_code_string->data;
-      
-	*result_code = (p[0] << 8) | p[1];
-	krb5_data_copy (result_string,
-			(unsigned char*)result_code_string->data + 2,
-			result_code_string->length - 2);
-	return 0;
-    } else {
-	KRB_ERROR error;
-	size_t size;
-	u_char *p;
-      
-	ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
-	if (ret) {
-	    return ret;
-	}
-	if (error.e_data->length < 2) {
-	    krb5_warnx (context, "too short e_data to print anything usable");
-	    return 1;		/* XXX */
-	}
-
-	p = error.e_data->data;
-	*result_code = (p[0] << 8) | p[1];
-	krb5_data_copy (result_string,
-			p + 2,
-			error.e_data->length - 2);
-	return 0;
-    }
-}
-
-/*
- * change the password using the credentials in `creds' (for the
- * principal indicated in them) to `newpw', storing the result of
- * the operation in `result_*' and an error code or 0.
- */
-
-krb5_error_code
-krb5_change_password (krb5_context	context,
-		      krb5_creds	*creds,
-		      char		*newpw,
-		      int		*result_code,
-		      krb5_data		*result_code_string,
-		      krb5_data		*result_string)
-{
-    krb5_error_code ret;
-    krb5_auth_context auth_context = NULL;
-    krb5_krbhst_handle handle = NULL;
-    krb5_krbhst_info *hi;
-    int sock;
-    int i;
-    int done = 0;
-    krb5_realm realm = creds->client->realm;
-
-    ret = krb5_auth_con_init (context, &auth_context);
-    if (ret)
-	return ret;
-
-    krb5_auth_con_setflags (context, auth_context,
-			    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-    ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
-    if (ret)
-	goto out;
-
-    while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
-	struct addrinfo *ai, *a;
-
-	ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
-	if (ret)
-	    continue;
-
-	for (a = ai; !done && a != NULL; a = a->ai_next) {
-	    int replied = 0;
-
-	    sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	    if (sock < 0)
-		continue;
-
-	    ret = connect(sock, a->ai_addr, a->ai_addrlen);
-	    if (ret < 0) {
-		close (sock);
-		goto out;
-	    }
-
-	    ret = krb5_auth_con_genaddrs (context, auth_context, sock,
-					  KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
-	    if (ret) {
-		close (sock);
-		goto out;
-	    }
-
-	    for (i = 0; !done && i < 5; ++i) {
-		fd_set fdset;
-		struct timeval tv;
-
-		if (!replied) {
-		    replied = 0;
-		    ret = send_request (context,
-					&auth_context,
-					creds,
-					sock,
-					newpw,
-					hi->hostname);
-		    if (ret) {
-			close(sock);
-			goto out;
-		    }
-		}
-	    
-		if (sock >= FD_SETSIZE) {
-		    krb5_set_error_string(context, "fd %d too large", sock);
-		    ret = ERANGE;
-		    close (sock);
-		    goto out;
-		}
-
-		FD_ZERO(&fdset);
-		FD_SET(sock, &fdset);
-		tv.tv_usec = 0;
-		tv.tv_sec  = 1 + (1 << i);
-
-		ret = select (sock + 1, &fdset, NULL, NULL, &tv);
-		if (ret < 0 && errno != EINTR) {
-		    close(sock);
-		    goto out;
-		}
-		if (ret == 1) {
-		    ret = process_reply (context,
-					 auth_context,
-					 sock,
-					 result_code,
-					 result_code_string,
-					 result_string,
-					 hi->hostname);
-		    if (ret == 0)
-			done = 1;
-		    else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
-			replied = 1;
-		} else {
-		    ret = KRB5_KDC_UNREACH;
-		}
-	    }
-	    close (sock);
-	}
-    }
-
- out:
-    krb5_krbhst_free (context, handle);
-    krb5_auth_con_free (context, auth_context);
-    if (done)
-	return 0;
-    else {
-	if (ret == KRB5_KDC_UNREACH)
-	    krb5_set_error_string(context,
-				  "unable to reach any changepw server "
-				  " in realm %s", realm);
-	return ret;
-    }
-}
-
-const char *
-krb5_passwd_result_to_string (krb5_context context,
-			      int result)
-{
-    static const char *strings[] = {
-	"Success",
-	"Malformed",
-	"Hard error",
-	"Auth error",
-	"Soft error" 
-    };
-
-    if (result < 0 || result > KRB5_KPASSWD_SOFTERROR)
-	return "unknown result code";
-    else
-	return strings[result];
-}
diff --git a/crypto/heimdal/lib/krb5/codec.c b/crypto/heimdal/lib/krb5/codec.c
deleted file mode 100644
index 6a49e68ec9ab..000000000000
--- a/crypto/heimdal/lib/krb5/codec.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: codec.c,v 1.7 2001/05/16 22:08:08 assar Exp $");
-
-krb5_error_code
-krb5_decode_EncTicketPart (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   EncTicketPart *t,
-			   size_t *len)
-{
-    return decode_EncTicketPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_EncTicketPart (krb5_context context,
-			   void *data,
-			   size_t length,
-			   EncTicketPart *t,
-			   size_t *len)
-{
-    return encode_EncTicketPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_decode_EncASRepPart (krb5_context context,
-			  const void *data,
-			  size_t length,
-			  EncASRepPart *t,
-			  size_t *len)
-{
-    return decode_EncASRepPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_EncASRepPart (krb5_context context,
-			  void *data,
-			  size_t length,
-			  EncASRepPart *t,
-			  size_t *len)
-{
-    return encode_EncASRepPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_decode_EncTGSRepPart (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   EncTGSRepPart *t,
-			   size_t *len)
-{
-    return decode_EncTGSRepPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_EncTGSRepPart (krb5_context context,
-			   void *data,
-			   size_t length,
-			   EncTGSRepPart *t,
-			   size_t *len)
-{
-    return encode_EncTGSRepPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_decode_EncAPRepPart (krb5_context context,
-			  const void *data,
-			  size_t length,
-			  EncAPRepPart *t,
-			  size_t *len)
-{
-    return decode_EncAPRepPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_EncAPRepPart (krb5_context context,
-			  void *data,
-			  size_t length,
-			  EncAPRepPart *t,
-			  size_t *len)
-{
-    return encode_EncAPRepPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_decode_Authenticator (krb5_context context,
-			   const void *data,
-			   size_t length,
-			   Authenticator *t,
-			   size_t *len)
-{
-    return decode_Authenticator(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_Authenticator (krb5_context context,
-			   void *data,
-			   size_t length,
-			   Authenticator *t,
-			   size_t *len)
-{
-    return encode_Authenticator(data, length, t, len);
-}
-
-krb5_error_code
-krb5_decode_EncKrbCredPart (krb5_context context,
-			    const void *data,
-			    size_t length,
-			    EncKrbCredPart *t,
-			    size_t *len)
-{
-    return decode_EncKrbCredPart(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_EncKrbCredPart (krb5_context context,
-			    void *data,
-			    size_t length,
-			    EncKrbCredPart *t,
-			    size_t *len)
-{
-    return encode_EncKrbCredPart (data, length, t, len);
-}
-
-krb5_error_code
-krb5_decode_ETYPE_INFO (krb5_context context,
-			const void *data,
-			size_t length,
-			ETYPE_INFO *t,
-			size_t *len)
-{
-    return decode_ETYPE_INFO(data, length, t, len);
-}
-
-krb5_error_code
-krb5_encode_ETYPE_INFO (krb5_context context,
-			void *data,
-			size_t length,
-			ETYPE_INFO *t,
-			size_t *len)
-{
-    return encode_ETYPE_INFO (data, length, t, len);
-}
diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c
deleted file mode 100644
index 845b14c180a2..000000000000
--- a/crypto/heimdal/lib/krb5/config_file.c
+++ /dev/null
@@ -1,717 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $");
-
-#ifndef HAVE_NETINFO
-
-static krb5_error_code parse_section(char *p, krb5_config_section **s,
-				     krb5_config_section **res,
-				     const char **error_message);
-static krb5_error_code parse_binding(FILE *f, unsigned *lineno, char *p,
-				     krb5_config_binding **b,
-				     krb5_config_binding **parent,
-				     const char **error_message);
-static krb5_error_code parse_list(FILE *f, unsigned *lineno,
-				  krb5_config_binding **parent,
-				  const char **error_message);
-
-static krb5_config_section *
-get_entry(krb5_config_section **parent, const char *name, int type)
-{
-    krb5_config_section **q;
-
-    for(q = parent; *q != NULL; q = &(*q)->next)
-	if(type == krb5_config_list && 
-	   type == (*q)->type &&
-	   strcmp(name, (*q)->name) == 0)
-	    return *q;
-    *q = calloc(1, sizeof(**q));
-    if(*q == NULL)
-	return NULL;
-    (*q)->name = strdup(name);
-    (*q)->type = type;
-    if((*q)->name == NULL) {
-	free(*q);
-	*q = NULL;
-	return NULL;
-    }
-    return *q;
-}
-
-/*
- * Parse a section:
- *
- * [section]
- *	foo = bar
- *	b = {
- *		a
- *	    }
- * ...
- * 
- * starting at the line in `p', storing the resulting structure in
- * `s' and hooking it into `parent'.
- * Store the error message in `error_message'.
- */
-
-static krb5_error_code
-parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
-	      const char **error_message)
-{
-    char *p1;
-    krb5_config_section *tmp;
-
-    p1 = strchr (p + 1, ']');
-    if (p1 == NULL) {
-	*error_message = "missing ]";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    *p1 = '\0';
-    tmp = get_entry(parent, p + 1, krb5_config_list);
-    if(tmp == NULL) {
-	*error_message = "out of memory";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    *s = tmp;
-    return 0;
-}
-
-/*
- * Parse a brace-enclosed list from `f', hooking in the structure at
- * `parent'.
- * Store the error message in `error_message'.
- */
-
-static int
-parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent,
-	   const char **error_message)
-{
-    char buf[BUFSIZ];
-    int ret;
-    krb5_config_binding *b = NULL;
-    unsigned beg_lineno = *lineno;
-
-    while(fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-
-	++*lineno;
-	if (buf[strlen(buf) - 1] == '\n')
-	    buf[strlen(buf) - 1] = '\0';
-	p = buf;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '#' || *p == ';' || *p == '\0')
-	    continue;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '}')
-	    return 0;
-	if (*p == '\0')
-	    continue;
-	ret = parse_binding (f, lineno, p, &b, parent, error_message);
-	if (ret)
-	    return ret;
-    }
-    *lineno = beg_lineno;
-    *error_message = "unclosed {";
-    return KRB5_CONFIG_BADFORMAT;
-}
-
-/*
- *
- */
-
-static int
-parse_binding(FILE *f, unsigned *lineno, char *p,
-	      krb5_config_binding **b, krb5_config_binding **parent,
-	      const char **error_message)
-{
-    krb5_config_binding *tmp;
-    char *p1, *p2;
-    int ret = 0;
-
-    p1 = p;
-    while (*p && *p != '=' && !isspace((unsigned char)*p))
-	++p;
-    if (*p == '\0') {
-	*error_message = "missing =";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    p2 = p;
-    while (isspace((unsigned char)*p))
-	++p;
-    if (*p != '=') {
-	*error_message = "missing =";
-	return KRB5_CONFIG_BADFORMAT;
-    }
-    ++p;
-    while(isspace((unsigned char)*p))
-	++p;
-    *p2 = '\0';
-    if (*p == '{') {
-	tmp = get_entry(parent, p1, krb5_config_list);
-	if (tmp == NULL) {
-	    *error_message = "out of memory";
-	    return KRB5_CONFIG_BADFORMAT;
-	}
-	ret = parse_list (f, lineno, &tmp->u.list, error_message);
-    } else {
-	tmp = get_entry(parent, p1, krb5_config_string);
-	if (tmp == NULL) {
-	    *error_message = "out of memory";
-	    return KRB5_CONFIG_BADFORMAT;
-	}
-	p1 = p;
-	p = p1 + strlen(p1);
-	while(p > p1 && isspace((unsigned char)*(p-1)))
-	    --p;
-	*p = '\0';
-	tmp->u.string = strdup(p1);
-    }
-    *b = tmp;
-    return ret;
-}
-
-/*
- * Parse the config file `fname', generating the structures into `res'
- * returning error messages in `error_message'
- */
-
-static krb5_error_code
-krb5_config_parse_file_debug (const char *fname,
-			      krb5_config_section **res,
-			      unsigned *lineno,
-			      const char **error_message)
-{
-    FILE *f;
-    krb5_config_section *s;
-    krb5_config_binding *b;
-    char buf[BUFSIZ];
-    krb5_error_code ret = 0;
-
-    s = NULL;
-    b = NULL;
-    *lineno = 0;
-    f = fopen (fname, "r");
-    if (f == NULL) {
-	*error_message = "cannot open file";
-	return ENOENT;
-    }
-    while (fgets(buf, sizeof(buf), f) != NULL) {
-	char *p;
-
-	++*lineno;
-	if(buf[strlen(buf) - 1] == '\n')
-	    buf[strlen(buf) - 1] = '\0';
-	p = buf;
-	while(isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '#' || *p == ';')
-	    continue;
-	if (*p == '[') {
-	    ret = parse_section(p, &s, res, error_message);
-	    if (ret) {
-		goto out;
-	    }
-	    b = NULL;
-	} else if (*p == '}') {
-	    *error_message = "unmatched }";
-	    ret = EINVAL;	/* XXX */
-	    goto out;
-	} else if(*p != '\0') {
-	    ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
-	    if (ret)
-		goto out;
-	}
-    }
-out:
-    fclose (f);
-    return ret;
-}
-
-krb5_error_code
-krb5_config_parse_file_multi (krb5_context context,
-			      const char *fname,
-			      krb5_config_section **res)
-{
-    const char *str;
-    unsigned lineno;
-    krb5_error_code ret;
-
-    ret = krb5_config_parse_file_debug (fname, res, &lineno, &str);
-    if (ret) {
-	krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_config_parse_file (krb5_context context,
-			const char *fname,
-			krb5_config_section **res)
-{
-    *res = NULL;
-    return krb5_config_parse_file_multi(context, fname, res);
-}
-
-#endif /* !HAVE_NETINFO */
-
-static void
-free_binding (krb5_context context, krb5_config_binding *b)
-{
-    krb5_config_binding *next_b;
-
-    while (b) {
-	free (b->name);
-	if (b->type == krb5_config_string)
-	    free (b->u.string);
-	else if (b->type == krb5_config_list)
-	    free_binding (context, b->u.list);
-	else
-	    krb5_abortx(context, "unknown binding type (%d) in free_binding", 
-			b->type);
-	next_b = b->next;
-	free (b);
-	b = next_b;
-    }
-}
-
-krb5_error_code
-krb5_config_file_free (krb5_context context, krb5_config_section *s)
-{
-    free_binding (context, s);
-    return 0;
-}
-
-const void *
-krb5_config_get_next (krb5_context context,
-		      const krb5_config_section *c,
-		      const krb5_config_binding **pointer,
-		      int type,
-		      ...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, type);
-    ret = krb5_config_vget_next (context, c, pointer, type, args);
-    va_end(args);
-    return ret;
-}
-
-static const void *
-vget_next(krb5_context context,
-	  const krb5_config_binding *b,
-	  const krb5_config_binding **pointer,
-	  int type,
-	  const char *name,
-	  va_list args)
-{
-    const char *p = va_arg(args, const char *);
-    while(b != NULL) {
-	if(strcmp(b->name, name) == 0) {
-	    if(b->type == type && p == NULL) {
-		*pointer = b;
-		return b->u.generic;
-	    } else if(b->type == krb5_config_list && p != NULL) {
-		return vget_next(context, b->u.list, pointer, type, p, args);
-	    }
-	}
-	b = b->next;
-    }
-    return NULL;
-}
-
-const void *
-krb5_config_vget_next (krb5_context context,
-		       const krb5_config_section *c,
-		       const krb5_config_binding **pointer,
-		       int type,
-		       va_list args)
-{
-    const krb5_config_binding *b;
-    const char *p;
-
-    if(c == NULL)
-	c = context->cf;
-
-    if (c == NULL)
-	return NULL;
-
-    if (*pointer == NULL) {
-	/* first time here, walk down the tree looking for the right
-           section */
-	p = va_arg(args, const char *);
-	if (p == NULL)
-	    return NULL;
-	return vget_next(context, c, pointer, type, p, args);
-    }
-
-    /* we were called again, so just look for more entries with the
-       same name and type */
-    for (b = (*pointer)->next; b != NULL; b = b->next) {
-	if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
-	    *pointer = b;
-	    return b->u.generic;
-	}
-    }
-    return NULL;
-}
-
-const void *
-krb5_config_get (krb5_context context,
-		 const krb5_config_section *c,
-		 int type,
-		 ...)
-{
-    const void *ret;
-    va_list args;
-
-    va_start(args, type);
-    ret = krb5_config_vget (context, c, type, args);
-    va_end(args);
-    return ret;
-}
-
-const void *
-krb5_config_vget (krb5_context context,
-		  const krb5_config_section *c,
-		  int type,
-		  va_list args)
-{
-    const krb5_config_binding *foo = NULL;
-
-    return krb5_config_vget_next (context, c, &foo, type, args);
-}
-
-const krb5_config_binding *
-krb5_config_get_list (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    const krb5_config_binding *ret;
-    va_list args;
-
-    va_start(args, c);
-    ret = krb5_config_vget_list (context, c, args);
-    va_end(args);
-    return ret;
-}
-
-const krb5_config_binding *
-krb5_config_vget_list (krb5_context context,
-		       const krb5_config_section *c,
-		       va_list args)
-{
-    return krb5_config_vget (context, c, krb5_config_list, args);
-}
-
-const char *
-krb5_config_get_string (krb5_context context,
-			const krb5_config_section *c,
-			...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, c);
-    ret = krb5_config_vget_string (context, c, args);
-    va_end(args);
-    return ret;
-}
-
-const char *
-krb5_config_vget_string (krb5_context context,
-			 const krb5_config_section *c,
-			 va_list args)
-{
-    return krb5_config_vget (context, c, krb5_config_string, args);
-}
-
-const char *
-krb5_config_vget_string_default (krb5_context context,
-				 const krb5_config_section *c,
-				 const char *def_value,
-				 va_list args)
-{
-    const char *ret;
-
-    ret = krb5_config_vget_string (context, c, args);
-    if (ret == NULL)
-	ret = def_value;
-    return ret;
-}
-
-const char *
-krb5_config_get_string_default (krb5_context context,
-				const krb5_config_section *c,
-				const char *def_value,
-				...)
-{
-    const char *ret;
-    va_list args;
-
-    va_start(args, def_value);
-    ret = krb5_config_vget_string_default (context, c, def_value, args);
-    va_end(args);
-    return ret;
-}
-
-char **
-krb5_config_vget_strings(krb5_context context,
-			 const krb5_config_section *c,
-			 va_list args)
-{
-    char **strings = NULL;
-    int nstr = 0;
-    const krb5_config_binding *b = NULL;
-    const char *p;
-
-    while((p = krb5_config_vget_next(context, c, &b, 
-				     krb5_config_string, args))) {
-	char *tmp = strdup(p);
-	char *pos = NULL;
-	char *s;
-	if(tmp == NULL)
-	    goto cleanup;
-	s = strtok_r(tmp, " \t", &pos);
-	while(s){
-	    char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
-	    if(tmp == NULL)
-		goto cleanup;
-	    strings = tmp;
-	    strings[nstr] = strdup(s);
-	    nstr++;
-	    if(strings[nstr-1] == NULL)
-		goto cleanup;
-	    s = strtok_r(NULL, " \t", &pos);
-	}
-	free(tmp);
-    }
-    if(nstr){
-	char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
-	if(strings == NULL)
-	    goto cleanup;
-	strings = tmp;
-	strings[nstr] = NULL;
-    }
-    return strings;
-cleanup:
-    while(nstr--)
-	free(strings[nstr]);
-    free(strings);
-    return NULL;
-
-}
-
-char**
-krb5_config_get_strings(krb5_context context,
-			const krb5_config_section *c,
-			...)
-{
-    va_list ap;
-    char **ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_strings(context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-void
-krb5_config_free_strings(char **strings)
-{
-    char **s = strings;
-    while(s && *s){
-	free(*s);
-	s++;
-    }
-    free(strings);
-}
-
-krb5_boolean
-krb5_config_vget_bool_default (krb5_context context,
-			       const krb5_config_section *c,
-			       krb5_boolean def_value,
-			       va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    if(strcasecmp(str, "yes") == 0 ||
-       strcasecmp(str, "true") == 0 ||
-       atoi(str)) return TRUE;
-    return FALSE;
-}
-
-krb5_boolean
-krb5_config_vget_bool  (krb5_context context,
-			const krb5_config_section *c,
-			va_list args)
-{
-    return krb5_config_vget_bool_default (context, c, FALSE, args);
-}
-
-krb5_boolean
-krb5_config_get_bool_default (krb5_context context,
-			      const krb5_config_section *c,
-			      krb5_boolean def_value,
-			      ...)
-{
-    va_list ap;
-    krb5_boolean ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_bool_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-krb5_boolean
-krb5_config_get_bool (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    va_list ap;
-    krb5_boolean ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_bool (context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-int
-krb5_config_vget_time_default (krb5_context context,
-			       const krb5_config_section *c,
-			       int def_value,
-			       va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    return parse_time (str, NULL);
-}
-
-int
-krb5_config_vget_time  (krb5_context context,
-			const krb5_config_section *c,
-			va_list args)
-{
-    return krb5_config_vget_time_default (context, c, -1, args);
-}
-
-int
-krb5_config_get_time_default (krb5_context context,
-			      const krb5_config_section *c,
-			      int def_value,
-			      ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_time_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-int
-krb5_config_get_time (krb5_context context,
-		      const krb5_config_section *c,
-		      ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_time (context, c, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-int
-krb5_config_vget_int_default (krb5_context context,
-			      const krb5_config_section *c,
-			      int def_value,
-			      va_list args)
-{
-    const char *str;
-    str = krb5_config_vget_string (context, c, args);
-    if(str == NULL)
-	return def_value;
-    else { 
-	char *endptr; 
-	long l; 
-	l = strtol(str, &endptr, 0); 
-	if (endptr == str) 
-	    return def_value; 
-	else 
-	    return l;
-    }
-}
-
-int
-krb5_config_vget_int  (krb5_context context,
-		       const krb5_config_section *c,
-		       va_list args)
-{
-    return krb5_config_vget_int_default (context, c, -1, args);
-}
-
-int
-krb5_config_get_int_default (krb5_context context,
-			     const krb5_config_section *c,
-			     int def_value,
-			     ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, def_value);
-    ret = krb5_config_vget_int_default(context, c, def_value, ap);
-    va_end(ap);
-    return ret;
-}
-
-int
-krb5_config_get_int (krb5_context context,
-		     const krb5_config_section *c,
-		     ...)
-{
-    va_list ap;
-    int ret;
-    va_start(ap, c);
-    ret = krb5_config_vget_int (context, c, ap);
-    va_end(ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/config_file_netinfo.c b/crypto/heimdal/lib/krb5/config_file_netinfo.c
deleted file mode 100644
index a035e887b921..000000000000
--- a/crypto/heimdal/lib/krb5/config_file_netinfo.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: config_file_netinfo.c,v 1.3 2001/05/14 06:14:45 assar Exp $");
-
-/*
- * Netinfo implementation from Luke Howard <lukeh@xedoc.com.au>
- */
-
-#ifdef HAVE_NETINFO
-#include <netinfo/ni.h>
-static ni_status
-ni_proplist2binding(ni_proplist *pl, krb5_config_section **ret)
-{
-    int i, j;
-    krb5_config_section **next = NULL;
-
-    for (i = 0; i < pl->ni_proplist_len; i++) {
-	if (!strcmp(pl->nipl_val[i].nip_name, "name"))
-	    continue;
-
-	for (j = 0; j < pl->nipl_val[i].nip_val.ni_namelist_len; j++) {
-	    krb5_config_binding *b;
-
-	    b = malloc(sizeof(*b));
-	    if (b == NULL)
-		return NI_FAILED;
-	
-	    b->next = NULL;
-	    b->type = krb5_config_string;
-	    b->name = ni_name_dup(pl->nipl_val[i].nip_name);
-	    b->u.string = ni_name_dup(pl->nipl_val[i].nip_val.ninl_val[j]);
-
-	    if (next == NULL) {
-		*ret = b;
-	    } else {
-		*next = b;
-	    }
-	    next = &b->next;
-	}
-    }
-    return NI_OK;
-}
-
-static ni_status
-ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
-{
-    int i;
-    ni_status nis;
-    krb5_config_section **next;
-
-    for (i = 0; i < idlist->ni_idlist_len; i++) {
-	ni_proplist pl;
-        ni_id nid;
-	ni_idlist children;
-	krb5_config_binding *b;
-	ni_index index;
-
-	nid.nii_instance = 0;
-	nid.nii_object = idlist->ni_idlist_val[i];
-
-	nis = ni_read(ni, &nid, &pl);
-
-	if (nis != NI_OK) {
-	     return nis;
-	}
-	index = ni_proplist_match(pl, "name", NULL);
-	b = malloc(sizeof(*b));
-	if (b == NULL) return NI_FAILED;
-
-	if (i == 0) {
-	    *ret = b;
-	} else {
-	    *next = b;
-	}
-
-	b->type = krb5_config_list;
-	b->name = ni_name_dup(pl.nipl_val[index].nip_val.ninl_val[0]);
-	b->next = NULL;
-	b->u.list = NULL;
-
-	/* get the child directories */
-	nis = ni_children(ni, &nid, &children);
-	if (nis == NI_OK) {
-	    nis = ni_idlist2binding(ni, &children, &b->u.list);
-	    if (nis != NI_OK) {
-		return nis;
-	    }
-	}
-
-	nis = ni_proplist2binding(&pl, b->u.list == NULL ? &b->u.list : &b->u.list->next);
-	ni_proplist_free(&pl);
-	if (nis != NI_OK) {
-	    return nis;
-	}
-	next = &b->next;
-    }
-    ni_idlist_free(idlist);
-    return NI_OK;
-}
-
-krb5_error_code
-krb5_config_parse_file (krb5_context context,
-			const char *fname,
-			krb5_config_section **res)
-{
-    void *ni = NULL, *lastni = NULL;
-    int i;
-    ni_status nis;
-    ni_id nid;
-    ni_idlist children;
-
-    krb5_config_section *s;
-    int ret;
-
-    s = NULL;
-
-    for (i = 0; i < 256; i++) {
-	if (i == 0) {
-	    nis = ni_open(NULL, ".", &ni);
-	} else {
-	    if (lastni != NULL) ni_free(lastni);
-	    lastni = ni;
-	    nis = ni_open(lastni, "..", &ni);
-	}
-	if (nis != NI_OK)
-	    break;
-	nis = ni_pathsearch(ni, &nid, "/locations/kerberos");
-	if (nis == NI_OK) {
-	    nis = ni_children(ni, &nid, &children);
-	    if (nis != NI_OK)
-		break;
-	    nis = ni_idlist2binding(ni, &children, &s);
-	    break;
-	}
-    }
-
-    if (ni != NULL) ni_free(ni);
-    if (ni != lastni && lastni != NULL) ni_free(lastni);
-
-    ret = (nis == NI_OK) ? 0 : -1;
-    if (ret == 0) {
-	*res = s;
-    } else {
-	*res = NULL;
-    }
-    return ret;
-}
-#endif /* HAVE_NETINFO */
diff --git a/crypto/heimdal/lib/krb5/constants.c b/crypto/heimdal/lib/krb5/constants.c
deleted file mode 100644
index 280bf620af6f..000000000000
--- a/crypto/heimdal/lib/krb5/constants.c
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: constants.c,v 1.7 2002/08/16 20:52:15 joda Exp $");
-
-const char *krb5_config_file = SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
-const char *krb5_defkeyname = KEYTAB_DEFAULT;
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
deleted file mode 100644
index feb387d374a8..000000000000
--- a/crypto/heimdal/lib/krb5/context.c
+++ /dev/null
@@ -1,543 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <com_err.h>
-
-RCSID("$Id: context.c,v 1.83 2003/03/10 00:24:13 lha Exp $");
-
-#define INIT_FIELD(C, T, E, D, F)					\
-    (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), 	\
-						"libdefaults", F, NULL)
-
-/*
- * Set the list of etypes `ret_etypes' from the configuration variable
- * `name'
- */
-
-static krb5_error_code
-set_etypes (krb5_context context,
-	    const char *name,
-	    krb5_enctype **ret_enctypes)
-{
-    char **etypes_str;
-    krb5_enctype *etypes = NULL;
-
-    etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", 
-					 name, NULL);
-    if(etypes_str){
-	int i, j, k;
-	for(i = 0; etypes_str[i]; i++);
-	etypes = malloc((i+1) * sizeof(*etypes));
-	if (etypes == NULL) {
-	    krb5_config_free_strings (etypes_str);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	for(j = 0, k = 0; j < i; j++) {
-	    if(krb5_string_to_enctype(context, etypes_str[j], &etypes[k]) == 0)
-		k++;
-	}
-	etypes[k] = ETYPE_NULL;
-	krb5_config_free_strings(etypes_str);
-    } 
-    *ret_enctypes = etypes;
-    return 0;
-}
-
-/*
- * read variables from the configuration file and set in `context'
- */
-
-static krb5_error_code
-init_context_from_config_file(krb5_context context)
-{
-    krb5_error_code ret;
-    const char * tmp;
-    krb5_enctype *tmptypes;
-
-    INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
-    INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
-    INIT_FIELD(context, int, max_retries, 3, "max_retries");
-
-    INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
-    
-    ret = set_etypes (context, "default_etypes", &tmptypes);
-    if(ret)
-	return ret;
-    free(context->etypes);
-    context->etypes = tmptypes;
-    
-    ret = set_etypes (context, "default_etypes_des", &tmptypes);
-    if(ret)
-	return ret;
-    free(context->etypes_des);
-    context->etypes_des = tmptypes;
-
-    /* default keytab name */
-    tmp = NULL;
-    if(!issuid())
-	tmp = getenv("KRB5_KTNAME");
-    if(tmp != NULL)
-	context->default_keytab = tmp;
-    else
-	INIT_FIELD(context, string, default_keytab, 
-		   KEYTAB_DEFAULT, "default_keytab_name");
-
-    INIT_FIELD(context, string, default_keytab_modify, 
-	       NULL, "default_keytab_modify_name");
-
-    INIT_FIELD(context, string, time_fmt, 
-	       "%Y-%m-%dT%H:%M:%S", "time_format");
-
-    INIT_FIELD(context, string, date_fmt, 
-	       "%Y-%m-%d", "date_format");
-
-    INIT_FIELD(context, bool, log_utc, 
-	       FALSE, "log_utc");
-
-
-    
-    /* init dns-proxy slime */
-    tmp = krb5_config_get_string(context, NULL, "libdefaults", 
-				 "dns_proxy", NULL);
-    if(tmp) 
-	roken_gethostby_setup(context->http_proxy, tmp);
-    krb5_free_host_realm (context, context->default_realms);
-    context->default_realms = NULL;
-
-    {
-	krb5_addresses addresses;
-	char **adr, **a;
-
-	krb5_set_extra_addresses(context, NULL);
-	adr = krb5_config_get_strings(context, NULL, 
-				      "libdefaults", 
-				      "extra_addresses", 
-				      NULL);
-	memset(&addresses, 0, sizeof(addresses));
-	for(a = adr; a && *a; a++) {
-	    ret = krb5_parse_address(context, *a, &addresses);
-	    if (ret == 0) {
-		krb5_add_extra_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	krb5_config_free_strings(adr);
-
-	krb5_set_ignore_addresses(context, NULL);
-	adr = krb5_config_get_strings(context, NULL, 
-				      "libdefaults", 
-				      "ignore_addresses", 
-				      NULL);
-	memset(&addresses, 0, sizeof(addresses));
-	for(a = adr; a && *a; a++) {
-	    ret = krb5_parse_address(context, *a, &addresses);
-	    if (ret == 0) {
-		krb5_add_ignore_addresses(context, &addresses);
-		krb5_free_addresses(context, &addresses);
-	    }
-	}
-	krb5_config_free_strings(adr);
-    }
-    
-    INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
-    INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
-    /* prefer dns_lookup_kdc over srv_lookup. */
-    INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
-    INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
-    context->default_cc_name = NULL;
-    return 0;
-}
-
-krb5_error_code
-krb5_init_context(krb5_context *context)
-{
-    krb5_context p;
-    krb5_error_code ret;
-    char **files;
-
-    p = calloc(1, sizeof(*p));
-    if(!p)
-	return ENOMEM;
-
-    ret = krb5_get_default_config_files(&files);
-    if(ret) 
-	goto out;
-    ret = krb5_set_config_files(p, files);
-    krb5_free_config_files(files);
-    if(ret) 
-	goto out;
-
-    /* init error tables */
-    krb5_init_ets(p);
-
-    p->cc_ops = NULL;
-    p->num_cc_ops = 0;
-    krb5_cc_register(p, &krb5_fcc_ops, TRUE);
-    krb5_cc_register(p, &krb5_mcc_ops, TRUE);
-
-    p->num_kt_types = 0;
-    p->kt_types     = NULL;
-    krb5_kt_register (p, &krb5_fkt_ops);
-    krb5_kt_register (p, &krb5_mkt_ops);
-    krb5_kt_register (p, &krb5_akf_ops);
-    krb5_kt_register (p, &krb4_fkt_ops);
-    krb5_kt_register (p, &krb5_srvtab_fkt_ops);
-    krb5_kt_register (p, &krb5_any_ops);
-
-out:
-    if(ret) {
-	krb5_free_context(p);
-	p = NULL;
-    }
-    *context = p;
-    return ret;
-}
-
-void
-krb5_free_context(krb5_context context)
-{
-    if (context->default_cc_name)
-	free(context->default_cc_name);
-    free(context->etypes);
-    free(context->etypes_des);
-    krb5_free_host_realm (context, context->default_realms);
-    krb5_config_file_free (context, context->cf);
-    free_error_table (context->et_list);
-    free(context->cc_ops);
-    free(context->kt_types);
-    krb5_clear_error_string(context);
-    if(context->warn_dest != NULL)
-	krb5_closelog(context, context->warn_dest);
-    krb5_set_extra_addresses(context, NULL);
-    krb5_set_ignore_addresses(context, NULL);
-    free(context);
-}
-
-krb5_error_code
-krb5_set_config_files(krb5_context context, char **filenames)
-{
-    krb5_error_code ret;
-    krb5_config_binding *tmp = NULL;
-    while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
-	ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
-	if(ret != 0 && ret != ENOENT) {
-	    krb5_config_file_free(context, tmp);
-	    return ret;
-	}
-	filenames++;
-    }
-#if 0
-    /* with this enabled and if there are no config files, Kerberos is
-       considererd disabled */
-    if(tmp == NULL)
-	return ENXIO;
-#endif
-    krb5_config_file_free(context, context->cf);
-    context->cf = tmp;
-    ret = init_context_from_config_file(context);
-    return ret;
-}
-
-krb5_error_code 
-krb5_get_default_config_files(char ***pfilenames)
-{
-    const char *p, *q;
-    char **pp;
-    int n, i;
-
-    const char *files = NULL;
-    if (pfilenames == NULL)
-        return EINVAL;
-    if(!issuid())
-	files = getenv("KRB5_CONFIG");
-    if (files == NULL)
-	files = krb5_config_file;
-
-    for(n = 0, p = files; strsep_copy(&p, ":", NULL, 0) != -1; n++);
-    pp = malloc((n + 1) * sizeof(*pp));
-    if(pp == NULL)
-	return ENOMEM;
-
-    n = 0;
-    p = files;
-    while(1) {
-	ssize_t l;
-	q = p;
-	l = strsep_copy(&q, ":", NULL, 0);
-	if(l == -1)
-	    break;
-	pp[n] = malloc(l + 1);
-	if(pp[n] == NULL) {
-	    krb5_free_config_files(pp);
-	    return ENOMEM;
-	}
-	l = strsep_copy(&p, ":", pp[n], l + 1);
-	for(i = 0; i < n; i++)
-	    if(strcmp(pp[i], pp[n]) == 0) {
-		free(pp[n]);
-		goto skip;
-	    }
-	n++;
-    skip:;
-    }
-    pp[n] = NULL;
-    *pfilenames = pp;
-    return 0;
-}
-
-void
-krb5_free_config_files(char **filenames)
-{
-    char **p;
-    for(p = filenames; *p != NULL; p++)
-	free(*p);
-    free(filenames);
-}
-
-/*
- * set `etype' to a malloced list of the default enctypes
- */
-
-static krb5_error_code
-default_etypes(krb5_context context, krb5_enctype **etype)
-{
-    krb5_enctype p[] = {
-	ETYPE_DES3_CBC_SHA1,
-	ETYPE_DES3_CBC_MD5,
-	ETYPE_ARCFOUR_HMAC_MD5,
-	ETYPE_DES_CBC_MD5,
-	ETYPE_DES_CBC_MD4,
-	ETYPE_DES_CBC_CRC,
-	ETYPE_NULL
-    };
-
-    *etype = malloc(sizeof(p));
-    if(*etype == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(*etype, p, sizeof(p));
-    return 0;
-}
-
-krb5_error_code
-krb5_set_default_in_tkt_etypes(krb5_context context, 
-			       const krb5_enctype *etypes)
-{
-    int i;
-    krb5_enctype *p = NULL;
-
-    if(etypes) {
-	for (i = 0; etypes[i]; ++i)
-	    if(!krb5_enctype_valid(context, etypes[i])) {
-		krb5_set_error_string(context, "enctype %d not supported",
-				      etypes[i]);
-		return KRB5_PROG_ETYPE_NOSUPP;
-	    }
-	++i;
-	ALLOC(p, i);
-	if(!p) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memmove(p, etypes, i * sizeof(krb5_enctype));
-    }
-    if(context->etypes)
-	free(context->etypes);
-    context->etypes = p;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_get_default_in_tkt_etypes(krb5_context context,
-			       krb5_enctype **etypes)
-{
-  krb5_enctype *p;
-  int i;
-  krb5_error_code ret;
-
-  if(context->etypes) {
-    for(i = 0; context->etypes[i]; i++);
-    ++i;
-    ALLOC(p, i);
-    if(!p) {
-      krb5_set_error_string (context, "malloc: out of memory");
-      return ENOMEM;
-    }
-    memmove(p, context->etypes, i * sizeof(krb5_enctype));
-  } else {
-    ret = default_etypes(context, &p);
-    if (ret)
-      return ret;
-  }
-  *etypes = p;
-  return 0;
-}
-
-const char *
-krb5_get_err_text(krb5_context context, krb5_error_code code)
-{
-    const char *p = NULL;
-    if(context != NULL)
-	p = com_right(context->et_list, code);
-    if(p == NULL)
-	p = strerror(code);
-    return p;
-}
-
-void
-krb5_init_ets(krb5_context context)
-{
-    if(context->et_list == NULL){
-	krb5_add_et_list(context, initialize_krb5_error_table_r);
-	krb5_add_et_list(context, initialize_asn1_error_table_r);
-	krb5_add_et_list(context, initialize_heim_error_table_r);
-	krb5_add_et_list(context, initialize_k524_error_table_r);
-    }
-}
-
-void
-krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
-{
-    context->use_admin_kdc = flag;
-}
-
-krb5_boolean
-krb5_get_use_admin_kdc (krb5_context context)
-{
-    return context->use_admin_kdc;
-}
-
-krb5_error_code
-krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
-{
-
-    if(context->extra_addresses)
-	return krb5_append_addresses(context, 
-				     context->extra_addresses, addresses);
-    else
-	return krb5_set_extra_addresses(context, addresses);
-}
-
-krb5_error_code
-krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
-{
-    if(context->extra_addresses)
-	krb5_free_addresses(context, context->extra_addresses);
-
-    if(addresses == NULL) {
-	if(context->extra_addresses != NULL) {
-	    free(context->extra_addresses);
-	    context->extra_addresses = NULL;
-	}
-	return 0;
-    }
-    if(context->extra_addresses == NULL) {
-	context->extra_addresses = malloc(sizeof(*context->extra_addresses));
-	if(context->extra_addresses == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return krb5_copy_addresses(context, addresses, context->extra_addresses);
-}
-
-krb5_error_code
-krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
-{
-    if(context->extra_addresses == NULL) {
-	memset(addresses, 0, sizeof(*addresses));
-	return 0;
-    }
-    return krb5_copy_addresses(context,context->extra_addresses, addresses);
-}
-
-krb5_error_code
-krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
-{
-
-    if(context->ignore_addresses)
-	return krb5_append_addresses(context, 
-				     context->ignore_addresses, addresses);
-    else
-	return krb5_set_ignore_addresses(context, addresses);
-}
-
-krb5_error_code
-krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
-{
-    if(context->ignore_addresses)
-	krb5_free_addresses(context, context->ignore_addresses);
-    if(addresses == NULL) {
-	if(context->ignore_addresses != NULL) {
-	    free(context->ignore_addresses);
-	    context->ignore_addresses = NULL;
-	}
-	return 0;
-    }
-    if(context->ignore_addresses == NULL) {
-	context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
-	if(context->ignore_addresses == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return krb5_copy_addresses(context, addresses, context->ignore_addresses);
-}
-
-krb5_error_code
-krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
-{
-    if(context->ignore_addresses == NULL) {
-	memset(addresses, 0, sizeof(*addresses));
-	return 0;
-    }
-    return krb5_copy_addresses(context, context->ignore_addresses, addresses);
-}
-
-krb5_error_code
-krb5_set_fcache_version(krb5_context context, int version)
-{
-    context->fcache_vno = version;
-    return 0;
-}
-
-krb5_error_code
-krb5_get_fcache_version(krb5_context context, int *version)
-{
-    *version = context->fcache_vno;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c
deleted file mode 100644
index 0c119e742b08..000000000000
--- a/crypto/heimdal/lib/krb5/convert_creds.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: convert_creds.c,v 1.26 2003/03/18 03:11:16 lha Exp $");
-
-#include "krb5-v4compat.h"
-
-static krb5_error_code
-check_ticket_flags(TicketFlags f)
-{
-    return 0; /* maybe add some more tests here? */
-}
-
-/* include this here, to avoid dependencies on libkrb */
-
-static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
-   38400,   41055,   43894,   46929,   50174,   53643,   57352,   61318,
-   65558,   70091,   74937,   80119,   85658,   91581,   97914,  104684,
-  111922,  119661,  127935,  136781,  146239,  156350,  167161,  178720,
-  191077,  204289,  218415,  233517,  249664,  266926,  285383,  305116,
-  326213,  348769,  372885,  398668,  426234,  455705,  487215,  520904,
-  556921,  595430,  636601,  680618,  727680,  777995,  831789,  889303,
-  950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
- 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
-};
-
-int
-_krb5_krb_time_to_life(time_t start, time_t end)
-{
-    int i;
-    time_t life = end - start;
-
-    if (life > MAXTKTLIFETIME || life <= 0) 
-	return 0;
-#if 0    
-    if (krb_no_long_lifetimes) 
-	return (life + 5*60 - 1)/(5*60);
-#endif
-    
-    if (end >= NEVERDATE)
-	return TKTLIFENOEXPIRE;
-    if (life < _tkt_lifetimes[0]) 
-	return (life + 5*60 - 1)/(5*60);
-    for (i=0; i<TKTLIFENUMFIXED; i++)
-	if (life <= _tkt_lifetimes[i])
-	    return i + TKTLIFEMINFIXED;
-    return 0;
-    
-}
-
-time_t
-_krb5_krb_life_to_time(int start, int life_)
-{
-    unsigned char life = (unsigned char) life_;
-
-#if 0    
-    if (krb_no_long_lifetimes)
-	return start + life*5*60;
-#endif
-
-    if (life == TKTLIFENOEXPIRE)
-	return NEVERDATE;
-    if (life < TKTLIFEMINFIXED)
-	return start + life*5*60;
-    if (life > TKTLIFEMAXFIXED)
-	return start + MAXTKTLIFETIME;
-    return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
-}
-
-
-/* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'.
- * This is done by sending them to the 524 function in the KDC.  If
- * `in_cred' doesn't contain a DES session key, then a new one is
- * gotten from the KDC and stored in the cred cache `ccache'.
- */
-
-krb5_error_code
-krb524_convert_creds_kdc(krb5_context context, 
-			 krb5_creds *in_cred,
-			 struct credentials *v4creds)
-{
-    krb5_error_code ret;
-    krb5_data reply;
-    krb5_storage *sp;
-    int32_t tmp;
-    krb5_data ticket;
-    char realm[REALM_SZ];
-    krb5_creds *v5_creds = in_cred;
-
-    ret = check_ticket_flags(v5_creds->flags.b);
-    if(ret)
-	goto out2;
-
-    {
-	krb5_krbhst_handle handle;
-
-	ret = krb5_krbhst_init(context,
-			       *krb5_princ_realm(context, 
-						v5_creds->server),
-			       KRB5_KRBHST_KRB524,
-			       &handle);
-	if (ret)
-	    goto out2;
-
-	ret = krb5_sendto (context,
-			   &v5_creds->ticket,
-			   handle,
-			   &reply);
-	krb5_krbhst_free(context, handle);
-	if (ret)
-	    goto out2;
-    }
-    sp = krb5_storage_from_mem(reply.data, reply.length);
-    if(sp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out2;
-    }
-    krb5_ret_int32(sp, &tmp);
-    ret = tmp;
-    if(ret == 0) {
-	memset(v4creds, 0, sizeof(*v4creds));
-	ret = krb5_ret_int32(sp, &tmp);
-	if(ret)
-	    goto out;
-	v4creds->kvno = tmp;
-	ret = krb5_ret_data(sp, &ticket);
-	if(ret)
-	    goto out;
-	v4creds->ticket_st.length = ticket.length;
-	memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
-	krb5_data_free(&ticket);
-	ret = krb5_524_conv_principal(context, 
-				      v5_creds->server, 
-				      v4creds->service, 
-				      v4creds->instance, 
-				      v4creds->realm);
-	if(ret)
-	    goto out;
-	v4creds->issue_date = v5_creds->times.starttime;
-	v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date,
-						   v5_creds->times.endtime);
-	ret = krb5_524_conv_principal(context, v5_creds->client, 
-				      v4creds->pname, 
-				      v4creds->pinst, 
-				      realm);
-	if(ret)
-	    goto out;
-	memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
-    } else {
-	krb5_set_error_string(context, "converting credentials: %s", 
-			      krb5_get_err_text(context, ret));
-    }
-out:
-    krb5_storage_free(sp);
-    krb5_data_free(&reply);
-out2:
-    if (v5_creds != in_cred)
-	krb5_free_creds (context, v5_creds);
-    return ret;
-}
-
-krb5_error_code
-krb524_convert_creds_kdc_ccache(krb5_context context, 
-				krb5_ccache ccache,
-				krb5_creds *in_cred,
-				struct credentials *v4creds)
-{
-    krb5_error_code ret;
-    krb5_creds *v5_creds = in_cred;
-    krb5_keytype keytype;
-
-    keytype = v5_creds->session.keytype;
-
-    if (keytype != ENCTYPE_DES_CBC_CRC) {
-	/* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
-           so go get one */
-	krb5_creds template;
-
-	memset (&template, 0, sizeof(template));
-	template.session.keytype = ENCTYPE_DES_CBC_CRC;
-	ret = krb5_copy_principal (context, in_cred->client, &template.client);
-	if (ret) {
-	    krb5_free_creds_contents (context, &template);
-	    return ret;
-	}
-	ret = krb5_copy_principal (context, in_cred->server, &template.server);
-	if (ret) {
-	    krb5_free_creds_contents (context, &template);
-	    return ret;
-	}
-
-	ret = krb5_get_credentials (context, 0, ccache,
-				    &template, &v5_creds);
-	krb5_free_creds_contents (context, &template);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
-
-    if (v5_creds != in_cred)
-	krb5_free_creds (context, v5_creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/copy_host_realm.c b/crypto/heimdal/lib/krb5/copy_host_realm.c
deleted file mode 100644
index 38fdfa894d2d..000000000000
--- a/crypto/heimdal/lib/krb5/copy_host_realm.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: copy_host_realm.c,v 1.4 2001/05/14 06:14:45 assar Exp $");
-
-/*
- * Copy the list of realms from `from' to `to'.
- */
-
-krb5_error_code
-krb5_copy_host_realm(krb5_context context,
-		     const krb5_realm *from,
-		     krb5_realm **to)
-{
-    int n, i;
-    const krb5_realm *p;
-
-    for (n = 0, p = from; *p != NULL; ++p)
-	++n;
-    ++n;
-    *to = malloc (n * sizeof(**to));
-    if (*to == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < n; ++i)
-	(*to)[i] = NULL;
-    for (i = 0, p = from; *p != NULL; ++p, ++i) {
-	(*to)[i] = strdup(*p);
-	if ((*to)[i] == NULL) {
-	    krb5_free_host_realm (context, *to);
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/crc.c b/crypto/heimdal/lib/krb5/crc.c
deleted file mode 100644
index c7cedd8c9efa..000000000000
--- a/crypto/heimdal/lib/krb5/crc.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: crc.c,v 1.9 2000/08/03 01:45:14 assar Exp $");
-
-static u_long table[256];
-
-#define CRC_GEN 0xEDB88320L
-
-void
-_krb5_crc_init_table(void)
-{
-    static int flag = 0;
-    unsigned long crc, poly;
-    int     i, j;
-    
-    if(flag) return;
-    poly = CRC_GEN;
-    for (i = 0; i < 256; i++) {
-	crc = i;
-	for (j = 8; j > 0; j--) {
-	    if (crc & 1) {
-		crc = (crc >> 1) ^ poly;
-	    } else {
-		crc >>= 1;
-	    }
-	}
-	table[i] = crc;
-    }
-    flag = 1;
-}
-
-u_int32_t
-_krb5_crc_update (const char *p, size_t len, u_int32_t res)
-{
-    while (len--)
-	res = table[(res ^ *p++) & 0xFF] ^ (res >> 8);
-    return res & 0xFFFFFFFF;
-}
diff --git a/crypto/heimdal/lib/krb5/creds.c b/crypto/heimdal/lib/krb5/creds.c
deleted file mode 100644
index 01c1c30a1cb9..000000000000
--- a/crypto/heimdal/lib/krb5/creds.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: creds.c,v 1.15 2001/05/14 06:14:45 assar Exp $");
-
-krb5_error_code
-krb5_free_cred_contents (krb5_context context, krb5_creds *c)
-{
-    return krb5_free_creds_contents (context, c);
-}    
-
-krb5_error_code
-krb5_free_creds_contents (krb5_context context, krb5_creds *c)
-{
-    krb5_free_principal (context, c->client);
-    c->client = NULL;
-    krb5_free_principal (context, c->server);
-    c->server = NULL;
-    krb5_free_keyblock_contents (context, &c->session);
-    krb5_data_free (&c->ticket);
-    krb5_data_free (&c->second_ticket);
-    free_AuthorizationData (&c->authdata);
-    krb5_free_addresses (context, &c->addresses);
-    return 0;
-}
-
-krb5_error_code
-krb5_copy_creds_contents (krb5_context context,
-			  const krb5_creds *incred,
-			  krb5_creds *c)
-{
-    krb5_error_code ret;
-
-    memset(c, 0, sizeof(*c));
-    ret = krb5_copy_principal (context, incred->client, &c->client);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_principal (context, incred->server, &c->server);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents (context, &incred->session, &c->session);
-    if (ret)
-	goto fail;
-    c->times = incred->times;
-    ret = krb5_data_copy (&c->ticket,
-			  incred->ticket.data,
-			  incred->ticket.length);
-    if (ret)
-	goto fail;
-    ret = krb5_data_copy (&c->second_ticket,
-			  incred->second_ticket.data,
-			  incred->second_ticket.length);
-    if (ret)
-	goto fail;
-    ret = copy_AuthorizationData(&incred->authdata, &c->authdata);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_addresses (context,
-			       &incred->addresses,
-			       &c->addresses);
-    if (ret)
-	goto fail;
-    c->flags = incred->flags;
-    return 0;
-
-fail:
-    krb5_free_creds_contents (context, c);
-    return ret;
-}
-
-krb5_error_code
-krb5_copy_creds (krb5_context context,
-		 const krb5_creds *incred,
-		 krb5_creds **outcred)
-{
-    krb5_creds *c;
-
-    c = malloc (sizeof (*c));
-    if (c == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memset (c, 0, sizeof(*c));
-    *outcred = c;
-    return krb5_copy_creds_contents (context, incred, c);
-}
-
-krb5_error_code
-krb5_free_creds (krb5_context context, krb5_creds *c)
-{
-    krb5_free_creds_contents (context, c);
-    free (c);
-    return 0;
-}
-
-/*
- * Return TRUE if `mcreds' and `creds' are equal (`whichfields'
- * determines what equal means).
- */
-
-krb5_boolean
-krb5_compare_creds(krb5_context context, krb5_flags whichfields, 
-		   const krb5_creds *mcreds, const krb5_creds *creds)
-{
-    krb5_boolean match;
-
-    if(whichfields & KRB5_TC_DONT_MATCH_REALM)
-	match = krb5_principal_compare_any_realm(context, 
-						 mcreds->server, 
-						 creds->server);
-    else
-	match = krb5_principal_compare(context, mcreds->server, creds->server);
-    if(match && (whichfields & KRB5_TC_MATCH_KEYTYPE) &&
-       !krb5_enctypes_compatible_keys (context,
-				       mcreds->session.keytype,
-				       creds->session.keytype))
-	match = FALSE;
-    return match;
-}
diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
deleted file mode 100644
index a238c76012f2..000000000000
--- a/crypto/heimdal/lib/krb5/crypto.c
+++ /dev/null
@@ -1,3691 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.73 2003/04/01 16:51:54 lha Exp $");
-
-#undef CRYPTO_DEBUG
-#ifdef CRYPTO_DEBUG
-static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
-#endif
-
-
-struct key_data {
-    krb5_keyblock *key;
-    krb5_data *schedule;
-};
-
-struct key_usage {
-    unsigned usage;
-    struct key_data key;
-};
-
-struct krb5_crypto_data {
-    struct encryption_type *et;
-    struct key_data key;
-    int num_key_usage;
-    struct key_usage *key_usage;
-};
-
-#define CRYPTO_ETYPE(C) ((C)->et->type)
-
-/* bits for `flags' below */
-#define F_KEYED		 1	/* checksum is keyed */
-#define F_CPROOF	 2	/* checksum is collision proof */
-#define F_DERIVED	 4	/* uses derived keys */
-#define F_VARIANT	 8	/* uses `variant' keys (6.4.3) */
-#define F_PSEUDO	16	/* not a real protocol type */
-#define F_SPECIAL	32	/* backwards */
-
-struct salt_type {
-    krb5_salttype type;
-    const char *name;
-    krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, 
-				     krb5_salt, krb5_data, krb5_keyblock*);
-};
-
-struct key_type {
-    krb5_keytype type; /* XXX */
-    const char *name;
-    size_t bits;
-    size_t size;
-    size_t schedule_size;
-#if 0
-    krb5_enctype best_etype;
-#endif
-    void (*random_key)(krb5_context, krb5_keyblock*);
-    void (*schedule)(krb5_context, struct key_data *);
-    struct salt_type *string_to_key;
-};
-
-struct checksum_type {
-    krb5_cksumtype type;
-    const char *name;
-    size_t blocksize;
-    size_t checksumsize;
-    unsigned flags;
-    void (*checksum)(krb5_context context,
-		     struct key_data *key,
-		     const void *buf, size_t len,
-		     unsigned usage,
-		     Checksum *csum);
-    krb5_error_code (*verify)(krb5_context context,
-			      struct key_data *key,
-			      const void *buf, size_t len,
-			      unsigned usage,
-			      Checksum *csum);
-};
-
-struct encryption_type {
-    krb5_enctype type;
-    const char *name;
-    size_t blocksize;
-    size_t padsize;
-    size_t confoundersize;
-    struct key_type *keytype;
-    struct checksum_type *checksum;
-    struct checksum_type *keyed_checksum;
-    unsigned flags;
-    krb5_error_code (*encrypt)(krb5_context context,
-			       struct key_data *key,
-			       void *data, size_t len,
-			       krb5_boolean encrypt,
-			       int usage,
-			       void *ivec);
-};
-
-#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
-#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
-#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
-
-static struct checksum_type *_find_checksum(krb5_cksumtype type);
-static struct encryption_type *_find_enctype(krb5_enctype type);
-static struct key_type *_find_keytype(krb5_keytype type);
-static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, 
-					unsigned, struct key_data**);
-static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
-static krb5_error_code derive_key(krb5_context context,
-				  struct encryption_type *et,
-				  struct key_data *key,
-				  const void *constant,
-				  size_t len);
-static void hmac(krb5_context context,
-		 struct checksum_type *cm, 
-		 const void *data, 
-		 size_t len, 
-		 unsigned usage,
-		 struct key_data *keyblock,
-		 Checksum *result);
-static void free_key_data(krb5_context context, struct key_data *key);
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static void
-krb5_DES_random_key(krb5_context context,
-	       krb5_keyblock *key)
-{
-    des_cblock *k = key->keyvalue.data;
-    do {
-	krb5_generate_random_block(k, sizeof(des_cblock));
-	des_set_odd_parity(k);
-    } while(des_is_weak_key(k));
-}
-
-static void
-krb5_DES_schedule(krb5_context context,
-	     struct key_data *key)
-{
-    des_set_key(key->key->keyvalue.data, key->schedule->data);
-}
-
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, des_cblock *key)
-{
-    des_key_schedule schedule;
-    int i;
-    int reverse = 0;
-    unsigned char *p;
-
-    unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 
-			     0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
-    memset(key, 0, 8);
-    
-    p = (unsigned char*)key;
-    for (i = 0; i < length; i++) {
-	unsigned char tmp = data[i];
-	if (!reverse)
-	    *p++ ^= (tmp << 1);
-	else
-	    *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
-	if((i % 8) == 7)
-	    reverse = !reverse;
-    }
-    des_set_odd_parity(key);
-    if(des_is_weak_key(key))
-	(*key)[7] ^= 0xF0;
-    des_set_key(key, schedule);
-    des_cbc_cksum((void*)data, key, length, schedule, key);
-    memset(schedule, 0, sizeof(schedule));
-    des_set_odd_parity(key);
-}
-
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    unsigned char *s;
-    size_t len;
-    des_cblock tmp;
-
-    len = password.length + salt.saltvalue.length;
-    s = malloc(len);
-    if(len > 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    DES_string_to_key_int(s, len, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&tmp, 0, sizeof(tmp));
-    memset(s, 0, len);
-    free(s);
-    return 0;
-}
-
-/* This defines the Andrew string_to_key function.  It accepts a password
- * string as input and converts its via a one-way encryption algorithm to a DES
- * encryption key.  It is compatible with the original Andrew authentication
- * service password database.
- */
-
-/*
- * Short passwords, i.e 8 characters or less.
- */
-static void
-krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
-			    krb5_data cell,
-			    des_cblock *key)
-{
-    char  password[8+1];	/* crypt is limited to 8 chars anyway */
-    int   i;
-    
-    for(i = 0; i < 8; i++) {
-	char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
-		 ((i < cell.length) ?
-		  tolower(((unsigned char*)cell.data)[i]) : 0);
-	password[i] = c ? c : 'X';
-    }
-    password[8] = '\0';
-
-    memcpy(key, crypt(password, "p1") + 2, sizeof(des_cblock));
-
-    /* parity is inserted into the LSB so left shift each byte up one
-       bit. This allows ascii characters with a zero MSB to retain as
-       much significance as possible. */
-    for (i = 0; i < sizeof(des_cblock); i++)
-	((unsigned char*)key)[i] <<= 1;
-    des_set_odd_parity (key);
-}
-
-/*
- * Long passwords, i.e 9 characters or more.
- */
-static void
-krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
-				 krb5_data cell,
-				 des_cblock *key)
-{
-    des_key_schedule schedule;
-    des_cblock temp_key;
-    des_cblock ivec;
-    char password[512];
-    size_t passlen;
-
-    memcpy(password, pw.data, min(pw.length, sizeof(password)));
-    if(pw.length < sizeof(password)) {
-	int len = min(cell.length, sizeof(password) - pw.length);
-	int i;
-
-	memcpy(password + pw.length, cell.data, len);
-	for (i = pw.length; i < pw.length + len; ++i)
-	    password[i] = tolower((unsigned char)password[i]);
-    }
-    passlen = min(sizeof(password), pw.length + cell.length);
-    memcpy(&ivec, "kerberos", 8);
-    memcpy(&temp_key, "kerberos", 8);
-    des_set_odd_parity (&temp_key);
-    des_set_key (&temp_key, schedule);
-    des_cbc_cksum (password, &ivec, passlen, schedule, &ivec);
-
-    memcpy(&temp_key, &ivec, 8);
-    des_set_odd_parity (&temp_key);
-    des_set_key (&temp_key, schedule);
-    des_cbc_cksum (password, key, passlen, schedule, &ivec);
-    memset(&schedule, 0, sizeof(schedule));
-    memset(&temp_key, 0, sizeof(temp_key));
-    memset(&ivec, 0, sizeof(ivec));
-    memset(password, 0, sizeof(password));
-
-    des_set_odd_parity (key);
-}
-
-static krb5_error_code
-DES_AFS3_string_to_key(krb5_context context,
-		       krb5_enctype enctype,
-		       krb5_data password,
-		       krb5_salt salt,
-		       krb5_data opaque,
-		       krb5_keyblock *key)
-{
-    des_cblock tmp;
-    if(password.length > 8)
-	krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
-    else
-	krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
-    memset(&key, 0, sizeof(key));
-    return 0;
-}
-
-static void
-DES3_random_key(krb5_context context,
-		krb5_keyblock *key)
-{
-    des_cblock *k = key->keyvalue.data;
-    do {
-	krb5_generate_random_block(k, 3 * sizeof(des_cblock));
-	des_set_odd_parity(&k[0]);
-	des_set_odd_parity(&k[1]);
-	des_set_odd_parity(&k[2]);
-    } while(des_is_weak_key(&k[0]) ||
-	    des_is_weak_key(&k[1]) ||
-	    des_is_weak_key(&k[2]));
-}
-
-static void
-DES3_schedule(krb5_context context,
-	      struct key_data *key)
-{
-    des_cblock *k = key->key->keyvalue.data;
-    des_key_schedule *s = key->schedule->data;
-    des_set_key(&k[0], s[0]);
-    des_set_key(&k[1], s[1]);
-    des_set_key(&k[2], s[2]);
-}
-
-/*
- * A = A xor B. A & B are 8 bytes.
- */
-
-static void
-xor (des_cblock *key, const unsigned char *b)
-{
-    unsigned char *a = (unsigned char*)key;
-    a[0] ^= b[0];
-    a[1] ^= b[1];
-    a[2] ^= b[2];
-    a[3] ^= b[3];
-    a[4] ^= b[4];
-    a[5] ^= b[5];
-    a[6] ^= b[6];
-    a[7] ^= b[7];
-}
-
-static krb5_error_code
-DES3_string_to_key(krb5_context context,
-		   krb5_enctype enctype,
-		   krb5_data password,
-		   krb5_salt salt,
-		   krb5_data opaque,
-		   krb5_keyblock *key)
-{
-    char *str;
-    size_t len;
-    unsigned char tmp[24];
-    des_cblock keys[3];
-    
-    len = password.length + salt.saltvalue.length;
-    str = malloc(len);
-    if(len != 0 && str == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(str, password.data, password.length);
-    memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    {
-	des_cblock ivec;
-	des_key_schedule s[3];
-	int i;
-	
-	_krb5_n_fold(str, len, tmp, 24);
-	
-	for(i = 0; i < 3; i++){
-	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
-	    des_set_odd_parity(keys + i);
-	    if(des_is_weak_key(keys + i))
-		xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-	    des_set_key(keys + i, s[i]);
-	}
-	memset(&ivec, 0, sizeof(ivec));
-	des_ede3_cbc_encrypt(tmp,
-			     tmp, sizeof(tmp), 
-			     s[0], s[1], s[2], &ivec, DES_ENCRYPT);
-	memset(s, 0, sizeof(s));
-	memset(&ivec, 0, sizeof(ivec));
-	for(i = 0; i < 3; i++){
-	    memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
-	    des_set_odd_parity(keys + i);
-	    if(des_is_weak_key(keys + i))
-		xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
-	}
-	memset(tmp, 0, sizeof(tmp));
-    }
-    key->keytype = enctype;
-    krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
-    memset(keys, 0, sizeof(keys));
-    memset(str, 0, len);
-    free(str);
-    return 0;
-}
-
-static krb5_error_code
-DES3_string_to_key_derived(krb5_context context,
-			   krb5_enctype enctype,
-			   krb5_data password,
-			   krb5_salt salt,
-			   krb5_data opaque,
-			   krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    size_t len = password.length + salt.saltvalue.length;
-    char *s;
-
-    s = malloc(len);
-    if(len != 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(s, password.data, password.length);
-    memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
-    ret = krb5_string_to_key_derived(context,
-				     s,
-				     len,
-				     enctype,
-				     key);
-    memset(s, 0, len);
-    free(s);
-    return ret;
-}
-
-/*
- * ARCFOUR
- */
-
-static void
-ARCFOUR_random_key(krb5_context context, krb5_keyblock *key)
-{
-    krb5_generate_random_block (key->keyvalue.data,
-				key->keyvalue.length);
-}
-
-static void
-ARCFOUR_schedule(krb5_context context, struct key_data *kd)
-{
-    RC4_set_key (kd->schedule->data,
-		 kd->key->keyvalue.length, kd->key->keyvalue.data);
-}
-
-static krb5_error_code
-ARCFOUR_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    char *s, *p;
-    size_t len;
-    int i;
-    MD4_CTX m;
-
-    len = 2 * password.length;
-    s = malloc (len);
-    if (len != 0 && s == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (p = s, i = 0; i < password.length; ++i) {
-	*p++ = ((char *)password.data)[i];
-	*p++ = 0;
-    }
-    MD4_Init (&m);
-    MD4_Update (&m, s, len);
-    key->keytype = enctype;
-    krb5_data_alloc (&key->keyvalue, 16);
-    MD4_Final (key->keyvalue.data, &m);
-    memset (s, 0, len);
-    free (s);
-    return 0;
-}
-
-#ifdef ENABLE_AES
-/*
- * AES
- */
-
-/* iter is really 1 based, so iter == 0 will be 1 iteration */
-
-krb5_error_code
-krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype,
-		  krb5_data password, krb5_salt salt, u_int32_t iter,
-		  krb5_keytype type, krb5_keyblock *key)
-{
-    struct checksum_type *c = _find_checksum(cktype);
-    struct key_type *kt;
-    size_t datalen, leftofkey;
-    krb5_error_code ret;
-    u_int32_t keypart;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    Checksum result;
-    char *data, *tmpcksum;
-    int i, j;
-    char *p;
-    
-    if (c == NULL) {
-	krb5_set_error_string(context, "checksum %d not supported", cktype);
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-
-    kt = _find_keytype(type);
-    if (kt == NULL) {
-	krb5_set_error_string(context, "key type %d not supported", type);
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-    
-    key->keytype = type;
-    ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ret;
-    }
-	
-    ret = krb5_data_alloc (&result.checksum, c->checksumsize);
-    if (ret) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	krb5_data_free (&key->keyvalue);
-	return ret;
-    }
-
-    tmpcksum = malloc(c->checksumsize);
-    if (tmpcksum == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	krb5_data_free (&key->keyvalue);
-	krb5_data_free (&result.checksum);
-	return ENOMEM;
-    }
-
-    datalen = salt.saltvalue.length + 4;
-    data = malloc(datalen);
-    if (data == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	free(tmpcksum);
-	krb5_data_free (&key->keyvalue);
-	krb5_data_free (&result.checksum);
-	return ENOMEM;
-    }
-
-    kb.keyvalue = password;
-    ksign.key = &kb;
-
-    memcpy(data, salt.saltvalue.data, salt.saltvalue.length);
-
-    keypart = 1;
-    leftofkey = key->keyvalue.length;
-    p = key->keyvalue.data;
-
-    while (leftofkey) {
-	int len;
-
-	if (leftofkey > c->checksumsize)
-	    len = c->checksumsize;
-	else
-	    len = leftofkey;
-
-	_krb5_put_int(data + datalen - 4, keypart, 4);
-
-	hmac(context, c, data, datalen, 0, &ksign, &result);
-	memcpy(p, result.checksum.data, len);
-	memcpy(tmpcksum, result.checksum.data, result.checksum.length);
-	for (i = 0; i < iter; i++) {
-	    hmac(context, c, tmpcksum, result.checksum.length,
-		 0, &ksign, &result);
-	    memcpy(tmpcksum, result.checksum.data, result.checksum.length);
-	    for (j = 0; j < len; j++)
-		p[j] ^= tmpcksum[j];
-	}
-
-	p += len;
-	leftofkey -= len;
-	keypart++;
-    }
-
-    free(data);
-    free(tmpcksum);
-    krb5_data_free (&result.checksum);
-
-    return 0;
-}
-
-static krb5_error_code
-AES_string_to_key(krb5_context context,
-		  krb5_enctype enctype,
-		  krb5_data password,
-		  krb5_salt salt,
-		  krb5_data opaque,
-		  krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    u_int32_t iter;
-    struct encryption_type *et;
-    struct key_data kd;
-
-    if (opaque.length == 0)
-	iter = 45056 - 1;
-    else if (opaque.length == 4) {
-	unsigned long v;
-	_krb5_get_int(opaque.data, &v, 4);
-	iter = ((u_int32_t)v) - 1;
-    } else
-	return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
-	
-
-    et = _find_enctype(enctype);
-    if (et == NULL)
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-
-    ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, 
-			    iter, enctype, key);
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_keyblock(context, key, &kd.key);
-    kd.schedule = NULL;
-
-    ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
-
-    if (ret) {
-	krb5_data_free(&key->keyvalue);
-    } else {
-	ret = krb5_copy_keyblock_contents(context, kd.key, key);
-	free_key_data(context, &kd);
-    }
-
-    return ret;
-}
-
-static void
-AES_schedule(krb5_context context, struct key_data *kd)
-{
-    AES_KEY *key = kd->schedule->data;
-    int bits = kd->key->keyvalue.length * 8;
-    
-    AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key[0]);
-    AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key[1]);
-}
-
-/*
- *
- */
-
-extern struct salt_type AES_salt[];
-
-#endif /* ENABLE_AES */
-
-extern struct salt_type des_salt[], 
-    des3_salt[], des3_salt_derived[], arcfour_salt[];
-
-struct key_type keytype_null = {
-    KEYTYPE_NULL,
-    "null",
-    0,
-    0,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-struct key_type keytype_des = {
-    KEYTYPE_DES,
-    "des",
-    56,
-    sizeof(des_cblock),
-    sizeof(des_key_schedule),
-    krb5_DES_random_key,
-    krb5_DES_schedule,
-    des_salt
-};
-
-struct key_type keytype_des3 = {
-    KEYTYPE_DES3,
-    "des3",
-    168,
-    3 * sizeof(des_cblock), 
-    3 * sizeof(des_key_schedule), 
-    DES3_random_key,
-    DES3_schedule,
-    des3_salt
-};
-
-struct key_type keytype_des3_derived = {
-    KEYTYPE_DES3,
-    "des3",
-    168,
-    3 * sizeof(des_cblock),
-    3 * sizeof(des_key_schedule), 
-    DES3_random_key,
-    DES3_schedule,
-    des3_salt_derived
-};
-
-#ifdef ENABLE_AES
-struct key_type keytype_aes128 = {
-    KEYTYPE_AES128,
-    "aes-128",
-    128,
-    16,
-    sizeof(AES_KEY) * 2,
-    NULL,
-    AES_schedule,
-    AES_salt
-};
-
-struct key_type keytype_aes256 = {
-    KEYTYPE_AES256,
-    "aes-256",
-    256,
-    16,
-    sizeof(AES_KEY) * 2,
-    NULL,
-    AES_schedule,
-    AES_salt
-};
-#endif /* ENABLE_AES */
-
-struct key_type keytype_arcfour = {
-    KEYTYPE_ARCFOUR,
-    "arcfour",
-    128,
-    16,
-    sizeof(RC4_KEY),
-    ARCFOUR_random_key,
-    ARCFOUR_schedule,
-    arcfour_salt
-};
-
-struct key_type *keytypes[] = {
-    &keytype_null,
-    &keytype_des,
-    &keytype_des3_derived,
-    &keytype_des3,
-#ifdef ENABLE_AES
-    &keytype_aes128,
-    &keytype_aes256,
-#endif /* ENABLE_AES */
-    &keytype_arcfour
-};
-
-static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]);
-
-static struct key_type *
-_find_keytype(krb5_keytype type)
-{
-    int i;
-    for(i = 0; i < num_keytypes; i++)
-	if(keytypes[i]->type == type)
-	    return keytypes[i];
-    return NULL;
-}
-
-
-struct salt_type des_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	krb5_DES_string_to_key
-    },
-    {
-	KRB5_AFS3_SALT,
-	"afs3-salt",
-	DES_AFS3_string_to_key
-    },
-    { 0 }
-};
-
-struct salt_type des3_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	DES3_string_to_key
-    },
-    { 0 }
-};
-
-struct salt_type des3_salt_derived[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	DES3_string_to_key_derived
-    },
-    { 0 }
-};
-
-#ifdef ENABLE_AES
-struct salt_type AES_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	AES_string_to_key
-    },
-    { 0 }
-};
-#endif /* ENABLE_AES */
-
-struct salt_type arcfour_salt[] = {
-    {
-	KRB5_PW_SALT,
-	"pw-salt",
-	ARCFOUR_string_to_key
-    },
-    { 0 }
-};
-
-krb5_error_code
-krb5_salttype_to_string (krb5_context context,
-			 krb5_enctype etype,
-			 krb5_salttype stype,
-			 char **string)
-{
-    struct encryption_type *e;
-    struct salt_type *st;
-
-    e = _find_enctype (etype);
-    if (e == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for (st = e->keytype->string_to_key; st && st->type; st++) {
-	if (st->type == stype) {
-	    *string = strdup (st->name);
-	    if (*string == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "salttype %d not supported", stype);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-krb5_error_code
-krb5_string_to_salttype (krb5_context context,
-			 krb5_enctype etype,
-			 const char *string,
-			 krb5_salttype *salttype)
-{
-    struct encryption_type *e;
-    struct salt_type *st;
-
-    e = _find_enctype (etype);
-    if (e == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for (st = e->keytype->string_to_key; st && st->type; st++) {
-	if (strcasecmp (st->name, string) == 0) {
-	    *salttype = st->type;
-	    return 0;
-	}
-    }
-    krb5_set_error_string(context, "salttype %s not supported", string);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-krb5_error_code
-krb5_get_pw_salt(krb5_context context,
-		 krb5_const_principal principal,
-		 krb5_salt *salt)
-{
-    size_t len;
-    int i;
-    krb5_error_code ret;
-    char *p;
-     
-    salt->salttype = KRB5_PW_SALT;
-    len = strlen(principal->realm);
-    for (i = 0; i < principal->name.name_string.len; ++i)
-	len += strlen(principal->name.name_string.val[i]);
-    ret = krb5_data_alloc (&salt->saltvalue, len);
-    if (ret)
-	return ret;
-    p = salt->saltvalue.data;
-    memcpy (p, principal->realm, strlen(principal->realm));
-    p += strlen(principal->realm);
-    for (i = 0; i < principal->name.name_string.len; ++i) {
-	memcpy (p,
-		principal->name.name_string.val[i],
-		strlen(principal->name.name_string.val[i]));
-	p += strlen(principal->name.name_string.val[i]);
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_free_salt(krb5_context context, 
-	       krb5_salt salt)
-{
-    krb5_data_free(&salt.saltvalue);
-    return 0;
-}
-
-krb5_error_code
-krb5_string_to_key_data (krb5_context context,
-			 krb5_enctype enctype,
-			 krb5_data password,
-			 krb5_principal principal,
-			 krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    krb5_salt salt;
-
-    ret = krb5_get_pw_salt(context, principal, &salt);
-    if(ret)
-	return ret;
-    ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
-    krb5_free_salt(context, salt);
-    return ret;
-}
-
-krb5_error_code
-krb5_string_to_key (krb5_context context,
-		    krb5_enctype enctype,
-		    const char *password,
-		    krb5_principal principal,
-		    krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = (void*)password;
-    pw.length = strlen(password);
-    return krb5_string_to_key_data(context, enctype, pw, principal, key);
-}
-
-krb5_error_code
-krb5_string_to_key_data_salt (krb5_context context,
-			      krb5_enctype enctype,
-			      krb5_data password,
-			      krb5_salt salt,
-			      krb5_keyblock *key)
-{
-    krb5_data opaque;
-    krb5_data_zero(&opaque);
-    return krb5_string_to_key_data_salt_opaque(context, enctype, password, 
-					       salt, opaque, key);
-}
-
-/*
- * Do a string -> key for encryption type `enctype' operation on
- * `password' (with salt `salt' and the enctype specific data string
- * `opaque'), returning the resulting key in `key'
- */
-
-krb5_error_code
-krb5_string_to_key_data_salt_opaque (krb5_context context,
-				     krb5_enctype enctype,
-				     krb5_data password,
-				     krb5_salt salt,
-				     krb5_data opaque,
-				     krb5_keyblock *key)
-{
-    struct encryption_type *et =_find_enctype(enctype);
-    struct salt_type *st;
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      enctype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    for(st = et->keytype->string_to_key; st && st->type; st++) 
-	if(st->type == salt.salttype)
-	    return (*st->string_to_key)(context, enctype, password, 
-					salt, opaque, key);
-    krb5_set_error_string(context, "salt type %d not supported",
-			  salt.salttype);
-    return HEIM_ERR_SALTTYPE_NOSUPP;
-}
-
-/*
- * Do a string -> key for encryption type `enctype' operation on the
- * string `password' (with salt `salt'), returning the resulting key
- * in `key'
- */
-
-krb5_error_code
-krb5_string_to_key_salt (krb5_context context,
-			 krb5_enctype enctype,
-			 const char *password,
-			 krb5_salt salt,
-			 krb5_keyblock *key)
-{
-    krb5_data pw;
-    pw.data = (void*)password;
-    pw.length = strlen(password);
-    return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
-}
-
-krb5_error_code
-krb5_keytype_to_string(krb5_context context,
-		       krb5_keytype keytype,
-		       char **string)
-{
-    struct key_type *kt = _find_keytype(keytype);
-    if(kt == NULL) {
-	krb5_set_error_string(context, "key type %d not supported", keytype);
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    }
-    *string = strdup(kt->name);
-    if(*string == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_string_to_keytype(krb5_context context,
-		       const char *string,
-		       krb5_keytype *keytype)
-{
-    int i;
-    for(i = 0; i < num_keytypes; i++)
-	if(strcasecmp(keytypes[i]->name, string) == 0){
-	    *keytype = keytypes[i]->type;
-	    return 0;
-	}
-    krb5_set_error_string(context, "key type %s not supported", string);
-    return KRB5_PROG_KEYTYPE_NOSUPP;
-}
-
-krb5_error_code
-krb5_enctype_keysize(krb5_context context,
-		     krb5_enctype type,
-		     size_t *keysize)
-{
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keysize = et->keytype->size;
-    return 0;
-}
-
-krb5_error_code
-krb5_generate_random_keyblock(krb5_context context,
-			      krb5_enctype type,
-			      krb5_keyblock *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(type);
-    if(et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      type);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
-    if(ret) 
-	return ret;
-    key->keytype = type;
-    if(et->keytype->random_key)
-	(*et->keytype->random_key)(context, key);
-    else
-	krb5_generate_random_block(key->keyvalue.data, 
-				   key->keyvalue.length);
-    return 0;
-}
-
-static krb5_error_code
-_key_schedule(krb5_context context,
-	      struct key_data *key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et = _find_enctype(key->key->keytype);
-    struct key_type *kt = et->keytype;
-
-    if(kt->schedule == NULL)
-	return 0;
-    if (key->schedule != NULL)
-	return 0;
-    ALLOC(key->schedule, 1);
-    if(key->schedule == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_data_alloc(key->schedule, kt->schedule_size);
-    if(ret) {
-	free(key->schedule);
-	key->schedule = NULL;
-	return ret;
-    }
-    (*kt->schedule)(context, key);
-    return 0;
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static void
-NONE_checksum(krb5_context context,
-	      struct key_data *key,
-	      const void *data,
-	      size_t len,
-	      unsigned usage,
-	      Checksum *C)
-{
-}
-
-static void
-CRC32_checksum(krb5_context context,
-	       struct key_data *key,
-	       const void *data,
-	       size_t len,
-	       unsigned usage,
-	       Checksum *C)
-{
-    u_int32_t crc;
-    unsigned char *r = C->checksum.data;
-    _krb5_crc_init_table ();
-    crc = _krb5_crc_update (data, len, 0);
-    r[0] = crc & 0xff;
-    r[1] = (crc >> 8)  & 0xff;
-    r[2] = (crc >> 16) & 0xff;
-    r[3] = (crc >> 24) & 0xff;
-}
-
-static void
-RSA_MD4_checksum(krb5_context context,
-		 struct key_data *key,
-		 const void *data,
-		 size_t len,
-		 unsigned usage,
-		 Checksum *C)
-{
-    MD4_CTX m;
-
-    MD4_Init (&m);
-    MD4_Update (&m, data, len);
-    MD4_Final (C->checksum.data, &m);
-}
-
-static void
-RSA_MD4_DES_checksum(krb5_context context, 
-		     struct key_data *key,
-		     const void *data, 
-		     size_t len, 
-		     unsigned usage,
-		     Checksum *cksum)
-{
-    MD4_CTX md4;
-    des_cblock ivec;
-    unsigned char *p = cksum->checksum.data;
-    
-    krb5_generate_random_block(p, 8);
-    MD4_Init (&md4);
-    MD4_Update (&md4, p, 8);
-    MD4_Update (&md4, data, len);
-    MD4_Final (p + 8, &md4);
-    memset (&ivec, 0, sizeof(ivec));
-    des_cbc_encrypt(p, 
-		    p, 
-		    24, 
-		    key->schedule->data, 
-		    &ivec, 
-		    DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD4_DES_verify(krb5_context context,
-		   struct key_data *key,
-		   const void *data,
-		   size_t len,
-		   unsigned usage,
-		   Checksum *C)
-{
-    MD4_CTX md4;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    des_cblock ivec;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    des_cbc_encrypt(C->checksum.data,
-		    (void*)tmp, 
-		    C->checksum.length, 
-		    key->schedule->data,
-		    &ivec,
-		    DES_DECRYPT);
-    MD4_Init (&md4);
-    MD4_Update (&md4, tmp, 8); /* confounder */
-    MD4_Update (&md4, data, len);
-    MD4_Final (res, &md4);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-RSA_MD5_checksum(krb5_context context,
-		 struct key_data *key,
-		 const void *data,
-		 size_t len,
-		 unsigned usage,
-		 Checksum *C)
-{
-    MD5_CTX m;
-
-    MD5_Init  (&m);
-    MD5_Update(&m, data, len);
-    MD5_Final (C->checksum.data, &m);
-}
-
-static void
-RSA_MD5_DES_checksum(krb5_context context,
-		     struct key_data *key,
-		     const void *data,
-		     size_t len,
-		     unsigned usage,
-		     Checksum *C)
-{
-    MD5_CTX md5;
-    des_cblock ivec;
-    unsigned char *p = C->checksum.data;
-    
-    krb5_generate_random_block(p, 8);
-    MD5_Init (&md5);
-    MD5_Update (&md5, p, 8);
-    MD5_Update (&md5, data, len);
-    MD5_Final (p + 8, &md5);
-    memset (&ivec, 0, sizeof(ivec));
-    des_cbc_encrypt(p, 
-		    p, 
-		    24, 
-		    key->schedule->data, 
-		    &ivec, 
-		    DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD5_DES_verify(krb5_context context,
-		   struct key_data *key,
-		   const void *data,
-		   size_t len,
-		   unsigned usage,
-		   Checksum *C)
-{
-    MD5_CTX md5;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    des_cblock ivec;
-    des_key_schedule *sched = key->schedule->data;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    des_cbc_encrypt(C->checksum.data, 
-		    (void*)tmp, 
-		    C->checksum.length, 
-		    sched[0],
-		    &ivec,
-		    DES_DECRYPT);
-    MD5_Init (&md5);
-    MD5_Update (&md5, tmp, 8); /* confounder */
-    MD5_Update (&md5, data, len);
-    MD5_Final (res, &md5);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-RSA_MD5_DES3_checksum(krb5_context context,
-		      struct key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
-		      Checksum *C)
-{
-    MD5_CTX md5;
-    des_cblock ivec;
-    unsigned char *p = C->checksum.data;
-    des_key_schedule *sched = key->schedule->data;
-    
-    krb5_generate_random_block(p, 8);
-    MD5_Init (&md5);
-    MD5_Update (&md5, p, 8);
-    MD5_Update (&md5, data, len);
-    MD5_Final (p + 8, &md5);
-    memset (&ivec, 0, sizeof(ivec));
-    des_ede3_cbc_encrypt(p, 
-			 p, 
-			 24, 
-			 sched[0], sched[1], sched[2],
-			 &ivec, 
-			 DES_ENCRYPT);
-}
-
-static krb5_error_code
-RSA_MD5_DES3_verify(krb5_context context,
-		    struct key_data *key,
-		    const void *data,
-		    size_t len,
-		    unsigned usage,
-		    Checksum *C)
-{
-    MD5_CTX md5;
-    unsigned char tmp[24];
-    unsigned char res[16];
-    des_cblock ivec;
-    des_key_schedule *sched = key->schedule->data;
-    krb5_error_code ret = 0;
-
-    memset(&ivec, 0, sizeof(ivec));
-    des_ede3_cbc_encrypt(C->checksum.data, 
-			 (void*)tmp, 
-			 C->checksum.length, 
-			 sched[0], sched[1], sched[2],
-			 &ivec,
-			 DES_DECRYPT);
-    MD5_Init (&md5);
-    MD5_Update (&md5, tmp, 8); /* confounder */
-    MD5_Update (&md5, data, len);
-    MD5_Final (res, &md5);
-    if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    memset(tmp, 0, sizeof(tmp));
-    memset(res, 0, sizeof(res));
-    return ret;
-}
-
-static void
-SHA1_checksum(krb5_context context,
-	      struct key_data *key,
-	      const void *data,
-	      size_t len,
-	      unsigned usage,
-	      Checksum *C)
-{
-    SHA_CTX m;
-
-    SHA1_Init(&m);
-    SHA1_Update(&m, data, len);
-    SHA1_Final(C->checksum.data, &m);
-}
-
-/* HMAC according to RFC2104 */
-static void
-hmac(krb5_context context,
-     struct checksum_type *cm, 
-     const void *data, 
-     size_t len, 
-     unsigned usage,
-     struct key_data *keyblock,
-     Checksum *result)
-{
-    unsigned char *ipad, *opad;
-    unsigned char *key;
-    size_t key_len;
-    int i;
-    
-    if(keyblock->key->keyvalue.length > cm->blocksize){
-	(*cm->checksum)(context, 
-			keyblock, 
-			keyblock->key->keyvalue.data, 
-			keyblock->key->keyvalue.length, 
-			usage,
-			result);
-	key = result->checksum.data;
-	key_len = result->checksum.length;
-    } else {
-	key = keyblock->key->keyvalue.data;
-	key_len = keyblock->key->keyvalue.length;
-    }
-    ipad = malloc(cm->blocksize + len);
-    opad = malloc(cm->blocksize + cm->checksumsize);
-    memset(ipad, 0x36, cm->blocksize);
-    memset(opad, 0x5c, cm->blocksize);
-    for(i = 0; i < key_len; i++){
-	ipad[i] ^= key[i];
-	opad[i] ^= key[i];
-    }
-    memcpy(ipad + cm->blocksize, data, len);
-    (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
-		    usage, result);
-    memcpy(opad + cm->blocksize, result->checksum.data, 
-	   result->checksum.length);
-    (*cm->checksum)(context, keyblock, opad, 
-		    cm->blocksize + cm->checksumsize, usage, result);
-    memset(ipad, 0, cm->blocksize + len);
-    free(ipad);
-    memset(opad, 0, cm->blocksize + cm->checksumsize);
-    free(opad);
-}
-
-static void
-SP_HMAC_SHA1_checksum(krb5_context context,
-		      struct key_data *key, 
-		      const void *data, 
-		      size_t len, 
-		      unsigned usage,
-		      Checksum *result)
-{
-    struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
-    Checksum res;
-    char sha1_data[20];
-
-    res.checksum.data = sha1_data;
-    res.checksum.length = sizeof(sha1_data);
-
-    hmac(context, c, data, len, usage, key, &res);
-    memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
-}
-
-/*
- * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
- */
-
-static void
-HMAC_MD5_checksum(krb5_context context,
-		  struct key_data *key,
-		  const void *data,
-		  size_t len,
-		  unsigned usage,
-		  Checksum *result)
-{
-    MD5_CTX md5;
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    const char signature[] = "signaturekey";
-    Checksum ksign_c;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    unsigned char tmp[16];
-    unsigned char ksign_c_data[16];
-
-    ksign_c.checksum.length = sizeof(ksign_c_data);
-    ksign_c.checksum.data   = ksign_c_data;
-    hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
-    ksign.key = &kb;
-    kb.keyvalue = ksign_c.checksum;
-    MD5_Init (&md5);
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-    MD5_Update (&md5, t, 4);
-    MD5_Update (&md5, data, len);
-    MD5_Final (tmp, &md5);
-    hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
-}
-
-/*
- * same as previous but being used while encrypting.
- */
-
-static void
-HMAC_MD5_checksum_enc(krb5_context context,
-		      struct key_data *key,
-		      const void *data,
-		      size_t len,
-		      unsigned usage,
-		      Checksum *result)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum ksign_c;
-    struct key_data ksign;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    unsigned char ksign_c_data[16];
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    ksign_c.checksum.length = sizeof(ksign_c_data);
-    ksign_c.checksum.data   = ksign_c_data;
-    hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
-    ksign.key = &kb;
-    kb.keyvalue = ksign_c.checksum;
-    hmac(context, c, data, len, 0, &ksign, result);
-}
-
-struct checksum_type checksum_none = {
-    CKSUMTYPE_NONE, 
-    "none", 
-    1, 
-    0, 
-    0, 
-    NONE_checksum, 
-    NULL
-};
-struct checksum_type checksum_crc32 = {
-    CKSUMTYPE_CRC32,
-    "crc32",
-    1,
-    4,
-    0,
-    CRC32_checksum,
-    NULL
-};
-struct checksum_type checksum_rsa_md4 = {
-    CKSUMTYPE_RSA_MD4,
-    "rsa-md4",
-    64,
-    16,
-    F_CPROOF,
-    RSA_MD4_checksum,
-    NULL
-};
-struct checksum_type checksum_rsa_md4_des = {
-    CKSUMTYPE_RSA_MD4_DES,
-    "rsa-md4-des",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD4_DES_checksum,
-    RSA_MD4_DES_verify
-};
-#if 0
-struct checksum_type checksum_des_mac = { 
-    CKSUMTYPE_DES_MAC,
-    "des-mac",
-    0,
-    0,
-    0,
-    DES_MAC_checksum
-};
-struct checksum_type checksum_des_mac_k = {
-    CKSUMTYPE_DES_MAC_K,
-    "des-mac-k",
-    0,
-    0,
-    0,
-    DES_MAC_K_checksum
-};
-struct checksum_type checksum_rsa_md4_des_k = {
-    CKSUMTYPE_RSA_MD4_DES_K, 
-    "rsa-md4-des-k", 
-    0, 
-    0, 
-    0, 
-    RSA_MD4_DES_K_checksum,
-    RSA_MD4_DES_K_verify
-};
-#endif
-struct checksum_type checksum_rsa_md5 = {
-    CKSUMTYPE_RSA_MD5,
-    "rsa-md5",
-    64,
-    16,
-    F_CPROOF,
-    RSA_MD5_checksum,
-    NULL
-};
-struct checksum_type checksum_rsa_md5_des = {
-    CKSUMTYPE_RSA_MD5_DES,
-    "rsa-md5-des",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD5_DES_checksum,
-    RSA_MD5_DES_verify
-};
-struct checksum_type checksum_rsa_md5_des3 = {
-    CKSUMTYPE_RSA_MD5_DES3,
-    "rsa-md5-des3",
-    64,
-    24,
-    F_KEYED | F_CPROOF | F_VARIANT,
-    RSA_MD5_DES3_checksum,
-    RSA_MD5_DES3_verify
-};
-struct checksum_type checksum_sha1 = {
-    CKSUMTYPE_SHA1,
-    "sha1",
-    64,
-    20,
-    F_CPROOF,
-    SHA1_checksum,
-    NULL
-};
-struct checksum_type checksum_hmac_sha1_des3 = {
-    CKSUMTYPE_HMAC_SHA1_DES3,
-    "hmac-sha1-des3",
-    64,
-    20,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-#ifdef ENABLE_AES
-struct checksum_type checksum_hmac_sha1_aes128 = {
-    CKSUMTYPE_HMAC_SHA1_96_AES_128,
-    "hmac-sha1-96-aes128",
-    64,
-    12,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-
-struct checksum_type checksum_hmac_sha1_aes256 = {
-    CKSUMTYPE_HMAC_SHA1_96_AES_256,
-    "hmac-sha1-96-aes256",
-    64,
-    12,
-    F_KEYED | F_CPROOF | F_DERIVED,
-    SP_HMAC_SHA1_checksum,
-    NULL
-};
-#endif /* ENABLE_AES */
-
-struct checksum_type checksum_hmac_md5 = {
-    CKSUMTYPE_HMAC_MD5,
-    "hmac-md5",
-    64,
-    16,
-    F_KEYED | F_CPROOF,
-    HMAC_MD5_checksum,
-    NULL
-};
-
-struct checksum_type checksum_hmac_md5_enc = {
-    CKSUMTYPE_HMAC_MD5_ENC,
-    "hmac-md5-enc",
-    64,
-    16,
-    F_KEYED | F_CPROOF | F_PSEUDO,
-    HMAC_MD5_checksum_enc,
-    NULL
-};
-
-struct checksum_type *checksum_types[] = {
-    &checksum_none,
-    &checksum_crc32,
-    &checksum_rsa_md4,
-    &checksum_rsa_md4_des,
-#if 0
-    &checksum_des_mac, 
-    &checksum_des_mac_k,
-    &checksum_rsa_md4_des_k,
-#endif
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des,
-    &checksum_rsa_md5_des3,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-#ifdef ENABLE_AES
-    &checksum_hmac_sha1_aes128,
-    &checksum_hmac_sha1_aes256,
-#endif
-    &checksum_hmac_md5,
-    &checksum_hmac_md5_enc
-};
-
-static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
-
-static struct checksum_type *
-_find_checksum(krb5_cksumtype type)
-{
-    int i;
-    for(i = 0; i < num_checksums; i++)
-	if(checksum_types[i]->type == type)
-	    return checksum_types[i];
-    return NULL;
-}
-
-static krb5_error_code
-get_checksum_key(krb5_context context, 
-		 krb5_crypto crypto,
-		 unsigned usage,  /* not krb5_key_usage */
-		 struct checksum_type *ct, 
-		 struct key_data **key)
-{
-    krb5_error_code ret = 0;
-
-    if(ct->flags & F_DERIVED)
-	ret = _get_derived_key(context, crypto, usage, key);
-    else if(ct->flags & F_VARIANT) {
-	int i;
-
-	*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
-	if(*key == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
-	if(ret) 
-	    return ret;
-	for(i = 0; i < (*key)->key->keyvalue.length; i++)
-	    ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0;
-    } else {
-	*key = &crypto->key; 
-    }
-    if(ret == 0)
-	ret = _key_schedule(context, *key);
-    return ret;
-}
-
-static krb5_error_code
-do_checksum (krb5_context context,
-	     struct checksum_type *ct,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     void *data,
-	     size_t len,
-	     Checksum *result)
-{
-    krb5_error_code ret;
-    struct key_data *dkey;
-    int keyed_checksum;
-
-    keyed_checksum = (ct->flags & F_KEYED) != 0;
-    if(keyed_checksum && crypto == NULL) {
-	krb5_clear_error_string (context);
-	return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
-    }
-    if(keyed_checksum) {
-	ret = get_checksum_key(context, crypto, usage, ct, &dkey);
-	if (ret)
-	    return ret;
-    } else
-	dkey = NULL;
-    result->cksumtype = ct->type;
-    krb5_data_alloc(&result->checksum, ct->checksumsize);
-    (*ct->checksum)(context, dkey, data, len, usage, result);
-    return 0;
-}
-
-static krb5_error_code
-create_checksum(krb5_context context,
-		krb5_crypto crypto,
-		unsigned usage, /* not krb5_key_usage */
-		krb5_cksumtype type, /* 0 -> pick from crypto */
-		void *data,
-		size_t len,
-		Checksum *result)
-{
-    struct checksum_type *ct = NULL;
-
-    if (type) {
-	ct = _find_checksum(type);
-    } else if (crypto) {
-	ct = crypto->et->keyed_checksum;
-	if (ct == NULL)
-	    ct = crypto->et->checksum;
-    }
-
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return do_checksum (context, ct, crypto, usage, data, len, result);
-}
-
-krb5_error_code
-krb5_create_checksum(krb5_context context,
-		     krb5_crypto crypto,
-		     krb5_key_usage usage,
-		     int type,
-		     void *data,
-		     size_t len,
-		     Checksum *result)
-{
-    return create_checksum(context, crypto, 
-			   CHECKSUM_USAGE(usage), 
-			   type, data, len, result);
-}
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		krb5_crypto crypto,
-		unsigned usage, /* not krb5_key_usage */
-		void *data,
-		size_t len,
-		Checksum *cksum)
-{
-    krb5_error_code ret;
-    struct key_data *dkey;
-    int keyed_checksum;
-    Checksum c;
-    struct checksum_type *ct;
-
-    ct = _find_checksum(cksum->cksumtype);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       cksum->cksumtype);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    if(ct->checksumsize != cksum->checksum.length) {
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
-    }
-    keyed_checksum = (ct->flags & F_KEYED) != 0;
-    if(keyed_checksum && crypto == NULL) {
-	krb5_clear_error_string (context);
-	return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
-    }
-    if(keyed_checksum)
-	ret = get_checksum_key(context, crypto, usage, ct, &dkey);
-    else
-	dkey = NULL;
-    if(ct->verify)
-	return (*ct->verify)(context, dkey, data, len, usage, cksum);
-
-    ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
-    if (ret)
-	return ret;
-
-    (*ct->checksum)(context, dkey, data, len, usage, &c);
-
-    if(c.checksum.length != cksum->checksum.length || 
-       memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else {
-	ret = 0;
-    }
-    krb5_data_free (&c.checksum);
-    return ret;
-}
-
-krb5_error_code
-krb5_verify_checksum(krb5_context context,
-		     krb5_crypto crypto,
-		     krb5_key_usage usage, 
-		     void *data,
-		     size_t len,
-		     Checksum *cksum)
-{
-    return verify_checksum(context, crypto, 
-			   CHECKSUM_USAGE(usage), data, len, cksum);
-}
-
-krb5_error_code
-krb5_checksumsize(krb5_context context,
-		  krb5_cksumtype type,
-		  size_t *size)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    *size = ct->checksumsize;
-    return 0;
-}
-
-krb5_boolean
-krb5_checksum_is_keyed(krb5_context context,
-		       krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return ct->flags & F_KEYED;
-}
-
-krb5_boolean
-krb5_checksum_is_collision_proof(krb5_context context,
-				 krb5_cksumtype type)
-{
-    struct checksum_type *ct = _find_checksum(type);
-    if(ct == NULL) {
-	krb5_set_error_string (context, "checksum type %d not supported",
-			       type);
-	return KRB5_PROG_SUMTYPE_NOSUPP;
-    }
-    return ct->flags & F_CPROOF;
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-static krb5_error_code
-NULL_encrypt(krb5_context context,
-	     struct key_data *key, 
-	     void *data, 
-	     size_t len, 
-	     krb5_boolean encrypt,
-	     int usage,
-	     void *ivec)
-{
-    return 0;
-}
-
-static krb5_error_code
-DES_CBC_encrypt_null_ivec(krb5_context context,
-			  struct key_data *key, 
-			  void *data, 
-			  size_t len, 
-			  krb5_boolean encrypt,
-			  int usage,
-			  void *ignore_ivec)
-{
-    des_cblock ivec;
-    des_key_schedule *s = key->schedule->data;
-    memset(&ivec, 0, sizeof(ivec));
-    des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
-    return 0;
-}
-
-static krb5_error_code
-DES_CBC_encrypt_key_ivec(krb5_context context,
-			 struct key_data *key, 
-			 void *data, 
-			 size_t len, 
-			 krb5_boolean encrypt,
-			 int usage,
-			 void *ignore_ivec)
-{
-    des_cblock ivec;
-    des_key_schedule *s = key->schedule->data;
-    memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
-    des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
-    return 0;
-}
-
-static krb5_error_code
-DES3_CBC_encrypt(krb5_context context,
-		 struct key_data *key, 
-		 void *data, 
-		 size_t len, 
-		 krb5_boolean encrypt,
-		 int usage,
-		 void *ivec)
-{
-    des_cblock local_ivec;
-    des_key_schedule *s = key->schedule->data;
-    if(ivec == NULL) {
-	ivec = &local_ivec;
-	memset(local_ivec, 0, sizeof(local_ivec));
-    }
-    des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt);
-    return 0;
-}
-
-static krb5_error_code
-DES_CFB64_encrypt_null_ivec(krb5_context context,
-			    struct key_data *key, 
-			    void *data, 
-			    size_t len, 
-			    krb5_boolean encrypt,
-			    int usage,
-			    void *ignore_ivec)
-{
-    des_cblock ivec;
-    int num = 0;
-    des_key_schedule *s = key->schedule->data;
-    memset(&ivec, 0, sizeof(ivec));
-
-    des_cfb64_encrypt(data, data, len, *s, &ivec, &num, encrypt);
-    return 0;
-}
-
-static krb5_error_code
-DES_PCBC_encrypt_key_ivec(krb5_context context,
-			  struct key_data *key, 
-			  void *data, 
-			  size_t len, 
-			  krb5_boolean encrypt,
-			  int usage,
-			  void *ignore_ivec)
-{
-    des_cblock ivec;
-    des_key_schedule *s = key->schedule->data;
-    memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
-
-    des_pcbc_encrypt(data, data, len, *s, &ivec, encrypt);
-    return 0;
-}
-
-#ifdef ENABLE_AES
-
-/*
- * AES draft-raeburn-krb-rijndael-krb-02
- */
-
-void
-_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
-		      size_t len, const void *aes_key,
-		      unsigned char *ivec, const int enc)
-{
-    unsigned char tmp[AES_BLOCK_SIZE];
-    const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */
-    int i;
-
-    /*
-     * In the framework of kerberos, the length can never be shorter
-     * then at least one blocksize.
-     */
-
-    if (enc == AES_ENCRYPT) {
-
-	while(len > AES_BLOCK_SIZE) {
-	    for (i = 0; i < AES_BLOCK_SIZE; i++)
-		tmp[i] = in[i] ^ ivec[i];
-	    AES_encrypt(tmp, out, key);
-	    memcpy(ivec, out, AES_BLOCK_SIZE);
-	    len -= AES_BLOCK_SIZE;
-	    in += AES_BLOCK_SIZE;
-	    out += AES_BLOCK_SIZE;
-	}
-
-	for (i = 0; i < len; i++)
-	    tmp[i] = in[i] ^ ivec[i];
-	for (; i < AES_BLOCK_SIZE; i++)
-	    tmp[i] = 0 ^ ivec[i];
-
-	AES_encrypt(tmp, out - AES_BLOCK_SIZE, key);
-
-	memcpy(out, ivec, len);
-
-    } else {
-	char tmp2[AES_BLOCK_SIZE];
-	char tmp3[AES_BLOCK_SIZE];
-
-	while(len > AES_BLOCK_SIZE * 2) {
-	    memcpy(tmp, in, AES_BLOCK_SIZE);
-	    AES_decrypt(in, out, key);
-	    for (i = 0; i < AES_BLOCK_SIZE; i++)
-		out[i] ^= ivec[i];
-	    memcpy(ivec, tmp, AES_BLOCK_SIZE);
-	    len -= AES_BLOCK_SIZE;
-	    in += AES_BLOCK_SIZE;
-	    out += AES_BLOCK_SIZE;
-	}
-
-	len -= AES_BLOCK_SIZE;
-
-	AES_decrypt(in, tmp2, key);
-
-	memcpy(tmp3, in + AES_BLOCK_SIZE, len);
-	memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */
-
-	for (i = 0; i < len; i++)
-	    out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i];
-
-	AES_decrypt(tmp3, out, key);
-	for (i = 0; i < AES_BLOCK_SIZE; i++)
-	    out[i] ^= ivec[i];
-    }
-}
-
-static krb5_error_code
-AES_CTS_encrypt(krb5_context context,
-		struct key_data *key,
-		void *data,
-		size_t len,
-		krb5_boolean encrypt,
-		int usage,
-		void *ivec)
-{
-    AES_KEY *k = key->schedule->data;
-    char local_ivec[AES_BLOCK_SIZE];
-
-    if (encrypt)
-	k = &k[0];
-    else
-	k = &k[1];
-    
-    if (len < AES_BLOCK_SIZE)
-	abort();
-    if (len == AES_BLOCK_SIZE) {
-	if (encrypt)
-	    AES_encrypt(data, data, k);
-	else
-	    AES_decrypt(data, data, k);
-    } else {
-	if(ivec == NULL) {
-	    memset(local_ivec, 0, sizeof(local_ivec));
-	    ivec = local_ivec;
-	}
-	_krb5_aes_cts_encrypt(data, data, len, k, ivec, encrypt);
-    }
-
-    return 0;
-}
-#endif /* ENABLE_AES */
-
-/*
- * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
- *
- * warning: not for small children
- */
-
-static krb5_error_code
-ARCFOUR_subencrypt(krb5_context context,
-		   struct key_data *key,
-		   void *data,
-		   size_t len,
-		   int usage,
-		   void *ivec)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum k1_c, k2_c, k3_c, cksum;
-    struct key_data ke;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    RC4_KEY rc4_key;
-    unsigned char *cdata = data;
-    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    k1_c.checksum.length = sizeof(k1_c_data);
-    k1_c.checksum.data   = k1_c_data;
-
-    hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
-
-    memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
-
-    k2_c.checksum.length = sizeof(k2_c_data);
-    k2_c.checksum.data   = k2_c_data;
-
-    ke.key = &kb;
-    kb.keyvalue = k2_c.checksum;
-
-    cksum.checksum.length = 16;
-    cksum.checksum.data   = data;
-
-    hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
-
-    ke.key = &kb;
-    kb.keyvalue = k1_c.checksum;
-
-    k3_c.checksum.length = sizeof(k3_c_data);
-    k3_c.checksum.data   = k3_c_data;
-
-    hmac(NULL, c, data, 16, 0, &ke, &k3_c);
-
-    RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
-    RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
-    memset (k1_c_data, 0, sizeof(k1_c_data));
-    memset (k2_c_data, 0, sizeof(k2_c_data));
-    memset (k3_c_data, 0, sizeof(k3_c_data));
-    return 0;
-}
-
-static krb5_error_code
-ARCFOUR_subdecrypt(krb5_context context,
-		   struct key_data *key,
-		   void *data,
-		   size_t len,
-		   int usage,
-		   void *ivec)
-{
-    struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
-    Checksum k1_c, k2_c, k3_c, cksum;
-    struct key_data ke;
-    krb5_keyblock kb;
-    unsigned char t[4];
-    RC4_KEY rc4_key;
-    unsigned char *cdata = data;
-    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
-    unsigned char cksum_data[16];
-
-    t[0] = (usage >>  0) & 0xFF;
-    t[1] = (usage >>  8) & 0xFF;
-    t[2] = (usage >> 16) & 0xFF;
-    t[3] = (usage >> 24) & 0xFF;
-
-    k1_c.checksum.length = sizeof(k1_c_data);
-    k1_c.checksum.data   = k1_c_data;
-
-    hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
-
-    memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
-
-    k2_c.checksum.length = sizeof(k2_c_data);
-    k2_c.checksum.data   = k2_c_data;
-
-    ke.key = &kb;
-    kb.keyvalue = k1_c.checksum;
-
-    k3_c.checksum.length = sizeof(k3_c_data);
-    k3_c.checksum.data   = k3_c_data;
-
-    hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
-
-    RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
-    RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
-
-    ke.key = &kb;
-    kb.keyvalue = k2_c.checksum;
-
-    cksum.checksum.length = 16;
-    cksum.checksum.data   = cksum_data;
-
-    hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
-
-    memset (k1_c_data, 0, sizeof(k1_c_data));
-    memset (k2_c_data, 0, sizeof(k2_c_data));
-    memset (k3_c_data, 0, sizeof(k3_c_data));
-
-    if (memcmp (cksum.checksum.data, data, 16) != 0) {
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * convert the usage numbers used in
- * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
- * draft-brezak-win2k-krb-rc4-hmac-03.txt
- */
-
-static krb5_error_code
-usage2arcfour (krb5_context context, int *usage)
-{
-    switch (*usage) {
-    case KRB5_KU_PA_ENC_TIMESTAMP :
-	*usage = 1;
-	return 0;
-    case KRB5_KU_TICKET :
-	*usage = 2;
-	return 0;
-    case KRB5_KU_AS_REP_ENC_PART :
-	*usage = 8;
-	return 0;
-    case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION :
-    case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY :
-    case KRB5_KU_TGS_REQ_AUTH_CKSUM :
-    case KRB5_KU_TGS_REQ_AUTH :
-	*usage = 7;
-	return 0;
-    case KRB5_KU_TGS_REP_ENC_PART_SESSION :
-    case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY :
-	*usage = 8;
-	return 0;
-    case KRB5_KU_AP_REQ_AUTH_CKSUM :
-    case KRB5_KU_AP_REQ_AUTH :
-    case KRB5_KU_AP_REQ_ENC_PART :
-	*usage = 11;
-	return 0;
-    case KRB5_KU_KRB_PRIV :
-	*usage = 0;
-	return 0;
-    case KRB5_KU_KRB_CRED :
-    case KRB5_KU_KRB_SAFE_CKSUM :
-    case KRB5_KU_OTHER_ENCRYPTED :
-    case KRB5_KU_OTHER_CKSUM :
-    case KRB5_KU_KRB_ERROR :
-    case KRB5_KU_AD_KDC_ISSUED :
-    case KRB5_KU_MANDATORY_TICKET_EXTENSION :
-    case KRB5_KU_AUTH_DATA_TICKET_EXTENSION :
-    case KRB5_KU_USAGE_SEAL :
-    case KRB5_KU_USAGE_SIGN :
-    case KRB5_KU_USAGE_SEQ :
-    default :
-	krb5_set_error_string(context, "unknown arcfour usage type %d", *usage);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-}
-
-static krb5_error_code
-ARCFOUR_encrypt(krb5_context context,
-		struct key_data *key,
-		void *data,
-		size_t len,
-		krb5_boolean encrypt,
-		int usage,
-		void *ivec)
-{
-    krb5_error_code ret;
-    if((ret = usage2arcfour (context, &usage)) != 0)
-	return ret;
-
-    if (encrypt)
-	return ARCFOUR_subencrypt (context, key, data, len, usage, ivec);
-    else
-	return ARCFOUR_subdecrypt (context, key, data, len, usage, ivec);
-}
-
-
-/*
- * these should currently be in reverse preference order.
- * (only relevant for !F_PSEUDO) */
-
-static struct encryption_type enctype_null = {
-    ETYPE_NULL,
-    "null",
-    1,
-    1,
-    0,
-    &keytype_null,
-    &checksum_none,
-    NULL,
-    0,
-    NULL_encrypt,
-};
-static struct encryption_type enctype_des_cbc_crc = {
-    ETYPE_DES_CBC_CRC,
-    "des-cbc-crc",
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_crc32,
-    NULL,
-    0,
-    DES_CBC_encrypt_key_ivec,
-};
-static struct encryption_type enctype_des_cbc_md4 = {
-    ETYPE_DES_CBC_MD4,
-    "des-cbc-md4",
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_rsa_md4,
-    &checksum_rsa_md4_des,
-    0,
-    DES_CBC_encrypt_null_ivec,
-};
-static struct encryption_type enctype_des_cbc_md5 = {
-    ETYPE_DES_CBC_MD5,
-    "des-cbc-md5",
-    8,
-    8,
-    8,
-    &keytype_des,
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des,
-    0,
-    DES_CBC_encrypt_null_ivec,
-};
-static struct encryption_type enctype_arcfour_hmac_md5 = {
-    ETYPE_ARCFOUR_HMAC_MD5,
-    "arcfour-hmac-md5",
-    1,
-    1,
-    8,
-    &keytype_arcfour,
-    &checksum_hmac_md5,
-    /* &checksum_hmac_md5_enc */ NULL,
-    F_SPECIAL,
-    ARCFOUR_encrypt
-};
-static struct encryption_type enctype_des3_cbc_md5 = { 
-    ETYPE_DES3_CBC_MD5,
-    "des3-cbc-md5",
-    8,
-    8,
-    8,
-    &keytype_des3,
-    &checksum_rsa_md5,
-    &checksum_rsa_md5_des3,
-    0,
-    DES3_CBC_encrypt,
-};
-static struct encryption_type enctype_des3_cbc_sha1 = {
-    ETYPE_DES3_CBC_SHA1,
-    "des3-cbc-sha1",
-    8,
-    8,
-    8,
-    &keytype_des3_derived,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    F_DERIVED,
-    DES3_CBC_encrypt,
-};
-static struct encryption_type enctype_old_des3_cbc_sha1 = {
-    ETYPE_OLD_DES3_CBC_SHA1,
-    "old-des3-cbc-sha1",
-    8,
-    8,
-    8,
-    &keytype_des3,
-    &checksum_sha1,
-    &checksum_hmac_sha1_des3,
-    0,
-    DES3_CBC_encrypt,
-};
-#ifdef ENABLE_AES
-static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
-    ETYPE_AES128_CTS_HMAC_SHA1_96,
-    "aes128-cts-hmac-sha1-96",
-    16,
-    1,
-    16,
-    &keytype_aes128,
-    &checksum_sha1,
-    &checksum_hmac_sha1_aes128,
-    0,
-    AES_CTS_encrypt,
-};
-static struct encryption_type enctype_aes256_cts_hmac_sha1 = {
-    ETYPE_AES256_CTS_HMAC_SHA1_96,
-    "aes256-cts-hmac-sha1-96",
-    16,
-    1,
-    16,
-    &keytype_aes256,
-    &checksum_sha1,
-    &checksum_hmac_sha1_aes256,
-    0,
-    AES_CTS_encrypt,
-};
-#endif /* ENABLE_AES */
-static struct encryption_type enctype_des_cbc_none = {
-    ETYPE_DES_CBC_NONE,
-    "des-cbc-none",
-    8,
-    8,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_CBC_encrypt_null_ivec,
-};
-static struct encryption_type enctype_des_cfb64_none = {
-    ETYPE_DES_CFB64_NONE,
-    "des-cfb64-none",
-    1,
-    1,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_CFB64_encrypt_null_ivec,
-};
-static struct encryption_type enctype_des_pcbc_none = {
-    ETYPE_DES_PCBC_NONE,
-    "des-pcbc-none",
-    8,
-    8,
-    0,
-    &keytype_des,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES_PCBC_encrypt_key_ivec,
-};
-static struct encryption_type enctype_des3_cbc_none = {
-    ETYPE_DES3_CBC_NONE,
-    "des3-cbc-none",
-    8,
-    8,
-    0,
-    &keytype_des3_derived,
-    &checksum_none,
-    NULL,
-    F_PSEUDO,
-    DES3_CBC_encrypt,
-};
-
-static struct encryption_type *etypes[] = {
-    &enctype_null,
-    &enctype_des_cbc_crc,
-    &enctype_des_cbc_md4,
-    &enctype_des_cbc_md5,
-    &enctype_arcfour_hmac_md5,
-    &enctype_des3_cbc_md5, 
-    &enctype_des3_cbc_sha1,
-    &enctype_old_des3_cbc_sha1,
-#ifdef ENABLE_AES
-    &enctype_aes128_cts_hmac_sha1,
-    &enctype_aes256_cts_hmac_sha1,
-#endif
-    &enctype_des_cbc_none,
-    &enctype_des_cfb64_none,
-    &enctype_des_pcbc_none,
-    &enctype_des3_cbc_none
-};
-
-static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
-
-
-static struct encryption_type *
-_find_enctype(krb5_enctype type)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++)
-	if(etypes[i]->type == type)
-	    return etypes[i];
-    return NULL;
-}
-
-
-krb5_error_code
-krb5_enctype_to_string(krb5_context context,
-		       krb5_enctype etype,
-		       char **string)
-{
-    struct encryption_type *e;
-    e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *string = strdup(e->name);
-    if(*string == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_string_to_enctype(krb5_context context,
-		       const char *string,
-		       krb5_enctype *etype)
-{
-    int i;
-    for(i = 0; i < num_etypes; i++)
-	if(strcasecmp(etypes[i]->name, string) == 0){
-	    *etype = etypes[i]->type;
-	    return 0;
-	}
-    krb5_set_error_string (context, "encryption type %s not supported",
-			   string);
-    return KRB5_PROG_ETYPE_NOSUPP;
-}
-
-krb5_error_code
-krb5_enctype_to_keytype(krb5_context context,
-			krb5_enctype etype,
-			krb5_keytype *keytype)
-{
-    struct encryption_type *e = _find_enctype(etype);
-    if(e == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    *keytype = e->keytype->type; /* XXX */
-    return 0;
-}
-
-#if 0
-krb5_error_code
-krb5_keytype_to_enctype(krb5_context context,
-			krb5_keytype keytype,
-			krb5_enctype *etype)
-{
-    struct key_type *kt = _find_keytype(keytype);
-    krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype);
-    if(kt == NULL)
-	return KRB5_PROG_KEYTYPE_NOSUPP;
-    *etype = kt->best_etype;
-    return 0;
-}
-#endif
-    
-krb5_error_code
-krb5_keytype_to_enctypes (krb5_context context,
-			  krb5_keytype keytype,
-			  unsigned *len,
-			  krb5_enctype **val)
-{
-    int i;
-    unsigned n = 0;
-    krb5_enctype *ret;
-
-    for (i = num_etypes - 1; i >= 0; --i) {
-	if (etypes[i]->keytype->type == keytype
-	    && !(etypes[i]->flags & F_PSEUDO))
-	    ++n;
-    }
-    ret = malloc(n * sizeof(*ret));
-    if (ret == NULL && n != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    n = 0;
-    for (i = num_etypes - 1; i >= 0; --i) {
-	if (etypes[i]->keytype->type == keytype
-	    && !(etypes[i]->flags & F_PSEUDO))
-	    ret[n++] = etypes[i]->type;
-    }
-    *len = n;
-    *val = ret;
-    return 0;
-}
-
-/*
- * First take the configured list of etypes for `keytype' if available,
- * else, do `krb5_keytype_to_enctypes'.
- */
-
-krb5_error_code
-krb5_keytype_to_enctypes_default (krb5_context context,
-				  krb5_keytype keytype,
-				  unsigned *len,
-				  krb5_enctype **val)
-{
-    int i, n;
-    krb5_enctype *ret;
-
-    if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
-	return krb5_keytype_to_enctypes (context, keytype, len, val);
-
-    for (n = 0; context->etypes_des[n]; ++n)
-	;
-    ret = malloc (n * sizeof(*ret));
-    if (ret == NULL && n != 0) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for (i = 0; i < n; ++i)
-	ret[i] = context->etypes_des[i];
-    *len = n;
-    *val = ret;
-    return 0;
-}
-
-krb5_error_code
-krb5_enctype_valid(krb5_context context, 
-		 krb5_enctype etype)
-{
-    return _find_enctype(etype) != NULL;
-}
-
-/* if two enctypes have compatible keys */
-krb5_boolean
-krb5_enctypes_compatible_keys(krb5_context context,
-			      krb5_enctype etype1,
-			      krb5_enctype etype2)
-{
-    struct encryption_type *e1 = _find_enctype(etype1);
-    struct encryption_type *e2 = _find_enctype(etype2);
-    return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
-}
-
-static krb5_boolean
-derived_crypto(krb5_context context,
-	       krb5_crypto crypto)
-{
-    return (crypto->et->flags & F_DERIVED) != 0;
-}
-
-static krb5_boolean
-special_crypto(krb5_context context,
-	       krb5_crypto crypto)
-{
-    return (crypto->et->flags & F_SPECIAL) != 0;
-}
-
-#define CHECKSUMSIZE(C) ((C)->checksumsize)
-#define CHECKSUMTYPE(C) ((C)->type)
-
-static krb5_error_code
-encrypt_internal_derived(krb5_context context,
-			 krb5_crypto crypto,
-			 unsigned usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    size_t sz, block_sz, checksum_sz, total_sz;
-    Checksum cksum;
-    unsigned char *p, *q;
-    krb5_error_code ret;
-    struct key_data *dkey;
-    const struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-
-    sz = et->confoundersize + len;
-    block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
-    total_sz = block_sz + checksum_sz;
-    p = calloc(1, total_sz);
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    q = p;
-    krb5_generate_random_block(q, et->confoundersize); /* XXX */
-    q += et->confoundersize;
-    memcpy(q, data, len);
-    
-    ret = create_checksum(context, 
-			  crypto, 
-			  INTEGRITY_USAGE(usage),
-			  et->keyed_checksum->type,
-			  p, 
-			  block_sz,
-			  &cksum);
-    if(ret == 0 && cksum.checksum.length != checksum_sz) {
-	free_Checksum (&cksum);
-	krb5_clear_error_string (context);
-	ret = KRB5_CRYPTO_INTERNAL;
-    }
-    if(ret)
-	goto fail;
-    memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
-    free_Checksum (&cksum);
-    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-    if(ret)
-	goto fail;
-    ret = _key_schedule(context, dkey);
-    if(ret)
-	goto fail;
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 1, block_sz, dkey->key);
-#endif
-    ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
-    if (ret)
-	goto fail;
-    result->data = p;
-    result->length = total_sz;
-    return 0;
- fail:
-    memset(p, 0, total_sz);
-    free(p);
-    return ret;
-}
-
-
-static krb5_error_code
-encrypt_internal(krb5_context context,
-		 krb5_crypto crypto,
-		 void *data,
-		 size_t len,
-		 krb5_data *result,
-		 void *ivec)
-{
-    size_t sz, block_sz, checksum_sz;
-    Checksum cksum;
-    unsigned char *p, *q;
-    krb5_error_code ret;
-    const struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->checksum);
-    
-    sz = et->confoundersize + checksum_sz + len;
-    block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
-    p = calloc(1, block_sz);
-    if(p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    q = p;
-    krb5_generate_random_block(q, et->confoundersize); /* XXX */
-    q += et->confoundersize;
-    memset(q, 0, checksum_sz);
-    q += checksum_sz;
-    memcpy(q, data, len);
-
-    ret = create_checksum(context, 
-			  crypto,
-			  0,
-			  et->checksum->type,
-			  p, 
-			  block_sz,
-			  &cksum);
-    if(ret == 0 && cksum.checksum.length != checksum_sz) {
-	krb5_clear_error_string (context);
-	free_Checksum(&cksum);
-	ret = KRB5_CRYPTO_INTERNAL;
-    }
-    if(ret)
-	goto fail;
-    memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length);
-    free_Checksum(&cksum);
-    ret = _key_schedule(context, &crypto->key);
-    if(ret)
-	goto fail;
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
-#endif
-    ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
-    if (ret) {
-	memset(p, 0, block_sz);
-	free(p);
-	return ret;
-    }
-    result->data = p;
-    result->length = block_sz;
-    return 0;
- fail:
-    memset(p, 0, block_sz);
-    free(p);
-    return ret;
-}
-
-static krb5_error_code
-encrypt_internal_special(krb5_context context,
-			 krb5_crypto crypto,
-			 int usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    struct encryption_type *et = crypto->et;
-    size_t cksum_sz = CHECKSUMSIZE(et->checksum);
-    size_t sz = len + cksum_sz + et->confoundersize;
-    char *tmp, *p;
-    krb5_error_code ret;
-
-    tmp = malloc (sz);
-    if (tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    p = tmp;
-    memset (p, 0, cksum_sz);
-    p += cksum_sz;
-    krb5_generate_random_block(p, et->confoundersize);
-    p += et->confoundersize;
-    memcpy (p, data, len);
-    ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
-    if (ret) {
-	memset(tmp, 0, sz);
-	free(tmp);
-	return ret;
-    }
-    result->data   = tmp;
-    result->length = sz;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal_derived(krb5_context context,
-			 krb5_crypto crypto,
-			 unsigned usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    size_t checksum_sz;
-    Checksum cksum;
-    unsigned char *p;
-    krb5_error_code ret;
-    struct key_data *dkey;
-    struct encryption_type *et = crypto->et;
-    unsigned long l;
-    
-    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-    if (len < checksum_sz) {
-	krb5_clear_error_string (context);
-	return EINVAL;		/* XXX - better error code? */
-    }
-
-    p = malloc(len);
-    if(len != 0 && p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-
-    len -= checksum_sz;
-
-    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    ret = _key_schedule(context, dkey);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 0, len, dkey->key);
-#endif
-    ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-
-    cksum.checksum.data   = p + len;
-    cksum.checksum.length = checksum_sz;
-    cksum.cksumtype       = CHECKSUMTYPE(et->keyed_checksum);
-
-    ret = verify_checksum(context,
-			  crypto,
-			  INTEGRITY_USAGE(usage),
-			  p,
-			  len,
-			  &cksum);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    l = len - et->confoundersize;
-    memmove(p, p + et->confoundersize, l);
-    result->data = realloc(p, l);
-    if(result->data == NULL) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = l;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal(krb5_context context,
-		 krb5_crypto crypto,
-		 void *data,
-		 size_t len,
-		 krb5_data *result,
-		 void *ivec)
-{
-    krb5_error_code ret;
-    unsigned char *p;
-    Checksum cksum;
-    size_t checksum_sz, l;
-    struct encryption_type *et = crypto->et;
-    
-    checksum_sz = CHECKSUMSIZE(et->checksum);
-    p = malloc(len);
-    if(len != 0 && p == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(p, data, len);
-    
-    ret = _key_schedule(context, &crypto->key);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-#ifdef CRYPTO_DEBUG
-    krb5_crypto_debug(context, 0, len, crypto->key.key);
-#endif
-    ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
-    if (ret) {
-	free(p);
-	return ret;
-    }
-    ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
-    if(ret) {
- 	free(p);
- 	return ret;
-    }
-    memset(p + et->confoundersize, 0, checksum_sz);
-    cksum.cksumtype = CHECKSUMTYPE(et->checksum);
-    ret = verify_checksum(context, NULL, 0, p, len, &cksum);
-    free_Checksum(&cksum);
-    if(ret) {
-	free(p);
-	return ret;
-    }
-    l = len - et->confoundersize - checksum_sz;
-    memmove(p, p + et->confoundersize + checksum_sz, l);
-    result->data = realloc(p, l);
-    if(result->data == NULL) {
-	free(p);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    result->length = l;
-    return 0;
-}
-
-static krb5_error_code
-decrypt_internal_special(krb5_context context,
-			 krb5_crypto crypto,
-			 int usage,
-			 void *data,
-			 size_t len,
-			 krb5_data *result,
-			 void *ivec)
-{
-    struct encryption_type *et = crypto->et;
-    size_t cksum_sz = CHECKSUMSIZE(et->checksum);
-    size_t sz = len - cksum_sz - et->confoundersize;
-    char *cdata = (char *)data;
-    char *tmp;
-    krb5_error_code ret;
-
-    tmp = malloc (sz);
-    if (tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    ret = (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec);
-    if (ret) {
-	free(tmp);
-	return ret;
-    }
-
-    memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz);
-
-    result->data   = tmp;
-    result->length = sz;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_encrypt_ivec(krb5_context context,
-		  krb5_crypto crypto,
-		  unsigned usage,
-		  void *data,
-		  size_t len,
-		  krb5_data *result,
-		  void *ivec)
-{
-    if(derived_crypto(context, crypto))
-	return encrypt_internal_derived(context, crypto, usage, 
-					data, len, result, ivec);
-    else if (special_crypto(context, crypto))
-	return encrypt_internal_special (context, crypto, usage,
-					 data, len, result, ivec);
-    else
-	return encrypt_internal(context, crypto, data, len, result, ivec);
-}
-
-krb5_error_code
-krb5_encrypt(krb5_context context,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     void *data,
-	     size_t len,
-	     krb5_data *result)
-{
-    return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
-}
-
-krb5_error_code
-krb5_encrypt_EncryptedData(krb5_context context,
-			   krb5_crypto crypto,
-			   unsigned usage,
-			   void *data,
-			   size_t len,
-			   int kvno,
-			   EncryptedData *result)
-{
-    result->etype = CRYPTO_ETYPE(crypto);
-    if(kvno){
-	ALLOC(result->kvno, 1);
-	*result->kvno = kvno;
-    }else
-	result->kvno = NULL;
-    return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
-}
-
-krb5_error_code
-krb5_decrypt_ivec(krb5_context context,
-		  krb5_crypto crypto,
-		  unsigned usage,
-		  void *data,
-		  size_t len,
-		  krb5_data *result,
-		  void *ivec)
-{
-    if(derived_crypto(context, crypto))
-	return decrypt_internal_derived(context, crypto, usage, 
-					data, len, result, ivec);
-    else if (special_crypto (context, crypto))
-	return decrypt_internal_special(context, crypto, usage,
-					data, len, result, ivec);
-    else
-	return decrypt_internal(context, crypto, data, len, result, ivec);
-}
-
-krb5_error_code
-krb5_decrypt(krb5_context context,
-	     krb5_crypto crypto,
-	     unsigned usage,
-	     void *data,
-	     size_t len,
-	     krb5_data *result)
-{
-    return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
-			      NULL);
-}
-
-krb5_error_code
-krb5_decrypt_EncryptedData(krb5_context context,
-			   krb5_crypto crypto,
-			   unsigned usage,
-			   const EncryptedData *e,
-			   krb5_data *result)
-{
-    return krb5_decrypt(context, crypto, usage, 
-			e->cipher.data, e->cipher.length, result);
-}
-
-/************************************************************
- *                                                          *
- ************************************************************/
-
-#ifdef HAVE_OPENSSL
-#include <openssl/rand.h>
-
-/* From openssl/crypto/rand/rand_lcl.h */
-#define ENTROPY_NEEDED 20
-static int
-seed_something(void)
-{
-    int fd = -1;
-    char buf[1024], seedfile[256];
-
-    /* If there is a seed file, load it. But such a file cannot be trusted,
-       so use 0 for the entropy estimate */
-    if (RAND_file_name(seedfile, sizeof(seedfile))) {
-	fd = open(seedfile, O_RDONLY);
-	if (fd >= 0) {
-	    read(fd, buf, sizeof(buf));
-	    /* Use the full buffer anyway */
-	    RAND_add(buf, sizeof(buf), 0.0);
-	} else
-	    seedfile[0] = '\0';
-    } else
-	seedfile[0] = '\0';
-
-    /* Calling RAND_status() will try to use /dev/urandom if it exists so
-       we do not have to deal with it. */
-    if (RAND_status() != 1) {
-	krb5_context context;
-	const char *p;
-
-	/* Try using egd */
-	if (!krb5_init_context(&context)) {
-	    p = krb5_config_get_string(context, NULL, "libdefaults",
-		"egd_socket", NULL);
-	    if (p != NULL)
-		RAND_egd_bytes(p, ENTROPY_NEEDED);
-	    krb5_free_context(context);
-	}
-    }
-    
-    if (RAND_status() == 1)	{
-	/* Update the seed file */
-	if (seedfile[0])
-	    RAND_write_file(seedfile);
-
-	return 0;
-    } else
-	return -1;
-}
-
-void
-krb5_generate_random_block(void *buf, size_t len)
-{
-    static int rng_initialized = 0;
-    
-    if (!rng_initialized) {
-	if (seed_something())
-	    krb5_abortx(NULL, "Fatal: could not seed the random number generator");
-	
-	rng_initialized = 1;
-    }
-    RAND_bytes(buf, len);
-}
-
-#else
-
-void
-krb5_generate_random_block(void *buf, size_t len)
-{
-    des_cblock key, out;
-    static des_cblock counter;
-    static des_key_schedule schedule;
-    int i;
-    static int initialized = 0;
-
-    if(!initialized) {
-	des_new_random_key(&key);
-	des_set_key(&key, schedule);
-	memset(&key, 0, sizeof(key));
-	des_new_random_key(&counter);
-    }
-    while(len > 0) {
-	des_ecb_encrypt(&counter, &out, schedule, DES_ENCRYPT);
-	for(i = 7; i >=0; i--)
-	    if(counter[i]++)
-		break;
-	memcpy(buf, out, min(len, sizeof(out)));
-	len -= min(len, sizeof(out));
-	buf = (char*)buf + sizeof(out);
-    }
-}
-#endif
-
-static void
-DES3_postproc(krb5_context context,
-	      unsigned char *k, size_t len, struct key_data *key)
-{
-    unsigned char x[24];
-    int i, j;
-
-    memset(x, 0, sizeof(x));
-    for (i = 0; i < 3; ++i) {
-	unsigned char foo;
-
-	for (j = 0; j < 7; ++j) {
-	    unsigned char b = k[7 * i + j];
-
-	    x[8 * i + j] = b;
-	}
-	foo = 0;
-	for (j = 6; j >= 0; --j) {
-	    foo |= k[7 * i + j] & 1;
-	    foo <<= 1;
-	}
-	x[8 * i + 7] = foo;
-    }
-    k = key->key->keyvalue.data;
-    memcpy(k, x, 24);
-    memset(x, 0, sizeof(x));
-    if (key->schedule) {
-	krb5_free_data(context, key->schedule);
-	key->schedule = NULL;
-    }
-    des_set_odd_parity((des_cblock*)k);
-    des_set_odd_parity((des_cblock*)(k + 8));
-    des_set_odd_parity((des_cblock*)(k + 16));
-}
-
-static krb5_error_code
-derive_key(krb5_context context,
-	   struct encryption_type *et,
-	   struct key_data *key,
-	   const void *constant,
-	   size_t len)
-{
-    unsigned char *k;
-    unsigned int nblocks = 0, i;
-    krb5_error_code ret = 0;
-    
-    struct key_type *kt = et->keytype;
-    ret = _key_schedule(context, key);
-    if(ret)
-	return ret;
-    if(et->blocksize * 8 < kt->bits || 
-       len != et->blocksize) {
-	nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
-	k = malloc(nblocks * et->blocksize);
-	if(k == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	_krb5_n_fold(constant, len, k, et->blocksize);
-	for(i = 0; i < nblocks; i++) {
-	    if(i > 0)
-		memcpy(k + i * et->blocksize, 
-		       k + (i - 1) * et->blocksize,
-		       et->blocksize);
-	    (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
-			   1, 0, NULL);
-	}
-    } else {
-	/* this case is probably broken, but won't be run anyway */
-	void *c = malloc(len);
-	size_t res_len = (kt->bits + 7) / 8;
-
-	if(len != 0 && c == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy(c, constant, len);
-	(*et->encrypt)(context, key, c, len, 1, 0, NULL);
-	k = malloc(res_len);
-	if(res_len != 0 && k == NULL) {
-	    free(c);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	_krb5_n_fold(c, len, k, res_len);
-	free(c);
-    }
-    
-    /* XXX keytype dependent post-processing */
-    switch(kt->type) {
-    case KEYTYPE_DES3:
-	DES3_postproc(context, k, nblocks * et->blocksize, key);
-	break;
-#ifdef ENABLE_AES
-    case KEYTYPE_AES128:
-    case KEYTYPE_AES256:
-	memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
-	break;
-#endif /* ENABLE_AES */
-    default:
-	krb5_set_error_string(context,
-			      "derive_key() called with unknown keytype (%u)", 
-			      kt->type);
-	ret = KRB5_CRYPTO_INTERNAL;
-	break;
-    }
-    memset(k, 0, nblocks * et->blocksize);
-    free(k);
-    return ret;
-}
-
-static struct key_data *
-_new_derived_key(krb5_crypto crypto, unsigned usage)
-{
-    struct key_usage *d = crypto->key_usage;
-    d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
-    if(d == NULL)
-	return NULL;
-    crypto->key_usage = d;
-    d += crypto->num_key_usage++;
-    memset(d, 0, sizeof(*d));
-    d->usage = usage;
-    return &d->key;
-}
-
-krb5_error_code
-krb5_derive_key(krb5_context context,
-		const krb5_keyblock *key,
-		krb5_enctype etype,
-		const void *constant,
-		size_t constant_len,
-		krb5_keyblock **derived_key)
-{
-    krb5_error_code ret;
-    struct encryption_type *et;
-    struct key_data d;
-
-    et = _find_enctype (etype);
-    if (et == NULL) {
-	krb5_set_error_string(context, "encryption type %d not supported",
-			      etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    ret = krb5_copy_keyblock(context, key, derived_key);
-    if (ret)
-	return ret;
-
-    d.key = *derived_key;
-    d.schedule = NULL;
-    ret = derive_key(context, et, &d, constant, constant_len);
-    if (ret)
-	return ret;
-    ret = krb5_copy_keyblock(context, d.key, derived_key);
-    return ret;
-}
-
-static krb5_error_code
-_get_derived_key(krb5_context context, 
-		 krb5_crypto crypto, 
-		 unsigned usage, 
-		 struct key_data **key)
-{
-    int i;
-    struct key_data *d;
-    unsigned char constant[5];
-
-    for(i = 0; i < crypto->num_key_usage; i++)
-	if(crypto->key_usage[i].usage == usage) {
-	    *key = &crypto->key_usage[i].key;
-	    return 0;
-	}
-    d = _new_derived_key(crypto, usage);
-    if(d == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    krb5_copy_keyblock(context, crypto->key.key, &d->key);
-    _krb5_put_int(constant, usage, 5);
-    derive_key(context, crypto->et, d, constant, sizeof(constant));
-    *key = d;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_crypto_init(krb5_context context,
-		 const krb5_keyblock *key,
-		 krb5_enctype etype,
-		 krb5_crypto *crypto)
-{
-    krb5_error_code ret;
-    ALLOC(*crypto, 1);
-    if(*crypto == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if(etype == ETYPE_NULL)
-	etype = key->keytype;
-    (*crypto)->et = _find_enctype(etype);
-    if((*crypto)->et == NULL) {
-	free(*crypto);
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    if((*crypto)->et->keytype->size != key->keyvalue.length) {
-	free(*crypto);
-	krb5_set_error_string (context, "encryption key has bad length");
-	return KRB5_BAD_KEYSIZE;
-    }
-    ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
-    if(ret) {
-	free(*crypto);
-	return ret;
-    }
-    (*crypto)->key.schedule = NULL;
-    (*crypto)->num_key_usage = 0;
-    (*crypto)->key_usage = NULL;
-    return 0;
-}
-
-static void
-free_key_data(krb5_context context, struct key_data *key)
-{
-    krb5_free_keyblock(context, key->key);
-    if(key->schedule) {
-	memset(key->schedule->data, 0, key->schedule->length);
-	krb5_free_data(context, key->schedule);
-    }
-}
-
-static void
-free_key_usage(krb5_context context, struct key_usage *ku)
-{
-    free_key_data(context, &ku->key);
-}
-
-krb5_error_code
-krb5_crypto_destroy(krb5_context context,
-		    krb5_crypto crypto)
-{
-    int i;
-    
-    for(i = 0; i < crypto->num_key_usage; i++)
-	free_key_usage(context, &crypto->key_usage[i]);
-    free(crypto->key_usage);
-    free_key_data(context, &crypto->key);
-    free (crypto);
-    return 0;
-}
-
-krb5_error_code
-krb5_crypto_getblocksize(krb5_context context,
-			 krb5_crypto crypto,
-			 size_t *blocksize)
-{
-    *blocksize = crypto->et->blocksize;
-    return 0;
-}
-
-krb5_error_code
-krb5_string_to_key_derived(krb5_context context,
-			   const void *str,
-			   size_t len,
-			   krb5_enctype etype,
-			   krb5_keyblock *key)
-{
-    struct encryption_type *et = _find_enctype(etype);
-    krb5_error_code ret;
-    struct key_data kd;
-    size_t keylen = et->keytype->bits / 8;
-    u_char *tmp;
-
-    if(et == NULL) {
-	krb5_set_error_string (context, "encryption type %d not supported",
-			       etype);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-    ALLOC(kd.key, 1);
-    if(kd.key == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
-    if(ret) {
-	free(kd.key);
-	return ret;
-    }
-    kd.key->keytype = etype;
-    tmp = malloc (keylen);
-    if(tmp == NULL) {
-	krb5_free_keyblock(context, kd.key);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    _krb5_n_fold(str, len, tmp, keylen);
-    kd.schedule = NULL;
-    DES3_postproc (context, tmp, keylen, &kd); /* XXX */
-    memset(tmp, 0, keylen);
-    free(tmp);
-    ret = derive_key(context, 
-		     et,
-		     &kd,
-		     "kerberos", /* XXX well known constant */
-		     strlen("kerberos"));
-    ret = krb5_copy_keyblock_contents(context, kd.key, key);
-    free_key_data(context, &kd);
-    return ret;
-}
-
-static size_t
-wrapped_length (krb5_context context,
-		krb5_crypto  crypto,
-		size_t       data_len)
-{
-    struct encryption_type *et = crypto->et;
-    size_t padsize = et->padsize;
-    size_t res;
-
-    res =  et->confoundersize + et->checksum->checksumsize + data_len;
-    res =  (res + padsize - 1) / padsize * padsize;
-    return res;
-}
-
-static size_t
-wrapped_length_dervied (krb5_context context,
-			krb5_crypto  crypto,
-			size_t       data_len)
-{
-    struct encryption_type *et = crypto->et;
-    size_t padsize = et->padsize;
-    size_t res;
-
-    res =  et->confoundersize + data_len;
-    res =  (res + padsize - 1) / padsize * padsize;
-    res += et->checksum->checksumsize;
-    return res;
-}
-
-/*
- * Return the size of an encrypted packet of length `data_len'
- */
-
-size_t
-krb5_get_wrapped_length (krb5_context context,
-			 krb5_crypto  crypto,
-			 size_t       data_len)
-{
-    if (derived_crypto (context, crypto))
-	return wrapped_length_dervied (context, crypto, data_len);
-    else
-	return wrapped_length (context, crypto, data_len);
-}
-
-#ifdef CRYPTO_DEBUG
-
-static krb5_error_code
-krb5_get_keyid(krb5_context context,
-	       krb5_keyblock *key,
-	       u_int32_t *keyid)
-{
-    MD5_CTX md5;
-    unsigned char tmp[16];
-
-    MD5_Init (&md5);
-    MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
-    MD5_Final (tmp, &md5);
-    *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
-    return 0;
-}
-
-static void
-krb5_crypto_debug(krb5_context context,
-		  int encrypt,
-		  size_t len,
-		  krb5_keyblock *key)
-{
-    u_int32_t keyid;
-    char *kt;
-    krb5_get_keyid(context, key, &keyid);
-    krb5_enctype_to_string(context, key->keytype, &kt);
-    krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", 
-	       encrypt ? "encrypting" : "decrypting",
-	       (unsigned long)len,
-	       keyid,
-	       kt);
-    free(kt);
-}
-
-#endif /* CRYPTO_DEBUG */
-
-#if 0
-int
-main()
-{
-#if 0
-    int i;
-    krb5_context context;
-    krb5_crypto crypto;
-    struct key_data *d;
-    krb5_keyblock key;
-    char constant[4];
-    unsigned usage = ENCRYPTION_USAGE(3);
-    krb5_error_code ret;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
-    key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
-	"\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
-	"\xc8\xdf\xab\x26\x86\x64\x15\x25";
-    key.keyvalue.length = 24;
-
-    krb5_crypto_init(context, &key, 0, &crypto);
-
-    d = _new_derived_key(crypto, usage);
-    if(d == NULL)
-	return ENOMEM;
-    krb5_copy_keyblock(context, crypto->key.key, &d->key);
-    _krb5_put_int(constant, usage, 4);
-    derive_key(context, crypto->et, d, constant, sizeof(constant));
-    return 0;
-#else
-    int i;
-    krb5_context context;
-    krb5_crypto crypto;
-    struct key_data *d;
-    krb5_keyblock key;
-    krb5_error_code ret;
-    Checksum res;
-
-    char *data = "what do ya want for nothing?";
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
-    key.keyvalue.data = "Jefe";
-    /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-       "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
-    key.keyvalue.length = 4;
-
-    d = calloc(1, sizeof(*d));
-
-    d->key = &key;
-    res.checksum.length = 20;
-    res.checksum.data = malloc(res.checksum.length);
-    SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
-
-    return 0;
-#endif
-}
-#endif
diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c
deleted file mode 100644
index d2bfeb2090db..000000000000
--- a/crypto/heimdal/lib/krb5/data.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: data.c,v 1.17 2003/03/25 22:07:17 lha Exp $");
-
-void
-krb5_data_zero(krb5_data *p)
-{
-    p->length = 0;
-    p->data   = NULL;
-}
-
-void
-krb5_data_free(krb5_data *p)
-{
-    if(p->data != NULL)
-	free(p->data);
-    p->length = 0;
-}
-
-void 
-krb5_free_data_contents(krb5_context context, krb5_data *data)
-{
-    krb5_data_free(data);
-}
-
-void
-krb5_free_data(krb5_context context,
-	       krb5_data *p)
-{
-    krb5_data_free(p);
-    free(p);
-}
-
-krb5_error_code
-krb5_data_alloc(krb5_data *p, int len)
-{
-    p->data = malloc(len);
-    if(len && p->data == NULL)
-	return ENOMEM;
-    p->length = len;
-    return 0;
-}
-
-krb5_error_code
-krb5_data_realloc(krb5_data *p, int len)
-{
-    void *tmp;
-    tmp = realloc(p->data, len);
-    if(len && !tmp)
-	return ENOMEM;
-    p->data = tmp;
-    p->length = len;
-    return 0;
-}
-
-krb5_error_code
-krb5_data_copy(krb5_data *p, const void *data, size_t len)
-{
-    if (len) {
-	if(krb5_data_alloc(p, len))
-	    return ENOMEM;
-	memmove(p->data, data, len);
-    } else
-	p->data = NULL;
-    p->length = len;
-    return 0;
-}
-
-krb5_error_code
-krb5_copy_data(krb5_context context, 
-	       const krb5_data *indata, 
-	       krb5_data **outdata)
-{
-    krb5_error_code ret;
-    ALLOC(*outdata, 1);
-    if(*outdata == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = copy_octet_string(indata, *outdata);
-    if(ret) {
-	krb5_clear_error_string (context);
-	free(*outdata);
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/derived-key-test.c b/crypto/heimdal/lib/krb5/derived-key-test.c
deleted file mode 100644
index 0a47dd3f2576..000000000000
--- a/crypto/heimdal/lib/krb5/derived-key-test.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: derived-key-test.c,v 1.1 2001/03/12 07:44:52 assar Exp $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    krb5_enctype enctype;
-    unsigned char constant[MAXSIZE];
-    size_t constant_len;
-    unsigned char key[MAXSIZE];
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-    {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92},
-    {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2},
-     {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc},
-     {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5},
-     {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}},
-    {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
-     {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb},
-     {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}},
-    {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7,
-     {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e},
-     {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda},
-     {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c},
-     {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
-     {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43},
-     {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}},
-    {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
-     {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16},
-     {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}},
-    {0}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    for (t = tests; t->enctype != 0; ++t) {
-	krb5_keyblock key;
-	krb5_keyblock *dkey;
-
-	key.keytype = KEYTYPE_DES3;
-	key.keyvalue.length = MAXSIZE;
-	key.keyvalue.data   = t->key;
-
-	ret = krb5_derive_key(context, &key, t->enctype, t->constant,
-			      t->constant_len, &dkey);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_derive_key");
-	if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) {
-	    const unsigned char *p = dkey->keyvalue.data;
-	    int i;
-
-	    printf ("derive_key failed\n");
-	    printf ("should be: ");
-	    for (i = 0; i < dkey->keyvalue.length; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < dkey->keyvalue.length; ++i)
-		printf ("%02x", p[i]);
-	    printf ("\n");
-	    val = 1;
-	}
-    }
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/dump_config.c b/crypto/heimdal/lib/krb5/dump_config.c
deleted file mode 100644
index 074595e2139c..000000000000
--- a/crypto/heimdal/lib/krb5/dump_config.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $");
-
-/* print contents of krb5.conf */
-
-static void
-print_tree(struct krb5_config_binding *b, int level)
-{
-    if (b == NULL)
-	return;
-
-    printf("%*s%s%s%s", level * 4, "", 
-	   (level == 0) ? "[" : "", b->name, (level == 0) ? "]" : "");
-    if(b->type == krb5_config_list) {
-	if(level > 0)
-	    printf(" = {");
-	printf("\n");
-	print_tree(b->u.list, level + 1);
-	if(level > 0)
-	    printf("%*s}\n", level * 4, "");
-    } else if(b->type == krb5_config_string) {
-	printf(" = %s\n", b->u.string);
-    }
-    if(b->next)
-	print_tree(b->next, level);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret = krb5_init_context(&context);
-    if(ret == 0) {
-	print_tree(context->cf, 0);
-	return 0;
-    }
-    return 1;
-}
diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
deleted file mode 100644
index 924be7c9fe0c..000000000000
--- a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: eai_to_heim_errno.c,v 1.3 2001/05/14 22:48:33 assar Exp $");
-
-/*
- * convert the getaddrinfo error code in `eai_errno' into a
- * krb5_error_code. `system_error' should have the value of the errno
- * after the failed call.
- */
-
-krb5_error_code
-krb5_eai_to_heim_errno(int eai_errno, int system_error)
-{
-    switch(eai_errno) {
-    case EAI_NOERROR:
-	return 0;
-    case EAI_ADDRFAMILY:
-	return HEIM_EAI_ADDRFAMILY;
-    case EAI_AGAIN:
-	return HEIM_EAI_AGAIN;
-    case EAI_BADFLAGS:
-	return HEIM_EAI_BADFLAGS;
-    case EAI_FAIL:
-	return HEIM_EAI_FAIL;
-    case EAI_FAMILY:
-	return HEIM_EAI_FAMILY;
-    case EAI_MEMORY:
-	return HEIM_EAI_MEMORY;
-    case EAI_NODATA:
-	return HEIM_EAI_NODATA;
-    case EAI_NONAME:
-	return HEIM_EAI_NONAME;
-    case EAI_SERVICE:
-	return HEIM_EAI_SERVICE;
-    case EAI_SOCKTYPE:
-	return HEIM_EAI_SOCKTYPE;
-    case EAI_SYSTEM:
-	return system_error;
-    default:
-	return HEIM_EAI_UNKNOWN; /* XXX */
-    }
-}
-
-krb5_error_code
-krb5_h_errno_to_heim_errno(int eai_errno)
-{
-    switch(eai_errno) {
-    case 0:
-	return 0;
-    case HOST_NOT_FOUND:
-	return HEIM_EAI_NONAME;
-    case TRY_AGAIN:
-	return HEIM_EAI_AGAIN;
-    case NO_RECOVERY:
-	return HEIM_EAI_FAIL;
-    case NO_DATA:
-	return HEIM_EAI_NONAME;
-    default:
-	return HEIM_EAI_UNKNOWN; /* XXX */
-    }
-}
diff --git a/crypto/heimdal/lib/krb5/error_string.c b/crypto/heimdal/lib/krb5/error_string.c
deleted file mode 100644
index bf734481c176..000000000000
--- a/crypto/heimdal/lib/krb5/error_string.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: error_string.c,v 1.1 2001/05/06 23:07:22 assar Exp $");
-
-#undef __attribute__
-#define __attribute__(X)
-
-void
-krb5_free_error_string(krb5_context context, char *str)
-{
-    if (str != context->error_buf)
-	free(str);
-}
-
-void
-krb5_clear_error_string(krb5_context context)
-{
-    if (context->error_string != NULL
-	&& context->error_string != context->error_buf)
-	free(context->error_string);
-    context->error_string = NULL;
-}
-
-krb5_error_code
-krb5_set_error_string(krb5_context context, const char *fmt, ...)
-    __attribute__((format (printf, 2, 3)))
-{
-    krb5_error_code ret;
-    va_list ap;
-
-    va_start(ap, fmt);
-    ret = krb5_vset_error_string (context, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-krb5_error_code
-krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
-    __attribute__ ((format (printf, 2, 0)))
-{
-    krb5_clear_error_string(context);
-    vasprintf(&context->error_string, fmt, args);
-    if(context->error_string == NULL) {
-	vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args);
-	context->error_string = context->error_buf;
-    }
-    return 0;
-}
-
-char*
-krb5_get_error_string(krb5_context context)
-{
-    char *ret = context->error_string;
-    context->error_string = NULL;
-    return ret;
-}
-
-krb5_boolean
-krb5_have_error_string(krb5_context context)
-{
-    return context->error_string != NULL;
-}
diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c
deleted file mode 100644
index 7ed2dd53f159..000000000000
--- a/crypto/heimdal/lib/krb5/expand_hostname.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: expand_hostname.c,v 1.11 2001/09/18 09:35:47 joda Exp $");
-
-static krb5_error_code
-copy_hostname(krb5_context context,
-	      const char *orig_hostname,
-	      char **new_hostname)
-{
-    *new_hostname = strdup (orig_hostname);
-    if (*new_hostname == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    strlwr (*new_hostname);
-    return 0;
-}
-
-/*
- * Try to make `orig_hostname' into a more canonical one in the newly
- * allocated space returned in `new_hostname'.
- */
-
-krb5_error_code
-krb5_expand_hostname (krb5_context context,
-		      const char *orig_hostname,
-		      char **new_hostname)
-{
-    struct addrinfo *ai, *a, hints;
-    int error;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
-    if (error)
-	return copy_hostname (context, orig_hostname, new_hostname);
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_canonname != NULL) {
-	    *new_hostname = strdup (a->ai_canonname);
-	    freeaddrinfo (ai);
-	    if (*new_hostname == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		return ENOMEM;
-	    } else {
-		return 0;
-	    }
-	}
-    }
-    freeaddrinfo (ai);
-    return copy_hostname (context, orig_hostname, new_hostname);
-}
-
-/*
- * handle the case of the hostname being unresolvable and thus identical
- */
-
-static krb5_error_code
-vanilla_hostname (krb5_context context,
-		  const char *orig_hostname,
-		  char **new_hostname,
-		  char ***realms)
-{
-    krb5_error_code ret;
-
-    ret = copy_hostname (context, orig_hostname, new_hostname);
-    if (ret)
-	return ret;
-    strlwr (*new_hostname);
-
-    ret = krb5_get_host_realm (context, *new_hostname, realms);
-    if (ret) {
-	free (*new_hostname);
-	return ret;
-    }
-    return 0;
-}
-
-/*
- * expand `hostname' to a name we believe to be a hostname in newly
- * allocated space in `host' and return realms in `realms'.
- */
-
-krb5_error_code
-krb5_expand_hostname_realms (krb5_context context,
-			     const char *orig_hostname,
-			     char **new_hostname,
-			     char ***realms)
-{
-    struct addrinfo *ai, *a, hints;
-    int error;
-    krb5_error_code ret = 0;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags = AI_CANONNAME;
-
-    error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
-    if (error)
-	return vanilla_hostname (context, orig_hostname, new_hostname,
-				 realms);
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_canonname != NULL) {
-	    ret = copy_hostname (context, a->ai_canonname, new_hostname);
-	    if (ret) {
-		freeaddrinfo (ai);
-		return ret;
-	    }
-	    strlwr (*new_hostname);
-	    ret = krb5_get_host_realm (context, *new_hostname, realms);
-	    if (ret == 0) {
-		freeaddrinfo (ai);
-		return 0;
-	    }
-	    free (*new_hostname);
-	}
-    }
-    freeaddrinfo(ai);
-    return vanilla_hostname (context, orig_hostname, new_hostname, realms);
-}
diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c
deleted file mode 100644
index d166fd9e5663..000000000000
--- a/crypto/heimdal/lib/krb5/fcache.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: fcache.c,v 1.34 2002/04/18 14:01:29 joda Exp $");
-
-typedef struct krb5_fcache{
-    char *filename;
-    int version;
-}krb5_fcache;
-
-struct fcc_cursor {
-    int fd;
-    krb5_storage *sp;
-};
-
-#define KRB5_FCC_FVNO_1 1
-#define KRB5_FCC_FVNO_2 2
-#define KRB5_FCC_FVNO_3 3
-#define KRB5_FCC_FVNO_4 4
-
-#define FCC_TAG_DELTATIME 1
-
-#define FCACHE(X) ((krb5_fcache*)(X)->data.data)
-
-#define FILENAME(X) (FCACHE(X)->filename)
-
-#define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
-
-static const char*
-fcc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return FILENAME(id);
-}
-
-static krb5_error_code
-fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_fcache *f;
-    f = malloc(sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    f->filename = strdup(res);
-    if(f->filename == NULL){
-	free(f);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    f->version = 0;
-    (*id)->data.data = f;
-    (*id)->data.length = sizeof(*f);
-    return 0;
-}
-
-/*
- * Try to scrub the contents of `filename' safely.
- */
-
-static int
-scrub_file (int fd)
-{
-    off_t pos;
-    char buf[128];
-
-    pos = lseek(fd, 0, SEEK_END);
-    if (pos < 0)
-        return errno;
-    if (lseek(fd, 0, SEEK_SET) < 0)
-        return errno;
-    memset(buf, 0, sizeof(buf));
-    while(pos > 0) {
-        ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
-
-	if (tmp < 0)
-	    return errno;
-	pos -= tmp;
-    }
-    fsync (fd);
-    return 0;
-}
-
-/*
- * Erase `filename' if it exists, trying to remove the contents if
- * it's `safe'.  We always try to remove the file, it it exists.  It's
- * only overwritten if it's a regular file (not a symlink and not a
- * hardlink)
- */
-
-static krb5_error_code
-erase_file(const char *filename)
-{
-    int fd;
-    struct stat sb1, sb2;
-    int ret;
-
-    ret = lstat (filename, &sb1);
-    if (ret < 0)
-	return errno;
-
-    fd = open(filename, O_RDWR | O_BINARY);
-    if(fd < 0) {
-	if(errno == ENOENT)
-	    return 0;
-	else
-	    return errno;
-    }
-    if (unlink(filename) < 0) {
-        close (fd);
-        return errno;
-    }
-
-    ret = fstat (fd, &sb2);
-    if (ret < 0) {
-	close (fd);
-	return errno;
-    }
-
-    /* check if someone was playing with symlinks */
-
-    if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
-	close (fd);
-	return EPERM;
-    }
-
-    /* there are still hard links to this file */
-
-    if (sb2.st_nlink != 0) {
-        close (fd);
-        return 0;
-    }
-
-    ret = scrub_file (fd);
-    close (fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_fcache *f;
-    int fd;
-    char *file;
-
-    f = malloc(sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
-    if(file == NULL) {
-	free(f);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    fd = mkstemp(file);
-    if(fd < 0) {
-	free(f);
-	free(file);
-	krb5_set_error_string(context, "mkstemp %s", file);
-	return errno;
-    }
-    close(fd);
-    f->filename = file;
-    f->version = 0;
-    (*id)->data.data = f;
-    (*id)->data.length = sizeof(*f);
-    return 0;
-}
-
-static void
-storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
-{
-    int flags = 0;
-    switch(vno) {
-    case KRB5_FCC_FVNO_1:
-	flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
-	flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_FCC_FVNO_2:
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_FCC_FVNO_3:
-	flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
-	break;
-    case KRB5_FCC_FVNO_4:
-	break;
-    default:
-	krb5_abortx(context, 
-		    "storage_set_flags called with bad vno (%x)", vno);
-    }
-    krb5_storage_set_flags(sp, flags);
-}
-
-static krb5_error_code
-fcc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    krb5_fcache *f = FCACHE(id);
-    int ret = 0;
-    int fd;
-    char *filename = f->filename;
-
-    unlink (filename);
-  
-    fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-    if(fd == -1) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", filename,
-			      strerror(ret));
-	return ret;
-    }
-    {
-	krb5_storage *sp;    
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_CC_END);
-	if(context->fcache_vno != 0)
-	    f->version = context->fcache_vno;
-	else
-	    f->version = KRB5_FCC_FVNO_4;
-	ret |= krb5_store_int8(sp, 5);
-	ret |= krb5_store_int8(sp, f->version);
-	storage_set_flags(context, sp, f->version);
-	if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
-	    /* V4 stuff */
-	    if (context->kdc_sec_offset) {
-		ret |= krb5_store_int16 (sp, 12); /* length */
-		ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
-		ret |= krb5_store_int16 (sp, 8); /* length of data */
-		ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
-		ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
-	    } else {
-		ret |= krb5_store_int16 (sp, 0);
-	    }
-	}
-	ret |= krb5_store_principal(sp, primary_principal);
-	krb5_storage_free(sp);
-    }
-    if(close(fd) < 0)
-	if (ret == 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "close %s: %s", filename,
-				   strerror(ret));
-	}
-	
-    return ret;
-}
-
-static krb5_error_code
-fcc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    free (FILENAME(id));
-    krb5_data_free(&id->data);
-    return 0;
-}
-
-static krb5_error_code
-fcc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    char *f;
-    f = FILENAME(id);
-
-    erase_file(f);
-  
-    return 0;
-}
-
-static krb5_error_code
-fcc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    int ret;
-    int fd;
-    char *f;
-
-    f = FILENAME(id);
-
-    fd = open(f, O_WRONLY | O_APPEND | O_BINARY);
-    if(fd < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", f, strerror(ret));
-	return ret;
-    }
-    {
-	krb5_storage *sp;
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_CC_END);
-	storage_set_flags(context, sp, FCACHE(id)->version);
-	ret = krb5_store_creds(sp, creds);
-	krb5_storage_free(sp);
-    }
-    if (close(fd) < 0)
-	if (ret == 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "close %s: %s", f, strerror(ret));
-	}
-    return ret;
-}
-
-static krb5_error_code
-fcc_read_cred (krb5_context context,
-	       krb5_fcache *fc,
-	       krb5_storage *sp,
-	       krb5_creds *creds)
-{
-    krb5_error_code ret;
-
-    storage_set_flags(context, sp, fc->version);
-    
-    ret = krb5_ret_creds(sp, creds);
-    return ret;
-}
-
-static krb5_error_code
-init_fcc (krb5_context context,
-	  krb5_fcache *fcache,
-	  krb5_storage **ret_sp,
-	  int *ret_fd)
-{
-    int fd;
-    int8_t pvno, tag;
-    krb5_storage *sp;
-    krb5_error_code ret;
-
-    fd = open(fcache->filename, O_RDONLY | O_BINARY);
-    if(fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", fcache->filename,
-			      strerror(ret));
-	return ret;
-    }
-    sp = krb5_storage_from_fd(fd);
-    krb5_storage_set_eof_code(sp, KRB5_CC_END);
-    ret = krb5_ret_int8(sp, &pvno);
-    if(ret == KRB5_CC_END)
-	return ENOENT;
-    if(ret)
-	return ret;
-    if(pvno != 5) {
-	krb5_storage_free(sp);
-	close(fd);
-	return KRB5_CCACHE_BADVNO;
-    }
-    krb5_ret_int8(sp, &tag); /* should not be host byte order */
-    fcache->version = tag;
-    storage_set_flags(context, sp, fcache->version);
-    switch (tag) {
-    case KRB5_FCC_FVNO_4: {
-	int16_t length;
-
-	krb5_ret_int16 (sp, &length);
-	while(length > 0) {
-	    int16_t tag, data_len;
-	    int i;
-	    int8_t dummy;
-
-	    krb5_ret_int16 (sp, &tag);
-	    krb5_ret_int16 (sp, &data_len);
-	    switch (tag) {
-	    case FCC_TAG_DELTATIME :
-		krb5_ret_int32 (sp, &context->kdc_sec_offset);
-		krb5_ret_int32 (sp, &context->kdc_usec_offset);
-		break;
-	    default :
-		for (i = 0; i < data_len; ++i)
-		    krb5_ret_int8 (sp, &dummy);
-		break;
-	    }
-	    length -= 4 + data_len;
-	}
-	break;
-    }
-    case KRB5_FCC_FVNO_3:
-    case KRB5_FCC_FVNO_2:
-    case KRB5_FCC_FVNO_1:
-	break;
-    default :
-	krb5_storage_free (sp);
-	close (fd);
-	return KRB5_CCACHE_BADVNO;
-    }
-    *ret_sp = sp;
-    *ret_fd = fd;
-    return 0;
-}
-
-static krb5_error_code
-fcc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_error_code ret;
-    krb5_fcache *f = FCACHE(id);
-    int fd;
-    krb5_storage *sp;
-
-    ret = init_fcc (context, f, &sp, &fd);
-    if (ret)
-	return ret;
-    ret = krb5_ret_principal(sp, principal);
-    krb5_storage_free(sp);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fcc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_error_code ret;
-    krb5_principal principal;
-    krb5_fcache *f = FCACHE(id);
-
-    *cursor = malloc(sizeof(struct fcc_cursor));
-
-    ret = init_fcc (context, f, &FCC_CURSOR(*cursor)->sp, 
-		    &FCC_CURSOR(*cursor)->fd);
-    if (ret)
-	return ret;
-    krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
-    krb5_free_principal (context, principal);
-    return 0;
-}
-
-static krb5_error_code
-fcc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    return fcc_read_cred (context, FCACHE(id), FCC_CURSOR(*cursor)->sp, creds);
-}
-
-static krb5_error_code
-fcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    krb5_storage_free(FCC_CURSOR(*cursor)->sp);
-    close (FCC_CURSOR(*cursor)->fd);
-    free(*cursor);
-    return 0;
-}
-
-static krb5_error_code
-fcc_remove_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_flags which,
-		 krb5_creds *cred)
-{
-    return 0; /* XXX */
-}
-
-static krb5_error_code
-fcc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0; /* XXX */
-}
-
-static krb5_error_code
-fcc_get_version(krb5_context context,
-		krb5_ccache id)
-{
-    return FCACHE(id)->version;
-}
-		    
-const krb5_cc_ops krb5_fcc_ops = {
-    "FILE",
-    fcc_get_name,
-    fcc_resolve,
-    fcc_gen_new,
-    fcc_initialize,
-    fcc_destroy,
-    fcc_close,
-    fcc_store_cred,
-    NULL, /* fcc_retrieve */
-    fcc_get_principal,
-    fcc_get_first,
-    fcc_get_next,
-    fcc_end_get,
-    fcc_remove_cred,
-    fcc_set_flags,
-    fcc_get_version
-};
diff --git a/crypto/heimdal/lib/krb5/free.c b/crypto/heimdal/lib/krb5/free.c
deleted file mode 100644
index 251ec320106d..000000000000
--- a/crypto/heimdal/lib/krb5/free.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: free.c,v 1.5 1999/12/02 17:05:09 joda Exp $");
-
-krb5_error_code
-krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
-{
-    free_KDC_REP(&rep->kdc_rep);
-    free_EncTGSRepPart(&rep->enc_part);
-    free_KRB_ERROR(&rep->error);
-    return 0;
-}
-
-krb5_error_code
-krb5_xfree (void *ptr)
-{
-    free (ptr);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/free_host_realm.c b/crypto/heimdal/lib/krb5/free_host_realm.c
deleted file mode 100644
index a69f29b988ff..000000000000
--- a/crypto/heimdal/lib/krb5/free_host_realm.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: free_host_realm.c,v 1.4 1999/12/02 17:05:09 joda Exp $");
-
-/*
- * Free all memory allocated by `realmlist'
- */
-
-krb5_error_code
-krb5_free_host_realm(krb5_context context,
-		     krb5_realm *realmlist)
-{
-    krb5_realm *p;
-
-    if(realmlist == NULL)
-	return 0;
-    for (p = realmlist; *p; ++p)
-	free (*p);
-    free (realmlist);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c
deleted file mode 100644
index 795c3f3ff68a..000000000000
--- a/crypto/heimdal/lib/krb5/generate_seq_number.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: generate_seq_number.c,v 1.8 2001/05/08 14:05:37 assar Exp $");
-
-krb5_error_code
-krb5_generate_seq_number(krb5_context context,
-			 const krb5_keyblock *key,
-			 u_int32_t *seqno)
-{
-    krb5_error_code ret;
-    krb5_keyblock *subkey;
-    u_int32_t q;
-    u_char *p;
-    int i;
-
-    ret = krb5_generate_subkey (context, key, &subkey);
-    if (ret)
-	return ret;
-
-    q = 0;
-    for (p = (u_char *)subkey->keyvalue.data, i = 0;
-	 i < subkey->keyvalue.length;
-	 ++i, ++p)
-	q = (q << 8) | *p;
-    q &= 0xffffffff;
-    *seqno = q;
-    krb5_free_keyblock (context, subkey);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/generate_subkey.c b/crypto/heimdal/lib/krb5/generate_subkey.c
deleted file mode 100644
index 3fb22f970e0b..000000000000
--- a/crypto/heimdal/lib/krb5/generate_subkey.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: generate_subkey.c,v 1.8 2001/05/14 06:14:46 assar Exp $");
-
-krb5_error_code
-krb5_generate_subkey(krb5_context context,
-		     const krb5_keyblock *key,
-		     krb5_keyblock **subkey)
-{
-    krb5_error_code ret;
-
-    ALLOC(*subkey, 1);
-    if (*subkey == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_generate_random_keyblock(context, key->keytype, *subkey);
-    if(ret)
-	free(*subkey);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c
deleted file mode 100644
index 94a0350e8bc1..000000000000
--- a/crypto/heimdal/lib/krb5/get_addrs.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_addrs.c,v 1.45 2003/01/25 15:19:49 lha Exp $");
-
-#ifdef __osf__
-/* hate */
-struct rtentry;
-struct mbuf;
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-#include <ifaddrs.h>
-
-static krb5_error_code
-gethostname_fallback (krb5_context context, krb5_addresses *res)
-{
-    krb5_error_code ret;
-    char hostname[MAXHOSTNAMELEN];
-    struct hostent *hostent;
-
-    if (gethostname (hostname, sizeof(hostname))) {
-	ret = errno;
-	krb5_set_error_string (context, "gethostname: %s", strerror(ret));
-	return ret;
-    }
-    hostent = roken_gethostbyname (hostname);
-    if (hostent == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "gethostbyname %s: %s",
-			       hostname, strerror(ret));
-	return ret;
-    }
-    res->len = 1;
-    res->val = malloc (sizeof(*res->val));
-    if (res->val == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    res->val[0].addr_type = hostent->h_addrtype;
-    res->val[0].address.data = NULL;
-    res->val[0].address.length = 0;
-    ret = krb5_data_copy (&res->val[0].address,
-			  hostent->h_addr,
-			  hostent->h_length);
-    if (ret) {
-	free (res->val);
-	return ret;
-    }
-    return 0;
-}
-
-enum {
-    LOOP            = 1,	/* do include loopback interfaces */
-    LOOP_IF_NONE    = 2,	/* include loopback if no other if's */
-    EXTRA_ADDRESSES = 4,	/* include extra addresses */
-    SCAN_INTERFACES = 8		/* scan interfaces for addresses */
-};
-
-/*
- * Try to figure out the addresses of all configured interfaces with a
- * lot of magic ioctls.
- */
-
-static krb5_error_code
-find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
-{
-    struct sockaddr sa_zero;
-    struct ifaddrs *ifa0, *ifa;
-    krb5_error_code ret = ENXIO; 
-    int num, idx;
-    krb5_addresses ignore_addresses;
-
-    res->val = NULL;
-
-    if (getifaddrs(&ifa0) == -1) {
-	ret = errno;
-	krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
-	return (ret);
-    }
-
-    memset(&sa_zero, 0, sizeof(sa_zero));
-
-    /* First, count all the ifaddrs. */
-    for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++)
-	/* nothing */;
-
-    if (num == 0) {
-	freeifaddrs(ifa0);
-	krb5_set_error_string(context, "no addresses found");
-	return (ENXIO);
-    }
-
-    if (flags & EXTRA_ADDRESSES) {
-	/* we'll remove the addresses we don't care about */
-	ret = krb5_get_ignore_addresses(context, &ignore_addresses);
-	if(ret)
-	    return ret;
-    }
-
-    /* Allocate storage for them. */
-    res->val = calloc(num, sizeof(*res->val));
-    if (res->val == NULL) {
-	krb5_free_addresses(context, &ignore_addresses);
-	freeifaddrs(ifa0);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return (ENOMEM);
-    }
-
-    /* Now traverse the list. */
-    for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) {
-	if ((ifa->ifa_flags & IFF_UP) == 0)
-	    continue;
-	if (ifa->ifa_addr == NULL)
-	    continue;
-	if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
-	    continue;
-	if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
-	    continue;
-	if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-	    /* We'll deal with the LOOP_IF_NONE case later. */
-	    if ((flags & LOOP) == 0)
-		continue;
-	}
-
-	ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
-	if (ret) {
-	    /*
-	     * The most likely error here is going to be "Program
-	     * lacks support for address type".  This is no big
-	     * deal -- just continue, and we'll listen on the
-	     * addresses who's type we *do* support.
-	     */
-	    continue;
-	}
-	/* possibly skip this address? */
-	if((flags & EXTRA_ADDRESSES) && 
-	   krb5_address_search(context, &res->val[idx], &ignore_addresses)) {
-	    krb5_free_address(context, &res->val[idx]);
-	    flags &= ~LOOP_IF_NONE; /* we actually found an address,
-                                       so don't add any loop-back
-                                       addresses */
-	    continue;
-	}
-
-	idx++;
-    }
-
-    /*
-     * If no addresses were found, and LOOP_IF_NONE is set, then find
-     * the loopback addresses and add them to our list.
-     */
-    if ((flags & LOOP_IF_NONE) != 0 && idx == 0) {
-	for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
-	    if ((ifa->ifa_flags & IFF_UP) == 0)
-		continue;
-	    if (ifa->ifa_addr == NULL)
-		continue;
-	    if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
-		continue;
-	    if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
-		continue;
-
-	    if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
-		ret = krb5_sockaddr2address(context,
-					    ifa->ifa_addr, &res->val[idx]);
-		if (ret) {
-		    /*
-		     * See comment above.
-		     */
-		    continue;
-		}
-		if((flags & EXTRA_ADDRESSES) && 
-		   krb5_address_search(context, &res->val[idx], 
-				       &ignore_addresses)) {
-		    krb5_free_address(context, &res->val[idx]);
-		    continue;
-		}
-		idx++;
-	    }
-	}
-    }
-
-    if (flags & EXTRA_ADDRESSES)
-	krb5_free_addresses(context, &ignore_addresses);
-    freeifaddrs(ifa0);
-    if (ret)
-	free(res->val);
-    else
-	res->len = idx;        /* Now a count. */
-    return (ret);
-}
-
-static krb5_error_code
-get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
-{
-    krb5_error_code ret = -1;
-
-    if (flags & SCAN_INTERFACES) {
-	ret = find_all_addresses (context, res, flags);
-	if(ret || res->len == 0)
-	    ret = gethostname_fallback (context, res);
-    } else {
-	res->len = 0;
-	res->val = NULL;
-	ret = 0;
-    }
-
-    if(ret == 0 && (flags & EXTRA_ADDRESSES)) {
-	krb5_addresses a;
-	/* append user specified addresses */
-	ret = krb5_get_extra_addresses(context, &a);
-	if(ret) {
-	    krb5_free_addresses(context, res);
-	    return ret;
-	}
-	ret = krb5_append_addresses(context, res, &a);
-	if(ret) {
-	    krb5_free_addresses(context, res);
-	    return ret;
-	}
-	krb5_free_addresses(context, &a);
-    }
-    if(res->len == 0) {
-	free(res->val);
-	res->val = NULL;
-    }
-    return ret;
-}
-
-/*
- * Try to get all addresses, but return the one corresponding to
- * `hostname' if we fail.
- *
- * Only include loopback address if there are no other.
- */
-
-krb5_error_code
-krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
-{
-    int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
-
-    if (context->scan_interfaces)
-	flags |= SCAN_INTERFACES;
-
-    return get_addrs_int (context, res, flags);
-}
-
-/*
- * Try to get all local addresses that a server should listen to.
- * If that fails, we return the address corresponding to `hostname'.
- */
-
-krb5_error_code
-krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
-{
-    return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
-}
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c
deleted file mode 100644
index 7aa61a3756ab..000000000000
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ /dev/null
@@ -1,840 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $");
-
-/*
- * Take the `body' and encode it into `padata' using the credentials
- * in `creds'.
- */
-
-static krb5_error_code
-make_pa_tgs_req(krb5_context context, 
-		krb5_auth_context ac,
-		KDC_REQ_BODY *body,
-		PA_DATA *padata,
-		krb5_creds *creds,
-		krb5_key_usage usage)
-{
-    u_char *buf;
-    size_t buf_size;
-    size_t len;
-    krb5_data in_data;
-    krb5_error_code ret;
-
-    ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
-    if (ret)
-	goto out;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    in_data.length = len;
-    in_data.data   = buf;
-    ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
-			       &padata->padata_value,
-			       KRB5_KU_TGS_REQ_AUTH_CKSUM,
-			       usage
-			       /* KRB5_KU_TGS_REQ_AUTH */);
-out:
-    free (buf);
-    if(ret)
-	return ret;
-    padata->padata_type = KRB5_PADATA_TGS_REQ;
-    return 0;
-}
-
-/*
- * Set the `enc-authorization-data' in `req_body' based on `authdata'
- */
-
-static krb5_error_code
-set_auth_data (krb5_context context,
-	       KDC_REQ_BODY *req_body,
-	       krb5_authdata *authdata,
-	       krb5_keyblock *key)
-{
-    if(authdata->len) {
-	size_t len;
-	unsigned char *buf;
-	krb5_crypto crypto;
-	krb5_error_code ret;
-
-	ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret);
-	if (ret)
-	    return ret;
-
-	ALLOC(req_body->enc_authorization_data, 1);
-	if (req_body->enc_authorization_data == NULL) {
-	    free (buf);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	ret = krb5_crypto_init(context, key, 0, &crypto);
-	if (ret) {
-	    free (buf);
-	    free (req_body->enc_authorization_data);
-	    return ret;
-	}
-	krb5_encrypt_EncryptedData(context, 
-				   crypto,
-				   KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, 
-				   /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */
-				   buf,
-				   len,
-				   0,
-				   req_body->enc_authorization_data);
-	free (buf);
-	krb5_crypto_destroy(context, crypto);
-    } else {
-	req_body->enc_authorization_data = NULL;
-    }
-    return 0;
-}    
-
-/*
- * Create a tgs-req in `t' with `addresses', `flags', `second_ticket'
- * (if not-NULL), `in_creds', `krbtgt', and returning the generated
- * subkey in `subkey'.
- */
-
-static krb5_error_code
-init_tgs_req (krb5_context context,
-	      krb5_ccache ccache,
-	      krb5_addresses *addresses,
-	      krb5_kdc_flags flags,
-	      Ticket *second_ticket,
-	      krb5_creds *in_creds,
-	      krb5_creds *krbtgt,
-	      unsigned nonce,
-	      krb5_keyblock **subkey,
-	      TGS_REQ *t,
-	      krb5_key_usage usage)
-{
-    krb5_error_code ret = 0;
-
-    memset(t, 0, sizeof(*t));
-    t->pvno = 5;
-    t->msg_type = krb_tgs_req;
-    if (in_creds->session.keytype) {
-	ALLOC_SEQ(&t->req_body.etype, 1);
-	if(t->req_body.etype.val == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	t->req_body.etype.val[0] = in_creds->session.keytype;
-    } else {
-	ret = krb5_init_etype(context, 
-			      &t->req_body.etype.len, 
-			      &t->req_body.etype.val, 
-			      NULL);
-    }
-    if (ret)
-	goto fail;
-    t->req_body.addresses = addresses;
-    t->req_body.kdc_options = flags.b;
-    ret = copy_Realm(&in_creds->server->realm, &t->req_body.realm);
-    if (ret)
-	goto fail;
-    ALLOC(t->req_body.sname, 1);
-    if (t->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-
-    /* some versions of some code might require that the client be
-       present in TGS-REQs, but this is clearly against the spec */
-
-    ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname);
-    if (ret)
-	goto fail;
-
-    /* req_body.till should be NULL if there is no endtime specified,
-       but old MIT code (like DCE secd) doesn't like that */
-    ALLOC(t->req_body.till, 1);
-    if(t->req_body.till == NULL){
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    *t->req_body.till = in_creds->times.endtime;
-    
-    t->req_body.nonce = nonce;
-    if(second_ticket){
-	ALLOC(t->req_body.additional_tickets, 1);
-	if (t->req_body.additional_tickets == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	ALLOC_SEQ(t->req_body.additional_tickets, 1);
-	if (t->req_body.additional_tickets->val == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); 
-	if (ret)
-	    goto fail;
-    }
-    ALLOC(t->padata, 1);
-    if (t->padata == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    ALLOC_SEQ(t->padata, 1);
-    if (t->padata->val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-
-    {
-	krb5_auth_context ac;
-	krb5_keyblock *key;
-
-	ret = krb5_auth_con_init(context, &ac);
-	if(ret)
-	    goto fail;
-	ret = krb5_generate_subkey (context, &krbtgt->session, &key);
-	if (ret) {
-	    krb5_auth_con_free (context, ac);
-	    goto fail;
-	}
-	ret = krb5_auth_con_setlocalsubkey(context, ac, key);
-	if (ret) {
-	    krb5_free_keyblock (context, key);
-	    krb5_auth_con_free (context, ac);
-	    goto fail;
-	}
-
-	ret = set_auth_data (context, &t->req_body, &in_creds->authdata, key);
-	if (ret) {
-	    krb5_free_keyblock (context, key);
-	    krb5_auth_con_free (context, ac);
-	    goto fail;
-	}
-
-	ret = make_pa_tgs_req(context,
-			      ac,
-			      &t->req_body, 
-			      t->padata->val,
-			      krbtgt,
-			      usage);
-	if(ret) {
-	    krb5_free_keyblock (context, key);
-	    krb5_auth_con_free(context, ac);
-	    goto fail;
-	}
-	*subkey = key;
-	
-	krb5_auth_con_free(context, ac);
-    }
-fail:
-    if (ret)
-	/* XXX - don't free addresses? */
-	free_TGS_REQ (t);
-    return ret;
-}
-
-static krb5_error_code
-get_krbtgt(krb5_context context,
-	   krb5_ccache  id,
-	   krb5_realm realm,
-	   krb5_creds **cred)
-{
-    krb5_error_code ret;
-    krb5_creds tmp_cred;
-
-    memset(&tmp_cred, 0, sizeof(tmp_cred));
-
-    ret = krb5_make_principal(context, 
-			      &tmp_cred.server,
-			      realm,
-			      KRB5_TGS_NAME,
-			      realm,
-			      NULL);
-    if(ret)
-	return ret;
-    ret = krb5_get_credentials(context,
-			       KRB5_GC_CACHED,
-			       id,
-			       &tmp_cred,
-			       cred);
-    krb5_free_principal(context, tmp_cred.server);
-    if(ret)
-	return ret;
-    return 0;
-}
-
-/* DCE compatible decrypt proc */
-static krb5_error_code
-decrypt_tkt_with_subkey (krb5_context context,
-			 krb5_keyblock *key,
-			 krb5_key_usage usage,
-			 krb5_const_pointer subkey,
-			 krb5_kdc_rep *dec_rep)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-    krb5_crypto crypto;
-    
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage,
-				      &dec_rep->kdc_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-    if(ret && subkey){
-	/* DCE compat -- try to decrypt with subkey */
-	ret = krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto);
-	if (ret)
-	    return ret;
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
-					  &dec_rep->kdc_rep.enc_part,
-					  &data);
-	krb5_crypto_destroy(context, crypto);
-    }
-    if (ret)
-	return ret;
-    
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
-				   data.length,
-				   &dec_rep->enc_part, 
-				   &size);
-    if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part, 
-					&size);
-    krb5_data_free (&data);
-    return ret;
-}
-
-static krb5_error_code
-get_cred_kdc_usage(krb5_context context, 
-		   krb5_ccache id, 
-		   krb5_kdc_flags flags,
-		   krb5_addresses *addresses, 
-		   krb5_creds *in_creds, 
-		   krb5_creds *krbtgt,
-		   krb5_creds *out_creds,
-		   krb5_key_usage usage)
-{
-    TGS_REQ req;
-    krb5_data enc;
-    krb5_data resp;
-    krb5_kdc_rep rep;
-    KRB_ERROR error;
-    krb5_error_code ret;
-    unsigned nonce;
-    krb5_keyblock *subkey = NULL;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    Ticket second_ticket;
-    
-    krb5_generate_random_block(&nonce, sizeof(nonce));
-    nonce &= 0xffffffff;
-    
-    if(flags.b.enc_tkt_in_skey){
-	ret = decode_Ticket(in_creds->second_ticket.data, 
-			    in_creds->second_ticket.length, 
-			    &second_ticket, &len);
-	if(ret)
-	    return ret;
-    }
-
-    ret = init_tgs_req (context,
-			id,
-			addresses,
-			flags,
-			flags.b.enc_tkt_in_skey ? &second_ticket : NULL,
-			in_creds,
-			krbtgt,
-			nonce,
-			&subkey, 
-			&req,
-			usage);
-    if(flags.b.enc_tkt_in_skey)
-	free_Ticket(&second_ticket);
-    if (ret)
-	goto out;
-
-    ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret);
-    if (ret) 
-	goto out;
-    if(enc.length != buf_size)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    /* don't free addresses */
-    req.req_body.addresses = NULL;
-    free_TGS_REQ(&req);
-
-    enc.data = buf + buf_size - enc.length;
-    if (ret)
-	goto out;
-    
-    /*
-     * Send and receive
-     */
-
-    ret = krb5_sendto_kdc (context, &enc, 
-			   &krbtgt->server->name.name_string.val[1], &resp);
-    if(ret)
-	goto out;
-
-    memset(&rep, 0, sizeof(rep));
-    if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){
-	ret = krb5_copy_principal(context, 
-				  in_creds->client, 
-				  &out_creds->client);
-	if(ret)
-	    goto out;
-	ret = krb5_copy_principal(context, 
-				  in_creds->server, 
-				  &out_creds->server);
-	if(ret)
-	    goto out;
-	/* this should go someplace else */
-	out_creds->times.endtime = in_creds->times.endtime;
-
-	ret = _krb5_extract_ticket(context,
-				   &rep,
-				   out_creds,
-				   &krbtgt->session,
-				   NULL,
-				   KRB5_KU_TGS_REP_ENC_PART_SESSION,
-				   &krbtgt->addresses,
-				   nonce,
-				   TRUE,
-				   flags.b.request_anonymous,
-				   decrypt_tkt_with_subkey,
-				   subkey);
-	krb5_free_kdc_rep(context, &rep);
-	if (ret)
-	    goto out;
-    } else if(krb5_rd_error(context, &resp, &error) == 0) {
-	ret = krb5_error_from_rd_error(context, &error, in_creds);
-	krb5_free_error_contents(context, &error);
-    } else if(resp.data && ((char*)resp.data)[0] == 4) {
-	ret = KRB5KRB_AP_ERR_V4_REPLY;
-	krb5_clear_error_string(context);
-    } else {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string(context);
-    }
-    krb5_data_free(&resp);
-out:
-    if(subkey){
-	krb5_free_keyblock_contents(context, subkey);
-	free(subkey);
-    }
-    if (buf)
-	free (buf);
-    return ret;
-    
-}
-
-static krb5_error_code
-get_cred_kdc(krb5_context context, 
-	     krb5_ccache id, 
-	     krb5_kdc_flags flags,
-	     krb5_addresses *addresses, 
-	     krb5_creds *in_creds, 
-	     krb5_creds *krbtgt,
-	     krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-
-    ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
-			     krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH);
-    if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
-	krb5_clear_error_string (context);
-	ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
-				 krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH);
-    }
-    return ret;
-}
-
-/* same as above, just get local addresses first */
-
-static krb5_error_code
-get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, 
-		krb5_creds *in_creds, krb5_creds *krbtgt, 
-		krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-    krb5_addresses addresses, *addrs = &addresses;
-    
-    krb5_get_all_client_addrs(context, &addresses);
-    /* XXX this sucks. */
-    if(addresses.len == 0)
-	addrs = NULL;
-    ret = get_cred_kdc(context, id, flags, addrs, 
-		       in_creds, krbtgt, out_creds);
-    krb5_free_addresses(context, &addresses);
-    return ret;
-}
-
-krb5_error_code
-krb5_get_kdc_cred(krb5_context context,
-		  krb5_ccache id,
-		  krb5_kdc_flags flags,
-		  krb5_addresses *addresses,
-		  Ticket  *second_ticket,
-		  krb5_creds *in_creds,
-		  krb5_creds **out_creds
-		  )
-{
-    krb5_error_code ret;
-    krb5_creds *krbtgt;
-
-    *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = get_krbtgt (context,
-		      id,
-		      in_creds->server->realm,
-		      &krbtgt);
-    if(ret) {
-	free(*out_creds);
-	return ret;
-    }
-    ret = get_cred_kdc(context, id, flags, addresses, 
-		       in_creds, krbtgt, *out_creds);
-    krb5_free_creds (context, krbtgt);
-    if(ret)
-	free(*out_creds);
-    return ret;
-}
-
-
-static krb5_error_code
-find_cred(krb5_context context,
-	  krb5_ccache id,
-	  krb5_principal server,
-	  krb5_creds **tgts,
-	  krb5_creds *out_creds)
-{
-    krb5_error_code ret;
-    krb5_creds mcreds;
-    mcreds.server = server;
-    ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, 
-				&mcreds, out_creds);
-    if(ret == 0)
-	return 0;
-    while(tgts && *tgts){
-	if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, 
-			      &mcreds, *tgts)){
-	    ret = krb5_copy_creds_contents(context, *tgts, out_creds);
-	    return ret;
-	}
-	tgts++;
-    }
-    krb5_clear_error_string(context);
-    return KRB5_CC_NOTFOUND;
-}
-
-static krb5_error_code
-add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_creds **tmp = *tgts;
-
-    for(i = 0; tmp && tmp[i]; i++); /* XXX */
-    tmp = realloc(tmp, (i+2)*sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *tgts = tmp;
-    ret = krb5_copy_creds(context, tkt, &tmp[i]);
-    tmp[i+1] = NULL;
-    return ret;
-}
-
-/*
-get_cred(server)
-	creds = cc_get_cred(server)
-	if(creds) return creds
-	tgt = cc_get_cred(krbtgt/server_realm@any_realm)
-	if(tgt)
-		return get_cred_tgt(server, tgt)
-	if(client_realm == server_realm)
-		return NULL
-	tgt = get_cred(krbtgt/server_realm@client_realm)
-	while(tgt_inst != server_realm)
-		tgt = get_cred(krbtgt/server_realm@tgt_inst)
-	return get_cred_tgt(server, tgt)
-	*/
-
-static krb5_error_code
-get_cred_from_kdc_flags(krb5_context context,
-			krb5_kdc_flags flags,
-			krb5_ccache ccache,
-			krb5_creds *in_creds,
-			krb5_creds **out_creds,
-			krb5_creds ***ret_tgts)
-{
-    krb5_error_code ret;
-    krb5_creds *tgt, tmp_creds;
-    krb5_const_realm client_realm, server_realm, try_realm;
-
-    *out_creds = NULL;
-
-    client_realm = *krb5_princ_realm(context, in_creds->client);
-    server_realm = *krb5_princ_realm(context, in_creds->server);
-    memset(&tmp_creds, 0, sizeof(tmp_creds));
-    ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
-    if(ret)
-	return ret;
-
-    try_realm = krb5_config_get_string(context, NULL, "libdefaults",
-				       "capath", server_realm, NULL);
-    if (try_realm == NULL)
-	try_realm = client_realm;
-
-    ret = krb5_make_principal(context,
-			      &tmp_creds.server,
-			      try_realm,
-			      KRB5_TGS_NAME,
-			      server_realm,
-			      NULL);
-    if(ret){
-	krb5_free_principal(context, tmp_creds.client);
-	return ret;
-    }
-    {
-	krb5_creds tgts;
-	/* XXX try krb5_cc_retrieve_cred first? */
-	ret = find_cred(context, ccache, tmp_creds.server, 
-			*ret_tgts, &tgts);
-	if(ret == 0){
-	    *out_creds = calloc(1, sizeof(**out_creds));
-	    if(*out_creds == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-	    } else {
-		krb5_boolean noaddr;
-
-		krb5_appdefault_boolean(context, NULL, tgts.server->realm,
-					"no-addresses", FALSE, &noaddr);
-
-		if (noaddr)
-		    ret = get_cred_kdc(context, ccache, flags, NULL,
-				       in_creds, &tgts, *out_creds);
-		else
-		    ret = get_cred_kdc_la(context, ccache, flags, 
-					  in_creds, &tgts, *out_creds);
-		if (ret) {
-		    free (*out_creds);
-		    *out_creds = NULL;
-		}
-	    }
-	    krb5_free_creds_contents(context, &tgts);
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-    }
-    if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
-	krb5_clear_error_string (context);
-	return KRB5_CC_NOTFOUND;
-    }
-    /* XXX this can loop forever */
-    while(1){
-	general_string tgt_inst;
-
-	ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, 
-				      &tgt, ret_tgts);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	ret = add_cred(context, ret_tgts, tgt);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	tgt_inst = tgt->server->name.name_string.val[1];
-	if(strcmp(tgt_inst, server_realm) == 0)
-	    break;
-	krb5_free_principal(context, tmp_creds.server);
-	ret = krb5_make_principal(context, &tmp_creds.server, 
-				  tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-	ret = krb5_free_creds(context, tgt);
-	if(ret) {
-	    krb5_free_principal(context, tmp_creds.server);
-	    krb5_free_principal(context, tmp_creds.client);
-	    return ret;
-	}
-    }
-	
-    krb5_free_principal(context, tmp_creds.server);
-    krb5_free_principal(context, tmp_creds.client);
-    *out_creds = calloc(1, sizeof(**out_creds));
-    if(*out_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-    } else {
-	krb5_boolean noaddr;
-
-	krb5_appdefault_boolean(context, NULL, tgt->server->realm,
-				"no-addresses", FALSE, &noaddr);
-	if (noaddr)
-	    ret = get_cred_kdc (context, ccache, flags, NULL,
-				in_creds, tgt, *out_creds);
-	else
-	    ret = get_cred_kdc_la(context, ccache, flags, 
-				  in_creds, tgt, *out_creds);
-	if (ret) {
-	    free (*out_creds);
-	    *out_creds = NULL;
-	}
-    }
-    krb5_free_creds(context, tgt);
-    return ret;
-}
-
-krb5_error_code
-krb5_get_cred_from_kdc_opt(krb5_context context,
-			   krb5_ccache ccache,
-			   krb5_creds *in_creds,
-			   krb5_creds **out_creds,
-			   krb5_creds ***ret_tgts,
-			   krb5_flags flags)
-{
-    krb5_kdc_flags f;
-    f.i = flags;
-    return get_cred_from_kdc_flags(context, f, ccache, 
-				   in_creds, out_creds, ret_tgts);
-}
-
-krb5_error_code
-krb5_get_cred_from_kdc(krb5_context context,
-		       krb5_ccache ccache,
-		       krb5_creds *in_creds,
-		       krb5_creds **out_creds,
-		       krb5_creds ***ret_tgts)
-{
-    return krb5_get_cred_from_kdc_opt(context, ccache, 
-				      in_creds, out_creds, ret_tgts, 0);
-}
-     
-
-krb5_error_code
-krb5_get_credentials_with_flags(krb5_context context,
-				krb5_flags options,
-				krb5_kdc_flags flags,
-				krb5_ccache ccache,
-				krb5_creds *in_creds,
-				krb5_creds **out_creds)
-{
-    krb5_error_code ret;
-    krb5_creds **tgts;
-    krb5_creds *res_creds;
-    int i;
-    
-    *out_creds = NULL;
-    res_creds = calloc(1, sizeof(*res_creds));
-    if (res_creds == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_cc_retrieve_cred(context,
-				ccache,
-				in_creds->session.keytype ?
-				KRB5_TC_MATCH_KEYTYPE : 0,
-				in_creds, res_creds);
-    if(ret == 0) {
-	*out_creds = res_creds;
-	return 0;
-    }
-    free(res_creds);
-    if(ret != KRB5_CC_END)
-	return ret;
-    if(options & KRB5_GC_CACHED) {
-	krb5_clear_error_string (context);
-	return KRB5_CC_NOTFOUND;
-    }
-    if(options & KRB5_GC_USER_USER)
-	flags.b.enc_tkt_in_skey = 1;
-    tgts = NULL;
-    ret = get_cred_from_kdc_flags(context, flags, ccache, 
-				  in_creds, out_creds, &tgts);
-    for(i = 0; tgts && tgts[i]; i++) {
-	krb5_cc_store_cred(context, ccache, tgts[i]);
-	krb5_free_creds(context, tgts[i]);
-    }
-    free(tgts);
-    if(ret == 0 && flags.b.enc_tkt_in_skey == 0)
-	krb5_cc_store_cred(context, ccache, *out_creds);
-    return ret;
-}
-
-krb5_error_code
-krb5_get_credentials(krb5_context context,
-		     krb5_flags options,
-		     krb5_ccache ccache,
-		     krb5_creds *in_creds,
-		     krb5_creds **out_creds)
-{
-    krb5_kdc_flags flags;
-    flags.i = 0;
-    return krb5_get_credentials_with_flags(context, options, flags,
-					   ccache, in_creds, out_creds);
-}
diff --git a/crypto/heimdal/lib/krb5/get_default_principal.c b/crypto/heimdal/lib/krb5/get_default_principal.c
deleted file mode 100644
index f8ed48f9583f..000000000000
--- a/crypto/heimdal/lib/krb5/get_default_principal.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_default_principal.c,v 1.7 2001/05/14 06:14:46 assar Exp $");
-
-/*
- * Try to find out what's a reasonable default principal.
- */
-
-static const char*
-get_env_user(void)
-{
-    const char *user = getenv("USER");
-    if(user == NULL)
-	user = getenv("LOGNAME");
-    if(user == NULL)
-	user = getenv("USERNAME");
-    return user;
-}
-
-krb5_error_code
-krb5_get_default_principal (krb5_context context,
-			    krb5_principal *princ)
-{
-    krb5_error_code ret;
-    krb5_ccache id;
-    const char *user;
-    uid_t uid;
-
-    ret = krb5_cc_default (context, &id);
-    if (ret == 0) {
-	ret = krb5_cc_get_principal (context, id, princ);
-	krb5_cc_close (context, id);
-	if (ret == 0)
-	    return 0;
-    }
-
-
-    uid = getuid();    
-    if(uid == 0) {
-	user = getlogin();
-	if(user == NULL)
-	    user = get_env_user();
-	if(user != NULL && strcmp(user, "root") != 0)
-	    ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
-	else
-	    ret = krb5_make_principal(context, princ, NULL, "root", NULL);
-    } else {
-	struct passwd *pw = getpwuid(uid);	
-	if(pw != NULL)
-	    user = pw->pw_name;
-	else {
-	    user = get_env_user();
-	    if(user == NULL)
-		user = getlogin();
-	}
-	if(user == NULL) {
-	    krb5_set_error_string(context,
-				  "unable to figure out current principal");
-	    return ENOTTY; /* XXX */
-	}
-	ret = krb5_make_principal(context, princ, NULL, user, NULL);
-    }
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c
deleted file mode 100644
index 74a880d144e5..000000000000
--- a/crypto/heimdal/lib/krb5/get_default_realm.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_default_realm.c,v 1.10 2001/07/19 16:55:27 assar Exp $");
-
-/*
- * Return a NULL-terminated list of default realms in `realms'.
- * Free this memory with krb5_free_host_realm.
- */
-
-krb5_error_code
-krb5_get_default_realms (krb5_context context,
-			 krb5_realm **realms)
-{
-    if (context->default_realms == NULL) {
-	krb5_error_code ret = krb5_set_default_realm (context, NULL);
-	if (ret)
-	    return KRB5_CONFIG_NODEFREALM;
-    }
-
-    return krb5_copy_host_realm (context,
-				 context->default_realms,
-				 realms);
-}
-
-/*
- * Return the first default realm.  For compatability.
- */
-
-krb5_error_code
-krb5_get_default_realm(krb5_context context,
-		       krb5_realm *realm)
-{
-    char *res;
-
-    if (context->default_realms == NULL
-	|| context->default_realms[0] == NULL) {
-	krb5_error_code ret = krb5_set_default_realm (context, NULL);
-	if (ret) {
-	    krb5_set_error_string(context, "no default realm configured");
-	    return KRB5_CONFIG_NODEFREALM;
-	}
-    }
-
-    res = strdup (context->default_realms[0]);
-    if (res == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *realm = res;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c
deleted file mode 100644
index 2bec9f706574..000000000000
--- a/crypto/heimdal/lib/krb5/get_for_creds.c
+++ /dev/null
@@ -1,377 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $");
-
-static krb5_error_code
-add_addrs(krb5_context context,
-	  krb5_addresses *addr,
-	  struct addrinfo *ai)
-{
-    krb5_error_code ret;
-    unsigned n, i, j;
-    void *tmp;
-    struct addrinfo *a;
-
-    n = 0;
-    for (a = ai; a != NULL; a = a->ai_next)
-	++n;
-
-    i = addr->len;
-    addr->len += n;
-    tmp = realloc(addr->val, addr->len * sizeof(*addr->val));
-    if (tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto fail;
-    }
-    addr->val = tmp;
-    for (j = i; j < addr->len; ++j) {
-	addr->val[i].addr_type = 0;
-	krb5_data_zero(&addr->val[i].address);
-    }
-    for (a = ai; a != NULL; a = a->ai_next) {
-	ret = krb5_sockaddr2address (context, a->ai_addr, &addr->val[i]);
-	if (ret == 0)
-	    ++i;
-	else if (ret == KRB5_PROG_ATYPE_NOSUPP)
-	    krb5_clear_error_string (context);
-	else
-	    goto fail;
-    }
-    addr->len = i;
-    return 0;
-fail:
-    krb5_free_addresses (context, addr);
-    return ret;
-}
-
-/*
- * Forward credentials for `client' to host `hostname`,
- * making them forwardable if `forwardable', and returning the
- * blob of data to sent in `out_data'.
- * If hostname == NULL, pick it from `server'
- */
-
-krb5_error_code
-krb5_fwd_tgt_creds (krb5_context	context,
-		    krb5_auth_context	auth_context,
-		    const char		*hostname,
-		    krb5_principal	client,
-		    krb5_principal	server,
-		    krb5_ccache		ccache,
-		    int			forwardable,
-		    krb5_data		*out_data)
-{
-    krb5_flags flags = 0;
-    krb5_creds creds;
-    krb5_error_code ret;
-    krb5_const_realm client_realm;
-
-    flags |= KDC_OPT_FORWARDED;
-
-    if (forwardable)
-	flags |= KDC_OPT_FORWARDABLE;
-
-    if (hostname == NULL &&
-	krb5_principal_get_type(context, server) == KRB5_NT_SRV_HST) {
-	const char *inst = krb5_principal_get_comp_string(context, server, 0);
-	const char *host = krb5_principal_get_comp_string(context, server, 1);
-
-	if (inst != NULL &&
-	    strcmp(inst, "host") == 0 &&
-	    host != NULL && 
-	    krb5_principal_get_comp_string(context, server, 2) == NULL)
-	    hostname = host;
-    }
-
-    client_realm = krb5_principal_get_realm(context, client);
-    
-    memset (&creds, 0, sizeof(creds));
-    creds.client = client;
-
-    ret = krb5_build_principal(context,
-			       &creds.server,
-			       strlen(client_realm),
-			       client_realm,
-			       KRB5_TGS_NAME,
-			       client_realm,
-			       NULL);
-    if (ret)
-	return ret;
-
-    ret = krb5_get_forwarded_creds (context,
-				    auth_context,
-				    ccache,
-				    flags,
-				    hostname,
-				    &creds,
-				    out_data);
-    return ret;
-}
-
-/*
- *
- */
-
-krb5_error_code
-krb5_get_forwarded_creds (krb5_context	    context,
-			  krb5_auth_context auth_context,
-			  krb5_ccache       ccache,
-			  krb5_flags        flags,
-			  const char        *hostname,
-			  krb5_creds        *in_creds,
-			  krb5_data         *out_data)
-{
-    krb5_error_code ret;
-    krb5_creds *out_creds;
-    krb5_addresses addrs;
-    KRB_CRED cred;
-    KrbCredInfo *krb_cred_info;
-    EncKrbCredPart enc_krb_cred_part;
-    size_t len;
-    unsigned char *buf;
-    size_t buf_size;
-    int32_t sec, usec;
-    krb5_kdc_flags kdc_flags;
-    krb5_crypto crypto;
-    struct addrinfo *ai;
-    int save_errno;
-    krb5_keyblock *key;
-
-    addrs.len = 0;
-    addrs.val = NULL;
-
-    ret = getaddrinfo (hostname, NULL, NULL, &ai);
-    if (ret) {
-	save_errno = errno;
-	krb5_set_error_string(context, "resolving %s: %s",
-			      hostname, gai_strerror(ret));
-	return krb5_eai_to_heim_errno(ret, save_errno);
-    }
-
-    ret = add_addrs (context, &addrs, ai);
-    freeaddrinfo (ai);
-    if (ret)
-	return ret;
-
-    kdc_flags.i = flags;
-
-    ret = krb5_get_kdc_cred (context,
-			     ccache,
-			     kdc_flags,
-			     &addrs,
-			     NULL,
-			     in_creds,
-			     &out_creds);
-    krb5_free_addresses (context, &addrs);
-    if (ret) {
-	return ret;
-    }
-
-    memset (&cred, 0, sizeof(cred));
-    cred.pvno = 5;
-    cred.msg_type = krb_cred;
-    ALLOC_SEQ(&cred.tickets, 1);
-    if (cred.tickets.val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out2;
-    }
-    ret = decode_Ticket(out_creds->ticket.data,
-			out_creds->ticket.length,
-			cred.tickets.val, &len);
-    if (ret)
-	goto out3;
-
-    memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
-    ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
-    if (enc_krb_cred_part.ticket_info.val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out4;
-    }
-    
-    krb5_us_timeofday (context, &sec, &usec);
-
-    ALLOC(enc_krb_cred_part.timestamp, 1);
-    if (enc_krb_cred_part.timestamp == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out4;
-    }
-    *enc_krb_cred_part.timestamp = sec;
-    ALLOC(enc_krb_cred_part.usec, 1);
-    if (enc_krb_cred_part.usec == NULL) {
- 	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out4;
-    }
-    *enc_krb_cred_part.usec      = usec;
-
-    if (auth_context->local_address && auth_context->local_port) {
-	krb5_boolean noaddr;
-	const krb5_realm *realm;
-
-	realm = krb5_princ_realm(context, out_creds->server);
-	krb5_appdefault_boolean(context, NULL, *realm, "no-addresses", FALSE,
-				&noaddr);
-	if (!noaddr) {
-	    ret = krb5_make_addrport (context,
-				      &enc_krb_cred_part.s_address,
-				      auth_context->local_address,
-				      auth_context->local_port);
-	    if (ret)
-		goto out4;
-	}
-    }
-
-    if (auth_context->remote_address) {
-	if (auth_context->remote_port) {
-	    krb5_boolean noaddr;
-	    const krb5_realm *realm;
-
-	    realm = krb5_princ_realm(context, out_creds->server);
-	    krb5_appdefault_boolean(context, NULL, *realm, "no-addresses",
-				    FALSE, &noaddr);
-	    if (!noaddr) {
-		ret = krb5_make_addrport (context,
-					  &enc_krb_cred_part.r_address,
-					  auth_context->remote_address,
-					  auth_context->remote_port);
-		if (ret)
-		    goto out4;
-	    }
-	} else {
-	    ALLOC(enc_krb_cred_part.r_address, 1);
-	    if (enc_krb_cred_part.r_address == NULL) {
-		ret = ENOMEM;
-		krb5_set_error_string(context, "malloc: out of memory");
-		goto out4;
-	    }
-
-	    ret = krb5_copy_address (context, auth_context->remote_address,
-				     enc_krb_cred_part.r_address);
-	    if (ret)
-		goto out4;
-	}
-    }
-
-    /* fill ticket_info.val[0] */
-
-    enc_krb_cred_part.ticket_info.len = 1;
-
-    krb_cred_info = enc_krb_cred_part.ticket_info.val;
-
-    copy_EncryptionKey (&out_creds->session, &krb_cred_info->key);
-    ALLOC(krb_cred_info->prealm, 1);
-    copy_Realm (&out_creds->client->realm, krb_cred_info->prealm);
-    ALLOC(krb_cred_info->pname, 1);
-    copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname);
-    ALLOC(krb_cred_info->flags, 1);
-    *krb_cred_info->flags          = out_creds->flags.b;
-    ALLOC(krb_cred_info->authtime, 1);
-    *krb_cred_info->authtime       = out_creds->times.authtime;
-    ALLOC(krb_cred_info->starttime, 1);
-    *krb_cred_info->starttime      = out_creds->times.starttime;
-    ALLOC(krb_cred_info->endtime, 1);
-    *krb_cred_info->endtime        = out_creds->times.endtime;
-    ALLOC(krb_cred_info->renew_till, 1);
-    *krb_cred_info->renew_till = out_creds->times.renew_till;
-    ALLOC(krb_cred_info->srealm, 1);
-    copy_Realm (&out_creds->server->realm, krb_cred_info->srealm);
-    ALLOC(krb_cred_info->sname, 1);
-    copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname);
-    ALLOC(krb_cred_info->caddr, 1);
-    copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr);
-
-    krb5_free_creds (context, out_creds);
-
-    /* encode EncKrbCredPart */
-
-    ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, 
-		       &enc_krb_cred_part, &len, ret);
-    free_EncKrbCredPart (&enc_krb_cred_part);
-    if (ret) {
-	free_KRB_CRED(&cred);
-	return ret;
-    }
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else
-	key = auth_context->keyblock;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	free_KRB_CRED(&cred);
-	return ret;
-    }
-    ret = krb5_encrypt_EncryptedData (context,
-				      crypto,
-				      KRB5_KU_KRB_CRED,
-				      buf,
-				      len,
-				      0,
-				      &cred.enc_part);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if (ret) {
-	free_KRB_CRED(&cred);
-	return ret;
-    }
-
-    ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
-    free_KRB_CRED (&cred);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    out_data->length = len;
-    out_data->data   = buf;
-    return 0;
-out4:
-    free_EncKrbCredPart(&enc_krb_cred_part);
-out3:
-    free_KRB_CRED(&cred);
-out2:
-    krb5_free_creds (context, out_creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_host_realm.c b/crypto/heimdal/lib/krb5/get_host_realm.c
deleted file mode 100644
index f2b4280f8b8f..000000000000
--- a/crypto/heimdal/lib/krb5/get_host_realm.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <resolve.h>
-
-RCSID("$Id: get_host_realm.c,v 1.29 2002/08/28 13:36:57 nectar Exp $");
-
-/* To automagically find the correct realm of a host (without
- * [domain_realm] in krb5.conf) add a text record for your domain with
- * the name of your realm, like this:
- *
- * _kerberos	IN	TXT	"FOO.SE"
- *
- * The search is recursive, so you can add entries for specific
- * hosts. To find the realm of host a.b.c, it first tries
- * _kerberos.a.b.c, then _kerberos.b.c and so on.
- *
- * This method is described in draft-ietf-cat-krb-dns-locate-03.txt.
- *
- */
-
-static int
-copy_txt_to_realms (struct resource_record *head,
-		    krb5_realm **realms)
-{
-    struct resource_record *rr;
-    int n, i;
-
-    for(n = 0, rr = head; rr; rr = rr->next)
-	if (rr->type == T_TXT)
-	    ++n;
-
-    if (n == 0)
-	return -1;
-
-    *realms = malloc ((n + 1) * sizeof(krb5_realm));
-    if (*realms == NULL)
-	return -1;
-
-    for (i = 0; i < n + 1; ++i)
-	(*realms)[i] = NULL;
-
-    for (i = 0, rr = head; rr; rr = rr->next) {
-	if (rr->type == T_TXT) {
-	    char *tmp;
-
-	    tmp = strdup(rr->u.txt);
-	    if (tmp == NULL) {
-		for (i = 0; i < n; ++i)
-		    free ((*realms)[i]);
-		free (*realms);
-		return -1;
-	    }
-	    (*realms)[i] = tmp;
-	    ++i;
-	}
-    }
-    return 0;
-}
-
-static int
-dns_find_realm(krb5_context context,
-	       const char *domain,
-	       krb5_realm **realms)
-{
-    static char *default_labels[] = { "_kerberos", NULL };
-    char dom[MAXHOSTNAMELEN];
-    struct dns_reply *r;
-    char **labels;
-    int i, ret;
-    
-    labels = krb5_config_get_strings(context, NULL, "libdefaults",
-	"dns_lookup_realm_labels", NULL);
-    if(labels == NULL)
-	labels = default_labels;
-    if(*domain == '.')
-	domain++;
-    for (i = 0; labels[i] != NULL; i++) {
-	if(snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain) >=
-	    sizeof(dom))
-	    return -1;
-    	r = dns_lookup(dom, "TXT");
-    	if(r != NULL) {
-	    ret = copy_txt_to_realms (r->head, realms);
-	    dns_free_data(r);
-	    if(ret == 0)
-		return 0;
-	}
-    }
-    return -1;
-}
-
-/*
- * Try to figure out what realms host in `domain' belong to from the
- * configuration file.
- */
-
-static int
-config_find_realm(krb5_context context, 
-		  const char *domain, 
-		  krb5_realm **realms)
-{
-    char **tmp = krb5_config_get_strings (context, NULL,
-					  "domain_realm",
-					  domain,
-					  NULL);
-
-    if (tmp == NULL)
-	return -1;
-    *realms = tmp;
-    return 0;
-}
-
-/*
- * This function assumes that `host' is a FQDN (and doesn't handle the
- * special case of host == NULL either).
- * Try to find mapping in the config file or DNS and it that fails,
- * fall back to guessing
- */
-
-krb5_error_code
-krb5_get_host_realm_int (krb5_context context,
-			 const char *host,
-			 krb5_boolean use_dns,
-			 krb5_realm **realms)
-{
-    const char *p, *q;
-    krb5_boolean dns_locate_enable;
-
-    dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE,
-	"libdefaults", "dns_lookup_realm", NULL);
-    for (p = host; p != NULL; p = strchr (p + 1, '.')) {
-	if(config_find_realm(context, p, realms) == 0) {
-	    if(strcasecmp(*realms[0], "dns_locate") == 0) {
-		if(use_dns)
-		    for (q = host; q != NULL; q = strchr(q + 1, '.'))
-			if(dns_find_realm(context, q, realms) == 0)
-			    return 0;
-		continue; 
-	    } else 
-	    	return 0;
-	}
-	else if(use_dns && dns_locate_enable) {
-	    if(dns_find_realm(context, p, realms) == 0)
-		return 0;
-	}
-    }
-    p = strchr(host, '.');
-    if(p != NULL) {
-	p++;
-	*realms = malloc(2 * sizeof(krb5_realm));
-	if (*realms == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-
-	(*realms)[0] = strdup(p);
-	if((*realms)[0] == NULL) {
-	    free(*realms);
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	strupr((*realms)[0]);
-	(*realms)[1] = NULL;
-	return 0;
-    }
-    krb5_set_error_string(context, "unable to find realm of host %s", host);
-    return KRB5_ERR_HOST_REALM_UNKNOWN;
-}
-
-/*
- * Return the realm(s) of `host' as a NULL-terminated list in `realms'.
- */
-
-krb5_error_code
-krb5_get_host_realm(krb5_context context,
-		    const char *host,
-		    krb5_realm **realms)
-{
-    char hostname[MAXHOSTNAMELEN];
-
-    if (host == NULL) {
-	if (gethostname (hostname, sizeof(hostname)))
-	    return errno;
-	host = hostname;
-    }
-
-    return krb5_get_host_realm_int (context, host, 1, realms);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c
deleted file mode 100644
index 0e75a95b4cf9..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt.c
+++ /dev/null
@@ -1,827 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt.c,v 1.107 2003/02/16 06:41:25 nectar Exp $");
-
-krb5_error_code
-krb5_init_etype (krb5_context context,
-		 unsigned *len,
-		 krb5_enctype **val,
-		 const krb5_enctype *etypes)
-{
-    int i;
-    krb5_error_code ret;
-    krb5_enctype *tmp = NULL;
-
-    ret = 0;
-    if (etypes == NULL) {
-	ret = krb5_get_default_in_tkt_etypes(context,
-					     &tmp);
-	if (ret)
-	    return ret;
-	etypes = tmp;
-    }
-
-    for (i = 0; etypes[i]; ++i)
-	;
-    *len = i;
-    *val = malloc(i * sizeof(**val));
-    if (i != 0 && *val == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto cleanup;
-    }
-    memmove (*val,
-	     etypes,
-	     i * sizeof(*tmp));
-cleanup:
-    if (tmp != NULL)
-	free (tmp);
-    return ret;
-}
-
-
-static krb5_error_code
-decrypt_tkt (krb5_context context,
-	     krb5_keyblock *key,
-	     krb5_key_usage usage,
-	     krb5_const_pointer decrypt_arg,
-	     krb5_kdc_rep *dec_rep)
-{
-    krb5_error_code ret;
-    krb5_data data;
-    size_t size;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage,
-				      &dec_rep->kdc_rep.enc_part,
-				      &data);
-    krb5_crypto_destroy(context, crypto);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_EncASRepPart(context,
-				   data.data,
-				   data.length,
-				   &dec_rep->enc_part, 
-				   &size);
-    if (ret)
-	ret = krb5_decode_EncTGSRepPart(context,
-					data.data,
-					data.length,
-					&dec_rep->enc_part, 
-					&size);
-    krb5_data_free (&data);
-    if (ret)
-	return ret;
-    return 0;
-}
-
-int
-_krb5_extract_ticket(krb5_context context, 
-		     krb5_kdc_rep *rep, 
-		     krb5_creds *creds,		
-		     krb5_keyblock *key,
-		     krb5_const_pointer keyseed,
-		     krb5_key_usage key_usage,
-		     krb5_addresses *addrs,
-		     unsigned nonce,
-		     krb5_boolean allow_server_mismatch,
-		     krb5_boolean ignore_cname,
-		     krb5_decrypt_proc decrypt_proc,
-		     krb5_const_pointer decryptarg)
-{
-    krb5_error_code ret;
-    krb5_principal tmp_principal;
-    int tmp;
-    time_t tmp_time;
-    krb5_timestamp sec_now;
-
-    ret = principalname2krb5_principal (&tmp_principal,
-					rep->kdc_rep.cname,
-					rep->kdc_rep.crealm);
-    if (ret)
-	goto out;
-
-    /* compare client */
-
-    if (!ignore_cname) {
-	tmp = krb5_principal_compare (context, tmp_principal, creds->client);
-	if (!tmp) {
-	    krb5_free_principal (context, tmp_principal);
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    goto out;
-	}
-    }
-
-    krb5_free_principal (context, creds->client);
-    creds->client = tmp_principal;
-
-    /* extract ticket */
-    ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, 
-		       &rep->kdc_rep.ticket, &creds->ticket.length, ret);
-    if(ret)
-	goto out;
-    creds->second_ticket.length = 0;
-    creds->second_ticket.data   = NULL;
-
-    /* compare server */
-
-    ret = principalname2krb5_principal (&tmp_principal,
-					rep->kdc_rep.ticket.sname,
-					rep->kdc_rep.ticket.realm);
-    if (ret)
-	goto out;
-    if(allow_server_mismatch){
-	krb5_free_principal(context, creds->server);
-	creds->server = tmp_principal;
-	tmp_principal = NULL;
-    }else{
-	tmp = krb5_principal_compare (context, tmp_principal, creds->server);
-	krb5_free_principal (context, tmp_principal);
-	if (!tmp) {
-	    ret = KRB5KRB_AP_ERR_MODIFIED;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-    }
-    
-    /* decrypt */
-
-    if (decrypt_proc == NULL)
-	decrypt_proc = decrypt_tkt;
-    
-    ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep);
-    if (ret)
-	goto out;
-
-#if 0
-    /* XXX should this decode be here, or in the decrypt_proc? */
-    ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1);
-    if(ret)
-	goto out;
-#endif
-
-    /* compare nonces */
-
-    if (nonce != rep->enc_part.nonce) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto out;
-    }
-
-    /* set kdc-offset */
-
-    krb5_timeofday (context, &sec_now);
-    if (rep->enc_part.flags.initial
-	&& context->kdc_sec_offset == 0
-	&& krb5_config_get_bool (context, NULL,
-				 "libdefaults",
-				 "kdc_timesync",
-				 NULL)) {
-	context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
-	krb5_timeofday (context, &sec_now);
-    }
-
-    /* check all times */
-
-    if (rep->enc_part.starttime) {
-	tmp_time = *rep->enc_part.starttime;
-    } else
-	tmp_time = rep->enc_part.authtime;
-
-    if (creds->times.starttime == 0
-	&& abs(tmp_time - sec_now) > context->max_skew) {
-	ret = KRB5KRB_AP_ERR_SKEW;
-	krb5_set_error_string (context,
-			       "time skew (%d) larger than max (%d)",
-			       abs(tmp_time - sec_now),
-			       (int)context->max_skew);
-	goto out;
-    }
-
-    if (creds->times.starttime != 0
-	&& tmp_time != creds->times.starttime) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.starttime = tmp_time;
-
-    if (rep->enc_part.renew_till) {
-	tmp_time = *rep->enc_part.renew_till;
-    } else
-	tmp_time = 0;
-
-    if (creds->times.renew_till != 0
-	&& tmp_time > creds->times.renew_till) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.renew_till = tmp_time;
-
-    creds->times.authtime = rep->enc_part.authtime;
-
-    if (creds->times.endtime != 0
-	&& rep->enc_part.endtime > creds->times.endtime) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto out;
-    }
-
-    creds->times.endtime  = rep->enc_part.endtime;
-
-    if(rep->enc_part.caddr)
-	krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
-    else if(addrs)
-	krb5_copy_addresses (context, addrs, &creds->addresses);
-    else {
-	creds->addresses.len = 0;
-	creds->addresses.val = NULL;
-    }
-    creds->flags.b = rep->enc_part.flags;
-	  
-    creds->authdata.len = 0;
-    creds->authdata.val = NULL;
-    creds->session.keyvalue.length = 0;
-    creds->session.keyvalue.data   = NULL;
-    creds->session.keytype = rep->enc_part.key.keytype;
-    ret = krb5_data_copy (&creds->session.keyvalue,
-			  rep->enc_part.key.keyvalue.data,
-			  rep->enc_part.key.keyvalue.length);
-
-out:
-    memset (rep->enc_part.key.keyvalue.data, 0,
-	    rep->enc_part.key.keyvalue.length);
-    return ret;
-}
-
-
-static krb5_error_code
-make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, 
-		      krb5_enctype etype, krb5_keyblock *key)
-{
-    PA_ENC_TS_ENC p;
-    unsigned char *buf;
-    size_t buf_size;
-    size_t len;
-    EncryptedData encdata;
-    krb5_error_code ret;
-    int32_t sec, usec;
-    int usec2;
-    krb5_crypto crypto;
-    
-    krb5_us_timeofday (context, &sec, &usec);
-    p.patimestamp = sec;
-    usec2         = usec;
-    p.pausec      = &usec2;
-
-    ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret) {
-	free(buf);
-	return ret;
-    }
-    ret = krb5_encrypt_EncryptedData(context, 
-				     crypto,
-				     KRB5_KU_PA_ENC_TIMESTAMP,
-				     buf,
-				     len,
-				     0,
-				     &encdata);
-    free(buf);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-		    
-    ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
-    free_EncryptedData(&encdata);
-    if (ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
-    pa->padata_value.length = len;
-    pa->padata_value.data = buf;
-    return 0;
-}
-
-static krb5_error_code
-add_padata(krb5_context context,
-	   METHOD_DATA *md, 
-	   krb5_principal client,
-	   krb5_key_proc key_proc,
-	   krb5_const_pointer keyseed,
-	   krb5_enctype *enctypes,
-	   unsigned netypes,
-	   krb5_salt *salt)
-{
-    krb5_error_code ret;
-    PA_DATA *pa2;
-    krb5_salt salt2;
-    krb5_enctype *ep;
-    int i;
-    
-    if(salt == NULL) {
-	/* default to standard salt */
-	ret = krb5_get_pw_salt (context, client, &salt2);
-	salt = &salt2;
-    }
-    if (!enctypes) {
-	enctypes = context->etypes;
-	netypes = 0;
-	for (ep = enctypes; *ep != ETYPE_NULL; ep++)
-	    netypes++;
-    }
-    pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
-    if (pa2 == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    md->val = pa2;
-
-    for (i = 0; i < netypes; ++i) {
-	krb5_keyblock *key;
-
-	ret = (*key_proc)(context, enctypes[i], *salt, keyseed, &key);
-	if (ret)
-	    continue;
-	ret = make_pa_enc_timestamp (context, &md->val[md->len],
-				     enctypes[i], key);
-	krb5_free_keyblock (context, key);
-	if (ret)
-	    return ret;
-	++md->len;
-    }
-    if(salt == &salt2)
-	krb5_free_salt(context, salt2);
-    return 0;
-}
-
-static krb5_error_code
-init_as_req (krb5_context context,
-	     krb5_kdc_flags opts,
-	     krb5_creds *creds,
-	     const krb5_addresses *addrs,
-	     const krb5_enctype *etypes,
-	     const krb5_preauthtype *ptypes,
-	     const krb5_preauthdata *preauth,
-	     krb5_key_proc key_proc,
-	     krb5_const_pointer keyseed,
-	     unsigned nonce,
-	     AS_REQ *a)
-{
-    krb5_error_code ret;
-    krb5_salt salt;
-
-    memset(a, 0, sizeof(*a));
-
-    a->pvno = 5;
-    a->msg_type = krb_as_req;
-    a->req_body.kdc_options = opts.b;
-    a->req_body.cname = malloc(sizeof(*a->req_body.cname));
-    if (a->req_body.cname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    a->req_body.sname = malloc(sizeof(*a->req_body.sname));
-    if (a->req_body.sname == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string(context, "malloc: out of memory");
-	goto fail;
-    }
-    ret = krb5_principal2principalname (a->req_body.cname, creds->client);
-    if (ret)
-	goto fail;
-    ret = krb5_principal2principalname (a->req_body.sname, creds->server);
-    if (ret)
-	goto fail;
-    ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
-    if (ret)
-	goto fail;
-
-    if(creds->times.starttime) {
-	a->req_body.from = malloc(sizeof(*a->req_body.from));
-	if (a->req_body.from == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.from = creds->times.starttime;
-    }
-    if(creds->times.endtime){
-	ALLOC(a->req_body.till, 1);
-	*a->req_body.till = creds->times.endtime;
-    }
-    if(creds->times.renew_till){
-	a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
-	if (a->req_body.rtime == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	*a->req_body.rtime = creds->times.renew_till;
-    }
-    a->req_body.nonce = nonce;
-    ret = krb5_init_etype (context,
-			   &a->req_body.etype.len,
-			   &a->req_body.etype.val,
-			   etypes);
-    if (ret)
-	goto fail;
-
-    /*
-     * This means no addresses
-     */
-
-    if (addrs && addrs->len == 0) {
-	a->req_body.addresses = NULL;
-    } else {
-	a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
-	if (a->req_body.addresses == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-
-	if (addrs)
-	    ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
-	else {
-	    ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
-	    if(ret == 0 && a->req_body.addresses->len == 0) {
-		free(a->req_body.addresses);
-		a->req_body.addresses = NULL;
-	    }
-	}
-	if (ret)
-	    return ret;
-    }
-
-    a->req_body.enc_authorization_data = NULL;
-    a->req_body.additional_tickets = NULL;
-
-    if(preauth != NULL) {
-	int i;
-	ALLOC(a->padata, 1);
-	if(a->padata == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	for(i = 0; i < preauth->len; i++) {
-	    if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
-		int j;
-		PA_DATA *tmp = realloc(a->padata->val, 
-				       (a->padata->len + 
-					preauth->val[i].info.len) * 
-				       sizeof(*a->padata->val));
-		if(tmp == NULL) {
-		    ret = ENOMEM;
-		    krb5_set_error_string(context, "malloc: out of memory");
-		    goto fail;
-		}
-		a->padata->val = tmp;
-		for(j = 0; j < preauth->val[i].info.len; j++) {
-		    krb5_salt *sp = &salt;
-		    if(preauth->val[i].info.val[j].salttype)
-			salt.salttype = *preauth->val[i].info.val[j].salttype;
-		    else
-			salt.salttype = KRB5_PW_SALT;
-		    if(preauth->val[i].info.val[j].salt)
-			salt.saltvalue = *preauth->val[i].info.val[j].salt;
-		    else
-			if(salt.salttype == KRB5_PW_SALT)
-			    sp = NULL;
-			else
-			    krb5_data_zero(&salt.saltvalue);
-		    ret = add_padata(context, a->padata, creds->client, 
-			       key_proc, keyseed, 
-			       &preauth->val[i].info.val[j].etype, 1,
-			       sp);
-		    if (ret == 0)
-			break;
-		}
-	    }
-	}
-    } else 
-    /* not sure this is the way to use `ptypes' */
-    if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE)
-	a->padata = NULL;
-    else if (*ptypes ==  KRB5_PADATA_ENC_TIMESTAMP) {
-	ALLOC(a->padata, 1);
-	if (a->padata == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    goto fail;
-	}
-	a->padata->len = 0;
-	a->padata->val = NULL;
-
-	/* make a v5 salted pa-data */
-	add_padata(context, a->padata, creds->client, 
-		   key_proc, keyseed, a->req_body.etype.val,
-		   a->req_body.etype.len, NULL);
-	
-	/* make a v4 salted pa-data */
-	salt.salttype = KRB5_PW_SALT;
-	krb5_data_zero(&salt.saltvalue);
-	add_padata(context, a->padata, creds->client, 
-		   key_proc, keyseed, a->req_body.etype.val,
-		   a->req_body.etype.len, &salt);
-    } else {
-	krb5_set_error_string (context, "pre-auth type %d not supported",
-			       *ptypes);
-	ret = KRB5_PREAUTH_BAD_TYPE;
-	goto fail;
-    }
-    return 0;
-fail:
-    free_AS_REQ(a);
-    return ret;
-}
-
-static int
-set_ptypes(krb5_context context,
-	   KRB_ERROR *error, 
-	   krb5_preauthtype **ptypes,
-	   krb5_preauthdata **preauth)
-{
-    static krb5_preauthdata preauth2;
-    static krb5_preauthtype ptypes2[] = { KRB5_PADATA_ENC_TIMESTAMP, KRB5_PADATA_NONE };
-
-    if(error->e_data) {
-	METHOD_DATA md;
-	int i;
-	decode_METHOD_DATA(error->e_data->data, 
-			   error->e_data->length, 
-			   &md, 
-			   NULL);
-	for(i = 0; i < md.len; i++){
-	    switch(md.val[i].padata_type){
-	    case KRB5_PADATA_ENC_TIMESTAMP:
-		*ptypes = ptypes2;
-		break;
-	    case KRB5_PADATA_ETYPE_INFO:
-		*preauth = &preauth2;
-		ALLOC_SEQ(*preauth, 1);
-		(*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
-		krb5_decode_ETYPE_INFO(context,
-				       md.val[i].padata_value.data, 
-				       md.val[i].padata_value.length,
-				       &(*preauth)->val[0].info,
-				       NULL);
-		break;
-	    default:
-		break;
-	    }
-	}
-	free_METHOD_DATA(&md);
-    } else {
-	*ptypes = ptypes2;
-    }
-    return(1);
-}
-
-krb5_error_code
-krb5_get_in_cred(krb5_context context,
-		 krb5_flags options,
-		 const krb5_addresses *addrs,
-		 const krb5_enctype *etypes,
-		 const krb5_preauthtype *ptypes,
-		 const krb5_preauthdata *preauth,
-		 krb5_key_proc key_proc,
-		 krb5_const_pointer keyseed,
-		 krb5_decrypt_proc decrypt_proc,
-		 krb5_const_pointer decryptarg,
-		 krb5_creds *creds,
-		 krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    AS_REQ a;
-    krb5_kdc_rep rep;
-    krb5_data req, resp;
-    size_t len;
-    krb5_salt salt;
-    krb5_keyblock *key;
-    size_t size;
-    krb5_kdc_flags opts;
-    PA_DATA *pa;
-    krb5_enctype etype;
-    krb5_preauthdata *my_preauth = NULL;
-    unsigned nonce;
-    int done;
-
-    opts.i = options;
-
-    krb5_generate_random_block (&nonce, sizeof(nonce));
-    nonce &= 0xffffffff;
-
-    do {
-	done = 1;
-	ret = init_as_req (context,
-			   opts,
-			   creds,
-			   addrs,
-			   etypes,
-			   ptypes,
-			   preauth,
-			   key_proc,
-			   keyseed,
-			   nonce,
-			   &a);
-	if (my_preauth) {
-	    free_ETYPE_INFO(&my_preauth->val[0].info);
-	    free (my_preauth->val);
-	}
-	if (ret)
-	    return ret;
-
-	ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
-	free_AS_REQ(&a);
-	if (ret)
-	    return ret;
-	if(len != req.length)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-
-	ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
-	krb5_data_free(&req);
-	if (ret)
-	    return ret;
-
-	memset (&rep, 0, sizeof(rep));
-	ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
-	if(ret) {
-	    /* let's try to parse it as a KRB-ERROR */
-	    KRB_ERROR error;
-	    int ret2;
-
-	    ret2 = krb5_rd_error(context, &resp, &error);
-	    if(ret2 && resp.data && ((char*)resp.data)[0] == 4)
-		ret = KRB5KRB_AP_ERR_V4_REPLY;
-	    krb5_data_free(&resp);
-	    if (ret2 == 0) {
-		ret = krb5_error_from_rd_error(context, &error, creds);
-		/* if no preauth was set and KDC requires it, give it
-                   one more try */
-		if (!ptypes && !preauth
-		    && ret == KRB5KDC_ERR_PREAUTH_REQUIRED
-#if 0
-			|| ret == KRB5KDC_ERR_BADOPTION
-#endif
-		    && set_ptypes(context, &error, &ptypes, &my_preauth)) {
-		    done = 0;
-		    preauth = my_preauth;
-		    krb5_free_error_contents(context, &error);
-		    krb5_clear_error_string(context);
-		    continue;
-		}
-		if(ret_as_reply)
-		    ret_as_reply->error = error;
-		else
-		    free_KRB_ERROR (&error);
-		return ret;
-	    }
-	    return ret;
-	}
-	krb5_data_free(&resp);
-    } while(!done);
-    
-    pa = NULL;
-    etype = rep.kdc_rep.enc_part.etype;
-    if(rep.kdc_rep.padata){
-	int index = 0;
-	pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, 
-			      KRB5_PADATA_PW_SALT, &index);
-	if(pa == NULL) {
-	    index = 0;
-	    pa = krb5_find_padata(rep.kdc_rep.padata->val, 
-				  rep.kdc_rep.padata->len, 
-				  KRB5_PADATA_AFS3_SALT, &index);
-	}
-    }
-    if(pa) {
-	salt.salttype = pa->padata_type;
-	salt.saltvalue = pa->padata_value;
-	
-	ret = (*key_proc)(context, etype, salt, keyseed, &key);
-    } else {
-	/* make a v5 salted pa-data */
-	ret = krb5_get_pw_salt (context, creds->client, &salt);
-	
-	if (ret)
-	    goto out;
-	ret = (*key_proc)(context, etype, salt, keyseed, &key);
-	krb5_free_salt(context, salt);
-    }
-    if (ret)
-	goto out;
-	
-    ret = _krb5_extract_ticket(context, 
-			       &rep, 
-			       creds, 
-			       key, 
-			       keyseed, 
-			       KRB5_KU_AS_REP_ENC_PART,
-			       NULL, 
-			       nonce, 
-			       FALSE, 
-			       opts.b.request_anonymous,
-			       decrypt_proc, 
-			       decryptarg);
-    memset (key->keyvalue.data, 0, key->keyvalue.length);
-    krb5_free_keyblock_contents (context, key);
-    free (key);
-
-out:
-    if (ret == 0 && ret_as_reply)
-	*ret_as_reply = rep;
-    else
-	krb5_free_kdc_rep (context, &rep);
-    return ret;
-}
-
-krb5_error_code
-krb5_get_in_tkt(krb5_context context,
-		krb5_flags options,
-		const krb5_addresses *addrs,
-		const krb5_enctype *etypes,
-		const krb5_preauthtype *ptypes,
-		krb5_key_proc key_proc,
-		krb5_const_pointer keyseed,
-		krb5_decrypt_proc decrypt_proc,
-		krb5_const_pointer decryptarg,
-		krb5_creds *creds,
-		krb5_ccache ccache,
-		krb5_kdc_rep *ret_as_reply)
-{
-    krb5_error_code ret;
-    krb5_kdc_flags opts;
-    opts.i = 0;
-    opts.b = int2KDCOptions(options);
-    
-    ret = krb5_get_in_cred (context,
-			    opts.i,
-			    addrs,
-			    etypes,
-			    ptypes,
-			    NULL,
-			    key_proc,
-			    keyseed,
-			    decrypt_proc,
-			    decryptarg,
-			    creds,
-			    ret_as_reply);
-    if(ret) 
-	return ret;
-    ret = krb5_cc_store_cred (context, ccache, creds);
-    krb5_free_creds_contents (context, creds);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
deleted file mode 100644
index a4f5c80134e5..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_pw.c,v 1.16 2001/05/14 06:14:48 assar Exp $");
-
-krb5_error_code
-krb5_password_key_proc (krb5_context context,
-			krb5_enctype type,
-			krb5_salt salt,
-			krb5_const_pointer keyseed,
-			krb5_keyblock **key)
-{
-    krb5_error_code ret;
-    const char *password = (const char *)keyseed;
-    char buf[BUFSIZ];
-     
-    *key = malloc (sizeof (**key));
-    if (*key == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (password == NULL) {
-	if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
-	    free (*key);
-	    krb5_clear_error_string(context);
-	    return KRB5_LIBOS_PWDINTR;
-	}
-	password = buf;
-    }
-    ret = krb5_string_to_key_salt (context, type, password, salt, *key);
-    memset (buf, 0, sizeof(buf));
-    return ret;
-}
-
-krb5_error_code
-krb5_get_in_tkt_with_password (krb5_context context,
-			       krb5_flags options,
-			       krb5_addresses *addrs,
-			       const krb5_enctype *etypes,
-			       const krb5_preauthtype *pre_auth_types,
-			       const char *password,
-			       krb5_ccache ccache,
-			       krb5_creds *creds,
-			       krb5_kdc_rep *ret_as_reply)
-{
-     return krb5_get_in_tkt (context,
-			     options,
-			     addrs,
-			     etypes,
-			     pre_auth_types,
-			     krb5_password_key_proc,
-			     password,
-			     NULL,
-			     NULL,
-			     creds,
-			     ccache,
-			     ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
deleted file mode 100644
index c5feee4581ef..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_with_keytab.c,v 1.6 2001/05/14 06:14:48 assar Exp $");
-
-krb5_error_code
-krb5_keytab_key_proc (krb5_context context,
-		      krb5_enctype enctype,
-		      krb5_salt salt,
-		      krb5_const_pointer keyseed,
-		      krb5_keyblock **key)
-{
-    krb5_keytab_key_proc_args *args  = (krb5_keytab_key_proc_args *)keyseed;
-    krb5_keytab keytab = args->keytab;
-    krb5_principal principal  = args->principal;
-    krb5_error_code ret;
-    krb5_keytab real_keytab;
-    krb5_keytab_entry entry;
-
-    if(keytab == NULL)
-	krb5_kt_default(context, &real_keytab);
-    else
-	real_keytab = keytab;
-
-    ret = krb5_kt_get_entry (context, real_keytab, principal,
-			     0, enctype, &entry);
-
-    if (keytab == NULL)
-	krb5_kt_close (context, real_keytab);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_copy_keyblock (context, &entry.keyblock, key);
-    krb5_kt_free_entry(context, &entry);
-    return ret;
-}
-
-krb5_error_code
-krb5_get_in_tkt_with_keytab (krb5_context context,
-			     krb5_flags options,
-			     krb5_addresses *addrs,
-			     const krb5_enctype *etypes,
-			     const krb5_preauthtype *pre_auth_types,
-			     krb5_keytab keytab,
-			     krb5_ccache ccache,
-			     krb5_creds *creds,
-			     krb5_kdc_rep *ret_as_reply)
-{
-    krb5_keytab_key_proc_args *a;
-
-    a = malloc(sizeof(*a));
-    if (a == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    a->principal = creds->client;
-    a->keytab    = keytab;
-
-    return krb5_get_in_tkt (context,
-			    options,
-			    addrs,
-			    etypes,
-			    pre_auth_types,
-			    krb5_keytab_key_proc,
-			    a,
-			    NULL,
-			    NULL,
-			    creds,
-			    ccache,
-			    ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c
deleted file mode 100644
index 773d36175812..000000000000
--- a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: get_in_tkt_with_skey.c,v 1.3 1999/12/02 17:05:10 joda Exp $");
-
-static krb5_error_code
-krb5_skey_key_proc (krb5_context context,
-		    krb5_enctype type,
-		    krb5_salt salt,
-		    krb5_const_pointer keyseed,
-		    krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code
-krb5_get_in_tkt_with_skey (krb5_context context,
-			   krb5_flags options,
-			   krb5_addresses *addrs,
-			   const krb5_enctype *etypes,
-			   const krb5_preauthtype *pre_auth_types,
-			   const krb5_keyblock *key,
-			   krb5_ccache ccache,
-			   krb5_creds *creds,
-			   krb5_kdc_rep *ret_as_reply)
-{
-    if(key == NULL)
-	return krb5_get_in_tkt_with_keytab (context,
-					    options,
-					    addrs,
-					    etypes,
-					    pre_auth_types,
-					    NULL,
-					    ccache,
-					    creds,
-					    ret_as_reply);
-    else
-	return krb5_get_in_tkt (context,
-				options,
-				addrs,
-				etypes,
-				pre_auth_types,
-				krb5_skey_key_proc,
-				key,
-				NULL,
-				NULL,
-				creds,
-				ccache,
-				ret_as_reply);
-}
diff --git a/crypto/heimdal/lib/krb5/get_port.c b/crypto/heimdal/lib/krb5/get_port.c
deleted file mode 100644
index 6c517414bc0d..000000000000
--- a/crypto/heimdal/lib/krb5/get_port.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: get_port.c,v 1.8 2001/01/27 19:24:34 joda Exp $");
-
-int
-krb5_getportbyname (krb5_context context,
-		    const char *service,
-		    const char *proto,
-		    int default_port)
-{
-    struct servent *sp;
-
-    if ((sp = roken_getservbyname (service, proto)) == NULL) {
-#if 0
-	krb5_warnx(context, "%s/%s unknown service, using default port %d", 
-		   service, proto, default_port);
-#endif
-	return htons(default_port);
-    } else
-	return sp->s_port;
-}
diff --git a/crypto/heimdal/lib/krb5/heim_err.et b/crypto/heimdal/lib/krb5/heim_err.et
deleted file mode 100644
index 67642a53db55..000000000000
--- a/crypto/heimdal/lib/krb5/heim_err.et
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# Error messages for the krb5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: heim_err.et,v 1.12 2001/06/21 03:51:36 assar Exp $"
-
-error_table heim
-
-prefix HEIM_ERR
-
-error_code LOG_PARSE,		"Error parsing log destination"
-error_code V4_PRINC_NO_CONV,	"Failed to convert v4 principal"
-error_code SALTTYPE_NOSUPP,	"Salt type is not supported by enctype"
-error_code NOHOST,		"Host not found"
-error_code OPNOTSUPP,		"Operation not supported"
-error_code EOF,			"End of file"
-error_code BAD_MKEY,		"Failed to get the master key"
-error_code SERVICE_NOMATCH,	"Unacceptable service used"
-
-index 128
-prefix HEIM_EAI
-#error_code NOERROR,		"no error"
-error_code UNKNOWN,		"unknown error from getaddrinfo"
-error_code ADDRFAMILY,		"address family for nodename not supported"
-error_code AGAIN,		"temporary failure in name resolution"
-error_code BADFLAGS,		"invalid value for ai_flags"
-error_code FAIL,		"non-recoverable failure in name resolution"
-error_code FAMILY,		"ai_family not supported"
-error_code MEMORY,		"memory allocation failure"
-error_code NODATA,		"no address associated with nodename"
-error_code NONAME,		"nodename nor servname provided, or not known"
-error_code SERVICE,		"servname not supported for ai_socktype"
-error_code SOCKTYPE,		"ai_socktype not supported"
-error_code SYSTEM,		"system error returned in errno"
-end
diff --git a/crypto/heimdal/lib/krb5/init_creds.c b/crypto/heimdal/lib/krb5/init_creds.c
deleted file mode 100644
index 6f9300596ec2..000000000000
--- a/crypto/heimdal/lib/krb5/init_creds.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: init_creds.c,v 1.9 2001/07/03 18:42:07 assar Exp $");
-
-void
-krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
-{
-    memset (opt, 0, sizeof(*opt));
-    opt->flags = 0;
-}
-
-static int
-get_config_time (krb5_context context,
-		 const char *realm,
-		 const char *name,
-		 int def)
-{
-    int ret;
-
-    ret = krb5_config_get_time (context, NULL,
-				"realms",
-				realm,
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    ret = krb5_config_get_time (context, NULL,
-				"libdefaults",
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    return def;
-}
-
-static krb5_boolean
-get_config_bool (krb5_context context,
-		 const char *realm,
-		 const char *name)
-{
-    return krb5_config_get_bool (context,
-				 NULL,
-				 "realms",
-				 realm,
-				 name,
-				 NULL)
-	|| krb5_config_get_bool (context,
-				 NULL,
-				 "libdefaults",
-				 name,
-				 NULL);
-}
-
-/*
- * set all the values in `opt' to the appropriate values for
- * application `appname' (default to getprogname() if NULL), and realm
- * `realm'.  First looks in [appdefaults] but falls back to
- * [realms] or [libdefaults] for some of the values.
- */
-
-static krb5_addresses no_addrs = {0, NULL};
-
-void
-krb5_get_init_creds_opt_set_default_flags(krb5_context context,
-					  const char *appname, 
-					  krb5_const_realm realm,
-					  krb5_get_init_creds_opt *opt)
-{
-    krb5_boolean b;
-    time_t t;
-
-    b = get_config_bool (context, realm, "forwardable");
-    krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
-    krb5_get_init_creds_opt_set_forwardable(opt, b);
-
-    b = get_config_bool (context, realm, "proxiable");
-    krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
-    krb5_get_init_creds_opt_set_proxiable (opt, b);
-
-    krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
-    if (t == 0)
-	t = get_config_time (context, realm, "ticket_lifetime", 0);
-    if(t != 0)
-	krb5_get_init_creds_opt_set_tkt_life(opt, t);
-    
-    krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
-    if (t == 0)
-	t = get_config_time (context, realm, "renew_lifetime", 0);
-    if(t != 0)
-	krb5_get_init_creds_opt_set_renew_life(opt, t);
-
-    krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b);
-    if (b)
-	krb5_get_init_creds_opt_set_address_list (opt, &no_addrs);
-
-#if 0
-    krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
-    krb5_get_init_creds_opt_set_anonymous (opt, b);
-
-    krb5_get_init_creds_opt_set_etype_list(opt, enctype, 
-					   etype_str.num_strings);
-
-    krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				     krb5_data *salt);
-
-    krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					     krb5_preauthtype *preauth_list,
-					     int preauth_list_length);
-#endif
-}
-
-
-void
-krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
-				     krb5_deltat tkt_life)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
-    opt->tkt_life = tkt_life;
-}
-
-void
-krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
-				       krb5_deltat renew_life)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
-    opt->renew_life = renew_life;
-}
-
-void
-krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
-					int forwardable)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
-    opt->forwardable = forwardable;
-}
-
-void
-krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
-				      int proxiable)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
-    opt->proxiable = proxiable;
-}
-
-void
-krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
-				       krb5_enctype *etype_list,
-				       int etype_list_length)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
-    opt->etype_list = etype_list;
-    opt->etype_list_length = etype_list_length;
-}
-
-void
-krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
-					 krb5_addresses *addresses)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
-    opt->address_list = addresses;
-}
-
-void
-krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
-					 krb5_preauthtype *preauth_list,
-					 int preauth_list_length)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
-    opt->preauth_list_length = preauth_list_length;
-    opt->preauth_list = preauth_list;
-}
-
-void
-krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
-				 krb5_data *salt)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
-    opt->salt = salt;
-}
-
-void
-krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
-				      int anonymous)
-{
-    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
-    opt->anonymous = anonymous;
-}
diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c
deleted file mode 100644
index 51bad53ad7a7..000000000000
--- a/crypto/heimdal/lib/krb5/init_creds_pw.c
+++ /dev/null
@@ -1,573 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: init_creds_pw.c,v 1.55 2003/03/20 18:07:31 lha Exp $");
-
-static int
-get_config_time (krb5_context context,
-		 const char *realm,
-		 const char *name,
-		 int def)
-{
-    int ret;
-
-    ret = krb5_config_get_time (context, NULL,
-				"realms",
-				realm,
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    ret = krb5_config_get_time (context, NULL,
-				"libdefaults",
-				name,
-				NULL);
-    if (ret >= 0)
-	return ret;
-    return def;
-}
-
-static krb5_error_code
-init_cred (krb5_context context,
-	   krb5_creds *cred,
-	   krb5_principal client,
-	   krb5_deltat start_time,
-	   const char *in_tkt_service,
-	   krb5_get_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_realm *client_realm;
-    int tmp;
-    krb5_timestamp now;
-
-    krb5_timeofday (context, &now);
-
-    memset (cred, 0, sizeof(*cred));
-    
-    if (client)
-	krb5_copy_principal(context, client, &cred->client);
-    else {
-	ret = krb5_get_default_principal (context,
-					  &cred->client);
-	if (ret)
-	    goto out;
-    }
-
-    client_realm = krb5_princ_realm (context, cred->client);
-
-    if (start_time)
-	cred->times.starttime  = now + start_time;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
-	tmp = options->tkt_life;
-    else
-	tmp = 10 * 60 * 60;
-    cred->times.endtime = now + tmp;
-
-    if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) &&
-	options->renew_life > 0) {
-	cred->times.renew_till = now + options->renew_life;
-    }
-
-    if (in_tkt_service) {
-	krb5_realm server_realm;
-
-	ret = krb5_parse_name (context, in_tkt_service, &cred->server);
-	if (ret)
-	    goto out;
-	server_realm = strdup (*client_realm);
-	free (*krb5_princ_realm(context, cred->server));
-	krb5_princ_set_realm (context, cred->server, &server_realm);
-    } else {
-	ret = krb5_make_principal(context, &cred->server, 
-				  *client_realm, KRB5_TGS_NAME, *client_realm,
-				  NULL);
-	if (ret)
-	    goto out;
-    }
-    return 0;
-
-out:
-    krb5_free_creds_contents (context, cred);
-    return ret;
-}
-
-/*
- * Print a message (str) to the user about the expiration in `lr'
- */
-
-static void
-report_expiration (krb5_context context,
-		   krb5_prompter_fct prompter,
-		   krb5_data *data,
-		   const char *str,
-		   time_t time)
-{
-    char *p;
-	    
-    asprintf (&p, "%s%s", str, ctime(&time));
-    (*prompter) (context, data, NULL, p, 0, NULL);
-    free (p);
-}
-
-/*
- * Parse the last_req data and show it to the user if it's interesting
- */
-
-static void
-print_expire (krb5_context context,
-	      krb5_realm *realm,
-	      krb5_kdc_rep *rep,
-	      krb5_prompter_fct prompter,
-	      krb5_data *data)
-{
-    int i;
-    LastReq *lr = &rep->enc_part.last_req;
-    krb5_timestamp sec;
-    time_t t;
-    krb5_boolean reported = FALSE;
-
-    krb5_timeofday (context, &sec);
-
-    t = sec + get_config_time (context,
-			       *realm,
-			       "warn_pwexpire",
-			       7 * 24 * 60 * 60);
-
-    for (i = 0; i < lr->len; ++i) {
-	if (lr->val[i].lr_value <= t) {
-	    switch (abs(lr->val[i].lr_type)) {
-	    case LR_PW_EXPTIME :
-		report_expiration(context, prompter, data,
-				  "Your password will expire at ",
-				  lr->val[i].lr_value);
-		reported = TRUE;
-		break;
-	    case LR_ACCT_EXPTIME :
-		report_expiration(context, prompter, data,
-				  "Your account will expire at ",
-				  lr->val[i].lr_value);
-		reported = TRUE;
-		break;
-	    }
-	}
-    }
-
-    if (!reported
-	&& rep->enc_part.key_expiration
-	&& *rep->enc_part.key_expiration <= t) {
-	report_expiration(context, prompter, data,
-			  "Your password/account will expire at ",
-			  *rep->enc_part.key_expiration);
-    }
-}
-
-static krb5_error_code
-get_init_creds_common(krb5_context context,
-		      krb5_creds *creds,
-		      krb5_principal client,
-		      krb5_deltat start_time,
-		      const char *in_tkt_service,
-		      krb5_get_init_creds_opt *options,
-		      krb5_addresses **addrs,
-		      krb5_enctype **etypes,
-		      krb5_creds *cred,
-		      krb5_preauthtype **pre_auth_types,
-		      krb5_kdc_flags *flags)
-{
-    krb5_error_code ret;
-    krb5_realm *client_realm;
-    krb5_get_init_creds_opt default_opt;
-
-    if (options == NULL) {
-	krb5_get_init_creds_opt_init (&default_opt);
-	options = &default_opt;
-    }
-
-    ret = init_cred (context, cred, client, start_time,
-		     in_tkt_service, options);
-    if (ret)
-	return ret;
-
-    client_realm = krb5_princ_realm (context, cred->client);
-
-    flags->i = 0;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
-	flags->b.forwardable = options->forwardable;
-
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
-	flags->b.proxiable = options->proxiable;
-
-    if (start_time)
-	flags->b.postdated = 1;
-    if (cred->times.renew_till)
-	flags->b.renewable = 1;
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)
-	*addrs = options->address_list;
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
-	*etypes = malloc((options->etype_list_length + 1)
-			* sizeof(krb5_enctype));
-	if (*etypes == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy (*etypes, options->etype_list,
-		options->etype_list_length * sizeof(krb5_enctype));
-	(*etypes)[options->etype_list_length] = ETYPE_NULL;
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
-	*pre_auth_types = malloc((options->preauth_list_length + 1)
-				 * sizeof(krb5_preauthtype));
-	if (*pre_auth_types == NULL) {
-	    krb5_set_error_string(context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	memcpy (*pre_auth_types, options->preauth_list,
-		options->preauth_list_length * sizeof(krb5_preauthtype));
-	(*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE;
-    }
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
-	;			/* XXX */
-    if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS)
-	flags->b.request_anonymous = options->anonymous;
-    return 0;
-}
-
-static krb5_error_code
-change_password (krb5_context context,
-		 krb5_principal client,
-		 const char *password,
-		 char *newpw,
-		 size_t newpw_sz,
-		 krb5_prompter_fct prompter,
-		 void *data,
-		 krb5_get_init_creds_opt *old_options)
-{
-    krb5_prompt prompts[2];
-    krb5_error_code ret;
-    krb5_creds cpw_cred;
-    char buf1[BUFSIZ], buf2[BUFSIZ];
-    krb5_data password_data[2];
-    int result_code;
-    krb5_data result_code_string;
-    krb5_data result_string;
-    char *p;
-    krb5_get_init_creds_opt options;
-
-    memset (&cpw_cred, 0, sizeof(cpw_cred));
-
-    krb5_get_init_creds_opt_init (&options);
-    krb5_get_init_creds_opt_set_tkt_life (&options, 60);
-    krb5_get_init_creds_opt_set_forwardable (&options, FALSE);
-    krb5_get_init_creds_opt_set_proxiable (&options, FALSE);
-    if (old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)
-	krb5_get_init_creds_opt_set_preauth_list (&options,
-						  old_options->preauth_list,
-						  old_options->preauth_list_length);					      
-
-    krb5_data_zero (&result_code_string);
-    krb5_data_zero (&result_string);
-
-    ret = krb5_get_init_creds_password (context,
-					&cpw_cred,
-					client,
-					password,
-					prompter,
-					data,
-					0,
-					"kadmin/changepw",
-					&options);
-    if (ret)
-	goto out;
-
-    for(;;) {
-	password_data[0].data   = buf1;
-	password_data[0].length = sizeof(buf1);
-
-	prompts[0].hidden = 1;
-	prompts[0].prompt = "New password: ";
-	prompts[0].reply  = &password_data[0];
-	prompts[0].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD;
-
-	password_data[1].data   = buf2;
-	password_data[1].length = sizeof(buf2);
-
-	prompts[1].hidden = 1;
-	prompts[1].prompt = "Repeat new password: ";
-	prompts[1].reply  = &password_data[1];
-	prompts[1].type   = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
-
-	ret = (*prompter) (context, data, NULL, "Changing password",
-			   2, prompts);
-	if (ret) {
-	    memset (buf1, 0, sizeof(buf1));
-	    memset (buf2, 0, sizeof(buf2));
-	    goto out;
-	}
-
-	if (strcmp (buf1, buf2) == 0)
-	    break;
-	memset (buf1, 0, sizeof(buf1));
-	memset (buf2, 0, sizeof(buf2));
-    }
-    
-    ret = krb5_change_password (context,
-				&cpw_cred,
-				buf1,
-				&result_code,
-				&result_code_string,
-				&result_string);
-    if (ret)
-	goto out;
-    asprintf (&p, "%s: %.*s\n",
-	      result_code ? "Error" : "Success",
-	      (int)result_string.length,
-	      (char*)result_string.data);
-
-    ret = (*prompter) (context, data, NULL, p, 0, NULL);
-    free (p);
-    if (result_code == 0) {
-	strlcpy (newpw, buf1, newpw_sz);
-	ret = 0;
-    } else {
-	krb5_set_error_string (context, "failed changing password");
-	ret = ENOTTY;
-    }
-
-out:
-    memset (buf1, 0, sizeof(buf1));
-    memset (buf2, 0, sizeof(buf2));
-    krb5_data_free (&result_string);
-    krb5_data_free (&result_code_string);
-    krb5_free_creds_contents (context, &cpw_cred);
-    return ret;
-}
-
-krb5_error_code
-krb5_get_init_creds_password(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     const char *password,
-			     krb5_prompter_fct prompter,
-			     void *data,
-			     krb5_deltat start_time,
-			     const char *in_tkt_service,
-			     krb5_get_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_kdc_flags flags;
-    krb5_addresses *addrs = NULL;
-    krb5_enctype *etypes = NULL;
-    krb5_preauthtype *pre_auth_types = NULL;
-    krb5_creds this_cred;
-    krb5_kdc_rep kdc_reply;
-    char buf[BUFSIZ];
-    krb5_data password_data;
-    int done;
-
-    ret = get_init_creds_common(context, creds, client, start_time,
-				in_tkt_service, options,
-				&addrs, &etypes, &this_cred, &pre_auth_types,
-				&flags);
-    if(ret)
-	goto out;
-
-    if (password == NULL) {
-	krb5_prompt prompt;
-	char *p, *q;
-
-	krb5_unparse_name (context, this_cred.client, &p);
-	asprintf (&q, "%s's Password: ", p);
-	free (p);
-	prompt.prompt = q;
-	password_data.data   = buf;
-	password_data.length = sizeof(buf);
-	prompt.hidden = 1;
-	prompt.reply  = &password_data;
-	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
-
-	ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
-	free (q);
-	if (ret) {
-	    memset (buf, 0, sizeof(buf));
-	    ret = KRB5_LIBOS_PWDINTR;
-	    krb5_clear_error_string (context);
-	    goto out;
-	}
-	password = password_data.data;
-    }
-
-    done = 0;
-    while(!done) {
-	memset(&kdc_reply, 0, sizeof(kdc_reply));
-	ret = krb5_get_in_cred (context,
-				flags.i,
-				addrs,
-				etypes,
-				pre_auth_types,
-				NULL,
-				krb5_password_key_proc,
-				password,
-				NULL,
-				NULL,
-				&this_cred,
-				&kdc_reply);
-	switch (ret) {
-	case 0 :
-	    done = 1;
-	    break;
-	case KRB5KDC_ERR_KEY_EXPIRED :
-	    /* try to avoid recursion */
-
-	    if (prompter == NULL)
-		goto out;
-
-	    krb5_clear_error_string (context);
-
-	    if (in_tkt_service != NULL
-		&& strcmp (in_tkt_service, "kadmin/changepw") == 0)
-		goto out;
-
-	    ret = change_password (context,
-				   client,
-				   password,
-				   buf,
-				   sizeof(buf),
-				   prompter,
-				   data,
-				   options);
-	    if (ret)
-		goto out;
-	    password = buf;
-	    break;
-	default:
-	    goto out;
-	}
-    }
-
-    if (prompter)
-	print_expire (context,
-		      krb5_princ_realm (context, this_cred.client),
-		      &kdc_reply,
-		      prompter,
-		      data);
-out:
-    memset (buf, 0, sizeof(buf));
-    if (ret == 0)
-	krb5_free_kdc_rep (context, &kdc_reply);
-
-    free (pre_auth_types);
-    free (etypes);
-    if (ret == 0 && creds)
-	*creds = this_cred;
-    else
-	krb5_free_creds_contents (context, &this_cred);
-    return ret;
-}
-
-krb5_error_code
-krb5_keyblock_key_proc (krb5_context context,
-			krb5_keytype type,
-			krb5_data *salt,
-			krb5_const_pointer keyseed,
-			krb5_keyblock **key)
-{
-    return krb5_copy_keyblock (context, keyseed, key);
-}
-
-krb5_error_code
-krb5_get_init_creds_keytab(krb5_context context,
-			   krb5_creds *creds,
-			   krb5_principal client,
-			   krb5_keytab keytab,
-			   krb5_deltat start_time,
-			   const char *in_tkt_service,
-			   krb5_get_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_kdc_flags flags;
-    krb5_addresses *addrs = NULL;
-    krb5_enctype *etypes = NULL;
-    krb5_preauthtype *pre_auth_types = NULL;
-    krb5_creds this_cred;
-    krb5_keytab_key_proc_args *a;
-    
-    ret = get_init_creds_common(context, creds, client, start_time,
-				in_tkt_service, options,
-				&addrs, &etypes, &this_cred, &pre_auth_types,
-				&flags);
-    if(ret)
-	goto out;
-
-    a = malloc (sizeof(*a));
-    if (a == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-    a->principal = this_cred.client;
-    a->keytab    = keytab;
-
-    ret = krb5_get_in_cred (context,
-			    flags.i,
-			    addrs,
-			    etypes,
-			    pre_auth_types,
-			    NULL,
-			    krb5_keytab_key_proc,
-			    a,
-			    NULL,
-			    NULL,
-			    &this_cred,
-			    NULL);
-    free (a);
-
-    if (ret)
-	goto out;
-    free (pre_auth_types);
-    free (etypes);
-    if (creds)
-	*creds = this_cred;
-    else
-	krb5_free_creds_contents (context, &this_cred);
-    return 0;
-
-out:
-    free (pre_auth_types);
-    free (etypes);
-    krb5_free_creds_contents (context, &this_cred);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/k524_err.et b/crypto/heimdal/lib/krb5/k524_err.et
deleted file mode 100644
index 2dc60f46ae2b..000000000000
--- a/crypto/heimdal/lib/krb5/k524_err.et
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Error messages for the k524 functions
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: k524_err.et,v 1.1 2001/06/20 02:44:11 joda Exp $"
-
-error_table k524
-
-prefix KRB524
-error_code BADKEY,		"wrong keytype in ticket"
-error_code BADADDR,		"incorrect network address"
-error_code BADPRINC,		"cannot convert V5 principal"		#unused
-error_code BADREALM,		"V5 realm name longer than V4 maximum"	#unused
-error_code V4ERR,		"kerberos V4 error server"
-error_code ENCFULL,		"encoding too large at server"
-error_code DECEMPTY,		"decoding out of data"			#unused
-error_code NOTRESP,		"service not responding"		#unused
-end
-
diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8
deleted file mode 100644
index b0b4980778bd..000000000000
--- a/crypto/heimdal/lib/krb5/kerberos.8
+++ /dev/null
@@ -1,104 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: kerberos.8,v 1.6 2003/03/10 02:19:23 lha Exp $
-.\"
-.Dd September 1, 2000
-.Dt KERBEROS 8
-.Os HEIMDAL
-.Sh NAME
-.Nm kerberos
-.Nd introduction to the Kerberos system
-.Sh DESCRIPTION
-Kerberos is a network authentication system. Its purpose is to
-securely authenticate users and services in an insecure network
-environment.
-.Pp
-This is done with a Kerberos server acting as a trusted third party,
-keeping a database with secret keys for all users and services
-(collectively called
-.Em principals ) .
-.Pp
-Each principal belongs to exactly one
-.Em realm ,
-which is the administrative domain in Kerberos. A realm usually
-corresponds to an organisation, and the realm should normally be
-derived from that organisation's domain name. A realm is served by one
-or more Kerberos servers.
-.Pp
-The authentication process involves exchange of
-.Sq tickets
-and
-.Sq authenticators
-which together prove the principal's identity.
-.Pp
-When you login to the Kerberos system, either through the normal
-system login or with the
-.Xr kinit 1
-program, you acquire a
-.Em ticket granting ticket
-which allows you to get new tickets for other services, such as
-.Ic telnet
-or
-.Ic ftp ,
-without giving your password.
-.Pp
-For more information on how Kerberos works, and other general Kerberos
-questions see the Kerberos FAQ at
-.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
-.Pp
-For setup instructions see the Heimdal Texinfo manual.
-.Sh SEE ALSO
-.Xr ftp 1 ,
-.Xr kdestroy 1 ,
-.Xr kinit 1 ,
-.Xr klist 1 ,
-.Xr kpasswd 1 ,
-.Xr telnet 1
-.Sh HISTORY
-The Kerberos authentication system was developed in the late 1980's as
-part of the Athena Project at the Massachusetts Institute of
-Technology. Versions one through three never reached outside MIT, but
-version 4 was (and still is) quite popular, especially in the academic
-community, but is also used in commercial products like the AFS
-filesystem.
-.Pp
-The problems with version 4 are that it has many limitations, the code
-was not too well written (since it had been developed over a long
-time), and it has a number of known security problems. To resolve many
-of these issues work on version five started, and resulted in IETF
-RFC1510 in 1993. Since then much work has been put into the further
-development, and a new RFC will hopefully appear soon.
-.Pp
-This manual manual page is part of the
-.Nm Heimdal
-Kerberos 5 distribution, which has been in development at the Royal
-Institute of Technology in Stockholm, Sweden, since about 1997.
diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c
deleted file mode 100644
index 7eb7067aabe4..000000000000
--- a/crypto/heimdal/lib/krb5/keyblock.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keyblock.c,v 1.12 2001/05/14 06:14:48 assar Exp $");
-
-void
-krb5_free_keyblock_contents(krb5_context context,
-			    krb5_keyblock *keyblock)
-{
-    if(keyblock) {
-	if (keyblock->keyvalue.data != NULL)
-	    memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length);
-	krb5_data_free (&keyblock->keyvalue);
-    }
-}
-
-void
-krb5_free_keyblock(krb5_context context,
-		   krb5_keyblock *keyblock)
-{
-    if(keyblock){
-	krb5_free_keyblock_contents(context, keyblock);
-	free(keyblock);
-    }
-}
-
-krb5_error_code
-krb5_copy_keyblock_contents (krb5_context context,
-			     const krb5_keyblock *inblock,
-			     krb5_keyblock *to)
-{
-    return copy_EncryptionKey(inblock, to);
-}
-
-krb5_error_code
-krb5_copy_keyblock (krb5_context context,
-		    const krb5_keyblock *inblock,
-		    krb5_keyblock **to)
-{
-    krb5_keyblock *k;
-
-    k = malloc (sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *to = k;
-    return krb5_copy_keyblock_contents (context, inblock, k);
-}
diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c
deleted file mode 100644
index 9adf99bc0803..000000000000
--- a/crypto/heimdal/lib/krb5/keytab.c
+++ /dev/null
@@ -1,505 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab.c,v 1.55 2003/03/27 03:45:01 lha Exp $");
-
-/*
- * Register a new keytab in `ops'
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_register(krb5_context context,
-		 const krb5_kt_ops *ops)
-{
-    struct krb5_keytab_data *tmp;
-
-    if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) {
-	krb5_set_error_string(context, "krb5_kt_register; prefix too long");
-	return KRB5_KT_NAME_TOOLONG;
-    }
-
-    tmp = realloc(context->kt_types,
-		  (context->num_kt_types + 1) * sizeof(*context->kt_types));
-    if(tmp == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(&tmp[context->num_kt_types], ops,
-	   sizeof(tmp[context->num_kt_types]));
-    context->kt_types = tmp;
-    context->num_kt_types++;
-    return 0;
-}
-
-/*
- * Resolve the keytab name (of the form `type:residual') in `name'
- * into a keytab in `id'.
- * Return 0 or an error
- */
-
-krb5_error_code
-krb5_kt_resolve(krb5_context context,
-		const char *name,
-		krb5_keytab *id)
-{
-    krb5_keytab k;
-    int i;
-    const char *type, *residual;
-    size_t type_len;
-    krb5_error_code ret;
-
-    residual = strchr(name, ':');
-    if(residual == NULL) {
-	type = "FILE";
-	type_len = strlen(type);
-	residual = name;
-    } else {
-	type = name;
-	type_len = residual - name;
-	residual++;
-    }
-    
-    for(i = 0; i < context->num_kt_types; i++) {
-	if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0)
-	    break;
-    }
-    if(i == context->num_kt_types) {
-	krb5_set_error_string(context, "unknown keytab type %.*s", 
-			      (int)type_len, type);
-	return KRB5_KT_UNKNOWN_TYPE;
-    }
-    
-    k = malloc (sizeof(*k));
-    if (k == NULL) {
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy(k, &context->kt_types[i], sizeof(*k));
-    k->data = NULL;
-    ret = (*k->resolve)(context, residual, k);
-    if(ret) {
-	free(k);
-	k = NULL;
-    }
-    *id = k;
-    return ret;
-}
-
-/*
- * copy the name of the default keytab into `name'.
- * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
- */
-
-krb5_error_code
-krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
-{
-    if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
-	krb5_clear_error_string (context);
-	return KRB5_CONFIG_NOTENUFSPACE;
-    }
-    return 0;
-}
-
-/*
- * copy the name of the default modify keytab into `name'.
- * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
- */
-
-krb5_error_code
-krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
-{
-    const char *kt = NULL;
-    if(context->default_keytab_modify == NULL) {
-	if(strncasecmp(context->default_keytab, "ANY:", 4) != 0)
-	    kt = context->default_keytab;
-	else {
-	    size_t len = strcspn(context->default_keytab + 4, ",");
-	    if(len >= namesize) {
-		krb5_clear_error_string(context);
-		return KRB5_CONFIG_NOTENUFSPACE;
-	    }
-	    strlcpy(name, context->default_keytab + 4, namesize);
-	    name[len] = '\0';
-	    return 0;
-	}    
-    } else
-	kt = context->default_keytab_modify;
-    if (strlcpy (name, kt, namesize) >= namesize) {
-	krb5_clear_error_string (context);
-	return KRB5_CONFIG_NOTENUFSPACE;
-    }
-    return 0;
-}
-
-/*
- * Set `id' to the default keytab.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_default(krb5_context context, krb5_keytab *id)
-{
-    return krb5_kt_resolve (context, context->default_keytab, id);
-}
-
-/*
- * Read the key identified by `(principal, vno, enctype)' from the
- * keytab in `keyprocarg' (the default if == NULL) into `*key'.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_read_service_key(krb5_context context,
-			 krb5_pointer keyprocarg,
-			 krb5_principal principal,
-			 krb5_kvno vno,
-			 krb5_enctype enctype,
-			 krb5_keyblock **key)
-{
-    krb5_keytab keytab;
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-
-    if (keyprocarg)
-	ret = krb5_kt_resolve (context, keyprocarg, &keytab);
-    else
-	ret = krb5_kt_default (context, &keytab);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
-    krb5_kt_close (context, keytab);
-    if (ret)
-	return ret;
-    ret = krb5_copy_keyblock (context, &entry.keyblock, key);
-    krb5_kt_free_entry(context, &entry);
-    return ret;
-}
-
-/*
- * Return the type of the `keytab' in the string `prefix of length
- * `prefixsize'.
- */
-
-krb5_error_code
-krb5_kt_get_type(krb5_context context,
-		 krb5_keytab keytab,
-		 char *prefix,
-		 size_t prefixsize)
-{
-    strlcpy(prefix, keytab->prefix, prefixsize);
-    return 0;
-}
-
-/*
- * Retrieve the name of the keytab `keytab' into `name', `namesize'
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_get_name(krb5_context context, 
-		 krb5_keytab keytab,
-		 char *name,
-		 size_t namesize)
-{
-    return (*keytab->get_name)(context, keytab, name, namesize);
-}
-
-/*
- * Finish using the keytab in `id'.  All resources will be released.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_close(krb5_context context, 
-	      krb5_keytab id)
-{
-    krb5_error_code ret;
-
-    ret = (*id->close)(context, id);
-    if(ret == 0)
-	free(id);
-    return ret;
-}
-
-/*
- * Compare `entry' against `principal, vno, enctype'.
- * Any of `principal, vno, enctype' might be 0 which acts as a wildcard.
- * Return TRUE if they compare the same, FALSE otherwise.
- */
-
-krb5_boolean
-krb5_kt_compare(krb5_context context,
-		krb5_keytab_entry *entry, 
-		krb5_const_principal principal,
-		krb5_kvno vno,
-		krb5_enctype enctype)
-{
-    if(principal != NULL && 
-       !krb5_principal_compare(context, entry->principal, principal))
-	return FALSE;
-    if(vno && vno != entry->vno)
-	return FALSE;
-    if(enctype && enctype != entry->keyblock.keytype)
-	return FALSE;
-    return TRUE;
-}
-
-/*
- * Retrieve the keytab entry for `principal, kvno, enctype' into `entry'
- * from the keytab `id'.
- * kvno == 0 is a wildcard and gives the keytab with the highest vno.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_get_entry(krb5_context context,
-		  krb5_keytab id,
-		  krb5_const_principal principal,
-		  krb5_kvno kvno,
-		  krb5_enctype enctype,
-		  krb5_keytab_entry *entry)
-{
-    krb5_keytab_entry tmp;
-    krb5_error_code ret;
-    krb5_kt_cursor cursor;
-
-    if(id->get)
-	return (*id->get)(context, id, principal, kvno, enctype, entry);
-
-    ret = krb5_kt_start_seq_get (context, id, &cursor);
-    if (ret)
-	return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */
-
-    entry->vno = 0;
-    while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) {
-	if (krb5_kt_compare(context, &tmp, principal, 0, enctype)) {
-	    /* the file keytab might only store the lower 8 bits of
-	       the kvno, so only compare those bits */
-	    if (kvno == tmp.vno
-		|| (tmp.vno < 256 && kvno % 256 == tmp.vno)) {
-		krb5_kt_copy_entry_contents (context, &tmp, entry);
-		krb5_kt_free_entry (context, &tmp);
-		krb5_kt_end_seq_get(context, id, &cursor);
-		return 0;
-	    } else if (kvno == 0 && tmp.vno > entry->vno) {
-		if (entry->vno)
-		    krb5_kt_free_entry (context, entry);
-		krb5_kt_copy_entry_contents (context, &tmp, entry);
-	    }
-	}
-	krb5_kt_free_entry(context, &tmp);
-    }
-    krb5_kt_end_seq_get (context, id, &cursor);
-    if (entry->vno) {
-	return 0;
-    } else {
-	char princ[256], kt_name[256], kvno_str[25];
-
-	krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
-	krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
-
-	if (kvno)
-	    snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
-	else
-	    kvno_str[0] = '\0';
-
-	krb5_set_error_string (context,
- 			       "failed to find %s%s in keytab %s",
-			       princ,
-			       kvno_str,
-			       kt_name);
-	return KRB5_KT_NOTFOUND;
-    }
-}
-
-/*
- * Copy the contents of `in' into `out'.
- * Return 0 or an error.  */
-
-krb5_error_code
-krb5_kt_copy_entry_contents(krb5_context context,
-			    const krb5_keytab_entry *in,
-			    krb5_keytab_entry *out)
-{
-    krb5_error_code ret;
-
-    memset(out, 0, sizeof(*out));
-    out->vno = in->vno;
-
-    ret = krb5_copy_principal (context, in->principal, &out->principal);
-    if (ret)
-	goto fail;
-    ret = krb5_copy_keyblock_contents (context,
-				       &in->keyblock,
-				       &out->keyblock);
-    if (ret)
-	goto fail;
-    out->timestamp = in->timestamp;
-    return 0;
-fail:
-    krb5_kt_free_entry (context, out);
-    return ret;
-}
-
-/*
- * Free the contents of `entry'.
- */
-
-krb5_error_code
-krb5_kt_free_entry(krb5_context context,
-		   krb5_keytab_entry *entry)
-{
-  krb5_free_principal (context, entry->principal);
-  krb5_free_keyblock_contents (context, &entry->keyblock);
-  return 0;
-}
-
-#if 0
-static int
-xxxlock(int fd, int write)
-{
-    if(flock(fd, (write ? LOCK_EX : LOCK_SH) | LOCK_NB) < 0) {
-	sleep(1);
-	if(flock(fd, (write ? LOCK_EX : LOCK_SH) | LOCK_NB) < 0) 
-	    return -1;
-    }
-    return 0;
-}
-
-static void
-xxxunlock(int fd)
-{
-    flock(fd, LOCK_UN);
-}
-#endif
-
-/*
- * Set `cursor' to point at the beginning of `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_start_seq_get(krb5_context context,
-		      krb5_keytab id,
-		      krb5_kt_cursor *cursor)
-{
-    if(id->start_seq_get == NULL) {
-	krb5_set_error_string(context,
-			      "start_seq_get is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->start_seq_get)(context, id, cursor);
-}
-
-/*
- * Get the next entry from `id' pointed to by `cursor' and advance the
- * `cursor'.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_next_entry(krb5_context context,
-		   krb5_keytab id,
-		   krb5_keytab_entry *entry,
-		   krb5_kt_cursor *cursor)
-{
-    if(id->next_entry == NULL) {
-	krb5_set_error_string(context,
-			      "next_entry is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->next_entry)(context, id, entry, cursor);
-}
-
-/*
- * Release all resources associated with `cursor'.
- */
-
-krb5_error_code
-krb5_kt_end_seq_get(krb5_context context,
-		    krb5_keytab id,
-		    krb5_kt_cursor *cursor)
-{
-    if(id->end_seq_get == NULL) {
-	krb5_set_error_string(context,
-			      "end_seq_get is not supported in the %s "
-			      " keytab", id->prefix);
-	return HEIM_ERR_OPNOTSUPP;
-    }
-    return (*id->end_seq_get)(context, id, cursor);
-}
-
-/*
- * Add the entry in `entry' to the keytab `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_add_entry(krb5_context context,
-		  krb5_keytab id,
-		  krb5_keytab_entry *entry)
-{
-    if(id->add == NULL) {
-	krb5_set_error_string(context, "Add is not supported in the %s keytab",
-			      id->prefix);
-	return KRB5_KT_NOWRITE;
-    }
-    entry->timestamp = time(NULL);
-    return (*id->add)(context, id,entry);
-}
-
-/*
- * Remove the entry `entry' from the keytab `id'.
- * Return 0 or an error.
- */
-
-krb5_error_code
-krb5_kt_remove_entry(krb5_context context,
-		     krb5_keytab id,
-		     krb5_keytab_entry *entry)
-{
-    if(id->remove == NULL) {
-	krb5_set_error_string(context,
-			      "Remove is not supported in the %s keytab",
-			      id->prefix);
-	return KRB5_KT_NOWRITE;
-    }
-    return (*id->remove)(context, id, entry);
-}
diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c
deleted file mode 100644
index 667788c69d4d..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_any.c
+++ /dev/null
@@ -1,256 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $");
-
-struct any_data {
-    krb5_keytab kt;
-    char *name;
-    struct any_data *next;
-};
-
-static void
-free_list (krb5_context context, struct any_data *a)
-{
-    struct any_data *next;
-
-    for (; a != NULL; a = next) {
-	next = a->next;
-	free (a->name);
-	if(a->kt)
-	    krb5_kt_close(context, a->kt);
-	free (a);
-    }
-}
-
-static krb5_error_code
-any_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct any_data *a, *a0 = NULL, *prev = NULL;
-    krb5_error_code ret;
-    char buf[256];
-
-    while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) {
-	a = malloc(sizeof(*a));
-	if (a == NULL) {
-	    ret = ENOMEM;
-	    goto fail;
-	}
-	if (a0 == NULL) {
-	    a0 = a;
-	    a->name = strdup(buf);
-	    if (a->name == NULL) {
-		krb5_set_error_string(context, "malloc: out of memory");
-		ret = ENOMEM;
-		goto fail;
-	    }
-	} else
-	    a->name = NULL;
-	if (prev != NULL)
-	    prev->next = a;
-	a->next = NULL;
-	ret = krb5_kt_resolve (context, buf, &a->kt);
-	if (ret)
-	    goto fail;
-	prev = a;
-    }
-    if (a0 == NULL) {
-	krb5_set_error_string(context, "empty ANY: keytab");
-	return ENOENT;
-    }
-    id->data = a0;
-    return 0;
- fail:
-    free_list (context, a0);
-    return ret;
-}
-
-static krb5_error_code
-any_get_name (krb5_context context,
-	      krb5_keytab id,
-	      char *name,
-	      size_t namesize)
-{
-    struct any_data *a = id->data;
-    strlcpy(name, a->name, namesize);
-    return 0;
-}
-
-static krb5_error_code
-any_close (krb5_context context,
-	   krb5_keytab id)
-{
-    struct any_data *a = id->data;
-
-    free_list (context, a);
-    return 0;
-}
-
-struct any_cursor_extra_data {
-    struct any_data *a;
-    krb5_kt_cursor cursor;
-};
-
-static krb5_error_code
-any_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    struct any_data *a = id->data;
-    struct any_cursor_extra_data *ed;
-    krb5_error_code ret;
-
-    c->data = malloc (sizeof(struct any_cursor_extra_data));
-    if(c->data == NULL){
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ed = (struct any_cursor_extra_data *)c->data;
-    ed->a = a;
-    ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
-    if (ret) {
-	free (c->data);
-	c->data = NULL;
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-any_next_entry (krb5_context context,
-		krb5_keytab id,
-		krb5_keytab_entry *entry,
-		krb5_kt_cursor *cursor)
-{
-    krb5_error_code ret, ret2;
-    struct any_cursor_extra_data *ed;
-
-    ed = (struct any_cursor_extra_data *)cursor->data;
-    do {
-	ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
-	if (ret == 0)
-	    return 0;
-	else if (ret == KRB5_KT_END) {
-	    ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
-	    if (ret2)
-		return ret2;
-	    while ((ed->a = ed->a->next) != NULL) {
-		ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
-		if (ret2 == 0)
-		    break;
-	    }
-	    if (ed->a == NULL) {
-		krb5_clear_error_string (context);
-		return KRB5_KT_END;
-	    }
-	} else
-	    return ret;
-    } while (ret == KRB5_KT_END);
-    return ret;
-}
-
-static krb5_error_code
-any_end_seq_get(krb5_context context,
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_error_code ret = 0;
-    struct any_cursor_extra_data *ed;
-
-    ed = (struct any_cursor_extra_data *)cursor->data;
-    if (ed->a != NULL)
-	ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor);
-    free (ed);
-    cursor->data = NULL;
-    return ret;
-}
-
-static krb5_error_code
-any_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct any_data *a = id->data;
-    krb5_error_code ret;
-    while(a != NULL) {
-	ret = krb5_kt_add_entry(context, a->kt, entry);
-	if(ret != 0 && ret != KRB5_KT_NOWRITE) {
-	    krb5_set_error_string(context, "failed to add entry to %s", 
-				  a->name);
-	    return ret;
-	}
-	a = a->next;
-    }
-    return 0;
-}
-
-static krb5_error_code
-any_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct any_data *a = id->data;
-    krb5_error_code ret;
-    int found = 0;
-    while(a != NULL) {
-	ret = krb5_kt_remove_entry(context, a->kt, entry);
-	if(ret == 0)
-	    found++;
-	else {
-	    if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) {
-		krb5_set_error_string(context, "failed to remove entry from %s", 
-				      a->name);
-		return ret;
-	    }
-	}
-	a = a->next;
-    }
-    if(!found)
-	return KRB5_KT_NOTFOUND;
-    return 0;
-}
-
-const krb5_kt_ops krb5_any_ops = {
-    "ANY",
-    any_resolve,
-    any_get_name,
-    any_close,
-    NULL, /* get */
-    any_start_seq_get,
-    any_next_entry,
-    any_end_seq_get,
-    any_add_entry,
-    any_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c
deleted file mode 100644
index f2ff53867cc8..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_file.c
+++ /dev/null
@@ -1,617 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_file.c,v 1.12 2002/09/24 16:43:30 joda Exp $");
-
-#define KRB5_KT_VNO_1 1
-#define KRB5_KT_VNO_2 2
-#define KRB5_KT_VNO   KRB5_KT_VNO_2
-
-/* file operations -------------------------------------------- */
-
-struct fkt_data {
-    char *filename;
-};
-
-static krb5_error_code
-krb5_kt_ret_data(krb5_context context,
-		 krb5_storage *sp,
-		 krb5_data *data)
-{
-    int ret;
-    int16_t size;
-    ret = krb5_ret_int16(sp, &size);
-    if(ret)
-	return ret;
-    data->length = size;
-    data->data = malloc(size);
-    if (data->data == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, data->data, size);
-    if(ret != size)
-	return (ret < 0)? errno : KRB5_KT_END;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_ret_string(krb5_context context,
-		   krb5_storage *sp,
-		   general_string *data)
-{
-    int ret;
-    int16_t size;
-    ret = krb5_ret_int16(sp, &size);
-    if(ret)
-	return ret;
-    *data = malloc(size + 1);
-    if (*data == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = krb5_storage_read(sp, *data, size);
-    (*data)[size] = '\0';
-    if(ret != size)
-	return (ret < 0)? errno : KRB5_KT_END;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_data(krb5_context context,
-		   krb5_storage *sp,
-		   krb5_data data)
-{
-    int ret;
-    ret = krb5_store_int16(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return KRB5_KT_END;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_string(krb5_storage *sp,
-		     general_string data)
-{
-    int ret;
-    size_t len = strlen(data);
-    ret = krb5_store_int16(sp, len);
-    if(ret < 0)
-	return ret;
-    ret = krb5_storage_write(sp, data, len);
-    if(ret != len){
-	if(ret < 0)
-	    return errno;
-	return KRB5_KT_END;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
-{
-    int ret;
-    int16_t tmp;
-
-    ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
-    if(ret) return ret;
-    p->keytype = tmp;
-    ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
-    return ret;
-}
-
-static krb5_error_code
-krb5_kt_store_keyblock(krb5_context context,
-		       krb5_storage *sp, 
-		       krb5_keyblock *p)
-{
-    int ret;
-
-    ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
-    if(ret) return ret;
-    ret = krb5_kt_store_data(context, sp, p->keyvalue);
-    return ret;
-}
-
-
-static krb5_error_code
-krb5_kt_ret_principal(krb5_context context,
-		      krb5_storage *sp,
-		      krb5_principal *princ)
-{
-    int i;
-    int ret;
-    krb5_principal p;
-    int16_t tmp;
-    
-    ALLOC(p, 1);
-    if(p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret)
-	return ret;
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	tmp--;
-    p->name.name_string.len = tmp;
-    ret = krb5_kt_ret_string(context, sp, &p->realm);
-    if(ret)
-	return ret;
-    p->name.name_string.val = calloc(p->name.name_string.len, 
-				     sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
-	if(ret)
-	    return ret;
-    }
-    if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
-	p->name.name_type = KRB5_NT_UNKNOWN;
-    else {
-	int32_t tmp32;
-	ret = krb5_ret_int32(sp, &tmp32);
-	p->name.name_type = tmp32;
-	if (ret)
-	    return ret;
-    }
-    *princ = p;
-    return 0;
-}
-
-static krb5_error_code
-krb5_kt_store_principal(krb5_context context,
-			krb5_storage *sp,
-			krb5_principal p)
-{
-    int i;
-    int ret;
-    
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ret = krb5_store_int16(sp, p->name.name_string.len + 1);
-    else
-	ret = krb5_store_int16(sp, p->name.name_string.len);
-    if(ret) return ret;
-    ret = krb5_kt_store_string(sp, p->realm);
-    if(ret) return ret;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
-	if(ret)
-	    return ret;
-    }
-    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
-	ret = krb5_store_int32(sp, p->name.name_type);
-	if(ret)
-	    return ret;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct fkt_data *d;
-
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->filename = strdup(name);
-    if(d->filename == NULL) {
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-fkt_close(krb5_context context, krb5_keytab id)
-{
-    struct fkt_data *d = id->data;
-    free(d->filename);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-fkt_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    /* This function is XXX */
-    struct fkt_data *d = id->data;
-    strlcpy(name, d->filename, namesize);
-    return 0;
-}
-
-static void
-storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
-{
-    int flags = 0;
-    switch(vno) {
-    case KRB5_KT_VNO_1:
-	flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
-	flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
-	flags |= KRB5_STORAGE_HOST_BYTEORDER;
-	break;
-    case KRB5_KT_VNO_2:
-	break;
-    default:
-	krb5_warnx(context, 
-		   "storage_set_flags called with bad vno (%d)", vno);
-    }
-    krb5_storage_set_flags(sp, flags);
-}
-
-static krb5_error_code
-fkt_start_seq_get_int(krb5_context context, 
-		      krb5_keytab id, 
-		      int flags,
-		      krb5_kt_cursor *c)
-{
-    int8_t pvno, tag;
-    krb5_error_code ret;
-    struct fkt_data *d = id->data;
-    
-    c->fd = open (d->filename, flags);
-    if (c->fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "%s: %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-    c->sp = krb5_storage_from_fd(c->fd);
-    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
-    ret = krb5_ret_int8(c->sp, &pvno);
-    if(ret) {
-	krb5_storage_free(c->sp);
-	close(c->fd);
-	return ret;
-    }
-    if(pvno != 5) {
-	krb5_storage_free(c->sp);
-	close(c->fd);
-	krb5_clear_error_string (context);
-	return KRB5_KEYTAB_BADVNO;
-    }
-    ret = krb5_ret_int8(c->sp, &tag);
-    if (ret) {
-	krb5_storage_free(c->sp);
-	close(c->fd);
-	return ret;
-    }
-    id->version = tag;
-    storage_set_flags(context, c->sp, id->version);
-    return 0;
-}
-
-static krb5_error_code
-fkt_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, c);
-}
-
-static krb5_error_code
-fkt_next_entry_int(krb5_context context, 
-		   krb5_keytab id, 
-		   krb5_keytab_entry *entry, 
-		   krb5_kt_cursor *cursor,
-		   off_t *start,
-		   off_t *end)
-{
-    int32_t len;
-    int ret;
-    int8_t tmp8;
-    int32_t tmp32;
-    off_t pos, curpos;
-
-    pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-loop:
-    ret = krb5_ret_int32(cursor->sp, &len);
-    if (ret)
-	return ret;
-    if(len < 0) {
-	pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
-	goto loop;
-    }
-    ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
-    if (ret)
-	goto out;
-    ret = krb5_ret_int32(cursor->sp, &tmp32);
-    entry->timestamp = tmp32;
-    if (ret)
-	goto out;
-    ret = krb5_ret_int8(cursor->sp, &tmp8);
-    if (ret)
-	goto out;
-    entry->vno = tmp8;
-    ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
-    if (ret)
-	goto out;
-    /* there might be a 32 bit kvno here
-     * if it's zero, assume that the 8bit one was right,
-     * otherwise trust the new value */
-    curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-    if(len + 4 + pos - curpos == 4) {
-	ret = krb5_ret_int32(cursor->sp, &tmp32);
-	if (ret == 0 && tmp32 != 0) {
-	    entry->vno = tmp32;
-	}
-    }
-    if(start) *start = pos;
-    if(end) *end = *start + 4 + len;
- out:
-    krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
-    return ret;
-}
-
-static krb5_error_code
-fkt_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *cursor)
-{
-    return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
-}
-
-static krb5_error_code
-fkt_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_storage_free(cursor->sp);
-    close(cursor->fd);
-    return 0;
-}
-
-static krb5_error_code
-fkt_setup_keytab(krb5_context context,
-		 krb5_keytab id,
-		 krb5_storage *sp)
-{
-    krb5_error_code ret;
-    ret = krb5_store_int8(sp, 5);
-    if(ret)
-	return ret;
-    if(id->version == 0)
-	id->version = KRB5_KT_VNO;
-    return krb5_store_int8 (sp, id->version);
-}
-		 
-static krb5_error_code
-fkt_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    int ret;
-    int fd;
-    krb5_storage *sp;
-    struct fkt_data *d = id->data;
-    krb5_data keytab;
-    int32_t len;
-    
-    fd = open (d->filename, O_RDWR | O_BINARY);
-    if (fd < 0) {
-	fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_KT_END);
-	ret = fkt_setup_keytab(context, id, sp);
-	if(ret) {
-	    krb5_storage_free(sp);
-	    close(fd);
-	    return ret;
-	}
-	storage_set_flags(context, sp, id->version);
-    } else {
-	int8_t pvno, tag;
-	sp = krb5_storage_from_fd(fd);
-	krb5_storage_set_eof_code(sp, KRB5_KT_END);
-	ret = krb5_ret_int8(sp, &pvno);
-	if(ret) {
-	    /* we probably have a zero byte file, so try to set it up
-               properly */
-	    ret = fkt_setup_keytab(context, id, sp);
-	    if(ret) {
-		krb5_set_error_string(context, "%s: keytab is corrupted: %s", 
-				      d->filename, strerror(ret));
-		krb5_storage_free(sp);
-		close(fd);
-		return ret;
-	    }
-	    storage_set_flags(context, sp, id->version);
-	} else {
-	    if(pvno != 5) {
-		krb5_storage_free(sp);
-		close(fd);
-		krb5_clear_error_string (context);
-		ret = KRB5_KEYTAB_BADVNO;
-		krb5_set_error_string(context, "%s: %s", 
-				      d->filename, strerror(ret));
-		return ret;
-	    }
-	    ret = krb5_ret_int8 (sp, &tag);
-	    if (ret) {
-		krb5_set_error_string(context, "%s: reading tag: %s", 
-				      d->filename, strerror(ret));
-		krb5_storage_free(sp);
-		close(fd);
-		return ret;
-	    }
-	    id->version = tag;
-	    storage_set_flags(context, sp, id->version);
-	}
-    }
-
-    {
-	krb5_storage *emem;
-	emem = krb5_storage_emem();
-	if(emem == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    goto out;
-	}
-	ret = krb5_kt_store_principal(context, emem, entry->principal);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int32 (emem, entry->timestamp);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int8 (emem, entry->vno % 256);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
-	if(ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-	ret = krb5_store_int32 (emem, entry->vno);
-	if (ret) {
-	    krb5_storage_free(emem);
-	    goto out;
-	}
-
-	ret = krb5_storage_to_data(emem, &keytab);
-	krb5_storage_free(emem);
-	if(ret)
-	    goto out;
-    }
-    
-    while(1) {
-	ret = krb5_ret_int32(sp, &len);
-	if(ret == KRB5_KT_END) {
-	    len = keytab.length;
-	    break;
-	}
-	if(len < 0) {
-	    len = -len;
-	    if(len >= keytab.length) {
-		krb5_storage_seek(sp, -4, SEEK_CUR);
-		break;
-	    }
-	}
-	krb5_storage_seek(sp, len, SEEK_CUR);
-    }
-    ret = krb5_store_int32(sp, len);
-    if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
-	ret = errno;
-    memset(keytab.data, 0, keytab.length);
-    krb5_data_free(&keytab);
-  out:
-    krb5_storage_free(sp);
-    close(fd);
-    return ret;
-}
-
-static krb5_error_code
-fkt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    krb5_keytab_entry e;
-    krb5_kt_cursor cursor;
-    off_t pos_start, pos_end;
-    int found = 0;
-    krb5_error_code ret;
-    
-    ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, &cursor);
-    if(ret != 0) 
-	goto out; /* return other error here? */
-    while(fkt_next_entry_int(context, id, &e, &cursor, 
-			     &pos_start, &pos_end) == 0) {
-	if(krb5_kt_compare(context, &e, entry->principal, 
-			   entry->vno, entry->keyblock.keytype)) {
-	    int32_t len;
-	    unsigned char buf[128];
-	    found = 1;
-	    krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
-	    len = pos_end - pos_start - 4;
-	    krb5_store_int32(cursor.sp, -len);
-	    memset(buf, 0, sizeof(buf));
-	    while(len > 0) {
-		krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
-		len -= min(len, sizeof(buf));
-	    }
-	}
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-  out:
-    if (!found) {
-	krb5_clear_error_string (context);
-	return KRB5_KT_NOTFOUND;
-    }
-    return 0;
-}
-
-const krb5_kt_ops krb5_fkt_ops = {
-    "FILE",
-    fkt_resolve,
-    fkt_get_name,
-    fkt_close,
-    NULL, /* get */
-    fkt_start_seq_get,
-    fkt_next_entry,
-    fkt_end_seq_get,
-    fkt_add_entry,
-    fkt_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c
deleted file mode 100644
index aca930fa5595..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_keyfile.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_keyfile.c,v 1.15 2002/10/21 15:42:06 joda Exp $");
-
-/* afs keyfile operations --------------------------------------- */
-
-/*
- * Minimum tools to handle the AFS KeyFile.
- * 
- * Format of the KeyFile is:
- * <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys}
- *
- * It just adds to the end of the keyfile, deleting isn't implemented.
- * Use your favorite text/hex editor to delete keys.
- *
- */
-
-#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
-#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
-
-struct akf_data {
-    int num_entries;
-    char *filename;
-    char *cell;
-    char *realm;
-};
-
-/*
- * set `d->cell' and `d->realm'
- */
-
-static int
-get_cell_and_realm (krb5_context context,
-		    struct akf_data *d)
-{
-    FILE *f;
-    char buf[BUFSIZ], *cp;
-    int ret;
-
-    f = fopen (AFS_SERVERTHISCELL, "r");
-    if (f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
-			       strerror(ret));
-	return ret;
-    }
-    if (fgets (buf, sizeof(buf), f) == NULL) {
-	fclose (f);
-	krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
-	return EINVAL;
-    }
-    buf[strcspn(buf, "\n")] = '\0';
-    fclose(f);
-
-    d->cell = strdup (buf);
-    if (d->cell == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    f = fopen (AFS_SERVERMAGICKRBCONF, "r");
-    if (f != NULL) {
-	if (fgets (buf, sizeof(buf), f) == NULL) {
-	    fclose (f);
-	    krb5_set_error_string (context, "no realm in %s",
-				   AFS_SERVERMAGICKRBCONF);
-	    return EINVAL;
-	}
-	buf[strcspn(buf, "\n")] = '\0';
-	fclose(f);
-    }
-    /* uppercase */
-    for (cp = buf; *cp != '\0'; cp++)
-	*cp = toupper(*cp);
-    
-    d->realm = strdup (buf);
-    if (d->realm == NULL) {
-	free (d->cell);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    return 0;
-}
-
-/*
- * init and get filename
- */
-
-static krb5_error_code
-akf_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    int ret;
-    struct akf_data *d = malloc(sizeof (struct akf_data));
-
-    if (d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    
-    d->num_entries = 0;
-    ret = get_cell_and_realm (context, d);
-    if (ret) {
-	free (d);
-	return ret;
-    }
-    d->filename = strdup (name);
-    if (d->filename == NULL) {
-	free (d->cell);
-	free (d->realm);
-	free (d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    
-    return 0;
-}
-
-/*
- * cleanup
- */
-
-static krb5_error_code
-akf_close(krb5_context context, krb5_keytab id)
-{
-    struct akf_data *d = id->data;
-
-    free (d->filename);
-    free (d->cell);
-    free (d);
-    return 0;
-}
-
-/*
- * Return filename
- */
-
-static krb5_error_code 
-akf_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t name_sz)
-{
-    struct akf_data *d = id->data;
-
-    strlcpy (name, d->filename, name_sz);
-    return 0;
-}
-
-/*
- * Init 
- */
-
-static krb5_error_code
-akf_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    int32_t ret;
-    struct akf_data *d = id->data;
-
-    c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
-    if (c->fd < 0) {
-	ret = errno;
-	krb5_set_error_string(context, "open(%s): %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-
-    c->sp = krb5_storage_from_fd(c->fd);
-    ret = krb5_ret_int32(c->sp, &d->num_entries);
-    if(ret) {
-	krb5_storage_free(c->sp);
-	close(c->fd);
-	krb5_clear_error_string (context);
-	if(ret == KRB5_KT_END)
-	    return KRB5_KT_NOTFOUND;
-	return ret;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-akf_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *cursor)
-{
-    struct akf_data *d = id->data;
-    int32_t kvno;
-    off_t pos;
-    int ret;
-
-    pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
-
-    if ((pos - 4) / (4 + 8) >= d->num_entries)
-	return KRB5_KT_END;
-
-    ret = krb5_make_principal (context, &entry->principal,
-			       d->realm, "afs", d->cell, NULL);
-    if (ret)
-	goto out;
-
-    ret = krb5_ret_int32(cursor->sp, &kvno);
-    if (ret) {
-	krb5_free_principal (context, entry->principal);
-	goto out;
-    }
-
-    entry->vno = kvno;
-
-    entry->keyblock.keytype         = ETYPE_DES_CBC_MD5;
-    entry->keyblock.keyvalue.length = 8;
-    entry->keyblock.keyvalue.data   = malloc (8);
-    if (entry->keyblock.keyvalue.data == NULL) {
-	krb5_free_principal (context, entry->principal);
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto out;
-    }
-
-    ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8);
-    if(ret != 8)
-	ret = (ret < 0) ? errno : KRB5_KT_END;
-    else
-	ret = 0;
-
-    entry->timestamp = time(NULL);
-
- out:
-    krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
-    return ret;
-}
-
-static krb5_error_code
-akf_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    krb5_storage_free(cursor->sp);
-    close(cursor->fd);
-    return 0;
-}
-
-static krb5_error_code
-akf_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct akf_data *d = id->data;
-    int fd, created = 0;
-    krb5_error_code ret;
-    int32_t len;
-    krb5_storage *sp;
-
-
-    if (entry->keyblock.keyvalue.length != 8 
-	|| entry->keyblock.keytype != ETYPE_DES_CBC_MD5)
-	return 0;
-
-    fd = open (d->filename, O_RDWR | O_BINARY);
-    if (fd < 0) {
-	fd = open (d->filename,
-		   O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-	created = 1;
-    }
-
-    sp = krb5_storage_from_fd(fd);
-    if(sp == NULL) {
-	close(fd);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if (created)
-	len = 0;
-    else {
-	if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
-	    ret = errno;
-	    krb5_storage_free(sp);
-	    close(fd);
-	    krb5_set_error_string (context, "seek: %s", strerror(ret));
-	    return ret;
-	}
-	    
-	ret = krb5_ret_int32(sp, &len);
-	if(ret) {
-	    krb5_storage_free(sp);
-	    close(fd);
-	    return ret;
-	}
-    }
-    len++;
-	
-    if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
-	ret = errno;
-	krb5_storage_free(sp);
-	close(fd);
-	krb5_set_error_string (context, "seek: %s", strerror(ret));
-	return ret;
-    }
-	
-    ret = krb5_store_int32(sp, len);
-    if(ret) {
-	krb5_storage_free(sp);
-	close(fd);
-	return ret;
-    }
-		
-
-    if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
-	ret = errno;
-	krb5_storage_free(sp);
-	close(fd);
-	krb5_set_error_string (context, "seek: %s", strerror(ret));
-	return ret;
-    }
-	
-    ret = krb5_store_int32(sp, entry->vno);
-    if(ret) {
-	krb5_storage_free(sp);
-	close(fd);
-	return ret;
-    }
-    ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 
-			     entry->keyblock.keyvalue.length);
-    if(ret != entry->keyblock.keyvalue.length) {
-	krb5_storage_free(sp);
-	close(fd);
-	if(ret < 0)
-	    return errno;
-	return ENOTTY;
-    }
-    krb5_storage_free(sp);
-    close (fd);
-    return 0;
-}
-
-const krb5_kt_ops krb5_akf_ops = {
-    "AFSKEYFILE",
-    akf_resolve,
-    akf_get_name,
-    akf_close,
-    NULL, /* get */
-    akf_start_seq_get,
-    akf_next_entry,
-    akf_end_seq_get,
-    akf_add_entry,
-    NULL /* remove */
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c
deleted file mode 100644
index 2405f8256ae7..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_krb4.c
+++ /dev/null
@@ -1,427 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_krb4.c,v 1.10 2002/04/18 14:04:46 joda Exp $");
-
-struct krb4_kt_data {
-    char *filename;
-};
-
-static krb5_error_code
-krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct krb4_kt_data *d;
-
-    d = malloc (sizeof(*d));
-    if (d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->filename = strdup (name);
-    if (d->filename == NULL) {
-	free(d);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_get_name (krb5_context context,
-		  krb5_keytab id,
-		  char *name,
-		  size_t name_sz)
-{
-    struct krb4_kt_data *d = id->data;
-
-    strlcpy (name, d->filename, name_sz);
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_close (krb5_context context,
-	       krb5_keytab id)
-{
-    struct krb4_kt_data *d = id->data;
-
-    free (d->filename);
-    free (d);
-    return 0;
-}
-
-struct krb4_cursor_extra_data {
-    krb5_keytab_entry entry;
-    int num;
-};
-
-static int
-open_flock(const char *filename, int flags, int mode)
-{
-    int lock_mode;
-    int tries = 0;
-    int fd = open(filename, flags, mode);
-    if(fd < 0)
-	return fd;
-    if((flags & O_ACCMODE) == O_RDONLY)
-	lock_mode = LOCK_SH | LOCK_NB;
-    else
-	lock_mode = LOCK_EX | LOCK_NB;
-    while(flock(fd, lock_mode) < 0) {
-	if(++tries < 5) {
-	    sleep(1);
-	} else {
-	    close(fd);
-	    return -1;
-	}
-    }
-    return fd;
-}
-
-
-
-static krb5_error_code
-krb4_kt_start_seq_get_int (krb5_context context,
-			   krb5_keytab id,
-			   int flags,
-			   krb5_kt_cursor *c)
-{
-    struct krb4_kt_data *d = id->data;
-    struct krb4_cursor_extra_data *ed;
-    int ret;
-
-    ed = malloc (sizeof(*ed));
-    if (ed == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ed->entry.principal = NULL;
-    ed->num = -1;
-    c->data = ed;
-    c->fd = open_flock (d->filename, flags, 0);
-    if (c->fd < 0) {
-	ret = errno;
-	free (ed);
-	krb5_set_error_string(context, "open(%s): %s", d->filename,
-			      strerror(ret));
-	return ret;
-    }
-    c->sp = krb5_storage_from_fd(c->fd);
-    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_start_seq_get (krb5_context context,
-		       krb5_keytab id,
-		       krb5_kt_cursor *c)
-{
-    return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c);
-}
-
-static krb5_error_code
-read_v4_entry (krb5_context context,
-	       struct krb4_kt_data *d,
-	       krb5_kt_cursor *c,
-	       struct krb4_cursor_extra_data *ed)
-{
-    krb5_error_code ret;
-    char *service, *instance, *realm;
-    int8_t kvno;
-    des_cblock key;
-
-    ret = krb5_ret_stringz(c->sp, &service);
-    if (ret)
-	return ret;
-    ret = krb5_ret_stringz(c->sp, &instance);
-    if (ret) {
-	free (service);
-	return ret;
-    }
-    ret = krb5_ret_stringz(c->sp, &realm);
-    if (ret) {
-	free (service);
-	free (instance);
-	return ret;
-    }
-    ret = krb5_425_conv_principal (context, service, instance, realm,
-				   &ed->entry.principal);
-    free (service);
-    free (instance);
-    free (realm);
-    if (ret)
-	return ret;
-    ret = krb5_ret_int8(c->sp, &kvno);
-    if (ret) {
-	krb5_free_principal (context, ed->entry.principal);
-	return ret;
-    }
-    ret = krb5_storage_read(c->sp, key, 8);
-    if (ret < 0) {
-	krb5_free_principal(context, ed->entry.principal);
-	return ret;
-    }
-    if (ret < 8) {
-	krb5_free_principal(context, ed->entry.principal);
-	return EINVAL;
-    }
-    ed->entry.vno = kvno;
-    ret = krb5_data_copy (&ed->entry.keyblock.keyvalue,
-			  key, 8);
-    if (ret)
-	return ret;
-    ed->entry.timestamp = time(NULL);
-    ed->num = 0;
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_next_entry (krb5_context context,
-		    krb5_keytab id,
-		    krb5_keytab_entry *entry,
-		    krb5_kt_cursor *c)
-{
-    krb5_error_code ret;
-    struct krb4_kt_data *d = id->data;
-    struct krb4_cursor_extra_data *ed = c->data;
-    const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5,
-				     ETYPE_DES_CBC_MD4,
-				     ETYPE_DES_CBC_CRC};
-
-    if (ed->num == -1) {
-	ret = read_v4_entry (context, d, c, ed);
-	if (ret)
-	    return ret;
-    }
-    ret = krb5_kt_copy_entry_contents (context,
-				       &ed->entry,
-				       entry);
-    if (ret)
-	return ret;
-    entry->keyblock.keytype = keytypes[ed->num];
-    if (++ed->num == 3) {
-	krb5_kt_free_entry (context, &ed->entry);
-	ed->num = -1;
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_end_seq_get (krb5_context context,
-		     krb5_keytab id,
-		     krb5_kt_cursor *c)
-{
-    struct krb4_cursor_extra_data *ed = c->data;
-
-    krb5_storage_free (c->sp);
-    if (ed->num != -1)
-	krb5_kt_free_entry (context, &ed->entry);
-    free (c->data);
-    close (c->fd);
-    return 0;
-}
-
-static krb5_error_code
-krb4_store_keytab_entry(krb5_context context, 
-			krb5_keytab_entry *entry, 
-			krb5_storage *sp)
-{
-    krb5_error_code ret;
-#define ANAME_SZ 40
-#define INST_SZ 40
-#define REALM_SZ 40
-    char service[ANAME_SZ];
-    char instance[INST_SZ];
-    char realm[REALM_SZ];
-    ret = krb5_524_conv_principal (context, entry->principal,
-				   service, instance, realm);
-    if (ret)
-	return ret;
-    if (entry->keyblock.keyvalue.length == 8
-	&& entry->keyblock.keytype == ETYPE_DES_CBC_MD5) {
-	ret = krb5_store_stringz(sp, service);
-	ret = krb5_store_stringz(sp, instance);
-	ret = krb5_store_stringz(sp, realm);
-	ret = krb5_store_int8(sp, entry->vno);
-	ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8);
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb4_kt_add_entry (krb5_context context,
-		   krb5_keytab id,
-		   krb5_keytab_entry *entry)
-{
-    struct krb4_kt_data *d = id->data;
-    krb5_storage *sp;
-    krb5_error_code ret;
-    int fd;
-
-    fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0);
-    if (fd < 0) {
-	fd = open_flock (d->filename,
-		   O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
-	if (fd < 0) {
-	    ret = errno;
-	    krb5_set_error_string(context, "open(%s): %s", d->filename,
-				  strerror(ret));
-	    return ret;
-	}
-    }
-    sp = krb5_storage_from_fd(fd);
-    krb5_storage_set_eof_code(sp, KRB5_KT_END);
-    if(sp == NULL) {
-	close(fd);
-	return ENOMEM;
-    }
-    ret = krb4_store_keytab_entry(context, entry, sp);
-    krb5_storage_free(sp);
-    if(close (fd) < 0)
-	return errno;
-    return ret;
-}
-
-static krb5_error_code
-krb4_kt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct krb4_kt_data *d = id->data;
-    krb5_error_code ret;
-    krb5_keytab_entry e;
-    krb5_kt_cursor cursor;
-    krb5_storage *sp;
-    int remove_flag = 0;
-    
-    sp = krb5_storage_emem();
-    ret = krb5_kt_start_seq_get(context, id, &cursor);
-    while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) {
-	if(!krb5_kt_compare(context, &e, entry->principal, 
-			    entry->vno, entry->keyblock.keytype)) {
-	    ret = krb4_store_keytab_entry(context, &e, sp);
-	    if(ret) {
-		krb5_storage_free(sp);
-		return ret;
-	    }
-	} else
-	    remove_flag = 1;
-    }
-    krb5_kt_end_seq_get(context, id, &cursor);
-    if(remove_flag) {
-	int fd;
-	unsigned char buf[1024];
-	ssize_t n;
-	krb5_data data;
-	struct stat st;
-
-	krb5_storage_to_data(sp, &data);
-	krb5_storage_free(sp);
-
-	fd = open_flock (d->filename, O_RDWR | O_BINARY, 0);
-	if(fd < 0) {
-	    memset(data.data, 0, data.length);
-	    krb5_data_free(&data);
-	    if(errno == EACCES || errno == EROFS) 
-		return KRB5_KT_NOWRITE;
-	    return errno;
-	}
-
-	if(write(fd, data.data, data.length) != data.length) {
-	    memset(data.data, 0, data.length);
-	    close(fd);
-	    krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
-	    return errno;
-	}
-	memset(data.data, 0, data.length);
-	if(fstat(fd, &st) < 0) {
-	    close(fd);
-	    krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename);
-	    return errno;
-	}
-	st.st_size -= data.length;
-	memset(buf, 0, sizeof(buf));
-	while(st.st_size > 0) {
-	    n = min(st.st_size, sizeof(buf));
-	    n = write(fd, buf, n);
-	    if(n <= 0) {
-		close(fd);
-		krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
-		return errno;
-		
-	    }
-	    st.st_size -= n;
-	}
-	if(ftruncate(fd, data.length) < 0) {
-	    close(fd);
-	    krb5_set_error_string(context, "failed truncating \"%s\"", d->filename);
-	    return errno;
-	}
-	krb5_data_free(&data);
-	if(close(fd) < 0) {
-	    krb5_set_error_string(context, "error closing \"%s\"", d->filename);
-	    return errno;
-	}
-	return 0;
-    } else
-	return KRB5_KT_NOTFOUND;
-}
-
-
-const krb5_kt_ops krb4_fkt_ops = {
-    "krb4",
-    krb4_kt_resolve,
-    krb4_kt_get_name,
-    krb4_kt_close,
-    NULL,			/* get */
-    krb4_kt_start_seq_get,
-    krb4_kt_next_entry,
-    krb4_kt_end_seq_get,
-    krb4_kt_add_entry,		/* add_entry */
-    krb4_kt_remove_entry	/* remove_entry */
-};
-
-const krb5_kt_ops krb5_srvtab_fkt_ops = {
-    "SRVTAB",
-    krb4_kt_resolve,
-    krb4_kt_get_name,
-    krb4_kt_close,
-    NULL,			/* get */
-    krb4_kt_start_seq_get,
-    krb4_kt_next_entry,
-    krb4_kt_end_seq_get,
-    krb4_kt_add_entry,		/* add_entry */
-    krb4_kt_remove_entry	/* remove_entry */
-};
diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c
deleted file mode 100644
index cde894335f60..000000000000
--- a/crypto/heimdal/lib/krb5/keytab_memory.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: keytab_memory.c,v 1.5 2001/05/14 06:14:49 assar Exp $");
-
-/* memory operations -------------------------------------------- */
-
-struct mkt_data {
-    krb5_keytab_entry *entries;
-    int num_entries;
-};
-
-static krb5_error_code
-mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
-{
-    struct mkt_data *d;
-    d = malloc(sizeof(*d));
-    if(d == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->entries = NULL;
-    d->num_entries = 0;
-    id->data = d;
-    return 0;
-}
-
-static krb5_error_code
-mkt_close(krb5_context context, krb5_keytab id)
-{
-    struct mkt_data *d = id->data;
-    int i;
-    for(i = 0; i < d->num_entries; i++)
-	krb5_kt_free_entry(context, &d->entries[i]);
-    free(d->entries);
-    free(d);
-    return 0;
-}
-
-static krb5_error_code 
-mkt_get_name(krb5_context context, 
-	     krb5_keytab id, 
-	     char *name, 
-	     size_t namesize)
-{
-    strlcpy(name, "", namesize);
-    return 0;
-}
-
-static krb5_error_code
-mkt_start_seq_get(krb5_context context, 
-		  krb5_keytab id, 
-		  krb5_kt_cursor *c)
-{
-    /* XXX */
-    c->fd = 0;
-    return 0;
-}
-
-static krb5_error_code
-mkt_next_entry(krb5_context context, 
-	       krb5_keytab id, 
-	       krb5_keytab_entry *entry, 
-	       krb5_kt_cursor *c)
-{
-    struct mkt_data *d = id->data;
-    if(c->fd >= d->num_entries)
-	return KRB5_KT_END;
-    return krb5_kt_copy_entry_contents(context, &d->entries[c->fd++], entry);
-}
-
-static krb5_error_code
-mkt_end_seq_get(krb5_context context, 
-		krb5_keytab id,
-		krb5_kt_cursor *cursor)
-{
-    return 0;
-}
-
-static krb5_error_code
-mkt_add_entry(krb5_context context,
-	      krb5_keytab id,
-	      krb5_keytab_entry *entry)
-{
-    struct mkt_data *d = id->data;
-    krb5_keytab_entry *tmp;
-    tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    d->entries = tmp;
-    return krb5_kt_copy_entry_contents(context, entry, 
-				       &d->entries[d->num_entries++]);
-}
-
-static krb5_error_code
-mkt_remove_entry(krb5_context context,
-		 krb5_keytab id,
-		 krb5_keytab_entry *entry)
-{
-    struct mkt_data *d = id->data;
-    krb5_keytab_entry *e, *end;
-    
-    /* do this backwards to minimize copying */
-    for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) {
-	if(krb5_kt_compare(context, e, entry->principal, 
-			   entry->vno, entry->keyblock.keytype)) {
-	    krb5_kt_free_entry(context, e);
-	    memmove(e, e + 1, (end - e - 1) * sizeof(*e));
-	    memset(end - 1, 0, sizeof(*end));
-	    d->num_entries--;
-	    end--;
-	}
-    }
-    e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
-    if(e != NULL)
-	d->entries = e;
-    return 0;
-}
-
-const krb5_kt_ops krb5_mkt_ops = {
-    "MEMORY",
-    mkt_resolve,
-    mkt_get_name,
-    mkt_close,
-    NULL, /* get */
-    mkt_start_seq_get,
-    mkt_next_entry,
-    mkt_end_seq_get,
-    mkt_add_entry,
-    mkt_remove_entry
-};
diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h
deleted file mode 100644
index b2471317e333..000000000000
--- a/crypto/heimdal/lib/krb5/krb5-private.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* This is a generated file */
-#ifndef __krb5_private_h__
-#define __krb5_private_h__
-
-#include <stdarg.h>
-
-void
-_krb5_aes_cts_encrypt (
-	const unsigned char */*in*/,
-	unsigned char */*out*/,
-	size_t /*len*/,
-	const void */*aes_key*/,
-	unsigned char */*ivec*/,
-	const int /*enc*/);
-
-void
-_krb5_crc_init_table (void);
-
-u_int32_t
-_krb5_crc_update (
-	const char */*p*/,
-	size_t /*len*/,
-	u_int32_t /*res*/);
-
-int
-_krb5_extract_ticket (
-	krb5_context /*context*/,
-	krb5_kdc_rep */*rep*/,
-	krb5_creds */*creds*/,
-	krb5_keyblock */*key*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_key_usage /*key_usage*/,
-	krb5_addresses */*addrs*/,
-	unsigned /*nonce*/,
-	krb5_boolean /*allow_server_mismatch*/,
-	krb5_boolean /*ignore_cname*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/);
-
-krb5_ssize_t
-_krb5_get_int (
-	void */*buffer*/,
-	unsigned long */*value*/,
-	size_t /*size*/);
-
-time_t
-_krb5_krb_life_to_time (
-	int /*start*/,
-	int /*life_*/);
-
-int
-_krb5_krb_time_to_life (
-	time_t /*start*/,
-	time_t /*end*/);
-
-void
-_krb5_n_fold (
-	const void */*str*/,
-	size_t /*len*/,
-	void */*key*/,
-	size_t /*size*/);
-
-krb5_ssize_t
-_krb5_put_int (
-	void */*buffer*/,
-	unsigned long /*value*/,
-	size_t /*size*/);
-
-#endif /* __krb5_private_h__ */
diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h
deleted file mode 100644
index 22fc669688a1..000000000000
--- a/crypto/heimdal/lib/krb5/krb5-protos.h
+++ /dev/null
@@ -1,2947 +0,0 @@
-/* This is a generated file */
-#ifndef __krb5_protos_h__
-#define __krb5_protos_h__
-
-#include <stdarg.h>
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-krb5_error_code
-krb524_convert_creds_kdc (
-	krb5_context /*context*/,
-	krb5_creds */*in_cred*/,
-	struct credentials */*v4creds*/);
-
-krb5_error_code
-krb524_convert_creds_kdc_ccache (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_cred*/,
-	struct credentials */*v4creds*/);
-
-krb5_error_code
-krb5_425_conv_principal (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code
-krb5_425_conv_principal_ext (
-	krb5_context /*context*/,
-	const char */*name*/,
-	const char */*instance*/,
-	const char */*realm*/,
-	krb5_boolean (*/*func*/)(krb5_context, krb5_principal),
-	krb5_boolean /*resolve*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code
-krb5_524_conv_principal (
-	krb5_context /*context*/,
-	const krb5_principal /*principal*/,
-	char */*name*/,
-	char */*instance*/,
-	char */*realm*/);
-
-krb5_error_code
-krb5_PKCS5_PBKDF2 (
-	krb5_context /*context*/,
-	krb5_cksumtype /*cktype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	u_int32_t /*iter*/,
-	krb5_keytype /*type*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_abort (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-krb5_error_code
-krb5_abortx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 2, 3)));
-
-krb5_error_code
-krb5_acl_match_file (
-	krb5_context /*context*/,
-	const char */*file*/,
-	const char */*format*/,
-	...);
-
-krb5_error_code
-krb5_acl_match_string (
-	krb5_context /*context*/,
-	const char */*string*/,
-	const char */*format*/,
-	...);
-
-krb5_error_code
-krb5_add_et_list (
-	krb5_context /*context*/,
-	void (*/*func*/)(struct et_list **));
-
-krb5_error_code
-krb5_add_extra_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code
-krb5_add_ignore_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code
-krb5_addlog_dest (
-	krb5_context /*context*/,
-	krb5_log_facility */*f*/,
-	const char */*orig*/);
-
-krb5_error_code
-krb5_addlog_func (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*min*/,
-	int /*max*/,
-	krb5_log_log_func_t /*log*/,
-	krb5_log_close_func_t /*close*/,
-	void */*data*/);
-
-krb5_error_code
-krb5_addr2sockaddr (
-	krb5_context /*context*/,
-	const krb5_address */*addr*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-krb5_boolean
-krb5_address_compare (
-	krb5_context /*context*/,
-	const krb5_address */*addr1*/,
-	const krb5_address */*addr2*/);
-
-int
-krb5_address_order (
-	krb5_context /*context*/,
-	const krb5_address */*addr1*/,
-	const krb5_address */*addr2*/);
-
-krb5_boolean
-krb5_address_search (
-	krb5_context /*context*/,
-	const krb5_address */*addr*/,
-	const krb5_addresses */*addrlist*/);
-
-krb5_error_code
-krb5_aname_to_localname (
-	krb5_context /*context*/,
-	krb5_const_principal /*aname*/,
-	size_t /*lnsize*/,
-	char */*lname*/);
-
-krb5_error_code
-krb5_anyaddr (
-	krb5_context /*context*/,
-	int /*af*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-void
-krb5_appdefault_boolean (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	krb5_boolean /*def_val*/,
-	krb5_boolean */*ret_val*/);
-
-void
-krb5_appdefault_string (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	const char */*def_val*/,
-	char **/*ret_val*/);
-
-void
-krb5_appdefault_time (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	const char */*option*/,
-	time_t /*def_val*/,
-	time_t */*ret_val*/);
-
-krb5_error_code
-krb5_append_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*dest*/,
-	const krb5_addresses */*source*/);
-
-krb5_error_code
-krb5_auth_con_free (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/);
-
-krb5_error_code
-krb5_auth_con_genaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int /*fd*/,
-	int /*flags*/);
-
-krb5_error_code
-krb5_auth_con_generatelocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_auth_con_getaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_address **/*local_addr*/,
-	krb5_address **/*remote_addr*/);
-
-krb5_error_code
-krb5_auth_con_getauthenticator (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_authenticator */*authenticator*/);
-
-krb5_error_code
-krb5_auth_con_getcksumtype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_cksumtype */*cksumtype*/);
-
-krb5_error_code
-krb5_auth_con_getflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*flags*/);
-
-krb5_error_code
-krb5_auth_con_getkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code
-krb5_auth_con_getkeytype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code
-krb5_auth_con_getlocalseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*seqnumber*/);
-
-krb5_error_code
-krb5_auth_con_getlocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code
-krb5_auth_con_getrcache (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_rcache */*rcache*/);
-
-krb5_error_code
-krb5_auth_con_getremotesubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock **/*keyblock*/);
-
-krb5_error_code
-krb5_auth_con_init (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/);
-
-krb5_error_code
-krb5_auth_con_setaddrs (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_address */*local_addr*/,
-	krb5_address */*remote_addr*/);
-
-krb5_error_code
-krb5_auth_con_setaddrs_from_fd (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	void */*p_fd*/);
-
-krb5_error_code
-krb5_auth_con_setcksumtype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_cksumtype /*cksumtype*/);
-
-krb5_error_code
-krb5_auth_con_setflags (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*flags*/);
-
-krb5_error_code
-krb5_auth_con_setkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code
-krb5_auth_con_setkeytype (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keytype /*keytype*/);
-
-krb5_error_code
-krb5_auth_con_setlocalseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*seqnumber*/);
-
-krb5_error_code
-krb5_auth_con_setlocalsubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code
-krb5_auth_con_setrcache (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_rcache /*rcache*/);
-
-krb5_error_code
-krb5_auth_con_setremoteseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t /*seqnumber*/);
-
-krb5_error_code
-krb5_auth_con_setremotesubkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code
-krb5_auth_con_setuserkey (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code
-krb5_auth_getremoteseqnumber (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	int32_t */*seqnumber*/);
-
-krb5_error_code
-krb5_build_ap_req (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_creds */*cred*/,
-	krb5_flags /*ap_options*/,
-	krb5_data /*authenticator*/,
-	krb5_data */*retdata*/);
-
-krb5_error_code
-krb5_build_authenticator (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_enctype /*enctype*/,
-	krb5_creds */*cred*/,
-	Checksum */*cksum*/,
-	Authenticator **/*auth_result*/,
-	krb5_data */*result*/,
-	krb5_key_usage /*usage*/);
-
-krb5_error_code
-krb5_build_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-krb5_error_code
-krb5_build_principal_ext (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-krb5_error_code
-krb5_build_principal_va (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	va_list /*ap*/);
-
-krb5_error_code
-krb5_build_principal_va_ext (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	int /*rlen*/,
-	krb5_const_realm /*realm*/,
-	va_list /*ap*/);
-
-krb5_error_code
-krb5_cc_close (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code
-krb5_cc_copy_cache (
-	krb5_context /*context*/,
-	const krb5_ccache /*from*/,
-	krb5_ccache /*to*/);
-
-krb5_error_code
-krb5_cc_default (
-	krb5_context /*context*/,
-	krb5_ccache */*id*/);
-
-const char*
-krb5_cc_default_name (krb5_context /*context*/);
-
-krb5_error_code
-krb5_cc_destroy (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code
-krb5_cc_end_seq_get (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/);
-
-krb5_error_code
-krb5_cc_gen_new (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_ccache */*id*/);
-
-const char*
-krb5_cc_get_name (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-const krb5_cc_ops *
-krb5_cc_get_ops (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code
-krb5_cc_get_principal (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal */*principal*/);
-
-const char*
-krb5_cc_get_type (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/);
-
-krb5_error_code
-krb5_cc_get_version (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/);
-
-krb5_error_code
-krb5_cc_initialize (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_principal /*primary_principal*/);
-
-krb5_error_code
-krb5_cc_next_cred (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_cc_register (
-	krb5_context /*context*/,
-	const krb5_cc_ops */*ops*/,
-	krb5_boolean /*override*/);
-
-krb5_error_code
-krb5_cc_remove_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*which*/,
-	krb5_creds */*cred*/);
-
-krb5_error_code
-krb5_cc_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_ccache */*id*/);
-
-krb5_error_code
-krb5_cc_retrieve_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_cc_set_default_name (
-	krb5_context /*context*/,
-	const char */*name*/);
-
-krb5_error_code
-krb5_cc_set_flags (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code
-krb5_cc_start_seq_get (
-	krb5_context /*context*/,
-	const krb5_ccache /*id*/,
-	krb5_cc_cursor */*cursor*/);
-
-krb5_error_code
-krb5_cc_store_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_change_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	char */*newpw*/,
-	int */*result_code*/,
-	krb5_data */*result_code_string*/,
-	krb5_data */*result_string*/);
-
-krb5_error_code
-krb5_check_transited_realms (
-	krb5_context /*context*/,
-	const char *const */*realms*/,
-	int /*num_realms*/,
-	int */*bad_realm*/);
-
-krb5_boolean
-krb5_checksum_is_collision_proof (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-krb5_boolean
-krb5_checksum_is_keyed (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/);
-
-krb5_error_code
-krb5_checksumsize (
-	krb5_context /*context*/,
-	krb5_cksumtype /*type*/,
-	size_t */*size*/);
-
-void
-krb5_clear_error_string (krb5_context /*context*/);
-
-krb5_error_code
-krb5_closelog (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/);
-
-krb5_boolean
-krb5_compare_creds (
-	krb5_context /*context*/,
-	krb5_flags /*whichfields*/,
-	const krb5_creds */*mcreds*/,
-	const krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_config_file_free (
-	krb5_context /*context*/,
-	krb5_config_section */*s*/);
-
-void
-krb5_config_free_strings (char **/*strings*/);
-
-const void *
-krb5_config_get (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*type*/,
-	...);
-
-krb5_boolean
-krb5_config_get_bool (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-krb5_boolean
-krb5_config_get_bool_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	krb5_boolean /*def_value*/,
-	...);
-
-int
-krb5_config_get_int (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int
-krb5_config_get_int_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	...);
-
-const krb5_config_binding *
-krb5_config_get_list (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-const void *
-krb5_config_get_next (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const krb5_config_binding **/*pointer*/,
-	int /*type*/,
-	...);
-
-const char *
-krb5_config_get_string (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-const char *
-krb5_config_get_string_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const char */*def_value*/,
-	...);
-
-char**
-krb5_config_get_strings (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int
-krb5_config_get_time (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	...);
-
-int
-krb5_config_get_time_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	...);
-
-krb5_error_code
-krb5_config_parse_file (
-	krb5_context /*context*/,
-	const char */*fname*/,
-	krb5_config_section **/*res*/);
-
-krb5_error_code
-krb5_config_parse_file_multi (
-	krb5_context /*context*/,
-	const char */*fname*/,
-	krb5_config_section **/*res*/);
-
-const void *
-krb5_config_vget (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*type*/,
-	va_list /*args*/);
-
-krb5_boolean
-krb5_config_vget_bool (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-krb5_boolean
-krb5_config_vget_bool_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	krb5_boolean /*def_value*/,
-	va_list /*args*/);
-
-int
-krb5_config_vget_int (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int
-krb5_config_vget_int_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	va_list /*args*/);
-
-const krb5_config_binding *
-krb5_config_vget_list (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-const void *
-krb5_config_vget_next (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const krb5_config_binding **/*pointer*/,
-	int /*type*/,
-	va_list /*args*/);
-
-const char *
-krb5_config_vget_string (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-const char *
-krb5_config_vget_string_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	const char */*def_value*/,
-	va_list /*args*/);
-
-char **
-krb5_config_vget_strings (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int
-krb5_config_vget_time (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	va_list /*args*/);
-
-int
-krb5_config_vget_time_default (
-	krb5_context /*context*/,
-	const krb5_config_section */*c*/,
-	int /*def_value*/,
-	va_list /*args*/);
-
-krb5_error_code
-krb5_copy_address (
-	krb5_context /*context*/,
-	const krb5_address */*inaddr*/,
-	krb5_address */*outaddr*/);
-
-krb5_error_code
-krb5_copy_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*inaddr*/,
-	krb5_addresses */*outaddr*/);
-
-krb5_error_code
-krb5_copy_creds (
-	krb5_context /*context*/,
-	const krb5_creds */*incred*/,
-	krb5_creds **/*outcred*/);
-
-krb5_error_code
-krb5_copy_creds_contents (
-	krb5_context /*context*/,
-	const krb5_creds */*incred*/,
-	krb5_creds */*c*/);
-
-krb5_error_code
-krb5_copy_data (
-	krb5_context /*context*/,
-	const krb5_data */*indata*/,
-	krb5_data **/*outdata*/);
-
-krb5_error_code
-krb5_copy_host_realm (
-	krb5_context /*context*/,
-	const krb5_realm */*from*/,
-	krb5_realm **/*to*/);
-
-krb5_error_code
-krb5_copy_keyblock (
-	krb5_context /*context*/,
-	const krb5_keyblock */*inblock*/,
-	krb5_keyblock **/*to*/);
-
-krb5_error_code
-krb5_copy_keyblock_contents (
-	krb5_context /*context*/,
-	const krb5_keyblock */*inblock*/,
-	krb5_keyblock */*to*/);
-
-krb5_error_code
-krb5_copy_principal (
-	krb5_context /*context*/,
-	krb5_const_principal /*inprinc*/,
-	krb5_principal */*outprinc*/);
-
-krb5_error_code
-krb5_copy_ticket (
-	krb5_context /*context*/,
-	const krb5_ticket */*from*/,
-	krb5_ticket **/*to*/);
-
-krb5_error_code
-krb5_create_checksum (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_key_usage /*usage*/,
-	int /*type*/,
-	void */*data*/,
-	size_t /*len*/,
-	Checksum */*result*/);
-
-krb5_error_code
-krb5_crypto_destroy (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/);
-
-krb5_error_code
-krb5_crypto_getblocksize (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t */*blocksize*/);
-
-krb5_error_code
-krb5_crypto_init (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	krb5_crypto */*crypto*/);
-
-krb5_error_code
-krb5_data_alloc (
-	krb5_data */*p*/,
-	int /*len*/);
-
-krb5_error_code
-krb5_data_copy (
-	krb5_data */*p*/,
-	const void */*data*/,
-	size_t /*len*/);
-
-void
-krb5_data_free (krb5_data */*p*/);
-
-krb5_error_code
-krb5_data_realloc (
-	krb5_data */*p*/,
-	int /*len*/);
-
-void
-krb5_data_zero (krb5_data */*p*/);
-
-krb5_error_code
-krb5_decode_Authenticator (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	Authenticator */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_ETYPE_INFO (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_EncAPRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncAPRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_EncASRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncASRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_EncKrbCredPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncKrbCredPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_EncTGSRepPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncTGSRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_EncTicketPart (
-	krb5_context /*context*/,
-	const void */*data*/,
-	size_t /*length*/,
-	EncTicketPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_decode_ap_req (
-	krb5_context /*context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_req */*ap_req*/);
-
-krb5_error_code
-krb5_decrypt (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/);
-
-krb5_error_code
-krb5_decrypt_EncryptedData (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	const EncryptedData */*e*/,
-	krb5_data */*result*/);
-
-krb5_error_code
-krb5_decrypt_ivec (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/,
-	void */*ivec*/);
-
-krb5_error_code
-krb5_decrypt_ticket (
-	krb5_context /*context*/,
-	Ticket */*ticket*/,
-	krb5_keyblock */*key*/,
-	EncTicketPart */*out*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code
-krb5_derive_key (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_enctype /*etype*/,
-	const void */*constant*/,
-	size_t /*constant_len*/,
-	krb5_keyblock **/*derived_key*/);
-
-krb5_error_code
-krb5_domain_x500_decode (
-	krb5_context /*context*/,
-	krb5_data /*tr*/,
-	char ***/*realms*/,
-	int */*num_realms*/,
-	const char */*client_realm*/,
-	const char */*server_realm*/);
-
-krb5_error_code
-krb5_domain_x500_encode (
-	char **/*realms*/,
-	int /*num_realms*/,
-	krb5_data */*encoding*/);
-
-krb5_error_code
-krb5_eai_to_heim_errno (
-	int /*eai_errno*/,
-	int /*system_error*/);
-
-krb5_error_code
-krb5_encode_Authenticator (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	Authenticator */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encode_ETYPE_INFO (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	ETYPE_INFO */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encode_EncAPRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncAPRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encode_EncASRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncASRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encode_EncKrbCredPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncKrbCredPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encode_EncTGSRepPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncTGSRepPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encode_EncTicketPart (
-	krb5_context /*context*/,
-	void */*data*/,
-	size_t /*length*/,
-	EncTicketPart */*t*/,
-	size_t */*len*/);
-
-krb5_error_code
-krb5_encrypt (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/);
-
-krb5_error_code
-krb5_encrypt_EncryptedData (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	int /*kvno*/,
-	EncryptedData */*result*/);
-
-krb5_error_code
-krb5_encrypt_ivec (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	unsigned /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	krb5_data */*result*/,
-	void */*ivec*/);
-
-krb5_error_code
-krb5_enctype_keysize (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	size_t */*keysize*/);
-
-krb5_error_code
-krb5_enctype_to_keytype (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code
-krb5_enctype_to_string (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	char **/*string*/);
-
-krb5_error_code
-krb5_enctype_valid (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/);
-
-krb5_boolean
-krb5_enctypes_compatible_keys (
-	krb5_context /*context*/,
-	krb5_enctype /*etype1*/,
-	krb5_enctype /*etype2*/);
-
-krb5_error_code
-krb5_err (
-	krb5_context /*context*/,
-	int /*eval*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 4, 5)));
-
-krb5_error_code
-krb5_error_from_rd_error (
-	krb5_context /*context*/,
-	const krb5_error */*error*/,
-	const krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_errx (
-	krb5_context /*context*/,
-	int /*eval*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((noreturn, format (printf, 3, 4)));
-
-krb5_error_code
-krb5_expand_hostname (
-	krb5_context /*context*/,
-	const char */*orig_hostname*/,
-	char **/*new_hostname*/);
-
-krb5_error_code
-krb5_expand_hostname_realms (
-	krb5_context /*context*/,
-	const char */*orig_hostname*/,
-	char **/*new_hostname*/,
-	char ***/*realms*/);
-
-PA_DATA *
-krb5_find_padata (
-	PA_DATA */*val*/,
-	unsigned /*len*/,
-	int /*type*/,
-	int */*index*/);
-
-krb5_error_code
-krb5_format_time (
-	krb5_context /*context*/,
-	time_t /*t*/,
-	char */*s*/,
-	size_t /*len*/,
-	krb5_boolean /*include_time*/);
-
-krb5_error_code
-krb5_free_address (
-	krb5_context /*context*/,
-	krb5_address */*address*/);
-
-krb5_error_code
-krb5_free_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-void
-krb5_free_ap_rep_enc_part (
-	krb5_context /*context*/,
-	krb5_ap_rep_enc_part */*val*/);
-
-void
-krb5_free_authenticator (
-	krb5_context /*context*/,
-	krb5_authenticator */*authenticator*/);
-
-void
-krb5_free_config_files (char **/*filenames*/);
-
-void
-krb5_free_context (krb5_context /*context*/);
-
-krb5_error_code
-krb5_free_cred_contents (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-krb5_error_code
-krb5_free_creds (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-krb5_error_code
-krb5_free_creds_contents (
-	krb5_context /*context*/,
-	krb5_creds */*c*/);
-
-void
-krb5_free_data (
-	krb5_context /*context*/,
-	krb5_data */*p*/);
-
-void
-krb5_free_data_contents (
-	krb5_context /*context*/,
-	krb5_data */*data*/);
-
-void
-krb5_free_error (
-	krb5_context /*context*/,
-	krb5_error */*error*/);
-
-void
-krb5_free_error_contents (
-	krb5_context /*context*/,
-	krb5_error */*error*/);
-
-void
-krb5_free_error_string (
-	krb5_context /*context*/,
-	char */*str*/);
-
-krb5_error_code
-krb5_free_host_realm (
-	krb5_context /*context*/,
-	krb5_realm */*realmlist*/);
-
-krb5_error_code
-krb5_free_kdc_rep (
-	krb5_context /*context*/,
-	krb5_kdc_rep */*rep*/);
-
-void
-krb5_free_keyblock (
-	krb5_context /*context*/,
-	krb5_keyblock */*keyblock*/);
-
-void
-krb5_free_keyblock_contents (
-	krb5_context /*context*/,
-	krb5_keyblock */*keyblock*/);
-
-krb5_error_code
-krb5_free_krbhst (
-	krb5_context /*context*/,
-	char **/*hostlist*/);
-
-void
-krb5_free_principal (
-	krb5_context /*context*/,
-	krb5_principal /*p*/);
-
-krb5_error_code
-krb5_free_salt (
-	krb5_context /*context*/,
-	krb5_salt /*salt*/);
-
-krb5_error_code
-krb5_free_ticket (
-	krb5_context /*context*/,
-	krb5_ticket */*ticket*/);
-
-krb5_error_code
-krb5_fwd_tgt_creds (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const char */*hostname*/,
-	krb5_principal /*client*/,
-	krb5_principal /*server*/,
-	krb5_ccache /*ccache*/,
-	int /*forwardable*/,
-	krb5_data */*out_data*/);
-
-void
-krb5_generate_random_block (
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_generate_random_keyblock (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_generate_seq_number (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	u_int32_t */*seqno*/);
-
-krb5_error_code
-krb5_generate_subkey (
-	krb5_context /*context*/,
-	const krb5_keyblock */*key*/,
-	krb5_keyblock **/*subkey*/);
-
-krb5_error_code
-krb5_get_all_client_addrs (
-	krb5_context /*context*/,
-	krb5_addresses */*res*/);
-
-krb5_error_code
-krb5_get_all_server_addrs (
-	krb5_context /*context*/,
-	krb5_addresses */*res*/);
-
-krb5_error_code
-krb5_get_cred_from_kdc (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/,
-	krb5_creds ***/*ret_tgts*/);
-
-krb5_error_code
-krb5_get_cred_from_kdc_opt (
-	krb5_context /*context*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/,
-	krb5_creds ***/*ret_tgts*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code
-krb5_get_credentials (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code
-krb5_get_credentials_with_flags (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code
-krb5_get_default_config_files (char ***/*pfilenames*/);
-
-krb5_error_code
-krb5_get_default_in_tkt_etypes (
-	krb5_context /*context*/,
-	krb5_enctype **/*etypes*/);
-
-krb5_error_code
-krb5_get_default_principal (
-	krb5_context /*context*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code
-krb5_get_default_realm (
-	krb5_context /*context*/,
-	krb5_realm */*realm*/);
-
-krb5_error_code
-krb5_get_default_realms (
-	krb5_context /*context*/,
-	krb5_realm **/*realms*/);
-
-const char *
-krb5_get_err_text (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/);
-
-char*
-krb5_get_error_string (krb5_context /*context*/);
-
-krb5_error_code
-krb5_get_extra_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code
-krb5_get_fcache_version (
-	krb5_context /*context*/,
-	int */*version*/);
-
-krb5_error_code
-krb5_get_forwarded_creds (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_ccache /*ccache*/,
-	krb5_flags /*flags*/,
-	const char */*hostname*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*out_data*/);
-
-krb5_error_code
-krb5_get_host_realm (
-	krb5_context /*context*/,
-	const char */*host*/,
-	krb5_realm **/*realms*/);
-
-krb5_error_code
-krb5_get_host_realm_int (
-	krb5_context /*context*/,
-	const char */*host*/,
-	krb5_boolean /*use_dns*/,
-	krb5_realm **/*realms*/);
-
-krb5_error_code
-krb5_get_ignore_addresses (
-	krb5_context /*context*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code
-krb5_get_in_cred (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	const krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*ptypes*/,
-	const krb5_preauthdata */*preauth*/,
-	krb5_key_proc /*key_proc*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code
-krb5_get_in_tkt (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	const krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*ptypes*/,
-	krb5_key_proc /*key_proc*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_decrypt_proc /*decrypt_proc*/,
-	krb5_const_pointer /*decryptarg*/,
-	krb5_creds */*creds*/,
-	krb5_ccache /*ccache*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code
-krb5_get_in_tkt_with_keytab (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	krb5_keytab /*keytab*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code
-krb5_get_in_tkt_with_password (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	const char */*password*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code
-krb5_get_in_tkt_with_skey (
-	krb5_context /*context*/,
-	krb5_flags /*options*/,
-	krb5_addresses */*addrs*/,
-	const krb5_enctype */*etypes*/,
-	const krb5_preauthtype */*pre_auth_types*/,
-	const krb5_keyblock */*key*/,
-	krb5_ccache /*ccache*/,
-	krb5_creds */*creds*/,
-	krb5_kdc_rep */*ret_as_reply*/);
-
-krb5_error_code
-krb5_get_init_creds_keytab (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	krb5_keytab /*keytab*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-void
-krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/);
-
-void
-krb5_get_init_creds_opt_set_address_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_addresses */*addresses*/);
-
-void
-krb5_get_init_creds_opt_set_anonymous (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*anonymous*/);
-
-void
-krb5_get_init_creds_opt_set_default_flags (
-	krb5_context /*context*/,
-	const char */*appname*/,
-	krb5_const_realm /*realm*/,
-	krb5_get_init_creds_opt */*opt*/);
-
-void
-krb5_get_init_creds_opt_set_etype_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_enctype */*etype_list*/,
-	int /*etype_list_length*/);
-
-void
-krb5_get_init_creds_opt_set_forwardable (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*forwardable*/);
-
-void
-krb5_get_init_creds_opt_set_preauth_list (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_preauthtype */*preauth_list*/,
-	int /*preauth_list_length*/);
-
-void
-krb5_get_init_creds_opt_set_proxiable (
-	krb5_get_init_creds_opt */*opt*/,
-	int /*proxiable*/);
-
-void
-krb5_get_init_creds_opt_set_renew_life (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_deltat /*renew_life*/);
-
-void
-krb5_get_init_creds_opt_set_salt (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_data */*salt*/);
-
-void
-krb5_get_init_creds_opt_set_tkt_life (
-	krb5_get_init_creds_opt */*opt*/,
-	krb5_deltat /*tkt_life*/);
-
-krb5_error_code
-krb5_get_init_creds_password (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*client*/,
-	const char */*password*/,
-	krb5_prompter_fct /*prompter*/,
-	void */*data*/,
-	krb5_deltat /*start_time*/,
-	const char */*in_tkt_service*/,
-	krb5_get_init_creds_opt */*options*/);
-
-krb5_error_code
-krb5_get_kdc_cred (
-	krb5_context /*context*/,
-	krb5_ccache /*id*/,
-	krb5_kdc_flags /*flags*/,
-	krb5_addresses */*addresses*/,
-	Ticket */*second_ticket*/,
-	krb5_creds */*in_creds*/,
-	krb5_creds **out_creds );
-
-krb5_error_code
-krb5_get_krb524hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code
-krb5_get_krb_admin_hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code
-krb5_get_krb_changepw_hst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code
-krb5_get_krbhst (
-	krb5_context /*context*/,
-	const krb5_realm */*realm*/,
-	char ***/*hostlist*/);
-
-krb5_error_code
-krb5_get_pw_salt (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	krb5_salt */*salt*/);
-
-krb5_error_code
-krb5_get_server_rcache (
-	krb5_context /*context*/,
-	const krb5_data */*piece*/,
-	krb5_rcache */*id*/);
-
-krb5_boolean
-krb5_get_use_admin_kdc (krb5_context /*context*/);
-
-size_t
-krb5_get_wrapped_length (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	size_t /*data_len*/);
-
-int
-krb5_getportbyname (
-	krb5_context /*context*/,
-	const char */*service*/,
-	const char */*proto*/,
-	int /*default_port*/);
-
-krb5_error_code
-krb5_h_addr2addr (
-	krb5_context /*context*/,
-	int /*af*/,
-	const char */*haddr*/,
-	krb5_address */*addr*/);
-
-krb5_error_code
-krb5_h_addr2sockaddr (
-	krb5_context /*context*/,
-	int /*af*/,
-	const char */*addr*/,
-	struct sockaddr */*sa*/,
-	krb5_socklen_t */*sa_size*/,
-	int /*port*/);
-
-krb5_error_code
-krb5_h_errno_to_heim_errno (int /*eai_errno*/);
-
-krb5_boolean
-krb5_have_error_string (krb5_context /*context*/);
-
-krb5_error_code
-krb5_init_context (krb5_context */*context*/);
-
-void
-krb5_init_ets (krb5_context /*context*/);
-
-krb5_error_code
-krb5_init_etype (
-	krb5_context /*context*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/,
-	const krb5_enctype */*etypes*/);
-
-krb5_error_code
-krb5_initlog (
-	krb5_context /*context*/,
-	const char */*program*/,
-	krb5_log_facility **/*fac*/);
-
-krb5_error_code
-krb5_keyblock_key_proc (
-	krb5_context /*context*/,
-	krb5_keytype /*type*/,
-	krb5_data */*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-krb5_keytab_key_proc (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_salt /*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-krb5_keytype_to_enctypes (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/);
-
-krb5_error_code
-krb5_keytype_to_enctypes_default (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	unsigned */*len*/,
-	krb5_enctype **/*val*/);
-
-krb5_error_code
-krb5_keytype_to_string (
-	krb5_context /*context*/,
-	krb5_keytype /*keytype*/,
-	char **/*string*/);
-
-krb5_error_code
-krb5_krbhst_format_string (
-	krb5_context /*context*/,
-	const krb5_krbhst_info */*host*/,
-	char */*hostname*/,
-	size_t /*hostlen*/);
-
-void
-krb5_krbhst_free (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/);
-
-krb5_error_code
-krb5_krbhst_get_addrinfo (
-	krb5_context /*context*/,
-	krb5_krbhst_info */*host*/,
-	struct addrinfo **/*ai*/);
-
-krb5_error_code
-krb5_krbhst_init (
-	krb5_context /*context*/,
-	const char */*realm*/,
-	unsigned int /*type*/,
-	krb5_krbhst_handle */*handle*/);
-
-krb5_error_code
-krb5_krbhst_next (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/,
-	krb5_krbhst_info **/*host*/);
-
-krb5_error_code
-krb5_krbhst_next_as_string (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/,
-	char */*hostname*/,
-	size_t /*hostlen*/);
-
-void
-krb5_krbhst_reset (
-	krb5_context /*context*/,
-	krb5_krbhst_handle /*handle*/);
-
-krb5_error_code
-krb5_kt_add_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code
-krb5_kt_close (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/);
-
-krb5_boolean
-krb5_kt_compare (
-	krb5_context /*context*/,
-	krb5_keytab_entry */*entry*/,
-	krb5_const_principal /*principal*/,
-	krb5_kvno /*vno*/,
-	krb5_enctype /*enctype*/);
-
-krb5_error_code
-krb5_kt_copy_entry_contents (
-	krb5_context /*context*/,
-	const krb5_keytab_entry */*in*/,
-	krb5_keytab_entry */*out*/);
-
-krb5_error_code
-krb5_kt_default (
-	krb5_context /*context*/,
-	krb5_keytab */*id*/);
-
-krb5_error_code
-krb5_kt_default_modify_name (
-	krb5_context /*context*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code
-krb5_kt_default_name (
-	krb5_context /*context*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code
-krb5_kt_end_seq_get (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_error_code
-krb5_kt_free_entry (
-	krb5_context /*context*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code
-krb5_kt_get_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_const_principal /*principal*/,
-	krb5_kvno /*kvno*/,
-	krb5_enctype /*enctype*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code
-krb5_kt_get_name (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char */*name*/,
-	size_t /*namesize*/);
-
-krb5_error_code
-krb5_kt_get_type (
-	krb5_context /*context*/,
-	krb5_keytab /*keytab*/,
-	char */*prefix*/,
-	size_t /*prefixsize*/);
-
-krb5_error_code
-krb5_kt_next_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_error_code
-krb5_kt_read_service_key (
-	krb5_context /*context*/,
-	krb5_pointer /*keyprocarg*/,
-	krb5_principal /*principal*/,
-	krb5_kvno /*vno*/,
-	krb5_enctype /*enctype*/,
-	krb5_keyblock **/*key*/);
-
-krb5_error_code
-krb5_kt_register (
-	krb5_context /*context*/,
-	const krb5_kt_ops */*ops*/);
-
-krb5_error_code
-krb5_kt_remove_entry (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_keytab_entry */*entry*/);
-
-krb5_error_code
-krb5_kt_resolve (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_keytab */*id*/);
-
-krb5_error_code
-krb5_kt_start_seq_get (
-	krb5_context /*context*/,
-	krb5_keytab /*id*/,
-	krb5_kt_cursor */*cursor*/);
-
-krb5_boolean
-krb5_kuserok (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*luser*/);
-
-krb5_error_code
-krb5_log (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 4, 5)));
-
-krb5_error_code
-krb5_log_msg (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	char **/*reply*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 5, 6)));
-
-krb5_error_code
-krb5_make_addrport (
-	krb5_context /*context*/,
-	krb5_address **/*res*/,
-	const krb5_address */*addr*/,
-	int16_t /*port*/);
-
-krb5_error_code
-krb5_make_principal (
-	krb5_context /*context*/,
-	krb5_principal */*principal*/,
-	krb5_const_realm /*realm*/,
-	...);
-
-size_t
-krb5_max_sockaddr_size (void);
-
-krb5_error_code
-krb5_mk_error (
-	krb5_context /*context*/,
-	krb5_error_code /*error_code*/,
-	const char */*e_text*/,
-	const krb5_data */*e_data*/,
-	const krb5_principal /*client*/,
-	const krb5_principal /*server*/,
-	time_t */*client_time*/,
-	int */*client_usec*/,
-	krb5_data */*reply*/);
-
-krb5_error_code
-krb5_mk_priv (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*userdata*/,
-	krb5_data */*outbuf*/,
-	void */*outdata*/);
-
-krb5_error_code
-krb5_mk_rep (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code
-krb5_mk_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	const char */*service*/,
-	const char */*hostname*/,
-	krb5_data */*in_data*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code
-krb5_mk_req_exact (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	const krb5_principal /*server*/,
-	krb5_data */*in_data*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code
-krb5_mk_req_extended (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*outbuf*/);
-
-krb5_error_code
-krb5_mk_req_internal (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_data */*outbuf*/,
-	krb5_key_usage /*checksum_usage*/,
-	krb5_key_usage /*encrypt_usage*/);
-
-krb5_error_code
-krb5_mk_safe (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*userdata*/,
-	krb5_data */*outbuf*/,
-	void */*outdata*/);
-
-krb5_ssize_t
-krb5_net_read (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_ssize_t
-krb5_net_write (
-	krb5_context /*context*/,
-	void */*p_fd*/,
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_openlog (
-	krb5_context /*context*/,
-	const char */*program*/,
-	krb5_log_facility **/*fac*/);
-
-krb5_error_code
-krb5_parse_address (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_addresses */*addresses*/);
-
-krb5_error_code
-krb5_parse_name (
-	krb5_context /*context*/,
-	const char */*name*/,
-	krb5_principal */*principal*/);
-
-const char *
-krb5_passwd_result_to_string (
-	krb5_context /*context*/,
-	int /*result*/);
-
-krb5_error_code
-krb5_password_key_proc (
-	krb5_context /*context*/,
-	krb5_enctype /*type*/,
-	krb5_salt /*salt*/,
-	krb5_const_pointer /*keyseed*/,
-	krb5_keyblock **/*key*/);
-
-krb5_realm*
-krb5_princ_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/);
-
-void
-krb5_princ_set_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_realm */*realm*/);
-
-krb5_error_code
-krb5_principal2principalname (
-	PrincipalName */*p*/,
-	const krb5_principal /*from*/);
-
-krb5_boolean
-krb5_principal_compare (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-krb5_boolean
-krb5_principal_compare_any_realm (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-const char *
-krb5_principal_get_comp_string (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	unsigned int /*component*/);
-
-const char *
-krb5_principal_get_realm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/);
-
-int
-krb5_principal_get_type (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/);
-
-krb5_boolean
-krb5_principal_match (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ*/,
-	krb5_const_principal /*pattern*/);
-
-krb5_error_code
-krb5_print_address (
-	const krb5_address */*addr*/,
-	char */*str*/,
-	size_t /*len*/,
-	size_t */*ret_len*/);
-
-int
-krb5_program_setup (
-	krb5_context */*context*/,
-	int /*argc*/,
-	char **/*argv*/,
-	struct getargs */*args*/,
-	int /*num_args*/,
-	void (*/*usage*/)(int, struct getargs*, int));
-
-int
-krb5_prompter_posix (
-	krb5_context /*context*/,
-	void */*data*/,
-	const char */*name*/,
-	const char */*banner*/,
-	int /*num_prompts*/,
-	krb5_prompt prompts[]);
-
-krb5_error_code
-krb5_rc_close (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code
-krb5_rc_default (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/);
-
-const char *
-krb5_rc_default_name (krb5_context /*context*/);
-
-const char *
-krb5_rc_default_type (krb5_context /*context*/);
-
-krb5_error_code
-krb5_rc_destroy (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code
-krb5_rc_expunge (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code
-krb5_rc_get_lifespan (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_deltat */*auth_lifespan*/);
-
-const char*
-krb5_rc_get_name (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-const char*
-krb5_rc_get_type (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code
-krb5_rc_initialize (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_deltat /*auth_lifespan*/);
-
-krb5_error_code
-krb5_rc_recover (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/);
-
-krb5_error_code
-krb5_rc_resolve (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	const char */*name*/);
-
-krb5_error_code
-krb5_rc_resolve_full (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/,
-	const char */*string_name*/);
-
-krb5_error_code
-krb5_rc_resolve_type (
-	krb5_context /*context*/,
-	krb5_rcache */*id*/,
-	const char */*type*/);
-
-krb5_error_code
-krb5_rc_store (
-	krb5_context /*context*/,
-	krb5_rcache /*id*/,
-	krb5_donot_replay */*rep*/);
-
-krb5_error_code
-krb5_rd_cred (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_data */*in_data*/,
-	krb5_creds ***/*ret_creds*/,
-	krb5_replay_data */*out_data*/);
-
-krb5_error_code
-krb5_rd_cred2 (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	krb5_ccache /*ccache*/,
-	krb5_data */*in_data*/);
-
-krb5_error_code
-krb5_rd_error (
-	krb5_context /*context*/,
-	krb5_data */*msg*/,
-	KRB_ERROR */*result*/);
-
-krb5_error_code
-krb5_rd_priv (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_data */*outbuf*/,
-	void */*outdata*/);
-
-krb5_error_code
-krb5_rd_rep (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_ap_rep_enc_part **/*repl*/);
-
-krb5_error_code
-krb5_rd_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_keytab /*keytab*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code
-krb5_rd_req_with_keyblock (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code
-krb5_rd_safe (
-	krb5_context /*context*/,
-	krb5_auth_context /*auth_context*/,
-	const krb5_data */*inbuf*/,
-	krb5_data */*outbuf*/,
-	void */*outdata*/);
-
-krb5_error_code
-krb5_read_message (
-	krb5_context /*context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_read_priv_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_read_safe_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_boolean
-krb5_realm_compare (
-	krb5_context /*context*/,
-	krb5_const_principal /*princ1*/,
-	krb5_const_principal /*princ2*/);
-
-krb5_error_code
-krb5_recvauth (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	const char */*appl_version*/,
-	krb5_principal /*server*/,
-	int32_t /*flags*/,
-	krb5_keytab /*keytab*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code
-krb5_recvauth_match_version (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_boolean (*/*match_appl_version*/)(const void *, const char*),
-	const void */*match_data*/,
-	krb5_principal /*server*/,
-	int32_t /*flags*/,
-	krb5_keytab /*keytab*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code
-krb5_ret_address (
-	krb5_storage */*sp*/,
-	krb5_address */*adr*/);
-
-krb5_error_code
-krb5_ret_addrs (
-	krb5_storage */*sp*/,
-	krb5_addresses */*adr*/);
-
-krb5_error_code
-krb5_ret_authdata (
-	krb5_storage */*sp*/,
-	krb5_authdata */*auth*/);
-
-krb5_error_code
-krb5_ret_creds (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_ret_data (
-	krb5_storage */*sp*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_ret_int16 (
-	krb5_storage */*sp*/,
-	int16_t */*value*/);
-
-krb5_error_code
-krb5_ret_int32 (
-	krb5_storage */*sp*/,
-	int32_t */*value*/);
-
-krb5_error_code
-krb5_ret_int8 (
-	krb5_storage */*sp*/,
-	int8_t */*value*/);
-
-krb5_error_code
-krb5_ret_keyblock (
-	krb5_storage */*sp*/,
-	krb5_keyblock */*p*/);
-
-krb5_error_code
-krb5_ret_principal (
-	krb5_storage */*sp*/,
-	krb5_principal */*princ*/);
-
-krb5_error_code
-krb5_ret_string (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code
-krb5_ret_stringz (
-	krb5_storage */*sp*/,
-	char **/*string*/);
-
-krb5_error_code
-krb5_ret_times (
-	krb5_storage */*sp*/,
-	krb5_times */*times*/);
-
-krb5_error_code
-krb5_salttype_to_string (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	krb5_salttype /*stype*/,
-	char **/*string*/);
-
-krb5_error_code
-krb5_sendauth (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_pointer /*p_fd*/,
-	const char */*appl_version*/,
-	krb5_principal /*client*/,
-	krb5_principal /*server*/,
-	krb5_flags /*ap_req_options*/,
-	krb5_data */*in_data*/,
-	krb5_creds */*in_creds*/,
-	krb5_ccache /*ccache*/,
-	krb5_error **/*ret_error*/,
-	krb5_ap_rep_enc_part **/*rep_result*/,
-	krb5_creds **/*out_creds*/);
-
-krb5_error_code
-krb5_sendto (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	krb5_krbhst_handle /*handle*/,
-	krb5_data */*receive*/);
-
-krb5_error_code
-krb5_sendto_kdc (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm */*realm*/,
-	krb5_data */*receive*/);
-
-krb5_error_code
-krb5_sendto_kdc2 (
-	krb5_context /*context*/,
-	const krb5_data */*send_data*/,
-	const krb5_realm */*realm*/,
-	krb5_data */*receive*/,
-	krb5_boolean /*master*/);
-
-krb5_error_code
-krb5_set_config_files (
-	krb5_context /*context*/,
-	char **/*filenames*/);
-
-krb5_error_code
-krb5_set_default_in_tkt_etypes (
-	krb5_context /*context*/,
-	const krb5_enctype */*etypes*/);
-
-krb5_error_code
-krb5_set_default_realm (
-	krb5_context /*context*/,
-	const char */*realm*/);
-
-krb5_error_code
-krb5_set_error_string (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__((format (printf, 2, 3)));
-
-krb5_error_code
-krb5_set_extra_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*addresses*/);
-
-krb5_error_code
-krb5_set_fcache_version (
-	krb5_context /*context*/,
-	int /*version*/);
-
-krb5_error_code
-krb5_set_ignore_addresses (
-	krb5_context /*context*/,
-	const krb5_addresses */*addresses*/);
-
-void
-krb5_set_use_admin_kdc (
-	krb5_context /*context*/,
-	krb5_boolean /*flag*/);
-
-krb5_error_code
-krb5_set_warn_dest (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/);
-
-krb5_error_code
-krb5_sname_to_principal (
-	krb5_context /*context*/,
-	const char */*hostname*/,
-	const char */*sname*/,
-	int32_t /*type*/,
-	krb5_principal */*ret_princ*/);
-
-krb5_error_code
-krb5_sock_to_principal (
-	krb5_context /*context*/,
-	int /*sock*/,
-	const char */*sname*/,
-	int32_t /*type*/,
-	krb5_principal */*ret_princ*/);
-
-krb5_error_code
-krb5_sockaddr2address (
-	krb5_context /*context*/,
-	const struct sockaddr */*sa*/,
-	krb5_address */*addr*/);
-
-krb5_error_code
-krb5_sockaddr2port (
-	krb5_context /*context*/,
-	const struct sockaddr */*sa*/,
-	int16_t */*port*/);
-
-krb5_boolean
-krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/);
-
-void
-krb5_std_usage (
-	int /*code*/,
-	struct getargs */*args*/,
-	int /*num_args*/);
-
-void
-krb5_storage_clear_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_storage *
-krb5_storage_emem (void);
-
-krb5_error_code
-krb5_storage_free (krb5_storage */*sp*/);
-
-krb5_storage *
-krb5_storage_from_data (krb5_data */*data*/);
-
-krb5_storage *
-krb5_storage_from_fd (int /*fd*/);
-
-krb5_storage *
-krb5_storage_from_mem (
-	void */*buf*/,
-	size_t /*len*/);
-
-krb5_flags
-krb5_storage_get_byteorder (
-	krb5_storage */*sp*/,
-	krb5_flags /*byteorder*/);
-
-krb5_boolean
-krb5_storage_is_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_ssize_t
-krb5_storage_read (
-	krb5_storage */*sp*/,
-	void */*buf*/,
-	size_t /*len*/);
-
-off_t
-krb5_storage_seek (
-	krb5_storage */*sp*/,
-	off_t /*offset*/,
-	int /*whence*/);
-
-void
-krb5_storage_set_byteorder (
-	krb5_storage */*sp*/,
-	krb5_flags /*byteorder*/);
-
-void
-krb5_storage_set_eof_code (
-	krb5_storage */*sp*/,
-	int /*code*/);
-
-void
-krb5_storage_set_flags (
-	krb5_storage */*sp*/,
-	krb5_flags /*flags*/);
-
-krb5_error_code
-krb5_storage_to_data (
-	krb5_storage */*sp*/,
-	krb5_data */*data*/);
-
-krb5_ssize_t
-krb5_storage_write (
-	krb5_storage */*sp*/,
-	const void */*buf*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_store_address (
-	krb5_storage */*sp*/,
-	krb5_address /*p*/);
-
-krb5_error_code
-krb5_store_addrs (
-	krb5_storage */*sp*/,
-	krb5_addresses /*p*/);
-
-krb5_error_code
-krb5_store_authdata (
-	krb5_storage */*sp*/,
-	krb5_authdata /*auth*/);
-
-krb5_error_code
-krb5_store_creds (
-	krb5_storage */*sp*/,
-	krb5_creds */*creds*/);
-
-krb5_error_code
-krb5_store_data (
-	krb5_storage */*sp*/,
-	krb5_data /*data*/);
-
-krb5_error_code
-krb5_store_int16 (
-	krb5_storage */*sp*/,
-	int16_t /*value*/);
-
-krb5_error_code
-krb5_store_int32 (
-	krb5_storage */*sp*/,
-	int32_t /*value*/);
-
-krb5_error_code
-krb5_store_int8 (
-	krb5_storage */*sp*/,
-	int8_t /*value*/);
-
-krb5_error_code
-krb5_store_keyblock (
-	krb5_storage */*sp*/,
-	krb5_keyblock /*p*/);
-
-krb5_error_code
-krb5_store_principal (
-	krb5_storage */*sp*/,
-	krb5_principal /*p*/);
-
-krb5_error_code
-krb5_store_string (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code
-krb5_store_stringz (
-	krb5_storage */*sp*/,
-	const char */*s*/);
-
-krb5_error_code
-krb5_store_times (
-	krb5_storage */*sp*/,
-	krb5_times /*times*/);
-
-krb5_error_code
-krb5_string_to_deltat (
-	const char */*string*/,
-	krb5_deltat */*deltat*/);
-
-krb5_error_code
-krb5_string_to_enctype (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_enctype */*etype*/);
-
-krb5_error_code
-krb5_string_to_key (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_principal /*principal*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_string_to_key_data (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_principal /*principal*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_string_to_key_data_salt (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_string_to_key_data_salt_opaque (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	krb5_data /*password*/,
-	krb5_salt /*salt*/,
-	krb5_data /*opaque*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_string_to_key_derived (
-	krb5_context /*context*/,
-	const void */*str*/,
-	size_t /*len*/,
-	krb5_enctype /*etype*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_string_to_key_salt (
-	krb5_context /*context*/,
-	krb5_enctype /*enctype*/,
-	const char */*password*/,
-	krb5_salt /*salt*/,
-	krb5_keyblock */*key*/);
-
-krb5_error_code
-krb5_string_to_keytype (
-	krb5_context /*context*/,
-	const char */*string*/,
-	krb5_keytype */*keytype*/);
-
-krb5_error_code
-krb5_string_to_salttype (
-	krb5_context /*context*/,
-	krb5_enctype /*etype*/,
-	const char */*string*/,
-	krb5_salttype */*salttype*/);
-
-krb5_error_code
-krb5_timeofday (
-	krb5_context /*context*/,
-	krb5_timestamp */*timeret*/);
-
-krb5_error_code
-krb5_unparse_name (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char **/*name*/);
-
-krb5_error_code
-krb5_unparse_name_fixed (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_unparse_name_fixed_short (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char */*name*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_unparse_name_short (
-	krb5_context /*context*/,
-	krb5_const_principal /*principal*/,
-	char **/*name*/);
-
-krb5_error_code
-krb5_us_timeofday (
-	krb5_context /*context*/,
-	int32_t */*sec*/,
-	int32_t */*usec*/);
-
-krb5_error_code
-krb5_vabort (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 3, 0)));
-
-krb5_error_code
-krb5_vabortx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 2, 0)));
-
-krb5_error_code
-krb5_verify_ap_req (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_ap_req */*ap_req*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags /*flags*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/);
-
-krb5_error_code
-krb5_verify_ap_req2 (
-	krb5_context /*context*/,
-	krb5_auth_context */*auth_context*/,
-	krb5_ap_req */*ap_req*/,
-	krb5_const_principal /*server*/,
-	krb5_keyblock */*keyblock*/,
-	krb5_flags /*flags*/,
-	krb5_flags */*ap_req_options*/,
-	krb5_ticket **/*ticket*/,
-	krb5_key_usage /*usage*/);
-
-krb5_error_code
-krb5_verify_authenticator_checksum (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	void */*data*/,
-	size_t /*len*/);
-
-krb5_error_code
-krb5_verify_checksum (
-	krb5_context /*context*/,
-	krb5_crypto /*crypto*/,
-	krb5_key_usage /*usage*/,
-	void */*data*/,
-	size_t /*len*/,
-	Checksum */*cksum*/);
-
-krb5_error_code
-krb5_verify_init_creds (
-	krb5_context /*context*/,
-	krb5_creds */*creds*/,
-	krb5_principal /*ap_req_server*/,
-	krb5_keytab /*ap_req_keytab*/,
-	krb5_ccache */*ccache*/,
-	krb5_verify_init_creds_opt */*options*/);
-
-void
-krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/);
-
-void
-krb5_verify_init_creds_opt_set_ap_req_nofail (
-	krb5_verify_init_creds_opt */*options*/,
-	int /*ap_req_nofail*/);
-
-void
-krb5_verify_opt_init (krb5_verify_opt */*opt*/);
-
-void
-krb5_verify_opt_set_ccache (
-	krb5_verify_opt */*opt*/,
-	krb5_ccache /*ccache*/);
-
-void
-krb5_verify_opt_set_flags (
-	krb5_verify_opt */*opt*/,
-	unsigned int /*flags*/);
-
-void
-krb5_verify_opt_set_keytab (
-	krb5_verify_opt */*opt*/,
-	krb5_keytab /*keytab*/);
-
-void
-krb5_verify_opt_set_secure (
-	krb5_verify_opt */*opt*/,
-	krb5_boolean /*secure*/);
-
-void
-krb5_verify_opt_set_service (
-	krb5_verify_opt */*opt*/,
-	const char */*service*/);
-
-krb5_error_code
-krb5_verify_user (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_ccache /*ccache*/,
-	const char */*password*/,
-	krb5_boolean /*secure*/,
-	const char */*service*/);
-
-krb5_error_code
-krb5_verify_user_lrealm (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	krb5_ccache /*ccache*/,
-	const char */*password*/,
-	krb5_boolean /*secure*/,
-	const char */*service*/);
-
-krb5_error_code
-krb5_verify_user_opt (
-	krb5_context /*context*/,
-	krb5_principal /*principal*/,
-	const char */*password*/,
-	krb5_verify_opt */*opt*/);
-
-krb5_error_code
-krb5_verr (
-	krb5_context /*context*/,
-	int /*eval*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 4, 0)));
-
-krb5_error_code
-krb5_verrx (
-	krb5_context /*context*/,
-	int /*eval*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((noreturn, format (printf, 3, 0)));
-
-krb5_error_code
-krb5_vlog (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__((format (printf, 4, 0)));
-
-krb5_error_code
-krb5_vlog_msg (
-	krb5_context /*context*/,
-	krb5_log_facility */*fac*/,
-	char **/*reply*/,
-	int /*level*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__((format (printf, 5, 0)));
-
-krb5_error_code
-krb5_vset_error_string (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*args*/)
-    __attribute__ ((format (printf, 2, 0)));
-
-krb5_error_code
-krb5_vwarn (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((format (printf, 3, 0)));
-
-krb5_error_code
-krb5_vwarnx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	va_list /*ap*/)
-    __attribute__ ((format (printf, 2, 0)));
-
-krb5_error_code
-krb5_warn (
-	krb5_context /*context*/,
-	krb5_error_code /*code*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((format (printf, 3, 4)));
-
-krb5_error_code
-krb5_warnx (
-	krb5_context /*context*/,
-	const char */*fmt*/,
-	...)
-    __attribute__ ((format (printf, 2, 3)));
-
-krb5_error_code
-krb5_write_message (
-	krb5_context /*context*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_write_priv_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_write_safe_message (
-	krb5_context /*context*/,
-	krb5_auth_context /*ac*/,
-	krb5_pointer /*p_fd*/,
-	krb5_data */*data*/);
-
-krb5_error_code
-krb5_xfree (void */*ptr*/);
-
-krb5_error_code
-principalname2krb5_principal (
-	krb5_principal */*principal*/,
-	const PrincipalName /*from*/,
-	const Realm /*realm*/);
-
-#endif /* __krb5_protos_h__ */
diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h
deleted file mode 100644
index 2f89281ed20d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5-v4compat.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5-v4compat.h,v 1.2 2003/03/18 03:08:20 lha Exp $ */
-
-#ifndef __KRB5_V4COMPAT_H__
-#define __KRB5_V4COMPAT_H__
-
-/* 
- * This file must only be included with v4 compat glue stuff in
- * heimdal sources.
- *
- * It MUST NOT be installed.
- */
-
-#define		MAX_KTXT_LEN	1250
-
-#define 	ANAME_SZ	40
-#define		REALM_SZ	40
-#define		SNAME_SZ	40
-#define		INST_SZ		40
-
-struct ktext {
-    unsigned int length;		/* Length of the text */
-    unsigned char dat[MAX_KTXT_LEN];	/* The data itself */
-    u_int32_t mbz;		/* zero to catch runaway strings */
-};
-
-struct credentials {
-    char    service[ANAME_SZ];	/* Service name */
-    char    instance[INST_SZ];	/* Instance */
-    char    realm[REALM_SZ];	/* Auth domain */
-    des_cblock session;		/* Session key */
-    int     lifetime;		/* Lifetime */
-    int     kvno;		/* Key version number */
-    struct ktext ticket_st;	/* The ticket itself */
-    int32_t    issue_date;	/* The issue time */
-    char    pname[ANAME_SZ];	/* Principal's name */
-    char    pinst[INST_SZ];	/* Principal's instance */
-};
-
-
-#define TKTLIFENUMFIXED 64
-#define TKTLIFEMINFIXED 0x80
-#define TKTLIFEMAXFIXED 0xBF
-#define TKTLIFENOEXPIRE 0xFF
-#define MAXTKTLIFETIME	(30*24*3600)	/* 30 days */
-#ifndef NEVERDATE
-#define NEVERDATE ((time_t)0x7fffffffL)
-#endif
-
-#define		KERB_ERR_NULL_KEY	10
-
-int
-_krb5_krb_time_to_life(time_t start, time_t end);
-
-time_t
-_krb5_krb_life_to_time(int start, int life_);
-
-#define krb_time_to_life	_krb5_krb_time_to_life
-#define krb_life_to_time	_krb5_krb_life_to_time
-
-#endif /*  __KRB5_V4COMPAT_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3
deleted file mode 100644
index 8e169a0ca67f..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.3
+++ /dev/null
@@ -1,240 +0,0 @@
-.\" Copyright (c) 2001, 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.Dd March 20, 2003
-.Dt KRB5 3
-.Os
-.Sh NAME
-.Nm krb5
-.Nd kerberos 5 library
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh DESCRIPTION
-These functions constitute the Kerberos 5 library,
-.Em libkrb5 .
-Declarations for these functions may be obtained from the include file
-.Pa krb5.h .
-.Sh LIST OF FUNCTIONS
-.sp 2
-.nf
-.ta \w'krb5_checksum_is_collision_proof.3'u+2n +\w'Description goes here'u
-\fIName/Page\fP	\fIDescription\fP
-.ta \w'krb5_checksum_is_collision_proof.3'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-krb5_425_conv_principal.3
-krb5_425_conv_principal_ext.3
-krb5_524_conv_principal.3
-krb5_addlog_dest.3
-krb5_addlog_func.3
-krb5_addr2sockaddr.3
-krb5_address.3
-krb5_address_compare.3
-krb5_address_order.3
-krb5_address_search.3
-krb5_addresses.3
-krb5_anyaddr.3
-krb5_appdefault_boolean.3
-krb5_appdefault_string.3
-krb5_appdefault_time.3
-krb5_append_addresses.3
-krb5_auth_con_free.3
-krb5_auth_con_genaddrs.3
-krb5_auth_con_getaddrs.3
-krb5_auth_con_getflags.3
-krb5_auth_con_getkey.3
-krb5_auth_con_getlocalsubkey.3
-krb5_auth_con_getrcache.3
-krb5_auth_con_getremotesubkey.3
-krb5_auth_con_getuserkey.3
-krb5_auth_con_init.3
-krb5_auth_con_initivector.3
-krb5_auth_con_setaddrs.3
-krb5_auth_con_setaddrs_from_fd.3
-krb5_auth_con_setflags.3
-krb5_auth_con_setivector.3
-krb5_auth_con_setkey.3
-krb5_auth_con_setlocalsubkey.3
-krb5_auth_con_setrcache.3
-krb5_auth_con_setremotesubkey.3
-krb5_auth_con_setuserkey.3
-krb5_auth_context.3
-krb5_auth_getauthenticator.3
-krb5_auth_getcksumtype.3
-krb5_auth_getkeytype.3
-krb5_auth_getlocalseqnumber.3
-krb5_auth_getremoteseqnumber.3
-krb5_auth_setcksumtype.3
-krb5_auth_setkeytype.3
-krb5_auth_setlocalseqnumber.3
-krb5_auth_setremoteseqnumber.3
-krb5_build_principal.3
-krb5_build_principal_ext.3
-krb5_build_principal_va.3
-krb5_build_principal_va_ext.3
-krb5_cc_close.3
-krb5_cc_copy_cache.3
-krb5_cc_default.3
-krb5_cc_default_name.3
-krb5_cc_destroy.3
-krb5_cc_end_seq_get.3
-krb5_cc_gen_new.3
-krb5_cc_get_name.3
-krb5_cc_get_principal.3
-krb5_cc_get_type.3
-krb5_cc_get_version.3
-krb5_cc_initialize.3
-krb5_cc_next_cred.3
-krb5_cc_register.3
-krb5_cc_remove_cred.3
-krb5_cc_resolve.3
-krb5_cc_retrieve_cred.3
-krb5_cc_set_default_name.3
-krb5_cc_set_flags.3
-krb5_cc_store_cred.3
-krb5_checksum_is_collision_proof.3
-krb5_checksum_is_keyed.3
-krb5_checksumsize.3
-krb5_closelog.3
-krb5_config_get_bool_default.3
-krb5_config_get_int_default.3
-krb5_config_get_string_default.3
-krb5_config_get_time_default.3
-krb5_context.3
-krb5_copy_address.3
-krb5_copy_addresses.3
-krb5_copy_data.3
-krb5_create_checksum.3
-krb5_crypto_destroy.3
-krb5_crypto_init.3
-krb5_data_alloc.3
-krb5_data_copy.3
-krb5_data_free.3
-krb5_data_realloc.3
-krb5_data_zero.3
-krb5_decrypt.3
-krb5_decrypt_EncryptedData.3
-krb5_encrypt.3
-krb5_encrypt_EncryptedData.3
-krb5_err.3
-krb5_errx.3
-krb5_free_address.3
-krb5_free_addresses.3
-krb5_free_context.3
-krb5_free_data.3
-krb5_free_data_contents.3
-krb5_free_host_realm.3
-krb5_free_krbhst.3
-krb5_free_principal.3
-krb5_get_all_client_addrs.3
-krb5_get_all_server_addrs.3
-krb5_get_default_realm.3
-krb5_get_default_realms.3
-krb5_get_host_realm.3
-krb5_get_krb524hst.3
-krb5_get_krb_admin_hst.3
-krb5_get_krb_changepw_hst.3
-krb5_get_krbhst.3
-krb5_h_addr2addr.3
-krb5_h_addr2sockaddr.3
-krb5_init_context.3
-krb5_initlog.3
-krb5_keytab_entry.3
-krb5_krbhst_format_string.3
-krb5_krbhst_free.3
-krb5_krbhst_get_addrinfo.3
-krb5_krbhst_init.3
-krb5_krbhst_next.3
-krb5_krbhst_next_as_string.3
-krb5_krbhst_reset.3
-krb5_kt_add_entry.3
-krb5_kt_close.3
-krb5_kt_compare.3
-krb5_kt_copy_entry_contents.3
-krb5_kt_cursor.3
-krb5_kt_cursor.3
-krb5_kt_default.3
-krb5_kt_default_name.3
-krb5_kt_end_seq_get.3
-krb5_kt_free_entry.3
-krb5_kt_get_entry.3
-krb5_kt_get_name.3
-krb5_kt_next_entry.3
-krb5_kt_ops.3
-krb5_kt_read_service_key.3
-krb5_kt_register.3
-krb5_kt_remove_entry.3
-krb5_kt_resolve.3.3
-krb5_kt_start_seq_get
-krb5_log.3
-krb5_log_msg.3
-krb5_make_addrport.3
-krb5_make_principal.3
-krb5_max_sockaddr_size.3
-krb5_openlog.3
-krb5_parse_address.3
-krb5_parse_name.3
-krb5_principal.3
-krb5_principal_get_comp_string.3
-krb5_principal_get_realm.3
-krb5_print_address.3
-krb5_set_default_realm.3
-krb5_set_warn_dest.3
-krb5_sname_to_principal.3
-krb5_sock_to_principal.3
-krb5_sockaddr2address.3
-krb5_sockaddr2port.3
-krb5_sockaddr_uninteresting.3
-krb5_timeofday.3
-krb5_unparse_name.3
-krb5_us_timeofday.3
-krb5_verify_checksum.3
-krb5_verify_opt_init.3
-krb5_verify_opt_set_flags.3
-krb5_verify_opt_set_keytab.3
-krb5_verify_opt_set_secure.3
-krb5_verify_opt_set_service.3
-krb5_verify_user.3
-krb5_verify_user_lrealm.3
-krb5_verify_user_opt.3
-krb5_verr.3
-krb5_verrx.3
-krb5_vlog.3
-krb5_vlog_msg.3
-krb5_vwarn.3
-krb5_vwarnx.3
-krb5_warn.3
-krb5_warnx.3
-krn5_kuserok.3
-.ta
-.Fi
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5
deleted file mode 100644
index 9ee85aa337ce..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.conf.5
+++ /dev/null
@@ -1,442 +0,0 @@
-.\" Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5.conf.5,v 1.35 2003/04/16 13:26:13 lha Exp $
-.\"
-.Dd April 11, 1999
-.Dt KRB5.CONF 5
-.Os HEIMDAL
-.Sh NAME
-.Nm /etc/krb5.conf
-.Nd configuration file for Kerberos 5
-.Sh DESCRIPTION
-The
-.Nm
-file specifies several configuration parameters for the Kerberos 5
-library, as well as for some programs.
-.Pp
-The file consists of one or more sections, containing a number of
-bindings.
-The value of each binding can be either a string or a list of other
-bindings.
-The grammar looks like:
-.Bd -literal -offset indent
-file:
-	/* empty */
-	sections
-
-sections:
-	section sections
-	section
-
-section:
-	'[' section_name ']' bindings
-
-section_name:
-	STRING
-
-bindings:
-	binding bindings
-	binding
-
-binding:
-	name '=' STRING
-	name '=' '{' bindings '}'
-
-name:
-	STRING
-
-.Ed
-.Li STRINGs
-consists of one or more non-whitespace characters.
-.Pp
-STRINGs that are specified later in this man-page uses the following
-notation.
-.Bl -tag -width "xxx" -offset indent
-.It boolean
-values can be either yes/true or no/false.
-.It time
-values can be a list of year, month, day, hour, min, second.
-Example: 1 month 2 days 30 min.
-.It etypes
-valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
-des3-cbc-sha1.
-.It address
-an address can be either a IPv4 or a IPv6 address.
-.El
-.Pp
-Currently recognised sections and bindings are:
-.Bl -tag -width "xxx" -offset indent
-.It Li [appdefaults]
-Specifies the default values to be used for Kerberos applications.
-You can specify defaults per application, realm, or a combination of
-these.
-The preference order is:
-.Bl -enum -compact
-.It
-.Va application Va realm Va option
-.It
-.Va application Va option
-.It
-.Va realm Va option
-.It
-.Va option
-.El
-.Pp
-The supported options are:
-.Bl -tag -width "xxx" -offset indent
-.It Li forwardable = Va boolean
-When obtaining initial credentials, make the credentials forwardable.
-.It Li proxiable = Va boolean
-When obtaining initial credentials, make the credentials proxiable.
-.It Li no-addresses = Va boolean
-When obtaining initial credentials, request them for an empty set of
-addresses, making the tickets valid from any address.
-.It Li ticket_lifetime = Va time
-Default ticket lifetime.
-.It Li renew_lifetime = Va time
-Default renewable ticket lifetime.
-.El
-.It Li [libdefaults]
-.Bl -tag -width "xxx" -offset indent
-.It Li default_realm = Va REALM
-Default realm to use, this is also known as your
-.Dq local realm .
-The default is the result of
-.Fn krb5_get_host_realm "local hostname" .
-.It Li clockskew = Va time
-Maximum time differential (in seconds) allowed when comparing
-times.
-Default is 300 seconds (five minutes).
-.It Li kdc_timeout = Va time
-Maximum time to wait for a reply from the kdc, default is 3 seconds.
-.It v4_name_convert
-.It v4_instance_resolve
-These are described in the
-.Xr krb5_425_conv_principal  3
-manual page.
-.It Li capath = {
-.Bl -tag -width "xxx" -offset indent
-.It Va destination-realm Li = Va next-hop-realm
-.It ...
-.El
-Normally, all requests to realms different from the one of the current
-client are sent to this KDC to get cross-realm tickets.
-If this KDC does not have a cross-realm key with the desired realm and
-the hierarchical path to that realm does not work, a path can be
-configured using this directive.
-The text shown above instructs the KDC to try to obtain a cross-realm
-ticket to
-.Va next-hop-realm
-when the desired realm is
-.Va destination-realm .
-This configuration should preferably be done on the KDC where it will
-help all its clients but can also be done on the client itself.
-.It Li }
-.It Li default_etypes = Va etypes...
-A list of default encryption types to use.
-.It Li default_etypes_des = Va etypes...
-A list of default encryption types to use when requesting a DES credential.
-.It Li default_keytab_name = Va keytab
-The keytab to use if no other is specified, default is
-.Dq FILE:/etc/krb5.keytab .
-.It Li dns_lookup_kdc = Va boolean
-Use DNS SRV records to lookup KDC services location.
-.It Li dns_lookup_realm = Va boolean
-Use DNS TXT records to lookup domain to realm mappings.
-.It Li kdc_timesync = Va boolean
-Try to keep track of the time differential between the local machine
-and the KDC, and then compensate for that when issuing requests.
-.It Li max_retries = Va number
-The max number of times to try to contact each KDC.
-.It Li ticket_lifetime = Va time
-Default ticket lifetime.
-.It Li renew_lifetime = Va time
-Default renewable ticket lifetime.
-.It Li forwardable = Va boolean
-When obtaining initial credentials, make the credentials forwardable.
-This option is also valid in the [realms] section.
-.It Li proxiable = Va boolean
-When obtaining initial credentials, make the credentials proxiable.
-This option is also valid in the [realms] section.
-.It Li verify_ap_req_nofail = Va boolean
-If enabled, failure to verify credentials against a local key is a
-fatal error.
-The application has to be able to read the corresponding service key
-for this to work.
-Some applications, like
-.Xr su 8 ,
-enable this option unconditionally.
-.It Li warn_pwexpire = Va time
-How soon to warn for expiring password.
-Default is seven days.
-.It Li http_proxy = Va proxy-spec
-A HTTP-proxy to use when talking to the KDC via HTTP.
-.It Li dns_proxy = Va proxy-spec
-Enable using DNS via HTTP.
-.It Li extra_addresses = Va address...
-A list of addresses to get tickets for along with all local addresses.
-.It Li time_format = Va string
-How to print time strings in logs, this string is passed to
-.Xr strftime 3 .
-.It Li date_format = Va string
-How to print date strings in logs, this string is passed to
-.Xr strftime 3 .
-.It Li log_utc = Va boolean
-Write log-entries using UTC instead of your local time zone.
-.It Li scan_interfaces = Va boolean
-Scan all network interfaces for addresses, as opposed to simply using
-the address associated with the system's host name.
-.It Li fcache_version = Va int
-Use file credential cache format version specified.
-.It Li krb4_get_tickets = Va boolean
-Also get Kerberos 4 tickets in
-.Nm kinit ,
-.Nm login ,
-and other programs.
-This option is also valid in the [realms] section.
-.El
-.It Li [domain_realm]
-This is a list of mappings from DNS domain to Kerberos realm.
-Each binding in this section looks like:
-.Pp
-.Dl domain = realm
-.Pp
-The domain can be either a full name of a host or a trailing
-component, in the latter case the domain-string should start with a
-period.
-The realm may be the token `dns_locate', in which case the actual
-realm will be determined using DNS (independently of the setting
-of the `dns_lookup_realm' option).
-.It Li [realms]
-.Bl -tag -width "xxx" -offset indent
-.It Va REALM Li = {
-.Bl -tag -width "xxx" -offset indent
-.It Li kdc = Va [service/]host[:port]
-Specifies a list of kdcs for this realm.
-If the optional
-.Va port
-is absent, the
-default value for the
-.Dq kerberos/udp
-.Dq kerberos/tcp ,
-and
-.Dq http/tcp
-port (depending on service) will be used.
-The kdcs will be used in the order that they are specified.
-.Pp
-The optional
-.Va service
-specifies over what medium the kdc should be
-contacted.
-Possible services are
-.Dq udp ,
-.Dq tcp , 
-and
-.Dq http .
-Http can also be written as
-.Dq http:// .
-Default service is
-.Dq udp 
-and
-.Dq tcp .
-.It Li admin_server = Va host[:port]
-Specifies the admin server for this realm, where all the modifications
-to the database are performed.
-.It Li kpasswd_server = Va host[:port]
-Points to the server where all the password changes are performed.
-If there is no such entry, the kpasswd port on the admin_server host
-will be tried.
-.It Li krb524_server = Va host[:port]
-Points to the server that does 524 conversions.
-If it is not mentioned, the krb524 port on the kdcs will be tried.
-.It Li v4_instance_convert
-.It Li v4_name_convert
-.It Li default_domain
-See
-.Xr krb5_425_conv_principal 3 .
-.El
-.It Li }
-.El
-.It Li [logging]
-.Bl -tag -width "xxx" -offset indent
-.It Va entity Li = Va destination
-Specifies that
-.Va entity
-should use the specified
-.Li destination
-for logging.
-See the
-.Xr krb5_openlog 3
-manual page for a list of defined destinations.
-.El
-.It Li [kdc]
-.Bl -tag -width "xxx" -offset indent
-.It database Li = {
-.Bl -tag -width "xxx" -offset indent
-.It dbname Li = Va DATABASENAME
-Use this database for this realm.
-.It realm Li = Va REALM
-Specifies the realm that will be stored in this database.
-.It mkey_file Li = Pa FILENAME
-Use this keytab file for the master key of this database.
-If not specified
-.Va DATABASENAME Ns .mkey
-will be used.
-.It acl_file Li = PA FILENAME
-Use this file for the ACL list of this database.
-.It log_file Li = Pa FILENAME
-Use this file as the log of changes performed to the database.
-This file is used by
-.Nm ipropd-master
-for propagating changes to slaves.
-.El
-.It Li }
-.It max-request = Va SIZE
-Maximum size of a kdc request.
-.It require-preauth = Va BOOL
-If set pre-authentication is required.
-Since krb4 requests are not pre-authenticated they will be rejected.
-.It ports = Va "list of ports"
-List of ports the kdc should listen to.
-.It addresses = Va "list of interfaces"
-List of addresses the kdc should bind to.
-.It enable-kerberos4 = Va BOOL
-Turn on Kerberos 4 support.
-.It v4-realm = Va REALM
-To what realm v4 requests should be mapped.
-.It enable-524 = Va BOOL
-Should the Kerberos 524 converting facility be turned on.
-Default is same as
-.Va enable-kerberos4 .
-.It enable-http = Va BOOL
-Should the kdc answer kdc-requests over http.
-.It enable-kaserver = Va BOOL
-If this kdc should emulate the AFS kaserver.
-.It check-ticket-addresses = Va BOOL
-verify the addresses in the tickets used in tgs requests.
-.\" XXX
-.It allow-null-ticket-addresses = Va BOOL
-Allow addresses-less tickets.
-.\" XXX
-.It allow-anonymous = Va BOOL
-If the kdc is allowed to hand out anonymous tickets.
-.It encode_as_rep_as_tgs_rep = Va BOOL
-Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
-.\" XXX
-.It kdc_warn_pwexpire = Va TIME
-The time before expiration that the user should be warned that her
-password is about to expire.
-.It logging = Va Logging
-What type of logging the kdc should use, see also [logging]/kdc.
-.It use_2b = Va principal list
-List of principals to use AFS 2b tokens for.
-.El
-.It Li [kadmin]
-.Bl -tag -width "xxx" -offset indent
-.It require-preauth = Va BOOL
-If pre-authentication is required to talk to the kadmin server.
-.It default_keys = Va keytypes...
-for each entry in
-.Va default_keys
-try to parse it as a sequence of
-.Va etype:salttype:salt
-syntax of this if something like:
-.Pp
-[(des|des3|etype):](pw-salt|afs3-salt)[:string]
-.Pp
-If
-.Ar etype
-is omitted it means everything, and if string is omitted it means the
-default salt string (for that principal and encryption type).
-Additional special values of keytypes are:
-.Bl -tag -width "xxx" -offset indent
-.It v5
-The Kerberos 5 salt
-.Va pw-salt
-.It v4
-The Kerberos 4 salt
-.Va des:pw-salt:
-.El
-.It use_v4_salt = Va BOOL
-When true, this is the same as
-.Pp
-.Va default_keys = Va des3:pw-salt Va v4
-.Pp
-and is only left for backwards compatibility.
-.El
-.El
-.Sh ENVIRONMENT
-.Ev KRB5_CONFIG
-points to the configuration file to read.
-.Sh EXAMPLE
-.Bd -literal -offset indent
-[libdefaults]
-	default_realm = FOO.SE
-[domain_realm]
-	.foo.se = FOO.SE
-	.bar.se = FOO.SE
-[realms]
-	FOO.SE = {
-		kdc = kerberos.foo.se
-		v4_name_convert = {
-			rcmd = host
-		}
-		v4_instance_convert = {
-			xyz = xyz.bar.se
-		}
-		default_domain = foo.se
-	}
-[logging]
-	kdc = FILE:/var/heimdal/kdc.log
-	kdc = SYSLOG:INFO
-	default = SYSLOG:INFO:USER
-.Ed
-.Sh DIAGNOSTICS
-Since
-.Nm
-is read and parsed by the krb5 library, there is not a lot of
-opportunities for programs to report parsing errors in any useful
-format.
-To help overcome this problem, there is a program
-.Nm verify_krb5_conf
-that reads
-.Nm
-and tries to emit useful diagnostics from parsing errors.
-Note that this program does not have any way of knowing what options
-are actually used and thus cannot warn about unknown or misspelled
-ones.
-.Sh SEE ALSO
-.Xr kinit 1 ,
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_openlog 3 ,
-.Xr strftime 3 ,
-.Xr verify_krb5_conf 8
diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h
deleted file mode 100644
index f157452e2e9b..000000000000
--- a/crypto/heimdal/lib/krb5/krb5.h
+++ /dev/null
@@ -1,676 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5.h,v 1.209 2003/03/16 18:30:02 lha Exp $ */
-
-#ifndef __KRB5_H__
-#define __KRB5_H__
-
-#include <time.h>
-#include <krb5-types.h>
-
-#include <asn1_err.h>
-#include <krb5_err.h>
-#include <heim_err.h>
-#include <k524_err.h>
-
-#include <krb5_asn1.h>
-
-/* name confusion with MIT */
-#ifndef KRB5KDC_ERR_KEY_EXP
-#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
-#endif
-
-/* simple constants */
-
-#ifndef TRUE
-#define TRUE  1
-#define FALSE 0
-#endif
-
-typedef int krb5_boolean;
-
-typedef int32_t krb5_error_code;
-
-typedef int krb5_kvno;
-
-typedef u_int32_t krb5_flags;
-
-typedef void *krb5_pointer;
-typedef const void *krb5_const_pointer;
-
-typedef octet_string krb5_data;
-
-struct krb5_crypto_data;
-typedef struct krb5_crypto_data *krb5_crypto;
-
-typedef CKSUMTYPE krb5_cksumtype;
-
-typedef Checksum krb5_checksum;
-
-typedef ENCTYPE krb5_enctype;
-
-/* alternative names */
-enum {
-    ENCTYPE_NULL		= ETYPE_NULL,
-    ENCTYPE_DES_CBC_CRC		= ETYPE_DES_CBC_CRC,
-    ENCTYPE_DES_CBC_MD4		= ETYPE_DES_CBC_MD4,
-    ENCTYPE_DES_CBC_MD5		= ETYPE_DES_CBC_MD5,
-    ENCTYPE_DES3_CBC_MD5	= ETYPE_DES3_CBC_MD5,
-    ENCTYPE_OLD_DES3_CBC_SHA1	= ETYPE_OLD_DES3_CBC_SHA1,
-    ENCTYPE_SIGN_DSA_GENERATE	= ETYPE_SIGN_DSA_GENERATE,
-    ENCTYPE_ENCRYPT_RSA_PRIV	= ETYPE_ENCRYPT_RSA_PRIV,
-    ENCTYPE_ENCRYPT_RSA_PUB	= ETYPE_ENCRYPT_RSA_PUB,
-    ENCTYPE_DES3_CBC_SHA1	= ETYPE_DES3_CBC_SHA1,
-    ENCTYPE_ARCFOUR_HMAC_MD5	= ETYPE_ARCFOUR_HMAC_MD5,
-    ENCTYPE_ARCFOUR_HMAC_MD5_56	= ETYPE_ARCFOUR_HMAC_MD5_56,
-    ENCTYPE_ENCTYPE_PK_CROSS	= ETYPE_ENCTYPE_PK_CROSS,
-    ENCTYPE_DES_CBC_NONE	= ETYPE_DES_CBC_NONE,
-    ENCTYPE_DES3_CBC_NONE	= ETYPE_DES3_CBC_NONE,
-    ENCTYPE_DES_CFB64_NONE	= ETYPE_DES_CFB64_NONE,
-    ENCTYPE_DES_PCBC_NONE	= ETYPE_DES_PCBC_NONE
-};
-
-typedef PADATA_TYPE krb5_preauthtype;
-
-typedef enum krb5_key_usage {
-    KRB5_KU_PA_ENC_TIMESTAMP = 1,
-    /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
-       client key (section 5.4.1) */
-    KRB5_KU_TICKET = 2,
-    /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
-       application session key), encrypted with the service key
-       (section 5.4.2) */
-    KRB5_KU_AS_REP_ENC_PART = 3,
-    /* AS-REP encrypted part (includes tgs session key or application
-       session key), encrypted with the client key (section 5.4.2) */
-    KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
-    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-       session key (section 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
-    /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
-          authenticator subkey (section 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
-    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
-       with the tgs session key (sections 5.3.2, 5.4.1) */
-    KRB5_KU_TGS_REQ_AUTH = 7,
-    /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
-       authenticator subkey), encrypted with the tgs session key
-       (section 5.3.2) */
-    KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
-    /* TGS-REP encrypted part (includes application session key),
-       encrypted with the tgs session key (section 5.4.2) */
-    KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
-    /* TGS-REP encrypted part (includes application session key),
-       encrypted with the tgs authenticator subkey (section 5.4.2) */
-    KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
-    /* AP-REQ Authenticator cksum, keyed with the application session
-       key (section 5.3.2) */
-    KRB5_KU_AP_REQ_AUTH = 11,
-    /* AP-REQ Authenticator (includes application authenticator
-       subkey), encrypted with the application session key (section
-       5.3.2) */
-    KRB5_KU_AP_REQ_ENC_PART = 12,
-    /* AP-REP encrypted part (includes application session subkey),
-       encrypted with the application session key (section 5.5.2) */
-    KRB5_KU_KRB_PRIV = 13,
-    /* KRB-PRIV encrypted part, encrypted with a key chosen by the
-       application (section 5.7.1) */
-    KRB5_KU_KRB_CRED = 14,
-    /* KRB-CRED encrypted part, encrypted with a key chosen by the
-       application (section 5.8.1) */
-    KRB5_KU_KRB_SAFE_CKSUM = 15,
-    /* KRB-SAFE cksum, keyed with a key chosen by the application
-       (section 5.6.1) */
-    KRB5_KU_OTHER_ENCRYPTED = 16,
-    /* Data which is defined in some specification outside of
-       Kerberos to be encrypted using an RFC1510 encryption type. */
-    KRB5_KU_OTHER_CKSUM = 17,
-    /* Data which is defined in some specification outside of
-       Kerberos to be checksummed using an RFC1510 checksum type. */
-    KRB5_KU_KRB_ERROR = 18,
-    /* Krb-error checksum */
-    KRB5_KU_AD_KDC_ISSUED = 19,
-    /* AD-KDCIssued checksum */
-    KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
-    /* Checksum for Mandatory Ticket Extensions */
-    KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
-    /* Checksum in Authorization Data in Ticket Extensions */
-    KRB5_KU_USAGE_SEAL = 22,
-    /* seal in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_SIGN = 23,
-    /* sign in GSSAPI krb5 mechanism */
-    KRB5_KU_USAGE_SEQ = 24
-    /* SEQ in GSSAPI krb5 mechanism */
-} krb5_key_usage;
-
-typedef krb5_key_usage krb5_keyusage;
-
-typedef enum krb5_salttype {
-    KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
-    KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
-}krb5_salttype;
-
-typedef struct krb5_salt {
-    krb5_salttype salttype;
-    krb5_data saltvalue;
-} krb5_salt;
-
-typedef ETYPE_INFO krb5_preauthinfo;
-
-typedef struct {
-    krb5_preauthtype type;
-    krb5_preauthinfo info; /* list of preauthinfo for this type */
-} krb5_preauthdata_entry;
-
-typedef struct krb5_preauthdata {
-    unsigned len;
-    krb5_preauthdata_entry *val;
-}krb5_preauthdata;
-
-typedef enum krb5_address_type { 
-    KRB5_ADDRESS_INET     =   2,
-    KRB5_ADDRESS_INET6    =  24,
-    KRB5_ADDRESS_ADDRPORT = 256,
-    KRB5_ADDRESS_IPPORT   = 257
-} krb5_address_type;
-
-enum {
-  AP_OPTS_USE_SESSION_KEY = 1,
-  AP_OPTS_MUTUAL_REQUIRED = 2,
-  AP_OPTS_USE_SUBKEY = 4		/* library internal */
-};
-
-typedef HostAddress krb5_address;
-
-typedef HostAddresses krb5_addresses;
-
-typedef enum krb5_keytype { 
-    KEYTYPE_NULL	= 0,
-    KEYTYPE_DES		= 1,
-    KEYTYPE_DES3	= 7,
-    KEYTYPE_AES128	= 17,
-    KEYTYPE_AES256	= 18,
-    KEYTYPE_ARCFOUR	= 23
-} krb5_keytype;
-
-typedef EncryptionKey krb5_keyblock;
-
-typedef AP_REQ krb5_ap_req;
-
-struct krb5_cc_ops;
-
-#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
-
-#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
-
-#define KRB5_ACCEPT_NULL_ADDRESSES(C) 					 \
-    krb5_config_get_bool_default((C), NULL, TRUE, 			 \
-				 "libdefaults", "accept_null_addresses", \
-				 NULL)
-
-typedef void *krb5_cc_cursor;
-
-typedef struct krb5_ccache_data {
-    const struct krb5_cc_ops *ops;
-    krb5_data data;
-}krb5_ccache_data;
-
-typedef struct krb5_ccache_data *krb5_ccache;
-
-typedef struct krb5_context_data *krb5_context;
-
-typedef Realm krb5_realm;
-typedef const char *krb5_const_realm; /* stupid language */
-
-#define krb5_realm_length(r) strlen(r)
-#define krb5_realm_data(r) (r)
-
-typedef Principal krb5_principal_data;
-typedef struct Principal *krb5_principal;
-typedef const struct Principal *krb5_const_principal;
-
-typedef time_t krb5_deltat;
-typedef time_t krb5_timestamp;
-
-typedef struct krb5_times {
-  krb5_timestamp authtime;
-  krb5_timestamp starttime;
-  krb5_timestamp endtime;
-  krb5_timestamp renew_till;
-} krb5_times;
-
-typedef union {
-    TicketFlags b;
-    krb5_flags i;
-} krb5_ticket_flags;
-
-/* options for krb5_get_in_tkt() */
-#define KDC_OPT_FORWARDABLE		(1 << 1)
-#define KDC_OPT_FORWARDED		(1 << 2)
-#define KDC_OPT_PROXIABLE		(1 << 3)
-#define KDC_OPT_PROXY			(1 << 4)
-#define KDC_OPT_ALLOW_POSTDATE		(1 << 5)
-#define KDC_OPT_POSTDATED		(1 << 6)
-#define KDC_OPT_RENEWABLE		(1 << 8)
-#define KDC_OPT_REQUEST_ANONYMOUS	(1 << 14)
-#define KDC_OPT_DISABLE_TRANSITED_CHECK	(1 << 26)
-#define KDC_OPT_RENEWABLE_OK		(1 << 27)
-#define KDC_OPT_ENC_TKT_IN_SKEY		(1 << 28)
-#define KDC_OPT_RENEW			(1 << 30)
-#define KDC_OPT_VALIDATE		(1 << 31)
-
-typedef union {
-    KDCOptions b;
-    krb5_flags i;
-} krb5_kdc_flags;
-
-/* flags for krb5_verify_ap_req */
-
-#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID	(1 << 0)
-
-#define KRB5_GC_CACHED			(1U << 0)
-#define KRB5_GC_USER_USER		(1U << 1)
-
-/* constants for compare_creds (and cc_retrieve_cred) */
-#define KRB5_TC_DONT_MATCH_REALM	(1U << 31)
-#define KRB5_TC_MATCH_KEYTYPE		(1U << 30)
-
-typedef AuthorizationData krb5_authdata;
-
-typedef KRB_ERROR krb5_error;
-
-typedef struct krb5_creds {
-    krb5_principal client;
-    krb5_principal server;
-    krb5_keyblock session;
-    krb5_times times;
-    krb5_data ticket;
-    krb5_data second_ticket;
-    krb5_authdata authdata;
-    krb5_addresses addresses;
-    krb5_ticket_flags flags;
-} krb5_creds;
-
-typedef struct krb5_cc_ops {
-    const char *prefix;
-    const char* (*get_name)(krb5_context, krb5_ccache);
-    krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
-    krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
-    krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
-    krb5_error_code (*destroy)(krb5_context, krb5_ccache);
-    krb5_error_code (*close)(krb5_context, krb5_ccache);
-    krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
-    krb5_error_code (*retrieve)(krb5_context, krb5_ccache, 
-				krb5_flags, krb5_creds*, krb5_creds);
-    krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
-    krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
-    krb5_error_code (*get_next)(krb5_context, krb5_ccache, 
-				krb5_cc_cursor*, krb5_creds*);
-    krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
-    krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, 
-				   krb5_flags, krb5_creds*);
-    krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
-    int (*get_version)(krb5_context, krb5_ccache);
-} krb5_cc_ops;
-
-struct krb5_log_facility;
-
-struct krb5_config_binding {
-    enum { krb5_config_string, krb5_config_list } type;
-    char *name;
-    struct krb5_config_binding *next;
-    union {
-	char *string;
-	struct krb5_config_binding *list;
-	void *generic;
-    } u;
-};
-
-typedef struct krb5_config_binding krb5_config_binding;
-
-typedef krb5_config_binding krb5_config_section;
-
-typedef struct krb5_context_data {
-    krb5_enctype *etypes;
-    krb5_enctype *etypes_des;
-    char **default_realms;
-    time_t max_skew;
-    time_t kdc_timeout;
-    unsigned max_retries;
-    int32_t kdc_sec_offset;
-    int32_t kdc_usec_offset;
-    krb5_config_section *cf;
-    struct et_list *et_list;
-    struct krb5_log_facility *warn_dest;
-    krb5_cc_ops *cc_ops;
-    int num_cc_ops;
-    const char *http_proxy;
-    const char *time_fmt;
-    krb5_boolean log_utc;
-    const char *default_keytab;
-    const char *default_keytab_modify;
-    krb5_boolean use_admin_kdc;
-    krb5_addresses *extra_addresses;
-    krb5_boolean scan_interfaces;	/* `ifconfig -a' */
-    krb5_boolean srv_lookup;		/* do SRV lookups */
-    krb5_boolean srv_try_txt;		/* try TXT records also */
-    int32_t fcache_vno;			/* create cache files w/ this
-                                           version */
-    int num_kt_types;			/* # of registered keytab types */
-    struct krb5_keytab_data *kt_types;  /* registered keytab types */
-    const char *date_fmt;
-    char *error_string;
-    char error_buf[256];
-    krb5_addresses *ignore_addresses;
-    char *default_cc_name;
-} krb5_context_data;
-
-typedef struct krb5_ticket {
-    EncTicketPart ticket;
-    krb5_principal client;
-    krb5_principal server;
-} krb5_ticket;
-
-typedef Authenticator krb5_authenticator_data;
-
-typedef krb5_authenticator_data *krb5_authenticator;
-
-struct krb5_rcache_data;
-typedef struct krb5_rcache_data *krb5_rcache;
-typedef Authenticator krb5_donot_replay;
-
-#define KRB5_STORAGE_HOST_BYTEORDER			0x01 /* old */
-#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS	0x02
-#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE		0x04
-#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE		0x08
-#define KRB5_STORAGE_BYTEORDER_MASK			0x60
-#define KRB5_STORAGE_BYTEORDER_BE			0x00 /* default */
-#define KRB5_STORAGE_BYTEORDER_LE			0x20
-#define KRB5_STORAGE_BYTEORDER_HOST			0x40
-
-struct krb5_storage_data;
-typedef struct krb5_storage_data krb5_storage;
-
-typedef struct krb5_keytab_entry {
-    krb5_principal principal;
-    krb5_kvno vno;
-    krb5_keyblock keyblock;
-    u_int32_t timestamp;
-} krb5_keytab_entry;
-
-typedef struct krb5_kt_cursor {
-    int fd;
-    krb5_storage *sp;
-    void *data;
-} krb5_kt_cursor;
-
-struct krb5_keytab_data;
-
-typedef struct krb5_keytab_data *krb5_keytab;
-
-#define KRB5_KT_PREFIX_MAX_LEN	30
-
-struct krb5_keytab_data {
-    const char *prefix;
-    krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
-    krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
-    krb5_error_code (*close)(krb5_context, krb5_keytab);
-    krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, 
-			   krb5_kvno, krb5_enctype, krb5_keytab_entry*);
-    krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
-    krb5_error_code (*next_entry)(krb5_context, krb5_keytab, 
-				  krb5_keytab_entry*, krb5_kt_cursor*);
-    krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
-    krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
-    krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
-    void *data;
-    int32_t version;
-};
-
-typedef struct krb5_keytab_data krb5_kt_ops;
-
-struct krb5_keytab_key_proc_args {
-    krb5_keytab keytab;
-    krb5_principal principal;
-};
-
-typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
-
-typedef struct krb5_replay_data {
-    krb5_timestamp timestamp;
-    u_int32_t usec;
-    u_int32_t seq;
-} krb5_replay_data;
-
-/* flags for krb5_auth_con_setflags */
-enum {
-    KRB5_AUTH_CONTEXT_DO_TIME      = 1,
-    KRB5_AUTH_CONTEXT_RET_TIME     = 2,
-    KRB5_AUTH_CONTEXT_DO_SEQUENCE  = 4,
-    KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
-    KRB5_AUTH_CONTEXT_PERMIT_ALL   = 16
-};
-
-/* flags for krb5_auth_con_genaddrs */
-enum {
-    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR       = 1,
-    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  = 3,
-    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR      = 4,
-    KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
-};
-
-typedef struct krb5_auth_context_data {
-    unsigned int flags;
-
-    krb5_address *local_address;
-    krb5_address *remote_address;
-    int16_t local_port;
-    int16_t remote_port;
-    krb5_keyblock *keyblock;
-    krb5_keyblock *local_subkey;
-    krb5_keyblock *remote_subkey;
-
-    u_int32_t local_seqnumber;
-    u_int32_t remote_seqnumber;
-
-    krb5_authenticator authenticator;
-  
-    krb5_pointer i_vector;
-  
-    krb5_rcache rcache;
-
-    krb5_keytype keytype;	/* �requested key type ? */
-    krb5_cksumtype cksumtype;	/* �requested checksum type! */
-  
-}krb5_auth_context_data, *krb5_auth_context;
-
-typedef struct {
-    KDC_REP kdc_rep;
-    EncKDCRepPart enc_part;
-    KRB_ERROR error;
-} krb5_kdc_rep;
-
-extern const char *heimdal_version, *heimdal_long_version;
-
-typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
-typedef void (*krb5_log_close_func_t)(void*);
-
-typedef struct krb5_log_facility {
-    const char *program;
-    int len;
-    struct facility *val;
-} krb5_log_facility;
-
-typedef EncAPRepPart krb5_ap_rep_enc_part;
-
-#define KRB5_RECVAUTH_IGNORE_VERSION 1
-
-#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
-
-#define KRB5_TGS_NAME_SIZE (6)
-#define KRB5_TGS_NAME ("krbtgt")
-
-/* variables */
-
-extern const char *krb5_config_file;
-extern const char *krb5_defkeyname;
-
-typedef enum {
-    KRB5_PROMPT_TYPE_PASSWORD		= 0x1,
-    KRB5_PROMPT_TYPE_NEW_PASSWORD	= 0x2,
-    KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
-    KRB5_PROMPT_TYPE_PREAUTH		= 0x4
-} krb5_prompt_type;
-
-typedef struct _krb5_prompt {
-    const char *prompt;
-    int hidden;
-    krb5_data *reply;
-    krb5_prompt_type type;
-} krb5_prompt;
-
-typedef int (*krb5_prompter_fct)(krb5_context context,
-				 void *data,
-				 const char *name,
-				 const char *banner,
-				 int num_prompts,
-				 krb5_prompt prompts[]);
-
-typedef krb5_error_code (*krb5_key_proc)(krb5_context context,
-					 krb5_enctype type,
-					 krb5_salt salt,
-					 krb5_const_pointer keyseed,
-					 krb5_keyblock **key);
-typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context context,
-					     krb5_keyblock *key,
-					     krb5_key_usage usage,
-					     krb5_const_pointer decrypt_arg,
-					     krb5_kdc_rep *dec_rep);
-
-
-typedef struct _krb5_get_init_creds_opt {
-    krb5_flags flags;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    int forwardable;
-    int proxiable;
-    int anonymous;
-    krb5_enctype *etype_list;
-    int etype_list_length;
-    krb5_addresses *address_list;
-#if 0 /* this is the MIT-way */
-    krb5_address **address_list;
-#endif
-    /* XXX the next three should not be used, as they may be
-       removed later */
-    krb5_preauthtype *preauth_list;
-    int preauth_list_length;
-    krb5_data *salt;
-} krb5_get_init_creds_opt;
-
-#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE	0x0001
-#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE	0x0002
-#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE	0x0004
-#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE	0x0008
-#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST	0x0010
-#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST	0x0020
-#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST	0x0040
-#define KRB5_GET_INIT_CREDS_OPT_SALT		0x0080
-#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS	0x0100
-
-typedef struct _krb5_verify_init_creds_opt {
-    krb5_flags flags;
-    int ap_req_nofail;
-} krb5_verify_init_creds_opt;
-
-#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL	0x0001
-
-typedef struct krb5_verify_opt {
-    unsigned int flags;
-    krb5_ccache ccache;
-    krb5_keytab keytab;
-    krb5_boolean secure;
-    const char *service;
-} krb5_verify_opt;
-
-#define KRB5_VERIFY_LREALMS		1
-#define KRB5_VERIFY_NO_ADDRESSES	2
-
-extern const krb5_cc_ops krb5_fcc_ops;
-extern const krb5_cc_ops krb5_mcc_ops;
-
-extern const krb5_kt_ops krb5_fkt_ops;
-extern const krb5_kt_ops krb5_mkt_ops;
-extern const krb5_kt_ops krb5_akf_ops;
-extern const krb5_kt_ops krb4_fkt_ops;
-extern const krb5_kt_ops krb5_srvtab_fkt_ops;
-extern const krb5_kt_ops krb5_any_ops;
-
-#define KRB5_KPASSWD_SUCCESS	0
-#define KRB5_KPASSWD_MALFORMED	1
-#define KRB5_KPASSWD_HARDERROR	2
-#define KRB5_KPASSWD_AUTHERROR	3
-#define KRB5_KPASSWD_SOFTERROR	4
-
-#define KPASSWD_PORT 464
-
-/* types for the new krbhst interface */
-struct krb5_krbhst_data;
-typedef struct krb5_krbhst_data *krb5_krbhst_handle;
-
-#define KRB5_KRBHST_KDC		1
-#define KRB5_KRBHST_ADMIN	2
-#define KRB5_KRBHST_CHANGEPW	3
-#define KRB5_KRBHST_KRB524	4
-
-typedef struct krb5_krbhst_info {
-    enum { KRB5_KRBHST_UDP,
-	   KRB5_KRBHST_TCP,
-	   KRB5_KRBHST_HTTP } proto;
-    unsigned short port;
-    unsigned short def_port;
-    struct addrinfo *ai;
-    struct krb5_krbhst_info *next;
-    char hostname[1]; /* has to come last */
-} krb5_krbhst_info;
-
-
-struct credentials; /* this is to keep the compiler happy */
-struct getargs;
-struct sockaddr;
-
-#include <krb5-protos.h>
-
-#endif /* __KRB5_H__ */
-
diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
deleted file mode 100644
index 78bb62cb40b5..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
+++ /dev/null
@@ -1,224 +0,0 @@
-.\" Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_425_conv_principal.3,v 1.10 2003/04/16 13:58:13 lha Exp $
-.\"
-.Dd April 11, 1999
-.Dt KRB5_425_CONV_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_425_conv_principal ,
-.Nm krb5_425_conv_principal_ext ,
-.Nm krb5_524_conv_principal
-.Nd converts to and from version 4 principals
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_425_conv_principal_ext "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_boolean (*func)(krb5_context, krb5_principal)" "krb5_boolean resolve" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm"
-.Sh DESCRIPTION
-Converting between version 4 and version 5 principals can at best be
-described as a mess.
-.Pp
-A version 4 principal consists of a name, an instance, and a realm. A
-version 5 principal consists of one or more components, and a
-realm. In some cases also the first component/name will differ between
-version 4 and version 5.  Furthermore the second component of a host
-principal will be the fully qualified domain name of the host in
-question, while the instance of a version 4 principal will only
-contain the first part (short hostname).  Because of these problems
-the conversion between principals will have to be site customized.
-.Pp
-.Fn krb5_425_conv_principal_ext
-will try to convert a version 4 principal, given by
-.Fa name ,
-.Fa instance ,
-and
-.Fa realm ,
-to a version 5 principal. This can result in several possible
-principals, and if
-.Fa func
-is non-NULL, it will be called for each candidate principal.
-.Fa func
-should return true if the principal was
-.Dq good .
-To accomplish this,
-.Fn krb5_425_conv_principal_ext
-will look up the name in
-.Pa krb5.conf .
-It first looks in the
-.Li v4_name_convert/host
-subsection, which should contain a list of version 4 names whose
-instance should be treated as a hostname. This list can be specified
-for each realm (in the
-.Li realms
-section), or in the
-.Li libdefaults
-section.  If the name is found the resulting name of the principal
-will be the value of this binding. The instance is then first looked
-up in
-.Li v4_instance_convert
-for the specified realm. If found the resulting value will be used as
-instance (this can be used for special cases), no further attempts
-will be made to find a conversion if this fails (with
-.Fa func ) .
-If the
-.Fa resolve
-parameter is true, the instance will be looked up with
-.Fn gethostbyname .
-This can be a time consuming, error prone, and unsafe operation.  Next
-a list of hostnames will be created from the instance and the
-.Li v4_domains
-variable, which should contain a list of possible domains for the
-specific realm.
-.Pp
-On the other hand, if the name is not found in a
-.Li host
-section, it is looked up in a
-.Li v4_name_convert/plain
-binding. If found here the name will be converted, but the instance
-will be untouched.
-.Pp
-This list of default host-type conversions is compiled-in:
-.Bd -literal -offset indent
-v4_name_convert = {
-	host = {
-		ftp = ftp
-		hprop = hprop
-		imap = imap
-		pop = pop
-		rcmd = host
-		smtp = smtp
-	}
-}
-.Ed
-.Pp
-It will only be used if there isn't an entry for these names in the
-config file, so you can override these defaults.
-.Pp
-.Fn krb5_425_conv_principal
-will call
-.Fn krb5_425_conv_principal_ext
-with
-.Dv NULL
-as
-.Fa func ,
-and the value of
-.Li v4_instance_resolve
-(from the
-.Li libdefaults
-section) as
-.Fa resolve .
-.Pp
-.Fn krb5_524_conv_principal
-basically does the opposite of
-.Fn krb5_425_conv_principal ,
-it just doesn't have to look up any names, but will instead truncate
-instances found to belong to a host principal. The
-.Fa name ,
-.Fa instance ,
-and
-.Fa realm
-should be at least 40 characters long.
-.Sh EXAMPLES
-Since this is confusing an example is in place.
-.Pp
-Assume that we have the
-.Dq foo.com ,
-and
-.Dq bar.com
-domains that have shared a single version 4 realm, FOO.COM. The version 4
-.Pa krb.realms
-file looked like:
-.Bd -literal -offset indent
-foo.com		FOO.COM
-\&.foo.com	FOO.COM
-\&.bar.com	FOO.COM
-.Ed
-.Pp
-A
-.Pa krb5.conf
-file that covers this case might look like:
-.Bd -literal -offset indent
-[libdefaults]
-	v4_instance_resolve = yes
-[realms]
-	FOO.COM = {
-		kdc = kerberos.foo.com
-		v4_instance_convert = {
-			foo = foo.com
-		}
-		v4_domains = foo.com
-	}
-.Ed
-.Pp
-With this setup and the following host table:
-.Bd -literal -offset indent
-foo.com
-a-host.foo.com
-b-host.bar.com
-.Ed
-the following conversions will be made:
-.Bd -literal -offset indent
-rcmd.a-host	\(-> host/a-host.foo.com
-ftp.b-host	\(-> ftp/b-host.bar.com
-pop.foo		\(-> pop/foo.com
-ftp.other	\(-> ftp/other.foo.com
-other.a-host	\(-> other/a-host
-.Ed
-.Pp
-The first three are what you expect. If you remove the
-.Dq v4_domains ,
-the fourth entry will result in an error (since the host
-.Dq other
-can't be found). Even if
-.Dq a-host
-is a valid host name, the last entry will not be converted, since the
-.Dq other
-name is not known to represent a host-type principal.
-If you turn off
-.Dq v4_instance_resolve
-the second example will result in
-.Dq ftp/b-host.foo.com
-(because of the default domain). And all of this is of course only
-valid if you have working name resolving.
-.Sh SEE ALSO
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3
deleted file mode 100644
index dc780add575d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_address.3
+++ /dev/null
@@ -1,355 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5_address.3,v 1.4 2003/04/16 13:58:12 lha Exp $
-.\" 
-.Dd March 11, 2002
-.Dt KRB5_ADDRESS 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_address ,
-.Nm krb5_addresses ,
-.Nm krb5_sockaddr2address ,
-.Nm krb5_sockaddr2port ,
-.Nm krb5_addr2sockaddr ,
-.Nm krb5_max_sockaddr_size ,
-.Nm krb5_sockaddr_uninteresting ,
-.Nm krb5_h_addr2sockaddr ,
-.Nm krb5_h_addr2addr ,
-.Nm krb5_anyaddr ,
-.Nm krb5_print_address ,
-.Nm krb5_parse_address ,
-.Nm krb5_address_order ,
-.Nm krb5_address_compare ,
-.Nm krb5_address_search ,
-.Nm krb5_free_address ,
-.Nm krb5_free_addresses ,
-.Nm krb5_copy_address ,
-.Nm krb5_copy_addresses ,
-.Nm krb5_append_addresses ,
-.Nm krb5_make_addrport
-.Nd mange addresses in Kerberos.
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_sockaddr2address
-.Fa "krb5_context context"
-.Fa "const struct sockaddr *sa"
-.Fa "krb5_address *addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_sockaddr2port
-.Fa "krb5_context context"
-.Fa "const struct sockaddr *sa"
-.Fa "int16_t *port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_addr2sockaddr
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft size_t
-.Fo krb5_max_sockaddr_size
-.Fa "void"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_sockaddr_uninteresting
-.Fa "const struct sockaddr *sa"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_addr2sockaddr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "const char *addr"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_h_addr2addr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "const char *haddr"
-.Fa "krb5_address *addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_anyaddr
-.Fa "krb5_context context"
-.Fa "int af"
-.Fa "struct sockaddr *sa"
-.Fa "krb5_socklen_t *sa_size"
-.Fa "int port"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_print_address
-.Fa "const krb5_address *addr"
-.Fa "char *str"
-.Fa "size_t len"
-.Fa "size_t *ret_len"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_parse_address
-.Fa "krb5_context context"
-.Fa "const char *string"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft int
-.Fo "krb5_address_order"
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr1"
-.Fa "const krb5_address *addr2"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_address_compare
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr1"
-.Fa "const krb5_address *addr2"
-.Fc
-.Ft "krb5_boolean"
-.Fo krb5_address_search
-.Fa "krb5_context context"
-.Fa "const krb5_address *addr"
-.Fa "const krb5_addresses *addrlist"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_address
-.Fa "krb5_context context"
-.Fa "krb5_address *address"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_free_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *addresses"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_address
-.Fa "krb5_context context"
-.Fa "const krb5_address *inaddr"
-.Fa "krb5_address *outaddr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_copy_addresses
-.Fa "krb5_context context"
-.Fa "const krb5_addresses *inaddr"
-.Fa "krb5_addresses *outaddr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_append_addresses
-.Fa "krb5_context context"
-.Fa "krb5_addresses *dest"
-.Fa "const krb5_addresses *source"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_make_addrport
-.Fa "krb5_context context"
-.Fa "krb5_address **res"
-.Fa "const krb5_address *addr"
-.Fa "int16_t port"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_address
-structure holds a address that can be used in Kerberos API
-calls. There are help functions to set and extract address information
-of the address.
-.Pp
-The
-.Li krb5_addresses
-structure holds a set of krb5_address:es.
-.Pp
-.Fn krb5_sockaddr2address
-stores a address a 
-.Li "struct sockaddr"
-.Fa sa
-in the krb5_address
-.Fa addr .
-.Pp
-.Fn krb5_sockaddr2port
-extracts a
-.Fa port
-(if possible) from a
-.Li "struct sockaddr"
-.Fa sa .
-.Pp
-.Fn krb5_addr2sockaddr
-sets the
-struct sockaddr
-.Fa sockaddr
-from
-.Fa addr
-and
-.Fa port .
-.Fa Sa_size
-should be initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_max_sockaddr_size
-returns the max size of the
-.Li struct sockaddr
-that the Kerberos library will return.
-.Pp
-.Fn krb5_sockaddr_uninteresting
-returns
-.Dv TRUE
-for all
-.Fa sa
-that for that the kerberos library thinks are uninteresting.
-One example are link local addresses.
-.Pp
-.Fn krb5_h_addr2sockaddr
-initializes a
-.Li "struct sockaddr"
-.Fa sa
-from
-.Fa af
-and the
-.Li "struct hostent"
-(see
-.Xr gethostbyname 3 )
-.Fa h_addr_list 
-component.
-.Fa Sa_size
-should be initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Fa sa
-argument.
-.Pp
-.Fn krb5_h_addr2addr
-works like
-.Fn krb5_h_addr2sockaddr
-with the exception that it operates on a
-.Li krb5_address
-instead of a
-.Li struct sockaddr
-.Pp
-.Fn krb5_anyaddr
-fills in a
-.Li "struct sockaddr"
-.Fa sa
-that can be used to
-.Xf bind 3
-to.
-.Fa Sa_size
-should be initially contain the size of the
-.Fa sa ,
-and after the call, it will contain the actual length of the address.
-.Pp
-.Fn krb5_print_address
-prints the address in
-.Fa addr
-to the a string
-.Fa string
-that have the length
-.Fa len .
-If
-.Fa ret_len
-if not
-.Dv NULL ,
-it will be filled in length of the string.
-.Pp
-.Fn krb5_parse_address
-Returns the resolving a hostname in
-.Fa string
-to the
-.Li krb5_addresses
-.Fa addresses .
-.Pp
-.Fn krb5_address_order
-compares to addresses
-.Fa addr1
-and
-.Fa addr2
-so that it can be used for sorting addresses. If the addresses are the
-same address
-.Fa krb5_address_order will be return 0.
-.Pp
-.Fn krb5_address_compare
-compares the addresses
-.Fa addr1
-and
-.Fa addr2 .
-returns
-.Dv TRUE
-if the two addresses are the same.
-.Pp
-.Fn krb5_address_search
-checks if the address
-.Fa addr
-is a member of the address set list
-.Fa addrlist .
-.Pp
-.Fn krb5_free_address
-frees the data stored in the
-.Fa address
-that is alloced with any of the krb5_address functions.
-.Pp
-.Fn krb5_free_addresses
-frees the data stored in the
-.Fa addresses
-that is alloced with any of the krb5_address functions.
-.Pp
-.Fn krb5_copy_address
-copies the content of address
-.Fa inaddr
-to
-.Fa outaddr .
-.Pp
-.Fn krb5_copy_addresses
-copies the content of the address list
-.Fa inaddr
-to
-.Fa outaddr .
-.Pp
-.Fn krb5_append_addresses
-adds the set of addresses in
-.Fa source
-to
-.Fa dest .
-While copying the addresses, duplicates are also sorted out.
-.Pp
-.Fn krb5_make_addrport
-allocates and creates an 
-krb5_address in
-.Fa res
-of type KRB5_ADDRESS_ADDRPORT from
-.Fa ( addr , port ) .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3
deleted file mode 100644
index 900e1d948393..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3
+++ /dev/null
@@ -1,80 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_aname_to_localname.3,v 1.2 2003/04/16 13:58:13 lha Exp $
-.\"
-.Dd March 17, 2003
-.Dt KRB5_ANAME_TO_LOCALNAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_aname_to_localname
-.Nd converts a principal to a system local name.
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_aname_to_localname
-.Fa "krb5_context context"
-.Fa "krb5_const_principal name"
-.Fa "size_t lnsize"
-.Fa "char *lname"
-.Fc
-.Sh DESCRIPTION
-This function takes a principal
-.Fa name ,
-verifies its in the local realm (using
-.Fn krb5_get_default_realms )
-and then returns the local name of the principal.
-.Pp
-If
-.Fa name
-isn't in one of the local realms and error is returned.
-.Pp
-If size
-.Fa ( lnsize )
-of the local name
-.Fa ( lname )
-is to small, an error is returned.
-.Pp
-.Fn krb5_aname_to_localname
-should only be use by application that implements protocols that
-doesn't transport the login name and thus needs to convert a principal
-to a local name.
-.Pp
-Protocols should be designed so that the it autheticates using
-Kerberos, send over the login name and then verifies in the principal
-that authenticated is allowed to login and the login name.
-A way to check if a user is allowed to login is using the function
-.Fn krb5_kuserok .
-.Sh SEE ALSO
-.Xr krb5_get_default_realms 3 ,
-.Xr krb5_kuserok 3
diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3
deleted file mode 100644
index f913fdc33cb3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_appdefault.3
+++ /dev/null
@@ -1,88 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_appdefault.3,v 1.10 2003/04/16 13:58:10 lha Exp $
-.\"
-.Dd July 25, 2000
-.Dt KRB5_APPDEFAULT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_appdefault_boolean ,
-.Nm krb5_appdefault_string ,
-.Nm krb5_appdefault_time
-.Nd get application configuration value
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val"
-.Ft void
-.Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val"
-.Ft void
-.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
-.Sh DESCRIPTION
-These functions get application defaults from the
-.Dv appdefaults
-section of the
-.Xr krb5.conf 5
-configuration file. These defaults can be specified per application,
-and/or per realm.
-.Pp
-These values will be looked for in
-.Xr krb5.conf 5 ,
-in order of descending importance.
-.Bd -literal -offset indent
-[appdefaults]
-	appname = {
-		realm = {
-			option = value
-		}
-	}
-	appname = {
-		option = value
-	}
-	realm = {
-		option = value
-	}
-	option = value
-.Ed
-.Fa appname
-is the name of the application, and
-.Fa realm
-is the realm name. If the realm is omitted it will not be used for
-resolving values.
-.Fa def_val
-is the value to return if no value is found in
-.Xr krb5.conf 5 .
-.Sh SEE ALSO
-.Xr krb5_config 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3
deleted file mode 100644
index 69db32486bbd..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_auth_context.3
+++ /dev/null
@@ -1,317 +0,0 @@
-.\" Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_auth_context.3,v 1.8 2003/04/16 13:58:13 lha Exp $
-.\"
-.Dd January 21, 2001
-.Dt KRB5_AUTH_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_auth_context ,
-.Nm krb5_auth_con_init ,
-.Nm krb5_auth_con_free ,
-.Nm krb5_auth_con_setflags ,
-.Nm krb5_auth_con_getflags ,
-.Nm krb5_auth_con_setaddrs ,
-.Nm krb5_auth_con_setaddrs_from_fd ,
-.Nm krb5_auth_con_getaddrs ,
-.Nm krb5_auth_con_genaddrs ,
-.Nm krb5_auth_con_getkey ,
-.Nm krb5_auth_con_setkey ,
-.Nm krb5_auth_con_getuserkey ,
-.Nm krb5_auth_con_setuserkey ,
-.Nm krb5_auth_con_getlocalsubkey ,
-.Nm krb5_auth_con_setlocalsubkey ,
-.Nm krb5_auth_con_getremotesubkey ,
-.Nm krb5_auth_con_setremotesubkey ,
-.Nm krb5_auth_setcksumtype ,
-.Nm krb5_auth_getcksumtype ,
-.Nm krb5_auth_setkeytype ,
-.Nm krb5_auth_getkeytype ,
-.Nm krb5_auth_getlocalseqnumber ,
-.Nm krb5_auth_setlocalseqnumber ,
-.Nm krb5_auth_getremoteseqnumber ,
-.Nm krb5_auth_setremoteseqnumber ,
-.Nm krb5_auth_getauthenticator ,
-.Nm krb5_auth_con_getrcache ,
-.Nm krb5_auth_con_setrcache ,
-.Nm krb5_auth_con_initivector ,
-.Nm krb5_auth_con_setivector
-.Nd manage authentication on connection level
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_auth_con_init
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fc
-.Ft void
-.Fo krb5_auth_con_free
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getflags
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int32_t *flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_address *local_addr"
-.Fa "krb5_address *remote_addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_address **local_addr"
-.Fa "krb5_address **remote_addr"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_genaddrs
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "int fd"
-.Fa "int flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setaddrs_from_fd
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "void *p_fd"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getlocalsubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_getremotesubkey
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fa "krb5_keyblock **keyblock"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_initivector
-.Fa "krb5_context context"
-.Fa "krb5_auth_context auth_context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_auth_con_setivector
-.Fa "krb5_context context"
-.Fa "krb5_auth_context *auth_context"
-.Fa "krb5_pointer ivector"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_auth_context
-structure holds all context related to an authenticated connection, in
-a similar way to
-.Nm krb5_context
-that holds the context for the thread or process.
-.Nm krb5_auth_context
-is used by various functions that are directly related to
-authentication between the server/client. Example of data that this
-structure contains are various flags, addresses of client and server,
-port numbers, keyblocks (and subkeys), sequence numbers, replay cache,
-and checksum-type.
-.Pp
-.Fn krb5_auth_con_init
-allocates and initializes the
-.Nm krb5_auth_context
-structure. Default values can be changed with
-.Fn krb5_auth_con_setcksumtype
-and
-.Fn krb5_auth_con_setflags .
-The
-.Nm auth_context
-structure must be freed by
-.Fn krb5_auth_con_free .
-.Pp
-.Fn krb5_auth_con_getflags
-and
-.Fn krb5_auth_con_setflags
-gets and modifies the flags for a
-.Nm krb5_auth_context
-structure. Possible flags to set are:
-.Bl -tag -width Ds
-.It Dv KRB5_AUTH_CONTEXT_DO_TIME
-check timestamp on incoming packets.
-.\".It Dv KRB5_AUTH_CONTEXT_RET_TIME
-.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
-Generate and check sequence-number on each packet.
-.\".It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
-.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
-.El
-.Pp
-.Fn krb5_auth_con_setaddrs ,
-.Fn krb5_auth_con_setaddrs_from_fd
-and
-.Fn krb5_auth_con_getaddrs
-gets and sets the addresses that are checked when a packet is received.
-It is mandatory to set an address for the remote
-host. If the local address is not set, it iss deduced from the underlaying
-operating system.
-.Fn krb5_auth_con_getaddrs
-will call
-.Fn krb5_free_address
-on any address that is passed in
-.Fa local_addr
-or
-.Fa remote_addr .
-.Fn krb5_auth_con_setaddr
-allows passing in a
-.Dv NULL
-pointer as
-.Fa local_addr
-and
-.Fa remote_addr ,
-in that case it will just not set that address.
-.Pp
-.Fn krb5_auth_con_setaddrs_from_fd
-fetches the addresses from a file descriptor.
-.Pp
-.Fn krb5_auth_con_genaddrs
-fetches the address information from the given file descriptor
-.Fa fd
-depending on the bitmap argument
-.Fa flags .
-.Pp
-Possible values on
-.Fa flags
-are:
-.Bl -tag -width Ds
-.It Va KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
-fetches the local address from
-.Fa fd .
-.It Va KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
-fetches the remote address from
-.Fa fd .
-.El
-.Pp
-.Fn krb5_auth_con_setkey ,
-.Fn krb5_auth_con_setuserkey
-and
-.Fn krb5_auth_con_getkey
-gets and sets the key used for this auth context. The keyblock returned by
-.Fn krb5_auth_con_getkey
-should be freed with
-.Fn krb5_free_keyblock .
-The keyblock send into
-.Fn krb5_auth_con_setkey
-is copied into the
-.Nm krb5_auth_context ,
-and thus no special handling is needed.
-.Dv NULL
-is not a valid keyblock to
-.Fn krb5_auth_con_setkey .
-.Pp
-.Fn krb5_auth_con_setuserkey
-is only useful when doing user to user authentication.
-.Fn krb5_auth_con_setkey
-is equivalent to
-.Fn krb5_auth_con_setuserkey .
-.Pp
-.Fn krb5_auth_con_getlocalsubkey ,
-.Fn krb5_auth_con_setlocalsubkey ,
-.Fn krb5_auth_con_getremotesubkey
-and
-.Fn krb5_auth_con_setremotesubkey
-gets and sets the keyblock for the local and remote subkey. The keyblock returned by
-.Fn krb5_auth_con_getlocalsubkey
-and
-.Fn krb5_auth_con_getremotesubkey
-must be freed with
-.Fn krb5_free_keyblock .
-.Pp
-.Fn krb5_auth_setcksumtype
-and
-.Fn krb5_auth_getcksumtype
-sets and gets the checksum type that should be used for this
-connection.
-.Pp
-.Fn krb5_auth_getremoteseqnumber
-.Fn krb5_auth_setremoteseqnumber ,
-.Fn krb5_auth_getlocalseqnumber
-and
-.Fn krb5_auth_setlocalseqnumber
-gets and sets the sequence-number for the local and remote
-sequence-number counter.
-.Pp
-.Fn krb5_auth_setkeytype
-and
-.Fn krb5_auth_getkeytype
-gets and gets the keytype of the keyblock in
-.Nm krb5_auth_context .
-.Pp
-.Fn krb5_auth_getauthenticator
-Retrieves the authenticator that was used during mutual
-authentication. The
-.Dv authenticator
-returned should be freed by calling
-.Fn krb5_free_authenticator .
-.Pp
-.Fn krb5_auth_con_getrcache
-and
-.Fn krb5_auth_con_setrcache
-gets and sets the replay-cache.
-.Pp
-.Fn krb5_auth_con_initivector
-allocates memory for and zeros the initial vector in the
-.Fa auth_context
-keyblock.
-.Pp
-.Fn krb5_auth_con_setivector
-sets the i_vector portion of
-.Fa auth_context
-to
-.Fa ivector .
-.Sh SEE ALSO
-.Xr krb5_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3
deleted file mode 100644
index e74c7543bd74..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_build_principal.3
+++ /dev/null
@@ -1,101 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_BUILD_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_build_principal ,
-.Nm krb5_build_principal_ext ,
-.Nm krb5_build_principal_va ,
-.Nm krb5_build_principal_va_ext ,
-.Nm krb5_make_principal
-.Nd principal creation functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-.Sh DESCRIPTION
-These functions create a Kerberos 5 principal from a realm and a list
-of components.
-All of these functions return an allocated principal in the
-.Fa principal
-parameter, this should be freed with
-.Fn krb5_free_principal
-after use.
-.Pp
-The
-.Dq build
-functions take a
-.Fa realm
-and the length of the realm.  The
-.Fn krb5_build_principal
-and
-.Fn krb5_build_principal_va
-also takes a list of components (zero-terminated strings), terminated
-with
-.Dv NULL .
-The
-.Fn krb5_build_principal_ext
-and
-.Fn krb5_build_principal_va_ext
-takes a list of length-value pairs, the list is terminated with a zero
-length.
-.Pp
-The
-.Fn krb5_make_principal
-is a wrapper around
-.Fn krb5_build_principal .
-If the realm is
-.Dv NULL ,
-the default realm will be used.
-.Sh BUGS
-You can not have a NUL in a component. Until someone can give a good
-example of where it would be a good idea to have NUL's in a component,
-this will not be fixed.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3
deleted file mode 100644
index ec48c5f37a50..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_ccache.3
+++ /dev/null
@@ -1,356 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5_ccache.3,v 1.7 2003/04/16 13:58:12 lha Exp $
-.\" 
-.Dd March 16, 2003
-.Dt KRB5_CCACHE 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_ccache ,
-.Nm krb5_cc_cursor ,
-.Nm krb5_cc_ops ,
-.Nm krb5_fcc_ops ,
-.Nm krb5_mcc_ops ,
-.Nm krb5_cc_close ,
-.Nm krb5_cc_copy_cache ,
-.Nm krb5_cc_default ,
-.Nm krb5_cc_default_name ,
-.Nm krb5_cc_destroy ,
-.Nm krb5_cc_end_seq_get ,
-.Nm krb5_cc_gen_new ,
-.Nm krb5_cc_get_name ,
-.Nm krb5_cc_get_principal ,
-.Nm krb5_cc_get_type ,
-.Nm krb5_cc_get_ops ,
-.Nm krb5_cc_get_version ,
-.Nm krb5_cc_initialize ,
-.Nm krb5_cc_register ,
-.Nm krb5_cc_resolve ,
-.Nm krb5_cc_retrieve_cred ,
-.Nm krb5_cc_remove_cred ,
-.Nm krb5_cc_set_default_name ,
-.Nm krb5_cc_store_cred ,
-.Nm krb5_cc_set_flags ,
-.Nm krb5_cc_next_cred
-.Nd mange credential cache.
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_ccache;"
-.Pp
-.Li "struct krb5_cc_cursor;"
-.Pp
-.Li "struct krb5_cc_ops;"
-.Pp
-.Li "struct krb5_cc_ops *krb5_fcc_ops;"
-.Pp
-.Li "struct krb5_cc_ops *krb5_mcc_ops;"
-.Pp
-.Ft krb5_error_code
-.Fo krb5_cc_close
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_copy_cache
-.Fa "krb5_context *context"
-.Fa "const krb5_ccache from"
-.Fa "krb5_ccache to"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_default
-.Fa "krb5_context *context"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_default_name
-.Fa "krb5_context *context"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_destroy
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_end_seq_get
-.Fa "krb5_context *context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_gen_new
-.Fa "krb5_context *context"
-.Fa "const krb5_cc_ops *ops"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_get_name
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_principal
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal *principal"
-.Fc
-.Ft "const char *"
-.Fo krb5_cc_get_type
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft "const krb5_cc_ops *"
-.Fo krb5_cc_get_ops
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_get_version
-.Fa "krb5_context *context"
-.Fa "const krb5_ccache id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_initialize
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fa "krb5_principal primary_principal"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_register
-.Fa "krb5_context *context"
-.Fa "const krb5_cc_ops *ops"
-.Fa "krb5_boolean override"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_resolve
-.Fa "krb5_context *context"
-.Fa "const char *name"
-.Fa "krb5_ccache *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_retrieve_cred
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fa "krb5_flags whichfields"
-.Fa "const krb5_creds *mcreds"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_remove_cred
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fa "krb5_flags which"
-.Fa "krb5_creds *cred"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_set_default_name
-.Fa "krb5_context *context"
-.Fa "const char *name"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_store_cred
-.Fa "krb5_context *context"
-.Fa "krb5_ccache id"
-.Fa "krb5_creds *creds"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_set_flags
-.Fa "krb5_context *context"
-.Fa "krb5_cc_set_flags id"
-.Fa "krb5_flags flags"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_cc_next_cred
-.Fa "krb5_context *context"
-.Fa "const krb5_ccache id"
-.Fa "krb5_cc_cursor *cursor"
-.Fa "krb5_creds *creds"
-.Fc
-.Sh DESCRIPTION
-The
-.Li krb5_ccache
-structure holds a Kerberos credential cache.
-.Pp
-The
-.Li krb5_cc_cursor
-structure holds current position in a credential cache when
-iterating over the cache.
-.Pp
-The
-.Li krb5_cc_ops
-structure holds a set of operations that can me preformed on a
-credential cache.
-.Pp
-There is no component inside
-.Li krb5_ccache ,
-.Li krb5_cc_cursor
-nor
-.Li krb5_fcc_ops
-that is directly referable.
-.Pp
-The
-.Li krb5_creds
-holds a Kerberos credential, see manpage for
-.Xr krb5_creds 3 .
-.Pp
-.Fn krb5_cc_default_name
-and
-.Fn krb5_cc_set_default_name
-gets and sets the default name for the
-.Fa context .
-.Pp
-.Fn krb5_cc_default
-opens the default ccache in 
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_gen_new
-generates a new ccache of type
-.Fa ops
-in
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_resolve
-finds and allocates a ccache in 
-.Fa id
-from the specification in 
-.Fa residual .
-If the ccache name doesn't contain any colon (:), interpret it as a
-file name.
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_initialize
-creates a new ccache in
-.Fa id
-for
-.Fa primary_principal .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_close
-stops using the ccache 
-.Fa id
-and frees the related resources.
-Return 0 or an error code.
-.Fn krb5_cc_destroy
-removes the ccache 
-and closes (by calling
-.Fn krb5_cc_close )
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_copy_cache
-copys the contents of 
-.Fa from
-to 
-.Fa to .
-.Pp
-.Fn krb5_cc_get_name
-returns the name of the ccache 
-.Fa id .
-.Pp
-.Fn krb5_cc_get_principal
-returns the principal of 
-.Fa id
-in
-.Fa principal .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_get_type
-returns the type of the ccache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_ops
-returns the ops of the ccache
-.Fa id .
-.Pp
-.Fn krb5_cc_get_version
-returns the version of
-.Fa id .
-.Pp
-.Fn krb5_cc_register
-Adds a new ccache type with operations 
-.Fa ops ,
-overwriting any existing one if
-.Fa override .
-Return an error code or 0.
-.Pp
-.Fn krb5_cc_remove_cred
-removes the credential identified by
-.Fa ( cred ,
-.Fa which )
-from 
-.Fa id .
-.Pp
-.Fn krb5_cc_store_cred
-stores
-.Fa creds
-in the ccache
-.Fa id .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_set_flags
-sets the flags of
-.Fa id
-to
-.Fa flags .
-.Pp
-.Fn krb5_cc_retrieve_cred ,
-retrieves the credential identified by 
-.Fa mcreds
-(and
-.Fa whichfields )
-from
-.Fa id
-in
-.Fa creds .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_next_cred
-retrieves the next cred pointed to by
-.Fa ( id ,
-.Fa cursor )
-in
-.Fa creds ,
-and advance
-.Fa cursor .
-Return 0 or an error code.
-.Pp
-.Fn krb5_cc_end_seq_get
-Destroys the cursor
-.Fa cursor .
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3
deleted file mode 100644
index 471389e54aca..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_config.3
+++ /dev/null
@@ -1,65 +0,0 @@
-.\" Copyright (c) 2000 Kungliga Tekniska H�gskolan
-.\" $Id: krb5_config.3,v 1.5 2003/04/16 13:58:14 lha Exp $
-.Dd July 25, 2000
-.Dt KRB5_CONFIG 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_config_get_bool_default ,
-.Nm krb5_config_get_int_default ,
-.Nm krb5_config_get_string_default ,
-.Nm krb5_config_get_time_default
-.Nd get configuration value
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..."
-.Ft int
-.Fn krb5_config_get_int_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
-.Ft const char*
-.Fn krb5_config_get_string_default "krb5_context context" "krb5_config_section *c" "const char *def_value" "..."
-.Ft int
-.Fn krb5_config_get_time_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
-.Sh DESCRIPTION
-These functions get values from the
-.Xr krb5.conf 5
-configuration file, or another configuration database specified by the
-.Fa c
-parameter.
-.Pp
-The variable arguments should be a list of strings naming each
-subsection to look for. For example:
-.Bd -literal -offset indent
-krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "log_utc", NULL)
-.Ed
-.Pp
-gets the boolean value for the
-.Dv log_utc
-option, defaulting to
-.Dv FALSE .
-.Pp
-.Fn krb5_config_get_bool_default
-will convert the option value to a boolean value, where
-.Sq yes ,
-.Sq true ,
-and any non-zero number means
-.Dv TRUE ,
-and any other value
-.Dv FALSE .
-.Pp
-.Fn krb5_config_get_int_default
-will convert the value to an integer.
-.Pp
-.Fn krb5_config_get_time_default
-will convert the value to a period of time (not a time stamp) in
-seconds, so the string
-.Sq 2 weeks
-will be converted to
-1209600 (2 * 7 * 24 * 60 * 60).
-.Sh BUGS
-Other than for the string case, there's no way to tell whether there
-was a value specified or not.
-.Sh SEE ALSO
-.Xr krb5_appdefault 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3
deleted file mode 100644
index 95d11207d49a..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_context.3
+++ /dev/null
@@ -1,52 +0,0 @@
-.\" Copyright (c) 2001 - 200 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_context.3,v 1.5 2003/03/10 02:19:28 lha Exp $
-.\"
-.Dd January 21, 2001
-.Dt KRB5_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_context
-.Nd krb5 state structure
-.Sh DESCRIPTION
-The
-.Nm
-structure is designed to hold all per thread state. All global
-variables that are context specific are stored in this structure,
-including default encryption types, credentials-cache (ticket file), and
-default realms.
-.Pp
-The internals of the structure should never be accessed directly,
-functions exist for extracting information.
-.Sh SEE ALSO
-.Xr krb5_init_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3
deleted file mode 100644
index 6704113bd7e5..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3
+++ /dev/null
@@ -1,95 +0,0 @@
-.\" Copyright (c) 1999 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_create_checksum.3,v 1.6 2003/04/16 13:58:14 lha Exp $
-.\"
-.Dd April  7, 1999
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_checksum_is_collision_proof ,
-.Nm krb5_checksum_is_keyed ,
-.Nm krb5_checksumsize ,
-.Nm krb5_create_checksum ,
-.Nm krb5_verify_checksum
-.Nd creates and verifies checksums
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_create_checksum "krb5_context context" "krb5_crypto crypto" "unsigned usage_or_type" "void *data" "size_t len" "Checksum *result"
-.Ft krb5_error_code
-.Fn krb5_verify_checksum "krb5_context context" "krb5_crypto crypto" "krb5_key_usage usage" "void *data" "size_t len" "Checksum *cksum"
-.Ft krb5_boolean
-.Fn krb5_checksum_is_collision_proof "krb5_context context" "krb5_cksumtype type"
-.Ft krb5_boolean
-.Fn krb5_checksum_is_keyed "krb5_context context" "krb5_cksumtype type"
-.Sh DESCRIPTION
-These functions are used to create and verify checksums.
-.Fn krb5_create_checksum
-creates a checksum of the specified data, and puts it in
-.Fa result .
-If
-.Fa crypto
-is
-.Dv NULL ,
-.Fa usage_or_type
-specifies the checksum type to use; it must not be keyed. Otherwise
-.Fa crypto
-is an encryption context created by
-.Fn krb5_crypto_init ,
-and
-.Fa usage_or_type
-specifies a key-usage.
-.Pp
-.Fn krb5_verify_checksum
-verifies the
-.Fa checksum ,
-against the provided data.
-.Pp
-.Fn krb5_checksum_is_collision_proof
-returns true is the specified checksum is collision proof (that it's
-very unlikely that two strings has the same hash value, and that it's
-hard to find two strings that has the same hash). Examples of
-collision proof checksums are MD5, and SHA1, while CRC32 is not.
-.Pp
-.Fn krb5_checksum_is_keyed
-returns true if the specified checksum type is keyed (that the hash
-value is a function of both the data, and a separate key). Examples of
-keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
-.Dq plain
-hash functions MD5, and SHA1 are not keyed.
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_crypto_init 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3
deleted file mode 100644
index 4b0284cbfe2d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3
+++ /dev/null
@@ -1,70 +0,0 @@
-.\" Copyright (c) 1999 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_crypto_init.3,v 1.6 2003/04/16 13:58:15 lha Exp $
-.\"
-.Dd April  7, 1999
-.Dt NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_crypto_init ,
-.Nm krb5_crypto_destroy
-.Nd initialize encryption context
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto"
-.Ft krb5_error_code
-.Fn krb5_crypto_destroy "krb5_context context" "krb5_crypto crypto"
-.Sh DESCRIPTION
-These functions are used to initialize an encryption context that can
-be used to encrypt or checksum data.
-.Pp
-The
-.Fn krb5_crypt_init
-initializes the encrytion context
-.Fa crypto .
-The
-.Fa key
-parameter is the key to use for encryption, and checksums. The
-encryption type to use is taken from the key, but can be overridden
-with the
-.Fa enctype parameter .
-.Pp
-.Fn krb5_crypto_destroy
-frees a previously allocated encrypion context.
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_encrypt 3
diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3
deleted file mode 100644
index 355d934149c2..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_data.3
+++ /dev/null
@@ -1,149 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5_data.3,v 1.4 2003/04/16 13:58:13 lha Exp $
-.\" 
-.Dd March 20, 2003
-.Dt KRB5_DATA 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_data
-.Nm krb5_data_zero
-.Nm krb5_data_free
-.Nm krb5_free_data_contents
-.Nm krb5_free_data
-.Nm krb5_data_alloc
-.Nm krb5_data_realloc
-.Nm krb5_data_copy
-.Nm krb5_copy_data
-.Nd operates on the Kerberos datatype krb5_data.
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Li "struct krb5_data;"
-.Ft void
-.Fn krb5_data_zero "krb5_data *p"
-.Ft void
-.Fn krb5_data_free "krb5_data *p"
-.Ft void
-.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p"
-.Ft void
-.Fn krb5_free_data "krb5_context context" "krb5_data *p"
-.Ft krb5_error_code
-.Fn krb5_data_alloc "krb5_data *p" "int len"
-.Ft krb5_error_code
-.Fn krb5_data_realloc "krb5_data *p" "int len"
-.Ft krb5_error_code
-.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len"
-.Ft krb5_error_code
-.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata"
-.Sh DESCRIPTION
-The
-.Li krb5_data
-structure holds a data element.
-The structure contains two public accessible elements
-.Fa length
-(the length of data)
-and
-.Fa data
-(the data itself).
-The structure must always be initiated and freed by the functions
-documented in this manual.
-.Pp
-.Fn krb5_data_zero
-resets the content of
-.Fa p .
-.Pp
-.Fn krb5_data_free
-free the data in
-.Fa p .
-.Pp
-.Fn krb5_free_data_contents
-works the same way as
-.Fa krb5_data_free .
-The diffrence is that krb5_free_data_contents is more portable (exists
-in MIT api).
-.Pp
-.Fn krb5_free_data
-frees the data in
-.Fa p
-and
-.Fa p
-itself .
-.Pp
-.Fn krb5_data_alloc
-allocates
-.Fa len
-bytes in
-.Fa p
-Returns 0 or an error.
-.Pp
-.Fn  krb5_data_realloc
-reallocates the length of
-.Fa p
-to the length in
-.Fa len .
-Returns 0 or an error.
-.Pp
-.Fn krb5_data_copy
-copies the
-.Fa data
-that have the length
-.Fa len
-into
-.Fa p .
-.Fa p
-is not freed so the calling function should make sure the
-.Fa p
-doesn't contain anything needs to be freed.
-Returns 0 or an error.
-.Pp
-.Fn krb5_copy_data
-copies the
-.Li krb5_data
-in
-.Fa indata
-to
-.Fa outdata .
-.Fa outdata
-is not freed so the calling function should make sure the
-.Fa outdata
-doesn't contain anything needs to be freed.
-.Fa outdata
-should be freed using
-.Fn krb5_free_data .
-Returns 0 or an error.
-.Sh SEE ALSO
-.Xr krb5 3 ,
-.Xr krb5_storage 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3
deleted file mode 100644
index 84140bffc0ce..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_encrypt.3
+++ /dev/null
@@ -1,87 +0,0 @@
-.\" Copyright (c) 1999 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_encrypt.3,v 1.7 2003/04/16 13:58:15 lha Exp $
-.\"
-.Dd April  7, 1999
-.Dt KRB5_ENCRYPT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_decrypt ,
-.Nm krb5_decrypt_EncryptedData ,
-.Nm krb5_encrypt ,
-.Nm krb5_encrypt_EncryptedData
-.Nd encrypt and decrypt data
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_encrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result"
-.Ft krb5_error_code
-.Fn krb5_encrypt_EncryptedData "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "int kvno" "EncryptedData *result"
-.Ft krb5_error_code
-.Fn krb5_decrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result"
-.Ft krb5_error_code
-.Fn krb5_decrypt_EncryptedData "krb5_context context" "krb5_crypto crypto" "unsigned usage" "EncryptedData *e" "krb5_data *result"
-.Sh DESCRIPTION
-These functions are used to encrypt and decrypt data.
-.Pp
-.Fn krb5_encrypt
-puts the encrypted version of
-.Fa data
-(of size
-.Fa len )
-in
-.Fa result .
-If the encryption type supports using derived keys,
-.Fa usage
-should be the appropriate key-usage.
-.Fn krb5_encrypt_EncryptedData
-does the same as
-.Fn krb5_encrypt ,
-but it puts the encrypted data in a
-.Fa EncryptedData
-structure instead. If
-.Fa kvno
-is not zero, it will be put in the
-.Fa kvno field in the
-.Fa EncryptedData .
-.Pp
-.Fn krb5_decrypt ,
-and
-.Fn krb5_decrypt_EncryptedData
-works similarly.
-.\" .Sh EXAMPLE
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_create_checksum 3 ,
-.Xr krb5_crypto_init 3
diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et
deleted file mode 100644
index 34279239eaed..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_err.et
+++ /dev/null
@@ -1,235 +0,0 @@
-#
-# Error messages for the krb5 library
-#
-# This might look like a com_err file, but is not
-#
-id "$Id: krb5_err.et,v 1.9 2000/04/06 00:41:37 assar Exp $"
-
-error_table krb5
-
-prefix KRB5KDC_ERR
-error_code NONE,		"No error"
-error_code NAME_EXP,		"Client's entry in database has expired"
-error_code SERVICE_EXP,		"Server's entry in database has expired"
-error_code BAD_PVNO,		"Requested protocol version not supported"
-error_code C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
-error_code S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
-error_code C_PRINCIPAL_UNKNOWN,	"Client not found in Kerberos database"
-error_code S_PRINCIPAL_UNKNOWN,	"Server not found in Kerberos database"
-error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
-error_code NULL_KEY,		"Client or server has a null key"
-error_code CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
-error_code NEVER_VALID,		"Requested effective lifetime is negative or too short"
-error_code POLICY,		"KDC policy rejects request"
-error_code BADOPTION,		"KDC can't fulfill requested option"
-error_code ETYPE_NOSUPP,	"KDC has no support for encryption type"
-error_code SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
-error_code PADATA_TYPE_NOSUPP,	"KDC has no support for padata type"
-error_code TRTYPE_NOSUPP,	"KDC has no support for transited type"
-error_code CLIENT_REVOKED,	"Clients credentials have been revoked"
-error_code SERVICE_REVOKED,	"Credentials for server have been revoked"
-error_code TGT_REVOKED,		"TGT has been revoked"
-error_code CLIENT_NOTYET,	"Client not yet valid - try again later"
-error_code SERVICE_NOTYET,	"Server not yet valid - try again later"
-error_code KEY_EXPIRED,		"Password has expired"
-error_code PREAUTH_FAILED,	"Preauthentication failed"
-error_code PREAUTH_REQUIRED,	"Additional pre-authentication required"
-error_code SERVER_NOMATCH,	"Requested server and ticket don't match"
-
-# 27-30 are reserved
-index 31
-prefix KRB5KRB_AP
-error_code ERR_BAD_INTEGRITY,	"Decrypt integrity check failed"
-error_code ERR_TKT_EXPIRED,	"Ticket expired"
-error_code ERR_TKT_NYV,		"Ticket not yet valid"
-error_code ERR_REPEAT,		"Request is a replay"
-error_code ERR_NOT_US,		"The ticket isn't for us"
-error_code ERR_BADMATCH,	"Ticket/authenticator don't match"
-error_code ERR_SKEW,		"Clock skew too great"
-error_code ERR_BADADDR,		"Incorrect net address"
-error_code ERR_BADVERSION,	"Protocol version mismatch"
-error_code ERR_MSG_TYPE,	"Invalid message type"
-error_code ERR_MODIFIED,	"Message stream modified"
-error_code ERR_BADORDER,	"Message out of order"
-error_code ERR_ILL_CR_TKT,	"Invalid cross-realm ticket"
-error_code ERR_BADKEYVER,	"Key version is not available"
-error_code ERR_NOKEY,		"Service key not available"
-error_code ERR_MUT_FAIL,	"Mutual authentication failed"
-error_code ERR_BADDIRECTION,	"Incorrect message direction"
-error_code ERR_METHOD,		"Alternative authentication method required"
-error_code ERR_BADSEQ,		"Incorrect sequence number in message"
-error_code ERR_INAPP_CKSUM,	"Inappropriate type of checksum in message"
-error_code PATH_NOT_ACCEPTED,	"Policy rejects transited path"
-
-prefix KRB5KRB_ERR
-error_code RESPONSE_TOO_BIG,	"Response too big for UDP, retry with TCP"
-# 53-59 are reserved
-index 60
-error_code GENERIC,		"Generic error (see e-text)"
-error_code FIELD_TOOLONG,	"Field is too long for this implementation"
-
-# pkinit
-index 62
-prefix KDC_ERROR
-error_code CLIENT_NOT_TRUSTED,	"Client not trusted"
-error_code KDC_NOT_TRUSTED,	"KDC not trusted"
-error_code INVALID_SIG,		"Invalid signature"
-error_code KEY_TOO_WEAK,	"Key too weak"
-error_code CERTIFICATE_MISMATCH, "Certificate mismatch"
-prefix KRB5_AP_ERR
-error_code USER_TO_USER_REQUIRED, "User to user required"
-prefix KDC_ERROR
-error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
-error_code INVALID_CERTIFICATE,	"Invalid certificate"
-error_code REVOKED_CERTIFICATE,	"Revoked certificate"
-error_code REVOCATION_STATUS_UNKNOWN,	"Revocation status unknown"
-error_code REVOCATION_STATUS_UNAVAILABLE,"Revocation status unavailable"
-error_code CLIENT_NAME_MISMATCH,	"Client name mismatch"
-error_code KDC_NAME_MISMATCH,	"KDC name mismatch"
-
-# 77-127 are reserved
-
-index 128
-prefix
-error_code KRB5_ERR_RCSID,	"$Id: krb5_err.et,v 1.9 2000/04/06 00:41:37 assar Exp $"
-
-error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
-error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
-error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
-error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
-
-error_code KRB5_PARSE_ILLCHAR,		"Invalid character in component name"
-error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
-
-error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
-error_code KRB5_CONFIG_BADFORMAT,	"Improper format of configuration file"
-error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
-
-error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
-
-error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
-error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
-error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
-error_code KRB5_CC_END,			"End of credential cache reached"
-
-error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
-
-error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
-error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
-
-error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
-error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
-error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
-error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
-
-error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
-error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
-error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
-error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
-
-error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
-error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
-error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
-error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
-
-error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
-
-# some of these should be combined/supplanted by system codes
-
-error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
-error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
-error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
-error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
-error_code KRB5_RC_REPLAY,		"Message is a replay"
-error_code KRB5_RC_IO,			"Replay I/O operation failed XXX"
-error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
-error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
-
-error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
-error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
-error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
-error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
-error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
-error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
-
-error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
-error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
-
-error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
-error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
-error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
-
-error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
-
-error_code KRB5_KT_BADNAME,		"Key table name malformed"
-error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
-error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
-error_code KRB5_KT_END,			"End of key table reached"
-error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
-error_code KRB5_KT_IOERR,		"Error writing to key table"
-
-error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
-error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
-error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
-
-error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
-error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
-error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
-
-error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
-error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
-
-error_code KRB5_CC_IO,			"Credentials cache I/O operation failed XXX"
-error_code KRB5_FCC_PERM,		"Credentials cache file permissions incorrect"
-error_code KRB5_FCC_NOFILE,		"No credentials cache file found"
-error_code KRB5_FCC_INTERNAL,		"Internal file credentials cache error"
-error_code KRB5_CC_WRITE,		"Error writing to credentials cache file"
-error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
-error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
-
-# errors for dual tgt library calls
-error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
-error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
-
-error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
-
-# errors for sendauth (and recvauth)
-
-error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
-error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
-error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
-error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
-
-# errors for preauthentication
-
-error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
-error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
-error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
-
-# version number errors
-
-error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
-error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
-error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
-
-#
-#
-
-error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
-error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
-error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
-error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
-error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
-
-error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4"
-error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve KDC for requested realm"
-error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
-error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
-
-error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
-error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
-
-error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
-error_code KRB5_KT_NAME_TOOLONG,	"Keytab name too long"
-
-end
diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3
deleted file mode 100644
index 6ac46d44f3b3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3
+++ /dev/null
@@ -1,53 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $
-.\"
-.Dd November 20, 2001
-.Dt KRB5_FREE_ADDRESSES 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_addresses
-.Nd free list of addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_addresses
-will free a list of addresses that has been created with
-.Fn krb5_get_all_client_addrs
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_get_all_client_addrs 3
diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3
deleted file mode 100644
index e9900a7981cc..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_free_principal.3
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $
-.Dd August 8, 1997
-.Dt KRB5_FREE_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_principal
-.Nd principal free function
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_principal
-will free a principal that has been created with
-.Fn krb5_build_principal ,
-.Fn krb5_parse_name ,
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3
deleted file mode 100644
index 0aef63e3186b..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3
+++ /dev/null
@@ -1,73 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_get_all_client_addrs.3,v 1.6 2003/04/16 13:58:16 lha Exp $
-.\"
-.Dd July  1, 2001
-.Dt KRB5_GET_ADDRS 3
-.Sh NAME
-.Nm krb5_get_all_client_addrs ,
-.Nm krb5_get_all_server_addrs
-.Nd return local addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "krb5_error_code"
-.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs"
-.Ft "krb5_error_code"
-.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs"
-.Sh DESCRIPTION
-These functions return in
-.Fa addrs
-a list of addresses associated with the local
-host.
-.Pp
-The server variant returns all configured interface addresses (if
-possible), including loop-back addresses. This is useful if you want
-to create sockets to listen to.
-.Pp
-The client version will also scan local interfaces (can be turned off
-by setting
-.Li libdefaults/scan_interfaces
-to false in
-.Pa krb5.conf ) ,
-but will not include loop-back addresses, unless there are no other
-addresses found. It will remove all addresses included in
-.Li libdefaults/ignore_addresses
-but will unconditionally include addresses in
-.Li libdefaults/extra_addresses .
-.Pp
-The returned addresses should be freed by calling
-.Fn krb5_free_addresses .
-.\".Sh EXAMPLE
-.Sh SEE ALSO
-.Xr krb5_free_addresses 3
diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3
deleted file mode 100644
index 76ad20bc6efe..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_get_krbhst.3,v 1.6 2003/04/16 13:58:16 lha Exp $
-.\"
-.Dd June 17, 2001
-.Dt KRB5_GET_KRBHST 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_get_krbhst
-.Nm krb5_get_krb_admin_hst
-.Nm krb5_get_krb_changepw_hst
-.Nm krb5_get_krb524hst
-.Nm krb5_free_krbhst
-.Nd lookup Kerberos KDC hosts
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb_admin_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb_changepw_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_get_krb524hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
-.Ft krb5_error_code
-.Fn krb5_free_krbhst "krb5_context context" "char **hostlist"
-.Sh DESCRIPTION
-These functions implement the old API to get a list of Kerberos hosts,
-and are thus similar to the
-.Fn krb5_krbhst_init
-functions. However, since these functions returns
-.Em all
-hosts in one go, they potentially have to do more lookups than
-necessary. These functions remain for compatibility reasons.
-.Pp
-After a call to one of these functions,
-.Fa hostlist
-is a
-.Dv NULL
-terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with
-.Fn krb5_free_krbhst
-when done with.
-.Sh EXAMPLE
-The following code will print the KDCs of the realm
-.Dq MY.REALM .
-.Bd -literal -offset indent
-char **hosts, **p;
-krb5_get_krbhst(context, "MY.REALM", &hosts);
-for(p = hosts; *p; p++)
-    printf("%s\\n", *p);
-krb5_free_krbhst(context, hosts);
-.Ed
-.\" .Sh BUGS
-.Sh SEE ALSO
-.Xr krb5_krbhst_init 3
diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3
deleted file mode 100644
index 76213fb13eb2..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_init_context.3
+++ /dev/null
@@ -1,72 +0,0 @@
-.\" Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5_init_context.3,v 1.9 2003/04/16 13:58:11 lha Exp $
-.\" 
-.Dd January 21, 2001
-.Dt KRB5_CONTEXT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_init_context ,
-.Nm krb5_free_context
-.Nd create and delete krb5_context structures
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_init_context "krb5_context *context"
-.Ft void
-.Fn krb5_free_context "krb5_context context"
-.Sh DESCRIPTION
-The
-.Fn krb5_init_context
-function initializes the
-.Fa context
-structure and reads the configuration file
-.Pa /etc/krb5.conf .
-.Pp
-The structure should be freed by calling
-.Fn krb5_free_context
-when it is no longer being used.
-.Sh RETURN VALUES
-.Fn krb5_init_context
-returns 0 to indicate success.
-Otherwise an errno code is returned.
-Failure means either that something bad happened during initialization
-(typically
-.Bq ENOMEM )
-or that Kerberos should not be used
-.Bq ENXIO .
-.Sh SEE ALSO
-.Xr errno 2 ,
-.Xr krb5_context 3 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3
deleted file mode 100644
index 164eb49992a0..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_keytab.3
+++ /dev/null
@@ -1,411 +0,0 @@
-.\" Copyright (c) 2001 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_keytab.3,v 1.9 2003/04/16 13:58:16 lha Exp $
-.\"
-.Dd February 5, 2001
-.Dt KRB5_KEYTAB 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_kt_ops ,
-.Nm krb5_keytab_entry ,
-.Nm krb5_kt_cursor ,
-.Nm krb5_kt_add_entry ,
-.Nm krb5_kt_close ,
-.Nm krb5_kt_compare ,
-.Nm krb5_kt_copy_entry_contents ,
-.Nm krb5_kt_default ,
-.Nm krb5_kt_default_name ,
-.Nm krb5_kt_end_seq_get ,
-.Nm krb5_kt_free_entry ,
-.Nm krb5_kt_get_entry ,
-.Nm krb5_kt_get_name ,
-.Nm krb5_kt_get_type ,
-.Nm krb5_kt_next_entry ,
-.Nm krb5_kt_read_service_key ,
-.Nm krb5_kt_register ,
-.Nm krb5_kt_remove_entry ,
-.Nm krb5_kt_resolve ,
-.Nm krb5_kt_start_seq_get
-.Nd manage keytab (key storage) files
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Pp
-.Ft krb5_error_code
-.Fo krb5_kt_add_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_close
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fc
-.Ft krb5_boolean
-.Fo krb5_kt_compare
-.Fa "krb5_context context"
-.Fa "krb5_keytab_entry *entry"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_kvno vno"
-.Fa "krb5_enctype enctype"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_copy_entry_contents
-.Fa "krb5_context context"
-.Fa "const krb5_keytab_entry *in"
-.Fa "krb5_keytab_entry *out"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default
-.Fa "krb5_context context"
-.Fa "krb5_keytab *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_default_name
-.Fa "krb5_context context"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_end_seq_get
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_free_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_const_principal principal"
-.Fa "krb5_kvno kvno"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_name
-.Fa "krb5_context context"
-.Fa "krb5_keytab keytab"
-.Fa "char *name"
-.Fa "size_t namesize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_get_type
-.Fa "krb5_context context"
-.Fa "krb5_keytab keytab"
-.Fa "char *prefix"
-.Fa "size_t prefixsize"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_next_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_read_service_key
-.Fa "krb5_context context"
-.Fa "krb5_pointer keyprocarg"
-.Fa "krb5_principal principal"
-.Fa "krb5_kvno vno"
-.Fa "krb5_enctype enctype"
-.Fa "krb5_keyblock **key"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_register
-.Fa "krb5_context context"
-.Fa "const krb5_kt_ops *ops"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_remove_entry
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_keytab_entry *entry"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_resolve
-.Fa "krb5_context context"
-.Fa "const char *name"
-.Fa "krb5_keytab *id"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_kt_start_seq_get
-.Fa "krb5_context context"
-.Fa "krb5_keytab id"
-.Fa "krb5_kt_cursor *cursor"
-.Fc
-.Sh DESCRIPTION
-A keytab name is on the form
-.Li type:residual .
-The
-.Li residual
-part is specific to each keytab-type.
-.Pp
-When a keytab-name is resolved, the type is matched with an internal
-list of keytab types. If there is no matching keytab type,
-the default keytab is used. The current default type is
-.Nm file .
-The default value can be changed in the configuration file
-.Pa /etc/krb5.conf
-by setting the variable
-.Li [defaults]default_keytab_name .
-.Pp
-The keytab types that are implemented in Heimdal
-are:
-.Bl -tag -width Ds
-.It Nm file
-store the keytab in a file, the type's name is
-.Li KEYFILE .
-The residual part is a filename.
-.It Nm keyfile
-store the keytab in a
-.Li AFS
-keyfile (usually
-.Pa /usr/afs/etc/KeyFile ) ,
-the type's name is
-.Li AFSKEYFILE .
-The residual part is a filename.
-.It Nm krb4
-the keytab is a Kerberos 4
-.Pa srvtab
-that is on-the-fly converted to a keytab. The type's name is
-.Li krb4 .
-The residual part is a filename.
-.It Nm memory
-The keytab is stored in a memory segment. This allows sensitive and/or
-temporary data not to be stored on disk. The type's name is
-.Li MEMORY .
-There are no residual part, the only pointer back to the keytab is the
-.Fa id
-returned by
-.Fn krb5_kt_resolve .
-.El
-.Pp
-.Nm krb5_keytab_entry
-holds all data for an entry in a keytab file, like principal name,
-key-type, key, key-version number, etc.
-.Nm krb5_kt_cursor
-holds the current position that is used when iterating through a
-keytab entry with
-.Fn krb5_kt_start_seq_get ,
-.Fn krb5_kt_next_entry ,
-and
-.Fn krb5_kt_end_seq_get .
-.Pp
-.Nm krb5_kt_ops
-contains the different operations that can be done to a keytab. This
-structure is normally only used when doing a new keytab-type
-implementation.
-.Pp
-.Fn krb5_kt_resolve
-is the equivalent of an
-.Xr open 2
-on keytab. Resolve the keytab name in
-.Fa name
-into a keytab in
-.Fa id .
-Returns 0 or an error. The opposite of
-.Fn krb5_kt_resolve
-is
-.Fn krb5_kt_close .
-.Fn krb5_kt_close
-frees all resources allocated to the keytab.
-.Pp
-.Fn krb5_kt_default
-sets the argument
-.Fa id
-to the default keytab.
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_default_name
-copy the name of the default keytab into
-.Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if
-.Fa namesize
-is too short.
-.Pp
-.Fn krb5_kt_add_entry
-Add a new
-.Fa entry
-to the keytab
-.Fa id .
-.Li KRB5_KT_NOWRITE
-is returned if the keytab is a readonly keytab.
-.Pp
-.Fn krb5_kt_compare
-compares the passed in
-.Fa entry
-against
-.Fa principal ,
-.Fa vno ,
-and
-.Fa enctype .
-Any of
-.Fa principal ,
-.Fa vno
-or
-.Fa enctype
-might be 0 which acts as a wildcard. Return TRUE if they compare the
-same, FALSE otherwise.
-.Pp
-.Fn krb5_kt_copy_entry_contents
-copies the contents of
-.Fa in
-into
-.Fa out .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_get_name
-retrieves the name of the keytab
-.Fa keytab
-into
-.Fa name ,
-.Fa namesize .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_get_type
-retrieves the type of the keytab
-.Fa keytab
-and store the prefix/name for type of the keytab into
-.Fa prefix ,
-.Fa prefixsize .
-The prefix will have the maximum length of
-.Dv KRB5_KT_PREFIX_MAX_LEN 
-(including terminating
-.Dv NUL ) .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_free_entry
-frees the contents of
-.Fa entry .
-.Pp
-.Fn krb5_kt_start_seq_get
-sets
-.Fa cursor
-to point at the beginning of
-.Fa id .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_next_entry
-gets the next entry from
-.Fa id
-pointed to by
-.Fa cursor
-and advance the
-.Fa cursor .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_end_seq_get
-releases all resources associated with
-.Fa cursor .
-.Pp
-.Fn krb5_kt_get_entry
-retrieves the keytab entry for
-.Fa principal ,
-.Fa kvno,
-.Fa enctype
-into
-.Fa entry
-from the keytab
-.Fa id .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_read_service_key
-reads the key identified by
-.Ns ( Fa principal ,
-.Fa vno ,
-.Fa enctype )
-from the keytab in
-.Fa keyprocarg
-(the default if == NULL) into
-.Fa *key .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_remove_entry
-removes the entry
-.Fa entry
-from the keytab
-.Fa id .
-Returns 0 or an error.
-.Pp
-.Fn krb5_kt_register
-registers a new keytab type
-.Fa ops .
-Returns 0 or an error.
-.Sh EXAMPLE
-This is a minimalistic version of
-.Nm ktutil .
-.Pp
-.Bd -literal
-int
-main (int argc, char **argv)
-{
-    krb5_context context;
-    krb5_keytab keytab;
-    krb5_kt_cursor cursor;
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-    char *principal;
-
-    if (krb5_init_context (&context) != 0)
-	errx(1, "krb5_context");
-
-    ret = krb5_kt_default (context, &keytab);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_default");
-
-    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
-    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
-	krb5_unparse_name_short(context, entry.principal, &principal);
-	printf("principal: %s\\n", principal);
-	free(principal);
-	krb5_kt_free_entry(context, &entry);
-    }
-    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
-    krb5_free_context(context);
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3
deleted file mode 100644
index 87ea3f9b0aba..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3
+++ /dev/null
@@ -1,152 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_krbhst_init.3,v 1.7 2003/04/16 13:58:16 lha Exp $
-.\"
-.Dd June 17, 2001
-.Dt KRB5_KRBHST_INIT 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_krbhst_init ,
-.Nm krb5_krbhst_next ,
-.Nm krb5_krbhst_next_as_string ,
-.Nm krb5_krbhst_reset ,
-.Nm krb5_krbhst_free ,
-.Nm krb5_krbhst_format_string ,
-.Nm krb5_krbhst_get_addrinfo
-.Nd lookup Kerberos KDC hosts
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle"
-.Ft krb5_error_code
-.Fn "krb5_krbhst_next" "krb5_context context" "krb5_krbhst_handle handle" "krb5_krbhst_info **host"
-.Ft krb5_error_code
-.Fn krb5_krbhst_next_as_string "krb5_context context" "krb5_krbhst_handle handle" "char *hostname" "size_t hostlen"
-.Ft void
-.Fn krb5_krbhst_reset "krb5_context context" "krb5_krbhst_handle handle"
-.Ft void
-.Fn krb5_krbhst_free "krb5_context context" "krb5_krbhst_handle handle"
-.Ft krb5_error_code
-.Fn krb5_krbhst_format_string "krb5_context context" "const krb5_krbhst_info *host" "char *hostname" "size_t hostlen"
-.Ft krb5_error_code
-.Fn krb5_krbhst_get_addrinfo "krb5_context context" "krb5_krbhst_info *host" "struct addrinfo **ai"
-.Sh DESCRIPTION
-These functions are used to sequence through all Kerberos hosts of a
-particular realm and service. The service type can be the KDCs, the
-administrative servers, the password changing servers, or the servers
-for Kerberos 4 ticket conversion.
-.Pp
-First a handle to a particular service is obtained by calling
-.Fn krb5_krbhst_init
-with the
-.Fa realm
-of interest and the type of service to lookup. The
-.Fa type
-can be one of:
-.Pp
-.Bl -hang -compact -offset indent
-.It KRB5_KRBHST_KDC
-.It KRB5_KRBHST_ADMIN
-.It KRB5_KRBHST_CHANGEPW
-.It KRB5_KRBHST_KRB524
-.El
-.Pp
-The
-.Fa handle
-is returned to the caller, and should be passed to the other
-functions.
-.Pp
-For each call to
-.Fn krb5_krbhst_next
-information a new host is returned. The former function returns in
-.Fa host
-a pointer to a structure containing information about the host, such
-as protocol, hostname, and port:
-.Bd -literal -offset indent
-typedef struct krb5_krbhst_info {
-    enum { KRB5_KRBHST_UDP,
-	   KRB5_KRBHST_TCP,
-	   KRB5_KRBHST_HTTP } proto;
-    unsigned short port;
-    struct addrinfo *ai;
-    struct krb5_krbhst_info *next;
-    char hostname[1];
-} krb5_krbhst_info;
-.Ed
-.Pp
-The related function,
-.Fn krb5_krbhst_next_as_string ,
-return the same information as a url-like string.
-.Pp
-When there are no more hosts, these functions return
-.Dv KRB5_KDC_UNREACH .
-.Pp
-To re-iterate over all hosts, call
-.Fn krb5_krbhst_reset
-and the next call to
-.Fn krb5_krbhst_next
-will return the first host.
-.Pp
-When done with the handle,
-.Fn krb5_krbhst_free
-should be called.
-.Pp
-To use a
-.Va krb5_krbhst_info ,
-there are two functions:
-.Fn krb5_krbhst_format_string
-that will return a printable representation of that struct
-and
-.Fn krb5_krbhst_get_addrinfo
-that will return a
-.Va struct addrinfo
-that can then be used for communicating with the server mentioned.
-.Sh EXAMPLE
-The following code will print the KDCs of the realm
-.Dq MY.REALM .
-.Bd -literal -offset indent
-krb5_krbhst_handle handle;
-char host[MAXHOSTNAMELEN];
-krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle);
-while(krb5_krbhst_next_as_string(context, handle,
-				 host, sizeof(host)) == 0)
-    printf("%s\\n", host);
-krb5_krbhst_free(context, handle);
-.Ed
-.\" .Sh BUGS
-.Sh HISTORY
-These functions first appeared in Heimdal 0.3g.
-.Sh SEE ALSO
-.Xr getaddrinfo 3 ,
-.Xr krb5_get_krbhst 3
diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3
deleted file mode 100644
index 15392023dac4..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_kuserok.3
+++ /dev/null
@@ -1,94 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_kuserok.3,v 1.5 2003/04/16 13:58:10 lha Exp $
-.\"
-.Dd Oct 17, 2002
-.Dt KRB5_KUSEROK 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_kuserok
-.Nd verifies if a principal can log in as a user
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_boolean
-.Fo krb5_kuserok 
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "const char *name"
-.Fc
-.Sh DESCRIPTION
-This function takes a local user
-.Fa name
-and verifies if
-.Fa principal
-is allowed to log in as that user.
-.Pp
-First
-.Nm
-check if there is a local account name
-.Fa username.
-If there isn't,
-.Nm
-returns
-.Dv FALSE .
-.Pp
-Then
-.Nm
-checks if principal is the same as user@realm in any of the default
-realms. If that is the case,
-.Nm
-returns
-.Dv TRUE .
-.Pp
-After that it reads the file 
-.Pa .k5login
-(if it exists) in the users home directory and checks if
-.Fa principal
-is in the file.
-If it does exists,
-.Dv TRUE
-is returned.
-If neither of the above turns out to be true,
-.DV FALSE
-is returned.
-.Pp
-The
-.Pa .k5login
-should contain one principal per line.
-.Sh SEE ALSO
-.Xr krb5_get_default_realms 3 ,
-.Xr krb5_verify_user 3 ,
-.Xr krb5_verify_user_lrealm 3 ,
-.Xr krb5_verify_user_opt 3,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h
deleted file mode 100644
index b3d6a92f8f50..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_locl.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */
-
-#ifndef __KRB5_LOCL_H__
-#define __KRB5_LOCL_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <errno.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <limits.h>
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#include <time.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef _AIX
-struct ether_addr;
-struct mbuf;
-struct sockaddr_dl;
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef HAVE_SYS_FILE_H
-#include <sys/file.h>
-#endif
-#include <roken.h>
-#include <parse_time.h>
-#include <base64.h>
-
-#include "crypto-headers.h"
-
-#include <krb5_asn1.h>
-#include <der.h>
-
-#include <krb5.h>
-#include <krb5_err.h>
-#include <asn1_err.h>
-#include <krb5-private.h>
-
-#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
-#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
-
-/* should this be public? */
-#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
-#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#endif /* __KRB5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3
deleted file mode 100644
index cb1ccc9ee930..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_openlog.3
+++ /dev/null
@@ -1,242 +0,0 @@
-.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5_openlog.3,v 1.9 2003/04/16 13:58:12 lha Exp $
-.Dd August 6, 1997
-.Dt KRB5_OPENLOG 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_initlog ,
-.Nm krb5_openlog ,
-.Nm krb5_closelog ,
-.Nm krb5_addlog_dest ,
-.Nm krb5_addlog_func ,
-.Nm krb5_log ,
-.Nm krb5_vlog ,
-.Nm krb5_log_msg ,
-.Nm krb5_vlog_msg
-.Nd Heimdal logging functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "typedef void"
-.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
-.Ft "typedef void"
-.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
-.Ft krb5_error_code
-.Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
-.Ft krb5_error_code
-.Fn krb5_addlog_func "krb5_context context" "krb5_log_facility *facility" "int min" "int max" "krb5_log_log_func_t log" "krb5_log_close_func_t close" "void *data"
-.Ft krb5_error_code
-.Fn krb5_closelog "krb5_context context" "krb5_log_facility *facility"
-.Ft krb5_error_code
-.Fn krb5_initlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-.Ft krb5_error_code
-.Fn krb5_log "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_log_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_openlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-.Ft krb5_error_code
-.Fn krb5_vlog "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "va_list arglist"
-.Ft krb5_error_code
-.Fn krb5_vlog_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "va_list arglist"
-.Sh DESCRIPTION
-These functions logs messages to one or more destinations.
-.Pp
-The
-.Fn krb5_openlog
-function creates a logging
-.Fa facility ,
-that is used to log messages. A facility consists of one or more
-destinations (which can be files or syslog or some other device). The
-.Fa program
-parameter should be the generic name of the program that is doing the
-logging. This name is used to lookup which destinations to use. This
-information is contained in the
-.Li logging
-section of the
-.Pa krb5.conf
-configuration file.  If no entry is found for
-.Fa program ,
-the entry for
-.Li default
-is used, or if that is missing too,
-.Li SYSLOG
-will be used as destination.
-.Pp
-To close a logging facility, use the
-.Fn krb5_closelog
-function.
-.Pp
-To log a message to a facility use one of the functions
-.Fn krb5_log ,
-.Fn krb5_log_msg ,
-.Fn krb5_vlog ,
-or
-.Fn krb5_vlog_msg .
-The functions ending in
-.Li _msg
-return in
-.Fa reply
-a pointer to the message that just got logged. This string is allocated,
-and should be freed with
-.Fn free .
-The
-.Fa format
-is a standard
-.Fn printf
-style format string (but see the BUGS section).
-.Pp
-If you want better control of where things gets logged, you can instead of using
-.Fn krb5_openlog
-call
-.Fn krb5_initlog ,
-which just initializes a facility, but doesn't define any actual logging
-destinations. You can then add destinations with the
-.Fn krb5_addlog_dest
-and
-.Fn krb5_addlog_func
-functions.  The first of these takes a string specifying a logging
-destination, and adds this to the facility. If you want to do some
-non-standard logging you can use the
-.Fn krb5_addlog_func
-function, which takes a function to use when logging.
-The
-.Fa log
-function is called for each message with
-.Fa time
-being a string specifying the current time, and
-.Fa message
-the message to log.
-.Fa close
-is called when the facility is closed. You can pass application specific data in the
-.Fa data
-parameter. The
-.Fa min
-and
-.Fa max
-parameter are the same as in a destination (defined below). To specify a
-max of infinity, pass -1.
-.Pp
-.Fn krb5_openlog
-calls
-.Fn krb5_initlog
-and then calls
-.Fn krb5_addlog_dest
-for each destination found.
-.Ss Destinations
-The defined destinations (as specified in
-.Pa krb5.conf )
-follows:
-.Bl -tag -width "xxx" -offset indent
-.It Li STDERR
-This logs to the program's stderr.
-.It Li FILE: Ns Pa /file
-.It Li FILE= Ns Pa /file
-Log to the specified file. The form using a colon appends to the file, the
-form with an equal truncates the file. The truncating form keeps the file
-open, while the appending form closes it after each log message (which
-makes it possible to rotate logs). The truncating form is mainly for
-compatibility with the MIT libkrb5.
-.It Li DEVICE= Ns Pa /device
-This logs to the specified device, at present this is the same as
-.Li FILE:/device .
-.It Li CONSOLE
-Log to the console, this is the same as
-.Li DEVICE=/dev/console .
-.It Li SYSLOG Ns Op :priority Ns Op :facility
-Send messages to the syslog system, using priority, and facility. To
-get the name for one of these, you take the name of the macro passed
-to
-.Xr syslog 3 ,
-and remove the leading
-.Li LOG_
-.No ( Li LOG_NOTICE
-becomes
-.Li NOTICE ) .
-The default values (as well as the values used for unrecognised
-values), are
-.Li ERR ,
-and
-.Li AUTH ,
-respectively.  See
-.Xr syslog 3
-for a list of priorities and facilities.
-.El
-.Pp
-Each destination may optionally be prepended with a range of logging
-levels, specified as
-.Li min-max/ .
-If the
-.Fa level
-parameter to
-.Fn krb5_log
-is within this range (inclusive) the message gets logged to this
-destination, otherwise not. Either of the min and max valued may be
-omitted, in this case min is assumed to be zero, and max is assumed to be
-infinity.  If you don't include a dash, both min and max gets set to the
-specified value. If no range is specified, all messages gets logged.
-.Sh EXAMPLE
-.Bd -literal -offset indent
-[logging]
-	kdc = 0/FILE:/var/log/kdc.log
-	kdc = 1-/SYSLOG:INFO:USER
-	default = STDERR
-.Ed
-.Pp
-This will log all messages from the
-.Nm kdc
-program with level 0 to
-.Pa /var/log/kdc.log ,
-other messages will be logged to syslog with priority
-.Li LOG_INFO ,
-and facility
-.Li LOG_USER .
-All other programs will log all messages to their stderr.
-.Sh BUGS
-These functions use
-.Fn asprintf
-to format the message. If your operating system does not have a working
-.Fn asprintf ,
-a replacement will be used. At present this replacement does not handle
-some correct conversion specifications (like floating point numbers). Until
-this is fixed, the use of these conversions should be avoided.
-.Pp
-If logging is done to the syslog facility, these functions might not be
-thread-safe, depending on the implementation of
-.Fn openlog ,
-and
-.Fn syslog .
-.Sh SEE ALSO
-.Xr syslog 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3
deleted file mode 100644
index b936c63d3f7d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_parse_name.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_parse_name.3,v 1.8 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_PARSE_NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_parse_name
-.Nd string to principal conversion
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
-.Sh DESCRIPTION
-.Fn krb5_parse_name
-converts a string representation of a principal name to
-.Nm krb5_principal .
-The
-.Fa principal
-will point to allocated data that should be freed with
-.Fn krb5_free_principal .
-.Pp
-The string should consist of one or more name components separated with slashes
-.Pq Dq / ,
-optionally followed with an
-.Dq @
-and a realm name. A slash or @ may be contained in a name component by
-quoting it with a back-slash
-.Pq Dq \ .
-A realm should not contain slashes or colons.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
deleted file mode 100644
index 1ece7986adc7..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd June 20, 2001
-.Dt KRB5_PRINCIPAL_GET_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_principal_get_realm ,
-.Nm krb5_principal_get_comp_string
-.Nd decompose a principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "const char *"
-.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal"
-.Ft "const char *"
-.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component"
-.Sh DESCRIPTION
-These functions return parts of the
-.Fa principal ,
-either the realm or a specific component. The returned string points
-to data inside the principal, so they are valid only as long as the
-principal exists.
-.Pp
-The
-.Fa component
-argument to
-.Fn krb5_principal_get_comp_string
-is the component number to return, from zero to the total number of
-components minus one. If a the requested component number is out of range,
-.Dv NULL
-is returned.
-.Pp
-These functions can be seen as a replacement for the
-.Fn krb5_princ_realm ,
-.Fn krb5_princ_component
-and related macros, described as intermal in the MIT API
-specification. A difference is that these functions return strings,
-not
-.Dv krb5_data .
-A reason to return
-.Dv krb5_data
-was that it was believed that principal components could contain
-binary data, but this belief was unfounded, and it has been decided
-that principal components are infact UTF8, so it's safe to use zero
-terminated strings.
-.Pp
-It's generally not necessary to look at the components of a principal.
-.Sh SEE ALSO
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3
deleted file mode 100644
index e4b9a36c7cde..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3
+++ /dev/null
@@ -1,144 +0,0 @@
-.\" Copyright (c) 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_set_default_realm.3,v 1.2 2003/04/16 13:58:11 lha Exp $
-.\"
-.Dd Mar 16, 2003
-.Dt KRB5_SET_DEFAULT_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_host_realm
-.Nm krb5_get_default_realm
-.Nm krb5_get_default_realms
-.Nm krb5_get_host_realm
-.Nm krb5_set_default_realm
-.Nd default and host realm read and manipulation routines
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fo krb5_free_host_realm
-.Fa "krb5_context context"
-.Fa "krb5_realm *realmlist"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_default_realm
-.Fa "krb5_context context"
-.Fa "krb5_realm *realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_default_realms
-.Fa "krb5_context context"
-.Fa "krb5_realm **realm"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_get_host_realm
-.Fa "krb5_context context"
-.Fa "const char *host"
-.Fa "krb5_realm **realms"
-.Fc
-.Ft krb5_error_code
-.Fo krb5_set_default_realm
-.Fa "krb5_context context"
-.Fa "const char *realm"
-.Fc
-.Sh DESCRIPTION
-.Fn krb5_free_host_realm
-frees all memory allocated by
-.Fa realmlist .
-.Pp
-.Fn krb5_get_default_realm
-returns the first default realm for this host.
-The realm returned should be free with
-.Fn free .
-.Pp
-.Fn krb5_get_default_realms
-returns a
-.Dv NULL
-terminated list of default realms for this context.
-Realms returned by
-.Fn krb5_get_default_realms
-should be free with
-.Fn krb5_free_host_realm .
-.Pp
-.Fn krb5_get_host_realm
-returns a
-.Dv NULL
-terminated list of realms for
-.Fa host
-by looking up the information in the
-.Li [domain_realm]
-in
-.Pa krb5.conf
-or in
-.Li DNS .
-If the mapping in
-.Li [domain_realm]
-results in the string
-.Li dns_locate ,
-DNS is used to lookup the realm.
-.Pp
-When using
-.Li DNS
-to a resolve the domain for the host a.b.c, 
-.Fn krb5_get_host_realm
-looks for a
-.Dv TXT
-resource record named 
-.Li _kerberos.a.b.c ,
-and if not found, it strips off the first component and tries a again
-(_kerberos.b.c) until it reaches the root.
-.Pp
-If there is no configuration or DNS information found,
-.Fn krb5_get_host_realm
-assumes it can use the domain part of the
-.Fa host
-to form a realm.
-.Pp
-.Fn krb5_set_default_realm
-sets the default realm for the
-.Fa context .
-If
-.Dv NULL
-is used as a
-.Fa realm ,
-the
-.Li [libdefaults]default_realm
-stanza in
-.Pa krb5.conf
-is used.
-If there is no such stanza in the configuration file, the
-.Fn krb5_get_host_realm
-function is used to form a default realm.
-.Sh SEE ALSO
-.Xr krb5.conf 5 ,
-.Xr free 3
diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
deleted file mode 100644
index 5724ce1876c8..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_sname_to_principal ,
-.Nm krb5_sock_to_principal
-.Nd create a service principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Sh DESCRIPTION
-These functions create a
-.Dq service
-principal that can, for instance, be used to lookup a key in a keytab. For both these function the
-.Fa sname
-parameter will be used for the first component of the created principal. If
-.Fa sname
-is
-.Dv NULL ,
-.Dq host
-will be used instead.
-.Fn krb5_sname_to_principal
-will use the passed
-.Fa hostname
-for the second component. If type
-.Dv KRB5_NT_SRV_HST
-this name will be looked up with
-.Fn gethostbyname .
-If
-.Fa hostname is
-.Dv NULL ,
-the local hostname will be used.
-.Pp
-.Fn krb5_sock_to_principal
-will use the
-.Dq sockname
-of the passed
-.Fa socket ,
-which should be a bound
-.Dv AF_INET
-socket.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3
deleted file mode 100644
index 6d5dbb3ddf56..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_timeofday.3
+++ /dev/null
@@ -1,57 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_timeofday.3,v 1.5 2003/04/16 13:58:18 lha Exp $
-.\"
-.Dd July  1, 2001
-.Dt KRB5_TIMEOFDAY 3
-.Sh NAME
-.Nm krb5_timeofday ,
-.Nm krb5_us_timeofday
-.Nd whatever these functions do
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "krb5_error_code"
-.Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret"
-.Ft "krb5_error_code"
-.Fn krb5_us_timeofday "krb5_context context" "int32_t *sec" "int32_t *usec"
-.Sh DESCRIPTION
-.Fn krb5_timeofday
-returns the current time, but adjusted with the time difference
-between the local host and the KDC.
-.Fn krb5_us_timeofday
-also returns microseconds.
-.Pp
-.\".Sh EXAMPLE
-.Sh SEE ALSO
-.Xr gettimeofday 2
diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
deleted file mode 100644
index ed96c5d34fe8..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\"
-.\" $Id: krb5_unparse_name.3,v 1.8 2003/04/16 13:58:18 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_UNPARSE_NAME 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_unparse_name
-.\" .Nm krb5_unparse_name_ext
-.Nd principal to string conversion
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name"
-.\" .Ft krb5_error_code
-.\" .Fn krb5_unparse_name_ext "krb5_context context" "krb5_const_principal principal" "char **name" "size_t *size"
-.Sh DESCRIPTION
-This function takes a
-.Fa principal ,
-and will convert in to a printable representation with the same syntax
-as described in
-.Xr krb5_parse_name 3 .
-.Fa *name
-will point to allocated data and should be freed by the caller.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3
diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3
deleted file mode 100644
index 1357ef186ebe..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_verify_user.3
+++ /dev/null
@@ -1,225 +0,0 @@
-.\" Copyright (c) 2001 - 2003 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5_verify_user.3,v 1.10 2003/04/16 13:58:11 lha Exp $
-.\" 
-.Dd March 25, 2003
-.Dt KRB5_VERIFY_USER 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_verify_user ,
-.Nm krb5_verify_user_lrealm ,
-.Nm krb5_verify_user_opt ,
-.Nm krb5_verify_opt_init
-.Nm krb5_verify_opt_set_flags ,
-.Nm krb5_verify_opt_set_service ,
-.Nm krb5_verify_opt_set_secure ,
-.Nm krb5_verify_opt_set_keytab
-.Nd Heimdal password verifying functions.
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
-.Ft krb5_error_code
-.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
-.Ft void
-.Fn krb5_verify_opt_init "krb5_verify_opt *opt"
-.Ft void
-.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache"
-.Ft void
-.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab"
-.Ft void
-.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure"
-.Ft void
-.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service"
-.Ft void
-.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags"
-.Ft krb5_error_code
-.Fo krb5_verify_user_opt
-.Fa "krb5_context context"
-.Fa "krb5_principal principal"
-.Fa "const char *password"
-.Fa "krb5_verify_opt *opt"
-.Fc
-.Sh DESCRIPTION
-The
-.Nm krb5_verify_user
-function verifies the password supplied by a user.
-The principal whose password will be verified is specified in
-.Fa principal .
-New tickets will be obtained as a side-effect and stored in
-.Fa ccache
-(if 
-.Dv NULL ,
-the default ccache is used).
-.Fn krb5_verify_user
-will call
-.Fn krb5_cc_initialize
-on the given
-.Fa ccache ,
-so
-.Fa ccache
-must only initialized with
-.Fn krb5_cc_resolve
-or
-.Fn krb5_cc_gen_new .
-If the password is not supplied in
-.Fa password
-(and is given as
-.Dv NULL )
-the user will be prompted for it.
-If
-.Fa secure
-the ticket will be verified against the locally stored service key
-.Fa service
-(by default
-.Ql host
-if given as
-.Dv NULL
-).
-.Pp
-The
-.Nm krb5_verify_user_lrealm
-function does the same, except that it ignores the realm in
-.Fa principal
-and tries all the local realms (see
-.Xr krb5.conf 5 ) .
-After a successful return, the principal is set to the authenticated
-realm. If the call fails, the principal will not be meaningful, and
-should only be freed with
-.Xr krb5_free_principal 3 .
-.Pp
-.Fn krb5_verify_opt_init
-resets all opt to default values.
-.Pp
-None of the krb5_verify_opt_set function makes a copy of the data
-structure that they are called with. Its up the caller to free them
-after the
-.Fn krb5_verify_user_opt
-is called.
-.Pp
-.Fn krb5_verify_opt_set_ccache
-sets the
-.Fa ccache
-that user of
-.Fa opt
-will use. If not set, the default credential cache will be used.
-.Pp
-.Fn krb5_verify_opt_set_keytab
-sets the
-.Fa keytab
-that user of
-.Fa opt
-will use. If not set, the default keytab will be used.
-.Pp
-.Fn krb5_verify_opt_set_secure
-if
-.Fa secure
-if true, the password verification will require that the ticket will
-be verified against the locally stored service key. If not set,
-default value is true.
-.Pp
-.Fn krb5_verify_opt_set_service
-sets the
-.Fa service
-principal that user of
-.Fa opt
-will use. If not set, the
-.Ql host
-service will be used.
-.Pp
-.Fn krb5_verify_opt_set_flags
-sets
-.Fa flags
-that user of
-.Fa opt
-will use.
-If the flag
-.Dv KRB5_VERIFY_LREALMS
-is used, the
-.Fa principal
-will be modified like
-.Fn krb5_verify_user_lrealm
-modifies it.
-.Pp
-.Fn krb5_verify_user_opt
-function verifies the
-.Fa password
-supplied by a user.
-The principal whose password will be verified is specified in
-.Fa principal .
-Options the to the verification process is pass in in
-.Fa opt .
-.Sh EXAMPLE
-Here is a example program that verifies a password. it uses the
-.Ql host/`hostname`
-service principal in
-.Pa krb5.keytab .
-.Bd -literal
-#include <krb5.h>
-
-int
-main(int argc, char **argv)
-{
-    char *user;
-    krb5_error_code error;
-    krb5_principal princ;
-    krb5_context context;
-
-    if (argc != 2)
-	errx(1, "usage: verify_passwd <principal-name>");
-
-    user = argv[1];
-
-    if (krb5_init_context(&context) < 0)
-	errx(1, "krb5_init_context");
-
-    if ((error = krb5_parse_name(context, user, &princ)) != 0)
-	krb5_err(context, 1, error, "krb5_parse_name");
-
-    error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
-    if (error)
-        krb5_err(context, 1, error, "krb5_verify_user");
-
-    return 0;
-}
-.Ed
-.Sh SEE ALSO
-.Xr krb5_err 3 ,
-.Xr krb5_cc_gen_new 3 ,
-.Xr krb5_cc_resolve 3 ,
-.Xr krb5_cc_initialize 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_init_context 3 ,
-.Xr krb5_kt_default 3 ,
-.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3
deleted file mode 100644
index 7ed4b31fbc1d..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_warn.3
+++ /dev/null
@@ -1,68 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska H�gskolan
-.\" $Id: krb5_warn.3,v 1.7 2003/04/16 19:31:49 lha Exp $
-.Dd August 8, 1997
-.Dt KRB5_WARN 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_warn ,
-.Nm krb5_warnx ,
-.Nm krb5_vwarn ,
-.Nm krb5_vwarnx ,
-.Nm krb5_err ,
-.Nm krb5_errx ,
-.Nm krb5_verr ,
-.Nm krb5_verrx ,
-.Nm krb5_set_warn_dest
-.Nd Heimdal warning and error functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_errx "krb5_context context" "int eval" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_verr "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_verrx "krb5_context context" "int eval" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vwarn "krb5_context context" "krb5_error_code code" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_vwarnx "krb5_context context" "const char *format" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_warn "krb5_context context" "krb5_error_code code" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_warnx "krb5_context context" "const char *format" "..."
-.Ft krb5_error_code
-.Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility"
-.Ft "char *"
-.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code"
-.Sh DESCRIPTION
-These functions prints a warning message to some destination.
-.Fa format
-is a printf style format specifying the message to print. The forms not ending in an
-.Dq x
-prints the error string associated with
-.Fa code
-along with the message.
-The
-.Dq err
-functions exits with exit status
-.Fa eval
-after printing the message.
-.Pp
-The
-.Fn krb5_set_warn_func
-function sets the destination for warning messages to the specified
-.Fa facility .
-Messages logged with the
-.Dq warn
-functions have a log level of 1, while the
-.Dq err
-functions logs with level 0.
-.Pp
-.Fn krb5_get_err_text
-fetches the human readable strings describing the error-code.
-.Sh SEE ALSO
-.Xr krb5_openlog 3
diff --git a/crypto/heimdal/lib/krb5/krbhst-test.c b/crypto/heimdal/lib/krb5/krbhst-test.c
deleted file mode 100644
index bf981047062c..000000000000
--- a/crypto/heimdal/lib/krb5/krbhst-test.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: krbhst-test.c,v 1.3 2002/08/23 03:43:18 assar Exp $");
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "[realms ...]");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    int i, j;
-    krb5_context context;
-    int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW,
-		   KRB5_KRBHST_KRB524};
-    const char *type_str[] = {"kdc", "admin", "changepw", "krb524"};
-    int optind = 0;
-    
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    krb5_init_context (&context);
-    for(i = 0; i < argc; i++) {
-	krb5_krbhst_handle handle;
-	char host[MAXHOSTNAMELEN];
-
-	for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
-	    printf ("%s for %s:\n", type_str[j], argv[i]);
-
-	    krb5_krbhst_init(context, argv[i], types[j], &handle);
-	    while(krb5_krbhst_next_as_string(context, handle,
-					     host, sizeof(host)) == 0)
-		printf("%s\n", host);
-	    krb5_krbhst_reset(context, handle);
-	    printf ("\n");
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c
deleted file mode 100644
index e0cc9f47f217..000000000000
--- a/crypto/heimdal/lib/krb5/krbhst.c
+++ /dev/null
@@ -1,823 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <resolve.h>
-
-RCSID("$Id: krbhst.c,v 1.43.2.1 2003/04/22 15:00:38 lha Exp $");
-
-static int
-string_to_proto(const char *string)
-{
-    if(strcasecmp(string, "udp") == 0)
-	return KRB5_KRBHST_UDP;
-    else if(strcasecmp(string, "tcp") == 0) 
-	return KRB5_KRBHST_TCP;
-    else if(strcasecmp(string, "http") == 0) 
-	return KRB5_KRBHST_HTTP;
-    return -1;
-}
-
-/*
- * set `res' and `count' to the result of looking up SRV RR in DNS for
- * `proto', `proto', `realm' using `dns_type'.
- * if `port' != 0, force that port number
- */
-
-static krb5_error_code
-srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, 
-	       const char *realm, const char *dns_type,
-	       const char *proto, const char *service, int port)
-{
-    char domain[1024];
-    struct dns_reply *r;
-    struct resource_record *rr;
-    int num_srv;
-    int proto_num;
-    int def_port;
-
-    proto_num = string_to_proto(proto);
-    if(proto_num < 0) {
-	krb5_set_error_string(context, "unknown protocol `%s'", proto);
-	return EINVAL;
-    }
-
-    if(proto_num == KRB5_KRBHST_HTTP)
-	def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
-    else if(port == 0)
-	def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
-    else
-	def_port = port;
-
-    snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
-
-    r = dns_lookup(domain, dns_type);
-    if(r == NULL) {
-	*res = NULL;
-	*count = 0;
-	return KRB5_KDC_UNREACH;
-    }
-
-    for(num_srv = 0, rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV)
-	    num_srv++;
-
-    *res = malloc(num_srv * sizeof(**res));
-    if(*res == NULL) {
-	dns_free_data(r);
-	krb5_set_error_string(context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    dns_srv_order(r);
-
-    for(num_srv = 0, rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV) {
-	    krb5_krbhst_info *hi;
-	    size_t len = strlen(rr->u.srv->target);
-
-	    hi = calloc(1, sizeof(*hi) + len);
-	    if(hi == NULL) {
-		dns_free_data(r);
-		while(--num_srv >= 0)
-		    free((*res)[num_srv]);
-		free(*res);
-		return ENOMEM;
-	    }
-	    (*res)[num_srv++] = hi;
-
-	    hi->proto = proto_num;
-	    
-	    hi->def_port = def_port;
-	    if (port != 0)
-		hi->port = port;
-	    else
-		hi->port = rr->u.srv->port;
-
-	    strlcpy(hi->hostname, rr->u.srv->target, len + 1);
-	}
-
-    *count = num_srv;
-	    
-    dns_free_data(r);
-    return 0;
-}
-
-
-struct krb5_krbhst_data {
-    char *realm;
-    unsigned int flags;
-    int def_port;
-    int port;			/* hardwired port number if != 0 */
-#define KD_CONFIG		1
-#define KD_SRV_UDP		2
-#define KD_SRV_TCP		4
-#define KD_SRV_HTTP		8
-#define KD_FALLBACK	       16
-#define KD_CONFIG_EXISTS       32
-
-    krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, 
-				krb5_krbhst_info**);
-
-    unsigned int fallback_count;
-
-    struct krb5_krbhst_info *hosts, **index, **end;
-};
-
-static krb5_boolean
-krbhst_empty(const struct krb5_krbhst_data *kd)
-{
-    return kd->index == &kd->hosts;
-}
-
-/*
- * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port'
- * and forcing it to `port' if port != 0
- */
-
-static struct krb5_krbhst_info*
-parse_hostspec(krb5_context context, const char *spec, int def_port, int port)
-{
-    const char *p = spec;
-    struct krb5_krbhst_info *hi;
-    
-    hi = calloc(1, sizeof(*hi) + strlen(spec));
-    if(hi == NULL)
-	return NULL;
-       
-    hi->proto = KRB5_KRBHST_UDP;
-
-    if(strncmp(p, "http://", 7) == 0){
-	hi->proto = KRB5_KRBHST_HTTP;
-	p += 7;
-    } else if(strncmp(p, "http/", 5) == 0) {
-	hi->proto = KRB5_KRBHST_HTTP;
-	p += 5;
-	def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
-    }else if(strncmp(p, "tcp/", 4) == 0){
-	hi->proto = KRB5_KRBHST_TCP;
-	p += 4;
-    } else if(strncmp(p, "udp/", 4) == 0) {
-	p += 4;
-    }
-
-    if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
-	free(hi);
-	return NULL;
-    }
-    /* get rid of trailing /, and convert to lower case */
-    hi->hostname[strcspn(hi->hostname, "/")] = '\0';
-    strlwr(hi->hostname);
-
-    hi->port = hi->def_port = def_port;
-    if(p != NULL) {
-	char *end;
-	hi->port = strtol(p, &end, 0);
-	if(end == p) {
-	    free(hi);
-	    return NULL;
-	}
-    }
-    if (port)
-	hi->port = port;
-    return hi;
-}
-
-static void
-free_krbhst_info(krb5_krbhst_info *hi)
-{
-    if (hi->ai != NULL)
-	freeaddrinfo(hi->ai);
-    free(hi);
-}
-
-static void
-append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host)
-{
-    struct krb5_krbhst_info *h;
-
-    for(h = kd->hosts; h; h = h->next)
-	if(h->proto == host->proto && 
-	   h->port == host->port && 
-	   strcmp(h->hostname, host->hostname) == 0) {
-	    free_krbhst_info(host);
-	    return;
-	}
-    *kd->end = host;
-    kd->end = &host->next;
-}
-
-static krb5_error_code
-append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
-		   const char *host, int def_port, int port)
-{
-    struct krb5_krbhst_info *hi;
-
-    hi = parse_hostspec(context, host, def_port, port);
-    if(hi == NULL)
-	return ENOMEM;
-    
-    append_host_hostinfo(kd, hi);
-    return 0;
-}
-
-/*
- * return a readable representation of `host' in `hostname, hostlen'
- */
-
-krb5_error_code
-krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, 
-			  char *hostname, size_t hostlen)
-{
-    const char *proto = "";
-    char portstr[7] = "";
-    if(host->proto == KRB5_KRBHST_TCP)
-	proto = "tcp/";
-    else if(host->proto == KRB5_KRBHST_HTTP)
-	proto = "http://";
-    if(host->port != host->def_port)
-	snprintf(portstr, sizeof(portstr), ":%d", host->port);
-    snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr);
-    return 0;
-}
-
-/*
- * create a getaddrinfo `hints' based on `proto'
- */
-
-static void
-make_hints(struct addrinfo *hints, int proto)
-{
-    memset(hints, 0, sizeof(*hints));
-    hints->ai_family = AF_UNSPEC;
-    switch(proto) {
-    case KRB5_KRBHST_UDP :
-	hints->ai_socktype = SOCK_DGRAM;
-	break;
-    case KRB5_KRBHST_HTTP :
-    case KRB5_KRBHST_TCP :
-	hints->ai_socktype = SOCK_STREAM;
-	break;
-    }
-}
-
-/*
- * return an `struct addrinfo *' in `ai' corresponding to the information
- * in `host'.  free:ing is handled by krb5_krbhst_free.
- */
-
-krb5_error_code
-krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
-			 struct addrinfo **ai)
-{
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-    int ret;
-
-    if (host->ai == NULL) {
-	make_hints(&hints, host->proto);
-	snprintf (portstr, sizeof(portstr), "%d", host->port);
-	ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
-	if (ret)
-	    return krb5_eai_to_heim_errno(ret, errno);
-    }
-    *ai = host->ai;
-    return 0;
-}
-
-static krb5_boolean
-get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host)
-{
-    struct krb5_krbhst_info *hi = *kd->index;
-    if(hi != NULL) {
-	*host = hi;
-	kd->index = &(*kd->index)->next;
-	return TRUE;
-    }
-    return FALSE;
-}
-
-static void
-srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-	const char *proto, const char *service)
-{
-    krb5_krbhst_info **res;
-    int count, i;
-
-    srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
-		   kd->port);
-    for(i = 0; i < count; i++)
-	append_host_hostinfo(kd, res[i]);
-    free(res);
-}
-
-/*
- * read the configuration for `conf_string', defaulting to kd->def_port and
- * forcing it to `kd->port' if kd->port != 0
- */
-
-static void
-config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-		 const char *conf_string)
-{
-    int i;
-	
-    char **hostlist;
-    hostlist = krb5_config_get_strings(context, NULL, 
-				       "realms", kd->realm, conf_string, NULL);
-
-    if(hostlist == NULL)
-	return;
-    kd->flags |= KD_CONFIG_EXISTS;
-    for(i = 0; hostlist && hostlist[i] != NULL; i++)
-	append_host_string(context, kd, hostlist[i], kd->def_port, kd->port);
-
-    krb5_config_free_strings(hostlist);
-}
-
-/*
- * as a fallback, look for `serv_string.kd->realm' (typically
- * kerberos.REALM, kerberos-1.REALM, ...
- * `port' is the default port for the service, and `proto' the 
- * protocol
- */
-
-static krb5_error_code
-fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, 
-		   const char *serv_string, int port, int proto)
-{
-    char *host;
-    int ret;
-    struct addrinfo *ai;
-    struct addrinfo hints;
-    char portstr[NI_MAXSERV];
-
-    if(kd->fallback_count == 0)
-	asprintf(&host, "%s.%s.", serv_string, kd->realm);
-    else
-	asprintf(&host, "%s-%d.%s.", 
-		 serv_string, kd->fallback_count, kd->realm);	    
-
-    if (host == NULL)
-	return ENOMEM;
-    
-    make_hints(&hints, proto);
-    snprintf(portstr, sizeof(portstr), "%d", port);
-    ret = getaddrinfo(host, portstr, &hints, &ai);
-    if (ret) {
-	/* no more hosts, so we're done here */
-	free(host);
-	kd->flags |= KD_FALLBACK;
-    } else {
-	struct krb5_krbhst_info *hi;
-	size_t hostlen = strlen(host);
-
-	hi = calloc(1, sizeof(*hi) + hostlen);
-	if(hi == NULL) {
-	    free(host);
-	    return ENOMEM;
-	}
-
-	hi->proto = proto;
-	hi->port  = hi->def_port = port;
-	hi->ai    = ai;
-	memmove(hi->hostname, host, hostlen - 1);
-	hi->hostname[hostlen - 1] = '\0';
-	free(host);
-	append_host_hostinfo(kd, hi);
-	kd->fallback_count++;
-    }
-    return 0;
-}
-
-static krb5_error_code
-kdc_get_next(krb5_context context,
-	     struct krb5_krbhst_data *kd,
-	     krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "kdc");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "kerberos");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kerberos");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-	if((kd->flags & KD_SRV_HTTP) == 0) {
-	    srv_get_hosts(context, kd, "http", "kerberos");
-	    kd->flags |= KD_SRV_HTTP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    while((kd->flags & KD_FALLBACK) == 0) {
-	ret = fallback_get_hosts(context, kd, "kerberos",
-				 kd->def_port, KRB5_KRBHST_UDP);
-	if(ret)
-	    return ret;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static krb5_error_code
-admin_get_next(krb5_context context,
-	       struct krb5_krbhst_data *kd,
-	       krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "admin_server");
-	kd->flags |= KD_CONFIG;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "kerberos-adm");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    if (krbhst_empty(kd)
-	&& (kd->flags & KD_FALLBACK) == 0) {
-	ret = fallback_get_hosts(context, kd, "kerberos",
-				 kd->def_port, KRB5_KRBHST_UDP);
-	if(ret)
-	    return ret;
-	kd->flags |= KD_FALLBACK;
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    return KRB5_KDC_UNREACH;	/* XXX */
-}
-
-static krb5_error_code
-kpasswd_get_next(krb5_context context,
-		 struct krb5_krbhst_data *kd,
-		 krb5_krbhst_info **host)
-{
-    krb5_error_code ret;
-
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "kpasswd_server");
-	if(get_next(kd, host))
-	    return 0;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "kpasswd");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    /* no matches -> try admin */
-
-    if (krbhst_empty(kd)) {
-	kd->flags = 0;
-	kd->port  = kd->def_port;
-	kd->get_next = admin_get_next;
-	ret = (*kd->get_next)(context, kd, host);
-	if (ret == 0)
-	    (*host)->proto = KRB5_KRBHST_UDP;
-	return ret;
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static krb5_error_code
-krb524_get_next(krb5_context context,
-		struct krb5_krbhst_data *kd,
-		krb5_krbhst_info **host)
-{
-    if((kd->flags & KD_CONFIG) == 0) {
-	config_get_hosts(context, kd, "krb524_server");
-	if(get_next(kd, host))
-	    return 0;
-	kd->flags |= KD_CONFIG;
-    }
-
-    if (kd->flags & KD_CONFIG_EXISTS)
-	return KRB5_KDC_UNREACH; /* XXX */
-
-    if(context->srv_lookup) {
-	if((kd->flags & KD_SRV_UDP) == 0) {
-	    srv_get_hosts(context, kd, "udp", "krb524");
-	    kd->flags |= KD_SRV_UDP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-
-	if((kd->flags & KD_SRV_TCP) == 0) {
-	    srv_get_hosts(context, kd, "tcp", "krb524");
-	    kd->flags |= KD_SRV_TCP;
-	    if(get_next(kd, host))
-		return 0;
-	}
-    }
-
-    /* no matches -> try kdc */
-
-    if (krbhst_empty(kd)) {
-	kd->flags = 0;
-	kd->port  = kd->def_port;
-	kd->get_next = kdc_get_next;
-	return (*kd->get_next)(context, kd, host);
-    }
-
-    return KRB5_KDC_UNREACH; /* XXX */
-}
-
-static struct krb5_krbhst_data*
-common_init(krb5_context context,
-	    const char *realm)
-{
-    struct krb5_krbhst_data *kd;
-
-    if((kd = calloc(1, sizeof(*kd))) == NULL)
-	return NULL;
-
-    if((kd->realm = strdup(realm)) == NULL) {
-	free(kd);
-	return NULL;
-    }
-
-    kd->end = kd->index = &kd->hosts;
-    return kd;
-}
-
-/*
- * initialize `handle' to look for hosts of type `type' in realm `realm'
- */
-
-krb5_error_code
-krb5_krbhst_init(krb5_context context,
-		 const char *realm,
-		 unsigned int type,
-		 krb5_krbhst_handle *handle)
-{
-    struct krb5_krbhst_data *kd;
-    krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, 
-				krb5_krbhst_info **);
-    int def_port;
-
-    switch(type) {
-    case KRB5_KRBHST_KDC:
-	get_next = kdc_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
-	break;
-    case KRB5_KRBHST_ADMIN:
-	get_next = admin_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
-					     "tcp", 749));
-	break;
-    case KRB5_KRBHST_CHANGEPW:
-	get_next = kpasswd_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
-					     KPASSWD_PORT));
-	break;
-    case KRB5_KRBHST_KRB524:
-	get_next = krb524_get_next;
-	def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
-	break;
-    default:
-	krb5_set_error_string(context, "unknown krbhst type (%u)", type);
-	return ENOTTY;
-    }
-    if((kd = common_init(context, realm)) == NULL)
-	return ENOMEM;
-    kd->get_next = get_next;
-    kd->def_port = def_port;
-    *handle = kd;
-    return 0;
-}
-
-/*
- * return the next host information from `handle' in `host'
- */
-
-krb5_error_code
-krb5_krbhst_next(krb5_context context,
-		 krb5_krbhst_handle handle,
-		 krb5_krbhst_info **host)
-{
-    if(get_next(handle, host))
-	return 0;
-
-    return (*handle->get_next)(context, handle, host);
-}
-
-/*
- * return the next host information from `handle' as a host name
- * in `hostname' (or length `hostlen)
- */
-
-krb5_error_code
-krb5_krbhst_next_as_string(krb5_context context,
-			   krb5_krbhst_handle handle,
-			   char *hostname,
-			   size_t hostlen)
-{
-    krb5_error_code ret;
-    krb5_krbhst_info *host;
-    ret = krb5_krbhst_next(context, handle, &host);
-    if(ret)
-	return ret;
-    return krb5_krbhst_format_string(context, host, hostname, hostlen);
-}
-
-
-void
-krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
-{
-    handle->index = &handle->hosts;
-}
-
-void
-krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
-{
-    krb5_krbhst_info *h, *next;
-
-    if (handle == NULL)
-	return;
-
-    for (h = handle->hosts; h != NULL; h = next) {
-	next = h->next;
-	free_krbhst_info(h);
-    }
-
-    free(handle->realm);
-    free(handle);
-}
-
-/* backwards compatibility ahead */
-
-static krb5_error_code
-gethostlist(krb5_context context, const char *realm, 
-	    unsigned int type, char ***hostlist)
-{
-    krb5_error_code ret;
-    int nhost = 0;
-    krb5_krbhst_handle handle;
-    char host[MAXHOSTNAMELEN];
-    krb5_krbhst_info *hostinfo;
-
-    ret = krb5_krbhst_init(context, realm, type, &handle);
-    if (ret)
-	return ret;
-
-    while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
-	nhost++;
-    if(nhost == 0)
-	return KRB5_KDC_UNREACH;
-    *hostlist = calloc(nhost + 1, sizeof(**hostlist));
-    if(*hostlist == NULL) {
-	krb5_krbhst_free(context, handle);
-	return ENOMEM;
-    }
-
-    krb5_krbhst_reset(context, handle);
-    nhost = 0;
-    while(krb5_krbhst_next_as_string(context, handle, 
-				     host, sizeof(host)) == 0) {
-	if(((*hostlist)[nhost++] = strdup(host)) == NULL) {
-	    krb5_free_krbhst(context, *hostlist);
-	    krb5_krbhst_free(context, handle);
-	    return ENOMEM;
-	}
-    }
-    (*hostlist)[nhost++] = NULL;
-    krb5_krbhst_free(context, handle);
-    return 0;
-}
-
-/*
- * return an malloced list of kadmin-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code
-krb5_get_krb_admin_hst (krb5_context context,
-			const krb5_realm *realm,
-			char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist);
-}
-
-/*
- * return an malloced list of changepw-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code
-krb5_get_krb_changepw_hst (krb5_context context,
-			   const krb5_realm *realm,
-			   char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist);
-}
-
-/*
- * return an malloced list of 524-hosts for `realm' in `hostlist'
- */
-
-krb5_error_code
-krb5_get_krb524hst (krb5_context context,
-		    const krb5_realm *realm,
-		    char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist);
-}
-
-
-/*
- * return an malloced list of KDC's for `realm' in `hostlist'
- */
-
-krb5_error_code
-krb5_get_krbhst (krb5_context context,
-		 const krb5_realm *realm,
-		 char ***hostlist)
-{
-    return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist);
-}
-
-/*
- * free all the memory allocated in `hostlist'
- */
-
-krb5_error_code
-krb5_free_krbhst (krb5_context context,
-		  char **hostlist)
-{
-    char **p;
-
-    for (p = hostlist; *p; ++p)
-	free (*p);
-    free (hostlist);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c
deleted file mode 100644
index a79532e21b66..000000000000
--- a/crypto/heimdal/lib/krb5/kuserok.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: kuserok.c,v 1.7 2003/03/13 19:53:43 lha Exp $");
-
-/*
- * Return TRUE iff `principal' is allowed to login as `luser'.
- */
-
-krb5_boolean
-krb5_kuserok (krb5_context context,
-	      krb5_principal principal,
-	      const char *luser)
-{
-    char buf[BUFSIZ];
-    struct passwd *pwd;
-    FILE *f;
-    krb5_realm *realms, *r;
-    krb5_error_code ret;
-    krb5_boolean b;
-
-    pwd = getpwnam (luser);	/* XXX - Should use k_getpwnam? */
-    if (pwd == NULL)
-	return FALSE;
-
-    ret = krb5_get_default_realms (context, &realms);
-    if (ret)
-	return FALSE;
-
-    for (r = realms; *r != NULL; ++r) {
-	krb5_principal local_principal;
-
-	ret = krb5_build_principal (context,
-				    &local_principal,
-				    strlen(*r),
-				    *r,
-				    luser,
-				    NULL);
-	if (ret) {
-	    krb5_free_host_realm (context, realms);
-	    return FALSE;
-	}
-
-	b = krb5_principal_compare (context, principal, local_principal);
-	krb5_free_principal (context, local_principal);
-	if (b) {
-	    krb5_free_host_realm (context, realms);
-	    return TRUE;
-	}
-    }
-    krb5_free_host_realm (context, realms);
-
-    snprintf (buf, sizeof(buf), "%s/.k5login", pwd->pw_dir);
-    f = fopen (buf, "r");
-    if (f == NULL)
-	return FALSE;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
-	krb5_principal tmp;
-
-	buf[strcspn(buf, "\n")] = '\0';
-	ret = krb5_parse_name (context, buf, &tmp);
-	if (ret) {
-	    fclose (f);
-	    return FALSE;
-	}
-	b = krb5_principal_compare (context, principal, tmp);
-	krb5_free_principal (context, tmp);
-	if (b) {
-	    fclose (f);
-	    return TRUE;
-	}
-    }
-    fclose (f);
-    return FALSE;
-}
diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c
deleted file mode 100644
index bd7451b4bcb7..000000000000
--- a/crypto/heimdal/lib/krb5/log.c
+++ /dev/null
@@ -1,461 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $");
-
-struct facility {
-    int min;
-    int max;
-    krb5_log_log_func_t log;
-    krb5_log_close_func_t close;
-    void *data;
-};
-
-static struct facility*
-log_realloc(krb5_log_facility *f)
-{
-    struct facility *fp;
-    f->len++;
-    fp = realloc(f->val, f->len * sizeof(*f->val));
-    if(fp == NULL)
-	return NULL;
-    f->val = fp;
-    fp += f->len - 1;
-    return fp;
-}
-
-struct s2i {
-    const char *s;
-    int val;
-};
-
-#define L(X) { #X, LOG_ ## X }
-
-static struct s2i syslogvals[] = {
-    L(EMERG),
-    L(ALERT),
-    L(CRIT),
-    L(ERR),
-    L(WARNING),
-    L(NOTICE),
-    L(INFO),
-    L(DEBUG),
-
-    L(AUTH),
-#ifdef LOG_AUTHPRIV
-    L(AUTHPRIV),
-#endif
-#ifdef LOG_CRON
-    L(CRON),
-#endif
-    L(DAEMON),
-#ifdef LOG_FTP
-    L(FTP),
-#endif
-    L(KERN),
-    L(LPR),
-    L(MAIL),
-#ifdef LOG_NEWS
-    L(NEWS),
-#endif
-    L(SYSLOG),
-    L(USER),
-#ifdef LOG_UUCP
-    L(UUCP),
-#endif
-    L(LOCAL0),
-    L(LOCAL1),
-    L(LOCAL2),
-    L(LOCAL3),
-    L(LOCAL4),
-    L(LOCAL5),
-    L(LOCAL6),
-    L(LOCAL7),
-    { NULL, -1 }
-};
-
-static int
-find_value(const char *s, struct s2i *table)
-{
-    while(table->s && strcasecmp(table->s, s))
-	table++;
-    return table->val;
-}
-
-krb5_error_code
-krb5_initlog(krb5_context context,
-	     const char *program,
-	     krb5_log_facility **fac)
-{
-    krb5_log_facility *f = calloc(1, sizeof(*f));
-    if(f == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    f->program = strdup(program);
-    if(f->program == NULL){
-	free(f);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *fac = f;
-    return 0;
-}
-
-krb5_error_code
-krb5_addlog_func(krb5_context context,
-		 krb5_log_facility *fac,
-		 int min,
-		 int max,
-		 krb5_log_log_func_t log,
-		 krb5_log_close_func_t close,
-		 void *data)
-{
-    struct facility *fp = log_realloc(fac);
-    if(fp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    fp->min = min;
-    fp->max = max;
-    fp->log = log;
-    fp->close = close;
-    fp->data = data;
-    return 0;
-}
-
-
-struct _heimdal_syslog_data{
-    int priority;
-};
-
-static void
-log_syslog(const char *time,
-	   const char *msg,
-	   void *data)
-     
-{
-    struct _heimdal_syslog_data *s = data;
-    syslog(s->priority, "%s", msg);
-}
-
-static void
-close_syslog(void *data)
-{
-    free(data);
-    closelog();
-}
-
-static krb5_error_code
-open_syslog(krb5_context context,
-	    krb5_log_facility *facility, int min, int max,
-	    const char *sev, const char *fac)
-{
-    struct _heimdal_syslog_data *sd = malloc(sizeof(*sd));
-    int i;
-
-    if(sd == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    i = find_value(sev, syslogvals);
-    if(i == -1)
-	i = LOG_ERR;
-    sd->priority = i;
-    i = find_value(fac, syslogvals);
-    if(i == -1)
-	i = LOG_AUTH;
-    sd->priority |= i;
-    roken_openlog(facility->program, LOG_PID | LOG_NDELAY, i);
-    return krb5_addlog_func(context, facility, min, max,
-			    log_syslog, close_syslog, sd);
-}
-
-struct file_data{
-    const char *filename;
-    const char *mode;
-    FILE *fd;
-    int keep_open;
-};
-
-static void
-log_file(const char *time,
-	 const char *msg,
-	 void *data)
-{
-    struct file_data *f = data;
-    if(f->keep_open == 0)
-	f->fd = fopen(f->filename, f->mode);
-    if(f->fd == NULL)
-	return;
-    fprintf(f->fd, "%s %s\n", time, msg);
-    if(f->keep_open == 0)
-	fclose(f->fd);
-}
-
-static void
-close_file(void *data)
-{
-    struct file_data *f = data;
-    if(f->keep_open && f->filename)
-	fclose(f->fd);
-    free(data);
-}
-
-static krb5_error_code
-open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
-	  const char *filename, const char *mode, FILE *f, int keep_open)
-{
-    struct file_data *fd = malloc(sizeof(*fd));
-    if(fd == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    fd->filename = filename;
-    fd->mode = mode;
-    fd->fd = f;
-    fd->keep_open = keep_open;
-
-    return krb5_addlog_func(context, fac, min, max, log_file, close_file, fd);
-}
-
-
-
-krb5_error_code
-krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
-{
-    krb5_error_code ret = 0;
-    int min = 0, max = -1, n;
-    char c;
-    const char *p = orig;
-
-    n = sscanf(p, "%d%c%d/", &min, &c, &max);
-    if(n == 2){
-	if(c == '/') {
-	    if(min < 0){
-		max = -min;
-		min = 0;
-	    }else{
-		max = min;
-	    }
-	}
-    }
-    if(n){
-	p = strchr(p, '/');
-	if(p == NULL) {
-	    krb5_set_error_string (context, "failed to parse \"%s\"", orig);
-	    return HEIM_ERR_LOG_PARSE;
-	}
-	p++;
-    }
-    if(strcmp(p, "STDERR") == 0){
-	ret = open_file(context, f, min, max, NULL, NULL, stderr, 1);
-    }else if(strcmp(p, "CONSOLE") == 0){
-	ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0);
-    }else if(strncmp(p, "FILE:", 4) == 0 && (p[4] == ':' || p[4] == '=')){
-	char *fn;
-	FILE *file = NULL;
-	int keep_open = 0;
-	fn = strdup(p + 5);
-	if(fn == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	if(p[4] == '='){
-	    int i = open(fn, O_WRONLY | O_CREAT | 
-			 O_TRUNC | O_APPEND, 0666);
-	    if(i < 0) {
-		ret = errno;
-		krb5_set_error_string (context, "open(%s): %s", fn,
-				       strerror(ret));
-		return ret;
-	    }
-	    file = fdopen(i, "a");
-	    if(file == NULL){
-		ret = errno;
-		close(i);
-		krb5_set_error_string (context, "fdopen(%s): %s", fn,
-				       strerror(ret));
-		return ret;
-	    }
-	    keep_open = 1;
-	}
-	ret = open_file(context, f, min, max, fn, "a", file, keep_open);
-    }else if(strncmp(p, "DEVICE=", 6) == 0){
-	ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
-    }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
-	char severity[128] = "";
-	char facility[128] = "";
-	p += 6;
-	if(*p != '\0')
-	    p++;
-	if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
-	    strsep_copy(&p, ":", facility, sizeof(facility));
-	if(*severity == '\0')
-	    strlcpy(severity, "ERR", sizeof(severity));
- 	if(*facility == '\0')
-	    strlcpy(facility, "AUTH", sizeof(facility));
-	ret = open_syslog(context, f, min, max, severity, facility);
-    }else{
-	krb5_set_error_string (context, "unknown log type: %s", p);
-	ret = HEIM_ERR_LOG_PARSE; /* XXX */
-    }
-    return ret;
-}
-
-
-krb5_error_code
-krb5_openlog(krb5_context context,
-	     const char *program,
-	     krb5_log_facility **fac)
-{
-    krb5_error_code ret;
-    char **p, **q;
-
-    ret = krb5_initlog(context, program, fac);
-    if(ret)
-	return ret;
-
-    p = krb5_config_get_strings(context, NULL, "logging", program, NULL);
-    if(p == NULL)
-	p = krb5_config_get_strings(context, NULL, "logging", "default", NULL);
-    if(p){
-	for(q = p; *q; q++)
-	    ret = krb5_addlog_dest(context, *fac, *q);
-	krb5_config_free_strings(p);
-    }else
-	ret = krb5_addlog_dest(context, *fac, "SYSLOG");
-    return 0;
-}
-
-krb5_error_code
-krb5_closelog(krb5_context context,
-	      krb5_log_facility *fac)
-{
-    int i;
-    for(i = 0; i < fac->len; i++)
-	(*fac->val[i].close)(fac->val[i].data);
-    return 0;
-}
-
-#undef __attribute__
-#define __attribute__(X)
-
-krb5_error_code
-krb5_vlog_msg(krb5_context context,
-	      krb5_log_facility *fac,
-	      char **reply,
-	      int level,
-	      const char *fmt,
-	      va_list ap)
-     __attribute__((format (printf, 5, 0)))
-{
-    
-    char *msg = NULL;
-    const char *actual = NULL;
-    char buf[64];
-    time_t t = 0;
-    int i;
-
-    for(i = 0; fac && i < fac->len; i++)
-	if(fac->val[i].min <= level && 
-	   (fac->val[i].max < 0 || fac->val[i].max >= level)) {
-	    if(t == 0) {
-		t = time(NULL);
-		krb5_format_time(context, t, buf, sizeof(buf), TRUE);
-	    }
-	    if(actual == NULL) {
-		vasprintf(&msg, fmt, ap);
-		if(msg == NULL)
-		    actual = fmt;
-		else
-		    actual = msg;
-	    }
-	    (*fac->val[i].log)(buf, actual, fac->val[i].data);
-	}
-    if(reply == NULL)
-	free(msg);
-    else
-	*reply = msg;
-    return 0;
-}
-
-krb5_error_code
-krb5_vlog(krb5_context context,
-	  krb5_log_facility *fac,
-	  int level,
-	  const char *fmt,
-	  va_list ap)
-     __attribute__((format (printf, 4, 0)))
-{
-    return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
-}
-
-krb5_error_code
-krb5_log_msg(krb5_context context,
-	     krb5_log_facility *fac,
-	     int level,
-	     char **reply,
-	     const char *fmt,
-	     ...)
-     __attribute__((format (printf, 5, 6)))
-{
-    va_list ap;
-    krb5_error_code ret;
-
-    va_start(ap, fmt);
-    ret = krb5_vlog_msg(context, fac, reply, level, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-krb5_error_code
-krb5_log(krb5_context context,
-	 krb5_log_facility *fac,
-	 int level,
-	 const char *fmt,
-	 ...)
-     __attribute__((format (printf, 4, 5)))
-{
-    va_list ap;
-    krb5_error_code ret;
-
-    va_start(ap, fmt);
-    ret = krb5_vlog(context, fac, level, fmt, ap);
-    va_end(ap);
-    return ret;
-}
-
diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c
deleted file mode 100644
index 63b45bb9f107..000000000000
--- a/crypto/heimdal/lib/krb5/mcache.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: mcache.c,v 1.15 2002/04/18 09:40:33 joda Exp $");
-
-typedef struct krb5_mcache {
-    char *name;
-    unsigned int refcnt;
-    krb5_principal primary_principal;
-    struct link {
-	krb5_creds cred;
-	struct link *next;
-    } *creds;
-    struct krb5_mcache *next;
-} krb5_mcache;
-
-static struct krb5_mcache *mcc_head;
-
-#define	MCACHE(X)	((krb5_mcache *)(X)->data.data)
-
-#define MISDEAD(X)	((X)->primary_principal == NULL)
-
-#define MCC_CURSOR(C) ((struct link*)(C))
-
-static const char*
-mcc_get_name(krb5_context context,
-	     krb5_ccache id)
-{
-    return MCACHE(id)->name;
-}
-
-static krb5_mcache *
-mcc_alloc(const char *name)
-{
-    krb5_mcache *m;
-
-    ALLOC(m, 1);
-    if(m == NULL)
-	return NULL;
-    if(name == NULL)
-	asprintf(&m->name, "%p", m);
-    else
-	m->name = strdup(name);
-    if(m->name == NULL) {
-	free(m);
-	return NULL;
-    }
-    m->refcnt = 1;
-    m->primary_principal = NULL;
-    m->creds = NULL;
-    m->next = mcc_head;
-    mcc_head = m;
-    return m;
-}
-
-static krb5_error_code
-mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
-{
-    krb5_mcache *m;
-
-    for (m = mcc_head; m != NULL; m = m->next)
-	if (strcmp(m->name, res) == 0)
-	    break;
-
-    if (m != NULL) {
-	m->refcnt++;
-	(*id)->data.data = m;
-	(*id)->data.length = sizeof(*m);
-	return 0;
-    }
-
-    m = mcc_alloc(res);
-    if (m == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-
-static krb5_error_code
-mcc_gen_new(krb5_context context, krb5_ccache *id)
-{
-    krb5_mcache *m;
-
-    m = mcc_alloc(NULL);
-
-    if (m == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-
-    (*id)->data.data = m;
-    (*id)->data.length = sizeof(*m);
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_initialize(krb5_context context,
-	       krb5_ccache id,
-	       krb5_principal primary_principal)
-{
-    return krb5_copy_principal (context,
-				primary_principal,
-				&MCACHE(id)->primary_principal);
-}
-
-static krb5_error_code
-mcc_close(krb5_context context,
-	  krb5_ccache id)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (--m->refcnt != 0)
-	return 0;
-
-    if (MISDEAD(m)) {
-	free (m->name);
-	krb5_data_free(&id->data);
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-mcc_destroy(krb5_context context,
-	    krb5_ccache id)
-{
-    krb5_mcache **n, *m = MCACHE(id);
-    struct link *l;
-
-    if (m->refcnt == 0)
-	krb5_abortx(context, "mcc_destroy: refcnt already 0");
-
-    if (!MISDEAD(m)) {
-	/* if this is an active mcache, remove it from the linked
-           list, and free all data */
-	for(n = &mcc_head; n && *n; n = &(*n)->next) {
-	    if(m == *n) {
-		*n = m->next;
-		break;
-	    }
-	}
-	krb5_free_principal (context, m->primary_principal);
-	m->primary_principal = NULL;
-	
-	l = m->creds;
-	while (l != NULL) {
-	    struct link *old;
-	    
-	    krb5_free_creds_contents (context, &l->cred);
-	    old = l;
-	    l = l->next;
-	    free (old);
-	}
-	m->creds = NULL;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_store_cred(krb5_context context,
-	       krb5_ccache id,
-	       krb5_creds *creds)
-{
-    krb5_mcache *m = MCACHE(id);
-    krb5_error_code ret;
-    struct link *l;
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    l = malloc (sizeof(*l));
-    if (l == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_CC_NOMEM;
-    }
-    l->next = m->creds;
-    m->creds = l;
-    memset (&l->cred, 0, sizeof(l->cred));
-    ret = krb5_copy_creds_contents (context, creds, &l->cred);
-    if (ret) {
-	m->creds = l->next;
-	free (l);
-	return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_principal(krb5_context context,
-		  krb5_ccache id,
-		  krb5_principal *principal)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    return krb5_copy_principal (context,
-				m->primary_principal,
-				principal);
-}
-
-static krb5_error_code
-mcc_get_first (krb5_context context,
-	       krb5_ccache id,
-	       krb5_cc_cursor *cursor)
-{
-    krb5_mcache *m = MCACHE(id);
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    *cursor = m->creds;
-    return 0;
-}
-
-static krb5_error_code
-mcc_get_next (krb5_context context,
-	      krb5_ccache id,
-	      krb5_cc_cursor *cursor,
-	      krb5_creds *creds)
-{
-    krb5_mcache *m = MCACHE(id);
-    struct link *l;
-
-    if (MISDEAD(m))
-	return ENOENT;
-
-    l = *cursor;
-    if (l != NULL) {
-	*cursor = l->next;
-	return krb5_copy_creds_contents (context,
-					 &l->cred,
-					 creds);
-    } else
-	return KRB5_CC_END;
-}
-
-static krb5_error_code
-mcc_end_get (krb5_context context,
-	     krb5_ccache id,
-	     krb5_cc_cursor *cursor)
-{
-    return 0;
-}
-
-static krb5_error_code
-mcc_remove_cred(krb5_context context,
-		 krb5_ccache id,
-		 krb5_flags which,
-		 krb5_creds *mcreds)
-{
-    krb5_mcache *m = MCACHE(id);
-    struct link **q, *p;
-    for(q = &m->creds, p = *q; p; p = *q) {
-	if(krb5_compare_creds(context, which, mcreds, &p->cred)) {
-	    *q = p->next;
-	    krb5_free_creds_contents(context, &p->cred);
-	    free(p);
-	} else
-	    q = &p->next;
-    }
-    return 0;
-}
-
-static krb5_error_code
-mcc_set_flags(krb5_context context,
-	      krb5_ccache id,
-	      krb5_flags flags)
-{
-    return 0; /* XXX */
-}
-		    
-const krb5_cc_ops krb5_mcc_ops = {
-    "MEMORY",
-    mcc_get_name,
-    mcc_resolve,
-    mcc_gen_new,
-    mcc_initialize,
-    mcc_destroy,
-    mcc_close,
-    mcc_store_cred,
-    NULL, /* mcc_retrieve */
-    mcc_get_principal,
-    mcc_get_first,
-    mcc_get_next,
-    mcc_end_get,
-    mcc_remove_cred,
-    mcc_set_flags
-};
diff --git a/crypto/heimdal/lib/krb5/misc.c b/crypto/heimdal/lib/krb5/misc.c
deleted file mode 100644
index baf63f6d525d..000000000000
--- a/crypto/heimdal/lib/krb5/misc.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: misc.c,v 1.5 1999/12/02 17:05:11 joda Exp $");
diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c
deleted file mode 100644
index ae9e10a5efbb..000000000000
--- a/crypto/heimdal/lib/krb5/mk_error.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
-
-krb5_error_code
-krb5_mk_error(krb5_context context,
-	      krb5_error_code error_code,
-	      const char *e_text,
-	      const krb5_data *e_data,
-	      const krb5_principal client,
-	      const krb5_principal server,
-	      time_t *client_time,
-	      int *client_usec,
-	      krb5_data *reply)
-{
-    KRB_ERROR msg;
-    int32_t sec, usec;
-    size_t len;
-    krb5_error_code ret = 0;
-
-    krb5_us_timeofday (context, &sec, &usec);
-
-    memset(&msg, 0, sizeof(msg));
-    msg.pvno     = 5;
-    msg.msg_type = krb_error;
-    msg.stime    = sec;
-    msg.susec    = usec;
-    msg.ctime    = client_time;
-    msg.cusec    = client_usec;
-    /* Make sure we only send `protocol' error codes */
-    if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) {
-	if(e_text == NULL)
-	    e_text = krb5_get_err_text(context, error_code);
-	error_code = KRB5KRB_ERR_GENERIC;
-    }
-    msg.error_code = error_code - KRB5KDC_ERR_NONE;
-    if (e_text)
-	msg.e_text = (general_string*)&e_text;
-    if (e_data)
-	msg.e_data = (octet_string*)e_data;
-    if(server){
-	msg.realm = server->realm;
-	msg.sname = server->name;
-    }else{
-	msg.realm = "<unspecified realm>";
-    }
-    if(client){
-	msg.crealm = &client->realm;
-	msg.cname = &client->name;
-    }
-
-    ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
-    if (ret)
-	return ret;
-    if(reply->length != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c
deleted file mode 100644
index b89f7e97218d..000000000000
--- a/crypto/heimdal/lib/krb5/mk_priv.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $");
-
-      
-krb5_error_code
-krb5_mk_priv(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *userdata,
-	     krb5_data *outbuf,
-	     /*krb5_replay_data*/ void *outdata)
-{
-  krb5_error_code ret;
-  KRB_PRIV s;
-  EncKrbPrivPart part;
-  u_char *buf;
-  size_t buf_size;
-  size_t len;
-  u_int32_t tmp_seq;
-  krb5_keyblock *key;
-  int32_t sec, usec;
-  KerberosTime sec2;
-  int usec2;
-  krb5_crypto crypto;
-
-  if (auth_context->local_subkey)
-      key = auth_context->local_subkey;
-  else if (auth_context->remote_subkey)
-      key = auth_context->remote_subkey;
-  else
-      key = auth_context->keyblock;
-
-  krb5_us_timeofday (context, &sec, &usec);
-
-  part.user_data = *userdata;
-  sec2           = sec;
-  part.timestamp = &sec2;
-  usec2          = usec;
-  part.usec      = &usec2;
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-    tmp_seq = auth_context->local_seqnumber;
-    part.seq_number = &tmp_seq;
-  } else {
-    part.seq_number = NULL;
-  }
-
-  part.s_address = auth_context->local_address;
-  part.r_address = auth_context->remote_address;
-
-  krb5_data_zero (&s.enc_part.cipher);
-
-  ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
-  if (ret)
-      goto fail;
-
-  s.pvno = 5;
-  s.msg_type = krb_priv;
-  s.enc_part.etype = key->keytype;
-  s.enc_part.kvno = NULL;
-
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret) {
-      free (buf);
-      return ret;
-  }
-  ret = krb5_encrypt (context, 
-		      crypto,
-		      KRB5_KU_KRB_PRIV,
-		      buf + buf_size - len, 
-		      len,
-		      &s.enc_part.cipher);
-  krb5_crypto_destroy(context, crypto);
-  if (ret) {
-      free(buf);
-      return ret;
-  }
-  free(buf);
-
-
-  ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
-
-  if(ret)
-      goto fail;
-  krb5_data_free (&s.enc_part.cipher);
-
-  ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
-  if (ret) {
-      krb5_set_error_string (context, "malloc: out of memory");
-      free(buf);
-      return ENOMEM;
-  }
-  free (buf);
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-      auth_context->local_seqnumber =
-	  (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
-  return 0;
-
-fail:
-  free (buf);
-  krb5_data_free (&s.enc_part.cipher);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c
deleted file mode 100644
index 1026df0f3328..000000000000
--- a/crypto/heimdal/lib/krb5/mk_rep.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_rep.c,v 1.21 2002/12/19 13:30:36 joda Exp $");
-
-krb5_error_code
-krb5_mk_rep(krb5_context context,
-	    krb5_auth_context auth_context,
-	    krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    AP_REP ap;
-    EncAPRepPart body;
-    u_char *buf = NULL;
-    size_t buf_size;
-    size_t len;
-    krb5_crypto crypto;
-
-    ap.pvno = 5;
-    ap.msg_type = krb_ap_rep;
-
-    memset (&body, 0, sizeof(body));
-
-    body.ctime = auth_context->authenticator->ctime;
-    body.cusec = auth_context->authenticator->cusec;
-    body.subkey = NULL;
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	krb5_generate_seq_number (context,
-				  auth_context->keyblock,
-				  &auth_context->local_seqnumber);
-	body.seq_number = malloc (sizeof(*body.seq_number));
-	if (body.seq_number == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    return ENOMEM;
-	}
-	*(body.seq_number) = auth_context->local_seqnumber;
-    } else
-	body.seq_number = NULL;
-
-    ap.enc_part.etype = auth_context->keyblock->keytype;
-    ap.enc_part.kvno  = NULL;
-
-    ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
-    free_EncAPRepPart (&body);
-    if(ret)
-	return ret;
-    ret = krb5_crypto_init(context, auth_context->keyblock, 
-			   0 /* ap.enc_part.etype */, &crypto);
-    if (ret) {
-	free (buf);
-	return ret;
-    }
-    ret = krb5_encrypt (context,
-			crypto,
-			KRB5_KU_AP_REQ_ENC_PART,
-			buf + buf_size - len, 
-			len,
-			&ap.enc_part.cipher);
-    krb5_crypto_destroy(context, crypto);
-    free(buf);
-    if (ret)
-	return ret;
-
-    ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
-    free_AP_REP (&ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c
deleted file mode 100644
index a554123b0081..000000000000
--- a/crypto/heimdal/lib/krb5/mk_req.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_req.c,v 1.24 2001/06/18 20:05:52 joda Exp $");
-
-krb5_error_code
-krb5_mk_req_exact(krb5_context context,
-		  krb5_auth_context *auth_context,
-		  const krb5_flags ap_req_options,
-		  const krb5_principal server,
-		  krb5_data *in_data,
-		  krb5_ccache ccache,
-		  krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    krb5_creds this_cred, *cred;
-
-    memset(&this_cred, 0, sizeof(this_cred));
-
-    ret = krb5_cc_get_principal(context, ccache, &this_cred.client);
-  
-    if(ret)
-	return ret;
-
-    ret = krb5_copy_principal (context, server, &this_cred.server);
-    if (ret) {
-	krb5_free_creds_contents (context, &this_cred);
-	return ret;
-    }
-
-    this_cred.times.endtime = 0;
-    if (auth_context && *auth_context && (*auth_context)->keytype)
-	this_cred.session.keytype = (*auth_context)->keytype;
-
-    ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
-    krb5_free_creds_contents(context, &this_cred);
-    if (ret)
-	return ret;
-
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				ap_req_options,
-				in_data,
-				cred,
-				outbuf);
-    krb5_free_creds(context, cred);
-    return ret;
-}
-
-krb5_error_code
-krb5_mk_req(krb5_context context,
-	    krb5_auth_context *auth_context,
-	    const krb5_flags ap_req_options,
-	    const char *service,
-	    const char *hostname,
-	    krb5_data *in_data,
-	    krb5_ccache ccache,
-	    krb5_data *outbuf)
-{
-    krb5_error_code ret;
-    char **realms;
-    char *real_hostname;
-    krb5_principal server;
-
-    ret = krb5_expand_hostname_realms (context, hostname,
-				       &real_hostname, &realms);
-    if (ret)
-	return ret;
-
-    ret = krb5_build_principal (context, &server,
-				strlen(*realms),
-				*realms,
-				service,
-				real_hostname,
-				NULL);
-    free (real_hostname);
-    krb5_free_host_realm (context, realms);
-    if (ret)
-	return ret;
-    ret = krb5_mk_req_exact (context, auth_context, ap_req_options,
-			     server, in_data, ccache, outbuf);
-    krb5_free_principal (context, server);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c
deleted file mode 100644
index aa5e3c45d878..000000000000
--- a/crypto/heimdal/lib/krb5/mk_req_ext.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $");
-
-krb5_error_code
-krb5_mk_req_internal(krb5_context context,
-		     krb5_auth_context *auth_context,
-		     const krb5_flags ap_req_options,
-		     krb5_data *in_data,
-		     krb5_creds *in_creds,
-		     krb5_data *outbuf,
-		     krb5_key_usage checksum_usage,
-		     krb5_key_usage encrypt_usage)
-{
-  krb5_error_code ret;
-  krb5_data authenticator;
-  Checksum c;
-  Checksum *c_opt;
-  krb5_auth_context ac;
-
-  if(auth_context) {
-      if(*auth_context == NULL)
-	  ret = krb5_auth_con_init(context, auth_context);
-      else
-	  ret = 0;
-      ac = *auth_context;
-  } else
-      ret = krb5_auth_con_init(context, &ac);
-  if(ret)
-      return ret;
-      
-  if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
-      ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
-      if(ret)
-	  return ret;
-  }
-
-#if 0
-  {
-      /* This is somewhat bogus since we're possibly overwriting a
-         value specified by the user, but it's the easiest way to make
-         the code use a compatible enctype */
-      Ticket ticket;
-      krb5_keytype ticket_keytype;
-
-      ret = decode_Ticket(in_creds->ticket.data, 
-			  in_creds->ticket.length, 
-			  &ticket, 
-			  NULL);
-      krb5_enctype_to_keytype (context,
-			       ticket.enc_part.etype,
-			       &ticket_keytype);
-
-      if (ticket_keytype == in_creds->session.keytype)
-	  krb5_auth_setenctype(context, 
-			       ac,
-			       ticket.enc_part.etype);
-      free_Ticket(&ticket);
-  }
-#endif
-
-  krb5_free_keyblock(context, ac->keyblock);
-  krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
-  
-  /* it's unclear what type of checksum we can use.  try the best one, except:
-   * a) if it's configured differently for the current realm, or
-   * b) if the session key is des-cbc-crc
-   */
-
-  if (in_data) {
-      if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
-	  /* this is to make DCE secd (and older MIT kdcs?) happy */
-	  ret = krb5_create_checksum(context, 
-				     NULL,
-				     0,
-				     CKSUMTYPE_RSA_MD4,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      } else {
-	  krb5_crypto crypto;
-
-	  ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
-	  if (ret)
-	      return ret;
-	  ret = krb5_create_checksum(context, 
-				     crypto,
-				     checksum_usage,
-				     0,
-				     in_data->data,
-				     in_data->length,
-				     &c);
-      
-	  krb5_crypto_destroy(context, crypto);
-      }
-      c_opt = &c;
-  } else {
-      c_opt = NULL;
-  }
-  
-  ret = krb5_build_authenticator (context,
-				  ac,
-				  ac->keyblock->keytype,
-				  in_creds,
-				  c_opt,
-				  NULL,
-				  &authenticator,
-				  encrypt_usage);
-  if (c_opt)
-      free_Checksum (c_opt);
-  if (ret)
-    return ret;
-
-  ret = krb5_build_ap_req (context, ac->keyblock->keytype, 
-			   in_creds, ap_req_options, authenticator, outbuf);
-  if(auth_context == NULL)
-      krb5_auth_con_free(context, ac);
-  return ret;
-}
-
-krb5_error_code
-krb5_mk_req_extended(krb5_context context,
-		     krb5_auth_context *auth_context,
-		     const krb5_flags ap_req_options,
-		     krb5_data *in_data,
-		     krb5_creds *in_creds,
-		     krb5_data *outbuf)
-{
-    return krb5_mk_req_internal (context,
-				 auth_context,
-				 ap_req_options,
-				 in_data,
-				 in_creds,
-				 outbuf,
-				 KRB5_KU_AP_REQ_AUTH_CKSUM,
-				 KRB5_KU_AP_REQ_AUTH);
-}
diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c
deleted file mode 100644
index a839df4da2f2..000000000000
--- a/crypto/heimdal/lib/krb5/mk_safe.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $");
-
-krb5_error_code
-krb5_mk_safe(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *userdata,
-	     krb5_data *outbuf,
-	     /*krb5_replay_data*/ void *outdata)
-{
-  krb5_error_code ret;
-  KRB_SAFE s;
-  int32_t sec, usec;
-  KerberosTime sec2;
-  int usec2;
-  u_char *buf = NULL;
-  size_t buf_size;
-  size_t len;
-  u_int32_t tmp_seq;
-  krb5_crypto crypto;
-  krb5_keyblock *key;
-
-  if (auth_context->local_subkey)
-      key = auth_context->local_subkey;
-  else if (auth_context->remote_subkey)
-      key = auth_context->remote_subkey;
-  else
-      key = auth_context->keyblock;
-
-  s.pvno = 5;
-  s.msg_type = krb_safe;
-
-  s.safe_body.user_data = *userdata;
-  krb5_us_timeofday (context, &sec, &usec);
-
-  sec2                   = sec;
-  s.safe_body.timestamp  = &sec2;
-  usec2                  = usec2;
-  s.safe_body.usec       = &usec2;
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-      tmp_seq = auth_context->local_seqnumber;
-      s.safe_body.seq_number = &tmp_seq;
-  } else 
-      s.safe_body.seq_number = NULL;
-
-  s.safe_body.s_address = auth_context->local_address;
-  s.safe_body.r_address = auth_context->remote_address;
-
-  s.cksum.cksumtype       = 0;
-  s.cksum.checksum.data   = NULL;
-  s.cksum.checksum.length = 0;
-
-  ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
-  if (ret)
-      return ret;
-  if(buf_size != len)
-      krb5_abortx(context, "internal error in ASN.1 encoder");
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret) {
-      free (buf);
-      return ret;
-  }
-  ret = krb5_create_checksum(context, 
-			     crypto,
-			     KRB5_KU_KRB_SAFE_CKSUM,
-			     0,
-			     buf,
-			     len,
-			     &s.cksum);
-  krb5_crypto_destroy(context, crypto);
-  if (ret) {
-      free (buf);
-      return ret;
-  }
-
-  free(buf);
-  ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
-  free_Checksum (&s.cksum);
-  if(ret)
-      return ret;
-  if(buf_size != len)
-      krb5_abortx(context, "internal error in ASN.1 encoder");
-
-  outbuf->length = len;
-  outbuf->data   = buf;
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-      auth_context->local_seqnumber =
-	  (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
-  return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/n-fold-test.c b/crypto/heimdal/lib/krb5/n-fold-test.c
deleted file mode 100644
index 7cf49051435e..000000000000
--- a/crypto/heimdal/lib/krb5/n-fold-test.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: n-fold-test.c,v 1.4 2001/03/12 07:42:30 assar Exp $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    const char *str;
-    unsigned n;
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {"012345",		8,
-     {0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55}
-    },
-    {"basch",		24,
-     {0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde,
-      0x2d, 0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31,
-      0x64, 0x3f}
-    },
-    {"eichin",		24,
-     {0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b,
-      0x1b, 0x43, 0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0,
-      0xd2, 0xdc, 0xca}
-    },
-    {"sommerfeld",	24,
-     {0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4,
-      0xe7, 0x11, 0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5,
-      0xde, 0xf7, 0x5c}
-    },
-    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
-     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82,
-      0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9,
-      0x54, 0x0c, 0x1b}
-    },
-    {"assar@NADA.KTH.SE", 24,
-     {0x5c, 0x06, 0xc3, 0x4d, 0x2c, 0x89, 0x05, 0xbe, 0x7a, 0x51,
-      0x83, 0x6c, 0xd6, 0xf8, 0x1c, 0x4b, 0x7a, 0x93, 0x49, 0x16, 0x5a,
-      0xb3, 0xfa, 0xa9}
-    },
-    {"testKRBTEST.MIT.EDUtestkey", 24,
-     {0x50, 0x2c, 0xf8, 0x29, 0x78, 0xe5, 0xfb, 0x1a, 0x29, 0x06,
-      0xbd, 0x22, 0x28, 0x91, 0x56, 0xc0, 0x06, 0xa0, 0xdc, 0xf5, 0xb6,
-      0xc2, 0xda, 0x6c}
-    },
-    {"password", 7,
-     {0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa}
-    },
-    {"Rough Consensus, and Running Code", 8,
-     {0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0},
-    },
-    {"password", 21,
-     {0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 0xc3, 0x7b, 0x3f,
-      0x6d, 0x20, 0x00, 0x24, 0x7c, 0xb6, 0xe6, 0xbd, 0x5b, 0x3e},
-    },
-    {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
-     {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3,
-      0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54,
-      0x0c, 0x1b}
-    },
-    {NULL, 0}
-};
-
-int
-main(int argc, char **argv)
-{
-    unsigned char data[MAXSIZE];
-    struct testcase *t;
-    int ret = 0;
-
-    for (t = tests; t->str; ++t) {
-	int i;
-
-	_krb5_n_fold (t->str, strlen(t->str), data, t->n);
-	if (memcmp (data, t->res, t->n) != 0) {
-	    printf ("n-fold(\"%s\", %d) failed\n", t->str, t->n);
-	    printf ("should be: ");
-	    for (i = 0; i < t->n; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < t->n; ++i)
-		printf ("%02x", data[i]);
-	    printf ("\n");
-	    ret = 1;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/n-fold.c b/crypto/heimdal/lib/krb5/n-fold.c
deleted file mode 100644
index d0db5e81cbaa..000000000000
--- a/crypto/heimdal/lib/krb5/n-fold.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: n-fold.c,v 1.6 1999/08/27 09:03:41 joda Exp $");
-
-static void
-rr13(unsigned char *buf, size_t len)
-{
-    unsigned char *tmp;
-    int bytes = (len + 7) / 8;
-    int i;
-    if(len == 0)
-	return;
-    {
-	const int bits = 13 % len;
-	const int lbit = len % 8;
-    
-	tmp = malloc(bytes);
-	memcpy(tmp, buf, bytes);
-	if(lbit) {
-	    /* pad final byte with inital bits */
-	    tmp[bytes - 1] &= 0xff << (8 - lbit);
-	    for(i = lbit; i < 8; i += len)
-		tmp[bytes - 1] |= buf[0] >> i;
-	}
-	for(i = 0; i < bytes; i++) {
-	    int bb;
-	    int b1, s1, b2, s2;
-	    /* calculate first bit position of this byte */
-	    bb = 8 * i - bits;
-	    while(bb < 0)
-		bb += len;
-	    /* byte offset and shift count */
-	    b1 = bb / 8;
-	    s1 = bb % 8;
-	
-	    if(bb + 8 > bytes * 8) 
-		/* watch for wraparound */
-		s2 = (len + 8 - s1) % 8;
-	    else 
-		s2 = 8 - s1;
-	    b2 = (b1 + 1) % bytes;
-	    buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2);
-	}
-	free(tmp);
-    }
-}
-
-/* Add `b' to `a', both beeing one's complement numbers. */
-static void
-add1(unsigned char *a, unsigned char *b, size_t len)
-{
-    int i;
-    int carry = 0;
-    for(i = len - 1; i >= 0; i--){
-	int x = a[i] + b[i] + carry;
-	carry = x > 0xff;
-	a[i] = x & 0xff;
-    }
-    for(i = len - 1; carry && i >= 0; i--){
-	int x = a[i] + carry;
-	carry = x > 0xff;
-	a[i] = x & 0xff;
-    }
-}
-
-void
-_krb5_n_fold(const void *str, size_t len, void *key, size_t size)
-{
-    /* if len < size we need at most N * len bytes, ie < 2 * size;
-       if len > size we need at most 2 * len */
-    size_t maxlen = 2 * max(size, len);
-    size_t l = 0;
-    unsigned char *tmp = malloc(maxlen);
-    unsigned char *buf = malloc(len);
-    
-    memcpy(buf, str, len);
-    memset(key, 0, size);
-    do {
-	memcpy(tmp + l, buf, len);
-	l += len;
-	rr13(buf, len * 8);
-	while(l >= size) {
-	    add1(key, tmp, size);
-	    l -= size;
-	    if(l == 0)
-		break;
-	    memmove(tmp, tmp + size, l);
-	}
-    } while(l != 0);
-    memset(buf, 0, len);
-    free(buf);
-    memset(tmp, 0, maxlen);
-    free(tmp);
-}
diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c
deleted file mode 100644
index f1455cddd2a7..000000000000
--- a/crypto/heimdal/lib/krb5/name-45-test.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/*
- * Copyright (c) 2002 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: name-45-test.c,v 1.3.2.1 2003/05/06 16:49:14 joda Exp $");
-
-enum { MAX_COMPONENTS = 3 };
-
-static struct testcase {
-    const char *v4_name;
-    const char *v4_inst;
-    const char *v4_realm;
-
-    krb5_realm v5_realm;
-    unsigned ncomponents;
-    char *comp_val[MAX_COMPONENTS];
-
-    const char *config_file;
-    krb5_error_code ret;	/* expected error code from 524 */
-
-    krb5_error_code ret2;	/* expected error code from 425 */
-} tests[] = {
-    {"", "", "", "", 1, {""}, NULL, 0, 0},
-    {"a", "", "", "", 1, {"a"}, NULL, 0, 0},
-    {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
-    {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
-
-    {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
-     {"krbtgt", "FOO.SE"}, NULL, 0, 0},
-
-    {"foo", "bar", "BAZ", "BAZ", 2,
-     {"foo", "bar"}, NULL, 0, 0},
-    {"foo", "bar", "BAZ", "BAZ", 2,
-     {"foo", "bar"},
-     "[libdefaults]\n"
-     "	v4_name_convert = {\n"
-     "		host = {\n"
-     "			foo = foo5\n"
-     "		}\n"
-     "}\n",
-    HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"foo", "bar", "BAZ", "BAZ", 2,
-     {"foo5", "bar.baz"},
-     "[realms]\n"
-     "  BAZ = {\n"
-     "		v4_name_convert = {\n"
-     "			host = {\n"
-     "				foo = foo5\n"
-     "			}\n"
-     "		}\n"
-     "		v4_instance_convert = {\n"
-     "			bar = bar.baz\n"
-     "		}\n"
-     "  }\n",
-     0, 0},
-
-    {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
-     HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
-     "[realms]\n"
-     "	realm = {\n"
-     "		v4_instance_convert = {\n"
-     "			foo = foo.realm\n"
-     "		}\n"
-     "	}\n",
-     0, 0},
-
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"},
-     "[realms]\n"
-     "	NADA.KTH.SE = {\n"
-     "		default_domain = nada.kth.se\n"
-     "	}\n",
-     0, 0},
-    {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"pop", "mail0.nada.kth.se"},
-     "[libdefaults]\n"
-     "	v4_instance_resolve = true\n",
-     HEIM_ERR_V4_PRINC_NO_CONV, 0},
-
-    {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
-    {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
-     {"host", "hokkigai.pdc.kth.se"},
-     "[libdefaults]\n"
-     "	v4_instance_resolve = true\n"
-     "[realms]\n"
-     "	NADA.KTH.SE = {\n"
-     "		v4_name_convert = {\n"
-     "			host = {\n"
-     "				rcmd = host\n"
-     "			}\n"
-     "		}\n"
-     "		default_domain = pdc.kth.se\n"
-     "	}\n",
-     0, 0},
-
-    {"0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     "0123456789012345678901234567890123456789",
-     2, {"0123456789012345678901234567890123456789",
-	 "0123456789012345678901234567890123456789"}, NULL,
-     0, KRB5_PARSE_MALFORMED},
-
-    {"012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     "012345678901234567890123456789012345678",
-     2, {"012345678901234567890123456789012345678",
-	 "012345678901234567890123456789012345678"}, NULL,
-     0, 0},
-
-    {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    for (t = tests; t->v4_name; ++t) {
-	krb5_principal princ;
-	int i;
-	char name[40], inst[40], realm[40];
-	char printable_princ[256];
-
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-
-	if (t->config_file != NULL) {
-	    char template[] = "/tmp/krb5-conf-XXXXXX";
-	    int fd = mkstemp(template);
-	    char *files[2];
-
-	    if (fd < 0)
-		krb5_err (context, 1, errno, "mkstemp %s", template);
-
-	    if (write (fd, t->config_file, strlen(t->config_file))
-		!= strlen(t->config_file))
-		krb5_err (context, 1, errno, "write %s", template);
-	    close (fd);
-	    files[0] = template;
-	    files[1] = NULL;
-
-	    ret = krb5_set_config_files (context, files);
-	    unlink (template);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_set_config_files");
-	}
-
-	ret = krb5_425_conv_principal (context,
-				       t->v4_name,
-				       t->v4_inst,
-				       t->v4_realm,
-				       &princ);
-	if (ret) {
-	    if (ret != t->ret) {
-		krb5_warn (context, ret,
-			   "krb5_425_conv_principal %s.%s@%s",
-			   t->v4_name, t->v4_inst, t->v4_realm);
-		val = 1;
-	    }
-	} else {
-	    if (t->ret) {
-		char *s;
-		krb5_unparse_name(context, princ, &s);
-		krb5_warnx (context,
-			    "krb5_425_conv_principal %s.%s@%s "
-			    "passed unexpected: %s",
-			    t->v4_name, t->v4_inst, t->v4_realm, s);
-		free(s);
-		val = 1;
-		continue;
-	    }
-	}
-
-	if (ret)
-	    continue;
-
-	if (strcmp (t->v5_realm, princ->realm) != 0) {
-	    printf ("wrong realm (\"%s\" should be \"%s\")"
-		    " for \"%s.%s@%s\"\n",
-		    princ->realm, t->v5_realm,
-		    t->v4_name,
-		    t->v4_inst,
-		    t->v4_realm);
-	    val = 1;
-	}
-
-	if (t->ncomponents != princ->name.name_string.len) {
-	    printf ("wrong number of components (%u should be %u)"
-		    " for \"%s.%s@%s\"\n",
-		    princ->name.name_string.len, t->ncomponents,
-		    t->v4_name,
-		    t->v4_inst,
-		    t->v4_realm);
-	    val = 1;
-	} else {
-	    for (i = 0; i < t->ncomponents; ++i) {
-		if (strcmp(t->comp_val[i],
-			   princ->name.name_string.val[i]) != 0) {
-		    printf ("bad component %d (\"%s\" should be \"%s\")"
-			    " for \"%s.%s@%s\"\n",
-			    i,
-			    princ->name.name_string.val[i],
-			    t->comp_val[i],
-			    t->v4_name,
-			    t->v4_inst,
-			    t->v4_realm);
-		    val = 1;
-		}
-	    }
-	}
-	ret = krb5_524_conv_principal (context, princ,
-				       name, inst, realm);
-	if (krb5_unparse_name_fixed(context, princ,
-				    printable_princ, sizeof(printable_princ)))
-	    strlcpy(printable_princ, "unknown principal",
-		    sizeof(printable_princ));
-	if (ret) {
-	    if (ret != t->ret2) {
-		krb5_warn (context, ret,
-			   "krb5_524_conv_principal %s", printable_princ);
-		val = 1;
-	    }
-	} else {
-	    if (t->ret2) {
-		krb5_warnx (context,
-			    "krb5_524_conv_principal %s "
-			    "passed unexpected", printable_princ);
-		val = 1;
-		continue;
-	    }
-	}
-	if (ret) {
-	    krb5_free_principal (context, princ);
-	    continue;
-	}
-
-	krb5_free_principal (context, princ);
-    }
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/net_read.c b/crypto/heimdal/lib/krb5/net_read.c
deleted file mode 100644
index 38ff0ea639a3..000000000000
--- a/crypto/heimdal/lib/krb5/net_read.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: net_read.c,v 1.6 2002/08/21 09:08:06 joda Exp $");
-
-krb5_ssize_t
-krb5_net_read (krb5_context context,
-	       void *p_fd,
-	       void *buf,
-	       size_t len)
-{
-  int fd = *((int *)p_fd);
-
-  return net_read (fd, buf, len);
-}
diff --git a/crypto/heimdal/lib/krb5/net_write.c b/crypto/heimdal/lib/krb5/net_write.c
deleted file mode 100644
index 5d87b9754761..000000000000
--- a/crypto/heimdal/lib/krb5/net_write.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: net_write.c,v 1.7 2002/08/21 09:08:07 joda Exp $");
-
-krb5_ssize_t
-krb5_net_write (krb5_context context,
-		void *p_fd,
-		const void *buf,
-		size_t len)
-{
-  int fd = *((int *)p_fd);
-
-  return net_write (fd, buf, len);
-}
diff --git a/crypto/heimdal/lib/krb5/padata.c b/crypto/heimdal/lib/krb5/padata.c
deleted file mode 100644
index bcf795255a34..000000000000
--- a/crypto/heimdal/lib/krb5/padata.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: padata.c,v 1.2 1999/12/02 17:05:11 joda Exp $");
-
-PA_DATA *
-krb5_find_padata(PA_DATA *val, unsigned len, int type, int *index)
-{
-    for(; *index < len; (*index)++)
-	if(val[*index].padata_type == type)
-	    return val + *index;
-    return NULL;    
-}
diff --git a/crypto/heimdal/lib/krb5/parse-name-test.c b/crypto/heimdal/lib/krb5/parse-name-test.c
deleted file mode 100644
index 292027233e8b..000000000000
--- a/crypto/heimdal/lib/krb5/parse-name-test.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: parse-name-test.c,v 1.3 2002/08/30 03:20:11 assar Exp $");
-
-enum { MAX_COMPONENTS = 3 };
-
-static struct testcase {
-    const char *input_string;
-    const char *output_string;
-    krb5_realm realm;
-    unsigned ncomponents;
-    char *comp_val[MAX_COMPONENTS];
-    int realmp;
-} tests[] = {
-    {"", "@", "", 1, {""}, FALSE},
-    {"a", "a@", "", 1, {"a"}, FALSE},
-    {"\\n", "\\n@", "", 1, {"\n"}, FALSE},
-    {"\\ ", "\\ @", "", 1, {" "}, FALSE},
-    {"\\t", "\\t@", "", 1, {"\t"}, FALSE},
-    {"\\b", "\\b@", "", 1, {"\b"}, FALSE},
-    {"\\\\", "\\\\@", "", 1, {"\\"}, FALSE},
-    {"\\/", "\\/@", "", 1, {"/"}, FALSE},
-    {"\\@", "\\@@", "", 1, {"@"}, FALSE},
-    {"@", "@", "", 1, {""}, TRUE},
-    {"a/b", "a/b@", "", 2, {"a", "b"}, FALSE},
-    {"a/", "a/@", "", 2, {"a", ""}, FALSE},
-    {"a\\//\\/", "a\\//\\/@", "", 2, {"a/", "/"}, FALSE},
-    {"/a", "/a@", "", 2, {"", "a"}, FALSE},
-    {"\\@@\\@", "\\@@\\@", "@", 1, {"@"}, TRUE},
-    {"a/b/c", "a/b/c@", "", 3, {"a", "b", "c"}, FALSE},
-    {NULL, NULL, "", 0, {}, FALSE}};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    /* to enable realm-less principal name above */
-
-    krb5_set_default_realm(context, "");
-
-    for (t = tests; t->input_string; ++t) {
-	krb5_principal princ;
-	int i, j;
-	char name_buf[1024];
-	char *s;
-
-	ret = krb5_parse_name(context, t->input_string, &princ);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s",
-		      t->input_string);
-	if (strcmp (t->realm, princ->realm) != 0) {
-	    printf ("wrong realm (\"%s\" should be \"%s\")"
-		    " for \"%s\"\n",
-		    princ->realm, t->realm,
-		    t->input_string);
-	    val = 1;
-	}
-
-	if (t->ncomponents != princ->name.name_string.len) {
-	    printf ("wrong number of components (%u should be %u)"
-		    " for \"%s\"\n",
-		    princ->name.name_string.len, t->ncomponents,
-		    t->input_string);
-	    val = 1;
-	} else {
-	    for (i = 0; i < t->ncomponents; ++i) {
-		if (strcmp(t->comp_val[i],
-			   princ->name.name_string.val[i]) != 0) {
-		    printf ("bad component %d (\"%s\" should be \"%s\")"
-			    " for \"%s\"\n",
-			    i,
-			    princ->name.name_string.val[i],
-			    t->comp_val[i],
-			    t->input_string);
-		    val = 1;
-		}
-	    }
-	}
-	for (j = 0; j < strlen(t->output_string); ++j) {
-	    ret = krb5_unparse_name_fixed(context, princ,
-					  name_buf, j);
-	    if (ret != ERANGE) {
-		printf ("unparse_name %s with length %d should have failed\n",
-			t->input_string, j);
-		val = 1;
-		break;
-	    }
-	}
-	ret = krb5_unparse_name_fixed(context, princ,
-				      name_buf, sizeof(name_buf));
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
-
-	if (strcmp (t->output_string, name_buf) != 0) {
-	    printf ("failed comparing the re-parsed"
-		    " (\"%s\" should be \"%s\")\n",
-		    name_buf, t->output_string);
-	    val = 1;
-	}
-
-	ret = krb5_unparse_name(context, princ, &s);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_unparse_name");
-
-	if (strcmp (t->output_string, s) != 0) {
-	    printf ("failed comparing the re-parsed"
-		    " (\"%s\" should be \"%s\"\n",
-		    s, t->output_string);
-	    val = 1;
-	}
-	free(s);
-
-	if (!t->realmp) {
-	    for (j = 0; j < strlen(t->input_string); ++j) {
-		ret = krb5_unparse_name_fixed_short(context, princ,
-						    name_buf, j);
-		if (ret != ERANGE) {
-		    printf ("unparse_name_short %s with length %d"
-			    " should have failed\n",
-			    t->input_string, j);
-		    val = 1;
-		    break;
-		}
-	    }
-	    ret = krb5_unparse_name_fixed_short(context, princ,
-						name_buf, sizeof(name_buf));
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
-
-	    if (strcmp (t->input_string, name_buf) != 0) {
-		printf ("failed comparing the re-parsed"
-			" (\"%s\" should be \"%s\")\n",
-			name_buf, t->input_string);
-		val = 1;
-	    }
-
-	    ret = krb5_unparse_name_short(context, princ, &s);
-	    if (ret)
-		krb5_err (context, 1, ret, "krb5_unparse_name_short");
-
-	    if (strcmp (t->input_string, s) != 0) {
-		printf ("failed comparing the re-parsed"
-			" (\"%s\" should be \"%s\"\n",
-			s, t->input_string);
-		val = 1;
-	    }
-	    free(s);
-	}
-	krb5_free_principal (context, princ);
-    }
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c
deleted file mode 100644
index fd218a156a05..000000000000
--- a/crypto/heimdal/lib/krb5/principal.c
+++ /dev/null
@@ -1,1084 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#ifdef HAVE_RES_SEARCH
-#define USE_RESOLVER
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#include <fnmatch.h>
-#include "resolve.h"
-
-RCSID("$Id: principal.c,v 1.82 2002/10/21 15:30:53 joda Exp $");
-
-#define princ_num_comp(P) ((P)->name.name_string.len)
-#define princ_type(P) ((P)->name.name_type)
-#define princ_comp(P) ((P)->name.name_string.val)
-#define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
-#define princ_realm(P) ((P)->realm)
-
-void
-krb5_free_principal(krb5_context context,
-		    krb5_principal p)
-{
-    if(p){
-	free_Principal(p);
-	free(p);
-    }
-}
-
-int
-krb5_principal_get_type(krb5_context context,
-			krb5_principal principal)
-{
-    return princ_type(principal);
-}
-
-const char *
-krb5_principal_get_realm(krb5_context context,
-			 krb5_principal principal)
-{
-    return princ_realm(principal);
-}			 
-
-const char *
-krb5_principal_get_comp_string(krb5_context context,
-			       krb5_principal principal,
-			       unsigned int component)
-{
-    if(component >= princ_num_comp(principal))
-       return NULL;
-    return princ_ncomp(principal, component);
-}
-
-krb5_error_code
-krb5_parse_name(krb5_context context,
-		const char *name,
-		krb5_principal *principal)
-{
-    krb5_error_code ret;
-    general_string *comp;
-    general_string realm;
-    int ncomp;
-
-    const char *p;
-    char *q;
-    char *s;
-    char *start;
-
-    int n;
-    char c;
-    int got_realm = 0;
-  
-    /* count number of component */
-    ncomp = 1;
-    for(p = name; *p; p++){
-	if(*p=='\\'){
-	    if(!p[1]) {
-		krb5_set_error_string (context,
-				       "trailing \\ in principal name");
-		return KRB5_PARSE_MALFORMED;
-	    }
-	    p++;
-	} else if(*p == '/')
-	    ncomp++;
-    }
-    comp = calloc(ncomp, sizeof(*comp));
-    if (comp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-  
-    n = 0;
-    p = start = q = s = strdup(name);
-    if (start == NULL) {
-	free (comp);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    while(*p){
-	c = *p++;
-	if(c == '\\'){
-	    c = *p++;
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    else if(c == 'b')
-		c = '\b';
-	    else if(c == '0')
-		c = '\0';
-	    else if(c == '\0') {
-		krb5_set_error_string (context,
-				       "trailing \\ in principal name");
-		ret = KRB5_PARSE_MALFORMED;
-		goto exit;
-	    }
-	}else if(c == '/' || c == '@'){
-	    if(got_realm){
-		krb5_set_error_string (context,
-				       "part after realm in principal name");
-		ret = KRB5_PARSE_MALFORMED;
-		goto exit;
-	    }else{
-		comp[n] = malloc(q - start + 1);
-		if (comp[n] == NULL) {
-		    krb5_set_error_string (context, "malloc: out of memory");
-		    ret = ENOMEM;
-		    goto exit;
-		}
-		memcpy(comp[n], start, q - start);
-		comp[n][q - start] = 0;
-		n++;
-	    }
-	    if(c == '@')
-		got_realm = 1;
-	    start = q;
-	    continue;
-	}
-	if(got_realm && (c == ':' || c == '/' || c == '\0')) {
-	    krb5_set_error_string (context,
-				   "part after realm in principal name");
-	    ret = KRB5_PARSE_MALFORMED;
-	    goto exit;
-	}
-	*q++ = c;
-    }
-    if(got_realm){
-	realm = malloc(q - start + 1);
-	if (realm == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto exit;
-	}
-	memcpy(realm, start, q - start);
-	realm[q - start] = 0;
-    }else{
-	ret = krb5_get_default_realm (context, &realm);
-	if (ret)
-	    goto exit;
-
-	comp[n] = malloc(q - start + 1);
-	if (comp[n] == NULL) {
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    ret = ENOMEM;
-	    goto exit;
-	}
-	memcpy(comp[n], start, q - start);
-	comp[n][q - start] = 0;
-	n++;
-    }
-    *principal = malloc(sizeof(**principal));
-    if (*principal == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	ret = ENOMEM;
-	goto exit;
-    }
-    (*principal)->name.name_type = KRB5_NT_PRINCIPAL;
-    (*principal)->name.name_string.val = comp;
-    princ_num_comp(*principal) = n;
-    (*principal)->realm = realm;
-    free(s);
-    return 0;
-exit:
-    while(n>0){
-	free(comp[--n]);
-    }
-    free(comp);
-    free(s);
-    return ret;
-}
-
-static const char quotable_chars[] = " \n\t\b\\/@";
-static const char replace_chars[] = " ntb\\/@";
-
-#define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
-
-static size_t
-quote_string(const char *s, char *out, size_t index, size_t len)
-{
-    const char *p, *q;
-    for(p = s; *p && index < len; p++){
-	if((q = strchr(quotable_chars, *p))){
-	    add_char(out, index, len, '\\');
-	    add_char(out, index, len, replace_chars[q - quotable_chars]);
-	}else
-	    add_char(out, index, len, *p);
-    }
-    if(index < len)
-	out[index] = '\0';
-    return index;
-}
-
-
-static krb5_error_code
-unparse_name_fixed(krb5_context context,
-		   krb5_const_principal principal,
-		   char *name,
-		   size_t len,
-		   krb5_boolean short_form)
-{
-    size_t index = 0;
-    int i;
-    for(i = 0; i < princ_num_comp(principal); i++){
-	if(i)
-	    add_char(name, index, len, '/');
-	index = quote_string(princ_ncomp(principal, i), name, index, len);
-	if(index == len)
-	    return ERANGE;
-    } 
-    /* add realm if different from default realm */
-    if(short_form) {
-	krb5_realm r;
-	krb5_error_code ret;
-	ret = krb5_get_default_realm(context, &r);
-	if(ret)
-	    return ret;
-	if(strcmp(princ_realm(principal), r) != 0)
-	    short_form = 0;
-	free(r);
-    }
-    if(!short_form) {
-	add_char(name, index, len, '@');
-	index = quote_string(princ_realm(principal), name, index, len);
-	if(index == len)
-	    return ERANGE;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_unparse_name_fixed(krb5_context context,
-			krb5_const_principal principal,
-			char *name,
-			size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, FALSE);
-}
-
-krb5_error_code
-krb5_unparse_name_fixed_short(krb5_context context,
-			      krb5_const_principal principal,
-			      char *name,
-			      size_t len)
-{
-    return unparse_name_fixed(context, principal, name, len, TRUE);
-}
-
-static krb5_error_code
-unparse_name(krb5_context context,
-	     krb5_const_principal principal,
-	     char **name,
-	     krb5_boolean short_flag)
-{
-    size_t len = 0, plen;
-    int i;
-    krb5_error_code ret;
-    /* count length */
-    plen = strlen(princ_realm(principal));
-    if(strcspn(princ_realm(principal), quotable_chars) == plen)
-	len += plen;
-    else
-	len += 2*plen;
-    len++;
-    for(i = 0; i < princ_num_comp(principal); i++){
-	plen = strlen(princ_ncomp(principal, i));
-	if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
-	    len += plen;
-	else
-	    len += 2*plen;
-	len++;
-    }
-    *name = malloc(len);
-    if(len != 0 && *name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    ret = unparse_name_fixed(context, principal, *name, len, short_flag);
-    if(ret)
-	free(*name);
-    return ret;
-}
-
-krb5_error_code
-krb5_unparse_name(krb5_context context,
-		  krb5_const_principal principal,
-		  char **name)
-{
-    return unparse_name(context, principal, name, FALSE);
-}
-
-krb5_error_code
-krb5_unparse_name_short(krb5_context context,
-			krb5_const_principal principal,
-			char **name)
-{
-    return unparse_name(context, principal, name, TRUE);
-}
-
-#if 0 /* not implemented */
-
-krb5_error_code
-krb5_unparse_name_ext(krb5_context context,
-		      krb5_const_principal principal,
-		      char **name,
-		      size_t *size)
-{
-    krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
-}
-
-#endif
-
-krb5_realm*
-krb5_princ_realm(krb5_context context,
-		 krb5_principal principal)
-{
-    return &princ_realm(principal);
-}
-
-
-void
-krb5_princ_set_realm(krb5_context context,
-		     krb5_principal principal,
-		     krb5_realm *realm)
-{
-    princ_realm(principal) = *realm;
-}
-
-
-krb5_error_code
-krb5_build_principal(krb5_context context,
-		     krb5_principal *principal,
-		     int rlen,
-		     krb5_const_realm realm,
-		     ...)
-{
-    krb5_error_code ret;
-    va_list ap;
-    va_start(ap, realm);
-    ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
-    va_end(ap);
-    return ret;
-}
-
-static krb5_error_code
-append_component(krb5_context context, krb5_principal p, 
-		 const char *comp,
-		 size_t comp_len)
-{
-    general_string *tmp;
-    size_t len = princ_num_comp(p);
-
-    tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    princ_comp(p) = tmp;
-    princ_ncomp(p, len) = malloc(comp_len + 1);
-    if (princ_ncomp(p, len) == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    memcpy (princ_ncomp(p, len), comp, comp_len);
-    princ_ncomp(p, len)[comp_len] = '\0';
-    princ_num_comp(p)++;
-    return 0;
-}
-
-static void
-va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
-{
-    while(1){
-	const char *s;
-	int len;
-	len = va_arg(ap, int);
-	if(len == 0)
-	    break;
-	s = va_arg(ap, const char*);
-	append_component(context, p, s, len);
-    }
-}
-
-static void
-va_princ(krb5_context context, krb5_principal p, va_list ap)
-{
-    while(1){
-	const char *s;
-	s = va_arg(ap, const char*);
-	if(s == NULL)
-	    break;
-	append_component(context, p, s, strlen(s));
-    }
-}
-
-
-static krb5_error_code
-build_principal(krb5_context context,
-		krb5_principal *principal,
-		int rlen,
-		krb5_const_realm realm,
-		void (*func)(krb5_context, krb5_principal, va_list),
-		va_list ap)
-{
-    krb5_principal p;
-  
-    p = calloc(1, sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    princ_type(p) = KRB5_NT_PRINCIPAL;
-
-    princ_realm(p) = strdup(realm);
-    if(p->realm == NULL){
-	free(p);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-  
-    (*func)(context, p, ap);
-    *principal = p;
-    return 0;
-}
-
-krb5_error_code
-krb5_make_principal(krb5_context context,
-		    krb5_principal *principal,
-		    krb5_const_realm realm,
-		    ...)
-{
-    krb5_error_code ret;
-    krb5_realm r = NULL;
-    va_list ap;
-    if(realm == NULL) {
-	ret = krb5_get_default_realm(context, &r);
-	if(ret)
-	    return ret;
-	realm = r;
-    }
-    va_start(ap, realm);
-    ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
-    va_end(ap);
-    if(r)
-	free(r);
-    return ret;
-}
-
-krb5_error_code
-krb5_build_principal_va(krb5_context context, 
-			krb5_principal *principal, 
-			int rlen,
-			krb5_const_realm realm,
-			va_list ap)
-{
-    return build_principal(context, principal, rlen, realm, va_princ, ap);
-}
-
-krb5_error_code
-krb5_build_principal_va_ext(krb5_context context, 
-			    krb5_principal *principal, 
-			    int rlen,
-			    krb5_const_realm realm,
-			    va_list ap)
-{
-    return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
-}
-
-
-krb5_error_code
-krb5_build_principal_ext(krb5_context context,
-			 krb5_principal *principal,
-			 int rlen,
-			 krb5_const_realm realm,
-			 ...)
-{
-    krb5_error_code ret;
-    va_list ap;
-    va_start(ap, realm);
-    ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
-    va_end(ap);
-    return ret;
-}
-
-
-krb5_error_code
-krb5_copy_principal(krb5_context context,
-		    krb5_const_principal inprinc,
-		    krb5_principal *outprinc)
-{
-    krb5_principal p = malloc(sizeof(*p));
-    if (p == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if(copy_Principal(inprinc, p)) {
-	free(p);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *outprinc = p;
-    return 0;
-}
-
-/*
- * return TRUE iff princ1 == princ2 (without considering the realm)
- */
-
-krb5_boolean
-krb5_principal_compare_any_realm(krb5_context context,
-				 krb5_const_principal princ1,
-				 krb5_const_principal princ2)
-{
-    int i;
-    if(princ_num_comp(princ1) != princ_num_comp(princ2))
-	return FALSE;
-    for(i = 0; i < princ_num_comp(princ1); i++){
-	if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
-	    return FALSE;
-    }
-    return TRUE;
-}
-
-/*
- * return TRUE iff princ1 == princ2
- */
-
-krb5_boolean
-krb5_principal_compare(krb5_context context,
-		       krb5_const_principal princ1,
-		       krb5_const_principal princ2)
-{
-    if(!krb5_realm_compare(context, princ1, princ2))
-	return FALSE;
-    return krb5_principal_compare_any_realm(context, princ1, princ2);
-}
-
-/*
- * return TRUE iff realm(princ1) == realm(princ2)
- */
-
-krb5_boolean
-krb5_realm_compare(krb5_context context,
-		   krb5_const_principal princ1,
-		   krb5_const_principal princ2)
-{
-    return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
-}
-
-/*
- * return TRUE iff princ matches pattern
- */
-
-krb5_boolean
-krb5_principal_match(krb5_context context,
-		     krb5_const_principal princ,
-		     krb5_const_principal pattern)
-{
-    int i;
-    if(princ_num_comp(princ) != princ_num_comp(pattern))
-	return FALSE;
-    if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
-	return FALSE;
-    for(i = 0; i < princ_num_comp(princ); i++){
-	if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
-	    return FALSE;
-    }
-    return TRUE;
-}
-
-
-struct v4_name_convert {
-    const char *from;
-    const char *to; 
-} default_v4_name_convert[] = {
-    { "ftp",	"ftp" },
-    { "hprop",	"hprop" },
-    { "pop",	"pop" },
-    { "imap",	"imap" },
-    { "rcmd",	"host" },
-    { "smtp",	"smtp" },
-    { NULL, NULL }
-};
-
-/*
- * return the converted instance name of `name' in `realm'.
- * look in the configuration file and then in the default set above.
- * return NULL if no conversion is appropriate.
- */
-
-static const char*
-get_name_conversion(krb5_context context, const char *realm, const char *name)
-{
-    struct v4_name_convert *q;
-    const char *p;
-
-    p = krb5_config_get_string(context, NULL, "realms", realm,
-			       "v4_name_convert", "host", name, NULL);
-    if(p == NULL)
-	p = krb5_config_get_string(context, NULL, "libdefaults", 
-				   "v4_name_convert", "host", name, NULL);
-    if(p)
-	return p;
-
-    /* XXX should be possible to override default list */
-    p = krb5_config_get_string(context, NULL,
-			       "realms",
-			       realm,
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p)
-	return NULL;
-    p = krb5_config_get_string(context, NULL,
-			       "libdefaults",
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p)
-	return NULL;
-    for(q = default_v4_name_convert; q->from; q++)
-	if(strcmp(q->from, name) == 0)
-	    return q->to;
-    return NULL;
-}
-
-/*
- * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
- * if `resolve', use DNS.
- * if `func', use that function for validating the conversion
- */
-
-krb5_error_code
-krb5_425_conv_principal_ext(krb5_context context,
-			    const char *name,
-			    const char *instance,
-			    const char *realm,
-			    krb5_boolean (*func)(krb5_context, krb5_principal),
-			    krb5_boolean resolve,
-			    krb5_principal *princ)
-{
-    const char *p;
-    krb5_error_code ret;
-    krb5_principal pr;
-    char host[MAXHOSTNAMELEN];
-    char local_hostname[MAXHOSTNAMELEN];
-
-    /* do the following: if the name is found in the
-       `v4_name_convert:host' part, is is assumed to be a `host' type
-       principal, and the instance is looked up in the
-       `v4_instance_convert' part. if not found there the name is
-       (optionally) looked up as a hostname, and if that doesn't yield
-       anything, the `default_domain' is appended to the instance
-       */
-
-    if(instance == NULL)
-	goto no_host;
-    if(instance[0] == 0){
-	instance = NULL;
-	goto no_host;
-    }
-    p = get_name_conversion(context, realm, name);
-    if(p == NULL)
-	goto no_host;
-    name = p;
-    p = krb5_config_get_string(context, NULL, "realms", realm, 
-			       "v4_instance_convert", instance, NULL);
-    if(p){
-	instance = p;
-	ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
-	if(func == NULL || (*func)(context, pr)){
-	    *princ = pr;
-	    return 0;
-	}
-	krb5_free_principal(context, pr);
-	*princ = NULL;
-	krb5_clear_error_string (context);
-	return HEIM_ERR_V4_PRINC_NO_CONV;
-    }
-    if(resolve){
-	krb5_boolean passed = FALSE;
-	char *inst = NULL;
-#ifdef USE_RESOLVER
-	struct dns_reply *r;
-
-	r = dns_lookup(instance, "aaaa");
-	if (r && r->head && r->head->type == T_AAAA) {
-	    inst = strdup(r->head->domain);
-	    dns_free_data(r);
-	    passed = TRUE;
-	} else {
-	    r = dns_lookup(instance, "a");
-	    if(r && r->head && r->head->type == T_A) {
-		inst = strdup(r->head->domain);
-		dns_free_data(r);
-		passed = TRUE;
-	    }
-	}
-#else
-	struct addrinfo hints, *ai;
-	int ret;
-	
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	ret = getaddrinfo(instance, NULL, &hints, &ai);
-	if (ret == 0) {
-	    const struct addrinfo *a;
-	    for (a = ai; a != NULL; a = a->ai_next) {
-		if (a->ai_canonname != NULL) {
-		    inst = strdup (a->ai_canonname);
-		    passed = TRUE;
-		    break;
-		}
-	    }
-	    freeaddrinfo (ai);
-	}
-#endif
-	if (passed) {
-	    if (inst == NULL) {
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    strlwr(inst);
-	    ret = krb5_make_principal(context, &pr, realm, name, inst,
-				      NULL);
-	    free (inst);
-	    if(ret == 0) {
-		if(func == NULL || (*func)(context, pr)){
-		    *princ = pr;
-		    return 0;
-		}
-		krb5_free_principal(context, pr);
-	    }
-	}
-    }
-    if(func != NULL) {
-	snprintf(host, sizeof(host), "%s.%s", instance, realm);
-	strlwr(host);
-	ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-	if((*func)(context, pr)){
-	    *princ = pr;
-	    return 0;
-	}
-	krb5_free_principal(context, pr);
-    }
-
-    /*
-     * if the instance is the first component of the local hostname,
-     * the converted host should be the long hostname.
-     */
-
-    if (func == NULL && 
-        gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
-        strncmp(instance, local_hostname, strlen(instance)) == 0 && 
-	local_hostname[strlen(instance)] == '.') {
-	strlcpy(host, local_hostname, sizeof(host));
-	goto local_host;
-    }
-
-    {
-	char **domains, **d;
-	domains = krb5_config_get_strings(context, NULL, "realms", realm,
-					  "v4_domains", NULL);
-	for(d = domains; d && *d; d++){
-	    snprintf(host, sizeof(host), "%s.%s", instance, *d);
-	    ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-	    if(func == NULL || (*func)(context, pr)){
-		*princ = pr;
-		krb5_config_free_strings(domains);
-		return 0;
-	    }
-	    krb5_free_principal(context, pr);
-	}
-	krb5_config_free_strings(domains);
-    }
-
-    
-    p = krb5_config_get_string(context, NULL, "realms", realm, 
-			       "default_domain", NULL);
-    if(p == NULL){
-	/* this should be an error, just faking a name is not good */
-	krb5_clear_error_string (context);
-	return HEIM_ERR_V4_PRINC_NO_CONV;
-    }
-	
-    if (*p == '.')
-	++p;
-    snprintf(host, sizeof(host), "%s.%s", instance, p);
-local_host:
-    ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
-    if(func == NULL || (*func)(context, pr)){
-	*princ = pr;
-	return 0;
-    }
-    krb5_free_principal(context, pr);
-    krb5_clear_error_string (context);
-    return HEIM_ERR_V4_PRINC_NO_CONV;
-no_host:
-    p = krb5_config_get_string(context, NULL,
-			       "realms",
-			       realm,
-			       "v4_name_convert",
-			       "plain",
-			       name,
-			       NULL);
-    if(p == NULL)
-	p = krb5_config_get_string(context, NULL,
-				   "libdefaults",
-				   "v4_name_convert",
-				   "plain",
-				   name,
-				   NULL);
-    if(p)
-	name = p;
-    
-    ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
-    if(func == NULL || (*func)(context, pr)){
-	*princ = pr;
-	return 0;
-    }
-    krb5_free_principal(context, pr);
-    krb5_clear_error_string (context);
-    return HEIM_ERR_V4_PRINC_NO_CONV;
-}
-
-krb5_error_code
-krb5_425_conv_principal(krb5_context context,
-			const char *name,
-			const char *instance,
-			const char *realm,
-			krb5_principal *princ)
-{
-    krb5_boolean resolve = krb5_config_get_bool(context,
-						NULL,
-						"libdefaults", 
-						"v4_instance_resolve", 
-						NULL);
-
-    return krb5_425_conv_principal_ext(context, name, instance, realm, 
-				       NULL, resolve, princ);
-}
-
-
-static int
-check_list(const krb5_config_binding *l, const char *name, const char **out)
-{
-    while(l){
-	if (l->type != krb5_config_string)
-	    continue;
-	if(strcmp(name, l->u.string) == 0) {
-	    *out = l->name;
-	    return 1;
-	}
-	l = l->next;
-    }
-    return 0;
-}
-
-static int
-name_convert(krb5_context context, const char *name, const char *realm, 
-	     const char **out)
-{
-    const krb5_config_binding *l;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "realms",
-			      realm,
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_SRV_HST;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "libdefaults",
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_SRV_HST;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "realms",
-			      realm,
-			      "v4_name_convert",
-			      "plain",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_UNKNOWN;
-    l = krb5_config_get_list (context,
-			      NULL,
-			      "libdefaults",
-			      "v4_name_convert",
-			      "host",
-			      NULL);
-    if(l && check_list(l, name, out))
-	return KRB5_NT_UNKNOWN;
-    
-    /* didn't find it in config file, try built-in list */
-    {
-	struct v4_name_convert *q;
-	for(q = default_v4_name_convert; q->from; q++) {
-	    if(strcmp(name, q->to) == 0) {
-		*out = q->from;
-		return KRB5_NT_SRV_HST;
-	    }
-	}
-    }
-    return -1;
-}
-
-/*
- * convert the v5 principal in `principal' into a v4 corresponding one
- * in `name, instance, realm'
- * this is limited interface since there's no length given for these
- * three parameters.  They have to be 40 bytes each (ANAME_SZ).
- */
-
-krb5_error_code
-krb5_524_conv_principal(krb5_context context,
-			const krb5_principal principal,
-			char *name, 
-			char *instance,
-			char *realm)
-{
-    const char *n, *i, *r;
-    char tmpinst[40];
-    int type = princ_type(principal);
-    const int aname_sz = 40;
-
-    r = principal->realm;
-
-    switch(principal->name.name_string.len){
-    case 1:
-	n = principal->name.name_string.val[0];
-	i = "";
-	break;
-    case 2:
-	n = principal->name.name_string.val[0];
-	i = principal->name.name_string.val[1];
-	break;
-    default:
-	krb5_set_error_string (context,
-			       "cannot convert a %d component principal",
-			       principal->name.name_string.len);
-	return KRB5_PARSE_MALFORMED;
-    }
-
-    {
-	const char *tmp;
-	int t = name_convert(context, n, r, &tmp);
-	if(t >= 0) {
-	    type = t;
-	    n = tmp;
-	}
-    }
-
-    if(type == KRB5_NT_SRV_HST){
-	char *p;
-
-	strlcpy (tmpinst, i, sizeof(tmpinst));
-	p = strchr(tmpinst, '.');
-	if(p)
-	    *p = 0;
-	i = tmpinst;
-    }
-    
-    if (strlcpy (name, n, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long name component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    if (strlcpy (instance, i, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long instance component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    if (strlcpy (realm, r, aname_sz) >= aname_sz) {
-	krb5_set_error_string (context,
-			       "too long realm component to convert");
-	return KRB5_PARSE_MALFORMED;
-    }
-    return 0;
-}
-
-/*
- * Create a principal in `ret_princ' for the service `sname' running
- * on host `hostname'.  */
-			
-krb5_error_code
-krb5_sname_to_principal (krb5_context context,
-			 const char *hostname,
-			 const char *sname,
-			 int32_t type,
-			 krb5_principal *ret_princ)
-{
-    krb5_error_code ret;
-    char localhost[MAXHOSTNAMELEN];
-    char **realms, *host = NULL;
-	
-    if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
-	krb5_set_error_string (context, "unsupported name type %d",
-			       type);
-	return KRB5_SNAME_UNSUPP_NAMETYPE;
-    }
-    if(hostname == NULL) {
-	gethostname(localhost, sizeof(localhost));
-	hostname = localhost;
-    }
-    if(sname == NULL)
-	sname = "host";
-    if(type == KRB5_NT_SRV_HST) {
-	ret = krb5_expand_hostname_realms (context, hostname,
-					   &host, &realms);
-	if (ret)
-	    return ret;
-	strlwr(host);
-	hostname = host;
-    } else {
-	ret = krb5_get_host_realm(context, hostname, &realms);
-	if(ret)
-	    return ret;
-    }
-
-    ret = krb5_make_principal(context, ret_princ, realms[0], sname,
-			      hostname, NULL);
-    if(host)
-	free(host);
-    krb5_free_host_realm(context, realms);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c
deleted file mode 100644
index 3f5efb65fdca..000000000000
--- a/crypto/heimdal/lib/krb5/prog_setup.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: prog_setup.c,v 1.9 2001/02/20 01:44:54 assar Exp $");
-
-void
-krb5_std_usage(int code, struct getargs *args, int num_args)
-{
-    arg_printusage(args, num_args, NULL, "");
-    exit(code);
-}
-
-int
-krb5_program_setup(krb5_context *context, int argc, char **argv,
-		   struct getargs *args, int num_args, 
-		   void (*usage)(int, struct getargs*, int))
-{
-    krb5_error_code ret;
-    int optind = 0;
-
-    if(usage == NULL)
-	usage = krb5_std_usage;
-
-    setprogname(argv[0]);
-    ret = krb5_init_context(context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-    
-    if(getarg(args, num_args, argc, argv, &optind))
-	(*usage)(1, args, num_args);
-    return optind;
-}
diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c
deleted file mode 100644
index 4aea3a422987..000000000000
--- a/crypto/heimdal/lib/krb5/prompter_posix.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $");
-
-int
-krb5_prompter_posix (krb5_context context,
-		     void *data,
-		     const char *name,
-		     const char *banner,
-		     int num_prompts,
-		     krb5_prompt prompts[])
-{
-    int i;
-
-    if (name)
-	fprintf (stderr, "%s\n", name);
-    if (banner)
-	fprintf (stderr, "%s\n", banner);
-    for (i = 0; i < num_prompts; ++i) {
-	if (prompts[i].hidden) {
-	    if(des_read_pw_string(prompts[i].reply->data,
-				  prompts[i].reply->length,
-				  prompts[i].prompt,
-				  0))
-	       return 1;
-	} else {
-	    char *s = prompts[i].reply->data;
-
-	    fputs (prompts[i].prompt, stdout);
-	    fflush (stdout);
-	    if(fgets(prompts[i].reply->data,
-		     prompts[i].reply->length,
-		     stdin) == NULL)
-		return 1;
-	    s[strcspn(s, "\n")] = '\0';
-	}
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c
deleted file mode 100644
index 4a7d74cad5db..000000000000
--- a/crypto/heimdal/lib/krb5/rd_cred.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $");
-
-krb5_error_code
-krb5_rd_cred(krb5_context context,
-	     krb5_auth_context auth_context,
-	     krb5_data *in_data,
-	     krb5_creds ***ret_creds,
-	     krb5_replay_data *out_data)
-{
-    krb5_error_code ret;
-    size_t len;
-    KRB_CRED cred;
-    EncKrbCredPart enc_krb_cred_part;
-    krb5_data enc_krb_cred_part_data;
-    krb5_crypto crypto;
-    int i;
-
-    *ret_creds = NULL;
-
-    ret = decode_KRB_CRED(in_data->data, in_data->length, 
-			  &cred, &len);
-    if(ret)
-	return ret;
-
-    if (cred.pvno != 5) {
-	ret = KRB5KRB_AP_ERR_BADVERSION;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (cred.msg_type != krb_cred) {
-	ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_clear_error_string (context);
-	goto out;
-    }
-
-    if (cred.enc_part.etype == ETYPE_NULL) {  
-       /* DK: MIT GSS-API Compatibility */
-       enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
-       enc_krb_cred_part_data.data   = cred.enc_part.cipher.data;
-    } else {
-	if (auth_context->remote_subkey)
-	    ret = krb5_crypto_init(context, auth_context->remote_subkey,
-				   0, &crypto);
-	else
-	    ret = krb5_crypto_init(context, auth_context->keyblock,
-				   0, &crypto);
-          /* DK: MIT rsh */
-
-	if (ret)
-	    goto out;
-       
-	ret = krb5_decrypt_EncryptedData(context,
-					 crypto,
-					 KRB5_KU_KRB_CRED,
-					 &cred.enc_part,
-					 &enc_krb_cred_part_data);
-       
-	krb5_crypto_destroy(context, crypto);
-	if (ret)
-	    goto out;
-    }
-
-    ret = krb5_decode_EncKrbCredPart (context,
-				      enc_krb_cred_part_data.data,
-				      enc_krb_cred_part_data.length,
-				      &enc_krb_cred_part,
-				      &len);
-    if (ret)
-	goto out;
-
-    /* check sender address */
-
-    if (enc_krb_cred_part.s_address
-	&& auth_context->remote_address
-	&& auth_context->remote_port) {
-	krb5_address *a;
-	int cmp;
-
-	ret = krb5_make_addrport (context, &a,
-				  auth_context->remote_address,
-				  auth_context->remote_port);
-	if (ret)
-	    goto out;
-
-
-	cmp = krb5_address_compare (context,
-				    a,
-				    enc_krb_cred_part.s_address);
-
-	krb5_free_address (context, a);
-	free (a);
-
-	if (cmp == 0) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_BADADDR;
-	    goto out;
-	}
-    }
-
-    /* check receiver address */
-
-    if (enc_krb_cred_part.r_address
-	&& auth_context->local_address) {
-	if(auth_context->local_port &&
-	   enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
-	    krb5_address *a;
-	    int cmp;
-	    ret = krb5_make_addrport (context, &a,
-				      auth_context->local_address,
-				      auth_context->local_port);
-	    if (ret)
-		goto out;
-	    
-	    cmp = krb5_address_compare (context,
-					a,
-					enc_krb_cred_part.r_address);
-	    krb5_free_address (context, a);
-	    free (a);
-	    
-	    if (cmp == 0) {
-		krb5_clear_error_string (context);
-		ret = KRB5KRB_AP_ERR_BADADDR;
-		goto out;
-	    }
-	} else {
-	    if(!krb5_address_compare (context,
-				      auth_context->local_address,
-				      enc_krb_cred_part.r_address)) {
-		krb5_clear_error_string (context);
-		ret = KRB5KRB_AP_ERR_BADADDR;
-		goto out;
-	    }		
-	}
-    }
-
-    /* check timestamp */
-    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_timestamp sec;
-
-	krb5_timeofday (context, &sec);
-
-	if (enc_krb_cred_part.timestamp == NULL ||
-	    enc_krb_cred_part.usec      == NULL ||
-	    abs(*enc_krb_cred_part.timestamp - sec)
-	    > context->max_skew) {
-	    krb5_clear_error_string (context);
-	    ret = KRB5KRB_AP_ERR_SKEW;
-	    goto out;
-	}
-    }
-
-    if(out_data != NULL) {
-	if(enc_krb_cred_part.timestamp)
-	    out_data->timestamp = *enc_krb_cred_part.timestamp;
-	else 
-	    out_data->timestamp = 0;
-	if(enc_krb_cred_part.usec)
-	    out_data->usec = *enc_krb_cred_part.usec;
-	else 
-	    out_data->usec = 0;
-	if(enc_krb_cred_part.nonce)
-	    out_data->seq = *enc_krb_cred_part.nonce;
-	else 
-	    out_data->seq = 0;
-    }
-    
-    /* Convert to NULL terminated list of creds */
-
-    *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, 
-		       sizeof(**ret_creds));
-
-    if (*ret_creds == NULL) {
-	ret = ENOMEM;
-	krb5_set_error_string (context, "malloc: out of memory");
-	goto out;
-    }
-
-    for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
-	KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
-	krb5_creds *creds;
-	size_t len;
-
-	creds = calloc(1, sizeof(*creds));
-	if(creds == NULL) {
-	    ret = ENOMEM;
-	    krb5_set_error_string (context, "malloc: out of memory");
-	    goto out;
-	}
-
-	ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, 
-			   &cred.tickets.val[i], &len, ret);
-	if (ret)
-	    goto out;
-	if(creds->ticket.length != len)
-	    krb5_abortx(context, "internal error in ASN.1 encoder");
-	copy_EncryptionKey (&kci->key, &creds->session);
-	if (kci->prealm && kci->pname)
-	    principalname2krb5_principal (&creds->client,
-					  *kci->pname,
-					  *kci->prealm);
-	if (kci->flags)
-	    creds->flags.b = *kci->flags;
-	if (kci->authtime)
-	    creds->times.authtime = *kci->authtime;
-	if (kci->starttime)
-	    creds->times.starttime = *kci->starttime;
-	if (kci->endtime)
-	    creds->times.endtime = *kci->endtime;
-	if (kci->renew_till)
-	    creds->times.renew_till = *kci->renew_till;
-	if (kci->srealm && kci->sname)
-	    principalname2krb5_principal (&creds->server,
-					  *kci->sname,
-					  *kci->srealm);
-	if (kci->caddr)
-	    krb5_copy_addresses (context,
-				 kci->caddr,
-				 &creds->addresses);
-	
-	(*ret_creds)[i] = creds;
-	
-    }
-    (*ret_creds)[i] = NULL;
-    return 0;
-
-out:
-    free_KRB_CRED (&cred);
-    if(*ret_creds) {
-	for(i = 0; (*ret_creds)[i]; i++)
-	    krb5_free_creds(context, (*ret_creds)[i]);
-	free(*ret_creds);
-    }
-    return ret;
-}
-
-krb5_error_code
-krb5_rd_cred2 (krb5_context      context,
-	       krb5_auth_context auth_context,
-	       krb5_ccache       ccache,
-	       krb5_data         *in_data)
-{
-    krb5_error_code ret;
-    krb5_creds **creds;
-    int i;
-
-    ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL);
-    if(ret)
-	return ret;
-
-    /* Store the creds in the ccache */
-
-    for(i = 0; creds && creds[i]; i++) {
-	krb5_cc_store_cred(context, ccache, creds[i]);
-	krb5_free_creds(context, creds[i]);
-    }
-    free(creds);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_error.c b/crypto/heimdal/lib/krb5/rd_error.c
deleted file mode 100644
index ca02f3d61a83..000000000000
--- a/crypto/heimdal/lib/krb5/rd_error.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: rd_error.c,v 1.6 2001/05/15 06:35:10 assar Exp $");
-
-krb5_error_code
-krb5_rd_error(krb5_context context,
-	      krb5_data *msg,
-	      KRB_ERROR *result)
-{
-    
-    size_t len;
-    krb5_error_code ret;
-
-    ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
-    if(ret)
-	return ret;
-    result->error_code += KRB5KDC_ERR_NONE;
-    return 0;
-}
-
-void
-krb5_free_error_contents (krb5_context context,
-			  krb5_error *error)
-{
-    free_KRB_ERROR(error);
-}
-
-void
-krb5_free_error (krb5_context context,
-		 krb5_error *error)
-{
-    krb5_free_error_contents (context, error);
-    free (error);
-}
-
-krb5_error_code
-krb5_error_from_rd_error(krb5_context context,
-			 const krb5_error *error,
-			 const krb5_creds *creds)
-{
-    krb5_error_code ret;
-
-    ret = error->error_code;
-    if (error->e_text != NULL) {
-	krb5_set_error_string(context, "%s", *error->e_text);
-    } else {
-	char clientname[256], servername[256];
-
-	if (creds != NULL) {
-	    krb5_unparse_name_fixed(context, creds->client,
-				    clientname, sizeof(clientname));
-	    krb5_unparse_name_fixed(context, creds->server,
-				    servername, sizeof(servername));
-	}
-
-	switch (ret) {
-	case KRB5KDC_ERR_NAME_EXP :
-	    krb5_set_error_string(context, "Client %s%s%s expired",
-				  creds ? "(" : "",
-				  creds ? clientname : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_SERVICE_EXP :
-	    krb5_set_error_string(context, "Server %s%s%s expired",
-				  creds ? "(" : "",
-				  creds ? servername : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
-	    krb5_set_error_string(context, "Client %s%s%s unknown",
-				  creds ? "(" : "",
-				  creds ? clientname : "",
-				  creds ? ")" : "");
-	    break;
-	case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
-	    krb5_set_error_string(context, "Server %s%s%s unknown",
-				  creds ? "(" : "",
-				  creds ? servername : "",
-				  creds ? ")" : "");
-	    break;
-	default :
-	    krb5_clear_error_string(context);
-	    break;
-	}
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c
deleted file mode 100644
index 36ffed598067..000000000000
--- a/crypto/heimdal/lib/krb5/rd_priv.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_priv.c,v 1.29 2001/06/18 02:46:15 assar Exp $");
-
-krb5_error_code
-krb5_rd_priv(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *inbuf,
-	     krb5_data *outbuf,
-	     /*krb5_replay_data*/ void *outdata)
-{
-  krb5_error_code ret;
-  KRB_PRIV priv;
-  EncKrbPrivPart part;
-  size_t len;
-  krb5_data plain;
-  krb5_keyblock *key;
-  krb5_crypto crypto;
-
-  memset(&priv, 0, sizeof(priv));
-  ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
-  if (ret) 
-      goto failure;
-  if (priv.pvno != 5) {
-      krb5_clear_error_string (context);
-      ret = KRB5KRB_AP_ERR_BADVERSION;
-      goto failure;
-  }
-  if (priv.msg_type != krb_priv) {
-      krb5_clear_error_string (context);
-      ret = KRB5KRB_AP_ERR_MSG_TYPE;
-      goto failure;
-  }
-
-  if (auth_context->remote_subkey)
-      key = auth_context->remote_subkey;
-  else if (auth_context->local_subkey)
-      key = auth_context->local_subkey;
-  else
-      key = auth_context->keyblock;
-
-  ret = krb5_crypto_init(context, key, 0, &crypto);
-  if (ret)
-      goto failure;
-  ret = krb5_decrypt_EncryptedData(context,
-				   crypto,
-				   KRB5_KU_KRB_PRIV,
-				   &priv.enc_part,
-				   &plain);
-  krb5_crypto_destroy(context, crypto);
-  if (ret) 
-      goto failure;
-
-  ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
-  krb5_data_free (&plain);
-  if (ret) 
-      goto failure;
-  
-  /* check sender address */
-
-  if (part.s_address
-      && auth_context->remote_address
-      && !krb5_address_compare (context,
-				auth_context->remote_address,
-				part.s_address)) {
-      krb5_clear_error_string (context);
-      ret = KRB5KRB_AP_ERR_BADADDR;
-      goto failure_part;
-  }
-
-  /* check receiver address */
-
-  if (part.r_address
-      && auth_context->local_address
-      && !krb5_address_compare (context,
-				auth_context->local_address,
-				part.r_address)) {
-      krb5_clear_error_string (context);
-      ret = KRB5KRB_AP_ERR_BADADDR;
-      goto failure_part;
-  }
-
-  /* check timestamp */
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-      krb5_timestamp sec;
-
-      krb5_timeofday (context, &sec);
-      if (part.timestamp == NULL ||
-	  part.usec      == NULL ||
-	  abs(*part.timestamp - sec) > context->max_skew) {
-	  krb5_clear_error_string (context);
-	  ret = KRB5KRB_AP_ERR_SKEW;
-	  goto failure_part;
-      }
-  }
-
-  /* XXX - check replay cache */
-
-  /* check sequence number. since MIT krb5 cannot generate a sequence
-     number of zero but instead generates no sequence number, we accept that
-  */
-
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-      if ((part.seq_number == NULL
-	   && auth_context->remote_seqnumber != 0)
-	  || (part.seq_number != NULL
-	      && *part.seq_number != auth_context->remote_seqnumber)) {
-	  krb5_clear_error_string (context);
-	  ret = KRB5KRB_AP_ERR_BADORDER;
-	  goto failure_part;
-      }
-      auth_context->remote_seqnumber++;
-  }
-
-  ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
-  if (ret)
-      goto failure_part;
-
-  free_EncKrbPrivPart (&part);
-  free_KRB_PRIV (&priv);
-  return 0;
-
-failure_part:
-  free_EncKrbPrivPart (&part);
-
-failure:
-  free_KRB_PRIV (&priv);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c
deleted file mode 100644
index 7f947de5e143..000000000000
--- a/crypto/heimdal/lib/krb5/rd_rep.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_rep.c,v 1.22 2001/06/18 02:46:53 assar Exp $");
-
-krb5_error_code
-krb5_rd_rep(krb5_context context,
-	    krb5_auth_context auth_context,
-	    const krb5_data *inbuf,
-	    krb5_ap_rep_enc_part **repl)
-{
-  krb5_error_code ret;
-  AP_REP ap_rep;
-  size_t len;
-  krb5_data data;
-  krb5_crypto crypto;
-
-  krb5_data_zero (&data);
-  ret = 0;
-
-  ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
-  if (ret)
-      return ret;
-  if (ap_rep.pvno != 5) {
-    ret = KRB5KRB_AP_ERR_BADVERSION;
-    krb5_clear_error_string (context);
-    goto out;
-  }
-  if (ap_rep.msg_type != krb_ap_rep) {
-    ret = KRB5KRB_AP_ERR_MSG_TYPE;
-    krb5_clear_error_string (context);
-    goto out;
-  }
-
-  ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
-  if (ret)
-      goto out;
-  ret = krb5_decrypt_EncryptedData (context, 
-				    crypto,	
-				    KRB5_KU_AP_REQ_ENC_PART,
-				    &ap_rep.enc_part,
-				    &data);
-  krb5_crypto_destroy(context, crypto);
-  if (ret)
-      goto out;
-
-  *repl = malloc(sizeof(**repl));
-  if (*repl == NULL) {
-    ret = ENOMEM;
-    krb5_set_error_string (context, "malloc: out of memory");
-    goto out;
-  }
-  ret = krb5_decode_EncAPRepPart(context,
-				 data.data,
-				 data.length,
-				 *repl, 
-				 &len);
-  if (ret)
-      return ret;
-  
-  if ((*repl)->ctime != auth_context->authenticator->ctime ||
-      (*repl)->cusec != auth_context->authenticator->cusec) {
-    ret = KRB5KRB_AP_ERR_MUT_FAIL;
-    krb5_clear_error_string (context);
-    goto out;
-  }
-  if ((*repl)->seq_number)
-      krb5_auth_con_setremoteseqnumber(context, auth_context,
-				       *((*repl)->seq_number));
-  if ((*repl)->subkey)
-    krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
-  
-out:
-  krb5_data_free (&data);
-  free_AP_REP (&ap_rep);
-  return ret;
-}
-
-void
-krb5_free_ap_rep_enc_part (krb5_context context,
-			   krb5_ap_rep_enc_part *val)
-{
-    free_EncAPRepPart (val);
-    free (val);
-}
diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c
deleted file mode 100644
index 69fb059e4e63..000000000000
--- a/crypto/heimdal/lib/krb5/rd_req.c
+++ /dev/null
@@ -1,522 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_req.c,v 1.47 2001/06/18 02:48:18 assar Exp $");
-
-static krb5_error_code
-decrypt_tkt_enc_part (krb5_context context,
-		      krb5_keyblock *key,
-		      EncryptedData *enc_part,
-		      EncTicketPart *decr_part)
-{
-    krb5_error_code ret;
-    krb5_data plain;
-    size_t len;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      KRB5_KU_TICKET,
-				      enc_part,
-				      &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, 
-				    decr_part, &len);
-    krb5_data_free (&plain);
-    return ret;
-}
-
-static krb5_error_code
-decrypt_authenticator (krb5_context context,
-		       EncryptionKey *key,
-		       EncryptedData *enc_part,
-		       Authenticator *authenticator,
-		       krb5_key_usage usage)
-{
-    krb5_error_code ret;
-    krb5_data plain;
-    size_t len;
-    krb5_crypto crypto;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	return ret;
-    ret = krb5_decrypt_EncryptedData (context,
-				      crypto,
-				      usage /* KRB5_KU_AP_REQ_AUTH */,
-				      enc_part,
-				      &plain);
-    /* for backwards compatibility, also try the old usage */
-    if (ret && usage == KRB5_KU_TGS_REQ_AUTH)
-	ret = krb5_decrypt_EncryptedData (context,
-					  crypto,
-					  KRB5_KU_AP_REQ_AUTH,
-					  enc_part,
-					  &plain);
-    krb5_crypto_destroy(context, crypto);
-    if (ret)
-	return ret;
-
-    ret = krb5_decode_Authenticator(context, plain.data, plain.length, 
-				    authenticator, &len);
-    krb5_data_free (&plain);
-    return ret;
-}
-
-krb5_error_code
-krb5_decode_ap_req(krb5_context context,
-		   const krb5_data *inbuf,
-		   krb5_ap_req *ap_req)
-{
-    krb5_error_code ret;
-    size_t len;
-    ret = decode_AP_REQ(inbuf->data, inbuf->length, ap_req, &len);
-    if (ret)
-	return ret;
-    if (ap_req->pvno != 5){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BADVERSION;
-    }
-    if (ap_req->msg_type != krb_ap_req){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_MSG_TYPE;
-    }
-    if (ap_req->ticket.tkt_vno != 5){
-	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
-	return KRB5KRB_AP_ERR_BADVERSION;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_decrypt_ticket(krb5_context context,
-		    Ticket *ticket,
-		    krb5_keyblock *key,
-		    EncTicketPart *out,
-		    krb5_flags flags)
-{
-    EncTicketPart t;
-    krb5_error_code ret;
-    ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t);
-    if (ret)
-	return ret;
-    
-    {
-	krb5_timestamp now;
-	time_t start = t.authtime;
-
-	krb5_timeofday (context, &now);
-	if(t.starttime)
-	    start = *t.starttime;
-	if(start - now > context->max_skew
-	   || (t.flags.invalid
-	       && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
-	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
-	    return KRB5KRB_AP_ERR_TKT_NYV;
-	}
-	if(now - t.endtime > context->max_skew) {
-	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
-	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
-	}
-    }
-    
-    if(out)
-	*out = t;
-    else
-	free_EncTicketPart(&t);
-    return 0;
-}
-
-krb5_error_code
-krb5_verify_authenticator_checksum(krb5_context context,
-				   krb5_auth_context ac,
-				   void *data,
-				   size_t len)
-{
-    krb5_error_code ret;
-    krb5_keyblock *key;
-    krb5_authenticator authenticator;
-    krb5_crypto crypto;
-    
-    ret = krb5_auth_con_getauthenticator (context,
-				      ac,
-				      &authenticator);
-    if(ret)
-	return ret;
-    if(authenticator->cksum == NULL)
-	return -17;
-    ret = krb5_auth_con_getkey(context, ac, &key);
-    if(ret) {
-	krb5_free_authenticator(context, &authenticator);
-	return ret;
-    }
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if(ret)
-	goto out;
-    ret = krb5_verify_checksum (context,
-				crypto,
-				KRB5_KU_AP_REQ_AUTH_CKSUM,
-				data,
-				len,
-				authenticator->cksum);
-    krb5_crypto_destroy(context, crypto);
-out:
-    krb5_free_authenticator(context, &authenticator);
-    krb5_free_keyblock(context, key);
-    return ret;
-}
-
-#if 0
-static krb5_error_code
-check_transited(krb5_context context,
-		krb5_ticket *ticket)
-{
-    char **realms;
-    int num_realms;
-    krb5_error_code ret;
-
-    if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
-
-    ret = krb5_domain_x500_decode(ticket->ticket.transited.contents, 
-				  &realms, &num_realms, 
-				  ticket->client->realm,
-				  ticket->server->realm);
-    if(ret)
-	return ret;
-    ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
-    free(realms);
-    return ret;
-}
-#endif
-
-krb5_error_code
-krb5_verify_ap_req(krb5_context context,
-		   krb5_auth_context *auth_context,
-		   krb5_ap_req *ap_req,
-		   krb5_const_principal server,
-		   krb5_keyblock *keyblock,
-		   krb5_flags flags,
-		   krb5_flags *ap_req_options,
-		   krb5_ticket **ticket)
-{
-    return krb5_verify_ap_req2 (context,
-				auth_context,
-				ap_req,
-				server,
-				keyblock,
-				flags,
-				ap_req_options,
-				ticket,
-				KRB5_KU_AP_REQ_AUTH);
-}
-
-krb5_error_code
-krb5_verify_ap_req2(krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_ap_req *ap_req,
-		    krb5_const_principal server,
-		    krb5_keyblock *keyblock,
-		    krb5_flags flags,
-		    krb5_flags *ap_req_options,
-		    krb5_ticket **ticket,
-		    krb5_key_usage usage)
-{
-    krb5_ticket t;
-    krb5_auth_context ac;
-    krb5_error_code ret;
-    
-    if (auth_context && *auth_context) {
-	ac = *auth_context;
-    } else {
-	ret = krb5_auth_con_init (context, &ac);
-	if (ret)
-	    return ret;
-    }
-
-    if (ap_req->ap_options.use_session_key && ac->keyblock){
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  ac->keyblock, 
-				  &t.ticket,
-				  flags);
-	krb5_free_keyblock(context, ac->keyblock);
-	ac->keyblock = NULL;
-    }else
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  keyblock, 
-				  &t.ticket,
-				  flags);
-    
-    if(ret)
-	goto out;
-
-    principalname2krb5_principal(&t.server, ap_req->ticket.sname, 
-				 ap_req->ticket.realm);
-    principalname2krb5_principal(&t.client, t.ticket.cname, 
-				 t.ticket.crealm);
-
-    /* save key */
-
-    krb5_copy_keyblock(context, &t.ticket.key, &ac->keyblock);
-
-    ret = decrypt_authenticator (context,
-				 &t.ticket.key,
-				 &ap_req->authenticator,
-				 ac->authenticator,
-				 usage);
-    if (ret)
-	goto out2;
-
-    {
-	krb5_principal p1, p2;
-	krb5_boolean res;
-	
-	principalname2krb5_principal(&p1,
-				     ac->authenticator->cname,
-				     ac->authenticator->crealm);
-	principalname2krb5_principal(&p2, 
-				     t.ticket.cname,
-				     t.ticket.crealm);
-	res = krb5_principal_compare (context, p1, p2);
-	krb5_free_principal (context, p1);
-	krb5_free_principal (context, p2);
-	if (!res) {
-	    ret = KRB5KRB_AP_ERR_BADMATCH;
-	    krb5_clear_error_string (context);
-	    goto out2;
-	}
-    }
-
-    /* check addresses */
-
-    if (t.ticket.caddr
-	&& ac->remote_address
-	&& !krb5_address_search (context,
-				 ac->remote_address,
-				 t.ticket.caddr)) {
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
-	goto out2;
-    }
-
-    if (ac->authenticator->seq_number)
-	krb5_auth_con_setremoteseqnumber(context, ac,
-					 *ac->authenticator->seq_number);
-
-    /* XXX - Xor sequence numbers */
-
-    if (ac->authenticator->subkey) {
-	ret = krb5_auth_con_setremotesubkey(context, ac,
-					    ac->authenticator->subkey);
-	if (ret)
-	    goto out2;
-    }
-
-    if (ap_req_options) {
-	*ap_req_options = 0;
-	if (ap_req->ap_options.use_session_key)
-	    *ap_req_options |= AP_OPTS_USE_SESSION_KEY;
-	if (ap_req->ap_options.mutual_required)
-	    *ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
-    }
-
-    if(ticket){
-	*ticket = malloc(sizeof(**ticket));
-	**ticket = t;
-    } else
-	krb5_free_ticket (context, &t);
-    if (auth_context) {
-	if (*auth_context == NULL)
-	    *auth_context = ac;
-    } else
-	krb5_auth_con_free (context, ac);
-    return 0;
- out2:
-    krb5_free_ticket (context, &t);
- out:
-    if (auth_context == NULL || *auth_context == NULL)
-	krb5_auth_con_free (context, ac);
-    return ret;
-}
-		   
-
-krb5_error_code
-krb5_rd_req_with_keyblock(krb5_context context,
-			  krb5_auth_context *auth_context,
-			  const krb5_data *inbuf,
-			  krb5_const_principal server,
-			  krb5_keyblock *keyblock,
-			  krb5_flags *ap_req_options,
-			  krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    krb5_ap_req ap_req;
-
-    if (*auth_context == NULL) {
-	ret = krb5_auth_con_init(context, auth_context);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb5_decode_ap_req(context, inbuf, &ap_req);
-    if(ret)
-	return ret;
-
-    ret = krb5_verify_ap_req(context,
-			     auth_context,
-			     &ap_req,
-			     server,
-			     keyblock,
-			     0,
-			     ap_req_options,
-			     ticket);
-
-    free_AP_REQ(&ap_req);
-    return ret;
-}
-
-static krb5_error_code
-get_key_from_keytab(krb5_context context,
-		    krb5_auth_context *auth_context,
-		    krb5_ap_req *ap_req,
-		    krb5_const_principal server,
-		    krb5_keytab keytab,
-		    krb5_keyblock **out_key)
-{
-    krb5_keytab_entry entry;
-    krb5_error_code ret;
-    int kvno;
-    krb5_keytab real_keytab;
-
-    if(keytab == NULL)
-	krb5_kt_default(context, &real_keytab);
-    else
-	real_keytab = keytab;
-    
-    if (ap_req->ticket.enc_part.kvno)
-	kvno = *ap_req->ticket.enc_part.kvno;
-    else
-	kvno = 0;
-
-    ret = krb5_kt_get_entry (context,
-			     real_keytab,
-			     server,
-			     kvno,
-			     ap_req->ticket.enc_part.etype,
-			     &entry);
-    if(ret)
-	goto out;
-    ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
-    krb5_kt_free_entry (context, &entry);
-out:    
-    if(keytab == NULL)
-	krb5_kt_close(context, real_keytab);
-    
-    return ret;
-}
-
-krb5_error_code
-krb5_rd_req(krb5_context context,
-	    krb5_auth_context *auth_context,
-	    const krb5_data *inbuf,
-	    krb5_const_principal server,
-	    krb5_keytab keytab,
-	    krb5_flags *ap_req_options,
-	    krb5_ticket **ticket)
-{
-    krb5_error_code ret;
-    krb5_ap_req ap_req;
-    krb5_keyblock *keyblock = NULL;
-    krb5_principal service = NULL;
-
-    if (*auth_context == NULL) {
-	ret = krb5_auth_con_init(context, auth_context);
-	if (ret)
-	    return ret;
-    }
-
-    ret = krb5_decode_ap_req(context, inbuf, &ap_req);
-    if(ret)
-	return ret;
-
-    if(server == NULL){
-	principalname2krb5_principal(&service,
-				     ap_req.ticket.sname,
-				     ap_req.ticket.realm);
-	server = service;
-    }
-
-    if(ap_req.ap_options.use_session_key == 0 || 
-       (*auth_context)->keyblock == NULL){
-	ret = get_key_from_keytab(context, 
-				  auth_context, 
-				  &ap_req,
-				  server,
-				  keytab,
-				  &keyblock);
-	if(ret)
-	    goto out;
-    }
-	
-
-    ret = krb5_verify_ap_req(context,
-			     auth_context,
-			     &ap_req,
-			     server,
-			     keyblock,
-			     0,
-			     ap_req_options,
-			     ticket);
-
-    if(keyblock != NULL)
-	krb5_free_keyblock(context, keyblock);
-
-out:
-    free_AP_REQ(&ap_req);
-    if(service)
-	krb5_free_principal(context, service);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c
deleted file mode 100644
index bbba237b270f..000000000000
--- a/crypto/heimdal/lib/krb5/rd_safe.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include <krb5_locl.h>
-
-RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $");
-
-static krb5_error_code
-verify_checksum(krb5_context context,
-		krb5_auth_context auth_context,
-		KRB_SAFE *safe)
-{
-    krb5_error_code ret;
-    u_char *buf;
-    size_t buf_size;
-    size_t len;
-    Checksum c;
-    krb5_crypto crypto;
-    krb5_keyblock *key;
-
-    c = safe->cksum;
-    safe->cksum.cksumtype       = 0;
-    safe->cksum.checksum.data   = NULL;
-    safe->cksum.checksum.length = 0;
-
-    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
-    if(ret)
-	return ret;
-    if(buf_size != len)
-	krb5_abortx(context, "internal error in ASN.1 encoder");
-
-    if (auth_context->remote_subkey)
-	key = auth_context->remote_subkey;
-    else if (auth_context->local_subkey)
-	key = auth_context->local_subkey;
-    else
-	key = auth_context->keyblock;
-
-    ret = krb5_crypto_init(context, key, 0, &crypto);
-    if (ret)
-	goto out;
-    ret = krb5_verify_checksum (context,
-				crypto,
-				KRB5_KU_KRB_SAFE_CKSUM,
-				buf + buf_size - len,
-				len,
-				&c);
-    krb5_crypto_destroy(context, crypto);
-out:
-    safe->cksum = c;
-    free (buf);
-    return ret;
-}
-
-krb5_error_code
-krb5_rd_safe(krb5_context context,
-	     krb5_auth_context auth_context,
-	     const krb5_data *inbuf,
-	     krb5_data *outbuf,
-	     /*krb5_replay_data*/ void *outdata)
-{
-  krb5_error_code ret;
-  KRB_SAFE safe;
-  size_t len;
-
-  ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
-  if (ret) 
-      return ret;
-  if (safe.pvno != 5) {
-      ret = KRB5KRB_AP_ERR_BADVERSION;
-      krb5_clear_error_string (context);
-      goto failure;
-  }
-  if (safe.msg_type != krb_safe) {
-      ret = KRB5KRB_AP_ERR_MSG_TYPE;
-      krb5_clear_error_string (context);
-      goto failure;
-  }
-  if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
-      || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
-      ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
-      krb5_clear_error_string (context);
-      goto failure;
-  }
-
-  /* check sender address */
-
-  if (safe.safe_body.s_address
-      && auth_context->remote_address
-      && !krb5_address_compare (context,
-				auth_context->remote_address,
-				safe.safe_body.s_address)) {
-      ret = KRB5KRB_AP_ERR_BADADDR;
-      krb5_clear_error_string (context);
-      goto failure;
-  }
-
-  /* check receiver address */
-
-  if (safe.safe_body.r_address
-      && auth_context->local_address
-      && !krb5_address_compare (context,
-				auth_context->local_address,
-				safe.safe_body.r_address)) {
-      ret = KRB5KRB_AP_ERR_BADADDR;
-      krb5_clear_error_string (context);
-      goto failure;
-  }
-
-  /* check timestamp */
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-      krb5_timestamp sec;
-
-      krb5_timeofday (context, &sec);
-
-      if (safe.safe_body.timestamp == NULL ||
-	  safe.safe_body.usec      == NULL ||
-	  abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
-	  ret = KRB5KRB_AP_ERR_SKEW;
-	  krb5_clear_error_string (context);
-	  goto failure;
-      }
-  }
-  /* XXX - check replay cache */
-
-  /* check sequence number. since MIT krb5 cannot generate a sequence
-     number of zero but instead generates no sequence number, we accept that
-  */
-
-  if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-      if ((safe.safe_body.seq_number == NULL
-	   && auth_context->remote_seqnumber != 0)
-	  || (safe.safe_body.seq_number != NULL
-	      && *safe.safe_body.seq_number !=
-	      auth_context->remote_seqnumber)) {
-	  ret = KRB5KRB_AP_ERR_BADORDER;
-	  krb5_clear_error_string (context);
-	  goto failure;
-      }
-      auth_context->remote_seqnumber++;
-  }
-
-  ret = verify_checksum (context, auth_context, &safe);
-  if (ret)
-      goto failure;
-  
-  outbuf->length = safe.safe_body.user_data.length;
-  outbuf->data   = malloc(outbuf->length);
-  if (outbuf->data == NULL) {
-      ret = ENOMEM;
-      krb5_set_error_string (context, "malloc: out of memory");
-      goto failure;
-  }
-  memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
-  free_KRB_SAFE (&safe);
-  return 0;
-failure:
-  free_KRB_SAFE (&safe);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
deleted file mode 100644
index 124499ad4c4f..000000000000
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: read_message.c,v 1.8 2001/05/14 06:14:51 assar Exp $");
-
-krb5_error_code
-krb5_read_message (krb5_context context,
-		   krb5_pointer p_fd,
-		   krb5_data *data)
-{
-    krb5_error_code ret;
-    u_int32_t len;
-    u_int8_t buf[4];
-
-    ret = krb5_net_read (context, p_fd, buf, 4);
-    if(ret == -1) {
-	ret = errno;
-	krb5_clear_error_string (context);
-	return ret;
-    }
-    if(ret < 4) {
-	data->length = 0;
-	return HEIM_ERR_EOF;
-    }
-    len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
-    ret = krb5_data_alloc (data, len);
-    if (ret)
-	return ret;
-    if (krb5_net_read (context, p_fd, data->data, len) != len) {
-	ret = errno;
-	krb5_data_free (data);
-	krb5_clear_error_string (context);
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_read_priv_message(krb5_context context,
-		       krb5_auth_context ac,
-		       krb5_pointer p_fd,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_read_message(context, p_fd, &packet);
-    if(ret)
-	return ret;
-    ret = krb5_rd_priv (context, ac, &packet, data, NULL);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code
-krb5_read_safe_message(krb5_context context,
-		       krb5_auth_context ac,
-		       krb5_pointer p_fd,
-		       krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_read_message(context, p_fd, &packet);
-    if(ret)
-	return ret;
-    ret = krb5_rd_safe (context, ac, &packet, data, NULL);
-    krb5_data_free(&packet);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c
deleted file mode 100644
index d72b5c644db6..000000000000
--- a/crypto/heimdal/lib/krb5/recvauth.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: recvauth.c,v 1.16 2002/04/18 09:41:33 joda Exp $");
-
-/*
- * See `sendauth.c' for the format.
- */
-
-static krb5_boolean
-match_exact(const void *data, const char *appl_version)
-{
-    return strcmp(data, appl_version) == 0;
-}
-
-krb5_error_code
-krb5_recvauth(krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_pointer p_fd,
-	      const char *appl_version,
-	      krb5_principal server,
-	      int32_t flags,
-	      krb5_keytab keytab,
-	      krb5_ticket **ticket)
-{
-    return krb5_recvauth_match_version(context, auth_context, p_fd,
-				       match_exact, appl_version,
-				       server, flags,
-				       keytab, ticket);
-}
-
-krb5_error_code
-krb5_recvauth_match_version(krb5_context context,
-			    krb5_auth_context *auth_context,
-			    krb5_pointer p_fd,
-			    krb5_boolean (*match_appl_version)(const void *, 
-							       const char*),
-			    const void *match_data,
-			    krb5_principal server,
-			    int32_t flags,
-			    krb5_keytab keytab,
-			    krb5_ticket **ticket)
-{
-  krb5_error_code ret;
-  const char *version = KRB5_SENDAUTH_VERSION;
-  char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
-  char *her_appl_version;
-  u_int32_t len;
-  u_char repl;
-  krb5_data data;
-  krb5_flags ap_options;
-  ssize_t n;
-
-  /*
-   * If there are no addresses in auth_context, get them from `fd'.
-   */
-
-  if (*auth_context == NULL) {
-      ret = krb5_auth_con_init (context, auth_context);
-      if (ret)
-	  return ret;
-  }
-
-  ret = krb5_auth_con_setaddrs_from_fd (context,
-					*auth_context,
-					p_fd);
-  if (ret)
-      return ret;
-
-  if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
-    n = krb5_net_read (context, p_fd, &len, 4);
-    if (n < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "read: %s", strerror(errno));
-	return ret;
-    }
-    if (n == 0) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_BADAUTHVERS;
-    }
-    len = ntohl(len);
-    if (len != sizeof(her_version)
-	|| krb5_net_read (context, p_fd, her_version, len) != len
-	|| strncmp (version, her_version, len)) {
-      repl = 1;
-      krb5_net_write (context, p_fd, &repl, 1);
-	krb5_clear_error_string (context);
-      return KRB5_SENDAUTH_BADAUTHVERS;
-    }
-  }
-
-  n = krb5_net_read (context, p_fd, &len, 4);
-  if (n < 0) {
-      ret = errno;
-      krb5_set_error_string (context, "read: %s", strerror(errno));
-      return ret;
-  }
-  if (n == 0) {
-      krb5_clear_error_string (context);
-      return KRB5_SENDAUTH_BADAPPLVERS;
-  }
-  len = ntohl(len);
-  her_appl_version = malloc (len);
-  if (her_appl_version == NULL) {
-      repl = 2;
-      krb5_net_write (context, p_fd, &repl, 1);
-      krb5_set_error_string (context, "malloc: out of memory");
-      return ENOMEM;
-  }
-  if (krb5_net_read (context, p_fd, her_appl_version, len) != len
-      || !(*match_appl_version)(match_data, her_appl_version)) {
-    repl = 2;
-    krb5_net_write (context, p_fd, &repl, 1);
-    krb5_set_error_string (context, "wrong sendauth version (%s)",
-			   her_appl_version);
-    free (her_appl_version);
-    return KRB5_SENDAUTH_BADAPPLVERS;
-  }
-  free (her_appl_version);
-
-  repl = 0;
-  if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
-    ret = errno;
-    krb5_set_error_string (context, "write: %s", strerror(errno));
-    return ret;
-  }
-
-  krb5_data_zero (&data);
-  ret = krb5_read_message (context, p_fd, &data);
-  if (ret)
-      return ret;
-
-  ret = krb5_rd_req (context,
-		     auth_context,
-		     &data,
-		     server,
-		     keytab,
-		     &ap_options,
-		     ticket);
-  krb5_data_free (&data);
-  if (ret) {
-      krb5_data error_data;
-      krb5_error_code ret2;
-
-      ret2 = krb5_mk_error (context,
-			    ret,
-			    NULL,
-			    NULL,
-			    NULL,
-			    server,
-			    NULL,
-			    NULL,
-			    &error_data);
-      if (ret2 == 0) {
-	  krb5_write_message (context, p_fd, &error_data);
-	  krb5_data_free (&error_data);
-      }
-      return ret;
-  }      
-
-  len = 0;
-  if (krb5_net_write (context, p_fd, &len, 4) != 4) {
-      ret = errno;
-      krb5_set_error_string (context, "write: %s", strerror(errno));
-      return ret;
-  }
-
-  if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
-    ret = krb5_mk_rep (context, *auth_context, &data);
-    if (ret)
-      return ret;
-
-    ret = krb5_write_message (context, p_fd, &data);
-    if (ret)
-	return ret;
-    krb5_data_free (&data);
-  }
-  return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c
deleted file mode 100644
index 4298d12e2f1b..000000000000
--- a/crypto/heimdal/lib/krb5/replay.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/*
- * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <vis.h>
-
-RCSID("$Id: replay.c,v 1.9 2001/07/03 19:33:13 assar Exp $");
-
-struct krb5_rcache_data {
-    char *name;
-};
-
-krb5_error_code
-krb5_rc_resolve(krb5_context context,
-		krb5_rcache id,
-		const char *name)
-{
-    id->name = strdup(name);
-    if(id->name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_RC_MALLOC;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_rc_resolve_type(krb5_context context,
-		     krb5_rcache *id,
-		     const char *type)
-{
-    if(strcmp(type, "FILE")) {
-	krb5_set_error_string (context, "replay cache type %s not supported",
-			       type);
-	return KRB5_RC_TYPE_NOTFOUND;
-    }
-    *id = calloc(1, sizeof(**id));
-    if(*id == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return KRB5_RC_MALLOC;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_rc_resolve_full(krb5_context context,
-		     krb5_rcache *id,
-		     const char *string_name)
-{
-    krb5_error_code ret;
-    if(strncmp(string_name, "FILE:", 5)) {
-	krb5_set_error_string (context, "replay cache type %s not supported",
-			       string_name);
-	return KRB5_RC_TYPE_NOTFOUND;
-    }
-    ret = krb5_rc_resolve_type(context, id, "FILE");
-    if(ret)
-	return ret;
-    ret = krb5_rc_resolve(context, *id, string_name + 5);
-    return ret;
-}
-
-const char *
-krb5_rc_default_name(krb5_context context)
-{
-    return "FILE:/var/run/default_rcache";
-}
-
-const char *
-krb5_rc_default_type(krb5_context context)
-{
-    return "FILE";
-}
-
-krb5_error_code
-krb5_rc_default(krb5_context context,
-		krb5_rcache *id)
-{
-    return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
-}
-
-struct rc_entry{
-    time_t stamp;
-    unsigned char data[16];
-};
-
-krb5_error_code
-krb5_rc_initialize(krb5_context context,
-		   krb5_rcache id,
-		   krb5_deltat auth_lifespan)
-{
-    FILE *f = fopen(id->name, "w");
-    struct rc_entry tmp;
-    int ret;
-
-    if(f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    tmp.stamp = auth_lifespan;
-    fwrite(&tmp, 1, sizeof(tmp), f);
-    fclose(f);
-    return 0;
-}
-
-krb5_error_code
-krb5_rc_recover(krb5_context context,
-		krb5_rcache id)
-{
-    return 0;
-}
-
-krb5_error_code
-krb5_rc_destroy(krb5_context context,
-		krb5_rcache id)
-{
-    int ret;
-
-    if(remove(id->name) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "remove(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    return krb5_rc_close(context, id);
-}
-
-krb5_error_code
-krb5_rc_close(krb5_context context,
-	      krb5_rcache id)
-{
-    free(id->name);
-    free(id);
-    return 0;
-}
-
-static void
-checksum_authenticator(Authenticator *auth, void *data)
-{
-    MD5_CTX md5;
-    int i;
-
-    MD5_Init (&md5);
-    MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
-    for(i = 0; i < auth->cname.name_string.len; i++)
-	MD5_Update(&md5, auth->cname.name_string.val[i], 
-		   strlen(auth->cname.name_string.val[i]));
-    MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
-    MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
-    MD5_Final (data, &md5);
-}
-
-krb5_error_code
-krb5_rc_store(krb5_context context,
-	      krb5_rcache id,
-	      krb5_donot_replay *rep)
-{
-    struct rc_entry ent, tmp;
-    time_t t;
-    FILE *f;
-    int ret;
-
-    ent.stamp = time(NULL);
-    checksum_authenticator(rep, ent.data);
-    f = fopen(id->name, "r");
-    if(f == NULL) {
-	ret = errno;
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(ret));
-	return ret;
-    }
-    fread(&tmp, sizeof(ent), 1, f);
-    t = ent.stamp - tmp.stamp;
-    while(fread(&tmp, sizeof(ent), 1, f)){
-	if(tmp.stamp < t)
-	    continue;
-	if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
-	    fclose(f);
-	    krb5_clear_error_string (context);
-	    return KRB5_RC_REPLAY;
-	}
-    }
-    if(ferror(f)){
-	ret = errno;
-	fclose(f);
-	krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
-	return ret;
-    }
-    fclose(f);
-    f = fopen(id->name, "a");
-    if(f == NULL) {
-	krb5_set_error_string (context, "open(%s): %s", id->name,
-			       strerror(errno));
-	return KRB5_RC_IO_UNKNOWN;
-    }
-    fwrite(&ent, 1, sizeof(ent), f);
-    fclose(f);
-    return 0;
-}
-
-krb5_error_code
-krb5_rc_expunge(krb5_context context,
-		krb5_rcache id)
-{
-    return 0;
-}
-
-krb5_error_code
-krb5_rc_get_lifespan(krb5_context context,
-		     krb5_rcache id,
-		     krb5_deltat *auth_lifespan)
-{
-    FILE *f = fopen(id->name, "r");
-    int r;
-    struct rc_entry ent;
-    r = fread(&ent, sizeof(ent), 1, f);
-    fclose(f);
-    if(r){
-	*auth_lifespan = ent.stamp;
-	return 0;
-    }
-    krb5_clear_error_string (context);
-    return KRB5_RC_IO_UNKNOWN;
-}
-
-const char*
-krb5_rc_get_name(krb5_context context,
-		 krb5_rcache id)
-{
-    return id->name;
-}
-		 
-const char*
-krb5_rc_get_type(krb5_context context,
-		 krb5_rcache id)
-{
-    return "FILE";
-}
-		 
-krb5_error_code
-krb5_get_server_rcache(krb5_context context, 
-		       const krb5_data *piece, 
-		       krb5_rcache *id)
-{
-    krb5_rcache rcache;
-    krb5_error_code ret;
-
-    char *tmp = malloc(4 * piece->length + 1);
-    char *name;
-
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
-#ifdef HAVE_GETEUID
-    asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
-#else
-    asprintf(&name, "FILE:rc_%s", tmp);
-#endif
-    free(tmp);
-    if(name == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-
-    ret = krb5_rc_resolve_full(context, &rcache, name);
-    free(name);
-    if(ret)
-	return ret;
-    *id = rcache;
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c
deleted file mode 100644
index 94dae303077e..000000000000
--- a/crypto/heimdal/lib/krb5/send_to_kdc.c
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: send_to_kdc.c,v 1.48 2002/03/27 09:32:50 joda Exp $");
-
-/*
- * send the data in `req' on the socket `fd' (which is datagram iff udp)
- * waiting `tmout' for a reply and returning the reply in `rep'.
- * iff limit read up to this many bytes
- * returns 0 and data in `rep' if succesful, otherwise -1
- */
-
-static int
-recv_loop (int fd,
-	   time_t tmout,
-	   int udp,
-	   size_t limit,
-	   krb5_data *rep)
-{
-     fd_set fdset;
-     struct timeval timeout;
-     int ret;
-     int nbytes;
-
-     if (fd >= FD_SETSIZE) {
-	 return -1;
-     }
-
-     krb5_data_zero(rep);
-     do {
-	 FD_ZERO(&fdset);
-	 FD_SET(fd, &fdset);
-	 timeout.tv_sec  = tmout;
-	 timeout.tv_usec = 0;
-	 ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
-	 if (ret < 0) {
-	     if (errno == EINTR)
-		 continue;
-	     return -1;
-	 } else if (ret == 0) {
-	     return 0;
-	 } else {
-	     void *tmp;
-
-	     if (ioctl (fd, FIONREAD, &nbytes) < 0) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     if(nbytes == 0)
-		 return 0;
-
-	     if (limit)
-		 nbytes = min(nbytes, limit - rep->length);
-
-	     tmp = realloc (rep->data, rep->length + nbytes);
-	     if (tmp == NULL) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     rep->data = tmp;
-	     ret = recv (fd, (char*)tmp + rep->length, nbytes, 0);
-	     if (ret < 0) {
-		 krb5_data_free (rep);
-		 return -1;
-	     }
-	     rep->length += ret;
-	 }
-     } while(!udp && (limit == 0 || rep->length < limit));
-     return 0;
-}
-
-/*
- * Send kerberos requests and receive a reply on a udp or any other kind
- * of a datagram socket.  See `recv_loop'.
- */
-
-static int
-send_and_recv_udp(int fd, 
-		  time_t tmout,
-		  const krb5_data *req,
-		  krb5_data *rep)
-{
-    if (send (fd, req->data, req->length, 0) < 0)
-	return -1;
-
-    return recv_loop(fd, tmout, 1, 0, rep);
-}
-
-/*
- * `send_and_recv' for a TCP (or any other stream) socket.
- * Since there are no record limits on a stream socket the protocol here
- * is to prepend the request with 4 bytes of its length and the reply
- * is similarly encoded.
- */
-
-static int
-send_and_recv_tcp(int fd, 
-		  time_t tmout,
-		  const krb5_data *req,
-		  krb5_data *rep)
-{
-    unsigned char len[4];
-    unsigned long rep_len;
-    krb5_data len_data;
-
-    _krb5_put_int(len, req->length, 4);
-    if(net_write(fd, len, sizeof(len)) < 0)
-	return -1;
-    if(net_write(fd, req->data, req->length) < 0)
-	return -1;
-    if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
-	return -1;
-    if (len_data.length != 4) {
-	krb5_data_free (&len_data);
-	return -1;
-    }
-    _krb5_get_int(len_data.data, &rep_len, 4);
-    krb5_data_free (&len_data);
-    if (recv_loop (fd, tmout, 0, rep_len, rep) < 0)
-	return -1;
-    if(rep->length != rep_len) {
-	krb5_data_free (rep);
-	return -1;
-    }
-    return 0;
-}
-
-/*
- * `send_and_recv' tailored for the HTTP protocol.
- */
-
-static int
-send_and_recv_http(int fd, 
-		   time_t tmout,
-		   const char *prefix,
-		   const krb5_data *req,
-		   krb5_data *rep)
-{
-    char *request;
-    char *str;
-    int ret;
-    int len = base64_encode(req->data, req->length, &str);
-
-    if(len < 0)
-	return -1;
-    asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);
-    free(str);
-    if (request == NULL)
-	return -1;
-    ret = net_write (fd, request, strlen(request));
-    free (request);
-    if (ret < 0)
-	return ret;
-    ret = recv_loop(fd, tmout, 0, 0, rep);
-    if(ret)
-	return ret;
-    {
-	unsigned long rep_len;
-	char *s, *p;
-
-	s = realloc(rep->data, rep->length + 1);
-	if (s == NULL) {
-	    krb5_data_free (rep);
-	    return -1;
-	}
-	s[rep->length] = 0;
-	p = strstr(s, "\r\n\r\n");
-	if(p == NULL) {
-	    free(s);
-	    return -1;
-	}
-	p += 4;
-	rep->data = s;
-	rep->length -= p - s;
-	if(rep->length < 4) { /* remove length */
-	    free(s);
-	    return -1;
-	}
-	rep->length -= 4;
-	_krb5_get_int(p, &rep_len, 4);
-	if (rep_len != rep->length) {
-	    free(s);
-	    return -1;
-	}
-	memmove(rep->data, p + 4, rep->length);
-    }
-    return 0;
-}
-
-static int
-init_port(const char *s, int fallback)
-{
-    if (s) {
-	int tmp;
-
-	sscanf (s, "%d", &tmp);
-	return htons(tmp);
-    } else
-	return fallback;
-}
-
-/*
- * Return 0 if succesful, otherwise 1
- */
-
-static int
-send_via_proxy (krb5_context context,
-		const krb5_krbhst_info *hi,
-		const krb5_data *send_data,
-		krb5_data *receive)
-{
-    char *proxy2 = strdup(context->http_proxy);
-    char *proxy  = proxy2;
-    char *prefix;
-    char *colon;
-    struct addrinfo hints;
-    struct addrinfo *ai, *a;
-    int ret;
-    int s = -1;
-    char portstr[NI_MAXSERV];
-		 
-    if (proxy == NULL)
-	return ENOMEM;
-    if (strncmp (proxy, "http://", 7) == 0)
-	proxy += 7;
-
-    colon = strchr(proxy, ':');
-    if(colon != NULL)
-	*colon++ = '\0';
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_family   = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    snprintf (portstr, sizeof(portstr), "%d",
-	      ntohs(init_port (colon, htons(80))));
-    ret = getaddrinfo (proxy, portstr, &hints, &ai);
-    free (proxy2);
-    if (ret)
-	return krb5_eai_to_heim_errno(ret, errno);
-
-    for (a = ai; a != NULL; a = a->ai_next) {
-	s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (s < 0)
-	    continue;
-	if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
-	    close (s);
-	    continue;
-	}
-	break;
-    }
-    if (a == NULL) {
-	freeaddrinfo (ai);
-	return 1;
-    }
-    freeaddrinfo (ai);
-
-    asprintf(&prefix, "http://%s/", hi->hostname);
-    if(prefix == NULL) {
-	close(s);
-	return 1;
-    }
-    ret = send_and_recv_http(s, context->kdc_timeout,
-			     prefix, send_data, receive);
-    close (s);
-    free(prefix);
-    if(ret == 0 && receive->length != 0)
-	return 0;
-    return 1;
-}
-
-/*
- * Send the data `send' to one host from `handle` and get back the reply
- * in `receive'.
- */
-
-krb5_error_code
-krb5_sendto (krb5_context context,
-	     const krb5_data *send_data,
-	     krb5_krbhst_handle handle,	     
-	     krb5_data *receive)
-{
-     krb5_error_code ret = 0;
-     int fd;
-     int i;
-
-     for (i = 0; i < context->max_retries; ++i) {
-	 krb5_krbhst_info *hi;
-
-	 while (krb5_krbhst_next(context, handle, &hi) == 0) {
-	     int ret;
-	     struct addrinfo *ai, *a;
-
-	     if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) {
-		 if (send_via_proxy (context, hi, send_data, receive))
-		     continue;
-		 else
-		     goto out;
-	     }
-
-	     ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
-	     if (ret)
-		 continue;
-
-	     for (a = ai; a != NULL; a = a->ai_next) {
-		 fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-		 if (fd < 0)
-		     continue;
-		 if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
-		     close (fd);
-		     continue;
-		 }
-		 switch (hi->proto) {
-		 case KRB5_KRBHST_HTTP :
-		     ret = send_and_recv_http(fd, context->kdc_timeout,
-					      "", send_data, receive);
-		     break;
-		 case KRB5_KRBHST_TCP :
-		     ret = send_and_recv_tcp (fd, context->kdc_timeout,
-					      send_data, receive);
-		     break;
-		 case KRB5_KRBHST_UDP :
-		     ret = send_and_recv_udp (fd, context->kdc_timeout,
-					      send_data, receive);
-		     break;
-		 }
-		 close (fd);
-		 if(ret == 0 && receive->length != 0)
-		     goto out;
-	     }
-	 }
-	 krb5_krbhst_reset(context, handle);
-     }
-     krb5_clear_error_string (context);
-     ret = KRB5_KDC_UNREACH;
-out:
-     return ret;
-}
-
-krb5_error_code
-krb5_sendto_kdc2(krb5_context context,
-		 const krb5_data *send_data,
-		 const krb5_realm *realm,
-		 krb5_data *receive,
-		 krb5_boolean master)
-{
-    krb5_error_code ret;
-    krb5_krbhst_handle handle;
-    int type;
-
-    if (master || context->use_admin_kdc)
-	type = KRB5_KRBHST_ADMIN;
-    else
-	type = KRB5_KRBHST_KDC;
-
-    ret = krb5_krbhst_init(context, *realm, type, &handle);
-    if (ret)
-	return ret;
-
-    ret = krb5_sendto(context, send_data, handle, receive);
-    krb5_krbhst_free(context, handle);
-    if (ret == KRB5_KDC_UNREACH)
-	krb5_set_error_string(context,
-			      "unable to reach any KDC in realm %s", *realm);
-    return ret;
-}
-
-krb5_error_code
-krb5_sendto_kdc(krb5_context context,
-		const krb5_data *send_data,
-		const krb5_realm *realm,
-		krb5_data *receive)
-{
-    return krb5_sendto_kdc2(context, send_data, realm, receive, FALSE);
-}
diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c
deleted file mode 100644
index c2889ee777f7..000000000000
--- a/crypto/heimdal/lib/krb5/sendauth.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $");
-
-/*
- * The format seems to be:
- * client -> server
- *
- * 4 bytes - length
- * KRB5_SENDAUTH_V1.0 (including zero)
- * 4 bytes - length
- * protocol string (with terminating zero)
- *
- * server -> client
- * 1 byte - (0 = OK, else some kind of error)
- *
- * client -> server
- * 4 bytes - length
- * AP-REQ
- *
- * server -> client
- * 4 bytes - length (0 = OK, else length of error)
- * (error)
- *
- * if(mutual) {
- * server -> client
- * 4 bytes - length
- * AP-REP
- * }
- */
-
-krb5_error_code
-krb5_sendauth(krb5_context context,
-	      krb5_auth_context *auth_context,
-	      krb5_pointer p_fd,
-	      const char *appl_version,
-	      krb5_principal client,
-	      krb5_principal server,
-	      krb5_flags ap_req_options,
-	      krb5_data *in_data,
-	      krb5_creds *in_creds,
-	      krb5_ccache ccache,
-	      krb5_error **ret_error,
-	      krb5_ap_rep_enc_part **rep_result,
-	      krb5_creds **out_creds)
-{
-    krb5_error_code ret;
-    u_int32_t len, net_len;
-    const char *version = KRB5_SENDAUTH_VERSION;
-    u_char repl;
-    krb5_data ap_req, error_data;
-    krb5_creds this_cred;
-    krb5_principal this_client = NULL;
-    krb5_creds *creds;
-    ssize_t sret;
-    krb5_boolean my_ccache = FALSE;
-
-    len = strlen(version) + 1;
-    net_len = htonl(len);
-    if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, version, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-
-    len = strlen(appl_version) + 1;
-    net_len = htonl(len);
-    if (krb5_net_write (context, p_fd, &net_len, 4) != 4
-	|| krb5_net_write (context, p_fd, appl_version, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-
-    sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
-    if (sret < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "read: %s", strerror(ret));
-	return ret;
-    } else if (sret != sizeof(repl)) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_BADRESPONSE;
-    }
-
-    if (repl != 0) {
-	krb5_clear_error_string (context);
-	return KRB5_SENDAUTH_REJECTED;
-    }
-
-    if (in_creds == NULL) {
-	if (ccache == NULL) {
-	    ret = krb5_cc_default (context, &ccache);
-	    if (ret)
-		return ret;
-	    my_ccache = TRUE;
-	}
-
-	if (client == NULL) {
-	    ret = krb5_cc_get_principal (context, ccache, &this_client);
-	    if (ret) {
-		if(my_ccache)
-		    krb5_cc_close(context, ccache);
-		return ret;
-	    }
-	    client = this_client;
-	}
-	memset(&this_cred, 0, sizeof(this_cred));
-	this_cred.client = client;
-	this_cred.server = server;
-	this_cred.times.endtime = 0;
-	this_cred.ticket.length = 0;
-	in_creds = &this_cred;
-    }
-    if (in_creds->ticket.length == 0) {
-	ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
-	if (ret) {
-	    if(my_ccache)
-		krb5_cc_close(context, ccache);
-	    return ret;
-	}
-    } else {
-	creds = in_creds;
-    }
-    if(my_ccache)
-	krb5_cc_close(context, ccache);
-    ret = krb5_mk_req_extended (context,
-				auth_context,
-				ap_req_options,
-				in_data,
-				creds,
-				&ap_req);
-
-    if (out_creds)
-	*out_creds = creds;
-    else
-	krb5_free_creds(context, creds);
-    if(this_client)
-	krb5_free_principal(context, this_client);
-
-    if (ret)
-	return ret;
-
-    ret = krb5_write_message (context,
-			      p_fd,
-			      &ap_req);
-    if (ret)
-	return ret;
-
-    krb5_data_free (&ap_req);
-
-    ret = krb5_read_message (context, p_fd, &error_data);
-    if (ret)
-	return ret;
-
-    if (error_data.length != 0) {
-	KRB_ERROR error;
-
-	ret = krb5_rd_error (context, &error_data, &error);
-	krb5_data_free (&error_data);
-	if (ret == 0) {
-	    ret = krb5_error_from_rd_error(context, &error, NULL);
-	    if (ret_error != NULL) {
-		*ret_error = malloc (sizeof(krb5_error));
-		if (*ret_error == NULL) {
-		    krb5_free_error_contents (context, &error);
-		} else {
-		    **ret_error = error;
-		}
-	    } else {
-		krb5_free_error_contents (context, &error);
-	    }
-	    return ret;
-	} else {
-	    krb5_clear_error_string(context);
-	    return ret;
-	}
-    }
-
-    if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
-	krb5_data ap_rep;
-	krb5_ap_rep_enc_part *ignore;
-
-	krb5_data_zero (&ap_rep);
-	ret = krb5_read_message (context,
-				 p_fd,
-				 &ap_rep);
-	if (ret)
-	    return ret;
-
-	ret = krb5_rd_rep (context, *auth_context, &ap_rep,
-			   rep_result ? rep_result : &ignore);
-	if (ret)
-	    return ret;
-	if (rep_result == NULL)
-	    krb5_free_ap_rep_enc_part (context, ignore);
-	krb5_data_free (&ap_rep);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c
deleted file mode 100644
index 8b872dfaa8b6..000000000000
--- a/crypto/heimdal/lib/krb5/set_default_realm.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: set_default_realm.c,v 1.13 2001/09/18 09:43:31 joda Exp $");
-
-/*
- * Convert the simple string `s' into a NULL-terminated and freshly allocated 
- * list in `list'.  Return an error code.
- */
-
-static krb5_error_code
-string_to_list (krb5_context context, const char *s, krb5_realm **list)
-{
-
-    *list = malloc (2 * sizeof(**list));
-    if (*list == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*list)[0] = strdup (s);
-    if ((*list)[0] == NULL) {
-	free (*list);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    (*list)[1] = NULL;
-    return 0;
-}
-
-/*
- * Set the knowledge of the default realm(s) in `context'.
- * If realm != NULL, that's the new default realm.
- * Otherwise, the realm(s) are figured out from configuration or DNS.  
- */
-
-krb5_error_code
-krb5_set_default_realm(krb5_context context,
-		       const char *realm)
-{
-    krb5_error_code ret = 0;
-    krb5_realm *realms = NULL;
-
-    if (realm == NULL) {
-	realms = krb5_config_get_strings (context, NULL,
-					  "libdefaults",
-					  "default_realm",
-					  NULL);
-	if (realms == NULL)
-	    ret = krb5_get_host_realm(context, NULL, &realms);
-    } else {
-	ret = string_to_list (context, realm, &realms);
-    }
-    if (ret)
-	return ret;
-    krb5_free_host_realm (context, context->default_realms);
-    context->default_realms = realms;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c
deleted file mode 100644
index 7bb0bdfb022d..000000000000
--- a/crypto/heimdal/lib/krb5/sock_principal.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: sock_principal.c,v 1.16 2001/07/26 09:05:30 assar Exp $");
-			
-krb5_error_code
-krb5_sock_to_principal (krb5_context context,
-			int sock,
-			const char *sname,
-			int32_t type,
-			krb5_principal *ret_princ)
-{
-    krb5_error_code ret;
-    struct sockaddr_storage __ss;
-    struct sockaddr *sa = (struct sockaddr *)&__ss;
-    socklen_t salen = sizeof(__ss);
-    char hostname[NI_MAXHOST];
-
-    if (getsockname (sock, sa, &salen) < 0) {
-	ret = errno;
-	krb5_set_error_string (context, "getsockname: %s", strerror(ret));
-	return ret;
-    }
-    ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0);
-    if (ret) {
-	int save_errno = errno;
-
-	krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret));
-	return krb5_eai_to_heim_errno(ret, save_errno);
-    }
-
-    ret = krb5_sname_to_principal (context,
-				   hostname,
-				   sname,
-				   type,
-				   ret_princ);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/store-int.h b/crypto/heimdal/lib/krb5/store-int.h
deleted file mode 100644
index 42e695a11bc6..000000000000
--- a/crypto/heimdal/lib/krb5/store-int.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifndef __store_int_h__
-#define __store_int_h__
-
-struct krb5_storage_data {
-    void *data;
-    ssize_t (*fetch)(struct krb5_storage_data*, void*, size_t);
-    ssize_t (*store)(struct krb5_storage_data*, const void*, size_t);
-    off_t (*seek)(struct krb5_storage_data*, off_t, int);
-    void (*free)(struct krb5_storage_data*);
-    krb5_flags flags;
-    int eof_code;
-};
-
-#endif /* __store_int_h__ */
diff --git a/crypto/heimdal/lib/krb5/store-test.c b/crypto/heimdal/lib/krb5/store-test.c
deleted file mode 100644
index 512d2a5c96d0..000000000000
--- a/crypto/heimdal/lib/krb5/store-test.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: store-test.c,v 1.1 2001/05/11 16:06:25 joda Exp $");
-
-static void
-print_data(unsigned char *data, size_t len)
-{
-    int i;
-    for(i = 0; i < len; i++) {
-	if(i > 0 && (i % 16) == 0)
-	    printf("\n            ");
-	printf("%02x ", data[i]);
-    }
-    printf("\n");
-}
-
-static int
-compare(const char *name, krb5_storage *sp, void *expected, size_t len)
-{
-    int ret = 0;
-    krb5_data data;
-    krb5_storage_to_data(sp, &data);
-    krb5_storage_free(sp);
-    if(data.length != len || memcmp(data.data, expected, len) != 0) {
-	printf("%s mismatch\n", name);
-	printf("  Expected: ");
-	print_data(expected, len);
-	printf("  Actual:   ");
-	print_data(data.data, data.length);
-	ret++;
-    }
-    krb5_data_free(&data);
-    return ret;
-}
-
-int
-main(int argc, char **argv)
-{
-    int nerr = 0;
-    krb5_storage *sp;
-    krb5_context context;
-    krb5_principal principal;
-	
-
-    krb5_init_context(&context);
-
-    sp = krb5_storage_emem();
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
-    krb5_store_int32(sp, 0x01020304);
-    nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4);
-
-    sp = krb5_storage_emem();
-    krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
-    krb5_store_int32(sp, 0x01020304);
-    {
-	int test = 1;
-	void *data;
-	if(*(char*)&test) 
-	    data = "\x4\x3\x2\x1";
-	else 
-	    data = "\x1\x2\x3\x4";
-	nerr += compare("Integer (host)", sp, data, 4);
-    }
-
-    sp = krb5_storage_emem();
-    krb5_make_principal(context, &principal, "TEST", "foobar", NULL);
-    krb5_store_principal(sp, principal);
-    nerr += compare("Principal", sp, "\x0\x0\x0\x1"
-		    "\x0\x0\x0\x1"
-		    "\x0\x0\x0\x4TEST"
-		    "\x0\x0\x0\x6""foobar", 26);
-    
-    return nerr ? 1 : 0;
-}
diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c
deleted file mode 100644
index 4ea68f9643f8..000000000000
--- a/crypto/heimdal/lib/krb5/store.c
+++ /dev/null
@@ -1,686 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store.c,v 1.38 2002/08/21 12:21:57 joda Exp $");
-
-#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
-#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
-#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
-#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
-			       krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
-
-void
-krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
-{
-    sp->flags |= flags;
-}
-
-void
-krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
-{
-    sp->flags &= ~flags;
-}
-
-krb5_boolean
-krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
-{
-    return (sp->flags & flags) == flags;
-}
-
-void
-krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
-{
-    sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
-    sp->flags |= byteorder;
-}
-
-krb5_flags
-krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
-{
-    return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
-}
-
-off_t
-krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    return (*sp->seek)(sp, offset, whence);
-}
-
-krb5_ssize_t
-krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
-{
-    return sp->fetch(sp, buf, len);
-}
-
-krb5_ssize_t
-krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
-{
-    return sp->store(sp, buf, len);
-}
-
-void
-krb5_storage_set_eof_code(krb5_storage *sp, int code)
-{
-    sp->eof_code = code;
-}
-
-krb5_ssize_t
-_krb5_put_int(void *buffer, unsigned long value, size_t size)
-{
-    unsigned char *p = buffer;
-    int i;
-    for (i = size - 1; i >= 0; i--) {
-	p[i] = value & 0xff;
-	value >>= 8;
-    }
-    return size;
-}
-
-krb5_ssize_t
-_krb5_get_int(void *buffer, unsigned long *value, size_t size)
-{
-    unsigned char *p = buffer;
-    unsigned long v = 0;
-    int i;
-    for (i = 0; i < size; i++)
-	v = (v << 8) + p[i];
-    *value = v;
-    return size;
-}
-
-krb5_error_code
-krb5_storage_free(krb5_storage *sp)
-{
-    if(sp->free)
-	(*sp->free)(sp);
-    free(sp->data);
-    free(sp);
-    return 0;
-}
-
-krb5_error_code
-krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
-{
-    off_t pos;
-    size_t size;
-    krb5_error_code ret;
-
-    pos = sp->seek(sp, 0, SEEK_CUR);
-    size = (size_t)sp->seek(sp, 0, SEEK_END);
-    ret = krb5_data_alloc (data, size);
-    if (ret) {
-	sp->seek(sp, pos, SEEK_SET);
-	return ret;
-    }
-    if (size) {
-	sp->seek(sp, 0, SEEK_SET);
-	sp->fetch(sp, data->data, data->length);
-	sp->seek(sp, pos, SEEK_SET);
-    }
-    return 0;
-}
-
-static krb5_error_code
-krb5_store_int(krb5_storage *sp,
-	       int32_t value,
-	       size_t len)
-{
-    int ret;
-    unsigned char v[16];
-
-    if(len > sizeof(v))
-	return EINVAL;
-    _krb5_put_int(v, value, len);
-    ret = sp->store(sp, v, len);
-    if (ret != len)
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code
-krb5_store_int32(krb5_storage *sp,
-		 int32_t value)
-{
-    if(BYTEORDER_IS_HOST(sp))
-	value = htonl(value);
-    else if(BYTEORDER_IS_LE(sp))
-	value = bswap32(value);
-    return krb5_store_int(sp, value, 4);
-}
-
-static krb5_error_code
-krb5_ret_int(krb5_storage *sp,
-	     int32_t *value,
-	     size_t len)
-{
-    int ret;
-    unsigned char v[4];
-    unsigned long w;
-    ret = sp->fetch(sp, v, len);
-    if(ret != len)
-	return (ret<0)?errno:sp->eof_code;
-    _krb5_get_int(v, &w, len);
-    *value = w;
-    return 0;
-}
-
-krb5_error_code
-krb5_ret_int32(krb5_storage *sp,
-	       int32_t *value)
-{
-    krb5_error_code ret = krb5_ret_int(sp, value, 4);
-    if(ret)
-	return ret;
-    if(BYTEORDER_IS_HOST(sp))
-	*value = htonl(*value);
-    else if(BYTEORDER_IS_LE(sp))
-	*value = bswap32(*value);
-    return 0;
-}
-
-krb5_error_code
-krb5_store_int16(krb5_storage *sp,
-		 int16_t value)
-{
-    if(BYTEORDER_IS_HOST(sp))
-	value = htons(value);
-    else if(BYTEORDER_IS_LE(sp))
-	value = bswap16(value);
-    return krb5_store_int(sp, value, 2);
-}
-
-krb5_error_code
-krb5_ret_int16(krb5_storage *sp,
-	       int16_t *value)
-{
-    int32_t v;
-    int ret;
-    ret = krb5_ret_int(sp, &v, 2);
-    if(ret)
-	return ret;
-    *value = v;
-    if(BYTEORDER_IS_HOST(sp))
-	*value = htons(*value);
-    else if(BYTEORDER_IS_LE(sp))
-	*value = bswap16(*value);
-    return 0;
-}
-
-krb5_error_code
-krb5_store_int8(krb5_storage *sp,
-		int8_t value)
-{
-    int ret;
-
-    ret = sp->store(sp, &value, sizeof(value));
-    if (ret != sizeof(value))
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code
-krb5_ret_int8(krb5_storage *sp,
-	      int8_t *value)
-{
-    int ret;
-
-    ret = sp->fetch(sp, value, sizeof(*value));
-    if (ret != sizeof(*value))
-	return (ret<0)?errno:sp->eof_code;
-    return 0;
-}
-
-krb5_error_code
-krb5_store_data(krb5_storage *sp,
-		krb5_data data)
-{
-    int ret;
-    ret = krb5_store_int32(sp, data.length);
-    if(ret < 0)
-	return ret;
-    ret = sp->store(sp, data.data, data.length);
-    if(ret != data.length){
-	if(ret < 0)
-	    return errno;
-	return sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ret_data(krb5_storage *sp,
-	      krb5_data *data)
-{
-    int ret;
-    int32_t size;
-
-    ret = krb5_ret_int32(sp, &size);
-    if(ret)
-	return ret;
-    ret = krb5_data_alloc (data, size);
-    if (ret)
-	return ret;
-    if (size) {
-	ret = sp->fetch(sp, data->data, size);
-	if(ret != size)
-	    return (ret < 0)? errno : sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_store_string(krb5_storage *sp, const char *s)
-{
-    krb5_data data;
-    data.length = strlen(s);
-    data.data = (void*)s;
-    return krb5_store_data(sp, data);
-}
-
-krb5_error_code
-krb5_ret_string(krb5_storage *sp,
-		char **string)
-{
-    int ret;
-    krb5_data data;
-    ret = krb5_ret_data(sp, &data);
-    if(ret)
-	return ret;
-    *string = realloc(data.data, data.length + 1);
-    if(*string == NULL){
-	free(data.data);
-	return ENOMEM;
-    }
-    (*string)[data.length] = 0;
-    return 0;
-}
-
-krb5_error_code
-krb5_store_stringz(krb5_storage *sp, const char *s)
-{
-    size_t len = strlen(s) + 1;
-    ssize_t ret;
-
-    ret = sp->store(sp, s, len);
-    if(ret != len) {
-	if(ret < 0)
-	    return ret;
-	else
-	    return sp->eof_code;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ret_stringz(krb5_storage *sp,
-		char **string)
-{
-    char c;
-    char *s = NULL;
-    size_t len = 0;
-    ssize_t ret;
-
-    while((ret = sp->fetch(sp, &c, 1)) == 1){
-	char *tmp;
-
-	len++;
-	tmp = realloc (s, len);
-	if (tmp == NULL) {
-	    free (s);
-	    return ENOMEM;
-	}
-	s = tmp;
-	s[len - 1] = c;
-	if(c == 0)
-	    break;
-    }
-    if(ret != 1){
-	free(s);
-	if(ret == 0)
-	    return sp->eof_code;
-	return ret;
-    }
-    *string = s;
-    return 0;
-}
-
-
-krb5_error_code
-krb5_store_principal(krb5_storage *sp,
-		     krb5_principal p)
-{
-    int i;
-    int ret;
-
-    if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
-    ret = krb5_store_int32(sp, p->name.name_type);
-    if(ret) return ret;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ret = krb5_store_int32(sp, p->name.name_string.len + 1);
-    else
-    ret = krb5_store_int32(sp, p->name.name_string.len);
-    
-    if(ret) return ret;
-    ret = krb5_store_string(sp, p->realm);
-    if(ret) return ret;
-    for(i = 0; i < p->name.name_string.len; i++){
-	ret = krb5_store_string(sp, p->name.name_string.val[i]);
-	if(ret) return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ret_principal(krb5_storage *sp,
-		   krb5_principal *princ)
-{
-    int i;
-    int ret;
-    krb5_principal p;
-    int32_t type;
-    int32_t ncomp;
-    
-    p = calloc(1, sizeof(*p));
-    if(p == NULL)
-	return ENOMEM;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
-	type = KRB5_NT_UNKNOWN;
-    else 	if((ret = krb5_ret_int32(sp, &type))){
-	free(p);
-	return ret;
-    }
-    if((ret = krb5_ret_int32(sp, &ncomp))){
-	free(p);
-	return ret;
-    }
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	ncomp--;
-    p->name.name_type = type;
-    p->name.name_string.len = ncomp;
-    ret = krb5_ret_string(sp, &p->realm);
-    if(ret) return ret;
-    p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
-    if(p->name.name_string.val == NULL){
-	free(p->realm);
-	return ENOMEM;
-    }
-    for(i = 0; i < ncomp; i++){
-	ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
-	if(ret) return ret; /* XXX */
-    }
-    *princ = p;
-    return 0;
-}
-
-krb5_error_code
-krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
-{
-    int ret;
-    ret = krb5_store_int16(sp, p.keytype);
-    if(ret) return ret;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
-	/* this should really be enctype, but it is the same as
-           keytype nowadays */
-    ret = krb5_store_int16(sp, p.keytype);
-    if(ret) return ret;
-    }
-
-    ret = krb5_store_data(sp, p.keyvalue);
-    return ret;
-}
-
-krb5_error_code
-krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
-{
-    int ret;
-    int16_t tmp;
-
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret) return ret;
-    p->keytype = tmp;
-
-    if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret) return ret;
-    }
-
-    ret = krb5_ret_data(sp, &p->keyvalue);
-    return ret;
-}
-
-krb5_error_code
-krb5_store_times(krb5_storage *sp, krb5_times times)
-{
-    int ret;
-    ret = krb5_store_int32(sp, times.authtime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.starttime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.endtime);
-    if(ret) return ret;
-    ret = krb5_store_int32(sp, times.renew_till);
-    return ret;
-}
-
-krb5_error_code
-krb5_ret_times(krb5_storage *sp, krb5_times *times)
-{
-    int ret;
-    int32_t tmp;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->authtime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->starttime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->endtime = tmp;
-    if(ret) return ret;
-    ret = krb5_ret_int32(sp, &tmp);
-    times->renew_till = tmp;
-    return ret;
-}
-
-krb5_error_code
-krb5_store_address(krb5_storage *sp, krb5_address p)
-{
-    int ret;
-    ret = krb5_store_int16(sp, p.addr_type);
-    if(ret) return ret;
-    ret = krb5_store_data(sp, p.address);
-    return ret;
-}
-
-krb5_error_code
-krb5_ret_address(krb5_storage *sp, krb5_address *adr)
-{
-    int16_t t;
-    int ret;
-    ret = krb5_ret_int16(sp, &t);
-    if(ret) return ret;
-    adr->addr_type = t;
-    ret = krb5_ret_data(sp, &adr->address);
-    return ret;
-}
-
-krb5_error_code
-krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
-{
-    int i;
-    int ret;
-    ret = krb5_store_int32(sp, p.len);
-    if(ret) return ret;
-    for(i = 0; i<p.len; i++){
-	ret = krb5_store_address(sp, p.val[i]);
-	if(ret) break;
-    }
-    return ret;
-}
-
-krb5_error_code
-krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
-{
-    int i;
-    int ret;
-    int32_t tmp;
-
-    ret = krb5_ret_int32(sp, &tmp);
-    if(ret) return ret;
-    adr->len = tmp;
-    ALLOC(adr->val, adr->len);
-    for(i = 0; i < adr->len; i++){
-	ret = krb5_ret_address(sp, &adr->val[i]);
-	if(ret) break;
-    }
-    return ret;
-}
-
-krb5_error_code
-krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
-{
-    krb5_error_code ret;
-    int i;
-    ret = krb5_store_int32(sp, auth.len);
-    if(ret) return ret;
-    for(i = 0; i < auth.len; i++){
-	ret = krb5_store_int16(sp, auth.val[i].ad_type);
-	if(ret) break;
-	ret = krb5_store_data(sp, auth.val[i].ad_data);
-	if(ret) break;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
-{
-    krb5_error_code ret;
-    int32_t tmp;
-    int16_t tmp2;
-    int i;
-    ret = krb5_ret_int32(sp, &tmp);
-    if(ret) return ret;
-    ALLOC_SEQ(auth, tmp);
-    for(i = 0; i < tmp; i++){
-	ret = krb5_ret_int16(sp, &tmp2);
-	if(ret) break;
-	auth->val[i].ad_type = tmp2;
-	ret = krb5_ret_data(sp, &auth->val[i].ad_data);
-	if(ret) break;
-    }
-    return ret;
-}
-
-/*
- * store `creds' on `sp' returning error or zero
- */
-
-krb5_error_code
-krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
-{
-    int ret;
-
-    ret = krb5_store_principal(sp, creds->client);
-    if(ret)
-	return ret;
-    ret = krb5_store_principal(sp, creds->server);
-    if(ret)
-	return ret;
-    ret = krb5_store_keyblock(sp, creds->session);
-    if(ret)
-	return ret;
-    ret = krb5_store_times(sp, creds->times);
-    if(ret)
-	return ret;
-    ret = krb5_store_int8(sp, 0);  /* this is probably the
-				enc-tkt-in-skey bit from KDCOptions */
-    if(ret)
-	return ret;
-    ret = krb5_store_int32(sp, creds->flags.i);
-    if(ret)
-	return ret;
-    ret = krb5_store_addrs(sp, creds->addresses);
-    if(ret)
-	return ret;
-    ret = krb5_store_authdata(sp, creds->authdata);
-    if(ret)
-	return ret;
-    ret = krb5_store_data(sp, creds->ticket);
-    if(ret)
-	return ret;
-    ret = krb5_store_data(sp, creds->second_ticket);
-    return ret;
-}
-
-krb5_error_code
-krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
-{
-    krb5_error_code ret;
-    int8_t dummy8;
-    int32_t dummy32;
-
-    memset(creds, 0, sizeof(*creds));
-    ret = krb5_ret_principal (sp,  &creds->client);
-    if(ret) goto cleanup;
-    ret = krb5_ret_principal (sp,  &creds->server);
-    if(ret) goto cleanup;
-    ret = krb5_ret_keyblock (sp,  &creds->session);
-    if(ret) goto cleanup;
-    ret = krb5_ret_times (sp,  &creds->times);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int8 (sp,  &dummy8);
-    if(ret) goto cleanup;
-    ret = krb5_ret_int32 (sp,  &dummy32);
-    if(ret) goto cleanup;
-    creds->flags.i = dummy32;
-    ret = krb5_ret_addrs (sp,  &creds->addresses);
-    if(ret) goto cleanup;
-    ret = krb5_ret_authdata (sp,  &creds->authdata);
-    if(ret) goto cleanup;
-    ret = krb5_ret_data (sp,  &creds->ticket);
-    if(ret) goto cleanup;
-    ret = krb5_ret_data (sp,  &creds->second_ticket);
-cleanup:
-    if(ret) {
-#if 0	
-	krb5_free_creds_contents(context, creds); /* XXX */
-#endif
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c
deleted file mode 100644
index 526cf32f65f8..000000000000
--- a/crypto/heimdal/lib/krb5/store_emem.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_emem.c,v 1.13 2002/10/21 15:36:23 joda Exp $");
-
-typedef struct emem_storage{
-    unsigned char *base;
-    size_t size;
-    size_t len;
-    unsigned char *ptr;
-}emem_storage;
-
-static ssize_t
-emem_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    if(s->base + s->len - s->ptr < size)
-	size = s->base + s->len - s->ptr;
-    memmove(data, s->ptr, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-emem_store(krb5_storage *sp, const void *data, size_t size)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr){
-	void *base;
-	size_t sz, off;
-	off = s->ptr - s->base;
-	sz = off + size;
-	if (sz < 4096)
-	    sz *= 2;
-	base = realloc(s->base, sz);
-	if(base == NULL)
-	    return 0;
-	s->size = sz;
-	s->base = base;
-	s->ptr = (unsigned char*)base + off;
-    }
-    memmove(s->ptr, data, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static off_t
-emem_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    emem_storage *s = (emem_storage*)sp->data;
-    switch(whence){
-    case SEEK_SET:
-	if(offset > s->size)
-	    offset = s->size;
-	if(offset < 0)
-	    offset = 0;
-	s->ptr = s->base + offset;
-	if(offset > s->len)
-	    s->len = offset;
-	break;
-    case SEEK_CUR:
-	sp->seek(sp,s->ptr - s->base + offset, SEEK_SET);
-	break;
-    case SEEK_END:
-	sp->seek(sp, s->len + offset, SEEK_SET);
-	break;
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-    return s->ptr - s->base;
-}
-
-static void
-emem_free(krb5_storage *sp)
-{
-    emem_storage *s = sp->data;
-    memset(s->base, 0, s->len);
-    free(s->base);
-}
-
-krb5_storage *
-krb5_storage_emem(void)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    emem_storage *s = malloc(sizeof(*s));
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->size = 1024;
-    s->base = malloc(s->size);
-    s->len = 0;
-    s->ptr = s->base;
-    sp->fetch = emem_fetch;
-    sp->store = emem_store;
-    sp->seek = emem_seek;
-    sp->free = emem_free;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/store_fd.c b/crypto/heimdal/lib/krb5/store_fd.c
deleted file mode 100644
index e31b956143d4..000000000000
--- a/crypto/heimdal/lib/krb5/store_fd.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_fd.c,v 1.10 2002/04/18 14:00:39 joda Exp $");
-
-typedef struct fd_storage{
-    int fd;
-}fd_storage;
-
-#define FD(S) (((fd_storage*)(S)->data)->fd)
-
-static ssize_t
-fd_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    return net_read(FD(sp), data, size);
-}
-
-static ssize_t
-fd_store(krb5_storage *sp, const void *data, size_t size)
-{
-    return net_write(FD(sp), data, size);
-}
-
-static off_t
-fd_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    return lseek(FD(sp), offset, whence);
-}
-
-krb5_storage *
-krb5_storage_from_fd(int fd)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-
-    if (sp == NULL)
-	return NULL;
-
-    sp->data = malloc(sizeof(fd_storage));
-    if (sp->data == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    FD(sp) = fd;
-    sp->fetch = fd_fetch;
-    sp->store = fd_store;
-    sp->seek = fd_seek;
-    sp->free = NULL;
-    return sp;
-}
diff --git a/crypto/heimdal/lib/krb5/store_mem.c b/crypto/heimdal/lib/krb5/store_mem.c
deleted file mode 100644
index b0be2002a3b8..000000000000
--- a/crypto/heimdal/lib/krb5/store_mem.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include "store-int.h"
-
-RCSID("$Id: store_mem.c,v 1.11 2002/04/18 14:00:44 joda Exp $");
-
-typedef struct mem_storage{
-    unsigned char *base;
-    size_t size;
-    unsigned char *ptr;
-}mem_storage;
-
-static ssize_t
-mem_fetch(krb5_storage *sp, void *data, size_t size)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
-	size = s->base + s->size - s->ptr;
-    memmove(data, s->ptr, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static ssize_t
-mem_store(krb5_storage *sp, const void *data, size_t size)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    if(size > s->base + s->size - s->ptr)
-	size = s->base + s->size - s->ptr;
-    memmove(s->ptr, data, size);
-    sp->seek(sp, size, SEEK_CUR);
-    return size;
-}
-
-static off_t
-mem_seek(krb5_storage *sp, off_t offset, int whence)
-{
-    mem_storage *s = (mem_storage*)sp->data;
-    switch(whence){
-    case SEEK_SET:
-	if(offset > s->size)
-	    offset = s->size;
-	if(offset < 0)
-	    offset = 0;
-	s->ptr = s->base + offset;
-	break;
-    case SEEK_CUR:
-	return sp->seek(sp, s->ptr - s->base + offset, SEEK_SET);
-    case SEEK_END:
-	return sp->seek(sp, s->size + offset, SEEK_SET);
-    default:
-	errno = EINVAL;
-	return -1;
-    }
-    return s->ptr - s->base;
-}
-
-krb5_storage *
-krb5_storage_from_mem(void *buf, size_t len)
-{
-    krb5_storage *sp = malloc(sizeof(krb5_storage));
-    mem_storage *s;
-    if(sp == NULL)
-	return NULL;
-    s = malloc(sizeof(*s));
-    if(s == NULL) {
-	free(sp);
-	return NULL;
-    }
-    sp->data = s;
-    sp->flags = 0;
-    sp->eof_code = HEIM_ERR_EOF;
-    s->base = buf;
-    s->size = len;
-    s->ptr = buf;
-    sp->fetch = mem_fetch;
-    sp->store = mem_store;
-    sp->seek = mem_seek;
-    sp->free = NULL;
-    return sp;
-}
-
-krb5_storage *
-krb5_storage_from_data(krb5_data *data)
-{
-	return krb5_storage_from_mem(data->data, data->length);
-}
diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c
deleted file mode 100644
index 0ea5cd18d20e..000000000000
--- a/crypto/heimdal/lib/krb5/string-to-key-test.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: string-to-key-test.c,v 1.7 2001/05/11 16:15:27 joda Exp $");
-
-enum { MAXSIZE = 24 };
-
-static struct testcase {
-    const char *principal_name;
-    const char *password;
-    krb5_enctype enctype;
-    unsigned char res[MAXSIZE];
-} tests[] = {
-    {"@", "", ETYPE_DES_CBC_MD5,
-     {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}},
-    {"nisse@FOO.SE", "hej", ETYPE_DES_CBC_MD5,
-     {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}},
-    {"assar/liten@FOO.SE", "hemligt", ETYPE_DES_CBC_MD5,
-     {0x5b, 0x9b, 0xcb, 0xf2, 0x97, 0x43, 0xc8, 0x40}},
-    {"@", "", ETYPE_DES3_CBC_SHA1,
-     {0xce, 0xa2, 0x2f, 0x9b, 0x52, 0x2c, 0xb0, 0x15, 0x6e, 0x6b, 0x64,
-      0x73, 0x62, 0x64, 0x73, 0x4f, 0x6e, 0x73, 0xce, 0xa2, 0x2f, 0x9b,
-      0x52, 0x57}},
-    {"nisse@FOO.SE", "hej", ETYPE_DES3_CBC_SHA1,
-     {0x0e, 0xbc, 0x23, 0x9d, 0x68, 0x46, 0xf2, 0xd5, 0x51, 0x98, 0x5b,
-      0x57, 0xc1, 0x57, 0x01, 0x79, 0x04, 0xc4, 0xe9, 0xfe, 0xc1, 0x0e,
-      0x13, 0xd0}},
-    {"assar/liten@FOO.SE", "hemligt", ETYPE_DES3_CBC_SHA1,
-     {0x7f, 0x40, 0x67, 0xb9, 0xbc, 0xc4, 0x40, 0xfb, 0x43, 0x73, 0xd9,
-      0xd3, 0xcd, 0x7c, 0xc7, 0x67, 0xe6, 0x79, 0x94, 0xd0, 0xa8, 0x34,
-      0xdf, 0x62}},
-    {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5,
-     {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe,
-      0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}},
-    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5,
-     {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}},
-    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5,
-     {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}},
-    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5,
-     {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}},
-    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5,
-     {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}},
-    {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5,
-     {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}},
-    {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5,
-     {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}},
-    {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1,
-     {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}},
-    {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1,
-     {0xdf, 0xcd, 0x23, 0x3d, 0xd0, 0xa4, 0x32, 0x04, 0xea, 0x6d, 0xc4, 0x37, 0xfb, 0x15, 0xe0, 0x61, 0xb0, 0x29, 0x79, 0xc1, 0xf7, 0x4f, 0x37, 0x7a}},
-    {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES3_CBC_SHA1,
-     {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}},
-    {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1,
-     {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}},
-    {NULL}
-};
-
-int
-main(int argc, char **argv)
-{
-    struct testcase *t;
-    krb5_context context;
-    krb5_error_code ret;
-    int val = 0;
-
-    ret = krb5_init_context (&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    /* to enable realm-less principal name above */
-
-    krb5_set_default_realm(context, "");
-
-    for (t = tests; t->principal_name; ++t) {
-	krb5_keyblock key;
-	krb5_principal principal;
-	int i;
-
-	ret = krb5_parse_name (context, t->principal_name, &principal);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s",
-		      t->principal_name);
-	ret = krb5_string_to_key (context, t->enctype, t->password,
-				  principal, &key);
-	if (ret)
-	    krb5_err (context, 1, ret, "krb5_string_to_key");
-	krb5_free_principal (context, principal);
-	if (memcmp (key.keyvalue.data, t->res, key.keyvalue.length) != 0) {
-	    const unsigned char *p = key.keyvalue.data;
-
-	    printf ("string_to_key(%s, %s) failed\n",
-		    t->principal_name, t->password);
-	    printf ("should be: ");
-	    for (i = 0; i < key.keyvalue.length; ++i)
-		printf ("%02x", t->res[i]);
-	    printf ("\nresult was: ");
-	    for (i = 0; i < key.keyvalue.length; ++i)
-		printf ("%02x", p[i]);
-	    printf ("\n");
-	    val = 1;
-	}
-    }
-    return val;
-}
diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c
deleted file mode 100644
index 8a6ec6dc8f85..000000000000
--- a/crypto/heimdal/lib/krb5/test_alname.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: test_alname.c,v 1.4 2003/04/17 05:46:45 lha Exp $");
-
-static void
-test_alname(krb5_context context, krb5_realm realm,
-	    const char *user, const char *inst, 
-	    const char *localuser, int ok)
-{
-    krb5_principal p;
-    char localname[1024];
-    krb5_error_code ret;
-    char *princ;
-
-    ret = krb5_make_principal(context, &p, realm, user, inst, NULL);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_build_principal");
-
-    ret = krb5_unparse_name(context, p, &princ);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_unparse_name");
-
-    ret = krb5_aname_to_localname(context, p, sizeof(localname), localname);
-    krb5_free_principal(context, p);
-    free(princ);
-    if (ret) {
-	if (!ok)
-	    return;
-	krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", 
-		 princ, localuser);
-    }
-
-    if (strcmp(localname, localuser) != 0) {
-	if (ok)
-	    errx(1, "compared failed %s != %s (should have succeded)", 
-		 localname, localuser);
-    } else {
-	if (!ok)
-	    errx(1, "compared failed %s == %s (should have failed)", 
-		 localname, localuser);
-    }
-    
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_realm realm;
-    int optind = 0;
-    char *user;
-
-    setprogname(argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc != 1)
-	errx(1, "first argument should be a local user that in root .k5login");
-
-    user = argv[0];
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_default_realm(context, &realm);
-    if (ret)
-	krb5_err(context, 1, ret, "krb5_get_default_realm");
-
-    test_alname(context, realm, user, NULL, user, 1);
-    test_alname(context, realm, user, "root", "root", 1);
-
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0);
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0);
-
-    test_alname(context, realm, user, NULL, 
-		"not-same-as-user", 0);
-    test_alname(context, realm, user, "root",
-		"not-same-as-user", 0);
-
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, 
-		"not-same-as-user", 0);
-    test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root",
-		"not-same-as-user", 0);
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c
deleted file mode 100644
index 15181f4d9746..000000000000
--- a/crypto/heimdal/lib/krb5/test_cc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: test_cc.c,v 1.1 2003/03/10 00:26:40 lha Exp $");
-
-#define TEST_CC_NAME "/tmp/foo"
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    char *p1, *p2, *p3;
-    const char *p;
-
-    setprogname(argv[0]);
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 1 failed");
-    p1 = estrdup(p);
-
-    ret = krb5_cc_set_default_name(context, NULL);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_set_default_name failed");
-
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
-    p2 = estrdup(p);
-
-    if (strcmp(p1, p2) != 0)
-	krb5_errx (context, 1, "krb5_cc_default_name no longer same");
-	
-    ret = krb5_cc_set_default_name(context, TEST_CC_NAME);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
-    
-    p = krb5_cc_default_name(context);
-    if (p == NULL)
-	krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
-    p3 = estrdup(p);
-    
-    if (strcmp(p3, TEST_CC_NAME) != 0)
-	krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
-
-    krb5_free_context(context);
-
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/test_get_addrs.c b/crypto/heimdal/lib/krb5/test_get_addrs.c
deleted file mode 100644
index 97e3b2b1e583..000000000000
--- a/crypto/heimdal/lib/krb5/test_get_addrs.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-#include <err.h>
-#include <getarg.h>
-
-RCSID("$Id: test_get_addrs.c,v 1.4 2002/08/23 03:42:54 assar Exp $");
-
-/* print all addresses that we find */
-
-static void
-print_addresses (krb5_context context, const krb5_addresses *addrs)
-{
-    int i;
-    char buf[256];
-    size_t len;
-    
-    for (i = 0; i < addrs->len; ++i) {
-	krb5_print_address (&addrs->val[i], buf, sizeof(buf), &len);
-	printf ("%s\n", buf);
-    }
-}
-
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
-static void
-usage (int ret)
-{
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "");
-    exit (ret);
-}
-
-int
-main(int argc, char **argv)
-{
-    krb5_context context;
-    krb5_error_code ret;
-    krb5_addresses addrs;
-    int optind = 0;
-
-    setprogname (argv[0]);
-
-    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
-	usage(1);
-    
-    if (help_flag)
-	usage (0);
-
-    if(version_flag){
-	print_version(NULL);
-	exit(0);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    ret = krb5_init_context(&context);
-    if (ret)
-	errx (1, "krb5_init_context failed: %d", ret);
-
-    ret = krb5_get_all_client_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
-    printf ("client addresses\n");
-    print_addresses (context, &addrs);
-    krb5_free_addresses (context, &addrs);
-
-    ret = krb5_get_all_server_addrs (context, &addrs);
-    if (ret)
-	krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
-    printf ("server addresses\n");
-    print_addresses (context, &addrs);
-    krb5_free_addresses (context, &addrs);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c
deleted file mode 100644
index 8d2397be845a..000000000000
--- a/crypto/heimdal/lib/krb5/ticket.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: ticket.c,v 1.5 2001/05/14 06:14:51 assar Exp $");
-
-krb5_error_code
-krb5_free_ticket(krb5_context context,
-		 krb5_ticket *ticket)
-{
-    free_EncTicketPart(&ticket->ticket);
-    krb5_free_principal(context, ticket->client);
-    krb5_free_principal(context, ticket->server);
-    return 0;
-}
-
-krb5_error_code
-krb5_copy_ticket(krb5_context context,
-		 const krb5_ticket *from,
-		 krb5_ticket **to)
-{
-    krb5_error_code ret;
-    krb5_ticket *tmp = malloc(sizeof(*tmp));
-    if(tmp == NULL) {
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
-	free(tmp);
-	return ret;
-    }
-    ret = krb5_copy_principal(context, from->client, &tmp->client);
-    if(ret){
-	free_EncTicketPart(&tmp->ticket);
-	return ret;
-    }
-    ret = krb5_copy_principal(context, from->server, &(*to)->server);
-    if(ret){
-	krb5_free_principal(context, tmp->client);
-	free_EncTicketPart(&tmp->ticket);
-	return ret;
-    }
-    *to = tmp;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c
deleted file mode 100644
index 9346546006a0..000000000000
--- a/crypto/heimdal/lib/krb5/time.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: time.c,v 1.5 2001/05/02 10:06:11 joda Exp $");
-
-/*
- * return ``corrected'' time in `timeret'.
- */
-
-krb5_error_code
-krb5_timeofday (krb5_context context,
-		krb5_timestamp *timeret)
-{
-    *timeret = time(NULL) + context->kdc_sec_offset;
-    return 0;
-}
-
-/*
- * like gettimeofday but with time correction to the KDC
- */
-
-krb5_error_code
-krb5_us_timeofday (krb5_context context,
-		   int32_t *sec,
-		   int32_t *usec)
-{
-    struct timeval tv;
-
-    gettimeofday (&tv, NULL);
-
-    *sec  = tv.tv_sec + context->kdc_sec_offset;
-    *usec = tv.tv_usec;		/* XXX */
-    return 0;
-}
-
-krb5_error_code
-krb5_format_time(krb5_context context, time_t t, 
-		 char *s, size_t len, krb5_boolean include_time)
-{
-    struct tm *tm;
-    if(context->log_utc)
-	tm = gmtime (&t);
-    else
-	tm = localtime(&t);
-    strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm);
-    return 0;
-}
-
-krb5_error_code
-krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
-{
-    if((*deltat = parse_time(string, "s")) == -1)
-	return EINVAL;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
deleted file mode 100644
index c7732cb8bef1..000000000000
--- a/crypto/heimdal/lib/krb5/transited.c
+++ /dev/null
@@ -1,432 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: transited.c,v 1.10 2003/04/16 16:11:27 lha Exp $");
-
-/* this is an attempt at one of the most horrible `compression'
-   schemes that has ever been invented; it's so amazingly brain-dead
-   that words can not describe it, and all this just to save a few
-   silly bytes */
-
-struct tr_realm {
-    char *realm;
-    unsigned leading_space:1;
-    unsigned leading_slash:1;
-    unsigned trailing_dot:1;
-    struct tr_realm *next;
-};
-
-static void
-free_realms(struct tr_realm *r)
-{
-    struct tr_realm *p;
-    while(r){
-	p = r;
-	r = r->next;
-	free(p->realm);
-	free(p);
-    }	
-}
-
-static int
-make_path(krb5_context context, struct tr_realm *r,
-	  const char *from, const char *to)
-{
-    const char *p;
-    struct tr_realm *path = r->next;
-    struct tr_realm *tmp;
-
-    if(strlen(from) < strlen(to)){
-	const char *tmp;
-	tmp = from;
-	from = to;
-	to = tmp;
-    }
-	
-    if(strcmp(from + strlen(from) - strlen(to), to) == 0){
-	p = from;
-	while(1){
-	    p = strchr(p, '.');
-	    if(p == NULL) {
-		krb5_clear_error_string (context);
-		return KRB5KDC_ERR_POLICY;
-	    }
-	    p++;
-	    if(strcmp(p, to) == 0)
-		break;
-	    tmp = calloc(1, sizeof(*tmp));
-	    tmp->next = path;
-	    path = tmp;
-	    path->realm = strdup(p);
-	    if(path->realm == NULL){
-		r->next = path; /* XXX */
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;;
-	    }
-	}
-    }else if(strncmp(from, to, strlen(to)) == 0){
-	p = from + strlen(from);
-	while(1){
-	    while(p >= from && *p != '/') p--;
-	    if(p == from)
-		return KRB5KDC_ERR_POLICY;
-	    if(strncmp(to, from, p - from) == 0)
-		break;
-	    tmp = calloc(1, sizeof(*tmp));
-	    tmp->next = path;
-	    path = tmp;
-	    path->realm = malloc(p - from + 1);
-	    if(path->realm == NULL){
-		r->next = path; /* XXX */
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    memcpy(path->realm, from, p - from);
-	    path->realm[p - from] = '\0';
-	    p--;
-	}
-    } else {
-	krb5_clear_error_string (context);
-	return KRB5KDC_ERR_POLICY;
-    }
-    r->next = path;
-    
-    return 0;
-}
-
-static int
-make_paths(krb5_context context,
-	   struct tr_realm *realms, const char *client_realm, 
-	   const char *server_realm)
-{
-    struct tr_realm *r;
-    int ret;
-    const char *prev_realm = client_realm;
-    const char *next_realm = NULL;
-    for(r = realms; r; r = r->next){
-	/* it *might* be that you can have more than one empty
-	   component in a row, at least that's how I interpret the
-	   "," exception in 1510 */
-	if(r->realm[0] == '\0'){
-	    while(r->next && r->next->realm[0] == '\0')
-		r = r->next;
-	    if(r->next)
-		next_realm = r->next->realm;
-	    else
-		next_realm = server_realm;
-	    ret = make_path(context, r, prev_realm, next_realm);
-	    if(ret){
-		free_realms(realms);
-		return ret;
-	    }
-	}
-	prev_realm = r->realm;
-    }
-    return 0;
-}
-
-static int
-expand_realms(krb5_context context,
-	      struct tr_realm *realms, const char *client_realm)
-{
-    struct tr_realm *r;
-    const char *prev_realm = NULL;
-    for(r = realms; r; r = r->next){
-	if(r->trailing_dot){
-	    char *tmp;
-	    size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
-
-	    if(prev_realm == NULL)
-		prev_realm = client_realm;
-	    tmp = realloc(r->realm, len);
-	    if(tmp == NULL){
-		free_realms(realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    r->realm = tmp;
-	    strlcat(r->realm, prev_realm, len);
-	}else if(r->leading_slash && !r->leading_space && prev_realm){
-	    /* yet another exception: if you use x500-names, the
-               leading realm doesn't have to be "quoted" with a space */
-	    char *tmp;
-	    size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
-
-	    tmp = malloc(len);
-	    if(tmp == NULL){
-		free_realms(realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    strlcpy(tmp, prev_realm, len);
-	    strlcat(tmp, r->realm, len);
-	    free(r->realm);
-	    r->realm = tmp;
-	}
-	prev_realm = r->realm;
-    }
-    return 0;
-}
-
-static struct tr_realm *
-make_realm(char *realm)
-{
-    struct tr_realm *r;
-    char *p, *q;
-    int quote = 0;
-    r = calloc(1, sizeof(*r));
-    if(r == NULL){
-	free(realm);
-	return NULL;
-    }
-    r->realm = realm;
-    for(p = q = r->realm; *p; p++){
-	if(p == r->realm && *p == ' '){
-	    r->leading_space = 1;
-	    continue;
-	}
-	if(q == r->realm && *p == '/')
-	    r->leading_slash = 1;
-	if(quote){
-	    *q++ = *p;
-	    quote = 0;
-	    continue;
-	}
-	if(*p == '\\'){
-	    quote = 1;
-	    continue;
-	}
-	if(p[0] == '.' && p[1] == '\0')
-	    r->trailing_dot = 1;
-	*q++ = *p;
-    }
-    *q = '\0';
-    return r;
-}
-
-static struct tr_realm*
-append_realm(struct tr_realm *head, struct tr_realm *r)
-{
-    struct tr_realm *p;
-    if(head == NULL){
-	r->next = NULL;
-	return r;
-    }
-    p = head;
-    while(p->next) p = p->next;
-    p->next = r;
-    return head;
-}
-
-static int
-decode_realms(krb5_context context,
-	      const char *tr, int length, struct tr_realm **realms)
-{
-    struct tr_realm *r = NULL;
-
-    char *tmp;
-    int quote = 0;
-    const char *start = tr;
-    int i;
-
-    for(i = 0; i < length; i++){
-	if(quote){
-	    quote = 0;
-	    continue;
-	}
-	if(tr[i] == '\\'){
-	    quote = 1;
-	    continue;
-	}
-	if(tr[i] == ','){
-	    tmp = malloc(tr + i - start + 1);
-	    memcpy(tmp, start, tr + i - start);
-	    tmp[tr + i - start] = '\0';
-	    r = make_realm(tmp);
-	    if(r == NULL){
-		free_realms(*realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    *realms = append_realm(*realms, r);
-	    start = tr + i + 1;
-	}
-    }
-    tmp = malloc(tr + i - start + 1);
-    memcpy(tmp, start, tr + i - start);
-    tmp[tr + i - start] = '\0';
-    r = make_realm(tmp);
-    if(r == NULL){
-	free_realms(*realms);
-	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
-    }
-    *realms = append_realm(*realms, r);
-    
-    return 0;
-}
-
-
-krb5_error_code
-krb5_domain_x500_decode(krb5_context context,
-			krb5_data tr, char ***realms, int *num_realms, 
-			const char *client_realm, const char *server_realm)
-{
-    struct tr_realm *r = NULL;
-    struct tr_realm *p, **q;
-    int ret;
-    
-    /* split string in components */
-    ret = decode_realms(context, tr.data, tr.length, &r);
-    if(ret)
-	return ret;
-    
-    /* apply prefix rule */
-    ret = expand_realms(context, r, client_realm);
-    if(ret)
-	return ret;
-    
-    ret = make_paths(context, r, client_realm, server_realm);
-    if(ret)
-	return ret;
-    
-    /* remove empty components and count realms */
-    q = &r;
-    *num_realms = 0;
-    for(p = r; p; ){
-	if(p->realm[0] == '\0'){
-	    free(p->realm);
-	    *q = p->next;
-	    free(p);
-	    p = *q;
-	}else{
-	    q = &p->next;
-	    p = p->next;
-	    (*num_realms)++;
-	}
-    }
-    if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
-	return ERANGE;
-
-    {
-	char **R;
-	R = malloc((*num_realms + 1) * sizeof(*R));
-	if (R == NULL)
-	    return ENOMEM;
-	*realms = R;
-	while(r){
-	    *R++ = r->realm;
-	    p = r->next;
-	    free(r);
-	    r = p;
-	}
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
-{
-    char *s = NULL;
-    int len = 0;
-    int i;
-    for(i = 0; i < num_realms; i++){
-	len += strlen(realms[i]);
-	if(realms[i][0] == '/')
-	    len++;
-    }
-    len += num_realms - 1;
-    s = malloc(len + 1);
-    *s = '\0';
-    for(i = 0; i < num_realms; i++){
-	if(i && i < num_realms - 1)
-	    strlcat(s, ",", len + 1);
-	if(realms[i][0] == '/')
-	    strlcat(s, " ", len + 1);
-	strlcat(s, realms[i], len + 1);
-    }
-    encoding->data = s;
-    encoding->length = strlen(s);
-    return 0;
-}
-
-krb5_error_code
-krb5_check_transited_realms(krb5_context context,
-			    const char *const *realms, 
-			    int num_realms, 
-			    int *bad_realm)
-{
-    int i;
-    int ret = 0;
-    char **bad_realms = krb5_config_get_strings(context, NULL, 
-						"libdefaults", 
-						"transited_realms_reject", 
-						NULL);
-    if(bad_realms == NULL)
-	return 0;
-
-    for(i = 0; i < num_realms; i++) {
-	char **p;
-	for(p = bad_realms; *p; p++)
-	    if(strcmp(*p, realms[i]) == 0) {
-		krb5_set_error_string (context, "no transit through realm %s",
-				       *p);
-		ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
-		if(bad_realm)
-		    *bad_realm = i;
-		break;
-	    }
-    }
-    krb5_config_free_strings(bad_realms);
-    return ret;
-}
-
-#if 0
-int
-main(int argc, char **argv)
-{
-    krb5_data x;
-    char **r;
-    int num, i;
-    x.data = argv[1];
-    x.length = strlen(x.data);
-    if(domain_expand(x, &r, &num, argv[2], argv[3]))
-	exit(1);
-    for(i = 0; i < num; i++)
-	printf("%s\n", r[i]);
-    return 0;
-}
-#endif
-
diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c
deleted file mode 100644
index 243ac5fa433f..000000000000
--- a/crypto/heimdal/lib/krb5/verify_init.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: verify_init.c,v 1.17 2002/08/20 14:47:59 joda Exp $");
-
-void
-krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options)
-{
-    memset (options, 0, sizeof(*options));
-}
-
-void
-krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options,
-					     int ap_req_nofail)
-{
-    options->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
-    options->ap_req_nofail = ap_req_nofail;
-}
-
-/*
- *
- */
-
-static krb5_boolean
-fail_verify_is_ok (krb5_context context,
-		   krb5_verify_init_creds_opt *options)
-{
-    if ((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
-	 && options->ap_req_nofail != 0)
-	|| krb5_config_get_bool (context,
-				 NULL,
-				 "libdefaults",
-				 "verify_ap_req_nofail",
-				 NULL))
-	return FALSE;
-    else
-	return TRUE;
-}
-
-krb5_error_code
-krb5_verify_init_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_principal ap_req_server,
-		       krb5_keytab ap_req_keytab,
-		       krb5_ccache *ccache,
-		       krb5_verify_init_creds_opt *options)
-{
-    krb5_error_code ret;
-    krb5_data req;
-    krb5_ccache local_ccache = NULL;
-    krb5_keytab_entry entry;
-    krb5_creds *new_creds = NULL;
-    krb5_auth_context auth_context = NULL;
-    krb5_principal server = NULL;
-    krb5_keytab keytab = NULL;
-
-    krb5_data_zero (&req);
-    memset (&entry, 0, sizeof(entry));
-
-    if (ap_req_server == NULL) {
-	char local_hostname[MAXHOSTNAMELEN];
-
-	if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
-	    ret = errno;
-	    krb5_set_error_string (context, "gethostname: %s",
-				   strerror(ret));
-	    return ret;
-	}
-
-	ret = krb5_sname_to_principal (context,
-				       local_hostname,
-				       "host",
-				       KRB5_NT_SRV_HST,
-				       &server);
-	if (ret)
-	    goto cleanup;
-    } else
-	server = ap_req_server;
-
-    if (ap_req_keytab == NULL) {
-	ret = krb5_kt_default (context, &keytab);
-	if (ret)
-	    goto cleanup;
-    } else
-	keytab = ap_req_keytab;
-
-    if (ccache && *ccache)
-	local_ccache = *ccache;
-    else {
-	ret = krb5_cc_gen_new (context, &krb5_mcc_ops, &local_ccache);
-	if (ret)
-	    goto cleanup;
-	ret = krb5_cc_initialize (context,
-				  local_ccache,
-				  creds->client);
-	if (ret)
-	    goto cleanup;
-	ret = krb5_cc_store_cred (context,
-				  local_ccache,
-				  creds);
-	if (ret)
-	    goto cleanup;
-    }
-
-    if (!krb5_principal_compare (context, server, creds->server)) {
-	krb5_creds match_cred;
-
-	memset (&match_cred, 0, sizeof(match_cred));
-
-	match_cred.client = creds->client;
-	match_cred.server = server;
-
-	ret = krb5_get_credentials (context,
-				    0,
-				    local_ccache,
-				    &match_cred,
-				    &new_creds);
-	if (ret) {
-	    if (fail_verify_is_ok (context, options))
-		ret = 0;
-	    goto cleanup;
-	}
-	creds = new_creds;
-    }
-
-    ret = krb5_mk_req_extended (context,
-				&auth_context,
-				0,
-				NULL,
-				creds,
-				&req);
-    
-    krb5_auth_con_free (context, auth_context);
-    auth_context = NULL;
-
-    if (ret)
-	goto cleanup;
-
-    ret = krb5_rd_req (context,
-		       &auth_context,
-		       &req,
-		       server,
-		       keytab,
-		       0,
-		       NULL);
-
-    if (ret == KRB5_KT_NOTFOUND && fail_verify_is_ok (context, options))
-	ret = 0;
-cleanup:
-    if (auth_context)
-	krb5_auth_con_free (context, auth_context);
-    krb5_data_free (&req);
-    krb5_kt_free_entry (context, &entry);
-    if (new_creds != NULL)
-	krb5_free_creds (context, new_creds);
-    if (ap_req_server == NULL && server)
-	krb5_free_principal (context, server);
-    if (ap_req_keytab == NULL && keytab)
-	krb5_kt_close (context, keytab);
-    if (local_ccache != NULL
-	&&
-	(ccache == NULL
-	 || (ret != 0 && *ccache == NULL)))
-	krb5_cc_destroy (context, local_ccache);
-
-    if (ret == 0 && ccache != NULL && *ccache == NULL)
-	*ccache = local_ccache;
-
-    return ret;
-}
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
deleted file mode 100644
index 7d854bf7b49a..000000000000
--- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8
+++ /dev/null
@@ -1,64 +0,0 @@
-.\" $Id: verify_krb5_conf.8,v 1.7 2002/08/20 17:07:28 joda Exp $
-.\"
-.Dd August 30, 2001
-.Dt VERIFY_KRB5_CONF 8
-.Os HEIMDAL
-.Sh NAME
-.Nm verify_krb5_conf
-.Nd checks krb5.conf for obvious errors
-.Sh SYNOPSIS
-.Nm
-.Ar [config-file]
-.Sh DESCRIPTION
-.Nm
-reads the configuration file
-.Pa krb5.conf ,
-or the file given on the command line,
-and parses it, thereby verifying that the syntax is not correctly wrong.
-.Pp
-If the file is syntactically correct,
-.Nm
-tries to verify that the contents of the file is of relevant nature.
-.Sh DIAGNOSTICS
-Possible output from
-.Nm
-include:
-.Bl -tag -width "<path>"
-.It "<path>: failed to parse <something> as size/time/number/boolean"
-Usually means that <something> is misspelled, or that it contains
-weird characters. The parsing done by
-.Nm
-is more strict than the one performed by libkrb5, and so strings that
-work in real life, might be reported as bad.
-.It "<path>: host not found (<hostname>)"
-Means that <path> is supposed to point to a host, but it can't be
-recognised as one.
-.It <path>: unknown or wrong type
-Means that <path> is either is a string when it should be a list, vice
-versa, or just that
-.Nm
-is confused.
-.It <path>: unknown entry
-Means that <string> is not known by
-.Nm "" .
-.El
-.Sh ENVIRONMENT
-.Ev KRB5_CONFIG
-points to the configuration file to read.
-.Sh FILES
-.Bl -tag -width /etc/krb5.conf -compact
-.It Pa /etc/krb5.conf
-Kerberos 5 configuration file
-.El
-.Sh SEE ALSO
-.Xr krb5.conf 5
-.Sh BUGS
-Since each application can put almost anything in the config file,
-it's hard to come up with a water tight verification process. Most of
-the default settings are sanity checked, but this does not mean that
-every problem is discovered, or that everything that is reported as a
-possible problem actually is one. This tool should thus be used with
-some care.
-.Pp
-It should warn about obsolete data, or bad practice, but currently
-doesn't.
diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c
deleted file mode 100644
index 1cd571b23d01..000000000000
--- a/crypto/heimdal/lib/krb5/verify_user.c
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: verify_user.c,v 1.17 2002/08/20 14:48:31 joda Exp $");
-
-static krb5_error_code
-verify_common (krb5_context context,
-	       krb5_principal principal,
-	       krb5_ccache ccache,
-	       krb5_keytab keytab,
-	       krb5_boolean secure,
-	       const char *service,
-	       krb5_creds cred)
-{
-    krb5_error_code ret;
-    krb5_principal server;
-    krb5_verify_init_creds_opt vopt;
-    krb5_ccache id;
-
-    ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
-				   &server);
-    if(ret)
-	return ret;
-
-    krb5_verify_init_creds_opt_init(&vopt);
-    krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
-
-    ret = krb5_verify_init_creds(context,
-				 &cred,
-				 server,
-				 keytab,
-				 NULL,
-				 &vopt);
-    krb5_free_principal(context, server);
-    if(ret)
-	return ret;
-    if(ccache == NULL)
-	ret = krb5_cc_default (context, &id);
-    else
-	id = ccache;
-    if(ret == 0){
-	ret = krb5_cc_initialize(context, id, principal);
-	if(ret == 0){
-	    ret = krb5_cc_store_cred(context, id, &cred);
-	}
-	if(ccache == NULL)
-	    krb5_cc_close(context, id);
-    }
-    krb5_free_creds_contents(context, &cred);
-    return ret;
-}
-
-/*
- * Verify user `principal' with `password'.
- *
- * If `secure', also verify against local service key for `service'.
- *
- * As a side effect, fresh tickets are obtained and stored in `ccache'.
- */
-
-void
-krb5_verify_opt_init(krb5_verify_opt *opt)
-{
-    memset(opt, 0, sizeof(*opt));
-    opt->secure = TRUE;
-    opt->service = "host";
-}
-
-void
-krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache)
-{
-    opt->ccache = ccache;
-}
-
-void
-krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab)
-{
-    opt->keytab = keytab;
-}
-
-void
-krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure)
-{
-    opt->secure = secure;
-}
-
-void
-krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service)
-{
-    opt->service = service;
-}
-
-void
-krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags)
-{
-    opt->flags |= flags;
-}
-
-static krb5_error_code
-verify_user_opt_int(krb5_context context,
-		    krb5_principal principal,
-		    const char *password,
-		    krb5_verify_opt *vopt)
-
-{
-    krb5_error_code ret;
-    krb5_get_init_creds_opt opt;
-    krb5_creds cred;
-
-    krb5_get_init_creds_opt_init (&opt);
-    krb5_get_init_creds_opt_set_default_flags(context, NULL, 
-					      *krb5_princ_realm(context, principal), 
-					      &opt);
-    ret = krb5_get_init_creds_password (context,
-					&cred,
-					principal,
-					password,
-					krb5_prompter_posix,
-					NULL,
-					0,
-					NULL,
-					&opt);
-    if(ret)
-	return ret;
-#define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D))
-    return verify_common (context, principal, OPT(ccache, NULL), 
-			  OPT(keytab, NULL), vopt ? vopt->secure : TRUE, 
-			  OPT(service, "host"), cred);
-#undef OPT
-}
-
-krb5_error_code
-krb5_verify_user_opt(krb5_context context,
-		     krb5_principal principal,
-		     const char *password,
-		     krb5_verify_opt *opt)
-{
-    krb5_error_code ret;
-
-    if(opt && (opt->flags & KRB5_VERIFY_LREALMS)) {
-	krb5_realm *realms, *r;
-	ret = krb5_get_default_realms (context, &realms);
-	if (ret)
-	    return ret;
-	ret = KRB5_CONFIG_NODEFREALM;
-	
-	for (r = realms; *r != NULL && ret != 0; ++r) {
-	    char *tmp = strdup (*r);
-	    
-	    if (tmp == NULL) {
-		krb5_free_host_realm (context, realms);
-		krb5_set_error_string (context, "malloc: out of memory");
-		return ENOMEM;
-	    }
-	    free (*krb5_princ_realm (context, principal));
-	    krb5_princ_set_realm (context, principal, &tmp);
-	    
-	    ret = verify_user_opt_int(context, principal, password, opt);
-	}
-	krb5_free_host_realm (context, realms);
-	if(ret)
-	    return ret;
-    } else
-	ret = verify_user_opt_int(context, principal, password, opt);
-    return ret;
-}
-
-/* compat function that calls above */
-
-krb5_error_code
-krb5_verify_user(krb5_context context, 
-		 krb5_principal principal,
-		 krb5_ccache ccache,
-		 const char *password,
-		 krb5_boolean secure,
-		 const char *service)
-{
-    krb5_verify_opt opt;
-    
-    krb5_verify_opt_init(&opt);
-    
-    krb5_verify_opt_set_ccache(&opt, ccache);
-    krb5_verify_opt_set_secure(&opt, secure);
-    krb5_verify_opt_set_service(&opt, service);
-    
-    return krb5_verify_user_opt(context, principal, password, &opt);
-}
-
-/*
- * A variant of `krb5_verify_user'.  The realm of `principal' is
- * ignored and all the local realms are tried.
- */
-
-krb5_error_code
-krb5_verify_user_lrealm(krb5_context context, 
-			krb5_principal principal,
-			krb5_ccache ccache,
-			const char *password,
-			krb5_boolean secure,
-			const char *service)
-{
-    krb5_verify_opt opt;
-    
-    krb5_verify_opt_init(&opt);
-    
-    krb5_verify_opt_set_ccache(&opt, ccache);
-    krb5_verify_opt_set_secure(&opt, secure);
-    krb5_verify_opt_set_service(&opt, service);
-    krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS);
-    
-    return krb5_verify_user_opt(context, principal, password, &opt);
-}
diff --git a/crypto/heimdal/lib/krb5/version.c b/crypto/heimdal/lib/krb5/version.c
deleted file mode 100644
index 5f0fd6680bf5..000000000000
--- a/crypto/heimdal/lib/krb5/version.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: version.c,v 1.3 1999/12/02 17:05:13 joda Exp $");
-
-/* this is just to get a version stamp in the library file */
-
-#define heimdal_version __heimdal_version
-#define heimdal_long_version __heimdal_long_version
-#include "version.h"
-
diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c
deleted file mode 100644
index 72398bf4605e..000000000000
--- a/crypto/heimdal/lib/krb5/warn.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-#include <err.h>
-
-RCSID("$Id: warn.c,v 1.14 2003/04/16 16:13:08 lha Exp $");
-
-static krb5_error_code _warnerr(krb5_context context, int do_errtext, 
-	 krb5_error_code code, int level, const char *fmt, va_list ap)
-	__attribute__((__format__(__printf__, 5, 0)));
-	
-static krb5_error_code
-_warnerr(krb5_context context, int do_errtext, 
-	 krb5_error_code code, int level, const char *fmt, va_list ap)
-{
-    char xfmt[7] = "";
-    const char *args[2], **arg;
-    char *msg = NULL;
-    char *err_str = NULL;
-    
-    args[0] = args[1] = NULL;
-    arg = args;
-    if(fmt){
-	strlcat(xfmt, "%s", sizeof(xfmt));
-	if(do_errtext)
-	    strlcat(xfmt, ": ", sizeof(xfmt));
-	vasprintf(&msg, fmt, ap);
-	if(msg == NULL)
-	    return ENOMEM;
-	*arg++ = msg;
-    }
-    if(context && do_errtext){
-	const char *err_msg;
-
-	strlcat(xfmt, "%s", sizeof(xfmt));
-
-	err_str = krb5_get_error_string(context);
-	if (err_str != NULL) {
-	    *arg++ = err_str;
-	} else {
-	    err_msg = krb5_get_err_text(context, code);
-	    if (err_msg)
-		*arg++ = err_msg;
-	    else
-		*arg++ = "<unknown error>";
-	}
-    }
-	
-    if(context && context->warn_dest)
-	krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]);
-    else
-	warnx(xfmt, args[0], args[1]);
-    free(msg);
-    free(err_str);
-    return 0;
-}
-
-#define FUNC(ETEXT, CODE, LEVEL)					\
-    krb5_error_code ret;						\
-    va_list ap;								\
-    va_start(ap, fmt);							\
-    ret = _warnerr(context, ETEXT, CODE, LEVEL, fmt, ap); 		\
-    va_end(ap);
-
-#undef __attribute__
-#define __attribute__(X)
-
-krb5_error_code
-krb5_vwarn(krb5_context context, krb5_error_code code, 
-	   const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 3, 0)))
-{
-    return _warnerr(context, 1, code, 1, fmt, ap);
-}
-
-
-krb5_error_code
-krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
-     __attribute__ ((format (printf, 3, 4)))
-{
-    FUNC(1, code, 1);
-    return ret;
-}
-
-krb5_error_code
-krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 2, 0)))
-{
-    return _warnerr(context, 0, 0, 1, fmt, ap);
-}
-
-krb5_error_code
-krb5_warnx(krb5_context context, const char *fmt, ...)
-     __attribute__ ((format (printf, 2, 3)))
-{
-    FUNC(0, 0, 1);
-    return ret;
-}
-
-krb5_error_code
-krb5_verr(krb5_context context, int eval, krb5_error_code code, 
-	  const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 4, 0)))
-{
-    _warnerr(context, 1, code, 0, fmt, ap);
-    exit(eval);
-}
-
-
-krb5_error_code
-krb5_err(krb5_context context, int eval, krb5_error_code code, 
-	 const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 4, 5)))
-{
-    FUNC(1, code, 0);
-    exit(eval);
-}
-
-krb5_error_code
-krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 3, 0)))
-{
-    _warnerr(context, 0, 0, 0, fmt, ap);
-    exit(eval);
-}
-
-krb5_error_code
-krb5_errx(krb5_context context, int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 3, 4)))
-{
-    FUNC(0, 0, 0);
-    exit(eval);
-}
-
-krb5_error_code
-krb5_vabort(krb5_context context, krb5_error_code code, 
-	    const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 3, 0)))
-{
-    _warnerr(context, 1, code, 0, fmt, ap);
-    abort();
-}
-
-
-krb5_error_code
-krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 3, 4)))
-{
-    FUNC(1, code, 0);
-    abort();
-}
-
-krb5_error_code
-krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)))
-{
-    _warnerr(context, 0, 0, 0, fmt, ap);
-    abort();
-}
-
-krb5_error_code
-krb5_abortx(krb5_context context, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)))
-{
-    FUNC(0, 0, 0);
-    abort();
-}
-
-krb5_error_code
-krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
-{
-    context->warn_dest = fac;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c
deleted file mode 100644
index 3e23a3aaa951..000000000000
--- a/crypto/heimdal/lib/krb5/write_message.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: write_message.c,v 1.8 2001/07/02 18:43:06 joda Exp $");
-
-krb5_error_code
-krb5_write_message (krb5_context context,
-		    krb5_pointer p_fd,
-		    krb5_data *data)
-{
-    u_int32_t len;
-    u_int8_t buf[4];
-    int ret;
-
-    len = data->length;
-    _krb5_put_int(buf, len, 4);
-    if (krb5_net_write (context, p_fd, buf, 4) != 4
-	|| krb5_net_write (context, p_fd, data->data, len) != len) {
-	ret = errno;
-	krb5_set_error_string (context, "write: %s", strerror(ret));
-	return ret;
-    }
-    return 0;
-}
-
-krb5_error_code
-krb5_write_priv_message(krb5_context context,
-			krb5_auth_context ac,
-			krb5_pointer p_fd,
-			krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-
-    ret = krb5_mk_priv (context, ac, data, &packet, NULL);
-    if(ret)
-	return ret;
-    ret = krb5_write_message(context, p_fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
-
-krb5_error_code
-krb5_write_safe_message(krb5_context context,
-			krb5_auth_context ac,
-			krb5_pointer p_fd,
-			krb5_data *data)
-{
-    krb5_error_code ret;
-    krb5_data packet;
-    ret = krb5_mk_safe (context, ac, data, &packet, NULL);
-    if(ret)
-	return ret;
-    ret = krb5_write_message(context, p_fd, &packet);
-    krb5_data_free(&packet);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/otp/ChangeLog b/crypto/heimdal/lib/otp/ChangeLog
deleted file mode 100644
index b9d36eff6d6c..000000000000
--- a/crypto/heimdal/lib/otp/ChangeLog
+++ /dev/null
@@ -1,85 +0,0 @@
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* otp_db.c: fix ndbm test
-
-2002-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: add hooks for ndbm_wrap
-
-	* otp_db.c: use ndbm_wrap
-
-2001-07-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add required library dependencies
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libotp_la_LDFLAGS): bump version to 1:2:1
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* otp_md.c: update to new md4/md5/sha API
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (INCLUDES): add krb4 includes here, which are
-	somewhat bogusly used when linking against libdes supplied by krb4
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 1:1:1
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	*  const-ify
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: update version to 1:0:1
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* otp_md.c: update to pseudo-standard APIs for md4,md5,sha.
-	* otp_md.c: start using the pseudo-standard APIs for the hash
-	functions
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 0:1:0
-
-Fri Mar 19 14:52:48 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 11:24:19 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Mar 13 22:27:10 1999  Assar Westerlund  <assar@sics.se>
-
-	* otp_parse.c: unsigned-ify
-
-Sun Nov 22 10:44:16 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-Mon May 25 05:27:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-Sat May 23 20:54:28 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: link with DBLIB
-
-Sun Apr 19 09:59:46 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sat Feb  7 07:27:18 1998  Assar Westerlund  <assar@sics.se>
-
-	* otp_db.c (otp_put): make sure we don't overrun `buf'
-
-Sun Nov  9 07:14:59 1997  Assar Westerlund  <assar@sics.se>
-
-	* otp_locl.h: use xdbm.h
-
diff --git a/crypto/heimdal/lib/otp/Makefile b/crypto/heimdal/lib/otp/Makefile
deleted file mode 100644
index d65608668f69..000000000000
--- a/crypto/heimdal/lib/otp/Makefile
+++ /dev/null
@@ -1,682 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/otp/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.22 2002/08/13 14:02:54 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des) $(ROKEN_RENAME)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_PROGRAMS = otptest
-
-check_PROGRAMS = otptest
-
-otptest_LDADD = libotp.la
-
-include_HEADERS = otp.h
-
-lib_LTLIBRARIES = libotp.la
-libotp_la_LDFLAGS = -version-info 1:3:1
-libotp_la_LIBADD = $(LIB_des) $(LIB_roken) $(LIB_NDBM)
-
-#ndbm_wrap = ndbm_wrap.c ndbm_wrap.h
-ndbm_wrap = 
-
-libotp_la_SOURCES = \
-	otp.c \
-	otp_challenge.c \
-	otp_db.c \
-	otp_md.c \
-	otp_parse.c \
-	otp_print.c \
-	otp_verify.c \
-	otp_locl.h \
-	otp_md.h \
-	roken_rename.h \
-	$(ndbm_wrap) \
-	$(ROKEN_SRCS)
-
-
-ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c
-subdir = lib/otp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libotp_la_DEPENDENCIES =
-#am__objects_1 = ndbm_wrap.lo
-am__objects_1 =
-am__objects_2 = snprintf.lo strcasecmp.lo \
-	strncasecmp.lo strlwr.lo
-am_libotp_la_OBJECTS = otp.lo otp_challenge.lo otp_db.lo otp_md.lo \
-	otp_parse.lo otp_print.lo otp_verify.lo $(am__objects_1) \
-	$(am__objects_2)
-libotp_la_OBJECTS = $(am_libotp_la_OBJECTS)
-check_PROGRAMS = otptest$(EXEEXT)
-noinst_PROGRAMS = otptest$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-otptest_SOURCES = otptest.c
-otptest_OBJECTS = otptest.$(OBJEXT)
-otptest_DEPENDENCIES = libotp.la
-otptest_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libotp_la_SOURCES) otptest.c
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libotp_la_SOURCES) otptest.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/otp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libotp.la: $(libotp_la_OBJECTS) $(libotp_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libotp_la_LDFLAGS) $(libotp_la_OBJECTS) $(libotp_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-otptest$(EXEEXT): $(otptest_OBJECTS) $(otptest_DEPENDENCIES) 
-	@rm -f otptest$(EXEEXT)
-	$(LINK) $(otptest_LDFLAGS) $(otptest_OBJECTS) $(otptest_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(libotp_la_OBJECTS): $(ndbm_wrap)
-
-ndbm_wrap.c:
-	$(LN_S) $(srcdir)/../roken/ndbm_wrap.c .
-ndbm_wrap.h:
-	(echo '#define dbm_rename(X) __otp_ ## X'; cat $(srcdir)/../roken/ndbm_wrap.h) > ndbm_wrap.h
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strcasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strcasecmp.c .
-strncasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strncasecmp.c .
-strlwr.c:
-	$(LN_S) $(srcdir)/../roken/strlwr.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/otp/Makefile.am b/crypto/heimdal/lib/otp/Makefile.am
deleted file mode 100644
index 8e2425158195..000000000000
--- a/crypto/heimdal/lib/otp/Makefile.am
+++ /dev/null
@@ -1,58 +0,0 @@
-# $Id: Makefile.am,v 1.22 2002/08/13 14:02:54 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-INCLUDES += $(INCLUDE_des) $(ROKEN_RENAME)
-
-noinst_PROGRAMS = otptest
-
-check_PROGRAMS = otptest
-
-otptest_LDADD = libotp.la
-
-include_HEADERS = otp.h
-
-lib_LTLIBRARIES = libotp.la
-libotp_la_LDFLAGS = -version-info 1:3:1
-libotp_la_LIBADD  = $(LIB_des) $(LIB_roken) $(LIB_NDBM)
-
-if HAVE_DB3
-ndbm_wrap = ndbm_wrap.c ndbm_wrap.h
-else
-ndbm_wrap =
-endif
-
-libotp_la_SOURCES = \
-	otp.c \
-	otp_challenge.c \
-	otp_db.c \
-	otp_md.c \
-	otp_parse.c \
-	otp_print.c \
-	otp_verify.c \
-	otp_locl.h \
-	otp_md.h \
-	roken_rename.h \
-	$(ndbm_wrap) \
-	$(ROKEN_SRCS)
-
-if do_roken_rename
-ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c
-endif
-
-$(libotp_la_OBJECTS): $(ndbm_wrap)
-
-ndbm_wrap.c:
-	$(LN_S) $(srcdir)/../roken/ndbm_wrap.c .
-ndbm_wrap.h:
-	(echo '#define dbm_rename(X) __otp_ ## X'; cat $(srcdir)/../roken/ndbm_wrap.h) > ndbm_wrap.h
-
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strcasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strcasecmp.c .
-strncasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strncasecmp.c .
-strlwr.c:
-	$(LN_S) $(srcdir)/../roken/strlwr.c .
diff --git a/crypto/heimdal/lib/otp/Makefile.in b/crypto/heimdal/lib/otp/Makefile.in
deleted file mode 100644
index 60278b51d92f..000000000000
--- a/crypto/heimdal/lib/otp/Makefile.in
+++ /dev/null
@@ -1,682 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.22 2002/08/13 14:02:54 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_des) $(ROKEN_RENAME)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-noinst_PROGRAMS = otptest
-
-check_PROGRAMS = otptest
-
-otptest_LDADD = libotp.la
-
-include_HEADERS = otp.h
-
-lib_LTLIBRARIES = libotp.la
-libotp_la_LDFLAGS = -version-info 1:3:1
-libotp_la_LIBADD = $(LIB_des) $(LIB_roken) $(LIB_NDBM)
-
-@HAVE_DB3_TRUE@ndbm_wrap = ndbm_wrap.c ndbm_wrap.h
-@HAVE_DB3_FALSE@ndbm_wrap = 
-
-libotp_la_SOURCES = \
-	otp.c \
-	otp_challenge.c \
-	otp_db.c \
-	otp_md.c \
-	otp_parse.c \
-	otp_print.c \
-	otp_verify.c \
-	otp_locl.h \
-	otp_md.h \
-	roken_rename.h \
-	$(ndbm_wrap) \
-	$(ROKEN_SRCS)
-
-
-@do_roken_rename_TRUE@ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c
-subdir = lib/otp
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libotp_la_DEPENDENCIES =
-@HAVE_DB3_TRUE@am__objects_1 = ndbm_wrap.lo
-@HAVE_DB3_FALSE@am__objects_1 =
-@do_roken_rename_TRUE@am__objects_2 = snprintf.lo strcasecmp.lo \
-@do_roken_rename_TRUE@	strncasecmp.lo strlwr.lo
-am_libotp_la_OBJECTS = otp.lo otp_challenge.lo otp_db.lo otp_md.lo \
-	otp_parse.lo otp_print.lo otp_verify.lo $(am__objects_1) \
-	$(am__objects_2)
-libotp_la_OBJECTS = $(am_libotp_la_OBJECTS)
-check_PROGRAMS = otptest$(EXEEXT)
-noinst_PROGRAMS = otptest$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-otptest_SOURCES = otptest.c
-otptest_OBJECTS = otptest.$(OBJEXT)
-otptest_DEPENDENCIES = libotp.la
-otptest_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libotp_la_SOURCES) otptest.c
-HEADERS = $(include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in
-SOURCES = $(libotp_la_SOURCES) otptest.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/otp/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libotp.la: $(libotp_la_OBJECTS) $(libotp_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libotp_la_LDFLAGS) $(libotp_la_OBJECTS) $(libotp_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-otptest$(EXEEXT): $(otptest_OBJECTS) $(otptest_DEPENDENCIES) 
-	@rm -f otptest$(EXEEXT)
-	$(LINK) $(otptest_LDFLAGS) $(otptest_OBJECTS) $(otptest_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(libotp_la_OBJECTS): $(ndbm_wrap)
-
-ndbm_wrap.c:
-	$(LN_S) $(srcdir)/../roken/ndbm_wrap.c .
-ndbm_wrap.h:
-	(echo '#define dbm_rename(X) __otp_ ## X'; cat $(srcdir)/../roken/ndbm_wrap.h) > ndbm_wrap.h
-
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strcasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strcasecmp.c .
-strncasecmp.c:
-	$(LN_S) $(srcdir)/../roken/strncasecmp.c .
-strlwr.c:
-	$(LN_S) $(srcdir)/../roken/strlwr.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/otp/otp.c b/crypto/heimdal/lib/otp/otp.c
deleted file mode 100644
index 746f3cb53a28..000000000000
--- a/crypto/heimdal/lib/otp/otp.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp.c,v 1.8 2000/07/12 00:26:43 assar Exp $");
-#endif
-
-#include "otp_locl.h"
-#include "otp_md.h"
-
-static OtpAlgorithm algorithms[] = {
-  {OTP_ALG_MD4, "md4", 16, otp_md4_hash, otp_md4_init, otp_md4_next},
-  {OTP_ALG_MD5, "md5", 16, otp_md5_hash, otp_md5_init, otp_md5_next},
-  {OTP_ALG_SHA, "sha", 20, otp_sha_hash, otp_sha_init, otp_sha_next}
-};
-
-OtpAlgorithm *
-otp_find_alg (char *name)
-{
-  int i;
-
-  for (i = 0; i < sizeof(algorithms)/sizeof(*algorithms); ++i)
-    if (strcmp (name, algorithms[i].name) == 0)
-      return &algorithms[i];
-  return NULL;
-}
-
-char *
-otp_error (OtpContext *o)
-{
-  return o->err;
-}
diff --git a/crypto/heimdal/lib/otp/otp.h b/crypto/heimdal/lib/otp/otp.h
deleted file mode 100644
index e813458f629f..000000000000
--- a/crypto/heimdal/lib/otp/otp.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: otp.h,v 1.19 2000/07/12 00:26:43 assar Exp $ */
-
-#ifndef _OTP_H
-#define _OTP_H
-
-#include <stdlib.h>
-#include <time.h>
-
-enum {OTPKEYSIZE = 8};
-
-typedef unsigned char OtpKey[OTPKEYSIZE];
-
-#define OTP_MIN_PASSPHRASE 10
-#define OTP_MAX_PASSPHRASE 63
-
-#define OTP_USER_TIMEOUT   120
-#define OTP_DB_TIMEOUT      60
-
-#define OTP_HEXPREFIX "hex:"
-#define OTP_WORDPREFIX "word:"
-
-typedef enum { OTP_ALG_MD4, OTP_ALG_MD5, OTP_ALG_SHA } OtpAlgID;
-
-#define OTP_ALG_DEFAULT "md5"
-
-typedef struct {
-  OtpAlgID id;
-  char *name;
-  int hashsize;
-  int (*hash)(const char *s, size_t len, unsigned char *res);
-  int (*init)(OtpKey key, const char *pwd, const char *seed);
-  int (*next)(OtpKey key);
-} OtpAlgorithm;
-
-typedef struct {
-  char *user;
-  OtpAlgorithm *alg;
-  unsigned n;
-  char seed[17];
-  OtpKey key;
-  int challengep;
-  time_t lock_time;
-  char *err;
-} OtpContext;
-
-OtpAlgorithm *otp_find_alg (char *name);
-void otp_print_stddict (OtpKey key, char *str, size_t sz);
-void otp_print_hex (OtpKey key, char *str, size_t sz);
-void otp_print_stddict_extended (OtpKey key, char *str, size_t sz);
-void otp_print_hex_extended (OtpKey key, char *str, size_t sz);
-unsigned otp_checksum (OtpKey key);
-int otp_parse_hex (OtpKey key, const char *);
-int otp_parse_stddict (OtpKey key, const char *);
-int otp_parse_altdict (OtpKey key, const char *, OtpAlgorithm *);
-int otp_parse (OtpKey key, const char *, OtpAlgorithm *);
-int otp_challenge (OtpContext *ctx, char *user, char *str, size_t len);
-int otp_verify_user (OtpContext *ctx, const char *passwd);
-int otp_verify_user_1 (OtpContext *ctx, const char *passwd);
-char *otp_error (OtpContext *ctx);
-
-void *otp_db_open (void);
-void otp_db_close (void *);
-int otp_put (void *, OtpContext *ctx);
-int otp_get (void *, OtpContext *ctx);
-int otp_simple_get (void *, OtpContext *ctx);
-int otp_delete (void *, OtpContext *ctx);
-
-#endif /* _OTP_H */
diff --git a/crypto/heimdal/lib/otp/otp_challenge.c b/crypto/heimdal/lib/otp/otp_challenge.c
deleted file mode 100644
index 3507c4fe220f..000000000000
--- a/crypto/heimdal/lib/otp/otp_challenge.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp_challenge.c,v 1.10 1999/12/02 16:58:44 joda Exp $");
-#endif
-
-#include "otp_locl.h"
-
-int
-otp_challenge (OtpContext *ctx, char *user, char *str, size_t len)
-{
-  void *dbm;
-  int ret;
-
-  ctx->challengep = 0;
-  ctx->err = NULL;
-  ctx->user = malloc(strlen(user) + 1);
-  if (ctx->user == NULL) {
-    ctx->err = "Out of memory";
-    return -1;
-  }
-  strcpy(ctx->user, user);
-  dbm = otp_db_open ();
-  if (dbm == NULL) {
-    ctx->err = "Cannot open database";
-    return -1;
-  }
-  ret = otp_get (dbm, ctx);
-  otp_db_close (dbm);
-  if (ret)
-    return ret;
-  snprintf (str, len,
-	    "[ otp-%s %u %s ]",
-	    ctx->alg->name, ctx->n-1, ctx->seed);
-  ctx->challengep = 1;
-  return 0;
-}
diff --git a/crypto/heimdal/lib/otp/otp_db.c b/crypto/heimdal/lib/otp/otp_db.c
deleted file mode 100644
index d6f71fe4a6a0..000000000000
--- a/crypto/heimdal/lib/otp/otp_db.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp_db.c,v 1.19 2002/05/19 22:11:03 joda Exp $");
-#endif
-
-#include "otp_locl.h"
-
-#if !defined(HAVE_NDBM) && !defined(HAVE_DB_NDBM)
-#include "ndbm_wrap.h"
-#endif
-
-#define RETRIES 5
-
-void *
-otp_db_open (void)
-{
-  int lock;
-  int i;
-  void *ret;
-
-  for(i = 0; i < RETRIES; ++i) {
-    struct stat statbuf;
-
-    lock = open (OTP_DB_LOCK, O_WRONLY | O_CREAT | O_EXCL, 0666);
-    if (lock >= 0) {
-      close(lock);
-      break;
-    }
-    if (stat (OTP_DB_LOCK, &statbuf) == 0) {
-      if (time(NULL) - statbuf.st_mtime > OTP_DB_TIMEOUT)
-	unlink (OTP_DB_LOCK);
-      else
-	sleep (1);
-    }
-  }
-  if (i == RETRIES)
-    return NULL;
-  ret = dbm_open (OTP_DB, O_RDWR | O_CREAT, 0600);
-  if (ret == NULL)
-    unlink (OTP_DB_LOCK);
-  return ret;
-}
-
-void
-otp_db_close (void *dbm)
-{
-  dbm_close ((DBM *)dbm);
-  unlink (OTP_DB_LOCK);
-}
-
-/*
- * Remove this entry from the database.
- * return 0 if ok.
- */
-
-int 
-otp_delete (void *v, OtpContext *ctx)
-{
-  DBM *dbm = (DBM *)v;
-  datum key;
-
-  key.dsize = strlen(ctx->user);
-  key.dptr  = ctx->user;
- 
-  return dbm_delete(dbm, key);
-}
-
-/*
- * Read this entry from the database and lock it if lockp.
- */
-
-static int
-otp_get_internal (void *v, OtpContext *ctx, int lockp)
-{
-  DBM *dbm = (DBM *)v;
-  datum dat, key;
-  char *p;
-  time_t now, then;
-
-  key.dsize = strlen(ctx->user);
-  key.dptr  = ctx->user;
-
-  dat = dbm_fetch (dbm, key);
-  if (dat.dptr == NULL) {
-    ctx->err = "Entry not found";
-    return -1;
-  }
-  p = dat.dptr;
-
-  memcpy (&then, p, sizeof(then));
-  ctx->lock_time = then;
-  if (lockp) {
-    time(&now);
-    if (then && now - then < OTP_USER_TIMEOUT) {
-      ctx->err = "Entry locked";
-      return -1;
-    }
-    memcpy (p, &now, sizeof(now));
-  }
-  p += sizeof(now);
-  ctx->alg = otp_find_alg (p);
-  if (ctx->alg == NULL) {
-    ctx->err = "Bad algorithm";
-    return -1;
-  }
-  p += strlen(p) + 1;
-  {
-    unsigned char *up = (unsigned char *)p;
-    ctx->n = (up[0] << 24) | (up[1] << 16) | (up[2] << 8) | up[3];
-  }
-  p += 4;
-  memcpy (ctx->key, p, OTPKEYSIZE);
-  p += OTPKEYSIZE;
-  strlcpy (ctx->seed, p, sizeof(ctx->seed));
-  if (lockp)
-    return dbm_store (dbm, key, dat, DBM_REPLACE);
-  else
-    return 0;
-}
-
-/*
- * Get and lock.
- */
-
-int
-otp_get (void *v, OtpContext *ctx)
-{
-  return otp_get_internal (v, ctx, 1);
-}
-
-/*
- * Get and don't lock.
- */
-
-int
-otp_simple_get (void *v, OtpContext *ctx)
-{
-  return otp_get_internal (v, ctx, 0);
-}
-
-/*
- * Write this entry to the database.
- */
-
-int
-otp_put (void *v, OtpContext *ctx)
-{
-  DBM *dbm = (DBM *)v;
-  datum dat, key;
-  char buf[1024], *p;
-  time_t zero = 0;
-  size_t len, rem;
-
-  key.dsize = strlen(ctx->user);
-  key.dptr  = ctx->user;
-
-  p = buf;
-  rem = sizeof(buf);
-
-  if (rem < sizeof(zero))
-      return -1;
-  memcpy (p, &zero, sizeof(zero));
-  p += sizeof(zero);
-  rem -= sizeof(zero);
-  len = strlen(ctx->alg->name) + 1;
-
-  if (rem < len)
-      return -1;
-  strcpy (p, ctx->alg->name);
-  p += len;
-  rem -= len;
-
-  if (rem < 4)
-      return -1;
-  {
-    unsigned char *up = (unsigned char *)p;
-    *up++ = (ctx->n >> 24) & 0xFF;
-    *up++ = (ctx->n >> 16) & 0xFF;
-    *up++ = (ctx->n >>  8) & 0xFF;
-    *up++ = (ctx->n >>  0) & 0xFF;
-  }
-  p += 4;
-  rem -= 4;
-
-  if (rem < OTPKEYSIZE)
-      return -1;
-  memcpy (p, ctx->key, OTPKEYSIZE);
-  p += OTPKEYSIZE;
-  rem -= OTPKEYSIZE;
-
-  len = strlen(ctx->seed) + 1;
-  if (rem < len)
-      return -1;
-  strcpy (p, ctx->seed);
-  p += len;
-  rem -= len;
-  dat.dptr  = buf;
-  dat.dsize = p - buf;
-  return dbm_store (dbm, key, dat, DBM_REPLACE);
-}
diff --git a/crypto/heimdal/lib/otp/otp_locl.h b/crypto/heimdal/lib/otp/otp_locl.h
deleted file mode 100644
index 18c92845665c..000000000000
--- a/crypto/heimdal/lib/otp/otp_locl.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: otp_locl.h,v 1.12 2002/08/12 15:09:20 joda Exp $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <time.h>
-#include <errno.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_IO_H
-#include <io.h>
-#endif
-
-#include <roken.h>
-
-#include <otp.h>
-
-#include <xdbm.h>
-
-#define OTPKEYS "/.otpkeys"
-
-#define OTP_DB		SYSCONFDIR "/otp"
-#define OTP_DB_LOCK	SYSCONFDIR "/otp-lock"
diff --git a/crypto/heimdal/lib/otp/otp_md.c b/crypto/heimdal/lib/otp/otp_md.c
deleted file mode 100644
index 3b491bda3635..000000000000
--- a/crypto/heimdal/lib/otp/otp_md.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp_md.c,v 1.15 2001/08/22 20:30:32 assar Exp $");
-#endif
-#include "otp_locl.h"
-
-#include "otp_md.h"
-#ifdef HAVE_OPENSSL
-#include <openssl/md4.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#else
-#include <md4.h>
-#include <md5.h>
-#include <sha.h>
-#endif
-
-/*
- * Compress len bytes from md into key
- */
-
-static void
-compressmd (OtpKey key, unsigned char *md, size_t len)
-{
-  u_char *p = key;
-
-  memset (p, 0, OTPKEYSIZE);
-  while(len) {
-    *p++ ^= *md++;
-    *p++ ^= *md++;
-    *p++ ^= *md++;
-    *p++ ^= *md++;
-    len -= 4;
-    if (p == key + OTPKEYSIZE)
-      p = key;
-  }
-}
-
-static int
-otp_md_init (OtpKey key,
-	     const char *pwd,
-	     const char *seed,
-	     void (*init)(void *),
-	     void (*update)(void *, const void *, size_t),
-	     void (*final)(void *, void *),
-	     void *arg,
-	     unsigned char *res,
-	     size_t ressz)
-{
-  char *p;
-  int len;
-
-  len = strlen(pwd) + strlen(seed);
-  p = malloc (len + 1);
-  if (p == NULL)
-    return -1;
-  strcpy (p, seed);
-  strlwr (p);
-  strcat (p, pwd);
-  (*init)(arg);
-  (*update)(arg, p, len);
-  (*final)(res, arg);
-  free (p);
-  compressmd (key, res, ressz);
-  return 0;
-}
-
-static int
-otp_md_next (OtpKey key,
-	     void (*init)(void *),
-	     void (*update)(void *, const void *, size_t),
-	     void (*final)(void *, void *),
-	     void *arg,
-	     unsigned char *res,
-	     size_t ressz)
-{
-  (*init)(arg);
-  (*update)(arg, key, OTPKEYSIZE);
-  (*final)(res, arg);
-  compressmd (key, res, ressz);
-  return 0;
-}
-
-static int
-otp_md_hash (const char *data,
-	     size_t len,
-	     void (*init)(void *),
-	     void (*update)(void *, const void *, size_t),
-	     void (*final)(void *, void *),
-	     void *arg,
-	     unsigned char *res,
-	     size_t ressz)
-{
-  (*init)(arg);
-  (*update)(arg, data, len);
-  (*final)(res, arg);
-  return 0;
-}
-
-int
-otp_md4_init (OtpKey key, const char *pwd, const char *seed)
-{
-  unsigned char res[16];
-  MD4_CTX md4;
-
-  return otp_md_init (key, pwd, seed,
-		      (void (*)(void *))MD4_Init,
-		      (void (*)(void *, const void *, size_t))MD4_Update, 
-		      (void (*)(void *, void *))MD4_Final,
-		      &md4, res, sizeof(res));
-}
-
-int
-otp_md4_hash (const char *data,
-	      size_t len,
-	      unsigned char *res)
-{
-  MD4_CTX md4;
-
-  return otp_md_hash (data, len,
-		      (void (*)(void *))MD4_Init,
-		      (void (*)(void *, const void *, size_t))MD4_Update, 
-		      (void (*)(void *, void *))MD4_Final,
-		      &md4, res, 16);
-}
-
-int
-otp_md4_next (OtpKey key)
-{
-  unsigned char res[16];
-  MD4_CTX md4;
-
-  return otp_md_next (key, 
-		      (void (*)(void *))MD4_Init, 
-		      (void (*)(void *, const void *, size_t))MD4_Update, 
-		      (void (*)(void *, void *))MD4_Final,
-		      &md4, res, sizeof(res));
-}
-
-
-int
-otp_md5_init (OtpKey key, const char *pwd, const char *seed)
-{
-  unsigned char res[16];
-  MD5_CTX md5;
-
-  return otp_md_init (key, pwd, seed, 
-		      (void (*)(void *))MD5_Init, 
-		      (void (*)(void *, const void *, size_t))MD5_Update, 
-		      (void (*)(void *, void *))MD5_Final,
-		      &md5, res, sizeof(res));
-}
-
-int
-otp_md5_hash (const char *data,
-	      size_t len,
-	      unsigned char *res)
-{
-  MD5_CTX md5;
-
-  return otp_md_hash (data, len,
-		      (void (*)(void *))MD5_Init,
-		      (void (*)(void *, const void *, size_t))MD5_Update, 
-		      (void (*)(void *, void *))MD5_Final,
-		      &md5, res, 16);
-}
-
-int
-otp_md5_next (OtpKey key)
-{
-  unsigned char res[16];
-  MD5_CTX md5;
-
-  return otp_md_next (key, 
-		      (void (*)(void *))MD5_Init, 
-		      (void (*)(void *, const void *, size_t))MD5_Update, 
-		      (void (*)(void *, void *))MD5_Final,
-		      &md5, res, sizeof(res));
-}
-
-/* 
- * For histerical reasons, in the OTP definition it's said that the
- * result from SHA must be stored in little-endian order.  See
- * draft-ietf-otp-01.txt.
- */
-
-static void
-SHA1_Final_little_endian (void *res, SHA_CTX *m)
-{
-  unsigned char tmp[20];
-  unsigned char *p = res;
-  int j;
-
-  SHA1_Final (tmp, m);
-  for (j = 0; j < 20; j += 4) {
-    p[j]   = tmp[j+3];
-    p[j+1] = tmp[j+2];
-    p[j+2] = tmp[j+1];
-    p[j+3] = tmp[j];
-  }
-}
-
-int
-otp_sha_init (OtpKey key, const char *pwd, const char *seed)
-{
-  unsigned char res[20];
-  SHA_CTX sha1;
-
-  return otp_md_init (key, pwd, seed, 
-		      (void (*)(void *))SHA1_Init, 
-		      (void (*)(void *, const void *, size_t))SHA1_Update, 
-		      (void (*)(void *, void *))SHA1_Final_little_endian,
-		      &sha1, res, sizeof(res));
-}
-
-int
-otp_sha_hash (const char *data,
-	      size_t len,
-	      unsigned char *res)
-{
-  SHA_CTX sha1;
-
-  return otp_md_hash (data, len,
-		      (void (*)(void *))SHA1_Init,
-		      (void (*)(void *, const void *, size_t))SHA1_Update, 
-		      (void (*)(void *, void *))SHA1_Final_little_endian,
-		      &sha1, res, 20);
-}
-
-int
-otp_sha_next (OtpKey key)
-{
-  unsigned char res[20];
-  SHA_CTX sha1;
-
-  return otp_md_next (key, 
-		      (void (*)(void *))SHA1_Init,
-		      (void (*)(void *, const void *, size_t))SHA1_Update,
-		      (void (*)(void *, void *))SHA1_Final_little_endian,
-		      &sha1, res, sizeof(res));
-}
diff --git a/crypto/heimdal/lib/otp/otp_md.h b/crypto/heimdal/lib/otp/otp_md.h
deleted file mode 100644
index 5732606439ca..000000000000
--- a/crypto/heimdal/lib/otp/otp_md.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: otp_md.h,v 1.7 2000/07/12 00:26:44 assar Exp $ */
-
-int otp_md4_init (OtpKey key, const char *pwd, const char *seed);
-int otp_md4_hash (const char *, size_t, unsigned char *res);
-int otp_md4_next (OtpKey key);
-
-int otp_md5_init (OtpKey key, const char *pwd, const char *seed);
-int otp_md5_hash (const char *, size_t, unsigned char *res);
-int otp_md5_next (OtpKey key);
-
-int otp_sha_init (OtpKey key, const char *pwd, const char *seed);
-int otp_sha_hash (const char *, size_t, unsigned char *res);
-int otp_sha_next (OtpKey key);
diff --git a/crypto/heimdal/lib/otp/otp_parse.c b/crypto/heimdal/lib/otp/otp_parse.c
deleted file mode 100644
index cc69de50051b..000000000000
--- a/crypto/heimdal/lib/otp/otp_parse.c
+++ /dev/null
@@ -1,2515 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp_parse.c,v 1.20 2000/07/01 13:58:38 assar Exp $");
-#endif
-
-#include "otp_locl.h"
-
-struct e {
-  char *s;
-  unsigned n;
-};
-
-extern const struct e inv_std_dict[2048];
-
-static int
-cmp(const void *a, const void *b)
-{
-  struct e *e1, *e2;
-  
-  e1 = (struct e *)a;
-  e2 = (struct e *)b;
-  return strcasecmp (e1->s, e2->s);
-}
-
-static int
-get_stdword (const char *s, void *v)
-{
-  struct e e, *r;
-
-  e.s = (char *)s;
-  e.n = -1;
-  r = (struct e *) bsearch (&e, inv_std_dict,
-			    sizeof(inv_std_dict)/sizeof(*inv_std_dict),
-			    sizeof(*inv_std_dict), cmp);
-  if (r)
-    return r->n;
-  else
-    return -1;
-}
-
-static void
-compress (OtpKey key, unsigned wn[])
-{
-  key[0] = wn[0] >> 3;
-  key[1] = ((wn[0] & 0x07) << 5) | (wn[1] >> 6);
-  key[2] = ((wn[1] & 0x3F) << 2) | (wn[2] >> 9);
-  key[3] = ((wn[2] >> 1) & 0xFF);
-  key[4] = ((wn[2] & 0x01) << 7) | (wn[3] >> 4);
-  key[5] = ((wn[3] & 0x0F) << 4) | (wn[4] >> 7);
-  key[6] = ((wn[4] & 0x7F) << 1) | (wn[5] >> 10);
-  key[7] = ((wn[5] >> 2) & 0xFF);
-}
-
-static int
-get_altword (const char *s, void *a)
-{
-  OtpAlgorithm *alg = (OtpAlgorithm *)a;
-  int ret;
-  unsigned char *res = malloc(alg->hashsize);
-
-  if (res == NULL)
-    return -1;
-  alg->hash (s, strlen(s), res);
-  ret = (unsigned)(res[alg->hashsize - 1]) | 
-      ((res[alg->hashsize - 2] & 0x03) << 8);
-  free (res);
-  return ret;
-}
-
-static int
-parse_words(unsigned wn[],
-	    const char *str,
-	    int (*convert)(const char *, void *),
-	    void *arg)
-{
-  unsigned char *w, *wend, c;
-  int i;
-  int tmp;
-
-  w = (unsigned char *)str;
-  for (i = 0; i < 6; ++i) {
-    while (isspace(*w))
-      ++w;
-    wend = w;
-    while (isalpha (*wend))
-      ++wend;
-    c = *wend;
-    *wend = '\0';
-    tmp = (*convert)((char *)w, arg);
-    *wend = c;
-    w = wend;
-    if (tmp < 0)
-      return -1;
-    wn[i] = tmp;
-  }
-  return 0;
-}
-
-static int
-otp_parse_internal (OtpKey key, const char *str,
-		    OtpAlgorithm *alg,
-		    int (*convert)(const char *, void *))
-{
-  unsigned wn[6];
-
-  if (parse_words (wn, str, convert, alg))
-    return -1;
-  compress (key, wn);
-  if (otp_checksum (key) != (wn[5] & 0x03))
-    return -1;
-  return 0;
-}
-
-int
-otp_parse_stddict (OtpKey key, const char *str)
-{
-  return otp_parse_internal (key, str, NULL, get_stdword);
-}
-
-int
-otp_parse_altdict (OtpKey key, const char *str, OtpAlgorithm *alg)
-{
-  return otp_parse_internal (key, str, alg, get_altword);
-}
-
-int
-otp_parse_hex (OtpKey key, const char *s)
-{
-  char buf[17], *b;
-  int is[8];
-  int i;
-
-  b = buf;
-  while (*s) {
-    if (strchr ("0123456789ABCDEFabcdef", *s)) {
-      if (b - buf >= 16)
-	return -1;
-      else
-	*b++ = tolower(*s);
-    }
-    s++;
-  }
-  *b = '\0';
-  if (sscanf (buf, "%2x%2x%2x%2x%2x%2x%2x%2x",
-	      &is[0], &is[1], &is[2], &is[3], &is[4],
-	      &is[5], &is[6], &is[7]) != 8)
-    return -1;
-  for (i = 0; i < OTPKEYSIZE; ++i)
-    key[i] = is[i];
-  return 0;
-}
-
-int
-otp_parse (OtpKey key, const char *s, OtpAlgorithm *alg)
-{
-  int ret;
-  int dohex = 1;
-
-  if (strncmp (s, OTP_HEXPREFIX, strlen(OTP_HEXPREFIX)) == 0)
-    return otp_parse_hex (key, s + strlen(OTP_HEXPREFIX));
-  if (strncmp (s, OTP_WORDPREFIX, strlen(OTP_WORDPREFIX)) == 0) {
-    s += strlen(OTP_WORDPREFIX);
-    dohex = 0;
-  }
-
-  ret = otp_parse_stddict (key, s);
-  if (ret)
-    ret = otp_parse_altdict (key, s, alg);
-  if (ret && dohex)
-    ret = otp_parse_hex (key, s);
-  return ret;
-}
-
-const char *const std_dict[2048] =
-{        "A",    "ABE",   "ACE",   "ACT",   "AD",    "ADA",   "ADD",
-"AGO",   "AID",  "AIM",   "AIR",   "ALL",   "ALP",   "AM",    "AMY",
-"AN",    "ANA",  "AND",   "ANN",   "ANT",   "ANY",   "APE",   "APS",
-"APT",   "ARC",  "ARE",   "ARK",   "ARM",   "ART",   "AS",    "ASH",
-"ASK",   "AT",   "ATE",   "AUG",   "AUK",   "AVE",   "AWE",   "AWK",
-"AWL",   "AWN",  "AX",    "AYE",   "BAD",   "BAG",   "BAH",   "BAM",
-"BAN",   "BAR",  "BAT",   "BAY",   "BE",    "BED",   "BEE",   "BEG",
-"BEN",   "BET",  "BEY",   "BIB",   "BID",   "BIG",   "BIN",   "BIT",
-"BOB",   "BOG",  "BON",   "BOO",   "BOP",   "BOW",   "BOY",   "BUB",
-"BUD",   "BUG",  "BUM",   "BUN",   "BUS",   "BUT",   "BUY",   "BY",
-"BYE",   "CAB",  "CAL",   "CAM",   "CAN",   "CAP",   "CAR",   "CAT",
-"CAW",   "COD",  "COG",   "COL",   "CON",   "COO",   "COP",   "COT",
-"COW",   "COY",  "CRY",   "CUB",   "CUE",   "CUP",   "CUR",   "CUT",
-"DAB",   "DAD",  "DAM",   "DAN",   "DAR",   "DAY",   "DEE",   "DEL",
-"DEN",   "DES",  "DEW",   "DID",   "DIE",   "DIG",   "DIN",   "DIP",
-"DO",    "DOE",  "DOG",   "DON",   "DOT",   "DOW",   "DRY",   "DUB",
-"DUD",   "DUE",  "DUG",   "DUN",   "EAR",   "EAT",   "ED",    "EEL",
-"EGG",   "EGO",  "ELI",   "ELK",   "ELM",   "ELY",   "EM",    "END",
-"EST",   "ETC",  "EVA",   "EVE",   "EWE",   "EYE",   "FAD",   "FAN",
-"FAR",   "FAT",  "FAY",   "FED",   "FEE",   "FEW",   "FIB",   "FIG",
-"FIN",   "FIR",  "FIT",   "FLO",   "FLY",   "FOE",   "FOG",   "FOR",
-"FRY",   "FUM",  "FUN",   "FUR",   "GAB",   "GAD",   "GAG",   "GAL",
-"GAM",   "GAP",  "GAS",   "GAY",   "GEE",   "GEL",   "GEM",   "GET",
-"GIG",   "GIL",  "GIN",   "GO",    "GOT",   "GUM",   "GUN",   "GUS",
-"GUT",   "GUY",  "GYM",   "GYP",   "HA",    "HAD",   "HAL",   "HAM",
-"HAN",   "HAP",  "HAS",   "HAT",   "HAW",   "HAY",   "HE",    "HEM",
-"HEN",   "HER",  "HEW",   "HEY",   "HI",    "HID",   "HIM",   "HIP",
-"HIS",   "HIT",  "HO",    "HOB",   "HOC",   "HOE",   "HOG",   "HOP",
-"HOT",   "HOW",  "HUB",   "HUE",   "HUG",   "HUH",   "HUM",   "HUT",
-"I",     "ICY",  "IDA",   "IF",    "IKE",   "ILL",   "INK",   "INN",
-"IO",    "ION",  "IQ",    "IRA",   "IRE",   "IRK",   "IS",    "IT",
-"ITS",   "IVY",  "JAB",   "JAG",   "JAM",   "JAN",   "JAR",   "JAW",
-"JAY",   "JET",  "JIG",   "JIM",   "JO",    "JOB",   "JOE",   "JOG",
-"JOT",   "JOY",  "JUG",   "JUT",   "KAY",   "KEG",   "KEN",   "KEY",
-"KID",   "KIM",  "KIN",   "KIT",   "LA",    "LAB",   "LAC",   "LAD",
-"LAG",   "LAM",  "LAP",   "LAW",   "LAY",   "LEA",   "LED",   "LEE",
-"LEG",   "LEN",  "LEO",   "LET",   "LEW",   "LID",   "LIE",   "LIN",
-"LIP",   "LIT",  "LO",    "LOB",   "LOG",   "LOP",   "LOS",   "LOT",
-"LOU",   "LOW",  "LOY",   "LUG",   "LYE",   "MA",    "MAC",   "MAD",
-"MAE",   "MAN",  "MAO",   "MAP",   "MAT",   "MAW",   "MAY",   "ME",
-"MEG",   "MEL",  "MEN",   "MET",   "MEW",   "MID",   "MIN",   "MIT",
-"MOB",   "MOD",  "MOE",   "MOO",   "MOP",   "MOS",   "MOT",   "MOW",
-"MUD",   "MUG",  "MUM",   "MY",    "NAB",   "NAG",   "NAN",   "NAP",
-"NAT",   "NAY",  "NE",    "NED",   "NEE",   "NET",   "NEW",   "NIB",
-"NIIL",  "NIP",  "NIT",   "NO",    "NOB",   "NOD",   "NON",   "NOR",
-"NOT",   "NOV",  "NOW",   "NU",    "NUN",   "NUT",   "O",     "OAF",
-"OAK",   "OAR",  "OAT",   "ODD",   "ODE",   "OF",    "OFF",   "OFT",
-"OH",    "OIL",  "OK",    "OLD",   "ON",    "ONE",   "OR",    "ORB",
-"ORE",   "ORR",  "OS",    "OTT",   "OUR",   "OUT",   "OVA",   "OW",
-"OWE",   "OWL",  "OWN",   "OX",    "PA",    "PAD",   "PAL",   "PAM",
-"PAN",   "PAP",  "PAR",   "PAT",   "PAW",   "PAY",   "PEA",   "PEG",
-"PEN",   "PEP",  "PER",   "PET",   "PEW",   "PHI",   "PI",    "PIE",
-"PIN",   "PIT",  "PLY",   "PO",    "POD",   "POE",   "POP",   "POT",
-"POW",   "PRO",  "PRY",   "PUB",   "PUG",   "PUN",   "PUP",   "PUT",
-"QUO",   "RAG",  "RAM",   "RAN",   "RAP",   "RAT",   "RAW",   "RAY",
-"REB",   "RED",  "REP",   "RET",   "RIB",   "RID",   "RIG",   "RIM",
-"RIO",   "RIP",  "ROB",   "ROD",   "ROE",   "RON",   "ROT",   "ROW",
-"ROY",   "RUB",  "RUE",   "RUG",   "RUM",   "RUN",   "RYE",   "SAC",
-"SAD",   "SAG",  "SAL",   "SAM",   "SAN",   "SAP",   "SAT",   "SAW",
-"SAY",   "SEA",  "SEC",   "SEE",   "SEN",   "SET",   "SEW",   "SHE",
-"SHY",   "SIN",  "SIP",   "SIR",   "SIS",   "SIT",   "SKI",   "SKY",
-"SLY",   "SO",   "SOB",   "SOD",   "SON",   "SOP",   "SOW",   "SOY",
-"SPA",   "SPY",  "SUB",   "SUD",   "SUE",   "SUM",   "SUN",   "SUP",
-"TAB",   "TAD",  "TAG",   "TAN",   "TAP",   "TAR",   "TEA",   "TED",
-"TEE",   "TEN",  "THE",   "THY",   "TIC",   "TIE",   "TIM",   "TIN",
-"TIP",   "TO",   "TOE",   "TOG",   "TOM",   "TON",   "TOO",   "TOP",
-"TOW",   "TOY",  "TRY",   "TUB",   "TUG",   "TUM",   "TUN",   "TWO",
-"UN",    "UP",   "US",    "USE",   "VAN",   "VAT",   "VET",   "VIE",
-"WAD",   "WAG",  "WAR",   "WAS",   "WAY",   "WE",    "WEB",   "WED",
-"WEE",   "WET",  "WHO",   "WHY",   "WIN",   "WIT",   "WOK",   "WON",
-"WOO",   "WOW",  "WRY",   "WU",    "YAM",   "YAP",   "YAW",   "YE",
-"YEA",   "YES",  "YET",   "YOU",   "ABED",  "ABEL",  "ABET",  "ABLE",
-"ABUT",  "ACHE",  "ACID", "ACME",  "ACRE",  "ACTA",  "ACTS",  "ADAM",
-"ADDS",  "ADEN",  "AFAR", "AFRO",  "AGEE",  "AHEM",  "AHOY",  "AIDA",
-"AIDE",  "AIDS",  "AIRY", "AJAR",  "AKIN",  "ALAN",  "ALEC",  "ALGA",
-"ALIA",  "ALLY",  "ALMA", "ALOE",  "ALSO",  "ALTO",  "ALUM",  "ALVA",
-"AMEN",  "AMES",  "AMID", "AMMO",  "AMOK",  "AMOS",  "AMRA",  "ANDY",
-"ANEW",  "ANNA",  "ANNE", "ANTE",  "ANTI",  "AQUA",  "ARAB",  "ARCH",
-"AREA",  "ARGO",  "ARID", "ARMY",  "ARTS",  "ARTY",  "ASIA",  "ASKS",
-"ATOM",  "AUNT",  "AURA", "AUTO",  "AVER",  "AVID",  "AVIS",  "AVON",
-"AVOW",  "AWAY",  "AWRY", "BABE",  "BABY",  "BACH",  "BACK",  "BADE",
-"BAIL",  "BAIT",  "BAKE", "BALD",  "BALE",  "BALI",  "BALK",  "BALL",
-"BALM",  "BAND",  "BANE", "BANG",  "BANK",  "BARB",  "BARD",  "BARE",
-"BARK",  "BARN",  "BARR", "BASE",  "BASH",  "BASK",  "BASS",  "BATE",
-"BATH",  "BAWD",  "BAWL", "BEAD",  "BEAK",  "BEAM",  "BEAN",  "BEAR",
-"BEAT",  "BEAU",  "BECK", "BEEF",  "BEEN",  "BEER",  "BEET",  "BELA",
-"BELL",  "BELT",  "BEND", "BENT",  "BERG",  "BERN",  "BERT",  "BESS",
-"BEST",  "BETA",  "BETH", "BHOY",  "BIAS",  "BIDE",  "BIEN",  "BILE",
-"BILK",  "BILL",  "BIND", "BING",  "BIRD",  "BITE",  "BITS",  "BLAB",
-"BLAT",  "BLED",  "BLEW", "BLOB",  "BLOC",  "BLOT",  "BLOW",  "BLUE",
-"BLUM",  "BLUR",  "BOAR", "BOAT",  "BOCA",  "BOCK",  "BODE",  "BODY",
-"BOGY",  "BOHR",  "BOIL", "BOLD",  "BOLO",  "BOLT",  "BOMB",  "BONA",
-"BOND",  "BONE",  "BONG", "BONN",  "BONY",  "BOOK",  "BOOM",  "BOON",
-"BOOT",  "BORE",  "BORG", "BORN",  "BOSE",  "BOSS",  "BOTH",  "BOUT",
-"BOWL",  "BOYD",  "BRAD", "BRAE",  "BRAG",  "BRAN",  "BRAY",  "BRED",
-"BREW",  "BRIG",  "BRIM", "BROW",  "BUCK",  "BUDD",  "BUFF",  "BULB",
-"BULK",  "BULL",  "BUNK", "BUNT",  "BUOY",  "BURG",  "BURL",  "BURN",
-"BURR",  "BURT",  "BURY", "BUSH",  "BUSS",  "BUST",  "BUSY",  "BYTE",
-"CADY",  "CAFE",  "CAGE", "CAIN",  "CAKE",  "CALF",  "CALL",  "CALM",
-"CAME",  "CANE",  "CANT", "CARD",  "CARE",  "CARL",  "CARR",  "CART",
-"CASE",  "CASH",  "CASK", "CAST",  "CAVE",  "CEIL",  "CELL",  "CENT",
-"CERN",  "CHAD",  "CHAR", "CHAT",  "CHAW",  "CHEF",  "CHEN",  "CHEW",
-"CHIC",  "CHIN",  "CHOU", "CHOW",  "CHUB",  "CHUG",  "CHUM",  "CITE",
-"CITY",  "CLAD",  "CLAM", "CLAN",  "CLAW",  "CLAY",  "CLOD",  "CLOG",
-"CLOT",  "CLUB",  "CLUE", "COAL",  "COAT",  "COCA",  "COCK",  "COCO",
-"CODA",  "CODE",  "CODY", "COED",  "COIL",  "COIN",  "COKE",  "COLA",
-"COLD",  "COLT",  "COMA", "COMB",  "COME",  "COOK",  "COOL",  "COON",
-"COOT",  "CORD",  "CORE", "CORK",  "CORN",  "COST",  "COVE",  "COWL",
-"CRAB",  "CRAG",  "CRAM", "CRAY",  "CREW",  "CRIB",  "CROW",  "CRUD",
-"CUBA",  "CUBE",  "CUFF", "CULL",  "CULT",  "CUNY",  "CURB",  "CURD",
-"CURE",  "CURL",  "CURT", "CUTS",  "DADE",  "DALE",  "DAME",  "DANA",
-"DANE",  "DANG",  "DANK", "DARE",  "DARK",  "DARN",  "DART",  "DASH",
-"DATA",  "DATE",  "DAVE", "DAVY",  "DAWN",  "DAYS",  "DEAD",  "DEAF",
-"DEAL",  "DEAN",  "DEAR", "DEBT",  "DECK",  "DEED",  "DEEM",  "DEER",
-"DEFT",  "DEFY",  "DELL", "DENT",  "DENY",  "DESK",  "DIAL",  "DICE",
-"DIED",  "DIET",  "DIME", "DINE",  "DING",  "DINT",  "DIRE",  "DIRT",
-"DISC",  "DISH",  "DISK", "DIVE",  "DOCK",  "DOES",  "DOLE",  "DOLL",
-"DOLT",  "DOME",  "DONE", "DOOM",  "DOOR",  "DORA",  "DOSE",  "DOTE",
-"DOUG",  "DOUR",  "DOVE", "DOWN",  "DRAB",  "DRAG",  "DRAM",  "DRAW",
-"DREW",  "DRUB",  "DRUG", "DRUM",  "DUAL",  "DUCK",  "DUCT",  "DUEL",
-"DUET",  "DUKE",  "DULL", "DUMB",  "DUNE",  "DUNK",  "DUSK",  "DUST",
-"DUTY",  "EACH",  "EARL", "EARN",  "EASE",  "EAST",  "EASY",  "EBEN",
-"ECHO",  "EDDY",  "EDEN", "EDGE",  "EDGY",  "EDIT",  "EDNA",  "EGAN",
-"ELAN",  "ELBA",  "ELLA", "ELSE",  "EMIL",  "EMIT",  "EMMA",  "ENDS",
-"ERIC",  "EROS",  "EVEN", "EVER",  "EVIL",  "EYED",  "FACE",  "FACT",
-"FADE",  "FAIL",  "FAIN", "FAIR",  "FAKE",  "FALL",  "FAME",  "FANG",
-"FARM",  "FAST",  "FATE", "FAWN",  "FEAR",  "FEAT",  "FEED",  "FEEL",
-"FEET",  "FELL",  "FELT", "FEND",  "FERN",  "FEST",  "FEUD",  "FIEF",
-"FIGS",  "FILE",  "FILL", "FILM",  "FIND",  "FINE",  "FINK",  "FIRE",
-"FIRM",  "FISH",  "FISK", "FIST",  "FITS",  "FIVE",  "FLAG",  "FLAK",
-"FLAM",  "FLAT",  "FLAW", "FLEA",  "FLED",  "FLEW",  "FLIT",  "FLOC",
-"FLOG",  "FLOW",  "FLUB", "FLUE",  "FOAL",  "FOAM",  "FOGY",  "FOIL",
-"FOLD",  "FOLK",  "FOND", "FONT",  "FOOD",  "FOOL",  "FOOT",  "FORD",
-"FORE",  "FORK",  "FORM", "FORT",  "FOSS",  "FOUL",  "FOUR",  "FOWL",
-"FRAU",  "FRAY",  "FRED", "FREE",  "FRET",  "FREY",  "FROG",  "FROM",
-"FUEL",  "FULL",  "FUME", "FUND",  "FUNK",  "FURY",  "FUSE",  "FUSS",
-"GAFF",  "GAGE",  "GAIL", "GAIN",  "GAIT",  "GALA",  "GALE",  "GALL",
-"GALT",  "GAME",  "GANG", "GARB",  "GARY",  "GASH",  "GATE",  "GAUL",
-"GAUR",  "GAVE",  "GAWK", "GEAR",  "GELD",  "GENE",  "GENT",  "GERM",
-"GETS",  "GIBE",  "GIFT", "GILD",  "GILL",  "GILT",  "GINA",  "GIRD",
-"GIRL",  "GIST",  "GIVE", "GLAD",  "GLEE",  "GLEN",  "GLIB",  "GLOB",
-"GLOM",  "GLOW",  "GLUE", "GLUM",  "GLUT",  "GOAD",  "GOAL",  "GOAT",
-"GOER",  "GOES",  "GOLD", "GOLF",  "GONE",  "GONG",  "GOOD",  "GOOF",
-"GORE",  "GORY",  "GOSH", "GOUT",  "GOWN",  "GRAB",  "GRAD",  "GRAY",
-"GREG",  "GREW",  "GREY", "GRID",  "GRIM",  "GRIN",  "GRIT",  "GROW",
-"GRUB",  "GULF",  "GULL", "GUNK",  "GURU",  "GUSH",  "GUST",  "GWEN",
-"GWYN",  "HAAG",  "HAAS", "HACK",  "HAIL",  "HAIR",  "HALE",  "HALF",
-"HALL",  "HALO",  "HALT", "HAND",  "HANG",  "HANK",  "HANS",  "HARD",
-"HARK",  "HARM",  "HART", "HASH",  "HAST",  "HATE",  "HATH",  "HAUL",
-"HAVE",  "HAWK",  "HAYS", "HEAD",  "HEAL",  "HEAR",  "HEAT",  "HEBE",
-"HECK",  "HEED",  "HEEL", "HEFT",  "HELD",  "HELL",  "HELM",  "HERB",
-"HERD",  "HERE",  "HERO", "HERS",  "HESS",  "HEWN",  "HICK",  "HIDE",
-"HIGH",  "HIKE",  "HILL", "HILT",  "HIND",  "HINT",  "HIRE",  "HISS",
-"HIVE",  "HOBO",  "HOCK", "HOFF",  "HOLD",  "HOLE",  "HOLM",  "HOLT",
-"HOME",  "HONE",  "HONK", "HOOD",  "HOOF",  "HOOK",  "HOOT",  "HORN",
-"HOSE",  "HOST",  "HOUR", "HOVE",  "HOWE",  "HOWL",  "HOYT",  "HUCK",
-"HUED",  "HUFF",  "HUGE", "HUGH",  "HUGO",  "HULK",  "HULL",  "HUNK",
-"HUNT",  "HURD",  "HURL", "HURT",  "HUSH",  "HYDE",  "HYMN",  "IBIS",
-"ICON",  "IDEA",  "IDLE", "IFFY",  "INCA",  "INCH",  "INTO",  "IONS",
-"IOTA",  "IOWA",  "IRIS", "IRMA",  "IRON",  "ISLE",  "ITCH",  "ITEM",
-"IVAN",  "JACK",  "JADE", "JAIL",  "JAKE",  "JANE",  "JAVA",  "JEAN",
-"JEFF",  "JERK",  "JESS", "JEST",  "JIBE",  "JILL",  "JILT",  "JIVE",
-"JOAN",  "JOBS",  "JOCK", "JOEL",  "JOEY",  "JOHN",  "JOIN",  "JOKE",
-"JOLT",  "JOVE",  "JUDD", "JUDE",  "JUDO",  "JUDY",  "JUJU",  "JUKE",
-"JULY",  "JUNE",  "JUNK", "JUNO",  "JURY",  "JUST",  "JUTE",  "KAHN",
-"KALE",  "KANE",  "KANT", "KARL",  "KATE",  "KEEL",  "KEEN",  "KENO",
-"KENT",  "KERN",  "KERR", "KEYS",  "KICK",  "KILL",  "KIND",  "KING",
-"KIRK",  "KISS",  "KITE", "KLAN",  "KNEE",  "KNEW",  "KNIT",  "KNOB",
-"KNOT",  "KNOW",  "KOCH", "KONG",  "KUDO",  "KURD",  "KURT",  "KYLE",
-"LACE",  "LACK",  "LACY", "LADY",  "LAID",  "LAIN",  "LAIR",  "LAKE",
-"LAMB",  "LAME",  "LAND", "LANE",  "LANG",  "LARD",  "LARK",  "LASS",
-"LAST",  "LATE",  "LAUD", "LAVA",  "LAWN",  "LAWS",  "LAYS",  "LEAD",
-"LEAF",  "LEAK",  "LEAN", "LEAR",  "LEEK",  "LEER",  "LEFT",  "LEND",
-"LENS",  "LENT",  "LEON", "LESK",  "LESS",  "LEST",  "LETS",  "LIAR",
-"LICE",  "LICK",  "LIED", "LIEN",  "LIES",  "LIEU",  "LIFE",  "LIFT",
-"LIKE",  "LILA",  "LILT", "LILY",  "LIMA",  "LIMB",  "LIME",  "LIND",
-"LINE",  "LINK",  "LINT", "LION",  "LISA",  "LIST",  "LIVE",  "LOAD",
-"LOAF",  "LOAM",  "LOAN", "LOCK",  "LOFT",  "LOGE",  "LOIS",  "LOLA",
-"LONE",  "LONG",  "LOOK", "LOON",  "LOOT",  "LORD",  "LORE",  "LOSE",
-"LOSS",  "LOST",  "LOUD", "LOVE",  "LOWE",  "LUCK",  "LUCY",  "LUGE",
-"LUKE",  "LULU",  "LUND", "LUNG",  "LURA",  "LURE",  "LURK",  "LUSH",
-"LUST",  "LYLE",  "LYNN", "LYON",  "LYRA",  "MACE",  "MADE",  "MAGI",
-"MAID",  "MAIL",  "MAIN", "MAKE",  "MALE",  "MALI",  "MALL",  "MALT",
-"MANA",  "MANN",  "MANY", "MARC",  "MARE",  "MARK",  "MARS",  "MART",
-"MARY",  "MASH",  "MASK", "MASS",  "MAST",  "MATE",  "MATH",  "MAUL",
-"MAYO",  "MEAD",  "MEAL", "MEAN",  "MEAT",  "MEEK",  "MEET",  "MELD",
-"MELT",  "MEMO",  "MEND", "MENU",  "MERT",  "MESH",  "MESS",  "MICE",
-"MIKE",  "MILD",  "MILE", "MILK",  "MILL",  "MILT",  "MIMI",  "MIND",
-"MINE",  "MINI",  "MINK", "MINT",  "MIRE",  "MISS",  "MIST",  "MITE",
-"MITT",  "MOAN",  "MOAT", "MOCK",  "MODE",  "MOLD",  "MOLE",  "MOLL",
-"MOLT",  "MONA",  "MONK", "MONT",  "MOOD",  "MOON",  "MOOR",  "MOOT",
-"MORE",  "MORN",  "MORT", "MOSS",  "MOST",  "MOTH",  "MOVE",  "MUCH",
-"MUCK",  "MUDD",  "MUFF", "MULE",  "MULL",  "MURK",  "MUSH",  "MUST",
-"MUTE",  "MUTT",  "MYRA", "MYTH",  "NAGY",  "NAIL",  "NAIR",  "NAME",
-"NARY",  "NASH",  "NAVE", "NAVY",  "NEAL",  "NEAR",  "NEAT",  "NECK",
-"NEED",  "NEIL",  "NELL", "NEON",  "NERO",  "NESS",  "NEST",  "NEWS",
-"NEWT",  "NIBS",  "NICE", "NICK",  "NILE",  "NINA",  "NINE",  "NOAH",
-"NODE",  "NOEL",  "NOLL", "NONE",  "NOOK",  "NOON",  "NORM",  "NOSE",
-"NOTE",  "NOUN",  "NOVA", "NUDE",  "NULL",  "NUMB",  "OATH",  "OBEY",
-"OBOE",  "ODIN",  "OHIO", "OILY",  "OINT",  "OKAY",  "OLAF",  "OLDY",
-"OLGA",  "OLIN",  "OMAN", "OMEN",  "OMIT",  "ONCE",  "ONES",  "ONLY",
-"ONTO",  "ONUS",  "ORAL", "ORGY",  "OSLO",  "OTIS",  "OTTO",  "OUCH",
-"OUST",  "OUTS",  "OVAL", "OVEN",  "OVER",  "OWLY",  "OWNS",  "QUAD",
-"QUIT",  "QUOD",  "RACE", "RACK",  "RACY",  "RAFT",  "RAGE",  "RAID",
-"RAIL",  "RAIN",  "RAKE", "RANK",  "RANT",  "RARE",  "RASH",  "RATE",
-"RAVE",  "RAYS",  "READ", "REAL",  "REAM",  "REAR",  "RECK",  "REED",
-"REEF",  "REEK",  "REEL", "REID",  "REIN",  "RENA",  "REND",  "RENT",
-"REST",  "RICE",  "RICH", "RICK",  "RIDE",  "RIFT",  "RILL",  "RIME",
-"RING",  "RINK",  "RISE", "RISK",  "RITE",  "ROAD",  "ROAM",  "ROAR",
-"ROBE",  "ROCK",  "RODE", "ROIL",  "ROLL",  "ROME",  "ROOD",  "ROOF",
-"ROOK",  "ROOM",  "ROOT", "ROSA",  "ROSE",  "ROSS",  "ROSY",  "ROTH",
-"ROUT",  "ROVE",  "ROWE", "ROWS",  "RUBE",  "RUBY",  "RUDE",  "RUDY",
-"RUIN",  "RULE",  "RUNG", "RUNS",  "RUNT",  "RUSE",  "RUSH",  "RUSK",
-"RUSS",  "RUST",  "RUTH", "SACK",  "SAFE",  "SAGE",  "SAID",  "SAIL",
-"SALE",  "SALK",  "SALT", "SAME",  "SAND",  "SANE",  "SANG",  "SANK",
-"SARA",  "SAUL",  "SAVE", "SAYS",  "SCAN",  "SCAR",  "SCAT",  "SCOT",
-"SEAL",  "SEAM",  "SEAR", "SEAT",  "SEED",  "SEEK",  "SEEM",  "SEEN",
-"SEES",  "SELF",  "SELL", "SEND",  "SENT",  "SETS",  "SEWN",  "SHAG",
-"SHAM",  "SHAW",  "SHAY", "SHED",  "SHIM",  "SHIN",  "SHOD",  "SHOE",
-"SHOT",  "SHOW",  "SHUN", "SHUT",  "SICK",  "SIDE",  "SIFT",  "SIGH",
-"SIGN",  "SILK",  "SILL", "SILO",  "SILT",  "SINE",  "SING",  "SINK",
-"SIRE",  "SITE",  "SITS", "SITU",  "SKAT",  "SKEW",  "SKID",  "SKIM",
-"SKIN",  "SKIT",  "SLAB", "SLAM",  "SLAT",  "SLAY",  "SLED",  "SLEW",
-"SLID",  "SLIM",  "SLIT", "SLOB",  "SLOG",  "SLOT",  "SLOW",  "SLUG",
-"SLUM",  "SLUR",  "SMOG", "SMUG",  "SNAG",  "SNOB",  "SNOW",  "SNUB",
-"SNUG",  "SOAK",  "SOAR", "SOCK",  "SODA",  "SOFA",  "SOFT",  "SOIL",
-"SOLD",  "SOME",  "SONG", "SOON",  "SOOT",  "SORE",  "SORT",  "SOUL",
-"SOUR",  "SOWN",  "STAB", "STAG",  "STAN",  "STAR",  "STAY",  "STEM",
-"STEW",  "STIR",  "STOW", "STUB",  "STUN",  "SUCH",  "SUDS",  "SUIT",
-"SULK",  "SUMS",  "SUNG", "SUNK",  "SURE",  "SURF",  "SWAB",  "SWAG",
-"SWAM",  "SWAN",  "SWAT", "SWAY",  "SWIM",  "SWUM",  "TACK",  "TACT",
-"TAIL",  "TAKE",  "TALE", "TALK",  "TALL",  "TANK",  "TASK",  "TATE",
-"TAUT",  "TEAL",  "TEAM", "TEAR",  "TECH",  "TEEM",  "TEEN",  "TEET",
-"TELL",  "TEND",  "TENT", "TERM",  "TERN",  "TESS",  "TEST",  "THAN",
-"THAT",  "THEE",  "THEM", "THEN",  "THEY",  "THIN",  "THIS",  "THUD",
-"THUG",  "TICK",  "TIDE", "TIDY",  "TIED",  "TIER",  "TILE",  "TILL",
-"TILT",  "TIME",  "TINA", "TINE",  "TINT",  "TINY",  "TIRE",  "TOAD",
-"TOGO",  "TOIL",  "TOLD", "TOLL",  "TONE",  "TONG",  "TONY",  "TOOK",
-"TOOL",  "TOOT",  "TORE", "TORN",  "TOTE",  "TOUR",  "TOUT",  "TOWN",
-"TRAG",  "TRAM",  "TRAY", "TREE",  "TREK",  "TRIG",  "TRIM",  "TRIO",
-"TROD",  "TROT",  "TROY", "TRUE",  "TUBA",  "TUBE",  "TUCK",  "TUFT",
-"TUNA",  "TUNE",  "TUNG", "TURF",  "TURN",  "TUSK",  "TWIG",  "TWIN",
-"TWIT",  "ULAN",  "UNIT", "URGE",  "USED",  "USER",  "USES",  "UTAH",
-"VAIL",  "VAIN",  "VALE", "VARY",  "VASE",  "VAST",  "VEAL",  "VEDA",
-"VEIL",  "VEIN",  "VEND", "VENT",  "VERB",  "VERY",  "VETO",  "VICE",
-"VIEW",  "VINE",  "VISE", "VOID",  "VOLT",  "VOTE",  "WACK",  "WADE",
-"WAGE",  "WAIL",  "WAIT", "WAKE",  "WALE",  "WALK",  "WALL",  "WALT",
-"WAND",  "WANE",  "WANG", "WANT",  "WARD",  "WARM",  "WARN",  "WART",
-"WASH",  "WAST",  "WATS", "WATT",  "WAVE",  "WAVY",  "WAYS",  "WEAK",
-"WEAL",  "WEAN",  "WEAR", "WEED",  "WEEK",  "WEIR",  "WELD",  "WELL",
-"WELT",  "WENT",  "WERE", "WERT",  "WEST",  "WHAM",  "WHAT",  "WHEE",
-"WHEN",  "WHET",  "WHOA", "WHOM",  "WICK",  "WIFE",  "WILD",  "WILL",
-"WIND",  "WINE",  "WING", "WINK",  "WINO",  "WIRE",  "WISE",  "WISH",
-"WITH",  "WOLF",  "WONT", "WOOD",  "WOOL",  "WORD",  "WORE",  "WORK",
-"WORM",  "WORN",  "WOVE", "WRIT",  "WYNN",  "YALE",  "YANG",  "YANK",
-"YARD",  "YARN",  "YAWL", "YAWN",  "YEAH",  "YEAR",  "YELL",  "YOGA",
-"YOKE"                         };
-
-const struct e inv_std_dict[2048] = {
-{"A", 0},
-{"ABE", 1},
-{"ABED", 571},
-{"ABEL", 572},
-{"ABET", 573},
-{"ABLE", 574},
-{"ABUT", 575},
-{"ACE", 2},
-{"ACHE", 576},
-{"ACID", 577},
-{"ACME", 578},
-{"ACRE", 579},
-{"ACT", 3},
-{"ACTA", 580},
-{"ACTS", 581},
-{"AD", 4},
-{"ADA", 5},
-{"ADAM", 582},
-{"ADD", 6},
-{"ADDS", 583},
-{"ADEN", 584},
-{"AFAR", 585},
-{"AFRO", 586},
-{"AGEE", 587},
-{"AGO", 7},
-{"AHEM", 588},
-{"AHOY", 589},
-{"AID", 8},
-{"AIDA", 590},
-{"AIDE", 591},
-{"AIDS", 592},
-{"AIM", 9},
-{"AIR", 10},
-{"AIRY", 593},
-{"AJAR", 594},
-{"AKIN", 595},
-{"ALAN", 596},
-{"ALEC", 597},
-{"ALGA", 598},
-{"ALIA", 599},
-{"ALL", 11},
-{"ALLY", 600},
-{"ALMA", 601},
-{"ALOE", 602},
-{"ALP", 12},
-{"ALSO", 603},
-{"ALTO", 604},
-{"ALUM", 605},
-{"ALVA", 606},
-{"AM", 13},
-{"AMEN", 607},
-{"AMES", 608},
-{"AMID", 609},
-{"AMMO", 610},
-{"AMOK", 611},
-{"AMOS", 612},
-{"AMRA", 613},
-{"AMY", 14},
-{"AN", 15},
-{"ANA", 16},
-{"AND", 17},
-{"ANDY", 614},
-{"ANEW", 615},
-{"ANN", 18},
-{"ANNA", 616},
-{"ANNE", 617},
-{"ANT", 19},
-{"ANTE", 618},
-{"ANTI", 619},
-{"ANY", 20},
-{"APE", 21},
-{"APS", 22},
-{"APT", 23},
-{"AQUA", 620},
-{"ARAB", 621},
-{"ARC", 24},
-{"ARCH", 622},
-{"ARE", 25},
-{"AREA", 623},
-{"ARGO", 624},
-{"ARID", 625},
-{"ARK", 26},
-{"ARM", 27},
-{"ARMY", 626},
-{"ART", 28},
-{"ARTS", 627},
-{"ARTY", 628},
-{"AS", 29},
-{"ASH", 30},
-{"ASIA", 629},
-{"ASK", 31},
-{"ASKS", 630},
-{"AT", 32},
-{"ATE", 33},
-{"ATOM", 631},
-{"AUG", 34},
-{"AUK", 35},
-{"AUNT", 632},
-{"AURA", 633},
-{"AUTO", 634},
-{"AVE", 36},
-{"AVER", 635},
-{"AVID", 636},
-{"AVIS", 637},
-{"AVON", 638},
-{"AVOW", 639},
-{"AWAY", 640},
-{"AWE", 37},
-{"AWK", 38},
-{"AWL", 39},
-{"AWN", 40},
-{"AWRY", 641},
-{"AX", 41},
-{"AYE", 42},
-{"BABE", 642},
-{"BABY", 643},
-{"BACH", 644},
-{"BACK", 645},
-{"BAD", 43},
-{"BADE", 646},
-{"BAG", 44},
-{"BAH", 45},
-{"BAIL", 647},
-{"BAIT", 648},
-{"BAKE", 649},
-{"BALD", 650},
-{"BALE", 651},
-{"BALI", 652},
-{"BALK", 653},
-{"BALL", 654},
-{"BALM", 655},
-{"BAM", 46},
-{"BAN", 47},
-{"BAND", 656},
-{"BANE", 657},
-{"BANG", 658},
-{"BANK", 659},
-{"BAR", 48},
-{"BARB", 660},
-{"BARD", 661},
-{"BARE", 662},
-{"BARK", 663},
-{"BARN", 664},
-{"BARR", 665},
-{"BASE", 666},
-{"BASH", 667},
-{"BASK", 668},
-{"BASS", 669},
-{"BAT", 49},
-{"BATE", 670},
-{"BATH", 671},
-{"BAWD", 672},
-{"BAWL", 673},
-{"BAY", 50},
-{"BE", 51},
-{"BEAD", 674},
-{"BEAK", 675},
-{"BEAM", 676},
-{"BEAN", 677},
-{"BEAR", 678},
-{"BEAT", 679},
-{"BEAU", 680},
-{"BECK", 681},
-{"BED", 52},
-{"BEE", 53},
-{"BEEF", 682},
-{"BEEN", 683},
-{"BEER", 684},
-{"BEET", 685},
-{"BEG", 54},
-{"BELA", 686},
-{"BELL", 687},
-{"BELT", 688},
-{"BEN", 55},
-{"BEND", 689},
-{"BENT", 690},
-{"BERG", 691},
-{"BERN", 692},
-{"BERT", 693},
-{"BESS", 694},
-{"BEST", 695},
-{"BET", 56},
-{"BETA", 696},
-{"BETH", 697},
-{"BEY", 57},
-{"BHOY", 698},
-{"BIAS", 699},
-{"BIB", 58},
-{"BID", 59},
-{"BIDE", 700},
-{"BIEN", 701},
-{"BIG", 60},
-{"BILE", 702},
-{"BILK", 703},
-{"BILL", 704},
-{"BIN", 61},
-{"BIND", 705},
-{"BING", 706},
-{"BIRD", 707},
-{"BIT", 62},
-{"BITE", 708},
-{"BITS", 709},
-{"BLAB", 710},
-{"BLAT", 711},
-{"BLED", 712},
-{"BLEW", 713},
-{"BLOB", 714},
-{"BLOC", 715},
-{"BLOT", 716},
-{"BLOW", 717},
-{"BLUE", 718},
-{"BLUM", 719},
-{"BLUR", 720},
-{"BOAR", 721},
-{"BOAT", 722},
-{"BOB", 63},
-{"BOCA", 723},
-{"BOCK", 724},
-{"BODE", 725},
-{"BODY", 726},
-{"BOG", 64},
-{"BOGY", 727},
-{"BOHR", 728},
-{"BOIL", 729},
-{"BOLD", 730},
-{"BOLO", 731},
-{"BOLT", 732},
-{"BOMB", 733},
-{"BON", 65},
-{"BONA", 734},
-{"BOND", 735},
-{"BONE", 736},
-{"BONG", 737},
-{"BONN", 738},
-{"BONY", 739},
-{"BOO", 66},
-{"BOOK", 740},
-{"BOOM", 741},
-{"BOON", 742},
-{"BOOT", 743},
-{"BOP", 67},
-{"BORE", 744},
-{"BORG", 745},
-{"BORN", 746},
-{"BOSE", 747},
-{"BOSS", 748},
-{"BOTH", 749},
-{"BOUT", 750},
-{"BOW", 68},
-{"BOWL", 751},
-{"BOY", 69},
-{"BOYD", 752},
-{"BRAD", 753},
-{"BRAE", 754},
-{"BRAG", 755},
-{"BRAN", 756},
-{"BRAY", 757},
-{"BRED", 758},
-{"BREW", 759},
-{"BRIG", 760},
-{"BRIM", 761},
-{"BROW", 762},
-{"BUB", 70},
-{"BUCK", 763},
-{"BUD", 71},
-{"BUDD", 764},
-{"BUFF", 765},
-{"BUG", 72},
-{"BULB", 766},
-{"BULK", 767},
-{"BULL", 768},
-{"BUM", 73},
-{"BUN", 74},
-{"BUNK", 769},
-{"BUNT", 770},
-{"BUOY", 771},
-{"BURG", 772},
-{"BURL", 773},
-{"BURN", 774},
-{"BURR", 775},
-{"BURT", 776},
-{"BURY", 777},
-{"BUS", 75},
-{"BUSH", 778},
-{"BUSS", 779},
-{"BUST", 780},
-{"BUSY", 781},
-{"BUT", 76},
-{"BUY", 77},
-{"BY", 78},
-{"BYE", 79},
-{"BYTE", 782},
-{"CAB", 80},
-{"CADY", 783},
-{"CAFE", 784},
-{"CAGE", 785},
-{"CAIN", 786},
-{"CAKE", 787},
-{"CAL", 81},
-{"CALF", 788},
-{"CALL", 789},
-{"CALM", 790},
-{"CAM", 82},
-{"CAME", 791},
-{"CAN", 83},
-{"CANE", 792},
-{"CANT", 793},
-{"CAP", 84},
-{"CAR", 85},
-{"CARD", 794},
-{"CARE", 795},
-{"CARL", 796},
-{"CARR", 797},
-{"CART", 798},
-{"CASE", 799},
-{"CASH", 800},
-{"CASK", 801},
-{"CAST", 802},
-{"CAT", 86},
-{"CAVE", 803},
-{"CAW", 87},
-{"CEIL", 804},
-{"CELL", 805},
-{"CENT", 806},
-{"CERN", 807},
-{"CHAD", 808},
-{"CHAR", 809},
-{"CHAT", 810},
-{"CHAW", 811},
-{"CHEF", 812},
-{"CHEN", 813},
-{"CHEW", 814},
-{"CHIC", 815},
-{"CHIN", 816},
-{"CHOU", 817},
-{"CHOW", 818},
-{"CHUB", 819},
-{"CHUG", 820},
-{"CHUM", 821},
-{"CITE", 822},
-{"CITY", 823},
-{"CLAD", 824},
-{"CLAM", 825},
-{"CLAN", 826},
-{"CLAW", 827},
-{"CLAY", 828},
-{"CLOD", 829},
-{"CLOG", 830},
-{"CLOT", 831},
-{"CLUB", 832},
-{"CLUE", 833},
-{"COAL", 834},
-{"COAT", 835},
-{"COCA", 836},
-{"COCK", 837},
-{"COCO", 838},
-{"COD", 88},
-{"CODA", 839},
-{"CODE", 840},
-{"CODY", 841},
-{"COED", 842},
-{"COG", 89},
-{"COIL", 843},
-{"COIN", 844},
-{"COKE", 845},
-{"COL", 90},
-{"COLA", 846},
-{"COLD", 847},
-{"COLT", 848},
-{"COMA", 849},
-{"COMB", 850},
-{"COME", 851},
-{"CON", 91},
-{"COO", 92},
-{"COOK", 852},
-{"COOL", 853},
-{"COON", 854},
-{"COOT", 855},
-{"COP", 93},
-{"CORD", 856},
-{"CORE", 857},
-{"CORK", 858},
-{"CORN", 859},
-{"COST", 860},
-{"COT", 94},
-{"COVE", 861},
-{"COW", 95},
-{"COWL", 862},
-{"COY", 96},
-{"CRAB", 863},
-{"CRAG", 864},
-{"CRAM", 865},
-{"CRAY", 866},
-{"CREW", 867},
-{"CRIB", 868},
-{"CROW", 869},
-{"CRUD", 870},
-{"CRY", 97},
-{"CUB", 98},
-{"CUBA", 871},
-{"CUBE", 872},
-{"CUE", 99},
-{"CUFF", 873},
-{"CULL", 874},
-{"CULT", 875},
-{"CUNY", 876},
-{"CUP", 100},
-{"CUR", 101},
-{"CURB", 877},
-{"CURD", 878},
-{"CURE", 879},
-{"CURL", 880},
-{"CURT", 881},
-{"CUT", 102},
-{"CUTS", 882},
-{"DAB", 103},
-{"DAD", 104},
-{"DADE", 883},
-{"DALE", 884},
-{"DAM", 105},
-{"DAME", 885},
-{"DAN", 106},
-{"DANA", 886},
-{"DANE", 887},
-{"DANG", 888},
-{"DANK", 889},
-{"DAR", 107},
-{"DARE", 890},
-{"DARK", 891},
-{"DARN", 892},
-{"DART", 893},
-{"DASH", 894},
-{"DATA", 895},
-{"DATE", 896},
-{"DAVE", 897},
-{"DAVY", 898},
-{"DAWN", 899},
-{"DAY", 108},
-{"DAYS", 900},
-{"DEAD", 901},
-{"DEAF", 902},
-{"DEAL", 903},
-{"DEAN", 904},
-{"DEAR", 905},
-{"DEBT", 906},
-{"DECK", 907},
-{"DEE", 109},
-{"DEED", 908},
-{"DEEM", 909},
-{"DEER", 910},
-{"DEFT", 911},
-{"DEFY", 912},
-{"DEL", 110},
-{"DELL", 913},
-{"DEN", 111},
-{"DENT", 914},
-{"DENY", 915},
-{"DES", 112},
-{"DESK", 916},
-{"DEW", 113},
-{"DIAL", 917},
-{"DICE", 918},
-{"DID", 114},
-{"DIE", 115},
-{"DIED", 919},
-{"DIET", 920},
-{"DIG", 116},
-{"DIME", 921},
-{"DIN", 117},
-{"DINE", 922},
-{"DING", 923},
-{"DINT", 924},
-{"DIP", 118},
-{"DIRE", 925},
-{"DIRT", 926},
-{"DISC", 927},
-{"DISH", 928},
-{"DISK", 929},
-{"DIVE", 930},
-{"DO", 119},
-{"DOCK", 931},
-{"DOE", 120},
-{"DOES", 932},
-{"DOG", 121},
-{"DOLE", 933},
-{"DOLL", 934},
-{"DOLT", 935},
-{"DOME", 936},
-{"DON", 122},
-{"DONE", 937},
-{"DOOM", 938},
-{"DOOR", 939},
-{"DORA", 940},
-{"DOSE", 941},
-{"DOT", 123},
-{"DOTE", 942},
-{"DOUG", 943},
-{"DOUR", 944},
-{"DOVE", 945},
-{"DOW", 124},
-{"DOWN", 946},
-{"DRAB", 947},
-{"DRAG", 948},
-{"DRAM", 949},
-{"DRAW", 950},
-{"DREW", 951},
-{"DRUB", 952},
-{"DRUG", 953},
-{"DRUM", 954},
-{"DRY", 125},
-{"DUAL", 955},
-{"DUB", 126},
-{"DUCK", 956},
-{"DUCT", 957},
-{"DUD", 127},
-{"DUE", 128},
-{"DUEL", 958},
-{"DUET", 959},
-{"DUG", 129},
-{"DUKE", 960},
-{"DULL", 961},
-{"DUMB", 962},
-{"DUN", 130},
-{"DUNE", 963},
-{"DUNK", 964},
-{"DUSK", 965},
-{"DUST", 966},
-{"DUTY", 967},
-{"EACH", 968},
-{"EAR", 131},
-{"EARL", 969},
-{"EARN", 970},
-{"EASE", 971},
-{"EAST", 972},
-{"EASY", 973},
-{"EAT", 132},
-{"EBEN", 974},
-{"ECHO", 975},
-{"ED", 133},
-{"EDDY", 976},
-{"EDEN", 977},
-{"EDGE", 978},
-{"EDGY", 979},
-{"EDIT", 980},
-{"EDNA", 981},
-{"EEL", 134},
-{"EGAN", 982},
-{"EGG", 135},
-{"EGO", 136},
-{"ELAN", 983},
-{"ELBA", 984},
-{"ELI", 137},
-{"ELK", 138},
-{"ELLA", 985},
-{"ELM", 139},
-{"ELSE", 986},
-{"ELY", 140},
-{"EM", 141},
-{"EMIL", 987},
-{"EMIT", 988},
-{"EMMA", 989},
-{"END", 142},
-{"ENDS", 990},
-{"ERIC", 991},
-{"EROS", 992},
-{"EST", 143},
-{"ETC", 144},
-{"EVA", 145},
-{"EVE", 146},
-{"EVEN", 993},
-{"EVER", 994},
-{"EVIL", 995},
-{"EWE", 147},
-{"EYE", 148},
-{"EYED", 996},
-{"FACE", 997},
-{"FACT", 998},
-{"FAD", 149},
-{"FADE", 999},
-{"FAIL", 1000},
-{"FAIN", 1001},
-{"FAIR", 1002},
-{"FAKE", 1003},
-{"FALL", 1004},
-{"FAME", 1005},
-{"FAN", 150},
-{"FANG", 1006},
-{"FAR", 151},
-{"FARM", 1007},
-{"FAST", 1008},
-{"FAT", 152},
-{"FATE", 1009},
-{"FAWN", 1010},
-{"FAY", 153},
-{"FEAR", 1011},
-{"FEAT", 1012},
-{"FED", 154},
-{"FEE", 155},
-{"FEED", 1013},
-{"FEEL", 1014},
-{"FEET", 1015},
-{"FELL", 1016},
-{"FELT", 1017},
-{"FEND", 1018},
-{"FERN", 1019},
-{"FEST", 1020},
-{"FEUD", 1021},
-{"FEW", 156},
-{"FIB", 157},
-{"FIEF", 1022},
-{"FIG", 158},
-{"FIGS", 1023},
-{"FILE", 1024},
-{"FILL", 1025},
-{"FILM", 1026},
-{"FIN", 159},
-{"FIND", 1027},
-{"FINE", 1028},
-{"FINK", 1029},
-{"FIR", 160},
-{"FIRE", 1030},
-{"FIRM", 1031},
-{"FISH", 1032},
-{"FISK", 1033},
-{"FIST", 1034},
-{"FIT", 161},
-{"FITS", 1035},
-{"FIVE", 1036},
-{"FLAG", 1037},
-{"FLAK", 1038},
-{"FLAM", 1039},
-{"FLAT", 1040},
-{"FLAW", 1041},
-{"FLEA", 1042},
-{"FLED", 1043},
-{"FLEW", 1044},
-{"FLIT", 1045},
-{"FLO", 162},
-{"FLOC", 1046},
-{"FLOG", 1047},
-{"FLOW", 1048},
-{"FLUB", 1049},
-{"FLUE", 1050},
-{"FLY", 163},
-{"FOAL", 1051},
-{"FOAM", 1052},
-{"FOE", 164},
-{"FOG", 165},
-{"FOGY", 1053},
-{"FOIL", 1054},
-{"FOLD", 1055},
-{"FOLK", 1056},
-{"FOND", 1057},
-{"FONT", 1058},
-{"FOOD", 1059},
-{"FOOL", 1060},
-{"FOOT", 1061},
-{"FOR", 166},
-{"FORD", 1062},
-{"FORE", 1063},
-{"FORK", 1064},
-{"FORM", 1065},
-{"FORT", 1066},
-{"FOSS", 1067},
-{"FOUL", 1068},
-{"FOUR", 1069},
-{"FOWL", 1070},
-{"FRAU", 1071},
-{"FRAY", 1072},
-{"FRED", 1073},
-{"FREE", 1074},
-{"FRET", 1075},
-{"FREY", 1076},
-{"FROG", 1077},
-{"FROM", 1078},
-{"FRY", 167},
-{"FUEL", 1079},
-{"FULL", 1080},
-{"FUM", 168},
-{"FUME", 1081},
-{"FUN", 169},
-{"FUND", 1082},
-{"FUNK", 1083},
-{"FUR", 170},
-{"FURY", 1084},
-{"FUSE", 1085},
-{"FUSS", 1086},
-{"GAB", 171},
-{"GAD", 172},
-{"GAFF", 1087},
-{"GAG", 173},
-{"GAGE", 1088},
-{"GAIL", 1089},
-{"GAIN", 1090},
-{"GAIT", 1091},
-{"GAL", 174},
-{"GALA", 1092},
-{"GALE", 1093},
-{"GALL", 1094},
-{"GALT", 1095},
-{"GAM", 175},
-{"GAME", 1096},
-{"GANG", 1097},
-{"GAP", 176},
-{"GARB", 1098},
-{"GARY", 1099},
-{"GAS", 177},
-{"GASH", 1100},
-{"GATE", 1101},
-{"GAUL", 1102},
-{"GAUR", 1103},
-{"GAVE", 1104},
-{"GAWK", 1105},
-{"GAY", 178},
-{"GEAR", 1106},
-{"GEE", 179},
-{"GEL", 180},
-{"GELD", 1107},
-{"GEM", 181},
-{"GENE", 1108},
-{"GENT", 1109},
-{"GERM", 1110},
-{"GET", 182},
-{"GETS", 1111},
-{"GIBE", 1112},
-{"GIFT", 1113},
-{"GIG", 183},
-{"GIL", 184},
-{"GILD", 1114},
-{"GILL", 1115},
-{"GILT", 1116},
-{"GIN", 185},
-{"GINA", 1117},
-{"GIRD", 1118},
-{"GIRL", 1119},
-{"GIST", 1120},
-{"GIVE", 1121},
-{"GLAD", 1122},
-{"GLEE", 1123},
-{"GLEN", 1124},
-{"GLIB", 1125},
-{"GLOB", 1126},
-{"GLOM", 1127},
-{"GLOW", 1128},
-{"GLUE", 1129},
-{"GLUM", 1130},
-{"GLUT", 1131},
-{"GO", 186},
-{"GOAD", 1132},
-{"GOAL", 1133},
-{"GOAT", 1134},
-{"GOER", 1135},
-{"GOES", 1136},
-{"GOLD", 1137},
-{"GOLF", 1138},
-{"GONE", 1139},
-{"GONG", 1140},
-{"GOOD", 1141},
-{"GOOF", 1142},
-{"GORE", 1143},
-{"GORY", 1144},
-{"GOSH", 1145},
-{"GOT", 187},
-{"GOUT", 1146},
-{"GOWN", 1147},
-{"GRAB", 1148},
-{"GRAD", 1149},
-{"GRAY", 1150},
-{"GREG", 1151},
-{"GREW", 1152},
-{"GREY", 1153},
-{"GRID", 1154},
-{"GRIM", 1155},
-{"GRIN", 1156},
-{"GRIT", 1157},
-{"GROW", 1158},
-{"GRUB", 1159},
-{"GULF", 1160},
-{"GULL", 1161},
-{"GUM", 188},
-{"GUN", 189},
-{"GUNK", 1162},
-{"GURU", 1163},
-{"GUS", 190},
-{"GUSH", 1164},
-{"GUST", 1165},
-{"GUT", 191},
-{"GUY", 192},
-{"GWEN", 1166},
-{"GWYN", 1167},
-{"GYM", 193},
-{"GYP", 194},
-{"HA", 195},
-{"HAAG", 1168},
-{"HAAS", 1169},
-{"HACK", 1170},
-{"HAD", 196},
-{"HAIL", 1171},
-{"HAIR", 1172},
-{"HAL", 197},
-{"HALE", 1173},
-{"HALF", 1174},
-{"HALL", 1175},
-{"HALO", 1176},
-{"HALT", 1177},
-{"HAM", 198},
-{"HAN", 199},
-{"HAND", 1178},
-{"HANG", 1179},
-{"HANK", 1180},
-{"HANS", 1181},
-{"HAP", 200},
-{"HARD", 1182},
-{"HARK", 1183},
-{"HARM", 1184},
-{"HART", 1185},
-{"HAS", 201},
-{"HASH", 1186},
-{"HAST", 1187},
-{"HAT", 202},
-{"HATE", 1188},
-{"HATH", 1189},
-{"HAUL", 1190},
-{"HAVE", 1191},
-{"HAW", 203},
-{"HAWK", 1192},
-{"HAY", 204},
-{"HAYS", 1193},
-{"HE", 205},
-{"HEAD", 1194},
-{"HEAL", 1195},
-{"HEAR", 1196},
-{"HEAT", 1197},
-{"HEBE", 1198},
-{"HECK", 1199},
-{"HEED", 1200},
-{"HEEL", 1201},
-{"HEFT", 1202},
-{"HELD", 1203},
-{"HELL", 1204},
-{"HELM", 1205},
-{"HEM", 206},
-{"HEN", 207},
-{"HER", 208},
-{"HERB", 1206},
-{"HERD", 1207},
-{"HERE", 1208},
-{"HERO", 1209},
-{"HERS", 1210},
-{"HESS", 1211},
-{"HEW", 209},
-{"HEWN", 1212},
-{"HEY", 210},
-{"HI", 211},
-{"HICK", 1213},
-{"HID", 212},
-{"HIDE", 1214},
-{"HIGH", 1215},
-{"HIKE", 1216},
-{"HILL", 1217},
-{"HILT", 1218},
-{"HIM", 213},
-{"HIND", 1219},
-{"HINT", 1220},
-{"HIP", 214},
-{"HIRE", 1221},
-{"HIS", 215},
-{"HISS", 1222},
-{"HIT", 216},
-{"HIVE", 1223},
-{"HO", 217},
-{"HOB", 218},
-{"HOBO", 1224},
-{"HOC", 219},
-{"HOCK", 1225},
-{"HOE", 220},
-{"HOFF", 1226},
-{"HOG", 221},
-{"HOLD", 1227},
-{"HOLE", 1228},
-{"HOLM", 1229},
-{"HOLT", 1230},
-{"HOME", 1231},
-{"HONE", 1232},
-{"HONK", 1233},
-{"HOOD", 1234},
-{"HOOF", 1235},
-{"HOOK", 1236},
-{"HOOT", 1237},
-{"HOP", 222},
-{"HORN", 1238},
-{"HOSE", 1239},
-{"HOST", 1240},
-{"HOT", 223},
-{"HOUR", 1241},
-{"HOVE", 1242},
-{"HOW", 224},
-{"HOWE", 1243},
-{"HOWL", 1244},
-{"HOYT", 1245},
-{"HUB", 225},
-{"HUCK", 1246},
-{"HUE", 226},
-{"HUED", 1247},
-{"HUFF", 1248},
-{"HUG", 227},
-{"HUGE", 1249},
-{"HUGH", 1250},
-{"HUGO", 1251},
-{"HUH", 228},
-{"HULK", 1252},
-{"HULL", 1253},
-{"HUM", 229},
-{"HUNK", 1254},
-{"HUNT", 1255},
-{"HURD", 1256},
-{"HURL", 1257},
-{"HURT", 1258},
-{"HUSH", 1259},
-{"HUT", 230},
-{"HYDE", 1260},
-{"HYMN", 1261},
-{"I", 231},
-{"IBIS", 1262},
-{"ICON", 1263},
-{"ICY", 232},
-{"IDA", 233},
-{"IDEA", 1264},
-{"IDLE", 1265},
-{"IF", 234},
-{"IFFY", 1266},
-{"IKE", 235},
-{"ILL", 236},
-{"INCA", 1267},
-{"INCH", 1268},
-{"INK", 237},
-{"INN", 238},
-{"INTO", 1269},
-{"IO", 239},
-{"ION", 240},
-{"IONS", 1270},
-{"IOTA", 1271},
-{"IOWA", 1272},
-{"IQ", 241},
-{"IRA", 242},
-{"IRE", 243},
-{"IRIS", 1273},
-{"IRK", 244},
-{"IRMA", 1274},
-{"IRON", 1275},
-{"IS", 245},
-{"ISLE", 1276},
-{"IT", 246},
-{"ITCH", 1277},
-{"ITEM", 1278},
-{"ITS", 247},
-{"IVAN", 1279},
-{"IVY", 248},
-{"JAB", 249},
-{"JACK", 1280},
-{"JADE", 1281},
-{"JAG", 250},
-{"JAIL", 1282},
-{"JAKE", 1283},
-{"JAM", 251},
-{"JAN", 252},
-{"JANE", 1284},
-{"JAR", 253},
-{"JAVA", 1285},
-{"JAW", 254},
-{"JAY", 255},
-{"JEAN", 1286},
-{"JEFF", 1287},
-{"JERK", 1288},
-{"JESS", 1289},
-{"JEST", 1290},
-{"JET", 256},
-{"JIBE", 1291},
-{"JIG", 257},
-{"JILL", 1292},
-{"JILT", 1293},
-{"JIM", 258},
-{"JIVE", 1294},
-{"JO", 259},
-{"JOAN", 1295},
-{"JOB", 260},
-{"JOBS", 1296},
-{"JOCK", 1297},
-{"JOE", 261},
-{"JOEL", 1298},
-{"JOEY", 1299},
-{"JOG", 262},
-{"JOHN", 1300},
-{"JOIN", 1301},
-{"JOKE", 1302},
-{"JOLT", 1303},
-{"JOT", 263},
-{"JOVE", 1304},
-{"JOY", 264},
-{"JUDD", 1305},
-{"JUDE", 1306},
-{"JUDO", 1307},
-{"JUDY", 1308},
-{"JUG", 265},
-{"JUJU", 1309},
-{"JUKE", 1310},
-{"JULY", 1311},
-{"JUNE", 1312},
-{"JUNK", 1313},
-{"JUNO", 1314},
-{"JURY", 1315},
-{"JUST", 1316},
-{"JUT", 266},
-{"JUTE", 1317},
-{"KAHN", 1318},
-{"KALE", 1319},
-{"KANE", 1320},
-{"KANT", 1321},
-{"KARL", 1322},
-{"KATE", 1323},
-{"KAY", 267},
-{"KEEL", 1324},
-{"KEEN", 1325},
-{"KEG", 268},
-{"KEN", 269},
-{"KENO", 1326},
-{"KENT", 1327},
-{"KERN", 1328},
-{"KERR", 1329},
-{"KEY", 270},
-{"KEYS", 1330},
-{"KICK", 1331},
-{"KID", 271},
-{"KILL", 1332},
-{"KIM", 272},
-{"KIN", 273},
-{"KIND", 1333},
-{"KING", 1334},
-{"KIRK", 1335},
-{"KISS", 1336},
-{"KIT", 274},
-{"KITE", 1337},
-{"KLAN", 1338},
-{"KNEE", 1339},
-{"KNEW", 1340},
-{"KNIT", 1341},
-{"KNOB", 1342},
-{"KNOT", 1343},
-{"KNOW", 1344},
-{"KOCH", 1345},
-{"KONG", 1346},
-{"KUDO", 1347},
-{"KURD", 1348},
-{"KURT", 1349},
-{"KYLE", 1350},
-{"LA", 275},
-{"LAB", 276},
-{"LAC", 277},
-{"LACE", 1351},
-{"LACK", 1352},
-{"LACY", 1353},
-{"LAD", 278},
-{"LADY", 1354},
-{"LAG", 279},
-{"LAID", 1355},
-{"LAIN", 1356},
-{"LAIR", 1357},
-{"LAKE", 1358},
-{"LAM", 280},
-{"LAMB", 1359},
-{"LAME", 1360},
-{"LAND", 1361},
-{"LANE", 1362},
-{"LANG", 1363},
-{"LAP", 281},
-{"LARD", 1364},
-{"LARK", 1365},
-{"LASS", 1366},
-{"LAST", 1367},
-{"LATE", 1368},
-{"LAUD", 1369},
-{"LAVA", 1370},
-{"LAW", 282},
-{"LAWN", 1371},
-{"LAWS", 1372},
-{"LAY", 283},
-{"LAYS", 1373},
-{"LEA", 284},
-{"LEAD", 1374},
-{"LEAF", 1375},
-{"LEAK", 1376},
-{"LEAN", 1377},
-{"LEAR", 1378},
-{"LED", 285},
-{"LEE", 286},
-{"LEEK", 1379},
-{"LEER", 1380},
-{"LEFT", 1381},
-{"LEG", 287},
-{"LEN", 288},
-{"LEND", 1382},
-{"LENS", 1383},
-{"LENT", 1384},
-{"LEO", 289},
-{"LEON", 1385},
-{"LESK", 1386},
-{"LESS", 1387},
-{"LEST", 1388},
-{"LET", 290},
-{"LETS", 1389},
-{"LEW", 291},
-{"LIAR", 1390},
-{"LICE", 1391},
-{"LICK", 1392},
-{"LID", 292},
-{"LIE", 293},
-{"LIED", 1393},
-{"LIEN", 1394},
-{"LIES", 1395},
-{"LIEU", 1396},
-{"LIFE", 1397},
-{"LIFT", 1398},
-{"LIKE", 1399},
-{"LILA", 1400},
-{"LILT", 1401},
-{"LILY", 1402},
-{"LIMA", 1403},
-{"LIMB", 1404},
-{"LIME", 1405},
-{"LIN", 294},
-{"LIND", 1406},
-{"LINE", 1407},
-{"LINK", 1408},
-{"LINT", 1409},
-{"LION", 1410},
-{"LIP", 295},
-{"LISA", 1411},
-{"LIST", 1412},
-{"LIT", 296},
-{"LIVE", 1413},
-{"LO", 297},
-{"LOAD", 1414},
-{"LOAF", 1415},
-{"LOAM", 1416},
-{"LOAN", 1417},
-{"LOB", 298},
-{"LOCK", 1418},
-{"LOFT", 1419},
-{"LOG", 299},
-{"LOGE", 1420},
-{"LOIS", 1421},
-{"LOLA", 1422},
-{"LONE", 1423},
-{"LONG", 1424},
-{"LOOK", 1425},
-{"LOON", 1426},
-{"LOOT", 1427},
-{"LOP", 300},
-{"LORD", 1428},
-{"LORE", 1429},
-{"LOS", 301},
-{"LOSE", 1430},
-{"LOSS", 1431},
-{"LOST", 1432},
-{"LOT", 302},
-{"LOU", 303},
-{"LOUD", 1433},
-{"LOVE", 1434},
-{"LOW", 304},
-{"LOWE", 1435},
-{"LOY", 305},
-{"LUCK", 1436},
-{"LUCY", 1437},
-{"LUG", 306},
-{"LUGE", 1438},
-{"LUKE", 1439},
-{"LULU", 1440},
-{"LUND", 1441},
-{"LUNG", 1442},
-{"LURA", 1443},
-{"LURE", 1444},
-{"LURK", 1445},
-{"LUSH", 1446},
-{"LUST", 1447},
-{"LYE", 307},
-{"LYLE", 1448},
-{"LYNN", 1449},
-{"LYON", 1450},
-{"LYRA", 1451},
-{"MA", 308},
-{"MAC", 309},
-{"MACE", 1452},
-{"MAD", 310},
-{"MADE", 1453},
-{"MAE", 311},
-{"MAGI", 1454},
-{"MAID", 1455},
-{"MAIL", 1456},
-{"MAIN", 1457},
-{"MAKE", 1458},
-{"MALE", 1459},
-{"MALI", 1460},
-{"MALL", 1461},
-{"MALT", 1462},
-{"MAN", 312},
-{"MANA", 1463},
-{"MANN", 1464},
-{"MANY", 1465},
-{"MAO", 313},
-{"MAP", 314},
-{"MARC", 1466},
-{"MARE", 1467},
-{"MARK", 1468},
-{"MARS", 1469},
-{"MART", 1470},
-{"MARY", 1471},
-{"MASH", 1472},
-{"MASK", 1473},
-{"MASS", 1474},
-{"MAST", 1475},
-{"MAT", 315},
-{"MATE", 1476},
-{"MATH", 1477},
-{"MAUL", 1478},
-{"MAW", 316},
-{"MAY", 317},
-{"MAYO", 1479},
-{"ME", 318},
-{"MEAD", 1480},
-{"MEAL", 1481},
-{"MEAN", 1482},
-{"MEAT", 1483},
-{"MEEK", 1484},
-{"MEET", 1485},
-{"MEG", 319},
-{"MEL", 320},
-{"MELD", 1486},
-{"MELT", 1487},
-{"MEMO", 1488},
-{"MEN", 321},
-{"MEND", 1489},
-{"MENU", 1490},
-{"MERT", 1491},
-{"MESH", 1492},
-{"MESS", 1493},
-{"MET", 322},
-{"MEW", 323},
-{"MICE", 1494},
-{"MID", 324},
-{"MIKE", 1495},
-{"MILD", 1496},
-{"MILE", 1497},
-{"MILK", 1498},
-{"MILL", 1499},
-{"MILT", 1500},
-{"MIMI", 1501},
-{"MIN", 325},
-{"MIND", 1502},
-{"MINE", 1503},
-{"MINI", 1504},
-{"MINK", 1505},
-{"MINT", 1506},
-{"MIRE", 1507},
-{"MISS", 1508},
-{"MIST", 1509},
-{"MIT", 326},
-{"MITE", 1510},
-{"MITT", 1511},
-{"MOAN", 1512},
-{"MOAT", 1513},
-{"MOB", 327},
-{"MOCK", 1514},
-{"MOD", 328},
-{"MODE", 1515},
-{"MOE", 329},
-{"MOLD", 1516},
-{"MOLE", 1517},
-{"MOLL", 1518},
-{"MOLT", 1519},
-{"MONA", 1520},
-{"MONK", 1521},
-{"MONT", 1522},
-{"MOO", 330},
-{"MOOD", 1523},
-{"MOON", 1524},
-{"MOOR", 1525},
-{"MOOT", 1526},
-{"MOP", 331},
-{"MORE", 1527},
-{"MORN", 1528},
-{"MORT", 1529},
-{"MOS", 332},
-{"MOSS", 1530},
-{"MOST", 1531},
-{"MOT", 333},
-{"MOTH", 1532},
-{"MOVE", 1533},
-{"MOW", 334},
-{"MUCH", 1534},
-{"MUCK", 1535},
-{"MUD", 335},
-{"MUDD", 1536},
-{"MUFF", 1537},
-{"MUG", 336},
-{"MULE", 1538},
-{"MULL", 1539},
-{"MUM", 337},
-{"MURK", 1540},
-{"MUSH", 1541},
-{"MUST", 1542},
-{"MUTE", 1543},
-{"MUTT", 1544},
-{"MY", 338},
-{"MYRA", 1545},
-{"MYTH", 1546},
-{"NAB", 339},
-{"NAG", 340},
-{"NAGY", 1547},
-{"NAIL", 1548},
-{"NAIR", 1549},
-{"NAME", 1550},
-{"NAN", 341},
-{"NAP", 342},
-{"NARY", 1551},
-{"NASH", 1552},
-{"NAT", 343},
-{"NAVE", 1553},
-{"NAVY", 1554},
-{"NAY", 344},
-{"NE", 345},
-{"NEAL", 1555},
-{"NEAR", 1556},
-{"NEAT", 1557},
-{"NECK", 1558},
-{"NED", 346},
-{"NEE", 347},
-{"NEED", 1559},
-{"NEIL", 1560},
-{"NELL", 1561},
-{"NEON", 1562},
-{"NERO", 1563},
-{"NESS", 1564},
-{"NEST", 1565},
-{"NET", 348},
-{"NEW", 349},
-{"NEWS", 1566},
-{"NEWT", 1567},
-{"NIB", 350},
-{"NIBS", 1568},
-{"NICE", 1569},
-{"NICK", 1570},
-{"NIIL", 351},
-{"NILE", 1571},
-{"NINA", 1572},
-{"NINE", 1573},
-{"NIP", 352},
-{"NIT", 353},
-{"NO", 354},
-{"NOAH", 1574},
-{"NOB", 355},
-{"NOD", 356},
-{"NODE", 1575},
-{"NOEL", 1576},
-{"NOLL", 1577},
-{"NON", 357},
-{"NONE", 1578},
-{"NOOK", 1579},
-{"NOON", 1580},
-{"NOR", 358},
-{"NORM", 1581},
-{"NOSE", 1582},
-{"NOT", 359},
-{"NOTE", 1583},
-{"NOUN", 1584},
-{"NOV", 360},
-{"NOVA", 1585},
-{"NOW", 361},
-{"NU", 362},
-{"NUDE", 1586},
-{"NULL", 1587},
-{"NUMB", 1588},
-{"NUN", 363},
-{"NUT", 364},
-{"O", 365},
-{"OAF", 366},
-{"OAK", 367},
-{"OAR", 368},
-{"OAT", 369},
-{"OATH", 1589},
-{"OBEY", 1590},
-{"OBOE", 1591},
-{"ODD", 370},
-{"ODE", 371},
-{"ODIN", 1592},
-{"OF", 372},
-{"OFF", 373},
-{"OFT", 374},
-{"OH", 375},
-{"OHIO", 1593},
-{"OIL", 376},
-{"OILY", 1594},
-{"OINT", 1595},
-{"OK", 377},
-{"OKAY", 1596},
-{"OLAF", 1597},
-{"OLD", 378},
-{"OLDY", 1598},
-{"OLGA", 1599},
-{"OLIN", 1600},
-{"OMAN", 1601},
-{"OMEN", 1602},
-{"OMIT", 1603},
-{"ON", 379},
-{"ONCE", 1604},
-{"ONE", 380},
-{"ONES", 1605},
-{"ONLY", 1606},
-{"ONTO", 1607},
-{"ONUS", 1608},
-{"OR", 381},
-{"ORAL", 1609},
-{"ORB", 382},
-{"ORE", 383},
-{"ORGY", 1610},
-{"ORR", 384},
-{"OS", 385},
-{"OSLO", 1611},
-{"OTIS", 1612},
-{"OTT", 386},
-{"OTTO", 1613},
-{"OUCH", 1614},
-{"OUR", 387},
-{"OUST", 1615},
-{"OUT", 388},
-{"OUTS", 1616},
-{"OVA", 389},
-{"OVAL", 1617},
-{"OVEN", 1618},
-{"OVER", 1619},
-{"OW", 390},
-{"OWE", 391},
-{"OWL", 392},
-{"OWLY", 1620},
-{"OWN", 393},
-{"OWNS", 1621},
-{"OX", 394},
-{"PA", 395},
-{"PAD", 396},
-{"PAL", 397},
-{"PAM", 398},
-{"PAN", 399},
-{"PAP", 400},
-{"PAR", 401},
-{"PAT", 402},
-{"PAW", 403},
-{"PAY", 404},
-{"PEA", 405},
-{"PEG", 406},
-{"PEN", 407},
-{"PEP", 408},
-{"PER", 409},
-{"PET", 410},
-{"PEW", 411},
-{"PHI", 412},
-{"PI", 413},
-{"PIE", 414},
-{"PIN", 415},
-{"PIT", 416},
-{"PLY", 417},
-{"PO", 418},
-{"POD", 419},
-{"POE", 420},
-{"POP", 421},
-{"POT", 422},
-{"POW", 423},
-{"PRO", 424},
-{"PRY", 425},
-{"PUB", 426},
-{"PUG", 427},
-{"PUN", 428},
-{"PUP", 429},
-{"PUT", 430},
-{"QUAD", 1622},
-{"QUIT", 1623},
-{"QUO", 431},
-{"QUOD", 1624},
-{"RACE", 1625},
-{"RACK", 1626},
-{"RACY", 1627},
-{"RAFT", 1628},
-{"RAG", 432},
-{"RAGE", 1629},
-{"RAID", 1630},
-{"RAIL", 1631},
-{"RAIN", 1632},
-{"RAKE", 1633},
-{"RAM", 433},
-{"RAN", 434},
-{"RANK", 1634},
-{"RANT", 1635},
-{"RAP", 435},
-{"RARE", 1636},
-{"RASH", 1637},
-{"RAT", 436},
-{"RATE", 1638},
-{"RAVE", 1639},
-{"RAW", 437},
-{"RAY", 438},
-{"RAYS", 1640},
-{"READ", 1641},
-{"REAL", 1642},
-{"REAM", 1643},
-{"REAR", 1644},
-{"REB", 439},
-{"RECK", 1645},
-{"RED", 440},
-{"REED", 1646},
-{"REEF", 1647},
-{"REEK", 1648},
-{"REEL", 1649},
-{"REID", 1650},
-{"REIN", 1651},
-{"RENA", 1652},
-{"REND", 1653},
-{"RENT", 1654},
-{"REP", 441},
-{"REST", 1655},
-{"RET", 442},
-{"RIB", 443},
-{"RICE", 1656},
-{"RICH", 1657},
-{"RICK", 1658},
-{"RID", 444},
-{"RIDE", 1659},
-{"RIFT", 1660},
-{"RIG", 445},
-{"RILL", 1661},
-{"RIM", 446},
-{"RIME", 1662},
-{"RING", 1663},
-{"RINK", 1664},
-{"RIO", 447},
-{"RIP", 448},
-{"RISE", 1665},
-{"RISK", 1666},
-{"RITE", 1667},
-{"ROAD", 1668},
-{"ROAM", 1669},
-{"ROAR", 1670},
-{"ROB", 449},
-{"ROBE", 1671},
-{"ROCK", 1672},
-{"ROD", 450},
-{"RODE", 1673},
-{"ROE", 451},
-{"ROIL", 1674},
-{"ROLL", 1675},
-{"ROME", 1676},
-{"RON", 452},
-{"ROOD", 1677},
-{"ROOF", 1678},
-{"ROOK", 1679},
-{"ROOM", 1680},
-{"ROOT", 1681},
-{"ROSA", 1682},
-{"ROSE", 1683},
-{"ROSS", 1684},
-{"ROSY", 1685},
-{"ROT", 453},
-{"ROTH", 1686},
-{"ROUT", 1687},
-{"ROVE", 1688},
-{"ROW", 454},
-{"ROWE", 1689},
-{"ROWS", 1690},
-{"ROY", 455},
-{"RUB", 456},
-{"RUBE", 1691},
-{"RUBY", 1692},
-{"RUDE", 1693},
-{"RUDY", 1694},
-{"RUE", 457},
-{"RUG", 458},
-{"RUIN", 1695},
-{"RULE", 1696},
-{"RUM", 459},
-{"RUN", 460},
-{"RUNG", 1697},
-{"RUNS", 1698},
-{"RUNT", 1699},
-{"RUSE", 1700},
-{"RUSH", 1701},
-{"RUSK", 1702},
-{"RUSS", 1703},
-{"RUST", 1704},
-{"RUTH", 1705},
-{"RYE", 461},
-{"SAC", 462},
-{"SACK", 1706},
-{"SAD", 463},
-{"SAFE", 1707},
-{"SAG", 464},
-{"SAGE", 1708},
-{"SAID", 1709},
-{"SAIL", 1710},
-{"SAL", 465},
-{"SALE", 1711},
-{"SALK", 1712},
-{"SALT", 1713},
-{"SAM", 466},
-{"SAME", 1714},
-{"SAN", 467},
-{"SAND", 1715},
-{"SANE", 1716},
-{"SANG", 1717},
-{"SANK", 1718},
-{"SAP", 468},
-{"SARA", 1719},
-{"SAT", 469},
-{"SAUL", 1720},
-{"SAVE", 1721},
-{"SAW", 470},
-{"SAY", 471},
-{"SAYS", 1722},
-{"SCAN", 1723},
-{"SCAR", 1724},
-{"SCAT", 1725},
-{"SCOT", 1726},
-{"SEA", 472},
-{"SEAL", 1727},
-{"SEAM", 1728},
-{"SEAR", 1729},
-{"SEAT", 1730},
-{"SEC", 473},
-{"SEE", 474},
-{"SEED", 1731},
-{"SEEK", 1732},
-{"SEEM", 1733},
-{"SEEN", 1734},
-{"SEES", 1735},
-{"SELF", 1736},
-{"SELL", 1737},
-{"SEN", 475},
-{"SEND", 1738},
-{"SENT", 1739},
-{"SET", 476},
-{"SETS", 1740},
-{"SEW", 477},
-{"SEWN", 1741},
-{"SHAG", 1742},
-{"SHAM", 1743},
-{"SHAW", 1744},
-{"SHAY", 1745},
-{"SHE", 478},
-{"SHED", 1746},
-{"SHIM", 1747},
-{"SHIN", 1748},
-{"SHOD", 1749},
-{"SHOE", 1750},
-{"SHOT", 1751},
-{"SHOW", 1752},
-{"SHUN", 1753},
-{"SHUT", 1754},
-{"SHY", 479},
-{"SICK", 1755},
-{"SIDE", 1756},
-{"SIFT", 1757},
-{"SIGH", 1758},
-{"SIGN", 1759},
-{"SILK", 1760},
-{"SILL", 1761},
-{"SILO", 1762},
-{"SILT", 1763},
-{"SIN", 480},
-{"SINE", 1764},
-{"SING", 1765},
-{"SINK", 1766},
-{"SIP", 481},
-{"SIR", 482},
-{"SIRE", 1767},
-{"SIS", 483},
-{"SIT", 484},
-{"SITE", 1768},
-{"SITS", 1769},
-{"SITU", 1770},
-{"SKAT", 1771},
-{"SKEW", 1772},
-{"SKI", 485},
-{"SKID", 1773},
-{"SKIM", 1774},
-{"SKIN", 1775},
-{"SKIT", 1776},
-{"SKY", 486},
-{"SLAB", 1777},
-{"SLAM", 1778},
-{"SLAT", 1779},
-{"SLAY", 1780},
-{"SLED", 1781},
-{"SLEW", 1782},
-{"SLID", 1783},
-{"SLIM", 1784},
-{"SLIT", 1785},
-{"SLOB", 1786},
-{"SLOG", 1787},
-{"SLOT", 1788},
-{"SLOW", 1789},
-{"SLUG", 1790},
-{"SLUM", 1791},
-{"SLUR", 1792},
-{"SLY", 487},
-{"SMOG", 1793},
-{"SMUG", 1794},
-{"SNAG", 1795},
-{"SNOB", 1796},
-{"SNOW", 1797},
-{"SNUB", 1798},
-{"SNUG", 1799},
-{"SO", 488},
-{"SOAK", 1800},
-{"SOAR", 1801},
-{"SOB", 489},
-{"SOCK", 1802},
-{"SOD", 490},
-{"SODA", 1803},
-{"SOFA", 1804},
-{"SOFT", 1805},
-{"SOIL", 1806},
-{"SOLD", 1807},
-{"SOME", 1808},
-{"SON", 491},
-{"SONG", 1809},
-{"SOON", 1810},
-{"SOOT", 1811},
-{"SOP", 492},
-{"SORE", 1812},
-{"SORT", 1813},
-{"SOUL", 1814},
-{"SOUR", 1815},
-{"SOW", 493},
-{"SOWN", 1816},
-{"SOY", 494},
-{"SPA", 495},
-{"SPY", 496},
-{"STAB", 1817},
-{"STAG", 1818},
-{"STAN", 1819},
-{"STAR", 1820},
-{"STAY", 1821},
-{"STEM", 1822},
-{"STEW", 1823},
-{"STIR", 1824},
-{"STOW", 1825},
-{"STUB", 1826},
-{"STUN", 1827},
-{"SUB", 497},
-{"SUCH", 1828},
-{"SUD", 498},
-{"SUDS", 1829},
-{"SUE", 499},
-{"SUIT", 1830},
-{"SULK", 1831},
-{"SUM", 500},
-{"SUMS", 1832},
-{"SUN", 501},
-{"SUNG", 1833},
-{"SUNK", 1834},
-{"SUP", 502},
-{"SURE", 1835},
-{"SURF", 1836},
-{"SWAB", 1837},
-{"SWAG", 1838},
-{"SWAM", 1839},
-{"SWAN", 1840},
-{"SWAT", 1841},
-{"SWAY", 1842},
-{"SWIM", 1843},
-{"SWUM", 1844},
-{"TAB", 503},
-{"TACK", 1845},
-{"TACT", 1846},
-{"TAD", 504},
-{"TAG", 505},
-{"TAIL", 1847},
-{"TAKE", 1848},
-{"TALE", 1849},
-{"TALK", 1850},
-{"TALL", 1851},
-{"TAN", 506},
-{"TANK", 1852},
-{"TAP", 507},
-{"TAR", 508},
-{"TASK", 1853},
-{"TATE", 1854},
-{"TAUT", 1855},
-{"TEA", 509},
-{"TEAL", 1856},
-{"TEAM", 1857},
-{"TEAR", 1858},
-{"TECH", 1859},
-{"TED", 510},
-{"TEE", 511},
-{"TEEM", 1860},
-{"TEEN", 1861},
-{"TEET", 1862},
-{"TELL", 1863},
-{"TEN", 512},
-{"TEND", 1864},
-{"TENT", 1865},
-{"TERM", 1866},
-{"TERN", 1867},
-{"TESS", 1868},
-{"TEST", 1869},
-{"THAN", 1870},
-{"THAT", 1871},
-{"THE", 513},
-{"THEE", 1872},
-{"THEM", 1873},
-{"THEN", 1874},
-{"THEY", 1875},
-{"THIN", 1876},
-{"THIS", 1877},
-{"THUD", 1878},
-{"THUG", 1879},
-{"THY", 514},
-{"TIC", 515},
-{"TICK", 1880},
-{"TIDE", 1881},
-{"TIDY", 1882},
-{"TIE", 516},
-{"TIED", 1883},
-{"TIER", 1884},
-{"TILE", 1885},
-{"TILL", 1886},
-{"TILT", 1887},
-{"TIM", 517},
-{"TIME", 1888},
-{"TIN", 518},
-{"TINA", 1889},
-{"TINE", 1890},
-{"TINT", 1891},
-{"TINY", 1892},
-{"TIP", 519},
-{"TIRE", 1893},
-{"TO", 520},
-{"TOAD", 1894},
-{"TOE", 521},
-{"TOG", 522},
-{"TOGO", 1895},
-{"TOIL", 1896},
-{"TOLD", 1897},
-{"TOLL", 1898},
-{"TOM", 523},
-{"TON", 524},
-{"TONE", 1899},
-{"TONG", 1900},
-{"TONY", 1901},
-{"TOO", 525},
-{"TOOK", 1902},
-{"TOOL", 1903},
-{"TOOT", 1904},
-{"TOP", 526},
-{"TORE", 1905},
-{"TORN", 1906},
-{"TOTE", 1907},
-{"TOUR", 1908},
-{"TOUT", 1909},
-{"TOW", 527},
-{"TOWN", 1910},
-{"TOY", 528},
-{"TRAG", 1911},
-{"TRAM", 1912},
-{"TRAY", 1913},
-{"TREE", 1914},
-{"TREK", 1915},
-{"TRIG", 1916},
-{"TRIM", 1917},
-{"TRIO", 1918},
-{"TROD", 1919},
-{"TROT", 1920},
-{"TROY", 1921},
-{"TRUE", 1922},
-{"TRY", 529},
-{"TUB", 530},
-{"TUBA", 1923},
-{"TUBE", 1924},
-{"TUCK", 1925},
-{"TUFT", 1926},
-{"TUG", 531},
-{"TUM", 532},
-{"TUN", 533},
-{"TUNA", 1927},
-{"TUNE", 1928},
-{"TUNG", 1929},
-{"TURF", 1930},
-{"TURN", 1931},
-{"TUSK", 1932},
-{"TWIG", 1933},
-{"TWIN", 1934},
-{"TWIT", 1935},
-{"TWO", 534},
-{"ULAN", 1936},
-{"UN", 535},
-{"UNIT", 1937},
-{"UP", 536},
-{"URGE", 1938},
-{"US", 537},
-{"USE", 538},
-{"USED", 1939},
-{"USER", 1940},
-{"USES", 1941},
-{"UTAH", 1942},
-{"VAIL", 1943},
-{"VAIN", 1944},
-{"VALE", 1945},
-{"VAN", 539},
-{"VARY", 1946},
-{"VASE", 1947},
-{"VAST", 1948},
-{"VAT", 540},
-{"VEAL", 1949},
-{"VEDA", 1950},
-{"VEIL", 1951},
-{"VEIN", 1952},
-{"VEND", 1953},
-{"VENT", 1954},
-{"VERB", 1955},
-{"VERY", 1956},
-{"VET", 541},
-{"VETO", 1957},
-{"VICE", 1958},
-{"VIE", 542},
-{"VIEW", 1959},
-{"VINE", 1960},
-{"VISE", 1961},
-{"VOID", 1962},
-{"VOLT", 1963},
-{"VOTE", 1964},
-{"WACK", 1965},
-{"WAD", 543},
-{"WADE", 1966},
-{"WAG", 544},
-{"WAGE", 1967},
-{"WAIL", 1968},
-{"WAIT", 1969},
-{"WAKE", 1970},
-{"WALE", 1971},
-{"WALK", 1972},
-{"WALL", 1973},
-{"WALT", 1974},
-{"WAND", 1975},
-{"WANE", 1976},
-{"WANG", 1977},
-{"WANT", 1978},
-{"WAR", 545},
-{"WARD", 1979},
-{"WARM", 1980},
-{"WARN", 1981},
-{"WART", 1982},
-{"WAS", 546},
-{"WASH", 1983},
-{"WAST", 1984},
-{"WATS", 1985},
-{"WATT", 1986},
-{"WAVE", 1987},
-{"WAVY", 1988},
-{"WAY", 547},
-{"WAYS", 1989},
-{"WE", 548},
-{"WEAK", 1990},
-{"WEAL", 1991},
-{"WEAN", 1992},
-{"WEAR", 1993},
-{"WEB", 549},
-{"WED", 550},
-{"WEE", 551},
-{"WEED", 1994},
-{"WEEK", 1995},
-{"WEIR", 1996},
-{"WELD", 1997},
-{"WELL", 1998},
-{"WELT", 1999},
-{"WENT", 2000},
-{"WERE", 2001},
-{"WERT", 2002},
-{"WEST", 2003},
-{"WET", 552},
-{"WHAM", 2004},
-{"WHAT", 2005},
-{"WHEE", 2006},
-{"WHEN", 2007},
-{"WHET", 2008},
-{"WHO", 553},
-{"WHOA", 2009},
-{"WHOM", 2010},
-{"WHY", 554},
-{"WICK", 2011},
-{"WIFE", 2012},
-{"WILD", 2013},
-{"WILL", 2014},
-{"WIN", 555},
-{"WIND", 2015},
-{"WINE", 2016},
-{"WING", 2017},
-{"WINK", 2018},
-{"WINO", 2019},
-{"WIRE", 2020},
-{"WISE", 2021},
-{"WISH", 2022},
-{"WIT", 556},
-{"WITH", 2023},
-{"WOK", 557},
-{"WOLF", 2024},
-{"WON", 558},
-{"WONT", 2025},
-{"WOO", 559},
-{"WOOD", 2026},
-{"WOOL", 2027},
-{"WORD", 2028},
-{"WORE", 2029},
-{"WORK", 2030},
-{"WORM", 2031},
-{"WORN", 2032},
-{"WOVE", 2033},
-{"WOW", 560},
-{"WRIT", 2034},
-{"WRY", 561},
-{"WU", 562},
-{"WYNN", 2035},
-{"YALE", 2036},
-{"YAM", 563},
-{"YANG", 2037},
-{"YANK", 2038},
-{"YAP", 564},
-{"YARD", 2039},
-{"YARN", 2040},
-{"YAW", 565},
-{"YAWL", 2041},
-{"YAWN", 2042},
-{"YE", 566},
-{"YEA", 567},
-{"YEAH", 2043},
-{"YEAR", 2044},
-{"YELL", 2045},
-{"YES", 568},
-{"YET", 569},
-{"YOGA", 2046},
-{"YOKE", 2047},
-{"YOU", 570}
-};
diff --git a/crypto/heimdal/lib/otp/otp_print.c b/crypto/heimdal/lib/otp/otp_print.c
deleted file mode 100644
index 701a74cff515..000000000000
--- a/crypto/heimdal/lib/otp/otp_print.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp_print.c,v 1.14 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include "otp_locl.h"
-
-extern const char *const std_dict[];
-
-unsigned
-otp_checksum (OtpKey key)
-{
-  int i;
-  unsigned sum = 0;
-
-  for (i = 0; i < OTPKEYSIZE; ++i)
-    sum += ((key[i] >> 0) & 0x03)
-      + ((key[i] >> 2) & 0x03) 
-      + ((key[i] >> 4) & 0x03)
-      + ((key[i] >> 6) & 0x03);
-  sum &= 0x03;
-  return sum;
-}
-
-void
-otp_print_stddict (OtpKey key, char *str, size_t sz)
-{
-  unsigned sum;
-
-  sum = otp_checksum (key);
-  snprintf (str, sz,
-	    "%s %s %s %s %s %s",
-	    std_dict[(key[0] << 3) | (key[1] >> 5)],
-	    std_dict[((key[1] & 0x1F) << 6) | (key[2] >> 2)],
-	    std_dict[((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7)],
-	    std_dict[((key[4] & 0x7F) << 4) | (key[5] >> 4)],
-	    std_dict[((key[5] & 0x0F) << 7) | (key[6] >> 1)],
-	    std_dict[((key[6] & 0x01) << 10) | (key[7] << 2) | sum]);
-}
-
-void
-otp_print_hex (OtpKey key, char *str, size_t sz)
-{
-  snprintf (str, sz,
-	    "%02x%02x%02x%02x%02x%02x%02x%02x",
-	    key[0], key[1], key[2], key[3], 
-	    key[4], key[5], key[6], key[7]);
-}
-
-void
-otp_print_hex_extended (OtpKey key, char *str, size_t sz)
-{
-  strlcpy (str, OTP_HEXPREFIX, sz);
-  otp_print_hex (key,
-		 str + strlen(OTP_HEXPREFIX),
-		 sz - strlen(OTP_HEXPREFIX));
-}
-
-void
-otp_print_stddict_extended (OtpKey key, char *str, size_t sz)
-{
-  strlcpy (str, OTP_WORDPREFIX, sz);
-  otp_print_stddict (key,
-		     str + strlen(OTP_WORDPREFIX),
-		     sz - strlen(OTP_WORDPREFIX));
-}
diff --git a/crypto/heimdal/lib/otp/otp_verify.c b/crypto/heimdal/lib/otp/otp_verify.c
deleted file mode 100644
index 5fec82e2b669..000000000000
--- a/crypto/heimdal/lib/otp/otp_verify.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otp_verify.c,v 1.7 2000/07/01 13:58:38 assar Exp $");
-#endif
-
-#include "otp_locl.h"
-
-int
-otp_verify_user_1 (OtpContext *ctx, const char *passwd)
-{
-  OtpKey key1, key2;
-
-  if (otp_parse (key1, passwd, ctx->alg)) {
-    ctx->err = "Syntax error in reply";
-    return -1;
-  }
-  memcpy (key2, key1, sizeof(key1));
-  ctx->alg->next (key2);
-  if (memcmp (ctx->key, key2, sizeof(key2)) == 0) {
-    --ctx->n;
-    memcpy (ctx->key, key1, sizeof(key1));
-    return 0;
-  } else
-    return -1;
-}
-
-int
-otp_verify_user (OtpContext *ctx, const char *passwd)
-{
-  void *dbm;
-  int ret;
-
-  if (!ctx->challengep)
-    return -1;
-  ret = otp_verify_user_1 (ctx, passwd);
-  dbm = otp_db_open ();
-  if (dbm == NULL) {
-    free(ctx->user);
-    return -1;
-  }
-  otp_put (dbm, ctx);
-  free(ctx->user);
-  otp_db_close (dbm);
-  return ret;
-}
diff --git a/crypto/heimdal/lib/otp/otptest.c b/crypto/heimdal/lib/otp/otptest.c
deleted file mode 100644
index 4eb342c797eb..000000000000
--- a/crypto/heimdal/lib/otp/otptest.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-RCSID("$Id: otptest.c,v 1.6 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <otp.h>
-
-static int
-test_one(OtpKey key1, char *name, char *val,
-	 void (*print)(OtpKey,char*, size_t),
-	 OtpAlgorithm *alg)
-{
-  char buf[256];
-  OtpKey key2;
-
-  (*print)(key1, buf, sizeof(buf));
-  printf ("%s: %s, ", name, buf);
-  if (strcmp (buf, val) != 0) {
-    printf ("failed(*%s* != *%s*)\n", buf, val);
-    return 1;
-  }
-  if (otp_parse (key2, buf, alg)) {
-    printf ("parse of %s failed\n", name);
-    return 1;
-  }
-  if (memcmp (key1, key2, OTPKEYSIZE) != 0) {
-    printf ("key1 != key2, ");
-  }
-  printf ("success\n");
-  return 0;
-}
-
-static int
-test (void)
-{
-  struct test {
-    char *alg;
-    char *passphrase;
-    char *seed;
-    int count;
-    char *hex;
-    char *word;
-  } tests[] = {
-
-    /* md4 */
-    {"md4", "This is a test.", "TeSt", 0, "d1854218ebbb0b51", "ROME MUG FRED SCAN LIVE LACE"},
-    {"md4", "This is a test.", "TeSt", 1, "63473ef01cd0b444", "CARD SAD MINI RYE COL KIN"},
-    {"md4", "This is a test.", "TeSt", 99, "c5e612776e6c237a", "NOTE OUT IBIS SINK NAVE MODE"},
-    {"md4", "AbCdEfGhIjK", "alpha1", 0, "50076f47eb1ade4e", "AWAY SEN ROOK SALT LICE MAP"},
-    {"md4", "AbCdEfGhIjK", "alpha1", 1, "65d20d1949b5f7ab", "CHEW GRIM WU HANG BUCK SAID"},
-    {"md4", "AbCdEfGhIjK", "alpha1", 99, "d150c82cce6f62d1", "ROIL FREE COG HUNK WAIT COCA"},
-    {"md4", "OTP's are good", "correct", 0, "849c79d4f6f55388", "FOOL STEM DONE TOOL BECK NILE"},
-    {"md4", "OTP's are good", "correct", 1, "8c0992fb250847b1", "GIST AMOS MOOT AIDS FOOD SEEM"},
-    {"md4", "OTP's are good", "correct",99, "3f3bf4b4145fd74b", "TAG SLOW NOV MIN WOOL KENO"},
-
-
-    /* md5 */
-    {"md5", "This is a test.", "TeSt", 0, "9e876134d90499dd", "INCH SEA ANNE LONG AHEM TOUR"},
-    {"md5", "This is a test.", "TeSt", 1, "7965e05436f5029f", "EASE OIL FUM CURE AWRY AVIS"},
-    {"md5", "This is a test.", "TeSt", 99, "50fe1962c4965880", "BAIL TUFT BITS GANG CHEF THY"},
-    {"md5", "AbCdEfGhIjK", "alpha1",  0, "87066dd9644bf206", "FULL PEW DOWN ONCE MORT ARC"},
-    {"md5", "AbCdEfGhIjK", "alpha1",   1, "7cd34c1040add14b", "FACT HOOF AT FIST SITE KENT"},
-    {"md5", "AbCdEfGhIjK", "alpha1",  99, "5aa37a81f212146c", "BODE HOP JAKE STOW JUT RAP"},
-    {"md5", "OTP's are good", "correct", 0,  "f205753943de4cf9", "ULAN NEW ARMY FUSE SUIT EYED"},
-    {"md5", "OTP's are good", "correct", 1, "ddcdac956f234937", "SKIM CULT LOB SLAM POE HOWL"},
-    {"md5", "OTP's are good", "correct",99, "b203e28fa525be47", "LONG IVY JULY AJAR BOND LEE"},
-
-    /* sha */
-    {"sha", "This is a test.", "TeSt", 0, "bb9e6ae1979d8ff4", "MILT VARY MAST OK SEES WENT"},
-    {"sha", "This is a test.", "TeSt", 1, "63d936639734385b", "CART OTTO HIVE ODE VAT NUT"},
-    {"sha", "This is a test.", "TeSt", 99, "87fec7768b73ccf9", "GAFF WAIT SKID GIG SKY EYED"},
-    {"sha", "AbCdEfGhIjK", "alpha1", 0, "ad85f658ebe383c9", "LEST OR HEEL SCOT ROB SUIT"},
-    {"sha", "AbCdEfGhIjK", "alpha1", 1, "d07ce229b5cf119b", "RITE TAKE GELD COST TUNE RECK"},
-    {"sha", "AbCdEfGhIjK", "alpha1", 99, "27bc71035aaf3dc6", "MAY STAR TIN LYON VEDA STAN"},
-    {"sha", "OTP's are good", "correct", 0, "d51f3e99bf8e6f0b", "RUST WELT KICK FELL TAIL FRAU"},
-    {"sha", "OTP's are good", "correct", 1, "82aeb52d943774e4", "FLIT DOSE ALSO MEW DRUM DEFY"},
-    {"sha", "OTP's are good", "correct", 99, "4f296a74fe1567ec", "AURA ALOE HURL WING BERG WAIT"},
-    {NULL}
-  };
-
-  struct test *t;
-  int sum = 0;
-
-  for(t = tests; t->alg; ++t) {
-    int i;
-    OtpAlgorithm *alg = otp_find_alg (t->alg);
-    OtpKey key;
-
-    if (alg == NULL) {
-      printf ("Could not find alg %s\n", t->alg);
-      return 1;
-    }
-    if(alg->init (key, t->passphrase, t->seed))
-      return 1;
-    for (i = 0; i < t->count; ++i) {
-      if (alg->next (key))
-	return 1;
-    }
-    sum += test_one (key, "hexadecimal", t->hex, otp_print_hex,
-		     alg) +
-      test_one (key, "standard_word", t->word, otp_print_stddict, alg);
-  }
-  return sum;
-}
-
-int
-main (void)
-{
-  return test ();
-}
diff --git a/crypto/heimdal/lib/otp/roken_rename.h b/crypto/heimdal/lib/otp/roken_rename.h
deleted file mode 100644
index 202b9a68ceb6..000000000000
--- a/crypto/heimdal/lib/otp/roken_rename.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h,v 1.2 1999/12/02 16:58:45 joda Exp $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_SNPRINTF
-#define snprintf _otp_snprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _otp_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _otp_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _otp_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _otp_vasnprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _otp_vsnprintf
-#endif
-#ifndef HAVE_STRCASECMP
-#define strcasecmp _otp_strcasecmp
-#endif
-#ifndef HAVE_STRNCASECMP
-#define strncasecmp _otp_strncasecmp
-#endif
-#ifndef HAVE_STRLWR
-#define strlwr _otp_strlwr
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/roken/.libs/libroken.lai b/crypto/heimdal/lib/roken/.libs/libroken.lai
deleted file mode 100644
index 6987bcdb53e3..000000000000
--- a/crypto/heimdal/lib/roken/.libs/libroken.lai
+++ /dev/null
@@ -1,32 +0,0 @@
-# libroken.la - a libtool library file
-# Generated by ltmain.sh - GNU libtool 1.4.2 (1.922.2.53 2001/09/11 03:18:52)
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='libroken.so.16'
-
-# Names of this library.
-library_names='libroken.so.16 libroken.so libroken.so'
-
-# The name of the static archive.
-old_library='libroken.a'
-
-# Libraries that this one depends upon.
-dependency_libs=''
-
-# Version information for libroken.
-current=16
-age=7
-revision=0
-
-# Is this an already installed library?
-installed=yes
-
-# Files to dlopen/dlpreopen
-dlopen=''
-dlpreopen=''
-
-# Directory that this library needs to be installed in:
-libdir='/usr/heimdal/lib'
diff --git a/crypto/heimdal/lib/roken/.libs/libroken.so.16 b/crypto/heimdal/lib/roken/.libs/libroken.so.16
deleted file mode 100755
index 182647a2ca67..000000000000
--- a/crypto/heimdal/lib/roken/.libs/libroken.so.16
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/.libs/libtest.al b/crypto/heimdal/lib/roken/.libs/libtest.al
deleted file mode 100644
index db4f929f966d..000000000000
--- a/crypto/heimdal/lib/roken/.libs/libtest.al
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/.libs/snprintf-test b/crypto/heimdal/lib/roken/.libs/snprintf-test
deleted file mode 100755
index b0df6107dc53..000000000000
--- a/crypto/heimdal/lib/roken/.libs/snprintf-test
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog
deleted file mode 100644
index 971bc90c42bd..000000000000
--- a/crypto/heimdal/lib/roken/ChangeLog
+++ /dev/null
@@ -1,1475 +0,0 @@
-2003-04-22  Love  <lha@stacken.kth.se>
-
-	* resolve.c: 1.38->1.39: copy NUL too, from janj@wenf.org via
-	openbsd
-
-2003-04-16  Love  <lha@stacken.kth.se>
-
-	* parse_units.h: remove typedef for units to avoid problems with
-	shadowing
-
-	* resolve.c: use strlcpy, from openbsd
-	
-	* getcap.c: use strlcpy, from openbsd
-	
-	* getarg.3: Change .Fd #include <header.h> to .In header.h
-	from Thomas Klausner <wiz@netbsd.org>
-
-2003-04-15  Love  <lha@stacken.kth.se>
-
-	* socket.c (socket_set_tos): if setsockopt failed with EINVAL
-	failed, just ignore it, sock was probably a just a non AF_INET
-	socket
-
-2003-04-14  Love  <lha@stacken.kth.se>
-
-	* strncasecmp.c: cast argument to toupper to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-	* strlwr.c: cast argument to tolower to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-	* strcasecmp.c: cast argument to toupper to unsigned char, from
-	Christian Biere <christianbiere@gmx.de> via NetBSD
-	
-2003-03-19  Love  <lha@stacken.kth.se>
-
-	* getarg.3: spelling, from <jmc@prioris.mini.pw.edu.pl>
-	
-2003-03-07  Love  <lha@stacken.kth.se>
-
-	* parse_bytes.c: use struct units instead of units
-	
-	* parse_time.c: use struct units instead of units
-	
-2003-03-04  Love  <lha@stacken.kth.se>
-
-	* roken.awk: use full prototype for main
-	
-2002-10-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: check length of txt records
-
-2002-09-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: include config.h before stdio.h (breaks with
-	_FILE_OFFSET_BITS on solaris otherwise)
-
-2002-09-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: fix res_nsearch call, but don't use it for now, AIX5
-	has a broken version that trashes memory
-
-	* roken-common.h: fix typo in previous
-
-	* roken-common.h: change IRIX == 4 to IRIX4
-
-2002-09-04  Assar Westerlund  <assar@kth.se>
-
-	* getifaddrs.c: remove some warnings from the linux-portion
-
-	* getnameinfo_verified.c (getnameinfo_verified): handle the case
-	of forward but no backward DNS information, and also describe the
-	desired behaviour.  from Love <lha@stacken.kth.se>
-
-2002-09-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* rtbl.c (rtbl_destroy): free whole table
-
-	* resolve.c: use res_nsearch if we have it (from Larry Greenfield)
-
-2002-09-03  Assar Westerlund  <assar@kth.se>
-
-	* getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
-	YOSHIFUJI of the Usagi project
-	
-	* parse_reply-test.c: make this build and return 77 if there is no
-	mmap
-
-	* Makefile.am (parse_reply-test): add
-	* parse_reply-test.c: add a test case for parse_reply reading past
-	the given buffer
-	* resolve.c (parse_reply): update the arguments to more reasonable
-	types.  allow parse_reply-test to call it
-
-2002-08-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c (dns_srv_order): do alignment tricks with the random()
-	state (from NetBSD)
-
-2002-08-27  Assar Westerlund  <assar@kth.se>
-
-	* resolve.c (parse_reply): verify the lengths (both external and
-	internal) are consistent and not too long
-	(dns_lookup_int): be conservative in the length sent in to to
-	parse_reply
-
-2002-08-26  Assar Westerlund  <assar@kth.se>
-
-	* roken.h.in: add prototypes for str, unvis functions
-	* resolve.h: add fallback definition for T_AAAA
-
-2002-08-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: we may need a prototype for strndup
-
-2002-08-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: typedef ssize_t here
-
-	* getarg.c: don't put Ns before comma
-
-	* resolve.c: _res might not be available
-
-	* localtime_r.c: include stdio.h and roken.h
-
-	* strftime.c: only use altzone if we have it
-
-	* roken-common.h: AI_NUMERICHOST needs special handling
-
-	* strlcat.c: add some consistency checks
-
-	* strlcpy.c: make the logic simpler, and handle dst_sz == 0
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.h: prefix these functions to avoid conflicts with other
-	packages
-
-2002-08-14  Johan Danielsson  <joda@pdc.kth.se>
-
-	* strsep_copy.c: don't write to buf if len == 0
-
-2002-05-31  Assar Westerlund  <assar@pdc.kth.se>
-
-	* Makefile.am: *_LDADD: add LDADD, so that libroken is used
-
-2002-05-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* xdbm.h: remove old dbm part
-
-2002-04-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ndbm_wrap.{c,h}: ndbm wrapper for newer db libraries
-
-2002-04-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: move mini_inetd protos to after addrinfo definition
-
-	* snprintf.c (append_number): make rep const
-
-	* getarg.h: rename optind and optarg to avoid some gcc warnings
-
-	* getarg.c: rename optind and optarg to avoid some gcc warnings
-
-2002-02-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* mini_inetd.c: mini_inetd_addrinfo that takes an addrinfo instead
-	of a port number
-
-2001-11-30  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c: support SIOCGLIFCONF and SIOCGLIFFLAGS which are
-	used on Solaris 8 to retrieve addresses larger than `struct
-	sockaddr'.  From Magnus Ahltorp <ahltorp@nada.kth.se> (with some
-	modifications by me)
-
-2001-10-27  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set version to 15:0:6
-
-2001-10-22  Assar Westerlund  <assar@sics.se>
-
-	* localtime_r.c: add
-
-2001-10-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c (dns_srv_order): don't try to return a value
-
-2001-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c: va_{start,end} fixes; from Thomas Klausner
-
-2001-09-20  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (dns_srv_order): make sure of not reading after the
-	array
-
-2001-09-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump to 14:4:5
-	* snprintf.c: rename 'struct state' -> 'struct snprintf_test' to
-	avoid collision with resolv.h on aix
-
-2001-09-04  Assar Westerlund  <assar@sics.se>
-
-	* parse_bytes-test.c, parse_bytes.c, parse_bytes.h, parse_units.c,
-	parse_units.h: use int instead of size_t as return values to be
-	compatible with snprintf
-
-	* strftime.c (strftime): check for return values from snprintf() <
-	0
-
-2001-09-03  Johan Danielsson  <joda@pdc.kth.se>
-
-	* socket.c: restrict is a keyword
-
-2001-09-03  Assar Westerlund  <assar@sics.se>
-
-	* write_pid.c: handle atexit or on_exit
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add vis.hin to help
-	solaris make
-
-2001-08-30  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: use LDADD directly
-
-2001-08-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set to 14:3:5
-
-	* issuid.c (issuid): call issetugid if it exists
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make it play better with recent automake
-
-2001-08-21  Assar Westerlund  <assar@sics.se>
-
-	* glob.c: provide a fallback for ARG_MAX.  from <tol@stacken.kth.se>
-
-	* roken.h.in: remove all winsock.h
-	for now, it does more harm than good under cygwin and if it should be
-	used, the correct conditional needs to be found
-	from <tol@stacken.kth.se>
-
-2001-08-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getaddrinfo.c: include a definition of in6addr_loopback if it
-	doesn't exist
-
-2001-08-10  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): update to 14:2:5
-
-2001-08-08  Assar Westerlund  <assar@sics.se>
-
-	* hstrerror.c: move h_errno to its own file (h_errno.c)
-
-2001-08-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add getarg.3
-
-2001-08-01  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): explicitly use PF_UNSPEC.  be more
-	resilient to bind/listen failing.
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c (getifaddrs2): remove unused variables
-
-2001-07-31  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): update version to 14:1:5
-
-2001-07-23  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (arg_match_long): fix parsing of arg_counter optional
-	argument
-
-2001-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 14:0:5
-	
-2001-07-17  Assar Westerlund  <assar@sics.se>
-
-	* snprintf-test.h: add a file with renaming of the snprintf
-	functions, to be used for running the tests
-
-2001-07-11  Assar Westerlund  <assar@sics.se>
-
-	* snprintf-test.c: add more %X tests, and long and conditional
-	long long tests
-	* snprintf.c: add support for printing long long (if available)
-
-2001-07-10  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo.c (add_hostent): adapt to const hostent_find_fqdn
-	* hostent_find_fqdn.c (hostent_find_fqdn): const-ize
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (hostent_find_fqdn): add
-	* hostent_find_fqdn.c: separate out hostent_find_fqdn
-
-	* warnerr.c: move out getprogname, setprogname
-
-2001-07-03  Assar Westerlund  <assar@sics.se>
-
-	* warnerr.c (setprogname): add const cast
-	* vis.c (SVIS): add some (unsigned char) before calling isfoo*
-	* Makefile.am (libroken_la_LDFLAGS:) set version to 13:0:4
-
-	* Makefile.am: add snprintf_test
-	* snprintf.c: rewrite so that it does not stop as soon as there
-	are no more characters to print, we need to figure out how long
-	the string would have to be.  this also fixes snprintf(NULL, 0
-
-2001-06-21  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (pipe_execv): remove unused variable
-
-2001-06-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getdtablesize.c: fix typo in obviously never used sysctl case
-
-	* simple_exec.c: rename check_status to wait_for_process, and
-	export it; function pipe_execv similar to popen, but with more
-	control over input and output
-
-	* roken-common.h: prototypes for wait_for_process and pipe_execv
-
-2001-06-17  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: move emalloc et al to roken.h.in
-	* Makefile.am: make emalloc,ecalloc,erealloc,estrdup conditional
-	* emalloc.c, erealloc.c, estrup.c: use errx, since errno might not
-	be set reliably
-	* ecalloc.c: add for symmetry
-
-2001-06-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* resolve.c: dns_srv_order to order srv records
-
-2001-06-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.c: Grog tries to figure out if to use mdoc.old instead of
-	mdoc by looking at some macros that were only present in the old
-	version, and by looking at the number of .Oo's present. In
-	mdoc.old .Oo was a toggle, but in mdoc it's closed by .Oc, so if
-	the number of .Oo's is bigger than the number of .Oc's, it figures
-	it must be mdoc.old. This doesn't however account for called Oc's,
-	and thus grog thinks that valid pages are mdoc.old when they
-	infact are mdoc. So let's make sure that Oc's are not called by
-	other macros.
-
-2001-05-29  Assar Westerlund  <assar@sics.se>
-
-	* base64-test.c (main): initialize numerr
-
-2001-05-28  Johan Danielsson  <joda@pdc.kth.se>
-
-	* base64.c: clean up the decode mess somewhat
-
-	* base64-test.c: base64 tests
-
-2001-05-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: just use standard C types with bswap*
-
-	* bswap.c: just use standard C types
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include all the headers that AC_GROK_TYPES tries for
-	finding u_int17_t et al
-
-	* Makefile.am: bump version to 12:0:3
-	* roken.h.in: re-add set_progname and get_progname for backwards
-	compatability
-	* warnerr.c: re-add set_progname and get_progname for backwards
-	compatability
-
-2001-05-12  Assar Westerlund  <assar@sics.se>
-
-	* glob.c: add limits.h, from <shadow@dementia.org>
-
-2001-05-11  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bswap.c
-	
-	* bswap.c: bswap{16,32}
-	
-2001-05-08  Assar Westerlund  <assar@sics.se>
-
-	* freeaddrinfo.c (freeaddrinfo): also free every `struct
-	addrinfo'.  from <tmartin@mirapoint.com>
-
-2001-04-25  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h (free_getarg_strings): add prototype
-	* getarg.c (free_getarg_strings): add function
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.c: pack short flag options togther, to shorten the usage
-	string
-
-2001-04-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getifaddrs.c (getifaddrs2): close socket when done
-
-2001-03-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: END has to be last with Sun's awk
-
-2001-03-26  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): do not check the return value
-	from strtod, it might return != 0.0 when the string has no digits.
-	just testing if it consumed any characters is enough and more
-	resilient
-	* glob.c: add GLOB_LIMIT (from NetBSD)
-
-2001-02-20  Assar Westerlund  <assar@sics.se>
-
-	* warnerr.c (warnerr): do not use __progname
-	* roken.h.in (setprogname, getprogname): add prototypes
-	* warnerr.c (setprogname, getprogname): rename to. change all
-	callers
-	
-2001-02-12  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): do the first
-	getnameinfo with NI_NUMERICSERV to avoid the error that bind 8.2.3
-	reports on not finding the service
-	(ENI_NOSERVNAME).  reported by Ake Sandgren <ake@cs.umu.se>
-
-2001-02-09  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo.c (doit): call inet_ntop with correct af, noted by
-	Ake Sandgren <ake@cs.umu.se>
-
-2001-02-08  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): always capture
-	the service from getnameinfo so it can be sent back to getaddrinfo
-	and set socktype to avoid getaddrinfo not returning any addresses
-
-2001-01-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 11:1:2
-	* print_version.c (print_version): add 2001
-
-2001-01-29  Assar Westerlund  <assar@sics.se>
-
-	* getifaddrs.c (getifaddrs2): copy the entire sockaddr
-
-	* roken-common.h (_PATH_BSHELL): add
-
-2001-01-27  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: move __attribute__ to roken-common.h
-
-	* esetenv.c (esetenv): cast to handle a setenv that takes a `char
- 	* which is the case on Unicos
-
-2000-12-29  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): ifaddrs.h ->
-	ifaddrs.hin
-
-2000-12-25  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (print_arg): add a case for arg_strings
-
-2000-12-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* snprintf.c (append_string): handle NULL strings by printing
-	`(null)'
-
-2000-12-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken-common.h: add c++ externs
-
-	* roken.h.in: fix last commit differently
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* err.hin (warnerr): remove, it's not part of the err.h interface
-	* roken-common.h (warnerr): moved here from err.hin
-	* Makefile.am (libroken_la_LDFLAGS): set version to 11:0:2
-	* vis.c: s/u_int32_t/unsigned/ for systems that do not define
-	u_int32_t
-
-2000-12-10  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: rename some headers to avoid conflict with possible
-	system headers
-
-2000-12-06  Johan Danielsson  <joda@pdc.kth.se>
-
-	* vis.c: make sure _DIAGASSERT is defined
-
-	* unvis.c: make sure _DIAGASSERT is defined
-
-	* Makefile.am: unvis.c, and vis.h
-
-	* vis.h: vis.h from NetBSD
-
-	* unvis.c: unvis from NetBSD
-
-	* roken.h.in: cleanup previous
-
-	* roken-common.h: make `extern "C"' into a macro, this make emacs
-	much happier
-
-	* vis.c: strvis implementation from NetBSD
-
-	* roken.h.in: add prototypes for strvis*
-
-2000-12-05  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ifaddrs.h: fix freeifaddrs prototype, and add ifa_broadaddr
-	macro
-
-	* getifaddrs.c: free some memory
-
-2000-12-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* ifaddrs.h: getifaddrs implementation using SIOCGIFCONFIG etc
-
-	* getifaddrs.c: getifaddrs implementation using SIOCGIFCONFIG etc
-
-2000-10-08  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): check that fds are not too large to
-	select on
-
-2000-09-24  Assar Westerlund  <assar@sics.se>
-
-	*  esetenv.c: new file/function
-
-2000-08-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 10:0:1
-
-2000-08-10  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (accept_it): type-correctness on parameters to
-	accept
-
-2000-08-07  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: add proto compat for getsockname
-
-2000-08-04  Johan Danielsson  <joda@pdc.kth.se>
-
-	* write_pid.c: conditionalise pidfile
-
-	* write_pid.c: add pidfile function
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump version to 9:0:0
-
-	* warnerr.c: add get_progname
-
-2000-07-24  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo.c (add_hostent): if there's no fqdn in `he' try
-	reverse resolving to see if there's a fuller name there.  don't
-	use just-freed memory
-
-2000-07-22  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: do not define ndbm functions in terms of dbm functions
-	if we're using db
-
-2000-07-20  Assar Westerlund  <assar@sics.se>
-
-	* rtbl.c (rtbl_format): avoid printing an empty row at the end
-
-2000-07-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: make this compatible with `make dist'
-
-	* Makefile.am: revert version number for now
-
-2000-07-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* configure.in: AM_PROG_LIBTOOL -> AC_PROG_LIBTOOL
-
-2000-07-17  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: set ACLOCAL_AMFLAGS
-
-2000-07-15  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getaddrinfo_hostspec.c: add new function that takes socktype
-	hint as parameter
-
-2000-07-09  Assar Westerlund  <assar@sics.se>
-
-	* rtbl.c (rtbl_add_column): initialize `col' completely
-
-	* configure.in: bring headers and functions more in-line with
-	what's actually being used
-
-2000-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.h.in: declare ether_addr and sockaddr_dl for AIX
-
-	* rtbl.{c,h}: simple table functions
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* configure.in (AM_INIT_AUTOMAKE): bump version to 10
-	* configure.in (AC_BROKEN): add strsep_copy
-	* Makefile.am (ACLOCAL): fetch files from cf
-
-2000-07-01  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (pid_file_*): fix protos
-
-2000-06-28  Assar Westerlund  <assar@sics.se>
-
-	* getnameinfo_verified.c (getnameinfo_verified): free memory
-	returned from getaddrinfo
-
-2000-06-27  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c: export string_to_type and type_to_string
-	* resolve.c: add key,sig,cert update test-program
-	* resolve.h: add key,sig,cert
-
-2000-06-21  Assar Westerlund  <assar@sics.se>
-
-	* resolve.h: add T_SIG, T_KEY
-	* resolve.c: add SIG and KEY
-	* Makefile.am (libroken_la_SOURCES): add environment.c and
-	write_pid.c
-
-	* write_pid.c: new file for writing a pid file.
-
-	* environment.c: new file with functionality for reading
-	/etc/environment.  From Ake Sandgren <ake@cs.umu.se>
-
-2000-06-12  Johan Danielsson  <joda@pdc.kth.se>
-
-	* strsep_copy.c: strsep, but with const stringp so returns string
-	in separate buffer
-
-2000-05-23  Assar Westerlund  <assar@sics.se>
-
-	* vsyslog.c (vsyslog): calculate length of new format string
-	correctly
-
-2000-05-22  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getusershell.c: implment the AIX version use
-	/etc/security/login.cfg
-
-2000-05-21  Assar Westerlund  <assar@sics.se>
-
-	* vsyslog.c (vsyslog): actually handle `%m'
-
-2000-05-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): set version to 8:1:3
-
-	* roken-common.h: moved __attribute__ to roken.h.in
-
-2000-04-14  Assar Westerlund  <assar@sics.se>
-
-	* getaddrinfo_hostspec.c (roken_getaddrinfo_hostspec): copy the
-	correct length from `hostspec'.  based on a patch from Love
-	<lha@s3.kth.se>
-
-2000-04-09  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: only include one of db.h and the dbm-series
-
-2000-04-05  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (_resolve_debug): explicitly set to zero.  this moves
-	the variable from bss to data and the dynamic linker on MacOS
-	X/Darwin seems unhappy with stuff in the bss segment.
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 8:0:3
-
-2000-03-11  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (_SS_PAD1SIZE): try to write an inpenetrable
-	expression that also works on Crays
-
-2000-03-09  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (arg_match_short): backup optind when there's a missing
-	argument so that the error can point at the flag and not the
-	non-existant argument
-
-2000-03-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add timeval.c
-	* Makefile.am (libroken_la_SOURCES): add timeval.c
-	* timeval.c: new file
-
-2000-02-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 7:1:2
-	
-2000-02-16  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c (PARSE_INT_FORMAT): note that shorts are actually
-	transmitted as ints
-	(according to the integer protomotion rules) in variable arguments
-	lists.  Therefore, we should not call va_arg with short but rather
-	with int.  See <http://www.debian.org/Bugs/db/57/57919.html> for
-	original bug report
-
-2000-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 7:0:2
-
-	* getarg.c (mandoc_template): also fix no- prefix in .Sh OPTIONS
-	* getarg.c (mandoc_template): better man-stuff for negative
-	options
-
-2000-02-07  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 6:0:1
-
-2000-02-06  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: hopefully catch a few more declarations by including
-	<ndbm.h> even if <db.h> was found
-
-2000-01-26  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): separate number of allocated sockets
-	and number of actual ones
-	* mini_inetd.c (mini_inetd): count sockets properly.  and fail if
-	we cannot bind any
-	* mini_inetd.c (mini_inetd): make failing to create a socket
-	non-fatal
-
-2000-01-09  Assar Westerlund  <assar@sics.se>
-
- 	* Makefile.am(libroken_la_SOURCES): add strcollect.c
-	* Makefile.in: add strcollect.[co]
-	* simple_exec.c: use vstrcollect
-	* roken-common.h (_PATH_DEV): add
-	(strcollect, vstrcollect): add prototypes
-	* strcollect.c: new file.  functions for collapsing an `va_list'
-	into an `char **'
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 5:0:0
-
-1999-12-30  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (strpftime_test_SOURCES): correct source file name
-
-	* roken.h.in (sockaddr_storage): change padding so that we have
- 	one char[] of pad and then an unsigned long[] (for alignment and
- 	padding).  this works much better in practice.
-
-1999-12-22  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (sockaddr_storage): drop leading underscore on
- 	`public' fields.  this was the consensus on the ipng mailing list
-
-1999-12-21  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (strpftime-test): define sources to avoid having
- 	'.o'
-	* Makefile.am (print_version.h): use $(EXEEXT)
-	* Makefile.am (roken.h): add $(EXEEXT) to make this work on cygwin
- 	et al
-
-1999-12-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 4:3:0
-
-	* getaddrinfo.c (get_nodes): use getipnodebyname instead of
-	gethostbyname(2)
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_LDFLAGS): bump version to 4:2:0
-
-	* roken.h.in (struct sockaddr_storage): redefine with the example
- 	code from rfc2553
-
-	* getaddrinfo.c (get_null): set loopback with correct endianess
-	for v4.  dunno about v6.
-
-1999-12-13  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: add prototypes for str[pf]time
-
-	* signal.c: macosx = rhapsody ~= nextstep also can't handle
- 	various definitions of the same symbol.
-
-1999-12-12  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:1:0
-
-1999-12-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 4:0:0
-
-1999-12-05  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: replace inaddr2str with getnameinfo_verified
-
-	* roken-common.h (INADDR_LOOPBACK): add fallback definition
-
-	* roken-common.h: move getnameinfo_verified to roken.h.in
-	* roken.h.in (inaddr2str): remove
-	* Makefile.am (libroken_la_SOURCES); removed inaddr2str
-	* roken-common.h (getnameinfo_verified): add prototype
-	* getnameinfo_verified.c: new file
-
-1999-12-04  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add constants for getaddrinfo, getnameinfo
-	* roken.h.in (socklen_t): make independent of sockaddr_storage
-	(AI_*, NI_*, EAI_*): move to roken-common.h
-
-1999-12-03  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inted): rewrite to use `getaddrinfo'
-	* getaddrinfo.c (const_v*): no sizeof(sizeof())
-	* getaddrinfo.c (add_hostent): search for the canonical name among
-	all aliases
-	(getaddrinfo): handle AI_NUMERICHOST correctly
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add freeaddinfo,
-	getaddrinfo, getnameinfo, gai_strerror
-	(getaddrinfo_test): add
-	* Makefile.in (SOURCES): add freeaddinfo, getaddrinfo,
-	getnameinfo, gai_strerror
-	(getaddrinfo_test): add
-	* roken.h.in: arpa/inet.h: include
-	(socklen_t): add
-	(struct addrinfo): add
-	(EAI_*): add
-	(NI_*): add
-	(AI_*): add
-	(getaddrinfo, getnameinfo, freeaddrinfo, gai_strerror): add
-	* getnameinfo.c: new file
-	* getaddrinfo-test.c: new file
-	* gai_strerror.c: new file
-	* getaddrinfo.c: new file
-	* freeaddrinfo.c: new file
-
-1999-11-25  Assar Westerlund  <assar@sics.se>
-
-	* getopt.c (getopt): return -1 instead of EOF.  From
-	<art@stacken.kth.se>
-
-1999-11-13  Assar Westerlund  <assar@sics.se>
-
-	* strftime.c (strftime): handle `%z' and `%Z' in a tm_gmtoff-less
-	world
-
-	* getcap.c: make sure to use db only if we have both the library
-	and the header file
-	
-1999-11-12  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h: add arg_counter
-	* getarg.c: add a new type of argument: `arg_counter' re-organize
-	the code somewhat
-	
-	* Makefile.am: add strptime and strpftime-test
-	
-	* snprintf.c (xyzprintf): try to do the right thing with an % at
-	the end of the format string
-	
-	* strptime.c (strptime): implement '%U', '%V', '%W'
-	* strftime.c (strftime): implement '%U', '%V', '%W', '%z'
-	
-	* strftime.c (strftime): correct %E and %O handling.  do something
- 	reasonable with "...%"
-
-	* strftime.c: replace the BSD implementation by one of our own
-	coding
-
-	* strptime.c : new file
-	* strpftime-test.c: new file
-
-1999-11-07  Assar Westerlund  <assar@sics.se>
-
-	* parse_bytes-test.c: new file
-
-	* Makefile.am: add parse_bytes-test
-
-	* parse_units.c (parse_something): try to handle the case of no
- 	value specified a little bit better
-
-1999-11-04  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:2:0
-
-1999-10-30  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c (PARSE_INT_FORMAT): add redundant casts to work
- 	around a gcc-bug that manifests itself on Linux-PPC.  From Tom
- 	Rini <trini@kernel.crashing.org>
-
-1999-10-28  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump version to 3:1:0
-
-	* roken.h.in: use `unsigned char' instead of `u_int8_t' to avoid
- 	having to have that definition.  this is the easy way out instead
- 	of getting the definition here where it's needed.  flame me.
-
-Fri Oct 22 15:39:31 1999  Bjoern Groenvall  <bg@sics.se>
-
-	* k_getpwuid.c (k_getpwuid): getspuid() does not exist (even
- 	though it should), use getspnam().
-
-1999-10-20  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 3:0:0
-
-1999-10-18  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.3: document arg_collect
-
-	* getarg.c: change the way arg_collect works; it's still quite
-	horrible though
-
-	* getarg.h: change type of the collect function
-
-1999-10-17  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: undo last commit
-
-	* xdbm.h: reorder db includes
-
-1999-10-10  Assar Westerlund  <assar@sics.se>
-
-	* socket.c: const-ize and comment
-
-	* net_write.c: const-ize
-
-	* base64.c: const-ize
-
-1999-10-06  Assar Westerlund  <assar@sics.se>
-
-	* getarg.c (getarg): also set optind when returning error
-
-1999-09-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add parse_bytes.[ch]
-
-1999-09-24  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getarg.3: getarg manpage
-
-	* getarg.{c,h}: add a callback type to do more complicated processing
-
-	* getarg.{c,h}: add floating point support
-
-1999-09-16  Assar Westerlund  <assar@sics.se>
-
-	* strlcat.c (strlcat): call strlcpy
-
-	* strlcpy.c: update name and prototype
-
-	* strlcat.c: update name and prototype
-
-	* roken.h.in: rename strc{py,at}_truncate to strlc{py,at}
-
-	* Makefile.am: rename strc{py,at}_truncate -> strlc{py,at}
-
-	* Makefile.in: rename strc{py,at}_truncate -> strlc{py,at}
-
- 	* strcpy_truncate.c (strcpy_truncate): change return value to be
- 	the length of `src'
-
-1999-08-16  Assar Westerlund  <assar@sics.se>
-
-	* getcap.c: try to make this work on systems with DB
-
-1999-08-16  Johan Danielsson  <joda@pdc.kth.se>
-
-	* getcap.c: protect from db-less systems
-
-1999-08-09  Johan Danielsson  <joda@pdc.kth.se>
-
-	* simple_exec.c: add simple_exec{ve,le}
-
-	* getcap.c: getcap from NetBSD
-
-1999-08-06  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (sockaddr_storage): cater for those that have
- 	v6-support also
-
-1999-08-05  Assar Westerlund  <assar@sics.se>
-
-	* inet_ntop.c (inet_ntop_v4): remember to call ntohl
-
-1999-08-04  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add shutdown constants
-
-	* mini_inetd.c (listen_v4, listen_v6): handle the case of the
- 	protocol not being supported
-
-1999-08-01  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (socket_set_reuseaddr): remove duplicate
-
-1999-07-29  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c (mini_inetd): fix my stupid bugs
-
-1999-07-28  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h: add socket* functions
-
-	* Makefile.am (libroken_la_SOURCES): add socket.c
-
-	* socket.c: new file, originally from appl/ftp/common
-
-	* Makefile.am: set version to 2:0:2
-
-	* roken.h.in (inet_pton): add prototype
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_pton
-
-	* inet_pton.c: new file
-
-	* getipnodebyname.c (getipnodebyname): try gethostbyname2 if we
- 	have it
-
-1999-07-27  Assar Westerlund  <assar@sics.se>
-
-	* mini_inetd.c: support IPv6
-
-1999-07-26  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-	* roken.h.in (inet_ntop): add prototype
-
- 	* roken-common.h: (INET{,6}_ADDRSTRLEN): add
-
-	* inet_ntop.c: new file
-
-	* Makefile.am (EXTRA_libroken_la_SOURCES): add inet_ntop.c
-
-	* Makefile.am: move some files from libroken_la_SOURCES to
- 	EXTRA_libroken_la_SOURCES
-
-	* snprintf.c: some signed vs unsigned casts
-	
-1999-07-24  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (struct sockaddr_storage): define it needed
-
-1999-07-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libroken_la_SOURCES): add copyhostent.c,
- 	freehostent.c, getipnodebyname.c, getipnodebyaddr.c
-	
-	* roken.h.in: <netdb.h>: include
-	(copyhostent, freehostent, getipnodebyname, getipnodebyaddr): add
-	prototypes
-
-	* roken-common.h: new constants for getipnodeby*
-
-	* Makefile.in (SOURCES): add freehostent, copyhostent,
- 	getipnodebyname, getipnodebyaddr
-
-	* freehostent.c: new file
-
-	* copyhostent.c: new file
-
-	* getipnodebyaddr.c: new file
-
-	* getipnodebyname.c: new file
-
-1999-07-13  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (k_getpwnam): update prototype
-
-	* k_getpwnam.c (k_getpwnam): const-ize
-
-	* get_default_username.c (get_default_username): a better way of
- 	guessing when the user has su:ed
-
-1999-07-08  Johan Danielsson  <joda@pdc.kth.se>
-
-	* roken.awk: use puts, as suggested by Jeffrey Hutzelman
-	<jhutz+@cmu.edu>
-
-1999-07-06  Assar Westerlund  <assar@sics.se>
-
-	* readv.c (readv): typo
-
-1999-07-03  Assar Westerlund  <assar@sics.se>
-
-	* writev.c (writev): error check malloc properly
-
-	* sendmsg.c (sendmsg): error check malloc properly
-
-	* resolve.c (parse_reply): error check malloc properly
-
-	* recvmsg.c (recvmsg): error check malloc properly
-
-	* readv.c (readv): error check malloc properly
-
-1999-06-23  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (acc_units): move the special case of 0 -> 1 to
- 	parse_something to avoid having it happen at the end of the string
-
-1999-06-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add get_default_username
-
-	* get_default_username.c: new file
-
-	* roken.h.in (get_default_username): add prototype
-
-	* Makefile.am: add get_default_username
-
-1999-05-08  Assar Westerlund  <assar@sics.se>
-
-	* xdbm.h: also try <db.h> with DB_DBM_HSEARCH == 1
-
-	* strnlen.c (strnlen): update prototype
-
-	* Makefile.am: strndup.c: add
-
-	* Makefile.in: strndup.c: add
-
-	* roken.h.in (strndup): add
-	(strnlen): update prototype
-
-	* strndup.c: new file
-
-Fri Apr 16 17:59:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include strsep prototype if needed
-
-Thu Apr 15 14:04:03 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: make make-print-version.o depend on version.h
-
-Wed Apr  7 14:11:00 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: make it compile w/o krb4
-
-Sat Mar 27 17:33:03 1999  Johan Danielsson  <joda@blubb.pdc.kth.se>
-
-	* snprintf.c (vasnprintf): correct check if realloc returns NULL
-
-Sat Mar 27 12:37:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: link print_version with -ldes to avoid unresolved
- 	references if -lkrb is shared
-
-Sat Mar 20 03:42:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* roken-common.h (eread, ewrite): add
-
-	* simple_exec.c: add <roken.h>
-
-Fri Mar 19 21:29:58 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add eread, ewrite
-
-	* eread.c, ewrite.c: new files
-
-	* Makefile.am (libroken_la_SOURCES): add eread and ewrite
-
-Fri Mar 19 14:52:57 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add version-info
-
-Thu Mar 18 12:53:32 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: remove include_dir hack
-
-	* Makefile.am: parse_units.h
-
-	* Makefile.am: include Makefile.am.common
-
-Sat Mar 13 23:31:35 1999  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add glob.c
-
-Thu Mar 11 15:02:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* iruserok.c: move innetgr() to separate file
-
-	* innetgr.c: move innetgr() to separate file
-
-	* hstrerror.c (hstrerror): add const to return type
-
-	* erealloc.c: fix types in format string
-
-	* emalloc.c: fix types in format string
-
-Wed Mar 10 16:36:55 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* resolve.c: ugly fix for crays
-
-Mon Mar  8 11:52:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* roken.h.in: protos for {un,}setenv
-
-1999-02-16  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add fnmatch
-
-	* roken-common.h (abs): add
-
-Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@sics.se>
-
-	* emalloc.c, erealloc.c, estrup.c: new files
-
-	* roken.h.in (mkstemp, gethostname): also includes prototypes if
- 	they are needed.
-
-1998-12-23  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: mkstemp: add prototype
-
-1998-12-20  Assar Westerlund  <assar@sics.se>
-
-	* snprintf.c, iruserok.c, parse-units.c: unsigned char-correctness
-
-	* roken.h.in (inet_aton): also chedk NEED_INET_ATON_PROTO
-
-	* roken-common.h: __attribute__: check for autoconf'd
-	HAVE___ATTRIBUTE__ instead of GNUC
-
-Sun Dec  6 19:53:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): func is called with val == 0 if
- 	no unit was given
-	(acc_flags, acc_units): update to new standard
-
-Fri Nov 27 03:09:42 1998  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (stot): constify
-	(type_to_string): always declare
-	(dns_lookup_int): correct debug output
-
-Thu Nov 26 23:43:55 1998  Assar Westerlund  <assar@sics.se>
-
-	* resolve.c (dns_lookup_int): send rr_class to res_search
-
-Thu Nov 26 17:09:47 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* resolve.c: some cleanup
-
-	* resolve.h: add T_NAPTR
-
-Sun Nov 22 10:23:07 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (WFLAGS): set
-
-	* k_getpwnam.c (k_getpwnam): check for `struct spwd'
-
-	* k_getpwuid.c (k_getpwuid): check for `struct spwd'
-
-Tue Sep  8 05:18:31 1998  Assar Westerlund  <assar@sics.se>
-
-	* recvmsg.c (recvmsg): patch from bpreece@unity.ncsu.edu
-
-Fri Sep  4 16:29:27 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* vsyslog.c: asprintf -> vasprintf
-
-Tue Aug 18 22:25:52 1998  Assar Westerlund  <assar@sics.se>
-
-	* getarg.h (arg_printusage): new signature
-
-	* getarg.c (arg_printusage): new parameter `progname'.  NULL means
- 	__progname.
-
-Sun Aug  9 14:53:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: net_{read,write}.c
-
-Fri Jul 24 21:56:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (simple_execvp): loop around waitpid when errno ==
- 	EINTR
-
-Thu Jul 23 20:24:35 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: net_{read,write}.c
-
-Wed Jul 22 21:38:35 1998  Assar Westerlund  <assar@sics.se>
-
-	* simple_exec.c (simple_execlp): initialize `argv'
-
-Mon Jul 13 23:01:22 1998  Assar Westerlund  <assar@sics.se>
-
-	* inaddr2str.c (inaddr2str): don't advance hostent->h_addr_list,
- 	use a copy instead
-
-Fri Jul 10 01:20:08 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (net_write, net_read): add prototypes
-
-	* Makefile.in: net_{read,write}.c: add
-
-	* net_{read,write}.c: new files
-
-Tue Jun 30 17:29:09 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in (issuid): add
-
-	* get_window_size.c: fix misspelling of TIOCGWINSZ and bad use of
- 	fields
-
-Sun May 31 03:24:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Put short and long options in
- 	SYNOPSIS within the same [ ] pair.
-
-Sat May 30 00:13:01 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (arg_printusage): try to keep options shorter than
- 	column width
-
-	* get_window_size.c (get_window_size): check COLUMNS and LINES
-
-Fri May 29 00:05:04 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Put short and long options in
- 	DESCRIPTION on the same line.
-
-	* getarg.c (arg_match_long): make sure you only get an exact match
- 	if the strings are the same length
-
-Thu May 14 02:23:40 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.awk: stupid cray awk wants \#
-
-Fri May  1 01:29:36 1998  Assar Westerlund  <assar@sics.se>
-
-	* print_version.c (print_version): according to ISO/ANSI C the
- 	elements of `arg' are not constant and therefore not settable at
- 	compile-time.  Set the at run-time instead.
-
-Sun Apr 19 10:00:06 1998  Assar Westerlund  <assar@sics.se>
-
-	* roken.h.in: include paths.h
-
-Sun Apr  5 12:30:49 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (SOURCES): add roken_gethostby.c to make solaris
- 	make happy
-
-Thu Mar 19 20:41:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* simple_exec.c: Simple fork+exec system() replacement.
-
-Fri Mar  6 00:21:53 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* roken_gethostby.c: Make `roken_gethostby_setup' take url-like
- 	specification instead of split up versions. Makes it easier for
- 	calling applications.
-
-	* roken_gethostby.c: Another miracle of the 20th century:
- 	gethostby* over HTTP.
-
-Sat Feb 21 15:18:36 1998  assar westerlund  <assar@sics.se>
-
-	* parse_time.c (unparse_time_approx): new function that calls
- 	`unparse_units_approx'
-
-	* parse_units.c (unparse_units_approx): new function that will
- 	only print the first unit.
-
-	* Makefile.in: include parse_{time,units}
-
-Thu Feb 12 03:30:08 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse_time.c (print_time_table): don't return a void value.
-
-Tue Feb  3 11:06:24 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c (mandoc_template): Change date format to full month
- 	name, and day of month without leading zero.
-
-Thu Jan 22 21:23:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c: Fix long form of negative flags.
-
-Mon Dec 29 23:31:10 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* roken.h.in: Include <err.h>, to get linux __progname.
-
-Sun Dec 21 09:45:18 1997  Assar Westerlund  <assar@sics.se>
-
-	* parse_time.c (print_time_table): new function
-
-	* parse_units.c (print_flags_table, print_units_table): new
- 	functions.
-
-Thu Dec  4 02:51:46 1997  Assar Westerlund  <assar@sics.se>
-
-	* iruserok.c: moved here.
-
-	* snprintf.c (sn_append_char): don't write any terminating zero.
-	(as_reserve): don't loop.  better heuristic for how much space to
- 	realloc.
-	(vasnprintf): simplify initializing to one.
-
-Sun Nov 30 14:56:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* getarg.c: Add mandoc help back-end to getarg.
-
-Wed Nov 12 01:09:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* verr.c, verrx.c: Fix warnings by moving exit from.
-
-Tue Nov 11 21:12:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* parse_units.c: Change the list of separating characters (between
- 	units) to comma, space, and tab, removing digits. Having digits in
- 	this list makes a flag like `T42 generate a parse error. This
- 	change makes `17m3s' an invalid time-spec (you need a space).
-
-Tue Nov 11 02:38:44 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: add <sys/socket.h>
-
-Sun Nov  9 04:48:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* fnmatch.c: Add fnmatch from NetBSD
-
-Sun Nov  9 02:00:08 1997  Assar Westerlund  <assar@sics.se>
-
-	* parse_units.c (parse_something): ignore white-space and ','
-
-Mon Nov  3 22:38:32 1997  Assar Westerlund  <assar@sics.se>
-	
-	* roken.h: fclose prototype
-
-	* roken.h: add prototype for vsyslog
-
-	* Makefile.in: add some more source files to make soriasis make
- 	happy
-
-Sat Nov  1 00:19:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: include <sys/uio.h> and <errno.h>.
-	prototypes for readv and writev
-
-	* readv.c, writev.c: new files
-
-Wed Oct 29 02:21:38 1997  Assar Westerlund  <assar@sics.se>
-
-	* roken.h: Add ugly macros for openlog, gethostbyname,
- 	gethostbyaddr, and getservbyname for the benefit of Crays.  Add
- 	default definition of MAXPATHLEN
diff --git a/crypto/heimdal/lib/roken/Makefile b/crypto/heimdal/lib/roken/Makefile
deleted file mode 100644
index b0e3c71fc961..000000000000
--- a/crypto/heimdal/lib/roken/Makefile
+++ /dev/null
@@ -1,1075 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/roken/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-ACLOCAL_AMFLAGS = -I ../../cf
-
-CLEANFILES = roken.h make-roken.c $(XHEADERS)
-
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 16:0:7
-
-noinst_PROGRAMS = make-roken snprintf-test
-
-nodist_make_roken_SOURCES = make-roken.c
-
-check_PROGRAMS = \
-		base64-test			\
-		getaddrinfo-test		\
-		parse_bytes-test		\
-		snprintf-test			\
-		strpftime-test
-
-
-TESTS = $(check_PROGRAMS)
-
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF
-
-strpftime_test_SOURCES = strpftime-test.c
-strpftime_test_LDADD = libtest.la $(LDADD)
-snprintf_test_SOURCES = snprintf-test.c
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS = -DTEST_SNPRINTF
-
-libroken_la_SOURCES = \
-	base64.c		\
-	bswap.c			\
-	concat.c		\
-	environment.c		\
-	eread.c			\
-	esetenv.c		\
-	ewrite.c		\
-	getaddrinfo_hostspec.c	\
-	get_default_username.c	\
-	get_window_size.c	\
-	getarg.c		\
-	getnameinfo_verified.c	\
-	getprogname.c		\
-	h_errno.c		\
-	hostent_find_fqdn.c	\
-	issuid.c		\
-	k_getpwnam.c		\
-	k_getpwuid.c		\
-	mini_inetd.c		\
-	net_read.c		\
-	net_write.c		\
-	parse_bytes.c		\
-	parse_time.c		\
-	parse_units.c		\
-	resolve.c		\
-	roken_gethostby.c	\
-	rtbl.c			\
-	rtbl.h			\
-	setprogname.c		\
-	signal.c		\
-	simple_exec.c		\
-	snprintf.c		\
-	socket.c		\
-	strcollect.c		\
-	timeval.c		\
-	tm2time.c		\
-	unvis.c			\
-	verify.c		\
-	vis.c			\
-	vis.h			\
-	warnerr.c		\
-	write_pid.c		\
-	xdbm.h
-
-
-EXTRA_libroken_la_SOURCES = \
-	chown.c			\
-	copyhostent.c		\
-	daemon.c		\
-	ecalloc.c		\
-	emalloc.c		\
-	erealloc.c		\
-	estrdup.c		\
-	err.c			\
-	err.hin			\
-	errx.c			\
-	fchown.c		\
-	flock.c			\
-	fnmatch.c		\
-	fnmatch.hin		\
-	freehostent.c		\
-	gai_strerror.c		\
-	getdtablesize.c		\
-	getegid.c		\
-	geteuid.c		\
-	getgid.c		\
-	gethostname.c		\
-	getifaddrs.c		\
-	getipnodebyaddr.c	\
-	getipnodebyname.c	\
-	getopt.c		\
-	gettimeofday.c		\
-	getuid.c		\
-	getusershell.c		\
-	glob.hin		\
-	hstrerror.c		\
-	ifaddrs.hin		\
-	inet_aton.c		\
-	inet_ntop.c		\
-	inet_pton.c		\
-	initgroups.c		\
-	innetgr.c		\
-	iruserok.c		\
-	lstat.c			\
-	memmove.c		\
-	mkstemp.c		\
-	putenv.c		\
-	rcmd.c			\
-	readv.c			\
-	recvmsg.c		\
-	sendmsg.c		\
-	setegid.c		\
-	setenv.c		\
-	seteuid.c		\
-	strcasecmp.c		\
-	strdup.c		\
-	strerror.c		\
-	strftime.c		\
-	strlcat.c		\
-	strlcpy.c		\
-	strlwr.c		\
-	strncasecmp.c		\
-	strndup.c		\
-	strnlen.c		\
-	strptime.c		\
-	strsep.c		\
-	strsep_copy.c		\
-	strtok_r.c		\
-	strupr.c		\
-	swab.c			\
-	unsetenv.c		\
-	verr.c			\
-	verrx.c			\
-	vis.hin			\
-	vsyslog.c		\
-	vwarn.c			\
-	vwarnx.c		\
-	warn.c			\
-	warnx.c			\
-	writev.c
-
-
-EXTRA_DIST = roken.awk roken.h.in
-
-libroken_la_LIBADD =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo $(DBLIB)
-
-BUILT_SOURCES = make-roken.c roken.h
-
-err_h = 
-#err_h = err.h
-
-#fnmatch_h = 
-fnmatch_h = fnmatch.h
-
-glob_h = 
-#glob_h = glob.h
-
-ifaddrs_h = 
-#ifaddrs_h = ifaddrs.h
-
-vis_h = 
-#vis_h = vis.h
-
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-
-include_HEADERS = \
-	base64.h				\
-	getarg.h				\
-	parse_bytes.h 				\
-	parse_time.h 				\
-	parse_units.h				\
-	resolve.h 				\
-	roken-common.h 				\
-	rtbl.h 					\
-	xdbm.h					\
-	$(XHEADERS) 
-
-
-nodist_include_HEADERS = roken.h
-
-man_MANS = getarg.3
-subdir = lib/roken
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-
-libroken_la_DEPENDENCIES =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-am_libroken_la_OBJECTS = base64.lo bswap.lo concat.lo environment.lo \
-	eread.lo esetenv.lo ewrite.lo getaddrinfo_hostspec.lo \
-	get_default_username.lo get_window_size.lo getarg.lo \
-	getnameinfo_verified.lo getprogname.lo h_errno.lo \
-	hostent_find_fqdn.lo issuid.lo k_getpwnam.lo k_getpwuid.lo \
-	mini_inetd.lo net_read.lo net_write.lo parse_bytes.lo \
-	parse_time.lo parse_units.lo resolve.lo roken_gethostby.lo \
-	rtbl.lo setprogname.lo signal.lo simple_exec.lo snprintf.lo \
-	socket.lo strcollect.lo timeval.lo tm2time.lo unvis.lo \
-	verify.lo vis.lo warnerr.lo write_pid.lo
-libroken_la_OBJECTS = $(am_libroken_la_OBJECTS)
-libtest_la_LDFLAGS =
-libtest_la_LIBADD =
-am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \
-	libtest_la-snprintf.lo
-libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
-check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \
-	parse_bytes-test$(EXEEXT) snprintf-test$(EXEEXT) \
-	strpftime-test$(EXEEXT)
-noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-base64_test_SOURCES = base64-test.c
-base64_test_OBJECTS = base64-test.$(OBJEXT)
-base64_test_LDADD = $(LDADD)
-base64_test_DEPENDENCIES = libroken.la
-base64_test_LDFLAGS =
-getaddrinfo_test_SOURCES = getaddrinfo-test.c
-getaddrinfo_test_OBJECTS = getaddrinfo-test.$(OBJEXT)
-getaddrinfo_test_LDADD = $(LDADD)
-getaddrinfo_test_DEPENDENCIES = libroken.la
-getaddrinfo_test_LDFLAGS =
-nodist_make_roken_OBJECTS = make-roken.$(OBJEXT)
-make_roken_OBJECTS = $(nodist_make_roken_OBJECTS)
-make_roken_DEPENDENCIES =
-make_roken_LDFLAGS =
-parse_bytes_test_SOURCES = parse_bytes-test.c
-parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT)
-parse_bytes_test_LDADD = $(LDADD)
-parse_bytes_test_DEPENDENCIES = libroken.la
-parse_bytes_test_LDFLAGS =
-am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT)
-snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS)
-snprintf_test_DEPENDENCIES = libtest.la libroken.la
-snprintf_test_LDFLAGS =
-am_strpftime_test_OBJECTS = strpftime-test.$(OBJEXT)
-strpftime_test_OBJECTS = $(am_strpftime_test_OBJECTS)
-strpftime_test_DEPENDENCIES = libtest.la libroken.la
-strpftime_test_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \
-	$(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \
-	parse_bytes-test.c $(snprintf_test_SOURCES) \
-	$(strpftime_test_SOURCES)
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS) $(nodist_include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \
-	acinclude.m4 freeaddrinfo.c getaddrinfo.c getcap.c \
-	getnameinfo.c glob.c install-sh missing mkinstalldirs
-SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(snprintf_test_SOURCES) $(strpftime_test_SOURCES)
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/roken/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libroken.la: $(libroken_la_OBJECTS) $(libroken_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libroken_la_LDFLAGS) $(libroken_la_OBJECTS) $(libroken_la_LIBADD) $(LIBS)
-libtest_la-strftime.lo: strftime.c
-libtest_la-strptime.lo: strptime.c
-libtest_la-snprintf.lo: snprintf.c
-libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) 
-	$(LINK)  $(libtest_la_LDFLAGS) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-base64-test$(EXEEXT): $(base64_test_OBJECTS) $(base64_test_DEPENDENCIES) 
-	@rm -f base64-test$(EXEEXT)
-	$(LINK) $(base64_test_LDFLAGS) $(base64_test_OBJECTS) $(base64_test_LDADD) $(LIBS)
-getaddrinfo-test$(EXEEXT): $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_DEPENDENCIES) 
-	@rm -f getaddrinfo-test$(EXEEXT)
-	$(LINK) $(getaddrinfo_test_LDFLAGS) $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_LDADD) $(LIBS)
-make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES) 
-	@rm -f make-roken$(EXEEXT)
-	$(LINK) $(make_roken_LDFLAGS) $(make_roken_OBJECTS) $(make_roken_LDADD) $(LIBS)
-parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) 
-	@rm -f parse_bytes-test$(EXEEXT)
-	$(LINK) $(parse_bytes_test_LDFLAGS) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS)
-snprintf_test-snprintf-test.$(OBJEXT): snprintf-test.c
-snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) 
-	@rm -f snprintf-test$(EXEEXT)
-	$(LINK) $(snprintf_test_LDFLAGS) $(snprintf_test_OBJECTS) $(snprintf_test_LDADD) $(LIBS)
-strpftime-test$(EXEEXT): $(strpftime_test_OBJECTS) $(strpftime_test_DEPENDENCIES) 
-	@rm -f strpftime-test$(EXEEXT)
-	$(LINK) $(strpftime_test_LDFLAGS) $(strpftime_test_OBJECTS) $(strpftime_test_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-libtest_la-strftime.o: strftime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.o `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
-
-libtest_la-strftime.obj: strftime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.obj `cygpath -w strftime.c`
-
-libtest_la-strftime.lo: strftime.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
-
-libtest_la-strptime.o: strptime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.o `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
-
-libtest_la-strptime.obj: strptime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.obj `cygpath -w strptime.c`
-
-libtest_la-strptime.lo: strptime.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
-
-libtest_la-snprintf.o: snprintf.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.o `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-libtest_la-snprintf.obj: snprintf.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.obj `cygpath -w snprintf.c`
-
-libtest_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-snprintf_test-snprintf-test.o: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
-
-snprintf_test-snprintf-test.obj: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `cygpath -w snprintf-test.c`
-
-snprintf_test-snprintf-test.lo: snprintf-test.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.lo `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    3*) ;; \
-	    *) ext='3' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(nodist_includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(nodist_includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list='$(TESTS)'; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xpass=`expr $$xpass + 1`; \
-	        failed=`expr $$failed + 1`; \
-	        echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-	        echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xfail=`expr $$xfail + 1`; \
-	        echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-	        failed=`expr $$failed + 1`; \
-	        echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS install-man \
-	install-nodist_includeHEADERS
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-nodist_includeHEADERS
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-man3 \
-	install-nodist_includeHEADERS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): $(include_HEADERS) roken.h $(XHEADERS)
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am
deleted file mode 100644
index a850ee82549b..000000000000
--- a/crypto/heimdal/lib/roken/Makefile.am
+++ /dev/null
@@ -1,230 +0,0 @@
-# $Id: Makefile.am,v 1.122.6.1 2003/05/12 15:20:47 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-ACLOCAL_AMFLAGS = -I ../../cf
-
-CLEANFILES = roken.h make-roken.c $(XHEADERS)
-
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 16:2:0
-
-noinst_PROGRAMS = make-roken snprintf-test
-
-nodist_make_roken_SOURCES = make-roken.c
-
-check_PROGRAMS = 				\
-		base64-test			\
-		getaddrinfo-test		\
-		parse_bytes-test		\
-		parse_reply-test		\
-		snprintf-test			\
-		strpftime-test
-
-TESTS = $(check_PROGRAMS)
-
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF
-
-parse_reply_test_SOURCES = parse_reply-test.c resolve.c
-parse_reply_test_CFLAGS  = -DTEST_RESOLVE
-
-strpftime_test_SOURCES	= strpftime-test.c
-strpftime_test_LDADD = libtest.la $(LDADD)
-snprintf_test_SOURCES	= snprintf-test.c
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS	= -DTEST_SNPRINTF
-
-libroken_la_SOURCES =		\
-	base64.c		\
-	bswap.c			\
-	concat.c		\
-	environment.c		\
-	eread.c			\
-	esetenv.c		\
-	ewrite.c		\
-	getaddrinfo_hostspec.c	\
-	get_default_username.c	\
-	get_window_size.c	\
-	getarg.c		\
-	getnameinfo_verified.c	\
-	getprogname.c		\
-	h_errno.c		\
-	hostent_find_fqdn.c	\
-	issuid.c		\
-	k_getpwnam.c		\
-	k_getpwuid.c		\
-	mini_inetd.c		\
-	net_read.c		\
-	net_write.c		\
-	parse_bytes.c		\
-	parse_time.c		\
-	parse_units.c		\
-	resolve.c		\
-	roken_gethostby.c	\
-	rtbl.c			\
-	rtbl.h			\
-	setprogname.c		\
-	signal.c		\
-	simple_exec.c		\
-	snprintf.c		\
-	socket.c		\
-	strcollect.c		\
-	timeval.c		\
-	tm2time.c		\
-	unvis.c			\
-	verify.c		\
-	vis.c			\
-	vis.h			\
-	warnerr.c		\
-	write_pid.c		\
-	xdbm.h
-
-EXTRA_libroken_la_SOURCES =	\
-	chown.c			\
-	copyhostent.c		\
-	daemon.c		\
-	ecalloc.c		\
-	emalloc.c		\
-	erealloc.c		\
-	estrdup.c		\
-	err.c			\
-	err.hin			\
-	errx.c			\
-	fchown.c		\
-	flock.c			\
-	fnmatch.c		\
-	fnmatch.hin		\
-	freehostent.c		\
-	gai_strerror.c		\
-	getdtablesize.c		\
-	getegid.c		\
-	geteuid.c		\
-	getgid.c		\
-	gethostname.c		\
-	getifaddrs.c		\
-	getipnodebyaddr.c	\
-	getipnodebyname.c	\
-	getopt.c		\
-	gettimeofday.c		\
-	getuid.c		\
-	getusershell.c		\
-	glob.hin		\
-	hstrerror.c		\
-	ifaddrs.hin		\
-	inet_aton.c		\
-	inet_ntop.c		\
-	inet_pton.c		\
-	initgroups.c		\
-	innetgr.c		\
-	iruserok.c		\
-	lstat.c			\
-	memmove.c		\
-	mkstemp.c		\
-	putenv.c		\
-	rcmd.c			\
-	readv.c			\
-	recvmsg.c		\
-	sendmsg.c		\
-	setegid.c		\
-	setenv.c		\
-	seteuid.c		\
-	strcasecmp.c		\
-	strdup.c		\
-	strerror.c		\
-	strftime.c		\
-	strlcat.c		\
-	strlcpy.c		\
-	strlwr.c		\
-	strncasecmp.c		\
-	strndup.c		\
-	strnlen.c		\
-	strptime.c		\
-	strsep.c		\
-	strsep_copy.c		\
-	strtok_r.c		\
-	strupr.c		\
-	swab.c			\
-	unsetenv.c		\
-	verr.c			\
-	verrx.c			\
-	vis.hin			\
-	vsyslog.c		\
-	vwarn.c			\
-	vwarnx.c		\
-	warn.c			\
-	warnx.c			\
-	writev.c
-
-EXTRA_DIST = roken.awk roken.h.in
-
-libroken_la_LIBADD = @LTLIBOBJS@ $(DBLIB)
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): $(include_HEADERS) roken.h $(XHEADERS)
-
-BUILT_SOURCES = make-roken.c roken.h
-
-if have_err_h
-err_h =
-else
-err_h = err.h
-endif
-
-if have_fnmatch_h
-fnmatch_h =
-else
-fnmatch_h = fnmatch.h
-endif
-
-if have_glob_h
-glob_h =
-else
-glob_h = glob.h
-endif
-
-if have_ifaddrs_h
-ifaddrs_h =
-else
-ifaddrs_h = ifaddrs.h
-endif
-
-if have_vis_h
-vis_h = 
-else
-vis_h = vis.h
-endif
-
-## these are controlled by configure
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-
-include_HEADERS = 				\
-	base64.h				\
-	getarg.h				\
-	parse_bytes.h 				\
-	parse_time.h 				\
-	parse_units.h				\
-	resolve.h 				\
-	roken-common.h 				\
-	rtbl.h 					\
-	xdbm.h					\
-	$(XHEADERS) 
-
-nodist_include_HEADERS = roken.h
-
-man_MANS = getarg.3
-
-SUFFIXES += .hin
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in
deleted file mode 100644
index 192fb3bc25a0..000000000000
--- a/crypto/heimdal/lib/roken/Makefile.in
+++ /dev/null
@@ -1,1087 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.122.6.1 2003/05/12 15:20:47 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-ACLOCAL_AMFLAGS = -I ../../cf
-
-CLEANFILES = roken.h make-roken.c $(XHEADERS)
-
-lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 16:2:0
-
-noinst_PROGRAMS = make-roken snprintf-test
-
-nodist_make_roken_SOURCES = make-roken.c
-
-check_PROGRAMS = \
-		base64-test			\
-		getaddrinfo-test		\
-		parse_bytes-test		\
-		parse_reply-test		\
-		snprintf-test			\
-		strpftime-test
-
-
-TESTS = $(check_PROGRAMS)
-
-LDADD = libroken.la $(LIB_crypt)
-make_roken_LDADD = 
-
-noinst_LTLIBRARIES = libtest.la
-libtest_la_SOURCES = strftime.c strptime.c snprintf.c
-libtest_la_CFLAGS = -DTEST_SNPRINTF
-
-parse_reply_test_SOURCES = parse_reply-test.c resolve.c
-parse_reply_test_CFLAGS = -DTEST_RESOLVE
-
-strpftime_test_SOURCES = strpftime-test.c
-strpftime_test_LDADD = libtest.la $(LDADD)
-snprintf_test_SOURCES = snprintf-test.c
-snprintf_test_LDADD = libtest.la $(LDADD)
-snprintf_test_CFLAGS = -DTEST_SNPRINTF
-
-libroken_la_SOURCES = \
-	base64.c		\
-	bswap.c			\
-	concat.c		\
-	environment.c		\
-	eread.c			\
-	esetenv.c		\
-	ewrite.c		\
-	getaddrinfo_hostspec.c	\
-	get_default_username.c	\
-	get_window_size.c	\
-	getarg.c		\
-	getnameinfo_verified.c	\
-	getprogname.c		\
-	h_errno.c		\
-	hostent_find_fqdn.c	\
-	issuid.c		\
-	k_getpwnam.c		\
-	k_getpwuid.c		\
-	mini_inetd.c		\
-	net_read.c		\
-	net_write.c		\
-	parse_bytes.c		\
-	parse_time.c		\
-	parse_units.c		\
-	resolve.c		\
-	roken_gethostby.c	\
-	rtbl.c			\
-	rtbl.h			\
-	setprogname.c		\
-	signal.c		\
-	simple_exec.c		\
-	snprintf.c		\
-	socket.c		\
-	strcollect.c		\
-	timeval.c		\
-	tm2time.c		\
-	unvis.c			\
-	verify.c		\
-	vis.c			\
-	vis.h			\
-	warnerr.c		\
-	write_pid.c		\
-	xdbm.h
-
-
-EXTRA_libroken_la_SOURCES = \
-	chown.c			\
-	copyhostent.c		\
-	daemon.c		\
-	ecalloc.c		\
-	emalloc.c		\
-	erealloc.c		\
-	estrdup.c		\
-	err.c			\
-	err.hin			\
-	errx.c			\
-	fchown.c		\
-	flock.c			\
-	fnmatch.c		\
-	fnmatch.hin		\
-	freehostent.c		\
-	gai_strerror.c		\
-	getdtablesize.c		\
-	getegid.c		\
-	geteuid.c		\
-	getgid.c		\
-	gethostname.c		\
-	getifaddrs.c		\
-	getipnodebyaddr.c	\
-	getipnodebyname.c	\
-	getopt.c		\
-	gettimeofday.c		\
-	getuid.c		\
-	getusershell.c		\
-	glob.hin		\
-	hstrerror.c		\
-	ifaddrs.hin		\
-	inet_aton.c		\
-	inet_ntop.c		\
-	inet_pton.c		\
-	initgroups.c		\
-	innetgr.c		\
-	iruserok.c		\
-	lstat.c			\
-	memmove.c		\
-	mkstemp.c		\
-	putenv.c		\
-	rcmd.c			\
-	readv.c			\
-	recvmsg.c		\
-	sendmsg.c		\
-	setegid.c		\
-	setenv.c		\
-	seteuid.c		\
-	strcasecmp.c		\
-	strdup.c		\
-	strerror.c		\
-	strftime.c		\
-	strlcat.c		\
-	strlcpy.c		\
-	strlwr.c		\
-	strncasecmp.c		\
-	strndup.c		\
-	strnlen.c		\
-	strptime.c		\
-	strsep.c		\
-	strsep_copy.c		\
-	strtok_r.c		\
-	strupr.c		\
-	swab.c			\
-	unsetenv.c		\
-	verr.c			\
-	verrx.c			\
-	vis.hin			\
-	vsyslog.c		\
-	vwarn.c			\
-	vwarnx.c		\
-	warn.c			\
-	warnx.c			\
-	writev.c
-
-
-EXTRA_DIST = roken.awk roken.h.in
-
-libroken_la_LIBADD = @LTLIBOBJS@ $(DBLIB)
-
-BUILT_SOURCES = make-roken.c roken.h
-
-@have_err_h_TRUE@err_h = 
-@have_err_h_FALSE@err_h = err.h
-
-@have_fnmatch_h_TRUE@fnmatch_h = 
-@have_fnmatch_h_FALSE@fnmatch_h = fnmatch.h
-
-@have_glob_h_TRUE@glob_h = 
-@have_glob_h_FALSE@glob_h = glob.h
-
-@have_ifaddrs_h_TRUE@ifaddrs_h = 
-@have_ifaddrs_h_FALSE@ifaddrs_h = ifaddrs.h
-
-@have_vis_h_TRUE@vis_h = 
-@have_vis_h_FALSE@vis_h = vis.h
-
-XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
-
-include_HEADERS = \
-	base64.h				\
-	getarg.h				\
-	parse_bytes.h 				\
-	parse_time.h 				\
-	parse_units.h				\
-	resolve.h 				\
-	roken-common.h 				\
-	rtbl.h 					\
-	xdbm.h					\
-	$(XHEADERS) 
-
-
-nodist_include_HEADERS = roken.h
-
-man_MANS = getarg.3
-subdir = lib/roken
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-
-libroken_la_DEPENDENCIES = @LTLIBOBJS@
-am_libroken_la_OBJECTS = base64.lo bswap.lo concat.lo environment.lo \
-	eread.lo esetenv.lo ewrite.lo getaddrinfo_hostspec.lo \
-	get_default_username.lo get_window_size.lo getarg.lo \
-	getnameinfo_verified.lo getprogname.lo h_errno.lo \
-	hostent_find_fqdn.lo issuid.lo k_getpwnam.lo k_getpwuid.lo \
-	mini_inetd.lo net_read.lo net_write.lo parse_bytes.lo \
-	parse_time.lo parse_units.lo resolve.lo roken_gethostby.lo \
-	rtbl.lo setprogname.lo signal.lo simple_exec.lo snprintf.lo \
-	socket.lo strcollect.lo timeval.lo tm2time.lo unvis.lo \
-	verify.lo vis.lo warnerr.lo write_pid.lo
-libroken_la_OBJECTS = $(am_libroken_la_OBJECTS)
-libtest_la_LDFLAGS =
-libtest_la_LIBADD =
-am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \
-	libtest_la-snprintf.lo
-libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
-check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \
-	parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \
-	snprintf-test$(EXEEXT) strpftime-test$(EXEEXT)
-noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-base64_test_SOURCES = base64-test.c
-base64_test_OBJECTS = base64-test.$(OBJEXT)
-base64_test_LDADD = $(LDADD)
-base64_test_DEPENDENCIES = libroken.la
-base64_test_LDFLAGS =
-getaddrinfo_test_SOURCES = getaddrinfo-test.c
-getaddrinfo_test_OBJECTS = getaddrinfo-test.$(OBJEXT)
-getaddrinfo_test_LDADD = $(LDADD)
-getaddrinfo_test_DEPENDENCIES = libroken.la
-getaddrinfo_test_LDFLAGS =
-nodist_make_roken_OBJECTS = make-roken.$(OBJEXT)
-make_roken_OBJECTS = $(nodist_make_roken_OBJECTS)
-make_roken_DEPENDENCIES =
-make_roken_LDFLAGS =
-parse_bytes_test_SOURCES = parse_bytes-test.c
-parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT)
-parse_bytes_test_LDADD = $(LDADD)
-parse_bytes_test_DEPENDENCIES = libroken.la
-parse_bytes_test_LDFLAGS =
-am_parse_reply_test_OBJECTS = \
-	parse_reply_test-parse_reply-test.$(OBJEXT) \
-	parse_reply_test-resolve.$(OBJEXT)
-parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS)
-parse_reply_test_LDADD = $(LDADD)
-parse_reply_test_DEPENDENCIES = libroken.la
-parse_reply_test_LDFLAGS =
-am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT)
-snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS)
-snprintf_test_DEPENDENCIES = libtest.la libroken.la
-snprintf_test_LDFLAGS =
-am_strpftime_test_OBJECTS = strpftime-test.$(OBJEXT)
-strpftime_test_OBJECTS = $(am_strpftime_test_OBJECTS)
-strpftime_test_DEPENDENCIES = libtest.la libroken.la
-strpftime_test_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \
-	$(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \
-	parse_bytes-test.c $(parse_reply_test_SOURCES) \
-	$(snprintf_test_SOURCES) $(strpftime_test_SOURCES)
-MANS = $(man_MANS)
-HEADERS = $(include_HEADERS) $(nodist_include_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \
-	acinclude.m4 freeaddrinfo.c getaddrinfo.c getcap.c \
-	getnameinfo.c glob.c install-sh missing mkinstalldirs
-SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(parse_reply_test_SOURCES) $(snprintf_test_SOURCES) $(strpftime_test_SOURCES)
-
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/roken/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-libroken.la: $(libroken_la_OBJECTS) $(libroken_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libroken_la_LDFLAGS) $(libroken_la_OBJECTS) $(libroken_la_LIBADD) $(LIBS)
-libtest_la-strftime.lo: strftime.c
-libtest_la-strptime.lo: strptime.c
-libtest_la-snprintf.lo: snprintf.c
-libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) 
-	$(LINK)  $(libtest_la_LDFLAGS) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
-
-clean-checkPROGRAMS:
-	-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-base64-test$(EXEEXT): $(base64_test_OBJECTS) $(base64_test_DEPENDENCIES) 
-	@rm -f base64-test$(EXEEXT)
-	$(LINK) $(base64_test_LDFLAGS) $(base64_test_OBJECTS) $(base64_test_LDADD) $(LIBS)
-getaddrinfo-test$(EXEEXT): $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_DEPENDENCIES) 
-	@rm -f getaddrinfo-test$(EXEEXT)
-	$(LINK) $(getaddrinfo_test_LDFLAGS) $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_LDADD) $(LIBS)
-make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES) 
-	@rm -f make-roken$(EXEEXT)
-	$(LINK) $(make_roken_LDFLAGS) $(make_roken_OBJECTS) $(make_roken_LDADD) $(LIBS)
-parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) 
-	@rm -f parse_bytes-test$(EXEEXT)
-	$(LINK) $(parse_bytes_test_LDFLAGS) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS)
-parse_reply_test-parse_reply-test.$(OBJEXT): parse_reply-test.c
-parse_reply_test-resolve.$(OBJEXT): resolve.c
-parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES) 
-	@rm -f parse_reply-test$(EXEEXT)
-	$(LINK) $(parse_reply_test_LDFLAGS) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS)
-snprintf_test-snprintf-test.$(OBJEXT): snprintf-test.c
-snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) 
-	@rm -f snprintf-test$(EXEEXT)
-	$(LINK) $(snprintf_test_LDFLAGS) $(snprintf_test_OBJECTS) $(snprintf_test_LDADD) $(LIBS)
-strpftime-test$(EXEEXT): $(strpftime_test_OBJECTS) $(strpftime_test_DEPENDENCIES) 
-	@rm -f strpftime-test$(EXEEXT)
-	$(LINK) $(strpftime_test_LDFLAGS) $(strpftime_test_OBJECTS) $(strpftime_test_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-libtest_la-strftime.o: strftime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.o `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
-
-libtest_la-strftime.obj: strftime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.obj `cygpath -w strftime.c`
-
-libtest_la-strftime.lo: strftime.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
-
-libtest_la-strptime.o: strptime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.o `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
-
-libtest_la-strptime.obj: strptime.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.obj `cygpath -w strptime.c`
-
-libtest_la-strptime.lo: strptime.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
-
-libtest_la-snprintf.o: snprintf.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.o `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-libtest_la-snprintf.obj: snprintf.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.obj `cygpath -w snprintf.c`
-
-libtest_la-snprintf.lo: snprintf.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
-
-parse_reply_test-parse_reply-test.o: parse_reply-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
-
-parse_reply_test-parse_reply-test.obj: parse_reply-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `cygpath -w parse_reply-test.c`
-
-parse_reply_test-parse_reply-test.lo: parse_reply-test.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.lo `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
-
-parse_reply_test-resolve.o: resolve.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
-
-parse_reply_test-resolve.obj: resolve.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `cygpath -w resolve.c`
-
-parse_reply_test-resolve.lo: resolve.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
-
-snprintf_test-snprintf-test.o: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
-
-snprintf_test-snprintf-test.obj: snprintf-test.c
-	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `cygpath -w snprintf-test.c`
-
-snprintf_test-snprintf-test.lo: snprintf-test.c
-	$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.lo `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man3dir = $(mandir)/man3
-install-man3: $(man3_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man3dir)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
-	done
-uninstall-man3:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.3*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man3dir)/$$inst; \
-	done
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-nodist_includeHEADERS: $(nodist_include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(nodist_includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(nodist_includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-nodist_includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nodist_include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list='$(TESTS)'; \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xpass=`expr $$xpass + 1`; \
-	        failed=`expr $$failed + 1`; \
-	        echo "XPASS: $$tst"; \
-	      ;; \
-	      *) \
-	        echo "PASS: $$tst"; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *" $$tst "*) \
-	        xfail=`expr $$xfail + 1`; \
-	        echo "XFAIL: $$tst"; \
-	      ;; \
-	      *) \
-	        failed=`expr $$failed + 1`; \
-	        echo "FAIL: $$tst"; \
-	      ;; \
-	      esac; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="All $$all tests passed"; \
-	    else \
-	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all tests failed"; \
-	    else \
-	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
-	    fi; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir) $(DESTDIR)$(includedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \
-	mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-man \
-	install-nodist_includeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man3
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man \
-	uninstall-nodist_includeHEADERS
-
-uninstall-man: uninstall-man3
-
-.PHONY: GTAGS all all-am all-local check check-TESTS check-am \
-	check-local clean clean-checkPROGRAMS clean-generic \
-	clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-man3 \
-	install-nodist_includeHEADERS install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
-	uninstall-nodist_includeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(LTLIBOBJS) $(libroken_la_OBJECTS): $(include_HEADERS) roken.h $(XHEADERS)
-.hin.h:
-	cp $< $@
-
-roken.h: make-roken$(EXEEXT)
-	@./make-roken$(EXEEXT) > tmp.h ;\
-	if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
-	else rm -f roken.h; mv tmp.h roken.h; fi
-
-make-roken.c: roken.h.in roken.awk
-	$(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/roken/acconfig.h b/crypto/heimdal/lib/roken/acconfig.h
deleted file mode 100644
index 5fbe685ce386..000000000000
--- a/crypto/heimdal/lib/roken/acconfig.h
+++ /dev/null
@@ -1,36 +0,0 @@
-@BOTTOM@
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
-
-#undef PROTOTYPES
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-/*
- * Define NDBM if you are using the 4.3 ndbm library (which is part of
- * libc).  If not defined, 4.2 dbm will be assumed.
- */
-#if defined(HAVE_DBM_FIRSTKEY)
-#define NDBM
-#endif
-
-/*
- * Defining this enables lots of useful (and used) extensions on
- * glibc-based systems such as Linux
- */
-
-#define _GNU_SOURCE
diff --git a/crypto/heimdal/lib/roken/acinclude.m4 b/crypto/heimdal/lib/roken/acinclude.m4
deleted file mode 100644
index 1d0197c5ce37..000000000000
--- a/crypto/heimdal/lib/roken/acinclude.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id$
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/lib/roken/base64-test.c b/crypto/heimdal/lib/roken/base64-test.c
deleted file mode 100644
index eace04b01a97..000000000000
--- a/crypto/heimdal/lib/roken/base64-test.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: base64-test.c,v 1.2 2001/05/29 13:12:21 assar Exp $");
-#endif
-
-#include <roken.h>
-#include <base64.h>
-
-int
-main(int argc, char **argv)
-{
-    int numerr = 0;
-    int numtest = 1;
-    struct test {
-	void *data;
-	size_t len;
-	const char *result;
-    } *t, tests[] = {
-	{ "", 0 , "" },
-	{ "1", 1, "MQ==" },
-	{ "22", 2, "MjI=" },
-	{ "333", 3, "MzMz" },
-	{ "4444", 4, "NDQ0NA==" },
-	{ "55555", 5, "NTU1NTU=" },
-	{ "abc:def", 7, "YWJjOmRlZg==" },
-	{ NULL }
-    };
-    for(t = tests; t->data; t++) {
-	char *str;
-	int len;
-	len = base64_encode(t->data, t->len, &str);
-	if(strcmp(str, t->result) != 0) {
-	    fprintf(stderr, "failed test %d: %s != %s\n", numtest, 
-		    str, t->result);
-	    numerr++;
-	}
-	free(str);
-	str = strdup(t->result);
-	len = base64_decode(t->result, str);
-	if(len != t->len) {
-	    fprintf(stderr, "failed test %d: len %d != %d\n", numtest,
-		    len, t->len);
-	    numerr++;
-	} else if(memcmp(str, t->data, t->len) != 0) {
-	    fprintf(stderr, "failed test %d: data\n", numtest);
-	    numerr++;
-	}
-	free(str);
-	numtest++;
-    }
-
-    {
-	char str[32];
-	if(base64_decode("M=M=", str) != -1) {
-	    fprintf(stderr, "failed test %d: successful decode of `M=M='\n", 
-		    numtest++);
-	    numerr++;
-	}
-	if(base64_decode("MQ===", str) != -1) {
-	    fprintf(stderr, "failed test %d: successful decode of `MQ==='\n", 
-		    numtest++);
-	    numerr++;
-	}
-    }
-    return numerr;
-}
diff --git a/crypto/heimdal/lib/roken/base64.c b/crypto/heimdal/lib/roken/base64.c
deleted file mode 100644
index 21e79c1190ac..000000000000
--- a/crypto/heimdal/lib/roken/base64.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: base64.c,v 1.5 2001/05/28 17:33:41 joda Exp $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-#include "base64.h"
-
-static char base64_chars[] = 
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static int 
-pos(char c)
-{
-    char *p;
-    for (p = base64_chars; *p; p++)
-	if (*p == c)
-	    return p - base64_chars;
-    return -1;
-}
-
-int 
-base64_encode(const void *data, int size, char **str)
-{
-    char *s, *p;
-    int i;
-    int c;
-    const unsigned char *q;
-
-    p = s = (char *) malloc(size * 4 / 3 + 4);
-    if (p == NULL)
-	return -1;
-    q = (const unsigned char *) data;
-    i = 0;
-    for (i = 0; i < size;) {
-	c = q[i++];
-	c *= 256;
-	if (i < size)
-	    c += q[i];
-	i++;
-	c *= 256;
-	if (i < size)
-	    c += q[i];
-	i++;
-	p[0] = base64_chars[(c & 0x00fc0000) >> 18];
-	p[1] = base64_chars[(c & 0x0003f000) >> 12];
-	p[2] = base64_chars[(c & 0x00000fc0) >> 6];
-	p[3] = base64_chars[(c & 0x0000003f) >> 0];
-	if (i > size)
-	    p[3] = '=';
-	if (i > size + 1)
-	    p[2] = '=';
-	p += 4;
-    }
-    *p = 0;
-    *str = s;
-    return strlen(s);
-}
-
-#define DECODE_ERROR 0xffffffff
-
-static unsigned int
-token_decode(const char *token)
-{
-    int i;
-    unsigned int val = 0;
-    int marker = 0;
-    if (strlen(token) < 4)
-	return DECODE_ERROR;
-    for (i = 0; i < 4; i++) {
-	val *= 64;
-	if (token[i] == '=')
-	    marker++;
-	else if (marker > 0)
-	    return DECODE_ERROR;
-	else
-	    val += pos(token[i]);
-    }
-    if (marker > 2)
-	return DECODE_ERROR;
-    return (marker << 24) | val;
-}
-
-int
-base64_decode(const char *str, void *data)
-{
-    const char *p;
-    unsigned char *q;
-
-    q = data;
-    for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
-	unsigned int val = token_decode(p);
-	unsigned int marker = (val >> 24) & 0xff;
-	if (val == DECODE_ERROR)
-	    return -1;
-	*q++ = (val >> 16) & 0xff;
-	if (marker < 2)
-	    *q++ = (val >> 8) & 0xff;
-	if (marker < 1)
-	    *q++ = val & 0xff;
-    }
-    return q - (unsigned char *) data;
-}
diff --git a/crypto/heimdal/lib/roken/base64.h b/crypto/heimdal/lib/roken/base64.h
deleted file mode 100644
index 5ad1e3b18ea9..000000000000
--- a/crypto/heimdal/lib/roken/base64.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: base64.h,v 1.2 1999/12/02 16:58:45 joda Exp $ */
-
-#ifndef _BASE64_H_
-#define _BASE64_H_
-
-int base64_encode(const void *data, int size, char **str);
-int base64_decode(const char *str, void *data);
-
-#endif
diff --git a/crypto/heimdal/lib/roken/base64.lo b/crypto/heimdal/lib/roken/base64.lo
deleted file mode 100644
index 365de5980c7a..000000000000
--- a/crypto/heimdal/lib/roken/base64.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/bswap.c b/crypto/heimdal/lib/roken/bswap.c
deleted file mode 100644
index c57dc6f38f40..000000000000
--- a/crypto/heimdal/lib/roken/bswap.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: bswap.c,v 1.3 2001/05/18 15:32:11 joda Exp $");
-
-#ifndef HAVE_BSWAP32
-
-unsigned int
-bswap32 (unsigned int val)
-{
-    return (val & 0xff) << 24 |
-	(val & 0xff00) << 8 |
-	(val & 0xff0000) >> 8 |
-	(val & 0xff000000) >> 24;
-}
-#endif
-
-#ifndef HAVE_BSWAP16
-
-unsigned short
-bswap16 (unsigned short val)
-{
-    return (val & 0xff) << 8 |
-	(val & 0xff00) >> 8;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/bswap.lo b/crypto/heimdal/lib/roken/bswap.lo
deleted file mode 100644
index dc6617e085a9..000000000000
--- a/crypto/heimdal/lib/roken/bswap.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/chown.c b/crypto/heimdal/lib/roken/chown.c
deleted file mode 100644
index f3d34e303030..000000000000
--- a/crypto/heimdal/lib/roken/chown.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: chown.c,v 1.3 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include "roken.h"
-
-int
-chown(const char *path, uid_t owner, gid_t group)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/concat.c b/crypto/heimdal/lib/roken/concat.c
deleted file mode 100644
index ca295c030ae5..000000000000
--- a/crypto/heimdal/lib/roken/concat.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: concat.c,v 1.4 1999/12/02 16:58:45 joda Exp $");
-#endif
-#include "roken.h"
-
-int
-roken_concat (char *s, size_t len, ...)
-{
-    int ret;
-    va_list args;
-
-    va_start(args, len);
-    ret = roken_vconcat (s, len, args);
-    va_end(args);
-    return ret;
-}
-
-int
-roken_vconcat (char *s, size_t len, va_list args)
-{
-    const char *a;
-
-    while ((a = va_arg(args, const char*))) {
-	size_t n = strlen (a);
-
-	if (n >= len)
-	    return -1;
-	memcpy (s, a, n);
-	s += n;
-	len -= n;
-    }
-    *s = '\0';
-    return 0;
-}
-
-size_t
-roken_vmconcat (char **s, size_t max_len, va_list args)
-{
-    const char *a;
-    char *p, *q;
-    size_t len = 0;
-    *s = NULL;
-    p = malloc(1);
-    if(p == NULL)
-	return 0;
-    len = 1;
-    while ((a = va_arg(args, const char*))) {
-	size_t n = strlen (a);
-	
-	if(max_len && len + n > max_len){
-	    free(p);
-	    return 0;
-	}
-	q = realloc(p, len + n);
-	if(q == NULL){
-	    free(p);
-	    return 0;
-	}
-	p = q;
-	memcpy (p + len - 1, a, n);
-	len += n;
-    }
-    p[len - 1] = '\0';
-    *s = p;
-    return len;
-}
-
-size_t
-roken_mconcat (char **s, size_t max_len, ...)
-{
-    int ret;
-    va_list args;
-
-    va_start(args, max_len);
-    ret = roken_vmconcat (s, max_len, args);
-    va_end(args);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/concat.lo b/crypto/heimdal/lib/roken/concat.lo
deleted file mode 100644
index 7450dd57d7f5..000000000000
--- a/crypto/heimdal/lib/roken/concat.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/config.h.in b/crypto/heimdal/lib/roken/config.h.in
deleted file mode 100644
index b3df98912148..000000000000
--- a/crypto/heimdal/lib/roken/config.h.in
+++ /dev/null
@@ -1 +0,0 @@
-/*autoheader*/
diff --git a/crypto/heimdal/lib/roken/copyhostent.c b/crypto/heimdal/lib/roken/copyhostent.c
deleted file mode 100644
index a3be6db9134d..000000000000
--- a/crypto/heimdal/lib/roken/copyhostent.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: copyhostent.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * return a malloced copy of `h'
- */
-
-struct hostent *
-copyhostent (const struct hostent *h)
-{
-    struct hostent *res;
-    char **p;
-    int i, n;
-
-    res = malloc (sizeof (*res));
-    if (res == NULL)
-	return NULL;
-    res->h_name      = NULL;
-    res->h_aliases   = NULL;
-    res->h_addrtype  = h->h_addrtype;
-    res->h_length    = h->h_length;
-    res->h_addr_list = NULL;
-    res->h_name = strdup (h->h_name);
-    if (res->h_name == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (n = 0, p = h->h_aliases; *p != NULL; ++p)
-	++n;
-    res->h_aliases = malloc ((n + 1) * sizeof(*res->h_aliases));
-    if (res->h_aliases == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (i = 0; i < n + 1; ++i)
-	res->h_aliases[i] = NULL;
-    for (i = 0; i < n; ++i) {
-	res->h_aliases[i] = strdup (h->h_aliases[i]);
-	if (res->h_aliases[i] == NULL) {
-	    freehostent (res);
-	    return NULL;
-	}
-    }
-
-    for (n = 0, p = h->h_addr_list; *p != NULL; ++p)
-	++n;
-    res->h_addr_list = malloc ((n + 1) * sizeof(*res->h_addr_list));
-    if (res->h_addr_list == NULL) {
-	freehostent (res);
-	return NULL;
-    }
-    for (i = 0; i < n + 1; ++i) {
-	res->h_addr_list[i] = NULL;
-    }
-    for (i = 0; i < n; ++i) {
-	res->h_addr_list[i] = malloc (h->h_length);
-	if (res->h_addr_list[i] == NULL) {
-	    freehostent (res);
-	    return NULL;
-	}
-	memcpy (res->h_addr_list[i], h->h_addr_list[i], h->h_length);
-    }
-    return res;
-}
-
diff --git a/crypto/heimdal/lib/roken/copyhostent.lo b/crypto/heimdal/lib/roken/copyhostent.lo
deleted file mode 100644
index 500605864b5a..000000000000
--- a/crypto/heimdal/lib/roken/copyhostent.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/daemon.c b/crypto/heimdal/lib/roken/daemon.c
deleted file mode 100644
index 758856c8ada8..000000000000
--- a/crypto/heimdal/lib/roken/daemon.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)daemon.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: daemon.c,v 1.3 1997/10/04 21:55:48 joda Exp $");
-
-#ifndef HAVE_DAEMON
-
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int
-daemon(int nochdir, int noclose)
-{
-    int fd;
-
-    switch (fork()) {
-    case -1:
-	return (-1);
-    case 0:
-	break;
-    default:
-	_exit(0);
-    }
-
-    if (setsid() == -1)
-	return (-1);
-
-    if (!nochdir)
-	chdir("/");
-
-    if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-	dup2(fd, STDIN_FILENO);
-	dup2(fd, STDOUT_FILENO);
-	dup2(fd, STDERR_FILENO);
-	if (fd > 2)
-	    close (fd);
-    }
-    return (0);
-}
-
-#endif /* HAVE_DAEMON */
diff --git a/crypto/heimdal/lib/roken/ecalloc.c b/crypto/heimdal/lib/roken/ecalloc.c
deleted file mode 100644
index 142704f5afb8..000000000000
--- a/crypto/heimdal/lib/roken/ecalloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ecalloc.c,v 1.1 2001/06/17 12:09:37 assar Exp $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include <roken.h>
-
-/*
- * Like calloc but never fails.
- */
-
-void *
-ecalloc (size_t number, size_t size)
-{
-    void *tmp = calloc (number, size);
-
-    if (tmp == NULL && number * size != 0)
-	errx (1, "calloc %lu failed", (unsigned long)number * size);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/ecalloc.lo b/crypto/heimdal/lib/roken/ecalloc.lo
deleted file mode 100644
index ab53ebf243d6..000000000000
--- a/crypto/heimdal/lib/roken/ecalloc.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/emalloc.c b/crypto/heimdal/lib/roken/emalloc.c
deleted file mode 100644
index e2734f36150a..000000000000
--- a/crypto/heimdal/lib/roken/emalloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: emalloc.c,v 1.5 2001/06/17 12:07:48 assar Exp $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include <roken.h>
-
-/*
- * Like malloc but never fails.
- */
-
-void *
-emalloc (size_t sz)
-{
-    void *tmp = malloc (sz);
-
-    if (tmp == NULL && sz != 0)
-	errx (1, "malloc %lu failed", (unsigned long)sz);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/emalloc.lo b/crypto/heimdal/lib/roken/emalloc.lo
deleted file mode 100644
index 6a312f8fb6f2..000000000000
--- a/crypto/heimdal/lib/roken/emalloc.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/environment.c b/crypto/heimdal/lib/roken/environment.c
deleted file mode 100644
index 62c732c5b47b..000000000000
--- a/crypto/heimdal/lib/roken/environment.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: environment.c,v 1.1 2000/06/21 02:05:03 assar Exp $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include "roken.h"
-
-/*
- * return count of environment assignments from `file' and 
- * list of malloced strings in `env'
- */
-
-int
-read_environment(const char *file, char ***env)
-{
-    int i, k;
-    FILE *F;
-    char **l;
-    char buf[BUFSIZ], *p, *r;
-
-    if ((F = fopen(file, "r")) == NULL) {
-	return 0;
-    }
-
-    i = 0;
-    if (*env) {
-	l = *env;
-	while (*l != NULL) {
-	    i++;
-	    l++;
-	}
-    }
-    l = *env;
-    /* This is somewhat more relaxed on what it accepts then
-     * Wietses sysv_environ from K4 was...
-     */
-    while (fgets(buf, BUFSIZ, F) != NULL) {
-	if (buf[0] == '#')
-	    continue;
-
-	p = strchr(buf, '#');
-	if (p != NULL)
-	    *p = '\0';
-
-	p = buf;
-	while (*p == ' ' || *p == '\t' || *p == '\n') p++;
-	if (*p == '\0')
-	    continue;
-
-	k = strlen(p);
-	if (p[k-1] == '\n')
-	    p[k-1] = '\0';
-
-	/* Here one should check that is is a 'valid' env string... */
-	r = strchr(p, '=');
-	if (r == NULL)
-	    continue;
-
-	l = realloc(l, (i+1) * sizeof (char *));
-	l[i++] = strdup(p);
-    }
-    fclose(F);
-    l = realloc(l, (i+1) * sizeof (char *));
-    l[i] = NULL;
-    *env = l;
-    return i;
-}
diff --git a/crypto/heimdal/lib/roken/environment.lo b/crypto/heimdal/lib/roken/environment.lo
deleted file mode 100644
index 00c57ae99cb8..000000000000
--- a/crypto/heimdal/lib/roken/environment.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/eread.c b/crypto/heimdal/lib/roken/eread.c
deleted file mode 100644
index 9a1b24bd55df..000000000000
--- a/crypto/heimdal/lib/roken/eread.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: eread.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include <unistd.h>
-#include <err.h>
-
-#include <roken.h>
-
-/*
- * Like read but never fails (and never returns partial data).
- */
-
-ssize_t
-eread (int fd, void *buf, size_t nbytes)
-{
-    ssize_t ret;
-
-    ret = net_read (fd, buf, nbytes);
-    if (ret < 0)
-	err (1, "read");
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/eread.lo b/crypto/heimdal/lib/roken/eread.lo
deleted file mode 100644
index 92723d7b4cad..000000000000
--- a/crypto/heimdal/lib/roken/eread.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/erealloc.c b/crypto/heimdal/lib/roken/erealloc.c
deleted file mode 100644
index 8eddd2bb8990..000000000000
--- a/crypto/heimdal/lib/roken/erealloc.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: erealloc.c,v 1.5 2001/06/17 12:08:05 assar Exp $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include <roken.h>
-
-/*
- * Like realloc but never fails.
- */
-
-void *
-erealloc (void *ptr, size_t sz)
-{
-    void *tmp = realloc (ptr, sz);
-
-    if (tmp == NULL && sz != 0)
-	errx (1, "realloc %lu failed", (unsigned long)sz);
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/erealloc.lo b/crypto/heimdal/lib/roken/erealloc.lo
deleted file mode 100644
index c670bacb3bbf..000000000000
--- a/crypto/heimdal/lib/roken/erealloc.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/err.c b/crypto/heimdal/lib/roken/err.c
deleted file mode 100644
index 29b1f7b5672d..000000000000
--- a/crypto/heimdal/lib/roken/err.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: err.c,v 1.6 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include "err.h"
-
-void
-err(int eval, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  verr(eval, fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/err.h b/crypto/heimdal/lib/roken/err.h
deleted file mode 100644
index b0b649f92b46..000000000000
--- a/crypto/heimdal/lib/roken/err.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: err.h,v 1.15 1999/12/02 16:58:45 joda Exp $ */
-
-#ifndef __ERR_H__
-#define __ERR_H__
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-extern const char *__progname;
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-void warnerr(int doerrno, const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 2, 0)));
-
-void verr(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-void err(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-void verrx(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-void errx(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-void vwarn(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-void warn(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-void vwarnx(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-void warnx(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-
-#endif /* __ERR_H__ */
diff --git a/crypto/heimdal/lib/roken/err.hin b/crypto/heimdal/lib/roken/err.hin
deleted file mode 100644
index 1fa7774bd0fe..000000000000
--- a/crypto/heimdal/lib/roken/err.hin
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: err.hin,v 1.16 2000/12/11 04:40:59 assar Exp $ */
-
-#ifndef __ERR_H__
-#define __ERR_H__
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-extern const char *__progname;
-
-#if !defined(__GNUC__) && !defined(__attribute__)
-#define __attribute__(x)
-#endif
-
-void verr(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-void err(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-void verrx(int eval, const char *fmt, va_list ap)
-     __attribute__ ((noreturn, format (printf, 2, 0)));
-void errx(int eval, const char *fmt, ...)
-     __attribute__ ((noreturn, format (printf, 2, 3)));
-void vwarn(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-void warn(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-void vwarnx(const char *fmt, va_list ap)
-     __attribute__ ((format (printf, 1, 0)));
-void warnx(const char *fmt, ...)
-     __attribute__ ((format (printf, 1, 2)));
-
-#endif /* __ERR_H__ */
diff --git a/crypto/heimdal/lib/roken/errx.c b/crypto/heimdal/lib/roken/errx.c
deleted file mode 100644
index 2f8ec18dd24e..000000000000
--- a/crypto/heimdal/lib/roken/errx.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: errx.c,v 1.6 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include "err.h"
-
-void
-errx(int eval, const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  verrx(eval, fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/esetenv.c b/crypto/heimdal/lib/roken/esetenv.c
deleted file mode 100644
index cb357527c34b..000000000000
--- a/crypto/heimdal/lib/roken/esetenv.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2000, 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: esetenv.c,v 1.3 2001/01/27 05:28:38 assar Exp $");
-#endif
-
-#include "roken.h"
-
-#include <err.h>
-
-void
-esetenv(const char *var, const char *val, int rewrite)
-{
-    if (setenv ((char *)var, (char *)val, rewrite))
-	errx (1, "failed setting environment variable %s", var);
-}
diff --git a/crypto/heimdal/lib/roken/esetenv.lo b/crypto/heimdal/lib/roken/esetenv.lo
deleted file mode 100644
index e41d544bc30f..000000000000
--- a/crypto/heimdal/lib/roken/esetenv.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/estrdup.c b/crypto/heimdal/lib/roken/estrdup.c
deleted file mode 100644
index 75d2721bbef7..000000000000
--- a/crypto/heimdal/lib/roken/estrdup.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: estrdup.c,v 1.3 2001/06/17 12:07:56 assar Exp $");
-#endif
-
-#include <stdlib.h>
-#include <err.h>
-
-#include <roken.h>
-
-/*
- * Like strdup but never fails.
- */
-
-char *
-estrdup (const char *str)
-{
-    char *tmp = strdup (str);
-
-    if (tmp == NULL)
-	errx (1, "strdup failed");
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/estrdup.lo b/crypto/heimdal/lib/roken/estrdup.lo
deleted file mode 100644
index 6a75b9cf8e0d..000000000000
--- a/crypto/heimdal/lib/roken/estrdup.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/ewrite.c b/crypto/heimdal/lib/roken/ewrite.c
deleted file mode 100644
index b2c43de8dbc9..000000000000
--- a/crypto/heimdal/lib/roken/ewrite.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ewrite.c,v 1.2 1999/12/02 16:58:45 joda Exp $");
-#endif
-
-#include <unistd.h>
-#include <err.h>
-
-#include <roken.h>
-
-/*
- * Like write but never fails (and never returns partial data).
- */
-
-ssize_t
-ewrite (int fd, const void *buf, size_t nbytes)
-{
-    ssize_t ret;
-
-    ret = net_write (fd, buf, nbytes);
-    if (ret < 0)
-	err (1, "write");
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/ewrite.lo b/crypto/heimdal/lib/roken/ewrite.lo
deleted file mode 100644
index 12806ce46014..000000000000
--- a/crypto/heimdal/lib/roken/ewrite.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/fchown.c b/crypto/heimdal/lib/roken/fchown.c
deleted file mode 100644
index 61e854691e83..000000000000
--- a/crypto/heimdal/lib/roken/fchown.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: fchown.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
-#endif
-
-#include "roken.h"
-
-int
-fchown(int fd, uid_t owner, gid_t group)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/flock.c b/crypto/heimdal/lib/roken/flock.c
deleted file mode 100644
index 13da4f474bef..000000000000
--- a/crypto/heimdal/lib/roken/flock.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifndef HAVE_FLOCK
-RCSID("$Id: flock.c,v 1.4 1999/12/02 16:58:46 joda Exp $");
-
-#include "roken.h"
-
-
-#define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN)
-
-int
-flock(int fd, int operation)
-{
-#if defined(HAVE_FCNTL) && defined(F_SETLK)
-  struct flock arg;
-  int code, cmd;
-  
-  arg.l_whence = SEEK_SET;
-  arg.l_start = 0;
-  arg.l_len = 0;		/* means to EOF */
-
-  if (operation & LOCK_NB)
-    cmd = F_SETLK;
-  else
-    cmd = F_SETLKW;		/* Blocking */
-
-  switch (operation & OP_MASK) {
-  case LOCK_UN:
-    arg.l_type = F_UNLCK;
-    code = fcntl(fd, F_SETLK, &arg);
-    break;
-  case LOCK_SH:
-    arg.l_type = F_RDLCK;
-    code = fcntl(fd, cmd, &arg);
-    break;
-  case LOCK_EX:
-    arg.l_type = F_WRLCK;
-    code = fcntl(fd, cmd, &arg);
-    break;
-  default:
-    errno = EINVAL;
-    code = -1;
-    break;
-  }
-  return code;
-#else
-  return -1;
-#endif
-}
-
-#endif
-
diff --git a/crypto/heimdal/lib/roken/fnmatch.c b/crypto/heimdal/lib/roken/fnmatch.c
deleted file mode 100644
index dc01d6ea61ba..000000000000
--- a/crypto/heimdal/lib/roken/fnmatch.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*	$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $	*/
-
-/*
- * Copyright (c) 1989, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)fnmatch.c	8.2 (Berkeley) 4/16/94";
-#else
-static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $";
-#endif
-#endif /* LIBC_SCCS and not lint */
-
-/*
- * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
- * Compares a filename or pathname to a pattern.
- */
-
-#include <fnmatch.h>
-#include <string.h>
-
-#define	EOS	'\0'
-
-static const char *rangematch (const char *, int, int);
-
-int
-fnmatch(const char *pattern, const char *string, int flags)
-{
-	const char *stringstart;
-	char c, test;
-
-	for (stringstart = string;;)
-		switch (c = *pattern++) {
-		case EOS:
-			return (*string == EOS ? 0 : FNM_NOMATCH);
-		case '?':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && (flags & FNM_PATHNAME))
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '*':
-			c = *pattern;
-			/* Collapse multiple stars. */
-			while (c == '*')
-				c = *++pattern;
-
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-
-			/* Optimize for pattern with * at end or before /. */
-			if (c == EOS)
-				if (flags & FNM_PATHNAME)
-					return (strchr(string, '/') == NULL ?
-					    0 : FNM_NOMATCH);
-				else
-					return (0);
-			else if (c == '/' && flags & FNM_PATHNAME) {
-				if ((string = strchr(string, '/')) == NULL)
-					return (FNM_NOMATCH);
-				break;
-			}
-
-			/* General case, use recursion. */
-			while ((test = *string) != EOS) {
-				if (!fnmatch(pattern, string, flags & ~FNM_PERIOD))
-					return (0);
-				if (test == '/' && flags & FNM_PATHNAME)
-					break;
-				++string;
-			}
-			return (FNM_NOMATCH);
-		case '[':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && flags & FNM_PATHNAME)
-				return (FNM_NOMATCH);
-			if ((pattern =
-			    rangematch(pattern, *string, flags)) == NULL)
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '\\':
-			if (!(flags & FNM_NOESCAPE)) {
-				if ((c = *pattern++) == EOS) {
-					c = '\\';
-					--pattern;
-				}
-			}
-			/* FALLTHROUGH */
-		default:
-			if (c != *string++)
-				return (FNM_NOMATCH);
-			break;
-		}
-	/* NOTREACHED */
-}
-
-static const char *
-rangematch(const char *pattern, int test, int flags)
-{
-	int negate, ok;
-	char c, c2;
-
-	/*
-	 * A bracket expression starting with an unquoted circumflex
-	 * character produces unspecified results (IEEE 1003.2-1992,
-	 * 3.13.2).  This implementation treats it like '!', for
-	 * consistency with the regular expression syntax.
-	 * J.T. Conklin (conklin@ngai.kaleida.com)
-	 */
-	if (negate = (*pattern == '!' || *pattern == '^'))
-		++pattern;
-	
-	for (ok = 0; (c = *pattern++) != ']';) {
-		if (c == '\\' && !(flags & FNM_NOESCAPE))
-			c = *pattern++;
-		if (c == EOS)
-			return (NULL);
-		if (*pattern == '-' 
-		    && (c2 = *(pattern+1)) != EOS && c2 != ']') {
-			pattern += 2;
-			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
-				c2 = *pattern++;
-			if (c2 == EOS)
-				return (NULL);
-			if (c <= test && test <= c2)
-				ok = 1;
-		} else if (c == test)
-			ok = 1;
-	}
-	return (ok == negate ? NULL : pattern);
-}
diff --git a/crypto/heimdal/lib/roken/fnmatch.h b/crypto/heimdal/lib/roken/fnmatch.h
deleted file mode 100644
index 95c91d600b64..000000000000
--- a/crypto/heimdal/lib/roken/fnmatch.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-
-int	 fnmatch (const char *, const char *, int);
-
-#endif /* !_FNMATCH_H_ */
diff --git a/crypto/heimdal/lib/roken/fnmatch.hin b/crypto/heimdal/lib/roken/fnmatch.hin
deleted file mode 100644
index 95c91d600b64..000000000000
--- a/crypto/heimdal/lib/roken/fnmatch.hin
+++ /dev/null
@@ -1,49 +0,0 @@
-/*	$NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-
-int	 fnmatch (const char *, const char *, int);
-
-#endif /* !_FNMATCH_H_ */
diff --git a/crypto/heimdal/lib/roken/freeaddrinfo.c b/crypto/heimdal/lib/roken/freeaddrinfo.c
deleted file mode 100644
index 56124e5b9405..000000000000
--- a/crypto/heimdal/lib/roken/freeaddrinfo.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: freeaddrinfo.c,v 1.4 2001/05/11 09:10:32 joda Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * free the list of `struct addrinfo' starting at `ai'
- */
-
-void
-freeaddrinfo(struct addrinfo *ai)
-{
-    struct addrinfo *tofree;
-
-    while(ai != NULL) {
-	free (ai->ai_canonname);
-	free (ai->ai_addr);
-	tofree = ai;
-	ai = ai->ai_next;
-	free (tofree);
-    }
-}
diff --git a/crypto/heimdal/lib/roken/freehostent.c b/crypto/heimdal/lib/roken/freehostent.c
deleted file mode 100644
index 0cd92cd732cd..000000000000
--- a/crypto/heimdal/lib/roken/freehostent.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: freehostent.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * free a malloced hostent
- */
-
-void
-freehostent (struct hostent *h)
-{
-    char **p;
-
-    free (h->h_name);
-    if (h->h_aliases != NULL) {
-	for (p = h->h_aliases; *p != NULL; ++p)
-	    free (*p);
-	free (h->h_aliases);
-    }
-    if (h->h_addr_list != NULL) {
-	for (p = h->h_addr_list; *p != NULL; ++p)
-	    free (*p);
-	free (h->h_addr_list);
-    }
-    free (h);
-}
diff --git a/crypto/heimdal/lib/roken/gai_strerror.c b/crypto/heimdal/lib/roken/gai_strerror.c
deleted file mode 100644
index 07f7c395e7a9..000000000000
--- a/crypto/heimdal/lib/roken/gai_strerror.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: gai_strerror.c,v 1.2 1999/12/03 04:10:06 assar Exp $");
-#endif
-
-#include "roken.h"
-
-static struct gai_error {
-    int code;
-    char *str;
-} errors[] = {
-{EAI_NOERROR,		"no error"},
-{EAI_ADDRFAMILY,	"address family for nodename not supported"},
-{EAI_AGAIN,		"temporary failure in name resolution"},
-{EAI_BADFLAGS,		"invalid value for ai_flags"},
-{EAI_FAIL,		"non-recoverable failure in name resolution"},
-{EAI_FAMILY,		"ai_family not supported"},
-{EAI_MEMORY,		"memory allocation failure"},
-{EAI_NODATA,		"no address associated with nodename"},
-{EAI_NONAME,		"nodename nor servname provided, or not known"},
-{EAI_SERVICE,		"servname not supported for ai_socktype"},
-{EAI_SOCKTYPE,		"ai_socktype not supported"},
-{EAI_SYSTEM,		"system error returned in errno"},
-{0,			NULL},
-};
-
-/*
- *
- */
-
-char *
-gai_strerror(int ecode)
-{
-    struct gai_error *g;
-
-    for (g = errors; g->str != NULL; ++g)
-	if (g->code == ecode)
-	    return g->str;
-    return "unknown error code in gai_strerror";
-}
diff --git a/crypto/heimdal/lib/roken/get_default_username.c b/crypto/heimdal/lib/roken/get_default_username.c
deleted file mode 100644
index 10b0863888d3..000000000000
--- a/crypto/heimdal/lib/roken/get_default_username.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: get_default_username.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-
-/*
- * Try to return what should be considered the default username or
- * NULL if we can't guess at all.
- */
-
-const char *
-get_default_username (void)
-{
-    const char *user;
-
-    user = getenv ("USER");
-    if (user == NULL)
-	user = getenv ("LOGNAME");
-    if (user == NULL)
-	user = getenv ("USERNAME");
-
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    if (user == NULL) {
-	user = (const char *)getlogin ();
-	if (user != NULL)
-	    return user;
-    }
-#endif
-#ifdef HAVE_PWD_H
-    {
-	uid_t uid = getuid ();
-	struct passwd *pwd;
-
-	if (user != NULL) {
-	    pwd = k_getpwnam (user);
-	    if (pwd != NULL && pwd->pw_uid == uid)
-		return user;
-	}
-	pwd = k_getpwuid (uid);
-	if (pwd != NULL)
-	    return pwd->pw_name;
-    }
-#endif
-    return user;
-}
diff --git a/crypto/heimdal/lib/roken/get_default_username.lo b/crypto/heimdal/lib/roken/get_default_username.lo
deleted file mode 100644
index 1e584ea64fb3..000000000000
--- a/crypto/heimdal/lib/roken/get_default_username.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/get_window_size.c b/crypto/heimdal/lib/roken/get_window_size.c
deleted file mode 100644
index 4eff8d2d2c6e..000000000000
--- a/crypto/heimdal/lib/roken/get_window_size.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: get_window_size.c,v 1.9 1999/12/02 16:58:46 joda Exp $");
-#endif
-
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#if 0 /* Where were those needed? /confused */
-#ifdef HAVE_SYS_PROC_H
-#include <sys/proc.h>
-#endif
-
-#ifdef HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-#endif
-
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-
-#include <roken.h>
-
-int
-get_window_size(int fd, struct winsize *wp)
-{
-    int ret = -1;
-    
-    memset(wp, 0, sizeof(*wp));
-
-#if defined(TIOCGWINSZ)
-    ret = ioctl(fd, TIOCGWINSZ, wp);
-#elif defined(TIOCGSIZE)
-    {
-	struct ttysize ts;
-	
-	ret = ioctl(fd, TIOCGSIZE, &ts);
-	if(ret == 0) {
-	    wp->ws_row = ts.ts_lines;
-	    wp->ws_col = ts.ts_cols;
-	}
-    }
-#elif defined(HAVE__SCRSIZE)
-    {
-	int dst[2];
-	
-	_scrsize(dst);
-	wp->ws_row = dst[1];
-	wp->ws_col = dst[0];
-	ret = 0;
-    }
-#endif
-    if (ret != 0) {
-        char *s;
-        if((s = getenv("COLUMNS")))
-	    wp->ws_col = atoi(s);
-	if((s = getenv("LINES")))
-	    wp->ws_row = atoi(s);
-	if(wp->ws_col > 0 && wp->ws_row > 0)
-	    ret = 0;
-    }
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/get_window_size.lo b/crypto/heimdal/lib/roken/get_window_size.lo
deleted file mode 100644
index 547580055f80..000000000000
--- a/crypto/heimdal/lib/roken/get_window_size.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/getaddrinfo-test.c b/crypto/heimdal/lib/roken/getaddrinfo-test.c
deleted file mode 100644
index 427408118d2e..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo-test.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo-test.c,v 1.4 2001/02/20 01:44:54 assar Exp $");
-#endif
-
-#include "roken.h"
-#include "getarg.h"
-
-static int flags;
-static int family;
-static int socktype;
-
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
-    {"flags",	0,	arg_integer,	&flags,		"flags",	NULL},
-    {"family",	0,	arg_integer,	&family,	"family",	NULL},
-    {"socktype",0,	arg_integer,	&socktype,	"socktype",	NULL},
-    {"version",	0,	arg_flag,	&version_flag,	"print version",NULL},
-    {"help",	0,	arg_flag,	&help_flag,	NULL,		NULL}
-};
-
-static void
-usage(int ret)
-{
-    arg_printusage (args,
-		    sizeof(args) / sizeof(args[0]),
-		    NULL,
-		    "[nodename servname...]");
-    exit (ret);
-}
-
-static void
-doit (const char *nodename, const char *servname)
-{
-    struct addrinfo hints;
-    struct addrinfo *res, *r;
-    int ret;
-
-    printf ("(%s,%s)... ", nodename ? nodename : "null", servname);
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = flags;
-    hints.ai_family   = family;
-    hints.ai_socktype = socktype;
-
-    ret = getaddrinfo (nodename, servname, &hints, &res);
-    if (ret) {
-	printf ("error: %s\n", gai_strerror(ret));
-	return;
-    }
-    printf ("\n");
-
-    for (r = res; r != NULL; r = r->ai_next) {
-	char addrstr[256];
-
-	if (inet_ntop (r->ai_family, 
-		       socket_get_address (r->ai_addr),
-		       addrstr, sizeof(addrstr)) == NULL) {
-	    printf ("\tbad address?\n");
-	    continue;
-	} 
-	printf ("\t(family = %d, socktype = %d, protocol = %d, "
-		"address = \"%s\", port = %d",
-		r->ai_family, r->ai_socktype, r->ai_protocol,
-		addrstr,
-		ntohs(socket_get_port (r->ai_addr)));
-	if (r->ai_canonname)
-	    printf (", canonname = \"%s\"", r->ai_canonname);
-	printf ("\n");
-    }
-    freeaddrinfo (res);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    int i;
-
-    setprogname (argv[0]);
-
-    if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
-		&optind))
-	usage (1);
-
-    if (help_flag)
-	usage (0);
-
-    if (version_flag) {
-	fprintf (stderr, "%s from %s-%s)\n", getprogname(), PACKAGE, VERSION);
-	return 0;
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    if (argc % 2 != 0)
-	usage (1);
-
-    for (i = 0; i < argc; i += 2) {
-	const char *nodename = argv[i];
-
-	if (strcmp (nodename, "null") == 0)
-	    nodename = NULL;
-
-	doit (nodename, argv[i+1]);
-    }
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo.c b/crypto/heimdal/lib/roken/getaddrinfo.c
deleted file mode 100644
index 83957bb794a9..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo.c,v 1.12 2001/08/17 13:06:57 joda Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * uses hints->ai_socktype and hints->ai_protocol
- */
-
-static int
-get_port_protocol_socktype (const char *servname,
-			    const struct addrinfo *hints,
-			    int *port,
-			    int *protocol,
-			    int *socktype)
-{
-    struct servent *se;
-    const char *proto_str = NULL;
-
-    *socktype = 0;
-
-    if (hints != NULL && hints->ai_protocol != 0) {
-	struct protoent *protoent = getprotobynumber (hints->ai_protocol);
-
-	if (protoent == NULL)
-	    return EAI_SOCKTYPE; /* XXX */
-
-	proto_str = protoent->p_name;
-	*protocol = protoent->p_proto;
-    }
-
-    if (hints != NULL)
-	*socktype = hints->ai_socktype;
-
-    if (*socktype == SOCK_STREAM) {
-	se = getservbyname (servname, proto_str ? proto_str : "tcp");
-	if (proto_str == NULL)
-	    *protocol = IPPROTO_TCP;
-    } else if (*socktype == SOCK_DGRAM) {
-	se = getservbyname (servname, proto_str ? proto_str : "udp");
-	if (proto_str == NULL)
-	    *protocol = IPPROTO_UDP;
-    } else if (*socktype == 0) {
-	if (proto_str != NULL) {
-	    se = getservbyname (servname, proto_str);
-	} else {
-	    se = getservbyname (servname, "tcp");
-	    *protocol = IPPROTO_TCP;
-	    *socktype = SOCK_STREAM;
-	    if (se == NULL) {
-		se = getservbyname (servname, "udp");
-		*protocol = IPPROTO_UDP;
-		*socktype = SOCK_DGRAM;
-	    }
-	}
-    } else
-	return EAI_SOCKTYPE;
-
-    if (se == NULL) {
-	char *endstr;
-
-	*port = htons(strtol (servname, &endstr, 10));
-	if (servname == endstr)
-	    return EAI_NONAME;
-    } else {
-	*port = se->s_port;
-    }
-    return 0;
-}
-
-static int
-add_one (int port, int protocol, int socktype,
-	 struct addrinfo ***ptr,
-	 int (*func)(struct addrinfo *, void *data, int port),
-	 void *data,
-	 char *canonname)
-{
-    struct addrinfo *a;
-    int ret;
-
-    a = malloc (sizeof (*a));
-    if (a == NULL)
-	return EAI_MEMORY;
-    memset (a, 0, sizeof(*a));
-    a->ai_flags     = 0;
-    a->ai_next      = NULL;
-    a->ai_protocol  = protocol;
-    a->ai_socktype  = socktype;
-    a->ai_canonname = canonname;
-    ret = (*func)(a, data, port);
-    if (ret) {
-	free (a);
-	return ret;
-    }
-    **ptr = a;
-    *ptr = &a->ai_next;
-    return 0;
-}
-
-static int
-const_v4 (struct addrinfo *a, void *data, int port)
-{
-    struct sockaddr_in *sin;
-    struct in_addr *addr = (struct in_addr *)data;
-
-    a->ai_family  = PF_INET;
-    a->ai_addrlen = sizeof(*sin);
-    a->ai_addr    = malloc (sizeof(*sin));
-    if (a->ai_addr == NULL)
-	return EAI_MEMORY;
-    sin = (struct sockaddr_in *)a->ai_addr;
-    memset (sin, 0, sizeof(*sin));
-    sin->sin_family = AF_INET;
-    sin->sin_port   = port;
-    sin->sin_addr   = *addr;
-    return 0;
-}
-
-#ifdef HAVE_IPV6
-static int
-const_v6 (struct addrinfo *a, void *data, int port)
-{
-    struct sockaddr_in6 *sin6;
-    struct in6_addr *addr = (struct in6_addr *)data;
-
-    a->ai_family  = PF_INET6;
-    a->ai_addrlen = sizeof(*sin6);
-    a->ai_addr    = malloc (sizeof(*sin6));
-    if (a->ai_addr == NULL)
-	return EAI_MEMORY;
-    sin6 = (struct sockaddr_in6 *)a->ai_addr;
-    memset (sin6, 0, sizeof(*sin6));
-    sin6->sin6_family = AF_INET6;
-    sin6->sin6_port   = port;
-    sin6->sin6_addr   = *addr;
-    return 0;
-}
-#endif
-
-/* this is mostly a hack for some versions of AIX that has a prototype
-   for in6addr_loopback but no actual symbol in libc */
-#if defined(HAVE_IPV6) && !defined(HAVE_IN6ADDR_LOOPBACK) && defined(IN6ADDR_LOOPBACK_INIT)
-#define in6addr_loopback _roken_in6addr_loopback
-struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
-#endif
-
-static int
-get_null (const struct addrinfo *hints,
-	  int port, int protocol, int socktype,
-	  struct addrinfo **res)
-{
-    struct in_addr v4_addr;
-#ifdef HAVE_IPV6
-    struct in6_addr v6_addr;
-#endif
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int ret;
-
-    if (hints != NULL)
-	family = hints->ai_family;
-
-    if (hints && hints->ai_flags & AI_PASSIVE) {
-	v4_addr.s_addr = INADDR_ANY;
-#ifdef HAVE_IPV6
-	v6_addr        = in6addr_any;
-#endif
-    } else {
-	v4_addr.s_addr = htonl(INADDR_LOOPBACK);
-#ifdef HAVE_IPV6
-	v6_addr        = in6addr_loopback;
-#endif
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	ret = add_one (port, protocol, socktype,
-		       &current, const_v6, &v6_addr, NULL);
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	ret = add_one (port, protocol, socktype,
-		       &current, const_v4, &v4_addr, NULL);
-    }
-    *res = first;
-    return 0;
-}
-
-static int
-add_hostent (int port, int protocol, int socktype,
-	     struct addrinfo ***current,
-	     int (*func)(struct addrinfo *, void *data, int port),
-	     struct hostent *he, int *flags)
-{
-    int ret;
-    char *canonname = NULL;
-    char **h;
-
-    if (*flags & AI_CANONNAME) {
-	struct hostent *he2 = NULL;
-	const char *tmp_canon;
-
-	tmp_canon = hostent_find_fqdn (he);
-	if (strchr (tmp_canon, '.') == NULL) {
-	    int error;
-
-	    he2 = getipnodebyaddr (he->h_addr_list[0], he->h_length,
-				   he->h_addrtype, &error);
-	    if (he2 != NULL) {
-		const char *tmp = hostent_find_fqdn (he2);
-
-		if (strchr (tmp, '.') != NULL)
-		    tmp_canon = tmp;
-	    }
-	}
-
-	canonname = strdup (tmp_canon);
-	if (he2 != NULL)
-	    freehostent (he2);
-	if (canonname == NULL)
-	    return EAI_MEMORY;
-    }
-
-    for (h = he->h_addr_list; *h != NULL; ++h) {
-	ret = add_one (port, protocol, socktype,
-		       current, func, *h, canonname);
-	if (ret)
-	    return ret;
-	if (*flags & AI_CANONNAME) {
-	    *flags &= ~AI_CANONNAME;
-	    canonname = NULL;
-	}
-    }
-    return 0;
-}
-
-static int
-get_number (const char *nodename,
-	    const struct addrinfo *hints,
-	    int port, int protocol, int socktype,
-	    struct addrinfo **res)
-{
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int ret;
-
-    if (hints != NULL) {
-	family = hints->ai_family;
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	struct in6_addr v6_addr;
-
-	if (inet_pton (PF_INET6, nodename, &v6_addr) == 1) {
-	    ret = add_one (port, protocol, socktype,
-			   &current, const_v6, &v6_addr, NULL);
-	    *res = first;
-	    return ret;
-	}
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	struct in_addr v4_addr;
-
-	if (inet_pton (PF_INET, nodename, &v4_addr) == 1) {
-	    ret = add_one (port, protocol, socktype,
-			   &current, const_v4, &v4_addr, NULL);
-	    *res = first;
-	    return ret;
-	}
-    }
-    return EAI_NONAME;
-}
-
-static int
-get_nodes (const char *nodename,
-	   const struct addrinfo *hints,
-	   int port, int protocol, int socktype,
-	   struct addrinfo **res)
-{
-    struct addrinfo *first = NULL;
-    struct addrinfo **current = &first;
-    int family = PF_UNSPEC;
-    int flags  = 0;
-    int ret = EAI_NONAME;
-    int error;
-
-    if (hints != NULL) {
-	family = hints->ai_family;
-	flags  = hints->ai_flags;
-    }
-
-#ifdef HAVE_IPV6
-    if (family == PF_INET6 || family == PF_UNSPEC) {
-	struct hostent *he;
-
-	he = getipnodebyname (nodename, PF_INET6, 0, &error);
-
-	if (he != NULL) {
-	    ret = add_hostent (port, protocol, socktype,
-			       &current, const_v6, he, &flags);
-	    freehostent (he);
-	}
-    }
-#endif
-    if (family == PF_INET || family == PF_UNSPEC) {
-	struct hostent *he;
-
-	he = getipnodebyname (nodename, PF_INET, 0, &error);
-
-	if (he != NULL) {
-	    ret = add_hostent (port, protocol, socktype,
-			       &current, const_v4, he, &flags);
-	    freehostent (he);
-	}
-    }
-    *res = first;
-    return ret;
-}
-
-/*
- * hints:
- *
- * struct addrinfo {
- *     int    ai_flags;
- *     int    ai_family;
- *     int    ai_socktype;
- *     int    ai_protocol;
- * ...
- * };
- */
-
-int
-getaddrinfo(const char *nodename,
-	    const char *servname,
-	    const struct addrinfo *hints,
-	    struct addrinfo **res)
-{
-    int ret;
-    int port     = 0;
-    int protocol = 0;
-    int socktype = 0;
-
-    *res = NULL;
-
-    if (servname == NULL && nodename == NULL)
-	return EAI_NONAME;
-
-    if (hints != NULL
-	&& hints->ai_family != PF_UNSPEC
-	&& hints->ai_family != PF_INET
-#ifdef HAVE_IPV6
-	&& hints->ai_family != PF_INET6
-#endif
-	)
-	return EAI_FAMILY;
-
-    if (servname != NULL) {
-	ret = get_port_protocol_socktype (servname, hints,
-					  &port, &protocol, &socktype);
-	if (ret)
-	    return ret;
-    }
-    if (nodename != NULL) {
-	ret = get_number (nodename, hints, port, protocol, socktype, res);
-	if (ret) {
-	    if(hints && hints->ai_flags & AI_NUMERICHOST)
-		ret = EAI_NONAME;
-	    else
-		ret = get_nodes (nodename, hints, port, protocol, socktype,
-				 res);
-	}
-    } else {
-	ret = get_null (hints, port, protocol, socktype, res);
-    }
-    if (ret)
-	freeaddrinfo (*res);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c b/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c
deleted file mode 100644
index 7f6b0d1da945..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getaddrinfo_hostspec.c,v 1.3 2000/07/15 12:50:32 joda Exp $");
-#endif
-
-#include "roken.h"
-
-/* getaddrinfo via string specifying host and port */
-
-int
-roken_getaddrinfo_hostspec2(const char *hostspec, 
-			    int socktype,
-			    int port,
-			    struct addrinfo **ai)
-{
-    const char *p;
-    char portstr[NI_MAXSERV];
-    char host[MAXHOSTNAMELEN];
-    struct addrinfo hints;
-    int hostspec_len;
-
-    struct hst {
-	const char *prefix;
-	int socktype;
-	int protocol;
-	int port;
-    } *hstp, hst[] = {
-	{ "http://", SOCK_STREAM, IPPROTO_TCP, 80 },
-	{ "http/", SOCK_STREAM, IPPROTO_TCP, 80 },
-	{ "tcp/", SOCK_STREAM, IPPROTO_TCP },
-	{ "udp/", SOCK_DGRAM, IPPROTO_UDP },
-	{ NULL }
-    };
-
-    memset(&hints, 0, sizeof(hints));
-
-    hints.ai_socktype = socktype;
-	
-    for(hstp = hst; hstp->prefix; hstp++) {
-	if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) {
-	    hints.ai_socktype = hstp->socktype;
-	    hints.ai_protocol = hstp->protocol;
-	    if(port == 0)
-		port = hstp->port;
-	    hostspec += strlen(hstp->prefix);
-	    break;
-	}
-    }
-    
-    p = strchr (hostspec, ':');
-    if (p != NULL) {
-	char *end;
-
-	port = strtol (p + 1, &end, 0);
-	hostspec_len = p - hostspec;
-    } else {
-	hostspec_len = strlen(hostspec);
-    }
-    snprintf (portstr, sizeof(portstr), "%u", port);
-    
-    snprintf (host, sizeof(host), "%.*s", hostspec_len, hostspec);
-    return getaddrinfo (host, portstr, &hints, ai);
-}
-
-int
-roken_getaddrinfo_hostspec(const char *hostspec, 
-			   int port,
-			   struct addrinfo **ai)
-{
-    return roken_getaddrinfo_hostspec2(hostspec, 0, port, ai);
-}
diff --git a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.lo b/crypto/heimdal/lib/roken/getaddrinfo_hostspec.lo
deleted file mode 100644
index 9bbeaeeb5d99..000000000000
--- a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3
deleted file mode 100644
index e2f041283566..000000000000
--- a/crypto/heimdal/lib/roken/getarg.3
+++ /dev/null
@@ -1,341 +0,0 @@
-.\" Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: getarg.3,v 1.7 2003/04/16 13:58:24 lha Exp $
-.Dd September 24, 1999
-.Dt GETARG 3
-.Os ROKEN
-.Sh NAME
-.Nm getarg ,
-.Nm arg_printusage
-.Nd collect command line options
-.Sh SYNOPSIS
-.In getarg.h
-.Ft int
-.Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind"
-.Ft void
-.Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
-.Sh DESCRIPTION
-.Fn getarg
-collects any command line options given to a program in an easily used way.
-.Fn arg_printusage
-pretty-prints the available options, with a short help text.
-.Pp
-.Fa args
-is the option specification to use, and it's an array of
-.Fa struct getargs
-elements.
-.Fa num_args
-is the size of
-.Fa args
-(in elements).
-.Fa argc
-and
-.Fa argv
-are the argument count and argument vector to extract option from.
-.Fa optind
-is a pointer to an integer where the index to the last processed
-argument is stored, it must be initialised to the first index (minus
-one) to process (normally 0) before the first call.
-.Pp
-.Fa arg_printusage
-take the same
-.Fa args
-and
-.Fa num_args
-as getarg;
-.Fa progname
-is the name of the program (to be used in the help text), and
-.Fa extra_string
-is a string to print after the actual options to indicate more
-arguments. The usefulness of this function is realised only be people
-who has used programs that has help strings that doesn't match what
-the code does.
-.Pp
-The
-.Fa getargs
-struct has the following elements.
-.Bd -literal
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer,
-	   arg_string,
-	   arg_flag,
-	   arg_negative_flag,
-	   arg_strings,
-	   arg_double,
-           arg_collect
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-.Ed
-.Pp
-.Fa long_name
-is the long name of the option, it can be
-.Dv NULL ,
-if you don't want a long name.
-.Fa short_name
-is the characted to use as short option, it can be zero. If the option
-has a value the
-.Fa value
-field gets filled in with that value interpreted as specified by the
-.Fa type
-field.
-.Fa help
-is a longer help string for the option as a whole, if it's
-.Dv NULL
-the help text for the option is omitted (but it's still displayed in
-the synopsis).
-.Fa arg_help
-is a description of the argument, if
-.Dv NULL
-a default value will be used, depending on the type of the option:
-.Pp
-.Bl -hang -width arg_negative_flag
-.It arg_integer
-the argument is a signed integer, and
-.Fa value
-should point to an
-.Fa int .
-.It Fa arg_string
-the argument is a string, and
-.Fa value
-should point to a
-.Fa char* .
-.It Fa arg_flag
-the argument is a flag, and
-.Fa value
-should point to a
-.Fa int .
-It gets filled in with either zero or one, depending on how the option
-is given, the normal case being one. Note that if the option isn't
-given, the value isn't altered, so it should be initialised to some
-useful default.
-.It Fa arg_negative_flag
-this is the same as
-.Fa arg_flag
-but it reverses the meaning of the flag (a given short option clears
-the flag), and the synopsis of a long option is negated.
-.It Fa arg_strings
-the argument can be given multiple times, and the values are collected
-in an array;
-.Fa value
-should be a pointer to a
-.Fa struct getarg_strings
-structure, which holds a length and a string pointer.
-.It Fa arg_double
-argument is a double precision floating point value, and
-.Fa value
-should point to a
-.Fa double .
-.It Fa arg_collect
-allows more fine-grained control of the option parsing process.
-.Fa value
-should be a pointer to a
-.Fa getarg_collect_info
-structure:
-.Bd -literal
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *optind,
-				   int *optarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-.Ed
-.Pp
-With the
-.Fa func
-member set to a function to call, and
-.Fa data
-to some application specific data. The parameters to the collect function are:
-.Bl -inset
-.It Fa short_flag
-non-zero if this call is via a short option flag, zero otherwise
-.It Fa argc , argv
-the whole argument list
-.It Fa optind
-pointer to the index in argv where the flag is
-.It Fa optarg
-pointer to the index in argv[*optind] where the flag name starts
-.It Fa data
-application specific data
-.El
-.Pp
-You can modify
-.Fa *optind ,
-and
-.Fa *optarg ,
-but to do this correct you (more or less) have to know about the inner
-workings of getarg.
-.Pp
-You can skip parts of arguments by increasing
-.Fa *optarg
-(you could
-implement the
-.Fl z Ns Ar 3
-set of flags from
-.Nm gzip
-with this), or whole argument strings by increasing
-.Fa *optind
-(let's say you want a flag
-.Fl c Ar x y z
-to specify a coordinate); if you also have to set
-.Fa *optarg
-to a sane value.
-.Pp
-The collect function should return one of
-.Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG
-on error, zero otherwise.
-.Pp
-For your convenience there is a function,
-.Fn getarg_optarg ,
-that returns the traditional argument string, and you pass it all
-arguments, sans data, that where given to the collection function.
-.Pp
-Don't use this more this unless you absolutely have to.
-.El
-.Pp
-Option parsing is similar to what
-.Xr getopt
-uses. Short options without arguments can be compressed
-.Pf ( Fl xyz
-is the same as
-.Fl x y z ) ,
-and short
-options with arguments take these as either the rest of the
-argv-string or as the next option
-.Pf ( Fl o Ns Ar foo ,
-or
-.Fl o Ar foo ) .
-.Pp
-Long option names are prefixed with -- (double dash), and the value
-with a = (equal),
-.Fl -foo= Ns Ar bar .
-Long option flags can either be specified as they are
-.Pf ( Fl -help ) ,
-or with an (boolean parsable) option
-.Pf ( Fl -help= Ns Ar yes ,
-.Fl -help= Ns Ar true ,
-or similar), or they can also be negated
-.Pf ( Fl -no-help
-is the same as
-.Fl -help= Ns no ) ,
-and if you're really confused you can do it multiple times
-.Pf ( Fl -no-no-help= Ns Ar false ,
-or even
-.Fl -no-no-help= Ns Ar maybe ) .
-.Sh EXAMPLE
-.Bd -literal
-#include <stdio.h>
-#include <string.h>
-#include <getarg.h>
-
-char *source = "Ouagadougou";
-char *destination;
-int weight;
-int include_catalog = 1;
-int help_flag;
-
-struct getargs args[] = {
-    { "source",      's', arg_string,  &source,
-      "source of shippment", "city" },
-    { "destination", 'd', arg_string,  &destination,
-      "destination of shippment", "city" },
-    { "weight",      'w', arg_integer, &weight,
-      "weight of shippment", "tons" },
-    { "catalog",     'c', arg_negative_flag, &include_catalog,
-      "include product catalog" },
-    { "help",        'h', arg_flag, &help_flag }
-};
-
-int num_args = sizeof(args) / sizeof(args[0]); /* number of elements in args */
-
-const char *progname = "ship++";
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-    if (getarg(args, num_args, argc, argv, &optind)) {
-	arg_printusage(args, num_args, progname, "stuff...");
-	exit (1);
-    }
-    if (help_flag) {
-	arg_printusage(args, num_args, progname, "stuff...");
-	exit (0);
-    }
-    if (destination == NULL) {
-	fprintf(stderr, "%s: must specify destination\en", progname);
-	exit(1);
-    }
-    if (strcmp(source, destination) == 0) {
-	fprintf(stderr, "%s: destination must be different from source\en");
-	exit(1);
-    }
-    /* include more stuff here ... */
-    exit(2);
-}
-.Ed
-.Pp
-The output help output from this program looks like this:
-.Bd -literal
-$ ship++ --help
-Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
-   [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff...
--s city, --source=city      source of shippment
--d city, --destination=city destination of shippment
--w tons, --weight=tons      weight of shippment
--c, --no-catalog            include product catalog
-.Ed
-.Sh BUGS
-It should be more flexible, so it would be possible to use other more
-complicated option syntaxes, such as what
-.Xr ps 1 ,
-and
-.Xr tar 1 ,
-uses, or the AFS model where you can skip the flag names as long as
-the options come in the correct order.
-.Pp
-Options with multiple arguments should be handled better.
-.Pp
-Should be integreated with SL.
-.Pp
-It's very confusing that the struct you pass in is called getargS.
-.Sh SEE ALSO
-.Xr getopt 3
diff --git a/crypto/heimdal/lib/roken/getarg.c b/crypto/heimdal/lib/roken/getarg.c
deleted file mode 100644
index eff81f22d28c..000000000000
--- a/crypto/heimdal/lib/roken/getarg.c
+++ /dev/null
@@ -1,587 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getarg.c,v 1.46 2002/08/20 16:23:07 joda Exp $");
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <roken.h>
-#include "getarg.h"
-
-#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
-
-static size_t
-print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
-{
-    const char *s;
-
-    *string = '\0';
-
-    if (ISFLAG(*arg) || (!longp && arg->type == arg_counter))
-	return 0;
-
-    if(mdoc){
-	if(longp)
-	    strlcat(string, "= Ns", len);
-	strlcat(string, " Ar ", len);
-    } else {
-	if (longp)
-	    strlcat (string, "=", len);
-	else
-	    strlcat (string, " ", len);
-    }
-
-    if (arg->arg_help)
-	s = arg->arg_help;
-    else if (arg->type == arg_integer || arg->type == arg_counter)
-	s = "integer";
-    else if (arg->type == arg_string)
-	s = "string";
-    else if (arg->type == arg_strings)
-	s = "strings";
-    else if (arg->type == arg_double)
-	s = "float";
-    else
-	s = "<undefined>";
-
-    strlcat(string, s, len);
-    return 1 + strlen(s);
-}
-
-static void
-mandoc_template(struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string)
-{
-    int i;
-    char timestr[64], cmd[64];
-    char buf[128];
-    const char *p;
-    time_t t;
-
-    printf(".\\\" Things to fix:\n");
-    printf(".\\\"   * correct section, and operating system\n");
-    printf(".\\\"   * remove Op from mandatory flags\n");
-    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
-    printf(".\\\"\n");
-    t = time(NULL);
-    strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t));
-    printf(".Dd %s\n", timestr);
-    p = strrchr(progname, '/');
-    if(p) p++; else p = progname;
-    strlcpy(cmd, p, sizeof(cmd));
-    strupr(cmd);
-       
-    printf(".Dt %s SECTION\n", cmd);
-    printf(".Os OPERATING_SYSTEM\n");
-    printf(".Sh NAME\n");
-    printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
-    printf(".Sh SYNOPSIS\n");
-    printf(".Nm\n");
-    for(i = 0; i < num_args; i++){
-	/* we seem to hit a limit on number of arguments if doing
-           short and long flags with arguments -- split on two lines */
-	if(ISFLAG(args[i]) || 
-	   args[i].short_name == 0 || args[i].long_name == NULL) {
-	    printf(".Op ");
-
-	    if(args[i].short_name) {
-		print_arg(buf, sizeof(buf), 1, 0, args + i);
-		printf("Fl %c%s", args[i].short_name, buf);
-		if(args[i].long_name)
-		    printf(" | ");
-	    }
-	    if(args[i].long_name) {
-		print_arg(buf, sizeof(buf), 1, 1, args + i);
-		printf("Fl -%s%s%s",
-		       args[i].type == arg_negative_flag ? "no-" : "",
-		       args[i].long_name, buf);
-	    }
-	    printf("\n");
-	} else {
-	    print_arg(buf, sizeof(buf), 1, 0, args + i);
-	    printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
-	    print_arg(buf, sizeof(buf), 1, 1, args + i);
-	    printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
-	}
-    /*
-	    if(args[i].type == arg_strings)
-		fprintf (stderr, "...");
-		*/
-    }
-    if (extra_string && *extra_string)
-	printf (".Ar %s\n", extra_string);
-    printf(".Sh DESCRIPTION\n");
-    printf("Supported options:\n");
-    printf(".Bl -tag -width Ds\n");
-    for(i = 0; i < num_args; i++){
-	printf(".It Xo\n");
-	if(args[i].short_name){
-	    printf(".Fl %c", args[i].short_name);
-	    print_arg(buf, sizeof(buf), 1, 0, args + i);
-	    printf("%s", buf);
-	    if(args[i].long_name)
-		printf(" ,");
-	    printf("\n");
-	}
-	if(args[i].long_name){
-	    printf(".Fl -%s%s",
-		   args[i].type == arg_negative_flag ? "no-" : "",
-		   args[i].long_name);
-	    print_arg(buf, sizeof(buf), 1, 1, args + i);
-	    printf("%s\n", buf);
-	}
-	printf(".Xc\n");
-	if(args[i].help)
-	    printf("%s\n", args[i].help);
-    /*
-	    if(args[i].type == arg_strings)
-		fprintf (stderr, "...");
-		*/
-    }
-    printf(".El\n");
-    printf(".\\\".Sh ENVIRONMENT\n");
-    printf(".\\\".Sh FILES\n");
-    printf(".\\\".Sh EXAMPLES\n");
-    printf(".\\\".Sh DIAGNOSTICS\n");
-    printf(".\\\".Sh SEE ALSO\n");
-    printf(".\\\".Sh STANDARDS\n");
-    printf(".\\\".Sh HISTORY\n");
-    printf(".\\\".Sh AUTHORS\n");
-    printf(".\\\".Sh BUGS\n");
-}
-
-static int
-check_column(FILE *f, int col, int len, int columns)
-{
-    if(col + len > columns) {
-	fprintf(f, "\n");
-	col = fprintf(f, "  ");
-    }
-    return col;
-}
-
-void
-arg_printusage (struct getargs *args,
-		size_t num_args,
-		const char *progname,
-		const char *extra_string)
-{
-    int i;
-    size_t max_len = 0;
-    char buf[128];
-    int col = 0, columns;
-    struct winsize ws;
-
-    if (progname == NULL)
-	progname = getprogname();
-
-    if(getenv("GETARGMANDOC")){
-	mandoc_template(args, num_args, progname, extra_string);
-	return;
-    }
-    if(get_window_size(2, &ws) == 0)
-	columns = ws.ws_col;
-    else
-	columns = 80;
-    col = 0;
-    col += fprintf (stderr, "Usage: %s", progname);
-    buf[0] = '\0';
-    for (i = 0; i < num_args; ++i) {
-	if(args[i].short_name && ISFLAG(args[i])) {
-	    char s[2];
-	    if(buf[0] == '\0')
-		strlcpy(buf, "[-", sizeof(buf));
-	    s[0] = args[i].short_name;
-	    s[1] = '\0';
-	    strlcat(buf, s, sizeof(buf));
-	}
-    }
-    if(buf[0] != '\0') {
-	strlcat(buf, "]", sizeof(buf));
-	col = check_column(stderr, col, strlen(buf) + 1, columns);
-	col += fprintf(stderr, " %s", buf);
-    }
-
-    for (i = 0; i < num_args; ++i) {
-	size_t len = 0;
-
-	if (args[i].long_name) {
-	    buf[0] = '\0';
-	    strlcat(buf, "[--", sizeof(buf));
-	    len += 2;
-	    if(args[i].type == arg_negative_flag) {
-		strlcat(buf, "no-", sizeof(buf));
-		len += 3;
-	    }
-	    strlcat(buf, args[i].long_name, sizeof(buf));
-	    len += strlen(args[i].long_name);
-	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
-			     0, 1, &args[i]);
-	    strlcat(buf, "]", sizeof(buf));
-	    if(args[i].type == arg_strings)
-		strlcat(buf, "...", sizeof(buf));
-	    col = check_column(stderr, col, strlen(buf) + 1, columns);
-	    col += fprintf(stderr, " %s", buf);
-	}
-	if (args[i].short_name && !ISFLAG(args[i])) {
-	    snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
-	    len += 2;
-	    len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), 
-			     0, 0, &args[i]);
-	    strlcat(buf, "]", sizeof(buf));
-	    if(args[i].type == arg_strings)
-		strlcat(buf, "...", sizeof(buf));
-	    col = check_column(stderr, col, strlen(buf) + 1, columns);
-	    col += fprintf(stderr, " %s", buf);
-	}
-	if (args[i].long_name && args[i].short_name)
-	    len += 2; /* ", " */
-	max_len = max(max_len, len);
-    }
-    if (extra_string) {
-	col = check_column(stderr, col, strlen(extra_string) + 1, columns);
-	fprintf (stderr, " %s\n", extra_string);
-    } else
-	fprintf (stderr, "\n");
-    for (i = 0; i < num_args; ++i) {
-	if (args[i].help) {
-	    size_t count = 0;
-
-	    if (args[i].short_name) {
-		count += fprintf (stderr, "-%c", args[i].short_name);
-		print_arg (buf, sizeof(buf), 0, 0, &args[i]);
-		count += fprintf(stderr, "%s", buf);
-	    }
-	    if (args[i].short_name && args[i].long_name)
-		count += fprintf (stderr, ", ");
-	    if (args[i].long_name) {
-		count += fprintf (stderr, "--");
-		if (args[i].type == arg_negative_flag)
-		    count += fprintf (stderr, "no-");
-		count += fprintf (stderr, "%s", args[i].long_name);
-		print_arg (buf, sizeof(buf), 0, 1, &args[i]);
-		count += fprintf(stderr, "%s", buf);
-	    }
-	    while(count++ <= max_len)
-		putc (' ', stderr);
-	    fprintf (stderr, "%s\n", args[i].help);
-	}
-    }
-}
-
-static void
-add_string(getarg_strings *s, char *value)
-{
-    s->strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
-    s->strings[s->num_strings] = value;
-    s->num_strings++;
-}
-
-static int
-arg_match_long(struct getargs *args, size_t num_args,
-	       char *argv, int argc, char **rargv, int *goptind)
-{
-    int i;
-    char *goptarg = NULL;
-    int negate = 0;
-    int partial_match = 0;
-    struct getargs *partial = NULL;
-    struct getargs *current = NULL;
-    int argv_len;
-    char *p;
-    int p_len;
-
-    argv_len = strlen(argv);
-    p = strchr (argv, '=');
-    if (p != NULL)
-	argv_len = p - argv;
-
-    for (i = 0; i < num_args; ++i) {
-	if(args[i].long_name) {
-	    int len = strlen(args[i].long_name);
-	    p = argv;
-	    p_len = argv_len;
-	    negate = 0;
-
-	    for (;;) {
-		if (strncmp (args[i].long_name, p, p_len) == 0) {
-		    if(p_len == len)
-			current = &args[i];
-		    else {
-			++partial_match;
-			partial = &args[i];
-		    }
-		    goptarg  = p + p_len;
-		} else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
-		    negate = !negate;
-		    p += 3;
-		    p_len -= 3;
-		    continue;
-		}
-		break;
-	    }
-	    if (current)
-		break;
-	}
-    }
-    if (current == NULL) {
-	if (partial_match == 1)
-	    current = partial;
-	else
-	    return ARG_ERR_NO_MATCH;
-    }
-    
-    if(*goptarg == '\0'
-       && !ISFLAG(*current)
-       && current->type != arg_collect
-       && current->type != arg_counter)
-	return ARG_ERR_NO_MATCH;
-    switch(current->type){
-    case arg_integer:
-    {
-	int tmp;
-	if(sscanf(goptarg + 1, "%d", &tmp) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(int*)current->value = tmp;
-	return 0;
-    }
-    case arg_string:
-    {
-	*(char**)current->value = goptarg + 1;
-	return 0;
-    }
-    case arg_strings:
-    {
-	add_string((getarg_strings*)current->value, goptarg + 1);
-	return 0;
-    }
-    case arg_flag:
-    case arg_negative_flag:
-    {
-	int *flag = current->value;
-	if(*goptarg == '\0' ||
-	   strcmp(goptarg + 1, "yes") == 0 || 
-	   strcmp(goptarg + 1, "true") == 0){
-	    *flag = !negate;
-	    return 0;
-	} else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) {
-#ifdef HAVE_RANDOM
-	    *flag = random() & 1;
-#else
-	    *flag = rand() & 1;
-#endif
-	} else {
-	    *flag = negate;
-	    return 0;
-	}
-	return ARG_ERR_BAD_ARG;
-    }
-    case arg_counter :
-    {
-	int val;
-
-	if (*goptarg == '\0')
-	    val = 1;
-	else if(sscanf(goptarg + 1, "%d", &val) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(int *)current->value += val;
-	return 0;
-    }
-    case arg_double:
-    {
-	double tmp;
-	if(sscanf(goptarg + 1, "%lf", &tmp) != 1)
-	    return ARG_ERR_BAD_ARG;
-	*(double*)current->value = tmp;
-	return 0;
-    }
-    case arg_collect:{
-	struct getarg_collect_info *c = current->value;
-	int o = argv - rargv[*goptind];
-	return (*c->func)(FALSE, argc, rargv, goptind, &o, c->data);
-    }
-
-    default:
-	abort ();
-    }
-}
-
-static int
-arg_match_short (struct getargs *args, size_t num_args,
-		 char *argv, int argc, char **rargv, int *goptind)
-{
-    int j, k;
-
-    for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) {
-	for(k = 0; k < num_args; k++) {
-	    char *goptarg;
-
-	    if(args[k].short_name == 0)
-		continue;
-	    if(argv[j] == args[k].short_name) {
-		if(args[k].type == arg_flag) {
-		    *(int*)args[k].value = 1;
-		    break;
-		}
-		if(args[k].type == arg_negative_flag) {
-		    *(int*)args[k].value = 0;
-		    break;
-		} 
-		if(args[k].type == arg_counter) {
-		    ++*(int *)args[k].value;
-		    break;
-		}
-		if(args[k].type == arg_collect) {
-		    struct getarg_collect_info *c = args[k].value;
-
-		    if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data))
-			return ARG_ERR_BAD_ARG;
-		    break;
-		}
-
-		if(argv[j + 1])
-		    goptarg = &argv[j + 1];
-		else {
-		    ++*goptind;
-		    goptarg = rargv[*goptind];
-		}
-		if(goptarg == NULL) {
-		    --*goptind;
-		    return ARG_ERR_NO_ARG;
-		}
-		if(args[k].type == arg_integer) {
-		    int tmp;
-		    if(sscanf(goptarg, "%d", &tmp) != 1)
-			return ARG_ERR_BAD_ARG;
-		    *(int*)args[k].value = tmp;
-		    return 0;
-		} else if(args[k].type == arg_string) {
-		    *(char**)args[k].value = goptarg;
-		    return 0;
-		} else if(args[k].type == arg_strings) {
-		    add_string((getarg_strings*)args[k].value, goptarg);
-		    return 0;
-		} else if(args[k].type == arg_double) {
-		    double tmp;
-		    if(sscanf(goptarg, "%lf", &tmp) != 1)
-			return ARG_ERR_BAD_ARG;
-		    *(double*)args[k].value = tmp;
-		    return 0;
-		}
-		return ARG_ERR_BAD_ARG;
-	    }
-	}
-	if (k == num_args)
-	    return ARG_ERR_NO_MATCH;
-    }
-    return 0;
-}
-
-int
-getarg(struct getargs *args, size_t num_args, 
-       int argc, char **argv, int *goptind)
-{
-    int i;
-    int ret = 0;
-
-#if defined(HAVE_SRANDOMDEV)
-    srandomdev();
-#elif defined(HAVE_RANDOM)
-    srandom(time(NULL));
-#else
-    srand (time(NULL));
-#endif
-    (*goptind)++;
-    for(i = *goptind; i < argc; i++) {
-	if(argv[i][0] != '-')
-	    break;
-	if(argv[i][1] == '-'){
-	    if(argv[i][2] == 0){
-		i++;
-		break;
-	    }
-	    ret = arg_match_long (args, num_args, argv[i] + 2, 
-				  argc, argv, &i);
-	} else {
-	    ret = arg_match_short (args, num_args, argv[i],
-				   argc, argv, &i);
-	}
-	if(ret)
-	    break;
-    }
-    *goptind = i;
-    return ret;
-}
-
-void
-free_getarg_strings (getarg_strings *s)
-{
-    free (s->strings);
-}
-
-#if TEST
-int foo_flag = 2;
-int flag1 = 0;
-int flag2 = 0;
-int bar_int;
-char *baz_string;
-
-struct getargs args[] = {
-    { NULL, '1', arg_flag, &flag1, "one", NULL },
-    { NULL, '2', arg_flag, &flag2, "two", NULL },
-    { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
-    { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
-    { "baz", 'x', arg_string, &baz_string, "baz", "name" },
-};
-
-int main(int argc, char **argv)
-{
-    int goptind = 0;
-    while(getarg(args, 5, argc, argv, &goptind))
-	printf("Bad arg: %s\n", argv[goptind]);
-    printf("flag1 = %d\n", flag1);  
-    printf("flag2 = %d\n", flag2);  
-    printf("foo_flag = %d\n", foo_flag);  
-    printf("bar_int = %d\n", bar_int);
-    printf("baz_flag = %s\n", baz_string);
-    arg_printusage (args, 5, argv[0], "nothing here");
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getarg.h b/crypto/heimdal/lib/roken/getarg.h
deleted file mode 100644
index c68b66a1d0b9..000000000000
--- a/crypto/heimdal/lib/roken/getarg.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: getarg.h,v 1.12 2002/04/18 08:50:08 joda Exp $ */
-
-#ifndef __GETARG_H__
-#define __GETARG_H__
-
-#include <stddef.h>
-
-struct getargs{
-    const char *long_name;
-    char short_name;
-    enum { arg_integer, 
-	   arg_string, 
-	   arg_flag, 
-	   arg_negative_flag, 
-	   arg_strings,
-	   arg_double,
-	   arg_collect,
-	   arg_counter
-    } type;
-    void *value;
-    const char *help;
-    const char *arg_help;
-};
-
-enum {
-    ARG_ERR_NO_MATCH  = 1,
-    ARG_ERR_BAD_ARG,
-    ARG_ERR_NO_ARG
-};
-
-typedef struct getarg_strings {
-    int num_strings;
-    char **strings;
-} getarg_strings;
-
-typedef int (*getarg_collect_func)(int short_opt,
-				   int argc,
-				   char **argv,
-				   int *goptind,
-				   int *goptarg,
-				   void *data);
-
-typedef struct getarg_collect_info {
-    getarg_collect_func func;
-    void *data;
-} getarg_collect_info;
-
-int getarg(struct getargs *args, size_t num_args, 
-	   int argc, char **argv, int *goptind);
-
-void arg_printusage (struct getargs *args,
-		     size_t num_args,
-		     const char *progname,
-		     const char *extra_string);
-
-void free_getarg_strings (getarg_strings *);
-
-#endif /* __GETARG_H__ */
diff --git a/crypto/heimdal/lib/roken/getarg.lo b/crypto/heimdal/lib/roken/getarg.lo
deleted file mode 100644
index 9c5352a1636d..000000000000
--- a/crypto/heimdal/lib/roken/getarg.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/getcap.c b/crypto/heimdal/lib/roken/getcap.c
deleted file mode 100644
index 8a29e1f68b15..000000000000
--- a/crypto/heimdal/lib/roken/getcap.c
+++ /dev/null
@@ -1,1119 +0,0 @@
-/*	$NetBSD: getcap.c,v 1.29 1999/03/29 09:27:29 abs Exp $	*/
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Casey Leedom of Lawrence Livermore National Laboratory.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-RCSID("$Id: getcap.c,v 1.8 2003/04/16 16:23:36 lha Exp $");
-
-#include <sys/types.h>
-#include <ctype.h>
-#if defined(HAVE_DB_185_H)
-#include <db_185.h>
-#elif defined(HAVE_DB_H)
-#include <db.h>
-#endif
-#include <errno.h>	
-#include <fcntl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define	BFRAG		1024
-#if 0
-#define	BSIZE		1024
-#endif
-#define	ESC		('[' & 037)	/* ASCII ESC */
-#define	MAX_RECURSION	32		/* maximum getent recursion */
-#define	SFRAG		100		/* cgetstr mallocs in SFRAG chunks */
-
-#define RECOK	(char)0
-#define TCERR	(char)1
-#define	SHADOW	(char)2
-
-static size_t	 topreclen;	/* toprec length */
-static char	*toprec;	/* Additional record specified by cgetset() */
-static int	 gottoprec;	/* Flag indicating retrieval of toprecord */
-
-#if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)
-#define USE_DB
-#endif
-
-#ifdef USE_DB
-static int	cdbget (DB *, char **, const char *);
-#endif
-static int 	getent (char **, size_t *, char **, int, const char *, int, char *);
-static int	nfcmp (char *, char *);
-
-
-int cgetset(const char *ent);
-char *cgetcap(char *buf, const char *cap, int type);
-int cgetent(char **buf, char **db_array, const char *name);
-int cgetmatch(const char *buf, const char *name);
-int cgetclose(void);
-#if 0
-int cgetfirst(char **buf, char **db_array);
-int cgetnext(char **bp, char **db_array);
-#endif
-int cgetstr(char *buf, const char *cap, char **str);
-int cgetustr(char *buf, const char *cap, char **str);
-int cgetnum(char *buf, const char *cap, long *num);
-/*
- * Cgetset() allows the addition of a user specified buffer to be added
- * to the database array, in effect "pushing" the buffer on top of the
- * virtual database. 0 is returned on success, -1 on failure.
- */
-int
-cgetset(const char *ent)
-{
-    const char *source, *check;
-    char *dest;
-
-    if (ent == NULL) {
-	if (toprec)
-	    free(toprec);
-	toprec = NULL;
-	topreclen = 0;
-	return (0);
-    }
-    topreclen = strlen(ent);
-    if ((toprec = malloc (topreclen + 1)) == NULL) {
-	errno = ENOMEM;
-	return (-1);
-    }
-    gottoprec = 0;
-
-    source=ent;
-    dest=toprec;
-    while (*source) { /* Strip whitespace */
-	*dest++ = *source++; /* Do not check first field */
-	while (*source == ':') {
-	    check=source+1;
-	    while (*check && (isspace((unsigned char)*check) ||
-			      (*check=='\\' && isspace((unsigned char)check[1]))))
-		++check;
-	    if( *check == ':' )
-		source=check;
-	    else
-		break;
-
-	}
-    }
-    *dest=0;
-
-    return (0);
-}
-
-/*
- * Cgetcap searches the capability record buf for the capability cap with
- * type `type'.  A pointer to the value of cap is returned on success, NULL
- * if the requested capability couldn't be found.
- *
- * Specifying a type of ':' means that nothing should follow cap (:cap:).
- * In this case a pointer to the terminating ':' or NUL will be returned if
- * cap is found.
- *
- * If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator)
- * return NULL.
- */
-char *
-cgetcap(char *buf, const char *cap, int type)
-{
-    char *bp;
-    const char *cp;
-
-    bp = buf;
-    for (;;) {
-	/*
-	 * Skip past the current capability field - it's either the
-	 * name field if this is the first time through the loop, or
-	 * the remainder of a field whose name failed to match cap.
-	 */
-	for (;;)
-	    if (*bp == '\0')
-		return (NULL);
-	    else
-		if (*bp++ == ':')
-		    break;
-
-	/*
-	 * Try to match (cap, type) in buf.
-	 */
-	for (cp = cap; *cp == *bp && *bp != '\0'; cp++, bp++)
-	    continue;
-	if (*cp != '\0')
-	    continue;
-	if (*bp == '@')
-	    return (NULL);
-	if (type == ':') {
-	    if (*bp != '\0' && *bp != ':')
-		continue;
-	    return(bp);
-	}
-	if (*bp != type)
-	    continue;
-	bp++;
-	return (*bp == '@' ? NULL : bp);
-    }
-    /* NOTREACHED */
-}
-
-/*
- * Cgetent extracts the capability record name from the NULL terminated file
- * array db_array and returns a pointer to a malloc'd copy of it in buf.
- * Buf must be retained through all subsequent calls to cgetcap, cgetnum,
- * cgetflag, and cgetstr, but may then be free'd.  0 is returned on success,
- * -1 if the requested record couldn't be found, -2 if a system error was
- * encountered (couldn't open/read a file, etc.), and -3 if a potential
- * reference loop is detected.
- */
-int
-cgetent(char **buf, char **db_array, const char *name)
-{
-    size_t dummy;
-
-    return (getent(buf, &dummy, db_array, -1, name, 0, NULL));
-}
-
-/*
- * Getent implements the functions of cgetent.  If fd is non-negative,
- * *db_array has already been opened and fd is the open file descriptor.  We
- * do this to save time and avoid using up file descriptors for tc=
- * recursions.
- *
- * Getent returns the same success/failure codes as cgetent.  On success, a
- * pointer to a malloc'ed capability record with all tc= capabilities fully
- * expanded and its length (not including trailing ASCII NUL) are left in
- * *cap and *len.
- *
- * Basic algorithm:
- *	+ Allocate memory incrementally as needed in chunks of size BFRAG
- *	  for capability buffer.
- *	+ Recurse for each tc=name and interpolate result.  Stop when all
- *	  names interpolated, a name can't be found, or depth exceeds
- *	  MAX_RECURSION.
- */
-static int
-getent(char **cap, size_t *len, char **db_array, int fd, 
-       const char *name, int depth, char *nfield)
-{
-    char *r_end, *rp = NULL, **db_p;	/* pacify gcc */
-    int myfd = 0, eof, foundit;
-    char *record;
-    int tc_not_resolved;
-	
-    /*
-     * Return with ``loop detected'' error if we've recursed more than
-     * MAX_RECURSION times.
-     */
-    if (depth > MAX_RECURSION)
-	return (-3);
-
-    /*
-     * Check if we have a top record from cgetset().
-     */
-    if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) {
-	size_t len = topreclen + BFRAG;
-	if ((record = malloc (len)) == NULL) {
-	    errno = ENOMEM;
-	    return (-2);
-	}
-	(void)strlcpy(record, toprec, len);
-	db_p = db_array;
-	rp = record + topreclen + 1;
-	r_end = rp + BFRAG;
-	goto tc_exp;
-    }
-    /*
-     * Allocate first chunk of memory.
-     */
-    if ((record = malloc(BFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);
-    }
-    r_end = record + BFRAG;
-    foundit = 0;
-    /*
-     * Loop through database array until finding the record.
-     */
-
-    for (db_p = db_array; *db_p != NULL; db_p++) {
-	eof = 0;
-
-	/*
-	 * Open database if not already open.
-	 */
-
-	if (fd >= 0) {
-	    (void)lseek(fd, (off_t)0, SEEK_SET);
-	} else {
-#ifdef USE_DB
-	    char pbuf[_POSIX_PATH_MAX];
-	    char *cbuf;
-	    size_t clen;
-	    int retval;
-	    DB *capdbp;
-
-	    (void)snprintf(pbuf, sizeof(pbuf), "%s.db", *db_p);
-	    if ((capdbp = dbopen(pbuf, O_RDONLY, 0, DB_HASH, 0))
-		!= NULL) {
-		free(record);
-		retval = cdbget(capdbp, &record, name);
-		if (retval < 0) {
-		    /* no record available */
-		    (void)capdbp->close(capdbp);
-		    return (retval);
-		}
-				/* save the data; close frees it */
-		clen = strlen(record);
-		cbuf = malloc(clen + 1);
-		memmove(cbuf, record, clen + 1);
-		if (capdbp->close(capdbp) < 0) {
-		    free(cbuf);
-		    return (-2);
-		}
-		*len = clen;
-		*cap = cbuf;
-		return (retval);
-	    } else
-#endif
-	    {
-		fd = open(*db_p, O_RDONLY, 0);
-		if (fd < 0) {
-		    /* No error on unfound file. */
-		    continue;
-		}
-		myfd = 1;
-	    }
-	}
-	/*
-	 * Find the requested capability record ...
-	 */
-	{
-	    char buf[BUFSIZ];
-	    char *b_end, *bp, *cp;
-	    int c, slash;
-
-	    /*
-	     * Loop invariants:
-	     *	There is always room for one more character in record.
-	     *	R_end always points just past end of record.
-	     *	Rp always points just past last character in record.
-	     *	B_end always points just past last character in buf.
-	     *	Bp always points at next character in buf.
-	     *	Cp remembers where the last colon was.
-	     */
-	    b_end = buf;
-	    bp = buf;
-	    cp = 0;
-	    slash = 0;
-	    for (;;) {
-
-		/*
-		 * Read in a line implementing (\, newline)
-		 * line continuation.
-		 */
-		rp = record;
-		for (;;) {
-		    if (bp >= b_end) {
-			int n;
-		
-			n = read(fd, buf, sizeof(buf));
-			if (n <= 0) {
-			    if (myfd)
-				(void)close(fd);
-			    if (n < 0) {
-				free(record);
-				return (-2);
-			    } else {
-				fd = -1;
-				eof = 1;
-				break;
-			    }
-			}
-			b_end = buf+n;
-			bp = buf;
-		    }
-	
-		    c = *bp++;
-		    if (c == '\n') {
-			if (slash) {
-			    slash = 0;
-			    rp--;
-			    continue;
-			} else
-			    break;
-		    }
-		    if (slash) {
-			slash = 0;
-			cp = 0;
-		    }
-		    if (c == ':') {
-			/*
-			 * If the field was `empty' (i.e.
-			 * contained only white space), back up
-			 * to the colon (eliminating the
-			 * field).
-			 */
-			if (cp)
-			    rp = cp;
-			else
-			    cp = rp;
-		    } else if (c == '\\') {
-			slash = 1;
-		    } else if (c != ' ' && c != '\t') {
-			/*
-			 * Forget where the colon was, as this
-			 * is not an empty field.
-			 */
-			cp = 0;
-		    }
-		    *rp++ = c;
-
-				/*
-				 * Enforce loop invariant: if no room 
-				 * left in record buffer, try to get
-				 * some more.
-				 */
-		    if (rp >= r_end) {
-			u_int pos;
-			size_t newsize;
-
-			pos = rp - record;
-			newsize = r_end - record + BFRAG;
-			record = realloc(record, newsize);
-			if (record == NULL) {
-			    errno = ENOMEM;
-			    if (myfd)
-				(void)close(fd);
-			    return (-2);
-			}
-			r_end = record + newsize;
-			rp = record + pos;
-		    }
-		}
-		/* Eliminate any white space after the last colon. */
-		if (cp)
-		    rp = cp + 1;
-		/* Loop invariant lets us do this. */
-		*rp++ = '\0';
-
-		/*
-		 * If encountered eof check next file.
-		 */
-		if (eof)
-		    break;
-				
-		/*
-		 * Toss blank lines and comments.
-		 */
-		if (*record == '\0' || *record == '#')
-		    continue;
-	
-		/*
-		 * See if this is the record we want ...
-		 */
-		if (cgetmatch(record, name) == 0) {
-		    if (nfield == NULL || !nfcmp(nfield, record)) {
-			foundit = 1;
-			break;	/* found it! */
-		    }
-		}
-	    }
-	}
-	if (foundit)
-	    break;
-    }
-
-    if (!foundit)
-	return (-1);
-
-    /*
-     * Got the capability record, but now we have to expand all tc=name
-     * references in it ...
-     */
- tc_exp:	{
-	char *newicap, *s;
-	size_t ilen, newilen;
-	int diff, iret, tclen;
-	char *icap, *scan, *tc, *tcstart, *tcend;
-
-	/*
-	 * Loop invariants:
-	 *	There is room for one more character in record.
-	 *	R_end points just past end of record.
-	 *	Rp points just past last character in record.
-	 *	Scan points at remainder of record that needs to be
-	 *	scanned for tc=name constructs.
-	 */
-	scan = record;
-	tc_not_resolved = 0;
-	for (;;) {
-	    if ((tc = cgetcap(scan, "tc", '=')) == NULL)
-		break;
-
-	    /*
-	     * Find end of tc=name and stomp on the trailing `:'
-	     * (if present) so we can use it to call ourselves.
-	     */
-	    s = tc;
-	    for (;;)
-		if (*s == '\0')
-		    break;
-		else
-		    if (*s++ == ':') {
-			*(s - 1) = '\0';
-			break;
-		    }
-	    tcstart = tc - 3;
-	    tclen = s - tcstart;
-	    tcend = s;
-
-	    iret = getent(&icap, &ilen, db_p, fd, tc, depth+1, 
-			  NULL);
-	    newicap = icap;		/* Put into a register. */
-	    newilen = ilen;
-	    if (iret != 0) {
-				/* an error */
-		if (iret < -1) {
-		    if (myfd)
-			(void)close(fd);
-		    free(record);
-		    return (iret);
-		}
-		if (iret == 1)
-		    tc_not_resolved = 1;
-				/* couldn't resolve tc */
-		if (iret == -1) {
-		    *(s - 1) = ':';			
-		    scan = s - 1;
-		    tc_not_resolved = 1;
-		    continue;
-					
-		}
-	    }
-	    /* not interested in name field of tc'ed record */
-	    s = newicap;
-	    for (;;)
-		if (*s == '\0')
-		    break;
-		else
-		    if (*s++ == ':')
-			break;
-	    newilen -= s - newicap;
-	    newicap = s;
-
-	    /* make sure interpolated record is `:'-terminated */
-	    s += newilen;
-	    if (*(s-1) != ':') {
-		*s = ':';	/* overwrite NUL with : */
-		newilen++;
-	    }
-
-	    /*
-	     * Make sure there's enough room to insert the
-	     * new record.
-	     */
-	    diff = newilen - tclen;
-	    if (diff >= r_end - rp) {
-		u_int pos, tcpos, tcposend;
-		size_t newsize;
-
-		pos = rp - record;
-		newsize = r_end - record + diff + BFRAG;
-		tcpos = tcstart - record;
-		tcposend = tcend - record;
-		record = realloc(record, newsize);
-		if (record == NULL) {
-		    errno = ENOMEM;
-		    if (myfd)
-			(void)close(fd);
-		    free(icap);
-		    return (-2);
-		}
-		r_end = record + newsize;
-		rp = record + pos;
-		tcstart = record + tcpos;
-		tcend = record + tcposend;
-	    }
-
-	    /*
-	     * Insert tc'ed record into our record.
-	     */
-	    s = tcstart + newilen;
-	    memmove(s, tcend,  (size_t)(rp - tcend));
-	    memmove(tcstart, newicap, newilen);
-	    rp += diff;
-	    free(icap);
-
-	    /*
-	     * Start scan on `:' so next cgetcap works properly
-	     * (cgetcap always skips first field).
-	     */
-	    scan = s-1;
-	}
-	
-    }
-    /*
-     * Close file (if we opened it), give back any extra memory, and
-     * return capability, length and success.
-     */
-    if (myfd)
-	(void)close(fd);
-    *len = rp - record - 1;	/* don't count NUL */
-    if (r_end > rp)
-	if ((record = 
-	     realloc(record, (size_t)(rp - record))) == NULL) {
-	    errno = ENOMEM;
-	    return (-2);
-	}
-		
-    *cap = record;
-    if (tc_not_resolved)
-	return (1);
-    return (0);
-}	
-
-#ifdef USE_DB
-static int
-cdbget(DB *capdbp, char **bp, const char *name)
-{
-	DBT key;
-	DBT data;
-
-	/* LINTED key is not modified */
-	key.data = (char *)name;
-	key.size = strlen(name);
-
-	for (;;) {
-		/* Get the reference. */
-		switch(capdbp->get(capdbp, &key, &data, 0)) {
-		case -1:
-			return (-2);
-		case 1:
-			return (-1);
-		}
-
-		/* If not an index to another record, leave. */
-		if (((char *)data.data)[0] != SHADOW)
-			break;
-
-		key.data = (char *)data.data + 1;
-		key.size = data.size - 1;
-	}
-	
-	*bp = (char *)data.data + 1;
-	return (((char *)(data.data))[0] == TCERR ? 1 : 0);
-}
-#endif /* USE_DB */
-
-/*
- * Cgetmatch will return 0 if name is one of the names of the capability
- * record buf, -1 if not.
- */
-int
-cgetmatch(const char *buf, const char *name)
-{
-    const char *np, *bp;
-
-    /*
-     * Start search at beginning of record.
-     */
-    bp = buf;
-    for (;;) {
-	/*
-	 * Try to match a record name.
-	 */
-	np = name;
-	for (;;)
-	    if (*np == '\0') {
-		if (*bp == '|' || *bp == ':' || *bp == '\0')
-		    return (0);
-		else
-		    break;
-	    } else
-		if (*bp++ != *np++)
-		    break;
-
-	/*
-	 * Match failed, skip to next name in record.
-	 */
-	bp--;	/* a '|' or ':' may have stopped the match */
-	for (;;)
-	    if (*bp == '\0' || *bp == ':')
-		return (-1);	/* match failed totally */
-	    else
-		if (*bp++ == '|')
-		    break;	/* found next name */
-    }
-}
-
-#if 0
-int
-cgetfirst(char **buf, char **db_array)
-{
-    (void)cgetclose();
-    return (cgetnext(buf, db_array));
-}
-#endif
-
-static FILE *pfp;
-static int slash;
-static char **dbp;
-
-int
-cgetclose(void)
-{
-    if (pfp != NULL) {
-	(void)fclose(pfp);
-	pfp = NULL;
-    }
-    dbp = NULL;
-    gottoprec = 0;
-    slash = 0;
-    return(0);
-}
-
-#if 0
-/*
- * Cgetnext() gets either the first or next entry in the logical database 
- * specified by db_array.  It returns 0 upon completion of the database, 1
- * upon returning an entry with more remaining, and -1 if an error occurs.
- */
-int
-cgetnext(char **bp, char **db_array)
-{
-    size_t len;
-    int status, done;
-    char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE];
-    size_t dummy;
-
-    if (dbp == NULL)
-	dbp = db_array;
-
-    if (pfp == NULL && (pfp = fopen(*dbp, "r")) == NULL) {
-	(void)cgetclose();
-	return (-1);
-    }
-    for(;;) {
-	if (toprec && !gottoprec) {
-	    gottoprec = 1;
-	    line = toprec;
-	} else {
-	    line = fgetln(pfp, &len);
-	    if (line == NULL && pfp) {
-		if (ferror(pfp)) {
-		    (void)cgetclose();
-		    return (-1);
-		} else {
-		    (void)fclose(pfp);
-		    pfp = NULL;
-		    if (*++dbp == NULL) {
-			(void)cgetclose();
-			return (0);
-		    } else if ((pfp =
-				fopen(*dbp, "r")) == NULL) {
-			(void)cgetclose();
-			return (-1);
-		    } else
-			continue;
-		}
-	    } else
-		line[len - 1] = '\0';
-	    if (len == 1) {
-		slash = 0;
-		continue;
-	    }
-	    if (isspace((unsigned char)*line) ||
-		*line == ':' || *line == '#' || slash) {
-		if (line[len - 2] == '\\')
-		    slash = 1;
-		else
-		    slash = 0;
-		continue;
-	    }
-	    if (line[len - 2] == '\\')
-		slash = 1;
-	    else
-		slash = 0;
-	}			
-
-
-	/* 
-	 * Line points to a name line.
-	 */
-	done = 0;
-	np = nbuf;
-	for (;;) {
-	    for (cp = line; *cp != '\0'; cp++) {
-		if (*cp == ':') {
-		    *np++ = ':';
-		    done = 1;
-		    break;
-		}
-		if (*cp == '\\')
-		    break;
-		*np++ = *cp;
-	    }
-	    if (done) {
-		*np = '\0';
-		break;
-	    } else { /* name field extends beyond the line */
-		line = fgetln(pfp, &len);
-		if (line == NULL && pfp) {
-		    if (ferror(pfp)) {
-			(void)cgetclose();
-			return (-1);
-		    }
-		    (void)fclose(pfp);
-		    pfp = NULL;
-		    *np = '\0';
-		    break;
-		} else
-		    line[len - 1] = '\0';
-	    }
-	}
-	rp = buf;
-	for(cp = nbuf; *cp != '\0'; cp++)
-	    if (*cp == '|' || *cp == ':')
-		break;
-	    else
-		*rp++ = *cp;
-
-	*rp = '\0';
-	/* 
-	 * XXX 
-	 * Last argument of getent here should be nbuf if we want true
-	 * sequential access in the case of duplicates.  
-	 * With NULL, getent will return the first entry found
-	 * rather than the duplicate entry record.  This is a 
-	 * matter of semantics that should be resolved.
-	 */
-	status = getent(bp, &dummy, db_array, -1, buf, 0, NULL);
-	if (status == -2 || status == -3)
-	    (void)cgetclose();
-
-	return (status + 1);
-    }
-    /* NOTREACHED */
-}
-#endif
-
-/*
- * Cgetstr retrieves the value of the string capability cap from the
- * capability record pointed to by buf.  A pointer to a decoded, NUL
- * terminated, malloc'd copy of the string is returned in the char *
- * pointed to by str.  The length of the string not including the trailing
- * NUL is returned on success, -1 if the requested string capability
- * couldn't be found, -2 if a system error was encountered (storage
- * allocation failure).
- */
-int
-cgetstr(char *buf, const char *cap, char **str)
-{
-    u_int m_room;
-    const char *bp;
-    char *mp;
-    int len;
-    char *mem;
-
-    /*
-     * Find string capability cap
-     */
-    bp = cgetcap(buf, cap, '=');
-    if (bp == NULL)
-	return (-1);
-
-    /*
-     * Conversion / storage allocation loop ...  Allocate memory in
-     * chunks SFRAG in size.
-     */
-    if ((mem = malloc(SFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);	/* couldn't even allocate the first fragment */
-    }
-    m_room = SFRAG;
-    mp = mem;
-
-    while (*bp != ':' && *bp != '\0') {
-	/*
-	 * Loop invariants:
-	 *	There is always room for one more character in mem.
-	 *	Mp always points just past last character in mem.
-	 *	Bp always points at next character in buf.
-	 */
-	if (*bp == '^') {
-	    bp++;
-	    if (*bp == ':' || *bp == '\0')
-		break;	/* drop unfinished escape */
-	    *mp++ = *bp++ & 037;
-	} else if (*bp == '\\') {
-	    bp++;
-	    if (*bp == ':' || *bp == '\0')
-		break;	/* drop unfinished escape */
-	    if ('0' <= *bp && *bp <= '7') {
-		int n, i;
-
-		n = 0;
-		i = 3;	/* maximum of three octal digits */
-		do {
-		    n = n * 8 + (*bp++ - '0');
-		} while (--i && '0' <= *bp && *bp <= '7');
-		*mp++ = n;
-	    }
-	    else switch (*bp++) {
-	    case 'b': case 'B':
-		*mp++ = '\b';
-		break;
-	    case 't': case 'T':
-		*mp++ = '\t';
-		break;
-	    case 'n': case 'N':
-		*mp++ = '\n';
-		break;
-	    case 'f': case 'F':
-		*mp++ = '\f';
-		break;
-	    case 'r': case 'R':
-		*mp++ = '\r';
-		break;
-	    case 'e': case 'E':
-		*mp++ = ESC;
-		break;
-	    case 'c': case 'C':
-		*mp++ = ':';
-		break;
-	    default:
-		/*
-		 * Catches '\', '^', and
-		 *  everything else.
-		 */
-		*mp++ = *(bp-1);
-		break;
-	    }
-	} else
-	    *mp++ = *bp++;
-	m_room--;
-
-	/*
-	 * Enforce loop invariant: if no room left in current
-	 * buffer, try to get some more.
-	 */
-	if (m_room == 0) {
-	    size_t size = mp - mem;
-
-	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
-		return (-2);
-	    m_room = SFRAG;
-	    mp = mem + size;
-	}
-    }
-    *mp++ = '\0';	/* loop invariant let's us do this */
-    m_room--;
-    len = mp - mem - 1;
-
-    /*
-     * Give back any extra memory and return value and success.
-     */
-    if (m_room != 0)
-	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
-	    return (-2);
-    *str = mem;
-    return (len);
-}
-
-/*
- * Cgetustr retrieves the value of the string capability cap from the
- * capability record pointed to by buf.  The difference between cgetustr()
- * and cgetstr() is that cgetustr does not decode escapes but rather treats
- * all characters literally.  A pointer to a  NUL terminated malloc'd 
- * copy of the string is returned in the char pointed to by str.  The 
- * length of the string not including the trailing NUL is returned on success,
- * -1 if the requested string capability couldn't be found, -2 if a system 
- * error was encountered (storage allocation failure).
- */
-int
-cgetustr(char *buf, const char *cap, char **str)
-{
-    u_int m_room;
-    const char *bp;
-    char *mp;
-    int len;
-    char *mem;
-
-    /*
-     * Find string capability cap
-     */
-    if ((bp = cgetcap(buf, cap, '=')) == NULL)
-	return (-1);
-
-    /*
-     * Conversion / storage allocation loop ...  Allocate memory in
-     * chunks SFRAG in size.
-     */
-    if ((mem = malloc(SFRAG)) == NULL) {
-	errno = ENOMEM;
-	return (-2);	/* couldn't even allocate the first fragment */
-    }
-    m_room = SFRAG;
-    mp = mem;
-
-    while (*bp != ':' && *bp != '\0') {
-	/*
-	 * Loop invariants:
-	 *	There is always room for one more character in mem.
-	 *	Mp always points just past last character in mem.
-	 *	Bp always points at next character in buf.
-	 */
-	*mp++ = *bp++;
-	m_room--;
-
-	/*
-	 * Enforce loop invariant: if no room left in current
-	 * buffer, try to get some more.
-	 */
-	if (m_room == 0) {
-	    size_t size = mp - mem;
-
-	    if ((mem = realloc(mem, size + SFRAG)) == NULL)
-		return (-2);
-	    m_room = SFRAG;
-	    mp = mem + size;
-	}
-    }
-    *mp++ = '\0';	/* loop invariant let's us do this */
-    m_room--;
-    len = mp - mem - 1;
-
-    /*
-     * Give back any extra memory and return value and success.
-     */
-    if (m_room != 0)
-	if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
-	    return (-2);
-    *str = mem;
-    return (len);
-}
-
-/*
- * Cgetnum retrieves the value of the numeric capability cap from the
- * capability record pointed to by buf.  The numeric value is returned in
- * the long pointed to by num.  0 is returned on success, -1 if the requested
- * numeric capability couldn't be found.
- */
-int
-cgetnum(char *buf, const char *cap, long *num)
-{
-    long n;
-    int base, digit;
-    const char *bp;
-
-    /*
-     * Find numeric capability cap
-     */
-    bp = cgetcap(buf, cap, '#');
-    if (bp == NULL)
-	return (-1);
-
-    /*
-     * Look at value and determine numeric base:
-     *	0x... or 0X...	hexadecimal,
-     * else	0...		octal,
-     * else			decimal.
-     */
-    if (*bp == '0') {
-	bp++;
-	if (*bp == 'x' || *bp == 'X') {
-	    bp++;
-	    base = 16;
-	} else
-	    base = 8;
-    } else
-	base = 10;
-
-    /*
-     * Conversion loop ...
-     */
-    n = 0;
-    for (;;) {
-	if ('0' <= *bp && *bp <= '9')
-	    digit = *bp - '0';
-	else if ('a' <= *bp && *bp <= 'f')
-	    digit = 10 + *bp - 'a';
-	else if ('A' <= *bp && *bp <= 'F')
-	    digit = 10 + *bp - 'A';
-	else
-	    break;
-
-	if (digit >= base)
-	    break;
-
-	n = n * base + digit;
-	bp++;
-    }
-
-    /*
-     * Return value and success.
-     */
-    *num = n;
-    return (0);
-}
-
-
-/*
- * Compare name field of record.
- */
-static int
-nfcmp(char *nf, char *rec)
-{
-    char *cp, tmp;
-    int ret;
-	
-    for (cp = rec; *cp != ':'; cp++)
-	;
-	
-    tmp = *(cp + 1);
-    *(cp + 1) = '\0';
-    ret = strcmp(nf, rec);
-    *(cp + 1) = tmp;
-
-    return (ret);
-}
diff --git a/crypto/heimdal/lib/roken/getcwd.c b/crypto/heimdal/lib/roken/getcwd.c
deleted file mode 100644
index c1f26100216c..000000000000
--- a/crypto/heimdal/lib/roken/getcwd.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getcwd.c,v 1.12 1999/12/02 16:58:46 joda Exp $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#include "roken.h"
-
-char*
-getcwd(char *path, size_t size)
-{
-    char xxx[MaxPathLen];
-    char *ret;
-    ret = getwd(xxx);
-    if(ret)
-	strlcpy(path, xxx, size);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getdtablesize.c b/crypto/heimdal/lib/roken/getdtablesize.c
deleted file mode 100644
index 183e8ff74507..000000000000
--- a/crypto/heimdal/lib/roken/getdtablesize.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (c) 1995-2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getdtablesize.c,v 1.11 2001/06/20 00:00:38 joda Exp $");
-#endif
-
-#include "roken.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-
-#ifdef HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h>
-#endif
-
-int getdtablesize(void)
-{
-  int files = -1;
-#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
-  files = sysconf(_SC_OPEN_MAX);
-#else /* !defined(HAVE_SYSCONF) */
-#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
-  struct rlimit res;
-  if (getrlimit(RLIMIT_NOFILE, &res) == 0)
-    files = res.rlim_cur;
-#else /* !definded(HAVE_GETRLIMIT) */
-#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES)
-  int mib[2];
-  size_t len;
-    
-  mib[0] = CTL_KERN;
-  mib[1] = KERN_MAXFILES;
-  len = sizeof(files);
-  sysctl(&mib, 2, &files, sizeof(files), NULL, 0);
-#endif /* defined(HAVE_SYSCTL) */
-#endif /* !definded(HAVE_GETRLIMIT) */
-#endif /* !defined(HAVE_SYSCONF) */
-
-#ifdef OPEN_MAX
-  if (files < 0)
-    files = OPEN_MAX;
-#endif
-
-#ifdef NOFILE
-  if (files < 0)
-    files = NOFILE;
-#endif    
-    
-  return files;
-}
diff --git a/crypto/heimdal/lib/roken/getegid.c b/crypto/heimdal/lib/roken/getegid.c
deleted file mode 100644
index b6eab857e41a..000000000000
--- a/crypto/heimdal/lib/roken/getegid.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETEGID
-
-RCSID("$Id: getegid.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
-
-int getegid(void)
-{
-    return getgid();
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/geteuid.c b/crypto/heimdal/lib/roken/geteuid.c
deleted file mode 100644
index 4bdf531bf921..000000000000
--- a/crypto/heimdal/lib/roken/geteuid.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETEUID
-
-RCSID("$Id: geteuid.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
-
-int geteuid(void)
-{
-    return getuid();
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/getgid.c b/crypto/heimdal/lib/roken/getgid.c
deleted file mode 100644
index f2ca01a69982..000000000000
--- a/crypto/heimdal/lib/roken/getgid.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETGID
-
-RCSID("$Id: getgid.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
-
-int getgid(void)
-{
-    return 17;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/gethostname.c b/crypto/heimdal/lib/roken/gethostname.c
deleted file mode 100644
index 753ba9f1b6b9..000000000000
--- a/crypto/heimdal/lib/roken/gethostname.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETHOSTNAME
-
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-/*
- * Return the local host's name in "name", up to "namelen" characters.
- * "name" will be null-terminated if "namelen" is big enough.
- * The return code is 0 on success, -1 on failure.  (The calling
- * interface is identical to gethostname(2).)
- */
-
-int
-gethostname(char *name, int namelen)
-{
-#if defined(HAVE_UNAME)
-    {
-	struct utsname utsname;
-	int ret;
-
-	ret = uname (&utsname);
-	if (ret < 0)
-	    return ret;
-	strlcpy (name, utsname.nodename, namelen);
-	return 0;
-    }
-#else
-    strlcpy (name, "some.random.host", namelen);
-    return 0;
-#endif
-}
-
-#endif /* GETHOSTNAME */
diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c
deleted file mode 100644
index e8c53f83f7e3..000000000000
--- a/crypto/heimdal/lib/roken/getifaddrs.c
+++ /dev/null
@@ -1,1182 +0,0 @@
-/*
- * Copyright (c) 2000 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getifaddrs.c,v 1.9 2002/09/05 03:36:23 assar Exp $");
-#endif
-#include "roken.h"
-
-#ifdef __osf__
-/* hate */
-struct rtentry;
-struct mbuf;
-#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif /* HAVE_SYS_SOCKIO_H */
-
-#ifdef HAVE_NETINET_IN6_VAR_H
-#include <netinet/in6_var.h>
-#endif /* HAVE_NETINET_IN6_VAR_H */
-
-#include <ifaddrs.h>
-
-#ifdef AF_NETLINK
-
-/*
- * The linux - AF_NETLINK version of getifaddrs - from Usagi.
- * Linux does not return v6 addresses from SIOCGIFCONF.
- */
-
-/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */
-
-/**************************************************************************
- * ifaddrs.c
- * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <string.h>
-#include <time.h>
-#include <malloc.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <sys/socket.h>
-#include <asm/types.h>
-#include <linux/netlink.h>
-#include <linux/rtnetlink.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netpacket/packet.h>
-#include <net/ethernet.h>     /* the L2 protocols */
-#include <sys/uio.h>
-#include <net/if.h>
-#include <net/if_arp.h>
-#include <ifaddrs.h>
-#include <netinet/in.h>
-
-#define __set_errno(e) (errno = (e))
-#define __close(fd) (close(fd))
-#undef ifa_broadaddr
-#define ifa_broadaddr ifa_dstaddr
-#define IFA_NETMASK
-
-/* ====================================================================== */
-struct nlmsg_list{
-    struct nlmsg_list *nlm_next;
-    struct nlmsghdr *nlh;
-    int size;
-    time_t seq;
-};
-
-struct rtmaddr_ifamap {
-  void *address;
-  void *local;
-#ifdef IFA_NETMASK
-  void *netmask;
-#endif
-  void *broadcast;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-  void *anycast;
-#endif
-  int address_len;
-  int local_len;
-#ifdef IFA_NETMASK
-  int netmask_len;
-#endif
-  int broadcast_len;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-  int anycast_len;
-#endif
-};
-
-/* ====================================================================== */
-static size_t
-ifa_sa_len(sa_family_t family, int len)
-{
-  size_t size;
-  switch(family){
-  case AF_INET:
-    size = sizeof(struct sockaddr_in);
-    break;
-  case AF_INET6:
-    size = sizeof(struct sockaddr_in6);
-    break;
-  case AF_PACKET:
-    size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len;
-    if (size < sizeof(struct sockaddr_ll))
-      size = sizeof(struct sockaddr_ll);
-    break;
-  default:
-    size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len;
-    if (size < sizeof(struct sockaddr))
-      size = sizeof(struct sockaddr);
-  }
-  return size;
-}
-
-static void 
-ifa_make_sockaddr(sa_family_t family, 
-		  struct sockaddr *sa, 
-		  void *p, size_t len,
-		  uint32_t scope, uint32_t scopeid)
-{
-  if (sa == NULL) return;
-  switch(family){
-  case AF_INET:
-    memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len);
-    break;
-  case AF_INET6:
-    memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len);
-    if (IN6_IS_ADDR_LINKLOCAL(p) ||
-	IN6_IS_ADDR_MC_LINKLOCAL(p)){
-      ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
-    }
-    break;
-  case AF_PACKET:
-    memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len);
-    ((struct sockaddr_ll*)sa)->sll_halen = len;
-    break;
-  default:
-    memcpy(sa->sa_data, p, len);	/*XXX*/
-    break;
-  }
-  sa->sa_family = family;
-#ifdef HAVE_SOCKADDR_SA_LEN
-  sa->sa_len = ifa_sa_len(family, len);
-#endif
-}
-
-#ifndef IFA_NETMASK
-static struct sockaddr *
-ifa_make_sockaddr_mask(sa_family_t family, 
-		       struct sockaddr *sa, 
-		       uint32_t prefixlen)
-{
-  int i;
-  char *p = NULL, c;
-  uint32_t max_prefixlen = 0;
-
-  if (sa == NULL) return NULL;
-  switch(family){
-  case AF_INET:
-    memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr));
-    p = (char *)&((struct sockaddr_in*)sa)->sin_addr;
-    max_prefixlen = 32;
-    break;
-  case AF_INET6:
-    memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr));
-    p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr;
-#if 0	/* XXX: fill scope-id? */
-    if (IN6_IS_ADDR_LINKLOCAL(p) ||
-	IN6_IS_ADDR_MC_LINKLOCAL(p)){
-      ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
-    }
-#endif
-    max_prefixlen = 128;
-    break;
-  default:
-    return NULL;
-  }
-  sa->sa_family = family;
-#ifdef HAVE_SOCKADDR_SA_LEN
-  sa->sa_len = ifa_sa_len(family, len);
-#endif
-  if (p){
-    if (prefixlen > max_prefixlen)
-      prefixlen = max_prefixlen;
-    for (i=0; i<(prefixlen / 8); i++)
-      *p++ = 0xff;
-    c = 0xff;
-    c <<= (8 - (prefixlen % 8));
-    *p = c;
-  }
-  return sa;
-}
-#endif
-
-/* ====================================================================== */
-static int 
-nl_sendreq(int sd, int request, int flags, int *seq)
-{
-  char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
-	      NLMSG_ALIGN(sizeof(struct rtgenmsg))];
-  struct sockaddr_nl nladdr;
-  struct nlmsghdr *req_hdr;
-  struct rtgenmsg *req_msg;
-  time_t t = time(NULL);
-
-  if (seq) *seq = t;
-  memset(&reqbuf, 0, sizeof(reqbuf));
-  req_hdr = (struct nlmsghdr *)reqbuf;
-  req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr);
-  req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg));
-  req_hdr->nlmsg_type = request;
-  req_hdr->nlmsg_flags = flags | NLM_F_REQUEST;
-  req_hdr->nlmsg_pid = 0;
-  req_hdr->nlmsg_seq = t;
-  req_msg->rtgen_family = AF_UNSPEC;
-  memset(&nladdr, 0, sizeof(nladdr));
-  nladdr.nl_family = AF_NETLINK;
-  return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0,
-		 (struct sockaddr *)&nladdr, sizeof(nladdr)));
-}
-
-static int 
-nl_recvmsg(int sd, int request, int seq, 
-	   void *buf, size_t buflen, 
-	   int *flags)
-{
-  struct msghdr msg;
-  struct iovec iov = { buf, buflen };
-  struct sockaddr_nl nladdr;
-  int read_len;
-
-  for (;;){
-    msg.msg_name = (void *)&nladdr;
-    msg.msg_namelen = sizeof(nladdr);
-    msg.msg_iov = &iov;
-    msg.msg_iovlen = 1;
-    msg.msg_control = NULL;
-    msg.msg_controllen = 0;
-    msg.msg_flags = 0;
-    read_len = recvmsg(sd, &msg, 0);
-    if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC))
-      continue;
-    if (flags) *flags = msg.msg_flags;
-    break;
-  }
-  return read_len;
-}
-
-static int 
-nl_getmsg(int sd, int request, int seq, 
-	  struct nlmsghdr **nlhp,
-	  int *done)
-{
-  struct nlmsghdr *nh;
-  size_t bufsize = 65536, lastbufsize = 0;
-  void *buff = NULL;
-  int result = 0, read_size;
-  int msg_flags;
-  pid_t pid = getpid();
-  for (;;){
-    void *newbuff = realloc(buff, bufsize);
-    if (newbuff == NULL || bufsize < lastbufsize) {
-      result = -1;
-      break;
-    }
-    buff = newbuff;
-    result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags);
-    if (read_size < 0 || (msg_flags & MSG_TRUNC)){
-      lastbufsize = bufsize;
-      bufsize *= 2;
-      continue;
-    }
-    if (read_size == 0) break;
-    nh = (struct nlmsghdr *)buff;
-    for (nh = (struct nlmsghdr *)buff;
-	 NLMSG_OK(nh, read_size);
-	 nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){
-      if (nh->nlmsg_pid != pid ||
-	  nh->nlmsg_seq != seq)
-	continue;
-      if (nh->nlmsg_type == NLMSG_DONE){
-	(*done)++;
-	break; /* ok */
-      }
-      if (nh->nlmsg_type == NLMSG_ERROR){
-	struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh);
-	result = -1;
-	if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
-	  __set_errno(EIO);
-	else
-	  __set_errno(-nlerr->error);
-	break;
-      }
-    }
-    break;
-  }
-  if (result < 0)
-    if (buff){
-      int saved_errno = errno;
-      free(buff);
-      __set_errno(saved_errno);
-    }
-  *nlhp = (struct nlmsghdr *)buff;
-  return result;
-}
-
-static int
-nl_getlist(int sd, int seq,
-	   int request,
-	   struct nlmsg_list **nlm_list,
-	   struct nlmsg_list **nlm_end)
-{
-  struct nlmsghdr *nlh = NULL;
-  int status;
-  int done = 0;
-
-  status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq);
-  if (status < 0)
-    return status;
-  if (seq == 0)
-    seq = (int)time(NULL);
-  while(!done){
-    status = nl_getmsg(sd, request, seq, &nlh, &done);
-    if (status < 0)
-      return status;
-    if (nlh){
-      struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list));
-      if (nlm_next == NULL){
-	int saved_errno = errno;
-	free(nlh);
-	__set_errno(saved_errno);
-	status = -1;
-      } else {
-	nlm_next->nlm_next = NULL;
-	nlm_next->nlh = (struct nlmsghdr *)nlh;
-	nlm_next->size = status;
-	nlm_next->seq = seq;
-	if (*nlm_list == NULL){
-	  *nlm_list = nlm_next;
-	  *nlm_end = nlm_next;
-	} else {
-	  (*nlm_end)->nlm_next = nlm_next;
-	  *nlm_end = nlm_next;
-	}
-      }
-    }
-  }
-  return status >= 0 ? seq : status;
-}
-
-/* ---------------------------------------------------------------------- */
-static void 
-free_nlmsglist(struct nlmsg_list *nlm0)
-{
-  struct nlmsg_list *nlm;
-  int saved_errno;
-  if (!nlm0)
-    return;
-  saved_errno = errno;
-  for (nlm=nlm0; nlm; nlm=nlm->nlm_next){
-    if (nlm->nlh)
-      free(nlm->nlh);
-  }
-  free(nlm0);
-  __set_errno(saved_errno);
-}
-
-static void 
-free_data(void *data, void *ifdata)
-{
-  int saved_errno = errno;
-  if (data != NULL) free(data);
-  if (ifdata != NULL) free(ifdata);
-  __set_errno(saved_errno);
-}
-
-/* ---------------------------------------------------------------------- */
-static void 
-nl_close(int sd)
-{
-  int saved_errno = errno;
-  if (sd >= 0) __close(sd);
-  __set_errno(saved_errno);
-}
-
-/* ---------------------------------------------------------------------- */
-static int 
-nl_open(void)
-{
-  struct sockaddr_nl nladdr;
-  int sd;
-
-  sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-  if (sd < 0) return -1;
-  memset(&nladdr, 0, sizeof(nladdr));
-  nladdr.nl_family = AF_NETLINK;
-  if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){
-    nl_close(sd);
-    return -1;
-  }
-  return sd;
-}
-
-/* ====================================================================== */
-int getifaddrs(struct ifaddrs **ifap)
-{
-  int sd;
-  struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm;
-  /* - - - - - - - - - - - - - - - */
-  int icnt;
-  size_t dlen, xlen, nlen;
-  uint32_t max_ifindex = 0;
-
-  pid_t pid = getpid();
-  int seq;
-  int result;
-  int build     ; /* 0 or 1 */
-
-/* ---------------------------------- */
-  /* initialize */
-  icnt = dlen = xlen = nlen = 0;
-  nlmsg_list = nlmsg_end = NULL;
-
-  if (ifap)
-    *ifap = NULL;
-
-/* ---------------------------------- */
-  /* open socket and bind */
-  sd = nl_open();
-  if (sd < 0)
-    return -1;
-
-/* ---------------------------------- */
-   /* gather info */
-  if ((seq = nl_getlist(sd, 0, RTM_GETLINK,
-			&nlmsg_list, &nlmsg_end)) < 0){
-    free_nlmsglist(nlmsg_list);
-    nl_close(sd);
-    return -1;
-  }
-  if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR,
-			&nlmsg_list, &nlmsg_end)) < 0){
-    free_nlmsglist(nlmsg_list);
-    nl_close(sd);
-    return -1;
-  }
-
-/* ---------------------------------- */
-  /* Estimate size of result buffer and fill it */
-  for (build=0; build<=1; build++){
-    struct ifaddrs *ifl = NULL, *ifa = NULL;
-    struct nlmsghdr *nlh, *nlh0;
-    char *data = NULL, *xdata = NULL;
-    void *ifdata = NULL;
-    char *ifname = NULL, **iflist = NULL;
-    uint16_t *ifflist = NULL;
-    struct rtmaddr_ifamap ifamap;
-
-    if (build){
-      data = calloc(1,
-		    NLMSG_ALIGN(sizeof(struct ifaddrs[icnt]))
-		    + dlen + xlen + nlen);
-      ifa = (struct ifaddrs *)data;
-      ifdata = calloc(1, 
-		      NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))
-		      + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1])));
-      if (ifap != NULL)
-	*ifap = (ifdata != NULL) ? ifa : NULL;
-      else{
-	free_data(data, ifdata);
-	result = 0;
-	break;
-      }
-      if (data == NULL || ifdata == NULL){
-	free_data(data, ifdata);
-	result = -1;
-	break;
-      }
-      ifl = NULL;
-      data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt;
-      xdata = data + dlen;
-      ifname = xdata + xlen;
-      iflist = ifdata;
-      ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])));
-    }
-
-    for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){
-      int nlmlen = nlm->size;
-      if (!(nlh0 = nlm->nlh))
-	continue;
-      for (nlh = nlh0; 
-	   NLMSG_OK(nlh, nlmlen); 
-	   nlh=NLMSG_NEXT(nlh,nlmlen)){
-	struct ifinfomsg *ifim = NULL;
-	struct ifaddrmsg *ifam = NULL;
-	struct rtattr *rta;
-
-	size_t nlm_struct_size = 0;
-	sa_family_t nlm_family = 0;
-	uint32_t nlm_scope = 0, nlm_index = 0;
-	size_t sockaddr_size = 0;
-	uint32_t nlm_prefixlen = 0;
-	size_t rtasize;
-
-	memset(&ifamap, 0, sizeof(ifamap));
-
-	/* check if the message is what we want */
-	if (nlh->nlmsg_pid != pid ||
-	    nlh->nlmsg_seq != nlm->seq)
-	  continue;
-	if (nlh->nlmsg_type == NLMSG_DONE){
-	  break; /* ok */
-	}
-	switch (nlh->nlmsg_type){
-	case RTM_NEWLINK:
-	  ifim = (struct ifinfomsg *)NLMSG_DATA(nlh);
-	  nlm_struct_size = sizeof(*ifim);
-	  nlm_family = ifim->ifi_family;
-	  nlm_scope = 0;
-	  nlm_index = ifim->ifi_index;
-	  nlm_prefixlen = 0;
-	  if (build)
-	    ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags;
-	  break;
-	case RTM_NEWADDR:
-	  ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh);
-	  nlm_struct_size = sizeof(*ifam);
-	  nlm_family = ifam->ifa_family;
-	  nlm_scope = ifam->ifa_scope;
-	  nlm_index = ifam->ifa_index;
-	  nlm_prefixlen = ifam->ifa_prefixlen;
-	  if (build)
-	    ifa->ifa_flags = ifflist[nlm_index];
-	  break;
-	default:
-	  continue;
-	}
-	
-	if (!build){
-	  if (max_ifindex < nlm_index)
-	    max_ifindex = nlm_index;
-	} else {
-	  if (ifl != NULL)
-	    ifl->ifa_next = ifa;
-	}
-
-	rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size);
-	for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size));
-	     RTA_OK(rta, rtasize);
-	     rta = RTA_NEXT(rta, rtasize)){
-	  struct sockaddr **sap = NULL;
-	  void *rtadata = RTA_DATA(rta);
-	  size_t rtapayload = RTA_PAYLOAD(rta);
-	  socklen_t sa_len;
-
-	  switch(nlh->nlmsg_type){
-	  case RTM_NEWLINK:
-	    switch(rta->rta_type){
-	    case IFLA_ADDRESS:
-	    case IFLA_BROADCAST:
-	      if (build){
-		sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr;
-		*sap = (struct sockaddr *)data;
-	      }
-	      sa_len = ifa_sa_len(AF_PACKET, rtapayload);
-	      if (rta->rta_type == IFLA_ADDRESS)
-		sockaddr_size = NLMSG_ALIGN(sa_len);
-	      if (!build){
-		dlen += NLMSG_ALIGN(sa_len);
-	      } else {
-		memset(*sap, 0, sa_len);
-		ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0);
-		((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index;
-		((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type;
-		data += NLMSG_ALIGN(sa_len);
-	      }
-	      break;
-	    case IFLA_IFNAME:/* Name of Interface */
-	      if (!build)
-		nlen += NLMSG_ALIGN(rtapayload + 1);
-	      else{
-		ifa->ifa_name = ifname;
-		if (iflist[nlm_index] == NULL)
-		  iflist[nlm_index] = ifa->ifa_name;
-		strncpy(ifa->ifa_name, rtadata, rtapayload);
-		ifa->ifa_name[rtapayload] = '\0';
-		ifname += NLMSG_ALIGN(rtapayload + 1);
-	      }
-	      break;
-	    case IFLA_STATS:/* Statistics of Interface */
-	      if (!build)
-		xlen += NLMSG_ALIGN(rtapayload);
-	      else{
-		ifa->ifa_data = xdata;
-		memcpy(ifa->ifa_data, rtadata, rtapayload);
-		xdata += NLMSG_ALIGN(rtapayload);
-	      }
-	      break;
-	    case IFLA_UNSPEC:
-	      break;
-	    case IFLA_MTU:
-	      break;
-	    case IFLA_LINK:
-	      break;
-	    case IFLA_QDISC:
-	      break;
-	    default:
-	    }
-	    break;
-	  case RTM_NEWADDR:
-	    if (nlm_family == AF_PACKET) break;
-	    switch(rta->rta_type){
-	    case IFA_ADDRESS:
-		ifamap.address = rtadata;
-		ifamap.address_len = rtapayload;
-		break;
-	    case IFA_LOCAL:
-		ifamap.local = rtadata;
-		ifamap.local_len = rtapayload;
-		break;
-	    case IFA_BROADCAST:
-		ifamap.broadcast = rtadata;
-		ifamap.broadcast_len = rtapayload;
-		break;
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-	    case IFA_ANYCAST:
-		ifamap.anycast = rtadata;
-		ifamap.anycast_len = rtapayload;
-		break;
-#endif
-	    case IFA_LABEL:
-	      if (!build)
-		nlen += NLMSG_ALIGN(rtapayload + 1);
-	      else{
-		ifa->ifa_name = ifname;
-		if (iflist[nlm_index] == NULL)
-		  iflist[nlm_index] = ifname;
-		strncpy(ifa->ifa_name, rtadata, rtapayload);
-		ifa->ifa_name[rtapayload] = '\0';
-		ifname += NLMSG_ALIGN(rtapayload + 1);
-	      }
-	      break;
-	    case IFA_UNSPEC:
-	      break;
-	    case IFA_CACHEINFO:
-	      break;
-	    default:
-	    }
-	  }
-	}
-	if (nlh->nlmsg_type == RTM_NEWADDR &&
-	    nlm_family != AF_PACKET) {
-	  if (!ifamap.local) {
-	    ifamap.local = ifamap.address;
-	    ifamap.local_len = ifamap.address_len;
-	  }
-	  if (!ifamap.address) {
-	    ifamap.address = ifamap.local;
-	    ifamap.address_len = ifamap.local_len;
-	  }
-	  if (ifamap.address_len != ifamap.local_len ||
-	      (ifamap.address != NULL &&
-	       memcmp(ifamap.address, ifamap.local, ifamap.address_len))) {
-	    /* p2p; address is peer and local is ours */
-	    ifamap.broadcast = ifamap.address;
-	    ifamap.broadcast_len = ifamap.address_len;
-	    ifamap.address = ifamap.local;
-	    ifamap.address_len = ifamap.local_len;
-	  }
-	  if (ifamap.address) {
-#ifndef IFA_NETMASK
-	    sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
-#endif
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
-	    else {
-	      ifa->ifa_addr = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len));
-	    }
-	  }
-#ifdef IFA_NETMASK
-	  if (ifamap.netmask) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len));
-	    else {
-	      ifa->ifa_netmask = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len));
-	    }
-	  }
-#endif
-	  if (ifamap.broadcast) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len));
-	    else {
-	      ifa->ifa_broadaddr = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len));
-	    }
-	  }
-#ifdef HAVE_IFADDRS_IFA_ANYCAST
-	  if (ifamap.anycast) {
-	    if (!build)
-	      dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len));
-	    else {
-	      ifa->ifa_anycast = (struct sockaddr *)data;
-	      ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len,
-				nlm_scope, nlm_index);
-	      data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len));
-	    }
-	  }
-#endif
-	}
-	if (!build){
-#ifndef IFA_NETMASK
-	  dlen += sockaddr_size;
-#endif
-	  icnt++;
-	} else {
-	  if (ifa->ifa_name == NULL)
-	    ifa->ifa_name = iflist[nlm_index];
-#ifndef IFA_NETMASK
-	  if (ifa->ifa_addr && 
-	      ifa->ifa_addr->sa_family != AF_UNSPEC && 
-	      ifa->ifa_addr->sa_family != AF_PACKET){
-	    ifa->ifa_netmask = (struct sockaddr *)data;
-	    ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen);
-	  }
-	  data += sockaddr_size;
-#endif
-	  ifl = ifa++;
-	}
-      }
-    }
-    if (!build){
-      if (icnt == 0 && (dlen + nlen + xlen == 0)){
-	if (ifap != NULL)
-	  *ifap = NULL;
-	break; /* cannot found any addresses */
-      }
-    }
-    else
-      free_data(NULL, ifdata);
-  }
-
-/* ---------------------------------- */
-  /* Finalize */
-  free_nlmsglist(nlmsg_list);
-  nl_close(sd);
-  return 0;
-}
-
-/* ---------------------------------------------------------------------- */
-void 
-freeifaddrs(struct ifaddrs *ifa)
-{
-  free(ifa);
-}
-
-
-#else /* !AF_NETLINK */
-
-/*
- * The generic SIOCGIFCONF version.
- */
-
-static int
-getifaddrs2(struct ifaddrs **ifap, 
-	    int af, int siocgifconf, int siocgifflags,
-	    size_t ifreq_sz)
-{
-    int ret;
-    int fd;
-    size_t buf_size;
-    char *buf;
-    struct ifconf ifconf;
-    char *p;
-    size_t sz;
-    struct sockaddr sa_zero;
-    struct ifreq *ifr;
-    struct ifaddrs *start = NULL, **end = &start;
-
-    buf = NULL;
-
-    memset (&sa_zero, 0, sizeof(sa_zero));
-    fd = socket(af, SOCK_DGRAM, 0);
-    if (fd < 0)
-	return -1;
-
-    buf_size = 8192;
-    for (;;) {
-	buf = calloc(1, buf_size);
-	if (buf == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	ifconf.ifc_len = buf_size;
-	ifconf.ifc_buf = buf;
-
-	/*
-	 * Solaris returns EINVAL when the buffer is too small.
-	 */
-	if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
-	    ret = errno;
-	    goto error_out;
-	}
-	/*
-	 * Can the difference between a full and a overfull buf
-	 * be determined?
-	 */
-
-	if (ifconf.ifc_len < buf_size)
-	    break;
-	free (buf);
-	buf_size *= 2;
-    }
-
-    for (p = ifconf.ifc_buf;
-	 p < ifconf.ifc_buf + ifconf.ifc_len;
-	 p += sz) {
-	struct ifreq ifreq;
-	struct sockaddr *sa;
-	size_t salen;
-
-	ifr = (struct ifreq *)p;
-	sa  = &ifr->ifr_addr;
-
-	sz = ifreq_sz;
-	salen = sizeof(struct sockaddr);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-	salen = sa->sa_len;
-	sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
-	salen = SA_LEN(sa);
-	sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
-#endif
-	memset (&ifreq, 0, sizeof(ifreq));
-	memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name));
-
-	if (ioctl(fd, siocgifflags, &ifreq) < 0) {
-	    ret = errno;
-	    goto error_out;
-	}
-
-	*end = malloc(sizeof(**end));
-	if (*end == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-
-	(*end)->ifa_next = NULL;
-	(*end)->ifa_name = strdup(ifr->ifr_name);
-	(*end)->ifa_flags = ifreq.ifr_flags;
-	(*end)->ifa_addr = malloc(salen);
-	memcpy((*end)->ifa_addr, sa, salen);
-	(*end)->ifa_netmask = NULL;
-
-#if 0
-	/* fix these when we actually need them */
-	if(ifreq.ifr_flags & IFF_BROADCAST) {
-	    (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
-	    memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, 
-		   sizeof(ifr->ifr_broadaddr));
-	} else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
-	    (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
-	    memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, 
-		   sizeof(ifr->ifr_dstaddr));
-	} else
-	    (*end)->ifa_dstaddr = NULL;
-#else
-	    (*end)->ifa_dstaddr = NULL;
-#endif
-
-	(*end)->ifa_data = NULL;
-
-	end = &(*end)->ifa_next;
-	
-    }
-    *ifap = start;
-    close(fd);
-    free(buf);
-    return 0;
-  error_out:
-    freeifaddrs(start);
-    close(fd);
-    free(buf);
-    errno = ret;
-    return -1;
-}
-
-#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
-static int
-getlifaddrs2(struct ifaddrs **ifap, 
-	     int af, int siocgifconf, int siocgifflags,
-	     size_t ifreq_sz)
-{
-    int ret;
-    int fd;
-    size_t buf_size;
-    char *buf;
-    struct lifconf ifconf;
-    char *p;
-    size_t sz;
-    struct sockaddr sa_zero;
-    struct lifreq *ifr;
-    struct ifaddrs *start = NULL, **end = &start;
-
-    buf = NULL;
-
-    memset (&sa_zero, 0, sizeof(sa_zero));
-    fd = socket(af, SOCK_DGRAM, 0);
-    if (fd < 0)
-	return -1;
-
-    buf_size = 8192;
-    for (;;) {
-	buf = calloc(1, buf_size);
-	if (buf == NULL) {
-	    ret = ENOMEM;
-	    goto error_out;
-	}
-	ifconf.lifc_family = AF_UNSPEC;
-	ifconf.lifc_flags  = 0;
-	ifconf.lifc_len    = buf_size;
-	ifconf.lifc_buf    = buf;
-
-	/*
-	 * Solaris returns EINVAL when the buffer is too small.
-	 */
-	if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
-	    ret = errno;
-	    goto error_out;
-	}
-	/*
-	 * Can the difference between a full and a overfull buf
-	 * be determined?
-	 */
-
-	if (ifconf.lifc_len < buf_size)
-	    break;
-	free (buf);
-	buf_size *= 2;
-    }
-
-    for (p = ifconf.lifc_buf;
-	 p < ifconf.lifc_buf + ifconf.lifc_len;
-	 p += sz) {
-	struct lifreq ifreq;
-	struct sockaddr_storage *sa;
-	size_t salen;
-
-	ifr = (struct lifreq *)p;
-	sa  = &ifr->lifr_addr;
-
-	sz = ifreq_sz;
-	salen = sizeof(struct sockaddr_storage);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-	salen = sa->sa_len;
-	sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
-	salen = SA_LEN(sa);
-	sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
-#endif
-	memset (&ifreq, 0, sizeof(ifreq));
-	memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name));
-
-	if (ioctl(fd, siocgifflags, &ifreq) < 0) {
-	    ret = errno;
-	    goto error_out;
-	}
-
-	*end = malloc(sizeof(**end));
-
-	(*end)->ifa_next = NULL;
-	(*end)->ifa_name = strdup(ifr->lifr_name);
-	(*end)->ifa_flags = ifreq.lifr_flags;
-	(*end)->ifa_addr = malloc(salen);
-	memcpy((*end)->ifa_addr, sa, salen);
-	(*end)->ifa_netmask = NULL;
-
-#if 0
-	/* fix these when we actually need them */
-	if(ifreq.ifr_flags & IFF_BROADCAST) {
-	    (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
-	    memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, 
-		   sizeof(ifr->ifr_broadaddr));
-	} else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
-	    (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
-	    memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, 
-		   sizeof(ifr->ifr_dstaddr));
-	} else
-	    (*end)->ifa_dstaddr = NULL;
-#else
-	    (*end)->ifa_dstaddr = NULL;
-#endif
-
-	(*end)->ifa_data = NULL;
-
-	end = &(*end)->ifa_next;
-	
-    }
-    *ifap = start;
-    close(fd);
-    free(buf);
-    return 0;
-  error_out:
-    freeifaddrs(start);
-    close(fd);
-    free(buf);
-    errno = ret;
-    return -1;
-}
-#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */
-
-int
-getifaddrs(struct ifaddrs **ifap) 
-{
-    int ret = -1;
-    errno = ENXIO;
-#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS,
-			   sizeof(struct in6_ifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
-    if (ret)
-	ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS,
-			    sizeof(struct lifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS,
-			   sizeof(struct ifreq));
-#endif
-#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS)
-    if (ret)
-	ret = getifaddrs2 (ifap, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
-			   sizeof(struct ifreq));
-#endif
-    return ret;
-}
-
-void
-freeifaddrs(struct ifaddrs *ifp)
-{
-    struct ifaddrs *p, *q;
-    
-    for(p = ifp; p; ) {
-	free(p->ifa_name);
-	if(p->ifa_addr)
-	    free(p->ifa_addr);
-	if(p->ifa_dstaddr) 
-	    free(p->ifa_dstaddr);
-	if(p->ifa_netmask) 
-	    free(p->ifa_netmask);
-	if(p->ifa_data)
-	    free(p->ifa_data);
-	q = p;
-	p = p->ifa_next;
-	free(q);
-    }
-}
-
-#endif /* !AF_NETLINK */
-
-#ifdef TEST
-
-void
-print_addr(const char *s, struct sockaddr *sa)
-{
-    int i;
-    printf("  %s=%d/", s, sa->sa_family);
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-    for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++)
-	printf("%02x", ((unsigned char*)sa->sa_data)[i]);
-#else
-    for(i = 0; i < sizeof(sa->sa_data); i++) 
-	printf("%02x", ((unsigned char*)sa->sa_data)[i]);
-#endif
-    printf("\n");
-}
-
-void 
-print_ifaddrs(struct ifaddrs *x)
-{
-    struct ifaddrs *p;
-    
-    for(p = x; p; p = p->ifa_next) {
-	printf("%s\n", p->ifa_name);
-	printf("  flags=%x\n", p->ifa_flags);
-	if(p->ifa_addr)
-	    print_addr("addr", p->ifa_addr);
-	if(p->ifa_dstaddr) 
-	    print_addr("dstaddr", p->ifa_dstaddr);
-	if(p->ifa_netmask) 
-	    print_addr("netmask", p->ifa_netmask);
-	printf("  %p\n", p->ifa_data);
-    }
-}
-
-int
-main()
-{
-    struct ifaddrs *a = NULL, *b;
-    getifaddrs2(&a, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, sizeof(struct ifreq));
-    print_ifaddrs(a);
-    printf("---\n");
-    getifaddrs(&b);
-    print_ifaddrs(b);
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getipnodebyaddr.c b/crypto/heimdal/lib/roken/getipnodebyaddr.c
deleted file mode 100644
index f22aad7f73cb..000000000000
--- a/crypto/heimdal/lib/roken/getipnodebyaddr.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getipnodebyaddr.c,v 1.2 1999/12/02 16:58:46 joda Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * lookup `src, len' (address family `af') in DNS and return a pointer
- * to a malloced struct hostent or NULL.
- */
-
-struct hostent *
-getipnodebyaddr (const void *src, size_t len, int af, int *error_num)
-{
-    struct hostent *tmp;
-
-    tmp = gethostbyaddr (src, len, af);
-    if (tmp == NULL) {
-	switch (h_errno) {
-	case HOST_NOT_FOUND :
-	case TRY_AGAIN :
-	case NO_RECOVERY :
-	    *error_num = h_errno;
-	    break;
-	case NO_DATA :
-	    *error_num = NO_ADDRESS;
-	    break;
-	default :
-	    *error_num = NO_RECOVERY;
-	    break;
-	}
-	return NULL;
-    }
-    tmp = copyhostent (tmp);
-    if (tmp == NULL) {
-	*error_num = TRY_AGAIN;
-	return NULL;
-    }
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/getipnodebyname.c b/crypto/heimdal/lib/roken/getipnodebyname.c
deleted file mode 100644
index 576feef0aea6..000000000000
--- a/crypto/heimdal/lib/roken/getipnodebyname.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getipnodebyname.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE_H_ERRNO
-static int h_errno = NO_RECOVERY;
-#endif
-
-/*
- * lookup `name' (address family `af') in DNS and return a pointer
- * to a malloced struct hostent or NULL.
- */
-
-struct hostent *
-getipnodebyname (const char *name, int af, int flags, int *error_num)
-{
-    struct hostent *tmp;
-
-#ifdef HAVE_GETHOSTBYNAME2
-    tmp = gethostbyname2 (name, af);
-#else
-    if (af != AF_INET) {
-	*error_num = NO_ADDRESS;
-	return NULL;
-    }
-    tmp = gethostbyname (name);
-#endif
-    if (tmp == NULL) {
-	switch (h_errno) {
-	case HOST_NOT_FOUND :
-	case TRY_AGAIN :
-	case NO_RECOVERY :
-	    *error_num = h_errno;
-	    break;
-	case NO_DATA :
-	    *error_num = NO_ADDRESS;
-	    break;
-	default :
-	    *error_num = NO_RECOVERY;
-	    break;
-	}
-	return NULL;
-    }
-    tmp = copyhostent (tmp);
-    if (tmp == NULL) {
-	*error_num = TRY_AGAIN;
-	return NULL;
-    }
-    return tmp;
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo.c b/crypto/heimdal/lib/roken/getnameinfo.c
deleted file mode 100644
index 44fcb0463367..000000000000
--- a/crypto/heimdal/lib/roken/getnameinfo.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getnameinfo.c,v 1.4 2001/07/09 15:14:19 assar Exp $");
-#endif
-
-#include "roken.h"
-
-static int
-doit (int af,
-      const void *addr,
-      size_t addrlen,
-      int port,
-      char *host, size_t hostlen,
-      char *serv, size_t servlen,
-      int flags)
-{
-    if (host != NULL) {
-	if (flags & NI_NUMERICHOST) {
-	    if (inet_ntop (af, addr, host, hostlen) == NULL)
-		return EAI_SYSTEM;
-	} else {
-	    struct hostent *he = gethostbyaddr (addr,
-						addrlen,
-						af);
-	    if (he != NULL) {
-		strlcpy (host, hostent_find_fqdn(he), hostlen);
-		if (flags & NI_NOFQDN) {
-		    char *dot = strchr (host, '.');
-		    if (dot != NULL)
-			*dot = '\0';
-		}
-	    } else if (flags & NI_NAMEREQD) {
-		return EAI_NONAME;
-	    } else if (inet_ntop (af, addr, host, hostlen) == NULL)
-		return EAI_SYSTEM;
-	}
-    }
-
-    if (serv != NULL) {
-	if (flags & NI_NUMERICSERV) {
-	    snprintf (serv, servlen, "%u", ntohs(port));
-	} else {
-	    const char *proto = "tcp";
-	    struct servent *se;
-
-	    if (flags & NI_DGRAM)
-		proto = "udp";
-
-	    se = getservbyport (port, proto);
-	    if (se == NULL) {
-		snprintf (serv, servlen, "%u", ntohs(port));
-	    } else {
-		strlcpy (serv, se->s_name, servlen);
-	    }
-	}
-    }
-    return 0;
-}
-
-/*
- *
- */
-
-int
-getnameinfo(const struct sockaddr *sa, socklen_t salen,
-	    char *host, size_t hostlen,
-	    char *serv, size_t servlen,
-	    int flags)
-{
-    switch (sa->sa_family) {
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-
-	return doit (AF_INET6, &sin6->sin6_addr, sizeof(sin6->sin6_addr),
-		     sin6->sin6_port,
-		     host, hostlen,
-		     serv, servlen,
-		     flags);
-    }
-#endif
-    case AF_INET : {
-	const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
-
-	return doit (AF_INET, &sin->sin_addr, sizeof(sin->sin_addr),
-		     sin->sin_port,
-		     host, hostlen,
-		     serv, servlen,
-		     flags);
-    }
-    default :
-	return EAI_FAMILY;
-    }
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c
deleted file mode 100644
index 0145262986cc..000000000000
--- a/crypto/heimdal/lib/roken/getnameinfo_verified.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getnameinfo_verified.c,v 1.6 2002/09/05 01:36:27 assar Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * Try to obtain a verified name for the address in `sa, salen' (much
- * similar to getnameinfo).
- * Verified in this context means that forwards and backwards lookups
- * in DNS are consistent.  If that fails, return an error if the
- * NI_NAMEREQD flag is set or return the numeric address as a string.
- */
-
-int
-getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
-		     char *host, size_t hostlen,
-		     char *serv, size_t servlen,
-		     int flags)
-{
-    int ret;
-    struct addrinfo *ai, *a;
-    char servbuf[NI_MAXSERV];
-    struct addrinfo hints;
-
-    if (host == NULL)
-	return EAI_NONAME;
-
-    if (serv == NULL) {
-	serv = servbuf;
-	servlen = sizeof(servbuf);
-    }
-
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
-		       flags | NI_NUMERICSERV);
-    if (ret)
-	goto fail;
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_socktype = SOCK_STREAM;
-    ret = getaddrinfo (host, serv, &hints, &ai);
-    if (ret)
-	goto fail;
-    for (a = ai; a != NULL; a = a->ai_next) {
-	if (a->ai_addrlen == salen
-	    && memcmp (a->ai_addr, sa, salen) == 0) {
-	    freeaddrinfo (ai);
-	    return 0;
-	}
-    }
-    freeaddrinfo (ai);
- fail:
-    if (flags & NI_NAMEREQD)
-	return EAI_NONAME;
-    ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
-		       flags | NI_NUMERICSERV | NI_NUMERICHOST);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.lo b/crypto/heimdal/lib/roken/getnameinfo_verified.lo
deleted file mode 100644
index 9deac6cbfd7b..000000000000
--- a/crypto/heimdal/lib/roken/getnameinfo_verified.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/getopt.c b/crypto/heimdal/lib/roken/getopt.c
deleted file mode 100644
index 45fc35023453..000000000000
--- a/crypto/heimdal/lib/roken/getopt.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)getopt.c	8.1 (Berkeley) 6/4/93";
-#endif /* LIBC_SCCS and not lint */
-
-#ifndef __STDC__
-#define const
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * get option letter from argument vector
- */
-int	opterr = 1,		/* if error message should be printed */
-	optind = 1,		/* index into parent argv vector */
-	optopt,			/* character checked for validity */
-	optreset;		/* reset getopt */
-char	*optarg;		/* argument associated with option */
-
-#define	BADCH	(int)'?'
-#define	BADARG	(int)':'
-#define	EMSG	""
-
-int
-getopt(nargc, nargv, ostr)
-	int nargc;
-	char * const *nargv;
-	const char *ostr;
-{
-	static char *place = EMSG;		/* option letter processing */
-	char *oli;			/* option letter list index */
-	char *p;
-
-	if (optreset || !*place) {		/* update scanning pointer */
-		optreset = 0;
-		if (optind >= nargc || *(place = nargv[optind]) != '-') {
-			place = EMSG;
-			return(-1);
-		}
-		if (place[1] && *++place == '-') {	/* found "--" */
-			++optind;
-			place = EMSG;
-			return(-1);
-		}
-	}					/* option letter okay? */
-	if ((optopt = (int)*place++) == (int)':' ||
-	    !(oli = strchr(ostr, optopt))) {
-		/*
-		 * if the user didn't specify '-' as an option,
-		 * assume it means -1 (EOF).
-		 */
-		if (optopt == (int)'-')
-			return(-1);
-		if (!*place)
-			++optind;
-		if (opterr && *ostr != ':') {
-			if (!(p = strrchr(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			fprintf(stderr, "%s: illegal option -- %c\n",
-			    p, optopt);
-		}
-		return(BADCH);
-	}
-	if (*++oli != ':') {			/* don't need argument */
-		optarg = NULL;
-		if (!*place)
-			++optind;
-	}
-	else {					/* need an argument */
-		if (*place)			/* no white space */
-			optarg = place;
-		else if (nargc <= ++optind) {	/* no arg */
-			place = EMSG;
-			if (!(p = strrchr(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			if (*ostr == ':')
-				return(BADARG);
-			if (opterr)
-				fprintf(stderr,
-				    "%s: option requires an argument -- %c\n",
-				    p, optopt);
-			return(BADCH);
-		}
-	 	else				/* white space */
-			optarg = nargv[optind];
-		place = EMSG;
-		++optind;
-	}
-	return(optopt);				/* dump back option letter */
-}
diff --git a/crypto/heimdal/lib/roken/getprogname.c b/crypto/heimdal/lib/roken/getprogname.c
deleted file mode 100644
index fcd4a40b5a29..000000000000
--- a/crypto/heimdal/lib/roken/getprogname.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: getprogname.c,v 1.1 2001/07/09 14:56:51 assar Exp $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE___PROGNAME
-const char *__progname;
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char *
-getprogname(void)
-{
-    return __progname;
-}
-#endif /* HAVE_GETPROGNAME */
-
-const char *
-get_progname (void)
-{
-    return getprogname ();
-}
-
diff --git a/crypto/heimdal/lib/roken/getprogname.lo b/crypto/heimdal/lib/roken/getprogname.lo
deleted file mode 100644
index 52a2ade023d5..000000000000
--- a/crypto/heimdal/lib/roken/getprogname.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/gettimeofday.c b/crypto/heimdal/lib/roken/gettimeofday.c
deleted file mode 100644
index ec8b62f64e76..000000000000
--- a/crypto/heimdal/lib/roken/gettimeofday.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#ifndef HAVE_GETTIMEOFDAY
-
-RCSID("$Id: gettimeofday.c,v 1.8 1999/12/02 16:58:46 joda Exp $");
-
-/*
- * Simple gettimeofday that only returns seconds.
- */
-int
-gettimeofday (struct timeval *tp, void *ignore)
-{
-     time_t t;
-
-     t = time(NULL);
-     tp->tv_sec  = t;
-     tp->tv_usec = 0;
-     return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/getuid.c b/crypto/heimdal/lib/roken/getuid.c
deleted file mode 100644
index 6ebce0a810cd..000000000000
--- a/crypto/heimdal/lib/roken/getuid.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_GETUID
-
-RCSID("$Id: getuid.c,v 1.3 1999/12/02 16:58:46 joda Exp $");
-
-int getuid(void)
-{
-    return 17;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/getusershell.c b/crypto/heimdal/lib/roken/getusershell.c
deleted file mode 100644
index eb990f3be243..000000000000
--- a/crypto/heimdal/lib/roken/getusershell.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright (c) 1985, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-RCSID("$Id: getusershell.c,v 1.10 2000/05/22 09:11:59 joda Exp $");
-
-#ifndef HAVE_GETUSERSHELL
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-#ifdef HAVE_USERSEC_H
-struct aud_rec;
-#include <usersec.h>
-#endif
-#ifdef HAVE_USERCONF_H
-#include <userconf.h>
-#endif
-
-#ifndef _PATH_SHELLS
-#define _PATH_SHELLS "/etc/shells"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef _PATH_CSHELL
-#define _PATH_CSHELL "/bin/csh"
-#endif
-
-/*
- * Local shells should NOT be added here.  They should be added in
- * /etc/shells.
- */
-
-static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL };
-static char **curshell, **shells, *strings;
-static char **initshells (void);
-
-/*
- * Get a list of shells from _PATH_SHELLS, if it exists.
- */
-char *
-getusershell()
-{
-    char *ret;
-
-    if (curshell == NULL)
-	curshell = initshells();
-    ret = *curshell;
-    if (ret != NULL)
-	curshell++;
-    return (ret);
-}
-
-void
-endusershell()
-{
-    if (shells != NULL)
-	free(shells);
-    shells = NULL;
-    if (strings != NULL)
-	free(strings);
-    strings = NULL;
-    curshell = NULL;
-}
-
-void
-setusershell()
-{
-    curshell = initshells();
-}
-
-static char **
-initshells()
-{
-    char **sp, *cp;
-#ifdef HAVE_GETCONFATTR
-    char *tmp;
-    int nsh;
-#else
-    FILE *fp;
-#endif
-    struct stat statb;
-
-    free(shells);
-    shells = NULL;
-    free(strings);
-    strings = NULL;
-#ifdef HAVE_GETCONFATTR
-    if(getconfattr(SC_SYS_LOGIN, SC_SHELLS, &tmp, SEC_LIST) != 0)
-	return okshells;
-
-    for(cp = tmp, nsh = 0; *cp; cp += strlen(cp) + 1, nsh++);
-
-    shells = calloc(nsh + 1, sizeof(*shells));
-    if(shells == NULL)
-	return okshells;
-
-    strings = malloc(cp - tmp);
-    if(strings == NULL) {
-	free(shells);
-	shells = NULL;
-	return okshells;
-    }
-    memcpy(strings, tmp, cp - tmp);
-    for(sp = shells, cp = strings; *cp; cp += strlen(cp) + 1, sp++)
-	*sp = cp;
-#else
-    if ((fp = fopen(_PATH_SHELLS, "r")) == NULL)
-	return (okshells);
-    if (fstat(fileno(fp), &statb) == -1) {
-	fclose(fp);
-	return (okshells);
-    }
-    if ((strings = malloc((u_int)statb.st_size)) == NULL) {
-	fclose(fp);
-	return (okshells);
-    }
-    shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
-    if (shells == NULL) {
-	fclose(fp);
-	free(strings);
-	strings = NULL;
-	return (okshells);
-    }
-    sp = shells;
-    cp = strings;
-    while (fgets(cp, MaxPathLen + 1, fp) != NULL) {
-	while (*cp != '#' && *cp != '/' && *cp != '\0')
-	    cp++;
-	if (*cp == '#' || *cp == '\0')
-	    continue;
-	*sp++ = cp;
-	while (!isspace(*cp) && *cp != '#' && *cp != '\0')
-	    cp++;
-	*cp++ = '\0';
-    }
-    fclose(fp);
-#endif
-    *sp = NULL;
-    return (shells);
-}
-#endif /* HAVE_GETUSERSHELL */
diff --git a/crypto/heimdal/lib/roken/glob.c b/crypto/heimdal/lib/roken/glob.c
deleted file mode 100644
index 295aa2de8e10..000000000000
--- a/crypto/heimdal/lib/roken/glob.c
+++ /dev/null
@@ -1,854 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * glob(3) -- a superset of the one defined in POSIX 1003.2.
- *
- * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
- *
- * Optional extra services, controlled by flags not defined by POSIX:
- *
- * GLOB_QUOTE:
- *	Escaping convention: \ inhibits any special meaning the following
- *	character might have (except \ at end of string is retained).
- * GLOB_MAGCHAR:
- *	Set in gl_flags if pattern contained a globbing character.
- * GLOB_NOMAGIC:
- *	Same as GLOB_NOCHECK, but it will only append pattern if it did
- *	not contain any magic characters.  [Used in csh style globbing]
- * GLOB_ALTDIRFUNC:
- *	Use alternately specified directory access functions.
- * GLOB_TILDE:
- *	expand ~user/foo to the /home/dir/of/user/foo
- * GLOB_BRACE:
- *	expand {1,2}{a,b} to 1a 1b 2a 2b 
- * gl_matchc:
- *	Number of matches in the current invocation of glob.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-
-#include <ctype.h>
-#ifdef HAVE_DIRENT_H
-#include <dirent.h>
-#endif
-#include <errno.h>
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#include "glob.h"
-#include "roken.h"
-
-#ifndef ARG_MAX
-#define ARG_MAX _POSIX_ARG_MAX
-#endif
-
-#define	CHAR_DOLLAR		'$'
-#define	CHAR_DOT		'.'
-#define	CHAR_EOS		'\0'
-#define	CHAR_LBRACKET		'['
-#define	CHAR_NOT		'!'
-#define	CHAR_QUESTION		'?'
-#define	CHAR_QUOTE		'\\'
-#define	CHAR_RANGE		'-'
-#define	CHAR_RBRACKET		']'
-#define	CHAR_SEP		'/'
-#define	CHAR_STAR		'*'
-#define	CHAR_TILDE		'~'
-#define	CHAR_UNDERSCORE		'_'
-#define	CHAR_LBRACE		'{'
-#define	CHAR_RBRACE		'}'
-#define	CHAR_SLASH		'/'
-#define	CHAR_COMMA		','
-
-#ifndef DEBUG
-
-#define	M_QUOTE		0x8000
-#define	M_PROTECT	0x4000
-#define	M_MASK		0xffff
-#define	M_ASCII		0x00ff
-
-typedef u_short Char;
-
-#else
-
-#define	M_QUOTE		0x80
-#define	M_PROTECT	0x40
-#define	M_MASK		0xff
-#define	M_ASCII		0x7f
-
-typedef char Char;
-
-#endif
-
-
-#define	CHAR(c)		((Char)((c)&M_ASCII))
-#define	META(c)		((Char)((c)|M_QUOTE))
-#define	M_ALL		META('*')
-#define	M_END		META(']')
-#define	M_NOT		META('!')
-#define	M_ONE		META('?')
-#define	M_RNG		META('-')
-#define	M_SET		META('[')
-#define	ismeta(c)	(((c)&M_QUOTE) != 0)
-
-
-static int	 compare (const void *, const void *);
-static void	 g_Ctoc (const Char *, char *);
-static int	 g_lstat (Char *, struct stat *, glob_t *);
-static DIR	*g_opendir (Char *, glob_t *);
-static Char	*g_strchr (const Char *, int);
-#ifdef notdef
-static Char	*g_strcat (Char *, const Char *);
-#endif
-static int	 g_stat (Char *, struct stat *, glob_t *);
-static int	 glob0 (const Char *, glob_t *);
-static int	 glob1 (Char *, glob_t *, size_t *);
-static int	 glob2 (Char *, Char *, Char *, glob_t *, size_t *);
-static int	 glob3 (Char *, Char *, Char *, Char *, glob_t *, size_t *);
-static int	 globextend (const Char *, glob_t *, size_t *);
-static const Char *	 globtilde (const Char *, Char *, glob_t *);
-static int	 globexp1 (const Char *, glob_t *);
-static int	 globexp2 (const Char *, const Char *, glob_t *, int *);
-static int	 match (Char *, Char *, Char *);
-#ifdef DEBUG
-static void	 qprintf (const char *, Char *);
-#endif
-
-int
-glob(const char *pattern, 
-     int flags, 
-     int (*errfunc)(const char *, int), 
-     glob_t *pglob)
-{
-	const u_char *patnext;
-	int c;
-	Char *bufnext, *bufend, patbuf[MaxPathLen+1];
-
-	patnext = (const u_char *) pattern;
-	if (!(flags & GLOB_APPEND)) {
-		pglob->gl_pathc = 0;
-		pglob->gl_pathv = NULL;
-		if (!(flags & GLOB_DOOFFS))
-			pglob->gl_offs = 0;
-	}
-	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
-	pglob->gl_errfunc = errfunc;
-	pglob->gl_matchc = 0;
-
-	bufnext = patbuf;
-	bufend = bufnext + MaxPathLen;
-	if (flags & GLOB_QUOTE) {
-		/* Protect the quoted characters. */
-		while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
-			if (c == CHAR_QUOTE) {
-				if ((c = *patnext++) == CHAR_EOS) {
-					c = CHAR_QUOTE;
-					--patnext;
-				}
-				*bufnext++ = c | M_PROTECT;
-			}
-			else
-				*bufnext++ = c;
-	}
-	else 
-	    while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) 
-		    *bufnext++ = c;
-	*bufnext = CHAR_EOS;
-
-	if (flags & GLOB_BRACE)
-	    return globexp1(patbuf, pglob);
-	else
-	    return glob0(patbuf, pglob);
-}
-
-/*
- * Expand recursively a glob {} pattern. When there is no more expansion
- * invoke the standard globbing routine to glob the rest of the magic
- * characters
- */
-static int globexp1(const Char *pattern, glob_t *pglob)
-{
-	const Char* ptr = pattern;
-	int rv;
-
-	/* Protect a single {}, for find(1), like csh */
-	if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
-		return glob0(pattern, pglob);
-
-	while ((ptr = (const Char *) g_strchr(ptr, CHAR_LBRACE)) != NULL)
-		if (!globexp2(ptr, pattern, pglob, &rv))
-			return rv;
-
-	return glob0(pattern, pglob);
-}
-
-
-/*
- * Recursive brace globbing helper. Tries to expand a single brace.
- * If it succeeds then it invokes globexp1 with the new pattern.
- * If it fails then it tries to glob the rest of the pattern and returns.
- */
-static int globexp2(const Char *ptr, const Char *pattern, 
-		    glob_t *pglob, int *rv)
-{
-	int     i;
-	Char   *lm, *ls;
-	const Char *pe, *pm, *pl;
-	Char    patbuf[MaxPathLen + 1];
-
-	/* copy part up to the brace */
-	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
-		continue;
-	ls = lm;
-
-	/* Find the balanced brace */
-	for (i = 0, pe = ++ptr; *pe; pe++)
-		if (*pe == CHAR_LBRACKET) {
-			/* Ignore everything between [] */
-			for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
-				continue;
-			if (*pe == CHAR_EOS) {
-				/* 
-				 * We could not find a matching CHAR_RBRACKET.
-				 * Ignore and just look for CHAR_RBRACE
-				 */
-				pe = pm;
-			}
-		}
-		else if (*pe == CHAR_LBRACE)
-			i++;
-		else if (*pe == CHAR_RBRACE) {
-			if (i == 0)
-				break;
-			i--;
-		}
-
-	/* Non matching braces; just glob the pattern */
-	if (i != 0 || *pe == CHAR_EOS) {
-		*rv = glob0(patbuf, pglob);
-		return 0;
-	}
-
-	for (i = 0, pl = pm = ptr; pm <= pe; pm++)
-		switch (*pm) {
-		case CHAR_LBRACKET:
-			/* Ignore everything between [] */
-			for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
-				continue;
-			if (*pm == CHAR_EOS) {
-				/* 
-				 * We could not find a matching CHAR_RBRACKET.
-				 * Ignore and just look for CHAR_RBRACE
-				 */
-				pm = pl;
-			}
-			break;
-
-		case CHAR_LBRACE:
-			i++;
-			break;
-
-		case CHAR_RBRACE:
-			if (i) {
-			    i--;
-			    break;
-			}
-			/* FALLTHROUGH */
-		case CHAR_COMMA:
-			if (i && *pm == CHAR_COMMA)
-				break;
-			else {
-				/* Append the current string */
-				for (lm = ls; (pl < pm); *lm++ = *pl++)
-					continue;
-				/* 
-				 * Append the rest of the pattern after the
-				 * closing brace
-				 */
-				for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
-					continue;
-
-				/* Expand the current pattern */
-#ifdef DEBUG
-				qprintf("globexp2:", patbuf);
-#endif
-				*rv = globexp1(patbuf, pglob);
-
-				/* move after the comma, to the next string */
-				pl = pm + 1;
-			}
-			break;
-
-		default:
-			break;
-		}
-	*rv = 0;
-	return 0;
-}
-
-
-
-/*
- * expand tilde from the passwd file.
- */
-static const Char *
-globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
-{
-	struct passwd *pwd;
-	char *h;
-	const Char *p;
-	Char *b;
-
-	if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
-		return pattern;
-
-	/* Copy up to the end of the string or / */
-	for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; 
-	     *h++ = *p++)
-		continue;
-
-	*h = CHAR_EOS;
-
-	if (((char *) patbuf)[0] == CHAR_EOS) {
-		/* 
-		 * handle a plain ~ or ~/ by expanding $HOME 
-		 * first and then trying the password file
-		 */
-		if ((h = getenv("HOME")) == NULL) {
-			if ((pwd = k_getpwuid(getuid())) == NULL)
-				return pattern;
-			else
-				h = pwd->pw_dir;
-		}
-	}
-	else {
-		/*
-		 * Expand a ~user
-		 */
-		if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
-			return pattern;
-		else
-			h = pwd->pw_dir;
-	}
-
-	/* Copy the home directory */
-	for (b = patbuf; *h; *b++ = *h++)
-		continue;
-	
-	/* Append the rest of the pattern */
-	while ((*b++ = *p++) != CHAR_EOS)
-		continue;
-
-	return patbuf;
-}
-	
-
-/*
- * The main glob() routine: compiles the pattern (optionally processing
- * quotes), calls glob1() to do the real pattern matching, and finally
- * sorts the list (unless unsorted operation is requested).  Returns 0
- * if things went well, nonzero if errors occurred.  It is not an error
- * to find no matches.
- */
-static int
-glob0(const Char *pattern, glob_t *pglob)
-{
-	const Char *qpatnext;
-	int c, err, oldpathc;
-	Char *bufnext, patbuf[MaxPathLen+1];
-	size_t limit = 0;
-
-	qpatnext = globtilde(pattern, patbuf, pglob);
-	oldpathc = pglob->gl_pathc;
-	bufnext = patbuf;
-
-	/* We don't need to check for buffer overflow any more. */
-	while ((c = *qpatnext++) != CHAR_EOS) {
-		switch (c) {
-		case CHAR_LBRACKET:
-			c = *qpatnext;
-			if (c == CHAR_NOT)
-				++qpatnext;
-			if (*qpatnext == CHAR_EOS ||
-			    g_strchr(qpatnext+1, CHAR_RBRACKET) == NULL) {
-				*bufnext++ = CHAR_LBRACKET;
-				if (c == CHAR_NOT)
-					--qpatnext;
-				break;
-			}
-			*bufnext++ = M_SET;
-			if (c == CHAR_NOT)
-				*bufnext++ = M_NOT;
-			c = *qpatnext++;
-			do {
-				*bufnext++ = CHAR(c);
-				if (*qpatnext == CHAR_RANGE &&
-				    (c = qpatnext[1]) != CHAR_RBRACKET) {
-					*bufnext++ = M_RNG;
-					*bufnext++ = CHAR(c);
-					qpatnext += 2;
-				}
-			} while ((c = *qpatnext++) != CHAR_RBRACKET);
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			*bufnext++ = M_END;
-			break;
-		case CHAR_QUESTION:
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			*bufnext++ = M_ONE;
-			break;
-		case CHAR_STAR:
-			pglob->gl_flags |= GLOB_MAGCHAR;
-			/* collapse adjacent stars to one, 
-			 * to avoid exponential behavior
-			 */
-			if (bufnext == patbuf || bufnext[-1] != M_ALL)
-			    *bufnext++ = M_ALL;
-			break;
-		default:
-			*bufnext++ = CHAR(c);
-			break;
-		}
-	}
-	*bufnext = CHAR_EOS;
-#ifdef DEBUG
-	qprintf("glob0:", patbuf);
-#endif
-
-	if ((err = glob1(patbuf, pglob, &limit)) != 0)
-		return(err);
-
-	/*
-	 * If there was no match we are going to append the pattern 
-	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
-	 * and the pattern did not contain any magic characters
-	 * GLOB_NOMAGIC is there just for compatibility with csh.
-	 */
-	if (pglob->gl_pathc == oldpathc && 
-	    ((pglob->gl_flags & GLOB_NOCHECK) || 
-	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
-	       !(pglob->gl_flags & GLOB_MAGCHAR))))
-		return(globextend(pattern, pglob, &limit));
-	else if (!(pglob->gl_flags & GLOB_NOSORT)) 
-		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
-		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
-	return(0);
-}
-
-static int
-compare(const void *p, const void *q)
-{
-	return(strcmp(*(char **)p, *(char **)q));
-}
-
-static int
-glob1(Char *pattern, glob_t *pglob, size_t *limit)
-{
-	Char pathbuf[MaxPathLen+1];
-
-	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
-	if (*pattern == CHAR_EOS)
-		return(0);
-	return(glob2(pathbuf, pathbuf, pattern, pglob, limit));
-}
-
-/*
- * The functions glob2 and glob3 are mutually recursive; there is one level
- * of recursion for each segment in the pattern that contains one or more
- * meta characters.
- */
-
-#ifndef S_ISLNK
-#if defined(S_IFLNK) && defined(S_IFMT)
-#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
-#else
-#define S_ISLNK(mode) 0
-#endif
-#endif
-
-static int
-glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob,
-      size_t *limit)
-{
-	struct stat sb;
-	Char *p, *q;
-	int anymeta;
-
-	/*
-	 * Loop over pattern segments until end of pattern or until
-	 * segment with meta character found.
-	 */
-	for (anymeta = 0;;) {
-		if (*pattern == CHAR_EOS) {		/* End of pattern? */
-			*pathend = CHAR_EOS;
-			if (g_lstat(pathbuf, &sb, pglob))
-				return(0);
-		
-			if (((pglob->gl_flags & GLOB_MARK) &&
-			    pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
-			    || (S_ISLNK(sb.st_mode) &&
-			    (g_stat(pathbuf, &sb, pglob) == 0) &&
-			    S_ISDIR(sb.st_mode)))) {
-				*pathend++ = CHAR_SEP;
-				*pathend = CHAR_EOS;
-			}
-			++pglob->gl_matchc;
-			return(globextend(pathbuf, pglob, limit));
-		}
-
-		/* Find end of next segment, copy tentatively to pathend. */
-		q = pathend;
-		p = pattern;
-		while (*p != CHAR_EOS && *p != CHAR_SEP) {
-			if (ismeta(*p))
-				anymeta = 1;
-			*q++ = *p++;
-		}
-
-		if (!anymeta) {		/* No expansion, do next segment. */
-			pathend = q;
-			pattern = p;
-			while (*pattern == CHAR_SEP)
-				*pathend++ = *pattern++;
-		} else			/* Need expansion, recurse. */
-			return(glob3(pathbuf, pathend, pattern, p, pglob,
-			    limit));
-	}
-	/* NOTREACHED */
-}
-
-static int
-glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, 
-      glob_t *pglob, size_t *limit)
-{
-	struct dirent *dp;
-	DIR *dirp;
-	int err;
-	char buf[MaxPathLen];
-
-	/*
-	 * The readdirfunc declaration can't be prototyped, because it is
-	 * assigned, below, to two functions which are prototyped in glob.h
-	 * and dirent.h as taking pointers to differently typed opaque
-	 * structures.
-	 */
-	struct dirent *(*readdirfunc)(void *);
-
-	*pathend = CHAR_EOS;
-	errno = 0;
-	    
-	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
-		/* TODO: don't call for ENOENT or ENOTDIR? */
-		if (pglob->gl_errfunc) {
-			g_Ctoc(pathbuf, buf);
-			if (pglob->gl_errfunc(buf, errno) ||
-			    pglob->gl_flags & GLOB_ERR)
-				return (GLOB_ABEND);
-		}
-		return(0);
-	}
-
-	err = 0;
-
-	/* Search directory for matching names. */
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		readdirfunc = pglob->gl_readdir;
-	else
-		readdirfunc = (struct dirent *(*)(void *))readdir;
-	while ((dp = (*readdirfunc)(dirp))) {
-		u_char *sc;
-		Char *dc;
-
-		/* Initial CHAR_DOT must be matched literally. */
-		if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
-			continue;
-		for (sc = (u_char *) dp->d_name, dc = pathend; 
-		     (*dc++ = *sc++) != CHAR_EOS;)
-			continue;
-		if (!match(pathend, pattern, restpattern)) {
-			*pathend = CHAR_EOS;
-			continue;
-		}
-		err = glob2(pathbuf, --dc, restpattern, pglob, limit);
-		if (err)
-			break;
-	}
-
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		(*pglob->gl_closedir)(dirp);
-	else
-		closedir(dirp);
-	return(err);
-}
-
-
-/*
- * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
- * add the new item, and update gl_pathc.
- *
- * This assumes the BSD realloc, which only copies the block when its size
- * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
- * behavior.
- *
- * Return 0 if new item added, error code if memory couldn't be allocated.
- *
- * Invariant of the glob_t structure:
- *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
- *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
- */
-static int
-globextend(const Char *path, glob_t *pglob, size_t *limit)
-{
-	char **pathv;
-	int i;
-	size_t newsize, len;
-	char *copy;
-	const Char *p;
-
-	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
-	pathv = pglob->gl_pathv ? 
-		    realloc(pglob->gl_pathv, newsize) :
-		    malloc(newsize);
-	if (pathv == NULL)
-		return(GLOB_NOSPACE);
-
-	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
-		/* first time around -- clear initial gl_offs items */
-		pathv += pglob->gl_offs;
-		for (i = pglob->gl_offs; --i >= 0; )
-			*--pathv = NULL;
-	}
-	pglob->gl_pathv = pathv;
-
-	for (p = path; *p++;)
-		continue;
-	len = (size_t)(p - path);
-	*limit += len;
-	if ((copy = malloc(len)) != NULL) {
-		g_Ctoc(path, copy);
-		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
-	}
-	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
-
-	if ((pglob->gl_flags & GLOB_LIMIT) && (newsize + *limit) >= ARG_MAX) {
-		errno = 0;
-		return(GLOB_NOSPACE);
-	}
-
-	return(copy == NULL ? GLOB_NOSPACE : 0);
-}
-
-
-/*
- * pattern matching function for filenames.  Each occurrence of the *
- * pattern causes a recursion level.
- */
-static int
-match(Char *name, Char *pat, Char *patend)
-{
-	int ok, negate_range;
-	Char c, k;
-
-	while (pat < patend) {
-		c = *pat++;
-		switch (c & M_MASK) {
-		case M_ALL:
-			if (pat == patend)
-				return(1);
-			do 
-			    if (match(name, pat, patend))
-				    return(1);
-			while (*name++ != CHAR_EOS);
-			return(0);
-		case M_ONE:
-			if (*name++ == CHAR_EOS)
-				return(0);
-			break;
-		case M_SET:
-			ok = 0;
-			if ((k = *name++) == CHAR_EOS)
-				return(0);
-			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
-				++pat;
-			while (((c = *pat++) & M_MASK) != M_END)
-				if ((*pat & M_MASK) == M_RNG) {
-					if (c <= k && k <= pat[1])
-						ok = 1;
-					pat += 2;
-				} else if (c == k)
-					ok = 1;
-			if (ok == negate_range)
-				return(0);
-			break;
-		default:
-			if (*name++ != c)
-				return(0);
-			break;
-		}
-	}
-	return(*name == CHAR_EOS);
-}
-
-/* Free allocated data belonging to a glob_t structure. */
-void
-globfree(glob_t *pglob)
-{
-	int i;
-	char **pp;
-
-	if (pglob->gl_pathv != NULL) {
-		pp = pglob->gl_pathv + pglob->gl_offs;
-		for (i = pglob->gl_pathc; i--; ++pp)
-			if (*pp)
-				free(*pp);
-		free(pglob->gl_pathv);
-		pglob->gl_pathv = NULL;
-	}
-}
-
-static DIR *
-g_opendir(Char *str, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	if (!*str)
-		strlcpy(buf, ".", sizeof(buf));
-	else
-		g_Ctoc(str, buf);
-
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_opendir)(buf));
-
-	return(opendir(buf));
-}
-
-static int
-g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	g_Ctoc(fn, buf);
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_lstat)(buf, sb));
-	return(lstat(buf, sb));
-}
-
-static int
-g_stat(Char *fn, struct stat *sb, glob_t *pglob)
-{
-	char buf[MaxPathLen];
-
-	g_Ctoc(fn, buf);
-	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
-		return((*pglob->gl_stat)(buf, sb));
-	return(stat(buf, sb));
-}
-
-static Char *
-g_strchr(const Char *str, int ch)
-{
-	do {
-		if (*str == ch)
-			return (Char *)str;
-	} while (*str++);
-	return (NULL);
-}
-
-#ifdef notdef
-static Char *
-g_strcat(Char *dst, const Char *src)
-{
-	Char *sdst = dst;
-
-	while (*dst++)
-		continue;
-	--dst;
-	while((*dst++ = *src++) != CHAR_EOS)
-	    continue;
-
-	return (sdst);
-}
-#endif
-
-static void
-g_Ctoc(const Char *str, char *buf)
-{
-	char *dc;
-
-	for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
-		continue;
-}
-
-#ifdef DEBUG
-static void 
-qprintf(const Char *str, Char *s)
-{
-	Char *p;
-
-	printf("%s:\n", str);
-	for (p = s; *p; p++)
-		printf("%c", CHAR(*p));
-	printf("\n");
-	for (p = s; *p; p++)
-		printf("%c", *p & M_PROTECT ? '"' : ' ');
-	printf("\n");
-	for (p = s; *p; p++)
-		printf("%c", ismeta(*p) ? '_' : ' ');
-	printf("\n");
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/glob.h b/crypto/heimdal/lib/roken/glob.h
deleted file mode 100644
index bece48a89cd7..000000000000
--- a/crypto/heimdal/lib/roken/glob.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)glob.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _GLOB_H_
-#define	_GLOB_H_
-
-struct stat;
-typedef struct {
-	int gl_pathc;		/* Count of total paths so far. */
-	int gl_matchc;		/* Count of paths matching pattern. */
-	int gl_offs;		/* Reserved at beginning of gl_pathv. */
-	int gl_flags;		/* Copy of flags parameter to glob. */
-	char **gl_pathv;	/* List of paths matching pattern. */
-				/* Copy of errfunc parameter to glob. */
-	int (*gl_errfunc) (const char *, int);
-
-	/*
-	 * Alternate filesystem access methods for glob; replacement
-	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
-	 * and lstat(2).
-	 */
-	void (*gl_closedir) (void *);
-	struct dirent *(*gl_readdir) (void *);	
-	void *(*gl_opendir) (const char *);
-	int (*gl_lstat) (const char *, struct stat *);
-	int (*gl_stat) (const char *, struct stat *);
-} glob_t;
-
-#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
-#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
-#define	GLOB_ERR	0x0004	/* Return on error. */
-#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
-#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
-#define	GLOB_NOSORT	0x0020	/* Don't sort. */
-
-#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
-#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
-#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
-#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
-#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
-#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
-
-#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
-#define	GLOB_ABEND	(-2)	/* Unignored error. */
-
-int	glob (const char *, int, int (*)(const char *, int), glob_t *);
-void	globfree (glob_t *);
-
-#endif /* !_GLOB_H_ */
diff --git a/crypto/heimdal/lib/roken/glob.hin b/crypto/heimdal/lib/roken/glob.hin
deleted file mode 100644
index 98d8796a0b4f..000000000000
--- a/crypto/heimdal/lib/roken/glob.hin
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)glob.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _GLOB_H_
-#define	_GLOB_H_
-
-struct stat;
-typedef struct {
-	int gl_pathc;		/* Count of total paths so far. */
-	int gl_matchc;		/* Count of paths matching pattern. */
-	int gl_offs;		/* Reserved at beginning of gl_pathv. */
-	int gl_flags;		/* Copy of flags parameter to glob. */
-	char **gl_pathv;	/* List of paths matching pattern. */
-				/* Copy of errfunc parameter to glob. */
-	int (*gl_errfunc) (const char *, int);
-
-	/*
-	 * Alternate filesystem access methods for glob; replacement
-	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
-	 * and lstat(2).
-	 */
-	void (*gl_closedir) (void *);
-	struct dirent *(*gl_readdir) (void *);	
-	void *(*gl_opendir) (const char *);
-	int (*gl_lstat) (const char *, struct stat *);
-	int (*gl_stat) (const char *, struct stat *);
-} glob_t;
-
-#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
-#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
-#define	GLOB_ERR	0x0004	/* Return on error. */
-#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
-#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
-#define	GLOB_NOSORT	0x0020	/* Don't sort. */
-
-#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
-#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
-#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
-#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
-#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
-#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
-#define GLOB_LIMIT	0x1000	/* Limit memory used by matches to ARG_MAX */
-
-#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
-#define	GLOB_ABEND	(-2)	/* Unignored error. */
-
-int	glob (const char *, int, int (*)(const char *, int), glob_t *);
-void	globfree (glob_t *);
-
-#endif /* !_GLOB_H_ */
diff --git a/crypto/heimdal/lib/roken/h_errno.c b/crypto/heimdal/lib/roken/h_errno.c
deleted file mode 100644
index c2d4452c3280..000000000000
--- a/crypto/heimdal/lib/roken/h_errno.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: h_errno.c,v 1.1 2001/08/08 03:47:23 assar Exp $");
-#endif
-
-#ifndef HAVE_H_ERRNO
-int h_errno = -17; /* Some magic number */
-#endif
diff --git a/crypto/heimdal/lib/roken/h_errno.lo b/crypto/heimdal/lib/roken/h_errno.lo
deleted file mode 100644
index a5f25f7bcc14..000000000000
--- a/crypto/heimdal/lib/roken/h_errno.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/hostent_find_fqdn.c b/crypto/heimdal/lib/roken/hostent_find_fqdn.c
deleted file mode 100644
index 8e955a4c36f5..000000000000
--- a/crypto/heimdal/lib/roken/hostent_find_fqdn.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hostent_find_fqdn.c,v 1.2 2001/07/10 11:58:23 assar Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * Try to find a fqdn (with `.') in he if possible, else return h_name
- */
-
-const char *
-hostent_find_fqdn (const struct hostent *he)
-{
-    const char *ret = he->h_name;
-    const char **h;
-
-    if (strchr (ret, '.') == NULL)
-	for (h = (const char **)he->h_aliases; *h != NULL; ++h) {
-	    if (strchr (*h, '.') != NULL) {
-		ret = *h;
-		break;
-	    }
-	}
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/hostent_find_fqdn.lo b/crypto/heimdal/lib/roken/hostent_find_fqdn.lo
deleted file mode 100644
index 0ee94eae796d..000000000000
--- a/crypto/heimdal/lib/roken/hostent_find_fqdn.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/hstrerror.c b/crypto/heimdal/lib/roken/hstrerror.c
deleted file mode 100644
index 61897cc84e9d..000000000000
--- a/crypto/heimdal/lib/roken/hstrerror.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: hstrerror.c,v 1.24 2001/08/08 03:47:23 assar Exp $");
-#endif
-
-#ifndef HAVE_HSTRERROR
-
-#if (defined(SunOS) && (SunOS >= 50))
-#define hstrerror broken_proto
-#endif
-#include "roken.h"
-#if (defined(SunOS) && (SunOS >= 50))
-#undef hstrerror
-#endif
-
-#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR))
-static const char *const h_errlist[] = {
-    "Resolver Error 0 (no error)",
-    "Unknown host",		/* 1 HOST_NOT_FOUND */
-    "Host name lookup failure",	/* 2 TRY_AGAIN */
-    "Unknown server error",	/* 3 NO_RECOVERY */
-    "No address associated with name", /* 4 NO_ADDRESS */
-};
-
-static
-const
-int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
-#else
-
-#ifndef HAVE_H_ERRLIST_DECLARATION
-extern const char *h_errlist[];
-extern int h_nerr;
-#endif
-
-#endif
-
-const char *
-hstrerror(int herr)
-{
-    if (0 <= herr && herr < h_nerr)
-	return h_errlist[herr];
-    else if(herr == -17)
-	return "unknown error";
-    else
-	return "Error number out of range (hstrerror)";
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/ifaddrs.hin b/crypto/heimdal/lib/roken/ifaddrs.hin
deleted file mode 100644
index d2b9be8ccc6d..000000000000
--- a/crypto/heimdal/lib/roken/ifaddrs.hin
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ifaddrs.hin,v 1.3 2000/12/11 00:01:13 assar Exp $ */
-
-#ifndef __ifaddrs_h__
-#define __ifaddrs_h__
-
-/*
- * the interface is defined in terms of the fields below, and this is
- * sometimes #define'd, so there seems to be no simple way of solving
- * this and this seemed the best. */
-
-#undef ifa_dstaddr
-
-struct ifaddrs {
-    struct ifaddrs *ifa_next;
-    char *ifa_name;
-    unsigned int ifa_flags;
-    struct sockaddr *ifa_addr;
-    struct sockaddr *ifa_netmask;
-    struct sockaddr *ifa_dstaddr;
-    void *ifa_data;
-};
-
-#ifndef ifa_broadaddr
-#define ifa_broadaddr ifa_dstaddr
-#endif
-
-int getifaddrs(struct ifaddrs**);
-
-void freeifaddrs(struct ifaddrs*);
-
-#endif /* __ifaddrs_h__ */
diff --git a/crypto/heimdal/lib/roken/inet_aton.c b/crypto/heimdal/lib/roken/inet_aton.c
deleted file mode 100644
index cdc6bdd4ed8e..000000000000
--- a/crypto/heimdal/lib/roken/inet_aton.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_aton.c,v 1.13 1999/12/05 13:26:20 assar Exp $");
-#endif
-
-#include "roken.h"
-
-/* Minimal implementation of inet_aton.
- * Cannot distinguish between failure and a local broadcast address. */
-
-int
-inet_aton(const char *cp, struct in_addr *addr)
-{
-  addr->s_addr = inet_addr(cp);
-  return (addr->s_addr == INADDR_NONE) ? 0 : 1;
-}
diff --git a/crypto/heimdal/lib/roken/inet_ntop.c b/crypto/heimdal/lib/roken/inet_ntop.c
deleted file mode 100644
index 63c99a5969c1..000000000000
--- a/crypto/heimdal/lib/roken/inet_ntop.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_ntop.c,v 1.5 2001/04/04 23:58:01 assar Exp $");
-#endif
-
-#include <roken.h>
-
-/*
- *
- */
-
-static const char *
-inet_ntop_v4 (const void *src, char *dst, size_t size)
-{
-    const char digits[] = "0123456789";
-    int i;
-    struct in_addr *addr = (struct in_addr *)src;
-    u_long a = ntohl(addr->s_addr);
-    const char *orig_dst = dst;
-
-    if (size < INET_ADDRSTRLEN) {
-	errno = ENOSPC;
-	return NULL;
-    }
-    for (i = 0; i < 4; ++i) {
-	int n = (a >> (24 - i * 8)) & 0xFF;
-	int non_zerop = 0;
-
-	if (non_zerop || n / 100 > 0) {
-	    *dst++ = digits[n / 100];
-	    n %= 100;
-	    non_zerop = 1;
-	}
-	if (non_zerop || n / 10 > 0) {
-	    *dst++ = digits[n / 10];
-	    n %= 10;
-	    non_zerop = 1;
-	}
-	*dst++ = digits[n];
-	if (i != 3)
-	    *dst++ = '.';
-    }
-    *dst++ = '\0';
-    return orig_dst;
-}
-
-#ifdef HAVE_IPV6
-static const char *
-inet_ntop_v6 (const void *src, char *dst, size_t size)
-{
-    const char xdigits[] = "0123456789abcdef";
-    int i;
-    const struct in6_addr *addr = (struct in6_addr *)src;
-    const u_char *ptr = addr->s6_addr;
-    const char *orig_dst = dst;
-
-    if (size < INET6_ADDRSTRLEN) {
-	errno = ENOSPC;
-	return NULL;
-    }
-    for (i = 0; i < 8; ++i) {
-	int non_zerop = 0;
-
-	if (non_zerop || (ptr[0] >> 4)) {
-	    *dst++ = xdigits[ptr[0] >> 4];
-	    non_zerop = 1;
-	}
-	if (non_zerop || (ptr[0] & 0x0F)) {
-	    *dst++ = xdigits[ptr[0] & 0x0F];
-	    non_zerop = 1;
-	}
-	if (non_zerop || (ptr[1] >> 4)) {
-	    *dst++ = xdigits[ptr[1] >> 4];
-	    non_zerop = 1;
-	}
-	*dst++ = xdigits[ptr[1] & 0x0F];
-	if (i != 7)
-	    *dst++ = ':';
-	ptr += 2;
-    }
-    *dst++ = '\0';
-    return orig_dst;
-}
-#endif /* HAVE_IPV6 */
-
-const char *
-inet_ntop(int af, const void *src, char *dst, size_t size)
-{
-    switch (af) {
-    case AF_INET :
-	return inet_ntop_v4 (src, dst, size);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return inet_ntop_v6 (src, dst, size);
-#endif
-    default :
-	errno = EAFNOSUPPORT;
-	return NULL;
-    }
-}
diff --git a/crypto/heimdal/lib/roken/inet_pton.c b/crypto/heimdal/lib/roken/inet_pton.c
deleted file mode 100644
index d9c976c8c732..000000000000
--- a/crypto/heimdal/lib/roken/inet_pton.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: inet_pton.c,v 1.3 2000/07/27 04:56:13 assar Exp $");
-#endif
-
-#include <roken.h>
-
-int
-inet_pton(int af, const char *src, void *dst)
-{
-    if (af != AF_INET) {
-	errno = EAFNOSUPPORT;
-	return -1;
-    }
-    return inet_aton (src, dst);
-}
diff --git a/crypto/heimdal/lib/roken/initgroups.c b/crypto/heimdal/lib/roken/initgroups.c
deleted file mode 100644
index dcf1d08e968f..000000000000
--- a/crypto/heimdal/lib/roken/initgroups.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: initgroups.c,v 1.3 1999/12/02 16:58:47 joda Exp $");
-#endif
-
-#include "roken.h"
-
-int
-initgroups(const char *name, gid_t basegid)
-{
-  return 0;
-}
diff --git a/crypto/heimdal/lib/roken/innetgr.c b/crypto/heimdal/lib/roken/innetgr.c
deleted file mode 100644
index 4bc57f93e566..000000000000
--- a/crypto/heimdal/lib/roken/innetgr.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_INNETGR
-
-RCSID("$Id: innetgr.c,v 1.1 1999/03/11 14:04:01 joda Exp $");
-
-int
-innetgr(const char *netgroup, const char *machine, 
-	const char *user, const char *domain)
-{
-    return 0;
-}
-#endif
-
diff --git a/crypto/heimdal/lib/roken/install-sh b/crypto/heimdal/lib/roken/install-sh
deleted file mode 100755
index e9de23842dcd..000000000000
--- a/crypto/heimdal/lib/roken/install-sh
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
-else
-	true
-fi
-
-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-		chmodcmd=""
-	else
-		instcmd=mkdir
-	fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-	if [ -f $src -o -d $src ]
-	then
-		true
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		true
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		true
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='	
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
-
-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		true
-	fi
-
-	pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
-	if [ x"$transformarg" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		dstfile=`basename $dst $transformbasename | 
-			sed $transformarg`$transformbasename
-	fi
-
-# don't allow the sed command to completely eliminate the filename
-
-	if [ x"$dstfile" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		true
-	fi
-
-# Make a temp file name in the proper directory.
-
-	dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-	$doit $instcmd $src $dsttmp &&
-
-	trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile 
-
-fi &&
-
-
-exit 0
diff --git a/crypto/heimdal/lib/roken/iruserok.c b/crypto/heimdal/lib/roken/iruserok.c
deleted file mode 100644
index 3b3880bf3955..000000000000
--- a/crypto/heimdal/lib/roken/iruserok.c
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- * Copyright (c) 1983, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: iruserok.c,v 1.23 1999/12/05 13:27:05 assar Exp $");
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
-
-#include "roken.h"
-
-int     __check_rhosts_file = 1;
-char    *__rcmd_errstr = 0;
-
-/*
- * Returns "true" if match, 0 if no match.
- */
-static
-int
-__icheckhost(unsigned raddr, const char *lhost)
-{
-	struct hostent *hp;
-	u_long laddr;
-	char **pp;
-
-	/* Try for raw ip address first. */
-	if (isdigit((unsigned char)*lhost)
-	    && (long)(laddr = inet_addr(lhost)) != -1)
-		return (raddr == laddr);
-
-	/* Better be a hostname. */
-	if ((hp = gethostbyname(lhost)) == NULL)
-		return (0);
-
-	/* Spin through ip addresses. */
-	for (pp = hp->h_addr_list; *pp; ++pp)
-	        if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
-			return (1);
-
-	/* No match. */
-	return (0);
-}
-
-/*
- * Returns 0 if ok, -1 if not ok.
- */
-static
-int
-__ivaliduser(FILE *hostf, unsigned raddr, const char *luser,
-	     const char *ruser)
-{
-	char *user, *p;
-	int ch;
-	char buf[MaxHostNameLen + 128];		/* host + login */
-	char hname[MaxHostNameLen];
-	struct hostent *hp;
-	/* Presumed guilty until proven innocent. */
-	int userok = 0, hostok = 0;
-#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
-	char *ypdomain;
-
-	if (yp_get_default_domain(&ypdomain))
-		ypdomain = NULL;
-#else
-#define	ypdomain NULL
-#endif
-	/* We need to get the damn hostname back for netgroup matching. */
-	if ((hp = gethostbyaddr((char *)&raddr,
-				sizeof(u_long),
-				AF_INET)) == NULL)
-		return (-1);
-	strlcpy(hname, hp->h_name, sizeof(hname));
-
-	while (fgets(buf, sizeof(buf), hostf)) {
-		p = buf;
-		/* Skip lines that are too long. */
-		if (strchr(p, '\n') == NULL) {
-			while ((ch = getc(hostf)) != '\n' && ch != EOF);
-			continue;
-		}
-		if (*p == '\n' || *p == '#') {
-			/* comment... */
-			continue;
-		}
-		while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
-		        if (isupper((unsigned char)*p))
-			    *p = tolower((unsigned char)*p);
-			p++;
-		}
-		if (*p == ' ' || *p == '\t') {
-			*p++ = '\0';
-			while (*p == ' ' || *p == '\t')
-				p++;
-			user = p;
-			while (*p != '\n' && *p != ' ' &&
-			    *p != '\t' && *p != '\0')
-				p++;
-		} else
-			user = p;
-		*p = '\0';
-		/*
-		 * Do +/- and +@/-@ checking. This looks really nasty,
-		 * but it matches SunOS's behavior so far as I can tell.
-		 */
-		switch(buf[0]) {
-		case '+':
-			if (!buf[1]) {     /* '+' matches all hosts */
-				hostok = 1;
-				break;
-			}
-			if (buf[1] == '@')  /* match a host by netgroup */
-				hostok = innetgr((char *)&buf[2],
-					(char *)&hname, NULL, ypdomain);
-			else		/* match a host by addr */
-				hostok = __icheckhost(raddr,(char *)&buf[1]);
-			break;
-		case '-':     /* reject '-' hosts and all their users */
-			if (buf[1] == '@') {
-				if (innetgr((char *)&buf[2],
-					      (char *)&hname, NULL, ypdomain))
-					return(-1);
-			} else {
-				if (__icheckhost(raddr,(char *)&buf[1]))
-					return(-1);
-			}
-			break;
-		default:  /* if no '+' or '-', do a simple match */
-			hostok = __icheckhost(raddr, buf);
-			break;
-		}
-		switch(*user) {
-		case '+':
-			if (!*(user+1)) {      /* '+' matches all users */
-				userok = 1;
-				break;
-			}
-			if (*(user+1) == '@')  /* match a user by netgroup */
-				userok = innetgr(user+2, NULL, (char *)ruser,
-						 ypdomain);
-			else	   /* match a user by direct specification */
-				userok = !(strcmp(ruser, user+1));
-			break;
-		case '-': 		/* if we matched a hostname, */
-			if (hostok) {   /* check for user field rejections */
-				if (!*(user+1))
-					return(-1);
-				if (*(user+1) == '@') {
-					if (innetgr(user+2, NULL,
-						    (char *)ruser, ypdomain))
-						return(-1);
-				} else {
-					if (!strcmp(ruser, user+1))
-						return(-1);
-				}
-			}
-			break;
-		default:	/* no rejections: try to match the user */
-			if (hostok)
-				userok = !(strcmp(ruser,*user ? user : luser));
-			break;
-		}
-		if (hostok && userok)
-			return(0);
-	}
-	return (-1);
-}
-
-/*
- * New .rhosts strategy: We are passed an ip address. We spin through
- * hosts.equiv and .rhosts looking for a match. When the .rhosts only
- * has ip addresses, we don't have to trust a nameserver.  When it
- * contains hostnames, we spin through the list of addresses the nameserver
- * gives us and look for a match.
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int
-iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser)
-{
-	char *cp;
-	struct stat sbuf;
-	struct passwd *pwd;
-	FILE *hostf;
-	uid_t uid;
-	int first;
-	char pbuf[MaxPathLen];
-
-	first = 1;
-	hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
-again:
-	if (hostf) {
-		if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
-			fclose(hostf);
-			return (0);
-		}
-		fclose(hostf);
-	}
-	if (first == 1 && (__check_rhosts_file || superuser)) {
-		first = 0;
-		if ((pwd = k_getpwnam((char*)luser)) == NULL)
-			return (-1);
-		snprintf (pbuf, sizeof(pbuf), "%s/.rhosts", pwd->pw_dir);
-
-		/*
-		 * Change effective uid while opening .rhosts.  If root and
-		 * reading an NFS mounted file system, can't read files that
-		 * are protected read/write owner only.
-		 */
-		uid = geteuid();
-		seteuid(pwd->pw_uid);
-		hostf = fopen(pbuf, "r");
-		seteuid(uid);
-
-		if (hostf == NULL)
-			return (-1);
-		/*
-		 * If not a regular file, or is owned by someone other than
-		 * user or root or if writeable by anyone but the owner, quit.
-		 */
-		cp = NULL;
-		if (lstat(pbuf, &sbuf) < 0)
-			cp = ".rhosts lstat failed";
-		else if (!S_ISREG(sbuf.st_mode))
-			cp = ".rhosts not regular file";
-		else if (fstat(fileno(hostf), &sbuf) < 0)
-			cp = ".rhosts fstat failed";
-		else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
-			cp = "bad .rhosts owner";
-		else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
-			cp = ".rhosts writeable by other than owner";
-		/* If there were any problems, quit. */
-		if (cp) {
-			__rcmd_errstr = cp;
-			fclose(hostf);
-			return (-1);
-		}
-		goto again;
-	}
-	return (-1);
-}
diff --git a/crypto/heimdal/lib/roken/issuid.c b/crypto/heimdal/lib/roken/issuid.c
deleted file mode 100644
index 910d85009bf7..000000000000
--- a/crypto/heimdal/lib/roken/issuid.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: issuid.c,v 1.4 2001/08/27 23:08:34 assar Exp $");
-#endif
-
-#include "roken.h"
-
-int
-issuid(void)
-{
-#if defined(HAVE_ISSETUGID)
-    return issetugid();
-#endif
-#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
-    if(getuid() != geteuid())
-	return 1;
-#endif
-#if defined(HAVE_GETGID) && defined(HAVE_GETEGID)
-    if(getgid() != getegid())
-	return 2;
-#endif
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/issuid.lo b/crypto/heimdal/lib/roken/issuid.lo
deleted file mode 100644
index 51908b74fa04..000000000000
--- a/crypto/heimdal/lib/roken/issuid.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/k_getpwnam.c b/crypto/heimdal/lib/roken/k_getpwnam.c
deleted file mode 100644
index 40681cd2d01b..000000000000
--- a/crypto/heimdal/lib/roken/k_getpwnam.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: k_getpwnam.c,v 1.9 1999/12/02 16:58:47 joda Exp $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-struct passwd *
-k_getpwnam (const char *user)
-{
-     struct passwd *p;
-
-     p = getpwnam (user);
-#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
-     if(p)
-     {
-	  struct spwd *spwd;
-
-	  spwd = getspnam (user);
-	  if (spwd)
-	       p->pw_passwd = spwd->sp_pwdp;
-	  endspent ();
-     }
-#else
-     endpwent ();
-#endif
-     return p;
-}
diff --git a/crypto/heimdal/lib/roken/k_getpwnam.lo b/crypto/heimdal/lib/roken/k_getpwnam.lo
deleted file mode 100644
index 18d7a3a272b2..000000000000
--- a/crypto/heimdal/lib/roken/k_getpwnam.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/k_getpwuid.c b/crypto/heimdal/lib/roken/k_getpwuid.c
deleted file mode 100644
index 1e2ca5476fe4..000000000000
--- a/crypto/heimdal/lib/roken/k_getpwuid.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: k_getpwuid.c,v 1.9 1999/12/02 16:58:47 joda Exp $");
-#endif /* HAVE_CONFIG_H */
-
-#include "roken.h"
-#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-struct passwd *
-k_getpwuid (uid_t uid)
-{
-     struct passwd *p;
-
-     p = getpwuid (uid);
-#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
-     if (p)
-     {
-	  struct spwd *spwd;
-
-	  spwd = getspnam (p->pw_name);
-	  if (spwd)
-	       p->pw_passwd = spwd->sp_pwdp;
-	  endspent ();
-     }
-#else
-     endpwent ();
-#endif
-     return p;
-}
diff --git a/crypto/heimdal/lib/roken/k_getpwuid.lo b/crypto/heimdal/lib/roken/k_getpwuid.lo
deleted file mode 100644
index 7c0179088a62..000000000000
--- a/crypto/heimdal/lib/roken/k_getpwuid.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/libroken.la b/crypto/heimdal/lib/roken/libroken.la
deleted file mode 100644
index 8551dda5a252..000000000000
--- a/crypto/heimdal/lib/roken/libroken.la
+++ /dev/null
@@ -1,32 +0,0 @@
-# libroken.la - a libtool library file
-# Generated by ltmain.sh - GNU libtool 1.4.2 (1.922.2.53 2001/09/11 03:18:52)
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='libroken.so.16'
-
-# Names of this library.
-library_names='libroken.so.16 libroken.so libroken.so'
-
-# The name of the static archive.
-old_library='libroken.a'
-
-# Libraries that this one depends upon.
-dependency_libs=''
-
-# Version information for libroken.
-current=16
-age=7
-revision=0
-
-# Is this an already installed library?
-installed=no
-
-# Files to dlopen/dlpreopen
-dlopen=''
-dlpreopen=''
-
-# Directory that this library needs to be installed in:
-libdir='/usr/heimdal/lib'
diff --git a/crypto/heimdal/lib/roken/libtest.la b/crypto/heimdal/lib/roken/libtest.la
deleted file mode 100644
index 2206a0e7d446..000000000000
--- a/crypto/heimdal/lib/roken/libtest.la
+++ /dev/null
@@ -1,32 +0,0 @@
-# libtest.la - a libtool library file
-# Generated by ltmain.sh - GNU libtool 1.4.2 (1.922.2.53 2001/09/11 03:18:52)
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname=''
-
-# Names of this library.
-library_names=''
-
-# The name of the static archive.
-old_library='libtest.al'
-
-# Libraries that this one depends upon.
-dependency_libs=''
-
-# Version information for libtest.
-current=
-age=
-revision=
-
-# Is this an already installed library?
-installed=no
-
-# Files to dlopen/dlpreopen
-dlopen=''
-dlpreopen=''
-
-# Directory that this library needs to be installed in:
-libdir=''
diff --git a/crypto/heimdal/lib/roken/libtest_la-snprintf.lo b/crypto/heimdal/lib/roken/libtest_la-snprintf.lo
deleted file mode 100644
index fd9d5940cbae..000000000000
--- a/crypto/heimdal/lib/roken/libtest_la-snprintf.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/libtest_la-strftime.lo b/crypto/heimdal/lib/roken/libtest_la-strftime.lo
deleted file mode 100644
index be49eaeb6b8d..000000000000
--- a/crypto/heimdal/lib/roken/libtest_la-strftime.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/libtest_la-strptime.lo b/crypto/heimdal/lib/roken/libtest_la-strptime.lo
deleted file mode 100644
index 0f2ba79aceae..000000000000
--- a/crypto/heimdal/lib/roken/libtest_la-strptime.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/localtime_r.c b/crypto/heimdal/lib/roken/localtime_r.c
deleted file mode 100644
index 43402342f9f0..000000000000
--- a/crypto/heimdal/lib/roken/localtime_r.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: localtime_r.c,v 1.2 2002/08/20 13:00:35 joda Exp $");
-#endif
-
-#include <stdio.h>
-#include <time.h>
-#include "roken.h"
-
-#ifndef HAVE_LOCALTIME_R
-
-struct tm *
-localtime_r(const time_t *timer, struct tm *result)
-{
-    struct tm *tm;
-    
-    tm = localtime((time_t *)timer);
-    if (tm == NULL)
-	return NULL;
-    *result = *tm;
-    return result;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/lstat.c b/crypto/heimdal/lib/roken/lstat.c
deleted file mode 100644
index 2f03e19d18f1..000000000000
--- a/crypto/heimdal/lib/roken/lstat.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: lstat.c,v 1.4 1999/12/02 16:58:51 joda Exp $");
-#endif
-
-#include "roken.h"
-
-int
-lstat(const char *path, struct stat *buf)
-{
-  return stat(path, buf);
-}
diff --git a/crypto/heimdal/lib/roken/make-print-version.c b/crypto/heimdal/lib/roken/make-print-version.c
deleted file mode 100644
index b29cf3134064..000000000000
--- a/crypto/heimdal/lib/roken/make-print-version.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: make-print-version.c,v 1.3 2000/08/16 11:30:04 assar Exp $");
-#endif
-
-#include <stdio.h>
-
-#ifdef KRB5
-extern const char *heimdal_version;
-#endif
-#ifdef KRB4
-extern char *krb4_version;
-#endif
-#include <version.h>
-
-int
-main(int argc, char **argv)
-{
-    FILE *f;
-    if(argc != 2)
-	return 1;
-    f = fopen(argv[1], "w");
-    if(f == NULL)
-	return 1;
-    fprintf(f, "#define VERSIONLIST { ");
-#ifdef KRB5
-    fprintf(f, "\"%s\", ", heimdal_version);
-#endif
-#ifdef KRB4
-    fprintf(f, "\"%s\", ", krb4_version);
-#endif
-    fprintf(f, "}\n");
-    fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/make-roken b/crypto/heimdal/lib/roken/make-roken
deleted file mode 100755
index d4eb7f3b573b..000000000000
--- a/crypto/heimdal/lib/roken/make-roken
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/make-roken.c b/crypto/heimdal/lib/roken/make-roken.c
deleted file mode 100644
index a6a8f1e7a0f4..000000000000
--- a/crypto/heimdal/lib/roken/make-roken.c
+++ /dev/null
@@ -1,699 +0,0 @@
-#include <stdio.h>
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-int main()
-{
-puts("/* This is an OS dependent, generated file */");
-puts("\n");
-puts("#ifndef __ROKEN_H__");
-puts("#define __ROKEN_H__");
-puts("");
-puts("/* -*- C -*- */");
-puts("/*");
-puts(" * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan");
-puts(" * (Royal Institute of Technology, Stockholm, Sweden).");
-puts(" * All rights reserved.");
-puts(" * ");
-puts(" * Redistribution and use in source and binary forms, with or without");
-puts(" * modification, are permitted provided that the following conditions");
-puts(" * are met:");
-puts(" * ");
-puts(" * 1. Redistributions of source code must retain the above copyright");
-puts(" *    notice, this list of conditions and the following disclaimer.");
-puts(" * ");
-puts(" * 2. Redistributions in binary form must reproduce the above copyright");
-puts(" *    notice, this list of conditions and the following disclaimer in the");
-puts(" *    documentation and/or other materials provided with the distribution.");
-puts(" * ");
-puts(" * 3. Neither the name of the Institute nor the names of its contributors");
-puts(" *    may be used to endorse or promote products derived from this software");
-puts(" *    without specific prior written permission.");
-puts(" * ");
-puts(" * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND");
-puts(" * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE");
-puts(" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE");
-puts(" * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE");
-puts(" * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL");
-puts(" * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS");
-puts(" * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)");
-puts(" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT");
-puts(" * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY");
-puts(" * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF");
-puts(" * SUCH DAMAGE.");
-puts(" */");
-puts("");
-puts("/* $Id: roken.h.in,v 1.169 2002/08/26 21:43:38 assar Exp $ */");
-puts("");
-puts("#include <stdio.h>");
-puts("#include <stdlib.h>");
-puts("#include <stdarg.h>");
-puts("#include <string.h>");
-puts("#include <signal.h>");
-puts("");
-#ifdef _AIX
-puts("struct ether_addr;");
-puts("struct sockaddr_dl;");
-#endif
-#ifdef HAVE_SYS_PARAM_H
-puts("#include <sys/param.h>");
-#endif
-#ifdef HAVE_INTTYPES_H
-puts("#include <inttypes.h>");
-#endif
-#ifdef HAVE_SYS_TYPES_H
-puts("#include <sys/types.h>");
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-puts("#include <sys/bitypes.h>");
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-puts("#include <bind/bitypes.h>");
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-puts("#include <netinet/in6_machtypes.h>");
-#endif
-#ifdef HAVE_UNISTD_H
-puts("#include <unistd.h>");
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-puts("#include <sys/socket.h>");
-#endif
-#ifdef HAVE_SYS_UIO_H
-puts("#include <sys/uio.h>");
-#endif
-#ifdef HAVE_GRP_H
-puts("#include <grp.h>");
-#endif
-#ifdef HAVE_SYS_STAT_H
-puts("#include <sys/stat.h>");
-#endif
-#ifdef HAVE_NETINET_IN_H
-puts("#include <netinet/in.h>");
-#endif
-#ifdef HAVE_NETINET_IN6_H
-puts("#include <netinet/in6.h>");
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-puts("#include <netinet6/in6.h>");
-#endif
-#ifdef HAVE_ARPA_INET_H
-puts("#include <arpa/inet.h>");
-#endif
-#ifdef HAVE_NETDB_H
-puts("#include <netdb.h>");
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-puts("#include <arpa/nameser.h>");
-#endif
-#ifdef HAVE_RESOLV_H
-puts("#include <resolv.h>");
-#endif
-#ifdef HAVE_SYSLOG_H
-puts("#include <syslog.h>");
-#endif
-#ifdef HAVE_FCNTL_H
-puts("#include <fcntl.h>");
-#endif
-#ifdef HAVE_ERRNO_H
-puts("#include <errno.h>");
-#endif
-#ifdef HAVE_ERR_H
-puts("#include <err.h>");
-#endif
-#ifdef HAVE_TERMIOS_H
-puts("#include <termios.h>");
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-puts("#include <sys/ioctl.h>");
-#endif
-#ifdef TIME_WITH_SYS_TIME
-puts("#include <sys/time.h>");
-puts("#include <time.h>");
-#elif defined(HAVE_SYS_TIME_H)
-puts("#include <sys/time.h>");
-#else
-puts("#include <time.h>");
-#endif
-puts("");
-#ifdef HAVE_PATHS_H
-puts("#include <paths.h>");
-#endif
-puts("");
-puts("");
-#ifndef ROKEN_LIB_FUNCTION
-#if defined(__BORLANDC__)
-puts("#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet */");
-#elif defined(_MSC_VER)
-puts("#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet2 */");
-#else
-puts("#define ROKEN_LIB_FUNCTION");
-#endif
-#endif
-puts("");
-#ifndef HAVE_SSIZE_T
-puts("typedef int ssize_t;");
-#endif
-puts("");
-puts("#include <roken-common.h>");
-puts("");
-puts("ROKEN_CPP_START");
-puts("");
-#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
-puts("#define setsid _setsid");
-#endif
-puts("");
-#ifndef HAVE_PUTENV
-puts("int putenv(const char *string);");
-#endif
-puts("");
-#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
-puts("int setenv(const char *var, const char *val, int rewrite);");
-#endif
-puts("");
-#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
-puts("void unsetenv(const char *name);");
-#endif
-puts("");
-#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
-puts("char *getusershell(void);");
-puts("void endusershell(void);");
-#endif
-puts("");
-#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
-puts("int snprintf (char *str, size_t sz, const char *format, ...)");
-puts("     __attribute__ ((format (printf, 3, 4)));");
-#endif
-puts("");
-#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
-puts("int vsnprintf (char *str, size_t sz, const char *format, va_list ap)");
-puts("     __attribute__((format (printf, 3, 0)));");
-#endif
-puts("");
-#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
-puts("int asprintf (char **ret, const char *format, ...)");
-puts("     __attribute__ ((format (printf, 2, 3)));");
-#endif
-puts("");
-#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
-puts("int vasprintf (char **ret, const char *format, va_list ap)");
-puts("     __attribute__((format (printf, 2, 0)));");
-#endif
-puts("");
-#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
-puts("int asnprintf (char **ret, size_t max_sz, const char *format, ...)");
-puts("     __attribute__ ((format (printf, 3, 4)));");
-#endif
-puts("");
-#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
-puts("int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)");
-puts("     __attribute__((format (printf, 3, 0)));");
-#endif
-puts("");
-#ifndef HAVE_STRDUP
-puts("char * strdup(const char *old);");
-#endif
-puts("");
-#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO)
-puts("char * strndup(const char *old, size_t sz);");
-#endif
-puts("");
-#ifndef HAVE_STRLWR
-puts("char * strlwr(char *);");
-#endif
-puts("");
-#ifndef HAVE_STRNLEN
-puts("size_t strnlen(const char*, size_t);");
-#endif
-puts("");
-#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
-puts("char *strsep(char**, const char*);");
-#endif
-puts("");
-#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO)
-puts("ssize_t strsep_copy(const char**, const char*, char*, size_t);");
-#endif
-puts("");
-#ifndef HAVE_STRCASECMP
-puts("int strcasecmp(const char *s1, const char *s2);");
-#endif
-puts("");
-#ifdef NEED_FCLOSE_PROTO
-puts("int fclose(FILE *);");
-#endif
-puts("");
-#ifdef NEED_STRTOK_R_PROTO
-puts("char *strtok_r(char *s1, const char *s2, char **lasts);");
-#endif
-puts("");
-#ifndef HAVE_STRUPR
-puts("char * strupr(char *);");
-#endif
-puts("");
-#ifndef HAVE_STRLCPY
-puts("size_t strlcpy (char *dst, const char *src, size_t dst_sz);");
-#endif
-puts("");
-#ifndef HAVE_STRLCAT
-puts("size_t strlcat (char *dst, const char *src, size_t dst_sz);");
-#endif
-puts("");
-#ifndef HAVE_GETDTABLESIZE
-puts("int getdtablesize(void);");
-#endif
-puts("");
-#if !defined(HAVE_STRERROR) && !defined(strerror)
-puts("char *strerror(int eno);");
-#endif
-puts("");
-#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
-puts("/* This causes a fatal error under Psoriasis */");
-#if !(defined(SunOS) && (SunOS >= 50))
-puts("const char *hstrerror(int herr);");
-#endif
-#endif
-puts("");
-#ifndef HAVE_H_ERRNO_DECLARATION
-puts("extern int h_errno;");
-#endif
-puts("");
-#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
-puts("int inet_aton(const char *cp, struct in_addr *adr);");
-#endif
-puts("");
-#ifndef HAVE_INET_NTOP
-puts("const char *");
-puts("inet_ntop(int af, const void *src, char *dst, size_t size);");
-#endif
-puts("");
-#ifndef HAVE_INET_PTON
-puts("int");
-puts("inet_pton(int af, const char *src, void *dst);");
-#endif
-puts("");
-#if !defined(HAVE_GETCWD)
-puts("char* getcwd(char *path, size_t size);");
-#endif
-puts("");
-#ifdef HAVE_PWD_H
-puts("#include <pwd.h>");
-puts("struct passwd *k_getpwnam (const char *user);");
-puts("struct passwd *k_getpwuid (uid_t uid);");
-#endif
-puts("");
-puts("const char *get_default_username (void);");
-puts("");
-#ifndef HAVE_SETEUID
-puts("int seteuid(uid_t euid);");
-#endif
-puts("");
-#ifndef HAVE_SETEGID
-puts("int setegid(gid_t egid);");
-#endif
-puts("");
-#ifndef HAVE_LSTAT
-puts("int lstat(const char *path, struct stat *buf);");
-#endif
-puts("");
-#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
-puts("int mkstemp(char *);");
-#endif
-puts("");
-#ifndef HAVE_CGETENT
-puts("int cgetent(char **buf, char **db_array, const char *name);");
-puts("int cgetstr(char *buf, const char *cap, char **str);");
-#endif
-puts("");
-#ifndef HAVE_INITGROUPS
-puts("int initgroups(const char *name, gid_t basegid);");
-#endif
-puts("");
-#ifndef HAVE_FCHOWN
-puts("int fchown(int fd, uid_t owner, gid_t group);");
-#endif
-puts("");
-#ifndef HAVE_DAEMON
-puts("int daemon(int nochdir, int noclose);");
-#endif
-puts("");
-#ifndef HAVE_INNETGR
-puts("int innetgr(const char *netgroup, const char *machine, ");
-puts("	    const char *user, const char *domain);");
-#endif
-puts("");
-#ifndef HAVE_CHOWN
-puts("int chown(const char *path, uid_t owner, gid_t group);");
-#endif
-puts("");
-#ifndef HAVE_RCMD
-puts("int rcmd(char **ahost, unsigned short inport, const char *locuser,");
-puts("	 const char *remuser, const char *cmd, int *fd2p);");
-#endif
-puts("");
-#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
-puts("int innetgr(const char*, const char*, const char*, const char*);");
-#endif
-puts("");
-#ifndef HAVE_IRUSEROK
-puts("int iruserok(unsigned raddr, int superuser, const char *ruser,");
-puts("	     const char *luser);");
-#endif
-puts("");
-#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
-puts("int gethostname(char *name, int namelen);");
-#endif
-puts("");
-#ifndef HAVE_WRITEV
-puts("ssize_t");
-puts("writev(int d, const struct iovec *iov, int iovcnt);");
-#endif
-puts("");
-#ifndef HAVE_READV
-puts("ssize_t");
-puts("readv(int d, const struct iovec *iov, int iovcnt);");
-#endif
-puts("");
-#ifndef HAVE_MKSTEMP
-puts("int");
-puts("mkstemp(char *template);");
-#endif
-puts("");
-#ifndef HAVE_PIDFILE
-puts("void pidfile (const char*);");
-#endif
-puts("");
-#ifndef HAVE_BSWAP32
-puts("unsigned int bswap32(unsigned int);");
-#endif
-puts("");
-#ifndef HAVE_BSWAP16
-puts("unsigned short bswap16(unsigned short);");
-#endif
-puts("");
-#ifndef HAVE_FLOCK
-#ifndef LOCK_SH
-puts("#define LOCK_SH   1		/* Shared lock */");
-#endif
-#ifndef	LOCK_EX
-puts("#define LOCK_EX   2		/* Exclusive lock */");
-#endif
-#ifndef LOCK_NB
-puts("#define LOCK_NB   4		/* Don't block when locking */");
-#endif
-#ifndef LOCK_UN
-puts("#define LOCK_UN   8		/* Unlock */");
-#endif
-puts("");
-puts("int flock(int fd, int operation);");
-#endif /* HAVE_FLOCK */
-puts("");
-puts("time_t tm2time (struct tm tm, int local);");
-puts("");
-puts("int unix_verify_user(char *user, char *password);");
-puts("");
-puts("int roken_concat (char *s, size_t len, ...);");
-puts("");
-puts("size_t roken_mconcat (char **s, size_t max_len, ...);");
-puts("");
-puts("int roken_vconcat (char *s, size_t len, va_list args);");
-puts("");
-puts("size_t roken_vmconcat (char **s, size_t max_len, va_list args);");
-puts("");
-puts("ssize_t net_write (int fd, const void *buf, size_t nbytes);");
-puts("");
-puts("ssize_t net_read (int fd, void *buf, size_t nbytes);");
-puts("");
-puts("int issuid(void);");
-puts("");
-#ifndef HAVE_STRUCT_WINSIZE
-puts("struct winsize {");
-puts("	unsigned short ws_row, ws_col;");
-puts("	unsigned short ws_xpixel, ws_ypixel;");
-puts("};");
-#endif
-puts("");
-puts("int get_window_size(int fd, struct winsize *);");
-puts("");
-#ifndef HAVE_VSYSLOG
-puts("void vsyslog(int pri, const char *fmt, va_list ap);");
-#endif
-puts("");
-#ifndef HAVE_OPTARG_DECLARATION
-puts("extern char *optarg;");
-#endif
-#ifndef HAVE_OPTIND_DECLARATION
-puts("extern int optind;");
-#endif
-#ifndef HAVE_OPTERR_DECLARATION
-puts("extern int opterr;");
-#endif
-puts("");
-#ifndef HAVE___PROGNAME_DECLARATION
-puts("extern const char *__progname;");
-#endif
-puts("");
-#ifndef HAVE_ENVIRON_DECLARATION
-puts("extern char **environ;");
-#endif
-puts("");
-#ifndef HAVE_GETIPNODEBYNAME
-puts("struct hostent *");
-puts("getipnodebyname (const char *name, int af, int flags, int *error_num);");
-#endif
-puts("");
-#ifndef HAVE_GETIPNODEBYADDR
-puts("struct hostent *");
-puts("getipnodebyaddr (const void *src, size_t len, int af, int *error_num);");
-#endif
-puts("");
-#ifndef HAVE_FREEHOSTENT
-puts("void");
-puts("freehostent (struct hostent *h);");
-#endif
-puts("");
-#ifndef HAVE_COPYHOSTENT
-puts("struct hostent *");
-puts("copyhostent (const struct hostent *h);");
-#endif
-puts("");
-#ifndef HAVE_SOCKLEN_T
-puts("typedef int socklen_t;");
-#endif
-puts("");
-#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
-puts("");
-#ifndef HAVE_SA_FAMILY_T
-puts("typedef unsigned short sa_family_t;");
-#endif
-puts("");
-#ifdef HAVE_IPV6
-puts("#define _SS_MAXSIZE sizeof(struct sockaddr_in6)");
-#else
-puts("#define _SS_MAXSIZE sizeof(struct sockaddr_in)");
-#endif
-puts("");
-puts("#define _SS_ALIGNSIZE	sizeof(unsigned long)");
-puts("");
-#if HAVE_STRUCT_SOCKADDR_SA_LEN
-puts("");
-puts("typedef unsigned char roken_sa_family_t;");
-puts("");
-puts("#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE)");
-puts("#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE))");
-puts("");
-puts("struct sockaddr_storage {");
-puts("    unsigned char	ss_len;");
-puts("    roken_sa_family_t	ss_family;");
-puts("    char		__ss_pad1[_SS_PAD1SIZE];");
-puts("    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];");
-puts("};");
-puts("");
-#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */
-puts("");
-puts("typedef unsigned short roken_sa_family_t;");
-puts("");
-puts("#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE)");
-puts("#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE))");
-puts("");
-puts("struct sockaddr_storage {");
-puts("    roken_sa_family_t	ss_family;");
-puts("    char		__ss_pad1[_SS_PAD1SIZE];");
-puts("    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];");
-puts("};");
-puts("");
-#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
-puts("");
-#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
-puts("");
-#ifndef HAVE_STRUCT_ADDRINFO
-puts("struct addrinfo {");
-puts("    int    ai_flags;");
-puts("    int    ai_family;");
-puts("    int    ai_socktype;");
-puts("    int    ai_protocol;");
-puts("    size_t ai_addrlen;");
-puts("    char  *ai_canonname;");
-puts("    struct sockaddr *ai_addr;");
-puts("    struct addrinfo *ai_next;");
-puts("};");
-#endif
-puts("");
-#ifndef HAVE_GETADDRINFO
-puts("int");
-puts("getaddrinfo(const char *nodename,");
-puts("	    const char *servname,");
-puts("	    const struct addrinfo *hints,");
-puts("	    struct addrinfo **res);");
-#endif
-puts("");
-#ifndef HAVE_GETNAMEINFO
-puts("int getnameinfo(const struct sockaddr *sa, socklen_t salen,");
-puts("		char *host, size_t hostlen,");
-puts("		char *serv, size_t servlen,");
-puts("		int flags);");
-#endif
-puts("");
-#ifndef HAVE_FREEADDRINFO
-puts("void");
-puts("freeaddrinfo(struct addrinfo *ai);");
-#endif
-puts("");
-#ifndef HAVE_GAI_STRERROR
-puts("char *");
-puts("gai_strerror(int ecode);");
-#endif
-puts("");
-puts("int");
-puts("getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,");
-puts("		     char *host, size_t hostlen,");
-puts("		     char *serv, size_t servlen,");
-puts("		     int flags);");
-puts("");
-puts("int roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); ");
-puts("int roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);");
-puts("");
-#ifndef HAVE_STRFTIME
-puts("size_t");
-puts("strftime (char *buf, size_t maxsize, const char *format,");
-puts("	  const struct tm *tm);");
-#endif
-puts("");
-#ifndef HAVE_STRPTIME
-puts("char *");
-puts("strptime (const char *buf, const char *format, struct tm *timeptr);");
-#endif
-puts("");
-#ifndef HAVE_EMALLOC
-puts("void *emalloc (size_t);");
-#endif
-#ifndef HAVE_ECALLOC
-puts("void *ecalloc(size_t num, size_t sz);");
-#endif
-#ifndef HAVE_EREALLOC
-puts("void *erealloc (void *, size_t);");
-#endif
-#ifndef HAVE_ESTRDUP
-puts("char *estrdup (const char *);");
-#endif
-puts("");
-puts("/*");
-puts(" * kludges and such");
-puts(" */");
-puts("");
-#if 1
-puts("int roken_gethostby_setup(const char*, const char*);");
-puts("struct hostent* roken_gethostbyname(const char*);");
-puts("struct hostent* roken_gethostbyaddr(const void*, size_t, int);");
-#else
-#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
-puts("#define roken_gethostbyname(x) gethostbyname(x)");
-#else
-puts("#define roken_gethostbyname(x) gethostbyname((char *)x)");
-#endif
-puts("");
-#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
-puts("#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)");
-#else
-puts("#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)");
-#endif
-#endif
-puts("");
-#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
-puts("#define roken_getservbyname(x,y) getservbyname(x,y)");
-#else
-puts("#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)");
-#endif
-puts("");
-#ifdef OPENLOG_PROTO_COMPATIBLE
-puts("#define roken_openlog(a,b,c) openlog(a,b,c)");
-#else
-puts("#define roken_openlog(a,b,c) openlog((char *)a,b,c)");
-#endif
-puts("");
-#ifdef GETSOCKNAME_PROTO_COMPATIBLE
-puts("#define roken_getsockname(a,b,c) getsockname(a,b,c)");
-#else
-puts("#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c)");
-#endif
-puts("");
-#ifndef HAVE_SETPROGNAME
-puts("void setprogname(const char *argv0);");
-#endif
-puts("");
-#ifndef HAVE_GETPROGNAME
-puts("const char *getprogname(void);");
-#endif
-puts("");
-puts("void mini_inetd_addrinfo (struct addrinfo*);");
-puts("void mini_inetd (int port);");
-puts("");
-puts("void set_progname(char *argv0);");
-puts("const char *get_progname(void);");
-puts("");
-#ifndef HAVE_LOCALTIME_R
-puts("struct tm *");
-puts("localtime_r(const time_t *timer, struct tm *result);");
-#endif
-puts("");
-#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO)
-puts("int");
-puts("strsvis(char *dst, const char *src, int flag, const char *extra);");
-#endif
-puts("");
-#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO)
-puts("int");
-puts("strunvis(char *dst, const char *src);");
-#endif
-puts("");
-#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO)
-puts("int");
-puts("strvis(char *dst, const char *src, int flag);");
-#endif
-puts("");
-#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO)
-puts("int");
-puts("strvisx(char *dst, const char *src, size_t len, int flag);");
-#endif
-puts("");
-#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO)
-puts("char *");
-puts("svis(char *dst, int c, int flag, int nextc, const char *extra);");
-#endif
-puts("");
-#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO)
-puts("int");
-puts("unvis(char *cp, int c, int *astate, int flag);");
-#endif
-puts("");
-#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO)
-puts("char *");
-puts("vis(char *dst, int c, int flag, int nextc);");
-#endif
-puts("");
-puts("ROKEN_CPP_END");
-puts("#define ROKEN_VERSION " VERSION );
-puts("");
-puts("#endif /* __ROKEN_H__ */");
-return 0;
-}
diff --git a/crypto/heimdal/lib/roken/memmove.c b/crypto/heimdal/lib/roken/memmove.c
deleted file mode 100644
index b77d56af9616..000000000000
--- a/crypto/heimdal/lib/roken/memmove.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: memmove.c,v 1.7 1999/12/02 16:58:51 joda Exp $");
-#endif
-
-/* 
- * memmove for systems that doesn't have it 
- */
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-void* memmove(void *s1, const void *s2, size_t n)
-{
-  char *s=(char*)s2, *d=(char*)s1;
-
-  if(d > s){
-    s+=n-1;
-    d+=n-1;
-    while(n){
-      *d--=*s--;
-      n--;
-    }
-  }else if(d < s)
-    while(n){
-      *d++=*s++;
-      n--;
-    }
-  return s1;
-}
diff --git a/crypto/heimdal/lib/roken/mini_inetd.c b/crypto/heimdal/lib/roken/mini_inetd.c
deleted file mode 100644
index 8c8f72d9de70..000000000000
--- a/crypto/heimdal/lib/roken/mini_inetd.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: mini_inetd.c,v 1.30 2002/02/18 19:08:55 joda Exp $");
-#endif
-
-#include <err.h>
-#include "roken.h"
-
-/*
- * accept a connection on `s' and pretend it's served by inetd.
- */
-
-static void
-accept_it (int s)
-{
-    int s2;
-
-    s2 = accept(s, NULL, NULL);
-    if(s2 < 0)
-	err (1, "accept");
-    close(s);
-    dup2(s2, STDIN_FILENO);
-    dup2(s2, STDOUT_FILENO);
-    /* dup2(s2, STDERR_FILENO); */
-    close(s2);
-}
-
-/*
- * Listen on a specified port, emulating inetd.
- */
-
-void
-mini_inetd_addrinfo (struct addrinfo *ai)
-{
-    int ret;
-    struct addrinfo *a;
-    int n, nalloc, i;
-    int *fds;
-    fd_set orig_read_set, read_set;
-    int max_fd = -1;
-
-    for (nalloc = 0, a = ai; a != NULL; a = a->ai_next)
-	++nalloc;
-
-    fds = malloc (nalloc * sizeof(*fds));
-    if (fds == NULL)
-	errx (1, "mini_inetd: out of memory");
-
-    FD_ZERO(&orig_read_set);
-
-    for (i = 0, a = ai; a != NULL; a = a->ai_next) {
-	fds[i] = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
-	if (fds[i] < 0) {
-	    warn ("socket af = %d", a->ai_family);
-	    continue;
-	}
-	socket_set_reuseaddr (fds[i], 1);
-	if (bind (fds[i], a->ai_addr, a->ai_addrlen) < 0) {
-	    warn ("bind af = %d", a->ai_family);
-	    close(fds[i]);
-	    continue;
-	}
-	if (listen (fds[i], SOMAXCONN) < 0) {
-	    warn ("listen af = %d", a->ai_family);
-	    close(fds[i]);
-	    continue;
-	}
-	if (fds[i] >= FD_SETSIZE)
-	    errx (1, "fd too large");
-	FD_SET(fds[i], &orig_read_set);
-	max_fd = max(max_fd, fds[i]);
-	++i;
-    }
-    if (i == 0)
-	errx (1, "no sockets");
-    n = i;
-
-    do {
-	read_set = orig_read_set;
-
-	ret = select (max_fd + 1, &read_set, NULL, NULL, NULL);
-	if (ret < 0 && errno != EINTR)
-	    err (1, "select");
-    } while (ret <= 0);
-
-    for (i = 0; i < n; ++i)
-	if (FD_ISSET (fds[i], &read_set)) {
-	    accept_it (fds[i]);
-	    return;
-	}
-    abort ();
-}
-
-void
-mini_inetd (int port)
-{
-    int error;
-    struct addrinfo *ai, hints;
-    char portstr[NI_MAXSERV];
-
-    memset (&hints, 0, sizeof(hints));
-    hints.ai_flags    = AI_PASSIVE;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_family   = PF_UNSPEC;
-
-    snprintf (portstr, sizeof(portstr), "%d", ntohs(port));
-
-    error = getaddrinfo (NULL, portstr, &hints, &ai);
-    if (error)
-	errx (1, "getaddrinfo: %s", gai_strerror (error));
-
-    mini_inetd_addrinfo(ai);
-    
-    freeaddrinfo(ai);
-}
diff --git a/crypto/heimdal/lib/roken/mini_inetd.lo b/crypto/heimdal/lib/roken/mini_inetd.lo
deleted file mode 100644
index f2f233fded14..000000000000
--- a/crypto/heimdal/lib/roken/mini_inetd.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/missing b/crypto/heimdal/lib/roken/missing
deleted file mode 100755
index 7789652e877f..000000000000
--- a/crypto/heimdal/lib/roken/missing
+++ /dev/null
@@ -1,190 +0,0 @@
-#! /bin/sh
-# Common stub for a few missing GNU programs while installing.
-# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
-# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-if test $# -eq 0; then
-  echo 1>&2 "Try \`$0 --help' for more information"
-  exit 1
-fi
-
-case "$1" in
-
-  -h|--h|--he|--hel|--help)
-    echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
-
-Options:
-  -h, --help      display this help and exit
-  -v, --version   output version information and exit
-
-Supported PROGRAM values:
-  aclocal      touch file \`aclocal.m4'
-  autoconf     touch file \`configure'
-  autoheader   touch file \`config.h.in'
-  automake     touch all \`Makefile.in' files
-  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
-  flex         create \`lex.yy.c', if possible, from existing .c
-  lex          create \`lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]"
-    ;;
-
-  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
-    echo "missing - GNU libit 0.0"
-    ;;
-
-  -*)
-    echo 1>&2 "$0: Unknown \`$1' option"
-    echo 1>&2 "Try \`$0 --help' for more information"
-    exit 1
-    ;;
-
-  aclocal)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acinclude.m4' or \`configure.in'.  You might want
-         to install the \`Automake' and \`Perl' packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`configure.in'.  You might want to install the
-         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acconfig.h' or \`configure.in'.  You might want
-         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' configure.in`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case "$f" in
-      *:*) touch_files="$touch_files "`echo "$f" |
-				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
-
-  automake)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
-         You might want to install the \`Automake' and \`Perl' packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-	   sed 's/\.am$/.in/' |
-	   while read f; do touch "$f"; done
-    ;;
-
-  bison|yacc)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.y' file.  You may need the \`Bison' package
-         in order for those modifications to take effect.  You can get
-         \`Bison' from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.y)
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.c
-	    fi
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.h
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f y.tab.h ]; then
-	echo >y.tab.h
-    fi
-    if [ ! -f y.tab.c ]; then
-	echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex|flex)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.l' file.  You may need the \`Flex' package
-         in order for those modifications to take effect.  You can get
-         \`Flex' from any GNU archive site."
-    rm -f lex.yy.c
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.l)
-	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" lex.yy.c
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f lex.yy.c ]; then
-	echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  makeinfo)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.texi' or \`.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy \`make' (AIX,
-         DU, IRIX).  You might want to install the \`Texinfo' package or
-         the \`GNU make' package.  Grab either from any GNU archive site."
-    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
-    if test -z "$file"; then
-      file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
-    fi
-    touch $file
-    ;;
-
-  *)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and you do not seem to have it handy on your
-         system.  You might have modified some files without having the
-         proper tools for further handling them.  Check the \`README' file,
-         it often tells you about the needed prerequirements for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing \`$1' program."
-    exit 1
-    ;;
-esac
-
-exit 0
diff --git a/crypto/heimdal/lib/roken/mkinstalldirs b/crypto/heimdal/lib/roken/mkinstalldirs
deleted file mode 100755
index 6b3b5fc5d4d3..000000000000
--- a/crypto/heimdal/lib/roken/mkinstalldirs
+++ /dev/null
@@ -1,40 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-# Author: Noah Friedman <friedman@prep.ai.mit.edu>
-# Created: 1993-05-16
-# Public domain
-
-# $Id$
-
-errstatus=0
-
-for file
-do
-   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
-   shift
-
-   pathcomp=
-   for d
-   do
-     pathcomp="$pathcomp$d"
-     case "$pathcomp" in
-       -* ) pathcomp=./$pathcomp ;;
-     esac
-
-     if test ! -d "$pathcomp"; then
-        echo "mkdir $pathcomp"
-
-        mkdir "$pathcomp" || lasterr=$?
-
-        if test ! -d "$pathcomp"; then
-  	  errstatus=$lasterr
-        fi
-     fi
-
-     pathcomp="$pathcomp/"
-   done
-done
-
-exit $errstatus
-
-# mkinstalldirs ends here
diff --git a/crypto/heimdal/lib/roken/mkstemp.c b/crypto/heimdal/lib/roken/mkstemp.c
deleted file mode 100644
index 350f4cb7aee1..000000000000
--- a/crypto/heimdal/lib/roken/mkstemp.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#include <errno.h>
-
-RCSID("$Id: mkstemp.c,v 1.3 1999/12/02 16:58:51 joda Exp $");
-
-#ifndef HAVE_MKSTEMP
-
-int
-mkstemp(char *template)
-{
-    int start, i;
-    pid_t val;
-    val = getpid();
-    start = strlen(template) - 1;
-    while(template[start] == 'X') {
-	template[start] = '0' + val % 10;
-	val /= 10;
-	start--;
-    }
-    
-    do{
-	int fd;
-	fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
-	if(fd >= 0 || errno != EEXIST)
-	    return fd;
-	i = start + 1;
-	do{
-	    if(template[i] == 0)
-		return -1;
-	    template[i]++;
-	    if(template[i] == '9' + 1)
-		template[i] = 'a';
-	    if(template[i] <= 'z')
-		break;
-	    template[i] = 'a';
-	    i++;
-	}while(1);
-    }while(1);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.c b/crypto/heimdal/lib/roken/ndbm_wrap.c
deleted file mode 100644
index 2c24cd5cdcfb..000000000000
--- a/crypto/heimdal/lib/roken/ndbm_wrap.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: ndbm_wrap.c,v 1.1 2002/04/30 16:37:08 joda Exp $");
-#endif
-
-#include "ndbm_wrap.h"
-#if defined(HAVE_DB4_DB_H)
-#include <db4/db.h>
-#elif defined(HAVE_DB3_DB_H)
-#include <db3/db.h>
-#else
-#include <db.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <fcntl.h>
-
-
-#define DBT2DATUM(DBT, DATUM) do { (DATUM)->dptr = (DBT)->data; (DATUM)->dsize = (DBT)->size; } while(0)
-#define DATUM2DBT(DATUM, DBT) do { (DBT)->data = (DATUM)->dptr; (DBT)->size = (DATUM)->dsize; } while(0)
-#define RETURN(X) return ((X) == 0) ? 0 : -1
-
-#ifdef HAVE_DB3
-static DBC *cursor;
-#endif
-
-#define D(X) ((DB*)(X))
-
-void
-dbm_close (DBM *db)
-{
-#ifdef HAVE_DB3
-    D(db)->close(D(db), 0);
-    cursor = NULL;
-#else
-    D(db)->close(D(db));
-#endif
-}
-
-int
-dbm_delete (DBM *db, datum dkey)
-{
-    DBT key;
-    DATUM2DBT(&dkey, &key);
-#ifdef HAVE_DB3
-    RETURN(D(db)->del(D(db), NULL, &key, 0));
-#else
-    RETURN(D(db)->del(D(db), &key, 0));
-#endif
-}
-
-datum
-dbm_fetch (DBM *db, datum dkey)
-{
-    datum dvalue;
-    DBT key, value;
-    DATUM2DBT(&dkey, &key);
-    if(D(db)->get(D(db), 
-#ifdef HAVE_DB3
-	       NULL, 
-#endif
-	       &key, &value, 0) != 0) 
-	dvalue.dptr = NULL;
-    else
-	DBT2DATUM(&value, &dvalue);
-
-    return dvalue;
-}
-
-static datum
-dbm_get (DB *db, int flags)
-{
-    DBT key, value;
-    datum datum;
-#ifdef HAVE_DB3
-    if(cursor == NULL) 
-	db->cursor(db, NULL, &cursor, 0);
-    if(cursor->c_get(cursor, &key, &value, flags) != 0) 
-	datum.dptr = NULL;
-    else 
-	DBT2DATUM(&value, &datum);
-#else
-    db->seq(db, &key, &value, flags);
-#endif
-    return datum;
-}
-
-#ifndef DB_FIRST
-#define DB_FIRST	R_FIRST
-#define DB_NEXT		R_NEXT
-#define DB_NOOVERWRITE	R_NOOVERWRITE
-#define DB_KEYEXIST	1
-#endif
-
-datum
-dbm_firstkey (DBM *db)
-{
-    return dbm_get(D(db), DB_FIRST);
-}
-
-datum 
-dbm_nextkey (DBM *db)
-{
-    return dbm_get(D(db), DB_NEXT);
-}
-
-DBM*
-dbm_open (const char *file, int flags, mode_t mode)
-{
-    DB *db;
-    int myflags = 0;
-    char *fn = malloc(strlen(file) + 4);
-    if(fn == NULL)
-	return NULL;
-    strcpy(fn, file);
-    strcat(fn, ".db");
-#ifdef HAVE_DB3
-    if (flags & O_CREAT)
-	myflags |= DB_CREATE;
-
-    if (flags & O_EXCL)
-	myflags |= DB_EXCL;
-
-    if (flags & O_RDONLY)
-	myflags |= DB_RDONLY;
-
-    if (flags & O_TRUNC)
-	myflags |= DB_TRUNCATE;
-    if(db_create(&db, NULL, 0) != 0) {
-	free(fn);
-	return NULL;
-    }
-    if(db->open(db, fn, NULL, DB_BTREE, myflags, mode) != 0) {
-	free(fn);
-	db->close(db, 0);
-	return NULL;
-    }
-#else
-    db = dbopen(fn, flags, mode, DB_BTREE, NULL);
-#endif
-    free(fn);
-    return (DBM*)db;
-}
-
-int
-dbm_store (DBM *db, datum dkey, datum dvalue, int flags)
-{
-    int ret;
-    DBT key, value;
-    int myflags = 0;
-    if((flags & DBM_REPLACE) == 0)
-	myflags |= DB_NOOVERWRITE;
-    DATUM2DBT(&dkey, &key);
-    DATUM2DBT(&dvalue, &value);    
-    ret = D(db)->put(D(db), 
-#ifdef HAVE_DB3
-		     NULL, 
-#endif
-&key, &value, myflags);
-    if(ret == DB_KEYEXIST)
-	return 1;
-    RETURN(ret);
-}
-
-int
-dbm_error (DBM *db)
-{
-    return 0;
-}
-
-int
-dbm_clearerr (DBM *db)
-{
-    return 0;
-}
-
diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.h b/crypto/heimdal/lib/roken/ndbm_wrap.h
deleted file mode 100644
index 77c88b487739..000000000000
--- a/crypto/heimdal/lib/roken/ndbm_wrap.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: ndbm_wrap.h,v 1.1 2002/04/30 16:37:20 joda Exp $ */
-
-#ifndef __ndbm_wrap_h__
-#define __ndbm_wrap_h__
-
-#include <stdio.h>
-#include <sys/types.h>
-
-#ifndef dbm_rename
-#define dbm_rename(X)	__roken_ ## X
-#endif
-
-#define dbm_open	dbm_rename(dbm_open)
-#define dbm_close	dbm_rename(dbm_close)
-#define dbm_delete	dbm_rename(dbm_delete)
-#define dbm_fetch	dbm_rename(dbm_fetch)
-#define dbm_get		dbm_rename(dbm_get)
-#define dbm_firstkey	dbm_rename(dbm_firstkey)
-#define dbm_nextkey	dbm_rename(dbm_nextkey)
-#define dbm_store	dbm_rename(dbm_store)
-#define dbm_error	dbm_rename(dbm_error)
-#define dbm_clearerr	dbm_rename(dbm_clearerr)
-
-#define datum		dbm_rename(datum)
-
-typedef struct {
-    void *dptr;
-    size_t dsize;
-} datum;
-
-#define DBM_REPLACE 1
-typedef struct DBM DBM;
-
-#if 0
-typedef struct {
-    int dummy;
-} DBM;
-#endif
-
-int dbm_clearerr (DBM*);
-void dbm_close (DBM*);
-int dbm_delete (DBM*, datum);
-int dbm_error (DBM*);
-datum dbm_fetch (DBM*, datum);
-datum dbm_firstkey (DBM*);
-datum dbm_nextkey (DBM*);
-DBM* dbm_open (const char*, int, mode_t);
-int dbm_store (DBM*, datum, datum, int);
-
-#endif /* __ndbm_wrap_h__ */
diff --git a/crypto/heimdal/lib/roken/net_read.c b/crypto/heimdal/lib/roken/net_read.c
deleted file mode 100644
index 6d45bfa5471a..000000000000
--- a/crypto/heimdal/lib/roken/net_read.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: net_read.c,v 1.3 1999/12/02 16:58:51 joda Exp $");
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <roken.h>
-
-/*
- * Like read but never return partial data.
- */
-
-ssize_t
-net_read (int fd, void *buf, size_t nbytes)
-{
-    char *cbuf = (char *)buf;
-    ssize_t count;
-    size_t rem = nbytes;
-
-    while (rem > 0) {
-#ifdef WIN32
-	count = recv (fd, cbuf, rem, 0);
-#else
-	count = read (fd, cbuf, rem);
-#endif
-	if (count < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return count;
-	} else if (count == 0) {
-	    return count;
-	}
-	cbuf += count;
-	rem -= count;
-    }
-    return nbytes;
-}
diff --git a/crypto/heimdal/lib/roken/net_read.lo b/crypto/heimdal/lib/roken/net_read.lo
deleted file mode 100644
index c89ace989f66..000000000000
--- a/crypto/heimdal/lib/roken/net_read.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/net_write.c b/crypto/heimdal/lib/roken/net_write.c
deleted file mode 100644
index 2f63dbeed10e..000000000000
--- a/crypto/heimdal/lib/roken/net_write.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: net_write.c,v 1.4 1999/12/02 16:58:51 joda Exp $");
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <roken.h>
-
-/*
- * Like write but never return partial data.
- */
-
-ssize_t
-net_write (int fd, const void *buf, size_t nbytes)
-{
-    const char *cbuf = (const char *)buf;
-    ssize_t count;
-    size_t rem = nbytes;
-
-    while (rem > 0) {
-#ifdef WIN32
-	count = send (fd, cbuf, rem, 0);
-#else
-	count = write (fd, cbuf, rem);
-#endif
-	if (count < 0) {
-	    if (errno == EINTR)
-		continue;
-	    else
-		return count;
-	}
-	cbuf += count;
-	rem -= count;
-    }
-    return nbytes;
-}
diff --git a/crypto/heimdal/lib/roken/net_write.lo b/crypto/heimdal/lib/roken/net_write.lo
deleted file mode 100644
index baba57ffc4b3..000000000000
--- a/crypto/heimdal/lib/roken/net_write.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/parse_bytes-test.c b/crypto/heimdal/lib/roken/parse_bytes-test.c
deleted file mode 100644
index 6583f227f0c0..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes-test.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_bytes-test.c,v 1.3 2001/09/04 09:56:00 assar Exp $");
-#endif
-
-#include "roken.h"
-#include "parse_bytes.h"
-
-static struct testcase {
-    int canonicalp;
-    int val;
-    const char *def_unit;
-    const char *str;
-} tests[] = {
-    {0, 0, NULL, "0 bytes"},
-    {1, 0, NULL, "0"},
-    {0, 1, NULL, "1"},
-    {1, 1, NULL, "1 byte"},
-    {0, 0, "kilobyte", "0"},
-    {0, 1024, "kilobyte", "1"},
-    {1, 1024, "kilobyte", "1 kilobyte"},
-    {1, 1024 * 1024, NULL, "1 megabyte"},
-    {0, 1025, NULL, "1 kilobyte 1"},
-    {1, 1025, NULL, "1 kilobyte 1 byte"},
-};
-
-int
-main(int argc, char **argv)
-{
-    int i;
-    int ret = 0;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	char buf[256];
-	int val = parse_bytes (tests[i].str, tests[i].def_unit);
-	int len;
-
-	if (val != tests[i].val) {
-	    printf ("parse_bytes (%s, %s) = %d != %d\n",
-		    tests[i].str,
-		    tests[i].def_unit ? tests[i].def_unit : "none",
-		    val, tests[i].val);
-	    ++ret;
-	}
-	if (tests[i].canonicalp) {
-	    len = unparse_bytes (tests[i].val, buf, sizeof(buf));
-	    if (strcmp (tests[i].str, buf) != 0) {
-		printf ("unparse_bytes (%d) = \"%s\" != \"%s\"\n",
-			tests[i].val, buf, tests[i].str);
-		++ret;
-	    }
-	}    
-    }
-    if (ret) {
-	printf ("%d errors\n", ret);
-	return 1;
-    } else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes.c b/crypto/heimdal/lib/roken/parse_bytes.c
deleted file mode 100644
index b556ddc197d5..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_bytes.c,v 1.4 2003/03/07 15:51:53 lha Exp $");
-#endif
-
-#include <parse_units.h>
-#include "parse_bytes.h"
-
-static struct units bytes_units[] = {
-    { "gigabyte", 1024 * 1024 * 1024 },
-    { "gbyte", 1024 * 1024 * 1024 },
-    { "GB", 1024 * 1024 * 1024 },
-    { "megabyte", 1024 * 1024 },
-    { "mbyte", 1024 * 1024 },
-    { "MB", 1024 * 1024 },
-    { "kilobyte", 1024 },
-    { "KB", 1024 },
-    { "byte", 1 },
-    { NULL, 0 }
-};
-
-static struct units bytes_short_units[] = {
-    { "GB", 1024 * 1024 * 1024 },
-    { "MB", 1024 * 1024 },
-    { "KB", 1024 },
-    { NULL, 0 }
-};
-
-int
-parse_bytes (const char *s, const char *def_unit)
-{
-    return parse_units (s, bytes_units, def_unit);
-}
-
-int
-unparse_bytes (int t, char *s, size_t len)
-{
-    return unparse_units (t, bytes_units, s, len);
-}
-
-int
-unparse_bytes_short (int t, char *s, size_t len)
-{
-    return unparse_units_approx (t, bytes_short_units, s, len);
-}
diff --git a/crypto/heimdal/lib/roken/parse_bytes.h b/crypto/heimdal/lib/roken/parse_bytes.h
deleted file mode 100644
index d7e759da5ea0..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_bytes.h,v 1.3 2001/09/04 09:56:00 assar Exp $ */
-
-#ifndef __PARSE_BYTES_H__
-#define __PARSE_BYTES_H__
-
-int
-parse_bytes (const char *s, const char *def_unit);
-
-int
-unparse_bytes (int t, char *s, size_t len);
-
-int
-unparse_bytes_short (int t, char *s, size_t len);
-
-#endif /* __PARSE_BYTES_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_bytes.lo b/crypto/heimdal/lib/roken/parse_bytes.lo
deleted file mode 100644
index 3722d32c1c98..000000000000
--- a/crypto/heimdal/lib/roken/parse_bytes.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/parse_reply-test.c b/crypto/heimdal/lib/roken/parse_reply-test.c
deleted file mode 100644
index 47e12d182e0f..000000000000
--- a/crypto/heimdal/lib/roken/parse_reply-test.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_reply-test.c,v 1.2 2002/09/04 03:25:06 assar Exp $");
-#endif
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <fcntl.h>
-
-#include "roken.h"
-#include "resolve.h"
-
-struct dns_reply*
-parse_reply(const unsigned char *, size_t);
-
-enum { MAX_BUF = 36};
-
-static struct testcase {
-    unsigned char buf[MAX_BUF];
-    size_t buf_len;
-} tests[] = {
-    {{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
-     0x03, 'f', 'o', 'o', 0x00,
-     0x00, 0x10, 0x00, 0x01,
-     0x03, 'f', 'o', 'o', 0x00,
-     0x00, 0x10, 0x00, 0x01,
-      0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36}
-};
-
-#ifndef MAP_FAILED
-#define MAP_FAILED (-1)
-#endif
-
-static sig_atomic_t val = 0;
-
-static RETSIGTYPE
-segv_handler(int sig)
-{
-    val = 1;
-}
-
-int
-main(int argc, char **argv)
-{
-#ifndef HAVE_MMAP
-    return 77;			/* signal to automake that this test
-                                   cannot be run */
-#else /* HAVE_MMAP */
-    int ret;
-    int i;
-    struct sigaction sa;
-
-    sigemptyset (&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = segv_handler;
-    sigaction (SIGSEGV, &sa, NULL);
-
-    for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	const struct testcase *t = &tests[i];
-	unsigned char *p1, *p2;
-	int flags;
-	int fd;
-	size_t pagesize = getpagesize();
-	unsigned char *buf;
-
-#ifdef MAP_ANON
-	flags = MAP_ANON;
-	fd = -1;
-#else
-	flags = 0;
-	fd = open ("/dev/zero", O_RDONLY);
-	if(fd < 0)
-	    err (1, "open /dev/zero");
-#endif
-	flags |= MAP_PRIVATE;
-
-	p1 = (char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE,
-		  flags, fd, 0);
-	if (p1 == (unsigned char *)MAP_FAILED)
-	    err (1, "mmap");
-	p2 = p1 + pagesize;
-	ret = mprotect (p2, pagesize, 0);
-	if (ret < 0)
-	    err (1, "mprotect");
-	buf = p2 - t->buf_len;
-	memcpy (buf, t->buf, t->buf_len);
-	parse_reply (buf, t->buf_len);
-	ret = munmap (p1, 2 * pagesize);
-	if (ret < 0)
-	    err (1, "munmap");
-    }
-    return val;
-#endif /* HAVE_MMAP */
-}
diff --git a/crypto/heimdal/lib/roken/parse_time.c b/crypto/heimdal/lib/roken/parse_time.c
deleted file mode 100644
index deab102fdf40..000000000000
--- a/crypto/heimdal/lib/roken/parse_time.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_time.c,v 1.6 2003/03/07 15:51:06 lha Exp $");
-#endif
-
-#include <parse_units.h>
-#include "parse_time.h"
-
-static struct units time_units[] = {
-    {"year",	365 * 24 * 60 * 60},
-    {"month",	30 * 24 * 60 * 60},
-    {"week",	7 * 24 * 60 * 60},
-    {"day",	24 * 60 * 60},
-    {"hour",	60 * 60},
-    {"h",	60 * 60},
-    {"minute",	60},
-    {"m",	60},
-    {"second",	1},
-    {"s",	1},
-    {NULL, 0},
-};
-
-int
-parse_time (const char *s, const char *def_unit)
-{
-    return parse_units (s, time_units, def_unit);
-}
-
-size_t
-unparse_time (int t, char *s, size_t len)
-{
-    return unparse_units (t, time_units, s, len);
-}
-
-size_t
-unparse_time_approx (int t, char *s, size_t len)
-{
-    return unparse_units_approx (t, time_units, s, len);
-}
-
-void
-print_time_table (FILE *f)
-{
-    print_units_table (time_units, f);
-}
diff --git a/crypto/heimdal/lib/roken/parse_time.h b/crypto/heimdal/lib/roken/parse_time.h
deleted file mode 100644
index 55de505dbba3..000000000000
--- a/crypto/heimdal/lib/roken/parse_time.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_time.h,v 1.4 1999/12/02 16:58:51 joda Exp $ */
-
-#ifndef __PARSE_TIME_H__
-#define __PARSE_TIME_H__
-
-int
-parse_time (const char *s, const char *def_unit);
-
-size_t
-unparse_time (int t, char *s, size_t len);
-
-size_t
-unparse_time_approx (int t, char *s, size_t len);
-
-void
-print_time_table (FILE *f);
-
-#endif /* __PARSE_TIME_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_time.lo b/crypto/heimdal/lib/roken/parse_time.lo
deleted file mode 100644
index aa0e5e0791c2..000000000000
--- a/crypto/heimdal/lib/roken/parse_time.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/parse_units.c b/crypto/heimdal/lib/roken/parse_units.c
deleted file mode 100644
index 217d55ede8a6..000000000000
--- a/crypto/heimdal/lib/roken/parse_units.c
+++ /dev/null
@@ -1,327 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: parse_units.c,v 1.14 2001/09/04 09:56:00 assar Exp $");
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <roken.h>
-#include "parse_units.h"
-
-/*
- * Parse string in `s' according to `units' and return value.
- * def_unit defines the default unit.
- */
-
-static int
-parse_something (const char *s, const struct units *units,
-		 const char *def_unit,
-		 int (*func)(int res, int val, unsigned mult),
-		 int init,
-		 int accept_no_val_p)
-{
-    const char *p;
-    int res = init;
-    unsigned def_mult = 1;
-
-    if (def_unit != NULL) {
-	const struct units *u;
-
-	for (u = units; u->name; ++u) {
-	    if (strcasecmp (u->name, def_unit) == 0) {
-		def_mult = u->mult;
-		break;
-	    }
-	}
-	if (u->name == NULL)
-	    return -1;
-    }
-
-    p = s;
-    while (*p) {
-	double val;
-	char *next;
-	const struct units *u, *partial_unit;
-	size_t u_len;
-	unsigned partial;
-	int no_val_p = 0;
-
-	while(isspace((unsigned char)*p) || *p == ',')
-	    ++p;
-
-	val = strtod (p, &next); /* strtol(p, &next, 0); */
-	if (p == next) {
-	    val = 0;
-	    if(!accept_no_val_p)
-		return -1;
-	    no_val_p = 1;
-	}
-	p = next;
-	while (isspace((unsigned char)*p))
-	    ++p;
-	if (*p == '\0') {
-	    res = (*func)(res, val, def_mult);
-	    if (res < 0)
-		return res;
-	    break;
-	} else if (*p == '+') {
-	    ++p;
-	    val = 1;
-	} else if (*p == '-') {
-	    ++p;
-	    val = -1;
-	}
-	if (no_val_p && val == 0)
-	    val = 1;
-	u_len = strcspn (p, ", \t");
-	partial = 0;
-	partial_unit = NULL;
-	if (u_len > 1 && p[u_len - 1] == 's')
-	    --u_len;
-	for (u = units; u->name; ++u) {
-	    if (strncasecmp (p, u->name, u_len) == 0) {
-		if (u_len == strlen (u->name)) {
-		    p += u_len;
-		    res = (*func)(res, val, u->mult);
-		    if (res < 0)
-			return res;
-		    break;
-		} else {
-		    ++partial;
-		    partial_unit = u;
-		}
-	    }
-	}
-	if (u->name == NULL) {
-	    if (partial == 1) {
-		p += u_len;
-		res = (*func)(res, val, partial_unit->mult);
-		if (res < 0)
-		    return res;
-	    } else {
-		return -1;
-	    }
-	}
-	if (*p == 's')
-	    ++p;
-    }
-    return res;
-}
-
-/*
- * The string consists of a sequence of `n unit'
- */
-
-static int
-acc_units(int res, int val, unsigned mult)
-{
-    return res + val * mult;
-}
-
-int
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit)
-{
-    return parse_something (s, units, def_unit, acc_units, 0, 0);
-}
-
-/*
- * The string consists of a sequence of `[+-]flag'.  `orig' consists
- * the original set of flags, those are then modified and returned as
- * the function value.
- */
-
-static int
-acc_flags(int res, int val, unsigned mult)
-{
-    if(val == 1)
-	return res | mult;
-    else if(val == -1)
-	return res & ~mult;
-    else if (val == 0)
-	return mult;
-    else
-	return -1;
-}
-
-int
-parse_flags (const char *s, const struct units *units,
-	     int orig)
-{
-    return parse_something (s, units, NULL, acc_flags, orig, 1);
-}
-
-/*
- * Return a string representation according to `units' of `num' in `s'
- * with maximum length `len'.  The actual length is the function value.
- */
-
-static int
-unparse_something (int num, const struct units *units, char *s, size_t len,
-		   int (*print) (char *s, size_t len, int div,
-				const char *name, int rem),
-		   int (*update) (int in, unsigned mult),
-		   const char *zero_string)
-{
-    const struct units *u;
-    int ret = 0, tmp;
-
-    if (num == 0)
-	return snprintf (s, len, "%s", zero_string);
-
-    for (u = units; num > 0 && u->name; ++u) {
-	int div;
-
-	div = num / u->mult;
-	if (div) {
-	    num = (*update) (num, u->mult);
-	    tmp = (*print) (s, len, div, u->name, num);
-	    if (tmp < 0)
-		return tmp;
-
-	    len -= tmp;
-	    s += tmp;
-	    ret += tmp;
-	}
-    }
-    return ret;
-}
-
-static int
-print_unit (char *s, size_t len, int div, const char *name, int rem)
-{
-    return snprintf (s, len, "%u %s%s%s",
-		     div, name,
-		     div == 1 ? "" : "s",
-		     rem > 0 ? " " : "");
-}
-
-static int
-update_unit (int in, unsigned mult)
-{
-    return in % mult;
-}
-
-static int
-update_unit_approx (int in, unsigned mult)
-{
-    if (in / mult > 0)
-	return 0;
-    else
-	return update_unit (in, mult);
-}
-
-int
-unparse_units (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_unit,
-			      update_unit,
-			      "0");
-}
-
-int
-unparse_units_approx (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_unit,
-			      update_unit_approx,
-			      "0");
-}
-
-void
-print_units_table (const struct units *units, FILE *f)
-{
-    const struct units *u, *u2;
-    unsigned max_sz = 0;
-
-    for (u = units; u->name; ++u) {
-	max_sz = max(max_sz, strlen(u->name));
-    }
-
-    for (u = units; u->name;) {
-	char buf[1024];
-	const struct units *next;
-
-	for (next = u + 1; next->name && next->mult == u->mult; ++next)
-	    ;
-
-	if (next->name) {
-	    for (u2 = next;
-		 u2->name && u->mult % u2->mult != 0;
-		 ++u2)
-		;
-	    if (u2->name == NULL)
-		--u2;
-	    unparse_units (u->mult, u2, buf, sizeof(buf));
-	    fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
-	} else {
-	    fprintf (f, "1 %s\n", u->name);
-	}
-	u = next;
-    }
-}
-
-static int
-print_flag (char *s, size_t len, int div, const char *name, int rem)
-{
-    return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
-}
-
-static int
-update_flag (int in, unsigned mult)
-{
-    return in - mult;
-}
-
-int
-unparse_flags (int num, const struct units *units, char *s, size_t len)
-{
-    return unparse_something (num, units, s, len,
-			      print_flag,
-			      update_flag,
-			      "");
-}
-
-void
-print_flags_table (const struct units *units, FILE *f)
-{
-    const struct units *u;
-
-    for(u = units; u->name; ++u)
-	fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
-}
diff --git a/crypto/heimdal/lib/roken/parse_units.h b/crypto/heimdal/lib/roken/parse_units.h
deleted file mode 100644
index 200262526740..000000000000
--- a/crypto/heimdal/lib/roken/parse_units.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: parse_units.h,v 1.8 2003/04/16 17:30:54 lha Exp $ */
-
-#ifndef __PARSE_UNITS_H__
-#define __PARSE_UNITS_H__
-
-#include <stdio.h>
-#include <stddef.h>
-
-struct units {
-    const char *name;
-    unsigned mult;
-};
-
-int
-parse_units (const char *s, const struct units *units,
-	     const char *def_unit);
-
-void
-print_units_table (const struct units *units, FILE *f);
-
-int
-parse_flags (const char *s, const struct units *units,
-	     int orig);
-
-int
-unparse_units (int num, const struct units *units, char *s, size_t len);
-
-int
-unparse_units_approx (int num, const struct units *units, char *s,
-		      size_t len);
-
-int
-unparse_flags (int num, const struct units *units, char *s, size_t len);
-
-void
-print_flags_table (const struct units *units, FILE *f);
-
-#endif /* __PARSE_UNITS_H__ */
diff --git a/crypto/heimdal/lib/roken/parse_units.lo b/crypto/heimdal/lib/roken/parse_units.lo
deleted file mode 100644
index e0108577341f..000000000000
--- a/crypto/heimdal/lib/roken/parse_units.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/print_version.c b/crypto/heimdal/lib/roken/print_version.c
deleted file mode 100644
index b5ce816eb604..000000000000
--- a/crypto/heimdal/lib/roken/print_version.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
-    const char *arg[] = VERSIONLIST;
-    const int num_args = sizeof(arg) / sizeof(arg[0]);
-    char *msg;
-    size_t len = 0;
-    int i;
-    
-    if(progname == NULL)
-	progname = getprogname();
-    
-    if(num_args == 0)
-	msg = "no version information";
-    else {
-	for(i = 0; i < num_args; i++) {
-	    if(i > 0)
-		len += 2;
-	    len += strlen(arg[i]);
-	}
-	msg = malloc(len + 1);
-	if(msg == NULL) {
-	    fprintf(stderr, "%s: out of memory\n", progname);
-	    return;
-	}
-	msg[0] = '\0';
-	for(i = 0; i < num_args; i++) {
-	    if(i > 0)
-		strcat(msg, ", ");
-	    strcat(msg, arg[i]);
-	}
-    }
-    fprintf(stderr, "%s (%s)\n", progname, msg);
-    fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan\n");
-    if(num_args != 0)
-	free(msg);
-}
diff --git a/crypto/heimdal/lib/roken/putenv.c b/crypto/heimdal/lib/roken/putenv.c
deleted file mode 100644
index a6bdf6001d62..000000000000
--- a/crypto/heimdal/lib/roken/putenv.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: putenv.c,v 1.7 2000/03/26 23:08:24 assar Exp $");
-#endif
-
-#include <stdlib.h>
-
-extern char **environ;
-
-/*
- * putenv --
- *	String points to a string of the form name=value.
- *
- *      Makes the value of the environment variable name equal to
- *      value by altering an existing variable or creating a new one.
- */
-
-int
-putenv(const char *string)
-{
-    int i;
-    const char *eq = (const char *)strchr(string, '=');
-    int len;
-    
-    if (eq == NULL)
-	return 1;
-    len = eq - string;
-
-    if(environ == NULL) {
-	environ = malloc(sizeof(char*));
-	if(environ == NULL)
-	    return 1;
-	environ[0] = NULL;
-    }
-
-    for(i = 0; environ[i] != NULL; i++)
-	if(strncmp(string, environ[i], len) == 0) {
-	    environ[i] = string;
-	    return 0;
-	}
-    environ = realloc(environ, sizeof(char*) * (i + 2));
-    if(environ == NULL)
-	return 1;
-    environ[i]   = string;
-    environ[i+1] = NULL;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/roken/rcmd.c b/crypto/heimdal/lib/roken/rcmd.c
deleted file mode 100644
index 41179484bce5..000000000000
--- a/crypto/heimdal/lib/roken/rcmd.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: rcmd.c,v 1.3 1999/12/02 16:58:51 joda Exp $");
-#endif
-
-#include "roken.h"
-#include <stdio.h>
-
-int
-rcmd(char **ahost,
-     unsigned short inport,
-     const char *locuser,
-     const char *remuser,
-     const char *cmd,
-     int *fd2p)
-{
-  fprintf(stderr, "Only kerberized services are implemented\n");
-  return -1;
-}
diff --git a/crypto/heimdal/lib/roken/readv.c b/crypto/heimdal/lib/roken/readv.c
deleted file mode 100644
index de2f9ea8af72..000000000000
--- a/crypto/heimdal/lib/roken/readv.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: readv.c,v 1.5 1999/12/02 16:58:52 joda Exp $");
-#endif
-
-#include "roken.h"
-
-ssize_t
-readv(int d, const struct iovec *iov, int iovcnt)
-{
-    ssize_t ret, nb;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-
-    for(i = 0; i < iovcnt; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    nb = ret = read (d, buf, tot);
-    p = buf;
-    while (nb > 0) {
-	ssize_t cnt = min(nb, iov->iov_len);
-
-	memcpy (iov->iov_base, p, cnt);
-	p += cnt;
-	nb -= cnt;
-    }
-    free(buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/recvmsg.c b/crypto/heimdal/lib/roken/recvmsg.c
deleted file mode 100644
index e94ad68c80be..000000000000
--- a/crypto/heimdal/lib/roken/recvmsg.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: recvmsg.c,v 1.5 1999/12/02 16:58:52 joda Exp $");
-#endif
-
-#include "roken.h"
-
-ssize_t
-recvmsg(int s, struct msghdr *msg, int flags)
-{
-    ssize_t ret, nb;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-    struct iovec *iov = msg->msg_iov;
-
-    for(i = 0; i < msg->msg_iovlen; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    nb = ret = recvfrom (s, buf, tot, flags, msg->msg_name, &msg->msg_namelen);
-    p = buf;
-    while (nb > 0) {
-	ssize_t cnt = min(nb, iov->iov_len);
-
-	memcpy (iov->iov_base, p, cnt);
-	p += cnt;
-	nb -= cnt;
-	++iov;
-    }
-    free(buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c
deleted file mode 100644
index cdbc069e36b4..000000000000
--- a/crypto/heimdal/lib/roken/resolve.c
+++ /dev/null
@@ -1,664 +0,0 @@
-/*
- * Copyright (c) 1995 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#include "resolve.h"
-
-#include <assert.h>
-
-RCSID("$Id: resolve.c,v 1.38.2.1 2003/04/22 15:02:47 lha Exp $");
-
-#undef HAVE_RES_NSEARCH
-#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
-
-#define DECL(X) {#X, T_##X}
-
-static struct stot{
-    const char *name;
-    int type;
-}stot[] = {
-    DECL(A),
-    DECL(NS),
-    DECL(CNAME),
-    DECL(SOA),
-    DECL(PTR),
-    DECL(MX),
-    DECL(TXT),
-    DECL(AFSDB),
-    DECL(SIG),
-    DECL(KEY),
-    DECL(SRV),
-    DECL(NAPTR),
-    {NULL, 	0}
-};
-
-int _resolve_debug = 0;
-
-int
-dns_string_to_type(const char *name)
-{
-    struct stot *p = stot;
-    for(p = stot; p->name; p++)
-	if(strcasecmp(name, p->name) == 0)
-	    return p->type;
-    return -1;
-}
-
-const char *
-dns_type_to_string(int type)
-{
-    struct stot *p = stot;
-    for(p = stot; p->name; p++)
-	if(type == p->type)
-	    return p->name;
-    return NULL;
-}
-
-void
-dns_free_data(struct dns_reply *r)
-{
-    struct resource_record *rr;
-    if(r->q.domain)
-	free(r->q.domain);
-    for(rr = r->head; rr;){
-	struct resource_record *tmp = rr;
-	if(rr->domain)
-	    free(rr->domain);
-	if(rr->u.data)
-	    free(rr->u.data);
-	rr = rr->next;
-	free(tmp);
-    }
-    free (r);
-}
-
-static int
-parse_record(const unsigned char *data, const unsigned char *end_data, 
-	     const unsigned char **pp, struct resource_record **rr)
-{
-    int type, class, ttl, size;
-    int status;
-    char host[MAXDNAME];
-    const unsigned char *p = *pp;
-    status = dn_expand(data, end_data, p, host, sizeof(host));
-    if(status < 0) 
-	return -1;
-    if (p + status + 10 > end_data)
-	return -1;
-    p += status;
-    type = (p[0] << 8) | p[1];
-    p += 2;
-    class = (p[0] << 8) | p[1];
-    p += 2;
-    ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-    p += 4;
-    size = (p[0] << 8) | p[1];
-    p += 2;
-
-    if (p + size > end_data)
-	return -1;
-
-    *rr = calloc(1, sizeof(**rr));
-    if(*rr == NULL) 
-	return -1;
-    (*rr)->domain = strdup(host);
-    if((*rr)->domain == NULL) {
-	free(*rr);
-	return -1;
-    }
-    (*rr)->type = type;
-    (*rr)->class = class;
-    (*rr)->ttl = ttl;
-    (*rr)->size = size;
-    switch(type){
-    case T_NS:
-    case T_CNAME:
-    case T_PTR:
-	status = dn_expand(data, end_data, p, host, sizeof(host));
-	if(status < 0) {
-	    free(*rr);
-	    return -1;
-	}
-	(*rr)->u.txt = strdup(host);
-	if((*rr)->u.txt == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-	break;
-    case T_MX:
-    case T_AFSDB:{
-	size_t hostlen;
-
-	status = dn_expand(data, end_data, p + 2, host, sizeof(host));
-	if(status < 0){
-	    free(*rr);
-	    return -1;
-	}
-	if (status + 2 > size) {
-	    free(*rr);
-	    return -1;
-	}
-
-	hostlen = strlen(host);
-	(*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + 
-						hostlen);
-	if((*rr)->u.mx == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-	(*rr)->u.mx->preference = (p[0] << 8) | p[1];
-	strlcpy((*rr)->u.mx->domain, host, hostlen + 1);
-	break;
-    }
-    case T_SRV:{
-	size_t hostlen;
-	status = dn_expand(data, end_data, p + 6, host, sizeof(host));
-	if(status < 0){
-	    free(*rr);
-	    return -1;
-	}
-	if (status + 6 > size) {
-	    free(*rr);
-	    return -1;
-	}
-
-	hostlen = strlen(host);
-	(*rr)->u.srv = 
-	    (struct srv_record*)malloc(sizeof(struct srv_record) + 
-				       hostlen);
-	if((*rr)->u.srv == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-	(*rr)->u.srv->priority = (p[0] << 8) | p[1];
-	(*rr)->u.srv->weight = (p[2] << 8) | p[3];
-	(*rr)->u.srv->port = (p[4] << 8) | p[5];
-	strlcpy((*rr)->u.srv->target, host, hostlen + 1);
-	break;
-    }
-    case T_TXT:{
-	if(size == 0 || size < *p + 1) {
-	    free(*rr);
-	    return -1;
-	}
-	(*rr)->u.txt = (char*)malloc(*p + 1);
-	if((*rr)->u.txt == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-	strncpy((*rr)->u.txt, (char*)p + 1, *p);
-	(*rr)->u.txt[*p] = '\0';
-	break;
-    }
-    case T_KEY : {
-	size_t key_len;
-
-	if (size < 4) {
-	    free(*rr);
-	    return -1;
-	}
-
-	key_len = size - 4;
-	(*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1);
-	if ((*rr)->u.key == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-
-	(*rr)->u.key->flags     = (p[0] << 8) | p[1];
-	(*rr)->u.key->protocol  = p[2];
-	(*rr)->u.key->algorithm = p[3];
-	(*rr)->u.key->key_len   = key_len;
-	memcpy ((*rr)->u.key->key_data, p + 4, key_len);
-	break;
-    }
-    case T_SIG : {
-	size_t sig_len, hostlen;
-
-	if(size <= 18) {
-	    free(*rr);
-	    return -1;
-	}
-	status = dn_expand (data, end_data, p + 18, host, sizeof(host));
-	if (status < 0) {
-	    free(*rr);
-	    return -1;
-	}
-	if (status + 18 > size) {
-	    free(*rr);
-	    return -1;
-	}
-
-	/* the signer name is placed after the sig_data, to make it
-           easy to free this struture; the size calculation below
-           includes the zero-termination if the structure itself.
-	   don't you just love C?
-	*/
-	sig_len = size - 18 - status;
-	hostlen = strlen(host);
-	(*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig)
-			      + hostlen + sig_len);
-	if ((*rr)->u.sig == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-	(*rr)->u.sig->type           = (p[0] << 8) | p[1];
-	(*rr)->u.sig->algorithm      = p[2];
-	(*rr)->u.sig->labels         = p[3];
-	(*rr)->u.sig->orig_ttl       = (p[4] << 24) | (p[5] << 16)
-	    | (p[6] << 8) | p[7];
-	(*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
-	    | (p[10] << 8) | p[11];
-	(*rr)->u.sig->sig_inception  = (p[12] << 24) | (p[13] << 16)
-	    | (p[14] << 8) | p[15];
-	(*rr)->u.sig->key_tag        = (p[16] << 8) | p[17];
-	(*rr)->u.sig->sig_len        = sig_len;
-	memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len);
-	(*rr)->u.sig->signer         = &(*rr)->u.sig->sig_data[sig_len];
-	strlcpy((*rr)->u.sig->signer, host, hostlen + 1);
-	break;
-    }
-
-    case T_CERT : {
-	size_t cert_len;
-
-	if (size < 5) {
-	    free(*rr);
-	    return -1;
-	}
-
-	cert_len = size - 5;
-	(*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1);
-	if ((*rr)->u.cert == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-
-	(*rr)->u.cert->type      = (p[0] << 8) | p[1];
-	(*rr)->u.cert->tag       = (p[2] << 8) | p[3];
-	(*rr)->u.cert->algorithm = p[4];
-	(*rr)->u.cert->cert_len  = cert_len;
-	memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len);
-	break;
-    }
-    default:
-	(*rr)->u.data = (unsigned char*)malloc(size);
-	if(size != 0 && (*rr)->u.data == NULL) {
-	    free(*rr);
-	    return -1;
-	}
-	memcpy((*rr)->u.data, p, size);
-    }
-    *pp = p + size;
-    return 0;
-}
-
-#ifndef TEST_RESOLVE
-static
-#endif
-struct dns_reply*
-parse_reply(const unsigned char *data, size_t len)
-{
-    const unsigned char *p;
-    int status;
-    int i;
-    char host[MAXDNAME];
-    const unsigned char *end_data = data + len;
-    struct dns_reply *r;
-    struct resource_record **rr;
-    
-    r = calloc(1, sizeof(*r));
-    if (r == NULL)
-	return NULL;
-
-    p = data;
-#if 0
-    /* doesn't work on Crays */
-    memcpy(&r->h, p, sizeof(HEADER));
-    p += sizeof(HEADER);
-#else
-    memcpy(&r->h, p, 12); /* XXX this will probably be mostly garbage */
-    p += 12;
-#endif
-    if(ntohs(r->h.qdcount) != 1) {
-	free(r);
-	return NULL;
-    }
-    status = dn_expand(data, end_data, p, host, sizeof(host));
-    if(status < 0){
-	dns_free_data(r);
-	return NULL;
-    }
-    r->q.domain = strdup(host);
-    if(r->q.domain == NULL) {
-	dns_free_data(r);
-	return NULL;
-    }
-    if (p + status + 4 > end_data) {
-	dns_free_data(r);
-	return NULL;
-    }
-    p += status;
-    r->q.type = (p[0] << 8 | p[1]);
-    p += 2;
-    r->q.class = (p[0] << 8 | p[1]);
-    p += 2;
-    
-    rr = &r->head;
-    for(i = 0; i < ntohs(r->h.ancount); i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    for(i = 0; i < ntohs(r->h.nscount); i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    for(i = 0; i < ntohs(r->h.arcount); i++) {
-	if(parse_record(data, end_data, &p, rr) != 0) {
-	    dns_free_data(r);
-	    return NULL;
-	}
-	rr = &(*rr)->next;
-    }
-    *rr = NULL;
-    return r;
-}
-
-static struct dns_reply *
-dns_lookup_int(const char *domain, int rr_class, int rr_type)
-{
-    unsigned char reply[1024];
-    int len;
-#ifdef HAVE_RES_NSEARCH
-    struct __res_state stat;
-    memset(&stat, 0, sizeof(stat));
-    if(res_ninit(&stat))
-	return NULL; /* is this the best we can do? */
-#elif defined(HAVE__RES)
-    u_long old_options = 0;
-#endif
-    
-    if (_resolve_debug) {
-#ifdef HAVE_RES_NSEARCH
-	stat.options |= RES_DEBUG;
-#elif defined(HAVE__RES)
-        old_options = _res.options;
-	_res.options |= RES_DEBUG;
-#endif
-	fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain,
-		rr_class, dns_type_to_string(rr_type));
-    }
-#ifdef HAVE_RES_NSEARCH
-    len = res_nsearch(&stat, domain, rr_class, rr_type, reply, sizeof(reply));
-#else
-    len = res_search(domain, rr_class, rr_type, reply, sizeof(reply));
-#endif
-    if (_resolve_debug) {
-#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH)
-        _res.options = old_options;
-#endif
-	fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
-		domain, rr_class, dns_type_to_string(rr_type), len);
-    }
-#ifdef HAVE_RES_NSEARCH
-    res_nclose(&stat);
-#endif    
-    if(len < 0) {
-	return NULL;
-    } else {
-	len = min(len, sizeof(reply));
-	return parse_reply(reply, len);
-    }
-}
-
-struct dns_reply *
-dns_lookup(const char *domain, const char *type_name)
-{
-    int type;
-    
-    type = dns_string_to_type(type_name);
-    if(type == -1) {
-	if(_resolve_debug)
-	    fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", 
-		    type_name);
-	return NULL;
-    }
-    return dns_lookup_int(domain, C_IN, type);
-}
-
-static int
-compare_srv(const void *a, const void *b)
-{
-    const struct resource_record *const* aa = a, *const* bb = b;
-
-    if((*aa)->u.srv->priority == (*bb)->u.srv->priority)
-	return ((*aa)->u.srv->weight - (*bb)->u.srv->weight);
-    return ((*aa)->u.srv->priority - (*bb)->u.srv->priority);
-}
-
-#ifndef HAVE_RANDOM
-#define random() rand()
-#endif
-
-/* try to rearrange the srv-records by the algorithm in RFC2782 */
-void
-dns_srv_order(struct dns_reply *r)
-{
-    struct resource_record **srvs, **ss, **headp;
-    struct resource_record *rr;
-    int num_srv = 0;
-
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    int state[256 / sizeof(int)];
-    char *oldstate;
-#endif
-
-    for(rr = r->head; rr; rr = rr->next) 
-	if(rr->type == T_SRV)
-	    num_srv++;
-
-    if(num_srv == 0)
-	return;
-
-    srvs = malloc(num_srv * sizeof(*srvs));
-    if(srvs == NULL)
-	return; /* XXX not much to do here */
-    
-    /* unlink all srv-records from the linked list and put them in
-       a vector */
-    for(ss = srvs, headp = &r->head; *headp; )
-	if((*headp)->type == T_SRV) {
-	    *ss = *headp;
-	    *headp = (*headp)->next;
-	    (*ss)->next = NULL;
-	    ss++;
-	} else
-	    headp = &(*headp)->next;
-    
-    /* sort them by priority and weight */
-    qsort(srvs, num_srv, sizeof(*srvs), compare_srv);
-
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    oldstate = initstate(time(NULL), (char*)state, sizeof(state));
-#endif
-
-    headp = &r->head;
-    
-    for(ss = srvs; ss < srvs + num_srv; ) {
-	int sum, rnd, count;
-	struct resource_record **ee, **tt;
-	/* find the last record with the same priority and count the
-           sum of all weights */
-	for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) {
-	    if(*tt == NULL)
-		continue;
-	    if((*tt)->u.srv->priority != (*ss)->u.srv->priority)
-		break;
-	    sum += (*tt)->u.srv->weight;
-	}
-	ee = tt;
-	/* ss is now the first record of this priority and ee is the
-           first of the next */
-	while(ss < ee) {
-	    rnd = random() % (sum + 1);
-	    for(count = 0, tt = ss; ; tt++) {
-		if(*tt == NULL)
-		    continue;
-		count += (*tt)->u.srv->weight;
-		if(count >= rnd)
-		    break;
-	    }
-
-	    assert(tt < ee);
-
-	    /* insert the selected record at the tail (of the head) of
-               the list */
-	    (*tt)->next = *headp;
-	    *headp = *tt;
-	    headp = &(*tt)->next;
-	    sum -= (*tt)->u.srv->weight;
-	    *tt = NULL;
-	    while(ss < ee && *ss == NULL)
-		ss++;
-	}
-    }
-    
-#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
-    setstate(oldstate);
-#endif
-    free(srvs);
-    return;
-}
-
-#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
-
-struct dns_reply *
-dns_lookup(const char *domain, const char *type_name)
-{
-    return NULL;
-}
-
-void
-dns_free_data(struct dns_reply *r)
-{
-}
-
-void
-dns_srv_order(struct dns_reply *r)
-{
-}
-
-#endif
-
-#ifdef TEST
-int 
-main(int argc, char **argv)
-{
-    struct dns_reply *r;
-    struct resource_record *rr;
-    r = dns_lookup(argv[1], argv[2]);
-    if(r == NULL){
-	printf("No reply.\n");
-	return 1;
-    }
-    if(r->q.type == T_SRV)
-	dns_srv_order(r);
-
-    for(rr = r->head; rr;rr=rr->next){
-	printf("%-30s %-5s %-6d ", rr->domain, dns_type_to_string(rr->type), rr->ttl);
-	switch(rr->type){
-	case T_NS:
-	case T_CNAME:
-	case T_PTR:
-	    printf("%s\n", (char*)rr->u.data);
-	    break;
-	case T_A:
-	    printf("%s\n", inet_ntoa(*rr->u.a));
-	    break;
-	case T_MX:
-	case T_AFSDB:{
-	    printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain);
-	    break;
-	}
-	case T_SRV:{
-	    struct srv_record *srv = rr->u.srv;
-	    printf("%d %d %d %s\n", srv->priority, srv->weight, 
-		   srv->port, srv->target);
-	    break;
-	}
-	case T_TXT: {
-	    printf("%s\n", rr->u.txt);
-	    break;
-	}
-	case T_SIG : {
-	    struct sig_record *sig = rr->u.sig;
-	    const char *type_string = dns_type_to_string (sig->type);
-
-	    printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n",
-		    sig->type, type_string ? type_string : "",
-		    sig->algorithm, sig->labels, sig->orig_ttl,
-		    sig->sig_expiration, sig->sig_inception, sig->key_tag,
-		    sig->signer);
-	    break;
-	}
-	case T_KEY : {
-	    struct key_record *key = rr->u.key;
-
-	    printf ("flags %u, protocol %u, algorithm %u\n",
-		    key->flags, key->protocol, key->algorithm);
-	    break;
-	}
-	default:
-	    printf("\n");
-	    break;
-	}
-    }
-    
-    return 0;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/resolve.h b/crypto/heimdal/lib/roken/resolve.h
deleted file mode 100644
index cb25b7ab44e9..000000000000
--- a/crypto/heimdal/lib/roken/resolve.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: resolve.h,v 1.15 2002/08/26 13:30:16 assar Exp $ */
-
-#ifndef __RESOLVE_H__
-#define __RESOLVE_H__
-
-/* We use these, but they are not always present in <arpa/nameser.h> */
-
-#ifndef T_TXT
-#define T_TXT		16
-#endif
-#ifndef T_AFSDB
-#define T_AFSDB		18
-#endif
-#ifndef T_SIG
-#define T_SIG		24
-#endif
-#ifndef T_KEY
-#define T_KEY		25
-#endif
-#ifndef T_AAAA
-#define T_AAAA		28
-#endif
-#ifndef T_SRV
-#define T_SRV		33
-#endif
-#ifndef T_NAPTR
-#define T_NAPTR		35
-#endif
-#ifndef T_CERT
-#define T_CERT		37
-#endif
-
-#define dns_query		rk_dns_query
-#define mx_record		rk_mx_record
-#define srv_record		rk_srv_record
-#define key_record		rk_key_record
-#define sig_record		rk_sig_record
-#define cert_record		rk_cert_record
-#define resource_record		rk_resource_record
-#define dns_reply		rk_dns_reply
-
-#define dns_lookup		rk_dns_lookup
-#define dns_free_data		rk_dns_free_data
-#define dns_string_to_type	rk_dns_string_to_type
-#define dns_type_to_string	rk_dns_type_to_string
-#define dns_srv_order		rk_dns_srv_order
-
-struct dns_query{
-    char *domain;
-    unsigned type;
-    unsigned class;
-};
-
-struct mx_record{
-    unsigned  preference;
-    char domain[1];
-};
-
-struct srv_record{
-    unsigned priority;
-    unsigned weight;
-    unsigned port;
-    char target[1];
-};
-
-struct key_record {
-    unsigned flags;
-    unsigned protocol;
-    unsigned algorithm;
-    size_t   key_len;
-    u_char   key_data[1];
-};
-
-struct sig_record {
-    unsigned type;
-    unsigned algorithm;
-    unsigned labels;
-    unsigned orig_ttl;
-    unsigned sig_expiration;
-    unsigned sig_inception;
-    unsigned key_tag;
-    char     *signer;
-    unsigned sig_len;
-    char     sig_data[1];	/* also includes signer */
-};
-
-struct cert_record {
-    unsigned type;
-    unsigned tag;
-    unsigned algorithm;
-    size_t   cert_len;
-    u_char   cert_data[1];
-};
-
-struct resource_record{
-    char *domain;
-    unsigned type;
-    unsigned class;
-    unsigned ttl;
-    unsigned size;
-    union {
-	void *data;
-	struct mx_record *mx;
-	struct mx_record *afsdb; /* mx and afsdb are identical */
-	struct srv_record *srv;
-	struct in_addr *a;
-	char *txt;
-	struct key_record *key;
-	struct cert_record *cert;
-	struct sig_record *sig;
-    }u;
-    struct resource_record *next;
-};
-
-#ifndef T_A /* XXX if <arpa/nameser.h> isn't included */
-typedef int HEADER; /* will never be used */
-#endif
-
-struct dns_reply{
-    HEADER h;
-    struct dns_query q;
-    struct resource_record *head;
-};
-
-
-struct dns_reply* dns_lookup(const char *, const char *);
-void dns_free_data(struct dns_reply *);
-int dns_string_to_type(const char *name);
-const char *dns_type_to_string(int type);
-void dns_srv_order(struct dns_reply*);
-
-#endif /* __RESOLVE_H__ */
diff --git a/crypto/heimdal/lib/roken/resolve.lo b/crypto/heimdal/lib/roken/resolve.lo
deleted file mode 100644
index 3a8b01a3fbb9..000000000000
--- a/crypto/heimdal/lib/roken/resolve.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/resource.h b/crypto/heimdal/lib/roken/resource.h
deleted file mode 100644
index 01cd01d76c8c..000000000000
--- a/crypto/heimdal/lib/roken/resource.h
+++ /dev/null
@@ -1,15 +0,0 @@
-//{{NO_DEPENDENCIES}}
-// Microsoft Developer Studio generated include file.
-// Used by roken.rc
-//
-
-// Next default values for new objects
-// 
-#ifdef APSTUDIO_INVOKED
-#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        101
-#define _APS_NEXT_COMMAND_VALUE         40001
-#define _APS_NEXT_CONTROL_VALUE         1000
-#define _APS_NEXT_SYMED_VALUE           101
-#endif
-#endif
diff --git a/crypto/heimdal/lib/roken/roken-common.h b/crypto/heimdal/lib/roken/roken-common.h
deleted file mode 100644
index 6e29be8c0511..000000000000
--- a/crypto/heimdal/lib/roken/roken-common.h
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken-common.h,v 1.51 2002/09/09 13:41:12 joda Exp $ */
-
-#ifndef __ROKEN_COMMON_H__
-#define __ROKEN_COMMON_H__
-
-#ifdef __cplusplus
-#define ROKEN_CPP_START	extern "C" {
-#define ROKEN_CPP_END	}
-#else
-#define ROKEN_CPP_START
-#define ROKEN_CPP_END
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff
-#endif
-
-#ifndef INADDR_LOOPBACK
-#define INADDR_LOOPBACK 0x7f000001
-#endif
-
-#ifndef SOMAXCONN
-#define SOMAXCONN 5
-#endif
-
-#ifndef STDIN_FILENO
-#define STDIN_FILENO 0
-#endif
-
-#ifndef STDOUT_FILENO
-#define STDOUT_FILENO 1
-#endif
-
-#ifndef STDERR_FILENO
-#define STDERR_FILENO 2
-#endif
-
-#ifndef max
-#define max(a,b) (((a)>(b))?(a):(b))
-#endif
-
-#ifndef min
-#define min(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef TRUE
-#define TRUE 1
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef LOG_DAEMON
-#define openlog(id,option,facility) openlog((id),(option))
-#define	LOG_DAEMON	0
-#endif
-#ifndef LOG_ODELAY
-#define LOG_ODELAY 0
-#endif
-#ifndef LOG_NDELAY
-#define LOG_NDELAY 0x08
-#endif
-#ifndef LOG_CONS
-#define LOG_CONS 0
-#endif
-#ifndef LOG_AUTH
-#define LOG_AUTH 0
-#endif
-#ifndef LOG_AUTHPRIV
-#define LOG_AUTHPRIV LOG_AUTH
-#endif
-
-#ifndef F_OK
-#define F_OK 0
-#endif
-
-#ifndef O_ACCMODE
-#define O_ACCMODE	003
-#endif
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif
-
-#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
-#endif
-
-#ifndef _PATH_HEQUIV
-#define _PATH_HEQUIV "/etc/hosts.equiv"
-#endif
-
-#ifndef _PATH_VARRUN
-#define _PATH_VARRUN "/var/run/"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN (1024+4)
-#endif
-
-#ifndef SIG_ERR
-#define SIG_ERR ((RETSIGTYPE (*)(int))-1)
-#endif
-
-/*
- * error code for getipnodeby{name,addr}
- */
-
-#ifndef HOST_NOT_FOUND
-#define HOST_NOT_FOUND 1
-#endif
-
-#ifndef TRY_AGAIN
-#define TRY_AGAIN 2
-#endif
-
-#ifndef NO_RECOVERY
-#define NO_RECOVERY 3
-#endif
-
-#ifndef NO_DATA
-#define NO_DATA 4
-#endif
-
-#ifndef NO_ADDRESS
-#define NO_ADDRESS NO_DATA
-#endif
-
-/*
- * error code for getaddrinfo
- */
-
-#ifndef EAI_NOERROR
-#define EAI_NOERROR	0	/* no error */
-#endif
-
-#ifndef EAI_ADDRFAMILY
-
-#define EAI_ADDRFAMILY	1	/* address family for nodename not supported */
-#define EAI_AGAIN	2	/* temporary failure in name resolution */
-#define EAI_BADFLAGS	3	/* invalid value for ai_flags */
-#define EAI_FAIL	4	/* non-recoverable failure in name resolution */
-#define EAI_FAMILY	5	/* ai_family not supported */
-#define EAI_MEMORY	6	/* memory allocation failure */
-#define EAI_NODATA	7	/* no address associated with nodename */
-#define EAI_NONAME	8	/* nodename nor servname provided, or not known */
-#define EAI_SERVICE	9	/* servname not supported for ai_socktype */
-#define EAI_SOCKTYPE   10	/* ai_socktype not supported */
-#define EAI_SYSTEM     11	/* system error returned in errno */
-
-#endif /* EAI_ADDRFAMILY */
-
-/* flags for getaddrinfo() */
-
-#ifndef AI_PASSIVE
-#define AI_PASSIVE	0x01
-#define AI_CANONNAME	0x02
-#endif /* AI_PASSIVE */
-
-#ifndef AI_NUMERICHOST
-#define AI_NUMERICHOST	0x04
-#endif
-
-/* flags for getnameinfo() */
-
-#ifndef NI_DGRAM
-#define NI_DGRAM	0x01
-#define NI_NAMEREQD	0x02
-#define NI_NOFQDN	0x04
-#define NI_NUMERICHOST	0x08
-#define NI_NUMERICSERV	0x10
-#endif
-
-/*
- * constants for getnameinfo
- */
-
-#ifndef NI_MAXHOST
-#define NI_MAXHOST  1025
-#define NI_MAXSERV    32
-#endif
-
-/*
- * constants for inet_ntop
- */
-
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN    16
-#endif
-
-#ifndef INET6_ADDRSTRLEN
-#define INET6_ADDRSTRLEN   46
-#endif
-
-/*
- * for shutdown(2)
- */
-
-#ifndef SHUT_RD
-#define SHUT_RD 0
-#endif
-
-#ifndef SHUT_WR
-#define SHUT_WR 1
-#endif
-
-#ifndef SHUT_RDWR
-#define SHUT_RDWR 2
-#endif
-
-#ifndef HAVE___ATTRIBUTE__
-#define __attribute__(x)
-#endif
-
-ROKEN_CPP_START
-
-#ifndef IRIX4 /* fix for compiler bug */
-#ifdef RETSIGTYPE
-typedef RETSIGTYPE (*SigAction)(int);
-SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
-#endif
-#endif
-
-int ROKEN_LIB_FUNCTION simple_execve(const char*, char*const[], char*const[]);
-int ROKEN_LIB_FUNCTION simple_execvp(const char*, char *const[]);
-int ROKEN_LIB_FUNCTION simple_execlp(const char*, ...);
-int ROKEN_LIB_FUNCTION simple_execle(const char*, ...);
-int ROKEN_LIB_FUNCTION simple_execl(const char *file, ...);
-
-int ROKEN_LIB_FUNCTION wait_for_process(pid_t);
-int ROKEN_LIB_FUNCTION pipe_execv(FILE**, FILE**, FILE**, const char*, ...);
-
-void ROKEN_LIB_FUNCTION print_version(const char *);
-
-ssize_t ROKEN_LIB_FUNCTION eread (int fd, void *buf, size_t nbytes);
-ssize_t ROKEN_LIB_FUNCTION ewrite (int fd, const void *buf, size_t nbytes);
-
-struct hostent;
-
-const char *
-hostent_find_fqdn (const struct hostent *he);
-
-void
-esetenv(const char *var, const char *val, int rewrite);
-
-void
-socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port);
-
-size_t
-socket_addr_size (const struct sockaddr *sa);
-
-void
-socket_set_any (struct sockaddr *sa, int af);
-
-size_t
-socket_sockaddr_size (const struct sockaddr *sa);
-
-void *
-socket_get_address (struct sockaddr *sa);
-
-int
-socket_get_port (const struct sockaddr *sa);
-
-void
-socket_set_port (struct sockaddr *sa, int port);
-
-void
-socket_set_portrange (int sock, int restr, int af);
-
-void
-socket_set_debug (int sock);
-
-void
-socket_set_tos (int sock, int tos);
-
-void
-socket_set_reuseaddr (int sock, int val);
-
-char **
-vstrcollect(va_list *ap);
-
-char **
-strcollect(char *first, ...);
-
-void timevalfix(struct timeval *t1);
-void timevaladd(struct timeval *t1, const struct timeval *t2);
-void timevalsub(struct timeval *t1, const struct timeval *t2);
-
-char *pid_file_write (const char *progname);
-void pid_file_delete (char **);
-
-int
-read_environment(const char *file, char ***env);
-
-void warnerr(int doerrno, const char *fmt, va_list ap)
-    __attribute__ ((format (printf, 2, 0)));
-
-ROKEN_CPP_END
-
-#endif /* __ROKEN_COMMON_H__ */
diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk
deleted file mode 100644
index 1c1e0c071ef9..000000000000
--- a/crypto/heimdal/lib/roken/roken.awk
+++ /dev/null
@@ -1,40 +0,0 @@
-# $Id: roken.awk,v 1.9 2003/03/04 10:37:26 lha Exp $
-
-BEGIN {
-	print "#ifdef HAVE_CONFIG_H"
-	print "#include <config.h>"
-	print "#endif"
-	print "#include <stdio.h>"
-	print ""
-	print "int main(int argc, char **argv)"
-	print "{"
-	    print "puts(\"/* This is an OS dependent, generated file */\");"
-	print "puts(\"\\n\");"
-	print "puts(\"#ifndef __ROKEN_H__\");"
-	print "puts(\"#define __ROKEN_H__\");"
-	print "puts(\"\");"
-}
-
-$1 == "\#ifdef" || $1 == "\#ifndef" || $1 == "\#if" || $1 == "\#else" || $1 == "\#elif" || $1 == "\#endif" || $1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#elif" || $1 == "#endif" {
-	print $0;
-	next
-}
-
-{
-	s = ""
-	for(i = 1; i <= length; i++){
-		x = substr($0, i, 1)
-		if(x == "\"" || x == "\\")
-			s = s "\\";
-		s = s x;
-	}
-	print "puts(\"" s "\");"
-}
-
-END {
-	print "puts(\"#define ROKEN_VERSION \" VERSION );"
-	print "puts(\"\");"
-	print "puts(\"#endif /* __ROKEN_H__ */\");"
-	print "return 0;"
-	print "}"
-}
diff --git a/crypto/heimdal/lib/roken/roken.def b/crypto/heimdal/lib/roken/roken.def
deleted file mode 100644
index f9b0369dd1dd..000000000000
--- a/crypto/heimdal/lib/roken/roken.def
+++ /dev/null
@@ -1,17 +0,0 @@
-LIBRARY roken BASE=0x68f0000
-EXPORTS
-	gettimeofday
-	strcasecmp
-	strtok_r
-	snprintf
-	asprintf
-	vsnprintf
-	base64_decode
-	base64_encode
-	roken_concat
-	roken_vconcat
-	roken_vmconcat
-	roken_mconcat
-	getuid
-	dns_free_data
-	dns_lookup
diff --git a/crypto/heimdal/lib/roken/roken.dsp b/crypto/heimdal/lib/roken/roken.dsp
deleted file mode 100644
index d84854e3d30d..000000000000
--- a/crypto/heimdal/lib/roken/roken.dsp
+++ /dev/null
@@ -1,156 +0,0 @@
-# Microsoft Developer Studio Project File - Name="roken" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 5.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
-
-CFG=roken - Win32 Release
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "roken.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "roken - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir ".\Release"
-# PROP BASE Intermediate_Dir ".\Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir ".\Release"
-# PROP Intermediate_Dir ".\Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c
-# ADD CPP /nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
-# ADD BASE MTL /nologo /D "NDEBUG" /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /base:"0x68e7780" /subsystem:windows /dll /machine:I386
-
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir ".\Debug"
-# PROP BASE Intermediate_Dir ".\Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir ".\Debug"
-# PROP Intermediate_Dir ".\Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c
-# ADD CPP /nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c
-# ADD BASE MTL /nologo /D "_DEBUG" /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386 /def:".\roken.def"
-# SUBTRACT LINK32 /pdb:none
-
-!ENDIF 
-
-# Begin Target
-
-# Name "roken - Win32 Release"
-# Name "roken - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
-# Begin Source File
-
-SOURCE=.\base64.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\concat.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\gettimeofday.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\getuid.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\resolve.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\roken.def
-
-!IF  "$(CFG)" == "roken - Win32 Release"
-
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
-
-# PROP Exclude_From_Build 1
-
-!ENDIF 
-
-# End Source File
-# Begin Source File
-
-SOURCE=.\snprintf.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\strcasecmp.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\strtok_r.c
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd"
-# Begin Source File
-
-SOURCE=.\resolve.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
-# Begin Source File
-
-SOURCE=.\roken.rc
-# End Source File
-# End Group
-# End Target
-# End Project
diff --git a/crypto/heimdal/lib/roken/roken.h b/crypto/heimdal/lib/roken/roken.h
deleted file mode 100644
index 4be5be54f06b..000000000000
--- a/crypto/heimdal/lib/roken/roken.h
+++ /dev/null
@@ -1,244 +0,0 @@
-/* This is an OS dependent, generated file */
-
-
-#ifndef __ROKEN_H__
-#define __ROKEN_H__
-
-/* -*- C -*- */
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken.h.in,v 1.169 2002/08/26 21:43:38 assar Exp $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <signal.h>
-
-#include <sys/param.h>
-#include <inttypes.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/uio.h>
-#include <grp.h>
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#include <syslog.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <err.h>
-#include <termios.h>
-#include <sys/ioctl.h>
-#include <sys/time.h>
-#include <time.h>
-
-#include <paths.h>
-
-
-#define ROKEN_LIB_FUNCTION
-
-
-#include <roken-common.h>
-
-ROKEN_CPP_START
-
-
-
-
-
-
-
-
-
-
-int asnprintf (char **ret, size_t max_sz, const char *format, ...)
-     __attribute__ ((format (printf, 3, 4)));
-
-int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
-     __attribute__((format (printf, 3, 0)));
-
-
-char * strndup(const char *old, size_t sz);
-
-char * strlwr(char *);
-
-size_t strnlen(const char*, size_t);
-
-
-ssize_t strsep_copy(const char**, const char*, char*, size_t);
-
-
-
-
-char * strupr(char *);
-
-
-
-
-
-
-
-
-
-
-
-#include <pwd.h>
-struct passwd *k_getpwnam (const char *user);
-struct passwd *k_getpwuid (uid_t uid);
-
-const char *get_default_username (void);
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-void pidfile (const char*);
-
-unsigned int bswap32(unsigned int);
-
-unsigned short bswap16(unsigned short);
-
-
-time_t tm2time (struct tm tm, int local);
-
-int unix_verify_user(char *user, char *password);
-
-int roken_concat (char *s, size_t len, ...);
-
-size_t roken_mconcat (char **s, size_t max_len, ...);
-
-int roken_vconcat (char *s, size_t len, va_list args);
-
-size_t roken_vmconcat (char **s, size_t max_len, va_list args);
-
-ssize_t net_write (int fd, const void *buf, size_t nbytes);
-
-ssize_t net_read (int fd, void *buf, size_t nbytes);
-
-int issuid(void);
-
-
-int get_window_size(int fd, struct winsize *);
-
-
-
-extern const char *__progname;
-
-extern char **environ;
-
-
-
-
-struct hostent *
-copyhostent (const struct hostent *h);
-
-
-
-
-
-
-
-
-int
-getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
-		     char *host, size_t hostlen,
-		     char *serv, size_t servlen,
-		     int flags);
-
-int roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); 
-int roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
-
-
-
-void *emalloc (size_t);
-void *ecalloc(size_t num, size_t sz);
-void *erealloc (void *, size_t);
-char *estrdup (const char *);
-
-/*
- * kludges and such
- */
-
-int roken_gethostby_setup(const char*, const char*);
-struct hostent* roken_gethostbyname(const char*);
-struct hostent* roken_gethostbyaddr(const void*, size_t, int);
-
-#define roken_getservbyname(x,y) getservbyname(x,y)
-
-#define roken_openlog(a,b,c) openlog(a,b,c)
-
-#define roken_getsockname(a,b,c) getsockname(a,b,c)
-
-
-
-void mini_inetd_addrinfo (struct addrinfo*);
-void mini_inetd (int port);
-
-void set_progname(char *argv0);
-const char *get_progname(void);
-
-
-int
-strsvis(char *dst, const char *src, int flag, const char *extra);
-
-
-
-
-char *
-svis(char *dst, int c, int flag, int nextc, const char *extra);
-
-
-
-ROKEN_CPP_END
-#define ROKEN_VERSION 0.4f
-
-#endif /* __ROKEN_H__ */
diff --git a/crypto/heimdal/lib/roken/roken.h.in b/crypto/heimdal/lib/roken/roken.h.in
deleted file mode 100644
index 16fc6d844f54..000000000000
--- a/crypto/heimdal/lib/roken/roken.h.in
+++ /dev/null
@@ -1,682 +0,0 @@
-/* -*- C -*- */
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: roken.h.in,v 1.169 2002/08/26 21:43:38 assar Exp $ */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <signal.h>
-
-#ifdef _AIX
-struct ether_addr;
-struct sockaddr_dl;
-#endif
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_BITYPES_H
-#include <sys/bitypes.h>
-#endif
-#ifdef HAVE_BIND_BITYPES_H
-#include <bind/bitypes.h>
-#endif
-#ifdef HAVE_NETINET_IN6_MACHTYPES_H
-#include <netinet/in6_machtypes.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#include <sys/uio.h>
-#endif
-#ifdef HAVE_GRP_H
-#include <grp.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_NETINET6_IN6_H
-#include <netinet6/in6.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#ifdef HAVE_RESOLV_H
-#include <resolv.h>
-#endif
-#ifdef HAVE_SYSLOG_H
-#include <syslog.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif
-#ifdef HAVE_ERR_H
-#include <err.h>
-#endif
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#endif
-#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
-#include <sys/ioctl.h>
-#endif
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-
-#ifndef ROKEN_LIB_FUNCTION
-#if defined(__BORLANDC__)
-#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet */
-#elif defined(_MSC_VER)
-#define ROKEN_LIB_FUNCTION /* not-ready-definition-yet2 */
-#else
-#define ROKEN_LIB_FUNCTION
-#endif
-#endif
-
-#ifndef HAVE_SSIZE_T
-typedef int ssize_t;
-#endif
-
-#include <roken-common.h>
-
-ROKEN_CPP_START
-
-#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
-#define setsid _setsid
-#endif
-
-#ifndef HAVE_PUTENV
-int putenv(const char *string);
-#endif
-
-#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
-int setenv(const char *var, const char *val, int rewrite);
-#endif
-
-#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
-void unsetenv(const char *name);
-#endif
-
-#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
-char *getusershell(void);
-void endusershell(void);
-#endif
-
-#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
-int snprintf (char *str, size_t sz, const char *format, ...)
-     __attribute__ ((format (printf, 3, 4)));
-#endif
-
-#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
-int vsnprintf (char *str, size_t sz, const char *format, va_list ap)
-     __attribute__((format (printf, 3, 0)));
-#endif
-
-#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
-int asprintf (char **ret, const char *format, ...)
-     __attribute__ ((format (printf, 2, 3)));
-#endif
-
-#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
-int vasprintf (char **ret, const char *format, va_list ap)
-     __attribute__((format (printf, 2, 0)));
-#endif
-
-#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
-int asnprintf (char **ret, size_t max_sz, const char *format, ...)
-     __attribute__ ((format (printf, 3, 4)));
-#endif
-
-#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
-int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap)
-     __attribute__((format (printf, 3, 0)));
-#endif
-
-#ifndef HAVE_STRDUP
-char * strdup(const char *old);
-#endif
-
-#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO)
-char * strndup(const char *old, size_t sz);
-#endif
-
-#ifndef HAVE_STRLWR
-char * strlwr(char *);
-#endif
-
-#ifndef HAVE_STRNLEN
-size_t strnlen(const char*, size_t);
-#endif
-
-#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
-char *strsep(char**, const char*);
-#endif
-
-#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO)
-ssize_t strsep_copy(const char**, const char*, char*, size_t);
-#endif
-
-#ifndef HAVE_STRCASECMP
-int strcasecmp(const char *s1, const char *s2);
-#endif
-
-#ifdef NEED_FCLOSE_PROTO
-int fclose(FILE *);
-#endif
-
-#ifdef NEED_STRTOK_R_PROTO
-char *strtok_r(char *s1, const char *s2, char **lasts);
-#endif
-
-#ifndef HAVE_STRUPR
-char * strupr(char *);
-#endif
-
-#ifndef HAVE_STRLCPY
-size_t strlcpy (char *dst, const char *src, size_t dst_sz);
-#endif
-
-#ifndef HAVE_STRLCAT
-size_t strlcat (char *dst, const char *src, size_t dst_sz);
-#endif
-
-#ifndef HAVE_GETDTABLESIZE
-int getdtablesize(void);
-#endif
-
-#if !defined(HAVE_STRERROR) && !defined(strerror)
-char *strerror(int eno);
-#endif
-
-#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
-/* This causes a fatal error under Psoriasis */
-#if !(defined(SunOS) && (SunOS >= 50))
-const char *hstrerror(int herr);
-#endif
-#endif
-
-#ifndef HAVE_H_ERRNO_DECLARATION
-extern int h_errno;
-#endif
-
-#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
-int inet_aton(const char *cp, struct in_addr *adr);
-#endif
-
-#ifndef HAVE_INET_NTOP
-const char *
-inet_ntop(int af, const void *src, char *dst, size_t size);
-#endif
-
-#ifndef HAVE_INET_PTON
-int
-inet_pton(int af, const char *src, void *dst);
-#endif
-
-#if !defined(HAVE_GETCWD)
-char* getcwd(char *path, size_t size);
-#endif
-
-#ifdef HAVE_PWD_H
-#include <pwd.h>
-struct passwd *k_getpwnam (const char *user);
-struct passwd *k_getpwuid (uid_t uid);
-#endif
-
-const char *get_default_username (void);
-
-#ifndef HAVE_SETEUID
-int seteuid(uid_t euid);
-#endif
-
-#ifndef HAVE_SETEGID
-int setegid(gid_t egid);
-#endif
-
-#ifndef HAVE_LSTAT
-int lstat(const char *path, struct stat *buf);
-#endif
-
-#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
-int mkstemp(char *);
-#endif
-
-#ifndef HAVE_CGETENT
-int cgetent(char **buf, char **db_array, const char *name);
-int cgetstr(char *buf, const char *cap, char **str);
-#endif
-
-#ifndef HAVE_INITGROUPS
-int initgroups(const char *name, gid_t basegid);
-#endif
-
-#ifndef HAVE_FCHOWN
-int fchown(int fd, uid_t owner, gid_t group);
-#endif
-
-#ifndef HAVE_DAEMON
-int daemon(int nochdir, int noclose);
-#endif
-
-#ifndef HAVE_INNETGR
-int innetgr(const char *netgroup, const char *machine, 
-	    const char *user, const char *domain);
-#endif
-
-#ifndef HAVE_CHOWN
-int chown(const char *path, uid_t owner, gid_t group);
-#endif
-
-#ifndef HAVE_RCMD
-int rcmd(char **ahost, unsigned short inport, const char *locuser,
-	 const char *remuser, const char *cmd, int *fd2p);
-#endif
-
-#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
-int innetgr(const char*, const char*, const char*, const char*);
-#endif
-
-#ifndef HAVE_IRUSEROK
-int iruserok(unsigned raddr, int superuser, const char *ruser,
-	     const char *luser);
-#endif
-
-#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
-int gethostname(char *name, int namelen);
-#endif
-
-#ifndef HAVE_WRITEV
-ssize_t
-writev(int d, const struct iovec *iov, int iovcnt);
-#endif
-
-#ifndef HAVE_READV
-ssize_t
-readv(int d, const struct iovec *iov, int iovcnt);
-#endif
-
-#ifndef HAVE_MKSTEMP
-int
-mkstemp(char *template);
-#endif
-
-#ifndef HAVE_PIDFILE
-void pidfile (const char*);
-#endif
-
-#ifndef HAVE_BSWAP32
-unsigned int bswap32(unsigned int);
-#endif
-
-#ifndef HAVE_BSWAP16
-unsigned short bswap16(unsigned short);
-#endif
-
-#ifndef HAVE_FLOCK
-#ifndef LOCK_SH
-#define LOCK_SH   1		/* Shared lock */
-#endif
-#ifndef	LOCK_EX
-#define LOCK_EX   2		/* Exclusive lock */
-#endif
-#ifndef LOCK_NB
-#define LOCK_NB   4		/* Don't block when locking */
-#endif
-#ifndef LOCK_UN
-#define LOCK_UN   8		/* Unlock */
-#endif
-
-int flock(int fd, int operation);
-#endif /* HAVE_FLOCK */
-
-time_t tm2time (struct tm tm, int local);
-
-int unix_verify_user(char *user, char *password);
-
-int roken_concat (char *s, size_t len, ...);
-
-size_t roken_mconcat (char **s, size_t max_len, ...);
-
-int roken_vconcat (char *s, size_t len, va_list args);
-
-size_t roken_vmconcat (char **s, size_t max_len, va_list args);
-
-ssize_t net_write (int fd, const void *buf, size_t nbytes);
-
-ssize_t net_read (int fd, void *buf, size_t nbytes);
-
-int issuid(void);
-
-#ifndef HAVE_STRUCT_WINSIZE
-struct winsize {
-	unsigned short ws_row, ws_col;
-	unsigned short ws_xpixel, ws_ypixel;
-};
-#endif
-
-int get_window_size(int fd, struct winsize *);
-
-#ifndef HAVE_VSYSLOG
-void vsyslog(int pri, const char *fmt, va_list ap);
-#endif
-
-#ifndef HAVE_OPTARG_DECLARATION
-extern char *optarg;
-#endif
-#ifndef HAVE_OPTIND_DECLARATION
-extern int optind;
-#endif
-#ifndef HAVE_OPTERR_DECLARATION
-extern int opterr;
-#endif
-
-#ifndef HAVE___PROGNAME_DECLARATION
-extern const char *__progname;
-#endif
-
-#ifndef HAVE_ENVIRON_DECLARATION
-extern char **environ;
-#endif
-
-#ifndef HAVE_GETIPNODEBYNAME
-struct hostent *
-getipnodebyname (const char *name, int af, int flags, int *error_num);
-#endif
-
-#ifndef HAVE_GETIPNODEBYADDR
-struct hostent *
-getipnodebyaddr (const void *src, size_t len, int af, int *error_num);
-#endif
-
-#ifndef HAVE_FREEHOSTENT
-void
-freehostent (struct hostent *h);
-#endif
-
-#ifndef HAVE_COPYHOSTENT
-struct hostent *
-copyhostent (const struct hostent *h);
-#endif
-
-#ifndef HAVE_SOCKLEN_T
-typedef int socklen_t;
-#endif
-
-#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
-
-#ifndef HAVE_SA_FAMILY_T
-typedef unsigned short sa_family_t;
-#endif
-
-#ifdef HAVE_IPV6
-#define _SS_MAXSIZE sizeof(struct sockaddr_in6)
-#else
-#define _SS_MAXSIZE sizeof(struct sockaddr_in)
-#endif
-
-#define _SS_ALIGNSIZE	sizeof(unsigned long)
-
-#if HAVE_STRUCT_SOCKADDR_SA_LEN
-
-typedef unsigned char roken_sa_family_t;
-
-#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE)
-#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
-
-struct sockaddr_storage {
-    unsigned char	ss_len;
-    roken_sa_family_t	ss_family;
-    char		__ss_pad1[_SS_PAD1SIZE];
-    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
-};
-
-#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */
-
-typedef unsigned short roken_sa_family_t;
-
-#define _SS_PAD1SIZE   ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE)
-#define _SS_PAD2SIZE   (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
-
-struct sockaddr_storage {
-    roken_sa_family_t	ss_family;
-    char		__ss_pad1[_SS_PAD1SIZE];
-    unsigned long	__ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
-};
-
-#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
-
-#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
-
-#ifndef HAVE_STRUCT_ADDRINFO
-struct addrinfo {
-    int    ai_flags;
-    int    ai_family;
-    int    ai_socktype;
-    int    ai_protocol;
-    size_t ai_addrlen;
-    char  *ai_canonname;
-    struct sockaddr *ai_addr;
-    struct addrinfo *ai_next;
-};
-#endif
-
-#ifndef HAVE_GETADDRINFO
-int
-getaddrinfo(const char *nodename,
-	    const char *servname,
-	    const struct addrinfo *hints,
-	    struct addrinfo **res);
-#endif
-
-#ifndef HAVE_GETNAMEINFO
-int getnameinfo(const struct sockaddr *sa, socklen_t salen,
-		char *host, size_t hostlen,
-		char *serv, size_t servlen,
-		int flags);
-#endif
-
-#ifndef HAVE_FREEADDRINFO
-void
-freeaddrinfo(struct addrinfo *ai);
-#endif
-
-#ifndef HAVE_GAI_STRERROR
-char *
-gai_strerror(int ecode);
-#endif
-
-int
-getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
-		     char *host, size_t hostlen,
-		     char *serv, size_t servlen,
-		     int flags);
-
-int roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); 
-int roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
-
-#ifndef HAVE_STRFTIME
-size_t
-strftime (char *buf, size_t maxsize, const char *format,
-	  const struct tm *tm);
-#endif
-
-#ifndef HAVE_STRPTIME
-char *
-strptime (const char *buf, const char *format, struct tm *timeptr);
-#endif
-
-#ifndef HAVE_EMALLOC
-void *emalloc (size_t);
-#endif
-#ifndef HAVE_ECALLOC
-void *ecalloc(size_t num, size_t sz);
-#endif
-#ifndef HAVE_EREALLOC
-void *erealloc (void *, size_t);
-#endif
-#ifndef HAVE_ESTRDUP
-char *estrdup (const char *);
-#endif
-
-/*
- * kludges and such
- */
-
-#if 1
-int roken_gethostby_setup(const char*, const char*);
-struct hostent* roken_gethostbyname(const char*);
-struct hostent* roken_gethostbyaddr(const void*, size_t, int);
-#else
-#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
-#define roken_gethostbyname(x) gethostbyname(x)
-#else
-#define roken_gethostbyname(x) gethostbyname((char *)x)
-#endif
-
-#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
-#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)
-#else
-#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)
-#endif
-#endif
-
-#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
-#define roken_getservbyname(x,y) getservbyname(x,y)
-#else
-#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
-#endif
-
-#ifdef OPENLOG_PROTO_COMPATIBLE
-#define roken_openlog(a,b,c) openlog(a,b,c)
-#else
-#define roken_openlog(a,b,c) openlog((char *)a,b,c)
-#endif
-
-#ifdef GETSOCKNAME_PROTO_COMPATIBLE
-#define roken_getsockname(a,b,c) getsockname(a,b,c)
-#else
-#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c)
-#endif
-
-#ifndef HAVE_SETPROGNAME
-void setprogname(const char *argv0);
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char *getprogname(void);
-#endif
-
-void mini_inetd_addrinfo (struct addrinfo*);
-void mini_inetd (int port);
-
-void set_progname(char *argv0);
-const char *get_progname(void);
-
-#ifndef HAVE_LOCALTIME_R
-struct tm *
-localtime_r(const time_t *timer, struct tm *result);
-#endif
-
-#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO)
-int
-strsvis(char *dst, const char *src, int flag, const char *extra);
-#endif
-
-#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO)
-int
-strunvis(char *dst, const char *src);
-#endif
-
-#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO)
-int
-strvis(char *dst, const char *src, int flag);
-#endif
-
-#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO)
-int
-strvisx(char *dst, const char *src, size_t len, int flag);
-#endif
-
-#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO)
-char *
-svis(char *dst, int c, int flag, int nextc, const char *extra);
-#endif
-
-#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO)
-int
-unvis(char *cp, int c, int *astate, int flag);
-#endif
-
-#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO)
-char *
-vis(char *dst, int c, int flag, int nextc);
-#endif
-
-ROKEN_CPP_END
diff --git a/crypto/heimdal/lib/roken/roken.mak b/crypto/heimdal/lib/roken/roken.mak
deleted file mode 100644
index da9a834e5551..000000000000
--- a/crypto/heimdal/lib/roken/roken.mak
+++ /dev/null
@@ -1,316 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on roken.dsp
-!IF "$(CFG)" == ""
-CFG=roken - Win32 Release
-!MESSAGE No configuration specified. Defaulting to roken - Win32 Release.
-!ENDIF 
-
-!IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line.  For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Release"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "roken - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-# Begin Custom Macros
-OutDir=.\.\Release
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "$(OUTDIR)\roken.dll"
-
-!ELSE 
-
-ALL : "$(OUTDIR)\roken.dll"
-
-!ENDIF 
-
-CLEAN : 
-	-@erase "$(INTDIR)\base64.obj"
-	-@erase "$(INTDIR)\concat.obj"
-	-@erase "$(INTDIR)\gettimeofday.obj"
-	-@erase "$(INTDIR)\getuid.obj"
-	-@erase "$(INTDIR)\resolve.obj"
-	-@erase "$(INTDIR)\roken.res"
-	-@erase "$(INTDIR)\snprintf.obj"
-	-@erase "$(INTDIR)\strcasecmp.obj"
-	-@erase "$(INTDIR)\strtok_r.obj"
-	-@erase "$(INTDIR)\vc50.idb"
-	-@erase "$(OUTDIR)\roken.dll"
-	-@erase "$(OUTDIR)\roken.exp"
-	-@erase "$(OUTDIR)\roken.lib"
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MT /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\
- "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\
- "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\"\
- /FD /c 
-CPP_OBJS=.\Release/
-CPP_SBRS=.
-MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 
-RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "NDEBUG" 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
- advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\
- /base:"0x68e7780" /subsystem:windows /dll /incremental:no\
- /pdb:"$(OUTDIR)\roken.pdb" /machine:I386 /def:".\roken.def"\
- /out:"$(OUTDIR)\roken.dll" /implib:"$(OUTDIR)\roken.lib" 
-DEF_FILE= \
-	".\roken.def"
-LINK32_OBJS= \
-	"$(INTDIR)\base64.obj" \
-	"$(INTDIR)\concat.obj" \
-	"$(INTDIR)\gettimeofday.obj" \
-	"$(INTDIR)\getuid.obj" \
-	"$(INTDIR)\resolve.obj" \
-	"$(INTDIR)\roken.res" \
-	"$(INTDIR)\snprintf.obj" \
-	"$(INTDIR)\strcasecmp.obj" \
-	"$(INTDIR)\strtok_r.obj"
-
-"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ELSEIF  "$(CFG)" == "roken - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "$(OUTDIR)\roken.dll"
-
-!ELSE 
-
-ALL : "$(OUTDIR)\roken.dll"
-
-!ENDIF 
-
-CLEAN : 
-	-@erase "$(INTDIR)\base64.obj"
-	-@erase "$(INTDIR)\concat.obj"
-	-@erase "$(INTDIR)\gettimeofday.obj"
-	-@erase "$(INTDIR)\getuid.obj"
-	-@erase "$(INTDIR)\resolve.obj"
-	-@erase "$(INTDIR)\roken.res"
-	-@erase "$(INTDIR)\snprintf.obj"
-	-@erase "$(INTDIR)\strcasecmp.obj"
-	-@erase "$(INTDIR)\strtok_r.obj"
-	-@erase "$(INTDIR)\vc50.idb"
-	-@erase "$(INTDIR)\vc50.pdb"
-	-@erase "$(OUTDIR)\roken.dll"
-	-@erase "$(OUTDIR)\roken.exp"
-	-@erase "$(OUTDIR)\roken.ilk"
-	-@erase "$(OUTDIR)\roken.lib"
-	-@erase "$(OUTDIR)\roken.pdb"
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\
- "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\
- "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\roken.pch" /YX /Fo"$(INTDIR)\\"\
- /Fd"$(INTDIR)\\" /FD /c 
-CPP_OBJS=.\Debug/
-CPP_SBRS=.
-MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 
-RSC_PROJ=/l 0x409 /fo"$(INTDIR)\roken.res" /d "_DEBUG" 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\roken.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\
- advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo\
- /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)\roken.pdb" /debug\
- /machine:I386 /def:".\roken.def" /out:"$(OUTDIR)\roken.dll"\
- /implib:"$(OUTDIR)\roken.lib" 
-LINK32_OBJS= \
-	"$(INTDIR)\base64.obj" \
-	"$(INTDIR)\concat.obj" \
-	"$(INTDIR)\gettimeofday.obj" \
-	"$(INTDIR)\getuid.obj" \
-	"$(INTDIR)\resolve.obj" \
-	"$(INTDIR)\roken.res" \
-	"$(INTDIR)\snprintf.obj" \
-	"$(INTDIR)\strcasecmp.obj" \
-	"$(INTDIR)\strtok_r.obj"
-
-"$(OUTDIR)\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ENDIF 
-
-.c{$(CPP_OBJS)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(CPP_OBJS)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(CPP_OBJS)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(CPP_SBRS)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(CPP_SBRS)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(CPP_SBRS)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(CFG)" == "roken - Win32 Release" || "$(CFG)" == "roken - Win32 Debug"
-SOURCE=.\base64.c
-DEP_CPP_BASE6=\
-	"..\..\include\win32\config.h"\
-	".\base64.h"\
-
-
-"$(INTDIR)\base64.obj" : $(SOURCE) $(DEP_CPP_BASE6) "$(INTDIR)"
-
-
-SOURCE=.\concat.c
-DEP_CPP_CONCA=\
-	"..\..\include\win32\config.h"\
-	"..\..\include\win32\roken.h"\
-	".\err.h"\
-	".\roken-common.h"\
-	{$(INCLUDE)}"sys\stat.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\concat.obj" : $(SOURCE) $(DEP_CPP_CONCA) "$(INTDIR)"
-
-
-SOURCE=.\gettimeofday.c
-DEP_CPP_GETTI=\
-	"..\..\include\win32\config.h"\
-	"..\..\include\win32\roken.h"\
-	".\err.h"\
-	".\roken-common.h"\
-	{$(INCLUDE)}"sys\stat.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)"
-
-
-SOURCE=.\getuid.c
-DEP_CPP_GETUI=\
-	"..\..\include\win32\config.h"\
-	"..\..\include\win32\roken.h"\
-	".\err.h"\
-	".\roken-common.h"\
-	{$(INCLUDE)}"sys\stat.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\getuid.obj" : $(SOURCE) $(DEP_CPP_GETUI) "$(INTDIR)"
-
-
-SOURCE=.\resolve.c
-DEP_CPP_RESOL=\
-	"..\..\include\win32\config.h"\
-	"..\..\include\win32\roken.h"\
-	".\err.h"\
-	".\resolve.h"\
-	".\roken-common.h"\
-	{$(INCLUDE)}"sys\stat.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)"
-
-
-SOURCE=.\snprintf.c
-DEP_CPP_SNPRI=\
-	"..\..\include\win32\config.h"\
-	"..\..\include\win32\roken.h"\
-	".\err.h"\
-	".\roken-common.h"\
-	{$(INCLUDE)}"sys\stat.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\snprintf.obj" : $(SOURCE) $(DEP_CPP_SNPRI) "$(INTDIR)"
-
-
-SOURCE=.\strcasecmp.c
-DEP_CPP_STRCA=\
-	"..\..\include\win32\config.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)"
-
-
-SOURCE=.\strtok_r.c
-DEP_CPP_STRTO=\
-	"..\..\include\win32\config.h"\
-	"..\..\include\win32\roken.h"\
-	".\err.h"\
-	".\roken-common.h"\
-	{$(INCLUDE)}"sys\stat.h"\
-	{$(INCLUDE)}"sys\types.h"\
-	
-
-"$(INTDIR)\strtok_r.obj" : $(SOURCE) $(DEP_CPP_STRTO) "$(INTDIR)"
-
-
-SOURCE=.\roken.rc
-
-"$(INTDIR)\roken.res" : $(SOURCE) "$(INTDIR)"
-	$(RSC) $(RSC_PROJ) $(SOURCE)
-	
-
-
-!ENDIF 
-
diff --git a/crypto/heimdal/lib/roken/roken.rc b/crypto/heimdal/lib/roken/roken.rc
deleted file mode 100644
index e7e2f3e499ca..000000000000
--- a/crypto/heimdal/lib/roken/roken.rc
+++ /dev/null
@@ -1,105 +0,0 @@
-//Microsoft Developer Studio generated resource script.
-//
-#include "resource.h"
-
-#define APSTUDIO_READONLY_SYMBOLS
-/////////////////////////////////////////////////////////////////////////////
-//
-// Generated from the TEXTINCLUDE 2 resource.
-//
-#include "afxres.h"
-
-/////////////////////////////////////////////////////////////////////////////
-#undef APSTUDIO_READONLY_SYMBOLS
-
-/////////////////////////////////////////////////////////////////////////////
-// Swedish resources
-
-#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE)
-#ifdef _WIN32
-LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT
-#pragma code_page(1252)
-#endif //_WIN32
-
-#ifdef APSTUDIO_INVOKED
-/////////////////////////////////////////////////////////////////////////////
-//
-// TEXTINCLUDE
-//
-
-1 TEXTINCLUDE DISCARDABLE 
-BEGIN
-    "resource.h\0"
-END
-
-2 TEXTINCLUDE DISCARDABLE 
-BEGIN
-    "#include ""afxres.h""\r\n"
-    "\0"
-END
-
-3 TEXTINCLUDE DISCARDABLE 
-BEGIN
-    "\r\n"
-    "\0"
-END
-
-#endif    // APSTUDIO_INVOKED
-
-
-#ifndef _MAC
-/////////////////////////////////////////////////////////////////////////////
-//
-// Version
-//
-
-VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,0,0,1
- PRODUCTVERSION 1,0,0,1
- FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
- FILEFLAGS 0x1L
-#else
- FILEFLAGS 0x0L
-#endif
- FILEOS 0x40004L
- FILETYPE 0x2L
- FILESUBTYPE 0x0L
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-        BLOCK "040904b0"
-        BEGIN
-            VALUE "CompanyName", "Royal Institute of Technology (KTH)\0"
-            VALUE "FileDescription", "roken\0"
-            VALUE "FileVersion", "4, 0, 9, 9\0"
-            VALUE "InternalName", "roken\0"
-            VALUE "LegalCopyright", "Copyright � 1996 - 1998  Royal Institute of Technology (KTH)\0"
-            VALUE "OriginalFilename", "roken.dll\0"
-            VALUE "ProductName", "KTH Kerberos\0"
-            VALUE "ProductVersion", "4,0,9,9\0"
-        END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 1200
-    END
-END
-
-#endif    // !_MAC
-
-#endif    // Swedish resources
-/////////////////////////////////////////////////////////////////////////////
-
-
-
-#ifndef APSTUDIO_INVOKED
-/////////////////////////////////////////////////////////////////////////////
-//
-// Generated from the TEXTINCLUDE 3 resource.
-//
-
-
-/////////////////////////////////////////////////////////////////////////////
-#endif    // not APSTUDIO_INVOKED
-
diff --git a/crypto/heimdal/lib/roken/roken_gethostby.c b/crypto/heimdal/lib/roken/roken_gethostby.c
deleted file mode 100644
index 6df6c57dd765..000000000000
--- a/crypto/heimdal/lib/roken/roken_gethostby.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: roken_gethostby.c,v 1.5 1999/12/05 13:16:44 assar Exp $");
-#endif
-
-#include <roken.h>
-
-#undef roken_gethostbyname
-#undef roken_gethostbyaddr
-
-static struct sockaddr_in dns_addr;
-static char *dns_req;
-
-static int
-make_address(const char *address, struct in_addr *ip)
-{
-    if(inet_aton(address, ip) == 0){
-	/* try to resolve as hostname, it might work if the address we
-           are trying to lookup is local, for instance a web proxy */
-	struct hostent *he = gethostbyname(address);
-	if(he) {
-	    unsigned char *p = (unsigned char*)he->h_addr;
-	    ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
-	} else {
-	    return -1;
-	}
-    }
-    return 0;
-}
-
-static int
-setup_int(const char *proxy_host, short proxy_port,
-	  const char *dns_host, short dns_port,
-	  const char *dns_path)
-{
-    memset(&dns_addr, 0, sizeof(dns_addr));
-    if(dns_req)
-	free(dns_req);
-    if(proxy_host) {
-	if(make_address(proxy_host, &dns_addr.sin_addr) != 0)
-	    return -1;
-	dns_addr.sin_port = htons(proxy_port);
-	asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path);
-    } else {
-	if(make_address(dns_host, &dns_addr.sin_addr) != 0)
-	    return -1;
-	dns_addr.sin_port = htons(dns_port);
-	asprintf(&dns_req, "%s", dns_path);
-    }
-    dns_addr.sin_family = AF_INET;
-    return 0;
-}
-
-static void
-split_spec(const char *spec, char **host, int *port, char **path, int def_port)
-{
-    char *p;
-    *host = strdup(spec);
-    p = strchr(*host, ':');
-    if(p) {
-	*p++ = '\0';
-	if(sscanf(p, "%d", port) != 1)
-	    *port = def_port;
-    } else
-	*port = def_port;
-    p = strchr(p ? p : *host, '/');
-    if(p) {
-	if(path) 
-	    *path = strdup(p);
-	*p = '\0';
-    }else
-	if(path) 
-	    *path = NULL;
-}
-
-
-int
-roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
-{
-    char *proxy_host = NULL;
-    int proxy_port;
-    char *dns_host, *dns_path;
-    int dns_port;
-    
-    int ret = -1;
-    
-    split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80);
-    if(dns_path == NULL)
-	goto out;
-    if(proxy_spec)
-	split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80);
-    ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path);
-out:
-    free(proxy_host);
-    free(dns_host);
-    free(dns_path);
-    return ret;
-}
-    
-
-/* Try to lookup a name or an ip-address using http as transport
-   mechanism. See the end of this file for an example program. */
-static struct hostent*
-roken_gethostby(const char *hostname)
-{
-    int s;
-    struct sockaddr_in sin;
-    char *request;
-    char buf[1024];
-    int offset = 0;
-    int n;
-    char *p, *foo;
-    
-    if(dns_addr.sin_family == 0)
-	return NULL; /* no configured host */
-    sin = dns_addr;
-    asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname);
-    if(request == NULL)
-	return NULL;
-    s  = socket(AF_INET, SOCK_STREAM, 0);
-    if(s < 0) {
-	free(request);
-	return NULL;
-    }
-    if(connect(s, (struct sockaddr*)&sin, sizeof(sin)) < 0) {
-	close(s);
-	free(request);
-	return NULL;
-    }
-    if(write(s, request, strlen(request)) != strlen(request)) {
-	close(s);
-	free(request);
-	return NULL;
-    }
-    free(request);
-    while(1) {
-	n = read(s, buf + offset, sizeof(buf) - offset);
-	if(n <= 0)
-	    break;
-	offset += n;
-    }
-    buf[offset] = '\0';
-    close(s);
-    p = strstr(buf, "\r\n\r\n"); /* find end of header */
-    if(p) p += 4;
-    else return NULL;
-    foo = NULL;
-    p = strtok_r(p, " \t\r\n", &foo);
-    if(p == NULL)
-	return NULL;
-    {
-	/* make a hostent to return */
-#define MAX_ADDRS 16
-	static struct hostent he;
-	static char addrs[4 * MAX_ADDRS];
-	static char *addr_list[MAX_ADDRS];
-	int num_addrs = 0;
-	
-	he.h_name = p;
-	he.h_aliases = NULL;
-	he.h_addrtype = AF_INET;
-	he.h_length = 4;
-	
-	while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
-	    struct in_addr ip;
-	    inet_aton(p, &ip);
-	    ip.s_addr = ntohl(ip.s_addr);
-	    addr_list[num_addrs] = &addrs[num_addrs * 4];
-	    addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff;
-	    addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff;
-	    addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff;
-	    addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff;
-	    addr_list[++num_addrs] = NULL;
-	}
-	he.h_addr_list = addr_list;
-	return &he;
-    }
-}
-
-struct hostent*
-roken_gethostbyname(const char *hostname)
-{
-    struct hostent *he;
-    he = gethostbyname(hostname);
-    if(he)
-	return he;
-    return roken_gethostby(hostname);
-}
-
-struct hostent*
-roken_gethostbyaddr(const void *addr, size_t len, int type)
-{
-    struct in_addr a;
-    const char *p;
-    struct hostent *he;
-    he = gethostbyaddr(addr, len, type);
-    if(he)
-	return he;
-    if(type != AF_INET || len != 4)
-	return NULL;
-    p = addr;
-    a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-    return roken_gethostby(inet_ntoa(a));
-}
-
-#if 0
-
-/* this program can be used as a cgi `script' to lookup names and
-   ip-addresses */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <netdb.h>
-#include <sys/param.h>
-
-int
-main(int argc, char **argv)
-{
-    char *query = getenv("QUERY_STRING");
-    char host[MAXHOSTNAMELEN];
-    int i;
-    struct hostent *he;
-    
-    printf("Content-type: text/plain\n\n");
-    if(query == NULL)
-	exit(0);
-    he = gethostbyname(query);
-    strncpy(host, he->h_name, sizeof(host));
-    host[sizeof(host) - 1] = '\0';
-    he = gethostbyaddr(he->h_addr, he->h_length, AF_INET);
-    printf("%s\n", he->h_name);
-    for(i = 0; he->h_addr_list[i]; i++) {
-	struct in_addr ip;
-	unsigned char *p = (unsigned char*)he->h_addr_list[i];
-	ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-	printf("%s\n", inet_ntoa(ip));
-    }
-    exit(0);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/roken_gethostby.lo b/crypto/heimdal/lib/roken/roken_gethostby.lo
deleted file mode 100644
index b5387c42a15a..000000000000
--- a/crypto/heimdal/lib/roken/roken_gethostby.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/rtbl.c b/crypto/heimdal/lib/roken/rtbl.c
deleted file mode 100644
index 5a3bc00e1328..000000000000
--- a/crypto/heimdal/lib/roken/rtbl.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/*
- * Copyright (c) 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID ("$Id: rtbl.c,v 1.4 2002/09/04 21:25:09 joda Exp $");
-#endif
-#include "roken.h"
-#include "rtbl.h"
-
-struct column_entry {
-    char *data;
-};
-
-struct column_data {
-    char *header;
-    char *prefix;
-    int width;
-    unsigned flags;
-    size_t num_rows;
-    struct column_entry *rows;
-};
-
-struct rtbl_data {
-    char *column_prefix;
-    size_t num_columns;
-    struct column_data **columns;
-};
-
-rtbl_t
-rtbl_create (void)
-{
-    return calloc (1, sizeof (struct rtbl_data));
-}
-
-static struct column_data *
-rtbl_get_column (rtbl_t table, const char *column)
-{
-    int i;
-    for(i = 0; i < table->num_columns; i++)
-	if(strcmp(table->columns[i]->header, column) == 0)
-	    return table->columns[i];
-    return NULL;
-}
-
-void
-rtbl_destroy (rtbl_t table)
-{
-    int i, j;
-
-    for (i = 0; i < table->num_columns; i++) {
-	struct column_data *c = table->columns[i];
-
-	for (j = 0; j < c->num_rows; j++)
-	    free (c->rows[j].data);
-	free (c->rows);
-	free (c->header);
-	free (c->prefix);
-	free (c);
-    }
-    free (table->column_prefix);
-    free (table->columns);
-    free (table);
-}
-
-int
-rtbl_add_column (rtbl_t table, const char *header, unsigned int flags)
-{
-    struct column_data *col, **tmp;
-
-    tmp = realloc (table->columns, (table->num_columns + 1) * sizeof (*tmp));
-    if (tmp == NULL)
-	return ENOMEM;
-    table->columns = tmp;
-    col = malloc (sizeof (*col));
-    if (col == NULL)
-	return ENOMEM;
-    col->header = strdup (header);
-    if (col->header == NULL) {
-	free (col);
-	return ENOMEM;
-    }
-    col->prefix   = NULL;
-    col->width    = 0;
-    col->flags    = flags;
-    col->num_rows = 0;
-    col->rows     = NULL;
-    table->columns[table->num_columns++] = col;
-    return 0;
-}
-
-static void
-column_compute_width (struct column_data *column)
-{
-    int i;
-
-    column->width = strlen (column->header);
-    for (i = 0; i < column->num_rows; i++)
-	column->width = max (column->width, strlen (column->rows[i].data));
-}
-
-int
-rtbl_set_prefix (rtbl_t table, const char *prefix)
-{
-    if (table->column_prefix)
-	free (table->column_prefix);
-    table->column_prefix = strdup (prefix);
-    if (table->column_prefix == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-int
-rtbl_set_column_prefix (rtbl_t table, const char *column,
-			const char *prefix)
-{
-    struct column_data *c = rtbl_get_column (table, column);
-
-    if (c == NULL)
-	return -1;
-    if (c->prefix)
-	free (c->prefix);
-    c->prefix = strdup (prefix);
-    if (c->prefix == NULL)
-	return ENOMEM;
-    return 0;
-}
-
-
-static const char *
-get_column_prefix (rtbl_t table, struct column_data *c)
-{
-    if (c == NULL)
-	return "";
-    if (c->prefix)
-	return c->prefix;
-    if (table->column_prefix)
-	return table->column_prefix;
-    return "";
-}
-
-int
-rtbl_add_column_entry (rtbl_t table, const char *column, const char *data)
-{
-    struct column_entry row, *tmp;
-
-    struct column_data *c = rtbl_get_column (table, column);
-
-    if (c == NULL)
-	return -1;
-
-    row.data = strdup (data);
-    if (row.data == NULL)
-	return ENOMEM;
-    tmp = realloc (c->rows, (c->num_rows + 1) * sizeof (*tmp));
-    if (tmp == NULL) {
-	free (row.data);
-	return ENOMEM;
-    }
-    c->rows = tmp;
-    c->rows[c->num_rows++] = row;
-    return 0;
-}
-
-int
-rtbl_format (rtbl_t table, FILE * f)
-{
-    int i, j;
-
-    for (i = 0; i < table->num_columns; i++)
-	column_compute_width (table->columns[i]);
-    for (i = 0; i < table->num_columns; i++) {
-	struct column_data *c = table->columns[i];
-
-	fprintf (f, "%s", get_column_prefix (table, c));
-	fprintf (f, "%-*s", (int)c->width, c->header);
-    }
-    fprintf (f, "\n");
-
-    for (j = 0;; j++) {
-	int flag = 0;
-
-	for (i = 0; flag == 0 && i < table->num_columns; ++i) {
-	    struct column_data *c = table->columns[i];
-
-	    if (c->num_rows > j) {
-		++flag;
-		break;
-	    }
-	}
-	if (flag == 0)
-	    break;
-
-	for (i = 0; i < table->num_columns; i++) {
-	    int w;
-	    struct column_data *c = table->columns[i];
-
-	    w = c->width;
-
-	    if ((c->flags & RTBL_ALIGN_RIGHT) == 0)
-		w = -w;
-	    fprintf (f, "%s", get_column_prefix (table, c));
-	    if (c->num_rows <= j)
-		fprintf (f, "%*s", w, "");
-	    else
-		fprintf (f, "%*s", w, c->rows[j].data);
-	}
-	fprintf (f, "\n");
-    }
-    return 0;
-}
-
-#ifdef TEST
-int
-main (int argc, char **argv)
-{
-    rtbl_t table;
-    unsigned int a, b, c, d;
-
-    table = rtbl_create ();
-    rtbl_add_column (table, "Issued", 0, &a);
-    rtbl_add_column (table, "Expires", 0, &b);
-    rtbl_add_column (table, "Foo", RTBL_ALIGN_RIGHT, &d);
-    rtbl_add_column (table, "Principal", 0, &c);
-
-    rtbl_add_column_entry (table, a, "Jul  7 21:19:29");
-    rtbl_add_column_entry (table, b, "Jul  8 07:19:29");
-    rtbl_add_column_entry (table, d, "73");
-    rtbl_add_column_entry (table, d, "0");
-    rtbl_add_column_entry (table, d, "-2000");
-    rtbl_add_column_entry (table, c, "krbtgt/NADA.KTH.SE@NADA.KTH.SE");
-
-    rtbl_add_column_entry (table, a, "Jul  7 21:19:29");
-    rtbl_add_column_entry (table, b, "Jul  8 07:19:29");
-    rtbl_add_column_entry (table, c, "afs/pdc.kth.se@NADA.KTH.SE");
-
-    rtbl_add_column_entry (table, a, "Jul  7 21:19:29");
-    rtbl_add_column_entry (table, b, "Jul  8 07:19:29");
-    rtbl_add_column_entry (table, c, "afs@NADA.KTH.SE");
-
-    rtbl_set_prefix (table, "  ");
-    rtbl_set_column_prefix (table, a, "");
-
-    rtbl_format (table, stdout);
-
-    rtbl_destroy (table);
-
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/rtbl.h b/crypto/heimdal/lib/roken/rtbl.h
deleted file mode 100644
index 16496a7fd205..000000000000
--- a/crypto/heimdal/lib/roken/rtbl.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __rtbl_h__
-#define __rtbl_h__
-
-struct rtbl_data;
-typedef struct rtbl_data *rtbl_t;
-
-#define RTBL_ALIGN_LEFT		0
-#define RTBL_ALIGN_RIGHT	1
-
-rtbl_t rtbl_create (void);
-
-void rtbl_destroy (rtbl_t);
-
-int rtbl_set_prefix (rtbl_t, const char*);
-
-int rtbl_set_column_prefix (rtbl_t, const char*, const char*);
-
-int rtbl_add_column (rtbl_t, const char*, unsigned int);
-
-int rtbl_add_column_entry (rtbl_t, const char*, const char*);
-
-int rtbl_format (rtbl_t, FILE*);
-
-#endif /* __rtbl_h__ */
diff --git a/crypto/heimdal/lib/roken/rtbl.lo b/crypto/heimdal/lib/roken/rtbl.lo
deleted file mode 100644
index f5659918b99d..000000000000
--- a/crypto/heimdal/lib/roken/rtbl.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/sendmsg.c b/crypto/heimdal/lib/roken/sendmsg.c
deleted file mode 100644
index 7075bf214211..000000000000
--- a/crypto/heimdal/lib/roken/sendmsg.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: sendmsg.c,v 1.4 1999/12/02 16:58:52 joda Exp $");
-#endif
-
-#include "roken.h"
-
-ssize_t
-sendmsg(int s, const struct msghdr *msg, int flags)
-{
-    ssize_t ret;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-    struct iovec *iov = msg->msg_iov;
-
-    for(i = 0; i < msg->msg_iovlen; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    p = buf;
-    for (i = 0; i < msg->msg_iovlen; ++i) {
-	memcpy (p, iov[i].iov_base, iov[i].iov_len);
-	p += iov[i].iov_len;
-    }
-    ret = sendto (s, buf, tot, flags, msg->msg_name, msg->msg_namelen);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/setegid.c b/crypto/heimdal/lib/roken/setegid.c
deleted file mode 100644
index 2f46fe4bf8ea..000000000000
--- a/crypto/heimdal/lib/roken/setegid.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setegid.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int
-setegid(gid_t egid)
-{
-#ifdef HAVE_SETREGID
-    return setregid(-1, egid);
-#endif
-
-#ifdef HAVE_SETRESGID
-    return setresgid(-1, egid, -1);
-#endif
-
-    return -1;
-}
diff --git a/crypto/heimdal/lib/roken/setenv.c b/crypto/heimdal/lib/roken/setenv.c
deleted file mode 100644
index 15b58113ea8e..000000000000
--- a/crypto/heimdal/lib/roken/setenv.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setenv.c,v 1.9 1999/12/02 16:58:52 joda Exp $");
-#endif
-
-#include "roken.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * This is the easy way out, use putenv to implement setenv. We might
- * leak some memory but that is ok since we are usally about to exec
- * anyway.
- */
-
-int
-setenv(const char *var, const char *val, int rewrite)
-{
-    char *t;
-
-    if (!rewrite && getenv(var) != 0)
-	return 0;
-  
-    asprintf (&t, "%s=%s", var, val);
-    if (t == NULL)
-	return -1;
-
-    if (putenv(t) == 0)
-	return 0;
-    else
-	return -1;
-}
diff --git a/crypto/heimdal/lib/roken/seteuid.c b/crypto/heimdal/lib/roken/seteuid.c
deleted file mode 100644
index ee68ba785e47..000000000000
--- a/crypto/heimdal/lib/roken/seteuid.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: seteuid.c,v 1.10 1999/12/02 16:58:52 joda Exp $");
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "roken.h"
-
-int
-seteuid(uid_t euid)
-{
-#ifdef HAVE_SETREUID
-    return setreuid(-1, euid);
-#endif
-
-#ifdef HAVE_SETRESUID
-    return setresuid(-1, euid, -1);
-#endif
-
-    return -1;
-}
diff --git a/crypto/heimdal/lib/roken/setprogname.c b/crypto/heimdal/lib/roken/setprogname.c
deleted file mode 100644
index e66deab8b17e..000000000000
--- a/crypto/heimdal/lib/roken/setprogname.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: setprogname.c,v 1.1 2001/07/09 14:56:51 assar Exp $");
-#endif
-
-#include "roken.h"
-
-#ifndef HAVE___PROGNAME
-extern const char *__progname;
-#endif
-
-#ifndef HAVE_SETPROGNAME
-void
-setprogname(const char *argv0)
-{
-#ifndef HAVE___PROGNAME
-    char *p;
-    if(argv0 == NULL)
-	return;
-    p = strrchr(argv0, '/');
-    if(p == NULL)
-	p = (char *)argv0;
-    else
-	p++;
-    __progname = p;
-#endif
-}
-#endif /* HAVE_SETPROGNAME */
-
-void
-set_progname(char *argv0)
-{
-    setprogname ((const char *)argv0);
-}
diff --git a/crypto/heimdal/lib/roken/setprogname.lo b/crypto/heimdal/lib/roken/setprogname.lo
deleted file mode 100644
index 7429f1f8bcef..000000000000
--- a/crypto/heimdal/lib/roken/setprogname.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/signal.c b/crypto/heimdal/lib/roken/signal.c
deleted file mode 100644
index 1d482a0e3d80..000000000000
--- a/crypto/heimdal/lib/roken/signal.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: signal.c,v 1.12 2000/07/08 12:39:06 assar Exp $");
-#endif
-
-#include <signal.h>
-#include "roken.h"
-
-/*
- * We would like to always use this signal but there is a link error
- * on NEXTSTEP
- */
-#if !defined(NeXT) && !defined(__APPLE__)
-/*
- * Bugs:
- *
- * Do we need any extra hacks for SIGCLD and/or SIGCHLD?
- */
-
-SigAction
-signal(int iSig, SigAction pAction)
-{
-    struct sigaction saNew, saOld;
-
-    saNew.sa_handler = pAction;
-    sigemptyset(&saNew.sa_mask);
-    saNew.sa_flags = 0;
-
-    if (iSig == SIGALRM)
-	{
-#ifdef SA_INTERRUPT
-	    saNew.sa_flags |= SA_INTERRUPT;
-#endif
-	}
-    else
-	{
-#ifdef SA_RESTART
-	    saNew.sa_flags |= SA_RESTART;
-#endif
-	}
-
-    if (sigaction(iSig, &saNew, &saOld) < 0)
-	return(SIG_ERR);
-
-    return(saOld.sa_handler);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/signal.lo b/crypto/heimdal/lib/roken/signal.lo
deleted file mode 100644
index d5a1dd4d11e2..000000000000
--- a/crypto/heimdal/lib/roken/signal.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/simple_exec.c b/crypto/heimdal/lib/roken/simple_exec.c
deleted file mode 100644
index 1f27c00e73e2..000000000000
--- a/crypto/heimdal/lib/roken/simple_exec.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: simple_exec.c,v 1.10 2001/06/21 03:38:03 assar Exp $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <errno.h>
-
-#include <roken.h>
-
-#define EX_NOEXEC	126
-#define EX_NOTFOUND	127
-
-/* return values:
-   -1   on `unspecified' system errors
-   -2   on fork failures
-   -3   on waitpid errors
-   0-   is return value from subprocess
-   126  if the program couldn't be executed
-   127  if the program couldn't be found
-   128- is 128 + signal that killed subprocess
-   */
-
-int
-wait_for_process(pid_t pid)
-{
-    while(1) {
-	int status;
-
-	while(waitpid(pid, &status, 0) < 0)
-	    if (errno != EINTR)
-		return -3;
-	if(WIFSTOPPED(status))
-	    continue;
-	if(WIFEXITED(status))
-	    return WEXITSTATUS(status);
-	if(WIFSIGNALED(status))
-	    return WTERMSIG(status) + 128;
-    }
-}
-
-int
-pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, 
-	   const char *file, ...)
-{
-    int in_fd[2], out_fd[2], err_fd[2];
-    pid_t pid;
-    va_list ap;
-    char **argv;
-
-    if(stdin_fd != NULL)
-	pipe(in_fd);
-    if(stdout_fd != NULL)
-	pipe(out_fd);
-    if(stderr_fd != NULL)
-	pipe(err_fd);
-    pid = fork();
-    switch(pid) {
-    case 0:
-	va_start(ap, file);
-	argv = vstrcollect(&ap);
-	va_end(ap);
-	if(argv == NULL)
-	    exit(-1);
-
-	/* close pipes we're not interested in */
-	if(stdin_fd != NULL)
-	    close(in_fd[1]);
-	if(stdout_fd != NULL)
-	    close(out_fd[0]);
-	if(stderr_fd != NULL)
-	    close(err_fd[0]);
-
-	/* pipe everything caller doesn't care about to /dev/null */
-	if(stdin_fd == NULL)
-	    in_fd[0] = open(_PATH_DEVNULL, O_RDONLY);
-	if(stdout_fd == NULL)
-	    out_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
-	if(stderr_fd == NULL)
-	    err_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
-
-	/* move to proper descriptors */
-	if(in_fd[0] != STDIN_FILENO) {
-	    dup2(in_fd[0], STDIN_FILENO);
-	    close(in_fd[0]);
-	}
-	if(out_fd[1] != STDOUT_FILENO) {
-	    dup2(out_fd[1], STDOUT_FILENO);
-	    close(out_fd[1]);
-	}
-	if(err_fd[1] != STDERR_FILENO) {
-	    dup2(err_fd[1], STDERR_FILENO);
-	    close(err_fd[1]);
-	}
-
-	execv(file, argv);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    case -1:
-	if(stdin_fd != NULL) {
-	    close(in_fd[0]);
-	    close(in_fd[1]);
-	}
-	if(stdout_fd != NULL) {
-	    close(out_fd[0]);
-	    close(out_fd[1]);
-	}
-	if(stderr_fd != NULL) {
-	    close(err_fd[0]);
-	    close(err_fd[1]);
-	}
-	return -2;
-    default:
-	if(stdin_fd != NULL) {
-	    close(in_fd[0]);
-	    *stdin_fd = fdopen(in_fd[1], "w");
-	}
-	if(stdout_fd != NULL) {
-	    close(out_fd[1]);
-	    *stdout_fd = fdopen(out_fd[0], "r");
-	}
-	if(stderr_fd != NULL) {
-	    close(err_fd[1]);
-	    *stderr_fd = fdopen(err_fd[0], "r");
-	}
-    }
-    return pid;
-}
-
-int
-simple_execvp(const char *file, char *const args[])
-{
-    pid_t pid = fork();
-    switch(pid){
-    case -1:
-	return -2;
-    case 0:
-	execvp(file, args);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    default: 
-	return wait_for_process(pid);
-    }
-}
-
-/* gee, I'd like a execvpe */
-int
-simple_execve(const char *file, char *const args[], char *const envp[])
-{
-    pid_t pid = fork();
-    switch(pid){
-    case -1:
-	return -2;
-    case 0:
-	execve(file, args, envp);
-	exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
-    default: 
-	return wait_for_process(pid);
-    }
-}
-
-int
-simple_execlp(const char *file, ...)
-{
-    va_list ap;
-    char **argv;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execvp(file, argv);
-    free(argv);
-    return ret;
-}
-
-int
-simple_execle(const char *file, ... /* ,char *const envp[] */)
-{
-    va_list ap;
-    char **argv;
-    char *const* envp;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    envp = va_arg(ap, char **);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execve(file, argv, envp);
-    free(argv);
-    return ret;
-}
-
-int
-simple_execl(const char *file, ...) 
-{
-    va_list ap;
-    char **argv;
-    int ret;
-
-    va_start(ap, file);
-    argv = vstrcollect(&ap);
-    va_end(ap);
-    if(argv == NULL)
-	return -1;
-    ret = simple_execve(file, argv, environ);
-    free(argv);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/simple_exec.lo b/crypto/heimdal/lib/roken/simple_exec.lo
deleted file mode 100644
index 340cba674bf0..000000000000
--- a/crypto/heimdal/lib/roken/simple_exec.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/snprintf-test b/crypto/heimdal/lib/roken/snprintf-test
deleted file mode 100755
index 393a7119d199..000000000000
--- a/crypto/heimdal/lib/roken/snprintf-test
+++ /dev/null
@@ -1,121 +0,0 @@
-#! /bin/sh
-
-# snprintf-test - temporary wrapper script for .libs/snprintf-test
-# Generated by ltmain.sh - GNU libtool 1.4.2 (1.922.2.53 2001/09/11 03:18:52)
-#
-# The snprintf-test program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "${CDPATH+set}" = set; then CDPATH=:; export CDPATH; fi
-
-relink_command="cd /usr/home/nectar/devel/heimdal/lib/roken; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; { test -z \"\${LD_LIBRARY_PATH+set}\" || unset LD_LIBRARY_PATH || { LD_LIBRARY_PATH=; export LD_LIBRARY_PATH; }; }; PATH=\"/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin:/usr/X11R6/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/usr/games:/home/nectar/bin\"; export PATH; gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs -DINET6 -g -O2 -o \$progdir/\$file snprintf_test-snprintf-test.o  ./.libs/libtest.al ./.libs/libroken.so -lcrypt -Wl,--rpath -Wl,/usr/home/nectar/devel/heimdal/lib/roken/.libs -Wl,--rpath -Wl,/usr/heimdal/lib"
-
-# This environment variable determines our operation mode.
-if test "$libtool_install_magic" = "%%%MAGIC variable%%%"; then
-  # install mode needs the following variable:
-  notinst_deplibs=' libroken.la'
-else
-  # When we are sourced in execute mode, $file and $echo are already set.
-  if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then
-    echo="echo"
-    file="$0"
-    # Make sure echo works.
-    if test "X$1" = X--no-reexec; then
-      # Discard the --no-reexec flag, and continue.
-      shift
-    elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-      # Yippee, $echo works!
-      :
-    else
-      # Restart under the correct shell, and then maybe $echo will work.
-      exec /bin/sh "$0" --no-reexec ${1+"$@"}
-    fi
-  fi
-
-  # Find the directory that this script lives in.
-  thisdir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-  test "x$thisdir" = "x$file" && thisdir=.
-
-  # Follow symbolic links until we get to the real thisdir.
-  file=`ls -ld "$file" | sed -n 's/.*-> //p'`
-  while test -n "$file"; do
-    destdir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-
-    # If there was a directory component, then change thisdir.
-    if test "x$destdir" != "x$file"; then
-      case "$destdir" in
-      [\\/]* | [A-Za-z]:[\\/]*) thisdir="$destdir" ;;
-      *) thisdir="$thisdir/$destdir" ;;
-      esac
-    fi
-
-    file=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-    file=`ls -ld "$thisdir/$file" | sed -n 's/.*-> //p'`
-  done
-
-  # Try to get the absolute directory name.
-  absdir=`cd "$thisdir" && pwd`
-  test -n "$absdir" && thisdir="$absdir"
-
-  program=lt-'snprintf-test'
-  progdir="$thisdir/.libs"
-
-  if test ! -f "$progdir/$program" || \
-     { file=`ls -1dt "$progdir/$program" "$progdir/../$program" 2>/dev/null | sed 1q`; \
-       test "X$file" != "X$progdir/$program"; }; then
-
-    file="$$-$program"
-
-    if test ! -d "$progdir"; then
-      mkdir "$progdir"
-    else
-      rm -f "$progdir/$file"
-    fi
-
-    # relink executable if necessary
-    if test -n "$relink_command"; then
-      if relink_command_output=`eval $relink_command 2>&1`; then :
-      else
-	echo "$relink_command_output" >&2
-	rm -f "$progdir/$file"
-	exit 1
-      fi
-    fi
-
-    mv -f "$progdir/$file" "$progdir/$program" 2>/dev/null ||
-    { rm -f "$progdir/$program";
-      mv -f "$progdir/$file" "$progdir/$program"; }
-    rm -f "$progdir/$file"
-  fi
-
-  if test -f "$progdir/$program"; then
-    if test "$libtool_execute_magic" != "%%%MAGIC variable%%%"; then
-      # Run the actual program with our arguments.
-
-      # Export the path to the program.
-      PATH="$progdir:$PATH"
-      export PATH
-
-      exec $program ${1+"$@"}
-
-      $echo "$0: cannot exec $program ${1+"$@"}"
-      exit 1
-    fi
-  else
-    # The program doesn't exist.
-    $echo "$0: error: $progdir/$program does not exist" 1>&2
-    $echo "This script is just a wrapper for $program." 1>&2
-    echo "See the libtool documentation for more information." 1>&2
-    exit 1
-  fi
-fi
diff --git a/crypto/heimdal/lib/roken/snprintf-test.c b/crypto/heimdal/lib/roken/snprintf-test.c
deleted file mode 100644
index 6904ba612fb9..000000000000
--- a/crypto/heimdal/lib/roken/snprintf-test.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-#include <limits.h>
-
-#include "snprintf-test.h"
-
-RCSID("$Id: snprintf-test.c,v 1.5 2001/09/13 01:01:16 assar Exp $");
-
-static int
-try (const char *format, ...)
-{
-    int ret;
-    va_list ap;
-    char buf1[256], buf2[256];
-
-    va_start (ap, format);
-    ret = vsnprintf (buf1, sizeof(buf1), format, ap);
-    if (ret >= sizeof(buf1))
-	errx (1, "increase buf and try again");
-    vsprintf (buf2, format, ap);
-    ret = strcmp (buf1, buf2);
-    if (ret)
-	printf ("failed: format = \"%s\", \"%s\" != \"%s\"\n",
-		format, buf1, buf2);
-    va_end (ap);
-    return ret;
-}
-
-static int
-cmp_with_sprintf_int (void)
-{
-    int tot = 0;
-    int int_values[] = {INT_MIN, -17, -1, 0, 1, 17, 4711, 65535, INT_MAX};
-    int i;
-
-    for (i = 0; i < sizeof(int_values) / sizeof(int_values[0]); ++i) {
-	tot += try ("%d", int_values[i]);
-	tot += try ("%x", int_values[i]);
-	tot += try ("%X", int_values[i]);
-	tot += try ("%o", int_values[i]);
-	tot += try ("%#x", int_values[i]);
-	tot += try ("%#X", int_values[i]);
-	tot += try ("%#o", int_values[i]);
-	tot += try ("%10d", int_values[i]);
-	tot += try ("%10x", int_values[i]);
-	tot += try ("%10X", int_values[i]);
-	tot += try ("%10o", int_values[i]);
-	tot += try ("%#10x", int_values[i]);
-	tot += try ("%#10X", int_values[i]);
-	tot += try ("%#10o", int_values[i]);
-	tot += try ("%-10d", int_values[i]);
-	tot += try ("%-10x", int_values[i]);
-	tot += try ("%-10X", int_values[i]);
-	tot += try ("%-10o", int_values[i]);
-	tot += try ("%-#10x", int_values[i]);
-	tot += try ("%-#10X", int_values[i]);
-	tot += try ("%-#10o", int_values[i]);
-    }
-    return tot;
-}
-
-static int
-cmp_with_sprintf_long (void)
-{
-    int tot = 0;
-    long long_values[] = {LONG_MIN, -17, -1, 0, 1, 17, 4711, 65535, LONG_MAX};
-    int i;
-
-    for (i = 0; i < sizeof(long_values) / sizeof(long_values[0]); ++i) {
-	tot += try ("%ld", long_values[i]);
-	tot += try ("%lx", long_values[i]);
-	tot += try ("%lX", long_values[i]);
-	tot += try ("%lo", long_values[i]);
-	tot += try ("%#lx", long_values[i]);
-	tot += try ("%#lX", long_values[i]);
-	tot += try ("%#lo", long_values[i]);
-	tot += try ("%10ld", long_values[i]);
-	tot += try ("%10lx", long_values[i]);
-	tot += try ("%10lX", long_values[i]);
-	tot += try ("%10lo", long_values[i]);
-	tot += try ("%#10lx", long_values[i]);
-	tot += try ("%#10lX", long_values[i]);
-	tot += try ("%#10lo", long_values[i]);
-	tot += try ("%-10ld", long_values[i]);
-	tot += try ("%-10lx", long_values[i]);
-	tot += try ("%-10lX", long_values[i]);
-	tot += try ("%-10lo", long_values[i]);
-	tot += try ("%-#10lx", long_values[i]);
-	tot += try ("%-#10lX", long_values[i]);
-	tot += try ("%-#10lo", long_values[i]);
-    }
-    return tot;
-}
-
-#ifdef HAVE_LONG_LONG
-
-static int
-cmp_with_sprintf_long_long (void)
-{
-    int tot = 0;
-    long long long_long_values[] = {
-	((long long)LONG_MIN) -1, LONG_MIN, -17, -1,
-	0,
-	1, 17, 4711, 65535, LONG_MAX, ((long long)LONG_MAX) + 1};
-    int i;
-
-    for (i = 0; i < sizeof(long_long_values) / sizeof(long_long_values[0]); ++i) {
-	tot += try ("%lld", long_long_values[i]);
-	tot += try ("%llx", long_long_values[i]);
-	tot += try ("%llX", long_long_values[i]);
-	tot += try ("%llo", long_long_values[i]);
-	tot += try ("%#llx", long_long_values[i]);
-	tot += try ("%#llX", long_long_values[i]);
-	tot += try ("%#llo", long_long_values[i]);
-	tot += try ("%10lld", long_long_values[i]);
-	tot += try ("%10llx", long_long_values[i]);
-	tot += try ("%10llX", long_long_values[i]);
-	tot += try ("%10llo", long_long_values[i]);
-	tot += try ("%#10llx", long_long_values[i]);
-	tot += try ("%#10llX", long_long_values[i]);
-	tot += try ("%#10llo", long_long_values[i]);
-	tot += try ("%-10lld", long_long_values[i]);
-	tot += try ("%-10llx", long_long_values[i]);
-	tot += try ("%-10llX", long_long_values[i]);
-	tot += try ("%-10llo", long_long_values[i]);
-	tot += try ("%-#10llx", long_long_values[i]);
-	tot += try ("%-#10llX", long_long_values[i]);
-	tot += try ("%-#10llo", long_long_values[i]);
-    }
-    return tot;
-}
-
-#endif
-
-#if 0
-static int
-cmp_with_sprintf_float (void)
-{
-    int tot = 0;
-    double double_values[] = {-99999, -999, -17.4, -4.3, -3.0, -1.5, -1,
-			      0, 0.1, 0.2342374852, 0.2340007,
-			      3.1415926, 14.7845, 34.24758, 9999, 9999999};
-    int i;
-
-    for (i = 0; i < sizeof(double_values) / sizeof(double_values[0]); ++i) {
-	tot += try ("%f", double_values[i]);
-	tot += try ("%10f", double_values[i]);
-	tot += try ("%.2f", double_values[i]);
-	tot += try ("%7.0f", double_values[i]);
-	tot += try ("%5.2f", double_values[i]);
-	tot += try ("%0f", double_values[i]);
-	tot += try ("%#f", double_values[i]);
-	tot += try ("%e", double_values[i]);
-	tot += try ("%10e", double_values[i]);
-	tot += try ("%.2e", double_values[i]);
-	tot += try ("%7.0e", double_values[i]);
-	tot += try ("%5.2e", double_values[i]);
-	tot += try ("%0e", double_values[i]);
-	tot += try ("%#e", double_values[i]);
-	tot += try ("%E", double_values[i]);
-	tot += try ("%10E", double_values[i]);
-	tot += try ("%.2E", double_values[i]);
-	tot += try ("%7.0E", double_values[i]);
-	tot += try ("%5.2E", double_values[i]);
-	tot += try ("%0E", double_values[i]);
-	tot += try ("%#E", double_values[i]);
-	tot += try ("%g", double_values[i]);
-	tot += try ("%10g", double_values[i]);
-	tot += try ("%.2g", double_values[i]);
-	tot += try ("%7.0g", double_values[i]);
-	tot += try ("%5.2g", double_values[i]);
-	tot += try ("%0g", double_values[i]);
-	tot += try ("%#g", double_values[i]);
-	tot += try ("%G", double_values[i]);
-	tot += try ("%10G", double_values[i]);
-	tot += try ("%.2G", double_values[i]);
-	tot += try ("%7.0G", double_values[i]);
-	tot += try ("%5.2G", double_values[i]);
-	tot += try ("%0G", double_values[i]);
-	tot += try ("%#G", double_values[i]);
-    }
-    return tot;
-}
-#endif
-
-static int
-test_null (void)
-{
-    return snprintf (NULL, 0, "foo") != 3;
-}
-
-int
-main (int argc, char **argv)
-{
-    int ret = 0;
-
-    ret += cmp_with_sprintf_int ();
-    ret += cmp_with_sprintf_long ();
-#ifdef HAVE_LONG_LONG
-    ret += cmp_with_sprintf_long_long ();
-#endif
-    ret += test_null ();
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/snprintf-test.h b/crypto/heimdal/lib/roken/snprintf-test.h
deleted file mode 100644
index 5eb591b2fe33..000000000000
--- a/crypto/heimdal/lib/roken/snprintf-test.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: snprintf-test.h,v 1.2 2001/07/19 18:39:14 assar Exp $ */
-
-#ifndef __SNPRINTF_TEST_H__
-#define __SNPRINTF_TEST_H__
-
-/*
- * we cannot use the real names of the functions when testing, since
- * they might have different prototypes as the system functions, hence
- * these evil hacks
- */
-
-#define snprintf test_snprintf
-#define asprintf test_asprintf
-#define asnprintf test_asnprintf
-#define vasprintf test_vasprintf
-#define vasnprintf test_vasnprintf
-#define vsnprintf test_vsnprintf
-
-#endif /* __SNPRINTF_TEST_H__ */
diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c
deleted file mode 100644
index 5e4b85e9c9b0..000000000000
--- a/crypto/heimdal/lib/roken/snprintf.c
+++ /dev/null
@@ -1,655 +0,0 @@
-/*
- * Copyright (c) 1995-2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: snprintf.c,v 1.35 2003/03/26 10:05:48 joda Exp $");
-#endif
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <roken.h>
-
-enum format_flags {
-    minus_flag     =  1,
-    plus_flag      =  2,
-    space_flag     =  4,
-    alternate_flag =  8,
-    zero_flag      = 16
-};
-
-/*
- * Common state
- */
-
-struct snprintf_state {
-  unsigned char *str;
-  unsigned char *s;
-  unsigned char *theend;
-  size_t sz;
-  size_t max_sz;
-  void (*append_char)(struct snprintf_state *, unsigned char);
-  /* XXX - methods */
-};
-
-#if TEST_SNPRINTF
-#include "snprintf-test.h"
-#endif /* TEST_SNPRINTF */
-
-#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
-static int
-sn_reserve (struct snprintf_state *state, size_t n)
-{
-  return state->s + n > state->theend;
-}
-
-static void
-sn_append_char (struct snprintf_state *state, unsigned char c)
-{
-  if (!sn_reserve (state, 1))
-    *state->s++ = c;
-}
-#endif
-
-static int
-as_reserve (struct snprintf_state *state, size_t n)
-{
-  if (state->s + n > state->theend) {
-    int off = state->s - state->str;
-    unsigned char *tmp;
-
-    if (state->max_sz && state->sz >= state->max_sz)
-      return 1;
-
-    state->sz = max(state->sz * 2, state->sz + n);
-    if (state->max_sz)
-      state->sz = min(state->sz, state->max_sz);
-    tmp = realloc (state->str, state->sz);
-    if (tmp == NULL)
-      return 1;
-    state->str = tmp;
-    state->s = state->str + off;
-    state->theend = state->str + state->sz - 1;
-  }
-  return 0;
-}
-
-static void
-as_append_char (struct snprintf_state *state, unsigned char c)
-{
-  if(!as_reserve (state, 1))
-    *state->s++ = c;
-}
-
-/* longest integer types */
-
-#ifdef HAVE_LONG_LONG
-typedef unsigned long long u_longest;
-typedef long long longest;
-#else
-typedef unsigned long u_longest;
-typedef long longest;
-#endif
-
-/*
- * is # supposed to do anything?
- */
-
-static int
-use_alternative (int flags, u_longest num, unsigned base)
-{
-  return flags & alternate_flag && (base == 16 || base == 8) && num != 0;
-}
-
-static int
-append_number(struct snprintf_state *state,
-	      u_longest num, unsigned base, const char *rep,
-	      int width, int prec, int flags, int minusp)
-{
-  int len = 0;
-  int i;
-  u_longest n = num;
-
-  /* given precision, ignore zero flag */
-  if(prec != -1)
-    flags &= ~zero_flag;
-  else
-    prec = 1;
-  /* zero value with zero precision -> "" */
-  if(prec == 0 && n == 0)
-    return 0;
-  do{
-    (*state->append_char)(state, rep[n % base]);
-    ++len;
-    n /= base;
-  } while(n);
-  prec -= len;
-  /* pad with prec zeros */
-  while(prec-- > 0){
-    (*state->append_char)(state, '0');
-    ++len;
-  }
-  /* add length of alternate prefix (added later) to len */
-  if(use_alternative(flags, num, base))
-    len += base / 8;
-  /* pad with zeros */
-  if(flags & zero_flag){
-    width -= len;
-    if(minusp || (flags & space_flag) || (flags & plus_flag))
-      width--;
-    while(width-- > 0){
-      (*state->append_char)(state, '0');
-      len++;
-    }
-  }
-  /* add alternate prefix */
-  if(use_alternative(flags, num, base)){
-    if(base == 16)
-      (*state->append_char)(state, rep[10] + 23); /* XXX */
-    (*state->append_char)(state, '0');
-  }
-  /* add sign */
-  if(minusp){
-    (*state->append_char)(state, '-');
-    ++len;
-  } else if(flags & plus_flag) {
-    (*state->append_char)(state, '+');
-    ++len;
-  } else if(flags & space_flag) {
-    (*state->append_char)(state, ' ');
-    ++len;
-  }
-  if(flags & minus_flag)
-    /* swap before padding with spaces */
-    for(i = 0; i < len / 2; i++){
-      char c = state->s[-i-1];
-      state->s[-i-1] = state->s[-len+i];
-      state->s[-len+i] = c;
-    }
-  width -= len;
-  while(width-- > 0){
-    (*state->append_char)(state,  ' ');
-    ++len;
-  }
-  if(!(flags & minus_flag))
-    /* swap after padding with spaces */
-    for(i = 0; i < len / 2; i++){
-      char c = state->s[-i-1];
-      state->s[-i-1] = state->s[-len+i];
-      state->s[-len+i] = c;
-    }
-  return len;
-}
-
-/*
- * return length
- */
-
-static int
-append_string (struct snprintf_state *state,
-	       const unsigned char *arg,
-	       int width,
-	       int prec,
-	       int flags)
-{
-    int len = 0;
-
-    if(arg == NULL)
-	arg = (const unsigned char*)"(null)";
-
-    if(prec != -1)
-	width -= prec;
-    else
-	width -= strlen((const char *)arg);
-    if(!(flags & minus_flag))
-	while(width-- > 0) {
-	    (*state->append_char) (state, ' ');
-	    ++len;
-	}
-    if (prec != -1) {
-	while (*arg && prec--) {
-	    (*state->append_char) (state, *arg++);
-	    ++len;
-	}
-    } else {
-	while (*arg) {
-	    (*state->append_char) (state, *arg++);
-	    ++len;
-	}
-    }
-    if(flags & minus_flag)
-	while(width-- > 0) {
-	    (*state->append_char) (state, ' ');
-	    ++len;
-	}
-    return len;
-}
-
-static int
-append_char(struct snprintf_state *state,
-	    unsigned char arg,
-	    int width,
-	    int flags)
-{
-  int len = 0;
-
-  while(!(flags & minus_flag) && --width > 0) {
-    (*state->append_char) (state, ' ')    ;
-    ++len;
-  }
-  (*state->append_char) (state, arg);
-  ++len;
-  while((flags & minus_flag) && --width > 0) {
-    (*state->append_char) (state, ' ');
-    ++len;
-  }
-  return 0;
-}
-
-/*
- * This can't be made into a function...
- */
-
-#ifdef HAVE_LONG_LONG
-
-#define PARSE_INT_FORMAT(res, arg, unsig) \
-if (long_long_flag) \
-     res = (unsig long long)va_arg(arg, unsig long long); \
-else if (long_flag) \
-     res = (unsig long)va_arg(arg, unsig long); \
-else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig int); \
-else \
-     res = (unsig int)va_arg(arg, unsig int)
-
-#else
-
-#define PARSE_INT_FORMAT(res, arg, unsig) \
-if (long_flag) \
-     res = (unsig long)va_arg(arg, unsig long); \
-else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig int); \
-else \
-     res = (unsig int)va_arg(arg, unsig int)
-
-#endif
-
-/*
- * zyxprintf - return length, as snprintf
- */
-
-static int
-xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap)
-{
-  const unsigned char *format = (const unsigned char *)char_format;
-  unsigned char c;
-  int len = 0;
-
-  while((c = *format++)) {
-    if (c == '%') {
-      int flags          = 0;
-      int width          = 0;
-      int prec           = -1;
-      int long_long_flag = 0;
-      int long_flag      = 0;
-      int short_flag     = 0;
-
-      /* flags */
-      while((c = *format++)){
-	if(c == '-')
-	  flags |= minus_flag;
-	else if(c == '+')
-	  flags |= plus_flag;
-	else if(c == ' ')
-	  flags |= space_flag;
-	else if(c == '#')
-	  flags |= alternate_flag;
-	else if(c == '0')
-	  flags |= zero_flag;
-	else if(c == '\'')
-	    ; /* just ignore */
-	else
-	  break;
-      }
-      
-      if((flags & space_flag) && (flags & plus_flag))
-	flags ^= space_flag;
-
-      if((flags & minus_flag) && (flags & zero_flag))
-	flags ^= zero_flag;
-
-      /* width */
-      if (isdigit(c))
-	do {
-	  width = width * 10 + c - '0';
-	  c = *format++;
-	} while(isdigit(c));
-      else if(c == '*') {
-	width = va_arg(ap, int);
-	c = *format++;
-      }
-
-      /* precision */
-      if (c == '.') {
-	prec = 0;
-	c = *format++;
-	if (isdigit(c))
-	  do {
-	    prec = prec * 10 + c - '0';
-	    c = *format++;
-	  } while(isdigit(c));
-	else if (c == '*') {
-	  prec = va_arg(ap, int);
-	  c = *format++;
-	}
-      }
-
-      /* size */
-
-      if (c == 'h') {
-	short_flag = 1;
-	c = *format++;
-      } else if (c == 'l') {
-	long_flag = 1;
-	c = *format++;
-	if (c == 'l') {
-	    long_long_flag = 1;
-	    c = *format++;
-	}
-      }
-
-      switch (c) {
-      case 'c' :
-	append_char(state, va_arg(ap, int), width, flags);
-	++len;
-	break;
-      case 's' :
-	len += append_string(state,
-			     va_arg(ap, unsigned char*),
-			     width,
-			     prec, 
-			     flags);
-	break;
-      case 'd' :
-      case 'i' : {
-	longest arg;
-	u_longest num;
-	int minusp = 0;
-
-	PARSE_INT_FORMAT(arg, ap, signed);
-
-	if (arg < 0) {
-	  minusp = 1;
-	  num = -arg;
-	} else
-	  num = arg;
-
-	len += append_number (state, num, 10, "0123456789",
-			      width, prec, flags, minusp);
-	break;
-      }
-      case 'u' : {
-	u_longest arg;
-
-	PARSE_INT_FORMAT(arg, ap, unsigned);
-
-	len += append_number (state, arg, 10, "0123456789",
-			      width, prec, flags, 0);
-	break;
-      }
-      case 'o' : {
-	u_longest arg;
-
-	PARSE_INT_FORMAT(arg, ap, unsigned);
-
-	len += append_number (state, arg, 010, "01234567",
-			      width, prec, flags, 0);
-	break;
-      }
-      case 'x' : {
-	u_longest arg;
-
-	PARSE_INT_FORMAT(arg, ap, unsigned);
-
-	len += append_number (state, arg, 0x10, "0123456789abcdef",
-			      width, prec, flags, 0);
-	break;
-      }
-      case 'X' :{
-	u_longest arg;
-
-	PARSE_INT_FORMAT(arg, ap, unsigned);
-
-	len += append_number (state, arg, 0x10, "0123456789ABCDEF",
-			      width, prec, flags, 0);
-	break;
-      }
-      case 'p' : {
-	unsigned long arg = (unsigned long)va_arg(ap, void*);
-
-	len += append_number (state, arg, 0x10, "0123456789ABCDEF",
-			      width, prec, flags, 0);
-	break;
-      }
-      case 'n' : {
-	int *arg = va_arg(ap, int*);
-	*arg = state->s - state->str;
-	break;
-      }
-      case '\0' :
-	  --format;
-	  /* FALLTHROUGH */
-      case '%' :
-	(*state->append_char)(state, c);
-	++len;
-	break;
-      default :
-	(*state->append_char)(state, '%');
-	(*state->append_char)(state, c);
-	len += 2;
-	break;
-      }
-    } else {
-      (*state->append_char) (state, c);
-      ++len;
-    }
-  }
-  return len;
-}
-
-#if !defined(HAVE_SNPRINTF) || defined(TEST_SNPRINTF)
-int
-snprintf (char *str, size_t sz, const char *format, ...)
-{
-  va_list args;
-  int ret;
-
-  va_start(args, format);
-  ret = vsnprintf (str, sz, format, args);
-  va_end(args);
-
-#ifdef PARANOIA
-  {
-    int ret2;
-    char *tmp;
-
-    tmp = malloc (sz);
-    if (tmp == NULL)
-      abort ();
-
-    va_start(args, format);
-    ret2 = vsprintf (tmp, format, args);
-    va_end(args);
-    if (ret != ret2 || strcmp(str, tmp))
-      abort ();
-    free (tmp);
-  }
-#endif
-
-  return ret;
-}
-#endif
-
-#if !defined(HAVE_ASPRINTF) || defined(TEST_SNPRINTF)
-int
-asprintf (char **ret, const char *format, ...)
-{
-  va_list args;
-  int val;
-
-  va_start(args, format);
-  val = vasprintf (ret, format, args);
-  va_end(args);
-
-#ifdef PARANOIA
-  {
-    int ret2;
-    char *tmp;
-    tmp = malloc (val + 1);
-    if (tmp == NULL)
-      abort ();
-
-    va_start(args, format);
-    ret2 = vsprintf (tmp, format, args);
-    va_end(args);
-    if (val != ret2 || strcmp(*ret, tmp))
-      abort ();
-    free (tmp);
-  }
-#endif
-
-  return val;
-}
-#endif
-
-#if !defined(HAVE_ASNPRINTF) || defined(TEST_SNPRINTF)
-int
-asnprintf (char **ret, size_t max_sz, const char *format, ...)
-{
-  va_list args;
-  int val;
-
-  va_start(args, format);
-  val = vasnprintf (ret, max_sz, format, args);
-
-#ifdef PARANOIA
-  {
-    int ret2;
-    char *tmp;
-    tmp = malloc (val + 1);
-    if (tmp == NULL)
-      abort ();
-
-    ret2 = vsprintf (tmp, format, args);
-    if (val != ret2 || strcmp(*ret, tmp))
-      abort ();
-    free (tmp);
-  }
-#endif
-
-  va_end(args);
-  return val;
-}
-#endif
-
-#if !defined(HAVE_VASPRINTF) || defined(TEST_SNPRINTF)
-int
-vasprintf (char **ret, const char *format, va_list args)
-{
-  return vasnprintf (ret, 0, format, args);
-}
-#endif
-
-
-#if !defined(HAVE_VASNPRINTF) || defined(TEST_SNPRINTF)
-int
-vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
-{
-  int st;
-  struct snprintf_state state;
-
-  state.max_sz = max_sz;
-  state.sz     = 1;
-  state.str    = malloc(state.sz);
-  if (state.str == NULL) {
-    *ret = NULL;
-    return -1;
-  }
-  state.s = state.str;
-  state.theend = state.s + state.sz - 1;
-  state.append_char = as_append_char;
-
-  st = xyzprintf (&state, format, args);
-  if (st > state.sz) {
-    free (state.str);
-    *ret = NULL;
-    return -1;
-  } else {
-    char *tmp;
-
-    *state.s = '\0';
-    tmp = realloc (state.str, st+1);
-    if (tmp == NULL) {
-      free (state.str);
-      *ret = NULL;
-      return -1;
-    }
-    *ret = tmp;
-    return st;
-  }
-}
-#endif
-
-#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
-int
-vsnprintf (char *str, size_t sz, const char *format, va_list args)
-{
-  struct snprintf_state state;
-  int ret;
-  unsigned char *ustr = (unsigned char *)str;
-
-  state.max_sz = 0;
-  state.sz     = sz;
-  state.str    = ustr;
-  state.s      = ustr;
-  state.theend = ustr + sz - (sz > 0);
-  state.append_char = sn_append_char;
-
-  ret = xyzprintf (&state, format, args);
-  if (state.s != NULL)
-    *state.s = '\0';
-  return ret;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/snprintf.lo b/crypto/heimdal/lib/roken/snprintf.lo
deleted file mode 100644
index ecaa7e7eaf9a..000000000000
--- a/crypto/heimdal/lib/roken/snprintf.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/socket.c b/crypto/heimdal/lib/roken/socket.c
deleted file mode 100644
index bd670133097d..000000000000
--- a/crypto/heimdal/lib/roken/socket.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * Copyright (c) 1999 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: socket.c,v 1.8 2003/04/15 03:26:51 lha Exp $");
-#endif
-
-#include <roken.h>
-#include <err.h>
-
-/*
- * Set `sa' to the unitialized address of address family `af'
- */
-
-void
-socket_set_any (struct sockaddr *sa, int af)
-{
-    switch (af) {
-    case AF_INET : {
-	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-
-	memset (sin, 0, sizeof(*sin));
-	sin->sin_family = AF_INET;
-	sin->sin_port   = 0;
-	sin->sin_addr.s_addr = INADDR_ANY;
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	memset (sin6, 0, sizeof(*sin6));
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_port   = 0;
-	sin6->sin6_addr   = in6addr_any;
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * set `sa' to (`ptr', `port')
- */
-
-void
-socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-
-	memset (sin, 0, sizeof(*sin));
-	sin->sin_family = AF_INET;
-	sin->sin_port   = port;
-	memcpy (&sin->sin_addr, ptr, sizeof(struct in_addr));
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-
-	memset (sin6, 0, sizeof(*sin6));
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_port   = port;
-	memcpy (&sin6->sin6_addr, ptr, sizeof(struct in6_addr));
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the size of an address of the type in `sa'
- */
-
-size_t
-socket_addr_size (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET :
-	return sizeof(struct in_addr);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return sizeof(struct in6_addr);
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the size of a `struct sockaddr' in `sa'.
- */
-
-size_t
-socket_sockaddr_size (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET :
-	return sizeof(struct sockaddr_in);
-#ifdef HAVE_IPV6
-    case AF_INET6 :
-	return sizeof(struct sockaddr_in6);
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the binary address of `sa'.
- */
-
-void *
-socket_get_address (struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-	return &sin->sin_addr;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-	return &sin6->sin6_addr;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Return the port number from `sa'.
- */
-
-int
-socket_get_port (const struct sockaddr *sa)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	const struct sockaddr_in *sin = (const struct sockaddr_in *)sa;
-	return sin->sin_port;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
-	return sin6->sin6_port;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Set the port in `sa' to `port'.
- */
-
-void
-socket_set_port (struct sockaddr *sa, int port)
-{
-    switch (sa->sa_family) {
-    case AF_INET : {
-	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-	sin->sin_port = port;
-	break;
-    }
-#ifdef HAVE_IPV6
-    case AF_INET6 : {
-	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
-	sin6->sin6_port = port;
-	break;
-    }
-#endif
-    default :
-	errx (1, "unknown address family %d", sa->sa_family);
-	break;
-    }
-}
-
-/*
- * Set the range of ports to use when binding with port = 0.
- */
-void
-socket_set_portrange (int sock, int restr, int af)
-{
-#if defined(IP_PORTRANGE)
-	if (af == AF_INET) {
-		int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
-		if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
-		    sizeof(on)) < 0)
-			warn ("setsockopt IP_PORTRANGE (ignored)");
-	}
-#endif
-#if defined(IPV6_PORTRANGE)
-	if (af == AF_INET6) {
-		int on = restr ? IPV6_PORTRANGE_HIGH : 
-		    IPV6_PORTRANGE_DEFAULT;
-		if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
-		    sizeof(on)) < 0)
-			warn ("setsockopt IPV6_PORTRANGE (ignored)");
-	}
-#endif
-}
-	
-/*
- * Enable debug on `sock'.
- */
-
-void
-socket_set_debug (int sock)
-{
-#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
-    int on = 1;
-
-    if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
-	warn ("setsockopt SO_DEBUG (ignored)");
-#endif
-}
-
-/*
- * Set the type-of-service of `sock' to `tos'.
- */
-
-void
-socket_set_tos (int sock, int tos)
-{
-#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
-    if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
-	if (errno != EINVAL)
-	    warn ("setsockopt TOS (ignored)");
-#endif
-}
-
-/*
- * set the reuse of addresses on `sock' to `val'.
- */
-
-void
-socket_set_reuseaddr (int sock, int val)
-{
-#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
-    if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
-		  sizeof(val)) < 0)
-	err (1, "setsockopt SO_REUSEADDR");
-#endif
-}
diff --git a/crypto/heimdal/lib/roken/socket.lo b/crypto/heimdal/lib/roken/socket.lo
deleted file mode 100644
index 69d71e725871..000000000000
--- a/crypto/heimdal/lib/roken/socket.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/strcasecmp.c b/crypto/heimdal/lib/roken/strcasecmp.c
deleted file mode 100644
index cde5b3bf9282..000000000000
--- a/crypto/heimdal/lib/roken/strcasecmp.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strcasecmp.c,v 1.10 2003/04/14 11:26:27 lha Exp $");
-#endif
-
-#include <string.h>
-#include <ctype.h>
-#include <stddef.h>
-#include "roken.h"
-
-#ifndef HAVE_STRCASECMP
-
-int
-strcasecmp(const char *s1, const char *s2)
-{
-    while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) {
-	if(*s1 == '\0')
-	    return 0;
-	s1++;
-	s2++;
-    }
-    return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strcollect.c b/crypto/heimdal/lib/roken/strcollect.c
deleted file mode 100644
index 1e82ad01b73a..000000000000
--- a/crypto/heimdal/lib/roken/strcollect.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strcollect.c,v 1.1 2000/01/09 10:57:43 assar Exp $");
-#endif
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <roken.h>
-
-enum { initial = 10, increment = 5 };
-
-static char **
-sub (char **argv, int i, int argc, va_list *ap)
-{
-    do {
-	if(i == argc) {
-	    /* realloc argv */
-	    char **tmp = realloc(argv, (argc + increment) * sizeof(*argv));
-	    if(tmp == NULL) {
-		free(argv);
-		errno = ENOMEM;
-		return NULL;
-	    }
-	    argv  = tmp;
-	    argc += increment;
-	}
-	argv[i++] = va_arg(*ap, char*);
-    } while(argv[i - 1] != NULL);
-    return argv;
-}
-
-/*
- * return a malloced vector of pointers to the strings in `ap'
- * terminated by NULL.
- */
-
-char **
-vstrcollect(va_list *ap)
-{
-    return sub (NULL, 0, 0, ap);
-}
-
-/*
- *
- */
-
-char **
-strcollect(char *first, ...)
-{
-    va_list ap;
-    char **ret = malloc (initial * sizeof(char *));
-
-    if (ret == NULL)
-	return ret;
-
-    ret[0] = first;
-    va_start(ap, first);
-    ret = sub (ret, 1, initial, &ap);
-    va_end(ap);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/strcollect.lo b/crypto/heimdal/lib/roken/strcollect.lo
deleted file mode 100644
index befd266ab581..000000000000
--- a/crypto/heimdal/lib/roken/strcollect.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/strdup.c b/crypto/heimdal/lib/roken/strdup.c
deleted file mode 100644
index 87fb43eb7d6e..000000000000
--- a/crypto/heimdal/lib/roken/strdup.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strdup.c,v 1.10 1999/12/02 16:58:53 joda Exp $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#ifndef HAVE_STRDUP
-char *
-strdup(const char *old)
-{
-	char *t = malloc(strlen(old)+1);
-	if (t != 0)
-		strcpy(t, old);
-	return t;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strerror.c b/crypto/heimdal/lib/roken/strerror.c
deleted file mode 100644
index 21936d71630b..000000000000
--- a/crypto/heimdal/lib/roken/strerror.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strerror.c,v 1.10 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-extern int sys_nerr;
-extern char *sys_errlist[];
-
-char*
-strerror(int eno)
-{
-    static char emsg[1024];
-
-    if(eno < 0 || eno >= sys_nerr)
-	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
-    else
-	snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]);
-
-    return emsg;
-}
diff --git a/crypto/heimdal/lib/roken/strftime.c b/crypto/heimdal/lib/roken/strftime.c
deleted file mode 100644
index 985b38aa7d78..000000000000
--- a/crypto/heimdal/lib/roken/strftime.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strftime.c,v 1.13 2002/08/20 12:42:37 joda Exp $");
-
-static const char *abb_weekdays[] = {
-    "Sun",
-    "Mon",
-    "Tue",
-    "Wed",
-    "Thu",
-    "Fri",
-    "Sat",
-};
-
-static const char *full_weekdays[] = {
-    "Sunday",
-    "Monday",
-    "Tuesday",
-    "Wednesday",
-    "Thursday",
-    "Friday",
-    "Saturday",
-};
-
-static const char *abb_month[] = {
-    "Jan",
-    "Feb",
-    "Mar",
-    "Apr",
-    "May",
-    "Jun",
-    "Jul",
-    "Aug",
-    "Sep",
-    "Oct",
-    "Nov",
-    "Dec"
-};
-
-static const char *full_month[] = {
-    "January",
-    "February",
-    "Mars",
-    "April",
-    "May",
-    "June",
-    "July",
-    "August",
-    "September",
-    "October",
-    "November",
-    "December"
-};
-
-static const char *ampm[] = {
-    "AM",
-    "PM"
-};
-
-/*
- * Convert hour in [0, 24] to [12 1 - 11 12 1 - 11 12]
- */
-
-static int
-hour_24to12 (int hour)
-{
-    int ret = hour % 12;
-
-    if (ret == 0)
-	ret = 12;
-    return ret;
-}
-
-/*
- * Return AM or PM for `hour'
- */
-
-static const char *
-hour_to_ampm (int hour)
-{
-    return ampm[hour / 12];
-}
-
-/*
- * Return the week number of `tm' (Sunday being the first day of the week)
- * as [0, 53]
- */
-
-static int
-week_number_sun (const struct tm *tm)
-{
-    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - tm->tm_wday + 7) % 7) / 7;
-}
-
-/*
- * Return the week number of `tm' (Monday being the first day of the week)
- * as [0, 53]
- */
-
-static int
-week_number_mon (const struct tm *tm)
-{
-    int wday = (tm->tm_wday + 6) % 7;
-
-    return (tm->tm_yday + 7 - (tm->tm_yday % 7 - wday + 7) % 7) / 7;
-}
-
-/*
- * Return the week number of `tm' (Monday being the first day of the
- * week) as [01, 53].  Week number one is the one that has four or more
- * days in that year.
- */
-
-static int
-week_number_mon4 (const struct tm *tm)
-{
-    int wday  = (tm->tm_wday + 6) % 7;
-    int w1day = (wday - tm->tm_yday % 7 + 7) % 7;
-    int ret;
-    
-    ret = (tm->tm_yday + w1day) / 7;
-    if (w1day >= 4)
-	--ret;
-    if (ret == -1)
-	ret = 53;
-    else
-	++ret;
-    return ret;
-}
-
-/*
- *
- */
-
-size_t
-strftime (char *buf, size_t maxsize, const char *format,
-	  const struct tm *tm)
-{
-    size_t n = 0;
-    int ret;
-
-    while (*format != '\0' && n < maxsize) {
-	if (*format == '%') {
-	    ++format;
-	    if(*format == 'E' || *format == 'O')
-		++format;
-	    switch (*format) {
-	    case 'a' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", abb_weekdays[tm->tm_wday]);
-		break;
-	    case 'A' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", full_weekdays[tm->tm_wday]);
-		break;
-	    case 'h' :
-	    case 'b' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", abb_month[tm->tm_mon]);
-		break;
-	    case 'B' :
-		ret = snprintf (buf, maxsize - n,
-				"%s", full_month[tm->tm_mon]);
-		break;
-	    case 'c' :
-		ret = snprintf (buf, maxsize - n,
-				"%d:%02d:%02d %02d:%02d:%02d",
-				tm->tm_year,
-				tm->tm_mon + 1,
-				tm->tm_mday,
-				tm->tm_hour,
-				tm->tm_min,
-				tm->tm_sec);
-		break;
-	    case 'C' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", (tm->tm_year + 1900) / 100);
-		break;
-	    case 'd' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_mday);
-		break;
-	    case 'D' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d/%02d/%02d",
-				tm->tm_mon + 1,
-				tm->tm_mday,
-				(tm->tm_year + 1900) % 100);
-		break;
-	    case 'e' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d", tm->tm_mday);
-		break;
-	    case 'F':
-		ret = snprintf (buf, maxsize - n,
-				"%04d-%02d-%02d", tm->tm_year + 1900,
-				tm->tm_mon + 1, tm->tm_mday);
-		break;
-	    case 'g':
-		/* last two digits of week-based year */
-		abort();
-	    case 'G':
-		/* week-based year */
-		abort();
-	    case 'H' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_hour);
-		break;
-	    case 'I' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d",
-				hour_24to12 (tm->tm_hour));
-		break;
-	    case 'j' :
-		ret = snprintf (buf, maxsize - n,
-				"%03d", tm->tm_yday + 1);
-		break;
-	    case 'k' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d", tm->tm_hour);
-		break;
-	    case 'l' :
-		ret = snprintf (buf, maxsize - n,
-				"%2d",
-				hour_24to12 (tm->tm_hour));
-		break;
-	    case 'm' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_mon + 1);
-		break;
-	    case 'M' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_min);
-		break;
-	    case 'n' :
-		ret = snprintf (buf, maxsize - n, "\n");
-		break;
-	    case 'p' :
-		ret = snprintf (buf, maxsize - n, "%s",
-				hour_to_ampm (tm->tm_hour));
-		break;
-	    case 'r' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d:%02d %s",
-				hour_24to12 (tm->tm_hour),
-				tm->tm_min,
-				tm->tm_sec,
-				hour_to_ampm (tm->tm_hour));
-		break;
-	    case 'R' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d",
-				tm->tm_hour,
-				tm->tm_min);
-		    
-	    case 's' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", (int)mktime((struct tm *)tm));
-		break;
-	    case 'S' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", tm->tm_sec);
-		break;
-	    case 't' :
-		ret = snprintf (buf, maxsize - n, "\t");
-		break;
-	    case 'T' :
-	    case 'X' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d:%02d:%02d",
-				tm->tm_hour,
-				tm->tm_min,
-				tm->tm_sec);
-		break;
-	    case 'u' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday);
-		break;
-	    case 'U' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_sun (tm));
-		break;
-	    case 'V' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_mon4 (tm));
-		break;
-	    case 'w' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", tm->tm_wday);
-		break;
-	    case 'W' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", week_number_mon (tm));
-		break;
-	    case 'x' :
-		ret = snprintf (buf, maxsize - n,
-				"%d:%02d:%02d",
-				tm->tm_year,
-				tm->tm_mon + 1,
-				tm->tm_mday);
-		break;
-	    case 'y' :
-		ret = snprintf (buf, maxsize - n,
-				"%02d", (tm->tm_year + 1900) % 100);
-		break;
-	    case 'Y' :
-		ret = snprintf (buf, maxsize - n,
-				"%d", tm->tm_year + 1900);
-		break;
-	    case 'z':
-		ret = snprintf (buf, maxsize - n,
-				"%ld",
-#if defined(HAVE_STRUCT_TM_TM_GMTOFF)
-				(long)tm->tm_gmtoff
-#elif defined(HAVE_TIMEZONE)
-#ifdef HAVE_ALTZONE
-				tm->tm_isdst ?
-				(long)altzone :
-#endif
-				(long)timezone
-#else
-#error Where in timezone chaos are you?
-#endif    
-				);
-		break;
-	    case 'Z' :
-		ret = snprintf (buf, maxsize - n,
-				"%s",
-
-#if defined(HAVE_STRUCT_TM_TM_ZONE)
-				tm->tm_zone
-#elif defined(HAVE_TIMEZONE)
-				tzname[tm->tm_isdst]
-#else
-#error what?
-#endif
-		    );
-		break;
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		ret = snprintf (buf, maxsize - n,
-				"%%");
-		break;
-	    default :
-		ret = snprintf (buf, maxsize - n,
-				"%%%c", *format);
-		break;
-	    }
-	    if (ret < 0 || ret >= maxsize - n)
-		return 0;
-	    n   += ret;
-	    buf += ret;
-	    ++format;
-	} else {
-	    *buf++ = *format++;
-	    ++n;
-	}
-    }
-    *buf++ = '\0';
-    return n;
-}
diff --git a/crypto/heimdal/lib/roken/strlcat.c b/crypto/heimdal/lib/roken/strlcat.c
deleted file mode 100644
index 1366e88f0822..000000000000
--- a/crypto/heimdal/lib/roken/strlcat.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strlcat.c,v 1.6 2002/08/20 09:46:20 joda Exp $");
-
-#ifndef HAVE_STRLCAT
-
-size_t
-strlcat (char *dst, const char *src, size_t dst_sz)
-{
-    size_t len = strlen(dst);
-
-    if (dst_sz < len)
-	/* the total size of dst is less than the string it contains;
-           this could be considered bad input, but we might as well
-           handle it */
-	return len + strlen(src);
-
-    return len + strlcpy (dst + len, src, dst_sz - len);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strlcpy.c b/crypto/heimdal/lib/roken/strlcpy.c
deleted file mode 100644
index b43dbdeaaf39..000000000000
--- a/crypto/heimdal/lib/roken/strlcpy.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995-2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strlcpy.c,v 1.6 2002/08/20 09:42:08 joda Exp $");
-
-#ifndef HAVE_STRLCPY
-
-size_t
-strlcpy (char *dst, const char *src, size_t dst_sz)
-{
-    size_t n;
-
-    for (n = 0; n < dst_sz; n++) {
-	if ((*dst++ = *src++) == '\0')
-	    break;
-    }
-
-    if (n < dst_sz)
-	return n;
-    if (n > 0)
-	*(dst - 1) = '\0';
-    return n + strlen (src);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strlwr.c b/crypto/heimdal/lib/roken/strlwr.c
deleted file mode 100644
index f2c6a9f5c7be..000000000000
--- a/crypto/heimdal/lib/roken/strlwr.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strlwr.c,v 1.5 2003/04/14 11:44:34 lha Exp $");
-#endif
-#include <string.h>
-#include <ctype.h>
-
-#include <roken.h>
-
-#ifndef HAVE_STRLWR
-char *
-strlwr(char *str)
-{
-  char *s;
-
-  for(s = str; *s; s++)
-    *s = tolower((unsigned char)*s);
-  return str;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strlwr.lo b/crypto/heimdal/lib/roken/strlwr.lo
deleted file mode 100644
index 3b3ab2d38603..000000000000
--- a/crypto/heimdal/lib/roken/strlwr.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/strncasecmp.c b/crypto/heimdal/lib/roken/strncasecmp.c
deleted file mode 100644
index a08d9e84bc02..000000000000
--- a/crypto/heimdal/lib/roken/strncasecmp.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strncasecmp.c,v 1.3 2003/04/14 11:46:04 lha Exp $");
-#endif
-
-#include <string.h>
-#include <ctype.h>
-#include <stddef.h>
-
-#ifndef HAVE_STRNCASECMP
-
-int
-strncasecmp(const char *s1, const char *s2, size_t n)
-{
-    while(n > 0 
-	  && toupper((unsigned char)*s1) == toupper((unsigned char)*s2))
-    {
-	if(*s1 == '\0')
-	    return 0;
-	s1++;
-	s2++;
-	n--;
-    }
-    if(n == 0)
-	return 0;
-    return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strndup.c b/crypto/heimdal/lib/roken/strndup.c
deleted file mode 100644
index 31e7e9f6a1c4..000000000000
--- a/crypto/heimdal/lib/roken/strndup.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strndup.c,v 1.2 1999/12/02 16:58:53 joda Exp $");
-#endif
-#include <stdlib.h>
-#include <string.h>
-
-#include <roken.h>
-
-#ifndef HAVE_STRNDUP
-char *
-strndup(const char *old, size_t sz)
-{
-    size_t len = strnlen (old, sz);
-    char *t    = malloc(len + 1);
-
-    if (t != NULL) {
-	memcpy (t, old, len);
-	t[len] = '\0';
-    }
-    return t;
-}
-#endif /* HAVE_STRNDUP */
diff --git a/crypto/heimdal/lib/roken/strndup.lo b/crypto/heimdal/lib/roken/strndup.lo
deleted file mode 100644
index 38d1424f07ba..000000000000
--- a/crypto/heimdal/lib/roken/strndup.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/strnlen.c b/crypto/heimdal/lib/roken/strnlen.c
deleted file mode 100644
index fffb3b74f555..000000000000
--- a/crypto/heimdal/lib/roken/strnlen.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strnlen.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#include "roken.h"
-
-size_t
-strnlen(const char *s, size_t len)
-{
-    size_t i;
-
-    for(i = 0; i < len && s[i]; i++)
-	;
-    return i;
-}
diff --git a/crypto/heimdal/lib/roken/strnlen.lo b/crypto/heimdal/lib/roken/strnlen.lo
deleted file mode 100644
index 2ebb7566a581..000000000000
--- a/crypto/heimdal/lib/roken/strnlen.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/strpftime-test.c b/crypto/heimdal/lib/roken/strpftime-test.c
deleted file mode 100644
index 7eb8fb85eb2a..000000000000
--- a/crypto/heimdal/lib/roken/strpftime-test.c
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-RCSID("$Id: strpftime-test.c,v 1.2 1999/11/12 15:29:55 assar Exp $");
-
-enum { MAXSIZE = 26 };
-
-static struct testcase {
-    time_t t;
-    struct {
-	const char *format;
-	const char *result;
-    } vals[MAXSIZE];
-} tests[] = {
-    {0,
-     {
-	 {"%A", "Thursday"},
-	 {"%a", "Thu"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "01"},
-	 {"%e", " 1"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "001"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "4"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}}
-    },
-    {90000,
-     {
-	 {"%A", "Friday"},
-	 {"%a", "Fri"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "02"},
-	 {"%e", " 2"},
-	 {"%H", "01"},
-	 {"%I", "01"},
-	 {"%j", "002"},
-	 {"%k", " 1"},
-	 {"%l", " 1"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "5"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {216306,
-     {
-	 {"%A", "Saturday"},
-	 {"%a", "Sat"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "03"},
-	 {"%e", " 3"},
-	 {"%H", "12"},
-	 {"%I", "12"},
-	 {"%j", "003"},
-	 {"%k", "12"},
-	 {"%l", "12"},
-	 {"%M", "05"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "PM"},
-	 {"%S", "06"},
-	 {"%t", "\t"},
-	 {"%w", "6"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {259200,
-     {
-	 {"%A", "Sunday"},
-	 {"%a", "Sun"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "04"},
-	 {"%e", " 4"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "004"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "0"},
-	 {"%Y", "1970"},
-	 {"%y", "70"},
-	 {"%U", "01"},
-	 {"%W", "00"},
-	 {"%V", "01"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    },
-    {915148800,
-     {
-	 {"%A", "Friday"},
-	 {"%a", "Fri"},
-	 {"%B", "January"},
-	 {"%b", "Jan"},
-	 {"%C", "19"},
-	 {"%d", "01"},
-	 {"%e", " 1"},
-	 {"%H", "00"},
-	 {"%I", "12"},
-	 {"%j", "001"},
-	 {"%k", " 0"},
-	 {"%l", "12"},
-	 {"%M", "00"},
-	 {"%m", "01"},
-	 {"%n", "\n"},
-	 {"%p", "AM"},
-	 {"%S", "00"},
-	 {"%t", "\t"},
-	 {"%w", "5"},
-	 {"%Y", "1999"},
-	 {"%y", "99"},
-	 {"%U", "00"},
-	 {"%W", "00"},
-	 {"%V", "53"},
-	 {"%%", "%"},
-	 {NULL, NULL}}
-    },
-    {942161105,
-     {
-
-	 {"%A", "Tuesday"},
-	 {"%a", "Tue"},
-	 {"%B", "November"},
-	 {"%b", "Nov"},
-	 {"%C", "19"},
-	 {"%d", "09"},
-	 {"%e", " 9"},
-	 {"%H", "15"},
-	 {"%I", "03"},
-	 {"%j", "313"},
-	 {"%k", "15"},
-	 {"%l", " 3"},
-	 {"%M", "25"},
-	 {"%m", "11"},
-	 {"%n", "\n"},
-	 {"%p", "PM"},
-	 {"%S", "05"},
-	 {"%t", "\t"},
-	 {"%w", "2"},
-	 {"%Y", "1999"},
-	 {"%y", "99"},
-	 {"%U", "45"},
-	 {"%W", "45"},
-	 {"%V", "45"},
-	 {"%%", "%"},
-	 {NULL, NULL}
-     }
-    }
-};
-
-int
-main(int argc, char **argv)
-{
-    int i, j;
-    int ret = 0;
-
-    for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
-	struct tm *tm;
-
-	tm = gmtime (&tests[i].t);
-
-	for (j = 0; tests[i].vals[j].format != NULL; ++j) {
-	    char buf[128];
-	    size_t len;
-	    struct tm tm2;
-	    char *ptr;
-
-	    len = strftime (buf, sizeof(buf), tests[i].vals[j].format, tm);
-	    if (len != strlen (buf)) {
-		printf ("length of strftime(\"%s\") = %d (\"%s\")\n",
-			tests[i].vals[j].format, len,
-			buf);
-		++ret;
-		continue;
-	    }
-	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
-		printf ("result of strftime(\"%s\") = \"%s\" != \"%s\"\n",
-			tests[i].vals[j].format, buf,
-			tests[i].vals[j].result);
-		++ret;
-		continue;
-	    }
-	    memset (&tm2, 0, sizeof(tm2));
-	    ptr = strptime (tests[i].vals[j].result,
-			    tests[i].vals[j].format,
-			    &tm2);
-	    if (ptr == NULL || *ptr != '\0') {
-		printf ("bad return value from strptime("
-			"\"%s\", \"%s\")\n",
-			tests[i].vals[j].result,
-			tests[i].vals[j].format);
-		++ret;
-	    }
-	    strftime (buf, sizeof(buf), tests[i].vals[j].format, &tm2);
-	    if (strcmp (buf, tests[i].vals[j].result) != 0) {
-		printf ("reverse of \"%s\" failed: \"%s\" vs \"%s\"\n",
-			tests[i].vals[j].format,
-			buf, tests[i].vals[j].result);
-		++ret;
-	    }
-	}
-    }
-    if (ret) {
-	printf ("%d errors\n", ret);
-	return 1;
-    } else
-	return 0;
-}
diff --git a/crypto/heimdal/lib/roken/strptime.c b/crypto/heimdal/lib/roken/strptime.c
deleted file mode 100644
index 36f0822431f8..000000000000
--- a/crypto/heimdal/lib/roken/strptime.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- *    used to endorse or promote products derived from this software without
- *    specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <ctype.h>
-#include "roken.h"
-
-RCSID("$Id: strptime.c,v 1.2 1999/11/12 15:29:55 assar Exp $");
-
-static const char *abb_weekdays[] = {
-    "Sun",
-    "Mon",
-    "Tue",
-    "Wed",
-    "Thu",
-    "Fri",
-    "Sat",
-    NULL
-};
-
-static const char *full_weekdays[] = {
-    "Sunday",
-    "Monday",
-    "Tuesday",
-    "Wednesday",
-    "Thursday",
-    "Friday",
-    "Saturday",
-    NULL
-};
-
-static const char *abb_month[] = {
-    "Jan",
-    "Feb",
-    "Mar",
-    "Apr",
-    "May",
-    "Jun",
-    "Jul",
-    "Aug",
-    "Sep",
-    "Oct",
-    "Nov",
-    "Dec",
-    NULL
-};
-
-static const char *full_month[] = {
-    "January",
-    "February",
-    "Mars",
-    "April",
-    "May",
-    "June",
-    "July",
-    "August",
-    "September",
-    "October",
-    "November",
-    "December",
-    NULL,
-};
-
-static const char *ampm[] = {
-    "am",
-    "pm",
-    NULL
-};
-
-/*
- * Try to match `*buf' to one of the strings in `strs'.  Return the
- * index of the matching string (or -1 if none).  Also advance buf.
- */
-
-static int
-match_string (const char **buf, const char **strs)
-{
-    int i = 0;
-
-    for (i = 0; strs[i] != NULL; ++i) {
-	int len = strlen (strs[i]);
-
-	if (strncasecmp (*buf, strs[i], len) == 0) {
-	    *buf += len;
-	    return i;
-	}
-    }
-    return -1;
-}
-
-/*
- * tm_year is relative this year */
-
-const int tm_year_base = 1900;
-
-/*
- * Return TRUE iff `year' was a leap year.
- */
-
-static int
-is_leap_year (int year)
-{
-    return (year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0);
-}
-
-/*
- * Return the weekday [0,6] (0 = Sunday) of the first day of `year'
- */
-
-static int
-first_day (int year)
-{
-    int ret = 4;
-
-    for (; year > 1970; --year)
-	ret = (ret + 365 + is_leap_year (year) ? 1 : 0) % 7;
-    return ret;
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_sun (struct tm *timeptr, int wnum)
-{
-    int fday = first_day (timeptr->tm_year + tm_year_base);
-
-    timeptr->tm_yday = wnum * 7 + timeptr->tm_wday - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = fday;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_mon (struct tm *timeptr, int wnum)
-{
-    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
-
-    timeptr->tm_yday = wnum * 7 + (timeptr->tm_wday + 6) % 7 - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = (fday + 1) % 7;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- * Set `timeptr' given `wnum' (week number [0, 53])
- */
-
-static void
-set_week_number_mon4 (struct tm *timeptr, int wnum)
-{
-    int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
-    int offset = 0;
-
-    if (fday < 4)
-	offset += 7;
-
-    timeptr->tm_yday = offset + (wnum - 1) * 7 + timeptr->tm_wday - fday;
-    if (timeptr->tm_yday < 0) {
-	timeptr->tm_wday = fday;
-	timeptr->tm_yday = 0;
-    }
-}
-
-/*
- *
- */
-
-char *
-strptime (const char *buf, const char *format, struct tm *timeptr)
-{
-    char c;
-
-    for (; (c = *format) != '\0'; ++format) {
-	char *s;
-	int ret;
-
-	if (isspace (c)) {
-	    while (isspace (*buf))
-		++buf;
-	} else if (c == '%' && format[1] != '\0') {
-	    c = *++format;
-	    if (c == 'E' || c == 'O')
-		c = *++format;
-	    switch (c) {
-	    case 'A' :
-		ret = match_string (&buf, full_weekdays);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'a' :
-		ret = match_string (&buf, abb_weekdays);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		break;
-	    case 'B' :
-		ret = match_string (&buf, full_month);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_mon = ret;
-		break;
-	    case 'b' :
-	    case 'h' :
-		ret = match_string (&buf, abb_month);
-		if (ret < 0)
-		    return NULL;
-		timeptr->tm_mon = ret;
-		break;
-	    case 'C' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_year = (ret * 100) - tm_year_base;
-		buf = s;
-		break;
-	    case 'c' :
-		abort ();
-	    case 'D' :		/* %m/%d/%y */
-		s = strptime (buf, "%m/%d/%y", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'd' :
-	    case 'e' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_mday = ret;
-		buf = s;
-		break;
-	    case 'H' :
-	    case 'k' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_hour = ret;
-		buf = s;
-		break;
-	    case 'I' :
-	    case 'l' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		if (ret == 12)
-		    timeptr->tm_hour = 0;
-		else
-		    timeptr->tm_hour = ret;
-		buf = s;
-		break;
-	    case 'j' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_yday = ret - 1;
-		buf = s;
-		break;
-	    case 'm' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_mon = ret - 1;
-		buf = s;
-		break;
-	    case 'M' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_min = ret;
-		buf = s;
-		break;
-	    case 'n' :
-		if (*buf == '\n')
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    case 'p' :
-		ret = match_string (&buf, ampm);
-		if (ret < 0)
-		    return NULL;
-		if (timeptr->tm_hour == 0) {
-		    if (ret == 1)
-			timeptr->tm_hour = 12;
-		} else
-		    timeptr->tm_hour += 12;
-		break;
-	    case 'r' :		/* %I:%M:%S %p */
-		s = strptime (buf, "%I:%M:%S %p", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'R' :		/* %H:%M */
-		s = strptime (buf, "%H:%M", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'S' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_sec = ret;
-		buf = s;
-		break;
-	    case 't' :
-		if (*buf == '\t')
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    case 'T' :		/* %H:%M:%S */
-	    case 'X' :
-		s = strptime (buf, "%H:%M:%S", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'u' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_wday = ret - 1;
-		buf = s;
-		break;
-	    case 'w' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_wday = ret;
-		buf = s;
-		break;
-	    case 'U' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		set_week_number_sun (timeptr, ret);
-		buf = s;
-		break;
-	    case 'V' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		set_week_number_mon4 (timeptr, ret);
-		buf = s;
-		break;
-	    case 'W' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		set_week_number_mon (timeptr, ret);
-		buf = s;
-		break;
-	    case 'x' :
-		s = strptime (buf, "%Y:%m:%d", timeptr);
-		if (s == NULL)
-		    return NULL;
-		buf = s;
-		break;
-	    case 'y' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		if (ret < 70)
-		    timeptr->tm_year = 100 + ret;
-		else
-		    timeptr->tm_year = ret;
-		buf = s;
-		break;
-	    case 'Y' :
-		ret = strtol (buf, &s, 10);
-		if (s == buf)
-		    return NULL;
-		timeptr->tm_year = ret - tm_year_base;
-		buf = s;
-		break;
-	    case 'Z' :
-		abort ();
-	    case '\0' :
-		--format;
-		/* FALLTHROUGH */
-	    case '%' :
-		if (*buf == '%')
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    default :
-		if (*buf == '%' || *++buf == c)
-		    ++buf;
-		else
-		    return NULL;
-		break;
-	    }
-	} else {
-	    if (*buf == c)
-		++buf;
-	    else
-		return NULL;
-	}
-    }
-    return (char *)buf;
-}
diff --git a/crypto/heimdal/lib/roken/strsep.c b/crypto/heimdal/lib/roken/strsep.c
deleted file mode 100644
index efc714a66426..000000000000
--- a/crypto/heimdal/lib/roken/strsep.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strsep.c,v 1.3 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRSEP
-
-char *
-strsep(char **str, const char *delim)
-{
-    char *save = *str;
-    if(*str == NULL)
-	return NULL;
-    *str = *str + strcspn(*str, delim);
-    if(**str == 0)
-	*str = NULL;
-    else{
-	**str = 0;
-	(*str)++;
-    }
-    return save;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strsep_copy.c b/crypto/heimdal/lib/roken/strsep_copy.c
deleted file mode 100644
index abe973188cf8..000000000000
--- a/crypto/heimdal/lib/roken/strsep_copy.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2000, 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strsep_copy.c,v 1.4 2002/08/14 17:20:40 joda Exp $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRSEP_COPY
-
-/* strsep, but with const stringp, so return string in buf */
-
-ssize_t
-strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
-{
-    const char *save = *stringp;
-    size_t l;
-    if(save == NULL)
-	return -1;
-    *stringp = *stringp + strcspn(*stringp, delim);
-    l = min(len, *stringp - save);
-    if(len > 0) {
-	memcpy(buf, save, l);
-	buf[l] = '\0';
-    }
-
-    l = *stringp - save;
-    if(**stringp == '\0')
-	*stringp = NULL;
-    else
-	(*stringp)++;
-    return l;
-}
-
-#endif
diff --git a/crypto/heimdal/lib/roken/strsep_copy.lo b/crypto/heimdal/lib/roken/strsep_copy.lo
deleted file mode 100644
index 8263576dee7e..000000000000
--- a/crypto/heimdal/lib/roken/strsep_copy.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/strtok_r.c b/crypto/heimdal/lib/roken/strtok_r.c
deleted file mode 100644
index 45b036aa9f36..000000000000
--- a/crypto/heimdal/lib/roken/strtok_r.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strtok_r.c,v 1.5 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#include <string.h>
-
-#include "roken.h"
-
-#ifndef HAVE_STRTOK_R
-
-char *
-strtok_r(char *s1, const char *s2, char **lasts)
-{
-  char *ret;
-
-  if (s1 == NULL)
-    s1 = *lasts;
-  while(*s1 && strchr(s2, *s1))
-    ++s1;
-  if(*s1 == '\0')
-    return NULL;
-  ret = s1;
-  while(*s1 && !strchr(s2, *s1))
-    ++s1;
-  if(*s1)
-    *s1++ = '\0';
-  *lasts = s1;
-  return ret;
-}
-
-#endif /* HAVE_STRTOK_R */
diff --git a/crypto/heimdal/lib/roken/strupr.c b/crypto/heimdal/lib/roken/strupr.c
deleted file mode 100644
index 9d136e001c87..000000000000
--- a/crypto/heimdal/lib/roken/strupr.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: strupr.c,v 1.5 2003/04/14 11:46:41 lha Exp $");
-#endif
-#include <string.h>
-#include <ctype.h>
-
-#include <roken.h>
-
-#ifndef HAVE_STRUPR
-char *
-strupr(char *str)
-{
-  char *s;
-
-  for(s = str; *s; s++)
-    *s = toupper((unsigned char)*s);
-  return str;
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/strupr.lo b/crypto/heimdal/lib/roken/strupr.lo
deleted file mode 100644
index e602c16f5d45..000000000000
--- a/crypto/heimdal/lib/roken/strupr.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/swab.c b/crypto/heimdal/lib/roken/swab.c
deleted file mode 100644
index c623bd0708e7..000000000000
--- a/crypto/heimdal/lib/roken/swab.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include "roken.h"
-
-#ifndef HAVE_SWAB
-
-RCSID("$Id: swab.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
-
-void
-swab (char *from, char *to, int nbytes)
-{
-     while(nbytes >= 2) {
-	  *(to + 1) = *from;
-	  *to = *(from + 1);
-	  to += 2;
-	  from += 2;
-	  nbytes -= 2;
-     }
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/timeval.c b/crypto/heimdal/lib/roken/timeval.c
deleted file mode 100644
index ea4dee861810..000000000000
--- a/crypto/heimdal/lib/roken/timeval.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Timeval stuff
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: timeval.c,v 1.1 2000/03/03 09:02:42 assar Exp $");
-#endif
-
-#include "roken.h"
-
-/*
- * Make `t1' consistent.
- */
-
-void
-timevalfix(struct timeval *t1)
-{
-    if (t1->tv_usec < 0) {
-        t1->tv_sec--;
-        t1->tv_usec += 1000000;
-    }
-    if (t1->tv_usec >= 1000000) {
-        t1->tv_sec++;
-        t1->tv_usec -= 1000000;
-    }
-}
- 
-/*
- * t1 += t2
- */
-
-void
-timevaladd(struct timeval *t1, const struct timeval *t2)
-{
-    t1->tv_sec  += t2->tv_sec;
-    t1->tv_usec += t2->tv_usec;
-    timevalfix(t1);
-}
- 
-/*
- * t1 -= t2
- */
-
-void
-timevalsub(struct timeval *t1, const struct timeval *t2)
-{
-    t1->tv_sec  -= t2->tv_sec;
-    t1->tv_usec -= t2->tv_usec;
-    timevalfix(t1);
-}
diff --git a/crypto/heimdal/lib/roken/timeval.lo b/crypto/heimdal/lib/roken/timeval.lo
deleted file mode 100644
index a0d462480ff4..000000000000
--- a/crypto/heimdal/lib/roken/timeval.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/tm2time.c b/crypto/heimdal/lib/roken/tm2time.c
deleted file mode 100644
index b912e32dae33..000000000000
--- a/crypto/heimdal/lib/roken/tm2time.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: tm2time.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#ifdef TIME_WITH_SYS_TIME
-#include <sys/time.h>
-#include <time.h>
-#elif defined(HAVE_SYS_TIME_H)
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-#include "roken.h"
-
-time_t
-tm2time (struct tm tm, int local)
-{
-     time_t t;
-
-     tm.tm_isdst = -1;
-
-     t = mktime (&tm);
-
-     if (!local)
-       t += t - mktime (gmtime (&t));
-     return t;
-}
diff --git a/crypto/heimdal/lib/roken/tm2time.lo b/crypto/heimdal/lib/roken/tm2time.lo
deleted file mode 100644
index c889ad21038a..000000000000
--- a/crypto/heimdal/lib/roken/tm2time.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/unsetenv.c b/crypto/heimdal/lib/roken/unsetenv.c
deleted file mode 100644
index 6d95a513dcd3..000000000000
--- a/crypto/heimdal/lib/roken/unsetenv.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: unsetenv.c,v 1.7 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "roken.h"
-
-extern char **environ;
-
-/*
- * unsetenv --
- */
-void
-unsetenv(const char *name)
-{
-  int len;
-  const char *np;
-  char **p;
-
-  if (name == 0 || environ == 0)
-    return;
-
-  for (np = name; *np && *np != '='; np++)
-    /* nop */;
-  len = np - name;
-  
-  for (p = environ; *p != 0; p++)
-    if (strncmp(*p, name, len) == 0 && (*p)[len] == '=')
-      break;
-
-  for (; *p != 0; p++)
-    *p = *(p + 1);
-}
-
diff --git a/crypto/heimdal/lib/roken/unvis.c b/crypto/heimdal/lib/roken/unvis.c
deleted file mode 100644
index 363564c04966..000000000000
--- a/crypto/heimdal/lib/roken/unvis.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/*	$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $	*/
-
-/*-
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 1
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: unvis.c,v 1.2 2000/12/06 21:41:46 joda Exp $");
-#endif
-#include <roken.h>
-#ifndef _DIAGASSERT
-#define _DIAGASSERT(X)
-#endif
-#else
-#include <sys/cdefs.h>
-#if defined(LIBC_SCCS) && !defined(lint)
-#if 0
-static char sccsid[] = "@(#)unvis.c	8.1 (Berkeley) 6/4/93";
-#else
-__RCSID("$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $");
-#endif
-#endif /* LIBC_SCCS and not lint */
-
-#define __LIBC12_SOURCE__
-
-#include "namespace.h"
-#endif
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <vis.h>
-
-#if 0
-#ifdef __weak_alias
-__weak_alias(strunvis,_strunvis)
-__weak_alias(unvis,_unvis)
-#endif
-
-__warn_references(unvis,
-    "warning: reference to compatibility unvis(); include <vis.h> for correct reference")
-#endif
-
-/*
- * decode driven by state machine
- */
-#define	S_GROUND	0	/* haven't seen escape char */
-#define	S_START		1	/* start decoding special sequence */
-#define	S_META		2	/* metachar started (M) */
-#define	S_META1		3	/* metachar more, regular char (-) */
-#define	S_CTRL		4	/* control char started (^) */
-#define	S_OCTAL2	5	/* octal digit 2 */
-#define	S_OCTAL3	6	/* octal digit 3 */
-
-#define	isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
-
-/*
- * unvis - decode characters previously encoded by vis
- */
-#ifndef HAVE_UNVIS
-int
-unvis(char *cp, int c, int *astate, int flag)
-{
-
-	_DIAGASSERT(cp != NULL);
-	_DIAGASSERT(astate != NULL);
-
-	if (flag & UNVIS_END) {
-		if (*astate == S_OCTAL2 || *astate == S_OCTAL3) {
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		} 
-		return (*astate == S_GROUND ? UNVIS_NOCHAR : UNVIS_SYNBAD);
-	}
-
-	switch (*astate) {
-
-	case S_GROUND:
-		*cp = 0;
-		if (c == '\\') {
-			*astate = S_START;
-			return (0);
-		} 
-		*cp = c;
-		return (UNVIS_VALID);
-
-	case S_START:
-		switch(c) {
-		case '\\':
-			*cp = c;
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case '0': case '1': case '2': case '3':
-		case '4': case '5': case '6': case '7':
-			*cp = (c - '0');
-			*astate = S_OCTAL2;
-			return (0);
-		case 'M':
-			*cp = (char)0200;
-			*astate = S_META;
-			return (0);
-		case '^':
-			*astate = S_CTRL;
-			return (0);
-		case 'n':
-			*cp = '\n';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'r':
-			*cp = '\r';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'b':
-			*cp = '\b';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'a':
-			*cp = '\007';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'v':
-			*cp = '\v';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 't':
-			*cp = '\t';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'f':
-			*cp = '\f';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 's':
-			*cp = ' ';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case 'E':
-			*cp = '\033';
-			*astate = S_GROUND;
-			return (UNVIS_VALID);
-		case '\n':
-			/*
-			 * hidden newline
-			 */
-			*astate = S_GROUND;
-			return (UNVIS_NOCHAR);
-		case '$':
-			/*
-			 * hidden marker
-			 */
-			*astate = S_GROUND;
-			return (UNVIS_NOCHAR);
-		}
-		*astate = S_GROUND;
-		return (UNVIS_SYNBAD);
-		 
-	case S_META:
-		if (c == '-')
-			*astate = S_META1;
-		else if (c == '^')
-			*astate = S_CTRL;
-		else {
-			*astate = S_GROUND;
-			return (UNVIS_SYNBAD);
-		}
-		return (0);
-		 
-	case S_META1:
-		*astate = S_GROUND;
-		*cp |= c;
-		return (UNVIS_VALID);
-		 
-	case S_CTRL:
-		if (c == '?')
-			*cp |= 0177;
-		else
-			*cp |= c & 037;
-		*astate = S_GROUND;
-		return (UNVIS_VALID);
-
-	case S_OCTAL2:	/* second possible octal digit */
-		if (isoctal(c)) {
-			/* 
-			 * yes - and maybe a third 
-			 */
-			*cp = (*cp << 3) + (c - '0');
-			*astate = S_OCTAL3;	
-			return (0);
-		} 
-		/* 
-		 * no - done with current sequence, push back passed char 
-		 */
-		*astate = S_GROUND;
-		return (UNVIS_VALIDPUSH);
-
-	case S_OCTAL3:	/* third possible octal digit */
-		*astate = S_GROUND;
-		if (isoctal(c)) {
-			*cp = (*cp << 3) + (c - '0');
-			return (UNVIS_VALID);
-		}
-		/*
-		 * we were done, push back passed char
-		 */
-		return (UNVIS_VALIDPUSH);
-			
-	default:	
-		/* 
-		 * decoder in unknown state - (probably uninitialized) 
-		 */
-		*astate = S_GROUND;
-		return (UNVIS_SYNBAD);
-	}
-}
-#endif
-
-/*
- * strunvis - decode src into dst 
- *
- *	Number of chars decoded into dst is returned, -1 on error.
- *	Dst is null terminated.
- */
-
-#ifndef HAVE_STRUNVIS
-int
-strunvis(char *dst, const char *src)
-{
-	char c;
-	char *start = dst;
-	int state = 0;
-
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(dst != NULL);
-
-	while ((c = *src++) != '\0') {
-	again:
-		switch (unvis(dst, c, &state, 0)) {
-		case UNVIS_VALID:
-			dst++;
-			break;
-		case UNVIS_VALIDPUSH:
-			dst++;
-			goto again;
-		case 0:
-		case UNVIS_NOCHAR:
-			break;
-		default:
-			return (-1);
-		}
-	}
-	if (unvis(dst, c, &state, UNVIS_END) == UNVIS_VALID)
-		dst++;
-	*dst = '\0';
-	return (dst - start);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/unvis.lo b/crypto/heimdal/lib/roken/unvis.lo
deleted file mode 100644
index 7202b351c426..000000000000
--- a/crypto/heimdal/lib/roken/unvis.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/verify.c b/crypto/heimdal/lib/roken/verify.c
deleted file mode 100644
index 842fa9a3aee8..000000000000
--- a/crypto/heimdal/lib/roken/verify.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verify.c,v 1.13 1999/12/02 16:58:53 joda Exp $");
-#endif
-
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#include "roken.h"
-
-int
-unix_verify_user(char *user, char *password)
-{
-    struct passwd *pw;
-    
-    pw = k_getpwnam(user);
-    if(pw == NULL)
-	return -1;
-    if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
-	return 0;
-    if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
-        return 0;
-    return -1;
-}
-
diff --git a/crypto/heimdal/lib/roken/verify.lo b/crypto/heimdal/lib/roken/verify.lo
deleted file mode 100644
index b250d56b1759..000000000000
--- a/crypto/heimdal/lib/roken/verify.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/verr.c b/crypto/heimdal/lib/roken/verr.c
deleted file mode 100644
index 67b4512c9d6b..000000000000
--- a/crypto/heimdal/lib/roken/verr.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verr.c,v 1.10 2001/01/25 12:41:39 assar Exp $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void
-verr(int eval, const char *fmt, va_list ap)
-{
-    warnerr(1, fmt, ap);
-    exit(eval);
-}
diff --git a/crypto/heimdal/lib/roken/verrx.c b/crypto/heimdal/lib/roken/verrx.c
deleted file mode 100644
index 5df5c8ddf8b0..000000000000
--- a/crypto/heimdal/lib/roken/verrx.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: verrx.c,v 1.10 2001/01/25 12:41:39 assar Exp $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void
-verrx(int eval, const char *fmt, va_list ap)
-{
-    warnerr(0, fmt, ap);
-    exit(eval);
-}
diff --git a/crypto/heimdal/lib/roken/vis.c b/crypto/heimdal/lib/roken/vis.c
deleted file mode 100644
index 8dd583215d25..000000000000
--- a/crypto/heimdal/lib/roken/vis.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*	$NetBSD: vis.c,v 1.19 2000/01/22 22:42:45 mycroft Exp $	*/
-
-/*-
- * Copyright (c) 1999 The NetBSD Foundation, Inc.
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#if 1
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vis.c,v 1.5 2001/09/03 05:37:23 assar Exp $");
-#endif
-#include <roken.h>
-#ifndef _DIAGASSERT
-#define _DIAGASSERT(X)
-#endif
-#else
-#include <sys/cdefs.h>
-#if !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.19 2000/01/22 22:42:45 mycroft Exp $");
-#endif /* not lint */
-#endif
-
-#if 0
-#include "namespace.h"
-#endif
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-#include <vis.h>
-
-#if 0
-#ifdef __weak_alias
-__weak_alias(strsvis,_strsvis)
-__weak_alias(strsvisx,_strsvisx)
-__weak_alias(strvis,_strvis)
-__weak_alias(strvisx,_strvisx)
-__weak_alias(svis,_svis)
-__weak_alias(vis,_vis)
-#endif
-#endif
-
-#undef BELL
-#if defined(__STDC__)
-#define BELL '\a'
-#else
-#define BELL '\007'
-#endif
-
-#define isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
-#define iswhite(c)	(c == ' ' || c == '\t' || c == '\n')
-#define issafe(c)	(c == '\b' || c == BELL || c == '\r')
-
-#define MAXEXTRAS       5
-
-
-#define MAKEEXTRALIST(flag, extra)					      \
-do {									      \
-	char *pextra = extra;						      \
-	if (flag & VIS_SP) *pextra++ = ' ';				      \
-	if (flag & VIS_TAB) *pextra++ = '\t';				      \
-	if (flag & VIS_NL) *pextra++ = '\n';				      \
-	if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\';		      \
-	*pextra = '\0';							      \
-} while (/*CONSTCOND*/0)
-
-/*
- * This is SVIS, the central macro of vis.
- * dst:	      Pointer to the destination buffer
- * c:	      Character to encode
- * flag:      Flag word
- * nextc:     The character following 'c'
- * extra:     Pointer to the list of extra characters to be
- *	      backslash-protected.
- */
-#define SVIS(dst, c, flag, nextc, extra)				   \
-do {									   \
-	int isextra, isc;						   \
-	isextra = strchr(extra, c) != NULL;				   \
-	if (!isextra &&							   \
-	    isascii((unsigned char)c) &&				   \
-	    (isgraph((unsigned char)c) || iswhite(c) ||			   \
-	    ((flag & VIS_SAFE) && issafe(c)))) {			   \
-		*dst++ = c;						   \
-		break;							   \
-	}								   \
-	isc = 0;							   \
-	if (flag & VIS_CSTYLE) {					   \
-		switch (c) {						   \
-		case '\n':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'n';		   \
-			break;						   \
-		case '\r':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'r';		   \
-			break;						   \
-		case '\b':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'b';		   \
-			break;						   \
-		case BELL:						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'a';		   \
-			break;						   \
-		case '\v':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'v';		   \
-			break;						   \
-		case '\t':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 't';		   \
-			break;						   \
-		case '\f':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 'f';		   \
-			break;						   \
-		case ' ':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = 's';		   \
-			break;						   \
-		case '\0':						   \
-			isc = 1; *dst++ = '\\'; *dst++ = '0';		   \
-			if (isoctal(nextc)) {				   \
-				*dst++ = '0';				   \
-				*dst++ = '0';				   \
-			}						   \
-		}							   \
-	}								   \
-	if (isc) break;							   \
-	if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) {	   \
-		*dst++ = '\\';						   \
-		*dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0';  \
-		*dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0';  \
-		*dst++ =			     (c	      & 07) + '0'; \
-	} else {							   \
-		if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\';		   \
-		if (c & 0200) {						   \
-			c &= 0177; *dst++ = 'M';			   \
-		}							   \
-		if (iscntrl((unsigned char)c)) {			   \
-			*dst++ = '^';					   \
-			if (c == 0177)					   \
-				*dst++ = '?';				   \
-			else						   \
-				*dst++ = c + '@';			   \
-		} else {						   \
-			*dst++ = '-'; *dst++ = c;			   \
-		}							   \
-	}								   \
-} while (/*CONSTCOND*/0)
-
-
-/*
- * svis - visually encode characters, also encoding the characters
- * 	  pointed to by `extra'
- */
-#ifndef HAVE_SVIS
-char *
-svis(char *dst, int c, int flag, int nextc, const char *extra)
-{
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	SVIS(dst, c, flag, nextc, extra);
-	*dst = '\0';
-	return(dst);
-}
-#endif
-
-
-/*
- * strsvis, strsvisx - visually encode characters from src into dst
- *
- *	Extra is a pointer to a \0-terminated list of characters to
- *	be encoded, too. These functions are useful e. g. to
- *	encode strings in such a way so that they are not interpreted
- *	by a shell.
- *	
- *	Dst must be 4 times the size of src to account for possible
- *	expansion.  The length of dst, not including the trailing NULL,
- *	is returned. 
- *
- *	Strsvisx encodes exactly len bytes from src into dst.
- *	This is useful for encoding a block of data.
- */
-#ifndef HAVE_STRSVIS
-int
-strsvis(char *dst, const char *src, int flag, const char *extra)
-{
-	char c;
-	char *start;
-
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	for (start = dst; (c = *src++) != '\0'; /* empty */)
-	    SVIS(dst, c, flag, *src, extra);
-	*dst = '\0';
-	return (dst - start);
-}
-#endif
-
-
-#ifndef HAVE_STRVISX
-int
-strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra)
-{
-	char c;
-	char *start;
-
-	_DIAGASSERT(dst != NULL);
-	_DIAGASSERT(src != NULL);
-	_DIAGASSERT(extra != NULL);
-
-	for (start = dst; len > 0; len--) {
-		c = *src++;
-		SVIS(dst, c, flag, len ? *src : '\0', extra);
-	}
-	*dst = '\0';
-	return (dst - start);
-}
-#endif
-
-
-/*
- * vis - visually encode characters
- */
-#ifndef HAVE_VIS
-char *
-vis(char *dst, int c, int flag, int nextc)
-{
-	char extra[MAXEXTRAS];
-
-	_DIAGASSERT(dst != NULL);
-
-	MAKEEXTRALIST(flag, extra);
-	SVIS(dst, c, flag, nextc, extra);
-	*dst = '\0';
-	return (dst);
-}
-#endif
-
-
-/*
- * strvis, strvisx - visually encode characters from src into dst
- *	
- *	Dst must be 4 times the size of src to account for possible
- *	expansion.  The length of dst, not including the trailing NULL,
- *	is returned. 
- *
- *	Strvisx encodes exactly len bytes from src into dst.
- *	This is useful for encoding a block of data.
- */
-#ifndef HAVE_STRVIS
-int
-strvis(char *dst, const char *src, int flag)
-{
-	char extra[MAXEXTRAS];
-
-	MAKEEXTRALIST(flag, extra);
-	return (strsvis(dst, src, flag, extra));
-}
-#endif
-
-
-#ifndef HAVE_STRVISX
-int
-strvisx(char *dst, const char *src, size_t len, int flag)
-{
-	char extra[MAXEXTRAS];
-
-	MAKEEXTRALIST(flag, extra);
-	return (strsvisx(dst, src, len, flag, extra));
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/vis.hin b/crypto/heimdal/lib/roken/vis.hin
deleted file mode 100644
index a9d09da95829..000000000000
--- a/crypto/heimdal/lib/roken/vis.hin
+++ /dev/null
@@ -1,86 +0,0 @@
-/*	$NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $	*/
-/*	$Id: vis.hin,v 1.1 2000/12/06 21:35:47 joda Exp $	*/
-
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)vis.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _VIS_H_
-#define	_VIS_H_
-
-/*
- * to select alternate encoding format
- */
-#define	VIS_OCTAL	0x01	/* use octal \ddd format */
-#define	VIS_CSTYLE	0x02	/* use \[nrft0..] where appropiate */
-
-/*
- * to alter set of characters encoded (default is to encode all
- * non-graphic except space, tab, and newline).
- */
-#define	VIS_SP		0x04	/* also encode space */
-#define	VIS_TAB		0x08	/* also encode tab */
-#define	VIS_NL		0x10	/* also encode newline */
-#define	VIS_WHITE	(VIS_SP | VIS_TAB | VIS_NL)
-#define	VIS_SAFE	0x20	/* only encode "unsafe" characters */
-
-/*
- * other
- */
-#define	VIS_NOSLASH	0x40	/* inhibit printing '\' */
-
-/*
- * unvis return codes
- */
-#define	UNVIS_VALID	 1	/* character valid */
-#define	UNVIS_VALIDPUSH	 2	/* character valid, push back passed char */
-#define	UNVIS_NOCHAR	 3	/* valid sequence, no character produced */
-#define	UNVIS_SYNBAD	-1	/* unrecognized escape sequence */
-#define	UNVIS_ERROR	-2	/* decoder in unknown state (unrecoverable) */
-
-/*
- * unvis flags
- */
-#define	UNVIS_END	1	/* no more characters */
-
-char	*vis (char *, int, int, int);
-char	*svis (char *, int, int, int, const char *);
-int	strvis (char *, const char *, int);
-int	strsvis (char *, const char *, int, const char *);
-int	strvisx (char *, const char *, size_t, int);
-int	strsvisx (char *, const char *, size_t, int, const char *);
-int	strunvis (char *, const char *);
-int	unvis (char *, int, int *, int);
-
-#endif /* !_VIS_H_ */
diff --git a/crypto/heimdal/lib/roken/vis.lo b/crypto/heimdal/lib/roken/vis.lo
deleted file mode 100644
index 03df67a92c84..000000000000
--- a/crypto/heimdal/lib/roken/vis.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/vsyslog.c b/crypto/heimdal/lib/roken/vsyslog.c
deleted file mode 100644
index c72cf3373eec..000000000000
--- a/crypto/heimdal/lib/roken/vsyslog.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vsyslog.c,v 1.6 2000/05/22 22:09:25 assar Exp $");
-#endif
-
-#ifndef HAVE_VSYSLOG
-
-#include <stdio.h>
-#include <syslog.h>
-#include <stdarg.h>
-
-#include "roken.h"
-
-/*
- * the theory behind this is that we might be trying to call vsyslog
- * when there's no memory left, and we should try to be as useful as
- * possible.  And the format string should say something about what's
- * failing.
- */
-
-static void
-simple_vsyslog(int pri, const char *fmt, va_list ap)
-{
-    syslog (pri, "%s", fmt);
-}
-
-/*
- * do like syslog but with a `va_list'
- */
-
-void
-vsyslog(int pri, const char *fmt, va_list ap)
-{
-    char *fmt2;
-    const char *p;
-    char *p2;
-    int saved_errno = errno;
-    int fmt_len  = strlen (fmt);
-    int fmt2_len = fmt_len;
-    char *buf;
-
-    fmt2 = malloc (fmt_len + 1);
-    if (fmt2 == NULL) {
-	simple_vsyslog (pri, fmt, ap);
-	return;
-    }
-
-    for (p = fmt, p2 = fmt2; *p != '\0'; ++p) {
-	if (p[0] == '%' && p[1] == 'm') {
-	    const char *e = strerror (saved_errno);
-	    int e_len = strlen (e);
-	    char *tmp;
-	    int pos;
-
-	    pos = p2 - fmt2;
-	    fmt2_len += e_len - 2;
-	    tmp = realloc (fmt2, fmt2_len + 1);
-	    if (tmp == NULL) {
-		free (fmt2);
-		simple_vsyslog (pri, fmt, ap);
-		return;
-	    }
-	    fmt2 = tmp;
-	    p2   = fmt2 + pos;
-	    memmove (p2, e, e_len);
-	    p2 += e_len;
-	    ++p;
-	} else
-	    *p2++ = *p;
-    }
-    *p2 = '\0';
-
-    vasprintf (&buf, fmt2, ap);
-    free (fmt2);
-    if (buf == NULL) {
-	simple_vsyslog (pri, fmt, ap);
-	return;
-    }
-    syslog (pri, "%s", buf);
-    free (buf);
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/vwarn.c b/crypto/heimdal/lib/roken/vwarn.c
deleted file mode 100644
index 4034b1b8b29b..000000000000
--- a/crypto/heimdal/lib/roken/vwarn.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vwarn.c,v 1.10 2001/01/25 12:41:39 assar Exp $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void
-vwarn(const char *fmt, va_list ap)
-{
-    warnerr(1, fmt, ap);
-}
diff --git a/crypto/heimdal/lib/roken/vwarnx.c b/crypto/heimdal/lib/roken/vwarnx.c
deleted file mode 100644
index 7449a75b3caf..000000000000
--- a/crypto/heimdal/lib/roken/vwarnx.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: vwarnx.c,v 1.10 2001/01/25 12:41:39 assar Exp $");
-#endif
-
-#include "roken.h"
-#include <err.h>
-
-void
-vwarnx(const char *fmt, va_list ap)
-{
-    warnerr(0, fmt, ap);
-}
-
diff --git a/crypto/heimdal/lib/roken/warn.c b/crypto/heimdal/lib/roken/warn.c
deleted file mode 100644
index d8ee335106a1..000000000000
--- a/crypto/heimdal/lib/roken/warn.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warn.c,v 1.6 1999/12/02 16:58:54 joda Exp $");
-#endif
-
-#include "err.h"
-
-void
-warn(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  vwarn(fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/warnerr.c b/crypto/heimdal/lib/roken/warnerr.c
deleted file mode 100644
index 0509d1909e5d..000000000000
--- a/crypto/heimdal/lib/roken/warnerr.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warnerr.c,v 1.15 2001/07/09 14:56:51 assar Exp $");
-#endif
-
-#include "roken.h"
-#include "err.h"
-
-void
-warnerr(int doerrno, const char *fmt, va_list ap)
-{
-    int sverrno = errno;
-    const char *progname = getprogname();
-
-    if(progname != NULL){
-	fprintf(stderr, "%s", progname);
-	if(fmt != NULL || doerrno)
-	    fprintf(stderr, ": ");
-    }
-    if (fmt != NULL){
-	vfprintf(stderr, fmt, ap);
-	if(doerrno)
-	    fprintf(stderr, ": ");
-    }
-    if(doerrno)
-	fprintf(stderr, "%s", strerror(sverrno));
-    fprintf(stderr, "\n");
-}
diff --git a/crypto/heimdal/lib/roken/warnerr.lo b/crypto/heimdal/lib/roken/warnerr.lo
deleted file mode 100644
index 953d3637753f..000000000000
--- a/crypto/heimdal/lib/roken/warnerr.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/warnx.c b/crypto/heimdal/lib/roken/warnx.c
deleted file mode 100644
index c991176a9de1..000000000000
--- a/crypto/heimdal/lib/roken/warnx.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 
- * (Royal Institute of Technology, Stockholm, Sweden).  
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: warnx.c,v 1.6 1999/12/02 16:58:54 joda Exp $");
-#endif
-
-#include "err.h"
-
-void
-warnx(const char *fmt, ...)
-{
-  va_list ap;
-  va_start(ap, fmt);
-  vwarnx(fmt, ap);
-  va_end(ap);
-}
diff --git a/crypto/heimdal/lib/roken/write_pid.c b/crypto/heimdal/lib/roken/write_pid.c
deleted file mode 100644
index 763b513ef319..000000000000
--- a/crypto/heimdal/lib/roken/write_pid.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: write_pid.c,v 1.6 2001/09/02 23:58:15 assar Exp $");
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <roken.h>
-
-#include "roken.h"
-
-char *
-pid_file_write (const char *progname)
-{
-    FILE *fp;
-    char *ret;
-
-    asprintf (&ret, "%s%s.pid", _PATH_VARRUN, progname);
-    if (ret == NULL)
-	return NULL;
-    fp = fopen (ret, "w");
-    if (fp == NULL) {
-	free (ret);
-	return NULL;
-    }
-    fprintf (fp, "%u", (unsigned)getpid());
-    fclose (fp);
-    return ret;
-}
-
-void
-pid_file_delete (char **filename)
-{
-    if (*filename != NULL) {
-	unlink (*filename);
-	free (*filename);
-	*filename = NULL;
-    }
-}
-
-#ifndef HAVE_PIDFILE
-static char *pidfile_path;
-
-static void
-pidfile_cleanup(void)
-{
-    if(pidfile_path != NULL)
-	pid_file_delete(&pidfile_path);
-}
-
-void
-pidfile(const char *basename)
-{
-    if(pidfile_path != NULL)
-	return;
-    if(basename == NULL)
-	basename = getprogname();
-    pidfile_path = pid_file_write(basename);
-#if defined(HAVE_ATEXIT)
-    atexit(pidfile_cleanup);
-#elif defined(HAVE_ON_EXIT)
-    on_exit(pidfile_cleanup);
-#endif
-}
-#endif
diff --git a/crypto/heimdal/lib/roken/write_pid.lo b/crypto/heimdal/lib/roken/write_pid.lo
deleted file mode 100644
index 0c1b65211271..000000000000
--- a/crypto/heimdal/lib/roken/write_pid.lo
+++ /dev/null
diff --git a/crypto/heimdal/lib/roken/writev.c b/crypto/heimdal/lib/roken/writev.c
deleted file mode 100644
index e3859bfe332c..000000000000
--- a/crypto/heimdal/lib/roken/writev.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: writev.c,v 1.3 1999/12/02 16:58:54 joda Exp $");
-#endif
-
-#include "roken.h"
-
-ssize_t
-writev(int d, const struct iovec *iov, int iovcnt)
-{
-    ssize_t ret;
-    size_t tot = 0;
-    int i;
-    char *buf, *p;
-
-    for(i = 0; i < iovcnt; ++i)
-	tot += iov[i].iov_len;
-    buf = malloc(tot);
-    if (tot != 0 && buf == NULL) {
-	errno = ENOMEM;
-	return -1;
-    }
-    p = buf;
-    for (i = 0; i < iovcnt; ++i) {
-	memcpy (p, iov[i].iov_base, iov[i].iov_len);
-	p += iov[i].iov_len;
-    }
-    ret = write (d, buf, tot);
-    free (buf);
-    return ret;
-}
diff --git a/crypto/heimdal/lib/roken/xdbm.h b/crypto/heimdal/lib/roken/xdbm.h
deleted file mode 100644
index 6e65217625fc..000000000000
--- a/crypto/heimdal/lib/roken/xdbm.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1995 - 2002 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: xdbm.h,v 1.15 2002/05/17 16:02:22 joda Exp $ */
-
-/* Generic *dbm include file */
-
-#ifndef __XDBM_H__
-#define __XDBM_H__
-
-#if HAVE_DB_NDBM
-#define DB_DBM_HSEARCH 1
-#include <db.h>
-#elif HAVE_NDBM
-#if defined(HAVE_GDBM_NDBM_H)
-#include <gdbm/ndbm.h>
-#elif defined(HAVE_NDBM_H)
-#include <ndbm.h>
-#endif
-#endif /* HAVE_NDBM */
-
-#endif /* __XDBM_H__ */
diff --git a/crypto/heimdal/lib/sl/ChangeLog b/crypto/heimdal/lib/sl/ChangeLog
deleted file mode 100644
index e25ae812d914..000000000000
--- a/crypto/heimdal/lib/sl/ChangeLog
+++ /dev/null
@@ -1,192 +0,0 @@
-2002-05-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: just link mk_cmds against libsl; avoids libtool
-	problem
-
-2001-07-09  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add getprogname.c libss.la:add libcom_err.la noted
-	by Leif Johansson <leifj@it.su.se>
-
-2001-05-17  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump versions to 1:2:1 and 1:4:1
-
-2001-05-06  Assar Westerlund  <assar@sics.se>
-
-	* roken_rename.h (strdup): add
-
-2001-03-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: re do the roken-renaming properly
-
-2001-02-13  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add more functions to rename
-
-2001-01-26  Johan Danielsson  <joda@pdc.kth.se>
-
-	* sl.h: proto
-
-	* sl.c (sl_command_loop): try to handle user pressing C-c
-
-2000-12-11  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (libss_la_LDFLAGS): bump version to 1:2:1
-
-2000-08-19  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: add dependencies for libss/libsl shared libraries
-
-2000-07-25  Johan Danielsson  <joda@pdc.kth.se>
-
-	* Makefile.am: bump ss version to 1:1:1
-
-2000-06-27  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (yyerror): static-ize
-	* make_cmds.h (error_message, yylex): add prototypes
-	* lex.l: fix prototypes and kill warnings
-
-2000-05-24  Assar Westerlund  <assar@sics.se>
-
-	* ss.h (SS_ET_COMMAND_NOT_FOUND): add
-	* ss.c: check allocation and return some other error codes too
-
-2000-04-29  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add LIB_tgetent.  From Derrick J Brashear
-	<shadow@dementia.org>
-
-2000-04-03  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: set version to 1:0:1
-
-2000-03-07  Assar Westerlund  <assar@sics.se>
-
-	* sl.h (SL_BADCOMMAND): define
-	(sl_apropos): add prototype
-
-	* sl.c: mandoc-generation
-	(sl_apropos): stolen from arla
-
-2000-01-06  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: bump both versions to 0:1:0
-
-1999-12-16  Assar Westerlund  <assar@sics.se>
-
-	* parse.y (name2number): not used here.  remove.
-
-Thu Apr  1 17:03:59 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* make_cmds.c: use getarg
-
-Tue Mar 23 14:36:21 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: don't rename
-
-Sun Mar 21 14:13:29 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: don't roken-rename
-
-Sat Mar 20 03:43:30 1999  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: replace return with YYACCEPT
-
-Fri Mar 19 14:53:20 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: add libss; add version-info
-
-Thu Mar 18 15:07:06 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.am: clean lex.c parse.c parse.h
-
-	* Makefile.am: install ss.h
-
-	* Makefile.am: include Makefile.am.common
-
-Thu Mar 11 15:01:01 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* parse.y: prototype for error_message
-
-Tue Feb  9 23:45:37 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
-
-	* Makefile.in: add snprintf.o to make_cmds
-
-Sun Nov 22 10:46:23 1998  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_command_loop): remove unused variable
-
-	* ss.c (ss_error): remove unused variable
-
-	* make_cmds.c: include err.h
-	(main): remove unused variable
-
-	* Makefile.in (WFLAGS): set
-
-Sun Sep 27 01:28:21 1998  Assar Westerlund  <assar@sics.se>
-
-	* make_cmds.c: clean-up and simplification
-
-Mon May 25 02:54:13 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in (clean): try to remove shared library debris
-
-	* Makefile.in: make symlink magic work
-
-Sun Apr 19 10:00:26 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.in: add symlink magic for linux
-
-Sun Apr  5 09:21:43 1998  Assar Westerlund  <assar@sics.se>
-
-	* parse.y: define alloca to malloc in case we're using bison but
- 	don't have alloca
-
-Sat Mar 28 11:39:00 1998  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_loop): s/2/1
-
-Sat Mar 21 00:46:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c (sl_loop): check that there is at least one argument before
- 	calling sl_command
-
-Sun Mar  1 05:14:37 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c (sl_loop): Fix general broken-ness.
-
-	* sl.c: Cleanup printing of help strings.
-
-Thu Feb 26 02:22:02 1998  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: @LEXLIB@
-
-Sat Feb 21 15:18:21 1998  assar westerlund  <assar@sics.se>
-
-	* Makefile.in: set YACC and LEX
-
-Mon Feb 16 16:08:25 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.am: Some fixes for ss/mk_cmds.
-
-Sun Feb 15 05:12:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* Makefile.in: Install libsl under the `libss' name too. Install
- 	mk_cmds, and ss.h.
-
-	* make_cmds.c: A mk_cmds clone that creates SL structures.
-
-	* ss.c: SS compatibility functions.
-
-	* sl.c: Move command line split to function `sl_make_argv'.
-
-Tue Feb  3 16:45:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
-
-	* sl.c: Add sl_command_loop, that is the loop body of sl_loop.
-
-Mon Oct 20 01:13:21 1997  Assar Westerlund  <assar@sics.se>
-
-	* sl.c (sl_help): actually use the `help' field of `SL_cmd'
-
diff --git a/crypto/heimdal/lib/sl/Makefile b/crypto/heimdal/lib/sl/Makefile
deleted file mode 100644
index 7b812a170e91..000000000000
--- a/crypto/heimdal/lib/sl/Makefile
+++ /dev/null
@@ -1,756 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/sl/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.29 2002/08/13 13:48:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(ROKEN_RENAME)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-
-YFLAGS = -d
-
-include_HEADERS = sl.h
-
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 1:2:1
-libss_la_LDFLAGS = -version-info 1:4:1
-
-libsl_la_LIBADD = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-libss_la_LIBADD = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent) -lcom_err
-
-libsl_la_SOURCES = sl_locl.h sl.c $(ES)
-libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
-
-
-# install these?
-bin_PROGRAMS = mk_cmds
-
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-
-CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-
-LDADD = \
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-subdir = lib/sl
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libsl_la_DEPENDENCIES =
-am__objects_1 = strtok_r.lo snprintf.lo strdup.lo \
-	strupr.lo getprogname.lo
-am_libsl_la_OBJECTS = sl.lo $(am__objects_1)
-libsl_la_OBJECTS = $(am_libsl_la_OBJECTS)
-libss_la_DEPENDENCIES =
-am__objects_2 = sl.lo $(am__objects_1)
-am_libss_la_OBJECTS = $(am__objects_2) ss.lo
-libss_la_OBJECTS = $(am_libss_la_OBJECTS)
-bin_PROGRAMS = mk_cmds$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_mk_cmds_OBJECTS = make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT)
-mk_cmds_OBJECTS = $(am_mk_cmds_OBJECTS)
-mk_cmds_DEPENDENCIES = libsl.la
-mk_cmds_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(libsl_la_SOURCES) $(libss_la_SOURCES) \
-	$(mk_cmds_SOURCES)
-HEADERS = $(include_HEADERS) $(ssinclude_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) $(ssinclude_HEADERS) ChangeLog \
-	Makefile.am Makefile.in lex.c parse.c parse.h
-SOURCES = $(libsl_la_SOURCES) $(libss_la_SOURCES) $(mk_cmds_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/sl/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libsl.la: $(libsl_la_OBJECTS) $(libsl_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libsl_la_LDFLAGS) $(libsl_la_OBJECTS) $(libsl_la_LIBADD) $(LIBS)
-libss.la: $(libss_la_OBJECTS) $(libss_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libss_la_LDFLAGS) $(libss_la_OBJECTS) $(libss_la_LIBADD) $(LIBS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-parse.h: parse.c
-	@if test ! -f $@; then \
-	  rm -f parse.c; \
-	  $(MAKE) parse.c; \
-	else :; fi
-mk_cmds$(EXEEXT): $(mk_cmds_OBJECTS) $(mk_cmds_DEPENDENCIES) 
-	@rm -f mk_cmds$(EXEEXT)
-	$(LINK) $(mk_cmds_LDFLAGS) $(mk_cmds_OBJECTS) $(mk_cmds_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.l.c:
-	$(LEXCOMPILE) `test -f $< || echo '$(srcdir)/'`$<
-	sed '/^#/ s|$(LEX_OUTPUT_ROOT)\.c|$@|' $(LEX_OUTPUT_ROOT).c >$@
-	rm -f $(LEX_OUTPUT_ROOT).c
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-ssincludeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-ssincludeHEADERS: $(ssinclude_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(ssincludedir)
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(ssincludeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(ssincludedir)/$$f"; \
-	  $(ssincludeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(ssincludedir)/$$f; \
-	done
-
-uninstall-ssincludeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(ssincludedir)/$$f"; \
-	  rm -f $(DESTDIR)$(ssincludedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(includedir) $(DESTDIR)$(ssincludedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "parse.hparse.clex.c" || rm -f parse.h parse.c lex.c
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-includeHEADERS \
-	install-ssincludeHEADERS
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES \
-	uninstall-ssincludeHEADERS
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-ssincludeHEADERS \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/sl/Makefile.am b/crypto/heimdal/lib/sl/Makefile.am
deleted file mode 100644
index 2589e587086b..000000000000
--- a/crypto/heimdal/lib/sl/Makefile.am
+++ /dev/null
@@ -1,52 +0,0 @@
-# $Id: Makefile.am,v 1.29 2002/08/13 13:48:17 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-if do_roken_rename
-ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-endif
-
-INCLUDES += $(ROKEN_RENAME)
-
-YFLAGS = -d
-
-include_HEADERS = sl.h
-
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 1:2:1
-libss_la_LDFLAGS = -version-info 1:4:1
-
-libsl_la_LIBADD = @LIB_readline@
-libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
-
-libsl_la_SOURCES = sl_locl.h sl.c $(ES)
-libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
-
-# install these?
-
-bin_PROGRAMS = mk_cmds
-
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-
-CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-LDADD =						\
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in
deleted file mode 100644
index b4ed976d35f0..000000000000
--- a/crypto/heimdal/lib/sl/Makefile.in
+++ /dev/null
@@ -1,745 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.29 2002/08/13 13:48:17 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(ROKEN_RENAME)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-@do_roken_rename_TRUE@ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
-
-YFLAGS = -d
-
-include_HEADERS = sl.h
-
-lib_LTLIBRARIES = libsl.la libss.la
-libsl_la_LDFLAGS = -version-info 1:2:1
-libss_la_LDFLAGS = -version-info 1:4:1
-
-libsl_la_LIBADD = @LIB_readline@
-libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
-
-libsl_la_SOURCES = sl_locl.h sl.c $(ES)
-libss_la_SOURCES = $(libsl_la_SOURCES) ss.c ss.h
-
-
-# install these?
-bin_PROGRAMS = mk_cmds
-
-mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
-mk_cmds_LDADD = libsl.la $(LDADD)
-
-ssincludedir = $(includedir)/ss
-ssinclude_HEADERS = ss.h
-
-CLEANFILES = lex.c parse.c parse.h snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
-
-LDADD = \
-	$(LIB_roken)				\
-	$(LEXLIB)
-
-subdir = lib/sl
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(lib_LTLIBRARIES)
-
-libsl_la_DEPENDENCIES =
-@do_roken_rename_TRUE@am__objects_8 = strtok_r.lo snprintf.lo strdup.lo \
-@do_roken_rename_TRUE@	strupr.lo getprogname.lo
-am_libsl_la_OBJECTS = sl.lo $(am__objects_8)
-libsl_la_OBJECTS = $(am_libsl_la_OBJECTS)
-libss_la_DEPENDENCIES =
-am__objects_17 = sl.lo $(am__objects_8)
-am_libss_la_OBJECTS = $(am__objects_17) ss.lo
-libss_la_OBJECTS = $(am_libss_la_OBJECTS)
-bin_PROGRAMS = mk_cmds$(EXEEXT)
-PROGRAMS = $(bin_PROGRAMS)
-
-am_mk_cmds_OBJECTS = make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT)
-mk_cmds_OBJECTS = $(am_mk_cmds_OBJECTS)
-mk_cmds_DEPENDENCIES = libsl.la
-mk_cmds_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
-LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
-YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
-DIST_SOURCES = $(libsl_la_SOURCES) $(libss_la_SOURCES) \
-	$(mk_cmds_SOURCES)
-HEADERS = $(include_HEADERS) $(ssinclude_HEADERS)
-
-DIST_COMMON = $(include_HEADERS) $(ssinclude_HEADERS) ChangeLog \
-	Makefile.am Makefile.in lex.c parse.c parse.h
-SOURCES = $(libsl_la_SOURCES) $(libss_la_SOURCES) $(mk_cmds_SOURCES)
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/sl/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-libLTLIBRARIES_INSTALL = $(INSTALL)
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(libdir)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	  if test -f $$p; then \
-	    f="`echo $$p | sed -e 's|^.*/||'`"; \
-	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
-	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-libLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
-	    p="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
-	  $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
-	done
-
-clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
-libsl.la: $(libsl_la_OBJECTS) $(libsl_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libsl_la_LDFLAGS) $(libsl_la_OBJECTS) $(libsl_la_LIBADD) $(LIBS)
-libss.la: $(libss_la_OBJECTS) $(libss_la_DEPENDENCIES) 
-	$(LINK) -rpath $(libdir) $(libss_la_LDFLAGS) $(libss_la_OBJECTS) $(libss_la_LIBADD) $(LIBS)
-binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  if test -f $$p \
-	     || test -f $$p1 \
-	  ; then \
-	    p1=`echo "$$p1" | sed -e 's,^.*/,,'`; \
-	    f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
-	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \
-	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
-	  f=`echo "$$f" | sed -e 's,^.*/,,'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-parse.h: parse.c
-mk_cmds$(EXEEXT): $(mk_cmds_OBJECTS) $(mk_cmds_DEPENDENCIES) 
-	@rm -f mk_cmds$(EXEEXT)
-	$(LINK) $(mk_cmds_LDFLAGS) $(mk_cmds_OBJECTS) $(mk_cmds_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-.l.c:
-	$(LEXCOMPILE) `test -f $< || echo '$(srcdir)/'`$<
-	sed '/^#/ s|$(LEX_OUTPUT_ROOT)\.c|$@|' $(LEX_OUTPUT_ROOT).c >$@
-	rm -f $(LEX_OUTPUT_ROOT).c
-
-.y.c:
-	$(YACCCOMPILE) `test -f '$<' || echo '$(srcdir)/'`$<
-	sed '/^#/ s|y\.tab\.c|$@|' y.tab.c >$@
-	rm -f y.tab.c
-	if test -f y.tab.h; then \
-	  to=`echo "$*_H" | sed \
-                -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-                -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'`; \
-	  sed "/^#/ s/Y_TAB_H/$$to/g" y.tab.h >$*.ht; \
-	  rm -f y.tab.h; \
-	  if cmp -s $*.ht $*.h; then \
-	    rm -f $*.ht ;\
-	  else \
-	    mv $*.ht $*.h; \
-	  fi; \
-	fi
-	if test -f y.output; then \
-	  mv y.output $*.output; \
-	fi
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-includeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-includeHEADERS: $(include_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(includedir)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
-	  $(includeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(includedir)/$$f; \
-	done
-
-uninstall-includeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(include_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
-	  rm -f $(DESTDIR)$(includedir)/$$f; \
-	done
-ssincludeHEADERS_INSTALL = $(INSTALL_HEADER)
-install-ssincludeHEADERS: $(ssinclude_HEADERS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(ssincludedir)
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " $(ssincludeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(ssincludedir)/$$f"; \
-	  $(ssincludeHEADERS_INSTALL) $$d$$p $(DESTDIR)$(ssincludedir)/$$f; \
-	done
-
-uninstall-ssincludeHEADERS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(ssinclude_HEADERS)'; for p in $$list; do \
-	  f="`echo $$p | sed -e 's|^.*/||'`"; \
-	  echo " rm -f $(DESTDIR)$(ssincludedir)/$$f"; \
-	  rm -f $(DESTDIR)$(ssincludedir)/$$f; \
-	done
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
-install-binPROGRAMS: install-libLTLIBRARIES
-
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(includedir) $(DESTDIR)$(ssincludedir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "parse.h" || rm -f parse.h
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-includeHEADERS install-ssincludeHEADERS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
-	uninstall-info-am uninstall-libLTLIBRARIES \
-	uninstall-ssincludeHEADERS
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
-	clean-libtool distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am info \
-	info-am install install-am install-binPROGRAMS install-data \
-	install-data-am install-exec install-exec-am \
-	install-includeHEADERS install-info install-info-am \
-	install-libLTLIBRARIES install-man install-ssincludeHEADERS \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-includeHEADERS uninstall-info-am \
-	uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-$(mk_cmds_OBJECTS): parse.h parse.c
-
-strtok_r.c:
-	$(LN_S) $(srcdir)/../roken/strtok_r.c .
-snprintf.c:
-	$(LN_S) $(srcdir)/../roken/snprintf.c .
-strdup.c:
-	$(LN_S) $(srcdir)/../roken/strdup.c .
-strupr.c:
-	$(LN_S) $(srcdir)/../roken/strupr.c .
-getprogname.c:
-	$(LN_S) $(srcdir)/../roken/getprogname.c .
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/sl/lex.l b/crypto/heimdal/lib/sl/lex.l
deleted file mode 100644
index 3e394793d87c..000000000000
--- a/crypto/heimdal/lib/sl/lex.l
+++ /dev/null
@@ -1,119 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#undef ECHO
-
-#include "make_cmds.h"
-#include "parse.h"
-
-RCSID("$Id: lex.l,v 1.6 2001/09/16 23:10:10 assar Exp $");
-
-static unsigned lineno = 1;
-static int getstring(void);
-
-#define YY_NO_UNPUT
-
-#undef ECHO
-
-%}
-
-
-%%
-command_table		{ return TABLE; }
-request			{ return REQUEST; }
-unknown			{ return UNKNOWN; }
-unimplemented		{ return UNIMPLEMENTED; }
-end			{ return END; }
-#[^\n]*			;
-[ \t]			;
-\n			{ lineno++; }
-\"			{ return getstring(); }
-[a-zA-Z0-9_]+		{ yylval.string = strdup(yytext); return STRING; }
-.			{ return *yytext; }
-%%
-
-#ifndef yywrap /* XXX */
-int
-yywrap () 
-{
-     return 1;
-}
-#endif
-
-static int
-getstring(void)
-{
-    char x[128];
-    int i = 0;
-    int c;
-    int backslash = 0;
-    while((c = input()) != EOF){
-	if(backslash) {
-	    if(c == 'n')
-		c = '\n';
-	    else if(c == 't')
-		c = '\t';
-	    x[i++] = c;
-	    backslash = 0;
-	    continue;
-	}
-	if(c == '\n'){
-	    error_message("unterminated string");
-	    lineno++;
-	    break;
-	}
-	if(c == '\\'){
-	    backslash++;
-	    continue;
-	}
-	if(c == '\"')
-	    break;
-	x[i++] = c;
-    }
-    x[i] = '\0';
-    yylval.string = strdup(x);
-    return STRING;
-}
-
-void
-error_message (const char *format, ...)
-{
-     va_list args;
-
-     va_start (args, format);
-     fprintf (stderr, "%s:%d: ", filename, lineno);
-     vfprintf (stderr, format, args);
-     va_end (args);
-     numerror++;
-}
diff --git a/crypto/heimdal/lib/sl/make_cmds.c b/crypto/heimdal/lib/sl/make_cmds.c
deleted file mode 100644
index 723dfdcee7d4..000000000000
--- a/crypto/heimdal/lib/sl/make_cmds.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- * Copyright (c) 1998-1999 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-#include <getarg.h>
-
-RCSID("$Id: make_cmds.c,v 1.7 2001/02/20 01:44:55 assar Exp $");
-
-#include <roken.h>
-#include <err.h>
-#include "parse.h"
-
-int numerror;
-extern FILE *yyin;
-FILE *c_file;
-
-extern void yyparse(void);
-
-#ifdef YYDEBUG
-extern int yydebug = 1;
-#endif
-
-char *filename;
-char *table_name;
-
-static struct command_list *commands;
-
-void
-add_command(char *function, 
-	    char *help, 
-	    struct string_list *aliases, 
-	    unsigned flags)
-{
-    struct command_list *cl = malloc(sizeof(*cl));
-
-    if (cl == NULL)
-	err (1, "malloc");
-    cl->function = function;
-    cl->help = help;
-    cl->aliases = aliases;
-    cl->flags = flags;
-    cl->next = NULL;
-    if(commands) {
-	*commands->tail = cl;
-	commands->tail = &cl->next;
-	return;
-    }
-    cl->tail = &cl->next;
-    commands = cl;
-}
-
-static char *
-quote(const char *str)
-{
-    char buf[1024]; /* XXX */
-    const char *p;
-    char *q;
-    q = buf;
-    
-    *q++ = '\"';
-    for(p = str; *p != '\0'; p++) {
-	if(*p == '\n') {
-	    *q++ = '\\';
-	    *q++ = 'n';
-	    continue;
-	}
-	if(*p == '\t') {
-	    *q++ = '\\';
-	    *q++ = 't';
-	    continue;
-	}
-	if(*p == '\"' || *p == '\\')
-	    *q++ = '\\';
-	*q++ = *p;
-    }
-    *q++ = '\"';
-    *q++ = '\0';
-    return strdup(buf);
-}
-
-static void
-generate_commands(void)
-{
-    char *base;
-    char *cfn;
-    char *p;
-
-    p = strrchr(table_name, '/');
-    if(p == NULL)
-	p = table_name;
-    else
-	p++;
-
-    base = strdup (p);
-    if (base == NULL)
-	err (1, "strdup");
-
-    p = strrchr(base, '.');
-    if(p)
-	*p = '\0';
-    
-    asprintf(&cfn, "%s.c", base);
-    if (cfn == NULL)
-	err (1, "asprintf");
-
-    c_file = fopen(cfn, "w");
-    if (c_file == NULL)
-	err (1, "cannot fopen %s", cfn);
-    
-    fprintf(c_file, "/* Generated from %s */\n", filename);
-    fprintf(c_file, "\n");
-    fprintf(c_file, "#include <stddef.h>\n");
-    fprintf(c_file, "#include <sl.h>\n");
-    fprintf(c_file, "\n");
-
-    {
-	struct command_list *cl, *xl;
-	char *p, *q;
-
-	for(cl = commands; cl; cl = cl->next) {
-	    for(xl = commands; xl != cl; xl = xl->next)
-		if(strcmp(cl->function, xl->function) == 0)
-		    break;
-	    if(xl != cl)
-		continue;
-	    /* XXX hack for ss_quit */
-	    if(strcmp(cl->function, "ss_quit") == 0) {
-		fprintf(c_file, "int %s (int, char**);\n", cl->function);
-		fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n"); 
-		continue;
-	    }
-	    fprintf(c_file, "void %s (int, char**);\n", cl->function);
-	    fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n", 
-		    cl->function);
-	    fprintf(c_file, "{\n");
-	    fprintf(c_file, "  %s (argc, argv);\n", cl->function);
-	    fprintf(c_file, "  return 0;\n");
-	    fprintf(c_file, "}\n\n");
-	}
-
-	fprintf(c_file, "SL_cmd %s[] = {\n", table_name);
-	for(cl = commands; cl; cl = cl->next) {
-	    struct string_list *sl;
-	    sl = cl->aliases;
-	    p = quote(sl->string);
-	    q = quote(cl->help);
-	    fprintf(c_file, "  { %s, _%s_wrap, %s },\n", p, cl->function, q);
-	    free(p);
-	    free(q);
-    
-	    for(sl = sl->next; sl; sl = sl->next) {
-		p = quote(sl->string);
-		fprintf(c_file, "  { %s },\n", p);
-		free(p);
-	    }
-	}
-	fprintf(c_file, "  { NULL },\n");
-	fprintf(c_file, "};\n");
-	fprintf(c_file, "\n");
-    }
-    fclose(c_file);
-    free(base);
-    free(cfn);
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
-    { "version", 0, arg_flag, &version_flag },
-    { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-static void
-usage(int code)
-{
-    arg_printusage(args, num_args, NULL, "command-table");
-    exit(code);
-}
-
-int
-main(int argc, char **argv)
-{
-    int optind = 0;
-
-    setprogname(argv[0]);
-    if(getarg(args, num_args, argc, argv, &optind))
-	usage(1);
-    if(help_flag)
-	usage(0);
-    if(version_flag) {
-	print_version(NULL);
-	exit(0);
-    }
-    
-    if(argc == optind)
-	usage(1);
-    filename = argv[optind];
-    yyin = fopen(filename, "r");
-    if(yyin == NULL)
-	err(1, "%s", filename);
-    
-    yyparse();
-    
-    generate_commands();
-
-    if(numerror)
-	return 1;
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/make_cmds.h b/crypto/heimdal/lib/sl/make_cmds.h
deleted file mode 100644
index 6d64d979f402..000000000000
--- a/crypto/heimdal/lib/sl/make_cmds.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: make_cmds.h,v 1.3 2000/06/27 02:36:56 assar Exp $ */
-
-#ifndef __MAKE_CMDS_H__
-#define __MAKE_CMDS_H__
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <roken.h>
-
-extern char *filename;
-extern char *table_name;
-extern int numerror;
-
-struct command_list {
-    char *function;
-    char *help;
-    struct string_list *aliases;
-    unsigned flags;
-    struct command_list *next;
-    struct command_list **tail;
-};
-
-struct string_list {
-    char *string;
-    struct string_list *next;
-    struct string_list **tail;
-};
-
-void add_command(char*, char*, struct string_list*, unsigned);
-
-void error_message(const char *, ...)
-    __attribute__ ((format (printf, 1,2)));
-
-int yylex (void);
-
-#endif /* __MAKE_CMDS_H__ */
diff --git a/crypto/heimdal/lib/sl/parse.y b/crypto/heimdal/lib/sl/parse.y
deleted file mode 100644
index deff9336375e..000000000000
--- a/crypto/heimdal/lib/sl/parse.y
+++ /dev/null
@@ -1,167 +0,0 @@
-%{
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "make_cmds.h"
-RCSID("$Id: parse.y,v 1.7 2000/06/27 02:37:18 assar Exp $");
-
-static void yyerror (char *s);
-
-struct string_list* append_string(struct string_list*, char*);
-void free_string_list(struct string_list *list);
-unsigned string_to_flag(const char *);
-
-/* This is for bison */
-
-#if !defined(alloca) && !defined(HAVE_ALLOCA)
-#define alloca(x) malloc(x)
-#endif
-
-%}
-
-%union {
-  char *string;
-  unsigned number;
-  struct string_list *list;
-}
-
-%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END
-%token <string> STRING
-%type <number> flag flags
-%type <list> aliases
-
-%%
-
-file		: /* */ 
-		| statements
-		;
-
-statements	: statement
-		| statements statement
-		;
-
-statement	: TABLE STRING ';'
-		{
-		    table_name = $2;
-		}
-		| REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';'
-		{
-		    add_command($2, $4, $6, $9);
-		}
-		| REQUEST STRING ',' STRING ',' aliases ';'
-		{
-		    add_command($2, $4, $6, 0);
-		}
-		| UNIMPLEMENTED STRING ',' STRING ',' aliases ';'
-		{
-		    free($2);
-		    free($4);
-		    free_string_list($6);
-		}
-		| UNKNOWN aliases ';'
-		{
-		    free_string_list($2);
-		}
-		| END ';'
-		{
-		    YYACCEPT;
-		}
-		;
-
-aliases		: STRING
-		{
-		    $$ = append_string(NULL, $1);
-		}
-		| aliases ',' STRING
-		{
-		    $$ = append_string($1, $3);
-		}
-		;
-
-flags		: flag
-		{
-		    $$ = $1;
-		}
-		| flags ',' flag
-		{
-		    $$ = $1 | $3;
-		}
-		;
-flag		: STRING
-		{
-		    $$ = string_to_flag($1);
-		    free($1);
-		}
-		;
-
-
-
-%%
-
-static void
-yyerror (char *s)
-{
-    error_message ("%s\n", s);
-}
-
-struct string_list*
-append_string(struct string_list *list, char *str)
-{
-    struct string_list *sl = malloc(sizeof(*sl));
-    sl->string = str;
-    sl->next = NULL;
-    if(list) {
-	*list->tail = sl;
-	list->tail = &sl->next;
-	return list;
-    }
-    sl->tail = &sl->next;
-    return sl;
-}
-
-void
-free_string_list(struct string_list *list)
-{
-    while(list) {
-	struct string_list *sl = list->next;
-	free(list->string);
-	free(list);
-	list = sl;
-    }
-}
-
-unsigned
-string_to_flag(const char *string)
-{
-    return 0;
-}
diff --git a/crypto/heimdal/lib/sl/roken_rename.h b/crypto/heimdal/lib/sl/roken_rename.h
deleted file mode 100644
index 17837fbaa253..000000000000
--- a/crypto/heimdal/lib/sl/roken_rename.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-/* $Id: roken_rename.h,v 1.5 2001/05/06 21:47:54 assar Exp $ */
-
-#ifndef __roken_rename_h__
-#define __roken_rename_h__
-
-#ifndef HAVE_STRTOK_R
-#define strtok_r _sl_strtok_r
-#endif
-#ifndef HAVE_SNPRINTF
-#define snprintf _sl_snprintf
-#endif
-#ifndef HAVE_ASPRINTF
-#define asprintf _sl_asprintf
-#endif
-#ifndef HAVE_ASNPRINTF
-#define asnprintf _sl_asnprintf
-#endif
-#ifndef HAVE_VASPRINTF
-#define vasprintf _sl_vasprintf
-#endif
-#ifndef HAVE_VASNPRINTF
-#define vasnprintf _sl_vasnprintf
-#endif
-#ifndef HAVE_VSNPRINTF
-#define vsnprintf _sl_vsnprintf
-#endif
-#ifndef HAVE_STRUPR
-#define strupr _sl_strupr
-#endif
-#ifndef HAVE_STRDUP
-#define strdup _sl_strdup
-#endif
-
-#endif /* __roken_rename_h__ */
diff --git a/crypto/heimdal/lib/sl/sl.c b/crypto/heimdal/lib/sl/sl.c
deleted file mode 100644
index 98b101c5b1f8..000000000000
--- a/crypto/heimdal/lib/sl/sl.c
+++ /dev/null
@@ -1,346 +0,0 @@
-/*
- * Copyright (c) 1995 - 2001 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: sl.c,v 1.29 2001/02/20 01:44:55 assar Exp $");
-#endif
-
-#include "sl_locl.h"
-#include <setjmp.h>
-
-static size_t
-print_sl (FILE *stream, int mdoc, int longp, SL_cmd *c)
-    __attribute__ ((unused));
-
-static size_t
-print_sl (FILE *stream, int mdoc, int longp, SL_cmd *c)
-{
-    if(mdoc){
-	if(longp)
-	    fprintf(stream, "= Ns");
-	fprintf(stream, " Ar ");
-    }else
-	if (longp)
-	    putc ('=', stream);
-	else
-	    putc (' ', stream);
-
-    return 1;
-}
-
-static void
-mandoc_template(SL_cmd *cmds,
-		const char *extra_string)
-{
-    SL_cmd *c, *prev;
-    char timestr[64], cmd[64];
-    const char *p;
-    time_t t;
-
-    printf(".\\\" Things to fix:\n");
-    printf(".\\\"   * correct section, and operating system\n");
-    printf(".\\\"   * remove Op from mandatory flags\n");
-    printf(".\\\"   * use better macros for arguments (like .Pa for files)\n");
-    printf(".\\\"\n");
-    t = time(NULL);
-    strftime(timestr, sizeof(timestr), "%b %d, %Y", localtime(&t));
-    printf(".Dd %s\n", timestr);
-    p = strrchr(getprogname(), '/');
-    if(p) p++; else p = getprogname();
-    strncpy(cmd, p, sizeof(cmd));
-    cmd[sizeof(cmd)-1] = '\0';
-    strupr(cmd);
-       
-    printf(".Dt %s SECTION\n", cmd);
-    printf(".Os OPERATING_SYSTEM\n");
-    printf(".Sh NAME\n");
-    printf(".Nm %s\n", p);
-    printf(".Nd\n");
-    printf("in search of a description\n");
-    printf(".Sh SYNOPSIS\n");
-    printf(".Nm\n");
-    for(c = cmds; c->name; ++c) {
-/*	if (c->func == NULL)
-	    continue; */
-	printf(".Op Fl %s", c->name);
-/*	print_sl(stdout, 1, 0, c);*/
-	printf("\n");
-	
-    }
-    if (extra_string && *extra_string)
-	printf (".Ar %s\n", extra_string);
-    printf(".Sh DESCRIPTION\n");
-    printf("Supported options:\n");
-    printf(".Bl -tag -width Ds\n");
-    prev = NULL;
-    for(c = cmds; c->name; ++c) {
-	if (c->func) {
-	    if (prev)
-		printf ("\n%s\n", prev->usage);
-
-	    printf (".It Fl %s", c->name);
-	    prev = c;
-	} else
-	    printf (", %s\n", c->name);
-    }
-    if (prev)
-	printf ("\n%s\n", prev->usage);
-
-    printf(".El\n");
-    printf(".\\\".Sh ENVIRONMENT\n");
-    printf(".\\\".Sh FILES\n");
-    printf(".\\\".Sh EXAMPLES\n");
-    printf(".\\\".Sh DIAGNOSTICS\n");
-    printf(".\\\".Sh SEE ALSO\n");
-    printf(".\\\".Sh STANDARDS\n");
-    printf(".\\\".Sh HISTORY\n");
-    printf(".\\\".Sh AUTHORS\n");
-    printf(".\\\".Sh BUGS\n");
-}
-
-static SL_cmd *
-sl_match (SL_cmd *cmds, char *cmd, int exactp)
-{
-    SL_cmd *c, *current = NULL, *partial_cmd = NULL;
-    int partial_match = 0;
-
-    for (c = cmds; c->name; ++c) {
-	if (c->func)
-	    current = c;
-	if (strcmp (cmd, c->name) == 0)
-	    return current;
-	else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
-		 partial_cmd != current) {
-	    ++partial_match;
-	    partial_cmd = current;
-	}
-    }
-    if (partial_match == 1 && !exactp)
-	return partial_cmd;
-    else
-	return NULL;
-}
-
-void
-sl_help (SL_cmd *cmds, int argc, char **argv)
-{
-    SL_cmd *c, *prev_c;
-
-    if (getenv("SLMANDOC")) {
-	mandoc_template(cmds, NULL);
-	return;
-    }
-
-    if (argc == 1) {
-	prev_c = NULL;
-	for (c = cmds; c->name; ++c) {
-	    if (c->func) {
-		if(prev_c)
-		    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
-			    prev_c->usage ? "\n" : "");
-		prev_c = c;
-		printf ("%s", c->name);
-	    } else
-		printf (", %s", c->name);
-	}
-	if(prev_c)
-	    printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
-		    prev_c->usage ? "\n" : "");
-    } else { 
-	c = sl_match (cmds, argv[1], 0);
-	if (c == NULL)
-	    printf ("No such command: %s. "
-		    "Try \"help\" for a list of all commands\n",
-		    argv[1]);
-	else {
-	    printf ("%s\t%s\n", c->name, c->usage);
-	    if(c->help && *c->help)
-		printf ("%s\n", c->help);
-	    if((++c)->name && c->func == NULL) {
-		printf ("Synonyms:");
-		while (c->name && c->func == NULL)
-		    printf ("\t%s", (c++)->name);
-		printf ("\n");
-	    }
-	}
-    }
-}
-
-#ifdef HAVE_READLINE
-
-char *readline(char *prompt);
-void add_history(char *p);
-
-#else
-
-static char *
-readline(char *prompt)
-{
-    char buf[BUFSIZ];
-    printf ("%s", prompt);
-    fflush (stdout);
-    if(fgets(buf, sizeof(buf), stdin) == NULL)
-	return NULL;
-    if (buf[strlen(buf) - 1] == '\n')
-	buf[strlen(buf) - 1] = '\0';
-    return strdup(buf);
-}
-
-static void
-add_history(char *p)
-{
-}
-
-#endif
-
-int
-sl_command(SL_cmd *cmds, int argc, char **argv)
-{
-    SL_cmd *c;
-    c = sl_match (cmds, argv[0], 0);
-    if (c == NULL)
-	return -1;
-    return (*c->func)(argc, argv);
-}
-
-struct sl_data {
-    int max_count;
-    char **ptr;
-};
-
-int
-sl_make_argv(char *line, int *ret_argc, char ***ret_argv)
-{
-    char *foo = NULL;
-    char *p;
-    int argc, nargv;
-    char **argv;
-    
-    nargv = 10;
-    argv = malloc(nargv * sizeof(*argv));
-    if(argv == NULL)
-	return ENOMEM;
-    argc = 0;
-
-    for(p = strtok_r (line, " \t", &foo);
-	p;
-	p = strtok_r (NULL, " \t", &foo)) {
-	if(argc == nargv - 1) {
-	    char **tmp;
-	    nargv *= 2;
-	    tmp = realloc (argv, nargv * sizeof(*argv));
-	    if (tmp == NULL) {
-		free(argv);
-		return ENOMEM;
-	    }
-	    argv = tmp;
-	}
-	argv[argc++] = p;
-    }
-    argv[argc] = NULL;
-    *ret_argc = argc;
-    *ret_argv = argv;
-    return 0;
-}
-
-static jmp_buf sl_jmp;
-
-static void sl_sigint(int sig)
-{
-    longjmp(sl_jmp, 1);
-}
-
-static char *sl_readline(const char *prompt)
-{
-    char *s;
-    void (*old)(int);
-    old = signal(SIGINT, sl_sigint);
-    if(setjmp(sl_jmp))
-	printf("\n");
-    s = readline((char*)prompt);
-    signal(SIGINT, old);
-    return s;
-}
-
-/* return values: 0 on success, -1 on fatal error, or return value of command */
-int
-sl_command_loop(SL_cmd *cmds, const char *prompt, void **data)
-{
-    int ret = 0;
-    char *buf;
-    int argc;
-    char **argv;
-	
-    ret = 0;
-    buf = sl_readline(prompt);
-    if(buf == NULL)
-	return 1;
-
-    if(*buf)
-	add_history(buf);
-    ret = sl_make_argv(buf, &argc, &argv);
-    if(ret) {
-	fprintf(stderr, "sl_loop: out of memory\n");
-	free(buf);
-	return -1;
-    }
-    if (argc >= 1) {
-	ret = sl_command(cmds, argc, argv);
-	if(ret == -1) {
-	    printf ("Unrecognized command: %s\n", argv[0]);
-	    ret = 0;
-	}
-    }
-    free(buf);
-    free(argv);
-    return ret;
-}
-
-int 
-sl_loop(SL_cmd *cmds, const char *prompt)
-{
-    void *data = NULL;
-    int ret;
-    while((ret = sl_command_loop(cmds, prompt, &data)) == 0)
-	;
-    return ret;
-}
-
-void
-sl_apropos (SL_cmd *cmd, const char *topic)
-{
-    for (; cmd->name != NULL; ++cmd)
-        if (cmd->usage != NULL && strstr(cmd->usage, topic) != NULL)
-	    printf ("%-20s%s\n", cmd->name, cmd->usage);
-}
diff --git a/crypto/heimdal/lib/sl/sl.h b/crypto/heimdal/lib/sl/sl.h
deleted file mode 100644
index 5b3e4b7d643d..000000000000
--- a/crypto/heimdal/lib/sl/sl.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: sl.h,v 1.9 2001/01/26 14:58:41 joda Exp $ */
-
-#ifndef _SL_H
-#define _SL_H
-
-#define SL_BADCOMMAND -1
-
-typedef int (*cmd_func)(int, char **);
-
-struct sl_cmd {
-  char *name;
-  cmd_func func;
-  char *usage;
-  char *help;
-};
-
-typedef struct sl_cmd SL_cmd;
-
-void sl_help (SL_cmd *, int argc, char **argv);
-int  sl_loop (SL_cmd *, const char *prompt);
-int  sl_command_loop (SL_cmd *cmds, const char *prompt, void **data);
-int  sl_command (SL_cmd *cmds, int argc, char **argv);
-int sl_make_argv(char*, int*, char***);
-void sl_apropos (SL_cmd *cmd, const char *topic);
-
-
-#endif /* _SL_H */
diff --git a/crypto/heimdal/lib/sl/sl_locl.h b/crypto/heimdal/lib/sl/sl_locl.h
deleted file mode 100644
index 4bd966003b3d..000000000000
--- a/crypto/heimdal/lib/sl/sl_locl.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: sl_locl.h,v 1.6 1999/12/02 16:58:55 joda Exp $ */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-#include <roken.h>
-
-#include <sl.h>
diff --git a/crypto/heimdal/lib/sl/ss.c b/crypto/heimdal/lib/sl/ss.c
deleted file mode 100644
index 7655a9ec3689..000000000000
--- a/crypto/heimdal/lib/sl/ss.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#include "sl_locl.h"
-#include <com_err.h>
-#include "ss.h"
-
-RCSID("$Id: ss.c,v 1.6 2000/05/25 00:14:58 assar Exp $");
-
-struct ss_subst {
-    char *name;
-    char *version;
-    char *info;
-    ss_request_table *table;
-};
-
-static struct ss_subst subsystems[2];
-static int num_subsystems;
-
-int
-ss_create_invocation(const char *subsystem, 
-		     const char *version, 
-		     const char *info, 
-		     ss_request_table *table, 
-		     int *code)
-{
-    struct ss_subst *ss;
-
-    if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) {
-	*code = 17;
-	return 0;
-    }
-    ss = &subsystems[num_subsystems];
-    ss->name = ss->version = ss->info = NULL;
-    if (subsystem != NULL) {
-	ss->name = strdup (subsystem);
-	if (ss->name == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    if (version != NULL) {
-	ss->version = strdup (version);
-	if (ss->version == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    if (info != NULL) {
-	ss->info = strdup (info);
-	if (ss->info == NULL) {
-	    *code = ENOMEM;
-	    return 0;
-	}
-    }
-    ss->table = table;
-    *code = 0;
-    return num_subsystems++;
-}
-
-void
-ss_error (int index, long code, const char *fmt, ...)
-{
-    va_list ap;
-    va_start(ap, fmt);
-    com_err_va (subsystems[index].name, code, fmt, ap);
-    va_end(ap);
-}
-
-void
-ss_perror (int index, long code, const char *msg)
-{
-    ss_error(index, code, "%s", msg);
-}
-
-int
-ss_execute_command(int index, char **argv)
-{
-    int argc = 0;
-    int ret;
-
-    while(argv[argc++]);
-    ret = sl_command(subsystems[index].table, argc, argv);
-    if (ret == SL_BADCOMMAND)
-	return SS_ET_COMMAND_NOT_FOUND;
-    return 0;
-}
-
-int
-ss_execute_line (int index, const char *line)
-{
-    char *buf = strdup(line);
-    int argc;
-    char **argv;
-    int ret;
-    
-    if (buf == NULL)
-	return ENOMEM;
-    sl_make_argv(buf, &argc, &argv);
-    ret = sl_command(subsystems[index].table, argc, argv);
-    free(buf);
-    if (ret == SL_BADCOMMAND)
-	return SS_ET_COMMAND_NOT_FOUND;
-    return 0;
-}
-
-int
-ss_listen (int index)
-{
-    char *prompt = malloc(strlen(subsystems[index].name) + 3);
-    if (prompt == NULL)
-	return ENOMEM;
-
-    strcpy(prompt, subsystems[index].name);
-    strcat(prompt, ": ");
-    sl_loop(subsystems[index].table, prompt);
-    free(prompt);
-    return 0;
-}
-
-int
-ss_list_requests(int argc, char **argv /* , int index, void *info */)
-{
-    sl_help(subsystems[0 /* index */].table, argc, argv);
-    return 0;
-}
-
-int
-ss_quit(int argc, char **argv)
-{
-    return 1;
-}
diff --git a/crypto/heimdal/lib/sl/ss.h b/crypto/heimdal/lib/sl/ss.h
deleted file mode 100644
index 0149fa18aaf6..000000000000
--- a/crypto/heimdal/lib/sl/ss.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 1998 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-/* $Id: ss.h,v 1.3 2000/05/25 00:15:21 assar Exp $ */
-
-/* SS compatibility for SL */
-
-#ifndef __ss_h__
-#define __ss_h__
-
-#include <sl.h>
-
-typedef SL_cmd ss_request_table;
-
-int ss_create_invocation (const char *, const char *, const char*, 
-			  ss_request_table*, int*);
-
-void ss_error (int, long, const char*, ...);
-int ss_execute_command (int, char**);
-int ss_execute_line (int, const char*);
-int ss_list_requests (int argc, char**);
-int ss_listen (int);
-void ss_perror (int, long, const char*);
-int ss_quit (int argc, char**);
-
-#define SS_ET_COMMAND_NOT_FOUND (-1)
-
-#endif /* __ss_h__ */
diff --git a/crypto/heimdal/lib/vers/ChangeLog b/crypto/heimdal/lib/vers/ChangeLog
deleted file mode 100644
index f5a869d585fd..000000000000
--- a/crypto/heimdal/lib/vers/ChangeLog
+++ /dev/null
@@ -1,42 +0,0 @@
-2003-01-02  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: considerable clean up
-
-	* make-print-version.c: make VERSIONLIST a string instead of an
-	array of strings
-
-2002-08-28  Assar Westerlund  <assar@kth.se>
-
-	* Makefile.am (make_print_version_LDADD): do not hardcode -ldes,
-	use $(LIB_des)
-
-2002-08-19  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: add bug-report message
-
-2002-05-20  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: update year
-
-2001-08-24  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am (make_print_version_LDADD): use = instead of += (be
-	nice to current automake)
-
-2001-04-21  Johan Danielsson  <joda@pdc.kth.se>
-
-	* print_version.c: 2001
-
-2001-01-31  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: remove -static turning this into a convenience
-	library
-
-2000-11-15  Assar Westerlund  <assar@sics.se>
-
-	* Makefile.am: make the library static and don't install it
-
-2000-07-08  Assar Westerlund  <assar@sics.se>
-
-	* make-print-version.c (heimdal_version, krb4_version): const-ize,
-	based on thorpej@netbsd.org's change to NetBSD
diff --git a/crypto/heimdal/lib/vers/Makefile b/crypto/heimdal/lib/vers/Makefile
deleted file mode 100644
index 16a4a28c5be5..000000000000
--- a/crypto/heimdal/lib/vers/Makefile
+++ /dev/null
@@ -1,600 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# lib/vers/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.5 2002/08/28 22:57:42 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ../..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ../..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-CLEANFILES = print_version.h
-
-noinst_LTLIBRARIES = libvers.la
-
-build_HEADERZ = vers.h
-
-noinst_PROGRAMS = make-print-version
-
-#make_print_version_LDADD = $(LIB_krb4) $(LIB_des)
-
-libvers_la_SOURCES = print_version.c
-subdir = lib/vers
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(noinst_LTLIBRARIES)
-
-libvers_la_LDFLAGS =
-libvers_la_LIBADD =
-am_libvers_la_OBJECTS = print_version.lo
-libvers_la_OBJECTS = $(am_libvers_la_OBJECTS)
-noinst_PROGRAMS = make-print-version$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-make_print_version_SOURCES = make-print-version.c
-make_print_version_OBJECTS = make-print-version.$(OBJEXT)
-make_print_version_DEPENDENCIES =
-#make_print_version_DEPENDENCIES =
-#make_print_version_DEPENDENCIES =
-##make_print_version_DEPENDENCIES =
-make_print_version_LDFLAGS =
-
-DEFS = -DHAVE_CONFIG_H
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = 
-LDFLAGS = 
-LIBS = 
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = -DINET6 -g -O2
-DIST_SOURCES = $(libvers_la_SOURCES) make-print-version.c
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(libvers_la_SOURCES) make-print-version.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/vers/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test -z "$dir" && dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
-libvers.la: $(libvers_la_OBJECTS) $(libvers_la_DEPENDENCIES) 
-	$(LINK)  $(libvers_la_LDFLAGS) $(libvers_la_OBJECTS) $(libvers_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; for p in $$list; do \
-	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
-	  echo " rm -f $$p $$f"; \
-	  rm -f $$p $$f ; \
-	done
-make-print-version$(EXEEXT): $(make_print_version_OBJECTS) $(make_print_version_DEPENDENCIES) 
-	@rm -f make-print-version$(EXEEXT)
-	$(LINK) $(make_print_version_LDFLAGS) $(make_print_version_OBJECTS) $(make_print_version_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-data-local install-exec install-exec-am \
-	install-info install-info-am install-man install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/vers/Makefile.am b/crypto/heimdal/lib/vers/Makefile.am
deleted file mode 100644
index d8816123df4d..000000000000
--- a/crypto/heimdal/lib/vers/Makefile.am
+++ /dev/null
@@ -1,28 +0,0 @@
-# $Id: Makefile.am,v 1.5 2002/08/28 22:57:42 assar Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-CLEANFILES		= print_version.h
-
-noinst_LTLIBRARIES	= libvers.la
-
-build_HEADERZ		= vers.h
-
-noinst_PROGRAMS		= make-print-version
-
-if KRB4
-if KRB5
-## need to link with des here; otherwise, if krb4 is shared the link
-## will fail with unresolved references
-make_print_version_LDADD = $(LIB_krb4) $(LIB_des)
-endif
-endif
-
-libvers_la_SOURCES	= print_version.c
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
diff --git a/crypto/heimdal/lib/vers/Makefile.in b/crypto/heimdal/lib/vers/Makefile.in
deleted file mode 100644
index 949bd72d4763..000000000000
--- a/crypto/heimdal/lib/vers/Makefile.in
+++ /dev/null
@@ -1,592 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.5 2002/08/28 22:57:42 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-CLEANFILES = print_version.h
-
-noinst_LTLIBRARIES = libvers.la
-
-build_HEADERZ = vers.h
-
-noinst_PROGRAMS = make-print-version
-
-@KRB4_TRUE@@KRB5_TRUE@make_print_version_LDADD = $(LIB_krb4) $(LIB_des)
-
-libvers_la_SOURCES = print_version.c
-subdir = lib/vers
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-LTLIBRARIES = $(noinst_LTLIBRARIES)
-
-libvers_la_LDFLAGS =
-libvers_la_LIBADD =
-am_libvers_la_OBJECTS = print_version.lo
-libvers_la_OBJECTS = $(am_libvers_la_OBJECTS)
-noinst_PROGRAMS = make-print-version$(EXEEXT)
-PROGRAMS = $(noinst_PROGRAMS)
-
-make_print_version_SOURCES = make-print-version.c
-make_print_version_OBJECTS = make-print-version.$(OBJEXT)
-@KRB4_FALSE@@KRB5_TRUE@make_print_version_DEPENDENCIES =
-@KRB4_FALSE@@KRB5_FALSE@make_print_version_DEPENDENCIES =
-@KRB4_TRUE@@KRB5_TRUE@make_print_version_DEPENDENCIES =
-@KRB4_TRUE@@KRB5_FALSE@make_print_version_DEPENDENCIES =
-make_print_version_LDFLAGS =
-
-DEFS = @DEFS@
-DEFAULT_INCLUDES =  -I. -I$(srcdir) -I$(top_builddir)/include
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-depcomp =
-am__depfiles_maybe =
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-CFLAGS = @CFLAGS@
-DIST_SOURCES = $(libvers_la_SOURCES) make-print-version.c
-DIST_COMMON = ChangeLog Makefile.am Makefile.in
-SOURCES = $(libvers_la_SOURCES) make-print-version.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  lib/vers/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-libvers.la: $(libvers_la_OBJECTS) $(libvers_la_DEPENDENCIES) 
-	$(LINK)  $(libvers_la_LDFLAGS) $(libvers_la_OBJECTS) $(libvers_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-make-print-version$(EXEEXT): $(make_print_version_OBJECTS) $(make_print_version_DEPENDENCIES) 
-	@rm -f make-print-version$(EXEEXT)
-	$(LINK) $(make_print_version_LDFLAGS) $(make_print_version_OBJECTS) $(make_print_version_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT) core *.core
-
-distclean-compile:
-	-rm -f *.tab.c
-
-.c.o:
-	$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
-
-.c.obj:
-	$(COMPILE) -c `cygpath -w $<`
-
-.c.lo:
-	$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-ETAGS = etags
-ETAGSFLAGS =
-
-tags: TAGS
-
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	mkid -fID $$unique
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '    { files[$$0] = 1; } \
-	       END { for (i in files) print i; }'`; \
-	test -z "$(ETAGS_ARGS)$$tags$$unique" \
-	  || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	     $$tags $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ../..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
-
-installdirs:
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-libtool distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am:
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-uninstall-am: uninstall-info-am
-
-.PHONY: GTAGS all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-noinstPROGRAMS distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am info info-am install install-am install-data \
-	install-data-am install-exec install-exec-am install-info \
-	install-info-am install-man install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool tags uninstall \
-	uninstall-am uninstall-info-am
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-print_version.lo: print_version.h
-
-print_version.h: make-print-version$(EXEEXT)
-	./make-print-version$(EXEEXT) print_version.h
-
-make-print-version.o: $(top_builddir)/include/version.h
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c
deleted file mode 100644
index eab167d05d10..000000000000
--- a/crypto/heimdal/lib/vers/make-print-version.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: make-print-version.c,v 1.3 2003/01/02 15:31:38 joda Exp $");
-#endif
-
-#include <stdio.h>
-
-#ifdef KRB5
-extern const char *heimdal_version;
-#endif
-#ifdef KRB4
-extern const char *krb4_version;
-#endif
-#include <version.h>
-
-int
-main(int argc, char **argv)
-{
-    FILE *f;
-    if(argc != 2)
-	return 1;
-    f = fopen(argv[1], "w");
-    if(f == NULL)
-	return 1;
-    fprintf(f, "#define VERSIONLIST \"");
-#ifdef KRB5
-    fprintf(f, "%s", heimdal_version);
-#endif
-#ifdef KRB4
-#ifdef KRB5
-    fprintf(f, ", ");
-#endif
-    fprintf(f, "%s", krb4_version);
-#endif
-    fprintf(f, "\"\n");
-    fclose(f);
-    return 0;
-}
diff --git a/crypto/heimdal/lib/vers/print_version.c b/crypto/heimdal/lib/vers/print_version.c
deleted file mode 100644
index 2376c8165f33..000000000000
--- a/crypto/heimdal/lib/vers/print_version.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
- *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
- *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
- *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c,v 1.6 2003/01/02 15:32:50 joda Exp $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
-    const char *package_list = VERSIONLIST;
-    
-    if(progname == NULL)
-	progname = getprogname();
-    
-    if(*package_list == '\0')
-	package_list = "no version information";
-    fprintf(stderr, "%s (%s)\n", progname, package_list);
-    fprintf(stderr, "Copyright 1999-2003 Kungliga Tekniska H�gskolan\n");
-    fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
-}
diff --git a/crypto/heimdal/lib/vers/vers.h b/crypto/heimdal/lib/vers/vers.h
deleted file mode 100644
index cc70355f42fa..000000000000
--- a/crypto/heimdal/lib/vers/vers.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 1995 - 2000 Kungliga Tekniska H�gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: vers.h,v 1.1 2000/07/01 19:47:36 assar Exp $ */
-
-#ifndef __VERS_H__
-#define __VERS_H__
-
-void print_version(const char *);
-
-#endif /*  __VERS_H__ */
diff --git a/crypto/heimdal/libtool b/crypto/heimdal/libtool
deleted file mode 100755
index cc649310e964..000000000000
--- a/crypto/heimdal/libtool
+++ /dev/null
@@ -1,5270 +0,0 @@
-#! /bin/sh
-
-# libtool - Provide generalized library-building support services.
-# Generated automatically by  (GNU heimdal 0.4f)
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Libtool was configured on host shade.nectar.cc:
-
-# Shell to use when invoking shell scripts.
-SHELL="/bin/sh"
-
-# Whether or not to build shared libraries.
-build_libtool_libs=yes
-
-# Whether or not to build static libraries.
-build_old_libs=yes
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=yes
-
-# Whether or not to optimize for fast installation.
-fast_install=yes
-
-# The host system.
-host_alias=
-host=i386-unknown-freebsd5.0
-
-# An echo program that does not interpret backslashes.
-echo="echo"
-
-# The archiver.
-AR="ar"
-AR_FLAGS="cru"
-
-# The default C compiler.
-CC="gcc "
-
-# Is the compiler the GNU C compiler?
-with_gcc=yes
-
-# The linker used to build libraries.
-LD="/usr/libexec/elf/ld"
-
-# Whether we need hard or soft links.
-LN_S="ln -s"
-
-# A BSD-compatible nm program.
-NM="/usr/bin/nm -B"
-
-# A symbol stripping program
-STRIP=strip
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=file
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="dlltool"
-
-# Used on cygwin: object dumper.
-OBJDUMP="objdump"
-
-# Used on cygwin: assembler.
-AS="as"
-
-# The name of the directory that contains temporary libtool files.
-objdir=.libs
-
-# How to create reloadable object files.
-reload_flag=" -r"
-reload_cmds="\$LD\$reload_flag -o \$output\$reload_objs"
-
-# How to pass a linker flag through the compiler.
-wl="-Wl,"
-
-# Object file suffix (normally "o").
-objext="o"
-
-# Old archive suffix (normally "a").
-libext="a"
-
-# Executable file suffix (normally "").
-exeext=""
-
-# Additional compiler flags for building library objects.
-pic_flag=" -fPIC"
-pic_mode=default
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o="yes"
-
-# Can we write directly to a .lo ?
-compiler_o_lo="yes"
-
-# Must we lock files when doing compilation ?
-need_locks="no"
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=no
-
-# Do we need a version for libraries?
-need_version=no
-
-# Whether dlopen is supported.
-dlopen_support=unknown
-
-# Whether dlopen of programs is supported.
-dlopen_self=unknown
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=unknown
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag="-static"
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=" -fno-builtin -fno-rtti -fno-exceptions"
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec="\${wl}--export-dynamic"
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec="\${wl}--whole-archive\$convenience \${wl}--no-whole-archive"
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=""
-
-# Library versioning type.
-version_type=freebsd-elf
-
-# Format of library name prefix.
-libname_spec="lib\$name"
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec="\${libname}\${release}.so\$versuffix \${libname}\${release}.so \$libname.so"
-
-# The coded name of the library, if different from the real name.
-soname_spec=""
-
-# Commands used to build and install an old-style archive.
-RANLIB="ranlib"
-old_archive_cmds="\$AR \$AR_FLAGS \$oldlib\$oldobjs\$old_deplibs~\$RANLIB \$oldlib"
-old_postinstall_cmds="\$RANLIB \$oldlib~chmod 644 \$oldlib"
-old_postuninstall_cmds=""
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=""
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=""
-
-# Commands used to build and install a shared archive.
-archive_cmds="\$CC -shared \$libobjs \$deplibs \$compiler_flags \${wl}-soname \$wl\$soname -o \$lib"
-archive_expsym_cmds="\$CC -shared \$libobjs \$deplibs \$compiler_flags \${wl}-soname \$wl\$soname \${wl}-retain-symbols-file \$wl\$export_symbols -o \$lib"
-postinstall_cmds=""
-postuninstall_cmds=""
-
-# Commands to strip libraries.
-old_striplib="strip --strip-debug"
-striplib="strip --strip-unneeded"
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method="pass_all"
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd="\$MAGIC_CMD"
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=""
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=""
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=""
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=""
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe="sed -n -e 's/^.*[ 	]\\([ABCDGISTW][ABCDGISTW]*\\)[ 	][ 	]*\\(\\)\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 \\2\\3 \\3/p'"
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl="sed -n -e 's/^. .* \\(.*\\)\$/extern char \\1;/p'"
-
-# Transform the output of nm in a C name address pair
-global_symbol_to_c_name_address="sed -n -e 's/^: \\([^ ]*\\) \$/  {\\\"\\1\\\", (lt_ptr) 0},/p' -e 's/^[BCDEGRST] \\([^ ]*\\) \\([^ ]*\\)\$/  {\"\\2\", (lt_ptr) \\&\\2},/p'"
-
-# This is the shared library runtime path variable.
-runpath_var=LD_RUN_PATH
-
-# This is the shared library path variable.
-shlibpath_var=LD_LIBRARY_PATH
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=no
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=immediate
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=yes
-
-# Flag to hardcode $libdir into a binary during linking.
-# This must work even if $libdir does not exist.
-hardcode_libdir_flag_spec="\${wl}--rpath \${wl}\$libdir"
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=""
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=no
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=no
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=unsupported
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="PATH LD_LIBRARY_PATH LD_RUN_PATH GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=unknown
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-
-# Fix the shell variable $srcfile for the compiler.
-fix_srcfile_path=""
-
-# Set to yes if exported symbols are required.
-always_export_symbols=no
-
-# The commands to list exported symbols.
-export_symbols_cmds="\$NM \$libobjs \$convenience | \$global_symbol_pipe | sed 's/.* //' | sort | uniq > \$export_symbols"
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=""
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-
-# Symbols that must always be exported.
-include_expsyms=""
-
-# ### END LIBTOOL CONFIG
-
-# ltmain.sh - Provide generalized library-building support services.
-# NOTE: Changing this file will not affect anything until you rerun configure.
-#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Check that we have a working $echo.
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell, and then maybe $echo will work.
-  exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit 0
-fi
-
-# The name of this program.
-progname=`$echo "$0" | sed 's%^.*/%%'`
-modename="$progname"
-
-# Constants.
-PROGRAM=ltmain.sh
-PACKAGE=libtool
-VERSION=1.4.2
-TIMESTAMP=" (1.922.2.53 2001/09/11 03:18:52)"
-
-default_mode=
-help="Try \`$progname --help' for more information."
-magic="%%%MAGIC variable%%%"
-mkdir="mkdir"
-mv="mv -f"
-rm="rm -f"
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
-SP2NL='tr \040 \012'
-NL2SP='tr \015\012 \040\040'
-
-# NLS nuisances.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
-# We save the old values to restore during execute mode.
-if test "${LC_ALL+set}" = set; then
-  save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
-fi
-if test "${LANG+set}" = set; then
-  save_LANG="$LANG"; LANG=C; export LANG
-fi
-
-# Make sure IFS has a sensible default
-: ${IFS=" 	"}
-
-if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
-  echo "$modename: not configured to build any kind of library" 1>&2
-  echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-  exit 1
-fi
-
-# Global variables.
-mode=$default_mode
-nonopt=
-prev=
-prevopt=
-run=
-show="$echo"
-show_help=
-execute_dlfiles=
-lo2o="s/\\.lo\$/.${objext}/"
-o2lo="s/\\.${objext}\$/.lo/"
-
-# Parse our command line options once, thoroughly.
-while test $# -gt 0
-do
-  arg="$1"
-  shift
-
-  case $arg in
-  -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  # If the previous option needs an argument, assign it.
-  if test -n "$prev"; then
-    case $prev in
-    execute_dlfiles)
-      execute_dlfiles="$execute_dlfiles $arg"
-      ;;
-    *)
-      eval "$prev=\$arg"
-      ;;
-    esac
-
-    prev=
-    prevopt=
-    continue
-  fi
-
-  # Have we seen a non-optional argument yet?
-  case $arg in
-  --help)
-    show_help=yes
-    ;;
-
-  --version)
-    echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
-    exit 0
-    ;;
-
-  --config)
-    sed -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $0
-    exit 0
-    ;;
-
-  --debug)
-    echo "$progname: enabling shell trace mode"
-    set -x
-    ;;
-
-  --dry-run | -n)
-    run=:
-    ;;
-
-  --features)
-    echo "host: $host"
-    if test "$build_libtool_libs" = yes; then
-      echo "enable shared libraries"
-    else
-      echo "disable shared libraries"
-    fi
-    if test "$build_old_libs" = yes; then
-      echo "enable static libraries"
-    else
-      echo "disable static libraries"
-    fi
-    exit 0
-    ;;
-
-  --finish) mode="finish" ;;
-
-  --mode) prevopt="--mode" prev=mode ;;
-  --mode=*) mode="$optarg" ;;
-
-  --quiet | --silent)
-    show=:
-    ;;
-
-  -dlopen)
-    prevopt="-dlopen"
-    prev=execute_dlfiles
-    ;;
-
-  -*)
-    $echo "$modename: unrecognized option \`$arg'" 1>&2
-    $echo "$help" 1>&2
-    exit 1
-    ;;
-
-  *)
-    nonopt="$arg"
-    break
-    ;;
-  esac
-done
-
-if test -n "$prevopt"; then
-  $echo "$modename: option \`$prevopt' requires an argument" 1>&2
-  $echo "$help" 1>&2
-  exit 1
-fi
-
-# If this variable is set in any of the actions, the command in it
-# will be execed at the end.  This prevents here-documents from being
-# left over by shells.
-exec_cmd=
-
-if test -z "$show_help"; then
-
-  # Infer the operation mode.
-  if test -z "$mode"; then
-    case $nonopt in
-    *cc | *++ | gcc* | *-gcc*)
-      mode=link
-      for arg
-      do
-	case $arg in
-	-c)
-	   mode=compile
-	   break
-	   ;;
-	esac
-      done
-      ;;
-    *db | *dbx | *strace | *truss)
-      mode=execute
-      ;;
-    *install*|cp|mv)
-      mode=install
-      ;;
-    *rm)
-      mode=uninstall
-      ;;
-    *)
-      # If we have no mode, but dlfiles were specified, then do execute mode.
-      test -n "$execute_dlfiles" && mode=execute
-
-      # Just use the default operation mode.
-      if test -z "$mode"; then
-	if test -n "$nonopt"; then
-	  $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
-	else
-	  $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
-	fi
-      fi
-      ;;
-    esac
-  fi
-
-  # Only execute mode is allowed to have -dlopen flags.
-  if test -n "$execute_dlfiles" && test "$mode" != execute; then
-    $echo "$modename: unrecognized option \`-dlopen'" 1>&2
-    $echo "$help" 1>&2
-    exit 1
-  fi
-
-  # Change the help message to a mode-specific one.
-  generic_help="$help"
-  help="Try \`$modename --help --mode=$mode' for more information."
-
-  # These modes are in order of execution frequency so that they run quickly.
-  case $mode in
-  # libtool compile mode
-  compile)
-    modename="$modename: compile"
-    # Get the compilation command and the source file.
-    base_compile=
-    prev=
-    lastarg=
-    srcfile="$nonopt"
-    suppress_output=
-
-    user_target=no
-    for arg
-    do
-      case $prev in
-      "") ;;
-      xcompiler)
-	# Aesthetically quote the previous argument.
-	prev=
-	lastarg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-
-	case $arg in
-	# Double-quote args containing other shell metacharacters.
-	# Many Bourne shells cannot handle close brackets correctly
-	# in scan sets, so we specify it separately.
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-
-	# Add the previous argument to base_compile.
-	if test -z "$base_compile"; then
-	  base_compile="$lastarg"
-	else
-	  base_compile="$base_compile $lastarg"
-	fi
-	continue
-	;;
-      esac
-
-      # Accept any command-line options.
-      case $arg in
-      -o)
-	if test "$user_target" != "no"; then
-	  $echo "$modename: you cannot specify \`-o' more than once" 1>&2
-	  exit 1
-	fi
-	user_target=next
-	;;
-
-      -static)
-	build_old_libs=yes
-	continue
-	;;
-
-      -prefer-pic)
-	pic_mode=yes
-	continue
-	;;
-
-      -prefer-non-pic)
-	pic_mode=no
-	continue
-	;;
-
-      -Xcompiler)
-	prev=xcompiler
-	continue
-	;;
-
-      -Wc,*)
-	args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
-	lastarg=
-	save_ifs="$IFS"; IFS=','
-	for arg in $args; do
-	  IFS="$save_ifs"
-
-	  # Double-quote args containing other shell metacharacters.
-	  # Many Bourne shells cannot handle close brackets correctly
-	  # in scan sets, so we specify it separately.
-	  case $arg in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    arg="\"$arg\""
-	    ;;
-	  esac
-	  lastarg="$lastarg $arg"
-	done
-	IFS="$save_ifs"
-	lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
-
-	# Add the arguments to base_compile.
-	if test -z "$base_compile"; then
-	  base_compile="$lastarg"
-	else
-	  base_compile="$base_compile $lastarg"
-	fi
-	continue
-	;;
-      esac
-
-      case $user_target in
-      next)
-	# The next one is the -o target name
-	user_target=yes
-	continue
-	;;
-      yes)
-	# We got the output file
-	user_target=set
-	libobj="$arg"
-	continue
-	;;
-      esac
-
-      # Accept the current argument as the source file.
-      lastarg="$srcfile"
-      srcfile="$arg"
-
-      # Aesthetically quote the previous argument.
-
-      # Backslashify any backslashes, double quotes, and dollar signs.
-      # These are the only characters that are still specially
-      # interpreted inside of double-quoted scrings.
-      lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
-
-      # Double-quote args containing other shell metacharacters.
-      # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, so we specify it separately.
-      case $lastarg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	lastarg="\"$lastarg\""
-	;;
-      esac
-
-      # Add the previous argument to base_compile.
-      if test -z "$base_compile"; then
-	base_compile="$lastarg"
-      else
-	base_compile="$base_compile $lastarg"
-      fi
-    done
-
-    case $user_target in
-    set)
-      ;;
-    no)
-      # Get the name of the library object.
-      libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
-      ;;
-    *)
-      $echo "$modename: you must specify a target with \`-o'" 1>&2
-      exit 1
-      ;;
-    esac
-
-    # Recognize several different file suffixes.
-    # If the user specifies -o file.o, it is replaced with file.lo
-    xform='[cCFSfmso]'
-    case $libobj in
-    *.ada) xform=ada ;;
-    *.adb) xform=adb ;;
-    *.ads) xform=ads ;;
-    *.asm) xform=asm ;;
-    *.c++) xform=c++ ;;
-    *.cc) xform=cc ;;
-    *.cpp) xform=cpp ;;
-    *.cxx) xform=cxx ;;
-    *.f90) xform=f90 ;;
-    *.for) xform=for ;;
-    esac
-
-    libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
-
-    case $libobj in
-    *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
-    *)
-      $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
-      exit 1
-      ;;
-    esac
-
-    if test -z "$base_compile"; then
-      $echo "$modename: you must specify a compilation command" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    # Delete any leftover library objects.
-    if test "$build_old_libs" = yes; then
-      removelist="$obj $libobj"
-    else
-      removelist="$libobj"
-    fi
-
-    $run $rm $removelist
-    trap "$run $rm $removelist; exit 1" 1 2 15
-
-    # On Cygwin there's no "real" PIC flag so we must build both object types
-    case $host_os in
-    cygwin* | mingw* | pw32* | os2*)
-      pic_mode=default
-      ;;
-    esac
-    if test $pic_mode = no && test "$deplibs_check_method" != pass_all; then
-      # non-PIC code in shared libraries is not supported
-      pic_mode=default
-    fi
-
-    # Calculate the filename of the output object if compiler does
-    # not support -o with -c
-    if test "$compiler_c_o" = no; then
-      output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
-      lockfile="$output_obj.lock"
-      removelist="$removelist $output_obj $lockfile"
-      trap "$run $rm $removelist; exit 1" 1 2 15
-    else
-      need_locks=no
-      lockfile=
-    fi
-
-    # Lock this critical section if it is needed
-    # We use this script file to make the link, it avoids creating a new file
-    if test "$need_locks" = yes; then
-      until $run ln "$0" "$lockfile" 2>/dev/null; do
-	$show "Waiting for $lockfile to be removed"
-	sleep 2
-      done
-    elif test "$need_locks" = warn; then
-      if test -f "$lockfile"; then
-	echo "\
-*** ERROR, $lockfile exists and contains:
-`cat $lockfile 2>/dev/null`
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit 1
-      fi
-      echo $srcfile > "$lockfile"
-    fi
-
-    if test -n "$fix_srcfile_path"; then
-      eval srcfile=\"$fix_srcfile_path\"
-    fi
-
-    # Only build a PIC object if we are building libtool libraries.
-    if test "$build_libtool_libs" = yes; then
-      # Without this assignment, base_compile gets emptied.
-      fbsd_hideous_sh_bug=$base_compile
-
-      if test "$pic_mode" != no; then
-	# All platforms use -DPIC, to notify preprocessed assembler code.
-	command="$base_compile $srcfile $pic_flag -DPIC"
-      else
-	# Don't build PIC code
-	command="$base_compile $srcfile"
-      fi
-      if test "$build_old_libs" = yes; then
-	lo_libobj="$libobj"
-	dir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$dir" = "X$libobj"; then
-	  dir="$objdir"
-	else
-	  dir="$dir/$objdir"
-	fi
-	libobj="$dir/"`$echo "X$libobj" | $Xsed -e 's%^.*/%%'`
-
-	if test -d "$dir"; then
-	  $show "$rm $libobj"
-	  $run $rm $libobj
-	else
-	  $show "$mkdir $dir"
-	  $run $mkdir $dir
-	  status=$?
-	  if test $status -ne 0 && test ! -d $dir; then
-	    exit $status
-	  fi
-	fi
-      fi
-      if test "$compiler_o_lo" = yes; then
-	output_obj="$libobj"
-	command="$command -o $output_obj"
-      elif test "$compiler_c_o" = yes; then
-	output_obj="$obj"
-	command="$command -o $output_obj"
-      fi
-
-      $run $rm "$output_obj"
-      $show "$command"
-      if $run eval "$command"; then :
-      else
-	test -n "$output_obj" && $run $rm $removelist
-	exit 1
-      fi
-
-      if test "$need_locks" = warn &&
-	 test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then
-	echo "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit 1
-      fi
-
-      # Just move the object if needed, then go on to compile the next one
-      if test x"$output_obj" != x"$libobj"; then
-	$show "$mv $output_obj $libobj"
-	if $run $mv $output_obj $libobj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # If we have no pic_flag, then copy the object into place and finish.
-      if (test -z "$pic_flag" || test "$pic_mode" != default) &&
-	 test "$build_old_libs" = yes; then
-	# Rename the .lo from within objdir to obj
-	if test -f $obj; then
-	  $show $rm $obj
-	  $run $rm $obj
-	fi
-
-	$show "$mv $libobj $obj"
-	if $run $mv $libobj $obj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-
-	xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$xdir" = "X$obj"; then
-	  xdir="."
-	else
-	  xdir="$xdir"
-	fi
-	baseobj=`$echo "X$obj" | $Xsed -e "s%.*/%%"`
-	libobj=`$echo "X$baseobj" | $Xsed -e "$o2lo"`
-	# Now arrange that obj and lo_libobj become the same file
-	$show "(cd $xdir && $LN_S $baseobj $libobj)"
-	if $run eval '(cd $xdir && $LN_S $baseobj $libobj)'; then
-	  # Unlock the critical section if it was locked
-	  if test "$need_locks" != no; then
-	    $run $rm "$lockfile"
-	  fi
-	  exit 0
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # Allow error messages only from the first compilation.
-      suppress_output=' >/dev/null 2>&1'
-    fi
-
-    # Only build a position-dependent object if we build old libraries.
-    if test "$build_old_libs" = yes; then
-      if test "$pic_mode" != yes; then
-	# Don't build PIC code
-	command="$base_compile $srcfile"
-      else
-	# All platforms use -DPIC, to notify preprocessed assembler code.
-	command="$base_compile $srcfile $pic_flag -DPIC"
-      fi
-      if test "$compiler_c_o" = yes; then
-	command="$command -o $obj"
-	output_obj="$obj"
-      fi
-
-      # Suppress compiler output if we already did a PIC compilation.
-      command="$command$suppress_output"
-      $run $rm "$output_obj"
-      $show "$command"
-      if $run eval "$command"; then :
-      else
-	$run $rm $removelist
-	exit 1
-      fi
-
-      if test "$need_locks" = warn &&
-	 test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then
-	echo "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit 1
-      fi
-
-      # Just move the object if needed
-      if test x"$output_obj" != x"$obj"; then
-	$show "$mv $output_obj $obj"
-	if $run $mv $output_obj $obj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # Create an invalid libtool object if no PIC, so that we do not
-      # accidentally link it into a program.
-      if test "$build_libtool_libs" != yes; then
-	$show "echo timestamp > $libobj"
-	$run eval "echo timestamp > \$libobj" || exit $?
-      else
-	# Move the .lo from within objdir
-	$show "$mv $libobj $lo_libobj"
-	if $run $mv $libobj $lo_libobj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-    fi
-
-    # Unlock the critical section if it was locked
-    if test "$need_locks" != no; then
-      $run $rm "$lockfile"
-    fi
-
-    exit 0
-    ;;
-
-  # libtool link mode
-  link | relink)
-    modename="$modename: link"
-    case $host in
-    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-      # It is impossible to link a dll without this setting, and
-      # we shouldn't force the makefile maintainer to figure out
-      # which system we are compiling for in order to pass an extra
-      # flag for every libtool invokation.
-      # allow_undefined=no
-
-      # FIXME: Unfortunately, there are problems with the above when trying
-      # to make a dll which has undefined symbols, in which case not
-      # even a static library is built.  For now, we need to specify
-      # -no-undefined on the libtool link line when we can be certain
-      # that all symbols are satisfied, otherwise we get a static library.
-      allow_undefined=yes
-      ;;
-    *)
-      allow_undefined=yes
-      ;;
-    esac
-    libtool_args="$nonopt"
-    compile_command="$nonopt"
-    finalize_command="$nonopt"
-
-    compile_rpath=
-    finalize_rpath=
-    compile_shlibpath=
-    finalize_shlibpath=
-    convenience=
-    old_convenience=
-    deplibs=
-    old_deplibs=
-    compiler_flags=
-    linker_flags=
-    dllsearchpath=
-    lib_search_path=`pwd`
-
-    avoid_version=no
-    dlfiles=
-    dlprefiles=
-    dlself=no
-    export_dynamic=no
-    export_symbols=
-    export_symbols_regex=
-    generated=
-    libobjs=
-    ltlibs=
-    module=no
-    no_install=no
-    objs=
-    prefer_static_libs=no
-    preload=no
-    prev=
-    prevarg=
-    release=
-    rpath=
-    xrpath=
-    perm_rpath=
-    temp_rpath=
-    thread_safe=no
-    vinfo=
-
-    # We need to know -static, to get the right output filenames.
-    for arg
-    do
-      case $arg in
-      -all-static | -static)
-	if test "X$arg" = "X-all-static"; then
-	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
-	    $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
-	  fi
-	  if test -n "$link_static_flag"; then
-	    dlopen_self=$dlopen_self_static
-	  fi
-	else
-	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
-	    dlopen_self=$dlopen_self_static
-	  fi
-	fi
-	build_libtool_libs=no
-	build_old_libs=yes
-	prefer_static_libs=yes
-	break
-	;;
-      esac
-    done
-
-    # See if our shared archives depend on static archives.
-    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
-
-    # Go through the arguments, transforming them on the way.
-    while test $# -gt 0; do
-      arg="$1"
-      shift
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
-	;;
-      *) qarg=$arg ;;
-      esac
-      libtool_args="$libtool_args $qarg"
-
-      # If the previous option needs an argument, assign it.
-      if test -n "$prev"; then
-	case $prev in
-	output)
-	  compile_command="$compile_command @OUTPUT@"
-	  finalize_command="$finalize_command @OUTPUT@"
-	  ;;
-	esac
-
-	case $prev in
-	dlfiles|dlprefiles)
-	  if test "$preload" = no; then
-	    # Add the symbol object into the linking commands.
-	    compile_command="$compile_command @SYMFILE@"
-	    finalize_command="$finalize_command @SYMFILE@"
-	    preload=yes
-	  fi
-	  case $arg in
-	  *.la | *.lo) ;;  # We handle these cases below.
-	  force)
-	    if test "$dlself" = no; then
-	      dlself=needless
-	      export_dynamic=yes
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  self)
-	    if test "$prev" = dlprefiles; then
-	      dlself=yes
-	    elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
-	      dlself=yes
-	    else
-	      dlself=needless
-	      export_dynamic=yes
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  *)
-	    if test "$prev" = dlfiles; then
-	      dlfiles="$dlfiles $arg"
-	    else
-	      dlprefiles="$dlprefiles $arg"
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  esac
-	  ;;
-	expsyms)
-	  export_symbols="$arg"
-	  if test ! -f "$arg"; then
-	    $echo "$modename: symbol file \`$arg' does not exist"
-	    exit 1
-	  fi
-	  prev=
-	  continue
-	  ;;
-	expsyms_regex)
-	  export_symbols_regex="$arg"
-	  prev=
-	  continue
-	  ;;
-	release)
-	  release="-$arg"
-	  prev=
-	  continue
-	  ;;
-	rpath | xrpath)
-	  # We need an absolute path.
-	  case $arg in
-	  [\\/]* | [A-Za-z]:[\\/]*) ;;
-	  *)
-	    $echo "$modename: only absolute run-paths are allowed" 1>&2
-	    exit 1
-	    ;;
-	  esac
-	  if test "$prev" = rpath; then
-	    case "$rpath " in
-	    *" $arg "*) ;;
-	    *) rpath="$rpath $arg" ;;
-	    esac
-	  else
-	    case "$xrpath " in
-	    *" $arg "*) ;;
-	    *) xrpath="$xrpath $arg" ;;
-	    esac
-	  fi
-	  prev=
-	  continue
-	  ;;
-	xcompiler)
-	  compiler_flags="$compiler_flags $qarg"
-	  prev=
-	  compile_command="$compile_command $qarg"
-	  finalize_command="$finalize_command $qarg"
-	  continue
-	  ;;
-	xlinker)
-	  linker_flags="$linker_flags $qarg"
-	  compiler_flags="$compiler_flags $wl$qarg"
-	  prev=
-	  compile_command="$compile_command $wl$qarg"
-	  finalize_command="$finalize_command $wl$qarg"
-	  continue
-	  ;;
-	*)
-	  eval "$prev=\"\$arg\""
-	  prev=
-	  continue
-	  ;;
-	esac
-      fi # test -n $prev
-
-      prevarg="$arg"
-
-      case $arg in
-      -all-static)
-	if test -n "$link_static_flag"; then
-	  compile_command="$compile_command $link_static_flag"
-	  finalize_command="$finalize_command $link_static_flag"
-	fi
-	continue
-	;;
-
-      -allow-undefined)
-	# FIXME: remove this flag sometime in the future.
-	$echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
-	continue
-	;;
-
-      -avoid-version)
-	avoid_version=yes
-	continue
-	;;
-
-      -dlopen)
-	prev=dlfiles
-	continue
-	;;
-
-      -dlpreopen)
-	prev=dlprefiles
-	continue
-	;;
-
-      -export-dynamic)
-	export_dynamic=yes
-	continue
-	;;
-
-      -export-symbols | -export-symbols-regex)
-	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
-	  $echo "$modename: more than one -exported-symbols argument is not allowed"
-	  exit 1
-	fi
-	if test "X$arg" = "X-export-symbols"; then
-	  prev=expsyms
-	else
-	  prev=expsyms_regex
-	fi
-	continue
-	;;
-
-      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
-      # so, if we see these flags be careful not to treat them like -L
-      -L[A-Z][A-Z]*:*)
-	case $with_gcc/$host in
-	no/*-*-irix*)
-	  compile_command="$compile_command $arg"
-	  finalize_command="$finalize_command $arg"
-	  ;;
-	esac
-	continue
-	;;
-
-      -L*)
-	dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
-	# We need an absolute path.
-	case $dir in
-	[\\/]* | [A-Za-z]:[\\/]*) ;;
-	*)
-	  absdir=`cd "$dir" && pwd`
-	  if test -z "$absdir"; then
-	    $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
-	    exit 1
-	  fi
-	  dir="$absdir"
-	  ;;
-	esac
-	case "$deplibs " in
-	*" -L$dir "*) ;;
-	*)
-	  deplibs="$deplibs -L$dir"
-	  lib_search_path="$lib_search_path $dir"
-	  ;;
-	esac
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  case :$dllsearchpath: in
-	  *":$dir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$dir";;
-	  esac
-	  ;;
-	esac
-	continue
-	;;
-
-      -l*)
-	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
-	  case $host in
-	  *-*-cygwin* | *-*-pw32* | *-*-beos*)
-	    # These systems don't actually have a C or math library (as such)
-	    continue
-	    ;;
-	  *-*-mingw* | *-*-os2*)
-	    # These systems don't actually have a C library (as such)
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  *-*-openbsd*)
-	    # Do not include libc due to us having libc/libc_r.
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  esac
-	 elif test "X$arg" = "X-lc_r"; then
-	  case $host in
-	  *-*-openbsd*)
-	    # Do not include libc_r directly, use -pthread flag.
-	    continue
-	    ;;
-	  esac
-	fi
-	deplibs="$deplibs $arg"
-	continue
-	;;
-
-      -module)
-	module=yes
-	continue
-	;;
-
-      -no-fast-install)
-	fast_install=no
-	continue
-	;;
-
-      -no-install)
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  # The PATH hackery in wrapper scripts is required on Windows
-	  # in order for the loader to find any dlls it needs.
-	  $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
-	  $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
-	  fast_install=no
-	  ;;
-	*) no_install=yes ;;
-	esac
-	continue
-	;;
-
-      -no-undefined)
-	allow_undefined=no
-	continue
-	;;
-
-      -o) prev=output ;;
-
-      -release)
-	prev=release
-	continue
-	;;
-
-      -rpath)
-	prev=rpath
-	continue
-	;;
-
-      -R)
-	prev=xrpath
-	continue
-	;;
-
-      -R*)
-	dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
-	# We need an absolute path.
-	case $dir in
-	[\\/]* | [A-Za-z]:[\\/]*) ;;
-	*)
-	  $echo "$modename: only absolute run-paths are allowed" 1>&2
-	  exit 1
-	  ;;
-	esac
-	case "$xrpath " in
-	*" $dir "*) ;;
-	*) xrpath="$xrpath $dir" ;;
-	esac
-	continue
-	;;
-
-      -static)
-	# The effects of -static are defined in a previous loop.
-	# We used to do the same as -all-static on platforms that
-	# didn't have a PIC flag, but the assumption that the effects
-	# would be equivalent was wrong.  It would break on at least
-	# Digital Unix and AIX.
-	continue
-	;;
-
-      -thread-safe)
-	thread_safe=yes
-	continue
-	;;
-
-      -version-info)
-	prev=vinfo
-	continue
-	;;
-
-      -Wc,*)
-	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
-	arg=
-	save_ifs="$IFS"; IFS=','
-	for flag in $args; do
-	  IFS="$save_ifs"
-	  case $flag in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    flag="\"$flag\""
-	    ;;
-	  esac
-	  arg="$arg $wl$flag"
-	  compiler_flags="$compiler_flags $flag"
-	done
-	IFS="$save_ifs"
-	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
-	;;
-
-      -Wl,*)
-	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
-	arg=
-	save_ifs="$IFS"; IFS=','
-	for flag in $args; do
-	  IFS="$save_ifs"
-	  case $flag in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    flag="\"$flag\""
-	    ;;
-	  esac
-	  arg="$arg $wl$flag"
-	  compiler_flags="$compiler_flags $wl$flag"
-	  linker_flags="$linker_flags $flag"
-	done
-	IFS="$save_ifs"
-	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
-	;;
-
-      -Xcompiler)
-	prev=xcompiler
-	continue
-	;;
-
-      -Xlinker)
-	prev=xlinker
-	continue
-	;;
-
-      # Some other compiler flag.
-      -* | +*)
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	;;
-
-      *.lo | *.$objext)
-	# A library or standard object.
-	if test "$prev" = dlfiles; then
-	  # This file was specified with -dlopen.
-	  if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
-	    dlfiles="$dlfiles $arg"
-	    prev=
-	    continue
-	  else
-	    # If libtool objects are unsupported, then we need to preload.
-	    prev=dlprefiles
-	  fi
-	fi
-
-	if test "$prev" = dlprefiles; then
-	  # Preload the old-style object.
-	  dlprefiles="$dlprefiles "`$echo "X$arg" | $Xsed -e "$lo2o"`
-	  prev=
-	else
-	  case $arg in
-	  *.lo) libobjs="$libobjs $arg" ;;
-	  *) objs="$objs $arg" ;;
-	  esac
-	fi
-	;;
-
-      *.$libext)
-	# An archive.
-	deplibs="$deplibs $arg"
-	old_deplibs="$old_deplibs $arg"
-	continue
-	;;
-
-      *.la)
-	# A libtool-controlled library.
-
-	if test "$prev" = dlfiles; then
-	  # This library was specified with -dlopen.
-	  dlfiles="$dlfiles $arg"
-	  prev=
-	elif test "$prev" = dlprefiles; then
-	  # The library was specified with -dlpreopen.
-	  dlprefiles="$dlprefiles $arg"
-	  prev=
-	else
-	  deplibs="$deplibs $arg"
-	fi
-	continue
-	;;
-
-      # Some other compiler argument.
-      *)
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	;;
-      esac # arg
-
-      # Now actually substitute the argument into the commands.
-      if test -n "$arg"; then
-	compile_command="$compile_command $arg"
-	finalize_command="$finalize_command $arg"
-      fi
-    done # argument parsing loop
-
-    if test -n "$prev"; then
-      $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
-      eval arg=\"$export_dynamic_flag_spec\"
-      compile_command="$compile_command $arg"
-      finalize_command="$finalize_command $arg"
-    fi
-
-    # calculate the name of the file, without its directory
-    outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
-    libobjs_save="$libobjs"
-
-    if test -n "$shlibpath_var"; then
-      # get the directories listed in $shlibpath_var
-      eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
-    else
-      shlib_search_path=
-    fi
-    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
-    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
-
-    output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
-    if test "X$output_objdir" = "X$output"; then
-      output_objdir="$objdir"
-    else
-      output_objdir="$output_objdir/$objdir"
-    fi
-    # Create the object directory.
-    if test ! -d $output_objdir; then
-      $show "$mkdir $output_objdir"
-      $run $mkdir $output_objdir
-      status=$?
-      if test $status -ne 0 && test ! -d $output_objdir; then
-	exit $status
-      fi
-    fi
-
-    # Determine the type of output
-    case $output in
-    "")
-      $echo "$modename: you must specify an output file" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-      ;;
-    *.$libext) linkmode=oldlib ;;
-    *.lo | *.$objext) linkmode=obj ;;
-    *.la) linkmode=lib ;;
-    *) linkmode=prog ;; # Anything else should be a program.
-    esac
-
-    specialdeplibs=
-    libs=
-    # Find all interdependent deplibs by searching for libraries
-    # that are linked more than once (e.g. -la -lb -la)
-    for deplib in $deplibs; do
-      case "$libs " in
-      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-      esac
-      libs="$libs $deplib"
-    done
-    deplibs=
-    newdependency_libs=
-    newlib_search_path=
-    need_relink=no # whether we're linking any uninstalled libtool libraries
-    notinst_deplibs= # not-installed libtool libraries
-    notinst_path= # paths that contain not-installed libtool libraries
-    case $linkmode in
-    lib)
-	passes="conv link"
-	for file in $dlfiles $dlprefiles; do
-	  case $file in
-	  *.la) ;;
-	  *)
-	    $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
-	    exit 1
-	    ;;
-	  esac
-	done
-	;;
-    prog)
-	compile_deplibs=
-	finalize_deplibs=
-	alldeplibs=no
-	newdlfiles=
-	newdlprefiles=
-	passes="conv scan dlopen dlpreopen link"
-	;;
-    *)  passes="conv"
-	;;
-    esac
-    for pass in $passes; do
-      if test $linkmode = prog; then
-	# Determine which files to process
-	case $pass in
-	dlopen)
-	  libs="$dlfiles"
-	  save_deplibs="$deplibs" # Collect dlpreopened libraries
-	  deplibs=
-	  ;;
-	dlpreopen) libs="$dlprefiles" ;;
-	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
-	esac
-      fi
-      for deplib in $libs; do
-	lib=
-	found=no
-	case $deplib in
-	-l*)
-	  if test $linkmode = oldlib && test $linkmode = obj; then
-	    $echo "$modename: warning: \`-l' is ignored for archives/objects: $deplib" 1>&2
-	    continue
-	  fi
-	  if test $pass = conv; then
-	    deplibs="$deplib $deplibs"
-	    continue
-	  fi
-	  name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
-	  for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
-	    # Search the libtool library
-	    lib="$searchdir/lib${name}.la"
-	    if test -f "$lib"; then
-	      found=yes
-	      break
-	    fi
-	  done
-	  if test "$found" != yes; then
-	    # deplib doesn't seem to be a libtool library
-	    if test "$linkmode,$pass" = "prog,link"; then
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    else
-	      deplibs="$deplib $deplibs"
-	      test $linkmode = lib && newdependency_libs="$deplib $newdependency_libs"
-	    fi
-	    continue
-	  fi
-	  ;; # -l
-	-L*)
-	  case $linkmode in
-	  lib)
-	    deplibs="$deplib $deplibs"
-	    test $pass = conv && continue
-	    newdependency_libs="$deplib $newdependency_libs"
-	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
-	    ;;
-	  prog)
-	    if test $pass = conv; then
-	      deplibs="$deplib $deplibs"
-	      continue
-	    fi
-	    if test $pass = scan; then
-	      deplibs="$deplib $deplibs"
-	      newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
-	    else
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    fi
-	    ;;
-	  *)
-	    $echo "$modename: warning: \`-L' is ignored for archives/objects: $deplib" 1>&2
-	    ;;
-	  esac # linkmode
-	  continue
-	  ;; # -L
-	-R*)
-	  if test $pass = link; then
-	    dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
-	    # Make sure the xrpath contains only unique directories.
-	    case "$xrpath " in
-	    *" $dir "*) ;;
-	    *) xrpath="$xrpath $dir" ;;
-	    esac
-	  fi
-	  deplibs="$deplib $deplibs"
-	  continue
-	  ;;
-	*.la) lib="$deplib" ;;
-	*.$libext)
-	  if test $pass = conv; then
-	    deplibs="$deplib $deplibs"
-	    continue
-	  fi
-	  case $linkmode in
-	  lib)
-	    if test "$deplibs_check_method" != pass_all; then
-	      echo
-	      echo "*** Warning: This library needs some functionality provided by $deplib."
-	      echo "*** I have the capability to make that library automatically link in when"
-	      echo "*** you link to this library.  But I can only do this if you have a"
-	      echo "*** shared version of the library, which you do not appear to have."
-	    else
-	      echo
-	      echo "*** Warning: Linking the shared library $output against the"
-	      echo "*** static library $deplib is not portable!"
-	      deplibs="$deplib $deplibs"
-	    fi
-	    continue
-	    ;;
-	  prog)
-	    if test $pass != link; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    fi
-	    continue
-	    ;;
-	  esac # linkmode
-	  ;; # *.$libext
-	*.lo | *.$objext)
-	  if test $pass = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
-	    # If there is no dlopen support or we're linking statically,
-	    # we need to preload.
-	    newdlprefiles="$newdlprefiles $deplib"
-	    compile_deplibs="$deplib $compile_deplibs"
-	    finalize_deplibs="$deplib $finalize_deplibs"
-	  else
-	    newdlfiles="$newdlfiles $deplib"
-	  fi
-	  continue
-	  ;;
-	%DEPLIBS%)
-	  alldeplibs=yes
-	  continue
-	  ;;
-	esac # case $deplib
-	if test $found = yes || test -f "$lib"; then :
-	else
-	  $echo "$modename: cannot find the library \`$lib'" 1>&2
-	  exit 1
-	fi
-
-	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $lib | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  exit 1
-	fi
-
-	ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$ladir" = "X$lib" && ladir="."
-
-	dlname=
-	dlopen=
-	dlpreopen=
-	libdir=
-	library_names=
-	old_library=
-	# If the library was installed with an old release of libtool,
-	# it will not redefine variable installed.
-	installed=yes
-
-	# Read the .la file
-	case $lib in
-	*/* | *\\*) . $lib ;;
-	*) . ./$lib ;;
-	esac
-
-	if test "$linkmode,$pass" = "lib,link" ||
-	   test "$linkmode,$pass" = "prog,scan" ||
-	   { test $linkmode = oldlib && test $linkmode = obj; }; then
-	   # Add dl[pre]opened files of deplib
-	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
-	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
-	fi
-
-	if test $pass = conv; then
-	  # Only check for convenience libraries
-	  deplibs="$lib $deplibs"
-	  if test -z "$libdir"; then
-	    if test -z "$old_library"; then
-	      $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	      exit 1
-	    fi
-	    # It is a libtool convenience library, so add in its objects.
-	    convenience="$convenience $ladir/$objdir/$old_library"
-	    old_convenience="$old_convenience $ladir/$objdir/$old_library"
-	    tmp_libs=
-	    for deplib in $dependency_libs; do
-	      deplibs="$deplib $deplibs"
-	      case "$tmp_libs " in
-	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	      esac
-	      tmp_libs="$tmp_libs $deplib"
-	    done
-	  elif test $linkmode != prog && test $linkmode != lib; then
-	    $echo "$modename: \`$lib' is not a convenience library" 1>&2
-	    exit 1
-	  fi
-	  continue
-	fi # $pass = conv
-
-	# Get the name of the library we link against.
-	linklib=
-	for l in $old_library $library_names; do
-	  linklib="$l"
-	done
-	if test -z "$linklib"; then
-	  $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	  exit 1
-	fi
-
-	# This library was specified with -dlopen.
-	if test $pass = dlopen; then
-	  if test -z "$libdir"; then
-	    $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
-	    exit 1
-	  fi
-	  if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
-	    # If there is no dlname, no dlopen support or we're linking
-	    # statically, we need to preload.
-	    dlprefiles="$dlprefiles $lib"
-	  else
-	    newdlfiles="$newdlfiles $lib"
-	  fi
-	  continue
-	fi # $pass = dlopen
-
-	# We need an absolute path.
-	case $ladir in
-	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
-	*)
-	  abs_ladir=`cd "$ladir" && pwd`
-	  if test -z "$abs_ladir"; then
-	    $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
-	    $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
-	    abs_ladir="$ladir"
-	  fi
-	  ;;
-	esac
-	laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-
-	# Find the relevant object directory and library name.
-	if test "X$installed" = Xyes; then
-	  if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
-	    $echo "$modename: warning: library \`$lib' was moved." 1>&2
-	    dir="$ladir"
-	    absdir="$abs_ladir"
-	    libdir="$abs_ladir"
-	  else
-	    dir="$libdir"
-	    absdir="$libdir"
-	  fi
-	else
-	  dir="$ladir/$objdir"
-	  absdir="$abs_ladir/$objdir"
-	  # Remove this search path later
-	  notinst_path="$notinst_path $abs_ladir"
-	fi # $installed = yes
-	name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
-
-	# This library was specified with -dlpreopen.
-	if test $pass = dlpreopen; then
-	  if test -z "$libdir"; then
-	    $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
-	    exit 1
-	  fi
-	  # Prefer using a static library (so that no silly _DYNAMIC symbols
-	  # are required to link).
-	  if test -n "$old_library"; then
-	    newdlprefiles="$newdlprefiles $dir/$old_library"
-	  # Otherwise, use the dlname, so that lt_dlopen finds it.
-	  elif test -n "$dlname"; then
-	    newdlprefiles="$newdlprefiles $dir/$dlname"
-	  else
-	    newdlprefiles="$newdlprefiles $dir/$linklib"
-	  fi
-	fi # $pass = dlpreopen
-
-	if test -z "$libdir"; then
-	  # Link the convenience library
-	  if test $linkmode = lib; then
-	    deplibs="$dir/$old_library $deplibs"
-	  elif test "$linkmode,$pass" = "prog,link"; then
-	    compile_deplibs="$dir/$old_library $compile_deplibs"
-	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
-	  else
-	    deplibs="$lib $deplibs"
-	  fi
-	  continue
-	fi
-
-	if test $linkmode = prog && test $pass != link; then
-	  newlib_search_path="$newlib_search_path $ladir"
-	  deplibs="$lib $deplibs"
-
-	  linkalldeplibs=no
-	  if test "$link_all_deplibs" != no || test -z "$library_names" ||
-	     test "$build_libtool_libs" = no; then
-	    linkalldeplibs=yes
-	  fi
-
-	  tmp_libs=
-	  for deplib in $dependency_libs; do
-	    case $deplib in
-	    -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
-	    esac
-	    # Need to link against all dependency_libs?
-	    if test $linkalldeplibs = yes; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      # Need to hardcode shared library paths
-	      # or/and link against static libraries
-	      newdependency_libs="$deplib $newdependency_libs"
-	    fi
-	    case "$tmp_libs " in
-	    *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	    esac
-	    tmp_libs="$tmp_libs $deplib"
-	  done # for deplib
-	  continue
-	fi # $linkmode = prog...
-
-	link_static=no # Whether the deplib will be linked statically
-	if test -n "$library_names" &&
-	   { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
-	  # Link against this shared library
-
-	  if test "$linkmode,$pass" = "prog,link" ||
-	   { test $linkmode = lib && test $hardcode_into_libs = yes; }; then
-	    # Hardcode the library path.
-	    # Skip directories that are in the system default run-time
-	    # search path.
-	    case " $sys_lib_dlsearch_path " in
-	    *" $absdir "*) ;;
-	    *)
-	      case "$compile_rpath " in
-	      *" $absdir "*) ;;
-	      *) compile_rpath="$compile_rpath $absdir"
-	      esac
-	      ;;
-	    esac
-	    case " $sys_lib_dlsearch_path " in
-	    *" $libdir "*) ;;
-	    *)
-	      case "$finalize_rpath " in
-	      *" $libdir "*) ;;
-	      *) finalize_rpath="$finalize_rpath $libdir"
-	      esac
-	      ;;
-	    esac
-	    if test $linkmode = prog; then
-	      # We need to hardcode the library path
-	      if test -n "$shlibpath_var"; then
-		# Make sure the rpath contains only unique directories.
-		case "$temp_rpath " in
-		*" $dir "*) ;;
-		*" $absdir "*) ;;
-		*) temp_rpath="$temp_rpath $dir" ;;
-		esac
-	      fi
-	    fi
-	  fi # $linkmode,$pass = prog,link...
-
-	  if test "$alldeplibs" = yes &&
-	     { test "$deplibs_check_method" = pass_all ||
-	       { test "$build_libtool_libs" = yes &&
-		 test -n "$library_names"; }; }; then
-	    # We only need to search for static libraries
-	    continue
-	  fi
-
-	  if test "$installed" = no; then
-	    notinst_deplibs="$notinst_deplibs $lib"
-	    need_relink=yes
-	  fi
-
-	  if test -n "$old_archive_from_expsyms_cmds"; then
-	    # figure out the soname
-	    set dummy $library_names
-	    realname="$2"
-	    shift; shift
-	    libname=`eval \\$echo \"$libname_spec\"`
-	    # use dlname if we got it. it's perfectly good, no?
-	    if test -n "$dlname"; then
-	      soname="$dlname"
-	    elif test -n "$soname_spec"; then
-	      # bleh windows
-	      case $host in
-	      *cygwin*)
-		major=`expr $current - $age`
-		versuffix="-$major"
-		;;
-	      esac
-	      eval soname=\"$soname_spec\"
-	    else
-	      soname="$realname"
-	    fi
-
-	    # Make a new name for the extract_expsyms_cmds to use
-	    soroot="$soname"
-	    soname=`echo $soroot | sed -e 's/^.*\///'`
-	    newlib="libimp-`echo $soname | sed 's/^lib//;s/\.dll$//'`.a"
-
-	    # If the library has no export list, then create one now
-	    if test -f "$output_objdir/$soname-def"; then :
-	    else
-	      $show "extracting exported symbol list from \`$soname'"
-	      save_ifs="$IFS"; IFS='~'
-	      eval cmds=\"$extract_expsyms_cmds\"
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd" || exit $?
-	      done
-	      IFS="$save_ifs"
-	    fi
-
-	    # Create $newlib
-	    if test -f "$output_objdir/$newlib"; then :; else
-	      $show "generating import library for \`$soname'"
-	      save_ifs="$IFS"; IFS='~'
-	      eval cmds=\"$old_archive_from_expsyms_cmds\"
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd" || exit $?
-	      done
-	      IFS="$save_ifs"
-	    fi
-	    # make sure the library variables are pointing to the new library
-	    dir=$output_objdir
-	    linklib=$newlib
-	  fi # test -n $old_archive_from_expsyms_cmds
-
-	  if test $linkmode = prog || test "$mode" != relink; then
-	    add_shlibpath=
-	    add_dir=
-	    add=
-	    lib_linked=yes
-	    case $hardcode_action in
-	    immediate | unsupported)
-	      if test "$hardcode_direct" = no; then
-		add="$dir/$linklib"
-	      elif test "$hardcode_minus_L" = no; then
-		case $host in
-		*-*-sunos*) add_shlibpath="$dir" ;;
-		esac
-		add_dir="-L$dir"
-		add="-l$name"
-	      elif test "$hardcode_shlibpath_var" = no; then
-		add_shlibpath="$dir"
-		add="-l$name"
-	      else
-		lib_linked=no
-	      fi
-	      ;;
-	    relink)
-	      if test "$hardcode_direct" = yes; then
-		add="$dir/$linklib"
-	      elif test "$hardcode_minus_L" = yes; then
-		add_dir="-L$dir"
-		add="-l$name"
-	      elif test "$hardcode_shlibpath_var" = yes; then
-		add_shlibpath="$dir"
-		add="-l$name"
-	      else
-		lib_linked=no
-	      fi
-	      ;;
-	    *) lib_linked=no ;;
-	    esac
-
-	    if test "$lib_linked" != yes; then
-	      $echo "$modename: configuration error: unsupported hardcode properties"
-	      exit 1
-	    fi
-
-	    if test -n "$add_shlibpath"; then
-	      case :$compile_shlibpath: in
-	      *":$add_shlibpath:"*) ;;
-	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
-	      esac
-	    fi
-	    if test $linkmode = prog; then
-	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
-	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
-	    else
-	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
-	      test -n "$add" && deplibs="$add $deplibs"
-	      if test "$hardcode_direct" != yes && \
-		 test "$hardcode_minus_L" != yes && \
-		 test "$hardcode_shlibpath_var" = yes; then
-		case :$finalize_shlibpath: in
-		*":$libdir:"*) ;;
-		*) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
-		esac
-	      fi
-	    fi
-	  fi
-
-	  if test $linkmode = prog || test "$mode" = relink; then
-	    add_shlibpath=
-	    add_dir=
-	    add=
-	    # Finalize command for both is simple: just hardcode it.
-	    if test "$hardcode_direct" = yes; then
-	      add="$libdir/$linklib"
-	    elif test "$hardcode_minus_L" = yes; then
-	      add_dir="-L$libdir"
-	      add="-l$name"
-	    elif test "$hardcode_shlibpath_var" = yes; then
-	      case :$finalize_shlibpath: in
-	      *":$libdir:"*) ;;
-	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
-	      esac
-	      add="-l$name"
-	    else
-	      # We cannot seem to hardcode it, guess we'll fake it.
-	      add_dir="-L$libdir"
-	      add="-l$name"
-	    fi
-
-	    if test $linkmode = prog; then
-	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
-	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
-	    else
-	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
-	      test -n "$add" && deplibs="$add $deplibs"
-	    fi
-	  fi
-	elif test $linkmode = prog; then
-	  if test "$alldeplibs" = yes &&
-	     { test "$deplibs_check_method" = pass_all ||
-	       { test "$build_libtool_libs" = yes &&
-		 test -n "$library_names"; }; }; then
-	    # We only need to search for static libraries
-	    continue
-	  fi
-
-	  # Try to link the static library
-	  # Here we assume that one of hardcode_direct or hardcode_minus_L
-	  # is not unsupported.  This is valid on all known static and
-	  # shared platforms.
-	  if test "$hardcode_direct" != unsupported; then
-	    test -n "$old_library" && linklib="$old_library"
-	    compile_deplibs="$dir/$linklib $compile_deplibs"
-	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
-	  else
-	    compile_deplibs="-l$name -L$dir $compile_deplibs"
-	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
-	  fi
-	elif test "$build_libtool_libs" = yes; then
-	  # Not a shared library
-	  if test "$deplibs_check_method" != pass_all; then
-	    # We're trying link a shared library against a static one
-	    # but the system doesn't support it.
-
-	    # Just print a warning and add the library to dependency_libs so
-	    # that the program can be linked against the static library.
-	    echo
-	    echo "*** Warning: This library needs some functionality provided by $lib."
-	    echo "*** I have the capability to make that library automatically link in when"
-	    echo "*** you link to this library.  But I can only do this if you have a"
-	    echo "*** shared version of the library, which you do not appear to have."
-	    if test "$module" = yes; then
-	      echo "*** Therefore, libtool will create a static module, that should work "
-	      echo "*** as long as the dlopening application is linked with the -dlopen flag."
-	      if test -z "$global_symbol_pipe"; then
-		echo
-		echo "*** However, this would only work if libtool was able to extract symbol"
-		echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-		echo "*** not find such a program.  So, this module is probably useless."
-		echo "*** \`nm' from GNU binutils and a full rebuild may help."
-	      fi
-	      if test "$build_old_libs" = no; then
-		build_libtool_libs=module
-		build_old_libs=yes
-	      else
-		build_libtool_libs=no
-	      fi
-	    fi
-	  else
-	    convenience="$convenience $dir/$old_library"
-	    old_convenience="$old_convenience $dir/$old_library"
-	    deplibs="$dir/$old_library $deplibs"
-	    link_static=yes
-	  fi
-	fi # link shared/static library?
-
-	if test $linkmode = lib; then
-	  if test -n "$dependency_libs" &&
-	     { test $hardcode_into_libs != yes || test $build_old_libs = yes ||
-	       test $link_static = yes; }; then
-	    # Extract -R from dependency_libs
-	    temp_deplibs=
-	    for libdir in $dependency_libs; do
-	      case $libdir in
-	      -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
-		   case " $xrpath " in
-		   *" $temp_xrpath "*) ;;
-		   *) xrpath="$xrpath $temp_xrpath";;
-		   esac;;
-	      *) temp_deplibs="$temp_deplibs $libdir";;
-	      esac
-	    done
-	    dependency_libs="$temp_deplibs"
-	  fi
-
-	  newlib_search_path="$newlib_search_path $absdir"
-	  # Link against this library
-	  test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
-	  # ... and its dependency_libs
-	  tmp_libs=
-	  for deplib in $dependency_libs; do
-	    newdependency_libs="$deplib $newdependency_libs"
-	    case "$tmp_libs " in
-	    *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	    esac
-	    tmp_libs="$tmp_libs $deplib"
-	  done
-
-	  if test $link_all_deplibs != no; then
-	    # Add the search paths of all dependency libraries
-	    for deplib in $dependency_libs; do
-	      case $deplib in
-	      -L*) path="$deplib" ;;
-	      *.la)
-		dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
-		test "X$dir" = "X$deplib" && dir="."
-		# We need an absolute path.
-		case $dir in
-		[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
-		*)
-		  absdir=`cd "$dir" && pwd`
-		  if test -z "$absdir"; then
-		    $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
-		    absdir="$dir"
-		  fi
-		  ;;
-		esac
-		if grep "^installed=no" $deplib > /dev/null; then
-		  path="-L$absdir/$objdir"
-		else
-		  eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
-		  if test -z "$libdir"; then
-		    $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		    exit 1
-		  fi
-		  if test "$absdir" != "$libdir"; then
-		    $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
-		  fi
-		  path="-L$absdir"
-		fi
-		;;
-	      *) continue ;;
-	      esac
-	      case " $deplibs " in
-	      *" $path "*) ;;
-	      *) deplibs="$deplibs $path" ;;
-	      esac
-	    done
-	  fi # link_all_deplibs != no
-	fi # linkmode = lib
-      done # for deplib in $libs
-      if test $pass = dlpreopen; then
-	# Link the dlpreopened libraries before other libraries
-	for deplib in $save_deplibs; do
-	  deplibs="$deplib $deplibs"
-	done
-      fi
-      if test $pass != dlopen; then
-	test $pass != scan && dependency_libs="$newdependency_libs"
-	if test $pass != conv; then
-	  # Make sure lib_search_path contains only unique directories.
-	  lib_search_path=
-	  for dir in $newlib_search_path; do
-	    case "$lib_search_path " in
-	    *" $dir "*) ;;
-	    *) lib_search_path="$lib_search_path $dir" ;;
-	    esac
-	  done
-	  newlib_search_path=
-	fi
-
-	if test "$linkmode,$pass" != "prog,link"; then
-	  vars="deplibs"
-	else
-	  vars="compile_deplibs finalize_deplibs"
-	fi
-	for var in $vars dependency_libs; do
-	  # Add libraries to $var in reverse order
-	  eval tmp_libs=\"\$$var\"
-	  new_libs=
-	  for deplib in $tmp_libs; do
-	    case $deplib in
-	    -L*) new_libs="$deplib $new_libs" ;;
-	    *)
-	      case " $specialdeplibs " in
-	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
-	      *)
-		case " $new_libs " in
-		*" $deplib "*) ;;
-		*) new_libs="$deplib $new_libs" ;;
-		esac
-		;;
-	      esac
-	      ;;
-	    esac
-	  done
-	  tmp_libs=
-	  for deplib in $new_libs; do
-	    case $deplib in
-	    -L*)
-	      case " $tmp_libs " in
-	      *" $deplib "*) ;;
-	      *) tmp_libs="$tmp_libs $deplib" ;;
-	      esac
-	      ;;
-	    *) tmp_libs="$tmp_libs $deplib" ;;
-	    esac
-	  done
-	  eval $var=\"$tmp_libs\"
-	done # for var
-      fi
-      if test "$pass" = "conv" &&
-       { test "$linkmode" = "lib" || test "$linkmode" = "prog"; }; then
-	libs="$deplibs" # reset libs
-	deplibs=
-      fi
-    done # for pass
-    if test $linkmode = prog; then
-      dlfiles="$newdlfiles"
-      dlprefiles="$newdlprefiles"
-    fi
-
-    case $linkmode in
-    oldlib)
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$rpath"; then
-	$echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$xrpath"; then
-	$echo "$modename: warning: \`-R' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
-	$echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
-      fi
-
-      # Now set the variables for building old libraries.
-      build_libtool_libs=no
-      oldlibs="$output"
-      objs="$objs$old_deplibs"
-      ;;
-
-    lib)
-      # Make sure we only generate libraries of the form `libNAME.la'.
-      case $outputname in
-      lib*)
-	name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
-	eval libname=\"$libname_spec\"
-	;;
-      *)
-	if test "$module" = no; then
-	  $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-	if test "$need_lib_prefix" != no; then
-	  # Add the "lib" prefix for modules if required
-	  name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
-	  eval libname=\"$libname_spec\"
-	else
-	  libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
-	fi
-	;;
-      esac
-
-      if test -n "$objs"; then
-	if test "$deplibs_check_method" != pass_all; then
-	  $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
-	  exit 1
-	else
-	  echo
-	  echo "*** Warning: Linking the shared library $output against the non-libtool"
-	  echo "*** objects $objs is not portable!"
-	  libobjs="$libobjs $objs"
-	fi
-      fi
-
-      if test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
-      fi
-
-      set dummy $rpath
-      if test $# -gt 2; then
-	$echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
-      fi
-      install_libdir="$2"
-
-      oldlibs=
-      if test -z "$rpath"; then
-	if test "$build_libtool_libs" = yes; then
-	  # Building a libtool convenience library.
-	  libext=al
-	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
-	  build_libtool_libs=convenience
-	  build_old_libs=yes
-	fi
-
-	if test -n "$vinfo"; then
-	  $echo "$modename: warning: \`-version-info' is ignored for convenience libraries" 1>&2
-	fi
-
-	if test -n "$release"; then
-	  $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
-	fi
-      else
-
-	# Parse the version information argument.
-	save_ifs="$IFS"; IFS=':'
-	set dummy $vinfo 0 0 0
-	IFS="$save_ifs"
-
-	if test -n "$8"; then
-	  $echo "$modename: too many parameters to \`-version-info'" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-
-	current="$2"
-	revision="$3"
-	age="$4"
-
-	# Check that each of the things are valid numbers.
-	case $current in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: CURRENT \`$current' is not a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	case $revision in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: REVISION \`$revision' is not a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	case $age in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: AGE \`$age' is not a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	if test $age -gt $current; then
-	  $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	fi
-
-	# Calculate the version variables.
-	major=
-	versuffix=
-	verstring=
-	case $version_type in
-	none) ;;
-
-	darwin)
-	  # Like Linux, but with the current version available in
-	  # verstring for coding it into the library header
-	  major=.`expr $current - $age`
-	  versuffix="$major.$age.$revision"
-	  # Darwin ld doesn't like 0 for these options...
-	  minor_current=`expr $current + 1`
-	  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
-	  ;;
-
-	freebsd-aout)
-	  major=".$current"
-	  versuffix=".$current.$revision";
-	  ;;
-
-	freebsd-elf)
-	  major=".$current"
-	  versuffix=".$current";
-	  ;;
-
-	irix)
-	  major=`expr $current - $age + 1`
-	  verstring="sgi$major.$revision"
-
-	  # Add in all the interfaces that we are compatible with.
-	  loop=$revision
-	  while test $loop != 0; do
-	    iface=`expr $revision - $loop`
-	    loop=`expr $loop - 1`
-	    verstring="sgi$major.$iface:$verstring"
-	  done
-
-	  # Before this point, $major must not contain `.'.
-	  major=.$major
-	  versuffix="$major.$revision"
-	  ;;
-
-	linux)
-	  major=.`expr $current - $age`
-	  versuffix="$major.$age.$revision"
-	  ;;
-
-	osf)
-	  major=`expr $current - $age`
-	  versuffix=".$current.$age.$revision"
-	  verstring="$current.$age.$revision"
-
-	  # Add in all the interfaces that we are compatible with.
-	  loop=$age
-	  while test $loop != 0; do
-	    iface=`expr $current - $loop`
-	    loop=`expr $loop - 1`
-	    verstring="$verstring:${iface}.0"
-	  done
-
-	  # Make executables depend on our current version.
-	  verstring="$verstring:${current}.0"
-	  ;;
-
-	sunos)
-	  major=".$current"
-	  versuffix=".$current.$revision"
-	  ;;
-
-	windows)
-	  # Use '-' rather than '.', since we only want one
-	  # extension on DOS 8.3 filesystems.
-	  major=`expr $current - $age`
-	  versuffix="-$major"
-	  ;;
-
-	*)
-	  $echo "$modename: unknown library version type \`$version_type'" 1>&2
-	  echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	# Clear the version info if we defaulted, and they specified a release.
-	if test -z "$vinfo" && test -n "$release"; then
-	  major=
-	  verstring="0.0"
-	  case $version_type in
-	  darwin)
-	    # we can't check for "0.0" in archive_cmds due to quoting
-	    # problems, so we reset it completely
-	    verstring=""
-	    ;;
-	  *)
-	    verstring="0.0"
-	    ;;
-	  esac
-	  if test "$need_version" = no; then
-	    versuffix=
-	  else
-	    versuffix=".0.0"
-	  fi
-	fi
-
-	# Remove version info from name if versioning should be avoided
-	if test "$avoid_version" = yes && test "$need_version" = no; then
-	  major=
-	  versuffix=
-	  verstring=""
-	fi
-
-	# Check to see if the archive will have undefined symbols.
-	if test "$allow_undefined" = yes; then
-	  if test "$allow_undefined_flag" = unsupported; then
-	    $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
-	    build_libtool_libs=no
-	    build_old_libs=yes
-	  fi
-	else
-	  # Don't allow undefined symbols.
-	  allow_undefined_flag="$no_undefined_flag"
-	fi
-      fi
-
-      if test "$mode" != relink; then
-	# Remove our outputs.
-	$show "${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*"
-	$run ${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*
-      fi
-
-      # Now set the variables for building old libraries.
-      if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
-	oldlibs="$oldlibs $output_objdir/$libname.$libext"
-
-	# Transform .lo files to .o files.
-	oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
-      fi
-
-      # Eliminate all temporary directories.
-      for path in $notinst_path; do
-	lib_search_path=`echo "$lib_search_path " | sed -e 's% $path % %g'`
-	deplibs=`echo "$deplibs " | sed -e 's% -L$path % %g'`
-	dependency_libs=`echo "$dependency_libs " | sed -e 's% -L$path % %g'`
-      done
-
-      if test -n "$xrpath"; then
-	# If the user specified any rpath flags, then add them.
-	temp_xrpath=
-	for libdir in $xrpath; do
-	  temp_xrpath="$temp_xrpath -R$libdir"
-	  case "$finalize_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_rpath="$finalize_rpath $libdir" ;;
-	  esac
-	done
-	if test $hardcode_into_libs != yes || test $build_old_libs = yes; then
-	  dependency_libs="$temp_xrpath $dependency_libs"
-	fi
-      fi
-
-      # Make sure dlfiles contains only unique files that won't be dlpreopened
-      old_dlfiles="$dlfiles"
-      dlfiles=
-      for lib in $old_dlfiles; do
-	case " $dlprefiles $dlfiles " in
-	*" $lib "*) ;;
-	*) dlfiles="$dlfiles $lib" ;;
-	esac
-      done
-
-      # Make sure dlprefiles contains only unique files
-      old_dlprefiles="$dlprefiles"
-      dlprefiles=
-      for lib in $old_dlprefiles; do
-	case "$dlprefiles " in
-	*" $lib "*) ;;
-	*) dlprefiles="$dlprefiles $lib" ;;
-	esac
-      done
-
-      if test "$build_libtool_libs" = yes; then
-	if test -n "$rpath"; then
-	  case $host in
-	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
-	    # these systems don't actually have a c library (as such)!
-	    ;;
-	  *-*-rhapsody* | *-*-darwin1.[012])
-	    # Rhapsody C library is in the System framework
-	    deplibs="$deplibs -framework System"
-	    ;;
-	  *-*-netbsd*)
-	    # Don't link with libc until the a.out ld.so is fixed.
-	    ;;
-	  *-*-openbsd*)
-	    # Do not include libc due to us having libc/libc_r.
-	    ;;
-	  *)
-	    # Add libc to deplibs on all other systems if necessary.
-	    if test $build_libtool_need_lc = "yes"; then
-	      deplibs="$deplibs -lc"
-	    fi
-	    ;;
-	  esac
-	fi
-
-	# Transform deplibs into only deplibs that can be linked in shared.
-	name_save=$name
-	libname_save=$libname
-	release_save=$release
-	versuffix_save=$versuffix
-	major_save=$major
-	# I'm not sure if I'm treating the release correctly.  I think
-	# release should show up in the -l (ie -lgmp5) so we don't want to
-	# add it in twice.  Is that correct?
-	release=""
-	versuffix=""
-	major=""
-	newdeplibs=
-	droppeddeps=no
-	case $deplibs_check_method in
-	pass_all)
-	  # Don't check for shared/static.  Everything works.
-	  # This might be a little naive.  We might want to check
-	  # whether the library exists or not.  But this is on
-	  # osf3 & osf4 and I'm not really sure... Just
-	  # implementing what was already the behaviour.
-	  newdeplibs=$deplibs
-	  ;;
-	test_compile)
-	  # This code stresses the "libraries are programs" paradigm to its
-	  # limits. Maybe even breaks it.  We compile a program, linking it
-	  # against the deplibs as a proxy for the library.  Then we can check
-	  # whether they linked in statically or dynamically with ldd.
-	  $rm conftest.c
-	  cat > conftest.c <<EOF
-	  int main() { return 0; }
-EOF
-	  $rm conftest
-	  $CC -o conftest conftest.c $deplibs
-	  if test $? -eq 0 ; then
-	    ldd_output=`ldd conftest`
-	    for i in $deplibs; do
-	      name="`expr $i : '-l\(.*\)'`"
-	      # If $name is empty we are operating on a -L argument.
-	      if test -n "$name" && test "$name" != "0"; then
-		libname=`eval \\$echo \"$libname_spec\"`
-		deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		set dummy $deplib_matches
-		deplib_match=$2
-		if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		  newdeplibs="$newdeplibs $i"
-		else
-		  droppeddeps=yes
-		  echo
-		  echo "*** Warning: This library needs some functionality provided by $i."
-		  echo "*** I have the capability to make that library automatically link in when"
-		  echo "*** you link to this library.  But I can only do this if you have a"
-		  echo "*** shared version of the library, which you do not appear to have."
-		fi
-	      else
-		newdeplibs="$newdeplibs $i"
-	      fi
-	    done
-	  else
-	    # Error occured in the first compile.  Let's try to salvage the situation:
-	    # Compile a seperate program for each library.
-	    for i in $deplibs; do
-	      name="`expr $i : '-l\(.*\)'`"
-	     # If $name is empty we are operating on a -L argument.
-	      if test -n "$name" && test "$name" != "0"; then
-		$rm conftest
-		$CC -o conftest conftest.c $i
-		# Did it work?
-		if test $? -eq 0 ; then
-		  ldd_output=`ldd conftest`
-		  libname=`eval \\$echo \"$libname_spec\"`
-		  deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		  set dummy $deplib_matches
-		  deplib_match=$2
-		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		    newdeplibs="$newdeplibs $i"
-		  else
-		    droppeddeps=yes
-		    echo
-		    echo "*** Warning: This library needs some functionality provided by $i."
-		    echo "*** I have the capability to make that library automatically link in when"
-		    echo "*** you link to this library.  But I can only do this if you have a"
-		    echo "*** shared version of the library, which you do not appear to have."
-		  fi
-		else
-		  droppeddeps=yes
-		  echo
-		  echo "*** Warning!  Library $i is needed by this library but I was not able to"
-		  echo "***  make it link in!  You will probably need to install it or some"
-		  echo "*** library that it depends on before this library will be fully"
-		  echo "*** functional.  Installing it before continuing would be even better."
-		fi
-	      else
-		newdeplibs="$newdeplibs $i"
-	      fi
-	    done
-	  fi
-	  ;;
-	file_magic*)
-	  set dummy $deplibs_check_method
-	  file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-	  for a_deplib in $deplibs; do
-	    name="`expr $a_deplib : '-l\(.*\)'`"
-	    # If $name is empty we are operating on a -L argument.
-	    if test -n "$name" && test "$name" != "0"; then
-	      libname=`eval \\$echo \"$libname_spec\"`
-	      for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		    potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		    for potent_lib in $potential_libs; do
-		      # Follow soft links.
-		      if ls -lLd "$potent_lib" 2>/dev/null \
-			 | grep " -> " >/dev/null; then
-			continue
-		      fi
-		      # The statement above tries to avoid entering an
-		      # endless loop below, in case of cyclic links.
-		      # We might still enter an endless loop, since a link
-		      # loop can be closed while we follow links,
-		      # but so what?
-		      potlib="$potent_lib"
-		      while test -h "$potlib" 2>/dev/null; do
-			potliblink=`ls -ld $potlib | sed 's/.* -> //'`
-			case $potliblink in
-			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
-			*) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
-			esac
-		      done
-		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
-			 | sed 10q \
-			 | egrep "$file_magic_regex" > /dev/null; then
-			newdeplibs="$newdeplibs $a_deplib"
-			a_deplib=""
-			break 2
-		      fi
-		    done
-	      done
-	      if test -n "$a_deplib" ; then
-		droppeddeps=yes
-		echo
-		echo "*** Warning: This library needs some functionality provided by $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have."
-	      fi
-	    else
-	      # Add a -L argument.
-	      newdeplibs="$newdeplibs $a_deplib"
-	    fi
-	  done # Gone through all deplibs.
-	  ;;
-	match_pattern*)
-	  set dummy $deplibs_check_method
-	  match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-	  for a_deplib in $deplibs; do
-	    name="`expr $a_deplib : '-l\(.*\)'`"
-	    # If $name is empty we are operating on a -L argument.
-	    if test -n "$name" && test "$name" != "0"; then
-	      libname=`eval \\$echo \"$libname_spec\"`
-	      for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		for potent_lib in $potential_libs; do
-		  if eval echo \"$potent_lib\" 2>/dev/null \
-		      | sed 10q \
-		      | egrep "$match_pattern_regex" > /dev/null; then
-		    newdeplibs="$newdeplibs $a_deplib"
-		    a_deplib=""
-		    break 2
-		  fi
-		done
-	      done
-	      if test -n "$a_deplib" ; then
-		droppeddeps=yes
-		echo
-		echo "*** Warning: This library needs some functionality provided by $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have."
-	      fi
-	    else
-	      # Add a -L argument.
-	      newdeplibs="$newdeplibs $a_deplib"
-	    fi
-	  done # Gone through all deplibs.
-	  ;;
-	none | unknown | *)
-	  newdeplibs=""
-	  if $echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
-	       -e 's/ -[LR][^ ]*//g' -e 's/[ 	]//g' |
-	     grep . >/dev/null; then
-	    echo
-	    if test "X$deplibs_check_method" = "Xnone"; then
-	      echo "*** Warning: inter-library dependencies are not supported in this platform."
-	    else
-	      echo "*** Warning: inter-library dependencies are not known to be supported."
-	    fi
-	    echo "*** All declared inter-library dependencies are being dropped."
-	    droppeddeps=yes
-	  fi
-	  ;;
-	esac
-	versuffix=$versuffix_save
-	major=$major_save
-	release=$release_save
-	libname=$libname_save
-	name=$name_save
-
-	case $host in
-	*-*-rhapsody* | *-*-darwin1.[012])
-	  # On Rhapsody replace the C library is the System framework
-	  newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	  ;;
-	esac
-
-	if test "$droppeddeps" = yes; then
-	  if test "$module" = yes; then
-	    echo
-	    echo "*** Warning: libtool could not satisfy all declared inter-library"
-	    echo "*** dependencies of module $libname.  Therefore, libtool will create"
-	    echo "*** a static module, that should work as long as the dlopening"
-	    echo "*** application is linked with the -dlopen flag."
-	    if test -z "$global_symbol_pipe"; then
-	      echo
-	      echo "*** However, this would only work if libtool was able to extract symbol"
-	      echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-	      echo "*** not find such a program.  So, this module is probably useless."
-	      echo "*** \`nm' from GNU binutils and a full rebuild may help."
-	    fi
-	    if test "$build_old_libs" = no; then
-	      oldlibs="$output_objdir/$libname.$libext"
-	      build_libtool_libs=module
-	      build_old_libs=yes
-	    else
-	      build_libtool_libs=no
-	    fi
-	  else
-	    echo "*** The inter-library dependencies that have been dropped here will be"
-	    echo "*** automatically added whenever a program is linked with this library"
-	    echo "*** or is declared to -dlopen it."
-
-	    if test $allow_undefined = no; then
-	      echo
-	      echo "*** Since this library must not contain undefined symbols,"
-	      echo "*** because either the platform does not support them or"
-	      echo "*** it was explicitly requested with -no-undefined,"
-	      echo "*** libtool will only create a static version of it."
-	      if test "$build_old_libs" = no; then
-		oldlibs="$output_objdir/$libname.$libext"
-		build_libtool_libs=module
-		build_old_libs=yes
-	      else
-		build_libtool_libs=no
-	      fi
-	    fi
-	  fi
-	fi
-	# Done checking deplibs!
-	deplibs=$newdeplibs
-      fi
-
-      # All the library-specific variables (install_libdir is set above).
-      library_names=
-      old_library=
-      dlname=
-
-      # Test again, we may have decided not to build it any more
-      if test "$build_libtool_libs" = yes; then
-	if test $hardcode_into_libs = yes; then
-	  # Hardcode the library paths
-	  hardcode_libdirs=
-	  dep_rpath=
-	  rpath="$finalize_rpath"
-	  test "$mode" != relink && rpath="$compile_rpath$rpath"
-	  for libdir in $rpath; do
-	    if test -n "$hardcode_libdir_flag_spec"; then
-	      if test -n "$hardcode_libdir_separator"; then
-		if test -z "$hardcode_libdirs"; then
-		  hardcode_libdirs="$libdir"
-		else
-		  # Just accumulate the unique libdirs.
-		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		    ;;
-		  *)
-		    hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		    ;;
-		  esac
-		fi
-	      else
-		eval flag=\"$hardcode_libdir_flag_spec\"
-		dep_rpath="$dep_rpath $flag"
-	      fi
-	    elif test -n "$runpath_var"; then
-	      case "$perm_rpath " in
-	      *" $libdir "*) ;;
-	      *) perm_rpath="$perm_rpath $libdir" ;;
-	      esac
-	    fi
-	  done
-	  # Substitute the hardcoded libdirs into the rpath.
-	  if test -n "$hardcode_libdir_separator" &&
-	     test -n "$hardcode_libdirs"; then
-	    libdir="$hardcode_libdirs"
-	    eval dep_rpath=\"$hardcode_libdir_flag_spec\"
-	  fi
-	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
-	    # We should set the runpath_var.
-	    rpath=
-	    for dir in $perm_rpath; do
-	      rpath="$rpath$dir:"
-	    done
-	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
-	  fi
-	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
-	fi
-
-	shlibpath="$finalize_shlibpath"
-	test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
-	if test -n "$shlibpath"; then
-	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
-	fi
-
-	# Get the real and link names of the library.
-	eval library_names=\"$library_names_spec\"
-	set dummy $library_names
-	realname="$2"
-	shift; shift
-
-	if test -n "$soname_spec"; then
-	  eval soname=\"$soname_spec\"
-	else
-	  soname="$realname"
-	fi
-	test -z "$dlname" && dlname=$soname
-
-	lib="$output_objdir/$realname"
-	for link
-	do
-	  linknames="$linknames $link"
-	done
-
-	# Ensure that we have .o objects for linkers which dislike .lo
-	# (e.g. aix) in case we are running --disable-static
-	for obj in $libobjs; do
-	  xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-	  if test "X$xdir" = "X$obj"; then
-	    xdir="."
-	  else
-	    xdir="$xdir"
-	  fi
-	  baseobj=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
-	  oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"`
-	  if test ! -f $xdir/$oldobj; then
-	    $show "(cd $xdir && ${LN_S} $baseobj $oldobj)"
-	    $run eval '(cd $xdir && ${LN_S} $baseobj $oldobj)' || exit $?
-	  fi
-	done
-
-	# Use standard objects if they are pic
-	test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-
-	# Prepare the list of exported symbols
-	if test -z "$export_symbols"; then
-	  if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
-	    $show "generating symbol list for \`$libname.la'"
-	    export_symbols="$output_objdir/$libname.exp"
-	    $run $rm $export_symbols
-	    eval cmds=\"$export_symbols_cmds\"
-	    save_ifs="$IFS"; IFS='~'
-	    for cmd in $cmds; do
-	      IFS="$save_ifs"
-	      $show "$cmd"
-	      $run eval "$cmd" || exit $?
-	    done
-	    IFS="$save_ifs"
-	    if test -n "$export_symbols_regex"; then
-	      $show "egrep -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
-	      $run eval 'egrep -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
-	      $show "$mv \"${export_symbols}T\" \"$export_symbols\""
-	      $run eval '$mv "${export_symbols}T" "$export_symbols"'
-	    fi
-	  fi
-	fi
-
-	if test -n "$export_symbols" && test -n "$include_expsyms"; then
-	  $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
-	fi
-
-	if test -n "$convenience"; then
-	  if test -n "$whole_archive_flag_spec"; then
-	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
-	  else
-	    gentop="$output_objdir/${outputname}x"
-	    $show "${rm}r $gentop"
-	    $run ${rm}r "$gentop"
-	    $show "mkdir $gentop"
-	    $run mkdir "$gentop"
-	    status=$?
-	    if test $status -ne 0 && test ! -d "$gentop"; then
-	      exit $status
-	    fi
-	    generated="$generated $gentop"
-
-	    for xlib in $convenience; do
-	      # Extract the objects.
-	      case $xlib in
-	      [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	      *) xabs=`pwd`"/$xlib" ;;
-	      esac
-	      xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	      xdir="$gentop/$xlib"
-
-	      $show "${rm}r $xdir"
-	      $run ${rm}r "$xdir"
-	      $show "mkdir $xdir"
-	      $run mkdir "$xdir"
-	      status=$?
-	      if test $status -ne 0 && test ! -d "$xdir"; then
-		exit $status
-	      fi
-	      $show "(cd $xdir && $AR x $xabs)"
-	      $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	      libobjs="$libobjs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP`
-	    done
-	  fi
-	fi
-
-	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
-	  eval flag=\"$thread_safe_flag_spec\"
-	  linker_flags="$linker_flags $flag"
-	fi
-
-	# Make a backup of the uninstalled library when relinking
-	if test "$mode" = relink; then
-	  $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
-	fi
-
-	# Do each of the archive commands.
-	if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
-	  eval cmds=\"$archive_expsym_cmds\"
-	else
-	  eval cmds=\"$archive_cmds\"
-	fi
-	save_ifs="$IFS"; IFS='~'
-	for cmd in $cmds; do
-	  IFS="$save_ifs"
-	  $show "$cmd"
-	  $run eval "$cmd" || exit $?
-	done
-	IFS="$save_ifs"
-
-	# Restore the uninstalled library and exit
-	if test "$mode" = relink; then
-	  $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
-	  exit 0
-	fi
-
-	# Create links to the real library.
-	for linkname in $linknames; do
-	  if test "$realname" != "$linkname"; then
-	    $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
-	    $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
-	  fi
-	done
-
-	# If -module or -export-dynamic was specified, set the dlname.
-	if test "$module" = yes || test "$export_dynamic" = yes; then
-	  # On all known operating systems, these are identical.
-	  dlname="$soname"
-	fi
-      fi
-      ;;
-
-    obj)
-      if test -n "$deplibs"; then
-	$echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
-      fi
-
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$rpath"; then
-	$echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$xrpath"; then
-	$echo "$modename: warning: \`-R' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for objects" 1>&2
-      fi
-
-      case $output in
-      *.lo)
-	if test -n "$objs$old_deplibs"; then
-	  $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
-	  exit 1
-	fi
-	libobj="$output"
-	obj=`$echo "X$output" | $Xsed -e "$lo2o"`
-	;;
-      *)
-	libobj=
-	obj="$output"
-	;;
-      esac
-
-      # Delete the old objects.
-      $run $rm $obj $libobj
-
-      # Objects from convenience libraries.  This assumes
-      # single-version convenience libraries.  Whenever we create
-      # different ones for PIC/non-PIC, this we'll have to duplicate
-      # the extraction.
-      reload_conv_objs=
-      gentop=
-      # reload_cmds runs $LD directly, so let us get rid of
-      # -Wl from whole_archive_flag_spec
-      wl=
-
-      if test -n "$convenience"; then
-	if test -n "$whole_archive_flag_spec"; then
-	  eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
-	else
-	  gentop="$output_objdir/${obj}x"
-	  $show "${rm}r $gentop"
-	  $run ${rm}r "$gentop"
-	  $show "mkdir $gentop"
-	  $run mkdir "$gentop"
-	  status=$?
-	  if test $status -ne 0 && test ! -d "$gentop"; then
-	    exit $status
-	  fi
-	  generated="$generated $gentop"
-
-	  for xlib in $convenience; do
-	    # Extract the objects.
-	    case $xlib in
-	    [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	    *) xabs=`pwd`"/$xlib" ;;
-	    esac
-	    xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	    xdir="$gentop/$xlib"
-
-	    $show "${rm}r $xdir"
-	    $run ${rm}r "$xdir"
-	    $show "mkdir $xdir"
-	    $run mkdir "$xdir"
-	    status=$?
-	    if test $status -ne 0 && test ! -d "$xdir"; then
-	      exit $status
-	    fi
-	    $show "(cd $xdir && $AR x $xabs)"
-	    $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	    reload_conv_objs="$reload_objs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP`
-	  done
-	fi
-      fi
-
-      # Create the old-style object.
-      reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
-
-      output="$obj"
-      eval cmds=\"$reload_cmds\"
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-
-      # Exit if we aren't doing a library object file.
-      if test -z "$libobj"; then
-	if test -n "$gentop"; then
-	  $show "${rm}r $gentop"
-	  $run ${rm}r $gentop
-	fi
-
-	exit 0
-      fi
-
-      if test "$build_libtool_libs" != yes; then
-	if test -n "$gentop"; then
-	  $show "${rm}r $gentop"
-	  $run ${rm}r $gentop
-	fi
-
-	# Create an invalid libtool object if no PIC, so that we don't
-	# accidentally link it into a program.
-	$show "echo timestamp > $libobj"
-	$run eval "echo timestamp > $libobj" || exit $?
-	exit 0
-      fi
-
-      if test -n "$pic_flag" || test "$pic_mode" != default; then
-	# Only do commands if we really have different PIC objects.
-	reload_objs="$libobjs $reload_conv_objs"
-	output="$libobj"
-	eval cmds=\"$reload_cmds\"
-	save_ifs="$IFS"; IFS='~'
-	for cmd in $cmds; do
-	  IFS="$save_ifs"
-	  $show "$cmd"
-	  $run eval "$cmd" || exit $?
-	done
-	IFS="$save_ifs"
-      else
-	# Just create a symlink.
-	$show $rm $libobj
-	$run $rm $libobj
-	xdir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$xdir" = "X$libobj"; then
-	  xdir="."
-	else
-	  xdir="$xdir"
-	fi
-	baseobj=`$echo "X$libobj" | $Xsed -e 's%^.*/%%'`
-	oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"`
-	$show "(cd $xdir && $LN_S $oldobj $baseobj)"
-	$run eval '(cd $xdir && $LN_S $oldobj $baseobj)' || exit $?
-      fi
-
-      if test -n "$gentop"; then
-	$show "${rm}r $gentop"
-	$run ${rm}r $gentop
-      fi
-
-      exit 0
-      ;;
-
-    prog)
-      case $host in
-	*cygwin*) output=`echo $output | sed -e 's,.exe$,,;s,$,.exe,'` ;;
-      esac
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for programs" 1>&2
-      fi
-
-      if test "$preload" = yes; then
-	if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
-	   test "$dlopen_self_static" = unknown; then
-	  $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
-	fi
-      fi
-
-      case $host in
-      *-*-rhapsody* | *-*-darwin1.[012])
-	# On Rhapsody replace the C library is the System framework
-	compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	;;
-      esac
-
-      compile_command="$compile_command $compile_deplibs"
-      finalize_command="$finalize_command $finalize_deplibs"
-
-      if test -n "$rpath$xrpath"; then
-	# If the user specified any rpath flags, then add them.
-	for libdir in $rpath $xrpath; do
-	  # This is the magic to use -rpath.
-	  case "$finalize_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_rpath="$finalize_rpath $libdir" ;;
-	  esac
-	done
-      fi
-
-      # Now hardcode the library paths
-      rpath=
-      hardcode_libdirs=
-      for libdir in $compile_rpath $finalize_rpath; do
-	if test -n "$hardcode_libdir_flag_spec"; then
-	  if test -n "$hardcode_libdir_separator"; then
-	    if test -z "$hardcode_libdirs"; then
-	      hardcode_libdirs="$libdir"
-	    else
-	      # Just accumulate the unique libdirs.
-	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		;;
-	      *)
-		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		;;
-	      esac
-	    fi
-	  else
-	    eval flag=\"$hardcode_libdir_flag_spec\"
-	    rpath="$rpath $flag"
-	  fi
-	elif test -n "$runpath_var"; then
-	  case "$perm_rpath " in
-	  *" $libdir "*) ;;
-	  *) perm_rpath="$perm_rpath $libdir" ;;
-	  esac
-	fi
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  case :$dllsearchpath: in
-	  *":$libdir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$libdir";;
-	  esac
-	  ;;
-	esac
-      done
-      # Substitute the hardcoded libdirs into the rpath.
-      if test -n "$hardcode_libdir_separator" &&
-	 test -n "$hardcode_libdirs"; then
-	libdir="$hardcode_libdirs"
-	eval rpath=\" $hardcode_libdir_flag_spec\"
-      fi
-      compile_rpath="$rpath"
-
-      rpath=
-      hardcode_libdirs=
-      for libdir in $finalize_rpath; do
-	if test -n "$hardcode_libdir_flag_spec"; then
-	  if test -n "$hardcode_libdir_separator"; then
-	    if test -z "$hardcode_libdirs"; then
-	      hardcode_libdirs="$libdir"
-	    else
-	      # Just accumulate the unique libdirs.
-	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		;;
-	      *)
-		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		;;
-	      esac
-	    fi
-	  else
-	    eval flag=\"$hardcode_libdir_flag_spec\"
-	    rpath="$rpath $flag"
-	  fi
-	elif test -n "$runpath_var"; then
-	  case "$finalize_perm_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
-	  esac
-	fi
-      done
-      # Substitute the hardcoded libdirs into the rpath.
-      if test -n "$hardcode_libdir_separator" &&
-	 test -n "$hardcode_libdirs"; then
-	libdir="$hardcode_libdirs"
-	eval rpath=\" $hardcode_libdir_flag_spec\"
-      fi
-      finalize_rpath="$rpath"
-
-      if test -n "$libobjs" && test "$build_old_libs" = yes; then
-	# Transform all the library objects into standard objects.
-	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-	finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-      fi
-
-      dlsyms=
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	if test -n "$NM" && test -n "$global_symbol_pipe"; then
-	  dlsyms="${outputname}S.c"
-	else
-	  $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
-	fi
-      fi
-
-      if test -n "$dlsyms"; then
-	case $dlsyms in
-	"") ;;
-	*.c)
-	  # Discover the nlist of each of the dlfiles.
-	  nlist="$output_objdir/${outputname}.nm"
-
-	  $show "$rm $nlist ${nlist}S ${nlist}T"
-	  $run $rm "$nlist" "${nlist}S" "${nlist}T"
-
-	  # Parse the name list into a source file.
-	  $show "creating $output_objdir/$dlsyms"
-
-	  test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
-/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
-/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
-
-#ifdef __cplusplus
-extern \"C\" {
-#endif
-
-/* Prevent the only kind of declaration conflicts we can make. */
-#define lt_preloaded_symbols some_other_symbol
-
-/* External symbol declarations for the compiler. */\
-"
-
-	  if test "$dlself" = yes; then
-	    $show "generating symbol list for \`$output'"
-
-	    test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
-
-	    # Add our own program objects to the symbol list.
-	    progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-	    for arg in $progfiles; do
-	      $show "extracting global C symbols from \`$arg'"
-	      $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
-	    done
-
-	    if test -n "$exclude_expsyms"; then
-	      $run eval 'egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
-	      $run eval '$mv "$nlist"T "$nlist"'
-	    fi
-
-	    if test -n "$export_symbols_regex"; then
-	      $run eval 'egrep -e "$export_symbols_regex" "$nlist" > "$nlist"T'
-	      $run eval '$mv "$nlist"T "$nlist"'
-	    fi
-
-	    # Prepare the list of exported symbols
-	    if test -z "$export_symbols"; then
-	      export_symbols="$output_objdir/$output.exp"
-	      $run $rm $export_symbols
-	      $run eval "sed -n -e '/^: @PROGRAM@$/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
-	    else
-	      $run eval "sed -e 's/\([][.*^$]\)/\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$output.exp"'
-	      $run eval 'grep -f "$output_objdir/$output.exp" < "$nlist" > "$nlist"T'
-	      $run eval 'mv "$nlist"T "$nlist"'
-	    fi
-	  fi
-
-	  for arg in $dlprefiles; do
-	    $show "extracting global C symbols from \`$arg'"
-	    name=`echo "$arg" | sed -e 's%^.*/%%'`
-	    $run eval 'echo ": $name " >> "$nlist"'
-	    $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
-	  done
-
-	  if test -z "$run"; then
-	    # Make sure we have at least an empty file.
-	    test -f "$nlist" || : > "$nlist"
-
-	    if test -n "$exclude_expsyms"; then
-	      egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
-	      $mv "$nlist"T "$nlist"
-	    fi
-
-	    # Try sorting and uniquifying the output.
-	    if grep -v "^: " < "$nlist" | sort +2 | uniq > "$nlist"S; then
-	      :
-	    else
-	      grep -v "^: " < "$nlist" > "$nlist"S
-	    fi
-
-	    if test -f "$nlist"S; then
-	      eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
-	    else
-	      echo '/* NONE */' >> "$output_objdir/$dlsyms"
-	    fi
-
-	    $echo >> "$output_objdir/$dlsyms" "\
-
-#undef lt_preloaded_symbols
-
-#if defined (__STDC__) && __STDC__
-# define lt_ptr void *
-#else
-# define lt_ptr char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr address;
-}
-lt_preloaded_symbols[] =
-{\
-"
-
-	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
-
-	    $echo >> "$output_objdir/$dlsyms" "\
-  {0, (lt_ptr) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif\
-"
-	  fi
-
-	  pic_flag_for_symtable=
-	  case $host in
-	  # compiling the symbol table file with pic_flag works around
-	  # a FreeBSD bug that causes programs to crash when -lm is
-	  # linked before any other PIC object.  But we must not use
-	  # pic_flag when linking with -static.  The problem exists in
-	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
-	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
-	    case "$compile_command " in
-	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DPIC -DFREEBSD_WORKAROUND";;
-	    esac;;
-	  *-*-hpux*)
-	    case "$compile_command " in
-	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DPIC";;
-	    esac
-	  esac
-
-	  # Now compile the dynamic symbol file.
-	  $show "(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
-	  $run eval '(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
-
-	  # Clean up the generated files.
-	  $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
-	  $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
-
-	  # Transform the symbol file into the correct name.
-	  compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-	  finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-	  ;;
-	*)
-	  $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
-	  exit 1
-	  ;;
-	esac
-      else
-	# We keep going just in case the user didn't refer to
-	# lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
-	# really was required.
-
-	# Nullify the symbol file.
-	compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
-	finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
-      fi
-
-      if test $need_relink = no || test "$build_libtool_libs" != yes; then
-	# Replace the output file specification.
-	compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
-	link_command="$compile_command$compile_rpath"
-
-	# We have no uninstalled library dependencies, so finalize right now.
-	$show "$link_command"
-	$run eval "$link_command"
-	status=$?
-
-	# Delete the generated files.
-	if test -n "$dlsyms"; then
-	  $show "$rm $output_objdir/${outputname}S.${objext}"
-	  $run $rm "$output_objdir/${outputname}S.${objext}"
-	fi
-
-	exit $status
-      fi
-
-      if test -n "$shlibpath_var"; then
-	# We should set the shlibpath_var
-	rpath=
-	for dir in $temp_rpath; do
-	  case $dir in
-	  [\\/]* | [A-Za-z]:[\\/]*)
-	    # Absolute path.
-	    rpath="$rpath$dir:"
-	    ;;
-	  *)
-	    # Relative path: add a thisdir entry.
-	    rpath="$rpath\$thisdir/$dir:"
-	    ;;
-	  esac
-	done
-	temp_rpath="$rpath"
-      fi
-
-      if test -n "$compile_shlibpath$finalize_shlibpath"; then
-	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
-      fi
-      if test -n "$finalize_shlibpath"; then
-	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
-      fi
-
-      compile_var=
-      finalize_var=
-      if test -n "$runpath_var"; then
-	if test -n "$perm_rpath"; then
-	  # We should set the runpath_var.
-	  rpath=
-	  for dir in $perm_rpath; do
-	    rpath="$rpath$dir:"
-	  done
-	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
-	fi
-	if test -n "$finalize_perm_rpath"; then
-	  # We should set the runpath_var.
-	  rpath=
-	  for dir in $finalize_perm_rpath; do
-	    rpath="$rpath$dir:"
-	  done
-	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
-	fi
-      fi
-
-      if test "$no_install" = yes; then
-	# We don't need to create a wrapper script.
-	link_command="$compile_var$compile_command$compile_rpath"
-	# Replace the output file specification.
-	link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
-	# Delete the old output file.
-	$run $rm $output
-	# Link the executable and exit
-	$show "$link_command"
-	$run eval "$link_command" || exit $?
-	exit 0
-      fi
-
-      if test "$hardcode_action" = relink; then
-	# Fast installation is not supported
-	link_command="$compile_var$compile_command$compile_rpath"
-	relink_command="$finalize_var$finalize_command$finalize_rpath"
-
-	$echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
-	$echo "$modename: \`$output' will be relinked during installation" 1>&2
-      else
-	if test "$fast_install" != no; then
-	  link_command="$finalize_var$compile_command$finalize_rpath"
-	  if test "$fast_install" = yes; then
-	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
-	  else
-	    # fast_install is set to needless
-	    relink_command=
-	  fi
-	else
-	  link_command="$compile_var$compile_command$compile_rpath"
-	  relink_command="$finalize_var$finalize_command$finalize_rpath"
-	fi
-      fi
-
-      # Replace the output file specification.
-      link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
-
-      # Delete the old output files.
-      $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
-
-      $show "$link_command"
-      $run eval "$link_command" || exit $?
-
-      # Now create the wrapper script.
-      $show "creating $output"
-
-      # Quote the relink command for shipping.
-      if test -n "$relink_command"; then
-	# Preserve any variables that may affect compiler behavior
-	for var in $variables_saved_for_relink; do
-	  if eval test -z \"\${$var+set}\"; then
-	    relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
-	  elif eval var_value=\$$var; test -z "$var_value"; then
-	    relink_command="$var=; export $var; $relink_command"
-	  else
-	    var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
-	    relink_command="$var=\"$var_value\"; export $var; $relink_command"
-	  fi
-	done
-	relink_command="cd `pwd`; $relink_command"
-	relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
-      fi
-
-      # Quote $echo for shipping.
-      if test "X$echo" = "X$SHELL $0 --fallback-echo"; then
-	case $0 in
-	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $0 --fallback-echo";;
-	*) qecho="$SHELL `pwd`/$0 --fallback-echo";;
-	esac
-	qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
-      else
-	qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
-      fi
-
-      # Only actually do things if our run command is non-null.
-      if test -z "$run"; then
-	# win32 will think the script is a binary if it has
-	# a .exe suffix, so we strip it off here.
-	case $output in
-	  *.exe) output=`echo $output|sed 's,.exe$,,'` ;;
-	esac
-	# test for cygwin because mv fails w/o .exe extensions
-	case $host in
-	  *cygwin*) exeext=.exe ;;
-	  *) exeext= ;;
-	esac
-	$rm $output
-	trap "$rm $output; exit 1" 1 2 15
-
-	$echo > $output "\
-#! $SHELL
-
-# $output - temporary wrapper script for $objdir/$outputname
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# The $output program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-sed_quote_subst='$sed_quote_subst'
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test \"\${CDPATH+set}\" = set; then CDPATH=:; export CDPATH; fi
-
-relink_command=\"$relink_command\"
-
-# This environment variable determines our operation mode.
-if test \"\$libtool_install_magic\" = \"$magic\"; then
-  # install mode needs the following variable:
-  notinst_deplibs='$notinst_deplibs'
-else
-  # When we are sourced in execute mode, \$file and \$echo are already set.
-  if test \"\$libtool_execute_magic\" != \"$magic\"; then
-    echo=\"$qecho\"
-    file=\"\$0\"
-    # Make sure echo works.
-    if test \"X\$1\" = X--no-reexec; then
-      # Discard the --no-reexec flag, and continue.
-      shift
-    elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
-      # Yippee, \$echo works!
-      :
-    else
-      # Restart under the correct shell, and then maybe \$echo will work.
-      exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
-    fi
-  fi\
-"
-	$echo >> $output "\
-
-  # Find the directory that this script lives in.
-  thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
-  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
-
-  # Follow symbolic links until we get to the real thisdir.
-  file=\`ls -ld \"\$file\" | sed -n 's/.*-> //p'\`
-  while test -n \"\$file\"; do
-    destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
-
-    # If there was a directory component, then change thisdir.
-    if test \"x\$destdir\" != \"x\$file\"; then
-      case \"\$destdir\" in
-      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
-      *) thisdir=\"\$thisdir/\$destdir\" ;;
-      esac
-    fi
-
-    file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
-    file=\`ls -ld \"\$thisdir/\$file\" | sed -n 's/.*-> //p'\`
-  done
-
-  # Try to get the absolute directory name.
-  absdir=\`cd \"\$thisdir\" && pwd\`
-  test -n \"\$absdir\" && thisdir=\"\$absdir\"
-"
-
-	if test "$fast_install" = yes; then
-	  echo >> $output "\
-  program=lt-'$outputname'$exeext
-  progdir=\"\$thisdir/$objdir\"
-
-  if test ! -f \"\$progdir/\$program\" || \\
-     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | sed 1q\`; \\
-       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
-
-    file=\"\$\$-\$program\"
-
-    if test ! -d \"\$progdir\"; then
-      $mkdir \"\$progdir\"
-    else
-      $rm \"\$progdir/\$file\"
-    fi"
-
-	  echo >> $output "\
-
-    # relink executable if necessary
-    if test -n \"\$relink_command\"; then
-      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
-      else
-	$echo \"\$relink_command_output\" >&2
-	$rm \"\$progdir/\$file\"
-	exit 1
-      fi
-    fi
-
-    $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
-    { $rm \"\$progdir/\$program\";
-      $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
-    $rm \"\$progdir/\$file\"
-  fi"
-	else
-	  echo >> $output "\
-  program='$outputname'
-  progdir=\"\$thisdir/$objdir\"
-"
-	fi
-
-	echo >> $output "\
-
-  if test -f \"\$progdir/\$program\"; then"
-
-	# Export our shlibpath_var if we have one.
-	if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
-	  $echo >> $output "\
-    # Add our own library path to $shlibpath_var
-    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
-
-    # Some systems cannot cope with colon-terminated $shlibpath_var
-    # The second colon is a workaround for a bug in BeOS R4 sed
-    $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
-
-    export $shlibpath_var
-"
-	fi
-
-	# fixup the dll searchpath if we need to.
-	if test -n "$dllsearchpath"; then
-	  $echo >> $output "\
-    # Add the dll search path components to the executable PATH
-    PATH=$dllsearchpath:\$PATH
-"
-	fi
-
-	$echo >> $output "\
-    if test \"\$libtool_execute_magic\" != \"$magic\"; then
-      # Run the actual program with our arguments.
-"
-	case $host in
-	# win32 systems need to use the prog path for dll
-	# lookup to work
-	*-*-cygwin* | *-*-pw32*)
-	  $echo >> $output "\
-      exec \$progdir/\$program \${1+\"\$@\"}
-"
-	  ;;
-
-	# Backslashes separate directories on plain windows
-	*-*-mingw | *-*-os2*)
-	  $echo >> $output "\
-      exec \$progdir\\\\\$program \${1+\"\$@\"}
-"
-	  ;;
-
-	*)
-	  $echo >> $output "\
-      # Export the path to the program.
-      PATH=\"\$progdir:\$PATH\"
-      export PATH
-
-      exec \$program \${1+\"\$@\"}
-"
-	  ;;
-	esac
-	$echo >> $output "\
-      \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
-      exit 1
-    fi
-  else
-    # The program doesn't exist.
-    \$echo \"\$0: error: \$progdir/\$program does not exist\" 1>&2
-    \$echo \"This script is just a wrapper for \$program.\" 1>&2
-    echo \"See the $PACKAGE documentation for more information.\" 1>&2
-    exit 1
-  fi
-fi\
-"
-	chmod +x $output
-      fi
-      exit 0
-      ;;
-    esac
-
-    # See if we need to build an old-fashioned archive.
-    for oldlib in $oldlibs; do
-
-      if test "$build_libtool_libs" = convenience; then
-	oldobjs="$libobjs_save"
-	addlibs="$convenience"
-	build_libtool_libs=no
-      else
-	if test "$build_libtool_libs" = module; then
-	  oldobjs="$libobjs_save"
-	  build_libtool_libs=no
-	else
-	  oldobjs="$objs$old_deplibs "`$echo "X$libobjs_save" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`
-	fi
-	addlibs="$old_convenience"
-      fi
-
-      if test -n "$addlibs"; then
-	gentop="$output_objdir/${outputname}x"
-	$show "${rm}r $gentop"
-	$run ${rm}r "$gentop"
-	$show "mkdir $gentop"
-	$run mkdir "$gentop"
-	status=$?
-	if test $status -ne 0 && test ! -d "$gentop"; then
-	  exit $status
-	fi
-	generated="$generated $gentop"
-
-	# Add in members from convenience archives.
-	for xlib in $addlibs; do
-	  # Extract the objects.
-	  case $xlib in
-	  [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	  *) xabs=`pwd`"/$xlib" ;;
-	  esac
-	  xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	  xdir="$gentop/$xlib"
-
-	  $show "${rm}r $xdir"
-	  $run ${rm}r "$xdir"
-	  $show "mkdir $xdir"
-	  $run mkdir "$xdir"
-	  status=$?
-	  if test $status -ne 0 && test ! -d "$xdir"; then
-	    exit $status
-	  fi
-	  $show "(cd $xdir && $AR x $xabs)"
-	  $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	  oldobjs="$oldobjs "`find $xdir -name \*.${objext} -print -o -name \*.lo -print | $NL2SP`
-	done
-      fi
-
-      # Do each command in the archive commands.
-      if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
-	eval cmds=\"$old_archive_from_new_cmds\"
-      else
-	# Ensure that we have .o objects in place in case we decided
-	# not to build a shared library, and have fallen back to building
-	# static libs even though --disable-static was passed!
-	for oldobj in $oldobjs; do
-	  if test ! -f $oldobj; then
-	    xdir=`$echo "X$oldobj" | $Xsed -e 's%/[^/]*$%%'`
-	    if test "X$xdir" = "X$oldobj"; then
-	      xdir="."
-	    else
-	      xdir="$xdir"
-	    fi
-	    baseobj=`$echo "X$oldobj" | $Xsed -e 's%^.*/%%'`
-	    obj=`$echo "X$baseobj" | $Xsed -e "$o2lo"`
-	    $show "(cd $xdir && ${LN_S} $obj $baseobj)"
-	    $run eval '(cd $xdir && ${LN_S} $obj $baseobj)' || exit $?
-	  fi
-	done
-
-	eval cmds=\"$old_archive_cmds\"
-      fi
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-    done
-
-    if test -n "$generated"; then
-      $show "${rm}r$generated"
-      $run ${rm}r$generated
-    fi
-
-    # Now create the libtool archive.
-    case $output in
-    *.la)
-      old_library=
-      test "$build_old_libs" = yes && old_library="$libname.$libext"
-      $show "creating $output"
-
-      # Preserve any variables that may affect compiler behavior
-      for var in $variables_saved_for_relink; do
-	if eval test -z \"\${$var+set}\"; then
-	  relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
-	elif eval var_value=\$$var; test -z "$var_value"; then
-	  relink_command="$var=; export $var; $relink_command"
-	else
-	  var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
-	  relink_command="$var=\"$var_value\"; export $var; $relink_command"
-	fi
-      done
-      # Quote the link command for shipping.
-      relink_command="cd `pwd`; $SHELL $0 --mode=relink $libtool_args"
-      relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
-
-      # Only create the output if not a dry run.
-      if test -z "$run"; then
-	for installed in no yes; do
-	  if test "$installed" = yes; then
-	    if test -z "$install_libdir"; then
-	      break
-	    fi
-	    output="$output_objdir/$outputname"i
-	    # Replace all uninstalled libtool libraries with the installed ones
-	    newdependency_libs=
-	    for deplib in $dependency_libs; do
-	      case $deplib in
-	      *.la)
-		name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
-		eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
-		if test -z "$libdir"; then
-		  $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		  exit 1
-		fi
-		newdependency_libs="$newdependency_libs $libdir/$name"
-		;;
-	      *) newdependency_libs="$newdependency_libs $deplib" ;;
-	      esac
-	    done
-	    dependency_libs="$newdependency_libs"
-	    newdlfiles=
-	    for lib in $dlfiles; do
-	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
-	      if test -z "$libdir"; then
-		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit 1
-	      fi
-	      newdlfiles="$newdlfiles $libdir/$name"
-	    done
-	    dlfiles="$newdlfiles"
-	    newdlprefiles=
-	    for lib in $dlprefiles; do
-	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
-	      if test -z "$libdir"; then
-		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit 1
-	      fi
-	      newdlprefiles="$newdlprefiles $libdir/$name"
-	    done
-	    dlprefiles="$newdlprefiles"
-	  fi
-	  $rm $output
-	  # place dlname in correct position for cygwin
-	  tdlname=$dlname
-	  case $host,$output,$installed,$module,$dlname in
-	    *cygwin*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
-	  esac
-	  $echo > $output "\
-# $outputname - a libtool library file
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='$tdlname'
-
-# Names of this library.
-library_names='$library_names'
-
-# The name of the static archive.
-old_library='$old_library'
-
-# Libraries that this one depends upon.
-dependency_libs='$dependency_libs'
-
-# Version information for $libname.
-current=$current
-age=$age
-revision=$revision
-
-# Is this an already installed library?
-installed=$installed
-
-# Files to dlopen/dlpreopen
-dlopen='$dlfiles'
-dlpreopen='$dlprefiles'
-
-# Directory that this library needs to be installed in:
-libdir='$install_libdir'"
-	  if test "$installed" = no && test $need_relink = yes; then
-	    $echo >> $output "\
-relink_command=\"$relink_command\""
-	  fi
-	done
-      fi
-
-      # Do a symbolic link so that the libtool archive can be found in
-      # LD_LIBRARY_PATH before the program is installed.
-      $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
-      $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
-      ;;
-    esac
-    exit 0
-    ;;
-
-  # libtool install mode
-  install)
-    modename="$modename: install"
-
-    # There may be an optional sh(1) argument at the beginning of
-    # install_prog (especially on Windows NT).
-    if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
-       # Allow the use of GNU shtool's install command.
-       $echo "X$nonopt" | $Xsed | grep shtool > /dev/null; then
-      # Aesthetically quote it.
-      arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
-	arg="\"$arg\""
-	;;
-      esac
-      install_prog="$arg "
-      arg="$1"
-      shift
-    else
-      install_prog=
-      arg="$nonopt"
-    fi
-
-    # The real first argument should be the name of the installation program.
-    # Aesthetically quote it.
-    arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-    case $arg in
-    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
-      arg="\"$arg\""
-      ;;
-    esac
-    install_prog="$install_prog$arg"
-
-    # We need to accept at least all the BSD install flags.
-    dest=
-    files=
-    opts=
-    prev=
-    install_type=
-    isdir=no
-    stripme=
-    for arg
-    do
-      if test -n "$dest"; then
-	files="$files $dest"
-	dest="$arg"
-	continue
-      fi
-
-      case $arg in
-      -d) isdir=yes ;;
-      -f) prev="-f" ;;
-      -g) prev="-g" ;;
-      -m) prev="-m" ;;
-      -o) prev="-o" ;;
-      -s)
-	stripme=" -s"
-	continue
-	;;
-      -*) ;;
-
-      *)
-	# If the previous option needed an argument, then skip it.
-	if test -n "$prev"; then
-	  prev=
-	else
-	  dest="$arg"
-	  continue
-	fi
-	;;
-      esac
-
-      # Aesthetically quote the argument.
-      arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
-	arg="\"$arg\""
-	;;
-      esac
-      install_prog="$install_prog $arg"
-    done
-
-    if test -z "$install_prog"; then
-      $echo "$modename: you must specify an install program" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    if test -n "$prev"; then
-      $echo "$modename: the \`$prev' option requires an argument" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    if test -z "$files"; then
-      if test -z "$dest"; then
-	$echo "$modename: no file or destination specified" 1>&2
-      else
-	$echo "$modename: you must specify a destination" 1>&2
-      fi
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    # Strip any trailing slash from the destination.
-    dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
-
-    # Check to see that the destination is a directory.
-    test -d "$dest" && isdir=yes
-    if test "$isdir" = yes; then
-      destdir="$dest"
-      destname=
-    else
-      destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
-      test "X$destdir" = "X$dest" && destdir=.
-      destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
-
-      # Not a directory, so check to see that there is only one file specified.
-      set dummy $files
-      if test $# -gt 2; then
-	$echo "$modename: \`$dest' is not a directory" 1>&2
-	$echo "$help" 1>&2
-	exit 1
-      fi
-    fi
-    case $destdir in
-    [\\/]* | [A-Za-z]:[\\/]*) ;;
-    *)
-      for file in $files; do
-	case $file in
-	*.lo) ;;
-	*)
-	  $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	  ;;
-	esac
-      done
-      ;;
-    esac
-
-    # This variable tells wrapper scripts just to set variables rather
-    # than running their programs.
-    libtool_install_magic="$magic"
-
-    staticlibs=
-    future_libdirs=
-    current_libdirs=
-    for file in $files; do
-
-      # Do each installation.
-      case $file in
-      *.$libext)
-	# Do the static libraries later.
-	staticlibs="$staticlibs $file"
-	;;
-
-      *.la)
-	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-
-	library_names=
-	old_library=
-	relink_command=
-	# If there is no directory component, then add one.
-	case $file in
-	*/* | *\\*) . $file ;;
-	*) . ./$file ;;
-	esac
-
-	# Add the libdir to current_libdirs if it is the destination.
-	if test "X$destdir" = "X$libdir"; then
-	  case "$current_libdirs " in
-	  *" $libdir "*) ;;
-	  *) current_libdirs="$current_libdirs $libdir" ;;
-	  esac
-	else
-	  # Note the libdir as a future libdir.
-	  case "$future_libdirs " in
-	  *" $libdir "*) ;;
-	  *) future_libdirs="$future_libdirs $libdir" ;;
-	  esac
-	fi
-
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
-	test "X$dir" = "X$file/" && dir=
-	dir="$dir$objdir"
-
-	if test -n "$relink_command"; then
-	  $echo "$modename: warning: relinking \`$file'" 1>&2
-	  $show "$relink_command"
-	  if $run eval "$relink_command"; then :
-	  else
-	    $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-	    continue
-	  fi
-	fi
-
-	# See the names of the shared library.
-	set dummy $library_names
-	if test -n "$2"; then
-	  realname="$2"
-	  shift
-	  shift
-
-	  srcname="$realname"
-	  test -n "$relink_command" && srcname="$realname"T
-
-	  # Install the shared library and build the symlinks.
-	  $show "$install_prog $dir/$srcname $destdir/$realname"
-	  $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
-	  if test -n "$stripme" && test -n "$striplib"; then
-	    $show "$striplib $destdir/$realname"
-	    $run eval "$striplib $destdir/$realname" || exit $?
-	  fi
-
-	  if test $# -gt 0; then
-	    # Delete the old symlinks, and create new ones.
-	    for linkname
-	    do
-	      if test "$linkname" != "$realname"; then
-		$show "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
-		$run eval "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
-	      fi
-	    done
-	  fi
-
-	  # Do each command in the postinstall commands.
-	  lib="$destdir/$realname"
-	  eval cmds=\"$postinstall_cmds\"
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $cmds; do
-	    IFS="$save_ifs"
-	    $show "$cmd"
-	    $run eval "$cmd" || exit $?
-	  done
-	  IFS="$save_ifs"
-	fi
-
-	# Install the pseudo-library for information purposes.
-	name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	instname="$dir/$name"i
-	$show "$install_prog $instname $destdir/$name"
-	$run eval "$install_prog $instname $destdir/$name" || exit $?
-
-	# Maybe install the static library, too.
-	test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
-	;;
-
-      *.lo)
-	# Install (i.e. copy) a libtool object.
-
-	# Figure out destination file name, if it wasn't already specified.
-	if test -n "$destname"; then
-	  destfile="$destdir/$destname"
-	else
-	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	  destfile="$destdir/$destfile"
-	fi
-
-	# Deduce the name of the destination old-style object file.
-	case $destfile in
-	*.lo)
-	  staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
-	  ;;
-	*.$objext)
-	  staticdest="$destfile"
-	  destfile=
-	  ;;
-	*)
-	  $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	# Install the libtool object if requested.
-	if test -n "$destfile"; then
-	  $show "$install_prog $file $destfile"
-	  $run eval "$install_prog $file $destfile" || exit $?
-	fi
-
-	# Install the old object if enabled.
-	if test "$build_old_libs" = yes; then
-	  # Deduce the name of the old-style object file.
-	  staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
-
-	  $show "$install_prog $staticobj $staticdest"
-	  $run eval "$install_prog \$staticobj \$staticdest" || exit $?
-	fi
-	exit 0
-	;;
-
-      *)
-	# Figure out destination file name, if it wasn't already specified.
-	if test -n "$destname"; then
-	  destfile="$destdir/$destname"
-	else
-	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	  destfile="$destdir/$destfile"
-	fi
-
-	# Do a test to see if this is really a libtool program.
-	if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  notinst_deplibs=
-	  relink_command=
-
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  # Check the variables that should have been set.
-	  if test -z "$notinst_deplibs"; then
-	    $echo "$modename: invalid libtool wrapper script \`$file'" 1>&2
-	    exit 1
-	  fi
-
-	  finalize=yes
-	  for lib in $notinst_deplibs; do
-	    # Check to see that each library is installed.
-	    libdir=
-	    if test -f "$lib"; then
-	      # If there is no directory component, then add one.
-	      case $lib in
-	      */* | *\\*) . $lib ;;
-	      *) . ./$lib ;;
-	      esac
-	    fi
-	    libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
-	    if test -n "$libdir" && test ! -f "$libfile"; then
-	      $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
-	      finalize=no
-	    fi
-	  done
-
-	  relink_command=
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  outputname=
-	  if test "$fast_install" = no && test -n "$relink_command"; then
-	    if test "$finalize" = yes && test -z "$run"; then
-	      tmpdir="/tmp"
-	      test -n "$TMPDIR" && tmpdir="$TMPDIR"
-	      tmpdir="$tmpdir/libtool-$$"
-	      if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :
-	      else
-		$echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
-		continue
-	      fi
-	      file=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	      outputname="$tmpdir/$file"
-	      # Replace the output file specification.
-	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
-
-	      $show "$relink_command"
-	      if $run eval "$relink_command"; then :
-	      else
-		$echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-		${rm}r "$tmpdir"
-		continue
-	      fi
-	      file="$outputname"
-	    else
-	      $echo "$modename: warning: cannot relink \`$file'" 1>&2
-	    fi
-	  else
-	    # Install the binary that we compiled earlier.
-	    file=`$echo "X$file" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
-	  fi
-	fi
-
-	# remove .exe since cygwin /usr/bin/install will append another
-	# one anyways
-	case $install_prog,$host in
-	/usr/bin/install*,*cygwin*)
-	  case $file:$destfile in
-	  *.exe:*.exe)
-	    # this is ok
-	    ;;
-	  *.exe:*)
-	    destfile=$destfile.exe
-	    ;;
-	  *:*.exe)
-	    destfile=`echo $destfile | sed -e 's,.exe$,,'`
-	    ;;
-	  esac
-	  ;;
-	esac
-	$show "$install_prog$stripme $file $destfile"
-	$run eval "$install_prog\$stripme \$file \$destfile" || exit $?
-	test -n "$outputname" && ${rm}r "$tmpdir"
-	;;
-      esac
-    done
-
-    for file in $staticlibs; do
-      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-
-      # Set up the ranlib parameters.
-      oldlib="$destdir/$name"
-
-      $show "$install_prog $file $oldlib"
-      $run eval "$install_prog \$file \$oldlib" || exit $?
-
-      if test -n "$stripme" && test -n "$striplib"; then
-	$show "$old_striplib $oldlib"
-	$run eval "$old_striplib $oldlib" || exit $?
-      fi
-
-      # Do each command in the postinstall commands.
-      eval cmds=\"$old_postinstall_cmds\"
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-    done
-
-    if test -n "$future_libdirs"; then
-      $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
-    fi
-
-    if test -n "$current_libdirs"; then
-      # Maybe just do a dry run.
-      test -n "$run" && current_libdirs=" -n$current_libdirs"
-      exec_cmd='$SHELL $0 --finish$current_libdirs'
-    else
-      exit 0
-    fi
-    ;;
-
-  # libtool finish mode
-  finish)
-    modename="$modename: finish"
-    libdirs="$nonopt"
-    admincmds=
-
-    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
-      for dir
-      do
-	libdirs="$libdirs $dir"
-      done
-
-      for libdir in $libdirs; do
-	if test -n "$finish_cmds"; then
-	  # Do each command in the finish commands.
-	  eval cmds=\"$finish_cmds\"
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $cmds; do
-	    IFS="$save_ifs"
-	    $show "$cmd"
-	    $run eval "$cmd" || admincmds="$admincmds
-       $cmd"
-	  done
-	  IFS="$save_ifs"
-	fi
-	if test -n "$finish_eval"; then
-	  # Do the single finish_eval.
-	  eval cmds=\"$finish_eval\"
-	  $run eval "$cmds" || admincmds="$admincmds
-       $cmds"
-	fi
-      done
-    fi
-
-    # Exit here if they wanted silent mode.
-    test "$show" = ":" && exit 0
-
-    echo "----------------------------------------------------------------------"
-    echo "Libraries have been installed in:"
-    for libdir in $libdirs; do
-      echo "   $libdir"
-    done
-    echo
-    echo "If you ever happen to want to link against installed libraries"
-    echo "in a given directory, LIBDIR, you must either use libtool, and"
-    echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
-    echo "flag during linking and do at least one of the following:"
-    if test -n "$shlibpath_var"; then
-      echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
-      echo "     during execution"
-    fi
-    if test -n "$runpath_var"; then
-      echo "   - add LIBDIR to the \`$runpath_var' environment variable"
-      echo "     during linking"
-    fi
-    if test -n "$hardcode_libdir_flag_spec"; then
-      libdir=LIBDIR
-      eval flag=\"$hardcode_libdir_flag_spec\"
-
-      echo "   - use the \`$flag' linker flag"
-    fi
-    if test -n "$admincmds"; then
-      echo "   - have your system administrator run these commands:$admincmds"
-    fi
-    if test -f /etc/ld.so.conf; then
-      echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
-    fi
-    echo
-    echo "See any operating system documentation about shared libraries for"
-    echo "more information, such as the ld(1) and ld.so(8) manual pages."
-    echo "----------------------------------------------------------------------"
-    exit 0
-    ;;
-
-  # libtool execute mode
-  execute)
-    modename="$modename: execute"
-
-    # The first argument is the command name.
-    cmd="$nonopt"
-    if test -z "$cmd"; then
-      $echo "$modename: you must specify a COMMAND" 1>&2
-      $echo "$help"
-      exit 1
-    fi
-
-    # Handle -dlopen flags immediately.
-    for file in $execute_dlfiles; do
-      if test ! -f "$file"; then
-	$echo "$modename: \`$file' is not a file" 1>&2
-	$echo "$help" 1>&2
-	exit 1
-      fi
-
-      dir=
-      case $file in
-      *.la)
-	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-
-	# Read the libtool library.
-	dlname=
-	library_names=
-
-	# If there is no directory component, then add one.
-	case $file in
-	*/* | *\\*) . $file ;;
-	*) . ./$file ;;
-	esac
-
-	# Skip this library if it cannot be dlopened.
-	if test -z "$dlname"; then
-	  # Warn if it was a shared library.
-	  test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
-	  continue
-	fi
-
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$dir" = "X$file" && dir=.
-
-	if test -f "$dir/$objdir/$dlname"; then
-	  dir="$dir/$objdir"
-	else
-	  $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
-	  exit 1
-	fi
-	;;
-
-      *.lo)
-	# Just add the directory containing the .lo file.
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$dir" = "X$file" && dir=.
-	;;
-
-      *)
-	$echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
-	continue
-	;;
-      esac
-
-      # Get the absolute pathname.
-      absdir=`cd "$dir" && pwd`
-      test -n "$absdir" && dir="$absdir"
-
-      # Now add the directory to shlibpath_var.
-      if eval "test -z \"\$$shlibpath_var\""; then
-	eval "$shlibpath_var=\"\$dir\""
-      else
-	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
-      fi
-    done
-
-    # This variable tells wrapper scripts just to set shlibpath_var
-    # rather than running their programs.
-    libtool_execute_magic="$magic"
-
-    # Check if any of the arguments is a wrapper script.
-    args=
-    for file
-    do
-      case $file in
-      -*) ;;
-      *)
-	# Do a test to see if this is really a libtool program.
-	if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  # Transform arg to wrapped name.
-	  file="$progdir/$program"
-	fi
-	;;
-      esac
-      # Quote arguments (to preserve shell metacharacters).
-      file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
-      args="$args \"$file\""
-    done
-
-    if test -z "$run"; then
-      if test -n "$shlibpath_var"; then
-	# Export the shlibpath_var.
-	eval "export $shlibpath_var"
-      fi
-
-      # Restore saved enviroment variables
-      if test "${save_LC_ALL+set}" = set; then
-	LC_ALL="$save_LC_ALL"; export LC_ALL
-      fi
-      if test "${save_LANG+set}" = set; then
-	LANG="$save_LANG"; export LANG
-      fi
-
-      # Now prepare to actually exec the command.
-      exec_cmd='"$cmd"$args'
-    else
-      # Display what would be done.
-      if test -n "$shlibpath_var"; then
-	eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
-	$echo "export $shlibpath_var"
-      fi
-      $echo "$cmd$args"
-      exit 0
-    fi
-    ;;
-
-  # libtool clean and uninstall mode
-  clean | uninstall)
-    modename="$modename: $mode"
-    rm="$nonopt"
-    files=
-    rmforce=
-    exit_status=0
-
-    # This variable tells wrapper scripts just to set variables rather
-    # than running their programs.
-    libtool_install_magic="$magic"
-
-    for arg
-    do
-      case $arg in
-      -f) rm="$rm $arg"; rmforce=yes ;;
-      -*) rm="$rm $arg" ;;
-      *) files="$files $arg" ;;
-      esac
-    done
-
-    if test -z "$rm"; then
-      $echo "$modename: you must specify an RM program" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    rmdirs=
-
-    for file in $files; do
-      dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-      if test "X$dir" = "X$file"; then
-	dir=.
-	objdir="$objdir"
-      else
-	objdir="$dir/$objdir"
-      fi
-      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-      test $mode = uninstall && objdir="$dir"
-
-      # Remember objdir for removal later, being careful to avoid duplicates
-      if test $mode = clean; then
-	case " $rmdirs " in
-	  *" $objdir "*) ;;
-	  *) rmdirs="$rmdirs $objdir" ;;
-	esac
-      fi
-
-      # Don't error if the file doesn't exist and rm -f was used.
-      if (test -L "$file") >/dev/null 2>&1 \
-	|| (test -h "$file") >/dev/null 2>&1 \
-	|| test -f "$file"; then
-	:
-      elif test -d "$file"; then
-	exit_status=1
-	continue
-      elif test "$rmforce" = yes; then
-	continue
-      fi
-
-      rmfiles="$file"
-
-      case $name in
-      *.la)
-	# Possibly a libtool archive, so verify it.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  . $dir/$name
-
-	  # Delete the libtool libraries and symlinks.
-	  for n in $library_names; do
-	    rmfiles="$rmfiles $objdir/$n"
-	  done
-	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
-	  test $mode = clean && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
-
-	  if test $mode = uninstall; then
-	    if test -n "$library_names"; then
-	      # Do each command in the postuninstall commands.
-	      eval cmds=\"$postuninstall_cmds\"
-	      save_ifs="$IFS"; IFS='~'
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd"
-		if test $? != 0 && test "$rmforce" != yes; then
-		  exit_status=1
-		fi
-	      done
-	      IFS="$save_ifs"
-	    fi
-
-	    if test -n "$old_library"; then
-	      # Do each command in the old_postuninstall commands.
-	      eval cmds=\"$old_postuninstall_cmds\"
-	      save_ifs="$IFS"; IFS='~'
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd"
-		if test $? != 0 && test "$rmforce" != yes; then
-		  exit_status=1
-		fi
-	      done
-	      IFS="$save_ifs"
-	    fi
-	    # FIXME: should reinstall the best remaining shared library.
-	  fi
-	fi
-	;;
-
-      *.lo)
-	if test "$build_old_libs" = yes; then
-	  oldobj=`$echo "X$name" | $Xsed -e "$lo2o"`
-	  rmfiles="$rmfiles $dir/$oldobj"
-	fi
-	;;
-
-      *)
-	# Do a test to see if this is a libtool program.
-	if test $mode = clean &&
-	   (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  relink_command=
-	  . $dir/$file
-
-	  rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
-	  if test "$fast_install" = yes && test -n "$relink_command"; then
-	    rmfiles="$rmfiles $objdir/lt-$name"
-	  fi
-	fi
-	;;
-      esac
-      $show "$rm $rmfiles"
-      $run $rm $rmfiles || exit_status=1
-    done
-
-    # Try to remove the ${objdir}s in the directories where we deleted files
-    for dir in $rmdirs; do
-      if test -d "$dir"; then
-	$show "rmdir $dir"
-	$run rmdir $dir >/dev/null 2>&1
-      fi
-    done
-
-    exit $exit_status
-    ;;
-
-  "")
-    $echo "$modename: you must specify a MODE" 1>&2
-    $echo "$generic_help" 1>&2
-    exit 1
-    ;;
-  esac
-
-  if test -z "$exec_cmd"; then
-    $echo "$modename: invalid operation mode \`$mode'" 1>&2
-    $echo "$generic_help" 1>&2
-    exit 1
-  fi
-fi # test -z "$show_help"
-
-if test -n "$exec_cmd"; then
-  eval exec $exec_cmd
-  exit 1
-fi
-
-# We need to display help for each of the modes.
-case $mode in
-"") $echo \
-"Usage: $modename [OPTION]... [MODE-ARG]...
-
-Provide generalized library-building support services.
-
-    --config          show all configuration variables
-    --debug           enable verbose shell tracing
--n, --dry-run         display commands without modifying any files
-    --features        display basic configuration information and exit
-    --finish          same as \`--mode=finish'
-    --help            display this help message and exit
-    --mode=MODE       use operation mode MODE [default=inferred from MODE-ARGS]
-    --quiet           same as \`--silent'
-    --silent          don't print informational messages
-    --version         print version information
-
-MODE must be one of the following:
-
-      clean           remove files from the build directory
-      compile         compile a source file into a libtool object
-      execute         automatically set library path, then run a program
-      finish          complete the installation of libtool libraries
-      install         install libraries or executables
-      link            create a library or an executable
-      uninstall       remove libraries from an installed directory
-
-MODE-ARGS vary depending on the MODE.  Try \`$modename --help --mode=MODE' for
-a more detailed description of MODE."
-  exit 0
-  ;;
-
-clean)
-  $echo \
-"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
-
-Remove files from the build directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
-to RM.
-
-If FILE is a libtool library, object or program, all the files associated
-with it are deleted. Otherwise, only FILE itself is deleted using RM."
-  ;;
-
-compile)
-  $echo \
-"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
-
-Compile a source file into a libtool library object.
-
-This mode accepts the following additional options:
-
-  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
-  -prefer-pic       try to building PIC objects only
-  -prefer-non-pic   try to building non-PIC objects only
-  -static           always build a \`.o' file suitable for static linking
-
-COMPILE-COMMAND is a command to be used in creating a \`standard' object file
-from the given SOURCEFILE.
-
-The output file name is determined by removing the directory component from
-SOURCEFILE, then substituting the C source code suffix \`.c' with the
-library object suffix, \`.lo'."
-  ;;
-
-execute)
-  $echo \
-"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
-
-Automatically set library path, then run a program.
-
-This mode accepts the following additional options:
-
-  -dlopen FILE      add the directory containing FILE to the library path
-
-This mode sets the library path environment variable according to \`-dlopen'
-flags.
-
-If any of the ARGS are libtool executable wrappers, then they are translated
-into their corresponding uninstalled binary, and any of their required library
-directories are added to the library path.
-
-Then, COMMAND is executed, with ARGS as arguments."
-  ;;
-
-finish)
-  $echo \
-"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
-
-Complete the installation of libtool libraries.
-
-Each LIBDIR is a directory that contains libtool libraries.
-
-The commands that this mode executes may require superuser privileges.  Use
-the \`--dry-run' option if you just want to see what would be executed."
-  ;;
-
-install)
-  $echo \
-"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
-
-Install executables or libraries.
-
-INSTALL-COMMAND is the installation command.  The first component should be
-either the \`install' or \`cp' program.
-
-The rest of the components are interpreted as arguments to that command (only
-BSD-compatible install options are recognized)."
-  ;;
-
-link)
-  $echo \
-"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
-
-Link object files or libraries together to form another library, or to
-create an executable program.
-
-LINK-COMMAND is a command using the C compiler that you would use to create
-a program from several object files.
-
-The following components of LINK-COMMAND are treated specially:
-
-  -all-static       do not do any dynamic linking at all
-  -avoid-version    do not add a version suffix if possible
-  -dlopen FILE      \`-dlpreopen' FILE if it cannot be dlopened at runtime
-  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
-  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
-  -export-symbols SYMFILE
-		    try to export only the symbols listed in SYMFILE
-  -export-symbols-regex REGEX
-		    try to export only the symbols matching REGEX
-  -LLIBDIR          search LIBDIR for required installed libraries
-  -lNAME            OUTPUT-FILE requires the installed library libNAME
-  -module           build a library that can dlopened
-  -no-fast-install  disable the fast-install mode
-  -no-install       link a not-installable executable
-  -no-undefined     declare that a library does not refer to external symbols
-  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
-  -release RELEASE  specify package release information
-  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
-  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
-  -static           do not do any dynamic linking of libtool libraries
-  -version-info CURRENT[:REVISION[:AGE]]
-		    specify library version info [each variable defaults to 0]
-
-All other options (arguments beginning with \`-') are ignored.
-
-Every other argument is treated as a filename.  Files ending in \`.la' are
-treated as uninstalled libtool libraries, other files are standard or library
-object files.
-
-If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
-only library objects (\`.lo' files) may be specified, and \`-rpath' is
-required, except when creating a convenience library.
-
-If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
-using \`ar' and \`ranlib', or on Windows using \`lib'.
-
-If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
-is created, otherwise an executable program is created."
-  ;;
-
-uninstall)
-  $echo \
-"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
-
-Remove libraries from an installation directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
-to RM.
-
-If FILE is a libtool library, all the files associated with it are deleted.
-Otherwise, only FILE itself is deleted using RM."
-  ;;
-
-*)
-  $echo "$modename: invalid operation mode \`$mode'" 1>&2
-  $echo "$help" 1>&2
-  exit 1
-  ;;
-esac
-
-echo
-$echo "Try \`$modename --help' for more information about other modes."
-
-exit 0
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/crypto/heimdal/ltconfig b/crypto/heimdal/ltconfig
deleted file mode 100755
index cc814fa3a409..000000000000
--- a/crypto/heimdal/ltconfig
+++ /dev/null
@@ -1,3134 +0,0 @@
-#! /bin/sh
-
-# ltconfig - Create a system-specific libtool.
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# A lot of this script is taken from autoconf-2.10.
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-echo=echo
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell.
-  exec "$SHELL" "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit 0
-fi
-
-# Find the correct PATH separator.  Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
-  UNAME=${UNAME-`uname 2>/dev/null`}
-  case X$UNAME in
-    *-DOS) PATH_SEPARATOR=';' ;;
-    *)     PATH_SEPARATOR=':' ;;
-  esac
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-if test "X${echo_test_string+set}" != Xset; then
-  # find a string as large as possible, as long as the shell can cope with it
-  for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
-    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
-    if (echo_test_string="`eval $cmd`") 2>/dev/null &&
-       echo_test_string="`eval $cmd`" &&
-       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null; then
-      break
-    fi
-  done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-   test "X$echo_testing_string" = "X$echo_test_string"; then
-  :
-else
-  # The Solaris, AIX, and Digital Unix default echo programs unquote
-  # backslashes.  This makes it impossible to quote backslashes using
-  #   echo "$something" | sed 's/\\/\\\\/g'
-  #
-  # So, first we look for a working echo in the user's PATH.
-
-  IFS="${IFS= 	}"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}"
-  for dir in $PATH /usr/ucb; do
-    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
-       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      echo="$dir/echo"
-      break
-    fi
-  done
-  IFS="$save_ifs"
-
-  if test "X$echo" = Xecho; then
-    # We didn't find a better echo, so look for alternatives.
-    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
-       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
-       test "X$echo_testing_string" = "X$echo_test_string"; then
-      # This shell has a builtin print -r that does the trick.
-      echo='print -r'
-    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
-	 test "X$CONFIG_SHELL" != X/bin/ksh; then
-      # If we have ksh, try running ltconfig again with it.
-      ORIGINAL_CONFIG_SHELL="${CONFIG_SHELL-/bin/sh}"
-      export ORIGINAL_CONFIG_SHELL
-      CONFIG_SHELL=/bin/ksh
-      export CONFIG_SHELL
-      exec "$CONFIG_SHELL" "$0" --no-reexec ${1+"$@"}
-    else
-      # Try using printf.
-      echo='printf %s\n'
-      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
-	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
-	 test "X$echo_testing_string" = "X$echo_test_string"; then
-	# Cool, printf works
-	:
-      elif echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	CONFIG_SHELL="$ORIGINAL_CONFIG_SHELL"
-	export CONFIG_SHELL
-	SHELL="$CONFIG_SHELL"
-	export SHELL
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      elif echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` &&
-	   test "X$echo_testing_string" = 'X\t' &&
-	   echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
-	   test "X$echo_testing_string" = "X$echo_test_string"; then
-	echo="$CONFIG_SHELL $0 --fallback-echo"
-      else
-	# maybe with a smaller string...
-	prev=:
-
-	for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
-	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null; then
-	    break
-	  fi
-	  prev="$cmd"
-	done
-
-	if test "$prev" != 'sed 50q "$0"'; then
-	  echo_test_string=`eval $prev`
-	  export echo_test_string
-	  exec "${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}}" "$0" ${1+"$@"}
-	else
-	  # Oops.  We lost completely, so just stick with echo.
-	  echo=echo
-	fi
-      fi
-    fi
-  fi
-fi
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e s/^X//'
-sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# The name of this program.
-progname=`$echo "X$0" | $Xsed -e 's%^.*/%%'`
-
-# Constants:
-PROGRAM=ltconfig
-PACKAGE=libtool
-VERSION=1.3c
-TIMESTAMP=" (1.731 2000/07/10 09:42:21)"
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-rm="rm -f"
-
-help="Try \`$progname --help' for more information."
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-enable_shared=yes
-# All known linkers require a `.a' archive for static linking (except M$VC,
-# which needs '.lib').
-enable_static=yes
-enable_fast_install=yes
-enable_dlopen=unknown
-enable_win32_dll=no
-pic_mode=default
-ltmain=
-silent=
-srcdir=
-ac_config_guess=
-ac_config_sub=
-host=
-build=NONE
-nonopt=NONE
-ofile="$default_ofile"
-verify_host=yes
-with_gcc=no
-with_gnu_ld=no
-need_locks=yes
-ac_ext=c
-libext=a
-cache_file=
-
-old_AR="$AR"
-old_AR_FLAGS="$AR_FLAGS"
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-old_CPPFLAGS="$CPPFLAGS"
-old_LDFLAGS="$LDFLAGS"
-old_LIBS="$LIBS"
-old_MAGIC="$MAGIC"
-old_LD="$LD"
-old_LN_S="$LN_S"
-old_NM="$NM"
-old_RANLIB="$RANLIB"
-old_STRIP="$STRIP"
-old_AS="$AS"
-old_DLLTOOL="$DLLTOOL"
-old_OBJDUMP="$OBJDUMP"
-old_OBJEXT="$OBJEXT"
-old_EXEEXT="$EXEEXT"
-old_reload_Flag="$reload_flag"
-old_deplibs_check_method="$deplibs_check_method"
-old_file_magic_cmd="$file_magic_cmd"
-
-# Parse the command line options.
-args=
-prev=
-for option
-do
-  case "$option" in
-  -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  # If the previous option needs an argument, assign it.
-  if test -n "$prev"; then
-    eval "$prev=\$option"
-    prev=
-    continue
-  fi
-
-  case "$option" in
-  --help) cat <<EOM
-Usage: $progname [OPTION]... LTMAIN [HOST]
-
-Generate a system-specific libtool script.
-
-    --build                configure for building on BUILD [BUILD=HOST]
-    --debug                enable verbose shell tracing
-    --disable-shared       do not build shared libraries
-    --disable-static       do not build static libraries
-    --disable-fast-install do not optimize for fast installation
-    --enable-dlopen        enable dlopen support
-    --enable-win32-dll     enable building dlls on win32 hosts
-    --help                 display this help and exit
-    --no-verify            do not verify that HOST is a valid host type
--o, --output=FILE          specify the output file [default=$default_ofile]
-    --quiet                same as \`--silent'
-    --silent               do not print informational messages
-    --srcdir=DIR           find \`config.guess' in DIR
-    --version              output version information and exit
-    --with-gcc             assume that the GNU C compiler will be used
-    --with-gnu-ld          assume that the C compiler uses the GNU linker
-    --prefer-pic           try to use only PIC objects
-    --prefer-non-pic       try to use only non-PIC objects
-    --disable-lock         disable file locking
-    --cache-file=FILE      configure cache file
-
-LTMAIN is the \`ltmain.sh' shell script fragment or \`ltmain.c' program
-that provides basic libtool functionality.
-
-HOST is the canonical host system name [default=guessed].
-EOM
-  exit 0
-  ;;
-
-  --build) prev=build ;;
-  --build=*) build="$optarg" ;;
-
-  --debug)
-    echo "$progname: enabling shell trace mode"
-    set -x
-    ;;
-
-  --disable-shared) enable_shared=no ;;
-
-  --disable-static) enable_static=no ;;
-
-  --disable-fast-install) enable_fast_install=no ;;
-
-  --enable-dlopen) enable_dlopen=yes ;;
-
-  --enable-win32-dll) enable_win32_dll=yes ;;
-
-  --quiet | --silent) silent=yes ;;
-
-  --srcdir) prev=srcdir ;;
-  --srcdir=*) srcdir="$optarg" ;;
-
-  --no-verify) verify_host=no ;;
-
-  --output | -o) prev=ofile ;;
-  --output=*) ofile="$optarg" ;;
-
-  --version) echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"; exit 0 ;;
-
-  --with-gcc) with_gcc=yes ;;
-  --with-gnu-ld) with_gnu_ld=yes ;;
-
-  --prefer-pic) pic_mode=yes ;;
-  --prefer-non-pic) pic_mode=no ;;
-
-  --disable-lock) need_locks=no ;;
-
-  --cache-file=*) cache_file="$optarg" ;;
-
-  -*)
-    echo "$progname: unrecognized option \`$option'" 1>&2
-    echo "$help" 1>&2
-    exit 1
-    ;;
-
-  *)
-    if test -z "$ltmain"; then
-      ltmain="$option"
-    elif test -z "$host"; then
-# This generates an unnecessary warning for sparc-sun-solaris4.1.3_U1
-#      if test -n "`echo $option| sed 's/[-a-z0-9.]//g'`"; then
-#        echo "$progname: warning \`$option' is not a valid host type" 1>&2
-#      fi
-      host="$option"
-    else
-      echo "$progname: too many arguments" 1>&2
-      echo "$help" 1>&2
-      exit 1
-    fi ;;
-  esac
-done
-
-if test -z "$ltmain"; then
-  echo "$progname: you must specify a LTMAIN file" 1>&2
-  echo "$help" 1>&2
-  exit 1
-fi
-
-if test ! -f "$ltmain"; then
-  echo "$progname: \`$ltmain' does not exist" 1>&2
-  echo "$help" 1>&2
-  exit 1
-fi
-
-# Quote any args containing shell metacharacters.
-ltconfig_args=
-for arg
-do
-  case "$arg" in
-  *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
-  ltconfig_args="$ltconfig_args '$arg'" ;;
-  *) ltconfig_args="$ltconfig_args $arg" ;;
-  esac
-done
-
-# A relevant subset of AC_INIT.
-
-# File descriptor usage:
-# 0 standard input
-# 1 file creation
-# 2 errors and warnings
-# 3 some systems may open it to /dev/tty
-# 4 used on the Kubota Titan
-# 5 compiler messages saved in config.log
-# 6 checking for... messages and results
-if test "$silent" = yes; then
-  exec 6>/dev/null
-else
-  exec 6>&1
-fi
-exec 5>>./config.log
-
-# NLS nuisances.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
-if test "X${LC_ALL+set}" = Xset; then LC_ALL=C; export LC_ALL; fi
-if test "X${LANG+set}"   = Xset; then LANG=C;   export LANG;   fi
-
-if test -n "$cache_file" && test -r "$cache_file"; then
-  echo "loading cache $cache_file within ltconfig"
-  . $cache_file
-fi
-
-if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
-  # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
-  if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
-    ac_n= ac_c='
-' ac_t='	'
-  else
-    ac_n=-n ac_c= ac_t=
-  fi
-else
-  ac_n= ac_c='\c' ac_t=
-fi
-
-if test -z "$srcdir"; then
-  # Assume the source directory is the same one as the path to LTMAIN.
-  srcdir=`$echo "X$ltmain" | $Xsed -e 's%/[^/]*$%%'`
-  test "$srcdir" = "$ltmain" && srcdir=.
-fi
-
-trap "$rm conftest*; exit 1" 1 2 15
-if test "$verify_host" = yes; then
-  # Check for config.guess and config.sub.
-  ac_aux_dir=
-  for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
-    if test -f $ac_dir/config.guess; then
-      ac_aux_dir=$ac_dir
-      break
-    fi
-  done
-  if test -z "$ac_aux_dir"; then
-    echo "$progname: cannot find config.guess in $srcdir $srcdir/.. $srcdir/../.." 1>&2
-    echo "$help" 1>&2
-    exit 1
-  fi
-  ac_config_guess=$ac_aux_dir/config.guess
-  ac_config_sub=$ac_aux_dir/config.sub
-
-  # Make sure we can run config.sub.
-  if $SHELL $ac_config_sub sun4 >/dev/null 2>&1; then :
-  else
-    echo "$progname: cannot run $ac_config_sub" 1>&2
-    echo "$help" 1>&2
-    exit 1
-  fi
-
-  echo $ac_n "checking host system type""... $ac_c" 1>&6
-
-  host_alias=$host
-  case "$host_alias" in
-  "")
-    if host_alias=`$SHELL $ac_config_guess`; then :
-    else
-      echo "$progname: cannot guess host type; you must specify one" 1>&2
-      echo "$help" 1>&2
-      exit 1
-    fi ;;
-  esac
-  host=`$SHELL $ac_config_sub $host_alias`
-  echo "$ac_t$host" 1>&6
-
-  # Make sure the host verified.
-  test -z "$host" && exit 1
-
-  # Check for the build system type
-  echo $ac_n "checking build system type... $ac_c" 1>&6
-
-  build_alias=$build
-  case "$build_alias" in
-  NONE)
-    case $nonopt in
-    NONE) build_alias=$host_alias ;;
-    *) build_alias=$nonopt ;;
-    esac ;;
-  esac
-
-  build=`$SHELL $ac_config_sub $build_alias`
-  build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-  build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-  build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-  echo "$ac_t""$build" 1>&6
-
-elif test -z "$host"; then
-  echo "$progname: you must specify a host type if you use \`--no-verify'" 1>&2
-  echo "$help" 1>&2
-  exit 1
-else
-  host_alias=$host
-  build_alias=$host_alias
-  build=$host
-fi
-
-if test x"$host" != x"$build"; then
-  ac_tool_prefix=${host_alias}-
-else
-  ac_tool_prefix=
-fi
-
-host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-# Transform linux* to *-*-linux-gnu*, to support old configure scripts.
-case "$host_os" in
-linux-gnu*) ;;
-linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'`
-esac
-
-case "$host_os" in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test "X${COLLECT_NAMES+set}" != Xset; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$MAGIC" && MAGIC=file
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$NM" && NM=nm
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$objext" && objext=o
-
-echo $ac_n "checking for objdir... $ac_c" 1>&6
-rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-echo "$ac_t$objdir" 1>&6
-
-# Allow CC to be a program name with arguments.
-set dummy $CC
-compiler="$2"
-
-# We assume here that the value for ac_cv_prog_cc_pic will not be cached
-# in isolation, and that seeing it set (from the cache) indicates that
-# the associated values are set (in the cache) correctly too.
-echo $ac_n "checking for $compiler option to produce PIC... $ac_c" 1>&6
-echo "$progname:565:checking for $compiler option to produce PIC" 1>&5
-if test "X${ac_cv_prog_cc_pic+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_cv_prog_cc_pic=
-  ac_cv_prog_cc_shlib=
-  ac_cv_prog_cc_wl=
-  ac_cv_prog_cc_static=
-  ac_cv_prog_cc_no_builtin=
-  ac_cv_prog_cc_can_build_shared=$can_build_shared
-
-  if test "$with_gcc" = yes; then
-    ac_cv_prog_cc_wl='-Wl,'
-    ac_cv_prog_cc_static='-static'
-
-    case "$host_os" in
-    beos* | irix5* | irix6* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    aix*)
-      # Below there is a dirty hack to force normal static linking with -ldl
-      # The problem is because libdl dynamically linked with both libc and
-      # libC (AIX C++ library), which obviously doesn't included in libraries
-      # list by gcc. This cause undefined symbols with -static flags.
-      # This hack allows C programs to be linked with "-static -ldl", but
-      # we not sure about C++ programs.
-      ac_cv_prog_cc_static="$ac_cv_prog_cc_static ${ac_cv_prog_cc_wl}-lC"
-      ;;
-    cygwin* | mingw* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      ac_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-    amigaos*)
-      # FIXME: we need at least 68020 code to build shared libraries, but
-      # adding the `-m68020' flag to GCC prevents building anything better,
-      # like `-m68040'.
-      ac_cv_prog_cc_pic='-m68020 -resident32 -malways-restore-a4'
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	 ac_cv_prog_cc_pic=-Kconform_pic
-      fi
-      ;;
-    *)
-      ac_cv_prog_cc_pic='-fPIC'
-      ;;
-    esac
-  else
-    # PORTME Check for PIC flags for the system compiler.
-    case "$host_os" in
-    aix3* | aix4*)
-     # All AIX code is PIC.
-      ac_cv_prog_cc_static='-bnso -bI:/lib/syscalls.exp'
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      # Is there a better ac_cv_prog_cc_static that works with the bundled CC?
-      ac_cv_prog_cc_wl='-Wl,'
-      ac_cv_prog_cc_static="${ac_cv_prog_cc_wl}-a ${ac_cv_prog_cc_wl}archive"
-      ac_cv_prog_cc_pic='+Z'
-      ;;
-
-    irix5* | irix6*)
-      ac_cv_prog_cc_wl='-Wl,'
-      ac_cv_prog_cc_static='-non_shared'
-      # PIC (with -KPIC) is the default.
-      ;;
-
-    cygwin* | mingw* | os2*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      ac_cv_prog_cc_pic='-DDLL_EXPORT'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      # All OSF/1 code is PIC.
-      ac_cv_prog_cc_wl='-Wl,'
-      ac_cv_prog_cc_static='-non_shared'
-      ;;
-
-    sco3.2v5*)
-      ac_cv_prog_cc_pic='-Kpic'
-      ac_cv_prog_cc_static='-dn'
-      ac_cv_prog_cc_shlib='-belf'
-      ;;
-
-    solaris*)
-      ac_cv_prog_cc_pic='-KPIC'
-      ac_cv_prog_cc_static='-Bstatic'
-      ac_cv_prog_cc_wl='-Wl,'
-      ;;
-
-    sunos4*)
-      ac_cv_prog_cc_pic='-PIC'
-      ac_cv_prog_cc_static='-Bstatic'
-      ac_cv_prog_cc_wl='-Qoption ld '
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-      ac_cv_prog_cc_pic='-KPIC'
-      ac_cv_prog_cc_static='-Bstatic'
-      ac_cv_prog_cc_wl='-Wl,'
-      ;;
-
-    uts4*)
-      ac_cv_prog_cc_pic='-pic'
-      ac_cv_prog_cc_static='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec ;then
-	ac_cv_prog_cc_pic='-Kconform_pic'
-	ac_cv_prog_cc_static='-Bstatic'
-      fi
-      ;;
-
-    *)
-      ac_cv_prog_cc_can_build_shared=no
-      ;;
-    esac
-  fi
-fi
-if test -z "$ac_cv_prog_cc_pic"; then
-  echo "$ac_t"none 1>&6
-else
-  echo "$ac_t""$ac_cv_prog_cc_pic" 1>&6
-
-  # Check to make sure the pic_flag actually works.
-  echo $ac_n "checking if $compiler PIC flag $ac_cv_prog_cc_pic works... $ac_c" 1>&6
-  echo "$progname:695:checking that $compiler PIC flag $ac_cv_prog_cc_pic works." 1>&5
-  if test "X${ac_cv_prog_cc_pic_works+set}" = Xset; then
-    echo $ac_n "(cached) $ac_c" 1>&6
-  else
-    ac_cv_prog_cc_pic_works=yes
-    $rm conftest*
-    echo "int some_variable = 0;" > conftest.c
-    save_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS $ac_cv_prog_cc_pic -DPIC"
-    if { (eval echo $progname:704: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then
-      # Append any warnings to the config.log.
-      cat conftest.err 1>&5
-
-      case "$host_os" in
-      hpux9* | hpux10* | hpux11*)
-	# On HP-UX, both CC and GCC only warn that PIC is supported... then
-	# they create non-PIC objects.  So, if there were any warnings, we
-	# assume that PIC is not supported.
-	if test -s conftest.err; then
-	  ac_cv_prog_cc_pic_works=no
-	  ac_cv_prog_cc_can_build_shared=no
-	  ac_cv_prog_cc_pic=
-	else
-	  ac_cv_prog_cc_pic_works=yes
-	  ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic"
-	fi
-	;;
-      *)
-	ac_cv_prog_cc_pic_works=yes
-	ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic"
-	;;
-      esac
-    else
-      # Append any errors to the config.log.
-      cat conftest.err 1>&5
-      ac_cv_prog_cc_pic_works=no
-      ac_cv_prog_cc_can_build_shared=no
-      ac_cv_prog_cc_pic=
-    fi
-    CFLAGS="$save_CFLAGS"
-    $rm conftest*
-  fi
-  # Belt *and* braces to stop my trousers falling down:
-  if test "X$ac_cv_prog_cc_pic_works" = Xno; then
-    ac_cv_prog_cc_pic=
-    ac_cv_prog_cc_can_build_shared=no
-  fi
-  echo "$ac_t""$ac_cv_prog_cc_pic_works" 1>&6
-fi
-
-# Check for any special shared library compilation flags.
-if test -n "$ac_cv_prog_cc_shlib"; then
-  echo "$progname: warning: \`$CC' requires \`$ac_cv_prog_cc_shlib' to build shared libraries" 1>&2
-  if echo "$old_CC $old_CFLAGS " | egrep -e "[ 	]$ac_cv_prog_cc_shlib[ 	]" >/dev/null; then :
-  else
-    echo "$progname: add \`$ac_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" 1>&2
-    ac_cv_prog_cc_can_build_shared=no
-  fi
-fi
-
-echo $ac_n "checking if $compiler static flag $ac_cv_prog_cc_static works... $ac_c" 1>&6
-echo "$progname:756: checking if $compiler static flag $ac_cv_prog_cc_static works" >&5
-if test "X${ac_cv_prog_cc_static_works+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  $rm conftest*
-  echo 'main(){return(0);}' > conftest.c
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS $ac_cv_prog_cc_static"
-  if { (eval echo $progname:764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-    ac_cv_prog_cc_static_works=yes
-  else
-    ac_cv_prog_cc_static_works=no
-    ac_cv_prog_cc_static=
-  fi
-  LDFLAGS="$save_LDFLAGS"
-  $rm conftest*
-fi
-# Belt *and* braces to stop my trousers falling down:
-if test "X$ac_cv_prog_cc_static_works" = Xno; then
-  ac_cv_prog_cc_static=
-fi
-echo "$ac_t""$ac_cv_prog_cc_static_works" 1>&6
-pic_flag="$ac_cv_prog_cc_pic"
-special_shlib_compile_flags="$ac_cv_prog_cc_shlib"
-wl="$ac_cv_prog_cc_wl"
-link_static_flag="$ac_cv_prog_cc_static"
-no_builtin_flag="$ac_cv_prog_cc_no_builtin"
-can_build_shared="$ac_cv_prog_cc_can_build_shared"
-
-# Check to see if options -o and -c are simultaneously supported by compiler
-echo $ac_n "checking if $compiler supports -c -o file.o... $ac_c" 1>&6
-$rm -r conftest 2>/dev/null
-mkdir conftest
-cd conftest
-$rm conftest*
-echo "int some_variable = 0;" > conftest.c
-mkdir out
-# According to Tom Tromey, Ian Lance Taylor reported there are C compilers
-# that will create temporary files in the current directory regardless of
-# the output directory.  Thus, making CWD read-only will cause this test
-# to fail, enabling locking or at least warning the user not to do parallel
-# builds.
-chmod -w .
-save_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS -o out/conftest2.o"
-echo "$progname:801: checking if $compiler supports -c -o file.o" >&5
-if { (eval echo $progname:802: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.o; then
-
-  # The compiler can only warn and ignore the option if not recognized
-  # So say no if there are warnings
-    if test -s out/conftest.err; then
-      echo "$ac_t"no 1>&6
-      compiler_c_o=no
-    else
-      echo "$ac_t"yes 1>&6
-      compiler_c_o=yes
-    fi
-else
-  # Append any errors to the config.log.
-  cat out/conftest.err 1>&5
-  compiler_c_o=no
-  echo "$ac_t"no 1>&6
-fi
-CFLAGS="$save_CFLAGS"
-chmod u+w .
-$rm conftest* out/*
-rmdir out
-cd ..
-rmdir conftest
-$rm -r conftest 2>/dev/null
-
-if test x"$compiler_c_o" = x"yes"; then
-  # Check to see if we can write to a .lo
-  echo $ac_n "checking if $compiler supports -c -o file.lo... $ac_c" 1>&6
-  $rm conftest*
-  echo "int some_variable = 0;" > conftest.c
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -c -o conftest.lo"
-  echo "$progname:834: checking if $compiler supports -c -o file.lo" >&5
-if { (eval echo $progname:835: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.lo; then
-
-    # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-      if test -s conftest.err; then
-	echo "$ac_t"no 1>&6
-	compiler_o_lo=no
-      else
-	echo "$ac_t"yes 1>&6
-	compiler_o_lo=yes
-      fi
-  else
-    # Append any errors to the config.log.
-    cat conftest.err 1>&5
-    compiler_o_lo=no
-    echo "$ac_t"no 1>&6
-  fi
-  CFLAGS="$save_CFLAGS"
-  $rm conftest*
-else
-  compiler_o_lo=no
-fi
-
-# Check to see if we can do hard links to lock some files if needed
-hard_links="nottested"
-if test "$compiler_c_o" = no && test "$need_locks" != no; then
-  # do not overwrite the value of need_locks provided by the user
-  echo $ac_n "checking if we can lock with hard links... $ac_c" 1>&6
-  hard_links=yes
-  $rm conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  echo "$ac_t$hard_links" 1>&6
-  $rm conftest*
-  if test "$hard_links" = no; then
-    echo "*** WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-
-if test "$with_gcc" = yes; then
-  # Check to see if options -fno-rtti -fno-exceptions are supported by compiler
-  echo $ac_n "checking if $compiler supports -fno-rtti -fno-exceptions ... $ac_c" 1>&6
-  $rm conftest*
-  echo "int some_variable = 0;" > conftest.c
-  save_CFLAGS="$CFLAGS"
-  CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.c"
-  echo "$progname:886: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-  if { (eval echo $progname:887: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.o; then
-
-    # The compiler can only warn and ignore the option if not recognized
-    # So say no if there are warnings
-      if test -s conftest.err; then
-	echo "$ac_t"no 1>&6
-	compiler_rtti_exceptions=no
-      else
-	echo "$ac_t"yes 1>&6
-	compiler_rtti_exceptions=yes
-      fi
-  else
-    # Append any errors to the config.log.
-    cat conftest.err 1>&5
-    compiler_rtti_exceptions=no
-    echo "$ac_t"no 1>&6
-  fi
-  CFLAGS="$save_CFLAGS"
-  $rm conftest*
-
-  if test "$compiler_rtti_exceptions" = "yes"; then
-    no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'
-  else
-    no_builtin_flag=' -fno-builtin'
-  fi
-
-fi
-
-# See if the linker supports building shared libraries.
-echo $ac_n "checking whether the linker ($LD) supports shared libraries... $ac_c" 1>&6
-
-allow_undefined_flag=
-no_undefined_flag=
-need_lib_prefix=unknown
-need_version=unknown
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-archive_cmds=
-archive_expsym_cmds=
-old_archive_from_new_cmds=
-old_archive_from_expsyms_cmds=
-striplib=
-old_striplib=
-export_dynamic_flag_spec=
-whole_archive_flag_spec=
-thread_safe_flag_spec=
-hardcode_into_libs=no
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-hardcode_shlibpath_var=unsupported
-runpath_var=
-link_all_deplibs=unknown
-always_export_symbols=no
-export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols'
-# include_expsyms should be a list of space-separated symbols to be *always*
-# included in the symbol list
-include_expsyms=
-# exclude_expsyms can be an egrep regular expression of symbols to exclude
-# it will be wrapped by ` (' and `)$', so one must not match beginning or
-# end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-# as well as any symbol that contains `d'.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-# platforms (ab)use it in PIC code, but their linkers get confused if
-# the symbol is explicitly referenced.  Since portable code cannot
-# rely on this symbol name, it's probably fine to never include it in
-# preloaded symbol tables.
-extract_expsyms_cmds=
-
-case "$host_os" in
-cygwin* | mingw*)
-  # FIXME: the MSVC++ port hasn't been tested in a loooong time
-  # When not using gcc, we currently assume that we are using
-  # Microsoft Visual C++.
-  if test "$with_gcc" != yes; then
-    with_gnu_ld=no
-  fi
-  ;;
-
-esac
-
-ld_shlibs=yes
-if test "$with_gnu_ld" = yes; then
-  # If archive_cmds runs LD, not CC, wlarc should be empty
-  wlarc='${wl}'
-
-  # See if GNU ld supports shared libraries.
-  case "$host_os" in
-  aix3* | aix4*)
-    # On AIX, the GNU linker is very broken
-    ld_shlibs=no
-    cat <<EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.9.1, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to modify your PATH
-*** so that a non-GNU linker is found, and then restart.
-
-EOF
-    ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-
-    # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
-    # that the semantics of dynamic libraries on AmigaOS, at least up
-    # to version 4, is to share data among multiple programs linked
-    # with the same dynamic library.  Since this doesn't match the
-    # behavior of shared libraries on other platforms, we can use
-    # them.
-    ld_shlibs=no
-    ;;
-
-  beos*)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      allow_undefined_flag=unsupported
-      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-      # support --undefined.  This deserves some investigation.  FIXME
-      archive_cmds='$CC -nostart $libobjs $deplibs $linker_flags ${wl}-soname $wl$soname -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  cygwin* | mingw*)
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec='-L$libdir'
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-
-    extract_expsyms_cmds='test -f $output_objdir/impgen.c || \
-      sed -e "/^# \/\* impgen\.c starts here \*\//,/^# \/\* impgen.c ends here \*\// { s/^# //; p; }" -e d < $0 > $output_objdir/impgen.c~
-      test -f $output_objdir/impgen.exe || (cd $output_objdir && \
-      if test "x$HOST_CC" != "x" ; then $HOST_CC -o impgen impgen.c ; \
-      else $CC -o impgen impgen.c ; fi)~
-      $output_objdir/impgen $dir/$soname > $output_objdir/$soname-def'
-
-    old_archive_from_expsyms_cmds='$DLLTOOL --as=$AS --dllname $soname --def $output_objdir/$soname-def --output-lib $output_objdir/$newlib'
-
-    # cygwin and mingw dlls have different entry points and sets of symbols
-    # to exclude.
-    # FIXME: what about values for MSVC?
-    dll_entry=__cygwin_dll_entry@12
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12~
-    case "$host_os" in
-    mingw*)
-      # mingw values
-      dll_entry=_DllMainCRTStartup@12
-      dll_exclude_symbols=DllMain@12,DllMainCRTStartup@12,DllEntryPoint@12~
-      ;;
-    esac
-
-    # mingw and cygwin differ, and it's simplest to just exclude the union
-    # of the two symbol sets.
-    dll_exclude_symbols=DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12,DllMainCRTStartup@12,DllEntryPoint@12
-
-    # recent cygwin and mingw systems supply a stub DllMain which the user
-    # can override, but on older systems we have to supply one (in ltdll.c)
-    if test "x$lt_cv_need_dllmain" = "xyes"; then
-      ltdll_obj='$output_objdir/$soname-ltdll.'"$objext "
-      ltdll_cmds='test -f $output_objdir/$soname-ltdll.c || sed -e "/^# \/\* ltdll\.c starts here \*\//,/^# \/\* ltdll.c ends here \*\// { s/^# //; p; }" -e d < $0 > $output_objdir/$soname-ltdll.c~
-	test -f $output_objdir/$soname-ltdll.$objext || (cd $output_objdir && $CC -c $soname-ltdll.c)~'
-    else
-      ltdll_obj=
-      ltdll_cmds=
-    fi
-
-    # Extract the symbol export list from an `--export-all' def file,
-    # then regenerate the def file from the symbol export list, so that
-    # the compiled dll only exports the symbol export list.
-    # Be careful not to strip the DATA tag left be newer dlltools.
-    export_symbols_cmds="$ltdll_cmds"'
-      $DLLTOOL --export-all --exclude-symbols '$dll_exclude_symbols' --output-def $output_objdir/$soname-def '$ltdll_obj'$libobjs $convenience~
-      sed -e "1,/EXPORTS/d" -e "s/ @ [0-9]*//" -e "s/ *;.*$//" < $output_objdir/$soname-def > $export_symbols'
-
-    # If DATA tags from a recent dlltool are present, honour them!
-    archive_expsym_cmds='echo EXPORTS > $output_objdir/$soname-def~
-      _lt_hint=1;
-      cat $export_symbols | while read symbol; do
-	set dummy \$symbol;
-	case \$# in
-	  2) echo "	\$2 @ \$_lt_hint ; " >> $output_objdir/$soname-def;;
-	  *) echo "     \$2 @ \$_lt_hint \$3 ; " >> $output_objdir/$soname-def;;
-	esac;
-	_lt_hint=`expr 1 + \$_lt_hint`;
-      done~
-      '"$ltdll_cmds"'
-      $CC -Wl,--base-file,$output_objdir/$soname-base '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $lib '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp~
-      $CC -Wl,--base-file,$output_objdir/$soname-base $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $lib '$ltdll_obj'$libobjs $deplibs $compiler_flags~
-      $DLLTOOL --as=$AS --dllname $soname --exclude-symbols '$dll_exclude_symbols' --def $output_objdir/$soname-def --base-file $output_objdir/$soname-base --output-exp $output_objdir/$soname-exp~
-      $CC $output_objdir/$soname-exp '$lt_cv_cc_dll_switch' -Wl,-e,'$dll_entry' -o $lib '$ltdll_obj'$libobjs $deplibs $compiler_flags'
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-      wlarc=
-    else
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    fi
-    ;;
-
-  solaris* | sysv5*)
-    if $LD -v 2>&1 | egrep 'BFD 2\.8' > /dev/null; then
-      ld_shlibs=no
-      cat <<EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-EOF
-    elif $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $linker_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $linker_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-
-  sunos4*)
-    archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    wlarc=
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
-      archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
-    else
-      ld_shlibs=no
-    fi
-    ;;
-  esac
-
-  if test "$ld_shlibs" = yes; then
-    runpath_var=LD_RUN_PATH
-    hardcode_libdir_flag_spec="$wlarc"'--rpath '"$wlarc"'$libdir'
-    export_dynamic_flag_spec="$wlarc"'--export-dynamic'
-    case $host_os in
-    cygwin* | mingw*)
-      # dlltool doesn't understand --whole-archive et. al.
-      whole_archive_flag_spec=
-      ;;
-    *)
-      # ancient GNU ld didn't support --whole-archive et. al.
-      if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then
-	whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
-      else
-	whole_archive_flag_spec=
-      fi
-      ;;
-    esac
-  fi
-else
-  # PORTME fill in a description of your system's linker (not GNU ld)
-  case "$host_os" in
-  aix3*)
-    allow_undefined_flag=unsupported
-    always_export_symbols=yes
-    archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-    # Note: this linker hardcodes the directories in LIBPATH if there
-    # are no directories specified by -L.
-    hardcode_minus_L=yes
-    if test "$with_gcc" = yes && test -z "$link_static_flag"; then
-      # Neither direct hardcoding nor static linking is supported with a
-      # broken collect2.
-      hardcode_direct=unsupported
-    fi
-    ;;
-
-  aix4*)
-    hardcode_libdir_flag_spec='${wl}-b ${wl}nolibpath ${wl}-b ${wl}libpath:$libdir:/usr/lib:/lib'
-    hardcode_libdir_separator=':'
-    if test "$with_gcc" = yes; then
-      collect2name=`${CC} -print-prog-name=collect2`
-      if test -f "$collect2name" && \
-	 strings "$collect2name" | grep resolve_lib_name >/dev/null
-      then
-	# We have reworked collect2
-	hardcode_direct=yes
-      else
-	# We have old collect2
-	hardcode_direct=unsupported
-	# It fails to find uninstalled libraries when the uninstalled
-	# path is not listed in the libpath.  Setting hardcode_minus_L
-	# to unsupported forces relinking
-	hardcode_minus_L=yes
-	hardcode_libdir_flag_spec='-L$libdir'
-	hardcode_libdir_separator=
-      fi
-      shared_flag='-shared'
-    else
-      shared_flag='${wl}-bM:SRE'
-      hardcode_direct=yes
-    fi
-    allow_undefined_flag=' ${wl}-berok'
-    archive_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bexpall ${wl}-bnoentry${allow_undefined_flag}'
-    archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs $compiler_flags ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}'
-    case "$host_os" in aix4.[01]|aix4.[01].*)
-      # According to Greg Wooledge, -bexpall is only supported from AIX 4.2 on
-      always_export_symbols=yes ;;
-    esac
-   ;;
-
-  amigaos*)
-    archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    # see comment about different semantics on the GNU ld section
-    ld_shlibs=no
-    ;;
-
-  cygwin* | mingw*)
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    # hardcode_libdir_flag_spec is actually meaningless, as there is
-    # no search path for DLLs.
-    hardcode_libdir_flag_spec=' '
-    allow_undefined_flag=unsupported
-    # Tell ltmain to make .lib files, not .a files.
-    libext=lib
-    # FIXME: Setting linknames here is a bad hack.
-    archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | sed -e '\''s/ -lc$//'\''` -link -dll~linknames='
-    # The linker will automatically build a .lib file if we build a DLL.
-    old_archive_from_new_cmds='true'
-    # FIXME: Should let the user specify the lib program.
-    old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
-    fix_srcfile_path='`cygpath -w $srcfile`'
-    ;;
-
-  freebsd1*)
-    ld_shlibs=no
-    ;;
-
-  # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-  # support.  Future versions do this automatically, but an explicit c++rt0.o
-  # does not break anything, and helps significantly (at the cost of a little
-  # extra space).
-  freebsd2.2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-  freebsd2*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-  freebsd*)
-    archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  hpux9* | hpux10* | hpux11*)
-    case "$host_os" in
-    hpux9*) archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' ;;
-    *) archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' ;;
-    esac
-    hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
-    hardcode_libdir_separator=:
-    hardcode_direct=yes
-    hardcode_minus_L=yes # Not in the search PATH, but as the default
-			 # location of the library.
-    export_dynamic_flag_spec='${wl}-E'
-    ;;
-
-  irix5* | irix6*)
-    if test "$with_gcc" = yes; then
-      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    link_all_deplibs=yes
-    ;;
-
-  netbsd*)
-    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-    else
-      archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-    fi
-    hardcode_libdir_flag_spec='${wl}-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  openbsd*)
-    archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  os2*)
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_minus_L=yes
-    allow_undefined_flag=unsupported
-    archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
-    old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
-    ;;
-
-  osf3*)
-    if test "$with_gcc" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    ;;
-
-  osf4* | osf5*)	# as osf3* with the addition of -msym flag
-    if test "$with_gcc" = yes; then
-      allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
-      archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
-    else
-      allow_undefined_flag=' -expect_unresolved \*'
-      archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
-    fi
-    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
-    hardcode_libdir_separator=:
-    ;;
-  rhapsody*)
-    archive_cmds='$CC -bundle -undefined suppress -o $lib $libobjs $deplibs $linkopts'
-    hardcode_libdir_flags_spec='-L$libdir'
-    hardcode_direct=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  sco3.2v5*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    runpath_var=LD_RUN_PATH
-    hardcode_runpath_var=yes
-    ;;
-
-  solaris*)
-    no_undefined_flag=' -z text'
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec='-R$libdir'
-    hardcode_shlibpath_var=no
-    case "$host_os" in
-    solaris2.[0-5] | solaris2.[0-5].*) ;;
-    *) # Supported since Solaris 2.6 (maybe 2.5.1?)
-      whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
-    esac
-    link_all_deplibs=yes
-    ;;
-
-  sunos4*)
-    if test "x$host_vendor" = xsequent; then
-      # Use $CC to link under sequent, because it throws in some extra .o 
-      # files that make .init and .fini sections work.
-      archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $linkopts'
-    else
-      archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-    fi
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_direct=yes
-    hardcode_minus_L=yes
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    hardcode_direct=no #Motorola manual says yes, but my tests say they lie
-    ;;
-
-  sysv4.3*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_shlibpath_var=no
-    export_dynamic_flag_spec='-Bexport'
-    ;;
-
-  sysv5*)
-    no_undefined_flag=' -z text'
-    # $CC -shared without GNU ld will not create a library from C++
-    # object files and a static libstdc++, better avoid it by now
-    archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
-		$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
-    hardcode_libdir_flag_spec=
-    hardcode_shlibpath_var=no
-    runpath_var='LD_RUN_PATH'
-    ;;
-
-  uts4*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  dgux*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_libdir_flag_spec='-L$libdir'
-    hardcode_shlibpath_var=no
-    ;;
-
-  sysv4*MP*)
-    if test -d /usr/nec; then
-      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      hardcode_shlibpath_var=no
-      runpath_var=LD_RUN_PATH
-      hardcode_runpath_var=yes
-      ld_shlibs=yes
-    fi
-    ;;
-
-  sysv4.2uw2*)
-    archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-    hardcode_direct=yes
-    hardcode_minus_L=no
-    hardcode_shlibpath_var=no
-    hardcode_runpath_var=yes
-    runpath_var=LD_RUN_PATH
-    ;;
-
-  unixware7*)
-    archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-    runpath_var='LD_RUN_PATH'
-    hardcode_shlibpath_var=no
-    ;;
-
-  *)
-    ld_shlibs=no
-    ;;
-  esac
-fi
-echo "$ac_t$ld_shlibs" 1>&6
-test "$ld_shlibs" = no && can_build_shared=no
-
-# Check hardcoding attributes.
-echo $ac_n "checking how to hardcode library paths into programs... $ac_c" 1>&6
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
-   test -n "$runpath_var"; then
-
-  # We can hardcode non-existant directories.
-  if test "$hardcode_direct" != no &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test "$hardcode_shlibpath_var" != no &&
-     test "$hardcode_minus_L" != no; then
-    # Linking always hardcodes the temporary library directory.
-    hardcode_action=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    hardcode_action=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  hardcode_action=unsupported
-fi
-echo "$ac_t$hardcode_action" 1>&6
-
-echo $ac_n "checking whether stripping libraries is possible... $ac_c" 1>&6
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  echo "${ac_t}yes" 1>&6
-else
-  echo "${ac_t}no" 1>&6
-fi
-
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-# PORTME Fill in your ld.so characteristics
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-echo $ac_n "checking dynamic linker characteristics... $ac_c" 1>&6
-case "$host_os" in
-aix3*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX has no versioning support, so we append a major version to the name.
-  soname_spec='${libname}${release}.so$major'
-  ;;
-
-aix4*)
-  version_type=linux
-  # AIX has no versioning support, so currently we can not hardcode correct
-  # soname into executable. Probably we can add versioning support to
-  # collect2, so additional links can be useful in future.
-  # We preserve .a as extension for shared libraries though AIX4.2
-  # and later linker supports .so
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.a'
-  shlibpath_var=LIBPATH
-  ;;
-
-amigaos*)
-  library_names_spec='$libname.ixlibrary $libname.a'
-  # Create ${libname}_ixlibrary.a entries in /sys/libs.
-  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done'
-  ;;
-
-beos*)
-  library_names_spec='${libname}.so'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  lt_cv_dlopen="load_add_on"
-  lt_cv_dlopen_libs=
-  lt_cv_dlopen_self=yes
-  ;;
-
-bsdi4*)
-  version_type=linux
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  export_dynamic_flag_spec=-rdynamic
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw*)
-  version_type=windows
-  need_version=no
-  need_lib_prefix=no
-  if test "$with_gcc" = yes; then
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-  else
-    library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib'
-  fi
-  dynamic_linker='Win32 ld.exe'
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  lt_cv_dlopen="LoadLibrary"
-  lt_cv_dlopen_libs=
-  ;;
-
-freebsd1*)
-  dynamic_linker=no
-  ;;
-
-freebsd*)
-  objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
-  version_type=freebsd-$objformat
-  case "$version_type" in
-    freebsd-elf*)
-      library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='${libname}${release}.so$versuffix $libname.so$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case "$host_os" in
-  freebsd2*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[01]* | freebsdelf3.[01]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  *) # from 3.2 on
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  dynamic_linker="$host_os dld.sl"
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  shlibpath_var=SHLIB_PATH
-  shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-  library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl'
-  soname_spec='${libname}${release}.sl$major'
-  # HP-UX runs *really* slowly unless shared libraries are mode 555.
-  postinstall_cmds='chmod 555 $lib'
-  ;;
-
-irix5* | irix6*)
-  version_type=irix
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='${libname}${release}.so.$major'
-  library_names_spec='${libname}${release}.so.$versuffix ${libname}${release}.so.$major ${libname}${release}.so $libname.so'
-  case "$host_os" in
-  irix5*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case "$LD" in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
-  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*)
-  dynamic_linker=no
-  ;;
-
-# This must be Linux ELF.
-linux-gnu*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
-    library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so'
-    soname_spec='${libname}${release}.so$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-openbsd*)
-  version_type=sunos
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-    need_version=no
-  fi
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-os2*)
-  libname_spec='$name'
-  need_lib_prefix=no
-  library_names_spec='$libname.dll $libname.a'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=LIBPATH
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_version=no
-  soname_spec='${libname}${release}.so'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
-  ;;
-
-rhapsody*)
-  version_type=sunos
-  library_names_spec='${libname}.so'
-  soname_spec='${libname}.so'
-  shlibpath_var=DYLD_LIBRARY_PATH
-  deplibs_check_method=pass_all
-  ;;
-
-sco3.2v5*)
-  version_type=osf
-  soname_spec='${libname}${release}.so$major'
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-solaris*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test "$with_gnu_ld" = yes; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case "$host_vendor" in
-    sequent)
-      file_magic_cmd='/bin/file'
-      deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-uts4*)
-  version_type=linux
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-dgux*)
-  version_type=linux
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
-  soname_spec='${libname}${release}.so$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec ;then
-    version_type=linux
-    library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so'
-    soname_spec='$libname.so.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-echo "$ac_t$dynamic_linker" 1>&6
-test "$dynamic_linker" = no && can_build_shared=no
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-echo $ac_n "checking command to parse $NM output... $ac_c" 1>&6
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Transform the above into a raw symbol and a C symbol.
-symxfrm='\1 \2\3 \3'
-
-# Transform an extracted symbol line into a proper C declaration
-global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'"
-
-# Define system-specific variables.
-case "$host_os" in
-aix*)
-  symcode='[BCDT]'
-  ;;
-cygwin* | mingw*)
-  symcode='[ABCDGISTW]'
-  ;;
-hpux*) # Its linker distinguishes data from code symbols
-  global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^. .* \(.*\)$/extern char \1;/p'"
-  ;;
-irix*)
-  symcode='[BCDEGRST]'
-  ;;
-solaris* | sysv5*)
-  symcode='[BDT]'
-  ;;
-sysv4)
-  symcode='[DFNSTU]'
-  ;;
-esac
-
-# Handle CRLF in mingw too chain
-opt_cr=
-case "$host_os" in
-mingw*)
-  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
-  symcode='[ABCDGISTW]'
-fi
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Write the raw and C identifiers.
-global_symbol_pipe="sed -n -e 's/^.*[ 	]\($symcode\)[ 	][ 	]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-  $rm conftest*
-  cat > conftest.c <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
-  echo "$progname:1892: checking if global_symbol_pipe works" >&5
-  if { (eval echo $progname:1893: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; } && test -s conftest.$objext; then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if { echo "$progname:1896: eval \"$NM conftest.$objext | $global_symbol_pipe > $nlist\"" >&5; eval "$NM conftest.$objext | $global_symbol_pipe > $nlist 2>&5"; } && test -s "$nlist"; then
-
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if egrep ' nm_test_var$' "$nlist" >/dev/null; then
-	if egrep ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<EOF > conftest.c
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
-	  # Now generate the symbol file.
-	  eval "$global_symbol_to_cdecl"' < "$nlist" >> conftest.c'
-
-	  cat <<EOF >> conftest.c
-#if defined (__STDC__) && __STDC__
-# define lt_ptr_t void *
-#else
-# define lt_ptr_t char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr_t address;
-}
-lt_preloaded_symbols[] =
-{
-EOF
-	  sed 's/^. \(.*\) \(.*\)$/  {"\2", (lt_ptr_t) \&\2},/' < "$nlist" >> conftest.c
-	  cat <<\EOF >> conftest.c
-  {0, (lt_ptr_t) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
-	  # Now try linking the two files.
-	  mv conftest.$objext conftstm.$objext
-	  save_LIBS="$LIBS"
-	  save_CFLAGS="$CFLAGS"
-	  LIBS="conftstm.$objext"
-	  CFLAGS="$CFLAGS$no_builtin_flag"
-	  if { (eval echo $progname:1948: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-	    pipe_works=yes
-	  else
-	    echo "$progname: failed program was:" >&5
-	    cat conftest.c >&5
-	  fi
-	  LIBS="$save_LIBS"
-	else
-	  echo "cannot find nm_test_func in $nlist" >&5
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&5
-      fi
-    else
-      echo "cannot run $global_symbol_pipe" >&5
-    fi
-  else
-    echo "$progname: failed program was:" >&5
-    cat conftest.c >&5
-  fi
-  $rm conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test "$pipe_works" = yes; then
-    break
-  else
-    global_symbol_pipe=
-  fi
-done
-if test "$pipe_works" = yes; then
-  echo "${ac_t}ok" 1>&6
-else
-  echo "${ac_t}failed" 1>&6
-fi
-
-if test -z "$global_symbol_pipe"; then
-  global_symbol_to_cdecl=
-fi
-
-# Report the final consequences.
-echo "checking if libtool supports shared libraries... $can_build_shared" 1>&6
-
-# Only try to build win32 dlls if AC_LIBTOOL_WIN32_DLL was used in
-# configure.in, otherwise build static only libraries.
-case "$host_os" in
-cygwin* | mingw* | os2*)
-  if test x$can_build_shared = xyes; then
-    test x$enable_win32_dll = xno && can_build_shared=no
-    echo "checking if package supports dlls... $can_build_shared" 1>&6
-  fi
-;;
-esac
-
-echo $ac_n "checking whether to build shared libraries... $ac_c" 1>&6
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case "$host_os" in
-aix3*)
-  test "$enable_shared" = yes && enable_static=no
-  if test -n "$RANLIB"; then
-    archive_cmds="$archive_cmds~\$RANLIB \$lib"
-    postinstall_cmds='$RANLIB $lib'
-  fi
-  ;;
-
-aix4*)
-  test "$enable_shared" = yes && enable_static=no
-  ;;
-esac
-
-echo "$ac_t$enable_shared" 1>&6
-
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-
-echo "checking whether to build static libraries... $enable_static" 1>&6
-
-if test "$hardcode_action" = relink || test "$hardcode_into_libs" = all; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
-     test "$enable_shared" = no; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$with_gcc" = yes; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-# Check whether we must set pic_mode to default
-test -z "$pic_flag" && pic_mode=default
-
-if test "x$enable_dlopen" != xyes; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-if test "X${lt_cv_dlopen+set}" != Xset; then
-  lt_cv_dlopen=no lt_cv_dlopen_libs=
-echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
-echo "$progname:2052: checking for dlopen in -ldl" >&5
-if test "X${ac_cv_lib_dl_dlopen+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-ldl  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 2059 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-dlopen()
-; return 0; }
-EOF
-if { (eval echo $progname:2072: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_dl_dlopen=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_dl_dlopen=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dl_dlopen" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dlopen""... $ac_c" 1>&6
-echo "$progname:2091: checking for dlopen" >&5
-if test "X${ac_cv_func_dlopen+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2096 "ltconfig"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char dlopen(); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_dlopen) || defined (__stub___dlopen)
-choke me
-#else
-dlopen();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo $progname:2121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_func_dlopen=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_func_dlopen=no
-fi
-rm -f conftest*
-fi
-if test "X$ac_cv_func_dlopen" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dlopen"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dld_link in -ldld""... $ac_c" 1>&6
-echo "$progname:2138: checking for dld_link in -ldld" >&5
-if test "X${ac_cv_lib_dld_dld_link+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-ldld  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 2145 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dld_link();
-
-int main() {
-dld_link()
-; return 0; }
-EOF
-if { (eval echo $progname:2158: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_dld_dld_link=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_dld_dld_link=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dld_dld_link" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for shl_load""... $ac_c" 1>&6
-echo "$progname:2177: checking for shl_load" >&5
-if test "X${ac_cv_func_shl_load+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2182 "ltconfig"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char shl_load(); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shl_load) || defined (__stub___shl_load)
-choke me
-#else
-shl_load();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo $progname:2207: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_func_shl_load=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_func_shl_load=no
-fi
-rm -f conftest*
-fi
-
-if test "X$ac_cv_func_shl_load" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="shl_load"
-else
-  echo "$ac_t""no" 1>&6
-echo $ac_n "checking for shl_load in -ldld""... $ac_c" 1>&6
-echo "$progname:2225: checking for shl_load in -ldld" >&5
-if test "X${ac_cv_lib_dld_shl_load+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-ldld  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 2232 "ltconfig"
-#include "confdefs.h"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load();
-
-int main() {
-shl_load()
-; return 0; }
-EOF
-if { (eval echo $progname:2246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  ac_cv_lib_dld_shl_load=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  ac_cv_lib_dld_shl_load=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dld_shl_load" = Xyes; then
-  echo "$ac_t""yes" 1>&6
-  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
-else
-  echo "$ac_t""no" 1>&6
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-fi
-
-  if test "x$lt_cv_dlopen" != xno; then
-    enable_dlopen=yes
-  fi
-
-  case "$lt_cv_dlopen" in
-  dlopen)
-for ac_hdr in dlfcn.h; do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "$progname:2289: checking for $ac_hdr" >&5
-if eval "test \"`echo 'X$''{'ac_cv_header_$ac_safe'+set}'`\" = Xset"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 2294 "ltconfig"
-#include <$ac_hdr>
-int fnord = 0;
-int main () { return (0); }
-EOF
-ac_try="$ac_compile >/dev/null 2>conftest.out"
-{ (eval echo $progname:2300: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=yes"
-else
-  echo "$ac_err" >&5
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
-
-    if test "x$ac_cv_header_dlfcn_h" = xyes; then
-      CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-    fi
-    eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-  echo $ac_n "checking whether a program can dlopen itself""... $ac_c" 1>&6
-echo "$progname:2328: checking whether a program can dlopen itself" >&5
-if test "X${lt_cv_dlopen_self+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  if test "$cross_compiling" = yes; then
-    lt_cv_dlopen_self=cross
-  else
-    cat > conftest.c <<EOF
-#line 2336 "ltconfig"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LTDL_GLOBAL	RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-#  define LTDL_GLOBAL	DL_GLOBAL
-# else
-#  define LTDL_GLOBAL	0
-# endif
-#endif
-
-/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LTDL_LAZY_OR_NOW
-# ifdef RTLD_LAZY
-#  define LTDL_LAZY_OR_NOW	RTLD_LAZY
-# else
-#  ifdef DL_LAZY
-#   define LTDL_LAZY_OR_NOW	DL_LAZY
-#  else
-#   ifdef RTLD_NOW
-#    define LTDL_LAZY_OR_NOW	RTLD_NOW
-#   else
-#    ifdef DL_NOW
-#     define LTDL_LAZY_OR_NOW	DL_NOW
-#    else
-#     define LTDL_LAZY_OR_NOW	0
-#    endif
-#   endif
-#  endif
-# endif
-#endif
-
-fnord() { int i=42;}
-main() { void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
-    if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
-	       if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); }
-
-EOF
-if { (eval echo $progname:2382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
-  lt_cv_dlopen_self=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -fr conftest*
-  lt_cv_dlopen_self=no
-fi
-rm -fr conftest*
-fi
-
-fi
-
-echo "$ac_t""$lt_cv_dlopen_self" 1>&6
-
-  if test "$lt_cv_dlopen_self" = yes; then
-    LDFLAGS="$LDFLAGS $link_static_flag"
-  echo $ac_n "checking whether a statically linked program can dlopen itself""... $ac_c" 1>&6
-echo "$progname:2401: checking whether a statically linked program can dlopen itself" >&5
-if test "X${lt_cv_dlopen_self_static+set}" = Xset; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  if test "$cross_compiling" = yes; then
-    lt_cv_dlopen_self_static=cross
-  else
-    cat > conftest.c <<EOF
-#line 2409 "ltconfig"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LTDL_GLOBAL	RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-#  define LTDL_GLOBAL	DL_GLOBAL
-# else
-#  define LTDL_GLOBAL	0
-# endif
-#endif
-
-/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LTDL_LAZY_OR_NOW
-# ifdef RTLD_LAZY
-#  define LTDL_LAZY_OR_NOW	RTLD_LAZY
-# else
-#  ifdef DL_LAZY
-#   define LTDL_LAZY_OR_NOW	DL_LAZY
-#  else
-#   ifdef RTLD_NOW
-#    define LTDL_LAZY_OR_NOW	RTLD_NOW
-#   else
-#    ifdef DL_NOW
-#     define LTDL_LAZY_OR_NOW	DL_NOW
-#    else
-#     define LTDL_LAZY_OR_NOW	0
-#    endif
-#   endif
-#  endif
-# endif
-#endif
-
-fnord() { int i=42;}
-main() { void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
-    if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
-    if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); }
-
-EOF
-if { (eval echo $progname:2455: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
-  lt_cv_dlopen_self_static=yes
-else
-  echo "$progname: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -fr conftest*
-  lt_cv_dlopen_self_static=no
-fi
-rm -fr conftest*
-fi
-
-fi
-
-echo "$ac_t""$lt_cv_dlopen_self_static" 1>&6
-fi
-    ;;
-  esac
-
-  case "$lt_cv_dlopen_self" in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case "$lt_cv_dlopen_self_static" in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-
-# Copy echo and quote the copy, instead of the original, because it is
-# used later.
-ltecho="$echo"
-if test "X$ltecho" = "X$CONFIG_SHELL $0 --fallback-echo"; then
-   ltecho="$CONFIG_SHELL \$0 --fallback-echo"
-fi
-LTSHELL="$SHELL"
-
-LTCONFIG_VERSION="$VERSION"
-
-# Only quote variables if we're using ltmain.sh.
-case "$ltmain" in
-*.sh)
-  # Now quote all the things that may contain metacharacters.
-  for var in ltecho old_AR old_ARFLAGS old_CC old_CFLAGS old_CPPFLAGS \
-    old_MAGIC old_LD old_LDFLAGS old_LIBS \
-    old_LN_S old_NM old_RANLIB old_STRIP \
-    old_AS old_DLLTOOL old_OBJDUMP \
-    old_OBJEXT old_EXEEXT old_reload_flag \
-    old_deplibs_check_method old_file_magic_cmd \
-    AR AR_FLAGS CC LD LN_S NM LTSHELL LTCONFIG_VERSION \
-    reload_flag reload_cmds wl \
-    pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \
-    thread_safe_flag_spec whole_archive_flag_spec libname_spec \
-    library_names_spec soname_spec \
-    RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \
-    old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \
-    postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \
-    old_striplib striplib file_magic_cmd export_symbols_cmds \
-    deplibs_check_method allow_undefined_flag no_undefined_flag \
-    finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \
-    hardcode_libdir_flag_spec hardcode_libdir_separator  \
-    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
-    compiler_c_o compiler_o_lo need_locks exclude_expsyms include_expsyms; do
-
-    case "$var" in
-    reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \
-    old_postinstall_cmds | old_postuninstall_cmds | \
-    export_symbols_cmds | archive_cmds | archive_expsym_cmds | \
-    extract_expsyms_cmds | old_archive_from_expsyms_cmds | \
-    postinstall_cmds | postuninstall_cmds | \
-    finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
-      # Double-quote double-evaled strings.
-      eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ### testsuite: skip nested quoting test
-      ;;
-    *)
-      eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ### testsuite: skip nested quoting test
-      ;;
-    esac
-  done
-
-  case "$ltecho" in
-  *'\$0 --fallback-echo"')
-    ltecho=`$echo "X$ltecho" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
-    ;;
-  esac
-
-  trap "$rm \"$ofile\"; exit 1" 1 2 15
-  echo "creating $ofile"
-  $rm "$ofile"
-  cat <<EOF > "$ofile"
-#! $SHELL
-
-# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltconfig or ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-### BEGIN LIBTOOL CONFIG
-EOF
-  cfgfile="$ofile"
-  ;;
-
-*)
-  # Double-quote the variables that need it (for aesthetics).
-  for var in old_AR old_AR_FLAGS old_CC old_CFLAGS old_CPPFLAGS \
-    old_MAGIC old_LD old_LDFLAGS old_LIBS \
-    old_LN_S old_NM old_RANLIB old_STRIP \
-    old_AS old_DLLTOOL old_OBJDUMP \
-    old_OBJEXT old_EXEEXT old_reload_flag \
-    old_deplibs_check_method old_file_magic_cmd; do
-    eval "$var=\\\"\$var\\\""
-  done
-
-  # Just create a config file.
-  cfgfile="$ofile.cfg"
-  trap "$rm \"$cfgfile\"; exit 1" 1 2 15
-  echo "creating $cfgfile"
-  $rm "$cfgfile"
-  cat <<EOF > "$cfgfile"
-# `$echo "$cfgfile" | sed 's%^.*/%%'` - Libtool configuration file.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-EOF
-  ;;
-esac
-
-cat <<EOF >> "$cfgfile"
-# Libtool was configured as follows, on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-#
-# AR=$old_AR AR_FLAGS=$old_AR_FLAGS CC=$old_CC CFLAGS=$old_CFLAGS \\
-# CPPFLAGS=$old_CPPFLAGS MAGIC=$old_MAGIC LD=$old_LD LDFLAGS=$old_LDFLAGS \\
-# LIBS=$old_LIBS LN_S=$old_LN_S NM=$old_NM RANLIB=$old_RANLIB \\
-# STRIP=$old_STRIP AS=$old_AS DLLTOOL=$old_DLLTOOL OBJDUMP=$old_OBJDUMP \\
-# objext=$old_OBJEXT exeext=$old_EXEEXT reload_flag=$old_reload_flag \\
-# deplibs_check_method=$old_deplibs_check_method file_magic_cmd=$old_file_magic_cmd \\
-#   $0$ltconfig_args
-#
-# Compiler and other test output produced by $progname, useful for
-# debugging $progname, is in ./config.log if it exists.
-# The version of $progname that generated this script.
-LTCONFIG_VERSION=$LTCONFIG_VERSION
-
-# Shell to use when invoking shell scripts.
-SHELL=$LTSHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-
-# An echo program that does not interpret backslashes.
-echo=$ltecho
-
-# The archiver.
-AR=$AR
-AR_FLAGS=$AR_FLAGS
-
-# The default C compiler.
-CC=$CC
-
-# The linker used to build libraries.
-LD=$LD
-
-# Whether we need hard or soft links.
-LN_S=$LN_S
-
-# A BSD-compatible nm program.
-NM=$NM
-
-# A symbol stripping program
-STRIP=$STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC=$MAGIC
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$reload_flag
-reload_cmds=$reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$wl
-
-# Object file suffix (normally "o").
-objext="$objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$pic_flag
-pic_mode=$pic_mode
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$compiler_c_o
-
-# Can we write directly to a .lo ?
-compiler_o_lo=$compiler_o_lo
-
-# Must we lock files when doing compilation ?
-need_locks=$need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$link_static_flag
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$libname_spec
-
-# List of archive names.  First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$RANLIB
-old_archive_cmds=$old_archive_cmds
-old_postinstall_cmds=$old_postinstall_cmds
-old_postuninstall_cmds=$old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$archive_cmds
-archive_expsym_cmds=$archive_expsym_cmds
-postinstall_cmds=$postinstall_cmds
-postuninstall_cmds=$postuninstall_cmds
-
-# Commands to strip libraries.
-old_striplib=$old_striplib
-striplib=$striplib
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$global_symbol_to_cdecl
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$hardcode_libdir_flag_spec
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$include_expsyms
-
-EOF
-
-case "$ltmain" in
-*.sh)
-  echo '### END LIBTOOL CONFIG' >> "$ofile"
-  echo >> "$ofile"
-  case "$host_os" in
-  aix3*)
-    cat <<\EOF >> "$ofile"
-
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-EOF
-    ;;
-  esac
-  case "$host" in
-  *-*-cygwin* | *-*-mingw* | *-*-os2*)
-    cat <<'EOF' >> "$ofile"
-      # This is a source program that is used to create dlls on Windows
-      # Don't remove nor modify the starting and closing comments
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# #  ifdef __CYGWIN32__
-# #    define __CYGWIN__ __CYGWIN32__
-# #  endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-#   __hDllInstance_base = hInst;
-#   return TRUE;
-# }
-# /* ltdll.c ends here */
-      # This is a source program that is used to create import libraries
-      # on Windows for dlls which lack them. Don't remove nor modify the
-      # starting and closing comments
-# /* impgen.c starts here */
-# /*   Copyright (C) 1999-2000 Free Software Foundation, Inc.
-#
-#  This file is part of GNU libtool.
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#  */
-#
-#  #include <stdio.h>		/* for printf() */
-#  #include <unistd.h>		/* for open(), lseek(), read() */
-#  #include <fcntl.h>		/* for O_RDONLY, O_BINARY */
-#  #include <string.h>		/* for strdup() */
-#
-#  /* O_BINARY isn't required (or even defined sometimes) under Unix */
-#  #ifndef O_BINARY
-#  #define O_BINARY 0
-#  #endif
-#
-#  static unsigned int
-#  pe_get16 (fd, offset)
-#       int fd;
-#       int offset;
-#  {
-#    unsigned char b[2];
-#    lseek (fd, offset, SEEK_SET);
-#    read (fd, b, 2);
-#    return b[0] + (b[1]<<8);
-#  }
-#
-#  static unsigned int
-#  pe_get32 (fd, offset)
-#      int fd;
-#      int offset;
-#  {
-#    unsigned char b[4];
-#    lseek (fd, offset, SEEK_SET);
-#    read (fd, b, 4);
-#    return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-#  }
-#
-#  static unsigned int
-#  pe_as32 (ptr)
-#       void *ptr;
-#  {
-#    unsigned char *b = ptr;
-#    return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-#  }
-#
-#  int
-#  main (argc, argv)
-#      int argc;
-#      char *argv[];
-#  {
-#      int dll;
-#      unsigned long pe_header_offset, opthdr_ofs, num_entries, i;
-#      unsigned long export_rva, export_size, nsections, secptr, expptr;
-#      unsigned long name_rvas, nexp;
-#      unsigned char *expdata, *erva;
-#      char *filename, *dll_name;
-#
-#      filename = argv[1];
-#
-#      dll = open(filename, O_RDONLY|O_BINARY);
-#      if (!dll)
-#  	return 1;
-#
-#      dll_name = filename;
-#
-#      for (i=0; filename[i]; i++)
-#  	if (filename[i] == '/' || filename[i] == '\\'  || filename[i] == ':')
-#  	    dll_name = filename + i +1;
-#
-#      pe_header_offset = pe_get32 (dll, 0x3c);
-#      opthdr_ofs = pe_header_offset + 4 + 20;
-#      num_entries = pe_get32 (dll, opthdr_ofs + 92);
-#
-#      if (num_entries < 1) /* no exports */
-#  	return 1;
-#
-#      export_rva = pe_get32 (dll, opthdr_ofs + 96);
-#      export_size = pe_get32 (dll, opthdr_ofs + 100);
-#      nsections = pe_get16 (dll, pe_header_offset + 4 +2);
-#      secptr = (pe_header_offset + 4 + 20 +
-#  	      pe_get16 (dll, pe_header_offset + 4 + 16));
-#
-#      expptr = 0;
-#      for (i = 0; i < nsections; i++)
-#      {
-#  	char sname[8];
-#  	unsigned long secptr1 = secptr + 40 * i;
-#  	unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
-#  	unsigned long vsize = pe_get32 (dll, secptr1 + 16);
-#  	unsigned long fptr = pe_get32 (dll, secptr1 + 20);
-#  	lseek(dll, secptr1, SEEK_SET);
-#  	read(dll, sname, 8);
-#  	if (vaddr <= export_rva && vaddr+vsize > export_rva)
-#  	{
-#  	    expptr = fptr + (export_rva - vaddr);
-#  	    if (export_rva + export_size > vaddr + vsize)
-#  		export_size = vsize - (export_rva - vaddr);
-#  	    break;
-#  	}
-#      }
-#
-#      expdata = (unsigned char*)malloc(export_size);
-#      lseek (dll, expptr, SEEK_SET);
-#      read (dll, expdata, export_size);
-#      erva = expdata - export_rva;
-#
-#      nexp = pe_as32 (expdata+24);
-#      name_rvas = pe_as32 (expdata+32);
-#
-#      printf ("EXPORTS\n");
-#      for (i = 0; i<nexp; i++)
-#      {
-#  	unsigned long name_rva = pe_as32 (erva+name_rvas+i*4);
-#  	printf ("\t%s @ %ld ;\n", erva+name_rva, 1+ i);
-#      }
-#
-#      return 0;
-#  }
-# /* impgen.c ends here */
-
-EOF
-    ;;
-  esac
-
-
-  # Append the ltmain.sh script.
-  sed '$q' "$ltmain" >> "$ofile" || (rm -f "$ofile"; exit 1)
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-
-  chmod +x "$ofile"
-  ;;
-
-*)
-  # Compile the libtool program.
-  echo "FIXME: would compile $ltmain"
-  ;;
-esac
-
-test -n "$cache_file" || exit 0
-
-# AC_CACHE_SAVE
-trap '' 1 2 15
-cat > confcache <<\EOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs.  It is not useful on other systems.
-# If it contains results you don't want to keep, you may remove or edit it.
-#
-# By default, configure uses ./config.cache as the cache file,
-# creating it if it does not exist already.  You can give configure
-# the --cache-file=FILE option to use a different cache file; that is
-# what configure does when it calls configure scripts in
-# subdirectories, so they share the cache.
-# Giving --cache-file=/dev/null disables caching, for debugging configure.
-# config.status only pays attention to the cache file if you give it the
-# --recheck option to rerun configure.
-#
-EOF
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(set) 2>&1 |
-  case `(ac_space=' '; set | grep ac_space) 2>&1` in
-  *ac_space=\ *)
-    # `set' does not quote correctly, so add quotes (double-quote substitution
-    # turns \\\\ into \\, and sed turns \\ into \).
-    sed -n \
-      -e "s/'/'\\\\''/g" \
-      -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
-    ;;
-  *)
-    # `set' quotes correctly as required by POSIX, so do not add quotes.
-    sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
-    ;;
-  esac >> confcache
-if cmp -s $cache_file confcache; then
-  :
-else
-  if test -w $cache_file; then
-    echo "updating cache $cache_file"
-    cat confcache > $cache_file
-  else
-    echo "not updating unwritable cache $cache_file"
-  fi
-fi
-rm -f confcache
-
-exit 0
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/crypto/heimdal/ltmain.sh b/crypto/heimdal/ltmain.sh
deleted file mode 100644
index 6e5bf3657c94..000000000000
--- a/crypto/heimdal/ltmain.sh
+++ /dev/null
@@ -1,4984 +0,0 @@
-# ltmain.sh - Provide generalized library-building support services.
-# NOTE: Changing this file will not affect anything until you rerun configure.
-#
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Check that we have a working $echo.
-if test "X$1" = X--no-reexec; then
-  # Discard the --no-reexec flag, and continue.
-  shift
-elif test "X$1" = X--fallback-echo; then
-  # Avoid inline document here, it may be left over
-  :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
-  # Yippee, $echo works!
-  :
-else
-  # Restart under the correct shell, and then maybe $echo will work.
-  exec $SHELL "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
-  # used as fallback echo
-  shift
-  cat <<EOF
-$*
-EOF
-  exit 0
-fi
-
-# The name of this program.
-progname=`$echo "$0" | sed 's%^.*/%%'`
-modename="$progname"
-
-# Constants.
-PROGRAM=ltmain.sh
-PACKAGE=libtool
-VERSION=1.4.2
-TIMESTAMP=" (1.922.2.53 2001/09/11 03:18:52)"
-
-default_mode=
-help="Try \`$progname --help' for more information."
-magic="%%%MAGIC variable%%%"
-mkdir="mkdir"
-mv="mv -f"
-rm="rm -f"
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
-SP2NL='tr \040 \012'
-NL2SP='tr \015\012 \040\040'
-
-# NLS nuisances.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
-# We save the old values to restore during execute mode.
-if test "${LC_ALL+set}" = set; then
-  save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
-fi
-if test "${LANG+set}" = set; then
-  save_LANG="$LANG"; LANG=C; export LANG
-fi
-
-# Make sure IFS has a sensible default
-: ${IFS=" 	"}
-
-if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
-  echo "$modename: not configured to build any kind of library" 1>&2
-  echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-  exit 1
-fi
-
-# Global variables.
-mode=$default_mode
-nonopt=
-prev=
-prevopt=
-run=
-show="$echo"
-show_help=
-execute_dlfiles=
-lo2o="s/\\.lo\$/.${objext}/"
-o2lo="s/\\.${objext}\$/.lo/"
-
-# Parse our command line options once, thoroughly.
-while test $# -gt 0
-do
-  arg="$1"
-  shift
-
-  case $arg in
-  -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
-  *) optarg= ;;
-  esac
-
-  # If the previous option needs an argument, assign it.
-  if test -n "$prev"; then
-    case $prev in
-    execute_dlfiles)
-      execute_dlfiles="$execute_dlfiles $arg"
-      ;;
-    *)
-      eval "$prev=\$arg"
-      ;;
-    esac
-
-    prev=
-    prevopt=
-    continue
-  fi
-
-  # Have we seen a non-optional argument yet?
-  case $arg in
-  --help)
-    show_help=yes
-    ;;
-
-  --version)
-    echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
-    exit 0
-    ;;
-
-  --config)
-    sed -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $0
-    exit 0
-    ;;
-
-  --debug)
-    echo "$progname: enabling shell trace mode"
-    set -x
-    ;;
-
-  --dry-run | -n)
-    run=:
-    ;;
-
-  --features)
-    echo "host: $host"
-    if test "$build_libtool_libs" = yes; then
-      echo "enable shared libraries"
-    else
-      echo "disable shared libraries"
-    fi
-    if test "$build_old_libs" = yes; then
-      echo "enable static libraries"
-    else
-      echo "disable static libraries"
-    fi
-    exit 0
-    ;;
-
-  --finish) mode="finish" ;;
-
-  --mode) prevopt="--mode" prev=mode ;;
-  --mode=*) mode="$optarg" ;;
-
-  --quiet | --silent)
-    show=:
-    ;;
-
-  -dlopen)
-    prevopt="-dlopen"
-    prev=execute_dlfiles
-    ;;
-
-  -*)
-    $echo "$modename: unrecognized option \`$arg'" 1>&2
-    $echo "$help" 1>&2
-    exit 1
-    ;;
-
-  *)
-    nonopt="$arg"
-    break
-    ;;
-  esac
-done
-
-if test -n "$prevopt"; then
-  $echo "$modename: option \`$prevopt' requires an argument" 1>&2
-  $echo "$help" 1>&2
-  exit 1
-fi
-
-# If this variable is set in any of the actions, the command in it
-# will be execed at the end.  This prevents here-documents from being
-# left over by shells.
-exec_cmd=
-
-if test -z "$show_help"; then
-
-  # Infer the operation mode.
-  if test -z "$mode"; then
-    case $nonopt in
-    *cc | *++ | gcc* | *-gcc*)
-      mode=link
-      for arg
-      do
-	case $arg in
-	-c)
-	   mode=compile
-	   break
-	   ;;
-	esac
-      done
-      ;;
-    *db | *dbx | *strace | *truss)
-      mode=execute
-      ;;
-    *install*|cp|mv)
-      mode=install
-      ;;
-    *rm)
-      mode=uninstall
-      ;;
-    *)
-      # If we have no mode, but dlfiles were specified, then do execute mode.
-      test -n "$execute_dlfiles" && mode=execute
-
-      # Just use the default operation mode.
-      if test -z "$mode"; then
-	if test -n "$nonopt"; then
-	  $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
-	else
-	  $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
-	fi
-      fi
-      ;;
-    esac
-  fi
-
-  # Only execute mode is allowed to have -dlopen flags.
-  if test -n "$execute_dlfiles" && test "$mode" != execute; then
-    $echo "$modename: unrecognized option \`-dlopen'" 1>&2
-    $echo "$help" 1>&2
-    exit 1
-  fi
-
-  # Change the help message to a mode-specific one.
-  generic_help="$help"
-  help="Try \`$modename --help --mode=$mode' for more information."
-
-  # These modes are in order of execution frequency so that they run quickly.
-  case $mode in
-  # libtool compile mode
-  compile)
-    modename="$modename: compile"
-    # Get the compilation command and the source file.
-    base_compile=
-    prev=
-    lastarg=
-    srcfile="$nonopt"
-    suppress_output=
-
-    user_target=no
-    for arg
-    do
-      case $prev in
-      "") ;;
-      xcompiler)
-	# Aesthetically quote the previous argument.
-	prev=
-	lastarg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-
-	case $arg in
-	# Double-quote args containing other shell metacharacters.
-	# Many Bourne shells cannot handle close brackets correctly
-	# in scan sets, so we specify it separately.
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-
-	# Add the previous argument to base_compile.
-	if test -z "$base_compile"; then
-	  base_compile="$lastarg"
-	else
-	  base_compile="$base_compile $lastarg"
-	fi
-	continue
-	;;
-      esac
-
-      # Accept any command-line options.
-      case $arg in
-      -o)
-	if test "$user_target" != "no"; then
-	  $echo "$modename: you cannot specify \`-o' more than once" 1>&2
-	  exit 1
-	fi
-	user_target=next
-	;;
-
-      -static)
-	build_old_libs=yes
-	continue
-	;;
-
-      -prefer-pic)
-	pic_mode=yes
-	continue
-	;;
-
-      -prefer-non-pic)
-	pic_mode=no
-	continue
-	;;
-
-      -Xcompiler)
-	prev=xcompiler
-	continue
-	;;
-
-      -Wc,*)
-	args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
-	lastarg=
-	save_ifs="$IFS"; IFS=','
-	for arg in $args; do
-	  IFS="$save_ifs"
-
-	  # Double-quote args containing other shell metacharacters.
-	  # Many Bourne shells cannot handle close brackets correctly
-	  # in scan sets, so we specify it separately.
-	  case $arg in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    arg="\"$arg\""
-	    ;;
-	  esac
-	  lastarg="$lastarg $arg"
-	done
-	IFS="$save_ifs"
-	lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
-
-	# Add the arguments to base_compile.
-	if test -z "$base_compile"; then
-	  base_compile="$lastarg"
-	else
-	  base_compile="$base_compile $lastarg"
-	fi
-	continue
-	;;
-      esac
-
-      case $user_target in
-      next)
-	# The next one is the -o target name
-	user_target=yes
-	continue
-	;;
-      yes)
-	# We got the output file
-	user_target=set
-	libobj="$arg"
-	continue
-	;;
-      esac
-
-      # Accept the current argument as the source file.
-      lastarg="$srcfile"
-      srcfile="$arg"
-
-      # Aesthetically quote the previous argument.
-
-      # Backslashify any backslashes, double quotes, and dollar signs.
-      # These are the only characters that are still specially
-      # interpreted inside of double-quoted scrings.
-      lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
-
-      # Double-quote args containing other shell metacharacters.
-      # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, so we specify it separately.
-      case $lastarg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	lastarg="\"$lastarg\""
-	;;
-      esac
-
-      # Add the previous argument to base_compile.
-      if test -z "$base_compile"; then
-	base_compile="$lastarg"
-      else
-	base_compile="$base_compile $lastarg"
-      fi
-    done
-
-    case $user_target in
-    set)
-      ;;
-    no)
-      # Get the name of the library object.
-      libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
-      ;;
-    *)
-      $echo "$modename: you must specify a target with \`-o'" 1>&2
-      exit 1
-      ;;
-    esac
-
-    # Recognize several different file suffixes.
-    # If the user specifies -o file.o, it is replaced with file.lo
-    xform='[cCFSfmso]'
-    case $libobj in
-    *.ada) xform=ada ;;
-    *.adb) xform=adb ;;
-    *.ads) xform=ads ;;
-    *.asm) xform=asm ;;
-    *.c++) xform=c++ ;;
-    *.cc) xform=cc ;;
-    *.cpp) xform=cpp ;;
-    *.cxx) xform=cxx ;;
-    *.f90) xform=f90 ;;
-    *.for) xform=for ;;
-    esac
-
-    libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
-
-    case $libobj in
-    *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
-    *)
-      $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
-      exit 1
-      ;;
-    esac
-
-    if test -z "$base_compile"; then
-      $echo "$modename: you must specify a compilation command" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    # Delete any leftover library objects.
-    if test "$build_old_libs" = yes; then
-      removelist="$obj $libobj"
-    else
-      removelist="$libobj"
-    fi
-
-    $run $rm $removelist
-    trap "$run $rm $removelist; exit 1" 1 2 15
-
-    # On Cygwin there's no "real" PIC flag so we must build both object types
-    case $host_os in
-    cygwin* | mingw* | pw32* | os2*)
-      pic_mode=default
-      ;;
-    esac
-    if test $pic_mode = no && test "$deplibs_check_method" != pass_all; then
-      # non-PIC code in shared libraries is not supported
-      pic_mode=default
-    fi
-
-    # Calculate the filename of the output object if compiler does
-    # not support -o with -c
-    if test "$compiler_c_o" = no; then
-      output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
-      lockfile="$output_obj.lock"
-      removelist="$removelist $output_obj $lockfile"
-      trap "$run $rm $removelist; exit 1" 1 2 15
-    else
-      need_locks=no
-      lockfile=
-    fi
-
-    # Lock this critical section if it is needed
-    # We use this script file to make the link, it avoids creating a new file
-    if test "$need_locks" = yes; then
-      until $run ln "$0" "$lockfile" 2>/dev/null; do
-	$show "Waiting for $lockfile to be removed"
-	sleep 2
-      done
-    elif test "$need_locks" = warn; then
-      if test -f "$lockfile"; then
-	echo "\
-*** ERROR, $lockfile exists and contains:
-`cat $lockfile 2>/dev/null`
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit 1
-      fi
-      echo $srcfile > "$lockfile"
-    fi
-
-    if test -n "$fix_srcfile_path"; then
-      eval srcfile=\"$fix_srcfile_path\"
-    fi
-
-    # Only build a PIC object if we are building libtool libraries.
-    if test "$build_libtool_libs" = yes; then
-      # Without this assignment, base_compile gets emptied.
-      fbsd_hideous_sh_bug=$base_compile
-
-      if test "$pic_mode" != no; then
-	# All platforms use -DPIC, to notify preprocessed assembler code.
-	command="$base_compile $srcfile $pic_flag -DPIC"
-      else
-	# Don't build PIC code
-	command="$base_compile $srcfile"
-      fi
-      if test "$build_old_libs" = yes; then
-	lo_libobj="$libobj"
-	dir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$dir" = "X$libobj"; then
-	  dir="$objdir"
-	else
-	  dir="$dir/$objdir"
-	fi
-	libobj="$dir/"`$echo "X$libobj" | $Xsed -e 's%^.*/%%'`
-
-	if test -d "$dir"; then
-	  $show "$rm $libobj"
-	  $run $rm $libobj
-	else
-	  $show "$mkdir $dir"
-	  $run $mkdir $dir
-	  status=$?
-	  if test $status -ne 0 && test ! -d $dir; then
-	    exit $status
-	  fi
-	fi
-      fi
-      if test "$compiler_o_lo" = yes; then
-	output_obj="$libobj"
-	command="$command -o $output_obj"
-      elif test "$compiler_c_o" = yes; then
-	output_obj="$obj"
-	command="$command -o $output_obj"
-      fi
-
-      $run $rm "$output_obj"
-      $show "$command"
-      if $run eval "$command"; then :
-      else
-	test -n "$output_obj" && $run $rm $removelist
-	exit 1
-      fi
-
-      if test "$need_locks" = warn &&
-	 test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then
-	echo "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit 1
-      fi
-
-      # Just move the object if needed, then go on to compile the next one
-      if test x"$output_obj" != x"$libobj"; then
-	$show "$mv $output_obj $libobj"
-	if $run $mv $output_obj $libobj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # If we have no pic_flag, then copy the object into place and finish.
-      if (test -z "$pic_flag" || test "$pic_mode" != default) &&
-	 test "$build_old_libs" = yes; then
-	# Rename the .lo from within objdir to obj
-	if test -f $obj; then
-	  $show $rm $obj
-	  $run $rm $obj
-	fi
-
-	$show "$mv $libobj $obj"
-	if $run $mv $libobj $obj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-
-	xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$xdir" = "X$obj"; then
-	  xdir="."
-	else
-	  xdir="$xdir"
-	fi
-	baseobj=`$echo "X$obj" | $Xsed -e "s%.*/%%"`
-	libobj=`$echo "X$baseobj" | $Xsed -e "$o2lo"`
-	# Now arrange that obj and lo_libobj become the same file
-	$show "(cd $xdir && $LN_S $baseobj $libobj)"
-	if $run eval '(cd $xdir && $LN_S $baseobj $libobj)'; then
-	  # Unlock the critical section if it was locked
-	  if test "$need_locks" != no; then
-	    $run $rm "$lockfile"
-	  fi
-	  exit 0
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # Allow error messages only from the first compilation.
-      suppress_output=' >/dev/null 2>&1'
-    fi
-
-    # Only build a position-dependent object if we build old libraries.
-    if test "$build_old_libs" = yes; then
-      if test "$pic_mode" != yes; then
-	# Don't build PIC code
-	command="$base_compile $srcfile"
-      else
-	# All platforms use -DPIC, to notify preprocessed assembler code.
-	command="$base_compile $srcfile $pic_flag -DPIC"
-      fi
-      if test "$compiler_c_o" = yes; then
-	command="$command -o $obj"
-	output_obj="$obj"
-      fi
-
-      # Suppress compiler output if we already did a PIC compilation.
-      command="$command$suppress_output"
-      $run $rm "$output_obj"
-      $show "$command"
-      if $run eval "$command"; then :
-      else
-	$run $rm $removelist
-	exit 1
-      fi
-
-      if test "$need_locks" = warn &&
-	 test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then
-	echo "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support \`-c' and \`-o' together.  If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
-	$run $rm $removelist
-	exit 1
-      fi
-
-      # Just move the object if needed
-      if test x"$output_obj" != x"$obj"; then
-	$show "$mv $output_obj $obj"
-	if $run $mv $output_obj $obj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-
-      # Create an invalid libtool object if no PIC, so that we do not
-      # accidentally link it into a program.
-      if test "$build_libtool_libs" != yes; then
-	$show "echo timestamp > $libobj"
-	$run eval "echo timestamp > \$libobj" || exit $?
-      else
-	# Move the .lo from within objdir
-	$show "$mv $libobj $lo_libobj"
-	if $run $mv $libobj $lo_libobj; then :
-	else
-	  error=$?
-	  $run $rm $removelist
-	  exit $error
-	fi
-      fi
-    fi
-
-    # Unlock the critical section if it was locked
-    if test "$need_locks" != no; then
-      $run $rm "$lockfile"
-    fi
-
-    exit 0
-    ;;
-
-  # libtool link mode
-  link | relink)
-    modename="$modename: link"
-    case $host in
-    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-      # It is impossible to link a dll without this setting, and
-      # we shouldn't force the makefile maintainer to figure out
-      # which system we are compiling for in order to pass an extra
-      # flag for every libtool invokation.
-      # allow_undefined=no
-
-      # FIXME: Unfortunately, there are problems with the above when trying
-      # to make a dll which has undefined symbols, in which case not
-      # even a static library is built.  For now, we need to specify
-      # -no-undefined on the libtool link line when we can be certain
-      # that all symbols are satisfied, otherwise we get a static library.
-      allow_undefined=yes
-      ;;
-    *)
-      allow_undefined=yes
-      ;;
-    esac
-    libtool_args="$nonopt"
-    compile_command="$nonopt"
-    finalize_command="$nonopt"
-
-    compile_rpath=
-    finalize_rpath=
-    compile_shlibpath=
-    finalize_shlibpath=
-    convenience=
-    old_convenience=
-    deplibs=
-    old_deplibs=
-    compiler_flags=
-    linker_flags=
-    dllsearchpath=
-    lib_search_path=`pwd`
-
-    avoid_version=no
-    dlfiles=
-    dlprefiles=
-    dlself=no
-    export_dynamic=no
-    export_symbols=
-    export_symbols_regex=
-    generated=
-    libobjs=
-    ltlibs=
-    module=no
-    no_install=no
-    objs=
-    prefer_static_libs=no
-    preload=no
-    prev=
-    prevarg=
-    release=
-    rpath=
-    xrpath=
-    perm_rpath=
-    temp_rpath=
-    thread_safe=no
-    vinfo=
-
-    # We need to know -static, to get the right output filenames.
-    for arg
-    do
-      case $arg in
-      -all-static | -static)
-	if test "X$arg" = "X-all-static"; then
-	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
-	    $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
-	  fi
-	  if test -n "$link_static_flag"; then
-	    dlopen_self=$dlopen_self_static
-	  fi
-	else
-	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
-	    dlopen_self=$dlopen_self_static
-	  fi
-	fi
-	build_libtool_libs=no
-	build_old_libs=yes
-	prefer_static_libs=yes
-	break
-	;;
-      esac
-    done
-
-    # See if our shared archives depend on static archives.
-    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
-
-    # Go through the arguments, transforming them on the way.
-    while test $# -gt 0; do
-      arg="$1"
-      shift
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
-	;;
-      *) qarg=$arg ;;
-      esac
-      libtool_args="$libtool_args $qarg"
-
-      # If the previous option needs an argument, assign it.
-      if test -n "$prev"; then
-	case $prev in
-	output)
-	  compile_command="$compile_command @OUTPUT@"
-	  finalize_command="$finalize_command @OUTPUT@"
-	  ;;
-	esac
-
-	case $prev in
-	dlfiles|dlprefiles)
-	  if test "$preload" = no; then
-	    # Add the symbol object into the linking commands.
-	    compile_command="$compile_command @SYMFILE@"
-	    finalize_command="$finalize_command @SYMFILE@"
-	    preload=yes
-	  fi
-	  case $arg in
-	  *.la | *.lo) ;;  # We handle these cases below.
-	  force)
-	    if test "$dlself" = no; then
-	      dlself=needless
-	      export_dynamic=yes
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  self)
-	    if test "$prev" = dlprefiles; then
-	      dlself=yes
-	    elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
-	      dlself=yes
-	    else
-	      dlself=needless
-	      export_dynamic=yes
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  *)
-	    if test "$prev" = dlfiles; then
-	      dlfiles="$dlfiles $arg"
-	    else
-	      dlprefiles="$dlprefiles $arg"
-	    fi
-	    prev=
-	    continue
-	    ;;
-	  esac
-	  ;;
-	expsyms)
-	  export_symbols="$arg"
-	  if test ! -f "$arg"; then
-	    $echo "$modename: symbol file \`$arg' does not exist"
-	    exit 1
-	  fi
-	  prev=
-	  continue
-	  ;;
-	expsyms_regex)
-	  export_symbols_regex="$arg"
-	  prev=
-	  continue
-	  ;;
-	release)
-	  release="-$arg"
-	  prev=
-	  continue
-	  ;;
-	rpath | xrpath)
-	  # We need an absolute path.
-	  case $arg in
-	  [\\/]* | [A-Za-z]:[\\/]*) ;;
-	  *)
-	    $echo "$modename: only absolute run-paths are allowed" 1>&2
-	    exit 1
-	    ;;
-	  esac
-	  if test "$prev" = rpath; then
-	    case "$rpath " in
-	    *" $arg "*) ;;
-	    *) rpath="$rpath $arg" ;;
-	    esac
-	  else
-	    case "$xrpath " in
-	    *" $arg "*) ;;
-	    *) xrpath="$xrpath $arg" ;;
-	    esac
-	  fi
-	  prev=
-	  continue
-	  ;;
-	xcompiler)
-	  compiler_flags="$compiler_flags $qarg"
-	  prev=
-	  compile_command="$compile_command $qarg"
-	  finalize_command="$finalize_command $qarg"
-	  continue
-	  ;;
-	xlinker)
-	  linker_flags="$linker_flags $qarg"
-	  compiler_flags="$compiler_flags $wl$qarg"
-	  prev=
-	  compile_command="$compile_command $wl$qarg"
-	  finalize_command="$finalize_command $wl$qarg"
-	  continue
-	  ;;
-	*)
-	  eval "$prev=\"\$arg\""
-	  prev=
-	  continue
-	  ;;
-	esac
-      fi # test -n $prev
-
-      prevarg="$arg"
-
-      case $arg in
-      -all-static)
-	if test -n "$link_static_flag"; then
-	  compile_command="$compile_command $link_static_flag"
-	  finalize_command="$finalize_command $link_static_flag"
-	fi
-	continue
-	;;
-
-      -allow-undefined)
-	# FIXME: remove this flag sometime in the future.
-	$echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
-	continue
-	;;
-
-      -avoid-version)
-	avoid_version=yes
-	continue
-	;;
-
-      -dlopen)
-	prev=dlfiles
-	continue
-	;;
-
-      -dlpreopen)
-	prev=dlprefiles
-	continue
-	;;
-
-      -export-dynamic)
-	export_dynamic=yes
-	continue
-	;;
-
-      -export-symbols | -export-symbols-regex)
-	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
-	  $echo "$modename: more than one -exported-symbols argument is not allowed"
-	  exit 1
-	fi
-	if test "X$arg" = "X-export-symbols"; then
-	  prev=expsyms
-	else
-	  prev=expsyms_regex
-	fi
-	continue
-	;;
-
-      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
-      # so, if we see these flags be careful not to treat them like -L
-      -L[A-Z][A-Z]*:*)
-	case $with_gcc/$host in
-	no/*-*-irix*)
-	  compile_command="$compile_command $arg"
-	  finalize_command="$finalize_command $arg"
-	  ;;
-	esac
-	continue
-	;;
-
-      -L*)
-	dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
-	# We need an absolute path.
-	case $dir in
-	[\\/]* | [A-Za-z]:[\\/]*) ;;
-	*)
-	  absdir=`cd "$dir" && pwd`
-	  if test -z "$absdir"; then
-	    $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
-	    exit 1
-	  fi
-	  dir="$absdir"
-	  ;;
-	esac
-	case "$deplibs " in
-	*" -L$dir "*) ;;
-	*)
-	  deplibs="$deplibs -L$dir"
-	  lib_search_path="$lib_search_path $dir"
-	  ;;
-	esac
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  case :$dllsearchpath: in
-	  *":$dir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$dir";;
-	  esac
-	  ;;
-	esac
-	continue
-	;;
-
-      -l*)
-	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
-	  case $host in
-	  *-*-cygwin* | *-*-pw32* | *-*-beos*)
-	    # These systems don't actually have a C or math library (as such)
-	    continue
-	    ;;
-	  *-*-mingw* | *-*-os2*)
-	    # These systems don't actually have a C library (as such)
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  *-*-openbsd*)
-	    # Do not include libc due to us having libc/libc_r.
-	    test "X$arg" = "X-lc" && continue
-	    ;;
-	  esac
-	 elif test "X$arg" = "X-lc_r"; then
-	  case $host in
-	  *-*-openbsd*)
-	    # Do not include libc_r directly, use -pthread flag.
-	    continue
-	    ;;
-	  esac
-	fi
-	deplibs="$deplibs $arg"
-	continue
-	;;
-
-      -module)
-	module=yes
-	continue
-	;;
-
-      -no-fast-install)
-	fast_install=no
-	continue
-	;;
-
-      -no-install)
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  # The PATH hackery in wrapper scripts is required on Windows
-	  # in order for the loader to find any dlls it needs.
-	  $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
-	  $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
-	  fast_install=no
-	  ;;
-	*) no_install=yes ;;
-	esac
-	continue
-	;;
-
-      -no-undefined)
-	allow_undefined=no
-	continue
-	;;
-
-      -o) prev=output ;;
-
-      -release)
-	prev=release
-	continue
-	;;
-
-      -rpath)
-	prev=rpath
-	continue
-	;;
-
-      -R)
-	prev=xrpath
-	continue
-	;;
-
-      -R*)
-	dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
-	# We need an absolute path.
-	case $dir in
-	[\\/]* | [A-Za-z]:[\\/]*) ;;
-	*)
-	  $echo "$modename: only absolute run-paths are allowed" 1>&2
-	  exit 1
-	  ;;
-	esac
-	case "$xrpath " in
-	*" $dir "*) ;;
-	*) xrpath="$xrpath $dir" ;;
-	esac
-	continue
-	;;
-
-      -static)
-	# The effects of -static are defined in a previous loop.
-	# We used to do the same as -all-static on platforms that
-	# didn't have a PIC flag, but the assumption that the effects
-	# would be equivalent was wrong.  It would break on at least
-	# Digital Unix and AIX.
-	continue
-	;;
-
-      -thread-safe)
-	thread_safe=yes
-	continue
-	;;
-
-      -version-info)
-	prev=vinfo
-	continue
-	;;
-
-      -Wc,*)
-	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
-	arg=
-	save_ifs="$IFS"; IFS=','
-	for flag in $args; do
-	  IFS="$save_ifs"
-	  case $flag in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    flag="\"$flag\""
-	    ;;
-	  esac
-	  arg="$arg $wl$flag"
-	  compiler_flags="$compiler_flags $flag"
-	done
-	IFS="$save_ifs"
-	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
-	;;
-
-      -Wl,*)
-	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
-	arg=
-	save_ifs="$IFS"; IFS=','
-	for flag in $args; do
-	  IFS="$save_ifs"
-	  case $flag in
-	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	    flag="\"$flag\""
-	    ;;
-	  esac
-	  arg="$arg $wl$flag"
-	  compiler_flags="$compiler_flags $wl$flag"
-	  linker_flags="$linker_flags $flag"
-	done
-	IFS="$save_ifs"
-	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
-	;;
-
-      -Xcompiler)
-	prev=xcompiler
-	continue
-	;;
-
-      -Xlinker)
-	prev=xlinker
-	continue
-	;;
-
-      # Some other compiler flag.
-      -* | +*)
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	;;
-
-      *.lo | *.$objext)
-	# A library or standard object.
-	if test "$prev" = dlfiles; then
-	  # This file was specified with -dlopen.
-	  if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
-	    dlfiles="$dlfiles $arg"
-	    prev=
-	    continue
-	  else
-	    # If libtool objects are unsupported, then we need to preload.
-	    prev=dlprefiles
-	  fi
-	fi
-
-	if test "$prev" = dlprefiles; then
-	  # Preload the old-style object.
-	  dlprefiles="$dlprefiles "`$echo "X$arg" | $Xsed -e "$lo2o"`
-	  prev=
-	else
-	  case $arg in
-	  *.lo) libobjs="$libobjs $arg" ;;
-	  *) objs="$objs $arg" ;;
-	  esac
-	fi
-	;;
-
-      *.$libext)
-	# An archive.
-	deplibs="$deplibs $arg"
-	old_deplibs="$old_deplibs $arg"
-	continue
-	;;
-
-      *.la)
-	# A libtool-controlled library.
-
-	if test "$prev" = dlfiles; then
-	  # This library was specified with -dlopen.
-	  dlfiles="$dlfiles $arg"
-	  prev=
-	elif test "$prev" = dlprefiles; then
-	  # The library was specified with -dlpreopen.
-	  dlprefiles="$dlprefiles $arg"
-	  prev=
-	else
-	  deplibs="$deplibs $arg"
-	fi
-	continue
-	;;
-
-      # Some other compiler argument.
-      *)
-	# Unknown arguments in both finalize_command and compile_command need
-	# to be aesthetically quoted because they are evaled later.
-	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-	case $arg in
-	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-	  arg="\"$arg\""
-	  ;;
-	esac
-	;;
-      esac # arg
-
-      # Now actually substitute the argument into the commands.
-      if test -n "$arg"; then
-	compile_command="$compile_command $arg"
-	finalize_command="$finalize_command $arg"
-      fi
-    done # argument parsing loop
-
-    if test -n "$prev"; then
-      $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
-      eval arg=\"$export_dynamic_flag_spec\"
-      compile_command="$compile_command $arg"
-      finalize_command="$finalize_command $arg"
-    fi
-
-    # calculate the name of the file, without its directory
-    outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
-    libobjs_save="$libobjs"
-
-    if test -n "$shlibpath_var"; then
-      # get the directories listed in $shlibpath_var
-      eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
-    else
-      shlib_search_path=
-    fi
-    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
-    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
-
-    output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
-    if test "X$output_objdir" = "X$output"; then
-      output_objdir="$objdir"
-    else
-      output_objdir="$output_objdir/$objdir"
-    fi
-    # Create the object directory.
-    if test ! -d $output_objdir; then
-      $show "$mkdir $output_objdir"
-      $run $mkdir $output_objdir
-      status=$?
-      if test $status -ne 0 && test ! -d $output_objdir; then
-	exit $status
-      fi
-    fi
-
-    # Determine the type of output
-    case $output in
-    "")
-      $echo "$modename: you must specify an output file" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-      ;;
-    *.$libext) linkmode=oldlib ;;
-    *.lo | *.$objext) linkmode=obj ;;
-    *.la) linkmode=lib ;;
-    *) linkmode=prog ;; # Anything else should be a program.
-    esac
-
-    specialdeplibs=
-    libs=
-    # Find all interdependent deplibs by searching for libraries
-    # that are linked more than once (e.g. -la -lb -la)
-    for deplib in $deplibs; do
-      case "$libs " in
-      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-      esac
-      libs="$libs $deplib"
-    done
-    deplibs=
-    newdependency_libs=
-    newlib_search_path=
-    need_relink=no # whether we're linking any uninstalled libtool libraries
-    notinst_deplibs= # not-installed libtool libraries
-    notinst_path= # paths that contain not-installed libtool libraries
-    case $linkmode in
-    lib)
-	passes="conv link"
-	for file in $dlfiles $dlprefiles; do
-	  case $file in
-	  *.la) ;;
-	  *)
-	    $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
-	    exit 1
-	    ;;
-	  esac
-	done
-	;;
-    prog)
-	compile_deplibs=
-	finalize_deplibs=
-	alldeplibs=no
-	newdlfiles=
-	newdlprefiles=
-	passes="conv scan dlopen dlpreopen link"
-	;;
-    *)  passes="conv"
-	;;
-    esac
-    for pass in $passes; do
-      if test $linkmode = prog; then
-	# Determine which files to process
-	case $pass in
-	dlopen)
-	  libs="$dlfiles"
-	  save_deplibs="$deplibs" # Collect dlpreopened libraries
-	  deplibs=
-	  ;;
-	dlpreopen) libs="$dlprefiles" ;;
-	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
-	esac
-      fi
-      for deplib in $libs; do
-	lib=
-	found=no
-	case $deplib in
-	-l*)
-	  if test $linkmode = oldlib && test $linkmode = obj; then
-	    $echo "$modename: warning: \`-l' is ignored for archives/objects: $deplib" 1>&2
-	    continue
-	  fi
-	  if test $pass = conv; then
-	    deplibs="$deplib $deplibs"
-	    continue
-	  fi
-	  name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
-	  for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
-	    # Search the libtool library
-	    lib="$searchdir/lib${name}.la"
-	    if test -f "$lib"; then
-	      found=yes
-	      break
-	    fi
-	  done
-	  if test "$found" != yes; then
-	    # deplib doesn't seem to be a libtool library
-	    if test "$linkmode,$pass" = "prog,link"; then
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    else
-	      deplibs="$deplib $deplibs"
-	      test $linkmode = lib && newdependency_libs="$deplib $newdependency_libs"
-	    fi
-	    continue
-	  fi
-	  ;; # -l
-	-L*)
-	  case $linkmode in
-	  lib)
-	    deplibs="$deplib $deplibs"
-	    test $pass = conv && continue
-	    newdependency_libs="$deplib $newdependency_libs"
-	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
-	    ;;
-	  prog)
-	    if test $pass = conv; then
-	      deplibs="$deplib $deplibs"
-	      continue
-	    fi
-	    if test $pass = scan; then
-	      deplibs="$deplib $deplibs"
-	      newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
-	    else
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    fi
-	    ;;
-	  *)
-	    $echo "$modename: warning: \`-L' is ignored for archives/objects: $deplib" 1>&2
-	    ;;
-	  esac # linkmode
-	  continue
-	  ;; # -L
-	-R*)
-	  if test $pass = link; then
-	    dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
-	    # Make sure the xrpath contains only unique directories.
-	    case "$xrpath " in
-	    *" $dir "*) ;;
-	    *) xrpath="$xrpath $dir" ;;
-	    esac
-	  fi
-	  deplibs="$deplib $deplibs"
-	  continue
-	  ;;
-	*.la) lib="$deplib" ;;
-	*.$libext)
-	  if test $pass = conv; then
-	    deplibs="$deplib $deplibs"
-	    continue
-	  fi
-	  case $linkmode in
-	  lib)
-	    if test "$deplibs_check_method" != pass_all; then
-	      echo
-	      echo "*** Warning: This library needs some functionality provided by $deplib."
-	      echo "*** I have the capability to make that library automatically link in when"
-	      echo "*** you link to this library.  But I can only do this if you have a"
-	      echo "*** shared version of the library, which you do not appear to have."
-	    else
-	      echo
-	      echo "*** Warning: Linking the shared library $output against the"
-	      echo "*** static library $deplib is not portable!"
-	      deplibs="$deplib $deplibs"
-	    fi
-	    continue
-	    ;;
-	  prog)
-	    if test $pass != link; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      compile_deplibs="$deplib $compile_deplibs"
-	      finalize_deplibs="$deplib $finalize_deplibs"
-	    fi
-	    continue
-	    ;;
-	  esac # linkmode
-	  ;; # *.$libext
-	*.lo | *.$objext)
-	  if test $pass = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
-	    # If there is no dlopen support or we're linking statically,
-	    # we need to preload.
-	    newdlprefiles="$newdlprefiles $deplib"
-	    compile_deplibs="$deplib $compile_deplibs"
-	    finalize_deplibs="$deplib $finalize_deplibs"
-	  else
-	    newdlfiles="$newdlfiles $deplib"
-	  fi
-	  continue
-	  ;;
-	%DEPLIBS%)
-	  alldeplibs=yes
-	  continue
-	  ;;
-	esac # case $deplib
-	if test $found = yes || test -f "$lib"; then :
-	else
-	  $echo "$modename: cannot find the library \`$lib'" 1>&2
-	  exit 1
-	fi
-
-	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $lib | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  exit 1
-	fi
-
-	ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$ladir" = "X$lib" && ladir="."
-
-	dlname=
-	dlopen=
-	dlpreopen=
-	libdir=
-	library_names=
-	old_library=
-	# If the library was installed with an old release of libtool,
-	# it will not redefine variable installed.
-	installed=yes
-
-	# Read the .la file
-	case $lib in
-	*/* | *\\*) . $lib ;;
-	*) . ./$lib ;;
-	esac
-
-	if test "$linkmode,$pass" = "lib,link" ||
-	   test "$linkmode,$pass" = "prog,scan" ||
-	   { test $linkmode = oldlib && test $linkmode = obj; }; then
-	   # Add dl[pre]opened files of deplib
-	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
-	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
-	fi
-
-	if test $pass = conv; then
-	  # Only check for convenience libraries
-	  deplibs="$lib $deplibs"
-	  if test -z "$libdir"; then
-	    if test -z "$old_library"; then
-	      $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	      exit 1
-	    fi
-	    # It is a libtool convenience library, so add in its objects.
-	    convenience="$convenience $ladir/$objdir/$old_library"
-	    old_convenience="$old_convenience $ladir/$objdir/$old_library"
-	    tmp_libs=
-	    for deplib in $dependency_libs; do
-	      deplibs="$deplib $deplibs"
-	      case "$tmp_libs " in
-	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	      esac
-	      tmp_libs="$tmp_libs $deplib"
-	    done
-	  elif test $linkmode != prog && test $linkmode != lib; then
-	    $echo "$modename: \`$lib' is not a convenience library" 1>&2
-	    exit 1
-	  fi
-	  continue
-	fi # $pass = conv
-
-	# Get the name of the library we link against.
-	linklib=
-	for l in $old_library $library_names; do
-	  linklib="$l"
-	done
-	if test -z "$linklib"; then
-	  $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
-	  exit 1
-	fi
-
-	# This library was specified with -dlopen.
-	if test $pass = dlopen; then
-	  if test -z "$libdir"; then
-	    $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
-	    exit 1
-	  fi
-	  if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
-	    # If there is no dlname, no dlopen support or we're linking
-	    # statically, we need to preload.
-	    dlprefiles="$dlprefiles $lib"
-	  else
-	    newdlfiles="$newdlfiles $lib"
-	  fi
-	  continue
-	fi # $pass = dlopen
-
-	# We need an absolute path.
-	case $ladir in
-	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
-	*)
-	  abs_ladir=`cd "$ladir" && pwd`
-	  if test -z "$abs_ladir"; then
-	    $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
-	    $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
-	    abs_ladir="$ladir"
-	  fi
-	  ;;
-	esac
-	laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-
-	# Find the relevant object directory and library name.
-	if test "X$installed" = Xyes; then
-	  if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
-	    $echo "$modename: warning: library \`$lib' was moved." 1>&2
-	    dir="$ladir"
-	    absdir="$abs_ladir"
-	    libdir="$abs_ladir"
-	  else
-	    dir="$libdir"
-	    absdir="$libdir"
-	  fi
-	else
-	  dir="$ladir/$objdir"
-	  absdir="$abs_ladir/$objdir"
-	  # Remove this search path later
-	  notinst_path="$notinst_path $abs_ladir"
-	fi # $installed = yes
-	name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
-
-	# This library was specified with -dlpreopen.
-	if test $pass = dlpreopen; then
-	  if test -z "$libdir"; then
-	    $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
-	    exit 1
-	  fi
-	  # Prefer using a static library (so that no silly _DYNAMIC symbols
-	  # are required to link).
-	  if test -n "$old_library"; then
-	    newdlprefiles="$newdlprefiles $dir/$old_library"
-	  # Otherwise, use the dlname, so that lt_dlopen finds it.
-	  elif test -n "$dlname"; then
-	    newdlprefiles="$newdlprefiles $dir/$dlname"
-	  else
-	    newdlprefiles="$newdlprefiles $dir/$linklib"
-	  fi
-	fi # $pass = dlpreopen
-
-	if test -z "$libdir"; then
-	  # Link the convenience library
-	  if test $linkmode = lib; then
-	    deplibs="$dir/$old_library $deplibs"
-	  elif test "$linkmode,$pass" = "prog,link"; then
-	    compile_deplibs="$dir/$old_library $compile_deplibs"
-	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
-	  else
-	    deplibs="$lib $deplibs"
-	  fi
-	  continue
-	fi
-
-	if test $linkmode = prog && test $pass != link; then
-	  newlib_search_path="$newlib_search_path $ladir"
-	  deplibs="$lib $deplibs"
-
-	  linkalldeplibs=no
-	  if test "$link_all_deplibs" != no || test -z "$library_names" ||
-	     test "$build_libtool_libs" = no; then
-	    linkalldeplibs=yes
-	  fi
-
-	  tmp_libs=
-	  for deplib in $dependency_libs; do
-	    case $deplib in
-	    -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
-	    esac
-	    # Need to link against all dependency_libs?
-	    if test $linkalldeplibs = yes; then
-	      deplibs="$deplib $deplibs"
-	    else
-	      # Need to hardcode shared library paths
-	      # or/and link against static libraries
-	      newdependency_libs="$deplib $newdependency_libs"
-	    fi
-	    case "$tmp_libs " in
-	    *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	    esac
-	    tmp_libs="$tmp_libs $deplib"
-	  done # for deplib
-	  continue
-	fi # $linkmode = prog...
-
-	link_static=no # Whether the deplib will be linked statically
-	if test -n "$library_names" &&
-	   { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
-	  # Link against this shared library
-
-	  if test "$linkmode,$pass" = "prog,link" ||
-	   { test $linkmode = lib && test $hardcode_into_libs = yes; }; then
-	    # Hardcode the library path.
-	    # Skip directories that are in the system default run-time
-	    # search path.
-	    case " $sys_lib_dlsearch_path " in
-	    *" $absdir "*) ;;
-	    *)
-	      case "$compile_rpath " in
-	      *" $absdir "*) ;;
-	      *) compile_rpath="$compile_rpath $absdir"
-	      esac
-	      ;;
-	    esac
-	    case " $sys_lib_dlsearch_path " in
-	    *" $libdir "*) ;;
-	    *)
-	      case "$finalize_rpath " in
-	      *" $libdir "*) ;;
-	      *) finalize_rpath="$finalize_rpath $libdir"
-	      esac
-	      ;;
-	    esac
-	    if test $linkmode = prog; then
-	      # We need to hardcode the library path
-	      if test -n "$shlibpath_var"; then
-		# Make sure the rpath contains only unique directories.
-		case "$temp_rpath " in
-		*" $dir "*) ;;
-		*" $absdir "*) ;;
-		*) temp_rpath="$temp_rpath $dir" ;;
-		esac
-	      fi
-	    fi
-	  fi # $linkmode,$pass = prog,link...
-
-	  if test "$alldeplibs" = yes &&
-	     { test "$deplibs_check_method" = pass_all ||
-	       { test "$build_libtool_libs" = yes &&
-		 test -n "$library_names"; }; }; then
-	    # We only need to search for static libraries
-	    continue
-	  fi
-
-	  if test "$installed" = no; then
-	    notinst_deplibs="$notinst_deplibs $lib"
-	    need_relink=yes
-	  fi
-
-	  if test -n "$old_archive_from_expsyms_cmds"; then
-	    # figure out the soname
-	    set dummy $library_names
-	    realname="$2"
-	    shift; shift
-	    libname=`eval \\$echo \"$libname_spec\"`
-	    # use dlname if we got it. it's perfectly good, no?
-	    if test -n "$dlname"; then
-	      soname="$dlname"
-	    elif test -n "$soname_spec"; then
-	      # bleh windows
-	      case $host in
-	      *cygwin*)
-		major=`expr $current - $age`
-		versuffix="-$major"
-		;;
-	      esac
-	      eval soname=\"$soname_spec\"
-	    else
-	      soname="$realname"
-	    fi
-
-	    # Make a new name for the extract_expsyms_cmds to use
-	    soroot="$soname"
-	    soname=`echo $soroot | sed -e 's/^.*\///'`
-	    newlib="libimp-`echo $soname | sed 's/^lib//;s/\.dll$//'`.a"
-
-	    # If the library has no export list, then create one now
-	    if test -f "$output_objdir/$soname-def"; then :
-	    else
-	      $show "extracting exported symbol list from \`$soname'"
-	      save_ifs="$IFS"; IFS='~'
-	      eval cmds=\"$extract_expsyms_cmds\"
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd" || exit $?
-	      done
-	      IFS="$save_ifs"
-	    fi
-
-	    # Create $newlib
-	    if test -f "$output_objdir/$newlib"; then :; else
-	      $show "generating import library for \`$soname'"
-	      save_ifs="$IFS"; IFS='~'
-	      eval cmds=\"$old_archive_from_expsyms_cmds\"
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd" || exit $?
-	      done
-	      IFS="$save_ifs"
-	    fi
-	    # make sure the library variables are pointing to the new library
-	    dir=$output_objdir
-	    linklib=$newlib
-	  fi # test -n $old_archive_from_expsyms_cmds
-
-	  if test $linkmode = prog || test "$mode" != relink; then
-	    add_shlibpath=
-	    add_dir=
-	    add=
-	    lib_linked=yes
-	    case $hardcode_action in
-	    immediate | unsupported)
-	      if test "$hardcode_direct" = no; then
-		add="$dir/$linklib"
-	      elif test "$hardcode_minus_L" = no; then
-		case $host in
-		*-*-sunos*) add_shlibpath="$dir" ;;
-		esac
-		add_dir="-L$dir"
-		add="-l$name"
-	      elif test "$hardcode_shlibpath_var" = no; then
-		add_shlibpath="$dir"
-		add="-l$name"
-	      else
-		lib_linked=no
-	      fi
-	      ;;
-	    relink)
-	      if test "$hardcode_direct" = yes; then
-		add="$dir/$linklib"
-	      elif test "$hardcode_minus_L" = yes; then
-		add_dir="-L$dir"
-		add="-l$name"
-	      elif test "$hardcode_shlibpath_var" = yes; then
-		add_shlibpath="$dir"
-		add="-l$name"
-	      else
-		lib_linked=no
-	      fi
-	      ;;
-	    *) lib_linked=no ;;
-	    esac
-
-	    if test "$lib_linked" != yes; then
-	      $echo "$modename: configuration error: unsupported hardcode properties"
-	      exit 1
-	    fi
-
-	    if test -n "$add_shlibpath"; then
-	      case :$compile_shlibpath: in
-	      *":$add_shlibpath:"*) ;;
-	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
-	      esac
-	    fi
-	    if test $linkmode = prog; then
-	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
-	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
-	    else
-	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
-	      test -n "$add" && deplibs="$add $deplibs"
-	      if test "$hardcode_direct" != yes && \
-		 test "$hardcode_minus_L" != yes && \
-		 test "$hardcode_shlibpath_var" = yes; then
-		case :$finalize_shlibpath: in
-		*":$libdir:"*) ;;
-		*) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
-		esac
-	      fi
-	    fi
-	  fi
-
-	  if test $linkmode = prog || test "$mode" = relink; then
-	    add_shlibpath=
-	    add_dir=
-	    add=
-	    # Finalize command for both is simple: just hardcode it.
-	    if test "$hardcode_direct" = yes; then
-	      add="$libdir/$linklib"
-	    elif test "$hardcode_minus_L" = yes; then
-	      add_dir="-L$libdir"
-	      add="-l$name"
-	    elif test "$hardcode_shlibpath_var" = yes; then
-	      case :$finalize_shlibpath: in
-	      *":$libdir:"*) ;;
-	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
-	      esac
-	      add="-l$name"
-	    else
-	      # We cannot seem to hardcode it, guess we'll fake it.
-	      add_dir="-L$libdir"
-	      add="-l$name"
-	    fi
-
-	    if test $linkmode = prog; then
-	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
-	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
-	    else
-	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
-	      test -n "$add" && deplibs="$add $deplibs"
-	    fi
-	  fi
-	elif test $linkmode = prog; then
-	  if test "$alldeplibs" = yes &&
-	     { test "$deplibs_check_method" = pass_all ||
-	       { test "$build_libtool_libs" = yes &&
-		 test -n "$library_names"; }; }; then
-	    # We only need to search for static libraries
-	    continue
-	  fi
-
-	  # Try to link the static library
-	  # Here we assume that one of hardcode_direct or hardcode_minus_L
-	  # is not unsupported.  This is valid on all known static and
-	  # shared platforms.
-	  if test "$hardcode_direct" != unsupported; then
-	    test -n "$old_library" && linklib="$old_library"
-	    compile_deplibs="$dir/$linklib $compile_deplibs"
-	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
-	  else
-	    compile_deplibs="-l$name -L$dir $compile_deplibs"
-	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
-	  fi
-	elif test "$build_libtool_libs" = yes; then
-	  # Not a shared library
-	  if test "$deplibs_check_method" != pass_all; then
-	    # We're trying link a shared library against a static one
-	    # but the system doesn't support it.
-
-	    # Just print a warning and add the library to dependency_libs so
-	    # that the program can be linked against the static library.
-	    echo
-	    echo "*** Warning: This library needs some functionality provided by $lib."
-	    echo "*** I have the capability to make that library automatically link in when"
-	    echo "*** you link to this library.  But I can only do this if you have a"
-	    echo "*** shared version of the library, which you do not appear to have."
-	    if test "$module" = yes; then
-	      echo "*** Therefore, libtool will create a static module, that should work "
-	      echo "*** as long as the dlopening application is linked with the -dlopen flag."
-	      if test -z "$global_symbol_pipe"; then
-		echo
-		echo "*** However, this would only work if libtool was able to extract symbol"
-		echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-		echo "*** not find such a program.  So, this module is probably useless."
-		echo "*** \`nm' from GNU binutils and a full rebuild may help."
-	      fi
-	      if test "$build_old_libs" = no; then
-		build_libtool_libs=module
-		build_old_libs=yes
-	      else
-		build_libtool_libs=no
-	      fi
-	    fi
-	  else
-	    convenience="$convenience $dir/$old_library"
-	    old_convenience="$old_convenience $dir/$old_library"
-	    deplibs="$dir/$old_library $deplibs"
-	    link_static=yes
-	  fi
-	fi # link shared/static library?
-
-	if test $linkmode = lib; then
-	  if test -n "$dependency_libs" &&
-	     { test $hardcode_into_libs != yes || test $build_old_libs = yes ||
-	       test $link_static = yes; }; then
-	    # Extract -R from dependency_libs
-	    temp_deplibs=
-	    for libdir in $dependency_libs; do
-	      case $libdir in
-	      -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
-		   case " $xrpath " in
-		   *" $temp_xrpath "*) ;;
-		   *) xrpath="$xrpath $temp_xrpath";;
-		   esac;;
-	      *) temp_deplibs="$temp_deplibs $libdir";;
-	      esac
-	    done
-	    dependency_libs="$temp_deplibs"
-	  fi
-
-	  newlib_search_path="$newlib_search_path $absdir"
-	  # Link against this library
-	  test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
-	  # ... and its dependency_libs
-	  tmp_libs=
-	  for deplib in $dependency_libs; do
-	    newdependency_libs="$deplib $newdependency_libs"
-	    case "$tmp_libs " in
-	    *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
-	    esac
-	    tmp_libs="$tmp_libs $deplib"
-	  done
-
-	  if test $link_all_deplibs != no; then
-	    # Add the search paths of all dependency libraries
-	    for deplib in $dependency_libs; do
-	      case $deplib in
-	      -L*) path="$deplib" ;;
-	      *.la)
-		dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
-		test "X$dir" = "X$deplib" && dir="."
-		# We need an absolute path.
-		case $dir in
-		[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
-		*)
-		  absdir=`cd "$dir" && pwd`
-		  if test -z "$absdir"; then
-		    $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
-		    absdir="$dir"
-		  fi
-		  ;;
-		esac
-		if grep "^installed=no" $deplib > /dev/null; then
-		  path="-L$absdir/$objdir"
-		else
-		  eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
-		  if test -z "$libdir"; then
-		    $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		    exit 1
-		  fi
-		  if test "$absdir" != "$libdir"; then
-		    $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
-		  fi
-		  path="-L$absdir"
-		fi
-		;;
-	      *) continue ;;
-	      esac
-	      case " $deplibs " in
-	      *" $path "*) ;;
-	      *) deplibs="$deplibs $path" ;;
-	      esac
-	    done
-	  fi # link_all_deplibs != no
-	fi # linkmode = lib
-      done # for deplib in $libs
-      if test $pass = dlpreopen; then
-	# Link the dlpreopened libraries before other libraries
-	for deplib in $save_deplibs; do
-	  deplibs="$deplib $deplibs"
-	done
-      fi
-      if test $pass != dlopen; then
-	test $pass != scan && dependency_libs="$newdependency_libs"
-	if test $pass != conv; then
-	  # Make sure lib_search_path contains only unique directories.
-	  lib_search_path=
-	  for dir in $newlib_search_path; do
-	    case "$lib_search_path " in
-	    *" $dir "*) ;;
-	    *) lib_search_path="$lib_search_path $dir" ;;
-	    esac
-	  done
-	  newlib_search_path=
-	fi
-
-	if test "$linkmode,$pass" != "prog,link"; then
-	  vars="deplibs"
-	else
-	  vars="compile_deplibs finalize_deplibs"
-	fi
-	for var in $vars dependency_libs; do
-	  # Add libraries to $var in reverse order
-	  eval tmp_libs=\"\$$var\"
-	  new_libs=
-	  for deplib in $tmp_libs; do
-	    case $deplib in
-	    -L*) new_libs="$deplib $new_libs" ;;
-	    *)
-	      case " $specialdeplibs " in
-	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
-	      *)
-		case " $new_libs " in
-		*" $deplib "*) ;;
-		*) new_libs="$deplib $new_libs" ;;
-		esac
-		;;
-	      esac
-	      ;;
-	    esac
-	  done
-	  tmp_libs=
-	  for deplib in $new_libs; do
-	    case $deplib in
-	    -L*)
-	      case " $tmp_libs " in
-	      *" $deplib "*) ;;
-	      *) tmp_libs="$tmp_libs $deplib" ;;
-	      esac
-	      ;;
-	    *) tmp_libs="$tmp_libs $deplib" ;;
-	    esac
-	  done
-	  eval $var=\"$tmp_libs\"
-	done # for var
-      fi
-      if test "$pass" = "conv" &&
-       { test "$linkmode" = "lib" || test "$linkmode" = "prog"; }; then
-	libs="$deplibs" # reset libs
-	deplibs=
-      fi
-    done # for pass
-    if test $linkmode = prog; then
-      dlfiles="$newdlfiles"
-      dlprefiles="$newdlprefiles"
-    fi
-
-    case $linkmode in
-    oldlib)
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$rpath"; then
-	$echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$xrpath"; then
-	$echo "$modename: warning: \`-R' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for archives" 1>&2
-      fi
-
-      if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
-	$echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
-      fi
-
-      # Now set the variables for building old libraries.
-      build_libtool_libs=no
-      oldlibs="$output"
-      objs="$objs$old_deplibs"
-      ;;
-
-    lib)
-      # Make sure we only generate libraries of the form `libNAME.la'.
-      case $outputname in
-      lib*)
-	name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
-	eval libname=\"$libname_spec\"
-	;;
-      *)
-	if test "$module" = no; then
-	  $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-	if test "$need_lib_prefix" != no; then
-	  # Add the "lib" prefix for modules if required
-	  name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
-	  eval libname=\"$libname_spec\"
-	else
-	  libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
-	fi
-	;;
-      esac
-
-      if test -n "$objs"; then
-	if test "$deplibs_check_method" != pass_all; then
-	  $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
-	  exit 1
-	else
-	  echo
-	  echo "*** Warning: Linking the shared library $output against the non-libtool"
-	  echo "*** objects $objs is not portable!"
-	  libobjs="$libobjs $objs"
-	fi
-      fi
-
-      if test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
-      fi
-
-      set dummy $rpath
-      if test $# -gt 2; then
-	$echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
-      fi
-      install_libdir="$2"
-
-      oldlibs=
-      if test -z "$rpath"; then
-	if test "$build_libtool_libs" = yes; then
-	  # Building a libtool convenience library.
-	  libext=al
-	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
-	  build_libtool_libs=convenience
-	  build_old_libs=yes
-	fi
-
-	if test -n "$vinfo"; then
-	  $echo "$modename: warning: \`-version-info' is ignored for convenience libraries" 1>&2
-	fi
-
-	if test -n "$release"; then
-	  $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
-	fi
-      else
-
-	# Parse the version information argument.
-	save_ifs="$IFS"; IFS=':'
-	set dummy $vinfo 0 0 0
-	IFS="$save_ifs"
-
-	if test -n "$8"; then
-	  $echo "$modename: too many parameters to \`-version-info'" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-
-	current="$2"
-	revision="$3"
-	age="$4"
-
-	# Check that each of the things are valid numbers.
-	case $current in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: CURRENT \`$current' is not a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	case $revision in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: REVISION \`$revision' is not a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	case $age in
-	0 | [1-9] | [1-9][0-9] | [1-9][0-9][0-9]) ;;
-	*)
-	  $echo "$modename: AGE \`$age' is not a nonnegative integer" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	if test $age -gt $current; then
-	  $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
-	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
-	  exit 1
-	fi
-
-	# Calculate the version variables.
-	major=
-	versuffix=
-	verstring=
-	case $version_type in
-	none) ;;
-
-	darwin)
-	  # Like Linux, but with the current version available in
-	  # verstring for coding it into the library header
-	  major=.`expr $current - $age`
-	  versuffix="$major.$age.$revision"
-	  # Darwin ld doesn't like 0 for these options...
-	  minor_current=`expr $current + 1`
-	  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
-	  ;;
-
-	freebsd-aout)
-	  major=".$current"
-	  versuffix=".$current.$revision";
-	  ;;
-
-	freebsd-elf)
-	  major=".$current"
-	  versuffix=".$current";
-	  ;;
-
-	irix)
-	  major=`expr $current - $age + 1`
-	  verstring="sgi$major.$revision"
-
-	  # Add in all the interfaces that we are compatible with.
-	  loop=$revision
-	  while test $loop != 0; do
-	    iface=`expr $revision - $loop`
-	    loop=`expr $loop - 1`
-	    verstring="sgi$major.$iface:$verstring"
-	  done
-
-	  # Before this point, $major must not contain `.'.
-	  major=.$major
-	  versuffix="$major.$revision"
-	  ;;
-
-	linux)
-	  major=.`expr $current - $age`
-	  versuffix="$major.$age.$revision"
-	  ;;
-
-	osf)
-	  major=`expr $current - $age`
-	  versuffix=".$current.$age.$revision"
-	  verstring="$current.$age.$revision"
-
-	  # Add in all the interfaces that we are compatible with.
-	  loop=$age
-	  while test $loop != 0; do
-	    iface=`expr $current - $loop`
-	    loop=`expr $loop - 1`
-	    verstring="$verstring:${iface}.0"
-	  done
-
-	  # Make executables depend on our current version.
-	  verstring="$verstring:${current}.0"
-	  ;;
-
-	sunos)
-	  major=".$current"
-	  versuffix=".$current.$revision"
-	  ;;
-
-	windows)
-	  # Use '-' rather than '.', since we only want one
-	  # extension on DOS 8.3 filesystems.
-	  major=`expr $current - $age`
-	  versuffix="-$major"
-	  ;;
-
-	*)
-	  $echo "$modename: unknown library version type \`$version_type'" 1>&2
-	  echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	# Clear the version info if we defaulted, and they specified a release.
-	if test -z "$vinfo" && test -n "$release"; then
-	  major=
-	  verstring="0.0"
-	  case $version_type in
-	  darwin)
-	    # we can't check for "0.0" in archive_cmds due to quoting
-	    # problems, so we reset it completely
-	    verstring=""
-	    ;;
-	  *)
-	    verstring="0.0"
-	    ;;
-	  esac
-	  if test "$need_version" = no; then
-	    versuffix=
-	  else
-	    versuffix=".0.0"
-	  fi
-	fi
-
-	# Remove version info from name if versioning should be avoided
-	if test "$avoid_version" = yes && test "$need_version" = no; then
-	  major=
-	  versuffix=
-	  verstring=""
-	fi
-
-	# Check to see if the archive will have undefined symbols.
-	if test "$allow_undefined" = yes; then
-	  if test "$allow_undefined_flag" = unsupported; then
-	    $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
-	    build_libtool_libs=no
-	    build_old_libs=yes
-	  fi
-	else
-	  # Don't allow undefined symbols.
-	  allow_undefined_flag="$no_undefined_flag"
-	fi
-      fi
-
-      if test "$mode" != relink; then
-	# Remove our outputs.
-	$show "${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*"
-	$run ${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*
-      fi
-
-      # Now set the variables for building old libraries.
-      if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
-	oldlibs="$oldlibs $output_objdir/$libname.$libext"
-
-	# Transform .lo files to .o files.
-	oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
-      fi
-
-      # Eliminate all temporary directories.
-      for path in $notinst_path; do
-	lib_search_path=`echo "$lib_search_path " | sed -e 's% $path % %g'`
-	deplibs=`echo "$deplibs " | sed -e 's% -L$path % %g'`
-	dependency_libs=`echo "$dependency_libs " | sed -e 's% -L$path % %g'`
-      done
-
-      if test -n "$xrpath"; then
-	# If the user specified any rpath flags, then add them.
-	temp_xrpath=
-	for libdir in $xrpath; do
-	  temp_xrpath="$temp_xrpath -R$libdir"
-	  case "$finalize_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_rpath="$finalize_rpath $libdir" ;;
-	  esac
-	done
-	if test $hardcode_into_libs != yes || test $build_old_libs = yes; then
-	  dependency_libs="$temp_xrpath $dependency_libs"
-	fi
-      fi
-
-      # Make sure dlfiles contains only unique files that won't be dlpreopened
-      old_dlfiles="$dlfiles"
-      dlfiles=
-      for lib in $old_dlfiles; do
-	case " $dlprefiles $dlfiles " in
-	*" $lib "*) ;;
-	*) dlfiles="$dlfiles $lib" ;;
-	esac
-      done
-
-      # Make sure dlprefiles contains only unique files
-      old_dlprefiles="$dlprefiles"
-      dlprefiles=
-      for lib in $old_dlprefiles; do
-	case "$dlprefiles " in
-	*" $lib "*) ;;
-	*) dlprefiles="$dlprefiles $lib" ;;
-	esac
-      done
-
-      if test "$build_libtool_libs" = yes; then
-	if test -n "$rpath"; then
-	  case $host in
-	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
-	    # these systems don't actually have a c library (as such)!
-	    ;;
-	  *-*-rhapsody* | *-*-darwin1.[012])
-	    # Rhapsody C library is in the System framework
-	    deplibs="$deplibs -framework System"
-	    ;;
-	  *-*-netbsd*)
-	    # Don't link with libc until the a.out ld.so is fixed.
-	    ;;
-	  *-*-openbsd*)
-	    # Do not include libc due to us having libc/libc_r.
-	    ;;
-	  *)
-	    # Add libc to deplibs on all other systems if necessary.
-	    if test $build_libtool_need_lc = "yes"; then
-	      deplibs="$deplibs -lc"
-	    fi
-	    ;;
-	  esac
-	fi
-
-	# Transform deplibs into only deplibs that can be linked in shared.
-	name_save=$name
-	libname_save=$libname
-	release_save=$release
-	versuffix_save=$versuffix
-	major_save=$major
-	# I'm not sure if I'm treating the release correctly.  I think
-	# release should show up in the -l (ie -lgmp5) so we don't want to
-	# add it in twice.  Is that correct?
-	release=""
-	versuffix=""
-	major=""
-	newdeplibs=
-	droppeddeps=no
-	case $deplibs_check_method in
-	pass_all)
-	  # Don't check for shared/static.  Everything works.
-	  # This might be a little naive.  We might want to check
-	  # whether the library exists or not.  But this is on
-	  # osf3 & osf4 and I'm not really sure... Just
-	  # implementing what was already the behaviour.
-	  newdeplibs=$deplibs
-	  ;;
-	test_compile)
-	  # This code stresses the "libraries are programs" paradigm to its
-	  # limits. Maybe even breaks it.  We compile a program, linking it
-	  # against the deplibs as a proxy for the library.  Then we can check
-	  # whether they linked in statically or dynamically with ldd.
-	  $rm conftest.c
-	  cat > conftest.c <<EOF
-	  int main() { return 0; }
-EOF
-	  $rm conftest
-	  $CC -o conftest conftest.c $deplibs
-	  if test $? -eq 0 ; then
-	    ldd_output=`ldd conftest`
-	    for i in $deplibs; do
-	      name="`expr $i : '-l\(.*\)'`"
-	      # If $name is empty we are operating on a -L argument.
-	      if test -n "$name" && test "$name" != "0"; then
-		libname=`eval \\$echo \"$libname_spec\"`
-		deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		set dummy $deplib_matches
-		deplib_match=$2
-		if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		  newdeplibs="$newdeplibs $i"
-		else
-		  droppeddeps=yes
-		  echo
-		  echo "*** Warning: This library needs some functionality provided by $i."
-		  echo "*** I have the capability to make that library automatically link in when"
-		  echo "*** you link to this library.  But I can only do this if you have a"
-		  echo "*** shared version of the library, which you do not appear to have."
-		fi
-	      else
-		newdeplibs="$newdeplibs $i"
-	      fi
-	    done
-	  else
-	    # Error occured in the first compile.  Let's try to salvage the situation:
-	    # Compile a seperate program for each library.
-	    for i in $deplibs; do
-	      name="`expr $i : '-l\(.*\)'`"
-	     # If $name is empty we are operating on a -L argument.
-	      if test -n "$name" && test "$name" != "0"; then
-		$rm conftest
-		$CC -o conftest conftest.c $i
-		# Did it work?
-		if test $? -eq 0 ; then
-		  ldd_output=`ldd conftest`
-		  libname=`eval \\$echo \"$libname_spec\"`
-		  deplib_matches=`eval \\$echo \"$library_names_spec\"`
-		  set dummy $deplib_matches
-		  deplib_match=$2
-		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
-		    newdeplibs="$newdeplibs $i"
-		  else
-		    droppeddeps=yes
-		    echo
-		    echo "*** Warning: This library needs some functionality provided by $i."
-		    echo "*** I have the capability to make that library automatically link in when"
-		    echo "*** you link to this library.  But I can only do this if you have a"
-		    echo "*** shared version of the library, which you do not appear to have."
-		  fi
-		else
-		  droppeddeps=yes
-		  echo
-		  echo "*** Warning!  Library $i is needed by this library but I was not able to"
-		  echo "***  make it link in!  You will probably need to install it or some"
-		  echo "*** library that it depends on before this library will be fully"
-		  echo "*** functional.  Installing it before continuing would be even better."
-		fi
-	      else
-		newdeplibs="$newdeplibs $i"
-	      fi
-	    done
-	  fi
-	  ;;
-	file_magic*)
-	  set dummy $deplibs_check_method
-	  file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-	  for a_deplib in $deplibs; do
-	    name="`expr $a_deplib : '-l\(.*\)'`"
-	    # If $name is empty we are operating on a -L argument.
-	    if test -n "$name" && test "$name" != "0"; then
-	      libname=`eval \\$echo \"$libname_spec\"`
-	      for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		    potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		    for potent_lib in $potential_libs; do
-		      # Follow soft links.
-		      if ls -lLd "$potent_lib" 2>/dev/null \
-			 | grep " -> " >/dev/null; then
-			continue
-		      fi
-		      # The statement above tries to avoid entering an
-		      # endless loop below, in case of cyclic links.
-		      # We might still enter an endless loop, since a link
-		      # loop can be closed while we follow links,
-		      # but so what?
-		      potlib="$potent_lib"
-		      while test -h "$potlib" 2>/dev/null; do
-			potliblink=`ls -ld $potlib | sed 's/.* -> //'`
-			case $potliblink in
-			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
-			*) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
-			esac
-		      done
-		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
-			 | sed 10q \
-			 | egrep "$file_magic_regex" > /dev/null; then
-			newdeplibs="$newdeplibs $a_deplib"
-			a_deplib=""
-			break 2
-		      fi
-		    done
-	      done
-	      if test -n "$a_deplib" ; then
-		droppeddeps=yes
-		echo
-		echo "*** Warning: This library needs some functionality provided by $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have."
-	      fi
-	    else
-	      # Add a -L argument.
-	      newdeplibs="$newdeplibs $a_deplib"
-	    fi
-	  done # Gone through all deplibs.
-	  ;;
-	match_pattern*)
-	  set dummy $deplibs_check_method
-	  match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
-	  for a_deplib in $deplibs; do
-	    name="`expr $a_deplib : '-l\(.*\)'`"
-	    # If $name is empty we are operating on a -L argument.
-	    if test -n "$name" && test "$name" != "0"; then
-	      libname=`eval \\$echo \"$libname_spec\"`
-	      for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
-		potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
-		for potent_lib in $potential_libs; do
-		  if eval echo \"$potent_lib\" 2>/dev/null \
-		      | sed 10q \
-		      | egrep "$match_pattern_regex" > /dev/null; then
-		    newdeplibs="$newdeplibs $a_deplib"
-		    a_deplib=""
-		    break 2
-		  fi
-		done
-	      done
-	      if test -n "$a_deplib" ; then
-		droppeddeps=yes
-		echo
-		echo "*** Warning: This library needs some functionality provided by $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have."
-	      fi
-	    else
-	      # Add a -L argument.
-	      newdeplibs="$newdeplibs $a_deplib"
-	    fi
-	  done # Gone through all deplibs.
-	  ;;
-	none | unknown | *)
-	  newdeplibs=""
-	  if $echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
-	       -e 's/ -[LR][^ ]*//g' -e 's/[ 	]//g' |
-	     grep . >/dev/null; then
-	    echo
-	    if test "X$deplibs_check_method" = "Xnone"; then
-	      echo "*** Warning: inter-library dependencies are not supported in this platform."
-	    else
-	      echo "*** Warning: inter-library dependencies are not known to be supported."
-	    fi
-	    echo "*** All declared inter-library dependencies are being dropped."
-	    droppeddeps=yes
-	  fi
-	  ;;
-	esac
-	versuffix=$versuffix_save
-	major=$major_save
-	release=$release_save
-	libname=$libname_save
-	name=$name_save
-
-	case $host in
-	*-*-rhapsody* | *-*-darwin1.[012])
-	  # On Rhapsody replace the C library is the System framework
-	  newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	  ;;
-	esac
-
-	if test "$droppeddeps" = yes; then
-	  if test "$module" = yes; then
-	    echo
-	    echo "*** Warning: libtool could not satisfy all declared inter-library"
-	    echo "*** dependencies of module $libname.  Therefore, libtool will create"
-	    echo "*** a static module, that should work as long as the dlopening"
-	    echo "*** application is linked with the -dlopen flag."
-	    if test -z "$global_symbol_pipe"; then
-	      echo
-	      echo "*** However, this would only work if libtool was able to extract symbol"
-	      echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
-	      echo "*** not find such a program.  So, this module is probably useless."
-	      echo "*** \`nm' from GNU binutils and a full rebuild may help."
-	    fi
-	    if test "$build_old_libs" = no; then
-	      oldlibs="$output_objdir/$libname.$libext"
-	      build_libtool_libs=module
-	      build_old_libs=yes
-	    else
-	      build_libtool_libs=no
-	    fi
-	  else
-	    echo "*** The inter-library dependencies that have been dropped here will be"
-	    echo "*** automatically added whenever a program is linked with this library"
-	    echo "*** or is declared to -dlopen it."
-
-	    if test $allow_undefined = no; then
-	      echo
-	      echo "*** Since this library must not contain undefined symbols,"
-	      echo "*** because either the platform does not support them or"
-	      echo "*** it was explicitly requested with -no-undefined,"
-	      echo "*** libtool will only create a static version of it."
-	      if test "$build_old_libs" = no; then
-		oldlibs="$output_objdir/$libname.$libext"
-		build_libtool_libs=module
-		build_old_libs=yes
-	      else
-		build_libtool_libs=no
-	      fi
-	    fi
-	  fi
-	fi
-	# Done checking deplibs!
-	deplibs=$newdeplibs
-      fi
-
-      # All the library-specific variables (install_libdir is set above).
-      library_names=
-      old_library=
-      dlname=
-
-      # Test again, we may have decided not to build it any more
-      if test "$build_libtool_libs" = yes; then
-	if test $hardcode_into_libs = yes; then
-	  # Hardcode the library paths
-	  hardcode_libdirs=
-	  dep_rpath=
-	  rpath="$finalize_rpath"
-	  test "$mode" != relink && rpath="$compile_rpath$rpath"
-	  for libdir in $rpath; do
-	    if test -n "$hardcode_libdir_flag_spec"; then
-	      if test -n "$hardcode_libdir_separator"; then
-		if test -z "$hardcode_libdirs"; then
-		  hardcode_libdirs="$libdir"
-		else
-		  # Just accumulate the unique libdirs.
-		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		    ;;
-		  *)
-		    hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		    ;;
-		  esac
-		fi
-	      else
-		eval flag=\"$hardcode_libdir_flag_spec\"
-		dep_rpath="$dep_rpath $flag"
-	      fi
-	    elif test -n "$runpath_var"; then
-	      case "$perm_rpath " in
-	      *" $libdir "*) ;;
-	      *) perm_rpath="$perm_rpath $libdir" ;;
-	      esac
-	    fi
-	  done
-	  # Substitute the hardcoded libdirs into the rpath.
-	  if test -n "$hardcode_libdir_separator" &&
-	     test -n "$hardcode_libdirs"; then
-	    libdir="$hardcode_libdirs"
-	    eval dep_rpath=\"$hardcode_libdir_flag_spec\"
-	  fi
-	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
-	    # We should set the runpath_var.
-	    rpath=
-	    for dir in $perm_rpath; do
-	      rpath="$rpath$dir:"
-	    done
-	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
-	  fi
-	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
-	fi
-
-	shlibpath="$finalize_shlibpath"
-	test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
-	if test -n "$shlibpath"; then
-	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
-	fi
-
-	# Get the real and link names of the library.
-	eval library_names=\"$library_names_spec\"
-	set dummy $library_names
-	realname="$2"
-	shift; shift
-
-	if test -n "$soname_spec"; then
-	  eval soname=\"$soname_spec\"
-	else
-	  soname="$realname"
-	fi
-	test -z "$dlname" && dlname=$soname
-
-	lib="$output_objdir/$realname"
-	for link
-	do
-	  linknames="$linknames $link"
-	done
-
-	# Ensure that we have .o objects for linkers which dislike .lo
-	# (e.g. aix) in case we are running --disable-static
-	for obj in $libobjs; do
-	  xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
-	  if test "X$xdir" = "X$obj"; then
-	    xdir="."
-	  else
-	    xdir="$xdir"
-	  fi
-	  baseobj=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
-	  oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"`
-	  if test ! -f $xdir/$oldobj; then
-	    $show "(cd $xdir && ${LN_S} $baseobj $oldobj)"
-	    $run eval '(cd $xdir && ${LN_S} $baseobj $oldobj)' || exit $?
-	  fi
-	done
-
-	# Use standard objects if they are pic
-	test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-
-	# Prepare the list of exported symbols
-	if test -z "$export_symbols"; then
-	  if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
-	    $show "generating symbol list for \`$libname.la'"
-	    export_symbols="$output_objdir/$libname.exp"
-	    $run $rm $export_symbols
-	    eval cmds=\"$export_symbols_cmds\"
-	    save_ifs="$IFS"; IFS='~'
-	    for cmd in $cmds; do
-	      IFS="$save_ifs"
-	      $show "$cmd"
-	      $run eval "$cmd" || exit $?
-	    done
-	    IFS="$save_ifs"
-	    if test -n "$export_symbols_regex"; then
-	      $show "egrep -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
-	      $run eval 'egrep -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
-	      $show "$mv \"${export_symbols}T\" \"$export_symbols\""
-	      $run eval '$mv "${export_symbols}T" "$export_symbols"'
-	    fi
-	  fi
-	fi
-
-	if test -n "$export_symbols" && test -n "$include_expsyms"; then
-	  $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
-	fi
-
-	if test -n "$convenience"; then
-	  if test -n "$whole_archive_flag_spec"; then
-	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
-	  else
-	    gentop="$output_objdir/${outputname}x"
-	    $show "${rm}r $gentop"
-	    $run ${rm}r "$gentop"
-	    $show "mkdir $gentop"
-	    $run mkdir "$gentop"
-	    status=$?
-	    if test $status -ne 0 && test ! -d "$gentop"; then
-	      exit $status
-	    fi
-	    generated="$generated $gentop"
-
-	    for xlib in $convenience; do
-	      # Extract the objects.
-	      case $xlib in
-	      [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	      *) xabs=`pwd`"/$xlib" ;;
-	      esac
-	      xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	      xdir="$gentop/$xlib"
-
-	      $show "${rm}r $xdir"
-	      $run ${rm}r "$xdir"
-	      $show "mkdir $xdir"
-	      $run mkdir "$xdir"
-	      status=$?
-	      if test $status -ne 0 && test ! -d "$xdir"; then
-		exit $status
-	      fi
-	      $show "(cd $xdir && $AR x $xabs)"
-	      $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	      libobjs="$libobjs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP`
-	    done
-	  fi
-	fi
-
-	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
-	  eval flag=\"$thread_safe_flag_spec\"
-	  linker_flags="$linker_flags $flag"
-	fi
-
-	# Make a backup of the uninstalled library when relinking
-	if test "$mode" = relink; then
-	  $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
-	fi
-
-	# Do each of the archive commands.
-	if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
-	  eval cmds=\"$archive_expsym_cmds\"
-	else
-	  eval cmds=\"$archive_cmds\"
-	fi
-	save_ifs="$IFS"; IFS='~'
-	for cmd in $cmds; do
-	  IFS="$save_ifs"
-	  $show "$cmd"
-	  $run eval "$cmd" || exit $?
-	done
-	IFS="$save_ifs"
-
-	# Restore the uninstalled library and exit
-	if test "$mode" = relink; then
-	  $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
-	  exit 0
-	fi
-
-	# Create links to the real library.
-	for linkname in $linknames; do
-	  if test "$realname" != "$linkname"; then
-	    $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
-	    $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
-	  fi
-	done
-
-	# If -module or -export-dynamic was specified, set the dlname.
-	if test "$module" = yes || test "$export_dynamic" = yes; then
-	  # On all known operating systems, these are identical.
-	  dlname="$soname"
-	fi
-      fi
-      ;;
-
-    obj)
-      if test -n "$deplibs"; then
-	$echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
-      fi
-
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	$echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$rpath"; then
-	$echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$xrpath"; then
-	$echo "$modename: warning: \`-R' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for objects" 1>&2
-      fi
-
-      case $output in
-      *.lo)
-	if test -n "$objs$old_deplibs"; then
-	  $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
-	  exit 1
-	fi
-	libobj="$output"
-	obj=`$echo "X$output" | $Xsed -e "$lo2o"`
-	;;
-      *)
-	libobj=
-	obj="$output"
-	;;
-      esac
-
-      # Delete the old objects.
-      $run $rm $obj $libobj
-
-      # Objects from convenience libraries.  This assumes
-      # single-version convenience libraries.  Whenever we create
-      # different ones for PIC/non-PIC, this we'll have to duplicate
-      # the extraction.
-      reload_conv_objs=
-      gentop=
-      # reload_cmds runs $LD directly, so let us get rid of
-      # -Wl from whole_archive_flag_spec
-      wl=
-
-      if test -n "$convenience"; then
-	if test -n "$whole_archive_flag_spec"; then
-	  eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
-	else
-	  gentop="$output_objdir/${obj}x"
-	  $show "${rm}r $gentop"
-	  $run ${rm}r "$gentop"
-	  $show "mkdir $gentop"
-	  $run mkdir "$gentop"
-	  status=$?
-	  if test $status -ne 0 && test ! -d "$gentop"; then
-	    exit $status
-	  fi
-	  generated="$generated $gentop"
-
-	  for xlib in $convenience; do
-	    # Extract the objects.
-	    case $xlib in
-	    [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	    *) xabs=`pwd`"/$xlib" ;;
-	    esac
-	    xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	    xdir="$gentop/$xlib"
-
-	    $show "${rm}r $xdir"
-	    $run ${rm}r "$xdir"
-	    $show "mkdir $xdir"
-	    $run mkdir "$xdir"
-	    status=$?
-	    if test $status -ne 0 && test ! -d "$xdir"; then
-	      exit $status
-	    fi
-	    $show "(cd $xdir && $AR x $xabs)"
-	    $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	    reload_conv_objs="$reload_objs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP`
-	  done
-	fi
-      fi
-
-      # Create the old-style object.
-      reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
-
-      output="$obj"
-      eval cmds=\"$reload_cmds\"
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-
-      # Exit if we aren't doing a library object file.
-      if test -z "$libobj"; then
-	if test -n "$gentop"; then
-	  $show "${rm}r $gentop"
-	  $run ${rm}r $gentop
-	fi
-
-	exit 0
-      fi
-
-      if test "$build_libtool_libs" != yes; then
-	if test -n "$gentop"; then
-	  $show "${rm}r $gentop"
-	  $run ${rm}r $gentop
-	fi
-
-	# Create an invalid libtool object if no PIC, so that we don't
-	# accidentally link it into a program.
-	$show "echo timestamp > $libobj"
-	$run eval "echo timestamp > $libobj" || exit $?
-	exit 0
-      fi
-
-      if test -n "$pic_flag" || test "$pic_mode" != default; then
-	# Only do commands if we really have different PIC objects.
-	reload_objs="$libobjs $reload_conv_objs"
-	output="$libobj"
-	eval cmds=\"$reload_cmds\"
-	save_ifs="$IFS"; IFS='~'
-	for cmd in $cmds; do
-	  IFS="$save_ifs"
-	  $show "$cmd"
-	  $run eval "$cmd" || exit $?
-	done
-	IFS="$save_ifs"
-      else
-	# Just create a symlink.
-	$show $rm $libobj
-	$run $rm $libobj
-	xdir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'`
-	if test "X$xdir" = "X$libobj"; then
-	  xdir="."
-	else
-	  xdir="$xdir"
-	fi
-	baseobj=`$echo "X$libobj" | $Xsed -e 's%^.*/%%'`
-	oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"`
-	$show "(cd $xdir && $LN_S $oldobj $baseobj)"
-	$run eval '(cd $xdir && $LN_S $oldobj $baseobj)' || exit $?
-      fi
-
-      if test -n "$gentop"; then
-	$show "${rm}r $gentop"
-	$run ${rm}r $gentop
-      fi
-
-      exit 0
-      ;;
-
-    prog)
-      case $host in
-	*cygwin*) output=`echo $output | sed -e 's,.exe$,,;s,$,.exe,'` ;;
-      esac
-      if test -n "$vinfo"; then
-	$echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
-      fi
-
-      if test -n "$release"; then
-	$echo "$modename: warning: \`-release' is ignored for programs" 1>&2
-      fi
-
-      if test "$preload" = yes; then
-	if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
-	   test "$dlopen_self_static" = unknown; then
-	  $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
-	fi
-      fi
-
-      case $host in
-      *-*-rhapsody* | *-*-darwin1.[012])
-	# On Rhapsody replace the C library is the System framework
-	compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
-	;;
-      esac
-
-      compile_command="$compile_command $compile_deplibs"
-      finalize_command="$finalize_command $finalize_deplibs"
-
-      if test -n "$rpath$xrpath"; then
-	# If the user specified any rpath flags, then add them.
-	for libdir in $rpath $xrpath; do
-	  # This is the magic to use -rpath.
-	  case "$finalize_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_rpath="$finalize_rpath $libdir" ;;
-	  esac
-	done
-      fi
-
-      # Now hardcode the library paths
-      rpath=
-      hardcode_libdirs=
-      for libdir in $compile_rpath $finalize_rpath; do
-	if test -n "$hardcode_libdir_flag_spec"; then
-	  if test -n "$hardcode_libdir_separator"; then
-	    if test -z "$hardcode_libdirs"; then
-	      hardcode_libdirs="$libdir"
-	    else
-	      # Just accumulate the unique libdirs.
-	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		;;
-	      *)
-		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		;;
-	      esac
-	    fi
-	  else
-	    eval flag=\"$hardcode_libdir_flag_spec\"
-	    rpath="$rpath $flag"
-	  fi
-	elif test -n "$runpath_var"; then
-	  case "$perm_rpath " in
-	  *" $libdir "*) ;;
-	  *) perm_rpath="$perm_rpath $libdir" ;;
-	  esac
-	fi
-	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
-	  case :$dllsearchpath: in
-	  *":$libdir:"*) ;;
-	  *) dllsearchpath="$dllsearchpath:$libdir";;
-	  esac
-	  ;;
-	esac
-      done
-      # Substitute the hardcoded libdirs into the rpath.
-      if test -n "$hardcode_libdir_separator" &&
-	 test -n "$hardcode_libdirs"; then
-	libdir="$hardcode_libdirs"
-	eval rpath=\" $hardcode_libdir_flag_spec\"
-      fi
-      compile_rpath="$rpath"
-
-      rpath=
-      hardcode_libdirs=
-      for libdir in $finalize_rpath; do
-	if test -n "$hardcode_libdir_flag_spec"; then
-	  if test -n "$hardcode_libdir_separator"; then
-	    if test -z "$hardcode_libdirs"; then
-	      hardcode_libdirs="$libdir"
-	    else
-	      # Just accumulate the unique libdirs.
-	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
-	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
-		;;
-	      *)
-		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
-		;;
-	      esac
-	    fi
-	  else
-	    eval flag=\"$hardcode_libdir_flag_spec\"
-	    rpath="$rpath $flag"
-	  fi
-	elif test -n "$runpath_var"; then
-	  case "$finalize_perm_rpath " in
-	  *" $libdir "*) ;;
-	  *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
-	  esac
-	fi
-      done
-      # Substitute the hardcoded libdirs into the rpath.
-      if test -n "$hardcode_libdir_separator" &&
-	 test -n "$hardcode_libdirs"; then
-	libdir="$hardcode_libdirs"
-	eval rpath=\" $hardcode_libdir_flag_spec\"
-      fi
-      finalize_rpath="$rpath"
-
-      if test -n "$libobjs" && test "$build_old_libs" = yes; then
-	# Transform all the library objects into standard objects.
-	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-	finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-      fi
-
-      dlsyms=
-      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
-	if test -n "$NM" && test -n "$global_symbol_pipe"; then
-	  dlsyms="${outputname}S.c"
-	else
-	  $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
-	fi
-      fi
-
-      if test -n "$dlsyms"; then
-	case $dlsyms in
-	"") ;;
-	*.c)
-	  # Discover the nlist of each of the dlfiles.
-	  nlist="$output_objdir/${outputname}.nm"
-
-	  $show "$rm $nlist ${nlist}S ${nlist}T"
-	  $run $rm "$nlist" "${nlist}S" "${nlist}T"
-
-	  # Parse the name list into a source file.
-	  $show "creating $output_objdir/$dlsyms"
-
-	  test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
-/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
-/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
-
-#ifdef __cplusplus
-extern \"C\" {
-#endif
-
-/* Prevent the only kind of declaration conflicts we can make. */
-#define lt_preloaded_symbols some_other_symbol
-
-/* External symbol declarations for the compiler. */\
-"
-
-	  if test "$dlself" = yes; then
-	    $show "generating symbol list for \`$output'"
-
-	    test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
-
-	    # Add our own program objects to the symbol list.
-	    progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
-	    for arg in $progfiles; do
-	      $show "extracting global C symbols from \`$arg'"
-	      $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
-	    done
-
-	    if test -n "$exclude_expsyms"; then
-	      $run eval 'egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
-	      $run eval '$mv "$nlist"T "$nlist"'
-	    fi
-
-	    if test -n "$export_symbols_regex"; then
-	      $run eval 'egrep -e "$export_symbols_regex" "$nlist" > "$nlist"T'
-	      $run eval '$mv "$nlist"T "$nlist"'
-	    fi
-
-	    # Prepare the list of exported symbols
-	    if test -z "$export_symbols"; then
-	      export_symbols="$output_objdir/$output.exp"
-	      $run $rm $export_symbols
-	      $run eval "sed -n -e '/^: @PROGRAM@$/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
-	    else
-	      $run eval "sed -e 's/\([][.*^$]\)/\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$output.exp"'
-	      $run eval 'grep -f "$output_objdir/$output.exp" < "$nlist" > "$nlist"T'
-	      $run eval 'mv "$nlist"T "$nlist"'
-	    fi
-	  fi
-
-	  for arg in $dlprefiles; do
-	    $show "extracting global C symbols from \`$arg'"
-	    name=`echo "$arg" | sed -e 's%^.*/%%'`
-	    $run eval 'echo ": $name " >> "$nlist"'
-	    $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
-	  done
-
-	  if test -z "$run"; then
-	    # Make sure we have at least an empty file.
-	    test -f "$nlist" || : > "$nlist"
-
-	    if test -n "$exclude_expsyms"; then
-	      egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
-	      $mv "$nlist"T "$nlist"
-	    fi
-
-	    # Try sorting and uniquifying the output.
-	    if grep -v "^: " < "$nlist" | sort +2 | uniq > "$nlist"S; then
-	      :
-	    else
-	      grep -v "^: " < "$nlist" > "$nlist"S
-	    fi
-
-	    if test -f "$nlist"S; then
-	      eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
-	    else
-	      echo '/* NONE */' >> "$output_objdir/$dlsyms"
-	    fi
-
-	    $echo >> "$output_objdir/$dlsyms" "\
-
-#undef lt_preloaded_symbols
-
-#if defined (__STDC__) && __STDC__
-# define lt_ptr void *
-#else
-# define lt_ptr char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
-  const char *name;
-  lt_ptr address;
-}
-lt_preloaded_symbols[] =
-{\
-"
-
-	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
-
-	    $echo >> "$output_objdir/$dlsyms" "\
-  {0, (lt_ptr) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif\
-"
-	  fi
-
-	  pic_flag_for_symtable=
-	  case $host in
-	  # compiling the symbol table file with pic_flag works around
-	  # a FreeBSD bug that causes programs to crash when -lm is
-	  # linked before any other PIC object.  But we must not use
-	  # pic_flag when linking with -static.  The problem exists in
-	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
-	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
-	    case "$compile_command " in
-	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DPIC -DFREEBSD_WORKAROUND";;
-	    esac;;
-	  *-*-hpux*)
-	    case "$compile_command " in
-	    *" -static "*) ;;
-	    *) pic_flag_for_symtable=" $pic_flag -DPIC";;
-	    esac
-	  esac
-
-	  # Now compile the dynamic symbol file.
-	  $show "(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
-	  $run eval '(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
-
-	  # Clean up the generated files.
-	  $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
-	  $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
-
-	  # Transform the symbol file into the correct name.
-	  compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-	  finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
-	  ;;
-	*)
-	  $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
-	  exit 1
-	  ;;
-	esac
-      else
-	# We keep going just in case the user didn't refer to
-	# lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
-	# really was required.
-
-	# Nullify the symbol file.
-	compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
-	finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
-      fi
-
-      if test $need_relink = no || test "$build_libtool_libs" != yes; then
-	# Replace the output file specification.
-	compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
-	link_command="$compile_command$compile_rpath"
-
-	# We have no uninstalled library dependencies, so finalize right now.
-	$show "$link_command"
-	$run eval "$link_command"
-	status=$?
-
-	# Delete the generated files.
-	if test -n "$dlsyms"; then
-	  $show "$rm $output_objdir/${outputname}S.${objext}"
-	  $run $rm "$output_objdir/${outputname}S.${objext}"
-	fi
-
-	exit $status
-      fi
-
-      if test -n "$shlibpath_var"; then
-	# We should set the shlibpath_var
-	rpath=
-	for dir in $temp_rpath; do
-	  case $dir in
-	  [\\/]* | [A-Za-z]:[\\/]*)
-	    # Absolute path.
-	    rpath="$rpath$dir:"
-	    ;;
-	  *)
-	    # Relative path: add a thisdir entry.
-	    rpath="$rpath\$thisdir/$dir:"
-	    ;;
-	  esac
-	done
-	temp_rpath="$rpath"
-      fi
-
-      if test -n "$compile_shlibpath$finalize_shlibpath"; then
-	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
-      fi
-      if test -n "$finalize_shlibpath"; then
-	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
-      fi
-
-      compile_var=
-      finalize_var=
-      if test -n "$runpath_var"; then
-	if test -n "$perm_rpath"; then
-	  # We should set the runpath_var.
-	  rpath=
-	  for dir in $perm_rpath; do
-	    rpath="$rpath$dir:"
-	  done
-	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
-	fi
-	if test -n "$finalize_perm_rpath"; then
-	  # We should set the runpath_var.
-	  rpath=
-	  for dir in $finalize_perm_rpath; do
-	    rpath="$rpath$dir:"
-	  done
-	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
-	fi
-      fi
-
-      if test "$no_install" = yes; then
-	# We don't need to create a wrapper script.
-	link_command="$compile_var$compile_command$compile_rpath"
-	# Replace the output file specification.
-	link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
-	# Delete the old output file.
-	$run $rm $output
-	# Link the executable and exit
-	$show "$link_command"
-	$run eval "$link_command" || exit $?
-	exit 0
-      fi
-
-      if test "$hardcode_action" = relink; then
-	# Fast installation is not supported
-	link_command="$compile_var$compile_command$compile_rpath"
-	relink_command="$finalize_var$finalize_command$finalize_rpath"
-
-	$echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
-	$echo "$modename: \`$output' will be relinked during installation" 1>&2
-      else
-	if test "$fast_install" != no; then
-	  link_command="$finalize_var$compile_command$finalize_rpath"
-	  if test "$fast_install" = yes; then
-	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
-	  else
-	    # fast_install is set to needless
-	    relink_command=
-	  fi
-	else
-	  link_command="$compile_var$compile_command$compile_rpath"
-	  relink_command="$finalize_var$finalize_command$finalize_rpath"
-	fi
-      fi
-
-      # Replace the output file specification.
-      link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
-
-      # Delete the old output files.
-      $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
-
-      $show "$link_command"
-      $run eval "$link_command" || exit $?
-
-      # Now create the wrapper script.
-      $show "creating $output"
-
-      # Quote the relink command for shipping.
-      if test -n "$relink_command"; then
-	# Preserve any variables that may affect compiler behavior
-	for var in $variables_saved_for_relink; do
-	  if eval test -z \"\${$var+set}\"; then
-	    relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
-	  elif eval var_value=\$$var; test -z "$var_value"; then
-	    relink_command="$var=; export $var; $relink_command"
-	  else
-	    var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
-	    relink_command="$var=\"$var_value\"; export $var; $relink_command"
-	  fi
-	done
-	relink_command="cd `pwd`; $relink_command"
-	relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
-      fi
-
-      # Quote $echo for shipping.
-      if test "X$echo" = "X$SHELL $0 --fallback-echo"; then
-	case $0 in
-	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $0 --fallback-echo";;
-	*) qecho="$SHELL `pwd`/$0 --fallback-echo";;
-	esac
-	qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
-      else
-	qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
-      fi
-
-      # Only actually do things if our run command is non-null.
-      if test -z "$run"; then
-	# win32 will think the script is a binary if it has
-	# a .exe suffix, so we strip it off here.
-	case $output in
-	  *.exe) output=`echo $output|sed 's,.exe$,,'` ;;
-	esac
-	# test for cygwin because mv fails w/o .exe extensions
-	case $host in
-	  *cygwin*) exeext=.exe ;;
-	  *) exeext= ;;
-	esac
-	$rm $output
-	trap "$rm $output; exit 1" 1 2 15
-
-	$echo > $output "\
-#! $SHELL
-
-# $output - temporary wrapper script for $objdir/$outputname
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# The $output program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-
-# Sed substitution that helps us do robust quoting.  It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e 1s/^X//'
-sed_quote_subst='$sed_quote_subst'
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test \"\${CDPATH+set}\" = set; then CDPATH=:; export CDPATH; fi
-
-relink_command=\"$relink_command\"
-
-# This environment variable determines our operation mode.
-if test \"\$libtool_install_magic\" = \"$magic\"; then
-  # install mode needs the following variable:
-  notinst_deplibs='$notinst_deplibs'
-else
-  # When we are sourced in execute mode, \$file and \$echo are already set.
-  if test \"\$libtool_execute_magic\" != \"$magic\"; then
-    echo=\"$qecho\"
-    file=\"\$0\"
-    # Make sure echo works.
-    if test \"X\$1\" = X--no-reexec; then
-      # Discard the --no-reexec flag, and continue.
-      shift
-    elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
-      # Yippee, \$echo works!
-      :
-    else
-      # Restart under the correct shell, and then maybe \$echo will work.
-      exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
-    fi
-  fi\
-"
-	$echo >> $output "\
-
-  # Find the directory that this script lives in.
-  thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
-  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
-
-  # Follow symbolic links until we get to the real thisdir.
-  file=\`ls -ld \"\$file\" | sed -n 's/.*-> //p'\`
-  while test -n \"\$file\"; do
-    destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
-
-    # If there was a directory component, then change thisdir.
-    if test \"x\$destdir\" != \"x\$file\"; then
-      case \"\$destdir\" in
-      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
-      *) thisdir=\"\$thisdir/\$destdir\" ;;
-      esac
-    fi
-
-    file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
-    file=\`ls -ld \"\$thisdir/\$file\" | sed -n 's/.*-> //p'\`
-  done
-
-  # Try to get the absolute directory name.
-  absdir=\`cd \"\$thisdir\" && pwd\`
-  test -n \"\$absdir\" && thisdir=\"\$absdir\"
-"
-
-	if test "$fast_install" = yes; then
-	  echo >> $output "\
-  program=lt-'$outputname'$exeext
-  progdir=\"\$thisdir/$objdir\"
-
-  if test ! -f \"\$progdir/\$program\" || \\
-     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | sed 1q\`; \\
-       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
-
-    file=\"\$\$-\$program\"
-
-    if test ! -d \"\$progdir\"; then
-      $mkdir \"\$progdir\"
-    else
-      $rm \"\$progdir/\$file\"
-    fi"
-
-	  echo >> $output "\
-
-    # relink executable if necessary
-    if test -n \"\$relink_command\"; then
-      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
-      else
-	$echo \"\$relink_command_output\" >&2
-	$rm \"\$progdir/\$file\"
-	exit 1
-      fi
-    fi
-
-    $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
-    { $rm \"\$progdir/\$program\";
-      $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
-    $rm \"\$progdir/\$file\"
-  fi"
-	else
-	  echo >> $output "\
-  program='$outputname'
-  progdir=\"\$thisdir/$objdir\"
-"
-	fi
-
-	echo >> $output "\
-
-  if test -f \"\$progdir/\$program\"; then"
-
-	# Export our shlibpath_var if we have one.
-	if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
-	  $echo >> $output "\
-    # Add our own library path to $shlibpath_var
-    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
-
-    # Some systems cannot cope with colon-terminated $shlibpath_var
-    # The second colon is a workaround for a bug in BeOS R4 sed
-    $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
-
-    export $shlibpath_var
-"
-	fi
-
-	# fixup the dll searchpath if we need to.
-	if test -n "$dllsearchpath"; then
-	  $echo >> $output "\
-    # Add the dll search path components to the executable PATH
-    PATH=$dllsearchpath:\$PATH
-"
-	fi
-
-	$echo >> $output "\
-    if test \"\$libtool_execute_magic\" != \"$magic\"; then
-      # Run the actual program with our arguments.
-"
-	case $host in
-	# win32 systems need to use the prog path for dll
-	# lookup to work
-	*-*-cygwin* | *-*-pw32*)
-	  $echo >> $output "\
-      exec \$progdir/\$program \${1+\"\$@\"}
-"
-	  ;;
-
-	# Backslashes separate directories on plain windows
-	*-*-mingw | *-*-os2*)
-	  $echo >> $output "\
-      exec \$progdir\\\\\$program \${1+\"\$@\"}
-"
-	  ;;
-
-	*)
-	  $echo >> $output "\
-      # Export the path to the program.
-      PATH=\"\$progdir:\$PATH\"
-      export PATH
-
-      exec \$program \${1+\"\$@\"}
-"
-	  ;;
-	esac
-	$echo >> $output "\
-      \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
-      exit 1
-    fi
-  else
-    # The program doesn't exist.
-    \$echo \"\$0: error: \$progdir/\$program does not exist\" 1>&2
-    \$echo \"This script is just a wrapper for \$program.\" 1>&2
-    echo \"See the $PACKAGE documentation for more information.\" 1>&2
-    exit 1
-  fi
-fi\
-"
-	chmod +x $output
-      fi
-      exit 0
-      ;;
-    esac
-
-    # See if we need to build an old-fashioned archive.
-    for oldlib in $oldlibs; do
-
-      if test "$build_libtool_libs" = convenience; then
-	oldobjs="$libobjs_save"
-	addlibs="$convenience"
-	build_libtool_libs=no
-      else
-	if test "$build_libtool_libs" = module; then
-	  oldobjs="$libobjs_save"
-	  build_libtool_libs=no
-	else
-	  oldobjs="$objs$old_deplibs "`$echo "X$libobjs_save" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`
-	fi
-	addlibs="$old_convenience"
-      fi
-
-      if test -n "$addlibs"; then
-	gentop="$output_objdir/${outputname}x"
-	$show "${rm}r $gentop"
-	$run ${rm}r "$gentop"
-	$show "mkdir $gentop"
-	$run mkdir "$gentop"
-	status=$?
-	if test $status -ne 0 && test ! -d "$gentop"; then
-	  exit $status
-	fi
-	generated="$generated $gentop"
-
-	# Add in members from convenience archives.
-	for xlib in $addlibs; do
-	  # Extract the objects.
-	  case $xlib in
-	  [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;;
-	  *) xabs=`pwd`"/$xlib" ;;
-	  esac
-	  xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'`
-	  xdir="$gentop/$xlib"
-
-	  $show "${rm}r $xdir"
-	  $run ${rm}r "$xdir"
-	  $show "mkdir $xdir"
-	  $run mkdir "$xdir"
-	  status=$?
-	  if test $status -ne 0 && test ! -d "$xdir"; then
-	    exit $status
-	  fi
-	  $show "(cd $xdir && $AR x $xabs)"
-	  $run eval "(cd \$xdir && $AR x \$xabs)" || exit $?
-
-	  oldobjs="$oldobjs "`find $xdir -name \*.${objext} -print -o -name \*.lo -print | $NL2SP`
-	done
-      fi
-
-      # Do each command in the archive commands.
-      if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
-	eval cmds=\"$old_archive_from_new_cmds\"
-      else
-	# Ensure that we have .o objects in place in case we decided
-	# not to build a shared library, and have fallen back to building
-	# static libs even though --disable-static was passed!
-	for oldobj in $oldobjs; do
-	  if test ! -f $oldobj; then
-	    xdir=`$echo "X$oldobj" | $Xsed -e 's%/[^/]*$%%'`
-	    if test "X$xdir" = "X$oldobj"; then
-	      xdir="."
-	    else
-	      xdir="$xdir"
-	    fi
-	    baseobj=`$echo "X$oldobj" | $Xsed -e 's%^.*/%%'`
-	    obj=`$echo "X$baseobj" | $Xsed -e "$o2lo"`
-	    $show "(cd $xdir && ${LN_S} $obj $baseobj)"
-	    $run eval '(cd $xdir && ${LN_S} $obj $baseobj)' || exit $?
-	  fi
-	done
-
-	eval cmds=\"$old_archive_cmds\"
-      fi
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-    done
-
-    if test -n "$generated"; then
-      $show "${rm}r$generated"
-      $run ${rm}r$generated
-    fi
-
-    # Now create the libtool archive.
-    case $output in
-    *.la)
-      old_library=
-      test "$build_old_libs" = yes && old_library="$libname.$libext"
-      $show "creating $output"
-
-      # Preserve any variables that may affect compiler behavior
-      for var in $variables_saved_for_relink; do
-	if eval test -z \"\${$var+set}\"; then
-	  relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
-	elif eval var_value=\$$var; test -z "$var_value"; then
-	  relink_command="$var=; export $var; $relink_command"
-	else
-	  var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
-	  relink_command="$var=\"$var_value\"; export $var; $relink_command"
-	fi
-      done
-      # Quote the link command for shipping.
-      relink_command="cd `pwd`; $SHELL $0 --mode=relink $libtool_args"
-      relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
-
-      # Only create the output if not a dry run.
-      if test -z "$run"; then
-	for installed in no yes; do
-	  if test "$installed" = yes; then
-	    if test -z "$install_libdir"; then
-	      break
-	    fi
-	    output="$output_objdir/$outputname"i
-	    # Replace all uninstalled libtool libraries with the installed ones
-	    newdependency_libs=
-	    for deplib in $dependency_libs; do
-	      case $deplib in
-	      *.la)
-		name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
-		eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
-		if test -z "$libdir"; then
-		  $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
-		  exit 1
-		fi
-		newdependency_libs="$newdependency_libs $libdir/$name"
-		;;
-	      *) newdependency_libs="$newdependency_libs $deplib" ;;
-	      esac
-	    done
-	    dependency_libs="$newdependency_libs"
-	    newdlfiles=
-	    for lib in $dlfiles; do
-	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
-	      if test -z "$libdir"; then
-		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit 1
-	      fi
-	      newdlfiles="$newdlfiles $libdir/$name"
-	    done
-	    dlfiles="$newdlfiles"
-	    newdlprefiles=
-	    for lib in $dlprefiles; do
-	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
-	      eval libdir=`sed -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
-	      if test -z "$libdir"; then
-		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-		exit 1
-	      fi
-	      newdlprefiles="$newdlprefiles $libdir/$name"
-	    done
-	    dlprefiles="$newdlprefiles"
-	  fi
-	  $rm $output
-	  # place dlname in correct position for cygwin
-	  tdlname=$dlname
-	  case $host,$output,$installed,$module,$dlname in
-	    *cygwin*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
-	  esac
-	  $echo > $output "\
-# $outputname - a libtool library file
-# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='$tdlname'
-
-# Names of this library.
-library_names='$library_names'
-
-# The name of the static archive.
-old_library='$old_library'
-
-# Libraries that this one depends upon.
-dependency_libs='$dependency_libs'
-
-# Version information for $libname.
-current=$current
-age=$age
-revision=$revision
-
-# Is this an already installed library?
-installed=$installed
-
-# Files to dlopen/dlpreopen
-dlopen='$dlfiles'
-dlpreopen='$dlprefiles'
-
-# Directory that this library needs to be installed in:
-libdir='$install_libdir'"
-	  if test "$installed" = no && test $need_relink = yes; then
-	    $echo >> $output "\
-relink_command=\"$relink_command\""
-	  fi
-	done
-      fi
-
-      # Do a symbolic link so that the libtool archive can be found in
-      # LD_LIBRARY_PATH before the program is installed.
-      $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
-      $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
-      ;;
-    esac
-    exit 0
-    ;;
-
-  # libtool install mode
-  install)
-    modename="$modename: install"
-
-    # There may be an optional sh(1) argument at the beginning of
-    # install_prog (especially on Windows NT).
-    if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
-       # Allow the use of GNU shtool's install command.
-       $echo "X$nonopt" | $Xsed | grep shtool > /dev/null; then
-      # Aesthetically quote it.
-      arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
-	arg="\"$arg\""
-	;;
-      esac
-      install_prog="$arg "
-      arg="$1"
-      shift
-    else
-      install_prog=
-      arg="$nonopt"
-    fi
-
-    # The real first argument should be the name of the installation program.
-    # Aesthetically quote it.
-    arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-    case $arg in
-    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
-      arg="\"$arg\""
-      ;;
-    esac
-    install_prog="$install_prog$arg"
-
-    # We need to accept at least all the BSD install flags.
-    dest=
-    files=
-    opts=
-    prev=
-    install_type=
-    isdir=no
-    stripme=
-    for arg
-    do
-      if test -n "$dest"; then
-	files="$files $dest"
-	dest="$arg"
-	continue
-      fi
-
-      case $arg in
-      -d) isdir=yes ;;
-      -f) prev="-f" ;;
-      -g) prev="-g" ;;
-      -m) prev="-m" ;;
-      -o) prev="-o" ;;
-      -s)
-	stripme=" -s"
-	continue
-	;;
-      -*) ;;
-
-      *)
-	# If the previous option needed an argument, then skip it.
-	if test -n "$prev"; then
-	  prev=
-	else
-	  dest="$arg"
-	  continue
-	fi
-	;;
-      esac
-
-      # Aesthetically quote the argument.
-      arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
-      case $arg in
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*)
-	arg="\"$arg\""
-	;;
-      esac
-      install_prog="$install_prog $arg"
-    done
-
-    if test -z "$install_prog"; then
-      $echo "$modename: you must specify an install program" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    if test -n "$prev"; then
-      $echo "$modename: the \`$prev' option requires an argument" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    if test -z "$files"; then
-      if test -z "$dest"; then
-	$echo "$modename: no file or destination specified" 1>&2
-      else
-	$echo "$modename: you must specify a destination" 1>&2
-      fi
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    # Strip any trailing slash from the destination.
-    dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
-
-    # Check to see that the destination is a directory.
-    test -d "$dest" && isdir=yes
-    if test "$isdir" = yes; then
-      destdir="$dest"
-      destname=
-    else
-      destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
-      test "X$destdir" = "X$dest" && destdir=.
-      destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
-
-      # Not a directory, so check to see that there is only one file specified.
-      set dummy $files
-      if test $# -gt 2; then
-	$echo "$modename: \`$dest' is not a directory" 1>&2
-	$echo "$help" 1>&2
-	exit 1
-      fi
-    fi
-    case $destdir in
-    [\\/]* | [A-Za-z]:[\\/]*) ;;
-    *)
-      for file in $files; do
-	case $file in
-	*.lo) ;;
-	*)
-	  $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	  ;;
-	esac
-      done
-      ;;
-    esac
-
-    # This variable tells wrapper scripts just to set variables rather
-    # than running their programs.
-    libtool_install_magic="$magic"
-
-    staticlibs=
-    future_libdirs=
-    current_libdirs=
-    for file in $files; do
-
-      # Do each installation.
-      case $file in
-      *.$libext)
-	# Do the static libraries later.
-	staticlibs="$staticlibs $file"
-	;;
-
-      *.la)
-	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-
-	library_names=
-	old_library=
-	relink_command=
-	# If there is no directory component, then add one.
-	case $file in
-	*/* | *\\*) . $file ;;
-	*) . ./$file ;;
-	esac
-
-	# Add the libdir to current_libdirs if it is the destination.
-	if test "X$destdir" = "X$libdir"; then
-	  case "$current_libdirs " in
-	  *" $libdir "*) ;;
-	  *) current_libdirs="$current_libdirs $libdir" ;;
-	  esac
-	else
-	  # Note the libdir as a future libdir.
-	  case "$future_libdirs " in
-	  *" $libdir "*) ;;
-	  *) future_libdirs="$future_libdirs $libdir" ;;
-	  esac
-	fi
-
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
-	test "X$dir" = "X$file/" && dir=
-	dir="$dir$objdir"
-
-	if test -n "$relink_command"; then
-	  $echo "$modename: warning: relinking \`$file'" 1>&2
-	  $show "$relink_command"
-	  if $run eval "$relink_command"; then :
-	  else
-	    $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-	    continue
-	  fi
-	fi
-
-	# See the names of the shared library.
-	set dummy $library_names
-	if test -n "$2"; then
-	  realname="$2"
-	  shift
-	  shift
-
-	  srcname="$realname"
-	  test -n "$relink_command" && srcname="$realname"T
-
-	  # Install the shared library and build the symlinks.
-	  $show "$install_prog $dir/$srcname $destdir/$realname"
-	  $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
-	  if test -n "$stripme" && test -n "$striplib"; then
-	    $show "$striplib $destdir/$realname"
-	    $run eval "$striplib $destdir/$realname" || exit $?
-	  fi
-
-	  if test $# -gt 0; then
-	    # Delete the old symlinks, and create new ones.
-	    for linkname
-	    do
-	      if test "$linkname" != "$realname"; then
-		$show "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
-		$run eval "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)"
-	      fi
-	    done
-	  fi
-
-	  # Do each command in the postinstall commands.
-	  lib="$destdir/$realname"
-	  eval cmds=\"$postinstall_cmds\"
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $cmds; do
-	    IFS="$save_ifs"
-	    $show "$cmd"
-	    $run eval "$cmd" || exit $?
-	  done
-	  IFS="$save_ifs"
-	fi
-
-	# Install the pseudo-library for information purposes.
-	name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	instname="$dir/$name"i
-	$show "$install_prog $instname $destdir/$name"
-	$run eval "$install_prog $instname $destdir/$name" || exit $?
-
-	# Maybe install the static library, too.
-	test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
-	;;
-
-      *.lo)
-	# Install (i.e. copy) a libtool object.
-
-	# Figure out destination file name, if it wasn't already specified.
-	if test -n "$destname"; then
-	  destfile="$destdir/$destname"
-	else
-	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	  destfile="$destdir/$destfile"
-	fi
-
-	# Deduce the name of the destination old-style object file.
-	case $destfile in
-	*.lo)
-	  staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
-	  ;;
-	*.$objext)
-	  staticdest="$destfile"
-	  destfile=
-	  ;;
-	*)
-	  $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	  ;;
-	esac
-
-	# Install the libtool object if requested.
-	if test -n "$destfile"; then
-	  $show "$install_prog $file $destfile"
-	  $run eval "$install_prog $file $destfile" || exit $?
-	fi
-
-	# Install the old object if enabled.
-	if test "$build_old_libs" = yes; then
-	  # Deduce the name of the old-style object file.
-	  staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
-
-	  $show "$install_prog $staticobj $staticdest"
-	  $run eval "$install_prog \$staticobj \$staticdest" || exit $?
-	fi
-	exit 0
-	;;
-
-      *)
-	# Figure out destination file name, if it wasn't already specified.
-	if test -n "$destname"; then
-	  destfile="$destdir/$destname"
-	else
-	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	  destfile="$destdir/$destfile"
-	fi
-
-	# Do a test to see if this is really a libtool program.
-	if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  notinst_deplibs=
-	  relink_command=
-
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  # Check the variables that should have been set.
-	  if test -z "$notinst_deplibs"; then
-	    $echo "$modename: invalid libtool wrapper script \`$file'" 1>&2
-	    exit 1
-	  fi
-
-	  finalize=yes
-	  for lib in $notinst_deplibs; do
-	    # Check to see that each library is installed.
-	    libdir=
-	    if test -f "$lib"; then
-	      # If there is no directory component, then add one.
-	      case $lib in
-	      */* | *\\*) . $lib ;;
-	      *) . ./$lib ;;
-	      esac
-	    fi
-	    libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
-	    if test -n "$libdir" && test ! -f "$libfile"; then
-	      $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
-	      finalize=no
-	    fi
-	  done
-
-	  relink_command=
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  outputname=
-	  if test "$fast_install" = no && test -n "$relink_command"; then
-	    if test "$finalize" = yes && test -z "$run"; then
-	      tmpdir="/tmp"
-	      test -n "$TMPDIR" && tmpdir="$TMPDIR"
-	      tmpdir="$tmpdir/libtool-$$"
-	      if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :
-	      else
-		$echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
-		continue
-	      fi
-	      file=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-	      outputname="$tmpdir/$file"
-	      # Replace the output file specification.
-	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
-
-	      $show "$relink_command"
-	      if $run eval "$relink_command"; then :
-	      else
-		$echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
-		${rm}r "$tmpdir"
-		continue
-	      fi
-	      file="$outputname"
-	    else
-	      $echo "$modename: warning: cannot relink \`$file'" 1>&2
-	    fi
-	  else
-	    # Install the binary that we compiled earlier.
-	    file=`$echo "X$file" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
-	  fi
-	fi
-
-	# remove .exe since cygwin /usr/bin/install will append another
-	# one anyways
-	case $install_prog,$host in
-	/usr/bin/install*,*cygwin*)
-	  case $file:$destfile in
-	  *.exe:*.exe)
-	    # this is ok
-	    ;;
-	  *.exe:*)
-	    destfile=$destfile.exe
-	    ;;
-	  *:*.exe)
-	    destfile=`echo $destfile | sed -e 's,.exe$,,'`
-	    ;;
-	  esac
-	  ;;
-	esac
-	$show "$install_prog$stripme $file $destfile"
-	$run eval "$install_prog\$stripme \$file \$destfile" || exit $?
-	test -n "$outputname" && ${rm}r "$tmpdir"
-	;;
-      esac
-    done
-
-    for file in $staticlibs; do
-      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-
-      # Set up the ranlib parameters.
-      oldlib="$destdir/$name"
-
-      $show "$install_prog $file $oldlib"
-      $run eval "$install_prog \$file \$oldlib" || exit $?
-
-      if test -n "$stripme" && test -n "$striplib"; then
-	$show "$old_striplib $oldlib"
-	$run eval "$old_striplib $oldlib" || exit $?
-      fi
-
-      # Do each command in the postinstall commands.
-      eval cmds=\"$old_postinstall_cmds\"
-      save_ifs="$IFS"; IFS='~'
-      for cmd in $cmds; do
-	IFS="$save_ifs"
-	$show "$cmd"
-	$run eval "$cmd" || exit $?
-      done
-      IFS="$save_ifs"
-    done
-
-    if test -n "$future_libdirs"; then
-      $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
-    fi
-
-    if test -n "$current_libdirs"; then
-      # Maybe just do a dry run.
-      test -n "$run" && current_libdirs=" -n$current_libdirs"
-      exec_cmd='$SHELL $0 --finish$current_libdirs'
-    else
-      exit 0
-    fi
-    ;;
-
-  # libtool finish mode
-  finish)
-    modename="$modename: finish"
-    libdirs="$nonopt"
-    admincmds=
-
-    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
-      for dir
-      do
-	libdirs="$libdirs $dir"
-      done
-
-      for libdir in $libdirs; do
-	if test -n "$finish_cmds"; then
-	  # Do each command in the finish commands.
-	  eval cmds=\"$finish_cmds\"
-	  save_ifs="$IFS"; IFS='~'
-	  for cmd in $cmds; do
-	    IFS="$save_ifs"
-	    $show "$cmd"
-	    $run eval "$cmd" || admincmds="$admincmds
-       $cmd"
-	  done
-	  IFS="$save_ifs"
-	fi
-	if test -n "$finish_eval"; then
-	  # Do the single finish_eval.
-	  eval cmds=\"$finish_eval\"
-	  $run eval "$cmds" || admincmds="$admincmds
-       $cmds"
-	fi
-      done
-    fi
-
-    # Exit here if they wanted silent mode.
-    test "$show" = ":" && exit 0
-
-    echo "----------------------------------------------------------------------"
-    echo "Libraries have been installed in:"
-    for libdir in $libdirs; do
-      echo "   $libdir"
-    done
-    echo
-    echo "If you ever happen to want to link against installed libraries"
-    echo "in a given directory, LIBDIR, you must either use libtool, and"
-    echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
-    echo "flag during linking and do at least one of the following:"
-    if test -n "$shlibpath_var"; then
-      echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
-      echo "     during execution"
-    fi
-    if test -n "$runpath_var"; then
-      echo "   - add LIBDIR to the \`$runpath_var' environment variable"
-      echo "     during linking"
-    fi
-    if test -n "$hardcode_libdir_flag_spec"; then
-      libdir=LIBDIR
-      eval flag=\"$hardcode_libdir_flag_spec\"
-
-      echo "   - use the \`$flag' linker flag"
-    fi
-    if test -n "$admincmds"; then
-      echo "   - have your system administrator run these commands:$admincmds"
-    fi
-    if test -f /etc/ld.so.conf; then
-      echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
-    fi
-    echo
-    echo "See any operating system documentation about shared libraries for"
-    echo "more information, such as the ld(1) and ld.so(8) manual pages."
-    echo "----------------------------------------------------------------------"
-    exit 0
-    ;;
-
-  # libtool execute mode
-  execute)
-    modename="$modename: execute"
-
-    # The first argument is the command name.
-    cmd="$nonopt"
-    if test -z "$cmd"; then
-      $echo "$modename: you must specify a COMMAND" 1>&2
-      $echo "$help"
-      exit 1
-    fi
-
-    # Handle -dlopen flags immediately.
-    for file in $execute_dlfiles; do
-      if test ! -f "$file"; then
-	$echo "$modename: \`$file' is not a file" 1>&2
-	$echo "$help" 1>&2
-	exit 1
-      fi
-
-      dir=
-      case $file in
-      *.la)
-	# Check to see that this really is a libtool archive.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
-	else
-	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
-	  $echo "$help" 1>&2
-	  exit 1
-	fi
-
-	# Read the libtool library.
-	dlname=
-	library_names=
-
-	# If there is no directory component, then add one.
-	case $file in
-	*/* | *\\*) . $file ;;
-	*) . ./$file ;;
-	esac
-
-	# Skip this library if it cannot be dlopened.
-	if test -z "$dlname"; then
-	  # Warn if it was a shared library.
-	  test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
-	  continue
-	fi
-
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$dir" = "X$file" && dir=.
-
-	if test -f "$dir/$objdir/$dlname"; then
-	  dir="$dir/$objdir"
-	else
-	  $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
-	  exit 1
-	fi
-	;;
-
-      *.lo)
-	# Just add the directory containing the .lo file.
-	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-	test "X$dir" = "X$file" && dir=.
-	;;
-
-      *)
-	$echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
-	continue
-	;;
-      esac
-
-      # Get the absolute pathname.
-      absdir=`cd "$dir" && pwd`
-      test -n "$absdir" && dir="$absdir"
-
-      # Now add the directory to shlibpath_var.
-      if eval "test -z \"\$$shlibpath_var\""; then
-	eval "$shlibpath_var=\"\$dir\""
-      else
-	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
-      fi
-    done
-
-    # This variable tells wrapper scripts just to set shlibpath_var
-    # rather than running their programs.
-    libtool_execute_magic="$magic"
-
-    # Check if any of the arguments is a wrapper script.
-    args=
-    for file
-    do
-      case $file in
-      -*) ;;
-      *)
-	# Do a test to see if this is really a libtool program.
-	if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  # If there is no directory component, then add one.
-	  case $file in
-	  */* | *\\*) . $file ;;
-	  *) . ./$file ;;
-	  esac
-
-	  # Transform arg to wrapped name.
-	  file="$progdir/$program"
-	fi
-	;;
-      esac
-      # Quote arguments (to preserve shell metacharacters).
-      file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
-      args="$args \"$file\""
-    done
-
-    if test -z "$run"; then
-      if test -n "$shlibpath_var"; then
-	# Export the shlibpath_var.
-	eval "export $shlibpath_var"
-      fi
-
-      # Restore saved enviroment variables
-      if test "${save_LC_ALL+set}" = set; then
-	LC_ALL="$save_LC_ALL"; export LC_ALL
-      fi
-      if test "${save_LANG+set}" = set; then
-	LANG="$save_LANG"; export LANG
-      fi
-
-      # Now prepare to actually exec the command.
-      exec_cmd='"$cmd"$args'
-    else
-      # Display what would be done.
-      if test -n "$shlibpath_var"; then
-	eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
-	$echo "export $shlibpath_var"
-      fi
-      $echo "$cmd$args"
-      exit 0
-    fi
-    ;;
-
-  # libtool clean and uninstall mode
-  clean | uninstall)
-    modename="$modename: $mode"
-    rm="$nonopt"
-    files=
-    rmforce=
-    exit_status=0
-
-    # This variable tells wrapper scripts just to set variables rather
-    # than running their programs.
-    libtool_install_magic="$magic"
-
-    for arg
-    do
-      case $arg in
-      -f) rm="$rm $arg"; rmforce=yes ;;
-      -*) rm="$rm $arg" ;;
-      *) files="$files $arg" ;;
-      esac
-    done
-
-    if test -z "$rm"; then
-      $echo "$modename: you must specify an RM program" 1>&2
-      $echo "$help" 1>&2
-      exit 1
-    fi
-
-    rmdirs=
-
-    for file in $files; do
-      dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
-      if test "X$dir" = "X$file"; then
-	dir=.
-	objdir="$objdir"
-      else
-	objdir="$dir/$objdir"
-      fi
-      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
-      test $mode = uninstall && objdir="$dir"
-
-      # Remember objdir for removal later, being careful to avoid duplicates
-      if test $mode = clean; then
-	case " $rmdirs " in
-	  *" $objdir "*) ;;
-	  *) rmdirs="$rmdirs $objdir" ;;
-	esac
-      fi
-
-      # Don't error if the file doesn't exist and rm -f was used.
-      if (test -L "$file") >/dev/null 2>&1 \
-	|| (test -h "$file") >/dev/null 2>&1 \
-	|| test -f "$file"; then
-	:
-      elif test -d "$file"; then
-	exit_status=1
-	continue
-      elif test "$rmforce" = yes; then
-	continue
-      fi
-
-      rmfiles="$file"
-
-      case $name in
-      *.la)
-	# Possibly a libtool archive, so verify it.
-	if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  . $dir/$name
-
-	  # Delete the libtool libraries and symlinks.
-	  for n in $library_names; do
-	    rmfiles="$rmfiles $objdir/$n"
-	  done
-	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
-	  test $mode = clean && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
-
-	  if test $mode = uninstall; then
-	    if test -n "$library_names"; then
-	      # Do each command in the postuninstall commands.
-	      eval cmds=\"$postuninstall_cmds\"
-	      save_ifs="$IFS"; IFS='~'
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd"
-		if test $? != 0 && test "$rmforce" != yes; then
-		  exit_status=1
-		fi
-	      done
-	      IFS="$save_ifs"
-	    fi
-
-	    if test -n "$old_library"; then
-	      # Do each command in the old_postuninstall commands.
-	      eval cmds=\"$old_postuninstall_cmds\"
-	      save_ifs="$IFS"; IFS='~'
-	      for cmd in $cmds; do
-		IFS="$save_ifs"
-		$show "$cmd"
-		$run eval "$cmd"
-		if test $? != 0 && test "$rmforce" != yes; then
-		  exit_status=1
-		fi
-	      done
-	      IFS="$save_ifs"
-	    fi
-	    # FIXME: should reinstall the best remaining shared library.
-	  fi
-	fi
-	;;
-
-      *.lo)
-	if test "$build_old_libs" = yes; then
-	  oldobj=`$echo "X$name" | $Xsed -e "$lo2o"`
-	  rmfiles="$rmfiles $dir/$oldobj"
-	fi
-	;;
-
-      *)
-	# Do a test to see if this is a libtool program.
-	if test $mode = clean &&
-	   (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
-	  relink_command=
-	  . $dir/$file
-
-	  rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
-	  if test "$fast_install" = yes && test -n "$relink_command"; then
-	    rmfiles="$rmfiles $objdir/lt-$name"
-	  fi
-	fi
-	;;
-      esac
-      $show "$rm $rmfiles"
-      $run $rm $rmfiles || exit_status=1
-    done
-
-    # Try to remove the ${objdir}s in the directories where we deleted files
-    for dir in $rmdirs; do
-      if test -d "$dir"; then
-	$show "rmdir $dir"
-	$run rmdir $dir >/dev/null 2>&1
-      fi
-    done
-
-    exit $exit_status
-    ;;
-
-  "")
-    $echo "$modename: you must specify a MODE" 1>&2
-    $echo "$generic_help" 1>&2
-    exit 1
-    ;;
-  esac
-
-  if test -z "$exec_cmd"; then
-    $echo "$modename: invalid operation mode \`$mode'" 1>&2
-    $echo "$generic_help" 1>&2
-    exit 1
-  fi
-fi # test -z "$show_help"
-
-if test -n "$exec_cmd"; then
-  eval exec $exec_cmd
-  exit 1
-fi
-
-# We need to display help for each of the modes.
-case $mode in
-"") $echo \
-"Usage: $modename [OPTION]... [MODE-ARG]...
-
-Provide generalized library-building support services.
-
-    --config          show all configuration variables
-    --debug           enable verbose shell tracing
--n, --dry-run         display commands without modifying any files
-    --features        display basic configuration information and exit
-    --finish          same as \`--mode=finish'
-    --help            display this help message and exit
-    --mode=MODE       use operation mode MODE [default=inferred from MODE-ARGS]
-    --quiet           same as \`--silent'
-    --silent          don't print informational messages
-    --version         print version information
-
-MODE must be one of the following:
-
-      clean           remove files from the build directory
-      compile         compile a source file into a libtool object
-      execute         automatically set library path, then run a program
-      finish          complete the installation of libtool libraries
-      install         install libraries or executables
-      link            create a library or an executable
-      uninstall       remove libraries from an installed directory
-
-MODE-ARGS vary depending on the MODE.  Try \`$modename --help --mode=MODE' for
-a more detailed description of MODE."
-  exit 0
-  ;;
-
-clean)
-  $echo \
-"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
-
-Remove files from the build directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
-to RM.
-
-If FILE is a libtool library, object or program, all the files associated
-with it are deleted. Otherwise, only FILE itself is deleted using RM."
-  ;;
-
-compile)
-  $echo \
-"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
-
-Compile a source file into a libtool library object.
-
-This mode accepts the following additional options:
-
-  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
-  -prefer-pic       try to building PIC objects only
-  -prefer-non-pic   try to building non-PIC objects only
-  -static           always build a \`.o' file suitable for static linking
-
-COMPILE-COMMAND is a command to be used in creating a \`standard' object file
-from the given SOURCEFILE.
-
-The output file name is determined by removing the directory component from
-SOURCEFILE, then substituting the C source code suffix \`.c' with the
-library object suffix, \`.lo'."
-  ;;
-
-execute)
-  $echo \
-"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
-
-Automatically set library path, then run a program.
-
-This mode accepts the following additional options:
-
-  -dlopen FILE      add the directory containing FILE to the library path
-
-This mode sets the library path environment variable according to \`-dlopen'
-flags.
-
-If any of the ARGS are libtool executable wrappers, then they are translated
-into their corresponding uninstalled binary, and any of their required library
-directories are added to the library path.
-
-Then, COMMAND is executed, with ARGS as arguments."
-  ;;
-
-finish)
-  $echo \
-"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
-
-Complete the installation of libtool libraries.
-
-Each LIBDIR is a directory that contains libtool libraries.
-
-The commands that this mode executes may require superuser privileges.  Use
-the \`--dry-run' option if you just want to see what would be executed."
-  ;;
-
-install)
-  $echo \
-"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
-
-Install executables or libraries.
-
-INSTALL-COMMAND is the installation command.  The first component should be
-either the \`install' or \`cp' program.
-
-The rest of the components are interpreted as arguments to that command (only
-BSD-compatible install options are recognized)."
-  ;;
-
-link)
-  $echo \
-"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
-
-Link object files or libraries together to form another library, or to
-create an executable program.
-
-LINK-COMMAND is a command using the C compiler that you would use to create
-a program from several object files.
-
-The following components of LINK-COMMAND are treated specially:
-
-  -all-static       do not do any dynamic linking at all
-  -avoid-version    do not add a version suffix if possible
-  -dlopen FILE      \`-dlpreopen' FILE if it cannot be dlopened at runtime
-  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
-  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
-  -export-symbols SYMFILE
-		    try to export only the symbols listed in SYMFILE
-  -export-symbols-regex REGEX
-		    try to export only the symbols matching REGEX
-  -LLIBDIR          search LIBDIR for required installed libraries
-  -lNAME            OUTPUT-FILE requires the installed library libNAME
-  -module           build a library that can dlopened
-  -no-fast-install  disable the fast-install mode
-  -no-install       link a not-installable executable
-  -no-undefined     declare that a library does not refer to external symbols
-  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
-  -release RELEASE  specify package release information
-  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
-  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
-  -static           do not do any dynamic linking of libtool libraries
-  -version-info CURRENT[:REVISION[:AGE]]
-		    specify library version info [each variable defaults to 0]
-
-All other options (arguments beginning with \`-') are ignored.
-
-Every other argument is treated as a filename.  Files ending in \`.la' are
-treated as uninstalled libtool libraries, other files are standard or library
-object files.
-
-If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
-only library objects (\`.lo' files) may be specified, and \`-rpath' is
-required, except when creating a convenience library.
-
-If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
-using \`ar' and \`ranlib', or on Windows using \`lib'.
-
-If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
-is created, otherwise an executable program is created."
-  ;;
-
-uninstall)
-  $echo \
-"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
-
-Remove libraries from an installation directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
-to RM.
-
-If FILE is a libtool library, all the files associated with it are deleted.
-Otherwise, only FILE itself is deleted using RM."
-  ;;
-
-*)
-  $echo "$modename: invalid operation mode \`$mode'" 1>&2
-  $echo "$help" 1>&2
-  exit 1
-  ;;
-esac
-
-echo
-$echo "Try \`$modename --help' for more information about other modes."
-
-exit 0
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/crypto/heimdal/missing b/crypto/heimdal/missing
deleted file mode 100644
index dd583709f535..000000000000
--- a/crypto/heimdal/missing
+++ /dev/null
@@ -1,336 +0,0 @@
-#! /bin/sh
-# Common stub for a few missing GNU programs while installing.
-# Copyright 1996, 1997, 1999, 2000 Free Software Foundation, Inc.
-# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-if test $# -eq 0; then
-  echo 1>&2 "Try \`$0 --help' for more information"
-  exit 1
-fi
-
-run=:
-
-# In the cases where this matters, `missing' is being run in the
-# srcdir already.
-if test -f configure.ac; then
-  configure_ac=configure.ac
-else
-  configure_ac=configure.in
-fi
-
-case "$1" in
---run)
-  # Try to run requested program, and just exit if it succeeds.
-  run=
-  shift
-  "$@" && exit 0
-  ;;
-esac
-
-# If it does not exist, or fails to run (possibly an outdated version),
-# try to emulate it.
-case "$1" in
-
-  -h|--h|--he|--hel|--help)
-    echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
-
-Options:
-  -h, --help      display this help and exit
-  -v, --version   output version information and exit
-  --run           try to run the given command, and emulate it if it fails
-
-Supported PROGRAM values:
-  aclocal      touch file \`aclocal.m4'
-  autoconf     touch file \`configure'
-  autoheader   touch file \`config.h.in'
-  automake     touch all \`Makefile.in' files
-  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
-  flex         create \`lex.yy.c', if possible, from existing .c
-  help2man     touch the output file
-  lex          create \`lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  tar          try tar, gnutar, gtar, then tar without non-portable flags
-  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]"
-    ;;
-
-  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
-    echo "missing 0.4 - GNU automake"
-    ;;
-
-  -*)
-    echo 1>&2 "$0: Unknown \`$1' option"
-    echo 1>&2 "Try \`$0 --help' for more information"
-    exit 1
-    ;;
-
-  aclocal*)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
-         to install the \`Automake' and \`Perl' packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`${configure_ac}'.  You might want to install the
-         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
-         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case "$f" in
-      *:*) touch_files="$touch_files "`echo "$f" |
-				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
-
-  automake*)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
-         You might want to install the \`Automake' and \`Perl' packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-	   sed 's/\.am$/.in/' |
-	   while read f; do touch "$f"; done
-    ;;
-
-  autom4te)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and you do not seem to have it handy on your
-         system.  You might have modified some files without having the
-         proper tools for further handling them.
-         You can get \`$1Help2man' as part of \`Autoconf' from any GNU
-         archive site."
-
-    file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
-    test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
-    if test -f "$file"; then
-	touch $file
-    else
-	test -z "$file" || exec >$file
-	echo "#! /bin/sh"
-	echo "# Created by GNU Automake missing as a replacement of"
-	echo "#  $ $@"
-	echo "exit 0"
-	chmod +x $file
-	exit 1
-    fi
-    ;;
-
-  bison|yacc)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.y' file.  You may need the \`Bison' package
-         in order for those modifications to take effect.  You can get
-         \`Bison' from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.y)
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.c
-	    fi
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" y.tab.h
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f y.tab.h ]; then
-	echo >y.tab.h
-    fi
-    if [ ! -f y.tab.c ]; then
-	echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex|flex)
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.l' file.  You may need the \`Flex' package
-         in order for those modifications to take effect.  You can get
-         \`Flex' from any GNU archive site."
-    rm -f lex.yy.c
-    if [ $# -ne 1 ]; then
-        eval LASTARG="\${$#}"
-	case "$LASTARG" in
-	*.l)
-	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-	    if [ -f "$SRCFILE" ]; then
-	         cp "$SRCFILE" lex.yy.c
-	    fi
-	  ;;
-	esac
-    fi
-    if [ ! -f lex.yy.c ]; then
-	echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  help2man)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-	 you modified a dependency of a manual page.  You may need the
-	 \`Help2man' package in order for those modifications to take
-	 effect.  You can get \`Help2man' from any GNU archive site."
-
-    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
-    if test -z "$file"; then
-	file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
-    fi
-    if [ -f "$file" ]; then
-	touch $file
-    else
-	test -z "$file" || exec >$file
-	echo ".ab help2man is required to generate this page"
-	exit 1
-    fi
-    ;;
-
-  makeinfo)
-    if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then
-       # We have makeinfo, but it failed.
-       exit 1
-    fi
-
-    echo 1>&2 "\
-WARNING: \`$1' is missing on your system.  You should only need it if
-         you modified a \`.texi' or \`.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy \`make' (AIX,
-         DU, IRIX).  You might want to install the \`Texinfo' package or
-         the \`GNU make' package.  Grab either from any GNU archive site."
-    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
-    if test -z "$file"; then
-      file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
-    fi
-    touch $file
-    ;;
-
-  tar)
-    shift
-    if test -n "$run"; then
-      echo 1>&2 "ERROR: \`tar' requires --run"
-      exit 1
-    fi
-
-    # We have already tried tar in the generic part.
-    # Look for gnutar/gtar before invocation to avoid ugly error
-    # messages.
-    if (gnutar --version > /dev/null 2>&1); then
-       gnutar ${1+"$@"} && exit 0
-    fi
-    if (gtar --version > /dev/null 2>&1); then
-       gtar ${1+"$@"} && exit 0
-    fi
-    firstarg="$1"
-    if shift; then
-	case "$firstarg" in
-	*o*)
-	    firstarg=`echo "$firstarg" | sed s/o//`
-	    tar "$firstarg" ${1+"$@"} && exit 0
-	    ;;
-	esac
-	case "$firstarg" in
-	*h*)
-	    firstarg=`echo "$firstarg" | sed s/h//`
-	    tar "$firstarg" ${1+"$@"} && exit 0
-	    ;;
-	esac
-    fi
-
-    echo 1>&2 "\
-WARNING: I can't seem to be able to run \`tar' with the given arguments.
-         You may want to install GNU tar or Free paxutils, or check the
-         command line arguments."
-    exit 1
-    ;;
-
-  *)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and you do not seem to have it handy on your
-         system.  You might have modified some files without having the
-         proper tools for further handling them.  Check the \`README' file,
-         it often tells you about the needed prerequirements for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing \`$1' program."
-    exit 1
-    ;;
-esac
-
-exit 0
diff --git a/crypto/heimdal/mkinstalldirs b/crypto/heimdal/mkinstalldirs
deleted file mode 100755
index f9c37afd1b84..000000000000
--- a/crypto/heimdal/mkinstalldirs
+++ /dev/null
@@ -1,101 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-# Author: Noah Friedman <friedman@prep.ai.mit.edu>
-# Created: 1993-05-16
-# Public domain
-
-# $Id: mkinstalldirs,v 1.13 1999/01/05 03:18:55 bje Exp $
-
-errstatus=0
-dirmode=""
-
-usage="\
-Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..."
-
-# process command line arguments
-while test $# -gt 0 ; do
-   case "${1}" in
-     -h | --help | --h* )			# -h for help
-	echo "${usage}" 1>&2; exit 0 ;;
-     -m )					# -m PERM arg
-	shift
-	test $# -eq 0 && { echo "${usage}" 1>&2; exit 1; }
-	dirmode="${1}"
-	shift ;;
-     -- ) shift; break ;;			# stop option processing
-     -* ) echo "${usage}" 1>&2; exit 1 ;;	# unknown option
-     * )  break ;;				# first non-opt arg
-   esac
-done
-
-for file
-do
-  if test -d "$file"; then
-    shift
-  else
-    break
-  fi
-done
-
-case $# in
-0) exit 0 ;;
-esac
-
-case $dirmode in
-'')
-  if mkdir -p -- . 2>/dev/null; then
-    echo "mkdir -p -- $*"
-    exec mkdir -p -- "$@"
-  fi ;;
-*)
-  if mkdir -m "$dirmode" -p -- . 2>/dev/null; then
-    echo "mkdir -m $dirmode -p -- $*"
-    exec mkdir -m "$dirmode" -p -- "$@"
-  fi ;;
-esac
-
-for file
-do
-   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
-   shift
-
-   pathcomp=
-   for d
-   do
-     pathcomp="$pathcomp$d"
-     case "$pathcomp" in
-       -* ) pathcomp=./$pathcomp ;;
-     esac
-
-     if test ! -d "$pathcomp"; then
-	echo "mkdir $pathcomp"
-
-	mkdir "$pathcomp" || lasterr=$?
-
-	if test ! -d "$pathcomp"; then
-	  errstatus=$lasterr
-	else
-	  if test ! -z "$dirmode"; then
-	     echo "chmod $dirmode $pathcomp"
-
-	     lasterr=""
-	     chmod "$dirmode" "$pathcomp" || lasterr=$?
-
-	     if test ! -z "$lasterr"; then
-	       errstatus=$lasterr
-	     fi
-	  fi
-	fi
-     fi
-
-     pathcomp="$pathcomp/"
-   done
-done
-
-exit $errstatus
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 3
-# End:
-# mkinstalldirs ends here
diff --git a/crypto/heimdal/tools/Makefile b/crypto/heimdal/tools/Makefile
deleted file mode 100644
index af60c0aa8fd9..000000000000
--- a/crypto/heimdal/tools/Makefile
+++ /dev/null
@@ -1,575 +0,0 @@
-# Makefile.in generated by automake 1.6.3 from Makefile.am.
-# tools/Makefile.  Generated from Makefile.in by configure.
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-
-
-# $Id: Makefile.am,v 1.5 2001/01/29 06:56:33 assar Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
-SHELL = /bin/sh
-
-srcdir = .
-top_srcdir = ..
-
-prefix = /usr/heimdal
-exec_prefix = ${prefix}
-
-bindir = ${exec_prefix}/bin
-sbindir = ${exec_prefix}/sbin
-libexecdir = ${exec_prefix}/libexec
-datadir = ${prefix}/share
-sysconfdir = /etc
-sharedstatedir = ${prefix}/com
-localstatedir = /var/heimdal
-libdir = ${exec_prefix}/lib
-infodir = ${prefix}/info
-mandir = ${prefix}/man
-includedir = ${prefix}/include
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/heimdal
-pkglibdir = $(libdir)/heimdal
-pkgincludedir = $(includedir)/heimdal
-top_builddir = ..
-
-ACLOCAL = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run aclocal-1.6
-AUTOCONF = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoconf
-AUTOMAKE = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run automake-1.6
-AUTOHEADER = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run autoheader
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = /usr/bin/install -c
-INSTALL_PROGRAM = ${INSTALL}
-INSTALL_DATA = ${INSTALL} -m 644
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_SCRIPT = ${INSTALL}
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = s,x,x,
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = 
-host_triplet = i386-unknown-freebsd5.0
-
-EXEEXT = 
-OBJEXT = o
-PATH_SEPARATOR = :
-AIX_EXTRA_KAFS = 
-AMTAR = ${SHELL} /usr/home/nectar/devel/heimdal/missing --run tar
-AS = @AS@
-AWK = gawk
-CANONICAL_HOST = i386-unknown-freebsd5.0
-CATMAN = /usr/bin/nroff -mdoc $< > $@
-CATMANEXT = $$section
-CC = gcc 
-COMPILE_ET = compile_et
-CPP = gcc -E
-DBLIB =  
-DEPDIR = .deps
-DIR_com_err = 
-DIR_des = 
-DIR_roken = roken
-DLLTOOL = @DLLTOOL@
-ECHO = echo
-EXTRA_LIB45 = 
-GROFF = /usr/bin/groff
-INCLUDES_roken = -I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = 
-INSTALL_STRIP_PROGRAM = ${SHELL} $(install_sh) -c -s
-LEX = flex
-
-LEXLIB = -lfl
-LEX_OUTPUT_ROOT = lex.yy
-LIBTOOL = $(SHELL) $(top_builddir)/libtool
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = 
-LIB_NDBM = 
-LIB_com_err = -lcom_err
-LIB_com_err_a = 
-LIB_com_err_so = 
-LIB_des =  -lcrypto
-LIB_des_a =  -lcrypto
-LIB_des_appl =  -lcrypto
-LIB_des_so =  -lcrypto
-LIB_kdb = 
-LIB_otp = $(top_builddir)/lib/otp/libotp.la
-LIB_roken = $(top_builddir)/lib/vers/libvers.la $(top_builddir)/lib/roken/libroken.la $(LIB_crypt) $(LIB_dbopen)
-LIB_security = 
-LN_S = ln -s
-LTLIBOBJS =  copyhostent.lo ecalloc.lo emalloc.lo erealloc.lo estrdup.lo strlwr.lo strndup.lo strnlen.lo strsep_copy.lo strupr.lo
-NEED_WRITEAUTH_FALSE = 
-NEED_WRITEAUTH_TRUE = #
-NROFF = /usr/bin/nroff
-OBJDUMP = @OBJDUMP@
-PACKAGE = heimdal
-RANLIB = ranlib
-STRIP = strip
-VERSION = 0.4f
-VOID_RETSIGTYPE = 
-WFLAGS = -Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs
-WFLAGS_NOIMPLICITINT = 
-WFLAGS_NOUNUSED = 
-X_CFLAGS =  -I/usr/X11R6/include
-X_EXTRA_LIBS = 
-X_LIBS =  -L/usr/X11R6/lib
-X_PRE_LIBS =  -lSM -lICE
-YACC = bison -y
-am__include = include
-am__quote = 
-dpagaix_cflags = -D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce
-dpagaix_ldadd = -L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r
-dpagaix_ldflags = -Wl,-bI:dfspag.exp
-install_sh = /usr/home/nectar/devel/heimdal/install-sh
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = -lXau
-LIB_crypt = -lcrypt
-LIB_dbm_firstkey = 
-LIB_dbopen = 
-LIB_dlopen = 
-LIB_dn_expand = 
-LIB_el_init = -ledit
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = 
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = 
-LIB_getsockopt = 
-LIB_logout = -lutil
-LIB_logwtmp = -lutil
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = -lutil
-LIB_pidfile = 
-LIB_res_search = 
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = 
-LIB_socket = 
-LIB_syslog = 
-LIB_tgetent = -ltermcap
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = 
-LIB_hesiod = 
-
-INCLUDE_krb4 = 
-LIB_krb4 = 
-
-INCLUDE_openldap = 
-LIB_openldap = 
-
-INCLUDE_readline = 
-LIB_readline = $(top_builddir)/lib/editline/libel_compat.la $(LIB_el_init) $(LIB_tgetent)
-
-NROFF_MAN = groff -mandoc -Tascii
-
-#LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-	$(top_builddir)/lib/asn1/libasn1.la
-
-LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-#LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-EXTRA_DIST = krb5-config.1
-
-CLEANFILES = krb5-config
-
-bin_SCRIPTS = krb5-config
-
-man_MANS = krb5-config.1
-subdir = tools
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-SCRIPTS = $(bin_SCRIPTS)
-
-depcomp =
-am__depfiles_maybe =
-CFLAGS = -DINET6 -g -O2
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in:  Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  tools/Makefile
-Makefile:  $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(binSCRIPT_INSTALL) $$d$$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  case "$$ext" in \
-	    1*) ;; \
-	    *) ext='1' ;; \
-	  esac; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@list='$(DISTFILES)'; for file in $$list; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(SCRIPTS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-man
-
-install-exec-am: install-binSCRIPTS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-binSCRIPTS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-binSCRIPTS install-data install-data-am \
-	install-data-local install-exec install-exec-am install-info \
-	install-info-am install-man install-man1 install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool uninstall uninstall-am uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-local: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-krb5-config: krb5-config.in
-	sed	-e "s,@PACKAGE\@,$(PACKAGE),g" \
-		-e "s,@VERSION\@,$(VERSION),g" \
-		-e "s,@prefix\@,$(prefix),g" \
-		-e "s,@exec_prefix\@,$(exec_prefix),g" \
-		-e "s,@libdir\@,$(libdir),g" \
-		-e "s,@includedir\@,$(includedir),g" \
-		-e "s,@LIB_crypt\@,$(LIB_crypt),g" \
-		-e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \
-		-e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \
-		-e "s,@LIBS\@,$(LIBS),g" \
-		$(srcdir)/krb5-config.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tools/Makefile.am b/crypto/heimdal/tools/Makefile.am
deleted file mode 100644
index b7a9d24d8cdf..000000000000
--- a/crypto/heimdal/tools/Makefile.am
+++ /dev/null
@@ -1,26 +0,0 @@
-# $Id: Makefile.am,v 1.6 2002/09/09 22:29:26 joda Exp $
-
-include $(top_srcdir)/Makefile.am.common
-
-EXTRA_DIST = krb5-config.1
-
-CLEANFILES = krb5-config
-
-bin_SCRIPTS = krb5-config
-
-man_MANS = krb5-config.1
-
-krb5-config: krb5-config.in
-	sed	-e "s,@PACKAGE\@,$(PACKAGE),g" \
-		-e "s,@VERSION\@,$(VERSION),g" \
-		-e "s,@prefix\@,$(prefix),g" \
-		-e "s,@exec_prefix\@,$(exec_prefix),g" \
-		-e "s,@libdir\@,$(libdir),g" \
-		-e "s,@includedir\@,$(includedir),g" \
-		-e "s,@LIB_crypt\@,$(LIB_crypt),g" \
-		-e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \
-		-e "s,@INCLUDE_des\@,$(INCLUDE_des),g" \
-		-e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \
-		-e "s,@LIBS\@,$(LIBS),g" \
-		$(srcdir)/krb5-config.in > $@
-	chmod +x $@
diff --git a/crypto/heimdal/tools/Makefile.in b/crypto/heimdal/tools/Makefile.in
deleted file mode 100644
index e65c4224925b..000000000000
--- a/crypto/heimdal/tools/Makefile.in
+++ /dev/null
@@ -1,575 +0,0 @@
-# Makefile.in generated by automake 1.6.1 from Makefile.am.
-# @configure_input@
-
-# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
-# Free Software Foundation, Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# $Id: Makefile.am,v 1.6 2002/09/09 22:29:26 joda Exp $
-
-# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
-
-# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
-SHELL = @SHELL@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-datadir = @datadir@
-sysconfdir = @sysconfdir@
-sharedstatedir = @sharedstatedir@
-localstatedir = @localstatedir@
-libdir = @libdir@
-infodir = @infodir@
-mandir = @mandir@
-includedir = @includedir@
-oldincludedir = /usr/include
-pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ..
-
-ACLOCAL = @ACLOCAL@
-AUTOCONF = @AUTOCONF@
-AUTOMAKE = @AUTOMAKE@
-AUTOHEADER = @AUTOHEADER@
-
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_DATA = @INSTALL_DATA@
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = @program_transform_name@
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-host_alias = @host_alias@
-host_triplet = @host@
-
-EXEEXT = @EXEEXT@
-OBJEXT = @OBJEXT@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
-AMTAR = @AMTAR@
-AS = @AS@
-AWK = @AWK@
-CANONICAL_HOST = @CANONICAL_HOST@
-CATMAN = @CATMAN@
-CATMANEXT = @CATMANEXT@
-CC = @CC@
-COMPILE_ET = @COMPILE_ET@
-CPP = @CPP@
-DBLIB = @DBLIB@
-DEPDIR = @DEPDIR@
-DIR_com_err = @DIR_com_err@
-DIR_des = @DIR_des@
-DIR_roken = @DIR_roken@
-DLLTOOL = @DLLTOOL@
-ECHO = @ECHO@
-EXTRA_LIB45 = @EXTRA_LIB45@
-GROFF = @GROFF@
-INCLUDES_roken = @INCLUDES_roken@
-INCLUDE_ = @INCLUDE_@
-INCLUDE_des = @INCLUDE_des@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LEX = @LEX@
-
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBTOOL = @LIBTOOL@
-LIB_ = @LIB_@
-LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
-LIB_NDBM = @LIB_NDBM@
-LIB_com_err = @LIB_com_err@
-LIB_com_err_a = @LIB_com_err_a@
-LIB_com_err_so = @LIB_com_err_so@
-LIB_des = @LIB_des@
-LIB_des_a = @LIB_des_a@
-LIB_des_appl = @LIB_des_appl@
-LIB_des_so = @LIB_des_so@
-LIB_kdb = @LIB_kdb@
-LIB_otp = @LIB_otp@
-LIB_roken = @LIB_roken@
-LIB_security = @LIB_security@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
-NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NROFF = @NROFF@
-OBJDUMP = @OBJDUMP@
-PACKAGE = @PACKAGE@
-RANLIB = @RANLIB@
-STRIP = @STRIP@
-VERSION = @VERSION@
-VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
-WFLAGS = @WFLAGS@
-WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
-WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
-X_CFLAGS = @X_CFLAGS@
-X_EXTRA_LIBS = @X_EXTRA_LIBS@
-X_LIBS = @X_LIBS@
-X_PRE_LIBS = @X_PRE_LIBS@
-YACC = @YACC@
-am__include = @am__include@
-am__quote = @am__quote@
-dpagaix_cflags = @dpagaix_cflags@
-dpagaix_ldadd = @dpagaix_ldadd@
-dpagaix_ldflags = @dpagaix_ldflags@
-install_sh = @install_sh@
-
-AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
-
-SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
-
-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
-
-@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
-
-AM_CFLAGS = $(WFLAGS)
-
-CP = cp
-
-buildinclude = $(top_builddir)/include
-
-LIB_XauReadAuth = @LIB_XauReadAuth@
-LIB_crypt = @LIB_crypt@
-LIB_dbm_firstkey = @LIB_dbm_firstkey@
-LIB_dbopen = @LIB_dbopen@
-LIB_dlopen = @LIB_dlopen@
-LIB_dn_expand = @LIB_dn_expand@
-LIB_el_init = @LIB_el_init@
-LIB_getattr = @LIB_getattr@
-LIB_gethostbyname = @LIB_gethostbyname@
-LIB_getpwent_r = @LIB_getpwent_r@
-LIB_getpwnam_r = @LIB_getpwnam_r@
-LIB_getsockopt = @LIB_getsockopt@
-LIB_logout = @LIB_logout@
-LIB_logwtmp = @LIB_logwtmp@
-LIB_odm_initialize = @LIB_odm_initialize@
-LIB_openpty = @LIB_openpty@
-LIB_pidfile = @LIB_pidfile@
-LIB_res_search = @LIB_res_search@
-LIB_setpcred = @LIB_setpcred@
-LIB_setsockopt = @LIB_setsockopt@
-LIB_socket = @LIB_socket@
-LIB_syslog = @LIB_syslog@
-LIB_tgetent = @LIB_tgetent@
-
-HESIODLIB = @HESIODLIB@
-HESIODINCLUDE = @HESIODINCLUDE@
-INCLUDE_hesiod = @INCLUDE_hesiod@
-LIB_hesiod = @LIB_hesiod@
-
-INCLUDE_krb4 = @INCLUDE_krb4@
-LIB_krb4 = @LIB_krb4@
-
-INCLUDE_openldap = @INCLUDE_openldap@
-LIB_openldap = @LIB_openldap@
-
-INCLUDE_readline = @INCLUDE_readline@
-LIB_readline = @LIB_readline@
-
-NROFF_MAN = groff -mandoc -Tascii
-
-LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
-@KRB5_TRUE@	$(top_builddir)/lib/asn1/libasn1.la
-
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
-
-@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
-
-EXTRA_DIST = krb5-config.1
-
-CLEANFILES = krb5-config
-
-bin_SCRIPTS = krb5-config
-
-man_MANS = krb5-config.1
-subdir = tools
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/include/config.h
-CONFIG_CLEAN_FILES =
-SCRIPTS = $(bin_SCRIPTS)
-
-depcomp =
-am__depfiles_maybe =
-CFLAGS = @CFLAGS@
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
-	$(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-DIST_SOURCES =
-MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  tools/Makefile
-Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in  $(top_builddir)/config.status
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
-install-binSCRIPTS: $(bin_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(bindir)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f="`echo $$p|sed '$(transform)'`"; \
-	  if test -f $$p; then \
-	    echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f; \
-	  elif test -f $(srcdir)/$$p; then \
-	    echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f"; \
-	    $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f; \
-	  else :; fi; \
-	done
-
-uninstall-binSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f="`echo $$p|sed '$(transform)'`"; \
-	  echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
-	  rm -f $(DESTDIR)$(bindir)/$$f; \
-	done
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-
-distclean-libtool:
-	-rm -f libtool
-uninstall-info-am:
-
-man1dir = $(mandir)/man1
-install-man1: $(man1_MANS) $(man_MANS)
-	@$(NORMAL_INSTALL)
-	$(mkinstalldirs) $(DESTDIR)$(man1dir)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
-	  else file=$$i; fi; \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
-	  $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
-	done
-uninstall-man1:
-	@$(NORMAL_UNINSTALL)
-	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
-	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
-	for i in $$l2; do \
-	  case "$$i" in \
-	    *.1*) list="$$list $$i" ;; \
-	  esac; \
-	done; \
-	for i in $$list; do \
-	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
-	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
-	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
-	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
-	  echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
-	  rm -f $(DESTDIR)$(man1dir)/$$inst; \
-	done
-tags: TAGS
-TAGS:
-
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-
-top_distdir = ..
-distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
-
-distdir: $(DISTFILES)
-	@for file in $(DISTFILES); do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
-	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
-	    dir="/$$dir"; \
-	    $(mkinstalldirs) "$(distdir)$$dir"; \
-	  else \
-	    dir=''; \
-	  fi; \
-	  if test -d $$d/$$file; then \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
-	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
-	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
-	    || exit 1; \
-	  fi; \
-	done
-	$(MAKE) $(AM_MAKEFLAGS) \
-	  top_distdir="${top_distdir}" distdir="$(distdir)" \
-	  dist-hook
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-local
-check: check-am
-all-am: Makefile $(SCRIPTS) $(MANS) all-local
-
-installdirs:
-	$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
-
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
-
-distclean-am: clean-am distclean-generic distclean-libtool
-
-dvi: dvi-am
-
-dvi-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
-install-exec-am: install-binSCRIPTS
-	@$(NORMAL_INSTALL)
-	$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
-
-install-info: install-info-am
-
-install-man: install-man1
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-uninstall-am: uninstall-binSCRIPTS uninstall-info-am uninstall-man
-
-uninstall-man: uninstall-man1
-
-.PHONY: all all-am all-local check check-am check-local clean \
-	clean-generic clean-libtool distclean distclean-generic \
-	distclean-libtool distdir dvi dvi-am info info-am install \
-	install-am install-binSCRIPTS install-data install-data-am \
-	install-exec install-exec-am install-info install-info-am \
-	install-man install-man1 install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-generic \
-	mostlyclean-libtool uninstall uninstall-am uninstall-binSCRIPTS \
-	uninstall-info-am uninstall-man uninstall-man1
-
-
-install-suid-programs:
-	@foo='$(bin_SUIDS)'; \
-	for file in $$foo; do \
-	x=$(DESTDIR)$(bindir)/$$file; \
-	if chown 0:0 $$x && chmod u+s $$x; then :; else \
-	echo "*"; \
-	echo "* Failed to install $$x setuid root"; \
-	echo "*"; \
-	fi; done
-
-install-exec-hook: install-suid-programs
-
-install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
-	@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
-	for f in $$foo; do \
-		f=`basename $$f`; \
-		if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
-		else file="$$f"; fi; \
-		if cmp -s  $$file $(buildinclude)/$$f 2> /dev/null ; then \
-		: ; else \
-			echo " $(CP) $$file $(buildinclude)/$$f"; \
-			$(CP) $$file $(buildinclude)/$$f; \
-		fi ; \
-	done
-
-all-local: install-build-headers
-
-check-local::
-	@if test '$(CHECK_LOCAL)'; then \
-	  foo='$(CHECK_LOCAL)'; else \
-	  foo='$(PROGRAMS)'; fi; \
-	  if test "$$foo"; then \
-	  failed=0; all=0; \
-	  for i in $$foo; do \
-	    all=`expr $$all + 1`; \
-	    if ./$$i --version > /dev/null 2>&1; then \
-	      echo "PASS: $$i"; \
-	    else \
-	      echo "FAIL: $$i"; \
-	      failed=`expr $$failed + 1`; \
-	    fi; \
-	  done; \
-	  if test "$$failed" -eq 0; then \
-	    banner="All $$all tests passed"; \
-	  else \
-	    banner="$$failed of $$all tests failed"; \
-	  fi; \
-	  dashes=`echo "$$banner" | sed s/./=/g`; \
-	  echo "$$dashes"; \
-	  echo "$$banner"; \
-	  echo "$$dashes"; \
-	  test "$$failed" -eq 0; \
-	fi
-
-.x.c:
-	@cmp -s $< $@ 2> /dev/null || cp $< $@
-#NROFF_MAN = nroff -man
-.1.cat1:
-	$(NROFF_MAN) $< > $@
-.3.cat3:
-	$(NROFF_MAN) $< > $@
-.5.cat5:
-	$(NROFF_MAN) $< > $@
-.8.cat8:
-	$(NROFF_MAN) $< > $@
-
-dist-cat1-mans:
-	@foo='$(man1_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.1) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat3-mans:
-	@foo='$(man3_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.3) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat5-mans:
-	@foo='$(man5_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.5) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-cat8-mans:
-	@foo='$(man8_MANS)'; \
-	bar='$(man_MANS)'; \
-	for i in $$bar; do \
-	case $$i in \
-	*.8) foo="$$foo $$i";; \
-	esac; done ;\
-	for i in $$foo; do \
-		x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
-		echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
-		$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
-	done
-
-dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-
-install-cat-mans:
-	$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
-
-install-data-hook: install-cat-mans
-
-.et.h:
-	$(COMPILE_ET) $<
-.et.c:
-	$(COMPILE_ET) $<
-
-krb5-config: krb5-config.in
-	sed	-e "s,@PACKAGE\@,$(PACKAGE),g" \
-		-e "s,@VERSION\@,$(VERSION),g" \
-		-e "s,@prefix\@,$(prefix),g" \
-		-e "s,@exec_prefix\@,$(exec_prefix),g" \
-		-e "s,@libdir\@,$(libdir),g" \
-		-e "s,@includedir\@,$(includedir),g" \
-		-e "s,@LIB_crypt\@,$(LIB_crypt),g" \
-		-e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \
-		-e "s,@INCLUDE_des\@,$(INCLUDE_des),g" \
-		-e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \
-		-e "s,@LIBS\@,$(LIBS),g" \
-		$(srcdir)/krb5-config.in > $@
-	chmod +x $@
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/crypto/heimdal/tools/build.sh b/crypto/heimdal/tools/build.sh
deleted file mode 100755
index fad860836dbb..000000000000
--- a/crypto/heimdal/tools/build.sh
+++ /dev/null
@@ -1,212 +0,0 @@
-#!/bin/sh
-#
-# Build many combinations of kth-krb/heimdal/openssl
-#
-# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $
-
-opt_n= #:
-make_f= #-j
-
-heimdal_versions="0.5.2 0.6pre4"
-krb4_versions="1.2.2"
-openssl_versions="0.9.6i 0.9.7a 0.9.7b"
-
-make_check_version=".*heimdal-0.6.*"
-
-# 0.5 dont eat 0.9.7
-dont_build="openssl-0.9.7.*heimdal-0.5.*"
-# 1.2 dont eat 0.9.7
-dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}"
-#yacc problems
-dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}"
-#local openssl 09.7 and broken kuser/Makefile.am
-dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}" 
-failed=
-
-# Allow override
-for a in $HOME . /etc ; do 
-    [ -f $a/.heimdal-build ] && . $a/.heimdal-build
-done
-
-targetdir=${targetdir:-/scratch/heimdal-test}
-logfile="${targetdir}/buildlog"
-
-distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src"
-
-
-logprint () {
-    d=`date '+%Y-%m-%d %H:%M:%S'`
-    echo "${d}: $*"
-    echo "${d}: --- $*" >> ${logfile}
-}
-
-logerror () {
-    echo "$*"
-    exit 1
-}
-
-find_unzip_prog () {
-    unzip_prog=
-    oldIFS="$IFS"
-    IFS=:
-    set -- $PATH
-    IFS="$oldIFS"
-    for a in $* ; do
-	if [ -x $a/gzip ] ; then
-	    unzip_prog="$a/gzip -dc"
-	    break
-	elif [ -x $a/gunzip ] ; then
-	    unzip_prog="$a/gunzip -c"
-	    break
-	fi
-    done
-    [ "$unzip_prog" = "" ] && logerror failed to find unzip program
-}
-
-find_canon_name () {
-    canon_name=
-    for a in ${distdirs} ; do
-	if [ -f $a/config.guess ] ; then
-	    canon_name=`$a/config.guess`
-	fi
-	if [ "${canon_name}" != "" ] ; then
-	    break
-	fi
-    done
-    [ "${canon_name}" = "" ] && logerror "cant find config.guess"
-}
-
-do_check_p () {
-    eval check_var=\$"$1"
-    for a in ${check_var} ; do
-	expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1
-    done
-    return 0
-}
-
-unpack_tar () {
-    for a in ${distdirs} ; do
-	if [ -f $a/$1 ] ; then
-	    ${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf -
-	    return 0
-	fi
-    done
-    logerror "did not find $1"
-}
-
-build () {
-    real_ver=$1
-    prog=$2
-    ver=$3
-    confprog=$4
-    checks=$5
-    pv=${prog}-${ver}
-    mkdir tmp || logerror "failed to build tmpdir"
-    cd tmp || logerror "failed to change dir to tmpdir"
-    do_check_p dont_build ${real_ver} || \
-	{ cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; }
-    cd .. || logerror "failed to change back from tmpdir"
-    rmdir tmp || logerror "failed to remove tmpdir"
-    logprint "preparing for ${pv}"
-    ${opt_n} rm -rf ${targetdir}/${prog}-${ver}
-    ${opt_n} rm -rf ${prog}-${ver}
-    unpack_tar ${pv}.tar.gz
-    ${opt_n} cd ${pv} || logerror directory ${pv} not there
-    logprint "configure ${prog} ${ver} (${confprog})"
-    ${opt_n} ./${confprog} \
-	--prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \
-	    { logprint failed to configure ${pv} ; return 1 ; }
-    logprint "make ${prog} ${ver}"
-    ${opt_n} make ${make_f} >> ${logfile} 2>&1 || \
-	{ logprint failed to make ${pv} ; return 1 ; }
-    ${opt_n} make install >> ${logfile} 2>&1 || \
-	{ logprint failed to install ${pv} ; return 1 ; }
-    do_check_p make_check_version ${real_ver} || \
-    	{ ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; }
-    ${opt_n} cd ..
-    [ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1
-    return 0
-}
-
-find_canon_name
-
-logprint using host `hostname`
-logprint `uname -a`
-logprint canonical name ${canon_name}
-
-logprint clearing logfile
-> ${logfile}
-
-find_unzip_prog
-
-logprint using target dir ${targetdir}
-mkdir -p ${targetdir}/src
-cd ${targetdir}/src || exit 1
-rm -rf heimdal* openssl* krb4*
-
-logprint === building openssl versions
-for vo in ${openssl_versions} ; do
-    build openssl-${vo} openssl $vo config
-done
-
-wssl="--with-openssl=${targetdir}/openssl"
-wssli="--with-openssl-include=${targetdir}/openssl"	#this is a hack for broken heimdal 0.5.x autoconf test
-wossl="--without-openssl"
-wk4c="--with-krb4-config=${targetdir}/krb4"
-bk4c="/bin/krb4-config"
-wok4="--without-krb4"
-
-logprint === building heimdal w/o krb4 versions
-for vo in ${openssl_versions} ; do
-    for vh in ${heimdal_versions} ; do
-	v="openssl-${vo}-heimdal-${vh}"
-	build "${v}" \
-	    heimdal ${vh} \
-	    "configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \
-	    "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \
-	    { failed="${failed} ${v}" ; logprint ${v} failed ; }
-    done
-done
-
-logprint === building krb4
-for vo in ${openssl_versions} ; do
-    for vk in ${krb4_versions} ; do
-	v="openssl-${vo}-krb4-${vk}"
-	build "${v}" \
-	    krb4 ${vk} \
-	    "configure ${wssl}-${vo}" \
-	    "${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \
-	    { failed="${failed} ${v}" ; logprint ${v} failed ; }
-    done
-done
-
-logprint === building heimdal with krb4 versions
-for vo in ${openssl_versions} ; do
-    for vk in ${krb4_versions} ; do
-	for vh in ${heimdal_versions} ; do
-	    v="openssl-${vo}-krb4-${vk}-heimdal-${vh}"
-	    build "${v}" \
-		heimdal ${vh} \
-		"configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \
-		"${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \
-		 || \
-	    { failed="${failed} ${v}" ; logprint ${v} failed ; }
-	done
-    done
-done
-
-logprint === building heimdal without krb4 and openssl versions
-for vh in ${heimdal_versions} ; do
-    v="des-heimdal-${vh}"
-    build "${v}" \
-	heimdal ${vh} \
-	"configure ${wok4} ${wossl}" || \
-	{ failed="${failed} ${v}" ; logprint ${v} failed ; }
-done
-
-logprint all done
-[ "${failed}" != "" ] && logprint "failed: ${failed}"
-exit 0
diff --git a/crypto/heimdal/tools/krb5-config.1 b/crypto/heimdal/tools/krb5-config.1
deleted file mode 100644
index 222b760f84a0..000000000000
--- a/crypto/heimdal/tools/krb5-config.1
+++ /dev/null
@@ -1,90 +0,0 @@
-.\" Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
-.\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
-.\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
-.\" 
-.\" $Id: krb5-config.1,v 1.5 2003/02/16 21:10:32 lha Exp $
-.\"
-.Dd November 30, 2000
-.Dt KRB5-CONFIG 1
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5-config
-.Nd "give information on how to link code against Heimdal libraries"
-.Sh SYNOPSIS
-.Nm
-.Op Fl -prefix Ns Op = Ns Ar dir
-.Op Fl -exec-prefix Ns Op = Ns Ar dir
-.Op Fl -libs
-.Op Fl -cflags
-.Op Ar libraries
-.Sh DESCRIPTION
-.Nm
-tells the application programmer what special flags to use to compile
-and link programs against the libraries installed by Heimdal.
-.Pp
-Options supported:
-.Bl -tag -width Ds
-.It Fl -prefix Ns Op = Ns Ar dir
-Print the prefix if no
-.Ar dir
-is specified, otherwise set prefix to
-.Ar dir .
-.It Fl -exec-prefix Ns Op = Ns Ar dir
-Print the exec-prefix if no
-.Ar dir
-is specified, otherwise set exec-prefix to
-.Ar dir .
-.It Fl -libs
-Output the set of libraries that should be linked against.
-.It Fl -cflags
-Output the set of flags to give to the C compiler when using the
-Heimdal libraries.
-.El
-.Pp
-By default
-.Nm
-will output the set of flags and libraries to be used by a normal
-program using the krb5 API.  The user can also supply a library to be
-used, the supported ones are:
-.Bl -tag -width Ds
-.It krb5
-(the default)
-.It gssapi
-use the krb5 gssapi mechanism
-.It kadm-client
-use the client-side kadmin libraries
-.It kadm-server
-use the server-side kadmin libraries
-.El
-.Sh SEE ALSO
-.Xr cc 1
-.Sh HISTORY
-.Nm
-appeared in Heimdal 0.3d.
diff --git a/crypto/heimdal/tools/krb5-config.cat1 b/crypto/heimdal/tools/krb5-config.cat1
deleted file mode 100644
index 461e8ca4366a..000000000000
--- a/crypto/heimdal/tools/krb5-config.cat1
+++ /dev/null
@@ -1,51 +0,0 @@
-KRB5-CONFIG(1)              NetBSD Reference Manual             KRB5-CONFIG(1)
-
-NNAAMMEE
-     kkrrbb55--ccoonnffiigg - give information on how to link code against Heimdal li-
-     braries
-
-SSYYNNOOPPSSIISS
-     kkrrbb55--ccoonnffiigg [----pprreeffiixx[=_d_i_r]] [----eexxeecc--pprreeffiixx[=_d_i_r]] [----lliibbss] [----ccffllaaggss]
-     [_l_i_b_r_a_r_i_e_s]
-
-DDEESSCCRRIIPPTTIIOONN
-     kkrrbb55--ccoonnffiigg tells the application programmer what special flags to use to
-     compile and link programs against the libraries installed by Heimdal.
-
-     Options supported:
-
-     ----pprreeffiixx[=_d_i_r]
-             Print the prefix if no _d_i_r is specified, otherwise set prefix to
-             _d_i_r.
-
-     ----eexxeecc--pprreeffiixx[=_d_i_r]
-             Print the exec-prefix if no _d_i_r is specified, otherwise set exec-
-             prefix to _d_i_r.
-
-     ----lliibbss  Output the set of libraries that should be linked against.
-
-     ----ccffllaaggss
-             Output the set of flags to give to the C compiler when using the
-             Heimdal libraries.
-
-     By default kkrrbb55--ccoonnffiigg will output the set of flags and libraries to be
-     used by a normal program using the krb5 API.  The user can also supply a
-     library to be used, the supported ones are:
-
-     krb5    (the default)
-
-     gssapi  use the krb5 gssapi mechanism
-
-     kadm-client
-             use the client-side kadmin libraries
-
-     kadm-server
-             use the server-side kadmin libraries
-
-SSEEEE AALLSSOO
-     cc(1)
-
-HHIISSTTOORRYY
-     kkrrbb55--ccoonnffiigg appeared in Heimdal 0.3d.
-
- HEIMDAL                       November 30, 2000                             1
diff --git a/crypto/heimdal/tools/krb5-config.in b/crypto/heimdal/tools/krb5-config.in
deleted file mode 100755
index bdaa39754b56..000000000000
--- a/crypto/heimdal/tools/krb5-config.in
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/sh
-# $Id: krb5-config.in,v 1.9 2002/09/09 22:29:06 joda Exp $
-
-do_libs=no
-do_cflags=no
-do_usage=no
-print_prefix=no
-print_exec_prefix=no
-library=krb5
-
-if test $# -eq 0; then
-  do_usage=yes
-  usage_exit=1
-fi
-
-for i in $*; do
-  case $i in
-  --help)
-    do_usage=yes
-    usage_exit=0
-    ;;
-  --version)
-    echo "@PACKAGE@ @VERSION@"
-    echo '$Id: krb5-config.in,v 1.9 2002/09/09 22:29:06 joda Exp $'
-    exit 0
-    ;;
-  --prefix=*)
-    prefix=`echo $i | sed 's/^--prefix=//'`
-    ;;
-  --prefix)
-    print_prefix=yes
-    ;;
-  --exec-prefix=*)
-    exec_prefix=`echo $i | sed 's/^--exec-prefix=//'`
-    ;;
-  --exec-prefix)
-    print_exec_prefix=yes
-    ;;
-  --libs)
-    do_libs=yes
-    ;;
-  --cflags)
-    do_cflags=yes
-    ;;
-  krb5)
-    library=krb5
-    ;;
-  gssapi)
-    library=gssapi
-    ;;
-  kadm-client)
-    library=kadm-client
-    ;;
-  kadm-server)
-    library=kadm-server
-    ;;
-  *)
-    echo "unknown option: $i"
-    exit 1
-    ;;
-  esac
-done
-
-if test "$do_usage" = "yes"; then
-    echo "usage: $0 [options] [libraries]"
-    echo "options: [--prefix[=dir]] [--exec-prefix[=dir]] [--libs] [--cflags]"
-    echo "libraries: krb5 gssapi kadm-client kadm-server"
-    exit $usage_exit
-fi
-
-if test "$prefix" = ""; then
-  prefix=@prefix@
-fi
-if test "$exec_prefix" = ""; then
-  exec_prefix=@exec_prefix@
-fi
-
-libdir=@libdir@
-includedir=@includedir@
-
-if test "$print_prefix" = "yes"; then
-    echo $prefix
-fi
-
-if test "$print_exec_prefix" = "yes"; then
-    echo $exec_prefix
-fi
-
-if test "$do_libs" = "yes"; then
-    lib_flags="-L${libdir}"
-    case $library in
-    gssapi)
-	lib_flags="$lib_flags -lgssapi"
-	;;
-    kadm-client)
-	lib_flags="$lib_flags -lkadm5clnt"
-	;;
-    kadm-server)
-	lib_flags="$lib_flags -lkadm5srv"
-	;;
-    esac
-    lib_flags="$lib_flags -lkrb5 -lasn1 @LIB_des_appl@ -lroken"
-    lib_flags="$lib_flags @LIB_crypt@ @LIB_dbopen@ @LIBS@"
-    echo $lib_flags
-fi
-if test "$do_cflags" = "yes"; then
-    echo "-I${includedir} @INCLUDE_des@"
-fi
-
-exit 0
diff --git a/crypto/heimdal/ylwrap b/crypto/heimdal/ylwrap
deleted file mode 100755
index 5ea68e4fcd33..000000000000
--- a/crypto/heimdal/ylwrap
+++ /dev/null
@@ -1,143 +0,0 @@
-#! /bin/sh
-# ylwrap - wrapper for lex/yacc invocations.
-# Copyright 1996, 1997, 1998, 1999 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Usage:
-#     ylwrap INPUT [OUTPUT DESIRED]... -- PROGRAM [ARGS]...
-# * INPUT is the input file
-# * OUTPUT is file PROG generates
-# * DESIRED is file we actually want
-# * PROGRAM is program to run
-# * ARGS are passed to PROG
-# Any number of OUTPUT,DESIRED pairs may be used.
-
-# The input.
-input="$1"
-shift
-case "$input" in
- [\\/]* | ?:[\\/]*)
-    # Absolute path; do nothing.
-    ;;
- *)
-    # Relative path.  Make it absolute.
-    input="`pwd`/$input"
-    ;;
-esac
-
-# The directory holding the input.
-input_dir=`echo "$input" | sed -e 's,\([\\/]\)[^\\/]*$,\1,'`
-# Quote $INPUT_DIR so we can use it in a regexp.
-# FIXME: really we should care about more than `.' and `\'.
-input_rx=`echo "$input_dir" | sed -e 's,\\\\,\\\\\\\\,g' -e 's,\\.,\\\\.,g'`
-
-echo "got $input_rx"
-
-pairlist=
-while test "$#" -ne 0; do
-   if test "$1" = "--"; then
-      shift
-      break
-   fi
-   pairlist="$pairlist $1"
-   shift
-done
-
-# The program to run.
-prog="$1"
-shift
-# Make any relative path in $prog absolute.
-case "$prog" in
- [\\/]* | ?:[\\/]*) ;;
- *[\\/]*) prog="`pwd`/$prog" ;;
-esac
-
-# FIXME: add hostname here for parallel makes that run commands on
-# other machines.  But that might take us over the 14-char limit.
-dirname=ylwrap$$
-trap "cd `pwd`; rm -rf $dirname > /dev/null 2>&1" 1 2 3 15
-mkdir $dirname || exit 1
-
-cd $dirname
-
-$prog ${1+"$@"} "$input"
-status=$?
-
-if test $status -eq 0; then
-   set X $pairlist
-   shift
-   first=yes
-   # Since DOS filename conventions don't allow two dots,
-   # the DOS version of Bison writes out y_tab.c instead of y.tab.c
-   # and y_tab.h instead of y.tab.h. Test to see if this is the case.
-   y_tab_nodot="no"
-   if test -f y_tab.c || test -f y_tab.h; then
-      y_tab_nodot="yes"
-   fi
-
-   while test "$#" -ne 0; do
-      from="$1"
-      # Handle y_tab.c and y_tab.h output by DOS
-      if test $y_tab_nodot = "yes"; then
-	 if test $from = "y.tab.c"; then
-	    from="y_tab.c"
-	 else
-	    if test $from = "y.tab.h"; then
-	       from="y_tab.h"
-	    fi
-	 fi
-      fi
-      if test -f "$from"; then
-         # If $2 is an absolute path name, then just use that,
-         # otherwise prepend `../'.
-         case "$2" in
-	   [\\/]* | ?:[\\/]*) target="$2";;
-	   *) target="../$2";;
-	 esac
-
-	 # Edit out `#line' or `#' directives.  We don't want the
-	 # resulting debug information to point at an absolute srcdir;
-	 # it is better for it to just mention the .y file with no
-	 # path.
-	 sed -e "/^#/ s,$input_rx,," "$from" > "$target" || status=$?
-      else
-	 # A missing file is only an error for the first file.  This
-	 # is a blatant hack to let us support using "yacc -d".  If -d
-	 # is not specified, we don't want an error when the header
-	 # file is "missing".
-	 if test $first = yes; then
-	    status=1
-	 fi
-      fi
-      shift
-      shift
-      first=no
-   done
-else
-   status=$?
-fi
-
-# Remove the directory.
-cd ..
-rm -rf $dirname
-
-exit $status